From 6b200bc335dc93c5516ccb52f14bd896d8c7fad7 Mon Sep 17 00:00:00 2001 From: Apple Date: Wed, 29 Mar 2017 20:03:44 +0000 Subject: [PATCH] Security-57740.51.3.tar.gz --- .../lib/security_cssm.exp => CSSMOID.exp-in | 248 +- CircleJoinRequested/Applicant.m | 13 +- CircleJoinRequested/CircleJoinRequested.m | 13 +- ...KeychainSyncingProxy+IDSProxySendMessage.m | 306 - KVSKeychainSyncingProxy/CKDAKSLockMonitor.h | 27 + KVSKeychainSyncingProxy/CKDAKSLockMonitor.m | 93 + KVSKeychainSyncingProxy/CKDAccount.h | 2 + KVSKeychainSyncingProxy/CKDKVSProxy.h | 51 +- KVSKeychainSyncingProxy/CKDKVSProxy.m | 744 +- KVSKeychainSyncingProxy/CKDKVSStore.m | 26 +- KVSKeychainSyncingProxy/CKDLockMonitor.h | 24 + KVSKeychainSyncingProxy/CKDPersistentState.h | 43 - KVSKeychainSyncingProxy/CKDPersistentState.m | 133 - KVSKeychainSyncingProxy/CKDSecuritydAccount.h | 2 + KVSKeychainSyncingProxy/CKDSecuritydAccount.m | 12 + .../XPCNotificationDispatcher.h | 24 + .../XPCNotificationDispatcher.m | 102 + .../cloudkeychain.entitlements.plist | 4 +- KVSKeychainSyncingProxy/cloudkeychainproxy.m | 201 +- Keychain/AppDelegate.h | 15 - Keychain/AppDelegate.m | 46 - Keychain/CircleStatusView.h | 25 - Keychain/CircleStatusView.m | 75 - Keychain/Default-568h@2x.png | Bin 18594 -> 0 bytes Keychain/Default.png | Bin 6540 -> 0 bytes Keychain/Default@2x.png | Bin 16107 -> 0 bytes Keychain/DeviceItemCell.h | 14 - Keychain/DeviceItemCell.m | 32 - Keychain/DeviceTableViewController.h | 20 - Keychain/DeviceTableViewController.m | 180 - Keychain/DeviceViewController.h | 13 - Keychain/DeviceViewController.m | 38 - Keychain/EditItemViewController.h | 22 - Keychain/EditItemViewController.m | 94 - Keychain/FirstViewController.h | 13 - Keychain/FirstViewController.m | 29 - Keychain/KCAItemDetailViewController.h | 22 - Keychain/KCAItemDetailViewController.m | 65 - Keychain/KCATableViewController.h | 26 - Keychain/KCATableViewController.m | 312 - Keychain/Keychain-Entitlements.plist | 17 - Keychain/Keychain-Info.plist | 70 - Keychain/KeychainItemCell.h | 23 - Keychain/KeychainItemCell.m | 49 - Keychain/KeychainKeys.png | Bin 15193 -> 0 bytes Keychain/Keychain_114x114.png | Bin 17059 -> 0 bytes Keychain/Keychain_144x144.png | Bin 22702 -> 0 bytes Keychain/Keychain_57x57.png | Bin 8097 -> 0 bytes Keychain/Keychain_72x72.png | Bin 10006 -> 0 bytes Keychain/MyKeychain.h | 26 - Keychain/MyKeychain.m | 347 - Keychain/NewPasswordViewController.h | 20 - Keychain/NewPasswordViewController.m | 62 - Keychain/PeerListCell.h | 16 - Keychain/PeerListCell.m | 34 - Keychain/SyncViewController.h | 34 - Keychain/SyncViewController.m | 252 - Keychain/ToolsViewController.h | 25 - Keychain/ToolsViewController.m | 179 - Keychain/first.png | Bin 253 -> 0 bytes Keychain/first@2x.png | Bin 402 -> 0 bytes Keychain/main.m | 18 - Keychain/second.png | Bin 128 -> 0 bytes Keychain/second@2x.png | Bin 130 -> 0 bytes Keychain/utilities.c | 54 - Keychain/utilities.h | 34 - .../KeychainSyncAccountNotification.m | 21 +- .../IDSPersistentState.h | 3 +- .../IDSPersistentState.m | 9 +- .../IDSProxy.h | 22 +- .../IDSProxy.m | 265 +- ...ychainSyncingOverIDSProxy+ReceiveMessage.h | 2 +- ...ychainSyncingOverIDSProxy+ReceiveMessage.m | 286 +- .../KeychainSyncingOverIDSProxy+SendMessage.h | 9 +- .../KeychainSyncingOverIDSProxy+SendMessage.m | 474 + .../KeychainSyncingOverIDSProxy+Throttle.h | 2 +- .../KeychainSyncingOverIDSProxy+Throttle.m | 72 +- .../KeychainSyncingOverIDSProxy-Info.plist | 2 +- ...com.apple.private.alloy.keychainsync.plist | Bin 0 -> 458 bytes ...rity.keychainsyncingoveridsproxy.ios.plist | 8 +- ...rity.keychainsyncingoveridsproxy.osx.plist | 8 +- .../en.lproj/InfoPlist.strings | 0 ...hainsyncingoveridsproxy.entitlements.plist | 4 +- .../keychainsyncingoveridsproxy.m | 108 +- Modules/Security.macOS.modulemap | 1 - OSX/Breadcrumb/SecBreadcrumb.c | 50 +- OSX/Breadcrumb/SecBreadcrumb.h | 29 +- OSX/Breadcrumb/bc-10-knife-on-bread.m | 21 +- .../KNAppDelegate.h | 2 + .../KNAppDelegate.m | 466 +- .../KNPersistentState.m | 11 +- .../NSDictionary+compactDescription.m | 2 +- ...ecurity.keychain-circle-notification.plist | 5 + .../entitlments.plist | 6 + OSX/Keychain/KDAppDelegate.m | 2 +- OSX/Keychain/KDSecCircle.m | 5 +- OSX/OSX.xcodeproj/project.pbxproj | 8071 --- OSX/asl/com.apple.securityd | 4 +- OSX/authd/authorization.plist | 25 + OSX/authd/main.c | 3 +- OSX/codesign_tests/CaspianTests/CaspianTests | 5 + OSX/config/base.xcconfig | 2 + OSX/config/command.xcconfig | 15 - OSX/config/debug.xcconfig | 2 + OSX/config/executable.xcconfig | 9 - OSX/config/release.xcconfig | 2 + OSX/config/security.xcconfig | 30 - OSX/config/security_framework_macos.xcconfig | 26 + OSX/config/security_macos.xcconfig | 31 + OSX/config/test.xcconfig | 4 - OSX/lib/dummy.cpp | 2 +- OSX/lib/en.lproj/FDELocalizable.strings | 30 - .../en.lproj/authorization.buttons.strings | 3 + ....dfr.prompts-BBBAA77A32-C4EBFEA440.strings | 3 + .../en.lproj/authorization.prompts.strings | 2 + OSX/lib/security.exp-in | 2907 -- OSX/libsecurity_apple_csp/lib/AppleCSP.cpp | 4 - OSX/libsecurity_apple_csp/lib/DH_keys.h | 2 +- OSX/libsecurity_apple_csp/lib/DH_utils.cpp | 6 +- OSX/libsecurity_apple_csp/lib/DH_utils.h | 2 +- OSX/libsecurity_apple_csp/lib/FEEKeys.cpp | 2 +- .../lib/FEESignatureObject.cpp | 2 +- OSX/libsecurity_apple_csp/lib/RSA_DSA_csp.cpp | 2 +- OSX/libsecurity_apple_csp/lib/RSA_DSA_keys.h | 4 +- .../lib/RSA_DSA_signature.h | 4 +- .../lib/RSA_DSA_utils.cpp | 8 +- OSX/libsecurity_apple_csp/lib/RSA_DSA_utils.h | 4 +- .../lib/RSA_asymmetric.h | 2 +- OSX/libsecurity_apple_csp/lib/bfContext.h | 2 +- OSX/libsecurity_apple_csp/lib/cssmplugin.exp | 4 - .../lib/opensshCoding.cpp | 4 +- OSX/libsecurity_apple_csp/lib/opensshCoding.h | 4 +- OSX/libsecurity_apple_csp/lib/opensshWrap.cpp | 4 +- .../lib/pkcs12Derive.cpp | 4 +- OSX/libsecurity_apple_csp/lib/rc2Context.cpp | 2 +- OSX/libsecurity_apple_csp/lib/rc2Context.h | 2 +- OSX/libsecurity_apple_csp/lib/rc5Context.cpp | 2 +- OSX/libsecurity_apple_csp/lib/rc5Context.h | 2 +- OSX/libsecurity_apple_csp/lib/wrapKey.cpp | 2 +- .../project.pbxproj | 1489 - .../open_ssl/bf/bf_ecb.c | 4 +- .../open_ssl/bf/bf_enc.c | 2 +- .../open_ssl/bf/bf_locl.h | 2 +- .../open_ssl/bf/bf_skey.c | 2 +- .../open_ssl/bio/bio_lib.c | 6 +- .../open_ssl/bio/bss_file.c | 4 +- .../open_ssl/bn/bn_ctx.c | 2 +- .../open_ssl/bn/bn_div.c | 2 +- .../open_ssl/bn/bn_err.c | 4 +- .../open_ssl/bn/bn_lcl.h | 2 +- .../open_ssl/bn/bn_print.c | 2 +- .../open_ssl/bn/bnspeed.c | 8 +- .../open_ssl/bn/bntest.c | 8 +- .../open_ssl/bn/divtest.c | 2 +- .../open_ssl/bn/expspeed.c | 8 +- .../open_ssl/bn/exptest.c | 6 +- .../open_ssl/buffer/buf_err.c | 4 +- .../open_ssl/buffer/buffer.c | 2 +- OSX/libsecurity_apple_csp/open_ssl/cryptlib.c | 6 +- OSX/libsecurity_apple_csp/open_ssl/cryptlib.h | 10 +- .../open_ssl/dh/dh_check.c | 4 +- .../open_ssl/dh/dh_err.c | 4 +- .../open_ssl/dh/dh_gen.c | 4 +- .../open_ssl/dh/dh_key.c | 4 +- .../open_ssl/dh/dh_lib.c | 4 +- .../open_ssl/dsa/dsa_asn1.c | 4 +- .../open_ssl/dsa/dsa_err.c | 4 +- .../open_ssl/dsa/dsa_gen.c | 4 +- .../open_ssl/dsa/dsa_key.c | 4 +- .../open_ssl/dsa/dsa_lib.c | 6 +- .../open_ssl/dsa/dsa_ossl.c | 6 +- .../open_ssl/dsa/dsa_sign.c | 6 +- .../open_ssl/dsa/dsa_vrf.c | 6 +- OSX/libsecurity_apple_csp/open_ssl/err/err.c | 12 +- .../open_ssl/err/err_prn.c | 10 +- OSX/libsecurity_apple_csp/open_ssl/ex_data.c | 6 +- .../open_ssl/lhash/lhash.c | 6 +- OSX/libsecurity_apple_csp/open_ssl/mem.c | 2 +- .../open_ssl/misc/rc2_cbc.c | 2 +- .../open_ssl/misc/rc2_skey.c | 2 +- .../open_ssl/misc/rc5_enc.c | 2 +- .../open_ssl/misc/rc5_skey.c | 2 +- .../openssl/{asn1.h => asn1_legacy.h} | 8 +- .../open_ssl/openssl/{bio.h => bio_legacy.h} | 6 +- .../openssl/{blowfish.h => blowfish_legacy.h} | 2 +- .../open_ssl/openssl/{bn.h => bn_legacy.h} | 4 +- .../openssl/{buffer.h => buffer_legacy.h} | 2 +- .../openssl/{cast.h => cast_legacy.h} | 2 +- .../openssl/{crypto.h => crypto_legacy.h} | 8 +- .../open_ssl/openssl/{dh.h => dh_legacy.h} | 8 +- .../open_ssl/openssl/{dsa.h => dsa_legacy.h} | 8 +- .../open_ssl/openssl/e_os.h | 6 +- .../openssl/{e_os2.h => e_os2_legacy.h} | 4 +- .../open_ssl/openssl/{evp.h => evp_legacy.h} | 18 +- .../openssl/{lhash.h => lhash_legacy.h} | 2 +- .../openssl/{objects.h => objects_legacy.h} | 6 +- ...openssl_pkcs7.h => openssl_pkcs7_legacy.h} | 4 +- .../{opensslconf.h => opensslconf_legacy.h} | 2 +- .../open_ssl/openssl/{err.h => opensslerr.h} | 2 +- .../openssl/{opensslv.h => opensslv_legacy.h} | 0 .../open_ssl/openssl/{rc2.h => rc2_legacy.h} | 4 +- .../open_ssl/openssl/{rc5.h => rc5_legacy.h} | 4 +- .../open_ssl/openssl/{rsa.h => rsa_legacy.h} | 6 +- .../{safestack.h => safestack_legacy.h} | 2 +- .../openssl/{stack.h => stack_legacy.h} | 2 +- .../openssl/{x509.h => x509_legacy.h} | 20 +- .../openssl/{x509_vfy.h => x509_vfy_legacy.h} | 10 +- .../open_ssl/opensslUtils/opensslAsn1.cpp | 6 +- .../open_ssl/opensslUtils/opensslAsn1.h | 6 +- .../open_ssl/opensslUtils/opensslUtils.cpp | 12 +- .../open_ssl/opensslUtils/opensslUtils.h | 2 +- .../open_ssl/rsa/rsa_chk.c | 6 +- .../open_ssl/rsa/rsa_eay.c | 4 +- .../open_ssl/rsa/rsa_err.c | 4 +- .../open_ssl/rsa/rsa_gen.c | 4 +- .../open_ssl/rsa/rsa_lib.c | 9 +- .../open_ssl/rsa/rsa_none.c | 4 +- .../open_ssl/rsa/rsa_null.c | 4 +- .../open_ssl/rsa/rsa_pk1.c | 4 +- .../open_ssl/rsa/rsa_saos.c | 8 +- .../open_ssl/rsa/rsa_sign.c | 8 +- .../open_ssl/rsa/rsa_ssl.c | 4 +- .../open_ssl/stack/stack.c | 2 +- .../lib/AppleCSPDLBuiltin.cpp | 2 +- .../lib/CSPDLPlugin.cpp | 1 - .../lib/SSDatabase.cpp | 3 +- OSX/libsecurity_apple_cspdl/lib/SSFactory.cpp | 1 - OSX/libsecurity_apple_cspdl/lib/SSKey.cpp | 12 + OSX/libsecurity_apple_cspdl/lib/SSKey.h | 1 + .../project.pbxproj | 335 - .../lib/AppleFileDL.cpp | 1 - .../project.pbxproj | 278 - .../lib/AppleX509CL.cpp | 1 - .../lib/clNameUtils.cpp | 2 +- .../project.pbxproj | 506 - OSX/libsecurity_apple_x509_tp/lib/AppleTP.cpp | 1 - .../lib/TPCrlInfo.cpp | 2 + .../lib/certGroupUtils.cpp | 1 - .../lib/tpCertAllowList.c | 234 - .../lib/tpCertAllowList.h | 45 - .../lib/tpCertGroup.cpp | 9 +- .../lib/tpPolicies.cpp | 4 +- .../project.pbxproj | 417 - OSX/libsecurity_asn1/config/base.xcconfig | 18 - OSX/libsecurity_asn1/config/debug.xcconfig | 2 - OSX/libsecurity_asn1/config/lib.xcconfig | 33 - OSX/libsecurity_asn1/config/release.xcconfig | 2 - OSX/libsecurity_asn1/lib/oidsalg.c | 2 +- OSX/libsecurity_asn1/lib/oidsbase.h | 363 - OSX/libsecurity_asn1/lib/oidsocsp.c | 2 +- OSX/libsecurity_asn1/lib/secasn1d.c | 11 +- .../project.pbxproj | 571 - .../lib/Authorization.h | 8 +- .../lib/AuthorizationPriv.h | 8 +- .../lib/AuthorizationTags.h | 2 +- .../lib/AuthorizationTagsPriv.h | 1 + .../lib/security_authorization.exp | 40 - .../lib/trampolineClient.cpp | 1 - .../project.pbxproj | 330 - OSX/libsecurity_cdsa_client/lib/cspclient.cpp | 3 +- .../lib/cssmclient.cpp | 4 +- OSX/libsecurity_cdsa_client/lib/cssmclient.h | 1 + OSX/libsecurity_cdsa_client/lib/dlclient.cpp | 3 +- OSX/libsecurity_cdsa_client/lib/dlclient.h | 2 +- OSX/libsecurity_cdsa_client/lib/keyclient.cpp | 1 + OSX/libsecurity_cdsa_client/lib/mdsclient.cpp | 2 - .../lib/securestorage.cpp | 1 + .../project.pbxproj | 423 - .../project.pbxproj | 411 - OSX/libsecurity_cdsa_utilities/lib/Schema.m4 | 2 +- .../lib/cssmerrors.cpp | 14 +- .../lib/handletemplates.cpp | 5 + .../lib/objectacl.cpp | 4 + .../lib/objectacl.h | 2 + .../project.pbxproj | 725 - .../lib/cuOidParser.cpp | 7 +- .../project.pbxproj | 303 - OSX/libsecurity_checkpw/lib/checkpw.h | 2 +- .../lib/security_checkpw.exp | 2 - .../project.pbxproj | 413 - OSX/libsecurity_cms/lib/CMSDecoder.cpp | 7 +- OSX/libsecurity_cms/lib/CMSEncoder.cpp | 1 + OSX/libsecurity_cms/lib/CMSEncoder.h | 2 +- OSX/libsecurity_cms/lib/security_cms.exp | 52 - .../libsecurity_cms.xcodeproj/project.pbxproj | 8 +- .../lib/SecAssessment.cpp | 2 +- OSX/libsecurity_codesigning/lib/SecCodePriv.h | 17 +- .../lib/SecRequirementPriv.h | 13 +- OSX/libsecurity_codesigning/lib/SecTask.h | 128 - .../lib/StaticCode.cpp | 40 +- .../lib/bundlediskrep.cpp | 12 +- OSX/libsecurity_codesigning/lib/cdbuilder.cpp | 2 +- OSX/libsecurity_codesigning/lib/cdbuilder.h | 2 +- OSX/libsecurity_codesigning/lib/csgeneric.cpp | 1 - .../lib/evaluationmanager.cpp | 1 - .../lib/filediskrep.cpp | 23 +- OSX/libsecurity_codesigning/lib/filediskrep.h | 2 + .../lib/policyengine.cpp | 33 - OSX/libsecurity_codesigning/lib/reqdumper.cpp | 2 - .../lib/security_codesigning.exp | 185 - OSX/libsecurity_codesigning/lib/signer.cpp | 3 +- .../project.pbxproj | 2110 - .../project.pbxproj | 230 - OSX/libsecurity_cryptkit/lib/feePublicKey.c | 2 - .../project.pbxproj | 796 - OSX/libsecurity_cssm/lib/cssmapi.h | 4 +- OSX/libsecurity_cssm/lib/generator.mk | 33 - OSX/libsecurity_cssm/lib/oidsbase.h | 10 + .../project.pbxproj | 530 - OSX/libsecurity_filedb/lib/AppleDatabase.cpp | 1 - OSX/libsecurity_filedb/lib/AtomicFile.cpp | 19 +- OSX/libsecurity_filedb/lib/AtomicFile.h | 4 +- OSX/libsecurity_filedb/lib/DbIndex.cpp | 1 - OSX/libsecurity_filedb/lib/DbValue.cpp | 2 - OSX/libsecurity_filedb/lib/MetaRecord.cpp | 2 - OSX/libsecurity_filedb/lib/MetaRecord.h | 2 +- .../project.pbxproj | 301 - OSX/libsecurity_keychain/lib/CCallbackMgr.cp | 9 +- OSX/libsecurity_keychain/lib/CCallbackMgr.h | 2 + OSX/libsecurity_keychain/lib/Certificate.cpp | 15 +- OSX/libsecurity_keychain/lib/Certificate.h | 6 +- OSX/libsecurity_keychain/lib/DLDBListCFPref.h | 2 +- .../lib/ExtendedAttribute.cpp | 2 +- OSX/libsecurity_keychain/lib/Globals.cpp | 3 +- OSX/libsecurity_keychain/lib/Identity.cpp | 2 +- .../lib/IdentityCursor.cpp | 4 +- OSX/libsecurity_keychain/lib/Item.cpp | 4 +- OSX/libsecurity_keychain/lib/KCCursor.cpp | 6 +- OSX/libsecurity_keychain/lib/KeyItem.cpp | 2 +- OSX/libsecurity_keychain/lib/Keychains.cpp | 7 +- OSX/libsecurity_keychain/lib/SecAccess.cpp | 5 +- OSX/libsecurity_keychain/lib/SecBase.cpp | 2 + OSX/libsecurity_keychain/lib/SecBase.h | 655 - OSX/libsecurity_keychain/lib/SecBasePriv.h | 93 - OSX/libsecurity_keychain/lib/SecBridge.h | 16 +- .../lib/SecCertificate.cpp | 689 +- OSX/libsecurity_keychain/lib/SecCertificate.h | 515 - .../lib/SecCertificateP.c | 25 +- .../lib/SecCertificateP.h | 4 +- .../lib/SecCertificatePriv.h | 402 - .../lib/SecCertificateRequest.h | 191 - OSX/libsecurity_keychain/lib/SecExport.cpp | 2 +- OSX/libsecurity_keychain/lib/SecExternalRep.h | 2 +- .../lib/SecFDERecoveryAsymmetricCrypto.cpp | 2 +- .../lib/SecFDERecoveryAsymmetricCrypto.h | 2 +- OSX/libsecurity_keychain/lib/SecIdentity.cpp | 64 +- .../lib/SecIdentityPriv.h | 152 - OSX/libsecurity_keychain/lib/SecImport.cpp | 2 +- .../lib/SecImportExport.c | 2 +- .../lib/SecImportExportAgg.cpp | 11 +- .../lib/SecImportExportAgg.h | 2 +- .../lib/SecImportExportCrypto.cpp | 2 +- .../lib/SecImportExportPem.h | 2 +- .../lib/SecImportExportUtils.cpp | 3 +- .../lib/SecImportExportUtils.h | 6 +- OSX/libsecurity_keychain/lib/SecInternal.h | 68 - OSX/libsecurity_keychain/lib/SecInternalP.h | 67 - OSX/libsecurity_keychain/lib/SecItem.cpp | 123 +- OSX/libsecurity_keychain/lib/SecItem.h | 1199 - OSX/libsecurity_keychain/lib/SecItemPriv.h | 460 - OSX/libsecurity_keychain/lib/SecKey.cpp | 33 +- OSX/libsecurity_keychain/lib/SecKeyPriv.h | 575 - .../lib/SecKeychainItem.cpp | 31 - .../lib/SecKeychainItemExtendedAttributes.cpp | 7 +- .../lib/SecKeychainItemPriv.h | 2 +- .../lib/SecKeychainSearch.cpp | 2 - OSX/libsecurity_keychain/lib/SecPolicy.cpp | 427 +- OSX/libsecurity_keychain/lib/SecPolicyPriv.h | 1497 - .../lib/SecPolicySearch.cpp | 6 - .../lib/SecRecoveryPassword.c | 12 +- OSX/libsecurity_keychain/lib/SecTrust.cpp | 880 +- OSX/libsecurity_keychain/lib/SecTrust.h | 705 - .../lib/SecTrustOSXEntryPoints.cpp | 35 +- .../lib/SecTrustSettings.cpp | 11 +- .../lib/SecTrustSettings.h | 322 - .../lib/SecTrustSettingsPriv.h | 160 - .../lib/TrustAdditions.cpp | 20 +- OSX/libsecurity_keychain/lib/TrustAdditions.h | 4 +- OSX/libsecurity_keychain/lib/TrustItem.cpp | 2 +- OSX/libsecurity_keychain/lib/TrustKeychains.h | 2 +- .../lib/TrustSettings.cpp | 22 +- OSX/libsecurity_keychain/lib/TrustSettings.h | 2 +- .../lib/TrustSettingsUtils.h | 2 +- OSX/libsecurity_keychain/lib/TrustStore.cpp | 2 +- .../lib/UnlockReferralItem.cpp | 2 +- OSX/libsecurity_keychain/lib/defaultcreds.cpp | 2 +- .../lib/security_keychain.exp | 786 - .../libDER/config/base.xcconfig | 17 - .../libDER/config/debug.xcconfig | 2 - .../libDER/config/lib.xcconfig | 33 - .../libDER/config/release.xcconfig | 2 - .../libDER/libDER.xcodeproj/.gitignore | 2 - .../libDER/libDER.xcodeproj/project.pbxproj | 942 - OSX/libsecurity_keychain/libDER/libDER/oids.c | 155 +- .../libDER/libDER/oidsPriv.h | 26 +- .../project.pbxproj | 1542 - .../kc-05-find-existing-items-locked.c | 37 +- .../regressions/kc-05-find-existing-items.c | 32 +- .../regressions/kc-06-cert-search-email.m | 14 +- .../kc-12-key-create-symmetric-and-use.m | 4 +- .../kc-15-item-update-label-skimaad.m | 21 +- .../regressions/kc-15-key-update-valueref.c | 15 +- .../regressions/kc-16-item-update-password.c | 16 +- .../regressions/kc-18-find-combined.c | 19 +- .../regressions/kc-20-item-add-stress.c | 103 + .../regressions/kc-20-item-delete-stress.c | 114 + .../regressions/kc-20-item-find-stress.c | 2 +- .../regressions/kc-20-key-find-stress.c | 2 +- .../regressions/kc-21-item-use-callback.c | 12 +- .../regressions/kc-23-key-export-symmetric.m | 5 +- .../regressions/kc-24-key-copy-keychains.c | 6 +- .../regressions/kc-26-key-import-public.m | 7 +- .../regressions/kc-27-key-non-extractable.c | 2 +- .../regressions/kc-28-cert-sign.c | 13 +- .../regressions/kc-28-p12-import.m | 26 +- .../regressions/kc-30-xara-helpers.h | 2 +- .../regressions/kc-30-xara-item-helpers.h | 48 +- .../regressions/kc-30-xara-key-helpers.h | 81 +- .../regressions/kc-30-xara-upgrade-helpers.h | 9 +- .../regressions/kc-30-xara.c | 179 +- .../regressions/kc-40-seckey.m | 25 +- .../regressions/kc-41-sececkey.m | 17 +- .../regressions/kc-42-trust-revocation.c | 15 - .../regressions/kc-43-seckey-interop.m | 71 +- .../regressions/kc-helpers.h | 27 +- .../regressions/kc-item-helpers.h | 42 +- .../regressions/kc-key-helpers.h | 37 +- .../regressions/keychain_regressions.h | 2 + .../regressions/si-33-keychain-backup.c | 13 +- .../regressions/si-34-one-true-keychain.c | 14 +- OSX/libsecurity_keychain/xpc/main.c | 4 +- .../lib/AppleManifest.cpp | 4 +- OSX/libsecurity_manifest/lib/Download.cpp | 2 +- .../lib/ManifestInternal.cpp | 2 - OSX/libsecurity_manifest/lib/SecManifest.cpp | 4 +- OSX/libsecurity_manifest/lib/SecManifest.h | 2 - .../lib/SecureDownload.cpp | 2 +- OSX/libsecurity_manifest/lib/SecureDownload.h | 7 +- .../lib/SecureDownloadInternal.c | 4 +- .../lib/SecureDownloadInternal.h | 2 +- .../lib/security_manifest.exp | 41 - .../project.pbxproj | 372 - OSX/libsecurity_mds/lib/MDSDatabase.cpp | 1 - OSX/libsecurity_mds/lib/MDSDictionary.cpp | 2 +- OSX/libsecurity_mds/lib/MDSDictionary.h | 2 +- OSX/libsecurity_mds/lib/MDSSession.cpp | 7 +- OSX/libsecurity_mds/lib/security_mds.exp | 6 - .../libsecurity_mds.xcodeproj/project.pbxproj | 343 - OSX/libsecurity_ocspd/common/ocspdUtils.cpp | 4 +- .../project.pbxproj | 438 - OSX/libsecurity_ocspd/mig/mig.mk | 47 - OSX/libsecurity_pkcs12/lib/pkcs12Decode.cpp | 3 +- OSX/libsecurity_pkcs12/lib/pkcs12Utils.cpp | 2 +- .../project.pbxproj | 347 - .../lib/SDCSPDLPlugin.cpp | 1 + OSX/libsecurity_sd_cspdl/lib/SDCSPDLPlugin.h | 1 + OSX/libsecurity_sd_cspdl/lib/SDFactory.cpp | 1 - .../project.pbxproj | 340 - OSX/libsecurity_smime/lib/SecCMS.c | 117 + OSX/libsecurity_smime/lib/SecCMS.h | 30 + OSX/libsecurity_smime/lib/SecCmsBase.h | 2 +- OSX/libsecurity_smime/lib/SecCmsDecoder.h | 2 +- OSX/libsecurity_smime/lib/cert.c | 5 +- OSX/libsecurity_smime/lib/cmsasn1.c | 9 +- OSX/libsecurity_smime/lib/cmsdecode.c | 10 +- OSX/libsecurity_smime/lib/cmsdigest.c | 1 + OSX/libsecurity_smime/lib/cmsencdata.c | 8 +- OSX/libsecurity_smime/lib/cmsencode.c | 9 +- OSX/libsecurity_smime/lib/cmsmessage.c | 6 +- OSX/libsecurity_smime/lib/cmsrecinfo.c | 53 +- OSX/libsecurity_smime/lib/cmssigdata.c | 15 +- OSX/libsecurity_smime/lib/cmssiginfo.c | 6 +- OSX/libsecurity_smime/lib/cryptohi.c | 7 +- OSX/libsecurity_smime/lib/secitem.c | 190 +- OSX/libsecurity_smime/lib/security_smime.exp | 135 - OSX/libsecurity_smime/lib/smimeutil.c | 9 +- .../project.pbxproj | 22 +- .../regressions/cms-01-basic.c | 4 +- .../regressions/smime-cms-test.c | 6 +- OSX/libsecurity_ssl/config/base.xcconfig | 18 - OSX/libsecurity_ssl/config/debug.xcconfig | 4 - OSX/libsecurity_ssl/config/kext.xcconfig | 29 - OSX/libsecurity_ssl/config/lib.xcconfig | 28 - OSX/libsecurity_ssl/config/release.xcconfig | 2 - OSX/libsecurity_ssl/config/tests.xcconfig | 24 - OSX/libsecurity_ssl/lib/SSLRecordInternal.c | 4 +- OSX/libsecurity_ssl/lib/security_ssl.exp | 95 - OSX/libsecurity_ssl/lib/sslBuildFlags.h | 8 - OSX/libsecurity_ssl/lib/sslContext.c | 2 + OSX/libsecurity_ssl/lib/sslContext.h | 5 +- OSX/libsecurity_ssl/lib/sslKeychain.c | 3 + OSX/libsecurity_ssl/lib/sslTransport.c | 46 +- .../libsecurity_ssl.xcodeproj/.gitignore | 2 - .../libsecurity_ssl.xcodeproj/project.pbxproj | 830 - .../regressions/ssl-42-ciphers.c | 15 +- .../regressions/ssl-43-ciphers.c | 2 +- .../regressions/ssl-50-server.c | 2 +- OSX/libsecurity_ssl/regressions/ssl-utils.c | 1 + .../libsecurity_transform.Default.xcconfig | 5 - .../libsecurity_transform_Deployment.xcconfig | 2 - ...libsecurity_transform_Development.xcconfig | 6 - .../libsecurity_transform_core.xcconfig | 27 - .../security_transform_Default.xcconfig | 9 - .../security_transform_Deployment.xcconfig | 11 - .../security_transform_Development.xcconfig | 14 - .../lib/EncryptTransform.h | 4 +- .../lib/GroupTransform.cpp | 4 +- .../lib/SecExternalSourceTransform.h | 2 +- .../lib/SecMaskGenerationFunctionTransform.h | 5 +- .../lib/SecSignVerifyTransform.c | 7 +- .../lib/SecTransform.cpp | 2 +- .../lib/SecTransformReadTransform.cpp | 1 - .../lib/SecTransformValidator.h | 2 +- OSX/libsecurity_transform/lib/Transform.cpp | 3 +- .../lib/security_transform.exp | 99 - .../project.pbxproj | 874 - .../lib/SecTranslocate.h | 2 +- .../lib/SecTranslocateClient.cpp | 1 - .../lib/SecTranslocateDANotification.cpp | 2 +- .../lib/security_translocate.exp | 25 - .../project.pbxproj | 383 - OSX/libsecurity_utilities/lib/alloc.cpp | 9 +- OSX/libsecurity_utilities/lib/cfmunge.cpp | 3 +- OSX/libsecurity_utilities/lib/cfutilities.cpp | 12 +- OSX/libsecurity_utilities/lib/cfutilities.h | 24 +- OSX/libsecurity_utilities/lib/dtrace.mk | 2 - OSX/libsecurity_utilities/lib/endian.h | 4 +- OSX/libsecurity_utilities/lib/exports | 8 - OSX/libsecurity_utilities/lib/fdmover.cpp | 7 +- OSX/libsecurity_utilities/lib/fdmover.h | 5 +- OSX/libsecurity_utilities/lib/macho++.cpp | 68 +- OSX/libsecurity_utilities/lib/macho++.h | 2 +- OSX/libsecurity_utilities/lib/memutils.h | 2 +- OSX/libsecurity_utilities/lib/pcsc++.cpp | 4 +- OSX/libsecurity_utilities/lib/seccfobject.cpp | 8 +- OSX/libsecurity_utilities/lib/seccfobject.h | 3 + OSX/libsecurity_utilities/lib/threading.h | 7 + OSX/libsecurity_utilities/lib/unixchild.cpp | 2 - OSX/libsecurity_utilities/lib/url.cpp | 10 +- OSX/libsecurity_utilities/lib/utilities.cpp | 3 +- .../project.pbxproj | 930 - OSX/libsecurityd/lib/SharedMemoryClient.cpp | 151 +- OSX/libsecurityd/lib/SharedMemoryClient.h | 44 +- OSX/libsecurityd/lib/SharedMemoryCommon.h | 20 +- OSX/libsecurityd/lib/dictionary.h | 2 +- OSX/libsecurityd/lib/eventlistener.cpp | 65 +- OSX/libsecurityd/lib/eventlistener.h | 3 + OSX/libsecurityd/lib/sec_xdr.c | 6 +- OSX/libsecurityd/lib/sec_xdr_array.c | 5 +- OSX/libsecurityd/lib/sec_xdr_reference.c | 8 +- OSX/libsecurityd/lib/ssblob.cpp | 4 +- .../libsecurityd.xcodeproj/project.pbxproj | 810 - OSX/libsecurityd/mig/mig.mk | 67 - .../regressions.xcodeproj/.gitignore | 2 - .../regressions.xcodeproj/project.pbxproj | 365 - OSX/regressions/test/testenv.m | 83 +- OSX/regressions/test/testmore.c | 2 +- OSX/regressions/test/testmore.h | 27 +- OSX/regressions/test/testpolicy.m | 15 +- .../KeychainSyncingOverIDSProxy.1} | 4 +- OSX/sec/SOSCircle/CKBridge/CKClient.c | 493 - OSX/sec/SOSCircle/CKBridge/CKClient.h | 62 - .../CKBridge/SOSCloudKeychainClient.c | 210 +- .../CKBridge/SOSCloudKeychainClient.h | 24 +- .../CKBridge/SOSCloudKeychainConstants.c | 13 +- .../CKBridge/SOSCloudKeychainConstants.h | 11 +- .../CKBridge/SOSCloudKeychainLogging.c | 222 - .../CKBridge/SOSCloudKeychainLogging.h | 13 - .../SOSCircle/CKBridge/SOSCloudTransport.c | 558 - .../SOSCircle/CKBridge/SOSCloudTransport.h | 69 - .../CloudKeychainProxy/CKDKVSProxy.h | 126 - .../CloudKeychainProxy/CKDKVSProxy.m | 1428 - .../CloudKeychainProxy/CKDPersistentState.h | 43 - .../CloudKeychainProxy/CKDPersistentState.m | 133 - .../SOSCircle/CloudKeychainProxy/ckdmain.m | 63 - .../CloudKeychainProxy/cloudkeychainproxy.m | 453 - .../scripts/PhoneTerms2.applescript | 126 - .../scripts/PhoneTerms2.scpt | Bin 13258 -> 0 bytes .../scripts/install_on_devices | 50 - .../CloudKeychainProxy/scripts/kcstatus | 6 - .../CloudKeychainProxy/scripts/sosbuildroot | 1 - .../CloudKeychainProxy/scripts/soscopy | 13 - .../CloudKeychainProxy/scripts/soscopysshkeys | 26 - .../CloudKeychainProxy/scripts/sosinstallroot | 42 - .../CloudKeychainProxy/scripts/sosreset | 10 - .../CloudKeychainProxy/scripts/tweak | 131 - .../Regressions/CKDSimulatedAccount.h | 32 + .../Regressions/CKDSimulatedAccount.m | 109 + .../Regressions/SOSRegressionUtilities.c | 1 - .../SOSCircle/Regressions/SOSTestDataSource.c | 45 +- .../SOSCircle/Regressions/SOSTestDataSource.h | 1 + OSX/sec/SOSCircle/Regressions/SOSTestDevice.c | 46 +- OSX/sec/SOSCircle/Regressions/SOSTestDevice.h | 9 +- .../Regressions/secd-210-keyinterest.m | 197 + .../SecureObjectSync/CKDSimulatedStore.h | 34 + .../SecureObjectSync/CKDSimulatedStore.m | 82 + .../SOSCircle/SecureObjectSync/SOSAccount.c | 631 +- .../SOSCircle/SecureObjectSync/SOSAccount.h | 64 +- .../SecureObjectSync/SOSAccountBackup.c | 44 +- .../SecureObjectSync/SOSAccountCircles.c | 14 + .../SecureObjectSync/SOSAccountCredentials.c | 19 +- .../SecureObjectSync/SOSAccountFullPeerInfo.c | 10 +- .../SecureObjectSync/SOSAccountGetSet.c | 105 + .../SecureObjectSync/SOSAccountGhost.c | 149 + .../SecureObjectSync/SOSAccountGhost.h | 18 + .../SecureObjectSync/SOSAccountPeers.c | 5 - .../SecureObjectSync/SOSAccountPersistence.c | 22 +- .../SecureObjectSync/SOSAccountPriv.h | 32 +- .../SecureObjectSync/SOSAccountRecovery.c | 236 + .../SecureObjectSync/SOSAccountRingUpdate.c | 11 + .../SecureObjectSync/SOSAccountRings.c | 40 +- .../SecureObjectSync/SOSAccountSync.c | 428 + .../SecureObjectSync/SOSAccountTransaction.c | 37 +- .../SecureObjectSync/SOSAccountTransaction.h | 5 + .../SecureObjectSync/SOSAccountUpdate.c | 8 + .../SecureObjectSync/SOSAccountViewSync.c | 19 + .../SecureObjectSync/SOSBackupInformation.c | 73 + .../SecureObjectSync/SOSBackupInformation.h | 49 + .../SecureObjectSync/SOSBackupSliceKeyBag.c | 222 +- .../SecureObjectSync/SOSBackupSliceKeyBag.h | 16 + .../SecureObjectSync/SOSChangeTracker.c | 2 +- .../SOSCircle/SecureObjectSync/SOSCircle.c | 208 +- .../SOSCircle/SecureObjectSync/SOSCircle.h | 5 +- .../SOSCircle/SecureObjectSync/SOSCircleDer.c | 6 +- .../SecureObjectSync/SOSCloudCircle.c | 315 +- .../SecureObjectSync/SOSCloudCircle.h | 95 +- .../SecureObjectSync/SOSCloudCircleInternal.h | 22 +- OSX/sec/SOSCircle/SecureObjectSync/SOSCoder.c | 22 +- .../SecureObjectSync/SOSDataSource.h | 9 +- .../SecureObjectSync/SOSDigestVector.c | 1 - .../SOSCircle/SecureObjectSync/SOSEngine.c | 206 +- .../SOSCircle/SecureObjectSync/SOSEngine.h | 19 +- .../SecureObjectSync/SOSExports.exp-in | 82 +- .../SecureObjectSync/SOSFullPeerInfo.c | 24 +- .../SecureObjectSync/SOSFullPeerInfo.h | 3 + .../SOSCircle/SecureObjectSync/SOSGenCount.c | 24 + .../SOSCircle/SecureObjectSync/SOSGenCount.h | 6 + .../SOSCircle/SecureObjectSync/SOSInternal.c | 39 +- .../SOSCircle/SecureObjectSync/SOSInternal.h | 23 +- .../SOSKeyedPubKeyIdentifier.c | 88 + .../SOSKeyedPubKeyIdentifier.h} | 44 +- .../SOSCircle/SecureObjectSync/SOSMessage.c | 32 +- .../SOSCircle/SecureObjectSync/SOSMessage.h | 5 +- OSX/sec/SOSCircle/SecureObjectSync/SOSPeer.c | 36 +- OSX/sec/SOSCircle/SecureObjectSync/SOSPeer.h | 3 + .../SOSCircle/SecureObjectSync/SOSPeerCoder.c | 5 +- .../SOSCircle/SecureObjectSync/SOSPeerCoder.h | 2 +- .../SOSCircle/SecureObjectSync/SOSPeerInfo.c | 203 +- .../SOSCircle/SecureObjectSync/SOSPeerInfo.h | 22 +- .../SecureObjectSync/SOSPeerInfoPriv.h | 1 - .../SecureObjectSync/SOSPeerInfoV2.c | 59 +- .../SecureObjectSync/SOSPeerInfoV2.h | 15 +- .../SecureObjectSync/SOSRecoveryKeyBag.c | 237 + .../SecureObjectSync/SOSRecoveryKeyBag.h | 57 + OSX/sec/SOSCircle/SecureObjectSync/SOSRing.h | 5 +- .../SecureObjectSync/SOSRingBackup.c | 122 +- .../SOSCircle/SecureObjectSync/SOSRingBasic.c | 26 +- .../SOSCircle/SecureObjectSync/SOSRingBasic.h | 12 + .../SecureObjectSync/SOSRingRecovery.c | 122 + .../SecureObjectSync/SOSRingRecovery.h | 47 + .../SOSCircle/SecureObjectSync/SOSRingTypes.c | 353 +- .../SOSCircle/SecureObjectSync/SOSRingTypes.h | 37 +- .../SOSCircle/SecureObjectSync/SOSRingUtils.c | 4 +- .../SecureObjectSync/SOSSysdiagnose.c | 470 +- .../SOSCircle/SecureObjectSync/SOSTransport.c | 112 +- .../SOSCircle/SecureObjectSync/SOSTransport.h | 2 +- .../SecureObjectSync/SOSTransportCircleKVS.c | 28 +- .../SOSTransportKeyParameterKVS.c | 8 +- .../SecureObjectSync/SOSTransportMessage.c | 78 +- .../SecureObjectSync/SOSTransportMessage.h | 10 +- .../SecureObjectSync/SOSTransportMessageIDS.c | 174 +- .../SecureObjectSync/SOSTransportMessageIDS.h | 13 +- .../SecureObjectSync/SOSTransportMessageKVS.c | 61 +- .../SOSCircle/SecureObjectSync/ViewList.list | 18 +- .../SOSCircle/Tool/accountCirclesViewsPrint.c | 429 + .../SOSCircle/Tool/accountCirclesViewsPrint.h | 18 + OSX/sec/SOSCircle/Tool/keychain_log.c | 36 +- OSX/sec/SOSCircle/Tool/keychain_sync.c | 52 +- OSX/sec/SOSCircle/Tool/keychain_sync.h | 2 +- OSX/sec/SOSCircle/Tool/keychain_sync_test.h | 1 + OSX/sec/SOSCircle/Tool/keychain_sync_test.m | 43 +- .../sec/SOSCircle/Tool/recovery_key.h | 21 +- OSX/sec/SOSCircle/Tool/recovery_key.m | 151 + OSX/sec/SOSCircle/Tool/secToolFileIO.c | 2 +- OSX/sec/SOSCircle/Tool/secToolFileIO.h | 8 +- OSX/sec/SOSCircle/Tool/syncbackup.c | 61 +- OSX/sec/SOSCircle/Tool/syncbackup.h | 1 + OSX/sec/Security/AuthorizationStatus.h | 44 - .../Regressions/Security_regressions.h | 3 +- .../Regressions/crypto/spbkdf-00-hmac-sha1.c | 28 +- .../crypto/spbkdf-01-hmac-sha256.c | 239 + .../Security/Regressions/rk_01_recoverykey.m | 67 + .../Security/Regressions/secitem/si-05-add.c | 8 +- .../Regressions/secitem/si-15-certificate.c | 114 +- .../secitem/si-16-ec-certificate.c | 2 +- .../Regressions/secitem/si-20-sectrust.c | 113 +- .../secitem/si-29-sectrust-sha1-deprecation.h | 430 + .../secitem/si-29-sectrust-sha1-deprecation.m | 185 + .../Regressions/secitem/si-40-seckey.c | 12 +- .../Security/Regressions/secitem/si-62-csr.c | 98 +- .../Regressions/secitem/si-66-smime.c | 72 +- .../secitem/si-73-secpasswordgenerate.c | 47 +- .../Regressions/secitem/si-74-OTAPKISigner.c | 7 +- .../Security/Regressions/secitem/si-90-emcs.m | 1 + .../secitem/si_77_SecAccessControl.c | 21 +- OSX/sec/Security/SecAccessControl.h | 12 +- OSX/sec/Security/SecBase.h | 120 - OSX/sec/Security/SecBase64.c | 3 +- OSX/sec/Security/SecCMS.c | 3 +- OSX/sec/Security/SecCMS.h | 2 +- OSX/sec/Security/SecCTKKey.c | 42 +- OSX/sec/Security/SecCertificate.c | 873 +- OSX/sec/Security/SecCertificate.h | 96 - OSX/sec/Security/SecCertificateInternal.h | 170 +- OSX/sec/Security/SecCertificatePath.c | 4 +- OSX/sec/Security/SecCertificatePath.h | 2 +- OSX/sec/Security/SecCertificatePriv.h | 293 - OSX/sec/Security/SecCertificateRequest.c | 238 +- OSX/sec/Security/SecCertificateRequest.h | 135 - OSX/sec/Security/SecECKey.c | 4 +- OSX/sec/Security/SecECKey.h | 3 + OSX/sec/Security/SecEMCS.m | 2 +- OSX/sec/Security/SecExports.exp-in | 794 +- OSX/sec/Security/SecFrameworkStrings.h | 14 +- OSX/sec/Security/SecIdentity.h | 81 - OSX/sec/Security/SecIdentityPriv.h | 48 - OSX/sec/Security/SecImportExport.h | 101 - OSX/sec/Security/SecItem.c | 21 +- OSX/sec/Security/SecItemBackup.c | 6 +- OSX/sec/Security/SecItemBackup.h | 7 +- OSX/sec/Security/SecItemInternal.h | 5 +- OSX/sec/Security/SecKey.c | 10 +- OSX/sec/Security/SecKey.h | 959 - OSX/sec/Security/SecKeyAdaptors.c | 26 +- OSX/sec/Security/SecKeyInternal.h | 2 + OSX/sec/Security/SecOTRSession.c | 13 +- OSX/sec/Security/SecOTRSession.h | 2 +- OSX/sec/Security/SecOTRSessionAKE.c | 211 +- OSX/sec/Security/SecPBKDF.c | 42 + OSX/sec/Security/SecPBKDF.h | 12 +- OSX/sec/Security/SecPasswordGenerate.c | 343 +- OSX/sec/Security/SecPasswordGenerate.h | 11 +- OSX/sec/Security/SecPolicy.c | 367 +- OSX/sec/Security/SecPolicy.h | 424 - OSX/sec/Security/SecPolicyInternal.h | 14 + OSX/sec/Security/SecPolicyLeafCallbacks.c | 18 + OSX/sec/Security/SecRSAKey.c | 28 +- OSX/sec/Security/SecRSAKey.h | 7 - OSX/sec/Security/SecRandom.h | 69 - OSX/sec/Security/SecRecoveryKey.h | 50 + OSX/sec/Security/SecRecoveryKey.m | 248 + OSX/sec/Security/SecSCEP.c | 4 + OSX/sec/Security/SecSCEP.h | 2 +- OSX/sec/Security/SecTrust.c | 1277 +- OSX/sec/Security/SecTrustPriv.h | 454 - OSX/sec/Security/SecTrustSettings.c | 533 - OSX/sec/Security/SecTrustSettings.h | 250 - OSX/sec/Security/SecTrustSettingsPriv.h | 242 - OSX/sec/Security/SecTrustStore.c | 2 +- OSX/sec/Security/SecuritydXPC.c | 34 +- OSX/sec/Security/SecuritydXPC.h | 3 + OSX/sec/Security/Tool/keychain_add.c | 2 +- OSX/sec/Security/Tool/keychain_backup.c | 2 +- OSX/sec/Security/Tool/scep.c | 2 + OSX/sec/Security/Tool/spc.c | 10 +- OSX/sec/Security/Tool/verify_cert.c | 58 +- OSX/sec/Security/certextensions.h | 546 - OSX/sec/Security/cssmapple.h | 84 - OSX/sec/SecurityTool/syncbubble.m | 2 - .../swcagent-entitlements.plist | 26 + OSX/sec/SharedWebCredential/swcagent.m | 40 +- OSX/sec/SharedWebCredential/swcagent_client.h | 3 +- OSX/sec/config/base.xcconfig | 50 - OSX/sec/config/debug.xcconfig | 6 - OSX/sec/config/lib-arc-only.xcconfig | 9 - OSX/sec/config/lib.xcconfig | 28 - OSX/sec/config/release.xcconfig | 4 - OSX/sec/ipc/client.c | 1 + OSX/sec/ipc/securityd_client.h | 32 +- OSX/sec/ipc/server.c | 189 +- OSX/sec/sec.xcodeproj/project.pbxproj | 3871 -- OSX/sec/securityd/OTATrustUtilities.c | 12 +- .../securityd/Regressions/SOSAccountTesting.h | 195 +- .../Regressions/SOSTransportTestTransports.c | 164 +- .../Regressions/SecdTestKeychainUtilities.c | 4 +- OSX/sec/securityd/Regressions/secd-01-items.c | 2 +- .../Regressions/secd-100-initialsync.c | 2 +- .../Regressions/secd-130-other-peer-views.c | 7 +- .../securityd/Regressions/secd-200-logstate.c | 9 +- .../securityd/Regressions/secd-201-coders.c | 35 +- .../Regressions/secd-202-recoverykey.m | 67 + .../Regressions/secd-31-keychain-unreadable.c | 83 +- .../Regressions/secd-33-keychain-ctk.m | 132 +- .../Regressions/secd-34-backup-der-parse.c | 5 +- .../securityd/Regressions/secd-50-account.c | 9 +- .../Regressions/secd-51-account-inflate.c | 7 +- .../Regressions/secd-52-account-changed.c | 24 +- .../secd-52-offering-gencount-reset.c | 9 +- .../Regressions/secd-55-account-circle.c | 9 +- .../secd-55-account-incompatibility.c | 9 +- .../Regressions/secd-56-account-apply.c | 8 +- .../secd-57-1-account-last-standing.c | 7 +- .../Regressions/secd-57-account-leave.c | 7 +- .../Regressions/secd-58-password-change.c | 8 +- .../Regressions/secd-59-account-cleanup.c | 7 +- .../secd-60-account-cloud-identity.c | 8 +- ...d-61-account-leave-not-in-kansas-anymore.c | 8 +- .../Regressions/secd-62-account-backup.c | 10 +- .../Regressions/secd-62-account-hsa-join.c | 8 +- .../secd-63-account-resurrection.c | 7 +- .../Regressions/secd-64-circlereset.c | 8 +- .../secd-65-account-retirement-reset.c | 7 +- .../Regressions/secd-66-account-recovery.c | 326 + .../securityd/Regressions/secd-668-ghosts.c | 199 + .../Regressions/secd-67-prefixedKeyIDs.c | 129 + .../securityd/Regressions/secd-70-engine.c | 4 +- .../Regressions/secd-71-engine-save.c | 215 +- .../Regressions/secd-76-idstransport.c | 26 +- .../Regressions/secd-80-views-alwayson.c | 108 + .../Regressions/secd-80-views-basic.c | 11 +- .../securityd/Regressions/secd-81-item-acl.c | 2 +- .../Regressions/secd-82-secproperties-basic.c | 9 +- OSX/sec/securityd/Regressions/secd-90-hsa2.c | 8 +- .../secd60-account-cloud-exposure.c | 8 +- .../Regressions/secd_77_ids_messaging.c | 46 +- .../securityd/Regressions/secd_regressions.h | 8 +- OSX/sec/securityd/SOSCloudCircleServer.c | 285 +- OSX/sec/securityd/SOSCloudCircleServer.h | 21 +- OSX/sec/securityd/SecCAIssuerRequest.c | 7 +- OSX/sec/securityd/SecCertificateSource.c | 762 + OSX/sec/securityd/SecCertificateSource.h | 97 + OSX/sec/securityd/SecDbItem.c | 14 + OSX/sec/securityd/SecDbItem.h | 1 + OSX/sec/securityd/SecDbKeychainItem.c | 25 +- OSX/sec/securityd/SecDbQuery.c | 2 +- OSX/sec/securityd/SecItemBackupServer.c | 9 +- OSX/sec/securityd/SecItemDataSource.c | 37 +- OSX/sec/securityd/SecItemDb.c | 2 +- OSX/sec/securityd/SecItemDb.h | 2 +- OSX/sec/securityd/SecItemServer.c | 51 +- OSX/sec/securityd/SecItemServer.h | 2 +- OSX/sec/securityd/SecOCSPCache.c | 34 +- OSX/sec/securityd/SecOCSPCache.h | 3 + OSX/sec/securityd/SecOCSPRequest.h | 2 +- OSX/sec/securityd/SecOCSPResponse.h | 3 +- OSX/sec/securityd/SecOTRRemote.c | 1 + OSX/sec/securityd/SecPolicyServer.c | 620 +- OSX/sec/securityd/SecPolicyServer.h | 6 +- OSX/sec/securityd/SecRevocationDb.c | 1929 + OSX/sec/securityd/SecRevocationDb.h | 109 + .../sec/securityd/SecTrustLoggingServer.c | 16 +- .../sec/securityd/SecTrustLoggingServer.h | 15 +- OSX/sec/securityd/SecTrustServer.c | 734 +- OSX/sec/securityd/SecTrustServer.h | 2 + OSX/sec/securityd/asynchttp.c | 2 +- OSX/sec/securityd/entitlements.plist | 8 + OSX/sec/securityd/personalization.h | 1 + OSX/sec/securityd/policytree.c | 28 +- OSX/sec/securityd/policytree.h | 4 + OSX/sec/securityd/spi.c | 13 +- OSX/sec/securityd/spi.h | 3 +- OSX/shared_regressions/shared_regressions.h | 8 +- .../si-20-sectrust-policies-data/.gitignore | 2 - .../DODEMAILCA30.cer | Bin 0 -> 1366 bytes .../DODInteroperabilityRootCA1.cer | Bin 0 -> 1588 bytes .../DODInteroperabilityRootCA2.cer | Bin 0 -> 1778 bytes .../DODRootCA2.cer | Bin 0 -> 1307 bytes .../ECARootCA4.cer | Bin 0 -> 1407 bytes .../EntrustCAL1C.cer | Bin 1270 -> 0 bytes .../EntrustRootCA.cer | Bin 1070 -> 0 bytes ...eDODIDSWCA37-noRequireExplicitPolicies.cer | Bin 0 -> 1227 bytes .../FakeDODIDSWCA37.cer | Bin 0 -> 1240 bytes .../FakeDODInteroperability-extraPolicies.cer | Bin 0 -> 1547 bytes ...roperability-noRequireExplicitPolicies.cer | Bin 0 -> 1531 bytes .../FakeDODInteroperability.cer | Bin 0 -> 1536 bytes .../FakeDODLeaf.cer | Bin 0 -> 1219 bytes ...keDODRootCA3-noRequireExplicitPolicies.cer | Bin 0 -> 1353 bytes .../FakeDODRootCA3.cer | Bin 0 -> 1372 bytes .../FakeFederalBridgeCA-extraPolicies.cer | Bin 0 -> 1655 bytes .../FakeFederalBridgeCA.cer | Bin 0 -> 1644 bytes .../FakeFederalCommonPolicy.cer | Bin 0 -> 1173 bytes .../FederalBridgeCA2013.cer | Bin 0 -> 1641 bytes .../FederalCommonPolicyCA.cer | Bin 0 -> 1124 bytes .../PinningPolicyTrustTest.plist | 183 +- .../SHA1FederalRootCA.cer | Bin 0 -> 1222 bytes .../apn_legacy.cer | Bin 1319 -> 0 bytes .../smime_signing.cer | Bin 0 -> 1286 bytes .../si-20-sectrust-policies.m | 10 +- OSX/shared_regressions/si-44-seckey-gen.m | 13 +- OSX/shared_regressions/si-44-seckey-rsa.m | 56 +- OSX/utilities/config/lib.xcconfig | 8 - OSX/utilities/src/NSURL+SOSPlistStore.h | 10 + OSX/utilities/src/NSURL+SOSPlistStore.m | 70 + OSX/utilities/src/SecADWrapper.c | 95 + .../utilities/src/SecADWrapper.h | 37 +- OSX/utilities/src/SecAKSWrappers.h | 14 +- OSX/utilities/src/SecCFError.h | 71 + OSX/utilities/src/SecCFRelease.h | 24 +- OSX/utilities/src/SecCFWrappers.c | 1 - OSX/utilities/src/SecCFWrappers.h | 90 +- OSX/utilities/src/SecDb.c | 210 +- OSX/utilities/src/SecDb.h | 8 +- OSX/utilities/src/SecFileLocations.c | 33 +- OSX/utilities/src/SecFileLocations.h | 5 +- OSX/utilities/src/SecInternalRelease.c | 45 +- OSX/utilities/src/SecInternalReleasePriv.h | 3 +- OSX/utilities/src/comparison.c | 35 - OSX/utilities/src/comparison.h | 38 - OSX/utilities/src/debugging.c | 19 +- OSX/utilities/src/debugging.h | 25 +- OSX/utilities/src/der_boolean.c | 2 +- OSX/utilities/src/der_data.c | 4 +- OSX/utilities/src/der_date.c | 2 +- OSX/utilities/src/der_number.c | 6 +- OSX/utilities/src/der_string.c | 2 +- OSX/utilities/src/fileIo.c | 6 +- OSX/utilities/utilities.xcodeproj/.gitignore | 2 - .../utilities.xcodeproj/project.pbxproj | 650 - OTAPKIAssetTool/OTAServiceApp.m | 40 +- RegressionTests/Security.plist | 4 +- .../secitemfunctionality.m | 156 +- SOSCCAuthPlugin/SOSCCAuthPlugin.m | 22 +- SecureObjectSync.exp | 1 - Security.exp-in | 1498 +- Security.xcodeproj/project.pbxproj | 40475 +++++++++++++--- .../xcschemes/ios - Debug.xcscheme | 18 +- .../xcschemes/ios - Release.xcscheme | 12 +- .../xcschemes/ios - secdtests.xcscheme | 14 +- .../xcschemes/osx - World.xcscheme | 28 +- .../xcschemes/osx - secdtests.xcscheme | 63 +- .../xcschemes/osx - sectests.xcscheme | 39 +- Security/sec/securityd/SecItemSchema.c | 299 - SecurityFeatures/CopyHeaders.sh | 13 - SecurityFeatures/ExternalProject.sh | 14 - SecurityFeatures/README.txt | 18 - SecurityTests/CreateCerts.sh | 86 - SecurityTests/NOTE.txt | 4 + SecurityTests/PKITS.pdf | Bin 1267741 -> 5027216 bytes SecurityTests/PostSecurityTests.sh | 17 - SecurityTests/PreSecurityTests.sh | 59 - SecurityTests/StartTLSServers.sh | 73 - SecurityTests/StopTLSServers.sh | 14 - SecurityTests/clxutils/ChangeLog | 40 - SecurityTests/clxutils/Makefile | 92 - SecurityTests/clxutils/Makefile.cdsa | 165 - SecurityTests/clxutils/Makefile.lib | 113 - .../clxutils/NISCC/TLS_SSL/CoveringLetter.pdf | 3314 -- SecurityTests/clxutils/NISCC/TLS_SSL/Makefile | 39 - .../clxutils/NISCC/TLS_SSL/README.txt | 214 - .../clxutils/NISCC/TLS_SSL/SSL_TLS.pdf | Bin 110436 -> 0 bytes .../NISCC/TLS_SSL/certDecode/Makefile | 44 - .../NISCC/TLS_SSL/certDecode/certDecode.cpp | 163 - .../clxutils/NISCC/TLS_SSL/dmitchNotes | 121 - .../NISCC/TLS_SSL/nisccCertVerify/Makefile | 44 - .../nisccCertVerify/nisccCertVerify.cpp | 194 - .../NISCC/TLS_SSL/nisccSimpleClient/Makefile | 182 - .../nisccSimpleClient/nisccSimpleClient.cpp | 177 - .../clxutils/NISCC/TLS_SSL/nisccSslTest | 43 - .../NISCC/TLS_SSL/skipThisNisccCert/Makefile | 44 - .../skipThisNisccCert/skipThisNisccCert.cpp | 104 - .../NISCC/TLS_SSL/testcases/client.crt | Bin 509 -> 0 bytes .../NISCC/TLS_SSL/testcases/client_crt.pem | 13 - .../NISCC/TLS_SSL/testcases/client_key.der | Bin 609 -> 0 bytes .../NISCC/TLS_SSL/testcases/client_key.pem | 15 - .../NISCC/TLS_SSL/testcases/readme.txt | 46 - .../NISCC/TLS_SSL/testcases/rootca.crt | Bin 525 -> 0 bytes .../NISCC/TLS_SSL/testcases/rootca_crt.pem | 13 - .../NISCC/TLS_SSL/testcases/rootca_key.pem | 15 - .../NISCC/TLS_SSL/testcases/server.crt | Bin 509 -> 0 bytes .../NISCC/TLS_SSL/testcases/server_crt.pem | 13 - .../NISCC/TLS_SSL/testcases/server_key.pem | 15 - SecurityTests/clxutils/README | 253 - SecurityTests/clxutils/anchorTest/Makefile | 59 - .../clxutils/anchorTest/anchorSourceTest | 75 - .../clxutils/anchorTest/anchorTest.cpp | 1125 - .../clxutils/anchorTest/buildCertKeychains | 56 - .../clxutils/anchorTest/intermedSourceTest | 84 - .../clxutils/anchorTest/intermedTest | 128 - SecurityTests/clxutils/caVerify/Makefile | 55 - SecurityTests/clxutils/caVerify/caVerify.cpp | 648 - SecurityTests/clxutils/certChain/Makefile | 53 - SecurityTests/clxutils/certChain/README | 39 - .../clxutils/certChain/amazon_v3.100.cer | Bin 945 -> 0 bytes .../clxutils/certChain/certChain.cpp | 234 - .../clxutils/certChain/keybank_v3.100.cer | Bin 1039 -> 0 bytes .../clxutils/certChain/keybank_v3.101.cer | Bin 906 -> 0 bytes SecurityTests/clxutils/certInCrl/Makefile | 54 - .../clxutils/certInCrl/certInCrl.cpp | 90 - SecurityTests/clxutils/certLabelTest/Makefile | 48 - .../clxutils/certLabelTest/certLabelTest.cpp | 426 - .../clxutils/certSerialEncodeTest/Makefile | 54 - .../certSerialEncodeTest.cpp | 358 - SecurityTests/clxutils/certTime/Makefile | 54 - SecurityTests/clxutils/certTime/anchor_0 | Bin 510 -> 0 bytes SecurityTests/clxutils/certTime/anchor_34 | Bin 1111 -> 0 bytes SecurityTests/clxutils/certTime/anchor_44 | Bin 1130 -> 0 bytes SecurityTests/clxutils/certTime/anchor_76 | Bin 1492 -> 0 bytes SecurityTests/clxutils/certTime/anchor_80 | Bin 890 -> 0 bytes SecurityTests/clxutils/certTime/anchor_9 | Bin 1053 -> 0 bytes SecurityTests/clxutils/certTime/certTime.cpp | 618 - .../clxutils/certTime/extenCooker.cpp | 811 - SecurityTests/clxutils/certTime/extenCooker.h | 162 - SecurityTests/clxutils/certTime/runTime | 23 - SecurityTests/clxutils/certcrl/Makefile | 59 - SecurityTests/clxutils/certcrl/README.doc | Bin 50688 -> 0 bytes SecurityTests/clxutils/certcrl/certcrl.cpp | 443 - SecurityTests/clxutils/certcrl/script.cpp | 923 - SecurityTests/clxutils/certcrl/script.h | 51 - .../testSubjects/AppleCerts/AppleCerts.scr | 34 - .../AppleCerts/AppleDevelopment.pem | 30 - .../AppleCerts/AppleQuickTime.pem | 94 - .../testSubjects/AppleCerts/AppleROOTCA.pem | 28 - .../testSubjects/AppleCerts/AppleSWUPDATE.pem | 24 - .../AppleCerts/AppleSecUpdate.pem | 95 - .../testSubjects/AppleCerts/AppleSherlock.pem | 94 - .../AppleCerts/AppleSignUpdate.pem | 95 - .../AppleCerts/AppleSoftUpdate.pem | 30 - .../AppleCodeSigning/AppleCodeSigning.scr | 83 - .../AppleCodeSigning/CodeSignTest.keychain | Bin 88764 -> 0 bytes .../testSubjects/AppleCodeSigning/csCA.cer | Bin 546 -> 0 bytes .../AppleCodeSigning/csCaBadEKU.cer | Bin 559 -> 0 bytes .../AppleCodeSigning/csCaBadPLC.cer | Bin 567 -> 0 bytes .../AppleCodeSigning/csCaNoBC.cer | Bin 545 -> 0 bytes .../AppleCodeSigning/csCaNoEKU.cer | Bin 541 -> 0 bytes .../AppleCodeSigning/csCaNoPLC.cer | Bin 563 -> 0 bytes .../AppleCodeSigning/csDevLeaf.cer | Bin 556 -> 0 bytes .../testSubjects/AppleCodeSigning/csLeaf.cer | Bin 543 -> 0 bytes .../AppleCodeSigning/csLeafBadEKU.cer | Bin 546 -> 0 bytes .../AppleCodeSigning/csLeafBadEKUinInt.cer | Bin 579 -> 0 bytes .../AppleCodeSigning/csLeafBadPLCinInt.cer | Bin 579 -> 0 bytes .../AppleCodeSigning/csLeafNoBcInInt.cer | Bin 575 -> 0 bytes .../AppleCodeSigning/csLeafNoEKU.cer | Bin 528 -> 0 bytes .../AppleCodeSigning/csLeafNoEKUinInt.cer | Bin 577 -> 0 bytes .../AppleCodeSigning/csLeafNoPLCinInt.cer | Bin 577 -> 0 bytes .../AppleCodeSigning/csLeafShortPath.cer | Bin 540 -> 0 bytes .../testSubjects/AppleCodeSigning/csRoot.cer | Bin 523 -> 0 bytes .../CodePkgSigning/BadCodeSignLeaf.cer | Bin 550 -> 0 bytes .../CodePkgSigning/CodePkgSigning.scr | 54 - .../CodePkgSigning/CodeSignLeaf.cer | Bin 545 -> 0 bytes .../CodePkgSigning/CodeSignRoot.cer | Bin 523 -> 0 bytes .../testSubjects/CodePkgSigning/NoEKULeaf.cer | Bin 522 -> 0 bytes .../testSubjects/GarthCRL/.gdb_history | 18 - .../GarthCRL/CNTMTT68S21G224G.cer | Bin 1602 -> 0 bytes .../GarthCRL/InfoCamereFirmaQualificata.cer | Bin 1351 -> 0 bytes .../testSubjects/GarthCRL/InfoCamereRoot.cer | Bin 1364 -> 0 bytes .../certcrl/testSubjects/GarthCRL/crl.scr | 20 - .../certcrl/testSubjects/GarthCRL/fetched.crl | Bin 259495 -> 0 bytes .../certcrl/testSubjects/NSS_ECC/ECCCA.cer | Bin 386 -> 0 bytes .../certcrl/testSubjects/NSS_ECC/ECCp192.cer | Bin 382 -> 0 bytes .../certcrl/testSubjects/NSS_ECC/ECCp224.cer | Bin 388 -> 0 bytes .../certcrl/testSubjects/NSS_ECC/ECCp256.cer | Bin 398 -> 0 bytes .../certcrl/testSubjects/NSS_ECC/ECCp384.cer | Bin 427 -> 0 bytes .../certcrl/testSubjects/NSS_ECC/ECCp521.cer | Bin 465 -> 0 bytes .../NSS_ECC/End_P256_Specified_SHA1.cer | Bin 574 -> 0 bytes .../NSS_ECC/End_P256_Specified_SHA256.cer | Bin 589 -> 0 bytes .../NSS_ECC/End_P256_combined_SHA256.cer | Bin 557 -> 0 bytes .../NSS_ECC/End_P256_combined_SHA512.cer | Bin 557 -> 0 bytes .../NSS_ECC/End_P384_Specified_SHA256.cer | Bin 668 -> 0 bytes .../NSS_ECC/End_P384_Specified_SHA384.cer | Bin 669 -> 0 bytes .../NSS_ECC/End_P384_combined_SHA1.cer | Bin 628 -> 0 bytes .../NSS_ECC/End_P384_combined_SHA256.cer | Bin 636 -> 0 bytes .../NSS_ECC/End_P521_Specified_SHA1.cer | Bin 749 -> 0 bytes .../NSS_ECC/End_P521_combined_SHA1.cer | Bin 725 -> 0 bytes .../NSS_ECC/End_P521_combined_SHA512.cer | Bin 733 -> 0 bytes .../certcrl/testSubjects/NSS_ECC/RootP256.cer | Bin 539 -> 0 bytes .../certcrl/testSubjects/NSS_ECC/msEcc.scr | 83 - .../certcrl/testSubjects/NSS_ECC/nssecc.scr | 41 - .../testSubjects/NSS_ECC/opensslEcc.scr | 46 - .../testSubjects/NSS_ECC/secp256r1ca.cer | Bin 825 -> 0 bytes .../NSS_ECC/secp256r1server-secp256r1ca.cer | Bin 578 -> 0 bytes .../testSubjects/NSS_ECC/secp384r1ca.cer | Bin 887 -> 0 bytes .../NSS_ECC/secp384r1server-secp384r1ca.cer | Bin 640 -> 0 bytes .../testSubjects/NSS_ECC/secp521r1ca.cer | Bin 962 -> 0 bytes .../NSS_ECC/secp521r1server-secp521r1ca.cer | Bin 714 -> 0 bytes .../X509tests/Certificate Path.pdf | Bin 729713 -> 0 bytes .../testSubjects/X509tests/makeCertScr | 22 - .../certcrl/testSubjects/X509tests/runCertScr | 11 - .../test1/End Certificate CP.01.01.crt | Bin 650 -> 0 bytes .../X509tests/test1/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test1/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test10/End Certificate CP.03.02.crt | Bin 650 -> 0 bytes .../test10/Intermediate CRL CP.03.02.crl | Bin 335 -> 0 bytes .../Intermediate Certificate CP.03.02.crt | Bin 665 -> 0 bytes .../test10/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test10/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test11/End Certificate CP.03.03.crt | Bin 650 -> 0 bytes .../test11/Intermediate CRL CP.03.03.crl | Bin 335 -> 0 bytes .../Intermediate Certificate CP.03.03.crt | Bin 665 -> 0 bytes .../test11/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test11/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test12/End Certificate CP.03.04.crt | Bin 652 -> 0 bytes .../test12/Intermediate CRL CP.03.04.crl | Bin 335 -> 0 bytes .../Intermediate Certificate CP.03.04.crt | Bin 665 -> 0 bytes .../test12/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test12/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test13/End Certificate CP.04.01.crt | Bin 650 -> 0 bytes .../test13/Intermediate CRL CP.04.01.crl | Bin 335 -> 0 bytes .../Intermediate Certificate CP.04.01.crt | Bin 665 -> 0 bytes .../test13/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test13/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test14/End Certificate CP.04.02.crt | Bin 650 -> 0 bytes .../test14/Intermediate CRL CP.04.02.crl | Bin 335 -> 0 bytes .../Intermediate Certificate CP.04.02.crt | Bin 665 -> 0 bytes .../test14/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test14/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test15/End Certificate CP.04.03.crt | Bin 654 -> 0 bytes .../test15/Intermediate CRL CP.04.03.crl | Bin 341 -> 0 bytes .../Intermediate Certificate CP.04.03.crt | Bin 671 -> 0 bytes .../test15/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test15/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test16/End Certificate CP.04.04.crt | Bin 657 -> 0 bytes .../test16/Intermediate CRL CP.04.04.crl | Bin 337 -> 0 bytes .../Intermediate Certificate CP.04.04.crt | Bin 667 -> 0 bytes .../test16/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test16/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test17/End Certificate CP.04.05.crt | Bin 652 -> 0 bytes .../test17/Intermediate CRL CP.04.05.crl | Bin 337 -> 0 bytes .../Intermediate Certificate CP.04.05.crt | Bin 667 -> 0 bytes .../test17/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test17/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test18/End Certificate CP.04.06.crt | Bin 650 -> 0 bytes .../test18/Intermediate CRL CP.04.06.crl | Bin 335 -> 0 bytes .../Intermediate Certificate CP.04.06.crt | Bin 665 -> 0 bytes .../test18/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test18/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test19/End Certificate CP.05.01.crt | Bin 650 -> 0 bytes .../Intermediate Certificate CP.05.01.crt | Bin 665 -> 0 bytes .../test19/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test19/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test2/End Certificate CP.01.02.crt | Bin 650 -> 0 bytes .../test2/Intermediate CRL CP.01.02.crl | Bin 335 -> 0 bytes .../Intermediate Certificate CP.01.02.crt | Bin 665 -> 0 bytes .../X509tests/test2/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test2/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test20/End Certificate CP.06.01.crt | Bin 650 -> 0 bytes .../test20/Intermediate CRL CP.06.01.crl | Bin 335 -> 0 bytes .../Intermediate Certificate CP.06.01.crt | Bin 665 -> 0 bytes .../test20/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test20/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test21/End Certificate CP.06.02.crt | Bin 650 -> 0 bytes .../test21/Intermediate CRL CP.06.02.crl | Bin 371 -> 0 bytes .../Intermediate Certificate CP.06.02.crt | Bin 665 -> 0 bytes .../test21/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test21/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test22/End Certificate IC.01.01.crt | Bin 650 -> 0 bytes .../test22/Intermediate CRL IC.01.01.crl | Bin 335 -> 0 bytes .../Intermediate Certificate IC.01.01.crt | Bin 648 -> 0 bytes .../test22/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test22/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test23/End Certificate IC.02.01.crt | Bin 650 -> 0 bytes .../test23/Intermediate CRL IC.02.01.crl | Bin 335 -> 0 bytes .../Intermediate Certificate IC.02.01.crt | Bin 662 -> 0 bytes .../test23/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test23/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test24/End Certificate IC.02.02.crt | Bin 650 -> 0 bytes .../test24/Intermediate CRL IC.02.02.crl | Bin 335 -> 0 bytes .../Intermediate Certificate IC.02.02.crt | Bin 665 -> 0 bytes .../test24/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test24/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test25/End Certificate IC.02.03.crt | Bin 650 -> 0 bytes .../test25/Intermediate CRL IC.02.03.crl | Bin 335 -> 0 bytes .../Intermediate Certificate IC.02.03.crt | Bin 659 -> 0 bytes .../test25/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test25/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test26/End Certificate IC.02.04.crt | Bin 650 -> 0 bytes .../test26/Intermediate CRL IC.02.04.crl | Bin 335 -> 0 bytes .../Intermediate Certificate IC.02.04.crt | Bin 662 -> 0 bytes .../test26/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test26/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test27/End Certificate IC.04.01.crt | Bin 650 -> 0 bytes .../test27/Intermediate CRL IC.04.01.crl | Bin 335 -> 0 bytes .../Intermediate Certificate IC.04.01.crt | Bin 659 -> 0 bytes .../test27/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test27/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test28/End Certificate IC.05.01.crt | Bin 650 -> 0 bytes .../test28/Intermediate CRL IC.05.01.crl | Bin 335 -> 0 bytes .../Intermediate Certificate IC.05.01.crt | Bin 665 -> 0 bytes .../test28/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test28/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test29/End Certificate IC.05.02.crt | Bin 650 -> 0 bytes .../test29/Intermediate CRL IC.05.02.crl | Bin 335 -> 0 bytes .../Intermediate Certificate IC.05.02.crt | Bin 662 -> 0 bytes .../test29/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test29/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test3/End Certificate CP.01.03.crt | Bin 650 -> 0 bytes .../test3/Intermediate CRL CP.01.03.crl | Bin 335 -> 0 bytes .../Intermediate Certificate CP.01.03.crt | Bin 665 -> 0 bytes .../X509tests/test3/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test3/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test30/End Certificate IC.05.03.crt | Bin 650 -> 0 bytes .../test30/Intermediate CRL IC.05.03.crl | Bin 335 -> 0 bytes .../Intermediate Certificate IC.05.03.crt | Bin 662 -> 0 bytes .../test30/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test30/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test31/End Certificate IC.06.01.crt | Bin 650 -> 0 bytes .../test31/Intermediate CRL IC.06.01.crl | Bin 335 -> 0 bytes .../Intermediate Certificate IC.06.01.crt | Bin 665 -> 0 bytes .../test31/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test31/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test32/End Certificate IC.06.02.crt | Bin 650 -> 0 bytes .../test32/Intermediate CRL IC.06.02.crl | Bin 335 -> 0 bytes .../Intermediate Certificate IC.06.02.crt | Bin 662 -> 0 bytes .../test32/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test32/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test33/End Certificate IC.06.03.crt | Bin 650 -> 0 bytes .../test33/Intermediate CRL IC.06.03.crl | Bin 335 -> 0 bytes .../Intermediate Certificate IC.06.03.crt | Bin 662 -> 0 bytes .../test33/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test33/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test34/End Certificate PP.01.01.crt | Bin 650 -> 0 bytes .../test34/Intermediate CRL PP.01.01.crl | Bin 335 -> 0 bytes .../Intermediate Certificate PP.01.01.crt | Bin 665 -> 0 bytes .../test34/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test34/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test35/End Certificate PP.01.02.crt | Bin 626 -> 0 bytes .../test35/Intermediate CRL PP.01.02.crl | Bin 335 -> 0 bytes .../Intermediate Certificate PP.01.02.crt | Bin 641 -> 0 bytes .../test35/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test35/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test36/End Certificate PP.01.03.crt | Bin 650 -> 0 bytes .../test36/Intermediate CRL 1 PP.01.03.crl | Bin 335 -> 0 bytes .../test36/Intermediate CRL 2 PP.01.03.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 PP.01.03.crt | Bin 665 -> 0 bytes .../Intermediate Certificate 2 PP.01.03.crt | Bin 665 -> 0 bytes .../test36/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test36/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test37/End Certificate PP.01.04.crt | Bin 650 -> 0 bytes .../test37/Intermediate CRL 1 PP.01.04.crl | Bin 335 -> 0 bytes .../test37/Intermediate CRL 2 PP.01.04.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 PP.01.04.crt | Bin 665 -> 0 bytes .../Intermediate Certificate 2 PP.01.04.crt | Bin 665 -> 0 bytes .../test37/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test37/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test38/End Certificate PP.01.05.crt | Bin 650 -> 0 bytes .../test38/Intermediate CRL 1 PP.01.05.crl | Bin 335 -> 0 bytes .../test38/Intermediate CRL 2 PP.01.05.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 PP.01.05.crt | Bin 665 -> 0 bytes .../Intermediate Certificate 2 PP.01.05.crt | Bin 665 -> 0 bytes .../test38/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test38/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test39/End Certificate PP.01.06.crt | Bin 665 -> 0 bytes .../test39/Intermediate CRL 1 PP.01.06.crl | Bin 335 -> 0 bytes .../test39/Intermediate CRL 2 PP.01.06.crl | Bin 335 -> 0 bytes .../test39/Intermediate CRL 3 PP.01.06.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 PP.01.06.crt | Bin 706 -> 0 bytes .../Intermediate Certificate 2 PP.01.06.crt | Bin 691 -> 0 bytes .../Intermediate Certificate 3 PP.01.06.crt | Bin 678 -> 0 bytes .../test39/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test39/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test4/End Certificate CP.02.01.crt | Bin 650 -> 0 bytes .../test4/Intermediate CRL 1 CP.02.01.crl | Bin 335 -> 0 bytes .../test4/Intermediate CRL 2 CP.02.01.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 CP.02.01.crt | Bin 665 -> 0 bytes .../Intermediate Certificate 2 CP.02.01.crt | Bin 665 -> 0 bytes .../X509tests/test4/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test4/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test40/End Certificate PP.01.07.crt | Bin 665 -> 0 bytes .../test40/Intermediate CRL 1 PP.01.07.crl | Bin 335 -> 0 bytes .../test40/Intermediate CRL 2 PP.01.07.crl | Bin 335 -> 0 bytes .../test40/Intermediate CRL 3 PP.01.07.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 PP.01.07.crt | Bin 691 -> 0 bytes .../Intermediate Certificate 2 PP.01.07.crt | Bin 678 -> 0 bytes .../Intermediate Certificate 3 PP.01.07.crt | Bin 665 -> 0 bytes .../test40/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test40/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test41/End Certificate PP.01.08.crt | Bin 665 -> 0 bytes .../test41/Intermediate CRL 1 PP.01.08.crl | Bin 335 -> 0 bytes .../test41/Intermediate CRL 2 PP.01.08.crl | Bin 335 -> 0 bytes .../test41/Intermediate CRL 3 PP.01.08.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 PP.01.08.crt | Bin 678 -> 0 bytes .../Intermediate Certificate 2 PP.01.08.crt | Bin 665 -> 0 bytes .../Intermediate Certificate 3 PP.01.08.crt | Bin 665 -> 0 bytes .../test41/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test41/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test42/End Certificate PP.01.09.crt | Bin 650 -> 0 bytes .../test42/Intermediate CRL 1 PP.01.09.crl | Bin 335 -> 0 bytes .../test42/Intermediate CRL 2 PP.01.09.crl | Bin 335 -> 0 bytes .../test42/Intermediate CRL 3 PP.01.09.crl | Bin 335 -> 0 bytes .../test42/Intermediate CRL 4 PP.01.09.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 PP.01.09.crt | Bin 691 -> 0 bytes .../Intermediate Certificate 2 PP.01.09.crt | Bin 678 -> 0 bytes .../Intermediate Certificate 3 PP.01.09.crt | Bin 665 -> 0 bytes .../Intermediate Certificate 4 PP.01.09.crt | Bin 665 -> 0 bytes .../test42/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test42/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test43/End Certificate PP.06.01.crt | Bin 626 -> 0 bytes .../test43/Intermediate CRL 1 PP.06.01.crl | Bin 335 -> 0 bytes .../test43/Intermediate CRL 2 PP.06.01.crl | Bin 335 -> 0 bytes .../test43/Intermediate CRL 3 PP.06.01.crl | Bin 335 -> 0 bytes .../test43/Intermediate CRL 4 PP.06.01.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 PP.06.01.crt | Bin 679 -> 0 bytes .../Intermediate Certificate 2 PP.06.01.crt | Bin 665 -> 0 bytes .../Intermediate Certificate 3 PP.06.01.crt | Bin 665 -> 0 bytes .../Intermediate Certificate 4 PP.06.01.crt | Bin 665 -> 0 bytes .../test43/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test43/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test44/End Certificate PP.06.02.crt | Bin 626 -> 0 bytes .../test44/Intermediate CRL 1 PP.06.02.crl | Bin 335 -> 0 bytes .../test44/Intermediate CRL 2 PP.06.02.crl | Bin 335 -> 0 bytes .../test44/Intermediate CRL 3 PP.06.02.crl | Bin 335 -> 0 bytes .../test44/Intermediate CRL 4 PP.06.02.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 PP.06.02.crt | Bin 679 -> 0 bytes .../Intermediate Certificate 2 PP.06.02.crt | Bin 665 -> 0 bytes .../Intermediate Certificate 3 PP.06.02.crt | Bin 665 -> 0 bytes .../Intermediate Certificate 4 PP.06.02.crt | Bin 665 -> 0 bytes .../test44/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test44/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test45/End Certificate PP.06.03.crt | Bin 626 -> 0 bytes .../test45/Intermediate CRL 1 PP.06.03.crl | Bin 335 -> 0 bytes .../test45/Intermediate CRL 2 PP.06.03.crl | Bin 335 -> 0 bytes .../test45/Intermediate CRL 3 PP.06.03.crl | Bin 335 -> 0 bytes .../test45/Intermediate CRL 4 PP.06.03.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 PP.06.03.crt | Bin 679 -> 0 bytes .../Intermediate Certificate 2 PP.06.03.crt | Bin 665 -> 0 bytes .../Intermediate Certificate 3 PP.06.03.crt | Bin 665 -> 0 bytes .../Intermediate Certificate 4 PP.06.03.crt | Bin 665 -> 0 bytes .../test45/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test45/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test46/End Certificate PP.06.04.crt | Bin 650 -> 0 bytes .../test46/Intermediate CRL 1 PP.06.04.crl | Bin 335 -> 0 bytes .../test46/Intermediate CRL 2 PP.06.04.crl | Bin 335 -> 0 bytes .../test46/Intermediate CRL 3 PP.06.04.crl | Bin 335 -> 0 bytes .../test46/Intermediate CRL 4 PP.06.04.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 PP.06.04.crt | Bin 679 -> 0 bytes .../Intermediate Certificate 2 PP.06.04.crt | Bin 665 -> 0 bytes .../Intermediate Certificate 3 PP.06.04.crt | Bin 665 -> 0 bytes .../Intermediate Certificate 4 PP.06.04.crt | Bin 665 -> 0 bytes .../test46/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test46/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test47/End Certificate PP.06.05.crt | Bin 626 -> 0 bytes .../test47/Intermediate CRL 1 PP.06.05.crl | Bin 335 -> 0 bytes .../test47/Intermediate CRL 2 PP.06.05.crl | Bin 335 -> 0 bytes .../test47/Intermediate CRL 3 PP.06.05.crl | Bin 335 -> 0 bytes .../test47/Intermediate CRL 4 PP.06.05.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 PP.06.05.crt | Bin 679 -> 0 bytes .../Intermediate Certificate 2 PP.06.05.crt | Bin 679 -> 0 bytes .../Intermediate Certificate 3 PP.06.05.crt | Bin 679 -> 0 bytes .../Intermediate Certificate 4 PP.06.05.crt | Bin 665 -> 0 bytes .../test47/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test47/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test48/End Certificate PP.08.01.crt | Bin 650 -> 0 bytes .../test48/Intermediate CRL PP.08.01.crl | Bin 335 -> 0 bytes .../Intermediate Certificate PP.08.01.crt | Bin 665 -> 0 bytes .../test48/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test48/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test49/End Certificate PP.08.02.crt | Bin 663 -> 0 bytes .../test49/Intermediate CRL PP.08.02.crl | Bin 335 -> 0 bytes .../Intermediate Certificate PP.08.02.crt | Bin 678 -> 0 bytes .../test49/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test49/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test5/End Certificate CP.02.02.crt | Bin 650 -> 0 bytes .../test5/Intermediate CRL CP.02.02.crl | Bin 335 -> 0 bytes .../Intermediate Certificate CP.02.02.crt | Bin 665 -> 0 bytes .../X509tests/test5/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test5/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test50/End Certificate PP.08.03.crt | Bin 645 -> 0 bytes .../test50/Intermediate CRL PP.08.03.crl | Bin 335 -> 0 bytes .../Intermediate Certificate PP.08.03.crt | Bin 660 -> 0 bytes .../test50/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test50/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test51/End Certificate PP.08.04.crt | Bin 651 -> 0 bytes .../test51/Intermediate CRL PP.08.04.crl | Bin 335 -> 0 bytes .../Intermediate Certificate PP.08.04.crt | Bin 666 -> 0 bytes .../test51/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test51/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test52/End Certificate PP.08.05.crt | Bin 651 -> 0 bytes .../test52/Intermediate CRL PP.08.05.crl | Bin 335 -> 0 bytes .../Intermediate Certificate PP.08.05.crt | Bin 666 -> 0 bytes .../test52/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test52/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test53/End Certificate PP.08.06.crt | Bin 677 -> 0 bytes .../test53/Intermediate CRL PP.08.06.crl | Bin 335 -> 0 bytes .../Intermediate Certificate PP.08.06.crt | Bin 692 -> 0 bytes .../test53/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test53/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test54/End Certificate PL.01.01.crt | Bin 651 -> 0 bytes .../test54/Intermediate CRL 1 PL.01.01.crl | Bin 335 -> 0 bytes .../test54/Intermediate CRL 2 PL.01.01.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 PL.01.01.crt | Bin 669 -> 0 bytes .../Intermediate Certificate 2 PL.01.01.crt | Bin 666 -> 0 bytes .../test54/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test54/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test55/End Certificate PL.01.02.crt | Bin 666 -> 0 bytes .../test55/Intermediate CRL 1 PL.01.02.crl | Bin 335 -> 0 bytes .../test55/Intermediate CRL 2 PL.01.02.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 PL.01.02.crt | Bin 669 -> 0 bytes .../Intermediate Certificate 2 PL.01.02.crt | Bin 666 -> 0 bytes .../test55/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test55/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test56/End Certificate PL.01.03.crt | Bin 651 -> 0 bytes .../test56/Intermediate CRL PL.01.03.crl | Bin 335 -> 0 bytes .../Intermediate Certificate PL.01.03.crt | Bin 669 -> 0 bytes .../test56/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test56/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test57/End Certificate PL.01.04.crt | Bin 666 -> 0 bytes .../test57/Intermediate CRL PL.01.04.crl | Bin 335 -> 0 bytes .../Intermediate Certificate PL.01.04.crt | Bin 669 -> 0 bytes .../test57/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test57/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test58/End Certificate PL.01.05.crt | Bin 651 -> 0 bytes .../test58/Intermediate CRL 1 PL.01.05.crl | Bin 335 -> 0 bytes .../test58/Intermediate CRL 2 PL.01.05.crl | Bin 335 -> 0 bytes .../test58/Intermediate CRL 3 PL.01.05.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 PL.01.05.crt | Bin 669 -> 0 bytes .../Intermediate Certificate 2 PL.01.05.crt | Bin 669 -> 0 bytes .../Intermediate Certificate 3 PL.01.05.crt | Bin 669 -> 0 bytes .../test58/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test58/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test59/End Certificate PL.01.06.crt | Bin 666 -> 0 bytes .../test59/Intermediate CRL 1 PL.01.06.crl | Bin 335 -> 0 bytes .../test59/Intermediate CRL 2 PL.01.06.crl | Bin 335 -> 0 bytes .../test59/Intermediate CRL 3 PL.01.06.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 PL.01.06.crt | Bin 669 -> 0 bytes .../Intermediate Certificate 2 PL.01.06.crt | Bin 669 -> 0 bytes .../Intermediate Certificate 3 PL.01.06.crt | Bin 669 -> 0 bytes .../test59/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test59/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test6/End Certificate CP.02.03.crt | Bin 650 -> 0 bytes .../test6/Intermediate CRL CP.02.03.crl | Bin 335 -> 0 bytes .../Intermediate Certificate CP.02.03.crt | Bin 665 -> 0 bytes .../X509tests/test6/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test6/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test60/End Certificate PL.01.07.crt | Bin 651 -> 0 bytes .../test60/Intermediate CRL 1 PL.01.07.crl | Bin 335 -> 0 bytes .../test60/Intermediate CRL 2 PL.01.07.crl | Bin 335 -> 0 bytes .../test60/Intermediate CRL 3 PL.01.07.crl | Bin 335 -> 0 bytes .../test60/Intermediate CRL 4 PL.01.07.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 PL.01.07.crt | Bin 669 -> 0 bytes .../Intermediate Certificate 2 PL.01.07.crt | Bin 669 -> 0 bytes .../Intermediate Certificate 3 PL.01.07.crt | Bin 669 -> 0 bytes .../Intermediate Certificate 4 PL.01.07.crt | Bin 666 -> 0 bytes .../test60/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test60/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test61/End Certificate PL.01.08.crt | Bin 666 -> 0 bytes .../test61/Intermediate CRL 1 PL.01.08.crl | Bin 335 -> 0 bytes .../test61/Intermediate CRL 2 PL.01.08.crl | Bin 335 -> 0 bytes .../test61/Intermediate CRL 3 PL.01.08.crl | Bin 335 -> 0 bytes .../test61/Intermediate CRL 4 PL.01.08.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 PL.01.08.crt | Bin 669 -> 0 bytes .../Intermediate Certificate 2 PL.01.08.crt | Bin 669 -> 0 bytes .../Intermediate Certificate 3 PL.01.08.crt | Bin 669 -> 0 bytes .../Intermediate Certificate 4 PL.01.08.crt | Bin 666 -> 0 bytes .../test61/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test61/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test62/End Certificate PL.01.09.crt | Bin 651 -> 0 bytes .../test62/Intermediate CRL 1 PL.01.09.crl | Bin 335 -> 0 bytes .../test62/Intermediate CRL 2 PL.01.09.crl | Bin 335 -> 0 bytes .../test62/Intermediate CRL 3 PL.01.09.crl | Bin 335 -> 0 bytes .../test62/Intermediate CRL 4 PL.01.09.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 PL.01.09.crt | Bin 669 -> 0 bytes .../Intermediate Certificate 2 PL.01.09.crt | Bin 669 -> 0 bytes .../Intermediate Certificate 3 PL.01.09.crt | Bin 669 -> 0 bytes .../Intermediate Certificate 4 PL.01.09.crt | Bin 666 -> 0 bytes .../test62/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test62/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test63/End Certificate PL.01.10.crt | Bin 666 -> 0 bytes .../test63/Intermediate CRL 1 PL.01.10.crl | Bin 335 -> 0 bytes .../test63/Intermediate CRL 2 PL.01.10.crl | Bin 335 -> 0 bytes .../test63/Intermediate CRL 3 PL.01.10.crl | Bin 335 -> 0 bytes .../test63/Intermediate CRL 4 PL.01.10.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 PL.01.10.crt | Bin 669 -> 0 bytes .../Intermediate Certificate 2 PL.01.10.crt | Bin 669 -> 0 bytes .../Intermediate Certificate 3 PL.01.10.crt | Bin 669 -> 0 bytes .../Intermediate Certificate 4 PL.01.10.crt | Bin 666 -> 0 bytes .../test63/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test63/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test64/End Certificate RL.02.01.crt | Bin 651 -> 0 bytes .../test64/Intermediate CRL RL.02.01.crl | Bin 335 -> 0 bytes .../Intermediate Certificate RL.02.01.crt | Bin 666 -> 0 bytes .../test64/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test64/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test65/End Certificate RL.03.01.crt | Bin 651 -> 0 bytes .../test65/Intermediate CRL RL.03.01.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 RL.03.01.crt | Bin 666 -> 0 bytes .../Intermediate Certificate 2 RL.03.01.crt | Bin 666 -> 0 bytes .../test65/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test65/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test66/End Certificate RL.03.02.crt | Bin 651 -> 0 bytes .../test66/Intermediate CRL RL.03.02.crl | Bin 372 -> 0 bytes .../Intermediate Certificate RL.03.02.crt | Bin 666 -> 0 bytes .../test66/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test66/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test67/End Certificate RL.03.03.crt | Bin 651 -> 0 bytes .../test67/Intermediate CRL 1 RL.03.03.crl | Bin 372 -> 0 bytes .../test67/Intermediate CRL 2 RL.03.03.crl | Bin 335 -> 0 bytes .../Intermediate Certificate RL.03.03.crt | Bin 666 -> 0 bytes .../test67/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test67/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test68/End Certificate RL.05.01.crt | Bin 651 -> 0 bytes .../test68/Intermediate CRL 1 RL.05.01.crl | Bin 393 -> 0 bytes .../test68/Intermediate CRL 2 RL.05.01.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 RL.05.01.crt | Bin 666 -> 0 bytes .../Intermediate Certificate 2 RL.05.01.crt | Bin 666 -> 0 bytes .../test68/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test68/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test69/End Certificate RL.05.02.crt | Bin 651 -> 0 bytes .../test69/Intermediate CRL RL.05.02.crl | Bin 393 -> 0 bytes .../Intermediate Certificate RL.05.02.crt | Bin 666 -> 0 bytes .../test69/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test69/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test7/End Certificate CP.02.04.crt | Bin 650 -> 0 bytes .../test7/Intermediate CRL CP.02.04.crl | Bin 335 -> 0 bytes .../Intermediate Certificate CP.02.04.crt | Bin 665 -> 0 bytes .../X509tests/test7/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test7/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test70/End Certificate RL.06.01.crt | Bin 651 -> 0 bytes .../test70/Intermediate CRL 1 RL.06.01.crl | Bin 393 -> 0 bytes .../test70/Intermediate CRL 2 RL.06.01.crl | Bin 335 -> 0 bytes .../Intermediate Certificate 1 RL.06.01.crt | Bin 666 -> 0 bytes .../Intermediate Certificate 2 RL.06.01.crt | Bin 666 -> 0 bytes .../test70/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test70/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test71/End Certificate RL.06.02.crt | Bin 651 -> 0 bytes .../test71/Intermediate CRL RL.06.02.crl | Bin 393 -> 0 bytes .../Intermediate Certificate RL.06.02.crt | Bin 666 -> 0 bytes .../test71/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test71/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test72/End Certificate RL.07.01.crt | Bin 651 -> 0 bytes .../test72/Intermediate CRL RL.07.01.crl | Bin 335 -> 0 bytes .../Intermediate Certificate RL.07.01.crt | Bin 666 -> 0 bytes .../test72/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test72/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test73/End Certificate RL.07.02.crt | Bin 651 -> 0 bytes .../test73/Intermediate CRL RL.07.02.crl | Bin 335 -> 0 bytes .../Intermediate Certificate RL.07.02.crt | Bin 666 -> 0 bytes .../test73/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test73/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test74/End Certificate RL.07.03.crt | Bin 651 -> 0 bytes .../test74/Intermediate CRL RL.07.03.crl | Bin 337 -> 0 bytes .../Intermediate Certificate RL.07.03.crt | Bin 666 -> 0 bytes .../test74/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test74/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test75/End Certificate RL.08.01.crt | Bin 651 -> 0 bytes .../test75/Intermediate CRL RL.08.01.crl | Bin 350 -> 0 bytes .../Intermediate Certificate RL.08.01.crt | Bin 666 -> 0 bytes .../test75/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test75/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test76/End Certificate RL.09.01.crt | Bin 651 -> 0 bytes .../test76/Intermediate CRL RL.09.01.crl | Bin 352 -> 0 bytes .../Intermediate Certificate RL.09.01.crt | Bin 666 -> 0 bytes .../test76/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test76/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test8/End Certificate CP.02.05.crt | Bin 652 -> 0 bytes .../test8/Intermediate CRL CP.02.05.crl | Bin 335 -> 0 bytes .../Intermediate Certificate CP.02.05.crt | Bin 665 -> 0 bytes .../X509tests/test8/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test8/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../test9/End Certificate CP.03.01.crt | Bin 650 -> 0 bytes .../test9/Intermediate CRL CP.03.01.crl | Bin 335 -> 0 bytes .../Intermediate Certificate CP.03.01.crt | Bin 665 -> 0 bytes .../X509tests/test9/Trust Anchor CP.01.01.crt | Bin 624 -> 0 bytes .../test9/Trust Anchor CRL CP.01.01.crl | Bin 371 -> 0 bytes .../testSubjects/X509tests/x509tests.scr | 969 - .../anchorAndDb/amazon_v3.100.cer | Bin 945 -> 0 bytes .../testSubjects/anchorAndDb/anchorAndDb.scr | 83 - .../testSubjects/anchorAndDb/dbWithLeaf.db | Bin 24060 -> 0 bytes .../testSubjects/anchorAndDb/dbWithRoot.db | Bin 23736 -> 0 bytes .../testSubjects/anchorAndDb/root_1.cer | Bin 568 -> 0 bytes .../testSubjects/bmpSslHost/bmpSslHost.scr | 19 - .../testSubjects/bmpSslHost/loopStone.scr | 63 - .../bmpSslHost/stone.tees_v3.100.cer | Bin 894 -> 0 bytes .../bmpSslHost/stone.tees_v3.101.cer | Bin 1051 -> 0 bytes .../bmpSslHost/stone.tees_v3.102.cer | Bin 1011 -> 0 bytes .../testSubjects/crlFromSsl/amazon_v3.100.cer | Bin 1274 -> 0 bytes .../testSubjects/crlFromSsl/amazon_v3.101.cer | Bin 1584 -> 0 bytes .../testSubjects/crlFromSsl/apple_v3.100.cer | Bin 1746 -> 0 bytes .../testSubjects/crlFromSsl/apple_v3.101.cer | Bin 1570 -> 0 bytes .../crlFromSsl/cduniverse_v3.100.cer | Bin 1344 -> 0 bytes .../crlFromSsl/cduniverse_v3.101.cer | Bin 1184 -> 0 bytes .../testSubjects/crlFromSsl/crlssl.scr | 130 - .../crlFromSsl/entrust_v3.100.cer | Bin 1165 -> 0 bytes .../crlFromSsl/entrust_v3.101.cer | Bin 1270 -> 0 bytes .../crlFromSsl/firstamlink_v3.100.cer | Bin 1647 -> 0 bytes .../crlFromSsl/keybank_v3.100.cer | Bin 1278 -> 0 bytes .../crlFromSsl/keybank_v3.101.cer | Bin 1584 -> 0 bytes .../crlFromSsl/keybank_v3.102.cer | Bin 774 -> 0 bytes .../crlFromSsl/netfile.state.co_v3.100.cer | Bin 1462 -> 0 bytes .../crlFromSsl/netfile.state.co_v3.101.cer | Bin 1581 -> 0 bytes .../crlFromSsl/netfile.state.co_v3.102.cer | Bin 1236 -> 0 bytes .../certcrl/testSubjects/crlFromSsl/one.scr | 18 - .../crlFromSsl/proteron_v3.100.cer | Bin 842 -> 0 bytes .../crlFromSsl/puretec_v3.100.cer | Bin 769 -> 0 bytes .../crlFromSsl/secauth_v3.100.cer | Bin 845 -> 0 bytes .../crlFromSsl/secauth_v3.101.cer | Bin 807 -> 0 bytes .../crlFromSsl/verisign_v3.100.cer | Bin 1788 -> 0 bytes .../crlFromSsl/verisign_v3.101.cer | Bin 1570 -> 0 bytes .../crlFromSsl/verisign_v3.102.cer | Bin 1226 -> 0 bytes .../crlFromSsl/wellsfargo_v3.100.cer | Bin 1147 -> 0 bytes .../crlFromSsl/wellsfargo_v3.101.cer | Bin 903 -> 0 bytes .../testSubjects/crlFromSsl/xdss_v3.100.cer | Bin 1222 -> 0 bytes .../testSubjects/crlFromSsl/xdss_v3.101.cer | Bin 903 -> 0 bytes .../certcrl/testSubjects/crlTime/crl.crl | Bin 282 -> 0 bytes .../testSubjects/crlTime/crlTestLeaf.cer | Bin 503 -> 0 bytes .../testSubjects/crlTime/crlTestRoot.cer | Bin 517 -> 0 bytes .../certcrl/testSubjects/crlTime/crlTime.scr | 128 - .../testSubjects/crossSigned/SOA1-SOA2.pem | 30 - .../testSubjects/crossSigned/SOA2-SOA1.pem | 30 - .../testSubjects/crossSigned/crossSigned.scr | 44 - .../testSubjects/crossSigned/crossSigned1.db | Bin 24768 -> 0 bytes .../crossSigned/crossSignedBoth.db | Bin 27292 -> 0 bytes .../testSubjects/distPointName/DEADBEF0.der | Bin 1305 -> 0 bytes .../testSubjects/distPointName/DEADBEF4.der | Bin 1285 -> 0 bytes .../testSubjects/distPointName/DEADBEF5.der | Bin 1356 -> 0 bytes .../testSubjects/distPointName/DEADBEF6.der | Bin 1323 -> 0 bytes .../testSubjects/distPointName/DEADBEF7.der | Bin 1354 -> 0 bytes .../testSubjects/distPointName/cacert.der | Bin 1476 -> 0 bytes .../testSubjects/distPointName/crl1.der | Bin 868 -> 0 bytes .../testSubjects/distPointName/crl2.der | Bin 899 -> 0 bytes .../testSubjects/distPointName/crl3.der | Bin 899 -> 0 bytes .../testSubjects/distPointName/crl4.der | Bin 853 -> 0 bytes .../distPointName/distPointName.scr | 178 - .../certcrl/testSubjects/emptyCert/CA.cer | Bin 523 -> 0 bytes .../testSubjects/emptyCert/emptyCert.cer | 0 .../testSubjects/emptyCert/emptyCert.scr | 51 - .../certcrl/testSubjects/emptyCert/leaf.cer | Bin 523 -> 0 bytes .../certcrl/testSubjects/emptyCert/root.cer | Bin 525 -> 0 bytes .../certcrl/testSubjects/emptySubject/ca.pem | 10 - .../emptySubject/emptySubject.scr | 21 - .../testSubjects/emptySubject/user.pem | 39 - .../testSubjects/expiredAppleCA/.gdb_history | 12 - .../expiredAppleCA/AppleDevRoot.pem | 34 - .../expiredAppleCA/NewDevCAIntermdiate.pem | 108 - .../OriginalDevCAIntermediate.pem | 34 - .../expiredAppleCA/appleDevCAs.keychain | Bin 28012 -> 0 bytes .../expiredAppleCA/dmitchtread.cer | Bin 1483 -> 0 bytes .../testSubjects/expiredAppleCA/expiredCA.scr | 112 - .../testSubjects/expiredAppleCA/one.scr | 35 - .../expiredCerts/bothCAs.keychain | Bin 24188 -> 0 bytes .../testSubjects/expiredCerts/ecExpiredCA.cer | Bin 463 -> 0 bytes .../expiredCerts/ecExpiredLeaf.cer | Bin 463 -> 0 bytes .../expiredCerts/ecExpiredRoot.cer | Bin 465 -> 0 bytes .../testSubjects/expiredCerts/ecGoodCA.cer | Bin 463 -> 0 bytes .../testSubjects/expiredCerts/ecGoodLeaf.cer | Bin 463 -> 0 bytes .../testSubjects/expiredCerts/ecGoodRoot.cer | Bin 465 -> 0 bytes .../expiredCerts/expiredCA.keychain | Bin 23216 -> 0 bytes .../expiredCerts/expiredCerts.scr | 147 - .../expiredCerts/expiredRoot.keychain | Bin 23232 -> 0 bytes .../testSubjects/expiredCerts/goodCA.keychain | Bin 23216 -> 0 bytes .../expiredCerts/goodRoot.keychain | Bin 23232 -> 0 bytes .../certcrl/testSubjects/expiredCerts/one.scr | 25 - .../expiredRoot/applestore_v3.100.cer | Bin 1746 -> 0 bytes .../expiredRoot/applestore_v3.101.cer | Bin 1570 -> 0 bytes .../testSubjects/expiredRoot/expiredRoot.scr | 79 - .../testSubjects/expiredRoot/iproj_v3.102.cer | Bin 565 -> 0 bytes .../certcrl/testSubjects/gipCps/gipCps.scr | 28 - .../certcrl/testSubjects/gipCps/gipCps0.cer | Bin 690 -> 0 bytes .../testSubjects/hostNameDot/hostNameDot.scr | 65 - .../hostNameDot/hostNameDotCommonName.cer | Bin 564 -> 0 bytes .../hostNameDot/hostNameDotCommonNameDot.cer | Bin 562 -> 0 bytes .../hostNameDot/hostNameDotRoot.cer | Bin 503 -> 0 bytes .../hostNameDot/hostNameDotSubjAltName.cer | Bin 571 -> 0 bytes .../hostNameDot/hostNameDotSubjAltNameDot.cer | Bin 569 -> 0 bytes .../testSubjects/implicitAnchor/CA.cer | Bin 523 -> 0 bytes .../implicitAnchor/implicitAnchor.scr | 35 - .../testSubjects/implicitAnchor/leaf.cer | Bin 523 -> 0 bytes .../testSubjects/implicitAnchor/root.cer | Bin 525 -> 0 bytes .../certcrl/testSubjects/ipSec/VPNTrialCA.cer | Bin 1156 -> 0 bytes .../certcrl/testSubjects/ipSec/ipSec.scr | 17 - .../ipSec/vpn-gateway.vpntrial.com.cer | Bin 1452 -> 0 bytes .../certcrl/testSubjects/localTime/badCert_1 | Bin 749 -> 0 bytes .../certcrl/testSubjects/localTime/badCert_2 | Bin 749 -> 0 bytes .../certcrl/testSubjects/localTime/badCert_3 | Bin 805 -> 0 bytes .../certcrl/testSubjects/localTime/badCert_4 | Bin 751 -> 0 bytes .../testSubjects/localTime/localTime.scr | 37 - .../miscPolicies/miscPolicies.scr | 23 - .../miscPolicies/miscPoliciesRoot.cer | Bin 499 -> 0 bytes .../testSubjects/miscPolicies/noEKU.cer | Bin 488 -> 0 bytes .../miscPolicies/resourceSignLeaf.cer | Bin 522 -> 0 bytes .../miscPolicies/rfc3280CodeSigningLeaf.cer | Bin 526 -> 0 bytes .../netFetch/JITC_Class3Mail_CA.crt | Bin 1055 -> 0 bytes .../netFetch/JITC_Class3_root_CA.cer | Bin 637 -> 0 bytes .../testSubjects/netFetch/c3MailCaCrl.db | Bin 45988 -> 0 bytes .../certcrl/testSubjects/netFetch/ghoo.cer | Bin 1134 -> 0 bytes .../certcrl/testSubjects/netFetch/net.scr | 80 - .../ocspFromSsl/amazon_v3.100.cer | Bin 1274 -> 0 bytes .../ocspFromSsl/amazon_v3.101.cer | Bin 1584 -> 0 bytes .../testSubjects/ocspFromSsl/apple_v3.100.cer | Bin 1746 -> 0 bytes .../testSubjects/ocspFromSsl/apple_v3.101.cer | Bin 1570 -> 0 bytes .../ocspFromSsl/cduniverse_v3.100.cer | Bin 1344 -> 0 bytes .../ocspFromSsl/cduniverse_v3.101.cer | Bin 1184 -> 0 bytes .../ocspFromSsl/certum_v3.100.cer | Bin 1562 -> 0 bytes .../ocspFromSsl/certum_v3.101.cer | Bin 1081 -> 0 bytes .../ocspFromSsl/certum_v3.102.cer | Bin 784 -> 0 bytes .../ocspFromSsl/keybank_v3.100.cer | Bin 1278 -> 0 bytes .../ocspFromSsl/keybank_v3.101.cer | Bin 1584 -> 0 bytes .../ocspFromSsl/keybank_v3.102.cer | Bin 774 -> 0 bytes .../testSubjects/ocspFromSsl/ocspssl.scr | 137 - .../testSubjects/ocspFromSsl/ocspsslNew.scr | 144 - .../certcrl/testSubjects/ocspFromSsl/one.scr | 19 - .../ocspFromSsl/proteron_v3.100.cer | Bin 842 -> 0 bytes .../ocspFromSsl/secauth_v3.100.cer | Bin 845 -> 0 bytes .../ocspFromSsl/secauth_v3.101.cer | Bin 807 -> 0 bytes .../ocspFromSsl/thawte_v3.100.cer | Bin 827 -> 0 bytes .../ocspFromSsl/thawte_v3.101.cer | Bin 807 -> 0 bytes .../ocspFromSsl/verisign_v3.100.cer | Bin 1788 -> 0 bytes .../ocspFromSsl/verisign_v3.101.cer | Bin 1570 -> 0 bytes .../ocspFromSsl/verisign_v3.102.cer | Bin 1226 -> 0 bytes .../ocspFromSsl/wellsfargo_v3.100.cer | Bin 1147 -> 0 bytes .../ocspFromSsl/wellsfargo_v3.101.cer | Bin 903 -> 0 bytes .../testSubjects/ocspFromSsl/xdss_v3.100.cer | Bin 1222 -> 0 bytes .../testSubjects/ocspFromSsl/xdss_v3.101.cer | Bin 903 -> 0 bytes .../ocsp_openvalidation/Root_CA1.crt | Bin 1235 -> 0 bytes .../ocsp_openvalidation/Root_CA2.crt | Bin 1285 -> 0 bytes .../ocsp_openvalidation/Server_CA1.crt | Bin 1113 -> 0 bytes .../ocsp_openvalidation/Server_CA2.crt | Bin 1177 -> 0 bytes .../ocsp_openvalidation/User_CA1.crt | Bin 1126 -> 0 bytes .../ocsp_openvalidation/User_CA2.crt | Bin 1160 -> 0 bytes .../testSubjects/ocsp_openvalidation/ocsp.scr | 123 - .../testSubjects/ocsp_openvalidation/one.scr | 23 - .../ocsp_openvalidation/one_CA2.scr | 19 - .../testSubjects/parasiticKeys/.gdb_history | 7 - .../parasiticKeys/derCerts/eepkint1.der | Bin 1468 -> 0 bytes .../parasiticKeys/derCerts/eepkint1.key.der | Bin 140 -> 0 bytes .../parasiticKeys/derCerts/pkint8k.der | Bin 2488 -> 0 bytes .../parasiticKeys/derCerts/pkint8k.key.der | Bin 2061 -> 0 bytes .../parasiticKeys/derCerts/uee8k.der | Bin 2718 -> 0 bytes .../testSubjects/parasiticKeys/eepkint1.pem | 33 - .../testSubjects/parasiticKeys/eepkint2.pem | 54 - .../testSubjects/parasiticKeys/intca.pem | 36 - .../testSubjects/parasiticKeys/parasite.scr | 68 - .../parasiticKeys/parasiteEnableLargeKeys.scr | 71 - .../parasiticKeys/parasiteErrDetect.scr | 70 - .../testSubjects/parasiticKeys/pkint16k.pem | 97 - .../testSubjects/parasiticKeys/pkint8k.pem | 54 - .../testSubjects/parasiticKeys/pkuser.pem | 15 - .../testSubjects/parasiticKeys/prsa16k.pem | 238 - .../testSubjects/parasiticKeys/prsa8k.pem | 121 - .../testSubjects/parasiticKeys/root.pem | 15 - .../testSubjects/parasiticKeys/shintca.pem | 19 - .../testSubjects/parasiticKeys/shroot.pem | 15 - .../testSubjects/parasiticKeys/ssRootCert.der | Bin 1767 -> 0 bytes .../testSubjects/parasiticKeys/ssSubjCert.der | Bin 1745 -> 0 bytes .../testSubjects/parasiticKeys/tee16k.pem | 102 - .../testSubjects/parasiticKeys/tee8k.pem | 59 - .../testSubjects/parasiticKeys/uee16k.pem | 102 - .../testSubjects/parasiticKeys/uee8k.pem | 59 - .../certcrl/testSubjects/pkinitPolicy/CA.cer | Bin 495 -> 0 bytes .../testSubjects/pkinitPolicy/noBC.cer | Bin 480 -> 0 bytes .../testSubjects/pkinitPolicy/noCA.cer | Bin 501 -> 0 bytes .../pkinitPolicy/pkinitPolicy.scr | 38 - .../testSubjects/qualCertStatment/ICA3.cer | Bin 1703 -> 0 bytes .../qualCertStatment/Netlock1.der | Bin 2047 -> 0 bytes .../qualCertStatment/badStatementId.cer | Bin 515 -> 0 bytes .../qualCertStatment/qualCertStatement.scr | 32 - .../resourceSigning/intermediate.cer | Bin 508 -> 0 bytes .../testSubjects/resourceSigning/leaf.cer | Bin 540 -> 0 bytes .../resourceSigning/leafBadEKU.cer | Bin 558 -> 0 bytes .../resourceSigning/leafBadKU.cer | Bin 550 -> 0 bytes .../resourceSigning/leafNoEKU.cer | Bin 536 -> 0 bytes .../resourceSigning/resourceSigning.scr | 51 - .../testSubjects/resourceSigning/root.cer | Bin 466 -> 0 bytes .../serverGatedCrypto/alandsbanken_v3.100.cer | Bin 1276 -> 0 bytes .../serverGatedCrypto/alandsbanken_v3.101.cer | Bin 903 -> 0 bytes .../serverGatedCrypto/luottokunta_v3.100.cer | Bin 1432 -> 0 bytes .../serverGatedCrypto/luottokunta_v3.101.cer | Bin 903 -> 0 bytes .../testSubjects/serverGatedCrypto/sgc.scr | 26 - .../smime/AliceDSSSignByCarlNoInherit.cer | Bin 738 -> 0 bytes .../testSubjects/smime/AliceRSASignByCarl.cer | Bin 518 -> 0 bytes .../testSubjects/smime/BobDHEncryptByCarl.cer | Bin 870 -> 0 bytes .../testSubjects/smime/BobRSASignByCarl.cer | Bin 516 -> 0 bytes .../testSubjects/smime/CarlDSSCRLEmpty.crl | Bin 111 -> 0 bytes .../testSubjects/smime/CarlDSSCRLForAll.crl | Bin 219 -> 0 bytes .../testSubjects/smime/CarlDSSCRLForCarl.crl | Bin 134 -> 0 bytes .../testSubjects/smime/CarlDSSSelf.cer | Bin 671 -> 0 bytes .../testSubjects/smime/CarlRSACRLEmpty.crl | Bin 202 -> 0 bytes .../testSubjects/smime/CarlRSACRLForAll.crl | Bin 311 -> 0 bytes .../testSubjects/smime/CarlRSACRLForCarl.crl | Bin 239 -> 0 bytes .../testSubjects/smime/CarlRSASelf.cer | Bin 495 -> 0 bytes .../smime/DianeDHEncryptByCarl.cer | Bin 873 -> 0 bytes .../smime/DianeDSSSignByCarlInherit.cer | Bin 446 -> 0 bytes .../testSubjects/smime/DianeRSASignByCarl.cer | Bin 526 -> 0 bytes .../smime/EricaDHEncryptByCarl.cer | Bin 749 -> 0 bytes .../certcrl/testSubjects/smime/certsParsed | 320 - .../certcrl/testSubjects/smime/crlsParsed | 89 - .../certcrl/testSubjects/smime/smime.scr | 436 - .../testSubjects/trustSettings/buildAndTest | 39 - .../testSubjects/trustSettings/crl.crl | Bin 282 -> 0 bytes .../trustSettings/crlTestLeaf.cer | Bin 503 -> 0 bytes .../trustSettings/crlTestRoot.cer | Bin 517 -> 0 bytes .../testSubjects/trustSettings/csCA.cer | Bin 546 -> 0 bytes .../testSubjects/trustSettings/csLeaf.cer | Bin 543 -> 0 bytes .../trustSettings/csLeafShortPath.cer | Bin 540 -> 0 bytes .../testSubjects/trustSettings/csRoot.cer | Bin 523 -> 0 bytes .../testSubjects/trustSettings/debugRoot.cer | Bin 487 -> 0 bytes .../trustSettings/dmitchAppleThawte.cer | Bin 721 -> 0 bytes .../trustSettings/emptyTrustSettings.plist | 10 - .../testSubjects/trustSettings/localhost.cer | Bin 486 -> 0 bytes .../trustSettings/makeTrustSettings | 51 - .../testSubjects/trustSettings/one.scr | 57 - .../testSubjects/trustSettings/thawteCA.cer | Bin 835 -> 0 bytes .../trustSettings/trustSettings.scr | 176 - .../trustSettings/trustSettingsTest.keychain | Bin 30020 -> 0 bytes .../trustSettings/userTrustSettings.plist | 172 - SecurityTests/clxutils/certsFromDb/Makefile | 54 - .../clxutils/certsFromDb/certsFromDb.cpp | 210 - SecurityTests/clxutils/cgConstruct/Makefile | 55 - .../clxutils/cgConstruct/cgConstruct.cpp | 565 - SecurityTests/clxutils/cgVerify/Makefile | 54 - SecurityTests/clxutils/cgVerify/cgVerify.cpp | 724 - .../clxutils/cgVerify/dsaParam512.der | Bin 160 -> 0 bytes .../clxutils/cgVerifyParsed/Makefile | 54 - .../cgVerifyParsed/cgVerifyParsed.cpp | 699 - .../clxutils/cgVerifyParsed/dsaParam512.der | Bin 160 -> 0 bytes .../cgVerifyParsed/tpVerifyParsed.cpp | 178 - .../clxutils/cgVerifyParsed/tpVerifyParsed.h | 33 - .../clxutils/clAppUtils/BlobList.cpp | 92 - SecurityTests/clxutils/clAppUtils/BlobList.h | 30 - .../clxutils/clAppUtils/CertBuilderApp.cpp | 376 - .../clxutils/clAppUtils/CertBuilderApp.h | 65 - .../clxutils/clAppUtils/CertParser.cpp | 248 - .../clxutils/clAppUtils/CertParser.h | 105 - SecurityTests/clxutils/clAppUtils/Makefile | 62 - .../clxutils/clAppUtils/certVerify.cpp | 692 - .../clxutils/clAppUtils/certVerify.h | 148 - SecurityTests/clxutils/clAppUtils/clutils.c | 192 - SecurityTests/clxutils/clAppUtils/clutils.h | 31 - .../clxutils/clAppUtils/crlUtils.cpp | 318 - SecurityTests/clxutils/clAppUtils/crlUtils.h | 28 - .../clxutils/clAppUtils/identPicker.cpp | 331 - .../clxutils/clAppUtils/identPicker.h | 91 - SecurityTests/clxutils/clAppUtils/ioSock.c | 480 - SecurityTests/clxutils/clAppUtils/ioSock.h | 88 - .../clxutils/clAppUtils/keyPicker.cpp | 365 - SecurityTests/clxutils/clAppUtils/keyPicker.h | 62 - .../clxutils/clAppUtils/printCertName.cpp | 186 - .../clxutils/clAppUtils/printCertName.h | 27 - .../clxutils/clAppUtils/ringBufferIo.cpp | 330 - .../clxutils/clAppUtils/ringBufferIo.h | 101 - .../clxutils/clAppUtils/sslAppUtils.cpp | 1653 - .../clxutils/clAppUtils/sslAppUtils.h | 159 - .../clxutils/clAppUtils/sslClient.cpp | 212 - .../clAppUtils/sslRingBufferThreads.cpp | 304 - .../clAppUtils/sslRingBufferThreads.h | 67 - .../clxutils/clAppUtils/sslServe.cpp | 380 - .../clxutils/clAppUtils/sslThreading.h | 174 - SecurityTests/clxutils/clAppUtils/timeStr.cpp | 290 - SecurityTests/clxutils/clAppUtils/timeStr.h | 65 - SecurityTests/clxutils/clAppUtils/tpUtils.cpp | 1215 - SecurityTests/clxutils/clAppUtils/tpUtils.h | 181 - SecurityTests/clxutils/clTool/Makefile | 54 - SecurityTests/clxutils/clTool/clTool.cpp | 312 - SecurityTests/clxutils/cltpdvt | 294 - SecurityTests/clxutils/cltpdvt_usage | 10 - .../clxutils/clxutils.pbproj/project.pbxproj | 70 - SecurityTests/clxutils/cmsTime/Makefile | 58 - SecurityTests/clxutils/cmsTime/cmsTime.cpp | 156 - SecurityTests/clxutils/cmsTime/noRoot.p7 | Bin 2521 -> 0 bytes SecurityTests/clxutils/cmsTime/withRoot.p7 | Bin 6648 -> 0 bytes SecurityTests/clxutils/cmstool/Makefile | 48 - SecurityTests/clxutils/cmstool/cmstool.cpp | 1220 - .../clxutils/cmstool/testSubjects/ptext1.txt | 772 - .../clxutils/cmstool/testSubjects/signed1.cms | Bin 23230 -> 0 bytes .../clxutils/cmstool/testSubjects/vfyCms | 27 - SecurityTests/clxutils/crlTool/Makefile | 54 - SecurityTests/clxutils/crlTool/crlNetwork.cpp | 253 - SecurityTests/clxutils/crlTool/crlNetwork.h | 30 - SecurityTests/clxutils/crlTool/crlTool.cpp | 232 - SecurityTests/clxutils/dotMacArchive/Makefile | 50 - .../clxutils/dotMacArchive/dotMacArchive.cpp | 546 - .../clxutils/dotMacArchive/dotMacTpAttach.cpp | 91 - .../clxutils/dotMacArchive/dotMacTpAttach.h | 48 - .../clxutils/dotMacArchive/identSearch.cpp | 132 - .../clxutils/dotMacArchive/identSearch.h | 53 - SecurityTests/clxutils/dotMacRequest/Makefile | 54 - SecurityTests/clxutils/dotMacRequest/README | 23 - .../clxutils/dotMacRequest/dotMacRequest.cpp | 624 - SecurityTests/clxutils/dotMacTool/MDS | 6 - SecurityTests/clxutils/dotMacTool/Makefile | 59 - SecurityTests/clxutils/dotMacTool/README | 107 - .../clxutils/dotMacTool/dotMacTool.cpp | 728 - .../clxutils/dotMacTool/keyPicker.cpp | 38 - SecurityTests/clxutils/dotMacTool/keyPicker.h | 48 - SecurityTests/clxutils/dumpasn1.cfg | 3634 -- SecurityTests/clxutils/extenGrab/Makefile | 54 - .../clxutils/extenGrab/extenGrab.cpp | 124 - SecurityTests/clxutils/extenTest/Makefile | 54 - .../clxutils/extenTest/extenTest.cpp | 1546 - SecurityTests/clxutils/extenTestTp/Makefile | 54 - .../clxutils/extenTestTp/extenTestTp.cpp | 1430 - .../clxutils/extendAttrTest/Makefile | 53 - .../clxutils/extendAttrTest/amazon_v3.100.cer | Bin 945 -> 0 bytes .../extendAttrTest/extendAttrTest.cpp | 526 - .../clxutils/extendAttrTest/rsakey_priv.der | Bin 319 -> 0 bytes .../clxutils/extendAttrTest/rsakey_pub.der | Bin 94 -> 0 bytes .../clxutils/extendAttrTool/Makefile | 53 - .../extendAttrTool/extendAttrTool.cpp | 459 - .../extendAttrTool/singleItemPicker.cpp | 233 - .../extendAttrTool/singleItemPicker.h | 55 - .../clxutils/extractCertFields/Makefile | 54 - .../extractCertFields/extractCertFields.cpp | 211 - SecurityTests/clxutils/findCert/Makefile | 50 - SecurityTests/clxutils/findCert/asnUtils.cpp | 262 - SecurityTests/clxutils/findCert/asnUtils.h | 77 - SecurityTests/clxutils/findCert/findCert.cpp | 144 - SecurityTests/clxutils/idPref/Makefile | 48 - SecurityTests/clxutils/idPref/idPref.cpp | 118 - SecurityTests/clxutils/idTool/Makefile | 54 - SecurityTests/clxutils/idTool/idTool.cpp | 439 - .../clxutils/importExport/amazon_v3.100.pem | 22 - .../clxutils/importExport/cdnow_v300.pem | 20 - .../clxutils/importExport/dhParams_512.der | Bin 84 -> 0 bytes .../clxutils/importExport/dsaParamOpenssl.pem | 6 - .../clxutils/importExport/dsaParams_512.der | Bin 160 -> 0 bytes .../clxutils/importExport/exportOpensslTool | 103 - .../clxutils/importExport/exportPkcs8Tool | 104 - .../clxutils/importExport/impExpOpensslEcdsa | 78 - .../importExport/impExpOpensslEcdsaTool | 136 - .../clxutils/importExport/importExport | 117 - .../clxutils/importExport/importExportAgg | 192 - .../importExport/importExportECDSA_P12 | 84 - .../importExport/importExportECDSA_P12_Tool | 95 - .../clxutils/importExport/importExportKeyTool | 112 - .../clxutils/importExport/importExportOpenssh | 219 - .../importExport/importExportOpensshTool | 344 - .../importExport/importExportOpensslWrap | 207 - .../clxutils/importExport/importExportPkcs12 | 193 - .../clxutils/importExport/importExportPkcs7 | 135 - .../clxutils/importExport/importExportPkcs8 | 210 - .../importExport/importExportPkcs8Tool | 71 - .../clxutils/importExport/importExportRawKey | 258 - .../clxutils/importExport/localcert.pem | 12 - .../clxutils/importExport/secp256r1ca.p12 | Bin 1425 -> 0 bytes .../clxutils/importExport/secp384r1ca.p12 | Bin 1529 -> 0 bytes .../clxutils/importExport/secp521r1ca.p12 | Bin 1667 -> 0 bytes .../clxutils/importExport/setupCommon | 60 - .../clxutils/importExport/somePlainText | 1 - SecurityTests/clxutils/kcExport/Makefile | 48 - SecurityTests/clxutils/kcExport/kcExport.cpp | 392 - SecurityTests/clxutils/kcImport/Makefile | 48 - SecurityTests/clxutils/kcImport/kcImport.cpp | 600 - SecurityTests/clxutils/kcTime/Makefile | 49 - .../clxutils/kcTime/SecureServer.509.cer | Bin 568 -> 0 bytes .../clxutils/kcTime/amazon_v3.100.cer | Bin 599 -> 0 bytes SecurityTests/clxutils/kcTime/kcTime.cpp | 504 - SecurityTests/clxutils/kcTime/test1.p12 | Bin 2846 -> 0 bytes SecurityTests/clxutils/kcTool/Makefile | 54 - SecurityTests/clxutils/kcTool/kcTool.cpp | 297 - SecurityTests/clxutils/keyFromCert/Makefile | 54 - .../clxutils/keyFromCert/keyFromCert.cpp | 77 - SecurityTests/clxutils/krbtool/Makefile | 50 - SecurityTests/clxutils/krbtool/asnUtils.cpp | 262 - SecurityTests/clxutils/krbtool/asnUtils.h | 77 - .../clxutils/krbtool/identPicker.cpp | 542 - SecurityTests/clxutils/krbtool/identPicker.h | 66 - SecurityTests/clxutils/krbtool/krbtool.cpp | 313 - SecurityTests/clxutils/make.ssl | 10 - .../clxutils/makeCertPolicy/Makefile | 54 - .../makeCertPolicy/makeCertPolicy.cpp | 202 - SecurityTests/clxutils/makeCrl/Makefile | 54 - SecurityTests/clxutils/makeCrl/makeCrl.cpp | 328 - .../clxutils/makeCrl/testFiles/crl.crl | Bin 282 -> 0 bytes .../makeCrl/testFiles/crlKeychain.keychain | Bin 29836 -> 0 bytes .../makeCrl/testFiles/crlTestLeaf.cer | Bin 503 -> 0 bytes .../makeCrl/testFiles/crlTestRoot.cer | Bin 517 -> 0 bytes .../clxutils/makeCrl/testFiles/crlTime.scr | 127 - .../makeCrl/testFiles/crlTimeTiger.scr | 128 - .../clxutils/makeCrl/testFiles/notes | 27 - .../clxutils/makeExpiredCerts/Makefile | 48 - .../makeExpiredCerts/makeExpiredCerts.cpp | 309 - SecurityTests/clxutils/newCmsTool/Makefile | 48 - .../clxutils/newCmsTool/blobs/GTE_SGC.cer | Bin 745 -> 0 bytes .../clxutils/newCmsTool/blobs/certs.p7 | Bin 802 -> 0 bytes .../clxutils/newCmsTool/blobs/certsOnly.p7 | Bin 1509 -> 0 bytes .../newCmsTool/blobs/cmsEcdsaHandsoff | 83 - .../newCmsTool/blobs/cmsEcdsaRoot.cer | Bin 433 -> 0 bytes .../clxutils/newCmsTool/blobs/cmsKeychain | Bin 37900 -> 0 bytes .../clxutils/newCmsTool/blobs/cmsRoot.cer | Bin 491 -> 0 bytes .../clxutils/newCmsTool/blobs/cmstest | 506 - .../clxutils/newCmsTool/blobs/cmstestHandsoff | 77 - .../clxutils/newCmsTool/blobs/cmstestUsage | 11 - .../clxutils/newCmsTool/blobs/dmitchIChat.cer | Bin 707 -> 0 bytes .../blobs/ecdsaCmsKeychain.keychain | Bin 33044 -> 0 bytes .../clxutils/newCmsTool/blobs/env.p7 | Bin 649 -> 0 bytes .../clxutils/newCmsTool/blobs/env_two.p7 | Bin 1051 -> 0 bytes SecurityTests/clxutils/newCmsTool/blobs/ptext | 5 - .../clxutils/newCmsTool/blobs/sign.p7 | Bin 2208 -> 0 bytes .../clxutils/newCmsTool/blobs/sign2.p7 | Bin 3817 -> 0 bytes .../clxutils/newCmsTool/blobs/signEnv.p7 | Bin 2658 -> 0 bytes .../clxutils/newCmsTool/blobs/signEnv_auth.p7 | Bin 2658 -> 0 bytes .../newCmsTool/blobs/signEnv_certs.p7 | Bin 4122 -> 0 bytes .../newCmsTool/blobs/signEnv_twoSign.p7 | Bin 4642 -> 0 bytes .../blobs/signEnv_twoSign_twoRecip.p7 | Bin 5044 -> 0 bytes .../clxutils/newCmsTool/blobs/sign_auth.p7 | Bin 2206 -> 0 bytes .../clxutils/newCmsTool/blobs/sign_certs.p7 | Bin 3669 -> 0 bytes .../clxutils/newCmsTool/blobs/sign_det.p7 | Bin 2018 -> 0 bytes .../clxutils/newCmsTool/blobs/sign_nocerts.p7 | Bin 663 -> 0 bytes .../newCmsTool/blobs/sign_only_certs.p7 | Bin 1509 -> 0 bytes .../clxutils/newCmsTool/blobs/sign_signer.p7 | Bin 1381 -> 0 bytes .../clxutils/newCmsTool/blobs/sign_two.p7 | Bin 4192 -> 0 bytes .../newCmsTool/blobs/sign_withroot.p7 | Bin 3033 -> 0 bytes .../clxutils/newCmsTool/newCmsTool.cpp | 1658 - SecurityTests/clxutils/ocspTool/Makefile | 53 - .../clxutils/ocspTool/findOcspUrl.cpp | 61 - SecurityTests/clxutils/ocspTool/findOcspUrl.h | 42 - .../clxutils/ocspTool/ocspNetwork.cpp | 187 - SecurityTests/clxutils/ocspTool/ocspNetwork.h | 49 - .../clxutils/ocspTool/ocspRequest.cpp | 196 - SecurityTests/clxutils/ocspTool/ocspRequest.h | 84 - SecurityTests/clxutils/ocspTool/ocspTool.cpp | 1254 - SecurityTests/clxutils/ocspTool/ocspUtils.cpp | 50 - SecurityTests/clxutils/ocspTool/ocspUtils.h | 29 - SecurityTests/clxutils/ocspdTool/Makefile | 53 - .../clxutils/ocspdTool/ocspdTool.cpp | 485 - SecurityTests/clxutils/p12/Makefile | 52 - SecurityTests/clxutils/p12/SecNssCoder.cpp | 191 - SecurityTests/clxutils/p12/SecNssCoder.h | 161 - SecurityTests/clxutils/p12/p12.cpp | 153 - SecurityTests/clxutils/p12/p12.h | 52 - SecurityTests/clxutils/p12/p12Crypto.cpp | 307 - SecurityTests/clxutils/p12/p12Crypto.h | 101 - SecurityTests/clxutils/p12/p12Decode.cpp | 416 - SecurityTests/clxutils/p12/p12Encode.cpp | 67 - SecurityTests/clxutils/p12/p12GetPassKey.cpp | 132 - SecurityTests/clxutils/p12/p12GetPassKey.h | 30 - .../clxutils/p12/p12ImportExport.cpp | 472 - SecurityTests/clxutils/p12/p12Parse.cpp | 919 - SecurityTests/clxutils/p12/p12pbe.cpp | 325 - SecurityTests/clxutils/p12/p12pbe.h | 59 - SecurityTests/clxutils/p12/pkcs12Parsed.cpp | 93 - SecurityTests/clxutils/p12/pkcs12Parsed.h | 92 - SecurityTests/clxutils/p12Parse/Makefile | 57 - SecurityTests/clxutils/p12Parse/main.cpp | 50 - SecurityTests/clxutils/p12Parse/p12Crypto.cpp | 322 - SecurityTests/clxutils/p12Parse/p12Crypto.h | 101 - SecurityTests/clxutils/p12Parse/p12Parse.cpp | 922 - SecurityTests/clxutils/p12Parse/p12Parse.h | 21 - .../clxutils/p12Parse/pkcs12Parsed.cpp | 93 - .../clxutils/p12Parse/pkcs12Parsed.h | 92 - .../clxutils/p12Parse/pkcs12Utils.cpp | 322 - SecurityTests/clxutils/p12Parse/pkcs12Utils.h | 45 - SecurityTests/clxutils/p12Reencode/Makefile | 54 - SecurityTests/clxutils/p12Reencode/doReencode | 22 - .../clxutils/p12Reencode/p12Reencode.cpp | 395 - SecurityTests/clxutils/p12Reencode/test1.p12 | Bin 2846 -> 0 bytes SecurityTests/clxutils/p12Reencode/test10.p12 | Bin 3934 -> 0 bytes SecurityTests/clxutils/p12Reencode/test11.p12 | Bin 3934 -> 0 bytes SecurityTests/clxutils/p12Reencode/test12.p12 | Bin 3942 -> 0 bytes SecurityTests/clxutils/p12Reencode/test13.p12 | Bin 3934 -> 0 bytes SecurityTests/clxutils/p12Reencode/test14.p12 | Bin 3934 -> 0 bytes SecurityTests/clxutils/p12Reencode/test15.p12 | Bin 3950 -> 0 bytes SecurityTests/clxutils/p12Reencode/test16.p12 | Bin 3950 -> 0 bytes SecurityTests/clxutils/p12Reencode/test17.p12 | Bin 3942 -> 0 bytes SecurityTests/clxutils/p12Reencode/test18.p12 | Bin 3934 -> 0 bytes SecurityTests/clxutils/p12Reencode/test19.p12 | Bin 3558 -> 0 bytes SecurityTests/clxutils/parseCert/Makefile | 54 - .../clxutils/parseCert/parseCert.cpp | 60 - SecurityTests/clxutils/parseCrl/Makefile | 54 - SecurityTests/clxutils/parseCrl/parseCrl.cpp | 64 - SecurityTests/clxutils/pemtool/Makefile | 54 - SecurityTests/clxutils/pemtool/pemtool.c | 108 - .../KeychainAccessSystemRoot.cer | Bin 494 -> 0 bytes .../rootStoreTool/KeychainAccessUserRoot.cer | Bin 490 -> 0 bytes SecurityTests/clxutils/rootStoreTool/Makefile | 59 - .../rootStoreTool/SMIME_SystemRoot.cer | Bin 482 -> 0 bytes .../clxutils/rootStoreTool/SMIME_UserRoot.cer | Bin 478 -> 0 bytes .../clxutils/rootStoreTool/SSL_SystemRoot.cer | Bin 478 -> 0 bytes .../clxutils/rootStoreTool/SSL_UserRoot.cer | Bin 474 -> 0 bytes .../rootStoreTool/UnrestrictedSystemRoot.cer | Bin 496 -> 0 bytes .../rootStoreTool/UnrestrictedUserRoot.cer | Bin 492 -> 0 bytes .../clxutils/rootStoreTool/addTestRoots | 21 - .../clxutils/rootStoreTool/addTestRootsSec | 21 - .../clxutils/rootStoreTool/buildSysAnchors | 45 - .../rootStoreTool/parseTrustedRootList.cpp | 297 - .../clxutils/rootStoreTool/rootStoreTool.cpp | 932 - .../clxutils/rootStoreTool/rootUtils.cpp | 378 - .../clxutils/rootStoreTool/rootUtils.h | 104 - .../clxutils/rootStoreTool/threeRoots.pem | 38 - SecurityTests/clxutils/secTime/Makefile | 58 - .../clxutils/secTime/SecureServer.509.cer | Bin 568 -> 0 bytes SecurityTests/clxutils/secTime/ThawteCA.cer | Bin 835 -> 0 bytes SecurityTests/clxutils/secTime/ThawteRoot.cer | Bin 817 -> 0 bytes .../clxutils/secTime/amazon_v3.100.cer | Bin 945 -> 0 bytes .../clxutils/secTime/dmitchThawte.cer | Bin 721 -> 0 bytes .../clxutils/secTime/firstamlink.cer | Bin 805 -> 0 bytes SecurityTests/clxutils/secTime/secTime.cpp | 739 - .../clxutils/secToolVerify/AppleQuickTime.pem | 94 - .../clxutils/secToolVerify/AppleSWUPDATE.pem | 107 - .../clxutils/secToolVerify/VPNTrialCA.cer | Bin 1156 -> 0 bytes .../clxutils/secToolVerify/amazon_v3.100.cer | Bin 945 -> 0 bytes .../secToolVerify/applestore_v3.100.cer | Bin 1158 -> 0 bytes .../secToolVerify/applestore_v3.101.cer | Bin 903 -> 0 bytes .../secToolVerify/dmitchThawte2005.cer | Bin 721 -> 0 bytes .../secToolVerify/dmitchThawte2007.cer | Bin 734 -> 0 bytes .../clxutils/secToolVerify/iproj_v3.102.cer | Bin 565 -> 0 bytes .../clxutils/secToolVerify/secToolVerify | 154 - .../clxutils/secToolVerify/serverbasic.crt | Bin 791 -> 0 bytes .../vpn-gateway.vpntrial.com.cer | Bin 1452 -> 0 bytes SecurityTests/clxutils/secTrustTime/Makefile | 58 - .../clxutils/secTrustTime/keybank_v3.100.cer | Bin 1121 -> 0 bytes .../clxutils/secTrustTime/keybank_v3.101.cer | Bin 903 -> 0 bytes .../clxutils/secTrustTime/keybank_v3.102.cer | Bin 576 -> 0 bytes SecurityTests/clxutils/secTrustTime/runTests | 33 - .../clxutils/secTrustTime/secTrustTime.cpp | 378 - SecurityTests/clxutils/signerAndSubj/Makefile | 54 - .../clxutils/signerAndSubj/signerAndSubj.cpp | 717 - .../clxutils/signerAndSubjSsl/Makefile | 54 - .../clxutils/signerAndSubjSsl/doTest | 215 - .../signerAndSubjSsl/signerAndSubjSsl.cpp | 412 - .../clxutils/signerAndSubjTp/Makefile | 54 - .../clxutils/signerAndSubjTp/makeSmimeCert | 38 - .../signerAndSubjTp/signerAndSubjTp.cpp | 959 - .../clxutils/simpleUrlAccess/Makefile | 44 - .../simpleUrlAccess/simpleUrlAccess.c | 185 - SecurityTests/clxutils/smimePolicy/Makefile | 58 - .../clxutils/smimePolicy/smimePolicy.cpp | 1246 - SecurityTests/clxutils/sslAlert/Makefile | 55 - SecurityTests/clxutils/sslAlert/README | 1 - SecurityTests/clxutils/sslAlert/sslAlert.cpp | 439 - SecurityTests/clxutils/sslAuth/Makefile | 55 - SecurityTests/clxutils/sslAuth/sslAuth.cpp | 384 - SecurityTests/clxutils/sslBench/Makefile | 53 - SecurityTests/clxutils/sslBench/sslBench.cpp | 440 - SecurityTests/clxutils/sslCipher/Makefile | 55 - .../clxutils/sslCipher/sslCipher.cpp | 561 - SecurityTests/clxutils/sslEAP/Makefile | 53 - .../clxutils/sslEAP/ringBufferThreads.cpp | 359 - .../clxutils/sslEAP/ringBufferThreads.h | 80 - SecurityTests/clxutils/sslEAP/sslEAP.cpp | 246 - SecurityTests/clxutils/sslEcdsa/Makefile | 60 - .../sslEcdsa/ecc-secp256r1-client.pfx | Bin 1036 -> 0 bytes .../clxutils/sslEcdsa/ecdsa.keychain | Bin 24940 -> 0 bytes SecurityTests/clxutils/sslEcdsa/sslEcdsa.cpp | 631 - .../clxutils/sslHandshakeTimeRB/Makefile | 53 - .../sslHandshakeTimeRB/sslHandshakeTimeRB.cpp | 274 - .../clxutils/sslHdshakeTime/Makefile | 53 - .../sslHdshakeTime/sslHdshakeTime.cpp | 479 - SecurityTests/clxutils/sslProt/Makefile | 55 - SecurityTests/clxutils/sslProt/dhParams1024.h | 24 - SecurityTests/clxutils/sslProt/dhParams512.h | 14 - SecurityTests/clxutils/sslProt/sslProt.cpp | 1061 - SecurityTests/clxutils/sslScripts/AlexTest | 80 - SecurityTests/clxutils/sslScripts/authClient | 72 - SecurityTests/clxutils/sslScripts/authDoncio | 47 - SecurityTests/clxutils/sslScripts/authExtern | 80 - SecurityTests/clxutils/sslScripts/authServe | 62 - .../clxutils/sslScripts/cynicRoot.cer | Bin 2391 -> 0 bytes .../clxutils/sslScripts/dhParams_1024.der | Bin 151 -> 0 bytes .../clxutils/sslScripts/dhParams_512.der | Bin 84 -> 0 bytes .../clxutils/sslScripts/doncioRoot.cer | Bin 750 -> 0 bytes SecurityTests/clxutils/sslScripts/doprompt | 25 - .../clxutils/sslScripts/dsaCertToolInput | 14 - .../clxutils/sslScripts/makeLocalCert | 72 - .../clxutils/sslScripts/openssl/doprompt | 2 - .../sslScripts/openssl/makeOpensslCert | 101 - .../sslScripts/openssl/opensslReqInput | 10 - .../clxutils/sslScripts/openssl/opensslTest | 49 - .../sslScripts/openssl/osdsaparam.der | 6 - .../clxutils/sslScripts/openssl/runServeView | 41 - SecurityTests/clxutils/sslScripts/protClient | 146 - SecurityTests/clxutils/sslScripts/protServe | 89 - .../clxutils/sslScripts/removeLocalCerts | 24 - .../clxutils/sslScripts/runProtClient | 60 - SecurityTests/clxutils/sslScripts/setTrustAll | 10 - .../clxutils/sslScripts/simplePrompt | 2 - .../clxutils/sslScripts/sslExtendUse.scr | 58 - SecurityTests/clxutils/sslScripts/sslKcSetup | 59 - SecurityTests/clxutils/sslScripts/ssldvt | 109 - .../clxutils/sslScripts/ssldvtCertErr | 2 - SecurityTests/clxutils/sslScripts/ssldvtUsage | 1 - SecurityTests/clxutils/sslScripts/test1.p12 | Bin 2846 -> 0 bytes SecurityTests/clxutils/sslScripts/trustAll | 14 - .../clxutils/sslScripts/verisignCA.cer | Bin 906 -> 0 bytes SecurityTests/clxutils/sslServer/Makefile | 53 - .../clxutils/sslServer/sslServer.cpp | 1060 - SecurityTests/clxutils/sslSession/Makefile | 57 - .../clxutils/sslSession/sslSession.cpp | 293 - SecurityTests/clxutils/sslSubjName/Makefile | 62 - .../clxutils/sslSubjName/sslSubjName.cpp | 595 - SecurityTests/clxutils/sslThroughput/Makefile | 53 - .../clxutils/sslThroughput/runSslThroughput | 27 - .../clxutils/sslThroughput/sslThroughput.cpp | 283 - SecurityTests/clxutils/sslViewer/Makefile | 53 - .../clxutils/sslViewer/SSLViewer.cpp | 1799 - SecurityTests/clxutils/sslViewer/SSL_Sites | 306 - SecurityTests/clxutils/sslViewer/pingSslSites | 37 - SecurityTests/clxutils/sslViewer/verifyPing | 144 - SecurityTests/clxutils/sysIdTool/Makefile | 48 - .../clxutils/sysIdTool/sysIdTool.cpp | 187 - SecurityTests/clxutils/threadTest/Makefile | 66 - .../clxutils/threadTest/amazon_v3.100.cer | Bin 1274 -> 0 bytes .../clxutils/threadTest/amazon_v3.101.cer | Bin 1584 -> 0 bytes SecurityTests/clxutils/threadTest/attach.cpp | 270 - .../clxutils/threadTest/cduniverse_v3.100.cer | Bin 1344 -> 0 bytes .../clxutils/threadTest/cgConstructThr.cpp | 390 - .../clxutils/threadTest/cgVerifyThr.cpp | 453 - .../clxutils/threadTest/copyRoots.cpp | 46 - SecurityTests/clxutils/threadTest/cspRand.cpp | 63 - .../clxutils/threadTest/cssmErrStr.cpp | 61 - .../clxutils/threadTest/dbOpenClose.cpp | 76 - .../clxutils/threadTest/derDecode.cpp | 131 - SecurityTests/clxutils/threadTest/desTest.cpp | 296 - .../clxutils/threadTest/digestClient.cpp | 59 - .../clxutils/threadTest/getCachedFields.cpp | 231 - .../clxutils/threadTest/getFields.cpp | 200 - SecurityTests/clxutils/threadTest/ioSockThr.c | 335 - SecurityTests/clxutils/threadTest/ioSockThr.h | 76 - .../clxutils/threadTest/kcStatus.cpp | 84 - .../clxutils/threadTest/mdsLookupThr.cpp | 173 - .../threadTest/mypage.apple_v3.100.cer | Bin 1102 -> 0 bytes SecurityTests/clxutils/threadTest/rsaSign.cpp | 325 - .../clxutils/threadTest/secTrustEval.cpp | 135 - .../clxutils/threadTest/serverpremium.crt | Bin 811 -> 0 bytes .../clxutils/threadTest/signVerify.cpp | 118 - SecurityTests/clxutils/threadTest/sslPing.cpp | 407 - .../clxutils/threadTest/sslThrash.cpp | 265 - .../clxutils/threadTest/symTestThr.cpp | 150 - SecurityTests/clxutils/threadTest/t_stdlib.c | 53 - .../clxutils/threadTest/testParams.h | 90 - SecurityTests/clxutils/threadTest/testutil.c | 175 - SecurityTests/clxutils/threadTest/testutil.h | 19 - .../clxutils/threadTest/threadTest.cpp | 496 - .../clxutils/threadTest/timeThread.cpp | 99 - .../clxutils/threadTest/trustSettings.cpp | 101 - SecurityTests/clxutils/trustAnchors/Makefile | 53 - .../clxutils/trustAnchors/trustAnchors.c | 529 - SecurityTests/clxutils/trustApps/Makefile | 53 - .../clxutils/trustApps/trustApps.cpp | 153 - SecurityTests/clxutils/unBER/Makefile | 58 - SecurityTests/clxutils/unBER/unBER.cpp | 448 - SecurityTests/clxutils/updateCert | 42 - SecurityTests/clxutils/updateCerts | 35 - SecurityTests/clxutils/urlPageGrab/Makefile | 53 - .../clxutils/urlPageGrab/cfSimpleGet.cpp | 126 - .../clxutils/urlPageGrab/cfSimpleGet.h | 14 - SecurityTests/clxutils/urlPageGrab/grabPages | 38 - SecurityTests/clxutils/urlPageGrab/pltGrab | 91 - .../clxutils/urlPageGrab/speedo_html.tar | Bin 5488640 -> 0 bytes .../clxutils/urlPageGrab/urlPageGrab.cpp | 491 - SecurityTests/clxutils/userTrustTest/Makefile | 58 - .../clxutils/userTrustTest/amazon_v3.100.cer | Bin 945 -> 0 bytes .../clxutils/userTrustTest/userTrustTest.cpp | 244 - SecurityTests/clxutils/vfyCacCert/Makefile | 39 - SecurityTests/clxutils/vfyCacCert/README | 37 - .../clxutils/vfyCacCert/certs/cac_c7_cert.crt | Bin 1027 -> 0 bytes .../vfyCacCert/certs/cac_signing_cert.crt | Bin 1134 -> 0 bytes .../clxutils/vfyCacCert/certs/joe2.ID.cer | Bin 962 -> 0 bytes .../vfyCacCert/certs/joe2.encrypt.cer | Bin 1004 -> 0 bytes .../clxutils/vfyCacCert/certs/joe2.sign.cer | Bin 1072 -> 0 bytes SecurityTests/clxutils/vfyCacCert/vfyAllCerts | 9 - .../clxutils/vfyCacCert/vfyCacCert.cpp | 494 - SecurityTests/clxutils/vfyCert/Makefile | 54 - SecurityTests/clxutils/vfyCert/vfyCert.c | 68 - SecurityTests/clxutils/vfyCertChain/Makefile | 54 - .../clxutils/vfyCertChain/vfyCertChain.cpp | 426 - SecurityTests/cspxutils/ChangeLog | 28 - SecurityTests/cspxutils/EXAMPLES_README | 33 - SecurityTests/cspxutils/Makefile | 96 - SecurityTests/cspxutils/Makefile.cdsa | 152 - SecurityTests/cspxutils/Makefile.lib | 119 - SecurityTests/cspxutils/Makefile.template | 62 - SecurityTests/cspxutils/README | 239 - SecurityTests/cspxutils/acltool/Makefile | 51 - SecurityTests/cspxutils/acltool/aclUtils.cpp | 509 - SecurityTests/cspxutils/acltool/aclUtils.h | 54 - SecurityTests/cspxutils/acltool/acltool.cpp | 327 - SecurityTests/cspxutils/aesVect/Makefile | 57 - SecurityTests/cspxutils/aesVect/aesVect.c | 179 - SecurityTests/cspxutils/aesVect/ecb_vk.hdr | 13 - SecurityTests/cspxutils/aesVect/ecb_vk.txt | 2334 - SecurityTests/cspxutils/aesVect/ecb_vt.hdr | 13 - SecurityTests/cspxutils/aesVect/ecb_vt.txt | 1566 - SecurityTests/cspxutils/aesVect/enDecrypt.h | 47 - .../cspxutils/aesVect/enDecryptCsp.c | 84 - .../cspxutils/aesVect/enDecryptRef.c | 56 - .../cspxutils/aesVect/enDecryptTest.c | 42 - SecurityTests/cspxutils/aesVect/makeVectors | 31 - SecurityTests/cspxutils/aesVect/rijndael.c | 427 - SecurityTests/cspxutils/aesVect/std_defs.h | 151 - SecurityTests/cspxutils/aesVect/testVectors | 27 - SecurityTests/cspxutils/ascTool/Makefile | 55 - SecurityTests/cspxutils/ascTool/ascTool.cpp | 291 - SecurityTests/cspxutils/asymCompat/Makefile | 56 - .../cspxutils/asymCompat/asymCompat.c | 826 - SecurityTests/cspxutils/asymPerform/Makefile | 56 - .../cspxutils/asymPerform/asymPerform.c | 266 - SecurityTests/cspxutils/asymTest/Makefile | 55 - SecurityTests/cspxutils/asymTest/asymTest.c | 870 - SecurityTests/cspxutils/attachLeak/Makefile | 54 - .../cspxutils/attachLeak/attachLeak.c | 185 - SecurityTests/cspxutils/badattr/Makefile | 55 - SecurityTests/cspxutils/badattr/badattr.c | 1417 - SecurityTests/cspxutils/badmac/Makefile | 54 - SecurityTests/cspxutils/badmac/badmac.c | 400 - SecurityTests/cspxutils/badsig/Makefile | 54 - SecurityTests/cspxutils/badsig/badsig.c | 820 - SecurityTests/cspxutils/buildExample | 32 - SecurityTests/cspxutils/ccCtxSize/Makefile | 57 - SecurityTests/cspxutils/ccCtxSize/ccCtxSize.c | 62 - SecurityTests/cspxutils/ccHmacClone/Makefile | 60 - .../cspxutils/ccHmacClone/ccHmacClone.cpp | 422 - SecurityTests/cspxutils/ccHmacCompat/Makefile | 59 - .../cspxutils/ccHmacCompat/ccHmacCompat.c | 421 - SecurityTests/cspxutils/ccOneShot/Makefile | 59 - .../cspxutils/ccOneShot/ccOneShot.cpp | 243 - .../cspxutils/ccOpensslCompat/Makefile | 55 - .../ccOpensslCompat/ccOpensslCompat.cpp | 188 - .../cspxutils/ccOpensslCompat/digestCommon.h | 197 - .../ccOpensslCompat/digestCommonCrypto.cpp | 7 - .../ccOpensslCompat/digestCommonExtern.h | 39 - .../ccOpensslCompat/digestOpenssl.cpp | 14 - SecurityTests/cspxutils/ccPerform/Makefile | 56 - .../cspxutils/ccPerform/ccPerform.cpp | 240 - SecurityTests/cspxutils/ccSymCompat/Makefile | 56 - .../cspxutils/ccSymCompat/ccSymCompat.c | 1016 - SecurityTests/cspxutils/ccSymTest/Makefile | 56 - .../cspxutils/ccSymTest/ccSymTest.cpp | 777 - SecurityTests/cspxutils/ccdvt | 29 - SecurityTests/cspxutils/ccmake | 46 - .../cspxutils/clearPubKeyTest/Makefile | 56 - .../clearPubKeyTest/clearPubKeyTest.cpp | 395 - SecurityTests/cspxutils/contextReuse/Makefile | 55 - .../cspxutils/contextReuse/contextReuse.cpp | 739 - SecurityTests/cspxutils/cputimeCal/Makefile | 55 - .../cspxutils/cputimeCal/cputimeCal.cpp | 36 - SecurityTests/cspxutils/cryptTool/Makefile | 55 - SecurityTests/cspxutils/cryptTool/README | 55 - SecurityTests/cspxutils/cryptTool/cryptTool.c | 415 - SecurityTests/cspxutils/cryptTool/runCrypt | 27 - SecurityTests/cspxutils/cspdvt | 185 - SecurityTests/cspxutils/cspdvt_usage | 7 - .../cspxutils.pbproj/project.pbxproj | 71 - SecurityTests/cspxutils/dbTool/Makefile | 55 - SecurityTests/cspxutils/dbTool/dbAttrs.cpp | 444 - SecurityTests/cspxutils/dbTool/dbAttrs.h | 52 - SecurityTests/cspxutils/dbTool/dbCert.cpp | 508 - SecurityTests/cspxutils/dbTool/dbCert.h | 48 - SecurityTests/cspxutils/dbTool/dbTool.cpp | 747 - SecurityTests/cspxutils/dbVerifyKey/Makefile | 55 - .../cspxutils/dbVerifyKey/dbVerifyKey.cpp | 222 - SecurityTests/cspxutils/dhFulltest/Makefile | 55 - .../cspxutils/dhFulltest/dhFulltest.cpp | 711 - .../cspxutils/dhFulltest/dhParams_512.der | Bin 84 -> 0 bytes SecurityTests/cspxutils/dhTest/Makefile | 61 - SecurityTests/cspxutils/dhTest/README | 63 - .../cspxutils/dhTest/dhParams_512.der | Bin 84 -> 0 bytes SecurityTests/cspxutils/dhTest/dhTest.cpp | 468 - SecurityTests/cspxutils/dsaPartial/Makefile | 55 - .../cspxutils/dsaPartial/dsaParam512_1.der | Bin 160 -> 0 bytes .../cspxutils/dsaPartial/dsaParam512_2.der | Bin 160 -> 0 bytes .../cspxutils/dsaPartial/dsaPartial.cpp | 724 - SecurityTests/cspxutils/ecdhTest/Makefile | 59 - SecurityTests/cspxutils/ecdhTest/ecdhTest.cpp | 451 - SecurityTests/cspxutils/feeCurve | 62 - SecurityTests/cspxutils/feedvt | 22 - .../cspxutils/genErrorStrings/Makefile | 35 - .../cspxutils/genErrorStrings/fileIo.c | 89 - .../cspxutils/genErrorStrings/fileIo.h | 20 - .../genErrorStrings/genErrorStrings.cpp | 211 - .../cspxutils/genErrorStrings/genStrings | 33 - SecurityTests/cspxutils/genKeyPair/Makefile | 55 - .../cspxutils/genKeyPair/genKeyPair.cpp | 238 - SecurityTests/cspxutils/hashClone/Makefile | 55 - SecurityTests/cspxutils/hashClone/hashClone.c | 354 - SecurityTests/cspxutils/hashCompat/Makefile | 56 - .../cspxutils/hashCompat/hashCompat.c | 321 - SecurityTests/cspxutils/hashTest/Makefile | 54 - SecurityTests/cspxutils/hashTest/hashTest.c | 397 - SecurityTests/cspxutils/hashTime/MD5.c | 366 - SecurityTests/cspxutils/hashTime/MD5.h | 63 - SecurityTests/cspxutils/hashTime/Makefile | 56 - SecurityTests/cspxutils/hashTime/SHA1.c | 176 - SecurityTests/cspxutils/hashTime/SHA1.h | 76 - SecurityTests/cspxutils/hashTime/SHA1_priv.c | 311 - SecurityTests/cspxutils/hashTime/SHA1_priv.h | 54 - SecurityTests/cspxutils/hashTime/hashTime.cpp | 723 - .../cspxutils/hashTimeLibCrypt/Makefile | 55 - .../hashTimeLibCrypt/hashTimeLibCrypt.cpp | 272 - .../cspxutils/hashTimeLibCrypt/pbkdDigest.cpp | 72 - .../cspxutils/hashTimeLibCrypt/pbkdDigest.h | 78 - SecurityTests/cspxutils/hashTimeSA/MD5.c | 367 - SecurityTests/cspxutils/hashTimeSA/MD5.h | 63 - SecurityTests/cspxutils/hashTimeSA/Makefile | 42 - SecurityTests/cspxutils/hashTimeSA/SHA1.c | 176 - SecurityTests/cspxutils/hashTimeSA/SHA1.h | 76 - .../cspxutils/hashTimeSA/SHA1_priv.c | 313 - .../cspxutils/hashTimeSA/SHA1_priv.h | 54 - .../cspxutils/hashTimeSA/hashTimeSA.cpp | 420 - SecurityTests/cspxutils/keyDate/Makefile | 57 - SecurityTests/cspxutils/keyDate/keyDate.cpp | 1415 - SecurityTests/cspxutils/keyHash/Makefile | 54 - SecurityTests/cspxutils/keyHash/keyHash.c | 249 - SecurityTests/cspxutils/keyHashAsym/Makefile | 61 - .../cspxutils/keyHashAsym/dhParams_512.der | Bin 84 -> 0 bytes .../cspxutils/keyHashAsym/dsaParams_512.der | Bin 160 -> 0 bytes .../cspxutils/keyHashAsym/keyHashAsym.c | 547 - SecurityTests/cspxutils/keySizePref/Makefile | 37 - .../cspxutils/keySizePref/keySizePref.cpp | 140 - SecurityTests/cspxutils/keyStore/Makefile | 55 - SecurityTests/cspxutils/keyStore/keyStore.c | 816 - SecurityTests/cspxutils/keyStoreLeak/Makefile | 55 - .../cspxutils/keyStoreLeak/keyStoreLeak.c | 477 - SecurityTests/cspxutils/macCompat/Makefile | 55 - SecurityTests/cspxutils/macCompat/macCompat.c | 651 - SecurityTests/cspxutils/macTest/Makefile | 54 - SecurityTests/cspxutils/macTest/macTest.c | 175 - SecurityTests/cspxutils/mdsLookup/Makefile | 54 - .../cspxutils/mdsLookup/mdsLookup.cpp | 528 - SecurityTests/cspxutils/mdsdump/MDSSchema.cpp | 680 - SecurityTests/cspxutils/mdsdump/MDSSchema.h | 101 - SecurityTests/cspxutils/mdsdump/Makefile | 54 - SecurityTests/cspxutils/mdsdump/mdsdump.cpp | 558 - SecurityTests/cspxutils/miniWrap/Makefile | 54 - SecurityTests/cspxutils/miniWrap/miniWrap.c | 809 - SecurityTests/cspxutils/pbeTest/Makefile | 54 - SecurityTests/cspxutils/pbeTest/pbeTest.c | 1270 - SecurityTests/cspxutils/perform/Makefile | 55 - SecurityTests/cspxutils/perform/aesPerform | 22 - SecurityTests/cspxutils/perform/doPerform | 31 - SecurityTests/cspxutils/perform/perform.cpp | 339 - SecurityTests/cspxutils/performRaw/Makefile | 55 - .../cspxutils/performRaw/aesPerformRaw | 22 - .../cspxutils/performRaw/doPerformRaw | 32 - .../cspxutils/performRaw/performRaw.cpp | 329 - SecurityTests/cspxutils/performSuite | 72 - SecurityTests/cspxutils/pubKeyTool/Makefile | 57 - .../cspxutils/pubKeyTool/derive_pub.der | Bin 140 -> 0 bytes .../cspxutils/pubKeyTool/pubKeyTool.cpp | 672 - .../cspxutils/pubKeyTool/rsa_priv.der | Bin 635 -> 0 bytes .../cspxutils/pubKeyTool/rsa_pub.der | Bin 140 -> 0 bytes SecurityTests/cspxutils/randTest/Makefile | 54 - SecurityTests/cspxutils/randTest/randTest.c | 219 - SecurityTests/cspxutils/rawRsaSig/Makefile | 55 - SecurityTests/cspxutils/rawRsaSig/rawRsaSig.c | 323 - SecurityTests/cspxutils/rawSig/Makefile | 55 - SecurityTests/cspxutils/rawSig/rawSig.c | 477 - SecurityTests/cspxutils/rsatool/Makefile | 55 - SecurityTests/cspxutils/rsatool/README | 127 - SecurityTests/cspxutils/rsatool/rsatool.c | 1182 - SecurityTests/cspxutils/sha2Time/Makefile | 55 - SecurityTests/cspxutils/sha2Time/sha2Time.cpp | 126 - SecurityTests/cspxutils/sha2Vectors/Makefile | 49 - .../cspxutils/sha2Vectors/sha2Vectors.cpp | 361 - .../cspxutils/sha2VectorsCdsa/Makefile | 55 - .../sha2VectorsCdsa/sha2VectorsCdsa.cpp | 431 - SecurityTests/cspxutils/sigPerform/Makefile | 56 - .../cspxutils/sigPerform/sigPerform.c | 261 - SecurityTests/cspxutils/sigtest/Makefile | 55 - SecurityTests/cspxutils/sigtest/sigtest.c | 486 - SecurityTests/cspxutils/sshKey/Makefile | 56 - SecurityTests/cspxutils/sshKey/sshKey.cpp | 1461 - SecurityTests/cspxutils/ssl2Padding/Makefile | 55 - .../cspxutils/ssl2Padding/ssl2Padding.cpp | 394 - SecurityTests/cspxutils/symCompat/Makefile | 55 - SecurityTests/cspxutils/symCompat/symCompat.c | 1010 - SecurityTests/cspxutils/symDelta/Makefile | 54 - SecurityTests/cspxutils/symDelta/symDelta.c | 853 - SecurityTests/cspxutils/symReference/Makefile | 55 - .../symReference/blobs/G4/ctext_3DES | Bin 264 -> 0 bytes .../cspxutils/symReference/blobs/G4/ctext_AES | Bin 272 -> 0 bytes .../symReference/blobs/G4/ctext_AES192 | Bin 264 -> 0 bytes .../symReference/blobs/G4/ctext_AES256 | Bin 288 -> 0 bytes .../cspxutils/symReference/blobs/G4/ctext_ASC | Bin 282 -> 0 bytes .../symReference/blobs/G4/ctext_Blowfish | Bin 264 -> 0 bytes .../symReference/blobs/G4/ctext_CAST | 3 - .../cspxutils/symReference/blobs/G4/ctext_DES | Bin 264 -> 0 bytes .../cspxutils/symReference/blobs/G4/ctext_RC2 | Bin 264 -> 0 bytes .../cspxutils/symReference/blobs/G4/ctext_RC4 | 3 - .../cspxutils/symReference/blobs/G4/ctext_RC5 | Bin 264 -> 0 bytes .../cspxutils/symReference/blobs/G4/iv_3DES | 1 - .../cspxutils/symReference/blobs/G4/iv_AES | 1 - .../cspxutils/symReference/blobs/G4/iv_AES192 | 1 - .../cspxutils/symReference/blobs/G4/iv_AES256 | 1 - .../symReference/blobs/G4/iv_Blowfish | 1 - .../cspxutils/symReference/blobs/G4/iv_CAST | 1 - .../cspxutils/symReference/blobs/G4/iv_DES | 1 - .../cspxutils/symReference/blobs/G4/iv_RC2 | 1 - .../cspxutils/symReference/blobs/G4/iv_RC5 | 1 - .../cspxutils/symReference/blobs/G4/key_3DES | Bin 24 -> 0 bytes .../cspxutils/symReference/blobs/G4/key_AES | 1 - .../symReference/blobs/G4/key_AES192 | 1 - .../symReference/blobs/G4/key_AES256 | 1 - .../cspxutils/symReference/blobs/G4/key_ASC | 1 - .../symReference/blobs/G4/key_Blowfish | 1 - .../cspxutils/symReference/blobs/G4/key_CAST | 1 - .../cspxutils/symReference/blobs/G4/key_DES | 1 - .../cspxutils/symReference/blobs/G4/key_RC2 | 1 - .../cspxutils/symReference/blobs/G4/key_RC4 | 1 - .../cspxutils/symReference/blobs/G4/key_RC5 | 1 - .../symReference/blobs/G4/ptext_3DES | 2 - .../cspxutils/symReference/blobs/G4/ptext_AES | Bin 256 -> 0 bytes .../symReference/blobs/G4/ptext_AES192 | Bin 256 -> 0 bytes .../symReference/blobs/G4/ptext_AES256 | Bin 256 -> 0 bytes .../cspxutils/symReference/blobs/G4/ptext_ASC | 3 - .../symReference/blobs/G4/ptext_Blowfish | 1 - .../symReference/blobs/G4/ptext_CAST | Bin 256 -> 0 bytes .../cspxutils/symReference/blobs/G4/ptext_DES | Bin 256 -> 0 bytes .../cspxutils/symReference/blobs/G4/ptext_RC2 | Bin 256 -> 0 bytes .../cspxutils/symReference/blobs/G4/ptext_RC4 | Bin 256 -> 0 bytes .../cspxutils/symReference/blobs/G4/ptext_RC5 | Bin 256 -> 0 bytes .../cspxutils/symReference/symReference.cpp | 464 - SecurityTests/cspxutils/symTest/Makefile | 55 - SecurityTests/cspxutils/symTest/symTest.c | 771 - SecurityTests/cspxutils/testall | 67 - SecurityTests/cspxutils/utilLib/Makefile | 59 - SecurityTests/cspxutils/utilLib/boxes-ref.h | 85 - SecurityTests/cspxutils/utilLib/bsafeUtils.c | 1009 - SecurityTests/cspxutils/utilLib/bsafeUtils.h | 109 - SecurityTests/cspxutils/utilLib/common.c | 624 - SecurityTests/cspxutils/utilLib/common.h | 155 - SecurityTests/cspxutils/utilLib/commonCpp.cpp | 160 - SecurityTests/cspxutils/utilLib/cputime.c | 81 - SecurityTests/cspxutils/utilLib/cputime.h | 89 - .../cspxutils/utilLib/cspdlTesting.h | 100 - SecurityTests/cspxutils/utilLib/cspwrap.c | 3279 -- SecurityTests/cspxutils/utilLib/cspwrap.h | 454 - .../cspxutils/utilLib/cssmErrorStrings.h | 532 - SecurityTests/cspxutils/utilLib/fileIo.c | 128 - SecurityTests/cspxutils/utilLib/fileIo.h | 20 - .../cspxutils/utilLib/nssAppUtils.cpp | 90 - SecurityTests/cspxutils/utilLib/nssAppUtils.h | 41 - .../cspxutils/utilLib/rijndael-alg-ref.c | 373 - .../cspxutils/utilLib/rijndael-alg-ref.h | 53 - SecurityTests/cspxutils/utilLib/rijndaelApi.c | 357 - SecurityTests/cspxutils/utilLib/rijndaelApi.h | 108 - .../cspxutils/utilLib/ssleayUtils.cpp | 266 - SecurityTests/cspxutils/utilLib/ssleayUtils.h | 54 - SecurityTests/cspxutils/utilLib/t_stdlib.c | 59 - SecurityTests/cspxutils/wrap/Makefile | 55 - SecurityTests/cspxutils/wrap/wrap.c | 249 - SecurityTests/cspxutils/wrapTest/Makefile | 54 - SecurityTests/cspxutils/wrapTest/wrapTest.c | 1077 - SecurityTests/nist-certs/Expectations.plist | 57 - ...t => InvalidDifferentPoliciesTest12EE.crt} | Bin ...rt => InvalidDifferentPoliciesTest4EE.crt} | Bin ...rt => InvalidDifferentPoliciesTest5EE.crt} | Bin ...rt => InvalidDifferentPoliciesTest7EE.crt} | Bin ...rt => InvalidDifferentPoliciesTest8EE.crt} | Bin ...rt => InvalidDifferentPoliciesTest9EE.crt} | Bin SecurityTests/regressions/Makefile | 190 - SecurityTests/regressions/README | 220 - .../auth/auth-01-immediate-agent.c | 41 - .../regressions/auth/auth-02-aewp-basic.c | 40 - .../auth/auth-SessionCreate-01-basic.c | 34 - .../regressions/dl/dl-10-create-delete.c | 285 - .../regressions/dl/dl-11-create-relation.c | 269 - SecurityTests/regressions/dl/dl-12-modify.c | 687 - SecurityTests/regressions/inc/MyHarness.pm | 29 - SecurityTests/regressions/inc/Test.pm | 955 - SecurityTests/regressions/inc/Test/Builder.pm | 1873 - .../regressions/inc/Test/Builder/Module.pm | 185 - .../regressions/inc/Test/Builder/Tester.pm | 646 - .../inc/Test/Builder/Tester/Color.pm | 50 - SecurityTests/regressions/inc/Test/Harness.pm | 1169 - .../regressions/inc/Test/Harness/Assert.pm | 64 - .../regressions/inc/Test/Harness/Iterator.pm | 70 - .../regressions/inc/Test/Harness/Point.pm | 143 - .../regressions/inc/Test/Harness/Results.pm | 182 - .../regressions/inc/Test/Harness/Straps.pm | 648 - .../regressions/inc/Test/Harness/TAP.pod | 492 - .../regressions/inc/Test/Harness/Util.pm | 133 - SecurityTests/regressions/inc/Test/More.pm | 1569 - SecurityTests/regressions/inc/Test/Simple.pm | 230 - .../regressions/inc/Test/Tutorial.pod | 603 - .../regressions/kc/kc-11-unlock-referral.c | 64 - .../regressions/kc/kc-20-item-change-label.m | 327 - .../regressions/kc/kc-23-item-notify.c | 83 - SecurityTests/regressions/kc/kc-23-notify.c | 99 - SecurityTests/regressions/kc/kc-24-login.c | 95 - .../regressions/kc/kc-25-bulk-notify.c | 90 - SecurityTests/regressions/kc/kc-30-trust.c | 25 - .../regressions/kc/kc-40-item-change-label2.m | 351 - .../regressions/kc/kc-46-dl-add-certificate.c | 247 - .../regressions/kc/kc-50-iPhone-emulation.c | 325 - SecurityTests/regressions/kc/kc-50-thread.c | 78 - .../regressions/kc/kc-52-testCFEqualAndHash.c | 73 - SecurityTests/regressions/t/40kc-list.t | 13 - SecurityTests/regressions/t/40kc-unlock.t | 27 - .../regressions/t/41kc-unlock-referral.t | 37 - SecurityTests/regressions/t/IPC/Run3.pm | 666 - SecurityTests/regressions/t/security.pl | 66 - SecurityTests/regressions/test/00testtest.c | 45 - SecurityTests/regressions/test/testcpp.h | 83 - SecurityTests/regressions/test/testcssm.c | 68 - SecurityTests/regressions/test/testenv.c | 87 - SecurityTests/regressions/test/testenv.h | 40 - .../regressions/test/testeventqueue.c | 95 - .../regressions/test/testeventqueue.h | 25 - SecurityTests/regressions/test/testleaks.c | 188 - SecurityTests/regressions/test/testleaks.h | 59 - SecurityTests/regressions/test/testmore.c | 274 - SecurityTests/regressions/test/testmore.h | 172 - SecurityTests/regressions/test/testsecevent.c | 171 - SecurityTests/regressions/test/testsecevent.h | 38 - SecurityTests/regressions/ut/ut-00-errors.cpp | 18 - .../regressions/ut/ut-01-devrandom.cpp | 23 - SecurityTests/test-certs/CACert.ecc.pem | 11 - SecurityTests/test-certs/CACert.rsa.pem | 14 - SecurityTests/test-certs/CAKey.ecc.pem | 5 - SecurityTests/test-certs/CAKey.rsa.pem | 16 - .../test-certs/ClientCert.ecc.ecc.pem | 9 - .../test-certs/ClientCert.ecc.rsa.pem | 10 - .../test-certs/ClientCert.rsa.ecc.pem | 11 - .../test-certs/ClientCert.rsa.rsa.pem | 12 - SecurityTests/test-certs/ClientKey.ecc.pem | 25 - SecurityTests/test-certs/ClientKey.rsa.pem | 16 - SecurityTests/test-certs/ClientReq.ecc.pem | 7 - SecurityTests/test-certs/ClientReq.rsa.pem | 10 - .../test-certs/SECG_ecc-secp256r1-client.pem | 27 - .../SECG_ecc_rsa-secp256r1-client.pem | 28 - .../test-certs/ServerCert.ecc.ecc.pem | 9 - .../test-certs/ServerCert.ecc.rsa.pem | 10 - .../test-certs/ServerCert.rsa.ecc.pem | 10 - .../test-certs/ServerCert.rsa.rsa.pem | 12 - SecurityTests/test-certs/ServerKey.ecc.pem | 25 - SecurityTests/test-certs/ServerKey.rsa.pem | 16 - SecurityTests/test-certs/ServerReq.ecc.pem | 7 - SecurityTests/test-certs/ServerReq.rsa.pem | 10 - SecurityTests/test-certs/ecparam.pem | 3 - .../English.lproj/InfoPlist.strings | 5 - SecurityTests/testKeychainAPI/run.sh | 12 - .../testKeychainAPI/testKeychainAPI | Bin 71104 -> 0 bytes .../testKeychainAPI.pbproj/project.pbxproj | 1871 - .../testKeychainAPI/KCAPI_CString.cpp | 445 - .../testKeychainAPI/KCAPI_CString.h | 213 - .../testKeychainAPI/KCAPI_Cert.cpp | 88 - .../testKeychainAPI/KCAPI_Cert.h | 51 - .../testKeychainAPI/KCAPI_Item.cpp | 512 - .../testKeychainAPI/KCAPI_Item.h | 298 - .../testKeychainAPI/KCAPI_Keychain.cpp | 784 - .../testKeychainAPI/KCAPI_Keychain.h | 463 - .../testKeychainAPI/KCAPI_Manager.cpp | 64 - .../testKeychainAPI/KCAPI_Manager.h | 52 - .../testKeychainAPI/KCAPI_Password.cpp | 372 - .../testKeychainAPI/KCAPI_Password.h | 176 - .../testKeychainAPI/KCOperation.cpp | 211 - .../testKeychainAPI/KCOperation.h | 259 - .../testKeychainAPI/KCOperationID.cpp | 124 - .../testKeychainAPI/KCOperationID.h | 159 - .../testKeychainAPI/KCParamUtility.cpp | 1 - .../testKeychainAPI/KCParamUtility.h | 649 - .../testKeychainAPI/testKeychainAPI/Radar.cpp | 116 - .../testKeychainAPI/testKeychainAPI/Radar.h | 48 - .../testKeychainAPI/scripts/cleanup | 7 - .../testKeychainAPI/scripts/error_scripts | 166 - .../scripts/error_sub_cases_scripts | 494 - .../testKeychainAPI/scripts/script0000 | 19 - .../testKeychainAPI/scripts/script0001 | 69 - .../testKeychainAPI/scripts/script0001.001 | 15 - .../testKeychainAPI/scripts/script0002 | 69 - .../testKeychainAPI/scripts/script0002.000 | 65 - .../testKeychainAPI/scripts/script0003 | 69 - .../testKeychainAPI/scripts/script0003.000 | 70 - .../testKeychainAPI/scripts/script0004 | 69 - .../testKeychainAPI/scripts/script0004.000 | 70 - .../testKeychainAPI/scripts/script0005 | 77 - .../testKeychainAPI/scripts/script0005.000 | 61 - .../testKeychainAPI/scripts/script0006 | 80 - .../testKeychainAPI/scripts/script0006.000 | 69 - .../testKeychainAPI/scripts/script0007 | 82 - .../testKeychainAPI/scripts/script0007.000 | 69 - .../testKeychainAPI/scripts/script0008 | 94 - .../testKeychainAPI/scripts/script0008.000 | 57 - .../testKeychainAPI/scripts/script0009 | 50 - .../testKeychainAPI/scripts/script0010 | 87 - .../testKeychainAPI/scripts/script0010.000 | 66 - .../testKeychainAPI/scripts/script0011 | 189 - .../testKeychainAPI/scripts/script0011.001 | 130 - .../testKeychainAPI/scripts/script0011.002 | 27 - .../testKeychainAPI/scripts/script0011.003 | 122 - .../testKeychainAPI/scripts/script0012 | 60 - .../testKeychainAPI/scripts/script0012.000 | 45 - .../testKeychainAPI/scripts/script0012.001 | 17 - .../testKeychainAPI/scripts/script0013 | 79 - .../testKeychainAPI/scripts/script0013.000 | 30 - .../testKeychainAPI/scripts/script0014 | 80 - .../testKeychainAPI/scripts/script0014.000 | 49 - .../testKeychainAPI/scripts/script0015 | 92 - .../testKeychainAPI/scripts/script0015.000 | 59 - .../testKeychainAPI/scripts/script0016 | 86 - .../testKeychainAPI/scripts/script0016.000 | 53 - .../testKeychainAPI/scripts/script0017 | 82 - .../testKeychainAPI/scripts/script0018 | 32 - .../testKeychainAPI/scripts/script0019 | 60 - .../testKeychainAPI/scripts/script0020 | 44 - .../testKeychainAPI/scripts/script0021 | 41 - .../testKeychainAPI/scripts/script0022 | 170 - .../testKeychainAPI/scripts/script0023 | 43 - .../testKeychainAPI/scripts/script0024 | 33 - .../testKeychainAPI/scripts/script0025 | 59 - .../testKeychainAPI/scripts/script0026 | 68 - .../testKeychainAPI/scripts/script0026.000 | 44 - .../testKeychainAPI/scripts/script0026.001 | 54 - .../testKeychainAPI/scripts/script0026.002 | 42 - .../testKeychainAPI/scripts/script0027 | 68 - .../testKeychainAPI/scripts/script0027.000 | 64 - .../testKeychainAPI/scripts/script0027.001 | 55 - .../testKeychainAPI/scripts/script0027.002 | 43 - .../testKeychainAPI/scripts/script0028 | 68 - .../testKeychainAPI/scripts/script0028.000 | 63 - .../testKeychainAPI/scripts/script0028.001 | 54 - .../testKeychainAPI/scripts/script0028.002 | 42 - .../testKeychainAPI/scripts/script0029 | 73 - .../testKeychainAPI/scripts/script0029.000 | 63 - .../testKeychainAPI/scripts/script0030 | 73 - .../testKeychainAPI/scripts/script0030.000 | 63 - .../testKeychainAPI/scripts/script0031 | 73 - .../testKeychainAPI/scripts/script0031.000 | 63 - .../testKeychainAPI/scripts/script0032 | 23 - .../testKeychainAPI/scripts/script0033 | 64 - .../testKeychainAPI/scripts/script0034 | 65 - .../testKeychainAPI/scripts/script0035 | 98 - .../testKeychainAPI/scripts/script0036 | 35 - .../testKeychainAPI/testKeychainAPI.cpp | 476 - .../testKeychainAPI/testKeychainAPI.h | 68 - .../testKeychainAPI_user_manual.cwk | Bin 115775 -> 0 bytes SecurityTests/testclient/attributes.cpp | 78 - SecurityTests/testclient/attributes.h | 76 - SecurityTests/testclient/csptests.cpp | 210 - SecurityTests/testclient/csptests.h | 9 - SecurityTests/testclient/dltests.cpp | 804 - SecurityTests/testclient/dltests.h | 11 - SecurityTests/testclient/testclient.cpp | 132 - .../testclient.pbproj/project.pbxproj | 372 - SecurityTests/xdr_rpc/Makefile.xdr_test | 36 - .../AclOwnerPrototype_getOwner.decoded | 63 - .../xdr_rpc/Reference/transition.cpp | 1244 - .../xdr_rpc/TestData/AclEntryInfo_getAcl | Bin 1072 -> 0 bytes .../xdr_rpc/TestData/AclEntryInput_changeAcl | Bin 404 -> 0 bytes .../TestData/AclOwnerPrototype_getOwner | Bin 231 -> 0 bytes .../xdr_rpc/TestData/Context_decrypt | Bin 536 -> 0 bytes .../xdr_rpc/TestData/Query_findFirst | Bin 1144 -> 0 bytes .../xdr_rpc/securityd_data_saver.cpp | 205 - SecurityTests/xdr_rpc/securityd_data_saver.h | 208 - SecurityTests/xdr_rpc/xdr_test.cpp | 2676 - .../SecurityTool.xcodeproj/project.pbxproj | 581 - SecurityTool/authz.c | 6 +- SecurityTool/cmsutil.c | 5 +- SecurityTool/config/debug.xcconfig | 3 - SecurityTool/config/project.xcconfig | 26 - SecurityTool/config/release.xcconfig | 3 - SecurityTool/createFVMaster.c | 2 +- SecurityTool/db_commands.cpp | 2 +- SecurityTool/keychain_add.c | 2 +- SecurityTool/keychain_create.c | 2 +- SecurityTool/keychain_delete.c | 145 +- SecurityTool/keychain_delete.h | 4 +- SecurityTool/keychain_export.c | 9 +- SecurityTool/keychain_find.c | 8 +- SecurityTool/keychain_import.c | 5 + SecurityTool/keychain_list.c | 7 +- SecurityTool/keychain_lock.c | 2 +- SecurityTool/keychain_recode.c | 2 +- SecurityTool/keychain_set_settings.c | 2 +- SecurityTool/keychain_show_info.c | 2 +- SecurityTool/keychain_unlock.c | 2 +- SecurityTool/keychain_utilities.c | 8 +- SecurityTool/readline.c | 2 +- SecurityTool/{readline.h => readline_cssm.h} | 8 +- SecurityTool/security.1 | 69 +- SecurityTool/security.c | 23 +- SecurityTool/sub_commands.h | 1 + SecurityTool/trusted_cert_add.c | 63 +- .../SWCViewController.m | 4 +- SyncTest/KCATableViewController.xib | 160 - SyncTest/spiralsink114.png | Bin 24752 -> 0 bytes SyncTest/spiralsink57.png | Bin 7978 -> 0 bytes base/SecBase.h | 688 + {OSX/sec/Security => base}/SecBasePriv.h | 77 +- {OSX/sec/Security => base}/SecInternal.h | 43 +- .../lib => base}/SecRandom.h | 34 +- .../lib => base}/Security.h | 46 +- .../CertificateTool.xcodeproj/project.pbxproj | 653 - .../lib => cssm}/certextensions.h | 267 +- .../libsecurity_cssm/lib => cssm}/cssmapple.h | 18 +- header_symlinks/README.txt | 6 + header_symlinks/Security/SecBase.h | 1 + header_symlinks/Security/SecBasePriv.h | 1 + header_symlinks/Security/SecCertificate.h | 1 + header_symlinks/Security/SecCertificatePriv.h | 1 + .../Security/SecCertificateRequest.h | 1 + header_symlinks/Security/SecIdentity.h | 1 + header_symlinks/Security/SecIdentityPriv.h | 1 + header_symlinks/Security/SecImportExport.h | 1 + header_symlinks/Security/SecInternal.h | 1 + header_symlinks/Security/SecItem.h | 1 + header_symlinks/Security/SecItemPriv.h | 1 + header_symlinks/Security/SecKey.h | 1 + header_symlinks/Security/SecKeyPriv.h | 1 + header_symlinks/Security/SecPolicy.h | 1 + header_symlinks/Security/SecPolicyPriv.h | 1 + header_symlinks/Security/SecRandom.h | 1 + header_symlinks/Security/SecTask.h | 1 + header_symlinks/Security/SecTrust.h | 1 + header_symlinks/Security/SecTrustPriv.h | 1 + header_symlinks/Security/SecTrustSettings.h | 1 + .../Security/SecTrustSettingsPriv.h | 1 + header_symlinks/Security/Security.h | 1 + header_symlinks/Security/certextensions.h | 1 + header_symlinks/iOS/Security/oidsbase.h | 1 + header_symlinks/macOS/Security/SecAsn1Types.h | 1 + header_symlinks/macOS/Security/SecCmsBase.h | 1 + .../macOS/Security/SecCmsContentInfo.h | 1 + .../macOS/Security/SecCmsDecoder.h | 1 + .../macOS/Security/SecCmsDigestContext.h | 1 + .../macOS/Security/SecCmsEncoder.h | 1 + .../macOS/Security/SecCmsEnvelopedData.h | 1 + .../macOS/Security/SecCmsMessage.h | 1 + .../macOS/Security/SecCmsRecipientInfo.h | 1 + .../macOS/Security/SecCmsSignedData.h | 1 + .../macOS/Security/SecCmsSignerInfo.h | 1 + header_symlinks/macOS/Security/oidsbase.h | 1 + .../macOS/security_utilities/casts.h | 1 + .../macOS/security_utilities/memutils.h | 1 + header_symlinks/utilities/SecCFRelease.h | 1 + .../lib => keychain}/SecIdentity.h | 155 +- keychain/SecIdentityPriv.h | 159 + .../lib => keychain}/SecImportExport.h | 382 +- {OSX/sec/Security => keychain}/SecItem.h | 295 +- {OSX/sec/Security => keychain}/SecItemPriv.h | 59 +- .../lib => keychain}/SecKey.h | 1096 +- {OSX/sec/Security => keychain}/SecKeyPriv.h | 400 +- libsecurity_smime/lib/SecCmsBase.h | 5 +- libsecurity_smime/lib/SecCmsContentInfo.h | 4 - libsecurity_smime/lib/SecCmsDecoder.h | 2 +- libsecurity_smime/lib/SecCmsEncoder.h | 5 +- libsecurity_smime/lib/SecCmsMessage.h | 2 - libsecurity_smime/lib/cert.h | 7 - libsecurity_smime/lib/cmscinfo.c | 10 +- libsecurity_smime/lib/cmscipher.c | 832 +- libsecurity_smime/lib/cmsdecode.c | 23 +- libsecurity_smime/lib/cmsdigest.c | 77 +- libsecurity_smime/lib/cmsencdata.c | 7 +- libsecurity_smime/lib/cmsencode.c | 9 +- libsecurity_smime/lib/cmsenvdata.c | 22 - libsecurity_smime/lib/cmsmessage.c | 4 +- libsecurity_smime/lib/cmspriv.h | 10 +- libsecurity_smime/lib/cmspubkey.c | 4 - libsecurity_smime/lib/cmsrecinfo.c | 148 +- libsecurity_smime/lib/cmssigdata.c | 83 +- libsecurity_smime/lib/cmssiginfo.c | 114 +- libsecurity_smime/lib/cmsutil.c | 25 - libsecurity_smime/lib/crypto-embedded.c | 4 + libsecurity_smime/lib/cryptohi.h | 26 - libsecurity_smime/lib/secoid.c | 37 +- libsecurity_smime/lib/secoidt.h | 3 - libsecurity_smime/lib/security_smime.exp | 116 - libsecurity_smime/lib/smimeutil.c | 18 +- .../libCMS.xcodeproj}/.gitignore | 0 .../project.pbxproj | 15 +- .../libsecurity_smime.xcodeproj/.gitignore | 2 - secdtests/{main.c => main.m} | 0 sectask/SecTask.h | 40 +- security-sysdiagnose/security-sysdiagnose.1 | 15 + .../security-sysdiagnose.entitlements.plist | 4 +- security-sysdiagnose/security-sysdiagnose.m | 176 + securityd/config/debug.xcconfig | 3 - securityd/config/project.xcconfig | 26 - securityd/config/release.xcconfig | 3 - securityd/dtrace/dtrace.mk | 2 - securityd/etc/startup.mk | 51 - securityd/mig/mig.mk | 47 - securityd/security_agent_client | 1 - securityd/security_agent_server | 1 - securityd/securityd.xcodeproj/project.pbxproj | 1140 - .../project.pbxproj | 20 +- .../securityd_service/main.c | 1 - securityd/src/SharedMemoryServer.cpp | 135 +- securityd/src/SharedMemoryServer.h | 39 +- securityd/src/agentquery.cpp | 15 +- securityd/src/agentquery.h | 2 +- securityd/src/clientid.cpp | 2 +- securityd/src/clientid.h | 2 +- securityd/src/credential.h | 4 +- securityd/src/entropy.cpp | 222 - securityd/src/entropy.h | 65 - securityd/src/main.cpp | 17 +- securityd/src/notifications.cpp | 208 +- securityd/src/notifications.h | 21 +- securityd/src/securityd.exp | 0 securityd/src/session.cpp | 2 +- securityd/src/transition.cpp | 2 +- sslViewer/SSLViewer.c | 363 +- sslViewer/ioSock.c | 4 +- sslViewer/sslAppUtils.h | 3 + trust/SecCertificate.h | 556 + trust/SecCertificatePriv.h | 539 + trust/SecCertificateRequest.h | 292 + .../lib => trust}/SecPolicy.h | 223 +- {OSX/sec/Security => trust}/SecPolicyPriv.h | 153 +- {OSX/sec/Security => trust}/SecTrust.h | 7 +- .../lib => trust}/SecTrustPriv.h | 220 +- trust/SecTrustSettings.h | 318 + trust/SecTrustSettingsPriv.h | 169 + xcconfig/Security.xcconfig | 8 + xcconfig/all_arches.xcconfig | 1 + xcconfig/ios_on_macos.xcconfig | 2 + xcconfig/lib_ios.xcconfig | 46 + xcconfig/lib_ios_debug.xcconfig | 5 + xcconfig/lib_ios_debug_all_archs.xcconfig | 7 + xcconfig/lib_ios_debug_shim.xcconfig | 3 + xcconfig/lib_ios_release.xcconfig | 1 + xcconfig/lib_ios_release_shim.xcconfig | 3 + xcconfig/lib_ios_x64.xcconfig | 3 + xcconfig/lib_ios_x64_debug.xcconfig | 5 + xcconfig/lib_ios_x64_debug_shim.xcconfig | 3 + xcconfig/lib_ios_x64_release.xcconfig | 1 + xcconfig/lib_ios_x64_release_shim.xcconfig | 3 + xcconfig/macos_legacy_lib.xcconfig | 30 + 2898 files changed, 61161 insertions(+), 268804 deletions(-) rename OSX/libsecurity_cssm/lib/security_cssm.exp => CSSMOID.exp-in (69%) delete mode 100644 IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxySendMessage.m create mode 100644 KVSKeychainSyncingProxy/CKDAKSLockMonitor.h create mode 100644 KVSKeychainSyncingProxy/CKDAKSLockMonitor.m create mode 100644 KVSKeychainSyncingProxy/CKDLockMonitor.h delete mode 100644 KVSKeychainSyncingProxy/CKDPersistentState.h delete mode 100644 KVSKeychainSyncingProxy/CKDPersistentState.m create mode 100644 KVSKeychainSyncingProxy/XPCNotificationDispatcher.h create mode 100644 KVSKeychainSyncingProxy/XPCNotificationDispatcher.m delete mode 100644 Keychain/AppDelegate.h delete mode 100644 Keychain/AppDelegate.m delete mode 100644 Keychain/CircleStatusView.h delete mode 100644 Keychain/CircleStatusView.m delete mode 100644 Keychain/Default-568h@2x.png delete mode 100644 Keychain/Default.png delete mode 100644 Keychain/Default@2x.png delete mode 100644 Keychain/DeviceItemCell.h delete mode 100644 Keychain/DeviceItemCell.m delete mode 100644 Keychain/DeviceTableViewController.h delete mode 100644 Keychain/DeviceTableViewController.m delete mode 100644 Keychain/DeviceViewController.h delete mode 100644 Keychain/DeviceViewController.m delete mode 100644 Keychain/EditItemViewController.h delete mode 100644 Keychain/EditItemViewController.m delete mode 100644 Keychain/FirstViewController.h delete mode 100644 Keychain/FirstViewController.m delete mode 100644 Keychain/KCAItemDetailViewController.h delete mode 100644 Keychain/KCAItemDetailViewController.m delete mode 100644 Keychain/KCATableViewController.h delete mode 100644 Keychain/KCATableViewController.m delete mode 100644 Keychain/Keychain-Entitlements.plist delete mode 100644 Keychain/Keychain-Info.plist delete mode 100644 Keychain/KeychainItemCell.h delete mode 100644 Keychain/KeychainItemCell.m delete mode 100644 Keychain/KeychainKeys.png delete mode 100644 Keychain/Keychain_114x114.png delete mode 100644 Keychain/Keychain_144x144.png delete mode 100644 Keychain/Keychain_57x57.png delete mode 100644 Keychain/Keychain_72x72.png delete mode 100644 Keychain/MyKeychain.h delete mode 100644 Keychain/MyKeychain.m delete mode 100644 Keychain/NewPasswordViewController.h delete mode 100644 Keychain/NewPasswordViewController.m delete mode 100644 Keychain/PeerListCell.h delete mode 100644 Keychain/PeerListCell.m delete mode 100644 Keychain/SyncViewController.h delete mode 100644 Keychain/SyncViewController.m delete mode 100644 Keychain/ToolsViewController.h delete mode 100644 Keychain/ToolsViewController.m delete mode 100644 Keychain/first.png delete mode 100644 Keychain/first@2x.png delete mode 100644 Keychain/main.m delete mode 100644 Keychain/second.png delete mode 100644 Keychain/second@2x.png delete mode 100644 Keychain/utilities.c delete mode 100644 Keychain/utilities.h rename {IDSKeychainSyncingProxy => KeychainSyncingOverIDSProxy}/IDSPersistentState.h (93%) rename {IDSKeychainSyncingProxy => KeychainSyncingOverIDSProxy}/IDSPersistentState.m (91%) rename {IDSKeychainSyncingProxy => KeychainSyncingOverIDSProxy}/IDSProxy.h (80%) rename {IDSKeychainSyncingProxy => KeychainSyncingOverIDSProxy}/IDSProxy.m (58%) rename IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxyReceiveMessage.h => KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+ReceiveMessage.h (96%) rename IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxyReceiveMessage.m => KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+ReceiveMessage.m (60%) rename IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxySendMessage.h => KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+SendMessage.h (77%) create mode 100644 KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+SendMessage.m rename IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxyThrottle.h => KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+Throttle.h (96%) rename IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxyThrottle.m => KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+Throttle.m (85%) rename IDSKeychainSyncingProxy/IDSKeychainSyncingProxy-Info.plist => KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy-Info.plist (93%) create mode 100644 KeychainSyncingOverIDSProxy/com.apple.private.alloy.keychainsync.plist rename IDSKeychainSyncingProxy/com.apple.security.idskeychainsyncingproxy.ios.plist => KeychainSyncingOverIDSProxy/com.apple.security.keychainsyncingoveridsproxy.ios.plist (76%) rename IDSKeychainSyncingProxy/com.apple.security.idskeychainsyncingproxy.osx.plist => KeychainSyncingOverIDSProxy/com.apple.security.keychainsyncingoveridsproxy.osx.plist (76%) rename {IDSKeychainSyncingProxy => KeychainSyncingOverIDSProxy}/en.lproj/InfoPlist.strings (100%) rename IDSKeychainSyncingProxy/idskeychainsyncingproxy.entitlements.plist => KeychainSyncingOverIDSProxy/keychainsyncingoveridsproxy.entitlements.plist (89%) rename IDSKeychainSyncingProxy/idskeychainsyncingproxy.m => KeychainSyncingOverIDSProxy/keychainsyncingoveridsproxy.m (77%) delete mode 100644 OSX/OSX.xcodeproj/project.pbxproj delete mode 100644 OSX/config/command.xcconfig delete mode 100644 OSX/config/executable.xcconfig delete mode 100644 OSX/config/security.xcconfig create mode 100644 OSX/config/security_framework_macos.xcconfig create mode 100644 OSX/config/security_macos.xcconfig delete mode 100644 OSX/config/test.xcconfig delete mode 100644 OSX/lib/en.lproj/FDELocalizable.strings delete mode 100644 OSX/lib/security.exp-in delete mode 100644 OSX/libsecurity_apple_csp/lib/cssmplugin.exp delete mode 100644 OSX/libsecurity_apple_csp/libsecurity_apple_csp.xcodeproj/project.pbxproj rename OSX/libsecurity_apple_csp/open_ssl/openssl/{asn1.h => asn1_legacy.h} (99%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{bio.h => bio_legacy.h} (99%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{blowfish.h => blowfish_legacy.h} (99%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{bn.h => bn_legacy.h} (99%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{buffer.h => buffer_legacy.h} (99%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{cast.h => cast_legacy.h} (99%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{crypto.h => crypto_legacy.h} (99%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{dh.h => dh_legacy.h} (98%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{dsa.h => dsa_legacy.h} (98%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{e_os2.h => e_os2_legacy.h} (95%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{evp.h => evp_legacy.h} (98%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{lhash.h => lhash_legacy.h} (99%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{objects.h => objects_legacy.h} (99%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{openssl_pkcs7.h => openssl_pkcs7_legacy.h} (99%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{opensslconf.h => opensslconf_legacy.h} (97%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{err.h => opensslerr.h} (99%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{opensslv.h => opensslv_legacy.h} (100%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{rc2.h => rc2_legacy.h} (98%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{rc5.h => rc5_legacy.h} (98%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{rsa.h => rsa_legacy.h} (99%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{safestack.h => safestack_legacy.h} (99%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{stack.h => stack_legacy.h} (99%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{x509.h => x509_legacy.h} (99%) rename OSX/libsecurity_apple_csp/open_ssl/openssl/{x509_vfy.h => x509_vfy_legacy.h} (98%) delete mode 100644 OSX/libsecurity_apple_cspdl/libsecurity_apple_cspdl.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_apple_file_dl/libsecurity_apple_file_dl.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_apple_x509_cl/libsecurity_apple_x509_cl.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_apple_x509_tp/lib/tpCertAllowList.c delete mode 100644 OSX/libsecurity_apple_x509_tp/lib/tpCertAllowList.h delete mode 100644 OSX/libsecurity_apple_x509_tp/libsecurity_apple_x509_tp.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_asn1/config/base.xcconfig delete mode 100644 OSX/libsecurity_asn1/config/debug.xcconfig delete mode 100644 OSX/libsecurity_asn1/config/lib.xcconfig delete mode 100644 OSX/libsecurity_asn1/config/release.xcconfig delete mode 100644 OSX/libsecurity_asn1/lib/oidsbase.h delete mode 100644 OSX/libsecurity_asn1/libsecurity_asn1.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_authorization/lib/security_authorization.exp delete mode 100644 OSX/libsecurity_authorization/libsecurity_authorization.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_cdsa_client/libsecurity_cdsa_client.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_cdsa_plugin/libsecurity_cdsa_plugin.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_cdsa_utilities/libsecurity_cdsa_utilities.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_cdsa_utils/libsecurity_cdsa_utils.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_checkpw/lib/security_checkpw.exp delete mode 100644 OSX/libsecurity_checkpw/libsecurity_checkpw.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_cms/lib/security_cms.exp delete mode 100644 OSX/libsecurity_codesigning/lib/SecTask.h delete mode 100644 OSX/libsecurity_codesigning/lib/security_codesigning.exp delete mode 100644 OSX/libsecurity_codesigning/libsecurity_codesigning.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_comcryption/libsecurity_comcryption.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_cryptkit/libsecurity_cryptkit.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_cssm/lib/generator.mk delete mode 100644 OSX/libsecurity_cssm/libsecurity_cssm.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_filedb/libsecurity_filedb.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_keychain/lib/SecBase.h delete mode 100644 OSX/libsecurity_keychain/lib/SecBasePriv.h delete mode 100644 OSX/libsecurity_keychain/lib/SecCertificate.h delete mode 100644 OSX/libsecurity_keychain/lib/SecCertificatePriv.h delete mode 100644 OSX/libsecurity_keychain/lib/SecCertificateRequest.h delete mode 100644 OSX/libsecurity_keychain/lib/SecIdentityPriv.h delete mode 100644 OSX/libsecurity_keychain/lib/SecInternal.h delete mode 100644 OSX/libsecurity_keychain/lib/SecInternalP.h delete mode 100644 OSX/libsecurity_keychain/lib/SecItem.h delete mode 100644 OSX/libsecurity_keychain/lib/SecItemPriv.h delete mode 100644 OSX/libsecurity_keychain/lib/SecKeyPriv.h delete mode 100644 OSX/libsecurity_keychain/lib/SecPolicyPriv.h delete mode 100644 OSX/libsecurity_keychain/lib/SecTrust.h delete mode 100644 OSX/libsecurity_keychain/lib/SecTrustSettings.h delete mode 100644 OSX/libsecurity_keychain/lib/SecTrustSettingsPriv.h delete mode 100644 OSX/libsecurity_keychain/lib/security_keychain.exp delete mode 100644 OSX/libsecurity_keychain/libDER/config/base.xcconfig delete mode 100644 OSX/libsecurity_keychain/libDER/config/debug.xcconfig delete mode 100644 OSX/libsecurity_keychain/libDER/config/lib.xcconfig delete mode 100644 OSX/libsecurity_keychain/libDER/config/release.xcconfig delete mode 100644 OSX/libsecurity_keychain/libDER/libDER.xcodeproj/.gitignore delete mode 100644 OSX/libsecurity_keychain/libDER/libDER.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_keychain/libsecurity_keychain.xcodeproj/project.pbxproj create mode 100644 OSX/libsecurity_keychain/regressions/kc-20-item-add-stress.c create mode 100644 OSX/libsecurity_keychain/regressions/kc-20-item-delete-stress.c delete mode 100644 OSX/libsecurity_manifest/lib/security_manifest.exp delete mode 100644 OSX/libsecurity_manifest/libsecurity_manifest.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_mds/lib/security_mds.exp delete mode 100644 OSX/libsecurity_mds/libsecurity_mds.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_ocspd/libsecurity_ocspd.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_ocspd/mig/mig.mk delete mode 100644 OSX/libsecurity_pkcs12/libsecurity_pkcs12.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_sd_cspdl/libsecurity_sd_cspdl.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_smime/lib/security_smime.exp delete mode 100644 OSX/libsecurity_ssl/config/base.xcconfig delete mode 100644 OSX/libsecurity_ssl/config/debug.xcconfig delete mode 100644 OSX/libsecurity_ssl/config/kext.xcconfig delete mode 100644 OSX/libsecurity_ssl/config/lib.xcconfig delete mode 100644 OSX/libsecurity_ssl/config/release.xcconfig delete mode 100644 OSX/libsecurity_ssl/config/tests.xcconfig delete mode 100644 OSX/libsecurity_ssl/lib/security_ssl.exp delete mode 100644 OSX/libsecurity_ssl/libsecurity_ssl.xcodeproj/.gitignore delete mode 100644 OSX/libsecurity_ssl/libsecurity_ssl.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_transform/Configurations/libsecurity_transform.Default.xcconfig delete mode 100644 OSX/libsecurity_transform/Configurations/libsecurity_transform_Deployment.xcconfig delete mode 100644 OSX/libsecurity_transform/Configurations/libsecurity_transform_Development.xcconfig delete mode 100644 OSX/libsecurity_transform/Configurations/libsecurity_transform_core.xcconfig delete mode 100644 OSX/libsecurity_transform/Configurations/security_transform_Default.xcconfig delete mode 100644 OSX/libsecurity_transform/Configurations/security_transform_Deployment.xcconfig delete mode 100644 OSX/libsecurity_transform/Configurations/security_transform_Development.xcconfig delete mode 100644 OSX/libsecurity_transform/lib/security_transform.exp delete mode 100644 OSX/libsecurity_transform/libsecurity_transform.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_translocate/lib/security_translocate.exp delete mode 100644 OSX/libsecurity_translocate/libsecurity_translocate.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurity_utilities/lib/dtrace.mk delete mode 100644 OSX/libsecurity_utilities/lib/exports delete mode 100644 OSX/libsecurity_utilities/libsecurity_utilities.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurityd/libsecurityd.xcodeproj/project.pbxproj delete mode 100644 OSX/libsecurityd/mig/mig.mk delete mode 100644 OSX/regressions/regressions.xcodeproj/.gitignore delete mode 100644 OSX/regressions/regressions.xcodeproj/project.pbxproj rename OSX/sec/{IDSKeychainSyncingProxy/IDSKeychainSyncingProxy.1 => KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy.1} (93%) delete mode 100644 OSX/sec/SOSCircle/CKBridge/CKClient.c delete mode 100644 OSX/sec/SOSCircle/CKBridge/CKClient.h delete mode 100644 OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainLogging.c delete mode 100644 OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainLogging.h delete mode 100644 OSX/sec/SOSCircle/CKBridge/SOSCloudTransport.c delete mode 100644 OSX/sec/SOSCircle/CKBridge/SOSCloudTransport.h delete mode 100644 OSX/sec/SOSCircle/CloudKeychainProxy/CKDKVSProxy.h delete mode 100644 OSX/sec/SOSCircle/CloudKeychainProxy/CKDKVSProxy.m delete mode 100644 OSX/sec/SOSCircle/CloudKeychainProxy/CKDPersistentState.h delete mode 100644 OSX/sec/SOSCircle/CloudKeychainProxy/CKDPersistentState.m delete mode 100644 OSX/sec/SOSCircle/CloudKeychainProxy/ckdmain.m delete mode 100644 OSX/sec/SOSCircle/CloudKeychainProxy/cloudkeychainproxy.m delete mode 100644 OSX/sec/SOSCircle/CloudKeychainProxy/scripts/PhoneTerms2.applescript delete mode 100644 OSX/sec/SOSCircle/CloudKeychainProxy/scripts/PhoneTerms2.scpt delete mode 100755 OSX/sec/SOSCircle/CloudKeychainProxy/scripts/install_on_devices delete mode 100644 OSX/sec/SOSCircle/CloudKeychainProxy/scripts/kcstatus delete mode 100755 OSX/sec/SOSCircle/CloudKeychainProxy/scripts/sosbuildroot delete mode 100755 OSX/sec/SOSCircle/CloudKeychainProxy/scripts/soscopy delete mode 100755 OSX/sec/SOSCircle/CloudKeychainProxy/scripts/soscopysshkeys delete mode 100644 OSX/sec/SOSCircle/CloudKeychainProxy/scripts/sosinstallroot delete mode 100644 OSX/sec/SOSCircle/CloudKeychainProxy/scripts/sosreset delete mode 100755 OSX/sec/SOSCircle/CloudKeychainProxy/scripts/tweak create mode 100644 OSX/sec/SOSCircle/Regressions/CKDSimulatedAccount.h create mode 100644 OSX/sec/SOSCircle/Regressions/CKDSimulatedAccount.m create mode 100644 OSX/sec/SOSCircle/Regressions/secd-210-keyinterest.m create mode 100644 OSX/sec/SOSCircle/SecureObjectSync/CKDSimulatedStore.h create mode 100644 OSX/sec/SOSCircle/SecureObjectSync/CKDSimulatedStore.m create mode 100644 OSX/sec/SOSCircle/SecureObjectSync/SOSAccountGetSet.c create mode 100644 OSX/sec/SOSCircle/SecureObjectSync/SOSAccountGhost.c create mode 100644 OSX/sec/SOSCircle/SecureObjectSync/SOSAccountGhost.h create mode 100644 OSX/sec/SOSCircle/SecureObjectSync/SOSAccountRecovery.c create mode 100644 OSX/sec/SOSCircle/SecureObjectSync/SOSAccountSync.c create mode 100644 OSX/sec/SOSCircle/SecureObjectSync/SOSBackupInformation.c create mode 100644 OSX/sec/SOSCircle/SecureObjectSync/SOSBackupInformation.h create mode 100644 OSX/sec/SOSCircle/SecureObjectSync/SOSKeyedPubKeyIdentifier.c rename OSX/sec/{Security/Security.h => SOSCircle/SecureObjectSync/SOSKeyedPubKeyIdentifier.h} (55%) create mode 100644 OSX/sec/SOSCircle/SecureObjectSync/SOSRecoveryKeyBag.c create mode 100644 OSX/sec/SOSCircle/SecureObjectSync/SOSRecoveryKeyBag.h create mode 100644 OSX/sec/SOSCircle/SecureObjectSync/SOSRingRecovery.c create mode 100644 OSX/sec/SOSCircle/SecureObjectSync/SOSRingRecovery.h create mode 100644 OSX/sec/SOSCircle/Tool/accountCirclesViewsPrint.c create mode 100644 OSX/sec/SOSCircle/Tool/accountCirclesViewsPrint.h rename SecurityFeatures/OSX/SecurityFeatures.h => OSX/sec/SOSCircle/Tool/recovery_key.h (63%) create mode 100644 OSX/sec/SOSCircle/Tool/recovery_key.m delete mode 100644 OSX/sec/Security/AuthorizationStatus.h create mode 100644 OSX/sec/Security/Regressions/crypto/spbkdf-01-hmac-sha256.c create mode 100644 OSX/sec/Security/Regressions/rk_01_recoverykey.m create mode 100644 OSX/sec/Security/Regressions/secitem/si-29-sectrust-sha1-deprecation.h create mode 100644 OSX/sec/Security/Regressions/secitem/si-29-sectrust-sha1-deprecation.m delete mode 100644 OSX/sec/Security/SecBase.h delete mode 100644 OSX/sec/Security/SecCertificate.h delete mode 100644 OSX/sec/Security/SecCertificatePriv.h delete mode 100644 OSX/sec/Security/SecCertificateRequest.h delete mode 100644 OSX/sec/Security/SecIdentity.h delete mode 100644 OSX/sec/Security/SecIdentityPriv.h delete mode 100644 OSX/sec/Security/SecImportExport.h delete mode 100644 OSX/sec/Security/SecKey.h delete mode 100644 OSX/sec/Security/SecPolicy.h delete mode 100644 OSX/sec/Security/SecRandom.h create mode 100644 OSX/sec/Security/SecRecoveryKey.h create mode 100644 OSX/sec/Security/SecRecoveryKey.m delete mode 100644 OSX/sec/Security/SecTrustPriv.h delete mode 100644 OSX/sec/Security/SecTrustSettings.c delete mode 100644 OSX/sec/Security/SecTrustSettings.h delete mode 100644 OSX/sec/Security/SecTrustSettingsPriv.h delete mode 100644 OSX/sec/Security/certextensions.h delete mode 100644 OSX/sec/Security/cssmapple.h create mode 100644 OSX/sec/SharedWebCredential/swcagent-entitlements.plist delete mode 100644 OSX/sec/config/base.xcconfig delete mode 100644 OSX/sec/config/debug.xcconfig delete mode 100644 OSX/sec/config/lib-arc-only.xcconfig delete mode 100644 OSX/sec/config/lib.xcconfig delete mode 100644 OSX/sec/config/release.xcconfig delete mode 100644 OSX/sec/sec.xcodeproj/project.pbxproj create mode 100644 OSX/sec/securityd/Regressions/secd-202-recoverykey.m create mode 100644 OSX/sec/securityd/Regressions/secd-66-account-recovery.c create mode 100644 OSX/sec/securityd/Regressions/secd-668-ghosts.c create mode 100644 OSX/sec/securityd/Regressions/secd-67-prefixedKeyIDs.c create mode 100644 OSX/sec/securityd/Regressions/secd-80-views-alwayson.c create mode 100644 OSX/sec/securityd/SecCertificateSource.c create mode 100644 OSX/sec/securityd/SecCertificateSource.h create mode 100644 OSX/sec/securityd/SecRevocationDb.c create mode 100644 OSX/sec/securityd/SecRevocationDb.h rename SecurityTests/regressions/test/testcssm.h => OSX/sec/securityd/SecTrustLoggingServer.c (75%) rename SecurityFeatures/iOS/SecurityFeatures.h => OSX/sec/securityd/SecTrustLoggingServer.h (74%) delete mode 100644 OSX/shared_regressions/si-20-sectrust-policies-data/.gitignore create mode 100644 OSX/shared_regressions/si-20-sectrust-policies-data/DODEMAILCA30.cer create mode 100644 OSX/shared_regressions/si-20-sectrust-policies-data/DODInteroperabilityRootCA1.cer create mode 100644 OSX/shared_regressions/si-20-sectrust-policies-data/DODInteroperabilityRootCA2.cer create mode 100644 OSX/shared_regressions/si-20-sectrust-policies-data/DODRootCA2.cer create mode 100644 OSX/shared_regressions/si-20-sectrust-policies-data/ECARootCA4.cer delete mode 100644 OSX/shared_regressions/si-20-sectrust-policies-data/EntrustCAL1C.cer delete mode 100644 OSX/shared_regressions/si-20-sectrust-policies-data/EntrustRootCA.cer create mode 100755 OSX/shared_regressions/si-20-sectrust-policies-data/FakeDODIDSWCA37-noRequireExplicitPolicies.cer create mode 100755 OSX/shared_regressions/si-20-sectrust-policies-data/FakeDODIDSWCA37.cer create mode 100755 OSX/shared_regressions/si-20-sectrust-policies-data/FakeDODInteroperability-extraPolicies.cer create mode 100755 OSX/shared_regressions/si-20-sectrust-policies-data/FakeDODInteroperability-noRequireExplicitPolicies.cer create mode 100755 OSX/shared_regressions/si-20-sectrust-policies-data/FakeDODInteroperability.cer create mode 100755 OSX/shared_regressions/si-20-sectrust-policies-data/FakeDODLeaf.cer create mode 100755 OSX/shared_regressions/si-20-sectrust-policies-data/FakeDODRootCA3-noRequireExplicitPolicies.cer create mode 100755 OSX/shared_regressions/si-20-sectrust-policies-data/FakeDODRootCA3.cer create mode 100755 OSX/shared_regressions/si-20-sectrust-policies-data/FakeFederalBridgeCA-extraPolicies.cer create mode 100755 OSX/shared_regressions/si-20-sectrust-policies-data/FakeFederalBridgeCA.cer create mode 100755 OSX/shared_regressions/si-20-sectrust-policies-data/FakeFederalCommonPolicy.cer create mode 100644 OSX/shared_regressions/si-20-sectrust-policies-data/FederalBridgeCA2013.cer create mode 100644 OSX/shared_regressions/si-20-sectrust-policies-data/FederalCommonPolicyCA.cer create mode 100644 OSX/shared_regressions/si-20-sectrust-policies-data/SHA1FederalRootCA.cer delete mode 100644 OSX/shared_regressions/si-20-sectrust-policies-data/apn_legacy.cer create mode 100644 OSX/shared_regressions/si-20-sectrust-policies-data/smime_signing.cer delete mode 100644 OSX/utilities/config/lib.xcconfig create mode 100644 OSX/utilities/src/NSURL+SOSPlistStore.h create mode 100644 OSX/utilities/src/NSURL+SOSPlistStore.m create mode 100644 OSX/utilities/src/SecADWrapper.c rename SecurityTests/clxutils/rootStoreTool/parseTrustedRootList.h => OSX/utilities/src/SecADWrapper.h (66%) delete mode 100644 OSX/utilities/src/comparison.c delete mode 100644 OSX/utilities/src/comparison.h delete mode 100644 OSX/utilities/utilities.xcodeproj/.gitignore delete mode 100644 OSX/utilities/utilities.xcodeproj/project.pbxproj delete mode 100644 SecureObjectSync.exp rename {OSX/OSX.xcodeproj => Security.xcodeproj}/xcshareddata/xcschemes/osx - World.xcscheme (92%) rename {OSX/OSX.xcodeproj => Security.xcodeproj}/xcshareddata/xcschemes/osx - secdtests.xcscheme (82%) rename {OSX/OSX.xcodeproj => Security.xcodeproj}/xcshareddata/xcschemes/osx - sectests.xcscheme (74%) delete mode 100644 Security/sec/securityd/SecItemSchema.c delete mode 100755 SecurityFeatures/CopyHeaders.sh delete mode 100755 SecurityFeatures/ExternalProject.sh delete mode 100644 SecurityFeatures/README.txt delete mode 100644 SecurityTests/CreateCerts.sh create mode 100644 SecurityTests/NOTE.txt delete mode 100644 SecurityTests/PostSecurityTests.sh delete mode 100644 SecurityTests/PreSecurityTests.sh delete mode 100644 SecurityTests/StartTLSServers.sh delete mode 100644 SecurityTests/StopTLSServers.sh delete mode 100644 SecurityTests/clxutils/ChangeLog delete mode 100644 SecurityTests/clxutils/Makefile delete mode 100644 SecurityTests/clxutils/Makefile.cdsa delete mode 100644 SecurityTests/clxutils/Makefile.lib delete mode 100755 SecurityTests/clxutils/NISCC/TLS_SSL/CoveringLetter.pdf delete mode 100644 SecurityTests/clxutils/NISCC/TLS_SSL/Makefile delete mode 100644 SecurityTests/clxutils/NISCC/TLS_SSL/README.txt delete mode 100755 SecurityTests/clxutils/NISCC/TLS_SSL/SSL_TLS.pdf delete mode 100644 SecurityTests/clxutils/NISCC/TLS_SSL/certDecode/Makefile delete mode 100644 SecurityTests/clxutils/NISCC/TLS_SSL/certDecode/certDecode.cpp delete mode 100644 SecurityTests/clxutils/NISCC/TLS_SSL/dmitchNotes delete mode 100644 SecurityTests/clxutils/NISCC/TLS_SSL/nisccCertVerify/Makefile delete mode 100644 SecurityTests/clxutils/NISCC/TLS_SSL/nisccCertVerify/nisccCertVerify.cpp delete mode 100644 SecurityTests/clxutils/NISCC/TLS_SSL/nisccSimpleClient/Makefile delete mode 100644 SecurityTests/clxutils/NISCC/TLS_SSL/nisccSimpleClient/nisccSimpleClient.cpp delete mode 100755 SecurityTests/clxutils/NISCC/TLS_SSL/nisccSslTest delete mode 100644 SecurityTests/clxutils/NISCC/TLS_SSL/skipThisNisccCert/Makefile delete mode 100644 SecurityTests/clxutils/NISCC/TLS_SSL/skipThisNisccCert/skipThisNisccCert.cpp delete mode 100755 SecurityTests/clxutils/NISCC/TLS_SSL/testcases/client.crt delete mode 100755 SecurityTests/clxutils/NISCC/TLS_SSL/testcases/client_crt.pem delete mode 100644 SecurityTests/clxutils/NISCC/TLS_SSL/testcases/client_key.der delete mode 100755 SecurityTests/clxutils/NISCC/TLS_SSL/testcases/client_key.pem delete mode 100755 SecurityTests/clxutils/NISCC/TLS_SSL/testcases/readme.txt delete mode 100755 SecurityTests/clxutils/NISCC/TLS_SSL/testcases/rootca.crt delete mode 100755 SecurityTests/clxutils/NISCC/TLS_SSL/testcases/rootca_crt.pem delete mode 100755 SecurityTests/clxutils/NISCC/TLS_SSL/testcases/rootca_key.pem delete mode 100755 SecurityTests/clxutils/NISCC/TLS_SSL/testcases/server.crt delete mode 100755 SecurityTests/clxutils/NISCC/TLS_SSL/testcases/server_crt.pem delete mode 100755 SecurityTests/clxutils/NISCC/TLS_SSL/testcases/server_key.pem delete mode 100644 SecurityTests/clxutils/README delete mode 100644 SecurityTests/clxutils/anchorTest/Makefile delete mode 100755 SecurityTests/clxutils/anchorTest/anchorSourceTest delete mode 100644 SecurityTests/clxutils/anchorTest/anchorTest.cpp delete mode 100755 SecurityTests/clxutils/anchorTest/buildCertKeychains delete mode 100755 SecurityTests/clxutils/anchorTest/intermedSourceTest delete mode 100755 SecurityTests/clxutils/anchorTest/intermedTest delete mode 100644 SecurityTests/clxutils/caVerify/Makefile delete mode 100644 SecurityTests/clxutils/caVerify/caVerify.cpp delete mode 100755 SecurityTests/clxutils/certChain/Makefile delete mode 100644 SecurityTests/clxutils/certChain/README delete mode 100644 SecurityTests/clxutils/certChain/amazon_v3.100.cer delete mode 100644 SecurityTests/clxutils/certChain/certChain.cpp delete mode 100644 SecurityTests/clxutils/certChain/keybank_v3.100.cer delete mode 100644 SecurityTests/clxutils/certChain/keybank_v3.101.cer delete mode 100644 SecurityTests/clxutils/certInCrl/Makefile delete mode 100644 SecurityTests/clxutils/certInCrl/certInCrl.cpp delete mode 100644 SecurityTests/clxutils/certLabelTest/Makefile delete mode 100644 SecurityTests/clxutils/certLabelTest/certLabelTest.cpp delete mode 100644 SecurityTests/clxutils/certSerialEncodeTest/Makefile delete mode 100644 SecurityTests/clxutils/certSerialEncodeTest/certSerialEncodeTest.cpp delete mode 100644 SecurityTests/clxutils/certTime/Makefile delete mode 100644 SecurityTests/clxutils/certTime/anchor_0 delete mode 100644 SecurityTests/clxutils/certTime/anchor_34 delete mode 100644 SecurityTests/clxutils/certTime/anchor_44 delete mode 100644 SecurityTests/clxutils/certTime/anchor_76 delete mode 100644 SecurityTests/clxutils/certTime/anchor_80 delete mode 100644 SecurityTests/clxutils/certTime/anchor_9 delete mode 100644 SecurityTests/clxutils/certTime/certTime.cpp delete mode 100644 SecurityTests/clxutils/certTime/extenCooker.cpp delete mode 100644 SecurityTests/clxutils/certTime/extenCooker.h delete mode 100755 SecurityTests/clxutils/certTime/runTime delete mode 100644 SecurityTests/clxutils/certcrl/Makefile delete mode 100644 SecurityTests/clxutils/certcrl/README.doc delete mode 100644 SecurityTests/clxutils/certcrl/certcrl.cpp delete mode 100644 SecurityTests/clxutils/certcrl/script.cpp delete mode 100644 SecurityTests/clxutils/certcrl/script.h delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleCerts.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleDevelopment.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleQuickTime.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleROOTCA.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleSWUPDATE.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleSecUpdate.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleSherlock.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleSignUpdate.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleSoftUpdate.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/AppleCodeSigning.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/CodeSignTest.keychain delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csCA.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csCaBadEKU.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csCaBadPLC.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csCaNoBC.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csCaNoEKU.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csCaNoPLC.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csDevLeaf.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csLeaf.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csLeafBadEKU.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csLeafBadEKUinInt.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csLeafBadPLCinInt.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csLeafNoBcInInt.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csLeafNoEKU.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csLeafNoEKUinInt.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csLeafNoPLCinInt.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csLeafShortPath.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csRoot.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/CodePkgSigning/BadCodeSignLeaf.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/CodePkgSigning/CodePkgSigning.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/CodePkgSigning/CodeSignLeaf.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/CodePkgSigning/CodeSignRoot.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/CodePkgSigning/NoEKULeaf.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/GarthCRL/.gdb_history delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/GarthCRL/CNTMTT68S21G224G.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/GarthCRL/InfoCamereFirmaQualificata.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/GarthCRL/InfoCamereRoot.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/GarthCRL/crl.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/GarthCRL/fetched.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/ECCCA.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/ECCp192.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/ECCp224.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/ECCp256.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/ECCp384.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/ECCp521.cer delete mode 100755 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P256_Specified_SHA1.cer delete mode 100755 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P256_Specified_SHA256.cer delete mode 100755 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P256_combined_SHA256.cer delete mode 100755 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P256_combined_SHA512.cer delete mode 100755 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P384_Specified_SHA256.cer delete mode 100755 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P384_Specified_SHA384.cer delete mode 100755 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P384_combined_SHA1.cer delete mode 100755 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P384_combined_SHA256.cer delete mode 100755 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P521_Specified_SHA1.cer delete mode 100755 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P521_combined_SHA1.cer delete mode 100755 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P521_combined_SHA512.cer delete mode 100755 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/RootP256.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/msEcc.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/nssecc.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/opensslEcc.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/secp256r1ca.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/secp256r1server-secp256r1ca.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/secp384r1ca.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/secp384r1server-secp384r1ca.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/secp521r1ca.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/secp521r1server-secp521r1ca.cer delete mode 100755 SecurityTests/clxutils/certcrl/testSubjects/X509tests/Certificate Path.pdf delete mode 100755 SecurityTests/clxutils/certcrl/testSubjects/X509tests/makeCertScr delete mode 100755 SecurityTests/clxutils/certcrl/testSubjects/X509tests/runCertScr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test1/End Certificate CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test1/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test1/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test10/End Certificate CP.03.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test10/Intermediate CRL CP.03.02.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test10/Intermediate Certificate CP.03.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test10/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test10/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test11/End Certificate CP.03.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test11/Intermediate CRL CP.03.03.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test11/Intermediate Certificate CP.03.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test11/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test11/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test12/End Certificate CP.03.04.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test12/Intermediate CRL CP.03.04.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test12/Intermediate Certificate CP.03.04.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test12/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test12/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test13/End Certificate CP.04.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test13/Intermediate CRL CP.04.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test13/Intermediate Certificate CP.04.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test13/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test13/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test14/End Certificate CP.04.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test14/Intermediate CRL CP.04.02.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test14/Intermediate Certificate CP.04.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test14/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test14/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test15/End Certificate CP.04.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test15/Intermediate CRL CP.04.03.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test15/Intermediate Certificate CP.04.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test15/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test15/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test16/End Certificate CP.04.04.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test16/Intermediate CRL CP.04.04.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test16/Intermediate Certificate CP.04.04.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test16/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test16/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test17/End Certificate CP.04.05.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test17/Intermediate CRL CP.04.05.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test17/Intermediate Certificate CP.04.05.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test17/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test17/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test18/End Certificate CP.04.06.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test18/Intermediate CRL CP.04.06.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test18/Intermediate Certificate CP.04.06.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test18/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test18/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test19/End Certificate CP.05.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test19/Intermediate Certificate CP.05.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test19/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test19/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test2/End Certificate CP.01.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test2/Intermediate CRL CP.01.02.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test2/Intermediate Certificate CP.01.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test2/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test2/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test20/End Certificate CP.06.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test20/Intermediate CRL CP.06.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test20/Intermediate Certificate CP.06.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test20/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test20/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test21/End Certificate CP.06.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test21/Intermediate CRL CP.06.02.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test21/Intermediate Certificate CP.06.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test21/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test21/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test22/End Certificate IC.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test22/Intermediate CRL IC.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test22/Intermediate Certificate IC.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test22/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test22/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test23/End Certificate IC.02.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test23/Intermediate CRL IC.02.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test23/Intermediate Certificate IC.02.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test23/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test23/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test24/End Certificate IC.02.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test24/Intermediate CRL IC.02.02.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test24/Intermediate Certificate IC.02.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test24/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test24/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test25/End Certificate IC.02.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test25/Intermediate CRL IC.02.03.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test25/Intermediate Certificate IC.02.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test25/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test25/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test26/End Certificate IC.02.04.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test26/Intermediate CRL IC.02.04.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test26/Intermediate Certificate IC.02.04.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test26/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test26/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test27/End Certificate IC.04.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test27/Intermediate CRL IC.04.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test27/Intermediate Certificate IC.04.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test27/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test27/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test28/End Certificate IC.05.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test28/Intermediate CRL IC.05.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test28/Intermediate Certificate IC.05.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test28/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test28/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test29/End Certificate IC.05.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test29/Intermediate CRL IC.05.02.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test29/Intermediate Certificate IC.05.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test29/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test29/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test3/End Certificate CP.01.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test3/Intermediate CRL CP.01.03.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test3/Intermediate Certificate CP.01.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test3/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test3/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test30/End Certificate IC.05.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test30/Intermediate CRL IC.05.03.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test30/Intermediate Certificate IC.05.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test30/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test30/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test31/End Certificate IC.06.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test31/Intermediate CRL IC.06.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test31/Intermediate Certificate IC.06.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test31/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test31/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test32/End Certificate IC.06.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test32/Intermediate CRL IC.06.02.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test32/Intermediate Certificate IC.06.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test32/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test32/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test33/End Certificate IC.06.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test33/Intermediate CRL IC.06.03.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test33/Intermediate Certificate IC.06.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test33/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test33/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test34/End Certificate PP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test34/Intermediate CRL PP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test34/Intermediate Certificate PP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test34/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test34/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test35/End Certificate PP.01.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test35/Intermediate CRL PP.01.02.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test35/Intermediate Certificate PP.01.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test35/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test35/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test36/End Certificate PP.01.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test36/Intermediate CRL 1 PP.01.03.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test36/Intermediate CRL 2 PP.01.03.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test36/Intermediate Certificate 1 PP.01.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test36/Intermediate Certificate 2 PP.01.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test36/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test36/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test37/End Certificate PP.01.04.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test37/Intermediate CRL 1 PP.01.04.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test37/Intermediate CRL 2 PP.01.04.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test37/Intermediate Certificate 1 PP.01.04.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test37/Intermediate Certificate 2 PP.01.04.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test37/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test37/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test38/End Certificate PP.01.05.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test38/Intermediate CRL 1 PP.01.05.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test38/Intermediate CRL 2 PP.01.05.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test38/Intermediate Certificate 1 PP.01.05.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test38/Intermediate Certificate 2 PP.01.05.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test38/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test38/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/End Certificate PP.01.06.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/Intermediate CRL 1 PP.01.06.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/Intermediate CRL 2 PP.01.06.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/Intermediate CRL 3 PP.01.06.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/Intermediate Certificate 1 PP.01.06.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/Intermediate Certificate 2 PP.01.06.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/Intermediate Certificate 3 PP.01.06.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test4/End Certificate CP.02.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test4/Intermediate CRL 1 CP.02.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test4/Intermediate CRL 2 CP.02.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test4/Intermediate Certificate 1 CP.02.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test4/Intermediate Certificate 2 CP.02.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test4/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test4/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/End Certificate PP.01.07.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/Intermediate CRL 1 PP.01.07.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/Intermediate CRL 2 PP.01.07.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/Intermediate CRL 3 PP.01.07.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/Intermediate Certificate 1 PP.01.07.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/Intermediate Certificate 2 PP.01.07.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/Intermediate Certificate 3 PP.01.07.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test41/End Certificate PP.01.08.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test41/Intermediate CRL 1 PP.01.08.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test41/Intermediate CRL 2 PP.01.08.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test41/Intermediate CRL 3 PP.01.08.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test41/Intermediate Certificate 1 PP.01.08.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test41/Intermediate Certificate 2 PP.01.08.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test41/Intermediate Certificate 3 PP.01.08.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test41/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test41/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/End Certificate PP.01.09.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/Intermediate CRL 1 PP.01.09.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/Intermediate CRL 2 PP.01.09.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/Intermediate CRL 3 PP.01.09.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/Intermediate CRL 4 PP.01.09.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/Intermediate Certificate 1 PP.01.09.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/Intermediate Certificate 2 PP.01.09.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/Intermediate Certificate 3 PP.01.09.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/Intermediate Certificate 4 PP.01.09.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/End Certificate PP.06.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Intermediate CRL 1 PP.06.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Intermediate CRL 2 PP.06.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Intermediate CRL 3 PP.06.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Intermediate CRL 4 PP.06.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Intermediate Certificate 1 PP.06.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Intermediate Certificate 2 PP.06.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Intermediate Certificate 3 PP.06.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Intermediate Certificate 4 PP.06.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/End Certificate PP.06.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/Intermediate CRL 1 PP.06.02.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/Intermediate CRL 2 PP.06.02.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/Intermediate CRL 3 PP.06.02.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/Intermediate CRL 4 PP.06.02.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/Intermediate Certificate 1 PP.06.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/Intermediate Certificate 2 PP.06.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/Intermediate Certificate 3 PP.06.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/Intermediate Certificate 4 PP.06.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/End Certificate PP.06.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Intermediate CRL 1 PP.06.03.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Intermediate CRL 2 PP.06.03.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Intermediate CRL 3 PP.06.03.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Intermediate CRL 4 PP.06.03.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Intermediate Certificate 1 PP.06.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Intermediate Certificate 2 PP.06.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Intermediate Certificate 3 PP.06.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Intermediate Certificate 4 PP.06.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/End Certificate PP.06.04.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Intermediate CRL 1 PP.06.04.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Intermediate CRL 2 PP.06.04.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Intermediate CRL 3 PP.06.04.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Intermediate CRL 4 PP.06.04.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Intermediate Certificate 1 PP.06.04.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Intermediate Certificate 2 PP.06.04.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Intermediate Certificate 3 PP.06.04.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Intermediate Certificate 4 PP.06.04.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test47/End Certificate PP.06.05.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test47/Intermediate CRL 1 PP.06.05.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test47/Intermediate CRL 2 PP.06.05.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test47/Intermediate CRL 3 PP.06.05.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test47/Intermediate CRL 4 PP.06.05.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test47/Intermediate Certificate 1 PP.06.05.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test47/Intermediate Certificate 2 PP.06.05.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test47/Intermediate Certificate 3 PP.06.05.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test47/Intermediate Certificate 4 PP.06.05.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test47/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test47/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test48/End Certificate PP.08.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test48/Intermediate CRL PP.08.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test48/Intermediate Certificate PP.08.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test48/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test48/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test49/End Certificate PP.08.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test49/Intermediate CRL PP.08.02.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test49/Intermediate Certificate PP.08.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test49/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test49/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test5/End Certificate CP.02.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test5/Intermediate CRL CP.02.02.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test5/Intermediate Certificate CP.02.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test5/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test5/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test50/End Certificate PP.08.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test50/Intermediate CRL PP.08.03.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test50/Intermediate Certificate PP.08.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test50/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test50/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test51/End Certificate PP.08.04.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test51/Intermediate CRL PP.08.04.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test51/Intermediate Certificate PP.08.04.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test51/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test51/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test52/End Certificate PP.08.05.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test52/Intermediate CRL PP.08.05.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test52/Intermediate Certificate PP.08.05.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test52/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test52/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test53/End Certificate PP.08.06.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test53/Intermediate CRL PP.08.06.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test53/Intermediate Certificate PP.08.06.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test53/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test53/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test54/End Certificate PL.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test54/Intermediate CRL 1 PL.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test54/Intermediate CRL 2 PL.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test54/Intermediate Certificate 1 PL.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test54/Intermediate Certificate 2 PL.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test54/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test54/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test55/End Certificate PL.01.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test55/Intermediate CRL 1 PL.01.02.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test55/Intermediate CRL 2 PL.01.02.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test55/Intermediate Certificate 1 PL.01.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test55/Intermediate Certificate 2 PL.01.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test55/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test55/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test56/End Certificate PL.01.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test56/Intermediate CRL PL.01.03.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test56/Intermediate Certificate PL.01.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test56/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test56/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test57/End Certificate PL.01.04.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test57/Intermediate CRL PL.01.04.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test57/Intermediate Certificate PL.01.04.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test57/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test57/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/End Certificate PL.01.05.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/Intermediate CRL 1 PL.01.05.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/Intermediate CRL 2 PL.01.05.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/Intermediate CRL 3 PL.01.05.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/Intermediate Certificate 1 PL.01.05.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/Intermediate Certificate 2 PL.01.05.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/Intermediate Certificate 3 PL.01.05.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/End Certificate PL.01.06.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/Intermediate CRL 1 PL.01.06.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/Intermediate CRL 2 PL.01.06.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/Intermediate CRL 3 PL.01.06.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/Intermediate Certificate 1 PL.01.06.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/Intermediate Certificate 2 PL.01.06.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/Intermediate Certificate 3 PL.01.06.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test6/End Certificate CP.02.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test6/Intermediate CRL CP.02.03.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test6/Intermediate Certificate CP.02.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test6/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test6/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/End Certificate PL.01.07.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate CRL 1 PL.01.07.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate CRL 2 PL.01.07.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate CRL 3 PL.01.07.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate CRL 4 PL.01.07.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate Certificate 1 PL.01.07.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate Certificate 2 PL.01.07.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate Certificate 3 PL.01.07.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate Certificate 4 PL.01.07.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/End Certificate PL.01.08.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/Intermediate CRL 1 PL.01.08.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/Intermediate CRL 2 PL.01.08.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/Intermediate CRL 3 PL.01.08.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/Intermediate CRL 4 PL.01.08.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/Intermediate Certificate 1 PL.01.08.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/Intermediate Certificate 2 PL.01.08.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/Intermediate Certificate 3 PL.01.08.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/Intermediate Certificate 4 PL.01.08.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/End Certificate PL.01.09.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/Intermediate CRL 1 PL.01.09.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/Intermediate CRL 2 PL.01.09.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/Intermediate CRL 3 PL.01.09.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/Intermediate CRL 4 PL.01.09.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/Intermediate Certificate 1 PL.01.09.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/Intermediate Certificate 2 PL.01.09.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/Intermediate Certificate 3 PL.01.09.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/Intermediate Certificate 4 PL.01.09.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/End Certificate PL.01.10.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/Intermediate CRL 1 PL.01.10.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/Intermediate CRL 2 PL.01.10.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/Intermediate CRL 3 PL.01.10.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/Intermediate CRL 4 PL.01.10.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/Intermediate Certificate 1 PL.01.10.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/Intermediate Certificate 2 PL.01.10.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/Intermediate Certificate 3 PL.01.10.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/Intermediate Certificate 4 PL.01.10.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test64/End Certificate RL.02.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test64/Intermediate CRL RL.02.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test64/Intermediate Certificate RL.02.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test64/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test64/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test65/End Certificate RL.03.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test65/Intermediate CRL RL.03.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test65/Intermediate Certificate 1 RL.03.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test65/Intermediate Certificate 2 RL.03.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test65/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test65/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test66/End Certificate RL.03.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test66/Intermediate CRL RL.03.02.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test66/Intermediate Certificate RL.03.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test66/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test66/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test67/End Certificate RL.03.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test67/Intermediate CRL 1 RL.03.03.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test67/Intermediate CRL 2 RL.03.03.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test67/Intermediate Certificate RL.03.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test67/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test67/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test68/End Certificate RL.05.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test68/Intermediate CRL 1 RL.05.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test68/Intermediate CRL 2 RL.05.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test68/Intermediate Certificate 1 RL.05.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test68/Intermediate Certificate 2 RL.05.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test68/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test68/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test69/End Certificate RL.05.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test69/Intermediate CRL RL.05.02.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test69/Intermediate Certificate RL.05.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test69/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test69/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test7/End Certificate CP.02.04.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test7/Intermediate CRL CP.02.04.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test7/Intermediate Certificate CP.02.04.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test7/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test7/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test70/End Certificate RL.06.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test70/Intermediate CRL 1 RL.06.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test70/Intermediate CRL 2 RL.06.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test70/Intermediate Certificate 1 RL.06.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test70/Intermediate Certificate 2 RL.06.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test70/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test70/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test71/End Certificate RL.06.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test71/Intermediate CRL RL.06.02.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test71/Intermediate Certificate RL.06.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test71/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test71/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test72/End Certificate RL.07.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test72/Intermediate CRL RL.07.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test72/Intermediate Certificate RL.07.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test72/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test72/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test73/End Certificate RL.07.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test73/Intermediate CRL RL.07.02.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test73/Intermediate Certificate RL.07.02.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test73/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test73/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test74/End Certificate RL.07.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test74/Intermediate CRL RL.07.03.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test74/Intermediate Certificate RL.07.03.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test74/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test74/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test75/End Certificate RL.08.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test75/Intermediate CRL RL.08.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test75/Intermediate Certificate RL.08.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test75/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test75/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test76/End Certificate RL.09.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test76/Intermediate CRL RL.09.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test76/Intermediate Certificate RL.09.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test76/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test76/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test8/End Certificate CP.02.05.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test8/Intermediate CRL CP.02.05.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test8/Intermediate Certificate CP.02.05.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test8/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test8/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test9/End Certificate CP.03.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test9/Intermediate CRL CP.03.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test9/Intermediate Certificate CP.03.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test9/Trust Anchor CP.01.01.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/test9/Trust Anchor CRL CP.01.01.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/X509tests/x509tests.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/anchorAndDb/amazon_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/anchorAndDb/anchorAndDb.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/anchorAndDb/dbWithLeaf.db delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/anchorAndDb/dbWithRoot.db delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/anchorAndDb/root_1.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/bmpSslHost/bmpSslHost.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/bmpSslHost/loopStone.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/bmpSslHost/stone.tees_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/bmpSslHost/stone.tees_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/bmpSslHost/stone.tees_v3.102.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/amazon_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/amazon_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/apple_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/apple_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/cduniverse_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/cduniverse_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/crlssl.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/entrust_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/entrust_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/firstamlink_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/keybank_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/keybank_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/keybank_v3.102.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/netfile.state.co_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/netfile.state.co_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/netfile.state.co_v3.102.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/one.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/proteron_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/puretec_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/secauth_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/secauth_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/verisign_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/verisign_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/verisign_v3.102.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/wellsfargo_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/wellsfargo_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/xdss_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/xdss_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlTime/crl.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlTime/crlTestLeaf.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlTime/crlTestRoot.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crlTime/crlTime.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crossSigned/SOA1-SOA2.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crossSigned/SOA2-SOA1.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crossSigned/crossSigned.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crossSigned/crossSigned1.db delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/crossSigned/crossSignedBoth.db delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF0.der delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF4.der delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF5.der delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF6.der delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF7.der delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/cacert.der delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/crl1.der delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/crl2.der delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/crl3.der delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/crl4.der delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/distPointName.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/emptyCert/CA.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/emptyCert/emptyCert.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/emptyCert/emptyCert.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/emptyCert/leaf.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/emptyCert/root.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/emptySubject/ca.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/emptySubject/emptySubject.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/emptySubject/user.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/.gdb_history delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/AppleDevRoot.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/NewDevCAIntermdiate.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/OriginalDevCAIntermediate.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/appleDevCAs.keychain delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/dmitchtread.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/expiredCA.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/one.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/bothCAs.keychain delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/ecExpiredCA.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/ecExpiredLeaf.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/ecExpiredRoot.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/ecGoodCA.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/ecGoodLeaf.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/ecGoodRoot.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/expiredCA.keychain delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/expiredCerts.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/expiredRoot.keychain delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/goodCA.keychain delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/goodRoot.keychain delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/one.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredRoot/applestore_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredRoot/applestore_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredRoot/expiredRoot.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/expiredRoot/iproj_v3.102.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/gipCps/gipCps.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/gipCps/gipCps0.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/hostNameDot/hostNameDot.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/hostNameDot/hostNameDotCommonName.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/hostNameDot/hostNameDotCommonNameDot.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/hostNameDot/hostNameDotRoot.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/hostNameDot/hostNameDotSubjAltName.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/hostNameDot/hostNameDotSubjAltNameDot.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/implicitAnchor/CA.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/implicitAnchor/implicitAnchor.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/implicitAnchor/leaf.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/implicitAnchor/root.cer delete mode 100755 SecurityTests/clxutils/certcrl/testSubjects/ipSec/VPNTrialCA.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ipSec/ipSec.scr delete mode 100755 SecurityTests/clxutils/certcrl/testSubjects/ipSec/vpn-gateway.vpntrial.com.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/localTime/badCert_1 delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/localTime/badCert_2 delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/localTime/badCert_3 delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/localTime/badCert_4 delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/localTime/localTime.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/miscPolicies/miscPolicies.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/miscPolicies/miscPoliciesRoot.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/miscPolicies/noEKU.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/miscPolicies/resourceSignLeaf.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/miscPolicies/rfc3280CodeSigningLeaf.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/netFetch/JITC_Class3Mail_CA.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/netFetch/JITC_Class3_root_CA.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/netFetch/c3MailCaCrl.db delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/netFetch/ghoo.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/netFetch/net.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/amazon_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/amazon_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/apple_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/apple_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/cduniverse_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/cduniverse_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/certum_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/certum_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/certum_v3.102.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/keybank_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/keybank_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/keybank_v3.102.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/ocspssl.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/ocspsslNew.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/one.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/proteron_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/secauth_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/secauth_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/thawte_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/thawte_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/verisign_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/verisign_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/verisign_v3.102.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/wellsfargo_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/wellsfargo_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/xdss_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/xdss_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocsp_openvalidation/Root_CA1.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocsp_openvalidation/Root_CA2.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocsp_openvalidation/Server_CA1.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocsp_openvalidation/Server_CA2.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocsp_openvalidation/User_CA1.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocsp_openvalidation/User_CA2.crt delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocsp_openvalidation/ocsp.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocsp_openvalidation/one.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/ocsp_openvalidation/one_CA2.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/.gdb_history delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/derCerts/eepkint1.der delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/derCerts/eepkint1.key.der delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/derCerts/pkint8k.der delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/derCerts/pkint8k.key.der delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/derCerts/uee8k.der delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/eepkint1.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/eepkint2.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/intca.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/parasite.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/parasiteEnableLargeKeys.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/parasiteErrDetect.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/pkint16k.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/pkint8k.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/pkuser.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/prsa16k.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/prsa8k.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/root.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/shintca.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/shroot.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/ssRootCert.der delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/ssSubjCert.der delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/tee16k.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/tee8k.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/uee16k.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/uee8k.pem delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/pkinitPolicy/CA.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/pkinitPolicy/noBC.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/pkinitPolicy/noCA.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/pkinitPolicy/pkinitPolicy.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/qualCertStatment/ICA3.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/qualCertStatment/Netlock1.der delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/qualCertStatment/badStatementId.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/qualCertStatment/qualCertStatement.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/intermediate.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/leaf.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/leafBadEKU.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/leafBadKU.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/leafNoEKU.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/resourceSigning.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/root.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/serverGatedCrypto/alandsbanken_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/serverGatedCrypto/alandsbanken_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/serverGatedCrypto/luottokunta_v3.100.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/serverGatedCrypto/luottokunta_v3.101.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/serverGatedCrypto/sgc.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/smime/AliceDSSSignByCarlNoInherit.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/smime/AliceRSASignByCarl.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/smime/BobDHEncryptByCarl.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/smime/BobRSASignByCarl.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/smime/CarlDSSCRLEmpty.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/smime/CarlDSSCRLForAll.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/smime/CarlDSSCRLForCarl.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/smime/CarlDSSSelf.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/smime/CarlRSACRLEmpty.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/smime/CarlRSACRLForAll.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/smime/CarlRSACRLForCarl.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/smime/CarlRSASelf.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/smime/DianeDHEncryptByCarl.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/smime/DianeDSSSignByCarlInherit.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/smime/DianeRSASignByCarl.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/smime/EricaDHEncryptByCarl.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/smime/certsParsed delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/smime/crlsParsed delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/smime/smime.scr delete mode 100755 SecurityTests/clxutils/certcrl/testSubjects/trustSettings/buildAndTest delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/trustSettings/crl.crl delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/trustSettings/crlTestLeaf.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/trustSettings/crlTestRoot.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/trustSettings/csCA.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/trustSettings/csLeaf.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/trustSettings/csLeafShortPath.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/trustSettings/csRoot.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/trustSettings/debugRoot.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/trustSettings/dmitchAppleThawte.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/trustSettings/emptyTrustSettings.plist delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/trustSettings/localhost.cer delete mode 100755 SecurityTests/clxutils/certcrl/testSubjects/trustSettings/makeTrustSettings delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/trustSettings/one.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/trustSettings/thawteCA.cer delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/trustSettings/trustSettings.scr delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/trustSettings/trustSettingsTest.keychain delete mode 100644 SecurityTests/clxutils/certcrl/testSubjects/trustSettings/userTrustSettings.plist delete mode 100644 SecurityTests/clxutils/certsFromDb/Makefile delete mode 100644 SecurityTests/clxutils/certsFromDb/certsFromDb.cpp delete mode 100644 SecurityTests/clxutils/cgConstruct/Makefile delete mode 100644 SecurityTests/clxutils/cgConstruct/cgConstruct.cpp delete mode 100644 SecurityTests/clxutils/cgVerify/Makefile delete mode 100644 SecurityTests/clxutils/cgVerify/cgVerify.cpp delete mode 100644 SecurityTests/clxutils/cgVerify/dsaParam512.der delete mode 100644 SecurityTests/clxutils/cgVerifyParsed/Makefile delete mode 100644 SecurityTests/clxutils/cgVerifyParsed/cgVerifyParsed.cpp delete mode 100644 SecurityTests/clxutils/cgVerifyParsed/dsaParam512.der delete mode 100644 SecurityTests/clxutils/cgVerifyParsed/tpVerifyParsed.cpp delete mode 100644 SecurityTests/clxutils/cgVerifyParsed/tpVerifyParsed.h delete mode 100644 SecurityTests/clxutils/clAppUtils/BlobList.cpp delete mode 100644 SecurityTests/clxutils/clAppUtils/BlobList.h delete mode 100644 SecurityTests/clxutils/clAppUtils/CertBuilderApp.cpp delete mode 100644 SecurityTests/clxutils/clAppUtils/CertBuilderApp.h delete mode 100644 SecurityTests/clxutils/clAppUtils/CertParser.cpp delete mode 100644 SecurityTests/clxutils/clAppUtils/CertParser.h delete mode 100644 SecurityTests/clxutils/clAppUtils/Makefile delete mode 100644 SecurityTests/clxutils/clAppUtils/certVerify.cpp delete mode 100644 SecurityTests/clxutils/clAppUtils/certVerify.h delete mode 100644 SecurityTests/clxutils/clAppUtils/clutils.c delete mode 100644 SecurityTests/clxutils/clAppUtils/clutils.h delete mode 100644 SecurityTests/clxutils/clAppUtils/crlUtils.cpp delete mode 100644 SecurityTests/clxutils/clAppUtils/crlUtils.h delete mode 100644 SecurityTests/clxutils/clAppUtils/identPicker.cpp delete mode 100644 SecurityTests/clxutils/clAppUtils/identPicker.h delete mode 100644 SecurityTests/clxutils/clAppUtils/ioSock.c delete mode 100644 SecurityTests/clxutils/clAppUtils/ioSock.h delete mode 100644 SecurityTests/clxutils/clAppUtils/keyPicker.cpp delete mode 100644 SecurityTests/clxutils/clAppUtils/keyPicker.h delete mode 100644 SecurityTests/clxutils/clAppUtils/printCertName.cpp delete mode 100644 SecurityTests/clxutils/clAppUtils/printCertName.h delete mode 100644 SecurityTests/clxutils/clAppUtils/ringBufferIo.cpp delete mode 100644 SecurityTests/clxutils/clAppUtils/ringBufferIo.h delete mode 100644 SecurityTests/clxutils/clAppUtils/sslAppUtils.cpp delete mode 100644 SecurityTests/clxutils/clAppUtils/sslAppUtils.h delete mode 100644 SecurityTests/clxutils/clAppUtils/sslClient.cpp delete mode 100644 SecurityTests/clxutils/clAppUtils/sslRingBufferThreads.cpp delete mode 100644 SecurityTests/clxutils/clAppUtils/sslRingBufferThreads.h delete mode 100644 SecurityTests/clxutils/clAppUtils/sslServe.cpp delete mode 100644 SecurityTests/clxutils/clAppUtils/sslThreading.h delete mode 100644 SecurityTests/clxutils/clAppUtils/timeStr.cpp delete mode 100644 SecurityTests/clxutils/clAppUtils/timeStr.h delete mode 100644 SecurityTests/clxutils/clAppUtils/tpUtils.cpp delete mode 100644 SecurityTests/clxutils/clAppUtils/tpUtils.h delete mode 100644 SecurityTests/clxutils/clTool/Makefile delete mode 100644 SecurityTests/clxutils/clTool/clTool.cpp delete mode 100755 SecurityTests/clxutils/cltpdvt delete mode 100644 SecurityTests/clxutils/cltpdvt_usage delete mode 100644 SecurityTests/clxutils/clxutils.pbproj/project.pbxproj delete mode 100644 SecurityTests/clxutils/cmsTime/Makefile delete mode 100644 SecurityTests/clxutils/cmsTime/cmsTime.cpp delete mode 100644 SecurityTests/clxutils/cmsTime/noRoot.p7 delete mode 100644 SecurityTests/clxutils/cmsTime/withRoot.p7 delete mode 100644 SecurityTests/clxutils/cmstool/Makefile delete mode 100644 SecurityTests/clxutils/cmstool/cmstool.cpp delete mode 100644 SecurityTests/clxutils/cmstool/testSubjects/ptext1.txt delete mode 100644 SecurityTests/clxutils/cmstool/testSubjects/signed1.cms delete mode 100755 SecurityTests/clxutils/cmstool/testSubjects/vfyCms delete mode 100644 SecurityTests/clxutils/crlTool/Makefile delete mode 100644 SecurityTests/clxutils/crlTool/crlNetwork.cpp delete mode 100644 SecurityTests/clxutils/crlTool/crlNetwork.h delete mode 100644 SecurityTests/clxutils/crlTool/crlTool.cpp delete mode 100644 SecurityTests/clxutils/dotMacArchive/Makefile delete mode 100644 SecurityTests/clxutils/dotMacArchive/dotMacArchive.cpp delete mode 100644 SecurityTests/clxutils/dotMacArchive/dotMacTpAttach.cpp delete mode 100644 SecurityTests/clxutils/dotMacArchive/dotMacTpAttach.h delete mode 100644 SecurityTests/clxutils/dotMacArchive/identSearch.cpp delete mode 100644 SecurityTests/clxutils/dotMacArchive/identSearch.h delete mode 100644 SecurityTests/clxutils/dotMacRequest/Makefile delete mode 100644 SecurityTests/clxutils/dotMacRequest/README delete mode 100644 SecurityTests/clxutils/dotMacRequest/dotMacRequest.cpp delete mode 100644 SecurityTests/clxutils/dotMacTool/MDS delete mode 100644 SecurityTests/clxutils/dotMacTool/Makefile delete mode 100644 SecurityTests/clxutils/dotMacTool/README delete mode 100644 SecurityTests/clxutils/dotMacTool/dotMacTool.cpp delete mode 100644 SecurityTests/clxutils/dotMacTool/keyPicker.cpp delete mode 100644 SecurityTests/clxutils/dotMacTool/keyPicker.h delete mode 100644 SecurityTests/clxutils/dumpasn1.cfg delete mode 100644 SecurityTests/clxutils/extenGrab/Makefile delete mode 100644 SecurityTests/clxutils/extenGrab/extenGrab.cpp delete mode 100644 SecurityTests/clxutils/extenTest/Makefile delete mode 100644 SecurityTests/clxutils/extenTest/extenTest.cpp delete mode 100644 SecurityTests/clxutils/extenTestTp/Makefile delete mode 100644 SecurityTests/clxutils/extenTestTp/extenTestTp.cpp delete mode 100644 SecurityTests/clxutils/extendAttrTest/Makefile delete mode 100644 SecurityTests/clxutils/extendAttrTest/amazon_v3.100.cer delete mode 100644 SecurityTests/clxutils/extendAttrTest/extendAttrTest.cpp delete mode 100644 SecurityTests/clxutils/extendAttrTest/rsakey_priv.der delete mode 100644 SecurityTests/clxutils/extendAttrTest/rsakey_pub.der delete mode 100644 SecurityTests/clxutils/extendAttrTool/Makefile delete mode 100644 SecurityTests/clxutils/extendAttrTool/extendAttrTool.cpp delete mode 100644 SecurityTests/clxutils/extendAttrTool/singleItemPicker.cpp delete mode 100644 SecurityTests/clxutils/extendAttrTool/singleItemPicker.h delete mode 100644 SecurityTests/clxutils/extractCertFields/Makefile delete mode 100644 SecurityTests/clxutils/extractCertFields/extractCertFields.cpp delete mode 100644 SecurityTests/clxutils/findCert/Makefile delete mode 100644 SecurityTests/clxutils/findCert/asnUtils.cpp delete mode 100644 SecurityTests/clxutils/findCert/asnUtils.h delete mode 100644 SecurityTests/clxutils/findCert/findCert.cpp delete mode 100644 SecurityTests/clxutils/idPref/Makefile delete mode 100644 SecurityTests/clxutils/idPref/idPref.cpp delete mode 100644 SecurityTests/clxutils/idTool/Makefile delete mode 100644 SecurityTests/clxutils/idTool/idTool.cpp delete mode 100644 SecurityTests/clxutils/importExport/amazon_v3.100.pem delete mode 100644 SecurityTests/clxutils/importExport/cdnow_v300.pem delete mode 100644 SecurityTests/clxutils/importExport/dhParams_512.der delete mode 100644 SecurityTests/clxutils/importExport/dsaParamOpenssl.pem delete mode 100644 SecurityTests/clxutils/importExport/dsaParams_512.der delete mode 100755 SecurityTests/clxutils/importExport/exportOpensslTool delete mode 100755 SecurityTests/clxutils/importExport/exportPkcs8Tool delete mode 100755 SecurityTests/clxutils/importExport/impExpOpensslEcdsa delete mode 100755 SecurityTests/clxutils/importExport/impExpOpensslEcdsaTool delete mode 100755 SecurityTests/clxutils/importExport/importExport delete mode 100755 SecurityTests/clxutils/importExport/importExportAgg delete mode 100755 SecurityTests/clxutils/importExport/importExportECDSA_P12 delete mode 100755 SecurityTests/clxutils/importExport/importExportECDSA_P12_Tool delete mode 100755 SecurityTests/clxutils/importExport/importExportKeyTool delete mode 100755 SecurityTests/clxutils/importExport/importExportOpenssh delete mode 100755 SecurityTests/clxutils/importExport/importExportOpensshTool delete mode 100755 SecurityTests/clxutils/importExport/importExportOpensslWrap delete mode 100755 SecurityTests/clxutils/importExport/importExportPkcs12 delete mode 100755 SecurityTests/clxutils/importExport/importExportPkcs7 delete mode 100755 SecurityTests/clxutils/importExport/importExportPkcs8 delete mode 100755 SecurityTests/clxutils/importExport/importExportPkcs8Tool delete mode 100755 SecurityTests/clxutils/importExport/importExportRawKey delete mode 100644 SecurityTests/clxutils/importExport/localcert.pem delete mode 100644 SecurityTests/clxutils/importExport/secp256r1ca.p12 delete mode 100644 SecurityTests/clxutils/importExport/secp384r1ca.p12 delete mode 100644 SecurityTests/clxutils/importExport/secp521r1ca.p12 delete mode 100644 SecurityTests/clxutils/importExport/setupCommon delete mode 100644 SecurityTests/clxutils/importExport/somePlainText delete mode 100644 SecurityTests/clxutils/kcExport/Makefile delete mode 100644 SecurityTests/clxutils/kcExport/kcExport.cpp delete mode 100644 SecurityTests/clxutils/kcImport/Makefile delete mode 100644 SecurityTests/clxutils/kcImport/kcImport.cpp delete mode 100644 SecurityTests/clxutils/kcTime/Makefile delete mode 100644 SecurityTests/clxutils/kcTime/SecureServer.509.cer delete mode 100644 SecurityTests/clxutils/kcTime/amazon_v3.100.cer delete mode 100644 SecurityTests/clxutils/kcTime/kcTime.cpp delete mode 100644 SecurityTests/clxutils/kcTime/test1.p12 delete mode 100644 SecurityTests/clxutils/kcTool/Makefile delete mode 100644 SecurityTests/clxutils/kcTool/kcTool.cpp delete mode 100644 SecurityTests/clxutils/keyFromCert/Makefile delete mode 100644 SecurityTests/clxutils/keyFromCert/keyFromCert.cpp delete mode 100644 SecurityTests/clxutils/krbtool/Makefile delete mode 100644 SecurityTests/clxutils/krbtool/asnUtils.cpp delete mode 100644 SecurityTests/clxutils/krbtool/asnUtils.h delete mode 100644 SecurityTests/clxutils/krbtool/identPicker.cpp delete mode 100644 SecurityTests/clxutils/krbtool/identPicker.h delete mode 100644 SecurityTests/clxutils/krbtool/krbtool.cpp delete mode 100644 SecurityTests/clxutils/make.ssl delete mode 100644 SecurityTests/clxutils/makeCertPolicy/Makefile delete mode 100644 SecurityTests/clxutils/makeCertPolicy/makeCertPolicy.cpp delete mode 100644 SecurityTests/clxutils/makeCrl/Makefile delete mode 100644 SecurityTests/clxutils/makeCrl/makeCrl.cpp delete mode 100644 SecurityTests/clxutils/makeCrl/testFiles/crl.crl delete mode 100644 SecurityTests/clxutils/makeCrl/testFiles/crlKeychain.keychain delete mode 100644 SecurityTests/clxutils/makeCrl/testFiles/crlTestLeaf.cer delete mode 100644 SecurityTests/clxutils/makeCrl/testFiles/crlTestRoot.cer delete mode 100644 SecurityTests/clxutils/makeCrl/testFiles/crlTime.scr delete mode 100644 SecurityTests/clxutils/makeCrl/testFiles/crlTimeTiger.scr delete mode 100644 SecurityTests/clxutils/makeCrl/testFiles/notes delete mode 100644 SecurityTests/clxutils/makeExpiredCerts/Makefile delete mode 100644 SecurityTests/clxutils/makeExpiredCerts/makeExpiredCerts.cpp delete mode 100644 SecurityTests/clxutils/newCmsTool/Makefile delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/GTE_SGC.cer delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/certs.p7 delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/certsOnly.p7 delete mode 100755 SecurityTests/clxutils/newCmsTool/blobs/cmsEcdsaHandsoff delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/cmsEcdsaRoot.cer delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/cmsKeychain delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/cmsRoot.cer delete mode 100755 SecurityTests/clxutils/newCmsTool/blobs/cmstest delete mode 100755 SecurityTests/clxutils/newCmsTool/blobs/cmstestHandsoff delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/cmstestUsage delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/dmitchIChat.cer delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/ecdsaCmsKeychain.keychain delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/env.p7 delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/env_two.p7 delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/ptext delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/sign.p7 delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/sign2.p7 delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/signEnv.p7 delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/signEnv_auth.p7 delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/signEnv_certs.p7 delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/signEnv_twoSign.p7 delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/signEnv_twoSign_twoRecip.p7 delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/sign_auth.p7 delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/sign_certs.p7 delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/sign_det.p7 delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/sign_nocerts.p7 delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/sign_only_certs.p7 delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/sign_signer.p7 delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/sign_two.p7 delete mode 100644 SecurityTests/clxutils/newCmsTool/blobs/sign_withroot.p7 delete mode 100644 SecurityTests/clxutils/newCmsTool/newCmsTool.cpp delete mode 100644 SecurityTests/clxutils/ocspTool/Makefile delete mode 100644 SecurityTests/clxutils/ocspTool/findOcspUrl.cpp delete mode 100644 SecurityTests/clxutils/ocspTool/findOcspUrl.h delete mode 100644 SecurityTests/clxutils/ocspTool/ocspNetwork.cpp delete mode 100644 SecurityTests/clxutils/ocspTool/ocspNetwork.h delete mode 100644 SecurityTests/clxutils/ocspTool/ocspRequest.cpp delete mode 100644 SecurityTests/clxutils/ocspTool/ocspRequest.h delete mode 100644 SecurityTests/clxutils/ocspTool/ocspTool.cpp delete mode 100644 SecurityTests/clxutils/ocspTool/ocspUtils.cpp delete mode 100644 SecurityTests/clxutils/ocspTool/ocspUtils.h delete mode 100644 SecurityTests/clxutils/ocspdTool/Makefile delete mode 100644 SecurityTests/clxutils/ocspdTool/ocspdTool.cpp delete mode 100644 SecurityTests/clxutils/p12/Makefile delete mode 100644 SecurityTests/clxutils/p12/SecNssCoder.cpp delete mode 100644 SecurityTests/clxutils/p12/SecNssCoder.h delete mode 100644 SecurityTests/clxutils/p12/p12.cpp delete mode 100644 SecurityTests/clxutils/p12/p12.h delete mode 100644 SecurityTests/clxutils/p12/p12Crypto.cpp delete mode 100644 SecurityTests/clxutils/p12/p12Crypto.h delete mode 100644 SecurityTests/clxutils/p12/p12Decode.cpp delete mode 100644 SecurityTests/clxutils/p12/p12Encode.cpp delete mode 100644 SecurityTests/clxutils/p12/p12GetPassKey.cpp delete mode 100644 SecurityTests/clxutils/p12/p12GetPassKey.h delete mode 100644 SecurityTests/clxutils/p12/p12ImportExport.cpp delete mode 100644 SecurityTests/clxutils/p12/p12Parse.cpp delete mode 100644 SecurityTests/clxutils/p12/p12pbe.cpp delete mode 100644 SecurityTests/clxutils/p12/p12pbe.h delete mode 100644 SecurityTests/clxutils/p12/pkcs12Parsed.cpp delete mode 100644 SecurityTests/clxutils/p12/pkcs12Parsed.h delete mode 100644 SecurityTests/clxutils/p12Parse/Makefile delete mode 100644 SecurityTests/clxutils/p12Parse/main.cpp delete mode 100644 SecurityTests/clxutils/p12Parse/p12Crypto.cpp delete mode 100644 SecurityTests/clxutils/p12Parse/p12Crypto.h delete mode 100644 SecurityTests/clxutils/p12Parse/p12Parse.cpp delete mode 100644 SecurityTests/clxutils/p12Parse/p12Parse.h delete mode 100644 SecurityTests/clxutils/p12Parse/pkcs12Parsed.cpp delete mode 100644 SecurityTests/clxutils/p12Parse/pkcs12Parsed.h delete mode 100644 SecurityTests/clxutils/p12Parse/pkcs12Utils.cpp delete mode 100644 SecurityTests/clxutils/p12Parse/pkcs12Utils.h delete mode 100644 SecurityTests/clxutils/p12Reencode/Makefile delete mode 100755 SecurityTests/clxutils/p12Reencode/doReencode delete mode 100644 SecurityTests/clxutils/p12Reencode/p12Reencode.cpp delete mode 100644 SecurityTests/clxutils/p12Reencode/test1.p12 delete mode 100644 SecurityTests/clxutils/p12Reencode/test10.p12 delete mode 100644 SecurityTests/clxutils/p12Reencode/test11.p12 delete mode 100644 SecurityTests/clxutils/p12Reencode/test12.p12 delete mode 100644 SecurityTests/clxutils/p12Reencode/test13.p12 delete mode 100644 SecurityTests/clxutils/p12Reencode/test14.p12 delete mode 100644 SecurityTests/clxutils/p12Reencode/test15.p12 delete mode 100644 SecurityTests/clxutils/p12Reencode/test16.p12 delete mode 100644 SecurityTests/clxutils/p12Reencode/test17.p12 delete mode 100644 SecurityTests/clxutils/p12Reencode/test18.p12 delete mode 100644 SecurityTests/clxutils/p12Reencode/test19.p12 delete mode 100644 SecurityTests/clxutils/parseCert/Makefile delete mode 100644 SecurityTests/clxutils/parseCert/parseCert.cpp delete mode 100644 SecurityTests/clxutils/parseCrl/Makefile delete mode 100644 SecurityTests/clxutils/parseCrl/parseCrl.cpp delete mode 100644 SecurityTests/clxutils/pemtool/Makefile delete mode 100644 SecurityTests/clxutils/pemtool/pemtool.c delete mode 100644 SecurityTests/clxutils/rootStoreTool/KeychainAccessSystemRoot.cer delete mode 100644 SecurityTests/clxutils/rootStoreTool/KeychainAccessUserRoot.cer delete mode 100644 SecurityTests/clxutils/rootStoreTool/Makefile delete mode 100644 SecurityTests/clxutils/rootStoreTool/SMIME_SystemRoot.cer delete mode 100644 SecurityTests/clxutils/rootStoreTool/SMIME_UserRoot.cer delete mode 100644 SecurityTests/clxutils/rootStoreTool/SSL_SystemRoot.cer delete mode 100644 SecurityTests/clxutils/rootStoreTool/SSL_UserRoot.cer delete mode 100644 SecurityTests/clxutils/rootStoreTool/UnrestrictedSystemRoot.cer delete mode 100644 SecurityTests/clxutils/rootStoreTool/UnrestrictedUserRoot.cer delete mode 100755 SecurityTests/clxutils/rootStoreTool/addTestRoots delete mode 100755 SecurityTests/clxutils/rootStoreTool/addTestRootsSec delete mode 100755 SecurityTests/clxutils/rootStoreTool/buildSysAnchors delete mode 100644 SecurityTests/clxutils/rootStoreTool/parseTrustedRootList.cpp delete mode 100644 SecurityTests/clxutils/rootStoreTool/rootStoreTool.cpp delete mode 100644 SecurityTests/clxutils/rootStoreTool/rootUtils.cpp delete mode 100644 SecurityTests/clxutils/rootStoreTool/rootUtils.h delete mode 100644 SecurityTests/clxutils/rootStoreTool/threeRoots.pem delete mode 100644 SecurityTests/clxutils/secTime/Makefile delete mode 100644 SecurityTests/clxutils/secTime/SecureServer.509.cer delete mode 100644 SecurityTests/clxutils/secTime/ThawteCA.cer delete mode 100644 SecurityTests/clxutils/secTime/ThawteRoot.cer delete mode 100644 SecurityTests/clxutils/secTime/amazon_v3.100.cer delete mode 100644 SecurityTests/clxutils/secTime/dmitchThawte.cer delete mode 100644 SecurityTests/clxutils/secTime/firstamlink.cer delete mode 100644 SecurityTests/clxutils/secTime/secTime.cpp delete mode 100644 SecurityTests/clxutils/secToolVerify/AppleQuickTime.pem delete mode 100644 SecurityTests/clxutils/secToolVerify/AppleSWUPDATE.pem delete mode 100644 SecurityTests/clxutils/secToolVerify/VPNTrialCA.cer delete mode 100644 SecurityTests/clxutils/secToolVerify/amazon_v3.100.cer delete mode 100644 SecurityTests/clxutils/secToolVerify/applestore_v3.100.cer delete mode 100644 SecurityTests/clxutils/secToolVerify/applestore_v3.101.cer delete mode 100644 SecurityTests/clxutils/secToolVerify/dmitchThawte2005.cer delete mode 100644 SecurityTests/clxutils/secToolVerify/dmitchThawte2007.cer delete mode 100644 SecurityTests/clxutils/secToolVerify/iproj_v3.102.cer delete mode 100755 SecurityTests/clxutils/secToolVerify/secToolVerify delete mode 100644 SecurityTests/clxutils/secToolVerify/serverbasic.crt delete mode 100644 SecurityTests/clxutils/secToolVerify/vpn-gateway.vpntrial.com.cer delete mode 100644 SecurityTests/clxutils/secTrustTime/Makefile delete mode 100644 SecurityTests/clxutils/secTrustTime/keybank_v3.100.cer delete mode 100644 SecurityTests/clxutils/secTrustTime/keybank_v3.101.cer delete mode 100644 SecurityTests/clxutils/secTrustTime/keybank_v3.102.cer delete mode 100755 SecurityTests/clxutils/secTrustTime/runTests delete mode 100644 SecurityTests/clxutils/secTrustTime/secTrustTime.cpp delete mode 100644 SecurityTests/clxutils/signerAndSubj/Makefile delete mode 100644 SecurityTests/clxutils/signerAndSubj/signerAndSubj.cpp delete mode 100644 SecurityTests/clxutils/signerAndSubjSsl/Makefile delete mode 100755 SecurityTests/clxutils/signerAndSubjSsl/doTest delete mode 100644 SecurityTests/clxutils/signerAndSubjSsl/signerAndSubjSsl.cpp delete mode 100644 SecurityTests/clxutils/signerAndSubjTp/Makefile delete mode 100755 SecurityTests/clxutils/signerAndSubjTp/makeSmimeCert delete mode 100644 SecurityTests/clxutils/signerAndSubjTp/signerAndSubjTp.cpp delete mode 100644 SecurityTests/clxutils/simpleUrlAccess/Makefile delete mode 100644 SecurityTests/clxutils/simpleUrlAccess/simpleUrlAccess.c delete mode 100644 SecurityTests/clxutils/smimePolicy/Makefile delete mode 100644 SecurityTests/clxutils/smimePolicy/smimePolicy.cpp delete mode 100644 SecurityTests/clxutils/sslAlert/Makefile delete mode 100644 SecurityTests/clxutils/sslAlert/README delete mode 100644 SecurityTests/clxutils/sslAlert/sslAlert.cpp delete mode 100644 SecurityTests/clxutils/sslAuth/Makefile delete mode 100644 SecurityTests/clxutils/sslAuth/sslAuth.cpp delete mode 100644 SecurityTests/clxutils/sslBench/Makefile delete mode 100644 SecurityTests/clxutils/sslBench/sslBench.cpp delete mode 100644 SecurityTests/clxutils/sslCipher/Makefile delete mode 100644 SecurityTests/clxutils/sslCipher/sslCipher.cpp delete mode 100644 SecurityTests/clxutils/sslEAP/Makefile delete mode 100644 SecurityTests/clxutils/sslEAP/ringBufferThreads.cpp delete mode 100644 SecurityTests/clxutils/sslEAP/ringBufferThreads.h delete mode 100644 SecurityTests/clxutils/sslEAP/sslEAP.cpp delete mode 100644 SecurityTests/clxutils/sslEcdsa/Makefile delete mode 100644 SecurityTests/clxutils/sslEcdsa/ecc-secp256r1-client.pfx delete mode 100644 SecurityTests/clxutils/sslEcdsa/ecdsa.keychain delete mode 100644 SecurityTests/clxutils/sslEcdsa/sslEcdsa.cpp delete mode 100644 SecurityTests/clxutils/sslHandshakeTimeRB/Makefile delete mode 100644 SecurityTests/clxutils/sslHandshakeTimeRB/sslHandshakeTimeRB.cpp delete mode 100644 SecurityTests/clxutils/sslHdshakeTime/Makefile delete mode 100644 SecurityTests/clxutils/sslHdshakeTime/sslHdshakeTime.cpp delete mode 100644 SecurityTests/clxutils/sslProt/Makefile delete mode 100644 SecurityTests/clxutils/sslProt/dhParams1024.h delete mode 100644 SecurityTests/clxutils/sslProt/dhParams512.h delete mode 100644 SecurityTests/clxutils/sslProt/sslProt.cpp delete mode 100755 SecurityTests/clxutils/sslScripts/AlexTest delete mode 100755 SecurityTests/clxutils/sslScripts/authClient delete mode 100755 SecurityTests/clxutils/sslScripts/authDoncio delete mode 100755 SecurityTests/clxutils/sslScripts/authExtern delete mode 100755 SecurityTests/clxutils/sslScripts/authServe delete mode 100644 SecurityTests/clxutils/sslScripts/cynicRoot.cer delete mode 100644 SecurityTests/clxutils/sslScripts/dhParams_1024.der delete mode 100644 SecurityTests/clxutils/sslScripts/dhParams_512.der delete mode 100644 SecurityTests/clxutils/sslScripts/doncioRoot.cer delete mode 100755 SecurityTests/clxutils/sslScripts/doprompt delete mode 100644 SecurityTests/clxutils/sslScripts/dsaCertToolInput delete mode 100755 SecurityTests/clxutils/sslScripts/makeLocalCert delete mode 100755 SecurityTests/clxutils/sslScripts/openssl/doprompt delete mode 100755 SecurityTests/clxutils/sslScripts/openssl/makeOpensslCert delete mode 100644 SecurityTests/clxutils/sslScripts/openssl/opensslReqInput delete mode 100755 SecurityTests/clxutils/sslScripts/openssl/opensslTest delete mode 100644 SecurityTests/clxutils/sslScripts/openssl/osdsaparam.der delete mode 100755 SecurityTests/clxutils/sslScripts/openssl/runServeView delete mode 100755 SecurityTests/clxutils/sslScripts/protClient delete mode 100755 SecurityTests/clxutils/sslScripts/protServe delete mode 100755 SecurityTests/clxutils/sslScripts/removeLocalCerts delete mode 100755 SecurityTests/clxutils/sslScripts/runProtClient delete mode 100755 SecurityTests/clxutils/sslScripts/setTrustAll delete mode 100755 SecurityTests/clxutils/sslScripts/simplePrompt delete mode 100644 SecurityTests/clxutils/sslScripts/sslExtendUse.scr delete mode 100644 SecurityTests/clxutils/sslScripts/sslKcSetup delete mode 100755 SecurityTests/clxutils/sslScripts/ssldvt delete mode 100644 SecurityTests/clxutils/sslScripts/ssldvtCertErr delete mode 100644 SecurityTests/clxutils/sslScripts/ssldvtUsage delete mode 100644 SecurityTests/clxutils/sslScripts/test1.p12 delete mode 100755 SecurityTests/clxutils/sslScripts/trustAll delete mode 100644 SecurityTests/clxutils/sslScripts/verisignCA.cer delete mode 100644 SecurityTests/clxutils/sslServer/Makefile delete mode 100644 SecurityTests/clxutils/sslServer/sslServer.cpp delete mode 100644 SecurityTests/clxutils/sslSession/Makefile delete mode 100644 SecurityTests/clxutils/sslSession/sslSession.cpp delete mode 100644 SecurityTests/clxutils/sslSubjName/Makefile delete mode 100644 SecurityTests/clxutils/sslSubjName/sslSubjName.cpp delete mode 100644 SecurityTests/clxutils/sslThroughput/Makefile delete mode 100755 SecurityTests/clxutils/sslThroughput/runSslThroughput delete mode 100644 SecurityTests/clxutils/sslThroughput/sslThroughput.cpp delete mode 100644 SecurityTests/clxutils/sslViewer/Makefile delete mode 100644 SecurityTests/clxutils/sslViewer/SSLViewer.cpp delete mode 100644 SecurityTests/clxutils/sslViewer/SSL_Sites delete mode 100755 SecurityTests/clxutils/sslViewer/pingSslSites delete mode 100755 SecurityTests/clxutils/sslViewer/verifyPing delete mode 100644 SecurityTests/clxutils/sysIdTool/Makefile delete mode 100644 SecurityTests/clxutils/sysIdTool/sysIdTool.cpp delete mode 100644 SecurityTests/clxutils/threadTest/Makefile delete mode 100644 SecurityTests/clxutils/threadTest/amazon_v3.100.cer delete mode 100644 SecurityTests/clxutils/threadTest/amazon_v3.101.cer delete mode 100644 SecurityTests/clxutils/threadTest/attach.cpp delete mode 100644 SecurityTests/clxutils/threadTest/cduniverse_v3.100.cer delete mode 100644 SecurityTests/clxutils/threadTest/cgConstructThr.cpp delete mode 100644 SecurityTests/clxutils/threadTest/cgVerifyThr.cpp delete mode 100644 SecurityTests/clxutils/threadTest/copyRoots.cpp delete mode 100644 SecurityTests/clxutils/threadTest/cspRand.cpp delete mode 100644 SecurityTests/clxutils/threadTest/cssmErrStr.cpp delete mode 100644 SecurityTests/clxutils/threadTest/dbOpenClose.cpp delete mode 100644 SecurityTests/clxutils/threadTest/derDecode.cpp delete mode 100644 SecurityTests/clxutils/threadTest/desTest.cpp delete mode 100644 SecurityTests/clxutils/threadTest/digestClient.cpp delete mode 100644 SecurityTests/clxutils/threadTest/getCachedFields.cpp delete mode 100644 SecurityTests/clxutils/threadTest/getFields.cpp delete mode 100644 SecurityTests/clxutils/threadTest/ioSockThr.c delete mode 100644 SecurityTests/clxutils/threadTest/ioSockThr.h delete mode 100644 SecurityTests/clxutils/threadTest/kcStatus.cpp delete mode 100644 SecurityTests/clxutils/threadTest/mdsLookupThr.cpp delete mode 100644 SecurityTests/clxutils/threadTest/mypage.apple_v3.100.cer delete mode 100644 SecurityTests/clxutils/threadTest/rsaSign.cpp delete mode 100644 SecurityTests/clxutils/threadTest/secTrustEval.cpp delete mode 100644 SecurityTests/clxutils/threadTest/serverpremium.crt delete mode 100644 SecurityTests/clxutils/threadTest/signVerify.cpp delete mode 100644 SecurityTests/clxutils/threadTest/sslPing.cpp delete mode 100644 SecurityTests/clxutils/threadTest/sslThrash.cpp delete mode 100644 SecurityTests/clxutils/threadTest/symTestThr.cpp delete mode 100644 SecurityTests/clxutils/threadTest/t_stdlib.c delete mode 100644 SecurityTests/clxutils/threadTest/testParams.h delete mode 100644 SecurityTests/clxutils/threadTest/testutil.c delete mode 100644 SecurityTests/clxutils/threadTest/testutil.h delete mode 100644 SecurityTests/clxutils/threadTest/threadTest.cpp delete mode 100644 SecurityTests/clxutils/threadTest/timeThread.cpp delete mode 100644 SecurityTests/clxutils/threadTest/trustSettings.cpp delete mode 100644 SecurityTests/clxutils/trustAnchors/Makefile delete mode 100644 SecurityTests/clxutils/trustAnchors/trustAnchors.c delete mode 100644 SecurityTests/clxutils/trustApps/Makefile delete mode 100644 SecurityTests/clxutils/trustApps/trustApps.cpp delete mode 100644 SecurityTests/clxutils/unBER/Makefile delete mode 100644 SecurityTests/clxutils/unBER/unBER.cpp delete mode 100755 SecurityTests/clxutils/updateCert delete mode 100755 SecurityTests/clxutils/updateCerts delete mode 100644 SecurityTests/clxutils/urlPageGrab/Makefile delete mode 100644 SecurityTests/clxutils/urlPageGrab/cfSimpleGet.cpp delete mode 100644 SecurityTests/clxutils/urlPageGrab/cfSimpleGet.h delete mode 100755 SecurityTests/clxutils/urlPageGrab/grabPages delete mode 100755 SecurityTests/clxutils/urlPageGrab/pltGrab delete mode 100644 SecurityTests/clxutils/urlPageGrab/speedo_html.tar delete mode 100644 SecurityTests/clxutils/urlPageGrab/urlPageGrab.cpp delete mode 100644 SecurityTests/clxutils/userTrustTest/Makefile delete mode 100644 SecurityTests/clxutils/userTrustTest/amazon_v3.100.cer delete mode 100644 SecurityTests/clxutils/userTrustTest/userTrustTest.cpp delete mode 100755 SecurityTests/clxutils/vfyCacCert/Makefile delete mode 100644 SecurityTests/clxutils/vfyCacCert/README delete mode 100644 SecurityTests/clxutils/vfyCacCert/certs/cac_c7_cert.crt delete mode 100644 SecurityTests/clxutils/vfyCacCert/certs/cac_signing_cert.crt delete mode 100644 SecurityTests/clxutils/vfyCacCert/certs/joe2.ID.cer delete mode 100644 SecurityTests/clxutils/vfyCacCert/certs/joe2.encrypt.cer delete mode 100644 SecurityTests/clxutils/vfyCacCert/certs/joe2.sign.cer delete mode 100755 SecurityTests/clxutils/vfyCacCert/vfyAllCerts delete mode 100644 SecurityTests/clxutils/vfyCacCert/vfyCacCert.cpp delete mode 100644 SecurityTests/clxutils/vfyCert/Makefile delete mode 100644 SecurityTests/clxutils/vfyCert/vfyCert.c delete mode 100644 SecurityTests/clxutils/vfyCertChain/Makefile delete mode 100644 SecurityTests/clxutils/vfyCertChain/vfyCertChain.cpp delete mode 100644 SecurityTests/cspxutils/ChangeLog delete mode 100644 SecurityTests/cspxutils/EXAMPLES_README delete mode 100644 SecurityTests/cspxutils/Makefile delete mode 100644 SecurityTests/cspxutils/Makefile.cdsa delete mode 100644 SecurityTests/cspxutils/Makefile.lib delete mode 100644 SecurityTests/cspxutils/Makefile.template delete mode 100644 SecurityTests/cspxutils/README delete mode 100644 SecurityTests/cspxutils/acltool/Makefile delete mode 100644 SecurityTests/cspxutils/acltool/aclUtils.cpp delete mode 100644 SecurityTests/cspxutils/acltool/aclUtils.h delete mode 100644 SecurityTests/cspxutils/acltool/acltool.cpp delete mode 100644 SecurityTests/cspxutils/aesVect/Makefile delete mode 100644 SecurityTests/cspxutils/aesVect/aesVect.c delete mode 100644 SecurityTests/cspxutils/aesVect/ecb_vk.hdr delete mode 100644 SecurityTests/cspxutils/aesVect/ecb_vk.txt delete mode 100644 SecurityTests/cspxutils/aesVect/ecb_vt.hdr delete mode 100644 SecurityTests/cspxutils/aesVect/ecb_vt.txt delete mode 100644 SecurityTests/cspxutils/aesVect/enDecrypt.h delete mode 100644 SecurityTests/cspxutils/aesVect/enDecryptCsp.c delete mode 100644 SecurityTests/cspxutils/aesVect/enDecryptRef.c delete mode 100644 SecurityTests/cspxutils/aesVect/enDecryptTest.c delete mode 100755 SecurityTests/cspxutils/aesVect/makeVectors delete mode 100644 SecurityTests/cspxutils/aesVect/rijndael.c delete mode 100644 SecurityTests/cspxutils/aesVect/std_defs.h delete mode 100755 SecurityTests/cspxutils/aesVect/testVectors delete mode 100644 SecurityTests/cspxutils/ascTool/Makefile delete mode 100644 SecurityTests/cspxutils/ascTool/ascTool.cpp delete mode 100644 SecurityTests/cspxutils/asymCompat/Makefile delete mode 100644 SecurityTests/cspxutils/asymCompat/asymCompat.c delete mode 100644 SecurityTests/cspxutils/asymPerform/Makefile delete mode 100644 SecurityTests/cspxutils/asymPerform/asymPerform.c delete mode 100644 SecurityTests/cspxutils/asymTest/Makefile delete mode 100644 SecurityTests/cspxutils/asymTest/asymTest.c delete mode 100644 SecurityTests/cspxutils/attachLeak/Makefile delete mode 100644 SecurityTests/cspxutils/attachLeak/attachLeak.c delete mode 100644 SecurityTests/cspxutils/badattr/Makefile delete mode 100644 SecurityTests/cspxutils/badattr/badattr.c delete mode 100644 SecurityTests/cspxutils/badmac/Makefile delete mode 100644 SecurityTests/cspxutils/badmac/badmac.c delete mode 100644 SecurityTests/cspxutils/badsig/Makefile delete mode 100644 SecurityTests/cspxutils/badsig/badsig.c delete mode 100755 SecurityTests/cspxutils/buildExample delete mode 100644 SecurityTests/cspxutils/ccCtxSize/Makefile delete mode 100644 SecurityTests/cspxutils/ccCtxSize/ccCtxSize.c delete mode 100644 SecurityTests/cspxutils/ccHmacClone/Makefile delete mode 100644 SecurityTests/cspxutils/ccHmacClone/ccHmacClone.cpp delete mode 100644 SecurityTests/cspxutils/ccHmacCompat/Makefile delete mode 100644 SecurityTests/cspxutils/ccHmacCompat/ccHmacCompat.c delete mode 100644 SecurityTests/cspxutils/ccOneShot/Makefile delete mode 100644 SecurityTests/cspxutils/ccOneShot/ccOneShot.cpp delete mode 100644 SecurityTests/cspxutils/ccOpensslCompat/Makefile delete mode 100644 SecurityTests/cspxutils/ccOpensslCompat/ccOpensslCompat.cpp delete mode 100644 SecurityTests/cspxutils/ccOpensslCompat/digestCommon.h delete mode 100644 SecurityTests/cspxutils/ccOpensslCompat/digestCommonCrypto.cpp delete mode 100644 SecurityTests/cspxutils/ccOpensslCompat/digestCommonExtern.h delete mode 100644 SecurityTests/cspxutils/ccOpensslCompat/digestOpenssl.cpp delete mode 100644 SecurityTests/cspxutils/ccPerform/Makefile delete mode 100644 SecurityTests/cspxutils/ccPerform/ccPerform.cpp delete mode 100644 SecurityTests/cspxutils/ccSymCompat/Makefile delete mode 100644 SecurityTests/cspxutils/ccSymCompat/ccSymCompat.c delete mode 100644 SecurityTests/cspxutils/ccSymTest/Makefile delete mode 100644 SecurityTests/cspxutils/ccSymTest/ccSymTest.cpp delete mode 100755 SecurityTests/cspxutils/ccdvt delete mode 100755 SecurityTests/cspxutils/ccmake delete mode 100644 SecurityTests/cspxutils/clearPubKeyTest/Makefile delete mode 100644 SecurityTests/cspxutils/clearPubKeyTest/clearPubKeyTest.cpp delete mode 100644 SecurityTests/cspxutils/contextReuse/Makefile delete mode 100644 SecurityTests/cspxutils/contextReuse/contextReuse.cpp delete mode 100644 SecurityTests/cspxutils/cputimeCal/Makefile delete mode 100644 SecurityTests/cspxutils/cputimeCal/cputimeCal.cpp delete mode 100644 SecurityTests/cspxutils/cryptTool/Makefile delete mode 100644 SecurityTests/cspxutils/cryptTool/README delete mode 100644 SecurityTests/cspxutils/cryptTool/cryptTool.c delete mode 100755 SecurityTests/cspxutils/cryptTool/runCrypt delete mode 100755 SecurityTests/cspxutils/cspdvt delete mode 100644 SecurityTests/cspxutils/cspdvt_usage delete mode 100644 SecurityTests/cspxutils/cspxutils.pbproj/project.pbxproj delete mode 100644 SecurityTests/cspxutils/dbTool/Makefile delete mode 100644 SecurityTests/cspxutils/dbTool/dbAttrs.cpp delete mode 100644 SecurityTests/cspxutils/dbTool/dbAttrs.h delete mode 100644 SecurityTests/cspxutils/dbTool/dbCert.cpp delete mode 100644 SecurityTests/cspxutils/dbTool/dbCert.h delete mode 100644 SecurityTests/cspxutils/dbTool/dbTool.cpp delete mode 100644 SecurityTests/cspxutils/dbVerifyKey/Makefile delete mode 100644 SecurityTests/cspxutils/dbVerifyKey/dbVerifyKey.cpp delete mode 100644 SecurityTests/cspxutils/dhFulltest/Makefile delete mode 100644 SecurityTests/cspxutils/dhFulltest/dhFulltest.cpp delete mode 100644 SecurityTests/cspxutils/dhFulltest/dhParams_512.der delete mode 100644 SecurityTests/cspxutils/dhTest/Makefile delete mode 100644 SecurityTests/cspxutils/dhTest/README delete mode 100644 SecurityTests/cspxutils/dhTest/dhParams_512.der delete mode 100644 SecurityTests/cspxutils/dhTest/dhTest.cpp delete mode 100644 SecurityTests/cspxutils/dsaPartial/Makefile delete mode 100644 SecurityTests/cspxutils/dsaPartial/dsaParam512_1.der delete mode 100644 SecurityTests/cspxutils/dsaPartial/dsaParam512_2.der delete mode 100644 SecurityTests/cspxutils/dsaPartial/dsaPartial.cpp delete mode 100644 SecurityTests/cspxutils/ecdhTest/Makefile delete mode 100644 SecurityTests/cspxutils/ecdhTest/ecdhTest.cpp delete mode 100755 SecurityTests/cspxutils/feeCurve delete mode 100755 SecurityTests/cspxutils/feedvt delete mode 100644 SecurityTests/cspxutils/genErrorStrings/Makefile delete mode 100644 SecurityTests/cspxutils/genErrorStrings/fileIo.c delete mode 100644 SecurityTests/cspxutils/genErrorStrings/fileIo.h delete mode 100644 SecurityTests/cspxutils/genErrorStrings/genErrorStrings.cpp delete mode 100755 SecurityTests/cspxutils/genErrorStrings/genStrings delete mode 100644 SecurityTests/cspxutils/genKeyPair/Makefile delete mode 100644 SecurityTests/cspxutils/genKeyPair/genKeyPair.cpp delete mode 100644 SecurityTests/cspxutils/hashClone/Makefile delete mode 100644 SecurityTests/cspxutils/hashClone/hashClone.c delete mode 100644 SecurityTests/cspxutils/hashCompat/Makefile delete mode 100644 SecurityTests/cspxutils/hashCompat/hashCompat.c delete mode 100644 SecurityTests/cspxutils/hashTest/Makefile delete mode 100644 SecurityTests/cspxutils/hashTest/hashTest.c delete mode 100644 SecurityTests/cspxutils/hashTime/MD5.c delete mode 100644 SecurityTests/cspxutils/hashTime/MD5.h delete mode 100644 SecurityTests/cspxutils/hashTime/Makefile delete mode 100644 SecurityTests/cspxutils/hashTime/SHA1.c delete mode 100644 SecurityTests/cspxutils/hashTime/SHA1.h delete mode 100644 SecurityTests/cspxutils/hashTime/SHA1_priv.c delete mode 100644 SecurityTests/cspxutils/hashTime/SHA1_priv.h delete mode 100644 SecurityTests/cspxutils/hashTime/hashTime.cpp delete mode 100644 SecurityTests/cspxutils/hashTimeLibCrypt/Makefile delete mode 100644 SecurityTests/cspxutils/hashTimeLibCrypt/hashTimeLibCrypt.cpp delete mode 100644 SecurityTests/cspxutils/hashTimeLibCrypt/pbkdDigest.cpp delete mode 100644 SecurityTests/cspxutils/hashTimeLibCrypt/pbkdDigest.h delete mode 100644 SecurityTests/cspxutils/hashTimeSA/MD5.c delete mode 100644 SecurityTests/cspxutils/hashTimeSA/MD5.h delete mode 100644 SecurityTests/cspxutils/hashTimeSA/Makefile delete mode 100644 SecurityTests/cspxutils/hashTimeSA/SHA1.c delete mode 100644 SecurityTests/cspxutils/hashTimeSA/SHA1.h delete mode 100644 SecurityTests/cspxutils/hashTimeSA/SHA1_priv.c delete mode 100644 SecurityTests/cspxutils/hashTimeSA/SHA1_priv.h delete mode 100644 SecurityTests/cspxutils/hashTimeSA/hashTimeSA.cpp delete mode 100644 SecurityTests/cspxutils/keyDate/Makefile delete mode 100644 SecurityTests/cspxutils/keyDate/keyDate.cpp delete mode 100644 SecurityTests/cspxutils/keyHash/Makefile delete mode 100644 SecurityTests/cspxutils/keyHash/keyHash.c delete mode 100644 SecurityTests/cspxutils/keyHashAsym/Makefile delete mode 100644 SecurityTests/cspxutils/keyHashAsym/dhParams_512.der delete mode 100644 SecurityTests/cspxutils/keyHashAsym/dsaParams_512.der delete mode 100644 SecurityTests/cspxutils/keyHashAsym/keyHashAsym.c delete mode 100644 SecurityTests/cspxutils/keySizePref/Makefile delete mode 100644 SecurityTests/cspxutils/keySizePref/keySizePref.cpp delete mode 100755 SecurityTests/cspxutils/keyStore/Makefile delete mode 100644 SecurityTests/cspxutils/keyStore/keyStore.c delete mode 100755 SecurityTests/cspxutils/keyStoreLeak/Makefile delete mode 100644 SecurityTests/cspxutils/keyStoreLeak/keyStoreLeak.c delete mode 100644 SecurityTests/cspxutils/macCompat/Makefile delete mode 100644 SecurityTests/cspxutils/macCompat/macCompat.c delete mode 100644 SecurityTests/cspxutils/macTest/Makefile delete mode 100644 SecurityTests/cspxutils/macTest/macTest.c delete mode 100644 SecurityTests/cspxutils/mdsLookup/Makefile delete mode 100644 SecurityTests/cspxutils/mdsLookup/mdsLookup.cpp delete mode 100644 SecurityTests/cspxutils/mdsdump/MDSSchema.cpp delete mode 100644 SecurityTests/cspxutils/mdsdump/MDSSchema.h delete mode 100644 SecurityTests/cspxutils/mdsdump/Makefile delete mode 100644 SecurityTests/cspxutils/mdsdump/mdsdump.cpp delete mode 100644 SecurityTests/cspxutils/miniWrap/Makefile delete mode 100644 SecurityTests/cspxutils/miniWrap/miniWrap.c delete mode 100644 SecurityTests/cspxutils/pbeTest/Makefile delete mode 100644 SecurityTests/cspxutils/pbeTest/pbeTest.c delete mode 100644 SecurityTests/cspxutils/perform/Makefile delete mode 100755 SecurityTests/cspxutils/perform/aesPerform delete mode 100755 SecurityTests/cspxutils/perform/doPerform delete mode 100644 SecurityTests/cspxutils/perform/perform.cpp delete mode 100644 SecurityTests/cspxutils/performRaw/Makefile delete mode 100755 SecurityTests/cspxutils/performRaw/aesPerformRaw delete mode 100755 SecurityTests/cspxutils/performRaw/doPerformRaw delete mode 100644 SecurityTests/cspxutils/performRaw/performRaw.cpp delete mode 100755 SecurityTests/cspxutils/performSuite delete mode 100644 SecurityTests/cspxutils/pubKeyTool/Makefile delete mode 100644 SecurityTests/cspxutils/pubKeyTool/derive_pub.der delete mode 100644 SecurityTests/cspxutils/pubKeyTool/pubKeyTool.cpp delete mode 100644 SecurityTests/cspxutils/pubKeyTool/rsa_priv.der delete mode 100644 SecurityTests/cspxutils/pubKeyTool/rsa_pub.der delete mode 100644 SecurityTests/cspxutils/randTest/Makefile delete mode 100644 SecurityTests/cspxutils/randTest/randTest.c delete mode 100644 SecurityTests/cspxutils/rawRsaSig/Makefile delete mode 100644 SecurityTests/cspxutils/rawRsaSig/rawRsaSig.c delete mode 100755 SecurityTests/cspxutils/rawSig/Makefile delete mode 100755 SecurityTests/cspxutils/rawSig/rawSig.c delete mode 100644 SecurityTests/cspxutils/rsatool/Makefile delete mode 100644 SecurityTests/cspxutils/rsatool/README delete mode 100644 SecurityTests/cspxutils/rsatool/rsatool.c delete mode 100644 SecurityTests/cspxutils/sha2Time/Makefile delete mode 100644 SecurityTests/cspxutils/sha2Time/sha2Time.cpp delete mode 100644 SecurityTests/cspxutils/sha2Vectors/Makefile delete mode 100644 SecurityTests/cspxutils/sha2Vectors/sha2Vectors.cpp delete mode 100644 SecurityTests/cspxutils/sha2VectorsCdsa/Makefile delete mode 100644 SecurityTests/cspxutils/sha2VectorsCdsa/sha2VectorsCdsa.cpp delete mode 100644 SecurityTests/cspxutils/sigPerform/Makefile delete mode 100644 SecurityTests/cspxutils/sigPerform/sigPerform.c delete mode 100644 SecurityTests/cspxutils/sigtest/Makefile delete mode 100644 SecurityTests/cspxutils/sigtest/sigtest.c delete mode 100644 SecurityTests/cspxutils/sshKey/Makefile delete mode 100644 SecurityTests/cspxutils/sshKey/sshKey.cpp delete mode 100644 SecurityTests/cspxutils/ssl2Padding/Makefile delete mode 100644 SecurityTests/cspxutils/ssl2Padding/ssl2Padding.cpp delete mode 100644 SecurityTests/cspxutils/symCompat/Makefile delete mode 100644 SecurityTests/cspxutils/symCompat/symCompat.c delete mode 100644 SecurityTests/cspxutils/symDelta/Makefile delete mode 100644 SecurityTests/cspxutils/symDelta/symDelta.c delete mode 100644 SecurityTests/cspxutils/symReference/Makefile delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ctext_3DES delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ctext_AES delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ctext_AES192 delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ctext_AES256 delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ctext_ASC delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ctext_Blowfish delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ctext_CAST delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ctext_DES delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ctext_RC2 delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ctext_RC4 delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ctext_RC5 delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/iv_3DES delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/iv_AES delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/iv_AES192 delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/iv_AES256 delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/iv_Blowfish delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/iv_CAST delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/iv_DES delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/iv_RC2 delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/iv_RC5 delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/key_3DES delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/key_AES delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/key_AES192 delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/key_AES256 delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/key_ASC delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/key_Blowfish delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/key_CAST delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/key_DES delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/key_RC2 delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/key_RC4 delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/key_RC5 delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ptext_3DES delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ptext_AES delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ptext_AES192 delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ptext_AES256 delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ptext_ASC delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ptext_Blowfish delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ptext_CAST delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ptext_DES delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ptext_RC2 delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ptext_RC4 delete mode 100644 SecurityTests/cspxutils/symReference/blobs/G4/ptext_RC5 delete mode 100644 SecurityTests/cspxutils/symReference/symReference.cpp delete mode 100644 SecurityTests/cspxutils/symTest/Makefile delete mode 100644 SecurityTests/cspxutils/symTest/symTest.c delete mode 100755 SecurityTests/cspxutils/testall delete mode 100644 SecurityTests/cspxutils/utilLib/Makefile delete mode 100644 SecurityTests/cspxutils/utilLib/boxes-ref.h delete mode 100644 SecurityTests/cspxutils/utilLib/bsafeUtils.c delete mode 100644 SecurityTests/cspxutils/utilLib/bsafeUtils.h delete mode 100644 SecurityTests/cspxutils/utilLib/common.c delete mode 100644 SecurityTests/cspxutils/utilLib/common.h delete mode 100644 SecurityTests/cspxutils/utilLib/commonCpp.cpp delete mode 100644 SecurityTests/cspxutils/utilLib/cputime.c delete mode 100644 SecurityTests/cspxutils/utilLib/cputime.h delete mode 100755 SecurityTests/cspxutils/utilLib/cspdlTesting.h delete mode 100644 SecurityTests/cspxutils/utilLib/cspwrap.c delete mode 100644 SecurityTests/cspxutils/utilLib/cspwrap.h delete mode 100644 SecurityTests/cspxutils/utilLib/cssmErrorStrings.h delete mode 100644 SecurityTests/cspxutils/utilLib/fileIo.c delete mode 100644 SecurityTests/cspxutils/utilLib/fileIo.h delete mode 100644 SecurityTests/cspxutils/utilLib/nssAppUtils.cpp delete mode 100644 SecurityTests/cspxutils/utilLib/nssAppUtils.h delete mode 100644 SecurityTests/cspxutils/utilLib/rijndael-alg-ref.c delete mode 100644 SecurityTests/cspxutils/utilLib/rijndael-alg-ref.h delete mode 100644 SecurityTests/cspxutils/utilLib/rijndaelApi.c delete mode 100644 SecurityTests/cspxutils/utilLib/rijndaelApi.h delete mode 100644 SecurityTests/cspxutils/utilLib/ssleayUtils.cpp delete mode 100644 SecurityTests/cspxutils/utilLib/ssleayUtils.h delete mode 100644 SecurityTests/cspxutils/utilLib/t_stdlib.c delete mode 100644 SecurityTests/cspxutils/wrap/Makefile delete mode 100644 SecurityTests/cspxutils/wrap/wrap.c delete mode 100644 SecurityTests/cspxutils/wrapTest/Makefile delete mode 100644 SecurityTests/cspxutils/wrapTest/wrapTest.c rename SecurityTests/nist-certs/{DifferentPoliciesTest12EE.crt => InvalidDifferentPoliciesTest12EE.crt} (100%) rename SecurityTests/nist-certs/{DifferentPoliciesTest4EE.crt => InvalidDifferentPoliciesTest4EE.crt} (100%) rename SecurityTests/nist-certs/{DifferentPoliciesTest5EE.crt => InvalidDifferentPoliciesTest5EE.crt} (100%) rename SecurityTests/nist-certs/{DifferentPoliciesTest7EE.crt => InvalidDifferentPoliciesTest7EE.crt} (100%) rename SecurityTests/nist-certs/{DifferentPoliciesTest8EE.crt => InvalidDifferentPoliciesTest8EE.crt} (100%) rename SecurityTests/nist-certs/{DifferentPoliciesTest9EE.crt => InvalidDifferentPoliciesTest9EE.crt} (100%) delete mode 100644 SecurityTests/regressions/Makefile delete mode 100644 SecurityTests/regressions/README delete mode 100644 SecurityTests/regressions/auth/auth-01-immediate-agent.c delete mode 100644 SecurityTests/regressions/auth/auth-02-aewp-basic.c delete mode 100644 SecurityTests/regressions/auth/auth-SessionCreate-01-basic.c delete mode 100644 SecurityTests/regressions/dl/dl-10-create-delete.c delete mode 100644 SecurityTests/regressions/dl/dl-11-create-relation.c delete mode 100644 SecurityTests/regressions/dl/dl-12-modify.c delete mode 100644 SecurityTests/regressions/inc/MyHarness.pm delete mode 100644 SecurityTests/regressions/inc/Test.pm delete mode 100644 SecurityTests/regressions/inc/Test/Builder.pm delete mode 100644 SecurityTests/regressions/inc/Test/Builder/Module.pm delete mode 100644 SecurityTests/regressions/inc/Test/Builder/Tester.pm delete mode 100644 SecurityTests/regressions/inc/Test/Builder/Tester/Color.pm delete mode 100644 SecurityTests/regressions/inc/Test/Harness.pm delete mode 100644 SecurityTests/regressions/inc/Test/Harness/Assert.pm delete mode 100644 SecurityTests/regressions/inc/Test/Harness/Iterator.pm delete mode 100644 SecurityTests/regressions/inc/Test/Harness/Point.pm delete mode 100644 SecurityTests/regressions/inc/Test/Harness/Results.pm delete mode 100644 SecurityTests/regressions/inc/Test/Harness/Straps.pm delete mode 100644 SecurityTests/regressions/inc/Test/Harness/TAP.pod delete mode 100644 SecurityTests/regressions/inc/Test/Harness/Util.pm delete mode 100644 SecurityTests/regressions/inc/Test/More.pm delete mode 100644 SecurityTests/regressions/inc/Test/Simple.pm delete mode 100644 SecurityTests/regressions/inc/Test/Tutorial.pod delete mode 100755 SecurityTests/regressions/kc/kc-11-unlock-referral.c delete mode 100755 SecurityTests/regressions/kc/kc-20-item-change-label.m delete mode 100755 SecurityTests/regressions/kc/kc-23-item-notify.c delete mode 100755 SecurityTests/regressions/kc/kc-23-notify.c delete mode 100755 SecurityTests/regressions/kc/kc-24-login.c delete mode 100755 SecurityTests/regressions/kc/kc-25-bulk-notify.c delete mode 100755 SecurityTests/regressions/kc/kc-30-trust.c delete mode 100755 SecurityTests/regressions/kc/kc-40-item-change-label2.m delete mode 100644 SecurityTests/regressions/kc/kc-46-dl-add-certificate.c delete mode 100644 SecurityTests/regressions/kc/kc-50-iPhone-emulation.c delete mode 100644 SecurityTests/regressions/kc/kc-50-thread.c delete mode 100644 SecurityTests/regressions/kc/kc-52-testCFEqualAndHash.c delete mode 100755 SecurityTests/regressions/t/40kc-list.t delete mode 100755 SecurityTests/regressions/t/40kc-unlock.t delete mode 100755 SecurityTests/regressions/t/41kc-unlock-referral.t delete mode 100644 SecurityTests/regressions/t/IPC/Run3.pm delete mode 100755 SecurityTests/regressions/t/security.pl delete mode 100644 SecurityTests/regressions/test/00testtest.c delete mode 100644 SecurityTests/regressions/test/testcpp.h delete mode 100644 SecurityTests/regressions/test/testcssm.c delete mode 100644 SecurityTests/regressions/test/testenv.c delete mode 100644 SecurityTests/regressions/test/testenv.h delete mode 100644 SecurityTests/regressions/test/testeventqueue.c delete mode 100644 SecurityTests/regressions/test/testeventqueue.h delete mode 100644 SecurityTests/regressions/test/testleaks.c delete mode 100644 SecurityTests/regressions/test/testleaks.h delete mode 100644 SecurityTests/regressions/test/testmore.c delete mode 100644 SecurityTests/regressions/test/testmore.h delete mode 100644 SecurityTests/regressions/test/testsecevent.c delete mode 100644 SecurityTests/regressions/test/testsecevent.h delete mode 100755 SecurityTests/regressions/ut/ut-00-errors.cpp delete mode 100755 SecurityTests/regressions/ut/ut-01-devrandom.cpp delete mode 100644 SecurityTests/test-certs/CACert.ecc.pem delete mode 100644 SecurityTests/test-certs/CACert.rsa.pem delete mode 100644 SecurityTests/test-certs/CAKey.ecc.pem delete mode 100644 SecurityTests/test-certs/CAKey.rsa.pem delete mode 100644 SecurityTests/test-certs/ClientCert.ecc.ecc.pem delete mode 100644 SecurityTests/test-certs/ClientCert.ecc.rsa.pem delete mode 100644 SecurityTests/test-certs/ClientCert.rsa.ecc.pem delete mode 100644 SecurityTests/test-certs/ClientCert.rsa.rsa.pem delete mode 100644 SecurityTests/test-certs/ClientKey.ecc.pem delete mode 100644 SecurityTests/test-certs/ClientKey.rsa.pem delete mode 100644 SecurityTests/test-certs/ClientReq.ecc.pem delete mode 100644 SecurityTests/test-certs/ClientReq.rsa.pem delete mode 100644 SecurityTests/test-certs/SECG_ecc-secp256r1-client.pem delete mode 100644 SecurityTests/test-certs/SECG_ecc_rsa-secp256r1-client.pem delete mode 100644 SecurityTests/test-certs/ServerCert.ecc.ecc.pem delete mode 100644 SecurityTests/test-certs/ServerCert.ecc.rsa.pem delete mode 100644 SecurityTests/test-certs/ServerCert.rsa.ecc.pem delete mode 100644 SecurityTests/test-certs/ServerCert.rsa.rsa.pem delete mode 100644 SecurityTests/test-certs/ServerKey.ecc.pem delete mode 100644 SecurityTests/test-certs/ServerKey.rsa.pem delete mode 100644 SecurityTests/test-certs/ServerReq.ecc.pem delete mode 100644 SecurityTests/test-certs/ServerReq.rsa.pem delete mode 100644 SecurityTests/test-certs/ecparam.pem delete mode 100644 SecurityTests/testKeychainAPI/English.lproj/InfoPlist.strings delete mode 100755 SecurityTests/testKeychainAPI/run.sh delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI.cwp/testKeychainAPI/testKeychainAPI delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI.pbproj/project.pbxproj delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_CString.cpp delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_CString.h delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Cert.cpp delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Cert.h delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Item.cpp delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Item.h delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Keychain.cpp delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Keychain.h delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Manager.cpp delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Manager.h delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Password.cpp delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Password.h delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/KCOperation.cpp delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/KCOperation.h delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/KCOperationID.cpp delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/KCOperationID.h delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/KCParamUtility.cpp delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/KCParamUtility.h delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/Radar.cpp delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/Radar.h delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/cleanup delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/error_scripts delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/error_sub_cases_scripts delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0000 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0001 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0001.001 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0002 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0002.000 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0003 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0003.000 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0004 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0004.000 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0005 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0005.000 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0006 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0006.000 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0007 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0007.000 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0008 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0008.000 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0009 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0010 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0010.000 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0011 delete mode 100755 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0011.001 delete mode 100755 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0011.002 delete mode 100755 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0011.003 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0012 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0012.000 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0012.001 delete mode 100755 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0013 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0013.000 delete mode 100755 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0014 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0014.000 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0015 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0015.000 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0016 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0016.000 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0017 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0018 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0019 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0020 delete mode 100755 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0021 delete mode 100755 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0022 delete mode 100755 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0023 delete mode 100755 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0024 delete mode 100755 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0025 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0026 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0026.000 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0026.001 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0026.002 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0027 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0027.000 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0027.001 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0027.002 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0028 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0028.000 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0028.001 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0028.002 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0029 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0029.000 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0030 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0030.000 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0031 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0031.000 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0032 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0033 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0034 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0035 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0036 delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/testKeychainAPI.cpp delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI/testKeychainAPI.h delete mode 100644 SecurityTests/testKeychainAPI/testKeychainAPI_user_manual.cwk delete mode 100644 SecurityTests/testclient/attributes.cpp delete mode 100644 SecurityTests/testclient/attributes.h delete mode 100644 SecurityTests/testclient/csptests.cpp delete mode 100644 SecurityTests/testclient/csptests.h delete mode 100644 SecurityTests/testclient/dltests.cpp delete mode 100644 SecurityTests/testclient/dltests.h delete mode 100644 SecurityTests/testclient/testclient.cpp delete mode 100644 SecurityTests/testclient/testclient.pbproj/project.pbxproj delete mode 100644 SecurityTests/xdr_rpc/Makefile.xdr_test delete mode 100644 SecurityTests/xdr_rpc/Reference/AclOwnerPrototype_getOwner.decoded delete mode 100644 SecurityTests/xdr_rpc/Reference/transition.cpp delete mode 100644 SecurityTests/xdr_rpc/TestData/AclEntryInfo_getAcl delete mode 100644 SecurityTests/xdr_rpc/TestData/AclEntryInput_changeAcl delete mode 100644 SecurityTests/xdr_rpc/TestData/AclOwnerPrototype_getOwner delete mode 100644 SecurityTests/xdr_rpc/TestData/Context_decrypt delete mode 100644 SecurityTests/xdr_rpc/TestData/Query_findFirst delete mode 100644 SecurityTests/xdr_rpc/securityd_data_saver.cpp delete mode 100644 SecurityTests/xdr_rpc/securityd_data_saver.h delete mode 100644 SecurityTests/xdr_rpc/xdr_test.cpp delete mode 100644 SecurityTool/SecurityTool.xcodeproj/project.pbxproj delete mode 100644 SecurityTool/config/debug.xcconfig delete mode 100644 SecurityTool/config/project.xcconfig delete mode 100644 SecurityTool/config/release.xcconfig rename SecurityTool/{readline.h => readline_cssm.h} (93%) delete mode 100644 SyncTest/KCATableViewController.xib delete mode 100644 SyncTest/spiralsink114.png delete mode 100644 SyncTest/spiralsink57.png create mode 100644 base/SecBase.h rename {OSX/sec/Security => base}/SecBasePriv.h (61%) rename {OSX/sec/Security => base}/SecInternal.h (73%) rename {OSX/libsecurity_keychain/lib => base}/SecRandom.h (78%) rename {OSX/libsecurity_keychain/lib => base}/Security.h (90%) delete mode 100644 certificates/CertificateTool/CertificateTool.xcodeproj/project.pbxproj rename {OSX/libsecurity_cssm/lib => cssm}/certextensions.h (77%) rename {OSX/libsecurity_cssm/lib => cssm}/cssmapple.h (99%) create mode 100644 header_symlinks/README.txt create mode 120000 header_symlinks/Security/SecBase.h create mode 120000 header_symlinks/Security/SecBasePriv.h create mode 120000 header_symlinks/Security/SecCertificate.h create mode 120000 header_symlinks/Security/SecCertificatePriv.h create mode 120000 header_symlinks/Security/SecCertificateRequest.h create mode 120000 header_symlinks/Security/SecIdentity.h create mode 120000 header_symlinks/Security/SecIdentityPriv.h create mode 120000 header_symlinks/Security/SecImportExport.h create mode 120000 header_symlinks/Security/SecInternal.h create mode 120000 header_symlinks/Security/SecItem.h create mode 120000 header_symlinks/Security/SecItemPriv.h create mode 120000 header_symlinks/Security/SecKey.h create mode 120000 header_symlinks/Security/SecKeyPriv.h create mode 120000 header_symlinks/Security/SecPolicy.h create mode 120000 header_symlinks/Security/SecPolicyPriv.h create mode 120000 header_symlinks/Security/SecRandom.h create mode 120000 header_symlinks/Security/SecTask.h create mode 120000 header_symlinks/Security/SecTrust.h create mode 120000 header_symlinks/Security/SecTrustPriv.h create mode 120000 header_symlinks/Security/SecTrustSettings.h create mode 120000 header_symlinks/Security/SecTrustSettingsPriv.h create mode 120000 header_symlinks/Security/Security.h create mode 120000 header_symlinks/Security/certextensions.h create mode 120000 header_symlinks/iOS/Security/oidsbase.h create mode 120000 header_symlinks/macOS/Security/SecAsn1Types.h create mode 120000 header_symlinks/macOS/Security/SecCmsBase.h create mode 120000 header_symlinks/macOS/Security/SecCmsContentInfo.h create mode 120000 header_symlinks/macOS/Security/SecCmsDecoder.h create mode 120000 header_symlinks/macOS/Security/SecCmsDigestContext.h create mode 120000 header_symlinks/macOS/Security/SecCmsEncoder.h create mode 120000 header_symlinks/macOS/Security/SecCmsEnvelopedData.h create mode 120000 header_symlinks/macOS/Security/SecCmsMessage.h create mode 120000 header_symlinks/macOS/Security/SecCmsRecipientInfo.h create mode 120000 header_symlinks/macOS/Security/SecCmsSignedData.h create mode 120000 header_symlinks/macOS/Security/SecCmsSignerInfo.h create mode 120000 header_symlinks/macOS/Security/oidsbase.h create mode 120000 header_symlinks/macOS/security_utilities/casts.h create mode 120000 header_symlinks/macOS/security_utilities/memutils.h create mode 120000 header_symlinks/utilities/SecCFRelease.h rename {OSX/libsecurity_keychain/lib => keychain}/SecIdentity.h (65%) create mode 100644 keychain/SecIdentityPriv.h rename {OSX/libsecurity_keychain/lib => keychain}/SecImportExport.h (64%) rename {OSX/sec/Security => keychain}/SecItem.h (82%) rename {OSX/sec/Security => keychain}/SecItemPriv.h (95%) rename {OSX/libsecurity_keychain/lib => keychain}/SecKey.h (50%) rename {OSX/sec/Security => keychain}/SecKeyPriv.h (52%) delete mode 100644 libsecurity_smime/lib/security_smime.exp rename {OSX/libsecurity_asn1/libsecurity_asn1.xcodeproj => libsecurity_smime/libCMS.xcodeproj}/.gitignore (100%) rename libsecurity_smime/{libsecurity_smime.xcodeproj => libCMS.xcodeproj}/project.pbxproj (98%) delete mode 100644 libsecurity_smime/libsecurity_smime.xcodeproj/.gitignore rename secdtests/{main.c => main.m} (100%) create mode 100644 security-sysdiagnose/security-sysdiagnose.1 rename OSX/OSX.xcodeproj/project.xcworkspace/xcshareddata/WorkspaceSettings.xcsettings => security-sysdiagnose/security-sysdiagnose.entitlements.plist (71%) create mode 100644 security-sysdiagnose/security-sysdiagnose.m delete mode 100644 securityd/config/debug.xcconfig delete mode 100644 securityd/config/project.xcconfig delete mode 100644 securityd/config/release.xcconfig delete mode 100644 securityd/dtrace/dtrace.mk delete mode 100644 securityd/etc/startup.mk delete mode 100644 securityd/mig/mig.mk delete mode 120000 securityd/security_agent_client delete mode 120000 securityd/security_agent_server delete mode 100644 securityd/securityd.xcodeproj/project.pbxproj delete mode 100644 securityd/src/entropy.cpp delete mode 100644 securityd/src/entropy.h delete mode 100644 securityd/src/securityd.exp create mode 100644 trust/SecCertificate.h create mode 100644 trust/SecCertificatePriv.h create mode 100644 trust/SecCertificateRequest.h rename {OSX/libsecurity_keychain/lib => trust}/SecPolicy.h (67%) rename {OSX/sec/Security => trust}/SecPolicyPriv.h (92%) rename {OSX/sec/Security => trust}/SecTrust.h (99%) rename {OSX/libsecurity_keychain/lib => trust}/SecTrustPriv.h (68%) create mode 100644 trust/SecTrustSettings.h create mode 100644 trust/SecTrustSettingsPriv.h create mode 100644 xcconfig/all_arches.xcconfig create mode 100644 xcconfig/ios_on_macos.xcconfig create mode 100644 xcconfig/lib_ios.xcconfig create mode 100644 xcconfig/lib_ios_debug.xcconfig create mode 100644 xcconfig/lib_ios_debug_all_archs.xcconfig create mode 100644 xcconfig/lib_ios_debug_shim.xcconfig create mode 100644 xcconfig/lib_ios_release.xcconfig create mode 100644 xcconfig/lib_ios_release_shim.xcconfig create mode 100644 xcconfig/lib_ios_x64.xcconfig create mode 100644 xcconfig/lib_ios_x64_debug.xcconfig create mode 100644 xcconfig/lib_ios_x64_debug_shim.xcconfig create mode 100644 xcconfig/lib_ios_x64_release.xcconfig create mode 100644 xcconfig/lib_ios_x64_release_shim.xcconfig create mode 100644 xcconfig/macos_legacy_lib.xcconfig diff --git a/OSX/libsecurity_cssm/lib/security_cssm.exp b/CSSMOID.exp-in similarity index 69% rename from OSX/libsecurity_cssm/lib/security_cssm.exp rename to CSSMOID.exp-in index 85aece61..9704e53c 100644 --- a/OSX/libsecurity_cssm/lib/security_cssm.exp +++ b/CSSMOID.exp-in @@ -1,25 +1,16 @@ -# -# Copyright (c) 2003-2004,2011-2012,2014 Apple Inc. All Rights Reserved. -# -# @APPLE_LICENSE_HEADER_START@ -# -# This file contains Original Code and/or Modifications of Original Code -# as defined in and that are subject to the Apple Public Source License -# Version 2.0 (the 'License'). You may not use this file except in -# compliance with the License. Please obtain a copy of the License at -# http://www.opensource.apple.com/apsl/ and read it before using this -# file. -# -# The Original Code and all software distributed under the License are -# distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER -# EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, -# INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. -# Please see the License for the specific language governing rights and -# limitations under the License. -# -# @APPLE_LICENSE_HEADER_END@ -# +#if TARGET_OS_IPHONE +_CSSMOID_MD5WithRSA +_CSSMOID_SHA1 +_CSSMOID_SHA1WithRSA +_CSSMOID_SHA256WithRSA +_CSSMOID_SHA384WithRSA +_CSSMOID_ECDSA_WithSHA1 +_CSSMOID_ECDSA_WithSHA256 +_CSSMOID_ECDSA_WithSHA384 +_CSSMOID_PKCS5_HMAC_SHA1 +#endif + +#if TARGET_OS_OSX _CSSMOID_ANSI_DH_EPHEM _CSSMOID_ANSI_DH_EPHEM_SHA1 _CSSMOID_ANSI_DH_HYBRID1 @@ -62,6 +53,14 @@ _CSSMOID_APPLE_TP_CODE_SIGNING _CSSMOID_APPLE_TP_PACKAGE_SIGNING _CSSMOID_APPLE_TP_MACAPPSTORE_RECEIPT _CSSMOID_APPLE_TP_APPLEID_SHARING +_CSSMOID_APPLE_TP_TIMESTAMPING +_CSSMOID_APPLE_TP_REVOCATION +_CSSMOID_APPLE_TP_PASSBOOK_SIGNING +_CSSMOID_APPLE_TP_MOBILE_STORE +_CSSMOID_APPLE_TP_ESCROW_SERVICE +_CSSMOID_APPLE_TP_PROFILE_SIGNING +_CSSMOID_APPLE_TP_QA_PROFILE_SIGNING +_CSSMOID_APPLE_TP_TEST_MOBILE_STORE _CSSMOID_APPLE_X509_BASIC _CSSMOID_AliasedEntryName _CSSMOID_AuthorityKeyIdentifier @@ -183,6 +182,8 @@ _CSSMOID_PKCS9_LocalKeyId _CSSMOID_PKCS9_SdsiCertificate _CSSMOID_PKCS9_X509Certificate _CSSMOID_PKCS9_X509Crl +_CSSMOID_PKCS9_Id_Ct_TSTInfo +_CSSMOID_PKCS9_TimeStampToken _CSSMOID_PKCS5_DIGEST_ALG _CSSMOID_PKCS5_ENCRYPT_ALG _CSSMOID_PKCS5_HMAC_SHA1 @@ -372,17 +373,23 @@ _CSSMOID_MACAPPSTORE_CERT_POLICY _CSSMOID_MACAPPSTORE_RECEIPT_CERT_POLICY _CSSMOID_APPLEID_CERT_POLICY _CSSMOID_APPLEID_SHARING_CERT_POLICY +_CSSMOID_MOBILE_STORE_SIGNING_POLICY +_CSSMOID_TEST_MOBILE_STORE_SIGNING_POLICY _CSSMOID_APPLE_EKU_CODE_SIGNING _CSSMOID_APPLE_EKU_CODE_SIGNING_DEV _CSSMOID_APPLE_EKU_RESOURCE_SIGNING _CSSMOID_APPLE_EKU_ICHAT_SIGNING _CSSMOID_APPLE_EKU_ICHAT_ENCRYPTION _CSSMOID_APPLE_EKU_SYSTEM_IDENTITY +_CSSMOID_APPLE_EKU_PASSBOOK_SIGNING +_CSSMOID_APPLE_EKU_PROFILE_SIGNING +_CSSMOID_APPLE_EKU_QA_PROFILE_SIGNING _CSSMOID_APPLE_EXTENSION _CSSMOID_APPLE_EXTENSION_CODE_SIGNING _CSSMOID_APPLE_EXTENSION_APPLE_SIGNING _CSSMOID_APPLE_EXTENSION_ADC_DEV_SIGNING _CSSMOID_APPLE_EXTENSION_ADC_APPLE_SIGNING +_CSSMOID_APPLE_EXTENSION_PASSBOOK_SIGNING _CSSMOID_APPLE_EXTENSION_MACAPPSTORE_RECEIPT _CSSMOID_APPLE_EXTENSION_INTERMEDIATE_MARKER _CSSMOID_APPLE_EXTENSION_WWDR_INTERMEDIATE @@ -390,6 +397,8 @@ _CSSMOID_APPLE_EXTENSION_ITMS_INTERMEDIATE _CSSMOID_APPLE_EXTENSION_AAI_INTERMEDIATE _CSSMOID_APPLE_EXTENSION_APPLEID_INTERMEDIATE _CSSMOID_APPLE_EXTENSION_APPLEID_SHARING +_CSSMOID_APPLE_EXTENSION_SYSINT2_INTERMEDIATE +_CSSMOID_APPLE_EXTENSION_ESCROW_SERVICE _CSSMOID_PKIX_OCSP _CSSMOID_PKIX_OCSP_ARCHIVE_CUTOFF _CSSMOID_PKIX_OCSP_BASIC @@ -398,199 +407,6 @@ _CSSMOID_PKIX_OCSP_NOCHECK _CSSMOID_PKIX_OCSP_NONCE _CSSMOID_PKIX_OCSP_RESPONSE _CSSMOID_PKIX_OCSP_SERVICE_LOCATOR -_CSSM_AC_AuthCompute -_CSSM_AC_PassThrough -_CSSM_CL_CertAbortCache -_CSSM_CL_CertAbortQuery -_CSSM_CL_CertCache -_CSSM_CL_CertCreateTemplate -_CSSM_CL_CertDescribeFormat -_CSSM_CL_CertGetAllFields -_CSSM_CL_CertGetAllTemplateFields -_CSSM_CL_CertGetFirstCachedFieldValue -_CSSM_CL_CertGetFirstFieldValue -_CSSM_CL_CertGetKeyInfo -_CSSM_CL_CertGetNextCachedFieldValue -_CSSM_CL_CertGetNextFieldValue -_CSSM_CL_CertGroupFromVerifiedBundle -_CSSM_CL_CertGroupToSignedBundle -_CSSM_CL_CertSign -_CSSM_CL_CertVerify -_CSSM_CL_CertVerifyWithKey -_CSSM_CL_CrlAbortCache -_CSSM_CL_CrlAbortQuery -_CSSM_CL_CrlAddCert -_CSSM_CL_CrlCache -_CSSM_CL_CrlCreateTemplate -_CSSM_CL_CrlDescribeFormat -_CSSM_CL_CrlGetAllCachedRecordFields -_CSSM_CL_CrlGetAllFields -_CSSM_CL_CrlGetFirstCachedFieldValue -_CSSM_CL_CrlGetFirstFieldValue -_CSSM_CL_CrlGetNextCachedFieldValue -_CSSM_CL_CrlGetNextFieldValue -_CSSM_CL_CrlRemoveCert -_CSSM_CL_CrlSetFields -_CSSM_CL_CrlSign -_CSSM_CL_CrlVerify -_CSSM_CL_CrlVerifyWithKey -_CSSM_CL_FreeFieldValue -_CSSM_CL_FreeFields -_CSSM_CL_IsCertInCachedCrl -_CSSM_CL_IsCertInCrl -_CSSM_CL_PassThrough -_CSSM_CSP_ChangeLoginAcl -_CSSM_CSP_ChangeLoginOwner -_CSSM_CSP_CreateAsymmetricContext -_CSSM_CSP_CreateDeriveKeyContext -_CSSM_CSP_CreateDigestContext -_CSSM_CSP_CreateKeyGenContext -_CSSM_CSP_CreateMacContext -_CSSM_CSP_CreatePassThroughContext -_CSSM_CSP_CreateRandomGenContext -_CSSM_CSP_CreateSignatureContext -_CSSM_CSP_CreateSymmetricContext -_CSSM_CSP_GetLoginAcl -_CSSM_CSP_GetLoginOwner -_CSSM_CSP_GetOperationalStatistics -_CSSM_CSP_Login -_CSSM_CSP_Logout -_CSSM_CSP_ObtainPrivateKeyFromPublicKey -_CSSM_CSP_PassThrough -_CSSM_ChangeKeyAcl -_CSSM_ChangeKeyOwner -_CSSM_DL_Authenticate -_CSSM_DL_ChangeDbAcl -_CSSM_DL_ChangeDbOwner -_CSSM_DL_CreateRelation -_CSSM_DL_DataAbortQuery -_CSSM_DL_DataDelete -_CSSM_DL_DataGetFirst -_CSSM_DL_DataGetFromUniqueRecordId -_CSSM_DL_DataGetNext -_CSSM_DL_DataInsert -_CSSM_DL_DataModify -_CSSM_DL_DbClose -_CSSM_DL_DbCreate -_CSSM_DL_DbDelete -_CSSM_DL_DbOpen -_CSSM_DL_DestroyRelation -_CSSM_DL_FreeNameList -_CSSM_DL_FreeUniqueRecord -_CSSM_DL_GetDbAcl -_CSSM_DL_GetDbNameFromHandle -_CSSM_DL_GetDbNames -_CSSM_DL_GetDbOwner -_CSSM_DL_PassThrough -_CSSM_DecryptData -_CSSM_DecryptDataFinal -_CSSM_DecryptDataInit -_CSSM_DecryptDataInitP -_CSSM_DecryptDataP -_CSSM_DecryptDataUpdate -_CSSM_DeleteContext -_CSSM_DeleteContextAttributes -_CSSM_DeriveKey -_CSSM_DigestData -_CSSM_DigestDataClone -_CSSM_DigestDataFinal -_CSSM_DigestDataInit -_CSSM_DigestDataUpdate -_CSSM_EncryptData -_CSSM_EncryptDataFinal -_CSSM_EncryptDataInit -_CSSM_EncryptDataInitP -_CSSM_EncryptDataP -_CSSM_EncryptDataUpdate -_CSSM_FreeContext -_CSSM_FreeKey -_CSSM_GenerateAlgorithmParams -_CSSM_GenerateKey -_CSSM_GenerateKeyP -_CSSM_GenerateKeyPair -_CSSM_GenerateKeyPairP -_CSSM_GenerateMac -_CSSM_GenerateMacFinal -_CSSM_GenerateMacInit -_CSSM_GenerateMacUpdate -_CSSM_GenerateRandom -_CSSM_GetAPIMemoryFunctions -_CSSM_GetContext -_CSSM_GetContextAttribute -_CSSM_GetKeyAcl -_CSSM_GetKeyOwner -_CSSM_GetModuleGUIDFromHandle -_CSSM_GetPrivilege -_CSSM_GetSubserviceUIDFromHandle -_CSSM_GetTimeValue -_CSSM_Init -_CSSM_Introduce -_CSSM_ListAttachedModuleManagers -_CSSM_ModuleAttach -_CSSM_ModuleDetach -_CSSM_ModuleLoad -_CSSM_ModuleUnload -_CSSM_QueryKeySizeInBits -_CSSM_QuerySize -_CSSM_RetrieveCounter -_CSSM_RetrieveUniqueId -_CSSM_SetContext -_CSSM_SetPrivilege -_CSSM_SignData -_CSSM_SignDataFinal -_CSSM_SignDataInit -_CSSM_SignDataUpdate -_CSSM_TP_ApplyCrlToDb -_CSSM_TP_CertCreateTemplate -_CSSM_TP_CertGetAllTemplateFields -_CSSM_TP_CertGroupConstruct -_CSSM_TP_CertGroupPrune -_CSSM_TP_CertGroupToTupleGroup -_CSSM_TP_CertGroupVerify -_CSSM_TP_CertReclaimAbort -_CSSM_TP_CertReclaimKey -_CSSM_TP_CertRemoveFromCrlTemplate -_CSSM_TP_CertRevoke -_CSSM_TP_CertSign -_CSSM_TP_ConfirmCredResult -_CSSM_TP_CrlCreateTemplate -_CSSM_TP_CrlSign -_CSSM_TP_CrlVerify -_CSSM_TP_FormRequest -_CSSM_TP_FormSubmit -_CSSM_TP_PassThrough -_CSSM_TP_ReceiveConfirmation -_CSSM_TP_RetrieveCredResult -_CSSM_TP_SubmitCredRequest -_CSSM_TP_TupleGroupToCertGroup -_CSSM_Terminate -_CSSM_Unintroduce -_CSSM_UnwrapKey -_CSSM_UnwrapKeyP -_CSSM_UpdateContextAttributes -_CSSM_VerifyData -_CSSM_VerifyDataFinal -_CSSM_VerifyDataInit -_CSSM_VerifyDataUpdate -_CSSM_VerifyDevice -_CSSM_VerifyMac -_CSSM_VerifyMacFinal -_CSSM_VerifyMacInit -_CSSM_VerifyMacUpdate -_CSSM_WrapKey -_CSSM_WrapKeyP -_cssmAlgToOid -_cssmOidToAlg -_gGuidAppleCSP -_gGuidAppleCSPDL -_gGuidAppleFileDL -_gGuidAppleX509CL -_gGuidAppleX509TP -_gGuidAppleDotMacTP -_gGuidAppleSdCSPDL -_gGuidCssm -_gGuidAppleLDAPDL -_gGuidAppleDotMacDL _CSSMOID_X9_62 _CSSMOID_X9_62_FieldType _CSSMOID_X9_62_PubKeyType @@ -640,4 +456,4 @@ _CSSMOID_ECDSA_WithSHA256 _CSSMOID_ECDSA_WithSHA384 _CSSMOID_ECDSA_WithSHA512 _CSSMOID_ECDSA_WithSpecified - +#endif // TARGET_OS_OSX diff --git a/CircleJoinRequested/Applicant.m b/CircleJoinRequested/Applicant.m index f996d3a8..84ada23b 100644 --- a/CircleJoinRequested/Applicant.m +++ b/CircleJoinRequested/Applicant.m @@ -56,23 +56,18 @@ switch (self.applicantUIState) { case ApplicantWaiting: return @"Waiting"; - break; - + case ApplicantOnScreen: return @"OnScreen"; - break; - + case ApplicantRejected: return @"Rejected"; - break; - + case ApplicantAccepted: return @"Accepted"; - break; - + default: return [NSString stringWithFormat:@"UnknownState#%d", self.applicantUIState]; - break; } } diff --git a/CircleJoinRequested/CircleJoinRequested.m b/CircleJoinRequested/CircleJoinRequested.m index ba4bbb13..2664efd7 100644 --- a/CircleJoinRequested/CircleJoinRequested.m +++ b/CircleJoinRequested/CircleJoinRequested.m @@ -27,6 +27,7 @@ #include "SecureObjectSync/SOSCloudCircle.h" #include "SecureObjectSync/SOSCloudCircleInternal.h" #include "SecureObjectSync/SOSPeerInfo.h" +#include "SecureObjectSync/SOSInternal.h" #include #include #import "Applicant.h" @@ -42,6 +43,7 @@ #include "utilities/SecCFRelease.h" #include "utilities/debugging.h" #include "utilities/SecAKSWrappers.h" +#include "utilities/SecCFWrappers.h" #import "CoreCDP/CDPFollowUpController.h" #import "CoreCDP/CDPFollowUpContext.h" @@ -247,7 +249,7 @@ static void applicantChoice(CFUserNotificationRef userNotification, CFOptionFlag // password path. secnotice("cjr", "Couldn't process reject without password (e=%@) for %@ (will try with password next)", error, onScreen); - if (CFErrorGetCode(error) == -536870174 && CFErrorGetDomain(error) == kSecKernDomain) { + if(CFErrorIsMalfunctioningKeybagError(error)){ secnotice("cjr", "system is locked, dismiss the notification"); processApplicantsAfterUnlock = true; return; @@ -460,7 +462,6 @@ static bool iCloudResetAvailable() { } - static NSString *getLocalizedApplicationReminder() { CFStringRef applicationReminder = NULL; switch (MGGetSInt32Answer(kMGQDeviceClassNumber, MGDeviceClassInvalid)) { @@ -496,10 +497,10 @@ static void postApplicationReminderAlert(NSDate *nowish, PersistentState *state, } NSDictionary *pendingAttributes = @{ - (id) kCFUserNotificationAlertHeaderKey : (__bridge NSString *) SecCopyCKString(SEC_CK_REMINDER_TITLE_IOS), + (id) kCFUserNotificationAlertHeaderKey : CFBridgingRelease(SecCopyCKString(SEC_CK_REMINDER_TITLE_IOS)), (id) kCFUserNotificationAlertMessageKey : body, - (id) kCFUserNotificationDefaultButtonTitleKey : (__bridge NSString *) SecCopyCKString(SEC_CK_REMINDER_BUTTON_OK), - (id) kCFUserNotificationAlternateButtonTitleKey: has_iCSC ? (__bridge NSString *) SecCopyCKString(SEC_CK_REMINDER_BUTTON_ICSC) : @"", + (id) kCFUserNotificationDefaultButtonTitleKey : CFBridgingRelease(SecCopyCKString(SEC_CK_REMINDER_BUTTON_OK)), + (id) kCFUserNotificationAlternateButtonTitleKey: has_iCSC ? CFBridgingRelease(SecCopyCKString(SEC_CK_REMINDER_BUTTON_ICSC)) : @"", (id) kCFUserNotificationAlertTopMostKey : @YES, (__bridge id) SBUserNotificationDontDismissOnUnlock : @YES, (__bridge id) SBUserNotificationDismissOnLock : @NO, @@ -611,14 +612,12 @@ static void postKickedOutAlert(enum DepartureReason reason) // Was: SEC_CK_CR_BODY_WITHDREW // "... if you turn off a switch you have some idea why the light is off" - Murf return; - break; case kSOSNeverAppliedToCircle: // We didn't get kicked out, we were never here. This should only happen if we changed iCloud accounts // (and we had sync on in the previous one, and never had it on in the new one). As this is explicit // user action alot of the "Light switch" argument (above) applies. return; - break; case kSOSPasswordChanged: case kSOSNeverLeftCircle: diff --git a/IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxySendMessage.m b/IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxySendMessage.m deleted file mode 100644 index 870f161e..00000000 --- a/IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxySendMessage.m +++ /dev/null @@ -1,306 +0,0 @@ -/* - * Copyright (c) 2012-2016 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - - -#import -#import - -#import -#import -#import -#import - -#include -#include -#include -#include - -#import -#import - -#include -#include -#include - -#import "IDSProxy.h" -#import "IDSPersistentState.h" -#import "IDSKeychainSyncingProxy+IDSProxySendMessage.h" -#import "IDSKeychainSyncingProxy+IDSProxyThrottle.h" - -#define kSecServerKeychainChangedNotification "com.apple.security.keychainchanged" - - -static NSString *const IDSSendMessageOptionForceEncryptionOffKey = @"IDSSendMessageOptionForceEncryptionOff"; - -static NSString *const kIDSNumberOfFragments = @"NumberOfIDSMessageFragments"; -static NSString *const kIDSFragmentIndex = @"kFragmentIndex"; -static NSString *const kIDSOperationType = @"IDSMessageOperation"; -static NSString *const kIDSMessageToSendKey = @"MessageToSendKey"; -static NSString *const kIDSMessageUniqueID = @"MessageID"; -static const int64_t kRetryTimerLeeway = (NSEC_PER_MSEC * 250); // 250ms leeway for handling unhandled messages. -static const int64_t timeout = 7; - -static const int64_t kMaxIDSMessagePayloadSize = 64000; - - -@implementation IDSKeychainSyncingProxy (IDSProxySendMessage) - --(bool) chunkAndSendKeychainPayload:(NSMutableData*)keychainData deviceID:(NSString*)deviceName ourPeerID:(NSString*)ourPeerID theirPeerID:(NSString*) theirPeerID operation:(NSString*)operationTypeAsString error:(NSError**) error -{ - __block BOOL result = false; - - CFUUIDRef uuid = CFUUIDCreate(kCFAllocatorDefault); - CFStringRef uuidString = CFUUIDCreateString(kCFAllocatorDefault, uuid); - - uint64_t keychainDataLength = (uint64_t)[keychainData length]; - NSUInteger tempLength = [keychainData length]; - int fragmentIndex = 0; - int startingPosition = 0; - - int totalNumberOfFragments = ceil((double)((double)keychainDataLength/(double)kMaxIDSMessagePayloadSize)); - secnotice("IDS Transport","Total number of Fragments: %d", totalNumberOfFragments); - - while(tempLength != 0){ - secnotice("IDS Transport","length: %lu", (unsigned long)tempLength); - NSUInteger endlength; - if(tempLength < kMaxIDSMessagePayloadSize) - endlength = tempLength; - else - endlength = kMaxIDSMessagePayloadSize; - - NSData *fragment = [keychainData subdataWithRange:NSMakeRange(startingPosition, endlength)]; - NSMutableDictionary *newFragmentDictionary = [NSMutableDictionary dictionaryWithObjectsAndKeys:fragment, theirPeerID, nil]; - - NSMutableDictionary* newMessageFragment = [NSMutableDictionary dictionaryWithObjectsAndKeys:deviceName, @"deviceID", - [[NSNumber alloc]initWithInt: totalNumberOfFragments], kIDSNumberOfFragments, - [[NSNumber alloc] initWithInt: fragmentIndex], kIDSFragmentIndex, - newFragmentDictionary,kIDSMessageToSendKey, - operationTypeAsString, kIDSOperationType, - (__bridge NSString*)uuidString, kIDSMessageUniqueID, nil]; - NSString *identifier = [NSString string]; - - secnotice("IDS Transport","sending fragment: %@", newMessageFragment); - result = [self sendIDSMessage:newMessageFragment name:deviceName peer:ourPeerID identifier:&identifier error:error]; - startingPosition+=endlength; - tempLength -= endlength; - fragmentIndex++; - } - CFReleaseNull(uuidString); - CFReleaseNull(uuid); - return result; -} - --(BOOL) sendFragmentedIDSMessages:(NSDictionary*)data name:(NSString*) deviceName peer:(NSString*) ourPeerID error:(NSError**) error -{ - - __block BOOL result = false; - - __block NSMutableData *keychainData = nil; - __block NSString *theirPeerID = nil; - secnotice("IDS Transport","fragmenting message! %@", data); - NSString *identifier = [NSString string]; - - NSString* operationTypeAsString = [data objectForKey: kIDSOperationType]; - NSMutableDictionary *messageDictionary = [data objectForKey: kIDSMessageToSendKey]; - - if([operationTypeAsString intValue] == kIDSKeychainSyncIDSFragmentation){ - - [messageDictionary enumerateKeysAndObjectsUsingBlock:^(id key, id obj, BOOL *stop) { - keychainData = (NSMutableData*)obj; - theirPeerID = (NSString*)key; - return; - }]; - secnotice("IDS Transport","keychainData length: %lu", (unsigned long)[keychainData length]); - if((uint64_t)[keychainData length] >= kMaxIDSMessagePayloadSize){ - [self chunkAndSendKeychainPayload:keychainData deviceID:deviceName ourPeerID:ourPeerID theirPeerID:theirPeerID operation:operationTypeAsString error:error]; - } - else{ //message is less than the max encryption size, pass it along - secnotice("IDS Transport","sending message, no fragmentation: %@", data); - result = [self sendIDSMessage:data name:deviceName peer:ourPeerID identifier:&identifier error:error]; - } - } - else - result = [self sendIDSMessage:data name:deviceName peer:ourPeerID identifier:&identifier error:error]; - - - - secnotice("IDS Transport","returning result: %d, error: %@", result, *error); - return result; -} - -- (void)pingTimerFired:(NSString*)deviceID peerID:(NSString*)peerID identifier:(NSString*)identifier -{ - secnotice("IDS Transport", "device ID: %@ !!!!!!!!!!!!!!!!Ping timeout is up!!!!!!!!!!!!", deviceID); - //call securityd to sync with device over KVS - __block CFErrorRef cf_error = NULL; - __block bool success = kHandleIDSMessageSuccess; - - dispatch_source_t timer = [[IDSKeychainSyncingProxy idsProxy].pingTimers objectForKey:deviceID]; //remove timer - dispatch_cancel(timer); //cancel timer - - [[IDSKeychainSyncingProxy idsProxy].pingTimers removeObjectForKey:deviceID]; - - [self sendKeysCallout:^NSMutableDictionary *(NSMutableDictionary *pending, NSError** error) { - - success = SOSCCRequestSyncWithPeerOverKVS(((__bridge CFStringRef)deviceID), &cf_error); - - if(success){ - secnotice("IDSPing", "sent peerID: %@ to securityd to sync over KVS", deviceID); - } - else{ - secerror("Could not hand peerID: %@ to securityd, error: %@", deviceID, cf_error); - } - - return NULL; - }]; - CFReleaseSafe(cf_error); -} - - --(void) pingDevices:(NSArray*)list peerID:(NSString*)peerID -{ - NSDictionary *messageDictionary = @{kIDSOperationType : [NSString stringWithFormat:@"%d", kIDSPeerAvailability], kIDSMessageToSendKey : @"checking peers"}; - - [list enumerateObjectsUsingBlock:^(id obj, NSUInteger idx, BOOL * top) { - NSString* deviceID = (NSString*)obj; - NSString* identifier = [NSString string]; - - secnotice("IDS Transport", "sending to id: %@", deviceID); - NSError *localErr = nil; - - [self recordTimestampOfWriteToIDS: messageDictionary deviceName:deviceID peerID:peerID]; //add pings to throttling - NSDictionary *safeValues = [self filterForWritableValues:messageDictionary]; - - if(safeValues != nil && [safeValues count] > 0){ - [self sendIDSMessage:safeValues name:deviceID peer:peerID identifier:&identifier error:&localErr]; - - if(localErr != nil){ - secerror("sending ping to peer %@ had an error: %@", deviceID, localErr); - [self sendKeysCallout:^NSMutableDictionary *(NSMutableDictionary *pending, NSError** error) { - CFErrorRef kvsError = nil; - bool success = SOSCCRequestSyncWithPeerOverKVS(((__bridge CFStringRef)deviceID), &kvsError); - - if(success){ - secnotice("IDSPing", "sent peerID: %@ to securityd to sync over KVS", deviceID); - } - else{ - secerror("Could not hand peerID: %@ to securityd, error: %@", deviceID, kvsError); - } - CFReleaseNull(kvsError); - return NULL; - }]; - } - else{ - dispatch_source_t timer = nil; - if( [self.pingTimers objectForKey:deviceID] == nil){ - timer = dispatch_source_create(DISPATCH_SOURCE_TYPE_TIMER, 0, 0, dispatch_get_main_queue()); - - dispatch_source_set_timer(timer, dispatch_time(DISPATCH_TIME_NOW, timeout * NSEC_PER_SEC), DISPATCH_TIME_FOREVER, kRetryTimerLeeway); - dispatch_source_set_event_handler(timer, ^{ - [self pingTimerFired:deviceID peerID:peerID identifier:identifier]; - }); - dispatch_resume(timer); - - [self.pingTimers setObject:timer forKey:deviceID]; - } - } - } - }]; - -} --(BOOL) sendIDSMessage:(NSDictionary*)data name:(NSString*) deviceName peer:(NSString*) peerID identifier:(NSString **)identifier error:(NSError**) error -{ - BOOL result = true; - NSDictionary *userInfo; - NSInteger code = 0; - - NSString *errorMessage; - NSMutableSet *destinations = [NSMutableSet set]; - NSArray *ListOfIDSDevices = nil; - IDSMessagePriority priority = IDSMessagePriorityHigh; - IDSDevice *device = nil; - BOOL encryptionOff = YES; - NSError *localError = nil; - NSString *sendersPeerIDKey = [ NSString stringWithUTF8String: kMessageKeySendersPeerID]; - - secnotice("backoff","!!writing these keys to IDS!!: %@", data); - - NSDictionary *options = @{IDSSendMessageOptionForceEncryptionOffKey : [NSNumber numberWithBool:encryptionOff] }; - - NSMutableDictionary *dataCopy = [NSMutableDictionary dictionaryWithDictionary: data]; - - [dataCopy setObject:peerID forKey:sendersPeerIDKey]; - - secnotice("IDS Transport", "Sending message from: %@ to: %@", peerID, deviceName); - - require_action_quiet(_service, fail, code = kSecIDSErrorNotRegistered; errorMessage = createErrorString(@"Could not send message to peer: %@: IDS delegate uninitialized, can't use IDS to send this message", deviceName)); - - secnotice("IDS Transport","devices: %@", [_service devices]); - secnotice("IDS Transport", " we have their deviceName: %@", deviceName); - - ListOfIDSDevices = [_service devices]; - - require_action_quiet([ListOfIDSDevices count]> 0, fail, code = kSecIDSErrorNotRegistered; errorMessage=createErrorString(@"Could not send message to peer: %@: IDS devices are not registered yet", deviceName)); - secnotice("IDS Transport","This is our list of devices: %@", ListOfIDSDevices); - - for(NSUInteger i = 0; i < [ ListOfIDSDevices count ]; i++){ - device = ListOfIDSDevices[i]; - if( [ deviceName compare:device.uniqueID ] == 0){ - [destinations addObject: IDSCopyIDForDevice(device)]; - } - } - - require_action_quiet([destinations count] != 0, fail, code = kSecIDSErrorCouldNotFindMatchingAuthToken; errorMessage = createErrorString(@"Could not send message to peer: %@: IDS device ID for peer does not match any devices within an IDS Account", deviceName)); - - result = [_service sendMessage:dataCopy toDestinations:destinations priority:priority options:options identifier:identifier error:&localError ] ; - - require_action_quiet(localError == nil, fail, code = kSecIDSErrorFailedToSend; errorMessage = createErrorString(@"Had an error sending IDS message to peer: %@", deviceName)); - - secnotice("IDS Transport", "identifier: %@", *identifier); - - secnotice("IDS Transport","sent to peer:%@, message: %@", deviceName, dataCopy); - - return result; - -fail: - userInfo = [ NSDictionary dictionaryWithObjectsAndKeys:errorMessage, NSLocalizedDescriptionKey, nil ]; - if(error != nil){ - *error = [NSError errorWithDomain:@"com.apple.security.ids.error" code:code userInfo:userInfo]; - secerror("%@", *error); - } - if(localError != nil) - secerror("%@", localError); - - return false; -} - -- (void)service:(IDSService *)service account:(IDSAccount *)account identifier:(NSString *)identifier didSendWithSuccess:(BOOL)success error:(NSError *)error -{ - if (error) { - NSLog(@"IDSKeychainSyncingProxy didSendWithSuccess identifier=%@ error=%@", identifier, error); - } else { - NSLog(@"IDSKeychainSyncingProxy didSendWithSuccess identifier=%@ Success!", identifier); - } -} - -@end diff --git a/KVSKeychainSyncingProxy/CKDAKSLockMonitor.h b/KVSKeychainSyncingProxy/CKDAKSLockMonitor.h new file mode 100644 index 00000000..7cdf72f4 --- /dev/null +++ b/KVSKeychainSyncingProxy/CKDAKSLockMonitor.h @@ -0,0 +1,27 @@ +// +// CKDAKSLockMonitor.h +// Security +// + + +#import "CKDLockMonitor.h" +#import "XPCNotificationDispatcher.h" + +#import + +@interface CKDAKSLockMonitor : NSObject + +@property (readonly) BOOL unlockedSinceBoot; +@property (readonly) BOOL locked; + +@property (weak) NSObject* listener; + ++ (instancetype) monitor; + +- (instancetype) init; + +- (void) recheck; + +- (void) connectTo: (NSObject*) listener; + +@end diff --git a/KVSKeychainSyncingProxy/CKDAKSLockMonitor.m b/KVSKeychainSyncingProxy/CKDAKSLockMonitor.m new file mode 100644 index 00000000..328d96a4 --- /dev/null +++ b/KVSKeychainSyncingProxy/CKDAKSLockMonitor.m @@ -0,0 +1,93 @@ +// +// CKDAKSLockMonitor.m +// Security +// +// Created by Mitch Adler on 11/2/16. +// +// + +#import + +#import "CKDAKSLockMonitor.h" + +#include +#include +#include + + +@interface CKDAKSLockMonitor () + +@property XPCNotificationDispatcher* dispatcher; +@property XPCNotificationBlock notificationBlock; + +@end + +@implementation CKDAKSLockMonitor + ++ (instancetype) monitor { + return [[CKDAKSLockMonitor alloc] init]; +} + +- (instancetype)init { + self = [super init]; + + if (self) { + XPCNotificationDispatcher* dispatcher = [XPCNotificationDispatcher dispatcher]; + + [dispatcher addListener: self]; + + self->_locked = true; + self->_unlockedSinceBoot = false; + + [self recheck]; + } + + return self; +} + +- (void) handleNotification:(const char *)name { + if (strcmp(name, kUserKeybagStateChangeNotification) == 0) { + [self recheck]; + } +} + +- (void) notifyListener { + if (self.listener) { + if (self.locked) { + [self.listener locked]; + } else { + [self.listener unlocked]; + } + } +} + +- (void)connectTo: (NSObject*) listener { + self->_listener = listener; + [self notifyListener]; +} + +- (void) recheck { + CFErrorRef aksError = NULL; + bool locked = true; // Assume locked if we get an error + + if (!SecAKSGetIsLocked(&locked, &aksError)) { + secerror("%@ Got error querying lock state: %@", self, aksError); + CFReleaseSafe(aksError); + } + + BOOL previousLocked = self.locked; + self->_locked = locked; + + if (!self.locked) { + self->_unlockedSinceBoot = true; + } + + if (previousLocked != self.locked) { + // recheck might get called from ckdkvsproxy_queue (see 30510390) + dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{ + [self notifyListener]; + }); + } +} + +@end diff --git a/KVSKeychainSyncingProxy/CKDAccount.h b/KVSKeychainSyncingProxy/CKDAccount.h index 24cb3979..6fb7aff2 100644 --- a/KVSKeychainSyncingProxy/CKDAccount.h +++ b/KVSKeychainSyncingProxy/CKDAccount.h @@ -10,6 +10,8 @@ - (NSSet*) keysChanged: (NSDictionary*) keyValues error: (NSError**) error; - (bool) ensurePeerRegistration: (NSError**) error; + +- (NSSet*) syncWithPeers: (NSSet*) peerIDs backups: (NSSet*) backupPeerIDs error: (NSError**) error; - (bool) syncWithAllPeers: (NSError**) error; @end diff --git a/KVSKeychainSyncingProxy/CKDKVSProxy.h b/KVSKeychainSyncingProxy/CKDKVSProxy.h index af3fd3d7..f776992b 100644 --- a/KVSKeychainSyncingProxy/CKDKVSProxy.h +++ b/KVSKeychainSyncingProxy/CKDKVSProxy.h @@ -37,12 +37,14 @@ #import "CKDStore.h" #import "CKDAccount.h" +#import "CKDLockMonitor.h" +#import "XPCNotificationDispatcher.h" #define XPROXYSCOPE "proxy" typedef void (^FreshnessResponseBlock)(bool success, NSError *err); -@interface UbiqitousKVSProxy : NSObject +@interface UbiqitousKVSProxy : NSObject { id currentiCloudToken; int callbackMethod; @@ -50,14 +52,14 @@ typedef void (^FreshnessResponseBlock)(bool success, NSError *err); @property (readonly) NSObject* store; @property (readonly) NSObject* account; +@property (readonly) NSObject* lockMonitor; +@property (readonly) NSURL* persistenceURL; @property (retain, nonatomic) NSMutableSet *alwaysKeys; @property (retain, nonatomic) NSMutableSet *firstUnlockKeys; @property (retain, nonatomic) NSMutableSet *unlockedKeys; -@property (atomic) bool unlockedSinceBoot; -@property (atomic) bool isLocked; @property (atomic) bool seenKVSStoreChange; @@ -65,9 +67,13 @@ typedef void (^FreshnessResponseBlock)(bool success, NSError *err); @property (retain, nonatomic) NSMutableSet *shadowPendingKeys; @property (retain, nonatomic) NSString *dsid; +@property (retain, nonatomic) NSString *accountUUID; -@property (atomic) bool syncWithPeersPending; -@property (atomic) bool shadowSyncWithPeersPending; +@property (retain, nonatomic) NSMutableSet* pendingSyncPeerIDs; +@property (retain, nonatomic) NSMutableSet* shadowPendingSyncPeerIDs; + +@property (retain, nonatomic) NSMutableSet* pendingSyncBackupPeerIDs; +@property (retain, nonatomic) NSMutableSet* shadowPendingSyncBackupPeerIDs; @property (atomic) bool ensurePeerRegistration; @property (atomic) bool shadowEnsurePeerRegistration; @@ -77,13 +83,6 @@ typedef void (^FreshnessResponseBlock)(bool success, NSError *err); @property (retain, nonatomic) NSMutableArray *freshnessCompletions; @property (atomic) dispatch_time_t nextFreshnessTime; -@property (atomic) dispatch_source_t syncTimer; -@property (atomic) bool syncTimerScheduled; - -@property (atomic) dispatch_time_t deadline; -@property (atomic) dispatch_time_t lastSyncTime; - - @property (atomic) dispatch_queue_t calloutQueue; @property (atomic) dispatch_queue_t ckdkvsproxy_queue; @@ -95,11 +94,18 @@ typedef void (^FreshnessResponseBlock)(bool success, NSError *err); @property (copy, atomic) dispatch_block_t shadowFlushBlock; -+ (UbiqitousKVSProxy *) sharedKVSProxy; - (NSString *)description; -- (id)init NS_UNAVAILABLE; -- (id)initWithAccount:(NSObject*) account - store:(NSObject*) store NS_DESIGNATED_INITIALIZER; +- (instancetype)init NS_UNAVAILABLE; + ++ (instancetype)withAccount:(NSObject*) account + store:(NSObject*) store + lockMonitor:(NSObject*) lockMonitor + persistence:(NSURL*) localPersistence; + +- (instancetype)initWithAccount:(NSObject*) account + store:(NSObject*) store + lockMonitor:(NSObject*) lockMonitor + persistence:(NSURL*) localPersistence NS_DESIGNATED_INITIALIZER; // Requests: @@ -115,12 +121,12 @@ typedef void (^FreshnessResponseBlock)(bool success, NSError *err); - (void)storeKeysChanged: (NSSet*) changedKeys initial: (bool) initial; - (void)storeAccountChanged; -- (void)streamEvent:(xpc_object_t)notification; - -- (void)processAllItems; -- (void)requestSyncWithAllPeers; - (void)requestEnsurePeerRegistration; +- (void)requestSyncWithPeerIDs: (NSArray*) peerIDs backupPeerIDs: (NSArray*) backupPeerIDs; +- (BOOL)hasSyncPendingFor: (NSString*) peerID; +- (BOOL)hasPendingKey: (NSString*) keyName; + - (void)registerAtTimeKeys:(NSDictionary*)keyparms; - (NSSet*) keysForCurrentLockState; @@ -133,14 +139,13 @@ typedef void (^FreshnessResponseBlock)(bool success, NSError *err); - (void)processPendingKeysForCurrentLockState; -- (void)registerKeys: (NSDictionary*)keys; +- (void)registerKeys: (NSDictionary*)keys forAccount: (NSString*) accountUUID; - (void)processKeyChangedEvent:(NSDictionary *)keysChangedInCloud; - (NSMutableDictionary *)copyValues:(NSSet *)keysOfInterest; - (void) doAfterFlush: (dispatch_block_t) block; -- (void) calloutWith: (void(^)(NSSet *pending, bool syncWithPeersPending, bool ensurePeerRegistration, - dispatch_queue_t queue, void(^done)(NSSet *handledKeys, bool handledSyncWithPeers, bool handledEnsurePeerRegistration, NSError* error))) callout; +- (void) calloutWith: (void(^)(NSSet *pending, NSSet* pendingSyncIDs, NSSet* pendingBackupSyncIDs, bool ensurePeerRegistration, dispatch_queue_t queue, void(^done)(NSSet *handledKeys, NSSet *handledSyncs, bool handledEnsurePeerRegistration, NSError* error))) callout; - (void) sendKeysCallout: (NSSet *(^)(NSSet* pending, NSError **error)) handleKeys; - (void)recordWriteToKVS:(NSDictionary *)values; diff --git a/KVSKeychainSyncingProxy/CKDKVSProxy.m b/KVSKeychainSyncingProxy/CKDKVSProxy.m index ce02841d..79839ce1 100644 --- a/KVSKeychainSyncingProxy/CKDKVSProxy.m +++ b/KVSKeychainSyncingProxy/CKDKVSProxy.m @@ -32,9 +32,10 @@ #import #import "CKDKVSProxy.h" -#import "CKDPersistentState.h" #import "CKDKVSStore.h" +#import "CKDAKSLockMonitor.h" #import "CKDSecuritydAccount.h" +#import "NSURL+SOSPlistStore.h" #include #include @@ -42,6 +43,9 @@ #include "SOSCloudKeychainConstants.h" #include +#include + +#import "XPCNotificationDispatcher.h" /* The total space available in your app’s iCloud key-value storage is 1 MB. @@ -52,8 +56,6 @@ 1,000 key-value pairs. */ -static const char *kStreamName = "com.apple.notifyd.matching"; - static NSString *kKeyKeyParameterKeys = @"KeyParameterKeys"; static NSString *kKeyCircleKeys = @"CircleKeys"; static NSString *kKeyMessageKeys = @"MessageKeys"; @@ -65,9 +67,14 @@ static NSString *kKeyPendingKeys = @"PendingKeys"; static NSString *kKeyUnsentChangedKeys = @"unsentChangedKeys"; static NSString *kKeyUnlockNotificationRequested = @"unlockNotificationRequested"; static NSString *kKeySyncWithPeersPending = @"SyncWithPeersPending"; + +static NSString *kKeyPendingSyncPeerIDs = @"SyncPeerIDs"; +static NSString *kKeyPendingSyncBackupPeerIDs = @"SyncBackupPeerIDs"; + static NSString *kKeyEnsurePeerRegistration = @"EnsurePeerRegistration"; static NSString *kKeyDSID = @"DSID"; static NSString *kMonitorState = @"MonitorState"; +static NSString *kKeyAccountUUID = @"MonitorState"; static NSString *kMonitorPenaltyBoxKey = @"Penalty"; static NSString *kMonitorMessageKey = @"Message"; @@ -95,9 +102,6 @@ const CFStringRef kSOSKVSOfficialDSIDKey = CFSTR("^OfficialDSID"); static int max_penalty_timeout = 32; static int seconds_per_minute = 60; -static const int64_t kMinSyncDelay = (NSEC_PER_MSEC * 500); // 500ms minimum delay before a syncWithAllPeers call. -static const int64_t kMaxSyncDelay = (NSEC_PER_SEC * 5); // 5s maximun delay for a given request -static const int64_t kMinSyncInterval = (NSEC_PER_SEC * 15); // 15s minimum time between successive syncWithAllPeers calls. static const int64_t kSyncTimerLeeway = (NSEC_PER_MSEC * 250); // 250ms leeway for sync events. static NSString* asNSString(NSObject* object) { @@ -109,35 +113,128 @@ static NSString* asNSString(NSObject* object) { @end @implementation NSMutableDictionary (FindAndRemove) --(NSObject*)extractObjectForKey:(NSString*)key { +-(NSObject*)extractObjectForKey:(NSString*)key +{ NSObject* result = [self objectForKey:key]; [self removeObjectForKey: key]; return result; } @end -@implementation UbiqitousKVSProxy +@interface NSSet (Emptiness) +- (bool) isEmpty; +@end -- (void)persistState +@implementation NSSet (Emptiness) +- (bool) isEmpty { - [SOSPersistentState setRegisteredKeys:[self exportKeyInterests]]; + return [self count] == 0; } +@end -+ (UbiqitousKVSProxy *) sharedKVSProxy +@interface NSSet (HasElements) +- (bool) containsElementsNotIn: (NSSet*) other; +@end + +@implementation NSSet (HasElements) +- (bool) containsElementsNotIn: (NSSet*) other { - static UbiqitousKVSProxy *sharedKVSProxy; - if (!sharedKVSProxy) { - static dispatch_once_t onceToken; - dispatch_once(&onceToken, ^{ - sharedKVSProxy = [[self alloc] initWithAccount: [CKDSecuritydAccount securitydAccount] - store: [CKDKVSStore kvsInterface]]; - }); - } - return sharedKVSProxy; + __block bool hasElements = false; + [self enumerateObjectsUsingBlock:^(id _Nonnull obj, BOOL * _Nonnull stop) { + if (![other containsObject:obj]) { + hasElements = true; + *stop = true; + } + }]; + return hasElements; } -- (id)initWithAccount:(NSObject*) account - store:(NSObject*) store +@end + +@implementation NSSet (Stringizing) +- (NSString*) sortedElementsJoinedByString: (NSString*) separator { + return [self sortedElementsTruncated: 0 JoinedByString: separator]; +} + +- (NSString*) sortedElementsTruncated: (NSUInteger) length JoinedByString: (NSString*) separator +{ + NSMutableArray* strings = [NSMutableArray array]; + + [self enumerateObjectsUsingBlock:^(id _Nonnull obj, BOOL * _Nonnull stop) { + NSString *stringToInsert = nil; + if ([obj isNSString__]) { + stringToInsert = obj; + } else { + stringToInsert = [obj description]; + } + + if (length > 0 && length < stringToInsert.length) { + stringToInsert = [stringToInsert substringToIndex:length]; + } + + [strings insertObject:stringToInsert atIndex:0]; + }]; + + [strings sortUsingSelector: @selector(compare:)]; + + return [strings componentsJoinedByString:separator]; +} +@end + +@implementation NSSet (CKDLogging) +- (NSString*) logKeys { + return [self sortedElementsJoinedByString:@" "]; +} + +- (NSString*) logIDs { + return [self sortedElementsTruncated:8 JoinedByString:@" "]; +} +@end + + +@interface NSDictionary (SOSDictionaryFormat) +- (NSString*) compactDescription; +@end + +@implementation NSDictionary (SOSDictionaryFormat) +- (NSString*) compactDescription +{ + NSMutableArray *elements = [NSMutableArray array]; + [self enumerateKeysAndObjectsUsingBlock: ^(NSString *key, id obj, BOOL *stop) { + [elements addObject: [key stringByAppendingString: @":"]]; + if ([obj isKindOfClass:[NSArray class]]) { + [elements addObject: [(NSArray *)obj componentsJoinedByString: @" "]]; + } else { + [elements addObject: [NSString stringWithFormat:@"%@", obj]]; + } + }]; + return [elements componentsJoinedByString: @" "]; +} +@end + +@interface UbiqitousKVSProxy () +@property (nonatomic) NSDictionary* persistentData; +- (void) doSyncWithAllPeers; +- (void) persistState; +@end + +@implementation UbiqitousKVSProxy + ++ (instancetype)withAccount:(NSObject*) account + store:(NSObject*) store + lockMonitor:(NSObject*) lockMonitor + persistence:(NSURL*) localPersistence +{ + return [[self alloc] initWithAccount:account + store:store + lockMonitor:lockMonitor + persistence:localPersistence]; +} + +- (instancetype)initWithAccount:(NSObject*) account + store:(NSObject*) store + lockMonitor:(NSObject*) lockMonitor + persistence:(NSURL*) localPersistence { if (self = [super init]) { @@ -150,52 +247,44 @@ static NSString* asNSString(NSObject* object) { return NULL; } #endif - _unlockedSinceBoot = NO; - _isLocked = YES; // until we know for sure _ensurePeerRegistration = NO; - _syncWithPeersPending = NO; + _pendingSyncPeerIDs = [NSMutableSet set]; + _pendingSyncBackupPeerIDs = [NSMutableSet set]; + _shadowPendingSyncPeerIDs = nil; + _shadowPendingSyncBackupPeerIDs = nil; + + _persistenceURL = localPersistence; _account = account; _store = store; + _lockMonitor = lockMonitor; + _calloutQueue = dispatch_queue_create("CKDCallout", DISPATCH_QUEUE_SERIAL); - _ckdkvsproxy_queue = dispatch_get_main_queue(); + _ckdkvsproxy_queue = dispatch_queue_create("CKDKVSProxy", DISPATCH_QUEUE_SERIAL); _freshnessCompletions = [NSMutableArray array]; - _syncTimer = dispatch_source_create(DISPATCH_SOURCE_TYPE_TIMER, 0, 0, _ckdkvsproxy_queue); - dispatch_source_set_timer(_syncTimer, DISPATCH_TIME_FOREVER, DISPATCH_TIME_FOREVER, kSyncTimerLeeway); - dispatch_source_set_event_handler(_syncTimer, ^{ - [self timerFired]; - }); - dispatch_resume(_syncTimer); - _monitor = [NSMutableDictionary dictionary]; + [[XPCNotificationDispatcher dispatcher] addListener: self]; + int notificationToken; notify_register_dispatch(kSecServerKeychainChangedNotification, ¬ificationToken, _ckdkvsproxy_queue, ^ (int token __unused) { secinfo("backoff", "keychain changed, wiping backoff monitor state"); - _monitor = [NSMutableDictionary dictionary]; + self->_monitor = [NSMutableDictionary dictionary]; }); - [self importKeyInterests: [SOSPersistentState registeredKeys]]; + [self setPersistentData: [self.persistenceURL readPlist]]; - // Register for lock state changes - xpc_set_event_stream_handler(kStreamName, _ckdkvsproxy_queue, - ^(xpc_object_t notification){ - [self streamEvent:notification]; - }); _dsid = @""; - - [self updateUnlockedSinceBoot]; - [self updateIsLocked]; - if (!_isLocked) - [self keybagDidUnlock]; + _accountUUID = @""; [[self store] connectToProxy: self]; + [[self lockMonitor] connectTo:self]; secdebug(XPROXYSCOPE, "%@ done", self); } @@ -204,16 +293,15 @@ static NSString* asNSString(NSObject* object) { - (NSString *)description { - return [NSString stringWithFormat:@"<%s%s%s%s%s%s%s%s%s%s%s>", - _isLocked ? "L" : "U", - _unlockedSinceBoot ? "B" : "-", + return [NSString stringWithFormat:@"<%s%s%s%s%s%s%s%s%s%s>", + [[self lockMonitor] locked] ? "L" : "U", + [[self lockMonitor] unlockedSinceBoot] ? "B" : "-", _seenKVSStoreChange ? "K" : "-", - _syncTimerScheduled ? "T" : "-", - _syncWithPeersPending ? "s" : "-", + [self hasPendingNonShadowSyncIDs] ? "s" : "-", _ensurePeerRegistration ? "e" : "-", [_pendingKeys count] ? "p" : "-", _inCallout ? "C" : "-", - _shadowSyncWithPeersPending ? "S" : "-", + [self hasPendingShadowSyncIDs] ? "S" : "-", _shadowEnsurePeerRegistration ? "E" : "-", [_shadowPendingKeys count] ? "P" : "-"]; } @@ -236,11 +324,10 @@ static NSString* asNSString(NSObject* object) { return [self.store copyAsDictionary]; } -// -// -// -- (void)processAllItems +- (void)_queue_processAllItems { + dispatch_assert_queue(_ckdkvsproxy_queue); + NSDictionary *allItems = [self.store copyAsDictionary]; if (allItems) { @@ -263,6 +350,65 @@ static NSString* asNSString(NSObject* object) { object:nil]; } +// MARK: Persistence + +- (NSDictionary*) persistentData +{ + return @{ kKeyAlwaysKeys:[_alwaysKeys allObjects], + kKeyFirstUnlockKeys:[_firstUnlockKeys allObjects], + kKeyUnlockedKeys:[_unlockedKeys allObjects], + kKeyPendingKeys:[_pendingKeys allObjects], + kKeyPendingSyncPeerIDs:[_pendingSyncPeerIDs allObjects], + kKeyPendingSyncBackupPeerIDs:[_pendingSyncBackupPeerIDs allObjects], + kMonitorState:_monitor, + kKeyEnsurePeerRegistration:[NSNumber numberWithBool:_ensurePeerRegistration], + kKeyDSID:_dsid, + kKeyAccountUUID:_accountUUID + }; +} + +- (void) setPersistentData: (NSDictionary*) interests +{ + _alwaysKeys = [NSMutableSet setWithArray: interests[kKeyAlwaysKeys]]; + _firstUnlockKeys = [NSMutableSet setWithArray: interests[kKeyFirstUnlockKeys]]; + _unlockedKeys = [NSMutableSet setWithArray: interests[kKeyUnlockedKeys]]; + + _pendingKeys = [NSMutableSet setWithArray: interests[kKeyPendingKeys]]; + + _pendingSyncPeerIDs = [NSMutableSet setWithArray: interests[kKeyPendingSyncPeerIDs]]; + _pendingSyncBackupPeerIDs = [NSMutableSet setWithArray: interests[kKeyPendingSyncBackupPeerIDs]]; + + _monitor = interests[kMonitorState]; + if(_monitor == nil) + _monitor = [NSMutableDictionary dictionary]; + + _ensurePeerRegistration = [interests[kKeyEnsurePeerRegistration] boolValue]; + + _dsid = interests[kKeyDSID]; + _accountUUID = interests[kKeyAccountUUID]; + + // If we had a sync pending, we kick it off and migrate to sync with these peers + if ([interests[kKeySyncWithPeersPending] boolValue]) { + [self doSyncWithAllPeers]; + } +} + +- (void)persistState +{ + NSDictionary* dataToSave = self.persistentData; + + secdebug("persistence", "Writing registeredKeys: %@", [dataToSave compactDescription]); + if (![self.persistenceURL writePlist:dataToSave]) { + secerror("Failed to write persistence data to %@", self.persistenceURL); + } +} + + +#if TARGET_OS_EMBEDDED && !TARGET_IPHONE_SIMULATOR +CFStringRef const CKDAggdIncreaseThrottlingKey = CFSTR("com.apple.cloudkeychainproxy.backoff.increase"); +CFStringRef const CKDAggdDecreaseThrottlingKey = CFSTR("com.apple.cloudkeychainproxy.backoff.decrease"); +#endif + // MARK: Penalty measurement and handling -(dispatch_source_t)setNewTimer:(int)timeout key:(NSString*)key { @@ -277,6 +423,10 @@ static NSString* asNSString(NSObject* object) { -(void) increasePenalty:(NSNumber*)currentPenalty key:(NSString*)key keyEntry:(NSMutableDictionary**)keyEntry { +#if TARGET_OS_EMBEDDED && !TARGET_IPHONE_SIMULATOR + SecADAddValueForScalarKey(CKDAggdIncreaseThrottlingKey, 1); +#endif + secnotice("backoff", "increasing penalty!"); int newPenalty = 0; if([currentPenalty intValue] == max_penalty_timeout){ @@ -310,6 +460,10 @@ static NSString* asNSString(NSObject* object) { -(void) decreasePenalty:(NSNumber*)currentPenalty key:(NSString*)key keyEntry:(NSMutableDictionary**)keyEntry { +#if TARGET_OS_EMBEDDED && !TARGET_IPHONE_SIMULATOR + SecADAddValueForScalarKey(CKDAggdDecreaseThrottlingKey, 1); +#endif + int newPenalty = 0; secnotice("backoff","decreasing penalty!"); if([currentPenalty intValue] == 0 || [currentPenalty intValue] == 1) @@ -492,7 +646,7 @@ static NSString* asNSString(NSObject* object) { else{ [values enumerateKeysAndObjectsUsingBlock: ^(id key, id obj, BOOL *stop) { - NSMutableDictionary *keyEntry = [_monitor objectForKey:key]; + NSMutableDictionary *keyEntry = [self->_monitor objectForKey:key]; if(keyEntry == nil){ [self initializeKeyEntry: key]; } @@ -510,7 +664,7 @@ static NSString* asNSString(NSObject* object) { [keyEntry setObject:existingWrites forKey:kMonitorConsecutiveWrites]; [keyEntry setObject:timeTable forKey:kMonitorTimeTable]; [keyEntry setObject:currentTime forKey:kMonitorLastWriteTimestamp]; - [_monitor setObject:keyEntry forKey:key]; + [self->_monitor setObject:keyEntry forKey:key]; if([penalty_timeout intValue] != 0 || ((double)[currentTime timeIntervalSinceDate: lastWriteTimestamp] <= 60 && consecutiveWrites >= 5)){ if([penalty_timeout intValue] != 0 && consecutiveWrites == 5){ @@ -537,7 +691,7 @@ static NSString* asNSString(NSObject* object) { NSMutableDictionary *SafeMessages = [NSMutableDictionary dictionary]; [values enumerateKeysAndObjectsUsingBlock: ^(id key, id obj, BOOL *stop) { - NSMutableDictionary *keyEntry = [_monitor objectForKey:key]; + NSMutableDictionary *keyEntry = [self->_monitor objectForKey:key]; NSNumber *penalty = [keyEntry objectForKey:kMonitorPenaltyBoxKey]; if([penalty intValue] != 0){ NSMutableDictionary* existingQueue = [keyEntry valueForKey:kMonitorMessageQueue]; @@ -545,7 +699,7 @@ static NSString* asNSString(NSObject* object) { [existingQueue setObject:obj forKey:key]; [keyEntry setObject:existingQueue forKey:kMonitorMessageQueue]; - [_monitor setObject:keyEntry forKey:key]; + [self->_monitor setObject:keyEntry forKey:key]; } else{ [SafeMessages setObject:obj forKey:key]; @@ -607,10 +761,10 @@ static NSString* asNSString(NSObject* object) { - (void)setObjectsFromDictionary:(NSDictionary *)values { - [[UbiqitousKVSProxy sharedKVSProxy] recordWriteToKVS: values]; - NSDictionary *safeValues = [[UbiqitousKVSProxy sharedKVSProxy] recordHaltedValuesAndReturnValuesToSafelyWrite: values]; + [self recordWriteToKVS: values]; + NSDictionary *safeValues = [self recordHaltedValuesAndReturnValuesToSafelyWrite: values]; if([safeValues count] !=0){ - [[UbiqitousKVSProxy sharedKVSProxy] setStoreObjectsFromDictionary:safeValues]; + [self setStoreObjectsFromDictionary:safeValues]; } } @@ -630,7 +784,7 @@ static NSString* asNSString(NSObject* object) { NSError *error = nil; bool success = [self.store pullUpdates:&error]; - dispatch_async(_ckdkvsproxy_queue, ^{ + dispatch_async(self->_ckdkvsproxy_queue, ^{ [self waitForSyncDone: success error: error]; }); }); @@ -657,36 +811,6 @@ static NSString* asNSString(NSObject* object) { // MARK: ----- KVS key lists ----- // - -- (NSDictionary*) exportKeyInterests -{ - return @{ kKeyAlwaysKeys:[_alwaysKeys allObjects], - kKeyFirstUnlockKeys:[_firstUnlockKeys allObjects], - kKeyUnlockedKeys:[_unlockedKeys allObjects], - kMonitorState:_monitor, - kKeyPendingKeys:[_pendingKeys allObjects], - kKeySyncWithPeersPending:[NSNumber numberWithBool:_syncWithPeersPending], - kKeyEnsurePeerRegistration:[NSNumber numberWithBool:_ensurePeerRegistration], - kKeyDSID:_dsid - }; -} - -- (void) importKeyInterests: (NSDictionary*) interests -{ - _alwaysKeys = [NSMutableSet setWithArray: interests[kKeyAlwaysKeys]]; - _firstUnlockKeys = [NSMutableSet setWithArray: interests[kKeyFirstUnlockKeys]]; - _unlockedKeys = [NSMutableSet setWithArray: interests[kKeyUnlockedKeys]]; - - _pendingKeys = [NSMutableSet setWithArray: interests[kKeyPendingKeys]]; - _syncWithPeersPending = [interests[kKeySyncWithPeersPending] boolValue]; - _ensurePeerRegistration = [interests[kKeyEnsurePeerRegistration] boolValue]; - _dsid = interests[kKeyDSID]; - _monitor = interests[kMonitorState]; - if(_monitor == nil) - _monitor = [NSMutableDictionary dictionary]; - -} - - (NSMutableSet *)copyAllKeyInterests { NSMutableSet *allKeys = [NSMutableSet setWithSet: _alwaysKeys]; @@ -713,11 +837,20 @@ static NSString* asNSString(NSObject* object) { } -- (void)registerKeys: (NSDictionary*)keys +- (void)registerKeys: (NSDictionary*)keys forAccount: (NSString*) accountUUID { secdebug(XPROXYSCOPE, "registerKeys: keys: %@", keys); - - NSMutableSet *allOldKeys = [self copyAllKeyInterests]; + + // We only reset when we know the ID and they send the ID and it changes. + bool newAccount = accountUUID != nil && self.accountUUID != nil && ![accountUUID isEqualToString: self.accountUUID]; + + if (accountUUID) { + self.accountUUID = accountUUID; + } + + // If we're a new account we don't exclude the old keys + NSMutableSet *allOldKeys = newAccount ? [NSMutableSet set] : [self copyAllKeyInterests]; + NSDictionary *keyparms = [keys valueForKey: [NSString stringWithUTF8String: kMessageKeyParameter]]; NSDictionary *circles = [keys valueForKey: [NSString stringWithUTF8String: kMessageCircle]]; @@ -756,29 +889,23 @@ static NSString* asNSString(NSObject* object) { // MARK: ----- Event Handling ----- -- (void)streamEvent:(xpc_object_t)notification +- (void)_queue_handleNotification:(const char *) name { -#if (!TARGET_IPHONE_SIMULATOR) - const char *notificationName = xpc_dictionary_get_string(notification, "Notification"); - if (!notificationName) { - } else if (strcmp(notificationName, kUserKeybagStateChangeNotification)==0) { - return [self keybagStateChange]; - } else if (strcmp(notificationName, kCloudKeychainStorechangeChangeNotification)==0) { - return [self kvsStoreChange]; - } else if (strcmp(notificationName, kNotifyTokenForceUpdate)==0) { + dispatch_assert_queue(_ckdkvsproxy_queue); + + if (strcmp(name, kNotifyTokenForceUpdate)==0) { // DEBUG -- Possibly remove in future - return [self processAllItems]; + [self _queue_processAllItems]; + } else if (strcmp(name, kCloudKeychainStorechangeChangeNotification)==0) { + // DEBUG -- Possibly remove in future + [self _queue_kvsStoreChange]; } - const char *eventName = xpc_dictionary_get_string(notification, "XPCEventName"); - char *desc = xpc_copy_description(notification); - secnotice("event", "%@ event: %s name: %s desc: %s", self, eventName, notificationName, desc); - if (desc) - free((void *)desc); -#endif } -- (void)storeKeysChanged: (NSSet*) changedKeys initial: (bool) initial +- (void)_queue_storeKeysChanged: (NSSet*) changedKeys initial: (bool) initial { + dispatch_assert_queue(_ckdkvsproxy_queue); + // Mark that our store is talking to us, so we don't have to make up for missing anything previous. _seenKVSStoreChange = YES; @@ -801,8 +928,10 @@ static NSString* asNSString(NSObject* object) { [self processKeyChangedEvent:changedValues]; } -- (void)storeAccountChanged +- (void)_queue_storeAccountChanged { + dispatch_assert_queue(_ckdkvsproxy_queue); + secnotice("event", "%@", self); NSDictionary *changedValues = nil; @@ -823,8 +952,7 @@ static NSString* asNSString(NSObject* object) { _shadowFlushBlock = block; } -- (void) calloutWith: (void(^)(NSSet *pending, bool syncWithPeersPending, bool ensurePeerRegistration, - dispatch_queue_t queue, void(^done)(NSSet *handledKeys, bool handledSyncWithPeers, bool handledEnsurePeerRegistration, NSError* error))) callout +- (void) calloutWith: (void(^)(NSSet *pending, NSSet* pendingSyncIDs, NSSet* pendingBackupSyncIDs, bool ensurePeerRegistration, dispatch_queue_t queue, void(^done)(NSSet *handledKeys, NSSet *handledSyncs, bool handledEnsurePeerRegistration, NSError* error))) callout { // In CKDKVSProxy's serial queue @@ -833,51 +961,75 @@ static NSString* asNSString(NSObject* object) { xpc_transaction_begin(); dispatch_async(_calloutQueue, ^{ __block NSSet *myPending; - __block bool mySyncWithPeersPending; + __block NSSet *mySyncPeerIDs; + __block NSSet *mySyncBackupPeerIDs; __block bool myEnsurePeerRegistration; __block bool wasLocked; - dispatch_sync(_ckdkvsproxy_queue, ^{ - myPending = [_pendingKeys copy]; - mySyncWithPeersPending = _syncWithPeersPending; - myEnsurePeerRegistration = _ensurePeerRegistration; - wasLocked = _isLocked; + dispatch_sync(self->_ckdkvsproxy_queue, ^{ + myPending = [self->_pendingKeys copy]; + mySyncPeerIDs = [self->_pendingSyncPeerIDs copy]; + mySyncBackupPeerIDs = [self->_pendingSyncBackupPeerIDs copy]; - _inCallout = YES; + myEnsurePeerRegistration = self->_ensurePeerRegistration; + wasLocked = [self.lockMonitor locked]; - _shadowPendingKeys = [NSMutableSet set]; - _shadowSyncWithPeersPending = NO; + self->_inCallout = YES; + + self->_shadowPendingKeys = [NSMutableSet set]; + self->_shadowPendingSyncPeerIDs = [NSMutableSet set]; + self->_shadowPendingSyncBackupPeerIDs = [NSMutableSet set]; }); - callout(myPending, mySyncWithPeersPending, myEnsurePeerRegistration, _ckdkvsproxy_queue, ^(NSSet *handledKeys, bool handledSyncWithPeers, bool handledEnsurePeerRegistration, NSError* failure) { - secdebug("event", "%@ %s%s before callout handled: %s%s", self, mySyncWithPeersPending ? "S" : "s", myEnsurePeerRegistration ? "E" : "e", handledSyncWithPeers ? "S" : "s", handledEnsurePeerRegistration ? "E" : "e"); + callout(myPending, mySyncPeerIDs, mySyncBackupPeerIDs, myEnsurePeerRegistration, self->_ckdkvsproxy_queue, ^(NSSet *handledKeys, NSSet *handledSyncs, bool handledEnsurePeerRegistration, NSError* failure) { + secdebug("event", "%@ %s%s before callout handled: %s%s", self, + ![mySyncPeerIDs isEmpty] || ![mySyncBackupPeerIDs isEmpty] ? "S" : "s", + myEnsurePeerRegistration ? "E" : "e", + ![handledKeys isEmpty] ? "S" : "s", + handledEnsurePeerRegistration ? "E" : "e"); // In CKDKVSProxy's serial queue - _inCallout = NO; - + self->_inCallout = NO; + // Update ensurePeerRegistration - _ensurePeerRegistration = ((myEnsurePeerRegistration && !handledEnsurePeerRegistration) || _shadowEnsurePeerRegistration); + self->_ensurePeerRegistration = ((self->_ensurePeerRegistration && !handledEnsurePeerRegistration) || self->_shadowEnsurePeerRegistration); - _shadowEnsurePeerRegistration = NO; + self->_shadowEnsurePeerRegistration = NO; - if(_ensurePeerRegistration && !_isLocked) + if(self->_ensurePeerRegistration && ![self.lockMonitor locked]) [self doEnsurePeerRegistration]; - + + bool hadShadowPeerIDs = ![self->_shadowPendingSyncPeerIDs isEmpty] || ![self->_shadowPendingSyncBackupPeerIDs isEmpty]; + // Update SyncWithPeers stuff. - _syncWithPeersPending = ((mySyncWithPeersPending && (!handledSyncWithPeers)) || _shadowSyncWithPeersPending); - - _shadowSyncWithPeersPending = NO; - if (handledSyncWithPeers) - _lastSyncTime = dispatch_time(DISPATCH_TIME_NOW, 0); - + if (handledSyncs) { + [self->_pendingSyncPeerIDs minusSet: handledSyncs]; + [self->_pendingSyncBackupPeerIDs minusSet: handledSyncs]; + + if (![handledSyncs isEmpty]) { + secnotice("sync-ids", "handled syncIDs: %@", [handledSyncs logIDs]); + secnotice("sync-ids", "remaining peerIDs: %@", [self->_pendingSyncPeerIDs logIDs]); + secnotice("sync-ids", "remaining backupIDs: %@", [self->_pendingSyncBackupPeerIDs logIDs]); + + if (hadShadowPeerIDs) { + secnotice("sync-ids", "signaled peerIDs: %@", [self->_shadowPendingSyncPeerIDs logIDs]); + secnotice("sync-ids", "signaled backupIDs: %@", [self->_shadowPendingSyncBackupPeerIDs logIDs]); + } + } + + self->_shadowPendingSyncPeerIDs = nil; + self->_shadowPendingSyncBackupPeerIDs = nil; + } + + // Update pendingKeys and handle them - [_pendingKeys removeObject: [NSNull null]]; // Don't let NULL hang around + [self->_pendingKeys removeObject: [NSNull null]]; // Don't let NULL hang around - [_pendingKeys minusSet: handledKeys]; - bool hadShadowPendingKeys = [_shadowPendingKeys count]; + [self->_pendingKeys minusSet: handledKeys]; + bool hadShadowPendingKeys = [self->_shadowPendingKeys count]; // Move away shadownPendingKeys first, because pendKeysAndGetPendingForCurrentLockState // will look at them. See rdar://problem/20733166. - NSSet *oldShadowPendingKeys = _shadowPendingKeys; - _shadowPendingKeys = nil; + NSSet *oldShadowPendingKeys = self->_shadowPendingKeys; + self->_shadowPendingKeys = nil; NSSet *filteredKeys = [self pendKeysAndGetPendingForCurrentLockState:oldShadowPendingKeys]; @@ -887,10 +1039,13 @@ static NSString* asNSString(NSObject* object) { // Write state to disk [self persistState]; - + // Handle shadow pended stuff - if (_syncWithPeersPending && !_isLocked) - [self scheduleSyncRequestTimer]; + + // We only kick off another sync if we got new stuff during handling + if (hadShadowPeerIDs && ![self.lockMonitor locked]) + [self newPeersToSyncWith]; + /* We don't want to call processKeyChangedEvent if we failed to handle pending keys and the device didn't unlock nor receive any kvs changes while we were in our callout. @@ -898,19 +1053,19 @@ static NSString* asNSString(NSObject* object) { talking to each other forever in a tight loop if securityd repeatedly returns an error processing the same message. Instead we leave any old pending keys until the next event. */ - - if (hadShadowPendingKeys || (!_isLocked && wasLocked)){ + if (hadShadowPendingKeys || (![self.lockMonitor locked] && wasLocked)){ [self processKeyChangedEvent:[self copyValues:filteredKeys]]; - if(_shadowFlushBlock != NULL) + if(self->_shadowFlushBlock != NULL) secerror("Flush block is not null and sending new keys"); } - if(_shadowFlushBlock != NULL){ - dispatch_async(_calloutQueue, _shadowFlushBlock); - _shadowFlushBlock = NULL; + + if(self->_shadowFlushBlock != NULL){ + dispatch_async(self->_calloutQueue, self->_shadowFlushBlock); + self->_shadowFlushBlock = NULL; } if (failure) { - [self updateIsLocked]; + [self.lockMonitor recheck]; } xpc_transaction_end(); @@ -919,7 +1074,7 @@ static NSString* asNSString(NSObject* object) { } - (void) sendKeysCallout: (NSSet *(^)(NSSet* pending, NSError** error)) handleKeys { - [self calloutWith: ^(NSSet *pending, bool syncWithPeersPending, bool ensurePeerRegistration, dispatch_queue_t queue, void(^done)(NSSet *, bool, bool, NSError*)) { + [self calloutWith: ^(NSSet *pending, NSSet* pendingSyncIDs, NSSet* pendingBackupSyncIDs, bool ensurePeerRegistration, dispatch_queue_t queue, void(^done)(NSSet *handledKeys, NSSet *handledSyncs, bool handledEnsurePeerRegistration, NSError* error)) { NSError* error = NULL; secnotice("CloudKeychainProxy", "send keys: %@", pending); @@ -930,7 +1085,7 @@ static NSString* asNSString(NSObject* object) { secerror("%@ ensurePeerRegistration failed: %@", self, error); } - done(handled, NO, NO, error); + done(handled, nil, NO, error); }); }]; } @@ -938,115 +1093,124 @@ static NSString* asNSString(NSObject* object) { - (void) doEnsurePeerRegistration { NSObject* accountDelegate = [self account]; - [self calloutWith:^(NSSet *pending, bool syncWithPeersPending, bool ensurePeerRegistration, dispatch_queue_t queue, void(^done)(NSSet *, bool, bool, NSError*)) { + [self calloutWith:^(NSSet *pending, NSSet* pendingSyncIDs, NSSet* pendingBackupSyncIDs, bool ensurePeerRegistration, dispatch_queue_t queue, void(^done)(NSSet *handledKeys, NSSet *handledSyncs, bool handledEnsurePeerRegistration, NSError* error)) { NSError* error = nil; bool handledEnsurePeerRegistration = [accountDelegate ensurePeerRegistration:&error]; secnotice("EnsurePeerRegistration", "%@ ensurePeerRegistration called, %@ (%@)", self, handledEnsurePeerRegistration ? @"success" : @"failure", error); + if (!handledEnsurePeerRegistration) { + [self.lockMonitor recheck]; + handledEnsurePeerRegistration = ![self.lockMonitor locked]; // If we're unlocked we handled it, if we're locked we didn't. + // This means we get to fail once per unlock and then cut that spinning out. + } dispatch_async(queue, ^{ - done(nil, NO, handledEnsurePeerRegistration, error); + done(nil, nil, handledEnsurePeerRegistration, error); }); }]; } -- (void) doSyncWithAllPeers +- (void) doSyncWithPendingPeers { NSObject* accountDelegate = [self account]; - [self calloutWith:^(NSSet *pending, bool syncWithPeersPending, bool ensurePeerRegistration, dispatch_queue_t queue, void(^done)(NSSet *, bool, bool, NSError*)) { + [self calloutWith:^(NSSet *pending, NSSet* pendingSyncIDs, NSSet* pendingBackupSyncIDs, bool ensurePeerRegistration, dispatch_queue_t queue, void(^done)(NSSet *handledKeys, NSSet *handledSyncs, bool handledEnsurePeerRegistration, NSError* error)) { NSError* error = NULL; - SyncWithAllPeersReason reason = [accountDelegate syncWithAllPeers: &error]; + secnotice("syncwith", "%@ syncwith peers: %@", self, [[pendingSyncIDs allObjects] componentsJoinedByString:@" "]); + secnotice("syncwith", "%@ syncwith backups: %@", self, [[pendingBackupSyncIDs allObjects] componentsJoinedByString:@" "]); + NSSet* handled = [accountDelegate syncWithPeers:pendingSyncIDs backups:pendingBackupSyncIDs error:&error]; + secnotice("syncwith", "%@ syncwith handled: %@", self, [[handled allObjects] componentsJoinedByString:@" "]); dispatch_async(queue, ^{ - bool handledSyncWithPeers = NO; - if (reason == kSyncWithAllPeersSuccess) { - handledSyncWithPeers = YES; - secnotice("event", "%@ syncWithAllPeers succeeded", self); - } else if (reason == kSyncWithAllPeersLocked) { - secnotice("event", "%@ syncWithAllPeers attempted while locked - waiting for unlock", self); - handledSyncWithPeers = NO; - [self updateIsLocked]; - } else if (reason == kSyncWithAllPeersOtherFail) { - // Pretend we handled syncWithPeers, by pushing out the _lastSyncTime - // This will cause us to wait for kMinSyncInterval seconds before - // retrying, so we don't spam securityd if sync is failing - secerror("%@ syncWithAllPeers %@, rescheduling timer", self, error); - _lastSyncTime = dispatch_time(DISPATCH_TIME_NOW, 0); - } else { - secerror("%@ syncWithAllPeers %@, unknown reason: %d", self, error, reason); + if (!handled) { + // We might be confused about lock state + [self.lockMonitor recheck]; } - - done(nil, handledSyncWithPeers, false, error); + + done(nil, handled, false, error); + }); + }]; +} + +- (void) doSyncWithAllPeers +{ + NSObject* accountDelegate = [self account]; + [self calloutWith:^(NSSet *pending, NSSet* pendingSyncIDs, NSSet* pendingBackupSyncIDs, bool ensurePeerRegistration, dispatch_queue_t queue, void(^done)(NSSet *handledKeys, NSSet *handledSyncs, bool handledEnsurePeerRegistration, NSError*error)) { + NSError* error = NULL; + bool handled = [accountDelegate syncWithAllPeers:&error]; + if (!handled) { + secerror("Failed to syncWithAllPeers: %@", error); + } + dispatch_async(queue, ^{ + done(nil, nil, false, error); }); }]; } -- (void)timerFired +- (void)newPeersToSyncWith { - secnotice("event", "%@ syncWithPeersPending: %d inCallout: %d isLocked: %d", self, _syncWithPeersPending, _inCallout, _isLocked); - _syncTimerScheduled = NO; + secnotice("event", "%@ syncWithPeersPending: %d inCallout: %d isLocked: %d", self, [self hasPendingSyncIDs], _inCallout, [self.lockMonitor locked]); if(_ensurePeerRegistration){ [self doEnsurePeerRegistration]; } - if (_syncWithPeersPending && !_inCallout && !_isLocked){ - [self doSyncWithAllPeers]; + if ([self hasPendingSyncIDs] && !_inCallout && ![self.lockMonitor locked]){ + [self doSyncWithPendingPeers]; } } -- (dispatch_time_t) nextSyncTime -{ - dispatch_time_t nextSync = dispatch_time(DISPATCH_TIME_NOW, kMinSyncDelay); - - // Don't sync again unless we waited at least kMinSyncInterval - if (_lastSyncTime) { - dispatch_time_t soonest = dispatch_time(_lastSyncTime, kMinSyncInterval); - if (nextSync < soonest || _deadline < soonest) { - secdebug("timer", "%@ backing off", self); - return soonest; - } - } - - // Don't delay more than kMaxSyncDelay after the first request. - if (nextSync > _deadline) { - secdebug("timer", "%@ hit deadline", self); - return _deadline; - } - - // Bump the timer by kMinSyncDelay - if (_syncTimerScheduled) - secdebug("timer", "%@ bumped timer", self); - else - secdebug("timer", "%@ scheduled timer", self); - - return nextSync; +- (bool)hasPendingNonShadowSyncIDs { + return ![_pendingSyncPeerIDs isEmpty] || ![_pendingSyncBackupPeerIDs isEmpty]; +} + +- (bool)hasPendingShadowSyncIDs { + return (_shadowPendingSyncPeerIDs && ![_shadowPendingSyncPeerIDs isEmpty]) || + (_shadowPendingSyncBackupPeerIDs && ![_shadowPendingSyncBackupPeerIDs isEmpty]); } -- (void)scheduleSyncRequestTimer +- (bool)hasPendingSyncIDs { - dispatch_source_set_timer(_syncTimer, [self nextSyncTime], DISPATCH_TIME_FOREVER, kSyncTimerLeeway); - _syncTimerScheduled = YES; + bool pendingIDs = [self hasPendingNonShadowSyncIDs]; + + if (_inCallout) { + pendingIDs |= [self hasPendingShadowSyncIDs]; + } + + return pendingIDs; } -- (void)requestSyncWithAllPeers // secd calling SOSCCSyncWithAllPeers invokes this +- (void)requestSyncWithPeerIDs: (NSArray*) peerIDs backupPeerIDs: (NSArray*) backupPeerIDs { -#if !defined(NDEBUG) - NSString *desc = [self description]; -#endif - - if (!_syncWithPeersPending || (_inCallout && !_shadowSyncWithPeersPending)) - _deadline = dispatch_time(DISPATCH_TIME_NOW, kMaxSyncDelay); - - if (!_syncWithPeersPending) { - _syncWithPeersPending = YES; - [self persistState]; + if ([peerIDs count] == 0 && [backupPeerIDs count] == 0) + return; // Nothing to do; + + NSSet* peerIDsSet = [NSSet setWithArray: peerIDs]; + NSSet* backupPeerIDsSet = [NSSet setWithArray: backupPeerIDs]; + + [_pendingSyncPeerIDs unionSet: peerIDsSet]; + [_pendingSyncBackupPeerIDs unionSet: backupPeerIDsSet]; + + if (_inCallout) { + [_shadowPendingSyncPeerIDs unionSet: peerIDsSet]; + [_shadowPendingSyncBackupPeerIDs unionSet: backupPeerIDsSet]; } - - if (_inCallout) - _shadowSyncWithPeersPending = YES; - else if (!_isLocked) - [self scheduleSyncRequestTimer]; - - secdebug("event", "%@ %@", desc, self); + + [self persistState]; + + if(_ensurePeerRegistration){ + [self doEnsurePeerRegistration]; + } + if ([self hasPendingSyncIDs] && !_inCallout && ![self.lockMonitor locked]){ + [self doSyncWithPendingPeers]; + } +} + +- (BOOL)hasSyncPendingFor: (NSString*) peerID { + return [_pendingSyncPeerIDs containsObject: peerID] || + (_shadowPendingSyncPeerIDs && [_shadowPendingSyncPeerIDs containsObject: peerID]); +} + +- (BOOL)hasPendingKey: (NSString*) keyName { + return [self.pendingKeys containsObject: keyName] + || (_shadowPendingKeys && [self.shadowPendingKeys containsObject: keyName]); } -- (void)requestEnsurePeerRegistration // secd calling SOSCCSyncWithAllPeers invokes this +- (void)requestEnsurePeerRegistration { #if !defined(NDEBUG) NSString *desc = [self description]; @@ -1056,7 +1220,7 @@ static NSString* asNSString(NSObject* object) { _shadowEnsurePeerRegistration = YES; } else { _ensurePeerRegistration = YES; - if (!_isLocked){ + if (![self.lockMonitor locked]){ [self doEnsurePeerRegistration]; } [self persistState]; @@ -1065,55 +1229,18 @@ static NSString* asNSString(NSObject* object) { secdebug("event", "%@ %@", desc, self); } - -- (BOOL) updateUnlockedSinceBoot -{ - CFErrorRef aksError = NULL; - if (!SecAKSGetHasBeenUnlocked(&_unlockedSinceBoot, &aksError)) { - secerror("%@ Got error from SecAKSGetHasBeenUnlocked: %@", self, aksError); - CFReleaseSafe(aksError); - return NO; - } - return YES; -} - -- (BOOL) updateIsLocked +- (void)_queue_locked { - CFErrorRef aksError = NULL; - if (!SecAKSGetIsLocked(&_isLocked, &aksError)) { - _isLocked = YES; - secerror("%@ Got error querying lock state: %@", self, aksError); - CFReleaseSafe(aksError); - return NO; - } - if (!_isLocked) - _unlockedSinceBoot = YES; - return YES; -} + dispatch_assert_queue(_ckdkvsproxy_queue); -- (void) keybagStateChange -{ - os_activity_initiate("keybagStateChanged", OS_ACTIVITY_FLAG_DEFAULT, ^{ - BOOL wasLocked = _isLocked; - if ([self updateIsLocked]) { - if (wasLocked == _isLocked) - secdebug("event", "%@ still %s ignoring", self, _isLocked ? "locked" : "unlocked"); - else if (_isLocked) - [self keybagDidLock]; - else - [self keybagDidUnlock]; - } - }); + secnotice("event", "%@ Locked", self); } -- (void) keybagDidLock +- (void)_queue_unlocked { - secnotice("event", "%@", self); -} + dispatch_assert_queue(_ckdkvsproxy_queue); -- (void) keybagDidUnlock -{ - secnotice("event", "%@", self); + secnotice("event", "%@ Unlocked", self); if (_ensurePeerRegistration) { [self doEnsurePeerRegistration]; } @@ -1122,14 +1249,16 @@ static NSString* asNSString(NSObject* object) { [self processPendingKeysForCurrentLockState]; // Then, tickle securityd to perform a sync if needed. - if (_syncWithPeersPending && !_syncTimerScheduled) { - [self doSyncWithAllPeers]; + if ([self hasPendingSyncIDs]) { + [self doSyncWithPendingPeers]; } } -- (void) kvsStoreChange { +- (void) _queue_kvsStoreChange { + dispatch_assert_queue(_ckdkvsproxy_queue); + os_activity_initiate("kvsStoreChange", OS_ACTIVITY_FLAG_DEFAULT, ^{ - if (!_seenKVSStoreChange) { + if (!self->_seenKVSStoreChange) { secnotice("event", "%@ received darwin notification before first NSNotification", self); // TODO This might not be needed if we always get the NSNotification // deleived even if we were launched due to a kvsStoreChange @@ -1142,19 +1271,68 @@ static NSString* asNSString(NSObject* object) { }); } +#pragma mark - +#pragma mark XPCNotificationListener + +- (void)handleNotification:(const char *) name +{ + // sync because we cannot ensure the lifetime of name + dispatch_sync(_ckdkvsproxy_queue, ^{ + [self _queue_handleNotification:name]; + }); +} + +#pragma mark - +#pragma mark Calls from -[CKDKVSStore kvsStoreChanged:] + +- (void)storeKeysChanged: (NSSet*) changedKeys initial: (bool) initial +{ + // sync, caller must wait to ensure correct state + dispatch_sync(_ckdkvsproxy_queue, ^{ + [self _queue_storeKeysChanged:changedKeys initial:initial]; + }); +} + +- (void)storeAccountChanged +{ + // sync, caller must wait to ensure correct state + dispatch_sync(_ckdkvsproxy_queue, ^{ + [self _queue_storeAccountChanged]; + }); +} + +#pragma mark - +#pragma mark CKDLockListener + +- (void) locked +{ + // sync, otherwise tests fail + dispatch_sync(_ckdkvsproxy_queue, ^{ + [self _queue_locked]; + }); +} + +- (void) unlocked +{ + // sync, otherwise tests fail + dispatch_sync(_ckdkvsproxy_queue, ^{ + [self _queue_unlocked]; + }); +} + // // MARK: ----- Key Filtering ----- // - (NSSet*) keysForCurrentLockState { - secdebug("filtering", "%@ Filtering: unlockedSinceBoot: %d\n unlocked: %d\n, keysOfInterest: <%@>", self, (int) _unlockedSinceBoot, (int) !_isLocked, [SOSPersistentState dictionaryDescription: [self exportKeyInterests]]); + secdebug("filtering", "%@ Filtering: unlockedSinceBoot: %d\n unlocked: %d\n, keysOfInterest: <%@>", self, (int) [self.lockMonitor unlockedSinceBoot], (int) ![self.lockMonitor locked], [self.persistentData compactDescription]); NSMutableSet *currentStateKeys = [NSMutableSet setWithSet: _alwaysKeys]; - if (_unlockedSinceBoot) + if ([self.lockMonitor unlockedSinceBoot]) [currentStateKeys unionSet: _firstUnlockKeys]; - if (!_isLocked) + if (![self.lockMonitor locked]) [currentStateKeys unionSet: _unlockedKeys]; return currentStateKeys; diff --git a/KVSKeychainSyncingProxy/CKDKVSStore.m b/KVSKeychainSyncingProxy/CKDKVSStore.m index 5ce77181..b455bf1e 100644 --- a/KVSKeychainSyncingProxy/CKDKVSStore.m +++ b/KVSKeychainSyncingProxy/CKDKVSStore.m @@ -49,26 +49,15 @@ _proxy = proxy; [[NSNotificationCenter defaultCenter] addObserver:self - selector:@selector(kvsStoreChanged:) + selector:@selector(kvsStoreChangedAsync:) name:NSUbiquitousKeyValueStoreDidChangeExternallyNotification object:nil]; } - (void)setObject:(id)obj forKey:(NSString*)key { - NSUbiquitousKeyValueStore *store = [self cloudStore]; - if (store) - { - id value = [store objectForKey:key]; - if (value) - secdebug("kvsdebug", "%@ key %@ changed: %@ to: %@", self, key, value, obj); - else - secdebug("kvsdebug", "%@ key %@ initialized to: %@", self, key, obj); - [store setObject:obj forKey:key]; - [self pushWrites]; - } else { - secerror("Can't get kvs store, key: %@ not set to: %@", key, obj); - } + secdebug("kvsdebug", "%@ key %@ set to: %@ from: %@", self, key, obj, [self.cloudStore objectForKey:key]); + [self.cloudStore setObject:obj forKey:key]; } - (NSDictionary*) copyAsDictionary { @@ -99,6 +88,15 @@ [[self cloudStore] synchronize]; } +// Runs on the same thread that posted the notification, and that thread _may_ be the +// kdkvsproxy_queue (see 30470419). Avoid deadlock by bouncing through global queue. +- (void)kvsStoreChangedAsync:(NSNotification *)notification +{ + dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{ + [self kvsStoreChanged:notification]; + }); +} + - (void) kvsStoreChanged:(NSNotification *)notification { /* Posted when the value of one or more keys in the local key-value store diff --git a/KVSKeychainSyncingProxy/CKDLockMonitor.h b/KVSKeychainSyncingProxy/CKDLockMonitor.h new file mode 100644 index 00000000..83ab5c29 --- /dev/null +++ b/KVSKeychainSyncingProxy/CKDLockMonitor.h @@ -0,0 +1,24 @@ +// +// CKDLockMonitor.h +// Security +// + +#import "CKDLockMonitor.h" + +@protocol CKDLockListener + +- (void) unlocked; +- (void) locked; + +@end + +@protocol CKDLockMonitor + +@property (readonly) BOOL unlockedSinceBoot; +@property (readonly) BOOL locked; + +- (void)recheck; + +- (void)connectTo: (NSObject*) proxy; + +@end diff --git a/KVSKeychainSyncingProxy/CKDPersistentState.h b/KVSKeychainSyncingProxy/CKDPersistentState.h deleted file mode 100644 index 22934752..00000000 --- a/KVSKeychainSyncingProxy/CKDPersistentState.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -// -// SOSPersistentState.h -// ckdxpc -// - -#import - -@interface SOSPersistentState : NSObject -{ -} - -+ (id)read:(NSURL *)path error:(NSError **)error; -+ (BOOL)write:(NSURL *)path data:(id)plist error:(NSError **)error; -+ (NSString *)dictionaryDescription: (NSDictionary *)state; -+ (NSMutableDictionary *)registeredKeys; -+ (void)setRegisteredKeys: (NSDictionary *)keysToRegister; -+ (NSURL *)registrationFileURL; - -@end - diff --git a/KVSKeychainSyncingProxy/CKDPersistentState.m b/KVSKeychainSyncingProxy/CKDPersistentState.m deleted file mode 100644 index 9eb1e17c..00000000 --- a/KVSKeychainSyncingProxy/CKDPersistentState.m +++ /dev/null @@ -1,133 +0,0 @@ -/* - * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -// -// SOSPersistentState.m -// ckdxpc -// - -#import -#import -#import -#import -#import -#import -#import -#import - -#import "CKDPersistentState.h" - -#if ! __has_feature(objc_arc) -#error This file must be compiled with ARC. Either turn on ARC for the project or use -fobjc-arc flag -#endif - -// may want to have this hold incoming events in file as well - -// TODO: Sandbox stuff - -static CFStringRef kRegistrationFileName = CFSTR("com.apple.security.cloudkeychainproxy3.keysToRegister.plist"); - -@implementation SOSPersistentState - -+ (BOOL)write:(NSURL *)path data:(id)plist error:(NSError **)error -{ - if (![NSPropertyListSerialization propertyList: plist isValidForFormat: NSPropertyListXMLFormat_v1_0]) - { - secerror("can't save PersistentState as XML"); - return false; - } - - NSData *data = [NSPropertyListSerialization dataWithPropertyList: plist - format: NSPropertyListXMLFormat_v1_0 options: 0 error: error]; - if (data == nil) - { - secerror("error serializing PersistentState to xml: %@", *error); - return false; - } - - BOOL writeStatus = [data writeToURL: path options: NSDataWritingAtomic error: error]; - if (!writeStatus) - secerror("error writing PersistentState to file: %@", *error); - - return writeStatus; -} - -+ (id)read: (NSURL *)path error:(NSError **)error -{ - NSData *data = [NSData dataWithContentsOfURL: path options: 0 error: error]; - if (data == nil) - { - secdebug("keyregister", "error reading PersistentState from %@: %@", path, *error); - return nil; - } - - // Now the deserializing: - - NSPropertyListFormat format; - id plist = [NSPropertyListSerialization propertyListWithData: data - options: NSPropertyListMutableContainersAndLeaves format: &format error: error]; - - if (plist == nil) - secerror("could not deserialize PersistentState from %@: %@", path, *error); - - return plist; -} - -+ (NSURL *)registrationFileURL -{ - return (NSURL *)CFBridgingRelease(SecCopyURLForFileInPreferencesDirectory(kRegistrationFileName)); -} - -+ (NSString *)dictionaryDescription: (NSDictionary *)state -{ - NSMutableArray *elements = [NSMutableArray array]; - [state enumerateKeysAndObjectsUsingBlock: ^(NSString *key, id obj, BOOL *stop) { - [elements addObject: [key stringByAppendingString: @":"]]; - if ([obj isKindOfClass:[NSArray class]]) { - [elements addObject: [(NSArray *)obj componentsJoinedByString: @" "]]; - } else { - [elements addObject: [NSString stringWithFormat:@"%@", obj]]; - } - }]; - return [elements componentsJoinedByString: @" "]; -} - -+ (NSMutableDictionary *)registeredKeys -{ - NSError *error = NULL; - id stateDictionary = [SOSPersistentState read:[[self class] registrationFileURL] error:&error]; - secdebug("keyregister", "Read registeredKeys: <%@>", [self dictionaryDescription: stateDictionary]); - // Ignore older states with an NSArray - if (![stateDictionary isKindOfClass:[NSDictionary class]]) - return NULL; - return [NSMutableDictionary dictionaryWithDictionary:stateDictionary]; -} - -+ (void)setRegisteredKeys: (NSDictionary *)keysToRegister -{ - NSError *error = NULL; - secdebug("keyregister", "Write registeredKeys: <%@>", [self dictionaryDescription: keysToRegister]); - [SOSPersistentState write:[[self class] registrationFileURL] data:keysToRegister error:&error]; -} - -@end diff --git a/KVSKeychainSyncingProxy/CKDSecuritydAccount.h b/KVSKeychainSyncingProxy/CKDSecuritydAccount.h index 930329e6..f5eb702a 100644 --- a/KVSKeychainSyncingProxy/CKDSecuritydAccount.h +++ b/KVSKeychainSyncingProxy/CKDSecuritydAccount.h @@ -14,6 +14,8 @@ - (NSSet*) keysChanged: (NSDictionary*) keyValues error: (NSError**) error; - (bool) ensurePeerRegistration: (NSError**) error; + +- (NSSet*) syncWithPeers: (NSSet*) peerIDs backups: (NSSet*) backupPeerIDs error: (NSError**) error; - (SyncWithAllPeersReason) syncWithAllPeers: (NSError**) error; @end diff --git a/KVSKeychainSyncingProxy/CKDSecuritydAccount.m b/KVSKeychainSyncingProxy/CKDSecuritydAccount.m index 07d98f9e..e41212c9 100644 --- a/KVSKeychainSyncingProxy/CKDSecuritydAccount.m +++ b/KVSKeychainSyncingProxy/CKDSecuritydAccount.m @@ -40,6 +40,18 @@ return result; } +- (NSSet*) syncWithPeers: (NSSet*) peerIDs backups: (NSSet*) backupPeerIDs error: (NSError**) error +{ + CFErrorRef localError = NULL; + CFSetRef handledPeers = SOSCCProcessSyncWithPeers((__bridge CFSetRef) peerIDs, (__bridge CFSetRef) backupPeerIDs, &localError); + + if (error && localError) { + *error = (__bridge_transfer NSError*) localError; + } + + return (__bridge_transfer NSSet*) handledPeers; +} + - (SyncWithAllPeersReason) syncWithAllPeers: (NSError**) error { CFErrorRef localError = NULL; diff --git a/KVSKeychainSyncingProxy/XPCNotificationDispatcher.h b/KVSKeychainSyncingProxy/XPCNotificationDispatcher.h new file mode 100644 index 00000000..3fc9c4c4 --- /dev/null +++ b/KVSKeychainSyncingProxy/XPCNotificationDispatcher.h @@ -0,0 +1,24 @@ +// +// XPCNotificationDispatcher.h +// Security +// + + +#import + +@protocol XPCNotificationListener +- (void) handleNotification: (const char *) name; +@end + +typedef void (^XPCNotificationBlock)(const char* notification); + +@interface XPCNotificationDispatcher : NSObject + ++ (instancetype) dispatcher; + +- (instancetype) init; + +- (void) addListener: (NSObject*) newHandler; +- (void) removeListener: (NSObject*) existingHandler; + +@end diff --git a/KVSKeychainSyncingProxy/XPCNotificationDispatcher.m b/KVSKeychainSyncingProxy/XPCNotificationDispatcher.m new file mode 100644 index 00000000..1eccd2f6 --- /dev/null +++ b/KVSKeychainSyncingProxy/XPCNotificationDispatcher.m @@ -0,0 +1,102 @@ +// +// XPCNotificationDispatcher.m +// Security +// +// Created by Mitch Adler on 11/1/16. +// +// + +#import "XPCNotificationDispatcher.h" +#include + +#include + +#include + +// +// PointerArray helpers + +@interface NSPointerArray (Removal) +- (void) removePointer: (nullable void *)pointer; +@end + +@implementation NSPointerArray (Removal) +- (void) removePointer: (nullable void *)pointer { + NSUInteger pos = 0; + while(pos < [self count]) { + if (pointer == [self pointerAtIndex:pos]) { + [self removePointerAtIndex:pos]; + } else { + pos += 1; + } + } +} +@end + +// +// + +static const char *kXPCNotificationStreamName = "com.apple.notifyd.matching"; +static const char *kXPCNotificationNameKey = "Notification"; + +@interface XPCNotificationDispatcher () +@property dispatch_queue_t queue; +@property NSPointerArray* listeners; + +- (void) notification: (const char *) value; + +@end + + +@implementation XPCNotificationDispatcher + ++ (instancetype) dispatcher { + static dispatch_once_t onceToken; + static XPCNotificationDispatcher* sDispactcher; + dispatch_once(&onceToken, ^{ + sDispactcher = [[XPCNotificationDispatcher alloc] init]; + }); + + return sDispactcher; +} + +- (instancetype) init { + self = [super init]; + + if (self) { + self.queue = dispatch_queue_create("XPC Notification Dispatch", DISPATCH_QUEUE_SERIAL); + self.listeners = [NSPointerArray weakObjectsPointerArray]; + + xpc_set_event_stream_handler(kXPCNotificationStreamName, self.queue, ^(xpc_object_t event){ + const char *notificationName = xpc_dictionary_get_string(event, kXPCNotificationNameKey); + if (notificationName) { + [self notification:notificationName]; + } + }); + } + + return self; +} + +- (void) notification:(const char *)name { + [self.listeners compact]; + [[self.listeners allObjects] enumerateObjectsUsingBlock:^(id _Nonnull obj, NSUInteger idx, BOOL * _Nonnull stop) { + [obj handleNotification: name]; + }]; + +} + +- (void) addListener: (NSObject*) newHandler { + dispatch_sync(self.queue, ^{ + [self.listeners compact]; + [self.listeners addPointer:(__bridge void * _Nullable)(newHandler)]; + }); +} + +- (void) removeListener: (NSObject*) existingHandler { + dispatch_sync(self.queue, ^{ + [self.listeners removePointer:(__bridge void * _Nullable)existingHandler]; + }); +} + +@end diff --git a/KVSKeychainSyncingProxy/cloudkeychain.entitlements.plist b/KVSKeychainSyncingProxy/cloudkeychain.entitlements.plist index b39e11a1..a33167ec 100644 --- a/KVSKeychainSyncingProxy/cloudkeychain.entitlements.plist +++ b/KVSKeychainSyncingProxy/cloudkeychain.entitlements.plist @@ -2,12 +2,12 @@ + keychain-cloud-circle + keychain-sync-updates application-identifier com.apple.security.cloudkeychainproxy3 - sync-keychain - keychain-access-groups sync diff --git a/KVSKeychainSyncingProxy/cloudkeychainproxy.m b/KVSKeychainSyncingProxy/cloudkeychainproxy.m index ae78aa49..a8a8ffc2 100644 --- a/KVSKeychainSyncingProxy/cloudkeychainproxy.m +++ b/KVSKeychainSyncingProxy/cloudkeychainproxy.m @@ -50,6 +50,7 @@ //------------------------------------------------------------------------------------------------ #include +#include #import #import @@ -62,9 +63,14 @@ #import #include #include -#include + +#include #import "CKDKVSProxy.h" +#import "CKDSecuritydAccount.h" +#import "CKDKVSStore.h" +#import "CKDAKSLockMonitor.h" + void finalize_connection(void *not_used); void handle_connection_event(const xpc_connection_t peer); @@ -93,6 +99,58 @@ static void describeXPCObject(char *prefix, xpc_object_t object) //#endif } +static NSObject *CreateNSObjectForCFXPCObjectFromKey(xpc_object_t xdict, const char * _Nonnull key) +{ + xpc_object_t xObj = xpc_dictionary_get_value(xdict, key); + + if (!xObj) { + return nil; + } + + return (__bridge_transfer NSObject *)(_CFXPCCreateCFObjectFromXPCObject(xObj)); +} + +static NSArray *CreateArrayOfStringsForCFXPCObjectFromKey(xpc_object_t xdict, const char * _Nonnull key) { + NSObject * possibleArray = CreateNSObjectForCFXPCObjectFromKey(xdict, key); + + if (![possibleArray isNSArray__]) + return nil; + + __block bool onlyStrings = true; + [(NSArray*) possibleArray enumerateObjectsUsingBlock:^(id _Nonnull obj, NSUInteger idx, BOOL * _Nonnull stop) { + if (![obj isNSString__]) { + *stop = true; + onlyStrings = false; + } + }]; + + return onlyStrings ? (NSArray*) possibleArray : nil; +} + +static CFStringRef kRegistrationFileName = CFSTR("com.apple.security.cloudkeychainproxy3.keysToRegister.plist"); + +static UbiqitousKVSProxy *SharedProxy(void) { + static UbiqitousKVSProxy *sProxy = NULL; + static dispatch_once_t onceToken; + dispatch_once(&onceToken, ^{ + sProxy = [UbiqitousKVSProxy withAccount: [CKDSecuritydAccount securitydAccount] + store: [CKDKVSStore kvsInterface] + lockMonitor: [CKDAKSLockMonitor monitor] + persistence: (NSURL *)CFBridgingRelease(SecCopyURLForFileInPreferencesDirectory(kRegistrationFileName))]; + }); + + return sProxy; +} + +static void sendAckResponse(const xpc_connection_t peer, xpc_object_t event) { + xpc_object_t replyMessage = xpc_dictionary_create_reply(event); + if (replyMessage) // Caller wanted an ACK, so give one + { + xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK"); + xpc_connection_send_message(peer, replyMessage); + } +} + static void cloudkeychainproxy_peer_dictionary_handler(const xpc_connection_t peer, xpc_object_t event) { bool result = false; @@ -115,39 +173,31 @@ static void cloudkeychainproxy_peer_dictionary_handler(const xpc_connection_t pe if (operation && !strcmp(operation, kOperationPUTDictionary)) { operation_put_dictionary(event); + sendAckResponse(peer, event); } else if (operation && !strcmp(operation, kOperationGETv2)) { operation_get_v2(peer, event); + // operationg_get_v2 sends the response } else if (operation && !strcmp(operation, kOperationClearStore)) { - [[UbiqitousKVSProxy sharedKVSProxy] clearStore]; - xpc_object_t replyMessage = xpc_dictionary_create_reply(event); - if (replyMessage) // Caller wanted an ACK, so give one - { - xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK"); - xpc_connection_send_message(peer, replyMessage); - } + [SharedProxy() clearStore]; + sendAckResponse(peer, event); } else if (operation && !strcmp(operation, kOperationSynchronize)) { - [[UbiqitousKVSProxy sharedKVSProxy] synchronizeStore]; - xpc_object_t replyMessage = xpc_dictionary_create_reply(event); - if (replyMessage) // Caller wanted an ACK, so give one - { - xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK"); - xpc_connection_send_message(peer, replyMessage); - } + [SharedProxy() synchronizeStore]; + sendAckResponse(peer, event); } else if (operation && !strcmp(operation, kOperationSynchronizeAndWait)) { xpc_object_t replyMessage = xpc_dictionary_create_reply(event); secnotice(XPROXYSCOPE, "%s XPC request: %s", kWAIT2MINID, kOperationSynchronizeAndWait); - [[UbiqitousKVSProxy sharedKVSProxy] waitForSynchronization:^(__unused NSDictionary *values, NSError *error) + [SharedProxy() waitForSynchronization:^(__unused NSDictionary *values, NSError *error) { - secnotice(PROXYXPCSCOPE, "%s Result from [[UbiqitousKVSProxy sharedKVSProxy] waitForSynchronization:]: %@", kWAIT2MINID, error); + secnotice(PROXYXPCSCOPE, "%s Result from [Proxy waitForSynchronization:]: %@", kWAIT2MINID, error); if (replyMessage) // Caller wanted an ACK, so give one { @@ -168,47 +218,68 @@ static void cloudkeychainproxy_peer_dictionary_handler(const xpc_connection_t pe xpc_object_t xKTRallkeys = xpc_dictionary_get_value(xkeysToRegisterDict, kMessageAllKeys); + NSString* accountUUID = (NSString*) CreateNSObjectForCFXPCObjectFromKey(event, kMessageKeyAccountUUID); + + if (![accountUUID isKindOfClass:[NSString class]]) { + accountUUID = nil; + } + NSDictionary *KTRallkeys = (__bridge_transfer NSDictionary *)(_CFXPCCreateCFObjectFromXPCObject(xKTRallkeys)); - [[UbiqitousKVSProxy sharedKVSProxy] registerKeys: KTRallkeys]; + [SharedProxy() registerKeys: KTRallkeys forAccount: accountUUID]; + sendAckResponse(peer, event); - xpc_object_t replyMessage = xpc_dictionary_create_reply(event); - xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK"); - xpc_connection_send_message(peer, replyMessage); - secdebug(PROXYXPCSCOPE, "RegisterKeys message sent"); } - else if (operation && !strcmp(operation, kOperationRequestSyncWithAllPeers)) + else if (operation && !strcmp(operation, kOperationRequestSyncWithPeers)) { - [[UbiqitousKVSProxy sharedKVSProxy] requestSyncWithAllPeers]; + + NSArray * peerIDs = CreateArrayOfStringsForCFXPCObjectFromKey(event, kMessageKeyPeerIDList); + NSArray * backupPeerIDs = CreateArrayOfStringsForCFXPCObjectFromKey(event, kMesssgeKeyBackupPeerIDList); + + require_action(peerIDs && backupPeerIDs, xit, (secnotice(XPROXYSCOPE, "Bad call to sync with peers"), result = false)); + + [SharedProxy() requestSyncWithPeerIDs: peerIDs backupPeerIDs: backupPeerIDs]; + sendAckResponse(peer, event); + + secdebug(PROXYXPCSCOPE, "RequestSyncWithAllPeers reply sent"); + } + else if (operation && !strcmp(operation, kOperationHasPendingSyncWithPeer)) { + NSString *peerID = (NSString*) CreateNSObjectForCFXPCObjectFromKey(event, kMessageKeyPeerID); + + BOOL hasPending = [SharedProxy() hasSyncPendingFor: peerID]; + xpc_object_t replyMessage = xpc_dictionary_create_reply(event); - if (replyMessage) // Caller wanted an ACK, so give one + if (replyMessage) { - xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK"); + xpc_dictionary_set_bool(replyMessage, kMessageKeyValue, hasPending); xpc_connection_send_message(peer, replyMessage); + secdebug(PROXYXPCSCOPE, "HasPendingSyncWithPeer reply sent"); } - secdebug(PROXYXPCSCOPE, "RequestSyncWithAllPeers reply sent"); } - else if (operation && !strcmp(operation, kOperationRequestEnsurePeerRegistration)) - { - [[UbiqitousKVSProxy sharedKVSProxy] requestEnsurePeerRegistration]; + else if (operation && !strcmp(operation, kOperationHasPendingKey)) { + NSString *peerID = (NSString*) CreateNSObjectForCFXPCObjectFromKey(event, kMessageKeyPeerID); + + BOOL hasPending = [SharedProxy() hasPendingKey: peerID]; + xpc_object_t replyMessage = xpc_dictionary_create_reply(event); - if (replyMessage) // Caller wanted an ACK, so give one + if (replyMessage) { - xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK"); + xpc_dictionary_set_bool(replyMessage, kMessageKeyValue, hasPending); xpc_connection_send_message(peer, replyMessage); + secdebug(PROXYXPCSCOPE, "HasIncomingMessageFromPeer reply sent"); } + } + else if (operation && !strcmp(operation, kOperationRequestEnsurePeerRegistration)) + { + [SharedProxy() requestEnsurePeerRegistration]; + sendAckResponse(peer, event); secdebug(PROXYXPCSCOPE, "RequestEnsurePeerRegistration reply sent"); } else if (operation && !strcmp(operation, kOperationFlush)) { - [[UbiqitousKVSProxy sharedKVSProxy] doAfterFlush:^{ - xpc_object_t replyMessage = xpc_dictionary_create_reply(event); - if (replyMessage) // Caller wanted an ACK, so give one - { - xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK"); - xpc_connection_send_message(peer, replyMessage); - } + [SharedProxy() doAfterFlush:^{ + sendAckResponse(peer, event); secdebug(PROXYXPCSCOPE, "flush reply sent"); }]; } @@ -227,7 +298,7 @@ xit: void finalize_connection(void *not_used) { secdebug(PROXYXPCSCOPE, "finalize_connection"); - [[UbiqitousKVSProxy sharedKVSProxy] synchronizeStore]; + [SharedProxy() synchronizeStore]; xpc_transaction_end(); } @@ -246,7 +317,7 @@ static bool operation_put_dictionary(xpc_object_t event) return false; } - [[UbiqitousKVSProxy sharedKVSProxy] setObjectsFromDictionary: (NSDictionary *)object]; + [SharedProxy() setObjectsFromDictionary: (NSDictionary *)object]; return true; } @@ -293,8 +364,8 @@ static bool operation_get_v2(xpc_connection_t peer, xpc_object_t event) [(__bridge NSArray *)keystoget enumerateObjectsUsingBlock: ^ (id obj, NSUInteger idx, BOOL *stop) { NSString *key = (NSString *)obj; - id object = [[UbiqitousKVSProxy sharedKVSProxy] objectForKey:key]; - secdebug(PROXYXPCSCOPE, "[UbiqitousKVSProxy sharedKVSProxy] get: key: %@, object: %@", key, object); + id object = [SharedProxy() objectForKey:key]; + secdebug(PROXYXPCSCOPE, "get: key: %@, object: %@", key, object); xpc_object_t xobject = object ? _CFXPCCreateXPCObjectFromCFObject((__bridge CFTypeRef)object) : xpc_null_create(); xpc_dictionary_set_value(returnedValues, [key UTF8String], xobject); describeXPCObject("operation_get_v2: value from kvs: ", xobject); @@ -303,7 +374,7 @@ static bool operation_get_v2(xpc_connection_t peer, xpc_object_t event) else // get all values from kvs { secdebug(PROXYXPCSCOPE, "get all values from kvs"); - NSDictionary *all = [[UbiqitousKVSProxy sharedKVSProxy] copyAsDictionary]; + NSDictionary *all = [SharedProxy() copyAsDictionary]; [all enumerateKeysAndObjectsUsingBlock: ^ (id key, id obj, BOOL *stop) { xpc_object_t xobject = obj ? _CFXPCCreateXPCObjectFromCFObject((__bridge CFTypeRef)obj) : xpc_null_create(); @@ -318,44 +389,24 @@ static bool operation_get_v2(xpc_connection_t peer, xpc_object_t event) return true; } -static void cloudkeychainproxy_peer_event_handler(xpc_connection_t peer, xpc_object_t event) -{ - describeXPCObject("peer: ", peer); - xpc_type_t type = xpc_get_type(event); - if (type == XPC_TYPE_ERROR) { - if (event == XPC_ERROR_CONNECTION_INVALID) { - // The client process on the other end of the connection has either - // crashed or cancelled the connection. After receiving this error, - // the connection is in an invalid state, and you do not need to - // call xpc_connection_cancel(). Just tear down any associated state - // here. - } else if (event == XPC_ERROR_TERMINATION_IMMINENT) { - // Handle per-connection termination cleanup. - } - } else { - assert(type == XPC_TYPE_DICTIONARY); - // Handle the message. - // describeXPCObject("dictionary:", event); - dispatch_async(dispatch_get_main_queue(), ^{ - cloudkeychainproxy_peer_dictionary_handler(peer, event); - }); - } -} - static void cloudkeychainproxy_event_handler(xpc_connection_t peer) { - // By defaults, new connections will target the default dispatch - // concurrent queue. - if (xpc_get_type(peer) != XPC_TYPE_CONNECTION) { secdebug(PROXYXPCSCOPE, "expected XPC_TYPE_CONNECTION"); return; } + xpc_connection_set_target_queue(peer, [SharedProxy() ckdkvsproxy_queue]); xpc_connection_set_event_handler(peer, ^(xpc_object_t event) { - cloudkeychainproxy_peer_event_handler(peer, event); + describeXPCObject("peer: ", peer); // Only describes under debug + + // We could handle other peer events (e.g.) disconnects, + // but we don't keep per-client state so there is no need. + if (xpc_get_type(event) == XPC_TYPE_DICTIONARY) { + cloudkeychainproxy_peer_dictionary_handler(peer, event); + } }); // This will tell the connection to begin listening for events. If you @@ -368,7 +419,7 @@ static void diagnostics(int argc, const char *argv[]) { @autoreleasepool { - NSDictionary *all = [[UbiqitousKVSProxy sharedKVSProxy] copyAsDictionary]; + NSDictionary *all = [SharedProxy() copyAsDictionary]; NSLog(@"All: %@",all); } } @@ -389,11 +440,9 @@ int ckdproxymain(int argc, const char *argv[]) return 0; } - id proxyID = [UbiqitousKVSProxy sharedKVSProxy]; + UbiqitousKVSProxy* proxyID = SharedProxy(); if (proxyID) { // nothing bad happened when initializing - - xpc_connection_t listener = xpc_connection_create_mach_service(xpcServiceName, NULL, XPC_CONNECTION_MACH_SERVICE_LISTENER); xpc_connection_set_event_handler(listener, ^(xpc_object_t object){ cloudkeychainproxy_event_handler(object); }); diff --git a/Keychain/AppDelegate.h b/Keychain/AppDelegate.h deleted file mode 100644 index 899f8345..00000000 --- a/Keychain/AppDelegate.h +++ /dev/null @@ -1,15 +0,0 @@ -// -// AppDelegate.h -// Keychain -// -// Created by john on 10/22/12. -// -// - -#import - -@interface AppDelegate : UIResponder - -@property (strong, nonatomic) UIWindow *window; - -@end diff --git a/Keychain/AppDelegate.m b/Keychain/AppDelegate.m deleted file mode 100644 index 037005d0..00000000 --- a/Keychain/AppDelegate.m +++ /dev/null @@ -1,46 +0,0 @@ -// -// AppDelegate.m -// Keychain -// -// Created by john on 10/22/12. -// -// - -#import "AppDelegate.h" - -@implementation AppDelegate - -- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions -{ - // Override point for customization after application launch. - return YES; -} - -- (void)applicationWillResignActive:(UIApplication *)application -{ - // Sent when the application is about to move from active to inactive state. This can occur for certain types of temporary interruptions (such as an incoming phone call or SMS message) or when the user quits the application and it begins the transition to the background state. - // Use this method to pause ongoing tasks, disable timers, and throttle down OpenGL ES frame rates. Games should use this method to pause the game. -} - -- (void)applicationDidEnterBackground:(UIApplication *)application -{ - // Use this method to release shared resources, save user data, invalidate timers, and store enough application state information to restore your application to its current state in case it is terminated later. - // If your application supports background execution, this method is called instead of applicationWillTerminate: when the user quits. -} - -- (void)applicationWillEnterForeground:(UIApplication *)application -{ - // Called as part of the transition from the background to the inactive state; here you can undo many of the changes made on entering the background. -} - -- (void)applicationDidBecomeActive:(UIApplication *)application -{ - // Restart any tasks that were paused (or not yet started) while the application was inactive. If the application was previously in the background, optionally refresh the user interface. -} - -- (void)applicationWillTerminate:(UIApplication *)application -{ - // Called when the application is about to terminate. Save data if appropriate. See also applicationDidEnterBackground:. -} - -@end diff --git a/Keychain/CircleStatusView.h b/Keychain/CircleStatusView.h deleted file mode 100644 index 602002ee..00000000 --- a/Keychain/CircleStatusView.h +++ /dev/null @@ -1,25 +0,0 @@ -// -// CircleStatusView.h -// Security -// -// Created by John Hurley on 12/5/12. -// -// - -#import - -@interface CircleStatusView : UIView -{ -} -@property (weak, nonatomic) UIColor *color; - -@end - -@interface ItemStatusView : UIView -{ -} -@property (weak, nonatomic) UIColor *color; - -@end - - diff --git a/Keychain/CircleStatusView.m b/Keychain/CircleStatusView.m deleted file mode 100644 index ca2691e0..00000000 --- a/Keychain/CircleStatusView.m +++ /dev/null @@ -1,75 +0,0 @@ -// -// CircleStatusView.m -// Security -// -// Created by John Hurley on 12/5/12. -// -// - -#import "CircleStatusView.h" - -@implementation CircleStatusView - -- (id)initWithFrame:(CGRect)frame -{ - self = [super initWithFrame:frame]; - if (self) { - _color = [UIColor redColor]; -// NSLog(@"Frame: w: %f, h: %f", self.frame.size.width, self.frame.size.height); - } - return self; -} - -/* -// Only override drawRect: if you perform custom drawing. -// An empty implementation adversely affects performance during animation. -- (void)drawRect:(CGRect)rect -{ - // Drawing code -} -*/ - -- (void)drawRect:(CGRect)rect -{ - CGContextRef context= UIGraphicsGetCurrentContext(); - -// NSLog(@"Frame: w: %f, h: %f", self.frame.size.width, self.frame.size.height); - if (!_color) - _color= [UIColor redColor]; - CGContextSetFillColorWithColor(context, _color.CGColor); - CGContextSetAlpha(context, 0.95); - CGContextFillEllipseInRect(context, CGRectMake(0,0,self.frame.size.width,self.frame.size.height)); - - CGContextSetStrokeColorWithColor(context, _color.CGColor); - CGContextStrokeEllipseInRect(context, CGRectMake(0,0,self.frame.size.width,self.frame.size.height)); -} - -@end - -@implementation ItemStatusView - -- (id)initWithFrame:(CGRect)frame -{ - self = [super initWithFrame:frame]; - if (self) { - _color = [UIColor blueColor]; - } - return self; -} - -- (void)drawRect:(CGRect)rect -{ - CGContextRef context= UIGraphicsGetCurrentContext(); - - // NSLog(@"Frame: w: %f, h: %f", self.frame.size.width, self.frame.size.height); - if (!_color) - _color= [UIColor blueColor]; - CGContextSetFillColorWithColor(context, _color.CGColor); - CGContextSetAlpha(context, 0.95); - CGContextFillEllipseInRect(context, CGRectMake(0,0,self.frame.size.width,self.frame.size.height)); - - CGContextSetStrokeColorWithColor(context, _color.CGColor); - CGContextStrokeEllipseInRect(context, CGRectMake(0,0,self.frame.size.width,self.frame.size.height)); -} - -@end diff --git a/Keychain/Default-568h@2x.png b/Keychain/Default-568h@2x.png deleted file mode 100644 index 0891b7aabfcf3422423b109c8beed2bab838c607..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 18594 zcmeI4X;f257Jx&9fS`ixvS;&$x8J@slQFSel)6zJN=?13FB7H(lQjRkSy8x_-S~tvu2gzn1oS+dLcF#eqtq$ z%tf9TTvX?`)R@}3uBI;jzS-=ZR-Td&MHaS&;!0?Ni*#$#`n*~CcQK)Q9vAQ~TUpnI!j)a2biYK^R)M~A5wUDZhx?ULMX z3x1P&qt=trOY6P2U67L=m=U?F|5#Uj(eCueNTZaHs_ceWiHeET+j+tp3Jt9g(ekqP z2WOvfR{qV+9r+o4J5?qK>7;;^+I7tGv-i)es$X_D=EoKF+S?zsyj^oRFElP}c}JT< zd8SUs-?O?}2YD#ngKbnHgzHBcboxK_2r9l(?eNCl-pEzkJm}fY?WC*jnS?VBE4EpY zO$fEejz6fU;W2Kl>JeQBZBl-%Irg`obSlg*@4QB;Dd1H7^Oi5wvt4d{RZ!8Og?^aE z)k0$1g+V3fd(gdQ3d&q2q-FL*uy#}|bc^=VhFsl0jBgUGJ+-s3U8MK9A!YJJMxpci z5hJ%|{DwV48fZn0{n5l$N_KcSb#NKE4plB`9I6Zt=Z!~-zw0{9tg$L&Ju1F0X)Cy8 zKF;(&lJ>x)Jw(=;p~sF(Sd9VWGwFE2rnyS9!f^DZ8+aCLq zQ};>lcJ1GDLqjm6Hd>|Eabno@P`~Bn(~6^aD_#yoEH(a?Nm1S<;S+hSxI5d16^<1lEM3NPFi zkqPrpL)+ zgnseFikg`gJVBha1&7C4;O6>h=dt~`ND+;Zd?W(4v2JIb7Pt>Td42%M-Ju-XAH#Pns762L}K3 zDhvsRqN0Ni(1UrishD2YvV?4*h2iFj$+&N||Fn$4n|^NSU+o?~jq`0jVQt8T9l{7b zXiwwODFh2V!Q6sqP9S>WH$oOf$N~=d0-bqTlD61!=`&0eAP-F>XN?*|gtOXX{ zQVTWyYo4ZK0GAw!GHf|pz9`D;-bbb*5LBX*{bnz|+)$@&P9|ORM2o?95{;ejvo&r- zq8cBhTN6nn)7~W>54U)%-F_-b?YKdfk5I8MHcuzBD5)!;yv#Z&R&^y=@=>VTIMy#r zX&U<=BsPkdqcMe<_}2+>H%XKyrr5ZR8_KVe>ZqYN z^=^~TFD};;rHJ$U;{~w^hYojl4hRI@SH$^K{YEo=sg)WY87r!*7blQK&qnpDo0`Vn zkl)9u9g=mCh&ZCJS(L4yN3k0kQ zuvg$h2KEEk51T+O0JQ+r0`R>g{jvqM0Mr6d3qUOZwE!?PI7HY@CE|dr sfw?Q;rAv?G4&^^8-z_>&sWXMxvD*gPOU4CBe-*@OtE+wfmVJNyHv)PfH~;_u diff --git a/Keychain/Default.png b/Keychain/Default.png deleted file mode 100644 index 4c8ca6f693f96d511e9113c0eb59eec552354e42..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6540 zcmeAS@N?(olHy`uVBq!ia0y~yU~~ZD2OMlbkt;o0To@QwR5G2N13aCb6#|O#(=u~X z85k@CTSM>X-wqM6>&y>YB4)1;;ojbLbbV-W^iFB1wa3^zCog^LCAReC4K0-?R_2{6 zrP*)4+_uWUy3w5N52M3PW_}MFMP9a~>YLvVZ1D_k*IMQ2QT^fwzoOb(*3gH$%aYWC zkHmcab=va2<#X%jakpJ;<1@F;k__#bwtC&%^D0v(FBh9K&$sK+<}2RJS609D)17$w ztdQP8(eLM8Ka}m_IQ@3wyMKP)l=oM4-?`YS_*P?4V_ORLPxsj&7Ju#kH;>6^Kp?T7~ zl+q?{UOOqV==?+d{=)5s|M~T1mwtH@+Z^$G&eEO9JNP^AX@3jZ*J*!!>lc|1-W%fA z@AOQpXZ_Lt>rxFXrGp*zLPiW@uo_c7C{As>j zWeX)wi+LTp_)@KYZCX{j;H?|1yXT4DnlS(Fr8gyP5|uaX_gLvaW0ScZdnG7o+u{T6 zFI-%d{ls*WuCDa5UJ@|RXv&ejZe}*BMkiWY51&pnRPw(hlykSzvj6e%mYz-GdvzBD zF10?szF_~!jS=?2HyQuPCvARXAe}C}WP|yQ*>5~~=*Nxq8+HHW1~FMDRCP^TcacKuk$ z(U#REVv)D!PhJ*ecH-ELFUrfyV&*)Z)>UCOuS?yd^L@Afk>ihynYPc{^CRwu+JHX+#$@YsC4c|l0tGigsn@jy) zXD($Ouk>H+V(Mr6NQT0S9BFM~V6nkj;1OBOz`zY;a|<&v%$g$sEJPk;hD4M^`1)8S z=jZArrsOB3>Q&?x097+E*i={nnYpPYi3%0DIeEoa6}C!X6;?ntNLXJ<0j#7X+g2&U zH$cHTzbI9~RL@Y)NXd>%K|#T$C?(A*$i)q+9mum)$|xx*u+rBrFE7_CH`dE9O4m2E zw6xSWFw!?N(gmu}Ew0QfNvzP#D^`XW0yD=YwK%ybv!En1KTiQ3|)OBHVcpi zp&D%TL4k-AsNfg_g$9~9p}$+4Ynr|VULLgiakg&)DD)EWO!OHC@snXr}UI${nVUP zpr1>Mf#G6^ng~;pt%^&NvQm>vU@-wn)!_JWN=(;B61LIDR86%A1?G9U(@`={MPdPF zbOKdd`R1o&rd7HmmZaJl85kPr8kp-EnTHsfS{ayIfdU*&4N@e5WSomq6HD@oLh|!- z?7;Dr3*ssm=^5w&a}>G?yzvAH17L|`#|6|0E4}QvA~xC{V_*wu2^AHZU}H9f($4F$btFf{}TLQXUhF5fht1@YV$^ z9BUdFV+73^nIsvRXRM40U}6b7z_6}kHbY}i1LK(xT@6Mi?F5GKBfbp|ZU-3BR*6kv zXcRSQ(0-)mprD+wTr)o_4I;(%zOu)+jEgNB)_SXCVoSa}|F?cfwR!69+L=W3IX z!UiU`0@ph%94Rb33Cpq^IY*r_8XBW%V>G9XmK&p`=xCiXTEmXEH%41uqixaAmicH0 zVYIt6!aI*K%s=kP-v##6IXGZ2Cama>{@)81;C?K-P&M2k<0!GL}5+H~XTq*@SQi|Ft z2*0X`$`8S!qO#)xBeJRkf?;t189=ZB6Imw-h=`q;FP(2UpWZvmJ@=k-@45M(dtb7r zyVEiaLk$=Vw#>zu;st}j6Jf9=m1+nXCFe!$1PrEZ%5Ze_ba8YX_9-*rJujiLuQmJo&2v+Cxes}ec zU|qeux&7*yz#W=X_|wGQskL7*OHNjwFs@sEC+64Hb$Z(#H21Gh$Pe2WzOubdr6fzg z{l{!k%OD?N5Z7j33SoK?YdV6Scm>})U+MIQLNRgIvkZQEc^mP9XBPg%y|S$~Br|;N zk?-!-(Qqh_mQ|6WINQ{hHAjBRV#O#!FkAJ+oxy`L#f8V45*VvWMJFBB5m zG6vOLtDvgoDjHlSq-*h5xM56O>Jjau2f2IxKItIb@coX4XTyf$^{LZG&lI|D95wN1 z!fo0)q>WV7-V;q|A?HR!*bgozJw%j98-~gwBKVV0;=hZIF>7oJSr2YjOWO*rSxz#& z;KXnDrJVZp;Yduiy1-H%s$ZFz6Q=x@$V_B@Tqwl?>6e;EHt|MiK<(#hXQMuj@Jseeh&eN{FxsQ$iw>D1aX1HMMlUbh?Z zmhY4eHffn5&LUbL_}o8|$JYz&$WFiLWmEg0ZPX+;W>@CxQz-%{E5+P7dH9&ey_y$R z@Zzje>2B%z!i!7Brqi{t5Y)~5>vpqRs~2aXD8DVE8vKl=`k(`duI1-k@?!pJ^HA6S zS;3WpuhjQHyoC>X>Xf8gze%_8^#+^RTV>V9&YPAWMjd~%xpSg?ON?kK^X*Pb(o8jR zz;DmaOWMMr6=M~K?MFx4_xDkARTxLJ@W@ohAx z5RD0jGgk?QL@H`VubD2k4}?VtB8@g`%hHBA$2pJ(gK5g1HMNysXEF_BNu-p!&+Qa8_APgopHWnRgg=TZZF*sXWTMQPD z!Q(Au5|+F;7M~`tWbsU98~NA{h0Y7%GB|t&n}w9OOABU4^X*V5xuN;rY(M#ouuqm) zyt!e?28fY!FgP?8GvBsMl_aM^UUVKiGFsleFN?t^<46kO#pF-cX0;sIOb(aM z)^jQgX^Z6pKA9mC@N)_aiHj9HxD2|?A@Y9B_h}(*v3%ek8CXc1Qy^jFPF&zrMa1OZ zSVaF{&ZY|(|H0XE&X>-XQz1`=fF2n@VKC_|h3jlKVM&-jmyMavllcYr`6LVtfq2ou zd+8zkkCB+2)rxq0Lkq_&Ad@g(O8;pAm96>tu79?81T@Z<;gm^3ZtPG-SR94Mr<3tm z9NrR3u*4I5aMlo(09g@8m_;%Rf+XiSa_KZao9n}7N0JrsV#;5Ucr+F*TTzQ8{%f3O zeIUy?WDS|-$LvMc@Z7320)tr}bfIka5hx9H;8H|%our=C+Do0CSFRWue14o5#r8v2 zw=|&r4*eMX%lgCV(ka?*j%H^UuP4LmBC(ON`)&7>NF-|PDRU{-7o`CU0HNbd&c~))@yl9IKu_ zXA+A-!khpP_yx=f#qt2_0ptmgBf4gF!{Y)MW6R$cC1d7@$Yb?+_j zYwfE^5_e`vhT zX=u3r>4$fsxP&apbm@Rcbyuc2T=giqZiMo9@9=oua6#YH0hO-1ak9^rJTPMM qY4Yr5Cu^v99p{E9VdroUHKlRW;M8#BJ^AOQE?e9wSHJo8(7yq;BYKSh diff --git a/Keychain/DeviceItemCell.h b/Keychain/DeviceItemCell.h deleted file mode 100644 index 5da86533..00000000 --- a/Keychain/DeviceItemCell.h +++ /dev/null @@ -1,14 +0,0 @@ -// -// DeviceItemCell.h -// Security -// -// - -#import - -@interface DeviceItemCell : UITableViewCell -@property (weak, nonatomic) IBOutlet UILabel *itemDeviceName; -@property (weak, nonatomic) IBOutlet UILabel *itemPeerID; -@property (weak, nonatomic) IBOutlet UILabel *itemDeviceStatus; - -@end diff --git a/Keychain/DeviceItemCell.m b/Keychain/DeviceItemCell.m deleted file mode 100644 index d6b96821..00000000 --- a/Keychain/DeviceItemCell.m +++ /dev/null @@ -1,32 +0,0 @@ -// -// DeviceItemCell.m -// Security -// -// - -#import "DeviceItemCell.h" - -@implementation DeviceItemCell - -- (id)initWithStyle:(UITableViewCellStyle)style reuseIdentifier:(NSString *)reuseIdentifier -{ - self = [super initWithStyle:style reuseIdentifier:reuseIdentifier]; - if (self) { - // Initialization code - } - return self; -} - -- (void)setSelected:(BOOL)selected animated:(BOOL)animated -{ - [super setSelected:selected animated:animated]; - - // Configure the view for the selected state -} - -+ (NSString *)reuseIdentifier -{ - return @"DeviceItemCellIdentifier"; -} - -@end diff --git a/Keychain/DeviceTableViewController.h b/Keychain/DeviceTableViewController.h deleted file mode 100644 index e92b1d18..00000000 --- a/Keychain/DeviceTableViewController.h +++ /dev/null @@ -1,20 +0,0 @@ -// -// KCATableViewController.h -// Security -// -// Created by John Hurley on 10/22/12. -// -// - -#import - -@class DeviceItemCell; - -@interface DeviceTableViewController : UITableViewController -//@property (assign, nonatomic) IBOutlet KeychainItemCell *kcitemCell; -@property (strong, nonatomic) NSArray *kcItemStatuses; -@property (strong, nonatomic) NSArray *kcItemNames; - -- (NSArray *)getItems; - -@end diff --git a/Keychain/DeviceTableViewController.m b/Keychain/DeviceTableViewController.m deleted file mode 100644 index bca1ac09..00000000 --- a/Keychain/DeviceTableViewController.m +++ /dev/null @@ -1,180 +0,0 @@ -// -// DeviceTableViewController.m -// Security -// -// - - -#import "DeviceTableViewController.h" -#import "DeviceItemCell.h" - -static NSString *redCircle = @"🔴"; -static NSString *blueCircle = @"🔵"; - -enum -{ - KCA_ITEM_STATUS_ID = 300, - KCA_ITEM_NAME_ID = 301, - KCA_ITEM_ACCT_ID = 302, -}; - -@interface DeviceTableViewController () - -@end - -@implementation DeviceTableViewController - -- (id)initWithStyle:(UITableViewStyle)style -{ - NSLog(@"DeviceTableViewController: initWithStyle"); - if (self = [super initWithStyle:style]) - { - // Custom initialization - // [self.tableView registerClass:(Class)[KeychainItemCell class] forCellReuseIdentifier:(NSString *)@"kciCell"]; - - _kcItemStatuses = [[NSArray alloc] initWithObjects:@"",redCircle, blueCircle,@"",@"",blueCircle,nil]; - _kcItemNames = [[NSArray alloc] initWithObjects:@"Facebook",@"iCloud", @"WSJ",@"Twitter",@"NYTimes",@"Wells Fargo", nil]; - // self.navigationItem.rightBarButtonItem = self.editButtonItem; - } - return self; -} - -#if 0 -- (void)viewDidLoad -{ - NSLog(@"DeviceTableViewController: viewDidLoad"); - [super viewDidLoad]; - - // Uncomment the following line to preserve selection between presentations. - // self.clearsSelectionOnViewWillAppear = NO; - _kcItemStatuses = [[NSArray alloc] initWithObjects:@"",redCircle, blueCircle,@"",@"",nil]; - _kcItemNames = [[NSArray alloc] initWithObjects:@"Facebook",@"iCloud", @"WSJ",@"Twitter",@"NYTimes",nil]; - - // Uncomment the following line to display an Edit button in the navigation bar for this view controller. - self.navigationItem.rightBarButtonItem = self.editButtonItem; -} -#endif - -- (void)didReceiveMemoryWarning -{ - [super didReceiveMemoryWarning]; - // Dispose of any resources that can be recreated. -} - -- (void)prepareForSegue:(UIStoryboardSegue *)segue sender:(id)sender -{ - if ([[segue identifier] isEqualToString:@"ItemDetail"]) - { -#if 0 - KCAItemDetailViewController *detailViewController = [segue destinationViewController]; - NSIndexPath *myIndexPath = [self.tableView indexPathForSelectedRow]; - int row = [myIndexPath row]; - //TODO - horribly inefficient ! - NSArray *items = [self getItems]; - detailViewController.itemDetailModel = [items objectAtIndex: row]; -#endif - } -} - -// MARK: - Table view data source - -- (NSArray *)getItems -{ - NSArray *allItems = NULL;//(NSArray *)[[MyKeychain sharedInstance] fetchDictionaryAll]; - return allItems; -} - -- (NSInteger)numberOfSectionsInTableView:(UITableView *)tableView -{ - // Return the number of sections. - NSLog(@"numberOfSectionsInTableView"); - return 1; //TODO -} - -- (NSInteger)tableView:(UITableView *)tableView numberOfRowsInSection:(NSInteger)section -{ - // Return the number of rows in the section. - - // SOSCircleCountPeers(circle) + SOSCircleCountApplicants(circle) - - static bool dumpedit = false; - - if (!dumpedit) - { - NSMutableDictionary *allItems = NULL;//[[MyKeychain sharedInstance] fetchDictionaryAll]; - NSLog(@"numberOfRowsInSection: items: %lu", (unsigned long)[allItems count]); - - dumpedit = true; - } - //TODO -#if _USE_TEST_DATA -return _kcItemStatuses.count; -#else - NSInteger count = [[self getItems] count]; - NSLog(@"numberOfRowsInSection: %ld", (long)count); - return count; -#endif - - return 1; -} - -- (UITableViewCell *)tableView:(UITableView *)tableView cellForRowAtIndexPath:(NSIndexPath *)indexPath -{ -#if 1 - NSLog(@"cellForRowAtIndexPath %@", indexPath); - -//- (id)dequeueReusableCellWithIdentifier:(NSString *)identifier forIndexPath:(NSIndexPath *)indexPath NS_AVAILABLE_IOS(6_0); // newer dequeue method guarantees a cell is returned and resized properly, assuming identifier is registered - -// KeychainItemCell *cell = [tableView dequeueReusableCellWithIdentifier:CellIdentifier]; - -// UITableViewCell *cell = [tableView dequeueReusableCellWithIdentifier:KCAItemCellIdentifier forIndexPath:(NSIndexPath *)indexPath]; - UITableViewCell *cell = [tableView dequeueReusableCellWithIdentifier:@"deviceTableCell" forIndexPath:(NSIndexPath *)indexPath]; - if (cell == nil) - { - NSLog(@"cellForRowAtIndexPath : cell was nil"); - cell = [[UITableViewCell alloc] initWithStyle:UITableViewCellStyleDefault reuseIdentifier:@"deviceTableCell"]; - } - - // Configure the cell... - - NSUInteger row = [indexPath row]; - -#if _USE_TEST_DATA - UILabel *statusLabel = (UILabel *)[cell viewWithTag:KCA_ITEM_STATUS_ID]; - statusLabel.text = [_kcItemStatuses objectAtIndex: row]; - UILabel *nameLabel = (UILabel *)[cell viewWithTag:KCA_ITEM_NAME_ID]; - nameLabel.text = [_kcItemNames objectAtIndex: row]; -#else - NSArray *items = [self getItems]; - NSDictionary *theItem = [items objectAtIndex: row]; - UILabel *statusLabel = (UILabel *)[cell viewWithTag:KCA_ITEM_STATUS_ID]; - statusLabel.text = [_kcItemStatuses objectAtIndex: row]; - UILabel *nameLabel = (UILabel *)[cell viewWithTag:KCA_ITEM_NAME_ID]; - nameLabel.text = [theItem objectForKey: (__bridge id)(kSecAttrService)]; - UILabel *accountLabel = (UILabel *)[cell viewWithTag:KCA_ITEM_ACCT_ID]; - accountLabel.text = [theItem objectForKey: (__bridge id)(kSecAttrAccount)]; -#endif - -/* - WHY DOESNT THIS WORK !!! - cell.itemAccount.text = - cell.itemStatus.text = - cell.itemName.text = [_kcItemNames objectAtIndex: [indexPath row]]; -*/ - return cell; -#else - static NSString *CellIdentifier = @"DeviceCell"; - UITableViewCell *cell = [tableView dequeueReusableCellWithIdentifier:CellIdentifier]; - if (cell == nil) { - cell = [[UITableViewCell alloc] initWithStyle:UITableViewCellStyleDefault reuseIdentifier:CellIdentifier]; - } - - // Configure the cell... -// cell.textLabel.text = @"1234"; - cell.textLabel.text = self.objects[indexPath.row]; -#endif - return cell; -} - - -@end diff --git a/Keychain/DeviceViewController.h b/Keychain/DeviceViewController.h deleted file mode 100644 index 08f85e66..00000000 --- a/Keychain/DeviceViewController.h +++ /dev/null @@ -1,13 +0,0 @@ -// -// DeviceViewController.h -// Security -// -// Created by john on 11/18/12. -// -// - -#import - -@interface DeviceViewController : UIViewController - -@end diff --git a/Keychain/DeviceViewController.m b/Keychain/DeviceViewController.m deleted file mode 100644 index e893ed50..00000000 --- a/Keychain/DeviceViewController.m +++ /dev/null @@ -1,38 +0,0 @@ -// -// DeviceViewController.m -// Security -// -// Created by john on 11/18/12. -// -// - -#import "DeviceViewController.h" - -@interface DeviceViewController () - -@end - -@implementation DeviceViewController - -- (id)initWithNibName:(NSString *)nibNameOrNil bundle:(NSBundle *)nibBundleOrNil -{ - self = [super initWithNibName:nibNameOrNil bundle:nibBundleOrNil]; - if (self) { - // Custom initialization - } - return self; -} - -- (void)viewDidLoad -{ - [super viewDidLoad]; - // Do any additional setup after loading the view. -} - -- (void)didReceiveMemoryWarning -{ - [super didReceiveMemoryWarning]; - // Dispose of any resources that can be recreated. -} - -@end diff --git a/Keychain/EditItemViewController.h b/Keychain/EditItemViewController.h deleted file mode 100644 index 19204f96..00000000 --- a/Keychain/EditItemViewController.h +++ /dev/null @@ -1,22 +0,0 @@ -// -// EditItemViewController.h -// Security -// -// Created by john on 10/24/12. -// -// - -#import - -@interface EditItemViewController : UIViewController -{ - dispatch_group_t dgroup; - dispatch_queue_t xpc_queue; -} -@property (strong, nonatomic) NSDictionary *itemDetailModel; - -@property (weak, nonatomic) IBOutlet UITextField *itemName; -@property (weak, nonatomic) IBOutlet UITextField *itemAccount; -@property (weak, nonatomic) IBOutlet UITextField *itemPassword; - -@end diff --git a/Keychain/EditItemViewController.m b/Keychain/EditItemViewController.m deleted file mode 100644 index 6b743d17..00000000 --- a/Keychain/EditItemViewController.m +++ /dev/null @@ -1,94 +0,0 @@ -// -// EditItemViewController.m -// Security -// -// Created by john on 10/24/12. -// -// - -#import "EditItemViewController.h" -#import "MyKeychain.h" -//#import -//#import -#import -#import -#include "utilities.h" - -static const CFStringRef kAddItemKeyY = CFSTR("AddItem"); - - -@interface EditItemViewController () - -@end - -@implementation EditItemViewController - -- (id)initWithNibName:(NSString *)nibNameOrNil bundle:(NSBundle *)nibBundleOrNil -{ - self = [super initWithNibName:nibNameOrNil bundle:nibBundleOrNil]; - if (self) { - // Custom initialization - } - return self; -} - -- (void)viewDidLoad -{ - [super viewDidLoad]; - // Do any additional setup after loading the view. - NSLog(@"_itemDetailModel: %@", _itemDetailModel); - - dgroup = dispatch_group_create(); - xpc_queue = dispatch_queue_create("EditItemViewController", DISPATCH_QUEUE_CONCURRENT); - _itemName.text = [_itemDetailModel objectForKey:(__bridge id)(kSecAttrService)]; - _itemAccount.text = [_itemDetailModel objectForKey:(__bridge id)(kSecAttrAccount)]; -// _itemPassword.text = @"TODO";//[_itemDetailModel objectForKey:(__bridge id)(kSecValueData)]; - NSData *pwdData = [_itemDetailModel objectForKey:(__bridge id)(kSecValueData)]; - if (pwdData) - { - NSString *pwd = [[NSString alloc] initWithData:pwdData encoding:NSUTF8StringEncoding]; - _itemPassword.text = pwd; - } - else - _itemPassword.text = @""; - -} - -- (void)didReceiveMemoryWarning -{ - [super didReceiveMemoryWarning]; - // Dispose of any resources that can be recreated. -} - -- (void)postToCloud:(NSDictionary *)kcitem -{ - CFErrorRef error = NULL; - testPutObjectInCloud(kAddItemKeyY, (__bridge CFTypeRef)(kcitem), &error, dgroup, xpc_queue); - NSLog(@"NOT IMPLEMENTED: Sent new item to cloud: %@", kcitem); -} - -- (IBAction)handlePasswordEditDone:(id)sender -{ - NSLog(@"handlePasswordEditDone"); - - NSMutableDictionary *newItem = [NSMutableDictionary dictionaryWithCapacity:0]; - [newItem setObject:[_itemPassword text] forKey:kItemPasswordKey]; - [newItem setObject:[_itemAccount text] forKey:kItemAccountKey]; - [newItem setObject:[_itemName text] forKey:kItemNameKey]; - - [[MyKeychain sharedInstance] setItem:newItem]; - [self postToCloud:newItem]; -} - - -- (void)prepareForSegue:(UIStoryboardSegue *)segue sender:(id)sender -{ - NSLog(@"prepareForSegue EditDone"); - if ([[segue identifier] isEqualToString:@"EditDone"]) - { - NSLog(@"seque EditDone"); - [self handlePasswordEditDone:NULL]; - } -} - -@end diff --git a/Keychain/FirstViewController.h b/Keychain/FirstViewController.h deleted file mode 100644 index 03af16ff..00000000 --- a/Keychain/FirstViewController.h +++ /dev/null @@ -1,13 +0,0 @@ -// -// FirstViewController.h -// Keychain -// -// Created by john on 10/22/12. -// -// - -#import - -@interface FirstViewController : UIViewController - -@end diff --git a/Keychain/FirstViewController.m b/Keychain/FirstViewController.m deleted file mode 100644 index dbe940ee..00000000 --- a/Keychain/FirstViewController.m +++ /dev/null @@ -1,29 +0,0 @@ -// -// FirstViewController.m -// Keychain -// -// Created by john on 10/22/12. -// -// - -#import "FirstViewController.h" - -@interface FirstViewController () - -@end - -@implementation FirstViewController - -- (void)viewDidLoad -{ - [super viewDidLoad]; - // Do any additional setup after loading the view, typically from a nib. -} - -- (void)didReceiveMemoryWarning -{ - [super didReceiveMemoryWarning]; - // Dispose of any resources that can be recreated. -} - -@end diff --git a/Keychain/KCAItemDetailViewController.h b/Keychain/KCAItemDetailViewController.h deleted file mode 100644 index fc007a56..00000000 --- a/Keychain/KCAItemDetailViewController.h +++ /dev/null @@ -1,22 +0,0 @@ -// -// KCAItemDetailViewController.h -// Security -// -// Created by John Hurley on 10/24/12. -// -// - -#import - -@interface KCAItemDetailViewController : UIViewController -{ - -} -@property (weak, nonatomic) NSDictionary *itemDetailModel; -@property (weak, nonatomic) IBOutlet UITextField *itemName; -@property (weak, nonatomic) IBOutlet UITextField *itemAccount; -@property (weak, nonatomic) IBOutlet UITextField *itemPassword; -@property (weak, nonatomic) IBOutlet UITextField *itemCreated; -@property (weak, nonatomic) IBOutlet UITextField *itemModified; - -@end diff --git a/Keychain/KCAItemDetailViewController.m b/Keychain/KCAItemDetailViewController.m deleted file mode 100644 index e93c50d5..00000000 --- a/Keychain/KCAItemDetailViewController.m +++ /dev/null @@ -1,65 +0,0 @@ -// -// KCAItemDetailViewController.m -// Security -// -// Created by John Hurley on 10/24/12. -// -// - -#import "KCAItemDetailViewController.h" -#import "EditItemViewController.h" - -@interface KCAItemDetailViewController () - -@end - -@implementation KCAItemDetailViewController - -- (id)initWithNibName:(NSString *)nibNameOrNil bundle:(NSBundle *)nibBundleOrNil -{ - self = [super initWithNibName:nibNameOrNil bundle:nibBundleOrNil]; - if (self) { - // Custom initialization - } - return self; -} - -- (void)viewDidLoad -{ - [super viewDidLoad]; - // Do any additional setup after loading the view. - -// NSLog(@"_itemDetailModel: %@", _itemDetailModel); - _itemName.text = [_itemDetailModel objectForKey:(__bridge id)(kSecAttrService)]; - _itemAccount.text = [_itemDetailModel objectForKey:(__bridge id)(kSecAttrAccount)]; - - NSData *pwdData = [_itemDetailModel objectForKey:(__bridge id)(kSecValueData)]; - if (pwdData) - { - NSString *pwd = [[NSString alloc] initWithData:pwdData encoding:NSUTF8StringEncoding]; - _itemPassword.text = pwd; - } - else - _itemPassword.text = @""; - - _itemCreated.text = [[_itemDetailModel objectForKey:(__bridge id)(kSecAttrCreationDate)] description]; - _itemModified.text = [[_itemDetailModel objectForKey:(__bridge id)(kSecAttrModificationDate)] description]; -} - -- (void)didReceiveMemoryWarning -{ - [super didReceiveMemoryWarning]; - // Dispose of any resources that can be recreated. -} - -- (void)prepareForSegue:(UIStoryboardSegue *)segue sender:(id)sender -{ - if ([[segue identifier] isEqualToString:@"ItemEdit"]) - { - NSLog(@"Preparing seque to EditItemViewController: %@", _itemDetailModel); - EditItemViewController *editItemViewController = [segue destinationViewController]; - editItemViewController.itemDetailModel = [NSDictionary dictionaryWithDictionary:_itemDetailModel]; - } -} - -@end diff --git a/Keychain/KCATableViewController.h b/Keychain/KCATableViewController.h deleted file mode 100644 index 79d5f9d6..00000000 --- a/Keychain/KCATableViewController.h +++ /dev/null @@ -1,26 +0,0 @@ -// -// KCATableViewController.h -// Security -// -// Created by John Hurley on 10/22/12. -// -// - -#import - -@class KeychainItemCell; - -@interface KCATableViewController : UITableViewController -{ - int notificationToken; - bool hasUnlockedRecently; -} -//@property (assign, nonatomic) IBOutlet KeychainItemCell *kcitemCell; -@property (strong, nonatomic) NSArray *kcItemStatuses; -@property (strong, nonatomic) NSArray *kcItemNames; -@property (strong, nonatomic) NSTimer *lockTimer; -@property (strong, nonatomic) NSTimer *recentTimer; - -- (NSArray *)getItems; - -@end diff --git a/Keychain/KCATableViewController.m b/Keychain/KCATableViewController.m deleted file mode 100644 index ded63880..00000000 --- a/Keychain/KCATableViewController.m +++ /dev/null @@ -1,312 +0,0 @@ -// -// KCATableViewController.m -// Security -// -// Created by John Hurley on 10/22/12. -// -// - -/* - Sample: - - (lldb) po allItems - (NSMutableDictionary *) $3 = 0x0855f200 <__NSCFArray 0x855f200>( - { - acct = "Keychain Sync Test Account"; - agrp = test; - cdat = "2012-10-04 21:59:46 +0000"; - gena = <4b657963 6861696e 2053796e 63205465 73742050 61737377 6f726420 44617461>; - mdat = "2012-10-08 21:02:39 +0000"; - pdmn = ak; - svce = "Keychain Sync Test Service"; - }, - { - acct = ""; - agrp = test; - cdat = "2012-10-22 21:08:14 +0000"; - gena = <4b657963 6861696e 2053796e 63205465 73742050 61737377 6f726420 44617461>; - mdat = "2012-10-22 21:08:14 +0000"; - pdmn = ak; - svce = ""; - }, - { - acct = iacct; - agrp = test; - cdat = "2012-10-22 21:08:29 +0000"; - gena = <4b657963 6861696e 2053796e 63205465 73742050 61737377 6f726420 44617461>; - mdat = "2012-10-22 21:08:29 +0000"; - pdmn = ak; - svce = iname; - }, - { - acct = bar; - agrp = test; - cdat = "2012-10-23 16:57:03 +0000"; - gena = <4b657963 6861696e 2053796e 63205465 73742050 61737377 6f726420 44617461>; - mdat = "2012-10-23 16:57:03 +0000"; - pdmn = ak; - svce = baz; - }, - { - acct = foo9; - agrp = test; - cdat = "2012-10-24 22:11:54 +0000"; - gena = <4b657963 6861696e 2053796e 63205465 73742050 61737377 6f726420 44617461>; - mdat = "2012-10-24 22:11:54 +0000"; - pdmn = ak; - svce = passfoo9; - } - ) -*/ - -#import "KCATableViewController.h" -#import "KeychainItemCell.h" -#import "MyKeychain.h" -#import "KCAItemDetailViewController.h" -#import -#import -#import -#import -#if TARGET_OS_EMBEDDED -#import -#endif - - -@interface KCATableViewController () -@end - -@implementation KCATableViewController - -- (void)viewDidLoad -{ - NSLog(@"KCATableViewController: viewDidLoad"); - [super viewDidLoad]; - - _lockTimer = [NSTimer timerWithTimeInterval:15.0 target:self selector:@selector(stopLockTimer:) userInfo:nil repeats:YES]; - [[NSRunLoop currentRunLoop] addTimer: _lockTimer forMode: NSDefaultRunLoopMode]; - - notify_register_dispatch(kSecServerKeychainChangedNotification, ¬ificationToken, dispatch_get_main_queue(), - ^ (int token __unused) - { - NSLog(@"Received %s", kSecServerKeychainChangedNotification); - [self.tableView reloadData]; - }); -} - -- (void)didReceiveMemoryWarning -{ - [super didReceiveMemoryWarning]; - // Dispose of any resources that can be recreated. -} - -- (BOOL)shouldPerformSegueWithIdentifier:(NSString *)identifier sender:(id)sender -{ - // Invoked immediately prior to initiating a segue. Return NO to prevent the segue from firing. The default implementation returns YES. - if (hasUnlockedRecently) - return YES; - if ([identifier isEqualToString:@"ItemDetail"]) - return [self askForPassword]; - return YES; -} - -- (void)prepareForSegue:(UIStoryboardSegue *)segue sender:(id)sender -{ - if ([[segue identifier] isEqualToString:@"ItemDetail"]) - { - KCAItemDetailViewController *detailViewController = [segue destinationViewController]; - NSIndexPath *myIndexPath = [self.tableView indexPathForSelectedRow]; - CFIndex row = [myIndexPath row]; - //TODO - horribly inefficient ! - NSArray *items = [self getItems]; - detailViewController.itemDetailModel = [items objectAtIndex: row]; - } -} - -// MARK: - Table view data source - -- (NSArray *)getItems -{ - // Each array element is a dictionary. If svce is present, compare - NSArray *allItems = (NSArray *)[[MyKeychain sharedInstance] fetchDictionaryAll]; - - return [allItems sortedArrayUsingComparator:^NSComparisonResult(id obj1, id obj2) { - NSString *service1 = obj1[(__bridge id)(kSecAttrService)]; - NSString *service2 = obj2[(__bridge id)(kSecAttrService)]; - return [service1 compare:service2]; - }]; - - return allItems; -} - -- (NSInteger)numberOfSectionsInTableView:(UITableView *)tableView -{ - // Return the number of sections. - return 1; //TODO -} - -- (NSInteger)tableView:(UITableView *)tableView numberOfRowsInSection:(NSInteger)section -{ - // Return the number of rows in the section. - NSInteger count = [[self getItems] count]; -// NSLog(@"numberOfRowsInSection: %d", count); - self.navigationController.navigationBar.topItem.title = [NSString stringWithFormat:@"All Items (%ld)", (long)count]; - -// NSLog(@"Items: %@", [self getItems]); - return count; -} - -- (BOOL)itemUpdatedRecently:(NSDictionary *)item -{ - const NSTimeInterval recent = 15.0; // within the last 15 seconds - NSDate *modDate = [item[(__bridge id)kSecAttrModificationDate] dateByAddingTimeInterval:recent]; - NSDate *now = [NSDate dateWithTimeIntervalSinceNow:0]; - -// NSLog(@"Mod date: %@, now: %@", modDate, now); - return [modDate compare:now] == NSOrderedDescending; // i.e. modDate+15s > now -} - -- (UITableViewCell *)tableView:(UITableView *)tableView cellForRowAtIndexPath:(NSIndexPath *)indexPath -{ - KeychainItemCell *cell = [tableView dequeueReusableCellWithIdentifier:@"kcTableCell" forIndexPath:(NSIndexPath *)indexPath]; - if (cell == nil) - { - NSLog(@"cellForRowAtIndexPath : cell was nil"); - cell = [[KeychainItemCell alloc] initWithStyle:UITableViewCellStyleDefault reuseIdentifier:@"kcTableCell"]; - } - - // Configure the cell... - - NSUInteger row = [indexPath row]; - - NSArray *items = [self getItems]; - NSDictionary *theItem = [items objectAtIndex: row]; - - NSString *svce = [theItem objectForKey: (__bridge id)(kSecAttrService)]; - NSString *acct = [theItem objectForKey: (__bridge id)(kSecAttrAccount)]; - - - if ([self itemUpdatedRecently:theItem]) - [cell startCellFlasher]; -/* else - cell.itemStatus.text = @""; -*/ - cell.itemName.text = (svce && [svce length]) ? svce : @"<>"; - cell.itemAccount.text = (acct && [acct length])? acct : @"<>"; - - [cell.itemAccount setTextColor:[UIColor grayColor]]; - - return cell; -} - -- (void)tableView:(UITableView *)tableView commitEditingStyle:(UITableViewCellEditingStyle)editingStyle forRowAtIndexPath:(NSIndexPath *)indexPath -{ - OSStatus status; - NSUInteger row = [indexPath row]; - - NSArray *items = [self getItems]; - NSDictionary *item = [items objectAtIndex: row]; - NSMutableDictionary *query = [NSMutableDictionary dictionaryWithDictionary:item]; - - [query removeObjectForKey:(__bridge id)kSecValueData]; - [query removeObjectForKey:(__bridge id)kSecAttrCreationDate]; - [query removeObjectForKey:(__bridge id)kSecAttrModificationDate]; - [query removeObjectForKey:(__bridge id)kSecAttrGeneric]; - [query removeObjectForKey:@"tomb"]; - query[(__bridge id)(kSecClass)] = (__bridge id)(kSecClassGenericPassword); - -// NSLog(@"Item: %@", item); -// NSLog(@"Query: %@", query); - status = SecItemDelete((__bridge CFDictionaryRef)query); - if (status) - NSLog(@"Error from SecItemDelete: %d", (int)status); - else - [self.tableView reloadData]; -} - -// MARK: Ask for PIN - -- (void)startLockTimer -{ - NSLog(@"startLockTimer"); - hasUnlockedRecently = true; - [_lockTimer setFireDate:[NSDate dateWithTimeIntervalSinceNow:60.0]]; -} - -- (void)stopLockTimer:(NSTimer *)timer -{ -// NSLog(@"stopLockTimer"); - // Call when we hit home button -// [_lockTimer invalidate]; - hasUnlockedRecently = false; -} - -- (BOOL)unlockDeviceWithPasscode:(NSString *)passcode -{ -#if TARGET_OS_EMBEDDED - int status = kMobileKeyBagError; - NSData *passcodeData = [passcode dataUsingEncoding:NSUTF8StringEncoding]; - if (MKBGetDeviceLockState(NULL) != kMobileKeyBagDisabled) - status = MKBUnlockDevice((__bridge CFDataRef)passcodeData, NULL); - else - status = kMobileKeyBagSuccess; - - // #define kMobileKeyBagDeviceLockedError (-2) - - if (status != kMobileKeyBagSuccess) - { - NSLog(@"Could not unlock device. Error: %d", status); - return NO; - } -#endif - [self startLockTimer]; - return YES; -} - -#define NO_AUTOCAPITALIZATION 0 -#define NO_AUTOCORRECTION 1 - -- (BOOL)askForPassword -{ - // Return YES if authenticated - CFUserNotificationRef dialog_alert = 0; - SInt32 err; - NSMutableDictionary *nd = [NSMutableDictionary dictionaryWithCapacity:0]; - CFOptionFlags flags = kCFUserNotificationCautionAlertLevel | kCFUserNotificationNoDefaultButtonFlag; - NSString *passcode; - - // Header and buttons - nd[(NSString *)kCFUserNotificationAlertHeaderKey] = @"Unlock"; - nd[(NSString *)kCFUserNotificationAlertMessageKey] = @"To view details"; - nd[(NSString *)kCFUserNotificationDefaultButtonTitleKey] = @"OK"; - nd[(NSString *)kCFUserNotificationAlternateButtonTitleKey] = @"Cancel"; - nd[(NSString *)kCFUserNotificationTextFieldTitlesKey] = @[@"Passcode"]; - nd[(__bridge NSString *)SBUserNotificationTextAutocapitalizationType] = @[ @(NO_AUTOCAPITALIZATION) ]; - nd[(__bridge NSString *)SBUserNotificationTextAutocapitalizationType] = @[ @(NO_AUTOCORRECTION) ]; - - flags = kCFUserNotificationPlainAlertLevel | CFUserNotificationSecureTextField(0); - - dialog_alert = CFUserNotificationCreate(NULL, 0, flags, &err, (__bridge CFMutableDictionaryRef)nd); - if (!dialog_alert) - return NO; - - CFUserNotificationReceiveResponse(dialog_alert, 0, &flags); - // the 2 lower bits of the response flags will give the button pressed - // 0 --> default - // 1 --> alternate - if (flags & kCFUserNotificationCancelResponse) { // user cancelled - if (dialog_alert) - CFRelease(dialog_alert); - return NO; - } - - // user clicked OK - passcode = CFBridgingRelease(CFUserNotificationGetResponseValue(dialog_alert, kCFUserNotificationTextFieldValuesKey, 0)); - // test using MKBUnlockDevice -// NSLog(@"PIN: %@", passcode); // TODO: REMOVE THIS!!!! - - if (dialog_alert) - CFRelease(dialog_alert); - return [self unlockDeviceWithPasscode:passcode]; -} - -@end diff --git a/Keychain/Keychain-Entitlements.plist b/Keychain/Keychain-Entitlements.plist deleted file mode 100644 index 2de764bf..00000000 --- a/Keychain/Keychain-Entitlements.plist +++ /dev/null @@ -1,17 +0,0 @@ - - - - - com.apple.keystore.device - - keychain-cloud-circle - - application-identifier - Keychain - keychain-access-groups - - Keychain - * - - - diff --git a/Keychain/Keychain-Info.plist b/Keychain/Keychain-Info.plist deleted file mode 100644 index b27b1b31..00000000 --- a/Keychain/Keychain-Info.plist +++ /dev/null @@ -1,70 +0,0 @@ - - - - - CFBundleDevelopmentRegion - en - CFBundleDisplayName - ${PRODUCT_NAME} - CFBundleExecutable - ${EXECUTABLE_NAME} - CFBundleIcons - - CFBundlePrimaryIcon - - CFBundleIconFiles - - Keychain_57x57.png - Keychain_114x114.png - Keychain_72x72.png - Keychain_144x144.png - - - - CFBundleIdentifier - $(PRODUCT_BUNDLE_IDENTIFIER) - CFBundleInfoDictionaryVersion - 6.0 - CFBundleName - ${PRODUCT_NAME} - CFBundlePackageType - APPL - CFBundleShortVersionString - 10.0 - CFBundleSignature - ???? - CFBundleVersion - ${CURRENT_PROJECT_VERSION} - LSRequiresIPhoneOS - - UIRequiresFullScreen - - UIMainStoryboardFile - MainStoryboard_iPhone - UIMainStoryboardFile~ipad - MainStoryboard_iPhone - UIStatusBarTintParameters - - UINavigationBar - - Style - UIBarStyleDefault - Translucent - - - - UISupportedInterfaceOrientations - - UIInterfaceOrientationPortrait - UIInterfaceOrientationLandscapeLeft - UIInterfaceOrientationLandscapeRight - - UISupportedInterfaceOrientations~ipad - - UIInterfaceOrientationPortrait - UIInterfaceOrientationPortraitUpsideDown - UIInterfaceOrientationLandscapeLeft - UIInterfaceOrientationLandscapeRight - - - diff --git a/Keychain/KeychainItemCell.h b/Keychain/KeychainItemCell.h deleted file mode 100644 index 0c64c0d7..00000000 --- a/Keychain/KeychainItemCell.h +++ /dev/null @@ -1,23 +0,0 @@ -// -// KeychainItemCell.h -// Security -// -// Created by John Hurley on 10/22/12. -// -// - -#import -#import "CircleStatusView.h" - -@interface KeychainItemCell : UITableViewCell -{ - uint32_t flashCounter; - NSTimer *flashTimer; -} -@property (weak, nonatomic) IBOutlet ItemStatusView *itemStatus; -@property (weak, nonatomic) IBOutlet UILabel *itemName; -@property (weak, nonatomic) IBOutlet UILabel *itemAccount; - -- (void)startCellFlasher; - -@end diff --git a/Keychain/KeychainItemCell.m b/Keychain/KeychainItemCell.m deleted file mode 100644 index 60cb2684..00000000 --- a/Keychain/KeychainItemCell.m +++ /dev/null @@ -1,49 +0,0 @@ -// -// KeychainItemCell.m -// Security -// -// Created by John Hurley on 10/22/12. -// -// - -#import "KeychainItemCell.h" -#import - -@implementation KeychainItemCell - -- (id)initWithStyle:(UITableViewCellStyle)style reuseIdentifier:(NSString *)reuseIdentifier -{ - self = [super initWithStyle:style reuseIdentifier:reuseIdentifier]; - if (self) { - // Initialization code - } - return self; -} - -- (void)setSelected:(BOOL)selected animated:(BOOL)animated -{ - [super setSelected:selected animated:animated]; - - // Configure the view for the selected state -} - -+ (NSString *)reuseIdentifier -{ - return @"KeychainItemCellIdentifier"; -} - -- (void)startCellFlasher -{ - CABasicAnimation *theAnimation = NULL; - - theAnimation=[CABasicAnimation animationWithKeyPath:@"opacity"]; - theAnimation.duration=0.75; - theAnimation.repeatCount=6; //HUGE_VALF; - theAnimation.autoreverses=YES; - theAnimation.fromValue=[NSNumber numberWithFloat:0.0]; - theAnimation.toValue=[NSNumber numberWithFloat:1.0]; - theAnimation.removedOnCompletion = TRUE; - [_itemStatus.layer addAnimation:theAnimation forKey:@"animateOpacity"]; -} - -@end diff --git a/Keychain/KeychainKeys.png b/Keychain/KeychainKeys.png deleted file mode 100644 index 9622f56b74cc7df5b459fcbce6f11e92cb64c8cd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 15193 zcmV-fJEp{mP)4Tx05}naRo`#hR1`jmZ&IWdKOk5~hl<6oRa0BJ8yc;~21%2p?MfD<>DVeH z9(p*dx19w`~g7O0}n_%Aq@s%d)fBDv`JHkDym6Hd+5XuAtvnwRpGmK zVkc9?T=n|PIo~X-eVh__(Z?q}P9Z-Dj?gOW6|D%o20XmjW-qs4UjrD(li^iv8@eK9k+ZFm zVRFymFOPAzG5-%Pn|1W;U4vNroTa&AxDScmEA~{ri9gr1^c?U@uwSpaNnw8l_>cP1 zd;)kMQS_;jeRSUEM_*s96y65j1$)tOrwdK{YIQMt92l|D^(E_=$Rjw{b!QT@q!)ni zR`|5oW9X5n$Wv+HVc@|^eX5yXnsHX8PF3UX~a6)MwxDE0HaPjyrlI!;jX{6Kvuh*8ej?;85ekN$?5uuCiS zBTvvVG+XTxAO{m@bvM#Jr)z6J><&E22D|vq?Y?Vkbo_DijopiF$2PET#mZ8eu=y$(ArYkv7@Ex`GL?QCc!_*KFrd&;n1r7 zqW-CFs9&fT)ZaU5gc&=gBz-DaCw(vdOp0__x+47~U6sC(E(JNe@4cTT*n6*E zVH4eoU1-&7pEV~_PRe`a7v+@vy!^5}8?Y3)UmlaER00009a7bBm000XU000XU0RWnu7ytk^+et)0RCodH zoe7X#)tTSl>s4!OK?n(u)Q!ZxNM;9vkicfKVT=i8z=nz^gAIub*Vr{xaVncDl{n)f z<78r|%5lP!NhakO!Hga?hSUt2npukw+fsMMee79f~P`C=#Fy`lzvE$Ib-g zGe(XadCut3qfcyWYn#FTIPwU++}qpRy>sWzrEH(w zv17+l%B+0gfd}>;Y9u)12yo?cND7FM!vYi`!2b8%dvELJ&6{6=1ov&o>36t7)Wp& z^-aTq91fXAvu%<{)Kgr$cI}Q;t5!V>5q`9K_3DL-7A@L6oUOsICV;;F)?06#il*O& z+5a+HKN%qN0>5?Z)_of{Zd?seFQTyvHf-4N7QpSntT&#oiJg-spPp+rc60y+O%m$K(1!p$h+^p+yBlx@4P{M|83p6b^rV6r=Q-1 zH5iuB^sps>;NN`n&8Gm?*QZXMdIP|XLaTFVdI8W^u359@S8RW|bm`J9kYOa?jv}{_ z1**TC_m_{I4R}p5MB2knFTm%HKmPbxM;&$4)t#N47eEYSj6CGZz4g{x8;A-12148k z3Dylq5)4}ceB~=&IT6kLE5N@3)7^@BSL=7LT)FZoeDxjAJ@?#deD`QT977iL9`X)y zFWG3`ECJMht%13ntmF3{38RIOEW05>{R0S>$LwXc0`3Y!0yM;>|PXAIx~zKFJOdHe0R?|l9B*YA1r%{SHL zNo2v@Ox{A?PFAZ0-tz)0G16KEN{>iLa zvqqeJ^2uWX{m%#`*5q>A{s)#xk{Ngo3zsnL2yoeDmyJH-j5EH9DZU;Vw-B8d(Ry6+ zJ3o5<`R9K{peA5y@>a6Io7H-Kyuh0TXCQzih2!wx%a3TFRSrg>8VAV(m!3-Eso z_=^EwEfqL{#~kOjk+XiD!vj))o!w>&NSZ#fb?hXEE76*?(sqG3{7l%%*=gAAR)ETA?QU%(kJ^upt0aY=Quv!}rg{{N~aAJ~Z+E7hinwe!w5gb-~|A zmH?XWtjXuFk^=C`iOf#*HIF4ikU)2!Rna1};CgzVdFJUKzx2{ei!lF1W(&;(iB}zS z%rO^my_wwbBp4P1P?Ns+#V;Q1bdTLp1bjJ!{~7_`-!bje-<$OH`u$zxF!=%)sT$lk zKhUQ%>E|&mqYs}L()HGs;E0^c=Egwe6DGo zbOj9?3p6YN1fFF7jQpn~)6@0+XxV<&;};Nw3Alh5poK}60G2=n((ha+h2p|v%=3t{S}}F0F7$@;VDy} zZA7;1AYy^lzY{7 zAX8|+1ZYK;n$VnP72!z&4;8uscN?ZZX@3<+Tprw1uHUw7x0;Af2{%L5ehEvTNAsvU zo-QiuKgIwb5e@~Vz*^DxW=v`ls6s8LAix3O$Hh8sg8=r&T!f?r-!P`%zLHkNZAoN1 z9$R)BCsiccI9*CTv0s|a79RQ(@%x)t1S&EU$g%ZW2;Oal1hv+F+Da+Yj+Q`I5V=V7 z-wsiIEzNHYT%9yI6L35Yml}}(;R1pLIUf9^X&*sV3j#g@DTXOk@X7QKkz~UaL_APr z4d6&DfL5!(8%Z0m0G3hv?Q_~12nf<;+B-@7SOj!aU&=5!gP1^bDtFOLJWL;ocxSh9e=1!V4wSxkJ?-=U- z$TedDY(Ee7ho5@tsq^vut>E4VXw4U11PI~8HiXgtTM{2(?85x# zPde$OPt2Zu(z#rW2Q5Ql1!!M)RWvxg@WKn{^UlJFkTu8C%B^G{SVfTPc(R$p#z+l0 zH9<528UoYD=6KNZHm_bSWsqzO=5AU z1I?aDp8VCXesv4)ChR2ApE`5q%K8)*5iS zF;YW)8B|73v#M!#4P8Hf7}@vhM)_dqh8u49^Ur_&^A~_^6E9$F;Emva`S8OJ-_2V? ze!0_u8J-AeEr79|k2$tH_~3)@QPySSkCf)mpFe^xjd`3u(eDC3hk2jN!p;oV^hZ)p zb7nO%ElLF;MQ*VN<1m9%2WeUg00QzH^UO_l(D zn&sQRK>*3n1~{{>zyA7LKl#Z|PV=*Eg2UI)xI1|l??~RjIi5U~HG_7{@n)<;H^JCK z0D1V%JMVl4nJ0HbJ(UFMnm_y5&vqPs_~A#h(m0ccPqP7g4#%f(JOcn*{W6$yDF*@E za&O8$r!f1R0`ggIAFkkS-dKL*H^2GKFL`_U4I10E8qv6 zex9ZF`)ZX07=fT$(b5aAx#pT12nNRkZV{lj;}%8{AGERw5-s*guW?PQlDi1H6d<+Xnbeg6f=}$I%IV$|j&O z|2dbXUGI0l40?qi5&_Fmr2QRBmMr=Cf&~ly1|lq{|LNUi-O-VcDy`e(k@X(o6)9iaXV@9*CaA-)dyqX8=~SSC%nz?_ycAGJ18R)IeUikH|f4w&V6&R+DY5jor^}h^A zW6ZT8CvwBk1dw z`G)W&ezB~b^CeT`l_5?IWdSmR5qy(dO@ALh*^;~Q#v3pC%x6Ax2^!a?3kBTFoQ^Sa8DwJ{p8$OVwPJuw}|3TaeqzLEbPnglN#9qI1a&g{#>~B z+G|h6tY3we>93Qo<;$QP!JR&OH>Uqr{HEU$h_F`>@bzhI0vXu~)q26hN2fqeu=Mqs zcSnBfACFr9 zkXwR=vH%KYfRsP?+;b;feDTGfW6{NT0g}KKv>726iR@o`=%I&xi5VV4fOsxKKKtsc zuRa>fkT;kUAQORKis}Vh(3vvk)Ox?>(REnXU;VJ&z(xXCPAkK-ZY@AA;gR%QvNM#5 z6|lSn3Nl!i1n@rhwMK0H?V(Tc5$POmT|h2K0`4hw&@L* zDJ-?jtR@Q<0PQ6PSmbITCVI`ng$p0x+Oq)Luh2t71=aE zChO_!?9}CKqn%gT_6w?-Za=I$`XrWd&htz!lRL03XAAUe66E>(Raaf*XJdb~07=4C ze^}9LW1(jz0o6H}^W#oG{q%nXFs=+%l4c%3=9p*qu;`NJ*!pUIL8J>;aTdTf3xI$K zj?*(g*boQ_p^GVxy5Pg`DKt=sH*%WJ+R$h>*;X7SSRl@Mo)q!4JyVj0V-?I!EB zU9;tEOG{$?kfxcs=0d2c6kSQy3RreXtU#l=fadRf=R3#Xzi$Ejs{s8dfM`W)T9i*# zunM1YM*Jg*@H;TAGa$}M%)39!RPiW*31HniEmIq8@&ts`s=!PkRQDBf2vGx4bg| z`{8+yO%hE4*cXW7PthKW6==t$ILnb~e|RncVdTI4?Qf6f0nfkUY2H7>H;z*H3P}Mg za6wauZawdH_XDK3ZW%Swb z=*}E0>p8C(TmocTl(H@R=GJWTSaO)WkFt5{nU2*M#lDLbvEGr&)br1fSpWo`zwNf$ z+R*qv<4N9E5$dQAzQCIm8k&*>FGyy~#8yFhoCM8-J_Q}1dp>}W7=q1YI7We>M^RDLFrgaOr+Ac{vXa9^Xv?%;ob&lz1!q00#0Qaran8SVRAUO+= z75X_X0Nty9FgPRxNF!z7tk_-A)z$Sc@Z}w9mq2adl`1|6OhOkN1=ieLl92*cNG1XD zS_0M+yix8qBc<{sA}DAtWA$TKkodv;qPpsJ1E4 zYPkIoEHzw{FQ8$Kf`sO|?0NH)do8w$)lH0gm+VaqVI5F7>%BP?VdZ=-R zSW$;%1zQW_DxcFr0rc4RB|`viIqx$C*s=ATAZPobyRbcp6eO^m$-0ac%H-DFx-i6H@e zqDZ^_lwBhUNkM?rZR)M-dO%$X;NY&f;tF54x*Q=iD4rg9gH%xs173ZUEEreFUW6KMoeHCzn zxG1NFtKB|WiuVO{CAMYqKI<|zaE4$z`2Mxvzb+Lh{mGIbbGr7sbt3>kq(LH>PAtGA z1*qn@H3@|K=Fm3J??+RK63gIQ_F(V>WVbw7@wQ5`KEdcChv^qkmytEu&H|$CxXJSN zO|U}4EhAASr1yqtx35|P%UhRZ(5ghz>abLu?&ZfVB}zY*VhN9}eM>kDR&3+8x^3%5 zfbxi30h>Z@4I!%??nhGVOaZF<>b*b~3J02EK`~xndER2_9*VI|hjJx}SRe&S;B6}a zmk=hmYO2o&4AM*jtk$~qfsvqkzh%u5!(?6VN08}M&*V5PZ@(psMBo*5>)ggmEH7}) zWlMp7-}Jpt2&BKJ%9*k8?WLdggr0Nd>@hoRVo+f zJf&<)k$f-U_F}fxUcqx-Z@X%wz(@|;HrprX>}s+gdR^@{dyiJYGS(qE^!d63iL9Tu z4%_iwmxy^QIT6V>mnc&}^Iv9vC7ly^nQuqUDKX~Cew?f2w(bN#Ff$O6iy%ozYMv>8 zcKl{F%X11+&~*b`D1)EwNY{y()BW*B0E#U92);?c1y7O*p6zOqeS4U92~rv30l_od zrtk7e3d;+u3r6bFpsQph-w?8!PlPx=H zb`S>+gcJ2h^(H_rle)X~QWuFvy1+j6?0`8P`ft$-vLl2jK0pj9Q*7$WRng@*MJDf`bFlg2501!j^Q z3R>ZNo7>p$_ZsKYbqT;VQ>OZ~ZyjoQT#Zymx4{J~fNHGUfe z*oTirX01u63S6!6I5bia)y5!!+MZa%)@vrq2KccRKrM@;G7FaF!uNZhT5a~6b(t*_ z{ZYFO`~q;VnWEijLrWl`Y}>w?4ET8IGsO@FhWLDAjZJ|60Mo#=6cKz^fZS#Yz+wGU zT`WL$Sb(yQyaUkvm#hgOwM>muumWaM=pMUG0Jx8!11!t9ukg*54PYcw7JT>hfgj8U(1Ci zBD|E8o98sY-tV#Zn?2TC^TJ8IMVwaS^zmL7P+fpgzeI4~HUelHaNlfy;+p%mV|?Jd zi3XMu$Mg2ZYqnvAe636)C4vOdw*(Qw|JNOO$7QMu0T4!f^OxfT$?fNybIv^o=3x;vp`vw$AY7VYLc}Mp0hpgw+%H` z5=s>N;5Cl}aEWC$c=UcjcNX9jPy(y@ZY^(;Sk~>hAcrfSC-WNkT;hd=C_o=|yvLe@ z;Ohb$)}c)R2AEB*gx!aqJrVzTBN{rv4cbk!W!&J8cAq< z_Q%)FbUD^(`;;9E5w0Z|JfE+b)-o%28Q1XNpM3I31Hu&0(C;B3L0v3B7Jc@My#2cg z?flOOX9Yg@Hhk}_Sa6XDf+7gYM4`G3ZO(!$u;wTu2m&DZuE+DLnZGTRw6z?JrFyNy zd*Xfx;k~ZaJFgdP!4JzIDR}if5rvyL0SLC*YxW-77Fnye<7J=Q9Ozy;Rx3O9Q$1a8HGC@=!~%rnmvo_+S&?Eu~Z80mKc1U@W; zfU3Pl{t`r>V(Mo*rXYwUiG6{V2;l;3%f1Fl?2mO@-bcUAD(rKN%j@*XrSQ{nIWuU+ zAGjJ4^Y0kzMgRs}2?Wuw7JirKA_V^zxPfyOux3)g^||_5g{TIF#;Q>YQvsS3ux42B zd<@G{Yk~U;nrjw%c4B6i5p*r(cs|6Kj%n^;JDREB7(tXQwyBRcd!L}1!YbId;F$tI z@AZ6G0Q>6i6IkCx7hP28xBc~+W73isgJ^X)UwG`X$Nc@Gr?Cvq2y9@;J`bxK0Tg06 z6?rKHOL)w`#oV5WVEm_$2>^pDeW+Q0L-^giXrb`@F$lHaYYN=C70uGkHCVw$ERZ#0rq78ofmM;z2FOw#Io*aQ!O{Lmkgel00F)x z-M%_2@bxbrDoGyxwS2N9t~a>aC{YX`C9*LH0bqgG(VvExKjpqB7?bY=Xl{~KqQfrX~pWiah^wfthj8DN-7XjAa6-u#y5xZ;kT+8vAdIB2jk^AwFf1LZ~ zH@}(Og4G29Y&-g7f9$tgN#U}vV23NwZCSTlNruHKVEtZs^wCFuO`m)pK>3>uY{E6N zTfbCS0>rQo+8Y4yuMygH2VERE+*6b|#saPgYN7>JfPGr$qg&$wevve1v@f`>A=od=*`}nl58h+8 zPfi~ts9IVFldUH?>~y1=}TH-HBF7mm%O1 z#^i#L#M6a9+G8Qw37j_I@b?hK;QiGt4(gePgaG9M_T&3~J7~HZCh!8FU^~%%0T(Dq zp@~)7eaPZg4HhWN0!9ZU@OK0QbOWn_@*aTf6>!O;mIi2&N^K4zN-&cFsbG6u@FaqL zF}pAL_EnSbz98$u9EU_R#;}jJ=Q*tjse|7NIuA=D_@)EEr|kodOGRq;cSu}-!3e5{0n+KWT}4A zCefRzXN^H3;Gy7ciDb$&n}GV-QWXaeym`YQ8?*bNAhMpAr8KEJQc`I0k^n0H{Ctx(VOUP(~WiCPGLk37}ih zwOEhW9FNP!t~XHEG-eDZLxA{6`2$E`hwGJwiU59&Wi-A8E%WEn{7^D!kKgPGkkPps zsFoR76FlXJ9W=395dJcR{0_^!`gqmWh}!Ky|4UetDgpc#bo+2M#p)S_`PcBlzH|gj=_2a-1{{Bx&Q%>n8E;2D*&lRu${}y zFb*a|)@f*t0i3jcTT>j+ZQ zso)~eQ}YGioHhR(<|KgQEK=uoqWkUK-%eXRSS&5{2)tQ$V-j?a1yjH7%)oPizJq%o zf-Fzb-}DRMnDjkZqFHGBbnZz@h!R2TVNfV>olWQ-v?fkBu^3K6Kf$k^&VT^cGbG?U z)}agn3y(kk_(C-LB}{8k0vIIeJN1_l3#tA3Qr2~RSksIDe+dB#cm#d=eJw#eW3NR0 zoO4D{nHlgjZs`+GJaIchUo5!eb@(Q`ei! z>+kSUFT~)Mk~NnAj>-NTMCt}y8kQWLot@m8n*wp>u^mbbhPH85=EfnAnfP;X$S1)l zAfL#ojc7^|puUv<3!qi##+<%^&;&UPyvL#W0lG+Jb3bnaZ}{2Ie)bcH^hYi^BVo}H;V)-2$kBwrS$T0=xbPl$FN+xEibX04d@DVXSy|yZBJrI zbna`zMa<_tfy1a%D>Wo(DB0Icus09wI76YS`38RqNWq)b9>Mo9Ex}(uzIO@NBH}mb zGi&zM{s3NcTAhOkg147??#GpUpY2;{t*es>WXWeT=rs7WFZypa7%N~o857p#0ELnBy4&f5r2R$s0V02 z^#lpB79gyE<@W=sfuy8JF^9pYNx;>50W_5@K#Tq5&^}0j$R78gmI5mz`~my0EZW5lX-vb~U^PC@EUg1Qp`;Lm^nvlNu3Qmt1z)EWUm$O!=F;tGu? zeQMDfgtiO;3AiTLt>|P;zu-!s0N%rF$`T=20f5Vo5;d}U2QOQP0?8(>Vyy&;2<$mCLf@Y4T}Bpy_O z39M79D*+rBLSKil_9##zV3;n5GWIueNdN+P_tjp39}xTu z8M5HVJ$-0tFB-Yta`wl_KayH6h>}1zR3?Czv$KziB_aUa(cRts80FvNz7z+j`C0;l zK{55!bnElHWY_9Jbl*)llix!=iMj>8Zs0qZx)Q(!5ylb(v|No-8#MEh!06a>3d-o; zsguDUTDg;ZUgXw@x`O}#WYYKy*fvv1Rp$>N0`2dGgpUD8kKmV0eY#ihJ+^OXsFtOf z{!Qkh?P@_JVB|y!UP^hE{38O{7pb#9+PYT{WB-}e7M>gYoCiSvmGP|feu;zy zOYX&$PM>H>d}9Hpn7ReV-O8%rCHx}^36`ut$gA95%{KM60RBM4sR*S@f2)}{($5Be zYKcN&Uaed3|MV=zx5^f^%p8H60DR;$00|Ni0A~w+cuT|p5F*v7WfG|Pgsg0xvf3F$ z3L+$ngr@Ihb?|LS`!WRZIY)Zb9Ra3<*BTiAX!W!(j+fcMDYWT7l1OpDM;_S6ELax; z1e-B;DE62?LA%E33l08E3P%&HdDJf|{3m&(8!$E^$X6($`44lOCBTPjzIA^{N&o_e z>$f|CAOd4DXj6NgmTCncfZ%JQtDm0)5xg;x0E@N2?Xf=ZH}ZGPu_mAe)apqx zpLEjxSggS1^i{C^?<#~(NK@tom)NU#9+luWi2 z3Yy7SKsQz1A5Z_Q1GON5{jz_lp8($riS`MyB#=;AI=7vjooURjGq@;ZTgn3x_zU6} zQb%;!uDKfo68vcyR$zYL;!^njtp88w zRB3do=Xd?_9#grT+ai|8-!AOJL^m0+o3ut2GbRu;$x2c)vocHfb55%y0m4n~gG^0W zj1jsKvq=JI`VDe*e@=7Fx&q?>++aI$_%#0-uY=;Yqv5HkHOLOeKGq~LxHHi1o6x3_ z4p={E*8G_iv}RCW=*k)XazEg|h-+}UH3$&eA3{&}4#J-zWHdNAMNJJtc6D{7S&98| zmZBS=|2_{$z|d|0lQsYLF-FxquGfKSl3D@@rh=xPL-k~CidXcc_y3-}um%2H$&D}E6KhW}3j{WyPU zKZxW)%mwuEFqKVks*{nr*U;z*SSkNqT!3#;>yZTE0wlqHELacYdl1mqL4bl*#5$ba z=oU2j2E7J`62R*|Frxm$a08!4A?o4=YEA%zp-}sjx8_v9)pqB`5<>H++1DZ{AfBtI z2R{hzU2avI0(=Fmpv~f^;6HYvFSzx#)97Ps8RS%_{jv#zLV5*Ey!d3C6`=s1a(L>x`kkBlxj+V zOvl%v`F##lmP-Oz@7A$tUR@FMXWP)6^wv)%_zT}31Q=9NAb1qCZ!LiH?*&?tg|Y$T z5ecBha$D|e0))%4wP;w9ED0onKM1{(?*JcSIr~SrgRPQE?biyJB!HT)B6JfB8)v8p zxPlW2hR>!*xSLeI7Jq6=fO3bOHccboOaI4DGq2w>@G%)-D{P6u2R>Sfl>}n1bIE`z z{J;AOH3=I)+zwXS4>Mj3w=Rz1lEz?lJ_Q-txxc1X;DZM9v4tDj&r_}=5!{swxXtKS zK`K-=U-o-WA!rIQm3>@$iAY&?1o&93IS+QQYJzNc=~oi? z)(__YZ8XEVVQ7C^RN*+xDl!{X^B+Pi(66Pqrgwt?TBsm^h4jx_HAo;RK>#mRgA*i3 zz;iuq8Q)62EBH@LeHS2){Z4_^dM%)jiB%BYq5&e-sK|CRq_HkBN+hs-_6If9lmH0R z{{T6e0p(rgQ;06KxD`izzk~O)Y6ia-%izkNFIY%`Z1k@X6~>^Z44Lwf@l^VC6y`d$ zp?{W~2CizWWYuDo(}&3|OMoDO7HluSSVEk;UVn0cGF$?v^=`2exjXN?)8KD4CNLiS zWGz5Vz|Ri(?6c2C5yxGRd7lsja0r495J^)dD}-*wZ|eerjMW+$=e1b&JA2*z{aAw6 z0rm&f)5EJ^SF4N{WEJII3rN~ut}E*2aBxyh2vF{tS~ZSAO;&i> z;7=dtQmZR}nn50m_9OTuOaV7?Z?*PE@TbBKx&UaeiN4IGuNSkQ;cjUZ5<#LmRi$|e z;4}LGrBsN&_N{!geYDR49wcx-auXo0MFw{e2W=q;{0b|jV^o9%3l`{#dRPm2k%vj| za8J!+fLanjvnGREUHCB>>8trh|89LM=9jlje|9nhh~TeU`-1?fj=}!J^3(A0L01{ZP0zCT?M^g0T-#0(<$RodCEnpIsVE(=L-rLSY zFh6@+j5{<~^u+}44YIjE=xNXikWnE!+=^h6|96h7Fr7}h*r9(_sQNhs?OQ+HlsD)L z-|uRg!b${Cxa<#lBGNXn8%@ROXX*q!l0H8cZq!f%HUdM(mCaGSdK;FY+6oA$xfx5a z^#?!r!QUZ|MFfar2?STtzQFqg)VSfGqOld1y{QVZDz>9Hz&jP+K@BreM>tIt#nfl|@$J*A40Cp-5(32p* z2&a7ddLv#H*=eBQ<7=Xb<$|JPBn0o$W z%PxNoCa>Q&qGl0fA3@Md{6@e%1b^M!;J`x&4!owUr~c~Hk5&3Ln!gpTpBe*2}Q4f~~FV%toF)*h)Pa@R6 zMsSzK!UhW&>gpRxvvt~7q_~BBn!5Ko@zk=JDEs;Z{I?Y z^M85Lw}@rnIRt!%A?RIzzlLBdBHaK#O8|vnu3G}E9zfoq_Qzt7vlNfZ)4zxZCSt{W zWy^*84+K9t{t-yvI0ZSTmvJm1%pNBturBroHPwOu34D5~Ico;+LU(ufM)E?Aoo@MZ zo$Wf90N*!%BtU3?UBRbaW0GBH{YG6>xB%sC_ShIemw^BGC&ujm?*!j^O#(+9md|Q( z><8c>H;*G;aNj)Wz*A>R$)Ux;Aa7$pwqXu|#efB0;Qb)b9461fC*deK_G_MO2LkND z1^9Vz`cBYBoxPZx6*zr02H?e&BCa6D;^j2XGQb`Wn5xDSz&ch*ucUtAJm1 zKbHn4)rtTCe)Lix9gKr=fC0RYG<{vm*1;?B%Anb=TOwZRBM@9jkhj-qs>ugJntz|& z`xOr$cy1f6LibfY#&pkz{iy;mD--47*v;;nlM=8^7Q}5W(xAD3Dh-IvyLB+Za>pR) zJg3Ho_A7A-;Q2&=Dq(TD=Ba?DKa0!S$P8t=tr-aF5}Xe5R*%cq{Y+t>W7W>@$g@`9 zBX=&wm2nB)tDFu>QTCt zzk-HO7j%=bt&v#`O0Q@$cnY zKc@d_erNC*`tF!w4D1f?@SB`#>4TjNi`!tNT7-cak?QizS5cUPNuH{uX{B6 z=+_T4B!J}50!RR}+MnFqa3#Q?#sCQ8pfp?s!$874xmC*r-{iiayNwuz-Qk&PPJrPl zmJ0X+EYLA~aX5mXw4QAWUOhQn(;o?NFme&Fx{Vk>DLNu`{tJwr$(CZQHhuiEZ07B05z6cuDJH(7s09 z{g>Q+@yk1wm{ouj67WN4frZP99PL>^_l_F^GW?BNryGf_QJB+TyYJ zkg9z&C7FCb7e{pxyMrk!qW$k?8re>M1bD7S3fZ=Cz6X?Hr-E1-;Na=!+}v}9B!C_* zReR!yJl7(WQ3wtDGV~S{0G%+v-eHFj{=#mO1#l@c-VXy071Jw1UP>`NI36*2y{VUf z(PN-W=$G0Fagm(5Z-9%U$MmVTP7(qkQ?*PriM^=AySPwYJT!UfUfCk>lKRG5c^Z=_~n}tXAvf^FNqlXZ$qJjqT(V6!HEetgyboM zk0+$By&iVcf1~}>8QDFUH-X2Bvd0N90ih=Cfn2^SF|-Ch0=yS?ys=m)ps>9%&CyI8 zwE>=i?0;Ltphm2@0Rkjoq*lCcpq^*yNDMzlx;jiMW2^0>8QngQUI}3}!mM^A`HAHZ zAK{`6?8x${vGcbAEP6pvVxSyyelYpc(t}d#z~lM+wgKA&0s?$Qk-(C`XhlIy`M~S= zd6vJ2Aj2|{=aN!V1ojoF-UQIFVo~DSik(sas~c!-;+4tv_Wh7zve(q1DPN{ zKs*DGQ$Xi*;g zuo+<$XxtmYKQSt#Ajm}KvBU+Sr9x>j2nD#Uk)pA-`(Tj4xw7(>{5!Kx8EdP=&B zdgAm8Df%f&l9-1qMo7PXU;GO77HW%BC@OfJU|5jTBWVVdbfR_CYm#fhmUYiL@eqc4 zuy^rnyjrj{7_FGAz?%`5BHDe<`r&uTZ(KTlZK7TIA@v<4${qV-~CfJH59O|Zs zfl&iD_d_H~0+L#gDj?xNA3=WvAonrJ`j*Hz5Cp^rOIOeifcQ7=Rf0ubsmaHSrH?A2)rj+lb zW|pjw2}LYR1v3v+_4t^ZZ@92}1#g@)*ub(X1IBcverP*@ozVPHs)2!LRXqRrEdPI06ej|TlfZ`5z z3GPIAT6S>y*&g7zfP8km(=vGzu?I!rPEk82R=ky|I!QSRKba2;hk1=TPlIJQW4qIW zXBSIrKpUa$Vv{?sxR$u5cJ?|UwG?^eG+;TfvCO^l(eg%xD1jI&5L8z(Bib^vLXpNO&ZM1ctNlsK}tuf{2umyHK)_M6wFCYW==&gjxi!h#P|t z7u}uI$*%Nic0(d~?|k>i-X-mCjimbXRlCN6(($RP80}tF+g}8@g!o%XU!kadr3aE# z_u8$_2jENb?ZIzxM?+LckvE#phVQZ9$pLi%GlIzjnxXn)RbuF3d!RD>joXfO+PA*@ zr3o1~fc3%>5zL4XdHj{LM|#N!QPmPcP6mX1Z{xh?>VY6D#@CUe%~Q zCF)c1K{SFioy=bqw%)96(^$kXdrWo$`S5-}ZQp7ffAntj&5PNH+1b&!%jq-dy_fmY z9HBCBu}WjDRoYpzw{7R4>nz$5XeqjKJuW;RX^6XJ6}CAqnAyol2^ns@BSM)wX8k!NhIeZF9Twd6$x|x~&ePX|zFf17k^Dr+BrQ$U^aH!Kp7! zblPF(seAK9=IZd;Qumgn_Z&zh*dP=S0UBP1_sG*<^GbfpLEZJ8ivFpyywkRBV{dJ5 z!3)uw*eQ`fk;37=XvYQ4`6bp8)&!Qm$he`}J=9;u1>S^*Vg_?4JMgqM?9XOa)l_Yc`zBXw-L%@3u64e>D<+p4 zSFvkydS-fdUIcwaE)uk7C25~~nVvLWS$3Y-)PE%HRYr9|cpklKzR_(yws{^zeP!Z; zg+snx(ssFjX{~dgcy4~oK$RkD@lLq0eVBacpYP>S{E+#TRmNNSvGBZPRN8rep0lJg zRUcv;9n>N~_m%ikEz=J%RXRl_+#q}^QYkVO@e;A&R(n5qJsy!fw-?w=`PuZ8I8&bO z<^0xZtT#GvZ9a3B$}7HE(#8I|_-J`#aJ)a~Y{k^829KOB2tRM>;dzB>q2g6bhz~taQDW@q3ZQ*Q^MGYs@ekpu&DppK>%qPSO5U1xv7GRgNl?S zhrYEXt*(K!o*}J^rOh`s0KnzK@qKA&=%5R9v9z$V=WyXB{x1xU@9Y17>4<^3h5x(x_Z>H}iGza;2OXWWvoo#pZ(3_R zV>$+Qc6K^?Mmk1Dnr{pmdsiz5T^AZFdy@Y_@fB5)c`1&uQ|3mVBga7~W>tJg1e`)6b#_)fh z{69JV50pby&d}c4!tp=);9+ItqWgaU|1ZUG{ns-YJ5$4N)&5rlhX2O@Ut#|{zRLew z2mdSZ|5FYBLpk3spXbN70{_o}#Peh4p^g>+V2%|NsjT6h!3{&an6-{RJLtxzR7gM`OXlarH66eUMZb!aPY&(|MLqETn@ep}nx9B^*N z;BlUlVlBj=R*88YQ|_u$_Y8c3+us{7M;^)kye}>!d>IjO)9aJw+zok+{uuAZ)8zGd zhFS23#MjbNVrgw?Xy8$llS>u%(<2V6Td_zOHE45lo2B92*f?9|SUb8hF>`Zy2wFh& zxTD(AKw5JA`glryzp(Zm2Q^{odQ@BPF7jEAhoyU;O)ip2XMExA4_@fDyx#7e3x>l+ zG1=VMz;7*_GwlsOuOKUpgT9Oq9~aNBtE+?d$d8JOG8td2l=}Bi>dA7o;b0YZiuViQ z@}da^WFvkJiZQ1e8;I_C<#ELM8|5xO`+Yy<FH@+-R-T3{@zeY zt?eAQdb4HwdHuJVvMcRnCZAUMXsTg=I|Fel&Yo|aTdr?jdqbKYJs?n$@rWhh1Dy)$Pb9_aNE1a1%j8N2V&Z0JXA%$4QO(WI zaE79{sx2m#YiB}`N%G3d%1j2s5>si?S+!q|Nuo9G%e6nsR-C6&e^Y=JBbeyx^?<2D z?>>25`&Y9vF?qP&?u*S74M}lJB-7GpcI$dJSgti0;^SXjykc4 z;Fo2EgYd}*#o@8r8Jze+5vaf`N0nkT9Z%=>2W3su=jy(HzFiSU;xYd^J-rM|qE>w! zcx5)9Y(LHmKcs@6Qa`Wnl%aZZd&GYpl0?CmAhB0Elzrd?Ts;b>bG%Db@1=tw)L1lOYfo1B+MhyEuu- z3@+2zi+FOW2%E)xiYyP%(UyZg-0JQd(;nQQ@mlP^OBS0QuEs>2`yI)%#_pe6cQ<>( zh(=2_ZVzVc4L3B_uH$0Wyr0k3_-@C!%&M>Rw}s z>7cH?+wKij3TPvAUo@>-L{*xxPGgfAMFt=Iwg{6G4`8QrL#G zZTcv#k&T<08%1QM+|`zLceggK+kq))xPKZ7UB=b*yqfI997STR{*z zJ?xLhi>!Oh{quJF417su-PK=2EFZqA;QSIGe4YNwnMVA$&{a*BP575j953@z#$y*X zKL`Q;)=SX1!EB+-c*}``fXQ>%*_X#~ zCU3BuVZcJ#-?(%lr*mA4Kp($WgVDGLo5D|%%Nr5GZnKZJ2Pt8HNcb`@+_nadDg}77 zLXhg5SrD)S$bf+xTu8;GEG1qGmHC!hS*s4${vh~rqkn0EUo8`|;a=F8+uWK7QhVf5 zzl5}D2gpA=ZP&`iPW$QF&+Gavjpqu)z=FKMiiq+>q7gdZ`e5lY__!RDet_u<><#_v z{@8$j;;TnnUzzBV2Ypmd<@NSDYe6Q#yBwoYuRFKW$gmnP*OaonkZsx_2`1bu=6GH3 zSn>g3{0zw@5k8OZ=26O=pY7Nyty+9!hQfFF8#EFDeqr5LI1>+vSI7JHGL?)voXKf2 zom0}0_df06ULSA?8Q_9X&$lZF-l?oA%g~kAkvBFIejz0_^`|CEw?7EG@Z`@rx+3dg z?@HsHr|6G|g1DT*`c6;ZFKQY}?(JpPPScWM!msCHc&+n0Mxf6;kqB>)@4CS+S#4QW ze&{OZrSG}#*Ux!PP0fu^uXD_e77AjOe<%GiT(UsUHBJs3{G)+9eE0JRY?2Pl{NpdM zR;U@!X5G{zfs&ue{}_C>8WP>x%+1X3&f)p4ZX{=9LKzK*7Z-maa{y}p^_tlsn3?7y z=lo0}6|x@Tb?Nol9_eE-np-JAK~rcaO4F-^%1l+7K;K-79&Ww8wJYSO&`-q<2(G5h zwM_h24)T630|7B0DB#PToRl8&7pRueQ3)WTd~f|^v2#M6{Ph3&8MBd?AU7*yVeRhh zyi%18+0*L-kmFcSAjBOQF}1X|W-Tr4s^T)=g@K9XAbuaYVhoF1mFDB=89#aMdZrL z%gu_&bgmX(zguScaeu()1z zKBXDes`tOW1tdfVg@x6na&K_YOg3e%nO;e+nkV)8`~-s(Es6EKOW)FvW-_EY2`z^U zj+L>Woq;0cdLP2IRuH*FjUo*ptT=!{rI;XBHD^nOnTa~YKQoQ?UpBn?V&5z_>;atc z(GbrQY<9UFj1}%LAmvoCKYtLuEsx5D035TyOg)woL{4ebIi0Oa!B#td9c{hRx&g{KXfr;b&rL+dwpF3D4Tq$GhksefrZo!?aml3Y?;k-4sZa{*h1kb^Hdi zfWJ6uB55ywm!w#(Ot%{Z(htt!#0L^eD;cjQ%VNFRaS)C{qr#M{+lLHZ8r^lcYX0Tl zG;Ir7x7Xu9s3}>7Q1kEMJ{dm{i&Nwy|$B@=|LRrKDxW|3QR(xa7 zQOPA!M8^ibY<5pDy)M1IcCSgIer~L^*&iiIrBCWQeA4Y-Cg@TIHGFdO2HArxg8)x| zY(ct+_3DfMdMTChEQ89agA0v(o-pRIN6GDGjiq&E>xrb0`#nMlfpHYNt(W2}l4mc2 z0@lWF?zpkqxMtP<&@_J8c2-q9#kLm#@4Rk1Yh+SI0hxw-r9 zf{^3vpE03;5nqGlS(D<~Vg-Br2`Fq&$vK_(%XmVrKyXyxF(sSb2JYr{&{1L0E6w8t zeTJQ@03}k|QBW+*Q`T5n+1;~dJ1rz{@No*3amflHZ($cOGa_o z-nN72%IiXb<-AX=QMT-CGAD#hnq^VFLGahhd}>GV5PdG~BsW zRV-@VPMU&BZdG0`o_c>REfd6xGS=fONs|*N(G-;wjO58m@#bz&@GtPm4A_qZ)1Q#+ zF1matZzBmmuY)Dd*+L#XY4xCRV$^&EkepG0%k#PdK?{-CyqDYhQS7gt#Tj^JE3YSoq9y!56)sSp$6-3M4y7>% zA7J8KA-MDr&x1l0%9mkljte zZQwc<<^jLU$nB->z82bNAOCpEwR`AAW!&1AI4lF69go8dSNu})2t#W0+;QC@0GegIMenOdnOM8 zRzj&lB@0wkgj75@8jInw^V`VMSWoI6jn&M|Jdw>8j^x!@1wqZoT$rsRS!?iAH`;i0 zT!DZ+G|qOr9VK<69qnq&g zd9u{HEu0PrAo3)5Jm&_ZnlDvIRj71nNQ3tvhdLmd(I6|v)_AeKKH&+g741@xe~X~ORH-wm{WIH}#%*KJq7H)FsN05z&T3%|P7+`Vf4RsnTU zxs!6sp7B5mDgHav?6>w)+tNomF}zP3va6v=3T};{b@@*^PMk?@;qdxOOJl*=Tcl%5 zBXW7`xEb=@1_6=*{gk_qnLm%}iq$TIjXqTUq)Uf~`0R&ji-b%cIme4zTNqMUyjsm9 zxzNln=+oq3ZEFQ@>;9*>|W&Xj_6lH}|(8JxyFu zK5}{m(mzn@Pn?@KQBNR(oqO>}Kgs@vbUY5iVpi#@k8#ToxUbt9dw<$zr~5?N!PP5E z^}tepA|YSu`g2I8l~Rg6u4mwls$rBZVPy(Ag0wM?aH= zTJZU~oSYp+zI`Gxp!S}REdmvbs;bte|4c&y&QSlq11$Eg-$X~hyd_+kb0Cq&Ypru- z*bKS(IqS*8YIy_SGxuCC`8oF`z-cUuvXec381Oj#0wu!fZ)laDQ6$tkygsqvX9kbU zq2!-E1_J(yR6IENEfjfgt13YH3wj#Hnu9Q_wHcV+AL~a$BFvs9P-TY1_o{6yFJsZD zHLz6>{pBo4k`6GRnTf?w)8<9aDRZCYo{8b0nT<0!7*j;nBB>H_FK{tRj49!g#n{}l z4^zR3wb)uAPhOmjsy7+(_fTdsp2Xw!^O{S1gA=9U;)97|`dx`YF?LHfu%o_>a#-rr zqiETCjFj@n4M2Y{UAWK4>iDyme;tD9&ik_SEz87MqFg^s7adV3cSu}W*_bI+bVk%e z?yL!Q8YGUakZb{msZ^oWDvVx8QavPSX$cC5KFqJ&ci^|GzP&gb2X3q49=CX3+d||x z;OneYAhzZOi*`=M%ji)6uF-0D5UApX$$yOlhXpc0EKO#ERP47;-mH4txn8>OcO>-D znllW({)RTXr0wl_KS<}rkkP+00|G@*VzQ{0ST6vDG@$iSj360E4W8CezV|HN!lH*C zT2h|>8&F{#NzMSV*(U=Jp(OXtW!;}mTBj7}!Zfg7UETTC zyK;G-mcG=VoZRDy{t>mrGHVN^xt90wR!ZRKra?!`4RcEzWpq;3Y)m%ClA}}Z z@T;UVnh9m-CsX>^k4qm`zhq;RN!PjdH8Z(p z9=x&H8>GQYVXCjNqQw&sb8+)u)%0Iq|9n#VpJro3DS!CaN2(C)b&$)}d3{iHLOo-kuQEZECO2{YP}Cb{{5a z>E;5&2}Bgf!#*VgUpu#Uhz`L70P6vg^(R+&b(qP5&<*!uKc}4?)md>PtJP{lVa?)` zDW&1;;jN2LfQ$W$da;;jUu)wS|25w!e8_c7N(uTcJI!GFkW}c_{Y~(El}KmHF^VWho8xg z8p{@D$}O#%R7b6fUoxM{AEA-Jf%1f6UJMT7iR5skqf4qUa;E5CdeZej+!~NEn7p@* z4|1*W@9FY@9@ZAJ7N2~^2H6fp#cxnBse}Q`{qiH5tZUP~>8X2D9y;$THXP}oeI4hE z&>>x85W^>*2DI4llsVfrbeg3ORD)$6Z!MV6i>-yRaYAKL6Iq4q2R_qy{b(dEt00^M zujIIz@l=*&)cKbC_-6WAv2ysS2#OUf_w8NwSBGhkJ}HuV2)P(Nt3*fg2+BOM@7|ev z)?0VquIJ51ssnk*yh_E7JY*8oN^qrJ_v#%s5ix3p=Su+>+AUfugNb?`J+Z%hY8V>m zU_Y7|!f!}QLM}3@Ci{e7ajiQJlDg$IvAb+19+_yWs5{C`yu*fKk*IoCZ7$(*69ty- zq?|)fn$fL%C2qIWT{fy|xt^X2t5lmY3V}FyG22nE?wZ_(uIsXrPsc{=GFSEfFgboP zhe6KI!_TK_iskua;h4ck$0@pKLR+!>74&X@f<@zMCT`7SHfwD!RtH50Jslv{OYAO{ zqo{FWP(VdA$_lU+Y)b#Jz~H!ba`Sdyz|3bIE$Xk_y?&o4e%_Gl5OiPn!4i#;@PRH? zD(D0V1Z(YgSZQ`0g7`ZIQ2oeKjm6wi8x z@cpKvW&n7)Xp+NbV}S&yCD^b%!k_uc2(hcFKh zHpHOrMJ1|`xM8?SI)jbjSbdH6>7;cgvb+7HiD*HagvPOGmvAKT z7Y4*b5Uy2DmBzr^-J+o*G#nh^<*tvv|73za{6It8>Q3!m1cEv{tNipnmt*OCvRNkKe#?bcu!enAP}tDpO2E5+RqYgg^< zX?eAgg6Y47M>pXu36S1}FR&Db;sM}gD;+o!;=5_cFu=4EkEbzg-hT6%+>v zCiu%z5YoY7AP1Kcd~vE&v5BMP48T|5ZzqV43m_dPjhbex8ZJP(uS}gNRwAkaVXz^P z#b`(A&fwp5JJg2DTB>oDE3W0bxY|*bwh%PyQ-8J|C^ogy5Z<^7T1}W>X>T;oYl#j5 z|G8&XZtf0K4;;ydPosqPB}@?$5??bH)X}yuO%W-E(J?p<8!6?{wpXH=!Jnjl1srzA z2nh}r)61wFv&7dZHn)6D7$jc-+|YFsypwY(xrIg?UY_c+nKkUPexJq+nM2>qpEkwB zuMl#~wu(GMW-5`wjWvj9^&fI!rsvNf?0gCn1t7I&me%g-7c|Z5b;wbwkUhoxd>*$2 zs3>56PbFEWXzcXi^4u?*XY0u_obk%q9LJ;mF6Qhbq~4@5V!Z z$B4`K7QnSW{Fr@gL?jJhffDxI87`ROc{`5)dfn#}a)*Iz&9#yfi8-H$m7Y;Qy7czP zK)>0<^7l`%P|p7+BxmY{Cw>?#v8>nKxUqa_I}^HsEDv7jg7wID-iQBcH$eGaeu(KU7=ob{!?Lg zD>N#4#zY=|TucG{JNtY;;!Srj6A}B(?o{3bB8jzy=5pphSj(fR zD&=|&1|c+w#@D(jb=hzSU6*n8#bm%magBdpi8o>*EI8}nu&8Prh!D&)QW_6&%ewS& zn02M~x-o7#4%#GK2TDbM={8a#@3=CQmz)QBA~KRVz`kIb>BEi%Yu~{`;AJ?1bexzJ zd*tOXhU{s?6?kIZIH522W%#UFuHfpr@+d;+wx9MLZNY`j4GU)y6d`am057pba^UI7 zM4(Tc?*>!OL9h}pTU!VJs{XWkF)|)lw}-C8~Q;Z6B}ip3b9ddv(tyecaF}$QkN}0vw_$RHkb`LfwTC_8}7!9 z7CAW(sSCW%>;-}_Y7czTg87J&9mHRlgc!f_yu@&lB# z$1t_ur269dJ8{|$j&L#)fhp>kjL@O??*->n0%oeMl3nUA;7S)cs8Xd+=B5MCh|I8? zWVyz^1-ZPoY<-C7iub1tHIG;3BQs3On3VVCc@J6sE>FaUBIS+nKJ$u&M*k#^OgClB zJre_XgimgaTB^v#(7{5 zeTw$DJ*8NadGCSRAMu)r?4U^a1TYSRB2eyCcGyC9en`5rW|*YVlJ$}?@n)b}-!=QTCe87VVd^onXSa18T~J9a!z>!NRSVNwOB!Eq=X*Uv`xI z+2%99v=VXRv6}Mq$!ksO_5Z?xb5HJT!g%a6_4;__R>Ie#Etp++Ld4^T4qST{KD(*Y zYs|-1?|D~2AhCgO`>j+n5RJ5;ifzPkemV@Jt~YBc2YwB1LjYQ7gE@W5v(pZO`Oyun z!j>&{Y4vr+HhcVX+FqoCYeL-asnGzDl}P)zDDCwsgx?mkb)$oElk*aj}Qz{ra%|(8Ip|GUJLI< zs>O7ojE{2_vGC1ne|;5b6(scds^*ic`G#?2S_oQTED_aOoXlFPnh5y@Xa;eLyj8#wZ z&f4m@c$SbaNQOV)g_h#P0#$S{UAl3-<|`Qe)Q#QTR^5%>M-KqY50?S` zx3`23${0J>2HVo``p&2WBgCLRgh@+EE+3@i>i zZEOf9eV8P2_A$Gk z1NruCKoF2cTd4gDG4tqb{sK@m6X1si{9eLaooB=-G7@_KC}6gA{tS7iLu2cCHu5_; zS=$b25AFBD-8*SN)#MX3%luJ*(wkdxT6P+sRBjsMv$vmqxjLr9)M#ssi&1TP=`+6J z=Tel0B)NoBv=`7eq-UGF9kPqFf^06$d60l)U|46)(JPnNSxI%dmDeqJ_HQI=fN!e< zK8j17O12MRfaIKZm4N4^8q&G>-k$FG*?exYmb*-iR(v{;Y}aCMKxV>V6iS@>nJGlK zHROd4chsH%fgf@eh94DU;;B~ScD9_FZx(z4IwHM_!+~V!h>^-68`T_8vq2nT2G1l< zuIfU}59s4pBKc#zoAn`WU|P@qF_8G}$ABpDCtR;wd4IiO_C$93{AKp=z>rOsTM|`? z#FKo~*#{z|*AgGqE(>6~iPrvN(C;Vrf!6ic+JCho^X4AsY=_ZU1DTEHepDghaP|#~ z<{QhzQ4)t>lLL+_lXuqE$pPg7Rm+n=1`V;9?_}k(aUgNG!RhhWdCNXQ3Y-Qm_wBHYl>VQ(q0f+ zI%I&EDhbSj!?rkJ|BfWQZ{xGM0<&G~lW4!3-Ru_IBG9l!moOFEbY}EAt8Q4c^Rc1u zT`-;!iSgTx?)_)v6@V|#I(SGmR(tx%W1c=q3I*(o#xuxAT(CrPIEd7gMJkp%DwkB? zw`8p|ZM$($^3qoZm5Xlomy$HPzI^u(Ukl4--}4&QG}593~Jl$*}kW5KY)1%K&nUw3zgDexLt3-KXx zp4Z5p7g0(#YGsn=&`|;puaRV!9R-!~Df3OH4?+nJ z8BQhiT7j#!x21|7B8xr*-LLA!+G4wJOjT|*(wr(Y;>vmPMD=F?cl@nFnbcY^Mo8?# zWGp(RiYnDk^1TGV8~x#I0o6ctq6OcZtrZ00Mh~`CuA4Xvsr~*ScZpm~KXQMP95>jaFs{x~((i)g`#3 zN%q*QRd`iY#!8^e0mrzfV50*q`^+v6V6-c|rF;dJa(+Oq#i~kU^f%FsICpi(g3Iqn zyNk9)S}(+sey#slexE<7NCJu%a1|ntJT=20Nq=Y!((TlPcYd+vWQG3x2NZVp?8sZl z1=5ICjBj)PIVW9$b=04Tq{9^qB|WxLOL|hwb0+kms$S%~(FC6m$hIMZ#yEONb|kff z;Db0wIT`_~m5xo$2YOxcIlD!itb{&z;xNhv9;QguQ70DlBD?}y`FgO*iG7hyQcjTq*yq66arjV|$7?hJkK*u|`wxU10 zzs4A5LZjF_;24Skgb%2lEYL64ABwPgoJg}`mAwAh+dyR>#{BLtc6p)4XO?Cjl;?{Xl75pq}-ts!5dNO#Sua6fX)D)#X}q0?sYm!@*WTZRUr zS{aWe94sl~$og&6*}DV0IC=IKLX`b+q-VxP6L$xE8eI8dDpfD5Ge3e@J65iGC>$}D zE^MrSbu?R495Tc|~7JaXt*`BPFmw;CKA1$y0 z%43mo6kit4!qBg1d@N;C&{am~I@DeiF@nx*_6RH_K?|{+^$t$Wgif|(I!}Ns-qr$S z1?jx|{tn~%He`MB;4Z|y1XNsd4y9D!&p1Q3Hf%r0S&>5lCr@$b?#3yq0c~;m!HKpH z{*%}?EFY6FT~T)hZ5$*U@Jx_(C7yT6Kk7wxKjk)dfj$H7Ld1zjPUvhSJ$x`2=RW}M zl9a$65K%!(DMzVe6=^DfCRS*{mN|L zY_*|Oy5(Obi45i?;nPmEw}(fUuBY@9Pjw6v3<;Lz_mVqAQ;a)IYKJ=e1rPmG?H}m$ zGO+hq^->eQM%B%AA`?)2}dvAv_wk(&sv4@z-vnLd|?C-P8 zae?*L;F?)6^oNw0tT z2ko$4YbMld%{^rdM~AYur(@dj1kfwSf~B*`jhFo&khbK0MYycC$As+M+Upqx=J^*@h5dt&tag1vL$FYN-L9QI~J+<@e#as7P3y3uekfGShb6ScfRzO{g9sI32%$LQYm0MvREh*&iH2V#Xa zvT!gREU+K6@RpizYO_H8UG+Eiqg598b}n$2k6_mdazPRcjUJ-xSYRcWVs@!!e=4~u zXM4^tY;q0W9I!zfHQ`UGJd}a0K}O7Wp;GcWG5F1Ud%~55K@k{UO2AqB^w;R^*lkl) zRMnP!v}|F@Vf*RfYdNiLVRaj^TRk9fh(CcJ)EK~L>(7ky$8K`WFGY+!X1}DkMuW4K zT)(z#a5pRTzmlu?RLykmS4T-mHKsOgs)v%-jVqWic=1dd_Hf=~C?7H+LR z(6U^|X&3fN@G7~cY}gF0vs$;5H)JvzgHBa$(@%^{X4!vs2wSO*KOH&OmIFcjm!fyl>OIkykdIRbjxjES`Ai|JzqzDb)YqqI-zr{WtD z{XYZiSmBvGFC2nqNz&+$4h)i?d^PU48YhUsEd^?#3QjhvH)WiEvNG&RBQFzhI1Aq~ zfd}GM?dW!e0CuEJ$PmsN*ft93jFh&Qq4cBgz)iQ7(IxHGx$wp^`|CY!DO~~&$ZQ%? zER2`oq_7g`D)e5Nu;jL|a@Pp4umnUx>E2z-_v}P{plAr9(#!h`iSDfz(W_?ncAU;T zCF;>|6W1#rjFlA5u$R)tFcJ@&zVB~5Nu;Feqj)w~idT8h0I?GN$Itk(^wBHRR1SNy z6h$d0v!l+kXr5+}lHUoPEKHwAy!FEq(t5Fwz*HWdu@Ok|?%*t|I>p%=_M#E)o>}T< zB0YDTG<_@TQ>Zk`n6D@~lqBmw)T?+f5XQYJG9o4H(vq2F7+nsZZ$o%Q#JOO~duI%^ zZ6uW;=JZul$8NoC|AmYb+KtUv=tljgBiqH=tT9KNVv!x&?BbF?v?fGult1oRqZWfx z63_j#fb+GtfWd`LDeUcNWNmDHdGX`L5fK<=z44SZ?$==6dMJU$gcHt{7&dh=H%u}O zDx0w>5%>Q09QHdV*Gt)Pztu+hj_auIDDZVsdawECw3FijgQ(2isntOMZcy=Nj}t2~8=!&AQd3%(+8G5Dwev;BmQ5-8y*kMy>3H^sZv z#)*_Gf&4-w1tzijJ}*eqUAJdVSI$~%q8PQ%z!_YNQS{WQLbdw{YGU$T?iL+ckP;93 zwPYN$o@IGT1q1_7V_vwZQ}XKXhkT)1#f5PidZUmQJ1JQ8=g>fc_KPDjpO~DcXRrR+{*$Xy8DKH%J=`iW9V4ceJJ3Rc& zAo7}Vf76ubprAc%%)w|ytz?>}A-9zM+q@kNcCr*ivjtzur^Wwm7p5Gv)C7GX&lBhv z>_-ZH8D|%KJfY?KXQGfzRaHq7-2D7VWdwLy>*P0IU_Z(5k`YDG>v&fC+^qX+KVG`t+|p9Ff-xPJ$3QgAX>P!~3+;_lt3t^0Uo2?pq`W~Ba-F#m9VW{GYxF{N z;JOM^XRo^xx(L5bsD*ai{TJaL!ulbH17M7i8l4>_%)W}U#%nK#d0e?#Ys$0m*yYMw z>iaWd+=A7QB|d^F(4a8!JHnvb-+ovgIl-(Qd;8N1l*s)Y!&pal!c+^_2 ztUd6|#d=xz9$@&ZnNYjXbX{H$Jel8QHZTY*PfsfJ#px&SXj|=3kW1rfsJm}9({?T6 zCBh~B9|64pLjP+AqcTd3ew7%nh8Q}!ujcu^J`1q~un@%fK55zaFN|w{8T)+Ok^opv zfWUD?+f&J=bSfu0)rm+|f(W*gU0)M=vM4}8fB{|dV5V@9%8okfsB(s&k_<07?LE!( zg#aKQpsw#1L#!`|_1_Xm2^VuFhbc#Ha7(-_cglgU8Qo~3E&pwS3?ILD6|m36e?aD+ u{PW)$$bXVn1N!#9bUz04hyK6bxc>`VqpeXjmx-MK0000 diff --git a/Keychain/Keychain_144x144.png b/Keychain/Keychain_144x144.png deleted file mode 100644 index 8d0c7dd514f9464a673568baea5f704368559973..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 22702 zcmafa1DGXEv*u~roVL5C&1u^+ZA{y?ZQHhO+qP}n_V)MRfA8MCyU*@mDafy&2TgUbc1$A^5s=fSLl1QmT20-k^G;7&;?78|U4yrlKkZ(F18 zk|DEO{PKz+VihC-2S5ui{NnN?!#Dtrm#-W6!T1F_dY|x}(7c$>^-D(OyMIB1S~GU>Kao;!p=hk|%2;NXd3Ztgi<0zi+N zqBVX*mSY~mD2)2!GUOH*02$xU-fjyY_QGzQ32-hn+7AT{5!Wq5T1qxKI36~9y{VIb z(Pf~D?~~jKc9xjBuZNAK$MCMQN)!enRk27hj=8A7xwueSJT!jkTG_($l>gu!c70R4 zAv>SSb{6mb}0=RsXqiOY_{k;};yfA-}L;Uc}FhezV z&;ob_u*)=yLkwGS0|bddNGy3>fj!RD5E-C{JKK#bVyf(-7+pV)Uh!enLoIhC_=)5X zA7P{PZAo*ff8=fXoA&@CM?=_WLo@r((gRa#!{K-{S%Yj60Q|kh5J3__XvKg{_&{s< zd6vJMAj2|{qo1iYVBW`d8dS>nmo>OLs8TnaH4Ln`C?9lS&mVfAO&=3T-)ls)T>jE% z^n8RAfki}YRY(^>ei=4YkO9GvXvA2)mua$MOiI7f96=fGdt!U6R!9xM*KCMs0%q_J zAP;|}WZ*d+xMe`2_ewP<4y0)B*tU=}S~>(q_u9_yW^^9-re2I4>}vpZfL3oDB;PP3 z$c%_GB=(JvK(sOm5E7wT3{gICiEwH(d_HzdgjkHtJ_vYFj!rTr`rwbfAeHbP-M>1E zy1(fclJ%1RN?;uRGDKwZdGRgKU8pHkCNJl8g!+Y)7D3bhS362utvaa&WLf8&69;~% z`^PShwP!P?I-?~^C1?}EQh1y9Ss&aE*^P5MOWGT$h%1XROE^n%BbAO{N^(llqRk@L zBJ}$GS@_-zEZf7^Bkz+}{WnKsr@ogvKwLOAH$gX8H&r)8*Ke0)K$f&U)+e?JS-OPp zq0PCP`R1UnC zUi+Cz?ngm*TzFe})E)C-%hcY~+OH}T&9C;K2``kEl9x)Hq8>_-JfT|v-9yMsvC!}1CD;Sd2g|X*UR9+O(%<$xIlyO(+ z71t>nN3ZlD*2|kC(y6$=lH*E{!Rhq0Cdw;~ZquYqSZy;n`Cos}9K!j}?y?k(6Ja-&D|UovNRL zH9IsWV=iN98_KO-S5YY!S z8OJt;R-ZOp%h@_-UU4m9Pxb6|TyiPm$g$s|e`A?@<)itH3gHhzjA+V1ai*#{e!U7FZ3mS368vYUXmXbC+gC zXHRD*P#RrfA;JDOv8dtMVbQP%^grlMA|s*$!V993!fwJz!he#Ksa5LsMZ#6X2@1K< z@v+g|NE~fTo@O`x1nr&gLhoJDGN~ulov+$99F&YrRYq&|sMt{AVdLX&A%2CR^p+e* zRNiZ~I30j4#kB>!#U2e(9Yx$|JR7{nfF}9Z`p*a@^=pLaiC2oFiSGeR^EYfe)N0-O z?3ctx$LIZIDw!#nF!8T{uAdVi)d{Vp(qQ5y@1W~r&Z8G>9W`0FR7A<;n~9O2uv0N? zOOE`Mcn}LGNh9@BfvGdC-82$4$QqR$M>@RUPu;g1!yUOBdGlm3WN~sZ>U8`JeD7ho zG=r}QSgcfEYmsu&=xN<~=sb(EAg~ZyxgHZ4i!i|6vJBmvm(7-~?$kD}yE+^cXc3Uz z>7bcZgEt>AM>D_JFs!RET}vX;oO#e4+YQ~7CS8v`+fwmRdf6C%^uOpRcr18x+IEC= zTHiQny;DxnRnc6TuH4qBI2gapy=`h!I`90eqh_OxU=pPtRnJ&l+wr@~RCJ-}H2>5G zD=PJ{2J)Q!$fh>1pg)PM)^{g8?^TAs9g%O7=Xh_4~6KmDQD-V?Ie$nl~-BC2JjT?}|xf zMwRRuoE{k-9T$Ng5sP?jnTcBGo+c*^R~8*7)^#6=dliwLU>--W8gF!)kF6dDkzX0u zAYtIIm$aR3Uz+ROCmx$0GY};Rn!Mw#Y#+uSdgpt&M=h;iz zQ+2^cQGv~ZbYBTCRnmQ6QzcVWBK0Dtq7|Z3;V zJe}S;jC4o(ugzx8Qh0xF7I(70Eb@D#?eB`|8-4Df_oJ&7T zCuBwNI=Mr=-#U|77#?mt`QN=Ua;SKI&ncm-#Z>G702q{i4j@2kIwk-BY-XaMY_BXS z!J%hmL93&0rE5UzY+?Pa4FGUCb9`S~7})C&I9r%o+Hp8@6a7nrBh9x4jh&07y^b@Dr5*8q82O)egbeKTY)!1~O{^>l{;{j0Yvo|i zO+@sMqyPN;J5CGh|8!(&_wQPL*N@Iw$C{3TmY(iEEq@o}`mQ5~psj(9y_Kzkm6bUU z|34rQh+F6w8ORyv=(}*y{dbLjyX2z#CyxIT*S{+LkIDZg|Nq5nZ({hrkon&N{^!pB z8Sy_-4iz~AJ1cXCfAHX8W#pp!KZO4a7_NWaleRT6_=fgh1sMLV|6gVQU0?bC=HR~y z|DQ1Y2RPpkp9lII!2j8hc%XM4YH0xgK7hCozk)N+MFxbohH%H%6wR7boaEIAnLif6 zJp=`oj4Y~K&*wDxs|-KV&dJ>gNYx)t*_ zr>D)YBPKVaj(+b@^Drsf$8@*R@$?suqoqSuJGlW}h8NL47+UT&uPalYj<1PomOtO0 zyuO@trk;2|pD`jiZu;}EPEX|$H1i^$IUUcB+jm2$RM{^#?>@sYXvgttE!1vUs$3*} z&c0;eQeQ<~wS4S`34`)AKTegNL=e+GdcaT+QkagGQ%g&|O3KT*nA0YHDJtlb=g*zI zDsX7TpvEaM{6r585HPZ`%3;}xb1Ns`Y9rd(_!z=%bEN*Cmhq$7F0k9M0;=BTe+1Y8_YpbfKQUQ?4;#r19#z>>ZTC7Gz zh10pY<;#1^QKnl4ACeFP_q~jbm9DK8&@2y3HtLB}*PF&R2hO7V$?X^~y{STehZM@qTQFZB^$_;((H~eoe0t z(j+dU_k1WNi7XzyOH4K?Ne4;Kv&D)MQ9KtCFlWZl0&}u7`=eHvj*gBr+m_3Rmdp1- z_0Bf-th1ACeI9w)n3B@c;sCXXiNE^fMoegPE|#vsjlJ>VxSYRIn2e;Z>P_af#X5el zDH{$&9{SsM+B|Y@+R(yQew1l_m=3IMeLlW-0;fOYz2SI|Iz-WFI<5?$kV!oc-i1Zfq(BYEt*uX)ZkOVT-0jqP z$3B8wjW!>F_#Q``TQ9f@>*IfW{zegLfR%~Yipvp1;eFndb#(C81cvD^H^=9%t**vS zPEO(swXL*9^1L3`kf&Ss)|Hx>YDR#uVoSx3XL$)pD>^9J7@3&`=-S>L(pa@$zu#3g zM!vLjVz1zk+-Mn8v;&Hlv zCqBwjQjvX#&5Puq1R8I#SZe~xebk>wRkZ57euwF*t2!1U#^Xb76gnbGTx>F&uynl( zH<`OzYqFSle=JO!YiMW~xjh)8{rHCGX#xs`ESz7xr^|Jf0PGx? zUo0=xFLzz9P8eLUjF>Y3-C}~^jGKr&-k^iH8HKOD-2vwyH$=6l^s(!KtLrJ|3XK+9 zP750AU;M{XCESP>R-GgXcar91OO+aJ9+N;2RIQrqtu;5O=`I~-i&cNDHd?`~t|R|cef1!C zI!^OLOsIFbHmK|1t~myCQbe}PvHLo1oQmSD)NFaaO}uYDbvhlbvY7ESTW)X!N>kd? zkVNE(YQZM&%7p!X4gN!n%*X5+nu$HwWNKDMC&WIOmVTo0d3_7(I+;sF+qL`0+XyR? zKVc=p{FFmg$uE&&>a_&hLcPgU@vK~>&agYAv+I2)sA?!k!H02++q3uC@9Syy&z5n) zG2*E$F>Qnx0Erd}>&@%y$tz1~i~h7Z@bz``0eex&V!i(7)AlUHCj_NJLw!BPW_`UX zI5rm&Sb?pYwp$v*)q$s8*G+_#yXiq_!l||*8tne!!cx}7ha)7Xh`VF{xhRQu@Cg)$ zgrvsC*-#X2lKyPU`(Ok%3U%hyHnThA$>ftL}v+O~qA7~+`KO1sP5V~gF<;-0{A z?d6Op-PP%Ne<;=c;=%&n(@m7uJKLGlhQm?>n`?M8wAmw;QJ*!RMqj|pho!!nff>h+(9x9{%!G$&d8XVSo$k1TH}+$ASL z2=yxtWCal<9r!qkduN%LA;gHDXmhTyjK;)duM*3;=(T%f(>4X+RpiC^>kG)qECD;7@QvV zujMBi24gW2yeJ!W&LklSCSqJh``2PVh1r>@S)FCW7@q5~2=Mf6WIYm;%kr7#Q)@{& z-KfsjVtCN)Cz7HHb|~NTwC0KZqs)X(dlwq0jm680wAU*EM(OcNC|yTiU%(qEYSQW4 zgtN*T5Cl%N@Rmy4*<^)`6@3DP@7#&6yke zq*NrWz#PifK@J#M>xXvI;Feq^8z`W%Hr9|$~5S>_+I z2@Mb^7Z|7MV+Wk+zJkjlzL&)07e4fTiEr^b?AC;yM`fjEgB&q4Ps2xcol2y7E?@h6 z1`!YS_{d)6&y@SN8WWSq4G>X3f;cgJ5rc35B-5FXzFC8?^No68z3I?yrimf~jehQ@DkIHs#_K9rX_NWp#M{?K(W zJH6iwMHx^|14-pg9@vgsUYPED!e(RrD{LBKF~`2a2&&{zoWs(k#RZ(f1}s-Qx;=e^ zCb+RaX4u*%gDUp}uEO8a!d{mS91c85cIMP$H^I3h!KLNa)|KpSr(2(gtW;1)7XvoK zGJFp?N9lHxpW}C@hSs*qUGnv{WZ~FOlyS&5^kl+=!?7C|7H7_MWT#Q(%;nf_R+2A6 zyq`7CbYHi03;j5}i?g%sKxd?cL^ZqHE_YHzMo-!L2u7sL2lt0@QXD3*afn)_pMB@c z=5Lpe8Bvuk_S{!$9cCDnIY{v$INru;sK@E9GH;^^Wr?-LBG)2OxSWR%{(=(1{s)1! ze8}?eHYGSPv!;J)SSmNiH6_l z#OB#Zuum)6O*AZN%JjrC9CMd6Hfli4WhGrp&|L=ajB}UlW);OiW)rnaBh=ATh6t#C zcF#gAN~ZntAoCX=jKF>SyyJ1+Y@++DDo6p+?`XFD}lrUcj}uKcd1-I z)EB(Ekkz5>ay($|av`jlezRd8y3ZP|oUHs#kzO}E*5!qVrsH^W*<{ieR6Zm7UYmt* z$aKOpBr%8l`;Ml(9@aKJ7t=69rjWG%wm6I>W_3P>GieU~IbKO17V;I7VHW@Zt@F_$ zRdJti#z{Lb9sx-o_CVmDlj0Bq_GqkJ#`cLL*>*8SmZN&8dHoMG3vIM$cqmB}TGKv$ z3C&|2=5KU*ygf#KAaHGCooe>23URZ+)qT%7-p2k(UbHx^H+?F`@YOp5jhbW)^a4eM zutET_W|2NJb3X<$CGGp;m%4V~@Lfm7G&us;uU(eTSDI};yxz~!J|B?nBhP)oV2H%< zhM<1Wj{u56=|5H)kd51EB6iaxu%A@lf5D_g&^)^a`x%lli)>Lr&vU|&Z+PAaV|c(G9i#VefiF_K##6&KJ6Wy-ixH#oxvaJh0m6emXmpygqg=x@BjSvkLTeXKnZp%J()EGTJlSCo{P zpl)uyM|s}oMM%`yApSx!CeL!WUa0LXYG2KSSnuHSZ~CI zv4x2P-sc-+jtFK(1|lIh)=nG#6}A&bCdB_*KPSa$*YmRohu79LXUdU;1hkMR zIm2KqJ`-AGA#@>%BO!%Q4pc;=C3>bkrsw8Gk5l=qQ4Qyv0EAd{J}cO zAnm$oxy4Gw!a&-v84fY5>0)mGRzP!w{d zaZ}UZSlFT{sDE|r^|!|7QcVrB7D*Z!M6eghCh>G$WBdw7E*m#Md%%98@sT`>IrYVC zK8`AN-r})olFC9zudRD9;TJQ@0VxRjv3Z*kyxP0ID0Iho95Q9G7gXkaZfQODVnphG z=cOkT$3{9c0eIBRhL-jEJ47SlCv$$8y~?VrbLOSf!ndp&_H!^+s?FBBNTN8Ox2vhE zd4NM4vJWtZ{7qj*b!6FWZxZYuW2s@*mGJ$Cw?CMS%6X5o{f_AScBdCJDy*|ZF-udo zne{COP5BgX`40QaE0fOqK{Bo;(PCUW+65C^%|)0yL2q2h*NbC6sv%~?z@jxAnbUO5 zDRGP_cl!~SG;wT=HtyTf5CZj3Be`zH#1th!W!EY-N(%lYZ9WvxdEQ`;8)tmgCUu-k zB-MjBcPLB$Ko>ZE?b7Xu&{@5^sZ()yz`mQBd|6@<_`IJy@%y~xT1`A3-LnNJlGv=R zSROoS6C~x>8zh8!yDg~b8oz6LRe4e`M_4P{8C{%LYO@KXGk&q8aJxD7wmbTDh3mkp z2Uf@K`a_{aaXqw5Wx(fA%%jBhUkio4Z*#Z^WvmyqMS+0P#v`bUZFdI=+?3PcvgwoJ zAPKhtvkD^6`eT?c*Pq~EXlRFUaj)5q=?sOO4-hl%l>Mwdl)~QXFxIvI%;@w7G9*Qc z(N*AdF`p}Zt7>~(Rnxo)RVo+Q`hHE9>5X6jW|Z~0jo77lefvpaDO3F6_uU`zB6&uy zw4dd*+M-3PWf?Z@FOXO@%MO--^n>|+C=|beq`up+ zoIB$VgKZ&TjDWQQW9zuFh}Te7ubh1ewXQB7#Y7uiLi=KbjhAi^-X7r^yvsO)vnNHH zw`#HPG|n~9ru9VF@~92f2q;qam?o0AhC^kV0aYAIJBF6&v)XtjHdQt+Q6iK1gxNmh zsPkyuu8u2iw!TUJiJ^hVwOTbWi=JSzm0y_M8~L?&O_>p^Qcg(=qd$cJ#Tr=G?Jn|u zendVrXd*31_aqSq+S>K*aHux*p5IilBU~*p2fvQ1lyl22-stJ zuBoSAzgwfakraR_mG$^D&iZ`oB%b315M$Q+#5~kO84c^iUZ1kQ-jA;KH<+9!!mM+3 zfbggoS|EB8}K_K$a6J#n^(%PWC!|IM0 zy_ECEUQMvzdF?{Y;p`6U*NMR8!?Ry!?{~gk*{yVFH;!5EtMXtpBM$k%1f(8QX;*R; z^5)&!iuGpP%71ro7p$Zz{RF0yg)#0{tw1mgtVe)tx+xG<4RA7-R9hj6G}p}sopTS& zW^e*y>%PV%MAW({ee+6ZBU5fElC0lKzy5t>jp0{it3kgwYW1+ac$+Q72*pZ#`-41+YZA`i;jFh$(SYJ<){0=h{ZuP5zW8PtaP@f#QR12A%*Azw(j5KcSj@{hyW6rtS{UV z7#+vLJ8YjRfe#Dxrp%!hTXw$PIbnKH+_d{9Eo64X)%Dfgfa;QB{1R4^QK#-4vWP51 z^dtlYr%m8>Sc-`OXxR2?UY_n6Z%Lu>og6hw8c_kv>pco|R#VV6b4&>s*t&eL~w5@R*ib{w^zT6rLsGlW=rxNXdtVMulPlE7V zi+3W^Zv0GU!`=xYq8e}=0gOWNfw7WDH=ms$R+8>0xdxC>2`FIO#<^?9kD5KitRV!} zT}}HRws`y~KKa2md@N)@CrvbvcVe5jiA^Nr>CU=<*>M#n6rP=Z-{k%~L_au)d#b>4 zF8prdr)u@U=Q!U(o-feaZRqr1y&&58B70hnV-8mZ5J77AQpZ3y#Q^uHWZ>dwkfn35 z>>sC|fF(;(X;)lDsCLwd0{-Ua7qX!lxO=}{y4{mC4WeA@9DZd4#L2kIQ?q?Wkq^Z;=3>~(5i z)i6mZBlbeM$85g@Ha2qaeO=o*Yb|91PwV-vfV{=>3iMK{$QD8!#!k{q+Iy~fWS6yBN*+*zbmX(tFwLET%C0twN z@^%xVmuUSt+hBYi=_Lr=F>ldbGoZGmf5WH`u6XcxD~EeN8S(+OHUNnMV4Q%aZ_@Pa zx+c9>jG13O1v*m>4b)%zF0^+z)T# z{`fk4OrB|$EHJU7BuK4#rBdwT_|@(M6KU)IEgSr+jXNi3qawKp7?g6@OERBrZ|VjO*mfb*W`CbO$Gelt)#iu#Y-KO=^$@ z>+t1x5yN2hRTT5EgLX=e*+tu`0sf<=DaI2*zAM`YLXnaUM=c#6kDHK@&+6-LUM{yy zfRMDM@}TXIhnVS~oxi@Ep?a;#%WQLqg6|;)P*L@~tbf~SaEpEnF)-NOd0w4J?qCi` zD^SwGhExX&G4a$atp6RLAKjy}$P`Qt^atUWQCpn3mEl=GvUk9B?f9w8^~e{c7u$TG z#&y++19>oXlX-hI8nx$8hB763EmW}D(O=I)Rs|6{6tt1lyp(z5CnwP{p|vC!Qg;7y zPl)i=WgHP>Uj`fvlKpkE6{9^XQhweIF3B@m%zr{O(_Zf2bfFA?Dt7FQ0dz=k(C0fx zjqbc?T!WU-D$!rwWmDn!*?%mSKkPuHLmZ=r{h(8gz;&~ld9>T%Wn%RMiOmMT$Lu*U zSHagcYlJ%*hB?Y$@XnXwl(y4PTr@{M{GRoMZT@ZiiO$cGNpBD~kiC71XP|GtV&SB2 zzF>Itab(d#&FVmR3Dh0($$V{52}%k!X#OeCPb&@;+U_+>>s^;_Pa1`=cRV(W6b)?= zGQGJeG{#%nzWwOoc1!v(^dK9FE#?iGi5``{M6TM7D}7_OWlEKuA+J=O zyO_xZ2rvY291yuVzR$TzFq^=6TY3cD6h3`C$>p2KA-g=5H}341ueE0&N-qz$cLz^b zF6SP=g46LJqA(Kp@x))DOUgmbtoUf!5Zsc$Q#H(j63_Ie+XUcaQCZW7_E>28S0<_K zOeaLtpf$MNy5+Kv)OQ&rL3#I!Q1JVr_qF}nTipWi2>71QI}1-+UR`^%eZXux1usm; zfKaf#5i~Jh3YeX63fLqfpIuF`MZJ*k?U3WdmrtN!T^@s|RReBM-&8rIHq^Nt9*TAr zU-h<4W2hcA0`$jz%gYR+u*KRBRTcV3>;=1TZQP!Kx5+TH#41mI#fCy~ED5U3v z;~-w1!#FHe&daRS&M}0fJ-OV8VE9&DoZ||QiM6aHL}@s|Cz;AzduO|d!fM8eD3~Y3xH#HHlNP{L?2+~rqUOc zoqjWKZ29MFb|j=?$z`obA{qXZGid^e{{Vr zQ~?hmve_aFM|VRrNg_%5ic^cJwAseSMoqK{@q5rY=`*VSMX5tJ+FAJAd6JW1Cs-M0+0VnR^oG+rE+kqOh_5 zV4rf40>eArQ092bR+#d07KS1YR?t?Y2aEj)Om#_&nOO|?fF6(*MhZ#MYlh_V0Hl4W=R9O7v{a~p?N{sm zX3-?8X~k&tc#fEX*)8awx0pJj&C(;z7|C&wUT?A1==DB15T?}AK?zlCcW8mCgCw@e zyKgcK=ua!U{}o4>4D^bvP0$S|%3rgBL{ z0fyiJxr3IZ;i+QFeAhegr(QVVwlB4ju;D`$K@?r?<4wSYFO>Zt>UXpwUV_UT>2SGGTAFt=J9XNphejQXo>a_7vaqvX@2DM%ee@)Q}Dh(<# z?KAv_uj((pCSk@c*Ihxb=(~+)uo_EpaewiIT0MV2ee#^H$_|ckL015XeoGmxUBl!@j(Z=HCFLy zNSr7z@%3J~_Ym)&Ul;696|vM!Auo`4q8k%;by*+gy6;mth>ncV6}eDk0M-+j9Z3AA z3zHt$(>*-O&dE3og~b_H{~PMlgM1J#k=(Hg{!%(-JDR?juXkB+>0<6wDBNtFqJ543m@52quDVA*c{TRS>WOeJbOQ; zjP*VC@6nXhZ~hJrY?kT5_*hWu`GVMxRle&xLNwyCto z`inx8cE6(!SV9npfL#hS`s}@VU!9vtVu(IJ=6i2K=dGjin;Jo+-BJfDVm^-8ujfpH zTb`+*j*BxgYuF&`%+?Wib_~NuHcM-kTfgcXAl*4cK9-&6`Lk*tDPAjYr=-pAGTn7SivDC=Skgn{H&DraHe1Yr#E`eQq{cYwP{t1~)^%q+#*7^>o+QM- zNOro}-8M{{DwBCc6+>)(z2>;O-1Ba)0KZ}2>ny3Gta4HHKQbn!uW(zj1v4OpwX8o%5=-F8G;ir-07mL{~^f88Q9|2OY<_ zxV(Cr?-z0!eyE*n5l#eEgIztGeCccM7s+39eILRdVu(7S1t<6B&d=oFg4?uEJYp2q#sXpb+C)QX8g9~9xb zU-wLrRRMQHZri@J{0340j>)#QO!CVBR+ZO4*V z$Ui}&%tw#AL}!k}!U4z7SmCTcfIrRuSKW4m^z5g!uvi8a1ZLB3&=7>4Q11d`7i4LI zXEgq?U+i0dD*Jb3t>aw#Rkx^>t7N09p@0Xq1w4VA_o=My=_y;OMLog_&U~HqBGr1K zAD{@}uL>#$ZXKZrJNS1#cOH1p4>z?oJhnQXwmRN(vJRV?Xg?mCx-`Ndx~yJ<0}%X} z6#%yjAi>qG%AuF=7>jt)G9LyMv3WOO0U`dhc|^`6^-mz#sB@mGnh&K)inC)w)}70( zWh|sQ`y%i#-9MoxH}w_ghk_m3?=Rb~Hhb&ruS2QrCgi+JaqF6KeXnHd0VGFbW*06r z@r1!7#f!0SS1176Oi0Y99JvCI`3cad!d4t%OXBMK{`rt|fNjx=bN)dgCY+9QADTK% z7)t=CO3Z6f^1zwTylY z-ck`Exj4CYOJCsNTdD(F50GTYPX;laOt!m*!P_?e-R@0Nj!`T89=0m5z22>kV>TtA z%!+Zw3Z*K5e#ZT=#=Wgl(G|g08->*m?S-k@1PhvNN%rz?TbG`ZrTO`J@<@s@P~9`6 z*scl;2RI_}N&{r$aztzZQE@NadNpv+hTI@ zCQ2l)&ivWtbzoAg!QOES6SlI>;x7~~n?38}xoAM~c|#bpGJkH2tx=}SA?NovkkyHT zn`QHC*%9O(y$&!d;^53)lc{bPWHs~nA2R@8bb&! ztBD}$C1|{bx5>9&){uvh*DgvH8;sPA!vGX|T$ua=RZ}SHrDQW*PyFT5z&^pLFhVZ< z)#?J4eKsVe5<3c)sujewCH3cz^aRbOO&+Qx1))`)_YQm>A_qER0=L31i?{Z$xuGlD~C9$7We90$w`u; zdh=U}H9}>R$7Yl)hh0K8RL(+tMh(D&-DUI+{WB9aK%aB@Ox$Jto$g3^D+*opTE0Y- zO{Qca*B~!hhVWt!^@l@*ui^ES=lfoorAqU)Tw=`|+0>7exI40OfghwhI zIJh@P36n+xg!f-TL_d{2HOE(LKXmN(Q=XTw z?ZgIxc^fz1_Xfb&^@~d95NegmM}osst6k=03Bi+i@AGJ~;`F02zDJm3eC}yDIed>4 zRm%P+j?Ka_D8P5lPH=wKbLo^@z@kK18ot41Z9jgmNW`@5BXSkdqIsY4kolN%a~Wlz zTG3Q+_EG8sk5az9KSQCsEB`?N&=J|XwIt0EItpTl@CNToeE!{Hvg%ksk*#&$EEmR@ z4PthhJfHjNMZMFo;XXxdo1js3P`tc?I>_C_;|W}YZ5JG63PC1i zt?0DRc$}A`U{rf|6V`(UN<15A@K@!(>m-fca#{>0UaJ}$BJ2JO*ClSDEJ$CDSXttbL$)E|jh3h}P-RU$7!4*rKf9XRu*47~H`? zo9tEf5)Ztw>J-*SUa$^WzjLJHCr3=VFJv2p_(KSNhJhevulb>JBC9L z5eUyg;yj2EsD%|Ur7NUIDze6`aeRnn*6nfq@nDUpa?RJ^GrUdILO?Fi_%uQIbikC2 zWb9F{h=)~7@&MLz6m1A72F`bRW~^Mc-z(>*UakQ6lq?n_sf(|Vt*?(5G_guj?{io- z!{_lh0%#7D*DQ{t9)sX6`d>@oF??(JJCWo2$qrb2nZlmf$?%u2%as|$o^1Q-#>4E0 z5xQ4(gp`$CpRZ#;Gg4T;^!AD|m|2_rfkbGq9l%?n{O_Ah9?x^fE@rdCAp49NFe8jW zr9i*=1w5rbRIX4_Ak<$%O8goDTkM$|luFk9+_T^uU{X7pm-)@MKheF^c%L@hnFM9_ zp4+~5!)QMVw^xEY6U}gziaQfk+DsK$*YlvQo)?-a67#~>E-4pxTq+nm1mJC+GfxF7 z`Rh#|PMPBn-9n@=-!ku}++rkw34+?^pAiUlD6}J7;r#M&`BXKSO zWWDEHdT72BQxQSEx0c9z-yM-d!V^`(GeSl#H#kV#Cs_+&>=Qm1OUA-E) zQp?t0+acP*{@PVvEX;=5EtH7{G*OVy-(8g3mLGG5Tz3go9tSb7g^n4HlP0!=co05< z>46~L0w@F=pa{4vw)Nc1lvCkaU@-LyRhx3u?1?)SLi3uDxh!SP zg)>CQxgzhZr3Lb}5Y+P$5r#g}fyOZ2w_DF9fudOfs-+3=>0&d6xckAj0zmo5bPz<^ zG{?e#jjKSkX7q%o=Bxb|8P?1O&5lFzkBznyR@-Gky81f4`pH3^gqI4&@L)V1__!3O z>z%6FPNr6)_mQUU5JHJQU_RL5!k0rOI(*ACz|3Qk7=VbzZ0R=o&3M!-BIO#pgsTWs zRYtZW$c^cp79vWUQYjh4`w<-P5=92gJ{nIQ@RP^2EqS}rjOVc?Dg(l(6>OTq6gU_( zI#ZW-N1tAWMbA2QU00wxudCYLY&Y05346#kBRfvEvFk4QOe*rD(2Uo6KH&GLn?Si- zFr6uEhQ9lB-8FE&gU)y|&qcz#0kx}|XOAzKkK;R@94+%c!1Q}B2tQlGp#`jaCoEBT zVbUW}rd*xT6#QZ$pw?)0_|bh5!$d((@6)@s6-1+lUJ(ja!VYTSZzX+L2Jar%I!fG< zD^d(Qk7+E=H<@G~)FdgMNr#7&1m0>vTwU0U|a+IPzoD4+-fngu3z(0qR zb|5OXJYg3@{L0?%4#n3~M&tcXvowQc)?+>0e#EIy=r3fDYKnTusQvi)^&EAyTRS{w z$saB|7+pvRhS)(7Kr8e7y41BfPVL_`H}(l)nHvn5MK}GVx3}7+m}#L;9ZysmI9eyv zC0GUq5Z;AMw+&zqtt2VAl4f8Cn!X`{A~Xt-4-J0WI!4c0QtgvG$g|ejQoH8 z=YJkSW52g$C!fIXTU0#d&;%ap&~P>$u{uF~sc0H(rRyI6-3CFRMF&=OPXtc{kc5i> z;_xr0637B4;_e>GmGFw2RV8Bg6WZP{%>=j6i9E}~SY2{P3mOfmE!$*%9`|CYF*1?& zILENdm*gmLPlJe@I1t`d4lBoTBr#es&Z@fuIN2g)2-Zlj*cE90+3%chp@VDMmP7pwXNJco)va z%{tmj+$VA%iCzw%r_`ueg{jMbaCs*R^=t@wqQry1!SQE31+};oJZ=)2Ff{tHe*A zKJBRYU3lRMEIgHKDk;;{Ap+Ji2Q3XcfJ!gw%lb*~;Fd>mzC}fuo|kg8TjkkgV>!@h z@0259nWPz%RMaivSiA|Gy@5w!$xtNT-<$xD&lp=>OTEHZ4y}VUDgh|?eN>>Gnc+3- z?H-Ziy1*$w5eXUrB(Q@%L<~?DKpTbY;$ckkPgxk?;qg8_OAAb~ZD&y|`tBMFTeofr zKB2jEu&Glg2cHnY8gv?3-U< z3nb>dA(=E`;!C)HB6ZEFPm(7;2cHWK1%LwgAvnr)aO{y|XrO0F5I|8hD$kzm1U-A8 zY~3Ddbe|2%(8cX|jak2Pr(h{J-=7xoMV=vH`2_&tth^WP zK4G>6OP%P|{R3P{o#9ErL&H8L4pe%s$Q0`ybf8)|-a~MRPYWFDC64rztLS=8?xc=} zcRGxb@ug;mGtjStLhZX+4>tiHTmMLr2m*wc#D9^+Vb{(?!e`RZr`p?Ttdt)%vEe05 zbR60W`hE;`U^%?|__-d@rlZlu-<$pu3Ff0uHHAFxz4zX3OyzpRFi_Z6$RS7tMTsDa z0Fq-Gp{TfJR)_$q;Z@Bewr@EHiXiGnY z$%VX^5&H%I_V52bpJiz}hsq}uU+}3m^iz2*4N<~#=nHRGbU_TKH>VspRTpv-KsKVI z@!XfjeQ$5P9bG67F(VP&yV<+l0^y%3_u={SR0Om=gqaBXZGdB;3atQ=xl!jZk{&pa z0OGs#4rlPYf%|K@FMPYcl%e&CAnLC>pveIW#acV>+$9k0W4^b0MVIl?8WOYtUij&V zx$58(>gw$5A>6eJh58kiF;qUG!3I!@*`gVH3?ty@!;)VH7z!w=Sy!-7k+czI(~1at zy2>-ea^Q3`?Q~yTXPXO9>HCS`kpONI$W3DXT`7t&G7&5SvjHEIVYUWy9652(k z{4{s~6?za>ncl<(0mMFvm2v=C*8n1{&m8Y;om)_|RtZL)>ve?Rc2JL!s|h00teLaI z(t4Kt=(=@GVH%%Io;2~*fNk^*H{38JKA}Ma5HFd!=%S0VU--foxC>^md?;Bp*|o9I*( zh$%mL6+q-vXw3ako}G*#p8#0Io_QDMG|fKvLm&CbDU9L|iBG8f1$~c!Oeug7xC1@w zT!}&N%A-hzZ@Eun`CEIj){GoTF*ch~cLNvtcs`i%rQWmA+CGP zdFP$?@A!WfW8E=U+ZTuA*qD(AZk9`%P-ayKe+7I6ovv81VSp7eS6<%J(FA`nk3j*D z+{cCl0HHkmH_ZZw22MLrs`AXW(Bq6c^mYM+$F`su%h1I#o?iu*PZV8G z8+gdGKS59!rBSYZqv&!ReNx__P7*~M;4ZpE48(7A#%g@u{)`@Pkwq@l18BPOtUEKe zmBq+Ei2kReRIK)zw;&~8KV;(^dIwplPZ(fz5v++5#-IAyGtb-)wP4T(SO*0_ymS#L4m;$)7t?-&KEOKQ04i}G z+9^rFZCoiV1!&gr;xPEzU07ZIrp*QBM|~oY`~Dw z)AVQI!i7bMC+K%k=bPj_q+opsmOcRWjfdfw3JXvvW)LX?$jC&&V;h%)$U2sbG2bJ& zBk(eJvcQ8NdJMzjZoxu+j@k#G(1Q;>$fYE#WLC|>RkU9iV4Xxq8#i{m%Cw7;52`Xf z-~bA5TnBRbK zpAt87n8A5jRV+cg6ppxDut3-_mV?N5@Li%+ z8PgaJt zr&$$Mf;ZE<(wgpwsh~sHQT***Frn{+s6>1}tGRy}*D~lJd$Yd!0W=`3L#F5%1!A^s zrxvQPM12RaC|-lF%HQfi*4@xnIV<3g0J2&Vb5DW_3hN#L6vbE$Fmxf(E57!%uiXmQ zTfvZz!}L9tW9Kqv+SEjNYYn2!&o-=uQ|EH|T`XzibfOB~9;7|X^eE^aUjP6LkV!;A zRNT{^1_MATdT`pA1gyF~fkmCpp|NY^HdkmRshL?dRP;}FBJkHW22#Ot~TSmG}PmpQcI=bgPgmT+MoCVr*t1&I@UuEjSo6|#x69kQ&icq4hZWOAm& zfnqrWx__dVds+&m!9(vWIk?n$4%Bj>5sd8(mzDE!9~(p>(1Qxf^q>9gXY%TGSR;CP zpGgeOaO$$c5c=QDz>Ds&JXqK8xO-9tr_pT_>BzicY4n#I9BvVM=s>E-e-QM z2qJ+LK@@&vGCeq!dh+vVm~bFDeb3mN%@88#$1TFD)W5VsTIF z-cfFbQ94gQ{q%z&-f8xBfUd$CIFNv%QpxhQY5DJ>L+Na-r*fM zU(Si5LY-f}e0e(-Xf?XvGCb86&`vuU&dCxd)N4owtGo7AQB*}m<<$!p-m&halTNB8 z9^1TPz607ezR*AeC^R0PR@+w7eU!@b?AfzJh^C;?Jm*>%G^EEBu+GxN{cNRf_d%>U z<8*K0D>jtxF67E#HWSag7uG{%TZxRGt# z51hSJR3b+Jsry7x7Pu~e=s=uRu|DHcfc$Pa_#f$n8NxhL4=-O{`N)bDYj61Vudn2} zIy#-t4>)KjqdyH8fJ98G6uqS$XOZdEavPOr!K2O-07Q%ny*rri%5MVgopHJycC1y_ z-y_LG?qg%S4R~6xU_s`hi!SO$SDT4)e+J@Iu!lBNK&}iMM6g_m={<5-#;C?Q zD9mvLP;8I>dhdk``F?J`vj8&cpbK%K!rB& z*yo-g`5uuA2?DuLKY%#y0*vigVa3Ul$0xMWHH^N$<<2E{p7EtGeQ7aZtzyVW(3wXB z(15iKW%Q@uoA3WM00&J?O=-Cbx6A|aw7qRcr)(DfzuU69Re;J z(Z(#-eaahY0BZcFEUB-HDmcjbAU*#fA_Nbi-V&Hs2=5R;fw>;W!vcW#yp!OflQ=%p zw^rVhfJcB*Ml95KGygq77XZdkkk>MZv^u8rJjQVcR%-^)WvH*$>|C*ZI2`yi;2a1L z*cb(RW+RP0!I&1#rR}|fNFR{?4g4Afon$DBi_kkdI3H)6+OupNx7av?(z_T7b9RQE ztPREWJ?J0#fE?-}NJ>g_(B~@gNQ(nL$O0b1621Z`&d%ruM7YR>@+64(9YDf9f+%t! zJCQC8K@v7Z+Ac(V51la$c)S+ds2o6MJK*g!kN~pL?1^atvkH6@b4Qk`W#;4vrFM837>e0&cKp#UK>`-+41@SfTEz?&* zASf14?!*&MY`E;Q%YH(=?ngh<3M*g~1Rc(m#EeXo^KdSBsY?Kgvoj(Gdct}~z}h~g zO%Ta-_XZ-tBJ(%!;m{i}z77nMLhSmz0BDzsZJ;>x2 znH`@3P|nV%<^C4Hl*T3TSAod(;W^*c6u?m0d(I9YJAJ$sffL(kP=G@{LK+Yyy3`1v z07kQmn3%QS{qA>{AAkJu7vh!vFUEI9A;(+LDVTP3jeURT@|=nNprio-PPiv_XlC_Vte zfZr-OldHow5Z+PgC^W~i<|y+cYmOF}jWlQtLs>BeA~E9)!tW?VupaavOxvl8Bp2<3Auh9?s^>; zP=mabU#jb_Pf%qMKK!7DSK{fs?k0bHDwfxxMPnvw##7%LFohfqUz8m`P zdD6TF;^IJapz@a%2zi`gau<^pnZ49|A_t1%D=N{R?*~w+AvrZ9$$FZ01N?6SpidLz zWjLwlQ_hZ1lx0|6TCSv*ofOtPqO-(jJ@=H-5Wo8q)_FiUP^mNaw4ylE6}m0ae7Eo(RgEgLbU|NeVO2`FQex;PtA7=X1qffd?>Ei+|r!p3q8Gr z=5FSC>?E=Be>a$7M#Eu0kO1=iY%Bp_BS$V1^_+45JrQ_@1@|fS{_rm7a=u5F)jO_G z{E~D>ghe&=1tH$}`fn=PwY%*Oq7YV~=T+i`_nFw4INW#AfB~qCC>Nvq zR52?e#jMead50X*xvOR8`|n!3c#V?=@Ok-e{qIwr=e}?}pa3ds^avmuGIAopQoeaU zHnjKqxBwhZDR3b;56b}sv%c+7xpe=}^f$IZ8Hm&)9vFpHd49s2}Jl)##rOji?s*|6#n}QS$-W QzyJUM07*qoM6N<$f}bU~-2eap diff --git a/Keychain/Keychain_57x57.png b/Keychain/Keychain_57x57.png deleted file mode 100644 index 2eedfa0bdd94f5b7eb7b8b3d2b1ccd19f2cacdbe..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8097 zcmaiY1ymf-mTluS?knfpaYYwTCd|9#36_5Z*#vqT_>ZLjuC@eb{D%YOuCJjrdi)l&i#Zue38z=4ddb_ zDFhaMqTlSRal9(qdDS|UnE~D^q|h5BZ{y92YgJp#W?C3ypr`c-wYlTO-U`{~0enkswqlT@q2{Id zbD4JAd*7_@&gwO9&ADEs^(wEw^HmzVXuwL~Bn_!?c`u8=r00}nn|xG7b#$aRyJLIX zxv)kPr1>cJ&HrBe41742Cl!~cx8`{GiKCqaaK)(qfx5mUT^rEggetkc{z>%&1o({t zXjsiTr-3;dr}S-LF=NIa9y)p;r}dKS5-t-hBAjEJ^vjT8;lO=7pihzOop z4<_ShMk5c(bs)0!G64ie3aK?i(Z0Ee0i+p_7@Z~j5d#kl@VGF(b+p-5CD(W)a{K?; zy`#l6jB#F9lA_n#xxz}cbZ07JB`;o!aO_4TNJ8^0z~BvK=R{;R#ik13aYb4M0U|;m zcu4P&*dd5^lE|N>#OI$&kZT^nJKWwCFdgbYj;s>K?}}=OtkZ?FNp!`R^&uj z4YflLJH;a|l7c6Zl;CE)p2efoNB5JKQWGRX>X(jA!b_379S4__y$pvJN~?)oFnCh5 zpc{qX6`+lScu^k_0weG<5vRLFdH zJO!{un)IZiOMXK~nvl~)r#zE+outc%fKTU;OkaXnA)B3qQ$qPQ9+K>~g@hVaXqHJv zGC;l=r5Cqu{>E(9T!C{Y(<1YY66p@VH6BmsZP-WinYvP4=1&sdKz{rW@oar>OcPBF zYBTDP=FJX8sBi|m$Tz55gPO?8RXTEJOSBXx-aJxND&EL{> zU<6YI)2t=Z4s0x+&eTL>NbqVuQ zZBQz(N-7Z)#z?Bc$dc6%ss**DHv)@++v!q=ge~RW$@C%FhWSnPg4ppUACOf1bWCSp& zrp;yeWSFq$Gn>!_EBq;aXhu};mh9FHEv|i2D7W6wBNhpj%`Qqee`lU;9&H}J!Pl?O z)Rq#O(nO$IA^EFzlIbHI#p|h$ev{1&$_>JcR*Rg}@&YCIQ>nlDFKGALFMw7|RtDQI zwyCx$w(EyAPTk|Z|mPGu6im6;@Rr zm9b5Tm#kEZRaunR>)I5n)Q=JxrLY?aNHrNYY5KfYRpij+FsV^LDHK=FugWj!l7IP-PX#lQ`&V{BxXpX6o>gnC84y)E|paQg~VELJx*mt=*+g!PD3 zlkI?&R*yvwMc1iezxJ+ou`k=f$RcnMX1{4sKU%u7(^yr(w&vY=6eyByRJ%gbs?s`k zg>yxJ55DI@6N~bVYR9>r_w;_z8WA{yf3UaSJbD(liN+kjTsH+RTg%lOWf{dDEylzm zJtduHBXgf{TW_XvPiD7dk2CRgEu7X~O5fB!xEoQPi{JI`bLv}}7h8C2zJG=E(N`)=iY?sWHV z?p_sH5cv~u52FNG4*3n5I3_oc0L2Trw;Q3mHH?;H(uC1)ngsFngS2;~D3A}!i1^Nf zjGdMD6Zp`tS=%?r*9V!+TvkT9uN9K`ZStFZY&?k~iI3cne823Bys~V7Y=*32hAyjK z{gzyuejKP&jD(hwIDpaHz2bUuMKNmga06rWn4QP)ef{C0d*gP+_p$0ElWsk?mo${L z)N6Q8(S$t}+e+0JCSQHFk>^rdqwZ672VU*QpBdd)JtQM%M0}2zkjdyXinf4OLy4iA zh^kVJKfOMi{0`l!NJ~m9X5p!rsQ6(Q(Qwl+^_s~nruLN)j~H`1M=x(Nr*zA(-ORBz zVUgrSveF9=J?qxYgg;7`kT}KjStbn_iM;8aD;xt55ZNcBJ)f}p%ochg{ z*FW`+9Te@iblL=)1j`&j&XULEBjrC1_9S}Eh)mB3lnbQs_r#|R)NQ&Ax;*~8lnx-Q z{H4ZI{PhM|kWT1qWAKLdBo9k;!7nBd{)_oB|LV)QevE$M?DA~%mlA%v0HuJnUm;Vu z)T7jF5+9!4Uc_BxW!DeeD2^qM66bsn%J&KS{dyqsEH;`nN?6BJyrp4lGPk<6di8r~ zMvd{=SNDpg_WK9zj7pnoAtRB%+`#rD*kk-GO>5qJlfxjpUyUbD?Y~^>AK!0QC3K(! z?%o;QbF5yq1a2oh_oP<@#P zm#BK2xtX)BXumitm@^%#e`k{jYnJACO24g9?L`@@7<(nxAh$1HB|jE-8@J+LchP_P zJuYKvGqRKA&zI};iOT#SpZj(j^P#>|hlztM35C`24xzi*E2mw{y{#!9yOYwgnAOS- ziL21Z!h4I0!Q@|usyC|X`SB7yZ-EcLeZfxFJ8Rbw=l9&gdO^=UCD0Y3=K%m<68;?s zfb1MH007a!PD|HQS6NBe!o`W*%+kf&irv@A^%)HSi24dYPo1nh%|O0Rj?Ny!zGC$M zKnOq2|C%}ILH~ewI*8HhDyxB{UEHleeC%B8-1OoYAP`8@-O^fELq_hO+n?{m=xsec zU4=O~e0+S^eR$Yi+-*3xgoK1RIJr5vx!Il(Y#x5jo@Tym&K?Z^>Eyrs$XIz;xZAmU z+POG`{`xgDck%KRqo@BH=wHV_c{;iNE0D9tKeKwykHgo@m4l0&ljC2WpErs==O`@g zZe`}_;;!Z5;wUclR|F8$$;`$|!^+IkPn6?-BK{dtl;batf8+I!r2o47ANKzrUr#&h z|5oPzApCdbe>47T71qv0Kq@*uMz>XS~2F&U8ZR#>=LapUuO0DzPOOP6 zSt$f%V&3o)5t~t}K?Z4^ngtuC_f-ZQQ+n9ZHIzr{QL|#zO-&wSss` z0Tuar%`AH9k~Nk{z+8<R#Q@h~U zLwl+d7Mae>VW=y5a5-1m^)4(@{rCAf@QbEGStu4-^V{3s%OiPW8H4@(kK4B?1a8~I z=`{+99JwvN6&L&IpC?PxwulssosI3Cjg5`-b5^DAcD6qX2nd+C*m^4a+dbTf$)Fb4 z+aMhACdtamzF+T+LVI6jcx#hIPA-BV9C(r^wj^%YP!15ymurt)j8ou)&0>hy6WG^4 zQ<=psr&Af$AW-G#imFQTr%6@g4KiZh0^8gI`;v)?mf)u#OuLc0YrP7CFHWtsb*`yr zJ(;9CVH2UqpB)#t588J^?59vS$C)v`MuxR36)**!n(E%pz-encq1VP1#eTD9A@w$6 zZ+-wVn;i8%dt5tPOqM{A=L4@kTh;A|7^}aK((BC+zTM79vnQQiH~FMz)E;Ef?bfi} z6WY-RyH5O~%rRfc?KsZ~wK!UA^n=mlU{EgKFWBT)={DMHJN=oi&{CBO*d`unBsv#b z6T4paSbdJizrJvmQos9$k8B*RMz7Ud^#0;xt#dOEzusFWo0r0Fj*{QWKfp*T^z8R{ z4po4Qx9A*%QntgziKZS`YYyg3@}~So;9$;)b5O17hj&0VbqeDK#h@Z%<^z7>piztU zk8BIy9r<)Rz}Qk+#KLalobhHRrE^Uyy2F%9e+;pa8;6Fb=0|YtO5P-0(mLV3948YQ zmhk{jpBV6yvg`Wh0?cP;ykL#AIbw-1wm-$qC;w{M2LqCszH@!cr#!RY&FEBVgklC! zU-W&*Cg_rOM{^z2hhQ*~?U>S?(HtJlMf{SYNWoTSU29$?P-aaL?Ti){jcDc< zR&#TUDA42ipQXcvOF9bb)+FD6SJuvF)v0AldB1P7XXMs*dNQCV8~w2twL1a+^7U0; zcGv_Q=f`c%XW3Sn6f;OdgY@4u@r!wuuZh)t>!vmU3uP}}%|Aq922Tla%+(q=hUfe3 zkbkXjrgggTsWxu+7d$t(7?Nwe5zTX{;^LA(M}AYuDu z_rVU^SKryI zN&Q%8beOvizPeh{q@lgLDW?(hM;F6$RDnW);J(2F`Pjrj?;S^|x18J^p0@T>Eg^oo zK()ZrSXO=HZRJa+* z{xPxGfJ#z!L$Y&@dh6|vK8ga~hx2s&E=&8XCR$qN^-F~JTU#AKKB|D@!>*!GO@$u;g8s%|V&bXf!UsGhvt1XcxaXc4`$k?_!1b{u1PQP?5Kp;}gewYq5TtJQ zJxi(8uPSnwWADhxp{lX2>*JC7R8>WYBOmuJF|n6H5pQz37E}{5;NrIt^6KLPLCd&v zeZw4BIb>t!$A=p8_rWmU&p^BcF#1lTZaHNH^RjbOs09uR;Oi3UT8<#yPrt0h7#h7S zdeji~_X+Y-tcZh5J@$1Nf^24u3t`!C+u8~45iZBQ@j~Jwx7SDNIzYTq+pk^+vo!!~ zmdugrnwm1XeciwT86+BQc|OF@5X6Eog22le9a(qx&k$urLchnm=#oChoJ+w-Ld@4= z_Ko_P=;+#-k(EOzst4geDgo7{W(f5N4Ms!$4f_h($<+^wjSiRv2~!~G=n;wWM_&=l7I?3i>bTmkO5sJ1<0>| z`dV?-Sbw;-Tzs7#7me?48wY%!VmT4s5;6^#d}UY5G5vToBCy&#di`8>iNbH>uqH)! zy6WUeGN}O}IjP<+sFegEgax;8)D@p;kbU21#xo&=2&~;spqa@Uetnw-cj()6d>;!O zd*r(_wt0>F>fLa?dxEV~iqb$&M}gZLJ89&hupv8<&p(2}YU0KF_*Cs2+BsiHro+oy zsN`8-j9`RGIkOXg>o=v|+X{NFt38p+4!21!x!L8he1}v|2>iUf5IZASgtOKg1zh-MJF!_Wf|q4;!6H2+ftAj%%xm+o3FflI zS+z9~hJe#uVhWE~hL?ypTH=B;FDZOv^YJ@2aU%gvBV)G5%Yy;)zK&i`_s2^EXX z7IdvW{QbL8(jT1yFG|ePpS~&Y?^mGQ4JuM4P6^S3%p_r?(EE*1(5`a6onddF1IK7ue7pc$jGQPHUQ-3(F_zRk#8?)rc_LGXsBy)3( z6p!QOuZk-9;_Ww8O{)r9HsMJ~SapO8Oy*upU(YrN4+z0Z1zQw9&zv>1?Q9w$pZu8W z9XH{iApUL`&dEya^?VkO&Ga!jxkBRc3O2lKw$;Y6g|J&oCo$6cEe4hN-6v*$DGSzT>er?lRF<5#u3#fKM7&RM zIJd2i;4Xe$oeB!SulMu2qSJpj*Tt$9(OQq(EQNU;bfDA>gdiYwwBq%ocQHyqG?C6p0nR2& zIp~u@*sBEaUvJ)uOTfo8_4Qkj)+BuY_+uJW1d<7GF)(a?UxkditaVWLT|ozw7?09K zHN}`JZB&VI6hF3yeepE>HZJ5ed+}?^+%#iVRpRji7dBR=o>o3hJo5XVVTKR2%ioRW zhK5=aYyRVgoO^BH(wFV2GS#)GK0?)IxkMVHgq3eidtZP8ZOZZ;19zA*`CgOpn8 zKM-s*G>v|Yl$bv^aFOnkaT0*o9Mlsym@EgnF?dtl|*0bldEpx0dkDec?YjnuB{ za5UWG&_I_R73A2G?og<~ps1fk@I`UiH&=CabuCd3B`u`p49tpGSMB09Sl;NmPMVSX zu6N#KyaxsEML8}DBy^00F(4J_9}YSZdUp|2WV!J?1rO&zOVlnMx1~%XA|EV{e?BVP z!t(DYCckH-3tEbMs@35Pnyj}=Y7m4>%50kzBUGrRoYpQ*epC!bC8o+t!c#>nk`l(E zE$g`5`9N@Sw*EFs1O~dx3^fR)5TGBeit^C=!HIu*&&L1C1Jm&f5fiG7xL0#U@4YaV z=GPM$97O|xX2P@E$KD{L(*v{#`Jc-#UZN3keH*VU_I-N1o+^X~;{xHXSTyjLnM6sG zCtShUaLO4{RJ^91E*%RYQb%q{O4M@*>LDrugXj3t&D7Ks8)QwT=b#$%vd*=0KVlFY z7155oLM#Yko&@H=&v+*lR;1M`7H~BU!pgz*lS=nSfz`0;H|z;&@Y9Ndo0vb>455%n zAy{Zs(Xsej_i52~lZ&EsIo#TreM_RFn!7n}Jqe22GFR2mNC}D1w#DcGOZmdYDFQbq zm?fvUel>Z;qm~@rKb((AAc8wplOPMcr8WR>B0}w-2C(acn$D{tCwN6pz6Oe>yJ(3P zU`Aa2XF)g*RXkTRh^=6gM#P(yTAPU=hJKNW3ZMEz_rsU33yY1{AZSsrB z5(2=()%GRe;3-bZ?y)D%&s4w4fb*RnCT6SP2xJ8=*9>?Ha~1&s*KGj04e>w_RsGExjWV+knQsKxV_ zEM8Ea9*~Es)Lr+CM{V5$QXOcz7=9gG1aHoWj7IJrBj*|nYd3E}wwv%2rY(0R5EhcD z>l*D>{4gtVw^yv0w4u;|M7+ICk|`TvhH;*-*y82DK@drs#Dc$6l@5_op!g~c1CFQ^zo3W0Xk!!+holiDK;xLj4GR(Tog(_diM+SW(gn4czbD6{$SXI&cykX^hpSi= z%$L5>s|9pU3iZlK^NWyy+U+6Pkf5AOjPyp(n|;WaU#=9W*c4j>qdkc}!5i8`5Z_Sw z_gGT);f4Fq)9l}dd}LUhpBO)Lw3Ui#ch!}V#?G|`-d_!y1pWSwn>_8Z%OZMbBy42Z zmKdnKI`3T70GxcN!%Gk~$8WkRL|x-(dHK$Q>89`}Io`D-y{BMR1^hwE^o7Mn^qj5& z@@88D4`ebS;Ok=-v;Wuf60}Q~9z_2(m!RqN$70j)?}{-vrgMvGHpOG)YSo0Vh+`QLRPGS9owXy4+LX##(; zJH}WU@&LbhM;3#ohDUQn9Oz~>VEER2O6YhNsb`}xs(WmVf)W_olSpOSxSeXaQT$u0xQvr0^_0rn#Q)f2&m)JDWE+;)Q0<3a3tQ1>E8{Rh{{C z$}gvP`af)?s=~}MyiVk(>n?*A%1x diff --git a/Keychain/Keychain_72x72.png b/Keychain/Keychain_72x72.png deleted file mode 100644 index ad12ceb07baf8421d355c05144ad4024887b890e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 10006 zcmaiZ1yo$kx@FTe?(WdIySux)y9L)EA!u;d;O+!(0t9ynghm1chu|LE!|>mC=gpfp zvu4g(bxxhHc73v|R%wienmigZF){!EKvPtZ(R%wT{F4yj-`={X5P1LqS<*pTT0>D< z8m!^zX6N8+`&NvW|JheZdkH@Z+RfiRjZFony(a#E1fCUEzyoQj* zu^9DiboyZAqo}N9aZx^nSuG-6Vrq=^Ys$#(uEjeco!9YRt>?Uq8g4A@w=FK&p9d~> z05qP%Km*H$OFtsmcIznS0Cw*f=H~A6 zQ~(^f+2)h`bj8jwT(Y=CXEB#R0Al)(V3#L)+=Jk|0)StI{Z1?>M$xJQYcb1V_h8KK z@dBd#V8zLtKB&4C?WY30Zb41tAP8x2`z#AXYv_{wF6Fe2^z_tlVej2T@6rZ&koJq{ z*oPj1UPmNM^G^4iBE+3MS;EM<5Ey zcfx)5-W(7ZA*j)=h%n|R3XrCTrEwMi01P}f#^gjE>*;z|m(t*s#P#9t{v!p7Nv!LZ ziX@fx-Ysg9jVEmh3sLDtxN|=cI~l>d2$?68jRVMHfkqm_?GC#R284$wV8VWeWm5n; zNPwCp#eThYLC#+=KA#-j0Y5`OOoPB@X?kK1s@)F3A{mL9L>!A*aVSh03 zN+fHN@yjr>r4}$rj1c{$B{c+aVTYw-k}*>y9;WH42$??B6iaJ}UQ>G$cOaU6dMrYi z2J^tbzyyY4WdY|b(S8A1LzWtaNfG4-CN^dK@bVA{`c}4-+VREE+Xe`>Nd5p=BFqQU z5GBSCVQ1tF5J@g%q>>G2V6Z5iQmD#+)v`Is=w&3|5)@KAc3|P7iY>DU@kfZZqYUG> ztn@4wtduzBv#hi9R0#I?>@c}QAHvG5=9?-E=xfD&kod526Ih4zERrmY8#9|=e_5Ug zlcJCI5&b504{9eg;d14z2en}=#&?Ds529_+UHEk|t>d1DVf1_bvHD2agB(m6Oumss zG15z)jAR6I3d5lM45o3W(ZM7}+(&!~#~R?#46Rc4ri#S$A2P9GY)bqk*`-KIr zTOqwUWw6rUisyEqX1_$gc4%p%Ua{O(%YbNvqHIn{hE=pxj#Z4+r{BE8nzUW1p{Z@y z>eUj5jkC1nl*CeV<^HqnEvhX-%eKoLWb*uFPjhL9!`BoC-PcIAw6?~(47;Se#JiC1 zTJQrL7Wdp*MCI{m@tyHWS3G;)pxe+Dz6J-g*Dl742PRjhj~P@Mb{Q}kNi{0EZu7YF z`86&z>OVOg=^QN`mmHtw*}fz|E1|vx(0p^A*PZ96qsESy5ABbRH-kr_M`^@4#684B z#Ja?pJR`hBIj%Y5IlDRgJfkh|j8MLUjCPIoznXDmWS>py*wI4b1dHqHPb*nx#LCvb zh}KzGK@99m)gV(irm1Yk{E}@ZZQ8z4>dNc}?B)%c=fz^0g>{8xz4E=r!QcC)!OIqL zlDYj=#j(Y`mIaojTh`PyDPLxoN{vc|M+B@}Jz_7!wvFi;WAYVK6%)o)wSWCw*Rkk; zwm?yx_TJI)eBtdJEoodeG^~|dC=whL8T(l3pZma!A{u89myf@OZ_aYcqRo2DLSe{g z2xs8Za@6=ZxIC2OWNIBa8tJ%g4VkJ~+xuEq&AQ>!dm1R5W7@ce->KFKy+yyJdZK&c zL=cVgi|R(d`{nJ!&>0>$k9B;o)jo9*zl}g2K;JZ{ShnC4O_gqpL_97-Ia`OqvOX()y0H;pCOl_wO^u3FYQmv7|Iwa@^Pc-m1+CL zP!zN1%m)1w{f4&GJF9cY^GY!xu^6!gF`OQso-cvy_m(ff7oW$qtHnS2kBd+0AOTP< z(gAWANDicjAcn$)gbnu|G}sT*-x)^1K5I^6@)I8@^(^fZA%et&Nyan}74&1udp^Mm?qOk1+2iT$tY5KBs^(!<)lrWHN_LW2_bH74a0ef$EZ9H{Um# zUxw~frzfYEGICeXRR3@YZ@F)olcKeZZDcm(7NzfIALJ?JknZ^IFn^|tQz9{wqQc;1 zXxEvQ_*dmdA)Y3e_LCtB#IbqZUf#CwyXGX;-t|t-j_U;3_|^DR5U(At?|b_mpTCjM z{k&&R=yeeb^(HId)O=0*JGO3mj+0!#E(%M3Cgdg(Y)Lj;W7mIb7HKy2SiFOr?~O=( zlhWMkW}PxdcOG`eb3R?OgVZ^$WKx;U+*nQgj{U7pyPA5uVHl|Yur_%ce%f7rTmIy` z>4WIIx^~!cWsq%UXtp$6ziC>xJ9$}h+19Cl(xYc->|uf7kYtn8!d2DWt<>NsKVNxN zb`(mSl(W};6wr2>zdX9K*t_8pJO`5iJB%Pkj!W7VJa(tyR43^&Y`MBsI|w~4IqK-O z4>k{$IaRnwfyzh7myZr4y`LBUxyWC|pUyXskUG+|?J?^1vUwvNfb->0gS+(GJxG93 z@Z$IAJ;iwes>qUmY+%hH{Y&9(>$Fj&NT( z+w2_3cY9@M$`oE+u3({W(52K!#6?^TL6nfbw^&EZ&TM{tWBvL>Xl8@i#W&CDmF}l! z-OMlc^@66tf%$>mr;#rS3*?;zpUqE#91g#pyL2DALtZ{_*CqDA1@1qZKC!Rgb_DJw zzUGs_#=$?HvGoMJnyrc+2Cl!%AXHu_FC8N2?aNBlPQrTEGEdNk$m zMEzbpqcB0-_aoBtr5~M(-QLDs_|+4akYUiA z;_W0#WuU47mUi>B1@p3TvT;#~A%nqS5lka&hG2$%jV0? z=H_Y7&M7D;$j-sV&c((0hG6ybclEaPV|DeS{tqSpQ;&?Tm$j#ZySIazEBGJ1mR4@> zy+x_0{xS5Q&%gb2asN+4u3rC+>McHYKTCIZPBsqq|J3|eQRFQ~A!$!rOK&$%9XB^; zG0A^O04us!+S_W`TH5%Fu>W_&zfFp;|KrDh@#|kf|D*E1$^U=;dOO(tFJ}HXhyN-0 zKRy0ODrBf->*ePB{vSTX__;*b{}18+B1Yt2W$K;|wr|w_s{-f0@&8r!-|+_jHv|7w z`2VEgKgfA&d@@65<}j)X=Vceh(U@nk~)4cKTHt3@#Z_$y&OHY6lo<8yCa!m z85FwDsZ{;+B|n=`OzcA3DQ?5=aj#3-L+tw_c_I+sfpB%YW`PRwLWmCOJW^5$P(?xR zs~)$sE%ItXL3);3D=rskL3i)V>xTI)DX!__a2<vP6*Yl*7!0q#Kgo@M3H|` z7%rx@e7NkDmz7m%G;;1HLzfR(a>mXX@i-oE=2KQtQl1E(*cH;!(P{AmiM9?=YWn5VReS48 zLuq{<*T?Hae6w6mYqjuUz*osLk4$Y^FwAJ>!1xi|NNMa``=hPkgb7 zi3#%Eo%=x|zWZl^0XGkE1b^Aj>1k=leTm)&eskjpnN}41!mMAn{J4^M`nW+6=q(1n zxYzS^7RL)Op%K4La+>fVosP6^(C2(MJRD`C&TKb~WI7$%0UK1>D$;E~F!9k$q2QfP zp`g85;h*T}Cv@_+Vb$_*mK_W?Z`|hkV+UpJ;n0q(ugH7Bywk^Jcqj(vN<;kW*Gwt* zz`($yX{T>+JoN5-qgQf7%4zEgn}|p;1M5f5NPNqZGu6Y;I4Ey#WM~MNgnhdxVY}l5 zExD0hDCoI;qt+0@=X179JG!w&7`6X;c=mCjyt`w;0rMv%?d<-=-PLh!S{kd^%k`Yg zfrjq>R6g_3a+A|Mw*;BkM*-H2h}h=K!c!k(`;htgn?o&=V?nq22a_;IUHQTFF3+19 zy(uMoVxcTfhuJcvLBs2c!H=!lm1?@bGVloS$XwePpPqtNR|Si3EL~u=Qn>B6#&LK+^Mj zk37+i7(jwwgO163SGUA4J=2~9LoEphjx+tgI5e0g`WaN;AR(z)&DTpuWl~d@s*EO* zZA5(-P9WjmGhkaBZBkc~hM~#fbNQY<_40DJ!7s+Ol|s4E@DKz)RSC@dQcFY|fgepX zL7J4JW8Cs?rbsS<7!9FaR6Jlife>IF2`SNP~U*h{ul1_XpH0m zl*~+$(lnhx5a>ZpLUNqs(_v$4dsE13f7|jFAU~L%`KkJCs0pC=JCszN8^~ANPuZQw z3`ToBXoeN^KA3K_9E`j{K}RYmae7=+2t~9ZgVU4xY)DwEF#XygB!2t;TTP*nz6_z!v&_D+;7922`(w=D!Lhjl|{q^1qmIVyyIJK ziw;aQQ1HYY++TC4C zf)$ss$Z_+I+5=Qn-lXlAv#Uv6H^ivnGN&0|yRhToVG&oYfo+j{B4oAP1Y+8k8+!2osJufOZ zba9FEvhsE`*J!abGwXk!_+D)$rOit#z%!&(_pN4Ty@*;qadHP>`GA=I)=#PkU+{c1 z*iLu$_Ua=dhzw0le+(@IxlbZH6}`fG?RRasO&)OS@RC8;Tb);GB$)bmYo>KoaizMc zN~qquCwsC9%ae+ItRj|ih7_sIRjA4c=XZomA<#)frzDQRicfO;v#i@Q7avtLcx{+Lp6MIiuDadz`fqEG`=W!Y(lvN&KE&~(f` zS6NA^z(#nJw=n)kCbmp<3b)VRWOgM-u69^h*l$Gig;s@{WK3oRW~3b0QC>+dG5^al z2`<%ma#5p@_y{B?8>X@<iMnke}kv2p>V<(+v(5)|OTYBGY^lz!@((5Mx$5O?hI2jkQAjMG%Q7UzvE$ZzOs8F_;v?#^;GpYYKf@PIUv2HMsE$y(We z6%-XyXzaT>#R3{=#yBcBlY^x^&jbQ)S^Arr(oPx!JP^j)r<`bP&#E1Fa$8-N6@G8N zufxYgVxV~BpUPZmsIJChb9N_u|7F3f zR+5)u<%nd3zo~pNr)dzSSY=Q$L;!Y#*{kNLFSw+7>h5XQdqkP)#cV4;L5YEM3AqBdrX#^YS(tT)(S)W@1H`QIQqsXCek)=v7ChxXnev6lsp}qv#w?k z&Pxpic8TZ=v=8&Y6Zl_Lt^>B7NZAmCH%VRPE0sBq@vE|ZsFM*!K;c^9X+Ap?-|UBLziX{yC0y>X&e+a%{-P4zsE~Q2}JHzy@Ikh zl#&*YhJ$h>ZB_$J-X^!|)SR;l0>C+@3I+0)_IDxynsfeAvR7#~XSc zk1i%BCz(_VxGeer4U#p!ERlCOaJ`bB;ALIcy9B+Lnr*c)UBp!w!>kdutv;iZ-&HZw zB5>FBZ-hd9$C)^-HhKa($0omHpRTk;b?~HW3N^ohq8qxr$j-c%B^Zj}8QuAiRPi1mW8Dlw_S zl$cHsh+CC;FA>hlz)6@FgHEY)%(8GEY}RBYD~7O2D`o~eBPBHeq6J#{ji2cEcZ4P} zaE>OC;gBpeWa^<%NSf>khc!Dbvca8uZmoF>L{T|S=LO!$vgo-n%e{m^7>Y{vQ;hsd ztVa`}mUO(6E!o_$OLarFkK0~m=yF~H&#Jq$yYiTjm-{9A!rhYB2=<=+Il znZ$y|0Zdr7@D|5(G5j$6xiX{&xefp#Wto!JQF1T7LU+x*4Yb*9qvs|`{O|pQ9}Qlr zjby#?UYQN`&GU8w=puth9=UA)XOs1)mgSO4divEqR5}j#A9laMMTKW&Ijb*cwSYEB z2lUAaB>H3jB4IaX|hei&3 zbPz0G1}@;FJx(1w{5H8KnG9l6H z%};mRYs9nkX39y6fPUW;2#B#iHGU1bUUSAjf}HImHQ9tvMHmV}9(W>ul2GdX{ey{E zYuvBc6b9yDi!7Kix{Yay8r9nIgLT8LpK)=@xGYS1c6N5pVSV?fuacpTLA2dR$(Z@r zG8tvK`C{*tLQdqRAyRbe1uUwf2#2Z{N?{zwlguj;UBX4^`+!8Ef;u@QiC;yO$>qiY z05X+NLg^M31n!eMRXE0~armsL*sMius0iPIJu`@Ucpf`WAKm|cG@=vxyfqq5Kd&61MQ19#q9_oLOZ1F`xH$;CUn^P-luOgi_N>`(U2;NJnAN4|HV?2$o@#>r0u! z0!g(}0pwR-nC`z6N#~-QM6iY+lhYS#|7cvL&L^uXmTN0<`O=C}nwZ6B0q`}$YXAWI zFXd@>iUi!foNj3LMDq`qi@V`5?1D|! zgW3$-LhgUl7x$?tIS zE5Ot5Lkq(y)C!*YTitf*{7ee9+(Q0vJ+SB;I!qb}hiIVPaP=e1=JGgL!Ha*ho6385 z+xD(8i0ViN`Na$!%vWThla+ny+6lKwpW`fxa)ER38sth6rQ_oxywmN9IyJ~-F>HoE z8^G$?0Iq90>>c8_IL}B~E`x$*2Y2KZ*!`Q=@qdtnOsjLaDvnnyqZ;o`E#fts0@R;*N-BG`}AaG1$=F)r@ zzm?g$uer*2;cR|v1iZ^aoGGzY=Jwp~7=$*Ao?wWzM?rrEc@Nu(vaJJX3gL|h-bf*38}#f*e2utm5{Yp`bvDL zms?2D>qP?tA^WiX?AQx0rbS$n5f+7eFY_liR(Aj1Pus|mIBY}XQ6@zL@*(YgHx1&( z))*1Yeixz_3EEV#trcm-R#x~ooP4O9R(z^7Qi))1@d`$WjzS9B=L>bLt(f-%6)3HnPy z@V(e&W%BvkP8`wu5^l&sNUOjumAhg6w8@(q8L!h1~z=?2VD!Cm3b@e8p>F~c2$S0a; z-}^BF@i15=QQ|l@`QnF)*-L99eejWiMy@Z9I%8{dk?2F+eqQ`aaNmtS<=G<7>Ecne z2O6o&lqDkdHs_y|=K)ykVK{DM7g42BlwLFM-=jXix0A%pl4|>olfifk+T-8HeqID| zmj>FCPDD44y6G=smP8?8!C((l)ME7vLXq^yG-JU(Wx{7OX~&^(?m#DB zwN8dK0sUZ|+1A3e=`s48Ua1fyf8f$A<3^G(Q2rv-uqD@yWt8<6ndmpXp55|DCk=O; zXi1j}@Tc(0iXR0oHkd>2lkk)B25yGSSUY5ex zptKby;v^D(i<&bd@Ra+iJgfnuV5e?G`zWQso4q3sJ|^U{LF{%ADwgY|RRFY7)d!N& zm*Fx!^7RROUXNh~Sz3jDFAsb=ZCl~|7L+%p>{jz+zAgJc7|5G~<1?N8>8s|ZAa|W) z>QrcFFrxT|k0qeROn=yv-#=#HSG|6N8Kp+{Ya|7YBJsHd`SQTm55jqpALcyaKDodk zDuwTqK*sGSFv0o*9xOvpTr)wx1C8Gu?~hIHXVzYe(Syt1S>A?1{k24Zh*V7P3AJ$0 zDWc7NF9JyM$OxjBeK&{qDNWN!ljc#lSytq%SV2q+zc#_Z9Sq(-AamN6JNHi zqH0GxL~&$~q$9oi-AwZ-Ij|_|)Cqi59@*yf+B<`gP5ZG#OE~I8EFOiWi1rEOLk~(7 zg)oP@P+iWkhn!GGA^#r(RRww{gBaqI04#OedjNCAbY=es5wVZD4_}D_DeX|$V0YML z+w~*G@W89>h}AxxlrU-fp^vjUW>>@f-`)wB@mKpC@`=3j4?z@-zQBJb6^8dBKGsrp z-^OJj#SYEjM^R~bVhf>p-Nw-|;Ip5~v$p^&OReeDc8|Nm&JOvhSQ>1tBT9x1X~w=? zLP40EKl6z$N0&@eg;7iA8*$i{cl^Cj7OB*}E+Xo?Q6 z;B4%F4>}q{xiDhX;g1lJDJgEz)7AA_6sXc0bFkf|_->Rwfd zXPWxJ4SZwv2>@=)+9VatF54*&kOVm{tPGL{MAdizhjC zh|uNLKY_BfQ`M0_{+2>-?t7k4H)=>nEGT7f(OE^s^k1?*>%VIDE3@*GlK(s%(O{Sz zy9u-;%4@JnW}>YmB(a|oEsxcPA}^;U($;Qsg>&HO&f}30V{7@JeXL({g=kB)7};Os zpmm07x@r9V$(wk23rv>%642XSZEWuzpIP*2hn1OcFFIRgzo3W{bU{qo z6LlK0c=9Xi{8y9p!y_6=p7m%_FxtNAMJb_CGs)j1PC4_yraMBgHQ<0Il!{^X2}F1Y zGv7L~$z%0=e_`6>7R!oF5_Lv1!QftO;cc7rJ$x0T2d7P^pSr#u z@Ntm+J<(TTqqalN-aR)C#qOmnHz%Z;2@t<`{wqRd=ZspoJG0 - -extern const NSString *kItemPasswordKey; -extern const NSString *kItemAccountKey; -extern const NSString *kItemNameKey; - -@interface MyKeychain : NSObject -+ (MyKeychain *) sharedInstance; -- (void) setPassword: (NSString *) password; -- (NSString *) fetchPassword; -- (void)setItem:(NSDictionary *)newItem; -- (NSMutableArray *) fetchDictionaryWithQuery:(NSMutableDictionary *)query; -- (NSMutableArray *) fetchDictionaryAll; - -- (void)setPasswordFull:(NSString *)account service:(NSString *)service password:(NSString *) thePassword; -- (void)clearAllKeychainItems; - -@end diff --git a/Keychain/MyKeychain.m b/Keychain/MyKeychain.m deleted file mode 100644 index 347a2bc1..00000000 --- a/Keychain/MyKeychain.m +++ /dev/null @@ -1,347 +0,0 @@ -// -// MyKeychain.m -// KCSync -// -// Created by John Hurley on 10/3/12. -// Copyright (c) 2012 john. All rights reserved. -// - -#import "MyKeychain.h" -#import -#import -#import - -const NSString *kItemPasswordKey = @"ItemPasswordKey"; -const NSString *kItemAccountKey = @"ItemAccountKey"; -const NSString *kItemNameKey = @"ItemNameKey"; - -#define KCSCOPE "mykeychain" - -// secdebug(KCSCOPE, - -@implementation MyKeychain - -static MyKeychain *sharedInstance = nil; - -+ (MyKeychain *) sharedInstance -{ - if (!sharedInstance) - sharedInstance = [[self alloc] init]; - - return sharedInstance; -} - -// Translate status messages into return strings -- (NSString *) fetchStatus : (OSStatus) status -{ - switch (status) - { - case 0: - return(@"Success!"); - case errSecNotAvailable: - return(@"No trust results are available.!"); - case errSecItemNotFound: - return(@"The item cannot be found."); - case errSecParam: - return(@"Parameter error."); - case errSecAllocate: - return(@"Memory allocation error. Failed to allocate memory."); - case errSecInteractionNotAllowed: - return(@"User interaction is not allowed."); - case errSecUnimplemented: - return(@"Function is not implemented"); - case errSecDuplicateItem: - return(@"The item already exists."); - case errSecDecode: - return(@"Unable to decode the provided data."); - - default: - return([NSString stringWithFormat:@"Function returned: %ld", (long)status]); - break; - } - return @"can't happen..."; -} - -#define ACCOUNT @"Keychain Sync Test Account" -#define SERVICE @"Keychain Sync Test Service" -#define PWKEY @"Keychain Sync Test Password Data" - -// Return a base dictionary -- (NSMutableDictionary *) baseDictionary -{ - NSMutableDictionary *md = [[NSMutableDictionary alloc] init]; - - // Password identification keys - NSData *identifier = [PWKEY dataUsingEncoding:NSUTF8StringEncoding]; - [md setObject:identifier forKey:(__bridge id)kSecAttrGeneric]; - [md setObject:ACCOUNT forKey:(__bridge id)kSecAttrAccount]; - [md setObject:SERVICE forKey:(__bridge id)kSecAttrService]; - [md setObject:(__bridge id)kSecClassGenericPassword forKey:(__bridge id)kSecClass]; - [md setObject:(__bridge id)kCFBooleanTrue forKey:(__bridge id)kSecAttrSynchronizable]; - - return md; -} - -// Return a keychain-style dictionary populated with the password -- (NSMutableDictionary *) buildDictForPassword:(NSString *) password -{ - NSMutableDictionary *passwordDict = [self baseDictionary]; - - // Add the password - NSData *passwordData = [password dataUsingEncoding:NSUTF8StringEncoding]; - [passwordDict setObject:passwordData forKey:(__bridge id)kSecValueData]; // password - - return passwordDict; -} - -// Build a search query based -- (NSMutableDictionary *) buildSearchQuery -{ - NSMutableDictionary *genericPasswordQuery = [self baseDictionary]; - - // Add the search constraints - [genericPasswordQuery setObject:(__bridge id)kSecMatchLimitOne forKey:(__bridge id)kSecMatchLimit]; - [genericPasswordQuery setObject:(__bridge id)kCFBooleanTrue - forKey:(__bridge id)kSecReturnAttributes]; - [genericPasswordQuery setObject:(__bridge id)kCFBooleanTrue - forKey:(__bridge id)kSecReturnData]; - - return genericPasswordQuery; -} - -// retrieve data dictionary from the keychain -- (NSMutableArray *) fetchDictionaryWithQuery:(NSMutableDictionary *)query -{ - NSMutableDictionary *genericPasswordQuery = query; - -// secerror("Query: %@", query); - CFTypeRef cfresult = nil; - OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)genericPasswordQuery, &cfresult); - -// secerror( "FETCH: %s\n", [[self fetchStatus:status] UTF8String]); - - if (status == errSecItemNotFound) - return NULL; - - if (CFGetTypeID(cfresult) == CFArrayGetTypeID()) - { - NSMutableArray *result = [NSMutableArray arrayWithCapacity:0]; - [result addObjectsFromArray:CFBridgingRelease(cfresult)]; - return result; - } - - // If it is a single result, embed it in an array because callers expect it - if (CFGetTypeID(cfresult) == CFDictionaryGetTypeID()) - return [NSMutableArray arrayWithObject:CFBridgingRelease(cfresult)]; - - return NULL; -} - -- (NSMutableArray *)fetchDictionary -{ - return [self fetchDictionaryWithQuery:[self buildSearchQuery]]; -} - -// create a new keychain entry -- (BOOL) createKeychainValue:(NSString *) password -{ - NSMutableDictionary *md = [self buildDictForPassword:password]; - OSStatus status = SecItemAdd((__bridge CFDictionaryRef)md, NULL); - - secerror( "CREATE: %s\n", [[self fetchStatus:status] UTF8String]); - - if (status == errSecSuccess) return YES; else return NO; -} - -// remove a keychain entry -- (void) clearKeychain -{ - NSMutableDictionary *genericPasswordQuery = [self baseDictionary]; - - OSStatus status = SecItemDelete((__bridge CFDictionaryRef) genericPasswordQuery); - secerror( "DELETE: %s\n", [[self fetchStatus:status] UTF8String]); -} - -// update a keychain entry -- (BOOL) updateKeychainValue:(NSString *)password -{ - NSMutableDictionary *genericPasswordQuery = [self baseDictionary]; - - NSMutableDictionary *attributesToUpdate = [[NSMutableDictionary alloc] init]; - NSData *passwordData = [password dataUsingEncoding:NSUTF8StringEncoding]; - [attributesToUpdate setObject:passwordData forKey:(__bridge id)kSecValueData]; - - OSStatus status = SecItemUpdate((__bridge CFDictionaryRef)genericPasswordQuery, (__bridge CFDictionaryRef)attributesToUpdate); - secerror( "UPDATE: %s\n", [[self fetchStatus:status] UTF8String]); - - if (status == 0) return YES; else return NO; -} - -// fetch a keychain value -- (NSString *) fetchPassword -{ - NSMutableArray *allItems = [self fetchDictionary]; - if (!allItems) - return NULL; - - // This is used for a single item, so take first item in array - NSData *passData = [allItems[0] objectForKey:(__bridge id)kSecValueData]; - if (passData) - return [[NSString alloc] initWithData:passData encoding:NSUTF8StringEncoding]; - - return NULL; -} - -- (void)setPassword: (NSString *) thePassword -{ - if (![self createKeychainValue:thePassword]) - [self updateKeychainValue:thePassword]; -} - -- (void)setItem:(NSDictionary *)newItem -{ - OSStatus status = errSecSuccess; - NSMutableDictionary *passwordDict = [self baseDictionary]; - - // Add the password - NSData *passwordData = [[newItem objectForKey:kItemPasswordKey] dataUsingEncoding:NSUTF8StringEncoding]; - [passwordDict setObject:passwordData forKey:(__bridge id)kSecValueData]; // password - - [passwordDict setObject:[newItem objectForKey:kItemAccountKey] forKey:(__bridge id)kSecAttrAccount]; - [passwordDict setObject:[newItem objectForKey:kItemNameKey] forKey:(__bridge id)kSecAttrService]; - - // Try to add first; if error, then try to update - status = SecItemAdd((__bridge CFDictionaryRef)passwordDict, NULL); - secerror( "SecItemAdd result: %@ (%ld)", [self fetchStatus:status], (long)status); - NSLog(@"SecItemAdd result: %@ (%ld)", [self fetchStatus:status], (long)status); - - if (status) - { - // Try update - // We only want to update the password data, so delete the other keys - -// NSArray *keysToRemove = [NSArray arrayWithObjects:kItemAccountKey, kItemNameKey, nil]; - [passwordDict removeObjectsForKeys:@[(__bridge id)kSecValueData]]; - - NSDictionary *itemsToUpdate = @{ (__bridge id)kSecValueData : passwordData }; -// [genericPasswordQuery setObject:[newItem objectForKey:kItemAccountKey] forKey:(__bridge id)kSecAttrAccount]; -// [genericPasswordQuery setObject:[newItem objectForKey:kItemNameKey] forKey:(__bridge id)kSecAttrService]; - status = SecItemUpdate((__bridge CFDictionaryRef)passwordDict, (__bridge CFDictionaryRef)(itemsToUpdate)); - secerror( "SecItemUpdate result: %@ (%ld)", [self fetchStatus:status], (long)status); - NSLog(@"SecItemUpdate result: %@ (%ld)", [self fetchStatus:status], (long)status); - } -} - -- (NSMutableArray *)fetchDictionaryAll -{ - NSMutableDictionary *query = [[NSMutableDictionary alloc] init]; - [query setObject:(__bridge id)kSecClassGenericPassword forKey:(__bridge id)kSecClass]; - [query setObject:(__bridge id)kCFBooleanTrue forKey:(__bridge id)kSecAttrSynchronizable]; - - // Add the search constraints - [query setObject:(__bridge id)kSecMatchLimitAll forKey:(__bridge id)kSecMatchLimit]; - [query setObject:(__bridge id)kCFBooleanTrue - forKey:(__bridge id)kSecReturnAttributes]; - [query setObject:(__bridge id)kCFBooleanTrue - forKey:(__bridge id)kSecReturnData]; - - NSMutableArray *genericItems = [self fetchDictionaryWithQuery:query]; - - // Now look for internet items - [query setObject:(__bridge id)kSecClassInternetPassword forKey:(__bridge id)kSecClass]; - NSMutableArray *internetItems = [self fetchDictionaryWithQuery:query]; - if (internetItems) - [genericItems addObjectsFromArray:internetItems]; - return genericItems; -} - -// MARK: ----- Full routines ----- - -// Return a base dictionary -- (NSMutableDictionary *) baseDictionaryFull:(NSString *)account service:(NSString *)service -{ - NSMutableDictionary *md = [[NSMutableDictionary alloc] init]; - - // Password identification keys - NSData *identifier = [PWKEY dataUsingEncoding:NSUTF8StringEncoding]; - [md setObject:identifier forKey:(__bridge id)kSecAttrGeneric]; - [md setObject:account forKey:(__bridge id)kSecAttrAccount]; - [md setObject:service forKey:(__bridge id)kSecAttrService]; - [md setObject:(__bridge id)kSecClassGenericPassword forKey:(__bridge id)kSecClass]; - [md setObject:(__bridge id)kCFBooleanTrue forKey:(__bridge id)kSecAttrSynchronizable]; - -// return [md autorelease]; - return md; -} - -- (BOOL) createKeychainValueFull:(NSString *)account service:(NSString *)service password:(NSString *)password -{ - NSMutableDictionary *md = [self buildDictForPasswordFull:account service:service password:password]; - OSStatus status = SecItemAdd((__bridge CFDictionaryRef)md, NULL); - secerror( "CREATE: %s\n", [[self fetchStatus:status] UTF8String]); - - if (status == errSecSuccess) return YES; else return NO; -} - -- (BOOL) updateKeychainValueFull:(NSString *)account service:(NSString *)service password:(NSString *)password -{ - NSMutableDictionary *genericPasswordQuery = [self baseDictionaryFull:account service:service]; - - NSMutableDictionary *attributesToUpdate = [[NSMutableDictionary alloc] init]; - NSData *passwordData = [password dataUsingEncoding:NSUTF8StringEncoding]; - [attributesToUpdate setObject:passwordData forKey:(__bridge id)kSecValueData]; - - OSStatus status = SecItemUpdate((__bridge CFDictionaryRef)genericPasswordQuery, (__bridge CFDictionaryRef)attributesToUpdate); - secerror( "UPDATE: %s\n", [[self fetchStatus:status] UTF8String]); - - if (status == 0) return YES; else return NO; -} - -- (void)setPasswordFull:(NSString *)account service:(NSString *)service password:(NSString *) thePassword -{ - secerror( "setPasswordFull account: %@, service: %@, password: %@", account, service, thePassword); - if (![self createKeychainValueFull:account service:service password:thePassword]) - [self updateKeychainValueFull:account service:service password:thePassword]; -} - -// Return a keychain-style dictionary populated with the password -- (NSMutableDictionary *) buildDictForPasswordFull:(NSString *)account service:(NSString *)service password:(NSString *)password -{ - NSMutableDictionary *passwordDict = [self baseDictionaryFull:account service:service]; - - // Add the password - NSData *passwordData = [password dataUsingEncoding:NSUTF8StringEncoding]; - [passwordDict setObject:passwordData forKey:(__bridge id)kSecValueData]; // password - - return passwordDict; -} - -- (void)clearAllKeychainItems -{ - CFIndex ix, top; - OSStatus status = errSecSuccess; - - NSArray *allItems = (NSArray *)[[MyKeychain sharedInstance] fetchDictionaryAll]; - top = [allItems count]; - secerror( "Deleting %ld items", (long)top); - - for (ix=0; ix - -@interface NewPasswordViewController : UIViewController -{ - dispatch_group_t dgroup; - dispatch_queue_t xpc_queue; -} -@property (weak, nonatomic) IBOutlet UITextField *itemName; -@property (weak, nonatomic) IBOutlet UITextField *itemAccount; -@property (weak, nonatomic) IBOutlet UITextField *itemPassword; - -@end diff --git a/Keychain/NewPasswordViewController.m b/Keychain/NewPasswordViewController.m deleted file mode 100644 index 28e6376e..00000000 --- a/Keychain/NewPasswordViewController.m +++ /dev/null @@ -1,62 +0,0 @@ -// -// NewPasswordViewController.m -// Security -// -// Created by john on 10/24/12. -// -// - -#import "NewPasswordViewController.h" -#import "MyKeychain.h" -//#import -#import -#import -#include "utilities.h" - -static const CFStringRef kAddItemKeyX = CFSTR("AddItem"); - - -@interface NewPasswordViewController () - -@end - -@implementation NewPasswordViewController - -- (void)viewDidLoad -{ - NSLog(@"NewPasswordViewController:viewDidLoad"); - [super viewDidLoad]; - - dgroup = dispatch_group_create(); - xpc_queue = dispatch_queue_create("NewPasswordViewController", DISPATCH_QUEUE_CONCURRENT); - // Uncomment the following line to preserve selection between presentations. - // self.clearsSelectionOnViewWillAppear = NO; - - // Uncomment the following line to display an Edit button in the navigation bar for this view controller. - // self.navigationItem.rightBarButtonItem = self.editButtonItem; -} - -- (void)didReceiveMemoryWarning -{ - [super didReceiveMemoryWarning]; - // Dispose of any resources that can be recreated. -} - -- (void)postToCloud:(NSDictionary *)kcitem -{ - CFErrorRef error = NULL; - testPutObjectInCloud(kAddItemKeyX, (__bridge CFTypeRef)(kcitem), &error, dgroup, xpc_queue); - NSLog(@"Sent new item to cloud: %@", kcitem); -} - -- (IBAction)handleNewPasswordDone:(id)sender -{ - // [self performSegueWithIdentifier: @"SegueToScene1" sender: self]; - NSLog(@"NewPasswordViewController:handleAddButton"); - - [[MyKeychain sharedInstance] setPasswordFull:[_itemAccount text] service:[_itemName text] password:[_itemPassword text]]; - - [self performSegueWithIdentifier:@"AllItemsSegue" sender:self]; -} - -@end diff --git a/Keychain/PeerListCell.h b/Keychain/PeerListCell.h deleted file mode 100644 index 2eb5b15e..00000000 --- a/Keychain/PeerListCell.h +++ /dev/null @@ -1,16 +0,0 @@ -// -// PeerListCell.h -// Security -// -// Created by Mitch Adler on 12/4/12. -// -// - -#import - -@interface PeerListCell : UITableViewCell - -@property (weak, nonatomic) IBOutlet UILabel *peerName; -@property (weak, nonatomic) IBOutlet UILabel *peerCircle; - -@end diff --git a/Keychain/PeerListCell.m b/Keychain/PeerListCell.m deleted file mode 100644 index bfbf7dbd..00000000 --- a/Keychain/PeerListCell.m +++ /dev/null @@ -1,34 +0,0 @@ -// -// PeerListCell.m -// Security -// -// Created by Mitch Adler on 12/4/12. -// -// - -#import "PeerListCell.h" - -@implementation PeerListCell - -- (id)initWithStyle:(UITableViewCellStyle)style reuseIdentifier:(NSString *)reuseIdentifier -{ - self = [super initWithStyle:style reuseIdentifier:reuseIdentifier]; - if (self) { - // Initialization code - } - return self; -} - -- (void)setSelected:(BOOL)selected animated:(BOOL)animated -{ - [super setSelected:selected animated:animated]; - - // Configure the view for the selected state -} - -+ (NSString *)reuseIdentifier -{ - return @"PeerTableCell"; -} - -@end diff --git a/Keychain/SyncViewController.h b/Keychain/SyncViewController.h deleted file mode 100644 index 3bbaa14f..00000000 --- a/Keychain/SyncViewController.h +++ /dev/null @@ -1,34 +0,0 @@ -// -// SyncViewController.h -// Keychain -// -// Created by john on 10/22/12. -// - -#import -#import -#import "CircleStatusView.h" - -@interface SyncViewController : UIViewController { - int notificationToken; - int notificationCount; -} -@property (weak, nonatomic) IBOutlet UILabel *statusMessage; -@property (weak, nonatomic) IBOutlet UISwitch *syncingEnabled; -@property (weak, nonatomic) IBOutlet UIProgressView *circleProgress; -@property (weak, nonatomic) IBOutlet UILabel *circleStatus; -@property (weak, nonatomic) IBOutlet UILabel *updateCount; -@property (weak, nonatomic) IBOutlet UILabel *peerCount; -@property (weak, nonatomic) IBOutlet UILabel *applicantCount; -@property (weak, nonatomic) IBOutlet UITableView *peerList; -@property (weak, nonatomic) IBOutlet UITableView *applicantList; -@property (weak, nonatomic) IBOutlet UILabel *stateChanged; -@property (weak, nonatomic) IBOutlet UIButton *acceptButton; -@property (weak, nonatomic) IBOutlet CircleStatusView *stateChangedC; - -- (void)flashChangeLight; -- (void)setStatus:(NSString *)message; -- (void)updateSyncingEnabledSwitch; -+ (void)requestToJoinCircle; - -@end diff --git a/Keychain/SyncViewController.m b/Keychain/SyncViewController.m deleted file mode 100644 index e354d219..00000000 --- a/Keychain/SyncViewController.m +++ /dev/null @@ -1,252 +0,0 @@ -// -// SyncViewController.m -// Keychain -// -// Created by john on 10/22/12. -// -// - -#import "SyncViewController.h" -#import "MyKeychain.h" - -#import -#import -#import -#import -#import - -#import -#import - -#import -#import -#import -#import "PeerListCell.h" -#import - -__unused static const uint64_t maxTimeToWaitInSeconds = 30ull * NSEC_PER_SEC; - -@interface SyncViewController () -@end - -@implementation SyncViewController - -- (void)viewDidLoad -{ - [super viewDidLoad]; - // Do any additional setup after loading the view, typically from a nib. - [self setStatus:@"Idle…"]; - [self updateSyncingEnabledSwitch]; - - notify_register_dispatch(kSOSCCCircleChangedNotification, ¬ificationToken, - dispatch_get_main_queue(), - ^(int tokenx __unused) { - notificationCount++; - [self setStatus:@"Got circle changed notification."]; - [self flashChangeLight]; - [self updateSyncingEnabledSwitch]; - [self updateMemberCounts]; - [_peerList reloadData]; - [_applicantList reloadData]; - }); - [_acceptButton setEnabled:NO]; - - [self updateStatusCircleColor]; - -// _stateChangedC.color = [UIColor redColor]; -// [_stateChangedC setNeedsDisplay]; -} - -- (void)didReceiveMemoryWarning -{ - [super didReceiveMemoryWarning]; - // Dispose of any resources that can be recreated. -} - -- (void)updateSyncingEnabledSwitch -{ - // Set the visual state of switch based on membership in circle - CFErrorRef error = NULL; - SOSCCStatus ccstatus = SOSCCThisDeviceIsInCircle(&error); - BOOL switchIsOn = (ccstatus == kSOSCCInCircle || ccstatus == kSOSCCRequestPending); - [_syncingEnabled setOn:switchIsOn animated:NO]; - - CFStringRef circleStatusStr = SOSCCGetStatusDescription(ccstatus); - [_circleStatus setText:CFBridgingRelease(circleStatusStr)]; - [_updateCount setText:[NSString stringWithFormat:@"%d", notificationCount]]; - - // TODO: Maybe update spinny for pending?!? - - NSLog(@"ccstatus: %@ (%d), error: %@", SOSCCGetStatusDescription(ccstatus), ccstatus, error); -} - -- (void)updateStatusCircleColor -{ - switch (SOSCCThisDeviceIsInCircle(NULL)) - { - case kSOSCCInCircle: - _stateChangedC.color = [UIColor greenColor]; - break; - case kSOSCCRequestPending: - _stateChangedC.color = [UIColor yellowColor]; - break; - default: - _stateChangedC.color = [UIColor redColor]; - break; - } - [_stateChangedC setNeedsDisplay]; -} - -- (void)updateMemberCounts -{ - CFArrayRef foundApplicants = SOSCCCopyApplicantPeerInfo(NULL); - CFIndex applicantCount = foundApplicants ? CFArrayGetCount(foundApplicants) : -1; - [_applicantCount setText:[NSString stringWithFormat:@"%ld", (long)applicantCount]]; - - CFArrayRef foundPeers = SOSCCCopyPeerPeerInfo(NULL); - CFIndex peerCount = foundPeers ? CFArrayGetCount(foundPeers) : -1; - [_peerCount setText:[NSString stringWithFormat:@"%ld", (long)peerCount]]; - - [_acceptButton setEnabled:(applicantCount > 0)? YES: NO]; - - [self updateStatusCircleColor]; - - CFReleaseSafe(foundApplicants); - CFReleaseSafe(foundPeers); -} - -+ (void)requestToJoinCircle -{ - // Set the visual state of switch based on membership in circle - bool bx = true; - CFErrorRef error = NULL; - SOSCCStatus ccstatus = SOSCCThisDeviceIsInCircle(&error); - - switch (ccstatus) { - case kSOSCCCircleAbsent: - bx = SOSCCResetToOffering(&error); - break; - case kSOSCCNotInCircle: - bx = SOSCCRequestToJoinCircle(&error); - if (bx) { - CFMutableSetRef viewsToEnable = CFSetCreateMutable(NULL, 0, NULL); - CFMutableSetRef viewsToDisable = CFSetCreateMutable(NULL, 0, NULL); - CFSetAddValue(viewsToEnable, (void*)kSOSViewWiFi); - CFSetAddValue(viewsToEnable, (void*)kSOSViewAutofillPasswords); - CFSetAddValue(viewsToEnable, (void*)kSOSViewSafariCreditCards); - CFSetAddValue(viewsToEnable, (void*)kSOSViewOtherSyncable); - - bx = SOSCCViewSet(viewsToEnable, viewsToDisable); - CFRelease(viewsToEnable); - CFRelease(viewsToDisable); - } - break; - default: - NSLog(@"Request to join circle with bad status: %@ (%d)", SOSCCGetStatusDescription(ccstatus), ccstatus); - break; - } - if (!bx) - NSLog(@"requestToJoinCircle Error: %@", error); -} - -- (IBAction)acceptAllApplicants:(id)sender -{ - CFArrayRef applicants = SOSCCCopyApplicantPeerInfo(NULL); - if (applicants) { - SOSCCAcceptApplicants(applicants, NULL); - CFRelease(applicants); - } -} - -- (IBAction)handleEnableSyncing:(id)sender -{ - dispatch_queue_t workq = dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0); - if ([sender isOn]) // i.e. we are trying to turn on syncing - { - dispatch_async(workq, ^ { - NSLog(@"Keychain syncing is being turned ON"); - [[self class] requestToJoinCircle]; - }); - } - else - { - dispatch_async(workq, ^ { - NSLog(@"Keychain syncing is being turned OFF"); - CFErrorRef error = NULL; - bool bx = SOSCCRemoveThisDeviceFromCircle(&error); - if (!bx) - NSLog(@"SOSCCRemoveThisDeviceFromCircle: %@", error); - }); - } -} - -- (void)flashChangeLight -{ - CABasicAnimation *theAnimation = NULL; - - theAnimation=[CABasicAnimation animationWithKeyPath:@"opacity"]; - theAnimation.duration=0.75; - theAnimation.repeatCount=5; //HUGE_VALF; - theAnimation.autoreverses=YES; - theAnimation.fromValue=[NSNumber numberWithFloat:1.0]; - theAnimation.toValue=[NSNumber numberWithFloat:0.0]; - [_stateChangedC.layer addAnimation:theAnimation forKey:@"animateOpacity"]; -} - -- (void)setStatus:(NSString *)message -{ - NSLog(@"%@", message); - _statusMessage.text = message; -} - -// -// MARK: Table view handling -// -- (UITableViewCell *)tableView:(UITableView *)tableView cellForRowAtIndexPath:(NSIndexPath *)indexPath -{ - PeerListCell *cell = [tableView dequeueReusableCellWithIdentifier:@"PeerTableCell" forIndexPath:(NSIndexPath *)indexPath]; - if (cell == nil) - { - NSLog(@"cellForRowAtIndexPath : cell was nil"); - cell = [[PeerListCell alloc] initWithStyle:UITableViewCellStyleDefault reuseIdentifier:@"PeerTableCell"]; - } - - NSArray *list = NULL; - NSArray *hilighted = NULL; - if (tableView == _peerList) { - list = (__bridge_transfer NSArray*)SOSCCCopyPeerPeerInfo(NULL); - hilighted = (__bridge_transfer NSArray*)SOSCCCopyConcurringPeerPeerInfo(NULL); - } else { - list = (__bridge_transfer NSArray*)SOSCCCopyApplicantPeerInfo(NULL); - } - - if (list) { - cell.peerCircle.text = @"A"; - SOSPeerInfoRef pi = (__bridge SOSPeerInfoRef) list[[indexPath row]]; - if (pi) { - cell.peerName.text = (__bridge NSString*) SOSPeerInfoGetPeerName(pi); - if ([hilighted containsObject: (__bridge id)pi]) - cell.peerName.textColor = [UIColor greenColor]; - } - } else { - cell.peerName.text = @"Null List"; - } - - return cell; -} - -- (NSInteger)tableView:(UITableView *)tableView numberOfRowsInSection:(NSInteger)section -{ - NSArray* list = nil; - - if (tableView == _peerList) { - list = (__bridge_transfer NSArray*) SOSCCCopyPeerPeerInfo(NULL); - } else { - list = (__bridge_transfer NSArray*) SOSCCCopyApplicantPeerInfo(NULL); - } - - return [list count]; -} - -@end - diff --git a/Keychain/ToolsViewController.h b/Keychain/ToolsViewController.h deleted file mode 100644 index 68ec78a7..00000000 --- a/Keychain/ToolsViewController.h +++ /dev/null @@ -1,25 +0,0 @@ -// -// ToolsViewController.h -// Keychain -// -// Created by john on 10/22/12. -// -// - -#import -#import - -@interface ToolsViewController : UIViewController { - int notificationToken; - int notificationCount; -} -@property (weak, nonatomic) IBOutlet UIButton *autopopulateButton; -@property (weak, nonatomic) IBOutlet UIButton *clearButton; -@property (weak, nonatomic) IBOutlet UIButton *clearKVS; -@property (weak, nonatomic) IBOutlet UIButton *buttonC; -@property (weak, nonatomic) IBOutlet UILabel *kvsCleared; -@property (weak, nonatomic) IBOutlet UILabel *statusMessage; - -- (void)setStatus:(NSString *)message; - -@end diff --git a/Keychain/ToolsViewController.m b/Keychain/ToolsViewController.m deleted file mode 100644 index 9128d5da..00000000 --- a/Keychain/ToolsViewController.m +++ /dev/null @@ -1,179 +0,0 @@ -// -// ToolsViewController.m -// Keychain -// -// Created by john on 10/22/12. -// -// - -#import "ToolsViewController.h" -#import "MyKeychain.h" - -#include -#include -#include -#include -#include -//#include - -#include -#include - -#import -#include -#include -//#import "PeerListCell.h" - -static const uint64_t maxTimeToWaitInSeconds = 30ull * NSEC_PER_SEC; - -static bool testClearAll(void *sender) -{ - __block bool result = false; - dispatch_queue_t processQueue = dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0); - dispatch_semaphore_t waitSemaphore = dispatch_semaphore_create(0); - dispatch_time_t finishTime = dispatch_time(DISPATCH_TIME_NOW, maxTimeToWaitInSeconds); - - SOSCloudKeychainClearAll(processQueue, ^(CFDictionaryRef returnedValues, CFErrorRef error) - { - result = true; -// secerror("SOSCloudKeychainClearAll returned: %@", error); - dispatch_async(dispatch_get_main_queue(), - ^{ - NSLog(@"Updating because of notification"); - }); - - dispatch_semaphore_signal(waitSemaphore); - }); - - dispatch_semaphore_wait(waitSemaphore, finishTime); -//ARC dispatch_release(waitSemaphore); -// secerror("SOSCloudKeychainClearAll exit"); - return result; -} - -static void apply_block_1(const void *value, void *context) -{ - return ((__bridge void (^)(const void *value))context)(value); -} - -static inline void CFArrayForEach(CFArrayRef array, void (^operation)(const void *value)) { - CFArrayApplyFunction(array, CFRangeMake(0, CFArrayGetCount(array)), apply_block_1, (__bridge void *)(operation)); -} - -static void dumpCircleInfo() -{ - CFErrorRef error = NULL; - CFArrayRef applicantPeerInfos = NULL; - CFArrayRef peerInfos = NULL; - int idx; - - NSArray *ccmsgs = @[@"Error", @"InCircle", @"NotInCircle", @"RequestPending", @"CircleAbsent" ]; - - SOSCCStatus ccstatus = SOSCCThisDeviceIsInCircle(&error); - NSLog(@"ccstatus: %d, error: %@", ccstatus, error); - idx = ccstatus-kSOSCCError; - if (0<=idx && idx<(int)[ccmsgs count]) - NSLog(@"ccstatus: %d (%@)", ccstatus, ccmsgs[idx]); - - // Now look at current applicants - applicantPeerInfos = SOSCCCopyApplicantPeerInfo(&error); - if (applicantPeerInfos) - { - NSLog(@"Applicants: %ld, error: %@", (long)CFArrayGetCount(applicantPeerInfos), error); - CFArrayForEach(applicantPeerInfos, ^(const void *value) { - SOSPeerInfoRef peer = (SOSPeerInfoRef)value; - CFStringRef peerName = SOSPeerInfoGetPeerName(peer); - NSLog(@"Applicant: %@", peerName); - }); - } - else - NSLog(@"No applicants, error: %@", error); - - - peerInfos = SOSCCCopyPeerPeerInfo(&error); - if (peerInfos) - { - NSLog(@"Peers: %ld, error: %@", (long)CFArrayGetCount(peerInfos), error); - CFArrayForEach(peerInfos, ^(const void *value) { - SOSPeerInfoRef peer = (SOSPeerInfoRef)value; - CFStringRef peerName = SOSPeerInfoGetPeerName(peer); - NSLog(@"Peer: %@", peerName); - }); - } - else - NSLog(@"No peers, error: %@", error); -} - - -@interface ToolsViewController () -@end - -@implementation ToolsViewController - -- (void)viewDidLoad -{ - [super viewDidLoad]; - // Do any additional setup after loading the view, typically from a nib. - [self setStatus:@"Idle…"]; -} - -- (void)didReceiveMemoryWarning -{ - [super didReceiveMemoryWarning]; - // Dispose of any resources that can be recreated. -} - -- (void)addPasswordItem:(NSString *)account service:(NSString *)service password:(NSString *) thePassword -{ - [[MyKeychain sharedInstance] setPasswordFull:account service:service password:thePassword]; -} - -- (IBAction)handleAutoPopulate:(id)sender -{ - [self addPasswordItem:@"12345678" service:@"Evernote" password:@"fiord42/sate"]; - [self addPasswordItem:@"acct2433" service:@"SwissBank" password:@"nerd0)sorely"]; - [self addPasswordItem:@"QR49BZQ77" service:@"Wells Fargo" password:@"per1}bargirl"]; - [self addPasswordItem:@"03991993-9291" service:@"Bank of America" password:@"dabs35\angst"]; - [self addPasswordItem:@"followme" service:@"Twitter" password:@"mica86[board"]; - [self addPasswordItem:@"j18373@apple.com" service:@"Mail" password:@"macro13:VIII"]; - [self addPasswordItem:@"j18373" service:@"Facebook" password:@"vow5:karakul"]; - [self addPasswordItem:@"lonely22" service:@"G+Circles" password:@"vclub17'earls"]; - [self addPasswordItem:@"yoyo9182" service:@"Skype" password:@"Andy137#FAQs"]; - [self addPasswordItem:@"terminator3828" service:@"Blizzard" password:@"David95?hive"]; -} - -- (IBAction)handleClearKeychain:(id)sender -{ - NSLog(@"Clear All Keychain Items"); - [[MyKeychain sharedInstance] clearAllKeychainItems]; -} - -- (IBAction)handleClearKVS:(id)sender -{ - testClearAll((__bridge void *)(self)); -} - -- (IBAction)resetToEmpty:(id)sender -{ - SOSCCResetToEmpty(NULL); -} - -- (IBAction)handleDumpButton:(id)sender -{ - dumpCircleInfo(); -} - -- (IBAction)handleSync:(id)sender -{ - //SOSCCSyncWithAllPeers(); -} - -//bool -- (void)setStatus:(NSString *)message -{ - NSLog(@"%@", message); - _statusMessage.text = message; -} - -@end - diff --git a/Keychain/first.png b/Keychain/first.png deleted file mode 100644 index 9300ee2cd85a05d8ab3d300acc09c13829ccb5ce..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 253 zcmeAS@N?(olHy`uVBq!ia0vp^av;pY3?xs=ZJr3EI14-?iy0WWg+Z8+Vb&Z8prA^C zPl)UP|NntZ{NT8nT`EuocS(?6FasltZ*a@vB{%Q?+`Lrc8c;aH)5S4F;&O7r0@i?& zF{WoZ52n7mx3~H`AG5@C!zy!*9MOhPk>$<~3{&!XpXRp}%-pr`k1SV$-RV4u0*22w zAO2x6m@j;8KEt!(gFm@9e7bmb^TL_!dGfoeFWl{ZC|~k_Q9HX^MW7%9gZ;w7yrcIE Q^gxdFboFyt=akR{03BgY=Kufz diff --git a/Keychain/first@2x.png b/Keychain/first@2x.png deleted file mode 100644 index 374d78edd0e6d5db42b559bac2178edef037836a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 402 zcmeAS@N?(olHy`uVBq!ia0vp^HXzKw3=&b&bO2JE1s;*b3=CqbAk63)r1AkM=o;V? z;`;ype;|`WAeXrOCC~`5k|4ie21X_}K5=6c-?FCezLl$1U%LPN&9|Skp6V+DRb2FR zaSZV|{&t!t-(dwFhRxG9n7sM-Ke&3WQnRdOsQ#H+mQQxR%?IsgO#P;KeOB}J^*^WW zn#~dKvU&5>v!Xi!?i?%bXW@96u%f$_t!&|)uPtiNz4qKLWW4uxyKc$GyAh0z>RHi? zo?JOMgIVbMn$=FHmxgAuNz8E5cj=S)s26y^Y2l`4C#9y^`hQy?Q&Hsb^vq;qt?+p< z^QXJs7i0CAq7^vN;PmIOHOU=OL1sKI$sT45u8YIXzI2ur>+O#&*(9nR{qE3ar?Lw% i{+gxlr%3V4d&E5TcJ?AMtKADhA?WGq=d#Wzp$Pymd53oZ diff --git a/Keychain/main.m b/Keychain/main.m deleted file mode 100644 index c60e1380..00000000 --- a/Keychain/main.m +++ /dev/null @@ -1,18 +0,0 @@ -// -// main.m -// Keychain -// -// Created by john on 10/22/12. -// -// - -#import - -#import "AppDelegate.h" - -int main(int argc, char *argv[]) -{ - @autoreleasepool { - return UIApplicationMain(argc, argv, nil, NSStringFromClass([AppDelegate class])); - } -} diff --git a/Keychain/second.png b/Keychain/second.png deleted file mode 100644 index 1100b487f2ca4f4b885625ba575c842c210fb73c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 128 zcmeAS@N?(olHy`uVBq!ia0vp^av;pe3?v!<**pYNoCO|{#S9GG!XV7ZFl&wkP>?Oa zC&cyt|NlT{=%LGXAk`&7e!&b5&u*jvIl`VUjv*Y^lM@bb&-nj;xnQF>1H+`lD#BN) SrXB@KGkCiCxvXFVdQ&MBb@0K*?3>;M1& diff --git a/Keychain/utilities.c b/Keychain/utilities.c deleted file mode 100644 index 03764479..00000000 --- a/Keychain/utilities.c +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 2013 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -// -// utilities.c -// - -#include -#include - -#include -#include "utilities.h" - -bool testPutObjectInCloud(CFStringRef key, CFTypeRef object, CFErrorRef *error, dispatch_group_t dgroup, dispatch_queue_t processQueue) -{ - //FIXME: The error set in the block is never returned here. - secerror("testPutObjectInCloud: key: %@, %@", key, object); - CFDictionaryRef objects = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, key, object, NULL); - if (objects) - { - dispatch_group_enter(dgroup); - SOSCloudKeychainPutObjectsInCloud(objects, processQueue, ^ (CFDictionaryRef returnedValues, CFErrorRef error2) - { - secerror("testPutObjectInCloud returned: %@", returnedValues); - if (error2) - { - secerror("testPutObjectInCloud returned: %@", error2); - } - dispatch_group_leave(dgroup); - }); - CFRelease(objects); - } - return true; // Never returns an error -} diff --git a/Keychain/utilities.h b/Keychain/utilities.h deleted file mode 100644 index 677b06bb..00000000 --- a/Keychain/utilities.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 2012-2013 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -// -// utilities.h -// - -#ifndef __KEYCHAIN_UTILITIES_H__ -#define __KEYCHAIN_UTILITIES_H__ - -bool testPutObjectInCloud(CFStringRef key, CFTypeRef object, CFErrorRef *error, dispatch_group_t dgroup, dispatch_queue_t processQueue); - -#endif /* __KEYCHAIN_UTILITIES_H__ */ - diff --git a/KeychainSyncAccountNotification/KeychainSyncAccountNotification.m b/KeychainSyncAccountNotification/KeychainSyncAccountNotification.m index c710f866..be7452c4 100644 --- a/KeychainSyncAccountNotification/KeychainSyncAccountNotification.m +++ b/KeychainSyncAccountNotification/KeychainSyncAccountNotification.m @@ -4,7 +4,6 @@ // #import "KeychainSyncAccountNotification.h" -#import #import #import #if TARGET_OS_IPHONE @@ -15,7 +14,9 @@ #import #import #import -#import +#import + +#import "utilities/debugging.h" @implementation KeychainSyncAccountNotification @@ -38,17 +39,17 @@ CFErrorRef removalError = NULL; - ACLogDebug(@"Performing SOS circle credential removal for account %@: %@", oldAccount.identifier, oldAccount.username); + secinfo("accounts", "Performing SOS circle credential removal for account %@: %@", oldAccount.identifier, oldAccount.username); if (!SOSCCLoggedOutOfAccount(&removalError)) { - ACLogError(@"Account %@ could not leave the SOS circle: %@", oldAccount.identifier, removalError); + secerror("Account %@ could not leave the SOS circle: %@", oldAccount.identifier, removalError); } } else { - ACLogDebug(@"NOT performing SOS circle credential removal for secondary account %@: %@", account.identifier, account.username); + secinfo("accounts", "NOT performing SOS circle credential removal for secondary account %@: %@", account.identifier, account.username); } } else{ - ACLogDebug(@"Already logged out of account"); + secinfo("accounts", "Already logged out of account"); } } @@ -62,15 +63,15 @@ if ([self accountIsPrimary:oldAccount]) { CFErrorRef removalError = NULL; - ACLogDebug(@"Performing SOS circle credential removal for account %@: %@", oldAccount.identifier, oldAccount.username); + secinfo("accounts", "Performing SOS circle credential removal for account %@: %@", oldAccount.identifier, oldAccount.username); if (!SOSCCLoggedOutOfAccount(&removalError)) { - ACLogError(@"Account %@ could not leave the SOS circle: %@", oldAccount.identifier, removalError); + secerror("Account %@ could not leave the SOS circle: %@", oldAccount.identifier, removalError); } } else { - ACLogDebug(@"NOT performing SOS circle credential removal for secondary account %@: %@", account.identifier, account.username); + secinfo("accounts", "NOT performing SOS circle credential removal for secondary account %@: %@", account.identifier, account.username); } } - ACLogDebug(@"Already logged out of account"); + secinfo("accounts", "Already logged out of account"); } } diff --git a/IDSKeychainSyncingProxy/IDSPersistentState.h b/KeychainSyncingOverIDSProxy/IDSPersistentState.h similarity index 93% rename from IDSKeychainSyncingProxy/IDSPersistentState.h rename to KeychainSyncingOverIDSProxy/IDSPersistentState.h index 11a124fa..ce5da2d4 100644 --- a/IDSKeychainSyncingProxy/IDSPersistentState.h +++ b/KeychainSyncingOverIDSProxy/IDSPersistentState.h @@ -23,12 +23,11 @@ // // IDSPersistentState.h -// idskeychainsyncingproxy // #import -@interface IDSKeychainSyncingProxyPersistentState : NSObject +@interface KeychainSyncingOverIDSProxyPersistentState : NSObject { } diff --git a/IDSKeychainSyncingProxy/IDSPersistentState.m b/KeychainSyncingOverIDSProxy/IDSPersistentState.m similarity index 91% rename from IDSKeychainSyncingProxy/IDSPersistentState.m rename to KeychainSyncingOverIDSProxy/IDSPersistentState.m index 0bc5b581..0c884467 100644 --- a/IDSKeychainSyncingProxy/IDSPersistentState.m +++ b/KeychainSyncingOverIDSProxy/IDSPersistentState.m @@ -23,7 +23,6 @@ // // IDSPersistentState.m -// idskeychainsyncingproxy // #import @@ -41,9 +40,9 @@ #error This file must be compiled with ARC. Either turn on ARC for the project or use -fobjc-arc flag #endif -static CFStringRef kRegistrationFileName = CFSTR("com.apple.security.idskeychainsyncingproxy.unhandledMessages.plist"); +static CFStringRef kRegistrationFileName = CFSTR("com.apple.security.keychainsyncingoveridsproxy.unhandledMessages.plist"); -@implementation IDSKeychainSyncingProxyPersistentState +@implementation KeychainSyncingOverIDSProxyPersistentState + (BOOL)write:(NSURL *)path data:(id)plist error:(NSError **)error { @@ -111,7 +110,7 @@ static CFStringRef kRegistrationFileName = CFSTR("com.apple.security.idskeychain + (NSMutableDictionary *)idsState { NSError *error = NULL; - id stateDictionary = [IDSKeychainSyncingProxyPersistentState read:[[self class] registrationFileURL] error:&error]; + id stateDictionary = [KeychainSyncingOverIDSProxyPersistentState read:[[self class] registrationFileURL] error:&error]; secdebug("keyregister", "Read registeredKeys: <%@>", [self dictionaryDescription: stateDictionary]); // Ignore older states with an NSArray if (![stateDictionary isKindOfClass:[NSDictionary class]]) @@ -123,7 +122,7 @@ static CFStringRef kRegistrationFileName = CFSTR("com.apple.security.idskeychain { NSError *error = NULL; secdebug("IDS unhandled message", "Write unhandled Messages and monitor state: <%@>", [self dictionaryDescription: unhandledMessages]); - [IDSKeychainSyncingProxyPersistentState write:[[self class] registrationFileURL] data:unhandledMessages error:&error]; + [KeychainSyncingOverIDSProxyPersistentState write:[[self class] registrationFileURL] data:unhandledMessages error:&error]; } @end diff --git a/IDSKeychainSyncingProxy/IDSProxy.h b/KeychainSyncingOverIDSProxy/IDSProxy.h similarity index 80% rename from IDSKeychainSyncingProxy/IDSProxy.h rename to KeychainSyncingOverIDSProxy/IDSProxy.h index 61e3228a..9bd680b0 100644 --- a/IDSKeychainSyncingProxy/IDSProxy.h +++ b/KeychainSyncingOverIDSProxy/IDSProxy.h @@ -36,11 +36,10 @@ typedef enum { kIDSStartPingTestMessage = 1, kIDSEndPingTestMessage= 2, kIDSSendOneMessage = 3, - kIDSSyncMessagesRaw = 4, - kIDSSyncMessagesCompact = 5, + kIDSPeerReceivedACK = 4, kIDSPeerAvailability = 6, kIDSPeerAvailabilityDone = 7, - kIDSKeychainSyncIDSFragmentation = 8 + kIDSKeychainSyncIDSFragmentation = 8, } idsOperation; typedef enum { @@ -54,16 +53,23 @@ typedef enum { } idsError; -@interface IDSKeychainSyncingProxy : NSObject +@interface KeychainSyncingOverIDSProxy : NSObject { IDSService *_service; - NSString *_deviceID; + NSString *deviceID; + NSMutableDictionary *deviceIDFromAuthToken; } +@property (retain, nonatomic) NSMutableDictionary *deviceIDFromAuthToken; +@property (retain, nonatomic) NSString *deviceID; @property (retain, nonatomic) NSMutableDictionary *unhandledMessageBuffer; @property (retain, nonatomic) NSMutableDictionary *shadowPendingMessages; @property (retain, nonatomic) NSMutableDictionary *allFragmentedMessages; @property (retain, nonatomic) NSMutableDictionary *pingTimers; +@property (retain, nonatomic) NSMutableDictionary *messagesInFlight; +@property (retain, nonatomic) NSMutableDictionary *peerNextSendCache; //dictioanry of device ID -> time stamp of when to send next + +@property (retain, nonatomic) NSArray* listOfDevices; @property (atomic) dispatch_source_t penaltyTimer; @property (atomic) bool penaltyTimerScheduled; @@ -71,6 +77,7 @@ typedef enum { @property (retain, atomic) NSDictionary *queuedMessages; @property (atomic) bool isIDSInitDone; +@property (atomic) bool shadowDoInitializeIDSService; @property (atomic) bool isSecDRunningAsRoot; @property (atomic) bool doesSecDHavePeer; @property (atomic) dispatch_queue_t calloutQueue; @@ -84,8 +91,9 @@ typedef enum { @property (atomic) bool handleAllPendingMessages; @property (atomic) bool shadowHandleAllPendingMessages; +@property (atomic) bool sendRestoredMessages; -+ (IDSKeychainSyncingProxy *) idsProxy; ++ (KeychainSyncingOverIDSProxy *) idsProxy; - (id)init; @@ -96,6 +104,8 @@ typedef enum { - (void) calloutWith: (void(^)(NSMutableDictionary *pending, bool handlePendingMesssages, bool doSetDeviceID, dispatch_queue_t queue, void(^done)(NSMutableDictionary *handledMessages, bool handledPendingMessage, bool handledSettingDeviceID))) callout; - (void) sendKeysCallout: (NSMutableDictionary *(^)(NSMutableDictionary* pending, NSError** error)) handleMessages; - (void)persistState; +- (void) sendPersistedMessagesAgain; +- (NSDictionary*) retrievePendingMessages; - (void)scheduleRetryRequestTimer; @end diff --git a/IDSKeychainSyncingProxy/IDSProxy.m b/KeychainSyncingOverIDSProxy/IDSProxy.m similarity index 58% rename from IDSKeychainSyncingProxy/IDSProxy.m rename to KeychainSyncingOverIDSProxy/IDSProxy.m index 4ab776bc..29f8e1ae 100644 --- a/IDSKeychainSyncingProxy/IDSProxy.m +++ b/KeychainSyncingOverIDSProxy/IDSProxy.m @@ -49,9 +49,9 @@ #include #import "IDSProxy.h" -#import "IDSKeychainSyncingProxy+IDSProxyReceiveMessage.h" -#import "IDSKeychainSyncingProxy+IDSProxySendMessage.h" -#import "IDSKeychainSyncingProxy+IDSProxyThrottle.h" +#import "KeychainSyncingOverIDSProxy+ReceiveMessage.h" +#import "KeychainSyncingOverIDSProxy+SendMessage.h" +#import "KeychainSyncingOverIDSProxy+Throttle.h" #import "IDSPersistentState.h" #define kSecServerKeychainChangedNotification "com.apple.security.keychainchanged" @@ -60,24 +60,30 @@ #define IDSServiceNameKeychainSync "com.apple.private.alloy.keychainsync" static NSString *kMonitorState = @"MonitorState"; static NSString *kExportUnhandledMessages = @"UnhandledMessages"; +static NSString *kMessagesInFlight = @"MessagesInFlight"; static const char *kStreamName = "com.apple.notifyd.matching"; +static NSString *const kIDSMessageRecipientPeerID = @"RecipientPeerID"; +static NSString *const kIDSMessageRecipientDeviceID = @"RecipientDeviceID"; +static NSString *const kIDSMessageUseACKModel = @"UsesAckModel"; NSString *const IDSSendMessageOptionForceEncryptionOffKey = @"IDSSendMessageOptionForceEncryptionOff"; static const int64_t kRetryTimerLeeway = (NSEC_PER_MSEC * 250); // 250ms leeway for handling unhandled messages. static const int64_t kMinMessageRetryDelay = (NSEC_PER_SEC * 8); -CFStringRef kSOSErrorDomain = CFSTR("com.apple.security.sos.error"); CFIndex kSOSErrorPeerNotFound = 1032; CFIndex SECD_RUN_AS_ROOT_ERROR = 1041; #define IDSPROXYSCOPE "IDSProxy" -@implementation IDSKeychainSyncingProxy +@implementation KeychainSyncingOverIDSProxy -+ (IDSKeychainSyncingProxy *) idsProxy +@synthesize deviceID = deviceID; +@synthesize deviceIDFromAuthToken = deviceIDFromAuthToken; + ++ (KeychainSyncingOverIDSProxy *) idsProxy { - static IDSKeychainSyncingProxy *idsProxy; + static KeychainSyncingOverIDSProxy *idsProxy; if (!idsProxy) { static dispatch_once_t onceToken; dispatch_once(&onceToken, ^{ @@ -90,14 +96,52 @@ CFIndex SECD_RUN_AS_ROOT_ERROR = 1041; -(NSDictionary*) exportState { return @{ kMonitorState:_monitor, - kExportUnhandledMessages:_unhandledMessageBuffer + kExportUnhandledMessages:_unhandledMessageBuffer, + kMessagesInFlight:_messagesInFlight }; } + +-(NSDictionary*) retrievePendingMessages +{ + return [KeychainSyncingOverIDSProxy idsProxy].messagesInFlight; +} + - (void)persistState { - if([_unhandledMessageBuffer count] > 0){ - [IDSKeychainSyncingProxyPersistentState setUnhandledMessages:[self exportState]]; + [KeychainSyncingOverIDSProxyPersistentState setUnhandledMessages:[self exportState]]; +} + +- (void) sendPersistedMessagesAgain +{ + NSMutableDictionary *copy = [NSMutableDictionary dictionaryWithDictionary:_messagesInFlight]; + + if(copy && [copy count] > 0){ + [copy enumerateKeysAndObjectsUsingBlock:^(id _Nonnull key, id _Nonnull obj, BOOL * _Nonnull stop) { + NSDictionary* idsMessage = (NSDictionary*)obj; + NSString *uniqueMessageID = (NSString*)key; + + NSString *peerID = (NSString*)[idsMessage objectForKey:kIDSMessageRecipientPeerID]; + if(!peerID){ + [self->_messagesInFlight removeObjectForKey:key]; + return; + } + NSString *ID = (NSString*)[idsMessage objectForKey:kIDSMessageRecipientDeviceID]; + if(!ID){ + [self->_messagesInFlight removeObjectForKey:key]; + return; + } + + [self->_messagesInFlight removeObjectForKey:key]; + secnotice("IDS Transport", "sending this message: %@", idsMessage); + if([self sendIDSMessage:idsMessage name:ID peer:peerID]){ + NSString *useAckModel = [idsMessage objectForKey:kIDSMessageUseACKModel]; + if([useAckModel compare:@"YES"] == NSOrderedSame){ + secnotice("IDS Transport", "setting timer!"); + [self setMessageTimer:uniqueMessageID deviceID:ID message:idsMessage]; + } + } + }]; } } @@ -110,6 +154,10 @@ CFIndex SECD_RUN_AS_ROOT_ERROR = 1041; _monitor = state[kMonitorState]; if(_monitor == nil) _monitor = [NSMutableDictionary dictionary]; + + _messagesInFlight = state[kMessagesInFlight]; + if(_messagesInFlight == nil) + _messagesInFlight = [NSMutableDictionary dictionary]; } - (id)init @@ -123,10 +171,13 @@ CFIndex SECD_RUN_AS_ROOT_ERROR = 1041; _calloutQueue = dispatch_queue_create("IDSCallout", DISPATCH_QUEUE_SERIAL); _unhandledMessageBuffer = [ [NSMutableDictionary alloc] initWithCapacity: 0]; _pingTimers = [ [NSMutableDictionary alloc] initWithCapacity: 0]; + _messagesInFlight = [ [NSMutableDictionary alloc] initWithCapacity: 0]; + deviceIDFromAuthToken = [ [NSMutableDictionary alloc] initWithCapacity: 0]; + _peerNextSendCache = [ [NSMutableDictionary alloc] initWithCapacity: 0]; + _listOfDevices = [[NSMutableArray alloc] initWithCapacity:0]; _isSecDRunningAsRoot = false; _doesSecDHavePeer = true; - secdebug(IDSPROXYSCOPE, "%@ done", self); [self doIDSInitialization]; @@ -146,32 +197,34 @@ CFIndex SECD_RUN_AS_ROOT_ERROR = 1041; [self timerFired]; }); dispatch_resume(_retryTimer); - [self importIDSState: [IDSKeychainSyncingProxyPersistentState idsState]]; - + [self importIDSState: [KeychainSyncingOverIDSProxyPersistentState idsState]]; + + if([_messagesInFlight count ] > 0) + _sendRestoredMessages = true; int notificationToken; notify_register_dispatch(kSecServerKeychainChangedNotification, ¬ificationToken, dispatch_get_main_queue(), ^ (int token __unused) { secinfo("backoff", "keychain changed, wiping backoff monitor state"); - _monitor = [NSMutableDictionary dictionary]; + self->_monitor = [NSMutableDictionary dictionary]; }); int peerInfo; notify_register_dispatch(kSecServerPeerInfoAvailable, &peerInfo, dispatch_get_main_queue(), ^ (int token __unused) { secinfo("IDS Transport", "secd has a peer info"); - if(_doesSecDHavePeer == false){ - _doesSecDHavePeer = true; + if(self->_doesSecDHavePeer == false){ + self->_doesSecDHavePeer = true; [self doSetIDSDeviceID]; } }); - + [self updateUnlockedSinceBoot]; [self updateIsLocked]; if (!_isLocked) [self keybagDidUnlock]; - + } return self; } @@ -231,12 +284,12 @@ CFIndex SECD_RUN_AS_ROOT_ERROR = 1041; - (void) keybagStateChange { os_activity_initiate("keybagStateChanged", OS_ACTIVITY_FLAG_DEFAULT, ^{ - secerror("keybagStateChange! was locked: %d", _isLocked); - BOOL wasLocked = _isLocked; + secerror("keybagStateChange! was locked: %d", self->_isLocked); + BOOL wasLocked = self->_isLocked; if ([self updateIsLocked]) { - if (wasLocked == _isLocked) - secdebug("IDS Transport", "%@ still %s ignoring", self, _isLocked ? "locked" : "unlocked"); - else if (_isLocked) + if (wasLocked == self->_isLocked) + secdebug("IDS Transport", "%@ still %s ignoring", self, self->_isLocked ? "locked" : "unlocked"); + else if (self->_isLocked) [self keybagDidLock]; else [self keybagDidUnlock]; @@ -257,7 +310,7 @@ CFIndex SECD_RUN_AS_ROOT_ERROR = 1041; else if (_retryTimerScheduled && !_isLocked) [self handleAllPendingMessage]; else - [[IDSKeychainSyncingProxy idsProxy] scheduleRetryRequestTimer]; + [[KeychainSyncingOverIDSProxy idsProxy] scheduleRetryRequestTimer]; } @@ -270,85 +323,117 @@ CFIndex SECD_RUN_AS_ROOT_ERROR = 1041; - (void)doIDSInitialization { - - secnotice("IDS Transport", "doIDSInitialization!"); - - _service = [[IDSService alloc] initWithService: @IDSServiceNameKeychainSync]; - - if( _service == nil ){ - _isIDSInitDone = false; - secerror("Could not create ids service"); - } - else{ - secnotice("IDS Transport", "IDS Transport Successfully set up IDS!"); - [_service addDelegate:self queue: dispatch_get_main_queue()]; + + dispatch_async(self.calloutQueue, ^{ + secnotice("IDS Transport", "doIDSInitialization!"); - _isIDSInitDone = true; - if(_isSecDRunningAsRoot == false) - [self doSetIDSDeviceID]; - } + self->_service = [[IDSService alloc] initWithService: @IDSServiceNameKeychainSync]; + + if( self->_service == nil ){ + self->_isIDSInitDone = false; + secerror("Could not create ids service"); + } + else{ + secnotice("IDS Transport", "IDS Transport Successfully set up IDS!"); + [self->_service addDelegate:self queue: dispatch_get_main_queue()]; + + self->_isIDSInitDone = true; + if(self->_isSecDRunningAsRoot == false) + [self doSetIDSDeviceID]; + + NSArray *ListOfIDSDevices = [self->_service devices]; + self.listOfDevices = ListOfIDSDevices; + + for(NSUInteger i = 0; i < [ self.listOfDevices count ]; i++){ + IDSDevice *device = self.listOfDevices[i]; + NSString *authToken = IDSCopyIDForDevice(device); + [self.deviceIDFromAuthToken setObject:device.uniqueID forKey:authToken]; + } + } + }); } - (void) doSetIDSDeviceID { NSInteger code = 0; NSString *errorMessage = nil; - __block NSString* deviceID; - + if(!_isIDSInitDone){ [self doIDSInitialization]; } - require_action_quiet(_isSecDRunningAsRoot == false, fail, errorMessage = @"cannot set IDS device ID, secd is running as root"; code = SECD_RUN_AS_ROOT_ERROR;); - require_action_quiet(_doesSecDHavePeer == true, fail, errorMessage = @"cannot set IDS deviceID, secd does not have a full peer info for account"; code = kSOSErrorPeerNotFound); - require_action_quiet(_isIDSInitDone, fail, errorMessage = @"IDSKeychainSyncingProxy can't set up the IDS service"; code = kSecIDSErrorNotRegistered); - require_action_quiet(!_isLocked, fail, errorMessage = @"IDSKeychainSyncingProxy can't set device ID, device is locked"; code = kSecIDSErrorDeviceIsLocked); - - deviceID = IDSCopyLocalDeviceUniqueID(); - secdebug("IDS Transport", "This is our IDS device ID: %@", deviceID); - - require_action_quiet(deviceID != nil, fail, errorMessage = @"IDSKeychainSyncingProxy could not retrieve device ID from keychain"; code = kSecIDSErrorNoDeviceID); - - if(_inCallout && _isSecDRunningAsRoot == false){ - _shadowDoSetIDSDeviceID = YES; + _setIDSDeviceID = YES; + + if(_isSecDRunningAsRoot != false) + { + errorMessage = @"cannot set IDS device ID, secd is running as root"; + code = SECD_RUN_AS_ROOT_ERROR; + secerror("Setting device ID error: %@, code: %ld", errorMessage, (long)code); + } + else if(_doesSecDHavePeer != true) + { + errorMessage = @"cannot set IDS deviceID, secd does not have a full peer info for account"; + code = kSOSErrorPeerNotFound; + secerror("Setting device ID error: %@, code: %ld", errorMessage, (long)code); + + } + else if(!_isIDSInitDone){ + errorMessage = @"KeychainSyncingOverIDSProxy can't set up the IDS service"; + code = kSecIDSErrorNotRegistered; + secerror("Setting device ID error: %@, code: %ld", errorMessage, (long)code); + } + else if(_isLocked){ + errorMessage = @"KeychainSyncingOverIDSProxy can't set device ID, device is locked"; + code = kSecIDSErrorDeviceIsLocked; + secerror("Setting device ID error: %@, code: %ld", errorMessage, (long)code); + } + else{ - _setIDSDeviceID = YES; [self calloutWith:^(NSMutableDictionary *pending, bool handlePendingMesssages, bool doSetDeviceID, dispatch_queue_t queue, void(^done)(NSMutableDictionary *, bool, bool)) { CFErrorRef localError = NULL; bool handledSettingID = false; - handledSettingID = SOSCCSetDeviceID((__bridge CFStringRef) deviceID, &localError); - if(!handledSettingID && localError != NULL){ - if(CFErrorGetCode(localError) == SECD_RUN_AS_ROOT_ERROR){ - secerror("SETTING RUN AS ROOT ERROR: %@", localError); - _isSecDRunningAsRoot = true; - } - else if (CFErrorGetCode(localError) == -536870174 && CFErrorGetDomain(localError) == kSecKernDomain) { - secnotice("IDS Transport", "system is locked, cannot set device ID, error: %@", localError); - _isLocked = true; - } - else if (CFErrorGetCode(localError) == kSOSErrorPeerNotFound && CFStringCompare(CFErrorGetDomain(localError), kSOSErrorDomain, 0) == 0){ - secnotice("IDS Transport","securityd does not have a peer yet , error: %@", localError); - _doesSecDHavePeer = false; + NSString *ID = IDSCopyLocalDeviceUniqueID(); + self->deviceID = ID; + + if(ID){ + handledSettingID = SOSCCSetDeviceID((__bridge CFStringRef) ID, &localError); + + if(!handledSettingID && localError != NULL){ + if(CFErrorGetCode(localError) == SECD_RUN_AS_ROOT_ERROR){ + secerror("SETTING RUN AS ROOT ERROR: %@", localError); + self->_isSecDRunningAsRoot = true; + } + else if (CFErrorIsMalfunctioningKeybagError(localError)) { + secnotice("IDS Transport", "system is unavailable, cannot set device ID, error: %@", localError); + self->_isLocked = true; + } + else if (CFErrorGetCode(localError) == kSOSErrorPeerNotFound && CFStringCompare(CFErrorGetDomain(localError), kSOSErrorDomain, 0) == 0){ + secnotice("IDS Transport","securityd does not have a peer yet , error: %@", localError); + self->_doesSecDHavePeer = false; + } } + else + self->_setIDSDeviceID = NO; + + CFReleaseNull(localError); + dispatch_async(queue, ^{ + done(nil, NO, YES); + }); + } else { + dispatch_async(queue, ^{ + done(nil, NO, NO); + }); + } + if(errorMessage != nil){ + secerror("Setting device ID error: KeychainSyncingOverIDSProxy could not retrieve device ID from keychain, code: %ld", (long)kSecIDSErrorNoDeviceID); } - else - _setIDSDeviceID = NO; - - CFReleaseNull(localError); - dispatch_async(queue, ^{ - done(nil, NO, YES); - }); }]; } -fail: - if(errorMessage != nil){ - secerror("Setting device ID error: %@, code: %ld", errorMessage, (long)code); - } } - (void) calloutWith: (void(^)(NSMutableDictionary *pending, bool handlePendingMesssages, bool doSetDeviceID, dispatch_queue_t queue, void(^done)(NSMutableDictionary *handledMessages, bool handledPendingMessage, bool handledSettingDeviceID))) callout { - // In IDSKeychainSyncingProxy serial queue + // In KeychainSyncingOverIDSProxy serial queue dispatch_queue_t idsproxy_queue = dispatch_get_main_queue(); // dispatch_get_global_queue - well-known global concurrent queue @@ -360,26 +445,26 @@ fail: __block bool myDoSetDeviceID; __block bool wasLocked; dispatch_sync(idsproxy_queue, ^{ - myPending = [_unhandledMessageBuffer copy]; - myHandlePendingMessage = _handleAllPendingMessages; - myDoSetDeviceID = _setIDSDeviceID; - wasLocked = _isLocked; + myPending = [self->_unhandledMessageBuffer copy]; + myHandlePendingMessage = self->_handleAllPendingMessages; + myDoSetDeviceID = self->_setIDSDeviceID; + wasLocked = self->_isLocked; - _inCallout = YES; + self->_inCallout = YES; - _shadowHandleAllPendingMessages = NO; + self->_shadowHandleAllPendingMessages = NO; }); callout(myPending, myHandlePendingMessage, myDoSetDeviceID, idsproxy_queue, ^(NSMutableDictionary *handledMessages, bool handledPendingMessage, bool handledSetDeviceID) { secdebug("event", "%@ %s%s before callout handled: %s%s", self, myHandlePendingMessage ? "P" : "p", myDoSetDeviceID ? "D" : "d", handledPendingMessage ? "H" : "h", handledSetDeviceID ? "I" : "i"); // In IDSKeychainSyncingProxy's serial queue - _inCallout = NO; + self->_inCallout = NO; // Update setting device id - _setIDSDeviceID = ((myDoSetDeviceID && !handledSetDeviceID)); - - _shadowDoSetIDSDeviceID = NO; + self->_setIDSDeviceID = ((myDoSetDeviceID && !handledSetDeviceID)); + + self->_shadowDoSetIDSDeviceID = NO; xpc_transaction_end(); }); diff --git a/IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxyReceiveMessage.h b/KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+ReceiveMessage.h similarity index 96% rename from IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxyReceiveMessage.h rename to KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+ReceiveMessage.h index 68965c9c..297e4e47 100644 --- a/IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxyReceiveMessage.h +++ b/KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+ReceiveMessage.h @@ -24,7 +24,7 @@ #import "IDSProxy.h" -@interface IDSKeychainSyncingProxy (IDSProxyReceiveMessage) +@interface KeychainSyncingOverIDSProxy (ReceiveMessage) //receive message routines -(BOOL) checkForFragmentation:(NSDictionary*)message id:(NSString*)fromID data:(NSData*)messageData; -(NSMutableDictionary*) combineMessage:(NSString*)deviceID peerID:(NSString*)peerID uuid:(NSString*)uuid; diff --git a/IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxyReceiveMessage.m b/KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+ReceiveMessage.m similarity index 60% rename from IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxyReceiveMessage.m rename to KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+ReceiveMessage.m index 7e59ef57..d4e8cb00 100644 --- a/IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxyReceiveMessage.m +++ b/KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+ReceiveMessage.m @@ -35,6 +35,7 @@ #include #include #include +#include #import #import @@ -44,8 +45,8 @@ #include #import "IDSPersistentState.h" -#import "IDSKeychainSyncingProxy+IDSProxyReceiveMessage.h" -#import "IDSKeychainSyncingProxy+IDSProxySendMessage.h" +#import "KeychainSyncingOverIDSProxy+ReceiveMessage.h" +#import "KeychainSyncingOverIDSProxy+SendMessage.h" #import "IDSProxy.h" static NSString *const kIDSNumberOfFragments = @"NumberOfIDSMessageFragments"; @@ -53,8 +54,10 @@ static NSString *const kIDSFragmentIndex = @"kFragmentIndex"; static NSString *const kIDSOperationType = @"IDSMessageOperation"; static NSString *const kIDSMessageToSendKey = @"MessageToSendKey"; static NSString *const kIDSMessageUniqueID = @"MessageID"; +static NSString *const kIDSMessageRecipientPeerID = @"RecipientPeerID"; +static NSString *const kIDSMessageUseACKModel = @"UsesAckModel"; -@implementation IDSKeychainSyncingProxy (IDSProxyReceiveMessage) +@implementation KeychainSyncingOverIDSProxy (ReceiveMessage) -(int) countNumberOfValidObjects:(NSMutableArray*)fragmentsForDeviceID @@ -77,10 +80,10 @@ static NSString *const kIDSMessageUniqueID = @"MessageID"; NSNumber *index = [message objectForKey:kIDSFragmentIndex]; NSString *uuidString = [message objectForKey:kIDSMessageUniqueID]; - if([IDSKeychainSyncingProxy idsProxy].allFragmentedMessages == nil) - [IDSKeychainSyncingProxy idsProxy].allFragmentedMessages = [NSMutableDictionary dictionary]; + if([KeychainSyncingOverIDSProxy idsProxy].allFragmentedMessages == nil) + [KeychainSyncingOverIDSProxy idsProxy].allFragmentedMessages = [NSMutableDictionary dictionary]; - NSMutableDictionary *uniqueMessages = [[IDSKeychainSyncingProxy idsProxy].allFragmentedMessages objectForKey: fromID]; + NSMutableDictionary *uniqueMessages = [[KeychainSyncingOverIDSProxy idsProxy].allFragmentedMessages objectForKey: fromID]; if(uniqueMessages == nil) uniqueMessages = [NSMutableDictionary dictionary]; @@ -94,7 +97,7 @@ static NSString *const kIDSMessageUniqueID = @"MessageID"; [fragmentsForDeviceID replaceObjectAtIndex: [index intValue] withObject:messageData ]; [uniqueMessages setObject: fragmentsForDeviceID forKey:uuidString]; - [[IDSKeychainSyncingProxy idsProxy].allFragmentedMessages setObject:uniqueMessages forKey: fromID]; + [[KeychainSyncingOverIDSProxy idsProxy].allFragmentedMessages setObject:uniqueMessages forKey: fromID]; if([self countNumberOfValidObjects:fragmentsForDeviceID] == [idsNumberOfFragments longValue]) handOffMessage = true; @@ -109,61 +112,38 @@ static NSString *const kIDSMessageUniqueID = @"MessageID"; } --(NSMutableDictionary*) combineMessage:(NSString*)deviceID peerID:(NSString*)peerID uuid:(NSString*)uuid +-(NSMutableDictionary*) combineMessage:(NSString*)ID peerID:(NSString*)peerID uuid:(NSString*)uuid { NSString *dataKey = [ NSString stringWithUTF8String: kMessageKeyIDSDataMessage ]; NSString *deviceIDKey = [ NSString stringWithUTF8String: kMessageKeyDeviceID ]; NSString *peerIDKey = [ NSString stringWithUTF8String: kMessageKeyPeerID ]; - NSMutableDictionary *uniqueMessage = [[IDSKeychainSyncingProxy idsProxy].allFragmentedMessages objectForKey:deviceID]; - NSMutableArray *messagesForUUID = [uniqueMessage objectForKey:uuid]; + NSMutableDictionary *arrayOfFragmentedMessagesByUUID = [[KeychainSyncingOverIDSProxy idsProxy].allFragmentedMessages objectForKey:ID]; + NSMutableArray *messagesForUUID = [arrayOfFragmentedMessagesByUUID objectForKey:uuid]; NSMutableData* completeMessage = [NSMutableData data]; [messagesForUUID enumerateObjectsUsingBlock:^(id obj, NSUInteger idx, BOOL *stop) { NSData *messageFragment = (NSData*)obj; - secnotice("IDS Transport","this is our index: %lu and size: %lu", (unsigned long)idx, (unsigned long)[messageFragment length]); [completeMessage appendData: messageFragment]; }]; - [uniqueMessage removeObjectForKey:uuid]; - [[IDSKeychainSyncingProxy idsProxy].allFragmentedMessages removeObjectForKey:deviceID]; + //we've combined the message, now remove it from the fragmented messages dictionary + [arrayOfFragmentedMessagesByUUID removeObjectForKey:uuid]; + return [NSMutableDictionary dictionaryWithObjectsAndKeys: completeMessage, dataKey, deviceID, deviceIDKey, peerID, peerIDKey, nil]; } --(void) handleTestMessage:(NSString*)operation id:(NSString*)ID +-(void) handleTestMessage:(NSString*)operation id:(NSString*)ID messageID:(NSString*)uniqueID senderPeerID:(NSString*)senderPeerID { int operationType = [operation intValue]; switch(operationType){ case kIDSPeerAvailabilityDone: { + //set current timestamp to indicate success! + [self.peerNextSendCache setObject:[NSDate date] forKey:ID]; + secnotice("IDS Transport","!received availability response!: %@", ID); notify_post(kSOSCCPeerAvailable); - //cancel timer! - dispatch_source_t timer = [[IDSKeychainSyncingProxy idsProxy].pingTimers objectForKey:ID]; - if(timer != nil){ - secnotice("IDS Transport", "timer not nil"); - dispatch_cancel(timer); - [[IDSKeychainSyncingProxy idsProxy].pingTimers removeObjectForKey:ID]; - } - //call securityd to sync with device over IDS - __block CFErrorRef cf_error = NULL; - __block bool success = false; - - [self sendKeysCallout:^NSMutableDictionary *(NSMutableDictionary *pending, NSError** error) { - - success = SOSCCRequestSyncWithPeerOverIDS(((__bridge CFStringRef)ID), &cf_error); - - if(success){ - secnotice("IDSPing", "sent device ID: %@ to securityd to sync over IDS", ID); - } - else{ - secerror("Could not hand device ID: %@ to securityd, error: %@", ID, cf_error); - } - - return NULL; - }]; - CFReleaseSafe(cf_error); - break; } case kIDSEndPingTestMessage: @@ -189,107 +169,150 @@ static NSString *const kIDSMessageUniqueID = @"MessageID"; NSString *operationString = [[NSString alloc] initWithUTF8String:messageCharS]; NSString* messageString = @"peer availability check finished"; NSDictionary* messsageDictionary = @{kIDSOperationType:operationString, kIDSMessageToSendKey:messageString}; - NSString *identifier = [NSString string]; - - NSError *localError = NULL; - if (!self.isLocked) - [self sendIDSMessage:messsageDictionary name:ID peer:@"me" identifier:&identifier error:&localError]; - else - secnotice("IDS Transport", "device is locked, not responding to availability check"); - + + // We can always hold on to a message and our remote peers would bother everyone + [self sendIDSMessage:messsageDictionary name:ID peer:@"me"]; + free(messageCharS); break; } + case kIDSPeerReceivedACK: + { + //set current timestamp to indicate success! + [self.peerNextSendCache setObject:[[NSDate alloc] init] forKey:ID]; + + //cancel timer! + secnotice("IDS Transport", "received ack for: %@", uniqueID); + dispatch_source_t timer = [[KeychainSyncingOverIDSProxy idsProxy].pingTimers objectForKey:uniqueID]; + if(timer != nil){ + dispatch_cancel(timer); + [[KeychainSyncingOverIDSProxy idsProxy].pingTimers removeObjectForKey:uniqueID]; + [[KeychainSyncingOverIDSProxy idsProxy].messagesInFlight removeObjectForKey:uniqueID]; + [[KeychainSyncingOverIDSProxy idsProxy] persistState]; + } + //call out to securityd to set a NULL + [self sendKeysCallout:^NSMutableDictionary *(NSMutableDictionary *pending, NSError** error) { + + CFErrorRef localError = NULL; + SOSCCClearPeerMessageKeyInKVS((__bridge CFStringRef)senderPeerID, &localError); + return NULL; + }]; + break; + } default: break; } } +- (void)sendACK:(NSString*)ID peerID:(NSString*)sendersPeerID uniqueID:(NSString*)uniqueID +{ + char* messageCharS; + NSString* messageString = @"ACK"; + + asprintf(&messageCharS, "%d",kIDSPeerReceivedACK); + NSString *operationString = [[NSString alloc] initWithUTF8String:messageCharS]; + + NSDictionary* messageDictionary = @{kIDSOperationType:operationString, kIDSMessageToSendKey:messageString, kIDSMessageUniqueID:uniqueID}; + + [self sendIDSMessage:messageDictionary name:ID peer:sendersPeerID]; + free(messageCharS); + +} + - (void)service:(IDSService *)service account:(IDSAccount *)account incomingMessage:(NSDictionary *)message fromID:(NSString *)fromID context:(IDSMessageContext *)context { - secnotice("IDS Transport","message: %@", message); NSString *dataKey = [ NSString stringWithUTF8String: kMessageKeyIDSDataMessage ]; NSString *deviceIDKey = [ NSString stringWithUTF8String: kMessageKeyDeviceID ]; NSString *peerIDKey = [ NSString stringWithUTF8String: kMessageKeyPeerID ]; NSString *sendersPeerIDKey = [NSString stringWithUTF8String: kMessageKeySendersPeerID]; - - NSString *ID = nil; - uint32_t operationType; - bool hadError = false; - CFStringRef errorMessage = NULL; - __block NSString* myPeerID = @""; - __block NSData *messageData = nil; - - NSString* operationTypeAsString = nil; - NSMutableDictionary *messageDictionary = nil; - - NSArray *devices = [_service devices]; - for(NSUInteger i = 0; i < [ devices count ]; i++){ - IDSDevice *device = devices[i]; - if( [(IDSCopyIDForDevice(device)) containsString: fromID] == YES){ - ID = device.uniqueID; - break; - } - } - secnotice("IDS Transport", "Received message from: %@", ID); - NSString *sendersPeerID = [message objectForKey: sendersPeerIDKey]; - if(sendersPeerID == nil) - sendersPeerID = [NSString string]; + dispatch_async(self.calloutQueue, ^{ + NSString* messageID = nil; + NSString *ID = nil; + uint32_t operationType; + bool hadError = false; + CFStringRef errorMessage = NULL; + __block NSString* myPeerID = @""; + __block NSData *messageData = nil; + NSString* operationTypeAsString = nil; + NSMutableDictionary *messageDictionary = nil; + NSString *useAck = nil; + + + NSArray *devices = [self->_service devices]; + for(NSUInteger i = 0; i < [ devices count ]; i++){ + IDSDevice *device = devices[i]; + if( [(IDSCopyIDForDevice(device)) containsString: fromID] == YES){ + ID = device.uniqueID; + break; + } + } + secnotice("IDS Transport", "Received message from: %@: %@ ", ID, message); + NSString *sendersPeerID = [message objectForKey: sendersPeerIDKey]; + + if(sendersPeerID == nil) + sendersPeerID = [NSString string]; - - require_action_quiet(ID, fail, hadError = true; errorMessage = CFSTR("require the sender's device ID")); - - operationTypeAsString = [message objectForKey: kIDSOperationType]; - messageDictionary = [message objectForKey: kIDSMessageToSendKey]; - - secnotice("IDS Transport","from peer %@, operation type as string: %@, as integer: %d", ID, operationTypeAsString, [operationTypeAsString intValue]); - operationType = [operationTypeAsString intValue]; - - if(operationType == kIDSPeerAvailabilityDone || operationType == kIDSEndPingTestMessage || operationType == kIDSSendOneMessage || operationType == kIDSPeerAvailability || operationType == kIDSStartPingTestMessage) - { - [self handleTestMessage:operationTypeAsString id:ID]; - } - else if(operationType == kIDSKeychainSyncIDSFragmentation) - { - [messageDictionary enumerateKeysAndObjectsUsingBlock:^(id key, id obj, BOOL *stop) { - myPeerID = (NSString*)key; - messageData = (NSData*)obj; - }]; - BOOL readyToHandOffToSecD = [self checkForFragmentation:message id:ID data:messageData]; + require_action_quiet(ID, fail, hadError = true; errorMessage = CFSTR("require the sender's device ID")); - NSMutableDictionary *messageAndFromID = nil; + operationTypeAsString = [message objectForKey: kIDSOperationType]; + messageDictionary = [message objectForKey: kIDSMessageToSendKey]; - if(readyToHandOffToSecD && ([message objectForKey:kIDSFragmentIndex])!= nil){ - secnotice("IDS Transport","fragmentation: messageData: %@, myPeerID: %@", messageData, myPeerID); - NSString* uuid = [message objectForKey:kIDSMessageUniqueID]; - messageAndFromID = [self combineMessage:ID peerID:myPeerID uuid:uuid]; + messageID = [message objectForKey:kIDSMessageUniqueID]; + useAck = [message objectForKey:kIDSMessageUseACKModel]; + + if(useAck != nil && [useAck compare:@"YES"] == NSOrderedSame) + require_quiet(messageID != nil, fail); + + secnotice("IDS Transport","from peer %@, operation type as string: %@, as integer: %d", ID, operationTypeAsString, [operationTypeAsString intValue]); + operationType = [operationTypeAsString intValue]; + + if(operationType != kIDSKeychainSyncIDSFragmentation) + { + [self handleTestMessage:operationTypeAsString id:ID messageID:messageID senderPeerID:sendersPeerID]; } - else if(readyToHandOffToSecD){ - secnotice("IDS Transport","no fragmentation: messageData: %@, myPeerID: %@", messageData, myPeerID); - messageAndFromID = [NSMutableDictionary dictionaryWithObjectsAndKeys: messageData, dataKey, ID, deviceIDKey, myPeerID, peerIDKey, nil]; + else{ + + [messageDictionary enumerateKeysAndObjectsUsingBlock:^(id key, id obj, BOOL *stop) { + myPeerID = (NSString*)key; + messageData = (NSData*)obj; + }]; + + if(useAck != nil && [useAck compare:@"YES"] == NSOrderedSame) + [self sendACK:ID peerID:myPeerID uniqueID:messageID]; + + BOOL readyToHandOffToSecD = [self checkForFragmentation:message id:ID data:messageData]; + + NSMutableDictionary *messageAndFromID = nil; + + if(readyToHandOffToSecD && ([message objectForKey:kIDSFragmentIndex])!= nil){ + NSString* uuid = [message objectForKey:kIDSMessageUniqueID]; + messageAndFromID = [self combineMessage:ID peerID:myPeerID uuid:uuid]; + } + else if(readyToHandOffToSecD){ + messageAndFromID = [NSMutableDictionary dictionaryWithObjectsAndKeys: messageData, dataKey, ID, deviceIDKey, myPeerID, peerIDKey, nil]; + } + else + return; + + //set the sender's peer id so we can check it in securityd + [messageAndFromID setObject:sendersPeerID forKey:sendersPeerIDKey]; + + if([KeychainSyncingOverIDSProxy idsProxy].isLocked){ + //hang on to the message and set the retry deadline + [self.unhandledMessageBuffer setObject: messageAndFromID forKey: fromID]; + } + else + [self sendMessageToSecurity:messageAndFromID fromID:fromID]; } - else - return; - //set the sender's peer id so we can check it in securityd - [messageAndFromID setObject:sendersPeerID forKey:sendersPeerIDKey]; + fail: + if(hadError) + secerror("error:%@", errorMessage); - if([IDSKeychainSyncingProxy idsProxy].isLocked){ - //hang on to the message and set the retry deadline - [self.unhandledMessageBuffer setObject: messageAndFromID forKey: fromID]; - } - else - [self sendMessageToSecurity:messageAndFromID fromID:fromID]; - } - else - secerror("dropping IDS message"); - -fail: - if(hadError) - secerror("error:%@", errorMessage); + }); } @@ -312,24 +335,13 @@ fail: - (bool) shouldPersistMessage:(NSDictionary*) newMessageAndFromID id:(NSString*)fromID { - __block bool persistMessage = true; - //get the dictionary of messages for a particular device id - NSDictionary* messagesForID = [self.unhandledMessageBuffer valueForKey:fromID]; - - //Grab the data blob - CFStringRef dataKey = CFStringCreateWithCString(kCFAllocatorDefault, kMessageKeyIDSDataMessage, kCFStringEncodingASCII); - CFDataRef messageData = asData(CFDictionaryGetValue((__bridge CFDictionaryRef)newMessageAndFromID, dataKey), NULL); - - [messagesForID enumerateKeysAndObjectsUsingBlock:^(id key, id obj, BOOL * stop) { - NSData* queuedMessage = (NSData*)obj; - - if([queuedMessage isEqual:(__bridge NSData*)messageData]) - persistMessage = false; - }]; - - CFReleaseNull(dataKey); - return persistMessage; + NSDictionary* messagesFromBuffer = [self.unhandledMessageBuffer valueForKey:fromID]; + + if([messagesFromBuffer isEqual:newMessageAndFromID]) + return false; + + return true; } -(void)sendMessageToSecurity:(NSMutableDictionary*)messageAndFromID fromID:(NSString*)fromID @@ -343,11 +355,9 @@ fail: //turns out the error needs to be evaluated as sync_and_do returns bools if(cf_error != NULL) { - CFStringRef errorDescription = CFErrorCopyDescription(cf_error); - if (CFStringCompare(errorDescription, CFSTR("The operation couldn’t be completed. (Mach error -536870174 - Kern return error)"), 0) == 0 ) { + if(CFErrorIsMalfunctioningKeybagError(cf_error)){ success = kHandleIDSMessageLocked; } - CFReleaseNull(errorDescription); } if(success == kHandleIDSMessageLocked){ @@ -371,7 +381,7 @@ fail: [self.unhandledMessageBuffer setObject: messageAndFromID forKey: fromID]; secnotice("IDS Transport","unhandledMessageBuffer: %@", self.unhandledMessageBuffer); //set timer - [[IDSKeychainSyncingProxy idsProxy] scheduleRetryRequestTimer]; + [[KeychainSyncingOverIDSProxy idsProxy] scheduleRetryRequestTimer]; //write message to disk if message is new to the unhandled queue if([self shouldPersistMessage:messageAndFromID id:fromID]) diff --git a/IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxySendMessage.h b/KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+SendMessage.h similarity index 77% rename from IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxySendMessage.h rename to KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+SendMessage.h index 516c2a49..0de3f5b3 100644 --- a/IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxySendMessage.h +++ b/KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+SendMessage.h @@ -24,10 +24,11 @@ #import "IDSProxy.h" -@interface IDSKeychainSyncingProxy (IDSProxySendMessage) +@interface KeychainSyncingOverIDSProxy (SendMessage) -(BOOL) sendFragmentedIDSMessages:(NSDictionary*)data name:(NSString*) deviceName peer:(NSString*) ourPeerID error:(NSError**) error; --(BOOL) sendIDSMessage:(NSDictionary*)data name:(NSString*) deviceName peer:(NSString*) peerID identifier:(NSString **)identifier error:(NSError**) error; +-(BOOL) sendIDSMessage:(NSDictionary*)data name:(NSString*) deviceName peer:(NSString*) peerID; +-(void) ackTimerFired:(NSString*)identifier deviceID:(NSString*)deviceID; +-(void) setMessageTimer:(NSString*)identifier deviceID:(NSString*)deviceID message:(NSDictionary*)message; +- (void)pingTimerFired:(NSString*)deviceID peerID:(NSString*)peerID identifier:(NSString*)identifier; -(void) pingDevices:(NSArray*)list peerID:(NSString*)peerID; -- (void)pingTimerFired:(NSString*)deviceName peerID:(NSString*)peerID identifier:(NSString*)identifier; - @end diff --git a/KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+SendMessage.m b/KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+SendMessage.m new file mode 100644 index 00000000..7d93be01 --- /dev/null +++ b/KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+SendMessage.m @@ -0,0 +1,474 @@ +/* + * Copyright (c) 2012-2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + + +#import +#import + +#import +#import +#import +#import + +#include +#include +#include +#include + +#import +#import + +#include +#include +#include + +#import "IDSProxy.h" +#import "IDSPersistentState.h" +#import "KeychainSyncingOverIDSProxy+SendMessage.h" +#import "KeychainSyncingOverIDSProxy+Throttle.h" + +#include + + +static NSString *const IDSSendMessageOptionForceEncryptionOffKey = @"IDSSendMessageOptionForceEncryptionOff"; + +static NSString *const kIDSNumberOfFragments = @"NumberOfIDSMessageFragments"; +static NSString *const kIDSFragmentIndex = @"kFragmentIndex"; +static NSString *const kIDSOperationType = @"IDSMessageOperation"; +static NSString *const kIDSMessageToSendKey = @"MessageToSendKey"; +static NSString *const kIDSMessageUniqueID = @"MessageID"; +static NSString *const kIDSMessageRecipientPeerID = @"RecipientPeerID"; +static NSString *const kIDSMessageRecipientDeviceID = @"RecipientDeviceID"; +static NSString *const kIDSMessageUseACKModel = @"UsesAckModel"; +static NSString *const kIDSDeviceID = @"deviceID"; + +static const int64_t kRetryTimerLeeway = (NSEC_PER_MSEC * 250); // 250ms leeway for handling unhandled messages. +static const int64_t timeout = 3ull; +static const int64_t KVS_BACKOFF = 5; + +static const NSUInteger kMaxIDSMessagePayloadSize = 64000; + + +@implementation KeychainSyncingOverIDSProxy (SendMessage) + + +-(bool) chunkAndSendKeychainPayload:(NSData*)keychainData deviceID:(NSString*)deviceName ourPeerID:(NSString*)ourPeerID theirPeerID:(NSString*) theirPeerID operation:(NSString*)operationTypeAsString uuid:(NSString*)uuidString error:(NSError**) error +{ + __block BOOL result = true; + + NSUInteger keychainDataLength = [keychainData length]; + int fragmentIndex = 0; + int startingPosition = 0; + + NSUInteger totalNumberOfFragments = (keychainDataLength + kMaxIDSMessagePayloadSize - 1)/kMaxIDSMessagePayloadSize; + + NSMutableDictionary* fragmentDictionary = [NSMutableDictionary dictionaryWithObjectsAndKeys: + deviceName, kIDSDeviceID, + [NSNumber numberWithUnsignedInteger:totalNumberOfFragments], kIDSNumberOfFragments, + [NSNumber numberWithInt:fragmentIndex], kIDSFragmentIndex, + deviceName, kIDSMessageRecipientDeviceID, theirPeerID, kIDSMessageRecipientPeerID, + operationTypeAsString, kIDSOperationType, + uuidString, kIDSMessageUniqueID, + nil]; + + NSUInteger remainingLength = keychainDataLength; + while(remainingLength > 0 && result == true){ + NSUInteger fragmentLength = MIN(remainingLength, kMaxIDSMessagePayloadSize); + NSData *fragment = [keychainData subdataWithRange:NSMakeRange(startingPosition, fragmentLength)]; + + // Insert the current fragment data in dictionary with key peerID and message key. + [fragmentDictionary setObject:@{theirPeerID:fragment} + forKey:kIDSMessageToSendKey]; + // Insert the fragment number in the dictionary + [fragmentDictionary setObject:[NSNumber numberWithInt:fragmentIndex] + forKey:kIDSFragmentIndex]; + + result = [self sendIDSMessage:fragmentDictionary name:deviceName peer:ourPeerID]; + if(!result) + secerror("Could not send fragmented message"); + + startingPosition+=fragmentLength; + remainingLength-=fragmentLength; + fragmentIndex++; + } + + return result; +} + +- (void)sendToKVS: (NSString*) theirPeerID message: (NSData*) message +{ + [self sendKeysCallout:^NSMutableDictionary *(NSMutableDictionary *pending, NSError** error) { + CFErrorRef cf_error = NULL; + + bool success = SOSCCRequestSyncWithPeerOverKVS(((__bridge CFStringRef)theirPeerID), (__bridge CFDataRef)message, &cf_error); + + if(success){ + secnotice("IDSPing", "sent peerID: %@ to securityd to sync over KVS", theirPeerID); + } + else{ + secerror("Could not hand peerID: %@ to securityd, error: %@", theirPeerID, cf_error); + } + + CFReleaseNull(cf_error); + return NULL; + }]; +} + +- (void) sendMessageToKVS: (NSDictionary*) encapsulatedKeychainMessage +{ + [encapsulatedKeychainMessage enumerateKeysAndObjectsUsingBlock:^(id _Nonnull key, id _Nonnull obj, BOOL * _Nonnull stop) { + if ([key isKindOfClass: [NSString class]] && [obj isKindOfClass:[NSData class]]) { + [self sendToKVS:key message:obj]; + } else { + secerror("Couldn't send to KVS key: %@ obj: %@", key, obj); + } + }]; +} + + +- (void)pingTimerFired:(NSString*)IDSid peerID:(NSString*)peerID identifier:(NSString*)identifier +{ + //setting next time to send + [self updateNextTimeToSendFor5Minutes:IDSid]; + + secnotice("IDS Transport", "device ID: %@ !!!!!!!!!!!!!!!!Ping timeout is up!!!!!!!!!!!!", IDSid); + //call securityd to sync with device over KVS + __block CFErrorRef cf_error = NULL; + __block bool success = kHandleIDSMessageSuccess; + + dispatch_source_t timer = [[KeychainSyncingOverIDSProxy idsProxy].pingTimers objectForKey:IDSid]; //remove timer + dispatch_cancel(timer); //cancel timer + + [[KeychainSyncingOverIDSProxy idsProxy].pingTimers removeObjectForKey:IDSid]; + + [self sendKeysCallout:^NSMutableDictionary *(NSMutableDictionary *pending, NSError** error) { + + success = SOSCCRequestSyncWithPeerOverKVSUsingIDOnly(((__bridge CFStringRef)IDSid), &cf_error); + + if(success){ + secnotice("IDSPing", "sent peerID: %@ to securityd to sync over KVS", IDSid); + } + else{ + secerror("Could not hand peerID: %@ to securityd, error: %@", IDSid, cf_error); + } + + return NULL; + }]; + CFReleaseSafe(cf_error); +} + +-(void) pingDevices:(NSArray*)list peerID:(NSString*)peerID +{ + NSDictionary *messageDictionary = @{kIDSOperationType : [NSString stringWithFormat:@"%d", kIDSPeerAvailability], kIDSMessageToSendKey : @"checking peers"}; + + [list enumerateObjectsUsingBlock:^(id obj, NSUInteger idx, BOOL * top) { + NSString* IDSid = (NSString*)obj; + NSString* identifier = [NSString string]; + bool result = false; + secnotice("IDS Transport", "sending to id: %@", IDSid); + + [self recordTimestampOfWriteToIDS: messageDictionary deviceName:IDSid peerID:peerID]; //add pings to throttling + NSDictionary *safeValues = [self filterForWritableValues:messageDictionary]; + + if(safeValues != nil && [safeValues count] > 0){ + result = [self sendIDSMessage:safeValues name:IDSid peer:peerID]; + + if(!result){ + secerror("Could not send message over IDS"); + [self sendKeysCallout:^NSMutableDictionary *(NSMutableDictionary *pending, NSError** error) { + CFErrorRef kvsError = nil; + bool success = SOSCCRequestSyncWithPeerOverKVSUsingIDOnly(((__bridge CFStringRef)IDSid), &kvsError); + + if(success){ + secnotice("IDSPing", "sent peerID: %@ to securityd to sync over KVS", IDSid); + } + else{ + secerror("Could not hand peerID: %@ to securityd, error: %@", IDSid, kvsError); + } + CFReleaseNull(kvsError); + return NULL; + }]; + } + else{ + dispatch_source_t timer = nil; + if( [self.pingTimers objectForKey:IDSid] == nil){ + timer = dispatch_source_create(DISPATCH_SOURCE_TYPE_TIMER, 0, 0, dispatch_get_main_queue()); + + dispatch_source_set_timer(timer, dispatch_time(DISPATCH_TIME_NOW, timeout * NSEC_PER_SEC), DISPATCH_TIME_FOREVER, kRetryTimerLeeway); + dispatch_source_set_event_handler(timer, ^{ + [self pingTimerFired:IDSid peerID:peerID identifier:identifier]; + }); + dispatch_resume(timer); + + [self.pingTimers setObject:timer forKey:IDSid]; + } + } + } + }]; + +} + +-(BOOL) shouldProxySendMessage:(NSString*)deviceName +{ + BOOL result = false; + + //checking peer cache to see if the message should be sent over IDS or back to KVS + if(self.peerNextSendCache == nil) + { + self.peerNextSendCache = [[NSMutableDictionary alloc]initWithCapacity:0]; + } + NSDate *nextTimeToSend = [self.peerNextSendCache objectForKey:deviceName]; + if(nextTimeToSend != nil) + { + //check if the timestamp is stale or set sometime in the future + NSDate *currentTime = [[NSDate alloc] init]; + //if the current time is greater than the next time to send -> time to send! + if([[nextTimeToSend laterDate:currentTime] isEqual:currentTime]){ + result = true; + } + } + else{ //next time to send is not set yet + result = true; + } + return result; +} + +-(BOOL) isMessageAPing:(NSDictionary*)data +{ + NSDictionary *messageDictionary = [data objectForKey: kIDSMessageToSendKey]; + BOOL isPingMessage = false; + + if(messageDictionary && ![messageDictionary isKindOfClass:[NSDictionary class]]) + { + NSString* messageString = [data objectForKey: kIDSMessageToSendKey]; + if(messageString && [messageString isKindOfClass:[NSString class]]) + isPingMessage = true; + } + else if(!messageDictionary){ + secerror("IDS Transport: message is null?"); + } + + return isPingMessage; +} + +-(BOOL) sendFragmentedIDSMessages:(NSDictionary*)data name:(NSString*) deviceName peer:(NSString*) ourPeerID error:(NSError**) error +{ + BOOL result = false; + BOOL isPingMessage = false; + + NSError* localError = nil; + + NSString* operationTypeAsString = [data objectForKey: kIDSOperationType]; + NSMutableDictionary *messageDictionary = [data objectForKey: kIDSMessageToSendKey]; + + isPingMessage = [self isMessageAPing:data]; + + //check the peer cache for the next time to send timestamp + //if the timestamp is set in the future, reroute the message to KVS + //otherwise send the message over IDS + if(![self shouldProxySendMessage:deviceName]) + { + if(isPingMessage){ + secnotice("IDS Transport", "peer negative cache check: peer cannot send yet. not sending ping message"); + return true; + } + else{ + secnotice("IDS Transport", "peer negative cache check: peer cannot send yet. rerouting message to be sent over KVS: %@", messageDictionary); + [self sendMessageToKVS:messageDictionary]; + return true; + } + } + + if(isPingMessage){ //foward the ping message, no processing + result = [self sendIDSMessage:data + name:deviceName + peer:ourPeerID]; + if(!result){ + secerror("Could not send ping message"); + } + return result; + } + + NSString *localMessageIdentifier = [[NSUUID UUID] UUIDString]; + + bool fragment = [operationTypeAsString intValue] == kIDSKeychainSyncIDSFragmentation; + bool useAckModel = fragment && [[data objectForKey:kIDSMessageUseACKModel] compare: @"YES"] == NSOrderedSame; + + __block NSData *keychainData = nil; + __block NSString *theirPeerID = nil; + + [messageDictionary enumerateKeysAndObjectsUsingBlock:^(id key, id obj, BOOL *stop) { + if ([key isKindOfClass:[NSString class]] && [obj isKindOfClass:[NSData class]]) { + theirPeerID = (NSString*)key; + keychainData = (NSData*)obj; + } + *stop = YES; + }]; + + if(fragment && keychainData && [keychainData length] >= kMaxIDSMessagePayloadSize){ + result = [self chunkAndSendKeychainPayload:keychainData + deviceID:deviceName + ourPeerID:ourPeerID + theirPeerID:theirPeerID + operation:operationTypeAsString + uuid:localMessageIdentifier + error:&localError]; + } + else{ + NSMutableDictionary* dataCopy = [NSMutableDictionary dictionaryWithDictionary:data]; + [dataCopy setObject:localMessageIdentifier forKey:kIDSMessageUniqueID]; + result = [self sendIDSMessage:dataCopy + name:deviceName + peer:ourPeerID]; + } + + if(result && useAckModel){ + secnotice("IDS Transport", "setting ack timer"); + [self setMessageTimer:localMessageIdentifier deviceID:deviceName message:data]; + } + + secnotice("IDS Transport","returning result: %d, error: %@", result, error ? *error : nil); + return result; +} + +-(void) updateNextTimeToSendFor5Minutes:(NSString*)ID +{ + secnotice("IDS Transport", "Setting next time to send in 5 minutes for device: %@", ID); + + NSTimeInterval backOffInterval = (KVS_BACKOFF * 60); + NSDate *nextTimeToTransmit = [NSDate dateWithTimeInterval:backOffInterval sinceDate:[NSDate date]]; + + [self.peerNextSendCache setObject:nextTimeToTransmit forKey:ID]; +} + +- (void)ackTimerFired:(NSString*)identifier deviceID:(NSString*)ID +{ + secnotice("IDS Transport", "IDS device id: %@, Ping timeout is up for message identifier: %@", ID, identifier); + + //call securityd to sync with device over KVS + NSMutableDictionary *message = [[KeychainSyncingOverIDSProxy idsProxy].messagesInFlight objectForKey:identifier]; + if(!message){ + return; + } + NSDictionary *encapsulatedKeychainMessage = [message objectForKey:kIDSMessageToSendKey]; + + [[KeychainSyncingOverIDSProxy idsProxy].messagesInFlight removeObjectForKey:identifier]; + + secnotice("IDS Transport", "Encapsulated message: %@", encapsulatedKeychainMessage); + dispatch_source_t timer = [[KeychainSyncingOverIDSProxy idsProxy].pingTimers objectForKey:identifier]; //remove timer + dispatch_cancel(timer); //cancel timer + + [[KeychainSyncingOverIDSProxy idsProxy].pingTimers removeObjectForKey:identifier]; + + [self sendMessageToKVS:encapsulatedKeychainMessage]; + + //setting next time to send + [self updateNextTimeToSendFor5Minutes:ID]; + + [[KeychainSyncingOverIDSProxy idsProxy] persistState]; +} + +-(void) setMessageTimer:(NSString*)identifier deviceID:(NSString*)ID message:(NSDictionary*)message +{ + dispatch_source_t timer = dispatch_source_create(DISPATCH_SOURCE_TYPE_TIMER, 0, 0, dispatch_get_main_queue()); + dispatch_source_set_timer(timer, dispatch_time(DISPATCH_TIME_NOW, timeout * NSEC_PER_SEC), DISPATCH_TIME_FOREVER, kRetryTimerLeeway); + + dispatch_source_set_event_handler(timer, ^{ + [self ackTimerFired:identifier deviceID:ID]; + }); + dispatch_resume(timer); + //restructure message in flight + + [[KeychainSyncingOverIDSProxy idsProxy].messagesInFlight setObject:message forKey:identifier]; + [self.pingTimers setObject:timer forKey:identifier]; + [[KeychainSyncingOverIDSProxy idsProxy] persistState]; +} + + +-(BOOL) sendIDSMessage:(NSDictionary*)data name:(NSString*) deviceName peer:(NSString*) peerID +{ + + if(!self->_service){ + secerror("Could not send message to peer: %@: IDS delegate uninitialized, can't use IDS to send this message", deviceName); + return NO; + } + + dispatch_async(self.calloutQueue, ^{ + + IDSMessagePriority priority = IDSMessagePriorityHigh; + BOOL encryptionOff = YES; + NSString *sendersPeerIDKey = [ NSString stringWithUTF8String: kMessageKeySendersPeerID]; + + secnotice("backoff","!!writing these keys to IDS!!: %@", data); + + NSDictionary *options = @{IDSSendMessageOptionForceEncryptionOffKey : [NSNumber numberWithBool:encryptionOff] }; + + NSMutableDictionary *dataCopy = [NSMutableDictionary dictionaryWithDictionary: data]; + + //set our peer id and a unique id for this message + [dataCopy setObject:peerID forKey:sendersPeerIDKey]; + secnotice("IDS Transport", "%@ sending message %@ to: %@", peerID, data, deviceName); + + NSDictionary *info; + NSInteger errorCode = 0; + NSInteger numberOfDevices = 0; + NSString *errMessage = nil; + NSMutableSet *destinations = nil; + NSError *localError = nil; + NSString *identifier = nil; + IDSDevice *device = nil; + numberOfDevices = [self.listOfDevices count]; + + require_action_quiet(numberOfDevices > 0, fail, errorCode = kSecIDSErrorNotRegistered; errMessage=createErrorString(@"Could not send message to peer: %@: IDS devices are not registered yet", deviceName)); + secnotice("IDS Transport","List of devices: %@", [self->_service devices]); + + destinations = [NSMutableSet set]; + for(NSUInteger i = 0; i < [ self.listOfDevices count ]; i++){ + device = self.listOfDevices[i]; + if( [ deviceName compare:device.uniqueID ] == 0){ + [destinations addObject: IDSCopyIDForDevice(device)]; + } + } + require_action_quiet([destinations count] != 0, fail, errorCode = kSecIDSErrorCouldNotFindMatchingAuthToken; errMessage = createErrorString(@"Could not send message to peer: %@: IDS device ID for peer does not match any devices within an IDS Account", deviceName)); + + bool result = [self->_service sendMessage:dataCopy toDestinations:destinations priority:priority options:options identifier:&identifier error:&localError ] ; + + require_action_quiet(localError == nil && result, fail, errorCode = kSecIDSErrorFailedToSend; errMessage = createErrorString(@"Had an error sending IDS message to peer: %@", deviceName)); + + secnotice("IDS Transport","successfully sent to peer:%@, message: %@", deviceName, dataCopy); + fail: + + info = [ NSDictionary dictionaryWithObjectsAndKeys:errMessage, NSLocalizedDescriptionKey, nil ]; + if(localError != nil){ + localError = [[NSError alloc] initWithDomain:@"com.apple.security.ids.error" code:errorCode userInfo:info ]; + secerror("%@", localError); + } + if(localError != nil) + secerror("%@", localError); + + }); + + return YES; +} + +@end diff --git a/IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxyThrottle.h b/KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+Throttle.h similarity index 96% rename from IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxyThrottle.h rename to KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+Throttle.h index a1230294..65a2c596 100644 --- a/IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxyThrottle.h +++ b/KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+Throttle.h @@ -24,7 +24,7 @@ #import "IDSProxy.h" -@interface IDSKeychainSyncingProxy (IDSProxyThrottle) +@interface KeychainSyncingOverIDSProxy (Throttle) - (dispatch_source_t)setNewTimer:(int)timeout key:(NSString*)key deviceName:(NSString*)deviceName peerID:(NSString*)peerID; - (NSDictionary*)filterForWritableValues:(NSDictionary *)values; diff --git a/IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxyThrottle.m b/KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+Throttle.m similarity index 85% rename from IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxyThrottle.m rename to KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+Throttle.m index ece00909..efacc327 100644 --- a/IDSKeychainSyncingProxy/IDSKeychainSyncingProxy+IDSProxyThrottle.m +++ b/KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+Throttle.m @@ -43,8 +43,10 @@ #include #import "IDSPersistentState.h" -#import "IDSKeychainSyncingProxy+IDSProxySendMessage.h" -#import "IDSKeychainSyncingProxy+IDSProxyThrottle.h" +#import "KeychainSyncingOverIDSProxy+SendMessage.h" +#import "KeychainSyncingOverIDSProxy+Throttle.h" +#import + static NSString *kExportUnhandledMessages = @"UnhandledMessages"; static NSString *kMonitorState = @"MonitorState"; @@ -67,10 +69,16 @@ static NSString *kMonitorWroteInTimeSlice = @"TimeSlice"; static int max_penalty_timeout = 32; static int seconds_per_minute = 60; +static int queue_depth = 1; + +#if TARGET_OS_EMBEDDED && !TARGET_IPHONE_SIMULATOR +CFStringRef const IDSPAggdIncreaseThrottlingKey = CFSTR("com.apple.security.idsproxy.increasethrottle"); +CFStringRef const IDSPAggdDecreaseThrottlingKey = CFSTR("com.apple.security.idsproxy.decreasethrottle"); +#endif static const int64_t kRetryTimerLeeway = (NSEC_PER_MSEC * 250); // 250ms leeway for handling unhandled messages. -@implementation IDSKeychainSyncingProxy (IDSProxyThrottle) +@implementation KeychainSyncingOverIDSProxy (Throttle) -(dispatch_source_t)setNewTimer:(int)timeout key:(NSString*)key deviceName:(NSString*)deviceName peerID:(NSString*)peerID { @@ -86,6 +94,10 @@ static const int64_t kRetryTimerLeeway = (NSEC_PER_MSEC * 250); // 250ms le -(void) increasePenalty:(NSNumber*)currentPenalty key:(NSString*)key keyEntry:(NSMutableDictionary**)keyEntry deviceName:(NSString*)deviceName peerID:(NSString*)peerID { +#if TARGET_OS_EMBEDDED && !TARGET_IPHONE_SIMULATOR + SecADAddValueForScalarKey((IDSPAggdIncreaseThrottlingKey), 1); +#endif + secnotice("backoff", "increasing penalty!"); int newPenalty = 0; @@ -112,11 +124,14 @@ static const int64_t kRetryTimerLeeway = (NSEC_PER_MSEC * 250); // 250ms le } [*keyEntry setObject:penalty_timeout forKey:kMonitorPenaltyBoxKey]; - [[IDSKeychainSyncingProxy idsProxy].monitor setObject:*keyEntry forKey:key]; + [[KeychainSyncingOverIDSProxy idsProxy].monitor setObject:*keyEntry forKey:key]; } -(void) decreasePenalty:(NSNumber*)currentPenalty key:(NSString*)key keyEntry:(NSMutableDictionary**)keyEntry deviceName:(NSString*)deviceName peerID:(NSString*)peerID { +#if TARGET_OS_EMBEDDED && !TARGET_IPHONE_SIMULATOR + SecADAddValueForScalarKey((IDSPAggdDecreaseThrottlingKey), 1); +#endif int newPenalty = 0; secnotice("backoff","decreasing penalty!"); if([currentPenalty intValue] == 0 || [currentPenalty intValue] == 1) @@ -150,30 +165,29 @@ static const int64_t kRetryTimerLeeway = (NSEC_PER_MSEC * 250); // 250ms le } [*keyEntry setObject:penalty_timeout forKey:kMonitorPenaltyBoxKey]; - [[IDSKeychainSyncingProxy idsProxy].monitor setObject:*keyEntry forKey:key]; + [[KeychainSyncingOverIDSProxy idsProxy].monitor setObject:*keyEntry forKey:key]; } - (void)penaltyTimerFired:(NSString*)key deviceName:(NSString*)deviceName peerID:(NSString*)peerID { secnotice("backoff", "key: %@, !!!!!!!!!!!!!!!!penalty timeout is up!!!!!!!!!!!!", key); - NSMutableDictionary *keyEntry = [[IDSKeychainSyncingProxy idsProxy].monitor objectForKey:key]; + NSMutableDictionary *keyEntry = [[KeychainSyncingOverIDSProxy idsProxy].monitor objectForKey:key]; if(!keyEntry){ [self initializeKeyEntry:key]; - keyEntry = [[IDSKeychainSyncingProxy idsProxy].monitor objectForKey:key]; + keyEntry = [[KeychainSyncingOverIDSProxy idsProxy].monitor objectForKey:key]; } - NSMutableArray *queuedMessages = [[IDSKeychainSyncingProxy idsProxy].monitor objectForKey:kMonitorMessageQueue]; + NSMutableArray *queuedMessages = [[KeychainSyncingOverIDSProxy idsProxy].monitor objectForKey:kMonitorMessageQueue]; secnotice("backoff","key: %@, queuedMessages: %@", key, queuedMessages); if(queuedMessages && [queuedMessages count] != 0){ secnotice("backoff","key: %@, message queue not empty, writing to IDS!", key); [queuedMessages enumerateObjectsUsingBlock:^(id _Nonnull obj, NSUInteger idx, BOOL * _Nonnull stop) { NSError* error = nil; NSDictionary* message = (NSDictionary*) obj; - NSString *identifier = [NSString string]; - [self sendIDSMessage:message name:deviceName peer:peerID identifier:&identifier error:&error]; + [self sendFragmentedIDSMessages:message name:deviceName peer:peerID error:&error]; }]; - [[IDSKeychainSyncingProxy idsProxy].monitor setObject:[NSMutableArray array] forKey:kMonitorMessageQueue]; + [[KeychainSyncingOverIDSProxy idsProxy].monitor setObject:[NSMutableArray array] forKey:kMonitorMessageQueue]; } //decrease timeout since we successfully wrote messages out NSNumber *penalty_timeout = [keyEntry objectForKey:kMonitorPenaltyBoxKey]; @@ -206,7 +220,7 @@ static const int64_t kRetryTimerLeeway = (NSEC_PER_MSEC * 250); // 250ms le [keyEntry setObject:consecutiveWrites forKey:kMonitorConsecutiveWrites]; [keyEntry setObject:timetableForKey forKey:kMonitorTimeTable]; - [[IDSKeychainSyncingProxy idsProxy].monitor setObject:keyEntry forKey:key]; + [[KeychainSyncingOverIDSProxy idsProxy].monitor setObject:keyEntry forKey:key]; } @@ -229,12 +243,12 @@ static const int64_t kRetryTimerLeeway = (NSEC_PER_MSEC * 250); // 250ms le - (void)initializeKeyEntry:(NSString*)key { - NSMutableDictionary *timeTable = [[IDSKeychainSyncingProxy idsProxy] initializeTimeTable:key]; + NSMutableDictionary *timeTable = [[KeychainSyncingOverIDSProxy idsProxy] initializeTimeTable:key]; NSDate *currentTime = [NSDate date]; - NSMutableDictionary *keyEntry = [NSMutableDictionary dictionaryWithObjectsAndKeys: key, kMonitorMessageKey, @0, kMonitorConsecutiveWrites, currentTime, kMonitorLastWriteTimestamp, @0, kMonitorPenaltyBoxKey, timeTable, kMonitorTimeTable,[NSMutableDictionary dictionary], kMonitorMessageQueue, nil]; + NSMutableDictionary *keyEntry = [NSMutableDictionary dictionaryWithObjectsAndKeys: key, kMonitorMessageKey, @0, kMonitorConsecutiveWrites, currentTime, kMonitorLastWriteTimestamp, @0, kMonitorPenaltyBoxKey, timeTable, kMonitorTimeTable,[NSMutableArray array], kMonitorMessageQueue, nil]; - [[IDSKeychainSyncingProxy idsProxy].monitor setObject:keyEntry forKey:key]; + [[KeychainSyncingOverIDSProxy idsProxy].monitor setObject:keyEntry forKey:key]; } @@ -257,7 +271,7 @@ static const int64_t kRetryTimerLeeway = (NSEC_PER_MSEC * 250); // 250ms le //(date, boolean to check if a write occured in the timeslice, NSMutableDictionary *minutesTable = [*timeTable objectForKey: sortedKey]; if(minutesTable == nil) - minutesTable = [[IDSKeychainSyncingProxy idsProxy] initializeTimeTable:key]; + minutesTable = [[KeychainSyncingOverIDSProxy idsProxy] initializeTimeTable:key]; NSString *minuteKey = (NSString*)sortedKey; NSDate *timeStampForSlice = [minutesTable objectForKey:minuteKey]; @@ -307,14 +321,14 @@ static const int64_t kRetryTimerLeeway = (NSEC_PER_MSEC * 250); // 250ms le } } - *timeTable = [[IDSKeychainSyncingProxy idsProxy] initializeTimeTable:key]; + *timeTable = [[KeychainSyncingOverIDSProxy idsProxy] initializeTimeTable:key]; return; } *consecutiveWrites = [[NSNumber alloc]initWithInt:cWrites]; } - (void)recordTimestampOfWriteToIDS:(NSDictionary *)values deviceName:(NSString*)name peerID:(NSString*)peerid { - if([[IDSKeychainSyncingProxy idsProxy].monitor count] == 0){ + if([[KeychainSyncingOverIDSProxy idsProxy].monitor count] == 0){ [values enumerateKeysAndObjectsUsingBlock: ^(id key, id obj, BOOL *stop) { [self initializeKeyEntry: key]; @@ -323,7 +337,7 @@ static const int64_t kRetryTimerLeeway = (NSEC_PER_MSEC * 250); // 250ms le else{ [values enumerateKeysAndObjectsUsingBlock: ^(id key, id obj, BOOL *stop) { - NSMutableDictionary *keyEntry = [[IDSKeychainSyncingProxy idsProxy].monitor objectForKey:key]; + NSMutableDictionary *keyEntry = [[KeychainSyncingOverIDSProxy idsProxy].monitor objectForKey:key]; if(keyEntry == nil){ [self initializeKeyEntry: key]; } @@ -342,7 +356,7 @@ static const int64_t kRetryTimerLeeway = (NSEC_PER_MSEC * 250); // 250ms le [keyEntry setObject:existingWrites forKey:kMonitorConsecutiveWrites]; [keyEntry setObject:timeTable forKey:kMonitorTimeTable]; [keyEntry setObject:currentTime forKey:kMonitorLastWriteTimestamp]; - [[IDSKeychainSyncingProxy idsProxy].monitor setObject:keyEntry forKey:key]; + [[KeychainSyncingOverIDSProxy idsProxy].monitor setObject:keyEntry forKey:key]; if( (penalty_timeout && [penalty_timeout intValue] != 0 ) || ((double)[currentTime timeIntervalSinceDate: lastWriteTimestamp] <= 60 && consecutiveWrites >= 5)){ @@ -374,20 +388,26 @@ static const int64_t kRetryTimerLeeway = (NSEC_PER_MSEC * 250); // 250ms le - (NSDictionary*)filterForWritableValues:(NSDictionary *)values { secnotice("backoff", "filterForWritableValues: %@", values); - NSMutableDictionary *keyEntry_operationType = [[IDSKeychainSyncingProxy idsProxy].monitor objectForKey:@"IDSMessageOperation"]; + NSMutableDictionary *keyEntry_operationType = [[KeychainSyncingOverIDSProxy idsProxy].monitor objectForKey:@"IDSMessageOperation"]; secnotice("backoff", "keyEntry_operationType: %@", keyEntry_operationType); - + NSNumber *penalty = [keyEntry_operationType objectForKey:kMonitorPenaltyBoxKey]; if(penalty && [penalty intValue] != 0){ - NSMutableArray *queuedMessage = [[IDSKeychainSyncingProxy idsProxy].monitor objectForKey:kMonitorMessageQueue]; + NSMutableArray *queuedMessage = [[KeychainSyncingOverIDSProxy idsProxy].monitor objectForKey:kMonitorMessageQueue]; if(queuedMessage == nil) - queuedMessage = [NSMutableArray array]; + queuedMessage = [[NSMutableArray alloc] initWithCapacity:queue_depth]; + secnotice("backoff", "writing to queuedMessages: %@", queuedMessage); - [queuedMessage addObject:values]; - [[IDSKeychainSyncingProxy idsProxy].monitor setObject:queuedMessage forKey:kMonitorMessageQueue]; + + if([queuedMessage count] == 0) + [queuedMessage addObject:values]; + else + [queuedMessage replaceObjectAtIndex:(queue_depth-1) withObject: values]; + + [[KeychainSyncingOverIDSProxy idsProxy].monitor setObject:queuedMessage forKey:kMonitorMessageQueue]; return NULL; } diff --git a/IDSKeychainSyncingProxy/IDSKeychainSyncingProxy-Info.plist b/KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy-Info.plist similarity index 93% rename from IDSKeychainSyncingProxy/IDSKeychainSyncingProxy-Info.plist rename to KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy-Info.plist index 07887652..97c09063 100644 --- a/IDSKeychainSyncingProxy/IDSKeychainSyncingProxy-Info.plist +++ b/KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy-Info.plist @@ -13,7 +13,7 @@ CFBundleIconFile CFBundleIdentifier - com.apple.security.idskeychainsyncingproxy + com.apple.security.keychainsyncingoveridsproxy CFBundleInfoDictionaryVersion 6.0 CFBundleName diff --git a/KeychainSyncingOverIDSProxy/com.apple.private.alloy.keychainsync.plist b/KeychainSyncingOverIDSProxy/com.apple.private.alloy.keychainsync.plist new file mode 100644 index 0000000000000000000000000000000000000000..f08f2617b1ce77c9f0708dda9741267278cb8c15 GIT binary patch literal 458 zcma)$O-{ow6ojA4Ut4}^V8H^|u|a~U3l7kzEcmS|wL+pz6&d@Ln7XkQJFT*3#Z5Q> z+=T@f;1r|~mPmP<(LBvJng^q#bJNsfa{ zfw7ZgiOKL>TBBIjVN<;CrZ(zpBY8*NO Label - com.apple.security.idskeychainsyncingproxy + com.apple.security.keychainsyncingoveridsproxy LaunchEvents com.apple.notifyd.matching @@ -38,14 +38,14 @@ com.apple.private.alloy.keychainsync-idswake - com.apple.security.idskeychainsyncingproxy + com.apple.security.keychainsyncingoveridsproxy Program - /System/Library/Frameworks/Security.framework/IDSKeychainSyncingProxy.bundle/IDSKeychainSyncingProxy + /System/Library/Frameworks/Security.framework/KeychainSyncingOverIDSProxy.bundle/KeychainSyncingOverIDSProxy ProgramArguments - /System/Library/Frameworks/Security.framework/IDSKeychainSyncingProxy.bundle/IDSKeychainSyncingProxy + /System/Library/Frameworks/Security.framework/KeychainSyncingOverIDSProxy.bundle/KeychainSyncingOverIDSProxy RunAtLoad diff --git a/IDSKeychainSyncingProxy/com.apple.security.idskeychainsyncingproxy.osx.plist b/KeychainSyncingOverIDSProxy/com.apple.security.keychainsyncingoveridsproxy.osx.plist similarity index 76% rename from IDSKeychainSyncingProxy/com.apple.security.idskeychainsyncingproxy.osx.plist rename to KeychainSyncingOverIDSProxy/com.apple.security.keychainsyncingoveridsproxy.osx.plist index c60f567d..b24e84ee 100644 --- a/IDSKeychainSyncingProxy/com.apple.security.idskeychainsyncingproxy.osx.plist +++ b/KeychainSyncingOverIDSProxy/com.apple.security.keychainsyncingoveridsproxy.osx.plist @@ -14,9 +14,9 @@ Program - /System/Library/Frameworks/Security.framework/Versions/A/Resources/IDSKeychainSyncingProxy.bundle/Contents/MacOS/IDSKeychainSyncingProxy + /System/Library/Frameworks/Security.framework/Versions/A/Resources/KeychainSyncingOverIDSProxy.bundle/Contents/MacOS/KeychainSyncingOverIDSProxy Label - com.apple.security.idskeychainsyncingproxy + com.apple.security.keychainsyncingoveridsproxy EnvironmentVariables DEBUGSCOPE @@ -30,12 +30,12 @@ com.apple.private.alloy.keychainsync-idswake - com.apple.security.idskeychainsyncingproxy + com.apple.security.keychainsyncingoveridsproxy ProgramArguments - /System/Library/Frameworks/Security.framework/Versions/A/Resources/IDSKeychainSyncingProxy.bundle/Contents/MacOS/IDSKeychainSyncingProxy + /System/Library/Frameworks/Security.framework/Versions/A/Resources/KeychainSyncingOverIDSProxy.bundle/Contents/MacOS/KeychainSyncingOverIDSProxy RunAtLoad diff --git a/IDSKeychainSyncingProxy/en.lproj/InfoPlist.strings b/KeychainSyncingOverIDSProxy/en.lproj/InfoPlist.strings similarity index 100% rename from IDSKeychainSyncingProxy/en.lproj/InfoPlist.strings rename to KeychainSyncingOverIDSProxy/en.lproj/InfoPlist.strings diff --git a/IDSKeychainSyncingProxy/idskeychainsyncingproxy.entitlements.plist b/KeychainSyncingOverIDSProxy/keychainsyncingoveridsproxy.entitlements.plist similarity index 89% rename from IDSKeychainSyncingProxy/idskeychainsyncingproxy.entitlements.plist rename to KeychainSyncingOverIDSProxy/keychainsyncingoveridsproxy.entitlements.plist index de454689..14070f34 100644 --- a/IDSKeychainSyncingProxy/idskeychainsyncingproxy.entitlements.plist +++ b/KeychainSyncingOverIDSProxy/keychainsyncingoveridsproxy.entitlements.plist @@ -2,7 +2,7 @@ - keychain-cloud-circle + keychain-cloud-circle com.apple.wifi.manager-access @@ -27,6 +27,6 @@ InternetAccounts application-identifier - com.apple.security.idskeychainsyncingproxy + com.apple.security.keychainsyncingoveridsproxy diff --git a/IDSKeychainSyncingProxy/idskeychainsyncingproxy.m b/KeychainSyncingOverIDSProxy/keychainsyncingoveridsproxy.m similarity index 77% rename from IDSKeychainSyncingProxy/idskeychainsyncingproxy.m rename to KeychainSyncingOverIDSProxy/keychainsyncingoveridsproxy.m index eba2c266..1d8b03e2 100644 --- a/IDSKeychainSyncingProxy/idskeychainsyncingproxy.m +++ b/KeychainSyncingOverIDSProxy/keychainsyncingoveridsproxy.m @@ -35,10 +35,10 @@ #include #include #include "SOSCloudKeychainConstants.h" +#import - -#import "IDSKeychainSyncingProxy+IDSProxyThrottle.h" -#import "IDSKeychainSyncingProxy+IDSProxySendMessage.h" +#import "KeychainSyncingOverIDSProxy+Throttle.h" +#import "KeychainSyncingOverIDSProxy+SendMessage.h" int idsproxymain(int argc, const char *argv[]); @@ -78,13 +78,47 @@ static void idskeychainsyncingproxy_peer_dictionary_handler(const xpc_connection if(operation && !strcmp(operation, kOperationGetDeviceID)){ - [[IDSKeychainSyncingProxy idsProxy] doSetIDSDeviceID]; + [[KeychainSyncingOverIDSProxy idsProxy] doSetIDSDeviceID]; xpc_object_t replyMessage = xpc_dictionary_create_reply(event); xpc_dictionary_set_bool(replyMessage, kMessageKeyValue, true); xpc_connection_send_message(peer, replyMessage); secdebug(PROXYXPCSCOPE, "Set our IDS Device ID message sent"); } + else if (operation && !strcmp(operation, kOperationGetPendingMesages)) + { + NSDictionary* messages = [[KeychainSyncingOverIDSProxy idsProxy] retrievePendingMessages]; + xpc_object_t xMessages = _CFXPCCreateXPCObjectFromCFObject((__bridge CFDictionaryRef)(messages)); + + xpc_object_t replyMessage = xpc_dictionary_create_reply(event); + xpc_dictionary_set_value(replyMessage, kMessageKeyValue, xMessages); + + xpc_connection_send_message(peer, replyMessage); + secdebug(PROXYXPCSCOPE, "retrieved pending messages"); + + } + else if(operation && !strcmp(operation, kOperationSendDeviceList)) //IDS device availability check + { + xpc_object_t xidsDeviceList = xpc_dictionary_get_value(event, kMessageKeyValue); + xpc_object_t xPeerID = xpc_dictionary_get_value(event, kMessageKeyPeerID); + + NSArray *idsList = (__bridge_transfer NSArray*)(_CFXPCCreateCFObjectFromXPCObject(xidsDeviceList)); + NSString *peerID = (__bridge_transfer NSString*)(_CFXPCCreateCFObjectFromXPCObject(xPeerID)); + + bool isMessageArray = (CFGetTypeID((__bridge CFTypeRef)(idsList)) == CFArrayGetTypeID()); + bool isPeerIDString = (CFGetTypeID((__bridge CFTypeRef)(peerID)) == CFStringGetTypeID()); + + require_quiet(isMessageArray, xit); + require_quiet(isPeerIDString, xit); + + [[KeychainSyncingOverIDSProxy idsProxy] pingDevices:idsList peerID:peerID]; + + xpc_object_t replyMessage = xpc_dictionary_create_reply(event); + xpc_dictionary_set_bool(replyMessage, kMessageKeyValue, true); + + xpc_connection_send_message(peer, replyMessage); + secdebug(PROXYXPCSCOPE, "IDS device list sent"); + } else if (operation && !strcmp(operation, kOperationSendFragmentedIDSMessage)) { xpc_object_t xidsMessageData = xpc_dictionary_get_value(event, kMessageKeyValue); @@ -104,11 +138,11 @@ static void idskeychainsyncingproxy_peer_dictionary_handler(const xpc_connection require_quiet(isPeerIDString, xit); require_quiet(isMessageDictionary, xit); - [[IDSKeychainSyncingProxy idsProxy] recordTimestampOfWriteToIDS: messageDictionary deviceName:deviceName peerID:peerID]; - NSDictionary *safeValues = [[IDSKeychainSyncingProxy idsProxy] filterForWritableValues:messageDictionary]; + [[KeychainSyncingOverIDSProxy idsProxy] recordTimestampOfWriteToIDS: messageDictionary deviceName:deviceName peerID:peerID]; + NSDictionary *safeValues = [[KeychainSyncingOverIDSProxy idsProxy] filterForWritableValues:messageDictionary]; if(safeValues != nil && [safeValues count] > 0){ - object = [[IDSKeychainSyncingProxy idsProxy] sendFragmentedIDSMessages:safeValues name:deviceName peer:peerID error:&error]; + object = [[KeychainSyncingOverIDSProxy idsProxy] sendFragmentedIDSMessages:safeValues name:deviceName peer:peerID error:&error]; } xpc_object_t replyMessage = xpc_dictionary_create_reply(event); @@ -121,28 +155,6 @@ static void idskeychainsyncingproxy_peer_dictionary_handler(const xpc_connection xpc_connection_send_message(peer, replyMessage); secdebug(PROXYXPCSCOPE, "IDS message sent"); } - else if(operation && !strcmp(operation, kOperationSendDeviceList)) //IDS device availability check - { - xpc_object_t xidsDeviceList = xpc_dictionary_get_value(event, kMessageKeyValue); - xpc_object_t xPeerID = xpc_dictionary_get_value(event, kMessageKeyPeerID); - - NSArray *idsList = (__bridge_transfer NSArray*)(_CFXPCCreateCFObjectFromXPCObject(xidsDeviceList)); - NSString *peerID = (__bridge_transfer NSString*)(_CFXPCCreateCFObjectFromXPCObject(xPeerID)); - - bool isMessageArray = (CFGetTypeID((__bridge CFTypeRef)(idsList)) == CFArrayGetTypeID()); - bool isPeerIDString = (CFGetTypeID((__bridge CFTypeRef)(peerID)) == CFStringGetTypeID()); - - require_quiet(isMessageArray, xit); - require_quiet(isPeerIDString, xit); - - [[IDSKeychainSyncingProxy idsProxy] pingDevices:idsList peerID:peerID]; - - xpc_object_t replyMessage = xpc_dictionary_create_reply(event); - xpc_dictionary_set_bool(replyMessage, kMessageKeyValue, true); - - xpc_connection_send_message(peer, replyMessage); - secdebug(PROXYXPCSCOPE, "IDS device list sent"); - } else if (operation && !strcmp(operation, kOperationSendIDSMessage)) //for IDS tests { xpc_object_t xidsMessageData = xpc_dictionary_get_value(event, kMessageKeyValue); @@ -162,9 +174,30 @@ static void idskeychainsyncingproxy_peer_dictionary_handler(const xpc_connection require_quiet(isPeerIDString, xit); require_quiet(isMessageDictionary, xit); - NSString *identifier = [NSString string]; - object = [[IDSKeychainSyncingProxy idsProxy] sendIDSMessage:messageDictionary name:deviceName peer:peerID identifier:&identifier error:&error]; - + [[KeychainSyncingOverIDSProxy idsProxy] recordTimestampOfWriteToIDS: messageDictionary deviceName:deviceName peerID:peerID]; + NSDictionary *safeValues = [[KeychainSyncingOverIDSProxy idsProxy] filterForWritableValues:messageDictionary]; + + if(safeValues != nil && [safeValues count] > 0){ + NSString *localMessageIdentifier = [[NSUUID UUID] UUIDString]; + NSMutableDictionary* safeValuesCopy = [NSMutableDictionary dictionaryWithDictionary:safeValues]; + + [safeValuesCopy setObject:localMessageIdentifier forKey:(__bridge NSString*)(kIDSMessageUniqueID)]; + + if([[KeychainSyncingOverIDSProxy idsProxy] sendIDSMessage:safeValuesCopy name:deviceName peer:peerID]) + { + object = true; + NSString *useAckModel = [safeValuesCopy objectForKey:(__bridge NSString*)(kIDSMessageUsesAckModel)]; + if(object && [useAckModel compare:@"YES"] == NSOrderedSame){ + secnotice("IDS Transport", "setting timer!"); + [[KeychainSyncingOverIDSProxy idsProxy] setMessageTimer:localMessageIdentifier deviceID:deviceName message:safeValuesCopy]; + } + } + else{ + secerror("Could not send message"); + } + + } + xpc_object_t replyMessage = xpc_dictionary_create_reply(event); xpc_dictionary_set_bool(replyMessage, kMessageKeyValue, object); @@ -249,7 +282,14 @@ int idsproxymain(int argc, const char *argv[]) xpc_connection_t listener = xpc_connection_create_mach_service(xpcIDSServiceName, NULL, XPC_CONNECTION_MACH_SERVICE_LISTENER); xpc_connection_set_event_handler(listener, ^(xpc_object_t object){ idskeychainsyncingproxy_event_handler(object); }); - [IDSKeychainSyncingProxy idsProxy]; + [KeychainSyncingOverIDSProxy idsProxy]; + + if([[KeychainSyncingOverIDSProxy idsProxy].messagesInFlight count] > 0 && + [KeychainSyncingOverIDSProxy idsProxy].isIDSInitDone && + [KeychainSyncingOverIDSProxy idsProxy].sendRestoredMessages){ + [[KeychainSyncingOverIDSProxy idsProxy] sendPersistedMessagesAgain]; + [KeychainSyncingOverIDSProxy idsProxy].sendRestoredMessages = false; + } // It looks to me like there is insufficient locking to allow a request to come in on the XPC connection while doing the initial all items. // Therefore I'm leaving the XPC connection suspended until that has time to process. @@ -262,7 +302,7 @@ int idsproxymain(int argc, const char *argv[]) [runLoop run]; } - secdebug(PROXYXPCSCOPE, "Exiting IDSKeychainSyncingProxy"); + secdebug(PROXYXPCSCOPE, "Exiting KeychainSyncingOverIDSProxy"); return EXIT_FAILURE; } diff --git a/Modules/Security.macOS.modulemap b/Modules/Security.macOS.modulemap index d7b5dd1c..e183b646 100644 --- a/Modules/Security.macOS.modulemap +++ b/Modules/Security.macOS.modulemap @@ -1,6 +1,5 @@ framework module Security [extern_c] { umbrella header "Security.h" - header "SecurityFeatures.h" export * module * { diff --git a/OSX/Breadcrumb/SecBreadcrumb.c b/OSX/Breadcrumb/SecBreadcrumb.c index 44b1ac55..5a8aee38 100644 --- a/OSX/Breadcrumb/SecBreadcrumb.c +++ b/OSX/Breadcrumb/SecBreadcrumb.c @@ -1,3 +1,25 @@ +/* + * Copyright (c) 2014 - 2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ #include #include @@ -11,6 +33,8 @@ #include +#import "SecCFAllocator.h" + #define CFReleaseNull(CF) ({ __typeof__(CF) *const _pcf = &(CF), _cf = *_pcf; (_cf ? (*_pcf) = ((__typeof__(CF))0), (CFRelease(_cf), ((__typeof__(CF))0)) : _cf); }) static const int kKeySize = CCAES_KEY_SIZE_128; @@ -20,8 +44,8 @@ static const CFIndex tagLen = 16; static const CFIndex ivLen = 16; static const uint8_t BCversion1 = 1; static const uint8_t BCversion2 = 2; -static const size_t paddingSize = 256; -static const size_t maxSize = 1024; +static const ssize_t paddingSize = 256; +static const ssize_t maxSize = 1024; Boolean SecBreadcrumbCreateFromPassword(CFStringRef inPassword, @@ -41,7 +65,7 @@ SecBreadcrumbCreateFromPassword(CFStringRef inPassword, if (outError) *outError = NULL; - key = CFDataCreateMutable(NULL, 0); + key = CFDataCreateMutable(SecCFAllocatorZeroize(), 0); if (key == NULL) return false; @@ -62,7 +86,7 @@ SecBreadcrumbCreateFromPassword(CFStringRef inPassword, * Create data for password */ - pw = CFStringCreateExternalRepresentation(NULL, inPassword, kCFStringEncodingUTF8, 0); + pw = CFStringCreateExternalRepresentation(SecCFAllocatorZeroize(), inPassword, kCFStringEncodingUTF8, 0); if (pw == NULL) { CFReleaseNull(key); return false; @@ -178,7 +202,7 @@ SecBreadcrumbCopyPassword(CFStringRef inPassword, return false; } - gcmkey = CFDataCreateMutableCopy(NULL, 0, inEncryptedKey); + gcmkey = CFDataCreateMutableCopy(SecCFAllocatorZeroize(), 0, inEncryptedKey); if (gcmkey == NULL) { return false; } @@ -188,7 +212,7 @@ SecBreadcrumbCopyPassword(CFStringRef inPassword, return false; } - oldpw = CFDataCreateMutable(NULL, outLength); + oldpw = CFDataCreateMutable(SecCFAllocatorZeroize(), outLength); if (oldpw == NULL) { CFReleaseNull(gcmkey); return false; @@ -199,7 +223,7 @@ SecBreadcrumbCopyPassword(CFStringRef inPassword, * Create data for password */ - pw = CFStringCreateExternalRepresentation(NULL, inPassword, kCFStringEncodingUTF8, 0); + pw = CFStringCreateExternalRepresentation(SecCFAllocatorZeroize(), inPassword, kCFStringEncodingUTF8, 0); if (pw == NULL) { CFReleaseNull(oldpw); CFReleaseNull(gcmkey); @@ -246,6 +270,7 @@ SecBreadcrumbCopyPassword(CFStringRef inPassword, outLength, CFDataGetBytePtr(inBreadcrumb) + 1, CFDataGetMutableBytePtr(oldpw), tagLen, tag); if (memcmp(tag, CFDataGetBytePtr(inBreadcrumb) + 1 + outLength, tagLen) != 0) { CFReleaseNull(oldpw); + CFReleaseNull(gcmkey); return false; } @@ -261,6 +286,7 @@ SecBreadcrumbCopyPassword(CFStringRef inPassword, tagLen, tag); if (res) { CFReleaseNull(oldpw); + CFReleaseNull(gcmkey); return false; } } @@ -270,14 +296,14 @@ SecBreadcrumbCopyPassword(CFStringRef inPassword, memcpy(&size, CFDataGetMutableBytePtr(oldpw), sizeof(size)); size = ntohl(size); - if (size > outLength - 4) { + if ((ssize_t) size > outLength - 4) { CFReleaseNull(oldpw); return false; } memmove(CFDataGetMutableBytePtr(oldpw), CFDataGetMutableBytePtr(oldpw) + 4, size); CFDataSetLength(oldpw, size); - *outPassword = CFStringCreateFromExternalRepresentation(NULL, oldpw, kCFStringEncodingUTF8); + *outPassword = CFStringCreateFromExternalRepresentation(SecCFAllocatorZeroize(), oldpw, kCFStringEncodingUTF8); CFReleaseNull(oldpw); return true; @@ -300,18 +326,18 @@ SecBreadcrumbCreateNewEncryptedKey(CFStringRef oldPassword, return NULL; } - newEncryptedKey = CFDataCreateMutableCopy(NULL, 0, encryptedKey); + newEncryptedKey = CFDataCreateMutableCopy(SecCFAllocatorZeroize(), 0, encryptedKey); if (newEncryptedKey == NULL) { return NULL; } - oldpw = CFStringCreateExternalRepresentation(NULL, oldPassword, kCFStringEncodingUTF8, 0); + oldpw = CFStringCreateExternalRepresentation(SecCFAllocatorZeroize(), oldPassword, kCFStringEncodingUTF8, 0); if (oldpw == NULL) { CFReleaseNull(newEncryptedKey); return false; } - newpw = CFStringCreateExternalRepresentation(NULL, newPassword, kCFStringEncodingUTF8, 0); + newpw = CFStringCreateExternalRepresentation(SecCFAllocatorZeroize(), newPassword, kCFStringEncodingUTF8, 0); if (newpw == NULL) { CFReleaseNull(newEncryptedKey); CFReleaseNull(oldpw); diff --git a/OSX/Breadcrumb/SecBreadcrumb.h b/OSX/Breadcrumb/SecBreadcrumb.h index ad02d1ff..e7cc4088 100644 --- a/OSX/Breadcrumb/SecBreadcrumb.h +++ b/OSX/Breadcrumb/SecBreadcrumb.h @@ -1,3 +1,26 @@ +/* + * Copyright (c) 2014 - 2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + /*! @function SecBreadcrumbCreateFromPassword @abstract Encryptes the password using a random key and then returns @@ -6,7 +29,7 @@ @param inPassword is the password to encrypt and use to encrypt the random key. @param outBreadcrumb is the password encrypted using a random key. @param outEncryptedKey is the random key encrypted using inPassword. - @param error An optional pointer to a CFErrorRef. This value is set + @param outError An optional pointer to a CFErrorRef. This value is set if an error occurred. If not NULL, the caller is responsible for releasing the CFErrorRef. @result On return a Boolean indicating success or failure. @@ -31,10 +54,10 @@ SecBreadcrumbCreateFromPassword(CFStringRef inPassword, @param inPassword is the password to decrypt the encrypted random key. @param inBreadcrumb is the breadcrumb encrypted by the key. It contains and encrypted version of the users old password. - @param inEcryptedKey is an encrypted version of the key used to encrypt the + @param inEncryptedKey is an encrypted version of the key used to encrypt the breadcrumb. @param outPassword is the cleartext password that was stored in the breadcrumb. - @param error An optional pointer to a CFErrorRef. This value is set + @param outError An optional pointer to a CFErrorRef. This value is set if an error occurred. If not NULL, the caller is responsible for releasing the CFErrorRef. @result On return a Boolean indicating success or failure. diff --git a/OSX/Breadcrumb/bc-10-knife-on-bread.m b/OSX/Breadcrumb/bc-10-knife-on-bread.m index 638eb729..a3f80db3 100644 --- a/OSX/Breadcrumb/bc-10-knife-on-bread.m +++ b/OSX/Breadcrumb/bc-10-knife-on-bread.m @@ -25,6 +25,7 @@ #include #include #include +#include #include "breadcrumb_regressions.h" @@ -50,7 +51,7 @@ int bc_10_password(int argc, char *const *argv) ok(SecBreadcrumbCopyPassword(password, breadcrumb, encryptedKey, &oldPassword, NULL), "unwrap failed"); ok(oldPassword && CFStringCompare(password, oldPassword, 0) == kCFCompareEqualTo, "not same password"); - CFRelease(oldPassword); + CFReleaseSafe(oldPassword); CFDataRef newEncryptedKey; @@ -66,9 +67,9 @@ int bc_10_password(int argc, char *const *argv) ok(oldPassword && CFStringCompare(password, oldPassword, 0) == kCFCompareEqualTo, "not same password"); - CFRelease(breadcrumb); - CFRelease(oldPassword); - CFRelease(newEncryptedKey); + CFReleaseSafe(breadcrumb); + CFReleaseSafe(oldPassword); + CFReleaseSafe(newEncryptedKey); /* * Check KAT for IV less operation (version1) @@ -81,9 +82,9 @@ int bc_10_password(int argc, char *const *argv) ok(oldPassword && CFStringCompare(password, oldPassword, 0) == kCFCompareEqualTo, "not same password"); - CFRelease(breadcrumb); - CFRelease(oldPassword); - CFRelease(newEncryptedKey); + CFReleaseSafe(breadcrumb); + CFReleaseSafe(oldPassword); + CFReleaseSafe(newEncryptedKey); /* * Check KAT for IV less operation (version2) @@ -96,9 +97,9 @@ int bc_10_password(int argc, char *const *argv) ok(oldPassword && CFStringCompare(password, oldPassword, 0) == kCFCompareEqualTo, "not same password"); - CFRelease(breadcrumb); - CFRelease(oldPassword); - CFRelease(newEncryptedKey); + CFReleaseSafe(breadcrumb); + CFReleaseSafe(oldPassword); + CFReleaseSafe(newEncryptedKey); return 0; } diff --git a/OSX/Keychain Circle Notification/KNAppDelegate.h b/OSX/Keychain Circle Notification/KNAppDelegate.h index b480bd19..b5c04f69 100644 --- a/OSX/Keychain Circle Notification/KNAppDelegate.h +++ b/OSX/Keychain Circle Notification/KNAppDelegate.h @@ -35,4 +35,6 @@ @property (retain) NSMutableSet *viewedIds; @property (retain) KNPersistentState *state; +- (void) postRequirePassword; + @end diff --git a/OSX/Keychain Circle Notification/KNAppDelegate.m b/OSX/Keychain Circle Notification/KNAppDelegate.m index 05160674..0eb509b3 100644 --- a/OSX/Keychain Circle Notification/KNAppDelegate.m +++ b/OSX/Keychain Circle Notification/KNAppDelegate.m @@ -29,20 +29,29 @@ #import #import #import +#import "notify.h" +#import +#import #import #import +#import +#import #include #include #include +#import #import "CoreCDP/CDPFollowUpController.h" #import "CoreCDP/CDPFollowUpContext.h" static const char * const kLaunchLaterXPCName = "com.apple.security.Keychain-Circle-Notification-TICK"; static const NSString * const kKickedOutKey = @"KickedOut"; static const NSString * const kValidOnlyOutOfCircleKey = @"ValidOnlyOutOfCircle"; - +static const NSString * const kPasswordChangedOrTrustedDeviceChanged = @"TDorPasswordChanged"; +static NSString *prefpane = @"/System/Library/PreferencePanes/iCloudPref.prefPane"; +#define kPublicKeyNotAvailable "com.apple.security.publickeynotavailable" +static NSString *KeychainPCDetailsAEAction = @"AKPCDetailsAEAction"; @implementation KNAppDelegate @@ -53,65 +62,100 @@ static NSUserNotificationCenter *appropriateNotificationCenter() } -- (void) notifyiCloudPreferencesAbout: (NSString *) eventName +-(void) startFollowupKitRepair { - if (eventName == nil) - return; + NSError *localError = NULL; + CDPFollowUpController *cdpd = [[CDPFollowUpController alloc] init]; + CDPFollowUpContext *context = [CDPFollowUpContext contextForStateRepair]; + [cdpd postFollowUpWithContext:context error:&localError ]; + if(localError){ + secnotice("kcn", "request to CoreCDP to follow up failed: %@", localError); + } + else + secnotice("kcn", "CoreCDP handling follow up"); +} - NSString *account = (__bridge NSString *)(MMCopyLoggedInAccount()); - NSLog(@"notifyiCloudPreferencesAbout %@", eventName); +- (void) handleDismissedNotification +{ + ACAccountStore *accountStore = [[ACAccountStore alloc] init]; + ACAccount *primaryiCloudAccount = nil; - AEDesc aeDesc; - BOOL createdAEDesc = createAEDescWithAEActionAndAccountID((__bridge NSString *) kMMServiceIDKeychainSync, eventName, account, &aeDesc); - if (createdAEDesc) { - NSArray *prefPaneURL = [NSArray arrayWithObject: [NSURL fileURLWithPath:@"/System/Library/PreferencePanes/iCloudPref.prefPane"]]; - - LSLaunchURLSpec lsSpec = { - .appURL = NULL, - .itemURLs = (__bridge CFArrayRef)prefPaneURL, - .passThruParams = &aeDesc, - .launchFlags = kLSLaunchDefaults | kLSLaunchAsync, - .asyncRefCon = NULL, - }; - OSErr err = LSOpenFromURLSpec(&lsSpec, NULL); - - if (err) - NSLog(@"Can't send event %@, err=%d", eventName, err); - AEDisposeDesc(&aeDesc); - } else { - NSLog(@"unable to create and send aedesc for account: '%@' and action: '%@'\n", account, eventName); - } -} + if ([accountStore respondsToSelector:@selector(icaPrimaryAppleAccount)]){ + primaryiCloudAccount = [accountStore icaPrimaryAppleAccount]; + } + if(primaryiCloudAccount){ + bool localICDP = false; + NSString *dsid = primaryiCloudAccount.icaPersonID; + if (dsid) { + NSDictionary *options = @{ (__bridge id) kPCSSetupDSID : dsid, }; + PCSIdentitySetRef identity = PCSIdentitySetCreate((__bridge CFDictionaryRef) options, NULL, NULL); -- (void) showiCloudPreferences -{ - static NSAppleScript *script = nil; - if (!script) { - static NSString *script_src = @"tell application \"System Preferences\"\n" - "activate\n" - "set the current pane to pane id \"com.apple.preferences.icloud\"\n" - "end tell"; - script = [[NSAppleScript alloc] initWithSource: script_src]; + if (identity) { + localICDP = PCSIdentitySetIsICDP(identity, NULL); + CFRelease(identity); + } + } + if(localICDP){ + secnotice("kcn", "handling dismissed notification, would start a follow up"); + [self startFollowupKitRepair]; + } } + else + secerror("unable to find primary account"); + +} + +- (void) notifyiCloudPreferencesAbout: (NSString *) eventName +{ + if (eventName == nil) + return; - NSDictionary *scriptError = nil; - [script executeAndReturnError:&scriptError]; + secnotice("kcn", "notifyiCloudPreferencesAbout %@", eventName); - if (scriptError) - NSLog(@"scriptError: %@", scriptError); - else - NSLog(@"showiCloudPreferences success"); + NSString *accountID = (__bridge_transfer NSString*)(MMCopyLoggedInAccountFromAccounts()); + ACAccountStore *accountStore = [[ACAccountStore alloc] init]; + ACAccount *primaryiCloudAccount = nil; + + if ([accountStore respondsToSelector:@selector(icaPrimaryAppleAccount)]){ + primaryiCloudAccount = [accountStore icaPrimaryAppleAccount]; + } + + if(primaryiCloudAccount){ + AEDesc aeDesc; + BOOL createdAEDesc = createAEDescWithAEActionAndAccountID((__bridge NSString *) kMMServiceIDKeychainSync, eventName, accountID, &aeDesc); + if (createdAEDesc) { + + NSArray *prefPaneURL = [NSArray arrayWithObject: [NSURL fileURLWithPath: prefpane ]]; + + LSLaunchURLSpec lsSpec = { + .appURL = NULL, + .itemURLs = (__bridge CFArrayRef)prefPaneURL, + .passThruParams = &aeDesc, + .launchFlags = kLSLaunchDefaults | kLSLaunchAsync, + .asyncRefCon = NULL, + }; + + OSErr err = LSOpenFromURLSpec(&lsSpec, NULL); + + if (err) + secerror("Can't send event %@, err=%d", eventName, err); + AEDisposeDesc(&aeDesc); + } else { + secerror("unable to create and send aedesc for account: '%@' and action: '%@'\n", primaryiCloudAccount, eventName); + } + } + else + secerror("unable to find primary account"); } - - (void) timerCheck { NSDate *nowish = [NSDate new]; self.state = [KNPersistentState loadFromStorage]; if ([nowish compare:self.state.pendingApplicationReminder] != NSOrderedAscending) { - NSLog(@"REMINDER TIME: %@ >>> %@", nowish, self.state.pendingApplicationReminder); + secnotice("kcn", "REMINDER TIME: %@ >>> %@", nowish, self.state.pendingApplicationReminder); // self.circle.rawStatus might not be valid yet if (SOSCCThisDeviceIsInCircle(NULL) == kSOSCCRequestPending) { @@ -168,7 +212,7 @@ static NSUserNotificationCenter *appropriateNotificationCenter() // Copied from sysdiagnose/src/utils.m -bool isAppleInternal(void) +static bool isAppleInternal(void) { static bool ret = false; static dispatch_once_t onceToken; @@ -190,27 +234,60 @@ bool isAppleInternal(void) - (void) applicationDidFinishLaunching: (NSNotification *) aNotification { appropriateNotificationCenter().delegate = self; - NSLog(@"Posted at launch: %@", appropriateNotificationCenter().deliveredNotifications); - + int out_taken; + secnotice("kcn", "Posted at launch: %@", appropriateNotificationCenter().deliveredNotifications); + + //register for public key not available notification, if occurs KCN can react + notify_register_dispatch(kPublicKeyNotAvailable, &out_taken, dispatch_get_main_queue(), ^(int token) { + CFErrorRef err = NULL; + KNAppDelegate *me = self; + enum DepartureReason departureReason = SOSCCGetLastDepartureReason(&err); + SOSCCStatus currentCircleStatus = SOSCCThisDeviceIsInCircle(&err); + me.state = [KNPersistentState loadFromStorage]; + + secnotice("kcn", "got public key not available notification, but won't send notification unless circle transition matches"); + secnotice("kcn", "current circle status: %d, current departure reason: %d, last circle status: %d", currentCircleStatus, departureReason, me.state.lastCircleStatus); + + if(currentCircleStatus == kSOSCCError && me.state.lastCircleStatus == kSOSCCInCircle && (departureReason == kSOSNeverLeftCircle)) { + secnotice("kcn", "circle status went from in circle to not in circle"); + [self postRequirePassword]; + } + me.state.lastCircleStatus = currentCircleStatus; + + [me.state writeToStorage]; + }); + self.viewedIds = [NSMutableSet new]; self.circle = [KDSecCircle new]; -// self.state = [KNPersistentState loadFromStorage]; KNAppDelegate *me = self; [self.circle addChangeCallback:^{ - NSLog(@"{ChangeCallback}"); -/* SOSCCStatus circleStatus = SOSCCThisDeviceIsInCircle(&error); - NSDate *nowish = [NSDate date]; - PersistentState *state = [PersistentState loadFromStorage]; - enum DepartureReason departureReason = SOSCCGetLastDepartureReason(&departError); */ -// me.circle.rawStatus = SOSCCThisDeviceIsInCircle(&error); + secnotice("kcn", "{ChangeCallback}"); + + CFErrorRef err = NULL; + + enum DepartureReason departureReason = SOSCCGetLastDepartureReason(&err); + NSDate *nowish = [NSDate date]; - SOSCCStatus circleStatus = me.circle.rawStatus; + SOSCCStatus circleStatus = SOSCCThisDeviceIsInCircle(&err); me.state = [KNPersistentState loadFromStorage]; + secnotice("kcn", "applicationDidFinishLaunching"); + + if(circleStatus == kSOSCCError && me.state.lastCircleStatus == kSOSCCInCircle && (departureReason == kSOSNeverLeftCircle)) { + CFErrorRef error = NULL; + SOSCCStatus currentCircleStatus = SOSCCThisDeviceIsInCircle(&error); + CFIndex errorCode = CFErrorGetCode(error); + + if(errorCode == kSOSErrorPublicKeyAbsent){ + secnotice("kcn", "We need the password to re-validate ourselves - it's changed on another device"); + me.state.lastCircleStatus = currentCircleStatus; + [me.state writeToStorage]; + [me postRequirePassword]; + } + } - - // Pending application reminder - NSLog(@"{ChangeCallback} scheduleActivity %@", me.state.pendingApplicationReminder); + // Pending application reminder + secnotice("kcn", "{ChangeCallback} scheduleActivity %@", me.state.pendingApplicationReminder); if (circleStatus == kSOSCCRequestPending) [me scheduleActivityAt:me.state.pendingApplicationReminder]; @@ -225,10 +302,9 @@ bool isAppleInternal(void) me.state.debugLeftReason = nil; [me.state writeToStorage]; } else { - CFErrorRef err = NULL; reason = SOSCCGetLastDepartureReason(&err); if (reason == kSOSDepartureReasonError) { - NSLog(@"SOSCCGetLastDepartureReason err: %@", err); + secnotice("kcn", "SOSCCGetLastDepartureReason err: %@", err); } if (err) CFRelease(err); } @@ -275,7 +351,7 @@ bool isAppleInternal(void) // 2. Or change call order of timerCheck, pendingApplication reminder below??? me.state.absentCircleWithNoReason = (circleStatus == kSOSCCCircleAbsent && reason == kSOSNeverLeftCircle); [me.state writeToStorage]; - NSLog(@"{ChangeCallback} departure reason %d", reason); + secnotice("kcn", "{ChangeCallback} departure reason %d", reason); switch (reason) { case kSOSDiscoveredRetirement: @@ -301,7 +377,7 @@ bool isAppleInternal(void) me.state.lastCircleStatus = circleStatus; if (lastCircleStatus != kSOSCCRequestPending && circleStatus == kSOSCCRequestPending) { - NSLog(@"{ChangeCallback} Pending request START"); + secnotice("kcn", "{ChangeCallback} Pending request START"); me.state.applicationDate = nowish; me.state.pendingApplicationReminder = [me.state.applicationDate dateByAddingTimeInterval:[me getPendingApplicationReminderInterval]]; [me.state writeToStorage]; // FIXME: move below? might be needed for scheduleActivityAt... @@ -309,7 +385,7 @@ bool isAppleInternal(void) } if (lastCircleStatus == kSOSCCRequestPending && circleStatus != kSOSCCRequestPending) { - NSLog(@"Pending request completed"); + secnotice("kcn", "Pending request completed"); me.state.applicationDate = [NSDate distantPast]; me.state.pendingApplicationReminder = [NSDate distantFuture]; [me.state writeToStorage]; @@ -318,35 +394,41 @@ bool isAppleInternal(void) NSUserNotificationCenter *noteCenter = appropriateNotificationCenter(); for (NSUserNotification *note in noteCenter.deliveredNotifications) { if (note.userInfo[(NSString*) kValidOnlyOutOfCircleKey] && note.userInfo[@"ApplicationReminder"]) { - NSLog(@"{ChangeCallback} Removing notification %@", note); + secnotice("kcn", "{ChangeCallback} Removing notification %@", note); [appropriateNotificationCenter() removeDeliveredNotification: note]; } } } + } - // [me.state writeToStorage]; - } - - - // CircleJoinRequested -/* if (circleStatus != kSOSCCInCircle) { - if (circleStatus == kSOSCCRequestPending && currentAlert) { ... } */ // Clear out (old) reset notifications if (me.circle.isInCircle) { - NSLog(@"{ChangeCallback} me.circle.isInCircle"); + secnotice("kcn", "{ChangeCallback} me.circle.isInCircle"); NSUserNotificationCenter *noteCenter = appropriateNotificationCenter(); for (NSUserNotification *note in noteCenter.deliveredNotifications) { if (note.userInfo[(NSString*) kValidOnlyOutOfCircleKey]) { - NSLog(@"Removing existing notification (%@) now that we are in circle", note); + secnotice("kcn", "Removing existing notification (%@) now that we are in circle", note); [appropriateNotificationCenter() removeDeliveredNotification: note]; } } } + //Clear out (old) password changed notifications + if(me.circle.isInCircle){ + secnotice("kcn", "{ChangeCallback} me.circle.isInCircle"); + NSUserNotificationCenter *noteCenter = appropriateNotificationCenter(); + for (NSUserNotification *note in noteCenter.deliveredNotifications) { + if (note.userInfo[(NSString*) kPasswordChangedOrTrustedDeviceChanged]) { + secnotice("kcn", "Removing existing notification (%@) now that we are valid again", note); + [appropriateNotificationCenter() removeDeliveredNotification: note]; + } + } + + } // Applicants - NSLog(@"{ChangeCallback} Applicants"); + secnotice("kcn", "{ChangeCallback} Applicants"); NSMutableSet *applicantIds = [NSMutableSet new]; for (KDCirclePeer *applicant in me.circle.applicants) { if (!me.circle.isInCircle) { @@ -361,17 +443,17 @@ bool isAppleInternal(void) // Update notifications NSUserNotificationCenter *notificationCenter = appropriateNotificationCenter(); - NSLog(@"Checking validity of %lu notes", (unsigned long)notificationCenter.deliveredNotifications.count); + secnotice("kcn", "Checking validity of %lu notes", (unsigned long)notificationCenter.deliveredNotifications.count); for (NSUserNotification *note in notificationCenter.deliveredNotifications) { if (note.userInfo[@"applicantId"] && ![applicantIds containsObject:note.userInfo[@"applicantId"]]) { - NSLog(@"No longer an applicant (%@) for %@ (I=%@)", note.userInfo[@"applicantId"], note, [note.userInfo compactDescription]); + secnotice("kcn", "No longer an applicant (%@) for %@ (I=%@)", note.userInfo[@"applicantId"], note, [note.userInfo compactDescription]); [notificationCenter removeDeliveredNotification:note]; } else { - NSLog(@"Still an applicant (%@) for %@ (I=%@)", note.userInfo[@"applicantId"], note, [note.userInfo compactDescription]); + secnotice("kcn", "Still an applicant (%@) for %@ (I=%@)", note.userInfo[@"applicantId"], note, [note.userInfo compactDescription]); } } - me.state.lastCircleStatus = me.circle.rawStatus; + me.state.lastCircleStatus = circleStatus; [me.state writeToStorage]; }]; @@ -397,14 +479,14 @@ bool isAppleInternal(void) - (void) userNotificationCenter: (NSUserNotificationCenter *) center didDismissAlert: (NSUserNotification *) notification { - [self notifyiCloudPreferencesAbout:notification.userInfo[@"Dismiss"]]; + [self handleDismissedNotification]; - // If we don't do anything here & another notification comes in we - // will repost the alert, which will be dumb. - id applicantId = notification.userInfo[@"applicantId"]; - if (applicantId != nil) { - [self.viewedIds addObject:applicantId]; - } + // If we don't do anything here & another notification comes in we + // will repost the alert, which will be dumb. + id applicantId = notification.userInfo[@"applicantId"]; + if (applicantId != nil) { + [self.viewedIds addObject:applicantId]; + } } @@ -413,7 +495,7 @@ bool isAppleInternal(void) static int postCount = 0; if ([self.viewedIds containsObject:applicant.idString]) { - NSLog(@"Already viewed %@, skipping", applicant); + secnotice("kcn", "Already viewed %@, skipping", applicant); return; } @@ -421,10 +503,10 @@ bool isAppleInternal(void) for (NSUserNotification *note in noteCenter.deliveredNotifications) { if ([applicant.idString isEqualToString:note.userInfo[@"applicantId"]]) { if (note.isPresented) { - NSLog(@"Already posted&presented: %@ (I=%@)", note, note.userInfo); + secnotice("kcn", "Already posted&presented: %@ (I=%@)", note, note.userInfo); return; } else { - NSLog(@"Already posted, but not presented: %@ (I=%@)", note, note.userInfo); + secnotice("kcn", "Already posted, but not presented: %@ (I=%@)", note, note.userInfo); } } } @@ -449,85 +531,177 @@ bool isAppleInternal(void) @"Activate" : (__bridge NSString *) kMMPropertyKeychainAADetailsAEAction, }; - NSLog(@"About to post #%d/%lu (%@): %@", postCount, noteCenter.deliveredNotifications.count, applicant.idString, note); + secnotice("kcn", "About to post #%d/%lu (%@): %@", postCount, noteCenter.deliveredNotifications.count, applicant.idString, note); [appropriateNotificationCenter() deliverNotification:note]; postCount++; } +- (void) postRequirePassword +{ + ACAccountStore *accountStore = [[ACAccountStore alloc] init]; + ACAccount *primaryiCloudAccount = nil; + bool localICDP = false; + + if ([accountStore respondsToSelector:@selector(icaPrimaryAppleAccount)]){ + primaryiCloudAccount = [accountStore icaPrimaryAppleAccount]; + } + + if(primaryiCloudAccount){ + NSString *dsid = primaryiCloudAccount.icaPersonID; + + if (dsid) { + NSDictionary *options = @{ (__bridge id) kPCSSetupDSID : dsid, }; + PCSIdentitySetRef identity = PCSIdentitySetCreate((__bridge CFDictionaryRef) options, NULL, NULL); + + if (identity) { + localICDP = PCSIdentitySetIsICDP(identity, NULL); + CFRelease(identity); + } + } + if(!localICDP){ + NSUserNotificationCenter *noteCenter = appropriateNotificationCenter(); + for (NSUserNotification *note in noteCenter.deliveredNotifications) { + if (note.userInfo[(NSString*) kPasswordChangedOrTrustedDeviceChanged]) { + if (note.isPresented) { + secnotice("kcn", "Already posted & presented: %@", note); + [appropriateNotificationCenter() removeDeliveredNotification: note]; + } else { + secnotice("kcn", "Already posted, but not presented: %@", note); + } + } + } + + NSString *message = CFBridgingRelease(SecCopyCKString(SEC_CK_PWD_REQUIRED_BODY_OSX)); + if (isAppleInternal()) { + NSString *reason_str = [NSString stringWithFormat:(__bridge_transfer NSString *) SecCopyCKString(SEC_CK_CR_REASON_INTERNAL), @"Device became untrusted or password changed"]; + message = [message stringByAppendingString: reason_str]; + } + + NSUserNotification *note = [NSUserNotification new]; + note.title = (__bridge_transfer NSString *) SecCopyCKString(SEC_CK_PWD_REQUIRED_TITLE); + note.informativeText = message; + note._identityImage = [NSImage bundleImage]; + note._identityImageStyle = _NSUserNotificationIdentityImageStyleRectangleNoBorder; + note.otherButtonTitle = (__bridge_transfer NSString *) SecCopyCKString(SEC_CK_NOT_NOW); + note.actionButtonTitle = (__bridge_transfer NSString *) SecCopyCKString(SEC_CK_CONTINUE); + note.identifier = [[NSUUID new] UUIDString]; + + note.userInfo = @{ + kPasswordChangedOrTrustedDeviceChanged : @1, + @"Activate" : (__bridge NSString *) kMMPropertyKeychainPCDetailsAEAction, + }; + + secnotice("kcn", "body=%@", note.informativeText); + secnotice("kcn", "About to post #-/%lu (PASSWORD/TRUSTED DEVICE): %@", noteCenter.deliveredNotifications.count, note); + [appropriateNotificationCenter() deliverNotification:note]; + } + else{ + secnotice("kcn","would have posted needs password and then followed up"); + [self startFollowupKitRepair]; + } + } +} - (void) postKickedOutAlert: (int) reason { - NSUserNotificationCenter *noteCenter = appropriateNotificationCenter(); - for (NSUserNotification *note in noteCenter.deliveredNotifications) { - if (note.userInfo[(NSString*) kKickedOutKey]) { - if (note.isPresented) { - NSLog(@"Already posted&presented (removing): %@", note); - [appropriateNotificationCenter() removeDeliveredNotification: note]; - } else { - NSLog(@"Already posted, but not presented: %@", note); - } - } - } - - NSString *message = (__bridge_transfer NSString *) SecCopyCKString(SEC_CK_PWD_REQUIRED_BODY_OSX); - if (isAppleInternal()) { - static const char *departureReasonStrings[] = { - "kSOSDepartureReasonError", - "kSOSNeverLeftCircle", - "kSOSWithdrewMembership", - "kSOSMembershipRevoked", - "kSOSLeftUntrustedCircle", - "kSOSNeverAppliedToCircle", - "kSOSDiscoveredRetirement", - "kSOSLostPrivateKey", - "unknown reason" - }; - int idx = (kSOSDepartureReasonError <= reason && reason <= kSOSLostPrivateKey) ? reason : (kSOSLostPrivateKey + 1); - NSString *reason_str = [NSString stringWithFormat:(__bridge_transfer NSString *) SecCopyCKString(SEC_CK_CR_REASON_INTERNAL), departureReasonStrings[idx]]; - message = [message stringByAppendingString: reason_str]; - } - - // [ui] MONARCH: Improve wording of the iCloud keychain drop/reset error messages - // Contrary to HI spec (and I think it makes more sense) - // 1. otherButton == top : Not Now - // 2. actionButton == bottom: Continue - // 3. If we followed HI spec, replace "Activate" => "Dismiss" in note.userInfo below - NSUserNotification *note = [NSUserNotification new]; - note.title = (__bridge_transfer NSString *) SecCopyCKString(SEC_CK_PWD_REQUIRED_TITLE); - note.informativeText = message; - note._identityImage = [NSImage bundleImage]; - note._identityImageStyle = _NSUserNotificationIdentityImageStyleRectangleNoBorder; - note.otherButtonTitle = (__bridge_transfer NSString *) SecCopyCKString(SEC_CK_NOT_NOW); - note.actionButtonTitle = (__bridge_transfer NSString *) SecCopyCKString(SEC_CK_CONTINUE); - note.identifier = [[NSUUID new] UUIDString]; + ACAccountStore *accountStore = [[ACAccountStore alloc] init]; + ACAccount *primaryiCloudAccount = nil; + bool localICDP = false; - note.userInfo = @{ - kKickedOutKey : @1, - kValidOnlyOutOfCircleKey: @1, - @"Activate" : (__bridge NSString *) kMMPropertyKeychainMRDetailsAEAction, - }; - - NSLog(@"body=%@", note.informativeText); - NSLog(@"About to post #-/%lu (KICKOUT): %@", noteCenter.deliveredNotifications.count, note); - [appropriateNotificationCenter() deliverNotification:note]; + if ([accountStore respondsToSelector:@selector(icaPrimaryAppleAccount)]){ + primaryiCloudAccount = [accountStore icaPrimaryAppleAccount]; + } + + if(primaryiCloudAccount){ + NSString *dsid = primaryiCloudAccount.icaPersonID; + + if (dsid) { + NSDictionary *options = @{ (__bridge id) kPCSSetupDSID : dsid, }; + PCSIdentitySetRef identity = PCSIdentitySetCreate((__bridge CFDictionaryRef) options, NULL, NULL); + + if (identity) { + localICDP = PCSIdentitySetIsICDP(identity, NULL); + CFRelease(identity); + } + } + if(!localICDP){ + NSUserNotificationCenter *noteCenter = appropriateNotificationCenter(); + for (NSUserNotification *note in noteCenter.deliveredNotifications) { + if (note.userInfo[(NSString*) kKickedOutKey]) { + if (note.isPresented) { + secnotice("kcn", "Already posted&presented (removing): %@", note); + [appropriateNotificationCenter() removeDeliveredNotification: note]; + } else { + secnotice("kcn", "Already posted, but not presented: %@", note); + } + } + } + + NSString *message = CFBridgingRelease(SecCopyCKString(SEC_CK_PWD_REQUIRED_BODY_OSX)); + if (isAppleInternal()) { + static const char *departureReasonStrings[] = { + "kSOSDepartureReasonError", + "kSOSNeverLeftCircle", + "kSOSWithdrewMembership", + "kSOSMembershipRevoked", + "kSOSLeftUntrustedCircle", + "kSOSNeverAppliedToCircle", + "kSOSDiscoveredRetirement", + "kSOSLostPrivateKey", + "unknown reason" + }; + int idx = (kSOSDepartureReasonError <= reason && reason <= kSOSLostPrivateKey) ? reason : (kSOSLostPrivateKey + 1); + NSString *reason_str = [NSString stringWithFormat:(__bridge_transfer NSString *) SecCopyCKString(SEC_CK_CR_REASON_INTERNAL), departureReasonStrings[idx]]; + message = [message stringByAppendingString: reason_str]; + } + + // Improve wording of the iCloud keychain drop/reset error messages + // Contrary to HI spec (and I think it makes more sense) + // 1. otherButton == top : Not Now + // 2. actionButton == bottom: Continue + // 3. If we followed HI spec, replace "Activate" => "Dismiss" in note.userInfo below + NSUserNotification *note = [NSUserNotification new]; + note.title = (__bridge_transfer NSString *) SecCopyCKString(SEC_CK_PWD_REQUIRED_TITLE); + note.informativeText = message; + note._identityImage = [NSImage bundleImage]; + note._identityImageStyle = _NSUserNotificationIdentityImageStyleRectangleNoBorder; + note.otherButtonTitle = (__bridge_transfer NSString *) SecCopyCKString(SEC_CK_NOT_NOW); + note.actionButtonTitle = (__bridge_transfer NSString *) SecCopyCKString(SEC_CK_CONTINUE); + note.identifier = [[NSUUID new] UUIDString]; + + note.userInfo = @{ + kKickedOutKey : @1, + kValidOnlyOutOfCircleKey: @1, + @"Activate" : (__bridge NSString *) kMMPropertyKeychainMRDetailsAEAction, + }; + + secnotice("kcn", "body=%@", note.informativeText); + secnotice("kcn", "About to post #-/%lu (KICKOUT): %@", noteCenter.deliveredNotifications.count, note); + [appropriateNotificationCenter() deliverNotification:note]; + } + + else{ + secnotice("kcn","postKickedOutAlert starting followup repair"); + [self startFollowupKitRepair]; + } + } } - - (void) postApplicationReminder { NSUserNotificationCenter *noteCenter = appropriateNotificationCenter(); for (NSUserNotification *note in noteCenter.deliveredNotifications) { if (note.userInfo[@"ApplicationReminder"]) { if (note.isPresented) { - NSLog(@"Already posted&presented (removing): %@", note); + secnotice("kcn", "Already posted&presented (removing): %@", note); [appropriateNotificationCenter() removeDeliveredNotification: note]; } else { - NSLog(@"Already posted, but not presented: %@", note); + secnotice("kcn", "Already posted, but not presented: %@", note); } } } - // [ui] MONARCH: Improve wording of the iCloud keychain drop/reset error messages + // Improve wording of the iCloud keychain drop/reset error messages // Contrary to HI spec (and I think it makes more sense) // 1. otherButton == top : Not Now // 2. actionButton == bottom: Continue @@ -547,7 +721,7 @@ bool isAppleInternal(void) @"Activate" : (__bridge NSString *) kMMPropertyKeychainWADetailsAEAction, }; - NSLog(@"About to post #-/%lu (REMINDER): %@ (I=%@)", noteCenter.deliveredNotifications.count, note, [note.userInfo compactDescription]); + secnotice("kcn", "About to post #-/%lu (REMINDER): %@ (I=%@)", noteCenter.deliveredNotifications.count, note, [note.userInfo compactDescription]); [appropriateNotificationCenter() deliverNotification:note]; } diff --git a/OSX/Keychain Circle Notification/KNPersistentState.m b/OSX/Keychain Circle Notification/KNPersistentState.m index 458ff973..a5499fd0 100644 --- a/OSX/Keychain Circle Notification/KNPersistentState.m +++ b/OSX/Keychain Circle Notification/KNPersistentState.m @@ -23,6 +23,7 @@ #import "KNPersistentState.h" +#import @implementation KNPersistentState @@ -43,13 +44,13 @@ NSError *error = nil; NSData *stateData = [NSData dataWithContentsOfURL:[state urlForStorage] options:0 error:&error]; if (!stateData) { - NSLog(@"Can't read state data (p=%@, err=%@)", [state urlForStorage], error); + secdebug("kcn", "Can't read state data (p=%@, err=%@)", [state urlForStorage], error); } else { NSPropertyListFormat format; plist = [NSPropertyListSerialization propertyListWithData:stateData options: NSPropertyListMutableContainersAndLeaves format:&format error:&error]; if (plist == nil) { - NSLog(@"Can't deserialize %@, e=%@", stateData, error); + secdebug("kcn", "Can't deserialize %@, e=%@", stateData, error); } } @@ -79,16 +80,16 @@ } mutableCopy]; if (self.debugLeftReason) plist[@"debugLeftReason"] = self.debugLeftReason; - NSLog(@"writeToStorage plist=%@", plist); + secdebug("kcn", "writeToStorage plist=%@", plist); NSError *error = nil; NSData *stateData = [NSPropertyListSerialization dataWithPropertyList:plist format:NSPropertyListXMLFormat_v1_0 options:kCFPropertyListImmutable error:&error]; if (!stateData) { - NSLog(@"Can't serialize %@: %@", plist, error); + secdebug("kcn", "Can't serialize %@: %@", plist, error); return; } if (![stateData writeToURL:[self urlForStorage] options:NSDataWritingAtomic error:&error]) { - NSLog(@"Can't write to %@, error=%@", [self urlForStorage], error); + secdebug("kcn", "Can't write to %@, error=%@", [self urlForStorage], error); } } diff --git a/OSX/Keychain Circle Notification/NSDictionary+compactDescription.m b/OSX/Keychain Circle Notification/NSDictionary+compactDescription.m index 15e3318a..e48f8e56 100644 --- a/OSX/Keychain Circle Notification/NSDictionary+compactDescription.m +++ b/OSX/Keychain Circle Notification/NSDictionary+compactDescription.m @@ -43,7 +43,7 @@ return [NSString stringWithFormat:@"{%@}", [results componentsJoinedByString:@", "]]; } --(NSString*)compactDescriptionWithoutItemData; +-(NSString*)compactDescriptionWithoutItemData { NSMutableArray *results = [NSMutableArray new]; for (NSString *k in self) { diff --git a/OSX/Keychain Circle Notification/com.apple.security.keychain-circle-notification.plist b/OSX/Keychain Circle Notification/com.apple.security.keychain-circle-notification.plist index fd668fba..75952fd6 100644 --- a/OSX/Keychain Circle Notification/com.apple.security.keychain-circle-notification.plist +++ b/OSX/Keychain Circle Notification/com.apple.security.keychain-circle-notification.plist @@ -16,6 +16,11 @@ com.apple.notifyd.matching + kPublicKeyNotAvailable + + Notification + com.apple.security.publickeynotavailable + tick Notification diff --git a/OSX/Keychain Circle Notification/entitlments.plist b/OSX/Keychain Circle Notification/entitlments.plist index 356b6481..7aaf65c5 100644 --- a/OSX/Keychain Circle Notification/entitlments.plist +++ b/OSX/Keychain Circle Notification/entitlments.plist @@ -2,6 +2,12 @@ + keychain-access-groups + + com.apple.ProtectedCloudStorage + + com.apple.private.accounts.allaccounts + com.apple.accounts.appleaccount.fullaccess com.apple.private.notificationcenter-system diff --git a/OSX/Keychain/KDAppDelegate.m b/OSX/Keychain/KDAppDelegate.m index b3fca93c..58a2ff4d 100644 --- a/OSX/Keychain/KDAppDelegate.m +++ b/OSX/Keychain/KDAppDelegate.m @@ -27,7 +27,7 @@ #import "NSArray+mapWithBlock.h" #include -#define kSecServerKeychainChangedNotification "com.apple.security.keychainchanged" +#include @implementation KDAppDelegate diff --git a/OSX/Keychain/KDSecCircle.m b/OSX/Keychain/KDSecCircle.m index 14ddc7d2..f5b8d448 100644 --- a/OSX/Keychain/KDSecCircle.m +++ b/OSX/Keychain/KDSecCircle.m @@ -70,7 +70,7 @@ [newPeers addObject:[[KDCirclePeer alloc] initWithPeerObject:obj]]; }]; - NSLog(@"rawStatus %d, #applicants %lu, #peers %lu, err=%@", newRawStatus, (unsigned long)[newApplicants count], (unsigned long)[newPeers count], err); + secdebug("kcn", "rawStatus %d, #applicants %lu, #peers %lu, err=%@", newRawStatus, (unsigned long)[newApplicants count], (unsigned long)[newPeers count], err); dispatch_async(dispatch_get_main_queue(), ^{ self.rawStatus = newRawStatus; @@ -163,10 +163,9 @@ typedef void (^applicantBlock)(id applicant); self->_queue_ = dispatch_queue_create([[NSString stringWithFormat:@"KDSecCircle@%p", self] UTF8String], NULL); self->_callbacks = [NSMutableArray new]; - notify_register_dispatch(kSOSCCCircleChangedNotification, &token, self.queue_, ^(int token){ + notify_register_dispatch(kSOSCCCircleChangedNotification, &token, self.queue_, ^(int token1){ [self updateCheck]; }); - return self; } diff --git a/OSX/OSX.xcodeproj/project.pbxproj b/OSX/OSX.xcodeproj/project.pbxproj deleted file mode 100644 index a7d31e3d..00000000 --- a/OSX/OSX.xcodeproj/project.pbxproj +++ /dev/null @@ -1,8071 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXAggregateTarget section */ - 186F778814E59FB200434E1F /* Security_frameworks */ = { - isa = PBXAggregateTarget; - buildConfigurationList = 186F778914E59FB200434E1F /* Build configuration list for PBXAggregateTarget "Security_frameworks" */; - buildPhases = ( - ); - dependencies = ( - 186F779714E5A04200434E1F /* PBXTargetDependency */, - 186F779514E5A01C00434E1F /* PBXTargetDependency */, - 186F779314E5A01700434E1F /* PBXTargetDependency */, - ); - name = Security_frameworks; - productName = Framework; - }; - 186F778C14E59FDA00434E1F /* Security_executables */ = { - isa = PBXAggregateTarget; - buildConfigurationList = 186F778D14E59FDA00434E1F /* Build configuration list for PBXAggregateTarget "Security_executables" */; - buildPhases = ( - ); - dependencies = ( - D4A2FC7E1BC89D5200BF6E56 /* PBXTargetDependency */, - 5EF7C2541B00EEC000E5E99C /* PBXTargetDependency */, - 3705CADE1A8971DF00402F75 /* PBXTargetDependency */, - 37AB39401A44A95500B56E04 /* PBXTargetDependency */, - 37A7CEDA197DBA8700926CE8 /* PBXTargetDependency */, - 18F235FF15CA100300060520 /* PBXTargetDependency */, - BE48AE291ADF204E000836C1 /* PBXTargetDependency */, - 186F779114E5A00F00434E1F /* PBXTargetDependency */, - 0CCEBDBA16C303D8001BD7F6 /* PBXTargetDependency */, - 0CFC55E315DDB86500BEC89E /* PBXTargetDependency */, - C2432A2515C726B50096DB5B /* PBXTargetDependency */, - 4CB23B90169F59D8003A0131 /* PBXTargetDependency */, - EBB9FFE01682E71F00FF9774 /* PBXTargetDependency */, - F94E7A971ACC8CC200F23132 /* PBXTargetDependency */, - EBB6970E1BE2095F00715F16 /* PBXTargetDependency */, - D466FA771CA0C2A500433142 /* PBXTargetDependency */, - ); - name = Security_executables; - productName = Other; - }; - 4CE4729E16D833FD009070D1 /* Security_temporary_UI */ = { - isa = PBXAggregateTarget; - buildConfigurationList = 4CE472C716D833FE009070D1 /* Build configuration list for PBXAggregateTarget "Security_temporary_UI" */; - buildPhases = ( - ); - dependencies = ( - 4C797BC916D83A3100C7B586 /* PBXTargetDependency */, - 4C797BF116D83A3800C7B586 /* PBXTargetDependency */, - ); - name = Security_temporary_UI; - productName = "Security_ temporary_UI"; - }; - F93C49311AB8FD350047E01A /* ckcdiagnose.sh */ = { - isa = PBXAggregateTarget; - buildConfigurationList = F93C49321AB8FD350047E01A /* Build configuration list for PBXAggregateTarget "ckcdiagnose.sh" */; - buildPhases = ( - F93C49351AB8FD3B0047E01A /* CopyFiles */, - ); - dependencies = ( - ); - name = ckcdiagnose.sh; - productName = ckcdiagnose.sh; - }; -/* End PBXAggregateTarget section */ - -/* Begin PBXBuildFile section */ - 0C03D62B17D93EED0087643B /* SecDH.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C03D60317D93E810087643B /* SecDH.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 0C0C887D1CCED19E00617D1B /* si-82-sectrust-ct-data in Resources */ = {isa = PBXBuildFile; fileRef = 0C0C887C1CCED19E00617D1B /* si-82-sectrust-ct-data */; }; - 0C10987616CAAE8200803B8F /* libASN1.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1831329914EB2C6D00F0BCAC /* libASN1.a */; }; - 0C4EAE7717668DDF00773425 /* libsecdRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 0C4EAE721766865000773425 /* libsecdRegressions.a */; }; - 0C4F055E15C9E51A00F9DFD5 /* sslTypes.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4F055D15C9E51A00F9DFD5 /* sslTypes.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 0C6C632A15D1989900BC68CD /* libsecurity_ssl_regressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 0C6D77CF15C8B66000BB4405 /* libsecurity_ssl_regressions.a */; }; - 0C6C633015D19FF500BC68CD /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB569146F4DCA000BF1F3 /* CoreFoundation.framework */; }; - 0C869B6A1C865E62006A2873 /* CoreCDP.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 0C869B691C865E62006A2873 /* CoreCDP.framework */; }; - 0CAA7AB516C9A72A00A32C6D /* libsecurity_keychain_regressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 0CBD50B316C325F000713B6C /* libsecurity_keychain_regressions.a */; }; - 0CC2CB101B6A04D80074B0F2 /* libDiagnosticMessagesClient.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 0CC2CB0F1B6A04D80074B0F2 /* libDiagnosticMessagesClient.dylib */; }; - 0CC3351C16C1ED8000399E53 /* libsecurity.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18D4053B14CE2C1600A2BE4E /* libsecurity.a */; }; - 0CC3351E16C1ED8000399E53 /* libDER.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1831329A14EB2C6D00F0BCAC /* libDER.a */; }; - 0CC3351F16C1ED8000399E53 /* libSecItemShimOSX.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 186CDD1E14CA11C700AF9171 /* libSecItemShimOSX.a */; }; - 0CC3352016C1ED8000399E53 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C12894015FFECF3008CE3E3 /* libutilities.a */; }; - 0CC3352316C1ED8000399E53 /* libSOSRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C1288EC15FFE9D7008CE3E3 /* libSOSRegressions.a */; }; - 0CC3352416C1ED8000399E53 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB569146F4DCA000BF1F3 /* CoreFoundation.framework */; }; - 0CC3352616C1ED8000399E53 /* libsecipc_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270F6014CF655B00B05E7F /* libsecipc_client.a */; }; - 0CC3352716C1ED8000399E53 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C1288EA15FFE9D7008CE3E3 /* libSecureObjectSync.a */; }; - 0CC3355A16C1EEE700399E53 /* main.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CC3355716C1EEE700399E53 /* main.c */; }; - 0CC3356316C1EFBE00399E53 /* libregressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 0CC3356016C1EF5D00399E53 /* libregressions.a */; }; - 0CCEBDB116C2CFC1001BD7F6 /* main.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C6C630E15D193C800BC68CD /* main.c */; }; - 0CCEBDB416C2D026001BD7F6 /* libregressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 0CC3356016C1EF5D00399E53 /* libregressions.a */; }; - 0CCEBDB616C2E431001BD7F6 /* libsecurityd.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270C7D14CE573D00B05E7F /* libsecurityd.a */; }; - 0CCEBDB716C2E6B0001BD7F6 /* CFNetwork.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270EFB14CF427800B05E7F /* CFNetwork.framework */; }; - 0CCEBDB816C2E6CE001BD7F6 /* libsqlite3.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB5AD146FEF43000BF1F3 /* libsqlite3.dylib */; }; - 0CCEBDBB16C30924001BD7F6 /* libutilitiesRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C12894215FFECF3008CE3E3 /* libutilitiesRegressions.a */; }; - 18270EE814CF294500B05E7F /* libsecurityd.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270C7D14CE573D00B05E7F /* libsecurityd.a */; }; - 18270EF614CF334A00B05E7F /* server.c in Sources */ = {isa = PBXBuildFile; fileRef = 18270EF314CF333400B05E7F /* server.c */; }; - 18270EF814CF424900B05E7F /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB569146F4DCA000BF1F3 /* CoreFoundation.framework */; }; - 18270EF914CF425100B05E7F /* libbsm.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB5B9146FF0BE000BF1F3 /* libbsm.dylib */; }; - 18270EFA14CF426200B05E7F /* libsqlite3.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB5AD146FEF43000BF1F3 /* libsqlite3.dylib */; }; - 18270EFC14CF427800B05E7F /* CFNetwork.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270EFB14CF427800B05E7F /* CFNetwork.framework */; }; - 18270EFE14CF429600B05E7F /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270EFD14CF429600B05E7F /* IOKit.framework */; }; - 18270F6114CF656E00B05E7F /* libsecipc_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270F6014CF655B00B05E7F /* libsecipc_client.a */; }; - 182A191115D09AFF006AB103 /* connection.c in Sources */ = {isa = PBXBuildFile; fileRef = 182A191015D09AFF006AB103 /* connection.c */; }; - 182BB22A146F068B000BF1F3 /* iToolsTrustedApps.plist in Resources */ = {isa = PBXBuildFile; fileRef = 182BB229146F068B000BF1F3 /* iToolsTrustedApps.plist */; }; - 182BB3C5146F1DCB000BF1F3 /* sd_cspdl_common.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 182BB3C4146F1DCB000BF1F3 /* sd_cspdl_common.mdsinfo */; }; - 182BB41B146F2533000BF1F3 /* libsecurity_apple_csp.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B5C6146DE6C8007E536C /* libsecurity_apple_csp.a */; }; - 182BB41C146F2533000BF1F3 /* libsecurity_apple_cspdl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B5D2146DE6CE007E536C /* libsecurity_apple_cspdl.a */; }; - 182BB41D146F2533000BF1F3 /* libsecurity_apple_file_dl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B5DE146DE6D7007E536C /* libsecurity_apple_file_dl.a */; }; - 182BB41E146F2533000BF1F3 /* libsecurity_apple_x509_cl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B5EB146DE6E8007E536C /* libsecurity_apple_x509_cl.a */; }; - 182BB41F146F2533000BF1F3 /* libsecurity_apple_x509_tp.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B5F9146DE6FD007E536C /* libsecurity_apple_x509_tp.a */; }; - 182BB421146F2533000BF1F3 /* libsecurity_authorization.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B612146DE70A007E536C /* libsecurity_authorization.a */; }; - 182BB422146F2533000BF1F3 /* libsecurity_cdsa_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B61E146DE715007E536C /* libsecurity_cdsa_client.a */; }; - 182BB423146F2533000BF1F3 /* libsecurity_cdsa_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B55A146DE227007E536C /* libsecurity_cdsa_utilities.a */; }; - 182BB424146F2533000BF1F3 /* libsecurity_checkpw.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B644146DE748007E536C /* libsecurity_checkpw.a */; }; - 182BB425146F2533000BF1F3 /* libsecurity_cms.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B654146DE750007E536C /* libsecurity_cms.a */; }; - 182BB426146F2533000BF1F3 /* libsecurity_codesigning.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B666146DE757007E536C /* libsecurity_codesigning.a */; }; - 182BB428146F2533000BF1F3 /* libsecurity_cryptkit.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B684146DE76F007E536C /* libsecurity_cryptkit.a */; }; - 182BB429146F2533000BF1F3 /* libsecurity_filedb.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B69D146DE797007E536C /* libsecurity_filedb.a */; }; - 182BB42A146F2533000BF1F3 /* libsecurity_keychain.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B6B3146DE7A0007E536C /* libsecurity_keychain.a */; }; - 182BB42B146F2533000BF1F3 /* libsecurity_ocspd.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B6E9146DE7E8007E536C /* libsecurity_ocspd.a */; }; - 182BB42C146F2533000BF1F3 /* libsecurity_pkcs12.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B6F5146DE7EF007E536C /* libsecurity_pkcs12.a */; }; - 182BB42D146F2533000BF1F3 /* libsecurity_transform.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B739146DE845007E536C /* libsecurity_transform.a */; }; - 182BB42E146F2533000BF1F3 /* libsecurityd_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 184461B1146E9D3300B12992 /* libsecurityd_client.a */; }; - 182BB4E1146F2591000BF1F3 /* libsecurity_manifest.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B6D0146DE7D7007E536C /* libsecurity_manifest.a */; }; - 182BB4E2146F2591000BF1F3 /* libsecurity_mds.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B6DC146DE7E0007E536C /* libsecurity_mds.a */; }; - 182BB4E3146F2591000BF1F3 /* libsecurity_sd_cspdl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B701146DE7F7007E536C /* libsecurity_sd_cspdl.a */; }; - 182BB4E4146F2591000BF1F3 /* libsecurity_smime.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B71C146DE825007E536C /* libsecurity_smime.a */; }; - 182BB4E5146F2591000BF1F3 /* libsecurity_ssl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B728146DE839007E536C /* libsecurity_ssl.a */; }; - 182BB55F146F4544000BF1F3 /* FDEPrefs.plist in Resources */ = {isa = PBXBuildFile; fileRef = 182BB55C146F4544000BF1F3 /* FDEPrefs.plist */; }; - 182BB57F146F51A5000BF1F3 /* csparser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 182BB557146F4510000BF1F3 /* csparser.cpp */; }; - 182BB589146FE013000BF1F3 /* libsecurity_codesigning.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B666146DE757007E536C /* libsecurity_codesigning.a */; }; - 182BB590146FE125000BF1F3 /* libsecurity_cdsa_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B55A146DE227007E536C /* libsecurity_cdsa_utilities.a */; }; - 182BB591146FE12F000BF1F3 /* libsecurity_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B538146DDBE5007E536C /* libsecurity_utilities.a */; }; - 182BB592146FE1D7000BF1F3 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB569146F4DCA000BF1F3 /* CoreFoundation.framework */; }; - 182BB5AA146FEE50000BF1F3 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB569146F4DCA000BF1F3 /* CoreFoundation.framework */; }; - 182BB5AC146FEF15000BF1F3 /* libpam.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB5AB146FEF14000BF1F3 /* libpam.dylib */; }; - 182BB5AE146FEF43000BF1F3 /* libsqlite3.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB5AD146FEF43000BF1F3 /* libsqlite3.dylib */; }; - 182BB5B2146FF039000BF1F3 /* libz.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB5B1146FF039000BF1F3 /* libz.dylib */; }; - 182BB5B4146FF04C000BF1F3 /* libxar.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB5B3146FF04C000BF1F3 /* libxar.dylib */; }; - 182BB5B6146FF090000BF1F3 /* libauto.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB5B5146FF08F000BF1F3 /* libauto.dylib */; }; - 182BB5B8146FF0A2000BF1F3 /* libobjc.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB5B7146FF0A1000BF1F3 /* libobjc.dylib */; }; - 182BB5BA146FF0BF000BF1F3 /* libbsm.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB5B9146FF0BE000BF1F3 /* libbsm.dylib */; }; - 182BB5BB146FF62F000BF1F3 /* libsecurity_comcryption.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B676146DE75E007E536C /* libsecurity_comcryption.a */; }; - 18363C1417026084002D5C1C /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270EFD14CF429600B05E7F /* IOKit.framework */; }; - 1844605F146DE93E00B12992 /* csp_capabilities.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 1844605B146DE93E00B12992 /* csp_capabilities.mdsinfo */; }; - 18446060146DE93E00B12992 /* csp_capabilities_common.mds in Resources */ = {isa = PBXBuildFile; fileRef = 1844605C146DE93E00B12992 /* csp_capabilities_common.mds */; }; - 18446061146DE93E00B12992 /* csp_common.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 1844605D146DE93E00B12992 /* csp_common.mdsinfo */; }; - 18446062146DE93E00B12992 /* csp_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 1844605E146DE93E00B12992 /* csp_primary.mdsinfo */; }; - 18446083146DF58B00B12992 /* libsecurity_cdsa_plugin.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B62B146DE720007E536C /* libsecurity_cdsa_plugin.a */; }; - 184460C7146E7B1E00B12992 /* cspdl_common.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 184460C3146E7B1E00B12992 /* cspdl_common.mdsinfo */; }; - 184460C8146E7B1E00B12992 /* cspdl_csp_capabilities.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 184460C4146E7B1E00B12992 /* cspdl_csp_capabilities.mdsinfo */; }; - 184460C9146E7B1E00B12992 /* cspdl_csp_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 184460C5146E7B1E00B12992 /* cspdl_csp_primary.mdsinfo */; }; - 184460CA146E7B1E00B12992 /* cspdl_dl_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 184460C6146E7B1E00B12992 /* cspdl_dl_primary.mdsinfo */; }; - 184460E3146E806700B12992 /* dl_common.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 184460E1146E806700B12992 /* dl_common.mdsinfo */; }; - 184460E4146E806700B12992 /* dl_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 184460E2146E806700B12992 /* dl_primary.mdsinfo */; }; - 18446105146E82C800B12992 /* cl_common.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 18446103146E82C800B12992 /* cl_common.mdsinfo */; }; - 18446106146E82C800B12992 /* cl_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 18446104146E82C800B12992 /* cl_primary.mdsinfo */; }; - 18446115146E85A300B12992 /* tp_common.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 18446112146E85A300B12992 /* tp_common.mdsinfo */; }; - 18446116146E85A300B12992 /* tp_policyOids.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 18446113146E85A300B12992 /* tp_policyOids.mdsinfo */; }; - 18446117146E85A300B12992 /* tp_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 18446114146E85A300B12992 /* tp_primary.mdsinfo */; }; - 18500F9B14708D0E006F9AB4 /* SecDebugErrorMessages.strings in Resources */ = {isa = PBXBuildFile; fileRef = 18500F9A14708D0E006F9AB4 /* SecDebugErrorMessages.strings */; }; - 18500FA114708F19006F9AB4 /* SecErrorMessages.strings in Resources */ = {isa = PBXBuildFile; fileRef = 18500F9F14708F19006F9AB4 /* SecErrorMessages.strings */; }; - 1879B4AA146DCA18007E536C /* cssm.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 1879B4A9146DCA18007E536C /* cssm.mdsinfo */; }; - 1879B546146DE192007E536C /* libsecurity_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B538146DDBE5007E536C /* libsecurity_utilities.a */; }; - 1879B570146DE2E6007E536C /* libsecurity_cdsa_utils.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B54F146DE212007E536C /* libsecurity_cdsa_utils.a */; }; - 1879B571146DE2FF007E536C /* libsecurity_cssm.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1879B565146DE244007E536C /* libsecurity_cssm.a */; }; - 187A05B1170393FF0038C158 /* libaks.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18752C1D16F2837A004E2799 /* libaks.a */; }; - 187D6B9315D435BD00E27494 /* authorization.buttons.strings in Resources */ = {isa = PBXBuildFile; fileRef = 187D6B8F15D4359F00E27494 /* authorization.buttons.strings */; }; - 187D6B9415D435C700E27494 /* authorization.prompts.strings in Resources */ = {isa = PBXBuildFile; fileRef = 187D6B9115D4359F00E27494 /* authorization.prompts.strings */; }; - 187D6B9715D438AD00E27494 /* authorization.plist in Copy authorization.plist */ = {isa = PBXBuildFile; fileRef = 187D6B9515D436BF00E27494 /* authorization.plist */; }; - 187D6B9815D4476D00E27494 /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270EFD14CF429600B05E7F /* IOKit.framework */; }; - 1885B45214D9AB8100519375 /* libASN1.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1885B3F914D8D9B100519375 /* libASN1.a */; }; - 188AD8DC1471FE3E0081C619 /* FDELocalizable.strings in Resources */ = {isa = PBXBuildFile; fileRef = 188AD8D81471FE3D0081C619 /* FDELocalizable.strings */; }; - 188AD8DD1471FE3E0081C619 /* InfoPlist.strings in Resources */ = {isa = PBXBuildFile; fileRef = 188AD8DA1471FE3D0081C619 /* InfoPlist.strings */; }; - 189757871700CF4C00672567 /* libaks.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18752C1D16F2837A004E2799 /* libaks.a */; }; - 18A5493315EFD3690059E6DC /* dummy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 18A5493115EFD2F40059E6DC /* dummy.cpp */; }; - 18AD56A414CDE7BE008233F2 /* libSecItemShimOSX.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 186CDD1E14CA11C700AF9171 /* libSecItemShimOSX.a */; }; - 18B647EC14D9F20500F538BF /* oidsalg.h in Headers */ = {isa = PBXBuildFile; fileRef = 18B647E814D9EB6300F538BF /* oidsalg.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18B647ED14D9F20F00F538BF /* oidsattr.h in Headers */ = {isa = PBXBuildFile; fileRef = 18B647EA14D9EE4300F538BF /* oidsattr.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BBC7361471F5A300F2B224 /* SecExternalSourceTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = 18BBC7351471F5A300F2B224 /* SecExternalSourceTransform.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18BEB19A14CF7F8100C8BD36 /* com.apple.secd.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = 18BEB19614CF74C100C8BD36 /* com.apple.secd.plist */; }; - 18CD682717272EBC005345FB /* libaks.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18752C1D16F2837A004E2799 /* libaks.a */; }; - 18CD684E17272EE2005345FB /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270EFD14CF429600B05E7F /* IOKit.framework */; }; - 18CFEE8915DEE2C600E3F2A3 /* com.apple.authd.sb in Copy sandbox profile */ = {isa = PBXBuildFile; fileRef = 18CFEE8715DEE25200E3F2A3 /* com.apple.authd.sb */; }; - 18D6803B16B768F700DF6D2E /* com.apple.authd in Copy asl module */ = {isa = PBXBuildFile; fileRef = 18D6803916B768D500DF6D2E /* com.apple.authd */; }; - 18F2352115C9FA3C00060520 /* agent.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F234F915C9FA3B00060520 /* agent.c */; }; - 18F2352215C9FA3C00060520 /* authdb.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F234FB15C9FA3B00060520 /* authdb.c */; }; - 18F2352315C9FA3C00060520 /* authitems.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F234FD15C9FA3B00060520 /* authitems.c */; }; - 18F2352415C9FA3C00060520 /* authtoken.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F234FF15C9FA3B00060520 /* authtoken.c */; }; - 18F2352515C9FA3C00060520 /* authutilities.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F2350215C9FA3B00060520 /* authutilities.c */; }; - 18F2352615C9FA3C00060520 /* ccaudit.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F2350415C9FA3B00060520 /* ccaudit.c */; }; - 18F2352715C9FA3C00060520 /* crc.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F2350615C9FA3B00060520 /* crc.c */; }; - 18F2352815C9FA3C00060520 /* credential.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F2350815C9FA3B00060520 /* credential.c */; }; - 18F2352915C9FA3C00060520 /* debugging.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F2350A15C9FA3B00060520 /* debugging.c */; }; - 18F2352B15C9FA3C00060520 /* engine.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F2350F15C9FA3B00060520 /* engine.c */; }; - 18F2352C15C9FA3C00060520 /* main.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F2351115C9FA3B00060520 /* main.c */; }; - 18F2352D15C9FA3C00060520 /* mechanism.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F2351215C9FA3B00060520 /* mechanism.c */; }; - 18F2352E15C9FA3C00060520 /* object.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F2351415C9FA3C00060520 /* object.c */; }; - 18F2352F15C9FA3C00060520 /* process.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F2351615C9FA3C00060520 /* process.c */; }; - 18F2353015C9FA3C00060520 /* rule.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F2351815C9FA3C00060520 /* rule.c */; }; - 18F2353215C9FA3C00060520 /* server.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F2351D15C9FA3C00060520 /* server.c */; }; - 18F2353315C9FA3C00060520 /* session.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F2351F15C9FA3C00060520 /* session.c */; }; - 18F2353515C9FDB700060520 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB569146F4DCA000BF1F3 /* CoreFoundation.framework */; }; - 18F2353615C9FDD200060520 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CF42BB515A3947F00ACACE1 /* Security.framework */; }; - 18F2353715C9FDE400060520 /* libbsm.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB5B9146FF0BE000BF1F3 /* libbsm.dylib */; }; - 18F2353815C9FDEF00060520 /* libsqlite3.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB5AD146FEF43000BF1F3 /* libsqlite3.dylib */; }; - 18FE68021471A42900A2CBE3 /* SecDigestTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB3A3146F1BEC000BF1F3 /* SecDigestTransform.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68031471A42900A2CBE3 /* SecReadTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB3A4146F1BEC000BF1F3 /* SecReadTransform.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68041471A42900A2CBE3 /* SecTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB3A5146F1BEC000BF1F3 /* SecTransform.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68051471A42900A2CBE3 /* SecCustomTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB3A6146F1BEC000BF1F3 /* SecCustomTransform.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68061471A42900A2CBE3 /* SecDecodeTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB3A7146F1BEC000BF1F3 /* SecDecodeTransform.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68071471A42900A2CBE3 /* SecEncodeTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB3A8146F1BEC000BF1F3 /* SecEncodeTransform.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68081471A42900A2CBE3 /* SecEncryptTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB3A9146F1BEC000BF1F3 /* SecEncryptTransform.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68091471A42900A2CBE3 /* SecSignVerifyTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB3AA146F1BEC000BF1F3 /* SecSignVerifyTransform.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE680A1471A42900A2CBE3 /* SecTransformReadTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB3AB146F1BEC000BF1F3 /* SecTransformReadTransform.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE680B1471A42900A2CBE3 /* CipherSuite.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB36E146F13B4000BF1F3 /* CipherSuite.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE680C1471A42900A2CBE3 /* SecureTransport.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB36F146F13B4000BF1F3 /* SecureTransport.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE680D1471A42900A2CBE3 /* mds.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB356146F1198000BF1F3 /* mds.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE680E1471A42900A2CBE3 /* mds_schema.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB357146F1198000BF1F3 /* mds_schema.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE680F1471A42900A2CBE3 /* SecureDownload.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB315146F0E7E000BF1F3 /* SecureDownload.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68101471A42900A2CBE3 /* SecAccess.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB187146EAD4C000BF1F3 /* SecAccess.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68111471A42900A2CBE3 /* SecACL.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB188146EAD4C000BF1F3 /* SecACL.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68121471A42900A2CBE3 /* SecBase.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB189146EAD4C000BF1F3 /* SecBase.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68131471A42900A2CBE3 /* SecCertificate.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB18A146EAD4C000BF1F3 /* SecCertificate.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68141471A42900A2CBE3 /* SecIdentity.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB18B146EAD4C000BF1F3 /* SecIdentity.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68151471A42900A2CBE3 /* SecIdentitySearch.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB18C146EAD4C000BF1F3 /* SecIdentitySearch.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68161471A42900A2CBE3 /* SecItem.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB18D146EAD4C000BF1F3 /* SecItem.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68171471A42900A2CBE3 /* SecKey.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB18E146EAD4C000BF1F3 /* SecKey.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68181471A42900A2CBE3 /* SecKeychain.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB18F146EAD4C000BF1F3 /* SecKeychain.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68191471A42900A2CBE3 /* SecKeychainItem.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB190146EAD4C000BF1F3 /* SecKeychainItem.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE681A1471A42900A2CBE3 /* SecKeychainSearch.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB191146EAD4C000BF1F3 /* SecKeychainSearch.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE681B1471A42900A2CBE3 /* SecPolicy.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB192146EAD4C000BF1F3 /* SecPolicy.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE681C1471A42900A2CBE3 /* SecPolicySearch.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB193146EAD4C000BF1F3 /* SecPolicySearch.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE681D1471A42900A2CBE3 /* SecTrust.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB194146EAD4C000BF1F3 /* SecTrust.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE681E1471A42900A2CBE3 /* SecTrustedApplication.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB195146EAD4C000BF1F3 /* SecTrustedApplication.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE681F1471A42900A2CBE3 /* Security.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB196146EAD4C000BF1F3 /* Security.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68201471A42900A2CBE3 /* SecImportExport.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB197146EAD4C000BF1F3 /* SecImportExport.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68211471A42900A2CBE3 /* SecTrustSettings.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB198146EAD4C000BF1F3 /* SecTrustSettings.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68221471A42900A2CBE3 /* SecCertificateOIDs.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB199146EAD4C000BF1F3 /* SecCertificateOIDs.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68231471A42900A2CBE3 /* SecRandom.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB19A146EAD4C000BF1F3 /* SecRandom.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68241471A42900A2CBE3 /* SecTask.h in Headers */ = {isa = PBXBuildFile; fileRef = 1844617E146E9A8500B12992 /* SecTask.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68251471A42900A2CBE3 /* CodeSigning.h in Headers */ = {isa = PBXBuildFile; fileRef = 1844617F146E9A8500B12992 /* CodeSigning.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68261471A42900A2CBE3 /* CSCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = 18446180146E9A8500B12992 /* CSCommon.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68271471A42900A2CBE3 /* SecCode.h in Headers */ = {isa = PBXBuildFile; fileRef = 18446181146E9A8500B12992 /* SecCode.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68281471A42900A2CBE3 /* SecStaticCode.h in Headers */ = {isa = PBXBuildFile; fileRef = 18446182146E9A8500B12992 /* SecStaticCode.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68291471A42900A2CBE3 /* SecRequirement.h in Headers */ = {isa = PBXBuildFile; fileRef = 18446183146E9A8500B12992 /* SecRequirement.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE682A1471A42900A2CBE3 /* SecCodeHost.h in Headers */ = {isa = PBXBuildFile; fileRef = 18446184146E9A8500B12992 /* SecCodeHost.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE682B1471A42900A2CBE3 /* CMSDecoder.h in Headers */ = {isa = PBXBuildFile; fileRef = 18446170146E982800B12992 /* CMSDecoder.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE682C1471A42900A2CBE3 /* CMSEncoder.h in Headers */ = {isa = PBXBuildFile; fileRef = 18446171146E982800B12992 /* CMSEncoder.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE682D1471A42900A2CBE3 /* AuthorizationTags.h in Headers */ = {isa = PBXBuildFile; fileRef = 18446144146E923200B12992 /* AuthorizationTags.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE682E1471A42900A2CBE3 /* AuthSession.h in Headers */ = {isa = PBXBuildFile; fileRef = 18446145146E923200B12992 /* AuthSession.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE682F1471A42900A2CBE3 /* Authorization.h in Headers */ = {isa = PBXBuildFile; fileRef = 18446146146E923200B12992 /* Authorization.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68301471A42900A2CBE3 /* AuthorizationDB.h in Headers */ = {isa = PBXBuildFile; fileRef = 18446147146E923200B12992 /* AuthorizationDB.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68311471A42900A2CBE3 /* AuthorizationPlugin.h in Headers */ = {isa = PBXBuildFile; fileRef = 18446148146E923200B12992 /* AuthorizationPlugin.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68321471A42900A2CBE3 /* SecAsn1Coder.h in Headers */ = {isa = PBXBuildFile; fileRef = 184460AB146DFCC100B12992 /* SecAsn1Coder.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68331471A42900A2CBE3 /* SecAsn1Templates.h in Headers */ = {isa = PBXBuildFile; fileRef = 184460AC146DFCC100B12992 /* SecAsn1Templates.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68341471A42900A2CBE3 /* SecAsn1Types.h in Headers */ = {isa = PBXBuildFile; fileRef = 184460AD146DFCC100B12992 /* SecAsn1Types.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68351471A42900A2CBE3 /* certextensions.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4AD146DCA84007E536C /* certextensions.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68361471A42900A2CBE3 /* cssm.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4AE146DCA84007E536C /* cssm.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68371471A42900A2CBE3 /* cssmaci.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4AF146DCA84007E536C /* cssmaci.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68381471A42900A2CBE3 /* cssmapi.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4B0146DCA84007E536C /* cssmapi.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68391471A42900A2CBE3 /* cssmapple.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4B1146DCA84007E536C /* cssmapple.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE683A1471A42900A2CBE3 /* cssmcli.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4B2146DCA84007E536C /* cssmcli.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE683B1471A42900A2CBE3 /* cssmconfig.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4B3146DCA84007E536C /* cssmconfig.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE683C1471A42900A2CBE3 /* cssmcspi.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4B4146DCA84007E536C /* cssmcspi.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE683D1471A42900A2CBE3 /* cssmdli.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4B5146DCA84007E536C /* cssmdli.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE683E1471A42900A2CBE3 /* cssmerr.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4B6146DCA84007E536C /* cssmerr.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE683F1471A42900A2CBE3 /* cssmkrapi.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4B7146DCA84007E536C /* cssmkrapi.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68401471A42900A2CBE3 /* cssmkrspi.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4B8146DCA84007E536C /* cssmkrspi.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68411471A42900A2CBE3 /* cssmspi.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4B9146DCA84007E536C /* cssmspi.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68421471A42900A2CBE3 /* cssmtpi.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4BA146DCA84007E536C /* cssmtpi.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68431471A42900A2CBE3 /* cssmtype.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4BB146DCA84007E536C /* cssmtype.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68441471A42900A2CBE3 /* eisl.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4BC146DCA84007E536C /* eisl.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68451471A42900A2CBE3 /* emmspi.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4BD146DCA84007E536C /* emmspi.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68461471A42900A2CBE3 /* emmtype.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4BE146DCA84007E536C /* emmtype.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE68491471A42900A2CBE3 /* oidsbase.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4C1146DCA84007E536C /* oidsbase.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE684A1471A42900A2CBE3 /* oidscert.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4C2146DCA84007E536C /* oidscert.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE684B1471A42900A2CBE3 /* oidscrl.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4C3146DCA84007E536C /* oidscrl.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE684C1471A42900A2CBE3 /* x509defs.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4C4146DCA84007E536C /* x509defs.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18FE684D1471A46600A2CBE3 /* asn1Templates.h in Headers */ = {isa = PBXBuildFile; fileRef = 184460A1146DFCB700B12992 /* asn1Templates.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE684E1471A46600A2CBE3 /* AuthorizationPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 1844614F146E923B00B12992 /* AuthorizationPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE684F1471A46600A2CBE3 /* AuthorizationTagsPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 1844614E146E923B00B12992 /* AuthorizationTagsPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68501471A46600A2CBE3 /* certExtensionTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = 1844609A146DFCB700B12992 /* certExtensionTemplates.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68511471A46600A2CBE3 /* checkpw.h in Headers */ = {isa = PBXBuildFile; fileRef = 18446168146E95D700B12992 /* checkpw.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68521471A46600A2CBE3 /* CMSPrivate.h in Headers */ = {isa = PBXBuildFile; fileRef = 18446174146E982D00B12992 /* CMSPrivate.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68531471A46600A2CBE3 /* CSCommonPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 1844618C146E9A8F00B12992 /* CSCommonPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68541471A46600A2CBE3 /* csrTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = 1844609B146DFCB700B12992 /* csrTemplates.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68551471A46600A2CBE3 /* cssmapplePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 1879B4AB146DCA4A007E536C /* cssmapplePriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68561471A46600A2CBE3 /* keyTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = 184460A0146DFCB700B12992 /* keyTemplates.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68571471A46600A2CBE3 /* mdspriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB35A146F11A1000BF1F3 /* mdspriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68581471A46600A2CBE3 /* nameTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = 1844609D146DFCB700B12992 /* nameTemplates.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68591471A46600A2CBE3 /* ocspTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = 1844609C146DFCB700B12992 /* ocspTemplates.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE685A1471A46600A2CBE3 /* osKeyTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = 1844609F146DFCB700B12992 /* osKeyTemplates.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE685B1471A46600A2CBE3 /* SecAccessPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1B2146EAD5D000BF1F3 /* SecAccessPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE685C1471A46600A2CBE3 /* secasn1t.h in Headers */ = {isa = PBXBuildFile; fileRef = 18446099146DFCB700B12992 /* secasn1t.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE685D1471A46600A2CBE3 /* SecAssessment.h in Headers */ = {isa = PBXBuildFile; fileRef = 18446194146E9A8F00B12992 /* SecAssessment.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE685E1471A46600A2CBE3 /* SecBasePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1B3146EAD5D000BF1F3 /* SecBasePriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE685F1471A46600A2CBE3 /* SecCertificateBundle.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1B4146EAD5D000BF1F3 /* SecCertificateBundle.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68611471A46600A2CBE3 /* SecCertificatePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1B5146EAD5D000BF1F3 /* SecCertificatePriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68621471A46600A2CBE3 /* SecCertificateRequest.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1B6146EAD5D000BF1F3 /* SecCertificateRequest.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68631471A46600A2CBE3 /* SecCmsBase.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB383146F14D2000BF1F3 /* SecCmsBase.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68641471A46600A2CBE3 /* SecCmsContentInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB384146F14D2000BF1F3 /* SecCmsContentInfo.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68651471A46600A2CBE3 /* SecCmsDecoder.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB385146F14D2000BF1F3 /* SecCmsDecoder.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68661471A46600A2CBE3 /* SecCmsDigestContext.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB386146F14D2000BF1F3 /* SecCmsDigestContext.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68671471A46600A2CBE3 /* SecCmsDigestedData.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB387146F14D2000BF1F3 /* SecCmsDigestedData.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68681471A46600A2CBE3 /* SecCmsEncoder.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB388146F14D2000BF1F3 /* SecCmsEncoder.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68691471A46600A2CBE3 /* SecCmsEncryptedData.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB389146F14D2000BF1F3 /* SecCmsEncryptedData.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE686A1471A46600A2CBE3 /* SecCmsEnvelopedData.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB38A146F14D2000BF1F3 /* SecCmsEnvelopedData.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE686B1471A46600A2CBE3 /* SecCmsMessage.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB38B146F14D2000BF1F3 /* SecCmsMessage.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE686C1471A46600A2CBE3 /* SecCmsRecipientInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB38C146F14D2000BF1F3 /* SecCmsRecipientInfo.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE686D1471A46600A2CBE3 /* SecCmsSignedData.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB38D146F14D2000BF1F3 /* SecCmsSignedData.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE686E1471A46600A2CBE3 /* SecCmsSignerInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB38E146F14D2000BF1F3 /* SecCmsSignerInfo.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE686F1471A46600A2CBE3 /* SecCodeHostLib.h in Headers */ = {isa = PBXBuildFile; fileRef = 18446193146E9A8F00B12992 /* SecCodeHostLib.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68701471A46600A2CBE3 /* SecCodePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 1844618D146E9A8F00B12992 /* SecCodePriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68711471A46600A2CBE3 /* SecCodeSigner.h in Headers */ = {isa = PBXBuildFile; fileRef = 18446190146E9A8F00B12992 /* SecCodeSigner.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68721471A46600A2CBE3 /* SecFDERecoveryAsymmetricCrypto.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1AF146EAD5D000BF1F3 /* SecFDERecoveryAsymmetricCrypto.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68731471A46600A2CBE3 /* SecIdentityPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1B7146EAD5D000BF1F3 /* SecIdentityPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68741471A46600A2CBE3 /* SecIdentitySearchPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1C4146EAD5D000BF1F3 /* SecIdentitySearchPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68751471A46600A2CBE3 /* SecIntegrity.h in Headers */ = {isa = PBXBuildFile; fileRef = 18446191146E9A8F00B12992 /* SecIntegrity.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68761471A46600A2CBE3 /* SecIntegrityLib.h in Headers */ = {isa = PBXBuildFile; fileRef = 18446192146E9A8F00B12992 /* SecIntegrityLib.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68771471A46600A2CBE3 /* SecItemPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1CA146EAD5D000BF1F3 /* SecItemPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68781471A46600A2CBE3 /* SecKeychainItemExtendedAttributes.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1CB146EAD5D000BF1F3 /* SecKeychainItemExtendedAttributes.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68791471A46600A2CBE3 /* SecKeychainItemPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1B8146EAD5D000BF1F3 /* SecKeychainItemPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE687A1471A46600A2CBE3 /* SecKeychainPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1B9146EAD5D000BF1F3 /* SecKeychainPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE687B1471A46700A2CBE3 /* SecKeychainSearchPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1C5146EAD5D000BF1F3 /* SecKeychainSearchPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE687C1471A46700A2CBE3 /* SecKeyPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1BA146EAD5D000BF1F3 /* SecKeyPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE687D1471A46700A2CBE3 /* SecManifest.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB317146F0E94000BF1F3 /* SecManifest.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE687E1471A46700A2CBE3 /* SecNullTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB3B6146F1BF9000BF1F3 /* SecNullTransform.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE687F1471A46700A2CBE3 /* SecPassword.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1B0146EAD5D000BF1F3 /* SecPassword.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68801471A46700A2CBE3 /* SecPolicyPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1BB146EAD5D000BF1F3 /* SecPolicyPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68811471A46700A2CBE3 /* SecRandomP.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1CF146EAD5D000BF1F3 /* SecRandomP.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68821471A46700A2CBE3 /* SecRecoveryPassword.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1CE146EAD5D000BF1F3 /* SecRecoveryPassword.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68831471A46700A2CBE3 /* SecRequirementPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 1844618F146E9A8F00B12992 /* SecRequirementPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68841471A46700A2CBE3 /* SecSMIME.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB38F146F14D2000BF1F3 /* SecSMIME.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68851471A46700A2CBE3 /* SecStaticCodePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 1844618E146E9A8F00B12992 /* SecStaticCodePriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68861471A46700A2CBE3 /* SecTransformInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB3B7146F1BF9000BF1F3 /* SecTransformInternal.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68871471A46700A2CBE3 /* SecTrustedApplicationPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1BC146EAD5D000BF1F3 /* SecTrustedApplicationPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68881471A46700A2CBE3 /* SecTrustPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1BD146EAD5D000BF1F3 /* SecTrustPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE68891471A46700A2CBE3 /* SecTrustSettingsPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1C6146EAD5D000BF1F3 /* SecTrustSettingsPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE688A1471A46700A2CBE3 /* SecureDownloadInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB318146F0E94000BF1F3 /* SecureDownloadInternal.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE688B1471A46700A2CBE3 /* SecureTransportPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB372146F13BB000BF1F3 /* SecureTransportPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE688C1471A46700A2CBE3 /* TrustSettingsSchema.h in Headers */ = {isa = PBXBuildFile; fileRef = 182BB1C8146EAD5D000BF1F3 /* TrustSettingsSchema.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18FE688D1471A46700A2CBE3 /* X509Templates.h in Headers */ = {isa = PBXBuildFile; fileRef = 1844609E146DFCB700B12992 /* X509Templates.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 1FDA9ABC1C4489280083929D /* SecTranslocate.h in Headers */ = {isa = PBXBuildFile; fileRef = 1FDA9ABB1C4489280083929D /* SecTranslocate.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 1FDA9ABD1C448DFC0083929D /* libsecurity_translocate.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1F6FC6001C3D9D90001C758F /* libsecurity_translocate.a */; }; - 3705CAD91A896E0600402F75 /* main.c in Sources */ = {isa = PBXBuildFile; fileRef = 3705CACD1A896DA800402F75 /* main.c */; }; - 3705CADA1A896E0F00402F75 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB569146F4DCA000BF1F3 /* CoreFoundation.framework */; }; - 371AB2F21A04052E00A08CF2 /* teamid.sh in CopyFiles */ = {isa = PBXBuildFile; fileRef = 371AB2CA1A04050700A08CF2 /* teamid.sh */; }; - 375370891A8A981E0026B912 /* LocalCaspianTestRun.sh in CopyFiles */ = {isa = PBXBuildFile; fileRef = 37CD05041A8A96DD0053CCD0 /* LocalCaspianTestRun.sh */; }; - 3792614F1A89771A008ADD3C /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 3705CADB1A896E1A00402F75 /* Security.framework */; }; - 37A7CEAE197DB8FA00926CE8 /* FatDynamicValidation.c in Sources */ = {isa = PBXBuildFile; fileRef = 37A7CEAD197DB8FA00926CE8 /* FatDynamicValidation.c */; }; - 37A7CEDD197DCEE500926CE8 /* validation.sh in CopyFiles */ = {isa = PBXBuildFile; fileRef = 37A7CEDB197DCDD700926CE8 /* validation.sh */; }; - 37AB39121A44A88000B56E04 /* gk_reset_check.c in Sources */ = {isa = PBXBuildFile; fileRef = 37AB39111A44A88000B56E04 /* gk_reset_check.c */; }; - 37AB393D1A44A8C300B56E04 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB569146F4DCA000BF1F3 /* CoreFoundation.framework */; }; - 37CD05031A8A88320053CCD0 /* CaspianTests in CopyFiles */ = {isa = PBXBuildFile; fileRef = 37CD05021A8A87E50053CCD0 /* CaspianTests */; }; - 395E7CEE16C64EA500CD82A4 /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 395E7CED16C64EA500CD82A4 /* SystemConfiguration.framework */; }; - 39BFB04516D304DE0022564B /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 395E7CED16C64EA500CD82A4 /* SystemConfiguration.framework */; }; - 431B737F1B27762C00EB0360 /* CloudServices.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 431B73571B27762300EB0360 /* CloudServices.framework */; }; - 431B73C11B2777A200EB0360 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C12894015FFECF3008CE3E3 /* libutilities.a */; }; - 432800841B4CE731002E8525 /* libaks.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18752C1D16F2837A004E2799 /* libaks.a */; }; - 4328FE9B1B4CDBA5002E8525 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB569146F4DCA000BF1F3 /* CoreFoundation.framework */; }; - 4328FED11B4CDC11002E8525 /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 395E7CED16C64EA500CD82A4 /* SystemConfiguration.framework */; }; - 43651E021B016BE8008C4B88 /* CrashReporterSupport.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 43651E011B016BE8008C4B88 /* CrashReporterSupport.framework */; }; - 438166AB1B4EC98000C54D58 /* libctkclient.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4469FC011AA0A56F0021AA26 /* libctkclient.a */; }; - 4381B9A91B28C6B2002BBC79 /* CloudServices.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 431B73571B27762300EB0360 /* CloudServices.framework */; }; - 4381B9AA1B28E09F002BBC79 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C12894015FFECF3008CE3E3 /* libutilities.a */; }; - 43A599161B0CFCAB00D14A7B /* CloudKeychain.strings in CopyFiles */ = {isa = PBXBuildFile; fileRef = 43A598591B0CF2AB00D14A7B /* CloudKeychain.strings */; }; - 43C3B0D51AFD56B700786702 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CF42BB515A3947F00ACACE1 /* Security.framework */; }; - 43C3B2681AFD5B4800786702 /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270EFD14CF429600B05E7F /* IOKit.framework */; }; - 43C3B35A1AFD5E1800786702 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB569146F4DCA000BF1F3 /* CoreFoundation.framework */; }; - 4469FC291AA0A5AF0021AA26 /* libctkclient_test.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4469FC001AA0A56F0021AA26 /* libctkclient_test.a */; }; - 44A655A71AA4B4F30059D185 /* libctkclient.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4469FC011AA0A56F0021AA26 /* libctkclient.a */; }; - 44A655CF1AA4B4F50059D185 /* libctkclient.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4469FC011AA0A56F0021AA26 /* libctkclient.a */; }; - 44B2606818F81A7D008DF20F /* SecAccessControl.h in Headers */ = {isa = PBXBuildFile; fileRef = 44B2603E18F81A6A008DF20F /* SecAccessControl.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 44B2606A18F81C0F008DF20F /* SecAccessControlPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 44B2606918F81BFE008DF20F /* SecAccessControlPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 44D78BB71A0A613900B63C6C /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 44D78B8F1A0A611C00B63C6C /* libaks_acl.a */; }; - 44D78BB81A0A615500B63C6C /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 44D78B8F1A0A611C00B63C6C /* libaks_acl.a */; }; - 44D78BB91A0A615800B63C6C /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 44D78B8F1A0A611C00B63C6C /* libaks_acl.a */; }; - 44D78BBA1A0A616200B63C6C /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 44D78B8F1A0A611C00B63C6C /* libaks_acl.a */; }; - 44D78BBB1A0A617700B63C6C /* libcoreauthd_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E27BBFA18F4103100B6C79A /* libcoreauthd_client.a */; }; - 44F7912019FFED88008B8147 /* libcoreauthd_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E27BBFA18F4103100B6C79A /* libcoreauthd_client.a */; }; - 486326331CAA0C6500A466D9 /* com.apple.securityd.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = 486326321CAA0C6500A466D9 /* com.apple.securityd.plist */; }; - 48FDA8771AF98A3600A9366F /* SOSCloudCircleInternal.h in Copy SecureObjectSync Headers */ = {isa = PBXBuildFile; fileRef = 48FDA84D1AF989F600A9366F /* SOSCloudCircleInternal.h */; }; - 4A5C1790161A9DFB00ABF784 /* authd_private.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 18F2351A15C9FA3C00060520 /* authd_private.h */; }; - 4C01DF14164C3E7C006798CD /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C1288EA15FFE9D7008CE3E3 /* libSecureObjectSync.a */; }; - 4C0F6F871985877800178101 /* SecEntitlements.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C0F6F861985877800178101 /* SecEntitlements.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 4C2505B716D2DF9F002CE025 /* Icon.icns in Resources */ = {isa = PBXBuildFile; fileRef = 4C2505B616D2DF9F002CE025 /* Icon.icns */; }; - 4C328D301778EC4F0015EED1 /* AOSUI.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C328D2F1778EC4F0015EED1 /* AOSUI.framework */; }; - 4C49390D16E51ACE00CE110C /* com.apple.security.keychain-circle-notification.plist in Resources */ = {isa = PBXBuildFile; fileRef = 4C49390C16E51ACE00CE110C /* com.apple.security.keychain-circle-notification.plist */; }; - 4C49390F16E51FC700CE110C /* com.apple.security.keychain-circle-notification.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = 4C49390C16E51ACE00CE110C /* com.apple.security.keychain-circle-notification.plist */; }; - 4C5DD46A17A5E5D000696A79 /* KNPersistentState.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C5DD44317A5E31900696A79 /* KNPersistentState.m */; }; - 4C5DD46C17A5F67300696A79 /* AppleSystemInfo.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C5DD46B17A5F67300696A79 /* AppleSystemInfo.framework */; }; - 4C7D453D17BEE69B00DDD88F /* NSString+compactDescription.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C7D453C17BEE69B00DDD88F /* NSString+compactDescription.m */; }; - 4C7D456817BEED0400DDD88F /* NSDictionary+compactDescription.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C7D456517BEE6B700DDD88F /* NSDictionary+compactDescription.m */; }; - 4C7D456917BEED1400DDD88F /* NSSet+compactDescription.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C7D456717BEE6B700DDD88F /* NSSet+compactDescription.m */; }; - 4C7D8765160A74C400D041E3 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C12894015FFECF3008CE3E3 /* libutilities.a */; }; - 4C85DEDA16DBD5BF00ED8D47 /* KDCirclePeer.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C85DED916DBD5BF00ED8D47 /* KDCirclePeer.m */; }; - 4C85DEDB16DBD5BF00ED8D47 /* KDCirclePeer.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C85DED916DBD5BF00ED8D47 /* KDCirclePeer.m */; }; - 4C8D8651177A752D0019A804 /* libsecipc_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270F6014CF655B00B05E7F /* libsecipc_client.a */; }; - 4C96F76016D5462F00D3B39D /* KDSecCircle.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C96F73916D5372C00D3B39D /* KDSecCircle.m */; }; - 4C96F7C216D6DF8400D3B39D /* Cocoa.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5214700716977CB800DF0DB3 /* Cocoa.framework */; }; - 4C96F7C816D6DF8400D3B39D /* InfoPlist.strings in Resources */ = {isa = PBXBuildFile; fileRef = 4C96F7C616D6DF8400D3B39D /* InfoPlist.strings */; }; - 4C96F7CA16D6DF8400D3B39D /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C96F7C916D6DF8400D3B39D /* main.m */; }; - 4C96F7D116D6DF8400D3B39D /* KNAppDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C96F7D016D6DF8400D3B39D /* KNAppDelegate.m */; }; - 4C96F7D416D6DF8400D3B39D /* MainMenu.xib in Resources */ = {isa = PBXBuildFile; fileRef = 4C96F7D216D6DF8400D3B39D /* MainMenu.xib */; }; - 4C97761E17BEB23E0002BFE4 /* AOSAccounts.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C97761D17BEB23E0002BFE4 /* AOSAccounts.framework */; }; - 4CAEACCC16D6FBF600263776 /* KDSecCircle.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C96F73916D5372C00D3B39D /* KDSecCircle.m */; }; - 4CAEACCD16D6FC7600263776 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CF42BB515A3947F00ACACE1 /* Security.framework */; }; - 4CB23B47169F5873003A0131 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB569146F4DCA000BF1F3 /* CoreFoundation.framework */; }; - 4CB23B4C169F5873003A0131 /* security2.1 in CopyFiles */ = {isa = PBXBuildFile; fileRef = 4CB23B4B169F5873003A0131 /* security2.1 */; }; - 4CB23B81169F58DE003A0131 /* security_tool_commands.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CB23B80169F58DE003A0131 /* security_tool_commands.c */; }; - 4CB23B89169F5990003A0131 /* libSecurityTool.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CB23B76169F5873003A0131 /* libSecurityTool.a */; }; - 4CB23B8A169F599A003A0131 /* libSecurityCommands.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CB23B78169F5873003A0131 /* libSecurityCommands.a */; }; - 4CB23B8B169F599A003A0131 /* libSOSCommands.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CB23B7A169F5873003A0131 /* libSOSCommands.a */; }; - 4CB23B8C169F59AD003A0131 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C12894015FFECF3008CE3E3 /* libutilities.a */; }; - 4CB86AF1167A6FF300F46643 /* SOSCloudCircle.h in Copy SecureObjectSync Headers */ = {isa = PBXBuildFile; fileRef = 4CB86AE7167A6FF200F46643 /* SOSCloudCircle.h */; }; - 4CB86AF7167A6FF300F46643 /* SOSPeerInfo.h in Copy SecureObjectSync Headers */ = {isa = PBXBuildFile; fileRef = 4CB86AED167A6FF300F46643 /* SOSPeerInfo.h */; }; - 4CC7A7B416CC2A85003E10C1 /* Cocoa.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5214700716977CB800DF0DB3 /* Cocoa.framework */; }; - 4CC7A7BA16CC2A85003E10C1 /* InfoPlist.strings in Resources */ = {isa = PBXBuildFile; fileRef = 4CC7A7B816CC2A85003E10C1 /* InfoPlist.strings */; }; - 4CC7A7BC16CC2A85003E10C1 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = 4CC7A7BB16CC2A85003E10C1 /* main.m */; }; - 4CC7A7C016CC2A85003E10C1 /* Credits.rtf in Resources */ = {isa = PBXBuildFile; fileRef = 4CC7A7BE16CC2A85003E10C1 /* Credits.rtf */; }; - 4CC7A7C316CC2A85003E10C1 /* KDAppDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = 4CC7A7C216CC2A85003E10C1 /* KDAppDelegate.m */; }; - 4CC7A7C616CC2A85003E10C1 /* MainMenu.xib in Resources */ = {isa = PBXBuildFile; fileRef = 4CC7A7C416CC2A85003E10C1 /* MainMenu.xib */; }; - 4CC7A7F616CD99E2003E10C1 /* KDSecItems.m in Sources */ = {isa = PBXBuildFile; fileRef = 4CC7A7F516CD95D3003E10C1 /* KDSecItems.m */; }; - 4CD1980D16DD3BDF00A9E8FD /* NSArray+mapWithBlock.m in Sources */ = {isa = PBXBuildFile; fileRef = 4CD1980C16DD3BDF00A9E8FD /* NSArray+mapWithBlock.m */; }; - 4CD1980E16DD3BDF00A9E8FD /* NSArray+mapWithBlock.m in Sources */ = {isa = PBXBuildFile; fileRef = 4CD1980C16DD3BDF00A9E8FD /* NSArray+mapWithBlock.m */; }; - 4CE7EAA31AEAF5230067F5BD /* SecItemBackup.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CE7EA7D1AEAF50F0067F5BD /* SecItemBackup.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 5208BF4F16A0993C0062DDC5 /* libsecurity.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18D4053B14CE2C1600A2BE4E /* libsecurity.a */; }; - 5208C0D716A0C96F0062DDC5 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C1288EA15FFE9D7008CE3E3 /* libSecureObjectSync.a */; }; - 5241C60D16DC1BA100DB5C6F /* libSecOtrOSX.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C1288F215FFE9D7008CE3E3 /* libSecOtrOSX.a */; }; - 5244926A1AFD6CB70043695A /* der_plist.h in Headers */ = {isa = PBXBuildFile; fileRef = 524492691AFD6CB70043695A /* der_plist.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 52669053169D181900ED8231 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CF42BB515A3947F00ACACE1 /* Security.framework */; }; - 529E948D169E29470000AC9B /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 18FE67EA1471A3AA00A2CBE3 /* Security.framework */; }; - 52AEA489153C778C005AFC59 /* tsaSupportPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 52AEA484153C7581005AFC59 /* tsaSupportPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 52B006C015238F76005D4556 /* TimeStampingPrefs.plist in Resources */ = {isa = PBXBuildFile; fileRef = 52B006BF15238F76005D4556 /* TimeStampingPrefs.plist */; }; - 52B5A9C21519330300664F11 /* tsaSupport.h in Headers */ = {isa = PBXBuildFile; fileRef = 52B5A9C01519330300664F11 /* tsaSupport.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 52B5A9C31519330300664F11 /* tsaTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = 52B5A9C11519330300664F11 /* tsaTemplates.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 52CD052316A0E24900218387 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CF42BB515A3947F00ACACE1 /* Security.framework */; }; - 52F8DDFA1AF2E56700A2C271 /* SOSViews.h in Copy SecureObjectSync Headers */ = {isa = PBXBuildFile; fileRef = 52F8DDF91AF2E56600A2C271 /* SOSViews.h */; }; - 52F8DE211AF2E57300A2C271 /* SOSBackupSliceKeyBag.h in Copy SecureObjectSync Headers */ = {isa = PBXBuildFile; fileRef = 52F8DE201AF2E57300A2C271 /* SOSBackupSliceKeyBag.h */; }; - 52F8DE4C1AF2EB6600A2C271 /* SOSTypes.h in Copy SecureObjectSync Headers */ = {isa = PBXBuildFile; fileRef = 52F8DE4B1AF2EB6600A2C271 /* SOSTypes.h */; }; - 532847791785076B009118DC /* Localizable.strings in Resources */ = {isa = PBXBuildFile; fileRef = 5328475117850741009118DC /* Localizable.strings */; }; - 5E605AFC1AB859B70049FA14 /* libcoreauthd_test_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E605AFB1AB859B70049FA14 /* libcoreauthd_test_client.a */; }; - 5E6344221D4B834600A23FB4 /* authorization.dfr.prompts-BBBAA77A32-C4EBFEA440.strings in Resources */ = {isa = PBXBuildFile; fileRef = 5E6343FC1D4B6FF800A23FB4 /* authorization.dfr.prompts-BBBAA77A32-C4EBFEA440.strings */; }; - 5E7AF4731ACD64AC00005140 /* libACM.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E7AF4721ACD64AC00005140 /* libACM.a */; }; - 5E7AF49B1ACD64E600005140 /* libACM.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E7AF4721ACD64AC00005140 /* libACM.a */; }; - 5EC01FEE1B0CA7E0009FBB75 /* sec_acl_stress.c in Sources */ = {isa = PBXBuildFile; fileRef = 5EC01FED1B0CA7E0009FBB75 /* sec_acl_stress.c */; }; - 5ED88B451B0DE63E00F3B047 /* libsecurityd.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270C7D14CE573D00B05E7F /* libsecurityd.a */; }; - 5EF7C23E1B00E48200E5E99C /* main.c in Sources */ = {isa = PBXBuildFile; fileRef = 5EF7C23A1B00E48200E5E99C /* main.c */; }; - 5EF7C2401B00E4C300E5E99C /* libregressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 0CC3356016C1EF5D00399E53 /* libregressions.a */; }; - 5EF7C24A1B00E6E300E5E99C /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 1807384B146D0D4E00F05C24 /* Security.framework */; }; - 5EF7C24B1B00E71D00E5E99C /* libsecurity.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18D4053B14CE2C1600A2BE4E /* libsecurity.a */; }; - 5EF7C24C1B00E76F00E5E99C /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C1288EA15FFE9D7008CE3E3 /* libSecureObjectSync.a */; }; - 5EF7C24E1B00E80000E5E99C /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C12894015FFECF3008CE3E3 /* libutilities.a */; }; - 5EF7C24F1B00EA5200E5E99C /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 44D78B8F1A0A611C00B63C6C /* libaks_acl.a */; }; - 5EF7C2501B00EA7A00E5E99C /* libACM.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E7AF4721ACD64AC00005140 /* libACM.a */; }; - 5EF7C2511B00EAF100E5E99C /* libcoreauthd_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E27BBFA18F4103100B6C79A /* libcoreauthd_client.a */; }; - 5EF7C2521B00EB0A00E5E99C /* libaks.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18752C1D16F2837A004E2799 /* libaks.a */; }; - 5EFB69C31B0CC16F0095A36E /* libsecipc_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270F6014CF655B00B05E7F /* libsecipc_client.a */; }; - 6C721DB11D3D18D700888AE1 /* login.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 6C721DB01D3D18D700888AE1 /* login.framework */; }; - 6C721DD61D3D18EC00888AE1 /* login.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 6C721DB01D3D18D700888AE1 /* login.framework */; }; - 7A21DAE619B7F27C0007D37F /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270EFD14CF429600B05E7F /* IOKit.framework */; }; - 8E64DB4A1C17C26F0076C9DF /* libDER.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1831329A14EB2C6D00F0BCAC /* libDER.a */; }; - 8E64DB4B1C17C2830076C9DF /* libASN1.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1831329914EB2C6D00F0BCAC /* libASN1.a */; }; - 8EC74B8D1DA578EE00D7D801 /* MobileKeyBag.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 8EC74B8C1DA578EE00D7D801 /* MobileKeyBag.framework */; }; - 8EC74BB21DA57A0300D7D801 /* MobileKeyBag.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 8EC74B8C1DA578EE00D7D801 /* MobileKeyBag.framework */; }; - 8EC74BB31DA57B1000D7D801 /* MobileKeyBag.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 8EC74B8C1DA578EE00D7D801 /* MobileKeyBag.framework */; }; - AAF3DCCB1666D03300376593 /* libsecurity_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18F235F715CA0D9D00060520 /* libsecurity_utilities.a */; }; - AC5688BC18B4396D00F0526C /* SecCMS.h in Headers */ = {isa = PBXBuildFile; fileRef = AC5688BA18B4396D00F0526C /* SecCMS.h */; settings = {ATTRIBUTES = (Private, ); }; }; - ACB6171918B5231800EBEDD7 /* libsecurity_smime_regressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = ACB6171818B5231800EBEDD7 /* libsecurity_smime_regressions.a */; }; - BE48AE031ADF1DF4000836C1 /* server.c in Sources */ = {isa = PBXBuildFile; fileRef = 18270EF314CF333400B05E7F /* server.c */; }; - BE48AE051ADF1DF4000836C1 /* libACM.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E7AF4721ACD64AC00005140 /* libACM.a */; }; - BE48AE061ADF1DF4000836C1 /* libcoreauthd_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E27BBFA18F4103100B6C79A /* libcoreauthd_client.a */; }; - BE48AE071ADF1DF4000836C1 /* libaks.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18752C1D16F2837A004E2799 /* libaks.a */; }; - BE48AE081ADF1DF4000836C1 /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 395E7CED16C64EA500CD82A4 /* SystemConfiguration.framework */; }; - BE48AE0A1ADF1DF4000836C1 /* libsecurity_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18F235F715CA0D9D00060520 /* libsecurity_utilities.a */; }; - BE48AE0B1ADF1DF4000836C1 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C12894015FFECF3008CE3E3 /* libutilities.a */; }; - BE48AE0C1ADF1DF4000836C1 /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 44D78B8F1A0A611C00B63C6C /* libaks_acl.a */; }; - BE48AE0E1ADF1DF4000836C1 /* libASN1.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1831329914EB2C6D00F0BCAC /* libASN1.a */; }; - BE48AE0F1ADF1DF4000836C1 /* libDER.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1831329A14EB2C6D00F0BCAC /* libDER.a */; }; - BE48AE101ADF1DF4000836C1 /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270EFD14CF429600B05E7F /* IOKit.framework */; }; - BE48AE111ADF1DF4000836C1 /* libsqlite3.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB5AD146FEF43000BF1F3 /* libsqlite3.dylib */; }; - BE48AE121ADF1DF4000836C1 /* libbsm.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB5B9146FF0BE000BF1F3 /* libbsm.dylib */; }; - BE48AE151ADF1DF4000836C1 /* libctkclient.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4469FC011AA0A56F0021AA26 /* libctkclient.a */; }; - BE48AE171ADF1DF4000836C1 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 182BB569146F4DCA000BF1F3 /* CoreFoundation.framework */; }; - BE48AE181ADF1DF4000836C1 /* CFNetwork.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270EFB14CF427800B05E7F /* CFNetwork.framework */; }; - BE48AE251ADF1FD3000836C1 /* com.apple.trustd.agent.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = BE48AE241ADF1FD3000836C1 /* com.apple.trustd.agent.plist */; }; - BE48AE271ADF2016000836C1 /* com.apple.trustd.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = BE48AE261ADF2011000836C1 /* com.apple.trustd.plist */; }; - BE8C5F0A16F7CE450074CF86 /* framework.sb in Resources */ = {isa = PBXBuildFile; fileRef = BE8C5F0916F7CE450074CF86 /* framework.sb */; }; - BE8D22C01ABB74C3009A4E18 /* libSecTrustOSX.a in Frameworks */ = {isa = PBXBuildFile; fileRef = BE8D22BC1ABB747B009A4E18 /* libSecTrustOSX.a */; }; - BEC3A76816F79497003E5634 /* SecTaskPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = BEC3A76716F79497003E5634 /* SecTaskPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - C2407A1B1B30BBF30067E6AE /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C12894015FFECF3008CE3E3 /* libutilities.a */; }; - C288A0891505796F00E773B7 /* libOpenScriptingUtil.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = C288A0881505795D00E773B7 /* libOpenScriptingUtil.dylib */; settings = {ATTRIBUTES = (Weak, ); }; }; - CD8B5A9D1B618ED9004D4AEF /* SOSPeerInfoPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = CD8B5A9C1B618ED9004D4AEF /* SOSPeerInfoPriv.h */; }; - CDDE9D1E1729E2E60013B0E8 /* SecPasswordGenerate.h in Headers */ = {isa = PBXBuildFile; fileRef = CDDE9D1C1729DF250013B0E8 /* SecPasswordGenerate.h */; settings = {ATTRIBUTES = (Private, ); }; }; - D41685841B3A288F001FB54E /* oids.h in Headers */ = {isa = PBXBuildFile; fileRef = D41685831B3A288F001FB54E /* oids.h */; settings = {ATTRIBUTES = (Public, ); }; }; - D42817D01C6000E1007F95D8 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 1807384B146D0D4E00F05C24 /* Security.framework */; }; - D42CFD771BFD3379008C8737 /* libDER.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1831329A14EB2C6D00F0BCAC /* libDER.a */; }; - D42FA82B1C9B8D3D003E46A7 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = D42FA82A1C9B8D3D003E46A7 /* main.m */; }; - D42FA8451C9B8FDE003E46A7 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = D42FA8441C9B8FDE003E46A7 /* Foundation.framework */; }; - D42FA8461C9B9000003E46A7 /* libsecurity_cms_regressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = D4CBC1281BE981DE00C5795E /* libsecurity_cms_regressions.a */; }; - D42FA8471C9B9000003E46A7 /* libsecurity_keychain_regressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 0CBD50B316C325F000713B6C /* libsecurity_keychain_regressions.a */; }; - D42FA8481C9B9000003E46A7 /* libsecurity_smime_regressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = ACB6171818B5231800EBEDD7 /* libsecurity_smime_regressions.a */; }; - D42FA8491C9B9000003E46A7 /* libsecurity_ssl_regressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 0C6D77CF15C8B66000BB4405 /* libsecurity_ssl_regressions.a */; }; - D42FA84A1C9B900A003E46A7 /* libSharedRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = D40772181C9B52210016AA66 /* libSharedRegressions.a */; }; - D42FA84B1C9B9013003E46A7 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C12894015FFECF3008CE3E3 /* libutilities.a */; }; - D42FA84D1C9B901E003E46A7 /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = D42FA84C1C9B901E003E46A7 /* IOKit.framework */; }; - D42FA84E1C9B903F003E46A7 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 1807384B146D0D4E00F05C24 /* Security.framework */; }; - D42FA8501C9B9047003E46A7 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = D42FA84F1C9B9047003E46A7 /* CoreFoundation.framework */; }; - D42FA87D1C9B9186003E46A7 /* si-82-sectrust-ct-logs.plist in Resources */ = {isa = PBXBuildFile; fileRef = D42FA87C1C9B9186003E46A7 /* si-82-sectrust-ct-logs.plist */; }; - D42FA8E91C9B95EC003E46A7 /* libregressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 0CC3356016C1EF5D00399E53 /* libregressions.a */; }; - D42FA8EA1C9BAA44003E46A7 /* bc-10-knife-on-bread.m in Sources */ = {isa = PBXBuildFile; fileRef = EB22F3F518A26BA50016A8EC /* bc-10-knife-on-bread.m */; }; - D42FA8EB1C9BAAD5003E46A7 /* libaks.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18752C1D16F2837A004E2799 /* libaks.a */; }; - D447C0C21D2C9BAB0082FC1D /* libDiagnosticMessagesClient.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = D447C0C11D2C9BAB0082FC1D /* libDiagnosticMessagesClient.dylib */; }; - D447C0E71D2C9C390082FC1D /* libDiagnosticMessagesClient.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = D447C0C11D2C9BAB0082FC1D /* libDiagnosticMessagesClient.dylib */; }; - D45FC3E11C9E068700509CDA /* libsecurityd.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270C7D14CE573D00B05E7F /* libsecurityd.a */; }; - D45FC3E41C9E06B500509CDA /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C1288EA15FFE9D7008CE3E3 /* libSecureObjectSync.a */; }; - D467D0EA1C9DF27100C9DE3E /* libsecipc_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270F6014CF655B00B05E7F /* libsecipc_client.a */; }; - D47F51221C3B80DF00A7CEFE /* SecCFAllocator.h in Headers */ = {isa = PBXBuildFile; fileRef = D47F51211C3B80DE00A7CEFE /* SecCFAllocator.h */; settings = {ATTRIBUTES = (Private, ); }; }; - D4CBC1451BE981F600C5795E /* libsecurity_cms_regressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = D4CBC1281BE981DE00C5795E /* libsecurity_cms_regressions.a */; }; - D4D886C41CEBDBEB00DC7583 /* ssl-policy-certs in Resources */ = {isa = PBXBuildFile; fileRef = D4D886C31CEBDBEB00DC7583 /* ssl-policy-certs */; }; - D4D886F31CED01F800DC7583 /* nist-certs in Resources */ = {isa = PBXBuildFile; fileRef = D4D886F21CED01F800DC7583 /* nist-certs */; }; - D4D886FE1CED07B400DC7583 /* Digisign-Server-ID-Enrich-Entrust-Cert.crt in Copy DigicertMalaysia Resources */ = {isa = PBXBuildFile; fileRef = D4D886FA1CED07B400DC7583 /* Digisign-Server-ID-Enrich-Entrust-Cert.crt */; }; - D4D886FF1CED07B400DC7583 /* Digisign-Server-ID-Enrich-GTETrust-Cert.crt in Copy DigicertMalaysia Resources */ = {isa = PBXBuildFile; fileRef = D4D886FB1CED07B400DC7583 /* Digisign-Server-ID-Enrich-GTETrust-Cert.crt */; }; - D4D887001CED07B400DC7583 /* Invalid-webmail.jaring.my.crt in Copy DigicertMalaysia Resources */ = {isa = PBXBuildFile; fileRef = D4D886FC1CED07B400DC7583 /* Invalid-webmail.jaring.my.crt */; }; - D4D887011CED07B400DC7583 /* Invalid-www.cybersecurity.my.crt in Copy DigicertMalaysia Resources */ = {isa = PBXBuildFile; fileRef = D4D886FD1CED07B400DC7583 /* Invalid-www.cybersecurity.my.crt */; }; - D4D8871B1CED081700DC7583 /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = D4D887041CED081500DC7583 /* diginotar-public-ca-2025-Cert.crt */; }; - D4D8871C1CED081700DC7583 /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = D4D887051CED081500DC7583 /* diginotar-services-1024-entrust-secure-server-Cert.crt */; }; - D4D8871D1CED081700DC7583 /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = D4D887061CED081500DC7583 /* diginotar-services-diginotar-root-Cert.crt */; }; - D4D8871E1CED081700DC7583 /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = D4D887071CED081500DC7583 /* diginotar.cyberca-gte.global.root-Cert.crt */; }; - D4D8871F1CED081700DC7583 /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = D4D887081CED081500DC7583 /* diginotar.extended.validation-diginotar.root.ca-Cert.crt */; }; - D4D887201CED081700DC7583 /* diginotar.root.ca-entrust-secure-server-Cert.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = D4D887091CED081500DC7583 /* diginotar.root.ca-entrust-secure-server-Cert.crt */; }; - D4D887231CED081700DC7583 /* Invalid-asterisk.google.com.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = D4D8870C1CED081600DC7583 /* Invalid-asterisk.google.com.crt */; }; - D4D887241CED081700DC7583 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = D4D8870D1CED081600DC7583 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt */; }; - D4D887251CED081700DC7583 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = D4D8870E1CED081600DC7583 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt */; }; - D4D887261CED081700DC7583 /* Invalid-diginotarpkioverheidcaoverheid.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = D4D8870F1CED081600DC7583 /* Invalid-diginotarpkioverheidcaoverheid.crt */; }; - D4D887271CED081700DC7583 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = D4D887101CED081600DC7583 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt */; }; - D4D887281CED081700DC7583 /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = D4D887111CED081600DC7583 /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt */; }; - D4D887291CED081700DC7583 /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = D4D887121CED081600DC7583 /* Invalid-webmail.portofamsterdam.nl.crt */; }; - D4D8872A1CED081700DC7583 /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = D4D887131CED081600DC7583 /* Invalid-webmail.terneuzen.nl-diginotar-services.crt */; }; - D4D8872B1CED081700DC7583 /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = D4D887141CED081600DC7583 /* Invalid-www.maestre.com-diginotal.extended.validation.crt */; }; - D4D8872C1CED081700DC7583 /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = D4D887151CED081600DC7583 /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt */; }; - D4D8872D1CED081700DC7583 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = D4D887161CED081700DC7583 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt */; }; - D4D8872F1CED081700DC7583 /* staatdernederlandenorganisatieca-g2-Cert.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = D4D887181CED081700DC7583 /* staatdernederlandenorganisatieca-g2-Cert.crt */; }; - D4D887301CED081700DC7583 /* staatdernederlandenoverheidca-Cert.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = D4D887191CED081700DC7583 /* staatdernederlandenoverheidca-Cert.crt */; }; - D4D887321CED093200DC7583 /* Invalid-asterisk.google.com.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = D4D8870C1CED081600DC7583 /* Invalid-asterisk.google.com.crt */; }; - D4D887331CED093A00DC7583 /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = D4D887111CED081600DC7583 /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt */; }; - D4D887341CED094200DC7583 /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = D4D887131CED081600DC7583 /* Invalid-webmail.terneuzen.nl-diginotar-services.crt */; }; - D4D887351CED094C00DC7583 /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = D4D887141CED081600DC7583 /* Invalid-www.maestre.com-diginotal.extended.validation.crt */; }; - D4D887361CED095600DC7583 /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = D4D887151CED081600DC7583 /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt */; }; - D4D887371CED098500DC7583 /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = D4D887041CED081500DC7583 /* diginotar-public-ca-2025-Cert.crt */; }; - D4D887381CED098500DC7583 /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = D4D887051CED081500DC7583 /* diginotar-services-1024-entrust-secure-server-Cert.crt */; }; - D4D887391CED098500DC7583 /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = D4D887061CED081500DC7583 /* diginotar-services-diginotar-root-Cert.crt */; }; - D4D8873A1CED098500DC7583 /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = D4D887071CED081500DC7583 /* diginotar.cyberca-gte.global.root-Cert.crt */; }; - D4D8873B1CED098500DC7583 /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = D4D887081CED081500DC7583 /* diginotar.extended.validation-diginotar.root.ca-Cert.crt */; }; - D4D8873C1CED099F00DC7583 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = D4D8870D1CED081600DC7583 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt */; }; - D4D8873D1CED099F00DC7583 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = D4D8870E1CED081600DC7583 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt */; }; - D4D8873E1CED099F00DC7583 /* Invalid-diginotarpkioverheidcaoverheid.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = D4D8870F1CED081600DC7583 /* Invalid-diginotarpkioverheidcaoverheid.crt */; }; - D4D8873F1CED099F00DC7583 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = D4D887101CED081600DC7583 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt */; }; - D4D887401CED09B300DC7583 /* staatdernederlandenorganisatieca-g2-Cert.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = D4D887181CED081700DC7583 /* staatdernederlandenorganisatieca-g2-Cert.crt */; }; - D4D887411CED09B300DC7583 /* staatdernederlandenoverheidca-Cert.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = D4D887191CED081700DC7583 /* staatdernederlandenoverheidca-Cert.crt */; }; - D4D887421CED09BD00DC7583 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = D4D887161CED081700DC7583 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt */; }; - D4D887431CED09C500DC7583 /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = D4D887121CED081600DC7583 /* Invalid-webmail.portofamsterdam.nl.crt */; }; - D4D887441CED09DA00DC7583 /* Expectations.plist in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = D4D8870B1CED081500DC7583 /* Expectations.plist */; }; - D4D887451CED09F600DC7583 /* DigiNotar_Root_CA_G2-RootCertificate.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = D4D887031CED081500DC7583 /* DigiNotar_Root_CA_G2-RootCertificate.crt */; }; - D4D887461CED09F600DC7583 /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = D4D887041CED081500DC7583 /* diginotar-public-ca-2025-Cert.crt */; }; - D4D887471CED09F600DC7583 /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = D4D887051CED081500DC7583 /* diginotar-services-1024-entrust-secure-server-Cert.crt */; }; - D4D887481CED09F600DC7583 /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = D4D887061CED081500DC7583 /* diginotar-services-diginotar-root-Cert.crt */; }; - D4D887491CED09F600DC7583 /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = D4D887071CED081500DC7583 /* diginotar.cyberca-gte.global.root-Cert.crt */; }; - D4D8874A1CED09F600DC7583 /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = D4D887081CED081500DC7583 /* diginotar.extended.validation-diginotar.root.ca-Cert.crt */; }; - D4D8874B1CED09F600DC7583 /* DigiNotarCA2007RootCertificate.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = D4D8870A1CED081500DC7583 /* DigiNotarCA2007RootCertificate.crt */; }; - D4D8874C1CED09FF00DC7583 /* Invalid-asterisk.google.com.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = D4D8870C1CED081600DC7583 /* Invalid-asterisk.google.com.crt */; }; - D4D8874D1CED0A0600DC7583 /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = D4D887111CED081600DC7583 /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt */; }; - D4D8874E1CED0A0F00DC7583 /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = D4D887131CED081600DC7583 /* Invalid-webmail.terneuzen.nl-diginotar-services.crt */; }; - D4D8874F1CED0A2A00DC7583 /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = D4D887141CED081600DC7583 /* Invalid-www.maestre.com-diginotal.extended.validation.crt */; }; - D4D887501CED0A3400DC7583 /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = D4D887151CED081600DC7583 /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt */; }; - D4D887511CED0A4400DC7583 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = D4D8870D1CED081600DC7583 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt */; }; - D4D887521CED0A4B00DC7583 /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = D4D887121CED081600DC7583 /* Invalid-webmail.portofamsterdam.nl.crt */; }; - D4D9B9FE1C7E5CCA008785EB /* SecServerEncryptionSupport.h in Headers */ = {isa = PBXBuildFile; fileRef = D4D9B9FD1C7E5CCA008785EB /* SecServerEncryptionSupport.h */; settings = {ATTRIBUTES = (Private, ); }; }; - D4DDD3D01BE3EC0300E8AE2D /* libDiagnosticMessagesClient.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = D4DDD3A71BE3EB4200E8AE2D /* libDiagnosticMessagesClient.dylib */; }; - D4DDD9671CA2F2A700AA03AE /* libbsm.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = D4DDD9661CA2F2A700AA03AE /* libbsm.dylib */; }; - D4DDD9961CA320FE00AA03AE /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 1807384B146D0D4E00F05C24 /* Security.framework */; }; - D4DDD9971CA3216C00AA03AE /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 1807384B146D0D4E00F05C24 /* Security.framework */; }; - D4EC94D61CEA48000083E753 /* si-20-sectrust-policies-data in Resources */ = {isa = PBXBuildFile; fileRef = D4EC94D51CEA48000083E753 /* si-20-sectrust-policies-data */; }; - DC247FB51CBF1C2500527D67 /* libDER.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270F1214CF43C000B05E7F /* libDER.a */; }; - DC247FD81CBF1C3F00527D67 /* libDER.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270F1214CF43C000B05E7F /* libDER.a */; }; - DC311CC81CCEC82E00E14E8D /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C12894015FFECF3008CE3E3 /* libutilities.a */; }; - DC7EFBAB1CBC46A7005F9624 /* SecurityFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC7EFBAA1CBC46A7005F9624 /* SecurityFoundation.framework */; }; - DC7EFC0E1CBC7567005F9624 /* SecurityFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC7EFBAA1CBC46A7005F9624 /* SecurityFoundation.framework */; }; - DCA28DF71D629C6D00201446 /* libsqlite3.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DCA28DF61D629C6D00201446 /* libsqlite3.dylib */; }; - DCA28E1C1D629C7C00201446 /* AppleSystemInfo.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C5DD46B17A5F67300696A79 /* AppleSystemInfo.framework */; }; - E74583F51BF66506001B54A4 /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 18270EFD14CF429600B05E7F /* IOKit.framework */; }; - E76079D61951FDAF00F69731 /* liblogging.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E76079D51951FDA800F69731 /* liblogging.a */; }; - E778BFBC17176DDE00302C14 /* security.exp-in in Sources */ = {isa = PBXBuildFile; fileRef = 182BB562146F4C73000BF1F3 /* security.exp-in */; }; - EB22F3F918A26BCA0016A8EC /* SecBreadcrumb.c in Sources */ = {isa = PBXBuildFile; fileRef = EB22F3F718A26BA50016A8EC /* SecBreadcrumb.c */; }; - EB22F3FA18A26BCE0016A8EC /* SecBreadcrumb.h in Headers */ = {isa = PBXBuildFile; fileRef = EB22F3F818A26BA50016A8EC /* SecBreadcrumb.h */; settings = {ATTRIBUTES = (Private, ); }; }; - EB22F3FB18A26BE40016A8EC /* bc-10-knife-on-bread.m in Sources */ = {isa = PBXBuildFile; fileRef = EB22F3F518A26BA50016A8EC /* bc-10-knife-on-bread.m */; }; - EB5D733B1B0CB0FF009CAA47 /* SOSPeerInfo.h in Old SOS header location */ = {isa = PBXBuildFile; fileRef = 4CB86AED167A6FF300F46643 /* SOSPeerInfo.h */; }; - EB5D733C1B0CB109009CAA47 /* SOSTypes.h in Old SOS header location */ = {isa = PBXBuildFile; fileRef = 52F8DE4B1AF2EB6600A2C271 /* SOSTypes.h */; }; - EB73EFE81C210947008191E3 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD19A65E1A8065E900F9C276 /* Foundation.framework */; }; - EB73EFE91C210947008191E3 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD19A65E1A8065E900F9C276 /* Foundation.framework */; }; - EB73EFEA1C210947008191E3 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD19A65E1A8065E900F9C276 /* Foundation.framework */; }; - EB73EFEB1C210947008191E3 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD19A65E1A8065E900F9C276 /* Foundation.framework */; }; - EB73F0451C210E6F008191E3 /* SecurityFeatures.h in Headers */ = {isa = PBXBuildFile; fileRef = EB73F0441C210DF8008191E3 /* SecurityFeatures.h */; settings = {ATTRIBUTES = (Public, ); }; }; - EBB6970B1BE2091300715F16 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD19A65E1A8065E900F9C276 /* Foundation.framework */; }; - EBB6970F1BE209D400715F16 /* secbackupntest.m in Sources */ = {isa = PBXBuildFile; fileRef = EBB696FF1BE208CB00715F16 /* secbackupntest.m */; }; - EBB697101BE20A1200715F16 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 1807384B146D0D4E00F05C24 /* Security.framework */; }; - F93C493E1AB8FF670047E01A /* ckcdiagnose.sh in CopyFiles */ = {isa = PBXBuildFile; fileRef = F93C493D1AB8FF670047E01A /* ckcdiagnose.sh */; settings = {ATTRIBUTES = (CodeSignOnCopy, ); }; }; -/* End PBXBuildFile section */ - -/* Begin PBXBuildRule section */ - E778BFB91717461800302C14 /* PBXBuildRule */ = { - isa = PBXBuildRule; - compilerSpec = com.apple.compilers.proxy.script; - filePatterns = "*.exp-in"; - fileType = pattern.proxy; - isEditable = 1; - outputFiles = ( - "$(BUILT_PRODUCTS_DIR)/$(TARGETNAME).$(CURRENT_ARCH).exp", - ); - script = "#!/bin/sh\n\nfor file in ${HEADER_SEARCH_PATHS[@]} ; do\nHEADER_SEARCH_OPTIONS=\"${HEADER_SEARCH_OPTIONS} -I${file}\"\ndone\n\nxcrun clang -E -Xpreprocessor -P -x c -arch ${CURRENT_ARCH} ${HEADER_SEARCH_OPTIONS} ${INPUT_FILE_PATH} -o ${BUILT_PRODUCTS_DIR}/${TARGETNAME}.${CURRENT_ARCH}.exp\n"; - }; -/* End PBXBuildRule section */ - -/* Begin PBXContainerItemProxy section */ - 0C4EAE711766865000773425 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 0C0BDB5F175687EC00BC1A7E; - remoteInfo = libsecdRegressions; - }; - 0C4EAE7817668DFF00773425 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 0C0BDB55175687EC00BC1A7E; - remoteInfo = libsecdRegressions; - }; - 0C6C632D15D19D2900BC68CD /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B71F146DE839007E536C /* libsecurity_ssl.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 0CCA415815C89E8B002AEC4C; - remoteInfo = libsecurity_ssl_regressions; - }; - 0C6D77CE15C8B66000BB4405 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B71F146DE839007E536C /* libsecurity_ssl.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 0CCA415915C89E8B002AEC4C; - remoteInfo = libsecurity_ssl_regressions; - }; - 0C6D77D015C8B66000BB4405 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B71F146DE839007E536C /* libsecurity_ssl.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 0CCA42C915C8A387002AEC4C; - remoteInfo = dtlsEchoClient; - }; - 0C6D77D215C8B66000BB4405 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B71F146DE839007E536C /* libsecurity_ssl.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 0CCA42D715C8A395002AEC4C; - remoteInfo = dtlsEchoServer; - }; - 0CBD50B216C325F000713B6C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B6A0146DE79F007E536C /* libsecurity_keychain.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 0CBD509716C3242200713B6C; - remoteInfo = libsecurity_keychain_regressions; - }; - 0CBD50C616C3260D00713B6C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B6A0146DE79F007E536C /* libsecurity_keychain.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 0CBD500016C3242200713B6C; - remoteInfo = libsecurity_keychain_regressions; - }; - 0CC3350916C1ED8000399E53 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E702E73514E1F3EA00CDE635; - remoteInfo = libSecureObjectSync; - }; - 0CC3350B16C1ED8000399E53 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4C12893715FFECF3008CE3E3 /* utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = utilities; - }; - 0CC3350D16C1ED8000399E53 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E702E75714E1F48800CDE635; - remoteInfo = libSOSRegressions; - }; - 0CC3351116C1ED8000399E53 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 18D4043414CE0CF300A2BE4E; - remoteInfo = libsecurity; - }; - 0CC3351316C1ED8000399E53 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 18270F5414CF651900B05E7F; - remoteInfo = libsecipc_client; - }; - 0CC3351516C1ED8000399E53 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 186CDD0E14CA116C00AF9171; - remoteInfo = libSecItemShimOSX; - }; - 0CC3355F16C1EF5D00399E53 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 0CC3355B16C1EF5D00399E53 /* regressions.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = E710C6FE133192E900F85568; - remoteInfo = regressions; - }; - 0CC3356116C1EF8B00399E53 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 0CC3355B16C1EF5D00399E53 /* regressions.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E710C6FD133192E900F85568; - remoteInfo = regressions; - }; - 0CCEBDB216C2CFD4001BD7F6 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 0CC3355B16C1EF5D00399E53 /* regressions.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E710C6FD133192E900F85568; - remoteInfo = regressions; - }; - 0CCEBDB916C303D8001BD7F6 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 0CC3350716C1ED8000399E53; - remoteInfo = secdtests; - }; - 0CCEBDBC16C30948001BD7F6 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4C12893715FFECF3008CE3E3 /* utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E7E0D8E8158FA9A3002CA176; - remoteInfo = utilitiesRegressions; - }; - 0CFC55E215DDB86500BEC89E /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 0C6C630A15D193C800BC68CD; - remoteInfo = sectests; - }; - 18270C7C14CE573D00B05E7F /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 18D4056214CE53C200A2BE4E; - remoteInfo = securityd; - }; - 18270EE014CF28D000B05E7F /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 18D4043414CE0CF300A2BE4E; - remoteInfo = libsecurity; - }; - 18270EE214CF28D900B05E7F /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 18D4056114CE53C200A2BE4E; - remoteInfo = libsecurityd; - }; - 18270F1114CF43C000B05E7F /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18270F0814CF43C000B05E7F /* libDER.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 053BA314091C00BF00A7007A; - remoteInfo = libDER; - }; - 18270F1314CF43C000B05E7F /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18270F0814CF43C000B05E7F /* libDER.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 053BA445091FE58C00A7007A; - remoteInfo = parseCert; - }; - 18270F1514CF43C000B05E7F /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18270F0814CF43C000B05E7F /* libDER.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 053BA46B091FE63E00A7007A; - remoteInfo = libDERUtils; - }; - 18270F1714CF43C000B05E7F /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18270F0814CF43C000B05E7F /* libDER.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 058F16540925135E009FA1C5; - remoteInfo = parseCrl; - }; - 18270F1914CF43C000B05E7F /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18270F0814CF43C000B05E7F /* libDER.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4C96C8CE113F4132005483E8; - remoteInfo = parseTicket; - }; - 18270F5C14CF655B00B05E7F /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 18270F5414CF651900B05E7F; - remoteInfo = libsecipc_client; - }; - 18270F5F14CF655B00B05E7F /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 18270F5514CF651900B05E7F; - remoteInfo = libsecipc_client; - }; - 182BB22B146F07DD000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B6A0146DE79F007E536C /* libsecurity_keychain.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4C5719C712FB5E9E00B31F85; - remoteInfo = XPCKeychainSandboxCheck; - }; - 182BB3EB146F2448000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B5F0146DE6FD007E536C /* libsecurity_apple_x509_tp.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_apple_x509_tp; - }; - 182BB3ED146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B6EC146DE7EE007E536C /* libsecurity_pkcs12.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 0592AC8B0415523C00003D05; - remoteInfo = libsecurity_pkcs12; - }; - 182BB3EF146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B72B146DE844007E536C /* libsecurity_transform.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_transform; - }; - 182BB3F1146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B6DF146DE7E7007E536C /* libsecurity_ocspd.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_ocspd; - }; - 182BB3F3146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B66D146DE75D007E536C /* libsecurity_comcryption.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 7264321D00A8AD0A7F000001; - remoteInfo = libsecurity_comcryption; - }; - 182BB3F5146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B637146DE748007E536C /* libsecurity_checkpw.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_checkpw; - }; - 182BB3F7146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B71F146DE839007E536C /* libsecurity_ssl.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_ssl; - }; - 182BB3FB146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B5C9146DE6CE007E536C /* libsecurity_apple_cspdl.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_apple_cspdl; - }; - 182BB3FD146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B6F8146DE7F7007E536C /* libsecurity_sd_cspdl.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_sd_cspdl; - }; - 182BB3FF146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B6C7146DE7D7007E536C /* libsecurity_manifest.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = D6C8AFAD05DD2430003DB724; - remoteInfo = libsecurity_manifest; - }; - 182BB401146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B712146DE825007E536C /* libsecurity_smime.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4C2741ED03E9FBF700A80181; - remoteInfo = libsecurity_smime; - }; - 182BB403146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B64B146DE750007E536C /* libsecurity_cms.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_cms; - }; - 182BB405146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B5BC146DE6C8007E536C /* libsecurity_apple_csp.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_apple_csp; - }; - 182BB407146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B5E1146DE6E7007E536C /* libsecurity_apple_x509_cl.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_apple_x509_cl; - }; - 182BB409146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B6A0146DE79F007E536C /* libsecurity_keychain.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_keychain; - }; - 182BB40B146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B5D5146DE6D7007E536C /* libsecurity_apple_file_dl.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_apple_file_dl; - }; - 182BB40D146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B609146DE70A007E536C /* libsecurity_authorization.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_authorization; - }; - 182BB40F146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B550146DE227007E536C /* libsecurity_cdsa_utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA2A5390523D32800978A7B; - remoteInfo = libsecurity_cdsa_utilities; - }; - 182BB411146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B679146DE76E007E536C /* libsecurity_cryptkit.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 7264322800A8AD0A7F000001; - remoteInfo = libsecurity_cryptkit; - }; - 182BB413146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B615146DE715007E536C /* libsecurity_cdsa_client.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_cdsa_client; - }; - 182BB417146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B694146DE797007E536C /* libsecurity_filedb.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_filedb; - }; - 182BB419146F248D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B6D3146DE7E0007E536C /* libsecurity_mds.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_mds; - }; - 182BB4E6146F25AF000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B657146DE756007E536C /* libsecurity_codesigning.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_codesigning; - }; - 182BB587146FE001000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B657146DE756007E536C /* libsecurity_codesigning.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_codesigning; - }; - 182BB58C146FE0FF000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B550146DE227007E536C /* libsecurity_cdsa_utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA2A5390523D32800978A7B; - remoteInfo = libsecurity_cdsa_utilities; - }; - 182BB58E146FE11C000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B532146DDBE5007E536C /* libsecurity_utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA2A5390523D32800978A7B; - remoteInfo = libsecurity_utilities; - }; - 182BB595146FE27F000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 1807384A146D0D4E00F05C24; - remoteInfo = Security; - }; - 18446081146DF52F00B12992 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B621146DE720007E536C /* libsecurity_cdsa_plugin.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_cdsa_plugin; - }; - 184461B0146E9D3300B12992 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 184461A3146E9D3200B12992 /* libsecurityd.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurityd_client; - }; - 184461B4146E9D3300B12992 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 184461A3146E9D3200B12992 /* libsecurityd.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FECD052A44A100F22E42; - remoteInfo = libsecurityd_server; - }; - 184461B8146E9D3300B12992 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 184461A3146E9D3200B12992 /* libsecurityd.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = C2A788730B7AA65B00CFF85C; - remoteInfo = ucspc; - }; - 186CDD1D14CA11C700AF9171 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 186CDD0F14CA116C00AF9171; - remoteInfo = sec; - }; - 186F779014E5A00F00434E1F /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 18270ED514CF282600B05E7F; - remoteInfo = secd; - }; - 186F779214E5A01700434E1F /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 1807384A146D0D4E00F05C24; - remoteInfo = Security; - }; - 186F779414E5A01C00434E1F /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 182BB567146F4DCA000BF1F3; - remoteInfo = csparser; - }; - 186F779614E5A04200434E1F /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 18FE67E91471A3AA00A2CBE3; - remoteInfo = copyHeaders; - }; - 1879B537146DDBE5007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B532146DDBE5007E536C /* libsecurity_utilities.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA2A53A0523D32800978A7B; - remoteInfo = utilities; - }; - 1879B544146DE18D007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B532146DDBE5007E536C /* libsecurity_utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA2A5390523D32800978A7B; - remoteInfo = libsecurity_utilities; - }; - 1879B54E146DE212007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B547146DE212007E536C /* libsecurity_cdsa_utils.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = cdsa_utils; - }; - 1879B559146DE227007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B550146DE227007E536C /* libsecurity_cdsa_utilities.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA2A53A0523D32800978A7B; - remoteInfo = cdsa_utilities; - }; - 1879B55B146DE227007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B550146DE227007E536C /* libsecurity_cdsa_utilities.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CF9C5B90535E557009B9B8D; - remoteInfo = Schemas; - }; - 1879B564146DE244007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B55D146DE244007E536C /* libsecurity_cssm.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = cssm; - }; - 1879B56B146DE2CF007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B547146DE212007E536C /* libsecurity_cdsa_utils.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_cdsa_utils; - }; - 1879B56D146DE2D3007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B55D146DE244007E536C /* libsecurity_cssm.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_cssm; - }; - 1879B5C5146DE6C8007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B5BC146DE6C8007E536C /* libsecurity_apple_csp.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_apple_csp; - }; - 1879B5D1146DE6CE007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B5C9146DE6CE007E536C /* libsecurity_apple_cspdl.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_apple_cspdl; - }; - 1879B5DD146DE6D7007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B5D5146DE6D7007E536C /* libsecurity_apple_file_dl.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_apple_file_dl; - }; - 1879B5EA146DE6E8007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B5E1146DE6E7007E536C /* libsecurity_apple_x509_cl.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CC7C27506127AA100E6CE35; - remoteInfo = libsecurity_apple_x509_cl; - }; - 1879B5EE146DE6E8007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B5E1146DE6E7007E536C /* libsecurity_apple_x509_cl.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = C207F277053B21E600FF85CB; - remoteInfo = plugin_apple_x509_cl; - }; - 1879B5F8146DE6FD007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B5F0146DE6FD007E536C /* libsecurity_apple_x509_tp.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_apple_x509_tp; - }; - 1879B611146DE70A007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B609146DE70A007E536C /* libsecurity_authorization.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_authorization; - }; - 1879B61D146DE715007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B615146DE715007E536C /* libsecurity_cdsa_client.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_cdsa_client; - }; - 1879B62A146DE720007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B621146DE720007E536C /* libsecurity_cdsa_plugin.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_cdsa_plugin; - }; - 1879B643146DE748007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B637146DE748007E536C /* libsecurity_checkpw.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_checkpw; - }; - 1879B647146DE748007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B637146DE748007E536C /* libsecurity_checkpw.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 1CD90B6711011176008DD07F; - remoteInfo = "test-checkpw"; - }; - 1879B649146DE748007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B637146DE748007E536C /* libsecurity_checkpw.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 1C6C402F1121FC0C00031CDE; - remoteInfo = "perf-checkpw"; - }; - 1879B653146DE750007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B64B146DE750007E536C /* libsecurity_cms.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_cms; - }; - 1879B665146DE757007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B657146DE756007E536C /* libsecurity_codesigning.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_codesigning; - }; - 1879B669146DE757007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B657146DE756007E536C /* libsecurity_codesigning.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = C2BC1F260B580D3A003EC9DC; - remoteInfo = libintegrity; - }; - 1879B66B146DE757007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B657146DE756007E536C /* libsecurity_codesigning.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = C2BC1F2F0B580D4B003EC9DC; - remoteInfo = libcodehost; - }; - 1879B675146DE75E007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B66D146DE75D007E536C /* libsecurity_comcryption.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 7264321400A8AD0A7F000001; - remoteInfo = libsecurity_comcryption; - }; - 1879B683146DE76F007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B679146DE76E007E536C /* libsecurity_cryptkit.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 7264321600A8AD0A7F000001; - remoteInfo = libsecurity_cryptkit; - }; - 1879B687146DE76F007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B679146DE76E007E536C /* libsecurity_cryptkit.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 0535DCBE074A944D00805B04; - remoteInfo = libCryptKit; - }; - 1879B689146DE76F007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B679146DE76E007E536C /* libsecurity_cryptkit.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 0536B295074BC91A00F9F1AD; - remoteInfo = CryptKitSignature; - }; - 1879B69C146DE797007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B694146DE797007E536C /* libsecurity_filedb.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_filedb; - }; - 1879B6B2146DE7A0007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B6A0146DE79F007E536C /* libsecurity_keychain.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_keychain; - }; - 1879B6B6146DE7A0007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B6A0146DE79F007E536C /* libsecurity_keychain.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4C5719C812FB5E9E00B31F85; - remoteInfo = XPCKeychainSandboxCheck; - }; - 1879B6CF146DE7D7007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B6C7146DE7D7007E536C /* libsecurity_manifest.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = D6C8AFAE05DD2430003DB724; - remoteInfo = libsecurity_manifest; - }; - 1879B6DB146DE7E0007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B6D3146DE7E0007E536C /* libsecurity_mds.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_mds; - }; - 1879B6E8146DE7E8007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B6DF146DE7E7007E536C /* libsecurity_ocspd.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_ocspd; - }; - 1879B6F4146DE7EF007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B6EC146DE7EE007E536C /* libsecurity_pkcs12.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 0592AC8C0415523C00003D05; - remoteInfo = libsecurity_pkcs12; - }; - 1879B700146DE7F7007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B6F8146DE7F7007E536C /* libsecurity_sd_cspdl.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_sd_cspdl; - }; - 1879B71B146DE825007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B712146DE825007E536C /* libsecurity_smime.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4C817F8405ED4D7A007975E6; - remoteInfo = libsecurity_smime; - }; - 1879B727146DE839007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B71F146DE839007E536C /* libsecurity_ssl.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_ssl; - }; - 1879B738146DE845007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B72B146DE844007E536C /* libsecurity_transform.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_transform; - }; - 1879B73C146DE845007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B72B146DE844007E536C /* libsecurity_transform.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4C738257112DF65200EA003B; - remoteInfo = "unit-tests"; - }; - 1879B73E146DE845007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B72B146DE844007E536C /* libsecurity_transform.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CBCBEB61130A2D700CC18E9; - remoteInfo = "100-sha2"; - }; - 1879B740146DE845007E536C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B72B146DE844007E536C /* libsecurity_transform.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4C010B87121AE8DF0094CB72; - remoteInfo = "input-speed-test"; - }; - 1885B3F814D8D9B100519375 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B5FC146DE704007E536C /* libsecurity_asn1.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 795CA7FF0D38013D00BAE6A2; - remoteInfo = libASN1; - }; - 18AD56A514CDED59008233F2 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 186CDD0E14CA116C00AF9171; - remoteInfo = sec; - }; - 18B9655B1472F83C005A4D2E /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 184461A3146E9D3200B12992 /* libsecurityd.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4C31C2D9055341AA006D00BD; - remoteInfo = world; - }; - 18D4053A14CE2C1600A2BE4E /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 18D4043514CE0CF300A2BE4E; - remoteInfo = security; - }; - 18F235FE15CA100300060520 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 18F234EA15C9F9A600060520; - remoteInfo = security.auth; - }; - 18FE688E1471A4C900A2CBE3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 18FE67E91471A3AA00A2CBE3; - remoteInfo = copyHeaders; - }; - 1F6FC5FF1C3D9D90001C758F /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1F6FC5DF1C3D9D90001C758F /* libsecurity_translocate.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 1FAA71431C10D8E000EAAE3E; - remoteInfo = libsecurity_translocate; - }; - 1FDA9A5E1C4471EC0083929D /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1F6FC5DF1C3D9D90001C758F /* libsecurity_translocate.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 1FAA71421C10D8E000EAAE3E; - remoteInfo = libsecurity_translocate; - }; - 3705CADD1A8971DF00402F75 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 3705CAD11A896DE800402F75; - remoteInfo = SecTaskTest; - }; - 37A7CED9197DBA8700926CE8 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 37A7CEAA197DB8FA00926CE8; - remoteInfo = codesign_tests; - }; - 37AB393F1A44A95500B56E04 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 37AB390E1A44A88000B56E04; - remoteInfo = gk_reset_check; - }; - 4374574D1B2787950051E20E /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4C12893715FFECF3008CE3E3 /* utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = utilities; - }; - 4381B9AB1B28E0F4002BBC79 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4C12893715FFECF3008CE3E3 /* utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = utilities; - }; - 4AD6F6F31651CC2500DB4CE6 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4A5CCA4E15ACEFA500702357; - remoteInfo = libSecOtrOSX; - }; - 4C01DF12164C3E74006798CD /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E702E73514E1F3EA00CDE635; - remoteInfo = libSecureObjectSync; - }; - 4C1288E915FFE9D7008CE3E3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = E702E75614E1F3EA00CDE635; - remoteInfo = libSecureObjectSync; - }; - 4C1288EB15FFE9D7008CE3E3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = E702E77814E1F48800CDE635; - remoteInfo = libSOSRegressions; - }; - 4C1288ED15FFE9D7008CE3E3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4A824B03158FF07000F932C0; - remoteInfo = libSecurityRegressions; - }; - 4C1288EF15FFE9D7008CE3E3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CC92B1415A3BC6B00C6D578; - remoteInfo = libsecuritydRegressions; - }; - 4C1288F115FFE9D7008CE3E3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4A5CCA4F15ACEFA500702357; - remoteInfo = libSecOtrOSX; - }; - 4C12893F15FFECF3008CE3E3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4C12893715FFECF3008CE3E3 /* utilities.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = E742A09C14E343E70052A486; - remoteInfo = utilities; - }; - 4C12894115FFECF3008CE3E3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4C12893715FFECF3008CE3E3 /* utilities.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = E7E0D8F9158FA9A3002CA176; - remoteInfo = utilitiesRegressions; - }; - 4C12894315FFED03008CE3E3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4C12893715FFECF3008CE3E3 /* utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = utilities; - }; - 4C797BC816D83A3100C7B586 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 4C96F7C016D6DF8300D3B39D; - remoteInfo = "Keychain Circle Notification"; - }; - 4C797BF016D83A3800C7B586 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 4CC7A7B216CC2A84003E10C1; - remoteInfo = "Cloud Keychain Utility"; - }; - 4C7D8763160A746E00D041E3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4C12893715FFECF3008CE3E3 /* utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = utilities; - }; - 4C8D864F177A75100019A804 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 18270F5414CF651900B05E7F; - remoteInfo = libsecipc_client; - }; - 4CB23B75169F5873003A0131 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = E71049F2169E023B00DB0045; - remoteInfo = libSecurityTool; - }; - 4CB23B77169F5873003A0131 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = E7104A1D169E216E00DB0045; - remoteInfo = libSecurityCommands; - }; - 4CB23B79169F5873003A0131 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = E7FEFB8C169E363300E18152; - remoteInfo = libSOSCommands; - }; - 4CB23B83169F5961003A0131 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E7FEFB82169E363300E18152; - remoteInfo = libSOSCommands; - }; - 4CB23B85169F5971003A0131 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E7104A12169E216E00DB0045; - remoteInfo = libSecurityCommands; - }; - 4CB23B87169F597D003A0131 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E71049F1169E023B00DB0045; - remoteInfo = libSecurityTool; - }; - 4CB23B8F169F59D8003A0131 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 4CB23B45169F5873003A0131; - remoteInfo = security2; - }; - 5208C0FD16A0D3980062DDC5 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E702E73514E1F3EA00CDE635; - remoteInfo = libSecureObjectSync; - }; - 52B5A8F5151928B400664F11 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B6A0146DE79F007E536C /* libsecurity_keychain.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 52200F8F14F2B88000F7F6E7; - remoteInfo = XPCTimeStampingService; - }; - 5ED88B6F1B0DEF4700F3B047 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 18270F5414CF651900B05E7F; - remoteInfo = libsecipc_client; - }; - 5EE556661B01D9A8006F78F2 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 18D4056114CE53C200A2BE4E; - remoteInfo = libsecurityd; - }; - 5EE556901B01D9F5006F78F2 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 0CC3355B16C1EF5D00399E53 /* regressions.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E710C6FD133192E900F85568; - remoteInfo = regressions; - }; - 5EE556921B01DA24006F78F2 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 18D4043414CE0CF300A2BE4E; - remoteInfo = libsecurity; - }; - 5EE556941B01DA33006F78F2 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E702E73514E1F3EA00CDE635; - remoteInfo = libSecureObjectSync; - }; - 5EE556961B01DA3E006F78F2 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4C12893715FFECF3008CE3E3 /* utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = utilities; - }; - 5EF7C2531B00EEC000E5E99C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 5EF7C2091B00E25400E5E99C; - remoteInfo = secacltests; - }; - 5EFB69C11B0CBFC30095A36E /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 186CDD0E14CA116C00AF9171; - remoteInfo = libSecItemShimOSX; - }; - ACB6171718B5231800EBEDD7 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B712146DE825007E536C /* libsecurity_smime.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = AC62F5F018B4356A00704BBD; - remoteInfo = libsecurity_smime_regressions; - }; - ACB6173E18B5232700EBEDD7 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B712146DE825007E536C /* libsecurity_smime.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = AC62F5EF18B4356A00704BBD; - remoteInfo = libsecurity_smime_regressions; - }; - BE48ADF91ADF1DF4000836C1 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 18270F5414CF651900B05E7F; - remoteInfo = libsecipc_client; - }; - BE48ADFD1ADF1DF4000836C1 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4C12893715FFECF3008CE3E3 /* utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = utilities; - }; - BE48AE281ADF204E000836C1 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = BE48ADF71ADF1DF4000836C1; - remoteInfo = trustd; - }; - BE8D22941ABB747A009A4E18 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = BE8D227F1ABB7199009A4E18; - remoteInfo = libSecTrustOSX; - }; - BE8D22BB1ABB747B009A4E18 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = BE8D228E1ABB7199009A4E18; - remoteInfo = libSecTrustOSX; - }; - C2432A0715C7112A0096DB5B /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B657146DE756007E536C /* libsecurity_codesigning.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = C209696015BF52040093035F; - remoteInfo = gkunpack; - }; - C2432A2415C726B50096DB5B /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B657146DE756007E536C /* libsecurity_codesigning.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = C209695F15BF52040093035F; - remoteInfo = gkunpack; - }; - D40772171C9B52210016AA66 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = D40771B81C9B4D200016AA66; - remoteInfo = libSharedRegressions; - }; - D42FA8361C9B8F77003E46A7 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B64B146DE750007E536C /* libsecurity_cms.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = D4C3345B1BE2A2B100D8C1EF; - remoteInfo = libsecurity_cms_regressions; - }; - D42FA8381C9B8F7D003E46A7 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 0CC3355B16C1EF5D00399E53 /* regressions.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E710C6FD133192E900F85568; - remoteInfo = regressions; - }; - D42FA83A1C9B8F94003E46A7 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B6A0146DE79F007E536C /* libsecurity_keychain.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 0CBD500016C3242200713B6C; - remoteInfo = libsecurity_keychain_regressions; - }; - D42FA83C1C9B8F94003E46A7 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B71F146DE839007E536C /* libsecurity_ssl.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 0CCA415815C89E8B002AEC4C; - remoteInfo = libsecurity_ssl_regressions; - }; - D42FA83E1C9B8F94003E46A7 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B712146DE825007E536C /* libsecurity_smime.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = AC62F5EF18B4356A00704BBD; - remoteInfo = libsecurity_smime_regressions; - }; - D42FA8401C9B8FA7003E46A7 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = D40771B71C9B4D200016AA66; - remoteInfo = libSharedRegressions; - }; - D42FA8421C9B8FD0003E46A7 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4C12893715FFECF3008CE3E3 /* utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = utilities; - }; - D45FC3E21C9E069000509CDA /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 18D4056114CE53C200A2BE4E; - remoteInfo = libsecurityd; - }; - D45FC3E51C9E06BD00509CDA /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E702E73514E1F3EA00CDE635; - remoteInfo = libSecureObjectSync; - }; - D466FA761CA0C2A500433142 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = D42FA8231C9B8D3C003E46A7; - remoteInfo = SecurityTestsOSX; - }; - D46B08011C8FBE6A00B5939A /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18270F0814CF43C000B05E7F /* libDER.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = D46B07A51C8FB22900B5939A; - remoteInfo = libDERInstall; - }; - D46B08A71C8FD8D900B5939A /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B5FC146DE704007E536C /* libsecurity_asn1.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = D46B08791C8FCA5000B5939A; - remoteInfo = libASN1Install; - }; - D4A2FC7D1BC89D5200BF6E56 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B6A0146DE79F007E536C /* libsecurity_keychain.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 52200F8714F2B87F00F7F6E7; - remoteInfo = XPCTimeStampingService; - }; - D4CBC1191BE981DE00C5795E /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B64B146DE750007E536C /* libsecurity_cms.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = D4C3345B1BE2A2B100D8C1EF; - remoteInfo = libsecurity_cms_regressions; - }; - D4CBC1271BE981DE00C5795E /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B64B146DE750007E536C /* libsecurity_cms.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = D4C3345C1BE2A2B100D8C1EF; - remoteInfo = libsecurity_cms_regressions; - }; - DC311CC61CCEC81D00E14E8D /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4C12893715FFECF3008CE3E3 /* utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = utilities; - }; - DC872EE91CC983EE0076C0E7 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18270F0814CF43C000B05E7F /* libDER.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 053BA313091C00BF00A7007A; - remoteInfo = libDER; - }; - DC872F141CC983F70076C0E7 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18270F0814CF43C000B05E7F /* libDER.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 053BA313091C00BF00A7007A; - remoteInfo = libDER; - }; - E760796E1951F99600F69731 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = BEF9640618B4171200813FA3; - remoteInfo = libSWCAgent; - }; - E76079D41951FDA800F69731 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = E76079D21951FD2800F69731; - remoteInfo = liblogging; - }; - E76079F91951FDF600F69731 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E76079971951FD2800F69731; - remoteInfo = liblogging; - }; - EB2E1F57166D6B3700A7EF61 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B657146DE756007E536C /* libsecurity_codesigning.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = EB2E1F05166D69B800A7EF61; - remoteInfo = CodeSigningHelper; - }; - EBB6970D1BE2095F00715F16 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = EBB697031BE208FC00715F16; - remoteInfo = secbackupntest; - }; - EBB9FFDF1682E71F00FF9774 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B657146DE756007E536C /* libsecurity_codesigning.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = EBB9FF6E1682E51300FF9774; - remoteInfo = CodeSigningHelper; - }; - EBE012001C21368400CB6A63 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = EBE011D31C21357200CB6A63; - remoteInfo = SecurityFeature; - }; - F94E7A961ACC8CC200F23132 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18073841146D0D4E00F05C24 /* Project object */; - proxyType = 1; - remoteGlobalIDString = F93C49311AB8FD350047E01A; - remoteInfo = ckcdiagnose.sh; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXCopyFilesBuildPhase section */ - 0C6D003C177B545D0095D167 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /System/Library/Preferences/Logging/Subsystems; - dstSubfolderSpec = 0; - files = ( - 486326331CAA0C6500A466D9 /* com.apple.securityd.plist in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; - }; - 187D6B9615D4381C00E27494 /* Copy authorization.plist */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = "$(SYSTEM_LIBRARY_DIR)/Security"; - dstSubfolderSpec = 0; - files = ( - 187D6B9715D438AD00E27494 /* authorization.plist in Copy authorization.plist */, - ); - name = "Copy authorization.plist"; - runOnlyForDeploymentPostprocessing = 1; - }; - 18BEB19914CF7F0B00C8BD36 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /System/Library/LaunchAgents; - dstSubfolderSpec = 0; - files = ( - 18BEB19A14CF7F8100C8BD36 /* com.apple.secd.plist in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; - }; - 18CFEE8815DEE2BA00E3F2A3 /* Copy sandbox profile */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = "$(SYSTEM_LIBRARY_DIR)/Sandbox/Profiles"; - dstSubfolderSpec = 0; - files = ( - 18CFEE8915DEE2C600E3F2A3 /* com.apple.authd.sb in Copy sandbox profile */, - ); - name = "Copy sandbox profile"; - runOnlyForDeploymentPostprocessing = 1; - }; - 18D6803A16B768DE00DF6D2E /* Copy asl module */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /private/etc/asl; - dstSubfolderSpec = 0; - files = ( - 18D6803B16B768F700DF6D2E /* com.apple.authd in Copy asl module */, - ); - name = "Copy asl module"; - runOnlyForDeploymentPostprocessing = 1; - }; - 3705CAD01A896DE800402F75 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = /usr/share/man/man1/; - dstSubfolderSpec = 0; - files = ( - ); - runOnlyForDeploymentPostprocessing = 1; - }; - 37A7CEDC197DCECD00926CE8 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /AppleInternal/CoreOS/codesign_tests; - dstSubfolderSpec = 0; - files = ( - 375370891A8A981E0026B912 /* LocalCaspianTestRun.sh in CopyFiles */, - 37CD05031A8A88320053CCD0 /* CaspianTests in CopyFiles */, - 371AB2F21A04052E00A08CF2 /* teamid.sh in CopyFiles */, - 37A7CEDD197DCEE500926CE8 /* validation.sh in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; - }; - 43A599151B0CFC8200D14A7B /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = en.lproj; - dstSubfolderSpec = 7; - files = ( - 43A599161B0CFCAB00D14A7B /* CloudKeychain.strings in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4A5C178F161A9DE000ABF784 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /usr/local/include; - dstSubfolderSpec = 0; - files = ( - 4A5C1790161A9DFB00ABF784 /* authd_private.h in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; - }; - 4C49390E16E51ED100CE110C /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /System/Library/LaunchAgents; - dstSubfolderSpec = 0; - files = ( - 4C49390F16E51FC700CE110C /* com.apple.security.keychain-circle-notification.plist in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; - }; - 4CB23B44169F5873003A0131 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = /usr/local/share/man/man1; - dstSubfolderSpec = 0; - files = ( - 4CB23B4C169F5873003A0131 /* security2.1 in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; - }; - 4CB86AE4167A6F3D00F46643 /* Copy SecureObjectSync Headers */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = PrivateHeaders/SecureObjectSync; - dstSubfolderSpec = 1; - files = ( - 52F8DE4C1AF2EB6600A2C271 /* SOSTypes.h in Copy SecureObjectSync Headers */, - 52F8DE211AF2E57300A2C271 /* SOSBackupSliceKeyBag.h in Copy SecureObjectSync Headers */, - 4CB86AF1167A6FF300F46643 /* SOSCloudCircle.h in Copy SecureObjectSync Headers */, - 48FDA8771AF98A3600A9366F /* SOSCloudCircleInternal.h in Copy SecureObjectSync Headers */, - 4CB86AF7167A6FF300F46643 /* SOSPeerInfo.h in Copy SecureObjectSync Headers */, - 52F8DDFA1AF2E56700A2C271 /* SOSViews.h in Copy SecureObjectSync Headers */, - ); - name = "Copy SecureObjectSync Headers"; - runOnlyForDeploymentPostprocessing = 1; - }; - BE48AE191ADF1DF4000836C1 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /System/Library/LaunchAgents; - dstSubfolderSpec = 0; - files = ( - BE48AE251ADF1FD3000836C1 /* com.apple.trustd.agent.plist in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; - }; - BE48AE1B1ADF1DF4000836C1 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /System/Library/LaunchDaemons; - dstSubfolderSpec = 0; - files = ( - BE48AE271ADF2016000836C1 /* com.apple.trustd.plist in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; - }; - BE5976DD1AD73BE50066DECE /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /System/Library/LaunchDaemons; - dstSubfolderSpec = 0; - files = ( - ); - runOnlyForDeploymentPostprocessing = 1; - }; - D4D886F61CED070600DC7583 /* Copy DigiNotar Resources */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = DigiNotar; - dstSubfolderSpec = 7; - files = ( - D4D887431CED09C500DC7583 /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar Resources */, - D4D887421CED09BD00DC7583 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt in Copy DigiNotar Resources */, - D4D887401CED09B300DC7583 /* staatdernederlandenorganisatieca-g2-Cert.crt in Copy DigiNotar Resources */, - D4D887411CED09B300DC7583 /* staatdernederlandenoverheidca-Cert.crt in Copy DigiNotar Resources */, - D4D8873C1CED099F00DC7583 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar Resources */, - D4D8873D1CED099F00DC7583 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt in Copy DigiNotar Resources */, - D4D8873E1CED099F00DC7583 /* Invalid-diginotarpkioverheidcaoverheid.crt in Copy DigiNotar Resources */, - D4D8873F1CED099F00DC7583 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt in Copy DigiNotar Resources */, - D4D887371CED098500DC7583 /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar Resources */, - D4D887381CED098500DC7583 /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar Resources */, - D4D887391CED098500DC7583 /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar Resources */, - D4D8873A1CED098500DC7583 /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar Resources */, - D4D8873B1CED098500DC7583 /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar Resources */, - D4D887361CED095600DC7583 /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar Resources */, - D4D887351CED094C00DC7583 /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar Resources */, - D4D887341CED094200DC7583 /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar Resources */, - D4D887331CED093A00DC7583 /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar Resources */, - D4D887321CED093200DC7583 /* Invalid-asterisk.google.com.crt in Copy DigiNotar Resources */, - ); - name = "Copy DigiNotar Resources"; - runOnlyForDeploymentPostprocessing = 0; - }; - D4D886F71CED070800DC7583 /* Copy DigiNotar-Entrust Resources */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = "DigiNotar-Entrust"; - dstSubfolderSpec = 7; - files = ( - D4D8871B1CED081700DC7583 /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar-Entrust Resources */, - D4D8871C1CED081700DC7583 /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar-Entrust Resources */, - D4D8871D1CED081700DC7583 /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar-Entrust Resources */, - D4D8871E1CED081700DC7583 /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar-Entrust Resources */, - D4D8871F1CED081700DC7583 /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar-Entrust Resources */, - D4D887201CED081700DC7583 /* diginotar.root.ca-entrust-secure-server-Cert.crt in Copy DigiNotar-Entrust Resources */, - D4D887231CED081700DC7583 /* Invalid-asterisk.google.com.crt in Copy DigiNotar-Entrust Resources */, - D4D887241CED081700DC7583 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar-Entrust Resources */, - D4D887251CED081700DC7583 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt in Copy DigiNotar-Entrust Resources */, - D4D887261CED081700DC7583 /* Invalid-diginotarpkioverheidcaoverheid.crt in Copy DigiNotar-Entrust Resources */, - D4D887271CED081700DC7583 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt in Copy DigiNotar-Entrust Resources */, - D4D887281CED081700DC7583 /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar-Entrust Resources */, - D4D887291CED081700DC7583 /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar-Entrust Resources */, - D4D8872A1CED081700DC7583 /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar-Entrust Resources */, - D4D8872B1CED081700DC7583 /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar-Entrust Resources */, - D4D8872C1CED081700DC7583 /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar-Entrust Resources */, - D4D8872D1CED081700DC7583 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt in Copy DigiNotar-Entrust Resources */, - D4D8872F1CED081700DC7583 /* staatdernederlandenorganisatieca-g2-Cert.crt in Copy DigiNotar-Entrust Resources */, - D4D887301CED081700DC7583 /* staatdernederlandenoverheidca-Cert.crt in Copy DigiNotar-Entrust Resources */, - ); - name = "Copy DigiNotar-Entrust Resources"; - runOnlyForDeploymentPostprocessing = 0; - }; - D4D886F81CED070A00DC7583 /* Copy DigiNotar-ok Resources */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = "DigiNotar-ok"; - dstSubfolderSpec = 7; - files = ( - D4D887521CED0A4B00DC7583 /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar-ok Resources */, - D4D887511CED0A4400DC7583 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar-ok Resources */, - D4D887501CED0A3400DC7583 /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar-ok Resources */, - D4D8874F1CED0A2A00DC7583 /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar-ok Resources */, - D4D8874E1CED0A0F00DC7583 /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar-ok Resources */, - D4D8874D1CED0A0600DC7583 /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar-ok Resources */, - D4D8874C1CED09FF00DC7583 /* Invalid-asterisk.google.com.crt in Copy DigiNotar-ok Resources */, - D4D887451CED09F600DC7583 /* DigiNotar_Root_CA_G2-RootCertificate.crt in Copy DigiNotar-ok Resources */, - D4D887461CED09F600DC7583 /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar-ok Resources */, - D4D887471CED09F600DC7583 /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar-ok Resources */, - D4D887481CED09F600DC7583 /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar-ok Resources */, - D4D887491CED09F600DC7583 /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar-ok Resources */, - D4D8874A1CED09F600DC7583 /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar-ok Resources */, - D4D8874B1CED09F600DC7583 /* DigiNotarCA2007RootCertificate.crt in Copy DigiNotar-ok Resources */, - D4D887441CED09DA00DC7583 /* Expectations.plist in Copy DigiNotar-ok Resources */, - ); - name = "Copy DigiNotar-ok Resources"; - runOnlyForDeploymentPostprocessing = 0; - }; - D4D886F91CED070C00DC7583 /* Copy DigicertMalaysia Resources */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = DigicertMalaysia; - dstSubfolderSpec = 7; - files = ( - D4D886FE1CED07B400DC7583 /* Digisign-Server-ID-Enrich-Entrust-Cert.crt in Copy DigicertMalaysia Resources */, - D4D886FF1CED07B400DC7583 /* Digisign-Server-ID-Enrich-GTETrust-Cert.crt in Copy DigicertMalaysia Resources */, - D4D887001CED07B400DC7583 /* Invalid-webmail.jaring.my.crt in Copy DigicertMalaysia Resources */, - D4D887011CED07B400DC7583 /* Invalid-www.cybersecurity.my.crt in Copy DigicertMalaysia Resources */, - ); - name = "Copy DigicertMalaysia Resources"; - runOnlyForDeploymentPostprocessing = 0; - }; - EB5D73121B0CB0E0009CAA47 /* Old SOS header location */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /usr/local/include; - dstSubfolderSpec = 0; - files = ( - EB5D733C1B0CB109009CAA47 /* SOSTypes.h in Old SOS header location */, - EB5D733B1B0CB0FF009CAA47 /* SOSPeerInfo.h in Old SOS header location */, - ); - name = "Old SOS header location"; - runOnlyForDeploymentPostprocessing = 1; - }; - EBB697021BE208FC00715F16 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = /usr/share/man/man1/; - dstSubfolderSpec = 0; - files = ( - ); - runOnlyForDeploymentPostprocessing = 1; - }; - F93C49351AB8FD3B0047E01A /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /usr/local/sbin; - dstSubfolderSpec = 0; - files = ( - F93C493E1AB8FF670047E01A /* ckcdiagnose.sh in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; - }; -/* End PBXCopyFilesBuildPhase section */ - -/* Begin PBXFileReference section */ - 0C03D60317D93E810087643B /* SecDH.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SecDH.h; path = sec/Security/SecDH.h; sourceTree = SOURCE_ROOT; }; - 0C0C887C1CCED19E00617D1B /* si-82-sectrust-ct-data */ = {isa = PBXFileReference; lastKnownFileType = folder; name = "si-82-sectrust-ct-data"; path = "../shared_regressions/si-82-sectrust-ct-data"; sourceTree = ""; }; - 0C4F055D15C9E51A00F9DFD5 /* sslTypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sslTypes.h; path = libsecurity_ssl/lib/sslTypes.h; sourceTree = SOURCE_ROOT; }; - 0C6C630B15D193C800BC68CD /* sectests */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = sectests; sourceTree = BUILT_PRODUCTS_DIR; }; - 0C6C630E15D193C800BC68CD /* main.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = main.c; sourceTree = ""; }; - 0C6C632415D1964200BC68CD /* testlist.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = testlist.h; sourceTree = ""; }; - 0C6C632F15D19DE600BC68CD /* test.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = test.xcconfig; sourceTree = ""; }; - 0C6D0064177B54C60095D167 /* com.apple.securityd */ = {isa = PBXFileReference; lastKnownFileType = text; name = com.apple.securityd; path = asl/com.apple.securityd; sourceTree = SOURCE_ROOT; }; - 0C869B691C865E62006A2873 /* CoreCDP.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreCDP.framework; path = System/Library/PrivateFrameworks/CoreCDP.framework; sourceTree = SDKROOT; }; - 0CC2CB0F1B6A04D80074B0F2 /* libDiagnosticMessagesClient.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libDiagnosticMessagesClient.dylib; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.11.Internal.sdk/usr/lib/libDiagnosticMessagesClient.dylib; sourceTree = DEVELOPER_DIR; }; - 0CC3352D16C1ED8000399E53 /* secdtests */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = secdtests; sourceTree = BUILT_PRODUCTS_DIR; }; - 0CC3355716C1EEE700399E53 /* main.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = main.c; path = secdtests/main.c; sourceTree = ""; }; - 0CC3355816C1EEE700399E53 /* testlist.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = testlist.h; path = secdtests/testlist.h; sourceTree = ""; }; - 0CC3355B16C1EF5D00399E53 /* regressions.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = regressions.xcodeproj; path = regressions/regressions.xcodeproj; sourceTree = SOURCE_ROOT; }; - 1807384B146D0D4E00F05C24 /* Security.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Security.framework; sourceTree = BUILT_PRODUCTS_DIR; }; - 18073856146D0D4E00F05C24 /* Info-Security.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "Info-Security.plist"; sourceTree = ""; }; - 181EA422146D4A2A00A6D320 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 181EA423146D4A2A00A6D320 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 181EA424146D4A2A00A6D320 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; wrapsLines = 0; }; - 181EA425146D4A2A00A6D320 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 18270ED614CF282600B05E7F /* secd */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = secd; sourceTree = BUILT_PRODUCTS_DIR; }; - 18270EEC14CF333400B05E7F /* client.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = client.c; sourceTree = ""; }; - 18270EED14CF333400B05E7F /* com.apple.securityd.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = com.apple.securityd.plist; sourceTree = ""; }; - 18270EEE14CF333400B05E7F /* securityd_client.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = securityd_client.h; sourceTree = ""; }; - 18270EEF14CF333400B05E7F /* securityd_ipc_types.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = securityd_ipc_types.h; sourceTree = ""; }; - 18270EF014CF333400B05E7F /* securityd_rep.defs */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.mig; path = securityd_rep.defs; sourceTree = ""; }; - 18270EF114CF333400B05E7F /* securityd_req.defs */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.mig; path = securityd_req.defs; sourceTree = ""; }; - 18270EF214CF333400B05E7F /* securityd_server.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = securityd_server.h; sourceTree = ""; }; - 18270EF314CF333400B05E7F /* server.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = server.c; sourceTree = ""; }; - 18270EFB14CF427800B05E7F /* CFNetwork.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CFNetwork.framework; path = System/Library/Frameworks/CFNetwork.framework; sourceTree = SDKROOT; }; - 18270EFD14CF429600B05E7F /* IOKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = IOKit.framework; path = System/Library/Frameworks/IOKit.framework; sourceTree = SDKROOT; }; - 18270EFF14CF42CA00B05E7F /* libcorecrypto.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libcorecrypto.a; path = /usr/local/lib/libcorecrypto.a; sourceTree = ""; }; - 18270F0814CF43C000B05E7F /* libDER.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libDER.xcodeproj; path = libsecurity_keychain/libDER/libDER.xcodeproj; sourceTree = ""; }; - 182A190F15D09AF0006AB103 /* connection.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = connection.h; sourceTree = ""; }; - 182A191015D09AFF006AB103 /* connection.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = connection.c; sourceTree = ""; }; - 182BB187146EAD4C000BF1F3 /* SecAccess.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecAccess.h; path = libsecurity_keychain/lib/SecAccess.h; sourceTree = SOURCE_ROOT; }; - 182BB188146EAD4C000BF1F3 /* SecACL.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecACL.h; path = libsecurity_keychain/lib/SecACL.h; sourceTree = SOURCE_ROOT; }; - 182BB189146EAD4C000BF1F3 /* SecBase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecBase.h; path = libsecurity_keychain/lib/SecBase.h; sourceTree = SOURCE_ROOT; }; - 182BB18A146EAD4C000BF1F3 /* SecCertificate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCertificate.h; path = libsecurity_keychain/lib/SecCertificate.h; sourceTree = SOURCE_ROOT; }; - 182BB18B146EAD4C000BF1F3 /* SecIdentity.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecIdentity.h; path = libsecurity_keychain/lib/SecIdentity.h; sourceTree = SOURCE_ROOT; }; - 182BB18C146EAD4C000BF1F3 /* SecIdentitySearch.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecIdentitySearch.h; path = libsecurity_keychain/lib/SecIdentitySearch.h; sourceTree = SOURCE_ROOT; }; - 182BB18D146EAD4C000BF1F3 /* SecItem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecItem.h; path = libsecurity_keychain/lib/SecItem.h; sourceTree = SOURCE_ROOT; }; - 182BB18E146EAD4C000BF1F3 /* SecKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecKey.h; path = libsecurity_keychain/lib/SecKey.h; sourceTree = SOURCE_ROOT; }; - 182BB18F146EAD4C000BF1F3 /* SecKeychain.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecKeychain.h; path = libsecurity_keychain/lib/SecKeychain.h; sourceTree = SOURCE_ROOT; }; - 182BB190146EAD4C000BF1F3 /* SecKeychainItem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecKeychainItem.h; path = libsecurity_keychain/lib/SecKeychainItem.h; sourceTree = SOURCE_ROOT; }; - 182BB191146EAD4C000BF1F3 /* SecKeychainSearch.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecKeychainSearch.h; path = libsecurity_keychain/lib/SecKeychainSearch.h; sourceTree = SOURCE_ROOT; }; - 182BB192146EAD4C000BF1F3 /* SecPolicy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecPolicy.h; path = libsecurity_keychain/lib/SecPolicy.h; sourceTree = SOURCE_ROOT; }; - 182BB193146EAD4C000BF1F3 /* SecPolicySearch.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecPolicySearch.h; path = libsecurity_keychain/lib/SecPolicySearch.h; sourceTree = SOURCE_ROOT; }; - 182BB194146EAD4C000BF1F3 /* SecTrust.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTrust.h; path = libsecurity_keychain/lib/SecTrust.h; sourceTree = SOURCE_ROOT; }; - 182BB195146EAD4C000BF1F3 /* SecTrustedApplication.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTrustedApplication.h; path = libsecurity_keychain/lib/SecTrustedApplication.h; sourceTree = SOURCE_ROOT; }; - 182BB196146EAD4C000BF1F3 /* Security.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Security.h; path = libsecurity_keychain/lib/Security.h; sourceTree = SOURCE_ROOT; }; - 182BB197146EAD4C000BF1F3 /* SecImportExport.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecImportExport.h; path = libsecurity_keychain/lib/SecImportExport.h; sourceTree = SOURCE_ROOT; }; - 182BB198146EAD4C000BF1F3 /* SecTrustSettings.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTrustSettings.h; path = libsecurity_keychain/lib/SecTrustSettings.h; sourceTree = SOURCE_ROOT; }; - 182BB199146EAD4C000BF1F3 /* SecCertificateOIDs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCertificateOIDs.h; path = libsecurity_keychain/lib/SecCertificateOIDs.h; sourceTree = SOURCE_ROOT; }; - 182BB19A146EAD4C000BF1F3 /* SecRandom.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecRandom.h; path = libsecurity_keychain/lib/SecRandom.h; sourceTree = SOURCE_ROOT; }; - 182BB1AF146EAD5D000BF1F3 /* SecFDERecoveryAsymmetricCrypto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecFDERecoveryAsymmetricCrypto.h; path = libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.h; sourceTree = SOURCE_ROOT; }; - 182BB1B0146EAD5D000BF1F3 /* SecPassword.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecPassword.h; path = libsecurity_keychain/lib/SecPassword.h; sourceTree = SOURCE_ROOT; }; - 182BB1B2146EAD5D000BF1F3 /* SecAccessPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecAccessPriv.h; path = libsecurity_keychain/lib/SecAccessPriv.h; sourceTree = SOURCE_ROOT; }; - 182BB1B3146EAD5D000BF1F3 /* SecBasePriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecBasePriv.h; path = libsecurity_keychain/lib/SecBasePriv.h; sourceTree = SOURCE_ROOT; }; - 182BB1B4146EAD5D000BF1F3 /* SecCertificateBundle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCertificateBundle.h; path = libsecurity_keychain/lib/SecCertificateBundle.h; sourceTree = SOURCE_ROOT; }; - 182BB1B5146EAD5D000BF1F3 /* SecCertificatePriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCertificatePriv.h; path = libsecurity_keychain/lib/SecCertificatePriv.h; sourceTree = SOURCE_ROOT; }; - 182BB1B6146EAD5D000BF1F3 /* SecCertificateRequest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCertificateRequest.h; path = libsecurity_keychain/lib/SecCertificateRequest.h; sourceTree = SOURCE_ROOT; }; - 182BB1B7146EAD5D000BF1F3 /* SecIdentityPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecIdentityPriv.h; path = libsecurity_keychain/lib/SecIdentityPriv.h; sourceTree = SOURCE_ROOT; }; - 182BB1B8146EAD5D000BF1F3 /* SecKeychainItemPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecKeychainItemPriv.h; path = libsecurity_keychain/lib/SecKeychainItemPriv.h; sourceTree = SOURCE_ROOT; }; - 182BB1B9146EAD5D000BF1F3 /* SecKeychainPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecKeychainPriv.h; path = libsecurity_keychain/lib/SecKeychainPriv.h; sourceTree = SOURCE_ROOT; }; - 182BB1BA146EAD5D000BF1F3 /* SecKeyPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecKeyPriv.h; path = libsecurity_keychain/lib/SecKeyPriv.h; sourceTree = SOURCE_ROOT; }; - 182BB1BB146EAD5D000BF1F3 /* SecPolicyPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecPolicyPriv.h; path = libsecurity_keychain/lib/SecPolicyPriv.h; sourceTree = SOURCE_ROOT; }; - 182BB1BC146EAD5D000BF1F3 /* SecTrustedApplicationPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTrustedApplicationPriv.h; path = libsecurity_keychain/lib/SecTrustedApplicationPriv.h; sourceTree = SOURCE_ROOT; }; - 182BB1BD146EAD5D000BF1F3 /* SecTrustPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTrustPriv.h; path = libsecurity_keychain/lib/SecTrustPriv.h; sourceTree = SOURCE_ROOT; }; - 182BB1C4146EAD5D000BF1F3 /* SecIdentitySearchPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecIdentitySearchPriv.h; path = libsecurity_keychain/lib/SecIdentitySearchPriv.h; sourceTree = SOURCE_ROOT; }; - 182BB1C5146EAD5D000BF1F3 /* SecKeychainSearchPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecKeychainSearchPriv.h; path = libsecurity_keychain/lib/SecKeychainSearchPriv.h; sourceTree = SOURCE_ROOT; }; - 182BB1C6146EAD5D000BF1F3 /* SecTrustSettingsPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTrustSettingsPriv.h; path = libsecurity_keychain/lib/SecTrustSettingsPriv.h; sourceTree = SOURCE_ROOT; }; - 182BB1C8146EAD5D000BF1F3 /* TrustSettingsSchema.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = TrustSettingsSchema.h; path = libsecurity_keychain/lib/TrustSettingsSchema.h; sourceTree = SOURCE_ROOT; }; - 182BB1CA146EAD5D000BF1F3 /* SecItemPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecItemPriv.h; path = libsecurity_keychain/lib/SecItemPriv.h; sourceTree = SOURCE_ROOT; usesTabs = 1; }; - 182BB1CB146EAD5D000BF1F3 /* SecKeychainItemExtendedAttributes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecKeychainItemExtendedAttributes.h; path = libsecurity_keychain/lib/SecKeychainItemExtendedAttributes.h; sourceTree = SOURCE_ROOT; }; - 182BB1CE146EAD5D000BF1F3 /* SecRecoveryPassword.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecRecoveryPassword.h; path = libsecurity_keychain/lib/SecRecoveryPassword.h; sourceTree = SOURCE_ROOT; }; - 182BB1CF146EAD5D000BF1F3 /* SecRandomP.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecRandomP.h; path = libsecurity_keychain/lib/SecRandomP.h; sourceTree = SOURCE_ROOT; }; - 182BB229146F068B000BF1F3 /* iToolsTrustedApps.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = iToolsTrustedApps.plist; path = libsecurity_keychain/plist/iToolsTrustedApps.plist; sourceTree = SOURCE_ROOT; }; - 182BB315146F0E7E000BF1F3 /* SecureDownload.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecureDownload.h; path = libsecurity_manifest/lib/SecureDownload.h; sourceTree = SOURCE_ROOT; }; - 182BB317146F0E94000BF1F3 /* SecManifest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecManifest.h; path = libsecurity_manifest/lib/SecManifest.h; sourceTree = SOURCE_ROOT; }; - 182BB318146F0E94000BF1F3 /* SecureDownloadInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecureDownloadInternal.h; path = libsecurity_manifest/lib/SecureDownloadInternal.h; sourceTree = SOURCE_ROOT; }; - 182BB356146F1198000BF1F3 /* mds.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = mds.h; path = libsecurity_mds/lib/mds.h; sourceTree = SOURCE_ROOT; }; - 182BB357146F1198000BF1F3 /* mds_schema.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = mds_schema.h; path = libsecurity_mds/lib/mds_schema.h; sourceTree = SOURCE_ROOT; }; - 182BB35A146F11A1000BF1F3 /* mdspriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = mdspriv.h; path = libsecurity_mds/lib/mdspriv.h; sourceTree = SOURCE_ROOT; }; - 182BB36E146F13B4000BF1F3 /* CipherSuite.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CipherSuite.h; path = libsecurity_ssl/Security/CipherSuite.h; sourceTree = SOURCE_ROOT; }; - 182BB36F146F13B4000BF1F3 /* SecureTransport.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecureTransport.h; path = libsecurity_ssl/Security/SecureTransport.h; sourceTree = SOURCE_ROOT; }; - 182BB372146F13BB000BF1F3 /* SecureTransportPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecureTransportPriv.h; path = libsecurity_ssl/Security/SecureTransportPriv.h; sourceTree = SOURCE_ROOT; }; - 182BB383146F14D2000BF1F3 /* SecCmsBase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsBase.h; path = libsecurity_smime/lib/SecCmsBase.h; sourceTree = SOURCE_ROOT; }; - 182BB384146F14D2000BF1F3 /* SecCmsContentInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsContentInfo.h; path = libsecurity_smime/lib/SecCmsContentInfo.h; sourceTree = SOURCE_ROOT; }; - 182BB385146F14D2000BF1F3 /* SecCmsDecoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsDecoder.h; path = libsecurity_smime/lib/SecCmsDecoder.h; sourceTree = SOURCE_ROOT; }; - 182BB386146F14D2000BF1F3 /* SecCmsDigestContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsDigestContext.h; path = libsecurity_smime/lib/SecCmsDigestContext.h; sourceTree = SOURCE_ROOT; }; - 182BB387146F14D2000BF1F3 /* SecCmsDigestedData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsDigestedData.h; path = libsecurity_smime/lib/SecCmsDigestedData.h; sourceTree = SOURCE_ROOT; }; - 182BB388146F14D2000BF1F3 /* SecCmsEncoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsEncoder.h; path = libsecurity_smime/lib/SecCmsEncoder.h; sourceTree = SOURCE_ROOT; }; - 182BB389146F14D2000BF1F3 /* SecCmsEncryptedData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsEncryptedData.h; path = libsecurity_smime/lib/SecCmsEncryptedData.h; sourceTree = SOURCE_ROOT; }; - 182BB38A146F14D2000BF1F3 /* SecCmsEnvelopedData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsEnvelopedData.h; path = libsecurity_smime/lib/SecCmsEnvelopedData.h; sourceTree = SOURCE_ROOT; }; - 182BB38B146F14D2000BF1F3 /* SecCmsMessage.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsMessage.h; path = libsecurity_smime/lib/SecCmsMessage.h; sourceTree = SOURCE_ROOT; }; - 182BB38C146F14D2000BF1F3 /* SecCmsRecipientInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsRecipientInfo.h; path = libsecurity_smime/lib/SecCmsRecipientInfo.h; sourceTree = SOURCE_ROOT; }; - 182BB38D146F14D2000BF1F3 /* SecCmsSignedData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsSignedData.h; path = libsecurity_smime/lib/SecCmsSignedData.h; sourceTree = SOURCE_ROOT; }; - 182BB38E146F14D2000BF1F3 /* SecCmsSignerInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsSignerInfo.h; path = libsecurity_smime/lib/SecCmsSignerInfo.h; sourceTree = SOURCE_ROOT; }; - 182BB38F146F14D2000BF1F3 /* SecSMIME.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecSMIME.h; path = libsecurity_smime/lib/SecSMIME.h; sourceTree = SOURCE_ROOT; }; - 182BB3A3146F1BEC000BF1F3 /* SecDigestTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecDigestTransform.h; path = libsecurity_transform/lib/SecDigestTransform.h; sourceTree = SOURCE_ROOT; }; - 182BB3A4146F1BEC000BF1F3 /* SecReadTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecReadTransform.h; path = libsecurity_transform/lib/SecReadTransform.h; sourceTree = SOURCE_ROOT; }; - 182BB3A5146F1BEC000BF1F3 /* SecTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTransform.h; path = libsecurity_transform/lib/SecTransform.h; sourceTree = SOURCE_ROOT; }; - 182BB3A6146F1BEC000BF1F3 /* SecCustomTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCustomTransform.h; path = libsecurity_transform/lib/SecCustomTransform.h; sourceTree = SOURCE_ROOT; }; - 182BB3A7146F1BEC000BF1F3 /* SecDecodeTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecDecodeTransform.h; path = libsecurity_transform/lib/SecDecodeTransform.h; sourceTree = SOURCE_ROOT; }; - 182BB3A8146F1BEC000BF1F3 /* SecEncodeTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecEncodeTransform.h; path = libsecurity_transform/lib/SecEncodeTransform.h; sourceTree = SOURCE_ROOT; }; - 182BB3A9146F1BEC000BF1F3 /* SecEncryptTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecEncryptTransform.h; path = libsecurity_transform/lib/SecEncryptTransform.h; sourceTree = SOURCE_ROOT; }; - 182BB3AA146F1BEC000BF1F3 /* SecSignVerifyTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecSignVerifyTransform.h; path = libsecurity_transform/lib/SecSignVerifyTransform.h; sourceTree = SOURCE_ROOT; }; - 182BB3AB146F1BEC000BF1F3 /* SecTransformReadTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTransformReadTransform.h; path = libsecurity_transform/lib/SecTransformReadTransform.h; sourceTree = SOURCE_ROOT; }; - 182BB3B6146F1BF9000BF1F3 /* SecNullTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecNullTransform.h; path = libsecurity_transform/lib/SecNullTransform.h; sourceTree = SOURCE_ROOT; }; - 182BB3B7146F1BF9000BF1F3 /* SecTransformInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTransformInternal.h; path = libsecurity_transform/lib/SecTransformInternal.h; sourceTree = SOURCE_ROOT; }; - 182BB3C4146F1DCB000BF1F3 /* sd_cspdl_common.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = sd_cspdl_common.mdsinfo; path = libsecurity_sd_cspdl/mds/sd_cspdl_common.mdsinfo; sourceTree = SOURCE_ROOT; }; - 182BB556146F4510000BF1F3 /* csparser-Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "csparser-Info.plist"; sourceTree = ""; }; - 182BB557146F4510000BF1F3 /* csparser.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = csparser.cpp; sourceTree = ""; }; - 182BB558146F4510000BF1F3 /* csparser.exp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.exports; path = csparser.exp; sourceTree = ""; }; - 182BB55C146F4544000BF1F3 /* FDEPrefs.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = FDEPrefs.plist; sourceTree = ""; }; - 182BB55D146F4544000BF1F3 /* generateErrStrings.pl */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.perl; path = generateErrStrings.pl; sourceTree = ""; }; - 182BB55E146F4544000BF1F3 /* Security.order */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Security.order; sourceTree = ""; }; - 182BB562146F4C73000BF1F3 /* security.exp-in */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; lineEnding = 0; path = "security.exp-in"; sourceTree = ""; xcLanguageSpecificationIdentifier = ""; }; - 182BB568146F4DCA000BF1F3 /* csparser.bundle */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = csparser.bundle; sourceTree = BUILT_PRODUCTS_DIR; }; - 182BB569146F4DCA000BF1F3 /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = System/Library/Frameworks/CoreFoundation.framework; sourceTree = SDKROOT; }; - 182BB593146FE1ED000BF1F3 /* libantlr2c++.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = "libantlr2c++.a"; path = "/usr/local/lib/libantlr2c++.a"; sourceTree = ""; }; - 182BB5AB146FEF14000BF1F3 /* libpam.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libpam.dylib; path = /usr/lib/libpam.dylib; sourceTree = ""; }; - 182BB5AD146FEF43000BF1F3 /* libsqlite3.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libsqlite3.dylib; path = /usr/lib/libsqlite3.dylib; sourceTree = ""; }; - 182BB5B1146FF039000BF1F3 /* libz.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libz.dylib; path = /usr/lib/libz.dylib; sourceTree = ""; }; - 182BB5B3146FF04C000BF1F3 /* libxar.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libxar.dylib; path = /usr/lib/libxar.dylib; sourceTree = ""; }; - 182BB5B5146FF08F000BF1F3 /* libauto.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libauto.dylib; path = /usr/lib/libauto.dylib; sourceTree = ""; }; - 182BB5B7146FF0A1000BF1F3 /* libobjc.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libobjc.dylib; path = /usr/lib/libobjc.dylib; sourceTree = ""; }; - 182BB5B9146FF0BE000BF1F3 /* libbsm.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libbsm.dylib; path = /usr/lib/libbsm.dylib; sourceTree = ""; }; - 1831329914EB2C6D00F0BCAC /* libASN1.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libASN1.a; path = /usr/local/lib/libASN1.a; sourceTree = ""; }; - 1831329A14EB2C6D00F0BCAC /* libDER.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libDER.a; path = /usr/local/lib/libDER.a; sourceTree = ""; }; - 1844605B146DE93E00B12992 /* csp_capabilities.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = csp_capabilities.mdsinfo; path = libsecurity_apple_csp/mds/csp_capabilities.mdsinfo; sourceTree = SOURCE_ROOT; }; - 1844605C146DE93E00B12992 /* csp_capabilities_common.mds */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = csp_capabilities_common.mds; path = libsecurity_apple_csp/mds/csp_capabilities_common.mds; sourceTree = SOURCE_ROOT; }; - 1844605D146DE93E00B12992 /* csp_common.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = csp_common.mdsinfo; path = libsecurity_apple_csp/mds/csp_common.mdsinfo; sourceTree = SOURCE_ROOT; }; - 1844605E146DE93E00B12992 /* csp_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = csp_primary.mdsinfo; path = libsecurity_apple_csp/mds/csp_primary.mdsinfo; sourceTree = SOURCE_ROOT; }; - 18446099146DFCB700B12992 /* secasn1t.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = secasn1t.h; path = libsecurity_asn1/lib/secasn1t.h; sourceTree = SOURCE_ROOT; }; - 1844609A146DFCB700B12992 /* certExtensionTemplates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = certExtensionTemplates.h; path = libsecurity_asn1/lib/certExtensionTemplates.h; sourceTree = SOURCE_ROOT; }; - 1844609B146DFCB700B12992 /* csrTemplates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = csrTemplates.h; path = libsecurity_asn1/lib/csrTemplates.h; sourceTree = SOURCE_ROOT; }; - 1844609C146DFCB700B12992 /* ocspTemplates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ocspTemplates.h; path = libsecurity_asn1/lib/ocspTemplates.h; sourceTree = SOURCE_ROOT; }; - 1844609D146DFCB700B12992 /* nameTemplates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = nameTemplates.h; path = libsecurity_asn1/lib/nameTemplates.h; sourceTree = SOURCE_ROOT; }; - 1844609E146DFCB700B12992 /* X509Templates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = X509Templates.h; path = libsecurity_asn1/lib/X509Templates.h; sourceTree = SOURCE_ROOT; }; - 1844609F146DFCB700B12992 /* osKeyTemplates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = osKeyTemplates.h; path = libsecurity_asn1/lib/osKeyTemplates.h; sourceTree = SOURCE_ROOT; }; - 184460A0146DFCB700B12992 /* keyTemplates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = keyTemplates.h; path = libsecurity_asn1/lib/keyTemplates.h; sourceTree = SOURCE_ROOT; }; - 184460A1146DFCB700B12992 /* asn1Templates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = asn1Templates.h; path = libsecurity_asn1/lib/asn1Templates.h; sourceTree = SOURCE_ROOT; }; - 184460AB146DFCC100B12992 /* SecAsn1Coder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecAsn1Coder.h; path = libsecurity_asn1/lib/SecAsn1Coder.h; sourceTree = SOURCE_ROOT; }; - 184460AC146DFCC100B12992 /* SecAsn1Templates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecAsn1Templates.h; path = libsecurity_asn1/lib/SecAsn1Templates.h; sourceTree = SOURCE_ROOT; }; - 184460AD146DFCC100B12992 /* SecAsn1Types.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecAsn1Types.h; path = libsecurity_asn1/lib/SecAsn1Types.h; sourceTree = SOURCE_ROOT; }; - 184460C3146E7B1E00B12992 /* cspdl_common.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = cspdl_common.mdsinfo; path = libsecurity_apple_cspdl/mds/cspdl_common.mdsinfo; sourceTree = SOURCE_ROOT; }; - 184460C4146E7B1E00B12992 /* cspdl_csp_capabilities.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = cspdl_csp_capabilities.mdsinfo; path = libsecurity_apple_cspdl/mds/cspdl_csp_capabilities.mdsinfo; sourceTree = SOURCE_ROOT; }; - 184460C5146E7B1E00B12992 /* cspdl_csp_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = cspdl_csp_primary.mdsinfo; path = libsecurity_apple_cspdl/mds/cspdl_csp_primary.mdsinfo; sourceTree = SOURCE_ROOT; }; - 184460C6146E7B1E00B12992 /* cspdl_dl_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = cspdl_dl_primary.mdsinfo; path = libsecurity_apple_cspdl/mds/cspdl_dl_primary.mdsinfo; sourceTree = SOURCE_ROOT; }; - 184460E1146E806700B12992 /* dl_common.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = dl_common.mdsinfo; path = libsecurity_apple_file_dl/mds/dl_common.mdsinfo; sourceTree = SOURCE_ROOT; }; - 184460E2146E806700B12992 /* dl_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = dl_primary.mdsinfo; path = libsecurity_apple_file_dl/mds/dl_primary.mdsinfo; sourceTree = SOURCE_ROOT; }; - 18446103146E82C800B12992 /* cl_common.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = cl_common.mdsinfo; path = libsecurity_apple_x509_cl/mds/cl_common.mdsinfo; sourceTree = SOURCE_ROOT; }; - 18446104146E82C800B12992 /* cl_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = cl_primary.mdsinfo; path = libsecurity_apple_x509_cl/mds/cl_primary.mdsinfo; sourceTree = SOURCE_ROOT; }; - 18446112146E85A300B12992 /* tp_common.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = tp_common.mdsinfo; path = libsecurity_apple_x509_tp/mds/tp_common.mdsinfo; sourceTree = SOURCE_ROOT; }; - 18446113146E85A300B12992 /* tp_policyOids.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = tp_policyOids.mdsinfo; path = libsecurity_apple_x509_tp/mds/tp_policyOids.mdsinfo; sourceTree = SOURCE_ROOT; }; - 18446114146E85A300B12992 /* tp_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = tp_primary.mdsinfo; path = libsecurity_apple_x509_tp/mds/tp_primary.mdsinfo; sourceTree = SOURCE_ROOT; }; - 18446144146E923200B12992 /* AuthorizationTags.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AuthorizationTags.h; path = libsecurity_authorization/lib/AuthorizationTags.h; sourceTree = SOURCE_ROOT; }; - 18446145146E923200B12992 /* AuthSession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AuthSession.h; path = libsecurity_authorization/lib/AuthSession.h; sourceTree = SOURCE_ROOT; }; - 18446146146E923200B12992 /* Authorization.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Authorization.h; path = libsecurity_authorization/lib/Authorization.h; sourceTree = SOURCE_ROOT; }; - 18446147146E923200B12992 /* AuthorizationDB.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AuthorizationDB.h; path = libsecurity_authorization/lib/AuthorizationDB.h; sourceTree = SOURCE_ROOT; }; - 18446148146E923200B12992 /* AuthorizationPlugin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AuthorizationPlugin.h; path = libsecurity_authorization/lib/AuthorizationPlugin.h; sourceTree = SOURCE_ROOT; }; - 1844614E146E923B00B12992 /* AuthorizationTagsPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AuthorizationTagsPriv.h; path = libsecurity_authorization/lib/AuthorizationTagsPriv.h; sourceTree = SOURCE_ROOT; }; - 1844614F146E923B00B12992 /* AuthorizationPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AuthorizationPriv.h; path = libsecurity_authorization/lib/AuthorizationPriv.h; sourceTree = SOURCE_ROOT; }; - 18446168146E95D700B12992 /* checkpw.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = checkpw.h; path = libsecurity_checkpw/lib/checkpw.h; sourceTree = SOURCE_ROOT; }; - 18446170146E982800B12992 /* CMSDecoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CMSDecoder.h; path = libsecurity_cms/lib/CMSDecoder.h; sourceTree = SOURCE_ROOT; }; - 18446171146E982800B12992 /* CMSEncoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CMSEncoder.h; path = libsecurity_cms/lib/CMSEncoder.h; sourceTree = SOURCE_ROOT; }; - 18446174146E982D00B12992 /* CMSPrivate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CMSPrivate.h; path = libsecurity_cms/lib/CMSPrivate.h; sourceTree = SOURCE_ROOT; }; - 1844617E146E9A8500B12992 /* SecTask.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTask.h; path = libsecurity_codesigning/lib/SecTask.h; sourceTree = SOURCE_ROOT; }; - 1844617F146E9A8500B12992 /* CodeSigning.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CodeSigning.h; path = libsecurity_codesigning/lib/CodeSigning.h; sourceTree = SOURCE_ROOT; }; - 18446180146E9A8500B12992 /* CSCommon.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CSCommon.h; path = libsecurity_codesigning/lib/CSCommon.h; sourceTree = SOURCE_ROOT; }; - 18446181146E9A8500B12992 /* SecCode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCode.h; path = libsecurity_codesigning/lib/SecCode.h; sourceTree = SOURCE_ROOT; }; - 18446182146E9A8500B12992 /* SecStaticCode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecStaticCode.h; path = libsecurity_codesigning/lib/SecStaticCode.h; sourceTree = SOURCE_ROOT; }; - 18446183146E9A8500B12992 /* SecRequirement.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecRequirement.h; path = libsecurity_codesigning/lib/SecRequirement.h; sourceTree = SOURCE_ROOT; }; - 18446184146E9A8500B12992 /* SecCodeHost.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCodeHost.h; path = libsecurity_codesigning/lib/SecCodeHost.h; sourceTree = SOURCE_ROOT; }; - 1844618C146E9A8F00B12992 /* CSCommonPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CSCommonPriv.h; path = libsecurity_codesigning/lib/CSCommonPriv.h; sourceTree = SOURCE_ROOT; }; - 1844618D146E9A8F00B12992 /* SecCodePriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCodePriv.h; path = libsecurity_codesigning/lib/SecCodePriv.h; sourceTree = SOURCE_ROOT; }; - 1844618E146E9A8F00B12992 /* SecStaticCodePriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecStaticCodePriv.h; path = libsecurity_codesigning/lib/SecStaticCodePriv.h; sourceTree = SOURCE_ROOT; }; - 1844618F146E9A8F00B12992 /* SecRequirementPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecRequirementPriv.h; path = libsecurity_codesigning/lib/SecRequirementPriv.h; sourceTree = SOURCE_ROOT; }; - 18446190146E9A8F00B12992 /* SecCodeSigner.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCodeSigner.h; path = libsecurity_codesigning/lib/SecCodeSigner.h; sourceTree = SOURCE_ROOT; }; - 18446191146E9A8F00B12992 /* SecIntegrity.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecIntegrity.h; path = libsecurity_codesigning/lib/SecIntegrity.h; sourceTree = SOURCE_ROOT; }; - 18446192146E9A8F00B12992 /* SecIntegrityLib.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecIntegrityLib.h; path = libsecurity_codesigning/lib/SecIntegrityLib.h; sourceTree = SOURCE_ROOT; }; - 18446193146E9A8F00B12992 /* SecCodeHostLib.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCodeHostLib.h; path = libsecurity_codesigning/lib/SecCodeHostLib.h; sourceTree = SOURCE_ROOT; }; - 18446194146E9A8F00B12992 /* SecAssessment.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecAssessment.h; path = libsecurity_codesigning/lib/SecAssessment.h; sourceTree = SOURCE_ROOT; }; - 184461A3146E9D3200B12992 /* libsecurityd.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurityd.xcodeproj; path = libsecurityd/libsecurityd.xcodeproj; sourceTree = ""; }; - 18500F9A14708D0E006F9AB4 /* SecDebugErrorMessages.strings */ = {isa = PBXFileReference; fileEncoding = 10; lastKnownFileType = text.plist.strings; name = SecDebugErrorMessages.strings; path = derived_src/SecDebugErrorMessages.strings; sourceTree = BUILT_PRODUCTS_DIR; }; - 18500FA014708F19006F9AB4 /* en */ = {isa = PBXFileReference; fileEncoding = 10; lastKnownFileType = text.plist.strings; name = en; path = derived_src/en.lproj/SecErrorMessages.strings; sourceTree = BUILT_PRODUCTS_DIR; }; - 186CDD1614CA11C700AF9171 /* sec.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; path = sec.xcodeproj; sourceTree = ""; }; - 18752C1D16F2837A004E2799 /* libaks.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libaks.a; path = usr/local/lib/libaks.a; sourceTree = SDKROOT; }; - 1879B4A9146DCA18007E536C /* cssm.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = cssm.mdsinfo; path = libsecurity_cssm/mds/cssm.mdsinfo; sourceTree = SOURCE_ROOT; }; - 1879B4AB146DCA4A007E536C /* cssmapplePriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmapplePriv.h; path = libsecurity_cssm/lib/cssmapplePriv.h; sourceTree = SOURCE_ROOT; }; - 1879B4AD146DCA84007E536C /* certextensions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = certextensions.h; path = libsecurity_cssm/lib/certextensions.h; sourceTree = SOURCE_ROOT; }; - 1879B4AE146DCA84007E536C /* cssm.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssm.h; path = libsecurity_cssm/lib/cssm.h; sourceTree = SOURCE_ROOT; }; - 1879B4AF146DCA84007E536C /* cssmaci.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmaci.h; path = libsecurity_cssm/lib/cssmaci.h; sourceTree = SOURCE_ROOT; }; - 1879B4B0146DCA84007E536C /* cssmapi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmapi.h; path = libsecurity_cssm/lib/cssmapi.h; sourceTree = SOURCE_ROOT; }; - 1879B4B1146DCA84007E536C /* cssmapple.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmapple.h; path = libsecurity_cssm/lib/cssmapple.h; sourceTree = SOURCE_ROOT; }; - 1879B4B2146DCA84007E536C /* cssmcli.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmcli.h; path = libsecurity_cssm/lib/cssmcli.h; sourceTree = SOURCE_ROOT; }; - 1879B4B3146DCA84007E536C /* cssmconfig.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmconfig.h; path = libsecurity_cssm/lib/cssmconfig.h; sourceTree = SOURCE_ROOT; }; - 1879B4B4146DCA84007E536C /* cssmcspi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmcspi.h; path = libsecurity_cssm/lib/cssmcspi.h; sourceTree = SOURCE_ROOT; }; - 1879B4B5146DCA84007E536C /* cssmdli.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmdli.h; path = libsecurity_cssm/lib/cssmdli.h; sourceTree = SOURCE_ROOT; }; - 1879B4B6146DCA84007E536C /* cssmerr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmerr.h; path = libsecurity_cssm/lib/cssmerr.h; sourceTree = SOURCE_ROOT; }; - 1879B4B7146DCA84007E536C /* cssmkrapi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmkrapi.h; path = libsecurity_cssm/lib/cssmkrapi.h; sourceTree = SOURCE_ROOT; }; - 1879B4B8146DCA84007E536C /* cssmkrspi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmkrspi.h; path = libsecurity_cssm/lib/cssmkrspi.h; sourceTree = SOURCE_ROOT; }; - 1879B4B9146DCA84007E536C /* cssmspi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmspi.h; path = libsecurity_cssm/lib/cssmspi.h; sourceTree = SOURCE_ROOT; }; - 1879B4BA146DCA84007E536C /* cssmtpi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmtpi.h; path = libsecurity_cssm/lib/cssmtpi.h; sourceTree = SOURCE_ROOT; }; - 1879B4BB146DCA84007E536C /* cssmtype.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmtype.h; path = libsecurity_cssm/lib/cssmtype.h; sourceTree = SOURCE_ROOT; }; - 1879B4BC146DCA84007E536C /* eisl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = eisl.h; path = libsecurity_cssm/lib/eisl.h; sourceTree = SOURCE_ROOT; }; - 1879B4BD146DCA84007E536C /* emmspi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = emmspi.h; path = libsecurity_cssm/lib/emmspi.h; sourceTree = SOURCE_ROOT; }; - 1879B4BE146DCA84007E536C /* emmtype.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = emmtype.h; path = libsecurity_cssm/lib/emmtype.h; sourceTree = SOURCE_ROOT; }; - 1879B4C1146DCA84007E536C /* oidsbase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = oidsbase.h; path = libsecurity_cssm/lib/oidsbase.h; sourceTree = SOURCE_ROOT; }; - 1879B4C2146DCA84007E536C /* oidscert.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = oidscert.h; path = libsecurity_cssm/lib/oidscert.h; sourceTree = SOURCE_ROOT; }; - 1879B4C3146DCA84007E536C /* oidscrl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = oidscrl.h; path = libsecurity_cssm/lib/oidscrl.h; sourceTree = SOURCE_ROOT; }; - 1879B4C4146DCA84007E536C /* x509defs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = x509defs.h; path = libsecurity_cssm/lib/x509defs.h; sourceTree = SOURCE_ROOT; }; - 1879B532146DDBE5007E536C /* libsecurity_utilities.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_utilities.xcodeproj; path = libsecurity_utilities/libsecurity_utilities.xcodeproj; sourceTree = ""; }; - 1879B547146DE212007E536C /* libsecurity_cdsa_utils.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_cdsa_utils.xcodeproj; path = libsecurity_cdsa_utils/libsecurity_cdsa_utils.xcodeproj; sourceTree = ""; }; - 1879B550146DE227007E536C /* libsecurity_cdsa_utilities.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_cdsa_utilities.xcodeproj; path = libsecurity_cdsa_utilities/libsecurity_cdsa_utilities.xcodeproj; sourceTree = ""; }; - 1879B55D146DE244007E536C /* libsecurity_cssm.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_cssm.xcodeproj; path = libsecurity_cssm/libsecurity_cssm.xcodeproj; sourceTree = ""; }; - 1879B5BC146DE6C8007E536C /* libsecurity_apple_csp.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_apple_csp.xcodeproj; path = libsecurity_apple_csp/libsecurity_apple_csp.xcodeproj; sourceTree = ""; }; - 1879B5C9146DE6CE007E536C /* libsecurity_apple_cspdl.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_apple_cspdl.xcodeproj; path = libsecurity_apple_cspdl/libsecurity_apple_cspdl.xcodeproj; sourceTree = ""; }; - 1879B5D5146DE6D7007E536C /* libsecurity_apple_file_dl.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_apple_file_dl.xcodeproj; path = libsecurity_apple_file_dl/libsecurity_apple_file_dl.xcodeproj; sourceTree = ""; }; - 1879B5E1146DE6E7007E536C /* libsecurity_apple_x509_cl.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_apple_x509_cl.xcodeproj; path = libsecurity_apple_x509_cl/libsecurity_apple_x509_cl.xcodeproj; sourceTree = ""; }; - 1879B5F0146DE6FD007E536C /* libsecurity_apple_x509_tp.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_apple_x509_tp.xcodeproj; path = libsecurity_apple_x509_tp/libsecurity_apple_x509_tp.xcodeproj; sourceTree = ""; }; - 1879B5FC146DE704007E536C /* libsecurity_asn1.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_asn1.xcodeproj; path = libsecurity_asn1/libsecurity_asn1.xcodeproj; sourceTree = ""; }; - 1879B609146DE70A007E536C /* libsecurity_authorization.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_authorization.xcodeproj; path = libsecurity_authorization/libsecurity_authorization.xcodeproj; sourceTree = ""; }; - 1879B615146DE715007E536C /* libsecurity_cdsa_client.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_cdsa_client.xcodeproj; path = libsecurity_cdsa_client/libsecurity_cdsa_client.xcodeproj; sourceTree = ""; }; - 1879B621146DE720007E536C /* libsecurity_cdsa_plugin.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_cdsa_plugin.xcodeproj; path = libsecurity_cdsa_plugin/libsecurity_cdsa_plugin.xcodeproj; sourceTree = ""; }; - 1879B637146DE748007E536C /* libsecurity_checkpw.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_checkpw.xcodeproj; path = libsecurity_checkpw/libsecurity_checkpw.xcodeproj; sourceTree = ""; }; - 1879B64B146DE750007E536C /* libsecurity_cms.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_cms.xcodeproj; path = libsecurity_cms/libsecurity_cms.xcodeproj; sourceTree = ""; }; - 1879B657146DE756007E536C /* libsecurity_codesigning.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_codesigning.xcodeproj; path = libsecurity_codesigning/libsecurity_codesigning.xcodeproj; sourceTree = ""; }; - 1879B66D146DE75D007E536C /* libsecurity_comcryption.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_comcryption.xcodeproj; path = libsecurity_comcryption/libsecurity_comcryption.xcodeproj; sourceTree = ""; }; - 1879B679146DE76E007E536C /* libsecurity_cryptkit.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_cryptkit.xcodeproj; path = libsecurity_cryptkit/libsecurity_cryptkit.xcodeproj; sourceTree = ""; }; - 1879B694146DE797007E536C /* libsecurity_filedb.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_filedb.xcodeproj; path = libsecurity_filedb/libsecurity_filedb.xcodeproj; sourceTree = ""; }; - 1879B6A0146DE79F007E536C /* libsecurity_keychain.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_keychain.xcodeproj; path = libsecurity_keychain/libsecurity_keychain.xcodeproj; sourceTree = ""; }; - 1879B6C7146DE7D7007E536C /* libsecurity_manifest.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_manifest.xcodeproj; path = libsecurity_manifest/libsecurity_manifest.xcodeproj; sourceTree = ""; }; - 1879B6D3146DE7E0007E536C /* libsecurity_mds.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_mds.xcodeproj; path = libsecurity_mds/libsecurity_mds.xcodeproj; sourceTree = ""; }; - 1879B6DF146DE7E7007E536C /* libsecurity_ocspd.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_ocspd.xcodeproj; path = libsecurity_ocspd/libsecurity_ocspd.xcodeproj; sourceTree = ""; }; - 1879B6EC146DE7EE007E536C /* libsecurity_pkcs12.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_pkcs12.xcodeproj; path = libsecurity_pkcs12/libsecurity_pkcs12.xcodeproj; sourceTree = ""; }; - 1879B6F8146DE7F7007E536C /* libsecurity_sd_cspdl.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_sd_cspdl.xcodeproj; path = libsecurity_sd_cspdl/libsecurity_sd_cspdl.xcodeproj; sourceTree = ""; }; - 1879B712146DE825007E536C /* libsecurity_smime.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_smime.xcodeproj; path = libsecurity_smime/libsecurity_smime.xcodeproj; sourceTree = ""; }; - 1879B71F146DE839007E536C /* libsecurity_ssl.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_ssl.xcodeproj; path = libsecurity_ssl/libsecurity_ssl.xcodeproj; sourceTree = ""; }; - 1879B72B146DE844007E536C /* libsecurity_transform.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_transform.xcodeproj; path = libsecurity_transform/libsecurity_transform.xcodeproj; sourceTree = ""; }; - 187D6B9015D4359F00E27494 /* en */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = en; path = en.lproj/authorization.buttons.strings; sourceTree = ""; }; - 187D6B9215D4359F00E27494 /* en */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = en; path = en.lproj/authorization.prompts.strings; sourceTree = ""; }; - 187D6B9515D436BF00E27494 /* authorization.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = authorization.plist; sourceTree = ""; }; - 188AD8D91471FE3D0081C619 /* en */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = en; path = en.lproj/FDELocalizable.strings; sourceTree = ""; }; - 188AD8DB1471FE3E0081C619 /* en */ = {isa = PBXFileReference; fileEncoding = 10; lastKnownFileType = text.plist.strings; name = en; path = en.lproj/InfoPlist.strings; sourceTree = ""; }; - 18A5493115EFD2F40059E6DC /* dummy.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = dummy.cpp; sourceTree = ""; }; - 18B647E814D9EB6300F538BF /* oidsalg.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = oidsalg.h; path = ../libsecurity_asn1/lib/oidsalg.h; sourceTree = ""; }; - 18B647EA14D9EE4300F538BF /* oidsattr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = oidsattr.h; path = ../libsecurity_asn1/lib/oidsattr.h; sourceTree = ""; }; - 18B647EF14D9F75300F538BF /* generateErrStrings.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = generateErrStrings.mm; path = derived_src/generateErrStrings.mm; sourceTree = BUILT_PRODUCTS_DIR; }; - 18BBC6801471EF1600F2B224 /* security.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = security.xcconfig; sourceTree = ""; }; - 18BBC7351471F5A300F2B224 /* SecExternalSourceTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecExternalSourceTransform.h; path = libsecurity_transform/lib/SecExternalSourceTransform.h; sourceTree = SOURCE_ROOT; }; - 18BEB19614CF74C100C8BD36 /* com.apple.secd.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = com.apple.secd.plist; sourceTree = ""; }; - 18BFC44017C43393005DE6C3 /* executable.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = executable.xcconfig; sourceTree = ""; }; - 18CFEE8715DEE25200E3F2A3 /* com.apple.authd.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = com.apple.authd.sb; sourceTree = ""; }; - 18D6803916B768D500DF6D2E /* com.apple.authd */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = com.apple.authd; sourceTree = ""; }; - 18ED4D2317270DB6003AF11B /* SecurityTests-Entitlements.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "SecurityTests-Entitlements.plist"; sourceTree = ""; }; - 18F234EB15C9F9A600060520 /* authd.xpc */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = authd.xpc; sourceTree = BUILT_PRODUCTS_DIR; }; - 18F234F915C9FA3B00060520 /* agent.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = agent.c; sourceTree = ""; }; - 18F234FA15C9FA3B00060520 /* agent.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = agent.h; sourceTree = ""; }; - 18F234FB15C9FA3B00060520 /* authdb.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = authdb.c; sourceTree = ""; }; - 18F234FC15C9FA3B00060520 /* authdb.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = authdb.h; sourceTree = ""; }; - 18F234FD15C9FA3B00060520 /* authitems.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = authitems.c; sourceTree = ""; }; - 18F234FE15C9FA3B00060520 /* authitems.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = authitems.h; sourceTree = ""; }; - 18F234FF15C9FA3B00060520 /* authtoken.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = authtoken.c; sourceTree = ""; }; - 18F2350015C9FA3B00060520 /* authtoken.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = authtoken.h; sourceTree = ""; }; - 18F2350115C9FA3B00060520 /* authtypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = authtypes.h; sourceTree = ""; }; - 18F2350215C9FA3B00060520 /* authutilities.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = authutilities.c; sourceTree = ""; }; - 18F2350315C9FA3B00060520 /* authutilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = authutilities.h; sourceTree = ""; }; - 18F2350415C9FA3B00060520 /* ccaudit.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ccaudit.c; sourceTree = ""; }; - 18F2350515C9FA3B00060520 /* ccaudit.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ccaudit.h; sourceTree = ""; }; - 18F2350615C9FA3B00060520 /* crc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = crc.c; sourceTree = ""; }; - 18F2350715C9FA3B00060520 /* crc.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = crc.h; sourceTree = ""; }; - 18F2350815C9FA3B00060520 /* credential.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = credential.c; sourceTree = ""; }; - 18F2350915C9FA3B00060520 /* credential.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = credential.h; sourceTree = ""; }; - 18F2350A15C9FA3B00060520 /* debugging.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = debugging.c; sourceTree = ""; }; - 18F2350B15C9FA3B00060520 /* debugging.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = debugging.h; sourceTree = ""; }; - 18F2350E15C9FA3B00060520 /* en */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = en; path = InfoPlist.strings; sourceTree = ""; }; - 18F2350F15C9FA3B00060520 /* engine.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = engine.c; sourceTree = ""; }; - 18F2351015C9FA3B00060520 /* engine.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = engine.h; sourceTree = ""; }; - 18F2351115C9FA3B00060520 /* main.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = main.c; sourceTree = ""; }; - 18F2351215C9FA3B00060520 /* mechanism.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = mechanism.c; sourceTree = ""; }; - 18F2351315C9FA3B00060520 /* mechanism.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = mechanism.h; sourceTree = ""; }; - 18F2351415C9FA3C00060520 /* object.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = object.c; sourceTree = ""; }; - 18F2351515C9FA3C00060520 /* object.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = object.h; sourceTree = ""; }; - 18F2351615C9FA3C00060520 /* process.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = process.c; sourceTree = ""; }; - 18F2351715C9FA3C00060520 /* process.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = process.h; sourceTree = ""; }; - 18F2351815C9FA3C00060520 /* rule.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rule.c; sourceTree = ""; }; - 18F2351915C9FA3C00060520 /* rule.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = rule.h; sourceTree = ""; }; - 18F2351A15C9FA3C00060520 /* authd_private.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = authd_private.h; sourceTree = ""; }; - 18F2351B15C9FA3C00060520 /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; - 18F2351C15C9FA3C00060520 /* security.auth-Prefix.pch */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "security.auth-Prefix.pch"; sourceTree = ""; }; - 18F2351D15C9FA3C00060520 /* server.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = server.c; sourceTree = ""; }; - 18F2351E15C9FA3C00060520 /* server.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = server.h; sourceTree = ""; }; - 18F2351F15C9FA3C00060520 /* session.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = session.c; sourceTree = ""; }; - 18F2352015C9FA3C00060520 /* session.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = session.h; sourceTree = ""; }; - 18F235F515CA0D8100060520 /* libsecurity_cdsa_utilities.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurity_cdsa_utilities.a; path = /usr/local/lib/libsecurity_cdsa_utilities.a; sourceTree = ""; }; - 18F235F715CA0D9D00060520 /* libsecurity_utilities.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurity_utilities.a; path = /usr/local/lib/libsecurity_utilities.a; sourceTree = ""; }; - 18F235FC15CA0EDB00060520 /* libstdc++.6.0.9.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = "libstdc++.6.0.9.dylib"; path = "/usr/lib/libstdc++.6.0.9.dylib"; sourceTree = ""; }; - 18F2360015CAF41100060520 /* libsecurity_codesigning.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurity_codesigning.a; path = /usr/local/lib/libsecurity_codesigning.a; sourceTree = ""; }; - 18FE67EA1471A3AA00A2CBE3 /* Security.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Security.framework; sourceTree = BUILT_PRODUCTS_DIR; }; - 1F6FC5DF1C3D9D90001C758F /* libsecurity_translocate.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_translocate.xcodeproj; path = libsecurity_translocate/libsecurity_translocate.xcodeproj; sourceTree = ""; }; - 1FDA9ABB1C4489280083929D /* SecTranslocate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SecTranslocate.h; path = libsecurity_translocate/lib/SecTranslocate.h; sourceTree = SOURCE_ROOT; }; - 3705CACC1A896D5A00402F75 /* SecTask-Entitlements.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = "SecTask-Entitlements.plist"; sourceTree = ""; }; - 3705CACD1A896DA800402F75 /* main.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = main.c; sourceTree = ""; }; - 3705CAD21A896DE800402F75 /* SecTaskTest */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = SecTaskTest; sourceTree = BUILT_PRODUCTS_DIR; }; - 3705CADB1A896E1A00402F75 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = System/Library/Frameworks/Security.framework; sourceTree = SDKROOT; }; - 371AB2CA1A04050700A08CF2 /* teamid.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = teamid.sh; sourceTree = ""; }; - 37A7CEAB197DB8FA00926CE8 /* codesign_tests */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = codesign_tests; sourceTree = BUILT_PRODUCTS_DIR; }; - 37A7CEAD197DB8FA00926CE8 /* FatDynamicValidation.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = FatDynamicValidation.c; sourceTree = ""; }; - 37A7CEDB197DCDD700926CE8 /* validation.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = validation.sh; sourceTree = ""; }; - 37AB390F1A44A88000B56E04 /* gk_reset_check */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = gk_reset_check; sourceTree = BUILT_PRODUCTS_DIR; }; - 37AB39111A44A88000B56E04 /* gk_reset_check.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = gk_reset_check.c; sourceTree = ""; }; - 37CD05021A8A87E50053CCD0 /* CaspianTests */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; path = CaspianTests; sourceTree = ""; }; - 37CD05041A8A96DD0053CCD0 /* LocalCaspianTestRun.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = LocalCaspianTestRun.sh; sourceTree = ""; }; - 395E7CED16C64EA500CD82A4 /* SystemConfiguration.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = SystemConfiguration.framework; path = System/Library/Frameworks/SystemConfiguration.framework; sourceTree = SDKROOT; }; - 431B73571B27762300EB0360 /* CloudServices.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CloudServices.framework; path = System/Library/PrivateFrameworks/CloudServices.framework; sourceTree = SDKROOT; }; - 43651E011B016BE8008C4B88 /* CrashReporterSupport.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CrashReporterSupport.framework; path = System/Library/PrivateFrameworks/CrashReporterSupport.framework; sourceTree = SDKROOT; }; - 43A598581B0CF2AB00D14A7B /* English */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = English; path = English.lproj/CloudKeychain.strings; sourceTree = ""; }; - 4469FC001AA0A56F0021AA26 /* libctkclient_test.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libctkclient_test.a; path = usr/local/lib/libctkclient_test.a; sourceTree = SDKROOT; }; - 4469FC011AA0A56F0021AA26 /* libctkclient.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libctkclient.a; path = usr/local/lib/libctkclient.a; sourceTree = SDKROOT; }; - 44B2603E18F81A6A008DF20F /* SecAccessControl.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SecAccessControl.h; path = sec/Security/SecAccessControl.h; sourceTree = SOURCE_ROOT; }; - 44B2606918F81BFE008DF20F /* SecAccessControlPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SecAccessControlPriv.h; path = sec/Security/SecAccessControlPriv.h; sourceTree = SOURCE_ROOT; }; - 44D78B8F1A0A611C00B63C6C /* libaks_acl.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libaks_acl.a; path = usr/local/lib/libaks_acl.a; sourceTree = SDKROOT; }; - 486326321CAA0C6500A466D9 /* com.apple.securityd.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = com.apple.securityd.plist; path = sec/os_log/com.apple.securityd.plist; sourceTree = ""; }; - 48FDA84D1AF989F600A9366F /* SOSCloudCircleInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SOSCloudCircleInternal.h; path = sec/SOSCircle/SecureObjectSync/SOSCloudCircleInternal.h; sourceTree = SOURCE_ROOT; }; - 4C0F6F861985877800178101 /* SecEntitlements.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecEntitlements.h; sourceTree = ""; }; - 4C12893715FFECF3008CE3E3 /* utilities.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; path = utilities.xcodeproj; sourceTree = ""; }; - 4C2505B616D2DF9F002CE025 /* Icon.icns */ = {isa = PBXFileReference; lastKnownFileType = image.icns; path = Icon.icns; sourceTree = ""; }; - 4C328D2F1778EC4F0015EED1 /* AOSUI.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AOSUI.framework; path = System/Library/PrivateFrameworks/AOSUI.framework; sourceTree = SDKROOT; }; - 4C49390C16E51ACE00CE110C /* com.apple.security.keychain-circle-notification.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "com.apple.security.keychain-circle-notification.plist"; sourceTree = ""; }; - 4C5DD44217A5E31900696A79 /* KNPersistentState.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = KNPersistentState.h; sourceTree = ""; }; - 4C5DD44317A5E31900696A79 /* KNPersistentState.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = KNPersistentState.m; sourceTree = ""; }; - 4C5DD46B17A5F67300696A79 /* AppleSystemInfo.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AppleSystemInfo.framework; path = System/Library/PrivateFrameworks/AppleSystemInfo.framework; sourceTree = SDKROOT; }; - 4C7D453B17BEE69B00DDD88F /* NSString+compactDescription.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSString+compactDescription.h"; sourceTree = ""; }; - 4C7D453C17BEE69B00DDD88F /* NSString+compactDescription.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSString+compactDescription.m"; sourceTree = ""; }; - 4C7D456417BEE6B700DDD88F /* NSDictionary+compactDescription.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "NSDictionary+compactDescription.h"; sourceTree = ""; }; - 4C7D456517BEE6B700DDD88F /* NSDictionary+compactDescription.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "NSDictionary+compactDescription.m"; sourceTree = ""; }; - 4C7D456617BEE6B700DDD88F /* NSSet+compactDescription.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "NSSet+compactDescription.h"; sourceTree = ""; }; - 4C7D456717BEE6B700DDD88F /* NSSet+compactDescription.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "NSSet+compactDescription.m"; sourceTree = ""; }; - 4C85DED816DBD5BF00ED8D47 /* KDCirclePeer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KDCirclePeer.h; sourceTree = ""; }; - 4C85DED916DBD5BF00ED8D47 /* KDCirclePeer.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = KDCirclePeer.m; sourceTree = ""; }; - 4C96F73816D5372C00D3B39D /* KDSecCircle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KDSecCircle.h; sourceTree = ""; }; - 4C96F73916D5372C00D3B39D /* KDSecCircle.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = KDSecCircle.m; sourceTree = ""; }; - 4C96F7C116D6DF8300D3B39D /* Keychain Circle Notification.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "Keychain Circle Notification.app"; sourceTree = BUILT_PRODUCTS_DIR; }; - 4C96F7C516D6DF8400D3B39D /* Keychain Circle Notification-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "Keychain Circle Notification-Info.plist"; sourceTree = ""; }; - 4C96F7C716D6DF8400D3B39D /* en */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = en; path = en.lproj/InfoPlist.strings; sourceTree = ""; }; - 4C96F7C916D6DF8400D3B39D /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; - 4C96F7CB16D6DF8400D3B39D /* Keychain Circle Notification-Prefix.pch */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "Keychain Circle Notification-Prefix.pch"; sourceTree = ""; }; - 4C96F7CF16D6DF8400D3B39D /* KNAppDelegate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = KNAppDelegate.h; sourceTree = ""; }; - 4C96F7D016D6DF8400D3B39D /* KNAppDelegate.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = KNAppDelegate.m; sourceTree = ""; }; - 4C97761D17BEB23E0002BFE4 /* AOSAccounts.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AOSAccounts.framework; path = System/Library/PrivateFrameworks/AOSAccounts.framework; sourceTree = SDKROOT; }; - 4CB23B46169F5873003A0131 /* security2 */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = security2; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CB23B4B169F5873003A0131 /* security2.1 */ = {isa = PBXFileReference; lastKnownFileType = text.man; path = security2.1; sourceTree = ""; }; - 4CB23B80169F58DE003A0131 /* security_tool_commands.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = security_tool_commands.c; sourceTree = ""; }; - 4CB23B82169F592C003A0131 /* sub_commands.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = sub_commands.h; sourceTree = ""; }; - 4CB23B91169F5CFF003A0131 /* command.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = command.xcconfig; sourceTree = ""; }; - 4CB86AE6167A6FF200F46643 /* SOSCircle.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SOSCircle.h; path = ../sec/SOSCircle/SecureObjectSync/SOSCircle.h; sourceTree = ""; }; - 4CB86AE7167A6FF200F46643 /* SOSCloudCircle.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SOSCloudCircle.h; path = ../sec/SOSCircle/SecureObjectSync/SOSCloudCircle.h; sourceTree = ""; }; - 4CB86AED167A6FF300F46643 /* SOSPeerInfo.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SOSPeerInfo.h; path = ../sec/SOSCircle/SecureObjectSync/SOSPeerInfo.h; sourceTree = ""; }; - 4CB9121C17750E6500C1CCCA /* entitlments.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = entitlments.plist; sourceTree = ""; }; - 4CC7A7B316CC2A84003E10C1 /* Cloud Keychain Utility.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "Cloud Keychain Utility.app"; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CC7A7B716CC2A85003E10C1 /* Keychain-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "Keychain-Info.plist"; sourceTree = ""; }; - 4CC7A7B916CC2A85003E10C1 /* en */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = en; path = en.lproj/InfoPlist.strings; sourceTree = ""; }; - 4CC7A7BB16CC2A85003E10C1 /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; - 4CC7A7BD16CC2A85003E10C1 /* Keychain-Prefix.pch */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "Keychain-Prefix.pch"; sourceTree = ""; }; - 4CC7A7BF16CC2A85003E10C1 /* en */ = {isa = PBXFileReference; lastKnownFileType = text.rtf; name = en; path = en.lproj/Credits.rtf; sourceTree = ""; }; - 4CC7A7C116CC2A85003E10C1 /* KDAppDelegate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = KDAppDelegate.h; sourceTree = ""; }; - 4CC7A7C216CC2A85003E10C1 /* KDAppDelegate.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = KDAppDelegate.m; sourceTree = ""; }; - 4CC7A7F416CD95D2003E10C1 /* KDSecItems.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KDSecItems.h; sourceTree = ""; }; - 4CC7A7F516CD95D3003E10C1 /* KDSecItems.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = KDSecItems.m; sourceTree = ""; }; - 4CD1980B16DD3BDF00A9E8FD /* NSArray+mapWithBlock.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = "NSArray+mapWithBlock.h"; path = "Keychain Circle Notification/NSArray+mapWithBlock.h"; sourceTree = SOURCE_ROOT; }; - 4CD1980C16DD3BDF00A9E8FD /* NSArray+mapWithBlock.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "NSArray+mapWithBlock.m"; path = "Keychain Circle Notification/NSArray+mapWithBlock.m"; sourceTree = SOURCE_ROOT; }; - 4CE7EA7D1AEAF50F0067F5BD /* SecItemBackup.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecItemBackup.h; path = sec/Security/SecItemBackup.h; sourceTree = SOURCE_ROOT; }; - 4CF42BB515A3947F00ACACE1 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = System/Library/Frameworks/Security.framework; sourceTree = SDKROOT; }; - 5214700716977CB800DF0DB3 /* Cocoa.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Cocoa.framework; path = System/Library/Frameworks/Cocoa.framework; sourceTree = SDKROOT; }; - 524492691AFD6CB70043695A /* der_plist.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = der_plist.h; path = ../utilities/src/der_plist.h; sourceTree = ""; }; - 52AEA484153C7581005AFC59 /* tsaSupportPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = tsaSupportPriv.h; path = libsecurity_smime/lib/tsaSupportPriv.h; sourceTree = SOURCE_ROOT; }; - 52B006BF15238F76005D4556 /* TimeStampingPrefs.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = TimeStampingPrefs.plist; sourceTree = ""; }; - 52B5A9C01519330300664F11 /* tsaSupport.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = tsaSupport.h; path = libsecurity_smime/lib/tsaSupport.h; sourceTree = SOURCE_ROOT; }; - 52B5A9C11519330300664F11 /* tsaTemplates.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = tsaTemplates.h; path = libsecurity_smime/lib/tsaTemplates.h; sourceTree = SOURCE_ROOT; }; - 52F8DDF91AF2E56600A2C271 /* SOSViews.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SOSViews.h; path = ../sec/SOSCircle/SecureObjectSync/SOSViews.h; sourceTree = ""; }; - 52F8DE201AF2E57300A2C271 /* SOSBackupSliceKeyBag.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SOSBackupSliceKeyBag.h; path = ../sec/SOSCircle/SecureObjectSync/SOSBackupSliceKeyBag.h; sourceTree = ""; }; - 52F8DE4B1AF2EB6600A2C271 /* SOSTypes.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SOSTypes.h; path = ../sec/SOSCircle/SecureObjectSync/SOSTypes.h; sourceTree = ""; }; - 5328475217850741009118DC /* en */ = {isa = PBXFileReference; fileEncoding = 10; lastKnownFileType = text.plist.strings; name = en; path = en.lproj/Localizable.strings; sourceTree = ""; }; - 5E27BBFA18F4103100B6C79A /* libcoreauthd_client.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libcoreauthd_client.a; path = usr/local/lib/libcoreauthd_client.a; sourceTree = SDKROOT; }; - 5E605AFB1AB859B70049FA14 /* libcoreauthd_test_client.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libcoreauthd_test_client.a; path = usr/local/lib/libcoreauthd_test_client.a; sourceTree = SDKROOT; }; - 5E6343FD1D4B6FF800A23FB4 /* en */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = en; path = "en.lproj/authorization.dfr.prompts-BBBAA77A32-C4EBFEA440.strings"; sourceTree = ""; }; - 5E7AF4721ACD64AC00005140 /* libACM.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libACM.a; path = usr/local/lib/libACM.a; sourceTree = SDKROOT; }; - 5EC01FED1B0CA7E0009FBB75 /* sec_acl_stress.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = sec_acl_stress.c; path = ../../secacltests/sec_acl_stress.c; sourceTree = ""; }; - 5EC01FF01B0CAE62009FBB75 /* LocalAuthentication.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = LocalAuthentication.framework; path = System/Library/Frameworks/LocalAuthentication.framework; sourceTree = SDKROOT; }; - 5EF7C20A1B00E25400E5E99C /* secacltests */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = secacltests; sourceTree = BUILT_PRODUCTS_DIR; }; - 5EF7C23A1B00E48200E5E99C /* main.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = main.c; path = ../../secacltests/main.c; sourceTree = ""; }; - 5EF7C23C1B00E48200E5E99C /* secacltests-entitlements.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = "secacltests-entitlements.plist"; path = "../../secacltests/secacltests-entitlements.plist"; sourceTree = ""; }; - 5EF7C23D1B00E48200E5E99C /* testlist.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = testlist.h; path = ../../secacltests/testlist.h; sourceTree = ""; }; - 6C721DB01D3D18D700888AE1 /* login.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = login.framework; path = System/Library/PrivateFrameworks/login.framework; sourceTree = SDKROOT; }; - 721680A8179B40F600406BB4 /* main.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = main.c; sourceTree = ""; }; - 721680AA179B40F600406BB4 /* iCloudStats.1 */ = {isa = PBXFileReference; lastKnownFileType = text.man; path = iCloudStats.1; sourceTree = ""; }; - 721680BD179B4F9100406BB4 /* com.apple.iCloudStats.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = com.apple.iCloudStats.plist; sourceTree = ""; }; - 8EC74B8C1DA578EE00D7D801 /* MobileKeyBag.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = MobileKeyBag.framework; path = System/Library/PrivateFrameworks/MobileKeyBag.framework; sourceTree = SDKROOT; }; - AC5688BA18B4396D00F0526C /* SecCMS.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCMS.h; path = libsecurity_smime/lib/SecCMS.h; sourceTree = SOURCE_ROOT; }; - BE48AE211ADF1DF4000836C1 /* trustd */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = trustd; sourceTree = BUILT_PRODUCTS_DIR; }; - BE48AE241ADF1FD3000836C1 /* com.apple.trustd.agent.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = com.apple.trustd.agent.plist; sourceTree = ""; }; - BE48AE261ADF2011000836C1 /* com.apple.trustd.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = com.apple.trustd.plist; sourceTree = ""; }; - BE7048911AD84C53000402D8 /* trustd-Prefix.pch */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = "trustd-Prefix.pch"; path = "trustd/trustd-Prefix.pch"; sourceTree = SOURCE_ROOT; }; - BE7169F41C0E7A2B00AFC620 /* entitlements.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = entitlements.plist; sourceTree = ""; }; - BE8C5F0916F7CE450074CF86 /* framework.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = framework.sb; sourceTree = ""; }; - BE94B7A51AD83AF800A7216D /* trustd-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "trustd-Info.plist"; sourceTree = ""; }; - BE94B7DA1AD8424700A7216D /* com.apple.trustd.asl */ = {isa = PBXFileReference; lastKnownFileType = text; name = com.apple.trustd.asl; path = ../trustd/com.apple.trustd.asl; sourceTree = ""; }; - BE94B7DB1AD8424700A7216D /* com.apple.trustd.sb */ = {isa = PBXFileReference; lastKnownFileType = text; name = com.apple.trustd.sb; path = ../trustd/com.apple.trustd.sb; sourceTree = ""; }; - BEC3A76716F79497003E5634 /* SecTaskPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTaskPriv.h; path = libsecurity_codesigning/lib/SecTaskPriv.h; sourceTree = SOURCE_ROOT; }; - C288A0881505795D00E773B7 /* libOpenScriptingUtil.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libOpenScriptingUtil.dylib; path = ../../../../../usr/lib/libOpenScriptingUtil.dylib; sourceTree = ""; }; - CD19A65E1A8065E900F9C276 /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = System/Library/Frameworks/Foundation.framework; sourceTree = SDKROOT; }; - CD276BE31A83F204003226BC /* en */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = en; path = IDSKeychainSyncingProxy/en.lproj/InfoPlist.strings; sourceTree = ""; }; - CD4F43CC1B546A1900FE3569 /* SOSPeerInfoV2.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SOSPeerInfoV2.h; path = sec/SOSCircle/SecureObjectSync/SOSPeerInfoV2.h; sourceTree = SOURCE_ROOT; }; - CD7446D8195A1CFE00FB01C0 /* IDS.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = IDS.framework; path = System/Library/PrivateFrameworks/IDS.framework; sourceTree = SDKROOT; }; - CD8B5A9C1B618ED9004D4AEF /* SOSPeerInfoPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SOSPeerInfoPriv.h; path = ../sec/SOSCircle/SecureObjectSync/SOSPeerInfoPriv.h; sourceTree = ""; }; - CDDE9D1C1729DF250013B0E8 /* SecPasswordGenerate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecPasswordGenerate.h; path = ../sec/Security/SecPasswordGenerate.h; sourceTree = ""; }; - D41685831B3A288F001FB54E /* oids.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = oids.h; path = libsecurity_keychain/libDER/libDER/oids.h; sourceTree = SOURCE_ROOT; }; - D42FA8241C9B8D3C003E46A7 /* SecurityTestsOSX.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = SecurityTestsOSX.app; sourceTree = BUILT_PRODUCTS_DIR; }; - D42FA82A1C9B8D3D003E46A7 /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; - D42FA8311C9B8D3D003E46A7 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; - D42FA8351C9B8EC4003E46A7 /* testlist.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = testlist.h; sourceTree = ""; }; - D42FA8441C9B8FDE003E46A7 /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/Foundation.framework; sourceTree = DEVELOPER_DIR; }; - D42FA84C1C9B901E003E46A7 /* IOKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = IOKit.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/IOKit.framework; sourceTree = DEVELOPER_DIR; }; - D42FA84F1C9B9047003E46A7 /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/CoreFoundation.framework; sourceTree = DEVELOPER_DIR; }; - D42FA87A1C9B9099003E46A7 /* SecurityTests-Entitlements.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "SecurityTests-Entitlements.plist"; sourceTree = ""; }; - D42FA87C1C9B9186003E46A7 /* si-82-sectrust-ct-logs.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = "si-82-sectrust-ct-logs.plist"; path = "../shared_regressions/si-82-sectrust-ct-logs.plist"; sourceTree = ""; }; - D447C0C11D2C9BAB0082FC1D /* libDiagnosticMessagesClient.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libDiagnosticMessagesClient.dylib; path = usr/lib/libDiagnosticMessagesClient.dylib; sourceTree = SDKROOT; }; - D46E9CED1B1E5DEF00ED650E /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/MainMenu.xib; sourceTree = ""; }; - D46E9CEE1B1E5DEF00ED650E /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/MainMenu.xib; sourceTree = ""; }; - D47F51211C3B80DE00A7CEFE /* SecCFAllocator.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SecCFAllocator.h; path = ../sec/Security/SecCFAllocator.h; sourceTree = ""; }; - D4D886C31CEBDBEB00DC7583 /* ssl-policy-certs */ = {isa = PBXFileReference; lastKnownFileType = folder; name = "ssl-policy-certs"; path = "../../SecurityTests/ssl-policy-certs"; sourceTree = ""; }; - D4D886F21CED01F800DC7583 /* nist-certs */ = {isa = PBXFileReference; lastKnownFileType = folder; name = "nist-certs"; path = "../../SecurityTests/nist-certs"; sourceTree = ""; }; - D4D886FA1CED07B400DC7583 /* Digisign-Server-ID-Enrich-Entrust-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "Digisign-Server-ID-Enrich-Entrust-Cert.crt"; path = "../../SecurityTests/DigicertMalaysia/Digisign-Server-ID-Enrich-Entrust-Cert.crt"; sourceTree = ""; }; - D4D886FB1CED07B400DC7583 /* Digisign-Server-ID-Enrich-GTETrust-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "Digisign-Server-ID-Enrich-GTETrust-Cert.crt"; path = "../../SecurityTests/DigicertMalaysia/Digisign-Server-ID-Enrich-GTETrust-Cert.crt"; sourceTree = ""; }; - D4D886FC1CED07B400DC7583 /* Invalid-webmail.jaring.my.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "Invalid-webmail.jaring.my.crt"; path = "../../SecurityTests/DigicertMalaysia/Invalid-webmail.jaring.my.crt"; sourceTree = ""; }; - D4D886FD1CED07B400DC7583 /* Invalid-www.cybersecurity.my.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "Invalid-www.cybersecurity.my.crt"; path = "../../SecurityTests/DigicertMalaysia/Invalid-www.cybersecurity.my.crt"; sourceTree = ""; }; - D4D887031CED081500DC7583 /* DigiNotar_Root_CA_G2-RootCertificate.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "DigiNotar_Root_CA_G2-RootCertificate.crt"; path = "../../SecurityTests/DigiNotar/DigiNotar_Root_CA_G2-RootCertificate.crt"; sourceTree = ""; }; - D4D887041CED081500DC7583 /* diginotar-public-ca-2025-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "diginotar-public-ca-2025-Cert.crt"; path = "../../SecurityTests/DigiNotar/diginotar-public-ca-2025-Cert.crt"; sourceTree = ""; }; - D4D887051CED081500DC7583 /* diginotar-services-1024-entrust-secure-server-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "diginotar-services-1024-entrust-secure-server-Cert.crt"; path = "../../SecurityTests/DigiNotar/diginotar-services-1024-entrust-secure-server-Cert.crt"; sourceTree = ""; }; - D4D887061CED081500DC7583 /* diginotar-services-diginotar-root-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "diginotar-services-diginotar-root-Cert.crt"; path = "../../SecurityTests/DigiNotar/diginotar-services-diginotar-root-Cert.crt"; sourceTree = ""; }; - D4D887071CED081500DC7583 /* diginotar.cyberca-gte.global.root-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "diginotar.cyberca-gte.global.root-Cert.crt"; path = "../../SecurityTests/DigiNotar/diginotar.cyberca-gte.global.root-Cert.crt"; sourceTree = ""; }; - D4D887081CED081500DC7583 /* diginotar.extended.validation-diginotar.root.ca-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "diginotar.extended.validation-diginotar.root.ca-Cert.crt"; path = "../../SecurityTests/DigiNotar/diginotar.extended.validation-diginotar.root.ca-Cert.crt"; sourceTree = ""; }; - D4D887091CED081500DC7583 /* diginotar.root.ca-entrust-secure-server-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "diginotar.root.ca-entrust-secure-server-Cert.crt"; path = "../../SecurityTests/DigiNotar/diginotar.root.ca-entrust-secure-server-Cert.crt"; sourceTree = ""; }; - D4D8870A1CED081500DC7583 /* DigiNotarCA2007RootCertificate.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = DigiNotarCA2007RootCertificate.crt; path = ../../SecurityTests/DigiNotar/DigiNotarCA2007RootCertificate.crt; sourceTree = ""; }; - D4D8870B1CED081500DC7583 /* Expectations.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = Expectations.plist; path = ../../SecurityTests/DigiNotar/Expectations.plist; sourceTree = ""; }; - D4D8870C1CED081600DC7583 /* Invalid-asterisk.google.com.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "Invalid-asterisk.google.com.crt"; path = "../../SecurityTests/DigiNotar/Invalid-asterisk.google.com.crt"; sourceTree = ""; }; - D4D8870D1CED081600DC7583 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "Invalid-CertiID_Enterprise_Certificate_Authority.crt"; path = "../../SecurityTests/DigiNotar/Invalid-CertiID_Enterprise_Certificate_Authority.crt"; sourceTree = ""; }; - D4D8870E1CED081600DC7583 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt"; path = "../../SecurityTests/DigiNotar/Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt"; sourceTree = ""; }; - D4D8870F1CED081600DC7583 /* Invalid-diginotarpkioverheidcaoverheid.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "Invalid-diginotarpkioverheidcaoverheid.crt"; path = "../../SecurityTests/DigiNotar/Invalid-diginotarpkioverheidcaoverheid.crt"; sourceTree = ""; }; - D4D887101CED081600DC7583 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt"; path = "../../SecurityTests/DigiNotar/Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt"; sourceTree = ""; }; - D4D887111CED081600DC7583 /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt"; path = "../../SecurityTests/DigiNotar/Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt"; sourceTree = ""; }; - D4D887121CED081600DC7583 /* Invalid-webmail.portofamsterdam.nl.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "Invalid-webmail.portofamsterdam.nl.crt"; path = "../../SecurityTests/DigiNotar/Invalid-webmail.portofamsterdam.nl.crt"; sourceTree = ""; }; - D4D887131CED081600DC7583 /* Invalid-webmail.terneuzen.nl-diginotar-services.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "Invalid-webmail.terneuzen.nl-diginotar-services.crt"; path = "../../SecurityTests/DigiNotar/Invalid-webmail.terneuzen.nl-diginotar-services.crt"; sourceTree = ""; }; - D4D887141CED081600DC7583 /* Invalid-www.maestre.com-diginotal.extended.validation.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "Invalid-www.maestre.com-diginotal.extended.validation.crt"; path = "../../SecurityTests/DigiNotar/Invalid-www.maestre.com-diginotal.extended.validation.crt"; sourceTree = ""; }; - D4D887151CED081600DC7583 /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt"; path = "../../SecurityTests/DigiNotar/Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt"; sourceTree = ""; }; - D4D887161CED081700DC7583 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt; path = ../../SecurityTests/DigiNotar/Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt; sourceTree = ""; }; - D4D887171CED081700DC7583 /* Ministerie_van_Defensie_Certificatie_Autoriteit.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = Ministerie_van_Defensie_Certificatie_Autoriteit.crt; path = ../../SecurityTests/DigiNotar/Ministerie_van_Defensie_Certificatie_Autoriteit.crt; sourceTree = ""; }; - D4D887181CED081700DC7583 /* staatdernederlandenorganisatieca-g2-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "staatdernederlandenorganisatieca-g2-Cert.crt"; path = "../../SecurityTests/DigiNotar/staatdernederlandenorganisatieca-g2-Cert.crt"; sourceTree = ""; }; - D4D887191CED081700DC7583 /* staatdernederlandenoverheidca-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; name = "staatdernederlandenoverheidca-Cert.crt"; path = "../../SecurityTests/DigiNotar/staatdernederlandenoverheidca-Cert.crt"; sourceTree = ""; }; - D4D9B9FD1C7E5CCA008785EB /* SecServerEncryptionSupport.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SecServerEncryptionSupport.h; path = ../sec/Security/SecServerEncryptionSupport.h; sourceTree = ""; }; - D4DDD3A71BE3EB4200E8AE2D /* libDiagnosticMessagesClient.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libDiagnosticMessagesClient.dylib; path = ../../../../../../usr/lib/libDiagnosticMessagesClient.dylib; sourceTree = ""; }; - D4DDD9661CA2F2A700AA03AE /* libbsm.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libbsm.dylib; path = usr/lib/libbsm.dylib; sourceTree = SDKROOT; }; - D4EC94D51CEA48000083E753 /* si-20-sectrust-policies-data */ = {isa = PBXFileReference; lastKnownFileType = folder; name = "si-20-sectrust-policies-data"; path = "../shared_regressions/si-20-sectrust-policies-data"; sourceTree = ""; }; - DC7EFBAA1CBC46A7005F9624 /* SecurityFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = SecurityFoundation.framework; path = System/Library/Frameworks/SecurityFoundation.framework; sourceTree = SDKROOT; }; - DCA28DF61D629C6D00201446 /* libsqlite3.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libsqlite3.dylib; path = usr/lib/libsqlite3.dylib; sourceTree = SDKROOT; }; - EB22F3F518A26BA50016A8EC /* bc-10-knife-on-bread.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "bc-10-knife-on-bread.m"; path = "Breadcrumb/bc-10-knife-on-bread.m"; sourceTree = ""; }; - EB22F3F618A26BA50016A8EC /* breadcrumb_regressions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = breadcrumb_regressions.h; path = Breadcrumb/breadcrumb_regressions.h; sourceTree = ""; }; - EB22F3F718A26BA50016A8EC /* SecBreadcrumb.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = SecBreadcrumb.c; path = Breadcrumb/SecBreadcrumb.c; sourceTree = ""; }; - EB22F3F818A26BA50016A8EC /* SecBreadcrumb.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecBreadcrumb.h; path = Breadcrumb/SecBreadcrumb.h; sourceTree = ""; }; - EB73F03E1C210D49008191E3 /* SecurityFeatures.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecurityFeatures.h; path = SecurityFeatures/iOS/SecurityFeatures.h; sourceTree = ""; }; - EB73F03F1C210D58008191E3 /* SecurityFeatures.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecurityFeatures.h; path = SecurityFeatures/OSX/SecurityFeatures.h; sourceTree = ""; }; - EB73F0401C210D78008191E3 /* CopyHeaders.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; name = CopyHeaders.sh; path = SecurityFeatures/CopyHeaders.sh; sourceTree = ""; }; - EB73F0411C210D78008191E3 /* README.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = README.txt; path = SecurityFeatures/README.txt; sourceTree = ""; }; - EB73F0441C210DF8008191E3 /* SecurityFeatures.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SecurityFeatures.h; path = include/Security/SecurityFeatures.h; sourceTree = ""; }; - EBB696FD1BE208BA00715F16 /* Security.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Security.plist; sourceTree = ""; }; - EBB696FF1BE208CB00715F16 /* secbackupntest.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = secbackupntest.m; path = secbackupntest/secbackupntest.m; sourceTree = ""; }; - EBB697041BE208FC00715F16 /* secbackupntest */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = secbackupntest; sourceTree = BUILT_PRODUCTS_DIR; }; - EBD8B52718A55668004A650F /* README */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = README; path = Breadcrumb/README; sourceTree = ""; }; - EBE011FF1C2135E200CB6A63 /* ExternalProject.sh */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; name = ExternalProject.sh; path = SecurityFeatures/ExternalProject.sh; sourceTree = ""; }; - EBF2D7131C1E0AF7006AB6FF /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.11.Internal.sdk/System/Library/Frameworks/Foundation.framework; sourceTree = DEVELOPER_DIR; }; - EBF2E29C1BEC8D9200626DE4 /* IOKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = IOKit.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.11.Internal.sdk/System/Library/Frameworks/IOKit.framework; sourceTree = DEVELOPER_DIR; }; - F93C493D1AB8FF670047E01A /* ckcdiagnose.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = ckcdiagnose.sh; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 0C6C630815D193C800BC68CD /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - EB73EFE91C210947008191E3 /* Foundation.framework in Frameworks */, - 0C6C632A15D1989900BC68CD /* libsecurity_ssl_regressions.a in Frameworks */, - D4CBC1451BE981F600C5795E /* libsecurity_cms_regressions.a in Frameworks */, - 18CD682717272EBC005345FB /* libaks.a in Frameworks */, - 0CCEBDB416C2D026001BD7F6 /* libregressions.a in Frameworks */, - DC247FB51CBF1C2500527D67 /* libDER.a in Frameworks */, - 52669053169D181900ED8231 /* Security.framework in Frameworks */, - DC7EFBAB1CBC46A7005F9624 /* SecurityFoundation.framework in Frameworks */, - 0C6C633015D19FF500BC68CD /* CoreFoundation.framework in Frameworks */, - 0CAA7AB516C9A72A00A32C6D /* libsecurity_keychain_regressions.a in Frameworks */, - ACB6171918B5231800EBEDD7 /* libsecurity_smime_regressions.a in Frameworks */, - 18CD684E17272EE2005345FB /* IOKit.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 0CC3351B16C1ED8000399E53 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 8EC74BB31DA57B1000D7D801 /* MobileKeyBag.framework in Frameworks */, - D447C0E71D2C9C390082FC1D /* libDiagnosticMessagesClient.dylib in Frameworks */, - 5E7AF49B1ACD64E600005140 /* libACM.a in Frameworks */, - 187A05B1170393FF0038C158 /* libaks.a in Frameworks */, - 44D78BB91A0A615800B63C6C /* libaks_acl.a in Frameworks */, - 0C10987616CAAE8200803B8F /* libASN1.a in Frameworks */, - D4DDD9671CA2F2A700AA03AE /* libbsm.dylib in Frameworks */, - 5E605AFC1AB859B70049FA14 /* libcoreauthd_test_client.a in Frameworks */, - 4469FC291AA0A5AF0021AA26 /* libctkclient_test.a in Frameworks */, - 0CC3351E16C1ED8000399E53 /* libDER.a in Frameworks */, - 0CCEBDB816C2E6CE001BD7F6 /* libsqlite3.dylib in Frameworks */, - 0CC3356316C1EFBE00399E53 /* libregressions.a in Frameworks */, - 0C4EAE7717668DDF00773425 /* libsecdRegressions.a in Frameworks */, - 0CC3352616C1ED8000399E53 /* libsecipc_client.a in Frameworks */, - 0CC3351F16C1ED8000399E53 /* libSecItemShimOSX.a in Frameworks */, - 0CC3352716C1ED8000399E53 /* libSecureObjectSync.a in Frameworks */, - 0CC3351C16C1ED8000399E53 /* libsecurity.a in Frameworks */, - 0CCEBDB616C2E431001BD7F6 /* libsecurityd.a in Frameworks */, - 0CC3352316C1ED8000399E53 /* libSOSRegressions.a in Frameworks */, - 0CC3352016C1ED8000399E53 /* libutilities.a in Frameworks */, - 0CCEBDBB16C30924001BD7F6 /* libutilitiesRegressions.a in Frameworks */, - 0CCEBDB716C2E6B0001BD7F6 /* CFNetwork.framework in Frameworks */, - 0CC3352416C1ED8000399E53 /* CoreFoundation.framework in Frameworks */, - EB73EFE81C210947008191E3 /* Foundation.framework in Frameworks */, - 18363C1417026084002D5C1C /* IOKit.framework in Frameworks */, - 39BFB04516D304DE0022564B /* SystemConfiguration.framework in Frameworks */, - D4DDD9961CA320FE00AA03AE /* Security.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 18073847146D0D4E00F05C24 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 1FDA9ABD1C448DFC0083929D /* libsecurity_translocate.a in Frameworks */, - 0CC2CB101B6A04D80074B0F2 /* libDiagnosticMessagesClient.dylib in Frameworks */, - 44D78BB81A0A615500B63C6C /* libaks_acl.a in Frameworks */, - 44F7912019FFED88008B8147 /* libcoreauthd_client.a in Frameworks */, - BE8D22C01ABB74C3009A4E18 /* libSecTrustOSX.a in Frameworks */, - 5241C60D16DC1BA100DB5C6F /* libSecOtrOSX.a in Frameworks */, - 5208C0D716A0C96F0062DDC5 /* libSecureObjectSync.a in Frameworks */, - 44A655A71AA4B4F30059D185 /* libctkclient.a in Frameworks */, - 1885B45214D9AB8100519375 /* libASN1.a in Frameworks */, - 18270F6114CF656E00B05E7F /* libsecipc_client.a in Frameworks */, - 182BB5BA146FF0BF000BF1F3 /* libbsm.dylib in Frameworks */, - 182BB5B8146FF0A2000BF1F3 /* libobjc.dylib in Frameworks */, - 182BB5B6146FF090000BF1F3 /* libauto.dylib in Frameworks */, - 182BB5B4146FF04C000BF1F3 /* libxar.dylib in Frameworks */, - 182BB5B2146FF039000BF1F3 /* libz.dylib in Frameworks */, - 182BB5AE146FEF43000BF1F3 /* libsqlite3.dylib in Frameworks */, - 182BB5AC146FEF15000BF1F3 /* libpam.dylib in Frameworks */, - 182BB5AA146FEE50000BF1F3 /* CoreFoundation.framework in Frameworks */, - 7A21DAE619B7F27C0007D37F /* IOKit.framework in Frameworks */, - 182BB4E1146F2591000BF1F3 /* libsecurity_manifest.a in Frameworks */, - 182BB4E2146F2591000BF1F3 /* libsecurity_mds.a in Frameworks */, - 182BB4E3146F2591000BF1F3 /* libsecurity_sd_cspdl.a in Frameworks */, - 182BB4E4146F2591000BF1F3 /* libsecurity_smime.a in Frameworks */, - 182BB4E5146F2591000BF1F3 /* libsecurity_ssl.a in Frameworks */, - 182BB41B146F2533000BF1F3 /* libsecurity_apple_csp.a in Frameworks */, - 182BB41C146F2533000BF1F3 /* libsecurity_apple_cspdl.a in Frameworks */, - 182BB41D146F2533000BF1F3 /* libsecurity_apple_file_dl.a in Frameworks */, - 182BB41E146F2533000BF1F3 /* libsecurity_apple_x509_cl.a in Frameworks */, - 182BB41F146F2533000BF1F3 /* libsecurity_apple_x509_tp.a in Frameworks */, - 182BB421146F2533000BF1F3 /* libsecurity_authorization.a in Frameworks */, - 182BB422146F2533000BF1F3 /* libsecurity_cdsa_client.a in Frameworks */, - 182BB423146F2533000BF1F3 /* libsecurity_cdsa_utilities.a in Frameworks */, - 182BB424146F2533000BF1F3 /* libsecurity_checkpw.a in Frameworks */, - 182BB425146F2533000BF1F3 /* libsecurity_cms.a in Frameworks */, - 182BB5BB146FF62F000BF1F3 /* libsecurity_comcryption.a in Frameworks */, - 182BB426146F2533000BF1F3 /* libsecurity_codesigning.a in Frameworks */, - 182BB428146F2533000BF1F3 /* libsecurity_cryptkit.a in Frameworks */, - 182BB429146F2533000BF1F3 /* libsecurity_filedb.a in Frameworks */, - 182BB42A146F2533000BF1F3 /* libsecurity_keychain.a in Frameworks */, - 182BB42B146F2533000BF1F3 /* libsecurity_ocspd.a in Frameworks */, - 182BB42C146F2533000BF1F3 /* libsecurity_pkcs12.a in Frameworks */, - 182BB42D146F2533000BF1F3 /* libsecurity_transform.a in Frameworks */, - 182BB42E146F2533000BF1F3 /* libsecurityd_client.a in Frameworks */, - 18446083146DF58B00B12992 /* libsecurity_cdsa_plugin.a in Frameworks */, - 1879B571146DE2FF007E536C /* libsecurity_cssm.a in Frameworks */, - 1879B546146DE192007E536C /* libsecurity_utilities.a in Frameworks */, - 1879B570146DE2E6007E536C /* libsecurity_cdsa_utils.a in Frameworks */, - C288A0891505796F00E773B7 /* libOpenScriptingUtil.dylib in Frameworks */, - E76079D61951FDAF00F69731 /* liblogging.a in Frameworks */, - 18AD56A414CDE7BE008233F2 /* libSecItemShimOSX.a in Frameworks */, - C2407A1B1B30BBF30067E6AE /* libutilities.a in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 18270ED314CF282600B05E7F /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 8EC74BB21DA57A0300D7D801 /* MobileKeyBag.framework in Frameworks */, - 6C721DB11D3D18D700888AE1 /* login.framework in Frameworks */, - D447C0C21D2C9BAB0082FC1D /* libDiagnosticMessagesClient.dylib in Frameworks */, - 5E7AF4731ACD64AC00005140 /* libACM.a in Frameworks */, - 189757871700CF4C00672567 /* libaks.a in Frameworks */, - 44D78BBA1A0A616200B63C6C /* libaks_acl.a in Frameworks */, - 8E64DB4B1C17C2830076C9DF /* libASN1.a in Frameworks */, - 18270EF914CF425100B05E7F /* libbsm.dylib in Frameworks */, - 44D78BBB1A0A617700B63C6C /* libcoreauthd_client.a in Frameworks */, - 44A655CF1AA4B4F50059D185 /* libctkclient.a in Frameworks */, - 8E64DB4A1C17C26F0076C9DF /* libDER.a in Frameworks */, - AAF3DCCB1666D03300376593 /* libsecurity_utilities.a in Frameworks */, - 18270EFA14CF426200B05E7F /* libsqlite3.dylib in Frameworks */, - 4C8D8651177A752D0019A804 /* libsecipc_client.a in Frameworks */, - 4C01DF14164C3E7C006798CD /* libSecureObjectSync.a in Frameworks */, - 5208BF4F16A0993C0062DDC5 /* libsecurity.a in Frameworks */, - 18270EE814CF294500B05E7F /* libsecurityd.a in Frameworks */, - 4C7D8765160A74C400D041E3 /* libutilities.a in Frameworks */, - 18270EFC14CF427800B05E7F /* CFNetwork.framework in Frameworks */, - 18270EF814CF424900B05E7F /* CoreFoundation.framework in Frameworks */, - 18270EFE14CF429600B05E7F /* IOKit.framework in Frameworks */, - 395E7CEE16C64EA500CD82A4 /* SystemConfiguration.framework in Frameworks */, - D4DDD9971CA3216C00AA03AE /* Security.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 182BB565146F4DCA000BF1F3 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 182BB592146FE1D7000BF1F3 /* CoreFoundation.framework in Frameworks */, - DC311CC81CCEC82E00E14E8D /* libutilities.a in Frameworks */, - 182BB591146FE12F000BF1F3 /* libsecurity_utilities.a in Frameworks */, - 182BB590146FE125000BF1F3 /* libsecurity_cdsa_utilities.a in Frameworks */, - 182BB589146FE013000BF1F3 /* libsecurity_codesigning.a in Frameworks */, - 529E948D169E29470000AC9B /* Security.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 18F234E815C9F9A600060520 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 18F2353815C9FDEF00060520 /* libsqlite3.dylib in Frameworks */, - 18F2353715C9FDE400060520 /* libbsm.dylib in Frameworks */, - 18F2353615C9FDD200060520 /* Security.framework in Frameworks */, - 18F2353515C9FDB700060520 /* CoreFoundation.framework in Frameworks */, - 187D6B9815D4476D00E27494 /* IOKit.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 3705CACF1A896DE800402F75 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 3792614F1A89771A008ADD3C /* Security.framework in Frameworks */, - 3705CADA1A896E0F00402F75 /* CoreFoundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 37A7CEA8197DB8FA00926CE8 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 37AB390C1A44A88000B56E04 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 37AB393D1A44A8C300B56E04 /* CoreFoundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4C96F7BE16D6DF8300D3B39D /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 0C869B6A1C865E62006A2873 /* CoreCDP.framework in Frameworks */, - 4CAEACCD16D6FC7600263776 /* Security.framework in Frameworks */, - 4C97761E17BEB23E0002BFE4 /* AOSAccounts.framework in Frameworks */, - 4C5DD46C17A5F67300696A79 /* AppleSystemInfo.framework in Frameworks */, - 4C328D301778EC4F0015EED1 /* AOSUI.framework in Frameworks */, - 43651E021B016BE8008C4B88 /* CrashReporterSupport.framework in Frameworks */, - 4C96F7C216D6DF8400D3B39D /* Cocoa.framework in Frameworks */, - 431B737F1B27762C00EB0360 /* CloudServices.framework in Frameworks */, - 431B73C11B2777A200EB0360 /* libutilities.a in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CB23B43169F5873003A0131 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - EB73EFEA1C210947008191E3 /* Foundation.framework in Frameworks */, - 44D78BB71A0A613900B63C6C /* libaks_acl.a in Frameworks */, - 52CD052316A0E24900218387 /* Security.framework in Frameworks */, - 432800841B4CE731002E8525 /* libaks.a in Frameworks */, - 4CB23B8C169F59AD003A0131 /* libutilities.a in Frameworks */, - 4CB23B8A169F599A003A0131 /* libSecurityCommands.a in Frameworks */, - 4CB23B8B169F599A003A0131 /* libSOSCommands.a in Frameworks */, - 4CB23B89169F5990003A0131 /* libSecurityTool.a in Frameworks */, - 4CB23B47169F5873003A0131 /* CoreFoundation.framework in Frameworks */, - 43C3B2681AFD5B4800786702 /* IOKit.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CC7A7B016CC2A84003E10C1 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 4381B9A91B28C6B2002BBC79 /* CloudServices.framework in Frameworks */, - 43C3B35A1AFD5E1800786702 /* CoreFoundation.framework in Frameworks */, - 4CC7A7B416CC2A85003E10C1 /* Cocoa.framework in Frameworks */, - 43C3B0D51AFD56B700786702 /* Security.framework in Frameworks */, - 4381B9AA1B28E09F002BBC79 /* libutilities.a in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 5EF7C2071B00E25400E5E99C /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - DCA28E1C1D629C7C00201446 /* AppleSystemInfo.framework in Frameworks */, - DCA28DF71D629C6D00201446 /* libsqlite3.dylib in Frameworks */, - EBB6970B1BE2091300715F16 /* Foundation.framework in Frameworks */, - 5EF7C2521B00EB0A00E5E99C /* libaks.a in Frameworks */, - 5EF7C2511B00EAF100E5E99C /* libcoreauthd_client.a in Frameworks */, - 5EF7C2501B00EA7A00E5E99C /* libACM.a in Frameworks */, - 5EF7C24F1B00EA5200E5E99C /* libaks_acl.a in Frameworks */, - 4328FE9B1B4CDBA5002E8525 /* CoreFoundation.framework in Frameworks */, - 4328FED11B4CDC11002E8525 /* SystemConfiguration.framework in Frameworks */, - 5EF7C24E1B00E80000E5E99C /* libutilities.a in Frameworks */, - 5EF7C24C1B00E76F00E5E99C /* libSecureObjectSync.a in Frameworks */, - 5EF7C24B1B00E71D00E5E99C /* libsecurity.a in Frameworks */, - 5ED88B451B0DE63E00F3B047 /* libsecurityd.a in Frameworks */, - 5EF7C2401B00E4C300E5E99C /* libregressions.a in Frameworks */, - D42CFD771BFD3379008C8737 /* libDER.a in Frameworks */, - 5EFB69C31B0CC16F0095A36E /* libsecipc_client.a in Frameworks */, - 5EF7C24A1B00E6E300E5E99C /* Security.framework in Frameworks */, - 438166AB1B4EC98000C54D58 /* libctkclient.a in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - BE48AE041ADF1DF4000836C1 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 8EC74B8D1DA578EE00D7D801 /* MobileKeyBag.framework in Frameworks */, - 6C721DD61D3D18EC00888AE1 /* login.framework in Frameworks */, - D45FC3E41C9E06B500509CDA /* libSecureObjectSync.a in Frameworks */, - D4DDD3D01BE3EC0300E8AE2D /* libDiagnosticMessagesClient.dylib in Frameworks */, - BE48AE051ADF1DF4000836C1 /* libACM.a in Frameworks */, - BE48AE061ADF1DF4000836C1 /* libcoreauthd_client.a in Frameworks */, - BE48AE071ADF1DF4000836C1 /* libaks.a in Frameworks */, - BE48AE081ADF1DF4000836C1 /* SystemConfiguration.framework in Frameworks */, - BE48AE0A1ADF1DF4000836C1 /* libsecurity_utilities.a in Frameworks */, - BE48AE0B1ADF1DF4000836C1 /* libutilities.a in Frameworks */, - BE48AE0C1ADF1DF4000836C1 /* libaks_acl.a in Frameworks */, - BE48AE0E1ADF1DF4000836C1 /* libASN1.a in Frameworks */, - BE48AE0F1ADF1DF4000836C1 /* libDER.a in Frameworks */, - BE48AE101ADF1DF4000836C1 /* IOKit.framework in Frameworks */, - BE48AE111ADF1DF4000836C1 /* libsqlite3.dylib in Frameworks */, - BE48AE121ADF1DF4000836C1 /* libbsm.dylib in Frameworks */, - D45FC3E11C9E068700509CDA /* libsecurityd.a in Frameworks */, - D467D0EA1C9DF27100C9DE3E /* libsecipc_client.a in Frameworks */, - BE48AE151ADF1DF4000836C1 /* libctkclient.a in Frameworks */, - BE48AE171ADF1DF4000836C1 /* CoreFoundation.framework in Frameworks */, - BE48AE181ADF1DF4000836C1 /* CFNetwork.framework in Frameworks */, - D42817D01C6000E1007F95D8 /* Security.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - D42FA8211C9B8D3C003E46A7 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - D42FA8501C9B9047003E46A7 /* CoreFoundation.framework in Frameworks */, - D42FA84E1C9B903F003E46A7 /* Security.framework in Frameworks */, - DC7EFC0E1CBC7567005F9624 /* SecurityFoundation.framework in Frameworks */, - D42FA8451C9B8FDE003E46A7 /* Foundation.framework in Frameworks */, - D42FA84D1C9B901E003E46A7 /* IOKit.framework in Frameworks */, - D42FA8EB1C9BAAD5003E46A7 /* libaks.a in Frameworks */, - D42FA8E91C9B95EC003E46A7 /* libregressions.a in Frameworks */, - DC247FD81CBF1C3F00527D67 /* libDER.a in Frameworks */, - D42FA84A1C9B900A003E46A7 /* libSharedRegressions.a in Frameworks */, - D42FA8461C9B9000003E46A7 /* libsecurity_cms_regressions.a in Frameworks */, - D42FA8471C9B9000003E46A7 /* libsecurity_keychain_regressions.a in Frameworks */, - D42FA8481C9B9000003E46A7 /* libsecurity_smime_regressions.a in Frameworks */, - D42FA8491C9B9000003E46A7 /* libsecurity_ssl_regressions.a in Frameworks */, - D42FA84B1C9B9013003E46A7 /* libutilities.a in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - EBB697011BE208FC00715F16 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - EBB697101BE20A1200715F16 /* Security.framework in Frameworks */, - E74583F51BF66506001B54A4 /* IOKit.framework in Frameworks */, - EB73EFEB1C210947008191E3 /* Foundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 0C6C630D15D193C800BC68CD /* sectests */ = { - isa = PBXGroup; - children = ( - 18ED4D2317270DB6003AF11B /* SecurityTests-Entitlements.plist */, - 0C6C630E15D193C800BC68CD /* main.c */, - 0C6C632415D1964200BC68CD /* testlist.h */, - ); - path = sectests; - sourceTree = ""; - }; - 0C6D0063177B54A70095D167 /* asl */ = { - isa = PBXGroup; - children = ( - 0C6D0064177B54C60095D167 /* com.apple.securityd */, - ); - name = asl; - path = lib; - sourceTree = ""; - }; - 0CC3355516C1EEAD00399E53 /* secdtests */ = { - isa = PBXGroup; - children = ( - 0CC3355716C1EEE700399E53 /* main.c */, - 0CC3355816C1EEE700399E53 /* testlist.h */, - ); - name = secdtests; - sourceTree = ""; - }; - 0CC3355C16C1EF5D00399E53 /* Products */ = { - isa = PBXGroup; - children = ( - 0CC3356016C1EF5D00399E53 /* libregressions.a */, - ); - name = Products; - sourceTree = ""; - }; - 1807383F146D0D4E00F05C24 = { - isa = PBXGroup; - children = ( - 486326321CAA0C6500A466D9 /* com.apple.securityd.plist */, - F93C493C1AB8FF670047E01A /* ckcdiagnose */, - CD276BE21A83F204003226BC /* InfoPlist.strings */, - EB22F3CE18A26B640016A8EC /* Breadcrumb */, - 0C6D0063177B54A70095D167 /* asl */, - 4C1288F615FFECF2008CE3E3 /* utilities */, - 18073854146D0D4E00F05C24 /* lib */, - 181EA3D0146D1ED200A6D320 /* libsecurity */, - 186CDD0314CA10E700AF9171 /* sec */, - 186CDE7914CA3A3800AF9171 /* secd */, - 4C0F6FAF1985879300178101 /* sectask */, - 181EA421146D4A2A00A6D320 /* config */, - 0CC3355516C1EEAD00399E53 /* secdtests */, - 0C6C630D15D193C800BC68CD /* sectests */, - 18F234ED15C9F9A700060520 /* authd */, - BE94B7D91AD8421F00A7216D /* trustd */, - 4CB23B48169F5873003A0131 /* security2 */, - 4CC7A7B516CC2A85003E10C1 /* KeychainDemoApp */, - 4C96F7C316D6DF8400D3B39D /* Keychain Circle Notification */, - 721680A7179B40F600406BB4 /* iCloudStats */, - 37A7CEAC197DB8FA00926CE8 /* codesign_tests */, - 37AB39101A44A88000B56E04 /* gk_reset_check */, - 5EF7C20B1B00E25400E5E99C /* secacltests */, - EB73F0121C210CC7008191E3 /* SecurityFeatures */, - EBB696D51BE2089400715F16 /* RegressionTests */, - D42FA8251C9B8D3C003E46A7 /* SecurityTestsOSX */, - 1807384D146D0D4E00F05C24 /* Frameworks */, - 1807384C146D0D4E00F05C24 /* Products */, - ); - sourceTree = ""; - }; - 1807384C146D0D4E00F05C24 /* Products */ = { - isa = PBXGroup; - children = ( - 1807384B146D0D4E00F05C24 /* Security.framework */, - 182BB568146F4DCA000BF1F3 /* csparser.bundle */, - 18FE67EA1471A3AA00A2CBE3 /* Security.framework */, - 18270ED614CF282600B05E7F /* secd */, - 0C6C630B15D193C800BC68CD /* sectests */, - 18F234EB15C9F9A600060520 /* authd.xpc */, - 4CB23B46169F5873003A0131 /* security2 */, - 0CC3352D16C1ED8000399E53 /* secdtests */, - 4CC7A7B316CC2A84003E10C1 /* Cloud Keychain Utility.app */, - 4C96F7C116D6DF8300D3B39D /* Keychain Circle Notification.app */, - 37A7CEAB197DB8FA00926CE8 /* codesign_tests */, - 37AB390F1A44A88000B56E04 /* gk_reset_check */, - 3705CAD21A896DE800402F75 /* SecTaskTest */, - 5EF7C20A1B00E25400E5E99C /* secacltests */, - BE48AE211ADF1DF4000836C1 /* trustd */, - EBB697041BE208FC00715F16 /* secbackupntest */, - D42FA8241C9B8D3C003E46A7 /* SecurityTestsOSX.app */, - ); - name = Products; - sourceTree = ""; - }; - 1807384D146D0D4E00F05C24 /* Frameworks */ = { - isa = PBXGroup; - children = ( - 8EC74B8C1DA578EE00D7D801 /* MobileKeyBag.framework */, - DCA28DF61D629C6D00201446 /* libsqlite3.dylib */, - 6C721DB01D3D18D700888AE1 /* login.framework */, - D447C0C11D2C9BAB0082FC1D /* libDiagnosticMessagesClient.dylib */, - DC7EFBAA1CBC46A7005F9624 /* SecurityFoundation.framework */, - D4DDD9661CA2F2A700AA03AE /* libbsm.dylib */, - 0C869B691C865E62006A2873 /* CoreCDP.framework */, - D42FA84F1C9B9047003E46A7 /* CoreFoundation.framework */, - D42FA84C1C9B901E003E46A7 /* IOKit.framework */, - D42FA8441C9B8FDE003E46A7 /* Foundation.framework */, - EBF2D7131C1E0AF7006AB6FF /* Foundation.framework */, - D4DDD3A71BE3EB4200E8AE2D /* libDiagnosticMessagesClient.dylib */, - EBF2E29C1BEC8D9200626DE4 /* IOKit.framework */, - 4C97761D17BEB23E0002BFE4 /* AOSAccounts.framework */, - 4C328D2F1778EC4F0015EED1 /* AOSUI.framework */, - 4C5DD46B17A5F67300696A79 /* AppleSystemInfo.framework */, - 18270EFB14CF427800B05E7F /* CFNetwork.framework */, - 0CC2CB0F1B6A04D80074B0F2 /* libDiagnosticMessagesClient.dylib */, - 431B73571B27762300EB0360 /* CloudServices.framework */, - 5214700716977CB800DF0DB3 /* Cocoa.framework */, - 182BB569146F4DCA000BF1F3 /* CoreFoundation.framework */, - 43651E011B016BE8008C4B88 /* CrashReporterSupport.framework */, - CD19A65E1A8065E900F9C276 /* Foundation.framework */, - CD7446D8195A1CFE00FB01C0 /* IDS.framework */, - 18270EFD14CF429600B05E7F /* IOKit.framework */, - 5E7AF4721ACD64AC00005140 /* libACM.a */, - 44D78B8F1A0A611C00B63C6C /* libaks_acl.a */, - 18752C1D16F2837A004E2799 /* libaks.a */, - 182BB593146FE1ED000BF1F3 /* libantlr2c++.a */, - 1831329914EB2C6D00F0BCAC /* libASN1.a */, - 182BB5B5146FF08F000BF1F3 /* libauto.dylib */, - 182BB5B9146FF0BE000BF1F3 /* libbsm.dylib */, - 5E27BBFA18F4103100B6C79A /* libcoreauthd_client.a */, - 5E605AFB1AB859B70049FA14 /* libcoreauthd_test_client.a */, - 18270EFF14CF42CA00B05E7F /* libcorecrypto.a */, - 4469FC001AA0A56F0021AA26 /* libctkclient_test.a */, - 4469FC011AA0A56F0021AA26 /* libctkclient.a */, - 1831329A14EB2C6D00F0BCAC /* libDER.a */, - 182BB5B7146FF0A1000BF1F3 /* libobjc.dylib */, - C288A0881505795D00E773B7 /* libOpenScriptingUtil.dylib */, - 182BB5AB146FEF14000BF1F3 /* libpam.dylib */, - 18F235F515CA0D8100060520 /* libsecurity_cdsa_utilities.a */, - 18F2360015CAF41100060520 /* libsecurity_codesigning.a */, - 18F235F715CA0D9D00060520 /* libsecurity_utilities.a */, - 182BB5AD146FEF43000BF1F3 /* libsqlite3.dylib */, - 18F235FC15CA0EDB00060520 /* libstdc++.6.0.9.dylib */, - 182BB5B3146FF04C000BF1F3 /* libxar.dylib */, - 182BB5B1146FF039000BF1F3 /* libz.dylib */, - 5EC01FF01B0CAE62009FBB75 /* LocalAuthentication.framework */, - 4CF42BB515A3947F00ACACE1 /* Security.framework */, - 395E7CED16C64EA500CD82A4 /* SystemConfiguration.framework */, - ); - name = Frameworks; - sourceTree = ""; - }; - 18073854146D0D4E00F05C24 /* lib */ = { - isa = PBXGroup; - children = ( - 1879B4A6146DC971007E536C /* Headers */, - 1879B4A7146DC999007E536C /* PrivateHeaders */, - 182BB228146F0674000BF1F3 /* Resources */, - 18073855146D0D4E00F05C24 /* Supporting Files */, - 182BB555146F450F000BF1F3 /* plugins */, - 182BB5A9146FEB27000BF1F3 /* derived_src */, - 18A5493115EFD2F40059E6DC /* dummy.cpp */, - ); - path = lib; - sourceTree = ""; - }; - 18073855146D0D4E00F05C24 /* Supporting Files */ = { - isa = PBXGroup; - children = ( - 182BB562146F4C73000BF1F3 /* security.exp-in */, - 182BB55D146F4544000BF1F3 /* generateErrStrings.pl */, - 182BB55E146F4544000BF1F3 /* Security.order */, - 18073856146D0D4E00F05C24 /* Info-Security.plist */, - ); - name = "Supporting Files"; - sourceTree = ""; - }; - 181EA3D0146D1ED200A6D320 /* libsecurity */ = { - isa = PBXGroup; - children = ( - 1F6FC5DF1C3D9D90001C758F /* libsecurity_translocate.xcodeproj */, - 1879B532146DDBE5007E536C /* libsecurity_utilities.xcodeproj */, - 1879B547146DE212007E536C /* libsecurity_cdsa_utils.xcodeproj */, - 1879B550146DE227007E536C /* libsecurity_cdsa_utilities.xcodeproj */, - 1879B55D146DE244007E536C /* libsecurity_cssm.xcodeproj */, - 1879B5BC146DE6C8007E536C /* libsecurity_apple_csp.xcodeproj */, - 1879B5C9146DE6CE007E536C /* libsecurity_apple_cspdl.xcodeproj */, - 1879B5D5146DE6D7007E536C /* libsecurity_apple_file_dl.xcodeproj */, - 1879B5E1146DE6E7007E536C /* libsecurity_apple_x509_cl.xcodeproj */, - 1879B5F0146DE6FD007E536C /* libsecurity_apple_x509_tp.xcodeproj */, - 1879B5FC146DE704007E536C /* libsecurity_asn1.xcodeproj */, - 1879B609146DE70A007E536C /* libsecurity_authorization.xcodeproj */, - 1879B615146DE715007E536C /* libsecurity_cdsa_client.xcodeproj */, - 1879B621146DE720007E536C /* libsecurity_cdsa_plugin.xcodeproj */, - 1879B637146DE748007E536C /* libsecurity_checkpw.xcodeproj */, - 1879B64B146DE750007E536C /* libsecurity_cms.xcodeproj */, - 1879B657146DE756007E536C /* libsecurity_codesigning.xcodeproj */, - 1879B66D146DE75D007E536C /* libsecurity_comcryption.xcodeproj */, - 1879B679146DE76E007E536C /* libsecurity_cryptkit.xcodeproj */, - 1879B694146DE797007E536C /* libsecurity_filedb.xcodeproj */, - 1879B6A0146DE79F007E536C /* libsecurity_keychain.xcodeproj */, - 1879B6C7146DE7D7007E536C /* libsecurity_manifest.xcodeproj */, - 1879B6D3146DE7E0007E536C /* libsecurity_mds.xcodeproj */, - 1879B71F146DE839007E536C /* libsecurity_ssl.xcodeproj */, - 1879B712146DE825007E536C /* libsecurity_smime.xcodeproj */, - 1879B72B146DE844007E536C /* libsecurity_transform.xcodeproj */, - 1879B6DF146DE7E7007E536C /* libsecurity_ocspd.xcodeproj */, - 1879B6F8146DE7F7007E536C /* libsecurity_sd_cspdl.xcodeproj */, - 1879B6EC146DE7EE007E536C /* libsecurity_pkcs12.xcodeproj */, - 184461A3146E9D3200B12992 /* libsecurityd.xcodeproj */, - 18270F0814CF43C000B05E7F /* libDER.xcodeproj */, - ); - name = libsecurity; - sourceTree = ""; - }; - 181EA421146D4A2A00A6D320 /* config */ = { - isa = PBXGroup; - children = ( - 18BFC44017C43393005DE6C3 /* executable.xcconfig */, - 18BBC6801471EF1600F2B224 /* security.xcconfig */, - 181EA422146D4A2A00A6D320 /* base.xcconfig */, - 181EA423146D4A2A00A6D320 /* debug.xcconfig */, - 181EA424146D4A2A00A6D320 /* lib.xcconfig */, - 0C6C632F15D19DE600BC68CD /* test.xcconfig */, - 4CB23B91169F5CFF003A0131 /* command.xcconfig */, - 181EA425146D4A2A00A6D320 /* release.xcconfig */, - ); - path = config; - sourceTree = ""; - }; - 18270EEB14CF331500B05E7F /* ipc */ = { - isa = PBXGroup; - children = ( - 18BEB19614CF74C100C8BD36 /* com.apple.secd.plist */, - 18270EEC14CF333400B05E7F /* client.c */, - 18270EED14CF333400B05E7F /* com.apple.securityd.plist */, - 18270EEE14CF333400B05E7F /* securityd_client.h */, - 18270EEF14CF333400B05E7F /* securityd_ipc_types.h */, - 18270EF014CF333400B05E7F /* securityd_rep.defs */, - 18270EF114CF333400B05E7F /* securityd_req.defs */, - 18270EF214CF333400B05E7F /* securityd_server.h */, - 18270EF314CF333400B05E7F /* server.c */, - ); - name = ipc; - path = sec/ipc; - sourceTree = ""; - }; - 18270F0914CF43C000B05E7F /* Products */ = { - isa = PBXGroup; - children = ( - 18270F1214CF43C000B05E7F /* libDER.a */, - 18270F1414CF43C000B05E7F /* parseCert */, - 18270F1614CF43C000B05E7F /* libDERUtils.a */, - 18270F1814CF43C000B05E7F /* parseCrl */, - 18270F1A14CF43C000B05E7F /* parseTicket */, - ); - name = Products; - sourceTree = ""; - }; - 18270F3114CF448600B05E7F /* security_utilities */ = { - isa = PBXGroup; - children = ( - ); - path = security_utilities; - sourceTree = ""; - }; - 182BB228146F0674000BF1F3 /* Resources */ = { - isa = PBXGroup; - children = ( - 187D6B8F15D4359F00E27494 /* authorization.buttons.strings */, - 187D6B9115D4359F00E27494 /* authorization.prompts.strings */, - 5E6343FC1D4B6FF800A23FB4 /* authorization.dfr.prompts-BBBAA77A32-C4EBFEA440.strings */, - 43A598591B0CF2AB00D14A7B /* CloudKeychain.strings */, - 188AD8D81471FE3D0081C619 /* FDELocalizable.strings */, - 182BB55C146F4544000BF1F3 /* FDEPrefs.plist */, - BE8C5F0916F7CE450074CF86 /* framework.sb */, - 188AD8DA1471FE3D0081C619 /* InfoPlist.strings */, - 182BB229146F068B000BF1F3 /* iToolsTrustedApps.plist */, - 1879B4A8146DC9D7007E536C /* mds */, - 52B006BF15238F76005D4556 /* TimeStampingPrefs.plist */, - ); - name = Resources; - sourceTree = ""; - }; - 182BB555146F450F000BF1F3 /* plugins */ = { - isa = PBXGroup; - children = ( - 182BB556146F4510000BF1F3 /* csparser-Info.plist */, - 182BB557146F4510000BF1F3 /* csparser.cpp */, - 182BB558146F4510000BF1F3 /* csparser.exp */, - ); - path = plugins; - sourceTree = ""; - }; - 182BB5A9146FEB27000BF1F3 /* derived_src */ = { - isa = PBXGroup; - children = ( - 18B647EF14D9F75300F538BF /* generateErrStrings.mm */, - 18500F9F14708F19006F9AB4 /* SecErrorMessages.strings */, - 18500F9A14708D0E006F9AB4 /* SecDebugErrorMessages.strings */, - ); - name = derived_src; - sourceTree = ""; - }; - 184461A4146E9D3200B12992 /* Products */ = { - isa = PBXGroup; - children = ( - 184461B1146E9D3300B12992 /* libsecurityd_client.a */, - 184461B5146E9D3300B12992 /* libsecurityd_server.a */, - 184461B9146E9D3300B12992 /* ucspc.a */, - ); - name = Products; - sourceTree = ""; - }; - 186CDD0314CA10E700AF9171 /* sec */ = { - isa = PBXGroup; - children = ( - 186CDD1614CA11C700AF9171 /* sec.xcodeproj */, - ); - path = sec; - sourceTree = ""; - }; - 186CDD1714CA11C700AF9171 /* Products */ = { - isa = PBXGroup; - children = ( - 18D4053B14CE2C1600A2BE4E /* libsecurity.a */, - 18270C7D14CE573D00B05E7F /* libsecurityd.a */, - 186CDD1E14CA11C700AF9171 /* libSecItemShimOSX.a */, - BE8D22BC1ABB747B009A4E18 /* libSecTrustOSX.a */, - 18270F6014CF655B00B05E7F /* libsecipc_client.a */, - 4C1288EA15FFE9D7008CE3E3 /* libSecureObjectSync.a */, - 4C1288F215FFE9D7008CE3E3 /* libSecOtrOSX.a */, - 4CB23B76169F5873003A0131 /* libSecurityTool.a */, - 4CB23B78169F5873003A0131 /* libSecurityCommands.a */, - 4CB23B7A169F5873003A0131 /* libSOSCommands.a */, - E760796F1951F99600F69731 /* libSWCAgent.a */, - E76079D51951FDA800F69731 /* liblogging.a */, - 4C1288EC15FFE9D7008CE3E3 /* libSOSRegressions.a */, - 4C1288EE15FFE9D7008CE3E3 /* libSecurityRegressions.a */, - 4C1288F015FFE9D7008CE3E3 /* libsecuritydRegressions.a */, - 0C4EAE721766865000773425 /* libsecdRegressions.a */, - D40772181C9B52210016AA66 /* libSharedRegressions.a */, - ); - name = Products; - sourceTree = ""; - }; - 186CDE7914CA3A3800AF9171 /* secd */ = { - isa = PBXGroup; - children = ( - 18270EEB14CF331500B05E7F /* ipc */, - 18270F3114CF448600B05E7F /* security_utilities */, - ); - name = secd; - sourceTree = ""; - }; - 1879B4A6146DC971007E536C /* Headers */ = { - isa = PBXGroup; - children = ( - D41685831B3A288F001FB54E /* oids.h */, - 18446146146E923200B12992 /* Authorization.h */, - 18446147146E923200B12992 /* AuthorizationDB.h */, - 18446148146E923200B12992 /* AuthorizationPlugin.h */, - 18446144146E923200B12992 /* AuthorizationTags.h */, - 18446145146E923200B12992 /* AuthSession.h */, - 1879B4AD146DCA84007E536C /* certextensions.h */, - 182BB36E146F13B4000BF1F3 /* CipherSuite.h */, - 18446170146E982800B12992 /* CMSDecoder.h */, - 18446171146E982800B12992 /* CMSEncoder.h */, - 1844617F146E9A8500B12992 /* CodeSigning.h */, - 18446180146E9A8500B12992 /* CSCommon.h */, - 1879B4AE146DCA84007E536C /* cssm.h */, - 1879B4AF146DCA84007E536C /* cssmaci.h */, - 1879B4B0146DCA84007E536C /* cssmapi.h */, - 1879B4B1146DCA84007E536C /* cssmapple.h */, - 1879B4B2146DCA84007E536C /* cssmcli.h */, - 1879B4B3146DCA84007E536C /* cssmconfig.h */, - 1879B4B4146DCA84007E536C /* cssmcspi.h */, - 1879B4B5146DCA84007E536C /* cssmdli.h */, - 1879B4B6146DCA84007E536C /* cssmerr.h */, - 1879B4B7146DCA84007E536C /* cssmkrapi.h */, - 1879B4B8146DCA84007E536C /* cssmkrspi.h */, - 1879B4B9146DCA84007E536C /* cssmspi.h */, - 1879B4BA146DCA84007E536C /* cssmtpi.h */, - 1879B4BB146DCA84007E536C /* cssmtype.h */, - 1879B4BC146DCA84007E536C /* eisl.h */, - 1879B4BD146DCA84007E536C /* emmspi.h */, - 1879B4BE146DCA84007E536C /* emmtype.h */, - 182BB356146F1198000BF1F3 /* mds.h */, - 182BB357146F1198000BF1F3 /* mds_schema.h */, - 18B647E814D9EB6300F538BF /* oidsalg.h */, - 18B647EA14D9EE4300F538BF /* oidsattr.h */, - 1879B4C1146DCA84007E536C /* oidsbase.h */, - 1879B4C2146DCA84007E536C /* oidscert.h */, - 1879B4C3146DCA84007E536C /* oidscrl.h */, - 182BB187146EAD4C000BF1F3 /* SecAccess.h */, - 44B2603E18F81A6A008DF20F /* SecAccessControl.h */, - 182BB188146EAD4C000BF1F3 /* SecACL.h */, - 184460AB146DFCC100B12992 /* SecAsn1Coder.h */, - 184460AC146DFCC100B12992 /* SecAsn1Templates.h */, - 184460AD146DFCC100B12992 /* SecAsn1Types.h */, - 182BB189146EAD4C000BF1F3 /* SecBase.h */, - 182BB18A146EAD4C000BF1F3 /* SecCertificate.h */, - 182BB199146EAD4C000BF1F3 /* SecCertificateOIDs.h */, - 18446181146E9A8500B12992 /* SecCode.h */, - 18446184146E9A8500B12992 /* SecCodeHost.h */, - 182BB3A6146F1BEC000BF1F3 /* SecCustomTransform.h */, - 182BB3A7146F1BEC000BF1F3 /* SecDecodeTransform.h */, - 182BB3A3146F1BEC000BF1F3 /* SecDigestTransform.h */, - 182BB3A8146F1BEC000BF1F3 /* SecEncodeTransform.h */, - 182BB3A9146F1BEC000BF1F3 /* SecEncryptTransform.h */, - 182BB18B146EAD4C000BF1F3 /* SecIdentity.h */, - 182BB18C146EAD4C000BF1F3 /* SecIdentitySearch.h */, - 182BB197146EAD4C000BF1F3 /* SecImportExport.h */, - 182BB18D146EAD4C000BF1F3 /* SecItem.h */, - 182BB18E146EAD4C000BF1F3 /* SecKey.h */, - 182BB18F146EAD4C000BF1F3 /* SecKeychain.h */, - 182BB190146EAD4C000BF1F3 /* SecKeychainItem.h */, - 182BB191146EAD4C000BF1F3 /* SecKeychainSearch.h */, - 182BB192146EAD4C000BF1F3 /* SecPolicy.h */, - 182BB193146EAD4C000BF1F3 /* SecPolicySearch.h */, - 182BB19A146EAD4C000BF1F3 /* SecRandom.h */, - 182BB3A4146F1BEC000BF1F3 /* SecReadTransform.h */, - 18446183146E9A8500B12992 /* SecRequirement.h */, - 182BB3AA146F1BEC000BF1F3 /* SecSignVerifyTransform.h */, - 18446182146E9A8500B12992 /* SecStaticCode.h */, - 1844617E146E9A8500B12992 /* SecTask.h */, - BEC3A76716F79497003E5634 /* SecTaskPriv.h */, - 182BB3A5146F1BEC000BF1F3 /* SecTransform.h */, - 182BB3AB146F1BEC000BF1F3 /* SecTransformReadTransform.h */, - 182BB194146EAD4C000BF1F3 /* SecTrust.h */, - 182BB195146EAD4C000BF1F3 /* SecTrustedApplication.h */, - 182BB198146EAD4C000BF1F3 /* SecTrustSettings.h */, - 182BB315146F0E7E000BF1F3 /* SecureDownload.h */, - 182BB36F146F13B4000BF1F3 /* SecureTransport.h */, - 182BB196146EAD4C000BF1F3 /* Security.h */, - 1879B4C4146DCA84007E536C /* x509defs.h */, - ); - name = Headers; - sourceTree = ""; - }; - 1879B4A7146DC999007E536C /* PrivateHeaders */ = { - isa = PBXGroup; - children = ( - 524492691AFD6CB70043695A /* der_plist.h */, - 1FDA9ABB1C4489280083929D /* SecTranslocate.h */, - 184460A1146DFCB700B12992 /* asn1Templates.h */, - 1844614F146E923B00B12992 /* AuthorizationPriv.h */, - 1844614E146E923B00B12992 /* AuthorizationTagsPriv.h */, - 1844609A146DFCB700B12992 /* certExtensionTemplates.h */, - 18446168146E95D700B12992 /* checkpw.h */, - 18446174146E982D00B12992 /* CMSPrivate.h */, - 1844618C146E9A8F00B12992 /* CSCommonPriv.h */, - 1844609B146DFCB700B12992 /* csrTemplates.h */, - 1879B4AB146DCA4A007E536C /* cssmapplePriv.h */, - 184460A0146DFCB700B12992 /* keyTemplates.h */, - 182BB35A146F11A1000BF1F3 /* mdspriv.h */, - 1844609D146DFCB700B12992 /* nameTemplates.h */, - 1844609C146DFCB700B12992 /* ocspTemplates.h */, - 1844609F146DFCB700B12992 /* osKeyTemplates.h */, - 182BB1B2146EAD5D000BF1F3 /* SecAccessPriv.h */, - 44B2606918F81BFE008DF20F /* SecAccessControlPriv.h */, - 18446099146DFCB700B12992 /* secasn1t.h */, - 18446194146E9A8F00B12992 /* SecAssessment.h */, - 182BB1B3146EAD5D000BF1F3 /* SecBasePriv.h */, - 182BB1B4146EAD5D000BF1F3 /* SecCertificateBundle.h */, - 182BB1B5146EAD5D000BF1F3 /* SecCertificatePriv.h */, - 182BB1B6146EAD5D000BF1F3 /* SecCertificateRequest.h */, - D47F51211C3B80DE00A7CEFE /* SecCFAllocator.h */, - AC5688BA18B4396D00F0526C /* SecCMS.h */, - 182BB383146F14D2000BF1F3 /* SecCmsBase.h */, - 182BB384146F14D2000BF1F3 /* SecCmsContentInfo.h */, - 182BB385146F14D2000BF1F3 /* SecCmsDecoder.h */, - 182BB386146F14D2000BF1F3 /* SecCmsDigestContext.h */, - 182BB387146F14D2000BF1F3 /* SecCmsDigestedData.h */, - 182BB388146F14D2000BF1F3 /* SecCmsEncoder.h */, - 182BB389146F14D2000BF1F3 /* SecCmsEncryptedData.h */, - 182BB38A146F14D2000BF1F3 /* SecCmsEnvelopedData.h */, - 182BB38B146F14D2000BF1F3 /* SecCmsMessage.h */, - 182BB38C146F14D2000BF1F3 /* SecCmsRecipientInfo.h */, - 182BB38D146F14D2000BF1F3 /* SecCmsSignedData.h */, - 182BB38E146F14D2000BF1F3 /* SecCmsSignerInfo.h */, - 18446193146E9A8F00B12992 /* SecCodeHostLib.h */, - 1844618D146E9A8F00B12992 /* SecCodePriv.h */, - 18446190146E9A8F00B12992 /* SecCodeSigner.h */, - 0C03D60317D93E810087643B /* SecDH.h */, - 18BBC7351471F5A300F2B224 /* SecExternalSourceTransform.h */, - 182BB1AF146EAD5D000BF1F3 /* SecFDERecoveryAsymmetricCrypto.h */, - 182BB1B7146EAD5D000BF1F3 /* SecIdentityPriv.h */, - 182BB1C4146EAD5D000BF1F3 /* SecIdentitySearchPriv.h */, - 18446191146E9A8F00B12992 /* SecIntegrity.h */, - 18446192146E9A8F00B12992 /* SecIntegrityLib.h */, - 182BB1CA146EAD5D000BF1F3 /* SecItemPriv.h */, - 4CE7EA7D1AEAF50F0067F5BD /* SecItemBackup.h */, - 182BB1CB146EAD5D000BF1F3 /* SecKeychainItemExtendedAttributes.h */, - 182BB1B8146EAD5D000BF1F3 /* SecKeychainItemPriv.h */, - 182BB1B9146EAD5D000BF1F3 /* SecKeychainPriv.h */, - 182BB1C5146EAD5D000BF1F3 /* SecKeychainSearchPriv.h */, - 182BB1BA146EAD5D000BF1F3 /* SecKeyPriv.h */, - 182BB317146F0E94000BF1F3 /* SecManifest.h */, - 182BB3B6146F1BF9000BF1F3 /* SecNullTransform.h */, - 182BB1B0146EAD5D000BF1F3 /* SecPassword.h */, - CDDE9D1C1729DF250013B0E8 /* SecPasswordGenerate.h */, - 182BB1BB146EAD5D000BF1F3 /* SecPolicyPriv.h */, - 182BB1CF146EAD5D000BF1F3 /* SecRandomP.h */, - 182BB1CE146EAD5D000BF1F3 /* SecRecoveryPassword.h */, - 1844618F146E9A8F00B12992 /* SecRequirementPriv.h */, - D4D9B9FD1C7E5CCA008785EB /* SecServerEncryptionSupport.h */, - 182BB38F146F14D2000BF1F3 /* SecSMIME.h */, - 1844618E146E9A8F00B12992 /* SecStaticCodePriv.h */, - 182BB3B7146F1BF9000BF1F3 /* SecTransformInternal.h */, - 182BB1BC146EAD5D000BF1F3 /* SecTrustedApplicationPriv.h */, - 182BB1BD146EAD5D000BF1F3 /* SecTrustPriv.h */, - 182BB1C6146EAD5D000BF1F3 /* SecTrustSettingsPriv.h */, - 182BB318146F0E94000BF1F3 /* SecureDownloadInternal.h */, - 182BB372146F13BB000BF1F3 /* SecureTransportPriv.h */, - 0C4F055D15C9E51A00F9DFD5 /* sslTypes.h */, - 52F8DE201AF2E57300A2C271 /* SOSBackupSliceKeyBag.h */, - 48FDA84D1AF989F600A9366F /* SOSCloudCircleInternal.h */, - 4CB86AE6167A6FF200F46643 /* SOSCircle.h */, - 4CB86AE7167A6FF200F46643 /* SOSCloudCircle.h */, - 4CB86AED167A6FF300F46643 /* SOSPeerInfo.h */, - CD8B5A9C1B618ED9004D4AEF /* SOSPeerInfoPriv.h */, - CD4F43CC1B546A1900FE3569 /* SOSPeerInfoV2.h */, - 52F8DE4B1AF2EB6600A2C271 /* SOSTypes.h */, - 52F8DDF91AF2E56600A2C271 /* SOSViews.h */, - 182BB1C8146EAD5D000BF1F3 /* TrustSettingsSchema.h */, - 52B5A9C01519330300664F11 /* tsaSupport.h */, - 52AEA484153C7581005AFC59 /* tsaSupportPriv.h */, - 52B5A9C11519330300664F11 /* tsaTemplates.h */, - 1844609E146DFCB700B12992 /* X509Templates.h */, - ); - name = PrivateHeaders; - sourceTree = ""; - }; - 1879B4A8146DC9D7007E536C /* mds */ = { - isa = PBXGroup; - children = ( - 182BB3C4146F1DCB000BF1F3 /* sd_cspdl_common.mdsinfo */, - 1879B4A9146DCA18007E536C /* cssm.mdsinfo */, - 1844605B146DE93E00B12992 /* csp_capabilities.mdsinfo */, - 1844605C146DE93E00B12992 /* csp_capabilities_common.mds */, - 1844605D146DE93E00B12992 /* csp_common.mdsinfo */, - 1844605E146DE93E00B12992 /* csp_primary.mdsinfo */, - 184460C3146E7B1E00B12992 /* cspdl_common.mdsinfo */, - 184460C4146E7B1E00B12992 /* cspdl_csp_capabilities.mdsinfo */, - 184460C5146E7B1E00B12992 /* cspdl_csp_primary.mdsinfo */, - 184460C6146E7B1E00B12992 /* cspdl_dl_primary.mdsinfo */, - 184460E1146E806700B12992 /* dl_common.mdsinfo */, - 184460E2146E806700B12992 /* dl_primary.mdsinfo */, - 18446103146E82C800B12992 /* cl_common.mdsinfo */, - 18446104146E82C800B12992 /* cl_primary.mdsinfo */, - 18446112146E85A300B12992 /* tp_common.mdsinfo */, - 18446113146E85A300B12992 /* tp_policyOids.mdsinfo */, - 18446114146E85A300B12992 /* tp_primary.mdsinfo */, - ); - name = mds; - sourceTree = ""; - }; - 1879B533146DDBE5007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B538146DDBE5007E536C /* libsecurity_utilities.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B548146DE212007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B54F146DE212007E536C /* libsecurity_cdsa_utils.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B551146DE227007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B55A146DE227007E536C /* libsecurity_cdsa_utilities.a */, - 1879B55C146DE227007E536C /* Schemas */, - ); - name = Products; - sourceTree = ""; - }; - 1879B55E146DE244007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B565146DE244007E536C /* libsecurity_cssm.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B5BD146DE6C8007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B5C6146DE6C8007E536C /* libsecurity_apple_csp.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B5CA146DE6CE007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B5D2146DE6CE007E536C /* libsecurity_apple_cspdl.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B5D6146DE6D7007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B5DE146DE6D7007E536C /* libsecurity_apple_file_dl.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B5E2146DE6E7007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B5EB146DE6E8007E536C /* libsecurity_apple_x509_cl.a */, - 1879B5EF146DE6E8007E536C /* apple_x509_cl.bundle */, - ); - name = Products; - sourceTree = ""; - }; - 1879B5F1146DE6FD007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B5F9146DE6FD007E536C /* libsecurity_apple_x509_tp.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B5FD146DE704007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1885B3F914D8D9B100519375 /* libASN1.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B60A146DE70A007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B612146DE70A007E536C /* libsecurity_authorization.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B616146DE715007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B61E146DE715007E536C /* libsecurity_cdsa_client.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B622146DE720007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B62B146DE720007E536C /* libsecurity_cdsa_plugin.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B638146DE748007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B644146DE748007E536C /* libsecurity_checkpw.a */, - 1879B648146DE748007E536C /* test-checkpw */, - 1879B64A146DE748007E536C /* perf-checkpw */, - ); - name = Products; - sourceTree = ""; - }; - 1879B64C146DE750007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B654146DE750007E536C /* libsecurity_cms.a */, - D4CBC1281BE981DE00C5795E /* libsecurity_cms_regressions.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B658146DE756007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B666146DE757007E536C /* libsecurity_codesigning.a */, - 1879B66A146DE757007E536C /* libintegrity.a */, - 1879B66C146DE757007E536C /* libcodehost.a */, - C2432A0815C7112A0096DB5B /* gkunpack */, - EB2E1F58166D6B3700A7EF61 /* com.apple.CodeSigningHelper.xpc */, - ); - name = Products; - sourceTree = ""; - }; - 1879B66E146DE75D007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B676146DE75E007E536C /* libsecurity_comcryption.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B67A146DE76E007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B684146DE76F007E536C /* libsecurity_cryptkit.a */, - 1879B688146DE76F007E536C /* libCryptKit.a */, - 1879B68A146DE76F007E536C /* CryptKitSignature.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B695146DE797007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B69D146DE797007E536C /* libsecurity_filedb.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B6A1146DE79F007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B6B3146DE7A0007E536C /* libsecurity_keychain.a */, - 1879B6B7146DE7A0007E536C /* XPCKeychainSandboxCheck.xpc */, - 52B5A8F6151928B400664F11 /* XPCTimeStampingService.xpc */, - 0CBD50B316C325F000713B6C /* libsecurity_keychain_regressions.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B6C8146DE7D7007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B6D0146DE7D7007E536C /* libsecurity_manifest.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B6D4146DE7E0007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B6DC146DE7E0007E536C /* libsecurity_mds.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B6E0146DE7E7007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B6E9146DE7E8007E536C /* libsecurity_ocspd.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B6ED146DE7EE007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B6F5146DE7EF007E536C /* libsecurity_pkcs12.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B6F9146DE7F7007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B701146DE7F7007E536C /* libsecurity_sd_cspdl.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B713146DE825007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B71C146DE825007E536C /* libsecurity_smime.a */, - ACB6171818B5231800EBEDD7 /* libsecurity_smime_regressions.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B720146DE839007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B728146DE839007E536C /* libsecurity_ssl.a */, - 0C6D77CF15C8B66000BB4405 /* libsecurity_ssl_regressions.a */, - 0C6D77D115C8B66000BB4405 /* dtlsEchoClient */, - 0C6D77D315C8B66000BB4405 /* dtlsEchoServer */, - ); - name = Products; - sourceTree = ""; - }; - 1879B72C146DE844007E536C /* Products */ = { - isa = PBXGroup; - children = ( - 1879B739146DE845007E536C /* libsecurity_transform.a */, - 1879B73D146DE845007E536C /* unit-tests.xctest */, - 1879B73F146DE845007E536C /* 100-sha2 */, - 1879B741146DE845007E536C /* input-speed-test */, - ); - name = Products; - sourceTree = ""; - }; - 18F234ED15C9F9A700060520 /* authd */ = { - isa = PBXGroup; - children = ( - 18F234F915C9FA3B00060520 /* agent.c */, - 18F234FA15C9FA3B00060520 /* agent.h */, - 18F2351A15C9FA3C00060520 /* authd_private.h */, - 18F234FB15C9FA3B00060520 /* authdb.c */, - 18F234FC15C9FA3B00060520 /* authdb.h */, - 18F234FD15C9FA3B00060520 /* authitems.c */, - 18F234FE15C9FA3B00060520 /* authitems.h */, - 18F234FF15C9FA3B00060520 /* authtoken.c */, - 18F2350015C9FA3B00060520 /* authtoken.h */, - 18F2350115C9FA3B00060520 /* authtypes.h */, - 18F2350215C9FA3B00060520 /* authutilities.c */, - 18F2350315C9FA3B00060520 /* authutilities.h */, - 18F2350415C9FA3B00060520 /* ccaudit.c */, - 18F2350515C9FA3B00060520 /* ccaudit.h */, - 182A191015D09AFF006AB103 /* connection.c */, - 182A190F15D09AF0006AB103 /* connection.h */, - 18F2350615C9FA3B00060520 /* crc.c */, - 18F2350715C9FA3B00060520 /* crc.h */, - 18F2350815C9FA3B00060520 /* credential.c */, - 18F2350915C9FA3B00060520 /* credential.h */, - 18F2350A15C9FA3B00060520 /* debugging.c */, - 18F2350B15C9FA3B00060520 /* debugging.h */, - 18F2350F15C9FA3B00060520 /* engine.c */, - 18F2351015C9FA3B00060520 /* engine.h */, - 18F2351115C9FA3B00060520 /* main.c */, - 18F2351215C9FA3B00060520 /* mechanism.c */, - 18F2351315C9FA3B00060520 /* mechanism.h */, - 18F2351415C9FA3C00060520 /* object.c */, - 18F2351515C9FA3C00060520 /* object.h */, - 18F2351615C9FA3C00060520 /* process.c */, - 18F2351715C9FA3C00060520 /* process.h */, - 18F2351815C9FA3C00060520 /* rule.c */, - 18F2351915C9FA3C00060520 /* rule.h */, - 18F2351D15C9FA3C00060520 /* server.c */, - 18F2351E15C9FA3C00060520 /* server.h */, - 18F2351F15C9FA3C00060520 /* session.c */, - 18F2352015C9FA3C00060520 /* session.h */, - 18F2353415C9FA7F00060520 /* Supporting Files */, - ); - path = authd; - sourceTree = ""; - }; - 18F2353415C9FA7F00060520 /* Supporting Files */ = { - isa = PBXGroup; - children = ( - 18D6803916B768D500DF6D2E /* com.apple.authd */, - 18CFEE8715DEE25200E3F2A3 /* com.apple.authd.sb */, - 187D6B9515D436BF00E27494 /* authorization.plist */, - 18F2350D15C9FA3B00060520 /* InfoPlist.strings */, - 18F2351B15C9FA3C00060520 /* Info.plist */, - 18F2351C15C9FA3C00060520 /* security.auth-Prefix.pch */, - ); - name = "Supporting Files"; - sourceTree = ""; - }; - 1F6FC5E01C3D9D90001C758F /* Products */ = { - isa = PBXGroup; - children = ( - 1F6FC6001C3D9D90001C758F /* libsecurity_translocate.a */, - ); - name = Products; - sourceTree = ""; - }; - 3705CAA31A896CEE00402F75 /* SecTask */ = { - isa = PBXGroup; - children = ( - 3705CACD1A896DA800402F75 /* main.c */, - 3705CACC1A896D5A00402F75 /* SecTask-Entitlements.plist */, - ); - name = SecTask; - sourceTree = ""; - }; - 37A7CEAC197DB8FA00926CE8 /* codesign_tests */ = { - isa = PBXGroup; - children = ( - 37CD05011A8A87E50053CCD0 /* CaspianTests */, - 3705CAA31A896CEE00402F75 /* SecTask */, - 371AB2CA1A04050700A08CF2 /* teamid.sh */, - 37A7CEAD197DB8FA00926CE8 /* FatDynamicValidation.c */, - 37A7CEDB197DCDD700926CE8 /* validation.sh */, - ); - path = codesign_tests; - sourceTree = ""; - }; - 37AB39101A44A88000B56E04 /* gk_reset_check */ = { - isa = PBXGroup; - children = ( - 37AB39111A44A88000B56E04 /* gk_reset_check.c */, - ); - path = gk_reset_check; - sourceTree = ""; - }; - 37CD05011A8A87E50053CCD0 /* CaspianTests */ = { - isa = PBXGroup; - children = ( - 37CD05021A8A87E50053CCD0 /* CaspianTests */, - 37CD05041A8A96DD0053CCD0 /* LocalCaspianTestRun.sh */, - ); - path = CaspianTests; - sourceTree = ""; - }; - 4C0F6FAF1985879300178101 /* sectask */ = { - isa = PBXGroup; - children = ( - 4C0F6F861985877800178101 /* SecEntitlements.h */, - ); - name = sectask; - path = ../sectask; - sourceTree = ""; - }; - 4C1288F615FFECF2008CE3E3 /* utilities */ = { - isa = PBXGroup; - children = ( - 0CC3355B16C1EF5D00399E53 /* regressions.xcodeproj */, - 4C12893715FFECF3008CE3E3 /* utilities.xcodeproj */, - ); - path = utilities; - sourceTree = ""; - }; - 4C12893815FFECF3008CE3E3 /* Products */ = { - isa = PBXGroup; - children = ( - 4C12894015FFECF3008CE3E3 /* libutilities.a */, - 4C12894215FFECF3008CE3E3 /* libutilitiesRegressions.a */, - ); - name = Products; - sourceTree = ""; - }; - 4C96F7C316D6DF8400D3B39D /* Keychain Circle Notification */ = { - isa = PBXGroup; - children = ( - 4CD1980B16DD3BDF00A9E8FD /* NSArray+mapWithBlock.h */, - 4CD1980C16DD3BDF00A9E8FD /* NSArray+mapWithBlock.m */, - 4C96F7CF16D6DF8400D3B39D /* KNAppDelegate.h */, - 4C96F7D016D6DF8400D3B39D /* KNAppDelegate.m */, - 4C96F7D216D6DF8400D3B39D /* MainMenu.xib */, - 4C5DD44217A5E31900696A79 /* KNPersistentState.h */, - 4C5DD44317A5E31900696A79 /* KNPersistentState.m */, - 4C96F7C416D6DF8400D3B39D /* Supporting Files */, - 4CB9121C17750E6500C1CCCA /* entitlments.plist */, - ); - path = "Keychain Circle Notification"; - sourceTree = ""; - }; - 4C96F7C416D6DF8400D3B39D /* Supporting Files */ = { - isa = PBXGroup; - children = ( - 4C7D456417BEE6B700DDD88F /* NSDictionary+compactDescription.h */, - 4C7D456517BEE6B700DDD88F /* NSDictionary+compactDescription.m */, - 4C7D456617BEE6B700DDD88F /* NSSet+compactDescription.h */, - 4C7D456717BEE6B700DDD88F /* NSSet+compactDescription.m */, - 4C7D453B17BEE69B00DDD88F /* NSString+compactDescription.h */, - 4C7D453C17BEE69B00DDD88F /* NSString+compactDescription.m */, - 5328475117850741009118DC /* Localizable.strings */, - 4C96F7C516D6DF8400D3B39D /* Keychain Circle Notification-Info.plist */, - 4C96F7C616D6DF8400D3B39D /* InfoPlist.strings */, - 4C96F7C916D6DF8400D3B39D /* main.m */, - 4C96F7CB16D6DF8400D3B39D /* Keychain Circle Notification-Prefix.pch */, - 4C49390C16E51ACE00CE110C /* com.apple.security.keychain-circle-notification.plist */, - ); - name = "Supporting Files"; - sourceTree = ""; - }; - 4CB23B48169F5873003A0131 /* security2 */ = { - isa = PBXGroup; - children = ( - 4CB23B4B169F5873003A0131 /* security2.1 */, - 4CB23B80169F58DE003A0131 /* security_tool_commands.c */, - 4CB23B82169F592C003A0131 /* sub_commands.h */, - ); - path = security2; - sourceTree = ""; - }; - 4CC7A7B516CC2A85003E10C1 /* KeychainDemoApp */ = { - isa = PBXGroup; - children = ( - 4CC7A7C116CC2A85003E10C1 /* KDAppDelegate.h */, - 4CC7A7C216CC2A85003E10C1 /* KDAppDelegate.m */, - 4C85DED816DBD5BF00ED8D47 /* KDCirclePeer.h */, - 4C85DED916DBD5BF00ED8D47 /* KDCirclePeer.m */, - 4CC7A7F416CD95D2003E10C1 /* KDSecItems.h */, - 4CC7A7F516CD95D3003E10C1 /* KDSecItems.m */, - 4CC7A7C416CC2A85003E10C1 /* MainMenu.xib */, - 4C96F73816D5372C00D3B39D /* KDSecCircle.h */, - 4C96F73916D5372C00D3B39D /* KDSecCircle.m */, - 4CC7A7B616CC2A85003E10C1 /* Supporting Files */, - ); - name = KeychainDemoApp; - path = Keychain; - sourceTree = ""; - }; - 4CC7A7B616CC2A85003E10C1 /* Supporting Files */ = { - isa = PBXGroup; - children = ( - 4C2505B616D2DF9F002CE025 /* Icon.icns */, - 4CC7A7B716CC2A85003E10C1 /* Keychain-Info.plist */, - 4CC7A7B816CC2A85003E10C1 /* InfoPlist.strings */, - 4CC7A7BB16CC2A85003E10C1 /* main.m */, - 4CC7A7BD16CC2A85003E10C1 /* Keychain-Prefix.pch */, - 4CC7A7BE16CC2A85003E10C1 /* Credits.rtf */, - ); - name = "Supporting Files"; - sourceTree = ""; - }; - 5EF7C20B1B00E25400E5E99C /* secacltests */ = { - isa = PBXGroup; - children = ( - 5EF7C23A1B00E48200E5E99C /* main.c */, - 5EF7C23C1B00E48200E5E99C /* secacltests-entitlements.plist */, - 5EF7C23D1B00E48200E5E99C /* testlist.h */, - 5EC01FED1B0CA7E0009FBB75 /* sec_acl_stress.c */, - ); - path = secacltests; - sourceTree = ""; - }; - 721680A7179B40F600406BB4 /* iCloudStats */ = { - isa = PBXGroup; - children = ( - 721680A8179B40F600406BB4 /* main.c */, - 721680AA179B40F600406BB4 /* iCloudStats.1 */, - 721680BD179B4F9100406BB4 /* com.apple.iCloudStats.plist */, - ); - path = iCloudStats; - sourceTree = ""; - }; - BE94B7D91AD8421F00A7216D /* trustd */ = { - isa = PBXGroup; - children = ( - BE94B7DA1AD8424700A7216D /* com.apple.trustd.asl */, - BE48AE241ADF1FD3000836C1 /* com.apple.trustd.agent.plist */, - BE48AE261ADF2011000836C1 /* com.apple.trustd.plist */, - BE94B7DB1AD8424700A7216D /* com.apple.trustd.sb */, - BE7169F41C0E7A2B00AFC620 /* entitlements.plist */, - BE94B7A51AD83AF800A7216D /* trustd-Info.plist */, - BE7048911AD84C53000402D8 /* trustd-Prefix.pch */, - ); - path = trustd; - sourceTree = SOURCE_ROOT; - }; - D42FA8251C9B8D3C003E46A7 /* SecurityTestsOSX */ = { - isa = PBXGroup; - children = ( - D42FA82A1C9B8D3D003E46A7 /* main.m */, - D42FA8351C9B8EC4003E46A7 /* testlist.h */, - D42FA87C1C9B9186003E46A7 /* si-82-sectrust-ct-logs.plist */, - D4EC94D51CEA48000083E753 /* si-20-sectrust-policies-data */, - D4D886F21CED01F800DC7583 /* nist-certs */, - D4D887311CED091100DC7583 /* DigiNotar */, - D4D887021CED07CA00DC7583 /* DigicertMalaysia */, - D4D886C31CEBDBEB00DC7583 /* ssl-policy-certs */, - 0C0C887C1CCED19E00617D1B /* si-82-sectrust-ct-data */, - D42FA8291C9B8D3D003E46A7 /* Supporting Files */, - ); - path = SecurityTestsOSX; - sourceTree = ""; - }; - D42FA8291C9B8D3D003E46A7 /* Supporting Files */ = { - isa = PBXGroup; - children = ( - D42FA87A1C9B9099003E46A7 /* SecurityTests-Entitlements.plist */, - D42FA8311C9B8D3D003E46A7 /* Info.plist */, - ); - name = "Supporting Files"; - sourceTree = ""; - }; - D4D887021CED07CA00DC7583 /* DigicertMalaysia */ = { - isa = PBXGroup; - children = ( - D4D886FA1CED07B400DC7583 /* Digisign-Server-ID-Enrich-Entrust-Cert.crt */, - D4D886FB1CED07B400DC7583 /* Digisign-Server-ID-Enrich-GTETrust-Cert.crt */, - D4D886FC1CED07B400DC7583 /* Invalid-webmail.jaring.my.crt */, - D4D886FD1CED07B400DC7583 /* Invalid-www.cybersecurity.my.crt */, - ); - name = DigicertMalaysia; - sourceTree = ""; - }; - D4D887311CED091100DC7583 /* DigiNotar */ = { - isa = PBXGroup; - children = ( - D4D887031CED081500DC7583 /* DigiNotar_Root_CA_G2-RootCertificate.crt */, - D4D887041CED081500DC7583 /* diginotar-public-ca-2025-Cert.crt */, - D4D887051CED081500DC7583 /* diginotar-services-1024-entrust-secure-server-Cert.crt */, - D4D887061CED081500DC7583 /* diginotar-services-diginotar-root-Cert.crt */, - D4D887071CED081500DC7583 /* diginotar.cyberca-gte.global.root-Cert.crt */, - D4D887081CED081500DC7583 /* diginotar.extended.validation-diginotar.root.ca-Cert.crt */, - D4D887091CED081500DC7583 /* diginotar.root.ca-entrust-secure-server-Cert.crt */, - D4D8870A1CED081500DC7583 /* DigiNotarCA2007RootCertificate.crt */, - D4D8870B1CED081500DC7583 /* Expectations.plist */, - D4D8870C1CED081600DC7583 /* Invalid-asterisk.google.com.crt */, - D4D8870D1CED081600DC7583 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt */, - D4D8870E1CED081600DC7583 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt */, - D4D8870F1CED081600DC7583 /* Invalid-diginotarpkioverheidcaoverheid.crt */, - D4D887101CED081600DC7583 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt */, - D4D887111CED081600DC7583 /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt */, - D4D887121CED081600DC7583 /* Invalid-webmail.portofamsterdam.nl.crt */, - D4D887131CED081600DC7583 /* Invalid-webmail.terneuzen.nl-diginotar-services.crt */, - D4D887141CED081600DC7583 /* Invalid-www.maestre.com-diginotal.extended.validation.crt */, - D4D887151CED081600DC7583 /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt */, - D4D887161CED081700DC7583 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt */, - D4D887171CED081700DC7583 /* Ministerie_van_Defensie_Certificatie_Autoriteit.crt */, - D4D887181CED081700DC7583 /* staatdernederlandenorganisatieca-g2-Cert.crt */, - D4D887191CED081700DC7583 /* staatdernederlandenoverheidca-Cert.crt */, - ); - name = DigiNotar; - sourceTree = ""; - }; - EB22F3CE18A26B640016A8EC /* Breadcrumb */ = { - isa = PBXGroup; - children = ( - EBD8B52718A55668004A650F /* README */, - EB22F3F518A26BA50016A8EC /* bc-10-knife-on-bread.m */, - EB22F3F618A26BA50016A8EC /* breadcrumb_regressions.h */, - EB22F3F718A26BA50016A8EC /* SecBreadcrumb.c */, - EB22F3F818A26BA50016A8EC /* SecBreadcrumb.h */, - ); - name = Breadcrumb; - sourceTree = ""; - }; - EB73F0121C210CC7008191E3 /* SecurityFeatures */ = { - isa = PBXGroup; - children = ( - EB73F03C1C210CF2008191E3 /* BUILT_PRODUCTS_DIR */, - EB73F03B1C210CDF008191E3 /* iOS */, - EB73F03D1C210CFE008191E3 /* OSX */, - EB73F0401C210D78008191E3 /* CopyHeaders.sh */, - EBE011FF1C2135E200CB6A63 /* ExternalProject.sh */, - EB73F0411C210D78008191E3 /* README.txt */, - ); - name = SecurityFeatures; - path = ..; - sourceTree = ""; - }; - EB73F03B1C210CDF008191E3 /* iOS */ = { - isa = PBXGroup; - children = ( - EB73F03E1C210D49008191E3 /* SecurityFeatures.h */, - ); - name = iOS; - sourceTree = ""; - }; - EB73F03C1C210CF2008191E3 /* BUILT_PRODUCTS_DIR */ = { - isa = PBXGroup; - children = ( - EB73F0441C210DF8008191E3 /* SecurityFeatures.h */, - ); - name = BUILT_PRODUCTS_DIR; - sourceTree = BUILT_PRODUCTS_DIR; - }; - EB73F03D1C210CFE008191E3 /* OSX */ = { - isa = PBXGroup; - children = ( - EB73F03F1C210D58008191E3 /* SecurityFeatures.h */, - ); - name = OSX; - sourceTree = ""; - }; - EBB696D51BE2089400715F16 /* RegressionTests */ = { - isa = PBXGroup; - children = ( - EBB696FE1BE208BD00715F16 /* secbackupntest */, - EBB696FD1BE208BA00715F16 /* Security.plist */, - ); - name = RegressionTests; - path = ../RegressionTests; - sourceTree = ""; - }; - EBB696FE1BE208BD00715F16 /* secbackupntest */ = { - isa = PBXGroup; - children = ( - EBB696FF1BE208CB00715F16 /* secbackupntest.m */, - ); - name = secbackupntest; - sourceTree = ""; - }; - F93C493C1AB8FF670047E01A /* ckcdiagnose */ = { - isa = PBXGroup; - children = ( - F93C493D1AB8FF670047E01A /* ckcdiagnose.sh */, - ); - name = ckcdiagnose; - path = ../ckcdiagnose; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 18073848146D0D4E00F05C24 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - EB73F0451C210E6F008191E3 /* SecurityFeatures.h in Headers */, - CD8B5A9D1B618ED9004D4AEF /* SOSPeerInfoPriv.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 18FE67E71471A3AA00A2CBE3 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 18FE68021471A42900A2CBE3 /* SecDigestTransform.h in Headers */, - 18FE68031471A42900A2CBE3 /* SecReadTransform.h in Headers */, - 18FE68041471A42900A2CBE3 /* SecTransform.h in Headers */, - 18FE68051471A42900A2CBE3 /* SecCustomTransform.h in Headers */, - 18FE68061471A42900A2CBE3 /* SecDecodeTransform.h in Headers */, - 18FE68071471A42900A2CBE3 /* SecEncodeTransform.h in Headers */, - 18FE68081471A42900A2CBE3 /* SecEncryptTransform.h in Headers */, - 18FE68091471A42900A2CBE3 /* SecSignVerifyTransform.h in Headers */, - 18FE680A1471A42900A2CBE3 /* SecTransformReadTransform.h in Headers */, - 18FE680B1471A42900A2CBE3 /* CipherSuite.h in Headers */, - 18FE680C1471A42900A2CBE3 /* SecureTransport.h in Headers */, - 18FE680D1471A42900A2CBE3 /* mds.h in Headers */, - 18FE680E1471A42900A2CBE3 /* mds_schema.h in Headers */, - 18FE680F1471A42900A2CBE3 /* SecureDownload.h in Headers */, - 18FE68101471A42900A2CBE3 /* SecAccess.h in Headers */, - 18FE68111471A42900A2CBE3 /* SecACL.h in Headers */, - 18FE68121471A42900A2CBE3 /* SecBase.h in Headers */, - 18FE68131471A42900A2CBE3 /* SecCertificate.h in Headers */, - 18FE68141471A42900A2CBE3 /* SecIdentity.h in Headers */, - 18FE68151471A42900A2CBE3 /* SecIdentitySearch.h in Headers */, - 18FE68161471A42900A2CBE3 /* SecItem.h in Headers */, - 18FE68171471A42900A2CBE3 /* SecKey.h in Headers */, - 18FE68181471A42900A2CBE3 /* SecKeychain.h in Headers */, - 18FE68191471A42900A2CBE3 /* SecKeychainItem.h in Headers */, - 18FE681A1471A42900A2CBE3 /* SecKeychainSearch.h in Headers */, - 18FE681B1471A42900A2CBE3 /* SecPolicy.h in Headers */, - 18FE681C1471A42900A2CBE3 /* SecPolicySearch.h in Headers */, - 18FE681D1471A42900A2CBE3 /* SecTrust.h in Headers */, - 18FE681E1471A42900A2CBE3 /* SecTrustedApplication.h in Headers */, - 18FE681F1471A42900A2CBE3 /* Security.h in Headers */, - 18FE68201471A42900A2CBE3 /* SecImportExport.h in Headers */, - 18FE68211471A42900A2CBE3 /* SecTrustSettings.h in Headers */, - 18FE68221471A42900A2CBE3 /* SecCertificateOIDs.h in Headers */, - 18FE68231471A42900A2CBE3 /* SecRandom.h in Headers */, - D41685841B3A288F001FB54E /* oids.h in Headers */, - 18FE68241471A42900A2CBE3 /* SecTask.h in Headers */, - 18FE68251471A42900A2CBE3 /* CodeSigning.h in Headers */, - 18FE68261471A42900A2CBE3 /* CSCommon.h in Headers */, - 18FE68271471A42900A2CBE3 /* SecCode.h in Headers */, - 18FE68281471A42900A2CBE3 /* SecStaticCode.h in Headers */, - 18FE68291471A42900A2CBE3 /* SecRequirement.h in Headers */, - 18FE682A1471A42900A2CBE3 /* SecCodeHost.h in Headers */, - 18FE682B1471A42900A2CBE3 /* CMSDecoder.h in Headers */, - 18FE682C1471A42900A2CBE3 /* CMSEncoder.h in Headers */, - EB22F3FA18A26BCE0016A8EC /* SecBreadcrumb.h in Headers */, - 18FE682D1471A42900A2CBE3 /* AuthorizationTags.h in Headers */, - 18FE682E1471A42900A2CBE3 /* AuthSession.h in Headers */, - 18FE682F1471A42900A2CBE3 /* Authorization.h in Headers */, - 18FE68301471A42900A2CBE3 /* AuthorizationDB.h in Headers */, - 18FE68311471A42900A2CBE3 /* AuthorizationPlugin.h in Headers */, - 18FE68321471A42900A2CBE3 /* SecAsn1Coder.h in Headers */, - 18FE68331471A42900A2CBE3 /* SecAsn1Templates.h in Headers */, - 18FE68341471A42900A2CBE3 /* SecAsn1Types.h in Headers */, - 44B2606818F81A7D008DF20F /* SecAccessControl.h in Headers */, - 18FE68351471A42900A2CBE3 /* certextensions.h in Headers */, - 18FE68361471A42900A2CBE3 /* cssm.h in Headers */, - 18FE68371471A42900A2CBE3 /* cssmaci.h in Headers */, - 18FE68381471A42900A2CBE3 /* cssmapi.h in Headers */, - 18FE68391471A42900A2CBE3 /* cssmapple.h in Headers */, - 18FE683A1471A42900A2CBE3 /* cssmcli.h in Headers */, - 18FE683B1471A42900A2CBE3 /* cssmconfig.h in Headers */, - 18FE683C1471A42900A2CBE3 /* cssmcspi.h in Headers */, - 18FE683D1471A42900A2CBE3 /* cssmdli.h in Headers */, - 18FE683E1471A42900A2CBE3 /* cssmerr.h in Headers */, - 18FE683F1471A42900A2CBE3 /* cssmkrapi.h in Headers */, - 18FE68401471A42900A2CBE3 /* cssmkrspi.h in Headers */, - 18FE68411471A42900A2CBE3 /* cssmspi.h in Headers */, - 18FE68421471A42900A2CBE3 /* cssmtpi.h in Headers */, - 18FE68431471A42900A2CBE3 /* cssmtype.h in Headers */, - 18FE68441471A42900A2CBE3 /* eisl.h in Headers */, - 18FE68451471A42900A2CBE3 /* emmspi.h in Headers */, - 18FE68461471A42900A2CBE3 /* emmtype.h in Headers */, - 18FE68491471A42900A2CBE3 /* oidsbase.h in Headers */, - 18FE684A1471A42900A2CBE3 /* oidscert.h in Headers */, - 18FE684B1471A42900A2CBE3 /* oidscrl.h in Headers */, - 18FE684C1471A42900A2CBE3 /* x509defs.h in Headers */, - 18FE684D1471A46600A2CBE3 /* asn1Templates.h in Headers */, - 18FE684E1471A46600A2CBE3 /* AuthorizationPriv.h in Headers */, - 18FE684F1471A46600A2CBE3 /* AuthorizationTagsPriv.h in Headers */, - 4CE7EAA31AEAF5230067F5BD /* SecItemBackup.h in Headers */, - 18FE68501471A46600A2CBE3 /* certExtensionTemplates.h in Headers */, - 18FE68511471A46600A2CBE3 /* checkpw.h in Headers */, - CDDE9D1E1729E2E60013B0E8 /* SecPasswordGenerate.h in Headers */, - 18FE68521471A46600A2CBE3 /* CMSPrivate.h in Headers */, - 5244926A1AFD6CB70043695A /* der_plist.h in Headers */, - 18FE68531471A46600A2CBE3 /* CSCommonPriv.h in Headers */, - 18FE68541471A46600A2CBE3 /* csrTemplates.h in Headers */, - 18FE68551471A46600A2CBE3 /* cssmapplePriv.h in Headers */, - 18FE68561471A46600A2CBE3 /* keyTemplates.h in Headers */, - 18FE68571471A46600A2CBE3 /* mdspriv.h in Headers */, - 18FE68581471A46600A2CBE3 /* nameTemplates.h in Headers */, - 18FE68591471A46600A2CBE3 /* ocspTemplates.h in Headers */, - 44B2606A18F81C0F008DF20F /* SecAccessControlPriv.h in Headers */, - 18FE685A1471A46600A2CBE3 /* osKeyTemplates.h in Headers */, - 1FDA9ABC1C4489280083929D /* SecTranslocate.h in Headers */, - 18FE685B1471A46600A2CBE3 /* SecAccessPriv.h in Headers */, - 18FE685C1471A46600A2CBE3 /* secasn1t.h in Headers */, - 18FE685D1471A46600A2CBE3 /* SecAssessment.h in Headers */, - 18FE685E1471A46600A2CBE3 /* SecBasePriv.h in Headers */, - 18FE685F1471A46600A2CBE3 /* SecCertificateBundle.h in Headers */, - 18FE68611471A46600A2CBE3 /* SecCertificatePriv.h in Headers */, - 18FE68621471A46600A2CBE3 /* SecCertificateRequest.h in Headers */, - 18FE68631471A46600A2CBE3 /* SecCmsBase.h in Headers */, - AC5688BC18B4396D00F0526C /* SecCMS.h in Headers */, - D47F51221C3B80DF00A7CEFE /* SecCFAllocator.h in Headers */, - 18FE68641471A46600A2CBE3 /* SecCmsContentInfo.h in Headers */, - 18FE68651471A46600A2CBE3 /* SecCmsDecoder.h in Headers */, - 18FE68661471A46600A2CBE3 /* SecCmsDigestContext.h in Headers */, - 18FE68671471A46600A2CBE3 /* SecCmsDigestedData.h in Headers */, - 18FE68681471A46600A2CBE3 /* SecCmsEncoder.h in Headers */, - 18FE68691471A46600A2CBE3 /* SecCmsEncryptedData.h in Headers */, - 18FE686A1471A46600A2CBE3 /* SecCmsEnvelopedData.h in Headers */, - 18FE686B1471A46600A2CBE3 /* SecCmsMessage.h in Headers */, - 18FE686C1471A46600A2CBE3 /* SecCmsRecipientInfo.h in Headers */, - 18FE686D1471A46600A2CBE3 /* SecCmsSignedData.h in Headers */, - 18FE686E1471A46600A2CBE3 /* SecCmsSignerInfo.h in Headers */, - 18FE686F1471A46600A2CBE3 /* SecCodeHostLib.h in Headers */, - 18FE68701471A46600A2CBE3 /* SecCodePriv.h in Headers */, - 18FE68711471A46600A2CBE3 /* SecCodeSigner.h in Headers */, - 18FE68721471A46600A2CBE3 /* SecFDERecoveryAsymmetricCrypto.h in Headers */, - 18FE68731471A46600A2CBE3 /* SecIdentityPriv.h in Headers */, - 4C0F6F871985877800178101 /* SecEntitlements.h in Headers */, - 18FE68741471A46600A2CBE3 /* SecIdentitySearchPriv.h in Headers */, - 18FE68751471A46600A2CBE3 /* SecIntegrity.h in Headers */, - 18FE68761471A46600A2CBE3 /* SecIntegrityLib.h in Headers */, - 18FE68771471A46600A2CBE3 /* SecItemPriv.h in Headers */, - 18FE68781471A46600A2CBE3 /* SecKeychainItemExtendedAttributes.h in Headers */, - 0C03D62B17D93EED0087643B /* SecDH.h in Headers */, - 18FE68791471A46600A2CBE3 /* SecKeychainItemPriv.h in Headers */, - 18FE687A1471A46600A2CBE3 /* SecKeychainPriv.h in Headers */, - 18FE687B1471A46700A2CBE3 /* SecKeychainSearchPriv.h in Headers */, - 18FE687C1471A46700A2CBE3 /* SecKeyPriv.h in Headers */, - 18FE687D1471A46700A2CBE3 /* SecManifest.h in Headers */, - 18FE687E1471A46700A2CBE3 /* SecNullTransform.h in Headers */, - 18FE687F1471A46700A2CBE3 /* SecPassword.h in Headers */, - 18FE68801471A46700A2CBE3 /* SecPolicyPriv.h in Headers */, - 18FE68811471A46700A2CBE3 /* SecRandomP.h in Headers */, - 18FE68821471A46700A2CBE3 /* SecRecoveryPassword.h in Headers */, - 18FE68831471A46700A2CBE3 /* SecRequirementPriv.h in Headers */, - 18FE68841471A46700A2CBE3 /* SecSMIME.h in Headers */, - 18FE68851471A46700A2CBE3 /* SecStaticCodePriv.h in Headers */, - D4D9B9FE1C7E5CCA008785EB /* SecServerEncryptionSupport.h in Headers */, - 18FE68861471A46700A2CBE3 /* SecTransformInternal.h in Headers */, - 18FE68871471A46700A2CBE3 /* SecTrustedApplicationPriv.h in Headers */, - BEC3A76816F79497003E5634 /* SecTaskPriv.h in Headers */, - 18FE68881471A46700A2CBE3 /* SecTrustPriv.h in Headers */, - 18FE68891471A46700A2CBE3 /* SecTrustSettingsPriv.h in Headers */, - 18FE688A1471A46700A2CBE3 /* SecureDownloadInternal.h in Headers */, - 18FE688B1471A46700A2CBE3 /* SecureTransportPriv.h in Headers */, - 18FE688C1471A46700A2CBE3 /* TrustSettingsSchema.h in Headers */, - 18FE688D1471A46700A2CBE3 /* X509Templates.h in Headers */, - 0C4F055E15C9E51A00F9DFD5 /* sslTypes.h in Headers */, - 18BBC7361471F5A300F2B224 /* SecExternalSourceTransform.h in Headers */, - 18B647EC14D9F20500F538BF /* oidsalg.h in Headers */, - 52B5A9C21519330300664F11 /* tsaSupport.h in Headers */, - 52B5A9C31519330300664F11 /* tsaTemplates.h in Headers */, - 52AEA489153C778C005AFC59 /* tsaSupportPriv.h in Headers */, - 18B647ED14D9F20F00F538BF /* oidsattr.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4AF95B8B16193B1B00662B04 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXLegacyTarget section */ - EBE011D31C21357200CB6A63 /* SecurityFeatures */ = { - isa = PBXLegacyTarget; - buildArgumentsString = "$(PROJECT_DIR)/../SecurityFeatures/ExternalProject.sh $(ACTION)"; - buildConfigurationList = EBE011FE1C21357200CB6A63 /* Build configuration list for PBXLegacyTarget "SecurityFeatures" */; - buildPhases = ( - ); - buildToolPath = /bin/bash; - buildWorkingDirectory = "$(PROJECT_DIR)/../SecurityFeatures"; - dependencies = ( - ); - name = SecurityFeatures; - passBuildSettingsInEnvironment = 1; - productName = SecurityFeature; - }; -/* End PBXLegacyTarget section */ - -/* Begin PBXNativeTarget section */ - 0C6C630A15D193C800BC68CD /* sectests */ = { - isa = PBXNativeTarget; - buildConfigurationList = 0C6C631215D193C900BC68CD /* Build configuration list for PBXNativeTarget "sectests" */; - buildPhases = ( - 0C6C630715D193C800BC68CD /* Sources */, - 0C6C630815D193C800BC68CD /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - D4CBC11A1BE981DE00C5795E /* PBXTargetDependency */, - 0C6C632E15D19D2900BC68CD /* PBXTargetDependency */, - ACB6173F18B5232700EBEDD7 /* PBXTargetDependency */, - 0CBD50C716C3260D00713B6C /* PBXTargetDependency */, - 0CCEBDB316C2CFD4001BD7F6 /* PBXTargetDependency */, - DC872EEA1CC983EE0076C0E7 /* PBXTargetDependency */, - ); - name = sectests; - productName = sectests; - productReference = 0C6C630B15D193C800BC68CD /* sectests */; - productType = "com.apple.product-type.tool"; - }; - 0CC3350716C1ED8000399E53 /* secdtests */ = { - isa = PBXNativeTarget; - buildConfigurationList = 0CC3352A16C1ED8000399E53 /* Build configuration list for PBXNativeTarget "secdtests" */; - buildPhases = ( - 0CC3351616C1ED8000399E53 /* Sources */, - 0CC3351B16C1ED8000399E53 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - 0CC3350A16C1ED8000399E53 /* PBXTargetDependency */, - 0CC3351016C1ED8000399E53 /* PBXTargetDependency */, - 0CC3351216C1ED8000399E53 /* PBXTargetDependency */, - 0CC3351416C1ED8000399E53 /* PBXTargetDependency */, - 0CC3350816C1ED8000399E53 /* PBXTargetDependency */, - 0CC3356216C1EF8B00399E53 /* PBXTargetDependency */, - 0CC3350C16C1ED8000399E53 /* PBXTargetDependency */, - 0CCEBDBD16C30948001BD7F6 /* PBXTargetDependency */, - 0C4EAE7917668DFF00773425 /* PBXTargetDependency */, - ); - name = secdtests; - productName = sectests; - productReference = 0CC3352D16C1ED8000399E53 /* secdtests */; - productType = "com.apple.product-type.tool"; - }; - 1807384A146D0D4E00F05C24 /* Security */ = { - isa = PBXNativeTarget; - buildConfigurationList = 18073875146D0D4E00F05C24 /* Build configuration list for PBXNativeTarget "Security" */; - buildPhases = ( - EB73F0431C210DA9008191E3 /* Copy Security Feature header */, - 18073846146D0D4E00F05C24 /* Sources */, - 18073847146D0D4E00F05C24 /* Frameworks */, - 18073848146D0D4E00F05C24 /* Headers */, - 18500F961470828E006F9AB4 /* Run Script Generate Strings */, - 18073849146D0D4E00F05C24 /* Resources */, - 43A599151B0CFC8200D14A7B /* CopyFiles */, - 18500F9114707E10006F9AB4 /* Run Script Copy XPC Service */, - EB5D73121B0CB0E0009CAA47 /* Old SOS header location */, - ); - buildRules = ( - E778BFB91717461800302C14 /* PBXBuildRule */, - ); - dependencies = ( - 4C12894415FFED03008CE3E3 /* PBXTargetDependency */, - D46B08A81C8FD8D900B5939A /* PBXTargetDependency */, - EBE012011C21368400CB6A63 /* PBXTargetDependency */, - 1879B545146DE18D007E536C /* PBXTargetDependency */, - 1FDA9A5F1C4471EC0083929D /* PBXTargetDependency */, - D46B08021C8FBE6A00B5939A /* PBXTargetDependency */, - BE8D22951ABB747A009A4E18 /* PBXTargetDependency */, - 4AD6F6F41651CC2500DB4CE6 /* PBXTargetDependency */, - 18FE688F1471A4C900A2CBE3 /* PBXTargetDependency */, - 18270F5D14CF655B00B05E7F /* PBXTargetDependency */, - 18AD56A614CDED59008233F2 /* PBXTargetDependency */, - 182BB410146F248D000BF1F3 /* PBXTargetDependency */, - 1879B56C146DE2CF007E536C /* PBXTargetDependency */, - 18B9655C1472F83C005A4D2E /* PBXTargetDependency */, - 182BB4E7146F25AF000BF1F3 /* PBXTargetDependency */, - 182BB3EE146F248D000BF1F3 /* PBXTargetDependency */, - 182BB3F0146F248D000BF1F3 /* PBXTargetDependency */, - 182BB3F2146F248D000BF1F3 /* PBXTargetDependency */, - 182BB3F4146F248D000BF1F3 /* PBXTargetDependency */, - 182BB3F6146F248D000BF1F3 /* PBXTargetDependency */, - 182BB3F8146F248D000BF1F3 /* PBXTargetDependency */, - 182BB3FC146F248D000BF1F3 /* PBXTargetDependency */, - 182BB3FE146F248D000BF1F3 /* PBXTargetDependency */, - 182BB400146F248D000BF1F3 /* PBXTargetDependency */, - 182BB402146F248D000BF1F3 /* PBXTargetDependency */, - 182BB404146F248D000BF1F3 /* PBXTargetDependency */, - 182BB406146F248D000BF1F3 /* PBXTargetDependency */, - 182BB408146F248D000BF1F3 /* PBXTargetDependency */, - 182BB40A146F248D000BF1F3 /* PBXTargetDependency */, - 182BB40C146F248D000BF1F3 /* PBXTargetDependency */, - 182BB40E146F248D000BF1F3 /* PBXTargetDependency */, - 182BB412146F248D000BF1F3 /* PBXTargetDependency */, - 182BB414146F248D000BF1F3 /* PBXTargetDependency */, - 182BB418146F248D000BF1F3 /* PBXTargetDependency */, - 182BB41A146F248D000BF1F3 /* PBXTargetDependency */, - 182BB3EC146F2448000BF1F3 /* PBXTargetDependency */, - 18446082146DF52F00B12992 /* PBXTargetDependency */, - 1879B56E146DE2D3007E536C /* PBXTargetDependency */, - 5208C0FE16A0D3980062DDC5 /* PBXTargetDependency */, - E76079FA1951FDF600F69731 /* PBXTargetDependency */, - 182BB22C146F07DD000BF1F3 /* PBXTargetDependency */, - ); - name = Security; - productName = Security; - productReference = 1807384B146D0D4E00F05C24 /* Security.framework */; - productType = "com.apple.product-type.framework"; - }; - 18270ED514CF282600B05E7F /* secd */ = { - isa = PBXNativeTarget; - buildConfigurationList = 18270EDD14CF282600B05E7F /* Build configuration list for PBXNativeTarget "secd" */; - buildPhases = ( - 18270ED214CF282600B05E7F /* Sources */, - 18270ED314CF282600B05E7F /* Frameworks */, - 18BEB19914CF7F0B00C8BD36 /* CopyFiles */, - BE5976DD1AD73BE50066DECE /* CopyFiles */, - 0C6D003C177B545D0095D167 /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - 4C8D8650177A75100019A804 /* PBXTargetDependency */, - 4C01DF13164C3E74006798CD /* PBXTargetDependency */, - 4C7D8764160A746E00D041E3 /* PBXTargetDependency */, - 18270EE314CF28D900B05E7F /* PBXTargetDependency */, - 18270EE114CF28D000B05E7F /* PBXTargetDependency */, - ); - name = secd; - productName = secd; - productReference = 18270ED614CF282600B05E7F /* secd */; - productType = "com.apple.product-type.tool"; - }; - 182BB567146F4DCA000BF1F3 /* csparser */ = { - isa = PBXNativeTarget; - buildConfigurationList = 182BB572146F4DCB000BF1F3 /* Build configuration list for PBXNativeTarget "csparser" */; - buildPhases = ( - 182BB564146F4DCA000BF1F3 /* Sources */, - 182BB565146F4DCA000BF1F3 /* Frameworks */, - 182BB566146F4DCA000BF1F3 /* Resources */, - 182BB583146FDD3C000BF1F3 /* ShellScript */, - ); - buildRules = ( - ); - dependencies = ( - 182BB596146FE27F000BF1F3 /* PBXTargetDependency */, - DC311CC71CCEC81D00E14E8D /* PBXTargetDependency */, - 182BB58F146FE11C000BF1F3 /* PBXTargetDependency */, - 182BB58D146FE0FF000BF1F3 /* PBXTargetDependency */, - 182BB588146FE001000BF1F3 /* PBXTargetDependency */, - ); - name = csparser; - productName = csparser; - productReference = 182BB568146F4DCA000BF1F3 /* csparser.bundle */; - productType = "com.apple.product-type.bundle"; - }; - 18F234EA15C9F9A600060520 /* authd */ = { - isa = PBXNativeTarget; - buildConfigurationList = 18F234F615C9F9A700060520 /* Build configuration list for PBXNativeTarget "authd" */; - buildPhases = ( - 4AF95B8B16193B1B00662B04 /* Headers */, - 18F234E715C9F9A600060520 /* Sources */, - 18F234E815C9F9A600060520 /* Frameworks */, - 187D6B9615D4381C00E27494 /* Copy authorization.plist */, - 18CFEE8815DEE2BA00E3F2A3 /* Copy sandbox profile */, - 4A5C178F161A9DE000ABF784 /* CopyFiles */, - 18D6803A16B768DE00DF6D2E /* Copy asl module */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = authd; - productName = security.auth; - productReference = 18F234EB15C9F9A600060520 /* authd.xpc */; - productType = "com.apple.product-type.bundle"; - }; - 18FE67E91471A3AA00A2CBE3 /* copyHeaders */ = { - isa = PBXNativeTarget; - buildConfigurationList = 18FE67FB1471A3AA00A2CBE3 /* Build configuration list for PBXNativeTarget "copyHeaders" */; - buildPhases = ( - 18FE67E71471A3AA00A2CBE3 /* Headers */, - 4CB86AE4167A6F3D00F46643 /* Copy SecureObjectSync Headers */, - 5E3BDC291CD20B4300C80B61 /* Unifdef RC_HIDE_J79/J80 */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = copyHeaders; - productName = copyHeaders; - productReference = 18FE67EA1471A3AA00A2CBE3 /* Security.framework */; - productType = "com.apple.product-type.framework"; - }; - 3705CAD11A896DE800402F75 /* SecTaskTest */ = { - isa = PBXNativeTarget; - buildConfigurationList = 3705CAD61A896DE800402F75 /* Build configuration list for PBXNativeTarget "SecTaskTest" */; - buildPhases = ( - 3705CACE1A896DE800402F75 /* Sources */, - 3705CACF1A896DE800402F75 /* Frameworks */, - 3705CAD01A896DE800402F75 /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = SecTaskTest; - productName = SecTaskTest; - productReference = 3705CAD21A896DE800402F75 /* SecTaskTest */; - productType = "com.apple.product-type.tool"; - }; - 37A7CEAA197DB8FA00926CE8 /* codesign_tests */ = { - isa = PBXNativeTarget; - buildConfigurationList = 37A7CED8197DB8FA00926CE8 /* Build configuration list for PBXNativeTarget "codesign_tests" */; - buildPhases = ( - 37A7CEA7197DB8FA00926CE8 /* Sources */, - 37A7CEA8197DB8FA00926CE8 /* Frameworks */, - 37A7CEDC197DCECD00926CE8 /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = codesign_tests; - productName = codesign_tests; - productReference = 37A7CEAB197DB8FA00926CE8 /* codesign_tests */; - productType = "com.apple.product-type.tool"; - }; - 37AB390E1A44A88000B56E04 /* gk_reset_check */ = { - isa = PBXNativeTarget; - buildConfigurationList = 37AB393C1A44A88000B56E04 /* Build configuration list for PBXNativeTarget "gk_reset_check" */; - buildPhases = ( - 37AB390B1A44A88000B56E04 /* Sources */, - 37AB390C1A44A88000B56E04 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = gk_reset_check; - productName = gk_reset_check; - productReference = 37AB390F1A44A88000B56E04 /* gk_reset_check */; - productType = "com.apple.product-type.tool"; - }; - 4C96F7C016D6DF8300D3B39D /* Keychain Circle Notification */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4C96F7D516D6DF8400D3B39D /* Build configuration list for PBXNativeTarget "Keychain Circle Notification" */; - buildPhases = ( - 4C96F7BD16D6DF8300D3B39D /* Sources */, - 4C96F7BE16D6DF8300D3B39D /* Frameworks */, - 4C96F7BF16D6DF8300D3B39D /* Resources */, - 4C49390E16E51ED100CE110C /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - 4374574E1B2787950051E20E /* PBXTargetDependency */, - ); - name = "Keychain Circle Notification"; - productName = "Keychain Circle Notification"; - productReference = 4C96F7C116D6DF8300D3B39D /* Keychain Circle Notification.app */; - productType = "com.apple.product-type.application"; - }; - 4CB23B45169F5873003A0131 /* security2 */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4CB23B7F169F5873003A0131 /* Build configuration list for PBXNativeTarget "security2" */; - buildPhases = ( - 4CB23B42169F5873003A0131 /* Sources */, - 4CB23B43169F5873003A0131 /* Frameworks */, - 4CB23B44169F5873003A0131 /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - 4CB23B88169F597D003A0131 /* PBXTargetDependency */, - 4CB23B86169F5971003A0131 /* PBXTargetDependency */, - 4CB23B84169F5961003A0131 /* PBXTargetDependency */, - ); - name = security2; - productName = security2; - productReference = 4CB23B46169F5873003A0131 /* security2 */; - productType = "com.apple.product-type.tool"; - }; - 4CC7A7B216CC2A84003E10C1 /* Cloud Keychain Utility */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4CC7A7EF16CC2A85003E10C1 /* Build configuration list for PBXNativeTarget "Cloud Keychain Utility" */; - buildPhases = ( - 4CC7A7AF16CC2A84003E10C1 /* Sources */, - 4CC7A7B016CC2A84003E10C1 /* Frameworks */, - 4CC7A7B116CC2A84003E10C1 /* Resources */, - ); - buildRules = ( - ); - dependencies = ( - 4381B9AC1B28E0F4002BBC79 /* PBXTargetDependency */, - ); - name = "Cloud Keychain Utility"; - productName = Keychain; - productReference = 4CC7A7B316CC2A84003E10C1 /* Cloud Keychain Utility.app */; - productType = "com.apple.product-type.application"; - }; - 5EF7C2091B00E25400E5E99C /* secacltests */ = { - isa = PBXNativeTarget; - buildConfigurationList = 5EF7C2381B00E25400E5E99C /* Build configuration list for PBXNativeTarget "secacltests" */; - buildPhases = ( - 5EF7C2061B00E25400E5E99C /* Sources */, - 5EF7C2071B00E25400E5E99C /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - 5ED88B701B0DEF4700F3B047 /* PBXTargetDependency */, - 5EFB69C21B0CBFC30095A36E /* PBXTargetDependency */, - 5EE556971B01DA3E006F78F2 /* PBXTargetDependency */, - 5EE556951B01DA33006F78F2 /* PBXTargetDependency */, - 5EE556931B01DA24006F78F2 /* PBXTargetDependency */, - 5EE556911B01D9F5006F78F2 /* PBXTargetDependency */, - 5EE556671B01D9A8006F78F2 /* PBXTargetDependency */, - ); - name = secacltests; - productName = secacltests; - productReference = 5EF7C20A1B00E25400E5E99C /* secacltests */; - productType = "com.apple.product-type.tool"; - }; - BE48ADF71ADF1DF4000836C1 /* trustd */ = { - isa = PBXNativeTarget; - buildConfigurationList = BE48AE1E1ADF1DF4000836C1 /* Build configuration list for PBXNativeTarget "trustd" */; - buildPhases = ( - BE48AE021ADF1DF4000836C1 /* Sources */, - BE48AE041ADF1DF4000836C1 /* Frameworks */, - BE48AE191ADF1DF4000836C1 /* CopyFiles */, - BE48AE1B1ADF1DF4000836C1 /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - D45FC3E61C9E06BD00509CDA /* PBXTargetDependency */, - D45FC3E31C9E069000509CDA /* PBXTargetDependency */, - BE48ADF81ADF1DF4000836C1 /* PBXTargetDependency */, - BE48ADFC1ADF1DF4000836C1 /* PBXTargetDependency */, - ); - name = trustd; - productName = secd; - productReference = BE48AE211ADF1DF4000836C1 /* trustd */; - productType = "com.apple.product-type.tool"; - }; - D42FA8231C9B8D3C003E46A7 /* SecurityTestsOSX */ = { - isa = PBXNativeTarget; - buildConfigurationList = D42FA8321C9B8D3D003E46A7 /* Build configuration list for PBXNativeTarget "SecurityTestsOSX" */; - buildPhases = ( - D42FA8201C9B8D3C003E46A7 /* Sources */, - D42FA8211C9B8D3C003E46A7 /* Frameworks */, - D42FA8221C9B8D3C003E46A7 /* Resources */, - D4D886F61CED070600DC7583 /* Copy DigiNotar Resources */, - D4D886F71CED070800DC7583 /* Copy DigiNotar-Entrust Resources */, - D4D886F81CED070A00DC7583 /* Copy DigiNotar-ok Resources */, - D4D886F91CED070C00DC7583 /* Copy DigicertMalaysia Resources */, - ); - buildRules = ( - ); - dependencies = ( - D42FA83B1C9B8F94003E46A7 /* PBXTargetDependency */, - D42FA83D1C9B8F94003E46A7 /* PBXTargetDependency */, - D42FA83F1C9B8F94003E46A7 /* PBXTargetDependency */, - D42FA8371C9B8F77003E46A7 /* PBXTargetDependency */, - D42FA8391C9B8F7D003E46A7 /* PBXTargetDependency */, - D42FA8431C9B8FD0003E46A7 /* PBXTargetDependency */, - DC872F151CC983F70076C0E7 /* PBXTargetDependency */, - D42FA8411C9B8FA7003E46A7 /* PBXTargetDependency */, - ); - name = SecurityTestsOSX; - productName = SecurityTestsOSX; - productReference = D42FA8241C9B8D3C003E46A7 /* SecurityTestsOSX.app */; - productType = "com.apple.product-type.application"; - }; - EBB697031BE208FC00715F16 /* secbackupntest */ = { - isa = PBXNativeTarget; - buildConfigurationList = EBB697081BE208FC00715F16 /* Build configuration list for PBXNativeTarget "secbackupntest" */; - buildPhases = ( - EBB697001BE208FC00715F16 /* Sources */, - EBB697011BE208FC00715F16 /* Frameworks */, - EBB697021BE208FC00715F16 /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = secbackupntest; - productName = secbackupntest; - productReference = EBB697041BE208FC00715F16 /* secbackupntest */; - productType = "com.apple.product-type.tool"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 18073841146D0D4E00F05C24 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - TargetAttributes = { - 3705CAD11A896DE800402F75 = { - CreatedOnToolsVersion = 7.0; - }; - 37A7CEAA197DB8FA00926CE8 = { - CreatedOnToolsVersion = 6.0; - }; - 37AB390E1A44A88000B56E04 = { - CreatedOnToolsVersion = 6.3; - }; - 5EF7C2091B00E25400E5E99C = { - CreatedOnToolsVersion = 7.0; - }; - D42FA8231C9B8D3C003E46A7 = { - CreatedOnToolsVersion = 8.0; - }; - EBB697031BE208FC00715F16 = { - CreatedOnToolsVersion = 7.2; - }; - EBE011D31C21357200CB6A63 = { - CreatedOnToolsVersion = 7.2; - }; - F93C49311AB8FD350047E01A = { - CreatedOnToolsVersion = 6.3; - }; - }; - }; - buildConfigurationList = 18073844146D0D4E00F05C24 /* Build configuration list for PBXProject "OSX" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 0; - knownRegions = ( - en, - Base, - ); - mainGroup = 1807383F146D0D4E00F05C24; - productRefGroup = 1807384C146D0D4E00F05C24 /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 18270F0914CF43C000B05E7F /* Products */; - ProjectRef = 18270F0814CF43C000B05E7F /* libDER.xcodeproj */; - }, - { - ProductGroup = 1879B5BD146DE6C8007E536C /* Products */; - ProjectRef = 1879B5BC146DE6C8007E536C /* libsecurity_apple_csp.xcodeproj */; - }, - { - ProductGroup = 1879B5CA146DE6CE007E536C /* Products */; - ProjectRef = 1879B5C9146DE6CE007E536C /* libsecurity_apple_cspdl.xcodeproj */; - }, - { - ProductGroup = 1879B5D6146DE6D7007E536C /* Products */; - ProjectRef = 1879B5D5146DE6D7007E536C /* libsecurity_apple_file_dl.xcodeproj */; - }, - { - ProductGroup = 1879B5E2146DE6E7007E536C /* Products */; - ProjectRef = 1879B5E1146DE6E7007E536C /* libsecurity_apple_x509_cl.xcodeproj */; - }, - { - ProductGroup = 1879B5F1146DE6FD007E536C /* Products */; - ProjectRef = 1879B5F0146DE6FD007E536C /* libsecurity_apple_x509_tp.xcodeproj */; - }, - { - ProductGroup = 1879B5FD146DE704007E536C /* Products */; - ProjectRef = 1879B5FC146DE704007E536C /* libsecurity_asn1.xcodeproj */; - }, - { - ProductGroup = 1879B60A146DE70A007E536C /* Products */; - ProjectRef = 1879B609146DE70A007E536C /* libsecurity_authorization.xcodeproj */; - }, - { - ProductGroup = 1879B616146DE715007E536C /* Products */; - ProjectRef = 1879B615146DE715007E536C /* libsecurity_cdsa_client.xcodeproj */; - }, - { - ProductGroup = 1879B622146DE720007E536C /* Products */; - ProjectRef = 1879B621146DE720007E536C /* libsecurity_cdsa_plugin.xcodeproj */; - }, - { - ProductGroup = 1879B551146DE227007E536C /* Products */; - ProjectRef = 1879B550146DE227007E536C /* libsecurity_cdsa_utilities.xcodeproj */; - }, - { - ProductGroup = 1879B548146DE212007E536C /* Products */; - ProjectRef = 1879B547146DE212007E536C /* libsecurity_cdsa_utils.xcodeproj */; - }, - { - ProductGroup = 1879B638146DE748007E536C /* Products */; - ProjectRef = 1879B637146DE748007E536C /* libsecurity_checkpw.xcodeproj */; - }, - { - ProductGroup = 1879B64C146DE750007E536C /* Products */; - ProjectRef = 1879B64B146DE750007E536C /* libsecurity_cms.xcodeproj */; - }, - { - ProductGroup = 1879B658146DE756007E536C /* Products */; - ProjectRef = 1879B657146DE756007E536C /* libsecurity_codesigning.xcodeproj */; - }, - { - ProductGroup = 1879B66E146DE75D007E536C /* Products */; - ProjectRef = 1879B66D146DE75D007E536C /* libsecurity_comcryption.xcodeproj */; - }, - { - ProductGroup = 1879B67A146DE76E007E536C /* Products */; - ProjectRef = 1879B679146DE76E007E536C /* libsecurity_cryptkit.xcodeproj */; - }, - { - ProductGroup = 1879B55E146DE244007E536C /* Products */; - ProjectRef = 1879B55D146DE244007E536C /* libsecurity_cssm.xcodeproj */; - }, - { - ProductGroup = 1879B695146DE797007E536C /* Products */; - ProjectRef = 1879B694146DE797007E536C /* libsecurity_filedb.xcodeproj */; - }, - { - ProductGroup = 1879B6A1146DE79F007E536C /* Products */; - ProjectRef = 1879B6A0146DE79F007E536C /* libsecurity_keychain.xcodeproj */; - }, - { - ProductGroup = 1879B6C8146DE7D7007E536C /* Products */; - ProjectRef = 1879B6C7146DE7D7007E536C /* libsecurity_manifest.xcodeproj */; - }, - { - ProductGroup = 1879B6D4146DE7E0007E536C /* Products */; - ProjectRef = 1879B6D3146DE7E0007E536C /* libsecurity_mds.xcodeproj */; - }, - { - ProductGroup = 1879B6E0146DE7E7007E536C /* Products */; - ProjectRef = 1879B6DF146DE7E7007E536C /* libsecurity_ocspd.xcodeproj */; - }, - { - ProductGroup = 1879B6ED146DE7EE007E536C /* Products */; - ProjectRef = 1879B6EC146DE7EE007E536C /* libsecurity_pkcs12.xcodeproj */; - }, - { - ProductGroup = 1879B6F9146DE7F7007E536C /* Products */; - ProjectRef = 1879B6F8146DE7F7007E536C /* libsecurity_sd_cspdl.xcodeproj */; - }, - { - ProductGroup = 1879B713146DE825007E536C /* Products */; - ProjectRef = 1879B712146DE825007E536C /* libsecurity_smime.xcodeproj */; - }, - { - ProductGroup = 1879B720146DE839007E536C /* Products */; - ProjectRef = 1879B71F146DE839007E536C /* libsecurity_ssl.xcodeproj */; - }, - { - ProductGroup = 1879B72C146DE844007E536C /* Products */; - ProjectRef = 1879B72B146DE844007E536C /* libsecurity_transform.xcodeproj */; - }, - { - ProductGroup = 1F6FC5E01C3D9D90001C758F /* Products */; - ProjectRef = 1F6FC5DF1C3D9D90001C758F /* libsecurity_translocate.xcodeproj */; - }, - { - ProductGroup = 1879B533146DDBE5007E536C /* Products */; - ProjectRef = 1879B532146DDBE5007E536C /* libsecurity_utilities.xcodeproj */; - }, - { - ProductGroup = 184461A4146E9D3200B12992 /* Products */; - ProjectRef = 184461A3146E9D3200B12992 /* libsecurityd.xcodeproj */; - }, - { - ProductGroup = 0CC3355C16C1EF5D00399E53 /* Products */; - ProjectRef = 0CC3355B16C1EF5D00399E53 /* regressions.xcodeproj */; - }, - { - ProductGroup = 186CDD1714CA11C700AF9171 /* Products */; - ProjectRef = 186CDD1614CA11C700AF9171 /* sec.xcodeproj */; - }, - { - ProductGroup = 4C12893815FFECF3008CE3E3 /* Products */; - ProjectRef = 4C12893715FFECF3008CE3E3 /* utilities.xcodeproj */; - }, - ); - projectRoot = ""; - targets = ( - 186F778814E59FB200434E1F /* Security_frameworks */, - 186F778C14E59FDA00434E1F /* Security_executables */, - 4CE4729E16D833FD009070D1 /* Security_temporary_UI */, - 1807384A146D0D4E00F05C24 /* Security */, - 182BB567146F4DCA000BF1F3 /* csparser */, - 18FE67E91471A3AA00A2CBE3 /* copyHeaders */, - 18270ED514CF282600B05E7F /* secd */, - 0CC3350716C1ED8000399E53 /* secdtests */, - D42FA8231C9B8D3C003E46A7 /* SecurityTestsOSX */, - 0C6C630A15D193C800BC68CD /* sectests */, - 18F234EA15C9F9A600060520 /* authd */, - BE48ADF71ADF1DF4000836C1 /* trustd */, - 4CB23B45169F5873003A0131 /* security2 */, - 4CC7A7B216CC2A84003E10C1 /* Cloud Keychain Utility */, - 4C96F7C016D6DF8300D3B39D /* Keychain Circle Notification */, - 37A7CEAA197DB8FA00926CE8 /* codesign_tests */, - 37AB390E1A44A88000B56E04 /* gk_reset_check */, - 3705CAD11A896DE800402F75 /* SecTaskTest */, - F93C49311AB8FD350047E01A /* ckcdiagnose.sh */, - 5EF7C2091B00E25400E5E99C /* secacltests */, - EBB697031BE208FC00715F16 /* secbackupntest */, - EBE011D31C21357200CB6A63 /* SecurityFeatures */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 0C4EAE721766865000773425 /* libsecdRegressions.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecdRegressions.a; - remoteRef = 0C4EAE711766865000773425 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 0C6D77CF15C8B66000BB4405 /* libsecurity_ssl_regressions.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_ssl_regressions.a; - remoteRef = 0C6D77CE15C8B66000BB4405 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 0C6D77D115C8B66000BB4405 /* dtlsEchoClient */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = dtlsEchoClient; - remoteRef = 0C6D77D015C8B66000BB4405 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 0C6D77D315C8B66000BB4405 /* dtlsEchoServer */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = dtlsEchoServer; - remoteRef = 0C6D77D215C8B66000BB4405 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 0CBD50B316C325F000713B6C /* libsecurity_keychain_regressions.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_keychain_regressions.a; - remoteRef = 0CBD50B216C325F000713B6C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 0CC3356016C1EF5D00399E53 /* libregressions.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libregressions.a; - remoteRef = 0CC3355F16C1EF5D00399E53 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 18270C7D14CE573D00B05E7F /* libsecurityd.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurityd.a; - remoteRef = 18270C7C14CE573D00B05E7F /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 18270F1214CF43C000B05E7F /* libDER.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libDER.a; - remoteRef = 18270F1114CF43C000B05E7F /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 18270F1414CF43C000B05E7F /* parseCert */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = parseCert; - remoteRef = 18270F1314CF43C000B05E7F /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 18270F1614CF43C000B05E7F /* libDERUtils.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libDERUtils.a; - remoteRef = 18270F1514CF43C000B05E7F /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 18270F1814CF43C000B05E7F /* parseCrl */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = parseCrl; - remoteRef = 18270F1714CF43C000B05E7F /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 18270F1A14CF43C000B05E7F /* parseTicket */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = parseTicket; - remoteRef = 18270F1914CF43C000B05E7F /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 18270F6014CF655B00B05E7F /* libsecipc_client.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecipc_client.a; - remoteRef = 18270F5F14CF655B00B05E7F /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 184461B1146E9D3300B12992 /* libsecurityd_client.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurityd_client.a; - remoteRef = 184461B0146E9D3300B12992 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 184461B5146E9D3300B12992 /* libsecurityd_server.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurityd_server.a; - remoteRef = 184461B4146E9D3300B12992 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 184461B9146E9D3300B12992 /* ucspc.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = ucspc.a; - remoteRef = 184461B8146E9D3300B12992 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 186CDD1E14CA11C700AF9171 /* libSecItemShimOSX.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSecItemShimOSX.a; - remoteRef = 186CDD1D14CA11C700AF9171 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B538146DDBE5007E536C /* libsecurity_utilities.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_utilities.a; - remoteRef = 1879B537146DDBE5007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B54F146DE212007E536C /* libsecurity_cdsa_utils.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_cdsa_utils.a; - remoteRef = 1879B54E146DE212007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B55A146DE227007E536C /* libsecurity_cdsa_utilities.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_cdsa_utilities.a; - remoteRef = 1879B559146DE227007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B55C146DE227007E536C /* Schemas */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = Schemas; - remoteRef = 1879B55B146DE227007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B565146DE244007E536C /* libsecurity_cssm.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_cssm.a; - remoteRef = 1879B564146DE244007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B5C6146DE6C8007E536C /* libsecurity_apple_csp.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_apple_csp.a; - remoteRef = 1879B5C5146DE6C8007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B5D2146DE6CE007E536C /* libsecurity_apple_cspdl.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_apple_cspdl.a; - remoteRef = 1879B5D1146DE6CE007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B5DE146DE6D7007E536C /* libsecurity_apple_file_dl.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_apple_file_dl.a; - remoteRef = 1879B5DD146DE6D7007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B5EB146DE6E8007E536C /* libsecurity_apple_x509_cl.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_apple_x509_cl.a; - remoteRef = 1879B5EA146DE6E8007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B5EF146DE6E8007E536C /* apple_x509_cl.bundle */ = { - isa = PBXReferenceProxy; - fileType = wrapper.cfbundle; - path = apple_x509_cl.bundle; - remoteRef = 1879B5EE146DE6E8007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B5F9146DE6FD007E536C /* libsecurity_apple_x509_tp.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_apple_x509_tp.a; - remoteRef = 1879B5F8146DE6FD007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B612146DE70A007E536C /* libsecurity_authorization.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_authorization.a; - remoteRef = 1879B611146DE70A007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B61E146DE715007E536C /* libsecurity_cdsa_client.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_cdsa_client.a; - remoteRef = 1879B61D146DE715007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B62B146DE720007E536C /* libsecurity_cdsa_plugin.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_cdsa_plugin.a; - remoteRef = 1879B62A146DE720007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B644146DE748007E536C /* libsecurity_checkpw.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_checkpw.a; - remoteRef = 1879B643146DE748007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B648146DE748007E536C /* test-checkpw */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = "test-checkpw"; - remoteRef = 1879B647146DE748007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B64A146DE748007E536C /* perf-checkpw */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = "perf-checkpw"; - remoteRef = 1879B649146DE748007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B654146DE750007E536C /* libsecurity_cms.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_cms.a; - remoteRef = 1879B653146DE750007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B666146DE757007E536C /* libsecurity_codesigning.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_codesigning.a; - remoteRef = 1879B665146DE757007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B66A146DE757007E536C /* libintegrity.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libintegrity.a; - remoteRef = 1879B669146DE757007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B66C146DE757007E536C /* libcodehost.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libcodehost.a; - remoteRef = 1879B66B146DE757007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B676146DE75E007E536C /* libsecurity_comcryption.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_comcryption.a; - remoteRef = 1879B675146DE75E007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B684146DE76F007E536C /* libsecurity_cryptkit.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_cryptkit.a; - remoteRef = 1879B683146DE76F007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B688146DE76F007E536C /* libCryptKit.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libCryptKit.a; - remoteRef = 1879B687146DE76F007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B68A146DE76F007E536C /* CryptKitSignature.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = CryptKitSignature.a; - remoteRef = 1879B689146DE76F007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B69D146DE797007E536C /* libsecurity_filedb.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_filedb.a; - remoteRef = 1879B69C146DE797007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B6B3146DE7A0007E536C /* libsecurity_keychain.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_keychain.a; - remoteRef = 1879B6B2146DE7A0007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B6B7146DE7A0007E536C /* XPCKeychainSandboxCheck.xpc */ = { - isa = PBXReferenceProxy; - fileType = wrapper.application; - path = XPCKeychainSandboxCheck.xpc; - remoteRef = 1879B6B6146DE7A0007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B6D0146DE7D7007E536C /* libsecurity_manifest.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_manifest.a; - remoteRef = 1879B6CF146DE7D7007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B6DC146DE7E0007E536C /* libsecurity_mds.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_mds.a; - remoteRef = 1879B6DB146DE7E0007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B6E9146DE7E8007E536C /* libsecurity_ocspd.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_ocspd.a; - remoteRef = 1879B6E8146DE7E8007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B6F5146DE7EF007E536C /* libsecurity_pkcs12.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_pkcs12.a; - remoteRef = 1879B6F4146DE7EF007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B701146DE7F7007E536C /* libsecurity_sd_cspdl.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_sd_cspdl.a; - remoteRef = 1879B700146DE7F7007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B71C146DE825007E536C /* libsecurity_smime.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_smime.a; - remoteRef = 1879B71B146DE825007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B728146DE839007E536C /* libsecurity_ssl.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_ssl.a; - remoteRef = 1879B727146DE839007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B739146DE845007E536C /* libsecurity_transform.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_transform.a; - remoteRef = 1879B738146DE845007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B73D146DE845007E536C /* unit-tests.xctest */ = { - isa = PBXReferenceProxy; - fileType = wrapper.cfbundle; - path = "unit-tests.xctest"; - remoteRef = 1879B73C146DE845007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B73F146DE845007E536C /* 100-sha2 */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = "100-sha2"; - remoteRef = 1879B73E146DE845007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1879B741146DE845007E536C /* input-speed-test */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = "input-speed-test"; - remoteRef = 1879B740146DE845007E536C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1885B3F914D8D9B100519375 /* libASN1.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libASN1.a; - remoteRef = 1885B3F814D8D9B100519375 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 18D4053B14CE2C1600A2BE4E /* libsecurity.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity.a; - remoteRef = 18D4053A14CE2C1600A2BE4E /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 1F6FC6001C3D9D90001C758F /* libsecurity_translocate.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_translocate.a; - remoteRef = 1F6FC5FF1C3D9D90001C758F /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 4C1288EA15FFE9D7008CE3E3 /* libSecureObjectSync.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSecureObjectSync.a; - remoteRef = 4C1288E915FFE9D7008CE3E3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 4C1288EC15FFE9D7008CE3E3 /* libSOSRegressions.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSOSRegressions.a; - remoteRef = 4C1288EB15FFE9D7008CE3E3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 4C1288EE15FFE9D7008CE3E3 /* libSecurityRegressions.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSecurityRegressions.a; - remoteRef = 4C1288ED15FFE9D7008CE3E3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 4C1288F015FFE9D7008CE3E3 /* libsecuritydRegressions.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecuritydRegressions.a; - remoteRef = 4C1288EF15FFE9D7008CE3E3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 4C1288F215FFE9D7008CE3E3 /* libSecOtrOSX.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSecOtrOSX.a; - remoteRef = 4C1288F115FFE9D7008CE3E3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 4C12894015FFECF3008CE3E3 /* libutilities.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libutilities.a; - remoteRef = 4C12893F15FFECF3008CE3E3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 4C12894215FFECF3008CE3E3 /* libutilitiesRegressions.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libutilitiesRegressions.a; - remoteRef = 4C12894115FFECF3008CE3E3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 4CB23B76169F5873003A0131 /* libSecurityTool.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSecurityTool.a; - remoteRef = 4CB23B75169F5873003A0131 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 4CB23B78169F5873003A0131 /* libSecurityCommands.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSecurityCommands.a; - remoteRef = 4CB23B77169F5873003A0131 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 4CB23B7A169F5873003A0131 /* libSOSCommands.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSOSCommands.a; - remoteRef = 4CB23B79169F5873003A0131 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 52B5A8F6151928B400664F11 /* XPCTimeStampingService.xpc */ = { - isa = PBXReferenceProxy; - fileType = wrapper.application; - path = XPCTimeStampingService.xpc; - remoteRef = 52B5A8F5151928B400664F11 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - ACB6171818B5231800EBEDD7 /* libsecurity_smime_regressions.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_smime_regressions.a; - remoteRef = ACB6171718B5231800EBEDD7 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - BE8D22BC1ABB747B009A4E18 /* libSecTrustOSX.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSecTrustOSX.a; - remoteRef = BE8D22BB1ABB747B009A4E18 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - C2432A0815C7112A0096DB5B /* gkunpack */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = gkunpack; - remoteRef = C2432A0715C7112A0096DB5B /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - D40772181C9B52210016AA66 /* libSharedRegressions.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSharedRegressions.a; - remoteRef = D40772171C9B52210016AA66 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - D4CBC1281BE981DE00C5795E /* libsecurity_cms_regressions.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_cms_regressions.a; - remoteRef = D4CBC1271BE981DE00C5795E /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - E760796F1951F99600F69731 /* libSWCAgent.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSWCAgent.a; - remoteRef = E760796E1951F99600F69731 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - E76079D51951FDA800F69731 /* liblogging.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = liblogging.a; - remoteRef = E76079D41951FDA800F69731 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - EB2E1F58166D6B3700A7EF61 /* com.apple.CodeSigningHelper.xpc */ = { - isa = PBXReferenceProxy; - fileType = wrapper.cfbundle; - path = com.apple.CodeSigningHelper.xpc; - remoteRef = EB2E1F57166D6B3700A7EF61 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; -/* End PBXReferenceProxy section */ - -/* Begin PBXResourcesBuildPhase section */ - 18073849146D0D4E00F05C24 /* Resources */ = { - isa = PBXResourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 1879B4AA146DCA18007E536C /* cssm.mdsinfo in Resources */, - 1844605F146DE93E00B12992 /* csp_capabilities.mdsinfo in Resources */, - 18446060146DE93E00B12992 /* csp_capabilities_common.mds in Resources */, - 18446061146DE93E00B12992 /* csp_common.mdsinfo in Resources */, - 18446062146DE93E00B12992 /* csp_primary.mdsinfo in Resources */, - 184460C7146E7B1E00B12992 /* cspdl_common.mdsinfo in Resources */, - 184460C8146E7B1E00B12992 /* cspdl_csp_capabilities.mdsinfo in Resources */, - 184460C9146E7B1E00B12992 /* cspdl_csp_primary.mdsinfo in Resources */, - 184460CA146E7B1E00B12992 /* cspdl_dl_primary.mdsinfo in Resources */, - 184460E3146E806700B12992 /* dl_common.mdsinfo in Resources */, - 184460E4146E806700B12992 /* dl_primary.mdsinfo in Resources */, - 18446105146E82C800B12992 /* cl_common.mdsinfo in Resources */, - 18446106146E82C800B12992 /* cl_primary.mdsinfo in Resources */, - 18446115146E85A300B12992 /* tp_common.mdsinfo in Resources */, - 18446116146E85A300B12992 /* tp_policyOids.mdsinfo in Resources */, - 18446117146E85A300B12992 /* tp_primary.mdsinfo in Resources */, - 182BB3C5146F1DCB000BF1F3 /* sd_cspdl_common.mdsinfo in Resources */, - 182BB22A146F068B000BF1F3 /* iToolsTrustedApps.plist in Resources */, - 182BB55F146F4544000BF1F3 /* FDEPrefs.plist in Resources */, - 18500F9B14708D0E006F9AB4 /* SecDebugErrorMessages.strings in Resources */, - 18500FA114708F19006F9AB4 /* SecErrorMessages.strings in Resources */, - BE8C5F0A16F7CE450074CF86 /* framework.sb in Resources */, - 188AD8DC1471FE3E0081C619 /* FDELocalizable.strings in Resources */, - 188AD8DD1471FE3E0081C619 /* InfoPlist.strings in Resources */, - 52B006C015238F76005D4556 /* TimeStampingPrefs.plist in Resources */, - 5E6344221D4B834600A23FB4 /* authorization.dfr.prompts-BBBAA77A32-C4EBFEA440.strings in Resources */, - 187D6B9315D435BD00E27494 /* authorization.buttons.strings in Resources */, - 187D6B9415D435C700E27494 /* authorization.prompts.strings in Resources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 182BB566146F4DCA000BF1F3 /* Resources */ = { - isa = PBXResourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4C96F7BF16D6DF8300D3B39D /* Resources */ = { - isa = PBXResourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 532847791785076B009118DC /* Localizable.strings in Resources */, - 4C49390D16E51ACE00CE110C /* com.apple.security.keychain-circle-notification.plist in Resources */, - 4C96F7C816D6DF8400D3B39D /* InfoPlist.strings in Resources */, - 4C96F7D416D6DF8400D3B39D /* MainMenu.xib in Resources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CC7A7B116CC2A84003E10C1 /* Resources */ = { - isa = PBXResourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4C2505B716D2DF9F002CE025 /* Icon.icns in Resources */, - 4CC7A7BA16CC2A85003E10C1 /* InfoPlist.strings in Resources */, - 4CC7A7C016CC2A85003E10C1 /* Credits.rtf in Resources */, - 4CC7A7C616CC2A85003E10C1 /* MainMenu.xib in Resources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - D42FA8221C9B8D3C003E46A7 /* Resources */ = { - isa = PBXResourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - D4D886F31CED01F800DC7583 /* nist-certs in Resources */, - D4D886C41CEBDBEB00DC7583 /* ssl-policy-certs in Resources */, - D4EC94D61CEA48000083E753 /* si-20-sectrust-policies-data in Resources */, - 0C0C887D1CCED19E00617D1B /* si-82-sectrust-ct-data in Resources */, - D42FA87D1C9B9186003E46A7 /* si-82-sectrust-ct-logs.plist in Resources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXResourcesBuildPhase section */ - -/* Begin PBXShellScriptBuildPhase section */ - 182BB583146FDD3C000BF1F3 /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - ); - outputPaths = ( - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "cd ${BUILT_PRODUCTS_DIR}/Security.framework\n/bin/ln -sF Versions/Current/PlugIns PlugIns\nexit 0"; - showEnvVarsInLog = 0; - }; - 18500F9114707E10006F9AB4 /* Run Script Copy XPC Service */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - ); - name = "Run Script Copy XPC Service"; - outputPaths = ( - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "if [ ! -h ${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}/XPCServices ]; then\n ln -s Versions/Current/XPCServices ${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}/XPCServices\nfi\n\nexit 0"; - showEnvVarsInLog = 0; - }; - 18500F961470828E006F9AB4 /* Run Script Generate Strings */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - "${BUILT_PRODUCTS_DIR}/Security.framework/Headers/Authorization.h", - "${BUILT_PRODUCTS_DIR}/Security.framework/Headers/AuthSession.h", - "${BUILT_PRODUCTS_DIR}/Security.framework/Headers/SecureTransport.h", - "${BUILT_PRODUCTS_DIR}/Security.framework/Headers/SecBase.h", - "${BUILT_PRODUCTS_DIR}/Security.framework/Headers/cssmerr.h", - "${BUILT_PRODUCTS_DIR}/Security.framework/Headers/cssmapple.h", - "${BUILT_PRODUCTS_DIR}/Security.framework/Headers/CSCommon.h", - "${BUILT_PRODUCTS_DIR}/Security.framework/PrivateHeaders/AuthorizationPriv.h", - "${PROJECT_DIR}/libsecurity_keychain/lib/MacOSErrorStrings.h", - "${BUILT_PRODUCTS_DIR}/Security.framework/PrivateHeaders/SecureTransportPriv.h", - ); - name = "Run Script Generate Strings"; - outputPaths = ( - "${BUILT_PRODUCTS_DIR}/derived_src/SecDebugErrorMessages.strings", - "${BUILT_PRODUCTS_DIR}/derived_src/en.lproj/SecErrorMessages.strings", - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "DERIVED_SRC=${BUILT_PRODUCTS_DIR}/derived_src\nmkdir -p ${DERIVED_SRC}\n\n# make error message string files\n\nGENDEBUGSTRS[0]=YES; ERRORSTRINGS[0]=${DERIVED_SRC}/SecDebugErrorMessages.strings\nGENDEBUGSTRS[1]=NO ; ERRORSTRINGS[1]=${DERIVED_SRC}/en.lproj/SecErrorMessages.strings\n\nmkdir -p ${DERIVED_SRC}/en.lproj\n\nfor ((ix=0;ix<2;ix++)) ; do\nperl lib/generateErrStrings.pl \\\n${GENDEBUGSTRS[ix]} \\\n${DERIVED_SRC} \\\n${ERRORSTRINGS[ix]} \\\n${BUILT_PRODUCTS_DIR}/Security.framework/Headers/Authorization.h \\\n${BUILT_PRODUCTS_DIR}/Security.framework/Headers/AuthSession.h \\\n${BUILT_PRODUCTS_DIR}/Security.framework/Headers/SecureTransport.h \\\n${BUILT_PRODUCTS_DIR}/Security.framework/Headers/SecBase.h \\\n${BUILT_PRODUCTS_DIR}/Security.framework/Headers/cssmerr.h \\\n${BUILT_PRODUCTS_DIR}/Security.framework/Headers/cssmapple.h \\\n${BUILT_PRODUCTS_DIR}/Security.framework/Headers/CSCommon.h \\\n${BUILT_PRODUCTS_DIR}/Security.framework/PrivateHeaders/AuthorizationPriv.h \\\n${PROJECT_DIR}/libsecurity_keychain/lib/MacOSErrorStrings.h \\\n${BUILT_PRODUCTS_DIR}/Security.framework/PrivateHeaders/SecureTransportPriv.h\ndone"; - showEnvVarsInLog = 0; - }; - 5E3BDC291CD20B4300C80B61 /* Unifdef RC_HIDE_J79/J80 */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - ); - name = "Unifdef RC_HIDE_J79/J80"; - outputPaths = ( - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "if [ -d $DSTROOT ]; then\n RC_HIDE_J79_VAL=0\n RC_HIDE_J80_VAL=0\n SEC_HDRS_PATH=\"System/Library/Frameworks/Security.framework/Headers\"\n\n if [ ! -z $RC_HIDE_J79 ]; then\n RC_HIDE_J79_VAL=1\n fi\n\n if [ ! -z $RC_HIDE_J80 ]; then\n RC_HIDE_J80_VAL=1\n fi\n\n if [ -a $DSTROOT/$SEC_HDRS_PATH/SecAccessControl.h ]; then\n unifdef -B -DRC_HIDE_J79=$RC_HIDE_J79_VAL -DRC_HIDE_J80=$RC_HIDE_J80_VAL -o $DSTROOT/$SEC_HDRS_PATH/SecAccessControl.h $DSTROOT/$SEC_HDRS_PATH/SecAccessControl.h\n if [$? eq 2]; then\n exit 2\n fi\n fi\n\n if [ -a $DSTROOT/$SEC_HDRS_PATH/SecItem.h ]; then\n unifdef -B -DRC_HIDE_J79=$RC_HIDE_J79_VAL -DRC_HIDE_J80=$RC_HIDE_J80_VAL -o $DSTROOT/$SEC_HDRS_PATH/SecItem.h $DSTROOT/$SEC_HDRS_PATH/SecItem.h\n if [$? eq 2]; then\n exit 2\n fi\n fi\n\n exit 0\nfi"; - showEnvVarsInLog = 0; - }; - EB73F0431C210DA9008191E3 /* Copy Security Feature header */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - ); - name = "Copy Security Feature header"; - outputPaths = ( - "$(BUILT_PRODUCTS_DIR)/include/Security/SecurityFeatures.h", - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "sh ${PROJECT_DIR}/../SecurityFeatures/CopyHeaders.sh OSX"; - }; -/* End PBXShellScriptBuildPhase section */ - -/* Begin PBXSourcesBuildPhase section */ - 0C6C630715D193C800BC68CD /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 0CCEBDB116C2CFC1001BD7F6 /* main.c in Sources */, - EB22F3FB18A26BE40016A8EC /* bc-10-knife-on-bread.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 0CC3351616C1ED8000399E53 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 0CC3355A16C1EEE700399E53 /* main.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 18073846146D0D4E00F05C24 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 18A5493315EFD3690059E6DC /* dummy.cpp in Sources */, - E778BFBC17176DDE00302C14 /* security.exp-in in Sources */, - EB22F3F918A26BCA0016A8EC /* SecBreadcrumb.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 18270ED214CF282600B05E7F /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 18270EF614CF334A00B05E7F /* server.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 182BB564146F4DCA000BF1F3 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 182BB57F146F51A5000BF1F3 /* csparser.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 18F234E715C9F9A600060520 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 18F2352115C9FA3C00060520 /* agent.c in Sources */, - 18F2352215C9FA3C00060520 /* authdb.c in Sources */, - 18F2352315C9FA3C00060520 /* authitems.c in Sources */, - 18F2352415C9FA3C00060520 /* authtoken.c in Sources */, - 18F2352515C9FA3C00060520 /* authutilities.c in Sources */, - 18F2352615C9FA3C00060520 /* ccaudit.c in Sources */, - 18F2352715C9FA3C00060520 /* crc.c in Sources */, - 18F2352815C9FA3C00060520 /* credential.c in Sources */, - 18F2352915C9FA3C00060520 /* debugging.c in Sources */, - 18F2352B15C9FA3C00060520 /* engine.c in Sources */, - 18F2352C15C9FA3C00060520 /* main.c in Sources */, - 18F2352D15C9FA3C00060520 /* mechanism.c in Sources */, - 18F2352E15C9FA3C00060520 /* object.c in Sources */, - 18F2352F15C9FA3C00060520 /* process.c in Sources */, - 18F2353015C9FA3C00060520 /* rule.c in Sources */, - 18F2353215C9FA3C00060520 /* server.c in Sources */, - 18F2353315C9FA3C00060520 /* session.c in Sources */, - 182A191115D09AFF006AB103 /* connection.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 3705CACE1A896DE800402F75 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 3705CAD91A896E0600402F75 /* main.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 37A7CEA7197DB8FA00926CE8 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 37A7CEAE197DB8FA00926CE8 /* FatDynamicValidation.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 37AB390B1A44A88000B56E04 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 37AB39121A44A88000B56E04 /* gk_reset_check.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4C96F7BD16D6DF8300D3B39D /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4CAEACCC16D6FBF600263776 /* KDSecCircle.m in Sources */, - 4C5DD46A17A5E5D000696A79 /* KNPersistentState.m in Sources */, - 4CD1980E16DD3BDF00A9E8FD /* NSArray+mapWithBlock.m in Sources */, - 4C7D456817BEED0400DDD88F /* NSDictionary+compactDescription.m in Sources */, - 4C7D453D17BEE69B00DDD88F /* NSString+compactDescription.m in Sources */, - 4C96F7CA16D6DF8400D3B39D /* main.m in Sources */, - 4C85DEDB16DBD5BF00ED8D47 /* KDCirclePeer.m in Sources */, - 4C96F7D116D6DF8400D3B39D /* KNAppDelegate.m in Sources */, - 4C7D456917BEED1400DDD88F /* NSSet+compactDescription.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CB23B42169F5873003A0131 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4CB23B81169F58DE003A0131 /* security_tool_commands.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CC7A7AF16CC2A84003E10C1 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4C96F76016D5462F00D3B39D /* KDSecCircle.m in Sources */, - 4C85DEDA16DBD5BF00ED8D47 /* KDCirclePeer.m in Sources */, - 4CC7A7BC16CC2A85003E10C1 /* main.m in Sources */, - 4CC7A7C316CC2A85003E10C1 /* KDAppDelegate.m in Sources */, - 4CC7A7F616CD99E2003E10C1 /* KDSecItems.m in Sources */, - 4CD1980D16DD3BDF00A9E8FD /* NSArray+mapWithBlock.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 5EF7C2061B00E25400E5E99C /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 5EC01FEE1B0CA7E0009FBB75 /* sec_acl_stress.c in Sources */, - 5EF7C23E1B00E48200E5E99C /* main.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - BE48AE021ADF1DF4000836C1 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - BE48AE031ADF1DF4000836C1 /* server.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - D42FA8201C9B8D3C003E46A7 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - D42FA82B1C9B8D3D003E46A7 /* main.m in Sources */, - D42FA8EA1C9BAA44003E46A7 /* bc-10-knife-on-bread.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - EBB697001BE208FC00715F16 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - EBB6970F1BE209D400715F16 /* secbackupntest.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - 0C4EAE7917668DFF00773425 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecdRegressions; - targetProxy = 0C4EAE7817668DFF00773425 /* PBXContainerItemProxy */; - }; - 0C6C632E15D19D2900BC68CD /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_ssl_regressions; - targetProxy = 0C6C632D15D19D2900BC68CD /* PBXContainerItemProxy */; - }; - 0CBD50C716C3260D00713B6C /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_keychain_regressions; - targetProxy = 0CBD50C616C3260D00713B6C /* PBXContainerItemProxy */; - }; - 0CC3350816C1ED8000399E53 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecureObjectSync; - targetProxy = 0CC3350916C1ED8000399E53 /* PBXContainerItemProxy */; - }; - 0CC3350A16C1ED8000399E53 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = utilities; - targetProxy = 0CC3350B16C1ED8000399E53 /* PBXContainerItemProxy */; - }; - 0CC3350C16C1ED8000399E53 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSOSRegressions; - targetProxy = 0CC3350D16C1ED8000399E53 /* PBXContainerItemProxy */; - }; - 0CC3351016C1ED8000399E53 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity; - targetProxy = 0CC3351116C1ED8000399E53 /* PBXContainerItemProxy */; - }; - 0CC3351216C1ED8000399E53 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecipc_client; - targetProxy = 0CC3351316C1ED8000399E53 /* PBXContainerItemProxy */; - }; - 0CC3351416C1ED8000399E53 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecItemShimOSX; - targetProxy = 0CC3351516C1ED8000399E53 /* PBXContainerItemProxy */; - }; - 0CC3356216C1EF8B00399E53 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = regressions; - targetProxy = 0CC3356116C1EF8B00399E53 /* PBXContainerItemProxy */; - }; - 0CCEBDB316C2CFD4001BD7F6 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = regressions; - targetProxy = 0CCEBDB216C2CFD4001BD7F6 /* PBXContainerItemProxy */; - }; - 0CCEBDBA16C303D8001BD7F6 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 0CC3350716C1ED8000399E53 /* secdtests */; - targetProxy = 0CCEBDB916C303D8001BD7F6 /* PBXContainerItemProxy */; - }; - 0CCEBDBD16C30948001BD7F6 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = utilitiesRegressions; - targetProxy = 0CCEBDBC16C30948001BD7F6 /* PBXContainerItemProxy */; - }; - 0CFC55E315DDB86500BEC89E /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 0C6C630A15D193C800BC68CD /* sectests */; - targetProxy = 0CFC55E215DDB86500BEC89E /* PBXContainerItemProxy */; - }; - 18270EE114CF28D000B05E7F /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity; - targetProxy = 18270EE014CF28D000B05E7F /* PBXContainerItemProxy */; - }; - 18270EE314CF28D900B05E7F /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurityd; - targetProxy = 18270EE214CF28D900B05E7F /* PBXContainerItemProxy */; - }; - 18270F5D14CF655B00B05E7F /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecipc_client; - targetProxy = 18270F5C14CF655B00B05E7F /* PBXContainerItemProxy */; - }; - 182BB22C146F07DD000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = XPCKeychainSandboxCheck; - targetProxy = 182BB22B146F07DD000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB3EC146F2448000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_apple_x509_tp; - targetProxy = 182BB3EB146F2448000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB3EE146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_pkcs12; - targetProxy = 182BB3ED146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB3F0146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_transform; - targetProxy = 182BB3EF146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB3F2146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_ocspd; - targetProxy = 182BB3F1146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB3F4146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_comcryption; - targetProxy = 182BB3F3146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB3F6146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_checkpw; - targetProxy = 182BB3F5146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB3F8146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_ssl; - targetProxy = 182BB3F7146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB3FC146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_apple_cspdl; - targetProxy = 182BB3FB146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB3FE146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_sd_cspdl; - targetProxy = 182BB3FD146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB400146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_manifest; - targetProxy = 182BB3FF146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB402146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_smime; - targetProxy = 182BB401146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB404146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_cms; - targetProxy = 182BB403146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB406146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_apple_csp; - targetProxy = 182BB405146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB408146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_apple_x509_cl; - targetProxy = 182BB407146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB40A146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_keychain; - targetProxy = 182BB409146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB40C146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_apple_file_dl; - targetProxy = 182BB40B146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB40E146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_authorization; - targetProxy = 182BB40D146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB410146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_cdsa_utilities; - targetProxy = 182BB40F146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB412146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_cryptkit; - targetProxy = 182BB411146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB414146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_cdsa_client; - targetProxy = 182BB413146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB418146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_filedb; - targetProxy = 182BB417146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB41A146F248D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_mds; - targetProxy = 182BB419146F248D000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB4E7146F25AF000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_codesigning; - targetProxy = 182BB4E6146F25AF000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB588146FE001000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_codesigning; - targetProxy = 182BB587146FE001000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB58D146FE0FF000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_cdsa_utilities; - targetProxy = 182BB58C146FE0FF000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB58F146FE11C000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_utilities; - targetProxy = 182BB58E146FE11C000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB596146FE27F000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 1807384A146D0D4E00F05C24 /* Security */; - targetProxy = 182BB595146FE27F000BF1F3 /* PBXContainerItemProxy */; - }; - 18446082146DF52F00B12992 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_cdsa_plugin; - targetProxy = 18446081146DF52F00B12992 /* PBXContainerItemProxy */; - }; - 186F779114E5A00F00434E1F /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 18270ED514CF282600B05E7F /* secd */; - targetProxy = 186F779014E5A00F00434E1F /* PBXContainerItemProxy */; - }; - 186F779314E5A01700434E1F /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 1807384A146D0D4E00F05C24 /* Security */; - targetProxy = 186F779214E5A01700434E1F /* PBXContainerItemProxy */; - }; - 186F779514E5A01C00434E1F /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 182BB567146F4DCA000BF1F3 /* csparser */; - targetProxy = 186F779414E5A01C00434E1F /* PBXContainerItemProxy */; - }; - 186F779714E5A04200434E1F /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 18FE67E91471A3AA00A2CBE3 /* copyHeaders */; - targetProxy = 186F779614E5A04200434E1F /* PBXContainerItemProxy */; - }; - 1879B545146DE18D007E536C /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_utilities; - targetProxy = 1879B544146DE18D007E536C /* PBXContainerItemProxy */; - }; - 1879B56C146DE2CF007E536C /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_cdsa_utils; - targetProxy = 1879B56B146DE2CF007E536C /* PBXContainerItemProxy */; - }; - 1879B56E146DE2D3007E536C /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_cssm; - targetProxy = 1879B56D146DE2D3007E536C /* PBXContainerItemProxy */; - }; - 18AD56A614CDED59008233F2 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = sec; - targetProxy = 18AD56A514CDED59008233F2 /* PBXContainerItemProxy */; - }; - 18B9655C1472F83C005A4D2E /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = world; - targetProxy = 18B9655B1472F83C005A4D2E /* PBXContainerItemProxy */; - }; - 18F235FF15CA100300060520 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 18F234EA15C9F9A600060520 /* authd */; - targetProxy = 18F235FE15CA100300060520 /* PBXContainerItemProxy */; - }; - 18FE688F1471A4C900A2CBE3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 18FE67E91471A3AA00A2CBE3 /* copyHeaders */; - targetProxy = 18FE688E1471A4C900A2CBE3 /* PBXContainerItemProxy */; - }; - 1FDA9A5F1C4471EC0083929D /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_translocate; - targetProxy = 1FDA9A5E1C4471EC0083929D /* PBXContainerItemProxy */; - }; - 3705CADE1A8971DF00402F75 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 3705CAD11A896DE800402F75 /* SecTaskTest */; - targetProxy = 3705CADD1A8971DF00402F75 /* PBXContainerItemProxy */; - }; - 37A7CEDA197DBA8700926CE8 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 37A7CEAA197DB8FA00926CE8 /* codesign_tests */; - targetProxy = 37A7CED9197DBA8700926CE8 /* PBXContainerItemProxy */; - }; - 37AB39401A44A95500B56E04 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 37AB390E1A44A88000B56E04 /* gk_reset_check */; - targetProxy = 37AB393F1A44A95500B56E04 /* PBXContainerItemProxy */; - }; - 4374574E1B2787950051E20E /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = utilities; - targetProxy = 4374574D1B2787950051E20E /* PBXContainerItemProxy */; - }; - 4381B9AC1B28E0F4002BBC79 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = utilities; - targetProxy = 4381B9AB1B28E0F4002BBC79 /* PBXContainerItemProxy */; - }; - 4AD6F6F41651CC2500DB4CE6 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecOtrOSX; - targetProxy = 4AD6F6F31651CC2500DB4CE6 /* PBXContainerItemProxy */; - }; - 4C01DF13164C3E74006798CD /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecureObjectSync; - targetProxy = 4C01DF12164C3E74006798CD /* PBXContainerItemProxy */; - }; - 4C12894415FFED03008CE3E3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = utilities; - targetProxy = 4C12894315FFED03008CE3E3 /* PBXContainerItemProxy */; - }; - 4C797BC916D83A3100C7B586 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4C96F7C016D6DF8300D3B39D /* Keychain Circle Notification */; - targetProxy = 4C797BC816D83A3100C7B586 /* PBXContainerItemProxy */; - }; - 4C797BF116D83A3800C7B586 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4CC7A7B216CC2A84003E10C1 /* Cloud Keychain Utility */; - targetProxy = 4C797BF016D83A3800C7B586 /* PBXContainerItemProxy */; - }; - 4C7D8764160A746E00D041E3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = utilities; - targetProxy = 4C7D8763160A746E00D041E3 /* PBXContainerItemProxy */; - }; - 4C8D8650177A75100019A804 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecipc_client; - targetProxy = 4C8D864F177A75100019A804 /* PBXContainerItemProxy */; - }; - 4CB23B84169F5961003A0131 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSOSCommands; - targetProxy = 4CB23B83169F5961003A0131 /* PBXContainerItemProxy */; - }; - 4CB23B86169F5971003A0131 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecurityCommands; - targetProxy = 4CB23B85169F5971003A0131 /* PBXContainerItemProxy */; - }; - 4CB23B88169F597D003A0131 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecurityTool; - targetProxy = 4CB23B87169F597D003A0131 /* PBXContainerItemProxy */; - }; - 4CB23B90169F59D8003A0131 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4CB23B45169F5873003A0131 /* security2 */; - targetProxy = 4CB23B8F169F59D8003A0131 /* PBXContainerItemProxy */; - }; - 5208C0FE16A0D3980062DDC5 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecureObjectSync; - targetProxy = 5208C0FD16A0D3980062DDC5 /* PBXContainerItemProxy */; - }; - 5ED88B701B0DEF4700F3B047 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecipc_client; - targetProxy = 5ED88B6F1B0DEF4700F3B047 /* PBXContainerItemProxy */; - }; - 5EE556671B01D9A8006F78F2 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurityd; - targetProxy = 5EE556661B01D9A8006F78F2 /* PBXContainerItemProxy */; - }; - 5EE556911B01D9F5006F78F2 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = regressions; - targetProxy = 5EE556901B01D9F5006F78F2 /* PBXContainerItemProxy */; - }; - 5EE556931B01DA24006F78F2 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity; - targetProxy = 5EE556921B01DA24006F78F2 /* PBXContainerItemProxy */; - }; - 5EE556951B01DA33006F78F2 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecureObjectSync; - targetProxy = 5EE556941B01DA33006F78F2 /* PBXContainerItemProxy */; - }; - 5EE556971B01DA3E006F78F2 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = utilities; - targetProxy = 5EE556961B01DA3E006F78F2 /* PBXContainerItemProxy */; - }; - 5EF7C2541B00EEC000E5E99C /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 5EF7C2091B00E25400E5E99C /* secacltests */; - targetProxy = 5EF7C2531B00EEC000E5E99C /* PBXContainerItemProxy */; - }; - 5EFB69C21B0CBFC30095A36E /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecItemShimOSX; - targetProxy = 5EFB69C11B0CBFC30095A36E /* PBXContainerItemProxy */; - }; - ACB6173F18B5232700EBEDD7 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_smime_regressions; - targetProxy = ACB6173E18B5232700EBEDD7 /* PBXContainerItemProxy */; - }; - BE48ADF81ADF1DF4000836C1 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecipc_client; - targetProxy = BE48ADF91ADF1DF4000836C1 /* PBXContainerItemProxy */; - }; - BE48ADFC1ADF1DF4000836C1 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = utilities; - targetProxy = BE48ADFD1ADF1DF4000836C1 /* PBXContainerItemProxy */; - }; - BE48AE291ADF204E000836C1 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = BE48ADF71ADF1DF4000836C1 /* trustd */; - targetProxy = BE48AE281ADF204E000836C1 /* PBXContainerItemProxy */; - }; - BE8D22951ABB747A009A4E18 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecTrustOSX; - targetProxy = BE8D22941ABB747A009A4E18 /* PBXContainerItemProxy */; - }; - C2432A2515C726B50096DB5B /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = gkunpack; - targetProxy = C2432A2415C726B50096DB5B /* PBXContainerItemProxy */; - }; - D42FA8371C9B8F77003E46A7 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_cms_regressions; - targetProxy = D42FA8361C9B8F77003E46A7 /* PBXContainerItemProxy */; - }; - D42FA8391C9B8F7D003E46A7 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = regressions; - targetProxy = D42FA8381C9B8F7D003E46A7 /* PBXContainerItemProxy */; - }; - D42FA83B1C9B8F94003E46A7 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_keychain_regressions; - targetProxy = D42FA83A1C9B8F94003E46A7 /* PBXContainerItemProxy */; - }; - D42FA83D1C9B8F94003E46A7 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_ssl_regressions; - targetProxy = D42FA83C1C9B8F94003E46A7 /* PBXContainerItemProxy */; - }; - D42FA83F1C9B8F94003E46A7 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_smime_regressions; - targetProxy = D42FA83E1C9B8F94003E46A7 /* PBXContainerItemProxy */; - }; - D42FA8411C9B8FA7003E46A7 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSharedRegressions; - targetProxy = D42FA8401C9B8FA7003E46A7 /* PBXContainerItemProxy */; - }; - D42FA8431C9B8FD0003E46A7 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = utilities; - targetProxy = D42FA8421C9B8FD0003E46A7 /* PBXContainerItemProxy */; - }; - D45FC3E31C9E069000509CDA /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurityd; - targetProxy = D45FC3E21C9E069000509CDA /* PBXContainerItemProxy */; - }; - D45FC3E61C9E06BD00509CDA /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecureObjectSync; - targetProxy = D45FC3E51C9E06BD00509CDA /* PBXContainerItemProxy */; - }; - D466FA771CA0C2A500433142 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = D42FA8231C9B8D3C003E46A7 /* SecurityTestsOSX */; - targetProxy = D466FA761CA0C2A500433142 /* PBXContainerItemProxy */; - }; - D46B08021C8FBE6A00B5939A /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libDERInstall; - targetProxy = D46B08011C8FBE6A00B5939A /* PBXContainerItemProxy */; - }; - D46B08A81C8FD8D900B5939A /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libASN1Install; - targetProxy = D46B08A71C8FD8D900B5939A /* PBXContainerItemProxy */; - }; - D4A2FC7E1BC89D5200BF6E56 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = XPCTimeStampingService; - targetProxy = D4A2FC7D1BC89D5200BF6E56 /* PBXContainerItemProxy */; - }; - D4CBC11A1BE981DE00C5795E /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_cms_regressions; - targetProxy = D4CBC1191BE981DE00C5795E /* PBXContainerItemProxy */; - }; - DC311CC71CCEC81D00E14E8D /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = utilities; - targetProxy = DC311CC61CCEC81D00E14E8D /* PBXContainerItemProxy */; - }; - DC872EEA1CC983EE0076C0E7 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libDER; - targetProxy = DC872EE91CC983EE0076C0E7 /* PBXContainerItemProxy */; - }; - DC872F151CC983F70076C0E7 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libDER; - targetProxy = DC872F141CC983F70076C0E7 /* PBXContainerItemProxy */; - }; - E76079FA1951FDF600F69731 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = liblogging; - targetProxy = E76079F91951FDF600F69731 /* PBXContainerItemProxy */; - }; - EBB6970E1BE2095F00715F16 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = EBB697031BE208FC00715F16 /* secbackupntest */; - targetProxy = EBB6970D1BE2095F00715F16 /* PBXContainerItemProxy */; - }; - EBB9FFE01682E71F00FF9774 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = CodeSigningHelper; - targetProxy = EBB9FFDF1682E71F00FF9774 /* PBXContainerItemProxy */; - }; - EBE012011C21368400CB6A63 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = EBE011D31C21357200CB6A63 /* SecurityFeatures */; - targetProxy = EBE012001C21368400CB6A63 /* PBXContainerItemProxy */; - }; - F94E7A971ACC8CC200F23132 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = F93C49311AB8FD350047E01A /* ckcdiagnose.sh */; - targetProxy = F94E7A961ACC8CC200F23132 /* PBXContainerItemProxy */; - }; -/* End PBXTargetDependency section */ - -/* Begin PBXVariantGroup section */ - 18500F9F14708F19006F9AB4 /* SecErrorMessages.strings */ = { - isa = PBXVariantGroup; - children = ( - 18500FA014708F19006F9AB4 /* en */, - ); - name = SecErrorMessages.strings; - path = ../../Security; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 187D6B8F15D4359F00E27494 /* authorization.buttons.strings */ = { - isa = PBXVariantGroup; - children = ( - 187D6B9015D4359F00E27494 /* en */, - ); - name = authorization.buttons.strings; - sourceTree = ""; - }; - 187D6B9115D4359F00E27494 /* authorization.prompts.strings */ = { - isa = PBXVariantGroup; - children = ( - 187D6B9215D4359F00E27494 /* en */, - ); - name = authorization.prompts.strings; - sourceTree = ""; - }; - 188AD8D81471FE3D0081C619 /* FDELocalizable.strings */ = { - isa = PBXVariantGroup; - children = ( - 188AD8D91471FE3D0081C619 /* en */, - ); - name = FDELocalizable.strings; - sourceTree = ""; - }; - 188AD8DA1471FE3D0081C619 /* InfoPlist.strings */ = { - isa = PBXVariantGroup; - children = ( - 188AD8DB1471FE3E0081C619 /* en */, - ); - name = InfoPlist.strings; - sourceTree = ""; - }; - 18F2350D15C9FA3B00060520 /* InfoPlist.strings */ = { - isa = PBXVariantGroup; - children = ( - 18F2350E15C9FA3B00060520 /* en */, - ); - name = InfoPlist.strings; - path = en.lproj; - sourceTree = ""; - }; - 43A598591B0CF2AB00D14A7B /* CloudKeychain.strings */ = { - isa = PBXVariantGroup; - children = ( - 43A598581B0CF2AB00D14A7B /* English */, - ); - name = CloudKeychain.strings; - path = ../../resources; - sourceTree = ""; - }; - 4C96F7C616D6DF8400D3B39D /* InfoPlist.strings */ = { - isa = PBXVariantGroup; - children = ( - 4C96F7C716D6DF8400D3B39D /* en */, - ); - name = InfoPlist.strings; - sourceTree = ""; - }; - 4C96F7D216D6DF8400D3B39D /* MainMenu.xib */ = { - isa = PBXVariantGroup; - children = ( - D46E9CEE1B1E5DEF00ED650E /* Base */, - ); - name = MainMenu.xib; - sourceTree = ""; - }; - 4CC7A7B816CC2A85003E10C1 /* InfoPlist.strings */ = { - isa = PBXVariantGroup; - children = ( - 4CC7A7B916CC2A85003E10C1 /* en */, - ); - name = InfoPlist.strings; - sourceTree = ""; - }; - 4CC7A7BE16CC2A85003E10C1 /* Credits.rtf */ = { - isa = PBXVariantGroup; - children = ( - 4CC7A7BF16CC2A85003E10C1 /* en */, - ); - name = Credits.rtf; - sourceTree = ""; - }; - 4CC7A7C416CC2A85003E10C1 /* MainMenu.xib */ = { - isa = PBXVariantGroup; - children = ( - D46E9CED1B1E5DEF00ED650E /* Base */, - ); - name = MainMenu.xib; - sourceTree = ""; - }; - 5328475117850741009118DC /* Localizable.strings */ = { - isa = PBXVariantGroup; - children = ( - 5328475217850741009118DC /* en */, - ); - name = Localizable.strings; - sourceTree = ""; - }; - 5E6343FC1D4B6FF800A23FB4 /* authorization.dfr.prompts-BBBAA77A32-C4EBFEA440.strings */ = { - isa = PBXVariantGroup; - children = ( - 5E6343FD1D4B6FF800A23FB4 /* en */, - ); - name = "authorization.dfr.prompts-BBBAA77A32-C4EBFEA440.strings"; - sourceTree = ""; - }; - CD276BE21A83F204003226BC /* InfoPlist.strings */ = { - isa = PBXVariantGroup; - children = ( - CD276BE31A83F204003226BC /* en */, - ); - name = InfoPlist.strings; - sourceTree = ""; - }; -/* End PBXVariantGroup section */ - -/* Begin XCBuildConfiguration section */ - 0C6C631315D193C900BC68CD /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 0C6C632F15D19DE600BC68CD /* test.xcconfig */; - buildSettings = { - ARCHS = "$(ARCHS_STANDARD)"; - CODE_SIGN_ENTITLEMENTS = "sectests/SecurityTests-Entitlements.plist"; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - /usr/lib/system, - ); - OTHER_LDFLAGS = "-t"; - }; - name = Debug; - }; - 0C6C631415D193C900BC68CD /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 0C6C632F15D19DE600BC68CD /* test.xcconfig */; - buildSettings = { - ARCHS = "$(ARCHS_STANDARD)"; - CODE_SIGN_ENTITLEMENTS = "sectests/SecurityTests-Entitlements.plist"; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - /usr/lib/system, - ); - OTHER_LDFLAGS = "-t"; - }; - name = Release; - }; - 0CC3352B16C1ED8000399E53 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 0C6C632F15D19DE600BC68CD /* test.xcconfig */; - buildSettings = { - ARCHS = "$(ARCHS_STANDARD)"; - CLANG_ENABLE_OBJC_ARC = YES; - CODE_SIGN_ENTITLEMENTS = sec/securityd/entitlements.plist; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(PROJECT_DIR)/sec", - "$(PROJECT_DIR)/utilities", - "$(PROJECT_DIR)", - ); - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - /usr/lib/system, - ); - OTHER_LDFLAGS = "-t"; - "OTHER_LDFLAGS[sdk=macosx*]" = ( - "-t", - "-F$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "-framework", - AppleSystemInfo, - ); - PRODUCT_NAME = secdtests; - }; - name = Debug; - }; - 0CC3352C16C1ED8000399E53 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 0C6C632F15D19DE600BC68CD /* test.xcconfig */; - buildSettings = { - ARCHS = "$(ARCHS_STANDARD)"; - CLANG_ENABLE_OBJC_ARC = YES; - CODE_SIGN_ENTITLEMENTS = sec/securityd/entitlements.plist; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(PROJECT_DIR)/sec", - "$(PROJECT_DIR)/utilities", - "$(PROJECT_DIR)", - ); - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - /usr/lib/system, - ); - OTHER_LDFLAGS = "-t"; - "OTHER_LDFLAGS[sdk=macosx*]" = ( - "-t", - "-F$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "-framework", - AppleSystemInfo, - ); - PRODUCT_NAME = secdtests; - }; - name = Release; - }; - 18073873146D0D4E00F05C24 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 181EA423146D4A2A00A6D320 /* debug.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - ENABLE_TESTABILITY = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - ONLY_ACTIVE_ARCH = YES; - SDKROOT = macosx.internal; - }; - name = Debug; - }; - 18073874146D0D4E00F05C24 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 181EA425146D4A2A00A6D320 /* release.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - SDKROOT = macosx.internal; - }; - name = Release; - }; - 18073876146D0D4E00F05C24 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18BBC6801471EF1600F2B224 /* security.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - DEFINES_MODULE = YES; - EXPORTED_SYMBOLS_FILE = "$(BUILT_PRODUCTS_DIR)/$(TARGETNAME).$(CURRENT_ARCH).exp"; - INFOPLIST_FILE = "lib/Info-Security.plist"; - INSTALLHDRS_SCRIPT_PHASE = YES; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks"; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - /usr/lib/system, - ); - MODULEMAP_FILE = Modules/Security.macOS.modulemap; - OTHER_LDFLAGS = ( - "-Wl,-upward-lcoretls", - "-Wl,-upward-lcoretls_cfhelpers", - "-laks", - "-lCrashReporterClient", - ); - PRODUCT_BUNDLE_IDENTIFIER = com.apple.security; - }; - name = Debug; - }; - 18073877146D0D4E00F05C24 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18BBC6801471EF1600F2B224 /* security.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - DEFINES_MODULE = YES; - EXPORTED_SYMBOLS_FILE = "$(BUILT_PRODUCTS_DIR)/$(TARGETNAME).$(CURRENT_ARCH).exp"; - INFOPLIST_FILE = "lib/Info-Security.plist"; - INSTALLHDRS_SCRIPT_PHASE = YES; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks"; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - /usr/lib/system, - ); - MODULEMAP_FILE = Modules/Security.macOS.modulemap; - ORDER_FILE = lib/Security.order; - OTHER_LDFLAGS = ( - "-Wl,-upward-lcoretls", - "-Wl,-upward-lcoretls_cfhelpers", - "-laks", - "-lCrashReporterClient", - ); - PRODUCT_BUNDLE_IDENTIFIER = com.apple.security; - SECTORDER_FLAGS = "-order_file_statistics"; - }; - name = Release; - }; - 18270EDE14CF282600B05E7F /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18BBC6801471EF1600F2B224 /* security.xcconfig */; - buildSettings = { - ARCHS = "$(ARCHS_STANDARD)"; - CODE_SIGN_ENTITLEMENTS = sec/securityd/entitlements.plist; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - GCC_PREPROCESSOR_DEFINITIONS = ( - "SECITEM_SHIM_OSX=1", - "SECTRUST_OSX=1", - "$(inherited)", - ); - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)/sec", - "$(PROJECT_DIR)/sec/securityd", - "$(PROJECT_DIR)/sec/ipc", - "$(PROJECT_DIR)/sec/SOSCircle", - "$(PROJECT_DIR)/utilities", - "$(PROJECT_DIR)", - "$(PROJECT_DIR)/../ios/asn1", - "$(PROJECT_DIR)/../libsecurity_keychain/libDER", - "$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks/CarbonCore.framework/Headers", - "$(inherited)", - ); - INSTALL_PATH = /usr/libexec; - "OTHER_LDFLAGS[sdk=macosx*]" = ( - "-F$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "-framework", - AppleSystemInfo, - "-lc++", - ); - USE_HEADERMAP = NO; - }; - name = Debug; - }; - 18270EDF14CF282600B05E7F /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18BBC6801471EF1600F2B224 /* security.xcconfig */; - buildSettings = { - ARCHS = "$(ARCHS_STANDARD)"; - CODE_SIGN_ENTITLEMENTS = sec/securityd/entitlements.plist; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - GCC_PREPROCESSOR_DEFINITIONS = ( - "SECITEM_SHIM_OSX=1", - "SECTRUST_OSX=1", - "$(inherited)", - ); - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)/sec", - "$(PROJECT_DIR)/sec/securityd", - "$(PROJECT_DIR)/sec/ipc", - "$(PROJECT_DIR)/sec/SOSCircle", - "$(PROJECT_DIR)/utilities", - "$(PROJECT_DIR)", - "$(PROJECT_DIR)/../ios/asn1", - "$(PROJECT_DIR)/../libsecurity_keychain/libDER", - "$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks/CarbonCore.framework/Headers", - "$(inherited)", - ); - INSTALL_PATH = /usr/libexec; - "OTHER_LDFLAGS[sdk=macosx*]" = ( - "-F$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "-framework", - AppleSystemInfo, - ); - USE_HEADERMAP = NO; - }; - name = Release; - }; - 182BB573146F4DCB000BF1F3 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18BBC6801471EF1600F2B224 /* security.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - EXPORTED_SYMBOLS_FILE = lib/plugins/csparser.exp; - INFOPLIST_FILE = "lib/plugins/csparser-Info.plist"; - INSTALLHDRS_SCRIPT_PHASE = NO; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/A/PlugIns"; - PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.csparser; - WRAPPER_EXTENSION = bundle; - }; - name = Debug; - }; - 182BB574146F4DCB000BF1F3 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18BBC6801471EF1600F2B224 /* security.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - EXPORTED_SYMBOLS_FILE = lib/plugins/csparser.exp; - INFOPLIST_FILE = "lib/plugins/csparser-Info.plist"; - INSTALLHDRS_SCRIPT_PHASE = NO; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/A/PlugIns"; - PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.csparser; - WRAPPER_EXTENSION = bundle; - }; - name = Release; - }; - 186F778A14E59FB200434E1F /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; - }; - 186F778B14E59FB200434E1F /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; - }; - 186F778E14E59FDA00434E1F /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; - }; - 186F778F14E59FDA00434E1F /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; - }; - 18F234F715C9F9A700060520 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18BFC44017C43393005DE6C3 /* executable.xcconfig */; - buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_IMPLICIT_SIGN_CONVERSION = YES; - CLANG_WARN_SUSPICIOUS_IMPLICIT_CONVERSION = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COMBINE_HIDPI_IMAGES = YES; - GCC_ENABLE_OBJC_EXCEPTIONS = YES; - GCC_PRECOMPILE_PREFIX_HEADER = YES; - GCC_PREFIX_HEADER = "authd/security.auth-Prefix.pch"; - GCC_TREAT_IMPLICIT_FUNCTION_DECLARATIONS_AS_ERRORS = YES; - GCC_TREAT_INCOMPATIBLE_POINTER_TYPE_WARNINGS_AS_ERRORS = YES; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_MISSING_FIELD_INITIALIZERS = YES; - GCC_WARN_ABOUT_MISSING_NEWLINE = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES; - GCC_WARN_INITIALIZER_NOT_FULLY_BRACKETED = YES; - GCC_WARN_SHADOW = YES; - GCC_WARN_SIGN_COMPARE = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNKNOWN_PRAGMAS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - GCC_WARN_UNUSED_LABEL = YES; - GCC_WARN_UNUSED_PARAMETER = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - INFOPLIST_FILE = authd/Info.plist; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/${FRAMEWORK_VERSION}/XPCServices"; - MACH_O_TYPE = mh_execute; - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.${PRODUCT_NAME:rfc1034identifier}"; - PRODUCT_NAME = "$(TARGET_NAME)"; - RUN_CLANG_STATIC_ANALYZER = YES; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; - WRAPPER_EXTENSION = xpc; - }; - name = Debug; - }; - 18F234F815C9F9A700060520 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18BFC44017C43393005DE6C3 /* executable.xcconfig */; - buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_IMPLICIT_SIGN_CONVERSION = YES; - CLANG_WARN_SUSPICIOUS_IMPLICIT_CONVERSION = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COMBINE_HIDPI_IMAGES = YES; - GCC_ENABLE_OBJC_EXCEPTIONS = YES; - GCC_PRECOMPILE_PREFIX_HEADER = YES; - GCC_PREFIX_HEADER = "authd/security.auth-Prefix.pch"; - GCC_TREAT_IMPLICIT_FUNCTION_DECLARATIONS_AS_ERRORS = YES; - GCC_TREAT_INCOMPATIBLE_POINTER_TYPE_WARNINGS_AS_ERRORS = YES; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_MISSING_FIELD_INITIALIZERS = YES; - GCC_WARN_ABOUT_MISSING_NEWLINE = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES; - GCC_WARN_INITIALIZER_NOT_FULLY_BRACKETED = YES; - GCC_WARN_SHADOW = YES; - GCC_WARN_SIGN_COMPARE = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNKNOWN_PRAGMAS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - GCC_WARN_UNUSED_LABEL = YES; - GCC_WARN_UNUSED_PARAMETER = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - INFOPLIST_FILE = authd/Info.plist; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/${FRAMEWORK_VERSION}/XPCServices"; - MACH_O_TYPE = mh_execute; - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.${PRODUCT_NAME:rfc1034identifier}"; - PRODUCT_NAME = "$(TARGET_NAME)"; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; - WRAPPER_EXTENSION = xpc; - }; - name = Release; - }; - 18FE67FC1471A3AA00A2CBE3 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18BBC6801471EF1600F2B224 /* security.xcconfig */; - buildSettings = { - CODE_SIGN_IDENTITY = ""; - COMBINE_HIDPI_IMAGES = YES; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks"; - PRODUCT_NAME = Security; - }; - name = Debug; - }; - 18FE67FD1471A3AA00A2CBE3 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18BBC6801471EF1600F2B224 /* security.xcconfig */; - buildSettings = { - CODE_SIGN_IDENTITY = ""; - COMBINE_HIDPI_IMAGES = YES; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks"; - PRODUCT_NAME = Security; - }; - name = Release; - }; - 3705CAD71A896DE800402F75 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 181EA422146D4A2A00A6D320 /* base.xcconfig */; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = "codesign_tests/SecTask-Entitlements.plist"; - CODE_SIGN_IDENTITY = "-"; - COPY_PHASE_STRIP = NO; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_OPTIMIZATION_LEVEL = 0; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_SYMBOLS_PRIVATE_EXTERN = NO; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - GCC_WARN_UNUSED_FUNCTION = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - INSTALL_PATH = /AppleInternal/CoreOS/codesign_tests/; - MTL_ENABLE_DEBUG_INFO = YES; - ONLY_ACTIVE_ARCH = YES; - PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = macosx; - }; - name = Debug; - }; - 3705CAD81A896DE800402F75 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 181EA422146D4A2A00A6D320 /* base.xcconfig */; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = "codesign_tests/SecTask-Entitlements.plist"; - CODE_SIGN_IDENTITY = "-"; - COPY_PHASE_STRIP = NO; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - ENABLE_NS_ASSERTIONS = NO; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - GCC_WARN_UNUSED_FUNCTION = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - INSTALL_PATH = /AppleInternal/CoreOS/codesign_tests/; - MTL_ENABLE_DEBUG_INFO = NO; - PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = macosx; - }; - name = Release; - }; - 37A7CEAF197DB8FA00926CE8 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 4CB23B91169F5CFF003A0131 /* command.xcconfig */; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_MODULES = YES; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_IDENTITY = "-"; - COPY_PHASE_STRIP = NO; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_OPTIMIZATION_LEVEL = 0; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_SYMBOLS_PRIVATE_EXTERN = NO; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - GCC_WARN_UNUSED_FUNCTION = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - INSTALL_PATH = /AppleInternal/CoreOS/codesign_tests; - MTL_ENABLE_DEBUG_INFO = YES; - ONLY_ACTIVE_ARCH = YES; - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; - }; - 37A7CEB0197DB8FA00926CE8 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 4CB23B91169F5CFF003A0131 /* command.xcconfig */; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_MODULES = YES; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_IDENTITY = "-"; - COPY_PHASE_STRIP = YES; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - ENABLE_NS_ASSERTIONS = NO; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - GCC_WARN_UNUSED_FUNCTION = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - INSTALL_PATH = /AppleInternal/CoreOS/codesign_tests; - MTL_ENABLE_DEBUG_INFO = NO; - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; - }; - 37AB39131A44A88000B56E04 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 4CB23B91169F5CFF003A0131 /* command.xcconfig */; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_MODULES = YES; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COPY_PHASE_STRIP = NO; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_OPTIMIZATION_LEVEL = 0; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_SYMBOLS_PRIVATE_EXTERN = NO; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - GCC_WARN_UNUSED_FUNCTION = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - INSTALL_PATH = /AppleInternal/PackageDataTools; - MTL_ENABLE_DEBUG_INFO = YES; - ONLY_ACTIVE_ARCH = YES; - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; - }; - 37AB39141A44A88000B56E04 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 4CB23B91169F5CFF003A0131 /* command.xcconfig */; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_MODULES = YES; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COPY_PHASE_STRIP = NO; - ENABLE_NS_ASSERTIONS = NO; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - GCC_WARN_UNUSED_FUNCTION = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - INSTALL_PATH = /AppleInternal/PackageDataTools; - MTL_ENABLE_DEBUG_INFO = NO; - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; - }; - 4C96F7D616D6DF8400D3B39D /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = "Keychain Circle Notification/entitlments.plist"; - CODE_SIGN_IDENTITY = "-"; - COMBINE_HIDPI_IMAGES = YES; - COPY_PHASE_STRIP = NO; - FRAMEWORK_SEARCH_PATHS = ( - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_ENABLE_OBJC_EXCEPTIONS = YES; - GCC_OPTIMIZATION_LEVEL = 0; - GCC_PREFIX_HEADER = "Keychain Circle Notification/Keychain Circle Notification-Prefix.pch"; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_SYMBOLS_PRIVATE_EXTERN = NO; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)/Keychain", - Circle, - Notification, - "$(PROJECT_DIR)/sec/ProjectHeaders", - "$(PROJECT_DIR)/utilities", - "$(PROJECT_DIR)/sec", - "$(inherited)", - ); - INFOPLIST_FILE = "Keychain Circle Notification/Keychain Circle Notification-Info.plist"; - INSTALL_PATH = /System/Library/CoreServices; - ONLY_ACTIVE_ARCH = YES; - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; - PRODUCT_NAME = "$(TARGET_NAME)"; - WRAPPER_EXTENSION = app; - }; - name = Debug; - }; - 4C96F7D716D6DF8400D3B39D /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = "Keychain Circle Notification/entitlments.plist"; - CODE_SIGN_IDENTITY = "-"; - COMBINE_HIDPI_IMAGES = YES; - COPY_PHASE_STRIP = YES; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - ENABLE_NS_ASSERTIONS = NO; - FRAMEWORK_SEARCH_PATHS = ( - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_ENABLE_OBJC_EXCEPTIONS = YES; - GCC_PREFIX_HEADER = "Keychain Circle Notification/Keychain Circle Notification-Prefix.pch"; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)/Keychain", - Circle, - Notification, - "$(PROJECT_DIR)/sec/ProjectHeaders", - "$(PROJECT_DIR)/utilities", - "$(PROJECT_DIR)/sec", - "$(inherited)", - ); - INFOPLIST_FILE = "Keychain Circle Notification/Keychain Circle Notification-Info.plist"; - INSTALL_PATH = /System/Library/CoreServices; - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; - PRODUCT_NAME = "$(TARGET_NAME)"; - WRAPPER_EXTENSION = app; - }; - name = Release; - }; - 4CB23B4D169F5873003A0131 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 4CB23B91169F5CFF003A0131 /* command.xcconfig */; - buildSettings = { - CODE_SIGN_ENTITLEMENTS = sec/SecurityTool/entitlements.plist; - CODE_SIGN_IDENTITY = "-"; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - ONLY_ACTIVE_ARCH = YES; - PRODUCT_NAME = security2; - PROVISIONING_PROFILE = ""; - }; - name = Debug; - }; - 4CB23B4E169F5873003A0131 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 4CB23B91169F5CFF003A0131 /* command.xcconfig */; - buildSettings = { - CODE_SIGN_ENTITLEMENTS = sec/SecurityTool/entitlements.plist; - CODE_SIGN_IDENTITY = "-"; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - PRODUCT_NAME = security2; - PROVISIONING_PROFILE = ""; - }; - name = Release; - }; - 4CC7A7C716CC2A85003E10C1 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = sec/SecurityTool/entitlements.plist; - CODE_SIGN_IDENTITY = "-"; - COMBINE_HIDPI_IMAGES = YES; - COPY_PHASE_STRIP = NO; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_ENABLE_OBJC_EXCEPTIONS = YES; - GCC_OPTIMIZATION_LEVEL = 0; - GCC_PREFIX_HEADER = "Keychain/Keychain-Prefix.pch"; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_SYMBOLS_PRIVATE_EXTERN = NO; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)/sec/ProjectHeaders", - "$(PROJECT_DIR)/utilities", - "$(PROJECT_DIR)/sec", - "$(inherited)", - ); - INFOPLIST_FILE = "Keychain/Keychain-Info.plist"; - INSTALL_PATH = /AppleInternal/Applications; - ONLY_ACTIVE_ARCH = YES; - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; - PRODUCT_NAME = "$(TARGET_NAME)"; - WRAPPER_EXTENSION = app; - }; - name = Debug; - }; - 4CC7A7C816CC2A85003E10C1 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = sec/SecurityTool/entitlements.plist; - CODE_SIGN_IDENTITY = "-"; - COMBINE_HIDPI_IMAGES = YES; - COPY_PHASE_STRIP = YES; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - ENABLE_NS_ASSERTIONS = NO; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_ENABLE_OBJC_EXCEPTIONS = YES; - GCC_PREFIX_HEADER = "Keychain/Keychain-Prefix.pch"; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)/sec/ProjectHeaders", - "$(PROJECT_DIR)/utilities", - "$(PROJECT_DIR)/sec", - "$(inherited)", - ); - INFOPLIST_FILE = "Keychain/Keychain-Info.plist"; - INSTALL_PATH = /AppleInternal/Applications; - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; - PRODUCT_NAME = "$(TARGET_NAME)"; - WRAPPER_EXTENSION = app; - }; - name = Release; - }; - 4CE4729F16D833FE009070D1 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; - }; - 4CE472A016D833FE009070D1 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; - }; - 5EF7C20E1B00E25400E5E99C /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 0C6C632F15D19DE600BC68CD /* test.xcconfig */; - buildSettings = { - ARCHS = "$(ARCHS_STANDARD)"; - CLANG_ENABLE_OBJC_ARC = YES; - CODE_SIGN_ENTITLEMENTS = "../secacltests/secacltests-entitlements.plist"; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - "NO_SERVER=1", - ); - GCC_WARN_UNDECLARED_SELECTOR = YES; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(PROJECT_DIR)/sec", - "$(PROJECT_DIR)/utilities", - ); - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - /usr/lib/system, - ); - OTHER_LDFLAGS = "-t"; - "OTHER_LDFLAGS[sdk=macosx*]" = ( - "-t", - "-F$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; - }; - 5EF7C20F1B00E25400E5E99C /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 0C6C632F15D19DE600BC68CD /* test.xcconfig */; - buildSettings = { - ARCHS = "$(ARCHS_STANDARD)"; - CLANG_ENABLE_OBJC_ARC = YES; - CODE_SIGN_ENTITLEMENTS = "../secacltests/secacltests-entitlements.plist"; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - GCC_WARN_UNDECLARED_SELECTOR = YES; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(PROJECT_DIR)/sec", - "$(PROJECT_DIR)/utilities", - ); - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - /usr/lib/system, - ); - OTHER_LDFLAGS = "-t"; - "OTHER_LDFLAGS[sdk=macosx*]" = ( - "-t", - "-F$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; - }; - BE48AE1F1ADF1DF4000836C1 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18BBC6801471EF1600F2B224 /* security.xcconfig */; - buildSettings = { - ARCHS = "$(ARCHS_STANDARD)"; - CODE_SIGN_ENTITLEMENTS = trustd/entitlements.plist; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - GCC_PREPROCESSOR_DEFINITIONS = ( - "SECITEM_SHIM_OSX=1", - "SECTRUST_OSX=1", - "TRUSTD_SERVER=1", - "$(inherited)", - ); - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)/sec", - "$(PROJECT_DIR)/sec/securityd", - "$(PROJECT_DIR)/sec/ipc", - "$(PROJECT_DIR)/sec/SOSCircle", - "$(PROJECT_DIR)/utilities", - "$(PROJECT_DIR)", - "$(PROJECT_DIR)/../ios/asn1", - "$(PROJECT_DIR)/libsecurity_keychain/libDER", - "$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks/CarbonCore.framework/Headers", - "$(inherited)", - "$(PROJECT_DIR)/trustd/", - ); - INSTALL_PATH = /usr/libexec; - "OTHER_LDFLAGS[sdk=macosx*]" = ( - "-F$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "-framework", - AppleSystemInfo, - "-lc++", - ); - PRODUCT_NAME = trustd; - USE_HEADERMAP = NO; - }; - name = Debug; - }; - BE48AE201ADF1DF4000836C1 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18BBC6801471EF1600F2B224 /* security.xcconfig */; - buildSettings = { - ARCHS = "$(ARCHS_STANDARD)"; - CODE_SIGN_ENTITLEMENTS = trustd/entitlements.plist; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - GCC_PREPROCESSOR_DEFINITIONS = ( - "SECITEM_SHIM_OSX=1", - "SECTRUST_OSX=1", - "TRUSTD_SERVER=1", - "$(inherited)", - ); - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)/sec", - "$(PROJECT_DIR)/sec/securityd", - "$(PROJECT_DIR)/sec/ipc", - "$(PROJECT_DIR)/sec/SOSCircle", - "$(PROJECT_DIR)/utilities", - "$(PROJECT_DIR)", - "$(PROJECT_DIR)/../ios/asn1", - "$(PROJECT_DIR)/libsecurity_keychain/libDER", - "$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks/CarbonCore.framework/Headers", - "$(inherited)", - "$(PROJECT_DIR)/trustd/", - ); - INSTALL_PATH = /usr/libexec; - "OTHER_LDFLAGS[sdk=macosx*]" = ( - "-F$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "-framework", - AppleSystemInfo, - "-lc++", - ); - PRODUCT_NAME = trustd; - USE_HEADERMAP = NO; - }; - name = Release; - }; - D42FA8331C9B8D3D003E46A7 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 0C6C632F15D19DE600BC68CD /* test.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; - CLANG_ANALYZER_NONNULL = YES; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CODE_SIGN_ENTITLEMENTS = "SecurityTestsOSX/SecurityTests-Entitlements.plist"; - COMBINE_HIDPI_IMAGES = YES; - INFOPLIST_FILE = SecurityTestsOSX/Info.plist; - INSTALL_PATH = /AppleInternal/CoreOS/tests/Security/; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - /usr/lib/system, - ); - OTHER_LDFLAGS = "-t"; - PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.SecurityTestsOSX; - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; - }; - D42FA8341C9B8D3D003E46A7 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 0C6C632F15D19DE600BC68CD /* test.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; - CLANG_ANALYZER_NONNULL = YES; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CODE_SIGN_ENTITLEMENTS = "SecurityTestsOSX/SecurityTests-Entitlements.plist"; - COMBINE_HIDPI_IMAGES = YES; - INFOPLIST_FILE = SecurityTestsOSX/Info.plist; - INSTALL_PATH = /AppleInternal/CoreOS/tests/Security/; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - /usr/lib/system, - ); - OTHER_LDFLAGS = "-t"; - PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.SecurityTestsOSX; - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; - }; - EBB697091BE208FC00715F16 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_MODULES = YES; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_IDENTITY = "-"; - COPY_PHASE_STRIP = NO; - DEBUG_INFORMATION_FORMAT = dwarf; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_NO_COMMON_BLOCKS = YES; - GCC_OPTIMIZATION_LEVEL = 0; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - GCC_WARN_UNUSED_FUNCTION = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; - MTL_ENABLE_DEBUG_INFO = YES; - ONLY_ACTIVE_ARCH = YES; - OTHER_LDFLAGS = "-laks"; - PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = macosx.internal; - }; - name = Debug; - }; - EBB6970A1BE208FC00715F16 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_MODULES = YES; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_IDENTITY = "-"; - COPY_PHASE_STRIP = NO; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - ENABLE_NS_ASSERTIONS = NO; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - GCC_WARN_UNUSED_FUNCTION = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; - MTL_ENABLE_DEBUG_INFO = NO; - OTHER_LDFLAGS = "-laks"; - PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = macosx.internal; - }; - name = Release; - }; - EBE011D41C21357200CB6A63 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_MODULES = YES; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COPY_PHASE_STRIP = NO; - DEBUGGING_SYMBOLS = YES; - DEBUG_INFORMATION_FORMAT = dwarf; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_GENERATE_DEBUGGING_SYMBOLS = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_OPTIMIZATION_LEVEL = 0; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - GCC_WARN_UNUSED_FUNCTION = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - MTL_ENABLE_DEBUG_INFO = YES; - ONLY_ACTIVE_ARCH = YES; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; - }; - EBE011D51C21357200CB6A63 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_MODULES = YES; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COPY_PHASE_STRIP = NO; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - ENABLE_NS_ASSERTIONS = NO; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - GCC_WARN_UNUSED_FUNCTION = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - MTL_ENABLE_DEBUG_INFO = NO; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; - }; - F93C49331AB8FD350047E01A /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; - }; - F93C49341AB8FD350047E01A /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - 0C6C631215D193C900BC68CD /* Build configuration list for PBXNativeTarget "sectests" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 0C6C631315D193C900BC68CD /* Debug */, - 0C6C631415D193C900BC68CD /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 0CC3352A16C1ED8000399E53 /* Build configuration list for PBXNativeTarget "secdtests" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 0CC3352B16C1ED8000399E53 /* Debug */, - 0CC3352C16C1ED8000399E53 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 18073844146D0D4E00F05C24 /* Build configuration list for PBXProject "OSX" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 18073873146D0D4E00F05C24 /* Debug */, - 18073874146D0D4E00F05C24 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 18073875146D0D4E00F05C24 /* Build configuration list for PBXNativeTarget "Security" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 18073876146D0D4E00F05C24 /* Debug */, - 18073877146D0D4E00F05C24 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 18270EDD14CF282600B05E7F /* Build configuration list for PBXNativeTarget "secd" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 18270EDE14CF282600B05E7F /* Debug */, - 18270EDF14CF282600B05E7F /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 182BB572146F4DCB000BF1F3 /* Build configuration list for PBXNativeTarget "csparser" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 182BB573146F4DCB000BF1F3 /* Debug */, - 182BB574146F4DCB000BF1F3 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 186F778914E59FB200434E1F /* Build configuration list for PBXAggregateTarget "Security_frameworks" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 186F778A14E59FB200434E1F /* Debug */, - 186F778B14E59FB200434E1F /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 186F778D14E59FDA00434E1F /* Build configuration list for PBXAggregateTarget "Security_executables" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 186F778E14E59FDA00434E1F /* Debug */, - 186F778F14E59FDA00434E1F /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 18F234F615C9F9A700060520 /* Build configuration list for PBXNativeTarget "authd" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 18F234F715C9F9A700060520 /* Debug */, - 18F234F815C9F9A700060520 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 18FE67FB1471A3AA00A2CBE3 /* Build configuration list for PBXNativeTarget "copyHeaders" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 18FE67FC1471A3AA00A2CBE3 /* Debug */, - 18FE67FD1471A3AA00A2CBE3 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 3705CAD61A896DE800402F75 /* Build configuration list for PBXNativeTarget "SecTaskTest" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 3705CAD71A896DE800402F75 /* Debug */, - 3705CAD81A896DE800402F75 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 37A7CED8197DB8FA00926CE8 /* Build configuration list for PBXNativeTarget "codesign_tests" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 37A7CEAF197DB8FA00926CE8 /* Debug */, - 37A7CEB0197DB8FA00926CE8 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 37AB393C1A44A88000B56E04 /* Build configuration list for PBXNativeTarget "gk_reset_check" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 37AB39131A44A88000B56E04 /* Debug */, - 37AB39141A44A88000B56E04 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 4C96F7D516D6DF8400D3B39D /* Build configuration list for PBXNativeTarget "Keychain Circle Notification" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 4C96F7D616D6DF8400D3B39D /* Debug */, - 4C96F7D716D6DF8400D3B39D /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 4CB23B7F169F5873003A0131 /* Build configuration list for PBXNativeTarget "security2" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 4CB23B4D169F5873003A0131 /* Debug */, - 4CB23B4E169F5873003A0131 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 4CC7A7EF16CC2A85003E10C1 /* Build configuration list for PBXNativeTarget "Cloud Keychain Utility" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 4CC7A7C716CC2A85003E10C1 /* Debug */, - 4CC7A7C816CC2A85003E10C1 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 4CE472C716D833FE009070D1 /* Build configuration list for PBXAggregateTarget "Security_temporary_UI" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 4CE4729F16D833FE009070D1 /* Debug */, - 4CE472A016D833FE009070D1 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 5EF7C2381B00E25400E5E99C /* Build configuration list for PBXNativeTarget "secacltests" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 5EF7C20E1B00E25400E5E99C /* Debug */, - 5EF7C20F1B00E25400E5E99C /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - BE48AE1E1ADF1DF4000836C1 /* Build configuration list for PBXNativeTarget "trustd" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - BE48AE1F1ADF1DF4000836C1 /* Debug */, - BE48AE201ADF1DF4000836C1 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - D42FA8321C9B8D3D003E46A7 /* Build configuration list for PBXNativeTarget "SecurityTestsOSX" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - D42FA8331C9B8D3D003E46A7 /* Debug */, - D42FA8341C9B8D3D003E46A7 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - EBB697081BE208FC00715F16 /* Build configuration list for PBXNativeTarget "secbackupntest" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - EBB697091BE208FC00715F16 /* Debug */, - EBB6970A1BE208FC00715F16 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - EBE011FE1C21357200CB6A63 /* Build configuration list for PBXLegacyTarget "SecurityFeatures" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - EBE011D41C21357200CB6A63 /* Debug */, - EBE011D51C21357200CB6A63 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - F93C49321AB8FD350047E01A /* Build configuration list for PBXAggregateTarget "ckcdiagnose.sh" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - F93C49331AB8FD350047E01A /* Debug */, - F93C49341AB8FD350047E01A /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 18073841146D0D4E00F05C24 /* Project object */; -} diff --git a/OSX/asl/com.apple.securityd b/OSX/asl/com.apple.securityd index 2a02a345..4f5458fc 100644 --- a/OSX/asl/com.apple.securityd +++ b/OSX/asl/com.apple.securityd @@ -11,7 +11,7 @@ ? [= Sender com.apple.securityd] file security.log ? [= Sender com.apple.secd] file security.log ? [= Sender CloudKeychainProxy] file security.log -? [= Sender IDSKeychainSyncingProxy] file security.log +? [= Sender KeychainSyncingOverIDSProxy] file security.log ? [= Sender securityd] file security.log ? [= Sender secd] file security.log ? [= Sender securityd_service] file security.log @@ -24,7 +24,7 @@ ? [= Sender com.apple.securityd] [> Level error] claim ? [= Sender com.apple.secd] [> Level error] claim ? [= Sender CloudKeychainProxy] [> Level error] claim -? [= Sender IDSKeychainSyncingProxy] [> Level error] claim +? [= Sender KeychainSyncingOverIDSProxy] [> Level error] claim ? [= Sender securityd] [> Level error] claim ? [= Sender secd] [> Level error] claim ? [= Sender securityd_service] [> Level error] claim diff --git a/OSX/authd/authorization.plist b/OSX/authd/authorization.plist index 9b798966..797feb86 100644 --- a/OSX/authd/authorization.plist +++ b/OSX/authd/authorization.plist @@ -1497,6 +1497,18 @@ See remaining rules for examples. rule authenticate-session-owner + com.apple.security.sudo + + class + rule + k-of-n + 2 + rule + + entitled + authenticate-session-owner + + system.localauthentication.ui class @@ -1519,6 +1531,19 @@ See remaining rules for examples. authenticate-staff-extract-context + com.apple.safaridriver.allow + + comment + This right is used by safaridriver to allow running it. + class + user + group + admin + allow-root + + shared + + rules diff --git a/OSX/authd/main.c b/OSX/authd/main.c index 39b39203..19632fde 100644 --- a/OSX/authd/main.c +++ b/OSX/authd/main.c @@ -219,7 +219,8 @@ int main(int argc AUTH_UNUSED, const char *argv[] AUTH_UNUSED) xpc_main(security_auth_event_handler); - server_cleanup(); + // xpc_main() will never return, but if it did, here's what you'd call: + //server_cleanup(); return 0; } diff --git a/OSX/codesign_tests/CaspianTests/CaspianTests b/OSX/codesign_tests/CaspianTests/CaspianTests index a332d01d..b806237a 100755 --- a/OSX/codesign_tests/CaspianTests/CaspianTests +++ b/OSX/codesign_tests/CaspianTests/CaspianTests @@ -264,6 +264,11 @@ esac # runTest fail-evil-itunes spctl -a -t exec $ct/evil-itunes.app +runTest fail-finderinfo codesign -fs- $ct/ls-finderinfo +runTest fail-resourcefork codesign -fs- $ct/cp-resourcefork +runTest fail-finderinfo-app codesign -fs- $ct/HelloCaspian-finderinfo.app +runTest fail-resourcefork-app codesign -fs- $ct/HelloCaspian-resourcefork.app +runTest override-resourcefork-app codesign -fs- --no-strict $ct/HelloCaspian-resourcefork.app # diff --git a/OSX/config/base.xcconfig b/OSX/config/base.xcconfig index 63ced241..075f3373 100644 --- a/OSX/config/base.xcconfig +++ b/OSX/config/base.xcconfig @@ -17,3 +17,5 @@ STRIP_INSTALLED_PRODUCT = NO WARNING_CFLAGS = -Wno-deprecated-declarations $(inherited) GCC_PREPROCESSOR_DEFINITIONS = $(inherited) OSSPINLOCK_USE_INLINED=0 + +HEADER_SEARCH_PATHS = $(inherited) $(PROJECT_DIR)/../header_symlinks/ diff --git a/OSX/config/command.xcconfig b/OSX/config/command.xcconfig deleted file mode 100644 index 5199da44..00000000 --- a/OSX/config/command.xcconfig +++ /dev/null @@ -1,15 +0,0 @@ -// -// command.xcconfig -// Security -// -// Created by J Osborne on 1/10/13. -// -// - -#include "base.xcconfig" - -HEADER_SEARCH_PATHS = $(PROJECT_DIR) $(PROJECT_DIR)/security2 $(PROJECT_DIR)/utilities $(PROJECT_DIR)/sec/ProjectHeaders - -STRIP_STYLE = all -STRIP_INSTALLED_PRODUCT = YES -DEPLOYMENT_POSTPROCESSING = NO diff --git a/OSX/config/debug.xcconfig b/OSX/config/debug.xcconfig index 47555cf5..49c092ea 100644 --- a/OSX/config/debug.xcconfig +++ b/OSX/config/debug.xcconfig @@ -1,2 +1,4 @@ GCC_OPTIMIZATION_LEVEL = 0 GCC_PREPROCESSOR_DEFINITIONS = DEBUG=1 $(inherited) + +HEADER_SEARCH_PATHS = $(inherited) $(PROJECT_DIR)/../header_symlinks/ diff --git a/OSX/config/executable.xcconfig b/OSX/config/executable.xcconfig deleted file mode 100644 index fc2ad4e2..00000000 --- a/OSX/config/executable.xcconfig +++ /dev/null @@ -1,9 +0,0 @@ -#include "base.xcconfig" - -PRODUCT_NAME = $(TARGET_NAME) - -HEADER_SEARCH_PATHS = $(inherited) $(PROJECT_DIR)/sec/ProjectHeaders - -STRIP_STYLE = all -STRIP_INSTALLED_PRODUCT = YES -DEPLOYMENT_POSTPROCESSING = NO diff --git a/OSX/config/release.xcconfig b/OSX/config/release.xcconfig index 088ded92..5130441c 100644 --- a/OSX/config/release.xcconfig +++ b/OSX/config/release.xcconfig @@ -1,2 +1,4 @@ GCC_OPTIMIZATION_LEVEL = s GCC_PREPROCESSOR_DEFINITIONS = NDEBUG=1 $(inherited) + +HEADER_SEARCH_PATHS = $(inherited) $(PROJECT_DIR)/../header_symlinks/ diff --git a/OSX/config/security.xcconfig b/OSX/config/security.xcconfig deleted file mode 100644 index afa05f70..00000000 --- a/OSX/config/security.xcconfig +++ /dev/null @@ -1,30 +0,0 @@ -#include "config/base.xcconfig" - -PRODUCT_NAME = $(TARGET_NAME) - -FRAMEWORK_VERSION = A - -DYLIB_COMPATIBILITY_VERSION = 1 -DYLIB_CURRENT_VERSION = $(CURRENT_PROJECT_VERSION) - -GCC_PRECOMPILE_PREFIX_HEADER = YES - -ALWAYS_SEARCH_USER_PATHS = NO - -HEADER_SEARCH_PATHS = $(PROJECT_DIR)/include $(PROJECT_DIR)/sec/ProjectHeaders $(PROJECT_DIR)/utilities - -//INSTALLHDRS_SCRIPT_PHASE = YES - -STRIP_INSTALLED_PRODUCT = YES -DEPLOYMENT_POSTPROCESSING = NO - -GCC_C_LANGUAGE_STANDARD = gnu99 - -GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO - -GCC_SYMBOLS_PRIVATE_EXTERN = NO -GCC_WARN_64_TO_32_BIT_CONVERSION = YES -GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES -GCC_WARN_ABOUT_RETURN_TYPE = YES -GCC_WARN_UNUSED_VARIABLE = YES -GCC_PREPROCESSOR_DEFINITIONS = $(inherited) OSSPINLOCK_USE_INLINED=0 diff --git a/OSX/config/security_framework_macos.xcconfig b/OSX/config/security_framework_macos.xcconfig new file mode 100644 index 00000000..517b88c2 --- /dev/null +++ b/OSX/config/security_framework_macos.xcconfig @@ -0,0 +1,26 @@ +#include "OSX/config/security_macos.xcconfig" + +PRODUCT_NAME = Security +PRODUCT_BUNDLE_IDENTIFIER = com.apple.security + +FRAMEWORK_VERSION = A + +DYLIB_COMPATIBILITY_VERSION = 1 +DYLIB_CURRENT_VERSION = $(CURRENT_PROJECT_VERSION) + +MODULEMAP_FILE = Modules/Security.macOS.modulemap +DEFINES_MODULE = YES + +EXPORTED_SYMBOLS_FILE = $(BUILT_PRODUCTS_DIR)/$(PRODUCT_NAME).$(CURRENT_ARCH).exp +ORDER_FILE = OSX/lib/Security.order +INFOPLIST_FILE = OSX/lib/Info-Security.plist + +INSTALL_PATH = $(SYSTEM_LIBRARY_DIR)/Frameworks + +OTHER_LDFLAGS = -Wl,-upward-lcoretls -Wl,-upward-lcoretls_cfhelpers -laks -lCrashReporterClient + +SECTORDER_FLAGS = -order_file_statistics +APPLY_RULES_IN_COPY_FILES = NO + +// Not entirely sure what this is for, but, okay. +INSTALLHDRS_SCRIPT_PHASE = YES diff --git a/OSX/config/security_macos.xcconfig b/OSX/config/security_macos.xcconfig new file mode 100644 index 00000000..4c5fd14b --- /dev/null +++ b/OSX/config/security_macos.xcconfig @@ -0,0 +1,31 @@ +#include "OSX/config/base.xcconfig" + +GCC_PRECOMPILE_PREFIX_HEADER = YES + +ALWAYS_SEARCH_USER_PATHS = NO + +HEADER_SEARCH_PATHS = $(inherited) $(PROJECT_DIR)/include $(PROJECT_DIR)/sec/ProjectHeaders $(PROJECT_DIR)/utilities +LIBRARY_SEARCH_PATHS = $(inherited) /usr/lib/system + +STRIP_INSTALLED_PRODUCT = YES +DEPLOYMENT_POSTPROCESSING = NO + +GCC_C_LANGUAGE_STANDARD = gnu99 +SUPPORTED_PLATFORMS = macOS + +// Don't use the inherited cflags; they set SEC_IOS_ON_OSX +GCC_PREPROCESSOR_DEFINITIONS = OSSPINLOCK_USE_INLINED=0 + +GCC_TREAT_WARNINGS_AS_ERRORS = YES +GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO +GCC_SYMBOLS_PRIVATE_EXTERN = NO +GCC_WARN_64_TO_32_BIT_CONVERSION = YES +GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES +GCC_WARN_ABOUT_RETURN_TYPE = YES +GCC_WARN_UNUSED_VARIABLE = YES + +// Warnings for old code +GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO + +// If we run into trouble, uncomment: +// WARNING_CFLAGS = -Wno-deprecated-declarations diff --git a/OSX/config/test.xcconfig b/OSX/config/test.xcconfig deleted file mode 100644 index 8f60b701..00000000 --- a/OSX/config/test.xcconfig +++ /dev/null @@ -1,4 +0,0 @@ -#include "security.xcconfig" - -HEADER_SEARCH_PATHS = $(PROJECT_DIR) $(PROJECT_DIR)/regressions/ - diff --git a/OSX/lib/dummy.cpp b/OSX/lib/dummy.cpp index f4475ab1..2a4c1c25 100644 --- a/OSX/lib/dummy.cpp +++ b/OSX/lib/dummy.cpp @@ -1,3 +1,3 @@ #include -// This file was created for the sole purpose of dynamically linking with libc++.dylib \ No newline at end of file +// This file was created for the sole purpose of dynamically linking with libc++.dylib diff --git a/OSX/lib/en.lproj/FDELocalizable.strings b/OSX/lib/en.lproj/FDELocalizable.strings deleted file mode 100644 index f4ca0e29..00000000 --- a/OSX/lib/en.lproj/FDELocalizable.strings +++ /dev/null @@ -1,30 +0,0 @@ -/* Contains the localizable strings for FDE */ - -"question1" = "What is your oldest cousin's first and last name?"; -"question2" = "What is your maternal grandmother's maiden name?"; -"question3" = "What is your spouse's mother's maiden name?"; -"question4" = "Who was the first famous person you met?"; -"question5" = "What was your childhood phone number including area code? (e.g., 000-000-0000)"; -"question6" = "Where did your mother and father meet? (specify city, town, restaurant, or office)"; -"question7" = "What was the name of your favorite childhood friend? (first and last name)"; -"question8" = "What was the first and last name of your favorite teacher?"; -"question9" = "In what city did your parents meet?"; -"question10" = "Who was the first person to give you an autograph? (first and last name)"; -"question11" = "Where did you meet your spouse or significant other?"; -"question12" = "What school did you attend when you were 11 years old?"; -"question13" = "What was the name of your elementary / primary school?"; -"question14" = "In what city or town was your first professional job?"; -"question15" = "What was the street number of the house you grew up in?"; -"question16" = "What was the first album or cd that you owned?"; -"question17" = "What was the first concert you attended?"; -"question18" = "What street did you live on when you were nine years old?"; -"question19" = "What month and day is your anniversary? (e.g., January 2)"; -"question20" = "What is the middle name of your youngest child?"; -"question21" = "What is the middle name of your oldest sibling?"; -"question22" = "What was your favorite place to visit as a child?"; -"question23" = "What was the name of your first pet?"; -"question24" = "What was your childhood nickname?"; -"question25" = "What was your dream job as a child?"; - -"SN# " = "SN# "; -" UTC: " = " UTC: "; diff --git a/OSX/lib/en.lproj/authorization.buttons.strings b/OSX/lib/en.lproj/authorization.buttons.strings index 6e6d04a3..da9a0ee6 100644 --- a/OSX/lib/en.lproj/authorization.buttons.strings +++ b/OSX/lib/en.lproj/authorization.buttons.strings @@ -139,3 +139,6 @@ "system.preferences.continuity" = "Unlock"; "com.apple.ctkbind.admin" = "Pair"; + +"com.apple.security.sudo" = "Allow"; + diff --git a/OSX/lib/en.lproj/authorization.dfr.prompts-BBBAA77A32-C4EBFEA440.strings b/OSX/lib/en.lproj/authorization.dfr.prompts-BBBAA77A32-C4EBFEA440.strings index a37ee1e1..677e29c7 100644 --- a/OSX/lib/en.lproj/authorization.dfr.prompts-BBBAA77A32-C4EBFEA440.strings +++ b/OSX/lib/en.lproj/authorization.dfr.prompts-BBBAA77A32-C4EBFEA440.strings @@ -155,3 +155,6 @@ "system.preferences.continuity" = "Touch ID to Unlock the Touch ID Preferences."; "com.apple.ctkbind.admin" = "Touch ID to Pair the Current User With the SmartCard Identity."; + +"com.apple.security.sudo" = "Touch ID to Execute a command as administrator."; + diff --git a/OSX/lib/en.lproj/authorization.prompts.strings b/OSX/lib/en.lproj/authorization.prompts.strings index 1facfb91..c5aeceb6 100644 --- a/OSX/lib/en.lproj/authorization.prompts.strings +++ b/OSX/lib/en.lproj/authorization.prompts.strings @@ -158,3 +158,5 @@ "com.apple.builtin.sc-kc-new-passphrase" = "The system will now create a keychain to store your secrets. Your smart card will automatically unlock it. Please choose a password that can unlock it separately. You may use your account password or pick another one. For security reasons, do not use your smart card PIN or similar text."; +"com.apple.security.sudo" = "__APPNAME__ is trying to execute a command as administrator."; + diff --git a/OSX/lib/security.exp-in b/OSX/lib/security.exp-in deleted file mode 100644 index cade2ae3..00000000 --- a/OSX/lib/security.exp-in +++ /dev/null @@ -1,2907 +0,0 @@ -// -// -// -#include - -_SecurityVersionNumber -_SecurityVersionString - -// -// libsecurity_asn1 -// -_SecAsn1AllocCopy -_SecAsn1AllocCopyItem -_SecAsn1AllocItem -_SecAsn1CoderCreate -_SecAsn1CoderRelease -_SecAsn1Decode -_SecAsn1DecodeData -_SecAsn1EncodeItem -_SecAsn1Malloc -_SecAsn1OidCompare -_kSecAsn1AnyTemplate -_kSecAsn1BMPStringTemplate -_kSecAsn1BitStringTemplate -_kSecAsn1BooleanTemplate -_kSecAsn1EnumeratedTemplate -_kSecAsn1GeneralizedTimeTemplate -_kSecAsn1IA5StringTemplate -_kSecAsn1IntegerTemplate -_kSecAsn1NullTemplate -_kSecAsn1ObjectIDTemplate -_kSecAsn1OctetStringTemplate -_kSecAsn1PointerToAnyTemplate -_kSecAsn1PointerToBMPStringTemplate -_kSecAsn1PointerToBitStringTemplate -_kSecAsn1PointerToBooleanTemplate -_kSecAsn1PointerToEnumeratedTemplate -_kSecAsn1PointerToGeneralizedTimeTemplate -_kSecAsn1PointerToIA5StringTemplate -_kSecAsn1PointerToIntegerTemplate -_kSecAsn1PointerToNullTemplate -_kSecAsn1PointerToObjectIDTemplate -_kSecAsn1PointerToOctetStringTemplate -_kSecAsn1PointerToPrintableStringTemplate -_kSecAsn1PointerToT61StringTemplate -_kSecAsn1PointerToTeletexStringTemplate -_kSecAsn1PointerToUTCTimeTemplate -_kSecAsn1PointerToUTF8StringTemplate -_kSecAsn1PointerToUniversalStringTemplate -_kSecAsn1PointerToVisibleStringTemplate -_kSecAsn1PrintableStringTemplate -_kSecAsn1SequenceOfAnyTemplate -_kSecAsn1SequenceOfBMPStringTemplate -_kSecAsn1SequenceOfBitStringTemplate -_kSecAsn1SequenceOfBooleanTemplate -_kSecAsn1SequenceOfEnumeratedTemplate -_kSecAsn1SequenceOfGeneralizedTimeTemplate -_kSecAsn1SequenceOfIA5StringTemplate -_kSecAsn1SequenceOfIntegerTemplate -_kSecAsn1SequenceOfNullTemplate -_kSecAsn1SequenceOfObjectIDTemplate -_kSecAsn1SequenceOfOctetStringTemplate -_kSecAsn1SequenceOfPrintableStringTemplate -_kSecAsn1SequenceOfT61StringTemplate -_kSecAsn1SequenceOfTeletexStringTemplate -_kSecAsn1SequenceOfUTCTimeTemplate -_kSecAsn1SequenceOfUTF8StringTemplate -_kSecAsn1SequenceOfUniversalStringTemplate -_kSecAsn1SequenceOfVisibleStringTemplate -_kSecAsn1SetOfAnyTemplate -_kSecAsn1SetOfBMPStringTemplate -_kSecAsn1SetOfBitStringTemplate -_kSecAsn1SetOfBooleanTemplate -_kSecAsn1SetOfEnumeratedTemplate -_kSecAsn1SetOfGeneralizedTimeTemplate -_kSecAsn1SetOfIA5StringTemplate -_kSecAsn1SetOfIntegerTemplate -_kSecAsn1SetOfNullTemplate -_kSecAsn1SetOfObjectIDTemplate -_kSecAsn1SetOfOctetStringTemplate -_kSecAsn1SetOfPrintableStringTemplate -_kSecAsn1SetOfT61StringTemplate -_kSecAsn1SetOfTeletexStringTemplate -_kSecAsn1SetOfUTCTimeTemplate -_kSecAsn1SetOfUTF8StringTemplate -_kSecAsn1SetOfUniversalStringTemplate -_kSecAsn1SetOfVisibleStringTemplate -_kSecAsn1SkipTemplate -_kSecAsn1T61StringTemplate -_kSecAsn1TeletexStringTemplate -_kSecAsn1UTCTimeTemplate -_kSecAsn1UTF8StringTemplate -_kSecAsn1UniversalStringTemplate -_kSecAsn1UnsignedIntegerTemplate -_kSecAsn1VisibleStringTemplate -_kSecAsn1CertExtensionTemplate -_kSecAsn1RevokedCertTemplate -_kSecAsn1SequenceOfCertExtensionTemplate -_kSecAsn1SequenceOfRevokedCertTemplate -_kSecAsn1SignedCertOrCRLTemplate -_kSecAsn1SignedCertTemplate -_kSecAsn1SignedCrlTemplate -_kSecAsn1TBSCertificateTemplate -_kSecAsn1TBSCrlTemplate -_kSecAsn1ValidityTemplate -_kSecAsn1AccessDescriptionTemplate -_kSecAsn1AuthorityInfoAccessTemplate -_kSecAsn1AuthorityKeyIdTemplate -_kSecAsn1BasicConstraintsTemplate -_kSecAsn1CRLDistributionPointsTemplate -_kSecAsn1CertPoliciesTemplate -_kSecAsn1DistPointFullNameTemplate -_kSecAsn1DistPointRDNTemplate -_kSecAsn1DistributionPointTemplate -_kSecAsn1IssuingDistributionPointTemplate -_kSecAsn1PolicyInformationTemplate -_kSecAsn1PolicyQualifierTemplate -_kSecAsn1CertRequestInfoTemplate -_kSecAsn1CertRequestTemplate -_kSecAsn1SignedCertRequestTemplate -_kSecAsn1AlgorithmIDTemplate -_kSecAsn1AttributeTemplate -_kSecAsn1DHAlgorithmIdentifierX942Template -_kSecAsn1DHDomainParamsX942Template -_kSecAsn1DHParameterBlockTemplate -_kSecAsn1DHParameterTemplate -_kSecAsn1DHPrivateKeyPKCS8Template -_kSecAsn1DHPrivateKeyTemplate -_kSecAsn1DHPublicKeyX509Template -_kSecAsn1DHValidationParamsTemplate -_kSecAsn1DigestInfoTemplate -_kSecAsn1EncryptedPrivateKeyInfoTemplate -_kSecAsn1PrivateKeyInfoTemplate -_kSecAsn1RSAPrivateKeyPKCS1Template -_kSecAsn1RSAPublicKeyPKCS1Template -_kSecAsn1SetOfAttributeTemplate -_kSecAsn1SubjectPublicKeyInfoTemplate -_kSecAsn1ATVTemplate -_kSecAsn1GenNameOtherNameTemplate -_kSecAsn1GeneralNameTemplate -_kSecAsn1NameTemplate -_kSecAsn1OtherNameTemplate -_kSecAsn1RDNTemplate -_SecAsn1TaggedTemplateChooser -_kSecAsn1DSAAlgParamsTemplate -_kSecAsn1DSAAlgParamsBSAFETemplate -_kSecAsn1DSAAlgorithmIdX509Template -_kSecAsn1DSAAlgorithmIdBSAFETemplate -_kSecAsn1DSAPublicKeyX509Template -_kSecAsn1DSAPublicKeyBSAFETemplate -_kSecAsn1DSAPrivateKeyOpensslTemplate -_kSecAsn1DSAPrivateKeyOctsTemplate -_kSecAsn1DSAPrivateKeyBSAFETemplate -_kSecAsn1DSAPrivateKeyPKCS8Template -_kSecAsn1DSASignatureTemplate -_kSecAsn1OCSPBasicResponseTemplate -_kSecAsn1OCSPCertIDTemplate -_kSecAsn1OCSPCertStatusGoodTemplate -_kSecAsn1OCSPCertStatusRevokedTemplate -_kSecAsn1OCSPCertStatusUnknownTemplate -_kSecAsn1OCSPRequestTemplate -_kSecAsn1OCSPResponderIDAsNameTemplate -_kSecAsn1OCSPResponderIDAsKeyTemplate -_kSecAsn1OCSPResponseBytesTemplate -_kSecAsn1OCSPResponseDataTemplate -_kSecAsn1OCSPResponseTemplate -_kSecAsn1OCSPRevokedInfoTemplate -_kSecAsn1OCSPSignatureTemplate -_kSecAsn1OCSPSignedRequestTemplate -_kSecAsn1OCSPSingleResponseTemplate -_kSecAsn1OCSPTbsRequestTemplate -_kSecAsn1OCSPDRequestTemplate -_kSecAsn1OCSPDRequestsTemplate -_kSecAsn1OCSPDReplyTemplate -_kSecAsn1OCSPDRepliesTemplate -_kSecAsn1SemanticsInformationTemplate -_kSecAsn1QC_StatementTemplate -_kSecAsn1QC_StatementsTemplate - -// -// libsecurity_authorization -// -_AuthorizationCopyInfo -_AuthorizationCopyPrivilegedReference -_AuthorizationCopyRights -_AuthorizationCopyRightsAsync -_AuthorizationDismiss -_AuthorizationCreate -_AuthorizationCreateWithAuditToken -_AuthorizationCreateFromExternalForm -_AuthorizationExecuteWithPrivileges -_AuthorizationExecuteWithPrivilegesExternalForm -_AuthorizationFree -_AuthorizationFreeItemSet -_AuthorizationMakeExternalForm -_AuthorizationRightGet -_AuthorizationRightRemove -_AuthorizationRightSet -_AuthorizationEnableSmartCard -_SessionCreate -_SessionGetInfo -_SessionSetDistinguishedUser -_SessionGetDistinguishedUser -_SessionSetUserPreferences - -// -// libsecurity_checkpw -// -_checkpw -_checkpw_internal - -// -// libsecurity_cms -// -_kCMSEncoderDigestAlgorithmSHA1 -_kCMSEncoderDigestAlgorithmSHA256 -_CMSEncode -_CMSEncodeContent -_CMSEncoderAddSupportingCerts -_CMSEncoderAddRecipients -_CMSEncoderAddSigners -_CMSEncoderCopySupportingCerts -_CMSEncoderCopyRecipients -_CMSEncoderCopySigners -_CMSEncoderCreate -_CMSEncoderCopyEncodedContent -_CMSEncoderGetCmsMessage -_CMSEncoderSetSignerAlgorithm -_CMSEncoderSetHasDetachedContent -_CMSEncoderGetHasDetachedContent -_CMSEncoderCopyEncapsulatedContentType -_CMSEncoderGetEncoder -_CMSEncoderGetTypeID -_CMSEncoderSetEncapsulatedContentType -_CMSEncoderSetEncapsulatedContentTypeOID -_CMSEncoderSetEncoder -_CMSEncoderAddSignedAttributes -_CMSEncoderSetSigningTime -_CMSEncoderSetAppleCodesigningHashAgility -_CMSEncoderSetCertificateChainMode -_CMSEncoderGetCertificateChainMode -_CMSEncoderUpdateContent -_CMSDecoderCopyAllCerts -_CMSDecoderCopyContent -_CMSDecoderCopyDetachedContent -_CMSDecoderCopySignerStatus -_CMSDecoderCreate -_CMSDecoderGetTypeID -_CMSDecoderFinalizeMessage -_CMSDecoderGetDecoder -_CMSDecoderCopyEncapsulatedContentType -_CMSDecoderIsContentEncrypted -_CMSDecoderGetNumSigners -_CMSDecoderSetDecoder -_CMSDecoderSetDetachedContent -_CMSDecoderUpdateMessage -_CMSDecoderGetCmsMessage -_CMSDecoderSetSearchKeychain -_CMSDecoderCopySignerEmailAddress -_CMSDecoderCopySignerCert -_CmsMessageSetTSAContext -_CMSDecoderCopySignerSigningTime -_CMSDecoderCopySignerTimestamp -_CMSDecoderCopySignerTimestampWithPolicy -_CMSDecoderCopySignerTimestampCertificates -_CMSEncoderCopySignerTimestamp -_CMSEncoderCopySignerTimestampWithPolicy -_CMSDecoderCopySignerAppleCodesigningHashAgility - -// -// libsecurity_codesigning -// -_SecCodeGetTypeID -_SecCodeCopySelf -_SecCodeCopyInternalRequirement -_SecCodeGetStatus -_SecCodeSetStatus -_SecCodeCopyStaticCode -_SecCodeCopyHost -_SecCodeCopyGuestWithAttributes -_SecCodeCreateWithPID -_SecCodeCheckValidity -_SecCodeCheckValidityWithErrors -_SecCodeCopyPath -_SecCodeCopyDesignatedRequirement -_SecCodeCopySigningInformation -_SecCodeMapMemory -_SecCodeSetDetachedSignature -_SecCodeCopyComponent -_SecCodeValidateFileResource -_kSecCodeAttributeArchitecture -_kSecCodeAttributeBundleVersion -_kSecCodeAttributeSubarchitecture -_kSecCodeAttributeUniversalFileOffset -_SecStaticCodeGetTypeID -_SecStaticCodeCreateWithPath -_SecStaticCodeCreateWithPathAndAttributes -_SecStaticCodeCheckValidity -_SecStaticCodeCheckValidityWithErrors -_SecStaticCodeSetCallback -_SecStaticCodeSetValidationConditions -_SecStaticCodeCancelValidation -_SecRequirementGetTypeID -_SecRequirementCreateWithData -_SecRequirementCreateWithResource -_SecRequirementCreateWithString -_SecRequirementCreateWithStringAndErrors -_SecRequirementCreateGroup -_SecRequirementCopyData -_SecRequirementCopyString -_SecRequirementEvaluate -_SecRequirementsCreateFromRequirements -_SecRequirementsCopyRequirements -_SecRequirementsCreateWithString -_SecRequirementsCopyString -_SecCodeSignerGetTypeID -_SecCodeSignerCreate -_SecCodeSignerAddSignature -_SecCodeSignerAddSignatureWithErrors -_SecHostCreateGuest -_SecHostRemoveGuest -_SecHostSetGuestStatus -_SecHostSelectGuest -_SecHostSelectedGuest -_SecHostSetHostingPort -_kSecCodeDirectoryFlagTable -_kSecCodeSignerApplicationData -_kSecCodeSignerDetached -_kSecCodeSignerDigestAlgorithm -_kSecCodeSignerDryRun -_kSecCodeSignerEntitlements -_kSecCodeSignerFlags -_kSecCodeSignerIdentifier -_kSecCodeSignerIdentifierPrefix -_kSecCodeSignerIdentity -_kSecCodeSignerPageSize -_kSecCodeSignerPreserveMetadata -_kSecCodeSignerRequirements -_kSecCodeSignerResourceRules -_kSecCodeSignerSDKRoot -_kSecCodeSignerSigningTime -_kSecCodeSignerRequireTimestamp -_kSecCodeSignerTeamIdentifier -_kSecCodeSignerPlatformIdentifier -_kSecCodeSignerTimestampServer -_kSecCodeSignerTimestampAuthentication -_kSecCodeSignerTimestampOmitCertificates -_kSecCodeInfoCertificates -_kSecCodeInfoChangedFiles -_kSecCodeInfoCMS -_kSecCodeInfoTime -_kSecCodeInfoTimestamp -_kSecCodeInfoDesignatedRequirement -_kSecCodeInfoEntitlements -_kSecCodeInfoEntitlementsDict -_kSecCodeInfoFlags -_kSecCodeInfoFormat -_kSecCodeInfoDigestAlgorithm -_kSecCodeInfoDigestAlgorithms -_kSecCodeInfoIdentifier -_kSecCodeInfoImplicitDesignatedRequirement -_kSecCodeInfoMainExecutable -_kSecCodeInfoPList -_kSecCodeInfoRequirements -_kSecCodeInfoRequirementData -_kSecCodeInfoSource -_kSecCodeInfoStatus -_kSecCodeInfoTeamIdentifier -_kSecCodeInfoTrust -_kSecCodeInfoUnique -_kSecCodeInfoCdHashes -_kSecCodeInfoCodeDirectory -_kSecCodeInfoCodeOffset -_kSecCodeInfoDiskRepInfo -_kSecCodeInfoDiskRepOSPlatform -_kSecCodeInfoDiskRepOSVersionMin -_kSecCodeInfoDiskRepOSSDKVersion -_kSecCodeInfoDiskRepNoLibraryValidation -_kSecCodeInfoResourceDirectory -_kSecGuestAttributeCanonical -_kSecGuestAttributeDynamicCode -_kSecGuestAttributeDynamicCodeInfoPlist -_kSecGuestAttributeHash -_kSecGuestAttributeMachPort -_kSecGuestAttributePid -_kSecGuestAttributeAudit -_kSecRequirementKeyInfoPlist -_kSecRequirementKeyEntitlements -_kSecRequirementKeyIdentifier -_kSecCFErrorArchitecture -_kSecCFErrorPath -_kSecCFErrorPattern -_kSecCFErrorResourceSeal -_kSecCFErrorResourceAdded -_kSecCFErrorResourceAltered -_kSecCFErrorResourceMissing -_kSecCFErrorResourceSideband -_kSecCFErrorInfoPlist -_kSecCFErrorGuestAttributes -_kSecCFErrorRequirementSyntax - -_SecTaskCreateWithAuditToken -_SecTaskCreateFromSelf -_SecTaskCopyValueForEntitlement -_SecTaskCopyValuesForEntitlements -_SecTaskCopySigningIdentifier -#if TARGET_OS_OSX -_SecTaskEntitlementsValidated -#endif -_SecTaskGetCodeSignStatus -_SecTaskGetTypeID -_SecTaskValidateForRequirement - -_SecAssessmentCreate -_SecAssessmentCopyResult -_SecAssessmentUpdate -_SecAssessmentCopyUpdate -_SecAssessmentControl -_kSecAssessmentContextKeyOperation -_kSecAssessmentOperationTypeExecute -_kSecAssessmentOperationTypeInstall -_kSecAssessmentOperationTypeOpenDocument -_kSecAssessmentContextKeyUTI -_kSecAssessmentContextKeyFeedback -_kSecAssessmentFeedbackProgress -_kSecAssessmentFeedbackInfoCurrent -_kSecAssessmentFeedbackInfoTotal -_kSecAssessmentContextKeyUpdate -_kSecAssessmentUpdateOperationAdd -_kSecAssessmentUpdateOperationRemove -_kSecAssessmentUpdateOperationEnable -_kSecAssessmentUpdateOperationDisable -_kSecAssessmentUpdateOperationFind -_kSecAssessmentUpdateKeyAuthorization -_kSecAssessmentUpdateKeyAllow -_kSecAssessmentUpdateKeyExpires -_kSecAssessmentUpdateKeyLabel -_kSecAssessmentUpdateKeyPriority -_kSecAssessmentUpdateKeyRemarks -_kSecAssessmentUpdateKeyRow -_kSecAssessmentUpdateKeyCount -_kSecAssessmentUpdateKeyFound -_kSecAssessmentAssessmentAuthority -_kSecAssessmentAssessmentAuthorityOverride -_kSecAssessmentAssessmentAuthorityRow -_kSecAssessmentAssessmentFromCache -_kSecAssessmentAssessmentOriginator -_kSecAssessmentAssessmentSource -_kSecAssessmentAssessmentVerdict -_kSecAssessmentAssessmentWeakSignature -_kSecAssessmentAssessmentCodeSigningError -_kSecAssessmentRuleKeyID -_kSecAssessmentRuleKeyPriority -_kSecAssessmentRuleKeyAllow -_kSecAssessmentRuleKeyLabel -_kSecAssessmentRuleKeyRemarks -_kSecAssessmentRuleKeyRequirement -_kSecAssessmentRuleKeyType -_kSecAssessmentRuleKeyExpires -_kSecAssessmentRuleKeyDisabled -_kSecAssessmentRuleKeyBookmark -_kSecAssessmentContextKeyPrimarySignature - -// -// libsecurity_cssm -// -_CSSMOID_ANSI_DH_EPHEM -_CSSMOID_ANSI_DH_EPHEM_SHA1 -_CSSMOID_ANSI_DH_HYBRID1 -_CSSMOID_ANSI_DH_HYBRID1_SHA1 -_CSSMOID_ANSI_DH_HYBRID2 -_CSSMOID_ANSI_DH_HYBRID2_SHA1 -_CSSMOID_ANSI_DH_HYBRID_ONEFLOW -_CSSMOID_ANSI_DH_ONE_FLOW -_CSSMOID_ANSI_DH_ONE_FLOW_SHA1 -_CSSMOID_ANSI_DH_PUB_NUMBER -_CSSMOID_ANSI_DH_STATIC -_CSSMOID_ANSI_DH_STATIC_SHA1 -_CSSMOID_ANSI_MQV1 -_CSSMOID_ANSI_MQV1_SHA1 -_CSSMOID_ANSI_MQV2 -_CSSMOID_ANSI_MQV2_SHA1 -_CSSMOID_APPLE_ASC -_CSSMOID_APPLE_ECDSA -_CSSMOID_APPLE_FEE -_CSSMOID_APPLE_FEED -_CSSMOID_APPLE_FEEDEXP -_CSSMOID_APPLE_FEE_MD5 -_CSSMOID_APPLE_FEE_SHA1 -_CSSMOID_APPLE_ISIGN -_CSSMOID_APPLE_TP_CSR_GEN -_CSSMOID_APPLE_TP_EAP -_CSSMOID_APPLE_TP_CODE_SIGN -_CSSMOID_APPLE_TP_SW_UPDATE_SIGNING -_CSSMOID_APPLE_TP_IP_SEC -_CSSMOID_APPLE_TP_LOCAL_CERT_GEN -_CSSMOID_APPLE_TP_REVOCATION_CRL -_CSSMOID_APPLE_TP_REVOCATION_OCSP -_CSSMOID_APPLE_TP_SMIME -_CSSMOID_APPLE_TP_SSL -_CSSMOID_APPLE_TP_ICHAT -_CSSMOID_APPLE_TP_RESOURCE_SIGN -_CSSMOID_APPLE_TP_PKINIT_CLIENT -_CSSMOID_APPLE_TP_PKINIT_SERVER -_CSSMOID_APPLE_TP_CODE_SIGNING -_CSSMOID_APPLE_TP_PACKAGE_SIGNING -_CSSMOID_APPLE_TP_MACAPPSTORE_RECEIPT -_CSSMOID_APPLE_TP_APPLEID_SHARING -_CSSMOID_APPLE_TP_TIMESTAMPING -_CSSMOID_APPLE_TP_REVOCATION -_CSSMOID_APPLE_TP_PASSBOOK_SIGNING -_CSSMOID_APPLE_TP_MOBILE_STORE -_CSSMOID_APPLE_TP_ESCROW_SERVICE -_CSSMOID_APPLE_TP_PROFILE_SIGNING -_CSSMOID_APPLE_TP_QA_PROFILE_SIGNING -_CSSMOID_APPLE_TP_TEST_MOBILE_STORE -_CSSMOID_APPLE_X509_BASIC -_CSSMOID_AliasedEntryName -_CSSMOID_AuthorityKeyIdentifier -_CSSMOID_AuthorityRevocationList -_CSSMOID_BasicConstraints -_CSSMOID_BusinessCategory -_CSSMOID_CACertificate -_CSSMOID_CSSMKeyStruct -_CSSMOID_CertIssuer -_CSSMOID_CertificatePolicies -_CSSMOID_CertificateRevocationList -_CSSMOID_ChallengePassword -_CSSMOID_ClientAuth -_CSSMOID_CollectiveFacsimileTelephoneNumber -_CSSMOID_CollectiveInternationalISDNNumber -_CSSMOID_CollectiveOrganizationName -_CSSMOID_CollectiveOrganizationalUnitName -_CSSMOID_CollectivePhysicalDeliveryOfficeName -_CSSMOID_CollectivePostOfficeBox -_CSSMOID_CollectivePostalAddress -_CSSMOID_CollectivePostalCode -_CSSMOID_CollectiveStateProvinceName -_CSSMOID_CollectiveStreetAddress -_CSSMOID_CollectiveTelephoneNumber -_CSSMOID_CollectiveTelexNumber -_CSSMOID_CollectiveTelexTerminalIdentifier -_CSSMOID_CommonName -_CSSMOID_ContentType -_CSSMOID_CounterSignature -_CSSMOID_CountryName -_CSSMOID_CrlDistributionPoints -_CSSMOID_CrlNumber -_CSSMOID_CrlReason -_CSSMOID_CrossCertificatePair -_CSSMOID_DH -_CSSMOID_DNQualifier -_CSSMOID_DSA -_CSSMOID_DSA_CMS -_CSSMOID_DSA_JDK -_CSSMOID_DeltaCrlIndicator -_CSSMOID_Description -_CSSMOID_DestinationIndicator -_CSSMOID_DistinguishedName -_CSSMOID_EmailAddress -_CSSMOID_EmailProtection -_CSSMOID_EnhancedSearchGuide -_CSSMOID_ExtendedCertificateAttributes -_CSSMOID_ExtendedKeyUsage -_CSSMOID_AuthorityInfoAccess -_CSSMOID_BiometricInfo -_CSSMOID_QC_Statements -_CSSMOID_SubjectInfoAccess -_CSSMOID_ExtendedKeyUsageAny -_CSSMOID_ExtendedUseCodeSigning -_CSSMOID_FacsimileTelephoneNumber -_CSSMOID_GenerationQualifier -_CSSMOID_GivenName -_CSSMOID_HoldInstructionCode -_CSSMOID_HouseIdentifier -_CSSMOID_Initials -_CSSMOID_InternationalISDNNumber -_CSSMOID_InvalidityDate -_CSSMOID_IssuerAltName -_CSSMOID_IssuingDistributionPoint -_CSSMOID_IssuingDistributionPoints -_CSSMOID_KeyUsage -_CSSMOID_KnowledgeInformation -_CSSMOID_LocalityName -_CSSMOID_MD2 -_CSSMOID_MD2WithRSA -_CSSMOID_MD4 -_CSSMOID_MD4WithRSA -_CSSMOID_MD5 -_CSSMOID_MD5WithRSA -_CSSMOID_Member -_CSSMOID_MessageDigest -_CSSMOID_Name -_CSSMOID_NameConstraints -_CSSMOID_NetscapeCertType -_CSSMOID_NetscapeCertSequence -_CSSMOID_NetscapeSGC -_CSSMOID_MicrosoftSGC -_CSSMOID_OCSPSigning -_CSSMOID_KERBv5_PKINIT_KP_CLIENT_AUTH -_CSSMOID_KERBv5_PKINIT_KP_KDC -_CSSMOID_EKU_IPSec -_CSSMOID_ObjectClass -_CSSMOID_OrganizationName -_CSSMOID_OrganizationalUnitName -_CSSMOID_Owner -_CSSMOID_PKCS12_certBag -_CSSMOID_PKCS12_crlBag -_CSSMOID_PKCS12_keyBag -_CSSMOID_PKCS12_pbeWithSHAAnd128BitRC2CBC -_CSSMOID_PKCS12_pbeWithSHAAnd128BitRC4 -_CSSMOID_PKCS12_pbeWithSHAAnd2Key3DESCBC -_CSSMOID_PKCS12_pbeWithSHAAnd3Key3DESCBC -_CSSMOID_PKCS12_pbeWithSHAAnd40BitRC4 -_CSSMOID_PKCS12_pbewithSHAAnd40BitRC2CBC -_CSSMOID_PKCS12_safeContentsBag -_CSSMOID_PKCS12_secretBag -_CSSMOID_PKCS12_shroudedKeyBag -_CSSMOID_KERBv5_PKINIT_AUTH_DATA -_CSSMOID_KERBv5_PKINIT_DH_KEY_DATA -_CSSMOID_KERBv5_PKINIT_RKEY_DATA -_CSSMOID_PKCS3 -_CSSMOID_PKCS7_Data -_CSSMOID_PKCS7_DataWithAttributes -_CSSMOID_PKCS7_DigestedData -_CSSMOID_PKCS7_EncryptedData -_CSSMOID_PKCS7_EncryptedPrivateKeyInfo -_CSSMOID_PKCS7_EnvelopedData -_CSSMOID_PKCS7_SignedAndEnvelopedData -_CSSMOID_PKCS7_SignedData -_CSSMOID_PKCS9_CertTypes -_CSSMOID_PKCS9_CrlTypes -_CSSMOID_PKCS9_FriendlyName -_CSSMOID_PKCS9_LocalKeyId -_CSSMOID_PKCS9_SdsiCertificate -_CSSMOID_PKCS9_X509Certificate -_CSSMOID_PKCS9_X509Crl -_CSSMOID_PKCS9_Id_Ct_TSTInfo -_CSSMOID_PKCS9_TimeStampToken -_CSSMOID_PKCS5_DIGEST_ALG -_CSSMOID_PKCS5_ENCRYPT_ALG -_CSSMOID_PKCS5_HMAC_SHA1 -_CSSMOID_PKCS5_pbeWithMD2AndDES -_CSSMOID_PKCS5_pbeWithMD5AndDES -_CSSMOID_PKCS5_pbeWithMD2AndRC2 -_CSSMOID_PKCS5_pbeWithMD5AndRC2 -_CSSMOID_PKCS5_pbeWithSHA1AndDES -_CSSMOID_PKCS5_pbeWithSHA1AndRC2 -_CSSMOID_PKCS5_PBKDF2 -_CSSMOID_PKCS5_PBES2 -_CSSMOID_PKCS5_PBMAC1 -_CSSMOID_PKCS5_RC2_CBC -_CSSMOID_PKCS5_DES_EDE3_CBC -_CSSMOID_PKCS5_RC5_CBC -_CSSMOID_PhysicalDeliveryOfficeName -_CSSMOID_PolicyConstraints -_CSSMOID_PolicyMappings -_CSSMOID_PostOfficeBox -_CSSMOID_PostalAddress -_CSSMOID_PostalCode -_CSSMOID_PreferredDeliveryMethod -_CSSMOID_PresentationAddress -_CSSMOID_PrivateKeyUsagePeriod -_CSSMOID_ProtocolInformation -_CSSMOID_QT_CPS -_CSSMOID_QT_UNOTICE -_CSSMOID_AD_OCSP -_CSSMOID_AD_CA_ISSUERS -_CSSMOID_AD_TIME_STAMPING -_CSSMOID_AD_CA_REPOSITORY -_CSSMOID_PDA_DATE_OF_BIRTH -_CSSMOID_PDA_PLACE_OF_BIRTH -_CSSMOID_PDA_GENDER -_CSSMOID_PDA_COUNTRY_CITIZEN -_CSSMOID_PDA_COUNTRY_RESIDENCE -_CSSMOID_OID_QCS_SYNTAX_V1 -_CSSMOID_OID_QCS_SYNTAX_V2 -_CSSMOID_ETSI_QCS_QC_COMPLIANCE -_CSSMOID_ETSI_QCS_QC_LIMIT_VALUE -_CSSMOID_ETSI_QCS_QC_RETENTION -_CSSMOID_ETSI_QCS_QC_SSCD -_CSSMOID_RSA -_CSSMOID_RegisteredAddress -_CSSMOID_RoleOccupant -_CSSMOID_SHA1 -_CSSMOID_SHA224 -_CSSMOID_SHA256 -_CSSMOID_SHA384 -_CSSMOID_SHA512 -_CSSMOID_SHA1WithDSA -_CSSMOID_SHA1WithDSA_CMS -_CSSMOID_SHA1WithDSA_JDK -_CSSMOID_SHA1WithRSA -_CSSMOID_SHA224WithRSA -_CSSMOID_SHA256WithRSA -_CSSMOID_SHA384WithRSA -_CSSMOID_SHA512WithRSA -_CSSMOID_SHA1WithRSA_OIW -_CSSMOID_RSAWithOAEP -_CSSMOID_OAEP_MGF1 -_CSSMOID_OAEP_ID_PSPECIFIED -_CSSMOID_SearchGuide -_CSSMOID_SeeAlso -_CSSMOID_SerialNumber -_CSSMOID_ServerAuth -_CSSMOID_SigningTime -_CSSMOID_StateProvinceName -_CSSMOID_StreetAddress -_CSSMOID_SubjectAltName -_CSSMOID_SubjectDirectoryAttributes -_CSSMOID_SubjectEmailAddress -_CSSMOID_SubjectKeyIdentifier -_CSSMOID_SubjectPicture -_CSSMOID_SubjectSignatureBitmap -_CSSMOID_SupportedApplicationContext -_CSSMOID_Surname -_CSSMOID_TelephoneNumber -_CSSMOID_TelexNumber -_CSSMOID_TelexTerminalIdentifier -_CSSMOID_TimeStamping -_CSSMOID_Title -_CSSMOID_UniqueIdentifier -_CSSMOID_UniqueMember -_CSSMOID_UnstructuredAddress -_CSSMOID_UnstructuredName -_CSSMOID_UseExemptions -_CSSMOID_UserCertificate -_CSSMOID_UserID -_CSSMOID_UserPassword -_CSSMOID_X509V1CRLIssuerNameCStruct -_CSSMOID_X509V1CRLIssuerNameLDAP -_CSSMOID_X509V1CRLIssuerStruct -_CSSMOID_X509V1CRLNextUpdate -_CSSMOID_X509V1CRLNumberOfRevokedCertEntries -_CSSMOID_X509V1CRLRevokedCertificatesCStruct -_CSSMOID_X509V1CRLRevokedCertificatesStruct -_CSSMOID_X509V1CRLRevokedEntryCStruct -_CSSMOID_X509V1CRLRevokedEntryRevocationDate -_CSSMOID_X509V1CRLRevokedEntrySerialNumber -_CSSMOID_X509V1CRLRevokedEntryStruct -_CSSMOID_X509V1CRLThisUpdate -_CSSMOID_X509V1CertificateIssuerUniqueId -_CSSMOID_X509V1CertificateSubjectUniqueId -_CSSMOID_X509V1IssuerName -_CSSMOID_X509V1IssuerNameCStruct -_CSSMOID_X509V1IssuerNameLDAP -_CSSMOID_X509V1IssuerNameStd -_CSSMOID_X509V1SerialNumber -_CSSMOID_X509V1Signature -_CSSMOID_X509V1SignatureAlgorithm -_CSSMOID_X509V1SignatureAlgorithmParameters -_CSSMOID_X509V1SignatureAlgorithmTBS -_CSSMOID_X509V1SignatureCStruct -_CSSMOID_X509V1SignatureStruct -_CSSMOID_X509V1SubjectName -_CSSMOID_X509V1SubjectNameCStruct -_CSSMOID_X509V1SubjectNameLDAP -_CSSMOID_X509V1SubjectNameStd -_CSSMOID_X509V1SubjectPublicKey -_CSSMOID_X509V1SubjectPublicKeyAlgorithm -_CSSMOID_X509V1SubjectPublicKeyAlgorithmParameters -_CSSMOID_X509V1SubjectPublicKeyCStruct -_CSSMOID_X509V1ValidityNotAfter -_CSSMOID_X509V1ValidityNotBefore -_CSSMOID_X509V1Version -_CSSMOID_X509V2CRLAllExtensionsCStruct -_CSSMOID_X509V2CRLAllExtensionsStruct -_CSSMOID_X509V2CRLExtensionCritical -_CSSMOID_X509V2CRLExtensionId -_CSSMOID_X509V2CRLExtensionType -_CSSMOID_X509V2CRLNumberOfExtensions -_CSSMOID_X509V2CRLRevokedEntryAllExtensionsCStruct -_CSSMOID_X509V2CRLRevokedEntryAllExtensionsStruct -_CSSMOID_X509V2CRLRevokedEntryExtensionCritical -_CSSMOID_X509V2CRLRevokedEntryExtensionId -_CSSMOID_X509V2CRLRevokedEntryExtensionType -_CSSMOID_X509V2CRLRevokedEntryExtensionValue -_CSSMOID_X509V2CRLRevokedEntryNumberOfExtensions -_CSSMOID_X509V2CRLRevokedEntrySingleExtensionCStruct -_CSSMOID_X509V2CRLRevokedEntrySingleExtensionStruct -_CSSMOID_X509V2CRLSignedCrlCStruct -_CSSMOID_X509V2CRLSignedCrlStruct -_CSSMOID_X509V2CRLSingleExtensionCStruct -_CSSMOID_X509V2CRLSingleExtensionStruct -_CSSMOID_X509V2CRLTbsCertListCStruct -_CSSMOID_X509V2CRLTbsCertListStruct -_CSSMOID_X509V2CRLVersion -_CSSMOID_X509V3Certificate -_CSSMOID_X509V3CertificateCStruct -_CSSMOID_X509V3CertificateExtensionCStruct -_CSSMOID_X509V3CertificateExtensionCritical -_CSSMOID_X509V3CertificateExtensionId -_CSSMOID_X509V3CertificateExtensionStruct -_CSSMOID_X509V3CertificateExtensionType -_CSSMOID_X509V3CertificateExtensionValue -_CSSMOID_X509V3CertificateExtensionsCStruct -_CSSMOID_X509V3CertificateExtensionsStruct -_CSSMOID_X509V3CertificateNumberOfExtensions -_CSSMOID_X509V3SignedCertificate -_CSSMOID_X509V3SignedCertificateCStruct -_CSSMOID_X_121Address -_CSSMOID_DOTMAC_CERT -_CSSMOID_DOTMAC_CERT_REQ -_CSSMOID_DOTMAC_CERT_REQ_IDENTITY -_CSSMOID_DOTMAC_CERT_REQ_EMAIL_SIGN -_CSSMOID_DOTMAC_CERT_REQ_EMAIL_ENCRYPT -_CSSMOID_DOTMAC_CERT_REQ_ARCHIVE_LIST -_CSSMOID_DOTMAC_CERT_REQ_ARCHIVE_STORE -_CSSMOID_DOTMAC_CERT_REQ_ARCHIVE_FETCH -_CSSMOID_DOTMAC_CERT_REQ_ARCHIVE_REMOVE -_CSSMOID_DOTMAC_CERT_REQ_SHARED_SERVICES -_CSSMOID_DOTMAC_CERT_REQ_VALUE_USERNAME -_CSSMOID_DOTMAC_CERT_REQ_VALUE_PASSWORD -_CSSMOID_DOTMAC_CERT_REQ_VALUE_HOSTNAME -_CSSMOID_DOTMAC_CERT_REQ_VALUE_RENEW -_CSSMOID_DOTMAC_CERT_REQ_VALUE_ASYNC -_CSSMOID_DOTMAC_CERT_REQ_VALUE_IS_PENDING -_CSSMOID_DOTMAC_CERT_EXTENSION -_CSSMOID_DOTMAC_CERT_IDENTITY -_CSSMOID_DOTMAC_CERT_EMAIL_SIGN -_CSSMOID_DOTMAC_CERT_EMAIL_ENCRYPT -_CSSMOID_APPLE_CERT_POLICY -_CSSMOID_DOTMAC_CERT_POLICY -_CSSMOID_ADC_CERT_POLICY -_CSSMOID_MACAPPSTORE_CERT_POLICY -_CSSMOID_MACAPPSTORE_RECEIPT_CERT_POLICY -_CSSMOID_APPLEID_CERT_POLICY -_CSSMOID_APPLEID_SHARING_CERT_POLICY -_CSSMOID_MOBILE_STORE_SIGNING_POLICY -_CSSMOID_TEST_MOBILE_STORE_SIGNING_POLICY -_CSSMOID_APPLE_EKU_CODE_SIGNING -_CSSMOID_APPLE_EKU_CODE_SIGNING_DEV -_CSSMOID_APPLE_EKU_RESOURCE_SIGNING -_CSSMOID_APPLE_EKU_ICHAT_SIGNING -_CSSMOID_APPLE_EKU_ICHAT_ENCRYPTION -_CSSMOID_APPLE_EKU_SYSTEM_IDENTITY -_CSSMOID_APPLE_EKU_PASSBOOK_SIGNING -_CSSMOID_APPLE_EKU_PROFILE_SIGNING -_CSSMOID_APPLE_EKU_QA_PROFILE_SIGNING -_CSSMOID_APPLE_EXTENSION -_CSSMOID_APPLE_EXTENSION_CODE_SIGNING -_CSSMOID_APPLE_EXTENSION_APPLE_SIGNING -_CSSMOID_APPLE_EXTENSION_ADC_DEV_SIGNING -_CSSMOID_APPLE_EXTENSION_ADC_APPLE_SIGNING -_CSSMOID_APPLE_EXTENSION_PASSBOOK_SIGNING -_CSSMOID_APPLE_EXTENSION_MACAPPSTORE_RECEIPT -_CSSMOID_APPLE_EXTENSION_INTERMEDIATE_MARKER -_CSSMOID_APPLE_EXTENSION_WWDR_INTERMEDIATE -_CSSMOID_APPLE_EXTENSION_ITMS_INTERMEDIATE -_CSSMOID_APPLE_EXTENSION_AAI_INTERMEDIATE -_CSSMOID_APPLE_EXTENSION_APPLEID_INTERMEDIATE -_CSSMOID_APPLE_EXTENSION_APPLEID_SHARING -_CSSMOID_APPLE_EXTENSION_SYSINT2_INTERMEDIATE -_CSSMOID_APPLE_EXTENSION_ESCROW_SERVICE -_CSSMOID_PKIX_OCSP -_CSSMOID_PKIX_OCSP_ARCHIVE_CUTOFF -_CSSMOID_PKIX_OCSP_BASIC -_CSSMOID_PKIX_OCSP_CRL -_CSSMOID_PKIX_OCSP_NOCHECK -_CSSMOID_PKIX_OCSP_NONCE -_CSSMOID_PKIX_OCSP_RESPONSE -_CSSMOID_PKIX_OCSP_SERVICE_LOCATOR -_CSSM_AC_AuthCompute -_CSSM_AC_PassThrough -_CSSM_CL_CertAbortCache -_CSSM_CL_CertAbortQuery -_CSSM_CL_CertCache -_CSSM_CL_CertCreateTemplate -_CSSM_CL_CertDescribeFormat -_CSSM_CL_CertGetAllFields -_CSSM_CL_CertGetAllTemplateFields -_CSSM_CL_CertGetFirstCachedFieldValue -_CSSM_CL_CertGetFirstFieldValue -_CSSM_CL_CertGetKeyInfo -_CSSM_CL_CertGetNextCachedFieldValue -_CSSM_CL_CertGetNextFieldValue -_CSSM_CL_CertGroupFromVerifiedBundle -_CSSM_CL_CertGroupToSignedBundle -_CSSM_CL_CertSign -_CSSM_CL_CertVerify -_CSSM_CL_CertVerifyWithKey -_CSSM_CL_CrlAbortCache -_CSSM_CL_CrlAbortQuery -_CSSM_CL_CrlAddCert -_CSSM_CL_CrlCache -_CSSM_CL_CrlCreateTemplate -_CSSM_CL_CrlDescribeFormat -_CSSM_CL_CrlGetAllCachedRecordFields -_CSSM_CL_CrlGetAllFields -_CSSM_CL_CrlGetFirstCachedFieldValue -_CSSM_CL_CrlGetFirstFieldValue -_CSSM_CL_CrlGetNextCachedFieldValue -_CSSM_CL_CrlGetNextFieldValue -_CSSM_CL_CrlRemoveCert -_CSSM_CL_CrlSetFields -_CSSM_CL_CrlSign -_CSSM_CL_CrlVerify -_CSSM_CL_CrlVerifyWithKey -_CSSM_CL_FreeFieldValue -_CSSM_CL_FreeFields -_CSSM_CL_IsCertInCachedCrl -_CSSM_CL_IsCertInCrl -_CSSM_CL_PassThrough -_CSSM_CSP_ChangeLoginAcl -_CSSM_CSP_ChangeLoginOwner -_CSSM_CSP_CreateAsymmetricContext -_CSSM_CSP_CreateDeriveKeyContext -_CSSM_CSP_CreateDigestContext -_CSSM_CSP_CreateKeyGenContext -_CSSM_CSP_CreateMacContext -_CSSM_CSP_CreatePassThroughContext -_CSSM_CSP_CreateRandomGenContext -_CSSM_CSP_CreateSignatureContext -_CSSM_CSP_CreateSymmetricContext -_CSSM_CSP_GetLoginAcl -_CSSM_CSP_GetLoginOwner -_CSSM_CSP_GetOperationalStatistics -_CSSM_CSP_Login -_CSSM_CSP_Logout -_CSSM_CSP_ObtainPrivateKeyFromPublicKey -_CSSM_CSP_PassThrough -_CSSM_ChangeKeyAcl -_CSSM_ChangeKeyOwner -_CSSM_DL_Authenticate -_CSSM_DL_ChangeDbAcl -_CSSM_DL_ChangeDbOwner -_CSSM_DL_CreateRelation -_CSSM_DL_DataAbortQuery -_CSSM_DL_DataDelete -_CSSM_DL_DataGetFirst -_CSSM_DL_DataGetFromUniqueRecordId -_CSSM_DL_DataGetNext -_CSSM_DL_DataInsert -_CSSM_DL_DataModify -_CSSM_DL_DbClose -_CSSM_DL_DbCreate -_CSSM_DL_DbDelete -_CSSM_DL_DbOpen -_CSSM_DL_DestroyRelation -_CSSM_DL_FreeNameList -_CSSM_DL_FreeUniqueRecord -_CSSM_DL_GetDbAcl -_CSSM_DL_GetDbNameFromHandle -_CSSM_DL_GetDbNames -_CSSM_DL_GetDbOwner -_CSSM_DL_PassThrough -_CSSM_DecryptData -_CSSM_DecryptDataFinal -_CSSM_DecryptDataInit -_CSSM_DecryptDataInitP -_CSSM_DecryptDataP -_CSSM_DecryptDataUpdate -_CSSM_DeleteContext -_CSSM_DeleteContextAttributes -_CSSM_DeriveKey -_CSSM_DigestData -_CSSM_DigestDataClone -_CSSM_DigestDataFinal -_CSSM_DigestDataInit -_CSSM_DigestDataUpdate -_CSSM_EncryptData -_CSSM_EncryptDataFinal -_CSSM_EncryptDataInit -_CSSM_EncryptDataInitP -_CSSM_EncryptDataP -_CSSM_EncryptDataUpdate -_CSSM_FreeContext -_CSSM_FreeKey -_CSSM_GenerateAlgorithmParams -_CSSM_GenerateKey -_CSSM_GenerateKeyP -_CSSM_GenerateKeyPair -_CSSM_GenerateKeyPairP -_CSSM_GenerateMac -_CSSM_GenerateMacFinal -_CSSM_GenerateMacInit -_CSSM_GenerateMacUpdate -_CSSM_GenerateRandom -_CSSM_GetAPIMemoryFunctions -_CSSM_GetContext -_CSSM_GetContextAttribute -_CSSM_GetKeyAcl -_CSSM_GetKeyOwner -_CSSM_GetModuleGUIDFromHandle -_CSSM_GetPrivilege -_CSSM_GetSubserviceUIDFromHandle -_CSSM_GetTimeValue -_CSSM_Init -_CSSM_Introduce -_CSSM_ListAttachedModuleManagers -_CSSM_ModuleAttach -_CSSM_ModuleDetach -_CSSM_ModuleLoad -_CSSM_ModuleUnload -_CSSM_QueryKeySizeInBits -_CSSM_QuerySize -_CSSM_RetrieveCounter -_CSSM_RetrieveUniqueId -_CSSM_SetContext -_CSSM_SetPrivilege -_CSSM_SignData -_CSSM_SignDataFinal -_CSSM_SignDataInit -_CSSM_SignDataUpdate -_CSSM_TP_ApplyCrlToDb -_CSSM_TP_CertCreateTemplate -_CSSM_TP_CertGetAllTemplateFields -_CSSM_TP_CertGroupConstruct -_CSSM_TP_CertGroupPrune -_CSSM_TP_CertGroupToTupleGroup -_CSSM_TP_CertGroupVerify -_CSSM_TP_CertReclaimAbort -_CSSM_TP_CertReclaimKey -_CSSM_TP_CertRemoveFromCrlTemplate -_CSSM_TP_CertRevoke -_CSSM_TP_CertSign -_CSSM_TP_ConfirmCredResult -_CSSM_TP_CrlCreateTemplate -_CSSM_TP_CrlSign -_CSSM_TP_CrlVerify -_CSSM_TP_FormRequest -_CSSM_TP_FormSubmit -_CSSM_TP_PassThrough -_CSSM_TP_ReceiveConfirmation -_CSSM_TP_RetrieveCredResult -_CSSM_TP_SubmitCredRequest -_CSSM_TP_TupleGroupToCertGroup -_CSSM_Terminate -_CSSM_Unintroduce -_CSSM_UnwrapKey -_CSSM_UnwrapKeyP -_CSSM_UpdateContextAttributes -_CSSM_VerifyData -_CSSM_VerifyDataFinal -_CSSM_VerifyDataInit -_CSSM_VerifyDataUpdate -_CSSM_VerifyDevice -_CSSM_VerifyMac -_CSSM_VerifyMacFinal -_CSSM_VerifyMacInit -_CSSM_VerifyMacUpdate -_CSSM_WrapKey -_CSSM_WrapKeyP -_cssmAlgToOid -_cssmOidToAlg -_gGuidAppleCSP -_gGuidAppleCSPDL -_gGuidAppleFileDL -_gGuidAppleX509CL -_gGuidAppleX509TP -_gGuidAppleDotMacTP -_gGuidAppleSdCSPDL -_gGuidCssm -_gGuidAppleLDAPDL -_gGuidAppleDotMacDL -_CSSMOID_X9_62 -_CSSMOID_X9_62_FieldType -_CSSMOID_X9_62_PubKeyType -_CSSMOID_X9_62_EllCurve -_CSSMOID_X9_62_C_TwoCurve -_CSSMOID_X9_62_PrimeCurve -_CSSMOID_X9_62_SigType -_CSSMOID_secp192r1 -_CSSMOID_secp256r1 -_CSSMOID_Certicom -_CSSMOID_CerticomEllCurve -_CSSMOID_secp112r1 -_CSSMOID_secp112r2 -_CSSMOID_secp128r1 -_CSSMOID_secp128r2 -_CSSMOID_secp160k1 -_CSSMOID_secp160r1 -_CSSMOID_secp160r2 -_CSSMOID_secp192k1 -_CSSMOID_secp224k1 -_CSSMOID_secp224r1 -_CSSMOID_secp256k1 -_CSSMOID_secp384r1 -_CSSMOID_secp521r1 -_CSSMOID_sect113r1 -_CSSMOID_sect113r2 -_CSSMOID_sect131r1 -_CSSMOID_sect131r2 -_CSSMOID_sect163k1 -_CSSMOID_sect163r1 -_CSSMOID_sect163r2 -_CSSMOID_sect193r1 -_CSSMOID_sect193r2 -_CSSMOID_sect233k1 -_CSSMOID_sect233r1 -_CSSMOID_sect239k1 -_CSSMOID_sect283k1 -_CSSMOID_sect283r1 -_CSSMOID_sect409k1 -_CSSMOID_sect409r1 -_CSSMOID_sect571k1 -_CSSMOID_sect571r1 -_CSSMOID_ecPublicKey -_CSSMOID_ECDSA_WithSHA1 -_CSSMOID_ECDSA_WithSHA224 -_CSSMOID_ECDSA_WithSHA256 -_CSSMOID_ECDSA_WithSHA384 -_CSSMOID_ECDSA_WithSHA512 -_CSSMOID_ECDSA_WithSpecified - -// -// libsecurity_keychain -// -_cssmErrorString -_cssmPerror -_kSecACLAuthorizationAny -_kSecACLAuthorizationLogin -_kSecACLAuthorizationGenKey -_kSecACLAuthorizationDelete -_kSecACLAuthorizationExportWrapped -_kSecACLAuthorizationExportClear -_kSecACLAuthorizationImportWrapped -_kSecACLAuthorizationImportClear -_kSecACLAuthorizationSign -_kSecACLAuthorizationEncrypt -_kSecACLAuthorizationDecrypt -_kSecACLAuthorizationMAC -_kSecACLAuthorizationDerive -_kSecACLAuthorizationKeychainCreate -_kSecACLAuthorizationKeychainDelete -_kSecACLAuthorizationKeychainItemRead -_kSecACLAuthorizationKeychainItemInsert -_kSecACLAuthorizationKeychainItemModify -_kSecACLAuthorizationKeychainItemDelete -_kSecACLAuthorizationPartitionID -_kSecACLAuthorizationIntegrity -_kSecIdentityDomainDefault -_kSecIdentityDomainKerberosKDC -_kSecClass -_kSecClassGenericPassword -_kSecClassInternetPassword -_kSecClassAppleSharePassword -_kSecClassCertificate -_kSecClassKey -_kSecClassIdentity -_kSecAttrAccess -_kSecAttrAccessGroup -_kSecAttrAccessGroupToken -_kSecAttrAccessible -_kSecAttrAccessibleWhenUnlocked -_kSecAttrAccessibleAfterFirstUnlock -_kSecAttrAccessibleAlways -_kSecAttrAccessibleAlwaysPrivate -_kSecAttrAccessibleWhenUnlockedThisDeviceOnly -_kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly -_kSecAttrAccessibleAlwaysThisDeviceOnly -_kSecAttrAccessibleAlwaysThisDeviceOnlyPrivate -_kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly -_kSecAttrCreationDate -_kSecAttrModificationDate -_kSecAttrDescription -_kSecAttrComment -_kSecAttrCreator -_kSecAttrType -_kSecAttrLabel -_kSecAttrIsInvisible -_kSecAttrIsNegative -_kSecAttrAccount -_kSecAttrService -_kSecAttrGeneric -_kSecAttrSecurityDomain -_kSecAttrServer -_kSecAttrProtocol -_kSecAttrAuthenticationType -_kSecAttrPort -_kSecAttrPath -_kSecAttrVolume -_kSecAttrAddress -_kSecAttrAFPServerSignature -_kSecAttrAlias -_kSecAttrSubject -_kSecAttrIssuer -_kSecAttrSerialNumber -_kSecAttrSubjectKeyID -_kSecAttrPublicKeyHash -_kSecAttrCertificateType -_kSecAttrCertificateEncoding -_kSecAttrKeyClass -_kSecAttrApplicationLabel -_kSecAttrIsPermanent -_kSecAttrIsPrivate -_kSecAttrIsModifiable -_kSecAttrApplicationTag -_kSecAttrKeyCreator -_kSecAttrKeyType -_kSecAttrKeySizeInBits -_kSecAttrEffectiveKeySize -_kSecAttrStartDate -_kSecAttrEndDate -_kSecAttrIsSensitive -_kSecAttrWasAlwaysSensitive -_kSecAttrIsExtractable -_kSecAttrWasNeverExtractable -_kSecAttrCanEncrypt -_kSecAttrCanDecrypt -_kSecAttrCanDerive -_kSecAttrCanSign -_kSecAttrCanVerify -_kSecAttrCanSignRecover -_kSecAttrCanVerifyRecover -_kSecAttrCanWrap -_kSecAttrCanUnwrap -_kSecAttrScriptCode -_kSecAttrHasCustomIcon -_kSecAttrCRLType -_kSecAttrCRLEncoding -_kSecAttrNoLegacy -_kSecAttrSynchronizable -_kSecAttrSynchronizableAny -_kSecAttrSyncViewHint -_kSecAttrTokenID -_kSecAttrTokenOID -_kSecAttrTokenIDSecureEnclave -_kSecAttrTombstone -#include "Security/SecureObjectSync/SOSViews.exp-in" -_kSecAttrMultiUser -_kSecUseTombstones -_kSecMatchPolicy -_kSecMatchItemList -_kSecMatchSearchList -_kSecMatchIssuers -_kSecMatchEmailAddressIfPresent -_kSecMatchSubjectContains -_kSecMatchSubjectStartsWith -_kSecMatchSubjectEndsWith -_kSecMatchSubjectWholeString -_kSecMatchCaseInsensitive -_kSecMatchDiacriticInsensitive -_kSecMatchWidthInsensitive -_kSecMatchTrustedOnly -_kSecMatchValidOnDate -_kSecMatchLimit -_kSecMatchLimitOne -_kSecMatchLimitAll -_kSecReturnData -_kSecReturnAttributes -_kSecReturnRef -_kSecReturnPersistentRef -_kSecValueData -_kSecValueRef -_kSecValuePersistentRef -_kSecUseItemList -_kSecUseKeychain -_kSecAttrProtocolFTP -_kSecAttrProtocolFTPAccount -_kSecAttrProtocolHTTP -_kSecAttrProtocolIRC -_kSecAttrProtocolNNTP -_kSecAttrProtocolPOP3 -_kSecAttrProtocolSMTP -_kSecAttrProtocolSOCKS -_kSecAttrProtocolIMAP -_kSecAttrProtocolLDAP -_kSecAttrProtocolAppleTalk -_kSecAttrProtocolAFP -_kSecAttrProtocolTelnet -_kSecAttrProtocolSSH -_kSecAttrProtocolFTPS -_kSecAttrProtocolHTTPS -_kSecAttrProtocolHTTPProxy -_kSecAttrProtocolHTTPSProxy -_kSecAttrProtocolFTPProxy -_kSecAttrProtocolSMB -_kSecAttrProtocolRTSP -_kSecAttrProtocolRTSPProxy -_kSecAttrProtocolDAAP -_kSecAttrProtocolEPPC -_kSecAttrProtocolIPP -_kSecAttrProtocolNNTPS -_kSecAttrProtocolLDAPS -_kSecAttrProtocolTelnetS -_kSecAttrProtocolIMAPS -_kSecAttrProtocolIRCS -_kSecAttrProtocolPOP3S -_kSecAttrAuthenticationTypeNTLM -_kSecAttrAuthenticationTypeMSN -_kSecAttrAuthenticationTypeDPA -_kSecAttrAuthenticationTypeRPA -_kSecAttrAuthenticationTypeHTTPBasic -_kSecAttrAuthenticationTypeHTTPDigest -_kSecAttrAuthenticationTypeHTMLForm -_kSecAttrAuthenticationTypeDefault -_kSecAttrKeyClassPublic -_kSecAttrKeyClassPrivate -_kSecAttrKeyClassSymmetric -_kSecPrivateKeyAttrs -_kSecPublicKeyAttrs -_kSecKeyAlgorithmRSASignatureRaw -_kSecKeyAlgorithmRSASignatureRawCCUnit -_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw -_kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5 -_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 -_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 -_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 -_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 -_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 -_kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5 -_kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1 -_kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224 -_kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256 -_kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384 -_kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512 -_kSecKeyAlgorithmECDSASignatureRFC4754 -_kSecKeyAlgorithmECDSASignatureDigestX962 -_kSecKeyAlgorithmECDSASignatureDigestX962SHA1 -_kSecKeyAlgorithmECDSASignatureDigestX962SHA224 -_kSecKeyAlgorithmECDSASignatureDigestX962SHA256 -_kSecKeyAlgorithmECDSASignatureDigestX962SHA384 -_kSecKeyAlgorithmECDSASignatureDigestX962SHA512 -_kSecKeyAlgorithmECDSASignatureMessageX962SHA1 -_kSecKeyAlgorithmECDSASignatureMessageX962SHA224 -_kSecKeyAlgorithmECDSASignatureMessageX962SHA256 -_kSecKeyAlgorithmECDSASignatureMessageX962SHA384 -_kSecKeyAlgorithmECDSASignatureMessageX962SHA512 -_kSecKeyAlgorithmRSAEncryptionRaw -_kSecKeyAlgorithmRSAEncryptionRawCCUnit -_kSecKeyAlgorithmRSAEncryptionPKCS1 -_kSecKeyAlgorithmRSAEncryptionOAEPSHA1 -_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 -_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 -_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 -_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 -_kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM -_kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM -_kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM -_kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM -_kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM -_kSecKeyAlgorithmECDHKeyExchangeStandard -_kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1 -_kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224 -_kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256 -_kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384 -_kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512 -_kSecKeyAlgorithmECDHKeyExchangeCofactor -_kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1 -_kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224 -_kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256 -_kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384 -_kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512 -_kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM -_kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM -_kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM -_kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM -_kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM -_kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM -_kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM -_kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM -_kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM -_kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM -_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw -_kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5 -_kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5 -_kSecKeyKeyExchangeParameterRequestedSize -_kSecKeyKeyExchangeParameterSharedInfo -_kSecImportExportPassphrase -_kSecImportExportKeychain -_kSecImportExportAccess -_kSecImportItemLabel -_kSecImportItemKeyID -_kSecImportItemTrust -_kSecImportItemCertChain -_kSecImportItemIdentity -_kSecPolicyAppleAST2DiagnosticsServerAuth -_kSecPolicyAppleATVVPNProfileSigning -_kSecPolicyAppleCodeSigning -_kSecPolicyAppleEAP -_kSecPolicyAppleEscrowProxyCompatibilityServerAuth -_kSecPolicyAppleEscrowProxyServerAuth -_kSecPolicyAppleEscrowService -_kSecPolicyAppleExternalDeveloper -_kSecPolicyAppleFactoryDeviceCertificate -_kSecPolicyAppleFMiPServerAuth -_kSecPolicyAppleGenericApplePinned -_kSecPolicyAppleGenericAppleSSLPinned -_kSecPolicyAppleGSService -_kSecPolicyAppleHomeKitServerAuth -_kSecPolicyAppleiAP -_kSecPolicyAppleIDAuthority -_kSecPolicyAppleIDSService -_kSecPolicyAppleIDSServiceContext -_kSecPolicyAppleIDValidation -_kSecPolicyAppleIDValidationRecordSigning -_kSecPolicyAppleIDValidationRecordSigningPolicy -_kSecPolicyAppleiPhoneActivation -_kSecPolicyAppleiPhoneApplicationSigning -_kSecPolicyAppleiPhoneDeviceCertificate -_kSecPolicyAppleiPhoneProfileApplicationSigning -_kSecPolicyAppleiPhoneProvisioningProfileSigning -_kSecPolicyAppleIPsec -_kSecPolicyAppleiTunesStoreURLBag -_kSecPolicyAppleLegacyPushService -_kSecPolicyAppleLockdownPairing -_kSecPolicyAppleMMCSCompatibilityServerAuth -_kSecPolicyAppleMMCSService -_kSecPolicyAppleMobileAsset -_kSecPolicyAppleMobileStore -_kSecPolicyAppleOCSPSigner -_kSecPolicyAppleOSXProvisioningProfileSigning -_kSecPolicyAppleOTAPKISigner -_kSecPolicyAppleOTATasking -_kSecPolicyApplePackageSigning -_kSecPolicyApplePassbookSigning -_kSecPolicyApplePayIssuerEncryption -_kSecPolicyApplePCSEscrowService -_kSecPolicyApplePKINITClient -_kSecPolicyApplePKINITServer -_kSecPolicyApplePPQService -_kSecPolicyApplePPQSigning -_kSecPolicyAppleProfileSigner -_kSecPolicyApplePushService -_kSecPolicyAppleQAProfileSigner -_kSecPolicyAppleRevocation -_kSecPolicyAppleSecureIOStaticAsset -_kSecPolicyAppleServerAuthentication -_kSecPolicyAppleSMIME -_kSecPolicyAppleSMPEncryption -_kSecPolicyAppleSoftwareSigning -_kSecPolicyAppleSSL -_kSecPolicyAppleSWUpdateSigning -_kSecPolicyAppleTestMobileStore -_kSecPolicyAppleTestOTAPKISigner -_kSecPolicyAppleTestPPQSigning -_kSecPolicyAppleTestSMPEncryption -_kSecPolicyAppleTimeStamping -_kSecPolicyAppleTVOSApplicationSigning -_kSecPolicyAppleUniqueDeviceIdentifierCertificate -_kSecPolicyAppleURLBag -_kSecPolicyAppleWarsaw -_kSecPolicyAppleX509Basic -_kSecPolicyMacAppStoreReceipt -_kSecPolicyAppleAnchorIncludeTestRoots -_kSecPolicyCheckAnchorSHA1 -_kSecPolicyCheckAnchorSHA256 -_kSecPolicyCheckAnchorApple -_kSecPolicyCheckAnchorTrusted -_kSecPolicyCheckBasicCertificateProcessing -_kSecPolicyCheckBasicConstraints -_kSecPolicyCheckBlackListedKey -_kSecPolicyCheckBlackListedLeaf -_kSecPolicyCheckCertificatePolicy -_kSecPolicyCheckCertificateTransparency -_kSecPolicyCheckChainLength -_kSecPolicyCheckCriticalExtensions -_kSecPolicyCheckEAPTrustedServerNames -_kSecPolicyCheckEmail -_kSecPolicyCheckExtendedKeyUsage -_kSecPolicyCheckExtendedValidation -_kSecPolicyCheckGrayListedKey -_kSecPolicyCheckGrayListedLeaf -_kSecPolicyCheckIdLinkage -_kSecPolicyCheckIntermediateEKU -_kSecPolicyCheckIntermediateMarkerOid -_kSecPolicyCheckIntermediateSPKISHA256 -_kSecPolicyCheckIssuerCommonName -_kSecPolicyCheckKeySize -_kSecPolicyCheckKeyUsage -_kSecPolicyCheckLeafMarkerOid -_kSecPolicyCheckLeafMarkerOidWithoutValueCheck -_kSecPolicyCheckNoNetworkAccess -_kSecPolicyCheckNonEmptySubject -_kSecPolicyCheckNotValidBefore -_kSecPolicyCheckQualifiedCertStatements -_kSecPolicyCheckRevocation -_kSecPolicyCheckRevocationResponseRequired -_kSecPolicyCheckRevocationOCSP -_kSecPolicyCheckRevocationCRL -_kSecPolicyCheckRevocationAny -_kSecPolicyCheckSignatureHashAlgorithms -_kSecPolicyCheckSSLHostname -_kSecPolicyCheckSubjectCommonName -_kSecPolicyCheckSubjectCommonNamePrefix -_kSecPolicyCheckSubjectCommonNameTEST -_kSecPolicyCheckSubjectOrganization -_kSecPolicyCheckSubjectOrganizationalUnit -_kSecPolicyCheckUsageConstraints -_kSecPolicyCheckValidIntermediates -_kSecPolicyCheckValidLeaf -_kSecPolicyCheckValidRoot -_kSecPolicyCheckWeakIntermediates -_kSecPolicyCheckWeakLeaf -_kSecPolicyCheckWeakRoot -_kSecPolicyClient -_kSecPolicyContext -_kSecPolicyIntermediateMarkerOid -_kSecPolicyLeafMarkerOid -_kSecPolicyName -_kSecPolicyOid -_kSecPolicyPolicyName -_kSecPolicyRevocationFlags -_kSecPolicyTeamIdentifier -#if TARGET_OS_MAC && !TARGET_OS_IPHONE -_kSecPolicyKU_CRLSign -_kSecPolicyKU_DataEncipherment -_kSecPolicyKU_DecipherOnly -_kSecPolicyKU_DigitalSignature -_kSecPolicyKU_EncipherOnly -_kSecPolicyKU_KeyAgreement -_kSecPolicyKU_KeyCertSign -_kSecPolicyKU_KeyEncipherment -_kSecPolicyKU_NonRepudiation -#endif -_kSecPropertyTypeTitle -_kSecPropertyTypeError -_kSecPropertyKeyType -_kSecPropertyKeyLabel -_kSecPropertyKeyLocalizedLabel -_kSecPropertyKeyValue -_kSecPropertyTypeWarning -_kSecPropertyTypeSuccess -_kSecPropertyTypeSection -_kSecPropertyTypeData -_kSecPropertyTypeString -_kSecPropertyTypeURL -_kSecPropertyTypeDate -_kSecOIDADC_CERT_POLICY -_kSecOIDAPPLE_CERT_POLICY -_kSecOIDAPPLE_EKU_CODE_SIGNING -_kSecOIDAPPLE_EKU_CODE_SIGNING_DEV -_kSecOIDAPPLE_EKU_ICHAT_ENCRYPTION -_kSecOIDAPPLE_EKU_ICHAT_SIGNING -_kSecOIDAPPLE_EKU_RESOURCE_SIGNING -_kSecOIDAPPLE_EKU_SYSTEM_IDENTITY -_kSecOIDAPPLE_EXTENSION -_kSecOIDAPPLE_EXTENSION_ADC_APPLE_SIGNING -_kSecOIDAPPLE_EXTENSION_ADC_DEV_SIGNING -_kSecOIDAPPLE_EXTENSION_APPLE_SIGNING -_kSecOIDAPPLE_EXTENSION_CODE_SIGNING -_kSecOIDAuthorityInfoAccess -_kSecOIDAuthorityKeyIdentifier -_kSecOIDBasicConstraints -_kSecOIDBiometricInfo -_kSecOIDCSSMKeyStruct -_kSecOIDCertIssuer -_kSecOIDCertificatePolicies -_kSecOIDClientAuth -_kSecOIDCollectiveStateProvinceName -_kSecOIDCollectiveStreetAddress -_kSecOIDCommonName -_kSecOIDCountryName -_kSecOIDCrlDistributionPoints -_kSecOIDCrlNumber -_kSecOIDCrlReason -_kSecOIDDOTMAC_CERT_EMAIL_ENCRYPT -_kSecOIDDOTMAC_CERT_EMAIL_SIGN -_kSecOIDDOTMAC_CERT_EXTENSION -_kSecOIDDOTMAC_CERT_IDENTITY -_kSecOIDDOTMAC_CERT_POLICY -_kSecOIDDeltaCrlIndicator -_kSecOIDDescription -_kSecOIDEKU_IPSec -_kSecOIDEmailAddress -_kSecOIDEmailProtection -_kSecOIDExtendedKeyUsage -_kSecOIDExtendedKeyUsageAny -_kSecOIDExtendedUseCodeSigning -_kSecOIDGivenName -_kSecOIDHoldInstructionCode -_kSecOIDInvalidityDate -_kSecOIDIssuerAltName -_kSecOIDIssuingDistributionPoint -_kSecOIDIssuingDistributionPoints -_kSecOIDKERBv5_PKINIT_KP_CLIENT_AUTH -_kSecOIDKERBv5_PKINIT_KP_KDC -_kSecOIDKeyUsage -_kSecOIDLocalityName -_kSecOIDMS_NTPrincipalName -_kSecOIDMicrosoftSGC -_kSecOIDNameConstraints -_kSecOIDNetscapeCertSequence -_kSecOIDNetscapeCertType -_kSecOIDNetscapeSGC -_kSecOIDOCSPSigning -_kSecOIDOrganizationName -_kSecOIDOrganizationalUnitName -_kSecOIDPolicyConstraints -_kSecOIDPolicyMappings -_kSecOIDPrivateKeyUsagePeriod -_kSecOIDQC_Statements -_kSecOIDSerialNumber -_kSecOIDServerAuth -_kSecOIDStateProvinceName -_kSecOIDStreetAddress -_kSecOIDSubjectAltName -_kSecOIDSubjectDirectoryAttributes -_kSecOIDSubjectEmailAddress -_kSecOIDSubjectInfoAccess -_kSecOIDSubjectKeyIdentifier -_kSecOIDSubjectPicture -_kSecOIDSubjectSignatureBitmap -_kSecOIDSurname -_kSecOIDTimeStamping -_kSecOIDTitle -_kSecOIDUseExemptions -_kSecOIDX509V1CertificateIssuerUniqueId -_kSecOIDX509V1CertificateSubjectUniqueId -_kSecOIDX509V1IssuerName -_kSecOIDX509V1IssuerNameCStruct -_kSecOIDX509V1IssuerNameLDAP -_kSecOIDX509V1IssuerNameStd -_kSecOIDX509V1SerialNumber -_kSecOIDX509V1Signature -_kSecOIDX509V1SignatureAlgorithm -_kSecOIDX509V1SignatureAlgorithmParameters -_kSecOIDX509V1SignatureAlgorithmTBS -_kSecOIDX509V1SignatureCStruct -_kSecOIDX509V1SignatureStruct -_kSecOIDX509V1SubjectName -_kSecOIDX509V1SubjectNameCStruct -_kSecOIDX509V1SubjectNameLDAP -_kSecOIDX509V1SubjectNameStd -_kSecOIDX509V1SubjectPublicKey -_kSecOIDX509V1SubjectPublicKeyAlgorithm -_kSecOIDX509V1SubjectPublicKeyAlgorithmParameters -_kSecOIDX509V1SubjectPublicKeyCStruct -_kSecOIDX509V1ValidityNotAfter -_kSecOIDX509V1ValidityNotBefore -_kSecOIDX509V1Version -_kSecOIDX509V3Certificate -_kSecOIDX509V3CertificateCStruct -_kSecOIDX509V3CertificateExtensionCStruct -_kSecOIDX509V3CertificateExtensionCritical -_kSecOIDX509V3CertificateExtensionId -_kSecOIDX509V3CertificateExtensionStruct -_kSecOIDX509V3CertificateExtensionType -_kSecOIDX509V3CertificateExtensionValue -_kSecOIDX509V3CertificateExtensionsCStruct -_kSecOIDX509V3CertificateExtensionsStruct -_kSecOIDX509V3CertificateNumberOfExtensions -_kSecOIDX509V3SignedCertificate -_kSecOIDX509V3SignedCertificateCStruct -_kSecOIDSRVName -_kSecRandomDefault -_kSecSignatureDigestAlgorithmUnknown -_kSecSignatureDigestAlgorithmMD2 -_kSecSignatureDigestAlgorithmMD4 -_kSecSignatureDigestAlgorithmMD5 -_kSecSignatureDigestAlgorithmSHA1 -_kSecSignatureDigestAlgorithmSHA224 -_kSecSignatureDigestAlgorithmSHA256 -_kSecSignatureDigestAlgorithmSHA384 -_kSecSignatureDigestAlgorithmSHA512 -_kSecTrustCertificateTransparency -_kSecTrustCertificateTransparencyWhiteList -_kSecTrustEvaluationDate -_kSecTrustExtendedValidation -_kSecTrustInfoCertificateTransparencyKey -_kSecTrustInfoCertificateTransparencyWhiteListKey -_kSecTrustInfoCompanyNameKey -_kSecTrustInfoExtendedValidationKey -_kSecTrustInfoRevocationKey -_kSecTrustInfoRevocationValidUntilKey -_kSecTrustOrganizationName -_kSecTrustResultDetails -_kSecTrustResultValue -_kSecTrustRevocationChecked -_kSecTrustRevocationReason -_kSecTrustRevocationValidUntilDate -_SecACLCopySimpleContents -_SecACLCreateFromSimpleContents -_SecACLCreateWithSimpleContents -_SecACLCopyContents -_SecACLGetAuthorizations -_SecACLCopyAuthorizations -_SecACLGetTypeID -_SecACLRemove -_SecACLSetAuthorizations -_SecACLUpdateAuthorizations -_SecACLSetContents -_SecACLSetSimpleContents -_SecBase64Encode -_SecAccessCopyACLList -_SecAccessCopySelectedACLList -_SecAccessCopyMatchingACLList -_SecAccessCreate -_SecAccessCreateFromOwnerAndACL -_SecAccessCreateWithOwnerAndACL -_SecAccessCreateWithTrustedApplications -_SecAccessGetOwnerAndACL -_SecAccessCopyOwnerAndACL -_SecAccessGetTypeID -_SecCertifcateBundleExport -_SecCertificateAddToKeychain -_SecCertificateBundleExport -_SecCertificateBundleImport -_SecCertificateCopyCommonName -_SecCertificateCopyCompanyName -_SecCertificateCopyData -_SecCertificateCopyDNSNames -_SecCertificateCopyEmailAddresses -_SecCertificateCopyEscrowRoots -_SecCertificateCopyFieldValues -_SecCertificateCopyFirstFieldValue -_SecCertificateCopyiAPAuthCapabilities -_SecCertificateCopyIssuerSHA1Digest -_SecCertificateCopyIssuerSummary -_SecCertificateCopyLongDescription -_SecCertificateCopyNTPrincipalNames -_SecCertificateCopyPrecertTBS -_SecCertificateCopyPreference -_SecCertificateCopyPreferred -_SecCertificateCopyPublicKey -_SecCertificateCopyPublicKey_ios -_SecCertificateCopyPublicKeySHA1Digest -_SecCertificateCopyPublicKeySHA1DigestFromCertificateData -_SecCertificateCopyRFC822Names -_SecCertificateCopySHA256Digest -_SecCertificateCopyShortDescription -_SecCertificateCopySignedCertificateTimestamps -_SecCertificateCopySubjectComponent -_SecCertificateCopySubjectPublicKeyInfoSHA1Digest -_SecCertificateCopySubjectPublicKeyInfoSHA256Digest -_SecCertificateCopySubjectSummary -_SecCertificateCopySubjectString -_SecCertificateCopySummaryProperties -_SecCertificateCopyValues -_SecCertificateCreateItemImplInstance -_SecCertificateCreateFromData -_SecCertificateCreateWithBytes -_SecCertificateCreateWithData -_SecCertificateCreateWithDataP -_SecCertificateFindByEmail -_SecCertificateFindByIssuerAndSN -_SecCertificateFindBySubjectKeyID -_SecCertificateGetAlgorithmID -_SecCertificateGetBytePtr -_SecCertificateGetCLHandle -_SecCertificateGetCLHandle_legacy -_SecCertificateGetCommonName -_SecCertificateGetData -_SecCertificateGetEmailAddress -_SecCertificateGetExcludedSubtrees -_SecCertificateGetIssuer -_SecCertificateGetKeyUsage -_SecCertificateGetLength -_SecCertificateGetPermittedSubtrees -_SecCertificateGetSHA1Digest -_SecCertificateGetSignatureHashAlgorithm -_SecCertificateGetSubject -_SecCertificateGetSubjectAltName -_SecCertificateGetType -_SecCertificateGetTypeID -_SecCertificateHasMarkerExtension -_SecCertificateInferLabel -_SecCertificateIsAtLeastMinKeySize -_SecCertificateIsCA -_SecCertificateIsSelfSigned -_SecCertificateIsSelfSignedCA -_SecCertificateIsSignedBy -_SecCertificateIsWeakHash -_SecCertificateIsWeakKey -_SecCertificateParseGeneralNameContentProperty -_SecCertificateParseGeneralNames -_SecCertificatePathCopyAddingLeaf -_SecCertificatePathCopyCertificates -_SecCertificatePathCopyFromParent -_SecCertificatePathCopyPublicKeyAtIndex -_SecCertificatePathCopyXPCArray -_SecCertificatePathCreate -_SecCertificatePathCreateSerialized -_SecCertificatePathGetCertificateAtIndex -_SecCertificatePathGetCount -_SecCertificatePathGetIndexOfCertificate -_SecCertificatePathGetNextSourceIndex -_SecCertificatePathGetRoot -_SecCertificatePathGetUsageConstraintsAtIndex -_SecCertificatePathHasWeakHash -_SecCertificatePathHasWeakKeySize -_SecCertificatePathIsAnchored -_SecCertificatePathIsValid -_SecCertificatePathScore -_SecCertificatePathSelfSignedIndex -_SecCertificatePathSetIsAnchored -_SecCertificatePathSetNextSourceIndex -_SecCertificatePathSetSelfIssued -_SecCertificatePathVerify -_SecCertificateRequestCreate -_SecCertificateRequestGetTypeID -_SecCertificateRequestSubmit -_SecCertificateRequestGetType -_SecCertificateRequestGetResult -_SecCertificateReleaseFieldValues -_SecCertificateFindRequest -_SecCertificateRequestGetData -_SecCertificateReleaseFirstFieldValue -_SecCertificateSetPreference -_SecCertificateSetPreferred -_SecCertificateVersion -_SecCertificateXPCArrayCopyArray -_kSecCertificateProductionEscrowKey -_kSecCertificateProductionPCSEscrowKey -_kSecCertificateEscrowFileName -_SecCopyEncryptedToServer -_SecCopyEncryptedToServerKey -_SecCopyDecryptedForServer -_SecCopyErrorMessageString -_SecDigestCreate -_SecDigestGetData -_SecSHA256DigestCreateFromData -_SecDistinguishedNameCopyNormalizedContent -_SecErrorGetOSStatus -_SecIdentityAddPreferenceItem -_SecIdentityCompare -_SecIdentityCopyCertificate -_SecIdentityCopyFromPreferenceItem -_SecIdentityCopyPreference -_SecIdentityCopyPreferred -_SecIdentityCopyPrivateKey -_SecIdentityCopySystemIdentity -_SecIdentityCreate -_SecIdentityCreateWithCertificate -_SecIdentityFindPreferenceItem -_SecIdentityGetTypeID -_SecIdentitySearchCopyNext -_SecIdentitySearchCreate -_SecIdentitySearchCreateWithAttributes -_SecIdentitySearchCreateWithPolicy -_SecIdentitySearchGetTypeID -_SecIdentitySetPreference -_SecIdentitySetPreferred -_SecIdentitySetSystemIdentity -_SecIdentityUpdatePreferenceItem -_SecInferLabelFromX509Name -_SecItemAdd -_SecItemCopyDisplayNames -_SecItemCopyMatching -_SecItemCopyParentCertificates -_SecItemCopyStoredCertificate -#if TARGET_OS_OSX -_SecItemCreateFromAttributeDictionary_osx -#endif -#if TARGET_OS_EMBEDDED -_SecCopyLastError -_SecItemUpdateWithError -#endif -#if TARGET_OS_MAC -_SecItemAdd_ios -_SecItemCopyMatching_ios -_SecItemDelete_ios -_SecItemUpdate_ios -#endif -_SecItemDelete -_SecItemUpdate -_SecItemUpdateTokenItems -_SecItemDeleteAllWithAccessGroups -__SecItemGetPersistentReference -__SecItemMakePersistentRef -__SecItemParsePersistentRef -_kSecAttrKeyTypeRSA -_kSecAttrKeyTypeDSA -_kSecAttrKeyTypeAES -_kSecAttrKeyTypeDES -_kSecAttrKeyType3DES -_kSecAttrKeyTypeRC4 -_kSecAttrKeyTypeRC2 -_kSecAttrKeyTypeCAST -_kSecAttrKeyTypeECDSA -_kSecAttrKeyTypeEC -_kSecAttrKeyTypeECSECPrimeRandom -_kSecAttrPRF -_kSecAttrPRFHmacAlgSHA1 -_kSecAttrPRFHmacAlgSHA224 -_kSecAttrPRFHmacAlgSHA256 -_kSecAttrPRFHmacAlgSHA384 -_kSecAttrPRFHmacAlgSHA512 -_kSecAttrSalt -_kSecAttrRounds -_SecECKeyGetNamedCurve -_SecItemExport -_SecItemImport -_CreatePrivateKeyMatchingQuery -_SecKeyCopyAttestationKey -_SecKeyCopyAttributes -_SecKeyCopyExponent -_SecKeyCopyExternalRepresentation -_SecKeyCopyKeyExchangeResult -_SecKeyCopyPersistentRef -_SecKeyCopyPublicBytes -_SecKeyCopyPublicKey -_SecKeyCopyMatchingPrivateKey -_SecKeyCopyModulus -_SecKeyCreate -_SecKeyCreateAttestation -_SecKeyCreateDecryptedData -_SecKeyCreateDuplicate -_SecKeyCreateEncryptedData -_SecKeyCreateFromAttributeDictionary -_SecKeyCreateFromPublicBytes -_SecKeyCreateFromSubjectPublicKeyInfoData -_SecKeyCreatePair -_SecKeyCreatePersistentRefToMatchingPrivateKey -_SecKeyCreateRSAPublicKey -_SecKeyCreateRandomKey -_SecKeyCreateSignature -_SecKeyCreateWithCSSMKey -_SecKeyCreateWithData -_SecKeyDecrypt -_SecKeyDigestAndVerify -_SecKeyEncrypt -_SecKeyGenerate -_SecKeyGeneratePair -_SecKeyGetAlgorithmID -_SecKeyGetAlgorithmId -_SecKeyGetBlockSize -_SecKeyGetCSPHandle -_SecKeyGetCSSMKey -_SecKeyGetCredentials -_SecKeyGetMatchingPrivateKeyStatus -_SecKeyGetSize -_SecKeyGetStrengthInBits -_SecKeyGetTypeID -_SecKeyImportPair -_SecKeyIsAlgorithmSupported -_SecKeyRawSign -_SecKeyRawVerify -_SecKeySetParameter -_SecKeySignDigest -_SecKeyVerifyDigest -_SecKeyVerifySignature -_SecKeyGenerateSymmetric -_SecKeyCreateFromData -_SecKeyCreateFromPublicData -_SecKeyRawVerifyOSX -_SecKeyGeneratePairAsync -_SecKeyDeriveFromPassword -_SecKeyWrapSymmetric -_SecKeyUnwrapSymmetric -_SecKeychainAddCallback -_SecKeychainAddDBToKeychainList -_SecKeychainAddGenericPassword -_SecKeychainAddIToolsPassword -_SecKeychainAddInternetPassword -_SecKeychainAttributeInfoForItemID -_SecKeychainAttemptMigrationWithMasterKey -_SecKeychainChangePassword -_SecKeychainCopyAccess -_SecKeychainCopyBlob -_SecKeychainCopyDefault -_SecKeychainCopyDomainDefault -_SecKeychainCopyDomainSearchList -_SecKeychainCopyLogin -_SecKeychainCopySearchList -_SecKeychainCopySettings -_SecKeychainCopySignature -_SecKeychainCreate -_SecKeychainCreateNew -_SecKeychainCreateWithBlob -_SecKeychainDBIsInKeychainList -_SecKeychainDelete -_SecKeychainErrFromOSStatus -_SecKeychainFindGenericPassword -_SecKeychainFindInternetPassword -_SecKeychainFreeAttributeInfo -_SecKeychainGetCSPHandle -_SecKeychainGetDLDBHandle -_SecKeychainGetPath -_SecKeychainGetPreferenceDomain -_SecKeychainGetStatus -_SecKeychainGetTypeID -_SecKeychainGetUserInteractionAllowed -_SecKeychainGetVersion -_SecKeychainGetKeychainVersion -_SecKeychainGetUserPromptAttempts -_SecKeychainMDSInstall -_SecKeychainIsValid -_SecKeychainItemAdd -_SecKeychainItemAddNoUI -_SecKeychainItemCopyAccess -_SecKeychainItemCopyAllExtendedAttributes -_SecKeychainItemCopyAttributesAndData -_SecKeychainItemCopyAttributesAndEncryptedData -_SecKeychainItemCopyContent -_SecKeychainItemCopyExtendedAttribute -_SecKeychainItemCopyFromRecordIdentifier -_SecKeychainItemCopyKeychain -_SecKeychainItemCopyFromPersistentReference -_SecKeychainItemCopyRecordIdentifier -_SecKeychainItemCreateCopy -_SecKeychainItemCreateFromContent -_SecKeychainItemCreateFromEncryptedContent -_SecKeychainItemCreateNew -_SecKeychainItemCreatePersistentReference -_SecKeychainItemDelete -_SecKeychainItemFindFirst -_SecKeychainItemFreeAttributesAndData -_SecKeychainItemFreeContent -_SecKeychainItemGetAttribute -_SecKeychainItemGetDLDBHandle -_SecKeychainItemGetData -_SecKeychainItemGetTypeID -_SecKeychainItemGetUniqueRecordID -_SecKeychainItemExport -_SecKeychainItemImport -_SecKeychainItemModifyAttributesAndData -_SecKeychainItemModifyEncryptedData -_SecKeychainItemModifyContent -_SecKeychainItemSetAccess -_SecKeychainItemSetAccessWithPassword -_SecKeychainItemSetAttribute -_SecKeychainItemSetData -_SecKeychainItemSetExtendedAttribute -_SecKeychainItemUpdate -_SecKeychainListCopyKeychainAtIndex -_SecKeychainListGetCount -_SecKeychainListRemoveKeychain -_SecKeychainLock -_SecKeychainLockAll -_SecKeychainLogin -_SecKeychainStash -_SecKeychainLogout -_SecKeychainMakeFromFullPath -_SecKeychainOpen -_SecKeychainOpenWithGuid -_SecKeychainRecodeKeychain -_SecKeychainRemoveCallback -_SecKeychainRemoveDBFromKeychainList -_SecKeychainRemoveFromSearchList -_SecKeychainResetLogin -_SecKeychainSearchCopyNext -_SecKeychainSearchCreateForCertificateByEmail -_SecKeychainSearchCreateForCertificateByIssuerAndSN -_SecKeychainSearchCreateForCertificateBySubjectKeyID -_SecKeychainSearchCreateFromAttributes -_SecKeychainSearchCreateFromAttributesExtended -_SecKeychainSearchGetTypeID -_SecKeychainSetAccess -_SecKeychainSetDefault -_SecKeychainSetDomainDefault -_SecKeychainSetDomainSearchList -_SecKeychainSetPreferenceDomain -_SecKeychainSetSearchList -_SecKeychainSetServerMode -_SecKeychainSetSettings -_SecKeychainSetUserInteractionAllowed -_SecKeychainSystemKeychainCheckWouldDeadlock -_SecKeychainStoreUnlockKey -__SecKeychainSyncUpdateMessage -_SecKeychainUnlock -_SecKeychainVerifyKeyStorePassphrase -_SecKeychainChangeKeyStorePassphrase -_SecKeychainStoreUnlockKeyWithPubKeyHash -_SecKeychainEraseUnlockKeyWithPubKeyHash -_SecGenericPasswordCreate -_SecPasswordSetInitialAccess -_SecPasswordAction -_SecPKCS12Import -_SecPolicyCheckCertEAPTrustedServerNames -_SecPolicyCheckCertEmail -_SecPolicyCheckCertExtendedKeyUsage -_SecPolicyCheckCertLeafMarkerOid -_SecPolicyCheckCertLeafMarkerOidWithoutValueCheck -_SecPolicyCheckCertKeyUsage -_SecPolicyCheckCertNotValidBefore -_SecPolicyCheckCertSignatureHashAlgorithms -_SecPolicyCheckCertSSLHostname -_SecPolicyCheckCertSubjectCommonName -_SecPolicyCheckCertSubjectCommonNamePrefix -_SecPolicyCheckCertSubjectCommonNameTEST -_SecPolicyCheckCertSubjectOrganization -_SecPolicyCheckCertSubjectOrganizationalUnit -_SecPolicyCopyProperties -_SecPolicyCreate -_SecPolicyCreateAppleAST2Service -_SecPolicyCreateAppleATVVPNProfileSigning -_SecPolicyCreateAppleCompatibilityEscrowProxyService -_SecPolicyCreateAppleCompatibilityMMCSService -_SecPolicyCreateAppleEscrowProxyService -_SecPolicyCreateAppleExternalDeveloper -_SecPolicyCreateAppleFMiPService -_SecPolicyCreateAppleGSService -_SecPolicyCreateAppleHomeKitServerAuth -_SecPolicyCreateAppleIDAuthorityPolicy -_SecPolicyCreateAppleIDSService -_SecPolicyCreateAppleIDSServiceContext -_SecPolicyCreateAppleIDValidationRecordSigningPolicy -_SecPolicyCreateAppleMMCSService -_SecPolicyCreateApplePackageSigning -_SecPolicyCreateApplePayIssuerEncryption -_SecPolicyCreateApplePinned -_SecPolicyCreateApplePPQService -_SecPolicyCreateApplePPQSigning -_SecPolicyCreateApplePushService -_SecPolicyCreateApplePushServiceLegacy -_SecPolicyCreateAppleSecureIOStaticAsset -_SecPolicyCreateAppleSMPEncryption -_SecPolicyCreateAppleSoftwareSigning -_SecPolicyCreateAppleSSLPinned -_SecPolicyCreateAppleSSLService -_SecPolicyCreateAppleTimeStamping -_SecPolicyCreateAppleTVOSApplicationSigning -_SecPolicyCreateAppleWarsaw -_SecPolicyCreateBasicX509 -_SecPolicyCreateCodeSigning -_SecPolicyCreateConfigurationProfileSigner -_SecPolicyCreateEAP -_SecPolicyCreateEscrowServiceSigner -_SecPolicyCreateFactoryDeviceCertificate -_SecPolicyCreateiAP -_SecPolicyCreateiPhoneActivation -_SecPolicyCreateiPhoneApplicationSigning -_SecPolicyCreateiPhoneDeviceCertificate -_SecPolicyCreateiPhoneProfileApplicationSigning -_SecPolicyCreateiPhoneProvisioningProfileSigning -_SecPolicyCreateIPSec -_SecPolicyCreateiTunesStoreURLBag -_SecPolicyCreateLockdownPairing -_SecPolicyCreateMacAppStoreReceipt -_SecPolicyCreateMobileAsset -_SecPolicyCreateMobileStoreSigner -_SecPolicyCreateOCSPSigner -_SecPolicyCreateOSXProvisioningProfileSigning -_SecPolicyCreateOTAPKISigner -_SecPolicyCreateOTATasking -_SecPolicyCreatePassbookCardSigner -_SecPolicyCreatePCSEscrowServiceSigner -_SecPolicyCreateQAConfigurationProfileSigner -_SecPolicyCreateRevocation -_SecPolicyCreateSSL -_SecPolicyCreateSMIME -_SecPolicyCreateTestApplePPQSigning -_SecPolicyCreateTestAppleSMPEncryption -_SecPolicyCreateTestMobileStoreSigner -_SecPolicyCreateTestOTAPKISigner -_SecPolicyCreateAppleUniqueDeviceCertificate -_SecPolicyCreateURLBag -_SecPolicyCreateWithProperties -_SecPolicyGetName -_SecPolicyGetOidString -_SecPolicyGetTypeID -_SecPolicyXPCArrayCopyArray -#if TARGET_OS_MAC && !TARGET_OS_IPHONE -_SecPolicyCopy -_SecPolicyCopyAll -_SecPolicyCreateAppleTimeStampingAndRevocationPolicies -_SecPolicyCreateItemImplInstance -_SecPolicyCreateWithOID -_SecPolicyGetOID -_SecPolicyGetStringForOID -_SecPolicyGetTPHandle -_SecPolicyGetValue -_SecPolicySearchCopyNext -_SecPolicySearchCreate -_SecPolicySearchGetTypeID -_SecPolicySetProperties -_SecPolicySetValue -#endif -_SecTrustCopyCustomAnchorCertificates -_SecTrustCopyDetailedPropertiesAtIndex -_SecTrustCopyExceptions -_SecTrustCopyFailureDescription -_SecTrustCopyInfo -_SecTrustCopyPolicies -_SecTrustCopyProperties -_SecTrustCopyPublicKey -_SecTrustCopyResult -_SecTrustCopySummaryPropertiesAtIndex -_SecTrustCreateWithCertificates -_SecTrustDeserialize -_SecTrustEvaluate -_SecTrustEvaluateAsync -_SecTrustEvaluateLeafOnly -_SecTrustGetCertificateAtIndex -_SecTrustGetCertificateCount -_SecTrustGetDetails -_SecTrustGetKeychainsAllowed -_SecTrustGetNetworkFetchAllowed -_SecTrustGetOTAPKIAssetVersionNumber -_SecTrustGetTrustResult -_SecTrustGetTypeID -_SecTrustGetVerifyTime -_SecTrustOTAPKIGetUpdatedAsset -_SecTrustSerialize -_SecTrustSetAnchorCertificates -_SecTrustSetAnchorCertificatesOnly -_SecTrustSetExceptions -_SecTrustSetKeychainsAllowed -_SecTrustSetNetworkFetchAllowed -_SecTrustSetOCSPResponse -_SecTrustSetPolicies -_SecTrustSetSignedCertificateTimestamps -_SecTrustSetTrustedLogs -_SecTrustSetVerifyDate -#if TARGET_OS_MAC && !TARGET_OS_IPHONE -_SecTrustCopyAnchorCertificates -_SecTrustCopyExtendedResult -_SecTrustCopyProperties_ios -_SecTrustGetCSSMAnchorCertificates -_SecTrustGetCssmResult -_SecTrustGetCssmResultCode -_SecTrustGetResult -_SecTrustGetTPHandle -_SecTrustGetUserTrust -_SecTrustLegacySourcesEventRunloopCreate -_SecTrustLegacyCRLFetch -_SecTrustLegacyCRLStatus -_SecTrustSetKeychains -_SecTrustSetOptions -_SecTrustSetParameters -_SecTrustSetUserTrust -_SecTrustSetUserTrustLegacy -#endif -_SecTrustedApplicationCopyData -_SecTrustedApplicationCreateFromPath -_SecTrustedApplicationCreateApplicationGroup -_SecTrustedApplicationGetTypeID -_SecTrustedApplicationIsUpdateCandidate -_SecTrustedApplicationMakeEquivalent -_SecTrustedApplicationRemoveEquivalence -_SecTrustedApplicationSetData -_SecTrustedApplicationUseAlternateSystem -_SecTrustedApplicationValidateWithPath -_SecTrustedApplicationCreateFromRequirement -_SecTrustedApplicationCopyExternalRepresentation -_SecTrustedApplicationCreateWithExternalRepresentation -_SecTrustedApplicationCopyRequirement -_SecTrustSettingsEvaluateCert -_SecTrustSettingsCopyTrustSettings -_SecTrustSettingsSetTrustSettings -_SecTrustSettingsRemoveTrustSettings -_SecTrustSettingsCopyCertificates -_SecTrustSettingsCopyCertificatesForUserAdminDomains -_SecTrustSettingsCopyModificationDate -_SecTrustSettingsCreateExternalRepresentation -_SecTrustSettingsImportExternalRepresentation -_SecTrustSettingsSetTrustSettingsExternal -_SecTrustSettingsCopyQualifiedCerts -_SecTrustSettingsCopyUnrestrictedRoots -_SecKeychainSetBatchMode -_SecCertificateGetAuthorityKeyID -_SecCertificateGetSubjectKeyID -_SecCertificateGetCRLDistributionPoints -_SecCertificateGetOCSPResponders -_SecCertificateGetCAIssuers -_SecCertificateShow -_SecCertificateCreateOidDataFromString -_SecCertificateCopyIssuerSequence -_SecCertificateCopySubjectSequence -_SecCertificateGetNormalizedIssuerContent -_SecCertificateGetNormalizedSubjectContent -_SecCertificateHasSubject -_SecCertificateHasCriticalSubjectAltName -_SecCertificateHasUnknownCriticalExtension -_SecCertificateIsOidString -_SecCertificateIsValid -_SecCertificateIsValidX -_SecCertificateNotValidBefore -_SecCertificateNotValidAfter -_SecCertificateCopyAttributeDictionary -_SecCertificateCreateFromAttributeDictionary -_SecCertificateCopyPublicKeyP -_SecCertificateGetBasicConstraints -_SecCertificateGetPolicyConstraints -_SecCertificateGetPolicyMappings -_SecCertificateGetCertificatePolicies -_SecCertificateGetiAuthVersion -_SecCertificateGetInhibitAnyPolicySkipCerts -_SecCertificateGetPublicKeyAlgorithm -_SecCertificateGetPublicKeyData -_SecCertificateCreateWithPEM -_SecCertificateCopySerialNumber -_SecCertificateCopyNormalizedIssuerContent -_SecCertificateCopyNormalizedSubjectContent -_SecCertificateCopyProperties -_SecDERItemCopyOIDDecimalRepresentation -_SecAbsoluteTimeFromDateContent -_SecWrapRecoveryPasswordWithAnswers -_SecUnwrapRecoveryPasswordWithAnswers -_SecCreateRecoveryPassword -_kSecRecVersionNumber -_kSecRecQuestions -_kSecRecLocale -_kSecRecIV -_kSecRecWrappedPassword -_SecFDERecoveryWrapCRSKWithPubKey -_SecFDERecoveryUnwrapCRSKWithPrivKey -_SecKeychainSearchCreateForCertificateByIssuerAndSN_CF -_SecRandomCopyBytes -_SecRandomCopyData -__SecKeychainCopyBackup -__SecKeychainCopyOTABackup -__SecKeychainRestoreBackup -__SecKeychainSyncUpdateMessage -__SecKeychainBackupSyncable -__SecKeychainRestoreSyncable -__SecKeychainWriteBackupToFileDescriptor -__SecKeychainRestoreBackupFromFileDescriptor -__SecKeychainCopyKeybagUUIDFromFileDescriptor -_SecItemBackupWithRegisteredBackups -_SecItemBackupSetConfirmedManifest -_SecItemBackupRestore -_SecItemBackupCopyMatching -_SecItemBackupWithChanges -__SecSecuritydCopyWhoAmI -__SecSyncBubbleTransfer -__SecSystemKeychainTransfer -__SecSyncDeleteUserViews -_SecOTRFullIdentityCreateFromSecKeyRef -_SecOTRPublicIdentityCreateFromSecKeyRef -_SecOTRSAppendRestartPacket -_SecOTRSAppendSerialization -_SecOTRSAppendStartPacket -_SecOTRSessionCreateFromData -_SecOTRSessionCreateFromID -_SecOTRSessionCreateFromIDAndFlags -_SecOTRSessionReset -_SecOTRSGetIsIdle -_SecOTRSGetIsReadyForMessages -_SecOTRSGetMessageKind -_SecOTRSIsForKeys -_SecOTRSProcessPacket -_SecOTRSSignAndProtectMessage -_SecOTRSVerifyAndExposeMessage -__SecTokenItemCopyValueData - -// -// libsecurity_manifest -// -_SecManifestGetVersion -_SecManifestCompare -_SecManifestCreate -_SecManifestRelease -_SecManifestVerifySignature -_SecManifestVerifySignatureWithPolicy -_SecManifestCreateSignature -_SecManifestAddObject -_SecManifestAddSigner -_SecureDownloadCreateWithTicket -_SecureDownloadUpdateWithData -_SecureDownloadFinished -_SecureDownloadRelease -_SecureDownloadCopyName -_SecureDownloadCopyURLs -_SecureDownloadCopyCreationDate -_SecureDownloadGetDownloadSize -__SecureDownloadCreateTicketXML -_SecureDownloadCopyTicketLocation - -// -// libsecurity_mds -// -_MDS_Initialize -_MDS_Install -_MDS_Terminate -_MDS_Uninstall -_MDS_InstallFile -_MDS_RemoveSubservice - -// -// libsecurity_smime -// -_kSecCMSSignDigest -_kSecCMSSignDetached -_kSecCMSSignHashAlgorithm -_kSecCMSCertChainMode -_kSecCMSAdditionalCerts -_kSecCMSSignedAttributes -_kSecCMSSignDate -_kSecCMSAllCerts -_kSecCMSHashingAlgorithmSHA1 -_kSecCMSHashingAlgorithmSHA256 -_kSecCMSHashingAlgorithmSHA384 -_kSecCMSHashingAlgorithmSHA512 -_SecArenaPoolCreate -_SecArenaPoolFree -_SecCmsContentInfoGetBulkKey -_SecCmsContentInfoGetBulkKeySize -_SecCmsContentInfoGetChildContentInfo -_SecCmsContentInfoGetContent -_SecCmsContentInfoGetContentEncAlg -_SecCmsContentInfoGetContentEncAlgTag -_SecCmsContentInfoGetContentTypeOID -_SecCmsContentInfoGetContentTypeTag -_SecCmsContentInfoGetInnerContent -_SecCmsContentInfoSetBulkKey -_SecCmsContentInfoSetContentData -_SecCmsContentInfoSetContentDigestedData -_SecCmsContentInfoSetContentEncAlg -_SecCmsContentInfoSetContentEncAlgID -_SecCmsContentInfoSetContentEncryptedData -_SecCmsContentInfoSetContentEnvelopedData -_SecCmsContentInfoSetContentSignedData -_SecCmsContentInfoSetContentOther -_SecCMSCreateSignedData -_SecCmsDecoderCreate -_SecCmsDecoderDestroy -_SecCmsDecoderFinish -_SecCmsDecoderUpdate -_SecCmsDigestContextCancel -_SecCmsDigestContextFinishMultiple -_SecCmsDigestContextStartMultiple -_SecCmsDigestContextUpdate -_SecCmsDigestedDataCreate -_SecCmsDigestedDataDestroy -_SecCmsDigestedDataGetContentInfo -_SecCmsEncoderCreate -_SecCmsEncoderDestroy -_SecCmsEncoderFinish -_SecCmsEncoderUpdate -_SecCmsEncryptedDataCreate -_SecCmsEncryptedDataDestroy -_SecCmsEncryptedDataGetContentInfo -_SecCmsEnvelopedDataAddRecipient -_SecCmsEnvelopedDataCreate -_SecCmsEnvelopedDataDestroy -_SecCmsEnvelopedDataGetContentInfo -_SecCmsMessageContainsCertsOrCrls -_SecCmsMessageContentLevel -_SecCmsMessageContentLevelCount -_SecCmsMessageCopy -_SecCmsMessageCreate -_SecCmsMessageDecode -_SecCmsMessageDestroy -_SecCmsMessageEncode -_SecCmsMessageGetArena -_SecCmsMessageGetContent -_SecCmsMessageGetContentInfo -_SecCmsMessageIsContentEmpty -_SecCmsMessageIsEncrypted -_SecCmsMessageIsSigned -_SecCmsMessageContainsTSTInfo -_SecCmsMessageSetTSACallback -_SecCmsMessageSetTSAContext -_SecCmsTSAGetDefaultContext -_SecCmsTSADefaultCallback -_SecTSAResponseCopyDEREncoding -_kTSAContextKeyURL -_kTSAContextKeyNoCerts -_kTSADebugContextKeyBadReq -_kTSADebugContextKeyBadNonce -_SecCmsRecipientInfoCreate -_SecCmsRecipientInfoCreateWithSubjKeyID -_SecCmsRecipientInfoCreateWithSubjKeyIDFromCert -_SecCmsRecipientInfoDestroy -_SecCmsSignedDataAddCertChain -_SecCmsSignedDataAddCertList -_SecCmsSignedDataAddCertificate -_SecCmsSignedDataAddSignerInfo -_SecCmsSignedDataContainsCertsOrCrls -_SecCmsSignedDataCreate -_SecCmsSignedDataCreateCertsOnly -_SecCmsSignedDataDestroy -_SecCmsSignedDataGetCertificateList -_SecCmsSignedDataGetContentInfo -_SecCmsSignedDataGetDigestAlgs -_SecCmsSignedDataGetSignerInfo -_SecCmsSignedDataGetSignerInfos -_SecCmsSignedDataHasDigests -_SecCmsSignedDataImportCerts -_SecCmsSignedDataSetDigests -_SecCmsSignedDataSignerInfoCount -_SecCmsSignedDataVerifyCertsOnly -_SecCmsSignedDataVerifySignerInfo -_SecCmsSignerInfoAddCounterSignature -_SecCmsSignerInfoAddMSSMIMEEncKeyPrefs -_SecCmsSignerInfoAddSMIMECaps -_SecCmsSignerInfoAddSMIMEEncKeyPrefs -_SecCmsSignerInfoAddSigningTime -_SecCmsSignerInfoAddAppleCodesigningHashAgility -_SecCmsSignerInfoCreate -_SecCmsSignerInfoCreateWithSubjKeyID -_SecCmsSignerInfoDestroy -_SecCmsSignerInfoGetCertList -_SecCmsSignerInfoGetDigestAlg -_SecCmsSignerInfoGetDigestAlgTag -_SecCmsSignerInfoGetSignerCommonName -_SecCmsSignerInfoGetSignerEmailAddress -_SecCmsSignerInfoGetSigningCertificate -_SecCmsSignerInfoGetSigningTime -_SecCmsSignerInfoGetTimestampTime -_SecCmsSignerInfoGetAppleCodesigningHashAgility -_SecCmsSignerInfoGetVerificationStatus -_SecCmsSignerInfoGetEncDigest -_SecCmsSignerInfoIncludeCerts -_SecCmsSignerInfoSaveSMIMEProfile -_SecCmsUtilVerificationStatusToString -_SecSMIMEFindBulkAlgForRecipients -_SecCMSCertificatesOnlyMessageCopyCertificates -_SecCMSCreateCertificatesOnlyMessage -_SecCMSCreateCertificatesOnlyMessageIAP -_SecCMSVerify -_SecCMSVerifyCopyDataAndAttributes -_SecCMSVerifySignedData - -// -// libsecurity_ssl -// -_SSLAddDistinguishedName -_SSLClose -_SSLContextGetTypeID -_SSLCreateContext -_SSLCreateContextWithRecordFuncs -_SSLDisposeContext -_SSLGetAllowsAnyRoot -_SSLGetAllowsExpiredCerts -_SSLGetAllowsExpiredRoots -_SSLGetBufferedReadSize -_SSLGetClientCertificateState -_SSLGetClientSideAuthenticate -_SSLGetConnection -_SSLGetDiffieHellmanParams -_SSLGetEnableCertVerify -_SSLGetEnabledCiphers -_SSLGetNegotiatedCipher -_SSLGetNegotiatedProtocolVersion -_SSLGetNumberEnabledCiphers -_SSLGetNumberSupportedCiphers -_SSLGetPeerCertificates -_SSLCopyPeerCertificates -_SSLCopyPeerTrust -_SSLGetPeerDomainName -_SSLGetPeerDomainNameLength -_SSLGetPeerID -_SSLGetPeerSecTrust -_SSLGetProtocolVersion -_SSLGetProtocolVersionEnabled -_SSLGetProtocolVersionMax -_SSLGetProtocolVersionMin -_SSLGetResumableSessionInfo -_SSLGetRsaBlinding -_SSLGetSessionOption -_SSLGetSessionState -_SSLGetSupportedCiphers -_SSLCopyTrustedRoots -_SSLSetTrustedLeafCertificates -_SSLCopyTrustedLeafCertificates -_SSLHandshake -_SSLInternalClientRandom -_SSLInternalMasterSecret -_SSLInternalServerRandom -_SSLGetCipherSizes -_SSLInternal_PRF -_SSLNewContext -_SSLRead -_SSLReHandshake -_SSLSetAllowsAnyRoot -_SSLSetAllowsExpiredCerts -_SSLSetAllowsExpiredRoots -_SSLSetCertificate -_SSLGetCertificate -_SSLSetClientSideAuthenticate -_SSLSetConnection -_SSLSetDatagramHelloCookie -_SSLSetMaxDatagramRecordSize -_SSLGetMaxDatagramRecordSize -_SSLSetDiffieHellmanParams -_SSLSetEnableCertVerify -_SSLSetEnabledCiphers -_SSLSetEncryptionCertificate -_SSLGetEncryptionCertificate -_SSLSetIOFuncs -_SSLSetPeerDomainName -_SSLSetPeerID -_SSLSetProtocolVersion -_SSLSetProtocolVersionEnabled -_SSLSetProtocolVersionMax -_SSLSetProtocolVersionMin -_SSLSetRecordContext -_SSLSetRsaBlinding -_SSLSetTrustedRoots -_SSLWrite -_SSLSetNPNFunc -_SSLSetNPNData -_SSLGetNPNData -_SSLSetALPNData -_SSLSetALPNFunc -_SSLGetALPNData -_SSLCopyRequestedPeerName -_SSLCopyRequestedPeerNameLength -_SSLSetSessionCacheTimeout -_SSLSetSessionOption -_SSLInternalSetMasterSecretFunction -_SSLInternalSetSessionTicket -_SSLSetAllowAnonymousCiphers -_SSLGetAllowAnonymousCiphers -_SSLCopyDistinguishedNames -_SSLSetCertificateAuthorities -_SSLCopyCertificateAuthorities -_SSLGetNegotiatedCurve -_SSLGetNumberOfECDSACurves -_SSLGetECDSACurves -_SSLSetECDSACurves -_SSLGetNumberOfClientAuthTypes -_SSLGetClientAuthTypes -_SSLGetNegotiatedClientAuthType -_SSLGetNumberOfSignatureAlgorithms -_SSLGetSignatureAlgorithms -_SSLNewDatagramContext -_SSLGetDatagramWriteSize -_SSLSetPSKSharedSecret -_SSLSetPSKIdentity -_SSLSetMinimumDHGroupSize -_SSLGetMinimumDHGroupSize -_SSLSetDHEEnabled -_SSLGetDHEEnabled -_SSLSetSessionConfig - -_kSSLSessionConfig_default -_kSSLSessionConfig_ATSv1 -_kSSLSessionConfig_ATSv1_noPFS -_kSSLSessionConfig_legacy -_kSSLSessionConfig_standard -_kSSLSessionConfig_RC4_fallback -_kSSLSessionConfig_TLSv1_fallback -_kSSLSessionConfig_TLSv1_RC4_fallback -_kSSLSessionConfig_3DES_fallback -_kSSLSessionConfig_TLSv1_3DES_fallback -_kSSLSessionConfig_legacy_DHE -_kSSLSessionConfig_anonymous - -// -// libsecurity_transform -// -_SecTransformCreateFromExternalRepresentation -_SecTransformCreateValidatorForCFtype -_SecTransformCopyExternalRepresentation -_SecTransformConnectTransforms -_SecTransformSetAttribute -_SecTransformGetAttribute -_SecTransformFindByName -_SecTransformExecute -_SecTransformExecuteAsync -_SecNullTransformCreate -_SecDigestTransformCreate -_SecCreateMaskGenerationFunctionTransform -_SecTransformCreate -_SecTransformRegister -_SecTransformNoData -_kSecDigestMD2 -_kSecDigestMD4 -_kSecDigestMD5 -_kSecDigestSHA1 -_kSecDigestSHA2 -_kSecDigestHMACSHA1 -_kSecDigestHMACMD5 -_kSecDigestHMACKeyAttribute -_kSecDigestHMACSHA2 -_SecExternalSourceTransformCreate -_SecExternalSourceSetValue -_kSecDecodeTypeAttribute -_CreateSecTransformErrorRef -_kSecTransformAbortOriginatorKey -_SecGroupTransformHasMember -_kSecDigestTypeAttribute -_kSecDigestLengthAttribute -_kSecOAEPEncodingParametersAttributeName -_kSecTransformInputAttributeName -_kSecTransformDebugAttributeName -_kSecTransformOutputAttributeName -_kSecTransformTransformName -_kSecTransformAbortAttributeName -_kSecPaddingNoneKey -_kSecPaddingPKCS1Key -_kSecPaddingPKCS5Key -_kSecPaddingPKCS7Key -_kSecPaddingOAEPKey -_kSecModeNoneKey -_kSecModeECBKey -_kSecModeCBCKey -_kSecModeCFBKey -_kSecModeOFBKey -_kSecEncryptKey -_kSecPaddingKey -_kSecIVKey -_kSecEncryptionMode -_SecEncryptTransformCreate -_SecDecryptTransformCreate -_SecDecodeTransformCreate -_SecEncodeTransformCreate -_SecSignTransformCreate -_SecVerifyTransformCreate -_kSecBase32Encoding -_kSecBase64Encoding -_kSecZLibEncoding -_kSecEncodeLineLengthAttribute -_kSecEncodeTypeAttribute -_kSecCompressionRatio -_kSecKeyAttributeName -_kSecSignatureAttributeName -_kSecInputIsAttributeName -_kSecInputIsPlainText -_kSecInputIsDigest -_kSecInputIsRaw -_kSecTransformActionCanExecute -_kSecTransformActionStartingExecution -_kSecTransformActionFinalize -_kSecTransformActionProcessData -_SecTransformSetAttributeAction -_SecGroupTransformFindLastTransform -_SecGroupTransformFindMonitor -_SecTransformDisconnectTransforms -_SecTransformDotForDebugging -_SecCreateCollectTransform -_SecTransformGetTypeID -_SecGroupTransformGetTypeID -_SecTransformCreateGroupTransform -_SecTransformSetDataAction -_SecTransformSetTransformAction -_SecTranformCustomGetAttribute -_SecTransformCustomSetAttribute -_SecTransformPushbackAttribute -_kSecTransformActionExternalizeExtraData -_kSecTransformActionInternalizeExtraData -_kSecTransformActionAttributeNotification -_kSecTransformActionAttributeValidation -_kSecTransformErrorDomain -_kSecTransformPreviousErrorKey -_SecTransformCreateReadTransformWithReadStream -_kSecLineLength64 -_kSecLineLength76 -_SecKeyCreatePublicFromPrivate - -// -// libsecurity_utilities -// -_secdebug_internal -_secdebugfunc_internal -#ifdef TARGET_OS_OSX -_weak_os_log_impl -_weak_os_log_create -_weak_os_log_type_enabled -_logObjForScope -#endif - -// -// utilities -// -_readFileSizet -_writeFileSizet - -// -// libSecureObjectSync -// -#include "Security/SecureObjectSync/SOSExports.exp-in" - -// sec/Security -_SecFrameworkCopyLocalizedString -_SecPasswordCopyDefaultPasswordLength -_SecPasswordGenerate -_SecPasswordIsPasswordWeak -_SecPasswordIsPasswordWeak2 -_SecPasswordCreateWithRandomDigits -_kSecPasswordDefaultForType -_kSecPasswordMinLengthKey -_kSecPasswordMaxLengthKey -_kSecPasswordAllowedCharactersKey -_kSecPasswordRequiredCharactersKey -_kSecPasswordDisallowedCharacters -_kSecPasswordCantStartWithChars -_kSecPasswordCantEndWithChars -_kSecPasswordContainsNoMoreThanNSpecificCharacters -_kSecPasswordContainsAtLeastNSpecificCharacters -_kSecPasswordContainsNoMoreThanNConsecutiveIdenticalCharacters -_kSecPasswordCharacters -_kSecPasswordCharacterCount -_kSecPasswordGroupSize -_kSecPasswordNumberOfGroups -_kSecPasswordSeparator -_SecCFAllocatorZeroize - -// -// Logging -// - -_SecGetCurrentServerLoggingInfo -_SecSetLoggingInfoForXPCScope -_SecSetLoggingInfoForCircleScope - -// -// sec/Security SecAccessControl -// -#include "../sec/Security/SecAccessControlExports.exp-in" - -// SecDH -_SecDHComputeKey -_SecDHCreate -_SecDHCreateFromParameters -_SecDHDestroy -_SecDHGenerateKeypair -_SecDHGetMaxKeyLength -_SecDHDecodeParams -_SecDHEncodeParams - -_SecECKeyCopyPublicBits - -_sSecDERErrorDomain -_der_sizeof_plist -_der_encode_plist -_der_decode_plist -_CFPropertyListCreateDERData -_CFPropertyListCreateWithDERData - -//breadcrumb -_SecBreadcrumbCreateFromPassword -_SecBreadcrumbCopyPassword -_SecBreadcrumbCreateNewEncryptedKey - -// gate keeper logging - -_GKBIS_DS_Store_Present -_GKBIS_Dot_underbar_Present -_GKBIS_Num_localizations -_GKBIS_Num_files -_GKBIS_Num_dirs -_GKBIS_Num_symlinks - -// -// libDER OIDs -// -_oidRsa -_oidMd2Rsa -_oidMd4Rsa -_oidMd5Rsa -_oidSha1Rsa -_oidSha256Rsa -_oidSha384Rsa -_oidSha512Rsa -_oidSha224Rsa -_oidEcPubKey -_oidSha1Ecdsa -_oidSha224Ecdsa -_oidSha256Ecdsa -_oidSha384Ecdsa -_oidSha512Ecdsa -_oidSha1Dsa -_oidMd2 -_oidMd4 -_oidMd5 -_oidSha1 -_oidSha1DsaOIW -_oidSha1DsaCommonOIW -_oidSha1RsaOIW -_oidSha256 -_oidSha384 -_oidSha512 -_oidSha224 -_oidFee -_oidMd5Fee -_oidSha1Fee -_oidSubjectKeyIdentifier -_oidKeyUsage -_oidPrivateKeyUsagePeriod -_oidSubjectAltName -_oidIssuerAltName -_oidBasicConstraints -_oidCrlDistributionPoints -_oidCertificatePolicies -_oidAnyPolicy -_oidPolicyMappings -_oidAuthorityKeyIdentifier -_oidPolicyConstraints -_oidExtendedKeyUsage -_oidAnyExtendedKeyUsage -_oidInhibitAnyPolicy -_oidAuthorityInfoAccess -_oidSubjectInfoAccess -_oidAdOCSP -_oidAdCAIssuer -_oidNetscapeCertType -_oidEntrustVersInfo -_oidMSNTPrincipalName -_oidQtCps -_oidQtUNotice -_oidCommonName -_oidCountryName -_oidLocalityName -_oidStateOrProvinceName -_oidOrganizationName -_oidOrganizationalUnitName -_oidDescription -_oidEmailAddress -_oidFriendlyName -_oidLocalKeyId -_oidExtendedKeyUsageServerAuth -_oidExtendedKeyUsageClientAuth -_oidExtendedKeyUsageCodeSigning -_oidExtendedKeyUsageEmailProtection -_oidExtendedKeyUsageOCSPSigning -_oidExtendedKeyUsageIPSec -_oidExtendedKeyUsageMicrosoftSGC -_oidExtendedKeyUsageNetscapeSGC -_oidGoogleEmbeddedSignedCertificateTimestamp -_oidGoogleOCSPSignedCertificateTimestamp - -// -// anchor-test SPIs -// -_SecIsAppleTrustAnchorData -_SecIsAppleTrustAnchor - -// -// libsecurity_translocate -// -_SecTranslocateStartListening -_SecTranslocateStartListeningWithOptions -_SecTranslocateCreateSecureDirectoryForURL -_SecTranslocateDeleteSecureDirectory -_SecTranslocateAppLaunchCheckin -_SecTranslocateURLShouldRunTranslocated -_SecTranslocateIsTranslocatedURL -_SecTranslocateCreateOriginalPathForURL - -_secLogDisable -_secLogEnable diff --git a/OSX/libsecurity_apple_csp/lib/AppleCSP.cpp b/OSX/libsecurity_apple_csp/lib/AppleCSP.cpp index 1d536c06..db9a4bee 100644 --- a/OSX/libsecurity_apple_csp/lib/AppleCSP.cpp +++ b/OSX/libsecurity_apple_csp/lib/AppleCSP.cpp @@ -106,7 +106,6 @@ PluginSession *AppleCSPPlugin::makeSession( upcalls); default: CssmError::throwMe(CSSMERR_CSSM_INVALID_SERVICE_MASK); - return 0; // placebo } } @@ -244,9 +243,6 @@ bool AppleCSPSession::setup( default: return false; } - /* NOT REACHED */ - return false; - } // diff --git a/OSX/libsecurity_apple_csp/lib/DH_keys.h b/OSX/libsecurity_apple_csp/lib/DH_keys.h index b6602116..70831dd3 100644 --- a/OSX/libsecurity_apple_csp/lib/DH_keys.h +++ b/OSX/libsecurity_apple_csp/lib/DH_keys.h @@ -27,7 +27,7 @@ #include #include "AppleCSPKeys.h" #include -#include +#include #include #include #include diff --git a/OSX/libsecurity_apple_csp/lib/DH_utils.cpp b/OSX/libsecurity_apple_csp/lib/DH_utils.cpp index 895e6dc0..aec4d18d 100644 --- a/OSX/libsecurity_apple_csp/lib/DH_utils.cpp +++ b/OSX/libsecurity_apple_csp/lib/DH_utils.cpp @@ -26,9 +26,9 @@ #include #include #include -#include -#include -#include +#include +#include +#include #define dhMiscDebug(args...) secinfo("dhMisc", ## args) diff --git a/OSX/libsecurity_apple_csp/lib/DH_utils.h b/OSX/libsecurity_apple_csp/lib/DH_utils.h index bdf10f6f..b2acc760 100644 --- a/OSX/libsecurity_apple_csp/lib/DH_utils.h +++ b/OSX/libsecurity_apple_csp/lib/DH_utils.h @@ -22,7 +22,7 @@ #ifndef _DH_UTILS_H_ #define _DH_UTILS_H_ -#include +#include #include #include diff --git a/OSX/libsecurity_apple_csp/lib/FEEKeys.cpp b/OSX/libsecurity_apple_csp/lib/FEEKeys.cpp index c4ab9826..e906bdf8 100644 --- a/OSX/libsecurity_apple_csp/lib/FEEKeys.cpp +++ b/OSX/libsecurity_apple_csp/lib/FEEKeys.cpp @@ -68,7 +68,7 @@ void CryptKit::FEEBinaryKey::generateKeyBlob( const CssmKey *paramKey, /* optional, unused here */ CSSM_KEYATTR_FLAGS &attrFlags) /* IN/OUT */ { - unsigned char *keyBlob; + unsigned char *keyBlob = NULL; unsigned len = 0; feeReturn frtn = FR_Internal; bool freeTheKey = false; diff --git a/OSX/libsecurity_apple_csp/lib/FEESignatureObject.cpp b/OSX/libsecurity_apple_csp/lib/FEESignatureObject.cpp index 6b868b7a..413b6cf1 100644 --- a/OSX/libsecurity_apple_csp/lib/FEESignatureObject.cpp +++ b/OSX/libsecurity_apple_csp/lib/FEESignatureObject.cpp @@ -113,7 +113,7 @@ void CryptKit::FEERawSigner::sign( { feeSig fsig; feeReturn frtn; - unsigned char *feeSig; + unsigned char *feeSig = NULL; unsigned feeSigLen=0; if(mFeeKey == NULL) { diff --git a/OSX/libsecurity_apple_csp/lib/RSA_DSA_csp.cpp b/OSX/libsecurity_apple_csp/lib/RSA_DSA_csp.cpp index 352fa6cb..e1768ffc 100644 --- a/OSX/libsecurity_apple_csp/lib/RSA_DSA_csp.cpp +++ b/OSX/libsecurity_apple_csp/lib/RSA_DSA_csp.cpp @@ -36,7 +36,7 @@ Allocator *RSA_DSA_Factory::normAllocator; Allocator *RSA_DSA_Factory::privAllocator; -/* normally found in crypto.h, which has way too much useless cruft....move these to +/* normally found in crypto_legacy.h, which has way too much useless cruft....move these to * a local header.... */ extern "C" { extern int CRYPTO_set_mem_functions( diff --git a/OSX/libsecurity_apple_csp/lib/RSA_DSA_keys.h b/OSX/libsecurity_apple_csp/lib/RSA_DSA_keys.h index dc24124c..f8284492 100644 --- a/OSX/libsecurity_apple_csp/lib/RSA_DSA_keys.h +++ b/OSX/libsecurity_apple_csp/lib/RSA_DSA_keys.h @@ -28,8 +28,8 @@ #include #include "AppleCSPKeys.h" #include -#include -#include +#include +#include #include #include diff --git a/OSX/libsecurity_apple_csp/lib/RSA_DSA_signature.h b/OSX/libsecurity_apple_csp/lib/RSA_DSA_signature.h index 6baf03f2..578064c0 100644 --- a/OSX/libsecurity_apple_csp/lib/RSA_DSA_signature.h +++ b/OSX/libsecurity_apple_csp/lib/RSA_DSA_signature.h @@ -23,8 +23,8 @@ #ifndef _RSA_DSA_SIGNATURE_H_ #define _RSA_DSA_SIGNATURE_H_ -#include -#include +#include +#include #include #include diff --git a/OSX/libsecurity_apple_csp/lib/RSA_DSA_utils.cpp b/OSX/libsecurity_apple_csp/lib/RSA_DSA_utils.cpp index 8b88333a..8fb48fd1 100644 --- a/OSX/libsecurity_apple_csp/lib/RSA_DSA_utils.cpp +++ b/OSX/libsecurity_apple_csp/lib/RSA_DSA_utils.cpp @@ -26,10 +26,10 @@ #include #include #include -#include -#include -#include -#include +#include +#include +#include +#include #include #include #include diff --git a/OSX/libsecurity_apple_csp/lib/RSA_DSA_utils.h b/OSX/libsecurity_apple_csp/lib/RSA_DSA_utils.h index 0ad0ca35..ee21d663 100644 --- a/OSX/libsecurity_apple_csp/lib/RSA_DSA_utils.h +++ b/OSX/libsecurity_apple_csp/lib/RSA_DSA_utils.h @@ -22,8 +22,8 @@ #ifndef _RSA_DSA_UTILS_H_ #define _RSA_DSA_UTILS_H_ -#include -#include +#include +#include #include #include diff --git a/OSX/libsecurity_apple_csp/lib/RSA_asymmetric.h b/OSX/libsecurity_apple_csp/lib/RSA_asymmetric.h index 92950baf..f66397e7 100644 --- a/OSX/libsecurity_apple_csp/lib/RSA_asymmetric.h +++ b/OSX/libsecurity_apple_csp/lib/RSA_asymmetric.h @@ -28,7 +28,7 @@ #include #include #include -#include +#include #define RSA_ASYM_PADDING_DEFAULT RSA_PKCS1_PADDING diff --git a/OSX/libsecurity_apple_csp/lib/bfContext.h b/OSX/libsecurity_apple_csp/lib/bfContext.h index 8d995ab3..46aa2186 100644 --- a/OSX/libsecurity_apple_csp/lib/bfContext.h +++ b/OSX/libsecurity_apple_csp/lib/bfContext.h @@ -26,7 +26,7 @@ #include "AppleCSPContext.h" #include "BlockCryptor.h" -#include +#include class BlowfishContext : public BlockCryptor { public: diff --git a/OSX/libsecurity_apple_csp/lib/cssmplugin.exp b/OSX/libsecurity_apple_csp/lib/cssmplugin.exp deleted file mode 100644 index f5046fbf..00000000 --- a/OSX/libsecurity_apple_csp/lib/cssmplugin.exp +++ /dev/null @@ -1,4 +0,0 @@ -_CSSM_SPI_ModuleLoad -_CSSM_SPI_ModuleAttach -_CSSM_SPI_ModuleDetach -_CSSM_SPI_ModuleUnload diff --git a/OSX/libsecurity_apple_csp/lib/opensshCoding.cpp b/OSX/libsecurity_apple_csp/lib/opensshCoding.cpp index e9f90ba3..126e3a80 100644 --- a/OSX/libsecurity_apple_csp/lib/opensshCoding.cpp +++ b/OSX/libsecurity_apple_csp/lib/opensshCoding.cpp @@ -29,8 +29,8 @@ #include "opensshCoding.h" #include -#include -#include +#include +#include #include #define SSH2_RSA_HEADER "ssh-rsa" diff --git a/OSX/libsecurity_apple_csp/lib/opensshCoding.h b/OSX/libsecurity_apple_csp/lib/opensshCoding.h index 246a487e..99360733 100644 --- a/OSX/libsecurity_apple_csp/lib/opensshCoding.h +++ b/OSX/libsecurity_apple_csp/lib/opensshCoding.h @@ -29,8 +29,8 @@ #ifndef _OPENSSH_CODING_H_ #define _OPENSSH_CODING_H_ -#include -#include +#include +#include #include #include #include diff --git a/OSX/libsecurity_apple_csp/lib/opensshWrap.cpp b/OSX/libsecurity_apple_csp/lib/opensshWrap.cpp index fba13d70..7378251c 100644 --- a/OSX/libsecurity_apple_csp/lib/opensshWrap.cpp +++ b/OSX/libsecurity_apple_csp/lib/opensshWrap.cpp @@ -35,8 +35,8 @@ #include "cspdebugging.h" #include #include -#include -#include +#include +#include #include static const char *authfile_id_string = "SSH PRIVATE KEY FILE FORMAT 1.1\n"; diff --git a/OSX/libsecurity_apple_csp/lib/pkcs12Derive.cpp b/OSX/libsecurity_apple_csp/lib/pkcs12Derive.cpp index 72ba60a9..6e0b4279 100644 --- a/OSX/libsecurity_apple_csp/lib/pkcs12Derive.cpp +++ b/OSX/libsecurity_apple_csp/lib/pkcs12Derive.cpp @@ -21,8 +21,8 @@ */ #include -#include -#include +#include +#include "pbkdDigest.h" #include "pkcs12Derive.h" #include "AppleCSPUtils.h" diff --git a/OSX/libsecurity_apple_csp/lib/rc2Context.cpp b/OSX/libsecurity_apple_csp/lib/rc2Context.cpp index bf943c35..5bf55809 100644 --- a/OSX/libsecurity_apple_csp/lib/rc2Context.cpp +++ b/OSX/libsecurity_apple_csp/lib/rc2Context.cpp @@ -20,7 +20,7 @@ * rc2Context.cpp - glue between BlockCrytpor and ssleay RC2 implementation */ -#include +#include #include #include "rc2Context.h" diff --git a/OSX/libsecurity_apple_csp/lib/rc2Context.h b/OSX/libsecurity_apple_csp/lib/rc2Context.h index 24393729..42705a89 100644 --- a/OSX/libsecurity_apple_csp/lib/rc2Context.h +++ b/OSX/libsecurity_apple_csp/lib/rc2Context.h @@ -23,7 +23,7 @@ #define _RC2_CONTEXT_H_ #include -#include +#include /* RC2 Symmetric encryption context */ class RC2Context : public BlockCryptor { diff --git a/OSX/libsecurity_apple_csp/lib/rc5Context.cpp b/OSX/libsecurity_apple_csp/lib/rc5Context.cpp index b3f86524..583091a5 100644 --- a/OSX/libsecurity_apple_csp/lib/rc5Context.cpp +++ b/OSX/libsecurity_apple_csp/lib/rc5Context.cpp @@ -20,7 +20,7 @@ * rc5Context.cpp - glue between BlockCrytpor and ssleay RC5 implementation */ -#include +#include #include #include "rc5Context.h" diff --git a/OSX/libsecurity_apple_csp/lib/rc5Context.h b/OSX/libsecurity_apple_csp/lib/rc5Context.h index fa9182af..c7e7ec73 100644 --- a/OSX/libsecurity_apple_csp/lib/rc5Context.h +++ b/OSX/libsecurity_apple_csp/lib/rc5Context.h @@ -23,7 +23,7 @@ #define _RC5_CONTEXT_H_ #include -#include +#include class RC5Context : public BlockCryptor { public: diff --git a/OSX/libsecurity_apple_csp/lib/wrapKey.cpp b/OSX/libsecurity_apple_csp/lib/wrapKey.cpp index 00ab865e..1ed1a773 100644 --- a/OSX/libsecurity_apple_csp/lib/wrapKey.cpp +++ b/OSX/libsecurity_apple_csp/lib/wrapKey.cpp @@ -235,7 +235,7 @@ void AppleCSPSession::WrapKey( /* get the blob to be wrappped */ CssmData rawBlob; bool allocdRawBlob = false; - CSSM_KEYBLOB_FORMAT rawFormat; + CSSM_KEYBLOB_FORMAT rawFormat = CSSM_KEYBLOB_RAW_FORMAT_NONE; /* * Outgoing same as incoming unless a partial key is completed during diff --git a/OSX/libsecurity_apple_csp/libsecurity_apple_csp.xcodeproj/project.pbxproj b/OSX/libsecurity_apple_csp/libsecurity_apple_csp.xcodeproj/project.pbxproj deleted file mode 100644 index ff7ee6a0..00000000 --- a/OSX/libsecurity_apple_csp/libsecurity_apple_csp.xcodeproj/project.pbxproj +++ /dev/null @@ -1,1489 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXAggregateTarget section */ - 0539107D0A37721E00B9E848 /* Copy Open Source Docs */ = { - isa = PBXAggregateTarget; - buildConfigurationList = 053910860A37725A00B9E848 /* Build configuration list for PBXAggregateTarget "Copy Open Source Docs" */; - buildPhases = ( - 0539107C0A37721E00B9E848 /* CopyFiles */, - 053910850A37725A00B9E848 /* CopyFiles */, - ); - dependencies = ( - ); - name = "Copy Open Source Docs"; - productName = "Copy Open Source Docs"; - }; -/* End PBXAggregateTarget section */ - -/* Begin PBXBuildFile section */ - 053910830A37725A00B9E848 /* libsecurity_apple_csp.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = 053910810A37725A00B9E848 /* libsecurity_apple_csp.plist */; }; - 0539108B0A37726600B9E848 /* libsecurity_apple_csp.txt in CopyFiles */ = {isa = PBXBuildFile; fileRef = 053910820A37725A00B9E848 /* libsecurity_apple_csp.txt */; }; - 053ABEFF0AA4C94900CA6DC3 /* opensshCoding.h in Headers */ = {isa = PBXBuildFile; fileRef = 053ABEFD0AA4C94900CA6DC3 /* opensshCoding.h */; }; - 053ABF000AA4C94900CA6DC3 /* opensshCoding.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 053ABEFE0AA4C94900CA6DC3 /* opensshCoding.cpp */; }; - 053ABF620AA4F3EB00CA6DC3 /* opensshWrap.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 053ABF600AA4F3EB00CA6DC3 /* opensshWrap.cpp */; }; - 05622BAC06CC352100784EED /* SHA2_Object.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 05622BAA06CC352100784EED /* SHA2_Object.cpp */; }; - 05622BAD06CC352100784EED /* SHA2_Object.h in Headers */ = {isa = PBXBuildFile; fileRef = 05622BAB06CC352100784EED /* SHA2_Object.h */; }; - 05BFEE0E09E1D71800F3D7E0 /* HMACSHA1.c in Sources */ = {isa = PBXBuildFile; fileRef = 05BFEE0C09E1D71800F3D7E0 /* HMACSHA1.c */; }; - 05BFEE0F09E1D71800F3D7E0 /* HMACSHA1.h in Headers */ = {isa = PBXBuildFile; fileRef = 05BFEE0D09E1D71800F3D7E0 /* HMACSHA1.h */; }; - C2196B3A053B5905005808D4 /* AppleCSPBuiltin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2196B39053B5905005808D4 /* AppleCSPBuiltin.cpp */; }; - C280AE6F0534BBD900F7E802 /* bf_ecb.c in Sources */ = {isa = PBXBuildFile; fileRef = C280ADE80534BBD900F7E802 /* bf_ecb.c */; }; - C280AE700534BBD900F7E802 /* bf_enc.c in Sources */ = {isa = PBXBuildFile; fileRef = C280ADE90534BBD900F7E802 /* bf_enc.c */; }; - C280AE710534BBD900F7E802 /* bf_locl.h in Headers */ = {isa = PBXBuildFile; fileRef = C280ADEA0534BBD900F7E802 /* bf_locl.h */; }; - C280AE720534BBD900F7E802 /* bf_pi.h in Headers */ = {isa = PBXBuildFile; fileRef = C280ADEB0534BBD900F7E802 /* bf_pi.h */; }; - C280AE730534BBD900F7E802 /* bf_skey.c in Sources */ = {isa = PBXBuildFile; fileRef = C280ADEC0534BBD900F7E802 /* bf_skey.c */; }; - C280AE740534BBD900F7E802 /* bio_lib.c in Sources */ = {isa = PBXBuildFile; fileRef = C280ADF00534BBD900F7E802 /* bio_lib.c */; }; - C280AE750534BBD900F7E802 /* bss_file.c in Sources */ = {isa = PBXBuildFile; fileRef = C280ADF10534BBD900F7E802 /* bss_file.c */; }; - C280AE760534BBD900F7E802 /* bn_add.c in Sources */ = {isa = PBXBuildFile; fileRef = C280ADF30534BBD900F7E802 /* bn_add.c */; }; - C280AE770534BBD900F7E802 /* bn_asm.c in Sources */ = {isa = PBXBuildFile; fileRef = C280ADF40534BBD900F7E802 /* bn_asm.c */; }; - C280AE780534BBD900F7E802 /* bn_blind.c in Sources */ = {isa = PBXBuildFile; fileRef = C280ADF50534BBD900F7E802 /* bn_blind.c */; }; - C280AE790534BBD900F7E802 /* bn_ctx.c in Sources */ = {isa = PBXBuildFile; fileRef = C280ADF60534BBD900F7E802 /* bn_ctx.c */; }; - C280AE7A0534BBD900F7E802 /* bn_div.c in Sources */ = {isa = PBXBuildFile; fileRef = C280ADF70534BBD900F7E802 /* bn_div.c */; }; - C280AE7B0534BBD900F7E802 /* bn_err.c in Sources */ = {isa = PBXBuildFile; fileRef = C280ADF80534BBD900F7E802 /* bn_err.c */; }; - C280AE7C0534BBD900F7E802 /* bn_exp.c in Sources */ = {isa = PBXBuildFile; fileRef = C280ADF90534BBD900F7E802 /* bn_exp.c */; }; - C280AE7D0534BBD900F7E802 /* bn_exp2.c in Sources */ = {isa = PBXBuildFile; fileRef = C280ADFA0534BBD900F7E802 /* bn_exp2.c */; }; - C280AE7E0534BBD900F7E802 /* bn_gcd.c in Sources */ = {isa = PBXBuildFile; fileRef = C280ADFB0534BBD900F7E802 /* bn_gcd.c */; }; - C280AE7F0534BBD900F7E802 /* bn_lcl.h in Headers */ = {isa = PBXBuildFile; fileRef = C280ADFC0534BBD900F7E802 /* bn_lcl.h */; }; - C280AE800534BBD900F7E802 /* bn_lib.c in Sources */ = {isa = PBXBuildFile; fileRef = C280ADFD0534BBD900F7E802 /* bn_lib.c */; }; - C280AE810534BBD900F7E802 /* bn_mont.c in Sources */ = {isa = PBXBuildFile; fileRef = C280ADFE0534BBD900F7E802 /* bn_mont.c */; }; - C280AE820534BBD900F7E802 /* bn_mpi.c in Sources */ = {isa = PBXBuildFile; fileRef = C280ADFF0534BBD900F7E802 /* bn_mpi.c */; }; - C280AE830534BBD900F7E802 /* bn_mul.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE000534BBD900F7E802 /* bn_mul.c */; }; - C280AE840534BBD900F7E802 /* bn_prime.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE010534BBD900F7E802 /* bn_prime.c */; }; - C280AE850534BBD900F7E802 /* bn_prime.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE020534BBD900F7E802 /* bn_prime.h */; }; - C280AE860534BBD900F7E802 /* bn_print.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE030534BBD900F7E802 /* bn_print.c */; }; - C280AE870534BBD900F7E802 /* bn_rand.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE040534BBD900F7E802 /* bn_rand.c */; }; - C280AE880534BBD900F7E802 /* bn_recp.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE050534BBD900F7E802 /* bn_recp.c */; }; - C280AE890534BBD900F7E802 /* bn_shift.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE060534BBD900F7E802 /* bn_shift.c */; }; - C280AE8A0534BBD900F7E802 /* bn_sqr.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE070534BBD900F7E802 /* bn_sqr.c */; }; - C280AE8B0534BBD900F7E802 /* bn_word.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE080534BBD900F7E802 /* bn_word.c */; }; - C280AE930534BBD900F7E802 /* buf_err.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE110534BBD900F7E802 /* buf_err.c */; }; - C280AE940534BBD900F7E802 /* buffer.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE120534BBD900F7E802 /* buffer.c */; }; - C280AE9A0534BBD900F7E802 /* cryptlib.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE190534BBD900F7E802 /* cryptlib.c */; }; - C280AE9B0534BBD900F7E802 /* cryptlib.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE1A0534BBD900F7E802 /* cryptlib.h */; }; - C280AE9C0534BBD900F7E802 /* dh_check.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE1C0534BBD900F7E802 /* dh_check.c */; }; - C280AE9D0534BBD900F7E802 /* dh_err.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE1D0534BBD900F7E802 /* dh_err.c */; }; - C280AE9E0534BBD900F7E802 /* dh_gen.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE1E0534BBD900F7E802 /* dh_gen.c */; }; - C280AE9F0534BBD900F7E802 /* dh_key.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE1F0534BBD900F7E802 /* dh_key.c */; }; - C280AEA00534BBD900F7E802 /* dh_lib.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE200534BBD900F7E802 /* dh_lib.c */; }; - C280AEA10534BBD900F7E802 /* dsa_asn1.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE220534BBD900F7E802 /* dsa_asn1.c */; }; - C280AEA20534BBD900F7E802 /* dsa_err.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE230534BBD900F7E802 /* dsa_err.c */; }; - C280AEA30534BBD900F7E802 /* dsa_gen.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE240534BBD900F7E802 /* dsa_gen.c */; }; - C280AEA40534BBD900F7E802 /* dsa_key.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE250534BBD900F7E802 /* dsa_key.c */; }; - C280AEA50534BBD900F7E802 /* dsa_lib.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE260534BBD900F7E802 /* dsa_lib.c */; }; - C280AEA60534BBD900F7E802 /* dsa_ossl.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE270534BBD900F7E802 /* dsa_ossl.c */; }; - C280AEA70534BBD900F7E802 /* dsa_sign.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE280534BBD900F7E802 /* dsa_sign.c */; }; - C280AEA80534BBD900F7E802 /* dsa_vrf.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE290534BBD900F7E802 /* dsa_vrf.c */; }; - C280AEA90534BBD900F7E802 /* err.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE2B0534BBD900F7E802 /* err.c */; }; - C280AEAA0534BBD900F7E802 /* err_prn.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE2C0534BBD900F7E802 /* err_prn.c */; }; - C280AEAB0534BBD900F7E802 /* ex_data.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE2D0534BBD900F7E802 /* ex_data.c */; }; - C280AEAC0534BBD900F7E802 /* lhash.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE2F0534BBD900F7E802 /* lhash.c */; }; - C280AEAD0534BBD900F7E802 /* mem.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE310534BBD900F7E802 /* mem.c */; }; - C280AEAF0534BBD900F7E802 /* rc2_cbc.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE340534BBD900F7E802 /* rc2_cbc.c */; }; - C280AEB00534BBD900F7E802 /* rc2_locl.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE350534BBD900F7E802 /* rc2_locl.h */; }; - C280AEB10534BBD900F7E802 /* rc2_skey.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE360534BBD900F7E802 /* rc2_skey.c */; }; - C280AEB40534BBD900F7E802 /* rc5_enc.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE390534BBD900F7E802 /* rc5_enc.c */; }; - C280AEB50534BBD900F7E802 /* rc5_locl.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE3A0534BBD900F7E802 /* rc5_locl.h */; }; - C280AEB60534BBD900F7E802 /* rc5_skey.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE3B0534BBD900F7E802 /* rc5_skey.c */; }; - C280AEB70534BBD900F7E802 /* asn1.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE3D0534BBD900F7E802 /* asn1.h */; }; - C280AEB80534BBD900F7E802 /* bio.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE3E0534BBD900F7E802 /* bio.h */; }; - C280AEB90534BBD900F7E802 /* blowfish.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE3F0534BBD900F7E802 /* blowfish.h */; }; - C280AEBA0534BBD900F7E802 /* bn.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE400534BBD900F7E802 /* bn.h */; }; - C280AEBB0534BBD900F7E802 /* buffer.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE410534BBD900F7E802 /* buffer.h */; }; - C280AEBC0534BBD900F7E802 /* cast.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE420534BBD900F7E802 /* cast.h */; }; - C280AEBD0534BBD900F7E802 /* crypto.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE430534BBD900F7E802 /* crypto.h */; }; - C280AEBE0534BBD900F7E802 /* dh.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE440534BBD900F7E802 /* dh.h */; }; - C280AEBF0534BBD900F7E802 /* dsa.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE450534BBD900F7E802 /* dsa.h */; }; - C280AEC00534BBD900F7E802 /* e_os.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE460534BBD900F7E802 /* e_os.h */; }; - C280AEC10534BBD900F7E802 /* e_os2.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE470534BBD900F7E802 /* e_os2.h */; }; - C280AEC20534BBD900F7E802 /* err.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE480534BBD900F7E802 /* err.h */; }; - C280AEC30534BBD900F7E802 /* evp.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE490534BBD900F7E802 /* evp.h */; }; - C280AEC40534BBD900F7E802 /* lhash.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE4A0534BBD900F7E802 /* lhash.h */; }; - C280AEC60534BBD900F7E802 /* objects.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE4C0534BBD900F7E802 /* objects.h */; }; - C280AEC70534BBD900F7E802 /* openssl_pkcs7.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE4D0534BBD900F7E802 /* openssl_pkcs7.h */; }; - C280AEC80534BBD900F7E802 /* opensslconf.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE4E0534BBD900F7E802 /* opensslconf.h */; }; - C280AEC90534BBD900F7E802 /* opensslv.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE4F0534BBD900F7E802 /* opensslv.h */; }; - C280AECA0534BBD900F7E802 /* rand.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE500534BBD900F7E802 /* rand.h */; }; - C280AECB0534BBD900F7E802 /* rc2.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE510534BBD900F7E802 /* rc2.h */; }; - C280AECD0534BBD900F7E802 /* rc5.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE530534BBD900F7E802 /* rc5.h */; }; - C280AECE0534BBD900F7E802 /* rsa.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE540534BBD900F7E802 /* rsa.h */; }; - C280AECF0534BBD900F7E802 /* safestack.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE550534BBD900F7E802 /* safestack.h */; }; - C280AED10534BBD900F7E802 /* stack.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE570534BBD900F7E802 /* stack.h */; }; - C280AED20534BBD900F7E802 /* x509.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE580534BBD900F7E802 /* x509.h */; }; - C280AED30534BBD900F7E802 /* x509_vfy.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE590534BBD900F7E802 /* x509_vfy.h */; }; - C280AED40534BBD900F7E802 /* opensslAsn1.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C280AE5B0534BBD900F7E802 /* opensslAsn1.cpp */; }; - C280AED50534BBD900F7E802 /* opensslAsn1.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE5C0534BBD900F7E802 /* opensslAsn1.h */; }; - C280AED60534BBD900F7E802 /* opensslUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C280AE5D0534BBD900F7E802 /* opensslUtils.cpp */; }; - C280AED70534BBD900F7E802 /* opensslUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = C280AE5E0534BBD900F7E802 /* opensslUtils.h */; }; - C280AEDA0534BBD900F7E802 /* rsa_chk.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE620534BBD900F7E802 /* rsa_chk.c */; }; - C280AEDB0534BBD900F7E802 /* rsa_eay.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE630534BBD900F7E802 /* rsa_eay.c */; }; - C280AEDC0534BBD900F7E802 /* rsa_err.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE640534BBD900F7E802 /* rsa_err.c */; }; - C280AEDD0534BBD900F7E802 /* rsa_gen.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE650534BBD900F7E802 /* rsa_gen.c */; }; - C280AEDE0534BBD900F7E802 /* rsa_lib.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE660534BBD900F7E802 /* rsa_lib.c */; }; - C280AEDF0534BBD900F7E802 /* rsa_none.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE670534BBD900F7E802 /* rsa_none.c */; }; - C280AEE00534BBD900F7E802 /* rsa_null.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE680534BBD900F7E802 /* rsa_null.c */; }; - C280AEE10534BBD900F7E802 /* rsa_pk1.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE690534BBD900F7E802 /* rsa_pk1.c */; }; - C280AEE20534BBD900F7E802 /* rsa_saos.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE6A0534BBD900F7E802 /* rsa_saos.c */; }; - C280AEE30534BBD900F7E802 /* rsa_sign.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE6B0534BBD900F7E802 /* rsa_sign.c */; }; - C280AEE40534BBD900F7E802 /* rsa_ssl.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE6C0534BBD900F7E802 /* rsa_ssl.c */; }; - C280AEE50534BBD900F7E802 /* stack.c in Sources */ = {isa = PBXBuildFile; fileRef = C280AE6E0534BBD900F7E802 /* stack.c */; }; - C284377C053488AC000AE0FC /* aesCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = C28436FD053488AB000AE0FC /* aesCommon.h */; }; - C284377D053488AC000AE0FC /* aescsp.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C28436FE053488AB000AE0FC /* aescsp.cpp */; }; - C284377E053488AC000AE0FC /* aescspi.h in Headers */ = {isa = PBXBuildFile; fileRef = C28436FF053488AB000AE0FC /* aescspi.h */; }; - C284377F053488AC000AE0FC /* algmaker.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843700053488AB000AE0FC /* algmaker.cpp */; }; - C2843780053488AC000AE0FC /* AppleCSP.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843701053488AB000AE0FC /* AppleCSP.cpp */; }; - C2843781053488AC000AE0FC /* AppleCSP.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843702053488AB000AE0FC /* AppleCSP.h */; }; - C2843782053488AC000AE0FC /* AppleCSPContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843703053488AB000AE0FC /* AppleCSPContext.cpp */; }; - C2843783053488AC000AE0FC /* AppleCSPContext.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843704053488AB000AE0FC /* AppleCSPContext.h */; }; - C2843784053488AC000AE0FC /* AppleCSPKeys.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843705053488AB000AE0FC /* AppleCSPKeys.cpp */; }; - C2843785053488AC000AE0FC /* AppleCSPKeys.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843706053488AB000AE0FC /* AppleCSPKeys.h */; }; - C2843787053488AC000AE0FC /* AppleCSPSession.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843708053488AB000AE0FC /* AppleCSPSession.h */; }; - C2843788053488AC000AE0FC /* AppleCSPUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843709053488AB000AE0FC /* AppleCSPUtils.cpp */; }; - C2843789053488AC000AE0FC /* AppleCSPUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = C284370A053488AB000AE0FC /* AppleCSPUtils.h */; }; - C284378A053488AC000AE0FC /* ascContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284370B053488AB000AE0FC /* ascContext.cpp */; }; - C284378B053488AC000AE0FC /* ascContext.h in Headers */ = {isa = PBXBuildFile; fileRef = C284370C053488AB000AE0FC /* ascContext.h */; }; - C284378C053488AC000AE0FC /* ascFactory.h in Headers */ = {isa = PBXBuildFile; fileRef = C284370D053488AB000AE0FC /* ascFactory.h */; }; - C284378D053488AC000AE0FC /* bfContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284370E053488AB000AE0FC /* bfContext.cpp */; }; - C284378E053488AC000AE0FC /* bfContext.h in Headers */ = {isa = PBXBuildFile; fileRef = C284370F053488AB000AE0FC /* bfContext.h */; }; - C284378F053488AC000AE0FC /* BinaryKey.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843710053488AB000AE0FC /* BinaryKey.h */; }; - C2843790053488AC000AE0FC /* BlockCryptor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843711053488AB000AE0FC /* BlockCryptor.cpp */; }; - C2843791053488AC000AE0FC /* BlockCryptor.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843712053488AB000AE0FC /* BlockCryptor.h */; }; - C2843792053488AC000AE0FC /* boxes-ref.c in Sources */ = {isa = PBXBuildFile; fileRef = C2843713053488AB000AE0FC /* boxes-ref.c */; }; - C2843793053488AC000AE0FC /* boxes-ref.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843714053488AB000AE0FC /* boxes-ref.h */; }; - C2843794053488AC000AE0FC /* bsafeAsymmetric.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843715053488AB000AE0FC /* bsafeAsymmetric.cpp */; }; - C2843795053488AC000AE0FC /* bsafeContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843716053488AB000AE0FC /* bsafeContext.cpp */; }; - C2843796053488AC000AE0FC /* bsafecsp.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843717053488AB000AE0FC /* bsafecsp.h */; }; - C2843797053488AC000AE0FC /* bsafecspi.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843718053488AB000AE0FC /* bsafecspi.h */; }; - C2843798053488AC000AE0FC /* bsafeKeyGen.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843719053488AB000AE0FC /* bsafeKeyGen.cpp */; }; - C2843799053488AC000AE0FC /* bsafePKCS1.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284371A053488AB000AE0FC /* bsafePKCS1.cpp */; }; - C284379A053488AC000AE0FC /* bsafePKCS1.h in Headers */ = {isa = PBXBuildFile; fileRef = C284371B053488AB000AE0FC /* bsafePKCS1.h */; }; - C284379B053488AC000AE0FC /* bsafeSymmetric.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284371C053488AB000AE0FC /* bsafeSymmetric.cpp */; }; - C284379C053488AC000AE0FC /* bsobjects.h in Headers */ = {isa = PBXBuildFile; fileRef = C284371D053488AB000AE0FC /* bsobjects.h */; }; - C284379D053488AC000AE0FC /* castContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284371E053488AB000AE0FC /* castContext.cpp */; }; - C284379E053488AC000AE0FC /* castContext.h in Headers */ = {isa = PBXBuildFile; fileRef = C284371F053488AB000AE0FC /* castContext.h */; }; - C28437A1053488AC000AE0FC /* cryptkitcsp.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843722053488AB000AE0FC /* cryptkitcsp.cpp */; }; - C28437A2053488AC000AE0FC /* cryptkitcsp.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843723053488AB000AE0FC /* cryptkitcsp.h */; }; - C28437A4053488AC000AE0FC /* CryptKitSpace.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843725053488AB000AE0FC /* CryptKitSpace.h */; }; - C28437A5053488AC000AE0FC /* cspdebugging.c in Sources */ = {isa = PBXBuildFile; fileRef = C2843726053488AB000AE0FC /* cspdebugging.c */; }; - C28437A6053488AC000AE0FC /* cspdebugging.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843727053488AB000AE0FC /* cspdebugging.h */; }; - C28437A8053488AC000AE0FC /* deriveKey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843729053488AB000AE0FC /* deriveKey.cpp */; }; - C28437AB053488AC000AE0FC /* desContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284372C053488AB000AE0FC /* desContext.cpp */; }; - C28437AC053488AC000AE0FC /* desContext.h in Headers */ = {isa = PBXBuildFile; fileRef = C284372D053488AB000AE0FC /* desContext.h */; }; - C28437AD053488AC000AE0FC /* DH_csp.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284372E053488AB000AE0FC /* DH_csp.cpp */; }; - C28437AE053488AC000AE0FC /* DH_csp.h in Headers */ = {isa = PBXBuildFile; fileRef = C284372F053488AB000AE0FC /* DH_csp.h */; }; - C28437AF053488AC000AE0FC /* DH_exchange.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843730053488AB000AE0FC /* DH_exchange.cpp */; }; - C28437B0053488AC000AE0FC /* DH_exchange.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843731053488AB000AE0FC /* DH_exchange.h */; }; - C28437B1053488AC000AE0FC /* DH_keys.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843732053488AB000AE0FC /* DH_keys.cpp */; }; - C28437B2053488AC000AE0FC /* DH_keys.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843733053488AB000AE0FC /* DH_keys.h */; }; - C28437B3053488AC000AE0FC /* DH_utils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843734053488AB000AE0FC /* DH_utils.cpp */; }; - C28437B4053488AC000AE0FC /* DH_utils.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843735053488AB000AE0FC /* DH_utils.h */; }; - C28437B5053488AC000AE0FC /* DigestContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843736053488AB000AE0FC /* DigestContext.cpp */; }; - C28437B6053488AC000AE0FC /* DigestContext.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843737053488AB000AE0FC /* DigestContext.h */; }; - C28437B7053488AC000AE0FC /* FEEAsymmetricContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843738053488AB000AE0FC /* FEEAsymmetricContext.cpp */; }; - C28437B8053488AC000AE0FC /* FEEAsymmetricContext.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843739053488AB000AE0FC /* FEEAsymmetricContext.h */; }; - C28437B9053488AC000AE0FC /* FEECSPUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284373A053488AB000AE0FC /* FEECSPUtils.cpp */; }; - C28437BA053488AC000AE0FC /* FEECSPUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = C284373B053488AB000AE0FC /* FEECSPUtils.h */; }; - C28437BB053488AC000AE0FC /* FEEKeys.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284373C053488AB000AE0FC /* FEEKeys.cpp */; }; - C28437BC053488AC000AE0FC /* FEEKeys.h in Headers */ = {isa = PBXBuildFile; fileRef = C284373D053488AB000AE0FC /* FEEKeys.h */; }; - C28437BD053488AC000AE0FC /* FEESignatureObject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284373E053488AB000AE0FC /* FEESignatureObject.cpp */; }; - C28437BE053488AC000AE0FC /* FEESignatureObject.h in Headers */ = {isa = PBXBuildFile; fileRef = C284373F053488AB000AE0FC /* FEESignatureObject.h */; }; - C28437BF053488AC000AE0FC /* gladmanContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843740053488AB000AE0FC /* gladmanContext.cpp */; }; - C28437C0053488AC000AE0FC /* gladmanContext.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843741053488AB000AE0FC /* gladmanContext.h */; }; - C28437C3053488AC000AE0FC /* MacContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843744053488AB000AE0FC /* MacContext.cpp */; }; - C28437C4053488AC000AE0FC /* MacContext.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843745053488AB000AE0FC /* MacContext.h */; }; - C28437C5053488AC000AE0FC /* MD2Object.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843746053488AB000AE0FC /* MD2Object.cpp */; }; - C28437C6053488AC000AE0FC /* MD2Object.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843747053488AB000AE0FC /* MD2Object.h */; }; - C28437C9053488AC000AE0FC /* memory.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284374A053488AB000AE0FC /* memory.cpp */; }; - C28437CA053488AC000AE0FC /* miscAlgFactory.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284374B053488AB000AE0FC /* miscAlgFactory.cpp */; }; - C28437CB053488AC000AE0FC /* miscAlgFactory.h in Headers */ = {isa = PBXBuildFile; fileRef = C284374C053488AB000AE0FC /* miscAlgFactory.h */; }; - C28437CC053488AC000AE0FC /* miscalgorithms.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284374D053488AB000AE0FC /* miscalgorithms.cpp */; }; - C28437CD053488AC000AE0FC /* NullCryptor.h in Headers */ = {isa = PBXBuildFile; fileRef = C284374E053488AC000AE0FC /* NullCryptor.h */; }; - C28437CE053488AC000AE0FC /* pbkdDigest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284374F053488AC000AE0FC /* pbkdDigest.cpp */; }; - C28437CF053488AC000AE0FC /* pbkdDigest.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843750053488AC000AE0FC /* pbkdDigest.h */; }; - C28437D0053488AC000AE0FC /* pbkdf2.c in Sources */ = {isa = PBXBuildFile; fileRef = C2843751053488AC000AE0FC /* pbkdf2.c */; }; - C28437D1053488AC000AE0FC /* pbkdf2.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843752053488AC000AE0FC /* pbkdf2.h */; }; - C28437D2053488AC000AE0FC /* pkcs12Derive.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843753053488AC000AE0FC /* pkcs12Derive.cpp */; }; - C28437D3053488AC000AE0FC /* pkcs12Derive.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843754053488AC000AE0FC /* pkcs12Derive.h */; }; - C28437D4053488AC000AE0FC /* pkcs8.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843755053488AC000AE0FC /* pkcs8.cpp */; }; - C28437D5053488AC000AE0FC /* pkcs8.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843756053488AC000AE0FC /* pkcs8.h */; }; - C28437D7053488AC000AE0FC /* RawSigner.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843758053488AC000AE0FC /* RawSigner.h */; }; - C28437D8053488AC000AE0FC /* rc2Context.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843759053488AC000AE0FC /* rc2Context.cpp */; }; - C28437D9053488AC000AE0FC /* rc2Context.h in Headers */ = {isa = PBXBuildFile; fileRef = C284375A053488AC000AE0FC /* rc2Context.h */; }; - C28437DA053488AC000AE0FC /* rc4Context.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284375B053488AC000AE0FC /* rc4Context.cpp */; }; - C28437DB053488AC000AE0FC /* rc4Context.h in Headers */ = {isa = PBXBuildFile; fileRef = C284375C053488AC000AE0FC /* rc4Context.h */; }; - C28437DC053488AC000AE0FC /* rc5Context.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284375D053488AC000AE0FC /* rc5Context.cpp */; }; - C28437DD053488AC000AE0FC /* rc5Context.h in Headers */ = {isa = PBXBuildFile; fileRef = C284375E053488AC000AE0FC /* rc5Context.h */; }; - C28437DE053488AC000AE0FC /* rijndael-alg-ref.c in Sources */ = {isa = PBXBuildFile; fileRef = C284375F053488AC000AE0FC /* rijndael-alg-ref.c */; }; - C28437DF053488AC000AE0FC /* rijndael-alg-ref.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843760053488AC000AE0FC /* rijndael-alg-ref.h */; }; - C28437E0053488AC000AE0FC /* rijndaelApi.c in Sources */ = {isa = PBXBuildFile; fileRef = C2843761053488AC000AE0FC /* rijndaelApi.c */; }; - C28437E1053488AC000AE0FC /* rijndaelApi.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843762053488AC000AE0FC /* rijndaelApi.h */; }; - C28437E4053488AC000AE0FC /* RSA_asymmetric.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843765053488AC000AE0FC /* RSA_asymmetric.cpp */; }; - C28437E5053488AC000AE0FC /* RSA_asymmetric.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843766053488AC000AE0FC /* RSA_asymmetric.h */; }; - C28437E6053488AC000AE0FC /* RSA_DSA_csp.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843767053488AC000AE0FC /* RSA_DSA_csp.cpp */; }; - C28437E7053488AC000AE0FC /* RSA_DSA_csp.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843768053488AC000AE0FC /* RSA_DSA_csp.h */; }; - C28437E8053488AC000AE0FC /* RSA_DSA_keys.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843769053488AC000AE0FC /* RSA_DSA_keys.cpp */; }; - C28437E9053488AC000AE0FC /* RSA_DSA_keys.h in Headers */ = {isa = PBXBuildFile; fileRef = C284376A053488AC000AE0FC /* RSA_DSA_keys.h */; }; - C28437EA053488AC000AE0FC /* RSA_DSA_signature.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284376B053488AC000AE0FC /* RSA_DSA_signature.cpp */; }; - C28437EB053488AC000AE0FC /* RSA_DSA_signature.h in Headers */ = {isa = PBXBuildFile; fileRef = C284376C053488AC000AE0FC /* RSA_DSA_signature.h */; }; - C28437EC053488AC000AE0FC /* RSA_DSA_utils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284376D053488AC000AE0FC /* RSA_DSA_utils.cpp */; }; - C28437ED053488AC000AE0FC /* RSA_DSA_utils.h in Headers */ = {isa = PBXBuildFile; fileRef = C284376E053488AC000AE0FC /* RSA_DSA_utils.h */; }; - C28437F0053488AC000AE0FC /* SHA1_MD5_Object.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843771053488AC000AE0FC /* SHA1_MD5_Object.cpp */; }; - C28437F1053488AC000AE0FC /* SHA1_MD5_Object.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843772053488AC000AE0FC /* SHA1_MD5_Object.h */; }; - C28437F4053488AC000AE0FC /* SignatureContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843775053488AC000AE0FC /* SignatureContext.cpp */; }; - C28437F5053488AC000AE0FC /* SignatureContext.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843776053488AC000AE0FC /* SignatureContext.h */; }; - C28437F6053488AC000AE0FC /* vRijndael-alg-ref.c in Sources */ = {isa = PBXBuildFile; fileRef = C2843777053488AC000AE0FC /* vRijndael-alg-ref.c */; }; - C28437F7053488AC000AE0FC /* wrapKey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843778053488AC000AE0FC /* wrapKey.cpp */; }; - C28437F8053488AC000AE0FC /* wrapKeyCms.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843779053488AC000AE0FC /* wrapKeyCms.cpp */; }; - C28437F9053488AC000AE0FC /* YarrowConnection.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284377A053488AC000AE0FC /* YarrowConnection.cpp */; }; - C28437FA053488AC000AE0FC /* YarrowConnection.h in Headers */ = {isa = PBXBuildFile; fileRef = C284377B053488AC000AE0FC /* YarrowConnection.h */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 0539107F0A37724600B9E848 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 0539107D0A37721E00B9E848; - remoteInfo = "Copy Open Source Docs"; - }; - 18446095146DFBC900B12992 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18446090146DFBC800B12992 /* libsecurity_cdsa_plugin.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_cdsa_plugin; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXCopyFilesBuildPhase section */ - 0539107C0A37721E00B9E848 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /usr/local/OpenSourceVersions/; - dstSubfolderSpec = 0; - files = ( - 053910830A37725A00B9E848 /* libsecurity_apple_csp.plist in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; - }; - 053910850A37725A00B9E848 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /usr/local/OpenSourceLicenses/; - dstSubfolderSpec = 0; - files = ( - 0539108B0A37726600B9E848 /* libsecurity_apple_csp.txt in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; - }; -/* End PBXCopyFilesBuildPhase section */ - -/* Begin PBXFileReference section */ - 053910810A37725A00B9E848 /* libsecurity_apple_csp.plist */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.plist.xml; path = libsecurity_apple_csp.plist; sourceTree = ""; }; - 053910820A37725A00B9E848 /* libsecurity_apple_csp.txt */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = libsecurity_apple_csp.txt; sourceTree = ""; }; - 053ABEFD0AA4C94900CA6DC3 /* opensshCoding.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = opensshCoding.h; sourceTree = ""; }; - 053ABEFE0AA4C94900CA6DC3 /* opensshCoding.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = opensshCoding.cpp; sourceTree = ""; }; - 053ABF600AA4F3EB00CA6DC3 /* opensshWrap.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = opensshWrap.cpp; sourceTree = ""; }; - 05622BAA06CC352100784EED /* SHA2_Object.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SHA2_Object.cpp; sourceTree = ""; }; - 05622BAB06CC352100784EED /* SHA2_Object.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SHA2_Object.h; sourceTree = ""; }; - 05BFEE0C09E1D71800F3D7E0 /* HMACSHA1.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = HMACSHA1.c; sourceTree = ""; }; - 05BFEE0D09E1D71800F3D7E0 /* HMACSHA1.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = HMACSHA1.h; sourceTree = ""; }; - 18446065146DE98E00B12992 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 18446066146DE98E00B12992 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 18446067146DE98E00B12992 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 18446068146DE98E00B12992 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 18446090146DFBC800B12992 /* libsecurity_cdsa_plugin.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_cdsa_plugin.xcodeproj; path = ../libsecurity_cdsa_plugin/libsecurity_cdsa_plugin.xcodeproj; sourceTree = ""; }; - 4094B0DC057EA70300B44BCC /* csp_capabilities.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = csp_capabilities.mdsinfo; sourceTree = ""; }; - 4094B0DD057EA70300B44BCC /* csp_capabilities_common.mds */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = csp_capabilities_common.mds; sourceTree = ""; }; - 4094B0DE057EA70300B44BCC /* csp_common.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = csp_common.mdsinfo; sourceTree = ""; }; - 4094B0DF057EA70300B44BCC /* csp_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = csp_primary.mdsinfo; sourceTree = ""; }; - 4CA1FEBE052A3C8100F22E42 /* libsecurity_apple_csp.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_apple_csp.a; sourceTree = BUILT_PRODUCTS_DIR; }; - C2196B39053B5905005808D4 /* AppleCSPBuiltin.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = AppleCSPBuiltin.cpp; sourceTree = ""; }; - C280ADE80534BBD900F7E802 /* bf_ecb.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bf_ecb.c; sourceTree = ""; }; - C280ADE90534BBD900F7E802 /* bf_enc.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bf_enc.c; sourceTree = ""; }; - C280ADEA0534BBD900F7E802 /* bf_locl.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = bf_locl.h; sourceTree = ""; }; - C280ADEB0534BBD900F7E802 /* bf_pi.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = bf_pi.h; sourceTree = ""; }; - C280ADEC0534BBD900F7E802 /* bf_skey.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bf_skey.c; sourceTree = ""; }; - C280ADED0534BBD900F7E802 /* COPYRIGHT */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = COPYRIGHT; sourceTree = ""; }; - C280ADEE0534BBD900F7E802 /* README */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = README; sourceTree = ""; }; - C280ADF00534BBD900F7E802 /* bio_lib.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bio_lib.c; sourceTree = ""; }; - C280ADF10534BBD900F7E802 /* bss_file.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bss_file.c; sourceTree = ""; }; - C280ADF30534BBD900F7E802 /* bn_add.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bn_add.c; sourceTree = ""; }; - C280ADF40534BBD900F7E802 /* bn_asm.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bn_asm.c; sourceTree = ""; }; - C280ADF50534BBD900F7E802 /* bn_blind.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bn_blind.c; sourceTree = ""; }; - C280ADF60534BBD900F7E802 /* bn_ctx.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bn_ctx.c; sourceTree = ""; }; - C280ADF70534BBD900F7E802 /* bn_div.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bn_div.c; sourceTree = ""; }; - C280ADF80534BBD900F7E802 /* bn_err.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bn_err.c; sourceTree = ""; }; - C280ADF90534BBD900F7E802 /* bn_exp.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bn_exp.c; sourceTree = ""; }; - C280ADFA0534BBD900F7E802 /* bn_exp2.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bn_exp2.c; sourceTree = ""; }; - C280ADFB0534BBD900F7E802 /* bn_gcd.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bn_gcd.c; sourceTree = ""; }; - C280ADFC0534BBD900F7E802 /* bn_lcl.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = bn_lcl.h; sourceTree = ""; }; - C280ADFD0534BBD900F7E802 /* bn_lib.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bn_lib.c; sourceTree = ""; }; - C280ADFE0534BBD900F7E802 /* bn_mont.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bn_mont.c; sourceTree = ""; }; - C280ADFF0534BBD900F7E802 /* bn_mpi.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bn_mpi.c; sourceTree = ""; }; - C280AE000534BBD900F7E802 /* bn_mul.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bn_mul.c; sourceTree = ""; }; - C280AE010534BBD900F7E802 /* bn_prime.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bn_prime.c; sourceTree = ""; }; - C280AE020534BBD900F7E802 /* bn_prime.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = bn_prime.h; sourceTree = ""; }; - C280AE030534BBD900F7E802 /* bn_print.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bn_print.c; sourceTree = ""; }; - C280AE040534BBD900F7E802 /* bn_rand.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bn_rand.c; sourceTree = ""; }; - C280AE050534BBD900F7E802 /* bn_recp.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bn_recp.c; sourceTree = ""; }; - C280AE060534BBD900F7E802 /* bn_shift.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bn_shift.c; sourceTree = ""; }; - C280AE070534BBD900F7E802 /* bn_sqr.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bn_sqr.c; sourceTree = ""; }; - C280AE080534BBD900F7E802 /* bn_word.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bn_word.c; sourceTree = ""; }; - C280AE090534BBD900F7E802 /* bnspeed.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bnspeed.c; sourceTree = ""; }; - C280AE0A0534BBD900F7E802 /* bntest.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = bntest.c; sourceTree = ""; }; - C280AE0B0534BBD900F7E802 /* divtest.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = divtest.c; sourceTree = ""; }; - C280AE0C0534BBD900F7E802 /* exp.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = exp.c; sourceTree = ""; }; - C280AE0D0534BBD900F7E802 /* expspeed.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = expspeed.c; sourceTree = ""; }; - C280AE0E0534BBD900F7E802 /* exptest.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = exptest.c; sourceTree = ""; }; - C280AE0F0534BBD900F7E802 /* vms-helper.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = "vms-helper.c"; sourceTree = ""; }; - C280AE110534BBD900F7E802 /* buf_err.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = buf_err.c; sourceTree = ""; }; - C280AE120534BBD900F7E802 /* buffer.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = buffer.c; sourceTree = ""; }; - C280AE190534BBD900F7E802 /* cryptlib.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = cryptlib.c; sourceTree = ""; }; - C280AE1A0534BBD900F7E802 /* cryptlib.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cryptlib.h; sourceTree = ""; }; - C280AE1C0534BBD900F7E802 /* dh_check.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = dh_check.c; sourceTree = ""; }; - C280AE1D0534BBD900F7E802 /* dh_err.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = dh_err.c; sourceTree = ""; }; - C280AE1E0534BBD900F7E802 /* dh_gen.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = dh_gen.c; sourceTree = ""; }; - C280AE1F0534BBD900F7E802 /* dh_key.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = dh_key.c; sourceTree = ""; }; - C280AE200534BBD900F7E802 /* dh_lib.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = dh_lib.c; sourceTree = ""; }; - C280AE220534BBD900F7E802 /* dsa_asn1.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = dsa_asn1.c; sourceTree = ""; }; - C280AE230534BBD900F7E802 /* dsa_err.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = dsa_err.c; sourceTree = ""; }; - C280AE240534BBD900F7E802 /* dsa_gen.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = dsa_gen.c; sourceTree = ""; }; - C280AE250534BBD900F7E802 /* dsa_key.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = dsa_key.c; sourceTree = ""; }; - C280AE260534BBD900F7E802 /* dsa_lib.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = dsa_lib.c; sourceTree = ""; }; - C280AE270534BBD900F7E802 /* dsa_ossl.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = dsa_ossl.c; sourceTree = ""; }; - C280AE280534BBD900F7E802 /* dsa_sign.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = dsa_sign.c; sourceTree = ""; }; - C280AE290534BBD900F7E802 /* dsa_vrf.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = dsa_vrf.c; sourceTree = ""; }; - C280AE2B0534BBD900F7E802 /* err.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = err.c; sourceTree = ""; }; - C280AE2C0534BBD900F7E802 /* err_prn.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = err_prn.c; sourceTree = ""; }; - C280AE2D0534BBD900F7E802 /* ex_data.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = ex_data.c; sourceTree = ""; }; - C280AE2F0534BBD900F7E802 /* lhash.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = lhash.c; sourceTree = ""; }; - C280AE300534BBD900F7E802 /* LICENSE */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = LICENSE; sourceTree = ""; }; - C280AE310534BBD900F7E802 /* mem.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = mem.c; sourceTree = ""; }; - C280AE340534BBD900F7E802 /* rc2_cbc.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = rc2_cbc.c; sourceTree = ""; }; - C280AE350534BBD900F7E802 /* rc2_locl.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = rc2_locl.h; sourceTree = ""; }; - C280AE360534BBD900F7E802 /* rc2_skey.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = rc2_skey.c; sourceTree = ""; }; - C280AE390534BBD900F7E802 /* rc5_enc.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = rc5_enc.c; sourceTree = ""; }; - C280AE3A0534BBD900F7E802 /* rc5_locl.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = rc5_locl.h; sourceTree = ""; }; - C280AE3B0534BBD900F7E802 /* rc5_skey.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = rc5_skey.c; sourceTree = ""; }; - C280AE3D0534BBD900F7E802 /* asn1.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = asn1.h; sourceTree = ""; }; - C280AE3E0534BBD900F7E802 /* bio.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = bio.h; sourceTree = ""; }; - C280AE3F0534BBD900F7E802 /* blowfish.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = blowfish.h; sourceTree = ""; }; - C280AE400534BBD900F7E802 /* bn.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = bn.h; sourceTree = ""; }; - C280AE410534BBD900F7E802 /* buffer.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = buffer.h; sourceTree = ""; }; - C280AE420534BBD900F7E802 /* cast.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cast.h; sourceTree = ""; }; - C280AE430534BBD900F7E802 /* crypto.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = crypto.h; sourceTree = ""; }; - C280AE440534BBD900F7E802 /* dh.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = dh.h; sourceTree = ""; }; - C280AE450534BBD900F7E802 /* dsa.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = dsa.h; sourceTree = ""; }; - C280AE460534BBD900F7E802 /* e_os.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = e_os.h; sourceTree = ""; }; - C280AE470534BBD900F7E802 /* e_os2.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = e_os2.h; sourceTree = ""; }; - C280AE480534BBD900F7E802 /* err.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = err.h; sourceTree = ""; }; - C280AE490534BBD900F7E802 /* evp.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = evp.h; sourceTree = ""; }; - C280AE4A0534BBD900F7E802 /* lhash.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = lhash.h; sourceTree = ""; }; - C280AE4C0534BBD900F7E802 /* objects.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = objects.h; sourceTree = ""; }; - C280AE4D0534BBD900F7E802 /* openssl_pkcs7.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = openssl_pkcs7.h; sourceTree = ""; }; - C280AE4E0534BBD900F7E802 /* opensslconf.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = opensslconf.h; sourceTree = ""; }; - C280AE4F0534BBD900F7E802 /* opensslv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = opensslv.h; sourceTree = ""; }; - C280AE500534BBD900F7E802 /* rand.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = rand.h; sourceTree = ""; }; - C280AE510534BBD900F7E802 /* rc2.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = rc2.h; sourceTree = ""; }; - C280AE530534BBD900F7E802 /* rc5.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = rc5.h; sourceTree = ""; }; - C280AE540534BBD900F7E802 /* rsa.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = rsa.h; sourceTree = ""; }; - C280AE550534BBD900F7E802 /* safestack.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = safestack.h; sourceTree = ""; }; - C280AE570534BBD900F7E802 /* stack.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = stack.h; sourceTree = ""; }; - C280AE580534BBD900F7E802 /* x509.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = x509.h; sourceTree = ""; }; - C280AE590534BBD900F7E802 /* x509_vfy.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = x509_vfy.h; sourceTree = ""; }; - C280AE5B0534BBD900F7E802 /* opensslAsn1.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = opensslAsn1.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C280AE5C0534BBD900F7E802 /* opensslAsn1.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = opensslAsn1.h; sourceTree = ""; }; - C280AE5D0534BBD900F7E802 /* opensslUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = opensslUtils.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C280AE5E0534BBD900F7E802 /* opensslUtils.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = opensslUtils.h; sourceTree = ""; }; - C280AE620534BBD900F7E802 /* rsa_chk.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = rsa_chk.c; sourceTree = ""; }; - C280AE630534BBD900F7E802 /* rsa_eay.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = rsa_eay.c; sourceTree = ""; }; - C280AE640534BBD900F7E802 /* rsa_err.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = rsa_err.c; sourceTree = ""; }; - C280AE650534BBD900F7E802 /* rsa_gen.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = rsa_gen.c; sourceTree = ""; }; - C280AE660534BBD900F7E802 /* rsa_lib.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = rsa_lib.c; sourceTree = ""; }; - C280AE670534BBD900F7E802 /* rsa_none.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = rsa_none.c; sourceTree = ""; }; - C280AE680534BBD900F7E802 /* rsa_null.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = rsa_null.c; sourceTree = ""; }; - C280AE690534BBD900F7E802 /* rsa_pk1.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = rsa_pk1.c; sourceTree = ""; }; - C280AE6A0534BBD900F7E802 /* rsa_saos.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = rsa_saos.c; sourceTree = ""; }; - C280AE6B0534BBD900F7E802 /* rsa_sign.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = rsa_sign.c; sourceTree = ""; }; - C280AE6C0534BBD900F7E802 /* rsa_ssl.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = rsa_ssl.c; sourceTree = ""; }; - C280AE6E0534BBD900F7E802 /* stack.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = stack.c; sourceTree = ""; }; - C28436FD053488AB000AE0FC /* aesCommon.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = aesCommon.h; sourceTree = ""; }; - C28436FE053488AB000AE0FC /* aescsp.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = aescsp.cpp; sourceTree = ""; }; - C28436FF053488AB000AE0FC /* aescspi.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = aescspi.h; sourceTree = ""; }; - C2843700053488AB000AE0FC /* algmaker.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = algmaker.cpp; sourceTree = ""; }; - C2843701053488AB000AE0FC /* AppleCSP.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = AppleCSP.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2843702053488AB000AE0FC /* AppleCSP.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = AppleCSP.h; sourceTree = ""; }; - C2843703053488AB000AE0FC /* AppleCSPContext.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = AppleCSPContext.cpp; sourceTree = ""; }; - C2843704053488AB000AE0FC /* AppleCSPContext.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = AppleCSPContext.h; sourceTree = ""; }; - C2843705053488AB000AE0FC /* AppleCSPKeys.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = AppleCSPKeys.cpp; sourceTree = ""; }; - C2843706053488AB000AE0FC /* AppleCSPKeys.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = AppleCSPKeys.h; sourceTree = ""; }; - C2843707053488AB000AE0FC /* AppleCSPPlugin.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = AppleCSPPlugin.cpp; sourceTree = ""; }; - C2843708053488AB000AE0FC /* AppleCSPSession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = AppleCSPSession.h; sourceTree = ""; }; - C2843709053488AB000AE0FC /* AppleCSPUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = AppleCSPUtils.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C284370A053488AB000AE0FC /* AppleCSPUtils.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = AppleCSPUtils.h; sourceTree = ""; }; - C284370B053488AB000AE0FC /* ascContext.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = ascContext.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C284370C053488AB000AE0FC /* ascContext.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ascContext.h; sourceTree = ""; }; - C284370D053488AB000AE0FC /* ascFactory.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ascFactory.h; sourceTree = ""; }; - C284370E053488AB000AE0FC /* bfContext.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = bfContext.cpp; sourceTree = ""; }; - C284370F053488AB000AE0FC /* bfContext.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = bfContext.h; sourceTree = ""; }; - C2843710053488AB000AE0FC /* BinaryKey.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = BinaryKey.h; sourceTree = ""; }; - C2843711053488AB000AE0FC /* BlockCryptor.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = BlockCryptor.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2843712053488AB000AE0FC /* BlockCryptor.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = BlockCryptor.h; sourceTree = ""; }; - C2843713053488AB000AE0FC /* boxes-ref.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = "boxes-ref.c"; sourceTree = ""; }; - C2843714053488AB000AE0FC /* boxes-ref.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = "boxes-ref.h"; sourceTree = ""; }; - C2843715053488AB000AE0FC /* bsafeAsymmetric.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = bsafeAsymmetric.cpp; sourceTree = ""; }; - C2843716053488AB000AE0FC /* bsafeContext.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = bsafeContext.cpp; sourceTree = ""; }; - C2843717053488AB000AE0FC /* bsafecsp.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = bsafecsp.h; sourceTree = ""; }; - C2843718053488AB000AE0FC /* bsafecspi.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = bsafecspi.h; sourceTree = ""; }; - C2843719053488AB000AE0FC /* bsafeKeyGen.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = bsafeKeyGen.cpp; sourceTree = ""; }; - C284371A053488AB000AE0FC /* bsafePKCS1.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = bsafePKCS1.cpp; sourceTree = ""; }; - C284371B053488AB000AE0FC /* bsafePKCS1.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = bsafePKCS1.h; sourceTree = ""; }; - C284371C053488AB000AE0FC /* bsafeSymmetric.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = bsafeSymmetric.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C284371D053488AB000AE0FC /* bsobjects.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = bsobjects.h; sourceTree = ""; }; - C284371E053488AB000AE0FC /* castContext.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = castContext.cpp; sourceTree = ""; }; - C284371F053488AB000AE0FC /* castContext.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = castContext.h; sourceTree = ""; }; - C2843722053488AB000AE0FC /* cryptkitcsp.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cryptkitcsp.cpp; sourceTree = ""; }; - C2843723053488AB000AE0FC /* cryptkitcsp.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cryptkitcsp.h; sourceTree = ""; }; - C2843725053488AB000AE0FC /* CryptKitSpace.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CryptKitSpace.h; sourceTree = ""; }; - C2843726053488AB000AE0FC /* cspdebugging.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = cspdebugging.c; sourceTree = ""; }; - C2843727053488AB000AE0FC /* cspdebugging.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cspdebugging.h; sourceTree = ""; }; - C2843728053488AB000AE0FC /* cssmplugin.exp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.exports; path = cssmplugin.exp; sourceTree = ""; }; - C2843729053488AB000AE0FC /* deriveKey.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = deriveKey.cpp; sourceTree = ""; }; - C284372C053488AB000AE0FC /* desContext.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = desContext.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C284372D053488AB000AE0FC /* desContext.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = desContext.h; sourceTree = ""; }; - C284372E053488AB000AE0FC /* DH_csp.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = DH_csp.cpp; sourceTree = ""; }; - C284372F053488AB000AE0FC /* DH_csp.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DH_csp.h; sourceTree = ""; }; - C2843730053488AB000AE0FC /* DH_exchange.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = DH_exchange.cpp; sourceTree = ""; }; - C2843731053488AB000AE0FC /* DH_exchange.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DH_exchange.h; sourceTree = ""; }; - C2843732053488AB000AE0FC /* DH_keys.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = DH_keys.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2843733053488AB000AE0FC /* DH_keys.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = DH_keys.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - C2843734053488AB000AE0FC /* DH_utils.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = DH_utils.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2843735053488AB000AE0FC /* DH_utils.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DH_utils.h; sourceTree = ""; }; - C2843736053488AB000AE0FC /* DigestContext.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = DigestContext.cpp; sourceTree = ""; }; - C2843737053488AB000AE0FC /* DigestContext.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DigestContext.h; sourceTree = ""; }; - C2843738053488AB000AE0FC /* FEEAsymmetricContext.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = FEEAsymmetricContext.cpp; sourceTree = ""; }; - C2843739053488AB000AE0FC /* FEEAsymmetricContext.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = FEEAsymmetricContext.h; sourceTree = ""; }; - C284373A053488AB000AE0FC /* FEECSPUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = FEECSPUtils.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C284373B053488AB000AE0FC /* FEECSPUtils.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = FEECSPUtils.h; sourceTree = ""; }; - C284373C053488AB000AE0FC /* FEEKeys.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = FEEKeys.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C284373D053488AB000AE0FC /* FEEKeys.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = FEEKeys.h; sourceTree = ""; }; - C284373E053488AB000AE0FC /* FEESignatureObject.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = FEESignatureObject.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C284373F053488AB000AE0FC /* FEESignatureObject.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = FEESignatureObject.h; sourceTree = ""; }; - C2843740053488AB000AE0FC /* gladmanContext.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = gladmanContext.cpp; sourceTree = ""; }; - C2843741053488AB000AE0FC /* gladmanContext.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = gladmanContext.h; sourceTree = ""; }; - C2843744053488AB000AE0FC /* MacContext.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MacContext.cpp; sourceTree = ""; }; - C2843745053488AB000AE0FC /* MacContext.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MacContext.h; sourceTree = ""; }; - C2843746053488AB000AE0FC /* MD2Object.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MD2Object.cpp; sourceTree = ""; }; - C2843747053488AB000AE0FC /* MD2Object.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MD2Object.h; sourceTree = ""; }; - C284374A053488AB000AE0FC /* memory.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = memory.cpp; sourceTree = ""; }; - C284374B053488AB000AE0FC /* miscAlgFactory.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = miscAlgFactory.cpp; sourceTree = ""; }; - C284374C053488AB000AE0FC /* miscAlgFactory.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = miscAlgFactory.h; sourceTree = ""; }; - C284374D053488AB000AE0FC /* miscalgorithms.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = miscalgorithms.cpp; sourceTree = ""; }; - C284374E053488AC000AE0FC /* NullCryptor.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = NullCryptor.h; sourceTree = ""; }; - C284374F053488AC000AE0FC /* pbkdDigest.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = pbkdDigest.cpp; sourceTree = ""; }; - C2843750053488AC000AE0FC /* pbkdDigest.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = pbkdDigest.h; sourceTree = ""; }; - C2843751053488AC000AE0FC /* pbkdf2.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = pbkdf2.c; sourceTree = ""; }; - C2843752053488AC000AE0FC /* pbkdf2.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = pbkdf2.h; sourceTree = ""; }; - C2843753053488AC000AE0FC /* pkcs12Derive.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs12Derive.cpp; sourceTree = ""; }; - C2843754053488AC000AE0FC /* pkcs12Derive.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = pkcs12Derive.h; sourceTree = ""; }; - C2843755053488AC000AE0FC /* pkcs8.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs8.cpp; sourceTree = ""; }; - C2843756053488AC000AE0FC /* pkcs8.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = pkcs8.h; sourceTree = ""; }; - C2843758053488AC000AE0FC /* RawSigner.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = RawSigner.h; sourceTree = ""; }; - C2843759053488AC000AE0FC /* rc2Context.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = rc2Context.cpp; sourceTree = ""; }; - C284375A053488AC000AE0FC /* rc2Context.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = rc2Context.h; sourceTree = ""; }; - C284375B053488AC000AE0FC /* rc4Context.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = rc4Context.cpp; sourceTree = ""; }; - C284375C053488AC000AE0FC /* rc4Context.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = rc4Context.h; sourceTree = ""; }; - C284375D053488AC000AE0FC /* rc5Context.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = rc5Context.cpp; sourceTree = ""; }; - C284375E053488AC000AE0FC /* rc5Context.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = rc5Context.h; sourceTree = ""; }; - C284375F053488AC000AE0FC /* rijndael-alg-ref.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = "rijndael-alg-ref.c"; sourceTree = ""; }; - C2843760053488AC000AE0FC /* rijndael-alg-ref.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = "rijndael-alg-ref.h"; sourceTree = ""; }; - C2843761053488AC000AE0FC /* rijndaelApi.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = rijndaelApi.c; sourceTree = ""; }; - C2843762053488AC000AE0FC /* rijndaelApi.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = rijndaelApi.h; sourceTree = ""; }; - C2843765053488AC000AE0FC /* RSA_asymmetric.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = RSA_asymmetric.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2843766053488AC000AE0FC /* RSA_asymmetric.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = RSA_asymmetric.h; sourceTree = ""; }; - C2843767053488AC000AE0FC /* RSA_DSA_csp.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = RSA_DSA_csp.cpp; sourceTree = ""; }; - C2843768053488AC000AE0FC /* RSA_DSA_csp.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = RSA_DSA_csp.h; sourceTree = ""; }; - C2843769053488AC000AE0FC /* RSA_DSA_keys.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = RSA_DSA_keys.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C284376A053488AC000AE0FC /* RSA_DSA_keys.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = RSA_DSA_keys.h; sourceTree = ""; }; - C284376B053488AC000AE0FC /* RSA_DSA_signature.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = RSA_DSA_signature.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C284376C053488AC000AE0FC /* RSA_DSA_signature.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = RSA_DSA_signature.h; sourceTree = ""; }; - C284376D053488AC000AE0FC /* RSA_DSA_utils.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = RSA_DSA_utils.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C284376E053488AC000AE0FC /* RSA_DSA_utils.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = RSA_DSA_utils.h; sourceTree = ""; }; - C2843771053488AC000AE0FC /* SHA1_MD5_Object.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SHA1_MD5_Object.cpp; sourceTree = ""; }; - C2843772053488AC000AE0FC /* SHA1_MD5_Object.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SHA1_MD5_Object.h; sourceTree = ""; }; - C2843775053488AC000AE0FC /* SignatureContext.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SignatureContext.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2843776053488AC000AE0FC /* SignatureContext.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SignatureContext.h; sourceTree = ""; }; - C2843777053488AC000AE0FC /* vRijndael-alg-ref.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = "vRijndael-alg-ref.c"; sourceTree = ""; }; - C2843778053488AC000AE0FC /* wrapKey.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = wrapKey.cpp; sourceTree = ""; }; - C2843779053488AC000AE0FC /* wrapKeyCms.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = wrapKeyCms.cpp; sourceTree = ""; }; - C284377A053488AC000AE0FC /* YarrowConnection.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = YarrowConnection.cpp; sourceTree = ""; }; - C284377B053488AC000AE0FC /* YarrowConnection.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = YarrowConnection.h; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 05065316056A96DA008AD683 /* RSA_DSA */ = { - isa = PBXGroup; - children = ( - C2843765053488AC000AE0FC /* RSA_asymmetric.cpp */, - C284376B053488AC000AE0FC /* RSA_DSA_signature.cpp */, - C284376C053488AC000AE0FC /* RSA_DSA_signature.h */, - C284376D053488AC000AE0FC /* RSA_DSA_utils.cpp */, - C284376E053488AC000AE0FC /* RSA_DSA_utils.h */, - C2843767053488AC000AE0FC /* RSA_DSA_csp.cpp */, - C2843768053488AC000AE0FC /* RSA_DSA_csp.h */, - C2843769053488AC000AE0FC /* RSA_DSA_keys.cpp */, - C284376A053488AC000AE0FC /* RSA_DSA_keys.h */, - C2843766053488AC000AE0FC /* RSA_asymmetric.h */, - 053ABEFD0AA4C94900CA6DC3 /* opensshCoding.h */, - 053ABEFE0AA4C94900CA6DC3 /* opensshCoding.cpp */, - 053ABF600AA4F3EB00CA6DC3 /* opensshWrap.cpp */, - ); - name = RSA_DSA; - sourceTree = ""; - }; - 05065317056A96E2008AD683 /* ComCryption */ = { - isa = PBXGroup; - children = ( - C284370B053488AB000AE0FC /* ascContext.cpp */, - C284370C053488AB000AE0FC /* ascContext.h */, - C284370D053488AB000AE0FC /* ascFactory.h */, - ); - name = ComCryption; - sourceTree = ""; - }; - 05065318056A96EC008AD683 /* MiscCSPAlgs */ = { - isa = PBXGroup; - children = ( - 05065393056A9A2E008AD683 /* Digest */, - 05065394056A9AA6008AD683 /* PKCS */, - 05065392056A9A28008AD683 /* Symmetric */, - C284374B053488AB000AE0FC /* miscAlgFactory.cpp */, - C284374C053488AB000AE0FC /* miscAlgFactory.h */, - ); - name = MiscCSPAlgs; - sourceTree = ""; - }; - 05065319056A96F3008AD683 /* AES */ = { - isa = PBXGroup; - children = ( - C28436FD053488AB000AE0FC /* aesCommon.h */, - C28436FE053488AB000AE0FC /* aescsp.cpp */, - C28436FF053488AB000AE0FC /* aescspi.h */, - C2843713053488AB000AE0FC /* boxes-ref.c */, - C2843714053488AB000AE0FC /* boxes-ref.h */, - C2843740053488AB000AE0FC /* gladmanContext.cpp */, - C2843741053488AB000AE0FC /* gladmanContext.h */, - C284375F053488AC000AE0FC /* rijndael-alg-ref.c */, - C2843760053488AC000AE0FC /* rijndael-alg-ref.h */, - C2843761053488AC000AE0FC /* rijndaelApi.c */, - C2843762053488AC000AE0FC /* rijndaelApi.h */, - C2843777053488AC000AE0FC /* vRijndael-alg-ref.c */, - ); - name = AES; - sourceTree = ""; - }; - 0506531A056A96F7008AD683 /* AppleCSP */ = { - isa = PBXGroup; - children = ( - C2843701053488AB000AE0FC /* AppleCSP.cpp */, - C2843702053488AB000AE0FC /* AppleCSP.h */, - C2196B39053B5905005808D4 /* AppleCSPBuiltin.cpp */, - C2843703053488AB000AE0FC /* AppleCSPContext.cpp */, - C2843704053488AB000AE0FC /* AppleCSPContext.h */, - C2843705053488AB000AE0FC /* AppleCSPKeys.cpp */, - C2843706053488AB000AE0FC /* AppleCSPKeys.h */, - C2843707053488AB000AE0FC /* AppleCSPPlugin.cpp */, - C2843708053488AB000AE0FC /* AppleCSPSession.h */, - C2843709053488AB000AE0FC /* AppleCSPUtils.cpp */, - C284370A053488AB000AE0FC /* AppleCSPUtils.h */, - C2843710053488AB000AE0FC /* BinaryKey.h */, - C2843711053488AB000AE0FC /* BlockCryptor.cpp */, - C2843712053488AB000AE0FC /* BlockCryptor.h */, - C2843726053488AB000AE0FC /* cspdebugging.c */, - C2843727053488AB000AE0FC /* cspdebugging.h */, - C2843728053488AB000AE0FC /* cssmplugin.exp */, - C2843729053488AB000AE0FC /* deriveKey.cpp */, - C2843736053488AB000AE0FC /* DigestContext.cpp */, - C2843737053488AB000AE0FC /* DigestContext.h */, - C2843744053488AB000AE0FC /* MacContext.cpp */, - C2843745053488AB000AE0FC /* MacContext.h */, - C2843758053488AC000AE0FC /* RawSigner.h */, - C2843775053488AC000AE0FC /* SignatureContext.cpp */, - C2843776053488AC000AE0FC /* SignatureContext.h */, - C2843778053488AC000AE0FC /* wrapKey.cpp */, - C2843779053488AC000AE0FC /* wrapKeyCms.cpp */, - C284377A053488AC000AE0FC /* YarrowConnection.cpp */, - C284377B053488AC000AE0FC /* YarrowConnection.h */, - ); - name = AppleCSP; - sourceTree = ""; - }; - 0506531B056A96FC008AD683 /* BSafeCSP */ = { - isa = PBXGroup; - children = ( - C2843700053488AB000AE0FC /* algmaker.cpp */, - C2843715053488AB000AE0FC /* bsafeAsymmetric.cpp */, - C2843716053488AB000AE0FC /* bsafeContext.cpp */, - C2843717053488AB000AE0FC /* bsafecsp.h */, - C2843718053488AB000AE0FC /* bsafecspi.h */, - C2843719053488AB000AE0FC /* bsafeKeyGen.cpp */, - C284371A053488AB000AE0FC /* bsafePKCS1.cpp */, - C284371B053488AB000AE0FC /* bsafePKCS1.h */, - C284371C053488AB000AE0FC /* bsafeSymmetric.cpp */, - C284371D053488AB000AE0FC /* bsobjects.h */, - C284374A053488AB000AE0FC /* memory.cpp */, - C284374D053488AB000AE0FC /* miscalgorithms.cpp */, - ); - name = BSafeCSP; - sourceTree = ""; - }; - 0506531C056A9702008AD683 /* CryptKitCSP */ = { - isa = PBXGroup; - children = ( - C2843722053488AB000AE0FC /* cryptkitcsp.cpp */, - C2843723053488AB000AE0FC /* cryptkitcsp.h */, - C2843725053488AB000AE0FC /* CryptKitSpace.h */, - C2843738053488AB000AE0FC /* FEEAsymmetricContext.cpp */, - C2843739053488AB000AE0FC /* FEEAsymmetricContext.h */, - C284373A053488AB000AE0FC /* FEECSPUtils.cpp */, - C284373B053488AB000AE0FC /* FEECSPUtils.h */, - C284373C053488AB000AE0FC /* FEEKeys.cpp */, - C284373D053488AB000AE0FC /* FEEKeys.h */, - C284373E053488AB000AE0FC /* FEESignatureObject.cpp */, - C284373F053488AB000AE0FC /* FEESignatureObject.h */, - ); - name = CryptKitCSP; - sourceTree = ""; - }; - 0506531D056A9709008AD683 /* PBKDF2 */ = { - isa = PBXGroup; - children = ( - 05BFEE0C09E1D71800F3D7E0 /* HMACSHA1.c */, - 05BFEE0D09E1D71800F3D7E0 /* HMACSHA1.h */, - C284374F053488AC000AE0FC /* pbkdDigest.cpp */, - C2843750053488AC000AE0FC /* pbkdDigest.h */, - C2843751053488AC000AE0FC /* pbkdf2.c */, - C2843752053488AC000AE0FC /* pbkdf2.h */, - ); - name = PBKDF2; - sourceTree = ""; - }; - 0506531E056A9712008AD683 /* DiffieHellman */ = { - isa = PBXGroup; - children = ( - C284372E053488AB000AE0FC /* DH_csp.cpp */, - C284372F053488AB000AE0FC /* DH_csp.h */, - C2843730053488AB000AE0FC /* DH_exchange.cpp */, - C2843731053488AB000AE0FC /* DH_exchange.h */, - C2843732053488AB000AE0FC /* DH_keys.cpp */, - C2843733053488AB000AE0FC /* DH_keys.h */, - C2843734053488AB000AE0FC /* DH_utils.cpp */, - C2843735053488AB000AE0FC /* DH_utils.h */, - ); - name = DiffieHellman; - sourceTree = ""; - }; - 05065392056A9A28008AD683 /* Symmetric */ = { - isa = PBXGroup; - children = ( - C284370E053488AB000AE0FC /* bfContext.cpp */, - C284370F053488AB000AE0FC /* bfContext.h */, - C284371E053488AB000AE0FC /* castContext.cpp */, - C284371F053488AB000AE0FC /* castContext.h */, - C284372C053488AB000AE0FC /* desContext.cpp */, - C284372D053488AB000AE0FC /* desContext.h */, - C284374E053488AC000AE0FC /* NullCryptor.h */, - C2843759053488AC000AE0FC /* rc2Context.cpp */, - C284375A053488AC000AE0FC /* rc2Context.h */, - C284375B053488AC000AE0FC /* rc4Context.cpp */, - C284375C053488AC000AE0FC /* rc4Context.h */, - C284375D053488AC000AE0FC /* rc5Context.cpp */, - C284375E053488AC000AE0FC /* rc5Context.h */, - ); - name = Symmetric; - sourceTree = ""; - }; - 05065393056A9A2E008AD683 /* Digest */ = { - isa = PBXGroup; - children = ( - C2843746053488AB000AE0FC /* MD2Object.cpp */, - C2843747053488AB000AE0FC /* MD2Object.h */, - C2843771053488AC000AE0FC /* SHA1_MD5_Object.cpp */, - C2843772053488AC000AE0FC /* SHA1_MD5_Object.h */, - 05622BAA06CC352100784EED /* SHA2_Object.cpp */, - 05622BAB06CC352100784EED /* SHA2_Object.h */, - ); - name = Digest; - sourceTree = ""; - }; - 05065394056A9AA6008AD683 /* PKCS */ = { - isa = PBXGroup; - children = ( - C2843753053488AC000AE0FC /* pkcs12Derive.cpp */, - C2843754053488AC000AE0FC /* pkcs12Derive.h */, - C2843755053488AC000AE0FC /* pkcs8.cpp */, - C2843756053488AC000AE0FC /* pkcs8.h */, - ); - name = PKCS; - sourceTree = ""; - }; - 053910790A3771EF00B9E848 /* docs */ = { - isa = PBXGroup; - children = ( - 053910810A37725A00B9E848 /* libsecurity_apple_csp.plist */, - 053910820A37725A00B9E848 /* libsecurity_apple_csp.txt */, - ); - path = docs; - sourceTree = ""; - }; - 18446064146DE98E00B12992 /* config */ = { - isa = PBXGroup; - children = ( - 18446065146DE98E00B12992 /* base.xcconfig */, - 18446066146DE98E00B12992 /* debug.xcconfig */, - 18446067146DE98E00B12992 /* lib.xcconfig */, - 18446068146DE98E00B12992 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 18446091146DFBC800B12992 /* Products */ = { - isa = PBXGroup; - children = ( - 18446096146DFBC900B12992 /* libsecurity_cdsa_plugin.a */, - ); - name = Products; - sourceTree = ""; - }; - 4094B0DB057EA70300B44BCC /* mds */ = { - isa = PBXGroup; - children = ( - 4094B0DC057EA70300B44BCC /* csp_capabilities.mdsinfo */, - 4094B0DD057EA70300B44BCC /* csp_capabilities_common.mds */, - 4094B0DE057EA70300B44BCC /* csp_common.mdsinfo */, - 4094B0DF057EA70300B44BCC /* csp_primary.mdsinfo */, - ); - path = mds; - sourceTree = ""; - }; - 4CA1FEA7052A3C3800F22E42 = { - isa = PBXGroup; - children = ( - 18446090146DFBC800B12992 /* libsecurity_cdsa_plugin.xcodeproj */, - C28436FC053488AB000AE0FC /* lib */, - 18446064146DE98E00B12992 /* config */, - 4094B0DB057EA70300B44BCC /* mds */, - C280ADE60534BBD900F7E802 /* open_ssl */, - 053910790A3771EF00B9E848 /* docs */, - 4CA1FEBF052A3C8100F22E42 /* Products */, - ); - sourceTree = ""; - }; - 4CA1FEBF052A3C8100F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - 4CA1FEBE052A3C8100F22E42 /* libsecurity_apple_csp.a */, - ); - name = Products; - sourceTree = ""; - }; - C280ADE60534BBD900F7E802 /* open_ssl */ = { - isa = PBXGroup; - children = ( - C280ADE70534BBD900F7E802 /* bf */, - C280ADEF0534BBD900F7E802 /* bio */, - C280ADF20534BBD900F7E802 /* bn */, - C280AE100534BBD900F7E802 /* buffer */, - C280AE190534BBD900F7E802 /* cryptlib.c */, - C280AE1A0534BBD900F7E802 /* cryptlib.h */, - C280AE1B0534BBD900F7E802 /* dh */, - C280AE210534BBD900F7E802 /* dsa */, - C280AE2A0534BBD900F7E802 /* err */, - C280AE2D0534BBD900F7E802 /* ex_data.c */, - C280AE2E0534BBD900F7E802 /* lhash */, - C280AE300534BBD900F7E802 /* LICENSE */, - C280AE310534BBD900F7E802 /* mem.c */, - C280AE320534BBD900F7E802 /* misc */, - C280AE3C0534BBD900F7E802 /* openssl */, - C280AE610534BBD900F7E802 /* rsa */, - C280AE6D0534BBD900F7E802 /* stack */, - ); - path = open_ssl; - sourceTree = ""; - }; - C280ADE70534BBD900F7E802 /* bf */ = { - isa = PBXGroup; - children = ( - C280ADE80534BBD900F7E802 /* bf_ecb.c */, - C280ADE90534BBD900F7E802 /* bf_enc.c */, - C280ADEA0534BBD900F7E802 /* bf_locl.h */, - C280ADEB0534BBD900F7E802 /* bf_pi.h */, - C280ADEC0534BBD900F7E802 /* bf_skey.c */, - C280ADED0534BBD900F7E802 /* COPYRIGHT */, - C280ADEE0534BBD900F7E802 /* README */, - ); - path = bf; - sourceTree = ""; - }; - C280ADEF0534BBD900F7E802 /* bio */ = { - isa = PBXGroup; - children = ( - C280ADF00534BBD900F7E802 /* bio_lib.c */, - C280ADF10534BBD900F7E802 /* bss_file.c */, - ); - path = bio; - sourceTree = ""; - }; - C280ADF20534BBD900F7E802 /* bn */ = { - isa = PBXGroup; - children = ( - C280ADF30534BBD900F7E802 /* bn_add.c */, - C280ADF40534BBD900F7E802 /* bn_asm.c */, - C280ADF50534BBD900F7E802 /* bn_blind.c */, - C280ADF60534BBD900F7E802 /* bn_ctx.c */, - C280ADF70534BBD900F7E802 /* bn_div.c */, - C280ADF80534BBD900F7E802 /* bn_err.c */, - C280ADF90534BBD900F7E802 /* bn_exp.c */, - C280ADFA0534BBD900F7E802 /* bn_exp2.c */, - C280ADFB0534BBD900F7E802 /* bn_gcd.c */, - C280ADFC0534BBD900F7E802 /* bn_lcl.h */, - C280ADFD0534BBD900F7E802 /* bn_lib.c */, - C280ADFE0534BBD900F7E802 /* bn_mont.c */, - C280ADFF0534BBD900F7E802 /* bn_mpi.c */, - C280AE000534BBD900F7E802 /* bn_mul.c */, - C280AE010534BBD900F7E802 /* bn_prime.c */, - C280AE020534BBD900F7E802 /* bn_prime.h */, - C280AE030534BBD900F7E802 /* bn_print.c */, - C280AE040534BBD900F7E802 /* bn_rand.c */, - C280AE050534BBD900F7E802 /* bn_recp.c */, - C280AE060534BBD900F7E802 /* bn_shift.c */, - C280AE070534BBD900F7E802 /* bn_sqr.c */, - C280AE080534BBD900F7E802 /* bn_word.c */, - C280AE090534BBD900F7E802 /* bnspeed.c */, - C280AE0A0534BBD900F7E802 /* bntest.c */, - C280AE0B0534BBD900F7E802 /* divtest.c */, - C280AE0C0534BBD900F7E802 /* exp.c */, - C280AE0D0534BBD900F7E802 /* expspeed.c */, - C280AE0E0534BBD900F7E802 /* exptest.c */, - C280AE0F0534BBD900F7E802 /* vms-helper.c */, - ); - path = bn; - sourceTree = ""; - }; - C280AE100534BBD900F7E802 /* buffer */ = { - isa = PBXGroup; - children = ( - C280AE110534BBD900F7E802 /* buf_err.c */, - C280AE120534BBD900F7E802 /* buffer.c */, - ); - path = buffer; - sourceTree = ""; - }; - C280AE1B0534BBD900F7E802 /* dh */ = { - isa = PBXGroup; - children = ( - C280AE1C0534BBD900F7E802 /* dh_check.c */, - C280AE1D0534BBD900F7E802 /* dh_err.c */, - C280AE1E0534BBD900F7E802 /* dh_gen.c */, - C280AE1F0534BBD900F7E802 /* dh_key.c */, - C280AE200534BBD900F7E802 /* dh_lib.c */, - ); - path = dh; - sourceTree = ""; - }; - C280AE210534BBD900F7E802 /* dsa */ = { - isa = PBXGroup; - children = ( - C280AE220534BBD900F7E802 /* dsa_asn1.c */, - C280AE230534BBD900F7E802 /* dsa_err.c */, - C280AE240534BBD900F7E802 /* dsa_gen.c */, - C280AE250534BBD900F7E802 /* dsa_key.c */, - C280AE260534BBD900F7E802 /* dsa_lib.c */, - C280AE270534BBD900F7E802 /* dsa_ossl.c */, - C280AE280534BBD900F7E802 /* dsa_sign.c */, - C280AE290534BBD900F7E802 /* dsa_vrf.c */, - ); - path = dsa; - sourceTree = ""; - }; - C280AE2A0534BBD900F7E802 /* err */ = { - isa = PBXGroup; - children = ( - C280AE2B0534BBD900F7E802 /* err.c */, - C280AE2C0534BBD900F7E802 /* err_prn.c */, - ); - path = err; - sourceTree = ""; - }; - C280AE2E0534BBD900F7E802 /* lhash */ = { - isa = PBXGroup; - children = ( - C280AE2F0534BBD900F7E802 /* lhash.c */, - ); - path = lhash; - sourceTree = ""; - }; - C280AE320534BBD900F7E802 /* misc */ = { - isa = PBXGroup; - children = ( - C280AE340534BBD900F7E802 /* rc2_cbc.c */, - C280AE350534BBD900F7E802 /* rc2_locl.h */, - C280AE360534BBD900F7E802 /* rc2_skey.c */, - C280AE390534BBD900F7E802 /* rc5_enc.c */, - C280AE3A0534BBD900F7E802 /* rc5_locl.h */, - C280AE3B0534BBD900F7E802 /* rc5_skey.c */, - ); - path = misc; - sourceTree = ""; - }; - C280AE3C0534BBD900F7E802 /* openssl */ = { - isa = PBXGroup; - children = ( - C280AE3D0534BBD900F7E802 /* asn1.h */, - C280AE3E0534BBD900F7E802 /* bio.h */, - C280AE3F0534BBD900F7E802 /* blowfish.h */, - C280AE400534BBD900F7E802 /* bn.h */, - C280AE410534BBD900F7E802 /* buffer.h */, - C280AE420534BBD900F7E802 /* cast.h */, - C280AE430534BBD900F7E802 /* crypto.h */, - C280AE440534BBD900F7E802 /* dh.h */, - C280AE450534BBD900F7E802 /* dsa.h */, - C280AE460534BBD900F7E802 /* e_os.h */, - C280AE470534BBD900F7E802 /* e_os2.h */, - C280AE480534BBD900F7E802 /* err.h */, - C280AE490534BBD900F7E802 /* evp.h */, - C280AE4A0534BBD900F7E802 /* lhash.h */, - C280AE4C0534BBD900F7E802 /* objects.h */, - C280AE4D0534BBD900F7E802 /* openssl_pkcs7.h */, - C280AE4E0534BBD900F7E802 /* opensslconf.h */, - C280AE4F0534BBD900F7E802 /* opensslv.h */, - C280AE500534BBD900F7E802 /* rand.h */, - C280AE510534BBD900F7E802 /* rc2.h */, - C280AE530534BBD900F7E802 /* rc5.h */, - C280AE540534BBD900F7E802 /* rsa.h */, - C280AE550534BBD900F7E802 /* safestack.h */, - C280AE570534BBD900F7E802 /* stack.h */, - C280AE580534BBD900F7E802 /* x509.h */, - C280AE590534BBD900F7E802 /* x509_vfy.h */, - ); - path = openssl; - sourceTree = ""; - }; - C280AE5A0534BBD900F7E802 /* opensslUtils */ = { - isa = PBXGroup; - children = ( - C280AE5B0534BBD900F7E802 /* opensslAsn1.cpp */, - C280AE5C0534BBD900F7E802 /* opensslAsn1.h */, - C280AE5D0534BBD900F7E802 /* opensslUtils.cpp */, - C280AE5E0534BBD900F7E802 /* opensslUtils.h */, - ); - name = opensslUtils; - path = open_ssl/opensslUtils; - sourceTree = SOURCE_ROOT; - }; - C280AE610534BBD900F7E802 /* rsa */ = { - isa = PBXGroup; - children = ( - C280AE620534BBD900F7E802 /* rsa_chk.c */, - C280AE630534BBD900F7E802 /* rsa_eay.c */, - C280AE640534BBD900F7E802 /* rsa_err.c */, - C280AE650534BBD900F7E802 /* rsa_gen.c */, - C280AE660534BBD900F7E802 /* rsa_lib.c */, - C280AE670534BBD900F7E802 /* rsa_none.c */, - C280AE680534BBD900F7E802 /* rsa_null.c */, - C280AE690534BBD900F7E802 /* rsa_pk1.c */, - C280AE6A0534BBD900F7E802 /* rsa_saos.c */, - C280AE6B0534BBD900F7E802 /* rsa_sign.c */, - C280AE6C0534BBD900F7E802 /* rsa_ssl.c */, - ); - path = rsa; - sourceTree = ""; - }; - C280AE6D0534BBD900F7E802 /* stack */ = { - isa = PBXGroup; - children = ( - C280AE6E0534BBD900F7E802 /* stack.c */, - ); - path = stack; - sourceTree = ""; - }; - C28436FC053488AB000AE0FC /* lib */ = { - isa = PBXGroup; - children = ( - 05065319056A96F3008AD683 /* AES */, - 0506531A056A96F7008AD683 /* AppleCSP */, - 0506531B056A96FC008AD683 /* BSafeCSP */, - 05065317056A96E2008AD683 /* ComCryption */, - 0506531C056A9702008AD683 /* CryptKitCSP */, - 0506531E056A9712008AD683 /* DiffieHellman */, - 0506531D056A9709008AD683 /* PBKDF2 */, - 05065318056A96EC008AD683 /* MiscCSPAlgs */, - 05065316056A96DA008AD683 /* RSA_DSA */, - C280AE5A0534BBD900F7E802 /* opensslUtils */, - ); - path = lib; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 4CA1FEB9052A3C8100F22E42 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - C284377C053488AC000AE0FC /* aesCommon.h in Headers */, - C284377E053488AC000AE0FC /* aescspi.h in Headers */, - C2843781053488AC000AE0FC /* AppleCSP.h in Headers */, - C2843783053488AC000AE0FC /* AppleCSPContext.h in Headers */, - C2843785053488AC000AE0FC /* AppleCSPKeys.h in Headers */, - C2843787053488AC000AE0FC /* AppleCSPSession.h in Headers */, - C2843789053488AC000AE0FC /* AppleCSPUtils.h in Headers */, - C284378B053488AC000AE0FC /* ascContext.h in Headers */, - C284378C053488AC000AE0FC /* ascFactory.h in Headers */, - C284378E053488AC000AE0FC /* bfContext.h in Headers */, - C284378F053488AC000AE0FC /* BinaryKey.h in Headers */, - C2843791053488AC000AE0FC /* BlockCryptor.h in Headers */, - C2843793053488AC000AE0FC /* boxes-ref.h in Headers */, - C2843796053488AC000AE0FC /* bsafecsp.h in Headers */, - C2843797053488AC000AE0FC /* bsafecspi.h in Headers */, - C284379A053488AC000AE0FC /* bsafePKCS1.h in Headers */, - C284379C053488AC000AE0FC /* bsobjects.h in Headers */, - C284379E053488AC000AE0FC /* castContext.h in Headers */, - C28437A2053488AC000AE0FC /* cryptkitcsp.h in Headers */, - C28437A4053488AC000AE0FC /* CryptKitSpace.h in Headers */, - C28437A6053488AC000AE0FC /* cspdebugging.h in Headers */, - C28437AC053488AC000AE0FC /* desContext.h in Headers */, - C28437AE053488AC000AE0FC /* DH_csp.h in Headers */, - C28437B0053488AC000AE0FC /* DH_exchange.h in Headers */, - C28437B2053488AC000AE0FC /* DH_keys.h in Headers */, - C28437B4053488AC000AE0FC /* DH_utils.h in Headers */, - C28437B6053488AC000AE0FC /* DigestContext.h in Headers */, - C28437B8053488AC000AE0FC /* FEEAsymmetricContext.h in Headers */, - C28437BA053488AC000AE0FC /* FEECSPUtils.h in Headers */, - C28437BC053488AC000AE0FC /* FEEKeys.h in Headers */, - C28437BE053488AC000AE0FC /* FEESignatureObject.h in Headers */, - C28437C0053488AC000AE0FC /* gladmanContext.h in Headers */, - C28437C4053488AC000AE0FC /* MacContext.h in Headers */, - C28437C6053488AC000AE0FC /* MD2Object.h in Headers */, - C28437CB053488AC000AE0FC /* miscAlgFactory.h in Headers */, - C28437CD053488AC000AE0FC /* NullCryptor.h in Headers */, - C28437CF053488AC000AE0FC /* pbkdDigest.h in Headers */, - C28437D1053488AC000AE0FC /* pbkdf2.h in Headers */, - C28437D3053488AC000AE0FC /* pkcs12Derive.h in Headers */, - C28437D5053488AC000AE0FC /* pkcs8.h in Headers */, - C28437D7053488AC000AE0FC /* RawSigner.h in Headers */, - C28437D9053488AC000AE0FC /* rc2Context.h in Headers */, - C28437DB053488AC000AE0FC /* rc4Context.h in Headers */, - C28437DD053488AC000AE0FC /* rc5Context.h in Headers */, - C28437DF053488AC000AE0FC /* rijndael-alg-ref.h in Headers */, - C28437E1053488AC000AE0FC /* rijndaelApi.h in Headers */, - C28437E5053488AC000AE0FC /* RSA_asymmetric.h in Headers */, - C28437E7053488AC000AE0FC /* RSA_DSA_csp.h in Headers */, - C28437E9053488AC000AE0FC /* RSA_DSA_keys.h in Headers */, - C28437EB053488AC000AE0FC /* RSA_DSA_signature.h in Headers */, - C28437ED053488AC000AE0FC /* RSA_DSA_utils.h in Headers */, - C28437F1053488AC000AE0FC /* SHA1_MD5_Object.h in Headers */, - C28437F5053488AC000AE0FC /* SignatureContext.h in Headers */, - C28437FA053488AC000AE0FC /* YarrowConnection.h in Headers */, - C280AE710534BBD900F7E802 /* bf_locl.h in Headers */, - C280AE720534BBD900F7E802 /* bf_pi.h in Headers */, - C280AE7F0534BBD900F7E802 /* bn_lcl.h in Headers */, - C280AE850534BBD900F7E802 /* bn_prime.h in Headers */, - C280AE9B0534BBD900F7E802 /* cryptlib.h in Headers */, - C280AEB00534BBD900F7E802 /* rc2_locl.h in Headers */, - C280AEB50534BBD900F7E802 /* rc5_locl.h in Headers */, - C280AEB70534BBD900F7E802 /* asn1.h in Headers */, - C280AEB80534BBD900F7E802 /* bio.h in Headers */, - C280AEB90534BBD900F7E802 /* blowfish.h in Headers */, - C280AEBA0534BBD900F7E802 /* bn.h in Headers */, - C280AEBB0534BBD900F7E802 /* buffer.h in Headers */, - C280AEBC0534BBD900F7E802 /* cast.h in Headers */, - C280AEBD0534BBD900F7E802 /* crypto.h in Headers */, - C280AEBE0534BBD900F7E802 /* dh.h in Headers */, - C280AEBF0534BBD900F7E802 /* dsa.h in Headers */, - C280AEC00534BBD900F7E802 /* e_os.h in Headers */, - C280AEC10534BBD900F7E802 /* e_os2.h in Headers */, - C280AEC20534BBD900F7E802 /* err.h in Headers */, - C280AEC30534BBD900F7E802 /* evp.h in Headers */, - C280AEC40534BBD900F7E802 /* lhash.h in Headers */, - C280AEC60534BBD900F7E802 /* objects.h in Headers */, - C280AEC70534BBD900F7E802 /* openssl_pkcs7.h in Headers */, - C280AEC80534BBD900F7E802 /* opensslconf.h in Headers */, - C280AEC90534BBD900F7E802 /* opensslv.h in Headers */, - C280AECA0534BBD900F7E802 /* rand.h in Headers */, - C280AECB0534BBD900F7E802 /* rc2.h in Headers */, - C280AECD0534BBD900F7E802 /* rc5.h in Headers */, - C280AECE0534BBD900F7E802 /* rsa.h in Headers */, - C280AECF0534BBD900F7E802 /* safestack.h in Headers */, - C280AED10534BBD900F7E802 /* stack.h in Headers */, - C280AED20534BBD900F7E802 /* x509.h in Headers */, - C280AED30534BBD900F7E802 /* x509_vfy.h in Headers */, - C280AED50534BBD900F7E802 /* opensslAsn1.h in Headers */, - C280AED70534BBD900F7E802 /* opensslUtils.h in Headers */, - 05622BAD06CC352100784EED /* SHA2_Object.h in Headers */, - 05BFEE0F09E1D71800F3D7E0 /* HMACSHA1.h in Headers */, - 053ABEFF0AA4C94900CA6DC3 /* opensshCoding.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 4CA1FEBD052A3C8100F22E42 /* libsecurity_apple_csp */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD2500987FCDC001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_apple_csp" */; - buildPhases = ( - 4CA1FEB9052A3C8100F22E42 /* Headers */, - 4CA1FEBA052A3C8100F22E42 /* Sources */, - 4CA1FEBB052A3C8100F22E42 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - 053910800A37724600B9E848 /* PBXTargetDependency */, - ); - name = libsecurity_apple_csp; - productInstallPath = /usr/local/lib; - productName = libsecurity_apple_csp; - productReference = 4CA1FEBE052A3C8100F22E42 /* libsecurity_apple_csp.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEAB052A3C3800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD2550987FCDC001272E0 /* Build configuration list for PBXProject "libsecurity_apple_csp" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - en, - ); - mainGroup = 4CA1FEA7052A3C3800F22E42; - productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 18446091146DFBC800B12992 /* Products */; - ProjectRef = 18446090146DFBC800B12992 /* libsecurity_cdsa_plugin.xcodeproj */; - }, - ); - projectRoot = ""; - targets = ( - 4CA1FEBD052A3C8100F22E42 /* libsecurity_apple_csp */, - 0539107D0A37721E00B9E848 /* Copy Open Source Docs */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 18446096146DFBC900B12992 /* libsecurity_cdsa_plugin.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_cdsa_plugin.a; - remoteRef = 18446095146DFBC900B12992 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; -/* End PBXReferenceProxy section */ - -/* Begin PBXSourcesBuildPhase section */ - 4CA1FEBA052A3C8100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - C284377D053488AC000AE0FC /* aescsp.cpp in Sources */, - C284377F053488AC000AE0FC /* algmaker.cpp in Sources */, - C2843780053488AC000AE0FC /* AppleCSP.cpp in Sources */, - C2843782053488AC000AE0FC /* AppleCSPContext.cpp in Sources */, - C2843784053488AC000AE0FC /* AppleCSPKeys.cpp in Sources */, - C2843788053488AC000AE0FC /* AppleCSPUtils.cpp in Sources */, - C284378A053488AC000AE0FC /* ascContext.cpp in Sources */, - C284378D053488AC000AE0FC /* bfContext.cpp in Sources */, - C2843790053488AC000AE0FC /* BlockCryptor.cpp in Sources */, - C2843792053488AC000AE0FC /* boxes-ref.c in Sources */, - C2843794053488AC000AE0FC /* bsafeAsymmetric.cpp in Sources */, - C2843795053488AC000AE0FC /* bsafeContext.cpp in Sources */, - C2843798053488AC000AE0FC /* bsafeKeyGen.cpp in Sources */, - C2843799053488AC000AE0FC /* bsafePKCS1.cpp in Sources */, - C284379B053488AC000AE0FC /* bsafeSymmetric.cpp in Sources */, - C284379D053488AC000AE0FC /* castContext.cpp in Sources */, - C28437A1053488AC000AE0FC /* cryptkitcsp.cpp in Sources */, - C28437A5053488AC000AE0FC /* cspdebugging.c in Sources */, - C28437A8053488AC000AE0FC /* deriveKey.cpp in Sources */, - C28437AB053488AC000AE0FC /* desContext.cpp in Sources */, - C28437AD053488AC000AE0FC /* DH_csp.cpp in Sources */, - C28437AF053488AC000AE0FC /* DH_exchange.cpp in Sources */, - C28437B1053488AC000AE0FC /* DH_keys.cpp in Sources */, - C28437B3053488AC000AE0FC /* DH_utils.cpp in Sources */, - C28437B5053488AC000AE0FC /* DigestContext.cpp in Sources */, - C28437B7053488AC000AE0FC /* FEEAsymmetricContext.cpp in Sources */, - C28437B9053488AC000AE0FC /* FEECSPUtils.cpp in Sources */, - C28437BB053488AC000AE0FC /* FEEKeys.cpp in Sources */, - C28437BD053488AC000AE0FC /* FEESignatureObject.cpp in Sources */, - C28437BF053488AC000AE0FC /* gladmanContext.cpp in Sources */, - C28437C3053488AC000AE0FC /* MacContext.cpp in Sources */, - C28437C5053488AC000AE0FC /* MD2Object.cpp in Sources */, - C28437C9053488AC000AE0FC /* memory.cpp in Sources */, - C28437CA053488AC000AE0FC /* miscAlgFactory.cpp in Sources */, - C28437CC053488AC000AE0FC /* miscalgorithms.cpp in Sources */, - C28437CE053488AC000AE0FC /* pbkdDigest.cpp in Sources */, - C28437D0053488AC000AE0FC /* pbkdf2.c in Sources */, - C28437D2053488AC000AE0FC /* pkcs12Derive.cpp in Sources */, - C28437D4053488AC000AE0FC /* pkcs8.cpp in Sources */, - C28437D8053488AC000AE0FC /* rc2Context.cpp in Sources */, - C28437DA053488AC000AE0FC /* rc4Context.cpp in Sources */, - C28437DC053488AC000AE0FC /* rc5Context.cpp in Sources */, - C28437DE053488AC000AE0FC /* rijndael-alg-ref.c in Sources */, - C28437E0053488AC000AE0FC /* rijndaelApi.c in Sources */, - C28437E4053488AC000AE0FC /* RSA_asymmetric.cpp in Sources */, - C28437E6053488AC000AE0FC /* RSA_DSA_csp.cpp in Sources */, - C28437E8053488AC000AE0FC /* RSA_DSA_keys.cpp in Sources */, - C28437EA053488AC000AE0FC /* RSA_DSA_signature.cpp in Sources */, - C28437EC053488AC000AE0FC /* RSA_DSA_utils.cpp in Sources */, - C28437F0053488AC000AE0FC /* SHA1_MD5_Object.cpp in Sources */, - C28437F4053488AC000AE0FC /* SignatureContext.cpp in Sources */, - C28437F6053488AC000AE0FC /* vRijndael-alg-ref.c in Sources */, - C28437F7053488AC000AE0FC /* wrapKey.cpp in Sources */, - C28437F8053488AC000AE0FC /* wrapKeyCms.cpp in Sources */, - C28437F9053488AC000AE0FC /* YarrowConnection.cpp in Sources */, - C280AE6F0534BBD900F7E802 /* bf_ecb.c in Sources */, - C280AE700534BBD900F7E802 /* bf_enc.c in Sources */, - C280AE730534BBD900F7E802 /* bf_skey.c in Sources */, - C280AE740534BBD900F7E802 /* bio_lib.c in Sources */, - C280AE750534BBD900F7E802 /* bss_file.c in Sources */, - C280AE760534BBD900F7E802 /* bn_add.c in Sources */, - C280AE770534BBD900F7E802 /* bn_asm.c in Sources */, - C280AE780534BBD900F7E802 /* bn_blind.c in Sources */, - C280AE790534BBD900F7E802 /* bn_ctx.c in Sources */, - C280AE7A0534BBD900F7E802 /* bn_div.c in Sources */, - C280AE7B0534BBD900F7E802 /* bn_err.c in Sources */, - C280AE7C0534BBD900F7E802 /* bn_exp.c in Sources */, - C280AE7D0534BBD900F7E802 /* bn_exp2.c in Sources */, - C280AE7E0534BBD900F7E802 /* bn_gcd.c in Sources */, - C280AE800534BBD900F7E802 /* bn_lib.c in Sources */, - C280AE810534BBD900F7E802 /* bn_mont.c in Sources */, - C280AE820534BBD900F7E802 /* bn_mpi.c in Sources */, - C280AE830534BBD900F7E802 /* bn_mul.c in Sources */, - C280AE840534BBD900F7E802 /* bn_prime.c in Sources */, - C280AE860534BBD900F7E802 /* bn_print.c in Sources */, - C280AE870534BBD900F7E802 /* bn_rand.c in Sources */, - C280AE880534BBD900F7E802 /* bn_recp.c in Sources */, - C280AE890534BBD900F7E802 /* bn_shift.c in Sources */, - C280AE8A0534BBD900F7E802 /* bn_sqr.c in Sources */, - C280AE8B0534BBD900F7E802 /* bn_word.c in Sources */, - C280AE930534BBD900F7E802 /* buf_err.c in Sources */, - C280AE940534BBD900F7E802 /* buffer.c in Sources */, - C280AE9A0534BBD900F7E802 /* cryptlib.c in Sources */, - C280AE9C0534BBD900F7E802 /* dh_check.c in Sources */, - C280AE9D0534BBD900F7E802 /* dh_err.c in Sources */, - C280AE9E0534BBD900F7E802 /* dh_gen.c in Sources */, - C280AE9F0534BBD900F7E802 /* dh_key.c in Sources */, - C280AEA00534BBD900F7E802 /* dh_lib.c in Sources */, - C280AEA10534BBD900F7E802 /* dsa_asn1.c in Sources */, - C280AEA20534BBD900F7E802 /* dsa_err.c in Sources */, - C280AEA30534BBD900F7E802 /* dsa_gen.c in Sources */, - C280AEA40534BBD900F7E802 /* dsa_key.c in Sources */, - C280AEA50534BBD900F7E802 /* dsa_lib.c in Sources */, - C280AEA60534BBD900F7E802 /* dsa_ossl.c in Sources */, - C280AEA70534BBD900F7E802 /* dsa_sign.c in Sources */, - C280AEA80534BBD900F7E802 /* dsa_vrf.c in Sources */, - C280AEA90534BBD900F7E802 /* err.c in Sources */, - C280AEAA0534BBD900F7E802 /* err_prn.c in Sources */, - C280AEAB0534BBD900F7E802 /* ex_data.c in Sources */, - C280AEAC0534BBD900F7E802 /* lhash.c in Sources */, - C280AEAD0534BBD900F7E802 /* mem.c in Sources */, - C280AEAF0534BBD900F7E802 /* rc2_cbc.c in Sources */, - C280AEB10534BBD900F7E802 /* rc2_skey.c in Sources */, - C280AEB40534BBD900F7E802 /* rc5_enc.c in Sources */, - C280AEB60534BBD900F7E802 /* rc5_skey.c in Sources */, - C280AED40534BBD900F7E802 /* opensslAsn1.cpp in Sources */, - C280AED60534BBD900F7E802 /* opensslUtils.cpp in Sources */, - C280AEDA0534BBD900F7E802 /* rsa_chk.c in Sources */, - C280AEDB0534BBD900F7E802 /* rsa_eay.c in Sources */, - C280AEDC0534BBD900F7E802 /* rsa_err.c in Sources */, - C280AEDD0534BBD900F7E802 /* rsa_gen.c in Sources */, - C280AEDE0534BBD900F7E802 /* rsa_lib.c in Sources */, - C280AEDF0534BBD900F7E802 /* rsa_none.c in Sources */, - C280AEE00534BBD900F7E802 /* rsa_null.c in Sources */, - C280AEE10534BBD900F7E802 /* rsa_pk1.c in Sources */, - C280AEE20534BBD900F7E802 /* rsa_saos.c in Sources */, - C280AEE30534BBD900F7E802 /* rsa_sign.c in Sources */, - C280AEE40534BBD900F7E802 /* rsa_ssl.c in Sources */, - C280AEE50534BBD900F7E802 /* stack.c in Sources */, - C2196B3A053B5905005808D4 /* AppleCSPBuiltin.cpp in Sources */, - 05622BAC06CC352100784EED /* SHA2_Object.cpp in Sources */, - 05BFEE0E09E1D71800F3D7E0 /* HMACSHA1.c in Sources */, - 053ABF000AA4C94900CA6DC3 /* opensshCoding.cpp in Sources */, - 053ABF620AA4F3EB00CA6DC3 /* opensshWrap.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - 053910800A37724600B9E848 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 0539107D0A37721E00B9E848 /* Copy Open Source Docs */; - targetProxy = 0539107F0A37724600B9E848 /* PBXContainerItemProxy */; - }; -/* End PBXTargetDependency section */ - -/* Begin XCBuildConfiguration section */ - 053910870A37725A00B9E848 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Debug; - }; - 0539108A0A37725A00B9E848 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Release; - }; - C27AD2510987FCDC001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18446066146DE98E00B12992 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(PROJECT_DIR)/open_ssl", - ); - OTHER_CFLAGS = ( - "$(inherited)", - "-DALLOW_ZERO_PASSWORD", - "-DCRYPTKIT_CSP_ENABLE", - "-DASC_CSP_ENABLE", - "-DCK_SECURITY_BUILD", - ); - WARNING_CFLAGS = ( - "$(inherited)", - "-Wno-error=overloaded-virtual", - ); - }; - name = Debug; - }; - C27AD2540987FCDC001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18446068146DE98E00B12992 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(PROJECT_DIR)/open_ssl", - ); - OTHER_CFLAGS = ( - "$(inherited)", - "-DALLOW_ZERO_PASSWORD", - "-DCRYPTKIT_CSP_ENABLE", - "-DASC_CSP_ENABLE", - "-DCK_SECURITY_BUILD", - ); - WARNING_CFLAGS = ( - "$(inherited)", - "-Wno-error=overloaded-virtual", - ); - }; - name = Release; - }; - C27AD2560987FCDC001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18446067146DE98E00B12992 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD2590987FCDC001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18446067146DE98E00B12992 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - 053910860A37725A00B9E848 /* Build configuration list for PBXAggregateTarget "Copy Open Source Docs" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 053910870A37725A00B9E848 /* Debug */, - 0539108A0A37725A00B9E848 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD2500987FCDC001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_apple_csp" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD2510987FCDC001272E0 /* Debug */, - C27AD2540987FCDC001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD2550987FCDC001272E0 /* Build configuration list for PBXProject "libsecurity_apple_csp" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD2560987FCDC001272E0 /* Debug */, - C27AD2590987FCDC001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; -} diff --git a/OSX/libsecurity_apple_csp/open_ssl/bf/bf_ecb.c b/OSX/libsecurity_apple_csp/open_ssl/bf/bf_ecb.c index 34199163..e36f3342 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/bf/bf_ecb.c +++ b/OSX/libsecurity_apple_csp/open_ssl/bf/bf_ecb.c @@ -56,9 +56,9 @@ * [including the GNU Public Licence.] */ -#include +#include #include "bf_locl.h" -#include +#include /* Blowfish as implemented from 'Blowfish: Springer-Verlag paper' * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, diff --git a/OSX/libsecurity_apple_csp/open_ssl/bf/bf_enc.c b/OSX/libsecurity_apple_csp/open_ssl/bf/bf_enc.c index b380acf9..2bf927ba 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/bf/bf_enc.c +++ b/OSX/libsecurity_apple_csp/open_ssl/bf/bf_enc.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -#include +#include #include "bf_locl.h" /* Blowfish as implemented from 'Blowfish: Springer-Verlag paper' diff --git a/OSX/libsecurity_apple_csp/open_ssl/bf/bf_locl.h b/OSX/libsecurity_apple_csp/open_ssl/bf/bf_locl.h index 40b982ed..0ed93bde 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/bf/bf_locl.h +++ b/OSX/libsecurity_apple_csp/open_ssl/bf/bf_locl.h @@ -58,7 +58,7 @@ #ifndef HEADER_BF_LOCL_H #define HEADER_BF_LOCL_H -#include /* BF_PTR, BF_PTR2 */ +#include /* BF_PTR, BF_PTR2 */ #undef c2l #define c2l(c,l) (l =(((BF_LONG))(*((c)++))) , \ diff --git a/OSX/libsecurity_apple_csp/open_ssl/bf/bf_skey.c b/OSX/libsecurity_apple_csp/open_ssl/bf/bf_skey.c index 4d6a232f..26a6b630 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/bf/bf_skey.c +++ b/OSX/libsecurity_apple_csp/open_ssl/bf/bf_skey.c @@ -58,7 +58,7 @@ #include #include -#include +#include #include "bf_locl.h" #include "bf_pi.h" diff --git a/OSX/libsecurity_apple_csp/open_ssl/bio/bio_lib.c b/OSX/libsecurity_apple_csp/open_ssl/bio/bio_lib.c index dac3c3fc..515f6328 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/bio/bio_lib.c +++ b/OSX/libsecurity_apple_csp/open_ssl/bio/bio_lib.c @@ -76,10 +76,10 @@ #include #include -#include +#include #include "cryptlib.h" -#include -#include +#include +#include static STACK_OF(CRYPTO_EX_DATA_FUNCS) *bio_meth=NULL; static int bio_meth_num=0; diff --git a/OSX/libsecurity_apple_csp/open_ssl/bio/bss_file.c b/OSX/libsecurity_apple_csp/open_ssl/bio/bss_file.c index b74e618f..ff8c200c 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/bio/bss_file.c +++ b/OSX/libsecurity_apple_csp/open_ssl/bio/bss_file.c @@ -86,8 +86,8 @@ #include #include #include "cryptlib.h" -#include -#include +#include +#include #if !defined(NO_STDIO) diff --git a/OSX/libsecurity_apple_csp/open_ssl/bn/bn_ctx.c b/OSX/libsecurity_apple_csp/open_ssl/bn/bn_ctx.c index 76c6c0bc..c896a752 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/bn/bn_ctx.c +++ b/OSX/libsecurity_apple_csp/open_ssl/bn/bn_ctx.c @@ -80,7 +80,7 @@ #include #include #include "cryptlib.h" -#include +#include BN_CTX *BN_CTX_new(void) diff --git a/OSX/libsecurity_apple_csp/open_ssl/bn/bn_div.c b/OSX/libsecurity_apple_csp/open_ssl/bn/bn_div.c index 05c700ee..8cee2aba 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/bn/bn_div.c +++ b/OSX/libsecurity_apple_csp/open_ssl/bn/bn_div.c @@ -75,7 +75,7 @@ */ #include -#include +#include #include "cryptlib.h" #include "bn_lcl.h" diff --git a/OSX/libsecurity_apple_csp/open_ssl/bn/bn_err.c b/OSX/libsecurity_apple_csp/open_ssl/bn/bn_err.c index f547d25e..16f807e7 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/bn/bn_err.c +++ b/OSX/libsecurity_apple_csp/open_ssl/bn/bn_err.c @@ -77,8 +77,8 @@ */ #include -#include -#include +#include +#include /* BEGIN ERROR CODES */ #ifndef NO_ERR diff --git a/OSX/libsecurity_apple_csp/open_ssl/bn/bn_lcl.h b/OSX/libsecurity_apple_csp/open_ssl/bn/bn_lcl.h index 9c959921..af312c7f 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/bn/bn_lcl.h +++ b/OSX/libsecurity_apple_csp/open_ssl/bn/bn_lcl.h @@ -112,7 +112,7 @@ #ifndef HEADER_BN_LCL_H #define HEADER_BN_LCL_H -#include +#include #ifdef __cplusplus extern "C" { diff --git a/OSX/libsecurity_apple_csp/open_ssl/bn/bn_print.c b/OSX/libsecurity_apple_csp/open_ssl/bn/bn_print.c index 08949623..832337f6 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/bn/bn_print.c +++ b/OSX/libsecurity_apple_csp/open_ssl/bn/bn_print.c @@ -77,7 +77,7 @@ #include #include #include "cryptlib.h" -#include +#include #include "bn_lcl.h" static const char *Hex="0123456789ABCDEF"; diff --git a/OSX/libsecurity_apple_csp/open_ssl/bn/bnspeed.c b/OSX/libsecurity_apple_csp/open_ssl/bn/bnspeed.c index cc085c39..4004a899 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/bn/bnspeed.c +++ b/OSX/libsecurity_apple_csp/open_ssl/bn/bnspeed.c @@ -86,8 +86,8 @@ #include #include #include -#include -#include +#include +#include #if !defined(MSDOS) && (!defined(VMS) || defined(__DECC)) #define TIMES @@ -119,8 +119,8 @@ #include #endif -#include -#include +#include +#include /* The following if from times(3) man page. It may need to be changed */ #ifndef HZ diff --git a/OSX/libsecurity_apple_csp/open_ssl/bn/bntest.c b/OSX/libsecurity_apple_csp/open_ssl/bn/bntest.c index f358d657..6720f310 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/bn/bntest.c +++ b/OSX/libsecurity_apple_csp/open_ssl/bn/bntest.c @@ -80,11 +80,11 @@ #include "openssl/e_os.h" -#include -#include +#include +#include #include -#include -#include +#include +#include #ifdef WINDOWS #include "../bio/bss_file.c" diff --git a/OSX/libsecurity_apple_csp/open_ssl/bn/divtest.c b/OSX/libsecurity_apple_csp/open_ssl/bn/divtest.c index 3532ae21..9f06e2f0 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/bn/divtest.c +++ b/OSX/libsecurity_apple_csp/open_ssl/bn/divtest.c @@ -16,7 +16,7 @@ */ -#include +#include #include static int rand(n) diff --git a/OSX/libsecurity_apple_csp/open_ssl/bn/expspeed.c b/OSX/libsecurity_apple_csp/open_ssl/bn/expspeed.c index abef0fb7..1c80cff8 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/bn/expspeed.c +++ b/OSX/libsecurity_apple_csp/open_ssl/bn/expspeed.c @@ -86,8 +86,8 @@ #include #include #include -#include -#include +#include +#include #if !defined(MSDOS) && (!defined(VMS) || defined(__DECC)) #define TIMES @@ -119,8 +119,8 @@ #include #endif -#include -#include +#include +#include /* The following if from times(3) man page. It may need to be changed */ #ifndef HZ diff --git a/OSX/libsecurity_apple_csp/open_ssl/bn/exptest.c b/OSX/libsecurity_apple_csp/open_ssl/bn/exptest.c index 2255397d..935a95ca 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/bn/exptest.c +++ b/OSX/libsecurity_apple_csp/open_ssl/bn/exptest.c @@ -77,10 +77,10 @@ #include #include #include -#include -#include +#include +#include #include -#include +#include #ifdef WINDOWS #include "../bio/bss_file.c" #endif diff --git a/OSX/libsecurity_apple_csp/open_ssl/buffer/buf_err.c b/OSX/libsecurity_apple_csp/open_ssl/buffer/buf_err.c index 38c5c9c6..15f3431b 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/buffer/buf_err.c +++ b/OSX/libsecurity_apple_csp/open_ssl/buffer/buf_err.c @@ -77,8 +77,8 @@ */ #include -#include -#include +#include +#include /* BEGIN ERROR CODES */ #ifndef NO_ERR diff --git a/OSX/libsecurity_apple_csp/open_ssl/buffer/buffer.c b/OSX/libsecurity_apple_csp/open_ssl/buffer/buffer.c index 37a4c33a..5cc30eb7 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/buffer/buffer.c +++ b/OSX/libsecurity_apple_csp/open_ssl/buffer/buffer.c @@ -76,7 +76,7 @@ #include #include "cryptlib.h" -#include +#include BUF_MEM *BUF_MEM_new(void) { diff --git a/OSX/libsecurity_apple_csp/open_ssl/cryptlib.c b/OSX/libsecurity_apple_csp/open_ssl/cryptlib.c index ddadde1b..1aa9acf2 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/cryptlib.c +++ b/OSX/libsecurity_apple_csp/open_ssl/cryptlib.c @@ -77,13 +77,13 @@ #include #include #include "cryptlib.h" -#include +#include #if defined(WIN32) || defined(WIN16) static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ #endif -/* real #defines in crypto.h, keep these upto date */ +/* real #defines in crypto_legacy.h, keep these upto date */ #if defined(LOCK_DEBUG) static const char* const lock_names[CRYPTO_NUM_LOCKS] = { @@ -114,7 +114,7 @@ static const char* const lock_names[CRYPTO_NUM_LOCKS] = "dh", "debug_malloc2", #if CRYPTO_NUM_LOCKS != 26 -# error "Inconsistency between crypto.h and cryptlib.c" +# error "Inconsistency between crypto_legacy.h and cryptlib.c" #endif }; #endif /*LOCK_DEBUG*/ diff --git a/OSX/libsecurity_apple_csp/open_ssl/cryptlib.h b/OSX/libsecurity_apple_csp/open_ssl/cryptlib.h index c4d8d2f2..e6e7bc0b 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/cryptlib.h +++ b/OSX/libsecurity_apple_csp/open_ssl/cryptlib.h @@ -86,11 +86,11 @@ extern "C" { #include "openssl/e_os.h" -#include -#include -#include -#include -#include +#include +#include +#include +#include +#include #ifndef VMS #define X509_CERT_AREA OPENSSLDIR diff --git a/OSX/libsecurity_apple_csp/open_ssl/dh/dh_check.c b/OSX/libsecurity_apple_csp/open_ssl/dh/dh_check.c index 7ce1d167..659c94f6 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/dh/dh_check.c +++ b/OSX/libsecurity_apple_csp/open_ssl/dh/dh_check.c @@ -75,8 +75,8 @@ #include #include "cryptlib.h" -#include -#include +#include +#include /* Check that p is a safe prime and * if g is 2, 3 or 5, check that is is a suitable generator diff --git a/OSX/libsecurity_apple_csp/open_ssl/dh/dh_err.c b/OSX/libsecurity_apple_csp/open_ssl/dh/dh_err.c index 9d34ad59..32598551 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/dh/dh_err.c +++ b/OSX/libsecurity_apple_csp/open_ssl/dh/dh_err.c @@ -76,8 +76,8 @@ */ #include -#include -#include +#include +#include /* BEGIN ERROR CODES */ #ifndef NO_ERR diff --git a/OSX/libsecurity_apple_csp/open_ssl/dh/dh_gen.c b/OSX/libsecurity_apple_csp/open_ssl/dh/dh_gen.c index f93be224..f500026d 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/dh/dh_gen.c +++ b/OSX/libsecurity_apple_csp/open_ssl/dh/dh_gen.c @@ -75,8 +75,8 @@ #include #include "cryptlib.h" -#include -#include +#include +#include /* We generate DH parameters as follows * find a prime q which is prime_len/2 bits long. diff --git a/OSX/libsecurity_apple_csp/open_ssl/dh/dh_key.c b/OSX/libsecurity_apple_csp/open_ssl/dh/dh_key.c index 8fc8e179..44e5b399 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/dh/dh_key.c +++ b/OSX/libsecurity_apple_csp/open_ssl/dh/dh_key.c @@ -75,9 +75,9 @@ #include #include "cryptlib.h" -#include +#include #include -#include +#include static int generate_key(DH *dh); static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); diff --git a/OSX/libsecurity_apple_csp/open_ssl/dh/dh_lib.c b/OSX/libsecurity_apple_csp/open_ssl/dh/dh_lib.c index a9449da0..fe5bddb8 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/dh/dh_lib.c +++ b/OSX/libsecurity_apple_csp/open_ssl/dh/dh_lib.c @@ -75,8 +75,8 @@ #include #include "cryptlib.h" -#include -#include +#include +#include const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT; diff --git a/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_asn1.c b/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_asn1.c index 1d6916d8..ea74509b 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_asn1.c +++ b/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_asn1.c @@ -20,8 +20,8 @@ #include #include "cryptlib.h" -#include -#include +#include +#include #ifndef _OPENSSL_APPLE_CDSA_ #include #endif diff --git a/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_err.c b/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_err.c index 5596d9d8..d526377b 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_err.c +++ b/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_err.c @@ -77,8 +77,8 @@ */ #include -#include -#include +#include +#include /* BEGIN ERROR CODES */ #ifndef NO_ERR diff --git a/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_gen.c b/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_gen.c index 9cda9604..f6888357 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_gen.c +++ b/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_gen.c @@ -93,8 +93,8 @@ #include #include "cryptlib.h" #include -#include -#include +#include +#include #include DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, diff --git a/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_key.c b/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_key.c index 3ae4dac8..7f884807 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_key.c +++ b/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_key.c @@ -78,8 +78,8 @@ #include #include "cryptlib.h" //#include -#include -#include +#include +#include #include int DSA_generate_key(DSA *dsa) diff --git a/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_lib.c b/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_lib.c index f2021a84..0be7e198 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_lib.c +++ b/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_lib.c @@ -78,9 +78,9 @@ #include #include "cryptlib.h" -#include -#include -#include +#include +#include +#include const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; diff --git a/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_ossl.c b/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_ossl.c index 6d5e56ab..f909d1a6 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_ossl.c +++ b/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_ossl.c @@ -78,10 +78,10 @@ #include #include "cryptlib.h" -#include -#include +#include +#include #include -#include +#include static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); diff --git a/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_sign.c b/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_sign.c index a11ddf2a..43dffa6e 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_sign.c +++ b/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_sign.c @@ -78,10 +78,10 @@ #include #include "cryptlib.h" -#include -#include +#include +#include #include -#include +#include DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { diff --git a/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_vrf.c b/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_vrf.c index 13a2cf96..e33e30cd 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_vrf.c +++ b/OSX/libsecurity_apple_csp/open_ssl/dsa/dsa_vrf.c @@ -78,10 +78,10 @@ #include #include "cryptlib.h" -#include -#include +#include +#include #include -#include +#include //#include int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, diff --git a/OSX/libsecurity_apple_csp/open_ssl/err/err.c b/OSX/libsecurity_apple_csp/open_ssl/err/err.c index dfe09242..6dcff872 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/err/err.c +++ b/OSX/libsecurity_apple_csp/open_ssl/err/err.c @@ -130,13 +130,13 @@ #include #include #include -#include -#include -#include +#include +#include +#include #include "cryptlib.h" -#include -#include -#include +#include +#include +#include static LHASH *error_hash=NULL; diff --git a/OSX/libsecurity_apple_csp/open_ssl/err/err_prn.c b/OSX/libsecurity_apple_csp/open_ssl/err/err_prn.c index cd25ae7c..b73afc17 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/err/err_prn.c +++ b/OSX/libsecurity_apple_csp/open_ssl/err/err_prn.c @@ -75,12 +75,12 @@ */ #include -#include -#include +#include +#include #include "cryptlib.h" -#include -#include -#include +#include +#include +#include #ifndef NO_FP_API void ERR_print_errors_fp(FILE *fp) diff --git a/OSX/libsecurity_apple_csp/open_ssl/ex_data.c b/OSX/libsecurity_apple_csp/open_ssl/ex_data.c index 6b1aa4e5..c57acc3f 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/ex_data.c +++ b/OSX/libsecurity_apple_csp/open_ssl/ex_data.c @@ -76,9 +76,9 @@ #include #include -#include -#include -#include +#include +#include +#include #include "cryptlib.h" int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long argl, void *argp, diff --git a/OSX/libsecurity_apple_csp/open_ssl/lhash/lhash.c b/OSX/libsecurity_apple_csp/open_ssl/lhash/lhash.c index 05f3f6b4..d01e5ad6 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/lhash/lhash.c +++ b/OSX/libsecurity_apple_csp/open_ssl/lhash/lhash.c @@ -77,7 +77,7 @@ /* Code for dynamic hash table routines * Author - Eric Young v 2.0 * - * 2.2 eay - added #include "crypto.h" so the memory leak checking code is + * 2.2 eay - added #include "crypto_legacy.h" so the memory leak checking code is * present. eay 18-Jun-98 * * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98 @@ -115,8 +115,8 @@ #include #include #include -#include -#include +#include +#include const char *lh_version="lhash" OPENSSL_VERSION_PTEXT; diff --git a/OSX/libsecurity_apple_csp/open_ssl/mem.c b/OSX/libsecurity_apple_csp/open_ssl/mem.c index a788e791..aeef2241 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/mem.c +++ b/OSX/libsecurity_apple_csp/open_ssl/mem.c @@ -76,7 +76,7 @@ #include #include -#include +#include #include "cryptlib.h" diff --git a/OSX/libsecurity_apple_csp/open_ssl/misc/rc2_cbc.c b/OSX/libsecurity_apple_csp/open_ssl/misc/rc2_cbc.c index 8bc139de..16d82a5c 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/misc/rc2_cbc.c +++ b/OSX/libsecurity_apple_csp/open_ssl/misc/rc2_cbc.c @@ -74,7 +74,7 @@ * [including the GNU Public Licence.] */ -#include +#include #include "rc2_locl.h" #ifndef _OPENSSL_APPLE_CDSA_ diff --git a/OSX/libsecurity_apple_csp/open_ssl/misc/rc2_skey.c b/OSX/libsecurity_apple_csp/open_ssl/misc/rc2_skey.c index ee7a5a1e..c25f57c8 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/misc/rc2_skey.c +++ b/OSX/libsecurity_apple_csp/open_ssl/misc/rc2_skey.c @@ -74,7 +74,7 @@ * [including the GNU Public Licence.] */ -#include +#include #include "rc2_locl.h" static const unsigned char key_table[256]={ diff --git a/OSX/libsecurity_apple_csp/open_ssl/misc/rc5_enc.c b/OSX/libsecurity_apple_csp/open_ssl/misc/rc5_enc.c index 0683256b..bc8133af 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/misc/rc5_enc.c +++ b/OSX/libsecurity_apple_csp/open_ssl/misc/rc5_enc.c @@ -75,7 +75,7 @@ */ #include -#include +#include #include "rc5_locl.h" #ifndef _OPENSSL_APPLE_CDSA_ diff --git a/OSX/libsecurity_apple_csp/open_ssl/misc/rc5_skey.c b/OSX/libsecurity_apple_csp/open_ssl/misc/rc5_skey.c index 8c42be8f..4a6db828 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/misc/rc5_skey.c +++ b/OSX/libsecurity_apple_csp/open_ssl/misc/rc5_skey.c @@ -74,7 +74,7 @@ * [including the GNU Public Licence.] */ -#include +#include #include "rc5_locl.h" void RC5_32_set_key(RC5_32_KEY *key, int len, unsigned char *data, diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/asn1.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/asn1_legacy.h similarity index 99% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/asn1.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/asn1_legacy.h index 1173f0a5..ac93059d 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/asn1.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/asn1_legacy.h @@ -16,7 +16,7 @@ */ -/* crypto/asn1/asn1.h */ +/* crypto/asn1/asn1_legacy.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -82,9 +82,9 @@ extern "C" { #endif #include -#include -#include -#include +#include +#include +#include #ifdef VMS #include diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/bio.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/bio_legacy.h similarity index 99% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/bio.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/bio_legacy.h index d593fe52..3be7c348 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/bio.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/bio_legacy.h @@ -16,7 +16,7 @@ */ -/* crypto/bio/bio.h */ +/* crypto/bio/bio_legacy.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -83,7 +83,7 @@ extern "C" { #include #include -#include +#include /* These are the 'types' of BIOs */ #define BIO_TYPE_NONE 0 @@ -443,7 +443,7 @@ int BIO_read_filename(BIO *b,const char *name); #define BIO_set_ssl_renegotiate_timeout(b,seconds) \ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL); -/* defined in evp.h */ +/* defined in evp_legacy.h */ /* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */ #define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp) diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/blowfish.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/blowfish_legacy.h similarity index 99% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/blowfish.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/blowfish_legacy.h index 6fb2aff8..d1836180 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/blowfish.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/blowfish_legacy.h @@ -1,4 +1,4 @@ -/* crypto/bf/blowfish.h */ +/* crypto/bf/blowfish_legacy.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/bn.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/bn_legacy.h similarity index 99% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/bn.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/bn_legacy.h index 4a336fd4..ec35aa09 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/bn.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/bn_legacy.h @@ -16,7 +16,7 @@ */ -/* crypto/bn/bn.h */ +/* crypto/bn/bn_legacy.h */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -80,7 +80,7 @@ #ifndef WIN16 #include /* FILE */ #endif -#include +#include #ifdef __cplusplus extern "C" { diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/buffer.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/buffer_legacy.h similarity index 99% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/buffer.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/buffer_legacy.h index 353e480d..d228060b 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/buffer.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/buffer_legacy.h @@ -16,7 +16,7 @@ */ -/* crypto/buffer/buffer.h */ +/* crypto/buffer/buffer_legacy.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/cast.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/cast_legacy.h similarity index 99% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/cast.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/cast_legacy.h index 2c9d0019..c9d8735e 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/cast.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/cast_legacy.h @@ -1,4 +1,4 @@ -/* crypto/cast/cast.h */ +/* crypto/cast/cast_legacy.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/crypto.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/crypto_legacy.h similarity index 99% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/crypto.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/crypto_legacy.h index b55530d1..ac857642 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/crypto.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/crypto_legacy.h @@ -16,7 +16,7 @@ */ -/* crypto/crypto.h */ +/* crypto/crypto_legacy.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -87,9 +87,9 @@ extern "C" { #include #endif -#include -#include -#include +#include +#include +#include #ifdef CHARSET_EBCDIC #include diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/dh.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/dh_legacy.h similarity index 98% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/dh.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/dh_legacy.h index ae24a355..dc773706 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/dh.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/dh_legacy.h @@ -15,7 +15,7 @@ * specific language governing rights and limitations under the License. */ -/* crypto/dh/dh.h */ +/* crypto/dh/dh_legacy.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -81,10 +81,10 @@ #endif #ifndef NO_BIO -#include +#include #endif -#include -#include +#include +#include #define DH_FLAG_CACHE_MONT_P 0x01 diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/dsa.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/dsa_legacy.h similarity index 98% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/dsa.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/dsa_legacy.h index 224b2f94..dc6a3a1a 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/dsa.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/dsa_legacy.h @@ -16,7 +16,7 @@ */ -/* crypto/dsa/dsa.h */ +/* crypto/dsa/dsa_legacy.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -91,10 +91,10 @@ extern "C" { #error DSA is disabled. #endif -#include -#include +#include +#include #ifndef NO_DH -# include +# include #endif #define DSA_FLAG_CACHE_MONT_P 0x01 diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/e_os.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/e_os.h index 127b0920..954ecc2a 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/e_os.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/e_os.h @@ -77,10 +77,10 @@ #ifndef HEADER_E_OS_H #define HEADER_E_OS_H -#include +#include -#include -/* contains what we can justify to make visible +#include +/* contains what we can justify to make visible * to the outside; this file e_os.h is not part of the exported * interface. */ diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/e_os2.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/e_os2_legacy.h similarity index 95% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/e_os2.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/e_os2_legacy.h index e3235a96..7c88ff34 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/e_os2.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/e_os2_legacy.h @@ -16,7 +16,7 @@ */ -/* e_os2.h */ +/* e_os2_legacy.h */ #ifndef HEADER_E_OS2_H #define HEADER_E_OS2_H @@ -25,7 +25,7 @@ extern "C" { #endif -#include /* OPENSSL_UNISTD */ +#include /* OPENSSL_UNISTD */ #ifdef MSDOS # define OPENSSL_UNISTD_IO diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/evp.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/evp_legacy.h similarity index 98% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/evp.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/evp_legacy.h index aa186474..46486187 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/evp.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/evp_legacy.h @@ -16,7 +16,7 @@ */ -/* crypto/evp/evp.h */ +/* crypto/evp/evp_legacy.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -100,16 +100,16 @@ extern "C" { #include #endif #ifndef NO_RC2 -#include +#include #endif #ifndef NO_RC5 -#include +#include #endif #ifndef NO_BF -#include +#include #endif #ifndef NO_CAST -#include +#include #endif #ifndef NO_IDEA #include @@ -132,18 +132,18 @@ extern "C" { #define PKCS5_DEFAULT_ITER 2048 #ifndef NO_RSA -#include +#include #endif #ifndef NO_DSA -#include +#include #endif #ifndef NO_DH -#include +#include #endif -#include +#include #define EVP_PK_RSA 0x0001 #define EVP_PK_DSA 0x0002 diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/lhash.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/lhash_legacy.h similarity index 99% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/lhash.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/lhash_legacy.h index aae8e744..0c658600 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/lhash.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/lhash_legacy.h @@ -16,7 +16,7 @@ */ -/* crypto/lhash/lhash.h */ +/* crypto/lhash/lhash_legacy.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/objects.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/objects_legacy.h similarity index 99% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/objects.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/objects_legacy.h index ce8fb358..f06b39bb 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/objects.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/objects_legacy.h @@ -16,7 +16,7 @@ */ -/* crypto/objects/objects.h */ +/* crypto/objects/objects_legacy.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -972,8 +972,8 @@ extern "C" { #define NID_OCSP_sign 180 #define OBJ_OCSP_sign OBJ_id_kp,9L -#include -#include +#include +#include #define OBJ_NAME_TYPE_UNDEF 0x00 #define OBJ_NAME_TYPE_MD_METH 0x01 diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/openssl_pkcs7.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/openssl_pkcs7_legacy.h similarity index 99% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/openssl_pkcs7.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/openssl_pkcs7_legacy.h index 760a7b88..59b72fd9 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/openssl_pkcs7.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/openssl_pkcs7_legacy.h @@ -81,8 +81,8 @@ extern "C" { #endif -#include -#include +#include +#include #ifdef VMS #include diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/opensslconf.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/opensslconf_legacy.h similarity index 97% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/opensslconf.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/opensslconf_legacy.h index b02cf890..531c27c9 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/opensslconf.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/opensslconf_legacy.h @@ -34,7 +34,7 @@ */ /* - * opensslconf.h - hand-rolled config #defines for openssl code used in AppleCSP + * opensslconf_legacy.h - hand-rolled config #defines for openssl code used in AppleCSP * Written by Doug Mitchell 4/3/2001 */ #ifndef _OPENSSL_CONF_H_ diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/err.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/opensslerr.h similarity index 99% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/err.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/opensslerr.h index 6ce7f17b..56fe849e 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/err.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/opensslerr.h @@ -81,7 +81,7 @@ extern "C" { #endif -#include +#include #ifndef NO_FP_API #include diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/opensslv.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/opensslv_legacy.h similarity index 100% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/opensslv.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/opensslv_legacy.h diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/rc2.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/rc2_legacy.h similarity index 98% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/rc2.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/rc2_legacy.h index 7d1dae2e..62d40cb3 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/rc2.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/rc2_legacy.h @@ -16,7 +16,7 @@ */ -/* crypto/rc2/rc2.h */ +/* crypto/rc2/rc2_legacy.h */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -88,7 +88,7 @@ extern "C" { #define RC2_ENCRYPT 1 #define RC2_DECRYPT 0 -#include /* RC2_INT */ +#include /* RC2_INT */ #define RC2_BLOCK_SIZE_BYTES 8 #define RC2_MIN_KEY_SIZE_BYTES 1 #define RC2_MAX_KEY_SIZE_BYTES 128 diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/rc5.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/rc5_legacy.h similarity index 98% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/rc5.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/rc5_legacy.h index 9a8f9624..04a995cc 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/rc5.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/rc5_legacy.h @@ -16,7 +16,7 @@ */ -/* crypto/rc5/rc5.h */ +/* crypto/rc5/rc5_legacy.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -88,7 +88,7 @@ extern "C" { #define RC5_ENCRYPT 1 #define RC5_DECRYPT 0 -#include /* RC5_INT */ +#include /* RC5_INT */ #ifdef _OPENSSL_APPLE_CDSA_ diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/rsa.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/rsa_legacy.h similarity index 99% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/rsa.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/rsa_legacy.h index 99a69eab..1c695a08 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/rsa.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/rsa_legacy.h @@ -16,7 +16,7 @@ */ -/* crypto/rsa/rsa.h */ +/* crypto/rsa/rsa_legacy.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -81,8 +81,8 @@ extern "C" { #endif -#include -#include +#include +#include #ifdef NO_RSA #error RSA is disabled. diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/safestack.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/safestack_legacy.h similarity index 99% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/safestack.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/safestack_legacy.h index ed14c875..13fb0ec2 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/safestack.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/safestack_legacy.h @@ -73,7 +73,7 @@ #ifndef HEADER_SAFESTACK_H #define HEADER_SAFESTACK_H -#include +#include #define STACK_OF(type) STACK_##type diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/stack.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/stack_legacy.h similarity index 99% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/stack.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/stack_legacy.h index ca788f2d..17bab885 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/stack.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/stack_legacy.h @@ -16,7 +16,7 @@ */ -/* crypto/stack/stack.h */ +/* crypto/stack/stack_legacy.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/x509.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/x509_legacy.h similarity index 99% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/x509.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/x509_legacy.h index 0a2d0328..d10b70fc 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/x509.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/x509_legacy.h @@ -16,7 +16,7 @@ */ -/* crypto/x509/x509.h */ +/* crypto/x509/x509_legacy.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -86,23 +86,23 @@ extern "C" { #define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic #endif -#include -#include -#include +#include +#include +#include #ifndef NO_RSA -#include +#include #endif #ifndef NO_DSA -#include +#include #endif #ifndef NO_DH -#include +#include #endif -#include +#include #ifdef WIN32 @@ -463,8 +463,8 @@ typedef struct pkcs8_priv_key_info_st STACK_OF(X509_ATTRIBUTE) *attributes; } PKCS8_PRIV_KEY_INFO; -#include -#include +#include +#include #ifdef SSLEAY_MACROS #define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\ diff --git a/OSX/libsecurity_apple_csp/open_ssl/openssl/x509_vfy.h b/OSX/libsecurity_apple_csp/open_ssl/openssl/x509_vfy_legacy.h similarity index 98% rename from OSX/libsecurity_apple_csp/open_ssl/openssl/x509_vfy.h rename to OSX/libsecurity_apple_csp/open_ssl/openssl/x509_vfy_legacy.h index 3e2dadf4..d413c315 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/openssl/x509_vfy.h +++ b/OSX/libsecurity_apple_csp/open_ssl/openssl/x509_vfy_legacy.h @@ -16,7 +16,7 @@ */ -/* crypto/x509/x509_vfy.h */ +/* crypto/x509/x509_vfy_legacy.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -75,8 +75,8 @@ */ #ifndef HEADER_X509_H -#include -/* openssl/x509.h ends up #include-ing this file at about the only +#include +/* openssl/x509_legacy.h ends up #include-ing this file at about the only * appropriate moment. */ #endif @@ -87,8 +87,8 @@ extern "C" { #endif -#include -#include +#include +#include /* Outer object */ typedef struct x509_hash_dir_st diff --git a/OSX/libsecurity_apple_csp/open_ssl/opensslUtils/opensslAsn1.cpp b/OSX/libsecurity_apple_csp/open_ssl/opensslUtils/opensslAsn1.cpp index fc88a8af..cd652271 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/opensslUtils/opensslAsn1.cpp +++ b/OSX/libsecurity_apple_csp/open_ssl/opensslUtils/opensslAsn1.cpp @@ -24,9 +24,9 @@ #include "AppleCSPUtils.h" #include "opensshCoding.h" #include -#include -#include -#include +#include +#include +#include #include #include diff --git a/OSX/libsecurity_apple_csp/open_ssl/opensslUtils/opensslAsn1.h b/OSX/libsecurity_apple_csp/open_ssl/opensslUtils/opensslAsn1.h index 0e29271a..3f7ae097 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/opensslUtils/opensslAsn1.h +++ b/OSX/libsecurity_apple_csp/open_ssl/opensslUtils/opensslAsn1.h @@ -24,9 +24,9 @@ #define _OPENSSL_ASN1_H_ -#include -#include -#include +#include +#include +#include #include #include #include diff --git a/OSX/libsecurity_apple_csp/open_ssl/opensslUtils/opensslUtils.cpp b/OSX/libsecurity_apple_csp/open_ssl/opensslUtils/opensslUtils.cpp index c20f8e0c..30b4b71b 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/opensslUtils/opensslUtils.cpp +++ b/OSX/libsecurity_apple_csp/open_ssl/opensslUtils/opensslUtils.cpp @@ -21,13 +21,13 @@ */ #include -#include -#include +#include +#include #include -#include -#include -#include -#include +#include +#include +#include +#include #include #include #include "opensslUtils.h" diff --git a/OSX/libsecurity_apple_csp/open_ssl/opensslUtils/opensslUtils.h b/OSX/libsecurity_apple_csp/open_ssl/opensslUtils/opensslUtils.h index 8662075a..0467ba20 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/opensslUtils/opensslUtils.h +++ b/OSX/libsecurity_apple_csp/open_ssl/opensslUtils/opensslUtils.h @@ -23,7 +23,7 @@ #ifndef _OPENSSL_UTILS_H_ #define _OPENSSL_UTILS_H_ -#include +#include #ifdef __cplusplus extern "C" { diff --git a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_chk.c b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_chk.c index a7b09586..45ea224f 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_chk.c +++ b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_chk.c @@ -66,9 +66,9 @@ * ==================================================================== */ -#include -#include -#include +#include +#include +#include int RSA_check_key(RSA *key) diff --git a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_eay.c b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_eay.c index b2836aa8..d3a8c76b 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_eay.c +++ b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_eay.c @@ -76,8 +76,8 @@ #include #include "cryptlib.h" -#include -#include +#include +#include #include #include diff --git a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_err.c b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_err.c index 053cd570..f20fd68c 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_err.c +++ b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_err.c @@ -77,8 +77,8 @@ */ #include -#include -#include +#include +#include /* BEGIN ERROR CODES */ #ifndef NO_ERR diff --git a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_gen.c b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_gen.c index 3687e0c4..86a26e7b 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_gen.c +++ b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_gen.c @@ -77,8 +77,8 @@ #include #include #include "cryptlib.h" -#include -#include +#include +#include RSA *RSA_generate_key(int bits, unsigned long e_value, void (*callback)(int,int,void *), void *cb_arg) diff --git a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_lib.c b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_lib.c index 8b09b64c..f0cd0aab 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_lib.c +++ b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_lib.c @@ -75,11 +75,11 @@ */ #include -#include +#include #include "cryptlib.h" -#include -#include -#include +#include +#include +#include #include const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT; @@ -369,7 +369,6 @@ static struct BN_BLINDING_STRUCT* RSA_get_blinding_struct(RSA *r) if (pthread_equal(current, r->blinding_array[i].thread_ID)) // do we have storage for this thread? { return &(r->blinding_array[i]); - break; } } diff --git a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_none.c b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_none.c index 91dbf2ff..ab4bc365 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_none.c +++ b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_none.c @@ -76,8 +76,8 @@ #include #include "cryptlib.h" -#include -#include +#include +#include #include int RSA_padding_add_none(unsigned char *to, int tlen, unsigned char *from, diff --git a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_null.c b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_null.c index ae373438..5f0f32d2 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_null.c +++ b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_null.c @@ -76,8 +76,8 @@ #include #include "cryptlib.h" -#include -#include +#include +#include #include /* This is a dummy RSA implementation that just returns errors when called. diff --git a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_pk1.c b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_pk1.c index 46f90e38..e94f142b 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_pk1.c +++ b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_pk1.c @@ -76,8 +76,8 @@ #include #include "cryptlib.h" -#include -#include +#include +#include #include int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, diff --git a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_saos.c b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_saos.c index 29f51127..55029916 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_saos.c +++ b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_saos.c @@ -76,10 +76,10 @@ #include #include "cryptlib.h" -#include -#include -#include -#include +#include +#include +#include +#include int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, RSA *rsa) diff --git a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_sign.c b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_sign.c index 899811c4..fff3be5f 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_sign.c +++ b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_sign.c @@ -76,10 +76,10 @@ #include #include "cryptlib.h" -#include -#include -#include -#include +#include +#include +#include +#include /* Size of an SSL signature: MD5+SHA1 */ #define SSL_SIG_LENGTH 36 diff --git a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_ssl.c b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_ssl.c index 9abd2a79..b9f25f1b 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_ssl.c +++ b/OSX/libsecurity_apple_csp/open_ssl/rsa/rsa_ssl.c @@ -76,8 +76,8 @@ #include #include "cryptlib.h" -#include -#include +#include +#include #include int RSA_padding_add_SSLv23(unsigned char *to, int tlen, unsigned char *from, diff --git a/OSX/libsecurity_apple_csp/open_ssl/stack/stack.c b/OSX/libsecurity_apple_csp/open_ssl/stack/stack.c index 0a0bd676..233adf7f 100644 --- a/OSX/libsecurity_apple_csp/open_ssl/stack/stack.c +++ b/OSX/libsecurity_apple_csp/open_ssl/stack/stack.c @@ -85,7 +85,7 @@ */ #include #include "cryptlib.h" -#include +#include #undef MIN_NODES #define MIN_NODES 4 diff --git a/OSX/libsecurity_apple_cspdl/lib/AppleCSPDLBuiltin.cpp b/OSX/libsecurity_apple_cspdl/lib/AppleCSPDLBuiltin.cpp index 23ba8bdf..953814a2 100644 --- a/OSX/libsecurity_apple_cspdl/lib/AppleCSPDLBuiltin.cpp +++ b/OSX/libsecurity_apple_cspdl/lib/AppleCSPDLBuiltin.cpp @@ -20,7 +20,7 @@ n // // Produce the "genuine plugin version" of the AppleCSPDL // -#include +#include "CSPDLPlugin.h" // diff --git a/OSX/libsecurity_apple_cspdl/lib/CSPDLPlugin.cpp b/OSX/libsecurity_apple_cspdl/lib/CSPDLPlugin.cpp index 629d738e..b0cf2f25 100644 --- a/OSX/libsecurity_apple_cspdl/lib/CSPDLPlugin.cpp +++ b/OSX/libsecurity_apple_cspdl/lib/CSPDLPlugin.cpp @@ -73,6 +73,5 @@ CSPDLPlugin::makeSession(CSSM_MODULE_HANDLE handle, mSSCSPDLSession); default: CssmError::throwMe(CSSMERR_CSSM_INVALID_SERVICE_MASK); - return 0; // placebo } } diff --git a/OSX/libsecurity_apple_cspdl/lib/SSDatabase.cpp b/OSX/libsecurity_apple_cspdl/lib/SSDatabase.cpp index e4468f4d..6e0c93fc 100644 --- a/OSX/libsecurity_apple_cspdl/lib/SSDatabase.cpp +++ b/OSX/libsecurity_apple_cspdl/lib/SSDatabase.cpp @@ -46,6 +46,7 @@ try } catch (...) { + return; // Prevent re-throw of exception [function-try-block] } SSUniqueRecord @@ -327,7 +328,7 @@ SSDatabaseImpl::load(const DLDbIdentifier &dlDbIdentifier) { CssmDataContainer dbb(allocator()); getDbBlobId(&dbb); - secnotice("integrity", "loading %s", name()); + secinfo("integrity", "loading %s", name()); } void diff --git a/OSX/libsecurity_apple_cspdl/lib/SSFactory.cpp b/OSX/libsecurity_apple_cspdl/lib/SSFactory.cpp index 49e044c8..14960159 100644 --- a/OSX/libsecurity_apple_cspdl/lib/SSFactory.cpp +++ b/OSX/libsecurity_apple_cspdl/lib/SSFactory.cpp @@ -78,5 +78,4 @@ bool SSFactory::setup(SSCSPSession &session, CSPFullPluginSession::CSPContext * return true; } #endif - return false; } diff --git a/OSX/libsecurity_apple_cspdl/lib/SSKey.cpp b/OSX/libsecurity_apple_cspdl/lib/SSKey.cpp index fec984c5..3fa1dfec 100644 --- a/OSX/libsecurity_apple_cspdl/lib/SSKey.cpp +++ b/OSX/libsecurity_apple_cspdl/lib/SSKey.cpp @@ -27,6 +27,7 @@ #include "SSDLSession.h" #include #include +#include using namespace CssmClient; using namespace SecurityServer; @@ -39,6 +40,7 @@ SSKey::SSKey(SSCSPSession &session, KeyHandle keyHandle, CssmKey &ioKey, mAllocator(session), mKeyHandle(keyHandle), mClientSession(session.clientSession()) { + StLock _ (mMutex); // In the constructor??? Yes. Our handlers aren't thread safe in the slightest... CssmKey::Header &header = ioKey.header(); if (inKeyAttr & CSSM_KEYATTR_PERMANENT) { @@ -140,6 +142,7 @@ mAllocator(session.allocator()), mKeyHandle(noKey), mUniqueId(uniqueId), mRecordType(recordType), mClientSession(session.clientSession()) { + StLock _ (mMutex); CssmKey::Header &header = ioKey.header(); memset(&header, 0, sizeof(header)); // Clear key header @@ -234,6 +237,7 @@ mClientSession(session.clientSession()) SSKey::~SSKey() { + StLock _(mMutex); // In the destructor too??? Yes. See SSCSPSession.cpp:354 for an explanation of this code's policy on threads. if (mKeyHandle != noKey) clientSession().releaseKey(mKeyHandle); } @@ -242,6 +246,7 @@ void SSKey::free(const AccessCredentials *accessCred, CssmKey &ioKey, CSSM_BOOL deleteKey) { + StLock _(mMutex); freeReferenceKey(mAllocator, ioKey); if (deleteKey) { @@ -264,17 +269,20 @@ SSKey::free(const AccessCredentials *accessCred, CssmKey &ioKey, SecurityServer::ClientSession & SSKey::clientSession() { + StLock _(mMutex); return mClientSession; } KeyHandle SSKey::optionalKeyHandle() const { + StLock _(mMutex); return mKeyHandle; } KeyHandle SSKey::keyHandle() { + StLock _(mMutex); if (mKeyHandle == noKey) { // Deal with uninstantiated keys. @@ -302,6 +310,7 @@ SSKey::keyHandle() void SSKey::getOwner(CSSM_ACL_OWNER_PROTOTYPE &owner, Allocator &allocator) { + StLock _ (mMutex); clientSession().getKeyOwner(keyHandle(), AclOwnerPrototype::overlay(owner), allocator); } @@ -310,6 +319,7 @@ void SSKey::changeOwner(const AccessCredentials &accessCred, const AclOwnerPrototype &newOwner) { + StLock _ (mMutex); clientSession().changeKeyOwner(keyHandle(), accessCred, newOwner); didChangeAcl(); } @@ -318,6 +328,7 @@ void SSKey::getAcl(const char *selectionTag, uint32 &numberOfAclInfos, AclEntryInfo *&aclInfos, Allocator &allocator) { + StLock _ (mMutex); clientSession().getKeyAcl(keyHandle(), selectionTag, numberOfAclInfos, aclInfos, allocator); } @@ -325,6 +336,7 @@ SSKey::getAcl(const char *selectionTag, uint32 &numberOfAclInfos, void SSKey::changeAcl(const AccessCredentials &accessCred, const AclEdit &aclEdit) { + StLock _ (mMutex); clientSession().changeKeyAcl(keyHandle(), accessCred, aclEdit); didChangeAcl(); } diff --git a/OSX/libsecurity_apple_cspdl/lib/SSKey.h b/OSX/libsecurity_apple_cspdl/lib/SSKey.h index 020d5728..d7523389 100644 --- a/OSX/libsecurity_apple_cspdl/lib/SSKey.h +++ b/OSX/libsecurity_apple_cspdl/lib/SSKey.h @@ -81,6 +81,7 @@ private: SSUniqueRecord mUniqueId; CSSM_DB_RECORDTYPE mRecordType; SecurityServer::ClientSession &mClientSession; + mutable RecursiveMutex mMutex; }; diff --git a/OSX/libsecurity_apple_cspdl/libsecurity_apple_cspdl.xcodeproj/project.pbxproj b/OSX/libsecurity_apple_cspdl/libsecurity_apple_cspdl.xcodeproj/project.pbxproj deleted file mode 100644 index 0e8ed5a1..00000000 --- a/OSX/libsecurity_apple_cspdl/libsecurity_apple_cspdl.xcodeproj/project.pbxproj +++ /dev/null @@ -1,335 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 4C6AA9E30535FDA6006E3284 /* CSPDLDatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C6AA9D00535FDA6006E3284 /* CSPDLDatabase.cpp */; }; - 4C6AA9E40535FDA6006E3284 /* CSPDLDatabase.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6AA9D10535FDA6006E3284 /* CSPDLDatabase.h */; }; - 4C6AA9E50535FDA6006E3284 /* CSPDLPlugin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C6AA9D20535FDA6006E3284 /* CSPDLPlugin.cpp */; }; - 4C6AA9E60535FDA6006E3284 /* CSPDLPlugin.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6AA9D30535FDA6006E3284 /* CSPDLPlugin.h */; }; - 4C6AA9E70535FDA6006E3284 /* SSContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C6AA9D40535FDA6006E3284 /* SSContext.cpp */; }; - 4C6AA9E80535FDA6006E3284 /* SSContext.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6AA9D50535FDA6006E3284 /* SSContext.h */; }; - 4C6AA9E90535FDA6006E3284 /* SSCSPDLSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C6AA9D60535FDA6006E3284 /* SSCSPDLSession.cpp */; }; - 4C6AA9EA0535FDA6006E3284 /* SSCSPDLSession.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6AA9D70535FDA6006E3284 /* SSCSPDLSession.h */; }; - 4C6AA9EB0535FDA6006E3284 /* SSCSPSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C6AA9D80535FDA6006E3284 /* SSCSPSession.cpp */; }; - 4C6AA9EC0535FDA6006E3284 /* SSCSPSession.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6AA9D90535FDA6006E3284 /* SSCSPSession.h */; }; - 4C6AA9ED0535FDA6006E3284 /* SSDatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C6AA9DA0535FDA6006E3284 /* SSDatabase.cpp */; }; - 4C6AA9EE0535FDA6006E3284 /* SSDatabase.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6AA9DB0535FDA6006E3284 /* SSDatabase.h */; }; - 4C6AA9EF0535FDA6006E3284 /* SSDLSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C6AA9DC0535FDA6006E3284 /* SSDLSession.cpp */; }; - 4C6AA9F00535FDA6006E3284 /* SSDLSession.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6AA9DD0535FDA6006E3284 /* SSDLSession.h */; }; - 4C6AA9F10535FDA6006E3284 /* SSFactory.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C6AA9DE0535FDA6006E3284 /* SSFactory.cpp */; }; - 4C6AA9F20535FDA6006E3284 /* SSFactory.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6AA9DF0535FDA6006E3284 /* SSFactory.h */; }; - 4C6AA9F30535FDA6006E3284 /* SSKey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C6AA9E00535FDA6006E3284 /* SSKey.cpp */; }; - 4C6AA9F40535FDA6006E3284 /* SSKey.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6AA9E10535FDA6006E3284 /* SSKey.h */; }; - C2196B5D053B598C005808D4 /* AppleCSPDLBuiltin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2196B5C053B598C005808D4 /* AppleCSPDLBuiltin.cpp */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 184460DD146E7DF300B12992 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 184460D8146E7DF300B12992 /* libsecurity_cdsa_plugin.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_cdsa_plugin; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXFileReference section */ - 184460CC146E7B7B00B12992 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 184460CD146E7B7B00B12992 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 184460CE146E7B7B00B12992 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 184460CF146E7B7B00B12992 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 184460D8146E7DF300B12992 /* libsecurity_cdsa_plugin.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_cdsa_plugin.xcodeproj; path = ../libsecurity_cdsa_plugin/libsecurity_cdsa_plugin.xcodeproj; sourceTree = ""; }; - 4094B0AB057EA69D00B44BCC /* cspdl_common.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = cspdl_common.mdsinfo; sourceTree = ""; }; - 4094B0AC057EA69D00B44BCC /* cspdl_csp_capabilities.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = cspdl_csp_capabilities.mdsinfo; sourceTree = ""; }; - 4094B0AD057EA69D00B44BCC /* cspdl_csp_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = cspdl_csp_primary.mdsinfo; sourceTree = ""; }; - 4094B0AE057EA69D00B44BCC /* cspdl_dl_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = cspdl_dl_primary.mdsinfo; sourceTree = ""; }; - 4C6AA9CF0535FDA6006E3284 /* AppleCSPDLPlugin.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = AppleCSPDLPlugin.cpp; sourceTree = ""; }; - 4C6AA9D00535FDA6006E3284 /* CSPDLDatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CSPDLDatabase.cpp; sourceTree = ""; }; - 4C6AA9D10535FDA6006E3284 /* CSPDLDatabase.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CSPDLDatabase.h; sourceTree = ""; }; - 4C6AA9D20535FDA6006E3284 /* CSPDLPlugin.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CSPDLPlugin.cpp; sourceTree = ""; }; - 4C6AA9D30535FDA6006E3284 /* CSPDLPlugin.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CSPDLPlugin.h; sourceTree = ""; }; - 4C6AA9D40535FDA6006E3284 /* SSContext.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SSContext.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4C6AA9D50535FDA6006E3284 /* SSContext.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SSContext.h; sourceTree = ""; }; - 4C6AA9D60535FDA6006E3284 /* SSCSPDLSession.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SSCSPDLSession.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4C6AA9D70535FDA6006E3284 /* SSCSPDLSession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SSCSPDLSession.h; sourceTree = ""; }; - 4C6AA9D80535FDA6006E3284 /* SSCSPSession.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SSCSPSession.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4C6AA9D90535FDA6006E3284 /* SSCSPSession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SSCSPSession.h; sourceTree = ""; }; - 4C6AA9DA0535FDA6006E3284 /* SSDatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SSDatabase.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4C6AA9DB0535FDA6006E3284 /* SSDatabase.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SSDatabase.h; sourceTree = ""; }; - 4C6AA9DC0535FDA6006E3284 /* SSDLSession.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SSDLSession.cpp; sourceTree = ""; }; - 4C6AA9DD0535FDA6006E3284 /* SSDLSession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SSDLSession.h; sourceTree = ""; }; - 4C6AA9DE0535FDA6006E3284 /* SSFactory.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SSFactory.cpp; sourceTree = ""; }; - 4C6AA9DF0535FDA6006E3284 /* SSFactory.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SSFactory.h; sourceTree = ""; }; - 4C6AA9E00535FDA6006E3284 /* SSKey.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SSKey.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4C6AA9E10535FDA6006E3284 /* SSKey.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SSKey.h; sourceTree = ""; }; - 4CA1FEBE052A3C8100F22E42 /* libsecurity_apple_cspdl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_apple_cspdl.a; sourceTree = BUILT_PRODUCTS_DIR; }; - C2196B5C053B598C005808D4 /* AppleCSPDLBuiltin.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = AppleCSPDLBuiltin.cpp; path = lib/AppleCSPDLBuiltin.cpp; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 184460CB146E7B7B00B12992 /* config */ = { - isa = PBXGroup; - children = ( - 184460CC146E7B7B00B12992 /* base.xcconfig */, - 184460CD146E7B7B00B12992 /* debug.xcconfig */, - 184460CE146E7B7B00B12992 /* lib.xcconfig */, - 184460CF146E7B7B00B12992 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 184460D9146E7DF300B12992 /* Products */ = { - isa = PBXGroup; - children = ( - 184460DE146E7DF300B12992 /* libsecurity_cdsa_plugin.a */, - ); - name = Products; - sourceTree = ""; - }; - 4094B0AA057EA69D00B44BCC /* mds */ = { - isa = PBXGroup; - children = ( - 4094B0AB057EA69D00B44BCC /* cspdl_common.mdsinfo */, - 4094B0AC057EA69D00B44BCC /* cspdl_csp_capabilities.mdsinfo */, - 4094B0AD057EA69D00B44BCC /* cspdl_csp_primary.mdsinfo */, - 4094B0AE057EA69D00B44BCC /* cspdl_dl_primary.mdsinfo */, - ); - path = mds; - sourceTree = SOURCE_ROOT; - }; - 4C6AA9CE0535FDA6006E3284 /* lib */ = { - isa = PBXGroup; - children = ( - 4C6AA9CF0535FDA6006E3284 /* AppleCSPDLPlugin.cpp */, - 4C6AA9D00535FDA6006E3284 /* CSPDLDatabase.cpp */, - 4C6AA9D10535FDA6006E3284 /* CSPDLDatabase.h */, - 4C6AA9D20535FDA6006E3284 /* CSPDLPlugin.cpp */, - 4C6AA9D30535FDA6006E3284 /* CSPDLPlugin.h */, - 4C6AA9D40535FDA6006E3284 /* SSContext.cpp */, - 4C6AA9D50535FDA6006E3284 /* SSContext.h */, - 4C6AA9D60535FDA6006E3284 /* SSCSPDLSession.cpp */, - 4C6AA9D70535FDA6006E3284 /* SSCSPDLSession.h */, - 4C6AA9D80535FDA6006E3284 /* SSCSPSession.cpp */, - 4C6AA9D90535FDA6006E3284 /* SSCSPSession.h */, - 4C6AA9DA0535FDA6006E3284 /* SSDatabase.cpp */, - 4C6AA9DB0535FDA6006E3284 /* SSDatabase.h */, - 4C6AA9DC0535FDA6006E3284 /* SSDLSession.cpp */, - 4C6AA9DD0535FDA6006E3284 /* SSDLSession.h */, - 4C6AA9DE0535FDA6006E3284 /* SSFactory.cpp */, - 4C6AA9DF0535FDA6006E3284 /* SSFactory.h */, - 4C6AA9E00535FDA6006E3284 /* SSKey.cpp */, - 4C6AA9E10535FDA6006E3284 /* SSKey.h */, - ); - path = lib; - sourceTree = ""; - }; - 4CA1FEA7052A3C3800F22E42 = { - isa = PBXGroup; - children = ( - 184460D8146E7DF300B12992 /* libsecurity_cdsa_plugin.xcodeproj */, - 4C6AA9CE0535FDA6006E3284 /* lib */, - 184460CB146E7B7B00B12992 /* config */, - 4094B0AA057EA69D00B44BCC /* mds */, - 4CA1FEBF052A3C8100F22E42 /* Products */, - C2196B5C053B598C005808D4 /* AppleCSPDLBuiltin.cpp */, - ); - sourceTree = ""; - }; - 4CA1FEBF052A3C8100F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - 4CA1FEBE052A3C8100F22E42 /* libsecurity_apple_cspdl.a */, - ); - name = Products; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 4CA1FEB9052A3C8100F22E42 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 4C6AA9E40535FDA6006E3284 /* CSPDLDatabase.h in Headers */, - 4C6AA9E60535FDA6006E3284 /* CSPDLPlugin.h in Headers */, - 4C6AA9E80535FDA6006E3284 /* SSContext.h in Headers */, - 4C6AA9EA0535FDA6006E3284 /* SSCSPDLSession.h in Headers */, - 4C6AA9EC0535FDA6006E3284 /* SSCSPSession.h in Headers */, - 4C6AA9EE0535FDA6006E3284 /* SSDatabase.h in Headers */, - 4C6AA9F00535FDA6006E3284 /* SSDLSession.h in Headers */, - 4C6AA9F20535FDA6006E3284 /* SSFactory.h in Headers */, - 4C6AA9F40535FDA6006E3284 /* SSKey.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 4CA1FEBD052A3C8100F22E42 /* libsecurity_apple_cspdl */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD2630987FCDC001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_apple_cspdl" */; - buildPhases = ( - 4CA1FEB9052A3C8100F22E42 /* Headers */, - 4CA1FEBA052A3C8100F22E42 /* Sources */, - 4CA1FEBB052A3C8100F22E42 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_apple_cspdl; - productInstallPath = /usr/local/lib; - productName = libsecurity_apple_cspdl; - productReference = 4CA1FEBE052A3C8100F22E42 /* libsecurity_apple_cspdl.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEAB052A3C3800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD26A0987FCDC001272E0 /* Build configuration list for PBXProject "libsecurity_apple_cspdl" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - English, - Japanese, - French, - German, - ); - mainGroup = 4CA1FEA7052A3C3800F22E42; - productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 184460D9146E7DF300B12992 /* Products */; - ProjectRef = 184460D8146E7DF300B12992 /* libsecurity_cdsa_plugin.xcodeproj */; - }, - ); - projectRoot = ""; - targets = ( - 4CA1FEBD052A3C8100F22E42 /* libsecurity_apple_cspdl */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 184460DE146E7DF300B12992 /* libsecurity_cdsa_plugin.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_cdsa_plugin.a; - remoteRef = 184460DD146E7DF300B12992 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; -/* End PBXReferenceProxy section */ - -/* Begin PBXSourcesBuildPhase section */ - 4CA1FEBA052A3C8100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4C6AA9E30535FDA6006E3284 /* CSPDLDatabase.cpp in Sources */, - 4C6AA9E50535FDA6006E3284 /* CSPDLPlugin.cpp in Sources */, - 4C6AA9E70535FDA6006E3284 /* SSContext.cpp in Sources */, - 4C6AA9E90535FDA6006E3284 /* SSCSPDLSession.cpp in Sources */, - 4C6AA9EB0535FDA6006E3284 /* SSCSPSession.cpp in Sources */, - 4C6AA9ED0535FDA6006E3284 /* SSDatabase.cpp in Sources */, - 4C6AA9EF0535FDA6006E3284 /* SSDLSession.cpp in Sources */, - 4C6AA9F10535FDA6006E3284 /* SSFactory.cpp in Sources */, - 4C6AA9F30535FDA6006E3284 /* SSKey.cpp in Sources */, - C2196B5D053B598C005808D4 /* AppleCSPDLBuiltin.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin XCBuildConfiguration section */ - C27AD2640987FCDC001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 184460CE146E7B7B00B12992 /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - WARNING_CFLAGS = ( - "$(inherited)", - "-Wno-error=overloaded-virtual", - ); - }; - name = Debug; - }; - C27AD2690987FCDC001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 184460CE146E7B7B00B12992 /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - WARNING_CFLAGS = ( - "$(inherited)", - "-Wno-error=overloaded-virtual", - ); - }; - name = Release; - }; - C27AD26B0987FCDC001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 184460CD146E7B7B00B12992 /* debug.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - ENABLE_TESTABILITY = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD2700987FCDC001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 184460CF146E7B7B00B12992 /* release.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C27AD2630987FCDC001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_apple_cspdl" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD2640987FCDC001272E0 /* Debug */, - C27AD2690987FCDC001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD26A0987FCDC001272E0 /* Build configuration list for PBXProject "libsecurity_apple_cspdl" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD26B0987FCDC001272E0 /* Debug */, - C27AD2700987FCDC001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; -} diff --git a/OSX/libsecurity_apple_file_dl/lib/AppleFileDL.cpp b/OSX/libsecurity_apple_file_dl/lib/AppleFileDL.cpp index ce3030dc..ac3000f8 100644 --- a/OSX/libsecurity_apple_file_dl/lib/AppleFileDL.cpp +++ b/OSX/libsecurity_apple_file_dl/lib/AppleFileDL.cpp @@ -76,6 +76,5 @@ PluginSession *AppleFileDL::makeSession(CSSM_MODULE_HANDLE handle, mDatabaseManager); default: CssmError::throwMe(CSSMERR_CSSM_INVALID_SERVICE_MASK); - return 0; // placebo } } diff --git a/OSX/libsecurity_apple_file_dl/libsecurity_apple_file_dl.xcodeproj/project.pbxproj b/OSX/libsecurity_apple_file_dl/libsecurity_apple_file_dl.xcodeproj/project.pbxproj deleted file mode 100644 index 0d7ea931..00000000 --- a/OSX/libsecurity_apple_file_dl/libsecurity_apple_file_dl.xcodeproj/project.pbxproj +++ /dev/null @@ -1,278 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - C2196B69053B59D4005808D4 /* AppleDLBuiltin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2196B68053B59D4005808D4 /* AppleDLBuiltin.cpp */; }; - C28436E00534880F000AE0FC /* AppleFileDL.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C28436DD0534880F000AE0FC /* AppleFileDL.cpp */; }; - C28436E10534880F000AE0FC /* AppleFileDL.h in Headers */ = {isa = PBXBuildFile; fileRef = C28436DE0534880F000AE0FC /* AppleFileDL.h */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 184460F9146E818D00B12992 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 184460F4146E818D00B12992 /* libsecurity_cdsa_plugin.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_cdsa_plugin; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXFileReference section */ - 184460E6146E808700B12992 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 184460E7146E808700B12992 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 184460E8146E808700B12992 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 184460E9146E808700B12992 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 184460F4146E818D00B12992 /* libsecurity_cdsa_plugin.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_cdsa_plugin.xcodeproj; path = ../libsecurity_cdsa_plugin/libsecurity_cdsa_plugin.xcodeproj; sourceTree = ""; }; - 4094B099057EA68B00B44BCC /* dl_common.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = dl_common.mdsinfo; sourceTree = ""; }; - 4094B09A057EA68B00B44BCC /* dl_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = dl_primary.mdsinfo; sourceTree = ""; }; - 4CA1FEBE052A3C8100F22E42 /* libsecurity_apple_file_dl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_apple_file_dl.a; sourceTree = BUILT_PRODUCTS_DIR; }; - C2196B68053B59D4005808D4 /* AppleDLBuiltin.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = AppleDLBuiltin.cpp; path = lib/AppleDLBuiltin.cpp; sourceTree = ""; }; - C28436DC0534880F000AE0FC /* AppleDLPlugin.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = AppleDLPlugin.cpp; sourceTree = ""; }; - C28436DD0534880F000AE0FC /* AppleFileDL.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = AppleFileDL.cpp; sourceTree = ""; }; - C28436DE0534880F000AE0FC /* AppleFileDL.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = AppleFileDL.h; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 184460E5146E808700B12992 /* config */ = { - isa = PBXGroup; - children = ( - 184460E6146E808700B12992 /* base.xcconfig */, - 184460E7146E808700B12992 /* debug.xcconfig */, - 184460E8146E808700B12992 /* lib.xcconfig */, - 184460E9146E808700B12992 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 184460F5146E818D00B12992 /* Products */ = { - isa = PBXGroup; - children = ( - 184460FA146E818D00B12992 /* libsecurity_cdsa_plugin.a */, - ); - name = Products; - sourceTree = ""; - }; - 4094B098057EA68B00B44BCC /* mds */ = { - isa = PBXGroup; - children = ( - 4094B099057EA68B00B44BCC /* dl_common.mdsinfo */, - 4094B09A057EA68B00B44BCC /* dl_primary.mdsinfo */, - ); - path = mds; - sourceTree = ""; - }; - 4CA1FEA7052A3C3800F22E42 = { - isa = PBXGroup; - children = ( - 184460F4146E818D00B12992 /* libsecurity_cdsa_plugin.xcodeproj */, - C28436DB0534880F000AE0FC /* lib */, - 184460E5146E808700B12992 /* config */, - C2196B68053B59D4005808D4 /* AppleDLBuiltin.cpp */, - 4094B098057EA68B00B44BCC /* mds */, - 4CA1FEBF052A3C8100F22E42 /* Products */, - ); - sourceTree = ""; - }; - 4CA1FEBF052A3C8100F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - 4CA1FEBE052A3C8100F22E42 /* libsecurity_apple_file_dl.a */, - ); - name = Products; - sourceTree = ""; - }; - C28436DB0534880F000AE0FC /* lib */ = { - isa = PBXGroup; - children = ( - C28436DC0534880F000AE0FC /* AppleDLPlugin.cpp */, - C28436DD0534880F000AE0FC /* AppleFileDL.cpp */, - C28436DE0534880F000AE0FC /* AppleFileDL.h */, - ); - path = lib; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 4CA1FEB9052A3C8100F22E42 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - C28436E10534880F000AE0FC /* AppleFileDL.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 4CA1FEBD052A3C8100F22E42 /* libsecurity_apple_file_dl */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD2770987FCDC001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_apple_file_dl" */; - buildPhases = ( - 4CA1FEB9052A3C8100F22E42 /* Headers */, - 4CA1FEBA052A3C8100F22E42 /* Sources */, - 4CA1FEBB052A3C8100F22E42 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_apple_file_dl; - productInstallPath = /usr/local/lib; - productName = libsecurity_apple_file_dl; - productReference = 4CA1FEBE052A3C8100F22E42 /* libsecurity_apple_file_dl.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEAB052A3C3800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD27B0987FCDC001272E0 /* Build configuration list for PBXProject "libsecurity_apple_file_dl" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - en, - ); - mainGroup = 4CA1FEA7052A3C3800F22E42; - productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 184460F5146E818D00B12992 /* Products */; - ProjectRef = 184460F4146E818D00B12992 /* libsecurity_cdsa_plugin.xcodeproj */; - }, - ); - projectRoot = ""; - targets = ( - 4CA1FEBD052A3C8100F22E42 /* libsecurity_apple_file_dl */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 184460FA146E818D00B12992 /* libsecurity_cdsa_plugin.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_cdsa_plugin.a; - remoteRef = 184460F9146E818D00B12992 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; -/* End PBXReferenceProxy section */ - -/* Begin PBXSourcesBuildPhase section */ - 4CA1FEBA052A3C8100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - C28436E00534880F000AE0FC /* AppleFileDL.cpp in Sources */, - C2196B69053B59D4005808D4 /* AppleDLBuiltin.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin XCBuildConfiguration section */ - C27AD2780987FCDC001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 184460E7146E808700B12992 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Debug; - }; - C27AD27A0987FCDC001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 184460E9146E808700B12992 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Release; - }; - C27AD27C0987FCDC001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 184460E8146E808700B12992 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD27E0987FCDC001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 184460E8146E808700B12992 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C27AD2770987FCDC001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_apple_file_dl" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD2780987FCDC001272E0 /* Debug */, - C27AD27A0987FCDC001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD27B0987FCDC001272E0 /* Build configuration list for PBXProject "libsecurity_apple_file_dl" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD27C0987FCDC001272E0 /* Debug */, - C27AD27E0987FCDC001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; -} diff --git a/OSX/libsecurity_apple_x509_cl/lib/AppleX509CL.cpp b/OSX/libsecurity_apple_x509_cl/lib/AppleX509CL.cpp index 187e429f..286e8d3c 100644 --- a/OSX/libsecurity_apple_x509_cl/lib/AppleX509CL.cpp +++ b/OSX/libsecurity_apple_x509_cl/lib/AppleX509CL.cpp @@ -58,6 +58,5 @@ PluginSession *AppleX509CL::makeSession( upcalls); default: CssmError::throwMe(CSSMERR_CSSM_INVALID_SERVICE_MASK); - return 0; // placebo } } diff --git a/OSX/libsecurity_apple_x509_cl/lib/clNameUtils.cpp b/OSX/libsecurity_apple_x509_cl/lib/clNameUtils.cpp index 4eb46399..1c64d003 100644 --- a/OSX/libsecurity_apple_x509_cl/lib/clNameUtils.cpp +++ b/OSX/libsecurity_apple_x509_cl/lib/clNameUtils.cpp @@ -431,7 +431,7 @@ void CL_cssmGeneralNameToNss( nssObj.item = cdsaObj.name; unsigned char itemTag; // for nssObj.tag bool doCopy = false; // unless we have to modify tag byte - unsigned char overrideTag; // to force context-specific tag for + unsigned char overrideTag = '\0'; // to force context-specific tag for // an ASN_ANY PRErrorCode prtn; diff --git a/OSX/libsecurity_apple_x509_cl/libsecurity_apple_x509_cl.xcodeproj/project.pbxproj b/OSX/libsecurity_apple_x509_cl/libsecurity_apple_x509_cl.xcodeproj/project.pbxproj deleted file mode 100644 index 15608529..00000000 --- a/OSX/libsecurity_apple_x509_cl/libsecurity_apple_x509_cl.xcodeproj/project.pbxproj +++ /dev/null @@ -1,506 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 4094AFC3057E9E3F00B44BCC /* AppleX509CLPlugin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284365C053485B1000AE0FC /* AppleX509CLPlugin.cpp */; }; - 4CEDA0F10612784300545384 /* cl_common.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4094B07D057EA5D400B44BCC /* cl_common.mdsinfo */; }; - 4CEDA0F20612784300545384 /* cl_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = 4094B07E057EA5D400B44BCC /* cl_primary.mdsinfo */; }; - C256F8E5053B20A300B26642 /* AppleX509CLBuiltin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C256F8E4053B20A300B26642 /* AppleX509CLBuiltin.cpp */; }; - C284367D053485B1000AE0FC /* AppleX509CL.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284365A053485B1000AE0FC /* AppleX509CL.cpp */; }; - C284367E053485B1000AE0FC /* AppleX509CL.h in Headers */ = {isa = PBXBuildFile; fileRef = C284365B053485B1000AE0FC /* AppleX509CL.h */; }; - C2843680053485B1000AE0FC /* AppleX509CLSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284365D053485B1000AE0FC /* AppleX509CLSession.cpp */; }; - C2843681053485B1000AE0FC /* AppleX509CLSession.h in Headers */ = {isa = PBXBuildFile; fileRef = C284365E053485B1000AE0FC /* AppleX509CLSession.h */; }; - C2843682053485B1000AE0FC /* CertFields.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284365F053485B1000AE0FC /* CertFields.cpp */; }; - C2843683053485B1000AE0FC /* CLCachedEntry.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843660053485B1000AE0FC /* CLCachedEntry.cpp */; }; - C2843684053485B1000AE0FC /* CLCachedEntry.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843661053485B1000AE0FC /* CLCachedEntry.h */; }; - C2843685053485B1000AE0FC /* CLCertExtensions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843662053485B1000AE0FC /* CLCertExtensions.cpp */; }; - C2843686053485B1000AE0FC /* CLCertExtensions.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843663053485B1000AE0FC /* CLCertExtensions.h */; }; - C2843687053485B1000AE0FC /* CLCrlExtensions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843664053485B1000AE0FC /* CLCrlExtensions.cpp */; }; - C2843688053485B1000AE0FC /* CLCrlExtensions.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843665053485B1000AE0FC /* CLCrlExtensions.h */; }; - C2843689053485B1000AE0FC /* cldebugging.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843666053485B1000AE0FC /* cldebugging.h */; }; - C284368A053485B1000AE0FC /* CLFieldsCommon.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843667053485B1000AE0FC /* CLFieldsCommon.cpp */; }; - C284368B053485B1000AE0FC /* CLFieldsCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843668053485B1000AE0FC /* CLFieldsCommon.h */; }; - C284368C053485B1000AE0FC /* clNameUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843669053485B1000AE0FC /* clNameUtils.cpp */; }; - C284368D053485B1000AE0FC /* clNameUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = C284366A053485B1000AE0FC /* clNameUtils.h */; }; - C284368E053485B1000AE0FC /* clNssUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284366B053485B1000AE0FC /* clNssUtils.cpp */; }; - C284368F053485B1000AE0FC /* clNssUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = C284366C053485B1000AE0FC /* clNssUtils.h */; }; - C2843690053485B1000AE0FC /* CrlFields.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284366D053485B1000AE0FC /* CrlFields.cpp */; }; - C2843691053485B1000AE0FC /* CSPAttacher.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284366E053485B1000AE0FC /* CSPAttacher.cpp */; }; - C2843692053485B1000AE0FC /* CSPAttacher.h in Headers */ = {isa = PBXBuildFile; fileRef = C284366F053485B1000AE0FC /* CSPAttacher.h */; }; - C2843693053485B1000AE0FC /* DecodedCert.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843670053485B1000AE0FC /* DecodedCert.cpp */; }; - C2843694053485B1000AE0FC /* DecodedCert.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843671053485B1000AE0FC /* DecodedCert.h */; }; - C2843695053485B1000AE0FC /* DecodedCrl.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843672053485B1000AE0FC /* DecodedCrl.cpp */; }; - C2843696053485B1000AE0FC /* DecodedCrl.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843673053485B1000AE0FC /* DecodedCrl.h */; }; - C2843697053485B1000AE0FC /* DecodedExtensions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843674053485B1000AE0FC /* DecodedExtensions.cpp */; }; - C2843698053485B1000AE0FC /* DecodedExtensions.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843675053485B1000AE0FC /* DecodedExtensions.h */; }; - C2843699053485B1000AE0FC /* DecodedItem.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843676053485B1000AE0FC /* DecodedItem.cpp */; }; - C284369A053485B1000AE0FC /* DecodedItem.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843677053485B1000AE0FC /* DecodedItem.h */; }; - C284369B053485B1000AE0FC /* LockedMap.h in Headers */ = {isa = PBXBuildFile; fileRef = C2843678053485B1000AE0FC /* LockedMap.h */; }; - C284369C053485B1000AE0FC /* Session_Cert.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2843679053485B1000AE0FC /* Session_Cert.cpp */; }; - C284369D053485B1000AE0FC /* Session_CRL.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284367A053485B1000AE0FC /* Session_CRL.cpp */; }; - C284369E053485B1000AE0FC /* Session_Crypto.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284367B053485B1000AE0FC /* Session_Crypto.cpp */; }; - C284369F053485B1000AE0FC /* Session_CSR.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284367C053485B1000AE0FC /* Session_CSR.cpp */; }; - C2D3112E053B225E00CB61B1 /* AppleX509CLPlugin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C284365C053485B1000AE0FC /* AppleX509CLPlugin.cpp */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 1844610C146E84E500B12992 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18446107146E84E500B12992 /* libsecurity_cdsa_plugin.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_cdsa_plugin; - }; - 4094B04E057EA52A00B44BCC /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_apple_x509_cl; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXFileReference section */ - 184460FE146E82B800B12992 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 184460FF146E82B800B12992 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 18446100146E82B800B12992 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 18446101146E82B800B12992 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 18446107146E84E500B12992 /* libsecurity_cdsa_plugin.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_cdsa_plugin.xcodeproj; path = ../libsecurity_cdsa_plugin/libsecurity_cdsa_plugin.xcodeproj; sourceTree = ""; }; - 4094B07D057EA5D400B44BCC /* cl_common.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = cl_common.mdsinfo; sourceTree = ""; }; - 4094B07E057EA5D400B44BCC /* cl_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = cl_primary.mdsinfo; sourceTree = ""; }; - 4CC7C27506127AA100E6CE35 /* libsecurity_apple_x509_cl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_apple_x509_cl.a; sourceTree = BUILT_PRODUCTS_DIR; }; - C207F277053B21E600FF85CB /* apple_x509_cl.bundle */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; path = apple_x509_cl.bundle; sourceTree = BUILT_PRODUCTS_DIR; }; - C256F8E4053B20A300B26642 /* AppleX509CLBuiltin.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = AppleX509CLBuiltin.cpp; sourceTree = ""; }; - C284365A053485B1000AE0FC /* AppleX509CL.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = AppleX509CL.cpp; sourceTree = ""; }; - C284365B053485B1000AE0FC /* AppleX509CL.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = AppleX509CL.h; sourceTree = ""; }; - C284365C053485B1000AE0FC /* AppleX509CLPlugin.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = AppleX509CLPlugin.cpp; sourceTree = ""; }; - C284365D053485B1000AE0FC /* AppleX509CLSession.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = AppleX509CLSession.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C284365E053485B1000AE0FC /* AppleX509CLSession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = AppleX509CLSession.h; sourceTree = ""; }; - C284365F053485B1000AE0FC /* CertFields.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CertFields.cpp; sourceTree = ""; }; - C2843660053485B1000AE0FC /* CLCachedEntry.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CLCachedEntry.cpp; sourceTree = ""; }; - C2843661053485B1000AE0FC /* CLCachedEntry.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CLCachedEntry.h; sourceTree = ""; }; - C2843662053485B1000AE0FC /* CLCertExtensions.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CLCertExtensions.cpp; sourceTree = ""; }; - C2843663053485B1000AE0FC /* CLCertExtensions.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CLCertExtensions.h; sourceTree = ""; }; - C2843664053485B1000AE0FC /* CLCrlExtensions.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CLCrlExtensions.cpp; sourceTree = ""; }; - C2843665053485B1000AE0FC /* CLCrlExtensions.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CLCrlExtensions.h; sourceTree = ""; }; - C2843666053485B1000AE0FC /* cldebugging.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = cldebugging.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - C2843667053485B1000AE0FC /* CLFieldsCommon.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CLFieldsCommon.cpp; sourceTree = ""; }; - C2843668053485B1000AE0FC /* CLFieldsCommon.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CLFieldsCommon.h; sourceTree = ""; }; - C2843669053485B1000AE0FC /* clNameUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = clNameUtils.cpp; sourceTree = ""; }; - C284366A053485B1000AE0FC /* clNameUtils.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = clNameUtils.h; sourceTree = ""; }; - C284366B053485B1000AE0FC /* clNssUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = clNssUtils.cpp; sourceTree = ""; }; - C284366C053485B1000AE0FC /* clNssUtils.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = clNssUtils.h; sourceTree = ""; }; - C284366D053485B1000AE0FC /* CrlFields.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CrlFields.cpp; sourceTree = ""; }; - C284366E053485B1000AE0FC /* CSPAttacher.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CSPAttacher.cpp; sourceTree = ""; }; - C284366F053485B1000AE0FC /* CSPAttacher.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CSPAttacher.h; sourceTree = ""; }; - C2843670053485B1000AE0FC /* DecodedCert.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = DecodedCert.cpp; sourceTree = ""; }; - C2843671053485B1000AE0FC /* DecodedCert.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DecodedCert.h; sourceTree = ""; }; - C2843672053485B1000AE0FC /* DecodedCrl.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = DecodedCrl.cpp; sourceTree = ""; }; - C2843673053485B1000AE0FC /* DecodedCrl.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DecodedCrl.h; sourceTree = ""; }; - C2843674053485B1000AE0FC /* DecodedExtensions.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = DecodedExtensions.cpp; sourceTree = ""; }; - C2843675053485B1000AE0FC /* DecodedExtensions.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DecodedExtensions.h; sourceTree = ""; }; - C2843676053485B1000AE0FC /* DecodedItem.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = DecodedItem.cpp; sourceTree = ""; }; - C2843677053485B1000AE0FC /* DecodedItem.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DecodedItem.h; sourceTree = ""; }; - C2843678053485B1000AE0FC /* LockedMap.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = LockedMap.h; sourceTree = ""; }; - C2843679053485B1000AE0FC /* Session_Cert.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = Session_Cert.cpp; sourceTree = ""; }; - C284367A053485B1000AE0FC /* Session_CRL.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = Session_CRL.cpp; sourceTree = ""; }; - C284367B053485B1000AE0FC /* Session_Crypto.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = Session_Crypto.cpp; sourceTree = ""; }; - C284367C053485B1000AE0FC /* Session_CSR.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = Session_CSR.cpp; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CEDA0FD0612788200545384 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 184460FD146E82B800B12992 /* config */ = { - isa = PBXGroup; - children = ( - 184460FE146E82B800B12992 /* base.xcconfig */, - 184460FF146E82B800B12992 /* debug.xcconfig */, - 18446100146E82B800B12992 /* lib.xcconfig */, - 18446101146E82B800B12992 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 18446108146E84E500B12992 /* Products */ = { - isa = PBXGroup; - children = ( - 1844610D146E84E500B12992 /* libsecurity_cdsa_plugin.a */, - ); - name = Products; - sourceTree = ""; - }; - 4094B07C057EA5D400B44BCC /* mds */ = { - isa = PBXGroup; - children = ( - 4094B07D057EA5D400B44BCC /* cl_common.mdsinfo */, - 4094B07E057EA5D400B44BCC /* cl_primary.mdsinfo */, - ); - path = mds; - sourceTree = ""; - }; - 4CA1FEA7052A3C3800F22E42 = { - isa = PBXGroup; - children = ( - 18446107146E84E500B12992 /* libsecurity_cdsa_plugin.xcodeproj */, - C2843659053485B1000AE0FC /* lib */, - 184460FD146E82B800B12992 /* config */, - 4094B07C057EA5D400B44BCC /* mds */, - 4CA1FEBF052A3C8100F22E42 /* Products */, - ); - sourceTree = ""; - }; - 4CA1FEBF052A3C8100F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - C207F277053B21E600FF85CB /* apple_x509_cl.bundle */, - 4CC7C27506127AA100E6CE35 /* libsecurity_apple_x509_cl.a */, - ); - name = Products; - sourceTree = ""; - }; - C2843659053485B1000AE0FC /* lib */ = { - isa = PBXGroup; - children = ( - C284365A053485B1000AE0FC /* AppleX509CL.cpp */, - C284365B053485B1000AE0FC /* AppleX509CL.h */, - C256F8E4053B20A300B26642 /* AppleX509CLBuiltin.cpp */, - C284365C053485B1000AE0FC /* AppleX509CLPlugin.cpp */, - C284365D053485B1000AE0FC /* AppleX509CLSession.cpp */, - C284365E053485B1000AE0FC /* AppleX509CLSession.h */, - C284365F053485B1000AE0FC /* CertFields.cpp */, - C2843660053485B1000AE0FC /* CLCachedEntry.cpp */, - C2843661053485B1000AE0FC /* CLCachedEntry.h */, - C2843662053485B1000AE0FC /* CLCertExtensions.cpp */, - C2843663053485B1000AE0FC /* CLCertExtensions.h */, - C2843664053485B1000AE0FC /* CLCrlExtensions.cpp */, - C2843665053485B1000AE0FC /* CLCrlExtensions.h */, - C2843666053485B1000AE0FC /* cldebugging.h */, - C2843667053485B1000AE0FC /* CLFieldsCommon.cpp */, - C2843668053485B1000AE0FC /* CLFieldsCommon.h */, - C2843669053485B1000AE0FC /* clNameUtils.cpp */, - C284366A053485B1000AE0FC /* clNameUtils.h */, - C284366B053485B1000AE0FC /* clNssUtils.cpp */, - C284366C053485B1000AE0FC /* clNssUtils.h */, - C284366D053485B1000AE0FC /* CrlFields.cpp */, - C284366E053485B1000AE0FC /* CSPAttacher.cpp */, - C284366F053485B1000AE0FC /* CSPAttacher.h */, - C2843670053485B1000AE0FC /* DecodedCert.cpp */, - C2843671053485B1000AE0FC /* DecodedCert.h */, - C2843672053485B1000AE0FC /* DecodedCrl.cpp */, - C2843673053485B1000AE0FC /* DecodedCrl.h */, - C2843674053485B1000AE0FC /* DecodedExtensions.cpp */, - C2843675053485B1000AE0FC /* DecodedExtensions.h */, - C2843676053485B1000AE0FC /* DecodedItem.cpp */, - C2843677053485B1000AE0FC /* DecodedItem.h */, - C2843678053485B1000AE0FC /* LockedMap.h */, - C2843679053485B1000AE0FC /* Session_Cert.cpp */, - C284367A053485B1000AE0FC /* Session_CRL.cpp */, - C284367B053485B1000AE0FC /* Session_Crypto.cpp */, - C284367C053485B1000AE0FC /* Session_CSR.cpp */, - ); - path = lib; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 4CA1FEB9052A3C8100F22E42 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - C284367E053485B1000AE0FC /* AppleX509CL.h in Headers */, - C2843681053485B1000AE0FC /* AppleX509CLSession.h in Headers */, - C2843684053485B1000AE0FC /* CLCachedEntry.h in Headers */, - C2843686053485B1000AE0FC /* CLCertExtensions.h in Headers */, - C2843688053485B1000AE0FC /* CLCrlExtensions.h in Headers */, - C2843689053485B1000AE0FC /* cldebugging.h in Headers */, - C284368B053485B1000AE0FC /* CLFieldsCommon.h in Headers */, - C284368D053485B1000AE0FC /* clNameUtils.h in Headers */, - C284368F053485B1000AE0FC /* clNssUtils.h in Headers */, - C2843692053485B1000AE0FC /* CSPAttacher.h in Headers */, - C2843694053485B1000AE0FC /* DecodedCert.h in Headers */, - C2843696053485B1000AE0FC /* DecodedCrl.h in Headers */, - C2843698053485B1000AE0FC /* DecodedExtensions.h in Headers */, - C284369A053485B1000AE0FC /* DecodedItem.h in Headers */, - C284369B053485B1000AE0FC /* LockedMap.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 4CA1FEBD052A3C8100F22E42 /* libsecurity_apple_x509_cl */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD2850987FCDC001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_apple_x509_cl" */; - buildPhases = ( - 4CA1FEB9052A3C8100F22E42 /* Headers */, - 4CA1FEBA052A3C8100F22E42 /* Sources */, - 4CA1FEBB052A3C8100F22E42 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_apple_x509_cl; - productInstallPath = /usr/local/lib; - productName = libsecurity_apple_x509_cl; - productReference = 4CC7C27506127AA100E6CE35 /* libsecurity_apple_x509_cl.a */; - productType = "com.apple.product-type.library.static"; - }; - C207F276053B21E600FF85CB /* plugin_apple_x509_cl */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD2890987FCDC001272E0 /* Build configuration list for PBXNativeTarget "plugin_apple_x509_cl" */; - buildPhases = ( - C207F272053B21E600FF85CB /* Resources */, - C207F273053B21E600FF85CB /* Sources */, - 4CEDA0FD0612788200545384 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - C2AAE44B053B54E2009142E3 /* PBXTargetDependency */, - ); - name = plugin_apple_x509_cl; - productInstallPath = "$(USER_LIBRARY_DIR)/Bundles"; - productName = plugin_apple_x509_cl; - productReference = C207F277053B21E600FF85CB /* apple_x509_cl.bundle */; - productType = "com.apple.product-type.bundle"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEAB052A3C3800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD28D0987FCDC001272E0 /* Build configuration list for PBXProject "libsecurity_apple_x509_cl" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - en, - ); - mainGroup = 4CA1FEA7052A3C3800F22E42; - productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 18446108146E84E500B12992 /* Products */; - ProjectRef = 18446107146E84E500B12992 /* libsecurity_cdsa_plugin.xcodeproj */; - }, - ); - projectRoot = ""; - targets = ( - 4CA1FEBD052A3C8100F22E42 /* libsecurity_apple_x509_cl */, - C207F276053B21E600FF85CB /* plugin_apple_x509_cl */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 1844610D146E84E500B12992 /* libsecurity_cdsa_plugin.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_cdsa_plugin.a; - remoteRef = 1844610C146E84E500B12992 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; -/* End PBXReferenceProxy section */ - -/* Begin PBXResourcesBuildPhase section */ - C207F272053B21E600FF85CB /* Resources */ = { - isa = PBXResourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4CEDA0F10612784300545384 /* cl_common.mdsinfo in Resources */, - 4CEDA0F20612784300545384 /* cl_primary.mdsinfo in Resources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXResourcesBuildPhase section */ - -/* Begin PBXSourcesBuildPhase section */ - 4CA1FEBA052A3C8100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - C284367D053485B1000AE0FC /* AppleX509CL.cpp in Sources */, - C2843680053485B1000AE0FC /* AppleX509CLSession.cpp in Sources */, - C2843682053485B1000AE0FC /* CertFields.cpp in Sources */, - C2843683053485B1000AE0FC /* CLCachedEntry.cpp in Sources */, - C2843685053485B1000AE0FC /* CLCertExtensions.cpp in Sources */, - C2843687053485B1000AE0FC /* CLCrlExtensions.cpp in Sources */, - C284368A053485B1000AE0FC /* CLFieldsCommon.cpp in Sources */, - C284368C053485B1000AE0FC /* clNameUtils.cpp in Sources */, - C284368E053485B1000AE0FC /* clNssUtils.cpp in Sources */, - C2843690053485B1000AE0FC /* CrlFields.cpp in Sources */, - C2843691053485B1000AE0FC /* CSPAttacher.cpp in Sources */, - C2843693053485B1000AE0FC /* DecodedCert.cpp in Sources */, - C2843695053485B1000AE0FC /* DecodedCrl.cpp in Sources */, - C2843697053485B1000AE0FC /* DecodedExtensions.cpp in Sources */, - C2843699053485B1000AE0FC /* DecodedItem.cpp in Sources */, - C284369C053485B1000AE0FC /* Session_Cert.cpp in Sources */, - C284369D053485B1000AE0FC /* Session_CRL.cpp in Sources */, - C284369E053485B1000AE0FC /* Session_Crypto.cpp in Sources */, - C284369F053485B1000AE0FC /* Session_CSR.cpp in Sources */, - C256F8E5053B20A300B26642 /* AppleX509CLBuiltin.cpp in Sources */, - 4094AFC3057E9E3F00B44BCC /* AppleX509CLPlugin.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - C207F273053B21E600FF85CB /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - C2D3112E053B225E00CB61B1 /* AppleX509CLPlugin.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - C2AAE44B053B54E2009142E3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4CA1FEBD052A3C8100F22E42 /* libsecurity_apple_x509_cl */; - targetProxy = 4094B04E057EA52A00B44BCC /* PBXContainerItemProxy */; - }; -/* End PBXTargetDependency section */ - -/* Begin XCBuildConfiguration section */ - C27AD2860987FCDC001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 184460FF146E82B800B12992 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Debug; - }; - C27AD2880987FCDC001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18446101146E82B800B12992 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Release; - }; - C27AD28A0987FCDC001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - EXECUTABLE_PREFIX = ""; - INFOPLIST_FILE = "Info-plugin_apple_x509_cl.plist"; - PRODUCT_NAME = apple_x509_cl; - WRAPPER_EXTENSION = bundle; - }; - name = Debug; - }; - C27AD28C0987FCDC001272E0 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - EXECUTABLE_PREFIX = ""; - INFOPLIST_FILE = "Info-plugin_apple_x509_cl.plist"; - PRODUCT_NAME = apple_x509_cl; - WRAPPER_EXTENSION = bundle; - }; - name = Release; - }; - C27AD28E0987FCDC001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18446100146E82B800B12992 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD2900987FCDC001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18446100146E82B800B12992 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C27AD2850987FCDC001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_apple_x509_cl" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD2860987FCDC001272E0 /* Debug */, - C27AD2880987FCDC001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD2890987FCDC001272E0 /* Build configuration list for PBXNativeTarget "plugin_apple_x509_cl" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD28A0987FCDC001272E0 /* Debug */, - C27AD28C0987FCDC001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD28D0987FCDC001272E0 /* Build configuration list for PBXProject "libsecurity_apple_x509_cl" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD28E0987FCDC001272E0 /* Debug */, - C27AD2900987FCDC001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; -} diff --git a/OSX/libsecurity_apple_x509_tp/lib/AppleTP.cpp b/OSX/libsecurity_apple_x509_tp/lib/AppleTP.cpp index f61d5475..8012cab2 100644 --- a/OSX/libsecurity_apple_x509_tp/lib/AppleTP.cpp +++ b/OSX/libsecurity_apple_x509_tp/lib/AppleTP.cpp @@ -57,6 +57,5 @@ PluginSession *AppleTP::makeSession( upcalls); default: CssmError::throwMe(CSSMERR_CSSM_INVALID_SERVICE_MASK); - return 0; // placebo } } diff --git a/OSX/libsecurity_apple_x509_tp/lib/TPCrlInfo.cpp b/OSX/libsecurity_apple_x509_tp/lib/TPCrlInfo.cpp index 54a5a249..4e5ca56b 100644 --- a/OSX/libsecurity_apple_x509_tp/lib/TPCrlInfo.cpp +++ b/OSX/libsecurity_apple_x509_tp/lib/TPCrlInfo.cpp @@ -291,6 +291,7 @@ CSSM_RETURN TPCrlInfo::parseExtensions( "CE_CDNT_NameRelativeToCrlIssuer not implemented\n"); break; } +#if 0 /* relativeName is a RDN sequence */ CSSM_X509_RDN_PTR idpName = idp->distPointName->dpn.rdn; CSSM_X509_RDN_PTR certName = dp->distPointName->dpn.rdn; @@ -311,6 +312,7 @@ CSSM_RETURN TPCrlInfo::parseExtensions( /* All the pairs matched. */ found = CSSM_TRUE; } +#endif } case CE_CDNT_FullName: { /* fullName is a GeneralNames sequence */ diff --git a/OSX/libsecurity_apple_x509_tp/lib/certGroupUtils.cpp b/OSX/libsecurity_apple_x509_tp/lib/certGroupUtils.cpp index 97700ebf..614fe81b 100644 --- a/OSX/libsecurity_apple_x509_tp/lib/certGroupUtils.cpp +++ b/OSX/libsecurity_apple_x509_tp/lib/certGroupUtils.cpp @@ -516,7 +516,6 @@ CSSM_BOOL tpCompareHostNames( } while(1); /* NOT REACHED */ //assert(0): - return CSSM_FALSE; } /* diff --git a/OSX/libsecurity_apple_x509_tp/lib/tpCertAllowList.c b/OSX/libsecurity_apple_x509_tp/lib/tpCertAllowList.c deleted file mode 100644 index da3050ab..00000000 --- a/OSX/libsecurity_apple_x509_tp/lib/tpCertAllowList.c +++ /dev/null @@ -1,234 +0,0 @@ -/* - * Copyright (c) 2015 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/* - * tpCertAllowList.c - List of allowed certificates without a trusted root - */ - - -#include -#include - -#include "certGroupUtils.h" -#include "TPCertInfo.h" -#include "TPCrlInfo.h" -#include "tpPolicies.h" -#include "tpdebugging.h" -#include "tpCrlVerify.h" - -#include -#include -#include "tpCertAllowList.h" -#include -#include -#include -#include -#include - - -#if !SECTRUST_OSX - -static CFStringRef kSecSystemTrustStoreBundlePath = CFSTR("/System/Library/Security/Certificates.bundle"); - -static CFURLRef SecSystemTrustStoreCopyResourceURL(CFStringRef resourceName, - CFStringRef resourceType, CFStringRef subDirName) -{ - CFURLRef rsrcUrl = NULL; - CFBundleRef bundle = NULL; - - CFURLRef bundleUrl = CFURLCreateWithFileSystemPath(kCFAllocatorDefault, kSecSystemTrustStoreBundlePath, kCFURLPOSIXPathStyle, true); - if (bundleUrl) { - bundle = CFBundleCreate(kCFAllocatorDefault, bundleUrl); - CFRelease(bundleUrl); - } - - if (bundle) { - rsrcUrl = CFBundleCopyResourceURL(bundle, resourceName, resourceType, subDirName); - if (!rsrcUrl) { - tpDebug("resource: not found"); - } - CFRelease(bundle); - } - - return rsrcUrl; -} - -static CFDataRef SecSystemTrustStoreCopyResourceContents(CFStringRef resourceName, - CFStringRef resourceType, CFStringRef subDirName) -{ - CFURLRef url = SecSystemTrustStoreCopyResourceURL(resourceName, resourceType, subDirName); - CFDataRef data = NULL; - if (url) { - SInt32 error; - if (!CFURLCreateDataAndPropertiesFromResource(kCFAllocatorDefault, - url, &data, NULL, NULL, &error)) { - tpDebug("Allow list read: %ld", (long) error); - } - CFRelease(url); - } - return data; -} - -static CFDictionaryRef InitializeAllowList() -{ - CFDataRef xmlData = NULL; - // Use the file in the system trust store bundle - xmlData = SecSystemTrustStoreCopyResourceContents(CFSTR("Allowed"), CFSTR("plist"), NULL); - - CFPropertyListRef allowList = NULL; - if (xmlData) { - allowList = CFPropertyListCreateWithData(kCFAllocatorDefault, xmlData, kCFPropertyListImmutable, NULL, NULL); - CFRelease(xmlData); - } - - if (allowList && (CFGetTypeID(allowList) == CFDictionaryGetTypeID())) { - return (CFDictionaryRef) allowList; - } else { - if (allowList) - CFRelease(allowList); - return NULL; - } -} - -/* helper functions borrowed from SecCFWrappers */ -static inline CFComparisonResult CFDataCompare(CFDataRef left, CFDataRef right) -{ - const size_t left_size = CFDataGetLength(left); - const size_t right_size = CFDataGetLength(right); - const size_t shortest = (left_size <= right_size) ? left_size : right_size; - - int comparison = memcmp(CFDataGetBytePtr(left), CFDataGetBytePtr(right), shortest); - - if (comparison > 0 || (comparison == 0 && left_size > right_size)) - return kCFCompareGreaterThan; - else if (comparison < 0 || (comparison == 0 && left_size < right_size)) - return kCFCompareLessThan; - else - return kCFCompareEqualTo; -} - -static inline void CFStringAppendHexData(CFMutableStringRef s, CFDataRef data) { - const uint8_t *bytes = CFDataGetBytePtr(data); - CFIndex len = CFDataGetLength(data); - for (CFIndex ix = 0; ix < len; ++ix) { - CFStringAppendFormat(s, 0, CFSTR("%02X"), bytes[ix]); - } -} - -static inline CF_RETURNS_RETAINED CFStringRef CFDataCopyHexString(CFDataRef data) { - CFMutableStringRef hexString = CFStringCreateMutable(kCFAllocatorDefault, 2 * CFDataGetLength(data)); - CFStringAppendHexData(hexString, data); - return hexString; -} - -CSSM_RETURN tpCheckCertificateAllowList(TPCertGroup &certGroup) { - CSSM_RETURN result = CSSMERR_TP_NOT_TRUSTED; - unsigned numCerts = certGroup.numCerts(); - int i; - CFRange range; - CFArrayRef allowedCerts = NULL; - - TPCertInfo *last = certGroup.lastCert(); - if (!last) { - return result; - } - - /* parse authority key ID from certificate that would have been signed by a distrusted root */ - const CSSM_DATA *authKeyID = last->authorityKeyID(); - if (!authKeyID || !authKeyID->Data) { - return result; - } - - CSSM_X509_EXTENSION *ake = (CSSM_X509_EXTENSION *)authKeyID->Data; - if (!ake || ake->format != CSSM_X509_DATAFORMAT_PARSED) { - return result; - } - - const CE_AuthorityKeyID *akid = (CE_AuthorityKeyID *)ake->value.parsedValue; - if (!akid || !akid->keyIdentifierPresent) { - return result; - } - - CFDataRef akData = CFDataCreate(kCFAllocatorDefault, akid->keyIdentifier.Data, akid->keyIdentifier.Length); - CFStringRef akString = CFDataCopyHexString(akData); - - /* search allow list for allowed certs for this distrusted root */ - CFDictionaryRef allowList = InitializeAllowList(); - if (NULL == allowList) { - goto errout; - } - - allowedCerts = (CFArrayRef)CFDictionaryGetValue(allowList, akString); - if (!allowedCerts || !CFArrayGetCount(allowedCerts)) { - goto errout; - } - - /* found some allowed certificates: check whether a certificate in this chain is present */ - range = CFRangeMake(0, CFArrayGetCount(allowedCerts)); - for (i = 0; i < numCerts; i++) { - TPCertInfo *cert = certGroup.certAtIndex(i); - UInt8 hashBytes[CC_SHA256_DIGEST_LENGTH] = {0}; - - const CSSM_DATA *certData = cert->itemData(); - if (!certData || !certData->Data || (certData->Length <= 0)) { - goto errout; - } - - int err = CCDigest(kCCDigestSHA256, certData->Data, certData->Length, hashBytes); - if (err) { - goto errout; - } - - CFDataRef hashData = CFDataCreate(kCFAllocatorDefault, hashBytes, sizeof(hashBytes)); - - CFIndex position = CFArrayBSearchValues(allowedCerts, range, hashData, (CFComparatorFunction)CFDataCompare, NULL); - if (position < CFArrayGetCount(allowedCerts)) { - CFDataRef possibleMatch = (CFDataRef) CFArrayGetValueAtIndex(allowedCerts, position); - if (!CFDataCompare(hashData, possibleMatch)) { - //this cert is in the allowlist - result = CSSM_OK; - } - } - CFRelease(hashData); - } - -errout: - if (akString) - CFRelease(akString); - if (akData) - CFRelease(akData); - if (allowList) - CFRelease(allowList); - return result; -} - -#else - -/* Legacy code path, only known to be used by IdentityCursorPolicyAndID::next. (rdar://28622060) */ - -CSSM_RETURN tpCheckCertificateAllowList(TPCertGroup &certGroup) { - return CSSMERR_TP_NOT_TRUSTED; -} - -#endif /* !SECTRUST_OSX */ - diff --git a/OSX/libsecurity_apple_x509_tp/lib/tpCertAllowList.h b/OSX/libsecurity_apple_x509_tp/lib/tpCertAllowList.h deleted file mode 100644 index ef17f5aa..00000000 --- a/OSX/libsecurity_apple_x509_tp/lib/tpCertAllowList.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2015 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header tpCertAllowList.h -*/ - - -#include -#include -#include -#include -#include "TPCertInfo.h" -#include "tpCrlVerify.h" - -#ifndef _SECURITY_TPCERTALLOWLIST_H_ -#define _SECURITY_TPCERTALLOWLIST_H_ - -__BEGIN_DECLS - -CSSM_RETURN tpCheckCertificateAllowList(TPCertGroup &certGroup); - -__END_DECLS - -#endif /* _SECURITY_TPCERTALLOWLIST_H_ */ diff --git a/OSX/libsecurity_apple_x509_tp/lib/tpCertGroup.cpp b/OSX/libsecurity_apple_x509_tp/lib/tpCertGroup.cpp index bce6c08a..0ad65a53 100644 --- a/OSX/libsecurity_apple_x509_tp/lib/tpCertGroup.cpp +++ b/OSX/libsecurity_apple_x509_tp/lib/tpCertGroup.cpp @@ -24,7 +24,6 @@ #include "certGroupUtils.h" #include "TPCertInfo.h" #include "TPCrlInfo.h" -#include "tpCertAllowList.h" #include "tpPolicies.h" #include "tpdebugging.h" #include "tpCrlVerify.h" @@ -736,13 +735,7 @@ void AppleTPSession::CertGroupVerify(CSSM_CL_HANDLE clHand, outCertGroup.isAllowedError(constructReturn)) { constructReturn = CSSM_OK; } - - /* - * Allow non-trusted root if whitelist check permits - */ - if (constructReturn == CSSMERR_TP_NOT_TRUSTED) { - constructReturn = tpCheckCertificateAllowList(outCertGroup); - } + break; } diff --git a/OSX/libsecurity_apple_x509_tp/lib/tpPolicies.cpp b/OSX/libsecurity_apple_x509_tp/lib/tpPolicies.cpp index 1efe3945..32132a5c 100644 --- a/OSX/libsecurity_apple_x509_tp/lib/tpPolicies.cpp +++ b/OSX/libsecurity_apple_x509_tp/lib/tpPolicies.cpp @@ -636,7 +636,7 @@ static CSSM_BOOL tpCompareSubjectName( CSSM_BOOL ourRtn = CSSM_FALSE; const CSSM_OID *oidSrch; - const char x500_userid_oid[] = { 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01 }; + const unsigned char x500_userid_oid[] = { 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01 }; CSSM_OID X500_UserID_OID = { sizeof(x500_userid_oid), (uint8*)x500_userid_oid }; fieldFound = false; @@ -688,7 +688,7 @@ static CSSM_BOOL tpCompareSubjectName( case SN_CommonName: { /* handle odd encodings that we need to convert to 8-bit */ - CFStringBuiltInEncodings encoding; + CFStringBuiltInEncodings encoding = kCFStringEncodingUnicode; CFDataRef cfd = NULL; bool doConvert = false; switch(ptvp->valueType) { diff --git a/OSX/libsecurity_apple_x509_tp/libsecurity_apple_x509_tp.xcodeproj/project.pbxproj b/OSX/libsecurity_apple_x509_tp/libsecurity_apple_x509_tp.xcodeproj/project.pbxproj deleted file mode 100644 index 649180fa..00000000 --- a/OSX/libsecurity_apple_x509_tp/libsecurity_apple_x509_tp.xcodeproj/project.pbxproj +++ /dev/null @@ -1,417 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 0544C53506A8718D00F54E48 /* ocspRequest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0544C52D06A8718D00F54E48 /* ocspRequest.cpp */; }; - 0544C53606A8718D00F54E48 /* ocspRequest.h in Headers */ = {isa = PBXBuildFile; fileRef = 0544C52E06A8718D00F54E48 /* ocspRequest.h */; }; - 0544C53706A8718D00F54E48 /* tpOcspCache.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0544C52F06A8718D00F54E48 /* tpOcspCache.cpp */; }; - 0544C53806A8718D00F54E48 /* tpOcspCache.h in Headers */ = {isa = PBXBuildFile; fileRef = 0544C53006A8718D00F54E48 /* tpOcspCache.h */; }; - 0544C53906A8718D00F54E48 /* tpOcspCertVfy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0544C53106A8718D00F54E48 /* tpOcspCertVfy.cpp */; }; - 0544C53A06A8718D00F54E48 /* tpOcspCertVfy.h in Headers */ = {isa = PBXBuildFile; fileRef = 0544C53206A8718D00F54E48 /* tpOcspCertVfy.h */; }; - 0544C53B06A8718D00F54E48 /* tpOcspVerify.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0544C53306A8718D00F54E48 /* tpOcspVerify.cpp */; }; - 0544C53C06A8718D00F54E48 /* tpOcspVerify.h in Headers */ = {isa = PBXBuildFile; fileRef = 0544C53406A8718D00F54E48 /* tpOcspVerify.h */; }; - 859345901B0A575D00DBAFCE /* tpCertAllowList.c in Sources */ = {isa = PBXBuildFile; fileRef = 8593458E1B0A575D00DBAFCE /* tpCertAllowList.c */; }; - 859345911B0A575D00DBAFCE /* tpCertAllowList.h in Headers */ = {isa = PBXBuildFile; fileRef = 8593458F1B0A575D00DBAFCE /* tpCertAllowList.h */; }; - BE4866E211A21E3C00361B64 /* cuEnc64.c in Sources */ = {isa = PBXBuildFile; fileRef = BE4866E011A21E3C00361B64 /* cuEnc64.c */; }; - BE4866E311A21E3C00361B64 /* cuEnc64.h in Headers */ = {isa = PBXBuildFile; fileRef = BE4866E111A21E3C00361B64 /* cuEnc64.h */; }; - C2196B77053B5A2B005808D4 /* AppleX509TPBuiltin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2196B76053B5A2B005808D4 /* AppleX509TPBuiltin.cpp */; }; - C2B5C4F00534C6AA00AF53F5 /* AppleTP.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2B5C4D40534C6AA00AF53F5 /* AppleTP.cpp */; }; - C2B5C4F10534C6AA00AF53F5 /* AppleTP.h in Headers */ = {isa = PBXBuildFile; fileRef = C2B5C4D50534C6AA00AF53F5 /* AppleTP.h */; }; - C2B5C4F20534C6AA00AF53F5 /* AppleTPSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2B5C4D60534C6AA00AF53F5 /* AppleTPSession.cpp */; }; - C2B5C4F30534C6AA00AF53F5 /* AppleTPSession.h in Headers */ = {isa = PBXBuildFile; fileRef = C2B5C4D70534C6AA00AF53F5 /* AppleTPSession.h */; }; - C2B5C4F50534C6AA00AF53F5 /* certGroupUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2B5C4D90534C6AA00AF53F5 /* certGroupUtils.cpp */; }; - C2B5C4F60534C6AA00AF53F5 /* certGroupUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = C2B5C4DA0534C6AA00AF53F5 /* certGroupUtils.h */; }; - C2B5C4FB0534C6AA00AF53F5 /* tpCertGroup.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2B5C4DF0534C6AA00AF53F5 /* tpCertGroup.cpp */; }; - C2B5C4FC0534C6AA00AF53F5 /* TPCertInfo.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2B5C4E00534C6AA00AF53F5 /* TPCertInfo.cpp */; }; - C2B5C4FD0534C6AA00AF53F5 /* TPCertInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = C2B5C4E10534C6AA00AF53F5 /* TPCertInfo.h */; }; - C2B5C4FE0534C6AA00AF53F5 /* tpCredRequest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2B5C4E20534C6AA00AF53F5 /* tpCredRequest.cpp */; }; - C2B5C4FF0534C6AA00AF53F5 /* TPCrlInfo.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2B5C4E30534C6AA00AF53F5 /* TPCrlInfo.cpp */; }; - C2B5C5000534C6AA00AF53F5 /* TPCrlInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = C2B5C4E40534C6AA00AF53F5 /* TPCrlInfo.h */; }; - C2B5C5010534C6AA00AF53F5 /* tpCrlVerify.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2B5C4E50534C6AA00AF53F5 /* tpCrlVerify.cpp */; }; - C2B5C5020534C6AA00AF53F5 /* tpCrlVerify.h in Headers */ = {isa = PBXBuildFile; fileRef = C2B5C4E60534C6AA00AF53F5 /* tpCrlVerify.h */; }; - C2B5C5030534C6AA00AF53F5 /* TPDatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2B5C4E70534C6AA00AF53F5 /* TPDatabase.cpp */; }; - C2B5C5040534C6AA00AF53F5 /* TPDatabase.h in Headers */ = {isa = PBXBuildFile; fileRef = C2B5C4E80534C6AA00AF53F5 /* TPDatabase.h */; }; - C2B5C5050534C6AA00AF53F5 /* tpdebugging.h in Headers */ = {isa = PBXBuildFile; fileRef = C2B5C4E90534C6AA00AF53F5 /* tpdebugging.h */; }; - C2B5C5060534C6AA00AF53F5 /* TPNetwork.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2B5C4EA0534C6AA00AF53F5 /* TPNetwork.cpp */; }; - C2B5C5070534C6AA00AF53F5 /* TPNetwork.h in Headers */ = {isa = PBXBuildFile; fileRef = C2B5C4EB0534C6AA00AF53F5 /* TPNetwork.h */; }; - C2B5C5080534C6AA00AF53F5 /* tpPolicies.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2B5C4EC0534C6AA00AF53F5 /* tpPolicies.cpp */; }; - C2B5C5090534C6AA00AF53F5 /* tpPolicies.h in Headers */ = {isa = PBXBuildFile; fileRef = C2B5C4ED0534C6AA00AF53F5 /* tpPolicies.h */; }; - C2B5C50A0534C6AA00AF53F5 /* tpTime.c in Sources */ = {isa = PBXBuildFile; fileRef = C2B5C4EE0534C6AA00AF53F5 /* tpTime.c */; }; - C2B5C50B0534C6AA00AF53F5 /* tpTime.h in Headers */ = {isa = PBXBuildFile; fileRef = C2B5C4EF0534C6AA00AF53F5 /* tpTime.h */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 18446123146E86A900B12992 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1844611E146E86A900B12992 /* libsecurity_cdsa_plugin.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_cdsa_plugin; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXFileReference section */ - 0544C52D06A8718D00F54E48 /* ocspRequest.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = ocspRequest.cpp; sourceTree = ""; }; - 0544C52E06A8718D00F54E48 /* ocspRequest.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ocspRequest.h; sourceTree = ""; }; - 0544C52F06A8718D00F54E48 /* tpOcspCache.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tpOcspCache.cpp; sourceTree = ""; }; - 0544C53006A8718D00F54E48 /* tpOcspCache.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tpOcspCache.h; sourceTree = ""; }; - 0544C53106A8718D00F54E48 /* tpOcspCertVfy.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tpOcspCertVfy.cpp; sourceTree = ""; }; - 0544C53206A8718D00F54E48 /* tpOcspCertVfy.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tpOcspCertVfy.h; sourceTree = ""; }; - 0544C53306A8718D00F54E48 /* tpOcspVerify.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tpOcspVerify.cpp; sourceTree = ""; }; - 0544C53406A8718D00F54E48 /* tpOcspVerify.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tpOcspVerify.h; sourceTree = ""; }; - 1844611A146E85EA00B12992 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 1844611B146E85EA00B12992 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 1844611C146E85EA00B12992 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 1844611D146E85EA00B12992 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 1844611E146E86A900B12992 /* libsecurity_cdsa_plugin.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_cdsa_plugin.xcodeproj; path = ../libsecurity_cdsa_plugin/libsecurity_cdsa_plugin.xcodeproj; sourceTree = ""; }; - 4094B069057EA5B000B44BCC /* tp_common.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = tp_common.mdsinfo; sourceTree = ""; }; - 4094B06A057EA5B000B44BCC /* tp_policyOids.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = tp_policyOids.mdsinfo; sourceTree = ""; }; - 4094B06B057EA5B000B44BCC /* tp_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = tp_primary.mdsinfo; sourceTree = ""; }; - 4CA1FEBE052A3C8100F22E42 /* libsecurity_apple_x509_tp.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_apple_x509_tp.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 8593458E1B0A575D00DBAFCE /* tpCertAllowList.c */ = {isa = PBXFileReference; explicitFileType = sourcecode.cpp.cpp; fileEncoding = 30; indentWidth = 8; path = tpCertAllowList.c; sourceTree = ""; tabWidth = 8; usesTabs = 1; }; - 8593458F1B0A575D00DBAFCE /* tpCertAllowList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tpCertAllowList.h; sourceTree = ""; }; - BE4866E011A21E3C00361B64 /* cuEnc64.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = cuEnc64.c; sourceTree = ""; }; - BE4866E111A21E3C00361B64 /* cuEnc64.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cuEnc64.h; sourceTree = ""; }; - C2196B76053B5A2B005808D4 /* AppleX509TPBuiltin.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = AppleX509TPBuiltin.cpp; path = lib/AppleX509TPBuiltin.cpp; sourceTree = ""; }; - C2B5C4D40534C6AA00AF53F5 /* AppleTP.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = AppleTP.cpp; sourceTree = ""; }; - C2B5C4D50534C6AA00AF53F5 /* AppleTP.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = AppleTP.h; sourceTree = ""; }; - C2B5C4D60534C6AA00AF53F5 /* AppleTPSession.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = AppleTPSession.cpp; sourceTree = ""; }; - C2B5C4D70534C6AA00AF53F5 /* AppleTPSession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = AppleTPSession.h; sourceTree = ""; }; - C2B5C4D80534C6AA00AF53F5 /* AppleX509TPPlugin.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = AppleX509TPPlugin.cpp; sourceTree = ""; }; - C2B5C4D90534C6AA00AF53F5 /* certGroupUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = certGroupUtils.cpp; sourceTree = ""; }; - C2B5C4DA0534C6AA00AF53F5 /* certGroupUtils.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = certGroupUtils.h; sourceTree = ""; }; - C2B5C4DF0534C6AA00AF53F5 /* tpCertGroup.cpp */ = {isa = PBXFileReference; fileEncoding = 30; indentWidth = 8; lastKnownFileType = sourcecode.cpp.cpp; path = tpCertGroup.cpp; sourceTree = ""; tabWidth = 8; usesTabs = 1; }; - C2B5C4E00534C6AA00AF53F5 /* TPCertInfo.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = TPCertInfo.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2B5C4E10534C6AA00AF53F5 /* TPCertInfo.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = TPCertInfo.h; sourceTree = ""; }; - C2B5C4E20534C6AA00AF53F5 /* tpCredRequest.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = tpCredRequest.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2B5C4E30534C6AA00AF53F5 /* TPCrlInfo.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = TPCrlInfo.cpp; sourceTree = ""; }; - C2B5C4E40534C6AA00AF53F5 /* TPCrlInfo.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = TPCrlInfo.h; sourceTree = ""; }; - C2B5C4E50534C6AA00AF53F5 /* tpCrlVerify.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tpCrlVerify.cpp; sourceTree = ""; }; - C2B5C4E60534C6AA00AF53F5 /* tpCrlVerify.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tpCrlVerify.h; sourceTree = ""; }; - C2B5C4E70534C6AA00AF53F5 /* TPDatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = TPDatabase.cpp; sourceTree = ""; }; - C2B5C4E80534C6AA00AF53F5 /* TPDatabase.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = TPDatabase.h; sourceTree = ""; }; - C2B5C4E90534C6AA00AF53F5 /* tpdebugging.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = tpdebugging.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - C2B5C4EA0534C6AA00AF53F5 /* TPNetwork.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = TPNetwork.cpp; sourceTree = ""; }; - C2B5C4EB0534C6AA00AF53F5 /* TPNetwork.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = TPNetwork.h; sourceTree = ""; }; - C2B5C4EC0534C6AA00AF53F5 /* tpPolicies.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tpPolicies.cpp; sourceTree = ""; }; - C2B5C4ED0534C6AA00AF53F5 /* tpPolicies.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tpPolicies.h; sourceTree = ""; }; - C2B5C4EE0534C6AA00AF53F5 /* tpTime.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = tpTime.c; sourceTree = ""; }; - C2B5C4EF0534C6AA00AF53F5 /* tpTime.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tpTime.h; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 18446119146E85EA00B12992 /* config */ = { - isa = PBXGroup; - children = ( - 1844611A146E85EA00B12992 /* base.xcconfig */, - 1844611B146E85EA00B12992 /* debug.xcconfig */, - 1844611C146E85EA00B12992 /* lib.xcconfig */, - 1844611D146E85EA00B12992 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 1844611F146E86A900B12992 /* Products */ = { - isa = PBXGroup; - children = ( - 18446124146E86A900B12992 /* libsecurity_cdsa_plugin.a */, - ); - name = Products; - sourceTree = ""; - }; - 4094B068057EA5B000B44BCC /* mds */ = { - isa = PBXGroup; - children = ( - 4094B069057EA5B000B44BCC /* tp_common.mdsinfo */, - 4094B06A057EA5B000B44BCC /* tp_policyOids.mdsinfo */, - 4094B06B057EA5B000B44BCC /* tp_primary.mdsinfo */, - ); - path = mds; - sourceTree = ""; - }; - 4CA1FEA7052A3C3800F22E42 = { - isa = PBXGroup; - children = ( - 1844611E146E86A900B12992 /* libsecurity_cdsa_plugin.xcodeproj */, - C2B5C4D30534C6AA00AF53F5 /* lib */, - 18446119146E85EA00B12992 /* config */, - 4094B068057EA5B000B44BCC /* mds */, - 4CA1FEBF052A3C8100F22E42 /* Products */, - C2196B76053B5A2B005808D4 /* AppleX509TPBuiltin.cpp */, - ); - sourceTree = ""; - }; - 4CA1FEBF052A3C8100F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - 4CA1FEBE052A3C8100F22E42 /* libsecurity_apple_x509_tp.a */, - ); - name = Products; - sourceTree = ""; - }; - C2B5C4D30534C6AA00AF53F5 /* lib */ = { - isa = PBXGroup; - children = ( - C2B5C4D40534C6AA00AF53F5 /* AppleTP.cpp */, - C2B5C4D50534C6AA00AF53F5 /* AppleTP.h */, - C2B5C4D60534C6AA00AF53F5 /* AppleTPSession.cpp */, - C2B5C4D70534C6AA00AF53F5 /* AppleTPSession.h */, - C2B5C4D80534C6AA00AF53F5 /* AppleX509TPPlugin.cpp */, - C2B5C4D90534C6AA00AF53F5 /* certGroupUtils.cpp */, - C2B5C4DA0534C6AA00AF53F5 /* certGroupUtils.h */, - BE4866E011A21E3C00361B64 /* cuEnc64.c */, - BE4866E111A21E3C00361B64 /* cuEnc64.h */, - C2B5C4DF0534C6AA00AF53F5 /* tpCertGroup.cpp */, - C2B5C4E00534C6AA00AF53F5 /* TPCertInfo.cpp */, - 8593458E1B0A575D00DBAFCE /* tpCertAllowList.c */, - 8593458F1B0A575D00DBAFCE /* tpCertAllowList.h */, - C2B5C4E10534C6AA00AF53F5 /* TPCertInfo.h */, - C2B5C4E20534C6AA00AF53F5 /* tpCredRequest.cpp */, - C2B5C4E30534C6AA00AF53F5 /* TPCrlInfo.cpp */, - C2B5C4E40534C6AA00AF53F5 /* TPCrlInfo.h */, - C2B5C4E50534C6AA00AF53F5 /* tpCrlVerify.cpp */, - C2B5C4E60534C6AA00AF53F5 /* tpCrlVerify.h */, - C2B5C4E70534C6AA00AF53F5 /* TPDatabase.cpp */, - C2B5C4E80534C6AA00AF53F5 /* TPDatabase.h */, - C2B5C4E90534C6AA00AF53F5 /* tpdebugging.h */, - C2B5C4EA0534C6AA00AF53F5 /* TPNetwork.cpp */, - C2B5C4EB0534C6AA00AF53F5 /* TPNetwork.h */, - 0544C52D06A8718D00F54E48 /* ocspRequest.cpp */, - 0544C52E06A8718D00F54E48 /* ocspRequest.h */, - 0544C52F06A8718D00F54E48 /* tpOcspCache.cpp */, - 0544C53006A8718D00F54E48 /* tpOcspCache.h */, - 0544C53106A8718D00F54E48 /* tpOcspCertVfy.cpp */, - 0544C53206A8718D00F54E48 /* tpOcspCertVfy.h */, - 0544C53306A8718D00F54E48 /* tpOcspVerify.cpp */, - 0544C53406A8718D00F54E48 /* tpOcspVerify.h */, - C2B5C4EC0534C6AA00AF53F5 /* tpPolicies.cpp */, - C2B5C4ED0534C6AA00AF53F5 /* tpPolicies.h */, - C2B5C4EE0534C6AA00AF53F5 /* tpTime.c */, - C2B5C4EF0534C6AA00AF53F5 /* tpTime.h */, - ); - path = lib; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 4CA1FEB9052A3C8100F22E42 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - C2B5C4F10534C6AA00AF53F5 /* AppleTP.h in Headers */, - C2B5C4F30534C6AA00AF53F5 /* AppleTPSession.h in Headers */, - C2B5C4F60534C6AA00AF53F5 /* certGroupUtils.h in Headers */, - 859345911B0A575D00DBAFCE /* tpCertAllowList.h in Headers */, - C2B5C4FD0534C6AA00AF53F5 /* TPCertInfo.h in Headers */, - C2B5C5000534C6AA00AF53F5 /* TPCrlInfo.h in Headers */, - C2B5C5020534C6AA00AF53F5 /* tpCrlVerify.h in Headers */, - C2B5C5040534C6AA00AF53F5 /* TPDatabase.h in Headers */, - C2B5C5050534C6AA00AF53F5 /* tpdebugging.h in Headers */, - C2B5C5070534C6AA00AF53F5 /* TPNetwork.h in Headers */, - C2B5C5090534C6AA00AF53F5 /* tpPolicies.h in Headers */, - C2B5C50B0534C6AA00AF53F5 /* tpTime.h in Headers */, - 0544C53606A8718D00F54E48 /* ocspRequest.h in Headers */, - 0544C53806A8718D00F54E48 /* tpOcspCache.h in Headers */, - 0544C53A06A8718D00F54E48 /* tpOcspCertVfy.h in Headers */, - 0544C53C06A8718D00F54E48 /* tpOcspVerify.h in Headers */, - BE4866E311A21E3C00361B64 /* cuEnc64.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 4CA1FEBD052A3C8100F22E42 /* libsecurity_apple_x509_tp */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD2970987FCDD001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_apple_x509_tp" */; - buildPhases = ( - 4CA1FEB9052A3C8100F22E42 /* Headers */, - 4CA1FEBA052A3C8100F22E42 /* Sources */, - 4CA1FEBB052A3C8100F22E42 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_apple_x509_tp; - productInstallPath = /usr/local/lib; - productName = libsecurity_apple_x509_tp; - productReference = 4CA1FEBE052A3C8100F22E42 /* libsecurity_apple_x509_tp.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEAB052A3C3800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD29B0987FCDD001272E0 /* Build configuration list for PBXProject "libsecurity_apple_x509_tp" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - English, - Japanese, - French, - German, - ); - mainGroup = 4CA1FEA7052A3C3800F22E42; - productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 1844611F146E86A900B12992 /* Products */; - ProjectRef = 1844611E146E86A900B12992 /* libsecurity_cdsa_plugin.xcodeproj */; - }, - ); - projectRoot = ""; - targets = ( - 4CA1FEBD052A3C8100F22E42 /* libsecurity_apple_x509_tp */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 18446124146E86A900B12992 /* libsecurity_cdsa_plugin.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_cdsa_plugin.a; - remoteRef = 18446123146E86A900B12992 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; -/* End PBXReferenceProxy section */ - -/* Begin PBXSourcesBuildPhase section */ - 4CA1FEBA052A3C8100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - C2B5C4F00534C6AA00AF53F5 /* AppleTP.cpp in Sources */, - C2B5C4F20534C6AA00AF53F5 /* AppleTPSession.cpp in Sources */, - C2B5C4F50534C6AA00AF53F5 /* certGroupUtils.cpp in Sources */, - C2B5C4FB0534C6AA00AF53F5 /* tpCertGroup.cpp in Sources */, - C2B5C4FC0534C6AA00AF53F5 /* TPCertInfo.cpp in Sources */, - C2B5C4FE0534C6AA00AF53F5 /* tpCredRequest.cpp in Sources */, - C2B5C4FF0534C6AA00AF53F5 /* TPCrlInfo.cpp in Sources */, - C2B5C5010534C6AA00AF53F5 /* tpCrlVerify.cpp in Sources */, - C2B5C5030534C6AA00AF53F5 /* TPDatabase.cpp in Sources */, - C2B5C5060534C6AA00AF53F5 /* TPNetwork.cpp in Sources */, - C2B5C5080534C6AA00AF53F5 /* tpPolicies.cpp in Sources */, - C2B5C50A0534C6AA00AF53F5 /* tpTime.c in Sources */, - C2196B77053B5A2B005808D4 /* AppleX509TPBuiltin.cpp in Sources */, - 0544C53506A8718D00F54E48 /* ocspRequest.cpp in Sources */, - 0544C53706A8718D00F54E48 /* tpOcspCache.cpp in Sources */, - 0544C53906A8718D00F54E48 /* tpOcspCertVfy.cpp in Sources */, - 0544C53B06A8718D00F54E48 /* tpOcspVerify.cpp in Sources */, - BE4866E211A21E3C00361B64 /* cuEnc64.c in Sources */, - 859345901B0A575D00DBAFCE /* tpCertAllowList.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin XCBuildConfiguration section */ - C27AD2980987FCDD001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1844611B146E85EA00B12992 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Debug; - }; - C27AD29A0987FCDD001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1844611D146E85EA00B12992 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Release; - }; - C27AD29C0987FCDD001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1844611C146E85EA00B12992 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD29E0987FCDD001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1844611C146E85EA00B12992 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C27AD2970987FCDD001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_apple_x509_tp" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD2980987FCDD001272E0 /* Debug */, - C27AD29A0987FCDD001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD29B0987FCDD001272E0 /* Build configuration list for PBXProject "libsecurity_apple_x509_tp" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD29C0987FCDD001272E0 /* Debug */, - C27AD29E0987FCDD001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; -} diff --git a/OSX/libsecurity_asn1/config/base.xcconfig b/OSX/libsecurity_asn1/config/base.xcconfig deleted file mode 100644 index 300d8fb7..00000000 --- a/OSX/libsecurity_asn1/config/base.xcconfig +++ /dev/null @@ -1,18 +0,0 @@ -SDKROOT = macosx.internal -CODE_SIGN_IDENTITY = -; -GCC_VERSION = com.apple.compilers.llvm.clang.1_0 -DEBUG_INFORMATION_FORMAT = dwarf-with-dsym -CURRENT_PROJECT_VERSION = $(RC_ProjectSourceVersion) -VERSIONING_SYSTEM = apple-generic; -DEAD_CODE_STRIPPING = YES; - -// Debug symbols should be on obviously -GCC_GENERATE_DEBUGGING_SYMBOLS = YES -COPY_PHASE_STRIP = NO -STRIP_STYLE = debugging -STRIP_INSTALLED_PRODUCT = NO - -ARCHS[sdk=macosx*] = $(ARCHS_STANDARD_32_64_BIT) - -WARNING_CFLAGS = -Wglobal-constructors -Wno-deprecated-declarations $(inherited) -GCC_PREPROCESSOR_DEFINITIONS = $(inherited) OSSPINLOCK_USE_INLINED=0 diff --git a/OSX/libsecurity_asn1/config/debug.xcconfig b/OSX/libsecurity_asn1/config/debug.xcconfig deleted file mode 100644 index 47555cf5..00000000 --- a/OSX/libsecurity_asn1/config/debug.xcconfig +++ /dev/null @@ -1,2 +0,0 @@ -GCC_OPTIMIZATION_LEVEL = 0 -GCC_PREPROCESSOR_DEFINITIONS = DEBUG=1 $(inherited) diff --git a/OSX/libsecurity_asn1/config/lib.xcconfig b/OSX/libsecurity_asn1/config/lib.xcconfig deleted file mode 100644 index 644ba9df..00000000 --- a/OSX/libsecurity_asn1/config/lib.xcconfig +++ /dev/null @@ -1,33 +0,0 @@ -#include "base.xcconfig" - -PRODUCT_NAME = $(TARGET_NAME) -EXECUTABLE_PREFIX = - -CODE_SIGN_IDENTITY = - -HEADER_SEARCH_PATHS[sdk=macosx*] = $(PROJECT_DIR) $(PROJECT_DIR)/../include $(PROJECT_DIR)/../utilities $(BUILT_PRODUCTS_DIR)/derived_src $(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks/CarbonCore.framework/Headers $(inherited) - -HEADER_SEARCH_PATHS[sdk=embedded*] = HEADER_SEARCH_PATHS[sdk=iphone*] = $(PROJECT_DIR) $(PROJECT_DIR)/../sec $(PROJECT_DIR)/../utilities $(BUILT_PRODUCTS_DIR)/usr/local/include $(inherited) - -INSTALL_PATH = /usr/local/lib - -SKIP_INSTALL = YES - -PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_asn1 -PRIVATE_HEADERS_FOLDER_PATH = /usr/local/include/security_asn1 - -ALWAYS_SEARCH_USER_PATHS = NO - -GCC_C_LANGUAGE_STANDARD = gnu99 - -WARNING_CFLAGS = -Wmost -Wno-four-char-constants -Wno-unknown-pragmas $(inherited) - -GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO - -GCC_SYMBOLS_PRIVATE_EXTERN = NO -GCC_WARN_64_TO_32_BIT_CONVERSION = YES -GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES -GCC_WARN_ABOUT_RETURN_TYPE = YES -GCC_WARN_UNUSED_VARIABLE = YES - -SUPPORTED_PLATFORMS = macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator diff --git a/OSX/libsecurity_asn1/config/release.xcconfig b/OSX/libsecurity_asn1/config/release.xcconfig deleted file mode 100644 index 088ded92..00000000 --- a/OSX/libsecurity_asn1/config/release.xcconfig +++ /dev/null @@ -1,2 +0,0 @@ -GCC_OPTIMIZATION_LEVEL = s -GCC_PREPROCESSOR_DEFINITIONS = NDEBUG=1 $(inherited) diff --git a/OSX/libsecurity_asn1/lib/oidsalg.c b/OSX/libsecurity_asn1/lib/oidsalg.c index 0598cd6e..c79ed533 100644 --- a/OSX/libsecurity_asn1/lib/oidsalg.c +++ b/OSX/libsecurity_asn1/lib/oidsalg.c @@ -27,7 +27,7 @@ #include #include "SecAsn1Types.h" -#include "oidsbase.h" +#include static const uint8_t OID_MD2[] = { OID_RSA_HASH, 2 }, diff --git a/OSX/libsecurity_asn1/lib/oidsbase.h b/OSX/libsecurity_asn1/lib/oidsbase.h deleted file mode 100644 index 4f723a47..00000000 --- a/OSX/libsecurity_asn1/lib/oidsbase.h +++ /dev/null @@ -1,363 +0,0 @@ -/* - * Copyright (c) 1999-2001,2003-2004,2008-2010,2012,2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - * - * oidsbase.h -- Basic Object Identifier Macros and Data Types. - */ - -#include "SecAsn1Types.h" - -#ifndef _OIDSBASE_H_ -#define _OIDSBASE_H_ 1 - -#ifdef __cplusplus -extern "C" { -#endif - -#define SECASN1OID_DEF(NAME, VALUE, ARGS...) \ -static const uint8_t _##NAME[] = { VALUE, ## ARGS }; \ -const SecAsn1Oid NAME = { sizeof(_##NAME), (uint8_t *)_##NAME } - -/* Intel CSSM */ - -#define INTEL 96, 134, 72, 1, 134, 248, 77 -#define INTEL_LENGTH 7 - -#define INTEL_CDSASECURITY INTEL, 2 -#define INTEL_CDSASECURITY_LENGTH (INTEL_LENGTH + 1) - -#define INTEL_SEC_FORMATS INTEL_CDSASECURITY, 1 -#define INTEL_SEC_FORMATS_LENGTH (INTEL_CDSASECURITY_LENGTH + 1) - -#define INTEL_SEC_ALGS INTEL_CDSASECURITY, 2, 5 -#define INTEL_SEC_ALGS_LENGTH (INTEL_CDSASECURITY_LENGTH + 2) - -#define INTEL_SEC_OBJECT_BUNDLE INTEL_SEC_FORMATS, 4 -#define INTEL_SEC_OBJECT_BUNDLE_LENGTH (INTEL_SEC_FORMATS_LENGTH + 1) - -#define INTEL_CERT_AND_PRIVATE_KEY_2_0 INTEL_SEC_OBJECT_BUNDLE, 1 -#define INTEL_CERT_AND_PRIVATE_KEY_2_0_LENGTH (INTEL_SEC_OBJECT_BUNDLE_LENGTH + 1) - -/* Suffix specifying format or representation of a field value */ -/* Note that if a format suffix is not specified, a flat data -representation is implied */ -#define INTEL_X509_C_DATATYPE 1 -#define INTEL_X509_LDAPSTRING_DATATYPE 2 - -#define OID_ISO_CCITT_DIR_SERVICE 85 -#define OID_DS OID_ISO_CCITT_DIR_SERVICE -#define OID_DS_LENGTH 1 -#define OID_ATTR_TYPE OID_DS, 4 -#define OID_ATTR_TYPE_LENGTH OID_DS_LENGTH + 1 -#define OID_EXTENSION OID_DS, 29 -#define OID_EXTENSION_LENGTH OID_DS_LENGTH + 1 -#define OID_ISO_STANDARD 40 -#define OID_ISO_MEMBER 42 -#define OID_US OID_ISO_MEMBER, 134, 72 - -#define OID_ISO_IDENTIFIED_ORG 43 -#define OID_OSINET OID_ISO_IDENTIFIED_ORG, 4 -#define OID_GOSIP OID_ISO_IDENTIFIED_ORG, 5 -#define OID_DOD OID_ISO_IDENTIFIED_ORG, 6 -#define OID_OIW OID_ISO_IDENTIFIED_ORG, 14 - -#define OID_ITU_RFCDATA_MEMBER_LENGTH 1 -#define OID_ITU_RFCDATA 9 - -/* From the PKCS Standards */ -#define OID_ISO_MEMBER_LENGTH 1 -#define OID_US_LENGTH OID_ISO_MEMBER_LENGTH + 2 -#define OID_RSA OID_US, 134, 247, 13 -#define OID_RSA_LENGTH OID_US_LENGTH + 3 -#define OID_RSA_HASH OID_RSA, 2 -#define OID_RSA_HASH_LENGTH OID_RSA_LENGTH + 1 -#define OID_RSA_ENCRYPT OID_RSA, 3 -#define OID_RSA_ENCRYPT_LENGTH OID_RSA_LENGTH + 1 -#define OID_PKCS OID_RSA, 1 -#define OID_PKCS_LENGTH OID_RSA_LENGTH +1 -#define OID_PKCS_1 OID_PKCS, 1 -#define OID_PKCS_1_LENGTH OID_PKCS_LENGTH +1 -#define OID_PKCS_2 OID_PKCS, 2 -#define OID_PKCS_3 OID_PKCS, 3 -#define OID_PKCS_3_LENGTH OID_PKCS_LENGTH +1 -#define OID_PKCS_4 OID_PKCS, 4 -#define OID_PKCS_5 OID_PKCS, 5 -#define OID_PKCS_5_LENGTH OID_PKCS_LENGTH +1 -#define OID_PKCS_6 OID_PKCS, 6 -#define OID_PKCS_7 OID_PKCS, 7 -#define OID_PKCS_7_LENGTH OID_PKCS_LENGTH +1 -#define OID_PKCS_8 OID_PKCS, 8 -#define OID_PKCS_9 OID_PKCS, 9 -#define OID_PKCS_9_LENGTH OID_PKCS_LENGTH +1 -#define OID_PKCS_10 OID_PKCS, 10 -#define OID_PKCS_11 OID_PKCS, 11 -#define OID_PKCS_11_LENGTH OID_PKCS_LENGTH +1 -#define OID_PKCS_12 OID_PKCS, 12 -#define OID_PKCS_12_LENGTH OID_PKCS_LENGTH +1 - -/* ANSI X9.42 */ -#define OID_ANSI_X9_42 OID_US, 206, 62, 2 -#define OID_ANSI_X9_42_LEN OID_US_LENGTH + 3 -#define OID_ANSI_X9_42_SCHEME OID_ANSI_X9_42, 3 -#define OID_ANSI_X9_42_SCHEME_LEN OID_ANSI_X9_42_LEN + 1 -#define OID_ANSI_X9_42_NAMED_SCHEME OID_ANSI_X9_42, 4 -#define OID_ANSI_X9_42_NAMED_SCHEME_LEN OID_ANSI_X9_42_LEN + 1 - -/* ANSI X9.62 (1 2 840 10045) */ -#define OID_ANSI_X9_62 0x2A, 0x86, 0x48, 0xCE, 0x3D -#define OID_ANSI_X9_62_LEN 5 -#define OID_ANSI_X9_62_FIELD_TYPE OID_ANSI_X9_62, 1 -#define OID_ANSI_X9_62_PUBKEY_TYPE OID_ANSI_X9_62, 2 -#define OID_ANSI_X9_62_ELL_CURVE OID_ANSI_X9_62, 3 -#define OID_ANSI_X9_62_ELL_CURVE_LEN OID_ANSI_X9_62_LEN+1 -#define OID_ANSI_X9_62_C_TWO_CURVE OID_ANSI_X9_62_ELL_CURVE, 0 -#define OID_ANSI_X9_62_PRIME_CURVE OID_ANSI_X9_62_ELL_CURVE, 1 -#define OID_ANSI_X9_62_SIG_TYPE OID_ANSI_X9_62, 4 -#define OID_ANSI_X9_62_SIG_TYPE_LEN OID_ANSI_X9_62_LEN+1 - -/* PKIX */ -#define OID_PKIX OID_DOD, 1, 5, 5, 7 -#define OID_PKIX_LENGTH 6 -#define OID_PE OID_PKIX, 1 -#define OID_PE_LENGTH OID_PKIX_LENGTH + 1 -#define OID_QT OID_PKIX, 2 -#define OID_QT_LENGTH OID_PKIX_LENGTH + 1 -#define OID_KP OID_PKIX, 3 -#define OID_KP_LENGTH OID_PKIX_LENGTH + 1 -#define OID_OTHER_NAME OID_PKIX, 8 -#define OID_OTHER_NAME_LENGTH OID_PKIX_LENGTH + 1 -#define OID_PDA OID_PKIX, 9 -#define OID_PDA_LENGTH OID_PKIX_LENGTH + 1 -#define OID_QCS OID_PKIX, 11 -#define OID_QCS_LENGTH OID_PKIX_LENGTH + 1 -#define OID_AD OID_PKIX, 48 -#define OID_AD_LENGTH OID_PKIX_LENGTH + 1 -#define OID_AD_OCSP OID_AD, 1 -#define OID_AD_OCSP_LENGTH OID_AD_LENGTH + 1 - -/* ETSI */ -#define OID_ETSI 0x04, 0x00 -#define OID_ETSI_LENGTH 2 -#define OID_ETSI_QCS 0x04, 0x00, 0x8E, 0x46, 0x01 -#define OID_ETSI_QCS_LENGTH 5 - -#define OID_OIW_SECSIG OID_OIW, 3 -#define OID_OIW_LENGTH 2 -#define OID_OIW_SECSIG_LENGTH OID_OIW_LENGTH +1 - -#define OID_OIW_ALGORITHM OID_OIW_SECSIG, 2 -#define OID_OIW_ALGORITHM_LENGTH OID_OIW_SECSIG_LENGTH +1 - -/* NIST defined digest algorithm arc (2, 16, 840, 1, 101, 3, 4, 2) */ -#define OID_NIST_HASHALG 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02 -#define OID_NIST_HASHALG_LENGTH 8 - -/* Kerberos PKINIT */ -#define OID_KERBv5 0x2b, 6, 1, 5, 2 -#define OID_KERBv5_LEN 5 -#define OID_KERBv5_PKINIT OID_KERBv5, 3 -#define OID_KERBv5_PKINIT_LEN OID_KERBv5_LEN + 1 - -/* Certicom (1 3 132) */ -#define OID_CERTICOM 0x2B, 0x81, 0x04 -#define OID_CERTICOM_LEN 3 -#define OID_CERTICOM_ELL_CURVE OID_CERTICOM, 0 -#define OID_CERTICOM_ELL_CURVE_LEN OID_CERTICOM_LEN+1 - -/* - * Apple-specific OID bases - */ - -/* - * apple OBJECT IDENTIFIER ::= - * { iso(1) member-body(2) US(840) 113635 } - * - * BER = 06 06 2A 86 48 86 F7 63 - */ -#define APPLE_OID OID_US, 0x86, 0xf7, 0x63 -#define APPLE_OID_LENGTH OID_US_LENGTH + 3 - -/* appleDataSecurity OBJECT IDENTIFIER ::= - * { apple 100 } - * { 1 2 840 113635 100 } - * - * BER = 06 07 2A 86 48 86 F7 63 64 - */ -#define APPLE_ADS_OID APPLE_OID, 0x64 -#define APPLE_ADS_OID_LENGTH APPLE_OID_LENGTH + 1 - -/* - * appleTrustPolicy OBJECT IDENTIFIER ::= - * { appleDataSecurity 1 } - * { 1 2 840 113635 100 1 } - * - * BER = 06 08 2A 86 48 86 F7 63 64 01 - */ -#define APPLE_TP_OID APPLE_ADS_OID, 1 -#define APPLE_TP_OID_LENGTH APPLE_ADS_OID_LENGTH + 1 - -/* - * appleSecurityAlgorithm OBJECT IDENTIFIER ::= - * { appleDataSecurity 2 } - * { 1 2 840 113635 100 2 } - * - * BER = 06 08 2A 86 48 86 F7 63 64 02 - */ -#define APPLE_ALG_OID APPLE_ADS_OID, 2 -#define APPLE_ALG_OID_LENGTH APPLE_ADS_OID_LENGTH + 1 - -/* - * appleDotMacCertificate OBJECT IDENTIFIER ::= - * { appleDataSecurity 3 } - * { 1 2 840 113635 100 3 } - */ -#define APPLE_DOTMAC_CERT_OID APPLE_ADS_OID, 3 -#define APPLE_DOTMAC_CERT_OID_LENGTH APPLE_ADS_OID_LENGTH + 1 - -/* - * Basis of Policy OIDs for .mac TP requests - * - * dotMacCertificateRequest OBJECT IDENTIFIER ::= - * { appleDotMacCertificate 1 } - * { 1 2 840 113635 100 3 1 } - */ -#define APPLE_DOTMAC_CERT_REQ_OID APPLE_DOTMAC_CERT_OID, 1 -#define APPLE_DOTMAC_CERT_REQ_OID_LENGTH APPLE_DOTMAC_CERT_OID_LENGTH + 1 - -/* - * Basis of .mac Certificate Extensions - * - * dotMacCertificateExtension OBJECT IDENTIFIER ::= - * { appleDotMacCertificate 2 } - * { 1 2 840 113635 100 3 2 } - */ -#define APPLE_DOTMAC_CERT_EXTEN_OID APPLE_DOTMAC_CERT_OID, 2 -#define APPLE_DOTMAC_CERT_EXTEN_OID_LENGTH APPLE_DOTMAC_CERT_OID_LENGTH + 1 - -/* - * Basis of .mac Certificate request OID/value identifiers - * - * dotMacCertificateRequestValues OBJECT IDENTIFIER ::= - * { appleDotMacCertificate 3 } - * { 1 2 840 113635 100 3 3 } - */ -#define APPLE_DOTMAC_CERT_REQ_VALUE_OID APPLE_DOTMAC_CERT_OID, 3 -#define APPLE_DOTMAC_CERT_REQ_VALUE_OID_LENGTH APPLE_DOTMAC_CERT_OID_LENGTH + 1 - -/* - * Basis of Apple-specific extended key usages - * - * appleExtendedKeyUsage OBJECT IDENTIFIER ::= - * { appleDataSecurity 4 } - * { 1 2 840 113635 100 4 } - */ -#define APPLE_EKU_OID APPLE_ADS_OID, 4 -#define APPLE_EKU_OID_LENGTH APPLE_ADS_OID_LENGTH + 1 - -/* - * Basis of Apple Code Signing extended key usages - * appleCodeSigning OBJECT IDENTIFIER ::= - * { appleExtendedKeyUsage 1 } - * { 1 2 840 113635 100 4 1 } - */ -#define APPLE_EKU_CODE_SIGNING APPLE_EKU_OID, 1 -#define APPLE_EKU_CODE_SIGNING_LENGTH APPLE_EKU_OID_LENGTH + 1 - -/* - * Basis of Apple-specific Certificate Policy identifiers - * appleCertificatePolicies OBJECT IDENTIFIER ::= - * { appleDataSecurity 5 } - * { 1 2 840 113635 100 5 } - */ -#define APPLE_CERT_POLICIES APPLE_ADS_OID, 5 -#define APPLE_CERT_POLICIES_LENGTH APPLE_ADS_OID_LENGTH + 1 - -/* - * Basis of Apple-specific certificate extensions - * appleCertificateExtensions OBJECT IDENTIFIER ::= - * { appleDataSecurity 6 } - * { 1 2 840 113635 100 6 } - */ -#define APPLE_EXTENSION_OID APPLE_ADS_OID, 6 -#define APPLE_EXTENSION_OID_LENGTH APPLE_ADS_OID_LENGTH + 1 - -/* - * Basis of Apple-specific Code Signing certificate extensions - * appleCertificateExtensionCodeSigning OBJECT IDENTIFIER ::= - * { appleCertificateExtensions 1 } - * { 1 2 840 113635 100 6 1 } - */ -#define APPLE_EXTENSION_CODE_SIGNING APPLE_EXTENSION_OID, 1 -#define APPLE_EXTENSION_CODE_SIGNING_LENGTH APPLE_EXTENSION_OID_LENGTH + 1 - -/* - * Netscape OIDs. - */ -#define NETSCAPE_BASE_OID 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42 -#define NETSCAPE_BASE_OID_LEN 7 - -/* - * Netscape cert extension. - * - * netscape-cert-extension OBJECT IDENTIFIER ::= - * { 2 16 840 1 113730 1 } - * - * BER = 06 08 60 86 48 01 86 F8 42 01 - */ -#define NETSCAPE_CERT_EXTEN NETSCAPE_BASE_OID, 0x01 -#define NETSCAPE_CERT_EXTEN_LENGTH NETSCAPE_BASE_OID_LEN + 1 - -#define NETSCAPE_CERT_POLICY NETSCAPE_BASE_OID, 0x04 -#define NETSCAPE_CERT_POLICY_LENGTH NETSCAPE_BASE_OID_LEN + 1 - - -/* Google OIDs: 1.3.6.1.4.1.11129. */ -#define GOOGLE_BASE_OID OID_DOD, 0x01, 0x04, 0x01, 0xD6, 0x79 -#define GOOGLE_BASE_OID_LEN OID_DOD_LEN + 5 -#define GOOGLE_EMBEDDED_SCT_OID GOOGLE_BASE_OID, 0x02, 0x04, 0x02 -#define GOOGLE_OCSP_SCT_OID GOOGLE_BASE_OID, 0x02, 0x04, 0x05 - -/* - * Domain Component OID - */ -#define OID_ITU_RFCDATA_2342 OID_ITU_RFCDATA, 0x49, 0x86 -#define OID_ITU_RFCDATA_2342_LENGTH OID_ITU_RFCDATA_MEMBER_LENGTH + 2 - -#define OID_ITU_RFCDATA_2342_UCL OID_ITU_RFCDATA_2342, 0x49, 0x1F, 0x12, 0x8C -#define OID_ITU_RFCDATA_2342_UCL_LENGTH OID_ITU_RFCDATA_2342_LENGTH + 4 - -#define OID_ITU_RFCDATA_2342_UCL_DIRECTORYPILOT OID_ITU_RFCDATA_2342_UCL, 0xE4 -#define OID_ITU_RFCDATA_2342_UCL_DIRECTORYPILOT_LENGTH OID_ITU_RFCDATA_2342_UCL_LENGTH + 1 - -#define OID_ITU_RFCDATA_2342_UCL_DIRECTORYPILOT_ATTRIBUTES OID_ITU_RFCDATA_2342_UCL_DIRECTORYPILOT, 0x81 -#define OID_ITU_RFCDATA_2342_UCL_DIRECTORYPILOT_ATTRIBUTES_LENGTH OID_ITU_RFCDATA_2342_UCL_DIRECTORYPILOT_LENGTH + 1 - -#define OID_ITU_RFCDATA_2342_UCL_DIRECTORYPILOT_ATTRIBUTES_DOMAINCOMPONENT OID_ITU_RFCDATA_2342_UCL_DIRECTORYPILOT_ATTRIBUTES, 0x99 -#define OID_ITU_RFCDATA_2342_UCL_DIRECTORYPILOT_ATTRIBUTES_DOMAINCOMPONENT_LENGTH OID_ITU_RFCDATA_2342_UCL_DIRECTORYPILOT_ATTRIBUTES_LENGTH + 1 - -#define OID_ITU_RFCDATA_2342_UCL_DIRECTORYPILOT_ATTRIBUTES_USERID OID_ITU_RFCDATA_2342_UCL_DIRECTORYPILOT_ATTRIBUTES, 0x81 -#define OID_ITU_RFCDATA_2342_UCL_DIRECTORYPILOT_ATTRIBUTES_USERID_LENGTH OID_ITU_RFCDATA_2342_UCL_DIRECTORYPILOT_ATTRIBUTES_LENGTH + 1 - -#ifdef __cplusplus -} -#endif - -#endif /* _OIDSBASE_H_ */ diff --git a/OSX/libsecurity_asn1/lib/oidsocsp.c b/OSX/libsecurity_asn1/lib/oidsocsp.c index bb08e125..9203c024 100644 --- a/OSX/libsecurity_asn1/lib/oidsocsp.c +++ b/OSX/libsecurity_asn1/lib/oidsocsp.c @@ -28,7 +28,7 @@ Contains: Object Identifiers for OCSP */ -#include "oidsbase.h" +#include #include "oidsocsp.h" SECASN1OID_DEF(OID_PKIX_OCSP, OID_AD_OCSP); diff --git a/OSX/libsecurity_asn1/lib/secasn1d.c b/OSX/libsecurity_asn1/lib/secasn1d.c index 4ff12eef..cd37fc4a 100644 --- a/OSX/libsecurity_asn1/lib/secasn1d.c +++ b/OSX/libsecurity_asn1/lib/secasn1d.c @@ -389,7 +389,7 @@ sec_asn1d_push_state (SEC_ASN1DecoderContext *cx, const SecAsn1Template *theTemplate, void *dest, PRBool new_depth) { - sec_asn1d_state *state, *new_state; + sec_asn1d_state *state, *new_state = NULL; state = cx->current; @@ -434,6 +434,9 @@ loser: PORT_ArenaRelease(cx->our_pool, state->our_mark); state->our_mark = NULL; } + if (new_state != NULL) { + PORT_Free(new_state); + } return NULL; } @@ -1431,8 +1434,10 @@ regular_string_type: alloc_len += subitem->len; } - item->Data = (unsigned char*)sec_asn1d_zalloc (poolp, alloc_len); - if (item->Data == NULL) { + if (item) { + item->Data = (unsigned char*)sec_asn1d_zalloc (poolp, alloc_len); + } + if (item == NULL || item->Data == NULL) { dprintf("decodeError: prepare for contents zalloc\n"); state->top->status = decodeError; break; diff --git a/OSX/libsecurity_asn1/libsecurity_asn1.xcodeproj/project.pbxproj b/OSX/libsecurity_asn1/libsecurity_asn1.xcodeproj/project.pbxproj deleted file mode 100644 index ca22c61f..00000000 --- a/OSX/libsecurity_asn1/libsecurity_asn1.xcodeproj/project.pbxproj +++ /dev/null @@ -1,571 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXAggregateTarget section */ - D46B08791C8FCA5000B5939A /* libASN1Install */ = { - isa = PBXAggregateTarget; - buildConfigurationList = D46B087C1C8FCA5100B5939A /* Build configuration list for PBXAggregateTarget "libASN1Install" */; - buildPhases = ( - D46B087D1C8FCA5800B5939A /* Copy Static Library File */, - D46B087E1C8FCA5B00B5939A /* Copy Headers */, - ); - dependencies = ( - D46B08A41C8FCBA000B5939A /* PBXTargetDependency */, - ); - name = libASN1Install; - productName = libASN1Install; - }; -/* End PBXAggregateTarget section */ - -/* Begin PBXBuildFile section */ - 1885B45314D9BB1A00519375 /* SecNssCoder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C6434280534D3B800F287B2 /* SecNssCoder.cpp */; }; - 18B6B2A714DB73A000EDDE5F /* secErrorStr.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6434270534D3B800F287B2 /* secErrorStr.c */; }; - 4C28246B0F1BC75800CAADEC /* oidsocsp.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C2824670F1BC75800CAADEC /* oidsocsp.c */; }; - 795CA8220D38041D00BAE6A2 /* SecAsn1Coder.c in Sources */ = {isa = PBXBuildFile; fileRef = 0545C7B806502D1100543007 /* SecAsn1Coder.c */; }; - 795CA8240D38041D00BAE6A2 /* SecAsn1Templates.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6433F80534D3B800F287B2 /* SecAsn1Templates.c */; }; - 795CA8270D38041D00BAE6A2 /* certExtensionTemplates.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6433FA0534D3B800F287B2 /* certExtensionTemplates.c */; }; - 795CA8290D38041D00BAE6A2 /* csrTemplates.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6433FC0534D3B800F287B2 /* csrTemplates.c */; }; - 795CA82B0D38041D00BAE6A2 /* keyTemplates.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6433FE0534D3B800F287B2 /* keyTemplates.c */; }; - 795CA82D0D38041D00BAE6A2 /* nameTemplates.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6434000534D3B800F287B2 /* nameTemplates.c */; }; - 795CA82F0D38041D00BAE6A2 /* nsprPortX.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6434020534D3B800F287B2 /* nsprPortX.c */; }; - 795CA8300D38041D00BAE6A2 /* nssUtils.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6434060534D3B800F287B2 /* nssUtils.c */; }; - 795CA8320D38041D00BAE6A2 /* ocspTemplates.c in Sources */ = {isa = PBXBuildFile; fileRef = 0502BF9A068B51E3006168D5 /* ocspTemplates.c */; }; - 795CA8350D38041D00BAE6A2 /* secasn1d.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6434210534D3B800F287B2 /* secasn1d.c */; }; - 795CA8360D38041D00BAE6A2 /* secasn1e.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6434220534D3B800F287B2 /* secasn1e.c */; }; - 795CA8380D38041D00BAE6A2 /* secasn1u.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6434240534D3B800F287B2 /* secasn1u.c */; }; - 795CA8390D38041D00BAE6A2 /* X509Templates.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C64342D0534D3B800F287B2 /* X509Templates.c */; }; - 795CA83B0D38041D00BAE6A2 /* osKeyTemplates.c in Sources */ = {isa = PBXBuildFile; fileRef = 0504B16106517A730011D5F5 /* osKeyTemplates.c */; }; - 795CAAD10D3BEDBB00BAE6A2 /* pkcs7Templates.c in Sources */ = {isa = PBXBuildFile; fileRef = 795CAACD0D3BEDBB00BAE6A2 /* pkcs7Templates.c */; }; - 795CAAD30D3BEDBB00BAE6A2 /* pkcs12Templates.c in Sources */ = {isa = PBXBuildFile; fileRef = 795CAACF0D3BEDBB00BAE6A2 /* pkcs12Templates.c */; }; - 79EF5A780D3C1984009F5270 /* oidsalg.c in Sources */ = {isa = PBXBuildFile; fileRef = 79EF5A730D3C1984009F5270 /* oidsalg.c */; }; - 79EF5A7A0D3C1984009F5270 /* oidsattr.c in Sources */ = {isa = PBXBuildFile; fileRef = 79EF5A750D3C1984009F5270 /* oidsattr.c */; }; - 79EF5BA50D3D6EF8009F5270 /* secport.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C64342A0534D3B800F287B2 /* secport.c */; }; - 79EF5BC90D3D6F44009F5270 /* plarena.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C64340A0534D3B800F287B2 /* plarena.c */; }; - D46B08801C8FCABF00B5939A /* SecAsn1Coder.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 0545C7B906502D1100543007 /* SecAsn1Coder.h */; }; - D46B08811C8FCABF00B5939A /* SecAsn1Templates.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C6433F90534D3B800F287B2 /* SecAsn1Templates.h */; }; - D46B08821C8FCABF00B5939A /* SecAsn1Types.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 0554F5B609892C980085E7C5 /* SecAsn1Types.h */; }; - D46B08831C8FCABF00B5939A /* secasn1t.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C6434230534D3B800F287B2 /* secasn1t.h */; }; - D46B08841C8FCAE400B5939A /* certExtensionTemplates.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C6433FB0534D3B800F287B2 /* certExtensionTemplates.h */; }; - D46B08851C8FCAE400B5939A /* csrTemplates.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C6433FD0534D3B800F287B2 /* csrTemplates.h */; }; - D46B08861C8FCAE400B5939A /* keyTemplates.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 0502B640068A5920006168D5 /* keyTemplates.h */; }; - D46B08871C8FCAE400B5939A /* nameTemplates.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C6434010534D3B800F287B2 /* nameTemplates.h */; }; - D46B08881C8FCAE400B5939A /* pkcs7Templates.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 795CAACE0D3BEDBB00BAE6A2 /* pkcs7Templates.h */; }; - D46B08891C8FCAE400B5939A /* pkcs12Templates.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 795CAAD00D3BEDBB00BAE6A2 /* pkcs12Templates.h */; }; - D46B088A1C8FCAE400B5939A /* ocspTemplates.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C6433FF0534D3B800F287B2 /* ocspTemplates.h */; }; - D46B088B1C8FCAE400B5939A /* X509Templates.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C64342E0534D3B800F287B2 /* X509Templates.h */; }; - D46B088C1C8FCAE400B5939A /* osKeyTemplates.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 0504B16206517A730011D5F5 /* osKeyTemplates.h */; }; - D46B088D1C8FCAF100B5939A /* nssUtils.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C6434070534D3B800F287B2 /* nssUtils.h */; }; - D46B088E1C8FCAFD00B5939A /* oidsalg.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 79EF5A740D3C1984009F5270 /* oidsalg.h */; }; - D46B088F1C8FCAFD00B5939A /* oidsattr.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 79EF5A760D3C1984009F5270 /* oidsattr.h */; }; - D46B08901C8FCAFD00B5939A /* oidsbase.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 79EF5A770D3C1984009F5270 /* oidsbase.h */; }; - D46B08911C8FCAFD00B5939A /* oidsocsp.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C2824680F1BC75800CAADEC /* oidsocsp.h */; }; - D46B08921C8FCB2900B5939A /* prbit.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C64340E0534D3B800F287B2 /* prbit.h */; }; - D46B08931C8FCB2900B5939A /* prcpucfg.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C64340F0534D3B800F287B2 /* prcpucfg.h */; }; - D46B08941C8FCB2900B5939A /* prerr.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C6434120534D3B800F287B2 /* prerr.h */; }; - D46B08951C8FCB2900B5939A /* prerror.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C6434130534D3B800F287B2 /* prerror.h */; }; - D46B08961C8FCB2900B5939A /* prlog.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C6434170534D3B800F287B2 /* prlog.h */; }; - D46B08971C8FCB2900B5939A /* prmem.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C6434190534D3B800F287B2 /* prmem.h */; }; - D46B08981C8FCB2900B5939A /* protypes.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C64341B0534D3B800F287B2 /* protypes.h */; }; - D46B08991C8FCB2900B5939A /* prtypes.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C64341E0534D3B800F287B2 /* prtypes.h */; }; - D46B089A1C8FCB5E00B5939A /* secasn1.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C6434200534D3B800F287B2 /* secasn1.h */; }; - D46B089B1C8FCB5E00B5939A /* seccomon.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C6434250534D3B800F287B2 /* seccomon.h */; }; - D46B089C1C8FCB5E00B5939A /* secerr.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C6434260534D3B800F287B2 /* secerr.h */; }; - D46B089D1C8FCB5E00B5939A /* SecNssCoder.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C6434290534D3B800F287B2 /* SecNssCoder.h */; }; - D46B089E1C8FCB5E00B5939A /* secport.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C64342B0534D3B800F287B2 /* secport.h */; }; - D46B089F1C8FCB8D00B5939A /* plarena.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C64340B0534D3B800F287B2 /* plarena.h */; }; - D46B08A01C8FCB8D00B5939A /* plarenas.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C64340C0534D3B800F287B2 /* plarenas.h */; }; - D46B08A11C8FCB8D00B5939A /* plstr.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 4C64340D0534D3B800F287B2 /* plstr.h */; }; - D46B08A21C8FCB9A00B5939A /* libASN1.a in Copy Static Library File */ = {isa = PBXBuildFile; fileRef = 795CA7FF0D38013D00BAE6A2 /* libASN1.a */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - D46B08A31C8FCBA000B5939A /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 9D56980C03E74D6100003D05 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 795CA7FE0D38013D00BAE6A2; - remoteInfo = libASN1; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXCopyFilesBuildPhase section */ - D46B087D1C8FCA5800B5939A /* Copy Static Library File */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /usr/local/lib; - dstSubfolderSpec = 0; - files = ( - D46B08A21C8FCB9A00B5939A /* libASN1.a in Copy Static Library File */, - ); - name = "Copy Static Library File"; - runOnlyForDeploymentPostprocessing = 1; - }; - D46B087E1C8FCA5B00B5939A /* Copy Headers */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /usr/local/include/security_asn1; - dstSubfolderSpec = 0; - files = ( - D46B089F1C8FCB8D00B5939A /* plarena.h in Copy Headers */, - D46B08A01C8FCB8D00B5939A /* plarenas.h in Copy Headers */, - D46B08A11C8FCB8D00B5939A /* plstr.h in Copy Headers */, - D46B089A1C8FCB5E00B5939A /* secasn1.h in Copy Headers */, - D46B089B1C8FCB5E00B5939A /* seccomon.h in Copy Headers */, - D46B089C1C8FCB5E00B5939A /* secerr.h in Copy Headers */, - D46B089D1C8FCB5E00B5939A /* SecNssCoder.h in Copy Headers */, - D46B089E1C8FCB5E00B5939A /* secport.h in Copy Headers */, - D46B08921C8FCB2900B5939A /* prbit.h in Copy Headers */, - D46B08931C8FCB2900B5939A /* prcpucfg.h in Copy Headers */, - D46B08941C8FCB2900B5939A /* prerr.h in Copy Headers */, - D46B08951C8FCB2900B5939A /* prerror.h in Copy Headers */, - D46B08961C8FCB2900B5939A /* prlog.h in Copy Headers */, - D46B08971C8FCB2900B5939A /* prmem.h in Copy Headers */, - D46B08981C8FCB2900B5939A /* protypes.h in Copy Headers */, - D46B08991C8FCB2900B5939A /* prtypes.h in Copy Headers */, - D46B088E1C8FCAFD00B5939A /* oidsalg.h in Copy Headers */, - D46B088F1C8FCAFD00B5939A /* oidsattr.h in Copy Headers */, - D46B08901C8FCAFD00B5939A /* oidsbase.h in Copy Headers */, - D46B08911C8FCAFD00B5939A /* oidsocsp.h in Copy Headers */, - D46B088D1C8FCAF100B5939A /* nssUtils.h in Copy Headers */, - D46B08841C8FCAE400B5939A /* certExtensionTemplates.h in Copy Headers */, - D46B08851C8FCAE400B5939A /* csrTemplates.h in Copy Headers */, - D46B08861C8FCAE400B5939A /* keyTemplates.h in Copy Headers */, - D46B08871C8FCAE400B5939A /* nameTemplates.h in Copy Headers */, - D46B08881C8FCAE400B5939A /* pkcs7Templates.h in Copy Headers */, - D46B08891C8FCAE400B5939A /* pkcs12Templates.h in Copy Headers */, - D46B088A1C8FCAE400B5939A /* ocspTemplates.h in Copy Headers */, - D46B088B1C8FCAE400B5939A /* X509Templates.h in Copy Headers */, - D46B088C1C8FCAE400B5939A /* osKeyTemplates.h in Copy Headers */, - D46B08801C8FCABF00B5939A /* SecAsn1Coder.h in Copy Headers */, - D46B08811C8FCABF00B5939A /* SecAsn1Templates.h in Copy Headers */, - D46B08821C8FCABF00B5939A /* SecAsn1Types.h in Copy Headers */, - D46B08831C8FCABF00B5939A /* secasn1t.h in Copy Headers */, - ); - name = "Copy Headers"; - runOnlyForDeploymentPostprocessing = 1; - }; -/* End PBXCopyFilesBuildPhase section */ - -/* Begin PBXFileReference section */ - 0502B640068A5920006168D5 /* keyTemplates.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = keyTemplates.h; sourceTree = ""; }; - 0502BF9A068B51E3006168D5 /* ocspTemplates.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ocspTemplates.c; sourceTree = ""; }; - 0504B16106517A730011D5F5 /* osKeyTemplates.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = osKeyTemplates.c; sourceTree = ""; }; - 0504B16206517A730011D5F5 /* osKeyTemplates.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = osKeyTemplates.h; sourceTree = ""; }; - 0545C78806502BAD00543007 /* security_asn1.exp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.exports; path = security_asn1.exp; sourceTree = ""; }; - 0545C7B806502D1100543007 /* SecAsn1Coder.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = SecAsn1Coder.c; sourceTree = ""; }; - 0545C7B906502D1100543007 /* SecAsn1Coder.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecAsn1Coder.h; sourceTree = ""; }; - 0554F5B609892C980085E7C5 /* SecAsn1Types.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecAsn1Types.h; sourceTree = ""; }; - 05ABB7BB0989387700FA0183 /* asn1Templates.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = asn1Templates.h; sourceTree = ""; }; - 05BE7E6B0A37669000C055B0 /* libsecurity_asn1.plist */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.plist.xml; path = libsecurity_asn1.plist; sourceTree = ""; }; - 05BE7E6C0A37669000C055B0 /* libsecurity_asn1.txt */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = libsecurity_asn1.txt; sourceTree = ""; }; - 18B647F514D9FD4500F538BF /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 18B647F614D9FD4500F538BF /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 18B647F714D9FD4500F538BF /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 18B647F814D9FD4500F538BF /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 4C2824670F1BC75800CAADEC /* oidsocsp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = oidsocsp.c; sourceTree = ""; }; - 4C2824680F1BC75800CAADEC /* oidsocsp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = oidsocsp.h; sourceTree = ""; }; - 4C6433F80534D3B800F287B2 /* SecAsn1Templates.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = SecAsn1Templates.c; sourceTree = ""; }; - 4C6433F90534D3B800F287B2 /* SecAsn1Templates.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecAsn1Templates.h; sourceTree = ""; }; - 4C6433FA0534D3B800F287B2 /* certExtensionTemplates.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = certExtensionTemplates.c; sourceTree = ""; }; - 4C6433FB0534D3B800F287B2 /* certExtensionTemplates.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = certExtensionTemplates.h; sourceTree = ""; }; - 4C6433FC0534D3B800F287B2 /* csrTemplates.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = csrTemplates.c; sourceTree = ""; }; - 4C6433FD0534D3B800F287B2 /* csrTemplates.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = csrTemplates.h; sourceTree = ""; }; - 4C6433FE0534D3B800F287B2 /* keyTemplates.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = keyTemplates.c; sourceTree = ""; }; - 4C6433FF0534D3B800F287B2 /* ocspTemplates.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ocspTemplates.h; sourceTree = ""; }; - 4C6434000534D3B800F287B2 /* nameTemplates.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = nameTemplates.c; sourceTree = ""; }; - 4C6434010534D3B800F287B2 /* nameTemplates.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = nameTemplates.h; sourceTree = ""; }; - 4C6434020534D3B800F287B2 /* nsprPortX.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = nsprPortX.c; sourceTree = ""; }; - 4C6434030534D3B800F287B2 /* nssilckt.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = nssilckt.h; sourceTree = ""; }; - 4C6434040534D3B800F287B2 /* nssilock.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = nssilock.h; sourceTree = ""; }; - 4C6434050534D3B800F287B2 /* nsslocks.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = nsslocks.h; sourceTree = ""; }; - 4C6434060534D3B800F287B2 /* nssUtils.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = nssUtils.c; sourceTree = ""; }; - 4C6434070534D3B800F287B2 /* nssUtils.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = nssUtils.h; sourceTree = ""; }; - 4C64340A0534D3B800F287B2 /* plarena.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = plarena.c; sourceTree = ""; }; - 4C64340B0534D3B800F287B2 /* plarena.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = plarena.h; sourceTree = ""; }; - 4C64340C0534D3B800F287B2 /* plarenas.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = plarenas.h; sourceTree = ""; }; - 4C64340D0534D3B800F287B2 /* plstr.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = plstr.h; sourceTree = ""; }; - 4C64340E0534D3B800F287B2 /* prbit.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = prbit.h; sourceTree = ""; }; - 4C64340F0534D3B800F287B2 /* prcpucfg.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = prcpucfg.h; sourceTree = ""; }; - 4C6434100534D3B800F287B2 /* prcvar.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = prcvar.h; sourceTree = ""; }; - 4C6434110534D3B800F287B2 /* prenv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = prenv.h; sourceTree = ""; }; - 4C6434120534D3B800F287B2 /* prerr.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = prerr.h; sourceTree = ""; }; - 4C6434130534D3B800F287B2 /* prerror.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = prerror.h; sourceTree = ""; }; - 4C6434140534D3B800F287B2 /* prinit.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = prinit.h; sourceTree = ""; }; - 4C6434150534D3B800F287B2 /* prinrval.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = prinrval.h; sourceTree = ""; }; - 4C6434160534D3B800F287B2 /* prlock.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = prlock.h; sourceTree = ""; }; - 4C6434170534D3B800F287B2 /* prlog.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = prlog.h; sourceTree = ""; }; - 4C6434180534D3B800F287B2 /* prlong.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = prlong.h; sourceTree = ""; }; - 4C6434190534D3B800F287B2 /* prmem.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = prmem.h; sourceTree = ""; }; - 4C64341A0534D3B800F287B2 /* prmon.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = prmon.h; sourceTree = ""; }; - 4C64341B0534D3B800F287B2 /* protypes.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = protypes.h; sourceTree = ""; }; - 4C64341C0534D3B800F287B2 /* prthread.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = prthread.h; sourceTree = ""; }; - 4C64341D0534D3B800F287B2 /* prtime.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = prtime.h; sourceTree = ""; }; - 4C64341E0534D3B800F287B2 /* prtypes.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = prtypes.h; sourceTree = ""; }; - 4C64341F0534D3B800F287B2 /* prvrsion.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = prvrsion.h; sourceTree = ""; }; - 4C6434200534D3B800F287B2 /* secasn1.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = secasn1.h; sourceTree = ""; }; - 4C6434210534D3B800F287B2 /* secasn1d.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = secasn1d.c; sourceTree = ""; }; - 4C6434220534D3B800F287B2 /* secasn1e.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = secasn1e.c; sourceTree = ""; }; - 4C6434230534D3B800F287B2 /* secasn1t.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = secasn1t.h; sourceTree = ""; }; - 4C6434240534D3B800F287B2 /* secasn1u.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = secasn1u.c; sourceTree = ""; }; - 4C6434250534D3B800F287B2 /* seccomon.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = seccomon.h; sourceTree = ""; }; - 4C6434260534D3B800F287B2 /* secerr.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = secerr.h; sourceTree = ""; }; - 4C6434270534D3B800F287B2 /* secErrorStr.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = secErrorStr.c; sourceTree = ""; }; - 4C6434280534D3B800F287B2 /* SecNssCoder.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecNssCoder.cpp; sourceTree = ""; }; - 4C6434290534D3B800F287B2 /* SecNssCoder.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecNssCoder.h; sourceTree = ""; }; - 4C64342A0534D3B800F287B2 /* secport.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = secport.c; sourceTree = ""; }; - 4C64342B0534D3B800F287B2 /* secport.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = secport.h; sourceTree = ""; }; - 4C64342D0534D3B800F287B2 /* X509Templates.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = X509Templates.c; sourceTree = ""; }; - 4C64342E0534D3B800F287B2 /* X509Templates.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = X509Templates.h; sourceTree = ""; }; - 795CA7FF0D38013D00BAE6A2 /* libASN1.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libASN1.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 795CAACD0D3BEDBB00BAE6A2 /* pkcs7Templates.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = pkcs7Templates.c; sourceTree = ""; }; - 795CAACE0D3BEDBB00BAE6A2 /* pkcs7Templates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs7Templates.h; sourceTree = ""; }; - 795CAACF0D3BEDBB00BAE6A2 /* pkcs12Templates.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = pkcs12Templates.c; sourceTree = ""; }; - 795CAAD00D3BEDBB00BAE6A2 /* pkcs12Templates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs12Templates.h; sourceTree = ""; }; - 79EF5A730D3C1984009F5270 /* oidsalg.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = oidsalg.c; sourceTree = ""; }; - 79EF5A740D3C1984009F5270 /* oidsalg.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = oidsalg.h; sourceTree = ""; }; - 79EF5A750D3C1984009F5270 /* oidsattr.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = oidsattr.c; sourceTree = ""; }; - 79EF5A760D3C1984009F5270 /* oidsattr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = oidsattr.h; sourceTree = ""; }; - 79EF5A770D3C1984009F5270 /* oidsbase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = oidsbase.h; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 795CA7FD0D38013D00BAE6A2 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 05BE7E680A37663E00C055B0 /* docs */ = { - isa = PBXGroup; - children = ( - 05BE7E6B0A37669000C055B0 /* libsecurity_asn1.plist */, - 05BE7E6C0A37669000C055B0 /* libsecurity_asn1.txt */, - ); - path = docs; - sourceTree = ""; - }; - 18B647F414D9FD4500F538BF /* config */ = { - isa = PBXGroup; - children = ( - 18B647F514D9FD4500F538BF /* base.xcconfig */, - 18B647F614D9FD4500F538BF /* debug.xcconfig */, - 18B647F714D9FD4500F538BF /* lib.xcconfig */, - 18B647F814D9FD4500F538BF /* release.xcconfig */, - ); - path = config; - sourceTree = ""; - }; - 4C6433F70534D3B800F287B2 /* lib */ = { - isa = PBXGroup; - children = ( - 05ABB7BB0989387700FA0183 /* asn1Templates.h */, - 0545C7B806502D1100543007 /* SecAsn1Coder.c */, - 0545C7B906502D1100543007 /* SecAsn1Coder.h */, - 4C6433F80534D3B800F287B2 /* SecAsn1Templates.c */, - 4C6433F90534D3B800F287B2 /* SecAsn1Templates.h */, - 0554F5B609892C980085E7C5 /* SecAsn1Types.h */, - 4C6433FA0534D3B800F287B2 /* certExtensionTemplates.c */, - 4C6433FB0534D3B800F287B2 /* certExtensionTemplates.h */, - 4C6433FC0534D3B800F287B2 /* csrTemplates.c */, - 4C6433FD0534D3B800F287B2 /* csrTemplates.h */, - 4C6433FE0534D3B800F287B2 /* keyTemplates.c */, - 0502B640068A5920006168D5 /* keyTemplates.h */, - 4C6434000534D3B800F287B2 /* nameTemplates.c */, - 4C6434010534D3B800F287B2 /* nameTemplates.h */, - 795CAACD0D3BEDBB00BAE6A2 /* pkcs7Templates.c */, - 795CAACE0D3BEDBB00BAE6A2 /* pkcs7Templates.h */, - 795CAACF0D3BEDBB00BAE6A2 /* pkcs12Templates.c */, - 795CAAD00D3BEDBB00BAE6A2 /* pkcs12Templates.h */, - 4C6434020534D3B800F287B2 /* nsprPortX.c */, - 4C6434030534D3B800F287B2 /* nssilckt.h */, - 4C6434040534D3B800F287B2 /* nssilock.h */, - 4C6434050534D3B800F287B2 /* nsslocks.h */, - 4C6434060534D3B800F287B2 /* nssUtils.c */, - 4C6434070534D3B800F287B2 /* nssUtils.h */, - 0502BF9A068B51E3006168D5 /* ocspTemplates.c */, - 4C6433FF0534D3B800F287B2 /* ocspTemplates.h */, - 4C64340A0534D3B800F287B2 /* plarena.c */, - 4C64340B0534D3B800F287B2 /* plarena.h */, - 4C64340C0534D3B800F287B2 /* plarenas.h */, - 4C64340D0534D3B800F287B2 /* plstr.h */, - 4C64340E0534D3B800F287B2 /* prbit.h */, - 4C64340F0534D3B800F287B2 /* prcpucfg.h */, - 4C6434100534D3B800F287B2 /* prcvar.h */, - 4C6434110534D3B800F287B2 /* prenv.h */, - 4C6434120534D3B800F287B2 /* prerr.h */, - 4C6434130534D3B800F287B2 /* prerror.h */, - 4C6434140534D3B800F287B2 /* prinit.h */, - 4C6434150534D3B800F287B2 /* prinrval.h */, - 4C6434160534D3B800F287B2 /* prlock.h */, - 4C6434170534D3B800F287B2 /* prlog.h */, - 4C6434180534D3B800F287B2 /* prlong.h */, - 4C6434190534D3B800F287B2 /* prmem.h */, - 4C64341A0534D3B800F287B2 /* prmon.h */, - 4C64341B0534D3B800F287B2 /* protypes.h */, - 4C64341C0534D3B800F287B2 /* prthread.h */, - 4C64341D0534D3B800F287B2 /* prtime.h */, - 4C64341E0534D3B800F287B2 /* prtypes.h */, - 4C64341F0534D3B800F287B2 /* prvrsion.h */, - 4C6434200534D3B800F287B2 /* secasn1.h */, - 4C6434210534D3B800F287B2 /* secasn1d.c */, - 4C6434220534D3B800F287B2 /* secasn1e.c */, - 4C6434230534D3B800F287B2 /* secasn1t.h */, - 4C6434240534D3B800F287B2 /* secasn1u.c */, - 4C6434250534D3B800F287B2 /* seccomon.h */, - 4C6434260534D3B800F287B2 /* secerr.h */, - 4C6434270534D3B800F287B2 /* secErrorStr.c */, - 4C6434280534D3B800F287B2 /* SecNssCoder.cpp */, - 4C6434290534D3B800F287B2 /* SecNssCoder.h */, - 4C64342A0534D3B800F287B2 /* secport.c */, - 4C64342B0534D3B800F287B2 /* secport.h */, - 4C64342D0534D3B800F287B2 /* X509Templates.c */, - 4C64342E0534D3B800F287B2 /* X509Templates.h */, - 0504B16106517A730011D5F5 /* osKeyTemplates.c */, - 0504B16206517A730011D5F5 /* osKeyTemplates.h */, - 79EF5A730D3C1984009F5270 /* oidsalg.c */, - 79EF5A740D3C1984009F5270 /* oidsalg.h */, - 79EF5A750D3C1984009F5270 /* oidsattr.c */, - 79EF5A760D3C1984009F5270 /* oidsattr.h */, - 79EF5A770D3C1984009F5270 /* oidsbase.h */, - 4C2824670F1BC75800CAADEC /* oidsocsp.c */, - 4C2824680F1BC75800CAADEC /* oidsocsp.h */, - 0545C78806502BAD00543007 /* security_asn1.exp */, - ); - path = lib; - sourceTree = ""; - }; - 9D56980803E74D6100003D05 = { - isa = PBXGroup; - children = ( - 18B647F414D9FD4500F538BF /* config */, - 4C6433F70534D3B800F287B2 /* lib */, - 05BE7E680A37663E00C055B0 /* docs */, - 9D56981D03E74E4100003D05 /* Products */, - ); - sourceTree = ""; - }; - 9D56981D03E74E4100003D05 /* Products */ = { - isa = PBXGroup; - children = ( - 795CA7FF0D38013D00BAE6A2 /* libASN1.a */, - ); - name = Products; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 795CA7FB0D38013D00BAE6A2 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 795CA7FE0D38013D00BAE6A2 /* libASN1 */ = { - isa = PBXNativeTarget; - buildConfigurationList = 795CA8030D38017E00BAE6A2 /* Build configuration list for PBXNativeTarget "libASN1" */; - buildPhases = ( - 795CA7FB0D38013D00BAE6A2 /* Headers */, - 795CA7FC0D38013D00BAE6A2 /* Sources */, - 795CA7FD0D38013D00BAE6A2 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libASN1; - productName = libASN1; - productReference = 795CA7FF0D38013D00BAE6A2 /* libASN1.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 9D56980C03E74D6100003D05 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - TargetAttributes = { - D46B08791C8FCA5000B5939A = { - CreatedOnToolsVersion = 7.3; - }; - }; - }; - buildConfigurationList = C23B0CEC09A298C500B7FCED /* Build configuration list for PBXProject "libsecurity_asn1" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - English, - Japanese, - French, - German, - ); - mainGroup = 9D56980803E74D6100003D05; - productRefGroup = 9D56981D03E74E4100003D05 /* Products */; - projectDirPath = ""; - projectRoot = ""; - targets = ( - 795CA7FE0D38013D00BAE6A2 /* libASN1 */, - D46B08791C8FCA5000B5939A /* libASN1Install */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXSourcesBuildPhase section */ - 795CA7FC0D38013D00BAE6A2 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 79EF5BC90D3D6F44009F5270 /* plarena.c in Sources */, - 795CA8220D38041D00BAE6A2 /* SecAsn1Coder.c in Sources */, - 795CA8240D38041D00BAE6A2 /* SecAsn1Templates.c in Sources */, - 79EF5BA50D3D6EF8009F5270 /* secport.c in Sources */, - 795CA8270D38041D00BAE6A2 /* certExtensionTemplates.c in Sources */, - 795CA8290D38041D00BAE6A2 /* csrTemplates.c in Sources */, - 795CA82B0D38041D00BAE6A2 /* keyTemplates.c in Sources */, - 795CA82D0D38041D00BAE6A2 /* nameTemplates.c in Sources */, - 795CA82F0D38041D00BAE6A2 /* nsprPortX.c in Sources */, - 795CA8300D38041D00BAE6A2 /* nssUtils.c in Sources */, - 795CA8320D38041D00BAE6A2 /* ocspTemplates.c in Sources */, - 795CA8350D38041D00BAE6A2 /* secasn1d.c in Sources */, - 795CA8360D38041D00BAE6A2 /* secasn1e.c in Sources */, - 795CA8380D38041D00BAE6A2 /* secasn1u.c in Sources */, - 795CA8390D38041D00BAE6A2 /* X509Templates.c in Sources */, - 795CA83B0D38041D00BAE6A2 /* osKeyTemplates.c in Sources */, - 795CAAD10D3BEDBB00BAE6A2 /* pkcs7Templates.c in Sources */, - 795CAAD30D3BEDBB00BAE6A2 /* pkcs12Templates.c in Sources */, - 79EF5A780D3C1984009F5270 /* oidsalg.c in Sources */, - 79EF5A7A0D3C1984009F5270 /* oidsattr.c in Sources */, - 4C28246B0F1BC75800CAADEC /* oidsocsp.c in Sources */, - 1885B45314D9BB1A00519375 /* SecNssCoder.cpp in Sources */, - 18B6B2A714DB73A000EDDE5F /* secErrorStr.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - D46B08A41C8FCBA000B5939A /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 795CA7FE0D38013D00BAE6A2 /* libASN1 */; - targetProxy = D46B08A31C8FCBA000B5939A /* PBXContainerItemProxy */; - }; -/* End PBXTargetDependency section */ - -/* Begin XCBuildConfiguration section */ - 795CA8090D3801A700BAE6A2 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18B647F614D9FD4500F538BF /* debug.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_STATIC_ANALYZER_MODE = deep; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_TESTABILITY = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - ONLY_ACTIVE_ARCH = YES; - RUN_CLANG_STATIC_ANALYZER = YES; - }; - name = Debug; - }; - 795CA80D0D3801A700BAE6A2 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18B647F714D9FD4500F538BF /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - LIBRARY_STYLE = STATIC; - }; - name = Debug; - }; - 795CA8180D3801A900BAE6A2 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18B647F814D9FD4500F538BF /* release.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_STATIC_ANALYZER_MODE = deep; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - RUN_CLANG_STATIC_ANALYZER = YES; - }; - name = Release; - }; - 795CA81C0D3801A900BAE6A2 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18B647F714D9FD4500F538BF /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - LIBRARY_STYLE = STATIC; - }; - name = Release; - }; - D46B087A1C8FCA5100B5939A /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; - }; - D46B087B1C8FCA5100B5939A /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - 795CA8030D38017E00BAE6A2 /* Build configuration list for PBXNativeTarget "libASN1" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 795CA80D0D3801A700BAE6A2 /* Debug */, - 795CA81C0D3801A900BAE6A2 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C23B0CEC09A298C500B7FCED /* Build configuration list for PBXProject "libsecurity_asn1" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 795CA8090D3801A700BAE6A2 /* Debug */, - 795CA8180D3801A900BAE6A2 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - D46B087C1C8FCA5100B5939A /* Build configuration list for PBXAggregateTarget "libASN1Install" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - D46B087A1C8FCA5100B5939A /* Debug */, - D46B087B1C8FCA5100B5939A /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 9D56980C03E74D6100003D05 /* Project object */; -} diff --git a/OSX/libsecurity_authorization/lib/Authorization.h b/OSX/libsecurity_authorization/lib/Authorization.h index 068a5e22..1c6e9a3b 100644 --- a/OSX/libsecurity_authorization/lib/Authorization.h +++ b/OSX/libsecurity_authorization/lib/Authorization.h @@ -54,7 +54,7 @@ CF_ASSUME_NONNULL_BEGIN If any of the operations that the preference panel wishes to perform are currently not allowed the lock icon in the window would show up in the locked state. Otherwise it would show up unlocked. - When the user locks the lock AuthorizationFree() is called with the kAuthorizationFlagDestroyRights to destroy any authorization rights that have been aquired. + When the user locks the lock AuthorizationFree() is called with the kAuthorizationFlagDestroyRights to destroy any authorization rights that have been acquired. When the user unlocks the lock AuthorizationCreate() is called with the kAuthorizationFlagInteractionAllowed and kAuthorizationFlagExtendRights flags to obtain all required rights. The old authorization object can be freed by calling AuthorizationFree() with no flags. @@ -176,7 +176,7 @@ typedef struct { } AuthorizationItemSet; - +static const size_t kAuthorizationExternalFormLength = 32; /*! @struct AuthorizationExternalForm An AuthorizationExternalForm structure can hold the externalized form of @@ -188,8 +188,6 @@ typedef struct { SECURITY NOTE: Applications should take care to not disclose the AuthorizationExternalForm to potential attackers since it would authorize rights to them. */ -static const size_t kAuthorizationExternalFormLength = 32; - typedef struct { char bytes[kAuthorizationExternalFormLength]; } AuthorizationExternalForm; @@ -232,7 +230,7 @@ typedef AuthorizationItemSet AuthorizationEnvironment; @param rights (input/optional) An AuthorizationItemSet containing rights for which authorization is being requested. If none are specified the resulting AuthorizationRef will authorize nothing at all. @param environment (input/optional) An AuthorizationItemSet containing environment state used when making the autorization decision. See the AuthorizationEnvironment type for details. @param flags (input) options specified by the AuthorizationFlags enum. set all unused bits to zero to allow for future expansion. - @param authorization (output optional) A pointer to an AuthorizationRef to be returned. When the returned AuthorizationRef is no longer needed AuthorizationFree should be called to prevent anyone from using the aquired rights. If NULL is specified no new rights are returned, but the system will attempt to authorize all the requested rights and return the appropriate status. + @param authorization (output optional) A pointer to an AuthorizationRef to be returned. When the returned AuthorizationRef is no longer needed AuthorizationFree should be called to prevent anyone from using the acquired rights. If NULL is specified no new rights are returned, but the system will attempt to authorize all the requested rights and return the appropriate status. @result errAuthorizationSuccess 0 authorization or all requested rights succeeded. diff --git a/OSX/libsecurity_authorization/lib/AuthorizationPriv.h b/OSX/libsecurity_authorization/lib/AuthorizationPriv.h index e95cc13e..de996040 100644 --- a/OSX/libsecurity_authorization/lib/AuthorizationPriv.h +++ b/OSX/libsecurity_authorization/lib/AuthorizationPriv.h @@ -63,7 +63,7 @@ enum { @param token The audit token of a mach message @param environment (input/optional) An AuthorizationItemSet containing environment state used when making the autorization decision. See the AuthorizationEnvironment type for details. @param flags (input) options specified by the AuthorizationFlags enum. set all unused bits to zero to allow for future expansion. - @param authorization (output) A pointer to an AuthorizationRef to be returned. When the returned AuthorizationRef is no longer needed AuthorizationFree should be called to prevent anyone from using the aquired rights. + @param authorization (output) A pointer to an AuthorizationRef to be returned. When the returned AuthorizationRef is no longer needed AuthorizationFree should be called to prevent anyone from using the acquired rights. @result errAuthorizationSuccess 0 authorization or all requested rights succeeded. @@ -80,12 +80,12 @@ OSStatus AuthorizationCreateWithAuditToken(audit_token_t token, Run an executable tool with enhanced privileges after passing suitable authorization procedures. - @param authorization in external form that is used to authorize + @param extForm authorization in external form that is used to authorize access to the enhanced privileges. It is also passed to the tool for further access control. @param pathToTool Full pathname to the tool that should be executed with enhanced privileges. - @param options Option bits (reserved). Must be zero. + @param flags Option bits (reserved). Must be zero. @param arguments An argv-style vector of strings to be passed to the tool. @param communicationsPipe Assigned a UNIX stdio FILE pointer for a bidirectional pipe to communicate with the tool. The tool will have @@ -154,7 +154,7 @@ OSStatus SessionSetUserPreferences(SecuritySessionId session); @function AuthorizationEnableSmartCard Enable or disable system login using smartcard or get current status. - @param authorization (input) The authorization object on which this operation is performed. + @param authRef (input) The authorization object on which this operation is performed. @param enable (input) desired smartcard login support state, TRUE to enable, FALSE to disable */ OSStatus AuthorizationEnableSmartCard(AuthorizationRef authRef, Boolean enable); diff --git a/OSX/libsecurity_authorization/lib/AuthorizationTags.h b/OSX/libsecurity_authorization/lib/AuthorizationTags.h index f2018dd9..cfba3efa 100644 --- a/OSX/libsecurity_authorization/lib/AuthorizationTags.h +++ b/OSX/libsecurity_authorization/lib/AuthorizationTags.h @@ -60,7 +60,7 @@ @define kAuthorizationRightExecute The name of the AuthorizationItem that should be passed into the rights when preauthorizing for a call to AuthorizationExecuteWithPrivileges(). - You need to aquire this right to be able to perform a AuthorizationExecuteWithPrivileges() operation. In addtion to this right you should obtain whatever rights the tool you are executing with privileges need to perform it's operation on your behalf. Currently no options are supported but you should pass in the full path of the tool you wish to execute in the value and valueLength fields. In the future we will limit the right to only execute the requested path, and we will display this information to the user. + You need to acquire this right to be able to perform a AuthorizationExecuteWithPrivileges() operation. In addtion to this right you should obtain whatever rights the tool you are executing with privileges need to perform it's operation on your behalf. Currently no options are supported but you should pass in the full path of the tool you wish to execute in the value and valueLength fields. In the future we will limit the right to only execute the requested path, and we will display this information to the user. */ #define kAuthorizationRightExecute "system.privilege.admin" diff --git a/OSX/libsecurity_authorization/lib/AuthorizationTagsPriv.h b/OSX/libsecurity_authorization/lib/AuthorizationTagsPriv.h index aeecd442..509e571e 100644 --- a/OSX/libsecurity_authorization/lib/AuthorizationTagsPriv.h +++ b/OSX/libsecurity_authorization/lib/AuthorizationTagsPriv.h @@ -293,6 +293,7 @@ #define AGENT_HINT_LOGIN_KC_USER_HAS_OTHER_KCS_STR "loginKCCreate:moreThanOneKeychainExists" #define AGENT_HINT_IGNORE_SESSION "ignore-session-state" +#define AGENT_HINT_NO_UI_EXPECTED "no-ui-expected" /* Keychain synchronization */ // iDisk keychain blob metainfo dictionary; follows "defaults" naming diff --git a/OSX/libsecurity_authorization/lib/security_authorization.exp b/OSX/libsecurity_authorization/lib/security_authorization.exp deleted file mode 100644 index 70831acd..00000000 --- a/OSX/libsecurity_authorization/lib/security_authorization.exp +++ /dev/null @@ -1,40 +0,0 @@ -# -# Copyright (c) 2003-2004,2011,2014 Apple Inc. All Rights Reserved. -# -# @APPLE_LICENSE_HEADER_START@ -# -# This file contains Original Code and/or Modifications of Original Code -# as defined in and that are subject to the Apple Public Source License -# Version 2.0 (the 'License'). You may not use this file except in -# compliance with the License. Please obtain a copy of the License at -# http://www.opensource.apple.com/apsl/ and read it before using this -# file. -# -# The Original Code and all software distributed under the License are -# distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER -# EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, -# INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. -# Please see the License for the specific language governing rights and -# limitations under the License. -# -# @APPLE_LICENSE_HEADER_END@ -# -_AuthorizationCopyInfo -_AuthorizationCopyPrivilegedReference -_AuthorizationCopyRights -_AuthorizationCopyRightsAsync -_AuthorizationCreate -_AuthorizationCreateFromExternalForm -_AuthorizationExecuteWithPrivileges -_AuthorizationFree -_AuthorizationFreeItemSet -_AuthorizationMakeExternalForm -_AuthorizationRightGet -_AuthorizationRightRemove -_AuthorizationRightSet -_SessionCreate -_SessionGetInfo -_SessionSetDistinguishedUser -_SessionGetDistinguishedUser -_SessionSetUserPreferences diff --git a/OSX/libsecurity_authorization/lib/trampolineClient.cpp b/OSX/libsecurity_authorization/lib/trampolineClient.cpp index 00fed805..dfbc986f 100644 --- a/OSX/libsecurity_authorization/lib/trampolineClient.cpp +++ b/OSX/libsecurity_authorization/lib/trampolineClient.cpp @@ -193,7 +193,6 @@ OSStatus AuthorizationExecuteWithPrivilegesExternalForm(const AuthorizationExter goto exit_point; } } - break; case 0: // child // close foreign side of pipes diff --git a/OSX/libsecurity_authorization/libsecurity_authorization.xcodeproj/project.pbxproj b/OSX/libsecurity_authorization/libsecurity_authorization.xcodeproj/project.pbxproj deleted file mode 100644 index 6522557b..00000000 --- a/OSX/libsecurity_authorization/libsecurity_authorization.xcodeproj/project.pbxproj +++ /dev/null @@ -1,330 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 18F2360515CB387000060520 /* Authorization.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F2360415CB387000060520 /* Authorization.c */; }; - 18F2360915CB3C7700060520 /* authutilities.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F2360815CB3C7700060520 /* authutilities.c */; }; - 40BC5D9B053230FA009E6ADA /* Authorization.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2A593D3052E3AC700AF1EE3 /* Authorization.cpp */; }; - 4C481F05058161C400846F0C /* trampolineClient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C481F03058161C400846F0C /* trampolineClient.cpp */; }; - 4C481F06058161C400846F0C /* trampolineServer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C481F04058161C400846F0C /* trampolineServer.cpp */; }; - 4CF36FB3058138F800834D11 /* AuthorizationTags.h in Headers */ = {isa = PBXBuildFile; fileRef = 40BC5D9605322F76009E6ADA /* AuthorizationTags.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36FB4058138F800834D11 /* AuthSession.h in Headers */ = {isa = PBXBuildFile; fileRef = 40BC5D9805322F76009E6ADA /* AuthSession.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36FB5058138F800834D11 /* Authorization.h in Headers */ = {isa = PBXBuildFile; fileRef = 40BC5D9005322F76009E6ADA /* Authorization.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36FB6058138F800834D11 /* AuthorizationDB.h in Headers */ = {isa = PBXBuildFile; fileRef = 40BC5D9305322F76009E6ADA /* AuthorizationDB.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36FB70581390400834D11 /* AuthorizationPlugin.h in Headers */ = {isa = PBXBuildFile; fileRef = 40BC5D9405322F76009E6ADA /* AuthorizationPlugin.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36FB80581390400834D11 /* AuthorizationTagsPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 40C767090534CCDB008AC043 /* AuthorizationTagsPriv.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36FB90581390400834D11 /* AuthorizationPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 40BC5D9505322F76009E6ADA /* AuthorizationPriv.h */; settings = {ATTRIBUTES = (); }; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 182BB336146F100D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18446158146E92F800B12992 /* libsecurity_utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = C2C9C69D0CECBE8400B3FE07; - remoteInfo = libsecurity_utilitiesDTrace; - }; - 1844615D146E92F900B12992 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18446158146E92F800B12992 /* libsecurity_utilities.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA2A53A0523D32800978A7B; - remoteInfo = libsecurity_utilities; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXFileReference section */ - 18446154146E928E00B12992 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 18446155146E928E00B12992 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 18446156146E928E00B12992 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 18446157146E928E00B12992 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 18446158146E92F800B12992 /* libsecurity_utilities.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_utilities.xcodeproj; path = ../libsecurity_utilities/libsecurity_utilities.xcodeproj; sourceTree = ""; }; - 18F2360415CB387000060520 /* Authorization.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = Authorization.c; path = lib/Authorization.c; sourceTree = ""; }; - 18F2360815CB3C7700060520 /* authutilities.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = authutilities.c; path = ../authd/authutilities.c; sourceTree = ""; }; - 40BC5D9005322F76009E6ADA /* Authorization.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = Authorization.h; path = lib/Authorization.h; sourceTree = ""; }; - 40BC5D9305322F76009E6ADA /* AuthorizationDB.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = AuthorizationDB.h; path = lib/AuthorizationDB.h; sourceTree = ""; }; - 40BC5D9405322F76009E6ADA /* AuthorizationPlugin.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = AuthorizationPlugin.h; path = lib/AuthorizationPlugin.h; sourceTree = ""; }; - 40BC5D9505322F76009E6ADA /* AuthorizationPriv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = AuthorizationPriv.h; path = lib/AuthorizationPriv.h; sourceTree = ""; }; - 40BC5D9605322F76009E6ADA /* AuthorizationTags.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = AuthorizationTags.h; path = lib/AuthorizationTags.h; sourceTree = ""; }; - 40BC5D9805322F76009E6ADA /* AuthSession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = AuthSession.h; path = lib/AuthSession.h; sourceTree = ""; }; - 40C767090534CCDB008AC043 /* AuthorizationTagsPriv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = AuthorizationTagsPriv.h; path = lib/AuthorizationTagsPriv.h; sourceTree = ""; }; - 4C481F03058161C400846F0C /* trampolineClient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; name = trampolineClient.cpp; path = lib/trampolineClient.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4C481F04058161C400846F0C /* trampolineServer.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = trampolineServer.cpp; path = lib/trampolineServer.cpp; sourceTree = ""; }; - 4C6848A005815EE4003AC7B2 /* privPort.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = privPort.h; path = lib/privPort.h; sourceTree = ""; }; - 4CA1FEBE052A3C8100F22E42 /* libsecurity_authorization.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_authorization.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CCB0023058005D500981D43 /* security_authorization.exp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.exports; name = security_authorization.exp; path = lib/security_authorization.exp; sourceTree = ""; }; - C2A593D3052E3AC700AF1EE3 /* Authorization.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = Authorization.cpp; path = lib/Authorization.cpp; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 18446153146E928E00B12992 /* config */ = { - isa = PBXGroup; - children = ( - 18446154146E928E00B12992 /* base.xcconfig */, - 18446155146E928E00B12992 /* debug.xcconfig */, - 18446156146E928E00B12992 /* lib.xcconfig */, - 18446157146E928E00B12992 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 18446159146E92F800B12992 /* Products */ = { - isa = PBXGroup; - children = ( - 1844615E146E92F900B12992 /* libsecurity_utilities.a */, - ); - name = Products; - sourceTree = ""; - }; - 4CA1FEA7052A3C3800F22E42 = { - isa = PBXGroup; - children = ( - 18446158146E92F800B12992 /* libsecurity_utilities.xcodeproj */, - C2A593CE052E3A8400AF1EE3 /* lib */, - 18446153146E928E00B12992 /* config */, - 4CA1FEBF052A3C8100F22E42 /* Products */, - ); - sourceTree = ""; - }; - 4CA1FEBF052A3C8100F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - 4CA1FEBE052A3C8100F22E42 /* libsecurity_authorization.a */, - ); - name = Products; - sourceTree = ""; - }; - C2A593CE052E3A8400AF1EE3 /* lib */ = { - isa = PBXGroup; - children = ( - 18F2360815CB3C7700060520 /* authutilities.c */, - 18F2360415CB387000060520 /* Authorization.c */, - 40C767090534CCDB008AC043 /* AuthorizationTagsPriv.h */, - 40BC5D9005322F76009E6ADA /* Authorization.h */, - 40BC5D9305322F76009E6ADA /* AuthorizationDB.h */, - 40BC5D9505322F76009E6ADA /* AuthorizationPriv.h */, - 40BC5D9805322F76009E6ADA /* AuthSession.h */, - 40BC5D9605322F76009E6ADA /* AuthorizationTags.h */, - C2A593D3052E3AC700AF1EE3 /* Authorization.cpp */, - 40BC5D9405322F76009E6ADA /* AuthorizationPlugin.h */, - 4C6848A005815EE4003AC7B2 /* privPort.h */, - 4CCB0023058005D500981D43 /* security_authorization.exp */, - 4C481F03058161C400846F0C /* trampolineClient.cpp */, - 4C481F04058161C400846F0C /* trampolineServer.cpp */, - ); - name = lib; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 4CA1FEB9052A3C8100F22E42 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 4CF36FB3058138F800834D11 /* AuthorizationTags.h in Headers */, - 4CF36FB4058138F800834D11 /* AuthSession.h in Headers */, - 4CF36FB80581390400834D11 /* AuthorizationTagsPriv.h in Headers */, - 4CF36FB90581390400834D11 /* AuthorizationPriv.h in Headers */, - 4CF36FB5058138F800834D11 /* Authorization.h in Headers */, - 4CF36FB6058138F800834D11 /* AuthorizationDB.h in Headers */, - 4CF36FB70581390400834D11 /* AuthorizationPlugin.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 4CA1FEBD052A3C8100F22E42 /* libsecurity_authorization */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD2B30987FCDD001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_authorization" */; - buildPhases = ( - 4CA1FEB9052A3C8100F22E42 /* Headers */, - 4CA1FEBA052A3C8100F22E42 /* Sources */, - 4CA1FEBB052A3C8100F22E42 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_authorization; - productInstallPath = /usr/local/lib; - productName = libsecurityd; - productReference = 4CA1FEBE052A3C8100F22E42 /* libsecurity_authorization.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEAB052A3C3800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD2B70987FCDD001272E0 /* Build configuration list for PBXProject "libsecurity_authorization" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - English, - Japanese, - French, - German, - ); - mainGroup = 4CA1FEA7052A3C3800F22E42; - productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 18446159146E92F800B12992 /* Products */; - ProjectRef = 18446158146E92F800B12992 /* libsecurity_utilities.xcodeproj */; - }, - ); - projectRoot = ""; - targets = ( - 4CA1FEBD052A3C8100F22E42 /* libsecurity_authorization */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 1844615E146E92F900B12992 /* libsecurity_utilities.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_utilities.a; - remoteRef = 1844615D146E92F900B12992 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; -/* End PBXReferenceProxy section */ - -/* Begin PBXSourcesBuildPhase section */ - 4CA1FEBA052A3C8100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 40BC5D9B053230FA009E6ADA /* Authorization.cpp in Sources */, - 4C481F05058161C400846F0C /* trampolineClient.cpp in Sources */, - 4C481F06058161C400846F0C /* trampolineServer.cpp in Sources */, - 18F2360515CB387000060520 /* Authorization.c in Sources */, - 18F2360915CB3C7700060520 /* authutilities.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - 182BB337146F100D000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_utilitiesDTrace; - targetProxy = 182BB336146F100D000BF1F3 /* PBXContainerItemProxy */; - }; -/* End PBXTargetDependency section */ - -/* Begin XCBuildConfiguration section */ - C27AD2B40987FCDD001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18446155146E928E00B12992 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - ../authd, - ); - }; - name = Debug; - }; - C27AD2B60987FCDD001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18446157146E928E00B12992 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - ../authd, - ); - }; - name = Release; - }; - C27AD2B80987FCDD001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18446156146E928E00B12992 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD2BA0987FCDD001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18446156146E928E00B12992 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C27AD2B30987FCDD001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_authorization" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD2B40987FCDD001272E0 /* Debug */, - C27AD2B60987FCDD001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD2B70987FCDD001272E0 /* Build configuration list for PBXProject "libsecurity_authorization" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD2B80987FCDD001272E0 /* Debug */, - C27AD2BA0987FCDD001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; -} diff --git a/OSX/libsecurity_cdsa_client/lib/cspclient.cpp b/OSX/libsecurity_cdsa_client/lib/cspclient.cpp index 186c2fa2..9a3bd72c 100644 --- a/OSX/libsecurity_cdsa_client/lib/cspclient.cpp +++ b/OSX/libsecurity_cdsa_client/lib/cspclient.cpp @@ -53,8 +53,7 @@ void CSPImpl::freeKey(CssmKey &key, const AccessCredentials *cred, bool permanen // // Manage generic context objects // -Context::Context(const CSP &csp, CSSM_ALGORITHMS alg) -: ObjectImpl(csp), mAlgorithm(alg), mStaged(false), mCred(NULL) +Context::Context(const CSP &csp, CSSM_ALGORITHMS alg) : ObjectImpl(csp), mAlgorithm(alg), mHandle(NULL), mStaged(false), mCred(NULL) { } diff --git a/OSX/libsecurity_cdsa_client/lib/cssmclient.cpp b/OSX/libsecurity_cdsa_client/lib/cssmclient.cpp index ce83b5e2..2a483fdc 100644 --- a/OSX/libsecurity_cdsa_client/lib/cssmclient.cpp +++ b/OSX/libsecurity_cdsa_client/lib/cssmclient.cpp @@ -89,7 +89,7 @@ try } catch(...) { - return; + return; // Prevent re-throw of exception [function-try-block] } void @@ -111,6 +111,7 @@ ObjectImpl::removeChild() Allocator & ObjectImpl::allocator() const { + StLock _(mAllocatorMutex); if (mAllocator == NULL) { // fix allocator now @@ -126,6 +127,7 @@ ObjectImpl::allocator() const void ObjectImpl::allocator(Allocator &alloc) { + StLock _(mAllocatorMutex); assert(mAllocator == NULL); // cannot redefine allocator once set mAllocator = &alloc; } diff --git a/OSX/libsecurity_cdsa_client/lib/cssmclient.h b/OSX/libsecurity_cdsa_client/lib/cssmclient.h index 9b003382..df967d1a 100644 --- a/OSX/libsecurity_cdsa_client/lib/cssmclient.h +++ b/OSX/libsecurity_cdsa_client/lib/cssmclient.h @@ -103,6 +103,7 @@ protected: bool mActive; // loaded, attached, etc. RecursiveMutex mActivateMutex; mutable Allocator *mAllocator; // allocator hierarchy (NULL => TBD) + mutable RecursiveMutex mAllocatorMutex; // protects allocator creation template Obj parent() const { assert(mParent); return Obj(static_cast(&(*mParent))); } diff --git a/OSX/libsecurity_cdsa_client/lib/dlclient.cpp b/OSX/libsecurity_cdsa_client/lib/dlclient.cpp index 2846d3cf..3fb96df8 100644 --- a/OSX/libsecurity_cdsa_client/lib/dlclient.cpp +++ b/OSX/libsecurity_cdsa_client/lib/dlclient.cpp @@ -195,6 +195,7 @@ DbImpl::close() void DbImpl::activate() { + StLock _(mActivateMutex); if (!mActive) { if (mDbInfo) @@ -627,7 +628,6 @@ CSSM_HANDLE Db::dlGetFirst(const CSSM_QUERY &query, CSSM_DB_RECORD_ATTRIBUTE_DAT return CSSM_INVALID_HANDLE; default: CssmError::throwMe(rc); - return CSSM_INVALID_HANDLE; // placebo } } @@ -642,7 +642,6 @@ bool Db::dlGetNext(CSSM_HANDLE query, CSSM_DB_RECORD_ATTRIBUTE_DATA &attributes, return false; default: CssmError::throwMe(rc); - return false; // placebo } } diff --git a/OSX/libsecurity_cdsa_client/lib/dlclient.h b/OSX/libsecurity_cdsa_client/lib/dlclient.h index fbd05c98..9afd4ded 100644 --- a/OSX/libsecurity_cdsa_client/lib/dlclient.h +++ b/OSX/libsecurity_cdsa_client/lib/dlclient.h @@ -270,7 +270,7 @@ public: const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes, CSSM_DATA *data); - const CSSM_DL_DB_HANDLE &handle() { activate(); return mHandle; } + const CSSM_DL_DB_HANDLE &handle() { StLock _(mActivateMutex); activate(); return mHandle; } const DbName &dbName() { return mDbName; } void dbName(const DbName &dbName) { mDbName = dbName; } diff --git a/OSX/libsecurity_cdsa_client/lib/keyclient.cpp b/OSX/libsecurity_cdsa_client/lib/keyclient.cpp index 5bf04d6e..82b3c454 100644 --- a/OSX/libsecurity_cdsa_client/lib/keyclient.cpp +++ b/OSX/libsecurity_cdsa_client/lib/keyclient.cpp @@ -52,6 +52,7 @@ try } catch (...) { + return; // Prevent re-throw of exception [function-try-block] } void diff --git a/OSX/libsecurity_cdsa_client/lib/mdsclient.cpp b/OSX/libsecurity_cdsa_client/lib/mdsclient.cpp index 15e8ae32..915324d8 100644 --- a/OSX/libsecurity_cdsa_client/lib/mdsclient.cpp +++ b/OSX/libsecurity_cdsa_client/lib/mdsclient.cpp @@ -92,7 +92,6 @@ CSSM_HANDLE Directory::dlGetFirst(const CSSM_QUERY &query, CSSM_DB_RECORD_ATTRIB return CSSM_INVALID_HANDLE; default: CssmError::throwMe(rc); - return CSSM_INVALID_HANDLE; // placebo } } @@ -109,7 +108,6 @@ bool Directory::dlGetNext(CSSM_HANDLE handle, CSSM_DB_RECORD_ATTRIBUTE_DATA &att return false; default: CssmError::throwMe(rc); - return false; // placebo } } diff --git a/OSX/libsecurity_cdsa_client/lib/securestorage.cpp b/OSX/libsecurity_cdsa_client/lib/securestorage.cpp index 7d2d0ab1..676a1ad2 100644 --- a/OSX/libsecurity_cdsa_client/lib/securestorage.cpp +++ b/OSX/libsecurity_cdsa_client/lib/securestorage.cpp @@ -46,6 +46,7 @@ try } catch (...) { + return; // Prevent re-throw of exception [function-try-block] } Allocator &CSPDLImpl::allocator() const diff --git a/OSX/libsecurity_cdsa_client/libsecurity_cdsa_client.xcodeproj/project.pbxproj b/OSX/libsecurity_cdsa_client/libsecurity_cdsa_client.xcodeproj/project.pbxproj deleted file mode 100644 index 4f2a5af3..00000000 --- a/OSX/libsecurity_cdsa_client/libsecurity_cdsa_client.xcodeproj/project.pbxproj +++ /dev/null @@ -1,423 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 1865FBDA14723C7600FD79DF /* aclclient.h in Headers */ = {isa = PBXBuildFile; fileRef = C25F9884052C9E3100EDA739 /* aclclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBDB14723C7600FD79DF /* clclient.h in Headers */ = {isa = PBXBuildFile; fileRef = C25F9886052C9E3100EDA739 /* clclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBDC14723C7600FD79DF /* cryptoclient.h in Headers */ = {isa = PBXBuildFile; fileRef = C25F9888052C9E3100EDA739 /* cryptoclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBDD14723C7600FD79DF /* cspclient.h in Headers */ = {isa = PBXBuildFile; fileRef = C25F988A052C9E3100EDA739 /* cspclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBDE14723C7600FD79DF /* cssmclient.h in Headers */ = {isa = PBXBuildFile; fileRef = C25F988C052C9E3100EDA739 /* cssmclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBDF14723C7600FD79DF /* dlclient.h in Headers */ = {isa = PBXBuildFile; fileRef = C25F988E052C9E3100EDA739 /* dlclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBE014723C7600FD79DF /* dliterators.h in Headers */ = {isa = PBXBuildFile; fileRef = C2828D7E0678EF2E00AF941B /* dliterators.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBE114723C7600FD79DF /* dlquery.h in Headers */ = {isa = PBXBuildFile; fileRef = C2EF2AB6066CFFC000F205D4 /* dlquery.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBE214723C7600FD79DF /* dl_standard.h in Headers */ = {isa = PBXBuildFile; fileRef = C2CFE2C106BB009800D98609 /* dl_standard.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBE314723C7600FD79DF /* DLDBList.h in Headers */ = {isa = PBXBuildFile; fileRef = C25F9890052C9E3100EDA739 /* DLDBList.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBE414723C7600FD79DF /* genkey.h in Headers */ = {isa = PBXBuildFile; fileRef = C25F9892052C9E3100EDA739 /* genkey.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBE514723C7600FD79DF /* keychainacl.h in Headers */ = {isa = PBXBuildFile; fileRef = C25F9894052C9E3200EDA739 /* keychainacl.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBE614723C7600FD79DF /* keyclient.h in Headers */ = {isa = PBXBuildFile; fileRef = C25F9896052C9E3200EDA739 /* keyclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBE714723C7600FD79DF /* macclient.h in Headers */ = {isa = PBXBuildFile; fileRef = C25F9898052C9E3200EDA739 /* macclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBE814723C7600FD79DF /* mdsclient.h in Headers */ = {isa = PBXBuildFile; fileRef = C2B3F4990666992F0010FCA5 /* mdsclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBE914723C7600FD79DF /* mds_standard.h in Headers */ = {isa = PBXBuildFile; fileRef = C2B3F6C60667FFFB0010FCA5 /* mds_standard.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBEA14723C7600FD79DF /* multidldb.h in Headers */ = {isa = PBXBuildFile; fileRef = C25F989A052C9E3200EDA739 /* multidldb.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBEB14723C7600FD79DF /* securestorage.h in Headers */ = {isa = PBXBuildFile; fileRef = C25F98A0052C9E3200EDA739 /* securestorage.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBEC14723C7600FD79DF /* signclient.h in Headers */ = {isa = PBXBuildFile; fileRef = C25F98A2052C9E3200EDA739 /* signclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBED14723C7600FD79DF /* tpclient.h in Headers */ = {isa = PBXBuildFile; fileRef = C25F98A4052C9E3200EDA739 /* tpclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBEE14723C7600FD79DF /* wrapkey.h in Headers */ = {isa = PBXBuildFile; fileRef = C25F98A6052C9E3200EDA739 /* wrapkey.h */; settings = {ATTRIBUTES = (Public, ); }; }; - C25F98A7052C9E3200EDA739 /* aclclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C25F9883052C9E3100EDA739 /* aclclient.cpp */; }; - C25F98A9052C9E3200EDA739 /* clclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C25F9885052C9E3100EDA739 /* clclient.cpp */; }; - C25F98AB052C9E3200EDA739 /* cryptoclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C25F9887052C9E3100EDA739 /* cryptoclient.cpp */; }; - C25F98AD052C9E3200EDA739 /* cspclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C25F9889052C9E3100EDA739 /* cspclient.cpp */; }; - C25F98AF052C9E3200EDA739 /* cssmclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C25F988B052C9E3100EDA739 /* cssmclient.cpp */; }; - C25F98B1052C9E3200EDA739 /* dlclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C25F988D052C9E3100EDA739 /* dlclient.cpp */; }; - C25F98B3052C9E3200EDA739 /* DLDBList.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C25F988F052C9E3100EDA739 /* DLDBList.cpp */; }; - C25F98B5052C9E3200EDA739 /* genkey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C25F9891052C9E3100EDA739 /* genkey.cpp */; }; - C25F98B7052C9E3200EDA739 /* keychainacl.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C25F9893052C9E3200EDA739 /* keychainacl.cpp */; }; - C25F98B9052C9E3200EDA739 /* keyclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C25F9895052C9E3200EDA739 /* keyclient.cpp */; }; - C25F98BB052C9E3200EDA739 /* macclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C25F9897052C9E3200EDA739 /* macclient.cpp */; }; - C25F98BD052C9E3200EDA739 /* multidldb.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C25F9899052C9E3200EDA739 /* multidldb.cpp */; }; - C25F98C3052C9E3200EDA739 /* securestorage.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C25F989F052C9E3200EDA739 /* securestorage.cpp */; }; - C25F98C5052C9E3200EDA739 /* signclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C25F98A1052C9E3200EDA739 /* signclient.cpp */; }; - C25F98C7052C9E3200EDA739 /* tpclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C25F98A3052C9E3200EDA739 /* tpclient.cpp */; }; - C25F98C9052C9E3200EDA739 /* wrapkey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C25F98A5052C9E3200EDA739 /* wrapkey.cpp */; }; - C261C8BA0675444A0031FA9C /* dlclientpriv.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C261C8B90675444A0031FA9C /* dlclientpriv.cpp */; }; - C2828D7F0678EF2E00AF941B /* dliterators.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2828D7D0678EF2E00AF941B /* dliterators.cpp */; }; - C2B3F49A0666992F0010FCA5 /* mdsclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2B3F4980666992F0010FCA5 /* mdsclient.cpp */; }; - C2B3F6C70667FFFB0010FCA5 /* mds_standard.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2B3F6C50667FFFB0010FCA5 /* mds_standard.cpp */; }; - C2CFE2C206BB009800D98609 /* dl_standard.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2CFE2C006BB009800D98609 /* dl_standard.cpp */; }; - C2EF2AB7066CFFC000F205D4 /* dlquery.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2EF2AB5066CFFC000F205D4 /* dlquery.cpp */; }; -/* End PBXBuildFile section */ - -/* Begin PBXFileReference section */ - 18446163146E94DE00B12992 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 18446164146E94DE00B12992 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 18446165146E94DE00B12992 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 18446166146E94DE00B12992 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 4CA1FEBE052A3C8100F22E42 /* libsecurity_cdsa_client.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_cdsa_client.a; sourceTree = BUILT_PRODUCTS_DIR; }; - C25F9883052C9E3100EDA739 /* aclclient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = aclclient.cpp; sourceTree = ""; }; - C25F9884052C9E3100EDA739 /* aclclient.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = aclclient.h; sourceTree = ""; }; - C25F9885052C9E3100EDA739 /* clclient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = clclient.cpp; sourceTree = ""; }; - C25F9886052C9E3100EDA739 /* clclient.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = clclient.h; sourceTree = ""; }; - C25F9887052C9E3100EDA739 /* cryptoclient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cryptoclient.cpp; sourceTree = ""; }; - C25F9888052C9E3100EDA739 /* cryptoclient.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cryptoclient.h; sourceTree = ""; }; - C25F9889052C9E3100EDA739 /* cspclient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cspclient.cpp; sourceTree = ""; }; - C25F988A052C9E3100EDA739 /* cspclient.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cspclient.h; sourceTree = ""; }; - C25F988B052C9E3100EDA739 /* cssmclient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = cssmclient.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C25F988C052C9E3100EDA739 /* cssmclient.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmclient.h; sourceTree = ""; }; - C25F988D052C9E3100EDA739 /* dlclient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = dlclient.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C25F988E052C9E3100EDA739 /* dlclient.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = dlclient.h; sourceTree = ""; }; - C25F988F052C9E3100EDA739 /* DLDBList.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = DLDBList.cpp; sourceTree = ""; }; - C25F9890052C9E3100EDA739 /* DLDBList.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DLDBList.h; sourceTree = ""; }; - C25F9891052C9E3100EDA739 /* genkey.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = genkey.cpp; sourceTree = ""; }; - C25F9892052C9E3100EDA739 /* genkey.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = genkey.h; sourceTree = ""; }; - C25F9893052C9E3200EDA739 /* keychainacl.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = keychainacl.cpp; sourceTree = ""; }; - C25F9894052C9E3200EDA739 /* keychainacl.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = keychainacl.h; sourceTree = ""; }; - C25F9895052C9E3200EDA739 /* keyclient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = keyclient.cpp; sourceTree = ""; }; - C25F9896052C9E3200EDA739 /* keyclient.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = keyclient.h; sourceTree = ""; }; - C25F9897052C9E3200EDA739 /* macclient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = macclient.cpp; sourceTree = ""; }; - C25F9898052C9E3200EDA739 /* macclient.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = macclient.h; sourceTree = ""; }; - C25F9899052C9E3200EDA739 /* multidldb.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = multidldb.cpp; sourceTree = ""; }; - C25F989A052C9E3200EDA739 /* multidldb.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = multidldb.h; sourceTree = ""; }; - C25F989F052C9E3200EDA739 /* securestorage.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = securestorage.cpp; sourceTree = ""; }; - C25F98A0052C9E3200EDA739 /* securestorage.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = securestorage.h; sourceTree = ""; }; - C25F98A1052C9E3200EDA739 /* signclient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = signclient.cpp; sourceTree = ""; }; - C25F98A2052C9E3200EDA739 /* signclient.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = signclient.h; sourceTree = ""; }; - C25F98A3052C9E3200EDA739 /* tpclient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = tpclient.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C25F98A4052C9E3200EDA739 /* tpclient.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tpclient.h; sourceTree = ""; }; - C25F98A5052C9E3200EDA739 /* wrapkey.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = wrapkey.cpp; sourceTree = ""; }; - C25F98A6052C9E3200EDA739 /* wrapkey.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = wrapkey.h; sourceTree = ""; }; - C261C8B90675444A0031FA9C /* dlclientpriv.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = dlclientpriv.cpp; sourceTree = ""; }; - C2828D7D0678EF2E00AF941B /* dliterators.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = dliterators.cpp; sourceTree = ""; }; - C2828D7E0678EF2E00AF941B /* dliterators.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = dliterators.h; sourceTree = ""; }; - C2B3F4980666992F0010FCA5 /* mdsclient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = mdsclient.cpp; sourceTree = ""; }; - C2B3F4990666992F0010FCA5 /* mdsclient.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = mdsclient.h; sourceTree = ""; }; - C2B3F6C50667FFFB0010FCA5 /* mds_standard.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = mds_standard.cpp; sourceTree = ""; }; - C2B3F6C60667FFFB0010FCA5 /* mds_standard.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = mds_standard.h; sourceTree = ""; }; - C2CFE2C006BB009800D98609 /* dl_standard.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = dl_standard.cpp; sourceTree = ""; }; - C2CFE2C106BB009800D98609 /* dl_standard.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = dl_standard.h; sourceTree = ""; }; - C2EF2AB5066CFFC000F205D4 /* dlquery.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = dlquery.cpp; sourceTree = ""; }; - C2EF2AB6066CFFC000F205D4 /* dlquery.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = dlquery.h; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 18446162146E94DE00B12992 /* config */ = { - isa = PBXGroup; - children = ( - 18446163146E94DE00B12992 /* base.xcconfig */, - 18446164146E94DE00B12992 /* debug.xcconfig */, - 18446165146E94DE00B12992 /* lib.xcconfig */, - 18446166146E94DE00B12992 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 4CA1FEA7052A3C3800F22E42 = { - isa = PBXGroup; - children = ( - C25F9882052C9E3100EDA739 /* lib */, - 18446162146E94DE00B12992 /* config */, - 4CA1FEBF052A3C8100F22E42 /* Products */, - ); - sourceTree = ""; - }; - 4CA1FEBF052A3C8100F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - 4CA1FEBE052A3C8100F22E42 /* libsecurity_cdsa_client.a */, - ); - name = Products; - sourceTree = ""; - }; - C25F9882052C9E3100EDA739 /* lib */ = { - isa = PBXGroup; - children = ( - C25F9883052C9E3100EDA739 /* aclclient.cpp */, - C25F9884052C9E3100EDA739 /* aclclient.h */, - C25F9885052C9E3100EDA739 /* clclient.cpp */, - C25F9886052C9E3100EDA739 /* clclient.h */, - C25F9887052C9E3100EDA739 /* cryptoclient.cpp */, - C25F9888052C9E3100EDA739 /* cryptoclient.h */, - C25F9889052C9E3100EDA739 /* cspclient.cpp */, - C25F988A052C9E3100EDA739 /* cspclient.h */, - C25F988B052C9E3100EDA739 /* cssmclient.cpp */, - C25F988C052C9E3100EDA739 /* cssmclient.h */, - C25F988D052C9E3100EDA739 /* dlclient.cpp */, - C261C8B90675444A0031FA9C /* dlclientpriv.cpp */, - C25F988E052C9E3100EDA739 /* dlclient.h */, - C2828D7D0678EF2E00AF941B /* dliterators.cpp */, - C2828D7E0678EF2E00AF941B /* dliterators.h */, - C2EF2AB5066CFFC000F205D4 /* dlquery.cpp */, - C2EF2AB6066CFFC000F205D4 /* dlquery.h */, - C2CFE2C006BB009800D98609 /* dl_standard.cpp */, - C2CFE2C106BB009800D98609 /* dl_standard.h */, - C25F988F052C9E3100EDA739 /* DLDBList.cpp */, - C25F9890052C9E3100EDA739 /* DLDBList.h */, - C25F9891052C9E3100EDA739 /* genkey.cpp */, - C25F9892052C9E3100EDA739 /* genkey.h */, - C25F9893052C9E3200EDA739 /* keychainacl.cpp */, - C25F9894052C9E3200EDA739 /* keychainacl.h */, - C25F9895052C9E3200EDA739 /* keyclient.cpp */, - C25F9896052C9E3200EDA739 /* keyclient.h */, - C25F9897052C9E3200EDA739 /* macclient.cpp */, - C25F9898052C9E3200EDA739 /* macclient.h */, - C2B3F4980666992F0010FCA5 /* mdsclient.cpp */, - C2B3F4990666992F0010FCA5 /* mdsclient.h */, - C2B3F6C50667FFFB0010FCA5 /* mds_standard.cpp */, - C2B3F6C60667FFFB0010FCA5 /* mds_standard.h */, - C25F9899052C9E3200EDA739 /* multidldb.cpp */, - C25F989A052C9E3200EDA739 /* multidldb.h */, - C25F989F052C9E3200EDA739 /* securestorage.cpp */, - C25F98A0052C9E3200EDA739 /* securestorage.h */, - C25F98A1052C9E3200EDA739 /* signclient.cpp */, - C25F98A2052C9E3200EDA739 /* signclient.h */, - C25F98A3052C9E3200EDA739 /* tpclient.cpp */, - C25F98A4052C9E3200EDA739 /* tpclient.h */, - C25F98A5052C9E3200EDA739 /* wrapkey.cpp */, - C25F98A6052C9E3200EDA739 /* wrapkey.h */, - ); - path = lib; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - C2EDE99A0545D8AD00E31CF9 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 1865FBDE14723C7600FD79DF /* cssmclient.h in Headers */, - 1865FBDA14723C7600FD79DF /* aclclient.h in Headers */, - 1865FBDB14723C7600FD79DF /* clclient.h in Headers */, - 1865FBDC14723C7600FD79DF /* cryptoclient.h in Headers */, - 1865FBDD14723C7600FD79DF /* cspclient.h in Headers */, - 1865FBDF14723C7600FD79DF /* dlclient.h in Headers */, - 1865FBE014723C7600FD79DF /* dliterators.h in Headers */, - 1865FBE114723C7600FD79DF /* dlquery.h in Headers */, - 1865FBE214723C7600FD79DF /* dl_standard.h in Headers */, - 1865FBE314723C7600FD79DF /* DLDBList.h in Headers */, - 1865FBE414723C7600FD79DF /* genkey.h in Headers */, - 1865FBE514723C7600FD79DF /* keychainacl.h in Headers */, - 1865FBE614723C7600FD79DF /* keyclient.h in Headers */, - 1865FBE714723C7600FD79DF /* macclient.h in Headers */, - 1865FBE814723C7600FD79DF /* mdsclient.h in Headers */, - 1865FBE914723C7600FD79DF /* mds_standard.h in Headers */, - 1865FBEA14723C7600FD79DF /* multidldb.h in Headers */, - 1865FBEB14723C7600FD79DF /* securestorage.h in Headers */, - 1865FBEC14723C7600FD79DF /* signclient.h in Headers */, - 1865FBED14723C7600FD79DF /* tpclient.h in Headers */, - 1865FBEE14723C7600FD79DF /* wrapkey.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 4CA1FEBD052A3C8100F22E42 /* libsecurity_cdsa_client */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD2D20987FCDD001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_cdsa_client" */; - buildPhases = ( - C2EDE99A0545D8AD00E31CF9 /* Headers */, - 4CA1FEBA052A3C8100F22E42 /* Sources */, - 4CA1FEBB052A3C8100F22E42 /* Frameworks */, - 18B96AFA14743E02005A4D2E /* ShellScript */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_cdsa_client; - productInstallPath = /usr/local/lib; - productName = libsecurity_cdsa_client; - productReference = 4CA1FEBE052A3C8100F22E42 /* libsecurity_cdsa_client.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEAB052A3C3800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD2D60987FCDD001272E0 /* Build configuration list for PBXProject "libsecurity_cdsa_client" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - English, - Japanese, - French, - German, - ); - mainGroup = 4CA1FEA7052A3C3800F22E42; - productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; - projectDirPath = ""; - projectRoot = ""; - targets = ( - 4CA1FEBD052A3C8100F22E42 /* libsecurity_cdsa_client */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXShellScriptBuildPhase section */ - 18B96AFA14743E02005A4D2E /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - "$(SRCROOT)/", - "$(SRCROOT)/lib/", - ); - outputPaths = ( - "${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}", - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "# with our source directories as input files, Xcode will only re-run this phase if there's been a source change\nnmedit -p \"${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}\"\nranlib \"${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}\""; - }; -/* End PBXShellScriptBuildPhase section */ - -/* Begin PBXSourcesBuildPhase section */ - 4CA1FEBA052A3C8100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - C25F98A7052C9E3200EDA739 /* aclclient.cpp in Sources */, - C25F98A9052C9E3200EDA739 /* clclient.cpp in Sources */, - C25F98AB052C9E3200EDA739 /* cryptoclient.cpp in Sources */, - C25F98AD052C9E3200EDA739 /* cspclient.cpp in Sources */, - C25F98AF052C9E3200EDA739 /* cssmclient.cpp in Sources */, - C25F98B1052C9E3200EDA739 /* dlclient.cpp in Sources */, - C25F98B3052C9E3200EDA739 /* DLDBList.cpp in Sources */, - C25F98B5052C9E3200EDA739 /* genkey.cpp in Sources */, - C25F98B7052C9E3200EDA739 /* keychainacl.cpp in Sources */, - C25F98B9052C9E3200EDA739 /* keyclient.cpp in Sources */, - C25F98BB052C9E3200EDA739 /* macclient.cpp in Sources */, - C25F98BD052C9E3200EDA739 /* multidldb.cpp in Sources */, - C25F98C3052C9E3200EDA739 /* securestorage.cpp in Sources */, - C25F98C5052C9E3200EDA739 /* signclient.cpp in Sources */, - C25F98C7052C9E3200EDA739 /* tpclient.cpp in Sources */, - C25F98C9052C9E3200EDA739 /* wrapkey.cpp in Sources */, - C2B3F49A0666992F0010FCA5 /* mdsclient.cpp in Sources */, - C2B3F6C70667FFFB0010FCA5 /* mds_standard.cpp in Sources */, - C2EF2AB7066CFFC000F205D4 /* dlquery.cpp in Sources */, - C261C8BA0675444A0031FA9C /* dlclientpriv.cpp in Sources */, - C2828D7F0678EF2E00AF941B /* dliterators.cpp in Sources */, - C2CFE2C206BB009800D98609 /* dl_standard.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin XCBuildConfiguration section */ - C27AD2D30987FCDD001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18446164146E94DE00B12992 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_cdsa_client; - SKIP_INSTALL = NO; - WARNING_CFLAGS = ( - "$(inherited)", - "-Wno-error=overloaded-virtual", - ); - }; - name = Debug; - }; - C27AD2D50987FCDD001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18446166146E94DE00B12992 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_cdsa_client; - SKIP_INSTALL = NO; - WARNING_CFLAGS = ( - "$(inherited)", - "-Wno-error=overloaded-virtual", - ); - }; - name = Release; - }; - C27AD2D70987FCDD001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18446165146E94DE00B12992 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD2D90987FCDD001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18446165146E94DE00B12992 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C27AD2D20987FCDD001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_cdsa_client" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD2D30987FCDD001272E0 /* Debug */, - C27AD2D50987FCDD001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD2D60987FCDD001272E0 /* Build configuration list for PBXProject "libsecurity_cdsa_client" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD2D70987FCDD001272E0 /* Debug */, - C27AD2D90987FCDD001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; -} diff --git a/OSX/libsecurity_cdsa_plugin/libsecurity_cdsa_plugin.xcodeproj/project.pbxproj b/OSX/libsecurity_cdsa_plugin/libsecurity_cdsa_plugin.xcodeproj/project.pbxproj deleted file mode 100644 index f3885e05..00000000 --- a/OSX/libsecurity_cdsa_plugin/libsecurity_cdsa_plugin.xcodeproj/project.pbxproj +++ /dev/null @@ -1,411 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 182BB5DB1470664C000BF1F3 /* CSPabstractsession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2196BDD053B6036005808D4 /* CSPabstractsession.cpp */; }; - 1865FC2C1472485800FD79DF /* ACsession.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F8455E052CA23100F4D742 /* ACsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC2D1472485800FD79DF /* c++plugin.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F8455F052CA23100F4D742 /* c++plugin.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC2E1472485800FD79DF /* CLsession.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F84560052CA23100F4D742 /* CLsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC2F1472485800FD79DF /* CSPsession.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F84562052CA23100F4D742 /* CSPsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC301472485800FD79DF /* cssmplugin.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F84565052CA23100F4D742 /* cssmplugin.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC311472485800FD79DF /* Database.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C34408C0534CC81005148B6 /* Database.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC321472485800FD79DF /* DatabaseSession.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C34408E0534CC81005148B6 /* DatabaseSession.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC331472485800FD79DF /* DbContext.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C3440900534CC82005148B6 /* DbContext.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC341472485800FD79DF /* DLsession.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F84567052CA23100F4D742 /* DLsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC351472485800FD79DF /* pluginsession.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F8456C052CA23100F4D742 /* pluginsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC361472485800FD79DF /* pluginspi.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F8456D052CA23100F4D742 /* pluginspi.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC371472485800FD79DF /* TPsession.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F8456E052CA23100F4D742 /* TPsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC381472485800FD79DF /* ACabstractsession.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C52AC740540B25100536F78 /* ACabstractsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC391472485800FD79DF /* CLabstractsession.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C52AC750540B25100536F78 /* CLabstractsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC3A1472485800FD79DF /* CSPabstractsession.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C52AC760540B25100536F78 /* CSPabstractsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC3B1472485800FD79DF /* DLabstractsession.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C52AC770540B25100536F78 /* DLabstractsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC3C1472485800FD79DF /* TPabstractsession.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C52AC780540B25100536F78 /* TPabstractsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 4C3440910534CC82005148B6 /* Database.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C34408B0534CC81005148B6 /* Database.cpp */; }; - 4C3440930534CC82005148B6 /* DatabaseSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C34408D0534CC81005148B6 /* DatabaseSession.cpp */; }; - 4C3440950534CC82005148B6 /* DbContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C34408F0534CC82005148B6 /* DbContext.cpp */; }; - C2196BE0053B6036005808D4 /* ACabstractsession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2196BDB053B6036005808D4 /* ACabstractsession.cpp */; }; - C2196BE1053B6036005808D4 /* CLabstractsession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2196BDC053B6036005808D4 /* CLabstractsession.cpp */; }; - C2196BE3053B6036005808D4 /* DLabstractsession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2196BDE053B6036005808D4 /* DLabstractsession.cpp */; }; - C2196BE4053B6036005808D4 /* TPabstractsession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2196BDF053B6036005808D4 /* TPabstractsession.cpp */; }; - C2F84572052CA23100F4D742 /* CSPsession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F84561052CA23100F4D742 /* CSPsession.cpp */; }; - C2F84574052CA23100F4D742 /* csputilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F84563052CA23100F4D742 /* csputilities.cpp */; }; - C2F84575052CA23100F4D742 /* cssmplugin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F84564052CA23100F4D742 /* cssmplugin.cpp */; }; - C2F84577052CA23100F4D742 /* DLsession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F84566052CA23100F4D742 /* DLsession.cpp */; }; - C2F84579052CA23100F4D742 /* pluginsession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F8456B052CA23100F4D742 /* pluginsession.cpp */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 1844607C146DF45600B12992 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18446077146DF45600B12992 /* libsecurity_utilities.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA2A53A0523D32800978A7B; - remoteInfo = libsecurity_utilities; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXFileReference section */ - 1844606D146DEE4400B12992 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 1844606E146DEE4400B12992 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 1844606F146DEE4400B12992 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 18446070146DEE4400B12992 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 18446077146DF45600B12992 /* libsecurity_utilities.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_utilities.xcodeproj; path = ../libsecurity_utilities/libsecurity_utilities.xcodeproj; sourceTree = ""; }; - 4C34408B0534CC81005148B6 /* Database.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = Database.cpp; sourceTree = ""; }; - 4C34408C0534CC81005148B6 /* Database.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = Database.h; sourceTree = ""; }; - 4C34408D0534CC81005148B6 /* DatabaseSession.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = DatabaseSession.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4C34408E0534CC81005148B6 /* DatabaseSession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DatabaseSession.h; sourceTree = ""; }; - 4C34408F0534CC82005148B6 /* DbContext.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = DbContext.cpp; sourceTree = ""; }; - 4C3440900534CC82005148B6 /* DbContext.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DbContext.h; sourceTree = ""; }; - 4C52AC740540B25100536F78 /* ACabstractsession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = ACabstractsession.h; path = lib/ACabstractsession.h; sourceTree = SOURCE_ROOT; }; - 4C52AC750540B25100536F78 /* CLabstractsession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = CLabstractsession.h; path = lib/CLabstractsession.h; sourceTree = SOURCE_ROOT; }; - 4C52AC760540B25100536F78 /* CSPabstractsession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = CSPabstractsession.h; path = lib/CSPabstractsession.h; sourceTree = SOURCE_ROOT; }; - 4C52AC770540B25100536F78 /* DLabstractsession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = DLabstractsession.h; path = lib/DLabstractsession.h; sourceTree = SOURCE_ROOT; }; - 4C52AC780540B25100536F78 /* TPabstractsession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = TPabstractsession.h; path = lib/TPabstractsession.h; sourceTree = SOURCE_ROOT; }; - 4CA1FEBE052A3C8100F22E42 /* libsecurity_cdsa_plugin.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_cdsa_plugin.a; sourceTree = BUILT_PRODUCTS_DIR; }; - C2196BDB053B6036005808D4 /* ACabstractsession.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = ACabstractsession.cpp; path = lib/ACabstractsession.cpp; sourceTree = SOURCE_ROOT; }; - C2196BDC053B6036005808D4 /* CLabstractsession.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = CLabstractsession.cpp; path = lib/CLabstractsession.cpp; sourceTree = SOURCE_ROOT; }; - C2196BDD053B6036005808D4 /* CSPabstractsession.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = CSPabstractsession.cpp; path = lib/CSPabstractsession.cpp; sourceTree = SOURCE_ROOT; }; - C2196BDE053B6036005808D4 /* DLabstractsession.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = DLabstractsession.cpp; path = lib/DLabstractsession.cpp; sourceTree = SOURCE_ROOT; }; - C2196BDF053B6036005808D4 /* TPabstractsession.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = TPabstractsession.cpp; path = lib/TPabstractsession.cpp; sourceTree = SOURCE_ROOT; }; - C2F8455E052CA23100F4D742 /* ACsession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ACsession.h; sourceTree = ""; }; - C2F8455F052CA23100F4D742 /* c++plugin.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = "c++plugin.h"; sourceTree = ""; }; - C2F84560052CA23100F4D742 /* CLsession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CLsession.h; sourceTree = ""; }; - C2F84561052CA23100F4D742 /* CSPsession.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = CSPsession.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2F84562052CA23100F4D742 /* CSPsession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CSPsession.h; sourceTree = ""; }; - C2F84563052CA23100F4D742 /* csputilities.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = csputilities.cpp; sourceTree = ""; }; - C2F84564052CA23100F4D742 /* cssmplugin.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cssmplugin.cpp; sourceTree = ""; }; - C2F84565052CA23100F4D742 /* cssmplugin.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmplugin.h; sourceTree = ""; }; - C2F84566052CA23100F4D742 /* DLsession.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = DLsession.cpp; sourceTree = ""; }; - C2F84567052CA23100F4D742 /* DLsession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DLsession.h; sourceTree = ""; }; - C2F84568052CA23100F4D742 /* generator.cfg */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = generator.cfg; sourceTree = ""; }; - C2F84569052CA23100F4D742 /* generator.mk */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = generator.mk; sourceTree = ""; }; - C2F8456A052CA23100F4D742 /* generator.pl */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.script.perl; path = generator.pl; sourceTree = ""; }; - C2F8456B052CA23100F4D742 /* pluginsession.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = pluginsession.cpp; sourceTree = ""; }; - C2F8456C052CA23100F4D742 /* pluginsession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = pluginsession.h; sourceTree = ""; }; - C2F8456D052CA23100F4D742 /* pluginspi.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = pluginspi.h; sourceTree = ""; }; - C2F8456E052CA23100F4D742 /* TPsession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = TPsession.h; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 1844606C146DEE4400B12992 /* config */ = { - isa = PBXGroup; - children = ( - 1844606D146DEE4400B12992 /* base.xcconfig */, - 1844606E146DEE4400B12992 /* debug.xcconfig */, - 1844606F146DEE4400B12992 /* lib.xcconfig */, - 18446070146DEE4400B12992 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 18446078146DF45600B12992 /* Products */ = { - isa = PBXGroup; - children = ( - 1844607D146DF45600B12992 /* libsecurity_utilities.a */, - ); - name = Products; - sourceTree = ""; - }; - 4CA1FEA7052A3C3800F22E42 = { - isa = PBXGroup; - children = ( - 18446077146DF45600B12992 /* libsecurity_utilities.xcodeproj */, - C2F8455D052CA23100F4D742 /* lib */, - 1844606C146DEE4400B12992 /* config */, - C2196BD8053B5FFE005808D4 /* derived_src */, - 4CA1FEBF052A3C8100F22E42 /* Products */, - ); - sourceTree = ""; - }; - 4CA1FEBF052A3C8100F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - 4CA1FEBE052A3C8100F22E42 /* libsecurity_cdsa_plugin.a */, - ); - name = Products; - sourceTree = ""; - }; - C2196BD8053B5FFE005808D4 /* derived_src */ = { - isa = PBXGroup; - children = ( - ); - path = derived_src; - sourceTree = BUILT_PRODUCTS_DIR; - }; - C2F8455D052CA23100F4D742 /* lib */ = { - isa = PBXGroup; - children = ( - C2F8455E052CA23100F4D742 /* ACsession.h */, - C2F8455F052CA23100F4D742 /* c++plugin.h */, - C2F84560052CA23100F4D742 /* CLsession.h */, - C2F84561052CA23100F4D742 /* CSPsession.cpp */, - C2F84562052CA23100F4D742 /* CSPsession.h */, - C2F84563052CA23100F4D742 /* csputilities.cpp */, - C2F84564052CA23100F4D742 /* cssmplugin.cpp */, - C2F84565052CA23100F4D742 /* cssmplugin.h */, - 4C34408B0534CC81005148B6 /* Database.cpp */, - 4C34408C0534CC81005148B6 /* Database.h */, - 4C34408D0534CC81005148B6 /* DatabaseSession.cpp */, - 4C34408E0534CC81005148B6 /* DatabaseSession.h */, - 4C34408F0534CC82005148B6 /* DbContext.cpp */, - 4C3440900534CC82005148B6 /* DbContext.h */, - C2F84566052CA23100F4D742 /* DLsession.cpp */, - C2F84567052CA23100F4D742 /* DLsession.h */, - C2F84568052CA23100F4D742 /* generator.cfg */, - C2F84569052CA23100F4D742 /* generator.mk */, - C2F8456A052CA23100F4D742 /* generator.pl */, - C2F8456B052CA23100F4D742 /* pluginsession.cpp */, - C2F8456C052CA23100F4D742 /* pluginsession.h */, - C2F8456D052CA23100F4D742 /* pluginspi.h */, - C2F8456E052CA23100F4D742 /* TPsession.h */, - C2196BDB053B6036005808D4 /* ACabstractsession.cpp */, - C2196BDC053B6036005808D4 /* CLabstractsession.cpp */, - C2196BDD053B6036005808D4 /* CSPabstractsession.cpp */, - C2196BDE053B6036005808D4 /* DLabstractsession.cpp */, - C2196BDF053B6036005808D4 /* TPabstractsession.cpp */, - 4C52AC740540B25100536F78 /* ACabstractsession.h */, - 4C52AC750540B25100536F78 /* CLabstractsession.h */, - 4C52AC760540B25100536F78 /* CSPabstractsession.h */, - 4C52AC770540B25100536F78 /* DLabstractsession.h */, - 4C52AC780540B25100536F78 /* TPabstractsession.h */, - ); - path = lib; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 4C22DE5A055340D40032D046 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 1865FC2C1472485800FD79DF /* ACsession.h in Headers */, - 1865FC2D1472485800FD79DF /* c++plugin.h in Headers */, - 1865FC2E1472485800FD79DF /* CLsession.h in Headers */, - 1865FC2F1472485800FD79DF /* CSPsession.h in Headers */, - 1865FC301472485800FD79DF /* cssmplugin.h in Headers */, - 1865FC311472485800FD79DF /* Database.h in Headers */, - 1865FC321472485800FD79DF /* DatabaseSession.h in Headers */, - 1865FC331472485800FD79DF /* DbContext.h in Headers */, - 1865FC341472485800FD79DF /* DLsession.h in Headers */, - 1865FC351472485800FD79DF /* pluginsession.h in Headers */, - 1865FC361472485800FD79DF /* pluginspi.h in Headers */, - 1865FC371472485800FD79DF /* TPsession.h in Headers */, - 1865FC381472485800FD79DF /* ACabstractsession.h in Headers */, - 1865FC391472485800FD79DF /* CLabstractsession.h in Headers */, - 1865FC3A1472485800FD79DF /* CSPabstractsession.h in Headers */, - 1865FC3B1472485800FD79DF /* DLabstractsession.h in Headers */, - 1865FC3C1472485800FD79DF /* TPabstractsession.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 4CA1FEBD052A3C8100F22E42 /* libsecurity_cdsa_plugin */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD2E40987FCDD001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_cdsa_plugin" */; - buildPhases = ( - 4C22DE5A055340D40032D046 /* Headers */, - 4CA1FEBA052A3C8100F22E42 /* Sources */, - 4CA1FEBB052A3C8100F22E42 /* Frameworks */, - 18B96AFC14743E18005A4D2E /* ShellScript */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_cdsa_plugin; - productName = libsecurity_cdsa_plugin; - productReference = 4CA1FEBE052A3C8100F22E42 /* libsecurity_cdsa_plugin.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEAB052A3C3800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD2E80987FCDD001272E0 /* Build configuration list for PBXProject "libsecurity_cdsa_plugin" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - en, - ); - mainGroup = 4CA1FEA7052A3C3800F22E42; - productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 18446078146DF45600B12992 /* Products */; - ProjectRef = 18446077146DF45600B12992 /* libsecurity_utilities.xcodeproj */; - }, - ); - projectRoot = ""; - targets = ( - 4CA1FEBD052A3C8100F22E42 /* libsecurity_cdsa_plugin */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 1844607D146DF45600B12992 /* libsecurity_utilities.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_utilities.a; - remoteRef = 1844607C146DF45600B12992 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; -/* End PBXReferenceProxy section */ - -/* Begin PBXShellScriptBuildPhase section */ - 18B96AFC14743E18005A4D2E /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - "$(SRCROOT)/", - "$(SRCROOT)/lib/", - ); - outputPaths = ( - "${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}", - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "# with our source directories as input files, Xcode will only re-run this phase if there's been a source change\nnmedit -p \"${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}\"\nranlib \"${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}\""; - }; -/* End PBXShellScriptBuildPhase section */ - -/* Begin PBXSourcesBuildPhase section */ - 4CA1FEBA052A3C8100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - C2F84572052CA23100F4D742 /* CSPsession.cpp in Sources */, - C2F84574052CA23100F4D742 /* csputilities.cpp in Sources */, - C2F84575052CA23100F4D742 /* cssmplugin.cpp in Sources */, - 4C3440910534CC82005148B6 /* Database.cpp in Sources */, - 4C3440930534CC82005148B6 /* DatabaseSession.cpp in Sources */, - 4C3440950534CC82005148B6 /* DbContext.cpp in Sources */, - C2F84577052CA23100F4D742 /* DLsession.cpp in Sources */, - C2F84579052CA23100F4D742 /* pluginsession.cpp in Sources */, - C2196BE0053B6036005808D4 /* ACabstractsession.cpp in Sources */, - C2196BE1053B6036005808D4 /* CLabstractsession.cpp in Sources */, - 182BB5DB1470664C000BF1F3 /* CSPabstractsession.cpp in Sources */, - C2196BE3053B6036005808D4 /* DLabstractsession.cpp in Sources */, - C2196BE4053B6036005808D4 /* TPabstractsession.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin XCBuildConfiguration section */ - C27AD2E50987FCDD001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1844606E146DEE4400B12992 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - OTHER_CFLAGS = ""; - PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_cdsa_plugin; - SKIP_INSTALL = NO; - }; - name = Debug; - }; - C27AD2E70987FCDD001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18446070146DEE4400B12992 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - OTHER_CFLAGS = ""; - PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_cdsa_plugin; - SKIP_INSTALL = NO; - }; - name = Release; - }; - C27AD2E90987FCDD001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1844606F146DEE4400B12992 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD2EB0987FCDD001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1844606F146DEE4400B12992 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C27AD2E40987FCDD001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_cdsa_plugin" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD2E50987FCDD001272E0 /* Debug */, - C27AD2E70987FCDD001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD2E80987FCDD001272E0 /* Build configuration list for PBXProject "libsecurity_cdsa_plugin" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD2E90987FCDD001272E0 /* Debug */, - C27AD2EB0987FCDD001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; -} diff --git a/OSX/libsecurity_cdsa_utilities/lib/Schema.m4 b/OSX/libsecurity_cdsa_utilities/lib/Schema.m4 index 1d4f9e12..e73be967 100644 --- a/OSX/libsecurity_cdsa_utilities/lib/Schema.m4 +++ b/OSX/libsecurity_cdsa_utilities/lib/Schema.m4 @@ -382,7 +382,7 @@ itemClassFor(CSSM_DB_RECORDTYPE recordType) { case CSSM_DL_DB_RECORD_GENERIC_PASSWORD: return kSecGenericPasswordItemClass; case CSSM_DL_DB_RECORD_INTERNET_PASSWORD: return kSecInternetPasswordItemClass; - case CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD: return 'ashp'; + case CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD: return (SecItemClass) 'ashp'; default: return SecItemClass(recordType); } } diff --git a/OSX/libsecurity_cdsa_utilities/lib/cssmerrors.cpp b/OSX/libsecurity_cdsa_utilities/lib/cssmerrors.cpp index 301ced86..368699dc 100644 --- a/OSX/libsecurity_cdsa_utilities/lib/cssmerrors.cpp +++ b/OSX/libsecurity_cdsa_utilities/lib/cssmerrors.cpp @@ -39,8 +39,18 @@ CssmError::CssmError(CSSM_RETURN err) : error(err) SECURITY_EXCEPTION_THROW_CSSM(this, err); snprintf(whatBuffer, whatBufferSize, "CSSM Exception: %d %s", err, cssmErrorString(err)); - secnotice("security_exception", "%s", what()); - LogBacktrace(); + switch(err) { + case CSSMERR_CL_UNKNOWN_TAG: +#ifndef NDEBUG + secinfo("security_exception", "%s", what()); + LogBacktrace(); +#endif + break; + default: + secnotice("security_exception", "%s", what()); + LogBacktrace(); + break; + } } diff --git a/OSX/libsecurity_cdsa_utilities/lib/handletemplates.cpp b/OSX/libsecurity_cdsa_utilities/lib/handletemplates.cpp index 4d550d79..4d603253 100644 --- a/OSX/libsecurity_cdsa_utilities/lib/handletemplates.cpp +++ b/OSX/libsecurity_cdsa_utilities/lib/handletemplates.cpp @@ -26,6 +26,9 @@ #include #include +namespace Security +{ + // // Instantiate the explicit MappingHandle subclasses. If there start to be // a lot of these, break this into multiple .cpp files so useless classes @@ -37,3 +40,5 @@ template struct TypedHandle; // HandledObject template class MappingHandle; // HandleObject template class MappingHandle; // U32HandleObject + +} diff --git a/OSX/libsecurity_cdsa_utilities/lib/objectacl.cpp b/OSX/libsecurity_cdsa_utilities/lib/objectacl.cpp index 91cecb6d..80989e2d 100644 --- a/OSX/libsecurity_cdsa_utilities/lib/objectacl.cpp +++ b/OSX/libsecurity_cdsa_utilities/lib/objectacl.cpp @@ -29,6 +29,7 @@ #include #include #include +#include #include #include @@ -42,6 +43,7 @@ using namespace DataWalkers; // These are the kinds of ACL subjects we can deal with. // ModuleNexus ObjectAcl::makers; +NormalMutex ObjectAcl::makersMutex; // @@ -577,6 +579,7 @@ void ObjectAcl::AclEntry::importBlob(Reader &pub, Reader &priv) AclSubject::Maker::Maker(CSSM_ACL_SUBJECT_TYPE type) : mType(type) { + StLock _(ObjectAcl::makersMutex); ObjectAcl::makers()[type] = this; } @@ -595,6 +598,7 @@ AclSubject *ObjectAcl::make(uint32 typeAndVersion, Reader &pub, Reader &priv) AclSubject::Maker &ObjectAcl::makerFor(CSSM_ACL_SUBJECT_TYPE type) { + StLock _(ObjectAcl::makersMutex); AclSubject::Maker *maker = makers()[type]; if (maker == NULL) CssmError::throwMe(CSSM_ERRCODE_ACL_SUBJECT_TYPE_NOT_SUPPORTED); diff --git a/OSX/libsecurity_cdsa_utilities/lib/objectacl.h b/OSX/libsecurity_cdsa_utilities/lib/objectacl.h index 78a08bf7..67427cdf 100644 --- a/OSX/libsecurity_cdsa_utilities/lib/objectacl.h +++ b/OSX/libsecurity_cdsa_utilities/lib/objectacl.h @@ -30,6 +30,7 @@ #include #include +#include #include #include #include @@ -241,6 +242,7 @@ private: private: typedef map MakerMap; static ModuleNexus makers; // registered subject Makers + static NormalMutex makersMutex; static AclSubject::Maker &makerFor(CSSM_ACL_SUBJECT_TYPE type); }; diff --git a/OSX/libsecurity_cdsa_utilities/libsecurity_cdsa_utilities.xcodeproj/project.pbxproj b/OSX/libsecurity_cdsa_utilities/libsecurity_cdsa_utilities.xcodeproj/project.pbxproj deleted file mode 100644 index f172ab63..00000000 --- a/OSX/libsecurity_cdsa_utilities/libsecurity_cdsa_utilities.xcodeproj/project.pbxproj +++ /dev/null @@ -1,725 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 1865FBF01472415600FD79DF /* objectacl.h in Headers */ = {isa = PBXBuildFile; fileRef = C2BFD03306E6CDFE0047EA99 /* objectacl.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBF11472415600FD79DF /* aclsubject.h in Headers */ = {isa = PBXBuildFile; fileRef = C2BFD03106E6CDFE0047EA99 /* aclsubject.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBF21472415600FD79DF /* cssmacl.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64CF7052A3278008ED0EA /* cssmacl.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBF31472415600FD79DF /* acl_any.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64CE1052A3278008ED0EA /* acl_any.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBF41472415600FD79DF /* acl_codesigning.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64CE3052A3278008ED0EA /* acl_codesigning.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBF51472415600FD79DF /* acl_comment.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64CE5052A3278008ED0EA /* acl_comment.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBF61472415600FD79DF /* acl_password.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64CE7052A3278008ED0EA /* acl_password.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBF71472415600FD79DF /* acl_preauth.h in Headers */ = {isa = PBXBuildFile; fileRef = C2371E3F06DD3E5E00E15E6F /* acl_preauth.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBF81472415600FD79DF /* acl_process.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64CE9052A3278008ED0EA /* acl_process.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBF91472415600FD79DF /* acl_prompted.h in Headers */ = {isa = PBXBuildFile; fileRef = C2BFD0E706E792410047EA99 /* acl_prompted.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBFA1472415600FD79DF /* acl_protectedpw.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64CEB052A3278008ED0EA /* acl_protectedpw.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBFB1472415600FD79DF /* acl_secret.h in Headers */ = {isa = PBXBuildFile; fileRef = C2BFD05B06E6D0560047EA99 /* acl_secret.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBFC1472415600FD79DF /* acl_threshold.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64CED052A3278008ED0EA /* acl_threshold.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBFD1472415600FD79DF /* AuthorizationData.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C838EA4058163A4006DA084 /* AuthorizationData.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBFE1472415600FD79DF /* AuthorizationWalkers.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C838EA5058163A4006DA084 /* AuthorizationWalkers.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBFF1472415600FD79DF /* callback.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64CEF052A3278008ED0EA /* callback.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC001472415600FD79DF /* constdata.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64CF3052A3278008ED0EA /* constdata.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC011472415600FD79DF /* context.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64CF5052A3278008ED0EA /* context.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC021472415600FD79DF /* cssmaclpod.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64CF9052A3278008ED0EA /* cssmaclpod.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC031472415600FD79DF /* cssmalloc.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64CFB052A3278008ED0EA /* cssmalloc.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC041472415600FD79DF /* cssmbridge.h in Headers */ = {isa = PBXBuildFile; fileRef = C21A3EBE0545BEFA00C40B2E /* cssmbridge.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC051472415600FD79DF /* cssmcert.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64CFD052A3278008ED0EA /* cssmcert.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC061472415600FD79DF /* cssmcred.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64CFF052A3278008ED0EA /* cssmcred.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC071472415600FD79DF /* cssmdata.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64D01052A3278008ED0EA /* cssmdata.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC081472415600FD79DF /* cssmdates.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64D03052A3278008ED0EA /* cssmdates.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC091472415600FD79DF /* cssmdb.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C088044053219880049BBEF /* cssmdb.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC0A1472415600FD79DF /* cssmdbname.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C66D5E905321B2700537B59 /* cssmdbname.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC0B1472415600FD79DF /* cssmendian.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64D07052A3278008ED0EA /* cssmendian.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC0C1472415600FD79DF /* cssmerrors.h in Headers */ = {isa = PBXBuildFile; fileRef = C22EC42A052B8E4900D55C69 /* cssmerrors.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC0D1472415600FD79DF /* cssmkey.h in Headers */ = {isa = PBXBuildFile; fileRef = C21A3EC00545BEFA00C40B2E /* cssmkey.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC0E1472415600FD79DF /* cssmlist.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64D0B052A3278008ED0EA /* cssmlist.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC0F1472415600FD79DF /* cssmpods.h in Headers */ = {isa = PBXBuildFile; fileRef = C21A3EC20545BEFA00C40B2E /* cssmpods.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC101472415600FD79DF /* cssmtrust.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64D0D052A3278008ED0EA /* cssmtrust.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC111472415600FD79DF /* cssmwalkers.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64D11052A3278008ED0EA /* cssmwalkers.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC121472415600FD79DF /* db++.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64D13052A3278008ED0EA /* db++.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC131472415600FD79DF /* digestobject.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64D14052A3278008ED0EA /* digestobject.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC141472415600FD79DF /* handleobject.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64D16052A3278008ED0EA /* handleobject.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC151472415600FD79DF /* handletemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = 4E494DA80E0B084900026B9C /* handletemplates.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC161472415600FD79DF /* handletemplates_defs.h in Headers */ = {isa = PBXBuildFile; fileRef = 4E494DA90E0B084900026B9C /* handletemplates_defs.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC171472415600FD79DF /* KeySchema.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C38951C0534B198009CF879 /* KeySchema.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC181472415600FD79DF /* Schema.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C96461A05378CCD00499C82 /* Schema.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC191472415600FD79DF /* osxverifier.h in Headers */ = {isa = PBXBuildFile; fileRef = C2C1DC540A2CD98A00D1B02B /* osxverifier.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC1A1472415600FD79DF /* u32handleobject.h in Headers */ = {isa = PBXBuildFile; fileRef = B61D0F900E0CF46700EC386B /* u32handleobject.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC1B1472415700FD79DF /* uniformrandom.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64D23052A3278008ED0EA /* uniformrandom.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC1C1472415700FD79DF /* walkers.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF64D25052A3278008ED0EA /* walkers.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 4C088047053219880049BBEF /* cssmdb.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C088043053219880049BBEF /* cssmdb.cpp */; }; - 4C3895410534B31D009CF879 /* KeySchema.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C3895400534B31D009CF879 /* KeySchema.cpp */; }; - 4C66D5EA05321B2700537B59 /* cssmdbname.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C66D5E805321B2700537B59 /* cssmdbname.cpp */; }; - 4C838EA6058163A4006DA084 /* AuthorizationData.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C838EA3058163A4006DA084 /* AuthorizationData.cpp */; }; - 4C92661705349551004B0E72 /* cssmerrors.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C22EC429052B8E4900D55C69 /* cssmerrors.cpp */; }; - 4C96462105378CEE00499C82 /* Schema.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C96462005378CEE00499C82 /* Schema.cpp */; }; - 4CF64D26052A3278008ED0EA /* acl_any.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64CE0052A3278008ED0EA /* acl_any.cpp */; }; - 4CF64D28052A3278008ED0EA /* acl_codesigning.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64CE2052A3278008ED0EA /* acl_codesigning.cpp */; }; - 4CF64D2A052A3278008ED0EA /* acl_comment.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64CE4052A3278008ED0EA /* acl_comment.cpp */; }; - 4CF64D2C052A3278008ED0EA /* acl_password.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64CE6052A3278008ED0EA /* acl_password.cpp */; }; - 4CF64D2E052A3278008ED0EA /* acl_process.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64CE8052A3278008ED0EA /* acl_process.cpp */; }; - 4CF64D30052A3278008ED0EA /* acl_protectedpw.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64CEA052A3278008ED0EA /* acl_protectedpw.cpp */; }; - 4CF64D32052A3278008ED0EA /* acl_threshold.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64CEC052A3278008ED0EA /* acl_threshold.cpp */; }; - 4CF64D34052A3278008ED0EA /* callback.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64CEE052A3278008ED0EA /* callback.cpp */; }; - 4CF64D38052A3278008ED0EA /* constdata.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64CF2052A3278008ED0EA /* constdata.cpp */; }; - 4CF64D3A052A3278008ED0EA /* context.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64CF4052A3278008ED0EA /* context.cpp */; }; - 4CF64D3C052A3278008ED0EA /* cssmacl.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64CF6052A3278008ED0EA /* cssmacl.cpp */; }; - 4CF64D3E052A3278008ED0EA /* cssmaclpod.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64CF8052A3278008ED0EA /* cssmaclpod.cpp */; }; - 4CF64D40052A3278008ED0EA /* cssmalloc.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64CFA052A3278008ED0EA /* cssmalloc.cpp */; }; - 4CF64D42052A3278008ED0EA /* cssmcert.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64CFC052A3278008ED0EA /* cssmcert.cpp */; }; - 4CF64D44052A3278008ED0EA /* cssmcred.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64CFE052A3278008ED0EA /* cssmcred.cpp */; }; - 4CF64D46052A3278008ED0EA /* cssmdata.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64D00052A3278008ED0EA /* cssmdata.cpp */; }; - 4CF64D48052A3278008ED0EA /* cssmdates.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64D02052A3278008ED0EA /* cssmdates.cpp */; }; - 4CF64D4C052A3278008ED0EA /* cssmendian.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64D06052A3278008ED0EA /* cssmendian.cpp */; }; - 4CF64D50052A3278008ED0EA /* cssmlist.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64D0A052A3278008ED0EA /* cssmlist.cpp */; }; - 4CF64D52052A3278008ED0EA /* cssmtrust.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64D0C052A3278008ED0EA /* cssmtrust.cpp */; }; - 4CF64D56052A3278008ED0EA /* cssmwalkers.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64D10052A3278008ED0EA /* cssmwalkers.cpp */; }; - 4CF64D58052A3278008ED0EA /* db++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64D12052A3278008ED0EA /* db++.cpp */; }; - 4CF64D5B052A3278008ED0EA /* handleobject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64D15052A3278008ED0EA /* handleobject.cpp */; }; - 4CF64D68052A3278008ED0EA /* uniformrandom.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64D22052A3278008ED0EA /* uniformrandom.cpp */; }; - 4CF64D6A052A3278008ED0EA /* walkers.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CF64D24052A3278008ED0EA /* walkers.cpp */; }; - 4EE92EA30E2415C100F97B89 /* handletemplates.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4EE92EA20E2415C100F97B89 /* handletemplates.cpp */; }; - B61D0F910E0CF46700EC386B /* u32handleobject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = B61D0F8F0E0CF46700EC386B /* u32handleobject.cpp */; }; - C21A3EC40545BEFA00C40B2E /* cssmkey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C21A3EBF0545BEFA00C40B2E /* cssmkey.cpp */; }; - C21A3EC60545BEFA00C40B2E /* cssmpods.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C21A3EC10545BEFA00C40B2E /* cssmpods.cpp */; }; - C2371E4006DD3E5E00E15E6F /* acl_preauth.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2371E3E06DD3E5E00E15E6F /* acl_preauth.cpp */; }; - C2BFD03406E6CDFE0047EA99 /* aclsubject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2BFD03006E6CDFE0047EA99 /* aclsubject.cpp */; }; - C2BFD03506E6CDFE0047EA99 /* objectacl.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2BFD03206E6CDFE0047EA99 /* objectacl.cpp */; }; - C2BFD05C06E6D0560047EA99 /* acl_secret.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2BFD05A06E6D0560047EA99 /* acl_secret.cpp */; }; - C2BFD0E806E792410047EA99 /* acl_prompted.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2BFD0E606E792410047EA99 /* acl_prompted.cpp */; }; - C2C1DC550A2CD98A00D1B02B /* osxverifier.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2C1DC530A2CD98A00D1B02B /* osxverifier.cpp */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 182BB4ED146F2727000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 182BB4E8146F2727000BF1F3 /* libsecurity_utilities.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA2A53A0523D32800978A7B; - remoteInfo = libsecurity_utilities; - }; - 182BB4F0146F2734000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 182BB4E8146F2727000BF1F3 /* libsecurity_utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = C2C9C69D0CECBE8400B3FE07; - remoteInfo = libsecurity_utilitiesDTrace; - }; - 4C1E266E0540A5D5002A7E83 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA2A5330523D2CD00978A7B /* Project object */; - proxyType = 1; - remoteGlobalIDString = 4CF9C5B80535E557009B9B8D; - remoteInfo = Schemas; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXFileReference section */ - 182BB4E8146F2727000BF1F3 /* libsecurity_utilities.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_utilities.xcodeproj; path = ../libsecurity_utilities/libsecurity_utilities.xcodeproj; sourceTree = ""; }; - 1879B515146DD045007E536C /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 1879B516146DD045007E536C /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 1879B517146DD045007E536C /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 1879B518146DD045007E536C /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 4C088043053219880049BBEF /* cssmdb.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cssmdb.cpp; sourceTree = ""; }; - 4C088044053219880049BBEF /* cssmdb.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmdb.h; sourceTree = ""; }; - 4C38951C0534B198009CF879 /* KeySchema.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = KeySchema.h; sourceTree = ""; }; - 4C38951D0534B198009CF879 /* KeySchema.m4 */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = KeySchema.m4; sourceTree = ""; }; - 4C3895400534B31D009CF879 /* KeySchema.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = KeySchema.cpp; sourceTree = ""; }; - 4C66D5E805321B2700537B59 /* cssmdbname.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cssmdbname.cpp; sourceTree = ""; }; - 4C66D5E905321B2700537B59 /* cssmdbname.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmdbname.h; sourceTree = ""; }; - 4C838EA3058163A4006DA084 /* AuthorizationData.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = AuthorizationData.cpp; sourceTree = ""; }; - 4C838EA4058163A4006DA084 /* AuthorizationData.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = AuthorizationData.h; sourceTree = ""; }; - 4C838EA5058163A4006DA084 /* AuthorizationWalkers.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = AuthorizationWalkers.h; sourceTree = ""; }; - 4C96461A05378CCD00499C82 /* Schema.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = Schema.h; sourceTree = ""; }; - 4C96461B05378CCD00499C82 /* Schema.m4 */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = Schema.m4; sourceTree = ""; }; - 4C96462005378CEE00499C82 /* Schema.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = Schema.cpp; sourceTree = ""; }; - 4CA2A53A0523D32800978A7B /* libsecurity_cdsa_utilities.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_cdsa_utilities.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CF64CE0052A3278008ED0EA /* acl_any.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = acl_any.cpp; sourceTree = ""; }; - 4CF64CE1052A3278008ED0EA /* acl_any.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = acl_any.h; sourceTree = ""; }; - 4CF64CE2052A3278008ED0EA /* acl_codesigning.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = acl_codesigning.cpp; sourceTree = ""; }; - 4CF64CE3052A3278008ED0EA /* acl_codesigning.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = acl_codesigning.h; sourceTree = ""; }; - 4CF64CE4052A3278008ED0EA /* acl_comment.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = acl_comment.cpp; sourceTree = ""; }; - 4CF64CE5052A3278008ED0EA /* acl_comment.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = acl_comment.h; sourceTree = ""; }; - 4CF64CE6052A3278008ED0EA /* acl_password.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = acl_password.cpp; sourceTree = ""; }; - 4CF64CE7052A3278008ED0EA /* acl_password.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = acl_password.h; sourceTree = ""; }; - 4CF64CE8052A3278008ED0EA /* acl_process.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = acl_process.cpp; sourceTree = ""; }; - 4CF64CE9052A3278008ED0EA /* acl_process.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = acl_process.h; sourceTree = ""; }; - 4CF64CEA052A3278008ED0EA /* acl_protectedpw.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = acl_protectedpw.cpp; sourceTree = ""; }; - 4CF64CEB052A3278008ED0EA /* acl_protectedpw.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = acl_protectedpw.h; sourceTree = ""; }; - 4CF64CEC052A3278008ED0EA /* acl_threshold.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = acl_threshold.cpp; sourceTree = ""; }; - 4CF64CED052A3278008ED0EA /* acl_threshold.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = acl_threshold.h; sourceTree = ""; }; - 4CF64CEE052A3278008ED0EA /* callback.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = callback.cpp; sourceTree = ""; }; - 4CF64CEF052A3278008ED0EA /* callback.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = callback.h; sourceTree = ""; }; - 4CF64CF2052A3278008ED0EA /* constdata.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = constdata.cpp; sourceTree = ""; }; - 4CF64CF3052A3278008ED0EA /* constdata.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = constdata.h; sourceTree = ""; }; - 4CF64CF4052A3278008ED0EA /* context.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = context.cpp; sourceTree = ""; }; - 4CF64CF5052A3278008ED0EA /* context.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = context.h; sourceTree = ""; }; - 4CF64CF6052A3278008ED0EA /* cssmacl.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cssmacl.cpp; sourceTree = ""; }; - 4CF64CF7052A3278008ED0EA /* cssmacl.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmacl.h; sourceTree = ""; }; - 4CF64CF8052A3278008ED0EA /* cssmaclpod.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cssmaclpod.cpp; sourceTree = ""; }; - 4CF64CF9052A3278008ED0EA /* cssmaclpod.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmaclpod.h; sourceTree = ""; }; - 4CF64CFA052A3278008ED0EA /* cssmalloc.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cssmalloc.cpp; sourceTree = ""; }; - 4CF64CFB052A3278008ED0EA /* cssmalloc.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmalloc.h; sourceTree = ""; }; - 4CF64CFC052A3278008ED0EA /* cssmcert.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cssmcert.cpp; sourceTree = ""; }; - 4CF64CFD052A3278008ED0EA /* cssmcert.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmcert.h; sourceTree = ""; }; - 4CF64CFE052A3278008ED0EA /* cssmcred.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = cssmcred.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4CF64CFF052A3278008ED0EA /* cssmcred.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmcred.h; sourceTree = ""; }; - 4CF64D00052A3278008ED0EA /* cssmdata.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cssmdata.cpp; sourceTree = ""; }; - 4CF64D01052A3278008ED0EA /* cssmdata.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmdata.h; sourceTree = ""; }; - 4CF64D02052A3278008ED0EA /* cssmdates.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cssmdates.cpp; sourceTree = ""; }; - 4CF64D03052A3278008ED0EA /* cssmdates.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmdates.h; sourceTree = ""; }; - 4CF64D06052A3278008ED0EA /* cssmendian.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cssmendian.cpp; sourceTree = ""; }; - 4CF64D07052A3278008ED0EA /* cssmendian.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmendian.h; sourceTree = ""; }; - 4CF64D0A052A3278008ED0EA /* cssmlist.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cssmlist.cpp; sourceTree = ""; }; - 4CF64D0B052A3278008ED0EA /* cssmlist.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmlist.h; sourceTree = ""; }; - 4CF64D0C052A3278008ED0EA /* cssmtrust.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cssmtrust.cpp; sourceTree = ""; }; - 4CF64D0D052A3278008ED0EA /* cssmtrust.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmtrust.h; sourceTree = ""; }; - 4CF64D10052A3278008ED0EA /* cssmwalkers.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cssmwalkers.cpp; sourceTree = ""; }; - 4CF64D11052A3278008ED0EA /* cssmwalkers.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmwalkers.h; sourceTree = ""; }; - 4CF64D12052A3278008ED0EA /* db++.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = "db++.cpp"; sourceTree = ""; }; - 4CF64D13052A3278008ED0EA /* db++.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = "db++.h"; sourceTree = ""; }; - 4CF64D14052A3278008ED0EA /* digestobject.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = digestobject.h; sourceTree = ""; }; - 4CF64D15052A3278008ED0EA /* handleobject.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = handleobject.cpp; sourceTree = ""; }; - 4CF64D16052A3278008ED0EA /* handleobject.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = handleobject.h; sourceTree = ""; }; - 4CF64D22052A3278008ED0EA /* uniformrandom.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = uniformrandom.cpp; sourceTree = ""; }; - 4CF64D23052A3278008ED0EA /* uniformrandom.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = uniformrandom.h; sourceTree = ""; }; - 4CF64D24052A3278008ED0EA /* walkers.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = walkers.cpp; sourceTree = ""; }; - 4CF64D25052A3278008ED0EA /* walkers.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = walkers.h; sourceTree = ""; }; - 4CF9C5B90535E557009B9B8D /* Schemas */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; path = Schemas; sourceTree = BUILT_PRODUCTS_DIR; }; - 4E494DA80E0B084900026B9C /* handletemplates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = handletemplates.h; sourceTree = ""; }; - 4E494DA90E0B084900026B9C /* handletemplates_defs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = handletemplates_defs.h; sourceTree = ""; }; - 4EE92EA20E2415C100F97B89 /* handletemplates.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = handletemplates.cpp; sourceTree = ""; }; - B61D0F8F0E0CF46700EC386B /* u32handleobject.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = u32handleobject.cpp; sourceTree = ""; }; - B61D0F900E0CF46700EC386B /* u32handleobject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = u32handleobject.h; sourceTree = ""; }; - C21A3EBE0545BEFA00C40B2E /* cssmbridge.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmbridge.h; sourceTree = ""; }; - C21A3EBF0545BEFA00C40B2E /* cssmkey.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cssmkey.cpp; sourceTree = ""; }; - C21A3EC00545BEFA00C40B2E /* cssmkey.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmkey.h; sourceTree = ""; }; - C21A3EC10545BEFA00C40B2E /* cssmpods.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cssmpods.cpp; sourceTree = ""; }; - C21A3EC20545BEFA00C40B2E /* cssmpods.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmpods.h; sourceTree = ""; }; - C22EC429052B8E4900D55C69 /* cssmerrors.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cssmerrors.cpp; sourceTree = ""; }; - C22EC42A052B8E4900D55C69 /* cssmerrors.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmerrors.h; sourceTree = ""; }; - C2371E3E06DD3E5E00E15E6F /* acl_preauth.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = acl_preauth.cpp; sourceTree = ""; }; - C2371E3F06DD3E5E00E15E6F /* acl_preauth.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = acl_preauth.h; sourceTree = ""; }; - C2BFD03006E6CDFE0047EA99 /* aclsubject.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = aclsubject.cpp; sourceTree = ""; }; - C2BFD03106E6CDFE0047EA99 /* aclsubject.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = aclsubject.h; sourceTree = ""; }; - C2BFD03206E6CDFE0047EA99 /* objectacl.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = objectacl.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2BFD03306E6CDFE0047EA99 /* objectacl.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = objectacl.h; sourceTree = ""; }; - C2BFD05A06E6D0560047EA99 /* acl_secret.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = acl_secret.cpp; sourceTree = ""; }; - C2BFD05B06E6D0560047EA99 /* acl_secret.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = acl_secret.h; sourceTree = ""; }; - C2BFD0E606E792410047EA99 /* acl_prompted.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = acl_prompted.cpp; sourceTree = ""; }; - C2BFD0E706E792410047EA99 /* acl_prompted.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = acl_prompted.h; sourceTree = ""; }; - C2C1DC530A2CD98A00D1B02B /* osxverifier.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = osxverifier.cpp; sourceTree = ""; }; - C2C1DC540A2CD98A00D1B02B /* osxverifier.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = osxverifier.h; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 4CA2A5370523D32800978A7B /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 182BB4E9146F2727000BF1F3 /* Products */ = { - isa = PBXGroup; - children = ( - 182BB4EE146F2727000BF1F3 /* libsecurity_utilities.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B514146DD045007E536C /* config */ = { - isa = PBXGroup; - children = ( - 1879B515146DD045007E536C /* base.xcconfig */, - 1879B516146DD045007E536C /* debug.xcconfig */, - 1879B517146DD045007E536C /* lib.xcconfig */, - 1879B518146DD045007E536C /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 4C38953B0534B2FD009CF879 /* derived_src */ = { - isa = PBXGroup; - children = ( - 4C3895400534B31D009CF879 /* KeySchema.cpp */, - 4C96462005378CEE00499C82 /* Schema.cpp */, - ); - path = derived_src; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 4CA2A52F0523D2CD00978A7B = { - isa = PBXGroup; - children = ( - 182BB4E8146F2727000BF1F3 /* libsecurity_utilities.xcodeproj */, - 4CF64CDB052A3236008ED0EA /* lib */, - 1879B514146DD045007E536C /* config */, - 4C38953B0534B2FD009CF879 /* derived_src */, - 4CA2A53B0523D32800978A7B /* Products */, - ); - sourceTree = ""; - }; - 4CA2A53B0523D32800978A7B /* Products */ = { - isa = PBXGroup; - children = ( - 4CA2A53A0523D32800978A7B /* libsecurity_cdsa_utilities.a */, - 4CF9C5B90535E557009B9B8D /* Schemas */, - ); - name = Products; - sourceTree = ""; - }; - 4CF64CDB052A3236008ED0EA /* lib */ = { - isa = PBXGroup; - children = ( - C29CE2B906DD5BD60051AFA9 /* ACLs */, - 4C838EA3058163A4006DA084 /* AuthorizationData.cpp */, - 4C838EA4058163A4006DA084 /* AuthorizationData.h */, - 4C838EA5058163A4006DA084 /* AuthorizationWalkers.h */, - 4CF64CEE052A3278008ED0EA /* callback.cpp */, - 4CF64CEF052A3278008ED0EA /* callback.h */, - 4CF64CF2052A3278008ED0EA /* constdata.cpp */, - 4CF64CF3052A3278008ED0EA /* constdata.h */, - 4CF64CF4052A3278008ED0EA /* context.cpp */, - 4CF64CF5052A3278008ED0EA /* context.h */, - 4CF64CF8052A3278008ED0EA /* cssmaclpod.cpp */, - 4CF64CF9052A3278008ED0EA /* cssmaclpod.h */, - 4CF64CFA052A3278008ED0EA /* cssmalloc.cpp */, - 4CF64CFB052A3278008ED0EA /* cssmalloc.h */, - C21A3EBE0545BEFA00C40B2E /* cssmbridge.h */, - 4CF64CFC052A3278008ED0EA /* cssmcert.cpp */, - 4CF64CFD052A3278008ED0EA /* cssmcert.h */, - 4CF64CFE052A3278008ED0EA /* cssmcred.cpp */, - 4CF64CFF052A3278008ED0EA /* cssmcred.h */, - 4CF64D00052A3278008ED0EA /* cssmdata.cpp */, - 4CF64D01052A3278008ED0EA /* cssmdata.h */, - 4CF64D02052A3278008ED0EA /* cssmdates.cpp */, - 4CF64D03052A3278008ED0EA /* cssmdates.h */, - 4C088043053219880049BBEF /* cssmdb.cpp */, - 4C088044053219880049BBEF /* cssmdb.h */, - 4C66D5E805321B2700537B59 /* cssmdbname.cpp */, - 4C66D5E905321B2700537B59 /* cssmdbname.h */, - 4CF64D06052A3278008ED0EA /* cssmendian.cpp */, - 4CF64D07052A3278008ED0EA /* cssmendian.h */, - C22EC429052B8E4900D55C69 /* cssmerrors.cpp */, - C22EC42A052B8E4900D55C69 /* cssmerrors.h */, - C21A3EBF0545BEFA00C40B2E /* cssmkey.cpp */, - C21A3EC00545BEFA00C40B2E /* cssmkey.h */, - 4CF64D0A052A3278008ED0EA /* cssmlist.cpp */, - 4CF64D0B052A3278008ED0EA /* cssmlist.h */, - C21A3EC10545BEFA00C40B2E /* cssmpods.cpp */, - C21A3EC20545BEFA00C40B2E /* cssmpods.h */, - 4CF64D0C052A3278008ED0EA /* cssmtrust.cpp */, - 4CF64D0D052A3278008ED0EA /* cssmtrust.h */, - 4CF64D10052A3278008ED0EA /* cssmwalkers.cpp */, - 4CF64D11052A3278008ED0EA /* cssmwalkers.h */, - 4CF64D12052A3278008ED0EA /* db++.cpp */, - 4CF64D13052A3278008ED0EA /* db++.h */, - 4CF64D14052A3278008ED0EA /* digestobject.h */, - 4CF64D15052A3278008ED0EA /* handleobject.cpp */, - 4CF64D16052A3278008ED0EA /* handleobject.h */, - 4EE92EA20E2415C100F97B89 /* handletemplates.cpp */, - 4E494DA80E0B084900026B9C /* handletemplates.h */, - 4E494DA90E0B084900026B9C /* handletemplates_defs.h */, - 4C38951C0534B198009CF879 /* KeySchema.h */, - 4C38951D0534B198009CF879 /* KeySchema.m4 */, - 4C96461A05378CCD00499C82 /* Schema.h */, - 4C96461B05378CCD00499C82 /* Schema.m4 */, - C2C1DC530A2CD98A00D1B02B /* osxverifier.cpp */, - C2C1DC540A2CD98A00D1B02B /* osxverifier.h */, - B61D0F8F0E0CF46700EC386B /* u32handleobject.cpp */, - B61D0F900E0CF46700EC386B /* u32handleobject.h */, - 4CF64D22052A3278008ED0EA /* uniformrandom.cpp */, - 4CF64D23052A3278008ED0EA /* uniformrandom.h */, - 4CF64D24052A3278008ED0EA /* walkers.cpp */, - 4CF64D25052A3278008ED0EA /* walkers.h */, - ); - path = lib; - sourceTree = ""; - }; - C29CE2B906DD5BD60051AFA9 /* ACLs */ = { - isa = PBXGroup; - children = ( - C2BFD03306E6CDFE0047EA99 /* objectacl.h */, - C2BFD03206E6CDFE0047EA99 /* objectacl.cpp */, - C2BFD03106E6CDFE0047EA99 /* aclsubject.h */, - C2BFD03006E6CDFE0047EA99 /* aclsubject.cpp */, - 4CF64CF7052A3278008ED0EA /* cssmacl.h */, - 4CF64CF6052A3278008ED0EA /* cssmacl.cpp */, - C2BFD02B06E6CDE10047EA99 /* Subjects */, - ); - name = ACLs; - sourceTree = ""; - }; - C2BFD02B06E6CDE10047EA99 /* Subjects */ = { - isa = PBXGroup; - children = ( - 4CF64CE0052A3278008ED0EA /* acl_any.cpp */, - 4CF64CE1052A3278008ED0EA /* acl_any.h */, - 4CF64CE2052A3278008ED0EA /* acl_codesigning.cpp */, - 4CF64CE3052A3278008ED0EA /* acl_codesigning.h */, - 4CF64CE4052A3278008ED0EA /* acl_comment.cpp */, - 4CF64CE5052A3278008ED0EA /* acl_comment.h */, - 4CF64CE6052A3278008ED0EA /* acl_password.cpp */, - 4CF64CE7052A3278008ED0EA /* acl_password.h */, - C2371E3E06DD3E5E00E15E6F /* acl_preauth.cpp */, - C2371E3F06DD3E5E00E15E6F /* acl_preauth.h */, - 4CF64CE8052A3278008ED0EA /* acl_process.cpp */, - 4CF64CE9052A3278008ED0EA /* acl_process.h */, - C2BFD0E606E792410047EA99 /* acl_prompted.cpp */, - C2BFD0E706E792410047EA99 /* acl_prompted.h */, - 4CF64CEA052A3278008ED0EA /* acl_protectedpw.cpp */, - 4CF64CEB052A3278008ED0EA /* acl_protectedpw.h */, - C2BFD05A06E6D0560047EA99 /* acl_secret.cpp */, - C2BFD05B06E6D0560047EA99 /* acl_secret.h */, - 4CF64CEC052A3278008ED0EA /* acl_threshold.cpp */, - 4CF64CED052A3278008ED0EA /* acl_threshold.h */, - ); - name = Subjects; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 1865FBEF1472410900FD79DF /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 1865FBF01472415600FD79DF /* objectacl.h in Headers */, - 1865FBF11472415600FD79DF /* aclsubject.h in Headers */, - 1865FBF21472415600FD79DF /* cssmacl.h in Headers */, - 1865FBF31472415600FD79DF /* acl_any.h in Headers */, - 1865FBF41472415600FD79DF /* acl_codesigning.h in Headers */, - 1865FBF51472415600FD79DF /* acl_comment.h in Headers */, - 1865FBF61472415600FD79DF /* acl_password.h in Headers */, - 1865FBF71472415600FD79DF /* acl_preauth.h in Headers */, - 1865FBF81472415600FD79DF /* acl_process.h in Headers */, - 1865FBF91472415600FD79DF /* acl_prompted.h in Headers */, - 1865FBFA1472415600FD79DF /* acl_protectedpw.h in Headers */, - 1865FBFB1472415600FD79DF /* acl_secret.h in Headers */, - 1865FBFC1472415600FD79DF /* acl_threshold.h in Headers */, - 1865FBFD1472415600FD79DF /* AuthorizationData.h in Headers */, - 1865FBFE1472415600FD79DF /* AuthorizationWalkers.h in Headers */, - 1865FBFF1472415600FD79DF /* callback.h in Headers */, - 1865FC001472415600FD79DF /* constdata.h in Headers */, - 1865FC011472415600FD79DF /* context.h in Headers */, - 1865FC021472415600FD79DF /* cssmaclpod.h in Headers */, - 1865FC031472415600FD79DF /* cssmalloc.h in Headers */, - 1865FC041472415600FD79DF /* cssmbridge.h in Headers */, - 1865FC051472415600FD79DF /* cssmcert.h in Headers */, - 1865FC061472415600FD79DF /* cssmcred.h in Headers */, - 1865FC071472415600FD79DF /* cssmdata.h in Headers */, - 1865FC081472415600FD79DF /* cssmdates.h in Headers */, - 1865FC091472415600FD79DF /* cssmdb.h in Headers */, - 1865FC0A1472415600FD79DF /* cssmdbname.h in Headers */, - 1865FC0B1472415600FD79DF /* cssmendian.h in Headers */, - 1865FC0C1472415600FD79DF /* cssmerrors.h in Headers */, - 1865FC0D1472415600FD79DF /* cssmkey.h in Headers */, - 1865FC0E1472415600FD79DF /* cssmlist.h in Headers */, - 1865FC0F1472415600FD79DF /* cssmpods.h in Headers */, - 1865FC101472415600FD79DF /* cssmtrust.h in Headers */, - 1865FC111472415600FD79DF /* cssmwalkers.h in Headers */, - 1865FC121472415600FD79DF /* db++.h in Headers */, - 1865FC131472415600FD79DF /* digestobject.h in Headers */, - 1865FC141472415600FD79DF /* handleobject.h in Headers */, - 1865FC151472415600FD79DF /* handletemplates.h in Headers */, - 1865FC161472415600FD79DF /* handletemplates_defs.h in Headers */, - 1865FC171472415600FD79DF /* KeySchema.h in Headers */, - 1865FC181472415600FD79DF /* Schema.h in Headers */, - 1865FC191472415600FD79DF /* osxverifier.h in Headers */, - 1865FC1A1472415600FD79DF /* u32handleobject.h in Headers */, - 1865FC1B1472415700FD79DF /* uniformrandom.h in Headers */, - 1865FC1C1472415700FD79DF /* walkers.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 4CA2A5390523D32800978A7B /* libsecurity_cdsa_utilities */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD2F60987FCDD001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_cdsa_utilities" */; - buildPhases = ( - 1865FBEF1472410900FD79DF /* Headers */, - 4CA2A5360523D32800978A7B /* Sources */, - 4CA2A5370523D32800978A7B /* Frameworks */, - 18B96B0114743F65005A4D2E /* ShellScript */, - ); - buildRules = ( - ); - dependencies = ( - 4CFF43000535E5E900638F31 /* PBXTargetDependency */, - ); - name = libsecurity_cdsa_utilities; - productName = libsecurity_cdsa_utilities.a; - productReference = 4CA2A53A0523D32800978A7B /* libsecurity_cdsa_utilities.a */; - productType = "com.apple.product-type.library.static"; - }; - 4CF9C5B80535E557009B9B8D /* Schemas */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD2F20987FCDD001272E0 /* Build configuration list for PBXNativeTarget "Schemas" */; - buildPhases = ( - 4CFF42FC0535E5B100638F31 /* ShellScript */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = Schemas; - productInstallPath = /usr/local/bin; - productName = KeySchema; - productReference = 4CF9C5B90535E557009B9B8D /* Schemas */; - productType = "com.apple.product-type.tool"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA2A5330523D2CD00978A7B /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD2FA0987FCDD001272E0 /* Build configuration list for PBXProject "libsecurity_cdsa_utilities" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - English, - Japanese, - French, - German, - ); - mainGroup = 4CA2A52F0523D2CD00978A7B; - productRefGroup = 4CA2A53B0523D32800978A7B /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 182BB4E9146F2727000BF1F3 /* Products */; - ProjectRef = 182BB4E8146F2727000BF1F3 /* libsecurity_utilities.xcodeproj */; - }, - ); - projectRoot = ""; - targets = ( - 4CA2A5390523D32800978A7B /* libsecurity_cdsa_utilities */, - 4CF9C5B80535E557009B9B8D /* Schemas */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 182BB4EE146F2727000BF1F3 /* libsecurity_utilities.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_utilities.a; - remoteRef = 182BB4ED146F2727000BF1F3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; -/* End PBXReferenceProxy section */ - -/* Begin PBXShellScriptBuildPhase section */ - 18B96B0114743F65005A4D2E /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - "$(SRCROOT)/", - "$(SRCROOT)/lib/", - ); - outputPaths = ( - "${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}", - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "# with our source directories as input files, Xcode will only re-run this phase if there's been a source change\nnmedit -p \"${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}\"\nranlib \"${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}\""; - }; - 4CFF42FC0535E5B100638F31 /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - "$(SRCROOT)/lib/KeySchema.m4", - ); - outputPaths = ( - $BUILT_PRODUCTS_DIR/derived_src/KeySchema.cpp, - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "TARGET=$BUILT_PRODUCTS_DIR/derived_src/KeySchema.cpp\nmkdir -p $BUILT_PRODUCTS_DIR/derived_src\n/usr/bin/m4 lib/KeySchema.m4 > $TARGET.new\ncmp -s $TARGET.new $TARGET || mv $TARGET.new $TARGET\nTARGET=$BUILT_PRODUCTS_DIR/derived_src/Schema.cpp\n/usr/bin/m4 lib/Schema.m4 > $TARGET.new\ncmp -s $TARGET.new $TARGET || mv $TARGET.new $TARGET"; - }; -/* End PBXShellScriptBuildPhase section */ - -/* Begin PBXSourcesBuildPhase section */ - 4CA2A5360523D32800978A7B /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4CF64D26052A3278008ED0EA /* acl_any.cpp in Sources */, - 4CF64D28052A3278008ED0EA /* acl_codesigning.cpp in Sources */, - 4CF64D2A052A3278008ED0EA /* acl_comment.cpp in Sources */, - 4CF64D2C052A3278008ED0EA /* acl_password.cpp in Sources */, - 4CF64D2E052A3278008ED0EA /* acl_process.cpp in Sources */, - 4CF64D30052A3278008ED0EA /* acl_protectedpw.cpp in Sources */, - 4CF64D32052A3278008ED0EA /* acl_threshold.cpp in Sources */, - 4CF64D34052A3278008ED0EA /* callback.cpp in Sources */, - 4CF64D38052A3278008ED0EA /* constdata.cpp in Sources */, - 4CF64D3A052A3278008ED0EA /* context.cpp in Sources */, - 4CF64D3C052A3278008ED0EA /* cssmacl.cpp in Sources */, - 4CF64D3E052A3278008ED0EA /* cssmaclpod.cpp in Sources */, - 4CF64D40052A3278008ED0EA /* cssmalloc.cpp in Sources */, - 4CF64D42052A3278008ED0EA /* cssmcert.cpp in Sources */, - 4CF64D44052A3278008ED0EA /* cssmcred.cpp in Sources */, - 4CF64D46052A3278008ED0EA /* cssmdata.cpp in Sources */, - 4CF64D48052A3278008ED0EA /* cssmdates.cpp in Sources */, - 4C088047053219880049BBEF /* cssmdb.cpp in Sources */, - 4C66D5EA05321B2700537B59 /* cssmdbname.cpp in Sources */, - 4CF64D4C052A3278008ED0EA /* cssmendian.cpp in Sources */, - 4C92661705349551004B0E72 /* cssmerrors.cpp in Sources */, - 4CF64D50052A3278008ED0EA /* cssmlist.cpp in Sources */, - 4CF64D52052A3278008ED0EA /* cssmtrust.cpp in Sources */, - 4CF64D56052A3278008ED0EA /* cssmwalkers.cpp in Sources */, - 4CF64D58052A3278008ED0EA /* db++.cpp in Sources */, - 4CF64D5B052A3278008ED0EA /* handleobject.cpp in Sources */, - 4EE92EA30E2415C100F97B89 /* handletemplates.cpp in Sources */, - 4C3895410534B31D009CF879 /* KeySchema.cpp in Sources */, - 4C96462105378CEE00499C82 /* Schema.cpp in Sources */, - 4CF64D68052A3278008ED0EA /* uniformrandom.cpp in Sources */, - 4CF64D6A052A3278008ED0EA /* walkers.cpp in Sources */, - C21A3EC40545BEFA00C40B2E /* cssmkey.cpp in Sources */, - C21A3EC60545BEFA00C40B2E /* cssmpods.cpp in Sources */, - 4C838EA6058163A4006DA084 /* AuthorizationData.cpp in Sources */, - C2371E4006DD3E5E00E15E6F /* acl_preauth.cpp in Sources */, - C2BFD03406E6CDFE0047EA99 /* aclsubject.cpp in Sources */, - C2BFD03506E6CDFE0047EA99 /* objectacl.cpp in Sources */, - C2BFD05C06E6D0560047EA99 /* acl_secret.cpp in Sources */, - C2BFD0E806E792410047EA99 /* acl_prompted.cpp in Sources */, - C2C1DC550A2CD98A00D1B02B /* osxverifier.cpp in Sources */, - B61D0F910E0CF46700EC386B /* u32handleobject.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - 182BB4F1146F2734000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_utilitiesDTrace; - targetProxy = 182BB4F0146F2734000BF1F3 /* PBXContainerItemProxy */; - }; - 4CFF43000535E5E900638F31 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4CF9C5B80535E557009B9B8D /* Schemas */; - targetProxy = 4C1E266E0540A5D5002A7E83 /* PBXContainerItemProxy */; - }; -/* End PBXTargetDependency section */ - -/* Begin XCBuildConfiguration section */ - C27AD2F30987FCDD001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1879B517146DD045007E536C /* lib.xcconfig */; - buildSettings = { - }; - name = Debug; - }; - C27AD2F50987FCDD001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1879B517146DD045007E536C /* lib.xcconfig */; - buildSettings = { - }; - name = Release; - }; - C27AD2F70987FCDD001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1879B517146DD045007E536C /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_cdsa_utilities; - SKIP_INSTALL = NO; - }; - name = Debug; - }; - C27AD2F90987FCDD001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1879B517146DD045007E536C /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_cdsa_utilities; - SKIP_INSTALL = NO; - }; - name = Release; - }; - C27AD2FB0987FCDD001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1879B516146DD045007E536C /* debug.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_TESTABILITY = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD2FD0987FCDD001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1879B518146DD045007E536C /* release.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C27AD2F20987FCDD001272E0 /* Build configuration list for PBXNativeTarget "Schemas" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD2F30987FCDD001272E0 /* Debug */, - C27AD2F50987FCDD001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD2F60987FCDD001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_cdsa_utilities" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD2F70987FCDD001272E0 /* Debug */, - C27AD2F90987FCDD001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD2FA0987FCDD001272E0 /* Build configuration list for PBXProject "libsecurity_cdsa_utilities" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD2FB0987FCDD001272E0 /* Debug */, - C27AD2FD0987FCDD001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA2A5330523D2CD00978A7B /* Project object */; -} diff --git a/OSX/libsecurity_cdsa_utils/lib/cuOidParser.cpp b/OSX/libsecurity_cdsa_utils/lib/cuOidParser.cpp index d52276b6..e9bc4e3b 100644 --- a/OSX/libsecurity_cdsa_utils/lib/cuOidParser.cpp +++ b/OSX/libsecurity_cdsa_utils/lib/cuOidParser.cpp @@ -37,7 +37,7 @@ /* get config file from .. or from . */ #define CONFIG_FILE_NAME "dumpasn1.cfg" -static const char *CONFIG_FILE1 = "../"CONFIG_FILE_NAME; +static const char *CONFIG_FILE1 = "../" CONFIG_FILE_NAME; static const char *CONFIG_FILE2 = CONFIG_FILE_NAME; /* or from here via getenv */ #define CONFIG_FILE_ENV "LOCAL_BUILD_DIR" @@ -56,7 +56,7 @@ int readFileExtra( { int rtn; int fd; - unsigned char *buf; + unsigned char *buf = NULL; struct stat sb; size_t size; @@ -92,7 +92,10 @@ int readFileExtra( *bytes = buf; *numBytes = size; } + goto finish; errOut: + if(buf) { free(buf); buf = NULL; } +finish: close(fd); return rtn; } diff --git a/OSX/libsecurity_cdsa_utils/libsecurity_cdsa_utils.xcodeproj/project.pbxproj b/OSX/libsecurity_cdsa_utils/libsecurity_cdsa_utils.xcodeproj/project.pbxproj deleted file mode 100644 index 8bda508b..00000000 --- a/OSX/libsecurity_cdsa_utils/libsecurity_cdsa_utils.xcodeproj/project.pbxproj +++ /dev/null @@ -1,303 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 1865FBCF14723BB300FD79DF /* cuCdsaUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C7502EE0540CC4200056564 /* cuCdsaUtils.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBD014723BB300FD79DF /* cuDbUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C7502F00540CC4200056564 /* cuDbUtils.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBD114723BB300FD79DF /* cuEnc64.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C7502F20540CC4200056564 /* cuEnc64.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBD214723BB300FD79DF /* cuFileIo.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C7502F40540CC4200056564 /* cuFileIo.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBD314723BB300FD79DF /* cuOidParser.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C7502F60540CC4200056564 /* cuOidParser.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBD414723BB300FD79DF /* cuPem.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C7502F80540CC4200056564 /* cuPem.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBD514723BB300FD79DF /* cuPrintCert.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C7502FA0540CC4200056564 /* cuPrintCert.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FBD614723BB300FD79DF /* cuTimeStr.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C7502FC0540CC4200056564 /* cuTimeStr.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 4C7502FD0540CC4200056564 /* cuCdsaUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C7502ED0540CC4200056564 /* cuCdsaUtils.cpp */; settings = {COMPILER_FLAGS = "-fno-rtti -fno-exceptions"; }; }; - 4C7502FF0540CC4200056564 /* cuDbUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C7502EF0540CC4200056564 /* cuDbUtils.cpp */; settings = {COMPILER_FLAGS = "-fno-rtti -fno-exceptions"; }; }; - 4C7503010540CC4200056564 /* cuEnc64.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C7502F10540CC4200056564 /* cuEnc64.c */; }; - 4C7503030540CC4200056564 /* cuFileIo.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C7502F30540CC4200056564 /* cuFileIo.c */; }; - 4C7503050540CC4200056564 /* cuOidParser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C7502F50540CC4200056564 /* cuOidParser.cpp */; settings = {COMPILER_FLAGS = "-fno-rtti -fno-exceptions"; }; }; - 4C7503070540CC4200056564 /* cuPem.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C7502F70540CC4200056564 /* cuPem.cpp */; settings = {COMPILER_FLAGS = "-fno-rtti -fno-exceptions"; }; }; - 4C7503090540CC4200056564 /* cuPrintCert.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C7502F90540CC4200056564 /* cuPrintCert.cpp */; settings = {COMPILER_FLAGS = "-fno-rtti -fno-exceptions"; }; }; - 4C75030B0540CC4200056564 /* cuTimeStr.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C7502FB0540CC4200056564 /* cuTimeStr.cpp */; settings = {COMPILER_FLAGS = "-fno-rtti -fno-exceptions"; }; }; -/* End PBXBuildFile section */ - -/* Begin PBXFileReference section */ - 1879B51B146DD04F007E536C /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 1879B51C146DD04F007E536C /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 1879B51D146DD04F007E536C /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 1879B51E146DD04F007E536C /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 4C7502ED0540CC4200056564 /* cuCdsaUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cuCdsaUtils.cpp; sourceTree = ""; }; - 4C7502EE0540CC4200056564 /* cuCdsaUtils.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cuCdsaUtils.h; sourceTree = ""; }; - 4C7502EF0540CC4200056564 /* cuDbUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cuDbUtils.cpp; sourceTree = ""; }; - 4C7502F00540CC4200056564 /* cuDbUtils.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cuDbUtils.h; sourceTree = ""; }; - 4C7502F10540CC4200056564 /* cuEnc64.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = cuEnc64.c; sourceTree = ""; }; - 4C7502F20540CC4200056564 /* cuEnc64.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cuEnc64.h; sourceTree = ""; }; - 4C7502F30540CC4200056564 /* cuFileIo.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = cuFileIo.c; sourceTree = ""; }; - 4C7502F40540CC4200056564 /* cuFileIo.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cuFileIo.h; sourceTree = ""; }; - 4C7502F50540CC4200056564 /* cuOidParser.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cuOidParser.cpp; sourceTree = ""; }; - 4C7502F60540CC4200056564 /* cuOidParser.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cuOidParser.h; sourceTree = ""; }; - 4C7502F70540CC4200056564 /* cuPem.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cuPem.cpp; sourceTree = ""; }; - 4C7502F80540CC4200056564 /* cuPem.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cuPem.h; sourceTree = ""; }; - 4C7502F90540CC4200056564 /* cuPrintCert.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cuPrintCert.cpp; sourceTree = ""; }; - 4C7502FA0540CC4200056564 /* cuPrintCert.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cuPrintCert.h; sourceTree = ""; }; - 4C7502FB0540CC4200056564 /* cuTimeStr.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cuTimeStr.cpp; sourceTree = ""; }; - 4C7502FC0540CC4200056564 /* cuTimeStr.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cuTimeStr.h; sourceTree = ""; }; - 4CA1FEBE052A3C8100F22E42 /* libsecurity_cdsa_utils.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_cdsa_utils.a; sourceTree = BUILT_PRODUCTS_DIR; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 1879B51A146DD04F007E536C /* config */ = { - isa = PBXGroup; - children = ( - 1879B51B146DD04F007E536C /* base.xcconfig */, - 1879B51C146DD04F007E536C /* debug.xcconfig */, - 1879B51D146DD04F007E536C /* lib.xcconfig */, - 1879B51E146DD04F007E536C /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 4C7502EC0540CC4200056564 /* lib */ = { - isa = PBXGroup; - children = ( - 4C7502ED0540CC4200056564 /* cuCdsaUtils.cpp */, - 4C7502EE0540CC4200056564 /* cuCdsaUtils.h */, - 4C7502EF0540CC4200056564 /* cuDbUtils.cpp */, - 4C7502F00540CC4200056564 /* cuDbUtils.h */, - 4C7502F10540CC4200056564 /* cuEnc64.c */, - 4C7502F20540CC4200056564 /* cuEnc64.h */, - 4C7502F30540CC4200056564 /* cuFileIo.c */, - 4C7502F40540CC4200056564 /* cuFileIo.h */, - 4C7502F50540CC4200056564 /* cuOidParser.cpp */, - 4C7502F60540CC4200056564 /* cuOidParser.h */, - 4C7502F70540CC4200056564 /* cuPem.cpp */, - 4C7502F80540CC4200056564 /* cuPem.h */, - 4C7502F90540CC4200056564 /* cuPrintCert.cpp */, - 4C7502FA0540CC4200056564 /* cuPrintCert.h */, - 4C7502FB0540CC4200056564 /* cuTimeStr.cpp */, - 4C7502FC0540CC4200056564 /* cuTimeStr.h */, - ); - path = lib; - sourceTree = ""; - }; - 4CA1FEA7052A3C3800F22E42 = { - isa = PBXGroup; - children = ( - 4C7502EC0540CC4200056564 /* lib */, - 1879B51A146DD04F007E536C /* config */, - 4CA1FEBF052A3C8100F22E42 /* Products */, - ); - sourceTree = ""; - }; - 4CA1FEBF052A3C8100F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - 4CA1FEBE052A3C8100F22E42 /* libsecurity_cdsa_utils.a */, - ); - name = Products; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 4CA1FEB9052A3C8100F22E42 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 1865FBCF14723BB300FD79DF /* cuCdsaUtils.h in Headers */, - 1865FBD014723BB300FD79DF /* cuDbUtils.h in Headers */, - 1865FBD114723BB300FD79DF /* cuEnc64.h in Headers */, - 1865FBD214723BB300FD79DF /* cuFileIo.h in Headers */, - 1865FBD314723BB300FD79DF /* cuOidParser.h in Headers */, - 1865FBD414723BB300FD79DF /* cuPem.h in Headers */, - 1865FBD514723BB300FD79DF /* cuPrintCert.h in Headers */, - 1865FBD614723BB300FD79DF /* cuTimeStr.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 4CA1FEBD052A3C8100F22E42 /* libsecurity_cdsa_utils */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD3040987FCDE001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_cdsa_utils" */; - buildPhases = ( - 4CA1FEB9052A3C8100F22E42 /* Headers */, - 4CA1FEBA052A3C8100F22E42 /* Sources */, - 4CA1FEBB052A3C8100F22E42 /* Frameworks */, - 18B96B0414743F83005A4D2E /* ShellScript */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_cdsa_utils; - productName = libsecurity_cdsa_utils; - productReference = 4CA1FEBE052A3C8100F22E42 /* libsecurity_cdsa_utils.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEAB052A3C3800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD3080987FCDE001272E0 /* Build configuration list for PBXProject "libsecurity_cdsa_utils" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - en, - ); - mainGroup = 4CA1FEA7052A3C3800F22E42; - productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; - projectDirPath = ""; - projectRoot = ""; - targets = ( - 4CA1FEBD052A3C8100F22E42 /* libsecurity_cdsa_utils */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXShellScriptBuildPhase section */ - 18B96B0414743F83005A4D2E /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - "$(SRCROOT)/", - "$(SRCROOT)/lib/", - ); - outputPaths = ( - "${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}", - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "# with our source directories as input files, Xcode will only re-run this phase if there's been a source change\nnmedit -p \"${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}\"\nranlib \"${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}\""; - }; -/* End PBXShellScriptBuildPhase section */ - -/* Begin PBXSourcesBuildPhase section */ - 4CA1FEBA052A3C8100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4C7502FD0540CC4200056564 /* cuCdsaUtils.cpp in Sources */, - 4C7502FF0540CC4200056564 /* cuDbUtils.cpp in Sources */, - 4C7503010540CC4200056564 /* cuEnc64.c in Sources */, - 4C7503030540CC4200056564 /* cuFileIo.c in Sources */, - 4C7503050540CC4200056564 /* cuOidParser.cpp in Sources */, - 4C7503070540CC4200056564 /* cuPem.cpp in Sources */, - 4C7503090540CC4200056564 /* cuPrintCert.cpp in Sources */, - 4C75030B0540CC4200056564 /* cuTimeStr.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin XCBuildConfiguration section */ - C27AD3050987FCDE001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1879B51C146DD04F007E536C /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_cdsa_utils; - SKIP_INSTALL = NO; - }; - name = Debug; - }; - C27AD3070987FCDE001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1879B51E146DD04F007E536C /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_cdsa_utils; - SKIP_INSTALL = NO; - }; - name = Release; - }; - C27AD3090987FCDE001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1879B51D146DD04F007E536C /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD30B0987FCDE001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1879B51D146DD04F007E536C /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C27AD3040987FCDE001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_cdsa_utils" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3050987FCDE001272E0 /* Debug */, - C27AD3070987FCDE001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD3080987FCDE001272E0 /* Build configuration list for PBXProject "libsecurity_cdsa_utils" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3090987FCDE001272E0 /* Debug */, - C27AD30B0987FCDE001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; -} diff --git a/OSX/libsecurity_checkpw/lib/checkpw.h b/OSX/libsecurity_checkpw/lib/checkpw.h index 3adaad65..1be93858 100644 --- a/OSX/libsecurity_checkpw/lib/checkpw.h +++ b/OSX/libsecurity_checkpw/lib/checkpw.h @@ -38,7 +38,7 @@ enum { checks a username/password combination. - @param username (input) username as a UTF8 string + @param userName (input) username as a UTF8 string @param password (input) password as a UTF8 string @result CHECKPW_SUCCESS username/password correct diff --git a/OSX/libsecurity_checkpw/lib/security_checkpw.exp b/OSX/libsecurity_checkpw/lib/security_checkpw.exp deleted file mode 100644 index bf209d81..00000000 --- a/OSX/libsecurity_checkpw/lib/security_checkpw.exp +++ /dev/null @@ -1,2 +0,0 @@ -_checkpw -_checkpw_internal diff --git a/OSX/libsecurity_checkpw/libsecurity_checkpw.xcodeproj/project.pbxproj b/OSX/libsecurity_checkpw/libsecurity_checkpw.xcodeproj/project.pbxproj deleted file mode 100644 index 7bc90be2..00000000 --- a/OSX/libsecurity_checkpw/libsecurity_checkpw.xcodeproj/project.pbxproj +++ /dev/null @@ -1,413 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 1C6C40271121FC0C00031CDE /* test-checkpw.c in Sources */ = {isa = PBXBuildFile; fileRef = 1CD90B631101115E008DD07F /* test-checkpw.c */; }; - 1C6C40291121FC0C00031CDE /* libpam.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 1CD90B8F110112DD008DD07F /* libpam.dylib */; }; - 1C6C402A1121FC0C00031CDE /* libsecurity_checkpw.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CA1FEBE052A3C8100F22E42 /* libsecurity_checkpw.a */; }; - 1CB7B4C411065DDB003458C5 /* libsecurity_checkpw.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CA1FEBE052A3C8100F22E42 /* libsecurity_checkpw.a */; }; - 1CD90B71110111A4008DD07F /* test-checkpw.c in Sources */ = {isa = PBXBuildFile; fileRef = 1CD90B631101115E008DD07F /* test-checkpw.c */; }; - 1CD90BA2110113AE008DD07F /* libpam.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 1CD90B8F110112DD008DD07F /* libpam.dylib */; }; - 4CCF8664052A491D00F2E8D8 /* checkpw.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CCF8662052A491D00F2E8D8 /* checkpw.c */; }; - 4CF36F400581369C00834D11 /* checkpw.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCF8663052A491D00F2E8D8 /* checkpw.h */; settings = {ATTRIBUTES = (); }; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 1C6C40251121FC0C00031CDE /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_checkpw; - }; - 1CD90B6E11011196008DD07F /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_checkpw; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXFileReference section */ - 1844616B146E966100B12992 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 1844616C146E966100B12992 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 1844616D146E966100B12992 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 1844616E146E966100B12992 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 1C6C402F1121FC0C00031CDE /* perf-checkpw */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = "perf-checkpw"; sourceTree = BUILT_PRODUCTS_DIR; }; - 1CB7B49511065A36003458C5 /* checkpw.pam */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = checkpw.pam; sourceTree = ""; }; - 1CD90B631101115E008DD07F /* test-checkpw.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "test-checkpw.c"; path = "test/test-checkpw.c"; sourceTree = ""; }; - 1CD90B6711011176008DD07F /* test-checkpw */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = "test-checkpw"; sourceTree = BUILT_PRODUCTS_DIR; }; - 1CD90B8F110112DD008DD07F /* libpam.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libpam.dylib; path = /usr/lib/libpam.dylib; sourceTree = ""; }; - 4CA1FEBE052A3C8100F22E42 /* libsecurity_checkpw.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_checkpw.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CCBFF50057FFCA600981D43 /* security_checkpw.exp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.exports; path = security_checkpw.exp; sourceTree = ""; }; - 4CCF8662052A491D00F2E8D8 /* checkpw.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = checkpw.c; sourceTree = ""; }; - 4CCF8663052A491D00F2E8D8 /* checkpw.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = checkpw.h; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 1C6C40281121FC0C00031CDE /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 1C6C40291121FC0C00031CDE /* libpam.dylib in Frameworks */, - 1C6C402A1121FC0C00031CDE /* libsecurity_checkpw.a in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 1CD90B6511011176008DD07F /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 1CD90BA2110113AE008DD07F /* libpam.dylib in Frameworks */, - 1CB7B4C411065DDB003458C5 /* libsecurity_checkpw.a in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 1844616A146E966100B12992 /* config */ = { - isa = PBXGroup; - children = ( - 1844616B146E966100B12992 /* base.xcconfig */, - 1844616C146E966100B12992 /* debug.xcconfig */, - 1844616D146E966100B12992 /* lib.xcconfig */, - 1844616E146E966100B12992 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 1CD90B6011011149008DD07F /* test */ = { - isa = PBXGroup; - children = ( - 1CD90B631101115E008DD07F /* test-checkpw.c */, - ); - name = test; - sourceTree = ""; - }; - 4CA1FEA7052A3C3800F22E42 = { - isa = PBXGroup; - children = ( - 1CB7B49511065A36003458C5 /* checkpw.pam */, - 4CCF8661052A491D00F2E8D8 /* lib */, - 1844616A146E966100B12992 /* config */, - 1CD90B6011011149008DD07F /* test */, - 4CA1FEBF052A3C8100F22E42 /* Products */, - 1CD90B8F110112DD008DD07F /* libpam.dylib */, - ); - sourceTree = ""; - }; - 4CA1FEBF052A3C8100F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - 4CA1FEBE052A3C8100F22E42 /* libsecurity_checkpw.a */, - 1CD90B6711011176008DD07F /* test-checkpw */, - 1C6C402F1121FC0C00031CDE /* perf-checkpw */, - ); - name = Products; - sourceTree = ""; - }; - 4CCF8661052A491D00F2E8D8 /* lib */ = { - isa = PBXGroup; - children = ( - 4CCF8662052A491D00F2E8D8 /* checkpw.c */, - 4CCF8663052A491D00F2E8D8 /* checkpw.h */, - 4CCBFF50057FFCA600981D43 /* security_checkpw.exp */, - ); - path = lib; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 4CA1FEB9052A3C8100F22E42 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 4CF36F400581369C00834D11 /* checkpw.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 1C6C40211121FC0C00031CDE /* perf-checkpw */ = { - isa = PBXNativeTarget; - buildConfigurationList = 1C6C402B1121FC0C00031CDE /* Build configuration list for PBXNativeTarget "perf-checkpw" */; - buildPhases = ( - 1C6C40261121FC0C00031CDE /* Sources */, - 1C6C40281121FC0C00031CDE /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - 1C6C40241121FC0C00031CDE /* PBXTargetDependency */, - ); - name = "perf-checkpw"; - productName = "test-checkpw"; - productReference = 1C6C402F1121FC0C00031CDE /* perf-checkpw */; - productType = "com.apple.product-type.tool"; - }; - 1CD90B6611011176008DD07F /* test-checkpw */ = { - isa = PBXNativeTarget; - buildConfigurationList = 1CD90B77110111C3008DD07F /* Build configuration list for PBXNativeTarget "test-checkpw" */; - buildPhases = ( - 1CD90B6411011176008DD07F /* Sources */, - 1CD90B6511011176008DD07F /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - 1CD90B6F11011196008DD07F /* PBXTargetDependency */, - ); - name = "test-checkpw"; - productName = "test-checkpw"; - productReference = 1CD90B6711011176008DD07F /* test-checkpw */; - productType = "com.apple.product-type.tool"; - }; - 4CA1FEBD052A3C8100F22E42 /* libsecurity_checkpw */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD3120987FCDE001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_checkpw" */; - buildPhases = ( - 4CA1FEB9052A3C8100F22E42 /* Headers */, - 4CA1FEBA052A3C8100F22E42 /* Sources */, - 4CA1FEBB052A3C8100F22E42 /* Frameworks */, - 1CE6F80B11066C3000300DAA /* Install PAM config */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_checkpw; - productName = libsecurity_checkpw; - productReference = 4CA1FEBE052A3C8100F22E42 /* libsecurity_checkpw.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEAB052A3C3800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD3160987FCDE001272E0 /* Build configuration list for PBXProject "libsecurity_checkpw" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - en, - ); - mainGroup = 4CA1FEA7052A3C3800F22E42; - productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; - projectDirPath = ""; - projectRoot = ""; - targets = ( - 4CA1FEBD052A3C8100F22E42 /* libsecurity_checkpw */, - 1CD90B6611011176008DD07F /* test-checkpw */, - 1C6C40211121FC0C00031CDE /* perf-checkpw */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXShellScriptBuildPhase section */ - 1CE6F80B11066C3000300DAA /* Install PAM config */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 8; - files = ( - ); - inputPaths = ( - ); - name = "Install PAM config"; - outputPaths = ( - ); - runOnlyForDeploymentPostprocessing = 1; - shellPath = /bin/sh; - shellScript = "name=checkpw\n\nmkdir -p \"${DSTROOT}/private/etc/pam.d/\"\ncp \"${PROJECT_DIR}/${name}.pam\" \"${DSTROOT}/private/etc/pam.d/${name}\""; - }; -/* End PBXShellScriptBuildPhase section */ - -/* Begin PBXSourcesBuildPhase section */ - 1C6C40261121FC0C00031CDE /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 1C6C40271121FC0C00031CDE /* test-checkpw.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 1CD90B6411011176008DD07F /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 1CD90B71110111A4008DD07F /* test-checkpw.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CA1FEBA052A3C8100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4CCF8664052A491D00F2E8D8 /* checkpw.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - 1C6C40241121FC0C00031CDE /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4CA1FEBD052A3C8100F22E42 /* libsecurity_checkpw */; - targetProxy = 1C6C40251121FC0C00031CDE /* PBXContainerItemProxy */; - }; - 1CD90B6F11011196008DD07F /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4CA1FEBD052A3C8100F22E42 /* libsecurity_checkpw */; - targetProxy = 1CD90B6E11011196008DD07F /* PBXContainerItemProxy */; - }; -/* End PBXTargetDependency section */ - -/* Begin XCBuildConfiguration section */ - 1C6C402C1121FC0C00031CDE /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "perf-checkpw"; - }; - name = Debug; - }; - 1C6C402E1121FC0C00031CDE /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "perf-checkpw"; - }; - name = Release; - }; - 1CD90B6911011179008DD07F /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "test-checkpw"; - }; - name = Debug; - }; - 1CD90B6B11011179008DD07F /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "test-checkpw"; - }; - name = Release; - }; - C27AD3130987FCDE001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1844616C146E966100B12992 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Debug; - }; - C27AD3150987FCDE001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1844616E146E966100B12992 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Release; - }; - C27AD3170987FCDE001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1844616D146E966100B12992 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD3190987FCDE001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1844616D146E966100B12992 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - 1C6C402B1121FC0C00031CDE /* Build configuration list for PBXNativeTarget "perf-checkpw" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 1C6C402C1121FC0C00031CDE /* Debug */, - 1C6C402E1121FC0C00031CDE /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 1CD90B77110111C3008DD07F /* Build configuration list for PBXNativeTarget "test-checkpw" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 1CD90B6911011179008DD07F /* Debug */, - 1CD90B6B11011179008DD07F /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD3120987FCDE001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_checkpw" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3130987FCDE001272E0 /* Debug */, - C27AD3150987FCDE001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD3160987FCDE001272E0 /* Build configuration list for PBXProject "libsecurity_checkpw" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3170987FCDE001272E0 /* Debug */, - C27AD3190987FCDE001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; -} diff --git a/OSX/libsecurity_cms/lib/CMSDecoder.cpp b/OSX/libsecurity_cms/lib/CMSDecoder.cpp index a8d81d09..dcb79035 100644 --- a/OSX/libsecurity_cms/lib/CMSDecoder.cpp +++ b/OSX/libsecurity_cms/lib/CMSDecoder.cpp @@ -127,19 +127,20 @@ static void cmsDecoderFinalize( if(cmsDecoder->decoder != NULL) { /* * Normally this gets freed in SecCmsDecoderFinish - this is - * an error case. - * FIXME: SecCmsDecoderDestroy() appears to destroy the - * cmsMsg too! Plus there's a comment there re: a leak... + * an error case. Unlike Finish, this calls SecCmsMessageDestroy. */ SecCmsDecoderDestroy(cmsDecoder->decoder); + cmsDecoder->cmsMsg = NULL; } CFRELEASE(cmsDecoder->detachedContent); CFRELEASE(cmsDecoder->keychainOrArray); if(cmsDecoder->cmsMsg != NULL) { SecCmsMessageDestroy(cmsDecoder->cmsMsg); + cmsDecoder->cmsMsg = NULL; } if(cmsDecoder->arena != NULL) { SecArenaPoolFree(cmsDecoder->arena, false); + cmsDecoder->arena = NULL; } } diff --git a/OSX/libsecurity_cms/lib/CMSEncoder.cpp b/OSX/libsecurity_cms/lib/CMSEncoder.cpp index fd320aca..1d49a5d1 100644 --- a/OSX/libsecurity_cms/lib/CMSEncoder.cpp +++ b/OSX/libsecurity_cms/lib/CMSEncoder.cpp @@ -336,6 +336,7 @@ static void cmsEncoderFinalize( CFRELEASE(cmsEncoder->otherCerts); if(cmsEncoder->cmsMsg != NULL) { SecCmsMessageDestroy(cmsEncoder->cmsMsg); + cmsEncoder->cmsMsg = NULL; } if(cmsEncoder->arena != NULL) { SecArenaPoolFree(cmsEncoder->arena, false); diff --git a/OSX/libsecurity_cms/lib/CMSEncoder.h b/OSX/libsecurity_cms/lib/CMSEncoder.h index f24227b2..7bb5596c 100644 --- a/OSX/libsecurity_cms/lib/CMSEncoder.h +++ b/OSX/libsecurity_cms/lib/CMSEncoder.h @@ -243,7 +243,7 @@ OSStatus CMSEncoderCopySupportingCerts( * Standard signed attributes, optionally specified in * CMSEncoderAddSignedAttributes(). */ -typedef CF_ENUM(uint32_t, CMSSignedAttributes) { +typedef CF_OPTIONS(uint32_t, CMSSignedAttributes) { kCMSAttrNone = 0x0000, /* * S/MIME Capabilities - identifies supported signature, encryption, and diff --git a/OSX/libsecurity_cms/lib/security_cms.exp b/OSX/libsecurity_cms/lib/security_cms.exp deleted file mode 100644 index 81256d88..00000000 --- a/OSX/libsecurity_cms/lib/security_cms.exp +++ /dev/null @@ -1,52 +0,0 @@ -_CMSEncode -_CMSEncodeContent -_CMSEncoderAddSupportingCerts -_CMSEncoderAddRecipients -_CMSEncoderAddSigners -_CMSEncoderCopySupportingCerts -_CMSEncoderCopyRecipients -_CMSEncoderCopySigners -_CMSEncoderCreate -_CMSEncoderCopyEncodedContent -_CMSEncoderGetCmsMessage -_CMSEncoderSetHasDetachedContent -_CMSEncoderGetHasDetachedContent -_CMSEncoderCopyEncapsulatedContentType -_CMSEncoderGetEncoder -_CMSEncoderGetTypeID -_CMSEncoderSetEncapsulatedContentType -_CMSEncoderSetEncapsulatedContentTypeOID -_CMSEncoderSetEncoder -_CMSEncoderAddSignedAttributes -_CMSEncoderSetSigningTime -_CMSEncoderSetAppleCodesigningHashAgility -_CMSEncoderSetCertificateChainMode -_CMSEncoderGetCertificateChainMode -_CMSEncoderUpdateContent -_CMSDecoderCopyAllCerts -_CMSDecoderCopyContent -_CMSDecoderCopyDetachedContent -_CMSDecoderCopySignerStatus -_CMSDecoderCreate -_CMSDecoderGetTypeID -_CMSDecoderFinalizeMessage -_CMSDecoderGetDecoder -_CMSDecoderCopyEncapsulatedContentType -_CMSDecoderIsContentEncrypted -_CMSDecoderGetNumSigners -_CMSDecoderSetDecoder -_CMSDecoderSetDetachedContent -_CMSDecoderUpdateMessage -_CMSDecoderGetCmsMessage -_CMSDecoderSetSearchKeychain -_CMSDecoderCopySignerEmailAddress -_CMSDecoderCopySignerCert -_CMSDecoderCopySignerSigningTime -_CMSDecoderCopySignerTimestamp -_CMSDecoderCopySignerTimestampWithPolicy -_CMSDecoderCopySignerTimestampCertificates -_CMSEncoderCopySignerTimestamp -_CMSEncoderCopySignerTimestampWithPolicy -_CMSDecoderCopySignerAppleCodesigningHashAgility - - diff --git a/OSX/libsecurity_cms/libsecurity_cms.xcodeproj/project.pbxproj b/OSX/libsecurity_cms/libsecurity_cms.xcodeproj/project.pbxproj index 41a286c5..88db048f 100644 --- a/OSX/libsecurity_cms/libsecurity_cms.xcodeproj/project.pbxproj +++ b/OSX/libsecurity_cms/libsecurity_cms.xcodeproj/project.pbxproj @@ -34,7 +34,6 @@ 18446179146E984400B12992 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; 1844617A146E984400B12992 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; 4CA1FEBE052A3C8100F22E42 /* libsecurity_cms.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_cms.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CCB008B05800B0B00981D43 /* security_cms.exp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.exports; path = security_cms.exp; sourceTree = ""; }; D43B9E7C1D064F0B00B9DDDA /* cms-trust-settings-test.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "cms-trust-settings-test.c"; path = "regressions/cms-trust-settings-test.c"; sourceTree = ""; }; D43B9E7D1D064F0B00B9DDDA /* cms-trust-settings-test.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = "cms-trust-settings-test.h"; path = "regressions/cms-trust-settings-test.h"; sourceTree = ""; }; D4C334571BE29F5200D8C1EF /* cms_regressions.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = cms_regressions.h; path = regressions/cms_regressions.h; sourceTree = ""; }; @@ -83,7 +82,6 @@ 052C07E709894ADA00E7641D /* CMSEncoder.h */, 052C07E809894ADA00E7641D /* CMSPrivate.h */, 052C07E909894ADA00E7641D /* CMSUtils.h */, - 4CCB008B05800B0B00981D43 /* security_cms.exp */, ); path = lib; sourceTree = ""; @@ -186,7 +184,7 @@ 4CA1FEAB052A3C3800F22E42 /* Project object */ = { isa = PBXProject; attributes = { - LastUpgradeCheck = 0800; + LastUpgradeCheck = 0810; TargetAttributes = { D4C3345B1BE2A2B100D8C1EF = { CreatedOnToolsVersion = 7.1; @@ -259,7 +257,9 @@ CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_EMPTY_BODY = YES; CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; ENABLE_STRICT_OBJC_MSGSEND = YES; @@ -282,7 +282,9 @@ CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_EMPTY_BODY = YES; CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; ENABLE_STRICT_OBJC_MSGSEND = YES; diff --git a/OSX/libsecurity_codesigning/lib/SecAssessment.cpp b/OSX/libsecurity_codesigning/lib/SecAssessment.cpp index 2c1e06bd..83566481 100644 --- a/OSX/libsecurity_codesigning/lib/SecAssessment.cpp +++ b/OSX/libsecurity_codesigning/lib/SecAssessment.cpp @@ -468,7 +468,7 @@ CFDictionaryRef SecAssessmentCopyUpdate(CFTypeRef target, traceUpdate(target, context, result); return result.yield(); - END_CSAPI_ERRORS1(false) + END_CSAPI_ERRORS1(NULL) } diff --git a/OSX/libsecurity_codesigning/lib/SecCodePriv.h b/OSX/libsecurity_codesigning/lib/SecCodePriv.h index 86e1064b..5834012a 100644 --- a/OSX/libsecurity_codesigning/lib/SecCodePriv.h +++ b/OSX/libsecurity_codesigning/lib/SecCodePriv.h @@ -75,6 +75,13 @@ extern const CFStringRef kSecCodeInfoDiskRepNoLibraryValidation; /* String */ */ OSStatus SecCodeGetStatus(SecCodeRef code, SecCSFlags flags, SecCodeStatus *status); +typedef uint32_t SecCodeStatusOperation; +enum { + kSecCodeOperationNull = 0, + kSecCodeOperationInvalidate = 1, + kSecCodeOperationSetHard = 2, + kSecCodeOperationSetKill = 3, +}; /*! @function SecCodeSetStatus @@ -83,20 +90,10 @@ OSStatus SecCodeGetStatus(SecCodeRef code, SecCSFlags flags, SecCodeStatus *stat @param code A valid SecCode object reference representing code running on the system. @param flags Optional flags. Pass kSecCSDefaultFlags for standard behavior. - @param status Upon successful return, contains the dynamic status of code as - determined by its host. @result Upon success, errSecSuccess. Upon error, an OSStatus value documented in CSCommon.h or certain other Security framework headers. */ -typedef uint32_t SecCodeStatusOperation; -enum { - kSecCodeOperationNull = 0, - kSecCodeOperationInvalidate = 1, - kSecCodeOperationSetHard = 2, - kSecCodeOperationSetKill = 3, -}; - OSStatus SecCodeSetStatus(SecCodeRef code, SecCodeStatusOperation operation, CFDictionaryRef arguments, SecCSFlags flags); diff --git a/OSX/libsecurity_codesigning/lib/SecRequirementPriv.h b/OSX/libsecurity_codesigning/lib/SecRequirementPriv.h index d1bdfb4b..66230b96 100644 --- a/OSX/libsecurity_codesigning/lib/SecRequirementPriv.h +++ b/OSX/libsecurity_codesigning/lib/SecRequirementPriv.h @@ -68,7 +68,13 @@ OSStatus SecRequirementsCreateFromRequirements(CFDictionaryRef requirements, Sec OSStatus SecRequirementsCopyRequirements(CFDataRef requirementSet, SecCSFlags flags, CFDictionaryRef *requirements); - + + +typedef CF_OPTIONS(uint32_t, SecCSFlagsPriv) { + kSecCSParseRequirement = 0x0001, // accept single requirements + kSecCSParseRequirementSet = 0x0002, // accept requirement sets +}; + /*! @function SecRequirementsCreateWithString Create a SecRequirement object or requirement set based on the string provided. @@ -87,11 +93,6 @@ OSStatus SecRequirementsCopyRequirements(CFDataRef requirementSet, SecCSFlags fl @result Upon success, errSecSuccess. Upon error, an OSStatus value documented in CSCommon.h or certain other Security framework headers. */ -typedef CF_OPTIONS(uint32_t, SecCSFlagsPriv) { - kSecCSParseRequirement = 0x0001, // accept single requirements - kSecCSParseRequirementSet = 0x0002, // accept requirement sets -}; - OSStatus SecRequirementsCreateWithString(CFStringRef text, SecCSFlags flags, CFTypeRef *result, CFErrorRef *errors); diff --git a/OSX/libsecurity_codesigning/lib/SecTask.h b/OSX/libsecurity_codesigning/lib/SecTask.h deleted file mode 100644 index 7ea6df93..00000000 --- a/OSX/libsecurity_codesigning/lib/SecTask.h +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Copyright (c) 2008-2009,2011 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -#ifndef _SECURITY_SECTASK_H_ -#define _SECURITY_SECTASK_H_ - -#include -#include -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -CF_ASSUME_NONNULL_BEGIN -CF_IMPLICIT_BRIDGING_ENABLED - -/*! - @typedef SecTaskRef - @abstract CFType used for representing a task -*/ -typedef struct CF_BRIDGED_TYPE(id) __SecTask *SecTaskRef; - -/*! - @function SecTaskGetTypeID - @abstract Returns the type ID for CF instances of SecTask. - @result A CFTypeID for SecTask -*/ -CFTypeID SecTaskGetTypeID(void); - -/*! - @function SecTaskCreateWithAuditToken - @abstract Create a SecTask object for the task that sent the mach message - represented by the audit token. - @param token The audit token of a mach message - @result The newly created SecTask object or NULL on error. The caller must - CFRelease the returned object. -*/ -__nullable -SecTaskRef SecTaskCreateWithAuditToken(CFAllocatorRef __nullable allocator, audit_token_t token); - -/*! - @function SecTaskCreateFromSelf - @abstract Create a SecTask object for the current task. - @result The newly created SecTask object or NULL on error. The caller must - CFRelease the returned object. -*/ -__nullable -SecTaskRef SecTaskCreateFromSelf(CFAllocatorRef __nullable allocator); - -/*! - @function SecTaskCopyValueForEntitlement - @abstract Returns the value of a single entitlement for the represented - task. - @param task A previously created SecTask object - @param entitlement The name of the entitlement to be fetched - @param error On a NULL return, this may be contain a CFError describing - the problem. This argument may be NULL if the caller is not interested in - detailed errors. - @result The value of the specified entitlement for the process or NULL if - the entitlement value could not be retrieved. The type of the returned - value will depend on the entitlement specified. The caller must release - the returned object. - @discussion A NULL return may indicate an error, or it may indicate that - the entitlement is simply not present. In the latter case, no CFError is - returned. -*/ -__nullable -CFTypeRef SecTaskCopyValueForEntitlement(SecTaskRef task, CFStringRef entitlement, CFErrorRef *error); - -/*! - @function SecTaskCopyValuesForEntitlements - @abstract Returns the values of multiple entitlements for the represented - task. - @param task A previously created SecTask object - @param entitlements An array of entitlement names to be fetched - @param error On a NULL return, this will contain a CFError describing - the problem. This argument may be NULL if the caller is not interested in - detailed errors. If a requested entitlement is not present for the - returned dictionary, the entitlement is not set on the task. The caller - must CFRelease the returned value -*/ -__nullable -CFDictionaryRef SecTaskCopyValuesForEntitlements(SecTaskRef task, CFArrayRef entitlements, CFErrorRef *error); - - - -/*! - @function SecTaskCopySigningIdentifier - @abstract Return the value of the codesigning identifier. - @param task A previously created SecTask object - @param error On a NULL return, this will contain a CFError describing - the problem. This argument may be NULL if the caller is not interested in - detailed errors. The caller must CFRelease the returned value. - */ - -__nullable -CFStringRef -SecTaskCopySigningIdentifier(SecTaskRef task, CFErrorRef *error); - -CF_IMPLICIT_BRIDGING_DISABLED -CF_ASSUME_NONNULL_END - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECTASK_H_ */ diff --git a/OSX/libsecurity_codesigning/lib/StaticCode.cpp b/OSX/libsecurity_codesigning/lib/StaticCode.cpp index 20c6d40a..b7fb0d77 100644 --- a/OSX/libsecurity_codesigning/lib/StaticCode.cpp +++ b/OSX/libsecurity_codesigning/lib/StaticCode.cpp @@ -90,7 +90,7 @@ static inline OSStatus errorForSlot(CodeDirectory::SpecialSlot slot) SecStaticCode::SecStaticCode(DiskRep *rep) : mRep(rep), mValidated(false), mExecutableValidated(false), mResourcesValidated(false), mResourcesValidContext(NULL), - mProgressQueue("com.apple.security.validation-progress", false, DISPATCH_QUEUE_PRIORITY_DEFAULT), + mProgressQueue("com.apple.security.validation-progress", false, QOS_CLASS_DEFAULT), mOuterScope(NULL), mResourceScope(NULL), mDesignatedReq(NULL), mGotResourceBase(false), mMonitor(NULL), mLimitedAsync(NULL), mEvalDetails(NULL) { @@ -698,11 +698,7 @@ bool SecStaticCode::verifySignature() if (mValidationFlags & kSecCSNoNetworkAccess) { MacOSError::check(SecTrustSetNetworkFetchAllowed(mTrust,false)); // no network? } -#if !SECTRUST_OSX - MacOSError::check(SecTrustSetKeychains(mTrust, cfEmptyArray())); // no keychains -#else MacOSError::check(SecTrustSetKeychainsAllowed(mTrust, false)); -#endif CSSM_APPLE_TP_ACTION_DATA actionData = { CSSM_APPLE_TP_ACTION_VERSION, // version of data structure @@ -809,39 +805,11 @@ bool SecStaticCode::verifySignature() // This may be a simple SecPolicyRef or a CFArray of policies. // The caller owns the return value. // -#if !SECTRUST_OSX -static SecPolicyRef makeCRLPolicy() -{ - CFRef policy; - MacOSError::check(SecPolicyCopy(CSSM_CERT_X_509v3, &CSSMOID_APPLE_TP_REVOCATION_CRL, &policy.aref())); - CSSM_APPLE_TP_CRL_OPTIONS options; - memset(&options, 0, sizeof(options)); - options.Version = CSSM_APPLE_TP_CRL_OPTS_VERSION; - options.CrlFlags = CSSM_TP_ACTION_FETCH_CRL_FROM_NET | CSSM_TP_ACTION_CRL_SUFFICIENT; - CSSM_DATA optData = { sizeof(options), (uint8 *)&options }; - MacOSError::check(SecPolicySetValue(policy, &optData)); - return policy.yield(); -} - -static SecPolicyRef makeOCSPPolicy() -{ - CFRef policy; - MacOSError::check(SecPolicyCopy(CSSM_CERT_X_509v3, &CSSMOID_APPLE_TP_REVOCATION_OCSP, &policy.aref())); - CSSM_APPLE_TP_OCSP_OPTIONS options; - memset(&options, 0, sizeof(options)); - options.Version = CSSM_APPLE_TP_OCSP_OPTS_VERSION; - options.Flags = CSSM_TP_ACTION_OCSP_SUFFICIENT; - CSSM_DATA optData = { sizeof(options), (uint8 *)&options }; - MacOSError::check(SecPolicySetValue(policy, &optData)); - return policy.yield(); -} -#else static SecPolicyRef makeRevocationPolicy(CFOptionFlags flags) { CFRef policy(SecPolicyCreateRevocation(flags)); return policy.yield(); } -#endif CFArrayRef SecStaticCode::verificationPolicies() { @@ -856,14 +824,8 @@ CFArrayRef SecStaticCode::verificationPolicies() } else if (mValidationFlags & kSecCSEnforceRevocationChecks) { // Add CRL and OCSP policies -#if !SECTRUST_OSX - CFRef crl = makeCRLPolicy(); - CFRef ocsp = makeOCSPPolicy(); - return makeCFArray(3, core.get(), crl.get(), ocsp.get()); -#else CFRef revoc = makeRevocationPolicy(kSecRevocationUseAnyAvailableMethod); return makeCFArray(2, core.get(), revoc.get()); -#endif } else { return makeCFArray(1, core.get()); } diff --git a/OSX/libsecurity_codesigning/lib/bundlediskrep.cpp b/OSX/libsecurity_codesigning/lib/bundlediskrep.cpp index ca8f62da..c7bd784b 100644 --- a/OSX/libsecurity_codesigning/lib/bundlediskrep.cpp +++ b/OSX/libsecurity_codesigning/lib/bundlediskrep.cpp @@ -281,7 +281,12 @@ string BundleDiskRep::metaPath(const char *name) CFDataRef BundleDiskRep::metaData(const char *name) { - return cfLoadFile(CFTempURL(metaPath(name))); + if (CFRef url = makeCFURL(metaPath(name))) { + return cfLoadFile(url); + } else { + secnotice("bundlediskrep", "no metapath for %s", name); + return NULL; + } } CFDataRef BundleDiskRep::metaData(CodeDirectory::SpecialSlot slot) @@ -449,7 +454,8 @@ string BundleDiskRep::format() CFArrayRef BundleDiskRep::modifiedFiles() { - CFMutableArrayRef files = CFArrayCreateMutableCopy(NULL, 0, mExecRep->modifiedFiles()); + CFRef execFiles = mExecRep->modifiedFiles(); + CFRef files = CFArrayCreateMutableCopy(NULL, 0, execFiles); checkModifiedFile(files, cdCodeDirectorySlot); checkModifiedFile(files, cdSignatureSlot); checkModifiedFile(files, cdResourceDirSlot); @@ -458,7 +464,7 @@ CFArrayRef BundleDiskRep::modifiedFiles() checkModifiedFile(files, cdRepSpecificSlot); for (CodeDirectory::Slot slot = cdAlternateCodeDirectorySlots; slot < cdAlternateCodeDirectoryLimit; ++slot) checkModifiedFile(files, slot); - return files; + return files.yield(); } void BundleDiskRep::checkModifiedFile(CFMutableArrayRef files, CodeDirectory::SpecialSlot slot) diff --git a/OSX/libsecurity_codesigning/lib/cdbuilder.cpp b/OSX/libsecurity_codesigning/lib/cdbuilder.cpp index c4e75a2e..d78660b1 100644 --- a/OSX/libsecurity_codesigning/lib/cdbuilder.cpp +++ b/OSX/libsecurity_codesigning/lib/cdbuilder.cpp @@ -115,7 +115,7 @@ CodeDirectory::Scatter *CodeDirectory::Builder::scatter(unsigned count) // the version chosen. We dynamically picked the least-needed version // to provide stability of virtual signatures. // -const size_t CodeDirectory::Builder::fixedSize(const uint32_t version) +size_t CodeDirectory::Builder::fixedSize(const uint32_t version) { size_t cdSize = sizeof(CodeDirectory); if (version < supportsCodeLimit64) diff --git a/OSX/libsecurity_codesigning/lib/cdbuilder.h b/OSX/libsecurity_codesigning/lib/cdbuilder.h index 1c6d373d..cef350dc 100644 --- a/OSX/libsecurity_codesigning/lib/cdbuilder.h +++ b/OSX/libsecurity_codesigning/lib/cdbuilder.h @@ -62,7 +62,7 @@ public: size_t size(const uint32_t version); // calculate size CodeDirectory *build(); // build CodeDirectory and return it - const size_t fixedSize(const uint32_t version); // calculate fixed size of the CodeDirectory + size_t fixedSize(const uint32_t version); // calculate fixed size of the CodeDirectory uint32_t hashType() const { return mHashType; } diff --git a/OSX/libsecurity_codesigning/lib/csgeneric.cpp b/OSX/libsecurity_codesigning/lib/csgeneric.cpp index f8986325..e691c4b7 100644 --- a/OSX/libsecurity_codesigning/lib/csgeneric.cpp +++ b/OSX/libsecurity_codesigning/lib/csgeneric.cpp @@ -168,7 +168,6 @@ void GenericCode::changeGuestStatus(SecCode *iguest, SecCodeStatusOperation oper case kSecCodeOperationSetHard: case kSecCodeOperationSetKill: MacOSError::throwMe(errSecCSUnimplemented); - break; default: MacOSError::throwMe(errSecCSUnimplemented); } diff --git a/OSX/libsecurity_codesigning/lib/evaluationmanager.cpp b/OSX/libsecurity_codesigning/lib/evaluationmanager.cpp index e2c5cd42..2332ca0e 100644 --- a/OSX/libsecurity_codesigning/lib/evaluationmanager.cpp +++ b/OSX/libsecurity_codesigning/lib/evaluationmanager.cpp @@ -232,7 +232,6 @@ void EvaluationTask::performEvaluation(SecAssessmentFlags flags, CFDictionaryRef break; default: MacOSError::throwMe(errSecCSInvalidAttributeValues); - break; } } catch(...) { mExceptionToRethrow = std::current_exception(); diff --git a/OSX/libsecurity_codesigning/lib/filediskrep.cpp b/OSX/libsecurity_codesigning/lib/filediskrep.cpp index e280fc13..05ff9e03 100644 --- a/OSX/libsecurity_codesigning/lib/filediskrep.cpp +++ b/OSX/libsecurity_codesigning/lib/filediskrep.cpp @@ -154,14 +154,33 @@ DiskRep::Writer *FileDiskRep::writer() void FileDiskRep::Writer::component(CodeDirectory::SpecialSlot slot, CFDataRef data) { try { - fd().setAttr(attrName(CodeDirectory::canonicalSlotName(slot)), - CFDataGetBytePtr(data), CFDataGetLength(data)); + std::string name = attrName(CodeDirectory::canonicalSlotName(slot)); + fd().setAttr(name, CFDataGetBytePtr(data), CFDataGetLength(data)); + mWrittenAttributes.insert(name); } catch (const UnixError &error) { if (error.error == ERANGE) MacOSError::throwMe(errSecCSCMSTooLarge); throw; } } + + +void FileDiskRep::Writer::flush() +{ + size_t size = fd().listAttr(NULL, 0); + std::vector buffer(size); + char *s = &buffer[0]; + char *end = &buffer[size]; + fd().listAttr(s, size); + while (s < end) { + std::string name = s; + s += strlen(s) + 1; // skip to next + if (name.compare(0, 13, "com.apple.cs.") == 0) // one of ours + if (mWrittenAttributes.find(name) == mWrittenAttributes.end()) { // not written by this signing operation + fd().removeAttr(name); + } + } +} // diff --git a/OSX/libsecurity_codesigning/lib/filediskrep.h b/OSX/libsecurity_codesigning/lib/filediskrep.h index 77733782..822cc832 100644 --- a/OSX/libsecurity_codesigning/lib/filediskrep.h +++ b/OSX/libsecurity_codesigning/lib/filediskrep.h @@ -78,12 +78,14 @@ class FileDiskRep::Writer : public SingleDiskRep::Writer { friend class FileDiskRep; public: void component(CodeDirectory::SpecialSlot slot, CFDataRef data); + void flush(); void remove(); bool preferredStore(); protected: Writer(FileDiskRep *r) : SingleDiskRep::Writer(r, writerLastResort) { } RefPointer rep; + std::set mWrittenAttributes; }; diff --git a/OSX/libsecurity_codesigning/lib/policyengine.cpp b/OSX/libsecurity_codesigning/lib/policyengine.cpp index f9fc17ed..05c44598 100644 --- a/OSX/libsecurity_codesigning/lib/policyengine.cpp +++ b/OSX/libsecurity_codesigning/lib/policyengine.cpp @@ -616,49 +616,16 @@ void PolicyEngine::evaluateInstall(CFURLRef path, SecAssessmentFlags flags, CFDi // // Create a suitable policy array for verification of installer signatures. // -#if !SECTRUST_OSX -static SecPolicyRef makeCRLPolicy() -{ - CFRef policy; - MacOSError::check(SecPolicyCopy(CSSM_CERT_X_509v3, &CSSMOID_APPLE_TP_REVOCATION_CRL, &policy.aref())); - CSSM_APPLE_TP_CRL_OPTIONS options; - memset(&options, 0, sizeof(options)); - options.Version = CSSM_APPLE_TP_CRL_OPTS_VERSION; - options.CrlFlags = CSSM_TP_ACTION_FETCH_CRL_FROM_NET | CSSM_TP_ACTION_CRL_SUFFICIENT; - CSSM_DATA optData = { sizeof(options), (uint8 *)&options }; - MacOSError::check(SecPolicySetValue(policy, &optData)); - return policy.yield(); -} - -static SecPolicyRef makeOCSPPolicy() -{ - CFRef policy; - MacOSError::check(SecPolicyCopy(CSSM_CERT_X_509v3, &CSSMOID_APPLE_TP_REVOCATION_OCSP, &policy.aref())); - CSSM_APPLE_TP_OCSP_OPTIONS options; - memset(&options, 0, sizeof(options)); - options.Version = CSSM_APPLE_TP_OCSP_OPTS_VERSION; - options.Flags = CSSM_TP_ACTION_OCSP_SUFFICIENT; - CSSM_DATA optData = { sizeof(options), (uint8 *)&options }; - MacOSError::check(SecPolicySetValue(policy, &optData)); - return policy.yield(); -} -#else static SecPolicyRef makeRevocationPolicy() { CFRef policy(SecPolicyCreateRevocation(kSecRevocationUseAnyAvailableMethod)); return policy.yield(); } -#endif static CFTypeRef installerPolicy() { CFRef base = SecPolicyCreateBasicX509(); -#if !SECTRUST_OSX - CFRef crl = makeCRLPolicy(); - CFRef ocsp = makeOCSPPolicy(); -#else CFRef revoc = makeRevocationPolicy(); -#endif return makeCFArray(2, base.get(), revoc.get()); } diff --git a/OSX/libsecurity_codesigning/lib/reqdumper.cpp b/OSX/libsecurity_codesigning/lib/reqdumper.cpp index c7e180f6..d1cb94a9 100644 --- a/OSX/libsecurity_codesigning/lib/reqdumper.cpp +++ b/OSX/libsecurity_codesigning/lib/reqdumper.cpp @@ -121,10 +121,8 @@ string Dumper::dump(const BlobCore *req, bool debug /* = false */) switch (req->magic()) { case Requirement::typeMagic: return dump(static_cast(req), debug); - break; case Requirements::typeMagic: return dump(static_cast(req), debug); - break; default: return "invalid data type"; } diff --git a/OSX/libsecurity_codesigning/lib/security_codesigning.exp b/OSX/libsecurity_codesigning/lib/security_codesigning.exp deleted file mode 100644 index f5909556..00000000 --- a/OSX/libsecurity_codesigning/lib/security_codesigning.exp +++ /dev/null @@ -1,185 +0,0 @@ -# -# Copyright (c) 2006-2014 Apple Inc. All Rights Reserved. -# -# @APPLE_LICENSE_HEADER_START@ -# -# This file contains Original Code and/or Modifications of Original Code -# as defined in and that are subject to the Apple Public Source License -# Version 2.0 (the 'License'). You may not use this file except in -# compliance with the License. Please obtain a copy of the License at -# http://www.opensource.apple.com/apsl/ and read it before using this -# file. -# -# The Original Code and all software distributed under the License are -# distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER -# EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, -# INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. -# Please see the License for the specific language governing rights and -# limitations under the License. -# -# @APPLE_LICENSE_HEADER_END@ -# -_SecCodeGetTypeID -_SecCodeCopySelf -_SecCodeCopyInternalRequirement -_SecCodeGetStatus -_SecCodeSetStatus -_SecCodeCopyStaticCode -_SecCodeCopyHost -_SecCodeCopyGuestWithAttributes -_SecCodeCreateWithPID -_SecCodeCheckValidity -_SecCodeCheckValidityWithErrors -_SecCodeCopyPath -_SecCodeCopyDesignatedRequirement -_SecCodeCopySigningInformation -_SecCodeMapMemory -_SecCodeSetDetachedSignature -_kSecCodeAttributeArchitecture -_kSecCodeAttributeBundleVersion -_kSecCodeAttributeSubarchitecture -_kSecCodeAttributeUniversalFileOffset -_SecStaticCodeGetTypeID -_SecStaticCodeCreateWithPath -_SecStaticCodeCreateWithPathAndAttributes -_SecStaticCodeCheckValidity -_SecStaticCodeCheckValidityWithErrors -_SecRequirementGetTypeID -_SecRequirementCreateWithData -_SecRequirementCreateWithResource -_SecRequirementCreateWithString -_SecRequirementCreateWithStringAndErrors -_SecRequirementCreateGroup -_SecRequirementCopyData -_SecRequirementCopyString -_SecRequirementEvaluate -_SecRequirementsCreateFromRequirements -_SecRequirementsCopyRequirements -_SecRequirementsCreateWithString -_SecRequirementsCopyString -_SecCodeSignerGetTypeID -_SecCodeSignerCreate -_SecCodeSignerAddSignature -_SecCodeSignerAddSignatureWithErrors -_SecHostCreateGuest -_SecHostRemoveGuest -_SecHostSetGuestStatus -_SecHostSelectGuest -_SecHostSelectedGuest -_SecHostSetHostingPort -_kSecCodeDirectoryFlagTable -_kSecCodeSignerApplicationData -_kSecCodeSignerDetached -_kSecCodeSignerDigestAlgorithm -_kSecCodeSignerDryRun -_kSecCodeSignerEntitlements -_kSecCodeSignerFlags -_kSecCodeSignerIdentifier -_kSecCodeSignerIdentifierPrefix -_kSecCodeSignerIdentity -_kSecCodeSignerTimestampAuthentication -_kSecCodeSignerRequireTimestamp -_kSecCodeSignerTimestampServer -_kSecCodeSignerTimestampOmitCertificates -_kSecCodeSignerPageSize -_kSecCodeSignerRequirements -_kSecCodeSignerResourceRules -_kSecCodeSignerSDKRoot -_kSecCodeSignerSigningTime -_kSecCodeInfoCertificates -_kSecCodeInfoChangedFiles -_kSecCodeInfoCMS -_kSecCodeInfoTime -_kSecCodeInfoDesignatedRequirement -_kSecCodeInfoEntitlements -_kSecCodeInfoEntitlementsDict -_kSecCodeInfoFlags -_kSecCodeInfoFormat -_kSecCodeInfoDigestAlgorithm -_kSecCodeInfoDigestAlgorithms -_kSecCodeInfoIdentifier -_kSecCodeInfoImplicitDesignatedRequirement -_kSecCodeInfoMainExecutable -_kSecCodeInfoPList -_kSecCodeInfoRequirements -_kSecCodeInfoRequirementData -_kSecCodeInfoSource -_kSecCodeInfoStatus -_kSecCodeInfoTrust -_kSecCodeInfoUnique -_kSecCodeInfoCdHashes -_kSecCodeInfoCodeDirectory -_kSecCodeInfoCodeOffset -_kSecCodeInfoDiskRepInfo -_kSecCodeInfoDiskRepOSPlatform -_kSecCodeInfoDiskRepOSVersionMin -_kSecCodeInfoDiskRepOSSDKVersion -_kSecCodeInfoDiskRepNoLibraryValidation -_kSecCodeInfoResourceDirectory -_kSecGuestAttributeCanonical -_kSecGuestAttributeHash -_kSecGuestAttributeMachPort -_kSecGuestAttributePid -_kSecRequirementKeyInfoPlist -_kSecRequirementKeyEntitlements -_kSecCFErrorArchitecture -_kSecCFErrorPattern -_kSecCFErrorResourceSeal -_kSecCFErrorResourceAdded -_kSecCFErrorResourceAltered -_kSecCFErrorResourceMissing -_kSecCFErrorResourceSideband -_kSecCFErrorInfoPlist -_kSecCFErrorGuestAttributes -_kSecCFErrorRequirementSyntax -_kSecCFErrorPath - -# Entitlements -_SecTaskGetTypeID -_SecTaskCreateWithAuditToken -_SecTaskCreateFromSelf -_SecTaskCopyValueForEntitlement -_SecTaskCopyValuesForEntitlements -_SecTaskEntitlementsValidated -_SecTaskValidateForRequirement - -# Assessments -_SecAssessmentCreate -_SecAssessmentCopyResult -_SecAssessmentUpdate -_SecAssessmentControl -_kSecAssessmentContextKeyOperation -_kSecAssessmentOperationTypeExecute -_kSecAssessmentOperationTypeInstall -_kSecAssessmentOperationTypeOpenDocument -_kSecAssessmentContextKeyUpdate -_kSecAssessmentUpdateOperationAddFile -_kSecAssessmentUpdateOperationRemoveFile -_kSecAssessmentUpdateOperationAdd -_kSecAssessmentUpdateOperationRemove -_kSecAssessmentUpdateKeyAllow -_kSecAssessmentUpdateKeyExpires -_kSecAssessmentUpdateKeyLabel -_kSecAssessmentUpdateKeyPriority -_kSecAssessmentUpdateKeyRemarks -_kSecAssessmentAssessmentAuthority -_kSecAssessmentAssessmentAuthorityRow -_kSecAssessmentAssessmentFromCache -_kSecAssessmentAssessmentOriginator -_kSecAssessmentAssessmentAuthorityOverride -_kSecAssessmentAssessmentOriginalVerdict -_kSecAssessmentAssessmentSource -_kSecAssessmentAssessmentVerdict -_kSecAssessmentAssessmentWeakSignature -_kSecAssessmentAssessmentCodeSigningError -_kSecAssessmentContextKeyPrimarySignature - -# gatekeeper logging - -_GKBIS_DS_Store_Present -_GKBIS_Dot_underbar_Present -_GKBIS_Num_localizations -_GKBIS_Num_files -_GKBIS_Num_dirs -_GKBIS_Num_symlinks diff --git a/OSX/libsecurity_codesigning/lib/signer.cpp b/OSX/libsecurity_codesigning/lib/signer.cpp index b9d4ba9f..e03321cc 100644 --- a/OSX/libsecurity_codesigning/lib/signer.cpp +++ b/OSX/libsecurity_codesigning/lib/signer.cpp @@ -550,7 +550,8 @@ void SecCodeSigner::Signer::signArchitectureAgnostic(const Requirement::Context } // write out all CodeDirectories - cdSet.populate(writer); + if (!state.mDryRun) + cdSet.populate(writer); CFRef hashes = cdSet.hashBag(); CFTemp hashDict("{cdhashes=%O}", hashes.get()); diff --git a/OSX/libsecurity_codesigning/libsecurity_codesigning.xcodeproj/project.pbxproj b/OSX/libsecurity_codesigning/libsecurity_codesigning.xcodeproj/project.pbxproj deleted file mode 100644 index 395b161c..00000000 --- a/OSX/libsecurity_codesigning/libsecurity_codesigning.xcodeproj/project.pbxproj +++ /dev/null @@ -1,2110 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXAggregateTarget section */ - C26AC0EB143BCF01001C98CE /* SystemPolicy */ = { - isa = PBXAggregateTarget; - buildConfigurationList = C26AC0EC143BCF01001C98CE /* Build configuration list for PBXAggregateTarget "SystemPolicy" */; - buildPhases = ( - C26AC0F0143BCF18001C98CE /* ShellScript */, - 1F9152F01C7255BD009351BD /* ShellScript */, - C2F24DFE14BCBBF200309FCD /* ShellScript */, - C2578CB11579627200D4FE48 /* CopyFiles */, - C25C18CD15CB0C470007A2DE /* CopyFiles */, - C25C18D015CB0FB30007A2DE /* CopyFiles */, - ); - dependencies = ( - ); - name = SystemPolicy; - productName = SystemPolicy; - }; - C26AC7090DAEB3A7005BFB40 /* DTrace */ = { - isa = PBXAggregateTarget; - buildConfigurationList = C26AC70D0DAEB3C6005BFB40 /* Build configuration list for PBXAggregateTarget "DTrace" */; - buildPhases = ( - C26AC7080DAEB3A7005BFB40 /* ShellScript */, - ); - dependencies = ( - ); - name = DTrace; - productName = DTrace; - }; - C2D383B80A23A8C4005C63A2 /* Requirements Language */ = { - isa = PBXAggregateTarget; - buildConfigurationList = C2D383C00A23A8E3005C63A2 /* Build configuration list for PBXAggregateTarget "Requirements Language" */; - buildPhases = ( - C2D383B70A23A8C4005C63A2 /* ShellScript */, - ); - dependencies = ( - ); - name = "Requirements Language"; - productName = "Requirements Language"; - }; - C2E2873F0B5D8F8F009336A0 /* Everything */ = { - isa = PBXAggregateTarget; - buildConfigurationList = C2E287470B5D8FD8009336A0 /* Build configuration list for PBXAggregateTarget "Everything" */; - buildPhases = ( - ); - dependencies = ( - C2E287410B5D8F97009336A0 /* PBXTargetDependency */, - C250F6C50B5EF4E40076098F /* PBXTargetDependency */, - C2E287430B5D8F9A009336A0 /* PBXTargetDependency */, - C26AC0F2143BD02B001C98CE /* PBXTargetDependency */, - C209697015BF53330093035F /* PBXTargetDependency */, - ); - name = Everything; - productName = Everything; - }; -/* End PBXAggregateTarget section */ - -/* Begin PBXBuildFile section */ - 18B965861472FBF6005A4D2E /* reqdumper.h in Headers */ = {isa = PBXBuildFile; fileRef = C21CFC5E0A250D1C006CD5B1 /* reqdumper.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18B965871472FC5B005A4D2E /* requirement.h in Headers */ = {isa = PBXBuildFile; fileRef = C2D383360A237F47005C63A2 /* requirement.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18B965881472FC5B005A4D2E /* reqmaker.h in Headers */ = {isa = PBXBuildFile; fileRef = C2C1DFC20A2F820500D1B02B /* reqmaker.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18B965891472FC5B005A4D2E /* reqreader.h in Headers */ = {isa = PBXBuildFile; fileRef = C2093AA70BB0948000EB8599 /* reqreader.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18B9658A1472FC5B005A4D2E /* reqinterp.h in Headers */ = {isa = PBXBuildFile; fileRef = C2C1DFBA0A2F80EB00D1B02B /* reqinterp.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18B9658B1472FC5B005A4D2E /* reqparser.h in Headers */ = {isa = PBXBuildFile; fileRef = C2D383340A237F47005C63A2 /* reqparser.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18B9658C1472FC9E005A4D2E /* codedirectory.h in Headers */ = {isa = PBXBuildFile; fileRef = C2D383170A237F47005C63A2 /* codedirectory.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18B965951472FE30005A4D2E /* cdbuilder.h in Headers */ = {isa = PBXBuildFile; fileRef = C2D383150A237F47005C63A2 /* cdbuilder.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 37DDE33C1947A4F3005CE18B /* dirscanner.h in Headers */ = {isa = PBXBuildFile; fileRef = 37DDE33B1947A4F3005CE18B /* dirscanner.h */; }; - 37DDE3421947A501005CE18B /* dirscanner.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 37DDE3411947A501005CE18B /* dirscanner.cpp */; }; - 7A9DA65C1948D1BA004635E6 /* opaquewhitelist.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A9DA65A1948D1BA004635E6 /* opaquewhitelist.cpp */; }; - 7A9DA65D1948D1BA004635E6 /* opaquewhitelist.h in Headers */ = {isa = PBXBuildFile; fileRef = 7A9DA65B1948D1BA004635E6 /* opaquewhitelist.h */; }; - 7ACF261219958B6F00849B25 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = C2CC30A00B8519CC005FA59D /* CoreFoundation.framework */; }; - BEC3A75C16F78D21003E5634 /* SecTaskPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = BEC3A75B16F78D21003E5634 /* SecTaskPriv.h */; }; - C200424D15D425D9004AE0A1 /* libsecurity_codesigning.a in Frameworks */ = {isa = PBXBuildFile; fileRef = C200424915D425B7004AE0A1 /* libsecurity_codesigning.a */; }; - C200424E15D425D9004AE0A1 /* libsecurity_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = C200424A15D425B7004AE0A1 /* libsecurity_utilities.a */; }; - C2093AA80BB0948000EB8599 /* reqreader.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2093AA60BB0948000EB8599 /* reqreader.cpp */; }; - C209696415BF52040093035F /* gkunpack.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C209696315BF52040093035F /* gkunpack.cpp */; }; - C211070A158C1082001D7F76 /* gkmerge in CopyFiles */ = {isa = PBXBuildFile; fileRef = C2110704158BF5C8001D7F76 /* gkmerge */; }; - C21CFC5F0A250D1C006CD5B1 /* reqdumper.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C21CFC5D0A250D1C006CD5B1 /* reqdumper.cpp */; }; - C21EA3DD0AD2F81300E6E31C /* SecCodeSigner.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C21EA3DB0AD2F81300E6E31C /* SecCodeSigner.cpp */; }; - C21EA3E30AD2FA0900E6E31C /* CodeSigner.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C21EA3E10AD2FA0900E6E31C /* CodeSigner.cpp */; }; - C22463610B86210100626F1B /* antlrplugin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2CC31130B85254F005FA59D /* antlrplugin.cpp */; }; - C2256BDD158BC0F200F72211 /* gkhandmake in CopyFiles */ = {isa = PBXBuildFile; fileRef = C278A19B158AB2C300FA6767 /* gkhandmake */; }; - C2256BDE158BC0F200F72211 /* gklist in CopyFiles */ = {isa = PBXBuildFile; fileRef = C278A19C158AB2C300FA6767 /* gklist */; }; - C236E3D70AD59446000F5140 /* signer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C236E3D50AD59446000F5140 /* signer.cpp */; }; - C236E3DB0AD595C2000F5140 /* signerutils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C236E3D90AD595C2000F5140 /* signerutils.cpp */; }; - C24EABAB1421432800C16AA9 /* policydb.h in Headers */ = {isa = PBXBuildFile; fileRef = C24EABAA1421432800C16AA9 /* policydb.h */; }; - C24EABAD1421433700C16AA9 /* policydb.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C24EABAC1421433700C16AA9 /* policydb.cpp */; }; - C250F6C30B5EF1910076098F /* SecIntegrity.h in Headers */ = {isa = PBXBuildFile; fileRef = C250F6C20B5EF1910076098F /* SecIntegrity.h */; }; - C259DFD60AD6D9BA00C9ACC6 /* sigblob.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C259DFD40AD6D9BA00C9ACC6 /* sigblob.cpp */; }; - C25C18CE15CB0C5C0007A2DE /* gkreport in CopyFiles */ = {isa = PBXBuildFile; fileRef = C25C18C615CB0BC10007A2DE /* gkreport */; }; - C25C18D115CB0FC30007A2DE /* com.apple.gkreport.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = C25C18CF15CB0FA00007A2DE /* com.apple.gkreport.plist */; }; - C26763D714FD9EBE00A46EDF /* drmaker.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C26763D514FD9EBE00A46EDF /* drmaker.cpp */; }; - C26763D814FD9EBE00A46EDF /* drmaker.h in Headers */ = {isa = PBXBuildFile; fileRef = C26763D614FD9EBE00A46EDF /* drmaker.h */; }; - C26B45C10B8A9C0A003C0ACA /* ucspc in Frameworks */ = {isa = PBXBuildFile; fileRef = C26B45C00B8A9C00003C0ACA /* ucspc */; }; - C26FF62D0E5B375A00F640A0 /* SecIntegrityLib.h in Headers */ = {isa = PBXBuildFile; fileRef = C2CC31040B8523AD005FA59D /* SecIntegrityLib.h */; settings = {ATTRIBUTES = (); }; }; - C26FF62E0E5B375A00F640A0 /* SecCodeHostLib.h in Headers */ = {isa = PBXBuildFile; fileRef = C2BC1F340B580DA7003EC9DC /* SecCodeHostLib.h */; settings = {ATTRIBUTES = (); }; }; - C26FF62F0E5B376B00F640A0 /* CodeSigning.h in Headers */ = {isa = PBXBuildFile; fileRef = C2D383180A237F47005C63A2 /* CodeSigning.h */; settings = {ATTRIBUTES = (); }; }; - C26FF6300E5B376B00F640A0 /* CSCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = C2D3831C0A237F47005C63A2 /* CSCommon.h */; settings = {ATTRIBUTES = (); }; }; - C26FF6310E5B376B00F640A0 /* CSCommonPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = C2D50CDF0E155A4F0059A195 /* CSCommonPriv.h */; settings = {ATTRIBUTES = (); }; }; - C26FF6320E5B376B00F640A0 /* SecCode.h in Headers */ = {isa = PBXBuildFile; fileRef = C2D3831E0A237F47005C63A2 /* SecCode.h */; settings = {ATTRIBUTES = (); }; }; - C26FF6330E5B376B00F640A0 /* SecCodePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = C2E8AF240DE25CA7000F6D3B /* SecCodePriv.h */; settings = {ATTRIBUTES = (); }; }; - C26FF6340E5B376B00F640A0 /* SecStaticCode.h in Headers */ = {isa = PBXBuildFile; fileRef = C2D383220A237F47005C63A2 /* SecStaticCode.h */; settings = {ATTRIBUTES = (); }; }; - C26FF6350E5B376B00F640A0 /* SecStaticCodePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = C2E8AF260DE25CA7000F6D3B /* SecStaticCodePriv.h */; settings = {ATTRIBUTES = (); }; }; - C26FF6360E5B376B00F640A0 /* SecRequirement.h in Headers */ = {isa = PBXBuildFile; fileRef = C2D383260A237F47005C63A2 /* SecRequirement.h */; settings = {ATTRIBUTES = (); }; }; - C26FF6370E5B376B00F640A0 /* SecRequirementPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = C2E8AF250DE25CA7000F6D3B /* SecRequirementPriv.h */; settings = {ATTRIBUTES = (); }; }; - C26FF6380E5B376B00F640A0 /* SecCodeSigner.h in Headers */ = {isa = PBXBuildFile; fileRef = C21EA3DC0AD2F81300E6E31C /* SecCodeSigner.h */; settings = {ATTRIBUTES = (); }; }; - C26FF6390E5B376B00F640A0 /* SecCodeHost.h in Headers */ = {isa = PBXBuildFile; fileRef = C2D383190A237F47005C63A2 /* SecCodeHost.h */; settings = {ATTRIBUTES = (); }; }; - C26FF63A0E5B376B00F640A0 /* SecIntegrity.h in Headers */ = {isa = PBXBuildFile; fileRef = C250F6C20B5EF1910076098F /* SecIntegrity.h */; settings = {ATTRIBUTES = (); }; }; - C273606E1433F09000A9A5FF /* SecAssessment.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C273606C1433F09000A9A5FF /* SecAssessment.cpp */; }; - C273606F1433F09000A9A5FF /* SecAssessment.h in Headers */ = {isa = PBXBuildFile; fileRef = C273606D1433F09000A9A5FF /* SecAssessment.h */; settings = {ATTRIBUTES = (); }; }; - C27360D51436866D00A9A5FF /* xpcengine.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C27360D41436866C00A9A5FF /* xpcengine.cpp */; }; - C28342E70E366E6800E54360 /* csdatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C28342E40E366E6800E54360 /* csdatabase.cpp */; }; - C28342EE0E36719D00E54360 /* detachedrep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C28342EB0E36719D00E54360 /* detachedrep.cpp */; }; - C29CDE2A1583F46F00A42059 /* gkclear in CopyFiles */ = {isa = PBXBuildFile; fileRef = C2578CC215798D0F00D4FE48 /* gkclear */; }; - C29CDE2B1583F46F00A42059 /* gkgenerate in CopyFiles */ = {isa = PBXBuildFile; fileRef = C2578CC315798D0F00D4FE48 /* gkgenerate */; }; - C29CDE2C1583F46F00A42059 /* gkrecord in CopyFiles */ = {isa = PBXBuildFile; fileRef = C2578CC415798D0F00D4FE48 /* gkrecord */; }; - C2A436150F2133B2007A41A6 /* slcrep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2A436130F2133B2007A41A6 /* slcrep.cpp */; }; - C2A436160F2133B2007A41A6 /* slcrep.h in Headers */ = {isa = PBXBuildFile; fileRef = C2A436140F2133B2007A41A6 /* slcrep.h */; }; - C2A976AA0B8A2E36008B4EA0 /* csutilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2A976A80B8A2E36008B4EA0 /* csutilities.cpp */; }; - C2BC1F350B580DA7003EC9DC /* SecCodeHostLib.h in Headers */ = {isa = PBXBuildFile; fileRef = C2BC1F340B580DA7003EC9DC /* SecCodeHostLib.h */; }; - C2BD519C0A9392FD000FE43D /* machorep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2BD519A0A9392FD000FE43D /* machorep.cpp */; }; - C2BD60FA0AC863FC0057FD3D /* csgeneric.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2BD60F80AC863FC0057FD3D /* csgeneric.cpp */; }; - C2C1DF140A2E3D7200D1B02B /* requirement.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D383350A237F47005C63A2 /* requirement.cpp */; }; - C2C1DFBB0A2F80EB00D1B02B /* reqinterp.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2C1DFB90A2F80EB00D1B02B /* reqinterp.cpp */; }; - C2C1DFC30A2F820500D1B02B /* reqmaker.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2C1DFC10A2F820500D1B02B /* reqmaker.cpp */; }; - C2C3BCD30BA1E47E00E869D1 /* singlediskrep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2C3BCD10BA1E47E00E869D1 /* singlediskrep.cpp */; }; - C2C931B40AB8BA1200F83950 /* SecCodeHost.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2C931B30AB8BA1200F83950 /* SecCodeHost.cpp */; }; - C2CC310F0B852424005FA59D /* SecIntegrityLib.c in Sources */ = {isa = PBXBuildFile; fileRef = C2CC310E0B852424005FA59D /* SecIntegrityLib.c */; }; - C2D2967A1BCF16C000B0A29B /* diskimagerep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D296781BCF16C000B0A29B /* diskimagerep.cpp */; }; - C2D2967B1BCF16C000B0A29B /* diskimagerep.h in Headers */ = {isa = PBXBuildFile; fileRef = C2D296791BCF16C000B0A29B /* diskimagerep.h */; }; - C2D3833C0A237F47005C63A2 /* bundlediskrep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D383120A237F47005C63A2 /* bundlediskrep.cpp */; }; - C2D3833E0A237F47005C63A2 /* cdbuilder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D383140A237F47005C63A2 /* cdbuilder.cpp */; }; - C2D383400A237F47005C63A2 /* codedirectory.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D383160A237F47005C63A2 /* codedirectory.cpp */; }; - C2D383440A237F47005C63A2 /* cs.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D3831A0A237F47005C63A2 /* cs.cpp */; }; - C2D383470A237F47005C63A2 /* SecCode.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D3831D0A237F47005C63A2 /* SecCode.cpp */; }; - C2D383490A237F47005C63A2 /* cskernel.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D3831F0A237F47005C63A2 /* cskernel.cpp */; }; - C2D3834B0A237F47005C63A2 /* SecStaticCode.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D383210A237F47005C63A2 /* SecStaticCode.cpp */; }; - C2D3834D0A237F47005C63A2 /* csprocess.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D383230A237F47005C63A2 /* csprocess.cpp */; }; - C2D3834F0A237F47005C63A2 /* SecRequirement.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D383250A237F47005C63A2 /* SecRequirement.cpp */; }; - C2D383510A237F47005C63A2 /* diskrep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D383270A237F47005C63A2 /* diskrep.cpp */; }; - C2D383550A237F47005C63A2 /* filediskrep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D3832B0A237F47005C63A2 /* filediskrep.cpp */; }; - C2D383570A237F47005C63A2 /* Code.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D3832D0A237F47005C63A2 /* Code.cpp */; }; - C2D383590A237F47005C63A2 /* kerneldiskrep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D3832F0A237F47005C63A2 /* kerneldiskrep.cpp */; }; - C2D3835B0A237F47005C63A2 /* StaticCode.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D383310A237F47005C63A2 /* StaticCode.cpp */; }; - C2D3835D0A237F47005C63A2 /* reqparser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D383330A237F47005C63A2 /* reqparser.cpp */; }; - C2D383610A237F47005C63A2 /* Requirements.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D383370A237F47005C63A2 /* Requirements.cpp */; }; - C2D6EA3F1C8F5158009B586F /* main.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D6EA3E1C8F5158009B586F /* main.cpp */; }; - C2D6EA451C8F5257009B586F /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = C2D6EA441C8F5257009B586F /* Security.framework */; }; - C2D6EA481C8F5281009B586F /* libsecurity_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = C2D6EA461C8F5265009B586F /* libsecurity_utilities.a */; }; - C2DC2DCA145F594000AD2A3A /* xar++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2353410145F1B110073F964 /* xar++.cpp */; }; - C2DC2DCB145F5CD000AD2A3A /* policyengine.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C27360201432A61900A9A5FF /* policyengine.cpp */; }; - C2E2873D0B5D8D80009336A0 /* SecCodeHostLib.c in Sources */ = {isa = PBXBuildFile; fileRef = C2E2873C0B5D8D80009336A0 /* SecCodeHostLib.c */; }; - C2E911E20ADEBE3200275CB2 /* resources.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2E911E00ADEBE3200275CB2 /* resources.cpp */; }; - C2F4439A14C626D4000A01E6 /* quarantine++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F4439814C626D4000A01E6 /* quarantine++.cpp */; }; - C2F4439B14C626D4000A01E6 /* quarantine++.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F4439914C626D4000A01E6 /* quarantine++.h */; }; - C2F6566E0BCBFB250078779E /* cserror.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F6566C0BCBFB250078779E /* cserror.cpp */; }; - DC1418651CCEE2EC00CFD769 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1418641CCEE2EC00CFD769 /* libutilities.a */; }; - DC529B311D63C78000D617E8 /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC529B301D63C78000D617E8 /* IOKit.framework */; }; - EB68B111150DAEEA00B4013D /* RequirementLexer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB68B10B150DAEBB00B4013D /* RequirementLexer.cpp */; }; - EB68B112150DAEEA00B4013D /* RequirementParser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB68B10D150DAEBB00B4013D /* RequirementParser.cpp */; }; - EB68B133150DB04400B4013D /* RequirementKeywords.h in Headers */ = {isa = PBXBuildFile; fileRef = EB68B10A150DAEBB00B4013D /* RequirementKeywords.h */; }; - EB68B134150DB04400B4013D /* RequirementLexer.hpp in Headers */ = {isa = PBXBuildFile; fileRef = EB68B10C150DAEBB00B4013D /* RequirementLexer.hpp */; }; - EB68B135150DB04400B4013D /* RequirementParser.hpp in Headers */ = {isa = PBXBuildFile; fileRef = EB68B10E150DAEBB00B4013D /* RequirementParser.hpp */; }; - EB976FB81684D7C500A68EE6 /* ANTLRUtil.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976F981684D77600A68EE6 /* ANTLRUtil.cpp */; }; - EB976FB91684D7C500A68EE6 /* ASTFactory.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976F991684D77600A68EE6 /* ASTFactory.cpp */; }; - EB976FBA1684D7C500A68EE6 /* ASTNULLType.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976F9A1684D77600A68EE6 /* ASTNULLType.cpp */; }; - EB976FBB1684D7C500A68EE6 /* ASTRefCount.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976F9B1684D77600A68EE6 /* ASTRefCount.cpp */; }; - EB976FBC1684D7C500A68EE6 /* BaseAST.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976F9C1684D77600A68EE6 /* BaseAST.cpp */; }; - EB976FBD1684D7C500A68EE6 /* BitSet.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976F9D1684D77600A68EE6 /* BitSet.cpp */; }; - EB976FBE1684D7C500A68EE6 /* CharBuffer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976F9E1684D77600A68EE6 /* CharBuffer.cpp */; }; - EB976FBF1684D7C500A68EE6 /* CharScanner.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976F9F1684D77600A68EE6 /* CharScanner.cpp */; }; - EB976FC01684D7C500A68EE6 /* CommonAST.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FA01684D77600A68EE6 /* CommonAST.cpp */; }; - EB976FC11684D7C500A68EE6 /* CommonASTWithHiddenTokens.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FA11684D77600A68EE6 /* CommonASTWithHiddenTokens.cpp */; }; - EB976FC21684D7C500A68EE6 /* CommonHiddenStreamToken.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FA21684D77600A68EE6 /* CommonHiddenStreamToken.cpp */; }; - EB976FC31684D7C500A68EE6 /* CommonToken.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FA31684D77600A68EE6 /* CommonToken.cpp */; }; - EB976FC41684D7C500A68EE6 /* InputBuffer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FA51684D77600A68EE6 /* InputBuffer.cpp */; }; - EB976FC51684D7C500A68EE6 /* LLkParser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FA61684D77600A68EE6 /* LLkParser.cpp */; }; - EB976FC61684D7C500A68EE6 /* MismatchedCharException.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FA81684D77600A68EE6 /* MismatchedCharException.cpp */; }; - EB976FC71684D7C500A68EE6 /* MismatchedTokenException.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FA91684D77600A68EE6 /* MismatchedTokenException.cpp */; }; - EB976FC81684D7C500A68EE6 /* NoViableAltException.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FAA1684D77600A68EE6 /* NoViableAltException.cpp */; }; - EB976FC91684D7C500A68EE6 /* NoViableAltForCharException.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FAB1684D77600A68EE6 /* NoViableAltForCharException.cpp */; }; - EB976FCA1684D7C500A68EE6 /* Parser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FAC1684D77600A68EE6 /* Parser.cpp */; }; - EB976FCB1684D7C500A68EE6 /* RecognitionException.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FAD1684D77600A68EE6 /* RecognitionException.cpp */; }; - EB976FCC1684D7C500A68EE6 /* String.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FAE1684D77600A68EE6 /* String.cpp */; }; - EB976FCD1684D7C500A68EE6 /* Token.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FAF1684D77600A68EE6 /* Token.cpp */; }; - EB976FCE1684D7C500A68EE6 /* TokenBuffer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FB01684D77600A68EE6 /* TokenBuffer.cpp */; }; - EB976FCF1684D7C500A68EE6 /* TokenRefCount.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FB11684D77600A68EE6 /* TokenRefCount.cpp */; }; - EB976FD01684D7C500A68EE6 /* TokenStreamBasicFilter.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FB21684D77600A68EE6 /* TokenStreamBasicFilter.cpp */; }; - EB976FD11684D7C500A68EE6 /* TokenStreamHiddenTokenFilter.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FB31684D77600A68EE6 /* TokenStreamHiddenTokenFilter.cpp */; }; - EB976FD21684D7C500A68EE6 /* TokenStreamRewriteEngine.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FB41684D77600A68EE6 /* TokenStreamRewriteEngine.cpp */; }; - EB976FD31684D7C500A68EE6 /* TokenStreamSelector.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FB51684D77600A68EE6 /* TokenStreamSelector.cpp */; }; - EB976FD41684D7C500A68EE6 /* TreeParser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EB976FB61684D77600A68EE6 /* TreeParser.cpp */; }; - EBB9FF7F1682E5A200FF9774 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = EBB9FF7E1682E5A200FF9774 /* CoreFoundation.framework */; }; - EBB9FFE21682E83600FF9774 /* com.apple.CodeSigningHelper.sb in CopyFiles */ = {isa = PBXBuildFile; fileRef = EBB9FF801682E65700FF9774 /* com.apple.CodeSigningHelper.sb */; }; - EBDAF04F166D65FA0042CDCE /* piddiskrep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = EBDAF04D166D65FA0042CDCE /* piddiskrep.cpp */; }; - EBDAF050166D65FA0042CDCE /* piddiskrep.h in Headers */ = {isa = PBXBuildFile; fileRef = EBDAF04E166D65FA0042CDCE /* piddiskrep.h */; }; - EBF9A1581684E12700BCECA6 /* libsecurity_codesigning.plist in Copy OpenSourceVersions */ = {isa = PBXBuildFile; fileRef = EBF9A1551684E0F300BCECA6 /* libsecurity_codesigning.plist */; }; - EBF9A15A1684E14100BCECA6 /* libsecurity_codesigning.txt in OpenSourceLicenses */ = {isa = PBXBuildFile; fileRef = EBF9A1561684E0F300BCECA6 /* libsecurity_codesigning.txt */; }; - F69D1DEB1A66B493002728D8 /* evaluationmanager.cpp in Sources */ = {isa = PBXBuildFile; fileRef = F69D1DE91A66B493002728D8 /* evaluationmanager.cpp */; }; - F69D1DEC1A66B493002728D8 /* evaluationmanager.h in Headers */ = {isa = PBXBuildFile; fileRef = F69D1DEA1A66B493002728D8 /* evaluationmanager.h */; }; - FEB30C9310DAC89D00557BA2 /* SecTask.c in Sources */ = {isa = PBXBuildFile; fileRef = FEB30C9210DAC89D00557BA2 /* SecTask.c */; }; - FEB30CA410DAC97400557BA2 /* SecTask.h in Headers */ = {isa = PBXBuildFile; fileRef = FEB30C9410DAC8A500557BA2 /* SecTask.h */; settings = {ATTRIBUTES = (); }; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 182BB504146F2823000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 182BB4FC146F2823000BF1F3 /* libsecurityd.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurityd_client; - }; - 182BB506146F2823000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 182BB4FC146F2823000BF1F3 /* libsecurityd.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FECD052A44A100F22E42; - remoteInfo = libsecurityd_server; - }; - 182BB508146F2823000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 182BB4FC146F2823000BF1F3 /* libsecurityd.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = C2A788730B7AA65B00CFF85C; - remoteInfo = ucspc; - }; - 182BB50E146F28F6000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 182BB4FC146F2823000BF1F3 /* libsecurityd.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 4C09A2920557240300FED7A3; - remoteInfo = libsecurityd_generate; - }; - 182BB510146F292B000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = C26AC0EB143BCF01001C98CE; - remoteInfo = SystemPolicy; - }; - 1844617C146E9A5200B12992 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = C26AC7090DAEB3A7005BFB40; - remoteInfo = DTrace; - }; - C209696F15BF53330093035F /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = C209695F15BF52040093035F; - remoteInfo = gkunpack; - }; - C250F6C40B5EF4E40076098F /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = C2BC1F250B580D3A003EC9DC; - remoteInfo = libintegrity; - }; - C26AC0F1143BD02B001C98CE /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = C26AC0EB143BCF01001C98CE; - remoteInfo = SystemPolicy; - }; - C2E287400B5D8F97009336A0 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_codesigning; - }; - C2E287420B5D8F9A009336A0 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = C2BC1F2E0B580D4B003EC9DC; - remoteInfo = libcodehost; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXCopyFilesBuildPhase section */ - C2578CB11579627200D4FE48 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /usr/local/bin; - dstSubfolderSpec = 0; - files = ( - C211070A158C1082001D7F76 /* gkmerge in CopyFiles */, - C2256BDD158BC0F200F72211 /* gkhandmake in CopyFiles */, - C2256BDE158BC0F200F72211 /* gklist in CopyFiles */, - C29CDE2A1583F46F00A42059 /* gkclear in CopyFiles */, - C29CDE2B1583F46F00A42059 /* gkgenerate in CopyFiles */, - C29CDE2C1583F46F00A42059 /* gkrecord in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; - }; - C25C18CD15CB0C470007A2DE /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /usr/libexec; - dstSubfolderSpec = 0; - files = ( - C25C18CE15CB0C5C0007A2DE /* gkreport in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; - }; - C25C18D015CB0FB30007A2DE /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /System/Library/LaunchDaemons; - dstSubfolderSpec = 0; - files = ( - C25C18D115CB0FC30007A2DE /* com.apple.gkreport.plist in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; - }; - EBB9FFE11682E80A00FF9774 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /System/Library/Sandbox/Profiles; - dstSubfolderSpec = 0; - files = ( - EBB9FFE21682E83600FF9774 /* com.apple.CodeSigningHelper.sb in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; - }; - EBF9A1501684E0DF00BCECA6 /* Copy OpenSourceVersions */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /usr/local/OpenSourceVersions; - dstSubfolderSpec = 0; - files = ( - EBF9A1581684E12700BCECA6 /* libsecurity_codesigning.plist in Copy OpenSourceVersions */, - ); - name = "Copy OpenSourceVersions"; - runOnlyForDeploymentPostprocessing = 1; - }; - EBF9A1591684E12C00BCECA6 /* OpenSourceLicenses */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /usr/local/OpenSourceLicenses; - dstSubfolderSpec = 0; - files = ( - EBF9A15A1684E14100BCECA6 /* libsecurity_codesigning.txt in OpenSourceLicenses */, - ); - name = OpenSourceLicenses; - runOnlyForDeploymentPostprocessing = 1; - }; -/* End PBXCopyFilesBuildPhase section */ - -/* Begin PBXFileReference section */ - 182BB4FC146F2823000BF1F3 /* libsecurityd.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurityd.xcodeproj; path = ../libsecurityd/libsecurityd.xcodeproj; sourceTree = ""; }; - 1844619F146E9AD100B12992 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 184461A0146E9AD100B12992 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 184461A1146E9AD100B12992 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 184461A2146E9AD100B12992 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 37DDE33B1947A4F3005CE18B /* dirscanner.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dirscanner.h; sourceTree = ""; }; - 37DDE3411947A501005CE18B /* dirscanner.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = dirscanner.cpp; sourceTree = ""; }; - 4CA1FEBE052A3C8100F22E42 /* libsecurity_codesigning.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_codesigning.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 7A4FAF1A19C215DF00D297CB /* CrashReporterSupport.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CrashReporterSupport.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.10.Internal.sdk/System/Library/PrivateFrameworks/CrashReporterSupport.framework; sourceTree = DEVELOPER_DIR; }; - 7A9DA65A1948D1BA004635E6 /* opaquewhitelist.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = opaquewhitelist.cpp; sourceTree = ""; }; - 7A9DA65B1948D1BA004635E6 /* opaquewhitelist.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = opaquewhitelist.h; sourceTree = ""; }; - BEC3A75B16F78D21003E5634 /* SecTaskPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecTaskPriv.h; sourceTree = ""; }; - C200424915D425B7004AE0A1 /* libsecurity_codesigning.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurity_codesigning.a; path = ../../../usr/local/lib/libsecurity_codesigning.a; sourceTree = ""; }; - C200424A15D425B7004AE0A1 /* libsecurity_utilities.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurity_utilities.a; path = ../../../usr/local/lib/libsecurity_utilities.a; sourceTree = ""; }; - C2093AA60BB0948000EB8599 /* reqreader.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = reqreader.cpp; sourceTree = ""; }; - C2093AA70BB0948000EB8599 /* reqreader.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = reqreader.h; sourceTree = ""; }; - C209696015BF52040093035F /* gkunpack */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = gkunpack; sourceTree = BUILT_PRODUCTS_DIR; }; - C209696315BF52040093035F /* gkunpack.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = gkunpack.cpp; sourceTree = ""; }; - C209697215BF57EB0093035F /* libsecurity_utilities.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libsecurity_utilities.a; sourceTree = ""; }; - C2110704158BF5C8001D7F76 /* gkmerge */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.python; path = gkmerge; sourceTree = ""; }; - C21CFC5D0A250D1C006CD5B1 /* reqdumper.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = reqdumper.cpp; sourceTree = ""; }; - C21CFC5E0A250D1C006CD5B1 /* reqdumper.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = reqdumper.h; sourceTree = ""; }; - C21EA3DB0AD2F81300E6E31C /* SecCodeSigner.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecCodeSigner.cpp; sourceTree = ""; }; - C21EA3DC0AD2F81300E6E31C /* SecCodeSigner.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecCodeSigner.h; sourceTree = ""; }; - C21EA3E10AD2FA0900E6E31C /* CodeSigner.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CodeSigner.cpp; sourceTree = ""; usesTabs = 1; }; - C21EA3E20AD2FA0900E6E31C /* CodeSigner.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CodeSigner.h; sourceTree = ""; usesTabs = 1; }; - C235340E145F1B050073F964 /* xar++.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "xar++.h"; sourceTree = ""; }; - C2353410145F1B110073F964 /* xar++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = "xar++.cpp"; sourceTree = ""; }; - C236E3D50AD59446000F5140 /* signer.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = signer.cpp; sourceTree = ""; usesTabs = 1; }; - C236E3D60AD59446000F5140 /* signer.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = signer.h; sourceTree = ""; usesTabs = 1; }; - C236E3D90AD595C2000F5140 /* signerutils.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = signerutils.cpp; sourceTree = ""; }; - C236E3DA0AD595C2000F5140 /* signerutils.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = signerutils.h; sourceTree = ""; }; - C24EABAA1421432800C16AA9 /* policydb.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = policydb.h; sourceTree = ""; }; - C24EABAC1421433700C16AA9 /* policydb.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = policydb.cpp; sourceTree = ""; }; - C250F6C20B5EF1910076098F /* SecIntegrity.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecIntegrity.h; sourceTree = ""; }; - C250F6C60B5EF5B50076098F /* SecIntegrity.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecIntegrity.cpp; sourceTree = ""; }; - C2578CC215798D0F00D4FE48 /* gkclear */ = {isa = PBXFileReference; lastKnownFileType = text.script.python; path = gkclear; sourceTree = ""; }; - C2578CC315798D0F00D4FE48 /* gkgenerate */ = {isa = PBXFileReference; lastKnownFileType = text.script.python; path = gkgenerate; sourceTree = ""; }; - C2578CC415798D0F00D4FE48 /* gkrecord */ = {isa = PBXFileReference; lastKnownFileType = text.script.python; path = gkrecord; sourceTree = ""; }; - C259DFD40AD6D9BA00C9ACC6 /* sigblob.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = sigblob.cpp; sourceTree = ""; }; - C259DFD50AD6D9BA00C9ACC6 /* sigblob.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = sigblob.h; sourceTree = ""; }; - C25C18C615CB0BC10007A2DE /* gkreport */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; name = gkreport; path = gke/gkreport; sourceTree = SOURCE_ROOT; }; - C25C18CF15CB0FA00007A2DE /* com.apple.gkreport.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = com.apple.gkreport.plist; path = gke/com.apple.gkreport.plist; sourceTree = SOURCE_ROOT; }; - C26763D514FD9EBE00A46EDF /* drmaker.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = drmaker.cpp; sourceTree = ""; }; - C26763D614FD9EBE00A46EDF /* drmaker.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = drmaker.h; sourceTree = ""; }; - C26AC0F3143BD1B3001C98CE /* SystemPolicy */ = {isa = PBXFileReference; lastKnownFileType = text; name = SystemPolicy; path = cstemp/SystemPolicy; sourceTree = BUILT_PRODUCTS_DIR; }; - C26AC6FD0DAEB2C4005BFB40 /* security_codesigning.d */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.dtrace; path = security_codesigning.d; sourceTree = ""; }; - C26B45C00B8A9C00003C0ACA /* ucspc */ = {isa = PBXFileReference; lastKnownFileType = text; name = ucspc; path = cstemp/ucspc; sourceTree = BUILT_PRODUCTS_DIR; }; - C27249D2143237CD0058B552 /* syspolicy.sql */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = syspolicy.sql; sourceTree = ""; }; - C273601D1432A60B00A9A5FF /* policyengine.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = policyengine.h; sourceTree = ""; }; - C27360201432A61900A9A5FF /* policyengine.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = policyengine.cpp; sourceTree = ""; }; - C273606C1433F09000A9A5FF /* SecAssessment.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SecAssessment.cpp; sourceTree = ""; }; - C273606D1433F09000A9A5FF /* SecAssessment.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = SecAssessment.h; sourceTree = ""; }; - C27360D41436866C00A9A5FF /* xpcengine.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = xpcengine.cpp; sourceTree = ""; }; - C27360D71436868600A9A5FF /* xpcengine.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = xpcengine.h; sourceTree = ""; }; - C278A19B158AB2C300FA6767 /* gkhandmake */ = {isa = PBXFileReference; lastKnownFileType = text.script.python; path = gkhandmake; sourceTree = ""; }; - C278A19C158AB2C300FA6767 /* gklist */ = {isa = PBXFileReference; lastKnownFileType = text.script.python; path = gklist; sourceTree = ""; }; - C28342E40E366E6800E54360 /* csdatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = csdatabase.cpp; sourceTree = ""; }; - C28342E50E366E6800E54360 /* csdatabase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = csdatabase.h; sourceTree = ""; }; - C28342EB0E36719D00E54360 /* detachedrep.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = detachedrep.cpp; sourceTree = ""; }; - C28342EC0E36719D00E54360 /* detachedrep.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = detachedrep.h; sourceTree = ""; }; - C293E2C21554653700F3E396 /* sp-watch.d */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.dtrace; name = "sp-watch.d"; path = "dtrace/sp-watch.d"; sourceTree = SOURCE_ROOT; }; - C2A436130F2133B2007A41A6 /* slcrep.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = slcrep.cpp; sourceTree = ""; }; - C2A436140F2133B2007A41A6 /* slcrep.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = slcrep.h; sourceTree = ""; }; - C2A976A80B8A2E36008B4EA0 /* csutilities.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = csutilities.cpp; sourceTree = ""; usesTabs = 1; }; - C2A976A90B8A2E36008B4EA0 /* csutilities.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = csutilities.h; sourceTree = ""; usesTabs = 1; }; - C2BC1F260B580D3A003EC9DC /* libintegrity.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libintegrity.a; sourceTree = BUILT_PRODUCTS_DIR; }; - C2BC1F2F0B580D4B003EC9DC /* libcodehost.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libcodehost.a; sourceTree = BUILT_PRODUCTS_DIR; }; - C2BC1F340B580DA7003EC9DC /* SecCodeHostLib.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecCodeHostLib.h; sourceTree = ""; }; - C2BD519A0A9392FD000FE43D /* machorep.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = machorep.cpp; sourceTree = ""; }; - C2BD519B0A9392FD000FE43D /* machorep.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = machorep.h; sourceTree = ""; }; - C2BD60F80AC863FC0057FD3D /* csgeneric.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = csgeneric.cpp; sourceTree = ""; }; - C2BD60F90AC863FC0057FD3D /* csgeneric.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = csgeneric.h; sourceTree = ""; }; - C2C1DF8F0A2E4A2700D1B02B /* requirements.grammar */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = requirements.grammar; sourceTree = SOURCE_ROOT; }; - C2C1DFB90A2F80EB00D1B02B /* reqinterp.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = reqinterp.cpp; sourceTree = ""; }; - C2C1DFBA0A2F80EB00D1B02B /* reqinterp.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = reqinterp.h; sourceTree = ""; }; - C2C1DFC10A2F820500D1B02B /* reqmaker.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = reqmaker.cpp; sourceTree = ""; }; - C2C1DFC20A2F820500D1B02B /* reqmaker.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = reqmaker.h; sourceTree = ""; }; - C2C3BCD10BA1E47E00E869D1 /* singlediskrep.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = singlediskrep.cpp; sourceTree = ""; }; - C2C3BCD20BA1E47E00E869D1 /* singlediskrep.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = singlediskrep.h; sourceTree = ""; }; - C2C4F4EE0E0980C700137848 /* codesigning_dtrace.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = codesigning_dtrace.h; path = cstemp/codesigning_dtrace.h; sourceTree = BUILT_PRODUCTS_DIR; }; - C2C931B30AB8BA1200F83950 /* SecCodeHost.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecCodeHost.cpp; sourceTree = ""; }; - C2CC30A00B8519CC005FA59D /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; path = CoreFoundation.framework; sourceTree = ""; }; - C2CC31040B8523AD005FA59D /* SecIntegrityLib.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecIntegrityLib.h; sourceTree = ""; }; - C2CC310E0B852424005FA59D /* SecIntegrityLib.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = SecIntegrityLib.c; sourceTree = ""; }; - C2CC31130B85254F005FA59D /* antlrplugin.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = antlrplugin.cpp; path = lib/antlrplugin.cpp; sourceTree = ""; }; - C2CC31140B85254F005FA59D /* antlrplugin.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = antlrplugin.h; path = lib/antlrplugin.h; sourceTree = ""; }; - C2D296781BCF16C000B0A29B /* diskimagerep.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = diskimagerep.cpp; sourceTree = ""; }; - C2D296791BCF16C000B0A29B /* diskimagerep.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = diskimagerep.h; sourceTree = ""; }; - C2D383120A237F47005C63A2 /* bundlediskrep.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = bundlediskrep.cpp; sourceTree = ""; }; - C2D383130A237F47005C63A2 /* bundlediskrep.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = bundlediskrep.h; sourceTree = ""; }; - C2D383140A237F47005C63A2 /* cdbuilder.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cdbuilder.cpp; sourceTree = ""; }; - C2D383150A237F47005C63A2 /* cdbuilder.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cdbuilder.h; sourceTree = ""; }; - C2D383160A237F47005C63A2 /* codedirectory.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = codedirectory.cpp; sourceTree = ""; }; - C2D383170A237F47005C63A2 /* codedirectory.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = codedirectory.h; sourceTree = ""; }; - C2D383180A237F47005C63A2 /* CodeSigning.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CodeSigning.h; sourceTree = ""; }; - C2D383190A237F47005C63A2 /* SecCodeHost.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecCodeHost.h; sourceTree = ""; }; - C2D3831A0A237F47005C63A2 /* cs.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cs.cpp; sourceTree = ""; }; - C2D3831B0A237F47005C63A2 /* cs.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cs.h; sourceTree = ""; }; - C2D3831C0A237F47005C63A2 /* CSCommon.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CSCommon.h; sourceTree = ""; }; - C2D3831D0A237F47005C63A2 /* SecCode.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecCode.cpp; sourceTree = ""; }; - C2D3831E0A237F47005C63A2 /* SecCode.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecCode.h; sourceTree = ""; }; - C2D3831F0A237F47005C63A2 /* cskernel.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cskernel.cpp; sourceTree = ""; }; - C2D383200A237F47005C63A2 /* cskernel.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cskernel.h; sourceTree = ""; }; - C2D383210A237F47005C63A2 /* SecStaticCode.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecStaticCode.cpp; sourceTree = ""; }; - C2D383220A237F47005C63A2 /* SecStaticCode.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecStaticCode.h; sourceTree = ""; }; - C2D383230A237F47005C63A2 /* csprocess.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = csprocess.cpp; sourceTree = ""; }; - C2D383240A237F47005C63A2 /* csprocess.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = csprocess.h; sourceTree = ""; }; - C2D383250A237F47005C63A2 /* SecRequirement.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecRequirement.cpp; sourceTree = ""; }; - C2D383260A237F47005C63A2 /* SecRequirement.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecRequirement.h; sourceTree = ""; }; - C2D383270A237F47005C63A2 /* diskrep.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = diskrep.cpp; sourceTree = ""; }; - C2D383280A237F47005C63A2 /* diskrep.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = diskrep.h; sourceTree = ""; }; - C2D3832B0A237F47005C63A2 /* filediskrep.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = filediskrep.cpp; sourceTree = ""; }; - C2D3832C0A237F47005C63A2 /* filediskrep.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = filediskrep.h; sourceTree = ""; }; - C2D3832D0A237F47005C63A2 /* Code.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = Code.cpp; sourceTree = ""; }; - C2D3832E0A237F47005C63A2 /* Code.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = Code.h; sourceTree = ""; }; - C2D3832F0A237F47005C63A2 /* kerneldiskrep.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = kerneldiskrep.cpp; sourceTree = ""; }; - C2D383300A237F47005C63A2 /* kerneldiskrep.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = kerneldiskrep.h; sourceTree = ""; }; - C2D383310A237F47005C63A2 /* StaticCode.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = StaticCode.cpp; sourceTree = ""; usesTabs = 1; }; - C2D383320A237F47005C63A2 /* StaticCode.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = StaticCode.h; sourceTree = ""; usesTabs = 1; }; - C2D383330A237F47005C63A2 /* reqparser.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = reqparser.cpp; sourceTree = ""; }; - C2D383340A237F47005C63A2 /* reqparser.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = reqparser.h; sourceTree = ""; }; - C2D383350A237F47005C63A2 /* requirement.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = requirement.cpp; sourceTree = ""; }; - C2D383360A237F47005C63A2 /* requirement.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = requirement.h; sourceTree = ""; }; - C2D383370A237F47005C63A2 /* Requirements.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = Requirements.cpp; sourceTree = ""; }; - C2D383380A237F47005C63A2 /* Requirements.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = Requirements.h; sourceTree = ""; }; - C2D383390A237F47005C63A2 /* security_codesigning.exp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.exports; path = security_codesigning.exp; sourceTree = ""; }; - C2D50CDF0E155A4F0059A195 /* CSCommonPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CSCommonPriv.h; sourceTree = ""; }; - C2D6EA3E1C8F5158009B586F /* main.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = main.cpp; sourceTree = ""; }; - C2D6EA441C8F5257009B586F /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = ../../../d/workspaces/Build/Debug/Security.framework; sourceTree = ""; }; - C2D6EA461C8F5265009B586F /* libsecurity_utilities.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurity_utilities.a; path = ../../../d/workspaces/Build/Debug/libsecurity_utilities.a; sourceTree = ""; }; - C2E2873C0B5D8D80009336A0 /* SecCodeHostLib.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = SecCodeHostLib.c; sourceTree = ""; }; - C2E8AF240DE25CA7000F6D3B /* SecCodePriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCodePriv.h; sourceTree = ""; }; - C2E8AF250DE25CA7000F6D3B /* SecRequirementPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecRequirementPriv.h; sourceTree = ""; }; - C2E8AF260DE25CA7000F6D3B /* SecStaticCodePriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecStaticCodePriv.h; sourceTree = ""; }; - C2E911E00ADEBE3200275CB2 /* resources.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = resources.cpp; sourceTree = ""; }; - C2E911E10ADEBE3200275CB2 /* resources.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = resources.h; sourceTree = ""; }; - C2F4439814C626D4000A01E6 /* quarantine++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = "quarantine++.cpp"; sourceTree = ""; }; - C2F4439914C626D4000A01E6 /* quarantine++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "quarantine++.h"; sourceTree = ""; }; - C2F6071B107D575700A83618 /* codesign-watch.d */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.dtrace; name = "codesign-watch.d"; path = "dtrace/codesign-watch.d"; sourceTree = SOURCE_ROOT; }; - C2F6566C0BCBFB250078779E /* cserror.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cserror.cpp; sourceTree = ""; }; - C2F6566D0BCBFB250078779E /* cserror.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cserror.h; sourceTree = ""; }; - CDCBE8941A1A96E8002CB2B7 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.11.Internal.sdk/System/Library/Frameworks/Security.framework; sourceTree = DEVELOPER_DIR; }; - DC1418641CCEE2EC00CFD769 /* libutilities.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libutilities.a; path = "../../../Users/kmowery/Library/Developer/Xcode/DerivedData/Security-fkwwcnddijtngfaslvsedvgyzbou/Build/Products/Debug/libutilities.a"; sourceTree = ""; }; - DC529B301D63C78000D617E8 /* IOKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = IOKit.framework; path = System/Library/Frameworks/IOKit.framework; sourceTree = SDKROOT; }; - EB68B10A150DAEBB00B4013D /* RequirementKeywords.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RequirementKeywords.h; sourceTree = ""; }; - EB68B10B150DAEBB00B4013D /* RequirementLexer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RequirementLexer.cpp; sourceTree = ""; }; - EB68B10C150DAEBB00B4013D /* RequirementLexer.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = RequirementLexer.hpp; sourceTree = ""; }; - EB68B10D150DAEBB00B4013D /* RequirementParser.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RequirementParser.cpp; sourceTree = ""; }; - EB68B10E150DAEBB00B4013D /* RequirementParser.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = RequirementParser.hpp; sourceTree = ""; }; - EB68B10F150DAEBB00B4013D /* RequirementParserTokenTypes.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = RequirementParserTokenTypes.hpp; sourceTree = ""; }; - EB68B110150DAEBB00B4013D /* RequirementParserTokenTypes.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = RequirementParserTokenTypes.txt; sourceTree = ""; }; - EB976F571684D77500A68EE6 /* ANTLRException.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = ANTLRException.hpp; sourceTree = ""; }; - EB976F581684D77500A68EE6 /* ANTLRUtil.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = ANTLRUtil.hpp; sourceTree = ""; }; - EB976F591684D77500A68EE6 /* AST.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = AST.hpp; sourceTree = ""; }; - EB976F5A1684D77500A68EE6 /* ASTArray.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = ASTArray.hpp; sourceTree = ""; }; - EB976F5B1684D77500A68EE6 /* ASTFactory.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = ASTFactory.hpp; sourceTree = ""; }; - EB976F5C1684D77500A68EE6 /* ASTNULLType.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = ASTNULLType.hpp; sourceTree = ""; }; - EB976F5D1684D77500A68EE6 /* ASTPair.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = ASTPair.hpp; sourceTree = ""; }; - EB976F5E1684D77500A68EE6 /* ASTRefCount.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = ASTRefCount.hpp; sourceTree = ""; }; - EB976F5F1684D77500A68EE6 /* BaseAST.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = BaseAST.hpp; sourceTree = ""; }; - EB976F601684D77500A68EE6 /* BitSet.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = BitSet.hpp; sourceTree = ""; }; - EB976F611684D77500A68EE6 /* CharBuffer.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = CharBuffer.hpp; sourceTree = ""; }; - EB976F621684D77500A68EE6 /* CharInputBuffer.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = CharInputBuffer.hpp; sourceTree = ""; }; - EB976F631684D77500A68EE6 /* CharScanner.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = CharScanner.hpp; sourceTree = ""; }; - EB976F641684D77500A68EE6 /* CharStreamException.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = CharStreamException.hpp; sourceTree = ""; }; - EB976F651684D77500A68EE6 /* CharStreamIOException.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = CharStreamIOException.hpp; sourceTree = ""; }; - EB976F661684D77500A68EE6 /* CircularQueue.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = CircularQueue.hpp; sourceTree = ""; }; - EB976F671684D77500A68EE6 /* CommonAST.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = CommonAST.hpp; sourceTree = ""; }; - EB976F681684D77500A68EE6 /* CommonASTWithHiddenTokens.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = CommonASTWithHiddenTokens.hpp; sourceTree = ""; }; - EB976F691684D77500A68EE6 /* CommonHiddenStreamToken.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = CommonHiddenStreamToken.hpp; sourceTree = ""; }; - EB976F6A1684D77500A68EE6 /* CommonToken.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = CommonToken.hpp; sourceTree = ""; }; - EB976F6B1684D77500A68EE6 /* config.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = config.hpp; sourceTree = ""; }; - EB976F6C1684D77500A68EE6 /* InputBuffer.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = InputBuffer.hpp; sourceTree = ""; }; - EB976F6D1684D77500A68EE6 /* IOException.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = IOException.hpp; sourceTree = ""; }; - EB976F6E1684D77500A68EE6 /* LexerSharedInputState.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = LexerSharedInputState.hpp; sourceTree = ""; }; - EB976F6F1684D77500A68EE6 /* LLkParser.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = LLkParser.hpp; sourceTree = ""; }; - EB976F701684D77500A68EE6 /* Makefile.in */ = {isa = PBXFileReference; lastKnownFileType = text; path = Makefile.in; sourceTree = ""; }; - EB976F711684D77500A68EE6 /* MismatchedCharException.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = MismatchedCharException.hpp; sourceTree = ""; }; - EB976F721684D77500A68EE6 /* MismatchedTokenException.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = MismatchedTokenException.hpp; sourceTree = ""; }; - EB976F731684D77500A68EE6 /* NoViableAltException.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = NoViableAltException.hpp; sourceTree = ""; }; - EB976F741684D77500A68EE6 /* NoViableAltForCharException.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = NoViableAltForCharException.hpp; sourceTree = ""; }; - EB976F751684D77500A68EE6 /* Parser.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = Parser.hpp; sourceTree = ""; }; - EB976F761684D77500A68EE6 /* ParserSharedInputState.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = ParserSharedInputState.hpp; sourceTree = ""; }; - EB976F771684D77500A68EE6 /* RecognitionException.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = RecognitionException.hpp; sourceTree = ""; }; - EB976F781684D77500A68EE6 /* RefCount.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = RefCount.hpp; sourceTree = ""; }; - EB976F791684D77500A68EE6 /* SemanticException.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = SemanticException.hpp; sourceTree = ""; }; - EB976F7A1684D77500A68EE6 /* String.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = String.hpp; sourceTree = ""; }; - EB976F7B1684D77500A68EE6 /* Token.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = Token.hpp; sourceTree = ""; }; - EB976F7C1684D77500A68EE6 /* TokenBuffer.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = TokenBuffer.hpp; sourceTree = ""; }; - EB976F7D1684D77500A68EE6 /* TokenRefCount.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = TokenRefCount.hpp; sourceTree = ""; }; - EB976F7E1684D77500A68EE6 /* TokenStream.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = TokenStream.hpp; sourceTree = ""; }; - EB976F7F1684D77500A68EE6 /* TokenStreamBasicFilter.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = TokenStreamBasicFilter.hpp; sourceTree = ""; }; - EB976F801684D77500A68EE6 /* TokenStreamException.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = TokenStreamException.hpp; sourceTree = ""; }; - EB976F811684D77500A68EE6 /* TokenStreamHiddenTokenFilter.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = TokenStreamHiddenTokenFilter.hpp; sourceTree = ""; }; - EB976F821684D77500A68EE6 /* TokenStreamIOException.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = TokenStreamIOException.hpp; sourceTree = ""; }; - EB976F831684D77500A68EE6 /* TokenStreamRecognitionException.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = TokenStreamRecognitionException.hpp; sourceTree = ""; }; - EB976F841684D77500A68EE6 /* TokenStreamRetryException.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = TokenStreamRetryException.hpp; sourceTree = ""; }; - EB976F851684D77500A68EE6 /* TokenStreamRewriteEngine.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = TokenStreamRewriteEngine.hpp; sourceTree = ""; }; - EB976F861684D77500A68EE6 /* TokenStreamSelector.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = TokenStreamSelector.hpp; sourceTree = ""; }; - EB976F871684D77500A68EE6 /* TokenWithIndex.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = TokenWithIndex.hpp; sourceTree = ""; }; - EB976F881684D77500A68EE6 /* TreeParser.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = TreeParser.hpp; sourceTree = ""; }; - EB976F891684D77500A68EE6 /* TreeParserSharedInputState.hpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.h; path = TreeParserSharedInputState.hpp; sourceTree = ""; }; - EB976F8A1684D77500A68EE6 /* AUTHORS */ = {isa = PBXFileReference; lastKnownFileType = text; name = AUTHORS; path = antlr2/AUTHORS; sourceTree = ""; }; - EB976F8B1684D77500A68EE6 /* ChangeLog */ = {isa = PBXFileReference; lastKnownFileType = text; name = ChangeLog; path = antlr2/ChangeLog; sourceTree = ""; }; - EB976F8E1684D77500A68EE6 /* antlr.bpr */ = {isa = PBXFileReference; lastKnownFileType = text; path = antlr.bpr; sourceTree = ""; }; - EB976F8F1684D77500A68EE6 /* antlr.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = antlr.cpp; sourceTree = ""; }; - EB976F901684D77500A68EE6 /* README */ = {isa = PBXFileReference; lastKnownFileType = text; path = README; sourceTree = ""; }; - EB976F911684D77500A68EE6 /* doxygen.cfg */ = {isa = PBXFileReference; lastKnownFileType = text; name = doxygen.cfg; path = antlr2/doxygen.cfg; sourceTree = ""; }; - EB976F921684D77500A68EE6 /* Makefile.in */ = {isa = PBXFileReference; lastKnownFileType = text; name = Makefile.in; path = antlr2/Makefile.in; sourceTree = ""; }; - EB976F931684D77500A68EE6 /* README */ = {isa = PBXFileReference; lastKnownFileType = text; name = README; path = antlr2/README; sourceTree = ""; }; - EB976F951684D77500A68EE6 /* cr_stripper.sh */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; path = cr_stripper.sh; sourceTree = ""; }; - EB976F961684D77500A68EE6 /* make_change_log.tcl */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; path = make_change_log.tcl; sourceTree = ""; }; - EB976F981684D77600A68EE6 /* ANTLRUtil.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = ANTLRUtil.cpp; sourceTree = ""; }; - EB976F991684D77600A68EE6 /* ASTFactory.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = ASTFactory.cpp; sourceTree = ""; }; - EB976F9A1684D77600A68EE6 /* ASTNULLType.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = ASTNULLType.cpp; sourceTree = ""; }; - EB976F9B1684D77600A68EE6 /* ASTRefCount.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = ASTRefCount.cpp; sourceTree = ""; }; - EB976F9C1684D77600A68EE6 /* BaseAST.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = BaseAST.cpp; sourceTree = ""; }; - EB976F9D1684D77600A68EE6 /* BitSet.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = BitSet.cpp; sourceTree = ""; }; - EB976F9E1684D77600A68EE6 /* CharBuffer.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = CharBuffer.cpp; sourceTree = ""; }; - EB976F9F1684D77600A68EE6 /* CharScanner.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = CharScanner.cpp; sourceTree = ""; }; - EB976FA01684D77600A68EE6 /* CommonAST.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = CommonAST.cpp; sourceTree = ""; }; - EB976FA11684D77600A68EE6 /* CommonASTWithHiddenTokens.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = CommonASTWithHiddenTokens.cpp; sourceTree = ""; }; - EB976FA21684D77600A68EE6 /* CommonHiddenStreamToken.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = CommonHiddenStreamToken.cpp; sourceTree = ""; }; - EB976FA31684D77600A68EE6 /* CommonToken.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = CommonToken.cpp; sourceTree = ""; }; - EB976FA41684D77600A68EE6 /* dll.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = dll.cpp; sourceTree = ""; }; - EB976FA51684D77600A68EE6 /* InputBuffer.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = InputBuffer.cpp; sourceTree = ""; }; - EB976FA61684D77600A68EE6 /* LLkParser.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = LLkParser.cpp; sourceTree = ""; }; - EB976FA71684D77600A68EE6 /* Makefile.in */ = {isa = PBXFileReference; lastKnownFileType = text; path = Makefile.in; sourceTree = ""; }; - EB976FA81684D77600A68EE6 /* MismatchedCharException.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = MismatchedCharException.cpp; sourceTree = ""; }; - EB976FA91684D77600A68EE6 /* MismatchedTokenException.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = MismatchedTokenException.cpp; sourceTree = ""; }; - EB976FAA1684D77600A68EE6 /* NoViableAltException.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = NoViableAltException.cpp; sourceTree = ""; }; - EB976FAB1684D77600A68EE6 /* NoViableAltForCharException.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = NoViableAltForCharException.cpp; sourceTree = ""; }; - EB976FAC1684D77600A68EE6 /* Parser.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = Parser.cpp; sourceTree = ""; }; - EB976FAD1684D77600A68EE6 /* RecognitionException.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = RecognitionException.cpp; sourceTree = ""; }; - EB976FAE1684D77600A68EE6 /* String.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = String.cpp; sourceTree = ""; }; - EB976FAF1684D77600A68EE6 /* Token.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = Token.cpp; sourceTree = ""; }; - EB976FB01684D77600A68EE6 /* TokenBuffer.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = TokenBuffer.cpp; sourceTree = ""; }; - EB976FB11684D77600A68EE6 /* TokenRefCount.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = TokenRefCount.cpp; sourceTree = ""; }; - EB976FB21684D77600A68EE6 /* TokenStreamBasicFilter.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = TokenStreamBasicFilter.cpp; sourceTree = ""; }; - EB976FB31684D77600A68EE6 /* TokenStreamHiddenTokenFilter.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = TokenStreamHiddenTokenFilter.cpp; sourceTree = ""; }; - EB976FB41684D77600A68EE6 /* TokenStreamRewriteEngine.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = TokenStreamRewriteEngine.cpp; sourceTree = ""; }; - EB976FB51684D77600A68EE6 /* TokenStreamSelector.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = TokenStreamSelector.cpp; sourceTree = ""; }; - EB976FB61684D77600A68EE6 /* TreeParser.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = TreeParser.cpp; sourceTree = ""; }; - EB976FB71684D77600A68EE6 /* TODO */ = {isa = PBXFileReference; lastKnownFileType = text; name = TODO; path = antlr2/TODO; sourceTree = ""; }; - EBB9FF6F1682E51300FF9774 /* com.apple.CodeSigningHelper.xpc */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = com.apple.CodeSigningHelper.xpc; sourceTree = BUILT_PRODUCTS_DIR; }; - EBB9FF701682E51300FF9774 /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = System/Library/Frameworks/Foundation.framework; sourceTree = SDKROOT; }; - EBB9FF741682E51300FF9774 /* CodeSigningHelper-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "CodeSigningHelper-Info.plist"; sourceTree = ""; }; - EBB9FF791682E51300FF9774 /* main.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = main.c; sourceTree = ""; }; - EBB9FF7E1682E5A200FF9774 /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.9.sdk/System/Library/Frameworks/CoreFoundation.framework; sourceTree = DEVELOPER_DIR; }; - EBB9FF801682E65700FF9774 /* com.apple.CodeSigningHelper.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = com.apple.CodeSigningHelper.sb; sourceTree = ""; }; - EBDAF04D166D65FA0042CDCE /* piddiskrep.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = piddiskrep.cpp; sourceTree = ""; }; - EBDAF04E166D65FA0042CDCE /* piddiskrep.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = piddiskrep.h; sourceTree = ""; }; - EBF9A1551684E0F300BCECA6 /* libsecurity_codesigning.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = libsecurity_codesigning.plist; path = antlr2/libsecurity_codesigning.plist; sourceTree = ""; }; - EBF9A1561684E0F300BCECA6 /* libsecurity_codesigning.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = libsecurity_codesigning.txt; path = antlr2/libsecurity_codesigning.txt; sourceTree = ""; }; - EBF9A1571684E0F300BCECA6 /* LICENSE.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = LICENSE.txt; path = antlr2/LICENSE.txt; sourceTree = ""; }; - F69D1DE91A66B493002728D8 /* evaluationmanager.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = evaluationmanager.cpp; sourceTree = ""; }; - F69D1DEA1A66B493002728D8 /* evaluationmanager.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = evaluationmanager.h; sourceTree = ""; }; - FEB30C9210DAC89D00557BA2 /* SecTask.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecTask.c; sourceTree = ""; }; - FEB30C9410DAC8A500557BA2 /* SecTask.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecTask.h; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - C209695D15BF52040093035F /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - C200424D15D425D9004AE0A1 /* libsecurity_codesigning.a in Frameworks */, - C200424E15D425D9004AE0A1 /* libsecurity_utilities.a in Frameworks */, - DC1418651CCEE2EC00CFD769 /* libutilities.a in Frameworks */, - 7ACF261219958B6F00849B25 /* CoreFoundation.framework in Frameworks */, - DC529B311D63C78000D617E8 /* IOKit.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - C2BC1F240B580D3A003EC9DC /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - C2BC1F2D0B580D4B003EC9DC /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - C26B45C10B8A9C0A003C0ACA /* ucspc in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - EBB9FF6C1682E51300FF9774 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - C2D6EA481C8F5281009B586F /* libsecurity_utilities.a in Frameworks */, - C2D6EA451C8F5257009B586F /* Security.framework in Frameworks */, - EBB9FF7F1682E5A200FF9774 /* CoreFoundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 182BB4FD146F2823000BF1F3 /* Products */ = { - isa = PBXGroup; - children = ( - 182BB505146F2823000BF1F3 /* libsecurityd_client.a */, - 182BB507146F2823000BF1F3 /* libsecurityd_server.a */, - 182BB509146F2823000BF1F3 /* ucspc.a */, - ); - name = Products; - sourceTree = ""; - }; - 1844619E146E9AD100B12992 /* config */ = { - isa = PBXGroup; - children = ( - 1844619F146E9AD100B12992 /* base.xcconfig */, - 184461A0146E9AD100B12992 /* debug.xcconfig */, - 184461A1146E9AD100B12992 /* lib.xcconfig */, - 184461A2146E9AD100B12992 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 4C308388053237100028A8C6 /* lib */ = { - isa = PBXGroup; - children = ( - C2C1DF5F0A2E457E00D1B02B /* API */, - C2C1DF600A2E458D00D1B02B /* API Objects */, - C216C72D0AD59B22003B07D4 /* Signing Operations */, - C2C1DF630A2E45BF00D1B02B /* Code Directory */, - C2C1DF620A2E45B600D1B02B /* Requirements */, - C2C1DF640A2E45F500D1B02B /* Code Classes */, - C2C1DF610A2E459E00D1B02B /* Disk Representations */, - C2BC1F370B580DAE003EC9DC /* Static Support */, - C26AC6FF0DAEB2D0005BFB40 /* DTrace */, - C293E2B915543F0800F3E396 /* gke */, - C2CCF0360A3F524B0085795A /* Local Utilities */, - C2CC31160B852554005FA59D /* Security Plugins */, - FEB30C9110DAC6C400557BA2 /* Entitlements */, - C24EABA914213FAF00C16AA9 /* System Policy */, - ); - path = lib; - sourceTree = ""; - }; - 4CA1FEA7052A3C3800F22E42 = { - isa = PBXGroup; - children = ( - EBB9FF7E1682E5A200FF9774 /* CoreFoundation.framework */, - C209697215BF57EB0093035F /* libsecurity_utilities.a */, - 182BB4FC146F2823000BF1F3 /* libsecurityd.xcodeproj */, - 4C308388053237100028A8C6 /* lib */, - 1844619E146E9AD100B12992 /* config */, - C2D383F90A23A9D9005C63A2 /* cstemp */, - EB976F511684D73900A68EE6 /* antlr2 */, - EBB9FF721682E51300FF9774 /* CodeSigningHelper */, - C2CC30EF0B8519CF005FA59D /* Frameworks */, - 4CA1FEBF052A3C8100F22E42 /* Products */, - ); - sourceTree = ""; - }; - 4CA1FEBF052A3C8100F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - 4CA1FEBE052A3C8100F22E42 /* libsecurity_codesigning.a */, - C2BC1F260B580D3A003EC9DC /* libintegrity.a */, - C2BC1F2F0B580D4B003EC9DC /* libcodehost.a */, - C209696015BF52040093035F /* gkunpack */, - EBB9FF6F1682E51300FF9774 /* com.apple.CodeSigningHelper.xpc */, - ); - name = Products; - sourceTree = ""; - }; - C216C72D0AD59B22003B07D4 /* Signing Operations */ = { - isa = PBXGroup; - children = ( - C236E3D60AD59446000F5140 /* signer.h */, - C236E3D50AD59446000F5140 /* signer.cpp */, - C236E3DA0AD595C2000F5140 /* signerutils.h */, - C236E3D90AD595C2000F5140 /* signerutils.cpp */, - ); - name = "Signing Operations"; - sourceTree = ""; - }; - C24EABA914213FAF00C16AA9 /* System Policy */ = { - isa = PBXGroup; - children = ( - C273606D1433F09000A9A5FF /* SecAssessment.h */, - C273606C1433F09000A9A5FF /* SecAssessment.cpp */, - F69D1DEA1A66B493002728D8 /* evaluationmanager.h */, - F69D1DE91A66B493002728D8 /* evaluationmanager.cpp */, - 7A9DA65B1948D1BA004635E6 /* opaquewhitelist.h */, - 7A9DA65A1948D1BA004635E6 /* opaquewhitelist.cpp */, - C24EABAA1421432800C16AA9 /* policydb.h */, - C24EABAC1421433700C16AA9 /* policydb.cpp */, - C273601D1432A60B00A9A5FF /* policyengine.h */, - C27360201432A61900A9A5FF /* policyengine.cpp */, - C27360D71436868600A9A5FF /* xpcengine.h */, - C27360D41436866C00A9A5FF /* xpcengine.cpp */, - C27249D2143237CD0058B552 /* syspolicy.sql */, - ); - name = "System Policy"; - sourceTree = ""; - }; - C26AC6FF0DAEB2D0005BFB40 /* DTrace */ = { - isa = PBXGroup; - children = ( - C293E2C21554653700F3E396 /* sp-watch.d */, - C26AC6FD0DAEB2C4005BFB40 /* security_codesigning.d */, - C2F6071B107D575700A83618 /* codesign-watch.d */, - ); - name = DTrace; - sourceTree = ""; - }; - C293E2B915543F0800F3E396 /* gke */ = { - isa = PBXGroup; - children = ( - C2110704158BF5C8001D7F76 /* gkmerge */, - C278A19B158AB2C300FA6767 /* gkhandmake */, - C278A19C158AB2C300FA6767 /* gklist */, - C2578CC215798D0F00D4FE48 /* gkclear */, - C2578CC315798D0F00D4FE48 /* gkgenerate */, - C2578CC415798D0F00D4FE48 /* gkrecord */, - C25C18C615CB0BC10007A2DE /* gkreport */, - C25C18CF15CB0FA00007A2DE /* com.apple.gkreport.plist */, - C209696315BF52040093035F /* gkunpack.cpp */, - ); - path = gke; - sourceTree = SOURCE_ROOT; - }; - C2BC1F370B580DAE003EC9DC /* Static Support */ = { - isa = PBXGroup; - children = ( - C2CC31040B8523AD005FA59D /* SecIntegrityLib.h */, - C2CC310E0B852424005FA59D /* SecIntegrityLib.c */, - C2BC1F340B580DA7003EC9DC /* SecCodeHostLib.h */, - C2E2873C0B5D8D80009336A0 /* SecCodeHostLib.c */, - ); - name = "Static Support"; - sourceTree = ""; - }; - C2C1DF5F0A2E457E00D1B02B /* API */ = { - isa = PBXGroup; - children = ( - C2D383180A237F47005C63A2 /* CodeSigning.h */, - C2D3831C0A237F47005C63A2 /* CSCommon.h */, - C2D50CDF0E155A4F0059A195 /* CSCommonPriv.h */, - C2D3831E0A237F47005C63A2 /* SecCode.h */, - C2E8AF240DE25CA7000F6D3B /* SecCodePriv.h */, - C2D3831D0A237F47005C63A2 /* SecCode.cpp */, - C2D383220A237F47005C63A2 /* SecStaticCode.h */, - C2E8AF260DE25CA7000F6D3B /* SecStaticCodePriv.h */, - C2D383210A237F47005C63A2 /* SecStaticCode.cpp */, - C2D383260A237F47005C63A2 /* SecRequirement.h */, - C2E8AF250DE25CA7000F6D3B /* SecRequirementPriv.h */, - C2D383250A237F47005C63A2 /* SecRequirement.cpp */, - C21EA3DC0AD2F81300E6E31C /* SecCodeSigner.h */, - C21EA3DB0AD2F81300E6E31C /* SecCodeSigner.cpp */, - C2D383190A237F47005C63A2 /* SecCodeHost.h */, - C2C931B30AB8BA1200F83950 /* SecCodeHost.cpp */, - C250F6C20B5EF1910076098F /* SecIntegrity.h */, - C250F6C60B5EF5B50076098F /* SecIntegrity.cpp */, - C2D383390A237F47005C63A2 /* security_codesigning.exp */, - ); - name = API; - sourceTree = ""; - }; - C2C1DF600A2E458D00D1B02B /* API Objects */ = { - isa = PBXGroup; - children = ( - C2D3831B0A237F47005C63A2 /* cs.h */, - C2D3831A0A237F47005C63A2 /* cs.cpp */, - C2D3832E0A237F47005C63A2 /* Code.h */, - C2D3832D0A237F47005C63A2 /* Code.cpp */, - C2D383320A237F47005C63A2 /* StaticCode.h */, - C2D383310A237F47005C63A2 /* StaticCode.cpp */, - C2D383380A237F47005C63A2 /* Requirements.h */, - C2D383370A237F47005C63A2 /* Requirements.cpp */, - C21EA3E20AD2FA0900E6E31C /* CodeSigner.h */, - C21EA3E10AD2FA0900E6E31C /* CodeSigner.cpp */, - ); - name = "API Objects"; - sourceTree = ""; - }; - C2C1DF610A2E459E00D1B02B /* Disk Representations */ = { - isa = PBXGroup; - children = ( - C2D383280A237F47005C63A2 /* diskrep.h */, - C2D383270A237F47005C63A2 /* diskrep.cpp */, - C2D3832C0A237F47005C63A2 /* filediskrep.h */, - C2D3832B0A237F47005C63A2 /* filediskrep.cpp */, - C2D383130A237F47005C63A2 /* bundlediskrep.h */, - C2D383120A237F47005C63A2 /* bundlediskrep.cpp */, - C2D383300A237F47005C63A2 /* kerneldiskrep.h */, - C2D3832F0A237F47005C63A2 /* kerneldiskrep.cpp */, - C2BD519B0A9392FD000FE43D /* machorep.h */, - C2BD519A0A9392FD000FE43D /* machorep.cpp */, - C2A436140F2133B2007A41A6 /* slcrep.h */, - C2A436130F2133B2007A41A6 /* slcrep.cpp */, - C2D296791BCF16C000B0A29B /* diskimagerep.h */, - C2D296781BCF16C000B0A29B /* diskimagerep.cpp */, - C2C3BCD20BA1E47E00E869D1 /* singlediskrep.h */, - C2C3BCD10BA1E47E00E869D1 /* singlediskrep.cpp */, - C28342EC0E36719D00E54360 /* detachedrep.h */, - C28342EB0E36719D00E54360 /* detachedrep.cpp */, - EBDAF04E166D65FA0042CDCE /* piddiskrep.h */, - EBDAF04D166D65FA0042CDCE /* piddiskrep.cpp */, - ); - name = "Disk Representations"; - sourceTree = ""; - }; - C2C1DF620A2E45B600D1B02B /* Requirements */ = { - isa = PBXGroup; - children = ( - C2C1DF8F0A2E4A2700D1B02B /* requirements.grammar */, - EB68B10A150DAEBB00B4013D /* RequirementKeywords.h */, - EB68B10B150DAEBB00B4013D /* RequirementLexer.cpp */, - EB68B10C150DAEBB00B4013D /* RequirementLexer.hpp */, - EB68B10D150DAEBB00B4013D /* RequirementParser.cpp */, - EB68B10E150DAEBB00B4013D /* RequirementParser.hpp */, - EB68B10F150DAEBB00B4013D /* RequirementParserTokenTypes.hpp */, - EB68B110150DAEBB00B4013D /* RequirementParserTokenTypes.txt */, - C2D383360A237F47005C63A2 /* requirement.h */, - C2D383350A237F47005C63A2 /* requirement.cpp */, - C2C1DFC20A2F820500D1B02B /* reqmaker.h */, - C2C1DFC10A2F820500D1B02B /* reqmaker.cpp */, - C2093AA70BB0948000EB8599 /* reqreader.h */, - C2093AA60BB0948000EB8599 /* reqreader.cpp */, - C2C1DFBA0A2F80EB00D1B02B /* reqinterp.h */, - C2C1DFB90A2F80EB00D1B02B /* reqinterp.cpp */, - C2D383340A237F47005C63A2 /* reqparser.h */, - C2D383330A237F47005C63A2 /* reqparser.cpp */, - C21CFC5E0A250D1C006CD5B1 /* reqdumper.h */, - C21CFC5D0A250D1C006CD5B1 /* reqdumper.cpp */, - C26763D614FD9EBE00A46EDF /* drmaker.h */, - C26763D514FD9EBE00A46EDF /* drmaker.cpp */, - ); - name = Requirements; - sourceTree = ""; - }; - C2C1DF630A2E45BF00D1B02B /* Code Directory */ = { - isa = PBXGroup; - children = ( - C2D383170A237F47005C63A2 /* codedirectory.h */, - C2D383160A237F47005C63A2 /* codedirectory.cpp */, - C2D383150A237F47005C63A2 /* cdbuilder.h */, - C2D383140A237F47005C63A2 /* cdbuilder.cpp */, - ); - name = "Code Directory"; - sourceTree = ""; - }; - C2C1DF640A2E45F500D1B02B /* Code Classes */ = { - isa = PBXGroup; - children = ( - C2D383200A237F47005C63A2 /* cskernel.h */, - C2D3831F0A237F47005C63A2 /* cskernel.cpp */, - C2D383240A237F47005C63A2 /* csprocess.h */, - C2D383230A237F47005C63A2 /* csprocess.cpp */, - C2BD60F90AC863FC0057FD3D /* csgeneric.h */, - C2BD60F80AC863FC0057FD3D /* csgeneric.cpp */, - ); - name = "Code Classes"; - sourceTree = ""; - }; - C2CC30EF0B8519CF005FA59D /* Frameworks */ = { - isa = PBXGroup; - children = ( - DC529B301D63C78000D617E8 /* IOKit.framework */, - DC1418641CCEE2EC00CFD769 /* libutilities.a */, - C2D6EA461C8F5265009B586F /* libsecurity_utilities.a */, - C2D6EA441C8F5257009B586F /* Security.framework */, - CDCBE8941A1A96E8002CB2B7 /* Security.framework */, - C200424915D425B7004AE0A1 /* libsecurity_codesigning.a */, - C200424A15D425B7004AE0A1 /* libsecurity_utilities.a */, - C2CC30A00B8519CC005FA59D /* CoreFoundation.framework */, - EBB9FF701682E51300FF9774 /* Foundation.framework */, - 7A4FAF1A19C215DF00D297CB /* CrashReporterSupport.framework */, - ); - name = Frameworks; - path = /System/Library/Frameworks; - sourceTree = ""; - }; - C2CC31160B852554005FA59D /* Security Plugins */ = { - isa = PBXGroup; - children = ( - C2CC31140B85254F005FA59D /* antlrplugin.h */, - C2CC31130B85254F005FA59D /* antlrplugin.cpp */, - ); - name = "Security Plugins"; - path = ..; - sourceTree = ""; - }; - C2CCF0360A3F524B0085795A /* Local Utilities */ = { - isa = PBXGroup; - children = ( - C28342E50E366E6800E54360 /* csdatabase.h */, - C28342E40E366E6800E54360 /* csdatabase.cpp */, - C2F6566D0BCBFB250078779E /* cserror.h */, - C2F6566C0BCBFB250078779E /* cserror.cpp */, - C2E911E10ADEBE3200275CB2 /* resources.h */, - C2E911E00ADEBE3200275CB2 /* resources.cpp */, - C259DFD50AD6D9BA00C9ACC6 /* sigblob.h */, - C259DFD40AD6D9BA00C9ACC6 /* sigblob.cpp */, - C2A976A90B8A2E36008B4EA0 /* csutilities.h */, - C2A976A80B8A2E36008B4EA0 /* csutilities.cpp */, - C235340E145F1B050073F964 /* xar++.h */, - C2353410145F1B110073F964 /* xar++.cpp */, - C2F4439914C626D4000A01E6 /* quarantine++.h */, - C2F4439814C626D4000A01E6 /* quarantine++.cpp */, - 37DDE33B1947A4F3005CE18B /* dirscanner.h */, - 37DDE3411947A501005CE18B /* dirscanner.cpp */, - ); - name = "Local Utilities"; - sourceTree = ""; - }; - C2D383F90A23A9D9005C63A2 /* cstemp */ = { - isa = PBXGroup; - children = ( - C2C4F4EE0E0980C700137848 /* codesigning_dtrace.h */, - C26AC0F3143BD1B3001C98CE /* SystemPolicy */, - C26B45C00B8A9C00003C0ACA /* ucspc */, - ); - path = cstemp; - sourceTree = BUILT_PRODUCTS_DIR; - }; - EB976F511684D73900A68EE6 /* antlr2 */ = { - isa = PBXGroup; - children = ( - EB976F561684D77500A68EE6 /* antlr */, - EB976F8A1684D77500A68EE6 /* AUTHORS */, - EB976F8B1684D77500A68EE6 /* ChangeLog */, - EB976F8C1684D77500A68EE6 /* contrib */, - EB976F911684D77500A68EE6 /* doxygen.cfg */, - EBF9A1551684E0F300BCECA6 /* libsecurity_codesigning.plist */, - EBF9A1561684E0F300BCECA6 /* libsecurity_codesigning.txt */, - EBF9A1571684E0F300BCECA6 /* LICENSE.txt */, - EB976F921684D77500A68EE6 /* Makefile.in */, - EB976F931684D77500A68EE6 /* README */, - EB976F941684D77500A68EE6 /* scripts */, - EB976F971684D77600A68EE6 /* src */, - EB976FB71684D77600A68EE6 /* TODO */, - ); - name = antlr2; - sourceTree = ""; - }; - EB976F561684D77500A68EE6 /* antlr */ = { - isa = PBXGroup; - children = ( - EB976F571684D77500A68EE6 /* ANTLRException.hpp */, - EB976F581684D77500A68EE6 /* ANTLRUtil.hpp */, - EB976F591684D77500A68EE6 /* AST.hpp */, - EB976F5A1684D77500A68EE6 /* ASTArray.hpp */, - EB976F5B1684D77500A68EE6 /* ASTFactory.hpp */, - EB976F5C1684D77500A68EE6 /* ASTNULLType.hpp */, - EB976F5D1684D77500A68EE6 /* ASTPair.hpp */, - EB976F5E1684D77500A68EE6 /* ASTRefCount.hpp */, - EB976F5F1684D77500A68EE6 /* BaseAST.hpp */, - EB976F601684D77500A68EE6 /* BitSet.hpp */, - EB976F611684D77500A68EE6 /* CharBuffer.hpp */, - EB976F621684D77500A68EE6 /* CharInputBuffer.hpp */, - EB976F631684D77500A68EE6 /* CharScanner.hpp */, - EB976F641684D77500A68EE6 /* CharStreamException.hpp */, - EB976F651684D77500A68EE6 /* CharStreamIOException.hpp */, - EB976F661684D77500A68EE6 /* CircularQueue.hpp */, - EB976F671684D77500A68EE6 /* CommonAST.hpp */, - EB976F681684D77500A68EE6 /* CommonASTWithHiddenTokens.hpp */, - EB976F691684D77500A68EE6 /* CommonHiddenStreamToken.hpp */, - EB976F6A1684D77500A68EE6 /* CommonToken.hpp */, - EB976F6B1684D77500A68EE6 /* config.hpp */, - EB976F6C1684D77500A68EE6 /* InputBuffer.hpp */, - EB976F6D1684D77500A68EE6 /* IOException.hpp */, - EB976F6E1684D77500A68EE6 /* LexerSharedInputState.hpp */, - EB976F6F1684D77500A68EE6 /* LLkParser.hpp */, - EB976F701684D77500A68EE6 /* Makefile.in */, - EB976F711684D77500A68EE6 /* MismatchedCharException.hpp */, - EB976F721684D77500A68EE6 /* MismatchedTokenException.hpp */, - EB976F731684D77500A68EE6 /* NoViableAltException.hpp */, - EB976F741684D77500A68EE6 /* NoViableAltForCharException.hpp */, - EB976F751684D77500A68EE6 /* Parser.hpp */, - EB976F761684D77500A68EE6 /* ParserSharedInputState.hpp */, - EB976F771684D77500A68EE6 /* RecognitionException.hpp */, - EB976F781684D77500A68EE6 /* RefCount.hpp */, - EB976F791684D77500A68EE6 /* SemanticException.hpp */, - EB976F7A1684D77500A68EE6 /* String.hpp */, - EB976F7B1684D77500A68EE6 /* Token.hpp */, - EB976F7C1684D77500A68EE6 /* TokenBuffer.hpp */, - EB976F7D1684D77500A68EE6 /* TokenRefCount.hpp */, - EB976F7E1684D77500A68EE6 /* TokenStream.hpp */, - EB976F7F1684D77500A68EE6 /* TokenStreamBasicFilter.hpp */, - EB976F801684D77500A68EE6 /* TokenStreamException.hpp */, - EB976F811684D77500A68EE6 /* TokenStreamHiddenTokenFilter.hpp */, - EB976F821684D77500A68EE6 /* TokenStreamIOException.hpp */, - EB976F831684D77500A68EE6 /* TokenStreamRecognitionException.hpp */, - EB976F841684D77500A68EE6 /* TokenStreamRetryException.hpp */, - EB976F851684D77500A68EE6 /* TokenStreamRewriteEngine.hpp */, - EB976F861684D77500A68EE6 /* TokenStreamSelector.hpp */, - EB976F871684D77500A68EE6 /* TokenWithIndex.hpp */, - EB976F881684D77500A68EE6 /* TreeParser.hpp */, - EB976F891684D77500A68EE6 /* TreeParserSharedInputState.hpp */, - ); - name = antlr; - path = antlr2/antlr; - sourceTree = ""; - }; - EB976F8C1684D77500A68EE6 /* contrib */ = { - isa = PBXGroup; - children = ( - EB976F8D1684D77500A68EE6 /* bcb4 */, - ); - name = contrib; - path = antlr2/contrib; - sourceTree = ""; - }; - EB976F8D1684D77500A68EE6 /* bcb4 */ = { - isa = PBXGroup; - children = ( - EB976F8E1684D77500A68EE6 /* antlr.bpr */, - EB976F8F1684D77500A68EE6 /* antlr.cpp */, - EB976F901684D77500A68EE6 /* README */, - ); - path = bcb4; - sourceTree = ""; - }; - EB976F941684D77500A68EE6 /* scripts */ = { - isa = PBXGroup; - children = ( - EB976F951684D77500A68EE6 /* cr_stripper.sh */, - EB976F961684D77500A68EE6 /* make_change_log.tcl */, - ); - name = scripts; - path = antlr2/scripts; - sourceTree = ""; - }; - EB976F971684D77600A68EE6 /* src */ = { - isa = PBXGroup; - children = ( - EB976F981684D77600A68EE6 /* ANTLRUtil.cpp */, - EB976F991684D77600A68EE6 /* ASTFactory.cpp */, - EB976F9A1684D77600A68EE6 /* ASTNULLType.cpp */, - EB976F9B1684D77600A68EE6 /* ASTRefCount.cpp */, - EB976F9C1684D77600A68EE6 /* BaseAST.cpp */, - EB976F9D1684D77600A68EE6 /* BitSet.cpp */, - EB976F9E1684D77600A68EE6 /* CharBuffer.cpp */, - EB976F9F1684D77600A68EE6 /* CharScanner.cpp */, - EB976FA01684D77600A68EE6 /* CommonAST.cpp */, - EB976FA11684D77600A68EE6 /* CommonASTWithHiddenTokens.cpp */, - EB976FA21684D77600A68EE6 /* CommonHiddenStreamToken.cpp */, - EB976FA31684D77600A68EE6 /* CommonToken.cpp */, - EB976FA41684D77600A68EE6 /* dll.cpp */, - EB976FA51684D77600A68EE6 /* InputBuffer.cpp */, - EB976FA61684D77600A68EE6 /* LLkParser.cpp */, - EB976FA71684D77600A68EE6 /* Makefile.in */, - EB976FA81684D77600A68EE6 /* MismatchedCharException.cpp */, - EB976FA91684D77600A68EE6 /* MismatchedTokenException.cpp */, - EB976FAA1684D77600A68EE6 /* NoViableAltException.cpp */, - EB976FAB1684D77600A68EE6 /* NoViableAltForCharException.cpp */, - EB976FAC1684D77600A68EE6 /* Parser.cpp */, - EB976FAD1684D77600A68EE6 /* RecognitionException.cpp */, - EB976FAE1684D77600A68EE6 /* String.cpp */, - EB976FAF1684D77600A68EE6 /* Token.cpp */, - EB976FB01684D77600A68EE6 /* TokenBuffer.cpp */, - EB976FB11684D77600A68EE6 /* TokenRefCount.cpp */, - EB976FB21684D77600A68EE6 /* TokenStreamBasicFilter.cpp */, - EB976FB31684D77600A68EE6 /* TokenStreamHiddenTokenFilter.cpp */, - EB976FB41684D77600A68EE6 /* TokenStreamRewriteEngine.cpp */, - EB976FB51684D77600A68EE6 /* TokenStreamSelector.cpp */, - EB976FB61684D77600A68EE6 /* TreeParser.cpp */, - ); - name = src; - path = antlr2/src; - sourceTree = ""; - }; - EBB9FF721682E51300FF9774 /* CodeSigningHelper */ = { - isa = PBXGroup; - children = ( - EBB9FF791682E51300FF9774 /* main.c */, - C2D6EA3E1C8F5158009B586F /* main.cpp */, - EBB9FF801682E65700FF9774 /* com.apple.CodeSigningHelper.sb */, - EBB9FF731682E51300FF9774 /* Supporting Files */, - ); - path = CodeSigningHelper; - sourceTree = ""; - }; - EBB9FF731682E51300FF9774 /* Supporting Files */ = { - isa = PBXGroup; - children = ( - EBB9FF741682E51300FF9774 /* CodeSigningHelper-Info.plist */, - ); - name = "Supporting Files"; - sourceTree = ""; - }; - FEB30C9110DAC6C400557BA2 /* Entitlements */ = { - isa = PBXGroup; - children = ( - FEB30C9410DAC8A500557BA2 /* SecTask.h */, - BEC3A75B16F78D21003E5634 /* SecTaskPriv.h */, - FEB30C9210DAC89D00557BA2 /* SecTask.c */, - ); - name = Entitlements; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 4CA1FEB9052A3C8100F22E42 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 18B965861472FBF6005A4D2E /* reqdumper.h in Headers */, - 18B965871472FC5B005A4D2E /* requirement.h in Headers */, - 18B965881472FC5B005A4D2E /* reqmaker.h in Headers */, - 7A9DA65D1948D1BA004635E6 /* opaquewhitelist.h in Headers */, - 18B965891472FC5B005A4D2E /* reqreader.h in Headers */, - 18B9658A1472FC5B005A4D2E /* reqinterp.h in Headers */, - 18B9658B1472FC5B005A4D2E /* reqparser.h in Headers */, - C2D2967B1BCF16C000B0A29B /* diskimagerep.h in Headers */, - 18B9658C1472FC9E005A4D2E /* codedirectory.h in Headers */, - 18B965951472FE30005A4D2E /* cdbuilder.h in Headers */, - EB68B133150DB04400B4013D /* RequirementKeywords.h in Headers */, - BEC3A75C16F78D21003E5634 /* SecTaskPriv.h in Headers */, - EB68B134150DB04400B4013D /* RequirementLexer.hpp in Headers */, - F69D1DEC1A66B493002728D8 /* evaluationmanager.h in Headers */, - EB68B135150DB04400B4013D /* RequirementParser.hpp in Headers */, - FEB30CA410DAC97400557BA2 /* SecTask.h in Headers */, - 37DDE33C1947A4F3005CE18B /* dirscanner.h in Headers */, - C26FF6310E5B376B00F640A0 /* CSCommonPriv.h in Headers */, - C26FF6330E5B376B00F640A0 /* SecCodePriv.h in Headers */, - C26FF6350E5B376B00F640A0 /* SecStaticCodePriv.h in Headers */, - C26FF6370E5B376B00F640A0 /* SecRequirementPriv.h in Headers */, - C26FF6380E5B376B00F640A0 /* SecCodeSigner.h in Headers */, - C26FF63A0E5B376B00F640A0 /* SecIntegrity.h in Headers */, - C26FF62D0E5B375A00F640A0 /* SecIntegrityLib.h in Headers */, - C26FF62E0E5B375A00F640A0 /* SecCodeHostLib.h in Headers */, - C273606F1433F09000A9A5FF /* SecAssessment.h in Headers */, - C26FF62F0E5B376B00F640A0 /* CodeSigning.h in Headers */, - C26FF6300E5B376B00F640A0 /* CSCommon.h in Headers */, - C26FF6320E5B376B00F640A0 /* SecCode.h in Headers */, - C26FF6340E5B376B00F640A0 /* SecStaticCode.h in Headers */, - C26FF6360E5B376B00F640A0 /* SecRequirement.h in Headers */, - C26FF6390E5B376B00F640A0 /* SecCodeHost.h in Headers */, - C2A436160F2133B2007A41A6 /* slcrep.h in Headers */, - C24EABAB1421432800C16AA9 /* policydb.h in Headers */, - C2F4439B14C626D4000A01E6 /* quarantine++.h in Headers */, - C26763D814FD9EBE00A46EDF /* drmaker.h in Headers */, - EBDAF050166D65FA0042CDCE /* piddiskrep.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - C2BC1F220B580D3A003EC9DC /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - C250F6C30B5EF1910076098F /* SecIntegrity.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - C2BC1F2B0B580D4B003EC9DC /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - C2BC1F350B580DA7003EC9DC /* SecCodeHostLib.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 4CA1FEBD052A3C8100F22E42 /* libsecurity_codesigning */ = { - isa = PBXNativeTarget; - buildConfigurationList = C263E67509A2971B000043F1 /* Build configuration list for PBXNativeTarget "libsecurity_codesigning" */; - buildPhases = ( - 4CA1FEB9052A3C8100F22E42 /* Headers */, - 4CA1FEBA052A3C8100F22E42 /* Sources */, - 4CA1FEBB052A3C8100F22E42 /* Frameworks */, - 1865FFD5147517A300FD79DF /* ShellScript */, - EBF9A1501684E0DF00BCECA6 /* Copy OpenSourceVersions */, - EBF9A1591684E12C00BCECA6 /* OpenSourceLicenses */, - ); - buildRules = ( - ); - dependencies = ( - 182BB50F146F28F6000BF1F3 /* PBXTargetDependency */, - 1844617D146E9A5200B12992 /* PBXTargetDependency */, - 182BB511146F292B000BF1F3 /* PBXTargetDependency */, - ); - name = libsecurity_codesigning; - productName = libsecurity_codesigning; - productReference = 4CA1FEBE052A3C8100F22E42 /* libsecurity_codesigning.a */; - productType = "com.apple.product-type.library.static"; - }; - C209695F15BF52040093035F /* gkunpack */ = { - isa = PBXNativeTarget; - buildConfigurationList = C209696B15BF52040093035F /* Build configuration list for PBXNativeTarget "gkunpack" */; - buildPhases = ( - C209695C15BF52040093035F /* Sources */, - C209695D15BF52040093035F /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = gkunpack; - productName = gkunpack; - productReference = C209696015BF52040093035F /* gkunpack */; - productType = "com.apple.product-type.tool"; - }; - C2BC1F250B580D3A003EC9DC /* libintegrity */ = { - isa = PBXNativeTarget; - buildConfigurationList = C2BC1F270B580D3F003EC9DC /* Build configuration list for PBXNativeTarget "libintegrity" */; - buildPhases = ( - C2BC1F220B580D3A003EC9DC /* Headers */, - C2BC1F230B580D3A003EC9DC /* Sources */, - C2BC1F240B580D3A003EC9DC /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libintegrity; - productName = libintegrity; - productReference = C2BC1F260B580D3A003EC9DC /* libintegrity.a */; - productType = "com.apple.product-type.library.static"; - }; - C2BC1F2E0B580D4B003EC9DC /* libcodehost */ = { - isa = PBXNativeTarget; - buildConfigurationList = C2BC1F300B580D69003EC9DC /* Build configuration list for PBXNativeTarget "libcodehost" */; - buildPhases = ( - C26B45C30B8A9C1A003C0ACA /* Prepare ucspc */, - C2BC1F2B0B580D4B003EC9DC /* Headers */, - C2BC1F2C0B580D4B003EC9DC /* Sources */, - C2BC1F2D0B580D4B003EC9DC /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libcodehost; - productName = libcodehost; - productReference = C2BC1F2F0B580D4B003EC9DC /* libcodehost.a */; - productType = "com.apple.product-type.library.static"; - }; - EBB9FF6E1682E51300FF9774 /* CodeSigningHelper */ = { - isa = PBXNativeTarget; - buildConfigurationList = EBB9FF7B1682E51300FF9774 /* Build configuration list for PBXNativeTarget "CodeSigningHelper" */; - buildPhases = ( - EBB9FF6B1682E51300FF9774 /* Sources */, - EBB9FF6C1682E51300FF9774 /* Frameworks */, - EBB9FFE11682E80A00FF9774 /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = CodeSigningHelper; - productName = CodeSigningHelper; - productReference = EBB9FF6F1682E51300FF9774 /* com.apple.CodeSigningHelper.xpc */; - productType = "com.apple.product-type.bundle"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEAB052A3C3800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C263E67909A2971B000043F1 /* Build configuration list for PBXProject "libsecurity_codesigning" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - English, - Japanese, - French, - German, - en, - ); - mainGroup = 4CA1FEA7052A3C3800F22E42; - productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 182BB4FD146F2823000BF1F3 /* Products */; - ProjectRef = 182BB4FC146F2823000BF1F3 /* libsecurityd.xcodeproj */; - }, - ); - projectRoot = ""; - targets = ( - C2E2873F0B5D8F8F009336A0 /* Everything */, - 4CA1FEBD052A3C8100F22E42 /* libsecurity_codesigning */, - C2D383B80A23A8C4005C63A2 /* Requirements Language */, - C2BC1F250B580D3A003EC9DC /* libintegrity */, - C2BC1F2E0B580D4B003EC9DC /* libcodehost */, - C26AC7090DAEB3A7005BFB40 /* DTrace */, - C26AC0EB143BCF01001C98CE /* SystemPolicy */, - C209695F15BF52040093035F /* gkunpack */, - EBB9FF6E1682E51300FF9774 /* CodeSigningHelper */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 182BB505146F2823000BF1F3 /* libsecurityd_client.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurityd_client.a; - remoteRef = 182BB504146F2823000BF1F3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 182BB507146F2823000BF1F3 /* libsecurityd_server.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurityd_server.a; - remoteRef = 182BB506146F2823000BF1F3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 182BB509146F2823000BF1F3 /* ucspc.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = ucspc.a; - remoteRef = 182BB508146F2823000BF1F3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; -/* End PBXReferenceProxy section */ - -/* Begin PBXShellScriptBuildPhase section */ - 1865FFD5147517A300FD79DF /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - "$(SRCROOT)/", - "$(SRCROOT)/lib/", - "$(SRCROOT)/gke/", - "$(SRCROOT)/dtrace/", - "$(SRCROOT)/antlr2/", - "$(SRCROOT)/antlr2/contrib/", - "$(SRCROOT)/antlr2/contrib/bcb4/", - "$(SRCROOT)/antlr2/scripts/", - "$(SRCROOT)/antlr2/src/", - ); - outputPaths = ( - "${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}", - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "# with our source directories as input files, Xcode will only re-run this phase if there's been a source change. Also, xcode doesn't believe in recursive directory.\nranlib \"${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}\""; - }; - 1F9152F01C7255BD009351BD /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 8; - files = ( - ); - inputPaths = ( - "$(TEMPDIR)/SystemPolicy", - ); - outputPaths = ( - "$(DSTROOT)/private/var/db/SystemPolicy", - ); - runOnlyForDeploymentPostprocessing = 1; - shellPath = /bin/bash; - shellScript = "cp \"$SCRIPT_INPUT_FILE_0\" \"$SCRIPT_OUTPUT_FILE_0\"\nchmod 600 \"$SCRIPT_OUTPUT_FILE_0\""; - showEnvVarsInLog = 0; - }; - C26AC0F0143BCF18001C98CE /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 12; - files = ( - ); - inputPaths = ( - "$(PROJECT_DIR)/lib/syspolicy.sql", - ); - outputPaths = ( - "$(TEMPDIR)/SystemPolicy", - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "mkdir -p \"$(dirname \"$SCRIPT_OUTPUT_FILE_0\")\"\nrm -f \"$SCRIPT_OUTPUT_FILE_0\"\nsqlite3 \"$SCRIPT_OUTPUT_FILE_0\" <$SRCROOT/lib/RequirementKeywords.h\n"; - }; - C2F24DFE14BCBBF200309FCD /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 8; - files = ( - ); - inputPaths = ( - "$(TEMPDIR)/SystemPolicy", - ); - outputPaths = ( - "$(DSTROOT)/private/var/db/.SystemPolicy-default", - ); - runOnlyForDeploymentPostprocessing = 1; - shellPath = /bin/bash; - shellScript = "cp \"$SCRIPT_INPUT_FILE_0\" \"$SCRIPT_OUTPUT_FILE_0\"\nchmod 400 \"$SCRIPT_OUTPUT_FILE_0\""; - showEnvVarsInLog = 0; - }; -/* End PBXShellScriptBuildPhase section */ - -/* Begin PBXSourcesBuildPhase section */ - 4CA1FEBA052A3C8100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - EB976FB81684D7C500A68EE6 /* ANTLRUtil.cpp in Sources */, - EB976FB91684D7C500A68EE6 /* ASTFactory.cpp in Sources */, - EB976FBA1684D7C500A68EE6 /* ASTNULLType.cpp in Sources */, - EB976FBB1684D7C500A68EE6 /* ASTRefCount.cpp in Sources */, - EB976FBC1684D7C500A68EE6 /* BaseAST.cpp in Sources */, - EB976FBD1684D7C500A68EE6 /* BitSet.cpp in Sources */, - EB976FBE1684D7C500A68EE6 /* CharBuffer.cpp in Sources */, - EB976FBF1684D7C500A68EE6 /* CharScanner.cpp in Sources */, - 37DDE3421947A501005CE18B /* dirscanner.cpp in Sources */, - EB976FC01684D7C500A68EE6 /* CommonAST.cpp in Sources */, - EB976FC11684D7C500A68EE6 /* CommonASTWithHiddenTokens.cpp in Sources */, - EB976FC21684D7C500A68EE6 /* CommonHiddenStreamToken.cpp in Sources */, - EB976FC31684D7C500A68EE6 /* CommonToken.cpp in Sources */, - EB976FC41684D7C500A68EE6 /* InputBuffer.cpp in Sources */, - EB976FC51684D7C500A68EE6 /* LLkParser.cpp in Sources */, - EB976FC61684D7C500A68EE6 /* MismatchedCharException.cpp in Sources */, - EB976FC71684D7C500A68EE6 /* MismatchedTokenException.cpp in Sources */, - EB976FC81684D7C500A68EE6 /* NoViableAltException.cpp in Sources */, - EB976FC91684D7C500A68EE6 /* NoViableAltForCharException.cpp in Sources */, - EB976FCA1684D7C500A68EE6 /* Parser.cpp in Sources */, - EB976FCB1684D7C500A68EE6 /* RecognitionException.cpp in Sources */, - EB976FCC1684D7C500A68EE6 /* String.cpp in Sources */, - EB976FCD1684D7C500A68EE6 /* Token.cpp in Sources */, - EB976FCE1684D7C500A68EE6 /* TokenBuffer.cpp in Sources */, - EB976FCF1684D7C500A68EE6 /* TokenRefCount.cpp in Sources */, - EB976FD01684D7C500A68EE6 /* TokenStreamBasicFilter.cpp in Sources */, - EB976FD11684D7C500A68EE6 /* TokenStreamHiddenTokenFilter.cpp in Sources */, - EB976FD21684D7C500A68EE6 /* TokenStreamRewriteEngine.cpp in Sources */, - EB976FD31684D7C500A68EE6 /* TokenStreamSelector.cpp in Sources */, - EB976FD41684D7C500A68EE6 /* TreeParser.cpp in Sources */, - C2D3833C0A237F47005C63A2 /* bundlediskrep.cpp in Sources */, - C2D3833E0A237F47005C63A2 /* cdbuilder.cpp in Sources */, - C2D383400A237F47005C63A2 /* codedirectory.cpp in Sources */, - C2D383440A237F47005C63A2 /* cs.cpp in Sources */, - C2D383470A237F47005C63A2 /* SecCode.cpp in Sources */, - C2D383490A237F47005C63A2 /* cskernel.cpp in Sources */, - C2D3834B0A237F47005C63A2 /* SecStaticCode.cpp in Sources */, - C2D3834D0A237F47005C63A2 /* csprocess.cpp in Sources */, - C2D3834F0A237F47005C63A2 /* SecRequirement.cpp in Sources */, - C2D383510A237F47005C63A2 /* diskrep.cpp in Sources */, - C2D383550A237F47005C63A2 /* filediskrep.cpp in Sources */, - C2D383570A237F47005C63A2 /* Code.cpp in Sources */, - C2D383590A237F47005C63A2 /* kerneldiskrep.cpp in Sources */, - C2D3835B0A237F47005C63A2 /* StaticCode.cpp in Sources */, - C2D3835D0A237F47005C63A2 /* reqparser.cpp in Sources */, - C2C1DF140A2E3D7200D1B02B /* requirement.cpp in Sources */, - C2D383610A237F47005C63A2 /* Requirements.cpp in Sources */, - C21CFC5F0A250D1C006CD5B1 /* reqdumper.cpp in Sources */, - C2C1DFBB0A2F80EB00D1B02B /* reqinterp.cpp in Sources */, - C2C1DFC30A2F820500D1B02B /* reqmaker.cpp in Sources */, - C22463610B86210100626F1B /* antlrplugin.cpp in Sources */, - C2BD519C0A9392FD000FE43D /* machorep.cpp in Sources */, - C2C931B40AB8BA1200F83950 /* SecCodeHost.cpp in Sources */, - C2BD60FA0AC863FC0057FD3D /* csgeneric.cpp in Sources */, - C21EA3DD0AD2F81300E6E31C /* SecCodeSigner.cpp in Sources */, - C21EA3E30AD2FA0900E6E31C /* CodeSigner.cpp in Sources */, - C236E3D70AD59446000F5140 /* signer.cpp in Sources */, - F69D1DEB1A66B493002728D8 /* evaluationmanager.cpp in Sources */, - C236E3DB0AD595C2000F5140 /* signerutils.cpp in Sources */, - C259DFD60AD6D9BA00C9ACC6 /* sigblob.cpp in Sources */, - C2E911E20ADEBE3200275CB2 /* resources.cpp in Sources */, - C2A976AA0B8A2E36008B4EA0 /* csutilities.cpp in Sources */, - C2C3BCD30BA1E47E00E869D1 /* singlediskrep.cpp in Sources */, - C2093AA80BB0948000EB8599 /* reqreader.cpp in Sources */, - C2F6566E0BCBFB250078779E /* cserror.cpp in Sources */, - C28342E70E366E6800E54360 /* csdatabase.cpp in Sources */, - C28342EE0E36719D00E54360 /* detachedrep.cpp in Sources */, - C2A436150F2133B2007A41A6 /* slcrep.cpp in Sources */, - FEB30C9310DAC89D00557BA2 /* SecTask.c in Sources */, - C24EABAD1421433700C16AA9 /* policydb.cpp in Sources */, - 7A9DA65C1948D1BA004635E6 /* opaquewhitelist.cpp in Sources */, - C273606E1433F09000A9A5FF /* SecAssessment.cpp in Sources */, - C27360D51436866D00A9A5FF /* xpcengine.cpp in Sources */, - C2DC2DCA145F594000AD2A3A /* xar++.cpp in Sources */, - C2DC2DCB145F5CD000AD2A3A /* policyengine.cpp in Sources */, - C2D2967A1BCF16C000B0A29B /* diskimagerep.cpp in Sources */, - C2F4439A14C626D4000A01E6 /* quarantine++.cpp in Sources */, - C26763D714FD9EBE00A46EDF /* drmaker.cpp in Sources */, - EB68B111150DAEEA00B4013D /* RequirementLexer.cpp in Sources */, - EB68B112150DAEEA00B4013D /* RequirementParser.cpp in Sources */, - EBDAF04F166D65FA0042CDCE /* piddiskrep.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - C209695C15BF52040093035F /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - C209696415BF52040093035F /* gkunpack.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - C2BC1F230B580D3A003EC9DC /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - C2CC310F0B852424005FA59D /* SecIntegrityLib.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - C2BC1F2C0B580D4B003EC9DC /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - C2E2873D0B5D8D80009336A0 /* SecCodeHostLib.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - EBB9FF6B1682E51300FF9774 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - C2D6EA3F1C8F5158009B586F /* main.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - 182BB50F146F28F6000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurityd_generate; - targetProxy = 182BB50E146F28F6000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB511146F292B000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = C26AC0EB143BCF01001C98CE /* SystemPolicy */; - targetProxy = 182BB510146F292B000BF1F3 /* PBXContainerItemProxy */; - }; - 1844617D146E9A5200B12992 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = C26AC7090DAEB3A7005BFB40 /* DTrace */; - targetProxy = 1844617C146E9A5200B12992 /* PBXContainerItemProxy */; - }; - C209697015BF53330093035F /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = C209695F15BF52040093035F /* gkunpack */; - targetProxy = C209696F15BF53330093035F /* PBXContainerItemProxy */; - }; - C250F6C50B5EF4E40076098F /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = C2BC1F250B580D3A003EC9DC /* libintegrity */; - targetProxy = C250F6C40B5EF4E40076098F /* PBXContainerItemProxy */; - }; - C26AC0F2143BD02B001C98CE /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = C26AC0EB143BCF01001C98CE /* SystemPolicy */; - targetProxy = C26AC0F1143BD02B001C98CE /* PBXContainerItemProxy */; - }; - C2E287410B5D8F97009336A0 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4CA1FEBD052A3C8100F22E42 /* libsecurity_codesigning */; - targetProxy = C2E287400B5D8F97009336A0 /* PBXContainerItemProxy */; - }; - C2E287430B5D8F9A009336A0 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = C2BC1F2E0B580D4B003EC9DC /* libcodehost */; - targetProxy = C2E287420B5D8F9A009336A0 /* PBXContainerItemProxy */; - }; -/* End PBXTargetDependency section */ - -/* Begin XCBuildConfiguration section */ - C209696C15BF52040093035F /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "compiler-default"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COPY_PHASE_STRIP = NO; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_ENABLE_OBJC_EXCEPTIONS = YES; - GCC_OPTIMIZATION_LEVEL = 0; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_SYMBOLS_PRIVATE_EXTERN = NO; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - ONLY_ACTIVE_ARCH = YES; - PRODUCT_NAME = "$(TARGET_NAME)"; - SKIP_INSTALL = NO; - }; - name = Debug; - }; - C209696D15BF52040093035F /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "compiler-default"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COPY_PHASE_STRIP = YES; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_ENABLE_OBJC_EXCEPTIONS = YES; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - PRODUCT_NAME = "$(TARGET_NAME)"; - SKIP_INSTALL = NO; - }; - name = Release; - }; - C263E67609A2971B000043F1 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 184461A0146E9AD100B12992 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - COPY_PHASE_STRIP = NO; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)/antlr2", - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/Frameworks/System.framework/PrivateHeaders", - ); - PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_codesigning; - SKIP_INSTALL = NO; - }; - name = Debug; - }; - C263E67809A2971B000043F1 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 184461A2146E9AD100B12992 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - COPY_PHASE_STRIP = NO; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)/antlr2", - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/Frameworks/System.framework/PrivateHeaders", - ); - PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_codesigning; - SKIP_INSTALL = NO; - }; - name = Release; - }; - C263E67A09A2971B000043F1 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 184461A1146E9AD100B12992 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - FRAMEWORK_SEARCH_PATHS = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks"; - GCC_NO_COMMON_BLOCKS = YES; - GCC_PREPROCESSOR_DEFINITIONS = "SECTRUST_OSX=1"; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)/../include", - "$(PROJECT_DIR)/../utilities", - "$(BUILT_PRODUCTS_DIR)/derived_src", - "$(BUILT_PRODUCTS_DIR)", - "$(PROJECT_DIR)/lib", - /usr/local/include, - ); - ONLY_ACTIVE_ARCH = YES; - OTHER_LDFLAGS = ""; - TEMPDIR = "$(BUILT_PRODUCTS_DIR)/cstemp"; - WARNING_CFLAGS = ( - "-Wmost", - "-Wno-four-char-constants", - "-Wno-unknown-pragmas", - "$(inherited)", - ); - }; - name = Debug; - }; - C263E67C09A2971B000043F1 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 184461A1146E9AD100B12992 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - FRAMEWORK_SEARCH_PATHS = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks"; - GCC_NO_COMMON_BLOCKS = YES; - GCC_PREPROCESSOR_DEFINITIONS = "SECTRUST_OSX=1"; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)/../include", - "$(PROJECT_DIR)/../utilities", - "$(BUILT_PRODUCTS_DIR)/derived_src", - "$(BUILT_PRODUCTS_DIR)", - "$(PROJECT_DIR)/lib", - /usr/local/include, - ); - OTHER_LDFLAGS = ""; - TEMPDIR = "$(BUILT_PRODUCTS_DIR)/cstemp"; - WARNING_CFLAGS = ( - "-Wmost", - "-Wno-four-char-constants", - "-Wno-unknown-pragmas", - "$(inherited)", - ); - }; - name = Release; - }; - C26AC0ED143BCF01001C98CE /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Debug; - }; - C26AC0EF143BCF01001C98CE /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Release; - }; - C26AC70A0DAEB3A8005BFB40 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Debug; - }; - C26AC70C0DAEB3A8005BFB40 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Release; - }; - C2BC1F280B580D3F003EC9DC /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 184461A0146E9AD100B12992 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - SKIP_INSTALL = NO; - }; - name = Debug; - }; - C2BC1F2A0B580D3F003EC9DC /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 184461A2146E9AD100B12992 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - SKIP_INSTALL = NO; - }; - name = Release; - }; - C2BC1F310B580D69003EC9DC /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 184461A0146E9AD100B12992 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - SKIP_INSTALL = NO; - }; - name = Debug; - }; - C2BC1F330B580D69003EC9DC /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 184461A2146E9AD100B12992 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - SKIP_INSTALL = NO; - }; - name = Release; - }; - C2D383C10A23A8E3005C63A2 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Debug; - }; - C2D383C30A23A8E3005C63A2 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Release; - }; - C2E287480B5D8FD8009336A0 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)/../include", - "$(BUILT_PRODUCTS_DIR)/derived_src", - "$(BUILT_PRODUCTS_DIR)", - "$(PROJECT_DIR)/lib", - /usr/local/include, - ); - }; - name = Debug; - }; - C2E2874A0B5D8FD8009336A0 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)/../include", - "$(BUILT_PRODUCTS_DIR)/derived_src", - "$(BUILT_PRODUCTS_DIR)", - "$(PROJECT_DIR)/lib", - /usr/local/include, - ); - }; - name = Release; - }; - EBB9FF7C1682E51300FF9774 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COMBINE_HIDPI_IMAGES = YES; - COPY_PHASE_STRIP = NO; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_ENABLE_OBJC_EXCEPTIONS = YES; - GCC_OPTIMIZATION_LEVEL = 0; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_SYMBOLS_PRIVATE_EXTERN = NO; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - INFOPLIST_FILE = "CodeSigningHelper/CodeSigningHelper-Info.plist"; - INSTALL_PATH = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices; - MACH_O_TYPE = mh_execute; - ONLY_ACTIVE_ARCH = YES; - PRODUCT_BUNDLE_IDENTIFIER = "${PRODUCT_NAME}"; - PRODUCT_NAME = "com.apple.$(TARGET_NAME:rfc1034identifier)"; - SKIP_INSTALL = NO; - WRAPPER_EXTENSION = xpc; - }; - name = Debug; - }; - EBB9FF7D1682E51300FF9774 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COMBINE_HIDPI_IMAGES = YES; - COPY_PHASE_STRIP = YES; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_ENABLE_OBJC_EXCEPTIONS = YES; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - INFOPLIST_FILE = "CodeSigningHelper/CodeSigningHelper-Info.plist"; - INSTALL_PATH = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices; - MACH_O_TYPE = mh_execute; - PRODUCT_BUNDLE_IDENTIFIER = "${PRODUCT_NAME}"; - PRODUCT_NAME = "com.apple.$(TARGET_NAME:rfc1034identifier)"; - SKIP_INSTALL = NO; - WRAPPER_EXTENSION = xpc; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C209696B15BF52040093035F /* Build configuration list for PBXNativeTarget "gkunpack" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C209696C15BF52040093035F /* Debug */, - C209696D15BF52040093035F /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C263E67509A2971B000043F1 /* Build configuration list for PBXNativeTarget "libsecurity_codesigning" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C263E67609A2971B000043F1 /* Debug */, - C263E67809A2971B000043F1 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C263E67909A2971B000043F1 /* Build configuration list for PBXProject "libsecurity_codesigning" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C263E67A09A2971B000043F1 /* Debug */, - C263E67C09A2971B000043F1 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C26AC0EC143BCF01001C98CE /* Build configuration list for PBXAggregateTarget "SystemPolicy" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C26AC0ED143BCF01001C98CE /* Debug */, - C26AC0EF143BCF01001C98CE /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C26AC70D0DAEB3C6005BFB40 /* Build configuration list for PBXAggregateTarget "DTrace" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C26AC70A0DAEB3A8005BFB40 /* Debug */, - C26AC70C0DAEB3A8005BFB40 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C2BC1F270B580D3F003EC9DC /* Build configuration list for PBXNativeTarget "libintegrity" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C2BC1F280B580D3F003EC9DC /* Debug */, - C2BC1F2A0B580D3F003EC9DC /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C2BC1F300B580D69003EC9DC /* Build configuration list for PBXNativeTarget "libcodehost" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C2BC1F310B580D69003EC9DC /* Debug */, - C2BC1F330B580D69003EC9DC /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C2D383C00A23A8E3005C63A2 /* Build configuration list for PBXAggregateTarget "Requirements Language" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C2D383C10A23A8E3005C63A2 /* Debug */, - C2D383C30A23A8E3005C63A2 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C2E287470B5D8FD8009336A0 /* Build configuration list for PBXAggregateTarget "Everything" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C2E287480B5D8FD8009336A0 /* Debug */, - C2E2874A0B5D8FD8009336A0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - EBB9FF7B1682E51300FF9774 /* Build configuration list for PBXNativeTarget "CodeSigningHelper" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - EBB9FF7C1682E51300FF9774 /* Debug */, - EBB9FF7D1682E51300FF9774 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; -} diff --git a/OSX/libsecurity_comcryption/libsecurity_comcryption.xcodeproj/project.pbxproj b/OSX/libsecurity_comcryption/libsecurity_comcryption.xcodeproj/project.pbxproj deleted file mode 100644 index 98200d4d..00000000 --- a/OSX/libsecurity_comcryption/libsecurity_comcryption.xcodeproj/project.pbxproj +++ /dev/null @@ -1,230 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 7264323500A8AD987F000001 /* comcryption.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264322D00A8AD987F000001 /* comcryption.c */; }; - 7264323600A8AD987F000001 /* comcryptPriv.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264322E00A8AD987F000001 /* comcryptPriv.c */; }; -/* End PBXBuildFile section */ - -/* Begin PBXFileReference section */ - 182BB1F2146EF7C1000BF1F3 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 182BB1F3146EF7C1000BF1F3 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 182BB1F4146EF7C1000BF1F3 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 182BB1F5146EF7C1000BF1F3 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 7264321400A8AD0A7F000001 /* libsecurity_comcryption.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_comcryption.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 7264322D00A8AD987F000001 /* comcryption.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = comcryption.c; sourceTree = ""; }; - 7264322E00A8AD987F000001 /* comcryptPriv.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = comcryptPriv.c; sourceTree = ""; }; - 7264322F00A8AD987F000001 /* comcryption.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = comcryption.h; sourceTree = ""; }; - 7264323000A8AD987F000001 /* comcryptPriv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = comcryptPriv.h; sourceTree = ""; }; - 7264323100A8AD987F000001 /* comDebug.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = comDebug.h; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 7264322000A8AD0A7F000001 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 0FD07C9EFE8A174411CD283A = { - isa = PBXGroup; - children = ( - 7264321200A8ACCB7F000001 /* lib */, - 182BB1F1146EF7C1000BF1F3 /* config */, - 31DBE9B3FEEEE8F611CD283A /* Products */, - ); - sourceTree = ""; - }; - 182BB1F1146EF7C1000BF1F3 /* config */ = { - isa = PBXGroup; - children = ( - 182BB1F2146EF7C1000BF1F3 /* base.xcconfig */, - 182BB1F3146EF7C1000BF1F3 /* debug.xcconfig */, - 182BB1F4146EF7C1000BF1F3 /* lib.xcconfig */, - 182BB1F5146EF7C1000BF1F3 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 31DBE9B3FEEEE8F611CD283A /* Products */ = { - isa = PBXGroup; - children = ( - 7264321400A8AD0A7F000001 /* libsecurity_comcryption.a */, - ); - name = Products; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 7264321200A8ACCB7F000001 /* lib */ = { - isa = PBXGroup; - children = ( - 7264322D00A8AD987F000001 /* comcryption.c */, - 7264322F00A8AD987F000001 /* comcryption.h */, - 7264322E00A8AD987F000001 /* comcryptPriv.c */, - 7264323000A8AD987F000001 /* comcryptPriv.h */, - 7264323100A8AD987F000001 /* comDebug.h */, - ); - path = lib; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 7264321E00A8AD0A7F000001 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 7264321D00A8AD0A7F000001 /* libsecurity_comcryption */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD3200987FCDE001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_comcryption" */; - buildPhases = ( - 7264321E00A8AD0A7F000001 /* Headers */, - 7264321F00A8AD0A7F000001 /* Sources */, - 7264322000A8AD0A7F000001 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_comcryption; - productInstallPath = /usr/local/lib; - productName = ComCryption; - productReference = 7264321400A8AD0A7F000001 /* libsecurity_comcryption.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 0FD07C9DFE8A174411CD283A /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD3240987FCDE001272E0 /* Build configuration list for PBXProject "libsecurity_comcryption" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - en, - ); - mainGroup = 0FD07C9EFE8A174411CD283A; - productRefGroup = 0FD07C9EFE8A174411CD283A; - projectDirPath = ""; - projectRoot = ""; - targets = ( - 7264321D00A8AD0A7F000001 /* libsecurity_comcryption */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXSourcesBuildPhase section */ - 7264321F00A8AD0A7F000001 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 7264323500A8AD987F000001 /* comcryption.c in Sources */, - 7264323600A8AD987F000001 /* comcryptPriv.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin XCBuildConfiguration section */ - C27AD3210987FCDE001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB1F3146EF7C1000BF1F3 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Debug; - }; - C27AD3230987FCDE001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB1F5146EF7C1000BF1F3 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Release; - }; - C27AD3250987FCDE001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB1F4146EF7C1000BF1F3 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD3270987FCDE001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB1F4146EF7C1000BF1F3 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C27AD3200987FCDE001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_comcryption" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3210987FCDE001272E0 /* Debug */, - C27AD3230987FCDE001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD3240987FCDE001272E0 /* Build configuration list for PBXProject "libsecurity_comcryption" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3250987FCDE001272E0 /* Debug */, - C27AD3270987FCDE001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 0FD07C9DFE8A174411CD283A /* Project object */; -} diff --git a/OSX/libsecurity_cryptkit/lib/feePublicKey.c b/OSX/libsecurity_cryptkit/lib/feePublicKey.c index 3105723a..d15f14d0 100644 --- a/OSX/libsecurity_cryptkit/lib/feePublicKey.c +++ b/OSX/libsecurity_cryptkit/lib/feePublicKey.c @@ -721,8 +721,6 @@ unsigned feePubKeyBitsize(feePubKey pubKey) default: return bitlen(pkinst->cp->basePrime); } - /* NOT REACHED */ - return 0; } /* diff --git a/OSX/libsecurity_cryptkit/libsecurity_cryptkit.xcodeproj/project.pbxproj b/OSX/libsecurity_cryptkit/libsecurity_cryptkit.xcodeproj/project.pbxproj deleted file mode 100644 index 6625cb52..00000000 --- a/OSX/libsecurity_cryptkit/libsecurity_cryptkit.xcodeproj/project.pbxproj +++ /dev/null @@ -1,796 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 051A6865074BAFAF00A097D5 /* ckconfig.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264323C00A8AF3B7F000001 /* ckconfig.h */; }; - 0536B29C074BC9A000F9F1AD /* byteRep.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264328E00A8B0197F000001 /* byteRep.c */; }; - 0536B29D074BC9A100F9F1AD /* byteRep.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264323800A8AF3B7F000001 /* byteRep.h */; }; - 0536B29E074BC9A200F9F1AD /* ckconfig.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264323C00A8AF3B7F000001 /* ckconfig.h */; }; - 0536B29F074BC9A600F9F1AD /* ckMD5.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A700A8B0197F000001 /* ckMD5.c */; }; - 0536B2A0074BC9A700F9F1AD /* ckMD5.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325F00A8AF3B7F000001 /* ckMD5.h */; }; - 0536B2A1074BC9AA00F9F1AD /* ckSHA1.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432AA00A8B0197F000001 /* ckSHA1.c */; }; - 0536B2A2074BC9AB00F9F1AD /* ckSHA1.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264326200A8AF3B7F000001 /* ckSHA1.h */; }; - 0536B2A3074BC9AC00F9F1AD /* ckSHA1_priv.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A900A8B0197F000001 /* ckSHA1_priv.c */; }; - 0536B2A4074BC9AC00F9F1AD /* ckSHA1_priv.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264326100A8AF3B7F000001 /* ckSHA1_priv.h */; }; - 0536B2A5074BC9AD00F9F1AD /* ckutilities.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329100A8B0197F000001 /* ckutilities.c */; }; - 0536B2A6074BC9AE00F9F1AD /* ckutilities.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264323D00A8AF3B7F000001 /* ckutilities.h */; }; - 0536B2A7074BC9B000F9F1AD /* Crypt.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264323E00A8AF3B7F000001 /* Crypt.h */; }; - 0536B2A8074BC9B200F9F1AD /* CryptKit.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264323F00A8AF3B7F000001 /* CryptKit.h */; }; - 0536B2A9074BC9B600F9F1AD /* CryptKitSA.h in Headers */ = {isa = PBXBuildFile; fileRef = 05B98785074A980600A63360 /* CryptKitSA.h */; }; - 0536B2AA074BC9B800F9F1AD /* curveParamData.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324100A8AF3B7F000001 /* curveParamData.h */; }; - 0536B2AB074BC9BA00F9F1AD /* curveParams.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329200A8B0197F000001 /* curveParams.c */; }; - 0536B2AC074BC9BB00F9F1AD /* curveParams.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324300A8AF3B7F000001 /* curveParams.h */; }; - 0536B2AD074BC9BD00F9F1AD /* elliptic.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329400A8B0197F000001 /* elliptic.c */; }; - 0536B2AE074BC9BF00F9F1AD /* elliptic.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324700A8AF3B7F000001 /* elliptic.h */; }; - 0536B2AF074BC9C200F9F1AD /* enc64.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329600A8B0197F000001 /* enc64.c */; }; - 0536B2B0074BC9C300F9F1AD /* enc64.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324A00A8AF3B7F000001 /* enc64.h */; }; - 0536B2B1074BC9C500F9F1AD /* falloc.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329800A8B0197F000001 /* falloc.c */; }; - 0536B2B2074BC9C500F9F1AD /* falloc.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324B00A8AF3B7F000001 /* falloc.h */; }; - 0536B2B3074BC9C900F9F1AD /* feeDebug.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324D00A8AF3B7F000001 /* feeDebug.h */; }; - 0536B2B4074BC9CB00F9F1AD /* feeDigitalSignature.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329C00A8B0197F000001 /* feeDigitalSignature.c */; }; - 0536B2B5074BC9CC00F9F1AD /* feeDigitalSignature.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324F00A8AF3B7F000001 /* feeDigitalSignature.h */; }; - 0536B2B6074BC9D000F9F1AD /* feeFunctions.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325300A8AF3B7F000001 /* feeFunctions.h */; }; - 0536B2B7074BC9D300F9F1AD /* feeHash.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A000A8B0197F000001 /* feeHash.c */; }; - 0536B2B8074BC9D400F9F1AD /* feeHash.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325400A8AF3B7F000001 /* feeHash.h */; }; - 0536B2B9074BC9D500F9F1AD /* feePublicKey.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A100A8B0197F000001 /* feePublicKey.c */; }; - 0536B2BA074BC9D600F9F1AD /* feePublicKey.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325500A8AF3B7F000001 /* feePublicKey.h */; }; - 0536B2BB074BC9D700F9F1AD /* feePublicKeyPrivate.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325600A8AF3B7F000001 /* feePublicKeyPrivate.h */; }; - 0536B2BC074BC9D900F9F1AD /* giantIntegers.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A400A8B0197F000001 /* giantIntegers.c */; }; - 0536B2BD074BC9DA00F9F1AD /* giantIntegers.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325900A8AF3B7F000001 /* giantIntegers.h */; }; - 0536B2BE074BC9DC00F9F1AD /* feeRandom.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325700A8AF3B7F000001 /* feeRandom.h */; }; - 0536B2BF074BC9DD00F9F1AD /* feeRandom.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A200A8B0197F000001 /* feeRandom.c */; }; - 0536B2C0074BC9E100F9F1AD /* giantPort_Generic.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325A00A8AF3B7F000001 /* giantPort_Generic.h */; }; - 0536B2C1074BC9E200F9F1AD /* giantPort_PPC.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A600A8B0197F000001 /* giantPort_PPC.c */; }; - 0536B2C2074BC9E400F9F1AD /* giantPort_PPC.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325D00A8AF3B7F000001 /* giantPort_PPC.h */; }; - 0536B2C3074BC9E500F9F1AD /* giantPort_PPC_Gnu.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325C00A8AF3B7F000001 /* giantPort_PPC_Gnu.h */; }; - 0536B2C4074BC9E600F9F1AD /* giantPort_PPC_Gnu.s in Sources */ = {isa = PBXBuildFile; fileRef = 726432A500A8B0197F000001 /* giantPort_PPC_Gnu.s */; }; - 0536B2C5074BC9EA00F9F1AD /* giantPortCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325E00A8AF3B7F000001 /* giantPortCommon.h */; }; - 0536B2C6074BC9ED00F9F1AD /* platform.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A800A8B0197F000001 /* platform.c */; }; - 0536B2C7074BC9EE00F9F1AD /* platform.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264326000A8AF3B7F000001 /* platform.h */; }; - 054416BF074D5BAC00DD8A37 /* CipherFileDES.c in Sources */ = {isa = PBXBuildFile; fileRef = 054416BA074D5BAC00DD8A37 /* CipherFileDES.c */; }; - 054416C0074D5BAC00DD8A37 /* CipherFileDES.h in Headers */ = {isa = PBXBuildFile; fileRef = 054416BB074D5BAC00DD8A37 /* CipherFileDES.h */; }; - 054416C1074D5BAC00DD8A37 /* CipherFileFEED.c in Sources */ = {isa = PBXBuildFile; fileRef = 054416BC074D5BAC00DD8A37 /* CipherFileFEED.c */; }; - 054416C2074D5BAC00DD8A37 /* CipherFileFEED.h in Headers */ = {isa = PBXBuildFile; fileRef = 054416BD074D5BAC00DD8A37 /* CipherFileFEED.h */; }; - 054416C3074D5BAC00DD8A37 /* CipherFileTypes.h in Headers */ = {isa = PBXBuildFile; fileRef = 054416BE074D5BAC00DD8A37 /* CipherFileTypes.h */; }; - 054416CC074D5BDA00DD8A37 /* feeCipherFile.c in Sources */ = {isa = PBXBuildFile; fileRef = 054416CA074D5BDA00DD8A37 /* feeCipherFile.c */; }; - 054416CD074D5BDA00DD8A37 /* feeCipherFileAtom.c in Sources */ = {isa = PBXBuildFile; fileRef = 054416CB074D5BDA00DD8A37 /* feeCipherFileAtom.c */; }; - 05B98735074A94E900A63360 /* byteRep.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264328E00A8B0197F000001 /* byteRep.c */; }; - 05B98736074A94EA00A63360 /* byteRep.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264323800A8AF3B7F000001 /* byteRep.h */; }; - 05B98737074A94EB00A63360 /* ckconfig.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264323C00A8AF3B7F000001 /* ckconfig.h */; }; - 05B98738074A94EC00A63360 /* ckDES.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329300A8B0197F000001 /* ckDES.c */; }; - 05B98739074A94ED00A63360 /* ckDES.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324400A8AF3B7F000001 /* ckDES.h */; }; - 05B9873A074A94EE00A63360 /* ckMD5.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A700A8B0197F000001 /* ckMD5.c */; }; - 05B9873B074A94EF00A63360 /* ckMD5.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325F00A8AF3B7F000001 /* ckMD5.h */; }; - 05B9873D074A959B00A63360 /* ckSHA1.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432AA00A8B0197F000001 /* ckSHA1.c */; }; - 05B9873E074A959C00A63360 /* ckSHA1.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264326200A8AF3B7F000001 /* ckSHA1.h */; }; - 05B9873F074A959D00A63360 /* ckSHA1_priv.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A900A8B0197F000001 /* ckSHA1_priv.c */; }; - 05B98740074A959E00A63360 /* ckSHA1_priv.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264326100A8AF3B7F000001 /* ckSHA1_priv.h */; }; - 05B98741074A959F00A63360 /* ckutilities.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329100A8B0197F000001 /* ckutilities.c */; }; - 05B98742074A95A000A63360 /* ckutilities.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264323D00A8AF3B7F000001 /* ckutilities.h */; }; - 05B98743074A95A100A63360 /* Crypt.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264323E00A8AF3B7F000001 /* Crypt.h */; }; - 05B98744074A95A200A63360 /* CryptKit.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264323F00A8AF3B7F000001 /* CryptKit.h */; }; - 05B98749074A95C700A63360 /* curveParamData.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324100A8AF3B7F000001 /* curveParamData.h */; }; - 05B9874A074A95C800A63360 /* curveParams.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329200A8B0197F000001 /* curveParams.c */; }; - 05B9874B074A95C900A63360 /* curveParams.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324300A8AF3B7F000001 /* curveParams.h */; }; - 05B9874D074A95D500A63360 /* ECDSA_Verify_Prefix.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324600A8AF3B7F000001 /* ECDSA_Verify_Prefix.h */; }; - 05B9874E074A95D600A63360 /* elliptic.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329400A8B0197F000001 /* elliptic.c */; }; - 05B9874F074A95D700A63360 /* elliptic.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324700A8AF3B7F000001 /* elliptic.h */; }; - 05B98750074A95D800A63360 /* ellipticMeasure.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324800A8AF3B7F000001 /* ellipticMeasure.h */; }; - 05B98751074A95D900A63360 /* ellipticProj.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329500A8B0197F000001 /* ellipticProj.c */; }; - 05B98752074A95DA00A63360 /* ellipticProj.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324900A8AF3B7F000001 /* ellipticProj.h */; }; - 05B98753074A95DB00A63360 /* enc64.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329600A8B0197F000001 /* enc64.c */; }; - 05B98754074A95DC00A63360 /* enc64.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324A00A8AF3B7F000001 /* enc64.h */; }; - 05B98755074A95DE00A63360 /* engineNSA127.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329700A8B0197F000001 /* engineNSA127.c */; }; - 05B98756074A95DF00A63360 /* falloc.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329800A8B0197F000001 /* falloc.c */; }; - 05B98757074A95E000A63360 /* falloc.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324B00A8AF3B7F000001 /* falloc.h */; }; - 05B98758074A95E100A63360 /* feeCipherFile.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324C00A8AF3B7F000001 /* feeCipherFile.h */; }; - 05B98759074A95E500A63360 /* feeDebug.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324D00A8AF3B7F000001 /* feeDebug.h */; }; - 05B9875A074A95E600A63360 /* feeDES.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329B00A8B0197F000001 /* feeDES.c */; }; - 05B9875B074A95E700A63360 /* feeDES.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324E00A8AF3B7F000001 /* feeDES.h */; }; - 05B9875C074A95E800A63360 /* feeDigitalSignature.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329C00A8B0197F000001 /* feeDigitalSignature.c */; }; - 05B9875D074A95E900A63360 /* feeDigitalSignature.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324F00A8AF3B7F000001 /* feeDigitalSignature.h */; }; - 05B9875E074A95EA00A63360 /* feeECDSA.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329D00A8B0197F000001 /* feeECDSA.c */; }; - 05B9875F074A95EB00A63360 /* feeECDSA.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325000A8AF3B7F000001 /* feeECDSA.h */; }; - 05B98760074A95EB00A63360 /* feeFEED.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329E00A8B0197F000001 /* feeFEED.c */; }; - 05B98761074A95ED00A63360 /* feeFEED.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325100A8AF3B7F000001 /* feeFEED.h */; }; - 05B98762074A95ED00A63360 /* feeFEEDExp.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329F00A8B0197F000001 /* feeFEEDExp.c */; }; - 05B98763074A95EE00A63360 /* feeFEEDExp.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325200A8AF3B7F000001 /* feeFEEDExp.h */; }; - 05B98764074A95EF00A63360 /* feeFunctions.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325300A8AF3B7F000001 /* feeFunctions.h */; }; - 05B98765074A95F000A63360 /* feeHash.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A000A8B0197F000001 /* feeHash.c */; }; - 05B98766074A95F300A63360 /* feeHash.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325400A8AF3B7F000001 /* feeHash.h */; }; - 05B98767074A95F400A63360 /* feePublicKey.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A100A8B0197F000001 /* feePublicKey.c */; }; - 05B98768074A95F500A63360 /* feePublicKey.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325500A8AF3B7F000001 /* feePublicKey.h */; }; - 05B98769074A95F600A63360 /* feePublicKeyPrivate.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325600A8AF3B7F000001 /* feePublicKeyPrivate.h */; }; - 05B9876A074A95F700A63360 /* feeRandom.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A200A8B0197F000001 /* feeRandom.c */; }; - 05B9876B074A95F800A63360 /* feeRandom.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325700A8AF3B7F000001 /* feeRandom.h */; }; - 05B9876C074A95F900A63360 /* feeTypes.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325800A8AF3B7F000001 /* feeTypes.h */; }; - 05B9876D074A95FA00A63360 /* giantIntegers.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A400A8B0197F000001 /* giantIntegers.c */; }; - 05B9876E074A95FB00A63360 /* giantIntegers.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325900A8AF3B7F000001 /* giantIntegers.h */; }; - 05B9876F074A95FC00A63360 /* giantPort_Generic.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325A00A8AF3B7F000001 /* giantPort_Generic.h */; }; - 05B98770074A95FD00A63360 /* giantPort_i486.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325B00A8AF3B7F000001 /* giantPort_i486.h */; }; - 05B98771074A95FE00A63360 /* giantPort_PPC.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A600A8B0197F000001 /* giantPort_PPC.c */; }; - 05B98772074A95FF00A63360 /* giantPort_PPC.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325D00A8AF3B7F000001 /* giantPort_PPC.h */; }; - 05B98773074A960000A63360 /* giantPort_PPC_Gnu.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325C00A8AF3B7F000001 /* giantPort_PPC_Gnu.h */; }; - 05B98774074A960200A63360 /* giantPort_PPC_Gnu.s in Sources */ = {isa = PBXBuildFile; fileRef = 726432A500A8B0197F000001 /* giantPort_PPC_Gnu.s */; }; - 05B98775074A960300A63360 /* giantPortCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264325E00A8AF3B7F000001 /* giantPortCommon.h */; }; - 05B98777074A960A00A63360 /* platform.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A800A8B0197F000001 /* platform.c */; }; - 05B98778074A960C00A63360 /* platform.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264326000A8AF3B7F000001 /* platform.h */; }; - 05B98786074A980600A63360 /* CryptKitSA.h in Headers */ = {isa = PBXBuildFile; fileRef = 05B98785074A980600A63360 /* CryptKitSA.h */; }; - 05DBE17705CF09EE00CA0562 /* ckSHA1.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264326200A8AF3B7F000001 /* ckSHA1.h */; }; - 05F64B6205D01ADA007D1D8E /* ckDES.h in Headers */ = {isa = PBXBuildFile; fileRef = 7264324400A8AF3B7F000001 /* ckDES.h */; }; - 05F64B7505D01C0D007D1D8E /* ckSHA1.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432AA00A8B0197F000001 /* ckSHA1.c */; }; - 4C3EA7F1056AE8BE003C066F /* CryptKitAsn1.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C3EA7EE056AE8BE003C066F /* CryptKitAsn1.cpp */; }; - 4C3EA7F2056AE8BE003C066F /* CryptKitAsn1.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C3EA7EF056AE8BE003C066F /* CryptKitAsn1.h */; }; - 4C3EA7F3056AE8BE003C066F /* CryptKitDER.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C3EA7F0056AE8BE003C066F /* CryptKitDER.cpp */; }; - 726432AC00A8B0197F000001 /* byteRep.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264328E00A8B0197F000001 /* byteRep.c */; }; - 726432AF00A8B0197F000001 /* ckutilities.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329100A8B0197F000001 /* ckutilities.c */; }; - 726432B000A8B0197F000001 /* curveParams.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329200A8B0197F000001 /* curveParams.c */; }; - 726432B200A8B0197F000001 /* elliptic.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329400A8B0197F000001 /* elliptic.c */; }; - 726432B300A8B0197F000001 /* ellipticProj.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329500A8B0197F000001 /* ellipticProj.c */; }; - 726432B400A8B0197F000001 /* enc64.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329600A8B0197F000001 /* enc64.c */; }; - 726432B500A8B0197F000001 /* engineNSA127.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329700A8B0197F000001 /* engineNSA127.c */; }; - 726432B600A8B0197F000001 /* falloc.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329800A8B0197F000001 /* falloc.c */; }; - 726432B900A8B0197F000001 /* feeDES.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329B00A8B0197F000001 /* feeDES.c */; }; - 726432BA00A8B0197F000001 /* feeDigitalSignature.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329C00A8B0197F000001 /* feeDigitalSignature.c */; }; - 726432BB00A8B0197F000001 /* feeECDSA.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329D00A8B0197F000001 /* feeECDSA.c */; }; - 726432BC00A8B0197F000001 /* feeFEED.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329E00A8B0197F000001 /* feeFEED.c */; }; - 726432BD00A8B0197F000001 /* feeFEEDExp.c in Sources */ = {isa = PBXBuildFile; fileRef = 7264329F00A8B0197F000001 /* feeFEEDExp.c */; }; - 726432BE00A8B0197F000001 /* feeHash.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A000A8B0197F000001 /* feeHash.c */; }; - 726432BF00A8B0197F000001 /* feePublicKey.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A100A8B0197F000001 /* feePublicKey.c */; }; - 726432C000A8B0197F000001 /* feeRandom.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A200A8B0197F000001 /* feeRandom.c */; }; - 726432C200A8B0197F000001 /* giantIntegers.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A400A8B0197F000001 /* giantIntegers.c */; }; - 726432C300A8B0197F000001 /* giantPort_PPC_Gnu.s in Sources */ = {isa = PBXBuildFile; fileRef = 726432A500A8B0197F000001 /* giantPort_PPC_Gnu.s */; }; - 726432C400A8B0197F000001 /* giantPort_PPC.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A600A8B0197F000001 /* giantPort_PPC.c */; }; - 726432C600A8B0197F000001 /* platform.c in Sources */ = {isa = PBXBuildFile; fileRef = 726432A800A8B0197F000001 /* platform.c */; }; - 9D3503C400C6EA9100A17CE7 /* HmacSha1Legacy.c in Sources */ = {isa = PBXBuildFile; fileRef = 9D3503C100C6EA9100A17CE7 /* HmacSha1Legacy.c */; }; -/* End PBXBuildFile section */ - -/* Begin PBXFileReference section */ - 0535DCBE074A944D00805B04 /* libCryptKit.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libCryptKit.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 0536B295074BC91A00F9F1AD /* CryptKitSignature.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = CryptKitSignature.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 054416BA074D5BAC00DD8A37 /* CipherFileDES.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = CipherFileDES.c; path = lib/CipherFileDES.c; sourceTree = SOURCE_ROOT; }; - 054416BB074D5BAC00DD8A37 /* CipherFileDES.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = CipherFileDES.h; path = lib/CipherFileDES.h; sourceTree = SOURCE_ROOT; }; - 054416BC074D5BAC00DD8A37 /* CipherFileFEED.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = CipherFileFEED.c; path = lib/CipherFileFEED.c; sourceTree = SOURCE_ROOT; }; - 054416BD074D5BAC00DD8A37 /* CipherFileFEED.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = CipherFileFEED.h; path = lib/CipherFileFEED.h; sourceTree = SOURCE_ROOT; }; - 054416BE074D5BAC00DD8A37 /* CipherFileTypes.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = CipherFileTypes.h; path = lib/CipherFileTypes.h; sourceTree = SOURCE_ROOT; }; - 054416CA074D5BDA00DD8A37 /* feeCipherFile.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = feeCipherFile.c; path = lib/feeCipherFile.c; sourceTree = SOURCE_ROOT; }; - 054416CB074D5BDA00DD8A37 /* feeCipherFileAtom.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = feeCipherFileAtom.c; path = lib/feeCipherFileAtom.c; sourceTree = SOURCE_ROOT; }; - 05B98785074A980600A63360 /* CryptKitSA.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CryptKitSA.h; path = lib/CryptKitSA.h; sourceTree = SOURCE_ROOT; }; - 182BB1F8146EF983000BF1F3 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 182BB1F9146EF983000BF1F3 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 182BB1FA146EF983000BF1F3 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 182BB1FB146EF983000BF1F3 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 4C3EA7EE056AE8BE003C066F /* CryptKitAsn1.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CryptKitAsn1.cpp; sourceTree = ""; }; - 4C3EA7EF056AE8BE003C066F /* CryptKitAsn1.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CryptKitAsn1.h; sourceTree = ""; }; - 4C3EA7F0056AE8BE003C066F /* CryptKitDER.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CryptKitDER.cpp; sourceTree = ""; }; - 7264321600A8AD0A7F000001 /* libsecurity_cryptkit.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_cryptkit.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 7264323800A8AF3B7F000001 /* byteRep.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = byteRep.h; sourceTree = ""; }; - 7264323C00A8AF3B7F000001 /* ckconfig.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ckconfig.h; sourceTree = ""; }; - 7264323D00A8AF3B7F000001 /* ckutilities.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ckutilities.h; sourceTree = ""; }; - 7264323E00A8AF3B7F000001 /* Crypt.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = Crypt.h; sourceTree = ""; }; - 7264323F00A8AF3B7F000001 /* CryptKit.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CryptKit.h; sourceTree = ""; }; - 7264324000A8AF3B7F000001 /* CryptKitDER.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CryptKitDER.h; sourceTree = ""; }; - 7264324100A8AF3B7F000001 /* curveParamData.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = curveParamData.h; sourceTree = ""; }; - 7264324200A8AF3B7F000001 /* curveParamDataOld.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = curveParamDataOld.h; sourceTree = ""; }; - 7264324300A8AF3B7F000001 /* curveParams.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = curveParams.h; sourceTree = ""; }; - 7264324400A8AF3B7F000001 /* ckDES.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ckDES.h; sourceTree = ""; }; - 7264324500A8AF3B7F000001 /* ECDSA_Profile.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ECDSA_Profile.h; sourceTree = ""; }; - 7264324600A8AF3B7F000001 /* ECDSA_Verify_Prefix.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ECDSA_Verify_Prefix.h; sourceTree = ""; }; - 7264324700A8AF3B7F000001 /* elliptic.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = elliptic.h; sourceTree = ""; }; - 7264324800A8AF3B7F000001 /* ellipticMeasure.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ellipticMeasure.h; sourceTree = ""; }; - 7264324900A8AF3B7F000001 /* ellipticProj.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ellipticProj.h; sourceTree = ""; }; - 7264324A00A8AF3B7F000001 /* enc64.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = enc64.h; sourceTree = ""; }; - 7264324B00A8AF3B7F000001 /* falloc.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = falloc.h; sourceTree = ""; }; - 7264324C00A8AF3B7F000001 /* feeCipherFile.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = feeCipherFile.h; sourceTree = ""; }; - 7264324D00A8AF3B7F000001 /* feeDebug.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = feeDebug.h; sourceTree = ""; }; - 7264324E00A8AF3B7F000001 /* feeDES.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = feeDES.h; sourceTree = ""; }; - 7264324F00A8AF3B7F000001 /* feeDigitalSignature.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = feeDigitalSignature.h; sourceTree = ""; }; - 7264325000A8AF3B7F000001 /* feeECDSA.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = feeECDSA.h; sourceTree = ""; }; - 7264325100A8AF3B7F000001 /* feeFEED.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = feeFEED.h; sourceTree = ""; }; - 7264325200A8AF3B7F000001 /* feeFEEDExp.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = feeFEEDExp.h; sourceTree = ""; }; - 7264325300A8AF3B7F000001 /* feeFunctions.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = feeFunctions.h; sourceTree = ""; }; - 7264325400A8AF3B7F000001 /* feeHash.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = feeHash.h; sourceTree = ""; }; - 7264325500A8AF3B7F000001 /* feePublicKey.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = feePublicKey.h; sourceTree = ""; }; - 7264325600A8AF3B7F000001 /* feePublicKeyPrivate.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = feePublicKeyPrivate.h; sourceTree = ""; }; - 7264325700A8AF3B7F000001 /* feeRandom.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = feeRandom.h; sourceTree = ""; }; - 7264325800A8AF3B7F000001 /* feeTypes.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = feeTypes.h; sourceTree = ""; }; - 7264325900A8AF3B7F000001 /* giantIntegers.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = giantIntegers.h; sourceTree = ""; }; - 7264325A00A8AF3B7F000001 /* giantPort_Generic.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = giantPort_Generic.h; sourceTree = ""; }; - 7264325B00A8AF3B7F000001 /* giantPort_i486.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = giantPort_i486.h; sourceTree = ""; }; - 7264325C00A8AF3B7F000001 /* giantPort_PPC_Gnu.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = giantPort_PPC_Gnu.h; sourceTree = ""; }; - 7264325D00A8AF3B7F000001 /* giantPort_PPC.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = giantPort_PPC.h; sourceTree = ""; }; - 7264325E00A8AF3B7F000001 /* giantPortCommon.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = giantPortCommon.h; sourceTree = ""; }; - 7264325F00A8AF3B7F000001 /* ckMD5.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ckMD5.h; sourceTree = ""; }; - 7264326000A8AF3B7F000001 /* platform.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = platform.h; sourceTree = ""; }; - 7264326100A8AF3B7F000001 /* ckSHA1_priv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ckSHA1_priv.h; sourceTree = ""; }; - 7264326200A8AF3B7F000001 /* ckSHA1.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ckSHA1.h; sourceTree = ""; }; - 7264328E00A8B0197F000001 /* byteRep.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = byteRep.c; sourceTree = ""; }; - 7264329100A8B0197F000001 /* ckutilities.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = ckutilities.c; sourceTree = ""; }; - 7264329200A8B0197F000001 /* curveParams.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = curveParams.c; sourceTree = ""; }; - 7264329300A8B0197F000001 /* ckDES.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = ckDES.c; sourceTree = ""; }; - 7264329400A8B0197F000001 /* elliptic.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = elliptic.c; sourceTree = ""; }; - 7264329500A8B0197F000001 /* ellipticProj.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = ellipticProj.c; sourceTree = ""; }; - 7264329600A8B0197F000001 /* enc64.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = enc64.c; sourceTree = ""; }; - 7264329700A8B0197F000001 /* engineNSA127.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = engineNSA127.c; sourceTree = ""; }; - 7264329800A8B0197F000001 /* falloc.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = falloc.c; sourceTree = ""; }; - 7264329B00A8B0197F000001 /* feeDES.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = feeDES.c; sourceTree = ""; }; - 7264329C00A8B0197F000001 /* feeDigitalSignature.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = feeDigitalSignature.c; sourceTree = ""; }; - 7264329D00A8B0197F000001 /* feeECDSA.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = feeECDSA.c; sourceTree = ""; }; - 7264329E00A8B0197F000001 /* feeFEED.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = feeFEED.c; sourceTree = ""; }; - 7264329F00A8B0197F000001 /* feeFEEDExp.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = feeFEEDExp.c; sourceTree = ""; }; - 726432A000A8B0197F000001 /* feeHash.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = feeHash.c; sourceTree = ""; }; - 726432A100A8B0197F000001 /* feePublicKey.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = feePublicKey.c; sourceTree = ""; }; - 726432A200A8B0197F000001 /* feeRandom.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = feeRandom.c; sourceTree = ""; }; - 726432A400A8B0197F000001 /* giantIntegers.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = giantIntegers.c; sourceTree = ""; }; - 726432A500A8B0197F000001 /* giantPort_PPC_Gnu.s */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.asm; path = giantPort_PPC_Gnu.s; sourceTree = ""; }; - 726432A600A8B0197F000001 /* giantPort_PPC.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = giantPort_PPC.c; sourceTree = ""; }; - 726432A700A8B0197F000001 /* ckMD5.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = ckMD5.c; sourceTree = ""; }; - 726432A800A8B0197F000001 /* platform.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = platform.c; sourceTree = ""; }; - 726432A900A8B0197F000001 /* ckSHA1_priv.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = ckSHA1_priv.c; sourceTree = ""; }; - 726432AA00A8B0197F000001 /* ckSHA1.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = ckSHA1.c; sourceTree = ""; }; - 9D3503C100C6EA9100A17CE7 /* HmacSha1Legacy.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = HmacSha1Legacy.c; sourceTree = ""; }; - 9D3503C200C6EA9100A17CE7 /* HmacSha1Legacy.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = HmacSha1Legacy.h; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 0535DCBC074A944D00805B04 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 0536B293074BC91A00F9F1AD /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 7264322B00A8AD0A7F000001 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 0FD07C9EFE8A174411CD283A = { - isa = PBXGroup; - children = ( - 7264321100A8ACCB7F000001 /* lib */, - 182BB1F7146EF983000BF1F3 /* config */, - 31DBE9B3FEEEE8F611CD283A /* Products */, - ); - sourceTree = ""; - }; - 182BB1F7146EF983000BF1F3 /* config */ = { - isa = PBXGroup; - children = ( - 182BB1F8146EF983000BF1F3 /* base.xcconfig */, - 182BB1F9146EF983000BF1F3 /* debug.xcconfig */, - 182BB1FA146EF983000BF1F3 /* lib.xcconfig */, - 182BB1FB146EF983000BF1F3 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 31DBE9B3FEEEE8F611CD283A /* Products */ = { - isa = PBXGroup; - children = ( - 7264321600A8AD0A7F000001 /* libsecurity_cryptkit.a */, - 0535DCBE074A944D00805B04 /* libCryptKit.a */, - 0536B295074BC91A00F9F1AD /* CryptKitSignature.a */, - ); - name = Products; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 7264321100A8ACCB7F000001 /* lib */ = { - isa = PBXGroup; - children = ( - 054416CA074D5BDA00DD8A37 /* feeCipherFile.c */, - 054416CB074D5BDA00DD8A37 /* feeCipherFileAtom.c */, - 7264328E00A8B0197F000001 /* byteRep.c */, - 7264323800A8AF3B7F000001 /* byteRep.h */, - 054416BA074D5BAC00DD8A37 /* CipherFileDES.c */, - 054416BB074D5BAC00DD8A37 /* CipherFileDES.h */, - 054416BC074D5BAC00DD8A37 /* CipherFileFEED.c */, - 054416BD074D5BAC00DD8A37 /* CipherFileFEED.h */, - 054416BE074D5BAC00DD8A37 /* CipherFileTypes.h */, - 7264323C00A8AF3B7F000001 /* ckconfig.h */, - 7264329300A8B0197F000001 /* ckDES.c */, - 7264324400A8AF3B7F000001 /* ckDES.h */, - 726432A700A8B0197F000001 /* ckMD5.c */, - 7264325F00A8AF3B7F000001 /* ckMD5.h */, - 726432AA00A8B0197F000001 /* ckSHA1.c */, - 7264326200A8AF3B7F000001 /* ckSHA1.h */, - 726432A900A8B0197F000001 /* ckSHA1_priv.c */, - 7264326100A8AF3B7F000001 /* ckSHA1_priv.h */, - 7264329100A8B0197F000001 /* ckutilities.c */, - 7264323D00A8AF3B7F000001 /* ckutilities.h */, - 7264323E00A8AF3B7F000001 /* Crypt.h */, - 05B98785074A980600A63360 /* CryptKitSA.h */, - 7264323F00A8AF3B7F000001 /* CryptKit.h */, - 4C3EA7EE056AE8BE003C066F /* CryptKitAsn1.cpp */, - 4C3EA7EF056AE8BE003C066F /* CryptKitAsn1.h */, - 4C3EA7F0056AE8BE003C066F /* CryptKitDER.cpp */, - 7264324000A8AF3B7F000001 /* CryptKitDER.h */, - 7264324100A8AF3B7F000001 /* curveParamData.h */, - 7264324200A8AF3B7F000001 /* curveParamDataOld.h */, - 7264329200A8B0197F000001 /* curveParams.c */, - 7264324300A8AF3B7F000001 /* curveParams.h */, - 7264324500A8AF3B7F000001 /* ECDSA_Profile.h */, - 7264324600A8AF3B7F000001 /* ECDSA_Verify_Prefix.h */, - 7264329400A8B0197F000001 /* elliptic.c */, - 7264324700A8AF3B7F000001 /* elliptic.h */, - 7264324800A8AF3B7F000001 /* ellipticMeasure.h */, - 7264329500A8B0197F000001 /* ellipticProj.c */, - 7264324900A8AF3B7F000001 /* ellipticProj.h */, - 7264329600A8B0197F000001 /* enc64.c */, - 7264324A00A8AF3B7F000001 /* enc64.h */, - 7264329700A8B0197F000001 /* engineNSA127.c */, - 7264329800A8B0197F000001 /* falloc.c */, - 7264324B00A8AF3B7F000001 /* falloc.h */, - 7264324C00A8AF3B7F000001 /* feeCipherFile.h */, - 7264324D00A8AF3B7F000001 /* feeDebug.h */, - 7264329B00A8B0197F000001 /* feeDES.c */, - 7264324E00A8AF3B7F000001 /* feeDES.h */, - 7264329C00A8B0197F000001 /* feeDigitalSignature.c */, - 7264324F00A8AF3B7F000001 /* feeDigitalSignature.h */, - 7264329D00A8B0197F000001 /* feeECDSA.c */, - 7264325000A8AF3B7F000001 /* feeECDSA.h */, - 7264329E00A8B0197F000001 /* feeFEED.c */, - 7264325100A8AF3B7F000001 /* feeFEED.h */, - 7264329F00A8B0197F000001 /* feeFEEDExp.c */, - 7264325200A8AF3B7F000001 /* feeFEEDExp.h */, - 7264325300A8AF3B7F000001 /* feeFunctions.h */, - 726432A000A8B0197F000001 /* feeHash.c */, - 7264325400A8AF3B7F000001 /* feeHash.h */, - 726432A100A8B0197F000001 /* feePublicKey.c */, - 7264325500A8AF3B7F000001 /* feePublicKey.h */, - 7264325600A8AF3B7F000001 /* feePublicKeyPrivate.h */, - 726432A200A8B0197F000001 /* feeRandom.c */, - 7264325700A8AF3B7F000001 /* feeRandom.h */, - 7264325800A8AF3B7F000001 /* feeTypes.h */, - 726432A400A8B0197F000001 /* giantIntegers.c */, - 7264325900A8AF3B7F000001 /* giantIntegers.h */, - 7264325A00A8AF3B7F000001 /* giantPort_Generic.h */, - 7264325B00A8AF3B7F000001 /* giantPort_i486.h */, - 726432A600A8B0197F000001 /* giantPort_PPC.c */, - 7264325D00A8AF3B7F000001 /* giantPort_PPC.h */, - 7264325C00A8AF3B7F000001 /* giantPort_PPC_Gnu.h */, - 726432A500A8B0197F000001 /* giantPort_PPC_Gnu.s */, - 7264325E00A8AF3B7F000001 /* giantPortCommon.h */, - 9D3503C100C6EA9100A17CE7 /* HmacSha1Legacy.c */, - 9D3503C200C6EA9100A17CE7 /* HmacSha1Legacy.h */, - 726432A800A8B0197F000001 /* platform.c */, - 7264326000A8AF3B7F000001 /* platform.h */, - ); - path = lib; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 0535DCBA074A944D00805B04 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 05B98736074A94EA00A63360 /* byteRep.h in Headers */, - 05B98737074A94EB00A63360 /* ckconfig.h in Headers */, - 05B98739074A94ED00A63360 /* ckDES.h in Headers */, - 05B9873B074A94EF00A63360 /* ckMD5.h in Headers */, - 05B9873E074A959C00A63360 /* ckSHA1.h in Headers */, - 05B98740074A959E00A63360 /* ckSHA1_priv.h in Headers */, - 05B98742074A95A000A63360 /* ckutilities.h in Headers */, - 05B98743074A95A100A63360 /* Crypt.h in Headers */, - 05B98744074A95A200A63360 /* CryptKit.h in Headers */, - 05B98749074A95C700A63360 /* curveParamData.h in Headers */, - 05B9874B074A95C900A63360 /* curveParams.h in Headers */, - 05B9874D074A95D500A63360 /* ECDSA_Verify_Prefix.h in Headers */, - 05B9874F074A95D700A63360 /* elliptic.h in Headers */, - 05B98750074A95D800A63360 /* ellipticMeasure.h in Headers */, - 05B98752074A95DA00A63360 /* ellipticProj.h in Headers */, - 05B98754074A95DC00A63360 /* enc64.h in Headers */, - 05B98757074A95E000A63360 /* falloc.h in Headers */, - 05B98758074A95E100A63360 /* feeCipherFile.h in Headers */, - 05B98759074A95E500A63360 /* feeDebug.h in Headers */, - 05B9875B074A95E700A63360 /* feeDES.h in Headers */, - 05B9875D074A95E900A63360 /* feeDigitalSignature.h in Headers */, - 05B9875F074A95EB00A63360 /* feeECDSA.h in Headers */, - 05B98761074A95ED00A63360 /* feeFEED.h in Headers */, - 05B98763074A95EE00A63360 /* feeFEEDExp.h in Headers */, - 05B98764074A95EF00A63360 /* feeFunctions.h in Headers */, - 05B98766074A95F300A63360 /* feeHash.h in Headers */, - 05B98768074A95F500A63360 /* feePublicKey.h in Headers */, - 05B98769074A95F600A63360 /* feePublicKeyPrivate.h in Headers */, - 05B9876B074A95F800A63360 /* feeRandom.h in Headers */, - 05B9876C074A95F900A63360 /* feeTypes.h in Headers */, - 05B9876E074A95FB00A63360 /* giantIntegers.h in Headers */, - 05B9876F074A95FC00A63360 /* giantPort_Generic.h in Headers */, - 05B98770074A95FD00A63360 /* giantPort_i486.h in Headers */, - 05B98772074A95FF00A63360 /* giantPort_PPC.h in Headers */, - 05B98773074A960000A63360 /* giantPort_PPC_Gnu.h in Headers */, - 05B98775074A960300A63360 /* giantPortCommon.h in Headers */, - 05B98778074A960C00A63360 /* platform.h in Headers */, - 05B98786074A980600A63360 /* CryptKitSA.h in Headers */, - 054416C0074D5BAC00DD8A37 /* CipherFileDES.h in Headers */, - 054416C2074D5BAC00DD8A37 /* CipherFileFEED.h in Headers */, - 054416C3074D5BAC00DD8A37 /* CipherFileTypes.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 0536B291074BC91A00F9F1AD /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 0536B29D074BC9A100F9F1AD /* byteRep.h in Headers */, - 0536B29E074BC9A200F9F1AD /* ckconfig.h in Headers */, - 0536B2A0074BC9A700F9F1AD /* ckMD5.h in Headers */, - 0536B2A2074BC9AB00F9F1AD /* ckSHA1.h in Headers */, - 0536B2A4074BC9AC00F9F1AD /* ckSHA1_priv.h in Headers */, - 0536B2A6074BC9AE00F9F1AD /* ckutilities.h in Headers */, - 0536B2A7074BC9B000F9F1AD /* Crypt.h in Headers */, - 0536B2A8074BC9B200F9F1AD /* CryptKit.h in Headers */, - 0536B2A9074BC9B600F9F1AD /* CryptKitSA.h in Headers */, - 0536B2AA074BC9B800F9F1AD /* curveParamData.h in Headers */, - 0536B2AC074BC9BB00F9F1AD /* curveParams.h in Headers */, - 0536B2AE074BC9BF00F9F1AD /* elliptic.h in Headers */, - 0536B2B0074BC9C300F9F1AD /* enc64.h in Headers */, - 0536B2B2074BC9C500F9F1AD /* falloc.h in Headers */, - 0536B2B3074BC9C900F9F1AD /* feeDebug.h in Headers */, - 0536B2B5074BC9CC00F9F1AD /* feeDigitalSignature.h in Headers */, - 0536B2B6074BC9D000F9F1AD /* feeFunctions.h in Headers */, - 0536B2B8074BC9D400F9F1AD /* feeHash.h in Headers */, - 0536B2BA074BC9D600F9F1AD /* feePublicKey.h in Headers */, - 0536B2BB074BC9D700F9F1AD /* feePublicKeyPrivate.h in Headers */, - 0536B2BD074BC9DA00F9F1AD /* giantIntegers.h in Headers */, - 0536B2BE074BC9DC00F9F1AD /* feeRandom.h in Headers */, - 0536B2C0074BC9E100F9F1AD /* giantPort_Generic.h in Headers */, - 0536B2C2074BC9E400F9F1AD /* giantPort_PPC.h in Headers */, - 0536B2C3074BC9E500F9F1AD /* giantPort_PPC_Gnu.h in Headers */, - 0536B2C5074BC9EA00F9F1AD /* giantPortCommon.h in Headers */, - 0536B2C7074BC9EE00F9F1AD /* platform.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 7264322900A8AD0A7F000001 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 4C3EA7F2056AE8BE003C066F /* CryptKitAsn1.h in Headers */, - 05DBE17705CF09EE00CA0562 /* ckSHA1.h in Headers */, - 05F64B6205D01ADA007D1D8E /* ckDES.h in Headers */, - 051A6865074BAFAF00A097D5 /* ckconfig.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 0535DCBD074A944D00805B04 /* libCryptKit */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD3320987FCDE001272E0 /* Build configuration list for PBXNativeTarget "libCryptKit" */; - buildPhases = ( - 0535DCBA074A944D00805B04 /* Headers */, - 0535DCBB074A944D00805B04 /* Sources */, - 0535DCBC074A944D00805B04 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libCryptKit; - productName = libCryptKit; - productReference = 0535DCBE074A944D00805B04 /* libCryptKit.a */; - productType = "com.apple.product-type.library.static"; - }; - 0536B294074BC91A00F9F1AD /* CryptKitSignature */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD3360987FCDE001272E0 /* Build configuration list for PBXNativeTarget "CryptKitSignature" */; - buildPhases = ( - 0536B291074BC91A00F9F1AD /* Headers */, - 0536B292074BC91A00F9F1AD /* Sources */, - 0536B293074BC91A00F9F1AD /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = CryptKitSignature; - productName = CryptKitSignature; - productReference = 0536B295074BC91A00F9F1AD /* CryptKitSignature.a */; - productType = "com.apple.product-type.library.static"; - }; - 7264322800A8AD0A7F000001 /* libsecurity_cryptkit */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD32E0987FCDE001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_cryptkit" */; - buildPhases = ( - 7264322900A8AD0A7F000001 /* Headers */, - 7264322A00A8AD0A7F000001 /* Sources */, - 7264322B00A8AD0A7F000001 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_cryptkit; - productInstallPath = /usr/local/lib; - productName = CryptKit; - productReference = 7264321600A8AD0A7F000001 /* libsecurity_cryptkit.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 0FD07C9DFE8A174411CD283A /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD33A0987FCDE001272E0 /* Build configuration list for PBXProject "libsecurity_cryptkit" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - en, - ); - mainGroup = 0FD07C9EFE8A174411CD283A; - productRefGroup = 0FD07C9EFE8A174411CD283A; - projectDirPath = ""; - projectRoot = ""; - targets = ( - 7264322800A8AD0A7F000001 /* libsecurity_cryptkit */, - 0535DCBD074A944D00805B04 /* libCryptKit */, - 0536B294074BC91A00F9F1AD /* CryptKitSignature */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXSourcesBuildPhase section */ - 0535DCBB074A944D00805B04 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 05B98735074A94E900A63360 /* byteRep.c in Sources */, - 05B98738074A94EC00A63360 /* ckDES.c in Sources */, - 05B9873A074A94EE00A63360 /* ckMD5.c in Sources */, - 05B9873D074A959B00A63360 /* ckSHA1.c in Sources */, - 05B9873F074A959D00A63360 /* ckSHA1_priv.c in Sources */, - 05B98741074A959F00A63360 /* ckutilities.c in Sources */, - 05B9874A074A95C800A63360 /* curveParams.c in Sources */, - 05B9874E074A95D600A63360 /* elliptic.c in Sources */, - 05B98751074A95D900A63360 /* ellipticProj.c in Sources */, - 05B98753074A95DB00A63360 /* enc64.c in Sources */, - 05B98755074A95DE00A63360 /* engineNSA127.c in Sources */, - 05B98756074A95DF00A63360 /* falloc.c in Sources */, - 05B9875A074A95E600A63360 /* feeDES.c in Sources */, - 05B9875C074A95E800A63360 /* feeDigitalSignature.c in Sources */, - 05B9875E074A95EA00A63360 /* feeECDSA.c in Sources */, - 05B98760074A95EB00A63360 /* feeFEED.c in Sources */, - 05B98762074A95ED00A63360 /* feeFEEDExp.c in Sources */, - 05B98765074A95F000A63360 /* feeHash.c in Sources */, - 05B98767074A95F400A63360 /* feePublicKey.c in Sources */, - 05B9876A074A95F700A63360 /* feeRandom.c in Sources */, - 05B9876D074A95FA00A63360 /* giantIntegers.c in Sources */, - 05B98771074A95FE00A63360 /* giantPort_PPC.c in Sources */, - 05B98774074A960200A63360 /* giantPort_PPC_Gnu.s in Sources */, - 05B98777074A960A00A63360 /* platform.c in Sources */, - 054416BF074D5BAC00DD8A37 /* CipherFileDES.c in Sources */, - 054416C1074D5BAC00DD8A37 /* CipherFileFEED.c in Sources */, - 054416CC074D5BDA00DD8A37 /* feeCipherFile.c in Sources */, - 054416CD074D5BDA00DD8A37 /* feeCipherFileAtom.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 0536B292074BC91A00F9F1AD /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 0536B29C074BC9A000F9F1AD /* byteRep.c in Sources */, - 0536B29F074BC9A600F9F1AD /* ckMD5.c in Sources */, - 0536B2A1074BC9AA00F9F1AD /* ckSHA1.c in Sources */, - 0536B2A3074BC9AC00F9F1AD /* ckSHA1_priv.c in Sources */, - 0536B2A5074BC9AD00F9F1AD /* ckutilities.c in Sources */, - 0536B2AB074BC9BA00F9F1AD /* curveParams.c in Sources */, - 0536B2AD074BC9BD00F9F1AD /* elliptic.c in Sources */, - 0536B2AF074BC9C200F9F1AD /* enc64.c in Sources */, - 0536B2B1074BC9C500F9F1AD /* falloc.c in Sources */, - 0536B2B4074BC9CB00F9F1AD /* feeDigitalSignature.c in Sources */, - 0536B2B7074BC9D300F9F1AD /* feeHash.c in Sources */, - 0536B2B9074BC9D500F9F1AD /* feePublicKey.c in Sources */, - 0536B2BC074BC9D900F9F1AD /* giantIntegers.c in Sources */, - 0536B2BF074BC9DD00F9F1AD /* feeRandom.c in Sources */, - 0536B2C1074BC9E200F9F1AD /* giantPort_PPC.c in Sources */, - 0536B2C4074BC9E600F9F1AD /* giantPort_PPC_Gnu.s in Sources */, - 0536B2C6074BC9ED00F9F1AD /* platform.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 7264322A00A8AD0A7F000001 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 726432AC00A8B0197F000001 /* byteRep.c in Sources */, - 726432AF00A8B0197F000001 /* ckutilities.c in Sources */, - 4C3EA7F1056AE8BE003C066F /* CryptKitAsn1.cpp in Sources */, - 4C3EA7F3056AE8BE003C066F /* CryptKitDER.cpp in Sources */, - 726432B000A8B0197F000001 /* curveParams.c in Sources */, - 726432B200A8B0197F000001 /* elliptic.c in Sources */, - 726432B300A8B0197F000001 /* ellipticProj.c in Sources */, - 726432B400A8B0197F000001 /* enc64.c in Sources */, - 726432B500A8B0197F000001 /* engineNSA127.c in Sources */, - 726432B600A8B0197F000001 /* falloc.c in Sources */, - 726432B900A8B0197F000001 /* feeDES.c in Sources */, - 726432BA00A8B0197F000001 /* feeDigitalSignature.c in Sources */, - 726432BB00A8B0197F000001 /* feeECDSA.c in Sources */, - 726432BC00A8B0197F000001 /* feeFEED.c in Sources */, - 726432BD00A8B0197F000001 /* feeFEEDExp.c in Sources */, - 726432BE00A8B0197F000001 /* feeHash.c in Sources */, - 726432BF00A8B0197F000001 /* feePublicKey.c in Sources */, - 726432C000A8B0197F000001 /* feeRandom.c in Sources */, - 726432C200A8B0197F000001 /* giantIntegers.c in Sources */, - 726432C400A8B0197F000001 /* giantPort_PPC.c in Sources */, - 726432C300A8B0197F000001 /* giantPort_PPC_Gnu.s in Sources */, - 9D3503C400C6EA9100A17CE7 /* HmacSha1Legacy.c in Sources */, - 726432C600A8B0197F000001 /* platform.c in Sources */, - 05F64B7505D01C0D007D1D8E /* ckSHA1.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin XCBuildConfiguration section */ - C27AD32F0987FCDE001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB1F9146EF983000BF1F3 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - OTHER_CFLAGS = ( - "$(inherited)", - "-DCK_SECURITY_BUILD", - ); - }; - name = Debug; - }; - C27AD3310987FCDE001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB1FB146EF983000BF1F3 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - OTHER_CFLAGS = ( - "$(inherited)", - "-DCK_SECURITY_BUILD", - ); - }; - name = Release; - }; - C27AD3330987FCDE001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB1F9146EF983000BF1F3 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - OTHER_CFLAGS = "-DCK_STANDALONE_BUILD"; - }; - name = Debug; - }; - C27AD3350987FCDE001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB1FB146EF983000BF1F3 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - OTHER_CFLAGS = "-DCK_STANDALONE_BUILD"; - }; - name = Release; - }; - C27AD3370987FCDE001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB1F9146EF983000BF1F3 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - OTHER_CFLAGS = "-DCK_MINIMUM_SIG_BUILD"; - }; - name = Debug; - }; - C27AD3390987FCDE001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB1FB146EF983000BF1F3 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - OTHER_CFLAGS = "-DCK_MINIMUM_SIG_BUILD"; - }; - name = Release; - }; - C27AD33B0987FCDE001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB1FA146EF983000BF1F3 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD33D0987FCDE001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB1FA146EF983000BF1F3 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C27AD32E0987FCDE001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_cryptkit" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD32F0987FCDE001272E0 /* Debug */, - C27AD3310987FCDE001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD3320987FCDE001272E0 /* Build configuration list for PBXNativeTarget "libCryptKit" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3330987FCDE001272E0 /* Debug */, - C27AD3350987FCDE001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD3360987FCDE001272E0 /* Build configuration list for PBXNativeTarget "CryptKitSignature" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3370987FCDE001272E0 /* Debug */, - C27AD3390987FCDE001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD33A0987FCDE001272E0 /* Build configuration list for PBXProject "libsecurity_cryptkit" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD33B0987FCDE001272E0 /* Debug */, - C27AD33D0987FCDE001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 0FD07C9DFE8A174411CD283A /* Project object */; -} diff --git a/OSX/libsecurity_cssm/lib/cssmapi.h b/OSX/libsecurity_cssm/lib/cssmapi.h index 68680f05..9540dd9e 100644 --- a/OSX/libsecurity_cssm/lib/cssmapi.h +++ b/OSX/libsecurity_cssm/lib/cssmapi.h @@ -431,7 +431,7 @@ CSSM_CSP_ChangeLoginAcl (CSSM_CSP_HANDLE CSPHandle, /* -------------------------------------------------------------------------- CSSM_GetKeyAcl has been deprecated in 10.7 and later. If the key in question is in a keychain then the ACL for the key can be - aquired by using the SecItemCopyMatching API specifically + acquired by using the SecItemCopyMatching API specifically kSecReturnAttributes with a value of kCFBooleanTrue. In the attributes dictionary is kSecAttrAccess key with a value of a SecAccessRef. With a SecAccessRef the ACL for the key can be gotten using either the @@ -460,7 +460,7 @@ CSSM_ChangeKeyAcl (CSSM_CSP_HANDLE CSPHandle, /* -------------------------------------------------------------------------- CSSM_GetKeyOwner has been deprecated in 10.7 and later. If the key in question is in a keychain then the ACL for the key can be - aquired by using the SecItemCopyMatching API specifically + acquired by using the SecItemCopyMatching API specifically kSecReturnAttributes with a value of kCFBooleanTrue. In the attributes dictionary is kSecAttrAccess key with a value of a SecAccessRef. With a SecAccessRef the ACL for the key can be gotten using either the diff --git a/OSX/libsecurity_cssm/lib/generator.mk b/OSX/libsecurity_cssm/lib/generator.mk deleted file mode 100644 index 95f0be1d..00000000 --- a/OSX/libsecurity_cssm/lib/generator.mk +++ /dev/null @@ -1,33 +0,0 @@ -# -# Copyright (c) 2001,2004,2011,2014 Apple Inc. All Rights Reserved. -# -# @APPLE_LICENSE_HEADER_START@ -# -# This file contains Original Code and/or Modifications of Original Code -# as defined in and that are subject to the Apple Public Source License -# Version 2.0 (the 'License'). You may not use this file except in -# compliance with the License. Please obtain a copy of the License at -# http://www.opensource.apple.com/apsl/ and read it before using this -# file. -# -# The Original Code and all software distributed under the License are -# distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER -# EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, -# INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. -# Please see the License for the specific language governing rights and -# limitations under the License. -# -# @APPLE_LICENSE_HEADER_END@ -# -# generator.mk -- Makefile for generated files. - -$(TARGET)/cssmexports.gen $(TARGET)/funcnames.gen $(TARGET)/generator.rpt $(TARGET)/transition.gen: \ - $(SOURCEDIR)/cssmapi.h \ - $(SOURCEDIR)/cssmaci.h \ - $(SOURCEDIR)/cssmcspi.h \ - $(SOURCEDIR)/cssmdli.h \ - $(SOURCEDIR)/cssmcli.h \ - $(SOURCEDIR)/cssmtpi.h - mkdir -p $(TARGET) - /usr/bin/perl lib/generator.pl $(SOURCEDIR) $(CONFIG) $(TARGET) diff --git a/OSX/libsecurity_cssm/lib/oidsbase.h b/OSX/libsecurity_cssm/lib/oidsbase.h index a58f1377..ba77883d 100644 --- a/OSX/libsecurity_cssm/lib/oidsbase.h +++ b/OSX/libsecurity_cssm/lib/oidsbase.h @@ -30,6 +30,10 @@ extern "C" { #endif +#define SECASN1OID_DEF(NAME, VALUE, ARGS...) \ +static const uint8_t _##NAME[] = { VALUE, ## ARGS }; \ +const SecAsn1Oid NAME = { sizeof(_##NAME), (uint8_t *)_##NAME } + /* Intel CSSM */ #define INTEL 96, 134, 72, 1, 134, 248, 77 @@ -496,6 +500,12 @@ representation is implied */ #define NETSCAPE_CERT_POLICY NETSCAPE_BASE_OID, 0x04 #define NETSCAPE_CERT_POLICY_LENGTH NETSCAPE_BASE_OID_LEN + 1 +/* Google OIDs: 1.3.6.1.4.1.11129. */ +#define GOOGLE_BASE_OID OID_DOD, 0x01, 0x04, 0x01, 0xD6, 0x79 +#define GOOGLE_BASE_OID_LEN OID_DOD_LEN + 5 +#define GOOGLE_EMBEDDED_SCT_OID GOOGLE_BASE_OID, 0x02, 0x04, 0x02 +#define GOOGLE_OCSP_SCT_OID GOOGLE_BASE_OID, 0x02, 0x04, 0x05 + /* * Domain Component OID */ diff --git a/OSX/libsecurity_cssm/libsecurity_cssm.xcodeproj/project.pbxproj b/OSX/libsecurity_cssm/libsecurity_cssm.xcodeproj/project.pbxproj deleted file mode 100644 index 462aded3..00000000 --- a/OSX/libsecurity_cssm/libsecurity_cssm.xcodeproj/project.pbxproj +++ /dev/null @@ -1,530 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 05D5BC2E0694857A00145F1E /* cssmapplePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 05D5BC2D0694857A00145F1E /* cssmapplePriv.h */; settings = {ATTRIBUTES = (); }; }; - 18B647E514D9E72900F538BF /* oidsalg.c in Sources */ = {isa = PBXBuildFile; fileRef = C2F845AC052CA34400F4D742 /* oidsalg.c */; }; - 4CC62CE9058134E00020B996 /* certextensions.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE87057FF55900981D43 /* certextensions.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62CEA058134E00020B996 /* cssm.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE88057FF55900981D43 /* cssm.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62CEB058134E00020B996 /* cssmaci.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE89057FF55900981D43 /* cssmaci.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62CEC058134E00020B996 /* cssmapi.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE8A057FF55900981D43 /* cssmapi.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62CED058134E00020B996 /* cssmapple.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE8B057FF55900981D43 /* cssmapple.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62CEE058134E00020B996 /* cssmcli.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE8C057FF55900981D43 /* cssmcli.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62CEF058134E00020B996 /* cssmconfig.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE8D057FF55900981D43 /* cssmconfig.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62CF0058134E00020B996 /* cssmcspi.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE8E057FF55900981D43 /* cssmcspi.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62CF1058134E00020B996 /* cssmdli.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE8F057FF55900981D43 /* cssmdli.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62CF2058134E00020B996 /* cssmerr.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE90057FF55900981D43 /* cssmerr.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62CF3058134E00020B996 /* cssmkrapi.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE91057FF55900981D43 /* cssmkrapi.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62CF4058134E00020B996 /* cssmkrspi.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE92057FF55900981D43 /* cssmkrspi.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62CF5058134E00020B996 /* cssmspi.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE93057FF55900981D43 /* cssmspi.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62CF6058134E00020B996 /* cssmtpi.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE94057FF55900981D43 /* cssmtpi.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62CF7058134E00020B996 /* cssmtype.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE95057FF55900981D43 /* cssmtype.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62CF8058134E00020B996 /* eisl.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE96057FF55900981D43 /* eisl.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62CF9058134E00020B996 /* emmspi.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE97057FF55900981D43 /* emmspi.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62CFA058134E00020B996 /* emmtype.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE98057FF55900981D43 /* emmtype.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62CFD058134E00020B996 /* oidsbase.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE9D057FF55900981D43 /* oidsbase.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62CFE058134E00020B996 /* oidscert.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE9E057FF55900981D43 /* oidscert.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62CFF058134E00020B996 /* oidscrl.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFE9F057FF55900981D43 /* oidscrl.h */; settings = {ATTRIBUTES = (); }; }; - 4CC62D00058134E00020B996 /* x509defs.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCBFEA0057FF55900981D43 /* x509defs.h */; settings = {ATTRIBUTES = (); }; }; - C2F845B1052CA34400F4D742 /* attachfactory.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F84591052CA34400F4D742 /* attachfactory.cpp */; }; - C2F845B2052CA34400F4D742 /* attachfactory.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F84592052CA34400F4D742 /* attachfactory.h */; }; - C2F845B3052CA34400F4D742 /* attachment.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F84593052CA34400F4D742 /* attachment.cpp */; }; - C2F845B4052CA34400F4D742 /* attachment.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F84594052CA34400F4D742 /* attachment.h */; }; - C2F845B6052CA34400F4D742 /* cspattachment.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F84596052CA34400F4D742 /* cspattachment.cpp */; }; - C2F845B7052CA34400F4D742 /* cspattachment.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F84597052CA34400F4D742 /* cspattachment.h */; }; - C2F845B8052CA34400F4D742 /* cssm.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F84598052CA34400F4D742 /* cssm.cpp */; }; - C2F845B9052CA34400F4D742 /* cssmcontext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F84599052CA34400F4D742 /* cssmcontext.cpp */; }; - C2F845BA052CA34400F4D742 /* cssmcontext.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F8459A052CA34400F4D742 /* cssmcontext.h */; }; - C2F845BB052CA34400F4D742 /* cssmint.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F8459B052CA34400F4D742 /* cssmint.h */; }; - C2F845BC052CA34400F4D742 /* cssmmds.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F8459C052CA34400F4D742 /* cssmmds.cpp */; }; - C2F845BD052CA34400F4D742 /* cssmmds.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F8459D052CA34400F4D742 /* cssmmds.h */; }; - C2F845BE052CA34400F4D742 /* guids.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F845A1052CA34400F4D742 /* guids.cpp */; }; - C2F845BF052CA34400F4D742 /* manager.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F845A2052CA34400F4D742 /* manager.cpp */; }; - C2F845C0052CA34400F4D742 /* manager.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F845A3052CA34400F4D742 /* manager.h */; }; - C2F845C1052CA34400F4D742 /* modload_plugin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F845A4052CA34400F4D742 /* modload_plugin.cpp */; }; - C2F845C2052CA34400F4D742 /* modload_plugin.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F845A5052CA34400F4D742 /* modload_plugin.h */; }; - C2F845C3052CA34400F4D742 /* modload_static.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F845A6052CA34400F4D742 /* modload_static.cpp */; }; - C2F845C4052CA34400F4D742 /* modload_static.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F845A7052CA34400F4D742 /* modload_static.h */; }; - C2F845C5052CA34400F4D742 /* modloader.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F845A8052CA34400F4D742 /* modloader.cpp */; }; - C2F845C6052CA34400F4D742 /* modloader.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F845A9052CA34400F4D742 /* modloader.h */; }; - C2F845C7052CA34400F4D742 /* module.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F845AA052CA34400F4D742 /* module.cpp */; }; - C2F845C8052CA34400F4D742 /* module.h in Headers */ = {isa = PBXBuildFile; fileRef = C2F845AB052CA34400F4D742 /* module.h */; }; - C2F845CB052CA34400F4D742 /* oidscert.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F845AE052CA34400F4D742 /* oidscert.cpp */; }; - C2F845CC052CA34400F4D742 /* oidscrl.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F845AF052CA34400F4D742 /* oidscrl.cpp */; }; - C2F845CD052CA34400F4D742 /* transition.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2F845B0052CA34400F4D742 /* transition.cpp */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 182BB32E146F0FCB000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18446087146DF8FB00B12992 /* libsecurity_utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = C2C9C69D0CECBE8400B3FE07; - remoteInfo = libsecurity_utilitiesDTrace; - }; - 1844608C146DF8FB00B12992 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18446087146DF8FB00B12992 /* libsecurity_utilities.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA2A53A0523D32800978A7B; - remoteInfo = libsecurity_utilities; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXFileReference section */ - 05D5BC2D0694857A00145F1E /* cssmapplePriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmapplePriv.h; sourceTree = ""; }; - 18446087146DF8FB00B12992 /* libsecurity_utilities.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_utilities.xcodeproj; path = ../libsecurity_utilities/libsecurity_utilities.xcodeproj; sourceTree = ""; }; - 1879B4A1146DAE33007E536C /* base.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 1879B4A2146DAE33007E536C /* debug.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 1879B4A3146DAE33007E536C /* lib.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 1879B4A4146DAE33007E536C /* release.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 4CA1FEBE052A3C8100F22E42 /* libsecurity_cssm.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_cssm.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CCBFE87057FF55900981D43 /* certextensions.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = certextensions.h; sourceTree = ""; }; - 4CCBFE88057FF55900981D43 /* cssm.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssm.h; sourceTree = ""; }; - 4CCBFE89057FF55900981D43 /* cssmaci.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmaci.h; sourceTree = ""; }; - 4CCBFE8A057FF55900981D43 /* cssmapi.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmapi.h; sourceTree = ""; }; - 4CCBFE8B057FF55900981D43 /* cssmapple.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmapple.h; sourceTree = ""; }; - 4CCBFE8C057FF55900981D43 /* cssmcli.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmcli.h; sourceTree = ""; }; - 4CCBFE8D057FF55900981D43 /* cssmconfig.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmconfig.h; sourceTree = ""; }; - 4CCBFE8E057FF55900981D43 /* cssmcspi.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmcspi.h; sourceTree = ""; }; - 4CCBFE8F057FF55900981D43 /* cssmdli.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmdli.h; sourceTree = ""; }; - 4CCBFE90057FF55900981D43 /* cssmerr.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmerr.h; sourceTree = ""; }; - 4CCBFE91057FF55900981D43 /* cssmkrapi.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmkrapi.h; sourceTree = ""; }; - 4CCBFE92057FF55900981D43 /* cssmkrspi.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmkrspi.h; sourceTree = ""; }; - 4CCBFE93057FF55900981D43 /* cssmspi.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmspi.h; sourceTree = ""; }; - 4CCBFE94057FF55900981D43 /* cssmtpi.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmtpi.h; sourceTree = ""; }; - 4CCBFE95057FF55900981D43 /* cssmtype.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmtype.h; sourceTree = ""; }; - 4CCBFE96057FF55900981D43 /* eisl.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = eisl.h; sourceTree = ""; }; - 4CCBFE97057FF55900981D43 /* emmspi.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = emmspi.h; sourceTree = ""; }; - 4CCBFE98057FF55900981D43 /* emmtype.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = emmtype.h; sourceTree = ""; }; - 4CCBFE9D057FF55900981D43 /* oidsbase.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = oidsbase.h; sourceTree = ""; }; - 4CCBFE9E057FF55900981D43 /* oidscert.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = oidscert.h; sourceTree = ""; }; - 4CCBFE9F057FF55900981D43 /* oidscrl.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = oidscrl.h; sourceTree = ""; }; - 4CCBFEA0057FF55900981D43 /* x509defs.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = x509defs.h; sourceTree = ""; }; - 4CCBFEF5057FF5BD00981D43 /* security_cssm.exp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.exports; path = security_cssm.exp; sourceTree = ""; }; - 4CE14B710537820F00840CC1 /* cssm.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = cssm.mdsinfo; sourceTree = ""; }; - C2F84591052CA34400F4D742 /* attachfactory.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = attachfactory.cpp; sourceTree = ""; }; - C2F84592052CA34400F4D742 /* attachfactory.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = attachfactory.h; sourceTree = ""; }; - C2F84593052CA34400F4D742 /* attachment.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = attachment.cpp; sourceTree = ""; }; - C2F84594052CA34400F4D742 /* attachment.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = attachment.h; sourceTree = ""; }; - C2F84596052CA34400F4D742 /* cspattachment.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cspattachment.cpp; sourceTree = ""; }; - C2F84597052CA34400F4D742 /* cspattachment.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cspattachment.h; sourceTree = ""; }; - C2F84598052CA34400F4D742 /* cssm.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cssm.cpp; sourceTree = ""; }; - C2F84599052CA34400F4D742 /* cssmcontext.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cssmcontext.cpp; sourceTree = ""; }; - C2F8459A052CA34400F4D742 /* cssmcontext.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmcontext.h; sourceTree = ""; }; - C2F8459B052CA34400F4D742 /* cssmint.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmint.h; sourceTree = ""; }; - C2F8459C052CA34400F4D742 /* cssmmds.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cssmmds.cpp; sourceTree = ""; }; - C2F8459D052CA34400F4D742 /* cssmmds.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmmds.h; sourceTree = ""; }; - C2F8459E052CA34400F4D742 /* generator.cfg */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = generator.cfg; sourceTree = ""; }; - C2F8459F052CA34400F4D742 /* generator.mk */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = generator.mk; sourceTree = ""; }; - C2F845A0052CA34400F4D742 /* generator.pl */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.script.perl; path = generator.pl; sourceTree = ""; }; - C2F845A1052CA34400F4D742 /* guids.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = guids.cpp; sourceTree = ""; }; - C2F845A2052CA34400F4D742 /* manager.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = manager.cpp; sourceTree = ""; }; - C2F845A3052CA34400F4D742 /* manager.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = manager.h; sourceTree = ""; }; - C2F845A4052CA34400F4D742 /* modload_plugin.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = modload_plugin.cpp; sourceTree = ""; }; - C2F845A5052CA34400F4D742 /* modload_plugin.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = modload_plugin.h; sourceTree = ""; }; - C2F845A6052CA34400F4D742 /* modload_static.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = modload_static.cpp; sourceTree = ""; }; - C2F845A7052CA34400F4D742 /* modload_static.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = modload_static.h; sourceTree = ""; }; - C2F845A8052CA34400F4D742 /* modloader.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = modloader.cpp; sourceTree = ""; }; - C2F845A9052CA34400F4D742 /* modloader.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = modloader.h; sourceTree = ""; }; - C2F845AA052CA34400F4D742 /* module.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = module.cpp; sourceTree = ""; }; - C2F845AB052CA34400F4D742 /* module.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = module.h; sourceTree = ""; }; - C2F845AC052CA34400F4D742 /* oidsalg.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = oidsalg.c; sourceTree = ""; }; - C2F845AE052CA34400F4D742 /* oidscert.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = oidscert.cpp; sourceTree = ""; }; - C2F845AF052CA34400F4D742 /* oidscrl.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = oidscrl.cpp; sourceTree = ""; }; - C2F845B0052CA34400F4D742 /* transition.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = transition.cpp; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 18446088146DF8FB00B12992 /* Products */ = { - isa = PBXGroup; - children = ( - 1844608D146DF8FB00B12992 /* libsecurity_utilities.a */, - ); - name = Products; - sourceTree = ""; - }; - 1879B4A0146DAE33007E536C /* config */ = { - isa = PBXGroup; - children = ( - 1879B4A1146DAE33007E536C /* base.xcconfig */, - 1879B4A2146DAE33007E536C /* debug.xcconfig */, - 1879B4A3146DAE33007E536C /* lib.xcconfig */, - 1879B4A4146DAE33007E536C /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 4CA1FEA7052A3C3800F22E42 = { - isa = PBXGroup; - children = ( - 18446087146DF8FB00B12992 /* libsecurity_utilities.xcodeproj */, - 4CCBFE7C057FF50400981D43 /* cdsa headers */, - C2F84590052CA34400F4D742 /* lib */, - 1879B4A0146DAE33007E536C /* config */, - 4CE14B700537820F00840CC1 /* mds */, - 4CA1FEBF052A3C8100F22E42 /* Products */, - ); - sourceTree = ""; - }; - 4CA1FEBF052A3C8100F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - 4CA1FEBE052A3C8100F22E42 /* libsecurity_cssm.a */, - ); - name = Products; - sourceTree = SOURCE_ROOT; - }; - 4CCBFE7C057FF50400981D43 /* cdsa headers */ = { - isa = PBXGroup; - children = ( - 4CCBFE87057FF55900981D43 /* certextensions.h */, - 4CCBFE88057FF55900981D43 /* cssm.h */, - 4CCBFE89057FF55900981D43 /* cssmaci.h */, - 4CCBFE8A057FF55900981D43 /* cssmapi.h */, - 4CCBFE8B057FF55900981D43 /* cssmapple.h */, - 05D5BC2D0694857A00145F1E /* cssmapplePriv.h */, - 4CCBFE8C057FF55900981D43 /* cssmcli.h */, - 4CCBFE8D057FF55900981D43 /* cssmconfig.h */, - 4CCBFE8E057FF55900981D43 /* cssmcspi.h */, - 4CCBFE8F057FF55900981D43 /* cssmdli.h */, - 4CCBFE90057FF55900981D43 /* cssmerr.h */, - 4CCBFE91057FF55900981D43 /* cssmkrapi.h */, - 4CCBFE92057FF55900981D43 /* cssmkrspi.h */, - 4CCBFE93057FF55900981D43 /* cssmspi.h */, - 4CCBFE94057FF55900981D43 /* cssmtpi.h */, - 4CCBFE95057FF55900981D43 /* cssmtype.h */, - 4CCBFE96057FF55900981D43 /* eisl.h */, - 4CCBFE97057FF55900981D43 /* emmspi.h */, - 4CCBFE98057FF55900981D43 /* emmtype.h */, - 4CCBFE9D057FF55900981D43 /* oidsbase.h */, - 4CCBFE9E057FF55900981D43 /* oidscert.h */, - 4CCBFE9F057FF55900981D43 /* oidscrl.h */, - 4CCBFEA0057FF55900981D43 /* x509defs.h */, - ); - name = "cdsa headers"; - path = lib; - sourceTree = ""; - }; - 4CE14B700537820F00840CC1 /* mds */ = { - isa = PBXGroup; - children = ( - 4CE14B710537820F00840CC1 /* cssm.mdsinfo */, - ); - path = mds; - sourceTree = SOURCE_ROOT; - }; - C2F84590052CA34400F4D742 /* lib */ = { - isa = PBXGroup; - children = ( - C2F84591052CA34400F4D742 /* attachfactory.cpp */, - C2F84592052CA34400F4D742 /* attachfactory.h */, - C2F84593052CA34400F4D742 /* attachment.cpp */, - C2F84594052CA34400F4D742 /* attachment.h */, - C2F84596052CA34400F4D742 /* cspattachment.cpp */, - C2F84597052CA34400F4D742 /* cspattachment.h */, - C2F84598052CA34400F4D742 /* cssm.cpp */, - C2F84599052CA34400F4D742 /* cssmcontext.cpp */, - C2F8459A052CA34400F4D742 /* cssmcontext.h */, - C2F8459B052CA34400F4D742 /* cssmint.h */, - C2F8459C052CA34400F4D742 /* cssmmds.cpp */, - C2F8459D052CA34400F4D742 /* cssmmds.h */, - C2F8459E052CA34400F4D742 /* generator.cfg */, - C2F8459F052CA34400F4D742 /* generator.mk */, - C2F845A0052CA34400F4D742 /* generator.pl */, - C2F845A1052CA34400F4D742 /* guids.cpp */, - C2F845A2052CA34400F4D742 /* manager.cpp */, - C2F845A3052CA34400F4D742 /* manager.h */, - C2F845A4052CA34400F4D742 /* modload_plugin.cpp */, - C2F845A5052CA34400F4D742 /* modload_plugin.h */, - C2F845A6052CA34400F4D742 /* modload_static.cpp */, - C2F845A7052CA34400F4D742 /* modload_static.h */, - C2F845A8052CA34400F4D742 /* modloader.cpp */, - C2F845A9052CA34400F4D742 /* modloader.h */, - C2F845AA052CA34400F4D742 /* module.cpp */, - C2F845AB052CA34400F4D742 /* module.h */, - C2F845AC052CA34400F4D742 /* oidsalg.c */, - C2F845AE052CA34400F4D742 /* oidscert.cpp */, - C2F845AF052CA34400F4D742 /* oidscrl.cpp */, - C2F845B0052CA34400F4D742 /* transition.cpp */, - 4CCBFEF5057FF5BD00981D43 /* security_cssm.exp */, - ); - path = lib; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 4CA1FEB9052A3C8100F22E42 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - C2F845B2052CA34400F4D742 /* attachfactory.h in Headers */, - C2F845B4052CA34400F4D742 /* attachment.h in Headers */, - C2F845B7052CA34400F4D742 /* cspattachment.h in Headers */, - C2F845BA052CA34400F4D742 /* cssmcontext.h in Headers */, - C2F845BB052CA34400F4D742 /* cssmint.h in Headers */, - C2F845BD052CA34400F4D742 /* cssmmds.h in Headers */, - C2F845C0052CA34400F4D742 /* manager.h in Headers */, - 05D5BC2E0694857A00145F1E /* cssmapplePriv.h in Headers */, - C2F845C2052CA34400F4D742 /* modload_plugin.h in Headers */, - C2F845C4052CA34400F4D742 /* modload_static.h in Headers */, - C2F845C6052CA34400F4D742 /* modloader.h in Headers */, - C2F845C8052CA34400F4D742 /* module.h in Headers */, - 4CC62CE9058134E00020B996 /* certextensions.h in Headers */, - 4CC62CEA058134E00020B996 /* cssm.h in Headers */, - 4CC62CEB058134E00020B996 /* cssmaci.h in Headers */, - 4CC62CEC058134E00020B996 /* cssmapi.h in Headers */, - 4CC62CED058134E00020B996 /* cssmapple.h in Headers */, - 4CC62CEE058134E00020B996 /* cssmcli.h in Headers */, - 4CC62CEF058134E00020B996 /* cssmconfig.h in Headers */, - 4CC62CF0058134E00020B996 /* cssmcspi.h in Headers */, - 4CC62CF1058134E00020B996 /* cssmdli.h in Headers */, - 4CC62CF2058134E00020B996 /* cssmerr.h in Headers */, - 4CC62CF3058134E00020B996 /* cssmkrapi.h in Headers */, - 4CC62CF4058134E00020B996 /* cssmkrspi.h in Headers */, - 4CC62CF5058134E00020B996 /* cssmspi.h in Headers */, - 4CC62CF6058134E00020B996 /* cssmtpi.h in Headers */, - 4CC62CF7058134E00020B996 /* cssmtype.h in Headers */, - 4CC62CF8058134E00020B996 /* eisl.h in Headers */, - 4CC62CF9058134E00020B996 /* emmspi.h in Headers */, - 4CC62CFA058134E00020B996 /* emmtype.h in Headers */, - 4CC62CFD058134E00020B996 /* oidsbase.h in Headers */, - 4CC62CFE058134E00020B996 /* oidscert.h in Headers */, - 4CC62CFF058134E00020B996 /* oidscrl.h in Headers */, - 4CC62D00058134E00020B996 /* x509defs.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 4CA1FEBD052A3C8100F22E42 /* libsecurity_cssm */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD3440987FCDE001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_cssm" */; - buildPhases = ( - 4CA1FEB9052A3C8100F22E42 /* Headers */, - 1879B4DD146DCB37007E536C /* ShellScript */, - 4CA1FEBA052A3C8100F22E42 /* Sources */, - 4CA1FEBB052A3C8100F22E42 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - 182BB32F146F0FCB000BF1F3 /* PBXTargetDependency */, - ); - name = libsecurity_cssm; - productName = libsecurity_cssm; - productReference = 4CA1FEBE052A3C8100F22E42 /* libsecurity_cssm.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEAB052A3C3800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD3480987FCDE001272E0 /* Build configuration list for PBXProject "libsecurity_cssm" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - English, - Japanese, - French, - German, - ); - mainGroup = 4CA1FEA7052A3C3800F22E42; - productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 18446088146DF8FB00B12992 /* Products */; - ProjectRef = 18446087146DF8FB00B12992 /* libsecurity_utilities.xcodeproj */; - }, - ); - projectRoot = ""; - targets = ( - 4CA1FEBD052A3C8100F22E42 /* libsecurity_cssm */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 1844608D146DF8FB00B12992 /* libsecurity_utilities.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_utilities.a; - remoteRef = 1844608C146DF8FB00B12992 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; -/* End PBXReferenceProxy section */ - -/* Begin PBXShellScriptBuildPhase section */ - 1879B4DD146DCB37007E536C /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - ); - outputPaths = ( - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "export SOURCEDIR=\"$PROJECT_DIR/lib\"\nexport CONFIG=\"$PROJECT_DIR/lib/generator.cfg\"\nexport TARGET=\"$BUILT_PRODUCTS_DIR/derived_src\"\n\nmake -f $PROJECT_DIR/lib/generator.mk\n\n#mkdir -p \"$TARGET\"\n#/usr/bin/perl lib/generator.pl \"$SOURCEDIR\" \"$CONFIG\" \"$TARGET\""; - }; -/* End PBXShellScriptBuildPhase section */ - -/* Begin PBXSourcesBuildPhase section */ - 4CA1FEBA052A3C8100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - C2F845B1052CA34400F4D742 /* attachfactory.cpp in Sources */, - C2F845B3052CA34400F4D742 /* attachment.cpp in Sources */, - C2F845B6052CA34400F4D742 /* cspattachment.cpp in Sources */, - C2F845B8052CA34400F4D742 /* cssm.cpp in Sources */, - C2F845B9052CA34400F4D742 /* cssmcontext.cpp in Sources */, - C2F845BC052CA34400F4D742 /* cssmmds.cpp in Sources */, - C2F845BE052CA34400F4D742 /* guids.cpp in Sources */, - C2F845BF052CA34400F4D742 /* manager.cpp in Sources */, - C2F845C1052CA34400F4D742 /* modload_plugin.cpp in Sources */, - C2F845C3052CA34400F4D742 /* modload_static.cpp in Sources */, - C2F845C5052CA34400F4D742 /* modloader.cpp in Sources */, - C2F845C7052CA34400F4D742 /* module.cpp in Sources */, - C2F845CB052CA34400F4D742 /* oidscert.cpp in Sources */, - C2F845CC052CA34400F4D742 /* oidscrl.cpp in Sources */, - C2F845CD052CA34400F4D742 /* transition.cpp in Sources */, - 18B647E514D9E72900F538BF /* oidsalg.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - 182BB32F146F0FCB000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_utilitiesDTrace; - targetProxy = 182BB32E146F0FCB000BF1F3 /* PBXContainerItemProxy */; - }; -/* End PBXTargetDependency section */ - -/* Begin XCBuildConfiguration section */ - C27AD3450987FCDE001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1879B4A2146DAE33007E536C /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - WARNING_CFLAGS = ( - "-Wmost", - "-Wno-four-char-constants", - "-Wno-unknown-pragmas", - "-Wno-error=#warnings", - "$(inherited)", - ); - }; - name = Debug; - }; - C27AD3470987FCDE001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1879B4A4146DAE33007E536C /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - WARNING_CFLAGS = ( - "-Wmost", - "-Wno-four-char-constants", - "-Wno-unknown-pragmas", - "-Wno-error=#warnings", - "$(inherited)", - ); - }; - name = Release; - }; - C27AD3490987FCDE001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1879B4A3146DAE33007E536C /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD34B0987FCDE001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1879B4A3146DAE33007E536C /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C27AD3440987FCDE001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_cssm" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3450987FCDE001272E0 /* Debug */, - C27AD3470987FCDE001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD3480987FCDE001272E0 /* Build configuration list for PBXProject "libsecurity_cssm" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3490987FCDE001272E0 /* Debug */, - C27AD34B0987FCDE001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; -} diff --git a/OSX/libsecurity_filedb/lib/AppleDatabase.cpp b/OSX/libsecurity_filedb/lib/AppleDatabase.cpp index 6155d798..61fca878 100644 --- a/OSX/libsecurity_filedb/lib/AppleDatabase.cpp +++ b/OSX/libsecurity_filedb/lib/AppleDatabase.cpp @@ -2578,7 +2578,6 @@ AppleDatabase::passThrough(DbContext &dbContext, default: CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); - break; } } diff --git a/OSX/libsecurity_filedb/lib/AtomicFile.cpp b/OSX/libsecurity_filedb/lib/AtomicFile.cpp index 6d2f8696..fbfae750 100644 --- a/OSX/libsecurity_filedb/lib/AtomicFile.cpp +++ b/OSX/libsecurity_filedb/lib/AtomicFile.cpp @@ -90,7 +90,7 @@ AtomicFile::~AtomicFile() { } -// Aquire the write lock and remove the file. +// Acquire the write lock and remove the file. void AtomicFile::performDelete() { @@ -109,7 +109,7 @@ AtomicFile::performDelete() ::unlink(mLockFilePath.c_str()); } -// Aquire the write lock and rename the file (and bump the version and stuff). +// Acquire the write lock and rename the file (and bump the version and stuff). void AtomicFile::rename(const std::string &inNewPath) { @@ -392,7 +392,7 @@ AtomicBufferedFile::~AtomicBufferedFile() // In release mode, the assert() is compiled out so rv may be unused. __unused int rv = AtomicFile::rclose(mFileRef); assert(rv == 0); - secnotice("atomicfile", "%p closed %s", this, mPath.c_str()); + secinfo("atomicfile", "%p closed %s", this, mPath.c_str()); } if (mBuffer) @@ -459,6 +459,7 @@ AtomicBufferedFile::unloadBuffer() { if(mBuffer) { delete [] mBuffer; + mBuffer = NULL; } } @@ -468,7 +469,7 @@ void AtomicBufferedFile::loadBuffer() { // make a buffer big enough to hold the entire file - mBuffer = new uint8[mLength]; + mBuffer = new uint8[(size_t) mLength]; if(lseek(mFileRef, 0, SEEK_SET) < 0) { int error = errno; secinfo("atomicfile", "lseek(%s, BEGINNING): %s", mPath.c_str(), strerror(error)); @@ -486,10 +487,8 @@ AtomicBufferedFile::loadBuffer() { int error = errno; secinfo("atomicfile", "read(%s, %zd): %s", mPath.c_str(), bytesToRead, strerror(error)); - if (mFileRef >= 0) { - AtomicFile::rclose(mFileRef); - mFileRef = -1; - } + AtomicFile::rclose(mFileRef); + mFileRef = -1; UnixError::throwMe(error); } } @@ -558,7 +557,7 @@ AtomicBufferedFile::close() UnixError::throwMe(error); } - secnotice("atomicfile", "%p closed %s", this, mPath.c_str()); + secinfo("atomicfile", "%p closed %s", this, mPath.c_str()); } } @@ -774,7 +773,7 @@ AtomicTempFile::close() UnixError::throwMe(error); } - secnotice("atomicfile", "%p closed %s", this, mPath.c_str()); + secinfo("atomicfile", "%p closed %s", this, mPath.c_str()); } } diff --git a/OSX/libsecurity_filedb/lib/AtomicFile.h b/OSX/libsecurity_filedb/lib/AtomicFile.h index db86fd76..86be8bea 100644 --- a/OSX/libsecurity_filedb/lib/AtomicFile.h +++ b/OSX/libsecurity_filedb/lib/AtomicFile.h @@ -40,10 +40,10 @@ public: AtomicFile(const std::string &inPath); ~AtomicFile(); - // Aquire the write lock and remove the file. + // Acquire the write lock and remove the file. void performDelete(); - // Aquire the write lock and rename the file. + // Acquire the write lock and rename the file. void rename(const std::string &inNewPath); // Lock the file for writing and return a newly created AtomicTempFile. diff --git a/OSX/libsecurity_filedb/lib/DbIndex.cpp b/OSX/libsecurity_filedb/lib/DbIndex.cpp index 8c1d40e6..e95603b5 100644 --- a/OSX/libsecurity_filedb/lib/DbIndex.cpp +++ b/OSX/libsecurity_filedb/lib/DbIndex.cpp @@ -287,7 +287,6 @@ DbConstIndex::performQuery(const DbQueryKey &queryKey, default: CssmError::throwMe(CSSMERR_DL_INTERNAL_ERROR); - break; } } diff --git a/OSX/libsecurity_filedb/lib/DbValue.cpp b/OSX/libsecurity_filedb/lib/DbValue.cpp index f004fa34..f56162f4 100644 --- a/OSX/libsecurity_filedb/lib/DbValue.cpp +++ b/OSX/libsecurity_filedb/lib/DbValue.cpp @@ -425,7 +425,6 @@ BigNumValue::evaluate(const BigNumValue &other, CSSM_DB_OPERATOR op) const int c = compare(Data, other.Data, length1); return sign1 ? (c > 0) : (c < 0); } - break; case CSSM_DB_GREATER_THAN: if (sign1 ^ sign2) @@ -436,7 +435,6 @@ BigNumValue::evaluate(const BigNumValue &other, CSSM_DB_OPERATOR op) const int c = compare(Data, other.Data, length1); return sign1 ? (c < 0) : (c > 0); } - break; case CSSM_DB_CONTAINS: case CSSM_DB_CONTAINS_INITIAL_SUBSTRING: diff --git a/OSX/libsecurity_filedb/lib/MetaRecord.cpp b/OSX/libsecurity_filedb/lib/MetaRecord.cpp index 63be9447..f096d600 100644 --- a/OSX/libsecurity_filedb/lib/MetaRecord.cpp +++ b/OSX/libsecurity_filedb/lib/MetaRecord.cpp @@ -116,7 +116,6 @@ MetaRecord::setRecordAttributeInfo(const CSSM_DB_RECORD_ATTRIBUTE_INFO &inInfo) } default: CssmError::throwMe(CSSMERR_DL_INVALID_FIELD_NAME); - break; } } } @@ -421,7 +420,6 @@ MetaRecord::attributeIndex(const CSSM_DB_ATTRIBUTE_INFO &inAttributeInfo) const } default: CssmError::throwMe(CSSMERR_DL_INVALID_FIELD_NAME); - break; } return anIndex; diff --git a/OSX/libsecurity_filedb/lib/MetaRecord.h b/OSX/libsecurity_filedb/lib/MetaRecord.h index f119772d..58f9504b 100644 --- a/OSX/libsecurity_filedb/lib/MetaRecord.h +++ b/OSX/libsecurity_filedb/lib/MetaRecord.h @@ -126,7 +126,7 @@ public: } // Return the RecordId for the record inRecordSection - static const uint32 unpackRecordNumber(const ReadSection &inRecordSection) + static uint32 unpackRecordNumber(const ReadSection &inRecordSection) { return inRecordSection[OffsetRecordNumber]; } diff --git a/OSX/libsecurity_filedb/libsecurity_filedb.xcodeproj/project.pbxproj b/OSX/libsecurity_filedb/libsecurity_filedb.xcodeproj/project.pbxproj deleted file mode 100644 index 7280f5eb..00000000 --- a/OSX/libsecurity_filedb/libsecurity_filedb.xcodeproj/project.pbxproj +++ /dev/null @@ -1,301 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - AAEA4A440E9163290043771D /* ReadWriteSection.cpp in Sources */ = {isa = PBXBuildFile; fileRef = AAEA4A430E9163290043771D /* ReadWriteSection.cpp */; }; - C28A1D08052E14480094CEF0 /* AppleDatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C28A1CED052E14480094CEF0 /* AppleDatabase.cpp */; }; - C28A1D0A052E14480094CEF0 /* AtomicFile.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C28A1CEF052E14480094CEF0 /* AtomicFile.cpp */; }; - C28A1D14052E14480094CEF0 /* DbIndex.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C28A1CF9052E14480094CEF0 /* DbIndex.cpp */; }; - C28A1D18052E14480094CEF0 /* DbQuery.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C28A1CFD052E14480094CEF0 /* DbQuery.cpp */; }; - C28A1D1A052E14480094CEF0 /* DbValue.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C28A1CFF052E14480094CEF0 /* DbValue.cpp */; }; - C28A1D1C052E14480094CEF0 /* MetaAttribute.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C28A1D01052E14480094CEF0 /* MetaAttribute.cpp */; }; - C28A1D1E052E14480094CEF0 /* MetaRecord.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C28A1D03052E14480094CEF0 /* MetaRecord.cpp */; }; - C28A1D21052E14480094CEF0 /* SelectionPredicate.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C28A1D06052E14480094CEF0 /* SelectionPredicate.cpp */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 182BB219146F0538000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 182BB214146F0538000BF1F3 /* libsecurity_cdsa_plugin.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_cdsa_plugin; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXFileReference section */ - 182BB206146F043D000BF1F3 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 182BB207146F043D000BF1F3 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 182BB208146F043D000BF1F3 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 182BB209146F043D000BF1F3 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 182BB214146F0538000BF1F3 /* libsecurity_cdsa_plugin.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_cdsa_plugin.xcodeproj; path = ../libsecurity_cdsa_plugin/libsecurity_cdsa_plugin.xcodeproj; sourceTree = ""; }; - 4CA1FEBE052A3C8100F22E42 /* libsecurity_filedb.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_filedb.a; sourceTree = BUILT_PRODUCTS_DIR; }; - AA827A5B0C62AD0300D7A310 /* OverUnderflowCheck.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OverUnderflowCheck.h; sourceTree = ""; }; - AAEA4A430E9163290043771D /* ReadWriteSection.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ReadWriteSection.cpp; sourceTree = ""; }; - C28A1CED052E14480094CEF0 /* AppleDatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = AppleDatabase.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C28A1CEE052E14480094CEF0 /* AppleDatabase.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = AppleDatabase.h; sourceTree = ""; }; - C28A1CEF052E14480094CEF0 /* AtomicFile.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = AtomicFile.cpp; sourceTree = ""; }; - C28A1CF0052E14480094CEF0 /* AtomicFile.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = AtomicFile.h; sourceTree = ""; }; - C28A1CF9052E14480094CEF0 /* DbIndex.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = DbIndex.cpp; sourceTree = ""; }; - C28A1CFA052E14480094CEF0 /* DbIndex.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DbIndex.h; sourceTree = ""; }; - C28A1CFD052E14480094CEF0 /* DbQuery.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = DbQuery.cpp; sourceTree = ""; }; - C28A1CFE052E14480094CEF0 /* DbQuery.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DbQuery.h; sourceTree = ""; }; - C28A1CFF052E14480094CEF0 /* DbValue.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = DbValue.cpp; sourceTree = ""; }; - C28A1D00052E14480094CEF0 /* DbValue.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DbValue.h; sourceTree = ""; }; - C28A1D01052E14480094CEF0 /* MetaAttribute.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MetaAttribute.cpp; sourceTree = ""; }; - C28A1D02052E14480094CEF0 /* MetaAttribute.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MetaAttribute.h; sourceTree = ""; }; - C28A1D03052E14480094CEF0 /* MetaRecord.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MetaRecord.cpp; sourceTree = ""; }; - C28A1D04052E14480094CEF0 /* MetaRecord.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MetaRecord.h; sourceTree = ""; }; - C28A1D05052E14480094CEF0 /* ReadWriteSection.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ReadWriteSection.h; sourceTree = ""; }; - C28A1D06052E14480094CEF0 /* SelectionPredicate.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SelectionPredicate.cpp; sourceTree = ""; }; - C28A1D07052E14480094CEF0 /* SelectionPredicate.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SelectionPredicate.h; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 182BB205146F043D000BF1F3 /* config */ = { - isa = PBXGroup; - children = ( - 182BB206146F043D000BF1F3 /* base.xcconfig */, - 182BB207146F043D000BF1F3 /* debug.xcconfig */, - 182BB208146F043D000BF1F3 /* lib.xcconfig */, - 182BB209146F043D000BF1F3 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 182BB215146F0538000BF1F3 /* Products */ = { - isa = PBXGroup; - children = ( - 182BB21A146F0538000BF1F3 /* libsecurity_cdsa_plugin.a */, - ); - name = Products; - sourceTree = ""; - }; - 4CA1FEA7052A3C3800F22E42 = { - isa = PBXGroup; - children = ( - 182BB214146F0538000BF1F3 /* libsecurity_cdsa_plugin.xcodeproj */, - C28A1CEC052E14480094CEF0 /* lib */, - 182BB205146F043D000BF1F3 /* config */, - 4CA1FEBF052A3C8100F22E42 /* Products */, - ); - sourceTree = ""; - }; - 4CA1FEBF052A3C8100F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - 4CA1FEBE052A3C8100F22E42 /* libsecurity_filedb.a */, - ); - name = Products; - sourceTree = ""; - }; - C28A1CEC052E14480094CEF0 /* lib */ = { - isa = PBXGroup; - children = ( - AA827A5B0C62AD0300D7A310 /* OverUnderflowCheck.h */, - C28A1CED052E14480094CEF0 /* AppleDatabase.cpp */, - C28A1CEE052E14480094CEF0 /* AppleDatabase.h */, - C28A1CEF052E14480094CEF0 /* AtomicFile.cpp */, - C28A1CF0052E14480094CEF0 /* AtomicFile.h */, - C28A1CF9052E14480094CEF0 /* DbIndex.cpp */, - C28A1CFA052E14480094CEF0 /* DbIndex.h */, - C28A1CFD052E14480094CEF0 /* DbQuery.cpp */, - C28A1CFE052E14480094CEF0 /* DbQuery.h */, - C28A1CFF052E14480094CEF0 /* DbValue.cpp */, - C28A1D00052E14480094CEF0 /* DbValue.h */, - C28A1D01052E14480094CEF0 /* MetaAttribute.cpp */, - C28A1D02052E14480094CEF0 /* MetaAttribute.h */, - C28A1D03052E14480094CEF0 /* MetaRecord.cpp */, - C28A1D04052E14480094CEF0 /* MetaRecord.h */, - C28A1D05052E14480094CEF0 /* ReadWriteSection.h */, - C28A1D06052E14480094CEF0 /* SelectionPredicate.cpp */, - C28A1D07052E14480094CEF0 /* SelectionPredicate.h */, - AAEA4A430E9163290043771D /* ReadWriteSection.cpp */, - ); - path = lib; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXNativeTarget section */ - 4CA1FEBD052A3C8100F22E42 /* libsecurity_filedb */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD35C0987FCDE001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_filedb" */; - buildPhases = ( - 4CA1FEBA052A3C8100F22E42 /* Sources */, - 4CA1FEBB052A3C8100F22E42 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_filedb; - productName = libsecurity_filedb; - productReference = 4CA1FEBE052A3C8100F22E42 /* libsecurity_filedb.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEAB052A3C3800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD3600987FCDE001272E0 /* Build configuration list for PBXProject "libsecurity_filedb" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - English, - Japanese, - French, - German, - ); - mainGroup = 4CA1FEA7052A3C3800F22E42; - productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 182BB215146F0538000BF1F3 /* Products */; - ProjectRef = 182BB214146F0538000BF1F3 /* libsecurity_cdsa_plugin.xcodeproj */; - }, - ); - projectRoot = ""; - targets = ( - 4CA1FEBD052A3C8100F22E42 /* libsecurity_filedb */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 182BB21A146F0538000BF1F3 /* libsecurity_cdsa_plugin.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_cdsa_plugin.a; - remoteRef = 182BB219146F0538000BF1F3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; -/* End PBXReferenceProxy section */ - -/* Begin PBXSourcesBuildPhase section */ - 4CA1FEBA052A3C8100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - C28A1D08052E14480094CEF0 /* AppleDatabase.cpp in Sources */, - C28A1D0A052E14480094CEF0 /* AtomicFile.cpp in Sources */, - C28A1D14052E14480094CEF0 /* DbIndex.cpp in Sources */, - C28A1D18052E14480094CEF0 /* DbQuery.cpp in Sources */, - C28A1D1A052E14480094CEF0 /* DbValue.cpp in Sources */, - C28A1D1C052E14480094CEF0 /* MetaAttribute.cpp in Sources */, - C28A1D1E052E14480094CEF0 /* MetaRecord.cpp in Sources */, - C28A1D21052E14480094CEF0 /* SelectionPredicate.cpp in Sources */, - AAEA4A440E9163290043771D /* ReadWriteSection.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin XCBuildConfiguration section */ - C27AD35D0987FCDE001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB207146F043D000BF1F3 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Debug; - }; - C27AD35F0987FCDE001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB209146F043D000BF1F3 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Release; - }; - C27AD3610987FCDE001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB208146F043D000BF1F3 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD3630987FCDE001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB208146F043D000BF1F3 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C27AD35C0987FCDE001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_filedb" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD35D0987FCDE001272E0 /* Debug */, - C27AD35F0987FCDE001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD3600987FCDE001272E0 /* Build configuration list for PBXProject "libsecurity_filedb" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3610987FCDE001272E0 /* Debug */, - C27AD3630987FCDE001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; -} diff --git a/OSX/libsecurity_keychain/lib/CCallbackMgr.cp b/OSX/libsecurity_keychain/lib/CCallbackMgr.cp index 3eedfb2f..6fac59b6 100644 --- a/OSX/libsecurity_keychain/lib/CCallbackMgr.cp +++ b/OSX/libsecurity_keychain/lib/CCallbackMgr.cp @@ -114,6 +114,7 @@ ModuleNexus gCallbackMaker; CCallbackMgr::CCallbackMgr() : EventListener (kNotificationDomainDatabase, kNotificationAllEvents) { + mInitialized = true; EventListener::FinishedInitialization(this); } @@ -154,7 +155,7 @@ void CCallbackMgr::AddCallback( SecKeychainCallback inCallbackFunction, ctx.info = info.mRunLoop; CFRunLoopTimerRef timerRef = CFRunLoopTimerCreate(NULL, CFAbsoluteTimeGetCurrent(), 0, 0, 0, CCallbackMgr::cfrunLoopActive, &ctx); - secdebug("kcnotify", "adding a activate callback on run loop %p", info.mRunLoop); + secdebug("kcnotify", "adding an activate callback on run loop %p", info.mRunLoop); CFRunLoopAddTimer(info.mRunLoop, timerRef, kCFRunLoopDefaultMode); } @@ -178,7 +179,6 @@ void CCallbackMgr::cfrunLoopActive(CFRunLoopTimerRef timer, void* info) { CFRelease(timer); } - class Predicate { SecKeychainCallback mCallbackFunction; @@ -222,14 +222,13 @@ static SecKeychainItemRef createItemReference(const Item &inItem) SecKeychainItemRef itemRef = (inItem) ? inItem->handle() : 0; if(!itemRef) { return NULL; } -#if SECTRUST_OSX SecItemClass itemClass = Schema::itemClassFor(inItem->recordType()); if (itemClass == kSecCertificateItemClass) { SecCertificateRef certRef = SecCertificateCreateFromItemImplInstance((SecCertificateRef)itemRef); CFRelease(itemRef); /* certRef maintains its own internal reference to itemRef */ itemRef = (SecKeychainItemRef) certRef; } -#endif + return itemRef; } @@ -296,7 +295,7 @@ void CCallbackMgr::consume (SecurityServer::NotificationDomain domain, SecurityS NameValueDictionary dictionary (data); // Decode from userInfo the event type, 'keychain' CFDict, and 'item' CFDict - SecKeychainEvent thisEvent = whichEvent; + SecKeychainEvent thisEvent = (SecKeychainEvent) whichEvent; pid_t thisPid; const NameValuePair* pidRef = dictionary.FindByName(PID_KEY); diff --git a/OSX/libsecurity_keychain/lib/CCallbackMgr.h b/OSX/libsecurity_keychain/lib/CCallbackMgr.h index 602d951d..841a95df 100644 --- a/OSX/libsecurity_keychain/lib/CCallbackMgr.h +++ b/OSX/libsecurity_keychain/lib/CCallbackMgr.h @@ -99,6 +99,8 @@ private: static void tellClient(CFRunLoopTimerRef timer, void* ctx); static void cfrunLoopActive(CFRunLoopTimerRef timer, void* info); + bool initialized() { return mInitialized; } + list mEventCallbacks; }; diff --git a/OSX/libsecurity_keychain/lib/Certificate.cpp b/OSX/libsecurity_keychain/lib/Certificate.cpp index b4b0280f..81dc8699 100644 --- a/OSX/libsecurity_keychain/lib/Certificate.cpp +++ b/OSX/libsecurity_keychain/lib/Certificate.cpp @@ -48,7 +48,7 @@ Certificate::clForType(CSSM_CERT_TYPE type) } Certificate::Certificate(const CSSM_DATA &data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding) : - ItemImpl(CSSM_DL_DB_RECORD_X509_CERTIFICATE, reinterpret_cast(NULL), UInt32(data.Length), reinterpret_cast(data.Data)), + ItemImpl((SecItemClass) CSSM_DL_DB_RECORD_X509_CERTIFICATE, reinterpret_cast(NULL), UInt32(data.Length), reinterpret_cast(data.Data)), mHaveTypeAndEncoding(true), mPopulated(false), mType(type), @@ -159,6 +159,7 @@ try } catch (...) { + return; // Prevent re-throw of exception [function-try-block] } CSSM_HANDLE @@ -431,8 +432,8 @@ findPrintableField( if(memcmp(tvpPtr->type.Data, tvpType->Data, tvpType->Length)) { /* If we don't have a match but the requested OID is CSSMOID_UserID, * look for a matching X.500 UserID OID: (0.9.2342.19200300.100.1.1) */ - const char cssm_userid_oid[] = { 0x09,0x49,0x86,0x49,0x1f,0x12,0x8c,0xe4,0x81,0x81 }; - const char x500_userid_oid[] = { 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01 }; + const unsigned char cssm_userid_oid[] = { 0x09,0x49,0x86,0x49,0x1f,0x12,0x8c,0xe4,0x81,0x81 }; + const unsigned char x500_userid_oid[] = { 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01 }; if(!(tvpType->Length == sizeof(cssm_userid_oid) && !memcmp(tvpPtr->type.Data, x500_userid_oid, sizeof(x500_userid_oid)) && !memcmp(tvpType->Data, cssm_userid_oid, sizeof(cssm_userid_oid)))) { @@ -873,7 +874,7 @@ Certificate::encoding() return mEncoding; } -const CSSM_X509_ALGORITHM_IDENTIFIER_PTR +CSSM_X509_ALGORITHM_IDENTIFIER_PTR Certificate::algorithmID() { StLock_(mMutex); @@ -943,7 +944,7 @@ Certificate::distinguishedName(const CSSM_OID *sourceOid, const CSSM_OID *compon CSSM_DATA_PTR fieldValue = copyFirstFieldValue(*sourceOid); CSSM_X509_NAME_PTR x509Name = (CSSM_X509_NAME_PTR)fieldValue->Data; const CSSM_DATA *printValue = NULL; - CFStringBuiltInEncodings encoding; + CFStringBuiltInEncodings encoding = kCFStringEncodingUTF8; if (fieldValue && fieldValue->Data) printValue = findPrintableField(*x509Name, componentOid, true, &encoding); @@ -1074,7 +1075,7 @@ Certificate::copyEmailAddresses() return array; } -const CSSM_X509_NAME_PTR +CSSM_X509_NAME_PTR Certificate::subjectName() { StLock_(mMutex); @@ -1085,7 +1086,7 @@ Certificate::subjectName() return (const CSSM_X509_NAME_PTR)mV1SubjectNameCStructValue->Data; } -const CSSM_X509_NAME_PTR +CSSM_X509_NAME_PTR Certificate::issuerName() { StLock_(mMutex); diff --git a/OSX/libsecurity_keychain/lib/Certificate.h b/OSX/libsecurity_keychain/lib/Certificate.h index cc74c619..79b10708 100644 --- a/OSX/libsecurity_keychain/lib/Certificate.h +++ b/OSX/libsecurity_keychain/lib/Certificate.h @@ -81,9 +81,9 @@ public: CFStringRef copyFirstEmailAddress(); CFArrayRef copyEmailAddresses(); CFArrayRef copyDNSNames(); - const CSSM_X509_NAME_PTR subjectName(); - const CSSM_X509_NAME_PTR issuerName(); - const CSSM_X509_ALGORITHM_IDENTIFIER_PTR algorithmID(); + CSSM_X509_NAME_PTR subjectName(); + CSSM_X509_NAME_PTR issuerName(); + CSSM_X509_ALGORITHM_IDENTIFIER_PTR algorithmID(); CSSM_CL_HANDLE clHandle(); void inferLabel(bool addLabel, CFStringRef *rtnString = NULL); SecPointer publicKey(); diff --git a/OSX/libsecurity_keychain/lib/DLDBListCFPref.h b/OSX/libsecurity_keychain/lib/DLDBListCFPref.h index 966f75f0..3ef0f2c6 100644 --- a/OSX/libsecurity_keychain/lib/DLDBListCFPref.h +++ b/OSX/libsecurity_keychain/lib/DLDBListCFPref.h @@ -73,7 +73,7 @@ public: const char* dbName, CSSM_NET_ADDRESS *dbLocation); static DLDbIdentifier cfDictionaryRefToDLDbIdentifier(CFDictionaryRef theDict); - static CFDictionaryRef dlDbIdentifierToCFDictionaryRef(const DLDbIdentifier& dldbIdentifier); + static CF_RETURNS_RETAINED CFDictionaryRef dlDbIdentifierToCFDictionaryRef(const DLDbIdentifier& dldbIdentifier); bool revert(bool force); void add(const DLDbIdentifier &); diff --git a/OSX/libsecurity_keychain/lib/ExtendedAttribute.cpp b/OSX/libsecurity_keychain/lib/ExtendedAttribute.cpp index 88b5a5d7..791c0cc2 100644 --- a/OSX/libsecurity_keychain/lib/ExtendedAttribute.cpp +++ b/OSX/libsecurity_keychain/lib/ExtendedAttribute.cpp @@ -42,7 +42,7 @@ ExtendedAttribute::ExtendedAttribute( const CssmData &itemID, const CssmData attrName, const CssmData attrValue) : - ItemImpl(CSSM_DL_DB_RECORD_EXTENDED_ATTRIBUTE, + ItemImpl((SecItemClass) CSSM_DL_DB_RECORD_EXTENDED_ATTRIBUTE, reinterpret_cast(NULL), 0, NULL), mRecordType(recordType), diff --git a/OSX/libsecurity_keychain/lib/Globals.cpp b/OSX/libsecurity_keychain/lib/Globals.cpp index fc29e3ee..153877d9 100644 --- a/OSX/libsecurity_keychain/lib/Globals.cpp +++ b/OSX/libsecurity_keychain/lib/Globals.cpp @@ -25,6 +25,7 @@ #include "Globals.h" #include "KCExceptions.h" +#include namespace Security { @@ -45,11 +46,11 @@ mUI(true), mIntegrityProtection(false) if (integrity && CFGetTypeID(integrity) == CFBooleanGetTypeID()) { mIntegrityProtection = CFBooleanGetValue((CFBooleanRef)integrity); - CFRelease(integrity); } else { // preference not set: defaulting to true mIntegrityProtection = true; } + CFReleaseSafe(integrity); } const AccessCredentials * Globals::keychainCredentials() diff --git a/OSX/libsecurity_keychain/lib/Identity.cpp b/OSX/libsecurity_keychain/lib/Identity.cpp index f11974f4..52be5fec 100644 --- a/OSX/libsecurity_keychain/lib/Identity.cpp +++ b/OSX/libsecurity_keychain/lib/Identity.cpp @@ -96,7 +96,7 @@ Identity::Identity(const StorageManager::KeychainList &keychains, const SecPoint if (CFArrayGetCount(dynamicSearchList)) { // Legacy way is used for dynamic keychains because SmartCards keychain does not support strict CSSM queries which are generated in SecItemCopyMatching // Find a key whose label matches the publicKeyHash of the public key in the certificate. - KCCursor keyCursor(keychains, CSSM_DL_DB_RECORD_PRIVATE_KEY, NULL); + KCCursor keyCursor(keychains, (SecItemClass) CSSM_DL_DB_RECORD_PRIVATE_KEY, NULL); keyCursor->add(CSSM_DB_EQUAL, KeySchema::Label, certificate->publicKeyHash()); Item key; diff --git a/OSX/libsecurity_keychain/lib/IdentityCursor.cpp b/OSX/libsecurity_keychain/lib/IdentityCursor.cpp index cbee7fa7..7a19a2ca 100644 --- a/OSX/libsecurity_keychain/lib/IdentityCursor.cpp +++ b/OSX/libsecurity_keychain/lib/IdentityCursor.cpp @@ -238,7 +238,7 @@ IdentityCursorPolicyAndID::next(SecPointer &identity) IdentityCursor::IdentityCursor(const StorageManager::KeychainList &searchList, CSSM_KEYUSE keyUsage) : mSearchList(searchList), - mKeyCursor(mSearchList, CSSM_DL_DB_RECORD_PRIVATE_KEY, NULL), + mKeyCursor(mSearchList, (SecItemClass) CSSM_DL_DB_RECORD_PRIVATE_KEY, NULL), mMutex(Mutex::recursive) { StLock_(mMutex); @@ -322,7 +322,7 @@ IdentityCursor::next(SecPointer &identity) uniqueId->get(&dbAttributes, NULL); const CssmData &keyHash = dbAttributes[0]; - mCertificateCursor = KCCursor(mSearchList, CSSM_DL_DB_RECORD_X509_CERTIFICATE, NULL); + mCertificateCursor = KCCursor(mSearchList, (SecItemClass) CSSM_DL_DB_RECORD_X509_CERTIFICATE, NULL); mCertificateCursor->add(CSSM_DB_EQUAL, Schema::kX509CertificatePublicKeyHash, keyHash); // if we have entries for the system identities, exclude their public key hashes in the search diff --git a/OSX/libsecurity_keychain/lib/Item.cpp b/OSX/libsecurity_keychain/lib/Item.cpp index 2c571084..dad801c5 100644 --- a/OSX/libsecurity_keychain/lib/Item.cpp +++ b/OSX/libsecurity_keychain/lib/Item.cpp @@ -77,8 +77,8 @@ ItemImpl *ItemImpl::required(SecKeychainItemRef ptr) ItemImpl *ItemImpl::optional(SecKeychainItemRef ptr) { - if (SecCFObject *p = KeyItem::fromSecKeyRef(ptr)) { - return dynamic_cast(p); + if (ptr != NULL && CFGetTypeID(ptr) == SecKeyGetTypeID()) { + return dynamic_cast(KeyItem::fromSecKeyRef(ptr)); } else if (SecCFObject *p = SecCFObject::optional(ptr)) { if (ItemImpl *pp = dynamic_cast(p)) { return pp; diff --git a/OSX/libsecurity_keychain/lib/KCCursor.cpp b/OSX/libsecurity_keychain/lib/KCCursor.cpp index d6b6e332..06ec2493 100644 --- a/OSX/libsecurity_keychain/lib/KCCursor.cpp +++ b/OSX/libsecurity_keychain/lib/KCCursor.cpp @@ -37,6 +37,7 @@ #include #include #include +#include using namespace KeychainCore; using namespace CssmClient; @@ -74,8 +75,9 @@ KCCursorImpl::KCCursorImpl(const StorageManager::KeychainList &searchList, SecIt for (const SecKeychainAttribute *attr=attrList->attr; attr != end; ++attr) { const CSSM_DB_ATTRIBUTE_INFO *temp; - - if (attr->tag <' ') // ok, is this a key schema? Handle differently, just because we can... + + // ok, is this a key schema? Handle differently, just because we can... + if (attr->tag <' ' && attr->tag < array_size(gKeyAttributeLookupTable)) { temp = gKeyAttributeLookupTable[attr->tag]; } diff --git a/OSX/libsecurity_keychain/lib/KeyItem.cpp b/OSX/libsecurity_keychain/lib/KeyItem.cpp index 7829ca54..c8aa467c 100644 --- a/OSX/libsecurity_keychain/lib/KeyItem.cpp +++ b/OSX/libsecurity_keychain/lib/KeyItem.cpp @@ -149,7 +149,7 @@ KeyItem::KeyItem(KeyItem &keyItem) : } KeyItem::KeyItem(const CssmClient::Key &key) : - ItemImpl(key->keyClass() + CSSM_DL_DB_RECORD_PUBLIC_KEY, (OSType)0, (UInt32)0, (const void*)NULL), + ItemImpl((SecItemClass) (key->keyClass() + CSSM_DL_DB_RECORD_PUBLIC_KEY), (OSType)0, (UInt32)0, (const void*)NULL), mKey(key), algid(NULL), mPubKeyHash(Allocator::standard()) diff --git a/OSX/libsecurity_keychain/lib/Keychains.cpp b/OSX/libsecurity_keychain/lib/Keychains.cpp index 4a144c56..43649d3d 100644 --- a/OSX/libsecurity_keychain/lib/Keychains.cpp +++ b/OSX/libsecurity_keychain/lib/Keychains.cpp @@ -250,7 +250,7 @@ KeychainSchemaImpl::getAttributeInfoForRecordType(CSSM_DB_RECORDTYPE recordType, capacity *= 2; if (capacity <= i) capacity = i + 1; tagBuf=reinterpret_cast(realloc(tagBuf, (capacity*sizeof(UInt32)))); - formatBuf=reinterpret_cast(realloc(tagBuf, (capacity*sizeof(UInt32)))); + formatBuf=reinterpret_cast(realloc(formatBuf, (capacity*sizeof(UInt32)))); } tagBuf[i]=rit->first; formatBuf[i++]=rit->second; @@ -1359,12 +1359,12 @@ KeychainImpl::setBatchMode(Boolean mode, Boolean rollback) } // notify that a keychain has changed in too many ways to count - KCEventNotifier::PostKeychainEvent(kSecKeychainLeftBatchModeEvent); + KCEventNotifier::PostKeychainEvent((SecKeychainEvent) kSecKeychainLeftBatchModeEvent); mEventBuffer->clear(); } else { - KCEventNotifier::PostKeychainEvent(kSecKeychainEnteredBatchModeEvent); + KCEventNotifier::PostKeychainEvent((SecKeychainEvent) kSecKeychainEnteredBatchModeEvent); } } void @@ -1915,6 +1915,5 @@ bool KeychainImpl::hasIntegrityProtection() { secnotice("integrity", "keychain guid does not support integrity"); return false; } - return false; } diff --git a/OSX/libsecurity_keychain/lib/SecAccess.cpp b/OSX/libsecurity_keychain/lib/SecAccess.cpp index ba74e379..4dacfa95 100644 --- a/OSX/libsecurity_keychain/lib/SecAccess.cpp +++ b/OSX/libsecurity_keychain/lib/SecAccess.cpp @@ -27,6 +27,8 @@ #include #include #include +#include +#include #include "SecBridge.h" #include @@ -230,6 +232,7 @@ CFStringRef GetAuthStringFromACLAuthorizationTag(sint32 tag) { result = (CFStringRef)CFDictionaryGetValue(gTagMapping, aNum); } + CFReleaseSafe(aNum); return result; } @@ -291,7 +294,7 @@ SecAccessRef SecAccessCreateWithOwnerAndACL(uid_t userId, gid_t groupId, SecAcce CSSM_ACL_PROCESS_SUBJECT_SELECTOR selector = { CSSM_ACL_PROCESS_SELECTOR_CURRENT_VERSION, // selector version - ownerType, + int_cast(ownerType), userId, groupId }; diff --git a/OSX/libsecurity_keychain/lib/SecBase.cpp b/OSX/libsecurity_keychain/lib/SecBase.cpp index cb7d0152..096349ed 100644 --- a/OSX/libsecurity_keychain/lib/SecBase.cpp +++ b/OSX/libsecurity_keychain/lib/SecBase.cpp @@ -25,6 +25,7 @@ #include #include #include +#include #include "SecBridge.h" static CFStringRef copyErrorMessageFromBundle(OSStatus status,CFStringRef tableName); @@ -98,6 +99,7 @@ cssmErrorString(CSSM_RETURN error) if (result == NULL) result = copyErrorMessageFromBundle(error,CFSTR("SecDebugErrorMessages")); err = cfString(result, true); + CFReleaseSafe(result); } if (err.empty()) diff --git a/OSX/libsecurity_keychain/lib/SecBase.h b/OSX/libsecurity_keychain/lib/SecBase.h deleted file mode 100644 index 7a0cb546..00000000 --- a/OSX/libsecurity_keychain/lib/SecBase.h +++ /dev/null @@ -1,655 +0,0 @@ -/* - * Copyright (c) 2000-2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecBase - SecBase contains common declarations for the Security functions. -*/ - -#ifndef _SECURITY_SECBASE_H_ -#define _SECURITY_SECBASE_H_ - -#include -#include - -#if defined(__clang__) -#define SEC_DEPRECATED_ATTRIBUTE DEPRECATED_ATTRIBUTE -#else -#define SEC_DEPRECATED_ATTRIBUTE -#endif - -#if defined(__cplusplus) -extern "C" { -#endif - -CF_ASSUME_NONNULL_BEGIN -CF_IMPLICIT_BRIDGING_ENABLED - -#ifndef __SEC_TYPES__ -#define __SEC_TYPES__ - -/*! - @typedef SecKeychainRef - @abstract Contains information about a keychain. -*/ -typedef struct CF_BRIDGED_TYPE(id) OpaqueSecKeychainRef *SecKeychainRef; - -/*! - @typedef SecKeychainItemRef - @abstract Contains information about a keychain item. -*/ -typedef struct CF_BRIDGED_TYPE(id) OpaqueSecKeychainItemRef *SecKeychainItemRef; - -/*! - @typedef SecKeychainSearchRef - @abstract Contains information about a keychain search. -*/ -typedef struct CF_BRIDGED_TYPE(id) OpaqueSecKeychainSearchRef *SecKeychainSearchRef; - -/*! - @typedef SecKeychainAttrType - @abstract Represents a keychain attribute type. -*/ -typedef OSType SecKeychainAttrType; - -/*! - @struct SecKeychainAttribute - @abstract Contains keychain attributes. - @field tag A 4-byte attribute tag. - @field length The length of the buffer pointed to by data. - @field data A pointer to the attribute data. -*/ -struct SecKeychainAttribute -{ - SecKeychainAttrType tag; - UInt32 length; - void *data; -}; -typedef struct SecKeychainAttribute SecKeychainAttribute; - -/*! - @typedef SecKeychainAttributePtr - @abstract Represents a pointer to a keychain attribute structure. -*/ -typedef SecKeychainAttribute *SecKeychainAttributePtr; - -/*! - @typedef SecKeychainAttributeList - @abstract Represents a list of keychain attributes. - @field count An unsigned 32-bit integer that represents the number of keychain attributes in the array. - @field attr A pointer to the first keychain attribute in the array. -*/ -struct SecKeychainAttributeList -{ - UInt32 count; - SecKeychainAttribute *attr; -}; -typedef struct SecKeychainAttributeList SecKeychainAttributeList; - -/*! - @typedef SecKeychainStatus - @abstract Represents the status of a keychain. -*/ -typedef UInt32 SecKeychainStatus; -#endif - -/*! - @typedef SecTrustedApplicationRef - @abstract Contains information about a trusted application. -*/ -typedef struct CF_BRIDGED_TYPE(id) OpaqueSecTrustedApplicationRef *SecTrustedApplicationRef; - -/*! - @typedef SecPolicyRef - @abstract Contains information about a policy. -*/ -typedef struct CF_BRIDGED_TYPE(id) OpaqueSecPolicyRef *SecPolicyRef; - -/*! - @typedef SecCertificateRef - @abstract Contains information about a certificate. -*/ -typedef struct CF_BRIDGED_TYPE(id) OpaqueSecCertificateRef *SecCertificateRef; - -/*! - @typedef SecAccessRef - @abstract Contains information about an access. -*/ -typedef struct CF_BRIDGED_TYPE(id) OpaqueSecAccessRef *SecAccessRef; - -/*! - @typedef SecIdentityRef - @abstract Contains information about an identity. -*/ -typedef struct CF_BRIDGED_TYPE(id) OpaqueSecIdentityRef *SecIdentityRef; - -/*! - @typedef SecKeyRef - @abstract Contains information about a key. -*/ -typedef struct CF_BRIDGED_TYPE(id) OpaqueSecKeyRef *SecKeyRef; - -/*! - @typedef SecACLRef - @abstract Contains information about an access control list (ACL) entry. -*/ -typedef struct CF_BRIDGED_TYPE(id) OpaqueSecTrustRef *SecACLRef; - -/*! - @typedef SecAccessControlRef - @abstract CFType representing access control for an item. -*/ -typedef struct CF_BRIDGED_TYPE(id) OpaqueSecAccessControl *SecAccessControlRef; - -/*! - @typedef SecPasswordRef - @abstract Contains information about a password. -*/ -typedef struct CF_BRIDGED_TYPE(id) OpaqueSecPasswordRef *SecPasswordRef; - -/*! - @typedef SecKeychainAttributeInfo - @abstract Represents an attribute. - @field count The number of tag-format pairs in the respective arrays. - @field tag A pointer to the first attribute tag in the array. - @field format A pointer to the first CSSM_DB_ATTRIBUTE_FORMAT in the array. - @discussion Each tag and format item form a pair. -*/ -struct SecKeychainAttributeInfo -{ - UInt32 count; - UInt32 *tag; - UInt32 *format; -}; -typedef struct SecKeychainAttributeInfo SecKeychainAttributeInfo; - -/*! - @function SecCopyErrorMessageString - @abstract Returns a string describing the specified error result code. - @param status An error result code of type OSStatus or CSSM_RETURN, as returned by a Security or CSSM function. - @reserved Reserved for future use. Your code should pass NULL in this parameter. - @result A reference to an error string, or NULL if no error string is available for the specified result code. Your code must release this reference by calling the CFRelease function. -*/ -__nullable -CFStringRef SecCopyErrorMessageString(OSStatus status, void * __nullable reserved) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_NA); -/*! -@enum Security Error Codes -@abstract Result codes returned from Security framework functions. -@constant errSecSuccess No error. -@constant errSecUnimplemented Function or operation not implemented. -@constant errSecDskFull Disk Full error. -@constant errSecIO I/O error. -@constant errSecParam One or more parameters passed to a function were not valid. -@constant errSecWrPerm Write permissions error. -@constant errSecAllocate Failed to allocate memory. -@constant errSecUserCanceled User canceled the operation. -@constant errSecBadReq Bad parameter or invalid state for operation. -@constant errSecInternalComponent -@constant errSecCoreFoundationUnknown -@constant errSecNotAvailable No keychain is available. -@constant errSecReadOnly Read only error. -@constant errSecAuthFailed Authorization/Authentication failed. -@constant errSecNoSuchKeychain The keychain does not exist. -@constant errSecInvalidKeychain The keychain is not valid. -@constant errSecDuplicateKeychain A keychain with the same name already exists. -@constant errSecDuplicateCallback The specified callback is already installed. -@constant errSecInvalidCallback The specified callback is not valid. -@constant errSecDuplicateItem The item already exists. -@constant errSecItemNotFound The item cannot be found. -@constant errSecBufferTooSmall The buffer is too small. -@constant errSecDataTooLarge The data is too large. -@constant errSecNoSuchAttr The attribute does not exist. -@constant errSecInvalidItemRef The item reference is invalid. -@constant errSecInvalidSearchRef The search reference is invalid. -@constant errSecNoSuchClass The keychain item class does not exist. -@constant errSecNoDefaultKeychain A default keychain does not exist. -@constant errSecInteractionNotAllowed User interaction is not allowed. -@constant errSecReadOnlyAttr The attribute is read only. -@constant errSecWrongSecVersion The version is incorrect. -@constant errSecKeySizeNotAllowed The key size is not allowed. -@constant errSecNoStorageModule There is no storage module available. -@constant errSecNoCertificateModule There is no certificate module available. -@constant errSecNoPolicyModule There is no policy module available. -@constant errSecInteractionRequired User interaction is required. -@constant errSecDataNotAvailable The data is not available. -@constant errSecDataNotModifiable The data is not modifiable. -@constant errSecCreateChainFailed The attempt to create a certificate chain failed. -@constant errSecACLNotSimple The access control list is not in standard simple form. -@constant errSecPolicyNotFound The policy specified cannot be found. -@constant errSecInvalidTrustSetting The specified trust setting is invalid. -@constant errSecNoAccessForItem The specified item has no access control. -@constant errSecInvalidOwnerEdit Invalid attempt to change the owner of this item. -@constant errSecTrustNotAvailable No trust results are available. -@constant errSecUnsupportedFormat Import/Export format unsupported. -@constant errSecUnknownFormat Unknown format in import. -@constant errSecKeyIsSensitive Key material must be wrapped for export. -@constant errSecMultiplePrivKeys An attempt was made to import multiple private keys. -@constant errSecPassphraseRequired Passphrase is required for import/export. -@constant errSecInvalidPasswordRef The password reference was invalid. -@constant errSecInvalidTrustSettings The Trust Settings Record was corrupted. -@constant errSecNoTrustSettings No Trust Settings were found. -@constant errSecPkcs12VerifyFailure MAC verification failed during PKCS12 Import. -@constant errSecDecode Unable to decode the provided data. - -@discussion The assigned error space is discontinuous: e.g. -25240..-25279, -25290..-25329, -68608..-67585, and so on. -*/ - -/* - Note: the comments that appear after these errors are used to create SecErrorMessages.strings. - The comments must not be multi-line, and should be in a form meaningful to an end user. If - a different or additional comment is needed, it can be put in the header doc format, or on a - line that does not start with errZZZ. -*/ - -CF_ENUM(OSStatus) -{ - errSecSuccess = 0, /* No error. */ - errSecUnimplemented = -4, /* Function or operation not implemented. */ - errSecDskFull = -34, - errSecIO = -36, /*I/O error (bummers)*/ - - errSecParam = -50, /* One or more parameters passed to a function were not valid. */ - errSecWrPerm = -61, /* write permissions error*/ - errSecAllocate = -108, /* Failed to allocate memory. */ - errSecUserCanceled = -128, /* User canceled the operation. */ - errSecBadReq = -909, /* Bad parameter or invalid state for operation. */ - - errSecInternalComponent = -2070, - errSecCoreFoundationUnknown = -4960, - - errSecNotAvailable = -25291, /* No keychain is available. You may need to restart your computer. */ - errSecReadOnly = -25292, /* This keychain cannot be modified. */ - errSecAuthFailed = -25293, /* The user name or passphrase you entered is not correct. */ - errSecNoSuchKeychain = -25294, /* The specified keychain could not be found. */ - errSecInvalidKeychain = -25295, /* The specified keychain is not a valid keychain file. */ - errSecDuplicateKeychain = -25296, /* A keychain with the same name already exists. */ - errSecDuplicateCallback = -25297, /* The specified callback function is already installed. */ - errSecInvalidCallback = -25298, /* The specified callback function is not valid. */ - errSecDuplicateItem = -25299, /* The specified item already exists in the keychain. */ - errSecItemNotFound = -25300, /* The specified item could not be found in the keychain. */ - errSecBufferTooSmall = -25301, /* There is not enough memory available to use the specified item. */ - errSecDataTooLarge = -25302, /* This item contains information which is too large or in a format that cannot be displayed. */ - errSecNoSuchAttr = -25303, /* The specified attribute does not exist. */ - errSecInvalidItemRef = -25304, /* The specified item is no longer valid. It may have been deleted from the keychain. */ - errSecInvalidSearchRef = -25305, /* Unable to search the current keychain. */ - errSecNoSuchClass = -25306, /* The specified item does not appear to be a valid keychain item. */ - errSecNoDefaultKeychain = -25307, /* A default keychain could not be found. */ - errSecInteractionNotAllowed = -25308, /* User interaction is not allowed. */ - errSecReadOnlyAttr = -25309, /* The specified attribute could not be modified. */ - errSecWrongSecVersion = -25310, /* This keychain was created by a different version of the system software and cannot be opened. */ - errSecKeySizeNotAllowed = -25311, /* This item specifies a key size which is too large. */ - errSecNoStorageModule = -25312, /* A required component (data storage module) could not be loaded. You may need to restart your computer. */ - errSecNoCertificateModule = -25313, /* A required component (certificate module) could not be loaded. You may need to restart your computer. */ - errSecNoPolicyModule = -25314, /* A required component (policy module) could not be loaded. You may need to restart your computer. */ - errSecInteractionRequired = -25315, /* User interaction is required, but is currently not allowed. */ - errSecDataNotAvailable = -25316, /* The contents of this item cannot be retrieved. */ - errSecDataNotModifiable = -25317, /* The contents of this item cannot be modified. */ - errSecCreateChainFailed = -25318, /* One or more certificates required to validate this certificate cannot be found. */ - errSecInvalidPrefsDomain = -25319, /* The specified preferences domain is not valid. */ - errSecInDarkWake = -25320, /* In dark wake, no UI possible */ - - errSecACLNotSimple = -25240, /* The specified access control list is not in standard (simple) form. */ - errSecPolicyNotFound = -25241, /* The specified policy cannot be found. */ - errSecInvalidTrustSetting = -25242, /* The specified trust setting is invalid. */ - errSecNoAccessForItem = -25243, /* The specified item has no access control. */ - errSecInvalidOwnerEdit = -25244, /* Invalid attempt to change the owner of this item. */ - errSecTrustNotAvailable = -25245, /* No trust results are available. */ - errSecUnsupportedFormat = -25256, /* Import/Export format unsupported. */ - errSecUnknownFormat = -25257, /* Unknown format in import. */ - errSecKeyIsSensitive = -25258, /* Key material must be wrapped for export. */ - errSecMultiplePrivKeys = -25259, /* An attempt was made to import multiple private keys. */ - errSecPassphraseRequired = -25260, /* Passphrase is required for import/export. */ - errSecInvalidPasswordRef = -25261, /* The password reference was invalid. */ - errSecInvalidTrustSettings = -25262, /* The Trust Settings Record was corrupted. */ - errSecNoTrustSettings = -25263, /* No Trust Settings were found. */ - errSecPkcs12VerifyFailure = -25264, /* MAC verification failed during PKCS12 import (wrong password?) */ - errSecNotSigner = -26267, /* A certificate was not signed by its proposed parent. */ - - errSecDecode = -26275, /* Unable to decode the provided data. */ - - errSecServiceNotAvailable = -67585, /* The required service is not available. */ - errSecInsufficientClientID = -67586, /* The client ID is not correct. */ - errSecDeviceReset = -67587, /* A device reset has occurred. */ - errSecDeviceFailed = -67588, /* A device failure has occurred. */ - errSecAppleAddAppACLSubject = -67589, /* Adding an application ACL subject failed. */ - errSecApplePublicKeyIncomplete = -67590, /* The public key is incomplete. */ - errSecAppleSignatureMismatch = -67591, /* A signature mismatch has occurred. */ - errSecAppleInvalidKeyStartDate = -67592, /* The specified key has an invalid start date. */ - errSecAppleInvalidKeyEndDate = -67593, /* The specified key has an invalid end date. */ - errSecConversionError = -67594, /* A conversion error has occurred. */ - errSecAppleSSLv2Rollback = -67595, /* A SSLv2 rollback error has occurred. */ - errSecDiskFull = -34, /* The disk is full. */ - errSecQuotaExceeded = -67596, /* The quota was exceeded. */ - errSecFileTooBig = -67597, /* The file is too big. */ - errSecInvalidDatabaseBlob = -67598, /* The specified database has an invalid blob. */ - errSecInvalidKeyBlob = -67599, /* The specified database has an invalid key blob. */ - errSecIncompatibleDatabaseBlob = -67600, /* The specified database has an incompatible blob. */ - errSecIncompatibleKeyBlob = -67601, /* The specified database has an incompatible key blob. */ - errSecHostNameMismatch = -67602, /* A host name mismatch has occurred. */ - errSecUnknownCriticalExtensionFlag = -67603, /* There is an unknown critical extension flag. */ - errSecNoBasicConstraints = -67604, /* No basic constraints were found. */ - errSecNoBasicConstraintsCA = -67605, /* No basic CA constraints were found. */ - errSecInvalidAuthorityKeyID = -67606, /* The authority key ID is not valid. */ - errSecInvalidSubjectKeyID = -67607, /* The subject key ID is not valid. */ - errSecInvalidKeyUsageForPolicy = -67608, /* The key usage is not valid for the specified policy. */ - errSecInvalidExtendedKeyUsage = -67609, /* The extended key usage is not valid. */ - errSecInvalidIDLinkage = -67610, /* The ID linkage is not valid. */ - errSecPathLengthConstraintExceeded = -67611, /* The path length constraint was exceeded. */ - errSecInvalidRoot = -67612, /* The root or anchor certificate is not valid. */ - errSecCRLExpired = -67613, /* The CRL has expired. */ - errSecCRLNotValidYet = -67614, /* The CRL is not yet valid. */ - errSecCRLNotFound = -67615, /* The CRL was not found. */ - errSecCRLServerDown = -67616, /* The CRL server is down. */ - errSecCRLBadURI = -67617, /* The CRL has a bad Uniform Resource Identifier. */ - errSecUnknownCertExtension = -67618, /* An unknown certificate extension was encountered. */ - errSecUnknownCRLExtension = -67619, /* An unknown CRL extension was encountered. */ - errSecCRLNotTrusted = -67620, /* The CRL is not trusted. */ - errSecCRLPolicyFailed = -67621, /* The CRL policy failed. */ - errSecIDPFailure = -67622, /* The issuing distribution point was not valid. */ - errSecSMIMEEmailAddressesNotFound = -67623, /* An email address mismatch was encountered. */ - errSecSMIMEBadExtendedKeyUsage = -67624, /* The appropriate extended key usage for SMIME was not found. */ - errSecSMIMEBadKeyUsage = -67625, /* The key usage is not compatible with SMIME. */ - errSecSMIMEKeyUsageNotCritical = -67626, /* The key usage extension is not marked as critical. */ - errSecSMIMENoEmailAddress = -67627, /* No email address was found in the certificate. */ - errSecSMIMESubjAltNameNotCritical = -67628, /* The subject alternative name extension is not marked as critical. */ - errSecSSLBadExtendedKeyUsage = -67629, /* The appropriate extended key usage for SSL was not found. */ - errSecOCSPBadResponse = -67630, /* The OCSP response was incorrect or could not be parsed. */ - errSecOCSPBadRequest = -67631, /* The OCSP request was incorrect or could not be parsed. */ - errSecOCSPUnavailable = -67632, /* OCSP service is unavailable. */ - errSecOCSPStatusUnrecognized = -67633, /* The OCSP server did not recognize this certificate. */ - errSecEndOfData = -67634, /* An end-of-data was detected. */ - errSecIncompleteCertRevocationCheck = -67635, /* An incomplete certificate revocation check occurred. */ - errSecNetworkFailure = -67636, /* A network failure occurred. */ - errSecOCSPNotTrustedToAnchor = -67637, /* The OCSP response was not trusted to a root or anchor certificate. */ - errSecRecordModified = -67638, /* The record was modified. */ - errSecOCSPSignatureError = -67639, /* The OCSP response had an invalid signature. */ - errSecOCSPNoSigner = -67640, /* The OCSP response had no signer. */ - errSecOCSPResponderMalformedReq = -67641, /* The OCSP responder was given a malformed request. */ - errSecOCSPResponderInternalError = -67642, /* The OCSP responder encountered an internal error. */ - errSecOCSPResponderTryLater = -67643, /* The OCSP responder is busy, try again later. */ - errSecOCSPResponderSignatureRequired = -67644, /* The OCSP responder requires a signature. */ - errSecOCSPResponderUnauthorized = -67645, /* The OCSP responder rejected this request as unauthorized. */ - errSecOCSPResponseNonceMismatch = -67646, /* The OCSP response nonce did not match the request. */ - errSecCodeSigningBadCertChainLength = -67647, /* Code signing encountered an incorrect certificate chain length. */ - errSecCodeSigningNoBasicConstraints = -67648, /* Code signing found no basic constraints. */ - errSecCodeSigningBadPathLengthConstraint= -67649, /* Code signing encountered an incorrect path length constraint. */ - errSecCodeSigningNoExtendedKeyUsage = -67650, /* Code signing found no extended key usage. */ - errSecCodeSigningDevelopment = -67651, /* Code signing indicated use of a development-only certificate. */ - errSecResourceSignBadCertChainLength = -67652, /* Resource signing has encountered an incorrect certificate chain length. */ - errSecResourceSignBadExtKeyUsage = -67653, /* Resource signing has encountered an error in the extended key usage. */ - errSecTrustSettingDeny = -67654, /* The trust setting for this policy was set to Deny. */ - errSecInvalidSubjectName = -67655, /* An invalid certificate subject name was encountered. */ - errSecUnknownQualifiedCertStatement = -67656, /* An unknown qualified certificate statement was encountered. */ - errSecMobileMeRequestQueued = -67657, /* The MobileMe request will be sent during the next connection. */ - errSecMobileMeRequestRedirected = -67658, /* The MobileMe request was redirected. */ - errSecMobileMeServerError = -67659, /* A MobileMe server error occurred. */ - errSecMobileMeServerNotAvailable = -67660, /* The MobileMe server is not available. */ - errSecMobileMeServerAlreadyExists = -67661, /* The MobileMe server reported that the item already exists. */ - errSecMobileMeServerServiceErr = -67662, /* A MobileMe service error has occurred. */ - errSecMobileMeRequestAlreadyPending = -67663, /* A MobileMe request is already pending. */ - errSecMobileMeNoRequestPending = -67664, /* MobileMe has no request pending. */ - errSecMobileMeCSRVerifyFailure = -67665, /* A MobileMe CSR verification failure has occurred. */ - errSecMobileMeFailedConsistencyCheck = -67666, /* MobileMe has found a failed consistency check. */ - errSecNotInitialized = -67667, /* A function was called without initializing CSSM. */ - errSecInvalidHandleUsage = -67668, /* The CSSM handle does not match with the service type. */ - errSecPVCReferentNotFound = -67669, /* A reference to the calling module was not found in the list of authorized callers. */ - errSecFunctionIntegrityFail = -67670, /* A function address was not within the verified module. */ - errSecInternalError = -67671, /* An internal error has occurred. */ - errSecMemoryError = -67672, /* A memory error has occurred. */ - errSecInvalidData = -67673, /* Invalid data was encountered. */ - errSecMDSError = -67674, /* A Module Directory Service error has occurred. */ - errSecInvalidPointer = -67675, /* An invalid pointer was encountered. */ - errSecSelfCheckFailed = -67676, /* Self-check has failed. */ - errSecFunctionFailed = -67677, /* A function has failed. */ - errSecModuleManifestVerifyFailed = -67678, /* A module manifest verification failure has occurred. */ - errSecInvalidGUID = -67679, /* An invalid GUID was encountered. */ - errSecInvalidHandle = -67680, /* An invalid handle was encountered. */ - errSecInvalidDBList = -67681, /* An invalid DB list was encountered. */ - errSecInvalidPassthroughID = -67682, /* An invalid passthrough ID was encountered. */ - errSecInvalidNetworkAddress = -67683, /* An invalid network address was encountered. */ - errSecCRLAlreadySigned = -67684, /* The certificate revocation list is already signed. */ - errSecInvalidNumberOfFields = -67685, /* An invalid number of fields were encountered. */ - errSecVerificationFailure = -67686, /* A verification failure occurred. */ - errSecUnknownTag = -67687, /* An unknown tag was encountered. */ - errSecInvalidSignature = -67688, /* An invalid signature was encountered. */ - errSecInvalidName = -67689, /* An invalid name was encountered. */ - errSecInvalidCertificateRef = -67690, /* An invalid certificate reference was encountered. */ - errSecInvalidCertificateGroup = -67691, /* An invalid certificate group was encountered. */ - errSecTagNotFound = -67692, /* The specified tag was not found. */ - errSecInvalidQuery = -67693, /* The specified query was not valid. */ - errSecInvalidValue = -67694, /* An invalid value was detected. */ - errSecCallbackFailed = -67695, /* A callback has failed. */ - errSecACLDeleteFailed = -67696, /* An ACL delete operation has failed. */ - errSecACLReplaceFailed = -67697, /* An ACL replace operation has failed. */ - errSecACLAddFailed = -67698, /* An ACL add operation has failed. */ - errSecACLChangeFailed = -67699, /* An ACL change operation has failed. */ - errSecInvalidAccessCredentials = -67700, /* Invalid access credentials were encountered. */ - errSecInvalidRecord = -67701, /* An invalid record was encountered. */ - errSecInvalidACL = -67702, /* An invalid ACL was encountered. */ - errSecInvalidSampleValue = -67703, /* An invalid sample value was encountered. */ - errSecIncompatibleVersion = -67704, /* An incompatible version was encountered. */ - errSecPrivilegeNotGranted = -67705, /* The privilege was not granted. */ - errSecInvalidScope = -67706, /* An invalid scope was encountered. */ - errSecPVCAlreadyConfigured = -67707, /* The PVC is already configured. */ - errSecInvalidPVC = -67708, /* An invalid PVC was encountered. */ - errSecEMMLoadFailed = -67709, /* The EMM load has failed. */ - errSecEMMUnloadFailed = -67710, /* The EMM unload has failed. */ - errSecAddinLoadFailed = -67711, /* The add-in load operation has failed. */ - errSecInvalidKeyRef = -67712, /* An invalid key was encountered. */ - errSecInvalidKeyHierarchy = -67713, /* An invalid key hierarchy was encountered. */ - errSecAddinUnloadFailed = -67714, /* The add-in unload operation has failed. */ - errSecLibraryReferenceNotFound = -67715, /* A library reference was not found. */ - errSecInvalidAddinFunctionTable = -67716, /* An invalid add-in function table was encountered. */ - errSecInvalidServiceMask = -67717, /* An invalid service mask was encountered. */ - errSecModuleNotLoaded = -67718, /* A module was not loaded. */ - errSecInvalidSubServiceID = -67719, /* An invalid subservice ID was encountered. */ - errSecAttributeNotInContext = -67720, /* An attribute was not in the context. */ - errSecModuleManagerInitializeFailed = -67721, /* A module failed to initialize. */ - errSecModuleManagerNotFound = -67722, /* A module was not found. */ - errSecEventNotificationCallbackNotFound = -67723, /* An event notification callback was not found. */ - errSecInputLengthError = -67724, /* An input length error was encountered. */ - errSecOutputLengthError = -67725, /* An output length error was encountered. */ - errSecPrivilegeNotSupported = -67726, /* The privilege is not supported. */ - errSecDeviceError = -67727, /* A device error was encountered. */ - errSecAttachHandleBusy = -67728, /* The CSP handle was busy. */ - errSecNotLoggedIn = -67729, /* You are not logged in. */ - errSecAlgorithmMismatch = -67730, /* An algorithm mismatch was encountered. */ - errSecKeyUsageIncorrect = -67731, /* The key usage is incorrect. */ - errSecKeyBlobTypeIncorrect = -67732, /* The key blob type is incorrect. */ - errSecKeyHeaderInconsistent = -67733, /* The key header is inconsistent. */ - errSecUnsupportedKeyFormat = -67734, /* The key header format is not supported. */ - errSecUnsupportedKeySize = -67735, /* The key size is not supported. */ - errSecInvalidKeyUsageMask = -67736, /* The key usage mask is not valid. */ - errSecUnsupportedKeyUsageMask = -67737, /* The key usage mask is not supported. */ - errSecInvalidKeyAttributeMask = -67738, /* The key attribute mask is not valid. */ - errSecUnsupportedKeyAttributeMask = -67739, /* The key attribute mask is not supported. */ - errSecInvalidKeyLabel = -67740, /* The key label is not valid. */ - errSecUnsupportedKeyLabel = -67741, /* The key label is not supported. */ - errSecInvalidKeyFormat = -67742, /* The key format is not valid. */ - errSecUnsupportedVectorOfBuffers = -67743, /* The vector of buffers is not supported. */ - errSecInvalidInputVector = -67744, /* The input vector is not valid. */ - errSecInvalidOutputVector = -67745, /* The output vector is not valid. */ - errSecInvalidContext = -67746, /* An invalid context was encountered. */ - errSecInvalidAlgorithm = -67747, /* An invalid algorithm was encountered. */ - errSecInvalidAttributeKey = -67748, /* A key attribute was not valid. */ - errSecMissingAttributeKey = -67749, /* A key attribute was missing. */ - errSecInvalidAttributeInitVector = -67750, /* An init vector attribute was not valid. */ - errSecMissingAttributeInitVector = -67751, /* An init vector attribute was missing. */ - errSecInvalidAttributeSalt = -67752, /* A salt attribute was not valid. */ - errSecMissingAttributeSalt = -67753, /* A salt attribute was missing. */ - errSecInvalidAttributePadding = -67754, /* A padding attribute was not valid. */ - errSecMissingAttributePadding = -67755, /* A padding attribute was missing. */ - errSecInvalidAttributeRandom = -67756, /* A random number attribute was not valid. */ - errSecMissingAttributeRandom = -67757, /* A random number attribute was missing. */ - errSecInvalidAttributeSeed = -67758, /* A seed attribute was not valid. */ - errSecMissingAttributeSeed = -67759, /* A seed attribute was missing. */ - errSecInvalidAttributePassphrase = -67760, /* A passphrase attribute was not valid. */ - errSecMissingAttributePassphrase = -67761, /* A passphrase attribute was missing. */ - errSecInvalidAttributeKeyLength = -67762, /* A key length attribute was not valid. */ - errSecMissingAttributeKeyLength = -67763, /* A key length attribute was missing. */ - errSecInvalidAttributeBlockSize = -67764, /* A block size attribute was not valid. */ - errSecMissingAttributeBlockSize = -67765, /* A block size attribute was missing. */ - errSecInvalidAttributeOutputSize = -67766, /* An output size attribute was not valid. */ - errSecMissingAttributeOutputSize = -67767, /* An output size attribute was missing. */ - errSecInvalidAttributeRounds = -67768, /* The number of rounds attribute was not valid. */ - errSecMissingAttributeRounds = -67769, /* The number of rounds attribute was missing. */ - errSecInvalidAlgorithmParms = -67770, /* An algorithm parameters attribute was not valid. */ - errSecMissingAlgorithmParms = -67771, /* An algorithm parameters attribute was missing. */ - errSecInvalidAttributeLabel = -67772, /* A label attribute was not valid. */ - errSecMissingAttributeLabel = -67773, /* A label attribute was missing. */ - errSecInvalidAttributeKeyType = -67774, /* A key type attribute was not valid. */ - errSecMissingAttributeKeyType = -67775, /* A key type attribute was missing. */ - errSecInvalidAttributeMode = -67776, /* A mode attribute was not valid. */ - errSecMissingAttributeMode = -67777, /* A mode attribute was missing. */ - errSecInvalidAttributeEffectiveBits = -67778, /* An effective bits attribute was not valid. */ - errSecMissingAttributeEffectiveBits = -67779, /* An effective bits attribute was missing. */ - errSecInvalidAttributeStartDate = -67780, /* A start date attribute was not valid. */ - errSecMissingAttributeStartDate = -67781, /* A start date attribute was missing. */ - errSecInvalidAttributeEndDate = -67782, /* An end date attribute was not valid. */ - errSecMissingAttributeEndDate = -67783, /* An end date attribute was missing. */ - errSecInvalidAttributeVersion = -67784, /* A version attribute was not valid. */ - errSecMissingAttributeVersion = -67785, /* A version attribute was missing. */ - errSecInvalidAttributePrime = -67786, /* A prime attribute was not valid. */ - errSecMissingAttributePrime = -67787, /* A prime attribute was missing. */ - errSecInvalidAttributeBase = -67788, /* A base attribute was not valid. */ - errSecMissingAttributeBase = -67789, /* A base attribute was missing. */ - errSecInvalidAttributeSubprime = -67790, /* A subprime attribute was not valid. */ - errSecMissingAttributeSubprime = -67791, /* A subprime attribute was missing. */ - errSecInvalidAttributeIterationCount = -67792, /* An iteration count attribute was not valid. */ - errSecMissingAttributeIterationCount = -67793, /* An iteration count attribute was missing. */ - errSecInvalidAttributeDLDBHandle = -67794, /* A database handle attribute was not valid. */ - errSecMissingAttributeDLDBHandle = -67795, /* A database handle attribute was missing. */ - errSecInvalidAttributeAccessCredentials = -67796, /* An access credentials attribute was not valid. */ - errSecMissingAttributeAccessCredentials = -67797, /* An access credentials attribute was missing. */ - errSecInvalidAttributePublicKeyFormat = -67798, /* A public key format attribute was not valid. */ - errSecMissingAttributePublicKeyFormat = -67799, /* A public key format attribute was missing. */ - errSecInvalidAttributePrivateKeyFormat = -67800, /* A private key format attribute was not valid. */ - errSecMissingAttributePrivateKeyFormat = -67801, /* A private key format attribute was missing. */ - errSecInvalidAttributeSymmetricKeyFormat = -67802, /* A symmetric key format attribute was not valid. */ - errSecMissingAttributeSymmetricKeyFormat = -67803, /* A symmetric key format attribute was missing. */ - errSecInvalidAttributeWrappedKeyFormat = -67804, /* A wrapped key format attribute was not valid. */ - errSecMissingAttributeWrappedKeyFormat = -67805, /* A wrapped key format attribute was missing. */ - errSecStagedOperationInProgress = -67806, /* A staged operation is in progress. */ - errSecStagedOperationNotStarted = -67807, /* A staged operation was not started. */ - errSecVerifyFailed = -67808, /* A cryptographic verification failure has occurred. */ - errSecQuerySizeUnknown = -67809, /* The query size is unknown. */ - errSecBlockSizeMismatch = -67810, /* A block size mismatch occurred. */ - errSecPublicKeyInconsistent = -67811, /* The public key was inconsistent. */ - errSecDeviceVerifyFailed = -67812, /* A device verification failure has occurred. */ - errSecInvalidLoginName = -67813, /* An invalid login name was detected. */ - errSecAlreadyLoggedIn = -67814, /* The user is already logged in. */ - errSecInvalidDigestAlgorithm = -67815, /* An invalid digest algorithm was detected. */ - errSecInvalidCRLGroup = -67816, /* An invalid CRL group was detected. */ - errSecCertificateCannotOperate = -67817, /* The certificate cannot operate. */ - errSecCertificateExpired = -67818, /* An expired certificate was detected. */ - errSecCertificateNotValidYet = -67819, /* The certificate is not yet valid. */ - errSecCertificateRevoked = -67820, /* The certificate was revoked. */ - errSecCertificateSuspended = -67821, /* The certificate was suspended. */ - errSecInsufficientCredentials = -67822, /* Insufficient credentials were detected. */ - errSecInvalidAction = -67823, /* The action was not valid. */ - errSecInvalidAuthority = -67824, /* The authority was not valid. */ - errSecVerifyActionFailed = -67825, /* A verify action has failed. */ - errSecInvalidCertAuthority = -67826, /* The certificate authority was not valid. */ - errSecInvaldCRLAuthority = -67827, /* The CRL authority was not valid. */ - errSecInvalidCRLEncoding = -67828, /* The CRL encoding was not valid. */ - errSecInvalidCRLType = -67829, /* The CRL type was not valid. */ - errSecInvalidCRL = -67830, /* The CRL was not valid. */ - errSecInvalidFormType = -67831, /* The form type was not valid. */ - errSecInvalidID = -67832, /* The ID was not valid. */ - errSecInvalidIdentifier = -67833, /* The identifier was not valid. */ - errSecInvalidIndex = -67834, /* The index was not valid. */ - errSecInvalidPolicyIdentifiers = -67835, /* The policy identifiers are not valid. */ - errSecInvalidTimeString = -67836, /* The time specified was not valid. */ - errSecInvalidReason = -67837, /* The trust policy reason was not valid. */ - errSecInvalidRequestInputs = -67838, /* The request inputs are not valid. */ - errSecInvalidResponseVector = -67839, /* The response vector was not valid. */ - errSecInvalidStopOnPolicy = -67840, /* The stop-on policy was not valid. */ - errSecInvalidTuple = -67841, /* The tuple was not valid. */ - errSecMultipleValuesUnsupported = -67842, /* Multiple values are not supported. */ - errSecNotTrusted = -67843, /* The trust policy was not trusted. */ - errSecNoDefaultAuthority = -67844, /* No default authority was detected. */ - errSecRejectedForm = -67845, /* The trust policy had a rejected form. */ - errSecRequestLost = -67846, /* The request was lost. */ - errSecRequestRejected = -67847, /* The request was rejected. */ - errSecUnsupportedAddressType = -67848, /* The address type is not supported. */ - errSecUnsupportedService = -67849, /* The service is not supported. */ - errSecInvalidTupleGroup = -67850, /* The tuple group was not valid. */ - errSecInvalidBaseACLs = -67851, /* The base ACLs are not valid. */ - errSecInvalidTupleCredendtials = -67852, /* The tuple credentials are not valid. */ - errSecInvalidEncoding = -67853, /* The encoding was not valid. */ - errSecInvalidValidityPeriod = -67854, /* The validity period was not valid. */ - errSecInvalidRequestor = -67855, /* The requestor was not valid. */ - errSecRequestDescriptor = -67856, /* The request descriptor was not valid. */ - errSecInvalidBundleInfo = -67857, /* The bundle information was not valid. */ - errSecInvalidCRLIndex = -67858, /* The CRL index was not valid. */ - errSecNoFieldValues = -67859, /* No field values were detected. */ - errSecUnsupportedFieldFormat = -67860, /* The field format is not supported. */ - errSecUnsupportedIndexInfo = -67861, /* The index information is not supported. */ - errSecUnsupportedLocality = -67862, /* The locality is not supported. */ - errSecUnsupportedNumAttributes = -67863, /* The number of attributes is not supported. */ - errSecUnsupportedNumIndexes = -67864, /* The number of indexes is not supported. */ - errSecUnsupportedNumRecordTypes = -67865, /* The number of record types is not supported. */ - errSecFieldSpecifiedMultiple = -67866, /* Too many fields were specified. */ - errSecIncompatibleFieldFormat = -67867, /* The field format was incompatible. */ - errSecInvalidParsingModule = -67868, /* The parsing module was not valid. */ - errSecDatabaseLocked = -67869, /* The database is locked. */ - errSecDatastoreIsOpen = -67870, /* The data store is open. */ - errSecMissingValue = -67871, /* A missing value was detected. */ - errSecUnsupportedQueryLimits = -67872, /* The query limits are not supported. */ - errSecUnsupportedNumSelectionPreds = -67873, /* The number of selection predicates is not supported. */ - errSecUnsupportedOperator = -67874, /* The operator is not supported. */ - errSecInvalidDBLocation = -67875, /* The database location is not valid. */ - errSecInvalidAccessRequest = -67876, /* The access request is not valid. */ - errSecInvalidIndexInfo = -67877, /* The index information is not valid. */ - errSecInvalidNewOwner = -67878, /* The new owner is not valid. */ - errSecInvalidModifyMode = -67879, /* The modify mode is not valid. */ - errSecMissingRequiredExtension = -67880, /* A required certificate extension is missing. */ - errSecExtendedKeyUsageNotCritical = -67881, /* The extended key usage extension was not marked critical. */ - errSecTimestampMissing = -67882, /* A timestamp was expected but was not found. */ - errSecTimestampInvalid = -67883, /* The timestamp was not valid. */ - errSecTimestampNotTrusted = -67884, /* The timestamp was not trusted. */ - errSecTimestampServiceNotAvailable = -67885, /* The timestamp service is not available. */ - errSecTimestampBadAlg = -67886, /* An unrecognized or unsupported Algorithm Identifier in timestamp. */ - errSecTimestampBadRequest = -67887, /* The timestamp transaction is not permitted or supported. */ - errSecTimestampBadDataFormat = -67888, /* The timestamp data submitted has the wrong format. */ - errSecTimestampTimeNotAvailable = -67889, /* The time source for the Timestamp Authority is not available. */ - errSecTimestampUnacceptedPolicy = -67890, /* The requested policy is not supported by the Timestamp Authority. */ - errSecTimestampUnacceptedExtension = -67891, /* The requested extension is not supported by the Timestamp Authority. */ - errSecTimestampAddInfoNotAvailable = -67892, /* The additional information requested is not available. */ - errSecTimestampSystemFailure = -67893, /* The timestamp request cannot be handled due to system failure. */ - errSecSigningTimeMissing = -67894, /* A signing time was expected but was not found. */ - errSecTimestampRejection = -67895, /* A timestamp transaction was rejected. */ - errSecTimestampWaiting = -67896, /* A timestamp transaction is waiting. */ - errSecTimestampRevocationWarning = -67897, /* A timestamp authority revocation warning was issued. */ - errSecTimestampRevocationNotification = -67898, /* A timestamp authority revocation notification was issued. */ -}; - -CF_IMPLICIT_BRIDGING_DISABLED -CF_ASSUME_NONNULL_END - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECBASE_H_ */ diff --git a/OSX/libsecurity_keychain/lib/SecBasePriv.h b/OSX/libsecurity_keychain/lib/SecBasePriv.h deleted file mode 100644 index 23599b80..00000000 --- a/OSX/libsecurity_keychain/lib/SecBasePriv.h +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright (c) 2003-2008,2011,2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecBasePriv - SecBasePriv contains private error codes for the Security framework. - */ -#ifndef _SECURITY_SECBASEPRIV_H_ -#define _SECURITY_SECBASEPRIV_H_ - -#include -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -/******************************************************* - *** Private OSStatus values unique to Security APIs *** - *******************************************************/ - -/* - Note: the comments that appear after these errors are used to create SecErrorMessages.strings. - The comments must not be multi-line, and should be in a form meaningful to an end user. If - a different or additional comment is needed, it can be put in the header doc format, or on a - line that does not start with errZZZ. -*/ - -enum -{ - priv_errSecUnimplemented = -4, /* Private version of errSecUnimplemented constant. */ - priv_errSecParam = -50, /* Private version of errSecParam constant. */ - priv_errSecDecode = -26275, /* Private version of errSecDecode constant. */ -}; - -enum -{ - errSecInvalidCertificate = priv_errSecDecode, // -26265, /* This certificate could not be decoded. */ - errSecPolicyDenied = -26270, /* The certificate chain was not trusted due to a policy not accepting it. */ - errSecInvalidKey = priv_errSecDecode, // -26274, /* The provided key material was not valid. */ - errSecInternal = -26276, /* An internal error occured in the Security framework. */ - errSecUnsupportedAlgorithm = priv_errSecUnimplemented, // -26268, /* An unsupported algorithm was encountered. */ - errSecUnsupportedOperation = priv_errSecUnimplemented, // -26271, /* The operation you requested is not supported by this key. */ - errSecUnsupportedPadding = priv_errSecParam, // -26273, /* The padding you requested is not supported. */ - errSecItemInvalidKey = priv_errSecParam, // -34000, /* A string key in dictionary is not one of the supported keys. */ - errSecItemInvalidKeyType = priv_errSecParam, // -34001, /* A key in a dictionary is neither a CFStringRef nor a CFNumberRef. */ - errSecItemInvalidValue = priv_errSecParam, // -34002, /* A value in a dictionary is an invalid (or unsupported) CF type. */ - errSecItemClassMissing = priv_errSecParam, // -34003, /* No kSecItemClass key was specified in a dictionary. */ - errSecItemMatchUnsupported = priv_errSecParam, // -34004, /* The caller passed one or more kSecMatch keys to a function which does not support matches. */ - errSecUseItemListUnsupported = priv_errSecParam, // -34005, /* The caller passed in a kSecUseItemList key to a function which does not support it. */ - errSecUseKeychainUnsupported = priv_errSecParam, // -34006, /* The caller passed in a kSecUseKeychain key to a function which does not support it. */ - errSecUseKeychainListUnsupported = priv_errSecParam, // -34007, /* The caller passed in a kSecUseKeychainList key to a function which does not support it. */ - errSecReturnDataUnsupported = priv_errSecParam, // -34008, /* The caller passed in a kSecReturnData key to a function which does not support it. */ - errSecReturnAttributesUnsupported = priv_errSecParam, // -34009, /* The caller passed in a kSecReturnAttributes key to a function which does not support it. */ - errSecReturnRefUnsupported = priv_errSecParam, // -34010, /* The caller passed in a kSecReturnRef key to a function which does not support it. */ - errSecValueRefUnsupported = priv_errSecParam, // -34012, /* The caller passed in a kSecValueRef key to a function which does not support it. */ - errSecValuePersistentRefUnsupported = priv_errSecParam, // -34013, /* The caller passed in a kSecValuePersistentRef key to a function which does not support it. */ - errSecReturnMissingPointer = priv_errSecParam, // -34014, /* The caller passed asked for something to be returned but did not pass in a result pointer. */ - errSecMatchLimitUnsupported = priv_errSecParam, // -34015, /* The caller passed in a kSecMatchLimit key to a call which does not support limits. */ - errSecItemIllegalQuery = priv_errSecParam, // -34016, /* The caller passed in a query which contained too many keys. */ - errSecMissingEntitlement = -34018, /* Internal error when a required entitlement isn't present. */ -}; - -const char *cssmErrorString(CSSM_RETURN error); - -OSStatus SecKeychainErrFromOSStatus(OSStatus osStatus) - __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_NA); - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECBASEPRIV_H_ */ diff --git a/OSX/libsecurity_keychain/lib/SecBridge.h b/OSX/libsecurity_keychain/lib/SecBridge.h index 7cfad673..ed923939 100644 --- a/OSX/libsecurity_keychain/lib/SecBridge.h +++ b/OSX/libsecurity_keychain/lib/SecBridge.h @@ -71,7 +71,6 @@ using namespace KeychainCore; // BEGIN_SECKCITEMAPI // Note: this macro assumes an input parameter named "itemRef" // -#if SECTRUST_OSX #define BEGIN_SECKCITEMAPI \ OSStatus __secapiresult=errSecSuccess; \ SecKeychainItemRef __itemImplRef=NULL; \ @@ -90,12 +89,7 @@ using namespace KeychainCore; __itemImplRef=(SecKeychainItemRef)((itemRef) ? CFRetain(itemRef) : NULL); \ } \ try { -#else -#define BEGIN_SECKCITEMAPI \ - OSStatus __secapiresult=errSecSuccess; \ - SecKeychainItemRef __itemImplRef=(SecKeychainItemRef)((itemRef) ? CFRetain(itemRef) : NULL); \ - try { -#endif + // // END_SECKCITEMAPI // @@ -112,7 +106,6 @@ using namespace KeychainCore; // BEGIN_SECCERTAPI // Note: this macro assumes an input parameter named "certificate" // -#if SECTRUST_OSX #define BEGIN_SECCERTAPI \ OSStatus __secapiresult=errSecSuccess; \ SecCertificateRef __itemImplRef=NULL; \ @@ -121,12 +114,7 @@ using namespace KeychainCore; if (!__itemImplRef && certificate) { __itemImplRef=SecCertificateCreateItemImplInstance(certificate); \ (void)SecCertificateSetKeychainItem(certificate,__itemImplRef); } \ try { -#else -#define BEGIN_SECCERTAPI \ - OSStatus __secapiresult=errSecSuccess; \ - SecCertificateRef __itemImplRef=(SecCertificateRef)((certificate)?CFRetain(certificate):NULL); \ - try { -#endif + // // END_SECCERTAPI // diff --git a/OSX/libsecurity_keychain/lib/SecCertificate.cpp b/OSX/libsecurity_keychain/lib/SecCertificate.cpp index ff0f1ceb..8c3454c6 100644 --- a/OSX/libsecurity_keychain/lib/SecCertificate.cpp +++ b/OSX/libsecurity_keychain/lib/SecCertificate.cpp @@ -63,12 +63,7 @@ SEC_CONST_DECL (kSecCertificateEscrowFileName, "AppleESCertificates"); using namespace CssmClient; -CFTypeID -#if SECTRUST_OSX -static SecCertificateGetTypeID_osx(void) -#else -SecCertificateGetTypeID(void) -#endif +CFTypeID static SecCertificateGetTypeID_osx(void) { BEGIN_SECAPI @@ -83,9 +78,7 @@ SecCertificateIsItemImplInstance(SecCertificateRef certificate) if (certificate == NULL) { return false; } -#if !SECTRUST_OSX - return true; -#else + CFTypeID typeID = CFGetTypeID(certificate); #if 0 /* debug code to verify type IDs */ @@ -101,16 +94,12 @@ SecCertificateIsItemImplInstance(SecCertificateRef certificate) return (typeID == SecCertificateGetTypeID_osx() || typeID == SecKeychainItemGetTypeID()) ? true : false; -#endif } /* convert a new-world SecCertificateRef to an old-world ItemImpl instance */ SecCertificateRef SecCertificateCreateItemImplInstance(SecCertificateRef certificate) { -#if !SECTRUST_OSX - return (SecCertificateRef)(certificate ? CFRetain(certificate) : NULL); -#else if (!certificate) { return NULL; } @@ -133,16 +122,12 @@ SecCertificateCreateItemImplInstance(SecCertificateRef certificate) catch (...) {} CFRelease(data); return implCertRef; -#endif } /* convert an old-world ItemImpl instance to a new-world SecCertificateRef */ SecCertificateRef SecCertificateCreateFromItemImplInstance(SecCertificateRef certificate) { -#if !SECTRUST_OSX - return (SecCertificateRef)(certificate ? CFRetain(certificate) : NULL); -#else if (!certificate) { return NULL; } @@ -170,41 +155,13 @@ SecCertificateCreateFromItemImplInstance(SecCertificateRef certificate) if (data) CFRelease(data); return result; -#endif } -#if !SECTRUST_OSX -OSStatus -SecCertificateSetKeychainItem(SecCertificateRef certificate, CFTypeRef keychain_item) -{ - // pre-STU, this function is a no-op since it's the same item reference - return errSecSuccess; -} -#endif - -#if !SECTRUST_OSX -CFTypeRef -SecCertificateCopyKeychainItem(SecCertificateRef certificate) -{ - if (certificate) { - CFRetain(certificate); - } - return certificate; -} -#endif /* OS X only: DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER */ OSStatus SecCertificateCreateFromData(const CSSM_DATA *data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding, SecCertificateRef *certificate) { -#if !SECTRUST_OSX - BEGIN_SECAPI - - SecPointer certificatePtr(new Certificate(Required(data), type, encoding)); - Required(certificate) = certificatePtr->handle(); - - END_SECAPI -#else /* bridge to support old functionality */ if (!data || !data->Data || !data->Length || !certificate) { return errSecParam; @@ -226,34 +183,7 @@ SecCertificateCreateFromData(const CSSM_DATA *data, CSSM_CERT_TYPE type, CSSM_CE } *certificate = certRef; return (certRef) ? errSecSuccess : errSecUnknownFormat; -#endif -} - -#if !SECTRUST_OSX -/* new in 10.6 */ -SecCertificateRef -SecCertificateCreateWithData(CFAllocatorRef allocator, CFDataRef data) -{ - SecCertificateRef certificate = NULL; - OSStatus __secapiresult; - try { - CSSM_DATA cssmCertData; - cssmCertData.Length = (data) ? (CSSM_SIZE)CFDataGetLength(data) : 0; - cssmCertData.Data = (data) ? (uint8 *)CFDataGetBytePtr(data) : NULL; - - //NOTE: there isn't yet a Certificate constructor which accepts a CFAllocatorRef - SecPointer certificatePtr(new Certificate(cssmCertData, CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_DER)); - certificate = certificatePtr->handle(); - - __secapiresult=errSecSuccess; - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - return certificate; } -#endif /* OS X only: __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_NA) */ OSStatus @@ -272,13 +202,6 @@ SecCertificateAddToKeychain(SecCertificateRef certificate, SecKeychainRef keycha OSStatus SecCertificateGetData(SecCertificateRef certificate, CSSM_DATA_PTR data) { -#if !SECTRUST_OSX - BEGIN_SECAPI - - Required(data) = Certificate::required(certificate)->data(); - - END_SECAPI -#else BEGIN_SECCERTAPI if (!certificate || !data) { @@ -293,108 +216,7 @@ SecCertificateGetData(SecCertificateRef certificate, CSSM_DATA_PTR data) } END_SECCERTAPI -#endif -} - -#if !SECTRUST_OSX -/* new in 10.6 */ -CFDataRef -SecCertificateCopyData(SecCertificateRef certificate) -{ - CFDataRef data = NULL; - OSStatus __secapiresult = errSecSuccess; - try { - CssmData output = Certificate::required(certificate)->data(); - CFIndex length = (CFIndex)output.length(); - const UInt8 *bytes = (const UInt8 *)output.data(); - if (length && bytes) { - data = CFDataCreate(NULL, bytes, length); - } - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - return data; -} -#endif - -#if !SECTRUST_OSX -/* new in 10.12 */ -CFDataRef -SecCertificateCopySHA256Digest(SecCertificateRef certificate) -{ - CFDataRef data = NULL; - OSStatus __secapiresult = errSecSuccess; - try { - data = Certificate::required(certificate)->sha256Hash(); - if (data) { - CFRetain(data); - } - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - return data; } -#endif - -#if !SECTRUST_OSX -CFDataRef -SecCertificateGetSHA1Digest(SecCertificateRef certificate) -{ - CFDataRef data = NULL; - OSStatus __secapiresult = errSecSuccess; - try { - data = Certificate::required(certificate)->sha1Hash(); - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - return data; -} -#endif - -#if !SECTRUST_OSX -CFDataRef -SecCertificateCopyPublicKeySHA1Digest(SecCertificateRef certificate) -{ - CFDataRef data = NULL; - OSStatus __secapiresult = errSecSuccess; - try { - CssmData output = Certificate::required(certificate)->publicKeyHash(); - CFIndex length = (CFIndex)output.length(); - const UInt8 *bytes = (const UInt8 *)output.data(); - if (length && bytes) { - data = CFDataCreate(NULL, bytes, length); - } - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - return data; -} -#endif - -#if !SECTRUST_OSX -CFArrayRef -SecCertificateCopyDNSNames(SecCertificateRef certificate) -{ - CFArrayRef names = NULL; - OSStatus __secapiresult = errSecSuccess; - try { - names = Certificate::required(certificate)->copyDNSNames(); - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - return names; -} -#endif /* OS X only: DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER */ OSStatus @@ -498,57 +320,6 @@ SecCertificateGetAlgorithmID(SecCertificateRef certificate, const CSSM_X509_ALGO END_SECCERTAPI } -/* OS X only: __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA) */ -OSStatus -SecCertificateCopyCommonName(SecCertificateRef certificate, CFStringRef *commonName) -{ - // This macro creates an ItemImpl certificate if it does not exist - BEGIN_SECCERTAPI - - Required(commonName) = Certificate::required(__itemImplRef)->commonName(); - - END_SECCERTAPI -} - -#if !SECTRUST_OSX -/* new in 10.6 */ -CFStringRef -SecCertificateCopySubjectSummary(SecCertificateRef certificate) -{ - CFStringRef summary = NULL; - OSStatus __secapiresult; - try { - Certificate::required(certificate)->inferLabel(false, &summary); - - __secapiresult=errSecSuccess; - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - return summary; -} -#endif - -#if !SECTRUST_OSX -CFStringRef -SecCertificateCopyIssuerSummary(SecCertificateRef certificate) -{ - CFStringRef issuerStr = NULL; - SecCertificateRefP certP = NULL; - CFDataRef certData = SecCertificateCopyData(certificate); - if (certData) { - certP = SecCertificateCreateWithDataP(NULL, certData); - CFRelease(certData); - } - if (certP) { - issuerStr = SecCertificateCopyIssuerSummaryP(certP); - CFRelease(certP); - } - return issuerStr; -} -#endif - /* OS X only */ OSStatus SecCertificateCopySubjectComponent(SecCertificateRef certificate, const CSSM_OID *component, CFStringRef *result) @@ -674,14 +445,12 @@ SecCertificateFindByIssuerAndSN(CFTypeRef keychainOrArray,const CSSM_DATA *issue globals().storageManager.optionalSearchList(keychainOrArray, keychains); Required(certificate) = Certificate::findByIssuerAndSN(keychains, CssmData::required(issuer), CssmData::required(serialNumber))->handle(); -#if SECTRUST_OSX // convert ItemImpl-based SecCertificateRef to new-world version before returning CssmData certData = Certificate::required(*certificate)->data(); CFRef cfData(CFDataCreate(NULL, certData.Data, certData.Length)); SecCertificateRef tmpRef = *certificate; *certificate = SecCertificateCreateWithData(NULL, cfData); CFRelease(tmpRef); -#endif END_SECAPI } @@ -712,14 +481,12 @@ SecCertificateFindBySubjectKeyID(CFTypeRef keychainOrArray, const CSSM_DATA *sub globals().storageManager.optionalSearchList(keychainOrArray, keychains); Required(certificate) = Certificate::findBySubjectKeyID(keychains, CssmData::required(subjectKeyID))->handle(); -#if SECTRUST_OSX // convert ItemImpl-based SecCertificateRef to new-world version before returning CssmData certData = Certificate::required(*certificate)->data(); CFRef cfData(CFDataCreate(NULL, certData.Data, certData.Length)); SecCertificateRef tmpRef = *certificate; *certificate = SecCertificateCreateWithData(NULL, cfData); CFRelease(tmpRef); -#endif END_SECAPI } @@ -753,14 +520,12 @@ SecCertificateFindByEmail(CFTypeRef keychainOrArray, const char *emailAddress, S globals().storageManager.optionalSearchList(keychainOrArray, keychains); Required(certificate) = Certificate::findByEmail(keychains, emailAddress)->handle(); -#if SECTRUST_OSX // convert ItemImpl-based SecCertificateRef to new-world version before returning CssmData certData = Certificate::required(*certificate)->data(); CFRef cfData(CFDataCreate(NULL, certData.Data, certData.Length)); SecCertificateRef tmpRef = *certificate; *certificate = SecCertificateCreateWithData(NULL, cfData); CFRelease(tmpRef); -#endif END_SECAPI } @@ -856,20 +621,6 @@ SecDigestGetData (CSSM_ALGORITHMS alg, CSSM_DATA* digest, const CSSM_DATA* data) END_SECAPI1(1); } -#if !SECTRUST_OSX -/* determine whether a cert is self-signed */ -OSStatus SecCertificateIsSelfSigned( - SecCertificateRef certificate, - Boolean *isSelfSigned) /* RETURNED */ -{ - BEGIN_SECAPI - - *isSelfSigned = Certificate::required(certificate)->isSelfSigned(); - - END_SECAPI -} -#endif - /* OS X only: DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER */ OSStatus SecCertificateCopyPreference( @@ -916,7 +667,6 @@ SecCertificateCopyPreference( *certificate = (SecCertificateRef)certItemRef; -#if SECTRUST_OSX if (certItemRef && (CFGetTypeID(certItemRef) == SecIdentityGetTypeID())) { // SecKeychainItemCopyFromPersistentReference handed out an identity reference *certificate = NULL; @@ -924,15 +674,6 @@ SecCertificateCopyPreference( CFRelease(certItemRef); return status; } -#if 0 /* SecKeychainItemCopyFromPersistentReference now does this work for us */ - // convert ItemImpl-based SecCertificateRef to new-world version before returning - CssmData certData = Certificate::required(*certificate)->data(); - CFRef cfData(CFDataCreate(NULL, certData.Data, certData.Length)); - SecCertificateRef tmpRef = *certificate; - *certificate = SecCertificateCreateWithData(NULL, cfData); - CFRelease(tmpRef); -#endif -#endif END_SECAPI } @@ -1013,7 +754,7 @@ OSStatus SecCertificateDeletePreferenceItemWithNameAndKeyUsage( // cut things off at that point if we're still finding items (if they can't // be deleted for some reason, we'd never break out of the loop.) - OSStatus status; + OSStatus status = errSecSuccess; SecKeychainItemRef item = NULL; int count = 0, maxUsages = 12; while (++count <= maxUsages && @@ -1158,14 +899,13 @@ CFDictionaryRef SecCertificateCopyValues(SecCertificateRef certificate, CFArrayR CFDictionaryRef result = NULL; OSStatus __secapiresult; SecCertificateRef tmpcert = NULL; -#if SECTRUST_OSX + // convert input to a new-style certificate reference if necessary, // since the implementation of CertificateValues calls SecCertificate API functions // which now assume a unified certificate reference. if (SecCertificateIsItemImplInstance(certificate)) { tmpcert = SecCertificateCreateFromItemImplInstance(certificate); } -#endif if (certificate && !tmpcert) { tmpcert = (SecCertificateRef) CFRetain(certificate); } @@ -1220,7 +960,7 @@ CFDataRef SecCertificateCopySerialNumber(SecCertificateRef certificate, CFErrorR return result; } -/* OS X only: __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA) */ +/* OS X only: __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_7, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA) */ CFDataRef SecCertificateCopyNormalizedIssuerContent(SecCertificateRef certificate, CFErrorRef *error) { CFDataRef result = NULL; @@ -1238,7 +978,7 @@ CFDataRef SecCertificateCopyNormalizedIssuerContent(SecCertificateRef certificat return result; } -/* OS X only: __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA) */ +/* OS X only: __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_7, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA) */ CFDataRef SecCertificateCopyNormalizedSubjectContent(SecCertificateRef certificate, CFErrorRef *error) { CFDataRef result = NULL; @@ -1256,85 +996,6 @@ CFDataRef SecCertificateCopyNormalizedSubjectContent(SecCertificateRef certifica return result; } -#if !SECTRUST_OSX -CFDataRef SecCertificateCopyIssuerSequence(SecCertificateRef certificate) -{ - CFDataRef result = NULL; - OSStatus __secapiresult; - try - { - CertificateValues cv(certificate); - result = cv.copyIssuerSequence(NULL); - __secapiresult=0; - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - return result; -} -#endif - -#if !SECTRUST_OSX -CFDataRef SecCertificateCopySubjectSequence(SecCertificateRef certificate) -{ - CFDataRef result = NULL; - OSStatus __secapiresult; - try - { - CertificateValues cv(certificate); - result = cv.copySubjectSequence(NULL); - __secapiresult=0; - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - return result; -} -#endif - -#if !SECTRUST_OSX -CFDictionaryRef SecCertificateCopyAttributeDictionary(SecCertificateRef certificate) -{ - CFDictionaryRef result = NULL; - OSStatus status; - try - { - CertificateValues cv(certificate); - result = cv.copyAttributeDictionary(NULL); - status=0; - } - catch (const MacOSError &err) { status=err.osStatus(); } - catch (const CommonError &err) { status=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { status=errSecAllocate; } - catch (...) { status=errSecInternalComponent; } - - return result; -} -#endif - -#if !SECTRUST_OSX -bool SecCertificateIsValid(SecCertificateRef certificate, CFAbsoluteTime verifyTime) -{ - bool result = NULL; - OSStatus __secapiresult; - try - { - CFErrorRef error = NULL; - CertificateValues cv(certificate); - result = cv.isValid(verifyTime, &error); - if (error) CFRelease(error); - __secapiresult=0; - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - return result; -} -#endif - /* OS X only: __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_7, __MAC_10_9, __IPHONE_NA, __IPHONE_NA) */ bool SecCertificateIsValidX(SecCertificateRef certificate, CFAbsoluteTime verifyTime) { @@ -1343,341 +1004,3 @@ bool SecCertificateIsValidX(SecCertificateRef certificate, CFAbsoluteTime verify */ return SecCertificateIsValid(certificate, verifyTime); } - -#if !SECTRUST_OSX -CFAbsoluteTime SecCertificateNotValidBefore(SecCertificateRef certificate) -{ - CFAbsoluteTime result = 0; - OSStatus __secapiresult; - try - { - CFErrorRef error = NULL; - CertificateValues cv(certificate); - result = cv.notValidBefore(&error); - if (error) CFRelease(error); - __secapiresult=0; - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - return result; -} -#endif - -#if !SECTRUST_OSX -CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRef certificate) -{ - CFAbsoluteTime result = 0; - OSStatus __secapiresult; - try - { - CFErrorRef error = NULL; - CertificateValues cv(certificate); - result = cv.notValidAfter(&error); - if (error) CFRelease(error); - __secapiresult=0; - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - return result; -} -#endif - -#if !SECTRUST_OSX -/* new in 10.8 */ -SecCertificateRef SecCertificateCreateWithBytes(CFAllocatorRef allocator, - const UInt8 *bytes, CFIndex length) -{ - SecCertificateRef certificate = NULL; - OSStatus __secapiresult; - try { - CSSM_DATA cssmCertData = { (CSSM_SIZE)length, (uint8 *)bytes }; - - //NOTE: there isn't yet a Certificate constructor which accepts a CFAllocatorRef - SecPointer certificatePtr(new Certificate(cssmCertData, CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_DER)); - certificate = certificatePtr->handle(); - - __secapiresult=errSecSuccess; - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - return certificate; -} -#endif - -#if !SECTRUST_OSX -/* new in 10.8 */ -CFIndex SecCertificateGetLength(SecCertificateRef certificate) -{ - CFIndex length = 0; - OSStatus __secapiresult; - try { - CssmData output = Certificate::required(certificate)->data(); - length = (CFIndex)output.length(); - __secapiresult=errSecSuccess; - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - return length; -} -#endif - -#if !SECTRUST_OSX -/* new in 10.8 */ -const UInt8 *SecCertificateGetBytePtr(SecCertificateRef certificate) -{ - const UInt8 *bytes = NULL; - OSStatus __secapiresult; - try { - CssmData output = Certificate::required(certificate)->data(); - bytes = (const UInt8 *)output.data(); - __secapiresult=errSecSuccess; - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - return bytes; -} -#endif - -#if !SECTRUST_OSX -/* not exported */ -static CFArrayRef CopyEscrowCertificates(SecCertificateEscrowRootType escrowRootType, CFErrorRef *error) -{ - // Return array of CFDataRef certificates. - CFArrayRef result = NULL; - int iCnt; - int numRoots = 0; - - // Get the hard coded set of production roots - // static struct RootRecord* kProductionEscrowRoots[] = {&kOldEscrowRootRecord, &kProductionEscrowRootRecord}; - - struct RootRecord** pEscrowRoots = NULL; - switch (escrowRootType) { - case kSecCertificateBaselineEscrowRoot: - numRoots = kNumberOfBaseLineEscrowRoots; - pEscrowRoots = kBaseLineEscrowRoots; - break; - case kSecCertificateProductionEscrowRoot: - numRoots = kNumberOfBaseLineEscrowRoots; //%%% currently, production == baseline on OS X - pEscrowRoots = kBaseLineEscrowRoots; - break; - case kSecCertificateBaselinePCSEscrowRoot: - numRoots = kNumberOfBaseLinePCSEscrowRoots; - pEscrowRoots = kBaseLinePCSEscrowRoots; - break; - case kSecCertificateProductionPCSEscrowRoot: - numRoots = kNumberOfBaseLinePCSEscrowRoots; //%%% currently, production == baseline on OS X - pEscrowRoots = kBaseLinePCSEscrowRoots; - break; - default: - break; - } - - CFDataRef productionCerts[numRoots]; - struct RootRecord* pRootRecord = NULL; - - for (iCnt = 0; pEscrowRoots != NULL && iCnt < numRoots; iCnt++) - { - pRootRecord = pEscrowRoots[iCnt]; - if (NULL != pRootRecord && pRootRecord->_length > 0 && NULL != pRootRecord->_bytes) - { - productionCerts[iCnt] = CFDataCreate(kCFAllocatorDefault, pRootRecord->_bytes, pRootRecord->_length); - } - } - result = CFArrayCreate(kCFAllocatorDefault, (const void **)productionCerts, numRoots, &kCFTypeArrayCallBacks); - for (iCnt = 0; iCnt < numRoots; iCnt++) - { - if (NULL != productionCerts[iCnt]) - { - CFRelease(productionCerts[iCnt]); - } - } - - return result; -} -#endif - -#if !SECTRUST_OSX -/* new in 10.9 */ -CFArrayRef SecCertificateCopyEscrowRoots(SecCertificateEscrowRootType escrowRootType) -{ - CFArrayRef result = NULL; - int iCnt; - int numRoots = 0; - CFDataRef certData = NULL; - - // The request is for the base line certificates. - // Use the hard coded data to generate the return array - if (kSecCertificateBaselineEscrowRoot == escrowRootType) - { - // Get the hard coded set of roots - numRoots = kNumberOfBaseLineEscrowRoots; - SecCertificateRef baseLineCerts[numRoots]; - struct RootRecord* pRootRecord = NULL; - - for (iCnt = 0; iCnt < numRoots; iCnt++) - { - pRootRecord = kBaseLineEscrowRoots[iCnt]; - if (NULL != pRootRecord && pRootRecord->_length > 0 && NULL != pRootRecord->_bytes) - { - certData = CFDataCreate(kCFAllocatorDefault, pRootRecord->_bytes, pRootRecord->_length); - if (NULL != certData) - { - baseLineCerts[iCnt] = SecCertificateCreateWithData(kCFAllocatorDefault, certData); - CFRelease(certData); - } - } - } - result = CFArrayCreate(kCFAllocatorDefault, (const void **)baseLineCerts, numRoots, &kCFTypeArrayCallBacks); - for (iCnt = 0; iCnt < numRoots; iCnt++) - { - if (NULL != baseLineCerts[iCnt]) - { - CFRelease(baseLineCerts[iCnt]); - } - } - } - // The request is for the current certificates. - else - { - CFErrorRef error = NULL; - CFArrayRef cert_datas = CopyEscrowCertificates(escrowRootType, &error); - if (NULL != error || NULL == cert_datas || 0 == (numRoots = (int)CFArrayGetCount(cert_datas))) - { - if (NULL != error) - { - CFRelease(error); - } - - if (NULL != cert_datas) - { - CFRelease(cert_datas); - } - return result; - } - - SecCertificateRef assetCerts[numRoots]; - for (iCnt = 0; iCnt < numRoots; iCnt++) - { - certData = (CFDataRef)CFArrayGetValueAtIndex(cert_datas, iCnt); - if (NULL != certData) - { - SecCertificateRef aCertRef = SecCertificateCreateWithData(kCFAllocatorDefault, certData); - assetCerts[iCnt] = aCertRef; - } - else - { - assetCerts[iCnt] = NULL; - } - } - - if (numRoots > 0) - { - result = CFArrayCreate(kCFAllocatorDefault, (const void **)assetCerts, numRoots, &kCFTypeArrayCallBacks); - for (iCnt = 0; iCnt < numRoots; iCnt++) - { - if (NULL != assetCerts[iCnt]) - { - CFRelease(assetCerts[iCnt]); - } - } - } - CFRelease(cert_datas); - } - - return result; -} -#endif - -#if !SECTRUST_OSX -/* new in 10.11 */ -SecSignatureHashAlgorithm SecCertificateGetSignatureHashAlgorithm(SecCertificateRef certificate) -{ - SecSignatureHashAlgorithm result = kSecSignatureHashAlgorithmUnknown; - CSSM_X509_ALGORITHM_IDENTIFIER_PTR algId = NULL; - CSSM_DATA_PTR fieldValue = NULL; - CSSM_OID_PTR algOID = NULL; - const CSSM_OID *sigAlgOID = &CSSMOID_X509V1SignatureAlgorithm; - OSStatus status; - - status = SecCertificateCopyFirstFieldValue(certificate, sigAlgOID, &fieldValue); - if (status || !fieldValue) { - return result; - } - algId = (CSSM_X509_ALGORITHM_IDENTIFIER_PTR)fieldValue->Data; - algOID = (algId) ? &algId->algorithm : NULL; - - while (algOID) { - if (!algOID->Data || !algOID->Length) { - break; - } - /* classify the signature algorithm OID into one of our known types */ - if (cuCompareCssmData(algOID, &CSSMOID_ECDSA_WithSHA512) || - cuCompareCssmData(algOID, &CSSMOID_SHA512WithRSA) || - cuCompareCssmData(algOID, &CSSMOID_SHA512)) { - result = kSecSignatureHashAlgorithmSHA512; - break; - } - if (cuCompareCssmData(algOID, &CSSMOID_ECDSA_WithSHA384) || - cuCompareCssmData(algOID, &CSSMOID_SHA384WithRSA) || - cuCompareCssmData(algOID, &CSSMOID_SHA384)) { - result = kSecSignatureHashAlgorithmSHA384; - break; - } - if (cuCompareCssmData(algOID, &CSSMOID_ECDSA_WithSHA256) || - cuCompareCssmData(algOID, &CSSMOID_SHA256WithRSA) || - cuCompareCssmData(algOID, &CSSMOID_SHA256)) { - result = kSecSignatureHashAlgorithmSHA256; - break; - } - if (cuCompareCssmData(algOID, &CSSMOID_ECDSA_WithSHA224) || - cuCompareCssmData(algOID, &CSSMOID_SHA224WithRSA) || - cuCompareCssmData(algOID, &CSSMOID_SHA224)) { - result = kSecSignatureHashAlgorithmSHA224; - break; - } - if (cuCompareCssmData(algOID, &CSSMOID_ECDSA_WithSHA1) || - cuCompareCssmData(algOID, &CSSMOID_SHA1WithRSA) || - cuCompareCssmData(algOID, &CSSMOID_SHA1WithDSA) || - cuCompareCssmData(algOID, &CSSMOID_SHA1WithDSA_CMS) || - cuCompareCssmData(algOID, &CSSMOID_SHA1WithDSA_JDK) || - cuCompareCssmData(algOID, &CSSMOID_SHA1WithRSA_OIW) || - cuCompareCssmData(algOID, &CSSMOID_APPLE_FEE_SHA1) || - cuCompareCssmData(algOID, &CSSMOID_SHA1)) { - result = kSecSignatureHashAlgorithmSHA1; - break; - } - if (cuCompareCssmData(algOID, &CSSMOID_MD5WithRSA) || - cuCompareCssmData(algOID, &CSSMOID_APPLE_FEE_MD5) || - cuCompareCssmData(algOID, &CSSMOID_MD5)) { - result = kSecSignatureHashAlgorithmMD5; - break; - } - if (cuCompareCssmData(algOID, &CSSMOID_MD4WithRSA) || - cuCompareCssmData(algOID, &CSSMOID_MD4)) { - result = kSecSignatureHashAlgorithmMD4; - break; - } - if (cuCompareCssmData(algOID, &CSSMOID_MD2WithRSA) || - cuCompareCssmData(algOID, &CSSMOID_MD2)) { - result = kSecSignatureHashAlgorithmMD2; - break; - } - break; - } - - (void)SecCertificateReleaseFirstFieldValue(certificate, sigAlgOID, fieldValue); - - return result; -} -#endif - diff --git a/OSX/libsecurity_keychain/lib/SecCertificate.h b/OSX/libsecurity_keychain/lib/SecCertificate.h deleted file mode 100644 index aac97e5a..00000000 --- a/OSX/libsecurity_keychain/lib/SecCertificate.h +++ /dev/null @@ -1,515 +0,0 @@ -/* - * Copyright (c) 2002-2011,2013 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecCertificate - The functions provided in SecCertificate implement and manage a particular type of keychain item that represents a certificate. You can store a certificate in a keychain, but a certificate can also be a transient object. - - You can use a certificate as a keychain item in most functions. -*/ - -#ifndef _SECURITY_SECCERTIFICATE_H_ -#define _SECURITY_SECCERTIFICATE_H_ - -#define _SECURITY_VERSION_GREATER_THAN_57610_ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -/* -#include -#include -*/ - -#if defined(__cplusplus) -extern "C" { -#endif - -CF_ASSUME_NONNULL_BEGIN -CF_IMPLICIT_BRIDGING_ENABLED - -/*! - @enum CertificateItemAttributes - @abstract Indicates the type of a certificate item attribute. - @constant kSecSubjectItemAttr Indicates a DER-encoded subject distinguished name. - @constant kSecIssuerItemAttr Indicates a DER-encoded issuer distinguished name. - @constant kSecSerialNumberItemAttr Indicates a DER-encoded certificate serial number (without the tag and length). - @constant kSecPublicKeyHashItemAttr Indicates a public key hash. - @constant kSecSubjectKeyIdentifierItemAttr Indicates a subject key identifier. - @constant kSecCertTypeItemAttr Indicates a certificate type. - @constant kSecCertEncodingItemAttr Indicates a certificate encoding. -*/ -enum -{ - kSecSubjectItemAttr = 'subj', - kSecIssuerItemAttr = 'issu', - kSecSerialNumberItemAttr = 'snbr', - kSecPublicKeyHashItemAttr = 'hpky', - kSecSubjectKeyIdentifierItemAttr = 'skid', - kSecCertTypeItemAttr = 'ctyp', - kSecCertEncodingItemAttr = 'cenc' -} /*DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER*/; - -/*! - @function SecCertificateGetTypeID - @abstract Returns the type identifier of SecCertificate instances. - @result The CFTypeID of SecCertificate instances. -*/ -CFTypeID SecCertificateGetTypeID(void) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); - -#pragma mark ---- Certificate Operations ---- - -/*! - @function SecCertificateCreateFromData - @abstract Creates a certificate based on the input data, type, and encoding. - @param data A pointer to the certificate data. - @param type The certificate type as defined in cssmtype.h. - @param encoding The certificate encoding as defined in cssmtype.h. - @param certificate On return, a reference to the newly created certificate. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This API is deprecated in 10.7 Please use the SecCertificateCreateWithData API instead. -*/ -OSStatus SecCertificateCreateFromData(const CSSM_DATA *data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding, SecCertificateRef * __nonnull CF_RETURNS_RETAINED certificate) - DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; - -/*! - @function SecCertificateCreateWithData - @abstract Create a certificate reference given its DER representation as a CFData. - @param allocator CFAllocator to allocate the certificate data. Pass NULL to use the default allocator. - @param data DER encoded X.509 certificate. - @result On return, a reference to the certificate. Returns NULL if the passed-in data is not a valid DER-encoded X.509 certificate. -*/ -__nullable -SecCertificateRef SecCertificateCreateWithData(CFAllocatorRef __nullable allocator, CFDataRef data) - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - -/*! - @function SecCertificateAddToKeychain - @abstract Adds a certificate to the specified keychain. - @param certificate A reference to a certificate. - @param keychain A reference to the keychain in which to add the certificate. Pass NULL to add the certificate to the default keychain. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is successful only if the certificate was created using the SecCertificateCreateFromData or - SecCertificateCreateWithData functions, and the certificate has not yet been added to the specified keychain. -*/ -OSStatus SecCertificateAddToKeychain(SecCertificateRef certificate, SecKeychainRef __nullable keychain) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_NA); - -/*! - @function SecCertificateGetData - @abstract Retrieves the data for a given certificate. - @param certificate A reference to the certificate from which to retrieve the data. - @param data On return, the CSSM_DATA structure pointed to by data is filled in. You must allocate the space for a CSSM_DATA structure before calling this function. This data pointer is only guaranteed to remain valid as long as the certificate remains unchanged and valid. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This API is deprecated in 10.7. Please use the SecCertificateCopyData API instead. -*/ -OSStatus SecCertificateGetData(SecCertificateRef certificate, CSSM_DATA_PTR data) - DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; - -/*! - @function SecCertificateCopyData - @abstract Returns the DER representation of an X.509 certificate. - @param certificate A reference to a certificate. - @result On return, a data reference containing the DER encoded representation of the X.509 certificate. - */ -CFDataRef SecCertificateCopyData(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - -/*! - @function SecCertificateGetType - @abstract Retrieves the type for a given certificate. - @param certificate A reference to the certificate from which to obtain the type. - @param certificateType On return, the certificate type of the certificate. Certificate types are defined in cssmtype.h. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This API is deprecated in 10.7. Please use the SecCertificateCopyValues API instead. -*/ -OSStatus SecCertificateGetType(SecCertificateRef certificate, CSSM_CERT_TYPE *certificateType) - DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; - -/*! - @function SecCertificateGetSubject - @abstract Retrieves the subject name for a given certificate. - @param certificate A reference to the certificate from which to obtain the subject name. - @param subject On return, a pointer to a CSSM_X509_NAME struct which contains the subject's X.509 name (x509defs.h). This pointer remains valid until the certificate reference is released. The caller should not attempt to free this pointer. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion Prior to Mac OS X 10.5, this function did not return any output in the subject parameter. Your code should check the returned pointer value (in addition to the function result) before attempting to use it. - For example: - const CSSM_X509_NAME *subject = NULL; - OSStatus status = SecCertificateGetSubject(certificate, &subject); - if ( (status == errSecSuccess) && (subject != NULL) ) { - // subject is valid - } - This API is deprecated in 10.7. Please use the SecCertificateCopyValues API instead. -*/ -OSStatus SecCertificateGetSubject(SecCertificateRef certificate, const CSSM_X509_NAME * __nullable * __nonnull subject) - DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; - -/*! - @function SecCertificateGetIssuer - @abstract Retrieves the issuer name for a given certificate. - @param certificate A reference to the certificate from which to obtain the issuer name. - @param issuer On return, a pointer to a CSSM_X509_NAME struct which contains the issuer's X.509 name (x509defs.h). This pointer remains valid until the certificate reference is released. The caller should not attempt to free this pointer. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion Prior to Mac OS X 10.5, this function did not return any output in the issuer parameter. Your code should check the returned pointer value (in addition to the function result) before attempting to use it. - For example: - const CSSM_X509_NAME *issuer = NULL; - OSStatus status = SecCertificateGetIssuer(certificate, &issuer); - if ( (status == errSecSuccess) && (issuer != NULL) ) { - // issuer is valid - } - This API is deprecated in 10.7. Please use the SecCertificateCopyValues API instead. -*/ -OSStatus SecCertificateGetIssuer(SecCertificateRef certificate, const CSSM_X509_NAME * __nullable * __nonnull issuer) - DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; - -/*! - @function SecCertificateGetCLHandle - @abstract Retrieves the certificate library handle for a given certificate. - @param certificate A reference to the certificate from which to obtain the certificate library handle. - @param clHandle On return, the certificate library handle of the given certificate. This handle remains valid at least as long as the certificate does. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This API is deprecated in 10.7. Please use the SecCertificateCopyValues API instead. -*/ -OSStatus SecCertificateGetCLHandle(SecCertificateRef certificate, CSSM_CL_HANDLE *clHandle) - DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; - -/*! - @function SecCertificateGetAlgorithmID - @abstract Retrieves the algorithm identifier for a given certificate. - @param certificate A reference to the certificate from which to retrieve the algorithm identifier. - @param algid On return, a pointer to a CSSM_X509_ALGORITHM_IDENTIFIER struct which identifies the algorithm for this certificate (x509defs.h). This pointer remains valid until the certificate reference is released. The caller should not attempt to free this pointer. - @result A result code. See "Security Error Codes" (SecBase.h). - discussion This API is deprecated in 10.7. Please use the SecCertificateCopyValues API instead. -*/ -OSStatus SecCertificateGetAlgorithmID(SecCertificateRef certificate, const CSSM_X509_ALGORITHM_IDENTIFIER * __nullable * __nonnull algid) - DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; - -/*! - @function SecCertificateCopyPublicKey - @abstract Retrieves the public key for a given certificate. - @param certificate A reference to the certificate from which to retrieve the public key. - @param key On return, a reference to the public key for the specified certificate. Your code must release this reference by calling the CFRelease function. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecCertificateCopyPublicKey(SecCertificateRef certificate, SecKeyRef * __nonnull CF_RETURNS_RETAINED key) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_NA); - -/*! - @function SecCertificateCopyCommonName - @abstract Retrieves the common name of the subject of a given certificate. - @param certificate A reference to the certificate from which to retrieve the common name. - @param commonName On return, a reference to the common name. Your code must release this reference by calling the CFRelease function. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion All the data in this string comes from the certificate itself, and thus it's in whatever language the certificate itself is in. - Note that the certificate's common name field may not be present, or may be inadequate to describe the certificate; for display purposes, - you should consider using SecCertificateCopySubjectSummary instead of this function. -*/ -OSStatus SecCertificateCopyCommonName(SecCertificateRef certificate, CFStringRef * __nonnull CF_RETURNS_RETAINED commonName) - __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA); - -/*! - @function SecCertificateCopySubjectSummary - @abstract Returns a simple string which hopefully represents a human understandable summary. - @param certificate A reference to the certificate from which to derive the subject summary string. - @result On return, a reference to the subject summary string. Your code must release this reference by calling the CFRelease function. - @discussion All the data in this string comes from the certificate itself, and thus it's in whatever language the certificate itself is in. -*/ -CFStringRef SecCertificateCopySubjectSummary(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - -/*! - @function SecCertificateCopyEmailAddresses - @abstract Returns an array of zero or more email addresses for the subject of a given certificate. - @param certificate A reference to the certificate from which to retrieve the email addresses. - @param emailAddresses On return, an array of zero or more CFStringRef elements corresponding to each email address found. - Your code must release this array reference by calling the CFRelease function. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecCertificateCopyEmailAddresses(SecCertificateRef certificate, CFArrayRef * __nonnull CF_RETURNS_RETAINED emailAddresses) - __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA); - -/*! - @function SecCertificateCopyPreference - @abstract Returns the preferred certificate for the specified name and key usage. If a preferred certificate does not exist for the specified name and key usage, NULL is returned. - @param name A string containing an email address (RFC822) or other name for which a preferred certificate is requested. - @param keyUsage A CSSM_KEYUSE key usage value, as defined in cssmtype.h. Pass 0 to ignore this parameter. - @param certificate On return, a reference to the preferred certificate, or NULL if none was found. You are responsible for releasing this reference by calling the CFRelease function. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function will typically be used to obtain the preferred encryption certificate for an email recipient. - This API is deprecated in 10.7. Please use the SecCertificateCopyPreferred API instead. -*/ -OSStatus SecCertificateCopyPreference(CFStringRef name, uint32 keyUsage, SecCertificateRef * __nonnull CF_RETURNS_RETAINED certificate) - DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; - -/*! - @function SecCertificateCopyPreferred - @abstract Returns the preferred certificate for the specified name and key usage. If a preferred certificate does not exist for the specified name and key usage, NULL is returned. - @param name A string containing an email address (RFC822) or other name for which a preferred certificate is requested. - @param keyUsage A CFArrayRef value, containing items defined in SecItem.h Pass NULL to ignore this parameter. (kSecAttrCanEncrypt, kSecAttrCanDecrypt, kSecAttrCanDerive, kSecAttrCanSign, kSecAttrCanVerify, kSecAttrCanWrap, kSecAttrCanUnwrap) - @result On return, a reference to the preferred certificate, or NULL if none was found. You are responsible for releasing this reference by calling the CFRelease function. - @discussion This function will typically be used to obtain the preferred encryption certificate for an email recipient. If a preferred certificate has not been set - for the supplied name, the returned reference will be NULL. Your code should then perform a search for possible certificates, using the SecItemCopyMatching API. - */ -__nullable -SecCertificateRef SecCertificateCopyPreferred(CFStringRef name, CFArrayRef __nullable keyUsage) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); - -/*! - @function SecCertificateSetPreference - @abstract Sets the preferred certificate for a specified name, key usage, and date. - @param certificate A reference to the certificate which will be preferred. - @param name A string containing an email address (RFC822) or other name for which a preferred certificate will be associated. - @param keyUsage A CSSM_KEYUSE key usage value, as defined in cssmtype.h. Pass 0 to avoid specifying a particular key usage. - @param date (optional) A date reference. If supplied, the preferred certificate will be changed only if this date is later than the currently saved setting. Pass NULL if this preference should not be restricted by date. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function will typically be used to set the preferred encryption certificate for an email recipient, either manually (when encrypting email to a recipient) or automatically upon receipt of encrypted email. - This API is deprecated in 10.7. Plese use the SecCertificateSetPreferred API instead. -*/ -OSStatus SecCertificateSetPreference(SecCertificateRef certificate, CFStringRef name, uint32 keyUsage, CFDateRef __nullable date) - __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA); - -/*! - @function SecCertificateSetPreferred - @abstract Sets the preferred certificate for a specified name and optional key usage. - @param certificate A reference to the preferred certificate. If NULL is passed, any existing preference for the specified name is cleared instead. - @param name A string containing an email address (RFC822) or other name for which a preferred certificate will be associated. - @param keyUsage A CFArrayRef value, containing items defined in SecItem.h Pass NULL to ignore this parameter. (kSecAttrCanEncrypt, kSecAttrCanDecrypt, kSecAttrCanDerive, kSecAttrCanSign, kSecAttrCanVerify, kSecAttrCanWrap, kSecAttrCanUnwrap) - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function will typically be used to set the preferred encryption certificate for an email recipient, either manually (when encrypting email to a recipient) - or automatically upon receipt of encrypted email. -*/ -OSStatus SecCertificateSetPreferred(SecCertificateRef __nullable certificate, CFStringRef name, CFArrayRef __nullable keyUsage) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); - -/*! - @typedef SecKeyUsage - @abstract Flags to indicate key usages in the KeyUsage extension of a certificate - @constant kSecKeyUsageUnspecified No KeyUsage extension in certificate. - @constant kSecKeyUsageDigitalSignature DigitalSignature bit set in KeyUsage extension. - @constant kSecKeyUsageNonRepudiation NonRepudiation bit set in KeyUsage extension. - @constant kSecKeyUsageContentCommitment ContentCommitment bit set in KeyUsage extension. - @constant kSecKeyUsageKeyEncipherment KeyEncipherment bit set in KeyUsage extension. - @constant kSecKeyUsageDataEncipherment DataEncipherment bit set in KeyUsage extension. - @constant kSecKeyUsageKeyAgreement KeyAgreement bit set in KeyUsage extension. - @constant kSecKeyUsageKeyCertSign KeyCertSign bit set in KeyUsage extension. - @constant kSecKeyUsageCRLSign CRLSign bit set in KeyUsage extension. - @constant kSecKeyUsageEncipherOnly EncipherOnly bit set in KeyUsage extension. - @constant kSecKeyUsageDecipherOnly DecipherOnly bit set in KeyUsage extension. - @constant kSecKeyUsageCritical KeyUsage extension is marked critical. - @constant kSecKeyUsageAll For masking purposes, all SecKeyUsage values. - */ -typedef CF_OPTIONS(uint32_t, SecKeyUsage) { - kSecKeyUsageUnspecified = 0, - kSecKeyUsageDigitalSignature = 1 << 0, - kSecKeyUsageNonRepudiation = 1 << 1, - kSecKeyUsageContentCommitment= 1 << 1, - kSecKeyUsageKeyEncipherment = 1 << 2, - kSecKeyUsageDataEncipherment = 1 << 3, - kSecKeyUsageKeyAgreement = 1 << 4, - kSecKeyUsageKeyCertSign = 1 << 5, - kSecKeyUsageCRLSign = 1 << 6, - kSecKeyUsageEncipherOnly = 1 << 7, - kSecKeyUsageDecipherOnly = 1 << 8, - kSecKeyUsageCritical = 1 << 31, - kSecKeyUsageAll = 0x7FFFFFFF -}; - -/*! - @enum kSecPropertyKey - @abstract Constants used to access dictionary entries returned by SecCertificateCopyValues - @constant kSecPropertyKeyType The type of the entry - @constant kSecPropertyKeyLabel The label of the entry - @constant kSecPropertyKeyLocalizedLabel The localized label of the entry - @constant kSecPropertyKeyValue The value of the entry - */ - -extern const CFStringRef kSecPropertyKeyType __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecPropertyKeyLabel __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecPropertyKeyLocalizedLabel __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecPropertyKeyValue __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); - -/*! - @enum kSecPropertyType - @abstract Public Constants for property list values returned by SecCertificateCopyValues - @discussion Note that kSecPropertyTypeTitle and kSecPropertyTypeError are defined in SecTrust.h -*/ -extern const CFStringRef kSecPropertyTypeWarning __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecPropertyTypeSuccess __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecPropertyTypeSection __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecPropertyTypeData __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecPropertyTypeString __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecPropertyTypeURL __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecPropertyTypeDate __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); - -/*! - @function SecCertificateCopyValues - @abstract Creates a dictionary that represents a certificate's contents. - @param certificate The certificate from which to get values - @param keys An array of string OID values, or NULL. If present, this is - the subset of values from the certificate to return. If NULL, - all values will be returned. Only OIDs that are top level keys - in the returned dictionary can be specified. Unknown OIDs are - ignored. - @param error An optional pointer to a CFErrorRef. This value is - set if an error occurred. If not NULL the caller is - responsible for releasing the CFErrorRef. - @discussion The keys array will contain all of the keys used in the - returned dictionary. The top level keys in the returned - dictionary are OIDs, many of which are found in SecCertificateOIDs.h. - Each entry that is returned is itself a dictionary with four - entries, whose keys are kSecPropertyKeyType, kSecPropertyKeyLabel, - kSecPropertyKeyLocalizedLabel, kSecPropertyKeyValue. The label - entries may contain a descriptive (localized) string, or an - OID string. The kSecPropertyKeyType describes the type in the - value entry. The value entry may be any CFType, although it - is usually a CFStringRef, CFArrayRef or a CFDictionaryRef. -*/ -__nullable -CFDictionaryRef SecCertificateCopyValues(SecCertificateRef certificate, CFArrayRef __nullable keys, CFErrorRef *error) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); - -/*! - @enum Transform Key Value Constants - @discussion Predefined values for the kSecTransformAttrCertificateUsage attribute. - - - kSecCertificateUsageSigning - kSecCertificateUsageSigningAndEncrypting - kSecCertificateUsageDeriveAndSign - -*/ - -extern const CFStringRef kSecCertificateUsageSigning __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecCertificateUsageSigningAndEncrypting __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecCertificateUsageDeriveAndSign __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); - -/*! - @function SecCertificateCopyLongDescription - @abstract Return the long description of a certificate - @param alloc The CFAllocator which should be used to allocate - memory for the dictionary and its storage for values. This - parameter may be NULL in which case the current default - CFAllocator is used. If this reference is not a valid - CFAllocator, the behavior is undefined. - @param certificate The certificate from which to retrieve the long description - @param error An optional pointer to a CFErrorRef. This value is - set if an error occurred. If not NULL the caller is - responsible for releasing the CFErrorRef. - @result A CFStringRef of the long description or NULL. If NULL and the error - parameter is supplied the error will be returned in the error parameter - @discussion Note that the format of this string may change in the future -*/ - -__nullable -CFStringRef SecCertificateCopyLongDescription(CFAllocatorRef __nullable alloc, SecCertificateRef certificate, CFErrorRef *error) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); - -/*! - @function SecCertificateCopyShortDescription - @abstract Return the short description of a certificate - @param alloc The CFAllocator which should be used to allocate - memory for the dictionary and its storage for values. This - parameter may be NULL in which case the current default - CFAllocator is used. If this reference is not a valid - CFAllocator, the behavior is undefined. - @param certificate The certificate from which to retrieve the short description - @param error An optional pointer to a CFErrorRef. This value is - set if an error occurred. If not NULL the caller is - responsible for releasing the CFErrorRef. - @result A CFStringRef of the short description or NULL. If NULL and the error - parameter is supplied the error will be returned in the error parameter - @discussion Note that the format of this string may change in the future -*/ - -__nullable -CFStringRef SecCertificateCopyShortDescription(CFAllocatorRef __nullable alloc, SecCertificateRef certificate, CFErrorRef *error) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); - -/*! - @function SecCertificateCopySerialNumber - @abstract Return the certificate's serial number. - @param certificate The certificate from which to get values - @param error An optional pointer to a CFErrorRef. This value is - set if an error occurred. If not NULL the caller is - responsible for releasing the CFErrorRef. - @discussion Return the content of a DER-encoded integer (without the - tag and length fields) for this certificate's serial - number. The caller must CFRelease the value returned. -*/ - -__nullable -CFDataRef SecCertificateCopySerialNumber(SecCertificateRef certificate, CFErrorRef *error) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); - -/*! - @function SecCertificateCopyNormalizedIssuerContent - @abstract Return the certificate's normalized issuer - @param certificate The certificate from which to get values - @param error An optional pointer to a CFErrorRef. This value is - set if an error occurred. If not NULL the caller is - responsible for releasing the CFErrorRef. - @discussion The issuer is a sequence in the format used by - SecItemCopyMatching. The content returned is a DER-encoded - X.509 distinguished name. For a display version of the issuer, - call SecCertificateCopyValues. The caller must CFRelease - the value returned. -*/ - -__nullable -CFDataRef SecCertificateCopyNormalizedIssuerContent(SecCertificateRef certificate, CFErrorRef *error) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); - -/*! - @function SecCertificateCopyNormalizedSubjectContent - @abstract Return the certificate's normalized subject - @param certificate The certificate from which to get values - @param error An optional pointer to a CFErrorRef. This value is - set if an error occurred. If not NULL the caller is - responsible for releasing the CFErrorRef. - @discussion The subject is a sequence in the format used by - SecItemCopyMatching. The content returned is a DER-encoded - X.509 distinguished name. For a display version of the subject, - call SecCertificateCopyValues. The caller must CFRelease - the value returned. -*/ - -__nullable -CFDataRef SecCertificateCopyNormalizedSubjectContent(SecCertificateRef certificate, CFErrorRef *error) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); - -CF_IMPLICIT_BRIDGING_DISABLED -CF_ASSUME_NONNULL_END - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECCERTIFICATE_H_ */ diff --git a/OSX/libsecurity_keychain/lib/SecCertificateP.c b/OSX/libsecurity_keychain/lib/SecCertificateP.c index b6f064f0..87accb37 100644 --- a/OSX/libsecurity_keychain/lib/SecCertificateP.c +++ b/OSX/libsecurity_keychain/lib/SecCertificateP.c @@ -55,7 +55,7 @@ #include #include #include -#include "SecInternalP.h" +#include "SecInternal.h" #include "SecBase64P.h" #include @@ -216,13 +216,13 @@ static CFTypeID kSecCertificateTypeID = _kCFRuntimeNotATypeID; static CFDictionaryRef gExtensionParsers; /* Forward declartions of static functions. */ -static CFStringRef SecCertificateDescribe(CFTypeRef cf); +static CFStringRef SecCertificateCopyDescription(CFTypeRef cf); static void SecCertificateDestroy(CFTypeRef cf); static bool derDateGetAbsoluteTime(const DERItem *dateChoice, CFAbsoluteTime *absTime); /* Static functions. */ -static CFStringRef SecCertificateDescribe(CFTypeRef cf) { +static CFStringRef SecCertificateCopyDescription(CFTypeRef cf) { SecCertificateRefP certificate = (SecCertificateRefP)cf; return CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR(""), certificate, @@ -723,7 +723,8 @@ static void SecCEPCertificatePolicies(SecCertificateRefP certificate, require_quiet(drtn == DR_EndOfSequence, badDER); policies = (SecCEPolicyInformation *)malloc(sizeof(SecCEPolicyInformation) * policy_count); - DERDecodeSeqInit(&extn->extnValue, &tag, &piSeq); + drtn = DERDecodeSeqInit(&extn->extnValue, &tag, &piSeq); + require_noerr_quiet(drtn, badDER); DERSize policy_ix = 0; while ((policy_ix < (policy_count > 0 ? policy_count : 1)) && (drtn = DERDecodeSeqNext(&piSeq, &piContent)) == DR_Success) { @@ -773,7 +774,8 @@ static void SecCEPPolicyMappings(SecCertificateRefP certificate, } mappings = (SecCEPolicyMapping *)malloc(sizeof(SecCEPolicyMapping) * mapping_count); - DERDecodeSeqInit(&extn->extnValue, &tag, &pmSeq); + drtn = DERDecodeSeqInit(&extn->extnValue, &tag, &pmSeq); + require_noerr_quiet(drtn, badDER); DERSize mapping_ix = 0; while ((drtn = DERDecodeSeqNext(&pmSeq, &pmContent)) == DR_Success) { DERPolicyMapping pm; @@ -805,6 +807,7 @@ static void SecCEPPolicyMappings(SecCertificateRefP certificate, DERTag tag; DERSequence pmSeq; CFMutableDictionaryRef mappings = NULL; + CFDataRef idp = NULL, sdp = NULL; DERReturn drtn = DERDecodeSeqInit(&extn->extnValue, &tag, &pmSeq); require_noerr_quiet(drtn, badDER); require_quiet(tag == ASN1_CONSTR_SEQUENCE, badDER); @@ -820,7 +823,7 @@ static void SecCEPPolicyMappings(SecCertificateRefP certificate, DERPolicyMappingItemSpecs, &pm, sizeof(pm)); require_noerr_quiet(drtn, badDER); - CFDataRef idp, sdp; + require_quiet(idp = CFDataCreate(kCFAllocatorDefault, pm.issuerDomainPolicy.data, pm.issuerDomainPolicy.length), badDER); require_quiet(sdp = CFDataCreate(kCFAllocatorDefault, @@ -835,11 +838,15 @@ static void SecCEPPolicyMappings(SecCertificateRefP certificate, CFDictionarySetValue(mappings, idp, sdps); CFRelease(sdps); } + CFReleaseNull(idp); + CFReleaseNull(sdp); } require_quiet(drtn == DR_EndOfSequence, badDER); certificate->_policyMappings = mappings; return; badDER: + CFReleaseNull(idp); + CFReleaseNull(sdp); CFReleaseSafe(mappings); certificate->_policyMappings = NULL; secinfo("cert", "Invalid CertificatePolicies Extension"); @@ -1005,7 +1012,6 @@ static void SecCEPAuthorityInfoAccess(SecCertificateRefP certificate, secinfo("cert", "bad general name for id-ad-ocsp AccessDescription t: 0x%02llx v: %.*s", generalNameContent.tag, (int)generalNameContent.content.length, generalNameContent.content.data); goto badDER; - break; } } require_quiet(drtn == DR_EndOfSequence, badDER); @@ -1066,7 +1072,7 @@ static void SecCertificateRegisterClass(void) { SecCertificateEqual, /* equal */ SecCertificateHash, /* hash */ NULL, /* copyFormattingDesc */ - SecCertificateDescribe /* copyDebugDesc */ + SecCertificateCopyDescription /* copyDebugDesc */ }; kSecCertificateTypeID = _CFRuntimeRegisterClass(&kSecCertificateClass); @@ -2195,7 +2201,7 @@ static void appendDERThingProperty(CFMutableArrayRef properties, CFStringRef value = copyDERThingDescription(CFGetAllocator(properties), derThing, false); appendPropertyP(properties, kSecPropertyTypeString, label, value); - CFRelease(value); + CFReleaseSafe(value); } static OSStatus appendRDNProperty(void *context, const DERItem *rdnType, @@ -2597,7 +2603,6 @@ static bool appendGeneralNameContentProperty(CFMutableArrayRef properties, break; default: goto badDER; - break; } return true; badDER: diff --git a/OSX/libsecurity_keychain/lib/SecCertificateP.h b/OSX/libsecurity_keychain/lib/SecCertificateP.h index d744ad49..da8fc8ca 100644 --- a/OSX/libsecurity_keychain/lib/SecCertificateP.h +++ b/OSX/libsecurity_keychain/lib/SecCertificateP.h @@ -54,7 +54,7 @@ CFTypeID SecCertificateGetTypeIDP(void) @function SecCertificateCreateWithDataP @abstract Create a certificate given it's DER representation as a CFData. @param allocator CFAllocator to allocate the certificate with. - @param certificate DER encoded X.509 certificate. + @param data DER encoded X.509 certificate. @result Return NULL if the passed-in data is not a valid DER-encoded X.509 certificate, return a SecCertificateRef otherwise. */ @@ -100,7 +100,7 @@ bool SecCertificateIsValidP(SecCertificateRefP certificate, CFAbsoluteTime verif @function SecCertificateCopyPublicKeySHA1DigestFromCertificateData @abstract Returns the SHA1 hash of the public key of a certificate or NULL @param allocator CFAllocator to allocate the certificate with. - @param certificate DER encoded X.509 certificate. + @param der_certificate DER encoded X.509 certificate. @result SHA1 hash of the public key of a certificate or NULL */ CFDataRef SecCertificateCopyPublicKeySHA1DigestFromCertificateData(CFAllocatorRef allocator, diff --git a/OSX/libsecurity_keychain/lib/SecCertificatePriv.h b/OSX/libsecurity_keychain/lib/SecCertificatePriv.h deleted file mode 100644 index 3e36b135..00000000 --- a/OSX/libsecurity_keychain/lib/SecCertificatePriv.h +++ /dev/null @@ -1,402 +0,0 @@ -/* - * Copyright (c) 2002-2004,2011-2016 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -#ifndef _SECURITY_SECCERTIFICATEPRIV_H_ -#define _SECURITY_SECCERTIFICATEPRIV_H_ - -#include -#include -#include -#include -#include -#include -#include -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -typedef CF_ENUM(uint32_t, SecCertificateEscrowRootType) { - kSecCertificateBaselineEscrowRoot = 0, - kSecCertificateProductionEscrowRoot = 1, - kSecCertificateBaselinePCSEscrowRoot = 2, - kSecCertificateProductionPCSEscrowRoot = 3, - kSecCertificateBaselineEscrowBackupRoot = 4, // v100 and v101 - kSecCertificateProductionEscrowBackupRoot = 5, - kSecCertificateBaselineEscrowEnrollmentRoot = 6, // v101 only - kSecCertificateProductionEscrowEnrollmentRoot = 7, -}; - -extern const CFStringRef kSecCertificateProductionEscrowKey; -extern const CFStringRef kSecCertificateProductionPCSEscrowKey; -extern const CFStringRef kSecCertificateEscrowFileName; - - -/* Given a unified SecCertificateRef, return a copy with a legacy - C++ ItemImpl-based Certificate instance. Only for internal use; - legacy references cannot be used by SecCertificate API functions. */ -SecCertificateRef SecCertificateCreateItemImplInstance(SecCertificateRef certificate); - -/* Inverse of above; convert legacy Certificate instance to new ref. */ -SecCertificateRef SecCertificateCreateFromItemImplInstance(SecCertificateRef certificate); - -/* Convenience function to determine type of certificate instance. */ -Boolean SecCertificateIsItemImplInstance(SecCertificateRef certificate); - - -/* Given a legacy C++ ItemImpl-based Certificate instance obtained with - SecCertificateCreateItemImplInstance, return its clHandle pointer. - Only for internal use. */ -OSStatus SecCertificateGetCLHandle_legacy(SecCertificateRef certificate, CSSM_CL_HANDLE *clHandle); - -/* Return a certificate for the DER representation of this certificate. - Return NULL if the passed-in data is not a valid DER-encoded X.509 - certificate. */ -SecCertificateRef SecCertificateCreateWithBytes(CFAllocatorRef allocator, - const UInt8 *bytes, CFIndex length); - -/* Returns a certificate from a pem blob. - Return NULL if the passed-in data is not a valid DER-encoded X.509 - certificate. */ -SecCertificateRef SecCertificateCreateWithPEM(CFAllocatorRef allocator, - CFDataRef pem_certificate); - -/* Return the length of the DER representation of this certificate. */ -CFIndex SecCertificateGetLength(SecCertificateRef certificate); - -/* Return the bytes of the DER representation of this certificate. */ -const UInt8 *SecCertificateGetBytePtr(SecCertificateRef certificate); - -/* Return the SHA-1 hash of this certificate. */ -CFDataRef SecCertificateGetSHA1Digest(SecCertificateRef certificate); - -/* Return the SHA-256 hash of this certificate. */ -CFDataRef SecCertificateCopySHA256Digest(SecCertificateRef certificate); - -/* Return the SHA-1 hash of the public key in this certificate. */ -CFDataRef SecCertificateCopyPublicKeySHA1Digest(SecCertificateRef certificate); - -/* Return the SHA-1 hash of the SubjectPublicKeyInfo sequence in this certificate. */ -CFDataRef SecCertificateCopySubjectPublicKeyInfoSHA1Digest(SecCertificateRef certificate); - -/* Return the SHA-256 hash of the SubjectPublicKeyInfo sequence in this certificate. */ -CFDataRef SecCertificateCopySubjectPublicKeyInfoSHA256Digest(SecCertificateRef certificate); - -/* Deprecated; use SecCertificateCopyCommonName() instead. */ -OSStatus SecCertificateGetCommonName(SecCertificateRef certificate, CFStringRef *commonName); - -/* Deprecated; use SecCertificateCopyEmailAddresses() instead. */ -/* This should have been Copy instead of Get since the returned address is not autoreleased. */ -OSStatus SecCertificateGetEmailAddress(SecCertificateRef certificate, CFStringRef *emailAddress); - -/* Return an array of CFStringRefs representing the dns addresses in the - certificate if any. */ -CFArrayRef SecCertificateCopyDNSNames(SecCertificateRef certificate); - -/* Return an array of CFStringRefs representing the NTPrincipalNames in the - certificate if any. */ -CFArrayRef SecCertificateCopyNTPrincipalNames(SecCertificateRef certificate); - -/* Create a unified SecCertificateRef from a legacy keychain item and its data. */ -SecCertificateRef SecCertificateCreateWithKeychainItem(CFAllocatorRef allocator, - CFDataRef der_certificate, CFTypeRef keychainItem); - -/* Set a legacy item instance for a unified SecCertificateRef. */ -OSStatus SecCertificateSetKeychainItem(SecCertificateRef certificate, - CFTypeRef keychain_item); - -/* Return a keychain item reference, given a unified SecCertificateRef. - Note: for this function to succeed, the provided certificate must have been - created by SecCertificateCreateWithKeychainItem, otherwise NULL is returned. - */ -CFTypeRef SecCertificateCopyKeychainItem(SecCertificateRef certificate); - -/*! - @function SecCertificateCopyIssuerSummary - @abstract Return a simple string which hopefully represents a human understandable issuer. - @param certificate SecCertificate object created with SecCertificateCreateWithData(). - @discussion All the data in this string comes from the certificate itself - and thus it's in whatever language the certificate itself is in. - @result A CFStringRef which the caller should CFRelease() once it's no longer needed. -*/ -CFStringRef SecCertificateCopyIssuerSummary(SecCertificateRef certificate); - -/* Return a string formatted according to RFC 2253 representing the complete - subject of certificate. */ -CFStringRef SecCertificateCopySubjectString(SecCertificateRef certificate); - -CFMutableArrayRef SecCertificateCopySummaryProperties( - SecCertificateRef certificate, CFAbsoluteTime verifyTime); - -/* - * Private API to infer a display name for a SecCertificateRef which - * may or may not be in a keychain. - */ -OSStatus SecCertificateInferLabel(SecCertificateRef certificate, CFStringRef *label); - -/* - * Subset of the above, useful for both certs and CRLs. - * Infer printable label for a given an CSSM_X509_NAME. Returns NULL - * if no appropriate printable name found. - */ -const CSSM_DATA *SecInferLabelFromX509Name( - const CSSM_X509_NAME *x509Name); - -/* Accessors for fields in the cached certificate */ - -/*! - @function SecCertificateCopyFieldValues - @abstract Retrieves the values for a particular field in a given certificate. - @param certificate A valid SecCertificateRef to the certificate. - @param field Pointer to the OID whose values should be returned. - @param fieldValues On return, a zero terminated list of CSSM_DATA_PTR's. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion Return a zero terminated list of CSSM_DATA_PTR's with the - values of the field specified by field. Caller must call - SecCertificateReleaseFieldValues to free the storage allocated by this call. -*/ -OSStatus SecCertificateCopyFieldValues(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR **fieldValues); - -/*! - @function SecCertificateReleaseFieldValues - @abstract Release the storage associated with the values returned by SecCertificateCopyFieldValues. - @param certificate A valid SecCertificateRef to the certificate. - @param field Pointer to the OID whose values were returned by SecCertificateCopyFieldValues. - @param fieldValues Pointer to a zero terminated list of CSSM_DATA_PTR's. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion Release the storage associated with the values returned by SecCertificateCopyFieldValues. -*/ -OSStatus SecCertificateReleaseFieldValues(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR *fieldValues); - -/*! - @function SecCertificateCopyFirstFieldValue - @abstract Return a CSSM_DATA_PTR with the value of the first field specified by field. - @param certificate A valid SecCertificateRef to the certificate. - @param field Pointer to the OID whose value should be returned. - @param fieldValue On return, a CSSM_DATA_PTR to the field data. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion Return a CSSM_DATA_PTR with the value of the first field specified by field. Caller must call - SecCertificateReleaseFieldValue to free the storage allocated by this call. -*/ -OSStatus SecCertificateCopyFirstFieldValue(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR *fieldValue); - -/*! - @function SecCertificateReleaseFirstFieldValue - @abstract Release the storage associated with the values returned by SecCertificateCopyFirstFieldValue. - @param certificate A valid SecCertificateRef to the certificate. - @param field Pointer to the OID whose values were returned by SecCertificateCopyFieldValue. - @param fieldValue The field data to release. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion Release the storage associated with the values returned by SecCertificateCopyFieldValue. -*/ -OSStatus SecCertificateReleaseFirstFieldValue(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR fieldValue); - -/*! - @function SecCertificateCopySubjectComponent - @abstract Retrieves a component of the subject distinguished name of a given certificate. - @param certificate A reference to the certificate from which to retrieve the common name. - @param component A component oid naming the component desired. See . - @param result On return, a reference to the string form of the component, if present in the subject. - Your code must release this reference by calling the CFRelease function. - @result A result code. See "Security Error Codes" (SecBase.h). - */ -OSStatus SecCertificateCopySubjectComponent(SecCertificateRef certificate, const CSSM_OID *component, - CFStringRef *result); - -/* Return the DER encoded issuer sequence for the certificate's issuer. */ -CFDataRef SecCertificateCopyIssuerSequence(SecCertificateRef certificate); - -/* Return the DER encoded subject sequence for the certificate's subject. */ -CFDataRef SecCertificateCopySubjectSequence(SecCertificateRef certificate); - -#if (SECTRUST_OSX && TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE || TARGET_IPHONE_SIMULATOR)) -CFDataRef SecCertificateGetNormalizedIssuerContent(SecCertificateRef certificate); -CFDataRef SecCertificateGetNormalizedSubjectContent(SecCertificateRef certificate); -CFDataRef SecCertificateCopyNormalizedIssuerSequence(SecCertificateRef certificate); -CFDataRef SecCertificateCopyNormalizedSubjectSequence(SecCertificateRef certificate); -#endif - -/* Convenience functions for searching. -*/ - -OSStatus SecCertificateFindByIssuerAndSN(CFTypeRef keychainOrArray, const CSSM_DATA *issuer, - const CSSM_DATA *serialNumber, SecCertificateRef *certificate); - -OSStatus SecCertificateFindBySubjectKeyID(CFTypeRef keychainOrArray, const CSSM_DATA *subjectKeyID, - SecCertificateRef *certificate); - -OSStatus SecCertificateFindByEmail(CFTypeRef keychainOrArray, const char *emailAddress, - SecCertificateRef *certificate); - - -/* These should go to SecKeychainSearchPriv.h. */ -OSStatus SecKeychainSearchCreateForCertificateByIssuerAndSN(CFTypeRef keychainOrArray, const CSSM_DATA *issuer, - const CSSM_DATA *serialNumber, SecKeychainSearchRef *searchRef); - -OSStatus SecKeychainSearchCreateForCertificateByIssuerAndSN_CF(CFTypeRef keychainOrArray, CFDataRef issuer, - CFDataRef serialNumber, SecKeychainSearchRef *searchRef); - -OSStatus SecKeychainSearchCreateForCertificateBySubjectKeyID(CFTypeRef keychainOrArray, const CSSM_DATA *subjectKeyID, - SecKeychainSearchRef *searchRef); - -OSStatus SecKeychainSearchCreateForCertificateByEmail(CFTypeRef keychainOrArray, const char *emailAddress, - SecKeychainSearchRef *searchRef); - -/* Convenience function for generating digests; should be moved elsewhere. */ -CSSM_RETURN SecDigestGetData(CSSM_ALGORITHMS alg, CSSM_DATA* digest, const CSSM_DATA* data); - -/* Return true iff certificate is valid as of verifyTime. */ -/* DEPRECATED: Use SecCertificateIsValid instead. */ -bool SecCertificateIsValidX(SecCertificateRef certificate, CFAbsoluteTime verifyTime) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_7, __MAC_10_9, __IPHONE_NA, __IPHONE_NA); - -/*! - @function SecCertificateIsValid - @abstract Check certificate validity on a given date. - @param certificate A certificate reference. - @result Returns true if the specified date falls within the certificate's validity period, false otherwise. -*/ -bool SecCertificateIsValid(SecCertificateRef certificate, CFAbsoluteTime verifyTime) - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_2_0); - -/*! - @function SecCertificateNotValidBefore - @abstract Obtain the starting date of the given certificate. - @param certificate A certificate reference. - @result Returns the absolute time at which the given certificate becomes valid, - or 0 if this value could not be obtained. -*/ -CFAbsoluteTime SecCertificateNotValidBefore(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_2_0); - -/*! - @function SecCertificateNotValidAfter - @abstract Obtain the expiration date of the given certificate. - @param certificate A certificate reference. - @result Returns the absolute time at which the given certificate expires, - or 0 if this value could not be obtained. -*/ -CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_2_0); - -/*! - @function SecCertificateIsSelfSigned - @abstract Determine if the given certificate is self-signed. - @param certRef A certificate reference. - @param isSelfSigned Will be set to true on return if the certificate is self-signed, false otherwise. - @result A result code. Returns errSecSuccess if the certificate's status can be determined. -*/ -OSStatus SecCertificateIsSelfSigned(SecCertificateRef certRef, Boolean *isSelfSigned) - __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_9_0); - -/*! - @function SecCertificateIsSelfSignedCA - @abstract Determine if the given certificate is self-signed and has a basic - constraints extension indicating it is a certificate authority. - @param certificate A certificate reference. - @result Returns true if the certificate is self-signed and has a basic - constraints extension indicating it is a certificate authority, otherwise false. -*/ -bool SecCertificateIsSelfSignedCA(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0); - -/*! - @function SecCertificateIsCA - @abstract Determine if the given certificate has a basic - constraints extension indicating it is a certificate authority. - @param certificate A certificate reference. - @result Returns true if the certificate has a basic constraints - extension indicating it is a certificate authority, otherwise false. -*/ -bool SecCertificateIsCA(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0); - -/*! - @function SecCertificateCopyEscrowRoots - @abstract Retrieve the array of valid escrow certificates for a given root type. - @param escrowRootType An enumerated type indicating which root type to return. - @result An array of zero or more escrow certificates matching the provided type. -*/ -CFArrayRef SecCertificateCopyEscrowRoots(SecCertificateEscrowRootType escrowRootType) - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); - -/* Return an attribute dictionary used to store this item in a keychain. */ -CFDictionaryRef SecCertificateCopyAttributeDictionary(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); - -/* - * Enumerated constants for signature hash algorithms. - */ -typedef uint32_t SecSignatureHashAlgorithm; -enum { - kSecSignatureHashAlgorithmUnknown = 0, - kSecSignatureHashAlgorithmMD2 = 1, - kSecSignatureHashAlgorithmMD4 = 2, - kSecSignatureHashAlgorithmMD5 = 3, - kSecSignatureHashAlgorithmSHA1 = 4, - kSecSignatureHashAlgorithmSHA224 = 5, - kSecSignatureHashAlgorithmSHA256 = 6, - kSecSignatureHashAlgorithmSHA384 = 7, - kSecSignatureHashAlgorithmSHA512 = 8 -}; - -/*! - @function SecCertificateGetSignatureHashAlgorithm - @abstract Determine the hash algorithm used in a certificate's signature. - @param certificate A certificate reference. - @result Returns an enumerated value indicating the signature hash algorithm - used in a certificate. If the hash algorithm is unsupported or cannot be - obtained (e.g. because the supplied certificate reference is invalid), a - value of 0 (kSecSignatureHashAlgorithmUnknown) is returned. -*/ -SecSignatureHashAlgorithm SecCertificateGetSignatureHashAlgorithm(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); - -/*! - @function SecCertificateCopyProperties - @abstract Return a property array for this trust certificate. - @param certificate A reference to the certificate to evaluate. - @result A property array. It is the caller's responsability to CFRelease - the returned array when it is no longer needed. - See SecTrustCopySummaryPropertiesAtIndex on how to intepret this array. - Unlike that function call this function returns a detailed description - of the certificate in question. -*/ -CFArrayRef SecCertificateCopyProperties(SecCertificateRef certificate); - -CFDataRef SecCertificateCopySubjectPublicKeyInfoSHA256Digest(SecCertificateRef certificate); - -/* Returns an array of CFDataRefs for all embedded SCTs */ -CFArrayRef SecCertificateCopySignedCertificateTimestamps(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0); - -/* Return the precert TBSCertificate DER data - used for Certificate Transparency */ -CFDataRef SecCertificateCopyPrecertTBS(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0); - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECCERTIFICATEPRIV_H_ */ diff --git a/OSX/libsecurity_keychain/lib/SecCertificateRequest.h b/OSX/libsecurity_keychain/lib/SecCertificateRequest.h deleted file mode 100644 index f4389c5c..00000000 --- a/OSX/libsecurity_keychain/lib/SecCertificateRequest.h +++ /dev/null @@ -1,191 +0,0 @@ -/* - * Copyright (c) 2002-2004,2011,2013-2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecCertificateRequest - SecCertificateRequest implements a way to issue a certificate request to a - certificate authority. -*/ - -#ifndef _SECURITY_SECCERTIFICATEREQUEST_H_ -#define _SECURITY_SECCERTIFICATEREQUEST_H_ - -#include -#include - - -#if defined(__cplusplus) -extern "C" { -#endif - -struct SecCertificateRequestAttribute /* for optional oids */ -{ - CSSM_OID oid; - CSSM_DATA value; -}; -typedef struct SecCertificateRequestAttribute SecCertificateRequestAttribute; - -struct SecCertificateRequestAttributeList -{ - UInt32 count; - SecCertificateRequestAttribute *attr; -}; -typedef struct SecCertificateRequestAttributeList SecCertificateRequestAttributeList; - -/*! - @typedef SecCertificateRequestRef - @abstract Contains information about a certificate request. -*/ -typedef struct OpaqueSecCertificateRequestRef *SecCertificateRequestRef; - -/*! - @function SecCertificateRequestGetTypeID - Returns the type identifier of all SecCertificateRequest instances. -*/ -CFTypeID SecCertificateRequestGetTypeID(void); - -/*! - @function SecCertificateRequestCreate - - Create a certificate request operation based on a policy and certificate - type. If a policy is not specified, one will be chosen for the caller. - Once the requeste is created, a request reference is returned. - To submit the request call SecCertificateRequestSubmit(). - - @param policy A policy. - @param certificateType The certificate type (i.e. X509, PGP, etc). - These types are in cssmtype.h - @param requestType The identifier to the type of request to submit (i.e. - issue, verify, revoke, etc.). These are defined in cssmtype.h - @param privateKeyItemRef The keychain item private key to be used for this - certificate request. The private key item must be of class type - kSecAppleKeyItemClass. - @param attributeList An optional list of OIDs for the certificate request. - @param certRequest A returned reference to the certificate request. Call CFRelease when done with this certificate request. - @result errSecSuccess 0 No error. -*/ -OSStatus SecCertificateRequestCreate( - const CSSM_OID *policy, - CSSM_CERT_TYPE certificateType, - CSSM_TP_AUTHORITY_REQUEST_TYPE requestType, - SecKeyRef privateKeyItemRef, - SecKeyRef publicKeyItemRef, - const SecCertificateRequestAttributeList* attributeList, - SecCertificateRequestRef* certRequest); - -/*! - @function SecCertificateRequestSubmit - - Submit a certificate request to be processed by the Security framework. - Once the request is submitted, an estimated time is returned indicating - when the request results can be retrieved. Once the estimated time has - elapsed, obtain the result by calling SecCertificateRequestGetResult(). - - @param certRequest A reference to the certificate request. - @param estimatedTime The number of estimated seconds before the result - can be retrieved. - @result errSecSuccess 0 No error. -*/ -OSStatus SecCertificateRequestSubmit( - SecCertificateRequestRef certRequest, - sint32* estimatedTime); - -/*! - @function SecCertificateRequestGetType - Returns the certificate request type (i.e. issue, revoke, etc) for a given - certificate request item reference. - @param certRequestRef A reference to a submitted request. - @param requestType The returned request type. - @result errSecSuccess 0 No error. -*/ -OSStatus SecCertificateRequestGetType( - SecCertificateRequestRef certRequestRef, - CSSM_TP_AUTHORITY_REQUEST_TYPE* requestType); - -/*! - @function SecCertificateRequestGetResult - Get the results of a certificate request. If the request is still - pending, the estimated time will be returned which indicates when to - call this function again. - @param certRequestRef A reference for the submitted request. - @param keychain The keychain in which to store the new certificate (for - a new cert request) and the cert request item reference. Pass NULL - to specify the default keychain. - @param estimatedTime The number of estimated seconds before the result can - be retrieved. - @param certficateRef The returned certificate reference for a - CSSM_TP_AUTHORITY_REQUEST_CERTISSUE only. All other request types return - NULL here. Call CFRelease when done with this certificate reference. - @result errSecSuccess 0 No error. -*/ -OSStatus SecCertificateRequestGetResult( - SecCertificateRequestRef certRequestRef, - SecKeychainRef keychain, - sint32* estimatedTime, - SecCertificateRef* certificateRef); - -/*! - @function SecCertificateFindRequest - Find a pending certificate request and return a reference object - for it. The search criteria is based on the input parameters. - @param policy A policy. - @param certificateType The certificate type (i.e. X509, PGP, etc). - These types are in cssmtype.h - @param requestType The identifier to the type of request to find (i.e. - issue, verify, revoke, etc.). These are defined in cssmtype.h - @param privateKeyItemRef Optional private key to be used - for the certificate request. Matches the same argument as passed to - SecCertificateRequestCreate(). - @param publicKeyItemRef Optional public key to be used - for the certificate request. Matches the same argument as passed to - SecCertificateRequestCreate(). - @param attributeList An optional list of OID/value pairs for finding the - certificate request. - @param certRequest A returned reference to the certificate request. Call CFRelease when done with this reference. -*/ -OSStatus SecCertificateFindRequest( - const CSSM_OID *policy, - CSSM_CERT_TYPE certificateType, - CSSM_TP_AUTHORITY_REQUEST_TYPE requestType, - SecKeyRef privateKeyItemRef, - SecKeyRef publicKeyItemRef, - const SecCertificateRequestAttributeList* attributeList, - SecCertificateRequestRef* certRequest); - -/*! - @function SecCertificateRequestGetData - Get policy-specific data following a SecCertificateRequestSubmit. - @param certRequestRef A reference for the submitted request. - @param data Policy-specific data. - @result errSecSuccess 0 No error. -*/ - -OSStatus SecCertificateRequestGetData( - SecCertificateRequestRef certRequestRef, - CSSM_DATA *data); - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECCERTIFICATEREQUEST_H_ */ diff --git a/OSX/libsecurity_keychain/lib/SecExport.cpp b/OSX/libsecurity_keychain/lib/SecExport.cpp index 2e836255..6473cf15 100644 --- a/OSX/libsecurity_keychain/lib/SecExport.cpp +++ b/OSX/libsecurity_keychain/lib/SecExport.cpp @@ -23,7 +23,7 @@ * SecExport.cpp - high-level facility for exporting Sec layer objects. */ -#include "SecImportExport.h" +#include #include "SecImportExportAgg.h" #include "SecImportExportPem.h" #include "SecExternalRep.h" diff --git a/OSX/libsecurity_keychain/lib/SecExternalRep.h b/OSX/libsecurity_keychain/lib/SecExternalRep.h index 5c38e106..a513dde8 100644 --- a/OSX/libsecurity_keychain/lib/SecExternalRep.h +++ b/OSX/libsecurity_keychain/lib/SecExternalRep.h @@ -27,7 +27,7 @@ #ifndef _SECURITY_SEC_EXTERNAL_REP_H_ #define _SECURITY_SEC_EXTERNAL_REP_H_ -#include "SecImportExport.h" +#include /* * mechanism to limit private key import diff --git a/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.cpp b/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.cpp index c7d2d855..844a1e1a 100644 --- a/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.cpp +++ b/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.cpp @@ -136,7 +136,7 @@ CFDataRef decodePrivateKeyHeader(SecKeychainRef keychain, const FVPrivateKeyHead CSSM_CC_HANDLE cc = 0; SecKeychainSearchRef _searchRef; - throwIfError(SecKeychainSearchCreateFromAttributes(keychain, CSSM_DL_DB_RECORD_PRIVATE_KEY, &attrList, &_searchRef)); + throwIfError(SecKeychainSearchCreateFromAttributes(keychain, (SecItemClass) CSSM_DL_DB_RECORD_PRIVATE_KEY, &attrList, &_searchRef)); CFRef searchRef(_searchRef); SecKeychainItemRef _item; diff --git a/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.h b/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.h index c97ac937..7d480cdc 100644 --- a/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.h +++ b/OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.h @@ -53,7 +53,7 @@ typedef struct int SecFDERecoveryWrapCRSKWithPubKey(const uint8_t *crsk, size_t crskLen, SecCertificateRef certificateRef, FVPrivateKeyHeader *outHeader); -CFDataRef SecFDERecoveryUnwrapCRSKWithPrivKey(SecKeychainRef keychain, +CFDataRef CF_RETURNS_RETAINED SecFDERecoveryUnwrapCRSKWithPrivKey(SecKeychainRef keychain, const FVPrivateKeyHeader *inHeader); #ifdef __cplusplus diff --git a/OSX/libsecurity_keychain/lib/SecIdentity.cpp b/OSX/libsecurity_keychain/lib/SecIdentity.cpp index adfe8b74..c870ec73 100644 --- a/OSX/libsecurity_keychain/lib/SecIdentity.cpp +++ b/OSX/libsecurity_keychain/lib/SecIdentity.cpp @@ -35,6 +35,7 @@ #include #include #include +#include #include #include @@ -128,7 +129,7 @@ SecIdentityCopyCertificate( if (itemType == SecIdentityGetTypeID()) { SecPointer certificatePtr(Identity::required(identityRef)->certificate()); Required(certificateRef) = certificatePtr->handle(); -#if SECTRUST_OSX + /* convert outgoing certificate item to a unified SecCertificateRef */ CssmData certData = certificatePtr->data(); CFDataRef data = NULL; @@ -149,16 +150,12 @@ SecIdentityCopyCertificate( if (tmpRef) { CFRelease(tmpRef); } -#endif } else if (itemType == SecCertificateGetTypeID()) { // rdar://24483382 // reconstituting a persistent identity reference could return the certificate SecCertificateRef certificate = (SecCertificateRef)identityRef; -#if !SECTRUST_OSX - SecPointer certificatePtr(Certificate::required(certificate)); - Required(certificateRef) = certificatePtr->handle(); -#else + /* convert outgoing certificate item to a unified SecCertificateRef, if needed */ if (SecCertificateIsItemImplInstance(certificate)) { *certificateRef = SecCertificateCreateFromItemImplInstance(certificate); @@ -166,7 +163,6 @@ SecIdentityCopyCertificate( else { *certificateRef = (SecCertificateRef) CFRetain(certificate); } -#endif return errSecSuccess; } else { @@ -257,19 +253,20 @@ SecIdentityCompare( return kCFCompareGreaterThan; } - BEGIN_SECAPI - - SecPointer id1(Identity::required(identity1)); - SecPointer id2(Identity::required(identity2)); - - if (id1 == id2) - return kCFCompareEqualTo; - else if (id1 < id2) - return kCFCompareLessThan; - else - return kCFCompareGreaterThan; - - END_SECAPI1(kCFCompareGreaterThan); + try { + SecPointer id1(Identity::required(identity1)); + SecPointer id2(Identity::required(identity2)); + + if (id1 == id2) + return kCFCompareEqualTo; + else if (id1 < id2) + return kCFCompareLessThan; + else + return kCFCompareGreaterThan; + } catch(...) + {} + + return kCFCompareGreaterThan; } static @@ -425,25 +422,12 @@ OSStatus _SecIdentityCopyPreferenceMatchingName( } // create identity reference, given certificate -#if SECTRUST_OSX - status = SecIdentityCreateWithCertificate(NULL, (SecCertificateRef)certItemRef, identity); -#else - try { - Item certItem = ItemImpl::required(SecKeychainItemRef(certItemRef)); - SecPointer certificate(static_cast(certItem.get())); - SecPointer identity_ptr(new Identity(keychains, certificate)); - if (certItemRef) { - CFRelease(certItemRef); // retained by identity - } - Required(identity) = identity_ptr->handle(); - } - catch (const MacOSError &err) { status=err.osStatus(); } - catch (const CommonError &err) { status=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { status=errSecAllocate; } - catch (...) { status=errSecInvalidItemRef; } -#endif + status = SecIdentityCreateWithCertificate(NULL, (SecCertificateRef)certItemRef, identity); + if (certItemRef) { + CFRelease(certItemRef); + } - return status; + return status; } SecIdentityRef SecIdentityCopyPreferred(CFStringRef name, CFArrayRef keyUsage, CFArrayRef validIssuers) @@ -485,8 +469,8 @@ OSStatus SecIdentityCopyPreference( Boolean logging = false; if (val && CFGetTypeID(val) == CFBooleanGetTypeID()) { logging = CFBooleanGetValue((CFBooleanRef)val); - CFRelease(val); } + CFReleaseNull(val); OSStatus status = errSecItemNotFound; CFArrayRef names = _SecIdentityCopyPossiblePaths(name); @@ -762,7 +746,7 @@ OSStatus SecIdentityDeletePreferenceItemWithNameAndKeyUsage( // cut things off at that point if we're still finding items (if they can't // be deleted for some reason, we'd never break out of the loop.) - OSStatus status; + OSStatus status = errSecInternalError; SecKeychainItemRef item = NULL; int count = 0, maxUsages = 12; while (++count <= maxUsages && diff --git a/OSX/libsecurity_keychain/lib/SecIdentityPriv.h b/OSX/libsecurity_keychain/lib/SecIdentityPriv.h deleted file mode 100644 index 161b65a8..00000000 --- a/OSX/libsecurity_keychain/lib/SecIdentityPriv.h +++ /dev/null @@ -1,152 +0,0 @@ -/* - * Copyright (c) 2002-2011 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -#ifndef _SECURITY_SECIDENTITYPRIV_H_ -#define _SECURITY_SECIDENTITYPRIV_H_ - -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! @function SecIdentityCreate - @abstract create a new identity object from the provided certificate and its associated private key. - @param allocator CFAllocator to allocate the identity object. Pass NULL to use the default allocator. - @param certificate A certificate reference. - @param privateKey A private key reference. - @result An identity reference. -*/ -SecIdentityRef SecIdentityCreate( - CFAllocatorRef allocator, - SecCertificateRef certificate, - SecKeyRef privateKey) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_NA); - -/*! - @function SecIdentityCompare - @abstract Compares two SecIdentityRef instances for equality. - @param identity1 An identity reference. - @param identity2 An identity reference. - @param compareOptions A value containing option flags. Currently there are no compare options, so 0 should be passed for this parameter. - @result An enumerated value of type CFComparisonResult. See CFBase.h. - @discussion Two identities are considered equal if they contain identical certificate and private key components. - @deprecated in Mac OS X 10.5 and later; the CFEqual function should be used instead (CFBase.h). -*/ -CFComparisonResult SecIdentityCompare( - SecIdentityRef identity1, - SecIdentityRef identity2, - CFOptionFlags compareOptions) - DEPRECATED_IN_MAC_OS_X_VERSION_10_5_AND_LATER; - -/*! - @function SecIdentityFindPreferenceItem - @abstract Returns an identity preference item, given an identity string. - @param keychainOrArray A reference to an array of keychains to search, a single keychain, or NULL to search the user's default keychain search list. - @param idString A string containing a URI, hostname, or email (RFC822) address. - @param itemRef On return, a reference to the keychain item which was found. The caller is responsible for releasing this reference. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion An identity preference item maps a particular identity to a string, such as a URI or email address. It specifies that this identity should be preferred in transactions which match the provided string. - @deprecated in Mac OS X 10.7 and later; use SecIdentityCopyPreferred() instead (SecIdentity.h) - - WARNING: This function is based on an implementation detail and will go away - in a future release; its use should be avoided at all costs. It does not - provide a way to find a preference item based on key usage, and it can only - find preferences which are stored as keychain items, so it may fail to find - the item you expect. Please use the public API functions to manipulate - identity preferences. -*/ -OSStatus SecIdentityFindPreferenceItem( - CFTypeRef keychainOrArray, - CFStringRef idString, - SecKeychainItemRef *itemRef) - DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; - -/*! - @function SecIdentityAddPreferenceItem - @abstract Adds a new identity preference item to the specified keychain. - @param keychainRef A reference to the keychain in which to store the preference item. Pass NULL to specify the user's default keychain. - @param identityRef An identity reference. - @param idString A string containing a URI, hostname, or email (RFC822) address. - @param itemRef On return, a reference to the new keychain item. The caller is responsible for releasing this reference. Pass NULL if the reference is not needed. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion An identity preference item maps a particular identity to a string, such as a URI or email address. It specifies that this identity should be preferred in transactions which match the provided string. - @deprecated in Mac OS X 10.5; use SecIdentitySetPreference() instead (SecIdentity.h). -*/ -OSStatus SecIdentityAddPreferenceItem( - SecKeychainRef keychainRef, - SecIdentityRef identityRef, - CFStringRef idString, - SecKeychainItemRef *itemRef) - DEPRECATED_IN_MAC_OS_X_VERSION_10_5_AND_LATER; - -/*! - @function SecIdentityUpdatePreferenceItem - @abstract Given an existing identity preference keychain item, update it with the provided identity. - @param itemRef An identity preference keychain item, as returned by SecIdentityFindPreferenceItem or SecIdentityAddPreferenceItem. - @param identityRef An identity reference. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is used to update an existing preference item when a different identity is preferred. - @deprecated in Mac OS X 10.5; use SecIdentitySetPreference() instead (SecIdentity.h). -*/ -OSStatus SecIdentityUpdatePreferenceItem( - SecKeychainItemRef itemRef, - SecIdentityRef identityRef) - DEPRECATED_IN_MAC_OS_X_VERSION_10_5_AND_LATER; - -/*! - @function SecIdentityCopyFromPreferenceItem - @abstract Given an existing identity preference keychain item, obtain a SecIdentityRef for the identity it specifies. - @param itemRef An identity preference keychain item, as returned by SecIdentityFindPreferenceItem or SecIdentityAddPreferenceItem. - @param identityRef On return, an identity reference. The caller is responsible for releasing this reference. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is used to obtain a SecIdentityRef from an existing preference item. - @deprecated in Mac OS X 10.5; use SecIdentityCopyPreference() instead (SecIdentity.h). -*/ -OSStatus SecIdentityCopyFromPreferenceItem( - SecKeychainItemRef itemRef, - SecIdentityRef *identityRef) - DEPRECATED_IN_MAC_OS_X_VERSION_10_5_AND_LATER; - -/*! - @function ConvertArrayToKeyUsage - @abstract Given an array of key usages defined in SecItem.h return the equivalent CSSM_KEYUSE - @param usage An CFArrayRef containing CFTypeRefs defined in SecItem.h - kSecAttrCanEncrypt, - kSecAttrCanDecrypt, - kSecAttrCanDerive, - kSecAttrCanSign, - kSecAttrCanVerify, - kSecAttrCanWrap, - kSecAttrCanUnwrap - If the CFArrayRef is NULL then the CSSM_KEYUSAGE will be CSSM_KEYUSE_ANY - @result A CSSM_KEYUSE. Derived from the passed in Array -*/ -CSSM_KEYUSE ConvertArrayToKeyUsage(CFArrayRef usage); - - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECIDENTITYPRIV_H_ */ diff --git a/OSX/libsecurity_keychain/lib/SecImport.cpp b/OSX/libsecurity_keychain/lib/SecImport.cpp index 76fedc32..41ca5942 100644 --- a/OSX/libsecurity_keychain/lib/SecImport.cpp +++ b/OSX/libsecurity_keychain/lib/SecImport.cpp @@ -23,7 +23,7 @@ * SecImport.cpp - high-level facility for importing Sec layer objects. */ -#include "SecImportExport.h" +#include #include "SecExternalRep.h" #include "SecImportExportPem.h" #include "SecImportExportUtils.h" diff --git a/OSX/libsecurity_keychain/lib/SecImportExport.c b/OSX/libsecurity_keychain/lib/SecImportExport.c index 197a0948..4ef8cd77 100644 --- a/OSX/libsecurity_keychain/lib/SecImportExport.c +++ b/OSX/libsecurity_keychain/lib/SecImportExport.c @@ -37,7 +37,7 @@ #include //#include "p12import.h" -#include "SecImportExport.h" +#include const CFStringRef __nonnull kSecImportExportPassphrase = CFSTR("passphrase"); const CFStringRef __nonnull kSecImportExportKeychain = CFSTR("keychain"); diff --git a/OSX/libsecurity_keychain/lib/SecImportExportAgg.cpp b/OSX/libsecurity_keychain/lib/SecImportExportAgg.cpp index 7c14cfca..96b00341 100644 --- a/OSX/libsecurity_keychain/lib/SecImportExportAgg.cpp +++ b/OSX/libsecurity_keychain/lib/SecImportExportAgg.cpp @@ -59,7 +59,7 @@ OSStatus impExpPkcs12Export( OSStatus ortn = errSecSuccess; CFMutableArrayRef exportItems; // SecKeychainItemRefs CFDataRef tmpData = NULL; - CSSM_CSP_HANDLE cspHand; + CSSM_CSP_HANDLE cspHand = CSSM_INVALID_HANDLE; CSSM_KEY *passKey = NULL; CFStringRef phraseStr = NULL; @@ -532,23 +532,20 @@ OSStatus impExpPkcs12Import( { StorageManager::KeychainList keychains; globals().storageManager.optionalSearchList(importKeychain, keychains); -#if SECTRUST_OSX + /* Convert unified SecCertificateRef to an ItemImpl instance */ itemImplRef = SecCertificateCreateItemImplInstance(certRef); -#else - itemImplRef = (SecCertificateRef)((certRef) ? CFRetain(certRef) : NULL); -#endif SecPointer cert = Certificate::required(itemImplRef); CFRelease(itemImplRef); itemImplRef = NULL; importedCertRef = cert->findInKeychain(keychains)->handle(); -#if SECTRUST_OSX + if (importedCertRef) { SecCertificateRef tmpRef = SecCertificateCreateFromItemImplInstance(importedCertRef); CFRelease(importedCertRef); importedCertRef = tmpRef; } -#endif + } /* Get digest of this cert's public key */ ortn = SecCertificateGetData(importedCertRef, &certData); diff --git a/OSX/libsecurity_keychain/lib/SecImportExportAgg.h b/OSX/libsecurity_keychain/lib/SecImportExportAgg.h index ac38dcc1..f094aff9 100644 --- a/OSX/libsecurity_keychain/lib/SecImportExportAgg.h +++ b/OSX/libsecurity_keychain/lib/SecImportExportAgg.h @@ -27,7 +27,7 @@ #ifndef _SECURITY_SEC_IMPORT_EXPORT_AGG_H_ #define _SECURITY_SEC_IMPORT_EXPORT_AGG_H_ -#include "SecImportExport.h" +#include #include "SecExternalRep.h" #ifdef __cplusplus diff --git a/OSX/libsecurity_keychain/lib/SecImportExportCrypto.cpp b/OSX/libsecurity_keychain/lib/SecImportExportCrypto.cpp index 1f89f4ce..f3cf841e 100644 --- a/OSX/libsecurity_keychain/lib/SecImportExportCrypto.cpp +++ b/OSX/libsecurity_keychain/lib/SecImportExportCrypto.cpp @@ -25,7 +25,7 @@ * keys. */ -#include "SecImportExport.h" +#include #include "SecImportExportCrypto.h" #include "SecImportExportUtils.h" #include "Keychains.h" diff --git a/OSX/libsecurity_keychain/lib/SecImportExportPem.h b/OSX/libsecurity_keychain/lib/SecImportExportPem.h index b91773d0..a3934d32 100644 --- a/OSX/libsecurity_keychain/lib/SecImportExportPem.h +++ b/OSX/libsecurity_keychain/lib/SecImportExportPem.h @@ -26,7 +26,7 @@ #ifndef _SECURITY_SEC_IMPORT_EXPORT_PEM_H_ #define _SECURITY_SEC_IMPORT_EXPORT_PEM_H_ -#include "SecImportExport.h" +#include #include "SecExternalRep.h" /* take these PEM header strings right from the authoritative source */ diff --git a/OSX/libsecurity_keychain/lib/SecImportExportUtils.cpp b/OSX/libsecurity_keychain/lib/SecImportExportUtils.cpp index e0f17768..a748ee6e 100644 --- a/OSX/libsecurity_keychain/lib/SecImportExportUtils.cpp +++ b/OSX/libsecurity_keychain/lib/SecImportExportUtils.cpp @@ -29,6 +29,7 @@ #include "SecIdentityPriv.h" #include "SecItem.h" #include +#include #include #pragma mark --- Debug support --- @@ -504,7 +505,7 @@ bool impExpImportGuessByExamination( } CSSM_HANDLE cacheHand; CSSM_RETURN crtn; - CSSM_DATA cdata = { CFDataGetLength(inData), + CSSM_DATA cdata = { int_cast(CFDataGetLength(inData)), (uint8 *)CFDataGetBytePtr(inData) }; crtn = CSSM_CL_CertCache(clHand, &cdata, &cacheHand); bool brtn = false; diff --git a/OSX/libsecurity_keychain/lib/SecImportExportUtils.h b/OSX/libsecurity_keychain/lib/SecImportExportUtils.h index 510fa69e..78ccc31d 100644 --- a/OSX/libsecurity_keychain/lib/SecImportExportUtils.h +++ b/OSX/libsecurity_keychain/lib/SecImportExportUtils.h @@ -26,9 +26,9 @@ #ifndef _SECURITY_SEC_IMPORT_EXPORT_UTILS_H_ #define _SECURITY_SEC_IMPORT_EXPORT_UTILS_H_ -#include "SecImportExport.h" +#include #include "SecKeychainPriv.h" -#include "SecBasePriv.h" +#include #include #include @@ -82,7 +82,7 @@ bool impExpImportParseFileExten( SecExternalItemType *itemType); // RETURNED /* do a [NSString stringByDeletingPathExtension] equivalent */ -CFStringRef impExpImportDeleteExtension( +CFStringRef CF_RETURNS_RETAINED impExpImportDeleteExtension( CFStringRef fileStr); /* diff --git a/OSX/libsecurity_keychain/lib/SecInternal.h b/OSX/libsecurity_keychain/lib/SecInternal.h deleted file mode 100644 index f10a5f15..00000000 --- a/OSX/libsecurity_keychain/lib/SecInternal.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (c) 2007-2015 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecInternal - SecInternal defines common internal constants macros and SPI functions. -*/ - -#ifndef _SECURITY_SECINTERNAL_H_ -#define _SECURITY_SECINTERNAL_H_ - -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -#define CFRetainSafe(CF) { CFTypeRef _cf = (CF); if (_cf) CFRetain(_cf); } -#define CFReleaseSafe(CF) { CFTypeRef _cf = (CF); if (_cf) CFRelease(_cf); } -#define CFReleaseNull(CF) { CFTypeRef _cf = (CF); \ - if (_cf) { (CF) = NULL; CFRelease(_cf); } } - -#define AssignOrReleaseResult(CF,OUT) { \ - CFTypeRef _cf = (CF), *_out = (OUT); \ - if (_out) { *_out = _cf; } else { if (_cf) CFRelease(_cf); } } - -#define DICT_DECLARE(MAXVALUES) \ - CFIndex numValues = 0, maxValues = (MAXVALUES); \ - const void *keys[maxValues]; \ - const void *values[maxValues]; - -#define DICT_ADDPAIR(KEY,VALUE) do { \ - if (numValues < maxValues) { \ - keys[numValues] = (KEY); \ - values[numValues] = (VALUE); \ - numValues++; \ - } else \ - assert(false); \ -} while(0) - -#define DICT_CREATE(ALLOCATOR) CFDictionaryCreate((ALLOCATOR), keys, values, \ - numValues, NULL, &kCFTypeDictionaryValueCallBacks) - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECINTERNAL_H_ */ diff --git a/OSX/libsecurity_keychain/lib/SecInternalP.h b/OSX/libsecurity_keychain/lib/SecInternalP.h deleted file mode 100644 index e92d7356..00000000 --- a/OSX/libsecurity_keychain/lib/SecInternalP.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (c) 2007,2009-2011,2013-2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecInternal - SecInternal defines common internal constants macros and SPI functions. -*/ - -#ifndef _SECURITY_SECINTERNALP_H_ -#define _SECURITY_SECINTERNALP_H_ - -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -#define CFRetainSafe(CF) { CFTypeRef _cf = (CF); if (_cf) CFRetain(_cf); } -#define CFReleaseSafe(CF) { CFTypeRef _cf = (CF); if (_cf) CFRelease(_cf); } -#define CFReleaseNull(CF) { CFTypeRef _cf = (CF); \ - if (_cf) { (CF) = NULL; CFRelease(_cf); } } - -#define DICT_DECLARE(MAXVALUES) \ - CFIndex numValues = 0, maxValues = (MAXVALUES); \ - const void *keys[maxValues]; \ - const void *values[maxValues]; - -#define DICT_ADDPAIR(KEY,VALUE) do { \ - if (numValues < maxValues) { \ - keys[numValues] = (KEY); \ - values[numValues] = (VALUE); \ - numValues++; \ - } else \ - assert(false); \ -} while(0) - -#define DICT_CREATE(ALLOCATOR) CFDictionaryCreate((ALLOCATOR), keys, values, \ - numValues, NULL, &kCFTypeDictionaryValueCallBacks) - -/* Non valid CFTimeInterval or CFAbsoluteTime. */ -#define NULL_TIME 0.0 - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECINTERNALP_H_ */ diff --git a/OSX/libsecurity_keychain/lib/SecItem.cpp b/OSX/libsecurity_keychain/lib/SecItem.cpp index 6dad3d2e..c25efd5c 100644 --- a/OSX/libsecurity_keychain/lib/SecItem.cpp +++ b/OSX/libsecurity_keychain/lib/SecItem.cpp @@ -869,7 +869,7 @@ _CreateAttributesDictionaryFromKeyItem( CFMutableDictionaryRef dict = CFDictionaryCreateMutable(allocator, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); unsigned int ix; - SecItemClass itemClass = 0; + SecItemClass itemClass = (SecItemClass) 0; UInt32 itemID; SecKeychainAttributeList *attrList = NULL; SecKeychainAttributeInfo *info = NULL; @@ -1187,7 +1187,7 @@ _CreateAttributesDictionaryFromInternetPasswordItem( // add kSecAttrAuthenticationType if ( attrList.attr[6].length > 0 ) { keys[numValues] = kSecAttrAuthenticationType; - values[numValues] = _SecAttrAuthenticationTypeForSecAuthenticationType(*(SecProtocolType*)attrList.attr[6].data); + values[numValues] = _SecAttrAuthenticationTypeForSecAuthenticationType( (SecAuthenticationType) (*(SecProtocolType*)attrList.attr[6].data)); if ( values[numValues] != NULL ) { CFRetain(values[numValues]); ++numValues; @@ -2005,7 +2005,7 @@ _CreateSecKeychainAttributeListFromDictionary( * _AppNameFromSecTrustedApplication attempts to pull the name of the * application/tool from the SecTrustedApplicationRef. */ -static CFStringRef +static CFStringRef CF_RETURNS_RETAINED _AppNameFromSecTrustedApplication( CFAllocatorRef alloc, SecTrustedApplicationRef appRef) @@ -2420,7 +2420,7 @@ _UpdateKeychainItem(CFTypeRef item, CFDictionaryRef changedAttributes) return errSecParam; } - SecItemClass itemClass; + SecItemClass itemClass = (SecItemClass) 0; SecAccessRef access = NULL; SecKeychainAttributeList *changeAttrList = NULL; SecKeychainItemRef itemToUpdate = NULL; @@ -2492,6 +2492,13 @@ _UpdateKeychainItem(CFTypeRef item, CFDictionaryRef changedAttributes) status = _CreateSecKeychainKeyAttributeListFromDictionary(changedAttributes, &changeAttrList); require_noerr(status, update_failed); } + break; + case kSecAppleSharePasswordItemClass: + { + // do nothing (legacy behavior). + } + break; + } // get the password @@ -2739,7 +2746,7 @@ _ItemClassFromItemList(CFArrayRef itemList) // Given a list of items (standard or persistent references), // determine whether they all have the same item class. Returns // the item class, or 0 if multiple classes in list. - SecItemClass result = 0; + SecItemClass result = (SecItemClass) 0; CFIndex index, count = (itemList) ? CFArrayGetCount(itemList) : 0; for (index=0; index < count; index++) { CFTypeRef item = (CFTypeRef) CFArrayGetValueAtIndex(itemList, index); @@ -2754,7 +2761,7 @@ _ItemClassFromItemList(CFArrayRef itemList) itemRef = (SecKeychainItemRef) CFRetain(item); } if (itemRef) { - SecItemClass itemClass = 0; + SecItemClass itemClass = (SecItemClass) 0; CFTypeID itemTypeID = CFGetTypeID(itemRef); if (itemTypeID == SecIdentityGetTypeID() || itemTypeID == SecCertificateGetTypeID()) { // Identities and certificates have the same underlying item class @@ -2781,7 +2788,7 @@ _ItemClassFromItemList(CFArrayRef itemList) CFRelease(itemRef); if (itemClass != 0) { if (result != 0 && result != itemClass) { - return 0; // different item classes in list; bail out + return (SecItemClass) 0; // different item classes in list; bail out } result = itemClass; } @@ -3226,31 +3233,6 @@ _ImportKey( END_SECAPI } -#if !SECTRUST_OSX -static Boolean -_CanIgnoreLeafStatusCodes(CSSM_TP_APPLE_EVIDENCE_INFO *evidence) -{ - /* Check for ignorable status codes in leaf certificate's evidence */ - Boolean result = true; - unsigned int i; - for (i=0; i < evidence->NumStatusCodes; i++) { - CSSM_RETURN scode = evidence->StatusCodes[i]; - if (scode == CSSMERR_APPLETP_INVALID_CA) { - // the TP has rejected this CA cert because it's in the leaf position - result = true; - } - else if (ignorableRevocationStatusCode(scode)) { - result = true; - } - else { - result = false; - break; - } - } - return result; -} -#endif - static OSStatus _FilterWithPolicy(SecPolicyRef policy, CFDateRef date, SecCertificateRef cert) { @@ -3262,9 +3244,6 @@ _FilterWithPolicy(SecPolicyRef policy, CFDateRef date, SecCertificateRef cert) SecTrustRef trust = NULL; SecTrustResultType trustResult; -#if !SECTRUST_OSX - CSSM_TP_APPLE_EVIDENCE_INFO *evidence = NULL; -#endif Boolean needChain = false; OSStatus status; if (!policy || !cert) return errSecParam; @@ -3290,41 +3269,11 @@ _FilterWithPolicy(SecPolicyRef policy, CFDateRef date, SecCertificateRef cert) } if (!needChain) { -#if !SECTRUST_OSX - /* To make the evaluation as lightweight as possible, specify an empty array - * of keychains which will be searched for certificates. - */ - keychains = CFArrayCreate(NULL, NULL, 0, &kCFTypeArrayCallBacks); - status = SecTrustSetKeychains(trust, keychains); - if(status) goto cleanup; - - /* To make the evaluation as lightweight as possible, specify an empty array - * of trusted anchors. - */ - anchors = CFArrayCreate(NULL, NULL, 0, &kCFTypeArrayCallBacks); - status = SecTrustSetAnchorCertificates(trust, anchors); - if(status) goto cleanup; -#else status = SecTrustEvaluateLeafOnly(trust, &trustResult); } else { status = SecTrustEvaluate(trust, &trustResult); -#endif } -#if !SECTRUST_OSX - /* All parameters are locked and loaded, ready to evaluate! */ - status = SecTrustEvaluate(trust, &trustResult); - if(status) goto cleanup; - - /* If we didn't provide trust anchors or a way to look for them, - * the evaluation will fail with kSecTrustResultRecoverableTrustFailure. - * However, we can tell whether the policy evaluation succeeded by - * looking at the per-cert status codes in the returned evidence. - */ - status = SecTrustGetResult(trust, &trustResult, &chain, &evidence); - if(status) goto cleanup; -#endif - if (!(trustResult == kSecTrustResultProceed || trustResult == kSecTrustResultUnspecified || trustResult == kSecTrustResultRecoverableTrustFailure)) { @@ -3336,18 +3285,8 @@ _FilterWithPolicy(SecPolicyRef policy, CFDateRef date, SecCertificateRef cert) /* If there are no per-cert policy status codes, * and the cert has not expired, consider it valid for the policy. */ -#if SECTRUST_OSX if (true) { (void)SecTrustGetCssmResultCode(trust, &status); -#else - if((evidence != NULL) && _CanIgnoreLeafStatusCodes(evidence) && - ((evidence[0].StatusBits & CSSM_CERT_STATUS_EXPIRED) == 0) && - ((evidence[0].StatusBits & CSSM_CERT_STATUS_NOT_VALID_YET) == 0)) { - status = errSecSuccess; -#endif - } - else { - status = errSecCertificateCannotOperate; } cleanup: @@ -4188,7 +4127,7 @@ CFTypeRef SecItemCreateFromAttributeDictionary_osx(CFDictionaryRef refAttributes) { CFTypeRef ref = NULL; CFStringRef item_class_string = (CFStringRef)CFDictionaryGetValue(refAttributes, kSecClass); - SecItemClass item_class = 0; + SecItemClass item_class = (SecItemClass) 0; if (CFEqual(item_class_string, kSecClassGenericPassword)) { item_class = kSecGenericPasswordItemClass; @@ -4642,8 +4581,10 @@ SecItemMergeResults(bool can_target_ios, OSStatus status_ios, CFTypeRef result_i // If both keychains were targetted, examine returning statuses and decide what to do. if (status_ios != errSecSuccess) { // iOS keychain failed to produce results because of some error, go with results from OSX keychain. + // Since iOS keychain queries will fail without a keychain-access-group or proper entitlements, SecItemCopyMatching + // calls against the OSX keychain API that should return errSecItemNotFound will return nonsense from the iOS keychain. AssignOrReleaseResult(result_osx, result); - return status_osx; + return status_osx; } else if (status_osx != errSecSuccess) { if (status_osx != errSecItemNotFound) { // OSX failed to produce results with some failure mode (else than not_found), but iOS produced results. @@ -4693,20 +4634,32 @@ SecItemMergeResults(bool can_target_ios, OSStatus status_ios, CFTypeRef result_i } static bool -ShouldTryUnlockKeybag(OSErr status) +ShouldTryUnlockKeybag(CFDictionaryRef query, OSErr status) { - static typeof(SASSessionStateForUser) *soft_SASSessionStateForUser = NULL; + static __typeof(SASSessionStateForUser) *soft_SASSessionStateForUser = NULL; static dispatch_once_t onceToken; static void *framework; if (status != errSecInteractionNotAllowed) return false; + // If the query disabled authUI, respect it. + CFTypeRef authUI = NULL; + if (query) { + authUI = CFDictionaryGetValue(query, kSecUseAuthenticationUI); + if (authUI == NULL) { + authUI = CFDictionaryGetValue(query, kSecUseNoAuthenticationUI); + authUI = (authUI != NULL && CFEqual(authUI, kCFBooleanTrue)) ? kSecUseAuthenticationUIFail : NULL; + } + } + if (authUI && !CFEqual(authUI, kSecUseAuthenticationUIAllow)) + return false; + dispatch_once(&onceToken, ^{ framework = dlopen("/System/Library/PrivateFrameworks/login.framework/login", RTLD_LAZY); if (framework == NULL) return; - soft_SASSessionStateForUser = (typeof(soft_SASSessionStateForUser)) dlsym(framework, "SASSessionStateForUser"); + soft_SASSessionStateForUser = (__typeof(soft_SASSessionStateForUser)) dlsym(framework, "SASSessionStateForUser"); }); if (soft_SASSessionStateForUser == NULL) @@ -4744,7 +4697,7 @@ SecItemCopyMatching(CFDictionaryRef query, CFTypeRef *result) } else { status_ios = SecItemCopyMatching_ios(attrs_ios, &result_ios); - if(ShouldTryUnlockKeybag(status_ios)) { + if(ShouldTryUnlockKeybag(query, status_ios)) { // The keybag is locked. Attempt to unlock it... secitemlog(LOG_WARNING, "SecItemCopyMatching triggering SecurityAgent"); if(errSecSuccess == SecKeychainVerifyKeyStorePassphrase(1)) { @@ -4805,7 +4758,7 @@ SecItemAdd(CFDictionaryRef attributes, CFTypeRef *result) status = errSecParam; } else { status = SecItemAdd_ios(attrs_ios, &result_ios); - if(ShouldTryUnlockKeybag(status)) { + if(ShouldTryUnlockKeybag(attributes, status)) { // The keybag is locked. Attempt to unlock it... secitemlog(LOG_WARNING, "SecItemAdd triggering SecurityAgent"); if(errSecSuccess == SecKeychainVerifyKeyStorePassphrase(3)) { @@ -4859,7 +4812,7 @@ SecItemUpdate(CFDictionaryRef query, CFDictionaryRef attributesToUpdate) else { if (SecItemHasSynchronizableUpdate(true, attributesToUpdate)) { status_ios = SecItemChangeSynchronizability(attrs_ios, attributesToUpdate, false); - if(ShouldTryUnlockKeybag(status_ios)) { + if(ShouldTryUnlockKeybag(query, status_ios)) { // The keybag is locked. Attempt to unlock it... secitemlog(LOG_WARNING, "SecItemUpdate triggering SecurityAgent"); if(errSecSuccess == SecKeychainVerifyKeyStorePassphrase(1)) { @@ -4868,7 +4821,7 @@ SecItemUpdate(CFDictionaryRef query, CFDictionaryRef attributesToUpdate) } } else { status_ios = SecItemUpdate_ios(attrs_ios, attributesToUpdate); - if(ShouldTryUnlockKeybag(status_ios)) { + if(ShouldTryUnlockKeybag(query, status_ios)) { // The keybag is locked. Attempt to unlock it... secitemlog(LOG_WARNING, "SecItemUpdate triggering SecurityAgent"); if(errSecSuccess == SecKeychainVerifyKeyStorePassphrase(1)) { @@ -4954,7 +4907,7 @@ OSStatus SecItemUpdateTokenItems(CFTypeRef tokenID, CFArrayRef tokenItemsAttributes) { OSStatus status = SecItemUpdateTokenItems_ios(tokenID, tokenItemsAttributes); - if(ShouldTryUnlockKeybag(status)) { + if(ShouldTryUnlockKeybag(NULL, status)) { // The keybag is locked. Attempt to unlock it... if(errSecSuccess == SecKeychainVerifyKeyStorePassphrase(1)) { secitemlog(LOG_WARNING, "SecItemUpdateTokenItems triggering SecurityAgent"); diff --git a/OSX/libsecurity_keychain/lib/SecItem.h b/OSX/libsecurity_keychain/lib/SecItem.h deleted file mode 100644 index 9d325aff..00000000 --- a/OSX/libsecurity_keychain/lib/SecItem.h +++ /dev/null @@ -1,1199 +0,0 @@ -/* - * Copyright (c) 2006-2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecItem - SecItem defines CoreFoundation-based constants and functions for - access to Security items (certificates, keys, identities, and - passwords.) -*/ - -#ifndef _SECURITY_SECITEM_H_ -#define _SECURITY_SECITEM_H_ - -#include -#include -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -CF_ASSUME_NONNULL_BEGIN -CF_IMPLICIT_BRIDGING_ENABLED - -/*! - @enum Class Key Constant - @discussion Predefined key constant used to get or set item class values in - a dictionary. Its value is one of the constants defined in the Value - Constants for kSecClass. - @constant kSecClass Specifies a dictionary key whose value is the item's - class code. You use this key to get or set a value of type CFTypeRef - that contains the item class code. -*/ -extern const CFStringRef kSecClass - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - -/*! - @enum Class Value Constants - @discussion Predefined item class constants used to get or set values in - a dictionary. The kSecClass constant is the key and its value is one - of the constants defined here. Note: on Mac OS X 10.6, only items - of class kSecClassInternetPassword are supported. - @constant kSecClassInternetPassword Specifies Internet password items. - @constant kSecClassGenericPassword Specifies generic password items. - @constant kSecClassCertificate Specifies certificate items. - @constant kSecClassKey Specifies key items. - @constant kSecClassIdentity Specifies identity items. -*/ -extern const CFStringRef kSecClassInternetPassword - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecClassGenericPassword - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); -extern const CFStringRef kSecClassCertificate - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); -extern const CFStringRef kSecClassKey - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); -extern const CFStringRef kSecClassIdentity - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); - -/*! - @enum Attribute Key Constants - @discussion Predefined item attribute keys used to get or set values in a - dictionary. Not all attributes apply to each item class. The table - below lists the currently defined attributes for each item class: - - kSecClassGenericPassword item attributes: - kSecAttrAccess (OS X only) - kSecAttrAccessControl - kSecAttrAccessGroup (iOS; also OS X if kSecAttrSynchronizable specified) - kSecAttrAccessible (iOS; also OS X if kSecAttrSynchronizable specified) - kSecAttrCreationDate - kSecAttrModificationDate - kSecAttrDescription - kSecAttrComment - kSecAttrCreator - kSecAttrType - kSecAttrLabel - kSecAttrIsInvisible - kSecAttrIsNegative - kSecAttrAccount - kSecAttrService - kSecAttrGeneric - - kSecClassInternetPassword item attributes: - kSecAttrAccess (OS X only) - kSecAttrAccessGroup (iOS; also OS X if kSecAttrSynchronizable specified) - kSecAttrAccessible (iOS; also OS X if kSecAttrSynchronizable specified) - kSecAttrCreationDate - kSecAttrModificationDate - kSecAttrDescription - kSecAttrComment - kSecAttrCreator - kSecAttrType - kSecAttrLabel - kSecAttrIsInvisible - kSecAttrIsNegative - kSecAttrAccount - kSecAttrSecurityDomain - kSecAttrServer - kSecAttrProtocol - kSecAttrAuthenticationType - kSecAttrPort - kSecAttrPath - - kSecClassCertificate item attributes: - kSecAttrCertificateType - kSecAttrCertificateEncoding - kSecAttrLabel - kSecAttrSubject - kSecAttrIssuer - kSecAttrSerialNumber - kSecAttrSubjectKeyID - kSecAttrPublicKeyHash - - kSecClassKey item attributes: - kSecAttrAccess (OS X only) - kSecAttrAccessGroup (iOS only) - kSecAttrAccessible (iOS only) - kSecAttrKeyClass - kSecAttrLabel - kSecAttrApplicationLabel - kSecAttrIsPermanent - kSecAttrApplicationTag - kSecAttrKeyType - kSecAttrPRF - kSecAttrSalt - kSecAttrRounds - kSecAttrKeySizeInBits - kSecAttrEffectiveKeySize - kSecAttrCanEncrypt - kSecAttrCanDecrypt - kSecAttrCanDerive - kSecAttrCanSign - kSecAttrCanVerify - kSecAttrCanWrap - kSecAttrCanUnwrap - - Note that the attributes kSecAttrCan* describe attributes of the - key itself at relatively high level. Some of these attributes are - mathematical -- for example, a DSA key cannot encrypt. Others are - key-level policy issues -- for example, it is good cryptographic - hygiene to use an RSA key either for encryption or signing but not - both. Compare these to the certificate-level policy values in - SecPolicy.h. - - kSecClassIdentity item attributes: - Since an identity is the combination of a private key and a - certificate, this class shares attributes of both kSecClassKey and - kSecClassCertificate. - - @constant kSecAttrAccessible Specifies a dictionary key whose value - indicates when your application needs access to an item's data. You - should choose the most restrictive option that meets your application's - needs to allow the system to protect that item in the best way possible. - See the "kSecAttrAccessible Value Constants" section for a list of - values which can be specified. - IMPORTANT: This attribute is currently not supported for OS X keychain - items, unless the kSecAttrSynchronizable attribute is also present. If - both attributes are specified on either OS X or iOS, the value for the - kSecAttrAccessible key may only be one whose name does not end with - "ThisDeviceOnly", as those cannot sync to another device. - - @constant kSecAttrAccessControl Specifies a dictionary key whose value - is SecAccessControl instance which contains access control conditions - for item. - IMPORTANT: This attribute is mutually exclusive with kSecAttrAccess - attribute. - - @constant kSecAttrAccess Specifies a dictionary key whose value - is a SecAccessRef describing the access control settings for this item. - This key is available on OS X only. - - @constant kSecAttrAccessGroup Specifies a dictionary key whose value is - a CFStringRef indicating which access group a item is in. The access - groups that a particular application has membership in are determined by - two entitlements for that application. The application-identifier - entitlement contains the application's single access group, unless - there is a keychain-access-groups entitlement present. The latter - has as its value a list of access groups; the first item in this list - is the default access group. Unless a specific access group is provided - as the value of kSecAttrAccessGroup when SecItemAdd is called, new items - are created in the application's default access group. Specifying this - attribute in SecItemCopyMatching, SecItemUpdate, or SecItemDelete calls - limits the search to the specified access group (of which the calling - application must be a member to obtain matching results.) To share - keychain items between multiple applications, each application must have - a common group listed in its keychain-access-groups entitlement, and each - must specify this shared access group name as the value for the - kSecAttrAccessGroup key in the dictionary passed to SecItem functions. - - @constant kSecAttrSynchronizable Specifies a dictionary key whose value is - a CFBooleanRef indicating whether the item in question can be synchronized. - To add a new item which can be synced to other devices, or to obtain - synchronizable results from a query, supply this key with a value of - kCFBooleanTrue. If the key is not supplied, or has a value of - kCFBooleanFalse, then no synchronizable items will be added or returned. - A predefined value, kSecAttrSynchronizableAny, may be provided instead of - kCFBooleanTrue if both synchronizable and non-synchronizable results are - desired. - - IMPORTANT: Specifying the kSecAttrSynchronizable key has several caveats: - - - Updating or deleting items using the kSecAttrSynchronizable key will - affect all copies of the item, not just the one on your local device. - Be sure that it makes sense to use the same password on all devices - before deciding to make a password synchronizable. - - Only password items can currently be synchronized. Keychain syncing - is not supported for certificates or cryptographic keys. - - Items stored or obtained using the kSecAttrSynchronizable key cannot - specify SecAccessRef-based access control with kSecAttrAccess. If a - password is intended to be shared between multiple applications, the - kSecAttrAccessGroup key must be specified, and each application - using this password must have a 'keychain-access-groups' entitlement - with the specified access group value. - - Items stored or obtained using the kSecAttrSynchronizable key may - not also specify a kSecAttrAccessible value which is incompatible - with syncing (namely, those whose names end with "ThisDeviceOnly".) - - Items stored or obtained using the kSecAttrSynchronizable key cannot - be specified by reference. You must pass kSecReturnAttributes and/or - kSecReturnData to retrieve results; kSecReturnRef is currently not - supported for synchronizable items. - - Persistent references to synchronizable items should be avoided; - while they may work locally, they cannot be moved between devices, - and may not resolve if the item is modified on some other device. - - When specifying a query that uses the kSecAttrSynchronizable key, - search keys are limited to the item's class and attributes. - The only search constant which may be used is kSecMatchLimit; other - constants using the kSecMatch prefix are not supported at this time. - - @constant kSecAttrSynchronizableAny Specifies that both synchronizable and - non-synchronizable results should be returned from this query. This may be - used as a value for the kSecAttrSynchronizable dictionary key in a call to - SecItemCopyMatching, SecItemUpdate, or SecItemDelete. - - @constant kSecAttrCreationDate (read-only) Specifies a dictionary key whose - value is the item's creation date. You use this key to get a value - of type CFDateRef that represents the date the item was created. - @constant kSecAttrModificationDate (read-only) Specifies a dictionary key - whose value is the item's modification date. You use this key to get - a value of type CFDateRef that represents the last time the item was - updated. - @constant kSecAttrDescription Specifies a dictionary key whose value is - the item's description attribute. You use this key to set or get a - value of type CFStringRef that represents a user-visible string - describing this particular kind of item (e.g., "disk image password"). - @constant kSecAttrComment Specifies a dictionary key whose value is the - item's comment attribute. You use this key to set or get a value of - type CFStringRef containing the user-editable comment for this item. - @constant kSecAttrCreator Specifies a dictionary key whose value is the - item's creator attribute. You use this key to set or get a value of - type CFNumberRef that represents the item's creator. This number is - the unsigned integer representation of a four-character code (e.g., - 'aCrt'). - @constant kSecAttrType Specifies a dictionary key whose value is the item's - type attribute. You use this key to set or get a value of type - CFNumberRef that represents the item's type. This number is the - unsigned integer representation of a four-character code (e.g., - 'aTyp'). - @constant kSecAttrLabel Specifies a dictionary key whose value is the - item's label attribute. You use this key to set or get a value of - type CFStringRef containing the user-visible label for this item. - @constant kSecAttrIsInvisible Specifies a dictionary key whose value is the - item's invisible attribute. You use this key to set or get a value - of type CFBooleanRef that indicates whether the item is invisible - (i.e., should not be displayed.) - @constant kSecAttrIsNegative Specifies a dictionary key whose value is the - item's negative attribute. You use this key to set or get a value of - type CFBooleanRef that indicates whether there is a valid password - associated with this keychain item. This is useful if your application - doesn't want a password for some particular service to be stored in - the keychain, but prefers that it always be entered by the user. - @constant kSecAttrAccount Specifies a dictionary key whose value is the - item's account attribute. You use this key to set or get a CFStringRef - that contains an account name. (Items of class - kSecClassGenericPassword, kSecClassInternetPassword have this - attribute.) - @constant kSecAttrService Specifies a dictionary key whose value is the - item's service attribute. You use this key to set or get a CFStringRef - that represents the service associated with this item. (Items of class - kSecClassGenericPassword have this attribute.) - @constant kSecAttrGeneric Specifies a dictionary key whose value is the - item's generic attribute. You use this key to set or get a value of - CFDataRef that contains a user-defined attribute. (Items of class - kSecClassGenericPassword have this attribute.) - @constant kSecAttrSecurityDomain Specifies a dictionary key whose value - is the item's security domain attribute. You use this key to set or - get a CFStringRef value that represents the Internet security domain. - (Items of class kSecClassInternetPassword have this attribute.) - @constant kSecAttrServer Specifies a dictionary key whose value is the - item's server attribute. You use this key to set or get a value of - type CFStringRef that contains the server's domain name or IP address. - (Items of class kSecClassInternetPassword have this attribute.) - @constant kSecAttrProtocol Specifies a dictionary key whose value is the - item's protocol attribute. You use this key to set or get a value of - type CFNumberRef that denotes the protocol for this item (see the - SecProtocolType enum in SecKeychainItem.h). (Items of class - kSecClassInternetPassword have this attribute.) - @constant kSecAttrAuthenticationType Specifies a dictionary key whose value - is the item's authentication type attribute. You use this key to set - or get a value of type CFNumberRef that denotes the authentication - scheme for this item (see the kSecAttrAuthenticationType value - constants below). - @constant kSecAttrPort Specifies a dictionary key whose value is the item's - port attribute. You use this key to set or get a CFNumberRef value - that represents an Internet port number. (Items of class - kSecClassInternetPassword have this attribute.) - @constant kSecAttrPath Specifies a dictionary key whose value is the item's - path attribute, typically this is the path component of the URL. You use - this key to set or get a CFStringRef value that represents a path. (Items - of class kSecClassInternetPassword have this attribute.) - @constant kSecAttrSubject (read-only) Specifies a dictionary key whose - value is the item's subject. You use this key to get a value of type - CFDataRef that contains the X.500 subject name of a certificate. - (Items of class kSecClassCertificate have this attribute.) - @constant kSecAttrIssuer (read-only) Specifies a dictionary key whose value - is the item's issuer. You use this key to get a value of type - CFDataRef that contains the X.500 issuer name of a certificate. (Items - of class kSecClassCertificate have this attribute.) - @constant kSecAttrSerialNumber (read-only) Specifies a dictionary key whose - value is the item's serial number. You use this key to get a value - of type CFDataRef that contains the serial number data of a - certificate. (Items of class kSecClassCertificate have this - attribute.) - @constant kSecAttrSubjectKeyID (read-only) Specifies a dictionary key whose - value is the item's subject key ID. You use this key to get a value - of type CFDataRef that contains the subject key ID of a certificate. - (Items of class kSecClassCertificate have this attribute.) - @constant kSecAttrPublicKeyHash (read-only) Specifies a dictionary key - whose value is the item's public key hash. You use this key to get a - value of type CFDataRef that contains the hash of a certificate's - public key. (Items of class kSecClassCertificate have this attribute.) - @constant kSecAttrCertificateType (read-only) Specifies a dictionary key - whose value is the item's certificate type. You use this key to get - a value of type CFNumberRef that denotes the certificate type (see the - CSSM_CERT_TYPE enum in cssmtype.h). (Items of class - kSecClassCertificate have this attribute.) - @constant kSecAttrCertificateEncoding (read-only) Specifies a dictionary - key whose value is the item's certificate encoding. You use this key - to get a value of type CFNumberRef that denotes the certificate - encoding (see the CSSM_CERT_ENCODING enum in cssmtype.h). (Items of - class kSecClassCertificate have this attribute.) - @constant kSecAttrKeyClass (read only) Specifies a dictionary key whose - value is one of kSecAttrKeyClassPublic, kSecAttrKeyClassPrivate or - kSecAttrKeyClassSymmetric. - @constant kSecAttrApplicationLabel Specifies a dictionary key whose value - is the key's application label attribute. This is different from the - kSecAttrLabel (which is intended to be human-readable). This attribute - is used to look up a key programmatically; in particular, for keys of - class kSecAttrKeyClassPublic and kSecAttrKeyClassPrivate, the value of - this attribute is the hash of the public key. This item is a type of CFDataRef. - Legacy keys may contain a UUID in this field as a CFStringRef. - @constant kSecAttrIsPermanent Specifies a dictionary key whose value is a - CFBooleanRef indicating whether the key in question will be stored - permanently. - @constant kSecAttrIsSensitive Specifies a dictionary key whose value is a - CFBooleanRef indicating that the key in question can only be exported - in a wrapped (encrypted) format. - @constant kSecAttrIsExtractable Specifies a dictionary key whose value is a - CFBooleanRef indicating whether the key in question can be exported from - its keychain container. - @constant kSecAttrApplicationTag Specifies a dictionary key whose value is a - CFDataRef containing private tag data. - @constant kSecAttrKeyType Specifies a dictionary key whose value is a - CFNumberRef indicating the algorithm associated with this key (see the - CSSM_ALGORITHMS enum in cssmtype.h). - @constant kSecAttrPRF Specifies a dictionary key whose value is the PRF - (pseudo-random function) for this key (see "kSecAttrPRF Value Constants".) - @constant kSecAttrSalt Specifies a dictionary key whose value is a - CFData containing the salt to use for this key. - @constant kSecAttrRounds Specifies a dictionary key whose value is the - number of rounds for the pseudo-random function specified by kSecAttrPRF. - @constant kSecAttrKeySizeInBits Specifies a dictionary key whose value - is a CFNumberRef indicating the number of bits in this key. - @constant kSecAttrEffectiveKeySize Specifies a dictionary key whose value - is a CFNumberRef indicating the effective number of bits in this key. - For example, a DES key has a kSecAttrKeySizeInBits of 64, but a - kSecAttrEffectiveKeySize of 56 bits. - @constant kSecAttrCanEncrypt Specifies a dictionary key whole value is a - CFBooleanRef indicating whether the key in question can be used to - encrypt data. - @constant kSecAttrCanDecrypt Specifies a dictionary key whole value is a - CFBooleanRef indicating whether the key in question can be used to - decrypt data. - @constant kSecAttrCanDerive Specifies a dictionary key whole value is a - CFBooleanRef indicating whether the key in question can be used to - derive another key. - @constant kSecAttrCanSign Specifies a dictionary key whole value is a - CFBooleanRef indicating whether the key in question can be used to - create a digital signature. - @constant kSecAttrCanVerify Specifies a dictionary key whole value is a - CFBooleanRef indicating whether the key in question can be used to - verify a digital signature. - @constant kSecAttrCanWrap Specifies a dictionary key whole value is a - CFBooleanRef indicating whether the key in question can be used to - wrap another key. - @constant kSecAttrCanUnwrap Specifies a dictionary key whole value is a - CFBooleanRef indicating whether the key in question can be used to - unwrap another key. -*/ -extern const CFStringRef kSecAttrAccessible - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); -extern const CFStringRef kSecAttrAccess - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecAttrAccessControl - __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0); -extern const CFStringRef kSecAttrAccessGroup - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_3_0); -extern const CFStringRef kSecAttrSynchronizable - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); -extern const CFStringRef kSecAttrSynchronizableAny - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); -extern const CFStringRef kSecAttrCreationDate - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrModificationDate - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrDescription - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrComment - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrCreator - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrType - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrLabel - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrIsInvisible - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrIsNegative - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrAccount - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrService - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrGeneric - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrSecurityDomain - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrServer - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocol - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrAuthenticationType - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrPort - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrPath - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrSubject - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrIssuer - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrSerialNumber - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrSubjectKeyID - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrPublicKeyHash - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrCertificateType - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrCertificateEncoding - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrKeyClass - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrApplicationLabel - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrIsPermanent - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrIsSensitive - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrIsExtractable - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrApplicationTag - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrKeyType - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrPRF - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecAttrSalt - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecAttrRounds - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecAttrKeySizeInBits - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrEffectiveKeySize - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrCanEncrypt - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrCanDecrypt - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrCanDerive - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrCanSign - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrCanVerify - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrCanWrap - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrCanUnwrap - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrTokenID - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0); - -/*! - @enum kSecAttrAccessible Value Constants - @discussion Predefined item attribute constants used to get or set values - in a dictionary. The kSecAttrAccessible constant is the key and its - value is one of the constants defined here. - When asking SecItemCopyMatching to return the item's data, the error - errSecInteractionNotAllowed will be returned if the item's data is not - available until a device unlock occurs. - @constant kSecAttrAccessibleWhenUnlocked Item data can only be accessed - while the device is unlocked. This is recommended for items that only - need be accesible while the application is in the foreground. Items - with this attribute will migrate to a new device when using encrypted - backups. - @constant kSecAttrAccessibleAfterFirstUnlock Item data can only be - accessed once the device has been unlocked after a restart. This is - recommended for items that need to be accesible by background - applications. Items with this attribute will migrate to a new device - when using encrypted backups. - @constant kSecAttrAccessibleAlways Item data can always be accessed - regardless of the lock state of the device. This is not recommended - for anything except system use. Items with this attribute will migrate - to a new device when using encrypted backups. - @constant kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly Item data can - only be accessed while the device is unlocked. This is recommended for - items that only need to be accessible while the application is in the - foreground and requires a passcode to be set on the device. Items with - this attribute will never migrate to a new device, so after a backup - is restored to a new device, these items will be missing. This - attribute will not be available on devices without a passcode. Disabling - the device passcode will cause all previously protected items to - be deleted. - @constant kSecAttrAccessibleWhenUnlockedThisDeviceOnly Item data can only - be accessed while the device is unlocked. This is recommended for items - that only need be accesible while the application is in the foreground. - Items with this attribute will never migrate to a new device, so after - a backup is restored to a new device, these items will be missing. - @constant kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly Item data can - only be accessed once the device has been unlocked after a restart. - This is recommended for items that need to be accessible by background - applications. Items with this attribute will never migrate to a new - device, so after a backup is restored to a new device these items will - be missing. - @constant kSecAttrAccessibleAlwaysThisDeviceOnly Item data can always - be accessed regardless of the lock state of the device. This option - is not recommended for anything except system use. Items with this - attribute will never migrate to a new device, so after a backup is - restored to a new device, these items will be missing. -*/ -extern const CFStringRef kSecAttrAccessibleWhenUnlocked - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); -extern const CFStringRef kSecAttrAccessibleAfterFirstUnlock - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); -extern const CFStringRef kSecAttrAccessibleAlways - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); -extern const CFStringRef kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly - __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0); -extern const CFStringRef kSecAttrAccessibleWhenUnlockedThisDeviceOnly - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); -extern const CFStringRef kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); -extern const CFStringRef kSecAttrAccessibleAlwaysThisDeviceOnly - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); - -/*! - @enum kSecAttrProtocol Value Constants - @discussion Predefined item attribute constants used to get or set values - in a dictionary. The kSecAttrProtocol constant is the key and its - value is one of the constants defined here. - @constant kSecAttrProtocolFTP - @constant kSecAttrProtocolFTPAccount - @constant kSecAttrProtocolHTTP - @constant kSecAttrProtocolIRC - @constant kSecAttrProtocolNNTP - @constant kSecAttrProtocolPOP3 - @constant kSecAttrProtocolSMTP - @constant kSecAttrProtocolSOCKS - @constant kSecAttrProtocolIMAP - @constant kSecAttrProtocolLDAP - @constant kSecAttrProtocolAppleTalk - @constant kSecAttrProtocolAFP - @constant kSecAttrProtocolTelnet - @constant kSecAttrProtocolSSH - @constant kSecAttrProtocolFTPS - @constant kSecAttrProtocolHTTPS - @constant kSecAttrProtocolHTTPProxy - @constant kSecAttrProtocolHTTPSProxy - @constant kSecAttrProtocolFTPProxy - @constant kSecAttrProtocolSMB - @constant kSecAttrProtocolRTSP - @constant kSecAttrProtocolRTSPProxy - @constant kSecAttrProtocolDAAP - @constant kSecAttrProtocolEPPC - @constant kSecAttrProtocolIPP - @constant kSecAttrProtocolNNTPS - @constant kSecAttrProtocolLDAPS - @constant kSecAttrProtocolTelnetS - @constant kSecAttrProtocolIMAPS - @constant kSecAttrProtocolIRCS - @constant kSecAttrProtocolPOP3S -*/ -extern const CFStringRef kSecAttrProtocolFTP - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolFTPAccount - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolHTTP - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolIRC - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolNNTP - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolPOP3 - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolSMTP - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolSOCKS - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolIMAP - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolLDAP - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolAppleTalk - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolAFP - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolTelnet - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolSSH - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolFTPS - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolHTTPS - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolHTTPProxy - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolHTTPSProxy - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolFTPProxy - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolSMB - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolRTSP - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolRTSPProxy - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolDAAP - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolEPPC - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolIPP - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolNNTPS - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolLDAPS - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolTelnetS - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolIMAPS - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolIRCS - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrProtocolPOP3S - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - -/*! - @enum kSecAttrAuthenticationType Value Constants - @discussion Predefined item attribute constants used to get or set values - in a dictionary. The kSecAttrAuthenticationType constant is the key - and its value is one of the constants defined here. - @constant kSecAttrAuthenticationTypeNTLM - @constant kSecAttrAuthenticationTypeMSN - @constant kSecAttrAuthenticationTypeDPA - @constant kSecAttrAuthenticationTypeRPA - @constant kSecAttrAuthenticationTypeHTTPBasic - @constant kSecAttrAuthenticationTypeHTTPDigest - @constant kSecAttrAuthenticationTypeHTMLForm - @constant kSecAttrAuthenticationTypeDefault -*/ -extern const CFStringRef kSecAttrAuthenticationTypeNTLM - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrAuthenticationTypeMSN - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrAuthenticationTypeDPA - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrAuthenticationTypeRPA - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrAuthenticationTypeHTTPBasic - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrAuthenticationTypeHTTPDigest - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrAuthenticationTypeHTMLForm - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecAttrAuthenticationTypeDefault - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - -/*! - @enum kSecAttrKeyClass Value Constants - @discussion Predefined item attribute constants used to get or set values - in a dictionary. The kSecAttrKeyClass constant is the key - and its value is one of the constants defined here. - @constant kSecAttrKeyClassPublic - @constant kSecAttrKeyClassPrivate - @constant kSecAttrKeyClassSymmetric -*/ -extern const CFStringRef kSecAttrKeyClassPublic - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); -extern const CFStringRef kSecAttrKeyClassPrivate - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); -extern const CFStringRef kSecAttrKeyClassSymmetric - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); - -/*! - @enum kSecAttrKeyType Value Constants - @discussion Predefined item attribute constants used to get or set values - in a dictionary. The kSecAttrKeyType constant is the key - and its value is one of the constants defined here. - @constant kSecAttrKeyTypeRSA - @constant kSecAttrKeyTypeDSA - @constant kSecAttrKeyTypeAES - @constant kSecAttrKeyType3DES - @constant kSecAttrKeyTypeRC4 - @constant kSecAttrKeyTypeRC2 - @constant kSecAttrKeyTypeCAST - @constant kSecAttrKeyTypeECDSA (deprecated; use kSecAttrKeyTypeEC instead.) - @constant kSecAttrKeyTypeEC - @constant kSecAttrKeyTypeECSECPrimeRandom -*/ -extern const CFStringRef kSecAttrKeyTypeRSA - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); -extern const CFStringRef kSecAttrKeyTypeDSA - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecAttrKeyTypeAES - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecAttrKeyTypeDES - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecAttrKeyType3DES - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecAttrKeyTypeRC4 - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecAttrKeyTypeRC2 - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecAttrKeyTypeCAST - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecAttrKeyTypeECDSA - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecAttrKeyTypeEC - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); -extern const CFStringRef kSecAttrKeyTypeECSECPrimeRandom - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); - -/*! - @enum kSecAttrPRF Value Constants - @discussion Predefined item attribute constants used to specify the PRF - to use with SecKeyDeriveFromPassword. - @constant kSecAttrPRFHmacAlgSHA1 - @constant kSecAttrPRFHmacAlgSHA224 - @constant kSecAttrPRFHmacAlgSHA256 - @constant kSecAttrPRFHmacAlgSHA384 - @constant kSecAttrPRFHmacAlgSHA512 -*/ -extern const CFStringRef kSecAttrPRFHmacAlgSHA1 - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecAttrPRFHmacAlgSHA224 - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecAttrPRFHmacAlgSHA256 - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecAttrPRFHmacAlgSHA384 - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecAttrPRFHmacAlgSHA512 - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); - -/*! - @enum Search Constants - @discussion Predefined search constants used to set values in a query - dictionary. You can specify a combination of search attributes and - item attributes when looking for matching items with the - SecItemCopyMatching function. - @constant kSecMatchPolicy Specifies a dictionary key whose value is a - SecPolicyRef. If provided, returned certificates or identities must - verify with this policy. - @constant kSecMatchItemList Specifies a dictionary key whose value is a - CFArray of SecKeychainItemRef items. If provided, returned items will be - limited to the subset which are contained in this list. - @constant kSecMatchSearchList Specifies a dictionary key whose value is a - CFArray of SecKeychainRef items. If provided, the search will be limited - to the keychains contained in this list. - @constant kSecMatchIssuers Specifies a dictionary key whose value is a - CFArray of X.500 names (of type CFDataRef). If provided, returned - certificates or identities will be limited to those whose - certificate chain contains one of the issuers provided in this list. - @constant kSecMatchEmailAddressIfPresent Specifies a dictionary key whose - value is a CFStringRef containing an RFC822 email address. If - provided, returned certificates or identities will be limited to those - that contain the address, or do not contain any email address. - @constant kSecMatchSubjectContains Specifies a dictionary key whose value - is a CFStringRef. If provided, returned certificates or identities - will be limited to those containing this string in the subject. - @constant kSecMatchSubjectStartsWith Specifies a dictionary key whose value - is a CFStringRef. If provided, returned certificates or identities - will be limited to those with subject names that start with this string. - @constant kSecMatchSubjectEndsWith Specifies a dictionary key whose value - is a CFStringRef. If provided, returned certificates or identities - will be limited to those with subject names that end with this string. - @constant kSecMatchSubjectWholeString Specifies a dictionary key whose - value is a CFStringRef. If provided, returned certificates or identities - will be limited to those matching this string exactly in the subject. - @constant kSecMatchCaseInsensitive Specifies a dictionary key whose value - is a CFBooleanRef. If this value is kCFBooleanFalse, or is not - provided, then case-sensitive string matching is performed. - @constant kSecMatchDiacriticInsensitive Specifies a dictionary key whose - value is a CFBooleanRef. If this value is kCFBooleanFalse, or is not - provided, then diacritic-sensitive string matching is performed. - @constant kSecMatchWidthInsensitive Specifies a dictionary key whose - value is a CFBooleanRef. If this value is kCFBooleanFalse, or is not - provided, then string matching is width-sensitive (e.g. 'a' != 0xFF41). - @constant kSecMatchTrustedOnly Specifies a dictionary key whose value is - a CFBooleanRef. If provided with a value of kCFBooleanTrue, only - certificates which can be verified back to a trusted anchor will be - returned. If this value is kCFBooleanFalse, or is not provided, then - both trusted and untrusted certificates may be returned. - @constant kSecMatchValidOnDate Specifies a dictionary key whose value is - of type CFDateRef. If provided, returned keys, certificates or - identities will be limited to those which are valid for the given date. - Pass a value of kCFNull to indicate the current date. - @constant kSecMatchLimit Specifies a dictionary key whose value is a - CFNumberRef. If provided, this value specifies the maximum number of - results to return. If not provided, results are limited to the first - item found. Predefined values are provided for a single item - (kSecMatchLimitOne) and all matching items (kSecMatchLimitAll). - @constant kSecMatchLimitOne Specifies that results are limited to the first - item found; used as a value for the kSecMatchLimit dictionary key. - @constant kSecMatchLimitAll Specifies that an unlimited number of results - may be returned; used as a value for the kSecMatchLimit dictionary - key. -*/ -extern const CFStringRef kSecMatchPolicy - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecMatchItemList - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecMatchSearchList - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecMatchIssuers - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecMatchEmailAddressIfPresent - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecMatchSubjectContains - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecMatchSubjectStartsWith - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecMatchSubjectEndsWith - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecMatchSubjectWholeString - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecMatchCaseInsensitive - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecMatchDiacriticInsensitive - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecMatchWidthInsensitive - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecMatchTrustedOnly - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecMatchValidOnDate - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecMatchLimit - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecMatchLimitOne - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecMatchLimitAll - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - - -/*! - @enum Return Type Key Constants - @discussion Predefined return type keys used to set values in a dictionary. - You use these keys to specify the type of results which should be - returned by the SecItemCopyMatching or SecItemAdd function. You can - specify zero or more of these return types. If more than one of these - result types is specified, the result is returned as a CFDictionaryRef - whose keys are the result types and values are the requested data. - @constant kSecReturnData Specifies a dictionary key whose value is of type - CFBooleanRef. A value of kCFBooleanTrue indicates that the data of - an item (CFDataRef) should be returned. For keys and password - items, data is secret (encrypted) and may require the user to enter - a password for access. - @constant kSecReturnAttributes Specifies a dictionary key whose value is - of type CFBooleanRef. A value of kCFBooleanTrue indicates that the - (non-encrypted) attributes of an item (in a CFDictionaryRef) should be - returned. - @constant kSecReturnRef Specifies a dictionary key whose value is a - CFBooleanRef. A value of kCFBooleanTrue indicates that a reference - should be returned. Depending on the item class requested, the - returned reference(s) may be of type SecKeychainItemRef, SecKeyRef, - SecCertificateRef, or SecIdentityRef. - @constant kSecReturnPersistentRef Specifies a dictionary key whose value - is of type CFBooleanRef. A value of kCFBooleanTrue indicates that a - persistent reference to an item (CFDataRef) should be returned. -*/ -extern const CFStringRef kSecReturnData - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecReturnAttributes - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecReturnRef - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecReturnPersistentRef - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - - -/*! - @enum Value Type Key Constants - @discussion Predefined value type keys used to pass values in a dictionary. - You can specify zero or more of these types depending on the function - you are calling. For SecItemCopyMatching or SecItemAdd these are - used as keys in the results dictionary. - @constant kSecValueData Specifies a dictionary key whose value is of type - CFDataRef. For keys and password items, data is secret (encrypted) - and may require the user to enter a password for access. - @constant kSecValueRef Specifies a dictionary key whose value, depending - on the item class requested, is of type SecKeychainItemRef, SecKeyRef, - SecCertificateRef, or SecIdentityRef. - @constant kSecValuePersistentRef Specifies a dictionary key whose value - is of type CFDataRef. The bytes in this CFDataRef can be stored by - the caller and used on a subsequent invocation of the application (or - even a different application) to retrieve the item referenced by it. -*/ -extern const CFStringRef kSecValueData - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecValueRef - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecValuePersistentRef - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - - -/*! - @enum Other Constants - @discussion Predefined constants used to set values in a dictionary. - @constant kSecUseItemList Specifies a dictionary key whose value is a - CFArray of items. If provided, this array is treated as the set of - all possible items to search, or add if the API being called is - SecItemAdd. The items in this array may be of type SecKeyRef, - SecCertificateRef, SecIdentityRef, or CFDataRef (for a persistent - item reference.) The items in the array must all be of the same - type. When this attribute is provided, no keychains are searched. - @constant kSecUseKeychain Specifies a dictionary key whose value is a - keychain reference. You use this key to specify a value of type - SecKeychainRef to which SecItemAdd will add the provided item(s). - @constant kSecUseOperationPrompt Specifies a dictionary key whose value - is a CFStringRef that represents a user-visible string describing - the operation for which the application is attempting to authenticate. - The application is responsible for the text localization. - @constant kSecUseAuthenticationUI Specifies a dictionary key whose value - is one of kSecUseAuthenticationUIAllow, kSecUseAuthenticationUIFail, kSecUseAuthenticationUISkip. - @constant kSecUseAuthenticationContext Specifies a dictionary key whose value - is LAContext to be used for keychain item authentication. - * If the item requires authentication and this key is omitted, a new context - will be created just for the purpose of the single call. - * If the specified context has been previously authenticated, the operation - will succeed without asking user for authentication. - * If the specified context has not been previously authenticated, the new - authentication will be started on this context, allowing caller to - eventually reuse the sucessfully authenticated context in subsequent - keychain operations. -*/ -extern const CFStringRef kSecUseItemList - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecUseKeychain - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecUseOperationPrompt - __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0); -extern const CFStringRef kSecUseAuthenticationUI - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); -extern const CFStringRef kSecUseAuthenticationContext - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); - -/*! - @enum kSecUseAuthenticationUI Value Constants - @discussion Predefined item attribute constants used to get or set values - in a dictionary. The kSecUseAuthenticationUI constant is the key and its - value is one of the constants defined here. - If the key kSecUseAuthenticationUI not provided then kSecUseAuthenticationUIAllow - is used as default. - @constant kSecUseAuthenticationUIAllow Specifies that authenticate UI can appear. - @constant kSecUseAuthenticationUIFail Specifies that the error - errSecInteractionNotAllowed will be returned if an item needs - to authenticate with UI - @constant kSecUseAuthenticationUIAllowSkip Specifies that all items which need - to authenticate with UI will be silently skipped. This value can be used - only with SecItemCopyMatching. -*/ -extern const CFStringRef kSecUseAuthenticationUIAllow - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); -extern const CFStringRef kSecUseAuthenticationUIFail - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); -extern const CFStringRef kSecUseAuthenticationUISkip - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); - -#if !RC_HIDE_J79 && !RC_HIDE_J80 -/*! - @enum kSecAttrTokenID Value Constants - @discussion Predefined item attribute constant used to get or set values - in a dictionary. The kSecAttrTokenID constant is the key and its value - can be kSecAttrTokenIDSecureEnclave. - @constant kSecAttrTokenIDSecureEnclave Specifies well-known identifier of the - token implemented using device's Secure Enclave. The only keychain items - supported by the Secure Enclave token are 256-bit elliptic curve keys - (kSecAttrKeyTypeEC). Keys must be generated on the secure enclave using - SecKeyGenerateKeyPair call with kSecAttrTokenID set to - kSecAttrTokenIDSecureEnclave in the parameters dictionary, it is not - possible to import pregenerated keys to kSecAttrTokenIDSecureEnclave token. -*/ -extern const CFStringRef kSecAttrTokenIDSecureEnclave - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0); -#endif - -/*! - @enum kSecAttrAccessGroup Value Constants - @constant kSecAttrAccessGroupToken Represents well-known access group - which contains items provided by external token (typically smart card). - This may be used as a value for kSecAttrAccessGroup attribute. Every - application has access to this access group so it is not needed to - explicitly list it in keychain-access-groups entitlement, but application - must explicitly state this access group in keychain queries in order to - be able to access items from external tokens. -*/ -extern const CFStringRef kSecAttrAccessGroupToken - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); - -/*! - @function SecItemCopyMatching - @abstract Returns one or more items which match a search query. - @param query A dictionary containing an item class specification and - optional attributes for controlling the search. See the "Keychain - Search Attributes" section for a description of currently defined - search attributes. - @param result On return, a CFTypeRef reference to the found item(s). The - exact type of the result is based on the search attributes supplied - in the query, as discussed below. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion Attributes defining a search are specified by adding key/value - pairs to the query dictionary. - - A typical query consists of: - - * a kSecClass key, whose value is a constant from the Class - Constants section that specifies the class of item(s) to be searched - * one or more keys from the "Attribute Key Constants" section, whose value - is the attribute data to be matched - * one or more keys from the "Search Constants" section, whose value is - used to further refine the search - * a key from the "Return Type Key Constants" section, specifying the type of - results desired - - Result types are specified as follows: - - * To obtain the data of a matching item (CFDataRef), specify - kSecReturnData with a value of kCFBooleanTrue. - * To obtain the attributes of a matching item (CFDictionaryRef), specify - kSecReturnAttributes with a value of kCFBooleanTrue. - * To obtain a reference to a matching item (SecKeychainItemRef, - SecKeyRef, SecCertificateRef, or SecIdentityRef), specify kSecReturnRef - with a value of kCFBooleanTrue. - * To obtain a persistent reference to a matching item (CFDataRef), - specify kSecReturnPersistentRef with a value of kCFBooleanTrue. Note - that unlike normal references, a persistent reference may be stored - on disk or passed between processes. - * If more than one of these result types is specified, the result is - returned as a CFDictionaryRef containing all the requested data. - - By default, this function returns only the first match found. To obtain - more than one matching item at a time, specify kSecMatchLimit with a value - greater than 1. The result will be a CFArrayRef containing up to that - number of matching items; the items' types are described above. - - To filter a provided list of items down to those matching the query, - specify a kSecMatchItemList whose value is a CFArray of SecKeychainItemRef, - SecKeyRef, SecCertificateRef, or SecIdentityRef items. The objects in the - provided array must be of the same type. - - To convert from persistent item references to normal item references, - specify a kSecMatchItemList whose value is a CFArray containing one or - more CFDataRef elements (the persistent reference), and a kSecReturnRef - whose value is kCFBooleanTrue. The objects in the provided array must be - of the same type. -*/ -OSStatus SecItemCopyMatching(CFDictionaryRef query, CFTypeRef * __nullable CF_RETURNS_RETAINED result) - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - -/*! - @function SecItemAdd - @abstract Add one or more items to a keychain. - @param attributes A dictionary containing an item class specification and - optional entries specifying the item's attribute values. See the - "Attribute Key Constants" section for a description of currently defined - attributes. - @param result On return, a CFTypeRef reference to the newly added item(s). - The exact type of the result is based on the values supplied - in attributes, as discussed below. Pass NULL if this result is not - required. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion Attributes defining an item are specified by adding key/value - pairs to the attributes dictionary. To add multiple items to a keychain - at once use the kSecUseItemList key with an array of items as its value. - This is currently only supported for non password items. To add an item - to a particular keychain, supply kSecUseKeychain with a SecKeychainRef as - its value. - - Result types are specified as follows: - - * To obtain the data of the added item (CFDataRef), specify - kSecReturnData with a value of kCFBooleanTrue. - * To obtain all the attributes of the added item (CFDictionaryRef), - specify kSecReturnAttributes with a value of kCFBooleanTrue. - * To obtain a reference to the added item (SecKeychainItemRef, SecKeyRef, - SecCertificateRef, or SecIdentityRef), specify kSecReturnRef with a - value of kCFBooleanTrue. This is the default behavior if a result - type is not explicitly specified. - * To obtain a persistent reference to the added item (CFDataRef), specify - kSecReturnPersistentRef with a value of kCFBooleanTrue. Note that - unlike normal references, a persistent reference may be stored on disk - or passed between processes. - * If more than one of these result types is specified, the result is - returned as a CFDictionaryRef containing all the requested data. -*/ -OSStatus SecItemAdd(CFDictionaryRef attributes, CFTypeRef * __nullable CF_RETURNS_RETAINED result) - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - -/*! - @function SecItemUpdate - @abstract Modify zero or more items which match a search query. - @param query A dictionary containing an item class specification and - optional attributes for controlling the search. See the "Attribute - Constants" and "Search Constants" sections for a description of - currently defined search attributes. - @param attributesToUpdate A dictionary containing one or more attributes - whose values should be set to the ones specified. Only real keychain - attributes are permitted in this dictionary (no "meta" attributes are - allowed.) See the "Attribute Key Constants" section for a description of - currently defined value attributes. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion Attributes defining a search are specified by adding key/value - pairs to the query dictionary. -*/ -OSStatus SecItemUpdate(CFDictionaryRef query, CFDictionaryRef attributesToUpdate) - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - -/*! - @function SecItemDelete - @abstract Delete zero or more items which match a search query. - @param query A dictionary containing an item class specification and - optional attributes for controlling the search. See the "Attribute - Constants" and "Search Constants" sections for a description of - currently defined search attributes. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion Attributes defining a search are specified by adding key/value - pairs to the query dictionary. - - By default, this function deletes all items matching the specified query. - You can change this behavior by specifying one of the follow keys: - - * To delete an item identified by a transient reference, specify - kSecMatchItemList with a reference returned by using the kSecReturnRef - key in a previous call to SecItemCopyMatching or SecItemAdd. - * To delete an item identified by a persistent reference, specify - kSecMatchItemList with a persistent reference returned by using the - kSecReturnPersistentRef key to SecItemCopyMatching or SecItemAdd. - * If more than one of these result keys is specified, the behavior is - undefined. -*/ -OSStatus SecItemDelete(CFDictionaryRef query) - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - -CF_IMPLICIT_BRIDGING_DISABLED -CF_ASSUME_NONNULL_END - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECITEM_H_ */ diff --git a/OSX/libsecurity_keychain/lib/SecItemPriv.h b/OSX/libsecurity_keychain/lib/SecItemPriv.h deleted file mode 100644 index 8b88d67e..00000000 --- a/OSX/libsecurity_keychain/lib/SecItemPriv.h +++ /dev/null @@ -1,460 +0,0 @@ -/* - * Copyright (c) 2006-2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecItemPriv - SecItemPriv defines private constants and SPI functions for access to - Security items (certificates, identities, keys, and keychain items.) -*/ - -#ifndef _SECURITY_SECITEMPRIV_H_ -#define _SECURITY_SECITEMPRIV_H_ - -#include -#include -#include -#include -#include - -#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) -#include -#endif - -__BEGIN_DECLS - -/*! - @enum Class Value Constants (Private) - @discussion Predefined item class constants used to get or set values in - a dictionary. The kSecClass constant is the key and its value is one - of the constants defined here. - @constant kSecClassAppleSharePassword Specifies AppleShare password items. -*/ -extern const CFStringRef kSecClassAppleSharePassword; - - -/*! - @enum Attribute Key Constants (Private) - @discussion Predefined item attribute keys used to get or set values in a - dictionary. Not all attributes apply to each item class. The table - below lists the currently defined attributes for each item class: - - kSecClassGenericPassword item attributes: - kSecAttrAccessGroup - kSecAttrCreationDate - kSecAttrModificationDate - kSecAttrDescription - kSecAttrComment - kSecAttrCreator - kSecAttrType - kSecAttrScriptCode (private) - kSecAttrLabel - kSecAttrAlias (private) - kSecAttrIsInvisible - kSecAttrIsNegative - kSecAttrHasCustomIcon (private) - kSecAttrProtected (private) - kSecAttrAccount - kSecAttrService - kSecAttrGeneric - kSecAttrSynchronizable - kSecAttrSyncViewHint - - kSecClassInternetPassword item attributes: - kSecAttrAccessGroup - kSecAttrCreationDate - kSecAttrModificationDate - kSecAttrDescription - kSecAttrComment - kSecAttrCreator - kSecAttrType - kSecAttrScriptCode (private) - kSecAttrLabel - kSecAttrAlias (private) - kSecAttrIsInvisible - kSecAttrIsNegative - kSecAttrHasCustomIcon (private) - kSecAttrProtected (private) - kSecAttrAccount - kSecAttrSecurityDomain - kSecAttrServer - kSecAttrProtocol - kSecAttrAuthenticationType - kSecAttrPort - kSecAttrPath - kSecAttrSynchronizable - kSecAttrSyncViewHint - - kSecClassAppleSharePassword item attributes: - kSecAttrAccessGroup - kSecAttrCreationDate - kSecAttrModificationDate - kSecAttrDescription - kSecAttrComment - kSecAttrCreator - kSecAttrType - kSecAttrScriptCode (private) - kSecAttrLabel - kSecAttrAlias (private) - kSecAttrIsInvisible - kSecAttrIsNegative - kSecAttrHasCustomIcon (private) - kSecAttrProtected (private) - kSecAttrAccount - kSecAttrVolume - kSecAttrAddress - kSecAttrAFPServerSignature - kSecAttrSynchronizable - kSecAttrSyncViewHint - - kSecClassCertificate item attributes: - kSecAttrAccessGroup - kSecAttrCertificateType - kSecAttrCertificateEncoding - kSecAttrLabel - kSecAttrAlias (private) - kSecAttrSubject - kSecAttrIssuer - kSecAttrSerialNumber - kSecAttrSubjectKeyID - kSecAttrPublicKeyHash - kSecAttrSynchronizable - kSecAttrSyncViewHint - - kSecClassKey item attributes: - kSecAttrAccessGroup - kSecAttrKeyClass - kSecAttrLabel - kSecAttrAlias (private) - kSecAttrApplicationLabel - kSecAttrIsPermanent - kSecAttrIsPrivate (private) - kSecAttrIsModifiable (private) - kSecAttrApplicationTag - kSecAttrKeyCreator (private) - kSecAttrKeyType - kSecAttrKeySizeInBits - kSecAttrEffectiveKeySize - kSecAttrStartDate (private) - kSecAttrEndDate (private) - kSecAttrIsSensitive (private) - kSecAttrWasAlwaysSensitive (private) - kSecAttrIsExtractable (private) - kSecAttrWasNeverExtractable (private) - kSecAttrCanEncrypt - kSecAttrCanDecrypt - kSecAttrCanDerive - kSecAttrCanSign - kSecAttrCanVerify - kSecAttrCanSignRecover (private) - kSecAttrCanVerifyRecover (private) - kSecAttrCanWrap - kSecAttrCanUnwrap - kSecAttrSynchronizable - kSecAttrSyncViewHint - - kSecClassIdentity item attributes: - Since an identity is the combination of a private key and a - certificate, this class shares attributes of both kSecClassKey and - kSecClassCertificate. - - @constant kSecAttrScriptCode Specifies a dictionary key whose value is the - item's script code attribute. You use this tag to set or get a value - of type CFNumberRef that represents a script code for this item's - strings. (Note: use of this attribute is deprecated; string attributes - should always be stored in UTF-8 encoding. This is currently private - for use by syncing; new code should not ever access this attribute.) - @constant kSecAttrAlias Specifies a dictionary key whose value is the - item's alias. You use this key to get or set a value of type CFDataRef - which represents an alias. For certificate items, the alias is either - a single email address, an array of email addresses, or the common - name of the certificate if it does not contain any email address. - (Items of class kSecClassCertificate have this attribute.) - @constant kSecAttrHasCustomIcon Specifies a dictionary key whose value is the - item's custom icon attribute. You use this tag to set or get a value - of type CFBooleanRef that indicates whether the item should have an - application-specific icon. (Note: use of this attribute is deprecated; - custom item icons are not supported in Mac OS X. This is currently - private for use by syncing; new code should not use this attribute.) - @constant kSecAttrVolume Specifies a dictionary key whose value is the - item's volume attribute. You use this key to set or get a CFStringRef - value that represents an AppleShare volume name. (Items of class - kSecClassAppleSharePassword have this attribute.) - @constant kSecAttrAddress Specifies a dictionary key whose value is the - item's address attribute. You use this key to set or get a CFStringRef - value that contains the AppleTalk zone name, or the IP or domain name - that represents the server address. (Items of class - kSecClassAppleSharePassword have this attribute.) - @constant kSecAttrAFPServerSignature Specifies a dictionary key whose value - is the item's AFP server signature attribute. You use this key to set - or get a CFDataRef value containing 16 bytes that represents the - server's signature block. (Items of class kSecClassAppleSharePassword - have this attribute.) - @constant kSecAttrCRLType (read-only) Specifies a dictionary key whose - value is the item's certificate revocation list type. You use this - key to get a value of type CFNumberRef that denotes the CRL type (see - the CSSM_CRL_TYPE enum in cssmtype.h). (Items of class - kSecClassCertificate have this attribute.) - @constant kSecAttrCRLEncoding (read-only) Specifies a dictionary key whose - value is the item's certificate revocation list encoding. You use - this key to get a value of type CFNumberRef that denotes the CRL - encoding (see the CSSM_CRL_ENCODING enum in cssmtype.h). (Items of - class kSecClassCertificate have this attribute.) - @constant kSecAttrKeyCreator Specifies a dictionary key whose value is a - CFDataRef containing a CSSM_GUID structure representing the module ID of - the CSP that owns this key. - @constant kSecAttrIsPrivate Specifies a dictionary key whose value is a - CFBooleanRef indicating whether the raw key material of the key in - question is private. - @constant kSecAttrIsModifiable Specifies a dictionary key whose value is a - CFBooleanRef indicating whether any of the attributes of this key are - modifiable. - @constant kSecAttrStartDate Specifies a dictionary key whose value is a - CFDateRef indicating the earliest date on which this key may be used. - If kSecAttrStartDate is not present, the restriction does not apply. - @constant kSecAttrEndDate Specifies a dictionary key whose value is a - CFDateRef indicating the last date on which this key may be used. - If kSecAttrEndDate is not present, the restriction does not apply. - @constant kSecAttrIsSensitive Specifies a dictionary key whose value - is a CFBooleanRef indicating whether the key in question must be wrapped - with an algorithm other than CSSM_ALGID_NONE. - @constant kSecAttrWasAlwaysSensitive Specifies a dictionary key whose value - is a CFBooleanRef indicating that the key in question has always been - marked as sensitive. - @constant kSecAttrIsExtractable Specifies a dictionary key whose value - is a CFBooleanRef indicating whether the key in question may be wrapped. - @constant kSecAttrWasNeverExtractable Specifies a dictionary key whose value - is a CFBooleanRef indicating that the key in question has never been - marked as extractable. - @constant kSecAttrCanSignRecover Specifies a dictionary key whole value is a - CFBooleanRef indicating whether the key in question can be used to - perform sign recovery. - @constant kSecAttrCanVerifyRecover Specifies a dictionary key whole value is - a CFBooleanRef indicating whether the key in question can be used to - perform verify recovery. - @constant kSecAttrTombstone Specifies a dictionary key whose value is - a CFBooleanRef indicating that the item in question is a tombstone. - @constant kSecAttrNoLegacy Specifies a dictionary key whose - value is a CFBooleanRef indicating that the query must be run on the - syncable backend even for non syncable items. -*/ -extern const CFStringRef kSecAttrScriptCode; -extern const CFStringRef kSecAttrAlias; -extern const CFStringRef kSecAttrHasCustomIcon; -extern const CFStringRef kSecAttrVolume; -extern const CFStringRef kSecAttrAddress; -extern const CFStringRef kSecAttrAFPServerSignature; -extern const CFStringRef kSecAttrCRLType; -extern const CFStringRef kSecAttrCRLEncoding; -extern const CFStringRef kSecAttrKeyCreator; -extern const CFStringRef kSecAttrIsPrivate; -extern const CFStringRef kSecAttrIsModifiable; -extern const CFStringRef kSecAttrStartDate; -extern const CFStringRef kSecAttrEndDate; -extern const CFStringRef kSecAttrIsSensitive; -extern const CFStringRef kSecAttrWasAlwaysSensitive; -extern const CFStringRef kSecAttrIsExtractable; -extern const CFStringRef kSecAttrWasNeverExtractable; -extern const CFStringRef kSecAttrCanSignRecover; -extern const CFStringRef kSecAttrCanVerifyRecover; -extern const CFStringRef kSecAttrTombstone; -extern const CFStringRef kSecAttrNoLegacy - __OSX_AVAILABLE(10.11) __IOS_AVAILABLE(9.3) __TVOS_AVAILABLE(9.3) __WATCHOS_AVAILABLE(2.3); -extern const CFStringRef kSecAttrSyncViewHint - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); -extern const CFStringRef kSecAttrMultiUser - __OSX_AVAILABLE(10.11.5) __IOS_AVAILABLE(9.3) __TVOS_AVAILABLE(9.3) __WATCHOS_AVAILABLE(2.3); -extern const CFStringRef kSecAttrTokenOID - __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - - -/*! - @enum kSecAttrAccessible Value Constants (Private) - @constant kSecAttrAccessibleAlwaysPrivate Private alias for kSecAttrAccessibleAlways, - which is going to be deprecated for 3rd party use. - @constant kSecAttrAccessibleAlwaysThisDeviceOnlyPrivate for kSecAttrAccessibleAlwaysThisDeviceOnly, - which is going to be deprecated for 3rd party use. -*/ -extern const CFStringRef kSecAttrAccessibleAlwaysPrivate -;//%%% __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecAttrAccessibleAlwaysThisDeviceOnlyPrivate -;//%%% __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); - -/* View Hint Constants */ - -extern const CFStringRef kSecAttrViewHintPCSMasterKey; -extern const CFStringRef kSecAttrViewHintPCSiCloudDrive; -extern const CFStringRef kSecAttrViewHintPCSPhotos; -extern const CFStringRef kSecAttrViewHintPCSCloudKit; -extern const CFStringRef kSecAttrViewHintPCSEscrow; -extern const CFStringRef kSecAttrViewHintPCSFDE; -extern const CFStringRef kSecAttrViewHintPCSMailDrop; -extern const CFStringRef kSecAttrViewHintPCSiCloudBackup; -extern const CFStringRef kSecAttrViewHintPCSNotes; -extern const CFStringRef kSecAttrViewHintPCSiMessage; -extern const CFStringRef kSecAttrViewHintPCSSharing; - -extern const CFStringRef kSecAttrViewHintAppleTV; -extern const CFStringRef kSecAttrViewHintHomeKit; -extern const CFStringRef kSecAttrViewHintThumper; -extern const CFStringRef kSecAttrViewHintContinuityUnlock; -extern const CFStringRef kSecAttrViewHintAccessoryPairing; - -/*! - @enum Other Constants (Private) - @discussion Predefined constants used to set values in a dictionary. - @constant kSecUseTombstones Specifies a dictionary key whose value is a - CFBooleanRef if present this overrides the default behaviour for when - we make tombstones. The default being we create tombstones for - synchronizable items unless we are explicitly deleting or updating a - tombstone. Setting this to false when calling SecItemDelete or - SecItemUpdate will ensure no tombstones are created. Setting it to - true will ensure we create tombstones even when deleting or updating non - synchronizable items. - @constant kSecUseKeychain Specifies a dictionary key whose value is a - keychain reference. You use this key to specify a value of type - SecKeychainRef that indicates the keychain to which SecItemAdd - will add the provided item(s). - @constant kSecUseKeychainList Specifies a dictionary key whose value is - either an array of keychains to search (CFArrayRef), or a single - keychain (SecKeychainRef). If not provided, the user's default - keychain list is searched. kSecUseKeychainList is ignored if an - explicit kSecUseItemList is also provided. This key can be used - for the SecItemCopyMatching, SecItemUpdate and SecItemDelete calls. - @constant kSecUseCredentialReference Specifies a CFDataRef containing - AppleCredentialManager reference handle to be used when authorizing access - to the item. - @constant kSecUseCallerName Specifies a dictionary key whose value - is a CFStringRef that represents a user-visible string describing - the caller name for which the application is attempting to authenticate. - The caller must have 'com.apple.private.LocalAuthentication.CallerName' - entitlement set to YES to use this feature, otherwise it is ignored. -*/ -extern const CFStringRef kSecUseTombstones - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); -extern const CFStringRef kSecUseCredentialReference - __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0); -extern const CFStringRef kSecUseCallerName - __OSX_AVAILABLE(10.11.4) __IOS_AVAILABLE(9.3) __TVOS_AVAILABLE(9.3) __WATCHOS_AVAILABLE(2.3); - -/*! - @function SecItemCopyDisplayNames - @abstract Returns an array containing unique display names for each of the - certificates, keys, identities, or passwords in the provided items - array. - @param items An array containing items of type SecKeychainItemRef, - SecKeyRef, SecCertificateRef, or SecIdentityRef. All items in the - array should be of the same type. - @param displayNames On return, an array of CFString references containing - unique names for the supplied items. You are responsible for releasing - this array reference by calling the CFRelease function. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion Use this function to obtain item names which are suitable for - display in a menu or list view. The returned names are guaranteed to - be unique across the set of provided items. -*/ -OSStatus SecItemCopyDisplayNames(CFArrayRef items, CFArrayRef *displayNames); - -/*! - @function SecItemDeleteAll - @abstract Removes all items from the keychain and added root certificates - from the trust store. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecItemDeleteAll(void); - - -/*! - @function SecItemParentCachePurge - @abstract Clear the cache of parent certificates used in SecItemCopyParentCertificates. - */ -void SecItemParentCachePurge(); - -/*! - @function SecItemCopyParentCertificates - @abstract Retrieve an array of possible issuing certificates for a given certificate. - @param certificate A reference to a certificate whose issuers are being sought. - @param context Pass NULL in this parameter to indicate that the default certificate - source(s) should be searched. The default is to search all available keychains. - Values of context other than NULL are currently ignored. - @result An array of zero or more certificates whose normalized subject matches the - normalized issuer of the provided certificate. Note that no cryptographic validation - of the signature is performed by this function; its purpose is only to provide a list - of candidate certificates. -*/ -CFArrayRef SecItemCopyParentCertificates(SecCertificateRef certificate, void *context) - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_NA); - -/*! - @function SecItemCopyStoredCertificate - @abstract Retrieve the first stored instance of a given certificate. - @param certificate A reference to a certificate. - @param context Pass NULL in this parameter to indicate that the default certificate - source(s) should be searched. The default is to search all available keychains. - Values of context other than NULL are currently ignored. - @result Returns a certificate reference if the given certificate exists in a keychain, - or NULL if the certificate cannot be found in any keychain. The caller is responsible - for releasing the returned certificate reference when finished with it. -*/ -SecCertificateRef SecItemCopyStoredCertificate(SecCertificateRef certificate, void *context) - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_NA); - -/* - Ensure the escrow keybag has been used to unlock the system keybag before - calling either of these APIs. - The password argument is optional, passing NULL implies no backup password - was set. We're assuming there will always be a backup keybag, except in - the OTA case where the loaded OTA backup bag will be used. - */ -CFDataRef _SecKeychainCopyBackup(CFDataRef backupKeybag, CFDataRef password); -CFDataRef _SecKeychainCopyOTABackup(void); -OSStatus _SecKeychainRestoreBackup(CFDataRef backup, CFDataRef backupKeybag, - CFDataRef password); - -OSStatus _SecKeychainBackupSyncable(CFDataRef keybag, CFDataRef password, CFDictionaryRef backup_in, CFDictionaryRef *backup_out); -OSStatus _SecKeychainRestoreSyncable(CFDataRef keybag, CFDataRef password, CFDictionaryRef backup_in); - -/* Called by clients to push sync circle and message changes to us. - Requires caller to have the kSecEntitlementKeychainSyncUpdates entitlement. */ -CFArrayRef _SecKeychainSyncUpdateMessage(CFDictionaryRef updates, CFErrorRef *error); - -#if !TARGET_OS_IPHONE -CFDataRef _SecItemGetPersistentReference(CFTypeRef raw_item); -#endif - -/* Returns an OSStatus value for the given CFErrorRef, returns errSecInternal if the - domain of the provided error is not recognized. Passing NULL returns errSecSuccess (0). */ -OSStatus SecErrorGetOSStatus(CFErrorRef error); - -bool _SecKeychainRollKeys(bool force, CFErrorRef *error); - -CFDictionaryRef _SecSecuritydCopyWhoAmI(CFErrorRef *error); -bool _SecSyncBubbleTransfer(CFArrayRef services, CFErrorRef *error); -bool _SecSystemKeychainTransfer(CFErrorRef *error); - -OSStatus SecItemUpdateTokenItems(CFTypeRef tokenID, CFArrayRef tokenItemsAttributes); - -CFTypeRef SecItemCreateFromAttributeDictionary_osx(CFDictionaryRef refAttributes); - -__END_DECLS - -#endif /* !_SECURITY_SECITEMPRIV_H_ */ diff --git a/OSX/libsecurity_keychain/lib/SecKey.cpp b/OSX/libsecurity_keychain/lib/SecKey.cpp index 2c2bd87d..c346136c 100644 --- a/OSX/libsecurity_keychain/lib/SecKey.cpp +++ b/OSX/libsecurity_keychain/lib/SecKey.cpp @@ -32,6 +32,7 @@ #include #include #include +#include #include #include "SecBridge.h" @@ -162,7 +163,7 @@ SecCDSAKeyGetAlgorithmId(SecKeyRef key) { static CFDataRef SecCDSAKeyCopyPublicKeyDataFromSubjectInfo(CFDataRef pubKeyInfo) { // First of all, consider x509 format and try to strip SubjPubKey envelope. If it fails, do not panic // and export data as is. - DERItem keyItem = { (DERByte *)CFDataGetBytePtr(pubKeyInfo), CFDataGetLength(pubKeyInfo) }, pubKeyItem; + DERItem keyItem = { (DERByte *)CFDataGetBytePtr(pubKeyInfo), int_cast(CFDataGetLength(pubKeyInfo)) }, pubKeyItem; DERByte numUnused; DERSubjPubKeyInfo subjPubKey; if (DERParseSequence(&keyItem, DERNumSubjPubKeyInfoItemSpecs, @@ -177,7 +178,7 @@ static CFDataRef SecCDSAKeyCopyPublicKeyDataFromSubjectInfo(CFDataRef pubKeyInfo static CFDataRef SecCDSAKeyCopyPublicKeyDataWithSubjectInfo(CSSM_ALGORITHMS algorithm, uint32 keySizeInBits, CFDataRef pubKeyInfo) { // First check, whether X509 pubkeyinfo is already present. If not, add it according to the key type. - DERItem keyItem = { (DERByte *)CFDataGetBytePtr(pubKeyInfo), CFDataGetLength(pubKeyInfo) }; + DERItem keyItem = { (DERByte *)CFDataGetBytePtr(pubKeyInfo), int_cast(CFDataGetLength(pubKeyInfo)) }; DERSubjPubKeyInfo subjPubKey; if (DERParseSequence(&keyItem, DERNumSubjPubKeyInfoItemSpecs, DERSubjPubKeyInfoItemSpecs, @@ -215,10 +216,10 @@ static CFDataRef SecCDSAKeyCopyPublicKeyDataWithSubjectInfo(CSSM_ALGORITHMS algo subjPubKey.algId.length = sizeof(oidECsecp256); } else if (keySizeInBits == 384) { subjPubKey.algId.data = const_cast(oidECsecp384); - subjPubKey.algId.length = sizeof(oidECsecp256); + subjPubKey.algId.length = sizeof(oidECsecp384); } if (keySizeInBits == 521) { subjPubKey.algId.data = const_cast(oidECsecp521); - subjPubKey.algId.length = sizeof(oidECsecp256); + subjPubKey.algId.length = sizeof(oidECsecp521); } } DERSize size = DERLengthOfEncodedSequence(ASN1_CONSTR_SEQUENCE, &subjPubKey, @@ -249,7 +250,7 @@ static OSStatus SecCDSAKeyCopyPublicBytes(SecKeyRef key, CFDataRef *serializatio CFRef privKeyData; result = SecItemExport(key, kSecFormatOpenSSL, 0, NULL, privKeyData.take()); if (result == errSecSuccess) { - DERItem keyItem = { (DERByte *)CFDataGetBytePtr(privKeyData), CFDataGetLength(privKeyData) }; + DERItem keyItem = { (DERByte *)CFDataGetBytePtr(privKeyData), int_cast(CFDataGetLength(privKeyData)) }; DERRSAKeyPair keyPair; if (DERParseSequence(&keyItem, DERNumRSAKeyPairItemSpecs, DERRSAKeyPairItemSpecs, &keyPair, sizeof(keyPair)) == DR_Success) { @@ -347,7 +348,7 @@ SecCDSAKeyCopyExternalRepresentation(SecKeyRef key, CFErrorRef *error) { MacOSError::check(SecItemExport(key, kSecFormatOpenSSL, 0, NULL, keyData.take())); if (header.keyClass() == CSSM_KEYCLASS_PRIVATE_KEY) { // Convert DER format into x9.63 format, which is expected for exported key. - DERItem keyItem = { (DERByte *)CFDataGetBytePtr(keyData), CFDataGetLength(keyData) }; + DERItem keyItem = { (DERByte *)CFDataGetBytePtr(keyData), int_cast(CFDataGetLength(keyData)) }; DERECPrivateKey privateKey; DERECPrivateKeyPublicKey privateKeyPublicKey; DERByte numUnused; @@ -517,7 +518,9 @@ static SecKeyRef SecCDSAKeyCopyPublicKey(SecKeyRef privateKey) { Item publicKey = key->keychain()->item(CSSM_DL_DB_RECORD_PUBLIC_KEY, uniqueId); result = reinterpret_cast(publicKey->handle()); } - } else if (key->publicKey()) { + } + + if (result == NULL && key->publicKey()) { KeyItem *publicKey = new KeyItem(key->publicKey()); result = reinterpret_cast(publicKey->handle()); } @@ -2023,7 +2026,9 @@ SecKeyDeriveFromPassword(CFStringRef password, CFDictionaryRef parameters, CFErr } else if(CFEqual(algorithmDictValue, kSecAttrPRFHmacAlgSHA512)) { algorithm = kCCPRFHmacAlgSHA512; } else { - *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidAlgorithmParms, NULL); + if(error) { + *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidAlgorithmParms, NULL); + } goto errOut; } @@ -2040,7 +2045,9 @@ SecKeyDeriveFromPassword(CFStringRef password, CFDictionaryRef parameters, CFErr retval = SecKeyCreateFromData(parameters, keyData, error); CFRelease(keyData); } else { - *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInternalError, NULL); + if(error) { + *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInternalError, NULL); + } } errOut: @@ -2053,13 +2060,17 @@ errOut: CFDataRef SecKeyWrapSymmetric(SecKeyRef keyToWrap, SecKeyRef wrappingKey, CFDictionaryRef parameters, CFErrorRef *error) { - *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecUnimplemented, NULL); + if(error) { + *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecUnimplemented, NULL); + } return NULL; } SecKeyRef SecKeyUnwrapSymmetric(CFDataRef *keyToUnwrap, SecKeyRef unwrappingKey, CFDictionaryRef parameters, CFErrorRef *error) { - *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecUnimplemented, NULL); + if(error) { + *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecUnimplemented, NULL); + } return NULL; } diff --git a/OSX/libsecurity_keychain/lib/SecKeyPriv.h b/OSX/libsecurity_keychain/lib/SecKeyPriv.h deleted file mode 100644 index ee9aa3fe..00000000 --- a/OSX/libsecurity_keychain/lib/SecKeyPriv.h +++ /dev/null @@ -1,575 +0,0 @@ -/* - * Copyright (c) 2002-2009,2011-2015 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - * - * SecKeyPriv.h - SPIs to SecKeyRef objects. - */ - -/*! - @header SecKeyPriv - The functions provided in SecKeyPriv.h implement and manage a particular - type of keychain item that represents a key. A key can be stored in a - keychain, but a key can also be a transient object. - - You can use a key as a keychain item in most functions. -*/ - -#ifndef _SECURITY_SECKEYPRIV_H_ -#define _SECURITY_SECKEYPRIV_H_ - -#include -#include -#include -#include -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -typedef struct SecRSAPublicKeyParams { - uint8_t *modulus; /* modulus */ - CFIndex modulusLength; - uint8_t *exponent; /* public exponent */ - CFIndex exponentLength; -} SecRSAPublicKeyParams; - -typedef uint32_t SecKeyEncoding; -enum { - /* Typically only used for symmetric keys. */ - kSecKeyEncodingRaw = 0, - - /* RSA keys are DER-encoded according to PKCS1. */ - kSecKeyEncodingPkcs1 = 1, - - /* RSA keys are DER-encoded according to PKCS1 with Apple Extensions. */ - kSecKeyEncodingApplePkcs1 = 2, - - /* RSA public key in SecRSAPublicKeyParams format. keyData is a pointer - to a SecRSAPublicKeyParams and keyDataLength is - sizeof(SecRSAPublicKeyParams). */ - kSecKeyEncodingRSAPublicParams = 3, - - /* RSA public key in SecRSAPublicKeyParams format. keyData is a pointer - to a SecRSAPublicKeyParams and keyDataLength is - sizeof(SecRSAPublicKeyParams). */ - kSecDERKeyEncoding = 4, - - /* Internal "encodings to send other data" */ - kSecGenerateKey = 5, - kSecExtractPublicFromPrivate = 6, - - /* Encoding came from SecKeyCopyPublicBytes for a public key, - or internally from a private key */ - kSecKeyEncodingBytes = 7, - - /* Handing in a private key from corecrypto directly. */ - kSecKeyCoreCrypto = 8, -}; - -typedef uint32_t SecKeyWrapType; -enum { - /* wrap key in RFC3394 (AESWrap) */ - kSecKeyWrapRFC3394 = 0, - - /* wrap key in PGP style (support EC keys only right now) */ - kSecKeyWrapPublicKeyPGP = 1, - -}; - -typedef CF_ENUM(CFIndex, SecKeyOperationMode) { - kSecKeyOperationModePerform = 0, - kSecKeyOperationModeCheckIfSupported = 1, -}; - -typedef OSStatus (*SecKeyInitMethod)(SecKeyRef, const uint8_t *, CFIndex, - SecKeyEncoding); -typedef void (*SecKeyDestroyMethod)(SecKeyRef); -typedef OSStatus (*SecKeyRawSignMethod)(SecKeyRef key, SecPadding padding, - const uint8_t *dataToSign, size_t dataToSignLen, - uint8_t *sig, size_t *sigLen); -typedef OSStatus (*SecKeyRawVerifyMethod)( - SecKeyRef key, SecPadding padding, const uint8_t *signedData, - size_t signedDataLen, const uint8_t *sig, size_t sigLen); -typedef OSStatus (*SecKeyEncryptMethod)(SecKeyRef key, SecPadding padding, - const uint8_t *plainText, size_t plainTextLen, - uint8_t *cipherText, size_t *cipherTextLen); -typedef OSStatus (*SecKeyDecryptMethod)(SecKeyRef key, SecPadding padding, - const uint8_t *cipherText, size_t cipherTextLen, - uint8_t *plainText, size_t *plainTextLen); -typedef OSStatus (*SecKeyComputeMethod)(SecKeyRef key, - const uint8_t *pub_key, size_t pub_key_len, - uint8_t *computed_key, size_t *computed_key_len); -typedef size_t (*SecKeyBlockSizeMethod)(SecKeyRef key); -typedef CFDictionaryRef (*SecKeyCopyDictionaryMethod)(SecKeyRef key); -typedef CFIndex (*SecKeyGetAlgorithmIDMethod)(SecKeyRef key); -typedef OSStatus (*SecKeyCopyPublicBytesMethod)(SecKeyRef key, CFDataRef *serialization); -typedef CFDataRef (*SecKeyCopyWrapKeyMethod)(SecKeyRef key, SecKeyWrapType type, CFDataRef unwrappedKey, CFDictionaryRef parameters, CFDictionaryRef *outParam, CFErrorRef *error); -typedef CFDataRef (*SecKeyCopyUnwrapKeyMethod)(SecKeyRef key, SecKeyWrapType type, CFDataRef wrappedKey, CFDictionaryRef parameters, CFDictionaryRef *outParam, CFErrorRef *error); -typedef CFStringRef (*SecKeyDescribeMethod)(SecKeyRef key); - -typedef CFDataRef (*SecKeyCopyExternalRepresentationMethod)(SecKeyRef key, CFErrorRef *error); -typedef SecKeyRef (*SecKeyCopyPublicKeyMethod)(SecKeyRef key); -typedef Boolean (*SecKeyIsEqualMethod)(SecKeyRef key1, SecKeyRef key2); -typedef SecKeyRef (*SecKeyCreateDuplicateMethod)(SecKeyRef key); -typedef Boolean (*SecKeySetParameterMethod)(SecKeyRef key, CFStringRef name, CFPropertyListRef value, CFErrorRef *error); - -/*! - @abstract Performs cryptographic operation with the key. - @param key Key to perform the operation on. - @param operation Type of operation to be performed. - @param algorithm Algorithm identifier for the operation. Determines format of input and output data. - @param allAlgorithms Array of algorithms which were traversed until we got to this operation. The last member of this array is always the same as @c algorithm parameter. - @param mode Mode in which the operation is performed. Two available modes are checking only if the operation can be performed or actually performing the operation. - @param in1 First input parameter for the operation, meaningful only in ModePerform. - @param in2 Second input parameter for the operation, meaningful only in ModePerform. - @param error Error details when NULL is returned. - @return NULL if some failure occured. kCFNull if operation/algorithm/key combination is not supported, otherwise the result of the operation or kCFBooleanTrue in ModeCheckIfSupported. - */ -typedef CFTypeRef(*SecKeyCopyOperationResultMethod)(SecKeyRef key, SecKeyOperationType operation, SecKeyAlgorithm algorithm, CFArrayRef allAlgorithms, SecKeyOperationMode mode, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error); - -#define kSecKeyDescriptorVersion (4) - -typedef struct __SecKeyDescriptor { - /* Version of this SecKeyDescriptor. Must be kSecKeyDescriptorVersion. */ - uint32_t version; - - /* Name of this key class for use by SecKeyShow(). */ - const char *name; - - /* If nonzero, SecKeyCreate will allocate this many bytes for the key - field in the SecKeyRef it creates. If zero key is NULL and the - implementor can choose to dynamically allocate it in the init - function and free it in the destroy function. */ - uint32_t extraBytes; - - /* Called by SecKeyCreate(). */ - SecKeyInitMethod init; - /* Called by destructor (final CFRelease() or gc if using). */ - SecKeyDestroyMethod destroy; - /* Called by SecKeyRawSign(). */ - SecKeyRawSignMethod rawSign; - /* Called by SecKeyRawVerify(). */ - SecKeyRawVerifyMethod rawVerify; - /* Called by SecKeyEncrypt(). */ - SecKeyEncryptMethod encrypt; - /* Called by SecKeyDecrypt(). */ - SecKeyDecryptMethod decrypt; - /* Reserved for future use. */ - SecKeyComputeMethod compute; - /* Called by SecKeyGetBlockSize(). */ - SecKeyBlockSizeMethod blockSize; - /* Called by SecKeyCopyAttributeDictionary(), which is private. */ - SecKeyCopyDictionaryMethod copyDictionary; - /* Called by SecKeyDescribeMethod(). */ - SecKeyDescribeMethod describe; -#if kSecKeyDescriptorVersion > 0 - /* Called by SecKeyCopyAttributeDictionary(), which is private. */ - SecKeyGetAlgorithmIDMethod getAlgorithmID; -#endif -#if kSecKeyDescriptorVersion > 1 - SecKeyCopyPublicBytesMethod copyPublic; -#endif -#if kSecKeyDescriptorVersion > 2 - SecKeyCopyWrapKeyMethod copyWrapKey; - SecKeyCopyUnwrapKeyMethod copyUnwrapKey; -#endif -#if kSecKeyDescriptorVersion > 3 - SecKeyCopyExternalRepresentationMethod copyExternalRepresentation; - SecKeyCopyPublicKeyMethod copyPublicKey; - SecKeyCopyOperationResultMethod copyOperationResult; - SecKeyIsEqualMethod isEqual; - SecKeyCreateDuplicateMethod createDuplicate; - SecKeySetParameterMethod setParameter; -#endif -} SecKeyDescriptor; - -/*! - @function SecKeyGetAlgorithmID - @abstract Returns a pointer to a CSSM_X509_ALGORITHM_IDENTIFIER structure for the given key. - @param key A key reference. - @param algid On return, a pointer to a CSSM_X509_ALGORITHM_IDENTIFIER structure. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion Deprecated in OS X 10.8 and later. Continued use is strongly discouraged, - since there is a naming conflict with a similar function (also deprecated) on iOS that - had different arguments and a different return value. Use SecKeyGetAlgorithmId instead. -*/ -OSStatus SecKeyGetAlgorithmID(SecKeyRef key, const CSSM_X509_ALGORITHM_IDENTIFIER **algid) - DEPRECATED_IN_MAC_OS_X_VERSION_10_8_AND_LATER; - -enum { - kSecNullAlgorithmID = 0, - kSecRSAAlgorithmID = 1, - kSecDSAAlgorithmID = 2, /* unsupported, just here for reference. */ - kSecECDSAAlgorithmID = 3, -}; - -/*! - @function SecKeyGetAlgorithmId - @abstract Returns an enumerated constant value which identifies the algorithm for the given key. - @param key A key reference. - @result An algorithm identifier. -*/ -CFIndex SecKeyGetAlgorithmId(SecKeyRef key) - __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_9_0); - -/*! - @function SecKeyGetStrengthInBits - @abstract Returns key strength in bits for the given key. - @param key A key reference. - @param algid A pointer to a CSSM_X509_ALGORITHM_IDENTIFIER structure, as returned from a call to SecKeyGetAlgorithmID. - @param strength On return, the key strength in bits. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecKeyGetStrengthInBits(SecKeyRef key, const CSSM_X509_ALGORITHM_IDENTIFIER *algid, unsigned int *strength); - -/*! - @function SecKeyImportPair - @abstract Takes an asymmetric key pair and stores it in the keychain specified by the keychain parameter. - @param keychainRef A reference to the keychain in which to store the private and public key items. Specify NULL for the default keychain. - @param publicCssmKey A CSSM_KEY which is valid for the CSP returned by SecKeychainGetCSPHandle(). This may be a normal key or reference key. - @param privateCssmKey A CSSM_KEY which is valid for the CSP returned by SecKeychainGetCSPHandle(). This may be a normal key or reference key. - @param initialAccess A SecAccess object that determines the initial access rights to the private key. The public key is given an any/any acl by default. - @param publicKey Optional output pointer to the keychain item reference of the imported public key. The caller must call CFRelease on this value if it is returned. - @param privateKey Optional output pointer to the keychain item reference of the imported private key. The caller must call CFRelease on this value if it is returned. - @result A result code. See "Security Error Codes" (SecBase.h). - @deprecated in 10.5 and later. Use the SecKeychainItemImport function instead; see -*/ -OSStatus SecKeyImportPair( - SecKeychainRef keychainRef, - const CSSM_KEY *publicCssmKey, - const CSSM_KEY *privateCssmKey, - SecAccessRef initialAccess, - SecKeyRef* publicKey, - SecKeyRef* privateKey) - DEPRECATED_IN_MAC_OS_X_VERSION_10_5_AND_LATER; - -/*! - @function SecKeyCreate - @abstract Create a key reference from the supplied key data. - @param allocator CFAllocator to allocate the key data. Pass NULL to use the default allocator. - @param keyClass A descriptor for the particular class of key that is being created. - @param keyData Data from which to create the key. Specify the format of this data in the encoding parameter. - @param keyDataLength Length of the data pointed to by keyData. - @param encoding A value of type SecKeyEncoding which describes the format of keyData. - @result A key reference. - @discussion Warning: this function is NOT intended for use outside the Security stack in its current state. - IMPORTANT: on Mac OS X 10.5 and earlier, the SecKeyCreate function had a different parameter list. - The current parameter list matches the iPhone OS implementation. Existing clients of this function - on Mac OS X (and there should not be any outside the Security stack, per the warning above) must - migrate to the replacement function, SecKeyCreateWithCSSMKey. -*/ -SecKeyRef SecKeyCreate(CFAllocatorRef allocator, - const SecKeyDescriptor *keyClass, const uint8_t *keyData, - CFIndex keyDataLength, SecKeyEncoding encoding); - -/*! - @function SecKeyCreateWithCSSMKey - @abstract Generate a temporary floating key reference for a CSSM_KEY. - @param key A pointer to a CSSM_KEY structure. - @param keyRef On return, a key reference. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion Warning: this function is NOT intended for use outside the Security stack in its current state. -*/ -OSStatus SecKeyCreateWithCSSMKey(const CSSM_KEY *key, SecKeyRef* keyRef); - - -/*! - @function SecKeyRawSign - @abstract Given a private key and data to sign, generate a digital signature. - @param key Private key with which to sign. - @param padding See Padding Types above, typically kSecPaddingPKCS1SHA1. - @param dataToSign The data to be signed, typically the digest of the actual data. - @param dataToSignLen Length of dataToSign in bytes. - @param sig Pointer to buffer in which the signature will be returned. - @param sigLen IN/OUT maximum length of sig buffer on input, actualy length of sig on output. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion If the padding argument is kSecPaddingPKCS1, PKCS1 padding - will be performed prior to signing. If this argument is kSecPaddingNone, - the incoming data will be signed "as is". - - When PKCS1 padding is performed, the maximum length of data that can - be signed is the value returned by SecKeyGetBlockSize() - 11. - - NOTE: The behavior this function with kSecPaddingNone is undefined if the - first byte of dataToSign is zero; there is no way to verify leading zeroes - as they are discarded during the calculation. - - If you want to generate a proper PKCS1 style signature with DER encoding of - the digest type - and the dataToSign is a SHA1 digest - use kSecPaddingPKCS1SHA1. -*/ -OSStatus SecKeyRawSign( - SecKeyRef key, - SecPadding padding, - const uint8_t *dataToSign, - size_t dataToSignLen, - uint8_t *sig, - size_t *sigLen); - - -/*! - @function SecKeyRawVerify - @abstract Given a public key, data which has been signed, and a signature, verify the signature. - @param key Public key with which to verify the signature. - @param padding See Padding Types above, typically kSecPaddingPKCS1SHA1. - @param signedData The data over which sig is being verified, typically the digest of the actual data. - @param signedDataLen Length of signedData in bytes. - @param sig Pointer to the signature to verify. - @param sigLen Length of sig in bytes. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion If the padding argument is kSecPaddingPKCS1, PKCS1 padding - will be checked during verification. If this argument is kSecPaddingNone, - the incoming data will be compared directly to sig. - - If you are verifying a proper PKCS1-style signature, with DER encoding of the digest - type - and the signedData is a SHA1 digest - use kSecPaddingPKCS1SHA1. -*/ -OSStatus SecKeyRawVerify( - SecKeyRef key, - SecPadding padding, - const uint8_t *signedData, - size_t signedDataLen, - const uint8_t *sig, - size_t sigLen); - - -/*! - @function SecKeyEncrypt - @abstract Encrypt a block of plaintext. - @param key Public key with which to encrypt the data. - @param padding See Padding Types above, typically kSecPaddingPKCS1. - @param plainText The data to encrypt. - @param plainTextLen Length of plainText in bytes, this must be less - or equal to the value returned by SecKeyGetBlockSize(). - @param cipherText Pointer to the output buffer. - @param cipherTextLen On input, specifies how much space is available at - cipherText; on return, it is the actual number of cipherText bytes written. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion If the padding argument is kSecPaddingPKCS1, PKCS1 padding - will be performed prior to encryption. If this argument is kSecPaddingNone, - the incoming data will be encrypted "as is". - - When PKCS1 padding is performed, the maximum length of data that can - be encrypted is the value returned by SecKeyGetBlockSize() - 11. - - When memory usage is a critical issue, note that the input buffer - (plainText) can be the same as the output buffer (cipherText). -*/ -OSStatus SecKeyEncrypt( - SecKeyRef key, - SecPadding padding, - const uint8_t *plainText, - size_t plainTextLen, - uint8_t *cipherText, - size_t *cipherTextLen); - - -/*! - @function SecKeyDecrypt - @abstract Decrypt a block of ciphertext. - @param key Private key with which to decrypt the data. - @param padding See SecPadding types above; typically kSecPaddingPKCS1. - @param cipherText The data to decrypt. - @param cipherTextLen Length of cipherText in bytes; this must be less - or equal to the value returned by SecKeyGetBlockSize(). - @param plainText Pointer to the output buffer. - @param plainTextLen On input, specifies how much space is available at - plainText; on return, it is the actual number of plainText bytes written. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion If the padding argument is kSecPaddingPKCS1, PKCS1 padding - will be removed after decryption. If this argument is kSecPaddingNone, - the decrypted data will be returned "as is". - - When memory usage is a critical issue, note that the input buffer - (plainText) can be the same as the output buffer (cipherText). -*/ -OSStatus SecKeyDecrypt( - SecKeyRef key, /* Private key */ - SecPadding padding, /* kSecPaddingNone, kSecPaddingPKCS1, kSecPaddingOAEP */ - const uint8_t *cipherText, - size_t cipherTextLen, /* length of cipherText */ - uint8_t *plainText, - size_t *plainTextLen); /* IN/OUT */ - -OSStatus SecKeyVerifyDigest( - SecKeyRef key, /* Private key */ - const SecAsn1AlgId *algId, /* algorithm oid/params */ - const uint8_t *digestData, /* signature over this digest */ - size_t digestDataLen, /* length of dataToDigest */ - const uint8_t *sig, /* signature to verify */ - size_t sigLen); /* length of sig */ - -OSStatus SecKeySignDigest( - SecKeyRef key, /* Private key */ - const SecAsn1AlgId *algId, /* algorithm oid/params */ - const uint8_t *digestData, /* signature over this digest */ - size_t digestDataLen, /* length of digestData */ - uint8_t *sig, /* signature, RETURNED */ - size_t *sigLen); /* IN/OUT */ - - -/* These are the named curves we support. These values come from RFC 4492 - section 5.1.1, with the exception of SSL_Curve_None which means - "ECDSA not negotiated". */ -typedef enum -{ - kSecECCurveNone = -1, - kSecECCurveSecp256r1 = 23, - kSecECCurveSecp384r1 = 24, - kSecECCurveSecp521r1 = 25 -} SecECNamedCurve; - -/* Return a named curve enum for ecPrivateKey. */ -SecECNamedCurve SecECKeyGetNamedCurve(SecKeyRef ecPrivateKey); -CFDataRef SecECKeyCopyPublicBits(SecKeyRef key); - -/* Given an RSA public key in encoded form return a SecKeyRef representing - that key. Supported encodings are kSecKeyEncodingPkcs1. */ -SecKeyRef SecKeyCreateRSAPublicKey(CFAllocatorRef allocator, - const uint8_t *keyData, CFIndex keyDataLength, - SecKeyEncoding encoding); - -CFDataRef SecKeyCopyModulus(SecKeyRef rsaPublicKey); -CFDataRef SecKeyCopyExponent(SecKeyRef rsaPublicKey); - -/*! - @function SecKeyCopyPublicBytes - @abstract Gets the bits of a public key - @param key Key to retrieve the bits. - @param publicBytes An out parameter to receive the public key bits - @result Errors if any when retrieving the public key bits.. - */ -OSStatus SecKeyCopyPublicBytes(SecKeyRef key, CFDataRef* publicBytes); - -/*! - @function SecKeyCreatePublicFromPrivate - @abstract Create a public SecKeyRef from a private SecKeyRef - @param privateKey The private SecKeyRef for which you want the public key - @result A public SecKeyRef, or NULL if the conversion failed - @discussion This is a "best attempt" function, hence the SPI nature. If the public - key bits are not in memory, it attempts to load from the keychain. If the public - key was not tracked on the keychain, it will fail. -*/ -SecKeyRef SecKeyCreatePublicFromPrivate(SecKeyRef privateKey); - -/*! - @function SecKeyCreateFromPublicData -*/ -SecKeyRef SecKeyCreateFromPublicData(CFAllocatorRef allocator, CFIndex algorithmID, CFDataRef publicBytes); - -OSStatus SecKeyRawVerifyOSX( - SecKeyRef key, - SecPadding padding, - const uint8_t *signedData, - size_t signedDataLen, - const uint8_t *sig, - size_t sigLen); - -/*! - @enum SecKeyAttestationKeyType - @abstract Defines types of builtin attestation keys. -*/ -typedef CF_ENUM(uint32_t, SecKeyAttestationKeyType) -{ - kSecKeyAttestationKeyTypeSIK = 0, - kSecKeyAttestationKeyTypeGID -} __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecKeyCopyAttestationKey - @abstract Returns a copy of a builtin attestation key. - - @param keyType Type of the requested builtin key. - @param error An optional pointer to a CFErrorRef. This value is set if an error occurred. - - @result On success a SecKeyRef containing the requested key is returned, on failure it returns NULL. -*/ -SecKeyRef SecKeyCopyAttestationKey(SecKeyAttestationKeyType keyType, CFErrorRef *error) -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecKeyCreateAttestation - @abstract Attests a key with another key. - - @param key The attesting key. - @param keyToAttest The key which is to be attested. - @param error An optional pointer to a CFErrorRef. This value is set if an error occurred. - - @result On success a CFDataRef containing the attestation data is returned, on failure it returns NULL. - - @discussion Key attestation only works for CTK SEP keys, i.e. keys created with kSecAttrTokenID=kSecAttrTokenIDSecureEnclave. -*/ -CFDataRef SecKeyCreateAttestation(SecKeyRef key, SecKeyRef keyToAttest, CFErrorRef *error) -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecKeySetParameter - @abstract Sets unspecified key parameter for the backend. - - @param key Key to set the parameter to. - @param name Identifies parameter to be set. - @param value New value for the parameter. - @param error Error which gathers more information when something went wrong. - - @discussion Serves as channel between SecKey client and backend for passing additional sideband data send from SecKey caller - to SecKey implementation backend. Parameter names and types are either generic kSecUse*** attributes or are a contract between - SecKey user (application) and backend and in this case are not interpreted by SecKey layer in any way. - */ -Boolean SecKeySetParameter(SecKeyRef key, CFStringRef name, CFPropertyListRef value, CFErrorRef *error) -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecKeyCreateDuplicate - @abstract Creates duplicate fo the key. - - @param key Source key to be duplicated - - @discussion Only memory representation of the key is duplicated, so if the key is backed by keychain, only one instance - stays in the keychain. Duplicating key is useful for setting 'temporary' key parameters using SecKeySetParameter. - If the key is immutable (i.e. does not support SecKeySetParameter), calling this method is identical to calling CFRetain(). - */ -SecKeyRef SecKeyCreateDuplicate(SecKeyRef key) -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - Algorithms for converting between bigendian and core-crypto ccunit data representation. - */ -extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureRawCCUnit; -extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionRawCCUnit; - -/*! - Internal algorithm for RSA-MD5. We do not want to export MD5 in new API, but we need it - for implementing legacy interfaces. - */ -extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5; -extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5; - -/*! - Algorithms for interoperability with libaks smartcard support. - */ -extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionAKSSmartCard; - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_SECKEYPRIV_H_ */ - diff --git a/OSX/libsecurity_keychain/lib/SecKeychainItem.cpp b/OSX/libsecurity_keychain/lib/SecKeychainItem.cpp index fedf2f1f..ca8f3623 100644 --- a/OSX/libsecurity_keychain/lib/SecKeychainItem.cpp +++ b/OSX/libsecurity_keychain/lib/SecKeychainItem.cpp @@ -496,7 +496,6 @@ OSStatus SecKeychainItemFindFirst(SecKeychainRef keychainRef, const SecKeychainA END_SECAPI } -#if SECTRUST_OSX static OSStatus SecKeychainItemCreatePersistentReferenceFromCertificate(SecCertificateRef certRef, CFDataRef *persistentItemRef, Boolean isIdentity) { @@ -581,35 +580,9 @@ static OSStatus SecKeychainItemCreatePersistentReferenceFromCertificate(SecCerti return __secapiresult; } -#endif OSStatus SecKeychainItemCreatePersistentReference(SecKeychainItemRef itemRef, CFDataRef *persistentItemRef) { -#if !SECTRUST_OSX - BEGIN_SECAPI - - KCThrowParamErrIf_(!itemRef || !persistentItemRef); - Item item; - CFTypeID itemType = (itemRef) ? CFGetTypeID(itemRef) ? 0; - bool isIdentityRef = (itemType == SecIdentityGetTypeID()) ? true : false; - bool isCertificateRef = (itemType == SecCertificateGetTypeID()) ? true : false; - if (isIdentityRef) { - SecPointer certificatePtr(Identity::required((SecIdentityRef)itemRef)->certificate()); - SecCertificateRef certificateRef = certificatePtr->handle(false); - item = ItemImpl::required((SecKeychainItemRef)certificateRef); - item->copyPersistentReference(*persistentItemRef, true); - } - else if (isCertificateRef) { - item = ItemImpl::required(itemRef); - item->copyPersistentReference(*persistentItemRef, false); - } - else { - item = ItemImpl::required(itemRef); - item->copyPersistentReference(*persistentItemRef, false); - } - - END_SECAPI -#else /* We're in the unified world, where SecCertificateRef is not a SecKeychainItemRef. */ if (!itemRef || !persistentItemRef) { return errSecParam; @@ -649,8 +622,6 @@ OSStatus SecKeychainItemCreatePersistentReference(SecKeychainItemRef itemRef, CF Item item = ItemImpl::required(itemRef); item->copyPersistentReference(*persistentItemRef, false); END_SECAPI - -#endif } OSStatus SecKeychainItemCopyFromPersistentReference(CFDataRef persistentItemRef, SecKeychainItemRef *itemRef) @@ -689,7 +660,6 @@ OSStatus SecKeychainItemCopyFromPersistentReference(CFDataRef persistentItemRef, } *itemRef = (SecKeychainItemRef) result; -#if SECTRUST_OSX /* see if we should convert outgoing item to a unified SecCertificateRef */ SecItemClass tmpItemClass = Schema::itemClassFor(item->recordType()); if (tmpItemClass == kSecCertificateItemClass && !isIdentityRef) { @@ -719,7 +689,6 @@ OSStatus SecKeychainItemCopyFromPersistentReference(CFDataRef persistentItemRef, if (tmpRef) CFRelease(tmpRef); } -#endif END_SECAPI } diff --git a/OSX/libsecurity_keychain/lib/SecKeychainItemExtendedAttributes.cpp b/OSX/libsecurity_keychain/lib/SecKeychainItemExtendedAttributes.cpp index 0f34defe..0088d0de 100644 --- a/OSX/libsecurity_keychain/lib/SecKeychainItemExtendedAttributes.cpp +++ b/OSX/libsecurity_keychain/lib/SecKeychainItemExtendedAttributes.cpp @@ -21,6 +21,7 @@ * @APPLE_LICENSE_HEADER_END@ */ +#include #include "SecKeychainItemExtendedAttributes.h" #include "SecKeychainItemPriv.h" #include "ExtendedAttribute.h" @@ -122,7 +123,7 @@ static bool lookupExtendedAttr( StorageManager::KeychainList kcList; kcList.push_back(inItem->keychain()); - KCCursor cursor(kcList, CSSM_DL_DB_RECORD_EXTENDED_ATTRIBUTE, &attrList); + KCCursor cursor(kcList, (SecItemClass) CSSM_DL_DB_RECORD_EXTENDED_ATTRIBUTE, &attrList); try { return cursor->next(foundItem); } @@ -163,7 +164,7 @@ OSStatus SecKeychainItemSetExtendedAttribute( return errSecSuccess; } - CSSM_DATA attrCValue = {CFDataGetLength(attrValue), (uint8 *)CFDataGetBytePtr(attrValue)}; + CSSM_DATA attrCValue = {int_cast(CFDataGetLength(attrValue)), (uint8 *)CFDataGetBytePtr(attrValue)}; if(haveMatch) { /* update existing extended attribute record */ @@ -274,7 +275,7 @@ OSStatus SecKeychainItemCopyAllExtendedAttributes( CFMutableArrayRef outValues = NULL; OSStatus ourRtn = errSecSuccess; - KCCursor cursor(kcList, CSSM_DL_DB_RECORD_EXTENDED_ATTRIBUTE, &attrList); + KCCursor cursor(kcList, (SecItemClass) CSSM_DL_DB_RECORD_EXTENDED_ATTRIBUTE, &attrList); for(;;) { bool gotOne = false; Item foundItem; diff --git a/OSX/libsecurity_keychain/lib/SecKeychainItemPriv.h b/OSX/libsecurity_keychain/lib/SecKeychainItemPriv.h index f3ed51e7..595be6ff 100644 --- a/OSX/libsecurity_keychain/lib/SecKeychainItemPriv.h +++ b/OSX/libsecurity_keychain/lib/SecKeychainItemPriv.h @@ -162,7 +162,7 @@ OSStatus SecKeychainItemCreateFromEncryptedContent(SecItemClass itemClass, UInt3 @function SecKeychainItemSetAccessWithPassword @abstract Sets the access of a given keychain item. @param itemRef A reference to a keychain item. - @param access A reference to an access to replace the keychain item's current access. + @param accessRef A reference to an access to replace the keychain item's current access. @param passwordLength An unsigned 32-bit integer representing the length of the password buffer. @param password A buffer containing the password for the keychain. if this password is incorrect, this call might fail---it will not prompt the user. @result A result code. See "Security Error Codes" (SecBase.h). diff --git a/OSX/libsecurity_keychain/lib/SecKeychainSearch.cpp b/OSX/libsecurity_keychain/lib/SecKeychainSearch.cpp index 2ba38d91..32d8c6f6 100644 --- a/OSX/libsecurity_keychain/lib/SecKeychainSearch.cpp +++ b/OSX/libsecurity_keychain/lib/SecKeychainSearch.cpp @@ -90,7 +90,6 @@ SecKeychainSearchCopyNext(SecKeychainSearchRef searchRef, SecKeychainItemRef *it *itemRef=item->handle(); -#if SECTRUST_OSX bool itemChecked = false; do { /* see if we should convert outgoing item to a unified SecCertificateRef */ @@ -137,7 +136,6 @@ SecKeychainSearchCopyNext(SecKeychainSearchRef searchRef, SecKeychainItemRef *it /* never permit a NULL item reference to be returned without an error result */ return errSecItemNotFound; } -#endif END_SECAPI } diff --git a/OSX/libsecurity_keychain/lib/SecPolicy.cpp b/OSX/libsecurity_keychain/lib/SecPolicy.cpp index 9c89e06d..273cfc29 100644 --- a/OSX/libsecurity_keychain/lib/SecPolicy.cpp +++ b/OSX/libsecurity_keychain/lib/SecPolicy.cpp @@ -41,61 +41,14 @@ #define SEC_CONST_DECL(k,v) const CFStringRef k = CFSTR(v); -#if !SECTRUST_OSX -SEC_CONST_DECL (kSecPolicyAppleX509Basic, "1.2.840.113635.100.1.2"); -SEC_CONST_DECL (kSecPolicyAppleSSL, "1.2.840.113635.100.1.3"); -SEC_CONST_DECL (kSecPolicyAppleSMIME, "1.2.840.113635.100.1.8"); -SEC_CONST_DECL (kSecPolicyAppleEAP, "1.2.840.113635.100.1.9"); -SEC_CONST_DECL (kSecPolicyAppleSWUpdateSigning, "1.2.840.113635.100.1.10"); -SEC_CONST_DECL (kSecPolicyAppleIPsec, "1.2.840.113635.100.1.11"); -SEC_CONST_DECL (kSecPolicyAppleiChat, "1.2.840.113635.100.1.12"); -SEC_CONST_DECL (kSecPolicyApplePKINITClient, "1.2.840.113635.100.1.14"); -SEC_CONST_DECL (kSecPolicyApplePKINITServer, "1.2.840.113635.100.1.15"); -SEC_CONST_DECL (kSecPolicyAppleCodeSigning, "1.2.840.113635.100.1.16"); -SEC_CONST_DECL (kSecPolicyApplePackageSigning, "1.2.840.113635.100.1.17"); -SEC_CONST_DECL (kSecPolicyAppleIDValidation, "1.2.840.113635.100.1.18"); -SEC_CONST_DECL (kSecPolicyMacAppStoreReceipt, "1.2.840.113635.100.1.19"); -SEC_CONST_DECL (kSecPolicyAppleTimeStamping, "1.2.840.113635.100.1.20"); -SEC_CONST_DECL (kSecPolicyAppleRevocation, "1.2.840.113635.100.1.21"); -SEC_CONST_DECL (kSecPolicyApplePassbookSigning, "1.2.840.113635.100.1.22"); -SEC_CONST_DECL (kSecPolicyAppleMobileStore, "1.2.840.113635.100.1.23"); -SEC_CONST_DECL (kSecPolicyAppleEscrowService, "1.2.840.113635.100.1.24"); -SEC_CONST_DECL (kSecPolicyAppleProfileSigner, "1.2.840.113635.100.1.25"); -SEC_CONST_DECL (kSecPolicyAppleQAProfileSigner, "1.2.840.113635.100.1.26"); -SEC_CONST_DECL (kSecPolicyAppleTestMobileStore, "1.2.840.113635.100.1.27"); -SEC_CONST_DECL (kSecPolicyAppleOTAPKISigner, "1.2.840.113635.100.1.28"); -SEC_CONST_DECL (kSecPolicyAppleTestOTAPKISigner, "1.2.840.113635.100.1.29"); -/* FIXME: this policy name should be deprecated and replaced with "kSecPolicyAppleIDValidationRecordSigning" */ -SEC_CONST_DECL (kSecPolicyAppleIDValidationRecordSigningPolicy, "1.2.840.113635.100.1.30"); -SEC_CONST_DECL (kSecPolicyAppleSMPEncryption, "1.2.840.113635.100.1.31"); -SEC_CONST_DECL (kSecPolicyAppleTestSMPEncryption, "1.2.840.113635.100.1.32"); -SEC_CONST_DECL (kSecPolicyAppleServerAuthentication, "1.2.840.113635.100.1.33"); -SEC_CONST_DECL (kSecPolicyApplePCSEscrowService, "1.2.840.113635.100.1.34"); -SEC_CONST_DECL (kSecPolicyApplePPQSigning, "1.2.840.113635.100.1.35"); -SEC_CONST_DECL (kSecPolicyAppleTestPPQSigning, "1.2.840.113635.100.1.36"); -SEC_CONST_DECL (kSecPolicyApplePayIssuerEncryption, "1.2.840.113635.100.1.39"); -SEC_CONST_DECL (kSecPolicyAppleOSXProvisioningProfileSigning, "1.2.840.113635.100.1.40"); -SEC_CONST_DECL (kSecPolicyAppleAST2DiagnosticsServerAuth, "1.2.840.113635.100.1.42"); -SEC_CONST_DECL (kSecPolicyAppleEscrowProxyServerAuth, "1.2.840.113635.100.1.43"); -SEC_CONST_DECL (kSecPolicyAppleFMiPServerAuth, "1.2.840.113635.100.1.44"); - -SEC_CONST_DECL (kSecPolicyOid, "SecPolicyOid"); -SEC_CONST_DECL (kSecPolicyName, "SecPolicyName"); -SEC_CONST_DECL (kSecPolicyClient, "SecPolicyClient"); -SEC_CONST_DECL (kSecPolicyRevocationFlags, "SecPolicyRevocationFlags"); -SEC_CONST_DECL (kSecPolicyTeamIdentifier, "SecPolicyTeamIdentifier"); -#else /* Some of these aren't defined in SecPolicy.c, but used here. */ SEC_CONST_DECL (kSecPolicyAppleiChat, "1.2.840.113635.100.1.12"); -#endif // Private functions extern "C" { -#if SECTRUST_OSX CFDictionaryRef SecPolicyGetOptions(SecPolicyRef policy); void SecPolicySetOptionsValue(SecPolicyRef policy, CFStringRef key, CFTypeRef value); -#endif } // String to CSSM_OID mapping @@ -155,7 +108,6 @@ const oidmap_entry_t oidmap[] = { { kSecPolicyAppleOSXProvisioningProfileSigning, &CSSMOID_APPLE_TP_PROVISIONING_PROFILE_SIGNING }, }; -#if SECTRUST_OSX const oidmap_entry_t oidmap_priv[] = { { CFSTR("basicX509"), &CSSMOID_APPLE_X509_BASIC }, { CFSTR("sslServer"), &CSSMOID_APPLE_TP_SSL }, @@ -181,20 +133,6 @@ const oidmap_entry_t oidmap_priv[] = { { CFSTR("ApplePCSEscrowService"), &CSSMOID_APPLE_TP_PCS_ESCROW_SERVICE }, { CFSTR("AppleOSXProvisioningProfileSigning"), &CSSMOID_APPLE_TP_PROVISIONING_PROFILE_SIGNING }, }; -#endif - -// -// CF boilerplate -// -#if !SECTRUST_OSX -CFTypeID -SecPolicyGetTypeID(void) -{ - BEGIN_SECAPI - return gTypes().Policy.typeID; - END_SECAPI1(_kCFRuntimeNotATypeID) -} -#endif // // Sec API bridge functions @@ -203,11 +141,6 @@ SecPolicyGetTypeID(void) OSStatus SecPolicyGetOID(SecPolicyRef policyRef, CSSM_OID* oid) { -#if !SECTRUST_OSX - BEGIN_SECAPI - Required(oid) = Policy::required(policyRef)->oid(); - END_SECAPI -#else /* bridge to support old functionality */ if (!policyRef) { return errSecParam; @@ -244,7 +177,6 @@ SecPolicyGetOID(SecPolicyRef policyRef, CSSM_OID* oid) CFShow(oidStr); syslog(LOG_ERR, "WARNING: SecPolicyGetOID failed to return an OID. This function was deprecated in 10.7. Please use SecPolicyCopyProperties instead."); return errSecServiceNotAvailable; -#endif } // TODO: use a version of this function from a utility library @@ -283,7 +215,6 @@ CFStringRef SecPolicyGetStringForOID(CSSM_OID* oid) return NULL; } -#if SECTRUST_OSX static bool SecPolicyGetCSSMDataValueForString(SecPolicyRef policyRef, CFStringRef stringRef, CSSM_DATA* value) { // Old API expects to vend a pointer and length for a policy value. @@ -319,17 +250,11 @@ static bool SecPolicyGetCSSMDataValueForString(SecPolicyRef policyRef, CFStringR } return true; } -#endif /* OS X only: __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA) */ OSStatus SecPolicyGetValue(SecPolicyRef policyRef, CSSM_DATA* value) { -#if !SECTRUST_OSX - BEGIN_SECAPI - Required(value) = Policy::required(policyRef)->value(); - END_SECAPI -#else /* bridge to support old functionality */ #if SECTRUST_DEPRECATION_WARNINGS syslog(LOG_ERR, "WARNING: SecPolicyGetValue was deprecated in 10.7. Please use SecPolicyCopyProperties instead."); @@ -368,39 +293,12 @@ SecPolicyGetValue(SecPolicyRef policyRef, CSSM_DATA* value) value->Length = 0; } return errSecSuccess; -#endif -} - -#if !SECTRUST_OSX -CFDictionaryRef -SecPolicyCopyProperties(SecPolicyRef policyRef) -{ - /* can't use SECAPI macros, since this function does not return OSStatus */ - CFDictionaryRef result = NULL; - try { - result = Policy::required(policyRef)->properties(); - } - catch (...) { - if (result) { - CFRelease(result); - result = NULL; - } - }; - return result; } -#endif /* OS X only: __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA) */ OSStatus SecPolicySetValue(SecPolicyRef policyRef, const CSSM_DATA *value) { -#if !SECTRUST_OSX - BEGIN_SECAPI - Required(value); - const CssmData newValue(value->Data, value->Length); - Policy::required(policyRef)->setValue(newValue); - END_SECAPI -#else /* bridge to support old functionality */ #if SECTRUST_DEPRECATION_WARNINGS syslog(LOG_ERR, "WARNING: SecPolicySetValue was deprecated in 10.7. Please use SecPolicySetProperties instead."); @@ -511,60 +409,23 @@ SecPolicySetValue(SecPolicyRef policyRef, const CSSM_DATA *value) if (data) { CFRelease(data); } if (name) { CFRelease(name); } return status; -#endif } -#if !SECTRUST_OSX -OSStatus -SecPolicySetProperties(SecPolicyRef policyRef, CFDictionaryRef properties) -{ - BEGIN_SECAPI - Policy::required(policyRef)->setProperties(properties); - END_SECAPI -} -#endif - /* OS X only: __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA) */ OSStatus SecPolicyGetTPHandle(SecPolicyRef policyRef, CSSM_TP_HANDLE* tpHandle) { -#if !SECTRUST_OSX - BEGIN_SECAPI - Required(tpHandle) = Policy::required(policyRef)->tp()->handle(); - END_SECAPI -#else /* this function is unsupported in unified SecTrust */ #if SECTRUST_DEPRECATION_WARNINGS syslog(LOG_ERR, "WARNING: SecPolicyGetTPHandle was deprecated in 10.7, and does nothing in 10.11. Please stop using it."); #endif return errSecServiceNotAvailable; -#endif } /* OS X only: __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_3, __MAC_10_7, __IPHONE_NA, __IPHONE_NA) */ OSStatus SecPolicyCopyAll(CSSM_CERT_TYPE certificateType, CFArrayRef* policies) { -#if !SECTRUST_OSX - BEGIN_SECAPI - Required(policies); - CFMutableArrayRef currPolicies = NULL; - currPolicies = CFArrayCreateMutable(NULL, 0, NULL); - if ( currPolicies ) - { - SecPointer cursor(new PolicyCursor(NULL, NULL)); - SecPointer policy; - while ( cursor->next(policy) ) /* copies the next policy */ - { - CFArrayAppendValue(currPolicies, policy->handle()); /* 'SecPolicyRef' appended */ - CFRelease(policy->handle()); /* refcount bumped up when appended to array */ - } - *policies = CFArrayCreateCopy(NULL, currPolicies); - CFRelease(currPolicies); - CFRelease(cursor->handle()); - } - END_SECAPI -#else /* bridge to support old functionality */ #if SECTRUST_DEPRECATION_WARNINGS syslog(LOG_ERR, "WARNING: SecPolicyCopyAll was deprecated in 10.7. Please use SecPolicy creation functions instead."); @@ -607,21 +468,16 @@ SecPolicyCopyAll(CSSM_CERT_TYPE certificateType, CFArrayRef* policies) *policies = CFArrayCreateCopy(NULL, curPolicies); CFRelease(curPolicies); return errSecSuccess; -#endif } /* OS X only: __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_3, __MAC_10_7, __IPHONE_NA, __IPHONE_NA) */ OSStatus SecPolicyCopy(CSSM_CERT_TYPE certificateType, const CSSM_OID *policyOID, SecPolicyRef* policy) { -#if !SECTRUST_OSX - Required(policy); - Required(policyOID); -#else if (!policyOID || !policy) { return errSecParam; } -#endif + SecPolicySearchRef srchRef = NULL; OSStatus ortn; @@ -638,9 +494,6 @@ SecPolicyCopy(CSSM_CERT_TYPE certificateType, const CSSM_OID *policyOID, SecPoli SecPolicyRef SecPolicyCreateItemImplInstance(SecPolicyRef policy) { -#if !SECTRUST_OSX - return (SecPolicyRef)(policy ? CFRetain(policy) : NULL); -#else if (!policy) { return NULL; } @@ -664,87 +517,7 @@ SecPolicyCreateItemImplInstance(SecPolicyRef policy) CFRelease(properties); } return policyRef; -#endif -} - -#if !SECTRUST_OSX -/* new in 10.6 */ -SecPolicyRef -SecPolicyCreateBasicX509(void) -{ - // return a SecPolicyRef object for the X.509 Basic policy - SecPolicyRef policy = nil; - SecPolicySearchRef policySearch = nil; - OSStatus status = SecPolicySearchCreate(CSSM_CERT_X_509v3, &CSSMOID_APPLE_X509_BASIC, NULL, &policySearch); - if (!status) { - status = SecPolicySearchCopyNext(policySearch, &policy); - } - if (policySearch) { - CFRelease(policySearch); - } - return policy; -} -#endif - -#if !SECTRUST_OSX -/* new in 10.6 */ -SecPolicyRef -SecPolicyCreateSSL(Boolean server, CFStringRef hostname) -{ - // return a SecPolicyRef object for the SSL policy, given hostname and client options - SecPolicyRef policy = nil; - SecPolicySearchRef policySearch = nil; - OSStatus status = SecPolicySearchCreate(CSSM_CERT_X_509v3, &CSSMOID_APPLE_TP_SSL, NULL, &policySearch); - if (!status) { - status = SecPolicySearchCopyNext(policySearch, &policy); - } - if (!status && policy) { - // set options for client-side or server-side policy evaluation - char *strbuf = NULL; - const char *hostnamestr = NULL; - if (hostname) { - hostnamestr = CFStringGetCStringPtr(hostname, kCFStringEncodingUTF8); - if (hostnamestr == NULL) { - CFIndex maxLen = CFStringGetMaximumSizeForEncoding(CFStringGetLength(hostname), kCFStringEncodingUTF8) + 1; - strbuf = (char *)malloc(maxLen); - if (CFStringGetCString(hostname, strbuf, maxLen, kCFStringEncodingUTF8)) { - hostnamestr = strbuf; - } - } - } - uint32 hostnamelen = (hostnamestr) ? (uint32)strlen(hostnamestr) : 0; - uint32 flags = (!server) ? CSSM_APPLE_TP_SSL_CLIENT : 0; - CSSM_APPLE_TP_SSL_OPTIONS opts = {CSSM_APPLE_TP_SSL_OPTS_VERSION, hostnamelen, hostnamestr, flags}; - CSSM_DATA data = {sizeof(opts), (uint8*)&opts}; - SecPolicySetValue(policy, &data); - - if (strbuf) { - free(strbuf); - } - } - if (policySearch) { - CFRelease(policySearch); - } - return policy; -} -#endif - -#if !SECTRUST_OSX -/* not exported */ -static SecPolicyRef -SecPolicyCreateWithSecAsn1Oid(SecAsn1Oid *oidPtr) -{ - SecPolicyRef policy = NULL; - try { - SecPointer policyObj; - PolicyCursor::policy(oidPtr, policyObj); - policy = policyObj->handle(); - } - catch (...) {} - - return policy; } -#endif static SecPolicyRef _SecPolicyCreateWithOID(CFTypeRef policyOID) @@ -780,11 +553,6 @@ _SecPolicyCreateWithOID(CFTypeRef policyOID) if (!policy && CFEqual(policyOID, kSecPolicyAppleRevocation)) { policy = SecPolicyCreateRevocation(kSecRevocationUseAnyAvailableMethod); } -#if !SECTRUST_OSX - if (!policy) { - policy = SecPolicyCreateWithSecAsn1Oid((SecAsn1Oid*)oidPtr); - } -#endif } return policy; } @@ -800,169 +568,6 @@ SecPolicyCreateWithOID(CFTypeRef policyOID) return policy; } -#if !SECTRUST_OSX -/* new in 10.9 */ -SecPolicyRef -SecPolicyCreateWithProperties(CFTypeRef policyIdentifier, CFDictionaryRef properties) -{ - SecPolicyRef policy = _SecPolicyCreateWithOID(policyIdentifier); - SecPolicySetProperties(policy, properties); - - return policy; -} -#endif - -#if !SECTRUST_OSX -/* new in 10.9 */ -SecPolicyRef -SecPolicyCreateRevocation(CFOptionFlags revocationFlags) -{ - // return a SecPolicyRef object for the unified revocation policy - SecAsn1Oid *oidPtr = (SecAsn1Oid*)&CSSMOID_APPLE_TP_REVOCATION; - SecPolicyRef policy = SecPolicyCreateWithSecAsn1Oid(oidPtr); - if (policy) { - CSSM_DATA policyData = { (CSSM_SIZE)sizeof(CFOptionFlags), (uint8*)&revocationFlags }; - SecPolicySetValue(policy, &policyData); - } - return policy; -} -#endif - -#if !SECTRUST_OSX -SecPolicyRef SecPolicyCreateAppleIDSService(CFStringRef hostname) -{ - return SecPolicyCreateSSL(true, hostname); -} -#endif - -#if !SECTRUST_OSX -SecPolicyRef SecPolicyCreateAppleIDSServiceContext(CFStringRef hostname, CFDictionaryRef __unused context) -{ - return SecPolicyCreateSSL(true, hostname); -} -#endif - -#if !SECTRUST_OSX -SecPolicyRef SecPolicyCreateApplePushService(CFStringRef hostname, CFDictionaryRef __unused context) -{ - return SecPolicyCreateSSL(true, hostname); -} -#endif - -#if !SECTRUST_OSX -SecPolicyRef SecPolicyCreateApplePushServiceLegacy(CFStringRef hostname) -{ - return SecPolicyCreateSSL(true, hostname); -} -#endif - -#if !SECTRUST_OSX -SecPolicyRef SecPolicyCreateAppleMMCSService(CFStringRef hostname, CFDictionaryRef __unused context) -{ - return SecPolicyCreateSSL(true, hostname); -} -#endif - -#if !SECTRUST_OSX -SecPolicyRef SecPolicyCreateAppleGSService(CFStringRef hostname, CFDictionaryRef __unused context) -{ - return SecPolicyCreateSSL(true, hostname); -} -#endif - -#if !SECTRUST_OSX -SecPolicyRef SecPolicyCreateApplePPQService(CFStringRef hostname, CFDictionaryRef __unused context) -{ - return SecPolicyCreateSSL(true, hostname); -} -#endif - -#if !SECTRUST_OSX -/* new in 10.11.4 */ -SecPolicyRef SecPolicyCreateAppleAST2Service(CFStringRef hostname, CFDictionaryRef __unused context) -{ - return SecPolicyCreateSSL(true, hostname); -} -#endif - -#if !SECTRUST_OSX -/* new in 10.12 */ -SecPolicyRef SecPolicyCreateAppleEscrowProxyService(CFStringRef hostname, CFDictionaryRef __unused context) -{ - return SecPolicyCreateSSL(true, hostname); -} -#endif - -#if !SECTRUST_OSX -/* new in 10.12 */ -SecPolicyRef SecPolicyCreateAppleFMiPService(CFStringRef hostname, CFDictionaryRef __unused context) -{ - return SecPolicyCreateSSL(true, hostname); -} -#endif - -#if !SECTRUST_OSX -/* new in 10.11.4 */ -SecPolicyRef SecPolicyCreateAppleHomeKitServerAuth(CFStringRef hostname) -{ - return SecPolicyCreateSSL(true, hostname); -} -#endif - -#if !SECTRUST_OSX -/* new in 10.11 */ -SecPolicyRef SecPolicyCreateApplePayIssuerEncryption(void) -{ - return _SecPolicyCreateWithOID(kSecPolicyAppleX509Basic); -} -#endif - -#if !SECTRUST_OSX -/* new in 10.11 */ -SecPolicyRef SecPolicyCreateOSXProvisioningProfileSigning(void) -{ - return _SecPolicyCreateWithOID(kSecPolicyAppleOSXProvisioningProfileSigning); -} -#endif - - -#if !SECTRUST_OSX -/* new in 10.11 */ -SecPolicyRef SecPolicyCreateAppleATVVPNProfileSigning(void) -{ - return _SecPolicyCreateWithOID(kSecPolicyAppleX509Basic); -} -#endif - -#if !SECTRUST_OSX -SecPolicyRef SecPolicyCreateAppleSSLService(CFStringRef hostname) -{ - // SSL server, pinned to an Apple intermediate - SecPolicyRef policy = SecPolicyCreateSSL(true, hostname); - if (policy) { - // change options for policy evaluation - char *strbuf = NULL; - const char *hostnamestr = NULL; - if (hostname) { - hostnamestr = CFStringGetCStringPtr(hostname, kCFStringEncodingUTF8); - if (hostnamestr == NULL) { - CFIndex maxLen = CFStringGetMaximumSizeForEncoding(CFStringGetLength(hostname), kCFStringEncodingUTF8) + 1; - strbuf = (char *)malloc(maxLen); - if (CFStringGetCString(hostname, strbuf, maxLen, kCFStringEncodingUTF8)) { - hostnamestr = strbuf; - } - } - } - uint32 hostnamelen = (hostnamestr) ? (uint32)strlen(hostnamestr) : 0; - uint32 flags = 0x00000002; // 2nd-lowest bit set to require Apple intermediate pin - CSSM_APPLE_TP_SSL_OPTIONS opts = {CSSM_APPLE_TP_SSL_OPTS_VERSION, hostnamelen, hostnamestr, flags}; - CSSM_DATA data = {sizeof(opts), (uint8*)&opts}; - SecPolicySetValue(policy, &data); - } - return policy; -} -#endif - /* OS X only: TBD */ #include /* New in 10.10 */ @@ -970,35 +575,6 @@ SecPolicyRef SecPolicyCreateAppleSSLService(CFStringRef hostname) CFArrayRef SecPolicyCreateAppleTimeStampingAndRevocationPolicies(CFTypeRef policyOrArray) { -#if !SECTRUST_OSX - /* can't use SECAPI macros, since this function does not return OSStatus */ - CFArrayRef resultPolicyArray=NULL; - try { - // Set default policy - CFRef policyArray = cfArrayize(policyOrArray); - CFRef defaultPolicy = _SecPolicyCreateWithOID(kSecPolicyAppleTimeStamping); - CFRef appleTimeStampingPolicies = makeCFMutableArray(1,defaultPolicy.get()); - - // Parse the policy and add revocation related ones - CFIndex numPolicies = CFArrayGetCount(policyArray); - for(CFIndex dex=0; dex pol = Policy::required(SecPolicyRef(secPol)); - const CssmOid &oid = pol->oid(); - if ((oid == CssmOid::overlay(CSSMOID_APPLE_TP_REVOCATION)) - || (oid == CssmOid::overlay(CSSMOID_APPLE_TP_REVOCATION_CRL)) - || (oid == CssmOid::overlay(CSSMOID_APPLE_TP_REVOCATION_OCSP))) - { - CFArrayAppendValue(appleTimeStampingPolicies, secPol); - } - } - // Transfer of ownership - resultPolicyArray=appleTimeStampingPolicies.yield(); - } - catch (...) { - CFReleaseNull(resultPolicyArray); - }; -#else /* implement with unified SecPolicyRef instances */ SecPolicyRef policy = NULL; CFMutableArrayRef resultPolicyArray = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); @@ -1015,7 +591,6 @@ SecPolicyCreateAppleTimeStampingAndRevocationPolicies(CFTypeRef policyOrArray) CFArrayAppendValue(resultPolicyArray, policy); CFReleaseNull(policy); } -#endif return resultPolicyArray; } diff --git a/OSX/libsecurity_keychain/lib/SecPolicyPriv.h b/OSX/libsecurity_keychain/lib/SecPolicyPriv.h deleted file mode 100644 index ee635e69..00000000 --- a/OSX/libsecurity_keychain/lib/SecPolicyPriv.h +++ /dev/null @@ -1,1497 +0,0 @@ -/* - * Copyright (c) 2003-2016 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecPolicyPriv - The functions provided in SecPolicyPriv provide an interface to various - X.509 certificate trust policies. -*/ - -#ifndef _SECURITY_SECPOLICYPRIV_H_ -#define _SECURITY_SECPOLICYPRIV_H_ - -#include -#include -#include -#include -#include - -__BEGIN_DECLS - -CF_ASSUME_NONNULL_BEGIN -CF_IMPLICIT_BRIDGING_ENABLED - -/*! - @enum Policy Constants (Private) - @discussion Predefined constants used to specify a policy. - @constant kSecPolicyAppleMobileStore - @constant kSecPolicyAppleTestMobileStore - @constant kSecPolicyAppleEscrowService - @constant kSecPolicyAppleProfileSigner - @constant kSecPolicyAppleQAProfileSigner - @constant kSecPolicyAppleServerAuthentication - @constant kSecPolicyAppleOTAPKISigner - @constant kSecPolicyAppleTestOTAPKISigner - @constant kSecPolicyAppleIDValidationRecordSigning - @constant kSecPolicyAppleSMPEncryption - @constant kSecPolicyAppleTestSMPEncryption - @constant kSecPolicyApplePCSEscrowService - @constant kSecPolicyApplePPQSigning - @constant kSecPolicyAppleTestPPQSigning - @constant kSecPolicyAppleSWUpdateSigning - @constant kSecPolicyApplePackageSigning - @constant kSecPolicyAppleOSXProvisioningProfileSigning - @constant kSecPolicyAppleATVVPNProfileSigning - @constant kSecPolicyAppleAST2DiagnosticsServerAuth - @constant kSecPolicyAppleEscrowProxyServerAuth - @constant kSecPolicyAppleFMiPServerAuth - @constant kSecPolicyAppleMMCService - @constant kSecPolicyAppleGSService - @constant kSecPolicyApplePPQService - @constant kSecPolicyAppleHomeKitServerAuth - @constant kSecPolicyAppleiPhoneActivation - @constant kSecPolicyAppleiPhoneDeviceCertificate - @constant kSecPolicyAppleFactoryDeviceCertificate - @constant kSecPolicyAppleiAP - @constant kSecPolicyAppleiTunesStoreURLBag - @constant kSecPolicyAppleiPhoneApplicationSigning - @constant kSecPolicyAppleiPhoneProfileApplicationSigning - @constant kSecPolicyAppleiPhoneProvisioningProfileSigning - @constant kSecPolicyAppleLockdownPairing - @constant kSecPolicyAppleURLBag - @constant kSecPolicyAppleOTATasking - @constant kSecPolicyAppleMobileAsset - @constant kSecPolicyAppleIDAuthority - @constant kSecPolicyAppleGenericApplePinned - @constant kSecPolicyAppleGenericAppleSSLPinned - @constant kSecPolicyAppleSoftwareSigning - @constant kSecPolicyAppleExternalDeveloper - @constant kSecPolicyAppleOCSPSigner - @constant kSecPolicyAppleIDSService - @constant kSecPolicyAppleIDSServiceContext - @constant kSecPolicyApplePushService - @constant kSecPolicyAppleLegacyPushService - @constant kSecPolicyAppleTVOSApplicationSigning - @constant kSecPolicyAppleUniqueDeviceIdentifierCertificate - @constant kSecPolicyAppleEscrowProxyCompatibilityServerAuth - @constant kSecPolicyAppleMMCSCompatibilityServerAuth - @constant kSecPolicyAppleSecureIOStaticAsset - @constant kSecPolicyAppleWarsaw - */ -extern const CFStringRef kSecPolicyAppleMobileStore - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); -extern const CFStringRef kSecPolicyAppleTestMobileStore - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); -extern const CFStringRef kSecPolicyAppleEscrowService - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); -extern const CFStringRef kSecPolicyAppleProfileSigner - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); -extern const CFStringRef kSecPolicyAppleQAProfileSigner - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); -extern const CFStringRef kSecPolicyAppleServerAuthentication - __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0); -extern const CFStringRef kSecPolicyAppleOTAPKISigner - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_7_0); -extern const CFStringRef kSecPolicyAppleTestOTAPKISigner - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_7_0); -extern const CFStringRef kSecPolicyAppleIDValidationRecordSigningPolicy - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_NA, __MAC_NA, __IPHONE_7_0, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleIDValidationRecordSigning - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleSMPEncryption - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_8_0); -extern const CFStringRef kSecPolicyAppleTestSMPEncryption - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_8_0); -extern const CFStringRef kSecPolicyApplePCSEscrowService - __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_7_0); -extern const CFStringRef kSecPolicyApplePPQSigning - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); -extern const CFStringRef kSecPolicyAppleTestPPQSigning - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); -extern const CFStringRef kSecPolicyAppleSWUpdateSigning - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); -extern const CFStringRef kSecPolicyApplePackageSigning - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); -extern const CFStringRef kSecPolicyAppleOSXProvisioningProfileSigning - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); -extern const CFStringRef kSecPolicyAppleATVVPNProfileSigning - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); -extern const CFStringRef kSecPolicyAppleAST2DiagnosticsServerAuth - __OSX_AVAILABLE_STARTING(__MAC_10_11_4, __IPHONE_9_3); -extern const CFStringRef kSecPolicyAppleEscrowProxyServerAuth - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleFMiPServerAuth - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleMMCService - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleGSService - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyApplePPQService - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleHomeKitServerAuth - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleiPhoneActivation - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleiPhoneDeviceCertificate - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleFactoryDeviceCertificate - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleiAP - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleiTunesStoreURLBag - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleiPhoneApplicationSigning - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleiPhoneProfileApplicationSigning - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleiPhoneProvisioningProfileSigning - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleLockdownPairing - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleURLBag - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleOTATasking - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleMobileAsset - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleIDAuthority - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleGenericApplePinned - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleGenericAppleSSLPinned - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleSoftwareSigning - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleExternalDeveloper - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleOCSPSigner - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleIDSService - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleIDSServiceContext - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyApplePushService - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleLegacyPushService - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleTVOSApplicationSigning - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleUniqueDeviceIdentifierCertificate - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleEscrowProxyCompatibilityServerAuth - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleMMCSCompatibilityServerAuth - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyAppleSecureIOStaticAsset - __OSX_AVAILABLE(10.12.1) __IOS_AVAILABLE(10.1) __TVOS_AVAILABLE(10.0.1) __WATCHOS_AVAILABLE(3.1); -extern const CFStringRef kSecPolicyAppleWarsaw - __OSX_AVAILABLE(10.12.1) __IOS_AVAILABLE(10.1) __TVOS_AVAILABLE(10.0.1) __WATCHOS_AVAILABLE(3.1); - - -/*! - @enum Policy Value Constants - @abstract Predefined property key constants used to get or set values in - a dictionary for a policy instance. - @discussion - All policies will have the following read-only value: - kSecPolicyOid (the policy object identifier) - - Additional policy values which your code can optionally set: - kSecPolicyName (name which must be matched) - kSecPolicyClient (evaluate for client, rather than server) - kSecPolicyRevocationFlags (only valid for a revocation policy) - kSecPolicyRevocationFlags (only valid for a revocation policy) - kSecPolicyTeamIdentifier (only valid for a Passbook signing policy) - kSecPolicyContext (valid for policies below that take a context parameter) - kSecPolicyPolicyName (only valid for GenericApplePinned or - GenericAppleSSLPinned policies) - kSecPolicyIntermediateMarkerOid (only valid for GenericApplePinned or - GenericAppleSSLPinned policies) - kSecPolicyLeafMarkerOid (only valid for GenericApplePinned or - GenericAppleSSLPinned policies) - kSecPolicyRootDigest (only valid for the UniqueDeviceCertificate policy) - - @constant kSecPolicyContext Specifies a CFDictionaryRef with keys and values - specified by the particular SecPolicyCreate function. - @constant kSecPolicyPolicyName Specifies a CFStringRef of the name of the - desired policy result. - @constant kSecPolicyIntermediateMarkerOid Specifies a CFStringRef of the - marker OID (in decimal format) required in the intermediate certificate. - @constant kSecPolicyLeafMarkerOid Specifies a CFStringRef of the - marker OID (in decimal format) required in the leaf certificate. - @constant kSecPolicyRootDigest Specifies a CFDataRef of digest required to - match the SHA-256 of the root certificate. - */ -extern const CFStringRef kSecPolicyContext - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyPolicyName - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyIntermediateMarkerOid - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyLeafMarkerOid - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecPolicyRootDigest - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); - - -/*! - @function SecPolicyCreateApplePinned - @abstract Returns a policy object for verifying Apple certificates. - @param policyName A string that identifies the policy name. - @param intermediateMarkerOID A string containing the decimal representation of the - extension OID in the intermediate certificate. - @param leafMarkerOID A string containing the decimal representation of the extension OID - in the leaf certificate. - @discussion The resulting policy uses the Basic X.509 policy with validity check and - pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if the value true is set for the key - "ApplePinningAllowTestCerts%@" (where %@ is the policyName parameter) in the - com.apple.security preferences for the user of the calling application. - * There are exactly 3 certs in the chain. - * The intermediate has a marker extension with OID matching the intermediateMarkerOID - parameter. - * The leaf has a marker extension with OID matching the leafMarkerOID parameter. - * Revocation is checked via any available method. - * RSA key sizes are 2048-bit or larger. EC key sizes are P-256 or larger. - @result A policy object. The caller is responsible for calling CFRelease on this when - it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateApplePinned(CFStringRef policyName, - CFStringRef intermediateMarkerOID, CFStringRef leafMarkerOID) - __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecPolicyCreateAppleSSLPinned - @abstract Returns a policy object for verifying Apple SSL certificates. - @param policyName A string that identifies the service/policy name. - @param hostname hostname to verify the certificate name against. - @param intermediateMarkerOID A string containing the decimal representation of the - extension OID in the intermediate certificate. If NULL is passed, the default OID of - 1.2.840.113635.100.6.2.12 is checked. - @param leafMarkerOID A string containing the decimal representation of the extension OID - in the leaf certificate. - @discussion The resulting policy uses the Basic X.509 policy with validity check and - pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if the value true is set for the key - "ApplePinningAllowTestCerts%@" (where %@ is the policyName parameter) in the - com.apple.security preferences for the user of the calling application. - * There are exactly 3 certs in the chain. - * The intermediate has a marker extension with OID matching the intermediateMarkerOID - parameter, or 1.2.840.113635.100.6.2.12 if NULL is passed. - * The leaf has a marker extension with OID matching the leafMarkerOID parameter. - * The leaf has the provided hostname in the DNSName of the SubjectAlternativeName - extension or Common Name. - * The leaf has ExtendedKeyUsage with the ServerAuth OID. - * Revocation is checked via any available method. - * RSA key sizes are 2048-bit or larger. EC key sizes are P-256 or larger. - @result A policy object. The caller is responsible for calling CFRelease on this when - it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleSSLPinned(CFStringRef policyName, CFStringRef hostname, - CFStringRef __nullable intermediateMarkerOID, CFStringRef leafMarkerOID) - __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecPolicyCreateiPhoneActivation - @abstract Returns a policy object for verifying iPhone Activation - certificate chains. - @discussion This policy uses the Basic X.509 policy with no validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * There are exactly 3 certs in chain. - * The intermediate has Common Name "Apple iPhone Certification Authority". - * The leaf has Common Name "iPhone Activation". - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateiPhoneActivation(void); - -/*! - @function SecPolicyCreateiPhoneDeviceCertificate - @abstract Returns a policy object for verifying iPhone Device certificate - chains. - @discussion This policy uses the Basic X.509 policy with no validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * There are exactly 4 certs in chain. - * The first intermediate has Common Name "Apple iPhone Device CA". - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateiPhoneDeviceCertificate(void); - -/*! - @function SecPolicyCreateFactoryDeviceCertificate - @abstract Returns a policy object for verifying Factory Device certificate - chains. - @discussion This policy uses the Basic X.509 policy with no validity check - and pinning options: - * The chain is anchored to the Factory Device CA. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateFactoryDeviceCertificate(void); - -/*! - @function SecPolicyCreateiAP - @abstract Returns a policy object for verifying iAP certificate chains. - @discussion This policy uses the Basic X.509 policy with no validity check - and pinning options: - * The leaf has notBefore date after 5/31/2006 midnight GMT. - * The leaf has Common Name beginning with "IPA_". - The intended use of this policy is that the caller pass in the - intermediates for iAP1 and iAP2 to SecTrustSetAnchorCertificates(). - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateiAP(void); - -/*! - @function SecPolicyCreateiTunesStoreURLBag - @abstract Returns a policy object for verifying iTunes Store URL bag - certificates. - @discussion This policy uses the Basic X.509 policy with no validity check - and pinning options: - * The chain is anchored to the iTMS CA. - * There are exactly 2 certs in the chain. - * The leaf has Organization "Apple Inc.". - * The leaf has Common Name "iTunes Store URL Bag". - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateiTunesStoreURLBag(void); - -/*! - @function SecPolicyCreateEAP - @abstract Returns a policy object for verifying for 802.1x/EAP certificates. - @param server Passing true for this parameter create a policy for EAP - server certificates. - @param trustedServerNames Optional; if present, the hostname in the leaf - certificate must be in the trustedServerNames list. Note that contrary - to all other policies the trustedServerNames list entries can have wildcards - whilst the certificate cannot. This matches the existing deployments. - @discussion This policy uses the Basic X.509 policy with validity check but - disallowing network fetching. If trustedServerNames param is non-null, the - ExtendedKeyUsage extension, if present, of the leaf certificate is verified - to contain either the ServerAuth OID, if the server param is true or - ClientAuth OID, otherwise. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateEAP(Boolean server, CFArrayRef __nullable trustedServerNames); - -/*! - @function SecPolicyCreateIPSec - @abstract Returns a policy object for evaluating IPSec certificate chains. - @param server Passing true for this parameter create a policy for IPSec - server certificates. - @param hostname Optional; if present, the policy will require the specified - hostname or ip address to match the hostname in the leaf certificate. - @discussion This policy uses the Basic X.509 policy with validity check. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateIPSec(Boolean server, CFStringRef __nullable hostname); - -/*! - @function SecPolicyCreateAppleSWUpdateSigning - @abstract Returns a policy object for evaluating SW update signing certs. - @discussion This policy uses the Basic X.509 policy with no validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * There are exactly 3 certs in the chain. - * The intermediate ExtendedKeyUsage Extension contains 1.2.840.113635.100.4.1. - * The leaf ExtendedKeyUsage extension contains 1.2.840.113635.100.4.1. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleSWUpdateSigning(void); - -/*! - @function SecPolicyCreateApplePackageSigning - @abstract Returns a policy object for evaluating installer package signing certs. - @discussion This policy uses the Basic X.509 policy with no validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * There are exactly 3 certs in the chain. - * The leaf KeyUsage extension has the digital signature bit set. - * The leaf ExtendedKeyUsage extension has the CodeSigning OID. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateApplePackageSigning(void); - -/*! - @function SecPolicyCreateiPhoneApplicationSigning - @abstract Returns a policy object for evaluating signed application - signatures. This is for apps signed directly by the app store. - @discussion This policy uses the Basic X.509 policy with no validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * There are exactly 3 certs in the chain. - * The intermediate has Common Name "Apple iPhone Certification Authority". - * The leaf has Common Name "Apple iPhone OS Application Signing". - * The leaf has a marker extension with OID 1.2.840.113635.100.6.1.3 or OID - 1.2.840.113635.100.6.1.6. - * The leaf has ExtendedKeyUsage, if any, with the AnyExtendedKeyUsage OID - or the CodeSigning OID. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateiPhoneApplicationSigning(void); - -/*! - @function SecPolicyCreateiPhoneProfileApplicationSigning - @abstract Returns a policy object for evaluating signed application - signatures. This policy is for certificates inside a UPP or regular - profile. - @discussion This policy only verifies that the leaf is temporally valid - and not revoked via any available method. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateiPhoneProfileApplicationSigning(void); - -/*! - @function SecPolicyCreateiPhoneProvisioningProfileSigning - @abstract Returns a policy object for evaluating provisioning profile signatures. - @discussion This policy uses the Basic X.509 policy with no validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * There are exactly 3 certs in the chain. - * The intermediate has Common Name "Apple iPhone Certification Authority". - * The leaf has Common Name "Apple iPhone OS Provisioning Profile Signing". - * If the device is not a production device and is running an internal - release, the leaf may have the Common Name "TEST Apple iPhone OS - Provisioning Profile Signing TEST". - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateiPhoneProvisioningProfileSigning(void); - -/*! - @function SecPolicyCreateAppleTVOSApplicationSigning - @abstract Returns a policy object for evaluating signed application - signatures. This is for apps signed directly by the Apple TV app store, - and allows for both the prod and the dev/test certs. - @discussion This policy uses the Basic X.509 policy with no validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. - Test roots are never permitted. - * There are exactly 3 certs in the chain. - * The intermediate has a marker extension with OID 1.2.840.113635.100.6.2.1. - * The leaf has ExtendedKeyUsage, if any, with the AnyExtendedKeyUsage OID or - the CodeSigning OID. - * The leaf has a marker extension with OID 1.2.840.113635.100.6.1.24 or OID - 1.2.840.113635.100.6.1.24.1. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleTVOSApplicationSigning(void); - -/*! - @function SecPolicyCreateOCSPSigner - @abstract Returns a policy object for evaluating ocsp response signers. - @discussion This policy uses the Basic X.509 policy with validity check and - requires the leaf to have an ExtendedKeyUsage of OCSPSigning. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateOCSPSigner(void); - - -enum { - kSecSignSMIMEUsage = (1 << 0), - kSecKeyEncryptSMIMEUsage = (1 << 1), - kSecDataEncryptSMIMEUsage = (1 << 2), - kSecKeyExchangeDecryptSMIMEUsage = (1 << 3), - kSecKeyExchangeEncryptSMIMEUsage = (1 << 4), - kSecKeyExchangeBothSMIMEUsage = (1 << 5), - kSecAnyEncryptSMIME = kSecKeyEncryptSMIMEUsage | kSecDataEncryptSMIMEUsage | - kSecKeyExchangeDecryptSMIMEUsage | kSecKeyExchangeEncryptSMIMEUsage -}; - -/*! - @function SecPolicyCreateSMIME - @abstract Returns a policy object for evaluating S/MIME certificate chains. - @param smimeUsage Pass the bitwise or of one or more kSecXXXSMIMEUsage - flags, to indicate the intended usage of this certificate. - @param email Optional; if present, the policy will require the specified - email to match the email in the leaf certificate. - @discussion This policy uses the Basic X.509 policy with validity check and - requires the leaf to have - * a KeyUsage matching the smimeUsage, - * an ExtendedKeyUsage, if any, with the AnyExtendedKeyUsage OID or the - EmailProtection OID, and - * if the email param is specified, the email address in the RFC822Name in the - SubjectAlternativeName extension or in the Email Address field of the - Subject Name. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateSMIME(CFIndex smimeUsage, CFStringRef __nullable email); - -/*! - @function SecPolicyCreateCodeSigning - @abstract Returns a policy object for evaluating code signing certificate chains. - @discussion This policy uses the Basic X.509 policy with validity check and - requires the leaf to have - * a KeyUsage with both the DigitalSignature and NonRepudiation bits set, and - * an ExtendedKeyUsage with the AnyExtendedKeyUsage OID or the CodeSigning OID. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateCodeSigning(void); - -/*! - @function SecPolicyCreateLockdownPairing - @abstract basic x509 policy for checking lockdown pairing certificate chains. - @disucssion This policy checks some of the Basic X.509 policy options with no - validity check. It explicitly allows for empty subjects. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateLockdownPairing(void); - -/*! - @function SecPolicyCreateURLBag - @abstract Returns a policy object for evaluating certificate chains for signing URL bags. - @discussion This policy uses the Basic X.509 policy with no validity check and requires - that the leaf has ExtendedKeyUsage extension with the CodeSigning OID. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateURLBag(void); - -/*! - @function SecPolicyCreateOTATasking - @abstract Returns a policy object for evaluating certificate chains for signing OTA Tasking. - @discussion This policy uses the Basic X.509 policy with validity check and - pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * There are exactly 3 certs in the chain. - * The intermediate has Common Name "Apple iPhone Certification Authority". - * The leaf has Common Name "OTA Task Signing". - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateOTATasking(void); - -/*! - @function SecPolicyCreateMobileAsset - @abstract Returns a policy object for evaluating certificate chains for signing Mobile Assets. - @discussion This policy uses the Basic X.509 policy with no validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * There are exactly 3 certs in the chain. - * The intermediate has Common Name "Apple iPhone Certification Authority". - * The leaf has Common Name "Asset Manifest Signing". - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateMobileAsset(void); - -/*! - @function SecPolicyCreateAppleIDAuthorityPolicy - @abstract Returns a policy object for evaluating certificate chains for Apple ID Authority. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * The intermediate(s) has(have) a marker extension with OID 1.2.840.113635.100.6.2.3 - or OID 1.2.840.113635.100.6.2.7. - * The leaf has a marker extension with OID 1.2.840.113635.100.4.7. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleIDAuthorityPolicy(void); - -/*! - @function SecPolicyCreateMacAppStoreReceipt - @abstract Returns a policy object for evaluating certificate chains for signing - Mac App Store Receipts. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * There are exactly 3 certs in the chain. - * The intermediate has a marker extension with OID 1.2.840.113635.100.6.2.1. - * The leaf has CertificatePolicy extension with OID 1.2.840.113635.100.5.6.1. - * The leaf has a marker extension with OID 1.2.840.113635.100.6.11.1. - * Revocation is checked via any available method. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateMacAppStoreReceipt(void); - -/*! - @function SecPolicyCreatePassbookCardSigner - @abstract Returns a policy object for evaluating certificate chains for signing Passbook cards. - @param cardIssuer Required; must match name in marker extension. - @param teamIdentifier Optional; if present, the policy will require the specified - team ID to match the organizationalUnit field in the leaf certificate's subject. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * The leaf has a marker extension with OID 1.2.840.113635.100.6.1.16 and containing the - cardIssuer. - * The leaf has ExtendedKeyUsage with OID 1.2.840.113635.100.4.14. - * The leaf has a Organizational Unit matching the TeamID. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreatePassbookCardSigner(CFStringRef cardIssuer, - CFStringRef __nullable teamIdentifier); - -/*! - @function SecPolicyCreateMobileStoreSigner - @abstract Returns a policy object for evaluating Mobile Store certificate chains. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * There are exactly 3 certs in the chain. - * The intermediate has Common Name "Apple System Integration 2 Certification Authority". - * The leaf has KeyUsage with the DigitalSignature bit set. - * The leaf has CertificatePolicy extension with OID 1.2.840.113635.100.5.12. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateMobileStoreSigner(void); - -/*! - @function SecPolicyCreateTestMobileStoreSigner - @abstract Returns a policy object for evaluating Test Mobile Store certificate chains. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * There are exactly 3 certs in the chain. - * The intermediate has Common Name "Apple System Integration 2 Certification Authority". - * The leaf has KeyUsage with the DigitalSignature bit set. - * The leaf has CertificatePolicy extension with OID 1.2.840.113635.100.5.12.1. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateTestMobileStoreSigner(void); - -/*! - @function SecPolicyCreateEscrowServiceSigner - @abstract Returns a policy object for evaluating Escrow Service certificate chains. - @discussion This policy uses the Basic X.509 policy with no validity check - and pinning options: - * The chain is anchored to the current Escrow Roots in the OTAPKI asset. - * There are exactly 2 certs in the chain. - * The leaf has KeyUsage with the KeyEncipherment bit set. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateEscrowServiceSigner(void); - -/*! - @function SecPolicyCreatePCSEscrowServiceSigner - @abstract Returns a policy object for evaluating PCS Escrow Service certificate chains. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to the current PCS Escrow Roots in the OTAPKI asset. - * There are exactly 2 certs in the chain. - * The leaf has KeyUsage with the KeyEncipherment bit set. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreatePCSEscrowServiceSigner(void); - -/*! - @function SecPolicyCreateOSXProvisioningProfileSigning - @abstract Returns a policy object for evaluating certificate chains for signing OS X - Provisioning Profiles. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * The intermediate has a marker extension with OID 1.2.840.113635.100.6.2.1. - * The leaf has KeyUsage with the DigitalSignature bit set. - * The leaf has a marker extension with OID 1.2.840.113635.100.4.11. - * Revocation is checked via OCSP. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateOSXProvisioningProfileSigning(void); - -/*! - @function SecPolicyCreateConfigurationProfileSigner - @abstract Returns a policy object for evaluating certificate chains for signing - Configuration Profiles. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * There are exactly 3 certs in the chain. - * The intermediate has a marker extension with OID 1.2.840.113635.100.6.2.3. - * The leaf has ExtendedKeyUsage with OID 1.2.840.113635.100.4.16. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateConfigurationProfileSigner(void); - -/*! - @function SecPolicyCreateQAConfigurationProfileSigner - @abstract Returns a policy object for evaluating certificate chains for signing - QA Configuration Profiles. On customer builds, this function returns the same - policy as SecPolicyCreateConfigurationProfileSigner. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * The intermediate has a marker extension with OID 1.2.840.113635.100.6.2.3. - * The leaf has ExtendedKeyUsage with OID 1.2.840.113635.100.4.17. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateQAConfigurationProfileSigner(void); - -/*! - @function SecPolicyCreateOTAPKISigner - @abstract Returns a policy object for evaluating OTA PKI certificate chains. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to Apple PKI Settings CA. - * There are exactly 2 certs in the chain. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateOTAPKISigner(void); - -/*! - @function SecPolicyCreateTestOTAPKISigner - @abstract Returns a policy object for evaluating OTA PKI certificate chains. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to Apple Test PKI Settings CA. - * There are exactly 2 certs in the chain. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateTestOTAPKISigner(void); - -/*! - @function SecPolicyCreateAppleIDValidationRecordSigningPolicy - @abstract Returns a policy object for evaluating certificate chains for signing - Apple ID Validation Records. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * The intermediate(s) has(have) a marker extension with OID 1.2.840.113635.100.6.2.3 - or OID 1.2.840.113635.100.6.2.10. - * The leaf has a marker extension with OID 1.2.840.113635.100.6.25. - * Revocation is checked via OCSP. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleIDValidationRecordSigningPolicy(void); - -/*! - @function SecPolicyCreateAppleSMPEncryption - @abstract Returns a policy object for evaluating SMP certificate chains. - @discussion This policy uses the Basic X.509 policy with no validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * There are exactly 3 certs in the chain. - * The intermediate has a marker extension with OID 1.2.840.113635.100.6.2.13. - * The leaf has KeyUsage with the KeyEncipherment bit set. - * The leaf has a marker extension with OID 1.2.840.113635.100.6.30. - * Revocation is checked via OCSP. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleSMPEncryption(void); - -/*! - @function SecPolicyCreateTestAppleSMPEncryption - @abstract Returns a policy object for evaluating Test SMP certificate chains. - @discussion This policy uses the Basic X.509 policy with no validity check - and pinning options: - * The chain is anchored to a Test Apple Root with ECC public key certificate. - * There are exactly 3 certs in the chain. - * The intermediate has Common Name "Test Apple System Integration CA - ECC". - * The leaf has KeyUsage with the KeyEncipherment bit set. - * Revocation is checked via OCSP. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateTestAppleSMPEncryption(void); - -/*! - @function SecPolicyCreateApplePPQSigning - @abstract Returns a policy object for verifying production PPQ Signing certificates. - @discussion This policy uses the Basic X.509 policy with no validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * There are exactly 3 certs in the chain. - * The intermediate has Common Name "Apple System Integration 2 Certification - Authority". - * The intermediate has a marker extension with OID 1.2.840.113635.100.6.2.10. - * The leaf has KeyUsage with the DigitalSignature bit set. - * The leaf has a marker extension with OID 1.2.840.113635.100.6.38.2. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateApplePPQSigning(void); - -/*! - @function SecPolicyCreateTestApplePPQSigning - @abstract Returns a policy object for verifying test PPQ Signing certificates. On - customer builds, this function returns the same policy as SecPolicyCreateApplePPQSigning. - @discussion This policy uses the Basic X.509 policy with no validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * There are exactly 3 certs in the chain. - * The intermediate has Common Name "Apple System Integration 2 Certification - Authority". - * The intermediate has a marker extension with OID 1.2.840.113635.100.6.2.10. - * The leaf has KeyUsage with the DigitalSignature bit set. - * The leaf has a marker extension with OID 1.2.840.113635.100.6.38.1. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateTestApplePPQSigning(void); - -/*! - @function SecPolicyCreateAppleIDSService - @abstract Ensure we're appropriately pinned to the IDS service (SSL + Apple restrictions) - @discussion This policy uses the SSL server policy. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleIDSService(CFStringRef __nullable hostname); - -/*! - @function SecPolicyCreateAppleIDSServiceContext - @abstract Ensure we're appropriately pinned to the IDS service (SSL + Apple restrictions) - @param hostname Required; hostname to verify the certificate name against. - @param context Optional; if present, "AppleServerAuthenticationAllowUATIDS" with value - Boolean true will allow Test Apple roots on internal releases. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Test Apple Root CAs - are permitted only on internal releases either using the context dictionary or with - defaults write. - * The intermediate has a marker extension with OID 1.2.840.113635.100.6.2.12. - * The leaf has a marker extension with OID 1.2.840.113635.100.6.27.4.2 or, - if Test Roots are allowed, OID 1.2.840.113635.100.6.27.4.1. - * The leaf has the provided hostname in the DNSName of the SubjectAlternativeName - extension or Common Name. - * The leaf is checked against the Black and Gray lists. - * The leaf has ExtendedKeyUsage with the ServerAuth OID. - * Revocation is checked via any available method. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleIDSServiceContext(CFStringRef hostname, CFDictionaryRef __nullable context); - -/*! - @function SecPolicyCreateApplePushService - @abstract Ensure we're appropriately pinned to the Apple Push service (SSL + Apple restrictions) - @param hostname Required; hostname to verify the certificate name against. - @param context Optional; if present, "AppleServerAuthenticationAllowUATAPN" with value - Boolean true will allow Test Apple roots on internal releases. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Test Apple Root CAs - are permitted only on internal releases either using the context dictionary or with - defaults write. - * The intermediate has a marker extension with OID 1.2.840.113635.100.6.2.12. - * The leaf has a marker extension with OID 1.2.840.113635.100.6.27.5.2 or, - if Test Roots are allowed, OID 1.2.840.113635.100.6.27.5.1. - * The leaf has the provided hostname in the DNSName of the SubjectAlternativeName - extension or Common Name. - * The leaf is checked against the Black and Gray lists. - * The leaf has ExtendedKeyUsage with the ServerAuth OID. - * Revocation is checked via any available method. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateApplePushService(CFStringRef hostname, CFDictionaryRef __nullable context); - -/*! - @function SecPolicyCreateApplePushServiceLegacy - @abstract Ensure we're appropriately pinned to the Push service (via Entrust) - @param hostname Required; hostname to verify the certificate name against. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to an Entrust Intermediate. - * The leaf has the provided hostname in the DNSName of the SubjectAlternativeName - extension or Common Name. - * The leaf is checked against the Black and Gray lists. - * The leaf has ExtendedKeyUsage with the ServerAuth OID. - * Revocation is checked via any available method. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateApplePushServiceLegacy(CFStringRef hostname); - -/*! - @function SecPolicyCreateAppleMMCSService - @abstract Ensure we're appropriately pinned to the MMCS service (SSL + Apple restrictions) - @param hostname Required; hostname to verify the certificate name against. - @param context Optional; if present, "AppleServerAuthenticationAllowUATMMCS" with value - Boolean true will allow Test Apple roots and test OIDs on internal releases. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. - * The intermediate has a marker extension with OID 1.2.840.113635.100.6.2.12. - * The leaf has a marker extension with OID 1.2.840.113635.100.6.27.11.2 or, if - enabled, OID 1.2.840.113635.100.6.27.11.1. - * The leaf has the provided hostname in the DNSName of the SubjectAlternativeName - extension or Common Name. - * The leaf has ExtendedKeyUsage with the ServerAuth OID. - * Revocation is checked via any available method. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleMMCSService(CFStringRef hostname, CFDictionaryRef __nullable context); - -/*! - @function SecPolicyCreateAppleCompatibilityMMCSService - @abstract Ensure we're appropriately pinned to the MMCS service using compatibility certs - @param hostname Required; hostname to verify the certificate name against. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to the GeoTrust Global CA - * The intermediate has a subject public key info hash matching the public key of - the Apple IST CA G1 intermediate. - * The chain length is 3. - * The leaf has a marker extension with OID 1.2.840.113635.100.6.27.11.2 or - OID 1.2.840.113635.100.6.27.11.1. - * The leaf has the provided hostname in the DNSName of the SubjectAlternativeName - extension or Common Name. - * The leaf is checked against the Black and Gray lists. - * The leaf has ExtendedKeyUsage with the ServerAuth OID. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleCompatibilityMMCSService(CFStringRef hostname) - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); - -/*! - @function SecPolicyCreateAppleGSService - @abstract Ensure we're appropriately pinned to the GS service (SSL + Apple restrictions) - @param hostname Required; hostname to verify the certificate name against. - @param context Optional; if present, "AppleServerAuthenticationAllowUATGS" with value - Boolean true will allow Test Apple roots on internal releases. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Test Apple Root CAs - are permitted only on internal releases either using the context dictionary or with - defaults write. - * The intermediate has a marker extension with OID 1.2.840.113635.100.6.2.12. - * The leaf has a marker extension with OID 1.2.840.113635.100.6.27.2. - * The leaf has the provided hostname in the DNSName of the SubjectAlternativeName - extension or Common Name. - * The leaf is checked against the Black and Gray lists. - * The leaf has ExtendedKeyUsage with the ServerAuth OID. - * Revocation is checked via any available method. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleGSService(CFStringRef hostname, CFDictionaryRef __nullable context) - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); - -/*! - @function SecPolicyCreateApplePPQService - @abstract Ensure we're appropriately pinned to the PPQ service (SSL + Apple restrictions) - @param hostname Required; hostname to verify the certificate name against. - @param context Optional; if present, "AppleServerAuthenticationAllowUATPPQ" with value - Boolean true will allow Test Apple roots on internal releases. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Test Apple Root CAs - are permitted only on internal releases either using the context dictionary or with - defaults write. - * The intermediate has a marker extension with OID 1.2.840.113635.100.6.2.12. - * The leaf has a marker extension with OID 1.2.840.113635.100.6.27.3.2 or, - if Test Roots are allowed, OID 1.2.840.113635.100.6.27.3.1. - * The leaf has the provided hostname in the DNSName of the SubjectAlternativeName - extension or Common Name. - * The leaf is checked against the Black and Gray lists. - * The leaf has ExtendedKeyUsage with the ServerAuth OID. - * Revocation is checked via any available method. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateApplePPQService(CFStringRef hostname, CFDictionaryRef __nullable context) - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); - -/*! - @function SecPolicyCreateAppleAST2Service - @abstract Ensure we're appropriately pinned to the AST2 Diagnostic service (SSL + Apple restrictions) - @param hostname Required; hostname to verify the certificate name against. - @param context Optional; if present, "AppleServerAuthenticationAllowUATAST2" with value - Boolean true will allow Test Apple roots on internal releases. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Test Apple Root CAs - are permitted either using the context dictionary or with defaults write. - * The intermediate has a marker extension with OID 1.2.840.113635.100.6.2.12. - * The leaf has a marker extension with OID 1.2.840.113635.100.6.27.8.2 or, - if Test Roots are allowed, OID 1.2.840.113635.100.6.27.8.1. - * The leaf has the provided hostname in the DNSName of the SubjectAlternativeName - extension or Common Name. - * The leaf is checked against the Black and Gray lists. - * The leaf has ExtendedKeyUsage with the ServerAuth OID. - * Revocation is checked via any available method. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleAST2Service(CFStringRef hostname, CFDictionaryRef __nullable context) - __OSX_AVAILABLE_STARTING(__MAC_10_11_4, __IPHONE_9_3); - -/*! - @function SecPolicyCreateAppleEscrowProxyService - @abstract Ensure we're appropriately pinned to the iCloud Escrow Proxy service (SSL + Apple restrictions) - @param hostname Required; hostname to verify the certificate name against. - @param context Optional; if present, "AppleServerAuthenticationAllowUATEscrow" with value -Boolean true will allow Test Apple roots on internal releases. - @discussion This policy uses the Basic X.509 policy with validity check -and pinning options: - * The chain is anchored to any of the production Apple Root CAs via full certificate - comparison. Test Apple Root CAs are permitted only on internal releases either - using the context dictionary or with defaults write. - * The intermediate has a marker extension with OID 1.2.840.113635.100.6.2.12. - * The leaf has a marker extension with OID 1.2.840.113635.100.6.27.7.2 or, - if Test Roots are allowed, OID 1.2.840.113635.100.6.27.7.1. - * The leaf has the provided hostname in the DNSName of the SubjectAlternativeName - extension or Common Name. - * The leaf is checked against the Black and Gray lists. - * The leaf has ExtendedKeyUsage with the ServerAuth OID. - * Revocation is checked via any available method. - @result A policy object. The caller is responsible for calling CFRelease -on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleEscrowProxyService(CFStringRef hostname, CFDictionaryRef __nullable context) - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); - -/*! - @function SecPolicyCreateAppleCompatibilityEscrowProxyService - @abstract Ensure we're appropriately pinned to the iCloud Escrow Proxy service using compatibility certs - @param hostname Required; hostname to verify the certificate name against. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to the GeoTrust Global CA - * The intermediate has a subject public key info hash matching the public key of - the Apple IST CA G1 intermediate. - * The chain length is 3. - * The leaf has a marker extension with OID 1.2.840.113635.100.6.27.7.2 or, - if UAT is enabled with a defaults write (internal devices only), - OID 1.2.840.113635.100.6.27.7.1. - * The leaf has the provided hostname in the DNSName of the SubjectAlternativeName - extension or Common Name. - * The leaf is checked against the Black and Gray lists. - * The leaf has ExtendedKeyUsage with the ServerAuth OID. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleCompatibilityEscrowProxyService(CFStringRef hostname) -__OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); - -/*! - @function SecPolicyCreateAppleFMiPService - @abstract Ensure we're appropriately pinned to the Find My iPhone service (SSL + Apple restrictions) - @param hostname Required; hostname to verify the certificate name against. - @param context Optional; if present, "AppleServerAuthenticationAllowUATFMiP" with value - Boolean true will allow Test Apple roots on internal releases. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs via full certificate - comparison. Test Apple Root CAs are permitted only on internal releases either - using the context dictionary or with defaults write. - * The intermediate has a marker extension with OID 1.2.840.113635.100.6.2.12. - * The leaf has a marker extension with OID 1.2.840.113635.100.6.27.6.2 or, - if Test Roots are allowed, OID 1.2.840.113635.100.6.27.6.1. - * The leaf has the provided hostname in the DNSName of the SubjectAlternativeName - extension or Common Name. - * The leaf is checked against the Black and Gray lists. - * The leaf has ExtendedKeyUsage with the ServerAuth OID. - * Revocation is checked via any available method. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleFMiPService(CFStringRef hostname, CFDictionaryRef __nullable context) - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); - -/*! - @function SecPolicyCreateAppleSSLService - @abstract Ensure we're appropriately pinned to an Apple server (SSL + Apple restrictions) - @param hostname Optional; hostname to verify the certificate name against. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * The intermediate has a marker extension with OID 1.2.840.113635.100.6.2.12. - * The leaf has a marker extension with OID 1.2.840.113635.100.6.27.1 - * The leaf has the provided hostname in the DNSName of the SubjectAlternativeName - extension or Common Name. - * The leaf is checked against the Black and Gray lists. - * The leaf has ExtendedKeyUsage, if any, with the ServerAuth OID. - * Revocation is checked via any available method. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleSSLService(CFStringRef __nullable hostname); - -/*! - @function SecPolicyCreateAppleTimeStamping - @abstract Returns a policy object for evaluating time stamping certificate chains. - @discussion This policy uses the Basic X.509 policy with validity check - and requires the leaf has ExtendedKeyUsage with the TimeStamping OID. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleTimeStamping(void); - -/*! - @function SecPolicyCreateApplePayIssuerEncryption - @abstract Returns a policy object for evaluating Apple Pay Issuer Encryption certificate chains. - @discussion This policy uses the Basic X.509 policy with no validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * There are exactly 3 certs in the chain. - * The intermediate has Common Name "Apple Worldwide Developer Relations CA - G2". - * The leaf has KeyUsage with the KeyEncipherment bit set. - * The leaf has a marker extension with OID 1.2.840.113635.100.6.39. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateApplePayIssuerEncryption(void) - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); - -/*! - @function SecPolicyCreateAppleATVVPNProfileSigning - @abstract Returns a policy object for evaluating Apple TV VPN Profile certificate chains. - @discussion This policy uses the Basic X.509 policy with no validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs. Test Apple Root CAs - are permitted only on internal releases. - * There are exactly 3 certs in the chain. - * The intermediate has a marker extension with OID 1.2.840.113635.100.6.2.10. - * The leaf has a marker extension with OID 1.2.840.113635.100.6.43. - * Revocation is checked via OCSP. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleATVVPNProfileSigning(void) - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); - -/*! - @function SecPolicyCreateAppleHomeKitServerAuth - @abstract Ensure we're appropriately pinned to the HomeKit service (SSL + Apple restrictions) - @param hostname Required; hostname to verify the certificate name against. - @discussion This policy uses the Basic X.509 policy with validity check - and pinning options: - * The chain is anchored to any of the production Apple Root CAs via full certificate - comparison. Test Apple Root CAs are permitted only on internal releases with defaults write. - * The intermediate has a marker extension with OID 1.2.840.113635.100.6.2.16 - * The leaf has a marker extension with OID 1.2.840.113635.100.6.27.9. - * The leaf has the provided hostname in the DNSName of the SubjectAlternativeName - extension or Common Name. - * The leaf is checked against the Black and Gray lists. - * The leaf has ExtendedKeyUsage with the ServerAuth OID. - * Revocation is checked via any available method. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleHomeKitServerAuth(CFStringRef hostname) - __OSX_AVAILABLE_STARTING(__MAC_10_11_4, __IPHONE_9_3); - -/*! - @function SecPolicyCreateAppleExternalDeveloper - @abstract Returns a policy object for verifying Apple-issued external developer - certificates. - @discussion The resulting policy uses the Basic X.509 policy with validity check and - pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * There are exactly 3 certs in the chain. - * The intermediate has a marker extension with OID matching 1.2.840.113635.100.6.2.1 - (WWDR CA) or 1.2.840.113635.100.6.2.6 (Developer ID CA). - * The leaf has a marker extension with OID matching one of the following: - * 1.2.840.113635.100.6.1.2 ("iPhone Developer" leaf) - * 1.2.840.113635.100.6.1.4 ("iPhone Distribution" leaf) - * 1.2.840.113635.100.6.1.5 ("Safari Developer" leaf) - * 1.2.840.113635.100.6.1.7 ("3rd Party Mac Developer Application" leaf) - * 1.2.840.113635.100.6.1.8 ("3rd Party Mac Developer Installer" leaf) - * 1.2.840.113635.100.6.1.12 ("Mac Developer" leaf) - * 1.2.840.113635.100.6.1.13 ("Developer ID Application" leaf) - * 1.2.840.113635.100.6.1.14 ("Developer ID Installer" leaf) - * The leaf has an ExtendedKeyUsage OID matching one of the following: - * 1.3.6.1.5.5.7.3.3 (CodeSigning EKU) - * 1.2.840.113635.100.4.8 ("Safari Developer" EKU) - * 1.2.840.113635.100.4.9 ("3rd Party Mac Developer Installer" EKU) - * 1.2.840.113635.100.4.13 ("Developer ID Installer" EKU) - * Revocation is checked via any available method. - * RSA key sizes are 2048-bit or larger. EC key sizes are P-256 or larger. - @result A policy object. The caller is responsible for calling CFRelease on this when - it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleExternalDeveloper(void) - __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecPolicyCreateAppleSoftwareSigning - @abstract Returns a policy object for verifying the Apple Software Signing certificate. - @discussion The resulting policy uses the Basic X.509 policy with validity check and - pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * There are exactly 3 certs in the chain. - * The intermediate has the Common Name "Apple Code Signing Certification Authority". - * The leaf has a marker extension with OID matching 1.2.840.113635.100.6.22. - * The leaf has an ExtendedKeyUsage OID matching 1.3.6.1.5.5.7.3.3 (Code Signing). - * Revocation is checked via any available method. - * RSA key sizes are 2048-bit or larger. EC key sizes are P-256 or larger. - @result A policy object. The caller is responsible for calling CFRelease on this when - it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleSoftwareSigning(void) - __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecPolicyGetName - @abstract Returns a policy's name. - @param policy A policy reference. - @result A policy name. - */ -__nullable CFStringRef SecPolicyGetName(SecPolicyRef policy) - __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecPolicyGetOidString - @abstract Returns a policy's oid in string decimal format. - @param policy A policy reference. - @result A policy oid. - */ -CFStringRef SecPolicyGetOidString(SecPolicyRef policy) - __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecPolicyCreateAppleUniqueDeviceCertificate - @abstract Returns a policy object for verifying Unique Device Identifier Certificates. - @param testRootHash Optional; The SHA-256 fingerprint of a test root for pinning. - @discussion The resulting policy uses the Basic X.509 policy with no validity check and - pinning options: - * The chain is anchored to the SEP Root CA. Internal releases allow the chain to be - anchored to the testRootHash input if the value true is set for the key - "ApplePinningAllowTestCertsUCRT" in the com.apple.security preferences for the user - of the calling application. - * There are exactly 3 certs in the chain. - * The intermediate has an extension with OID matching 1.2.840.113635.100.6.44 and value - of "ucrt". - * The leaf has a marker extension with OID matching 1.2.840.113635.100.10.1. - * RSA key sizes are disallowed. EC key sizes are P-256 or larger. -@result A policy object. The caller is responsible for calling CFRelease on this when - it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleUniqueDeviceCertificate(CFDataRef __nullable testRootHash) - __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecPolicyCreateAppleWarsaw - @abstract Returns a policy object for verifying signed Warsaw assets. - @discussion The resulting policy uses the Basic X.509 policy with validity check and - pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * There are exactly 3 certs in the chain. - * The intermediate has an extension with OID matching 1.2.840.113635.100.6.2.14. - * The leaf has a marker extension with OID matching 1.2.840.113635.100.6.29. - * RSA key sizes are 2048-bit or larger. EC key sizes are P-256 or larger. - @result A policy object. The caller is responsible for calling CFRelease on this when - it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleWarsaw(void) - __OSX_AVAILABLE(10.12.1) __IOS_AVAILABLE(10.1) __TVOS_AVAILABLE(10.0.1) __WATCHOS_AVAILABLE(3.1); - -/*! - @function SecPolicyCreateAppleSecureIOStaticAsset - @abstract Returns a policy object for verifying signed static assets for Secure IO. - @discussion The resulting policy uses the Basic X.509 policy with no validity check and - pinning options: - * The chain is anchored to any of the production Apple Root CAs. Internal releases allow - the chain to be anchored to Test Apple Root CAs if a defaults write for the policy is set. - * There are exactly 3 certs in the chain. - * The intermediate has an extension with OID matching 1.2.840.113635.100.6.2.10. - * The leaf has a marker extension with OID matching 1.2.840.113635.100.6.50. - * RSA key sizes are 2048-bit or larger. EC key sizes are P-256 or larger. - @result A policy object. The caller is responsible for calling CFRelease on this when - it is no longer needed. - */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateAppleSecureIOStaticAsset(void) - __OSX_AVAILABLE(10.12.1) __IOS_AVAILABLE(10.1) __TVOS_AVAILABLE(10.0.1) __WATCHOS_AVAILABLE(3.1); - - -CF_IMPLICIT_BRIDGING_DISABLED -CF_ASSUME_NONNULL_END - -/* - * Legacy functions (OS X only) - */ -#if TARGET_OS_MAC && !TARGET_OS_IPHONE - -CF_ASSUME_NONNULL_BEGIN -CF_IMPLICIT_BRIDGING_ENABLED - -/*! - @function SecPolicyCopy - @abstract Returns a copy of a policy reference based on certificate type and OID. - @param certificateType A certificate type. - @param policyOID The OID of the policy you want to find. This is a required parameter. See oidsalg.h to see a list of policy OIDs. - @param policy The returned policy reference. This is a required parameter. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is deprecated in Mac OS X 10.7 and later; - to obtain a policy reference, use one of the SecPolicyCreate* functions in SecPolicy.h. - */ -OSStatus SecPolicyCopy(CSSM_CERT_TYPE certificateType, const CSSM_OID *policyOID, SecPolicyRef * __nonnull CF_RETURNS_RETAINED policy) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_3, __MAC_10_7, __IPHONE_NA, __IPHONE_NA); - -/*! - @function SecPolicyCopyAll - @abstract Returns an array of all known policies based on certificate type. - @param certificateType A certificate type. This is a optional parameter. Pass CSSM_CERT_UNKNOWN if the certificate type is unknown. - @param policies The returned array of policies. This is a required parameter. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is deprecated in Mac OS X 10.7 and later; - to obtain a policy reference, use one of the SecPolicyCreate* functions in SecPolicy.h. (Note: there is normally - no reason to iterate over multiple disjointed policies, except to provide a way to edit trust settings for each - policy, as is done in certain certificate UI views. In that specific case, your code should call SecPolicyCreateWithOID - for each desired policy from the list of supported OID constants in SecPolicy.h.) - */ -OSStatus SecPolicyCopyAll(CSSM_CERT_TYPE certificateType, CFArrayRef * __nonnull CF_RETURNS_RETAINED policies) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_3, __MAC_10_7, __IPHONE_NA, __IPHONE_NA); - -/* Given a unified SecPolicyRef, return a copy with a legacy - C++ ItemImpl-based Policy instance. Only for internal use; - legacy references cannot be used by SecPolicy API functions. */ -__nullable CF_RETURNS_RETAINED -SecPolicyRef SecPolicyCreateItemImplInstance(SecPolicyRef policy); - -/* Given a CSSM_OID pointer, return a string which can be passed - to SecPolicyCreateWithProperties. The return value can be NULL - if no supported policy was found for the OID argument. */ -__nullable -CFStringRef SecPolicyGetStringForOID(CSSM_OID* oid); - -/*! - @function SecPolicyCreateAppleTimeStampingAndRevocationPolicies - @abstract Create timeStamping policy array from a given set of policies by applying identical revocation behavior - @param policyOrArray can be a SecPolicyRef or a CFArray of SecPolicyRef - @discussion This function is soon to be deprecated. Callers should create an array of the non-deprecated timestamping - and revocation policies. - */ -__nullable CF_RETURNS_RETAINED -CFArrayRef SecPolicyCreateAppleTimeStampingAndRevocationPolicies(CFTypeRef policyOrArray); - -CF_IMPLICIT_BRIDGING_DISABLED -CF_ASSUME_NONNULL_END - -#endif /* TARGET_OS_MAC && !TARGET_OS_IPHONE */ - -__END_DECLS - -#endif /* !_SECURITY_SECPOLICYPRIV_H_ */ diff --git a/OSX/libsecurity_keychain/lib/SecPolicySearch.cpp b/OSX/libsecurity_keychain/lib/SecPolicySearch.cpp index 058051f7..6bde1086 100644 --- a/OSX/libsecurity_keychain/lib/SecPolicySearch.cpp +++ b/OSX/libsecurity_keychain/lib/SecPolicySearch.cpp @@ -71,11 +71,6 @@ SecPolicySearchCopyNext( RequiredParam(policyRef); SecPointer policy; -#if !SECTRUST_OSX - if (!PolicyCursor::required(searchRef)->next(policy)) - return errSecPolicyNotFound; - *policyRef = policy->handle(); -#else /* bridge to support API functionality */ CFStringRef oidStr = NULL; PolicyCursor *policyCursor = PolicyCursor::required(searchRef); @@ -105,7 +100,6 @@ SecPolicySearchCopyNext( } else { __secapiresult = errSecPolicyNotFound; } -#endif END_SECAPI } diff --git a/OSX/libsecurity_keychain/lib/SecRecoveryPassword.c b/OSX/libsecurity_keychain/lib/SecRecoveryPassword.c index 0c93c311..55a59146 100644 --- a/OSX/libsecurity_keychain/lib/SecRecoveryPassword.c +++ b/OSX/libsecurity_keychain/lib/SecRecoveryPassword.c @@ -37,6 +37,7 @@ #include #include #include +#include CFStringRef kSecRecVersionNumber = CFSTR("SRVersionNumber"); CFStringRef kSecRecQuestions = CFSTR("SRQuestions"); @@ -230,7 +231,7 @@ digestString(CFStringRef str) return retval; } -static CFDataRef +static CFDataRef CF_RETURNS_RETAINED b64encode(CFDataRef input) { CFDataRef retval = NULL; @@ -242,7 +243,7 @@ b64encode(CFDataRef input) return retval; } -static CFDataRef +static CFDataRef CF_RETURNS_RETAINED b64decode(CFDataRef input) { CFDataRef retval = NULL; @@ -281,7 +282,7 @@ encryptString(SecKeyRef wrapKey, CFDataRef iv, CFStringRef str) } -static CFStringRef +static CFStringRef CF_RETURNS_RETAINED decryptString(SecKeyRef wrapKey, CFDataRef iv, CFDataRef wrappedPassword) { CFStringRef retval = NULL; @@ -306,8 +307,9 @@ decryptString(SecKeyRef wrapKey, CFDataRef iv, CFDataRef wrappedPassword) if(error == NULL) retval = CFStringCreateFromExternalRepresentation(kCFAllocatorDefault, retData, kCFStringEncodingMacRoman); else secDebug(ASL_LEVEL_ERR, "Failed to decrypt recovery password\n", NULL); CFRelease(group); - } - return retval; + } + CFReleaseNull(decryptTrans); + return retval; } // IV for the recovery ref is currently the leftmost 16 bytes of the digest of the recovery password. diff --git a/OSX/libsecurity_keychain/lib/SecTrust.cpp b/OSX/libsecurity_keychain/lib/SecTrust.cpp index 8feae2cc..83984109 100644 --- a/OSX/libsecurity_keychain/lib/SecTrust.cpp +++ b/OSX/libsecurity_keychain/lib/SecTrust.cpp @@ -27,7 +27,6 @@ #include "SecBase.h" #include "SecBridge.h" #include "SecInternal.h" -#include "SecInternalP.h" #include "SecTrustSettings.h" #include "SecTrustSettingsPriv.h" #include "SecCertificatePriv.h" @@ -40,16 +39,10 @@ #include // forward declarations -#if !SECTRUST_OSX -CFArrayRef SecTrustCopyDetails(SecTrustRef trust); -static CFDictionaryRef SecTrustGetExceptionForCertificateAtIndex(SecTrustRef trust, CFIndex ix); -static void SecTrustCheckException(const void *key, const void *value, void *context); -#else CFArrayRef SecTrustCopyInputCertificates(SecTrustRef trust); CFArrayRef SecTrustCopyInputAnchors(SecTrustRef trust); CFArrayRef SecTrustCopyConstructedChain(SecTrustRef trust); static CSSM_TP_APPLE_EVIDENCE_INFO * SecTrustGetEvidenceInfo(SecTrustRef trust); -#endif typedef struct SecTrustCheckExceptionContext { CFDictionaryRef exception; @@ -74,7 +67,6 @@ struct resultmap_entry_s { }; typedef struct resultmap_entry_s resultmap_entry_t; -#if SECTRUST_OSX const resultmap_entry_t cssmresultmap[] = { { CFSTR("SSLHostname"), CSSMERR_APPLETP_HOSTNAME_MISMATCH }, { CFSTR("email"), CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND }, @@ -103,12 +95,13 @@ const resultmap_entry_t cssmresultmap[] = { { CFSTR("WeakRoot"), CSSMERR_TP_INVALID_CERTIFICATE }, { CFSTR("KeySize"), CSSMERR_CSP_UNSUPPORTED_KEY_SIZE }, { CFSTR("SignatureHashAlgorithms"), CSSMERR_CSP_ALGID_MISMATCH }, + { CFSTR("SystemTrustedWeakHash"), CSSMERR_CSP_INVALID_DIGEST_ALGORITHM }, { CFSTR("CriticalExtensions"), CSSMERR_APPLETP_UNKNOWN_CRITICAL_EXTEN }, { CFSTR("ChainLength"), CSSMERR_APPLETP_PATH_LEN_CONSTRAINT }, { CFSTR("BasicCertificateProcessing"), CSSMERR_TP_INVALID_CERTIFICATE }, { CFSTR("ExtendedValidation"), CSSMERR_TP_NOT_TRUSTED }, { CFSTR("Revocation"), CSSMERR_TP_CERT_REVOKED }, - { CFSTR("RevocationResponseRequired"), CSSMERR_TP_VERIFY_ACTION_FAILED }, + { CFSTR("RevocationResponseRequired"), CSSMERR_APPLETP_INCOMPLETE_REVOCATION_CHECK }, { CFSTR("CertificateTransparency"), CSSMERR_TP_NOT_TRUSTED }, { CFSTR("BlackListedLeaf"), CSSMERR_TP_CERT_REVOKED }, { CFSTR("GrayListedLeaf"), CSSMERR_TP_NOT_TRUSTED }, @@ -126,49 +119,11 @@ const resultmap_entry_t cssmresultmap[] = { // { CFSTR("AnchorAppleTestRootsOnProduction"), }, // { CFSTR("NoNetworkAccess"), }, }; -#endif -// -// CF boilerplate -// -#if !SECTRUST_OSX -CFTypeID SecTrustGetTypeID(void) -{ - BEGIN_SECAPI - - return gTypes().Trust.typeID; - - END_SECAPI1(_kCFRuntimeNotATypeID) -} -#endif // // Sec* API bridge functions // -#if !SECTRUST_OSX -OSStatus SecTrustCreateWithCertificates( - CFTypeRef certificates, - CFTypeRef policies, - SecTrustRef *trustRef) -{ - BEGIN_SECAPI - Required(trustRef); - *trustRef = (new Trust(certificates, policies))->handle(); - END_SECAPI -} -#endif - -#if !SECTRUST_OSX -OSStatus -SecTrustSetPolicies(SecTrustRef trustRef, CFTypeRef policies) -{ - BEGIN_SECAPI - Trust::required(trustRef)->policies(policies); - END_SECAPI -} -#endif - -#if SECTRUST_OSX typedef struct { SecTrustOptionFlags flags; CFIndex certIX; @@ -177,10 +132,6 @@ typedef struct { CFDictionaryRef oldException; } SecExceptionFilterContext; -#if 0 -//%%%FIXME SecCFWrappers produces some conflicting definitions on OSX -#include -#else // inline function from SecCFWrappers.h static inline char *CFStringToCString(CFStringRef inStr) { @@ -198,7 +149,6 @@ static inline char *CFStringToCString(CFStringRef inStr) CFRelease(inStr); return buffer; } -#endif static void filter_exception(const void *key, const void *value, void *context) @@ -271,27 +221,10 @@ filter_exception(const void *key, const void *value, void *context) } } -#endif - /* OS X only: __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA) */ OSStatus SecTrustSetOptions(SecTrustRef trustRef, SecTrustOptionFlags options) { -#if !SECTRUST_OSX - BEGIN_SECAPI - CSSM_APPLE_TP_ACTION_DATA actionData = { - CSSM_APPLE_TP_ACTION_VERSION, - (CSSM_APPLE_TP_ACTION_FLAGS)options - }; - Trust *trust = Trust::required(trustRef); - CFDataRef actionDataRef = CFDataCreate(NULL, - (const UInt8 *)&actionData, - (CFIndex)sizeof(CSSM_APPLE_TP_ACTION_DATA)); - trust->action(CSSM_TP_ACTION_DEFAULT); - trust->actionData(actionDataRef); - if (actionDataRef) CFRelease(actionDataRef); - END_SECAPI -#else /* bridge to support API functionality for legacy callers */ OSStatus status = errSecSuccess; CFDataRef encodedExceptions = SecTrustCopyExceptions(trustRef); @@ -402,8 +335,6 @@ SecTrustSetOptions(SecTrustRef trustRef, SecTrustOptionFlags options) #endif return status; - -#endif } /* OS X only: __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA) */ @@ -412,13 +343,6 @@ OSStatus SecTrustSetParameters( CSSM_TP_ACTION action, CFDataRef actionData) { -#if !SECTRUST_OSX - BEGIN_SECAPI - Trust *trust = Trust::required(trustRef); - trust->action(action); - trust->actionData(actionData); - END_SECAPI -#else /* bridge to support API functionality for legacy callers */ OSStatus status; CSSM_APPLE_TP_ACTION_FLAGS actionFlags = 0; @@ -437,158 +361,18 @@ OSStatus SecTrustSetParameters( #endif return status; - -#endif } -#if !SECTRUST_OSX -OSStatus SecTrustSetAnchorCertificates(SecTrustRef trust, CFArrayRef anchorCertificates) -{ - BEGIN_SECAPI - Trust::required(trust)->anchors(anchorCertificates); - END_SECAPI -} -#endif - -#if !SECTRUST_OSX -OSStatus SecTrustSetAnchorCertificatesOnly(SecTrustRef trust, Boolean anchorCertificatesOnly) -{ - BEGIN_SECAPI - Trust::AnchorPolicy policy = (anchorCertificatesOnly) ? Trust::useAnchorsOnly : Trust::useAnchorsAndBuiltIns; - Trust::required(trust)->anchorPolicy(policy); - END_SECAPI -} -#endif - /* OS X only: __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_NA) */ OSStatus SecTrustSetKeychains(SecTrustRef trust, CFTypeRef keychainOrArray) { -#if !SECTRUST_OSX - BEGIN_SECAPI - StorageManager::KeychainList keychains; - // avoid unnecessary global initializations if an empty array is passed in - if (!( (keychainOrArray != NULL) && - (CFGetTypeID(keychainOrArray) == CFArrayGetTypeID()) && - (CFArrayGetCount((CFArrayRef)keychainOrArray) == 0) )) { - globals().storageManager.optionalSearchList(keychainOrArray, keychains); - } - Trust::required(trust)->searchLibs(keychains); - END_SECAPI -#else /* this function is currently unsupported in unified SecTrust */ // TODO: pull all certs out of the specified keychains for the evaluation? #if SECTRUST_DEPRECATION_WARNINGS syslog(LOG_ERR, "WARNING: SecTrustSetKeychains does nothing in 10.11. Use SecTrustSetAnchorCertificates{Only} to provide anchors."); #endif return errSecSuccess; -#endif -} - -#if !SECTRUST_OSX -OSStatus SecTrustSetVerifyDate(SecTrustRef trust, CFDateRef verifyDate) -{ - BEGIN_SECAPI - Trust::required(trust)->time(verifyDate); - END_SECAPI -} -#endif - -#if !SECTRUST_OSX -CFAbsoluteTime SecTrustGetVerifyTime(SecTrustRef trust) -{ - CFAbsoluteTime verifyTime = 0; - OSStatus __secapiresult = errSecSuccess; - try { - CFRef verifyDate = Trust::required(trust)->time(); - verifyTime = CFDateGetAbsoluteTime(verifyDate); - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - return verifyTime; } -#endif - - - -#if !SECTRUST_OSX -OSStatus SecTrustEvaluate(SecTrustRef trust, SecTrustResultType *resultP) -{ - SecTrustResultType trustResult = kSecTrustResultInvalid; - CFArrayRef exceptions = NULL; - OSStatus __secapiresult = errSecSuccess; - try { - Trust *trustObj = Trust::required(trust); - trustObj->evaluate(); - trustResult = trustObj->result(); - exceptions = trustObj->exceptions(); - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - - if (__secapiresult) { - return __secapiresult; - } - - /* post-process trust result based on exceptions */ - if (trustResult == kSecTrustResultUnspecified) { - /* If leaf is in exceptions -> proceed, otherwise unspecified. */ - if (SecTrustGetExceptionForCertificateAtIndex(trust, 0)) - trustResult = kSecTrustResultProceed; - } - else if (trustResult == kSecTrustResultRecoverableTrustFailure && exceptions) { - /* If we have exceptions get details and match to exceptions. */ - CFArrayRef details = SecTrustCopyDetails(trust); - if (details) { - CFIndex pathLength = CFArrayGetCount(details); - struct SecTrustCheckExceptionContext context = {}; - CFIndex ix; - for (ix = 0; ix < pathLength; ++ix) { - CFDictionaryRef detail = (CFDictionaryRef)CFArrayGetValueAtIndex(details, ix); - // if ((ix == 0) && CFDictionaryContainsKey(detail, kSecPolicyCheckBlackListedLeaf)) - // trustResult = kSecTrustResultFatalTrustFailure; - context.exception = SecTrustGetExceptionForCertificateAtIndex(trust, ix); - CFDictionaryApplyFunction(detail, SecTrustCheckException, &context); - if (context.exceptionNotFound) { - break; - } - } - if (!context.exceptionNotFound) - trustResult = kSecTrustResultProceed; - } - } - - - secnotice("SecTrustEvaluate", "SecTrustEvaluate trust result = %d", (int)trustResult); - if (resultP) { - *resultP = trustResult; - } - return __secapiresult; -} -#endif - -#if !SECTRUST_OSX -OSStatus SecTrustEvaluateAsync(SecTrustRef trust, - dispatch_queue_t queue, SecTrustCallback result) -{ - BEGIN_SECAPI - dispatch_async(queue, ^{ - try { - Trust *trustObj = Trust::required(trust); - trustObj->evaluate(); - SecTrustResultType trustResult = trustObj->result(); - result(trust, trustResult); - } - catch (...) { - result(trust, kSecTrustResultInvalid); - }; - }); - END_SECAPI -} -#endif // // Construct the "official" result evidence and return it @@ -599,15 +383,6 @@ OSStatus SecTrustGetResult( SecTrustResultType *result, CFArrayRef *certChain, CSSM_TP_APPLE_EVIDENCE_INFO **statusChain) { -#if !SECTRUST_OSX - BEGIN_SECAPI - Trust *trust = Trust::required(trustRef); - if (result) - *result = trust->result(); - if (certChain && statusChain) - trust->buildEvidence(*certChain, TPEvidenceInfo::overlayVar(*statusChain)); - END_SECAPI -#else /* bridge to support old functionality */ #if SECTRUST_DEPRECATION_WARNINGS syslog(LOG_ERR, "WARNING: SecTrustGetResult has been deprecated since 10.7. Please use SecTrustGetTrustResult instead."); @@ -627,22 +402,7 @@ OSStatus SecTrustGetResult( *statusChain = SecTrustGetEvidenceInfo(trustRef); } return status; -#endif -} - -// -// Retrieve result of trust evaluation only -// -#if !SECTRUST_OSX -OSStatus SecTrustGetTrustResult(SecTrustRef trustRef, - SecTrustResultType *result) -{ - BEGIN_SECAPI - Trust *trust = Trust::required(trustRef); - if (result) *result = trust->result(); - END_SECAPI } -#endif // // Retrieve extended validation trust results @@ -650,25 +410,17 @@ OSStatus SecTrustGetTrustResult(SecTrustRef trustRef, /* OS X only: __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA) */ OSStatus SecTrustCopyExtendedResult(SecTrustRef trust, CFDictionaryRef *result) { -#if !SECTRUST_OSX - BEGIN_SECAPI - Trust *trustObj = Trust::required(trust); - if (result == nil) - return errSecParam; - trustObj->extendedResult(*result); - END_SECAPI -#else /* bridge to support old functionality */ #if SECTRUST_DEPRECATION_WARNINGS syslog(LOG_ERR, "WARNING: SecTrustCopyExtendedResult will be deprecated in an upcoming release. Please use SecTrustCopyResult instead."); #endif CFDictionaryRef resultDict = SecTrustCopyResult(trust); if (result == nil) { + CFReleaseNull(resultDict); return errSecParam; } *result = resultDict; return errSecSuccess; -#endif } // @@ -677,11 +429,6 @@ OSStatus SecTrustCopyExtendedResult(SecTrustRef trust, CFDictionaryRef *result) /* OS X only: __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA) */ OSStatus SecTrustGetCssmResult(SecTrustRef trust, CSSM_TP_VERIFY_CONTEXT_RESULT_PTR *result) { -#if !SECTRUST_OSX - BEGIN_SECAPI - Required(result) = Trust::required(trust)->cssmResult(); - END_SECAPI -#else /* this function is unsupported in unified SecTrust */ #if SECTRUST_DEPRECATION_WARNINGS syslog(LOG_ERR, "WARNING: SecTrustGetCssmResult has been deprecated since 10.7, and has no functional equivalent in 10.11. Please use SecTrustCopyResult instead."); @@ -690,10 +437,8 @@ OSStatus SecTrustGetCssmResult(SecTrustRef trust, CSSM_TP_VERIFY_CONTEXT_RESULT_ *result = NULL; } return errSecServiceNotAvailable; -#endif } -#if SECTRUST_OSX // // Returns a malloced array of CSSM_RETURN values, with the length in numStatusCodes, // for the certificate specified by chain index in the given SecTrustRef. @@ -711,9 +456,10 @@ static CSSM_RETURN *copyCssmStatusCodes(SecTrustRef trust, return NULL; } *numStatusCodes = 0; - CFArrayRef details = SecTrustGetDetails(trust); + CFArrayRef details = SecTrustCopyFilteredDetails(trust); CFIndex chainLength = (details) ? CFArrayGetCount(details) : 0; if (!(index < chainLength)) { + CFReleaseSafe(details); return NULL; } CFDictionaryRef detail = (CFDictionaryRef)CFArrayGetValueAtIndex(details, index); @@ -748,6 +494,7 @@ static CSSM_RETURN *copyCssmStatusCodes(SecTrustRef trust, statusCodes[ix] = statusCode; } + CFReleaseSafe(details); return statusCodes; } @@ -799,20 +546,28 @@ static bool isSoftwareUpdateDevelopment(SecTrustRef trust) { } /* Only error was EKU on the leaf */ - CFArrayRef details = SecTrustGetDetails(trust); + CFArrayRef details = SecTrustCopyFilteredDetails(trust); CFIndex ix, count = CFArrayGetCount(details); + bool hasDisqualifyingError = false; for (ix = 0; ix < count; ix++) { CFDictionaryRef detail = (CFDictionaryRef)CFArrayGetValueAtIndex(details, ix); if (ix == 0) { // Leaf if (CFDictionaryGetCount(detail) != 1 || // One error - CFDictionaryGetValue(detail, CFSTR("ExtendedKeyUsage")) != kCFBooleanFalse) // kSecPolicyCheckExtendedKeyUsage - return false; + CFDictionaryGetValue(detail, CFSTR("ExtendedKeyUsage")) != kCFBooleanFalse) { // kSecPolicyCheckExtendedKeyUsage + hasDisqualifyingError = true; + break; + } } else { if (CFDictionaryGetCount(detail) > 0) { // No errors on other certs - return false; + hasDisqualifyingError = true; + break; } } } + CFReleaseSafe(details); + if (hasDisqualifyingError) { + return false; + } /* EKU on the leaf is the Apple Development Code Signing OID */ SecCertificateRef leaf = SecTrustGetCertificateAtIndex(trust, 0); @@ -835,7 +590,6 @@ static bool isSoftwareUpdateDevelopment(SecTrustRef trust) { SecCertificateReleaseFirstFieldValue(leaf, &CSSMOID_ExtendedKeyUsage, fieldValue); return isEKU; } -#endif // // Retrieve CSSM_LEVEL TP return code @@ -843,15 +597,6 @@ static bool isSoftwareUpdateDevelopment(SecTrustRef trust) { /* OS X only: __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA) */ OSStatus SecTrustGetCssmResultCode(SecTrustRef trustRef, OSStatus *result) { -#if !SECTRUST_OSX - BEGIN_SECAPI - Trust *trust = Trust::required(trustRef); - if (trust->result() == kSecTrustResultInvalid) - return errSecParam; - else - Required(result) = trust->cssmResultCode(); - END_SECAPI -#else /* bridge to support old functionality */ #if SECTRUST_DEPRECATION_WARNINGS syslog(LOG_ERR, "WARNING: SecTrustGetCssmResultCode has been deprecated since 10.7, and will be removed in a future release. Please use SecTrustCopyProperties instead."); @@ -887,10 +632,10 @@ OSStatus SecTrustGetCssmResultCode(SecTrustRef trustRef, OSStatus *result) unsigned int statusIX; for (statusIX = 0; statusIX < numStatusCodes; statusIX++) { CSSM_RETURN currStatus = statusCodes[statusIX]; - uint8_t currPriotiy = convertCssmResultToPriority(currStatus); - if (resultCodePriority > currPriotiy) { + uint8_t currPriority = convertCssmResultToPriority(currStatus); + if (resultCodePriority > currPriority) { cssmResultCode = currStatus; - resultCodePriority = currPriotiy; + resultCodePriority = currPriority; } } } @@ -902,17 +647,11 @@ OSStatus SecTrustGetCssmResultCode(SecTrustRef trustRef, OSStatus *result) *result = cssmResultCode; } return errSecSuccess; -#endif } /* OS X only: __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA) */ OSStatus SecTrustGetTPHandle(SecTrustRef trust, CSSM_TP_HANDLE *handle) { -#if !SECTRUST_OSX - BEGIN_SECAPI - Required(handle) = Trust::required(trust)->getTPHandle(); - END_SECAPI -#else /* this function is unsupported in unified SecTrust */ #if SECTRUST_DEPRECATION_WARNINGS syslog(LOG_ERR, "WARNING: SecTrustGetTPHandle has been deprecated since 10.7, and cannot return CSSM objects in 10.11. Please stop using it."); @@ -921,74 +660,7 @@ OSStatus SecTrustGetTPHandle(SecTrustRef trust, CSSM_TP_HANDLE *handle) *handle = NULL; } return errSecServiceNotAvailable; -#endif -} - -#if !SECTRUST_OSX -OSStatus SecTrustCopyPolicies(SecTrustRef trust, CFArrayRef *policies) -{ - BEGIN_SECAPI - CFArrayRef currentPolicies = Trust::required(trust)->policies(); - if (currentPolicies != NULL) - { - CFRetain(currentPolicies); - } - - Required(policies) = currentPolicies; - END_SECAPI -} -#endif - -#if !SECTRUST_OSX -OSStatus SecTrustSetNetworkFetchAllowed(SecTrustRef trust, Boolean allowFetch) -{ - BEGIN_SECAPI - Trust *trustObj = Trust::required(trust); - Trust::NetworkPolicy netPolicy = (allowFetch) ? - Trust::useNetworkEnabled : Trust::useNetworkDisabled; - trustObj->networkPolicy(netPolicy); - END_SECAPI -} -#endif - -#if !SECTRUST_OSX -OSStatus SecTrustGetNetworkFetchAllowed(SecTrustRef trust, Boolean *allowFetch) -{ - BEGIN_SECAPI - Boolean allowed = false; - Trust *trustObj = Trust::required(trust); - Trust::NetworkPolicy netPolicy = trustObj->networkPolicy(); - if (netPolicy == Trust::useNetworkDefault) { - // network fetch is enabled by default for SSL only - allowed = trustObj->policySpecified(trustObj->policies(), CSSMOID_APPLE_TP_SSL); - } else { - // caller has explicitly set the network policy - allowed = (netPolicy == Trust::useNetworkEnabled); - } - Required(allowFetch) = allowed; - END_SECAPI } -#endif - -#if !SECTRUST_OSX -OSStatus SecTrustSetOCSPResponse(SecTrustRef trust, CFTypeRef responseData) -{ - BEGIN_SECAPI - Trust::required(trust)->responses(responseData); - END_SECAPI -} -#endif - -#if !SECTRUST_OSX -OSStatus SecTrustCopyCustomAnchorCertificates(SecTrustRef trust, CFArrayRef *anchorCertificates) -{ - BEGIN_SECAPI - CFArrayRef customAnchors = Trust::required(trust)->anchors(); - Required(anchorCertificates) = (customAnchors) ? - (const CFArrayRef)CFRetain(customAnchors) : (const CFArrayRef)NULL; - END_SECAPI -} -#endif // // Get the user's default anchor certificate set @@ -1005,7 +677,6 @@ OSStatus SecTrustCopyAnchorCertificates(CFArrayRef *anchorCertificates) END_SECAPI } -#if SECTRUST_OSX /* We have an iOS-style SecTrustRef, but we need to return a CDSA-based SecKeyRef. */ SecKeyRef SecTrustCopyPublicKey(SecTrustRef trust) @@ -1015,145 +686,6 @@ SecKeyRef SecTrustCopyPublicKey(SecTrustRef trust) (void) SecCertificateCopyPublicKey(certificate, &pubKey); return pubKey; } -#else -/* new in 10.6 */ -SecKeyRef SecTrustCopyPublicKey(SecTrustRef trust) -{ - SecKeyRef pubKey = NULL; - CFArrayRef certChain = NULL; - CFArrayRef evidenceChain = NULL; - CSSM_TP_APPLE_EVIDENCE_INFO *statusChain = NULL; - OSStatus __secapiresult = errSecSuccess; - try { - Trust *trustObj = Trust::required(trust); - if (trustObj->result() == kSecTrustResultInvalid) { - // Trust hasn't been evaluated; attempt to retrieve public key from leaf. - SecCertificateRef cert = SecTrustGetCertificateAtIndex(trust, 0); - __secapiresult = SecCertificateCopyPublicKey(cert, &pubKey); - if (pubKey) { - return pubKey; - } - // Otherwise, we must evaluate first. - trustObj->evaluate(); - if (trustObj->result() == kSecTrustResultInvalid) { - MacOSError::throwMe(errSecTrustNotAvailable); - } - } - if (trustObj->evidence() == nil) { - trustObj->buildEvidence(certChain, TPEvidenceInfo::overlayVar(statusChain)); - } - evidenceChain = trustObj->evidence(); - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - - if (certChain) - CFRelease(certChain); - - if (evidenceChain) { - if (CFArrayGetCount(evidenceChain) > 0) { - SecCertificateRef cert = (SecCertificateRef) CFArrayGetValueAtIndex(evidenceChain, 0); - __secapiresult = SecCertificateCopyPublicKey(cert, &pubKey); - } - // do not release evidenceChain, as it is owned by the trust object. - } - return pubKey; -} -#endif - -#if !SECTRUST_OSX -/* new in 10.6 */ -CFIndex SecTrustGetCertificateCount(SecTrustRef trust) -{ - CFIndex chainLen = 0; - CFArrayRef certChain = NULL; - CFArrayRef evidenceChain = NULL; - CSSM_TP_APPLE_EVIDENCE_INFO *statusChain = NULL; - OSStatus __secapiresult = errSecSuccess; - try { - Trust *trustObj = Trust::required(trust); - if (trustObj->result() == kSecTrustResultInvalid) { - trustObj->evaluate(); - if (trustObj->result() == kSecTrustResultInvalid) - MacOSError::throwMe(errSecTrustNotAvailable); - } - if (trustObj->evidence() == nil) - trustObj->buildEvidence(certChain, TPEvidenceInfo::overlayVar(statusChain)); - evidenceChain = trustObj->evidence(); - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - - if (certChain) - CFRelease(certChain); - - if (evidenceChain) - chainLen = CFArrayGetCount(evidenceChain); // don't release, trust object owns it. - - return chainLen; -} -#endif - -#if !SECTRUST_OSX -/* new in 10.6 */ -SecCertificateRef SecTrustGetCertificateAtIndex(SecTrustRef trust, CFIndex ix) -{ - SecCertificateRef certificate = NULL; - CFArrayRef certChain = NULL; - CFArrayRef evidenceChain = NULL; - CSSM_TP_APPLE_EVIDENCE_INFO *statusChain = NULL; - OSStatus __secapiresult = errSecSuccess; - try { - Trust *trustObj = Trust::required(trust); - if (trustObj->result() == kSecTrustResultInvalid) { - // If caller is asking for the leaf, we can return it without - // having to evaluate the entire chain. Note that we don't retain - // the cert as it's owned by the trust and this is a 'Get' API. - if (ix == 0) { - CFArrayRef certs = trustObj->certificates(); - if (certs && (CFArrayGetCount(certs) > 0)) { - certificate = (SecCertificateRef) CFArrayGetValueAtIndex(certs, 0); - if (certificate) { - return certificate; - } - } - } - // Otherwise, we must evaluate first. - trustObj->evaluate(); - if (trustObj->result() == kSecTrustResultInvalid) { - MacOSError::throwMe(errSecTrustNotAvailable); - } - } - if (trustObj->evidence() == nil) { - trustObj->buildEvidence(certChain, TPEvidenceInfo::overlayVar(statusChain)); - } - evidenceChain = trustObj->evidence(); - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - - if (certChain) - CFRelease(certChain); - - if (evidenceChain) { - if (ix < CFArrayGetCount(evidenceChain)) { - certificate = (SecCertificateRef) CFArrayGetValueAtIndex(evidenceChain, ix); - // note: we do not retain this certificate. The assumption here is - // that the certificate is retained by the trust object, so it is - // valid unil the trust is released (or until re-evaluated.) - // also note: we do not release the evidenceChain, as it is owned - // by the trust object. - } - } - return certificate; -} -#endif // cannot link against the new iOS SecTrust from this implementation, // so there are no possible accessors for the fields of this struct @@ -1177,9 +709,9 @@ typedef struct __TSecTrust { void* _legacy_info_array; void* _legacy_status_array; SecTrustResultType _trustResultBeforeExceptions; + dispatch_queue_t _trustQueue; } TSecTrust; -#if SECTRUST_OSX CFArrayRef SecTrustCopyInputCertificates(SecTrustRef trust) { if (!trust) { return NULL; }; @@ -1189,9 +721,7 @@ CFArrayRef SecTrustCopyInputCertificates(SecTrustRef trust) } return secTrust->_certificates; } -#endif -#if SECTRUST_OSX CFArrayRef SecTrustCopyInputAnchors(SecTrustRef trust) { if (!trust) { return NULL; }; @@ -1201,9 +731,7 @@ CFArrayRef SecTrustCopyInputAnchors(SecTrustRef trust) } return secTrust->_anchors; } -#endif -#if SECTRUST_OSX // Return the constructed certificate chain for this trust reference, // making output certificates pointer-equivalent to any provided input // certificates (where possible) for legacy behavioral compatibility. @@ -1258,9 +786,7 @@ CFArrayRef SecTrustCopyConstructedChain(SecTrustRef trust) } return certChain; } -#endif -#if SECTRUST_OSX // // Here is where backward compatibility gets ugly. CSSM_TP_APPLE_EVIDENCE_INFO does not exist // in the unified SecTrust world. Unfortunately, some clients are still calling legacy APIs @@ -1278,7 +804,7 @@ SecTrustGetEvidenceInfo(SecTrustRef trust) if (!secTrust) { return NULL; } - if (secTrust->_trustResult != kSecTrustSettingsResultInvalid && + if (secTrust->_trustResult != kSecTrustResultInvalid && secTrust->_legacy_info_array) { // we've already got valid evidence info, return it now. return (CSSM_TP_APPLE_EVIDENCE_INFO *)secTrust->_legacy_info_array; @@ -1338,7 +864,7 @@ SecTrustGetEvidenceInfo(SecTrustRef trust) CSSM_RETURN *errors = NULL; uint32 errorCount = 0; OSStatus status = 0; - SecTrustSettingsDomain foundDomain = 0; + SecTrustSettingsDomain foundDomain = kSecTrustSettingsDomainUser; SecTrustSettingsResult foundResult = kSecTrustSettingsResultInvalid; bool isSelfSigned = false; if ((count - 1) == idx) { @@ -1460,283 +986,7 @@ SecTrustGetEvidenceInfo(SecTrustRef trust) return (CSSM_TP_APPLE_EVIDENCE_INFO *)secTrust->_legacy_info_array; } -#endif - -#if !SECTRUST_OSX -static CFStringRef kSecCertificateDetailSHA1Digest = CFSTR("SHA1Digest"); -static CFStringRef kSecCertificateDetailStatusCodes = CFSTR("StatusCodes"); - -static void -_AppendStatusCode(CFMutableArrayRef array, OSStatus statusCode) -{ - if (!array) - return; - SInt32 num = statusCode; - CFNumberRef numRef = CFNumberCreate(NULL, kCFNumberSInt32Type, &num); - if (!numRef) - return; - CFArrayAppendValue(array, numRef); - CFRelease(numRef); -} -#endif - -#if !SECTRUST_OSX -CFArrayRef SecTrustCopyDetails(SecTrustRef trust) -{ - // This function returns an array of dictionaries, one per certificate, - // holding status info for each certificate in the evaluated chain. - // - CFIndex count, chainLen = 0; - CFArrayRef certChain = NULL; - CFMutableArrayRef details = NULL; - CSSM_TP_APPLE_EVIDENCE_INFO *statusChain = NULL; - OSStatus __secapiresult = errSecSuccess; - try { - Trust *trustObj = Trust::required(trust); - if (trustObj->result() == kSecTrustResultInvalid) { - trustObj->evaluate(); - if (trustObj->result() == kSecTrustResultInvalid) - MacOSError::throwMe(errSecTrustNotAvailable); - } - trustObj->buildEvidence(certChain, TPEvidenceInfo::overlayVar(statusChain)); - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - - if (certChain) { - chainLen = CFArrayGetCount(certChain); - CFRelease(certChain); - } - if (statusChain) { - details = CFArrayCreateMutable(NULL, chainLen, &kCFTypeArrayCallBacks); - for (count = 0; count < chainLen; count++) { - CFMutableDictionaryRef certDict = CFDictionaryCreateMutable(kCFAllocatorDefault, - 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - CFMutableArrayRef statusCodes = CFArrayCreateMutable(kCFAllocatorDefault, - 0, &kCFTypeArrayCallBacks); - CSSM_TP_APPLE_EVIDENCE_INFO *evInfo = &statusChain[count]; - CSSM_TP_APPLE_CERT_STATUS statBits = evInfo->StatusBits; - - // translate status bits - if (statBits & CSSM_CERT_STATUS_EXPIRED) - _AppendStatusCode(statusCodes, errSecCertificateExpired); - if (statBits & CSSM_CERT_STATUS_NOT_VALID_YET) - _AppendStatusCode(statusCodes, errSecCertificateNotValidYet); - if (statBits & CSSM_CERT_STATUS_TRUST_SETTINGS_DENY) - _AppendStatusCode(statusCodes, errSecTrustSettingDeny); - - // translate status codes - unsigned int i; - for (i = 0; i < evInfo->NumStatusCodes; i++) { - CSSM_RETURN scode = evInfo->StatusCodes[i]; - _AppendStatusCode(statusCodes, (OSStatus)scode); - } - - CFDictionarySetValue(certDict, kSecCertificateDetailStatusCodes, statusCodes); - CFRelease(statusCodes); - CFArrayAppendValue(details, certDict); - CFRelease(certDict); - } - } - return details; -} -#endif - -#if !SECTRUST_OSX -static CFDictionaryRef SecTrustGetExceptionForCertificateAtIndex(SecTrustRef trust, CFIndex ix) -{ - CFArrayRef exceptions = NULL; - OSStatus __secapiresult = errSecSuccess; - try { - exceptions = Trust::required(trust)->exceptions(); - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - - if (!exceptions || ix >= CFArrayGetCount(exceptions)) - return NULL; - CFDictionaryRef exception = (CFDictionaryRef)CFArrayGetValueAtIndex(exceptions, ix); - if (CFGetTypeID(exception) != CFDictionaryGetTypeID()) - return NULL; - - SecCertificateRef certificate = SecTrustGetCertificateAtIndex(trust, ix); - if (!certificate) - return NULL; - - /* If the exception contains the current certificate's sha1Digest in the - kSecCertificateDetailSHA1Digest key then we use it otherwise we ignore it. */ - CFDataRef sha1Digest = SecCertificateGetSHA1Digest(certificate); - CFTypeRef digestValue = CFDictionaryGetValue(exception, kSecCertificateDetailSHA1Digest); - if (!digestValue || !CFEqual(sha1Digest, digestValue)) - exception = NULL; - - return exception; -} -#endif - -#if !SECTRUST_OSX -static void SecTrustCheckException(const void *key, const void *value, void *context) -{ - struct SecTrustCheckExceptionContext *cec = (struct SecTrustCheckExceptionContext *)context; - if (cec->exception) { - CFTypeRef exceptionValue = CFDictionaryGetValue(cec->exception, key); - if (!exceptionValue || !CFEqual(value, exceptionValue)) { - cec->exceptionNotFound = true; - } - } else { - cec->exceptionNotFound = true; - } -} -#endif - -#if !SECTRUST_OSX -/* new in 10.9 */ -CFDataRef SecTrustCopyExceptions(SecTrustRef trust) -{ - CFArrayRef details = SecTrustCopyDetails(trust); - CFIndex pathLength = details ? CFArrayGetCount(details) : 0; - CFMutableArrayRef exceptions = CFArrayCreateMutable(kCFAllocatorDefault, - pathLength, &kCFTypeArrayCallBacks); - CFIndex ix; - for (ix = 0; ix < pathLength; ++ix) { - CFDictionaryRef detail = (CFDictionaryRef)CFArrayGetValueAtIndex(details, ix); - CFIndex detailCount = CFDictionaryGetCount(detail); - CFMutableDictionaryRef exception; - if (ix == 0 || detailCount > 0) { - exception = CFDictionaryCreateMutableCopy(kCFAllocatorDefault, - detailCount + 1, detail); - SecCertificateRef certificate = SecTrustGetCertificateAtIndex(trust, ix); - CFDataRef digest = SecCertificateGetSHA1Digest(certificate); - if (digest) { - CFDictionaryAddValue(exception, kSecCertificateDetailSHA1Digest, digest); - } - } else { - /* Add empty exception dictionaries for non leaf certs which have no exceptions - * to save space. - */ - exception = (CFMutableDictionaryRef)CFDictionaryCreate(kCFAllocatorDefault, - NULL, NULL, 0, - &kCFTypeDictionaryKeyCallBacks, - &kCFTypeDictionaryValueCallBacks); - } - CFArrayAppendValue(exceptions, exception); - CFReleaseNull(exception); - } - CFReleaseSafe(details); - - /* Remove any trailing empty dictionaries to save even more space (we skip the leaf - since it will never be empty). */ - for (ix = pathLength; ix-- > 1;) { - CFDictionaryRef exception = (CFDictionaryRef)CFArrayGetValueAtIndex(exceptions, ix); - if (CFDictionaryGetCount(exception) == 0) { - CFArrayRemoveValueAtIndex(exceptions, ix); - } else { - break; - } - } - - CFDataRef encodedExceptions = CFPropertyListCreateData(kCFAllocatorDefault, - exceptions, kCFPropertyListBinaryFormat_v1_0, 0, NULL); - CFRelease(exceptions); - - return encodedExceptions; -} -#endif - -#if !SECTRUST_OSX -/* new in 10.9 */ -bool SecTrustSetExceptions(SecTrustRef trust, CFDataRef encodedExceptions) -{ - CFArrayRef exceptions = NULL; - - if (NULL != encodedExceptions) { - exceptions = (CFArrayRef)CFPropertyListCreateWithData(kCFAllocatorDefault, - encodedExceptions, kCFPropertyListImmutable, NULL, NULL); - } - - if (exceptions && CFGetTypeID(exceptions) != CFArrayGetTypeID()) { - CFRelease(exceptions); - exceptions = NULL; - } - - OSStatus __secapiresult = errSecSuccess; - try { - /* Exceptions are being set or cleared, we'll need to re-evaluate trust either way. */ - Trust::required(trust)->setResult(kSecTrustResultInvalid); - Trust::required(trust)->exceptions(exceptions); - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - - /* If there is a valid exception entry for our current leaf we're golden. */ - if (SecTrustGetExceptionForCertificateAtIndex(trust, 0)) - return true; - - /* The passed in exceptions didn't match our current leaf, so we discard it. */ - try { - Trust::required(trust)->exceptions(NULL); - __secapiresult = errSecSuccess; - } - catch (const MacOSError &err) { __secapiresult=err.osStatus(); } - catch (const CommonError &err) { __secapiresult=SecKeychainErrFromOSStatus(err.osStatus()); } - catch (const std::bad_alloc &) { __secapiresult=errSecAllocate; } - catch (...) { __secapiresult=errSecInternalComponent; } - - return false; -} -#endif -#if !SECTRUST_OSX -/* new in 10.9 */ -CFDictionaryRef -SecTrustCopyResult(SecTrustRef trust) -{ - CFDictionaryRef result = NULL; - try { - result = Trust::required(trust)->results(); - // merge details into result - CFArrayRef details = SecTrustCopyDetails(trust); - if (details) { - CFDictionarySetValue((CFMutableDictionaryRef)result, - kSecTrustResultDetails, details); - CFRelease(details); - } - } - catch (...) { - if (result) { - CFRelease(result); - result = NULL; - } - } - return result; -} -#endif - -#if !SECTRUST_OSX -/* new in 10.7 */ -CFArrayRef -SecTrustCopyProperties(SecTrustRef trust) -{ - /* can't use SECAPI macros, since this function does not return OSStatus */ - CFArrayRef result = NULL; - try { - result = Trust::required(trust)->properties(); - } - catch (...) { - if (result) { - CFRelease(result); - result = NULL; - } - } - return result; -} -#else CFArrayRef SecTrustCopyProperties(SecTrustRef trust) { /* OS X creates a completely different structure with one dictionary for each certificate */ CFIndex ix, count = SecTrustGetCertificateCount(trust); @@ -1785,24 +1035,16 @@ CFArrayRef SecTrustCopyProperties(SecTrustRef trust) { } CFArrayAppendValue(properties, certDict); + CFRelease(certDict); } return properties; } -#endif /* deprecated in 10.5 */ OSStatus SecTrustGetCSSMAnchorCertificates(const CSSM_DATA **cssmAnchors, uint32 *cssmAnchorCount) { -#if !SECTRUST_OSX - BEGIN_SECAPI - CertGroup certs; - Trust::gStore().getCssmRootCertificates(certs); - Required(cssmAnchors) = certs.blobCerts(); - Required(cssmAnchorCount) = certs.count(); - END_SECAPI -#else /* this function is unsupported in unified SecTrust */ #if SECTRUST_DEPRECATION_WARNINGS syslog(LOG_ERR, "WARNING: SecTrustGetCSSMAnchorCertificates has been deprecated since 10.5, and cannot return CSSM objects in 10.11. Please stop using it."); @@ -1814,7 +1056,6 @@ OSStatus SecTrustGetCSSMAnchorCertificates(const CSSM_DATA **cssmAnchors, *cssmAnchorCount = 0; } return errSecServiceNotAvailable; -#endif } @@ -1825,22 +1066,11 @@ OSStatus SecTrustGetCSSMAnchorCertificates(const CSSM_DATA **cssmAnchors, OSStatus SecTrustGetUserTrust(SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting *trustSetting) { -#if !SECTRUST_OSX - BEGIN_SECAPI - StorageManager::KeychainList searchList; - globals().storageManager.getSearchList(searchList); - Required(trustSetting) = Trust::gStore().find( - Certificate::required(certificate), - Policy::required(policy), - searchList); - END_SECAPI -#else /* this function is unsupported in unified SecTrust */ #if SECTRUST_DEPRECATION_WARNINGS syslog(LOG_ERR, "WARNING: SecTrustGetUserTrust has been deprecated since 10.5, and does nothing in 10.11. Please stop using it."); #endif return errSecServiceNotAvailable; -#endif } // @@ -1850,53 +1080,11 @@ OSStatus SecTrustGetUserTrust(SecCertificateRef certificate, OSStatus SecTrustSetUserTrust(SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting trustSetting) { -#if !SECTRUST_OSX - SecTrustSettingsResult tsResult = kSecTrustSettingsResultInvalid; - OSStatus ortn; - Boolean isRoot; - - Policy::required(policy); - switch(trustSetting) { - case kSecTrustResultProceed: - /* different SecTrustSettingsResult depending in root-ness */ - ortn = SecCertificateIsSelfSigned(certificate, &isRoot); - if(ortn) { - return ortn; - } - if(isRoot) { - tsResult = kSecTrustSettingsResultTrustRoot; - } - else { - tsResult = kSecTrustSettingsResultTrustAsRoot; - } - break; - case kSecTrustResultDeny: - tsResult = kSecTrustSettingsResultDeny; - break; - default: - return errSecUnimplemented; - } - - /* make a usage constraints dictionary */ - CFRef usageDict(CFDictionaryCreateMutable(NULL, - 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks)); - CFDictionaryAddValue(usageDict, kSecTrustSettingsPolicy, policy); - if(tsResult != kSecTrustSettingsResultTrustRoot) { - /* skip if we're specifying the default */ - SInt32 result = tsResult; - CFNumberRef cfNum = CFNumberCreate(NULL, kCFNumberSInt32Type, &result); - CFDictionarySetValue(usageDict, kSecTrustSettingsResult, cfNum); - CFRelease(cfNum); - } - return SecTrustSettingsSetTrustSettings(certificate, kSecTrustSettingsDomainUser, - usageDict); -#else /* this function is unsupported in unified SecTrust */ #if SECTRUST_DEPRECATION_WARNINGS syslog(LOG_ERR, "WARNING: SecTrustSetUserTrust has been deprecated since 10.5, and does nothing in 10.11. Please stop using it."); #endif return errSecServiceNotAvailable; -#endif } // @@ -1907,27 +1095,9 @@ OSStatus SecTrustSetUserTrust(SecCertificateRef certificate, OSStatus SecTrustSetUserTrustLegacy(SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting trustSetting) { -#if !SECTRUST_OSX - BEGIN_SECAPI - switch (trustSetting) { - case kSecTrustResultProceed: - case kSecTrustResultConfirm: - case kSecTrustResultDeny: - case kSecTrustResultUnspecified: - break; - default: - MacOSError::throwMe(errSecInvalidTrustSetting); - } - Trust::gStore().assign( - Certificate::required(certificate), - Policy::required(policy), - trustSetting); - END_SECAPI -#else /* this function is unsupported in unified SecTrust */ #if SECTRUST_DEPRECATION_WARNINGS syslog(LOG_ERR, "WARNING: SecTrustSetUserTrustLegacy does nothing in 10.11. Please stop using it."); #endif return errSecServiceNotAvailable; -#endif } diff --git a/OSX/libsecurity_keychain/lib/SecTrust.h b/OSX/libsecurity_keychain/lib/SecTrust.h deleted file mode 100644 index d8ec764c..00000000 --- a/OSX/libsecurity_keychain/lib/SecTrust.h +++ /dev/null @@ -1,705 +0,0 @@ -/* - * Copyright (c) 2002-2016 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecTrust - The functions and data types in SecTrust implement trust computation - and allow the caller to apply trust decisions to the evaluation. - */ - -#ifndef _SECURITY_SECTRUST_H_ -#define _SECURITY_SECTRUST_H_ - -#include -#include -#include - -__BEGIN_DECLS - -CF_ASSUME_NONNULL_BEGIN -CF_IMPLICIT_BRIDGING_ENABLED - -/*! - @typedef SecTrustResultType - @abstract Specifies the trust result type. - @discussion SecTrustResultType results have two dimensions. They specify - both whether evaluation suceeded and whether this is because of a user - decision. The commonly expected result is kSecTrustResultUnspecified, - which indicates a positive result that wasn't decided by the user. The - common failure is kSecTrustResultRecoverableTrustFailure, which means a - negative result. kSecTrustResultProceed and kSecTrustResultDeny are the - positive and negative result respectively when decided by the user. User - decisions are persisted through the use of SecTrustCopyExceptions() and - SecTrustSetExceptions(). Finally, kSecTrustResultFatalTrustFailure is a - negative result that must not be circumvented. - @constant kSecTrustResultInvalid Indicates an invalid setting or result. - This result usually means that SecTrustEvaluate has not yet been called. - @constant kSecTrustResultProceed Indicates you may proceed. This value - may be returned by the SecTrustEvaluate function or stored as part of - the user trust settings. - @constant kSecTrustResultConfirm Indicates confirmation with the user - is required before proceeding. Important: this value is no longer returned - or supported by SecTrustEvaluate or the SecTrustSettings API starting in - OS X 10.5; its use is deprecated in OS X 10.9 and later, as well as in iOS. - @constant kSecTrustResultDeny Indicates a user-configured deny; do not - proceed. This value may be returned by the SecTrustEvaluate function - or stored as part of the user trust settings. - @constant kSecTrustResultUnspecified Indicates the evaluation succeeded - and the certificate is implicitly trusted, but user intent was not - explicitly specified. This value may be returned by the SecTrustEvaluate - function or stored as part of the user trust settings. - @constant kSecTrustResultRecoverableTrustFailure Indicates a trust policy - failure which can be overridden by the user. This value may be returned - by the SecTrustEvaluate function but not stored as part of the user - trust settings. - @constant kSecTrustResultFatalTrustFailure Indicates a trust failure - which cannot be overridden by the user. This value may be returned by the - SecTrustEvaluate function but not stored as part of the user trust - settings. - @constant kSecTrustResultOtherError Indicates a failure other than that - of trust evaluation. This value may be returned by the SecTrustEvaluate - function but not stored as part of the user trust settings. - */ -typedef CF_ENUM(uint32_t, SecTrustResultType) { - kSecTrustResultInvalid CF_ENUM_AVAILABLE(10_3, 2_0) = 0, - kSecTrustResultProceed CF_ENUM_AVAILABLE(10_3, 2_0) = 1, - kSecTrustResultConfirm CF_ENUM_DEPRECATED(10_3, 10_9, 2_0, 7_0) = 2, - kSecTrustResultDeny CF_ENUM_AVAILABLE(10_3, 2_0) = 3, - kSecTrustResultUnspecified CF_ENUM_AVAILABLE(10_3, 2_0) = 4, - kSecTrustResultRecoverableTrustFailure CF_ENUM_AVAILABLE(10_3, 2_0) = 5, - kSecTrustResultFatalTrustFailure CF_ENUM_AVAILABLE(10_3, 2_0) = 6, - kSecTrustResultOtherError CF_ENUM_AVAILABLE(10_3, 2_0) = 7 -}; - -/*! - @typedef SecTrustRef - @abstract CFType used for performing X.509 certificate trust evaluations. - */ -typedef struct CF_BRIDGED_TYPE(id) __SecTrust *SecTrustRef; - -/*! - @enum Trust Property Constants - @discussion Predefined key constants used to obtain values in a - per-certificate dictionary of trust evaluation results, - as retrieved from a call to SecTrustCopyProperties. - @constant kSecPropertyTypeTitle Specifies a key whose value is a - CFStringRef containing the title (display name) of this certificate. - @constant kSecPropertyTypeError Specifies a key whose value is a - CFStringRef containing the reason for a trust evaluation failure. - */ -extern const CFStringRef kSecPropertyTypeTitle - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_7_0); -extern const CFStringRef kSecPropertyTypeError - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_7_0); - -/*! - @enum Trust Result Constants - @discussion Predefined key constants used to obtain values in a - dictionary of trust evaluation results for a certificate chain, - as retrieved from a call to SecTrustCopyResult. - @constant kSecTrustEvaluationDate - This key will be present if a trust evaluation has been performed - and results are available. Its value is a CFDateRef representing - when the evaluation for this trust object took place. - @constant kSecTrustExtendedValidation - This key will be present and have a value of kCFBooleanTrue - if this chain was validated for EV. - @constant kSecTrustOrganizationName - Organization name field of subject of leaf certificate. This - field is meant to be displayed to the user as the validated - name of the company or entity that owns the certificate if the - kSecTrustExtendedValidation key is present. - @constant kSecTrustResultValue - This key will be present if a trust evaluation has been performed. - Its value is a CFNumberRef representing the SecTrustResultType result - for the evaluation. - @constant kSecTrustRevocationChecked - This key will be present iff this chain had its revocation checked. - The value will be a kCFBooleanTrue if revocation checking was - successful and none of the certificates in the chain were revoked. - The value will be kCFBooleanFalse if no current revocation status - could be obtained for one or more certificates in the chain due - to connection problems or timeouts. This is a hint to a client - to retry revocation checking at a later time. - @constant kSecTrustRevocationValidUntilDate - This key will be present iff kSecTrustRevocationChecked has a - value of kCFBooleanTrue. The value will be a CFDateRef representing - the earliest date at which the revocation info for one of the - certificates in this chain might change. - @constant kSecTrustCertificateTransparency - This key will be present and have a value of kCFBooleanTrue - if this chain is CT qualified. - @constant kSecTrustCertificateTransparencyWhiteList - This key will be present and have a value of kCFBooleanTrue - if this chain is EV, not CT qualified, but included of the CT WhiteList. - */ -extern const CFStringRef kSecTrustEvaluationDate - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); -extern const CFStringRef kSecTrustExtendedValidation - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); -extern const CFStringRef kSecTrustOrganizationName - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); -extern const CFStringRef kSecTrustResultValue - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); -extern const CFStringRef kSecTrustRevocationChecked - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); -extern const CFStringRef kSecTrustRevocationValidUntilDate - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); -extern const CFStringRef kSecTrustCertificateTransparency - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); -extern const CFStringRef kSecTrustCertificateTransparencyWhiteList - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); - -#ifdef __BLOCKS__ -/*! - @typedef SecTrustCallback - @abstract Delivers the result from an asynchronous trust evaluation. - @param trustRef A reference to the trust object which has been evaluated. - @param trustResult The trust result of the evaluation. Additional status - information can be obtained by calling SecTrustCopyProperties(). - */ -typedef void (^SecTrustCallback)(SecTrustRef trustRef, SecTrustResultType trustResult); -#endif /* __BLOCKS__ */ - - -/*! - @function SecTrustGetTypeID - @abstract Returns the type identifier of SecTrust instances. - @result The CFTypeID of SecTrust instances. - */ -CFTypeID SecTrustGetTypeID(void) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); - -/*! - @function SecTrustCreateWithCertificates - @abstract Creates a trust object based on the given certificates and - policies. - @param certificates The group of certificates to verify. This can either - be a CFArrayRef of SecCertificateRef objects or a single SecCertificateRef - @param policies An array of one or more policies. You may pass a - SecPolicyRef to represent a single policy. - @param trust On return, a pointer to the trust management reference. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion If multiple policies are passed in, all policies must verify - for the chain to be considered valid. - */ -OSStatus SecTrustCreateWithCertificates(CFTypeRef certificates, - CFTypeRef __nullable policies, SecTrustRef * __nonnull CF_RETURNS_RETAINED trust) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); - -/*! - @function SecTrustSetPolicies - @abstract Set the policies for which trust should be verified. - @param trust A trust reference. - @param policies An array of one or more policies. You may pass a - SecPolicyRef to represent a single policy. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function will invalidate the existing trust result, - requiring a fresh evaluation for the newly-set policies. - */ -OSStatus SecTrustSetPolicies(SecTrustRef trust, CFTypeRef policies) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_6_0); - -/*! - @function SecTrustCopyPolicies - @abstract Returns an array of policies used for this evaluation. - @param trust A reference to a trust object. - @param policies On return, an array of policies used by this trust. - Call the CFRelease function to release this reference. - @result A result code. See "Security Error Codes" (SecBase.h). - */ -OSStatus SecTrustCopyPolicies(SecTrustRef trust, CFArrayRef * __nonnull CF_RETURNS_RETAINED policies) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_7_0); - -/*! - @function SecTrustSetNetworkFetchAllowed - @abstract Specifies whether a trust evaluation is permitted to fetch missing - intermediate certificates from the network. - @param trust A trust reference. - @param allowFetch If true, and a certificate's issuer is not present in the - trust reference but its network location is known, the evaluation is permitted - to attempt to download it automatically. Pass false to disable network fetch - for this trust evaluation. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion By default, network fetch of missing certificates is enabled if - the trust evaluation includes the SSL policy, otherwise it is disabled. - */ -OSStatus SecTrustSetNetworkFetchAllowed(SecTrustRef trust, - Boolean allowFetch) - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); - -/*! - @function SecTrustGetNetworkFetchAllowed - @abstract Returns whether a trust evaluation is permitted to fetch missing - intermediate certificates from the network. - @param trust A trust reference. - @param allowFetch On return, the boolean pointed to by this parameter is - set to true if the evaluation is permitted to download missing certificates. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion By default, network fetch of missing certificates is enabled if - the trust evaluation includes the SSL policy, otherwise it is disabled. - */ -OSStatus SecTrustGetNetworkFetchAllowed(SecTrustRef trust, - Boolean *allowFetch) - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); - -/*! - @function SecTrustSetAnchorCertificates - @abstract Sets the anchor certificates for a given trust. - @param trust A reference to a trust object. - @param anchorCertificates An array of anchor certificates. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion Calling this function without also calling - SecTrustSetAnchorCertificatesOnly() will disable trusting any - anchors other than the ones in anchorCertificates. - */ -OSStatus SecTrustSetAnchorCertificates(SecTrustRef trust, - CFArrayRef anchorCertificates) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); - -/*! - @function SecTrustSetAnchorCertificatesOnly - @abstract Reenables trusting anchor certificates in addition to those - passed in via the SecTrustSetAnchorCertificates API. - @param trust A reference to a trust object. - @param anchorCertificatesOnly If true, disables trusting any anchors other - than the ones passed in via SecTrustSetAnchorCertificates(). If false, - the built in anchor certificates are also trusted. - @result A result code. See "Security Error Codes" (SecBase.h). - */ -OSStatus SecTrustSetAnchorCertificatesOnly(SecTrustRef trust, - Boolean anchorCertificatesOnly) - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - -/*! - @function SecTrustCopyCustomAnchorCertificates - @abstract Returns an array of custom anchor certificates used by a given - trust, as set by a prior call to SecTrustSetAnchorCertificates, or NULL if - no custom anchors have been specified. - @param trust A reference to a trust object. - @param anchors On return, an array of custom anchor certificates (roots) - used by this trust, or NULL if no custom anchors have been specified. Call - the CFRelease function to release this reference. - @result A result code. See "Security Error Codes" (SecBase.h). - */ -OSStatus SecTrustCopyCustomAnchorCertificates(SecTrustRef trust, - CFArrayRef * __nonnull CF_RETURNS_RETAINED anchors) - __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_7_0); - -/*! - @function SecTrustSetVerifyDate - @abstract Set the date for which the trust should be verified. - @param trust A reference to a trust object. - @param verifyDate The date for which to verify trust. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function lets you evaluate certificate validity for a - given date (for example, to determine if a signature was valid on the date - it was signed, even if the certificate has since expired.) If this function - is not called, the time at which SecTrustEvaluate() is called is used - implicitly as the verification time. - */ -OSStatus SecTrustSetVerifyDate(SecTrustRef trust, CFDateRef verifyDate) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); - -/*! - @function SecTrustGetVerifyTime - @abstract Returns the verify time. - @param trust A reference to the trust object being verified. - @result A CFAbsoluteTime value representing the time at which certificates - should be checked for validity. - @discussion This function retrieves the verification time for the given - trust reference, as set by a prior call to SecTrustSetVerifyDate(). If the - verification time has not been set, this function returns a value of 0, - indicating that the current date/time is implicitly used for verification. - */ -CFAbsoluteTime SecTrustGetVerifyTime(SecTrustRef trust) - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - -/*! - @function SecTrustEvaluate - @abstract Evaluates a trust reference synchronously. - @param trust A reference to the trust object to evaluate. - @param result A pointer to a result type. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function will completely evaluate trust before returning, - possibly including network access to fetch intermediate certificates or to - perform revocation checking. Since this function can block during those - operations, you should call it from within a function that is placed on a - dispatch queue, or in a separate thread from your application's main - run loop. Alternatively, you can use the SecTrustEvaluateAsync function. - */ -OSStatus SecTrustEvaluate(SecTrustRef trust, SecTrustResultType * __nullable result) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); - -#ifdef __BLOCKS__ -/*! - @function SecTrustEvaluateAsync - @abstract Evaluates a trust reference asynchronously. - @param trust A reference to the trust object to evaluate. - @param queue A dispatch queue on which the result callback should be - executed. Pass NULL to use the current dispatch queue. - @param result A SecTrustCallback block which will be executed when the - trust evaluation is complete. - @result A result code. See "Security Error Codes" (SecBase.h). - */ -OSStatus SecTrustEvaluateAsync(SecTrustRef trust, - dispatch_queue_t __nullable queue, SecTrustCallback result) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_7_0); -#endif - -/*! - @function SecTrustGetTrustResult - @param trust A reference to a trust object. - @param result A pointer to the result from the most recent call to - SecTrustEvaluate for this trust reference. If SecTrustEvaluate has not been - called or trust parameters have changed, the result is kSecTrustResultInvalid. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function replaces SecTrustGetResult for the purpose of - obtaining the current evaluation result of a given trust reference. - */ -OSStatus SecTrustGetTrustResult(SecTrustRef trust, - SecTrustResultType *result) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_7_0); - -/*! - @function SecTrustCopyPublicKey - @abstract Return the public key for a leaf certificate after it has - been evaluated. - @param trust A reference to the trust object which has been evaluated. - @result The certificate's public key, or NULL if it the public key could - not be extracted (this can happen with DSA certificate chains if the - parameters in the chain cannot be found). The caller is responsible - for calling CFRelease on the returned key when it is no longer needed. - */ -__nullable -SecKeyRef SecTrustCopyPublicKey(SecTrustRef trust) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); - -/*! - @function SecTrustGetCertificateCount - @abstract Returns the number of certificates in an evaluated certificate - chain. - @param trust A reference to a trust object. - @result The number of certificates in the trust chain, including the anchor. - @discussion Important: if the trust reference has not yet been evaluated, - this function will evaluate it first before returning. If speed is critical, - you may want to call SecTrustGetTrustResult first to make sure that a - result other than kSecTrustResultInvalid is present for the trust object. - */ -CFIndex SecTrustGetCertificateCount(SecTrustRef trust) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); - -/*! - @function SecTrustGetCertificateAtIndex - @abstract Returns a certificate from the trust chain. - @param trust Reference to a trust object. - @param ix The index of the requested certificate. Indices run from 0 - (leaf) to the anchor (or last certificate found if no anchor was found). - The leaf cert (index 0) is always present regardless of whether the trust - reference has been evaluated or not. - @result A SecCertificateRef for the requested certificate. - */ -__nullable -SecCertificateRef SecTrustGetCertificateAtIndex(SecTrustRef trust, CFIndex ix) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); - -/*! - @function SecTrustCopyExceptions - @abstract Returns an opaque cookie which will allow future evaluations - of the current certificate to succeed. - @param trust A reference to an evaluated trust object. - @result An opaque cookie which when passed to SecTrustSetExceptions() will - cause a call to SecTrustEvaluate() return kSecTrustResultProceed. This - will happen upon subsequent evaluation of the current certificate unless - some new error starts happening that wasn't being reported when the cookie - was returned from this function (for example, if the certificate expires - then evaluation will start failing again until a new cookie is obtained.) - @discussion Normally this API should only be called once the errors have - been presented to the user and the user decided to trust the current - certificate chain regardless of the errors being presented, for the - current application/server/protocol combination. - */ -CFDataRef SecTrustCopyExceptions(SecTrustRef trust) - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); - -/*! - @function SecTrustSetExceptions - @abstract Set a trust cookie to be used for evaluating this certificate chain. - @param trust A reference to a trust object. - @param exceptions An exceptions cookie as returned by a call to - SecTrustCopyExceptions() in the past. You may pass NULL to clear any - exceptions which have been previously set on this trust reference. - @result Upon calling SecTrustEvaluate(), any failures that were present at the - time the exceptions object was created are ignored, and instead of returning - kSecTrustResultRecoverableTrustFailure, kSecTrustResultProceed will be returned - (if the certificate for which exceptions was created matches the current leaf - certificate). - @result Returns true if the exceptions cookies was valid and matches the current - leaf certificate, false otherwise. This function will invalidate the existing - trust result, requiring a subsequent evaluation for the newly-set exceptions. - Note that this function returning true doesn't mean the caller can skip calling - SecTrustEvaluate, as there may be new errors since the exceptions cookie was - created (for example, a certificate may have subsequently expired.) - @discussion Clients of this interface will need to establish the context of this - exception to later decide when this exception cookie is to be used. - Examples of this context would be the server we are connecting to, the ssid - of the wireless network for which this cert is needed, the account for which - this cert should be considered valid, and so on. - */ -bool SecTrustSetExceptions(SecTrustRef trust, CFDataRef __nullable exceptions) - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); - -/*! - @function SecTrustCopyProperties - @abstract Return a property array for this trust evaluation. - @param trust A reference to a trust object. If the trust has not been - evaluated, the returned property array will be empty. - @result A property array. It is the caller's responsibility to CFRelease - the returned array when it is no longer needed. - @discussion This function returns an ordered array of CFDictionaryRef - instances for each certificate in the chain. Indices run from 0 (leaf) to - the anchor (or last certificate found if no anchor was found.) See the - "Trust Property Constants" section for a list of currently defined keys. - */ -__nullable -CFArrayRef SecTrustCopyProperties(SecTrustRef trust) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); - -/*! - @function SecTrustCopyResult - @abstract Returns a dictionary containing information about the - evaluated certificate chain for use by clients. - @param trust A reference to a trust object. - @result A dictionary with various fields that can be displayed to the user, - or NULL if no additional info is available or the trust has not yet been - validated. The caller is responsible for calling CFRelease on the value - returned when it is no longer needed. - @discussion Returns a dictionary for the overall trust evaluation. See the - "Trust Result Constants" section for a list of currently defined keys. - */ -__nullable -CFDictionaryRef SecTrustCopyResult(SecTrustRef trust) - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); - -/*! - @function SecTrustSetOCSPResponse - @abstract Attach OCSPResponse data to a trust object. - @param trust A reference to a trust object. - @param responseData This may be either a CFData object containing a single - DER-encoded OCSPResponse (per RFC 2560), or a CFArray of these. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion Allows the caller to provide OCSPResponse data (which may be - obtained during a TLS/SSL handshake, per RFC 3546) as input to a trust - evaluation. If this data is available, it can obviate the need to contact - an OCSP server for current revocation information. - */ -OSStatus SecTrustSetOCSPResponse(SecTrustRef trust, CFTypeRef __nullable responseData) - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); - -CF_IMPLICIT_BRIDGING_DISABLED -CF_ASSUME_NONNULL_END - -/* - * Legacy functions (OS X only) - */ -#if TARGET_OS_MAC && !TARGET_OS_IPHONE -#include -#include - -CF_ASSUME_NONNULL_BEGIN -CF_IMPLICIT_BRIDGING_ENABLED - -/*! - @typedef SecTrustUserSetting - @abstract Specifies a user-specified trust setting value. - @discussion Deprecated in OS X 10.9. User trust settings are managed by - functions in SecTrustSettings.h (starting with OS X 10.5), and by the - SecTrustCopyExceptions and SecTrustSetExceptions functions (starting with - iOS 4 and OS X 10.9). The latter two functions are recommended for both OS X - and iOS, as they avoid the need to explicitly specify these values. - */ -typedef SecTrustResultType SecTrustUserSetting - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_9, __IPHONE_NA, __IPHONE_NA); - -/*! - @typedef SecTrustOptionFlags - @abstract Options for customizing trust evaluation. - @constant kSecTrustOptionAllowExpired Allow expired certificates. - @constant kSecTrustOptionLeafIsCA Allow CA as leaf certificate. - @constant kSecTrustOptionFetchIssuerFromNet Allow network fetch of CA cert. - @constant kSecTrustOptionAllowExpiredRoot Allow expired roots. - @constant kSecTrustOptionRequireRevPerCert Require positive revocation - check per certificate. - @constant kSecTrustOptionUseTrustSettings Use TrustSettings instead of - anchors. - @constant kSecTrustOptionImplicitAnchors Properly self-signed certs are - treated as anchors implicitly. - */ -typedef CF_OPTIONS(uint32_t, SecTrustOptionFlags) -{ - kSecTrustOptionAllowExpired = 0x00000001, - kSecTrustOptionLeafIsCA = 0x00000002, - kSecTrustOptionFetchIssuerFromNet = 0x00000004, - kSecTrustOptionAllowExpiredRoot = 0x00000008, - kSecTrustOptionRequireRevPerCert = 0x00000010, - kSecTrustOptionUseTrustSettings = 0x00000020, - kSecTrustOptionImplicitAnchors = 0x00000040 -}; - -/*! - @function SecTrustSetOptions - @abstract Sets optional flags for customizing a trust evaluation. - @param trustRef A trust reference. - @param options Flags to change evaluation behavior for this trust. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is not available on iOS. Use SecTrustSetExceptions - and SecTrustCopyExceptions to modify default trust results, and - SecTrustSetNetworkFetchAllowed to specify whether missing CA certificates - can be fetched from the network. - */ -OSStatus SecTrustSetOptions(SecTrustRef trustRef, SecTrustOptionFlags options) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); - -/*! - @function SecTrustSetParameters - @abstract Sets the action and action data for a trust object. - @param trustRef The reference to the trust to change. - @param action A trust action. - @param actionData A reference to data associated with this action. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is deprecated in OS X 10.7 and later, where it - was replaced by SecTrustSetOptions, and is not available on iOS. Your code - should use SecTrustSetExceptions and SecTrustCopyExceptions to modify default - trust results, and SecTrustSetNetworkFetchAllowed to specify whether missing - CA certificates can be fetched from the network. - */ -OSStatus SecTrustSetParameters(SecTrustRef trustRef, - CSSM_TP_ACTION action, CFDataRef actionData) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA); - -/*! - @function SecTrustSetKeychains - @abstract Sets the keychains for a given trust object. - @param trust A reference to a trust object. - @param keychainOrArray A reference to an array of keychains to search, a - single keychain, or NULL to use the default keychain search list. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion By default, the user's keychain search list and the system - anchors keychain are searched for certificates to complete the chain. You - can specify a zero-element array if you do not want any keychains searched. - Note: this function is not applicable to iOS. - */ -OSStatus SecTrustSetKeychains(SecTrustRef trust, CFTypeRef __nullable keychainOrArray) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_NA); - -/*! - @function SecTrustGetResult - @abstract Returns detailed information on the outcome of an evaluation. - @param trustRef A reference to a trust object. - @param result A pointer to the result from the call to SecTrustEvaluate. - @param certChain On return, a pointer to the certificate chain used to - validate the input certificate. Call the CFRelease function to release - this pointer. - @param statusChain On return, a pointer to the status of the certificate - chain. Do not attempt to free this pointer; it remains valid until the - trust is destroyed or the next call to SecTrustEvaluate. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is deprecated in OS X 10.7 and later, - and is not available on iOS. - To get the complete certificate chain, use SecTrustGetCertificateCount and - SecTrustGetCertificateAtIndex. To get detailed status information for each - certificate, use SecTrustCopyProperties. To get the overall trust result - for the evaluation, use SecTrustGetTrustResult. - */ -OSStatus SecTrustGetResult(SecTrustRef trustRef, SecTrustResultType * __nullable result, - CFArrayRef * __nullable CF_RETURNS_RETAINED certChain, CSSM_TP_APPLE_EVIDENCE_INFO * __nullable * __nullable statusChain) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA); - -/*! - @function SecTrustGetCssmResult - @abstract Gets the CSSM trust result. - @param trust A reference to a trust. - @param result On return, a pointer to the CSSM trust result. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is deprecated in OS X 10.7 and later, - and is not available on iOS. - To get detailed status information for each certificate, use - SecTrustCopyProperties. To get the overall trust result for the evaluation, - use SecTrustGetTrustResult. - */ -OSStatus SecTrustGetCssmResult(SecTrustRef trust, - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR __nullable * __nonnull result) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA); - -/*! - @function SecTrustGetCssmResultCode - @abstract Gets the result code from the most recent call to SecTrustEvaluate - for the specified trust. - @param trust A reference to a trust. - @param resultCode On return, the result code produced by the most recent - evaluation of the given trust (cssmerr.h). The value of resultCode is - undefined if SecTrustEvaluate has not been called. - @result A result code. See "Security Error Codes" (SecBase.h). Returns - errSecTrustNotAvailable if SecTrustEvaluate has not been called for the - specified trust. - @discussion This function is deprecated in OS X 10.7 and later, - and is not available on iOS. - To get detailed status information for each certificate, use - SecTrustCopyProperties. To get the overall trust result for the evaluation, - use SecTrustGetTrustResult. - */ -OSStatus SecTrustGetCssmResultCode(SecTrustRef trust, OSStatus *resultCode) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA); - -/*! - @function SecTrustGetTPHandle - @abstract Gets the CSSM trust handle - @param trust A reference to a trust. - @param handle On return, a CSSM trust handle. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is deprecated in OS X 10.7 and later. - */ -OSStatus SecTrustGetTPHandle(SecTrustRef trust, CSSM_TP_HANDLE *handle) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA); - -/*! - @function SecTrustCopyAnchorCertificates - @abstract Returns an array of default anchor (root) certificates used by - the system. - @param anchors On return, an array containing the system's default anchors - (roots). Call the CFRelease function to release this pointer. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is not available on iOS, as certificate data - for system-trusted roots is currently unavailable on that platform. - */ -OSStatus SecTrustCopyAnchorCertificates(CFArrayRef * __nonnull CF_RETURNS_RETAINED anchors) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_NA); - -CF_IMPLICIT_BRIDGING_DISABLED -CF_ASSUME_NONNULL_END - -#endif /* TARGET_OS_MAC && !TARGET_OS_IPHONE */ - -__END_DECLS - -#endif /* !_SECURITY_SECTRUST_H_ */ diff --git a/OSX/libsecurity_keychain/lib/SecTrustOSXEntryPoints.cpp b/OSX/libsecurity_keychain/lib/SecTrustOSXEntryPoints.cpp index bdf7053c..205ccbb2 100644 --- a/OSX/libsecurity_keychain/lib/SecTrustOSXEntryPoints.cpp +++ b/OSX/libsecurity_keychain/lib/SecTrustOSXEntryPoints.cpp @@ -37,6 +37,7 @@ #include #include #include +#include #include #include @@ -46,26 +47,12 @@ #include #include #include +#include /* * MARK: CFRunloop */ -static OSStatus SecLegacySourceChanged(SecKeychainEvent keychainEvent, SecKeychainCallbackInfo *info, __unused void *context) { - if (keychainEvent == kSecAddEvent || keychainEvent == kSecDeleteEvent || keychainEvent == kSecUpdateEvent) { - /* We don't need to purge the cache if the item changed wasn't a cert */ - SecKeychainItemRef item = info->item; - if (item && CFGetTypeID(item) != SecCertificateGetTypeID()) { - return 0; - } - } - // Purge keychain parent cache - SecItemParentCachePurge(); - // Purge unrestricted roots cache - SecTrustSettingsPurgeUserAdminCertsCache(); - return 0; -} - static void *SecTrustOSXCFRunloop(__unused void *unused) { CFRunLoopTimerRef timer = CFRunLoopTimerCreateWithHandler(kCFAllocatorDefault, (CFTimeInterval) UINT_MAX, 0, 0, 0, ^(__unused CFRunLoopTimerRef _timer) { /* do nothing */ @@ -73,12 +60,18 @@ static void *SecTrustOSXCFRunloop(__unused void *unused) { /* add a timer to force the runloop to stay running */ CFRunLoopAddTimer(CFRunLoopGetCurrent(), timer, kCFRunLoopDefaultMode); - /* add keychain callback before we initiate a runloop to avoid it exiting due to no sources */ + /* Register for CertificateTrustNotification */ + + int out_token = 0; + notify_register_dispatch(kSecServerCertificateTrustNotification, &out_token, + dispatch_get_main_queue(), + ^(int token __unused) { + // Purge keychain parent cache + SecItemParentCachePurge(); + // Purge unrestricted roots cache + SecTrustSettingsPurgeUserAdminCertsCache(); - SecKeychainEventMask trustdMask = (kSecAddEventMask | kSecDeleteEventMask | kSecUpdateEventMask | - kSecDefaultChangedEventMask | kSecKeychainListChangedMask | - kSecTrustSettingsChangedEventMask); - SecKeychainAddCallback(SecLegacySourceChanged, trustdMask, NULL); + }); try { CFRunLoopRun(); @@ -145,7 +138,7 @@ static OSStatus cssmReturnToOSStatus(CSSM_RETURN crtn) { } #define PEM_STRING_X509 "CERTIFICATE" -static CFDataRef serializedPathToPemSequences(CFArrayRef certs) { +static CFDataRef CF_RETURNS_RETAINED serializedPathToPemSequences(CFArrayRef certs) { CFMutableDataRef result = NULL; CFIndex certIX, certCount; require_quiet(certs, out); diff --git a/OSX/libsecurity_keychain/lib/SecTrustSettings.cpp b/OSX/libsecurity_keychain/lib/SecTrustSettings.cpp index b04b1ba2..c4bb5738 100644 --- a/OSX/libsecurity_keychain/lib/SecTrustSettings.cpp +++ b/OSX/libsecurity_keychain/lib/SecTrustSettings.cpp @@ -244,7 +244,7 @@ static void tsPurgeCache() StLock _(sutCacheLock()); trustSettingsDbg("tsPurgeCache"); for(domain=0; domain -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -CF_ASSUME_NONNULL_BEGIN - -/* - * Any certificate (cert) which resides in a keychain can have associated with - * it a set of Trust Settings. Trust Settings specify conditions in which a - * given cert can be trusted or explicitly distrusted. A "trusted" cert is - * either a root (self-signed) cert that, when a cert chain verifies back to that - * root, the entire cert chain is trusted; or a non-root cert that does not need - * to verify to a trusted root cert (which is normally the case when verifying a - * cert chain). An "explicitly distrusted" cert is one which will, when encountered - * during the evaluation of a cert chain, cause immediate and unconditional failure - * of the verify operation. - * - * Trust Settings are configurable by the user; they can apply on three levels - * (called domains): - * - * -- Per-user. - * -- Locally administered, system-wide. Administrator privileges are required - * to make changes to this domain. - * -- System. These Trust Settings are immutable and comprise the set of trusted - * root certificates supplied in Mac OS X. - * - * Per-user Trust Settings override locally administered Trust Settings, which - * in turn override the System Trust Settings. - * - * Each cert's Trust Settings are expressed as a CFArray which includes any - * number (including zero) of CFDictionaries, each of which comprises one set of - * Usage Constraints. Each Usage Constraints dictionary contains zero or one of - * each the following components: - * - * key = kSecTrustSettingsPolicy value = SecPolicyRef - * key = kSecTrustSettingsApplication value = SecTrustedApplicationRef - * key = kSecTrustSettingsPolicyString value = CFString, policy-specific - * key = kSecTrustSettingsKeyUsage value = CFNumber, an SInt32 key usage - * - * A given Usage Constraints dictionary applies to a given cert if *all* of the - * usage constraint components specified in the dictionary match the usage of - * the cert being evaluated; when this occurs, the value of the - * kSecTrustSettingsResult entry in the dictionary, shown below, is the effective - * trust setting for the cert. - * - * key = kSecTrustSettingsResult value = CFNumber, an SInt32 SecTrustSettingsResult - * - * The overall Trust Settings of a given cert are the sum of all such Usage - * Constraints CFDictionaries: Trust Settings for a given usage apply if *any* - * of the CFDictionaries in the cert's Trust Settings array satisfies - * the specified usage. Thus, when a cert has multiple Usage Constraints - * dictionaries in its Trust Settings array, the overall Trust Settings - * for the cert are - * - * (Usage Constraint 0 component 0 AND Usage Constraint 0 component 1 ...) - * -- OR -- - * (Usage Constraint 1 component 0 AND Usage Constraint 1 component 1 ...) - * -- OR -- - * ... - * - * Notes on the various Usage Constraints components: - * - * kSecTrustSettingsPolicy Specifies a cert verification policy, e.g., SSL, - * SMIME, etc. - * kSecTrustSettingsApplication Specifies the application performing the cert - * verification. - * kSecTrustSettingsPolicyString Policy-specific. For the SMIME policy, this is - * an email address. - * For the SSL policy, this is a host name. - * kSecTrustSettingsKeyUsage A bitfield indicating key operations (sign, - * encrypt, etc.) for which this Usage Constraint - * apply. Values are defined below as the - * SecTrustSettingsKeyUsage enum. - * kSecTrustSettingsResult The resulting trust value. If not present this has a - * default of kSecTrustSettingsResultTrustRoot, meaning - * "trust this root cert". Other legal values are: - * kSecTrustSettingsResultTrustAsRoot : trust non-root - * cert as if it were a trusted root. - * kSecTrustSettingsResultDeny : explicitly distrust this - * cert. - * kSecTrustSettingsResultUnspecified : neither trust nor - * distrust; can be used to specify an "Allowed error" - * (see below) without assigning trust to a specific - * cert. - * - * Another optional component in a Usage Constraints dictionary is a CSSM_RETURN - * which, if encountered during certificate verification, is ignored for that - * cert. These "allowed error" values are constrained by Usage Constraints as - * described above; a Usage Constraint dictionary with no constraints but with - * an Allowed Error value causes that error to always be allowed when the cert - * is being evaluated. - * - * The "allowed error" entry in a Usage Constraints dictionary is formatted - * as follows: - * - * key = kSecTrustSettingsAllowedError value = CFNumber, an SInt32 CSSM_RETURN - * - * Note that if kSecTrustSettingsResult value of kSecTrustSettingsResultUnspecified - * is *not* present for a Usage Constraints dictionary with no Usage - * Constraints, the default of kSecTrustSettingsResultTrustRoot is assumed. To - * specify a kSecTrustSettingsAllowedError without explicitly trusting (or - * distrusting) the associated cert, specify kSecTrustSettingsResultUnspecified - * for the kSecTrustSettingsResult component. - * - * Note that an empty Trust Settings array means "always trust this cert, - * with a resulting kSecTrustSettingsResult of kSecTrustSettingsResultTrustRoot". - * An empty Trust Settings array is definitely not the same as *no* Trust - * Settings, which means "this cert must be verified to a known trusted cert". - * - * Note the distinction between kSecTrustSettingsResultTrustRoot and - * kSecTrustSettingsResultTrustAsRoot; the former can only be applied to - * root (self-signed) certs; the latter can only be applied to non-root - * certs. This also means that an empty TrustSettings array for a non-root - * cert is invalid, since the default value for kSecTrustSettingsResult is - * kSecTrustSettingsResultTrustRoot, which is invalid for a non-root cert. - * - * Authentication - * -------------- - * - * When making changes to the per-user Trust Settings, the user will be - * prompted with an alert panel asking for authentication via user name a - * password (or other credentials normally used for login). This means - * that it is not possible to modify per-user Trust Settings when not - * running in a GUI environment (i.e. the user is not logged in via - * Loginwindow). - * - * When making changes to the system-wide Trust Settings, the user will be - * prompted with an alert panel asking for an administrator's name and - * password, unless the calling process is running as root in which case - * no futher authentication is needed. - */ - -/* - * The keys in one Usage Constraints dictionary. - */ -#define kSecTrustSettingsPolicy CFSTR("kSecTrustSettingsPolicy") -#define kSecTrustSettingsApplication CFSTR("kSecTrustSettingsApplication") -#define kSecTrustSettingsPolicyString CFSTR("kSecTrustSettingsPolicyString") -#define kSecTrustSettingsKeyUsage CFSTR("kSecTrustSettingsKeyUsage") -#define kSecTrustSettingsAllowedError CFSTR("kSecTrustSettingsAllowedError") -#define kSecTrustSettingsResult CFSTR("kSecTrustSettingsResult") - -/* - * Key usage bits, the value for Usage Constraints key kSecTrustSettingsKeyUsage. - */ -typedef CF_OPTIONS(uint32, SecTrustSettingsKeyUsage) { - /* sign/verify data */ - kSecTrustSettingsKeyUseSignature = 0x00000001, - /* bulk encryption */ - kSecTrustSettingsKeyUseEnDecryptData = 0x00000002, - /* key wrap/unwrap */ - kSecTrustSettingsKeyUseEnDecryptKey = 0x00000004, - /* sign/verify cert */ - kSecTrustSettingsKeyUseSignCert = 0x00000008, - /* sign/verify CRL and OCSP */ - kSecTrustSettingsKeyUseSignRevocation = 0x00000010, - /* key exchange, e.g., Diffie-Hellman */ - kSecTrustSettingsKeyUseKeyExchange = 0x00000020, - /* any usage (the default if this value is not specified) */ - kSecTrustSettingsKeyUseAny = 0xffffffff -}; - -/* - * The effective Trust Setting result. - */ -typedef CF_ENUM(uint32, SecTrustSettingsResult) { - kSecTrustSettingsResultInvalid = 0, /* Never valid in a Trust Settings array or - * in an API call. */ - kSecTrustSettingsResultTrustRoot, /* Root cert is explicitly trusted */ - kSecTrustSettingsResultTrustAsRoot, /* Non-root cert is explicitly trusted */ - kSecTrustSettingsResultDeny, /* Cert is explicitly distrusted */ - kSecTrustSettingsResultUnspecified /* Neither trusted nor distrusted; evaluation - * proceeds as usual */ -}; - -/* - * Specify user, local administrator, or system domain Trust Settings. - * Note that kSecTrustSettingsDomainSystem settings are read-only, even by - * root. - */ -typedef CF_ENUM(uint32, SecTrustSettingsDomain) { - kSecTrustSettingsDomainUser = 0, - kSecTrustSettingsDomainAdmin, - kSecTrustSettingsDomainSystem -}; - -/* - * SecCertificateRef value indicating the default Root Certificate Trust Settings - * for a given domain. When evaluating Trust Settings for a root cert in - * a given domain, *and* no matching explicit Trust Settings exists for the - * root cert in questions, *and* default Root Cert Trust Settings exist - * in that domain which matches the evaluation condition, then the - * SecTrustSettingsResult for that default Trust Setting (if not - * kSecTrustSettingsResultUnspecified) will apply. - * - * This can be used e.g. by a system administrator to explicitly distrust all - * of the root certs in the (immutable) system domain for a specific policy. - * - * This const is passed as the 'SecCertificateRef certRef' argument to - * SecTrustSettingsCopyTrustSettings(), SecTrustSettingsSetTrustSettings(), - * and SecTrustSettingsRemoveTrustSettings(), and - * SecTrustSettingsCopyModificationDate(). - */ -#define kSecTrustSettingsDefaultRootCertSetting ((SecCertificateRef)-1) - -/* - * Obtain Trust Settings for specified cert. - * Caller must CFRelease() the returned CFArray. - * Returns errSecItemNotFound if no Trust settings exist for the cert. - */ -OSStatus SecTrustSettingsCopyTrustSettings( - SecCertificateRef certRef, - SecTrustSettingsDomain domain, - CFArrayRef * __nonnull CF_RETURNS_RETAINED trustSettings); /* RETURNED */ - -/* - * Specify Trust Settings for specified cert. If specified cert - * already has Trust Settings in the specified domain, they will - * be replaced. - * The trustSettingsDictOrArray parameter is either a CFDictionary, - * a CFArray of them, or NULL. NULL indicates "always trust this - * root cert regardless of usage". - */ -OSStatus SecTrustSettingsSetTrustSettings( - SecCertificateRef certRef, - SecTrustSettingsDomain domain, - CFTypeRef __nullable trustSettingsDictOrArray); - -/* - * Delete Trust Settings for specified cert. - * Returns errSecItemNotFound if no Trust settings exist for the cert. - */ -OSStatus SecTrustSettingsRemoveTrustSettings( - SecCertificateRef certRef, - SecTrustSettingsDomain domain); - -/* - * Obtain an array of all certs which have Trust Settings in the - * specified domain. Elements in the returned certArray are - * SecCertificateRefs. - * Caller must CFRelease() the returned array. - * Returns errSecNoTrustSettings if no trust settings exist - * for the specified domain. - */ -OSStatus SecTrustSettingsCopyCertificates( - SecTrustSettingsDomain domain, - CFArrayRef * __nullable CF_RETURNS_RETAINED certArray); - -/* - * Obtain the time at which a specified cert's Trust Settings - * were last modified. Caller must CFRelease the result. - * Returns errSecItemNotFound if no Trust Settings exist for specified - * cert and domain. - */ -OSStatus SecTrustSettingsCopyModificationDate( - SecCertificateRef certRef, - SecTrustSettingsDomain domain, - CFDateRef * __nonnull CF_RETURNS_RETAINED modificationDate); /* RETURNED */ - -/* - * Obtain an external, portable representation of the specified - * domain's TrustSettings. Caller must CFRelease the returned data. - * Returns errSecNoTrustSettings if no trust settings exist - * for the specified domain. - */ -OSStatus SecTrustSettingsCreateExternalRepresentation( - SecTrustSettingsDomain domain, - CFDataRef * __nonnull CF_RETURNS_RETAINED trustSettings); - -/* - * Import trust settings, obtained via SecTrustSettingsCreateExternalRepresentation, - * into the specified domain. - */ -OSStatus SecTrustSettingsImportExternalRepresentation( - SecTrustSettingsDomain domain, - CFDataRef trustSettings); - -CF_ASSUME_NONNULL_END - -#ifdef __cplusplus -} -#endif - -#endif /* _SECURITY_SEC_TRUST_SETTINGS_H_ */ - diff --git a/OSX/libsecurity_keychain/lib/SecTrustSettingsPriv.h b/OSX/libsecurity_keychain/lib/SecTrustSettingsPriv.h deleted file mode 100644 index b663df1e..00000000 --- a/OSX/libsecurity_keychain/lib/SecTrustSettingsPriv.h +++ /dev/null @@ -1,160 +0,0 @@ -/* - * Copyright (c) 2006,2011,2014-2015 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/* - * SecTrustSettingsPriv.h - TrustSettings SPI functions. - */ - -#ifndef _SEC_TRUST_SETTINGS_PRIV_H_ -#define _SEC_TRUST_SETTINGS_PRIV_H_ - -#include -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * A private key in the Usage Contraints dictionary. - */ -#define kSecTrustSettingsPolicyName CFSTR("kSecTrustSettingsPolicyName") - -/* - * Fundamental routine used by TP to ascertain status of one cert. - * - * Returns true in *foundMatchingEntry if a trust setting matching - * specific constraints was found for the cert. Returns true in - * *foundAnyEntry if any entry was found for the cert, even if it - * did not match the specified constraints. The TP uses this to - * optimize for the case where a cert is being evaluated for - * one type of usage, and then later for another type. If - * foundAnyEntry is false, the second evaluation need not occur. - * - * Returns the domain in which a setting was found in *foundDomain. - * - * Allowed errors applying to the specified cert evaluation - * are returned in a mallocd array in *allowedErrors and must - * be freed by caller. - */ -OSStatus SecTrustSettingsEvaluateCert( - CFStringRef certHashStr, - /* parameters describing the current cert evalaution */ - const CSSM_OID *policyOID, - const char *policyString, /* optional */ - uint32 policyStringLen, - SecTrustSettingsKeyUsage keyUsage, /* optional */ - bool isRootCert, /* for checking default setting */ - /* RETURNED values */ - SecTrustSettingsDomain *foundDomain, - CSSM_RETURN **allowedErrors, /* mallocd and RETURNED */ - uint32 *numAllowedErrors, /* RETURNED */ - SecTrustSettingsResult *resultType, /* RETURNED */ - bool *foundMatchingEntry,/* RETURNED */ - bool *foundAnyEntry); /* RETURNED */ - -/* - * Obtain trusted certs which match specified usage. - * Only certs with a SecTrustSettingsResult of - * kSecTrustSettingsResultTrustRoot or - * or kSecTrustSettingsResultTrustAsRoot will be returned. - * - * To be used by SecureTransport for its (hopefully soon-to-be- - * deprecated) SSLSetTrustedRoots() call; I hope nothing else has - * to use this... - * - * Caller must CFRelease the returned CFArrayRef. - */ -OSStatus SecTrustSettingsCopyQualifiedCerts( - const CSSM_OID *policyOID, - const char *policyString, /* optional */ - uint32 policyStringLen, - SecTrustSettingsKeyUsage keyUsage, /* optional */ - CFArrayRef *certArray); /* RETURNED */ - -/* - * Obtain unrestricted root certificates from the specified domain(s). - * Only returns root certificates with no usage constraints. - * Caller must CFRelease the returned CFArrayRef. - */ -OSStatus SecTrustSettingsCopyUnrestrictedRoots( - Boolean userDomain, - Boolean adminDomain, - Boolean systemDomain, - CFArrayRef *certArray); /* RETURNED */ - -/* - * Obtain a string representing a cert's SHA1 digest. This string is - * the key used to look up per-cert trust settings in a TrustSettings record. - */ -CFStringRef SecTrustSettingsCertHashStrFromCert( - SecCertificateRef certRef); - -CFStringRef SecTrustSettingsCertHashStrFromData( - const void *cert, - size_t certLen); - -/* - * Add a cert's TrustSettings to a non-persistent TrustSettings record. - * Primarily intended for use in creating a system TrustSettings record - * (which is itself immutable via this module). - * - * The settingsIn argument is an external representation of a TrustSettings - * record, obtained from this function or from - * SecTrustSettingsCreateExternalRepresentation(). - * If settingsIn is NULL, a new (empty) TrustSettings will be created. - * - * The certRef and trustSettingsDictOrArray arguments are as in - * SecTrustSettingsSetTrustSettings(). May be NULL, when e.g. creating - * a new and empty TrustSettings record. - * - * The external representation is written to the settingOut argument, - * which must eventually be CFReleased by the caller. - */ -OSStatus SecTrustSettingsSetTrustSettingsExternal( - CFDataRef settingsIn, /* optional */ - SecCertificateRef certRef, /* optional */ - CFTypeRef trustSettingsDictOrArray, /* optional */ - CFDataRef *settingsOut); /* RETURNED */ - -/* - * Purge the cache of User and Admin Certs - */ -void SecTrustSettingsPurgeUserAdminCertsCache(void); - -/* - * A wrapper around SecTrustSettingsCopyCertificates that combines user and admin - * domain outputs. - */ -OSStatus SecTrustSettingsCopyCertificatesForUserAdminDomains( - CFArrayRef CF_RETURNS_RETAINED *certArray); - -#ifdef __cplusplus -} -#endif - -#endif /* _SEC_TRUST_SETTINGS_PRIV_H_ */ - diff --git a/OSX/libsecurity_keychain/lib/TrustAdditions.cpp b/OSX/libsecurity_keychain/lib/TrustAdditions.cpp index a79bfaff..8d88ba8d 100644 --- a/OSX/libsecurity_keychain/lib/TrustAdditions.cpp +++ b/OSX/libsecurity_keychain/lib/TrustAdditions.cpp @@ -80,18 +80,18 @@ static const char *X509ANCHORS_SYSTEM_PATH = "/System/Library/Keychains/X509Anch // // Static functions // -static CFArrayRef _allowedRootCertificatesForOidString(CFStringRef oidString); +static CFArrayRef CF_RETURNS_RETAINED _allowedRootCertificatesForOidString(CFStringRef oidString); static CSSM_DATA_PTR _copyFieldDataForOid(CSSM_OID_PTR oid, CSSM_DATA_PTR cert, CSSM_CL_HANDLE clHandle); -static CFStringRef _decimalStringForOid(CSSM_OID_PTR oid); -static CFDictionaryRef _evCAOidDict(); +static CFStringRef CF_RETURNS_RETAINED _decimalStringForOid(CSSM_OID_PTR oid); +static CFDictionaryRef CF_RETURNS_RETAINED _evCAOidDict(); static void _freeFieldData(CSSM_DATA_PTR value, CSSM_OID_PTR oid, CSSM_CL_HANDLE clHandle); -static CFStringRef _oidStringForCertificatePolicies(const CE_CertPolicies *certPolicies); +static CFStringRef CF_RETURNS_RETAINED _oidStringForCertificatePolicies(const CE_CertPolicies *certPolicies); static SecCertificateRef _rootCertificateWithSubjectOfCertificate(SecCertificateRef certificate); static SecCertificateRef _rootCertificateWithSubjectKeyIDOfCertificate(SecCertificateRef certificate); // utility function to safely release (and clear) the given CFTypeRef variable. // -static void SafeCFRelease(void *cfTypeRefPtr) +static void SafeCFRelease(void * CF_CONSUMED cfTypeRefPtr) { CFTypeRef *obj = (CFTypeRef *)cfTypeRefPtr; if (obj && *obj) { @@ -554,7 +554,7 @@ static SecCertificateRef _rootCertificateWithSubjectKeyIDOfCertificate(SecCertif // for the given EV OID (a hex string); caller must release the array // static -CFArrayRef _possibleRootCertificatesForOidString(CFStringRef oidString) +CFArrayRef CF_RETURNS_RETAINED _possibleRootCertificatesForOidString(CFStringRef oidString) { StLock _(SecTrustKeychainsGetMutex()); @@ -648,19 +648,15 @@ CFArrayRef _allowedRootCertificatesForOidString(CFStringRef oidString) CFIndex idx, count = CFArrayGetCount(possibleRootCertificates); for (idx=0; idx gOidStringForCertificatePoliciesMutex; -static CFStringRef _oidStringForCertificatePolicies(const CE_CertPolicies *certPolicies) +static CFStringRef CF_RETURNS_RETAINED _oidStringForCertificatePolicies(const CE_CertPolicies *certPolicies) { StLock _(gOidStringForCertificatePoliciesMutex()); diff --git a/OSX/libsecurity_keychain/lib/TrustAdditions.h b/OSX/libsecurity_keychain/lib/TrustAdditions.h index 8112929a..222fc28a 100644 --- a/OSX/libsecurity_keychain/lib/TrustAdditions.h +++ b/OSX/libsecurity_keychain/lib/TrustAdditions.h @@ -36,8 +36,8 @@ extern "C" { #endif -CFArrayRef potentialEVChainWithCertificates(CFArrayRef certificates); -CFArrayRef allowedEVRootsForLeafCertificate(CFArrayRef certificates); +CFArrayRef CF_RETURNS_RETAINED potentialEVChainWithCertificates(CFArrayRef certificates); +CFArrayRef CF_RETURNS_RETAINED allowedEVRootsForLeafCertificate(CFArrayRef certificates); bool isOCSPStatusCode(CSSM_RETURN statusCode); bool isCRLStatusCode(CSSM_RETURN statusCode); bool isRevocationStatusCode(CSSM_RETURN statusCode); diff --git a/OSX/libsecurity_keychain/lib/TrustItem.cpp b/OSX/libsecurity_keychain/lib/TrustItem.cpp index ac8567ff..ba59b5eb 100644 --- a/OSX/libsecurity_keychain/lib/TrustItem.cpp +++ b/OSX/libsecurity_keychain/lib/TrustItem.cpp @@ -41,7 +41,7 @@ namespace KeychainCore { // Construct a UserTrustItem from attributes and initial content // UserTrustItem::UserTrustItem(Certificate *cert, Policy *policy, const TrustData &trustData) : - ItemImpl(CSSM_DL_DB_RECORD_USER_TRUST, + ItemImpl((SecItemClass)CSSM_DL_DB_RECORD_USER_TRUST, reinterpret_cast(NULL), UInt32(sizeof(trustData)), reinterpret_cast(&trustData)), diff --git a/OSX/libsecurity_keychain/lib/TrustKeychains.h b/OSX/libsecurity_keychain/lib/TrustKeychains.h index f13f18ca..3b7a8619 100644 --- a/OSX/libsecurity_keychain/lib/TrustKeychains.h +++ b/OSX/libsecurity_keychain/lib/TrustKeychains.h @@ -39,7 +39,7 @@ extern "C" { /*! @function SecTrustKeychainsGetMutex @abstract Get the global mutex for accessing trust keychains during an evaluation - @param result On return, a reference to the global mutex which manages access to trust keychains + @return On return, a reference to the global mutex which manages access to trust keychains @discussion This function is intended to be used by C++ implementation layers to share a common global mutex for managing access to trust keychains (i.e. the root certificate store). */ diff --git a/OSX/libsecurity_keychain/lib/TrustSettings.cpp b/OSX/libsecurity_keychain/lib/TrustSettings.cpp index 4d602799..ceafbb01 100644 --- a/OSX/libsecurity_keychain/lib/TrustSettings.cpp +++ b/OSX/libsecurity_keychain/lib/TrustSettings.cpp @@ -40,6 +40,8 @@ #include #include #include +#include +#include #include #include #include @@ -179,6 +181,7 @@ static bool tsCheckPolicyStr( if (certPolicyStrNoNULL == NULL) { /* I really don't see how this can happen either */ trustSettingsEvalDbg("tsCheckPolicyStr: policyStr string conversion error 2"); + CFReleaseNull(cfPolicyStr); return false; } @@ -628,10 +631,6 @@ bool TrustSettings::evaluateCert( /* get trust settings dictionary for this cert */ CFDictionaryRef certDict = findDictionaryForCertHash(certHashStr); - if((certDict == NULL) && isRootCert) { - /* No? How about default root setting for this domain? */ - certDict = findDictionaryForCertHash(kSecTrustRecordDefaultRootCert); - } #if CERT_HASH_DEBUG /* @@@ debug only @@@ */ /* print certificate hash and found dictionary reference */ @@ -807,7 +806,7 @@ void TrustSettings::findQualifiedCerts( CFRef certSet(CFSetCreateMutable(NULL, 0, &kCFTypeSetCallBacks)); /* search: all certs, no attributes */ - KCCursor cursor(keychains, CSSM_DL_DB_RECORD_X509_CERTIFICATE, NULL); + KCCursor cursor(keychains, (SecItemClass) CSSM_DL_DB_RECORD_X509_CERTIFICATE, NULL); Item certItem; bool found; unsigned int total=0, entries=0, qualified=0; @@ -817,9 +816,7 @@ void TrustSettings::findQualifiedCerts( break; } ++total; - #if !SECTRUST_OSX - CFRef certRef((SecCertificateRef)certItem->handle()); - #else + /* must convert to unified SecCertificateRef */ SecPointer certificate(static_cast(&*certItem)); CssmData certCssmData; @@ -832,7 +829,6 @@ void TrustSettings::findQualifiedCerts( } CFRef cfDataRef(CFDataCreate(NULL, certCssmData.Data, certCssmData.Length)); CFRef certRef(SecCertificateCreateWithData(NULL, cfDataRef)); - #endif /* do we have an entry for this cert? */ CFDictionaryRef certDict = findDictionaryForCert(certRef); @@ -937,7 +933,7 @@ CFArrayRef TrustSettings::copyTrustSettings( SecPolicyRef policyRef = NULL; if (CFDataGetTypeID() == CFGetTypeID(certPolicy)) { /* convert OID as CFDataRef to SecPolicyRef */ - CSSM_OID policyOid = { CFDataGetLength((CFDataRef)certPolicy), + CSSM_OID policyOid = { int_cast(CFDataGetLength((CFDataRef)certPolicy)), (uint8 *)CFDataGetBytePtr((CFDataRef)certPolicy) }; OSStatus ortn = SecPolicyCopy(CSSM_CERT_X_509v3, &policyOid, &policyRef); if(ortn) { @@ -1306,7 +1302,7 @@ CFArrayRef TrustSettings::validateApiTrustSettings( ortn = errSecParam; break; } - result = resultNum; + result = (SecTrustSettingsResult) resultNum; /* validate result later */ keyUsage = (CFNumberRef)CFDictionaryGetValue(ucDict, kSecTrustSettingsKeyUsage); @@ -1597,11 +1593,7 @@ void TrustSettings::copyIssuerAndSerial( CFDataRef *issuer, /* optional, RETURNED */ CFDataRef *serial) /* RETURNED */ { -#if SECTRUST_OSX CFRef certificate = SecCertificateCreateItemImplInstance(certRef); -#else - CFRef certificate = (SecCertificateRef) ((certRef) ? CFRetain(certRef) : NULL); -#endif SecPointer cert = Certificate::required(certificate); CSSM_DATA_PTR fieldVal; diff --git a/OSX/libsecurity_keychain/lib/TrustSettings.h b/OSX/libsecurity_keychain/lib/TrustSettings.h index ffebdd33..f64e2551 100644 --- a/OSX/libsecurity_keychain/lib/TrustSettings.h +++ b/OSX/libsecurity_keychain/lib/TrustSettings.h @@ -30,7 +30,7 @@ #include "SecTrust.h" #include -#include +#include /* * Clarification of the bool arguments to our main constructor. diff --git a/OSX/libsecurity_keychain/lib/TrustSettingsUtils.h b/OSX/libsecurity_keychain/lib/TrustSettingsUtils.h index 0b1191c5..dacacc31 100644 --- a/OSX/libsecurity_keychain/lib/TrustSettingsUtils.h +++ b/OSX/libsecurity_keychain/lib/TrustSettingsUtils.h @@ -29,7 +29,7 @@ #define _TRUST_SETTINGS_UTILS_H_ #include -#include +#include #include #include #include diff --git a/OSX/libsecurity_keychain/lib/TrustStore.cpp b/OSX/libsecurity_keychain/lib/TrustStore.cpp index 521c3fa6..abdfa2a3 100644 --- a/OSX/libsecurity_keychain/lib/TrustStore.cpp +++ b/OSX/libsecurity_keychain/lib/TrustStore.cpp @@ -30,7 +30,7 @@ #include #include #include -#include +#include namespace Security { namespace KeychainCore { diff --git a/OSX/libsecurity_keychain/lib/UnlockReferralItem.cpp b/OSX/libsecurity_keychain/lib/UnlockReferralItem.cpp index 382ed8f4..3796e63d 100644 --- a/OSX/libsecurity_keychain/lib/UnlockReferralItem.cpp +++ b/OSX/libsecurity_keychain/lib/UnlockReferralItem.cpp @@ -37,7 +37,7 @@ namespace KeychainCore { // Construct a UnlockReferralItem from attributes and initial content // UnlockReferralItem::UnlockReferralItem() : - ItemImpl(CSSM_DL_DB_RECORD_UNLOCK_REFERRAL, + ItemImpl((SecItemClass) CSSM_DL_DB_RECORD_UNLOCK_REFERRAL, reinterpret_cast(NULL), UInt32(0/*size*/), NULL/*data*/) diff --git a/OSX/libsecurity_keychain/lib/defaultcreds.cpp b/OSX/libsecurity_keychain/lib/defaultcreds.cpp index cee6e780..baf11213 100644 --- a/OSX/libsecurity_keychain/lib/defaultcreds.cpp +++ b/OSX/libsecurity_keychain/lib/defaultcreds.cpp @@ -136,7 +136,7 @@ bool DefaultCredentials::unlockKey(const UnlockReferralRecord &ref, const Keycha CSSM_DB_RECORDTYPE recordType = (ref.type() == CSSM_APPLE_UNLOCK_TYPE_KEY_DIRECT) ? CSSM_DL_DB_RECORD_SYMMETRIC_KEY : CSSM_DL_DB_RECORD_PRIVATE_KEY; - KCCursor cursor(list, recordType, &search); + KCCursor cursor(list, (SecItemClass) recordType, &search); Item keyItem; while (cursor->next(keyItem)) { diff --git a/OSX/libsecurity_keychain/lib/security_keychain.exp b/OSX/libsecurity_keychain/lib/security_keychain.exp deleted file mode 100644 index e2b051de..00000000 --- a/OSX/libsecurity_keychain/lib/security_keychain.exp +++ /dev/null @@ -1,786 +0,0 @@ -# -# Copyright (c) 2003-2015 Apple Inc. All Rights Reserved. -# -# @APPLE_LICENSE_HEADER_START@ -# -# This file contains Original Code and/or Modifications of Original Code -# as defined in and that are subject to the Apple Public Source License -# Version 2.0 (the 'License'). You may not use this file except in -# compliance with the License. Please obtain a copy of the License at -# http://www.opensource.apple.com/apsl/ and read it before using this -# file. -# -# The Original Code and all software distributed under the License are -# distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER -# EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, -# INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. -# Please see the License for the specific language governing rights and -# limitations under the License. -# -# @APPLE_LICENSE_HEADER_END@ -# -_cssmErrorString -_cssmPerror -_kSecACLAuthorizationAny -_kSecACLAuthorizationLogin -_kSecACLAuthorizationGenKey -_kSecACLAuthorizationDelete -_kSecACLAuthorizationExportWrapped -_kSecACLAuthorizationExportClear -_kSecACLAuthorizationImportWrapped -_kSecACLAuthorizationImportClear -_kSecACLAuthorizationSign -_kSecACLAuthorizationEncrypt -_kSecACLAuthorizationDecrypt -_kSecACLAuthorizationMAC -_kSecACLAuthorizationDerive -_kSecACLAuthorizationKeychainCreate -_kSecACLAuthorizationKeychainDelete -_kSecACLAuthorizationKeychainItemRead -_kSecACLAuthorizationKeychainItemInsert -_kSecACLAuthorizationKeychainItemModify -_kSecACLAuthorizationKeychainItemDelete -_kSecIdentityDomainDefault -_kSecIdentityDomainKerberosKDC -_kSecClass -_kSecClassGenericPassword -_kSecClassInternetPassword -_kSecClassAppleSharePassword -_kSecClassCertificate -_kSecClassKey -_kSecClassIdentity -_kSecAttrAccess -_kSecAttrCreationDate -_kSecAttrModificationDate -_kSecAttrDescription -_kSecAttrComment -_kSecAttrCreator -_kSecAttrType -_kSecAttrLabel -_kSecAttrIsInvisible -_kSecAttrIsNegative -_kSecAttrAccount -_kSecAttrService -_kSecAttrGeneric -_kSecAttrSecurityDomain -_kSecAttrServer -_kSecAttrProtocol -_kSecAttrAuthenticationType -_kSecAttrPort -_kSecAttrPath -_kSecAttrVolume -_kSecAttrAddress -_kSecAttrAFPServerSignature -_kSecAttrAlias -_kSecAttrSubject -_kSecAttrIssuer -_kSecAttrSerialNumber -_kSecAttrSubjectKeyID -_kSecAttrPublicKeyHash -_kSecAttrCertificateType -_kSecAttrCertificateEncoding -_kSecAttrKeyClass -_kSecAttrApplicationLabel -_kSecAttrIsPermanent -_kSecAttrIsPrivate -_kSecAttrIsModifiable -_kSecAttrApplicationTag -_kSecAttrKeyCreator -_kSecAttrKeyType -_kSecAttrKeySizeInBits -_kSecAttrEffectiveKeySize -_kSecAttrStartDate -_kSecAttrEndDate -_kSecAttrIsSensitive -_kSecAttrWasAlwaysSensitive -_kSecAttrIsExtractable -_kSecAttrWasNeverExtractable -_kSecAttrCanEncrypt -_kSecAttrCanDecrypt -_kSecAttrCanDerive -_kSecAttrCanSign -_kSecAttrCanVerify -_kSecAttrCanSignRecover -_kSecAttrCanVerifyRecover -_kSecAttrCanWrap -_kSecAttrCanUnwrap -_kSecAttrScriptCode -_kSecAttrHasCustomIcon -_kSecAttrCRLType -_kSecAttrCRLEncoding -_kSecAttrAccessGroup -_kSecAttrAccessGroupToken -_kSecAttrSynchronizable -_kSecAttrSyncViewHint -_kSecMatchPolicy -_kSecMatchItemList -_kSecMatchSearchList -_kSecMatchIssuers -_kSecMatchEmailAddressIfPresent -_kSecMatchSubjectContains -_kSecMatchSubjectStartsWith -_kSecMatchSubjectEndsWith -_kSecMatchSubjectWholeString -_kSecMatchCaseInsensitive -_kSecMatchDiacriticInsensitive -_kSecMatchWidthInsensitive -_kSecMatchTrustedOnly -_kSecMatchValidOnDate -_kSecMatchLimit -_kSecMatchLimitOne -_kSecMatchLimitAll -_kSecReturnData -_kSecReturnAttributes -_kSecReturnRef -_kSecReturnPersistentRef -_kSecValueData -_kSecValueRef -_kSecValuePersistentRef -_kSecUseItemList -_kSecUseKeychain -_kSecAttrProtocolFTP -_kSecAttrProtocolFTPAccount -_kSecAttrProtocolHTTP -_kSecAttrProtocolIRC -_kSecAttrProtocolNNTP -_kSecAttrProtocolPOP3 -_kSecAttrProtocolSMTP -_kSecAttrProtocolSOCKS -_kSecAttrProtocolIMAP -_kSecAttrProtocolLDAP -_kSecAttrProtocolAppleTalk -_kSecAttrProtocolAFP -_kSecAttrProtocolTelnet -_kSecAttrProtocolSSH -_kSecAttrProtocolFTPS -_kSecAttrProtocolHTTPS -_kSecAttrProtocolHTTPProxy -_kSecAttrProtocolHTTPSProxy -_kSecAttrProtocolFTPProxy -_kSecAttrProtocolSMB -_kSecAttrProtocolRTSP -_kSecAttrProtocolRTSPProxy -_kSecAttrProtocolDAAP -_kSecAttrProtocolEPPC -_kSecAttrProtocolIPP -_kSecAttrProtocolNNTPS -_kSecAttrProtocolLDAPS -_kSecAttrProtocolTelnetS -_kSecAttrProtocolIMAPS -_kSecAttrProtocolIRCS -_kSecAttrProtocolPOP3S -_kSecAttrAuthenticationTypeNTLM -_kSecAttrAuthenticationTypeMSN -_kSecAttrAuthenticationTypeDPA -_kSecAttrAuthenticationTypeRPA -_kSecAttrAuthenticationTypeHTTPBasic -_kSecAttrAuthenticationTypeHTTPDigest -_kSecAttrAuthenticationTypeHTMLForm -_kSecAttrAuthenticationTypeDefault -_kSecAttrKeyClassPublic -_kSecAttrKeyClassPrivate -_kSecAttrKeyClassSymmetric -_kSecPrivateKeyAttrs -_kSecPublicKeyAttrs -_kSecImportExportPassphrase -_kSecImportExportKeychain -_kSecImportExportAccess -_kSecImportItemLabel -_kSecImportItemKeyID -_kSecImportItemTrust -_kSecImportItemCertChain -_kSecImportItemIdentity -_kSecPolicyAppleX509Basic -_kSecPolicyAppleSSL -_kSecPolicyAppleSMIME -_kSecPolicyAppleEAP -_kSecPolicyAppleSWUpdateSigning -_kSecPolicyAppleIPsec -_kSecPolicyAppleiChat -_kSecPolicyApplePKINITClient -_kSecPolicyApplePKINITServer -_kSecPolicyAppleCodeSigning -_kSecPolicyMacAppStoreReceipt -_kSecPolicyAppleIDValidation -_kSecPolicyAppleTimeStamping -_kSecPolicyAppleRevocation -_kSecPolicyApplePassbookSigning -_kSecPolicyAppleMobileStore -_kSecPolicyAppleEscrowService -_kSecPolicyApplePCSEscrowService -_kSecPolicyAppleProfileSigner -_kSecPolicyAppleQAProfileSigner -_kSecPolicyAppleTestMobileStore -_kSecPolicyAppleServerAuthentication -_kSecPolicyApplePayIssuerEncryption -_kSecPolicyAppleOSXProvisioningProfileSigning -_kSecPolicyAppleATVVPNProfileSigning -_kSecPolicyAppleAST2DiagnosticsServerAuth -_kSecPolicyAppleEscrowProxyServerAuth -_kSecPolicyAppleFMiPServerAuth -_kSecPolicyOid -_kSecPolicyName -_kSecPolicyClient -_kSecPolicyRevocationFlags -_kSecPolicyTeamIdentifier -_kSecPolicyKU_DigitalSignature -_kSecPolicyKU_NonRepudiation -_kSecPolicyKU_KeyEncipherment -_kSecPolicyKU_DataEncipherment -_kSecPolicyKU_KeyAgreement -_kSecPolicyKU_KeyCertSign -_kSecPolicyKU_CRLSign -_kSecPolicyKU_EncipherOnly -_kSecPolicyKU_DecipherOnly -_kSecPropertyTypeTitle -_kSecPropertyTypeError -_kSecPropertyKeyType -_kSecPropertyKeyLabel -_kSecPropertyKeyLocalizedLabel -_kSecPropertyKeyValue -_kSecPropertyTypeWarning -_kSecPropertyTypeSuccess -_kSecPropertyTypeSection -_kSecPropertyTypeData -_kSecPropertyTypeString -_kSecPropertyTypeURL -_kSecPropertyTypeDate -_kSecOIDADC_CERT_POLICY -_kSecOIDAPPLE_CERT_POLICY -_kSecOIDAPPLE_EKU_CODE_SIGNING -_kSecOIDAPPLE_EKU_CODE_SIGNING_DEV -_kSecOIDAPPLE_EKU_ICHAT_ENCRYPTION -_kSecOIDAPPLE_EKU_ICHAT_SIGNING -_kSecOIDAPPLE_EKU_RESOURCE_SIGNING -_kSecOIDAPPLE_EKU_SYSTEM_IDENTITY -_kSecOIDAPPLE_EXTENSION -_kSecOIDAPPLE_EXTENSION_ADC_APPLE_SIGNING -_kSecOIDAPPLE_EXTENSION_ADC_DEV_SIGNING -_kSecOIDAPPLE_EXTENSION_APPLE_SIGNING -_kSecOIDAPPLE_EXTENSION_CODE_SIGNING -_kSecOIDAuthorityInfoAccess -_kSecOIDAuthorityKeyIdentifier -_kSecOIDBasicConstraints -_kSecOIDBiometricInfo -_kSecOIDCSSMKeyStruct -_kSecOIDCertIssuer -_kSecOIDCertificatePolicies -_kSecOIDClientAuth -_kSecOIDCollectiveStateProvinceName -_kSecOIDCollectiveStreetAddress -_kSecOIDCommonName -_kSecOIDCountryName -_kSecOIDCrlDistributionPoints -_kSecOIDCrlNumber -_kSecOIDCrlReason -_kSecOIDDOTMAC_CERT_EMAIL_ENCRYPT -_kSecOIDDOTMAC_CERT_EMAIL_SIGN -_kSecOIDDOTMAC_CERT_EXTENSION -_kSecOIDDOTMAC_CERT_IDENTITY -_kSecOIDDOTMAC_CERT_POLICY -_kSecOIDDeltaCrlIndicator -_kSecOIDDescription -_kSecOIDEKU_IPSec -_kSecOIDEmailAddress -_kSecOIDEmailProtection -_kSecOIDExtendedKeyUsage -_kSecOIDExtendedKeyUsageAny -_kSecOIDExtendedUseCodeSigning -_kSecOIDGivenName -_kSecOIDHoldInstructionCode -_kSecOIDInvalidityDate -_kSecOIDIssuerAltName -_kSecOIDIssuingDistributionPoint -_kSecOIDIssuingDistributionPoints -_kSecOIDKERBv5_PKINIT_KP_CLIENT_AUTH -_kSecOIDKERBv5_PKINIT_KP_KDC -_kSecOIDKeyUsage -_kSecOIDLocalityName -_kSecOIDMS_NTPrincipalName -_kSecOIDMicrosoftSGC -_kSecOIDNameConstraints -_kSecOIDNetscapeCertSequence -_kSecOIDNetscapeCertType -_kSecOIDNetscapeSGC -_kSecOIDOCSPSigning -_kSecOIDOrganizationName -_kSecOIDOrganizationalUnitName -_kSecOIDPolicyConstraints -_kSecOIDPolicyMappings -_kSecOIDPrivateKeyUsagePeriod -_kSecOIDQC_Statements -_kSecOIDSerialNumber -_kSecOIDServerAuth -_kSecOIDStateProvinceName -_kSecOIDStreetAddress -_kSecOIDSubjectAltName -_kSecOIDSubjectDirectoryAttributes -_kSecOIDSubjectEmailAddress -_kSecOIDSubjectInfoAccess -_kSecOIDSubjectKeyIdentifier -_kSecOIDSubjectPicture -_kSecOIDSubjectSignatureBitmap -_kSecOIDSurname -_kSecOIDTimeStamping -_kSecOIDTitle -_kSecOIDUseExemptions -_kSecOIDX509V1CertificateIssuerUniqueId -_kSecOIDX509V1CertificateSubjectUniqueId -_kSecOIDX509V1IssuerName -_kSecOIDX509V1IssuerNameCStruct -_kSecOIDX509V1IssuerNameLDAP -_kSecOIDX509V1IssuerNameStd -_kSecOIDX509V1SerialNumber -_kSecOIDX509V1Signature -_kSecOIDX509V1SignatureAlgorithm -_kSecOIDX509V1SignatureAlgorithmParameters -_kSecOIDX509V1SignatureAlgorithmTBS -_kSecOIDX509V1SignatureCStruct -_kSecOIDX509V1SignatureStruct -_kSecOIDX509V1SubjectName -_kSecOIDX509V1SubjectNameCStruct -_kSecOIDX509V1SubjectNameLDAP -_kSecOIDX509V1SubjectNameStd -_kSecOIDX509V1SubjectPublicKey -_kSecOIDX509V1SubjectPublicKeyAlgorithm -_kSecOIDX509V1SubjectPublicKeyAlgorithmParameters -_kSecOIDX509V1SubjectPublicKeyCStruct -_kSecOIDX509V1ValidityNotAfter -_kSecOIDX509V1ValidityNotBefore -_kSecOIDX509V1Version -_kSecOIDX509V3Certificate -_kSecOIDX509V3CertificateCStruct -_kSecOIDX509V3CertificateExtensionCStruct -_kSecOIDX509V3CertificateExtensionCritical -_kSecOIDX509V3CertificateExtensionId -_kSecOIDX509V3CertificateExtensionStruct -_kSecOIDX509V3CertificateExtensionType -_kSecOIDX509V3CertificateExtensionValue -_kSecOIDX509V3CertificateExtensionsCStruct -_kSecOIDX509V3CertificateExtensionsStruct -_kSecOIDX509V3CertificateNumberOfExtensions -_kSecOIDX509V3SignedCertificate -_kSecOIDX509V3SignedCertificateCStruct -_kSecOIDSRVName -_kSecRandomDefault -_kSecTrustEvaluationDate -_kSecTrustExtendedValidation -_kSecTrustOrganizationName -_kSecTrustResultDetails -_kSecTrustResultValue -_kSecTrustRevocationChecked -_kSecTrustRevocationReason -_kSecTrustRevocationValidUntilDate -_SecACLCopySimpleContents -_SecACLCreateFromSimpleContents -_SecACLCreateWithSimpleContents -_SecACLCopyContents -_SecACLGetAuthorizations -_SecACLCopyAuthorizations -_SecACLGetTypeID -_SecACLRemove -_SecACLSetAuthorizations -_SecACLUpdateAuthorizations -_SecACLSetContents -_SecACLSetSimpleContents -_SecAccessCopyACLList -_SecAccessCopySelectedACLList -_SecAccessCopyMatchingACLList -_SecAccessCreate -_SecAccessCreateFromOwnerAndACL -_SecAccessCreateWithOwnerAndACL -_SecAccessCreateWithTrustedApplications -_SecAccessGetOwnerAndACL -_SecAccessCopyOwnerAndACL -_SecAccessGetTypeID -_SecCertifcateBundleExport -_SecCertificateAddToKeychain -_SecCertificateBundleExport -_SecCertificateBundleImport -_SecCertificateCopyCommonName -_SecCertificateCopyData -_SecCertificateCopySubjectComponent -_SecCertificateCopyEmailAddresses -_SecCertificateCopyFieldValues -_SecCertificateCopyFirstFieldValue -_SecCertificateCopyPreference -_SecCertificateCopyPreferred -_SecCertificateCopyPublicKey -_SecCertificateCopySubjectPublicKeyInfoSHA1Digest -_SecCertificateCopySubjectPublicKeyInfoSHA256Digest -_SecCertificateCopySubjectSummary -_SecCertificateCopyDNSNames -_SecCertificateCreateItemImplInstance -_SecCertificateCreateFromData -_SecCertificateCreateWithBytes -_SecCertificateCreateWithData -_SecCertificateFindByEmail -_SecCertificateFindByIssuerAndSN -_SecCertificateFindBySubjectKeyID -_SecCertificateGetAlgorithmID -_SecCertificateGetBytePtr -_SecCertificateGetCLHandle -_SecCertificateGetCLHandle_legacy -_SecCertificateGetCommonName -_SecCertificateGetData -_SecCertificateGetEmailAddress -_SecCertificateGetIssuer -_SecCertificateGetLength -_SecCertificateGetSHA1Digest -_SecCertificateGetSignatureHashAlgorithm -_SecCertificateGetSubject -_SecCertificateGetType -_SecCertificateGetTypeID -_SecCertificateInferLabel -_SecCertificateIsCA -_SecCertificateIsSelfSigned -_SecCertificateIsSelfSignedCA -_SecCertificateRequestCreate -_SecCertificateRequestGetTypeID -_SecCertificateRequestSubmit -_SecCertificateRequestGetType -_SecCertificateRequestGetResult -_SecCertificateReleaseFieldValues -_SecCertificateFindRequest -_SecCertificateRequestGetData -_SecCertificateReleaseFirstFieldValue -_SecCertificateSetPreference -_SecCertificateSetPreferred -_SecCertificateCopyValues -_SecCertificateCopyLongDescription -_SecCertificateCopyShortDescription -_SecCopyErrorMessageString -_SecDigestGetData -_SecIdentityAddPreferenceItem -_SecIdentityCompare -_SecIdentityCopyCertificate -_SecIdentityCopyFromPreferenceItem -_SecIdentityCopyPreference -_SecIdentityCopyPreferred -_SecIdentityCopyPrivateKey -_SecIdentityCopySystemIdentity -_SecIdentityCreate -_SecIdentityCreateWithCertificate -_SecIdentityFindPreferenceItem -_SecIdentityGetTypeID -_SecIdentitySearchCopyNext -_SecIdentitySearchCreate -_SecIdentitySearchCreateWithAttributes -_SecIdentitySearchCreateWithPolicy -_SecIdentitySearchGetTypeID -_SecIdentitySetPreference -_SecIdentitySetPreferred -_SecIdentitySetSystemIdentity -_SecIdentityUpdatePreferenceItem -_SecInferLabelFromX509Name -_SecItemAdd -_SecItemCopyDisplayNames -_SecItemCopyMatching -_SecItemCopyParentCertificates -_SecItemCopyStoredCertificate -_SecItemDelete -_SecItemUpdate -_kSecAttrKeyTypeRSA -_kSecAttrKeyTypeDSA -_kSecAttrKeyTypeAES -_kSecAttrKeyTypeDES -_kSecAttrKeyType3DES -_kSecAttrKeyTypeRC4 -_kSecAttrKeyTypeRC2 -_kSecAttrKeyTypeCAST -_kSecAttrKeyTypeECDSA -_kSecAttrKeyTypeEC -_kSecAttrKeyTypeECSECPrimeRandom -_kSecAttrPRF -_kSecAttrPRFHmacAlgSHA1 -_kSecAttrPRFHmacAlgSHA224 -_kSecAttrPRFHmacAlgSHA256 -_kSecAttrPRFHmacAlgSHA384 -_kSecAttrPRFHmacAlgSHA512 -_kSecAttrSalt -_kSecAttrRounds -_SecECKeyGetNamedCurve -_SecItemExport -_SecItemImport -_SecKeyCopyAttestationKey -_SecKeyCreate -_SecKeyCreateAttestation -_SecKeyCreatePair -_SecKeyCreateWithCSSMKey -_SecKeyDecrypt -_SecKeyEncrypt -_SecKeyGenerate -_SecKeyGeneratePair -_SecKeyGetAlgorithmID -_SecKeyGetAlgorithmId -_SecKeyGetBlockSize -_SecKeyGetCSPHandle -_SecKeyGetCSSMKey -_SecKeyGetCredentials -_SecKeyGetStrengthInBits -_SecKeyGetTypeID -_SecKeyImportPair -_SecKeyRawSign -_SecKeyRawVerify -_SecKeySignDigest -_SecKeyVerifyDigest -_SecKeyGenerateSymmetric -_SecKeyCreateFromData -_SecKeyGeneratePairAsync -_SecKeyDeriveFromPassword -_SecKeyWrapSymmetric -_SecKeyUnwrapSymmetric -_SecKeychainAddCallback -_SecKeychainAddDBToKeychainList -_SecKeychainAddGenericPassword -_SecKeychainAddIToolsPassword -_SecKeychainAddInternetPassword -_SecKeychainAttributeInfoForItemID -_SecKeychainAttemptMigrationWithMasterKey -_SecKeychainChangePassword -_SecKeychainCopyAccess -_SecKeychainCopyBlob -_SecKeychainCopyDefault -_SecKeychainCopyDomainDefault -_SecKeychainCopyDomainSearchList -_SecKeychainCopyLogin -_SecKeychainCopySearchList -_SecKeychainCopySettings -_SecKeychainCopySignature -_SecKeychainCreate -_SecKeychainCreateNew -_SecKeychainCreateWithBlob -_SecKeychainDBIsInKeychainList -_SecKeychainDelete -_SecKeychainErrFromOSStatus -_SecKeychainFindGenericPassword -_SecKeychainFindInternetPassword -_SecKeychainFreeAttributeInfo -_SecKeychainGetCSPHandle -_SecKeychainGetDLDBHandle -_SecKeychainGetPath -_SecKeychainGetPreferenceDomain -_SecKeychainGetStatus -_SecKeychainGetTypeID -_SecKeychainGetUserInteractionAllowed -_SecKeychainGetVersion -_SecKeychainGetKeychainVersion -_SecKeychainGetUserPromptAttempts -_SecKeychainIsValid -_SecKeychainMDSInstall -_SecKeychainItemAdd -_SecKeychainItemAddNoUI -_SecKeychainItemCopyAccess -_SecKeychainItemCopyAllExtendedAttributes -_SecKeychainItemCopyAttributesAndData -_SecKeychainItemCopyAttributesAndEncryptedData -_SecKeychainItemCopyContent -_SecKeychainItemCopyExtendedAttribute -_SecKeychainItemCopyFromRecordIdentifier -_SecKeychainItemCopyKeychain -_SecKeychainItemCopyFromPersistentReference -_SecKeychainItemCopyRecordIdentifier -_SecKeychainItemCreateCopy -_SecKeychainItemCreateFromContent -_SecKeychainItemCreateFromEncryptedContent -_SecKeychainItemCreateNew -_SecKeychainItemCreatePersistentReference -_SecKeychainItemDelete -_SecKeychainItemFindFirst -_SecKeychainItemFreeAttributesAndData -_SecKeychainItemFreeContent -_SecKeychainItemGetAttribute -_SecKeychainItemGetDLDBHandle -_SecKeychainItemGetData -_SecKeychainItemGetTypeID -_SecKeychainItemGetUniqueRecordID -_SecKeychainItemExport -_SecKeychainItemImport -_SecKeychainItemModifyAttributesAndData -_SecKeychainItemModifyEncryptedData -_SecKeychainItemModifyContent -_SecKeychainItemSetAccess -_SecKeychainItemSetAccessWithPassword -_SecKeychainItemSetAttribute -_SecKeychainItemSetData -_SecKeychainItemSetExtendedAttribute -_SecKeychainItemUpdate -_SecKeychainListCopyKeychainAtIndex -_SecKeychainListGetCount -_SecKeychainListRemoveKeychain -_SecKeychainLock -_SecKeychainLockAll -_SecKeychainLogin -_SecKeychainLogout -_SecKeychainMakeFromFullPath -_SecKeychainOpen -_SecKeychainOpenWithGuid -_SecKeychainRecodeKeychain -_SecKeychainRemoveCallback -_SecKeychainRemoveDBFromKeychainList -_SecKeychainRemoveFromSearchList -_SecKeychainResetLogin -_SecKeychainSearchCopyNext -_SecKeychainSearchCreateForCertificateByEmail -_SecKeychainSearchCreateForCertificateByIssuerAndSN -_SecKeychainSearchCreateForCertificateBySubjectKeyID -_SecKeychainSearchCreateFromAttributes -_SecKeychainSearchCreateFromAttributesExtended -_SecKeychainSearchGetTypeID -_SecKeychainSetAccess -_SecKeychainSetDefault -_SecKeychainSetDomainDefault -_SecKeychainSetDomainSearchList -_SecKeychainSetPreferenceDomain -_SecKeychainSetSearchList -_SecKeychainSetServerMode -_SecKeychainSetSettings -_SecKeychainSetUserInteractionAllowed -_SecKeychainSystemKeychainCheckWouldDeadlock -_SecKeychainUnlock -_SecGenericPasswordCreate -_SecPasswordSetInitialAccess -_SecPasswordAction -_SecPKCS12Import -_SecPolicyCreateAppleGSService -_SecPolicyCreateAppleIDSService -_SecPolicyCreateAppleIDSServiceContext -_SecPolicyCreateApplePushService -_SecPolicyCreateAppleMMCSService -_SecPolicyCreateApplePPQService -_SecPolicyCreateAppleAST2Service -_SecPolicyCreateAppleEscrowProxyService -_SecPolicyCreateAppleFMiPService -_SecPolicyCreateAppleATVVPNProfileSigning -_SecPolicyCreateApplePayIssuerEncryption -_SecPolicyCreateAppleSSLService -_SecPolicyCreateBasicX509 -_SecPolicyCreateOSXProvisioningProfileSigning -_SecPolicyCreateRevocation -_SecPolicyCreateSSL -_SecPolicyCreateWithOID -_SecPolicyCreateWithProperties -_SecPolicyCreateAppleTimeStampingAndRevocationPolicies -_SecPolicyCreateAppleHomeKitServerAuth -_SecPolicyGetOID -_SecPolicyGetTPHandle -_SecPolicyGetTypeID -_SecPolicyGetValue -_SecPolicySearchCopyNext -_SecPolicySearchCreate -_SecPolicySearchGetTypeID -_SecPolicySetValue -_SecPolicyCopy -_SecPolicyCopyAll -_SecPolicyCopyProperties -_SecPolicySetProperties -_SecTrustCopyAnchorCertificates -_SecTrustCopyCustomAnchorCertificates -_SecTrustCopyExceptions -_SecTrustCopyExtendedResult -_SecTrustCopyPolicies -_SecTrustCopyProperties -_SecTrustCopyPublicKey -_SecTrustCopyResult -_SecTrustCreateWithCertificates -_SecTrustEvaluate -_SecTrustEvaluateAsync -_SecTrustGetCertificateAtIndex -_SecTrustGetCertificateCount -_SecTrustGetCSSMAnchorCertificates -_SecTrustGetCssmResult -_SecTrustGetCssmResultCode -_SecTrustGetNetworkFetchAllowed -_SecTrustGetResult -_SecTrustGetTrustResult -_SecTrustGetTPHandle -_SecTrustGetTypeID -_SecTrustGetUserTrust -_SecTrustGetVerifyTime -_SecTrustLegacySourcesEventRunloopCreate -_SecTrustLegacyCRLFetch -_SecTrustLegacyCRLStatus -_SecTrustSetAnchorCertificates -_SecTrustSetAnchorCertificatesOnly -_SecTrustSetExceptions -_SecTrustSetKeychains -_SecTrustSetNetworkFetchAllowed -_SecTrustSetOCSPResponse -_SecTrustSetOptions -_SecTrustSetParameters -_SecTrustSetPolicies -_SecTrustSetUserTrust -_SecTrustSetUserTrustLegacy -_SecTrustSetVerifyDate -_SecTrustedApplicationCopyData -_SecTrustedApplicationCreateFromPath -_SecTrustedApplicationCreateApplicationGroup -_SecTrustedApplicationGetTypeID -_SecTrustedApplicationIsUpdateCandidate -_SecTrustedApplicationMakeEquivalent -_SecTrustedApplicationRemoveEquivalence -_SecTrustedApplicationSetData -_SecTrustedApplicationUseAlternateSystem -_SecTrustedApplicationValidateWithPath -_SecTrustedApplicationCreateFromRequirement -_SecTrustedApplicationCopyExternalRepresentation -_SecTrustedApplicationCreateWithExternalRepresentation -_SecTrustedApplicationCopyRequirement -_SecTrustSettingsEvaluateCert -_SecTrustSettingsCopyTrustSettings -_SecTrustSettingsSetTrustSettings -_SecTrustSettingsRemoveTrustSettings -_SecTrustSettingsCopyCertificates -_SecTrustSettingsCopyModificationDate -_SecTrustSettingsCreateExternalRepresentation -_SecTrustSettingsImportExternalRepresentation -_SecTrustSettingsSetTrustSettingsExternal -_SecTrustSettingsCopyQualifiedCerts -_SecTrustSettingsCopyUnrestrictedRoots -_SecKeychainSetBatchMode -_SecCertificateGetAuthorityKeyID -_SecCertificateGetSubjectKeyID -_SecCertificateGetCRLDistributionPoints -_SecCertificateGetOCSPResponders -_SecCertificateGetCAIssuers -_SecCertificateShow -_SecCertificateCopyIssuerSequence -_SecCertificateCopySubjectSequence -_SecCertificateGetNormalizedIssuerContent -_SecCertificateGetNormalizedSubjectContent -_SecCertificateHasSubject -_SecCertificateHasCriticalSubjectAltName -_SecCertificateHasUnknownCriticalExtension -_SecCertificateIsValid -_SecCertificateCopyAttributeDictionary -_SecCertificateCreateFromAttributeDictionary -_SecCertificateCopyPublicKeyP -_SecCertificateGetBasicConstraints -_SecCertificateGetPolicyConstraints -_SecCertificateGetPolicyMappings -_SecCertificateGetCertificatePolicies -_SecCertificateGetInhibitAnyPolicySkipCerts -_SecCertificateGetPublicKeyAlgorithm -_SecCertificateGetPublicKeyData -_SecCertificateCreateWithPEM -_SecCertificateCopySerialNumber -_SecCertificateCopyNormalizedIssuerContent -_SecCertificateCopyNormalizedSubjectContent -_SecCertificateIsValidX -_SecDERItemCopyOIDDecimalRepresentation -_SecAbsoluteTimeFromDateContent -_SecWrapRecoveryPasswordWithAnswers -_SecUnwrapRecoveryPasswordWithAnswers -_SecCreateRecoveryPassword -_kSecRecVersionNumber -_kSecRecQuestions -_kSecRecLocale -_kSecRecIV -_kSecRecWrappedPassword -_SecFDERecoveryWrapCRSKWithPubKey -_SecFDERecoveryUnwrapCRSKWithPrivKey -_SecKeychainSearchCreateForCertificateByIssuerAndSN_CF -_SecRandomCopyBytes -_SecRandomCopyData -_SecItemUpdateTokenItems diff --git a/OSX/libsecurity_keychain/libDER/config/base.xcconfig b/OSX/libsecurity_keychain/libDER/config/base.xcconfig deleted file mode 100644 index 04320bd9..00000000 --- a/OSX/libsecurity_keychain/libDER/config/base.xcconfig +++ /dev/null @@ -1,17 +0,0 @@ -CODE_SIGN_IDENTITY = -; -GCC_VERSION = com.apple.compilers.llvm.clang.1_0 -DEBUG_INFORMATION_FORMAT = dwarf-with-dsym -CURRENT_PROJECT_VERSION = $(RC_ProjectSourceVersion) -VERSIONING_SYSTEM = apple-generic; -DEAD_CODE_STRIPPING = YES; - -ARCHS[sdk=macosx*] = $(ARCHS_STANDARD_32_64_BIT) - -// Debug symbols should be on obviously -GCC_GENERATE_DEBUGGING_SYMBOLS = YES -COPY_PHASE_STRIP = NO -STRIP_STYLE = debugging -STRIP_INSTALLED_PRODUCT = NO - -WARNING_CFLAGS = -Wglobal-constructors -Wno-deprecated-declarations $(inherited) -GCC_PREPROCESSOR_DEFINITIONS = $(inherited) OSSPINLOCK_USE_INLINED=0 diff --git a/OSX/libsecurity_keychain/libDER/config/debug.xcconfig b/OSX/libsecurity_keychain/libDER/config/debug.xcconfig deleted file mode 100644 index 47555cf5..00000000 --- a/OSX/libsecurity_keychain/libDER/config/debug.xcconfig +++ /dev/null @@ -1,2 +0,0 @@ -GCC_OPTIMIZATION_LEVEL = 0 -GCC_PREPROCESSOR_DEFINITIONS = DEBUG=1 $(inherited) diff --git a/OSX/libsecurity_keychain/libDER/config/lib.xcconfig b/OSX/libsecurity_keychain/libDER/config/lib.xcconfig deleted file mode 100644 index 18995ac2..00000000 --- a/OSX/libsecurity_keychain/libDER/config/lib.xcconfig +++ /dev/null @@ -1,33 +0,0 @@ -#include "base.xcconfig" - -PRODUCT_NAME = $(TARGET_NAME) -EXECUTABLE_PREFIX = - -CODE_SIGN_IDENTITY = - -HEADER_SEARCH_PATHS[sdk=macosx*] = $(PROJECT_DIR) $(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks/CarbonCore.framework/Headers $(inherited) - -HEADER_SEARCH_PATHS[sdk=embedded*] = $(PROJECT_DIR) $(BUILT_PRODUCTS_DIR)/usr/local/include $(inherited) - -INSTALL_PATH = /usr/local/lib -PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_libDER/libDER - -SKIP_INSTALL = YES - -ALWAYS_SEARCH_USER_PATHS = NO - -GCC_C_LANGUAGE_STANDARD = gnu99 - -GCC_TREAT_WARNINGS_AS_ERRORS = YES; - -WARNING_CFLAGS = -Wno-error=#warnings -Wmost -Wno-four-char-constants -Wno-unknown-pragmas $(inherited) - -GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO - -GCC_SYMBOLS_PRIVATE_EXTERN = NO -GCC_WARN_64_TO_32_BIT_CONVERSION = YES -GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES -GCC_WARN_ABOUT_RETURN_TYPE = YES -GCC_WARN_UNUSED_VARIABLE = YES - -SUPPORTED_PLATFORMS = macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator diff --git a/OSX/libsecurity_keychain/libDER/config/release.xcconfig b/OSX/libsecurity_keychain/libDER/config/release.xcconfig deleted file mode 100644 index 088ded92..00000000 --- a/OSX/libsecurity_keychain/libDER/config/release.xcconfig +++ /dev/null @@ -1,2 +0,0 @@ -GCC_OPTIMIZATION_LEVEL = s -GCC_PREPROCESSOR_DEFINITIONS = NDEBUG=1 $(inherited) diff --git a/OSX/libsecurity_keychain/libDER/libDER.xcodeproj/.gitignore b/OSX/libsecurity_keychain/libDER/libDER.xcodeproj/.gitignore deleted file mode 100644 index 7f42cdde..00000000 --- a/OSX/libsecurity_keychain/libDER/libDER.xcodeproj/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -project.xcworkspace -xcuserdata diff --git a/OSX/libsecurity_keychain/libDER/libDER.xcodeproj/project.pbxproj b/OSX/libsecurity_keychain/libDER/libDER.xcodeproj/project.pbxproj deleted file mode 100644 index ee9390e8..00000000 --- a/OSX/libsecurity_keychain/libDER/libDER.xcodeproj/project.pbxproj +++ /dev/null @@ -1,942 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXAggregateTarget section */ - 053BA30F091C00B100A7007A /* World */ = { - isa = PBXAggregateTarget; - buildConfigurationList = 4CD81A6D09BE1FD2000A9641 /* Build configuration list for PBXAggregateTarget "World" */; - buildPhases = ( - ); - dependencies = ( - 053BA317091C017E00A7007A /* PBXTargetDependency */, - 053BA463091FE60E00A7007A /* PBXTargetDependency */, - 058ECC54091FF0000050AA30 /* PBXTargetDependency */, - 058F16680925224F009FA1C5 /* PBXTargetDependency */, - 4C96C8DC113F4174005483E8 /* PBXTargetDependency */, - ); - name = World; - productName = World; - }; - D46B07A51C8FB22900B5939A /* libDERInstall */ = { - isa = PBXAggregateTarget; - buildConfigurationList = D46B07A81C8FB22900B5939A /* Build configuration list for PBXAggregateTarget "libDERInstall" */; - buildPhases = ( - D46B07AB1C8FB23500B5939A /* Copy Static Library File */, - ); - dependencies = ( - D46B08741C8FC18700B5939A /* PBXTargetDependency */, - D46B07FD1C8FBE1900B5939A /* PBXTargetDependency */, - ); - name = libDERInstall; - productName = libDERInstall; - }; - D46B07EB1C8FBDC600B5939A /* libDERHeaders */ = { - isa = PBXAggregateTarget; - buildConfigurationList = D46B07EC1C8FBDC600B5939A /* Build configuration list for PBXAggregateTarget "libDERHeaders" */; - buildPhases = ( - D46B07EF1C8FBDD700B5939A /* Copy Headers */, - ); - dependencies = ( - D46B07FB1C8FBE0B00B5939A /* PBXTargetDependency */, - ); - name = libDERHeaders; - productName = libDERHeaders; - }; -/* End PBXAggregateTarget section */ - -/* Begin PBXBuildFile section */ - 053BA324091C02B700A7007A /* DER_Decode.h in Headers */ = {isa = PBXBuildFile; fileRef = 053BA321091C02B700A7007A /* DER_Decode.h */; }; - 053BA325091C02B700A7007A /* libDER_config.h in Headers */ = {isa = PBXBuildFile; fileRef = 053BA322091C02B700A7007A /* libDER_config.h */; }; - 053BA326091C02B700A7007A /* libDER.h in Headers */ = {isa = PBXBuildFile; fileRef = 053BA323091C02B700A7007A /* libDER.h */; }; - 053BA344091C089B00A7007A /* asn1Types.h in Headers */ = {isa = PBXBuildFile; fileRef = 053BA342091C089B00A7007A /* asn1Types.h */; }; - 053BA345091C089B00A7007A /* DER_Decode.c in Sources */ = {isa = PBXBuildFile; fileRef = 053BA343091C089B00A7007A /* DER_Decode.c */; }; - 053BA399091C258100A7007A /* DER_CertCrl.c in Sources */ = {isa = PBXBuildFile; fileRef = 053BA397091C258100A7007A /* DER_CertCrl.c */; }; - 053BA39A091C258100A7007A /* DER_CertCrl.h in Headers */ = {isa = PBXBuildFile; fileRef = 053BA398091C258100A7007A /* DER_CertCrl.h */; }; - 053BA45D091FE5E700A7007A /* libDER.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 053BA314091C00BF00A7007A /* libDER.a */; }; - 053BA461091FE60700A7007A /* parseCert.c in Sources */ = {isa = PBXBuildFile; fileRef = 053BA460091FE60700A7007A /* parseCert.c */; }; - 053BA470091FE6C100A7007A /* fileIo.c in Sources */ = {isa = PBXBuildFile; fileRef = 053BA46E091FE6C100A7007A /* fileIo.c */; }; - 053BA471091FE6C100A7007A /* fileIo.h in Headers */ = {isa = PBXBuildFile; fileRef = 053BA46F091FE6C100A7007A /* fileIo.h */; }; - 053BA47D091FE7CC00A7007A /* libDERUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = 053BA47B091FE7CC00A7007A /* libDERUtils.h */; }; - 053BA47E091FE7CC00A7007A /* libDERUtils.c in Sources */ = {isa = PBXBuildFile; fileRef = 053BA47C091FE7CC00A7007A /* libDERUtils.c */; }; - 0544AEA10940939C00DD6C0B /* DER_Encode.h in Headers */ = {isa = PBXBuildFile; fileRef = 0544AE9F0940939C00DD6C0B /* DER_Encode.h */; }; - 0544AEA20940939C00DD6C0B /* DER_Encode.c in Sources */ = {isa = PBXBuildFile; fileRef = 0544AEA00940939C00DD6C0B /* DER_Encode.c */; }; - 058ECC52091FEFF70050AA30 /* libDERUtils.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 053BA46B091FE63E00A7007A /* libDERUtils.a */; }; - 058ECD350920F5E30050AA30 /* DER_Keys.c in Sources */ = {isa = PBXBuildFile; fileRef = 058ECD330920F5E30050AA30 /* DER_Keys.c */; }; - 058ECD360920F5E30050AA30 /* DER_Keys.h in Headers */ = {isa = PBXBuildFile; fileRef = 058ECD340920F5E30050AA30 /* DER_Keys.h */; }; - 058F15C20922B73F009FA1C5 /* printFields.h in Headers */ = {isa = PBXBuildFile; fileRef = 058F15C00922B73F009FA1C5 /* printFields.h */; }; - 058F15C30922B73F009FA1C5 /* printFields.c in Sources */ = {isa = PBXBuildFile; fileRef = 058F15C10922B73F009FA1C5 /* printFields.c */; }; - 058F163109250D16009FA1C5 /* oids.c in Sources */ = {isa = PBXBuildFile; fileRef = 058F162D09250D0D009FA1C5 /* oids.c */; }; - 058F163209250D17009FA1C5 /* oids.h in Headers */ = {isa = PBXBuildFile; fileRef = 058F162E09250D0D009FA1C5 /* oids.h */; }; - 058F1659092513A7009FA1C5 /* parseCrl.c in Sources */ = {isa = PBXBuildFile; fileRef = 058F1658092513A7009FA1C5 /* parseCrl.c */; }; - 058F16710925230E009FA1C5 /* libDER.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 053BA314091C00BF00A7007A /* libDER.a */; }; - 058F16720925230F009FA1C5 /* libDERUtils.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 053BA46B091FE63E00A7007A /* libDERUtils.a */; }; - 05E0E40709228A5E005F4693 /* DER_Digest.h in Headers */ = {isa = PBXBuildFile; fileRef = 05E0E40509228A5E005F4693 /* DER_Digest.h */; }; - 05E0E40809228A5E005F4693 /* DER_Digest.c in Sources */ = {isa = PBXBuildFile; fileRef = 05E0E40609228A5E005F4693 /* DER_Digest.c */; }; - 4C96C8D6113F4165005483E8 /* DER_Ticket.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C96C8D3113F4165005483E8 /* DER_Ticket.c */; }; - 4C96C8D7113F4165005483E8 /* parseTicket.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C96C8D5113F4165005483E8 /* parseTicket.c */; }; - 4C96C8E2113F4232005483E8 /* libDER.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 053BA314091C00BF00A7007A /* libDER.a */; }; - 4C96C8ED113F42D1005483E8 /* libcrypto.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C96C8EC113F42C4005483E8 /* libcrypto.dylib */; }; - D467903C1B39FDB500D26E2F /* oidsPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = D467903B1B39FDB500D26E2F /* oidsPriv.h */; }; - D46B07EA1C8FBDAF00B5939A /* libDER.a in Copy Static Library File */ = {isa = PBXBuildFile; fileRef = 053BA314091C00BF00A7007A /* libDER.a */; }; - D46B07F01C8FBDFC00B5939A /* DER_Keys.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 058ECD340920F5E30050AA30 /* DER_Keys.h */; }; - D46B07F11C8FBDFC00B5939A /* asn1Types.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 053BA342091C089B00A7007A /* asn1Types.h */; }; - D46B07F21C8FBDFC00B5939A /* DER_CertCrl.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 053BA398091C258100A7007A /* DER_CertCrl.h */; }; - D46B07F31C8FBDFC00B5939A /* DER_Decode.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 053BA321091C02B700A7007A /* DER_Decode.h */; }; - D46B07F41C8FBDFC00B5939A /* DER_Encode.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 0544AE9F0940939C00DD6C0B /* DER_Encode.h */; }; - D46B07F51C8FBDFC00B5939A /* libDER_config.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 053BA322091C02B700A7007A /* libDER_config.h */; }; - D46B07F61C8FBDFC00B5939A /* libDER.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 053BA323091C02B700A7007A /* libDER.h */; }; - D46B07F71C8FBDFC00B5939A /* DER_Digest.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 05E0E40509228A5E005F4693 /* DER_Digest.h */; }; - D46B07F81C8FBDFC00B5939A /* oids.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = 058F162E09250D0D009FA1C5 /* oids.h */; }; - D46B07F91C8FBDFC00B5939A /* oidsPriv.h in Copy Headers */ = {isa = PBXBuildFile; fileRef = D467903B1B39FDB500D26E2F /* oidsPriv.h */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 053BA316091C017E00A7007A /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 053BA30A091C00A400A7007A /* Project object */; - proxyType = 1; - remoteGlobalIDString = 053BA313091C00BF00A7007A; - remoteInfo = libDER; - }; - 053BA458091FE59900A7007A /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 053BA30A091C00A400A7007A /* Project object */; - proxyType = 1; - remoteGlobalIDString = 053BA313091C00BF00A7007A; - remoteInfo = libDER; - }; - 053BA462091FE60E00A7007A /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 053BA30A091C00A400A7007A /* Project object */; - proxyType = 1; - remoteGlobalIDString = 053BA444091FE58C00A7007A; - remoteInfo = parseCert; - }; - 058ECC53091FF0000050AA30 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 053BA30A091C00A400A7007A /* Project object */; - proxyType = 1; - remoteGlobalIDString = 053BA46A091FE63E00A7007A; - remoteInfo = libDERUtils; - }; - 058ECC55091FF0090050AA30 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 053BA30A091C00A400A7007A /* Project object */; - proxyType = 1; - remoteGlobalIDString = 053BA46A091FE63E00A7007A; - remoteInfo = libDERUtils; - }; - 058F16670925224F009FA1C5 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 053BA30A091C00A400A7007A /* Project object */; - proxyType = 1; - remoteGlobalIDString = 058F16530925135E009FA1C5; - remoteInfo = parseCrl; - }; - 058F1675092523D8009FA1C5 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 053BA30A091C00A400A7007A /* Project object */; - proxyType = 1; - remoteGlobalIDString = 053BA313091C00BF00A7007A; - remoteInfo = libDER; - }; - 058F1677092523DD009FA1C5 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 053BA30A091C00A400A7007A /* Project object */; - proxyType = 1; - remoteGlobalIDString = 053BA46A091FE63E00A7007A; - remoteInfo = libDERUtils; - }; - 4C96C8DB113F4174005483E8 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 053BA30A091C00A400A7007A /* Project object */; - proxyType = 1; - remoteGlobalIDString = 4C96C8CD113F4132005483E8; - remoteInfo = parseTicket; - }; - 4C96C8E0113F4223005483E8 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 053BA30A091C00A400A7007A /* Project object */; - proxyType = 1; - remoteGlobalIDString = 053BA313091C00BF00A7007A; - remoteInfo = libDER; - }; - D46B07FA1C8FBE0B00B5939A /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 053BA30A091C00A400A7007A /* Project object */; - proxyType = 1; - remoteGlobalIDString = 053BA313091C00BF00A7007A; - remoteInfo = libDER; - }; - D46B07FC1C8FBE1900B5939A /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 053BA30A091C00A400A7007A /* Project object */; - proxyType = 1; - remoteGlobalIDString = D46B07EB1C8FBDC600B5939A; - remoteInfo = libDERHeaders; - }; - D46B08731C8FC18700B5939A /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 053BA30A091C00A400A7007A /* Project object */; - proxyType = 1; - remoteGlobalIDString = 053BA313091C00BF00A7007A; - remoteInfo = libDER; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXCopyFilesBuildPhase section */ - D46B07AB1C8FB23500B5939A /* Copy Static Library File */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /usr/local/lib; - dstSubfolderSpec = 0; - files = ( - D46B07EA1C8FBDAF00B5939A /* libDER.a in Copy Static Library File */, - ); - name = "Copy Static Library File"; - runOnlyForDeploymentPostprocessing = 1; - }; - D46B07EF1C8FBDD700B5939A /* Copy Headers */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /usr/local/include/security_libDER/libDER; - dstSubfolderSpec = 0; - files = ( - D46B07F01C8FBDFC00B5939A /* DER_Keys.h in Copy Headers */, - D46B07F11C8FBDFC00B5939A /* asn1Types.h in Copy Headers */, - D46B07F21C8FBDFC00B5939A /* DER_CertCrl.h in Copy Headers */, - D46B07F31C8FBDFC00B5939A /* DER_Decode.h in Copy Headers */, - D46B07F41C8FBDFC00B5939A /* DER_Encode.h in Copy Headers */, - D46B07F51C8FBDFC00B5939A /* libDER_config.h in Copy Headers */, - D46B07F61C8FBDFC00B5939A /* libDER.h in Copy Headers */, - D46B07F71C8FBDFC00B5939A /* DER_Digest.h in Copy Headers */, - D46B07F81C8FBDFC00B5939A /* oids.h in Copy Headers */, - D46B07F91C8FBDFC00B5939A /* oidsPriv.h in Copy Headers */, - ); - name = "Copy Headers"; - runOnlyForDeploymentPostprocessing = 1; - }; -/* End PBXCopyFilesBuildPhase section */ - -/* Begin PBXFileReference section */ - 053BA314091C00BF00A7007A /* libDER.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libDER.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 053BA321091C02B700A7007A /* DER_Decode.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DER_Decode.h; sourceTree = ""; }; - 053BA322091C02B700A7007A /* libDER_config.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = libDER_config.h; sourceTree = ""; }; - 053BA323091C02B700A7007A /* libDER.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = libDER.h; sourceTree = ""; }; - 053BA342091C089B00A7007A /* asn1Types.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = asn1Types.h; sourceTree = ""; }; - 053BA343091C089B00A7007A /* DER_Decode.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = DER_Decode.c; sourceTree = ""; }; - 053BA397091C258100A7007A /* DER_CertCrl.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = DER_CertCrl.c; sourceTree = ""; }; - 053BA398091C258100A7007A /* DER_CertCrl.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DER_CertCrl.h; sourceTree = ""; }; - 053BA445091FE58C00A7007A /* parseCert */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = parseCert; sourceTree = BUILT_PRODUCTS_DIR; }; - 053BA460091FE60700A7007A /* parseCert.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = parseCert.c; sourceTree = ""; }; - 053BA46B091FE63E00A7007A /* libDERUtils.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libDERUtils.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 053BA46E091FE6C100A7007A /* fileIo.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = fileIo.c; sourceTree = ""; }; - 053BA46F091FE6C100A7007A /* fileIo.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = fileIo.h; sourceTree = ""; }; - 053BA47B091FE7CC00A7007A /* libDERUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = libDERUtils.h; sourceTree = ""; }; - 053BA47C091FE7CC00A7007A /* libDERUtils.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = libDERUtils.c; sourceTree = ""; }; - 0544AE9F0940939C00DD6C0B /* DER_Encode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DER_Encode.h; sourceTree = ""; }; - 0544AEA00940939C00DD6C0B /* DER_Encode.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = DER_Encode.c; sourceTree = ""; }; - 058ECD330920F5E30050AA30 /* DER_Keys.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = DER_Keys.c; sourceTree = ""; }; - 058ECD340920F5E30050AA30 /* DER_Keys.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DER_Keys.h; sourceTree = ""; }; - 058F15C00922B73F009FA1C5 /* printFields.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = printFields.h; sourceTree = ""; }; - 058F15C10922B73F009FA1C5 /* printFields.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = printFields.c; sourceTree = ""; }; - 058F162D09250D0D009FA1C5 /* oids.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = oids.c; sourceTree = ""; }; - 058F162E09250D0D009FA1C5 /* oids.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = oids.h; sourceTree = ""; }; - 058F16540925135E009FA1C5 /* parseCrl */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = parseCrl; sourceTree = BUILT_PRODUCTS_DIR; }; - 058F1658092513A7009FA1C5 /* parseCrl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = parseCrl.c; sourceTree = ""; }; - 05E0E40509228A5E005F4693 /* DER_Digest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DER_Digest.h; sourceTree = ""; }; - 05E0E40609228A5E005F4693 /* DER_Digest.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = DER_Digest.c; sourceTree = ""; }; - 1828EAA014E334E200BE00C2 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 1828EAA114E334E200BE00C2 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 1828EAA214E334E200BE00C2 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 1828EAA314E334E200BE00C2 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 4C96C8CE113F4132005483E8 /* parseTicket */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = parseTicket; sourceTree = BUILT_PRODUCTS_DIR; }; - 4C96C8D2113F4165005483E8 /* AppleMobilePersonalizedTicket.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AppleMobilePersonalizedTicket.h; sourceTree = ""; }; - 4C96C8D3113F4165005483E8 /* DER_Ticket.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = DER_Ticket.c; sourceTree = ""; }; - 4C96C8D4113F4165005483E8 /* DER_Ticket.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DER_Ticket.h; sourceTree = ""; }; - 4C96C8D5113F4165005483E8 /* parseTicket.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = parseTicket.c; sourceTree = ""; }; - 4C96C8EC113F42C4005483E8 /* libcrypto.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libcrypto.dylib; path = /usr/lib/libcrypto.dylib; sourceTree = ""; }; - D467903B1B39FDB500D26E2F /* oidsPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = oidsPriv.h; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 053BA312091C00BF00A7007A /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 053BA443091FE58C00A7007A /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 058ECC52091FEFF70050AA30 /* libDERUtils.a in Frameworks */, - 053BA45D091FE5E700A7007A /* libDER.a in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 053BA469091FE63E00A7007A /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 058F16520925135E009FA1C5 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 058F16720925230F009FA1C5 /* libDERUtils.a in Frameworks */, - 058F16710925230E009FA1C5 /* libDER.a in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4C96C8CC113F4132005483E8 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 4C96C8E2113F4232005483E8 /* libDER.a in Frameworks */, - 4C96C8ED113F42D1005483E8 /* libcrypto.dylib in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 053BA306091C00A400A7007A = { - isa = PBXGroup; - children = ( - 1828EA9F14E334E200BE00C2 /* config */, - 053BA31E091C029900A7007A /* libDER */, - 053BA466091FE62100A7007A /* libDERUtils */, - 053BA45C091FE5CE00A7007A /* Tests */, - 058ECE5B09211AB20050AA30 /* External Libs */, - 053BA315091C00BF00A7007A /* Products */, - ); - sourceTree = ""; - }; - 053BA315091C00BF00A7007A /* Products */ = { - isa = PBXGroup; - children = ( - 053BA314091C00BF00A7007A /* libDER.a */, - 053BA445091FE58C00A7007A /* parseCert */, - 053BA46B091FE63E00A7007A /* libDERUtils.a */, - 058F16540925135E009FA1C5 /* parseCrl */, - 4C96C8CE113F4132005483E8 /* parseTicket */, - ); - name = Products; - sourceTree = ""; - }; - 053BA31E091C029900A7007A /* libDER */ = { - isa = PBXGroup; - children = ( - 058ECD330920F5E30050AA30 /* DER_Keys.c */, - 058ECD340920F5E30050AA30 /* DER_Keys.h */, - 053BA342091C089B00A7007A /* asn1Types.h */, - 053BA397091C258100A7007A /* DER_CertCrl.c */, - 053BA398091C258100A7007A /* DER_CertCrl.h */, - 053BA343091C089B00A7007A /* DER_Decode.c */, - 053BA321091C02B700A7007A /* DER_Decode.h */, - 0544AEA00940939C00DD6C0B /* DER_Encode.c */, - 0544AE9F0940939C00DD6C0B /* DER_Encode.h */, - 053BA322091C02B700A7007A /* libDER_config.h */, - 053BA323091C02B700A7007A /* libDER.h */, - 05E0E40509228A5E005F4693 /* DER_Digest.h */, - 05E0E40609228A5E005F4693 /* DER_Digest.c */, - 058F162D09250D0D009FA1C5 /* oids.c */, - 058F162E09250D0D009FA1C5 /* oids.h */, - D467903B1B39FDB500D26E2F /* oidsPriv.h */, - ); - path = libDER; - sourceTree = ""; - }; - 053BA45C091FE5CE00A7007A /* Tests */ = { - isa = PBXGroup; - children = ( - 4C96C8D2113F4165005483E8 /* AppleMobilePersonalizedTicket.h */, - 4C96C8D3113F4165005483E8 /* DER_Ticket.c */, - 4C96C8D4113F4165005483E8 /* DER_Ticket.h */, - 4C96C8D5113F4165005483E8 /* parseTicket.c */, - 053BA460091FE60700A7007A /* parseCert.c */, - 058F1658092513A7009FA1C5 /* parseCrl.c */, - ); - path = Tests; - sourceTree = ""; - }; - 053BA466091FE62100A7007A /* libDERUtils */ = { - isa = PBXGroup; - children = ( - 053BA47B091FE7CC00A7007A /* libDERUtils.h */, - 053BA47C091FE7CC00A7007A /* libDERUtils.c */, - 053BA46E091FE6C100A7007A /* fileIo.c */, - 053BA46F091FE6C100A7007A /* fileIo.h */, - 058F15C00922B73F009FA1C5 /* printFields.h */, - 058F15C10922B73F009FA1C5 /* printFields.c */, - ); - path = libDERUtils; - sourceTree = ""; - }; - 058ECE5B09211AB20050AA30 /* External Libs */ = { - isa = PBXGroup; - children = ( - 4C96C8EC113F42C4005483E8 /* libcrypto.dylib */, - ); - name = "External Libs"; - sourceTree = ""; - }; - 1828EA9F14E334E200BE00C2 /* config */ = { - isa = PBXGroup; - children = ( - 1828EAA014E334E200BE00C2 /* base.xcconfig */, - 1828EAA114E334E200BE00C2 /* debug.xcconfig */, - 1828EAA214E334E200BE00C2 /* lib.xcconfig */, - 1828EAA314E334E200BE00C2 /* release.xcconfig */, - ); - path = config; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 053BA310091C00BF00A7007A /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 053BA325091C02B700A7007A /* libDER_config.h in Headers */, - D467903C1B39FDB500D26E2F /* oidsPriv.h in Headers */, - 053BA326091C02B700A7007A /* libDER.h in Headers */, - 053BA324091C02B700A7007A /* DER_Decode.h in Headers */, - 053BA39A091C258100A7007A /* DER_CertCrl.h in Headers */, - 05E0E40709228A5E005F4693 /* DER_Digest.h in Headers */, - 0544AEA10940939C00DD6C0B /* DER_Encode.h in Headers */, - 058ECD360920F5E30050AA30 /* DER_Keys.h in Headers */, - 058F163209250D17009FA1C5 /* oids.h in Headers */, - 053BA344091C089B00A7007A /* asn1Types.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 053BA467091FE63E00A7007A /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 053BA471091FE6C100A7007A /* fileIo.h in Headers */, - 053BA47D091FE7CC00A7007A /* libDERUtils.h in Headers */, - 058F15C20922B73F009FA1C5 /* printFields.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 053BA313091C00BF00A7007A /* libDER */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4CD81A5D09BE1FD2000A9641 /* Build configuration list for PBXNativeTarget "libDER" */; - buildPhases = ( - 053BA310091C00BF00A7007A /* Headers */, - 053BA311091C00BF00A7007A /* Sources */, - 053BA312091C00BF00A7007A /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libDER; - productName = libDER; - productReference = 053BA314091C00BF00A7007A /* libDER.a */; - productType = "com.apple.product-type.library.static"; - }; - 053BA444091FE58C00A7007A /* parseCert */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4CD81A6509BE1FD2000A9641 /* Build configuration list for PBXNativeTarget "parseCert" */; - buildPhases = ( - 053BA442091FE58C00A7007A /* Sources */, - 053BA443091FE58C00A7007A /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - 053BA459091FE59900A7007A /* PBXTargetDependency */, - 058ECC56091FF0090050AA30 /* PBXTargetDependency */, - ); - name = parseCert; - productName = parseCert; - productReference = 053BA445091FE58C00A7007A /* parseCert */; - productType = "com.apple.product-type.tool"; - }; - 053BA46A091FE63E00A7007A /* libDERUtils */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4CD81A6109BE1FD2000A9641 /* Build configuration list for PBXNativeTarget "libDERUtils" */; - buildPhases = ( - 053BA467091FE63E00A7007A /* Headers */, - 053BA468091FE63E00A7007A /* Sources */, - 053BA469091FE63E00A7007A /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libDERUtils; - productName = libDERUtils; - productReference = 053BA46B091FE63E00A7007A /* libDERUtils.a */; - productType = "com.apple.product-type.library.static"; - }; - 058F16530925135E009FA1C5 /* parseCrl */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4CD81A6909BE1FD2000A9641 /* Build configuration list for PBXNativeTarget "parseCrl" */; - buildPhases = ( - 058F16510925135E009FA1C5 /* Sources */, - 058F16520925135E009FA1C5 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - 058F1676092523D8009FA1C5 /* PBXTargetDependency */, - 058F1678092523DD009FA1C5 /* PBXTargetDependency */, - ); - name = parseCrl; - productName = parseCrl; - productReference = 058F16540925135E009FA1C5 /* parseCrl */; - productType = "com.apple.product-type.tool"; - }; - 4C96C8CD113F4132005483E8 /* parseTicket */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4C96C8D8113F4165005483E8 /* Build configuration list for PBXNativeTarget "parseTicket" */; - buildPhases = ( - 4C96C8CB113F4132005483E8 /* Sources */, - 4C96C8CC113F4132005483E8 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - 4C96C8E1113F4223005483E8 /* PBXTargetDependency */, - ); - name = parseTicket; - productName = parseTicket; - productReference = 4C96C8CE113F4132005483E8 /* parseTicket */; - productType = "com.apple.product-type.tool"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 053BA30A091C00A400A7007A /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - TargetAttributes = { - D46B07A51C8FB22900B5939A = { - CreatedOnToolsVersion = 7.3; - }; - D46B07EB1C8FBDC600B5939A = { - CreatedOnToolsVersion = 7.3; - }; - }; - }; - buildConfigurationList = 4CD81A7109BE1FD2000A9641 /* Build configuration list for PBXProject "libDER" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 0; - knownRegions = ( - English, - Japanese, - French, - German, - ); - mainGroup = 053BA306091C00A400A7007A; - productRefGroup = 053BA315091C00BF00A7007A /* Products */; - projectDirPath = ""; - projectRoot = ""; - targets = ( - 053BA30F091C00B100A7007A /* World */, - D46B07A51C8FB22900B5939A /* libDERInstall */, - D46B07EB1C8FBDC600B5939A /* libDERHeaders */, - 053BA313091C00BF00A7007A /* libDER */, - 053BA444091FE58C00A7007A /* parseCert */, - 053BA46A091FE63E00A7007A /* libDERUtils */, - 058F16530925135E009FA1C5 /* parseCrl */, - 4C96C8CD113F4132005483E8 /* parseTicket */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXSourcesBuildPhase section */ - 053BA311091C00BF00A7007A /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 053BA345091C089B00A7007A /* DER_Decode.c in Sources */, - 053BA399091C258100A7007A /* DER_CertCrl.c in Sources */, - 058ECD350920F5E30050AA30 /* DER_Keys.c in Sources */, - 05E0E40809228A5E005F4693 /* DER_Digest.c in Sources */, - 058F163109250D16009FA1C5 /* oids.c in Sources */, - 0544AEA20940939C00DD6C0B /* DER_Encode.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 053BA442091FE58C00A7007A /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 053BA461091FE60700A7007A /* parseCert.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 053BA468091FE63E00A7007A /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 053BA470091FE6C100A7007A /* fileIo.c in Sources */, - 053BA47E091FE7CC00A7007A /* libDERUtils.c in Sources */, - 058F15C30922B73F009FA1C5 /* printFields.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 058F16510925135E009FA1C5 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 058F1659092513A7009FA1C5 /* parseCrl.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4C96C8CB113F4132005483E8 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4C96C8D6113F4165005483E8 /* DER_Ticket.c in Sources */, - 4C96C8D7113F4165005483E8 /* parseTicket.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - 053BA317091C017E00A7007A /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 053BA313091C00BF00A7007A /* libDER */; - targetProxy = 053BA316091C017E00A7007A /* PBXContainerItemProxy */; - }; - 053BA459091FE59900A7007A /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 053BA313091C00BF00A7007A /* libDER */; - targetProxy = 053BA458091FE59900A7007A /* PBXContainerItemProxy */; - }; - 053BA463091FE60E00A7007A /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 053BA444091FE58C00A7007A /* parseCert */; - targetProxy = 053BA462091FE60E00A7007A /* PBXContainerItemProxy */; - }; - 058ECC54091FF0000050AA30 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 053BA46A091FE63E00A7007A /* libDERUtils */; - targetProxy = 058ECC53091FF0000050AA30 /* PBXContainerItemProxy */; - }; - 058ECC56091FF0090050AA30 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 053BA46A091FE63E00A7007A /* libDERUtils */; - targetProxy = 058ECC55091FF0090050AA30 /* PBXContainerItemProxy */; - }; - 058F16680925224F009FA1C5 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 058F16530925135E009FA1C5 /* parseCrl */; - targetProxy = 058F16670925224F009FA1C5 /* PBXContainerItemProxy */; - }; - 058F1676092523D8009FA1C5 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 053BA313091C00BF00A7007A /* libDER */; - targetProxy = 058F1675092523D8009FA1C5 /* PBXContainerItemProxy */; - }; - 058F1678092523DD009FA1C5 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 053BA46A091FE63E00A7007A /* libDERUtils */; - targetProxy = 058F1677092523DD009FA1C5 /* PBXContainerItemProxy */; - }; - 4C96C8DC113F4174005483E8 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4C96C8CD113F4132005483E8 /* parseTicket */; - targetProxy = 4C96C8DB113F4174005483E8 /* PBXContainerItemProxy */; - }; - 4C96C8E1113F4223005483E8 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 053BA313091C00BF00A7007A /* libDER */; - targetProxy = 4C96C8E0113F4223005483E8 /* PBXContainerItemProxy */; - }; - D46B07FB1C8FBE0B00B5939A /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 053BA313091C00BF00A7007A /* libDER */; - targetProxy = D46B07FA1C8FBE0B00B5939A /* PBXContainerItemProxy */; - }; - D46B07FD1C8FBE1900B5939A /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = D46B07EB1C8FBDC600B5939A /* libDERHeaders */; - targetProxy = D46B07FC1C8FBE1900B5939A /* PBXContainerItemProxy */; - }; - D46B08741C8FC18700B5939A /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 053BA313091C00BF00A7007A /* libDER */; - targetProxy = D46B08731C8FC18700B5939A /* PBXContainerItemProxy */; - }; -/* End PBXTargetDependency section */ - -/* Begin XCBuildConfiguration section */ - 4C96C8D0113F4132005483E8 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1828EAA114E334E200BE00C2 /* debug.xcconfig */; - buildSettings = { - }; - name = Debug; - }; - 4C96C8D1113F4132005483E8 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1828EAA314E334E200BE00C2 /* release.xcconfig */; - buildSettings = { - }; - name = Release; - }; - 792E01120CBC0CE3007C00A0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1828EAA114E334E200BE00C2 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Debug; - }; - 792E01130CBC0CE3007C00A0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1828EAA314E334E200BE00C2 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Release; - }; - 792E01140CBC0CE3007C00A0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1828EAA114E334E200BE00C2 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - SDKROOT = macosx.internal; - }; - name = Debug; - }; - 792E01150CBC0CE3007C00A0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1828EAA314E334E200BE00C2 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - SDKROOT = macosx.internal; - }; - name = Release; - }; - 792E01160CBC0CE3007C00A0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1828EAA114E334E200BE00C2 /* debug.xcconfig */; - buildSettings = { - }; - name = Debug; - }; - 792E01170CBC0CE3007C00A0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1828EAA314E334E200BE00C2 /* release.xcconfig */; - buildSettings = { - }; - name = Release; - }; - 792E01180CBC0CE3007C00A0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1828EAA114E334E200BE00C2 /* debug.xcconfig */; - buildSettings = { - }; - name = Debug; - }; - 792E01190CBC0CE3007C00A0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1828EAA314E334E200BE00C2 /* release.xcconfig */; - buildSettings = { - }; - name = Release; - }; - 792E011A0CBC0CE3007C00A0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1828EAA114E334E200BE00C2 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Debug; - }; - 792E011B0CBC0CE3007C00A0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1828EAA314E334E200BE00C2 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Release; - }; - 792E011C0CBC0CE3007C00A0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1828EAA214E334E200BE00C2 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_STATIC_ANALYZER_MODE = deep; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - RUN_CLANG_STATIC_ANALYZER = YES; - SDKROOT = macosx.internal; - }; - name = Debug; - }; - 792E011D0CBC0CE3007C00A0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1828EAA214E334E200BE00C2 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_STATIC_ANALYZER_MODE = deep; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - RUN_CLANG_STATIC_ANALYZER = YES; - SDKROOT = macosx.internal; - }; - name = Release; - }; - D46B07A61C8FB22900B5939A /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; - }; - D46B07A71C8FB22900B5939A /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; - }; - D46B07ED1C8FBDC600B5939A /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; - }; - D46B07EE1C8FBDC600B5939A /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - 4C96C8D8113F4165005483E8 /* Build configuration list for PBXNativeTarget "parseTicket" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 4C96C8D0113F4132005483E8 /* Debug */, - 4C96C8D1113F4132005483E8 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 4CD81A5D09BE1FD2000A9641 /* Build configuration list for PBXNativeTarget "libDER" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 792E01120CBC0CE3007C00A0 /* Debug */, - 792E01130CBC0CE3007C00A0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 4CD81A6109BE1FD2000A9641 /* Build configuration list for PBXNativeTarget "libDERUtils" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 792E01140CBC0CE3007C00A0 /* Debug */, - 792E01150CBC0CE3007C00A0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 4CD81A6509BE1FD2000A9641 /* Build configuration list for PBXNativeTarget "parseCert" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 792E01160CBC0CE3007C00A0 /* Debug */, - 792E01170CBC0CE3007C00A0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 4CD81A6909BE1FD2000A9641 /* Build configuration list for PBXNativeTarget "parseCrl" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 792E01180CBC0CE3007C00A0 /* Debug */, - 792E01190CBC0CE3007C00A0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 4CD81A6D09BE1FD2000A9641 /* Build configuration list for PBXAggregateTarget "World" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 792E011A0CBC0CE3007C00A0 /* Debug */, - 792E011B0CBC0CE3007C00A0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 4CD81A7109BE1FD2000A9641 /* Build configuration list for PBXProject "libDER" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 792E011C0CBC0CE3007C00A0 /* Debug */, - 792E011D0CBC0CE3007C00A0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - D46B07A81C8FB22900B5939A /* Build configuration list for PBXAggregateTarget "libDERInstall" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - D46B07A61C8FB22900B5939A /* Debug */, - D46B07A71C8FB22900B5939A /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - D46B07EC1C8FBDC600B5939A /* Build configuration list for PBXAggregateTarget "libDERHeaders" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - D46B07ED1C8FBDC600B5939A /* Debug */, - D46B07EE1C8FBDC600B5939A /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 053BA30A091C00A400A7007A /* Project object */; -} diff --git a/OSX/libsecurity_keychain/libDER/libDER/oids.c b/OSX/libsecurity_keychain/libDER/libDER/oids.c index 7e62427e..990941f7 100644 --- a/OSX/libsecurity_keychain/libDER/libDER/oids.c +++ b/OSX/libsecurity_keychain/libDER/libDER/oids.c @@ -222,7 +222,7 @@ #define APPLE_CERT_POLICY_MOBILE_STORE APPLE_CERT_POLICIES, 12 -#define APPLE_CERT_POLICY_TEST_MOBILE_STORE APPLE_CERT_POLICY_MOBILE_STORE, 1 +#define APPLE_CERT_POLICY_MOBILE_STORE_PRODQA APPLE_CERT_POLICY_MOBILE_STORE, 1 /* * Basis of Apple-specific Signing extensions @@ -275,10 +275,10 @@ /* 1.2.840.113635.100.6.1.24 */ #define APPLE_TVOS_APP_SIGNING_PROD_OID APPLE_CERT_EXTENSION_CODESIGNING, 24 -/* Apple TVOS Application Signing leaf, test */ +/* Apple TVOS Application Signing leaf, QA */ /* 1.2.840.113635.100.6.1.24.1 */ -#define APPLE_TVOS_APP_SIGNING_TEST_OID APPLE_CERT_EXTENSION_CODESIGNING, 24, 1 +#define APPLE_TVOS_APP_SIGNING_PRODQA_OID APPLE_CERT_EXTENSION_CODESIGNING, 24, 1 #define APPLE_ESCROW_ARC APPLE_CERT_EXT, 23 @@ -288,11 +288,11 @@ #define APPLE_SERVER_AUTHENTICATION APPLE_CERT_EXT, 27 #define APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION APPLE_SERVER_AUTHENTICATION, 1 -#define APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_PPQ_TEST APPLE_SERVER_AUTHENTICATION, 3, 1 +#define APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_PPQ_PRODQA APPLE_SERVER_AUTHENTICATION, 3, 1 #define APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_PPQ_PROD APPLE_SERVER_AUTHENTICATION, 3, 2 -#define APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_IDS_TEST APPLE_SERVER_AUTHENTICATION, 4, 1 +#define APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_IDS_PRODQA APPLE_SERVER_AUTHENTICATION, 4, 1 #define APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_IDS_PROD APPLE_SERVER_AUTHENTICATION, 4, 2 -#define APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_APN_TEST APPLE_SERVER_AUTHENTICATION, 5, 1 +#define APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_APN_PRODQA APPLE_SERVER_AUTHENTICATION, 5, 1 #define APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_APN_PROD APPLE_SERVER_AUTHENTICATION, 5, 2 #define APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_GS APPLE_SERVER_AUTHENTICATION, 2 @@ -304,12 +304,12 @@ /* UPP fraud detection (Provisioning Profile Query) CMS signing */ -#define APPLE_CERT_EXT_APPLE_PPQ_SIGNING_TEST APPLE_CERT_EXT, 38, 1 -#define APPLE_CERT_EXT_APPLE_PPQ_SIGNING_PROD APPLE_CERT_EXT, 38, 2 +#define APPLE_CERT_EXT_APPLE_PPQ_SIGNING_PRODQA APPLE_CERT_EXT, 38, 1 +#define APPLE_CERT_EXT_APPLE_PPQ_SIGNING_PROD APPLE_CERT_EXT, 38, 2 /* AppleTVOS Application Signing */ #define APPLE_ATV_APP_SIGNING_OID APPLE_CERT_EXTENSION_CODESIGNING, 24 -#define APPLE_ATV_APP_SIGNING_OID_TEST APPLE_ATV_APP_SIGNING_OID, 1 +#define APPLE_ATV_APP_SIGNING_OID_PRODQA APPLE_ATV_APP_SIGNING_OID, 1 /* Apple Pay Issuer Encryption */ #define APPLE_CERT_EXT_CRYPTO_SERVICES_EXT_ENCRYPTION APPLE_CERT_EXT, 39 @@ -322,24 +322,24 @@ #define APPLE_CERT_EXT_APPLE_ATV_VPN_PROFILE_SIGNING APPLE_CERT_EXT, 43 /* AST2 Diagnostics Server Authentication - * Test Marker OID 1.2.840.113635.100.6.27.8.1 + * QA Marker OID 1.2.840.113635.100.6.27.8.1 * Prod Marker OID 1.2.840.113635.100.6.27.8.2 */ -#define APPLE_CERT_EXT_AST2_DIAGNOSTICS_SERVER_AUTH_TEST APPLE_SERVER_AUTHENTICATION, 8, 1 +#define APPLE_CERT_EXT_AST2_DIAGNOSTICS_SERVER_AUTH_PRODQA APPLE_SERVER_AUTHENTICATION, 8, 1 #define APPLE_CERT_EXT_AST2_DIAGNOSTICS_SERVER_AUTH_PROD APPLE_SERVER_AUTHENTICATION, 8, 2 /* Escrow Proxy Server Authentication - * Test Marker OID 1.2.840.113635.100.6.27.7.1 + * QA Marker OID 1.2.840.113635.100.6.27.7.1 * Prod Marker OID 1.2.840.113635.100.6.27.7.2 */ -#define APPLE_CERT_EXT_ESCROW_PROXY_SERVER_AUTH_TEST APPLE_SERVER_AUTHENTICATION, 7, 1 +#define APPLE_CERT_EXT_ESCROW_PROXY_SERVER_AUTH_PRODQA APPLE_SERVER_AUTHENTICATION, 7, 1 #define APPLE_CERT_EXT_ESCROW_PROXY_SERVER_AUTH_PROD APPLE_SERVER_AUTHENTICATION, 7, 2 /* FMiP Server Authentication - * Test Marker OID 1.2.840.113635.100.6.27.6.1 + * QA Marker OID 1.2.840.113635.100.6.27.6.1 * Prod Marker OID 1.2.840.113635.100.6.27.6.2 */ -#define APPLE_CERT_EXT_FMIP_SERVER_AUTH_TEST APPLE_SERVER_AUTHENTICATION, 6, 1 +#define APPLE_CERT_EXT_FMIP_SERVER_AUTH_PRODQA APPLE_SERVER_AUTHENTICATION, 6, 1 #define APPLE_CERT_EXT_FMIP_SERVER_AUTH_PROD APPLE_SERVER_AUTHENTICATION, 6, 2 /* HomeKit Server Authentication @@ -350,12 +350,19 @@ #define APPLE_CERT_EXT_HOME_KIT_SERVER_AUTH APPLE_SERVER_AUTHENTICATION, 9 /* MMCS Server Authentication - * Test Marker OID 1.2.840.113635.100.6.27.11.1 + * QA Marker OID 1.2.840.113635.100.6.27.11.1 * Prod Marker OID 1.2.840.113635.100.6.27.11.2 */ -#define APPLE_CERT_EXT_MMCS_SERVER_AUTH_TEST APPLE_SERVER_AUTHENTICATION, 11, 1 +#define APPLE_CERT_EXT_MMCS_SERVER_AUTH_PRODQA APPLE_SERVER_AUTHENTICATION, 11, 1 #define APPLE_CERT_EXT_MMCS_SERVER_AUTH_PROD APPLE_SERVER_AUTHENTICATION, 11, 2 +/* iCloud Setup Authentication + * QA Marker OID 1.2.840.113635.100.6.27.15.1 + * Prod Marker OID 1.2.840.113635.100.6.27.15.2 + */ +#define APPLE_CERT_EXT_ICLOUD_SETUP_SERVER_AUTH_PRODQA APPLE_SERVER_AUTHENTICATION, 15, 1 +#define APPLE_CERT_EXT_ICLOUD_SETUP_SERVER_AUTH_PROD APPLE_SERVER_AUTHENTICATION, 15, 2 + /* * Netscape OIDs. */ @@ -560,7 +567,7 @@ __unused static const DERByte _oidAppleApplicationSigning[] = { APPLE_APP_SIGNING_OID }, _oidAppleInstallerPackagingSigningExternal[] = { APPLE_INSTALLER_PACKAGE_SIGNING_EXTERNAL_OID }, _oidAppleTVOSApplicationSigningProd[] = { APPLE_TVOS_APP_SIGNING_PROD_OID }, - _oidAppleTVOSApplicationSigningTest[] = { APPLE_TVOS_APP_SIGNING_TEST_OID }, + _oidAppleTVOSApplicationSigningProdQA[] = { APPLE_TVOS_APP_SIGNING_PRODQA_OID }, _oidAppleExtendedKeyUsageCodeSigning[] = { APPLE_EKU_CODE_SIGNING }, _oidAppleExtendedKeyUsageCodeSigningDev[] = { APPLE_EKU_CODE_SIGNING, 1 }, _oidAppleExtendedKeyUsageAppleID[] = { APPLE_EKU_APPLE_ID }, @@ -571,8 +578,8 @@ __unused static const DERByte _oidAppleIntmMarkerAppleID[] = { APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID }, _oidAppleIntmMarkerAppleID2[] = {APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID_2 }, _oidApplePushServiceClient[] = { APPLE_CERT_EXT_APPLE_PUSH_MARKER, 2 }, - _oidApplePolicyMobileStore[] = { APPLE_CERT_POLICY_MOBILE_STORE }, - _oidApplePolicyTestMobileStore[] = { APPLE_CERT_POLICY_TEST_MOBILE_STORE }, + _oidApplePolicyMobileStore[] = { APPLE_CERT_POLICY_MOBILE_STORE }, + _oidApplePolicyMobileStoreProdQA[] = { APPLE_CERT_POLICY_MOBILE_STORE_PRODQA }, _oidApplePolicyEscrowService[] = { APPLE_ESCROW_POLICY_OID }, _oidAppleCertExtensionAppleIDRecordValidationSigning[] = { APPLE_CERT_EXT_APPLE_ID_VALIDATION_RECORD_SIGNING }, _oidAppleCertExtOSXProvisioningProfileSigning[] = { APPLE_CERT_EXT_OSX_PROVISIONING_PROFILE_SIGNING }, @@ -580,32 +587,34 @@ __unused static const DERByte _oidAppleIntmMarkerAppleSystemIntgG3[] = {APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID_SYSTEM_INTEGRATION_G3}, _oidAppleCertExtAppleSMPEncryption[] = {APPLE_CERT_EXT_APPLE_SMP_ENCRYPTION}, _oidAppleCertExtAppleServerAuthentication[] = {APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION}, - _oidAppleCertExtAppleServerAuthenticationPPQTest[] = {APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_PPQ_TEST}, - _oidAppleCertExtAppleServerAuthenticationPPQProd[] = {APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_PPQ_PROD}, - _oidAppleCertExtAppleServerAuthenticationIDSTest[] = {APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_IDS_TEST}, - _oidAppleCertExtAppleServerAuthenticationIDSProd[] = {APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_IDS_PROD}, - _oidAppleCertExtAppleServerAuthenticationAPNTest[] = {APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_APN_TEST}, - _oidAppleCertExtAppleServerAuthenticationAPNProd[] = {APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_APN_PROD}, + _oidAppleCertExtAppleServerAuthenticationPPQProdQA[] = {APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_PPQ_PRODQA}, + _oidAppleCertExtAppleServerAuthenticationPPQProd[] = {APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_PPQ_PROD}, + _oidAppleCertExtAppleServerAuthenticationIDSProdQA[] = {APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_IDS_PRODQA}, + _oidAppleCertExtAppleServerAuthenticationIDSProd[] = {APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_IDS_PROD}, + _oidAppleCertExtAppleServerAuthenticationAPNProdQA[] = {APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_APN_PRODQA}, + _oidAppleCertExtAppleServerAuthenticationAPNProd[] = {APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_APN_PROD}, _oidAppleCertExtAppleServerAuthenticationGS[] = {APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION_GS}, _oidAppleIntmMarkerAppleServerAuthentication[] = {APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLE_SERVER_AUTHENTICATION}, - _oidAppleCertExtApplePPQSigningTest[] = {APPLE_CERT_EXT_APPLE_PPQ_SIGNING_TEST}, - _oidAppleCertExtApplePPQSigningProd[] = {APPLE_CERT_EXT_APPLE_PPQ_SIGNING_PROD}, + _oidAppleCertExtApplePPQSigningProdQA[] = {APPLE_CERT_EXT_APPLE_PPQ_SIGNING_PRODQA}, + _oidAppleCertExtApplePPQSigningProd[] = {APPLE_CERT_EXT_APPLE_PPQ_SIGNING_PROD}, _oidGoogleEmbeddedSignedCertificateTimestamp[] = {GOOGLE_EMBEDDED_SCT_OID}, _oidGoogleOCSPSignedCertificateTimestamp[] = {GOOGLE_OCSP_SCT_OID}, - _oidAppleCertExtATVAppSigningTest[] = {APPLE_ATV_APP_SIGNING_OID_TEST}, - _oidAppleCertExtATVAppSigningProd[] = {APPLE_ATV_APP_SIGNING_OID}, + _oidAppleCertExtATVAppSigningProdQA[] = {APPLE_ATV_APP_SIGNING_OID_PRODQA}, + _oidAppleCertExtATVAppSigningProd[] = {APPLE_ATV_APP_SIGNING_OID}, _oidAppleCertExtATVVPNProfileSigning[] = {APPLE_CERT_EXT_APPLE_ATV_VPN_PROFILE_SIGNING}, _oidAppleCertExtCryptoServicesExtEncryption[] = {APPLE_CERT_EXT_CRYPTO_SERVICES_EXT_ENCRYPTION}, - _oidAppleCertExtAST2DiagnosticsServerAuthTest[] = {APPLE_CERT_EXT_AST2_DIAGNOSTICS_SERVER_AUTH_TEST}, - _oidAppleCertExtAST2DiagnosticsServerAuthProd[] = {APPLE_CERT_EXT_AST2_DIAGNOSTICS_SERVER_AUTH_PROD}, - _oidAppleCertExtEscrowProxyServerAuthTest[] = {APPLE_CERT_EXT_ESCROW_PROXY_SERVER_AUTH_TEST}, - _oidAppleCertExtEscrowProxyServerAuthProd[] = {APPLE_CERT_EXT_ESCROW_PROXY_SERVER_AUTH_PROD}, - _oidAppleCertExtFMiPServerAuthTest[] = {APPLE_CERT_EXT_FMIP_SERVER_AUTH_TEST}, - _oidAppleCertExtFMiPServerAuthProd[] = {APPLE_CERT_EXT_FMIP_SERVER_AUTH_PROD}, + _oidAppleCertExtAST2DiagnosticsServerAuthProdQA[] = {APPLE_CERT_EXT_AST2_DIAGNOSTICS_SERVER_AUTH_PRODQA}, + _oidAppleCertExtAST2DiagnosticsServerAuthProd[] = {APPLE_CERT_EXT_AST2_DIAGNOSTICS_SERVER_AUTH_PROD}, + _oidAppleCertExtEscrowProxyServerAuthProdQA[] = {APPLE_CERT_EXT_ESCROW_PROXY_SERVER_AUTH_PRODQA}, + _oidAppleCertExtEscrowProxyServerAuthProd[] = {APPLE_CERT_EXT_ESCROW_PROXY_SERVER_AUTH_PROD}, + _oidAppleCertExtFMiPServerAuthProdQA[] = {APPLE_CERT_EXT_FMIP_SERVER_AUTH_PRODQA}, + _oidAppleCertExtFMiPServerAuthProd[] = {APPLE_CERT_EXT_FMIP_SERVER_AUTH_PROD}, _oidAppleCertExtHomeKitServerAuth[] = {APPLE_CERT_EXT_HOME_KIT_SERVER_AUTH}, _oidAppleIntmMarkerAppleHomeKitServerCA[] = {APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLE_HOME_KIT_SERVER_AUTH}, - _oidAppleCertExtMMCSServerAuthTest[] = {APPLE_CERT_EXT_MMCS_SERVER_AUTH_TEST}, - _oidAppleCertExtMMCSServerAuthProd[] = {APPLE_CERT_EXT_MMCS_SERVER_AUTH_PROD}; + _oidAppleCertExtMMCSServerAuthProdQA[] = {APPLE_CERT_EXT_MMCS_SERVER_AUTH_PRODQA}, + _oidAppleCertExtMMCSServerAuthProd[] = {APPLE_CERT_EXT_MMCS_SERVER_AUTH_PROD}, + _oidAppleCertExtiCloudSetupServerAuthProdQA[] = {APPLE_CERT_EXT_ICLOUD_SETUP_SERVER_AUTH_PRODQA}, + _oidAppleCertExtiCloudSetupServerAuthProd[] = {APPLE_CERT_EXT_ICLOUD_SETUP_SERVER_AUTH_PROD}; __unused const DERItem oidSubjectKeyIdentifier = { (DERByte *)_oidSubjectKeyIdentifier, @@ -710,10 +719,10 @@ __unused const DERItem sizeof(_oidAppleApplicationSigning) }, oidAppleInstallerPackagingSigningExternal = { (DERByte *)_oidAppleInstallerPackagingSigningExternal, sizeof(_oidAppleInstallerPackagingSigningExternal) }, - oidAppleTVOSApplicationSigningProd = { (DERByte *)_oidAppleTVOSApplicationSigningProd, + oidAppleTVOSApplicationSigningProd = { (DERByte *)_oidAppleTVOSApplicationSigningProd, sizeof(_oidAppleTVOSApplicationSigningProd) }, - oidAppleTVOSApplicationSigningTest = { (DERByte *)_oidAppleTVOSApplicationSigningTest, - sizeof(_oidAppleTVOSApplicationSigningTest) }, + oidAppleTVOSApplicationSigningProdQA = { (DERByte *)_oidAppleTVOSApplicationSigningProdQA, + sizeof(_oidAppleTVOSApplicationSigningProdQA) }, oidAppleExtendedKeyUsageCodeSigning = { (DERByte *)_oidAppleExtendedKeyUsageCodeSigning, sizeof(_oidAppleExtendedKeyUsageCodeSigning) }, oidAppleExtendedKeyUsageCodeSigningDev = { (DERByte *)_oidAppleExtendedKeyUsageCodeSigningDev, @@ -738,8 +747,8 @@ __unused const DERItem sizeof(_oidAppleIntmMarkerAppleID2) }, oidApplePolicyMobileStore = { (DERByte *)_oidApplePolicyMobileStore, sizeof(_oidApplePolicyMobileStore)}, - oidApplePolicyTestMobileStore = { (DERByte *)_oidApplePolicyTestMobileStore, - sizeof(_oidApplePolicyTestMobileStore)}, + oidApplePolicyMobileStoreProdQA = { (DERByte *)_oidApplePolicyMobileStoreProdQA, + sizeof(_oidApplePolicyMobileStoreProdQA)}, oidApplePolicyEscrowService = { (DERByte *)_oidApplePolicyEscrowService, sizeof(_oidApplePolicyEscrowService)}, oidAppleCertExtensionAppleIDRecordValidationSigning = { (DERByte *)_oidAppleCertExtensionAppleIDRecordValidationSigning, @@ -755,70 +764,76 @@ __unused const DERItem oidAppleCertExtAppleServerAuthentication = { (DERByte *)_oidAppleCertExtAppleServerAuthentication, sizeof(_oidAppleCertExtAppleServerAuthentication) }, - oidAppleCertExtAppleServerAuthenticationIDSTest - = { (DERByte *)_oidAppleCertExtAppleServerAuthenticationIDSTest, - sizeof(_oidAppleCertExtAppleServerAuthenticationIDSTest) }, + oidAppleCertExtAppleServerAuthenticationIDSProdQA + = { (DERByte *)_oidAppleCertExtAppleServerAuthenticationIDSProdQA, + sizeof(_oidAppleCertExtAppleServerAuthenticationIDSProdQA) }, oidAppleCertExtAppleServerAuthenticationIDSProd = { (DERByte *)_oidAppleCertExtAppleServerAuthenticationIDSProd, sizeof(_oidAppleCertExtAppleServerAuthenticationIDSProd) }, - oidAppleCertExtAppleServerAuthenticationAPNTest - = { (DERByte *)_oidAppleCertExtAppleServerAuthenticationAPNTest, - sizeof(_oidAppleCertExtAppleServerAuthenticationAPNTest) }, + oidAppleCertExtAppleServerAuthenticationAPNProdQA + = { (DERByte *)_oidAppleCertExtAppleServerAuthenticationAPNProdQA, + sizeof(_oidAppleCertExtAppleServerAuthenticationAPNProdQA) }, oidAppleCertExtAppleServerAuthenticationAPNProd = { (DERByte *)_oidAppleCertExtAppleServerAuthenticationAPNProd, sizeof(_oidAppleCertExtAppleServerAuthenticationAPNProd) }, oidAppleCertExtAppleServerAuthenticationGS = { (DERByte *)_oidAppleCertExtAppleServerAuthenticationGS, sizeof(_oidAppleCertExtAppleServerAuthenticationGS) }, - oidAppleCertExtAppleServerAuthenticationPPQTest - = { (DERByte *)_oidAppleCertExtAppleServerAuthenticationPPQTest, - sizeof(_oidAppleCertExtAppleServerAuthenticationPPQTest) }, + oidAppleCertExtAppleServerAuthenticationPPQProdQA + = { (DERByte *)_oidAppleCertExtAppleServerAuthenticationPPQProdQA, + sizeof(_oidAppleCertExtAppleServerAuthenticationPPQProdQA) }, oidAppleCertExtAppleServerAuthenticationPPQProd = { (DERByte *)_oidAppleCertExtAppleServerAuthenticationPPQProd, sizeof(_oidAppleCertExtAppleServerAuthenticationPPQProd) }, oidAppleIntmMarkerAppleServerAuthentication = { (DERByte *)_oidAppleIntmMarkerAppleServerAuthentication, sizeof(_oidAppleIntmMarkerAppleServerAuthentication) }, - oidAppleCertExtApplePPQSigningProd = { (DERByte *)_oidAppleCertExtApplePPQSigningProd, - sizeof(_oidAppleCertExtApplePPQSigningProd)}, - oidAppleCertExtApplePPQSigningTest = { (DERByte *)_oidAppleCertExtApplePPQSigningTest, - sizeof(_oidAppleCertExtApplePPQSigningTest)}, + oidAppleCertExtApplePPQSigningProd = { (DERByte *)_oidAppleCertExtApplePPQSigningProd, + sizeof(_oidAppleCertExtApplePPQSigningProd)}, + oidAppleCertExtApplePPQSigningProdQA = { (DERByte *)_oidAppleCertExtApplePPQSigningProdQA, + sizeof(_oidAppleCertExtApplePPQSigningProdQA)}, oidGoogleEmbeddedSignedCertificateTimestamp = { (DERByte *)_oidGoogleEmbeddedSignedCertificateTimestamp, sizeof(_oidGoogleEmbeddedSignedCertificateTimestamp) }, oidGoogleOCSPSignedCertificateTimestamp = { (DERByte *)_oidGoogleOCSPSignedCertificateTimestamp, sizeof(_oidGoogleOCSPSignedCertificateTimestamp) }, - oidAppleCertExtATVAppSigningProd = { (DERByte *)_oidAppleCertExtATVAppSigningProd, + oidAppleCertExtATVAppSigningProd = { (DERByte *)_oidAppleCertExtATVAppSigningProd, sizeof(_oidAppleCertExtATVAppSigningProd)}, - oidAppleCertExtATVAppSigningTest = { (DERByte *)_oidAppleCertExtATVAppSigningTest, - sizeof(_oidAppleCertExtATVAppSigningTest)}, + oidAppleCertExtATVAppSigningProdQA = { (DERByte *)_oidAppleCertExtATVAppSigningProdQA, + sizeof(_oidAppleCertExtATVAppSigningProdQA)}, oidAppleCertExtATVVPNProfileSigning = { (DERByte *) _oidAppleCertExtATVVPNProfileSigning, sizeof(_oidAppleCertExtATVVPNProfileSigning)}, oidAppleCertExtCryptoServicesExtEncryption = { (DERByte *)_oidAppleCertExtCryptoServicesExtEncryption, sizeof(_oidAppleCertExtCryptoServicesExtEncryption)}, - oidAppleCertExtAST2DiagnosticsServerAuthTest = { (DERByte *)_oidAppleCertExtAST2DiagnosticsServerAuthTest, - sizeof(_oidAppleCertExtAST2DiagnosticsServerAuthTest)}, + oidAppleCertExtAST2DiagnosticsServerAuthProdQA = { (DERByte *)_oidAppleCertExtAST2DiagnosticsServerAuthProdQA, + sizeof(_oidAppleCertExtAST2DiagnosticsServerAuthProdQA)}, oidAppleCertExtAST2DiagnosticsServerAuthProd = { (DERByte *)_oidAppleCertExtAST2DiagnosticsServerAuthProd, sizeof(_oidAppleCertExtAST2DiagnosticsServerAuthProd)}, - oidAppleCertExtEscrowProxyServerAuthTest = { (DERByte *)_oidAppleCertExtEscrowProxyServerAuthTest, - sizeof(_oidAppleCertExtEscrowProxyServerAuthTest)}, + oidAppleCertExtEscrowProxyServerAuthProdQA = { (DERByte *)_oidAppleCertExtEscrowProxyServerAuthProdQA, + sizeof(_oidAppleCertExtEscrowProxyServerAuthProdQA)}, oidAppleCertExtEscrowProxyServerAuthProd = { (DERByte *)_oidAppleCertExtEscrowProxyServerAuthProd, sizeof(_oidAppleCertExtEscrowProxyServerAuthProd)}, - oidAppleCertExtFMiPServerAuthTest = { (DERByte *)_oidAppleCertExtFMiPServerAuthTest, - sizeof(_oidAppleCertExtFMiPServerAuthTest)}, - oidAppleCertExtFMiPServerAuthProd = { (DERByte *)_oidAppleCertExtFMiPServerAuthProd, + oidAppleCertExtFMiPServerAuthProdQA = { (DERByte *)_oidAppleCertExtFMiPServerAuthProdQA, + sizeof(_oidAppleCertExtFMiPServerAuthProdQA)}, + oidAppleCertExtFMiPServerAuthProd = { (DERByte *)_oidAppleCertExtFMiPServerAuthProd, sizeof(_oidAppleCertExtFMiPServerAuthProd)}, oidAppleCertExtHomeKitServerAuth = { (DERByte *)_oidAppleCertExtHomeKitServerAuth, sizeof(_oidAppleCertExtHomeKitServerAuth)}, oidAppleIntmMarkerAppleHomeKitServerCA = { (DERByte *)_oidAppleIntmMarkerAppleHomeKitServerCA, sizeof(_oidAppleIntmMarkerAppleHomeKitServerCA) }, - oidAppleCertExtAppleServerAuthenticationMMCSTest - = { (DERByte *)_oidAppleCertExtMMCSServerAuthTest, - sizeof(_oidAppleCertExtMMCSServerAuthTest) }, + oidAppleCertExtAppleServerAuthenticationMMCSProdQA + = { (DERByte *)_oidAppleCertExtMMCSServerAuthProdQA, + sizeof(_oidAppleCertExtMMCSServerAuthProdQA) }, oidAppleCertExtAppleServerAuthenticationMMCSProd = { (DERByte *)_oidAppleCertExtMMCSServerAuthProd, - sizeof(_oidAppleCertExtMMCSServerAuthProd) }; + sizeof(_oidAppleCertExtMMCSServerAuthProd) }, + oidAppleCertExtAppleServerAuthenticationiCloudSetupProdQA + = { (DERByte *)_oidAppleCertExtiCloudSetupServerAuthProdQA, + sizeof(_oidAppleCertExtiCloudSetupServerAuthProdQA) }, + oidAppleCertExtAppleServerAuthenticationiCloudSetupProd + = { (DERByte *)_oidAppleCertExtiCloudSetupServerAuthProd, + sizeof(_oidAppleCertExtiCloudSetupServerAuthProd) }; diff --git a/OSX/libsecurity_keychain/libDER/libDER/oidsPriv.h b/OSX/libsecurity_keychain/libDER/libDER/oidsPriv.h index 71c11568..3d64f628 100644 --- a/OSX/libsecurity_keychain/libDER/libDER/oidsPriv.h +++ b/OSX/libsecurity_keychain/libDER/libDER/oidsPriv.h @@ -43,7 +43,7 @@ extern const DERItem oidAppleProvisioningProfile, oidAppleApplicationSigning, oidAppleTVOSApplicationSigningProd, - oidAppleTVOSApplicationSigningTest, + oidAppleTVOSApplicationSigningProdQA, oidAppleInstallerPackagingSigningExternal, oidAppleExtendedKeyUsageCodeSigning, oidAppleExtendedKeyUsageCodeSigningDev, @@ -56,7 +56,7 @@ extern const DERItem oidAppleIntmMarkerAppleID2, oidApplePushServiceClient, oidApplePolicyMobileStore, - oidApplePolicyTestMobileStore, + oidApplePolicyMobileStoreProdQA, oidApplePolicyEscrowService, oidAppleCertExtensionAppleIDRecordValidationSigning, oidAppleCertExtOSXProvisioningProfileSigning, @@ -64,30 +64,32 @@ extern const DERItem oidAppleIntmMarkerAppleSystemIntgG3, oidAppleCertExtAppleSMPEncryption, oidAppleCertExtAppleServerAuthentication, - oidAppleCertExtAppleServerAuthenticationIDSTest, + oidAppleCertExtAppleServerAuthenticationIDSProdQA, oidAppleCertExtAppleServerAuthenticationIDSProd, - oidAppleCertExtAppleServerAuthenticationAPNTest, + oidAppleCertExtAppleServerAuthenticationAPNProdQA, oidAppleCertExtAppleServerAuthenticationAPNProd, oidAppleCertExtAppleServerAuthenticationGS, - oidAppleCertExtAppleServerAuthenticationPPQTest, + oidAppleCertExtAppleServerAuthenticationPPQProdQA, oidAppleCertExtAppleServerAuthenticationPPQProd, oidAppleIntmMarkerAppleServerAuthentication, oidAppleCertExtApplePPQSigningProd, - oidAppleCertExtApplePPQSigningTest, + oidAppleCertExtApplePPQSigningProdQA, oidAppleCertExtATVAppSigningProd, - oidAppleCertExtATVAppSigningTest, + oidAppleCertExtATVAppSigningProdQA, oidAppleCertExtATVVPNProfileSigning, oidAppleCertExtCryptoServicesExtEncryption, - oidAppleCertExtAST2DiagnosticsServerAuthTest, + oidAppleCertExtAST2DiagnosticsServerAuthProdQA, oidAppleCertExtAST2DiagnosticsServerAuthProd, - oidAppleCertExtEscrowProxyServerAuthTest, + oidAppleCertExtEscrowProxyServerAuthProdQA, oidAppleCertExtEscrowProxyServerAuthProd, - oidAppleCertExtFMiPServerAuthTest, + oidAppleCertExtFMiPServerAuthProdQA, oidAppleCertExtFMiPServerAuthProd, oidAppleCertExtHomeKitServerAuth, oidAppleIntmMarkerAppleHomeKitServerCA, - oidAppleCertExtAppleServerAuthenticationMMCSTest, - oidAppleCertExtAppleServerAuthenticationMMCSProd; + oidAppleCertExtAppleServerAuthenticationMMCSProdQA, + oidAppleCertExtAppleServerAuthenticationMMCSProd, + oidAppleCertExtAppleServerAuthenticationiCloudSetupProdQA, + oidAppleCertExtAppleServerAuthenticationiCloudSetupProd; /* Compare two decoded OIDs. Returns true iff they are equivalent. */ bool DEROidCompare(const DERItem *oid1, const DERItem *oid2); diff --git a/OSX/libsecurity_keychain/libsecurity_keychain.xcodeproj/project.pbxproj b/OSX/libsecurity_keychain/libsecurity_keychain.xcodeproj/project.pbxproj deleted file mode 100644 index 7ea76c9f..00000000 --- a/OSX/libsecurity_keychain/libsecurity_keychain.xcodeproj/project.pbxproj +++ /dev/null @@ -1,1542 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 05012D46060B94A000C044CB /* SecImportExportCrypto.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 05012D45060B94A000C044CB /* SecImportExportCrypto.cpp */; }; - 05012D4A060B94B200C044CB /* SecImportExportCrypto.h in Headers */ = {isa = PBXBuildFile; fileRef = 05012D49060B94B200C044CB /* SecImportExportCrypto.h */; settings = {ATTRIBUTES = (); }; }; - 051A034805D9A68C00E02A64 /* SecImportExportAgg.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 051A034705D9A68C00E02A64 /* SecImportExportAgg.cpp */; }; - 051A035005D9A69900E02A64 /* SecImportExportAgg.h in Headers */ = {isa = PBXBuildFile; fileRef = 051A034F05D9A69900E02A64 /* SecImportExportAgg.h */; settings = {ATTRIBUTES = (); }; }; - 051A053305DAC86400E02A64 /* SecImportExportPem.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 051A053205DAC86400E02A64 /* SecImportExportPem.cpp */; }; - 052AF723060A3472003FEB8D /* SecWrappedKeys.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 052AF722060A3472003FEB8D /* SecWrappedKeys.cpp */; }; - 054F90AE05E2860E0013C1D1 /* SecImportExportUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 054F90AD05E2860E0013C1D1 /* SecImportExportUtils.cpp */; }; - 054F90B005E286180013C1D1 /* SecImportExportUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = 054F90AF05E286180013C1D1 /* SecImportExportUtils.h */; settings = {ATTRIBUTES = (); }; }; - 055EA6B106AC5C13005079CE /* TrustRevocation.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 055EA6B006AC5C13005079CE /* TrustRevocation.cpp */; }; - 056CDA3905FD573B00820BC3 /* SecImportExportPkcs8.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 056CDA3805FD573B00820BC3 /* SecImportExportPkcs8.cpp */; }; - 056CDA5D05FD5AEB00820BC3 /* SecPkcs8Templates.h in Headers */ = {isa = PBXBuildFile; fileRef = 056CDA5C05FD5AEB00820BC3 /* SecPkcs8Templates.h */; }; - 056CDA6505FD5B3400820BC3 /* SecPkcs8Templates.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 056CDA6405FD5B3400820BC3 /* SecPkcs8Templates.cpp */; }; - 056CDA8E05FD63C200820BC3 /* SecImportExportPkcs8.h in Headers */ = {isa = PBXBuildFile; fileRef = 056CDA8D05FD63C200820BC3 /* SecImportExportPkcs8.h */; settings = {ATTRIBUTES = (); }; }; - 058AA95A05D93B4300F543ED /* SecExport.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 058AA95805D93B4300F543ED /* SecExport.cpp */; }; - 058AA95B05D93B4300F543ED /* SecImportExport.h in Headers */ = {isa = PBXBuildFile; fileRef = 058AA95905D93B4300F543ED /* SecImportExport.h */; settings = {ATTRIBUTES = (); }; }; - 058AA96C05D93CDD00F543ED /* SecImport.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 058AA96B05D93CDD00F543ED /* SecImport.cpp */; }; - 058AA9CA05D96FD200F543ED /* SecExternalRep.h in Headers */ = {isa = PBXBuildFile; fileRef = 058AA9C905D96FD200F543ED /* SecExternalRep.h */; settings = {ATTRIBUTES = (); }; }; - 058AA9CE05D96FE600F543ED /* SecExternalRep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 058AA9CD05D96FE600F543ED /* SecExternalRep.cpp */; }; - 058AAA9205D97EAE00F543ED /* SecImportExportPem.h in Headers */ = {isa = PBXBuildFile; fileRef = 058AAA9105D97EAE00F543ED /* SecImportExportPem.h */; settings = {ATTRIBUTES = (); }; }; - 058C797109F56CCB00DB7E98 /* SecTrustSettings.h in Headers */ = {isa = PBXBuildFile; fileRef = 058C796F09F56CCB00DB7E98 /* SecTrustSettings.h */; settings = {ATTRIBUTES = (); }; }; - 058C797209F56CCC00DB7E98 /* SecTrustSettingsPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 058C797009F56CCB00DB7E98 /* SecTrustSettingsPriv.h */; settings = {ATTRIBUTES = (); }; }; - 058C797609F56CFB00DB7E98 /* SecTrustSettings.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 058C797509F56CFB00DB7E98 /* SecTrustSettings.cpp */; }; - 058C797C09F56D1400DB7E98 /* TrustSettings.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 058C797709F56D1400DB7E98 /* TrustSettings.cpp */; }; - 058C797D09F56D1400DB7E98 /* TrustSettings.h in Headers */ = {isa = PBXBuildFile; fileRef = 058C797809F56D1400DB7E98 /* TrustSettings.h */; settings = {ATTRIBUTES = (); }; }; - 058C797E09F56D1400DB7E98 /* TrustSettingsSchema.h in Headers */ = {isa = PBXBuildFile; fileRef = 058C797909F56D1400DB7E98 /* TrustSettingsSchema.h */; settings = {ATTRIBUTES = (); }; }; - 058C797F09F56D1400DB7E98 /* TrustSettingsUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 058C797A09F56D1400DB7E98 /* TrustSettingsUtils.cpp */; }; - 058C798009F56D1400DB7E98 /* TrustSettingsUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = 058C797B09F56D1400DB7E98 /* TrustSettingsUtils.h */; settings = {ATTRIBUTES = (); }; }; - 05A83C380AAF591100906F28 /* SecKeychainItemExtendedAttributes.h in Headers */ = {isa = PBXBuildFile; fileRef = 05A83C360AAF591100906F28 /* SecKeychainItemExtendedAttributes.h */; settings = {ATTRIBUTES = (); }; }; - 05A83C800AAF5CEA00906F28 /* ExtendedAttribute.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 05A83C7E0AAF5CEA00906F28 /* ExtendedAttribute.cpp */; }; - 05A83C880AAF5E0A00906F28 /* SecKeychainItemExtendedAttributes.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 05A83C870AAF5E0A00906F28 /* SecKeychainItemExtendedAttributes.cpp */; }; - 05AE95490AA748570076501C /* SecImportExportOpenSSH.h in Headers */ = {isa = PBXBuildFile; fileRef = 05AE95470AA748570076501C /* SecImportExportOpenSSH.h */; }; - 05AE954A0AA748580076501C /* SecImportExportOpenSSH.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 05AE95480AA748570076501C /* SecImportExportOpenSSH.cpp */; }; - 05FB016805E54A3A00A5194C /* SecNetscapeTemplates.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 05FB016605E54A3A00A5194C /* SecNetscapeTemplates.cpp */; }; - 05FB016905E54A3A00A5194C /* SecNetscapeTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = 05FB016705E54A3A00A5194C /* SecNetscapeTemplates.h */; }; - 0CBD509A16C3246D00713B6C /* kc-40-seckey.m in Sources */ = {isa = PBXBuildFile; fileRef = 0CBD509816C3246D00713B6C /* kc-40-seckey.m */; }; - 0CBD509B16C3246D00713B6C /* kc-41-sececkey.m in Sources */ = {isa = PBXBuildFile; fileRef = 0CBD509916C3246D00713B6C /* kc-41-sececkey.m */; }; - 182BB5CD146FF72B000BF1F3 /* libDER.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 5297A731112CB13800EAA0C0 /* libDER.a */; }; - 188BB546171DD8B5009D22CE /* si-33-keychain-backup.c in Sources */ = {isa = PBXBuildFile; fileRef = 188BB53F171DD774009D22CE /* si-33-keychain-backup.c */; }; - 1B11967B062F4C1800F3B659 /* SecKeychainSearchPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 1B11967A062F4C1800F3B659 /* SecKeychainSearchPriv.h */; settings = {ATTRIBUTES = (); }; }; - 30E17F5B062B0A25004208EB /* SecIdentitySearchPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 30E17F5A062B0A25004208EB /* SecIdentitySearchPriv.h */; settings = {ATTRIBUTES = (); }; }; - 3A353D7D1CC50583000446F4 /* TokenLogin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 3A353D7B1CC50583000446F4 /* TokenLogin.cpp */; }; - 3A353D7E1CC50583000446F4 /* TokenLogin.h in Headers */ = {isa = PBXBuildFile; fileRef = 3A353D7C1CC50583000446F4 /* TokenLogin.h */; }; - 407AC2C0066661620030E07D /* SecPassword.h in Headers */ = {isa = PBXBuildFile; fileRef = 407AC2BE066661620030E07D /* SecPassword.h */; settings = {ATTRIBUTES = (); }; }; - 407AC2C1066661620030E07D /* SecPassword.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 407AC2BF066661620030E07D /* SecPassword.cpp */; }; - 407AC2C5066798420030E07D /* Password.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 407AC2C3066798420030E07D /* Password.cpp */; }; - 4885CFF811C8182D0093ECF6 /* SecRecoveryPassword.c in Sources */ = {isa = PBXBuildFile; fileRef = 4885CFF611C8182D0093ECF6 /* SecRecoveryPassword.c */; }; - 4885CFF911C8182D0093ECF6 /* SecRecoveryPassword.h in Headers */ = {isa = PBXBuildFile; fileRef = 4885CFF711C8182D0093ECF6 /* SecRecoveryPassword.h */; settings = {ATTRIBUTES = (); }; }; - 489C4FCC1202547600A8C58A /* SecRandom.h in Headers */ = {isa = PBXBuildFile; fileRef = 489C4FCB1202547600A8C58A /* SecRandom.h */; settings = {ATTRIBUTES = (); }; }; - 48E66AE3120254D700E878AD /* SecRandom.c in Sources */ = {isa = PBXBuildFile; fileRef = 48E66AE2120254D700E878AD /* SecRandom.c */; }; - 48E66AE5120254FC00E878AD /* SecRandomP.h in Headers */ = {isa = PBXBuildFile; fileRef = 48E66AE4120254FC00E878AD /* SecRandomP.h */; settings = {ATTRIBUTES = (); }; }; - 4C21181B058A75B000014C42 /* SecBase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C21181A058A75B000014C42 /* SecBase.cpp */; }; - 4C5719DB12FB5F6800B31F85 /* main.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C5719D812FB5F6800B31F85 /* main.c */; }; - 4C86848C058A59430072F261 /* MacOSErrorStrings.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C868429058A55A10072F261 /* MacOSErrorStrings.h */; settings = {ATTRIBUTES = (); }; }; - 4CF00661058A51180060AF78 /* SecBasePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF00660058A51180060AF78 /* SecBasePriv.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F5E0581376700834D11 /* SecKeychain.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2B8E052E099D006D0211 /* SecKeychain.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F5F0581376700834D11 /* SecKeychainSearch.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2B96052E099D006D0211 /* SecKeychainSearch.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F600581376700834D11 /* SecPolicySearch.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2B9C052E099D006D0211 /* SecPolicySearch.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F610581376700834D11 /* SecTrust.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2BA0052E099D006D0211 /* SecTrust.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F620581376700834D11 /* SecKey.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2B8C052E099D006D0211 /* SecKey.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F630581376700834D11 /* SecKeychainItem.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2B94052E099D006D0211 /* SecKeychainItem.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F640581376700834D11 /* Security.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2BA5052E099D006D0211 /* Security.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F650581376700834D11 /* SecAccess.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2B75052E099D006D0211 /* SecAccess.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F660581376700834D11 /* SecPolicy.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2B99052E099D006D0211 /* SecPolicy.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F670581376700834D11 /* SecIdentitySearch.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2B8A052E099D006D0211 /* SecIdentitySearch.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F680581376700834D11 /* SecACL.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2B78052E099D006D0211 /* SecACL.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F690581376700834D11 /* SecCertificate.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2B7C052E099D006D0211 /* SecCertificate.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F6A0581376700834D11 /* SecBase.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2B79052E099D006D0211 /* SecBase.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F6B0581376700834D11 /* SecTrustedApplication.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2BA2052E099D006D0211 /* SecTrustedApplication.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F6C0581376700834D11 /* SecIdentity.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2B87052E099D006D0211 /* SecIdentity.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F6E0581377300834D11 /* SecPolicyPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2B9A052E099D006D0211 /* SecPolicyPriv.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F6F0581377300834D11 /* SecKeychainItemPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = C4A397FA053B21F9000E1B34 /* SecKeychainItemPriv.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F700581377300834D11 /* SecTrustPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2BA4052E099D006D0211 /* SecTrustPriv.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F710581377300834D11 /* SecCertificateRequest.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2B81052E099D006D0211 /* SecCertificateRequest.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F720581377300834D11 /* SecAccessPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2B76052E099D006D0211 /* SecAccessPriv.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F730581377300834D11 /* SecKeychainPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = C4A397A1053B1D50000E1B34 /* SecKeychainPriv.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F740581377300834D11 /* SecIdentityPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2B88052E099D006D0211 /* SecIdentityPriv.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F750581377300834D11 /* SecTrustedApplicationPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2BA3052E099D006D0211 /* SecTrustedApplicationPriv.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F760581377300834D11 /* SecCertificatePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2B7F052E099D006D0211 /* SecCertificatePriv.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F780581377300834D11 /* SecKeyPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2B97052E099D006D0211 /* SecKeyPriv.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F790581377300834D11 /* SecCertificateBundle.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AA2B7E052E099D006D0211 /* SecCertificateBundle.h */; settings = {ATTRIBUTES = (); }; }; - 4CFDC28506CD9C6A007BEE7E /* DynamicDLDBList.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CFDC28306CD9C6A007BEE7E /* DynamicDLDBList.cpp */; }; - 52008C6411496BD200E8CA78 /* SecCertificateInternalP.h in Headers */ = {isa = PBXBuildFile; fileRef = 52008C6311496BD200E8CA78 /* SecCertificateInternalP.h */; settings = {ATTRIBUTES = (); }; }; - 521DC57F1125FEE300937BF2 /* SecCertificateP.c in Sources */ = {isa = PBXBuildFile; fileRef = 521DC57D1125FEE300937BF2 /* SecCertificateP.c */; }; - 521DC5801125FEE300937BF2 /* SecCertificateP.h in Headers */ = {isa = PBXBuildFile; fileRef = 521DC57E1125FEE300937BF2 /* SecCertificateP.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 52200F8B14F2B87F00F7F6E7 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = AA31456E134B716B00133245 /* CoreFoundation.framework */; }; - 5261C28A112F0D570047EF8B /* SecFrameworkP.c in Sources */ = {isa = PBXBuildFile; fileRef = 5261C289112F0D570047EF8B /* SecFrameworkP.c */; }; - 5261C310112F1C560047EF8B /* SecBase64P.c in Sources */ = {isa = PBXBuildFile; fileRef = 5261C30F112F1C560047EF8B /* SecBase64P.c */; }; - 52B609D914F55B6800134209 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 52B609D814F55B6800134209 /* Foundation.framework */; }; - 52B609E314F55BFA00134209 /* timestampclient.m in Sources */ = {isa = PBXBuildFile; fileRef = 52B609E214F55BFA00134209 /* timestampclient.m */; }; - 52B60A0714F5CA9600134209 /* main-tsa.m in Sources */ = {isa = PBXBuildFile; fileRef = 52B60A0614F5CA9500134209 /* main-tsa.m */; }; - 52B88DFB11DD0D2D005BCA6B /* SecFDERecoveryAsymmetricCrypto.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 52B88DF911DD0D2D005BCA6B /* SecFDERecoveryAsymmetricCrypto.cpp */; }; - 52B88DFC11DD0D2D005BCA6B /* SecFDERecoveryAsymmetricCrypto.h in Headers */ = {isa = PBXBuildFile; fileRef = 52B88DFA11DD0D2D005BCA6B /* SecFDERecoveryAsymmetricCrypto.h */; settings = {ATTRIBUTES = (); }; }; - 52BA735D112231C70012875E /* CertificateValues.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 52BA735B112231C70012875E /* CertificateValues.cpp */; }; - 52BA735E112231C70012875E /* CertificateValues.h in Headers */ = {isa = PBXBuildFile; fileRef = 52BA735C112231C70012875E /* CertificateValues.h */; }; - 52C23EF81135AE5100E079D2 /* SecCertificatePrivP.h in Headers */ = {isa = PBXBuildFile; fileRef = 52C23EF71135AE5100E079D2 /* SecCertificatePrivP.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 52E950CD1509B47000DA6511 /* tsaDERUtilities.c in Sources */ = {isa = PBXBuildFile; fileRef = 52E950CC1509B47000DA6511 /* tsaDERUtilities.c */; }; - 52E950D61509B48D00DA6511 /* tsaDERUtilities.h in Headers */ = {isa = PBXBuildFile; fileRef = 52E950D51509B48D00DA6511 /* tsaDERUtilities.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 52FB44A91146D769006D3B0A /* SecCertificateOIDs.h in Headers */ = {isa = PBXBuildFile; fileRef = 52FB44A81146D769006D3B0A /* SecCertificateOIDs.h */; settings = {ATTRIBUTES = (); }; }; - 87701A8E1C4B91E300CB437B /* kc-43-seckey-interop.m in Sources */ = {isa = PBXBuildFile; fileRef = 87701A841C4B91D000CB437B /* kc-43-seckey-interop.m */; }; - AA31456F134B716B00133245 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = AA31456E134B716B00133245 /* CoreFoundation.framework */; }; - AC9ADAD3199AD6BA00BDAF54 /* kc-42-trust-revocation.c in Sources */ = {isa = PBXBuildFile; fileRef = AC9ADAD2199AD6BA00BDAF54 /* kc-42-trust-revocation.c */; }; - BE296DBF0EAC299C00FD22BE /* SecImportExport.c in Sources */ = {isa = PBXBuildFile; fileRef = BE296DBE0EAC299C00FD22BE /* SecImportExport.c */; }; - BE296DC50EAC2B5600FD22BE /* SecInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = BE296DC40EAC2B5600FD22BE /* SecInternal.h */; }; - BE50AE670F687AB900D28C54 /* TrustAdditions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BE50AE650F687AB900D28C54 /* TrustAdditions.cpp */; }; - BE50AE680F687AB900D28C54 /* TrustAdditions.h in Headers */ = {isa = PBXBuildFile; fileRef = BE50AE660F687AB900D28C54 /* TrustAdditions.h */; }; - BEA830070EB17344001CA937 /* SecItemConstants.c in Sources */ = {isa = PBXBuildFile; fileRef = BEE897100A62CDD800BF88A5 /* SecItemConstants.c */; }; - BECE5141106B056C0091E644 /* TrustKeychains.h in Headers */ = {isa = PBXBuildFile; fileRef = BECE5140106B056C0091E644 /* TrustKeychains.h */; settings = {ATTRIBUTES = (); }; }; - BED2BCA21B96217B006CF43A /* si-20-sectrust-provisioning.c in Sources */ = {isa = PBXBuildFile; fileRef = BED2BCA11B96217B006CF43A /* si-20-sectrust-provisioning.c */; }; - BEE896E20A61F0BB00BF88A5 /* SecItem.h in Headers */ = {isa = PBXBuildFile; fileRef = BEE896E00A61F0BB00BF88A5 /* SecItem.h */; settings = {ATTRIBUTES = (); }; }; - BEE896E30A61F0BB00BF88A5 /* SecItemPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = BEE896E10A61F0BB00BF88A5 /* SecItemPriv.h */; settings = {ATTRIBUTES = (); }; }; - BEE896E70A61F12300BF88A5 /* SecItem.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BEE896E60A61F12300BF88A5 /* SecItem.cpp */; }; - C26BA9FF072580AE0049AF3C /* UnlockReferralItem.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C26BA9FE072580AE0049AF3C /* UnlockReferralItem.cpp */; }; - C2AA2BB4052E099D006D0211 /* Access.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B42052E099D006D0211 /* Access.cpp */; }; - C2AA2BB6052E099D006D0211 /* ACL.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B44052E099D006D0211 /* ACL.cpp */; }; - C2AA2BB8052E099D006D0211 /* CCallbackMgr.cp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B46052E099D006D0211 /* CCallbackMgr.cp */; }; - C2AA2BBA052E099D006D0211 /* Certificate.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B48052E099D006D0211 /* Certificate.cpp */; }; - C2AA2BBC052E099D006D0211 /* CertificateRequest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B4A052E099D006D0211 /* CertificateRequest.cpp */; }; - C2AA2BBF052E099D006D0211 /* cssmdatetime.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B4D052E099D006D0211 /* cssmdatetime.cpp */; }; - C2AA2BC1052E099D006D0211 /* DLDBListCFPref.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B4F052E099D006D0211 /* DLDBListCFPref.cpp */; }; - C2AA2BC7052E099D006D0211 /* Globals.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B56052E099D006D0211 /* Globals.cpp */; }; - C2AA2BC9052E099D006D0211 /* Identity.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B58052E099D006D0211 /* Identity.cpp */; }; - C2AA2BCB052E099D006D0211 /* IdentityCursor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B5A052E099D006D0211 /* IdentityCursor.cpp */; }; - C2AA2BCD052E099D006D0211 /* Item.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B5C052E099D006D0211 /* Item.cpp */; }; - C2AA2BCF052E099D006D0211 /* KCCursor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B5E052E099D006D0211 /* KCCursor.cpp */; }; - C2AA2BD8052E099D006D0211 /* Keychains.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B67052E099D006D0211 /* Keychains.cpp */; }; - C2AA2BDA052E099D006D0211 /* KeyItem.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B69052E099D006D0211 /* KeyItem.cpp */; }; - C2AA2BDC052E099D006D0211 /* Policies.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B6B052E099D006D0211 /* Policies.cpp */; }; - C2AA2BDE052E099D006D0211 /* PolicyCursor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B6D052E099D006D0211 /* PolicyCursor.cpp */; }; - C2AA2BE0052E099D006D0211 /* PrimaryKey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B6F052E099D006D0211 /* PrimaryKey.cpp */; }; - C2AA2BE4052E099D006D0211 /* SecAccess.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B74052E099D006D0211 /* SecAccess.cpp */; }; - C2AA2BE7052E099D006D0211 /* SecACL.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B77052E099D006D0211 /* SecACL.cpp */; }; - C2AA2BEB052E099D006D0211 /* SecCertificate.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B7B052E099D006D0211 /* SecCertificate.cpp */; }; - C2AA2BED052E099D006D0211 /* SecCertificateBundle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B7D052E099D006D0211 /* SecCertificateBundle.cpp */; }; - C2AA2BF0052E099D006D0211 /* SecCertificateRequest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B80052E099D006D0211 /* SecCertificateRequest.cpp */; }; - C2AA2BF2052E099D006D0211 /* SecCFTypes.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B82052E099D006D0211 /* SecCFTypes.cpp */; }; - C2AA2BF6052E099D006D0211 /* SecIdentity.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B86052E099D006D0211 /* SecIdentity.cpp */; }; - C2AA2BF9052E099D006D0211 /* SecIdentitySearch.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B89052E099D006D0211 /* SecIdentitySearch.cpp */; }; - C2AA2BFB052E099D006D0211 /* SecKey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B8B052E099D006D0211 /* SecKey.cpp */; }; - C2AA2BFD052E099D006D0211 /* SecKeychain.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B8D052E099D006D0211 /* SecKeychain.cpp */; }; - C2AA2BFF052E099D006D0211 /* SecKeychainAddIToolsPassword.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B8F052E099D006D0211 /* SecKeychainAddIToolsPassword.cpp */; }; - C2AA2C03052E099D006D0211 /* SecKeychainItem.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B93052E099D006D0211 /* SecKeychainItem.cpp */; }; - C2AA2C05052E099D006D0211 /* SecKeychainSearch.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B95052E099D006D0211 /* SecKeychainSearch.cpp */; }; - C2AA2C08052E099D006D0211 /* SecPolicy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B98052E099D006D0211 /* SecPolicy.cpp */; }; - C2AA2C0B052E099D006D0211 /* SecPolicySearch.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B9B052E099D006D0211 /* SecPolicySearch.cpp */; }; - C2AA2C0F052E099D006D0211 /* SecTrust.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2B9F052E099D006D0211 /* SecTrust.cpp */; }; - C2AA2C11052E099D006D0211 /* SecTrustedApplication.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2BA1052E099D006D0211 /* SecTrustedApplication.cpp */; }; - C2AA2C1A052E099D006D0211 /* StorageManager.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2BAA052E099D006D0211 /* StorageManager.cpp */; }; - C2AA2C1C052E099D006D0211 /* Trust.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2BAC052E099D006D0211 /* Trust.cpp */; }; - C2AA2C1E052E099D006D0211 /* TrustedApplication.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2BAE052E099D006D0211 /* TrustedApplication.cpp */; }; - C2AA2C20052E099D006D0211 /* TrustItem.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2BB0052E099D006D0211 /* TrustItem.cpp */; }; - C2AA2C22052E099D006D0211 /* TrustStore.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2BB2052E099D006D0211 /* TrustStore.cpp */; }; - C2FD26380731CEFB0027896A /* defaultcreds.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2FD26370731CEE60027896A /* defaultcreds.cpp */; }; - C429431E053B2F8B00470431 /* KCUtilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C429431C053B2F8B00470431 /* KCUtilities.cpp */; }; - D4486BCF1C65528B0040880D /* SecTrustOSXEntryPoints.cpp in Sources */ = {isa = PBXBuildFile; fileRef = D4486BCD1C65528B0040880D /* SecTrustOSXEntryPoints.cpp */; }; - D45FA39C1C6578CE003DBB97 /* SecTrustOSXEntryPoints.h in Headers */ = {isa = PBXBuildFile; fileRef = D45FA39B1C6578CE003DBB97 /* SecTrustOSXEntryPoints.h */; }; - D4A2FC821BC8A65B00BF6E56 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = D4A2FC811BC8A65B00BF6E56 /* Security.framework */; }; - D6095E960A94F17C0026C68B /* KCEventNotifier.cpp in Sources */ = {isa = PBXBuildFile; fileRef = D6E1457B0A632A5A008AA7E8 /* KCEventNotifier.cpp */; }; - DC196F691CBD70B400A66F4B /* kc-12-key-create-symmetric-and-use.m in Sources */ = {isa = PBXBuildFile; fileRef = DC7EFCA61CBD6ADC005F9624 /* kc-12-key-create-symmetric-and-use.m */; }; - DC196F6A1CBD70C100A66F4B /* kc-12-key-create-symmetric.c in Sources */ = {isa = PBXBuildFile; fileRef = DC7EFCA71CBD6ADC005F9624 /* kc-12-key-create-symmetric.c */; }; - DC196F6D1CBD77CD00A66F4B /* kc-15-key-update-valueref.c in Sources */ = {isa = PBXBuildFile; fileRef = DC196F6B1CBD77C300A66F4B /* kc-15-key-update-valueref.c */; }; - DC19708A1CBEC2FA00A66F4B /* kc-15-item-update-label-skimaad.m in Sources */ = {isa = PBXBuildFile; fileRef = DC1970801CBEC2EE00A66F4B /* kc-15-item-update-label-skimaad.m */; }; - DC19708D1CBEE43E00A66F4B /* kc-16-item-update-password.c in Sources */ = {isa = PBXBuildFile; fileRef = DC19708B1CBEE43600A66F4B /* kc-16-item-update-password.c */; }; - DC247FDB1CBF22AD00527D67 /* kc-27-key-non-extractable.c in Sources */ = {isa = PBXBuildFile; fileRef = DC247FD91CBF1FF800527D67 /* kc-27-key-non-extractable.c */; }; - DC2480511CC1B58B00527D67 /* kc-21-item-use-callback.c in Sources */ = {isa = PBXBuildFile; fileRef = DC2480471CC1B58200527D67 /* kc-21-item-use-callback.c */; }; - DC336B3C1D246E4C00D24F15 /* kc-20-identity-find-stress.c in Sources */ = {isa = PBXBuildFile; fileRef = DC336B3B1D246E4C00D24F15 /* kc-20-identity-find-stress.c */; }; - DC3C16001BAB76B50041A23A /* kc-30-xara.c in Sources */ = {isa = PBXBuildFile; fileRef = DC3C15F81BAB6FE20041A23A /* kc-30-xara.c */; }; - DC6B46641C90EE1200D899C6 /* kc-01-keychain-creation.c in Sources */ = {isa = PBXBuildFile; fileRef = DC6B46421C90E36900D899C6 /* kc-01-keychain-creation.c */; }; - DC6B46651C90EE1200D899C6 /* kc-02-unlock-noui.c in Sources */ = {isa = PBXBuildFile; fileRef = DC6B46431C90E36900D899C6 /* kc-02-unlock-noui.c */; }; - DC6B46661C90EE1A00D899C6 /* kc-03-status.c in Sources */ = {isa = PBXBuildFile; fileRef = DC6B46441C90E36900D899C6 /* kc-03-status.c */; }; - DC6B46671C90EE1A00D899C6 /* kc-10-item-add-generic.c in Sources */ = {isa = PBXBuildFile; fileRef = DC6B46451C90E36900D899C6 /* kc-10-item-add-generic.c */; }; - DC6B46681C90EE1A00D899C6 /* kc-10-item-add-certificate.c in Sources */ = {isa = PBXBuildFile; fileRef = DC6B46461C90E36900D899C6 /* kc-10-item-add-certificate.c */; }; - DC6B46691C90EE1A00D899C6 /* kc-12-item-create-keypair.c in Sources */ = {isa = PBXBuildFile; fileRef = DC6B46471C90E36900D899C6 /* kc-12-item-create-keypair.c */; }; - DC6B466A1C90EE1A00D899C6 /* kc-10-item-add-internet.c in Sources */ = {isa = PBXBuildFile; fileRef = DC6B46481C90E36900D899C6 /* kc-10-item-add-internet.c */; }; - DC6B466B1C90EE1A00D899C6 /* kc-19-item-copy-internet.c in Sources */ = {isa = PBXBuildFile; fileRef = DC6B46491C90E36900D899C6 /* kc-19-item-copy-internet.c */; }; - DC6B466C1C90EE1A00D899C6 /* kc-21-item-use-callback.c in Sources */ = {isa = PBXBuildFile; fileRef = DC6B464A1C90E36900D899C6 /* kc-21-item-use-callback.c */; }; - DC6B466E1C90EE1A00D899C6 /* kc-04-is-valid.c in Sources */ = {isa = PBXBuildFile; fileRef = DC6B464E1C90E36900D899C6 /* kc-04-is-valid.c */; }; - DC6B466F1C90EE1A00D899C6 /* kc-18-find-combined.c in Sources */ = {isa = PBXBuildFile; fileRef = DC6B464F1C90E36900D899C6 /* kc-18-find-combined.c */; }; - DC7EFBA91CBC4448005F9624 /* kc-06-cert-search-email.m in Sources */ = {isa = PBXBuildFile; fileRef = DC7EFBA71CBC4443005F9624 /* kc-06-cert-search-email.m */; }; - DC840D871CBEF5CB0083F55C /* kc-20-identity-persistent-refs.c in Sources */ = {isa = PBXBuildFile; fileRef = DC19708E1CBEF00F00A66F4B /* kc-20-identity-persistent-refs.c */; }; - DC840D8A1CBEFC6A0083F55C /* kc-20-identity-key-attributes.c in Sources */ = {isa = PBXBuildFile; fileRef = DC840D881CBEFC640083F55C /* kc-20-identity-key-attributes.c */; }; - DC840D8E1CBF13C00083F55C /* kc-23-key-export-symmetric.m in Sources */ = {isa = PBXBuildFile; fileRef = DC840D8C1CBF121F0083F55C /* kc-23-key-export-symmetric.m */; }; - DC840D911CBF17AF0083F55C /* kc-26-key-import-public.m in Sources */ = {isa = PBXBuildFile; fileRef = DC840D8F1CBF179C0083F55C /* kc-26-key-import-public.m */; }; - DC9642751D25F4650073E0C5 /* kc-20-item-find-stress.c in Sources */ = {isa = PBXBuildFile; fileRef = DC9642741D25F4650073E0C5 /* kc-20-item-find-stress.c */; }; - DC9642771D25F5DD0073E0C5 /* kc-20-key-find-stress.c in Sources */ = {isa = PBXBuildFile; fileRef = DC9642761D25F5DD0073E0C5 /* kc-20-key-find-stress.c */; }; - DC9A61A21CCA9279002793D6 /* kc-03-keychain-list.c in Sources */ = {isa = PBXBuildFile; fileRef = DC9A61A01CCA9273002793D6 /* kc-03-keychain-list.c */; }; - DC9A61AF1CCAA4CF002793D6 /* kc-24-key-copy-keychains.c in Sources */ = {isa = PBXBuildFile; fileRef = DC9A61A51CCAA0A1002793D6 /* kc-24-key-copy-keychains.c */; }; - DC9A61B21CCAAE05002793D6 /* kc-28-cert-sign.c in Sources */ = {isa = PBXBuildFile; fileRef = DC9A61B01CCAA91F002793D6 /* kc-28-cert-sign.c */; }; - DC9A61B51CCABD1F002793D6 /* kc-21-item-xattrs.c in Sources */ = {isa = PBXBuildFile; fileRef = DC9A61B31CCABD18002793D6 /* kc-21-item-xattrs.c */; }; - DCA424031CB81EF20095B7DF /* kc-05-find-existing-items.c in Sources */ = {isa = PBXBuildFile; fileRef = DCA424021CB81EF20095B7DF /* kc-05-find-existing-items.c */; }; - DCBD63151CC86028008C27FC /* kc-28-p12-import.m in Sources */ = {isa = PBXBuildFile; fileRef = DCBD630B1CC86020008C27FC /* kc-28-p12-import.m */; }; - DCD20F421BCDA8260046D8EB /* kc-30-xara-upgrade-helpers.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD20F411BCDA8260046D8EB /* kc-30-xara-upgrade-helpers.h */; }; - DCE537591D2EE36800A12A95 /* kc-05-find-existing-items-locked.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE537581D2EE36800A12A95 /* kc-05-find-existing-items-locked.c */; }; - F92321381ACF69EE00634C21 /* si-34-one-true-keychain.c in Sources */ = {isa = PBXBuildFile; fileRef = F92321371ACF69EE00634C21 /* si-34-one-true-keychain.c */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 182BB311146F0AE6000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 182BB30C146F0AE6000BF1F3 /* libsecurity_utilities.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA2A53A0523D32800978A7B; - remoteInfo = libsecurity_utilities; - }; - 521FBA8B112CB465002BEF54 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 5297A586112B78BB00EAA0C0 /* libDER.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 053BA313091C00BF00A7007A; - remoteInfo = libDER; - }; - 5297A730112CB13800EAA0C0 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 5297A586112B78BB00EAA0C0 /* libDER.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 053BA314091C00BF00A7007A; - remoteInfo = libDER; - }; - 5297A732112CB13800EAA0C0 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 5297A586112B78BB00EAA0C0 /* libDER.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 053BA445091FE58C00A7007A; - remoteInfo = parseCert; - }; - 5297A734112CB13800EAA0C0 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 5297A586112B78BB00EAA0C0 /* libDER.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 053BA46B091FE63E00A7007A; - remoteInfo = libDERUtils; - }; - 5297A736112CB13800EAA0C0 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 5297A586112B78BB00EAA0C0 /* libDER.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 058F16540925135E009FA1C5; - remoteInfo = parseCrl; - }; - 52FB45D411471AD0006D3B0A /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 5297A586112B78BB00EAA0C0 /* libDER.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4C96C8CE113F4132005483E8; - remoteInfo = parseTicket; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXFileReference section */ - 05012D45060B94A000C044CB /* SecImportExportCrypto.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecImportExportCrypto.cpp; sourceTree = ""; }; - 05012D49060B94B200C044CB /* SecImportExportCrypto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecImportExportCrypto.h; sourceTree = ""; }; - 051A034705D9A68C00E02A64 /* SecImportExportAgg.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecImportExportAgg.cpp; sourceTree = ""; }; - 051A034F05D9A69900E02A64 /* SecImportExportAgg.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecImportExportAgg.h; sourceTree = ""; }; - 051A053205DAC86400E02A64 /* SecImportExportPem.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecImportExportPem.cpp; sourceTree = ""; }; - 052AF722060A3472003FEB8D /* SecWrappedKeys.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecWrappedKeys.cpp; sourceTree = ""; }; - 054F90AD05E2860E0013C1D1 /* SecImportExportUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecImportExportUtils.cpp; sourceTree = ""; }; - 054F90AF05E286180013C1D1 /* SecImportExportUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = SecImportExportUtils.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - 055EA6B006AC5C13005079CE /* TrustRevocation.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TrustRevocation.cpp; sourceTree = ""; }; - 056CDA3805FD573B00820BC3 /* SecImportExportPkcs8.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecImportExportPkcs8.cpp; sourceTree = ""; }; - 056CDA5C05FD5AEB00820BC3 /* SecPkcs8Templates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecPkcs8Templates.h; sourceTree = ""; }; - 056CDA6405FD5B3400820BC3 /* SecPkcs8Templates.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecPkcs8Templates.cpp; sourceTree = ""; }; - 056CDA8D05FD63C200820BC3 /* SecImportExportPkcs8.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecImportExportPkcs8.h; sourceTree = ""; }; - 058AA95805D93B4300F543ED /* SecExport.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecExport.cpp; sourceTree = ""; }; - 058AA95905D93B4300F543ED /* SecImportExport.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecImportExport.h; sourceTree = ""; }; - 058AA96B05D93CDD00F543ED /* SecImport.cpp */ = {isa = PBXFileReference; explicitFileType = sourcecode.cpp.cpp; fileEncoding = 30; path = SecImport.cpp; sourceTree = ""; }; - 058AA9C905D96FD200F543ED /* SecExternalRep.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecExternalRep.h; sourceTree = ""; }; - 058AA9CD05D96FE600F543ED /* SecExternalRep.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecExternalRep.cpp; sourceTree = ""; }; - 058AAA9105D97EAE00F543ED /* SecImportExportPem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecImportExportPem.h; sourceTree = ""; }; - 058C796F09F56CCB00DB7E98 /* SecTrustSettings.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecTrustSettings.h; sourceTree = ""; }; - 058C797009F56CCB00DB7E98 /* SecTrustSettingsPriv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecTrustSettingsPriv.h; sourceTree = ""; }; - 058C797509F56CFB00DB7E98 /* SecTrustSettings.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SecTrustSettings.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 058C797709F56D1400DB7E98 /* TrustSettings.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = TrustSettings.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 058C797809F56D1400DB7E98 /* TrustSettings.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = TrustSettings.h; sourceTree = ""; }; - 058C797909F56D1400DB7E98 /* TrustSettingsSchema.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = TrustSettingsSchema.h; sourceTree = ""; }; - 058C797A09F56D1400DB7E98 /* TrustSettingsUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = TrustSettingsUtils.cpp; sourceTree = ""; }; - 058C797B09F56D1400DB7E98 /* TrustSettingsUtils.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = TrustSettingsUtils.h; sourceTree = ""; }; - 05A83C360AAF591100906F28 /* SecKeychainItemExtendedAttributes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecKeychainItemExtendedAttributes.h; sourceTree = ""; }; - 05A83C7D0AAF5CEA00906F28 /* ExtendedAttribute.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ExtendedAttribute.h; sourceTree = ""; }; - 05A83C7E0AAF5CEA00906F28 /* ExtendedAttribute.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ExtendedAttribute.cpp; sourceTree = ""; }; - 05A83C870AAF5E0A00906F28 /* SecKeychainItemExtendedAttributes.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecKeychainItemExtendedAttributes.cpp; sourceTree = ""; }; - 05AE95470AA748570076501C /* SecImportExportOpenSSH.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecImportExportOpenSSH.h; sourceTree = ""; }; - 05AE95480AA748570076501C /* SecImportExportOpenSSH.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecImportExportOpenSSH.cpp; sourceTree = ""; }; - 05FB016605E54A3A00A5194C /* SecNetscapeTemplates.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecNetscapeTemplates.cpp; sourceTree = ""; }; - 05FB016705E54A3A00A5194C /* SecNetscapeTemplates.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecNetscapeTemplates.h; sourceTree = ""; }; - 0CBD509716C3242200713B6C /* libsecurity_keychain_regressions.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_keychain_regressions.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 0CBD509816C3246D00713B6C /* kc-40-seckey.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "kc-40-seckey.m"; path = "regressions/kc-40-seckey.m"; sourceTree = ""; }; - 0CBD509916C3246D00713B6C /* kc-41-sececkey.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "kc-41-sececkey.m"; path = "regressions/kc-41-sececkey.m"; sourceTree = ""; }; - 0CBD509C16C324B100713B6C /* keychain_regressions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = keychain_regressions.h; path = regressions/keychain_regressions.h; sourceTree = ""; }; - 182BB224146F063C000BF1F3 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 182BB225146F063C000BF1F3 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 182BB226146F063C000BF1F3 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 182BB227146F063C000BF1F3 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 182BB30C146F0AE6000BF1F3 /* libsecurity_utilities.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_utilities.xcodeproj; path = ../libsecurity_utilities/libsecurity_utilities.xcodeproj; sourceTree = ""; }; - 188BB53F171DD774009D22CE /* si-33-keychain-backup.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; name = "si-33-keychain-backup.c"; path = "regressions/si-33-keychain-backup.c"; sourceTree = ""; }; - 1B11967A062F4C1800F3B659 /* SecKeychainSearchPriv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecKeychainSearchPriv.h; sourceTree = ""; }; - 30E17F5A062B0A25004208EB /* SecIdentitySearchPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecIdentitySearchPriv.h; path = lib/SecIdentitySearchPriv.h; sourceTree = SOURCE_ROOT; }; - 3A353D7B1CC50583000446F4 /* TokenLogin.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = TokenLogin.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 3A353D7C1CC50583000446F4 /* TokenLogin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TokenLogin.h; sourceTree = ""; }; - 407AC2BE066661620030E07D /* SecPassword.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecPassword.h; sourceTree = ""; }; - 407AC2BF066661620030E07D /* SecPassword.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SecPassword.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 407AC2C2066798420030E07D /* Password.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Password.h; sourceTree = ""; }; - 407AC2C3066798420030E07D /* Password.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Password.cpp; sourceTree = ""; }; - 4885CFF611C8182D0093ECF6 /* SecRecoveryPassword.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecRecoveryPassword.c; sourceTree = ""; }; - 4885CFF711C8182D0093ECF6 /* SecRecoveryPassword.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecRecoveryPassword.h; sourceTree = ""; }; - 489C4FCB1202547600A8C58A /* SecRandom.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecRandom.h; sourceTree = ""; }; - 48E66AE2120254D700E878AD /* SecRandom.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecRandom.c; sourceTree = ""; }; - 48E66AE4120254FC00E878AD /* SecRandomP.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecRandomP.h; sourceTree = ""; }; - 4C21181A058A75B000014C42 /* SecBase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecBase.cpp; sourceTree = ""; }; - 4C5719C812FB5E9E00B31F85 /* XPCKeychainSandboxCheck.xpc */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = XPCKeychainSandboxCheck.xpc; sourceTree = BUILT_PRODUCTS_DIR; }; - 4C5719CA12FB5E9E00B31F85 /* XPCKeychainSandboxCheck-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = "XPCKeychainSandboxCheck-Info.plist"; path = "xpc/XPCKeychainSandboxCheck-Info.plist"; sourceTree = ""; }; - 4C5719D812FB5F6800B31F85 /* main.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = main.c; path = xpc/main.c; sourceTree = ""; }; - 4C868429058A55A10072F261 /* MacOSErrorStrings.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MacOSErrorStrings.h; sourceTree = ""; }; - 4CA1FEBE052A3C8100F22E42 /* libsecurity_keychain.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_keychain.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CCB00430580089000981D43 /* security_keychain.exp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.exports; path = security_keychain.exp; sourceTree = ""; }; - 4CF00660058A51180060AF78 /* SecBasePriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecBasePriv.h; sourceTree = ""; }; - 4CFDC28306CD9C6A007BEE7E /* DynamicDLDBList.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = DynamicDLDBList.cpp; sourceTree = ""; }; - 4CFDC28406CD9C6A007BEE7E /* DynamicDLDBList.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DynamicDLDBList.h; sourceTree = ""; }; - 52008C6311496BD200E8CA78 /* SecCertificateInternalP.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCertificateInternalP.h; sourceTree = ""; }; - 521DC57D1125FEE300937BF2 /* SecCertificateP.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = SecCertificateP.c; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.c; }; - 521DC57E1125FEE300937BF2 /* SecCertificateP.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCertificateP.h; sourceTree = ""; }; - 52200F8F14F2B88000F7F6E7 /* XPCTimeStampingService.xpc */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = XPCTimeStampingService.xpc; sourceTree = BUILT_PRODUCTS_DIR; }; - 52200F9B14F2B93700F7F6E7 /* XPCTimeStampingService-Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "XPCTimeStampingService-Info.plist"; sourceTree = ""; }; - 5261C289112F0D570047EF8B /* SecFrameworkP.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecFrameworkP.c; sourceTree = ""; }; - 5261C30F112F1C560047EF8B /* SecBase64P.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecBase64P.c; sourceTree = ""; }; - 527067DB070246B300C5D30E /* iToolsTrustedApps.plist */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.plist.xml; name = iToolsTrustedApps.plist; path = plist/iToolsTrustedApps.plist; sourceTree = SOURCE_ROOT; }; - 5297A586112B78BB00EAA0C0 /* libDER.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libDER.xcodeproj; path = libDER/libDER.xcodeproj; sourceTree = ""; }; - 52B609D814F55B6800134209 /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = ../../../../../../../System/Library/Frameworks/Foundation.framework; sourceTree = ""; }; - 52B609E114F55BFA00134209 /* timestampclient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = timestampclient.h; sourceTree = ""; }; - 52B609E214F55BFA00134209 /* timestampclient.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = timestampclient.m; sourceTree = ""; }; - 52B60A0614F5CA9500134209 /* main-tsa.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "main-tsa.m"; sourceTree = ""; }; - 52B88DF911DD0D2D005BCA6B /* SecFDERecoveryAsymmetricCrypto.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecFDERecoveryAsymmetricCrypto.cpp; sourceTree = ""; }; - 52B88DFA11DD0D2D005BCA6B /* SecFDERecoveryAsymmetricCrypto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecFDERecoveryAsymmetricCrypto.h; sourceTree = ""; }; - 52BA735B112231C70012875E /* CertificateValues.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CertificateValues.cpp; sourceTree = ""; }; - 52BA735C112231C70012875E /* CertificateValues.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CertificateValues.h; sourceTree = ""; }; - 52C23EF71135AE5100E079D2 /* SecCertificatePrivP.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCertificatePrivP.h; sourceTree = ""; }; - 52E950CC1509B47000DA6511 /* tsaDERUtilities.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = tsaDERUtilities.c; sourceTree = ""; }; - 52E950D51509B48D00DA6511 /* tsaDERUtilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tsaDERUtilities.h; sourceTree = ""; }; - 52FB44A81146D769006D3B0A /* SecCertificateOIDs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCertificateOIDs.h; sourceTree = ""; }; - 87701A841C4B91D000CB437B /* kc-43-seckey-interop.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "kc-43-seckey-interop.m"; path = "regressions/kc-43-seckey-interop.m"; sourceTree = ""; }; - AA31456E134B716B00133245 /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = /System/Library/Frameworks/CoreFoundation.framework; sourceTree = ""; }; - AC9ADAD2199AD6BA00BDAF54 /* kc-42-trust-revocation.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-42-trust-revocation.c"; path = "regressions/kc-42-trust-revocation.c"; sourceTree = ""; }; - BE0FAED51B967FB30017DAC9 /* si-20-sectrust-provisioning.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = "si-20-sectrust-provisioning.h"; path = "regressions/si-20-sectrust-provisioning.h"; sourceTree = ""; }; - BE296DBE0EAC299C00FD22BE /* SecImportExport.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecImportExport.c; sourceTree = ""; }; - BE296DC40EAC2B5600FD22BE /* SecInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecInternal.h; sourceTree = ""; }; - BE50AE650F687AB900D28C54 /* TrustAdditions.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = TrustAdditions.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - BE50AE660F687AB900D28C54 /* TrustAdditions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TrustAdditions.h; sourceTree = ""; }; - BECE5140106B056C0091E644 /* TrustKeychains.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TrustKeychains.h; sourceTree = ""; }; - BED2BCA11B96217B006CF43A /* si-20-sectrust-provisioning.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "si-20-sectrust-provisioning.c"; path = "regressions/si-20-sectrust-provisioning.c"; sourceTree = ""; }; - BEE896E00A61F0BB00BF88A5 /* SecItem.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecItem.h; sourceTree = ""; }; - BEE896E10A61F0BB00BF88A5 /* SecItemPriv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecItemPriv.h; sourceTree = ""; }; - BEE896E60A61F12300BF88A5 /* SecItem.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecItem.cpp; sourceTree = ""; usesTabs = 1; }; - BEE897100A62CDD800BF88A5 /* SecItemConstants.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = SecItemConstants.c; sourceTree = ""; }; - C26BA9FE072580AE0049AF3C /* UnlockReferralItem.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; name = UnlockReferralItem.cpp; path = lib/UnlockReferralItem.cpp; sourceTree = SOURCE_ROOT; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2975B9B072580DC00AFECAD /* UnlockReferralItem.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = UnlockReferralItem.h; path = lib/UnlockReferralItem.h; sourceTree = SOURCE_ROOT; }; - C2AA2B42052E099D006D0211 /* Access.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = Access.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2AA2B43052E099D006D0211 /* Access.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = Access.h; sourceTree = ""; }; - C2AA2B44052E099D006D0211 /* ACL.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = ACL.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2AA2B45052E099D006D0211 /* ACL.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ACL.h; sourceTree = ""; }; - C2AA2B46052E099D006D0211 /* CCallbackMgr.cp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CCallbackMgr.cp; sourceTree = ""; }; - C2AA2B47052E099D006D0211 /* CCallbackMgr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CCallbackMgr.h; sourceTree = ""; }; - C2AA2B48052E099D006D0211 /* Certificate.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = Certificate.cpp; sourceTree = ""; }; - C2AA2B49052E099D006D0211 /* Certificate.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = Certificate.h; sourceTree = ""; }; - C2AA2B4A052E099D006D0211 /* CertificateRequest.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = CertificateRequest.cpp; sourceTree = ""; }; - C2AA2B4B052E099D006D0211 /* CertificateRequest.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CertificateRequest.h; sourceTree = ""; }; - C2AA2B4D052E099D006D0211 /* cssmdatetime.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cssmdatetime.cpp; sourceTree = ""; }; - C2AA2B4E052E099D006D0211 /* cssmdatetime.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cssmdatetime.h; sourceTree = ""; }; - C2AA2B4F052E099D006D0211 /* DLDBListCFPref.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = DLDBListCFPref.cpp; sourceTree = ""; }; - C2AA2B50052E099D006D0211 /* DLDBListCFPref.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = DLDBListCFPref.h; sourceTree = ""; }; - C2AA2B55052E099D006D0211 /* generateErrStrings.pl */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.script.perl; path = generateErrStrings.pl; sourceTree = ""; }; - C2AA2B56052E099D006D0211 /* Globals.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = Globals.cpp; sourceTree = ""; }; - C2AA2B57052E099D006D0211 /* Globals.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = Globals.h; sourceTree = ""; }; - C2AA2B58052E099D006D0211 /* Identity.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = Identity.cpp; sourceTree = ""; }; - C2AA2B59052E099D006D0211 /* Identity.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = Identity.h; sourceTree = ""; }; - C2AA2B5A052E099D006D0211 /* IdentityCursor.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = IdentityCursor.cpp; sourceTree = ""; }; - C2AA2B5B052E099D006D0211 /* IdentityCursor.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = IdentityCursor.h; sourceTree = ""; }; - C2AA2B5C052E099D006D0211 /* Item.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = Item.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2AA2B5D052E099D006D0211 /* Item.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = Item.h; sourceTree = ""; }; - C2AA2B5E052E099D006D0211 /* KCCursor.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = KCCursor.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2AA2B5F052E099D006D0211 /* KCCursor.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = KCCursor.h; sourceTree = ""; }; - C2AA2B64052E099D006D0211 /* KCExceptions.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = KCExceptions.h; sourceTree = ""; }; - C2AA2B67052E099D006D0211 /* Keychains.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = Keychains.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2AA2B68052E099D006D0211 /* Keychains.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = Keychains.h; sourceTree = ""; }; - C2AA2B69052E099D006D0211 /* KeyItem.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = KeyItem.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2AA2B6A052E099D006D0211 /* KeyItem.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = KeyItem.h; sourceTree = ""; }; - C2AA2B6B052E099D006D0211 /* Policies.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = Policies.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2AA2B6C052E099D006D0211 /* Policies.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = Policies.h; sourceTree = ""; }; - C2AA2B6D052E099D006D0211 /* PolicyCursor.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = PolicyCursor.cpp; sourceTree = ""; }; - C2AA2B6E052E099D006D0211 /* PolicyCursor.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = PolicyCursor.h; sourceTree = ""; }; - C2AA2B6F052E099D006D0211 /* PrimaryKey.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = PrimaryKey.cpp; sourceTree = ""; }; - C2AA2B70052E099D006D0211 /* PrimaryKey.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = PrimaryKey.h; sourceTree = ""; }; - C2AA2B74052E099D006D0211 /* SecAccess.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecAccess.cpp; sourceTree = ""; }; - C2AA2B75052E099D006D0211 /* SecAccess.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecAccess.h; sourceTree = ""; }; - C2AA2B76052E099D006D0211 /* SecAccessPriv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecAccessPriv.h; sourceTree = ""; }; - C2AA2B77052E099D006D0211 /* SecACL.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecACL.cpp; sourceTree = ""; }; - C2AA2B78052E099D006D0211 /* SecACL.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecACL.h; sourceTree = ""; }; - C2AA2B79052E099D006D0211 /* SecBase.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecBase.h; sourceTree = ""; }; - C2AA2B7A052E099D006D0211 /* SecBridge.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecBridge.h; sourceTree = ""; }; - C2AA2B7B052E099D006D0211 /* SecCertificate.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecCertificate.cpp; sourceTree = ""; }; - C2AA2B7C052E099D006D0211 /* SecCertificate.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecCertificate.h; sourceTree = ""; }; - C2AA2B7D052E099D006D0211 /* SecCertificateBundle.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecCertificateBundle.cpp; sourceTree = ""; }; - C2AA2B7E052E099D006D0211 /* SecCertificateBundle.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecCertificateBundle.h; sourceTree = ""; }; - C2AA2B7F052E099D006D0211 /* SecCertificatePriv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecCertificatePriv.h; sourceTree = ""; }; - C2AA2B80052E099D006D0211 /* SecCertificateRequest.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecCertificateRequest.cpp; sourceTree = ""; }; - C2AA2B81052E099D006D0211 /* SecCertificateRequest.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecCertificateRequest.h; sourceTree = ""; }; - C2AA2B82052E099D006D0211 /* SecCFTypes.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecCFTypes.cpp; sourceTree = ""; }; - C2AA2B83052E099D006D0211 /* SecCFTypes.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecCFTypes.h; sourceTree = ""; }; - C2AA2B86052E099D006D0211 /* SecIdentity.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecIdentity.cpp; sourceTree = ""; }; - C2AA2B87052E099D006D0211 /* SecIdentity.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecIdentity.h; sourceTree = ""; }; - C2AA2B88052E099D006D0211 /* SecIdentityPriv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecIdentityPriv.h; sourceTree = ""; }; - C2AA2B89052E099D006D0211 /* SecIdentitySearch.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecIdentitySearch.cpp; sourceTree = ""; }; - C2AA2B8A052E099D006D0211 /* SecIdentitySearch.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecIdentitySearch.h; sourceTree = ""; }; - C2AA2B8B052E099D006D0211 /* SecKey.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecKey.cpp; sourceTree = ""; }; - C2AA2B8C052E099D006D0211 /* SecKey.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecKey.h; sourceTree = ""; }; - C2AA2B8D052E099D006D0211 /* SecKeychain.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecKeychain.cpp; sourceTree = ""; }; - C2AA2B8E052E099D006D0211 /* SecKeychain.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecKeychain.h; sourceTree = ""; }; - C2AA2B8F052E099D006D0211 /* SecKeychainAddIToolsPassword.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecKeychainAddIToolsPassword.cpp; sourceTree = ""; }; - C2AA2B93052E099D006D0211 /* SecKeychainItem.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecKeychainItem.cpp; sourceTree = ""; }; - C2AA2B94052E099D006D0211 /* SecKeychainItem.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecKeychainItem.h; sourceTree = ""; }; - C2AA2B95052E099D006D0211 /* SecKeychainSearch.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecKeychainSearch.cpp; sourceTree = ""; }; - C2AA2B96052E099D006D0211 /* SecKeychainSearch.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecKeychainSearch.h; sourceTree = ""; }; - C2AA2B97052E099D006D0211 /* SecKeyPriv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecKeyPriv.h; sourceTree = ""; }; - C2AA2B98052E099D006D0211 /* SecPolicy.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecPolicy.cpp; sourceTree = ""; }; - C2AA2B99052E099D006D0211 /* SecPolicy.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecPolicy.h; sourceTree = ""; }; - C2AA2B9A052E099D006D0211 /* SecPolicyPriv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecPolicyPriv.h; sourceTree = ""; }; - C2AA2B9B052E099D006D0211 /* SecPolicySearch.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecPolicySearch.cpp; sourceTree = ""; }; - C2AA2B9C052E099D006D0211 /* SecPolicySearch.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecPolicySearch.h; sourceTree = ""; }; - C2AA2B9F052E099D006D0211 /* SecTrust.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecTrust.cpp; sourceTree = ""; }; - C2AA2BA0052E099D006D0211 /* SecTrust.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecTrust.h; sourceTree = ""; }; - C2AA2BA1052E099D006D0211 /* SecTrustedApplication.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SecTrustedApplication.cpp; sourceTree = ""; }; - C2AA2BA2052E099D006D0211 /* SecTrustedApplication.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecTrustedApplication.h; sourceTree = ""; }; - C2AA2BA3052E099D006D0211 /* SecTrustedApplicationPriv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecTrustedApplicationPriv.h; sourceTree = ""; }; - C2AA2BA4052E099D006D0211 /* SecTrustPriv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecTrustPriv.h; sourceTree = ""; }; - C2AA2BA5052E099D006D0211 /* Security.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = Security.h; sourceTree = ""; }; - C2AA2BAA052E099D006D0211 /* StorageManager.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = StorageManager.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2AA2BAB052E099D006D0211 /* StorageManager.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = StorageManager.h; sourceTree = ""; }; - C2AA2BAC052E099D006D0211 /* Trust.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = Trust.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2AA2BAD052E099D006D0211 /* Trust.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = Trust.h; sourceTree = ""; }; - C2AA2BAE052E099D006D0211 /* TrustedApplication.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = TrustedApplication.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2AA2BAF052E099D006D0211 /* TrustedApplication.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = TrustedApplication.h; sourceTree = ""; }; - C2AA2BB0052E099D006D0211 /* TrustItem.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = TrustItem.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2AA2BB1052E099D006D0211 /* TrustItem.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = TrustItem.h; sourceTree = ""; }; - C2AA2BB2052E099D006D0211 /* TrustStore.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = TrustStore.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2AA2BB3052E099D006D0211 /* TrustStore.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = TrustStore.h; sourceTree = ""; }; - C2FD262F0731CEB40027896A /* defaultcreds.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = defaultcreds.h; path = lib/defaultcreds.h; sourceTree = SOURCE_ROOT; }; - C2FD26370731CEE60027896A /* defaultcreds.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; name = defaultcreds.cpp; path = lib/defaultcreds.cpp; sourceTree = SOURCE_ROOT; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C429431C053B2F8B00470431 /* KCUtilities.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = KCUtilities.cpp; sourceTree = ""; }; - C429431D053B2F8B00470431 /* KCUtilities.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = KCUtilities.h; sourceTree = ""; }; - C4A397A1053B1D50000E1B34 /* SecKeychainPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecKeychainPriv.h; sourceTree = ""; }; - C4A397FA053B21F9000E1B34 /* SecKeychainItemPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecKeychainItemPriv.h; sourceTree = ""; }; - D4486BCD1C65528B0040880D /* SecTrustOSXEntryPoints.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecTrustOSXEntryPoints.cpp; sourceTree = ""; }; - D45FA39B1C6578CE003DBB97 /* SecTrustOSXEntryPoints.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTrustOSXEntryPoints.h; path = ../../trustd/SecTrustOSXEntryPoints.h; sourceTree = ""; }; - D4A2FC811BC8A65B00BF6E56 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = System/Library/Frameworks/Security.framework; sourceTree = SDKROOT; }; - D6E1457B0A632A5A008AA7E8 /* KCEventNotifier.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = KCEventNotifier.cpp; sourceTree = ""; }; - D6E1457C0A632A5A008AA7E8 /* KCEventNotifier.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = KCEventNotifier.h; sourceTree = ""; }; - DC196F6B1CBD77C300A66F4B /* kc-15-key-update-valueref.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-15-key-update-valueref.c"; path = "regressions/kc-15-key-update-valueref.c"; sourceTree = ""; }; - DC1970801CBEC2EE00A66F4B /* kc-15-item-update-label-skimaad.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "kc-15-item-update-label-skimaad.m"; path = "regressions/kc-15-item-update-label-skimaad.m"; sourceTree = ""; }; - DC19708B1CBEE43600A66F4B /* kc-16-item-update-password.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-16-item-update-password.c"; path = "regressions/kc-16-item-update-password.c"; sourceTree = ""; }; - DC19708E1CBEF00F00A66F4B /* kc-20-identity-persistent-refs.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-20-identity-persistent-refs.c"; path = "regressions/kc-20-identity-persistent-refs.c"; sourceTree = ""; }; - DC247FD91CBF1FF800527D67 /* kc-27-key-non-extractable.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-27-key-non-extractable.c"; path = "regressions/kc-27-key-non-extractable.c"; sourceTree = ""; }; - DC2480471CC1B58200527D67 /* kc-21-item-use-callback.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-21-item-use-callback.c"; path = "regressions/kc-21-item-use-callback.c"; sourceTree = ""; }; - DC336B3B1D246E4C00D24F15 /* kc-20-identity-find-stress.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-20-identity-find-stress.c"; path = "regressions/kc-20-identity-find-stress.c"; sourceTree = ""; }; - DC3C15F81BAB6FE20041A23A /* kc-30-xara.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; name = "kc-30-xara.c"; path = "regressions/kc-30-xara.c"; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.c; }; - DC6949791BC71B2300AB4DC3 /* kc-30-xara-item-helpers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; name = "kc-30-xara-item-helpers.h"; path = "regressions/kc-30-xara-item-helpers.h"; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - DC6949801BC71B3B00AB4DC3 /* kc-30-xara-key-helpers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; name = "kc-30-xara-key-helpers.h"; path = "regressions/kc-30-xara-key-helpers.h"; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - DC6949821BC71C7600AB4DC3 /* kc-30-xara-helpers.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = "kc-30-xara-helpers.h"; path = "regressions/kc-30-xara-helpers.h"; sourceTree = ""; }; - DC6B46421C90E36900D899C6 /* kc-01-keychain-creation.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-01-keychain-creation.c"; path = "regressions/kc-01-keychain-creation.c"; sourceTree = ""; }; - DC6B46431C90E36900D899C6 /* kc-02-unlock-noui.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-02-unlock-noui.c"; path = "regressions/kc-02-unlock-noui.c"; sourceTree = ""; }; - DC6B46441C90E36900D899C6 /* kc-03-status.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-03-status.c"; path = "regressions/kc-03-status.c"; sourceTree = ""; }; - DC6B46451C90E36900D899C6 /* kc-10-item-add-generic.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-10-item-add-generic.c"; path = "regressions/kc-10-item-add-generic.c"; sourceTree = ""; }; - DC6B46461C90E36900D899C6 /* kc-10-item-add-certificate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-10-item-add-certificate.c"; path = "regressions/kc-10-item-add-certificate.c"; sourceTree = ""; }; - DC6B46471C90E36900D899C6 /* kc-12-item-create-keypair.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-12-item-create-keypair.c"; path = "regressions/kc-12-item-create-keypair.c"; sourceTree = ""; }; - DC6B46481C90E36900D899C6 /* kc-10-item-add-internet.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-10-item-add-internet.c"; path = "regressions/kc-10-item-add-internet.c"; sourceTree = ""; }; - DC6B46491C90E36900D899C6 /* kc-19-item-copy-internet.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-19-item-copy-internet.c"; path = "regressions/kc-19-item-copy-internet.c"; sourceTree = ""; }; - DC6B464A1C90E36900D899C6 /* kc-21-item-use-callback.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-21-item-use-callback.c"; path = "regressions/kc-21-item-use-callback.c"; sourceTree = ""; }; - DC6B464E1C90E36900D899C6 /* kc-04-is-valid.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-04-is-valid.c"; path = "regressions/kc-04-is-valid.c"; sourceTree = ""; }; - DC6B464F1C90E36900D899C6 /* kc-18-find-combined.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-18-find-combined.c"; path = "regressions/kc-18-find-combined.c"; sourceTree = ""; }; - DC6B46701C90F2C100D899C6 /* kc-helpers.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = "kc-helpers.h"; path = "regressions/kc-helpers.h"; sourceTree = ""; }; - DC7EFBA71CBC4443005F9624 /* kc-06-cert-search-email.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "kc-06-cert-search-email.m"; path = "regressions/kc-06-cert-search-email.m"; sourceTree = ""; }; - DC7EFCA61CBD6ADC005F9624 /* kc-12-key-create-symmetric-and-use.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "kc-12-key-create-symmetric-and-use.m"; path = "regressions/kc-12-key-create-symmetric-and-use.m"; sourceTree = ""; }; - DC7EFCA71CBD6ADC005F9624 /* kc-12-key-create-symmetric.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-12-key-create-symmetric.c"; path = "regressions/kc-12-key-create-symmetric.c"; sourceTree = ""; }; - DC840D881CBEFC640083F55C /* kc-20-identity-key-attributes.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-20-identity-key-attributes.c"; path = "regressions/kc-20-identity-key-attributes.c"; sourceTree = ""; }; - DC840D8B1CBEFCAD0083F55C /* kc-identity-helpers.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = "kc-identity-helpers.h"; path = "regressions/kc-identity-helpers.h"; sourceTree = ""; }; - DC840D8C1CBF121F0083F55C /* kc-23-key-export-symmetric.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "kc-23-key-export-symmetric.m"; path = "regressions/kc-23-key-export-symmetric.m"; sourceTree = ""; }; - DC840D8F1CBF179C0083F55C /* kc-26-key-import-public.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "kc-26-key-import-public.m"; path = "regressions/kc-26-key-import-public.m"; sourceTree = ""; }; - DC9642741D25F4650073E0C5 /* kc-20-item-find-stress.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-20-item-find-stress.c"; path = "regressions/kc-20-item-find-stress.c"; sourceTree = ""; }; - DC9642761D25F5DD0073E0C5 /* kc-20-key-find-stress.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-20-key-find-stress.c"; path = "regressions/kc-20-key-find-stress.c"; sourceTree = ""; }; - DC9A61A01CCA9273002793D6 /* kc-03-keychain-list.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-03-keychain-list.c"; path = "regressions/kc-03-keychain-list.c"; sourceTree = ""; }; - DC9A61A51CCAA0A1002793D6 /* kc-24-key-copy-keychains.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-24-key-copy-keychains.c"; path = "regressions/kc-24-key-copy-keychains.c"; sourceTree = ""; }; - DC9A61B01CCAA91F002793D6 /* kc-28-cert-sign.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-28-cert-sign.c"; path = "regressions/kc-28-cert-sign.c"; sourceTree = ""; }; - DC9A61B31CCABD18002793D6 /* kc-21-item-xattrs.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-21-item-xattrs.c"; path = "regressions/kc-21-item-xattrs.c"; sourceTree = ""; }; - DCA424021CB81EF20095B7DF /* kc-05-find-existing-items.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-05-find-existing-items.c"; path = "regressions/kc-05-find-existing-items.c"; sourceTree = ""; }; - DCA4240C1CB81FE90095B7DF /* kc-keychain-file-helpers.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = "kc-keychain-file-helpers.h"; path = "regressions/kc-keychain-file-helpers.h"; sourceTree = ""; }; - DCA4240D1CB8240E0095B7DF /* kc-item-helpers.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = "kc-item-helpers.h"; path = "regressions/kc-item-helpers.h"; sourceTree = ""; }; - DCA4240E1CB828D80095B7DF /* kc-key-helpers.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = "kc-key-helpers.h"; path = "regressions/kc-key-helpers.h"; sourceTree = ""; }; - DCBD630B1CC86020008C27FC /* kc-28-p12-import.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "kc-28-p12-import.m"; path = "regressions/kc-28-p12-import.m"; sourceTree = ""; }; - DCD20F411BCDA8260046D8EB /* kc-30-xara-upgrade-helpers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = "kc-30-xara-upgrade-helpers.h"; path = "regressions/kc-30-xara-upgrade-helpers.h"; sourceTree = ""; }; - DCE537581D2EE36800A12A95 /* kc-05-find-existing-items-locked.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-05-find-existing-items-locked.c"; path = "regressions/kc-05-find-existing-items-locked.c"; sourceTree = ""; }; - F92321371ACF69EE00634C21 /* si-34-one-true-keychain.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "si-34-one-true-keychain.c"; path = "regressions/si-34-one-true-keychain.c"; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 4C5719C612FB5E9E00B31F85 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - AA31456F134B716B00133245 /* CoreFoundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 182BB5CD146FF72B000BF1F3 /* libDER.a in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 52200F8A14F2B87F00F7F6E7 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - D4A2FC821BC8A65B00BF6E56 /* Security.framework in Frameworks */, - 52200F8B14F2B87F00F7F6E7 /* CoreFoundation.framework in Frameworks */, - 52B609D914F55B6800134209 /* Foundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 05FB014005E5436B00A5194C /* Public API */ = { - isa = PBXGroup; - children = ( - 489C4FCB1202547600A8C58A /* SecRandom.h */, - C2AA2BA5052E099D006D0211 /* Security.h */, - C2AA2B79052E099D006D0211 /* SecBase.h */, - C2AA2B75052E099D006D0211 /* SecAccess.h */, - C2AA2B76052E099D006D0211 /* SecAccessPriv.h */, - C2AA2B78052E099D006D0211 /* SecACL.h */, - 4CF00660058A51180060AF78 /* SecBasePriv.h */, - C2AA2B7C052E099D006D0211 /* SecCertificate.h */, - 52FB44A81146D769006D3B0A /* SecCertificateOIDs.h */, - C2AA2B7E052E099D006D0211 /* SecCertificateBundle.h */, - C2AA2B7F052E099D006D0211 /* SecCertificatePriv.h */, - C2AA2B81052E099D006D0211 /* SecCertificateRequest.h */, - C2AA2B87052E099D006D0211 /* SecIdentity.h */, - C2AA2B88052E099D006D0211 /* SecIdentityPriv.h */, - C2AA2B8A052E099D006D0211 /* SecIdentitySearch.h */, - 30E17F5A062B0A25004208EB /* SecIdentitySearchPriv.h */, - 058AA95905D93B4300F543ED /* SecImportExport.h */, - BEE896E00A61F0BB00BF88A5 /* SecItem.h */, - BEE896E10A61F0BB00BF88A5 /* SecItemPriv.h */, - C2AA2B8C052E099D006D0211 /* SecKey.h */, - C2AA2B97052E099D006D0211 /* SecKeyPriv.h */, - C2AA2B8E052E099D006D0211 /* SecKeychain.h */, - C4A397A1053B1D50000E1B34 /* SecKeychainPriv.h */, - C2AA2B94052E099D006D0211 /* SecKeychainItem.h */, - C4A397FA053B21F9000E1B34 /* SecKeychainItemPriv.h */, - 05A83C360AAF591100906F28 /* SecKeychainItemExtendedAttributes.h */, - C2AA2B96052E099D006D0211 /* SecKeychainSearch.h */, - 1B11967A062F4C1800F3B659 /* SecKeychainSearchPriv.h */, - 407AC2BE066661620030E07D /* SecPassword.h */, - C2AA2B99052E099D006D0211 /* SecPolicy.h */, - C2AA2B9A052E099D006D0211 /* SecPolicyPriv.h */, - C2AA2B9C052E099D006D0211 /* SecPolicySearch.h */, - C2AA2BA0052E099D006D0211 /* SecTrust.h */, - C2AA2BA4052E099D006D0211 /* SecTrustPriv.h */, - 058C796F09F56CCB00DB7E98 /* SecTrustSettings.h */, - 058C797009F56CCB00DB7E98 /* SecTrustSettingsPriv.h */, - C2AA2BA2052E099D006D0211 /* SecTrustedApplication.h */, - C2AA2BA3052E099D006D0211 /* SecTrustedApplicationPriv.h */, - 058C797909F56D1400DB7E98 /* TrustSettingsSchema.h */, - ); - name = "Public API"; - sourceTree = ""; - }; - 05FB014305E5437C00A5194C /* API Bridge */ = { - isa = PBXGroup; - children = ( - C2AA2B74052E099D006D0211 /* SecAccess.cpp */, - C2AA2B77052E099D006D0211 /* SecACL.cpp */, - 4C21181A058A75B000014C42 /* SecBase.cpp */, - C2AA2B7A052E099D006D0211 /* SecBridge.h */, - C2AA2B7B052E099D006D0211 /* SecCertificate.cpp */, - C2AA2B7D052E099D006D0211 /* SecCertificateBundle.cpp */, - C2AA2B80052E099D006D0211 /* SecCertificateRequest.cpp */, - C2AA2B86052E099D006D0211 /* SecIdentity.cpp */, - C2AA2B89052E099D006D0211 /* SecIdentitySearch.cpp */, - BEE897100A62CDD800BF88A5 /* SecItemConstants.c */, - BEE896E60A61F12300BF88A5 /* SecItem.cpp */, - C2AA2B8B052E099D006D0211 /* SecKey.cpp */, - C2AA2B8D052E099D006D0211 /* SecKeychain.cpp */, - C2AA2B93052E099D006D0211 /* SecKeychainItem.cpp */, - 05A83C870AAF5E0A00906F28 /* SecKeychainItemExtendedAttributes.cpp */, - C2AA2B95052E099D006D0211 /* SecKeychainSearch.cpp */, - 407AC2BF066661620030E07D /* SecPassword.cpp */, - C2AA2B98052E099D006D0211 /* SecPolicy.cpp */, - C2AA2B9B052E099D006D0211 /* SecPolicySearch.cpp */, - C2AA2B9F052E099D006D0211 /* SecTrust.cpp */, - C2AA2BA1052E099D006D0211 /* SecTrustedApplication.cpp */, - 058C797509F56CFB00DB7E98 /* SecTrustSettings.cpp */, - ); - name = "API Bridge"; - sourceTree = ""; - }; - 05FB014605E5438300A5194C /* API Classes */ = { - isa = PBXGroup; - children = ( - 48E66AE2120254D700E878AD /* SecRandom.c */, - 52B88DF911DD0D2D005BCA6B /* SecFDERecoveryAsymmetricCrypto.cpp */, - 52B88DFA11DD0D2D005BCA6B /* SecFDERecoveryAsymmetricCrypto.h */, - 4885CFF611C8182D0093ECF6 /* SecRecoveryPassword.c */, - 4885CFF711C8182D0093ECF6 /* SecRecoveryPassword.h */, - C2AA2B42052E099D006D0211 /* Access.cpp */, - C2AA2B43052E099D006D0211 /* Access.h */, - C2AA2B44052E099D006D0211 /* ACL.cpp */, - C2AA2B45052E099D006D0211 /* ACL.h */, - C2AA2B48052E099D006D0211 /* Certificate.cpp */, - C2AA2B49052E099D006D0211 /* Certificate.h */, - C2AA2B4A052E099D006D0211 /* CertificateRequest.cpp */, - C2AA2B4B052E099D006D0211 /* CertificateRequest.h */, - 52BA735B112231C70012875E /* CertificateValues.cpp */, - 52BA735C112231C70012875E /* CertificateValues.h */, - 05A83C7E0AAF5CEA00906F28 /* ExtendedAttribute.cpp */, - 05A83C7D0AAF5CEA00906F28 /* ExtendedAttribute.h */, - C2AA2B56052E099D006D0211 /* Globals.cpp */, - C2AA2B57052E099D006D0211 /* Globals.h */, - C2AA2B58052E099D006D0211 /* Identity.cpp */, - C2AA2B59052E099D006D0211 /* Identity.h */, - C2AA2B5A052E099D006D0211 /* IdentityCursor.cpp */, - C2AA2B5B052E099D006D0211 /* IdentityCursor.h */, - C2AA2B5C052E099D006D0211 /* Item.cpp */, - C2AA2B5D052E099D006D0211 /* Item.h */, - C2AA2B5E052E099D006D0211 /* KCCursor.cpp */, - C2AA2B5F052E099D006D0211 /* KCCursor.h */, - C2AA2B67052E099D006D0211 /* Keychains.cpp */, - C2AA2B68052E099D006D0211 /* Keychains.h */, - C2AA2B69052E099D006D0211 /* KeyItem.cpp */, - C2AA2B6A052E099D006D0211 /* KeyItem.h */, - 407AC2C3066798420030E07D /* Password.cpp */, - 407AC2C2066798420030E07D /* Password.h */, - C2AA2B6B052E099D006D0211 /* Policies.cpp */, - C2AA2B6C052E099D006D0211 /* Policies.h */, - C2AA2B6D052E099D006D0211 /* PolicyCursor.cpp */, - C2AA2B6E052E099D006D0211 /* PolicyCursor.h */, - C2AA2B82052E099D006D0211 /* SecCFTypes.cpp */, - C2AA2B83052E099D006D0211 /* SecCFTypes.h */, - C2AA2B8F052E099D006D0211 /* SecKeychainAddIToolsPassword.cpp */, - 527067DB070246B300C5D30E /* iToolsTrustedApps.plist */, - C2AA2BAA052E099D006D0211 /* StorageManager.cpp */, - C2AA2BAC052E099D006D0211 /* Trust.cpp */, - C2AA2BAD052E099D006D0211 /* Trust.h */, - 055EA6B006AC5C13005079CE /* TrustRevocation.cpp */, - C2AA2BAE052E099D006D0211 /* TrustedApplication.cpp */, - C2AA2BAF052E099D006D0211 /* TrustedApplication.h */, - 058C797709F56D1400DB7E98 /* TrustSettings.cpp */, - 058C797809F56D1400DB7E98 /* TrustSettings.h */, - BECE5140106B056C0091E644 /* TrustKeychains.h */, - D4486BCD1C65528B0040880D /* SecTrustOSXEntryPoints.cpp */, - D45FA39B1C6578CE003DBB97 /* SecTrustOSXEntryPoints.h */, - ); - name = "API Classes"; - sourceTree = ""; - }; - 05FB014905E5438C00A5194C /* Internal */ = { - isa = PBXGroup; - children = ( - 48E66AE4120254FC00E878AD /* SecRandomP.h */, - C2AA2B46052E099D006D0211 /* CCallbackMgr.cp */, - C2AA2B47052E099D006D0211 /* CCallbackMgr.h */, - C2AA2B4D052E099D006D0211 /* cssmdatetime.cpp */, - C2AA2B4E052E099D006D0211 /* cssmdatetime.h */, - C2FD26370731CEE60027896A /* defaultcreds.cpp */, - C2FD262F0731CEB40027896A /* defaultcreds.h */, - C2AA2B4F052E099D006D0211 /* DLDBListCFPref.cpp */, - C2AA2B50052E099D006D0211 /* DLDBListCFPref.h */, - 4CFDC28306CD9C6A007BEE7E /* DynamicDLDBList.cpp */, - 4CFDC28406CD9C6A007BEE7E /* DynamicDLDBList.h */, - D6E1457B0A632A5A008AA7E8 /* KCEventNotifier.cpp */, - D6E1457C0A632A5A008AA7E8 /* KCEventNotifier.h */, - C2AA2B64052E099D006D0211 /* KCExceptions.h */, - C429431C053B2F8B00470431 /* KCUtilities.cpp */, - C429431D053B2F8B00470431 /* KCUtilities.h */, - 4C868429058A55A10072F261 /* MacOSErrorStrings.h */, - C2AA2B6F052E099D006D0211 /* PrimaryKey.cpp */, - C2AA2B70052E099D006D0211 /* PrimaryKey.h */, - BE296DC40EAC2B5600FD22BE /* SecInternal.h */, - C2AA2BAB052E099D006D0211 /* StorageManager.h */, - BE50AE650F687AB900D28C54 /* TrustAdditions.cpp */, - BE50AE660F687AB900D28C54 /* TrustAdditions.h */, - C2AA2BB0052E099D006D0211 /* TrustItem.cpp */, - C2AA2BB1052E099D006D0211 /* TrustItem.h */, - C2AA2BB2052E099D006D0211 /* TrustStore.cpp */, - C2AA2BB3052E099D006D0211 /* TrustStore.h */, - C26BA9FE072580AE0049AF3C /* UnlockReferralItem.cpp */, - C2975B9B072580DC00AFECAD /* UnlockReferralItem.h */, - 058C797A09F56D1400DB7E98 /* TrustSettingsUtils.cpp */, - 058C797B09F56D1400DB7E98 /* TrustSettingsUtils.h */, - 52C23EF71135AE5100E079D2 /* SecCertificatePrivP.h */, - 5261C30F112F1C560047EF8B /* SecBase64P.c */, - 5261C289112F0D570047EF8B /* SecFrameworkP.c */, - 521DC57D1125FEE300937BF2 /* SecCertificateP.c */, - 521DC57E1125FEE300937BF2 /* SecCertificateP.h */, - 4CCB00430580089000981D43 /* security_keychain.exp */, - 52008C6311496BD200E8CA78 /* SecCertificateInternalP.h */, - C2AA2B55052E099D006D0211 /* generateErrStrings.pl */, - 52E950CC1509B47000DA6511 /* tsaDERUtilities.c */, - 52E950D51509B48D00DA6511 /* tsaDERUtilities.h */, - 3A353D7B1CC50583000446F4 /* TokenLogin.cpp */, - 3A353D7C1CC50583000446F4 /* TokenLogin.h */, - ); - name = Internal; - sourceTree = ""; - }; - 05FB014C05E5439100A5194C /* Import/Export */ = { - isa = PBXGroup; - children = ( - 058AA95805D93B4300F543ED /* SecExport.cpp */, - 058AA9CD05D96FE600F543ED /* SecExternalRep.cpp */, - 058AA9C905D96FD200F543ED /* SecExternalRep.h */, - 058AA96B05D93CDD00F543ED /* SecImport.cpp */, - BE296DBE0EAC299C00FD22BE /* SecImportExport.c */, - 051A034705D9A68C00E02A64 /* SecImportExportAgg.cpp */, - 051A034F05D9A69900E02A64 /* SecImportExportAgg.h */, - 05012D45060B94A000C044CB /* SecImportExportCrypto.cpp */, - 05012D49060B94B200C044CB /* SecImportExportCrypto.h */, - 05AE95480AA748570076501C /* SecImportExportOpenSSH.cpp */, - 05AE95470AA748570076501C /* SecImportExportOpenSSH.h */, - 051A053205DAC86400E02A64 /* SecImportExportPem.cpp */, - 058AAA9105D97EAE00F543ED /* SecImportExportPem.h */, - 056CDA3805FD573B00820BC3 /* SecImportExportPkcs8.cpp */, - 056CDA8D05FD63C200820BC3 /* SecImportExportPkcs8.h */, - 054F90AD05E2860E0013C1D1 /* SecImportExportUtils.cpp */, - 054F90AF05E286180013C1D1 /* SecImportExportUtils.h */, - 05FB016605E54A3A00A5194C /* SecNetscapeTemplates.cpp */, - 05FB016705E54A3A00A5194C /* SecNetscapeTemplates.h */, - 056CDA6405FD5B3400820BC3 /* SecPkcs8Templates.cpp */, - 056CDA5C05FD5AEB00820BC3 /* SecPkcs8Templates.h */, - 052AF722060A3472003FEB8D /* SecWrappedKeys.cpp */, - ); - name = Import/Export; - sourceTree = ""; - }; - 0CBD4FF916C323E800713B6C /* regressions */ = { - isa = PBXGroup; - children = ( - 0CBD509C16C324B100713B6C /* keychain_regressions.h */, - DC6B46701C90F2C100D899C6 /* kc-helpers.h */, - DCA4240D1CB8240E0095B7DF /* kc-item-helpers.h */, - DCA4240E1CB828D80095B7DF /* kc-key-helpers.h */, - DC840D8B1CBEFCAD0083F55C /* kc-identity-helpers.h */, - DCA4240C1CB81FE90095B7DF /* kc-keychain-file-helpers.h */, - DC6B46421C90E36900D899C6 /* kc-01-keychain-creation.c */, - DC6B46431C90E36900D899C6 /* kc-02-unlock-noui.c */, - DC6B46441C90E36900D899C6 /* kc-03-status.c */, - DC9A61A01CCA9273002793D6 /* kc-03-keychain-list.c */, - DC6B464E1C90E36900D899C6 /* kc-04-is-valid.c */, - DCA424021CB81EF20095B7DF /* kc-05-find-existing-items.c */, - DCE537581D2EE36800A12A95 /* kc-05-find-existing-items-locked.c */, - DC7EFBA71CBC4443005F9624 /* kc-06-cert-search-email.m */, - DC6B46451C90E36900D899C6 /* kc-10-item-add-generic.c */, - DC6B46481C90E36900D899C6 /* kc-10-item-add-internet.c */, - DC6B46461C90E36900D899C6 /* kc-10-item-add-certificate.c */, - DC7EFCA71CBD6ADC005F9624 /* kc-12-key-create-symmetric.c */, - DC7EFCA61CBD6ADC005F9624 /* kc-12-key-create-symmetric-and-use.m */, - DC6B46471C90E36900D899C6 /* kc-12-item-create-keypair.c */, - DC196F6B1CBD77C300A66F4B /* kc-15-key-update-valueref.c */, - DC1970801CBEC2EE00A66F4B /* kc-15-item-update-label-skimaad.m */, - DC19708B1CBEE43600A66F4B /* kc-16-item-update-password.c */, - DC6B464F1C90E36900D899C6 /* kc-18-find-combined.c */, - DC6B46491C90E36900D899C6 /* kc-19-item-copy-internet.c */, - DC19708E1CBEF00F00A66F4B /* kc-20-identity-persistent-refs.c */, - DC840D881CBEFC640083F55C /* kc-20-identity-key-attributes.c */, - DC9642741D25F4650073E0C5 /* kc-20-item-find-stress.c */, - DC9642761D25F5DD0073E0C5 /* kc-20-key-find-stress.c */, - DC336B3B1D246E4C00D24F15 /* kc-20-identity-find-stress.c */, - DC6B464A1C90E36900D899C6 /* kc-21-item-use-callback.c */, - DC9A61B31CCABD18002793D6 /* kc-21-item-xattrs.c */, - DC840D8C1CBF121F0083F55C /* kc-23-key-export-symmetric.m */, - DC9A61A51CCAA0A1002793D6 /* kc-24-key-copy-keychains.c */, - DC840D8F1CBF179C0083F55C /* kc-26-key-import-public.m */, - DC247FD91CBF1FF800527D67 /* kc-27-key-non-extractable.c */, - DCBD630B1CC86020008C27FC /* kc-28-p12-import.m */, - DC9A61B01CCAA91F002793D6 /* kc-28-cert-sign.c */, - DC3C15F81BAB6FE20041A23A /* kc-30-xara.c */, - DC6949821BC71C7600AB4DC3 /* kc-30-xara-helpers.h */, - DCD20F411BCDA8260046D8EB /* kc-30-xara-upgrade-helpers.h */, - DC6949791BC71B2300AB4DC3 /* kc-30-xara-item-helpers.h */, - DC6949801BC71B3B00AB4DC3 /* kc-30-xara-key-helpers.h */, - 0CBD509816C3246D00713B6C /* kc-40-seckey.m */, - 0CBD509916C3246D00713B6C /* kc-41-sececkey.m */, - 87701A841C4B91D000CB437B /* kc-43-seckey-interop.m */, - AC9ADAD2199AD6BA00BDAF54 /* kc-42-trust-revocation.c */, - BED2BCA11B96217B006CF43A /* si-20-sectrust-provisioning.c */, - BE0FAED51B967FB30017DAC9 /* si-20-sectrust-provisioning.h */, - 188BB53F171DD774009D22CE /* si-33-keychain-backup.c */, - F92321371ACF69EE00634C21 /* si-34-one-true-keychain.c */, - ); - name = regressions; - sourceTree = ""; - }; - 182BB223146F063C000BF1F3 /* config */ = { - isa = PBXGroup; - children = ( - 182BB224146F063C000BF1F3 /* base.xcconfig */, - 182BB225146F063C000BF1F3 /* debug.xcconfig */, - 182BB226146F063C000BF1F3 /* lib.xcconfig */, - 182BB227146F063C000BF1F3 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 182BB30D146F0AE6000BF1F3 /* Products */ = { - isa = PBXGroup; - children = ( - 182BB312146F0AE6000BF1F3 /* libsecurity_utilities.a */, - ); - name = Products; - sourceTree = ""; - }; - 4C5719D712FB5F3300B31F85 /* xpc */ = { - isa = PBXGroup; - children = ( - AA31456E134B716B00133245 /* CoreFoundation.framework */, - 4C5719D812FB5F6800B31F85 /* main.c */, - 4C5719CA12FB5E9E00B31F85 /* XPCKeychainSandboxCheck-Info.plist */, - ); - name = xpc; - sourceTree = ""; - }; - 4CA1FEA7052A3C3800F22E42 = { - isa = PBXGroup; - children = ( - 182BB30C146F0AE6000BF1F3 /* libsecurity_utilities.xcodeproj */, - 5297A586112B78BB00EAA0C0 /* libDER.xcodeproj */, - 0CBD4FF916C323E800713B6C /* regressions */, - C2AA2B41052E099D006D0211 /* lib */, - 182BB223146F063C000BF1F3 /* config */, - 52200F9914F2B93700F7F6E7 /* xpc-tsa */, - 4C5719D712FB5F3300B31F85 /* xpc */, - 4CA1FEBF052A3C8100F22E42 /* Products */, - ); - sourceTree = ""; - }; - 4CA1FEBF052A3C8100F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - 4CA1FEBE052A3C8100F22E42 /* libsecurity_keychain.a */, - 4C5719C812FB5E9E00B31F85 /* XPCKeychainSandboxCheck.xpc */, - 52200F8F14F2B88000F7F6E7 /* XPCTimeStampingService.xpc */, - 0CBD509716C3242200713B6C /* libsecurity_keychain_regressions.a */, - ); - name = Products; - sourceTree = ""; - }; - 52200F9914F2B93700F7F6E7 /* xpc-tsa */ = { - isa = PBXGroup; - children = ( - D4A2FC811BC8A65B00BF6E56 /* Security.framework */, - 52B609D814F55B6800134209 /* Foundation.framework */, - 52200F9B14F2B93700F7F6E7 /* XPCTimeStampingService-Info.plist */, - 52B60A0614F5CA9500134209 /* main-tsa.m */, - 52B609E114F55BFA00134209 /* timestampclient.h */, - 52B609E214F55BFA00134209 /* timestampclient.m */, - ); - path = "xpc-tsa"; - sourceTree = ""; - }; - 5297A72A112CB13800EAA0C0 /* Products */ = { - isa = PBXGroup; - children = ( - 5297A731112CB13800EAA0C0 /* libDER.a */, - 5297A733112CB13800EAA0C0 /* parseCert */, - 5297A735112CB13800EAA0C0 /* libDERUtils.a */, - 5297A737112CB13800EAA0C0 /* parseCrl */, - 52FB45D511471AD0006D3B0A /* parseTicket */, - ); - name = Products; - sourceTree = ""; - }; - C2AA2B41052E099D006D0211 /* lib */ = { - isa = PBXGroup; - children = ( - 05FB014305E5437C00A5194C /* API Bridge */, - 05FB014005E5436B00A5194C /* Public API */, - 05FB014605E5438300A5194C /* API Classes */, - 05FB014905E5438C00A5194C /* Internal */, - 05FB014C05E5439100A5194C /* Import/Export */, - ); - path = lib; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 4CF36F5D0581375900834D11 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 05FB016905E54A3A00A5194C /* SecNetscapeTemplates.h in Headers */, - 056CDA5D05FD5AEB00820BC3 /* SecPkcs8Templates.h in Headers */, - DCD20F421BCDA8260046D8EB /* kc-30-xara-upgrade-helpers.h in Headers */, - 4CF36F650581376700834D11 /* SecAccess.h in Headers */, - 4CF36F680581376700834D11 /* SecACL.h in Headers */, - 4CF36F6A0581376700834D11 /* SecBase.h in Headers */, - 4CF36F690581376700834D11 /* SecCertificate.h in Headers */, - 3A353D7E1CC50583000446F4 /* TokenLogin.h in Headers */, - 4CF36F6C0581376700834D11 /* SecIdentity.h in Headers */, - 4CF36F670581376700834D11 /* SecIdentitySearch.h in Headers */, - BEE896E20A61F0BB00BF88A5 /* SecItem.h in Headers */, - 4CF36F620581376700834D11 /* SecKey.h in Headers */, - 4CF36F5E0581376700834D11 /* SecKeychain.h in Headers */, - 4CF36F630581376700834D11 /* SecKeychainItem.h in Headers */, - 4CF36F5F0581376700834D11 /* SecKeychainSearch.h in Headers */, - 4CF36F660581376700834D11 /* SecPolicy.h in Headers */, - 4CF36F600581376700834D11 /* SecPolicySearch.h in Headers */, - 4CF36F610581376700834D11 /* SecTrust.h in Headers */, - 4CF36F6B0581376700834D11 /* SecTrustedApplication.h in Headers */, - 4CF36F640581376700834D11 /* Security.h in Headers */, - 058AA95B05D93B4300F543ED /* SecImportExport.h in Headers */, - 058C797109F56CCB00DB7E98 /* SecTrustSettings.h in Headers */, - 52FB44A91146D769006D3B0A /* SecCertificateOIDs.h in Headers */, - 489C4FCC1202547600A8C58A /* SecRandom.h in Headers */, - 05AE95490AA748570076501C /* SecImportExportOpenSSH.h in Headers */, - BE296DC50EAC2B5600FD22BE /* SecInternal.h in Headers */, - BE50AE680F687AB900D28C54 /* TrustAdditions.h in Headers */, - 52B88DFC11DD0D2D005BCA6B /* SecFDERecoveryAsymmetricCrypto.h in Headers */, - 407AC2C0066661620030E07D /* SecPassword.h in Headers */, - 4C86848C058A59430072F261 /* MacOSErrorStrings.h in Headers */, - 4CF36F720581377300834D11 /* SecAccessPriv.h in Headers */, - 4CF00661058A51180060AF78 /* SecBasePriv.h in Headers */, - 4CF36F790581377300834D11 /* SecCertificateBundle.h in Headers */, - 4CF36F760581377300834D11 /* SecCertificatePriv.h in Headers */, - 4CF36F710581377300834D11 /* SecCertificateRequest.h in Headers */, - 4CF36F740581377300834D11 /* SecIdentityPriv.h in Headers */, - 4CF36F6F0581377300834D11 /* SecKeychainItemPriv.h in Headers */, - 4CF36F730581377300834D11 /* SecKeychainPriv.h in Headers */, - 4CF36F780581377300834D11 /* SecKeyPriv.h in Headers */, - 4CF36F6E0581377300834D11 /* SecPolicyPriv.h in Headers */, - 4CF36F750581377300834D11 /* SecTrustedApplicationPriv.h in Headers */, - 4CF36F700581377300834D11 /* SecTrustPriv.h in Headers */, - 058AA9CA05D96FD200F543ED /* SecExternalRep.h in Headers */, - 058AAA9205D97EAE00F543ED /* SecImportExportPem.h in Headers */, - 051A035005D9A69900E02A64 /* SecImportExportAgg.h in Headers */, - 054F90B005E286180013C1D1 /* SecImportExportUtils.h in Headers */, - 056CDA8E05FD63C200820BC3 /* SecImportExportPkcs8.h in Headers */, - 05012D4A060B94B200C044CB /* SecImportExportCrypto.h in Headers */, - 30E17F5B062B0A25004208EB /* SecIdentitySearchPriv.h in Headers */, - 1B11967B062F4C1800F3B659 /* SecKeychainSearchPriv.h in Headers */, - 058C797209F56CCC00DB7E98 /* SecTrustSettingsPriv.h in Headers */, - 058C797D09F56D1400DB7E98 /* TrustSettings.h in Headers */, - 058C797E09F56D1400DB7E98 /* TrustSettingsSchema.h in Headers */, - D45FA39C1C6578CE003DBB97 /* SecTrustOSXEntryPoints.h in Headers */, - 058C798009F56D1400DB7E98 /* TrustSettingsUtils.h in Headers */, - BEE896E30A61F0BB00BF88A5 /* SecItemPriv.h in Headers */, - 05A83C380AAF591100906F28 /* SecKeychainItemExtendedAttributes.h in Headers */, - BECE5141106B056C0091E644 /* TrustKeychains.h in Headers */, - 52008C6411496BD200E8CA78 /* SecCertificateInternalP.h in Headers */, - 4885CFF911C8182D0093ECF6 /* SecRecoveryPassword.h in Headers */, - 48E66AE5120254FC00E878AD /* SecRandomP.h in Headers */, - 52BA735E112231C70012875E /* CertificateValues.h in Headers */, - 521DC5801125FEE300937BF2 /* SecCertificateP.h in Headers */, - 52C23EF81135AE5100E079D2 /* SecCertificatePrivP.h in Headers */, - 52E950D61509B48D00DA6511 /* tsaDERUtilities.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 0CBD500016C3242200713B6C /* libsecurity_keychain_regressions */ = { - isa = PBXNativeTarget; - buildConfigurationList = 0CBD509416C3242200713B6C /* Build configuration list for PBXNativeTarget "libsecurity_keychain_regressions" */; - buildPhases = ( - 0CBD504416C3242200713B6C /* Sources */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_keychain_regressions; - productName = libsecurity_keychain; - productReference = 0CBD509716C3242200713B6C /* libsecurity_keychain_regressions.a */; - productType = "com.apple.product-type.library.static"; - }; - 4C5719C712FB5E9E00B31F85 /* XPCKeychainSandboxCheck */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4C5719CF12FB5E9F00B31F85 /* Build configuration list for PBXNativeTarget "XPCKeychainSandboxCheck" */; - buildPhases = ( - 4C5719C512FB5E9E00B31F85 /* Sources */, - 4C5719C612FB5E9E00B31F85 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = XPCKeychainSandboxCheck; - productName = XPCKeychainSandboxCheck; - productReference = 4C5719C812FB5E9E00B31F85 /* XPCKeychainSandboxCheck.xpc */; - productType = "com.apple.product-type.application"; - }; - 4CA1FEBD052A3C8100F22E42 /* libsecurity_keychain */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD37C0987FCDE001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_keychain" */; - buildPhases = ( - 4CF36F5D0581375900834D11 /* Headers */, - 4CA1FEBA052A3C8100F22E42 /* Sources */, - 4CA1FEBB052A3C8100F22E42 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - 521FBA8C112CB465002BEF54 /* PBXTargetDependency */, - ); - name = libsecurity_keychain; - productName = libsecurity_keychain; - productReference = 4CA1FEBE052A3C8100F22E42 /* libsecurity_keychain.a */; - productType = "com.apple.product-type.library.static"; - }; - 52200F8714F2B87F00F7F6E7 /* XPCTimeStampingService */ = { - isa = PBXNativeTarget; - buildConfigurationList = 52200F8C14F2B87F00F7F6E7 /* Build configuration list for PBXNativeTarget "XPCTimeStampingService" */; - buildPhases = ( - 52200F8814F2B87F00F7F6E7 /* Sources */, - 52200F8A14F2B87F00F7F6E7 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = XPCTimeStampingService; - productName = XPCTimeStampingService; - productReference = 52200F8F14F2B88000F7F6E7 /* XPCTimeStampingService.xpc */; - productType = "com.apple.product-type.application"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEAB052A3C3800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD3810987FCDE001272E0 /* Build configuration list for PBXProject "libsecurity_keychain" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - English, - Japanese, - French, - German, - ); - mainGroup = 4CA1FEA7052A3C3800F22E42; - productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 5297A72A112CB13800EAA0C0 /* Products */; - ProjectRef = 5297A586112B78BB00EAA0C0 /* libDER.xcodeproj */; - }, - { - ProductGroup = 182BB30D146F0AE6000BF1F3 /* Products */; - ProjectRef = 182BB30C146F0AE6000BF1F3 /* libsecurity_utilities.xcodeproj */; - }, - ); - projectRoot = ""; - targets = ( - 4CA1FEBD052A3C8100F22E42 /* libsecurity_keychain */, - 4C5719C712FB5E9E00B31F85 /* XPCKeychainSandboxCheck */, - 52200F8714F2B87F00F7F6E7 /* XPCTimeStampingService */, - 0CBD500016C3242200713B6C /* libsecurity_keychain_regressions */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 182BB312146F0AE6000BF1F3 /* libsecurity_utilities.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_utilities.a; - remoteRef = 182BB311146F0AE6000BF1F3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 5297A731112CB13800EAA0C0 /* libDER.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libDER.a; - remoteRef = 5297A730112CB13800EAA0C0 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 5297A733112CB13800EAA0C0 /* parseCert */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = parseCert; - remoteRef = 5297A732112CB13800EAA0C0 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 5297A735112CB13800EAA0C0 /* libDERUtils.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libDERUtils.a; - remoteRef = 5297A734112CB13800EAA0C0 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 5297A737112CB13800EAA0C0 /* parseCrl */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = parseCrl; - remoteRef = 5297A736112CB13800EAA0C0 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 52FB45D511471AD0006D3B0A /* parseTicket */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = parseTicket; - remoteRef = 52FB45D411471AD0006D3B0A /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; -/* End PBXReferenceProxy section */ - -/* Begin PBXSourcesBuildPhase section */ - 0CBD504416C3242200713B6C /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - DC6B46641C90EE1200D899C6 /* kc-01-keychain-creation.c in Sources */, - DC196F691CBD70B400A66F4B /* kc-12-key-create-symmetric-and-use.m in Sources */, - DC9A61A21CCA9279002793D6 /* kc-03-keychain-list.c in Sources */, - DC6B46651C90EE1200D899C6 /* kc-02-unlock-noui.c in Sources */, - DC840D8A1CBEFC6A0083F55C /* kc-20-identity-key-attributes.c in Sources */, - DC6B46661C90EE1A00D899C6 /* kc-03-status.c in Sources */, - DCBD63151CC86028008C27FC /* kc-28-p12-import.m in Sources */, - DC6B46671C90EE1A00D899C6 /* kc-10-item-add-generic.c in Sources */, - DC6B46681C90EE1A00D899C6 /* kc-10-item-add-certificate.c in Sources */, - DC6B46691C90EE1A00D899C6 /* kc-12-item-create-keypair.c in Sources */, - DC196F6D1CBD77CD00A66F4B /* kc-15-key-update-valueref.c in Sources */, - DC6B466A1C90EE1A00D899C6 /* kc-10-item-add-internet.c in Sources */, - DC6B466B1C90EE1A00D899C6 /* kc-19-item-copy-internet.c in Sources */, - DC6B466C1C90EE1A00D899C6 /* kc-21-item-use-callback.c in Sources */, - DC6B466E1C90EE1A00D899C6 /* kc-04-is-valid.c in Sources */, - DC6B466F1C90EE1A00D899C6 /* kc-18-find-combined.c in Sources */, - DC336B3C1D246E4C00D24F15 /* kc-20-identity-find-stress.c in Sources */, - 87701A8E1C4B91E300CB437B /* kc-43-seckey-interop.m in Sources */, - DC9A61B51CCABD1F002793D6 /* kc-21-item-xattrs.c in Sources */, - DC3C16001BAB76B50041A23A /* kc-30-xara.c in Sources */, - AC9ADAD3199AD6BA00BDAF54 /* kc-42-trust-revocation.c in Sources */, - DC2480511CC1B58B00527D67 /* kc-21-item-use-callback.c in Sources */, - DCE537591D2EE36800A12A95 /* kc-05-find-existing-items-locked.c in Sources */, - 0CBD509B16C3246D00713B6C /* kc-41-sececkey.m in Sources */, - DC19708A1CBEC2FA00A66F4B /* kc-15-item-update-label-skimaad.m in Sources */, - 188BB546171DD8B5009D22CE /* si-33-keychain-backup.c in Sources */, - DC840D871CBEF5CB0083F55C /* kc-20-identity-persistent-refs.c in Sources */, - DC19708D1CBEE43E00A66F4B /* kc-16-item-update-password.c in Sources */, - DC9642751D25F4650073E0C5 /* kc-20-item-find-stress.c in Sources */, - DC9A61AF1CCAA4CF002793D6 /* kc-24-key-copy-keychains.c in Sources */, - BED2BCA21B96217B006CF43A /* si-20-sectrust-provisioning.c in Sources */, - DC840D8E1CBF13C00083F55C /* kc-23-key-export-symmetric.m in Sources */, - DC840D911CBF17AF0083F55C /* kc-26-key-import-public.m in Sources */, - DC247FDB1CBF22AD00527D67 /* kc-27-key-non-extractable.c in Sources */, - F92321381ACF69EE00634C21 /* si-34-one-true-keychain.c in Sources */, - DC9642771D25F5DD0073E0C5 /* kc-20-key-find-stress.c in Sources */, - DC196F6A1CBD70C100A66F4B /* kc-12-key-create-symmetric.c in Sources */, - DC7EFBA91CBC4448005F9624 /* kc-06-cert-search-email.m in Sources */, - 0CBD509A16C3246D00713B6C /* kc-40-seckey.m in Sources */, - DCA424031CB81EF20095B7DF /* kc-05-find-existing-items.c in Sources */, - DC9A61B21CCAAE05002793D6 /* kc-28-cert-sign.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4C5719C512FB5E9E00B31F85 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4C5719DB12FB5F6800B31F85 /* main.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CA1FEBA052A3C8100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - C2AA2BB4052E099D006D0211 /* Access.cpp in Sources */, - C2AA2BB6052E099D006D0211 /* ACL.cpp in Sources */, - C2AA2BB8052E099D006D0211 /* CCallbackMgr.cp in Sources */, - C2AA2BBA052E099D006D0211 /* Certificate.cpp in Sources */, - C2AA2BBC052E099D006D0211 /* CertificateRequest.cpp in Sources */, - C2AA2BBF052E099D006D0211 /* cssmdatetime.cpp in Sources */, - C2FD26380731CEFB0027896A /* defaultcreds.cpp in Sources */, - C2AA2BC1052E099D006D0211 /* DLDBListCFPref.cpp in Sources */, - 4CFDC28506CD9C6A007BEE7E /* DynamicDLDBList.cpp in Sources */, - C2AA2BC7052E099D006D0211 /* Globals.cpp in Sources */, - C2AA2BC9052E099D006D0211 /* Identity.cpp in Sources */, - C2AA2BCB052E099D006D0211 /* IdentityCursor.cpp in Sources */, - C2AA2BCD052E099D006D0211 /* Item.cpp in Sources */, - D6095E960A94F17C0026C68B /* KCEventNotifier.cpp in Sources */, - C2AA2BCF052E099D006D0211 /* KCCursor.cpp in Sources */, - C429431E053B2F8B00470431 /* KCUtilities.cpp in Sources */, - C2AA2BD8052E099D006D0211 /* Keychains.cpp in Sources */, - C2AA2BDA052E099D006D0211 /* KeyItem.cpp in Sources */, - 407AC2C5066798420030E07D /* Password.cpp in Sources */, - C2AA2BDC052E099D006D0211 /* Policies.cpp in Sources */, - C2AA2BDE052E099D006D0211 /* PolicyCursor.cpp in Sources */, - C2AA2BE0052E099D006D0211 /* PrimaryKey.cpp in Sources */, - C2AA2BE4052E099D006D0211 /* SecAccess.cpp in Sources */, - C2AA2BE7052E099D006D0211 /* SecACL.cpp in Sources */, - 4C21181B058A75B000014C42 /* SecBase.cpp in Sources */, - C2AA2BEB052E099D006D0211 /* SecCertificate.cpp in Sources */, - C2AA2BED052E099D006D0211 /* SecCertificateBundle.cpp in Sources */, - C2AA2BF0052E099D006D0211 /* SecCertificateRequest.cpp in Sources */, - C2AA2BF2052E099D006D0211 /* SecCFTypes.cpp in Sources */, - C2AA2BF6052E099D006D0211 /* SecIdentity.cpp in Sources */, - C2AA2BF9052E099D006D0211 /* SecIdentitySearch.cpp in Sources */, - C2AA2BFB052E099D006D0211 /* SecKey.cpp in Sources */, - C2AA2BFD052E099D006D0211 /* SecKeychain.cpp in Sources */, - C2AA2BFF052E099D006D0211 /* SecKeychainAddIToolsPassword.cpp in Sources */, - C2AA2C03052E099D006D0211 /* SecKeychainItem.cpp in Sources */, - C2AA2C05052E099D006D0211 /* SecKeychainSearch.cpp in Sources */, - 407AC2C1066661620030E07D /* SecPassword.cpp in Sources */, - C2AA2C08052E099D006D0211 /* SecPolicy.cpp in Sources */, - C2AA2C0B052E099D006D0211 /* SecPolicySearch.cpp in Sources */, - C2AA2C0F052E099D006D0211 /* SecTrust.cpp in Sources */, - C2AA2C11052E099D006D0211 /* SecTrustedApplication.cpp in Sources */, - C2AA2C1A052E099D006D0211 /* StorageManager.cpp in Sources */, - C2AA2C1C052E099D006D0211 /* Trust.cpp in Sources */, - C2AA2C1E052E099D006D0211 /* TrustedApplication.cpp in Sources */, - C2AA2C20052E099D006D0211 /* TrustItem.cpp in Sources */, - C2AA2C22052E099D006D0211 /* TrustStore.cpp in Sources */, - 058AA95A05D93B4300F543ED /* SecExport.cpp in Sources */, - 058AA96C05D93CDD00F543ED /* SecImport.cpp in Sources */, - 058AA9CE05D96FE600F543ED /* SecExternalRep.cpp in Sources */, - 051A034805D9A68C00E02A64 /* SecImportExportAgg.cpp in Sources */, - 051A053305DAC86400E02A64 /* SecImportExportPem.cpp in Sources */, - 054F90AE05E2860E0013C1D1 /* SecImportExportUtils.cpp in Sources */, - 05FB016805E54A3A00A5194C /* SecNetscapeTemplates.cpp in Sources */, - 056CDA3905FD573B00820BC3 /* SecImportExportPkcs8.cpp in Sources */, - 056CDA6505FD5B3400820BC3 /* SecPkcs8Templates.cpp in Sources */, - 052AF723060A3472003FEB8D /* SecWrappedKeys.cpp in Sources */, - 05012D46060B94A000C044CB /* SecImportExportCrypto.cpp in Sources */, - 055EA6B106AC5C13005079CE /* TrustRevocation.cpp in Sources */, - C26BA9FF072580AE0049AF3C /* UnlockReferralItem.cpp in Sources */, - 3A353D7D1CC50583000446F4 /* TokenLogin.cpp in Sources */, - 058C797609F56CFB00DB7E98 /* SecTrustSettings.cpp in Sources */, - 058C797C09F56D1400DB7E98 /* TrustSettings.cpp in Sources */, - 058C797F09F56D1400DB7E98 /* TrustSettingsUtils.cpp in Sources */, - BEE896E70A61F12300BF88A5 /* SecItem.cpp in Sources */, - BEA830070EB17344001CA937 /* SecItemConstants.c in Sources */, - 05AE954A0AA748580076501C /* SecImportExportOpenSSH.cpp in Sources */, - 05A83C800AAF5CEA00906F28 /* ExtendedAttribute.cpp in Sources */, - 05A83C880AAF5E0A00906F28 /* SecKeychainItemExtendedAttributes.cpp in Sources */, - BE296DBF0EAC299C00FD22BE /* SecImportExport.c in Sources */, - BE50AE670F687AB900D28C54 /* TrustAdditions.cpp in Sources */, - 52BA735D112231C70012875E /* CertificateValues.cpp in Sources */, - 521DC57F1125FEE300937BF2 /* SecCertificateP.c in Sources */, - 5261C28A112F0D570047EF8B /* SecFrameworkP.c in Sources */, - 5261C310112F1C560047EF8B /* SecBase64P.c in Sources */, - 4885CFF811C8182D0093ECF6 /* SecRecoveryPassword.c in Sources */, - 52B88DFB11DD0D2D005BCA6B /* SecFDERecoveryAsymmetricCrypto.cpp in Sources */, - 48E66AE3120254D700E878AD /* SecRandom.c in Sources */, - 52E950CD1509B47000DA6511 /* tsaDERUtilities.c in Sources */, - D4486BCF1C65528B0040880D /* SecTrustOSXEntryPoints.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 52200F8814F2B87F00F7F6E7 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 52B609E314F55BFA00134209 /* timestampclient.m in Sources */, - 52B60A0714F5CA9600134209 /* main-tsa.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - 521FBA8C112CB465002BEF54 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libDER; - targetProxy = 521FBA8B112CB465002BEF54 /* PBXContainerItemProxy */; - }; -/* End PBXTargetDependency section */ - -/* Begin XCBuildConfiguration section */ - 0CBD509516C3242200713B6C /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB225146F063C000BF1F3 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)/../regressions", - "$(PROJECT_DIR)/../include", - "$(BUILT_PRODUCTS_DIR)/derived_src", - "$(BUILT_PRODUCTS_DIR)", - "$(PROJECT_DIR)/lib", - "$(PROJECT_DIR)/../utilities", - "$(inherited)", - ); - WARNING_CFLAGS = ( - "$(inherited)", - "-Wno-error=overloaded-virtual", - ); - }; - name = Debug; - }; - 0CBD509616C3242200713B6C /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB227146F063C000BF1F3 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - WARNING_CFLAGS = ( - "$(inherited)", - "-Wno-error=overloaded-virtual", - ); - }; - name = Release; - }; - 4C5719CB12FB5E9F00B31F85 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB225146F063C000BF1F3 /* debug.xcconfig */; - buildSettings = { - CODE_SIGN_IDENTITY = "-"; - COMBINE_HIDPI_IMAGES = YES; - GCC_MODEL_TUNING = G5; - INFOPLIST_FILE = "xpc/XPCKeychainSandboxCheck-Info.plist"; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/${FRAMEWORK_VERSION}/XPCServices"; - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; - PRODUCT_NAME = XPCKeychainSandboxCheck; - PROVISIONING_PROFILE = ""; - SKIP_INSTALL = NO; - WRAPPER_EXTENSION = xpc; - }; - name = Debug; - }; - 4C5719CE12FB5E9F00B31F85 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB227146F063C000BF1F3 /* release.xcconfig */; - buildSettings = { - CODE_SIGN_IDENTITY = "-"; - COMBINE_HIDPI_IMAGES = YES; - GCC_MODEL_TUNING = G5; - INFOPLIST_FILE = "xpc/XPCKeychainSandboxCheck-Info.plist"; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/${FRAMEWORK_VERSION}/XPCServices"; - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; - PRODUCT_NAME = XPCKeychainSandboxCheck; - PROVISIONING_PROFILE = ""; - SKIP_INSTALL = NO; - WRAPPER_EXTENSION = xpc; - }; - name = Release; - }; - 52200F8D14F2B87F00F7F6E7 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB225146F063C000BF1F3 /* debug.xcconfig */; - buildSettings = { - CODE_SIGN_IDENTITY = "-"; - COMBINE_HIDPI_IMAGES = YES; - GCC_MODEL_TUNING = G5; - INFOPLIST_FILE = "xpc-tsa/XPCTimeStampingService-Info.plist"; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/${FRAMEWORK_VERSION}/XPCServices"; - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; - PRODUCT_NAME = XPCTimeStampingService; - PROVISIONING_PROFILE = ""; - SKIP_INSTALL = NO; - WRAPPER_EXTENSION = xpc; - }; - name = Debug; - }; - 52200F8E14F2B87F00F7F6E7 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB227146F063C000BF1F3 /* release.xcconfig */; - buildSettings = { - CODE_SIGN_IDENTITY = "-"; - COMBINE_HIDPI_IMAGES = YES; - GCC_MODEL_TUNING = G5; - INFOPLIST_FILE = "xpc-tsa/XPCTimeStampingService-Info.plist"; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/${FRAMEWORK_VERSION}/XPCServices"; - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; - PRODUCT_NAME = XPCTimeStampingService; - PROVISIONING_PROFILE = ""; - SKIP_INSTALL = NO; - WRAPPER_EXTENSION = xpc; - }; - name = Release; - }; - C27AD37D0987FCDE001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB225146F063C000BF1F3 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - "$(inherited)", - "SECTRUST_OSX=1", - ); - WARNING_CFLAGS = ( - "$(inherited)", - "-Wno-error=overloaded-virtual", - ); - }; - name = Debug; - }; - C27AD3800987FCDE001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB227146F063C000BF1F3 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - "$(inherited)", - "SECTRUST_OSX=1", - ); - WARNING_CFLAGS = ( - "$(inherited)", - "-Wno-error=overloaded-virtual", - ); - }; - name = Release; - }; - C27AD3820987FCDE001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB226146F063C000BF1F3 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)/../regressions", - "$(PROJECT_DIR)/../include", - "$(BUILT_PRODUCTS_DIR)/derived_src", - "$(BUILT_PRODUCTS_DIR)", - "$(PROJECT_DIR)/lib", - "$(PROJECT_DIR)/../utilities", - "$(PROJECT_DIR)/libDER", - "$(inherited)", - ); - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD3850987FCDE001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB226146F063C000BF1F3 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)/../regressions", - "$(PROJECT_DIR)/../include", - "$(BUILT_PRODUCTS_DIR)/derived_src", - "$(BUILT_PRODUCTS_DIR)", - "$(PROJECT_DIR)/lib", - "$(PROJECT_DIR)/../utilities", - "$(PROJECT_DIR)/libDER", - "$(inherited)", - ); - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - 0CBD509416C3242200713B6C /* Build configuration list for PBXNativeTarget "libsecurity_keychain_regressions" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 0CBD509516C3242200713B6C /* Debug */, - 0CBD509616C3242200713B6C /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 4C5719CF12FB5E9F00B31F85 /* Build configuration list for PBXNativeTarget "XPCKeychainSandboxCheck" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 4C5719CB12FB5E9F00B31F85 /* Debug */, - 4C5719CE12FB5E9F00B31F85 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 52200F8C14F2B87F00F7F6E7 /* Build configuration list for PBXNativeTarget "XPCTimeStampingService" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 52200F8D14F2B87F00F7F6E7 /* Debug */, - 52200F8E14F2B87F00F7F6E7 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD37C0987FCDE001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_keychain" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD37D0987FCDE001272E0 /* Debug */, - C27AD3800987FCDE001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD3810987FCDE001272E0 /* Build configuration list for PBXProject "libsecurity_keychain" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3820987FCDE001272E0 /* Debug */, - C27AD3850987FCDE001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; -} diff --git a/OSX/libsecurity_keychain/regressions/kc-05-find-existing-items-locked.c b/OSX/libsecurity_keychain/regressions/kc-05-find-existing-items-locked.c index 3813e5a3..8b849517 100644 --- a/OSX/libsecurity_keychain/regressions/kc-05-find-existing-items-locked.c +++ b/OSX/libsecurity_keychain/regressions/kc-05-find-existing-items-locked.c @@ -37,59 +37,60 @@ static void tests() SecKeychainItemRef item = NULL; // Perform keychain upgrade so future calls will check integrity, then lock keychain - query = makeQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service"), CFSTR("test_service")); - item = checkN(testName, query, 1); + query = createQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service"), CFSTR("test_service")); + item = checkNCopyFirst(testName, query, 1); + CFReleaseNull(item); ok_status(SecKeychainLock(kc), "%s: SecKeychainLock", testName); // Find passwords - query = makeQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service"), CFSTR("test_service")); - item = checkN(testName, query, 1); + query = createQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service"), CFSTR("test_service")); + item = checkNCopyFirst(testName, query, 1); readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // keychain is locked; AuthFailed is what securityd throws if UI access is not allowed CFReleaseNull(item); checkPrompts(0, "after reading a password in locked keychain without UI"); // this should be 1, but is 0 due to how denying UI access works in Credentials - query = makeQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl")); - item = checkN(testName, query, 1); + query = createQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl")); + item = checkNCopyFirst(testName, query, 1); readPasswordContentsWithResult(item, errSecAuthFailed, NULL); CFReleaseNull(item); checkPrompts(0, "trying to read password in locked keychain without UI"); - query = makeQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service"), CFSTR("test_service")); - item = checkN(testName, query, 1); + query = createQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service"), CFSTR("test_service")); + item = checkNCopyFirst(testName, query, 1); readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // keychain is locked CFReleaseNull(item); checkPrompts(0, "after reading a password in locked keychain without UI"); - query = makeQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl")); - item = checkN(testName, query, 1); + query = createQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl")); + item = checkNCopyFirst(testName, query, 1); readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // we don't expect to be able to read this CFReleaseNull(item); checkPrompts(0, "trying to read password in locked keychain without UI"); // Find symmetric keys - query = makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric); - item = checkN(testName, query, 2); + query = createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric); + item = checkNCopyFirst(testName, query, 2); CFReleaseNull(item); // Find asymmetric keys - query = makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic); - item = checkN(testName, query, 2); + query = createQueryKeyDictionary(kc, kSecAttrKeyClassPublic); + item = checkNCopyFirst(testName, query, 2); CFReleaseNull(item); - query = makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate); - item = checkN(testName, query, 2); + query = createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate); + item = checkNCopyFirst(testName, query, 2); CFReleaseNull(item); // Find certificates query = makeBaseQueryDictionary(kc, kSecClassCertificate); - item = checkN(testName, query, 3); + item = checkNCopyFirst(testName, query, 3); CFReleaseNull(item); // ensure we can pull data from a certificate query = makeBaseQueryDictionary(kc, kSecClassCertificate); CFDictionarySetValue(query, kSecMatchSubjectWholeString, CFSTR("test_codesigning")); - item = checkN(testName, query, 1); + item = checkNCopyFirst(testName, query, 1); const unsigned char expectedSHA1[] = { 0x94, 0xdf, 0x22, 0x4a, 0x4d, 0x49, 0x33, 0x27, 0x9e, 0xc5, 0x7e, 0x91, 0x95, 0xcc, 0xbd, 0x51, 0x3d, 0x59, 0xae, 0x34 }; CFDataRef expectedSHAData = CFDataCreateWithBytesNoCopy(NULL, expectedSHA1, sizeof(expectedSHA1), kCFAllocatorNull); eq_cf(SecCertificateGetSHA1Digest((SecCertificateRef) item), expectedSHAData, "%s: expected SHA1 of certificate does not match", testName); diff --git a/OSX/libsecurity_keychain/regressions/kc-05-find-existing-items.c b/OSX/libsecurity_keychain/regressions/kc-05-find-existing-items.c index bd37c96e..27d3abba 100644 --- a/OSX/libsecurity_keychain/regressions/kc-05-find-existing-items.c +++ b/OSX/libsecurity_keychain/regressions/kc-05-find-existing-items.c @@ -37,53 +37,53 @@ static void tests() SecKeychainItemRef item = NULL; // Find passwords - query = makeQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service"), CFSTR("test_service")); - item = checkN(testName, query, 1); + query = createQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service"), CFSTR("test_service")); + item = checkNCopyFirst(testName, query, 1); readPasswordContents(item, CFSTR("test_password")); CFReleaseNull(item); checkPrompts(0, "after reading a password"); - query = makeQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl")); - item = checkN(testName, query, 1); + query = createQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl")); + item = checkNCopyFirst(testName, query, 1); readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // we don't expect to be able to read this CFReleaseNull(item); checkPrompts(1, "trying to read password without access"); - query = makeQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service"), CFSTR("test_service")); - item = checkN(testName, query, 1); + query = createQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service"), CFSTR("test_service")); + item = checkNCopyFirst(testName, query, 1); readPasswordContents(item, CFSTR("test_password")); CFReleaseNull(item); checkPrompts(0, "after reading a password"); - query = makeQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl")); - item = checkN(testName, query, 1); + query = createQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl")); + item = checkNCopyFirst(testName, query, 1); readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // we don't expect to be able to read this CFReleaseNull(item); checkPrompts(1, "trying to read password without access"); // Find symmetric keys - query = makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric); - item = checkN(testName, query, 2); + query = createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric); + item = checkNCopyFirst(testName, query, 2); CFReleaseNull(item); // Find asymmetric keys - query = makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic); - item = checkN(testName, query, 2); + query = createQueryKeyDictionary(kc, kSecAttrKeyClassPublic); + item = checkNCopyFirst(testName, query, 2); CFReleaseNull(item); - query = makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate); - item = checkN(testName, query, 2); + query = createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate); + item = checkNCopyFirst(testName, query, 2); CFReleaseNull(item); // Find certificates query = makeBaseQueryDictionary(kc, kSecClassCertificate); - item = checkN(testName, query, 3); + item = checkNCopyFirst(testName, query, 3); CFReleaseNull(item); // ensure we can pull data from a certificate query = makeBaseQueryDictionary(kc, kSecClassCertificate); CFDictionarySetValue(query, kSecMatchSubjectWholeString, CFSTR("test_codesigning")); - item = checkN(testName, query, 1); + item = checkNCopyFirst(testName, query, 1); const unsigned char expectedSHA1[] = { 0x94, 0xdf, 0x22, 0x4a, 0x4d, 0x49, 0x33, 0x27, 0x9e, 0xc5, 0x7e, 0x91, 0x95, 0xcc, 0xbd, 0x51, 0x3d, 0x59, 0xae, 0x34 }; CFDataRef expectedSHAData = CFDataCreateWithBytesNoCopy(NULL, expectedSHA1, sizeof(expectedSHA1), kCFAllocatorNull); eq_cf(SecCertificateGetSHA1Digest((SecCertificateRef) item), expectedSHAData, "%s: expected SHA1 of certificate does not match", testName); diff --git a/OSX/libsecurity_keychain/regressions/kc-06-cert-search-email.m b/OSX/libsecurity_keychain/regressions/kc-06-cert-search-email.m index 3f04c49f..6675ca17 100644 --- a/OSX/libsecurity_keychain/regressions/kc-06-cert-search-email.m +++ b/OSX/libsecurity_keychain/regressions/kc-06-cert-search-email.m @@ -103,14 +103,11 @@ static void printCertificate(SecCertificateRef certificate, SecPolicyRef policy, if (SecPolicySearchCreate(CSSM_CERT_X_509v3, &CSSMOID_APPLE_X509_BASIC, NULL, &policySearch)==noErr) { SecPolicySearchCopyNext(policySearch, &policy); } - [(id)policySearch release]; - } else { - [(id)policy retain]; } // Create a trust reference, given policy and certificates SecTrustRef trust=nil; - NSArray *certificates = [NSArray arrayWithObject:(id)certificate]; + NSArray *certificates = [NSArray arrayWithObject:(__bridge id)certificate]; status = SecTrustCreateWithCertificates((CFArrayRef)certificates, policy, &trust); SFCertificateData *sfCertData = [[SFCertificateData alloc] initWithCertificate:certificate trust:trust parse:NO]; @@ -119,17 +116,12 @@ static void printCertificate(SecCertificateRef certificate, SecPolicyRef policy, if (statusStr && (strcmp(statusStr, "This certificate is valid") != 0)) fprintf(stdout, " (%s)", statusStr); fprintf(stdout, "\n"); - [sfCertData release]; - - [(id)trust release]; - [(id)policy release]; } static BOOL certificateHasExpired(SecCertificateRef certificate) { SFCertificateData *sfCertData = [[SFCertificateData alloc] initWithCertificate:certificate trust:nil parse:NO]; BOOL result = [sfCertData expired]; - [sfCertData release]; return result; } @@ -177,9 +169,6 @@ static void doCertificateSearchForEmailAddress(SecKeychainRef kc, const char *em int kc_06_cert_search_email(int argc, char *const *argv) { - NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init]; - unsigned int i; - const char *emailAddr = NULL; bool showAll = false; plan_tests(7); @@ -202,6 +191,5 @@ int kc_06_cert_search_email(int argc, char *const *argv) CFReleaseNull(kc); deleteTestFiles(); - [pool release]; return 0; } diff --git a/OSX/libsecurity_keychain/regressions/kc-12-key-create-symmetric-and-use.m b/OSX/libsecurity_keychain/regressions/kc-12-key-create-symmetric-and-use.m index 3cbfec92..a6074bb8 100644 --- a/OSX/libsecurity_keychain/regressions/kc-12-key-create-symmetric-and-use.m +++ b/OSX/libsecurity_keychain/regressions/kc-12-key-create-symmetric-and-use.m @@ -97,7 +97,7 @@ static SecAccessRef createAccess(SecKeychainItemRef item, NSString *accessLabel, ok_status(err, "%s: SecTrustedApplicationCreateFromPath (1)", testName); err = SecTrustedApplicationCreateFromPath("/Applications/Safari.app", &someOther); ok_status(err, "%s: SecTrustedApplicationCreateFromPath (2)", testName); - trustedApplications = [NSArray arrayWithObjects:(id)myself, (id)someOther, nil]; + trustedApplications = [NSArray arrayWithObjects:(__bridge_transfer id)myself, (__bridge_transfer id)someOther, nil]; } // If the keychain item already exists, use its access reference; otherwise, create a new one @@ -242,7 +242,7 @@ int kc_12_key_create_symmetric_and_use(int argc, char *const *argv) if (encryptedData) { NSData *roundtrippedData = decryptData(kc, encryptedData); - eq_cf(roundtrippedData, data, "%s: Round-tripped data does not match original data", testName); + eq_cf((__bridge CFTypeRef) roundtrippedData, (__bridge CFTypeRef) data, "%s: Round-tripped data does not match original data", testName); NSLog(@"Decrypted: %@", roundtrippedData); } } diff --git a/OSX/libsecurity_keychain/regressions/kc-15-item-update-label-skimaad.m b/OSX/libsecurity_keychain/regressions/kc-15-item-update-label-skimaad.m index 81870078..2f772175 100644 --- a/OSX/libsecurity_keychain/regressions/kc-15-item-update-label-skimaad.m +++ b/OSX/libsecurity_keychain/regressions/kc-15-item-update-label-skimaad.m @@ -113,18 +113,12 @@ static OSStatus ChangePasswordKeychain (SecKeychainItemRef itemRef) int kc_15_item_update_label_skimaad(int argc, char *const *argv) { - plan_tests(27); + plan_tests(28); initializeKeychainTests(__FUNCTION__); SecKeychainRef keychain = getPopulatedTestKeychain(); - NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init]; OSStatus status; - OSStatus status1; - SInt32 status3; - CFStringRef theLabel = CFSTR("Notice"); - - CFStringRef theStatusStr = nil; void * myPassword = "myP4sSw0rD"; UInt32 myPasswordLength = (UInt32) strlen(myPassword); @@ -134,13 +128,14 @@ int kc_15_item_update_label_skimaad(int argc, char *const *argv) StorePasswordKeychain(keychain, myPassword, myPasswordLength); - itemRef = checkN(testName, makeQueryCustomItemDictionaryWithService(keychain, kSecClassGenericPassword, CFSTR("SurfWriter"), CFSTR("SurfWriter")), 1); - checkN(testName, makeQueryCustomItemDictionaryWithService(keychain, kSecClassGenericPassword, CFSTR("New Item Label"), CFSTR("New Service")), 0); + itemRef = checkNCopyFirst(testName, createQueryCustomItemDictionaryWithService(keychain, kSecClassGenericPassword, CFSTR("SurfWriter"), CFSTR("SurfWriter")), 1); + checkN(testName, createQueryCustomItemDictionaryWithService(keychain, kSecClassGenericPassword, CFSTR("New Item Label"), CFSTR("New Service")), 0); readPasswordContents(itemRef, CFSTR("myP4sSw0rD")); CFReleaseNull(itemRef); GetPasswordKeychain (keychain, &passwordData,&passwordLength,&itemRef); //Call SecKeychainFindGenericPassword - + + ok(passwordData, "Recieved password data"); /* free the data allocated by SecKeychainFindGenericPassword: */ @@ -152,13 +147,11 @@ int kc_15_item_update_label_skimaad(int argc, char *const *argv) ChangePasswordKeychain(itemRef); - checkN(testName, makeQueryCustomItemDictionaryWithService(keychain, kSecClassGenericPassword, CFSTR("SurfWriter"), CFSTR("SurfWriter")), 0); - itemRef = checkN(testName, makeQueryCustomItemDictionaryWithService(keychain, kSecClassGenericPassword, CFSTR("New Item Label"), CFSTR("New Service")), 1); + checkN(testName, createQueryCustomItemDictionaryWithService(keychain, kSecClassGenericPassword, CFSTR("SurfWriter"), CFSTR("SurfWriter")), 0); + itemRef = checkNCopyFirst(testName, createQueryCustomItemDictionaryWithService(keychain, kSecClassGenericPassword, CFSTR("New Item Label"), CFSTR("New Service")), 1); readPasswordContents(itemRef, CFSTR("myNewP4sSw0rD")); CFReleaseNull(itemRef); - [pool release]; - checkPrompts(0, "no prompts during test"); ok_status(SecKeychainDelete(keychain), "%s: SecKeychainDelete", testName); diff --git a/OSX/libsecurity_keychain/regressions/kc-15-key-update-valueref.c b/OSX/libsecurity_keychain/regressions/kc-15-key-update-valueref.c index 5d8f4682..4bd7779e 100644 --- a/OSX/libsecurity_keychain/regressions/kc-15-key-update-valueref.c +++ b/OSX/libsecurity_keychain/regressions/kc-15-key-update-valueref.c @@ -35,6 +35,7 @@ #include #include #include +#include #include #include @@ -43,7 +44,6 @@ #include #include -static int quiet = 0; static int debug = 1; static int verbose = 1; @@ -127,7 +127,7 @@ static int CreateSymmetricKey( CFDictionaryAddValue( params, kSecAttrAccess, access ); CFDictionaryAddValue( params, kSecAttrKeyClass, kSecAttrKeyClassSymmetric ); CFDictionaryAddValue( params, kSecAttrKeyType, kSecAttrKeyTypeAES ); - CFDictionaryAddValue( params, kSecAttrKeySizeInBits, keySize ); + CFDictionaryAddValue( params, kSecAttrKeySizeInBits, keySize ); CFRelease(keySize); CFDictionaryAddValue( params, kSecAttrIsPermanent, kCFBooleanTrue ); CFDictionaryAddValue( params, kSecAttrCanEncrypt, kCFBooleanTrue ); CFDictionaryAddValue( params, kSecAttrCanDecrypt, kCFBooleanTrue ); @@ -184,6 +184,7 @@ static int TestUpdateItems(SecKeychainRef keychain) CFStringRef curAppTag = CFSTR("SecItemUpdate"); status = CreateSymmetricKey(keychain, curDateLabel, gUUID, curAppTag, noErr); + CFReleaseNull(curDateLabel); if (status && status != errSecDuplicateItem) ++result; @@ -200,7 +201,7 @@ static int TestUpdateItems(SecKeychainRef keychain) CFNumberRef keySize = CFNumberCreate(NULL, kCFNumberIntType, &keySizeValue); CFDictionaryAddValue( params, kSecAttrKeyType, kSecAttrKeyTypeRSA ); - CFDictionaryAddValue( params, kSecAttrKeySizeInBits, keySize ); + CFDictionaryAddValue( params, kSecAttrKeySizeInBits, keySize ); CFReleaseNull(keySize); CFDictionaryAddValue( params, kSecAttrLabel, keyLabel ); // CFDictionaryAddValue( params, kSecAttrAccess, access ); // %%% note that SecKeyGeneratePair will create the key pair in the default keychain @@ -215,8 +216,8 @@ static int TestUpdateItems(SecKeychainRef keychain) PrintTestResult("TestUpdateItems: generating key pair", status, noErr); // Make sure we have the key of interest - checkN(testName, makeQueryKeyDictionaryWithLabel(keychain, kSecAttrKeyClassPrivate, keyLabel), 1); - checkN(testName, makeQueryKeyDictionaryWithLabel(keychain, kSecAttrKeyClassPrivate, newLabel), 0); + checkN(testName, createQueryKeyDictionaryWithLabel(keychain, kSecAttrKeyClassPrivate, keyLabel), 1); + checkN(testName, createQueryKeyDictionaryWithLabel(keychain, kSecAttrKeyClassPrivate, newLabel), 0); // create a query which will match just the private key item (based on its known reference) CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0, @@ -262,8 +263,8 @@ static int TestUpdateItems(SecKeychainRef keychain) PrintTestResult("TestUpdateItems: updating item", status, noErr); // Make sure label changed - checkN(testName, makeQueryKeyDictionaryWithLabel(keychain, kSecAttrKeyClassPrivate, keyLabel), 0); - checkN(testName, makeQueryKeyDictionaryWithLabel(keychain, kSecAttrKeyClassPrivate, newLabel), 1); + checkN(testName, createQueryKeyDictionaryWithLabel(keychain, kSecAttrKeyClassPrivate, keyLabel), 0); + checkN(testName, createQueryKeyDictionaryWithLabel(keychain, kSecAttrKeyClassPrivate, newLabel), 1); if (publicKey) CFRelease(publicKey); diff --git a/OSX/libsecurity_keychain/regressions/kc-16-item-update-password.c b/OSX/libsecurity_keychain/regressions/kc-16-item-update-password.c index 50ad886b..59b295f2 100644 --- a/OSX/libsecurity_keychain/regressions/kc-16-item-update-password.c +++ b/OSX/libsecurity_keychain/regressions/kc-16-item-update-password.c @@ -36,15 +36,15 @@ static void tests() SecKeychainItemRef item = NULL; // Find passwords - query = makeQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service"), CFSTR("test_service")); - item = checkN(testName, query, 1); + query = createQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service"), CFSTR("test_service")); + item = checkNCopyFirst(testName, query, 1); readPasswordContents(item, CFSTR("test_password")); checkPrompts(0, "after reading a password"); changePasswordContents(item, CFSTR("new_password")); checkPrompts(0, "changing a internet password"); readPasswordContents(item, CFSTR("new_password")); checkPrompts(0, "reading a changed internet password"); CFReleaseNull(item); - query = makeQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl")); - item = checkN(testName, query, 1); + query = createQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl")); + item = checkNCopyFirst(testName, query, 1); readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // we don't expect to be able to read this checkPrompts(1, "trying to read internet password without access"); @@ -54,15 +54,15 @@ static void tests() checkPrompts(1, "after changing a internet password without access"); CFReleaseNull(item); - query = makeQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service"), CFSTR("test_service")); - item = checkN(testName, query, 1); + query = createQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service"), CFSTR("test_service")); + item = checkNCopyFirst(testName, query, 1); readPasswordContents(item, CFSTR("test_password")); checkPrompts(0, "after reading a generic password"); changePasswordContents(item, CFSTR("new_password")); checkPrompts(0, "changing a generic password"); readPasswordContents(item, CFSTR("new_password")); checkPrompts(0, "after changing a generic password"); CFReleaseNull(item); - query = makeQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl")); - item = checkN(testName, query, 1); + query = createQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl")); + item = checkNCopyFirst(testName, query, 1); readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // we don't expect to be able to read this checkPrompts(1, "trying to read generic password without access"); diff --git a/OSX/libsecurity_keychain/regressions/kc-18-find-combined.c b/OSX/libsecurity_keychain/regressions/kc-18-find-combined.c index 12de9f6f..45e2dc17 100644 --- a/OSX/libsecurity_keychain/regressions/kc-18-find-combined.c +++ b/OSX/libsecurity_keychain/regressions/kc-18-find-combined.c @@ -42,6 +42,7 @@ #include #include #include +#include #include #include @@ -1055,6 +1056,10 @@ static void PrintStringToMatch(CFStringRef nameStr) static void PrintSecCertificate(SecCertificateRef certificate) { CFStringRef nameStr; + if(!certificate) { + return; + } + OSStatus status = SecCertificateCopyCommonName(certificate, &nameStr); if (status) { fprintf(stderr, "### SecCertificateCopyCommonName error %d\n", (int)status); @@ -1075,6 +1080,10 @@ static void PrintSecCertificate(SecCertificateRef certificate) static void PrintSecIdentity(SecIdentityRef identity) { SecCertificateRef certRef; + if(!identity) { + return; + } + OSStatus status = SecIdentityCopyCertificate(identity, &certRef); if (status) { fprintf(stderr, "### SecIdentityCopyCertificate error %d\n", (int)status); @@ -1220,6 +1229,7 @@ static int TestAddItems(SecKeychainRef keychain) }; status = SecItemImport(p12DataRef, NULL, &format, &itemType, flags, &keyParams, keychain, NULL); + CFReleaseSafe(p12DataRef); CFRelease(keyUsagesArray); CFRelease(keyAttrsArray); #endif @@ -1266,6 +1276,7 @@ static int TestAddItems(SecKeychainRef keychain) }; status = SecItemImport(p12DataRef, NULL, &format, &itemType, flags, &keyParams, keychain, NULL); + CFReleaseSafe(p12DataRef); CFRelease(keyUsagesArray); CFRelease(keyAttrsArray); #endif @@ -1297,6 +1308,7 @@ static int TestAddItems(SecKeychainRef keychain) }; status = SecItemImport(p12DataRef, NULL, &format, &itemType, flags, &keyParams, keychain, NULL); + CFReleaseNull(p12DataRef); CFRelease(keyUsagesArray); CFRelease(keyAttrsArray); ok_status(status, "Unable to import TestIDSSL2007_p12 identity: error %d\n", (int)status); @@ -1327,6 +1339,7 @@ static int TestAddItems(SecKeychainRef keychain) }; status = SecItemImport(p12DataRef, NULL, &format, &itemType, flags, &keyParams, keychain, NULL); + CFReleaseSafe(p12DataRef); CFRelease(keyUsagesArray); CFRelease(keyAttrsArray); ok_status(status, "Unable to import TestIDSMIME2007_p12 identity: error %d\n", (int)status); @@ -2529,7 +2542,7 @@ static int CreateSymmetricKey( CFDictionaryAddValue( params, kSecAttrAccess, access ); CFDictionaryAddValue( params, kSecAttrKeyClass, kSecAttrKeyClassSymmetric ); CFDictionaryAddValue( params, kSecAttrKeyType, kSecAttrKeyTypeAES ); - CFDictionaryAddValue( params, kSecAttrKeySizeInBits, keySize ); + CFDictionaryAddValue( params, kSecAttrKeySizeInBits, keySize ); CFReleaseNull(keySize); CFDictionaryAddValue( params, kSecAttrIsPermanent, kCFBooleanTrue ); CFDictionaryAddValue( params, kSecAttrCanEncrypt, kCFBooleanTrue ); CFDictionaryAddValue( params, kSecAttrCanDecrypt, kCFBooleanTrue ); @@ -2788,11 +2801,13 @@ static int TestIdentityLookup(SecKeychainRef keychain) CFDateRef aPastValidDate = CFDateCreate(kCFAllocatorDefault, CFGregorianDateGetAbsoluteTime(aPastValidGDate, NULL)); if (FindIdentityByNameAndValidDate(keychain, CFSTR(" 2007"), aPastValidDate, kSecReturnRef, kSecMatchLimitAll, 0, noErr)) ++result; + CFReleaseNull(aPastValidDate); // test the ability of kCFNull to denote "currently valid" (should not find anything, since the " 2007" certs are expired) if (FindIdentityByNameAndValidDate(keychain, CFSTR(" 2007"), kCFNull, kSecReturnRef, kSecMatchLimitAll, 0, errSecItemNotFound)) ++result; + // test Ian's bug: ; the 4th argument is a string which should NOT be present in any found items if (FindIdentityByPolicyAndValidDate(keychain, kSecPolicyAppleSMIME, FALSE, kCFNull, CFSTR(" 2007"), kSecReturnAttributes, kSecMatchLimitAll, 0, errSecSuccess)) ++result; @@ -3140,7 +3155,7 @@ static int TestUpdateItems(SecKeychainRef keychain) CFNumberRef keySize = CFNumberCreate(NULL, kCFNumberIntType, &keySizeValue); CFStringRef keyLabel = CFSTR("AppleID 8658820 test key"); CFDictionaryAddValue( params, kSecAttrKeyType, kSecAttrKeyTypeRSA ); - CFDictionaryAddValue( params, kSecAttrKeySizeInBits, keySize ); + CFDictionaryAddValue( params, kSecAttrKeySizeInBits, keySize ); CFReleaseNull(keySize); CFDictionaryAddValue( params, kSecAttrLabel, keyLabel ); CFDictionaryAddValue( params, kSecUseKeychain, keychain ); // CFDictionaryAddValue( params, kSecAttrAccess, access ); diff --git a/OSX/libsecurity_keychain/regressions/kc-20-item-add-stress.c b/OSX/libsecurity_keychain/regressions/kc-20-item-add-stress.c new file mode 100644 index 00000000..4cb9f6f5 --- /dev/null +++ b/OSX/libsecurity_keychain/regressions/kc-20-item-add-stress.c @@ -0,0 +1,103 @@ +/* + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the xLicense. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +#import + +#include "keychain_regressions.h" +#include "kc-helpers.h" +#include "kc-item-helpers.h" + +#include + +#define BLOCKS 300 + +static void tests() { + SecKeychainRef kc = getPopulatedTestKeychain(); + + static dispatch_once_t onceToken = 0; + static dispatch_queue_t process_queue = NULL; + dispatch_once(&onceToken, ^{ + process_queue = dispatch_queue_create("com.apple.security.item-add-queue", DISPATCH_QUEUE_CONCURRENT); + }); + dispatch_group_t g = dispatch_group_create(); + + for(int i = 0; i < BLOCKS; i++) { + dispatch_group_async(g, process_queue, ^() { + SecKeychainItemRef blockItem = NULL; + CFStringRef itemclass = kSecClassInternetPassword; + + CFStringRef label = CFStringCreateWithFormat(NULL, NULL, CFSTR("testItem%05d"), i); + CFStringRef account = CFSTR("testAccount"); + CFStringRef service = CFStringCreateWithFormat(NULL, NULL, CFSTR("testService%05d"), i); + char * name; + asprintf(&name, "%s (item %d)", testName, i); + + // add the item + blockItem = createCustomItem(name, kc, createAddCustomItemDictionaryWithService(kc, itemclass, label, account, service)); + CFReleaseNull(blockItem); + + // find the item + blockItem = checkNCopyFirst(name, createQueryCustomItemDictionaryWithService(kc, itemclass, label, service), 1); + readPasswordContents(blockItem, CFSTR("data")); + + // update the item + CFMutableDictionaryRef newData = CFDictionaryCreateMutable(NULL, 0, + &kCFTypeDictionaryKeyCallBacks, + &kCFTypeDictionaryValueCallBacks); + CFDataRef differentdata = CFDataCreate(NULL, (void*)"differentdata", strlen("differentdata")); + CFDictionarySetValue(newData, kSecValueData, differentdata); + CFReleaseNull(differentdata); + + CFDictionaryRef query = createQueryCustomItemDictionaryWithService(kc, itemclass, label, service); + ok_status(SecItemUpdate(query, newData), "%s: SecItemUpdate", name); + CFReleaseNull(query); + readPasswordContents(blockItem, CFSTR("differentdata")); + + // delete the item + ok_status(SecKeychainItemDelete(blockItem), "%s: SecKeychainItemDelete", name); + CFReleaseNull(blockItem); + blockItem = checkNCopyFirst(name, createQueryCustomItemDictionaryWithService(kc, itemclass, label, service), 0); + + free(name); + CFReleaseNull(label); + CFReleaseNull(service); + CFReleaseNull(blockItem); + }); + } + + dispatch_group_wait(g, DISPATCH_TIME_FOREVER); + + ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", testName); + CFReleaseNull(kc); +} + +int kc_20_item_add_stress(int argc, char *const *argv) +{ + plan_tests(( makeItemTests + checkNTests + readPasswordContentsTests + 1 + readPasswordContentsTests + 1 + checkNTests )*BLOCKS + getPopulatedTestKeychainTests + 1); + initializeKeychainTests(__FUNCTION__); + + tests(); + + deleteTestFiles(); + return 0; +} diff --git a/OSX/libsecurity_keychain/regressions/kc-20-item-delete-stress.c b/OSX/libsecurity_keychain/regressions/kc-20-item-delete-stress.c new file mode 100644 index 00000000..51130929 --- /dev/null +++ b/OSX/libsecurity_keychain/regressions/kc-20-item-delete-stress.c @@ -0,0 +1,114 @@ +/* + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the xLicense. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +#import + +#include "keychain_regressions.h" +#include "kc-helpers.h" +#include "kc-item-helpers.h" + +#include +#include + +#include + +#define BLOCKS 30 + +static OSStatus callbackFunction(SecKeychainEvent keychainEvent, + SecKeychainCallbackInfo *info, void *context) +{ + CFRetainSafe(info->item); + //printf("received a callback: %d %p\n", keychainEvent, info->item); + CFReleaseNull(info->item); + + return 0; +} + +static void tests() { + SecKeychainRef kc = getEmptyTestKeychain(); + + static dispatch_once_t onceToken = 0; + static dispatch_queue_t process_queue = NULL; + dispatch_once(&onceToken, ^{ + process_queue = dispatch_queue_create("com.apple.security.item-add-queue", DISPATCH_QUEUE_CONCURRENT); + + dispatch_queue_set_width(process_queue, 40); + }); + dispatch_group_t g = dispatch_group_create(); + + + // Run the CFRunLoop to clear out existing notifications + CFRunLoopRunInMode(kCFRunLoopDefaultMode, 1.0, false); + + UInt32 didGetNotification = 0; + ok_status(SecKeychainAddCallback(callbackFunction, kSecAddEventMask | kSecDeleteEventMask | kSecDataAccessEventMask, &didGetNotification), "add callback"); + + // Run the CFRunLoop to mark this run loop as "pumped" + CFRunLoopRunInMode(kCFRunLoopDefaultMode, 1.0, false); + + for(int i = 0; i < BLOCKS; i++) { + dispatch_group_async(g, process_queue, ^() { + SecKeychainItemRef blockItem = NULL; + CFStringRef itemclass = kSecClassInternetPassword; + + CFStringRef label = CFStringCreateWithFormat(NULL, NULL, CFSTR("testItem%05d"), i); + CFStringRef account = CFSTR("testAccount"); + CFStringRef service = CFStringCreateWithFormat(NULL, NULL, CFSTR("testService%05d"), i); + char * name; + asprintf(&name, "%s (item %d)", testName, i); + + // add the item + blockItem = createCustomItem(name, kc, createAddCustomItemDictionaryWithService(kc, itemclass, label, account, service)); + + ok_status(SecKeychainItemDelete(blockItem), "%s: SecKeychainItemDelete", name); + usleep(100 * arc4random_uniform(10000)); + CFReleaseNull(blockItem); + + free(name); + CFReleaseNull(label); + CFReleaseNull(service); + }); + } + + // Process run loop until every block has run + while(dispatch_group_wait(g, DISPATCH_TIME_NOW) != 0) { + CFRunLoopRunInMode(kCFRunLoopDefaultMode, 1.0, false); + } + + // One last hurrah + CFRunLoopRunInMode(kCFRunLoopDefaultMode, 1.0, false); + + ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", testName); + CFReleaseNull(kc); +} + +int kc_20_item_delete_stress(int argc, char *const *argv) +{ + plan_tests(getEmptyTestKeychainTests + 1 + (createCustomItemTests + 1)*BLOCKS + 1); + initializeKeychainTests(__FUNCTION__); + + tests(); + + deleteTestFiles(); + return 0; +} diff --git a/OSX/libsecurity_keychain/regressions/kc-20-item-find-stress.c b/OSX/libsecurity_keychain/regressions/kc-20-item-find-stress.c index 7f044612..2f40f1a4 100644 --- a/OSX/libsecurity_keychain/regressions/kc-20-item-find-stress.c +++ b/OSX/libsecurity_keychain/regressions/kc-20-item-find-stress.c @@ -48,7 +48,7 @@ static void tests() { dispatch_group_async(g, release_queue, ^() { SecKeychainItemRef blockItem = NULL; - CFMutableDictionaryRef query = makeQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service"), CFSTR("test_service")); + CFMutableDictionaryRef query = createQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service"), CFSTR("test_service")); CFDictionarySetValue(query, kSecMatchLimit, kSecMatchLimitOne); ok_status(SecItemCopyMatching(query, (CFTypeRef*) &blockItem), "%s: SecItemCopyMatching(%d)", testName, i); diff --git a/OSX/libsecurity_keychain/regressions/kc-20-key-find-stress.c b/OSX/libsecurity_keychain/regressions/kc-20-key-find-stress.c index 334de5d7..88d248ad 100644 --- a/OSX/libsecurity_keychain/regressions/kc-20-key-find-stress.c +++ b/OSX/libsecurity_keychain/regressions/kc-20-key-find-stress.c @@ -48,7 +48,7 @@ static void tests() { dispatch_group_async(g, release_queue, ^() { SecKeychainItemRef blockItem = NULL; - CFMutableDictionaryRef query = makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric); + CFMutableDictionaryRef query = createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric); CFDictionarySetValue(query, kSecMatchLimit, kSecMatchLimitOne); ok_status(SecItemCopyMatching(query, (CFTypeRef*) &blockItem), "%s: SecItemCopyMatching(%d)", testName, i); diff --git a/OSX/libsecurity_keychain/regressions/kc-21-item-use-callback.c b/OSX/libsecurity_keychain/regressions/kc-21-item-use-callback.c index 808c93ab..e373db89 100644 --- a/OSX/libsecurity_keychain/regressions/kc-21-item-use-callback.c +++ b/OSX/libsecurity_keychain/regressions/kc-21-item-use-callback.c @@ -6,6 +6,13 @@ #include "keychain_regressions.h" #include "kc-helpers.h" +/* + Note: to force a failure, run this as root: + chmod o-r /var/db/mds/messages/se_SecurityMessages + Restore with + chmod o+r /var/db/mds/messages/se_SecurityMessages + */ + static char account[] = "account"; static char service[] = "service"; static char password[] = "password"; @@ -32,6 +39,7 @@ static void checkContent(SecKeychainItemRef itemRef) is(length, sizeof(password), " " "SecKeychainItemCopyContent() returns bad data on items " "from notifications"); + ok(data, "received data from item"); ok(!memcmp(password, data, length), "password data matches."); @@ -61,7 +69,7 @@ static OSStatus callbackFunction(SecKeychainEvent keychainEvent, int kc_21_item_use_callback(int argc, char *const *argv) { - plan_tests(14); + plan_tests(16); // Run the CFRunLoop to clear out existing notifications CFRunLoopRunInMode(kCFRunLoopDefaultMode, 1.0, false); @@ -85,6 +93,8 @@ kc_21_item_use_callback(int argc, char *const *argv) CFRelease(itemRef); + ok_status(SecKeychainRemoveCallback(callbackFunction), "Remove callback"); + ok_status(SecKeychainDelete(keychain), "%s: SecKeychainDelete", testName); CFRelease(keychain); diff --git a/OSX/libsecurity_keychain/regressions/kc-23-key-export-symmetric.m b/OSX/libsecurity_keychain/regressions/kc-23-key-export-symmetric.m index 6fc075ee..7c7c023d 100644 --- a/OSX/libsecurity_keychain/regressions/kc-23-key-export-symmetric.m +++ b/OSX/libsecurity_keychain/regressions/kc-23-key-export-symmetric.m @@ -103,11 +103,10 @@ int kc_23_key_export_symmetric(int argc, char *const *argv) SecKeychainRef kc = getPopulatedTestKeychain(); - NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init]; SecKeyRef cryptokey; OSStatus status; - CFStringRef label = (CFStringRef)([NSString stringWithFormat:@"Symmetric Cryptotest %ld %d", (long)time(NULL), arc4random(), nil]); + CFStringRef label = (__bridge_retained CFStringRef)([NSString stringWithFormat:@"Symmetric Cryptotest %ld %d", (long)time(NULL), arc4random(), nil]); cryptokey = generateSymmetricKey(kc, label); // Using SecItemExport @@ -135,8 +134,6 @@ int kc_23_key_export_symmetric(int argc, char *const *argv) ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", testName); CFReleaseNull(kc); - [pool drain]; - deleteTestFiles(); return 0; } diff --git a/OSX/libsecurity_keychain/regressions/kc-24-key-copy-keychains.c b/OSX/libsecurity_keychain/regressions/kc-24-key-copy-keychains.c index 2797dc6f..f0342a96 100644 --- a/OSX/libsecurity_keychain/regressions/kc-24-key-copy-keychains.c +++ b/OSX/libsecurity_keychain/regressions/kc-24-key-copy-keychains.c @@ -76,7 +76,7 @@ static OSStatus GenerateRSAKeyPair( CFDictionaryAddValue( params, kSecUseKeychain, keychain ); CFDictionaryAddValue( params, kSecAttrAccess, access ); CFDictionaryAddValue( params, kSecAttrKeyType, kSecAttrKeyTypeRSA ); - CFDictionaryAddValue( params, kSecAttrKeySizeInBits, keySize ); + CFDictionaryAddValue( params, kSecAttrKeySizeInBits, keySize ); CFReleaseNull(keySize); CFDictionaryAddValue( params, kSecAttrIsPermanent, kCFBooleanTrue ); if (extractable) @@ -208,7 +208,7 @@ static int testCopyKey(SecKeychainRef userKeychain, SecKeychainRef tempKeychain) ok_status(status, "%s: SecItemExport", testName); if (!exportedData || status != noErr) { - warnc(EXIT_FAILURE, "Unable to export key! (error %d)", (int)status); + errx(EXIT_FAILURE, "Unable to export key! (error %d)", (int)status); } // set up an explicit access control instance for the imported key @@ -258,7 +258,7 @@ static int testCopyKey(SecKeychainRef userKeychain, SecKeychainRef tempKeychain) } // ensure that key was copied, and its label changed - checkN(testName, makeQueryKeyDictionaryWithLabel(userKeychain, kSecAttrKeyClassPrivate, label), 1); + checkN(testName, createQueryKeyDictionaryWithLabel(userKeychain, kSecAttrKeyClassPrivate, label), 1); if (access) CFRelease(access); diff --git a/OSX/libsecurity_keychain/regressions/kc-26-key-import-public.m b/OSX/libsecurity_keychain/regressions/kc-26-key-import-public.m index 49b3c6c8..7a85ff7d 100644 --- a/OSX/libsecurity_keychain/regressions/kc-26-key-import-public.m +++ b/OSX/libsecurity_keychain/regressions/kc-26-key-import-public.m @@ -100,7 +100,7 @@ static void testPubKeyImport(void) { OSStatus status = errSecSuccess; - NSArray* outputItems = nil; + CFArrayRef outputItems = nil; SecKeychainRef keychain = NULL; NSData* keyData = [NSData dataWithBytes:kPublicKey length:sizeof(kPublicKey)]; SecExternalFormat format = kSecFormatUnknown; @@ -111,7 +111,7 @@ testPubKeyImport(void) status = SecItemImport((CFDataRef)keyData, NULL, &format, &keyType, 0, NULL, - keychain, (CFArrayRef *)&outputItems); + keychain, &outputItems); NSLog(@"SecItemImport result = %d", (int)status); @@ -189,6 +189,7 @@ testPubKeyImportWithModulusAndExponent(SecKeychainRef keychain) CFArrayRef outArray = NULL; status = SecItemImport(pkcs1, NULL, &externalFormat, &externalItemType, 0, NULL, keychain, &outArray); + CFReleaseNull(pkcs1); ok_status(status, "%s: SecItemImport", testName); if (status != errSecSuccess) { NSLog(@"SecItemImport result = %d", (int)status); @@ -207,10 +208,8 @@ int kc_26_key_import_public(int argc, char *const *argv) SecKeychainRef kc = getPopulatedTestKeychain(); - NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init]; // testPubKeyImport(); testPubKeyImportWithModulusAndExponent(kc); - [pool drain]; ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", testName); CFReleaseNull(kc); diff --git a/OSX/libsecurity_keychain/regressions/kc-27-key-non-extractable.c b/OSX/libsecurity_keychain/regressions/kc-27-key-non-extractable.c index 8dd17e33..005aaef4 100644 --- a/OSX/libsecurity_keychain/regressions/kc-27-key-non-extractable.c +++ b/OSX/libsecurity_keychain/regressions/kc-27-key-non-extractable.c @@ -89,7 +89,7 @@ static OSStatus GenerateRSAKeyPair( CFDictionaryAddValue( params, kSecUseKeychain, keychain ); CFDictionaryAddValue( params, kSecAttrAccess, access ); CFDictionaryAddValue( params, kSecAttrKeyType, kSecAttrKeyTypeRSA ); - CFDictionaryAddValue( params, kSecAttrKeySizeInBits, keySize ); + CFDictionaryAddValue( params, kSecAttrKeySizeInBits, keySize ); CFReleaseNull(keySize); CFDictionaryAddValue( params, kSecAttrIsPermanent, kCFBooleanTrue ); if (extractable) diff --git a/OSX/libsecurity_keychain/regressions/kc-28-cert-sign.c b/OSX/libsecurity_keychain/regressions/kc-28-cert-sign.c index 19f48da1..c05661e6 100644 --- a/OSX/libsecurity_keychain/regressions/kc-28-cert-sign.c +++ b/OSX/libsecurity_keychain/regressions/kc-28-cert-sign.c @@ -549,6 +549,7 @@ static int TestSignAndVerifyDataWithIdentity(SecIdentityRef identity) OSStatus verifyResult=0; SecPolicyRef policy = SecPolicyCreateBasicX509(); status = CMSDecoderCopySignerStatus(decoder, 0, policy, false, &signerStatus, NULL, &verifyResult); + CFReleaseNull(policy); ok_status(status, "%s: CMSDecoderCopySignerStatus", testName); if (status) { fprintf(stderr, "Unable to copy signer status: error %d\n", (int)status); @@ -602,6 +603,8 @@ static int Test() ok_status(SecCertificateAddToKeychain(goodLeaf, goodKeychain), "%s: SecCertificateAddToKeychain (goodLeaf)", testName); ok_status(SecCertificateAddToKeychain(badLeaf, badKeychain), "%s: SecCertificateAddToKeychain (badLeaf)", testName); + CFReleaseNull(root); + /* import P12 container */ { CFDataRef p12DataRef = CFDataCreateWithBytesNoCopy(NULL, TestIdentity_p12, @@ -627,6 +630,7 @@ static int Test() }; status = SecItemImport(p12DataRef, NULL, &format, &itemType, flags, &keyParams, goodKeychain, &items); + CFReleaseNull(p12DataRef); ok_status(status, "%s: SecItemImport", testName); CFRelease(keyUsagesArray); @@ -666,6 +670,7 @@ static int Test() } if (items) CFRelease(items); + ok(identity, "Have an identity"); status = SecIdentityCopyPrivateKey(identity, &privateKey); ok_status(status, "%s: SecItentityCopyPrivateKey", testName); @@ -673,10 +678,13 @@ static int Test() if (verbose) { fprintf(stdout, "### cert 1 ###\n"); } + CFReleaseNull(identity); + identity = SecIdentityCreate(kCFAllocatorDefault, goodLeaf, privateKey); + CFReleaseNull(goodLeaf); if (status) { - identity = NULL; + CFReleaseNull(identity); } if (!identity) { fprintf(stderr, "Failed to create identity #1: error %d\n", (int)status); @@ -690,6 +698,7 @@ static int Test() fprintf(stdout, "### cert 2 ###\n"); } identity = SecIdentityCreate(kCFAllocatorDefault, badLeaf, privateKey); + CFReleaseNull(badLeaf); if (status) { identity = NULL; } @@ -719,7 +728,7 @@ static int Test() int kc_28_cert_sign(int argc, char *const *argv) { - plan_tests(31); + plan_tests(32); initializeKeychainTests(__FUNCTION__); verbose = test_verbose; diff --git a/OSX/libsecurity_keychain/regressions/kc-28-p12-import.m b/OSX/libsecurity_keychain/regressions/kc-28-p12-import.m index c12776d0..df90e70f 100644 --- a/OSX/libsecurity_keychain/regressions/kc-28-p12-import.m +++ b/OSX/libsecurity_keychain/regressions/kc-28-p12-import.m @@ -102,7 +102,7 @@ verifyPrivateKeyExtractability(BOOL extractable, NSArray *items) static void setIdentityPreferenceForImportedIdentity(SecKeychainRef importKeychain, NSString *name, NSArray *items) { - CFArrayRef importedItems = (CFArrayRef)items; + CFArrayRef importedItems = (__bridge CFArrayRef)items; if (importedItems) { @@ -154,7 +154,7 @@ testP12Import(BOOL extractable, SecKeychainRef keychain, const char *p12Path, CF NSString *file = [NSString stringWithUTF8String:p12Path]; NSData *p12Data = [[NSData alloc] initWithContentsOfFile:file]; NSArray *keyAttrs = nil; - NSArray *outItems = nil; + CFArrayRef outItems = nil; SecExternalFormat externFormat = kSecFormatPKCS12; SecExternalItemType itemType = kSecItemTypeAggregate; // certificates and keys @@ -187,14 +187,12 @@ testP12Import(BOOL extractable, SecKeychainRef keychain, const char *p12Path, CF { // explicitly set the key attributes, omitting kSecAttrIsExtractable keyAttrs = [[NSArray alloc] initWithObjects: (id) kSecAttrIsPermanent, kSecAttrIsSensitive, nil]; - keyParams->keyAttributes = (CFArrayRef) keyAttrs; + keyParams->keyAttributes = (__bridge_retained CFArrayRef) keyAttrs; } } if (useDeprecatedAPI) // SecKeychainItemImport, deprecated as of 10.7 { - SecKeyImportExportParameters *keyParams = (SecKeyImportExportParameters *)keyParamsPtr; - status = SecKeychainItemImport((CFDataRef)p12Data, NULL, &externFormat, @@ -207,8 +205,6 @@ testP12Import(BOOL extractable, SecKeychainRef keychain, const char *p12Path, CF } else // SecItemImport { - SecItemImportExportKeyParameters *keyParams = (SecItemImportExportKeyParameters *)keyParamsPtr; - status = SecItemImport((CFDataRef)p12Data, NULL, &externFormat, @@ -220,18 +216,16 @@ testP12Import(BOOL extractable, SecKeychainRef keychain, const char *p12Path, CF ok_status(status, "%s: SecItemImport", testName); } - verifyPrivateKeyExtractability(extractable, outItems); + verifyPrivateKeyExtractability(extractable, (__bridge NSArray*) outItems); - checkN(testName, makeQueryKeyDictionaryWithLabel(keychain, kSecAttrKeyClassPrivate, CFSTR("test_import")), 1); + checkN(testName, createQueryKeyDictionaryWithLabel(keychain, kSecAttrKeyClassPrivate, CFSTR("test_import")), 1); checkN(testName, addLabel(makeBaseQueryDictionary(keychain, kSecClassCertificate), CFSTR("test_import")), 1); - setIdentityPreferenceForImportedIdentity(keychain, @"kc-28-p12-import@apple.com", outItems); + setIdentityPreferenceForImportedIdentity(keychain, @"kc-28-p12-import@apple.com", (__bridge NSArray*) outItems); - deleteItems((__bridge CFArrayRef) outItems); + deleteItems(outItems); - [keyAttrs release]; - [p12Data release]; - [outItems release]; + CFReleaseNull(outItems); return status; } @@ -243,8 +237,6 @@ int kc_28_p12_import(int argc, char *const *argv) SecKeychainRef kc = getPopulatedTestKeychain(); - NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init]; - removeIdentityPreference(false); // if there's still an identity preference in the keychain, we'll get prompts. Delete it pre-emptively (but don't test about it) writeFile(keychainTempFile, test_import_p12, test_import_p12_len); @@ -261,8 +253,6 @@ int kc_28_p12_import(int argc, char *const *argv) checkPrompts(0, "No prompts while importing items"); - [pool release]; - deleteTestFiles(); return 0; } diff --git a/OSX/libsecurity_keychain/regressions/kc-30-xara-helpers.h b/OSX/libsecurity_keychain/regressions/kc-30-xara-helpers.h index 05c329c2..5d461e64 100644 --- a/OSX/libsecurity_keychain/regressions/kc-30-xara-helpers.h +++ b/OSX/libsecurity_keychain/regressions/kc-30-xara-helpers.h @@ -225,7 +225,7 @@ static void checkHashesMatch(const char* name, SecKeychainItemRef item, SecKeych } #define checkHashesMatchTests (getIntegrityHashTests + getIntegrityHashTests + 1) -#pragma clang pop +#pragma clang diagnostic pop #else #endif /* TARGET_OS_MAC */ diff --git a/OSX/libsecurity_keychain/regressions/kc-30-xara-item-helpers.h b/OSX/libsecurity_keychain/regressions/kc-30-xara-item-helpers.h index b6f776c6..87c6f2f4 100644 --- a/OSX/libsecurity_keychain/regressions/kc-30-xara-item-helpers.h +++ b/OSX/libsecurity_keychain/regressions/kc-30-xara-item-helpers.h @@ -68,9 +68,10 @@ static void testCopyMatchingItem(CFStringRef itemclass, CFStringRef expectedHash SecKeychainRef kc = newKeychain(name); makeItemWithIntegrity(name, kc, itemclass, expectedHash); - SecKeychainItemRef item = checkN(name, makeQueryItemDictionary(kc, itemclass), 1); + SecKeychainItemRef item = checkNCopyFirst(name, createQueryItemDictionary(kc, itemclass), 1); checkIntegrityHash(name, item, expectedHash); ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); + CFReleaseNull(item); CFReleaseNull(kc); } #define testCopyMatchingItemTests (newKeychainTests + makeItemWithIntegrityTests + checkNTests + checkIntegrityHashTests + 1) @@ -83,7 +84,7 @@ static void testUpdateItem(CFStringRef itemclass, CFStringRef expectedHashOrig, SecKeychainRef kc = newKeychain(name); makeItemWithIntegrity(name, kc, itemclass, expectedHashOrig); - CFMutableDictionaryRef query = makeQueryItemDictionary(kc, itemclass); + CFMutableDictionaryRef query = createQueryItemDictionary(kc, itemclass); CFMutableDictionaryRef update = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); CFDictionarySetValue(update, kSecAttrComment, CFSTR("a modification")); CFDictionarySetValue(update, kSecAttrAccount, CFSTR("a account modification")); @@ -92,21 +93,24 @@ static void testUpdateItem(CFStringRef itemclass, CFStringRef expectedHashOrig, CFReleaseNull(update); - SecKeychainItemRef item = checkN(name, makeQueryItemDictionary(kc, itemclass), 1); + SecKeychainItemRef item = checkNCopyFirst(name, createQueryItemDictionary(kc, itemclass), 1); checkIntegrityHash(name, item, expectedHashAfter); CFReleaseNull(item); // Check that updating data works update = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - CFDictionarySetValue(update, kSecValueData, CFDataCreate(NULL, (void*)"data", 4)); + CFDataRef data = CFDataCreate(NULL, (void*)"data", 4); + CFDictionarySetValue(update, kSecValueData, data); + CFReleaseNull(data); ok_status(SecItemUpdate(query, update), "%s: SecItemUpdate", name); - item = checkN(name, makeQueryItemDictionary(kc, itemclass), 1); + item = checkNCopyFirst(name, createQueryItemDictionary(kc, itemclass), 1); checkIntegrityHash(name, item, expectedHashAfter); checkPartitionIDs(name, item, 1); CFReleaseNull(query); CFReleaseNull(update); + CFReleaseNull(item); ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); CFReleaseNull(kc); @@ -139,13 +143,14 @@ static void testDeleteItem(CFStringRef itemclass, CFStringRef expectedHash) { SecKeychainRef kc = newKeychain(name); makeItemWithIntegrity(name, kc, itemclass, expectedHash); - SecKeychainItemRef item = checkN(name, makeQueryItemDictionary(kc, itemclass), 1); + SecKeychainItemRef item = checkNCopyFirst(name, createQueryItemDictionary(kc, itemclass), 1); checkIntegrityHash(name, item, expectedHash); ok_status(SecKeychainItemDelete(item), "%s: SecKeychainItemDelete", name); - checkN(name, makeQueryItemDictionary(kc, itemclass), 0); + checkN(name, createQueryItemDictionary(kc, itemclass), 0); ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); CFReleaseNull(kc); + CFReleaseNull(item); } #define testDeleteItemTests (newKeychainTests + makeItemWithIntegrityTests + checkNTests + checkIntegrityHashTests + 1 + checkNTests + 1) @@ -169,33 +174,33 @@ static void testUpdateRetainedItem(CFStringRef itemclass) { writeEmptyV512Keychain(name, keychainDbFile); SecKeychainRef kc = openCustomKeychain(name, keychainName, "password"); - SecKeychainItemRef item = makeCustomItem(name, kc, makeAddCustomItemDictionary(kc, itemclass, CFSTR("test_label"), CFSTR("account1"))); + SecKeychainItemRef item = createCustomItem(name, kc, createAddCustomItemDictionary(kc, itemclass, CFSTR("test_label"), CFSTR("account1"))); - CFRelease(checkN(name, makeQueryCustomItemDictionary(kc, itemclass, CFSTR("test_label")), 1)); + checkN(name, createQueryCustomItemDictionary(kc, itemclass, CFSTR("test_label")), 1); cmp_ok(CFGetRetainCount(item), >=, 1, "%s: CFGetRetainCount(item)", name); // Bump our local database version number a few times, so we'll re-read the database when we reset it later - CFReleaseSafe(makeCustomItem(name, kc, makeAddCustomItemDictionary(kc, itemclass, CFSTR("version"), CFSTR("version")))); - CFReleaseSafe(makeCustomItem(name, kc, makeAddCustomItemDictionary(kc, itemclass, CFSTR("bump"), CFSTR("bump")))); + CFReleaseSafe(createCustomItem(name, kc, createAddCustomItemDictionary(kc, itemclass, CFSTR("version"), CFSTR("version")))); + CFReleaseSafe(createCustomItem(name, kc, createAddCustomItemDictionary(kc, itemclass, CFSTR("bump"), CFSTR("bump")))); // Simulate another process deleting the items we just made, and us not receiving the notification writeEmptyV512Keychain(name, keychainDbFile); // Generate some keychain notifications on a different keychain so the AppleDatabase will reload test.keychain SecKeychainRef kc2 = newCustomKeychain(name, "unrelated.keychain", "password"); - CFReleaseSafe(makeCustomItem(name, kc2, makeAddCustomItemDictionary(kc, itemclass, CFSTR("unrelated1_label"), CFSTR("unrelated1")))); + CFReleaseSafe(createCustomItem(name, kc2, createAddCustomItemDictionary(kc, itemclass, CFSTR("unrelated1_label"), CFSTR("unrelated1")))); ok_status(SecKeychainDelete(kc2), "%s: SecKeychainDelete", name); CFReleaseNull(kc2); secnotice("integrity", "************************************* should reload database\n"); - SecKeychainItemRef item2 = makeCustomItem(name, kc, makeAddCustomItemDictionary(kc, itemclass, CFSTR("not_a_test_label"), CFSTR("account2"))); - CFReleaseSafe(checkN(name, makeQueryCustomItemDictionary(kc, itemclass, CFSTR("not_a_test_label")), 1)); + SecKeychainItemRef item2 = createCustomItem(name, kc, createAddCustomItemDictionary(kc, itemclass, CFSTR("not_a_test_label"), CFSTR("account2"))); + checkN(name, createQueryCustomItemDictionary(kc, itemclass, CFSTR("not_a_test_label")), 1); cmp_ok(CFGetRetainCount(item2), >=, 1, "%s: CFGetRetainCount(item2)", name); // Now, update the second item so it would collide with the first - CFMutableDictionaryRef query = makeQueryCustomItemDictionary(kc, itemclass, CFSTR("not_a_test_label")); + CFMutableDictionaryRef query = createQueryCustomItemDictionary(kc, itemclass, CFSTR("not_a_test_label")); CFMutableDictionaryRef update = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); CFDictionarySetValue(update, kSecAttrAccount, CFSTR("account1")); CFDictionarySetValue(update, kSecAttrLabel, CFSTR("test_label")); @@ -204,18 +209,17 @@ static void testUpdateRetainedItem(CFStringRef itemclass) { cmp_ok(CFGetRetainCount(item), >=, 1, "%s: CFGetRetainCount(item)", name); CFReleaseNull(item); - SecKeychainItemRef result = checkN(name, makeQueryCustomItemDictionary(kc, itemclass, CFSTR("test_label")), 1); - CFReleaseNull(result); + checkN(name, createQueryCustomItemDictionary(kc, itemclass, CFSTR("test_label")), 1); ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); CFReleaseNull(kc); } -#define testUpdateRetainedItemTests (openCustomKeychainTests + makeCustomItemTests + checkNTests \ - + 1 + makeCustomItemTests + makeCustomItemTests \ - + newCustomKeychainTests + makeCustomItemTests + 1 \ - + makeCustomItemTests + checkNTests + 1 \ +#define testUpdateRetainedItemTests (openCustomKeychainTests + createCustomItemTests + checkNTests \ + + 1 + createCustomItemTests + createCustomItemTests \ + + newCustomKeychainTests + createCustomItemTests + 1 \ + + createCustomItemTests + checkNTests + 1 \ + 1 + 1 + checkNTests + 1) -#pragma clang pop +#pragma clang diagnostic pop #else #endif /* TARGET_OS_MAC */ diff --git a/OSX/libsecurity_keychain/regressions/kc-30-xara-key-helpers.h b/OSX/libsecurity_keychain/regressions/kc-30-xara-key-helpers.h index 6ffa8e63..86e7d234 100644 --- a/OSX/libsecurity_keychain/regressions/kc-30-xara-key-helpers.h +++ b/OSX/libsecurity_keychain/regressions/kc-30-xara-key-helpers.h @@ -29,13 +29,17 @@ #if TARGET_OS_MAC +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wunused-variable" +#pragma clang diagnostic ignored "-Wunused-function" + static void makeCustomKeyWithIntegrity(const char* name, SecKeychainRef kc, CFStringRef label, CFStringRef expectedHash) { - SecKeyRef key = makeCustomKey(name, kc, label); + SecKeyRef key = createCustomKey(name, kc, label); checkIntegrityHash(name, (SecKeychainItemRef) key, expectedHash); checkPartitionIDs(name, (SecKeychainItemRef) key, 1); CFReleaseNull(key); } -#define makeCustomKeyWithIntegrityTests (makeCustomKeyTests + checkIntegrityHashTests + checkPartitionIDsTests) +#define makeCustomKeyWithIntegrityTests (createCustomKeyTests + checkIntegrityHashTests + checkPartitionIDsTests) static void makeKeyWithIntegrity(const char* name, SecKeychainRef kc, CFStringRef expectedHash) { makeCustomKeyWithIntegrity(name, kc, CFSTR("test_key"), expectedHash); @@ -84,13 +88,14 @@ static void testCopyMatchingKey(CFStringRef expectedHash) { secnotice("integrity", "************************************* %s", name); SecKeychainRef kc = newKeychain(name); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0); makeKeyWithIntegrity(name, kc, expectedHash); - SecKeyRef item = (SecKeyRef) checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); + SecKeyRef item = (SecKeyRef) checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); checkIntegrityHash(name, (SecKeychainItemRef) item, expectedHash); ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); + CFReleaseNull(item); CFReleaseNull(kc); } #define testCopyMatchingKeyTests (newKeychainTests + checkNTests + makeKeyWithIntegrityTests + checkNTests + checkIntegrityHashTests + 1) @@ -102,12 +107,12 @@ static void testUpdateKey(CFStringRef expectedHash, CFStringRef expectedHashAfte SecKeychainRef kc = newKeychain(name); makeKeyWithIntegrity(name, kc, expectedHash); - SecKeychainItemRef item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); + SecKeychainItemRef item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); CFReleaseNull(item); CFStringRef label = CFSTR("a modified label"); - CFMutableDictionaryRef query = makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric); + CFMutableDictionaryRef query = createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric); CFMutableDictionaryRef update = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); CFDictionarySetValue(update, kSecAttrLabel, label); ok_status(SecItemUpdate(query, update), "%s: SecItemUpdate", name); @@ -116,9 +121,9 @@ static void testUpdateKey(CFStringRef expectedHash, CFStringRef expectedHashAfte CFReleaseNull(update); // Find the item again. - query = makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric); + query = createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric); CFDictionarySetValue(query, kSecAttrLabel, label); - item = checkN(name, query, 1); + item = checkNCopyFirst(name, query, 1); checkIntegrityHash(name, item, expectedHashAfter); ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); CFReleaseNull(kc); @@ -136,8 +141,8 @@ static void testKeyPair() { secnotice("integrity", "************************************* %s", name); SecKeychainRef kc = newKeychain(name); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0); SecKeyRef pub; SecKeyRef priv; @@ -153,40 +158,40 @@ static void testKeyPair() { // Ensure that the public key still exists and can be updated SecKeyRef item; - item = (SecKeyRef) checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); + item = (SecKeyRef) checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); checkHashesMatch(name, (SecKeychainItemRef)pub, (SecKeychainItemRef)item); - query = makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic); + query = createQueryKeyDictionary(kc, kSecAttrKeyClassPublic); CFDictionarySetValue(query, kSecAttrLabel, label); - item = (SecKeyRef) checkN(name, query, 0); + item = (SecKeyRef) checkNCopyFirst(name, query, 0); - query = makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic); + query = createQueryKeyDictionary(kc, kSecAttrKeyClassPublic); update = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); CFDictionarySetValue(update, kSecAttrLabel, label); ok_status(SecItemUpdate(query, update), "%s: SecItemUpdate (public key)", name); - query = makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic); + query = createQueryKeyDictionary(kc, kSecAttrKeyClassPublic); CFDictionarySetValue(query, kSecAttrLabel, label); - item = (SecKeyRef) checkN(name, query, 1); + item = (SecKeyRef) checkNCopyFirst(name, query, 1); CFReleaseNull(item); // Ensure that the private key still exists and can be updated - item = (SecKeyRef) checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); + item = (SecKeyRef) checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); checkHashesMatch(name, (SecKeychainItemRef)priv, (SecKeychainItemRef)item); - query = makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate); + query = createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate); CFDictionarySetValue(query, kSecAttrLabel, label); - item = (SecKeyRef) checkN(name, query, 0); + item = (SecKeyRef) checkNCopyFirst(name, query, 0); - query = makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate); + query = createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate); update = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); CFDictionarySetValue(update, kSecAttrLabel, label); ok_status(SecItemUpdate(query, update), "%s: SecItemUpdate (private key)", name); - query = makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate); + query = createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate); CFDictionarySetValue(query, kSecAttrLabel, label); - item = (SecKeyRef) checkN(name, query, 1); + item = (SecKeyRef) checkNCopyFirst(name, query, 1); CFReleaseNull(item); ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); @@ -204,13 +209,14 @@ static void testAddDuplicateKey(CFStringRef expectedHash) { secnotice("integrity", "************************************* %s", name); SecKeychainRef kc = newKeychain(name); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0); makeKeyWithIntegrity(name, kc, expectedHash); - SecKeychainItemRef item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); + SecKeychainItemRef item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); makeDuplicateKey(name, kc); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); + CFReleaseNull(item); ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); CFReleaseNull(kc); @@ -223,14 +229,14 @@ static void testAddDuplicateFreeKey(CFStringRef expectedHash) { //char * name = "testAddDuplicateFreeKey"; //secnotice("integrity", "************************************* %s", name); //SecKeychainRef kc = newKeychain(name); - //checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0); + //checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0); //SecKeyRef key = makeFreeKey(name, kc); //checkIntegrityHash(name, (SecKeychainItemRef) key, expectedHash); - //SecKeychainItemRef item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); + //SecKeychainItemRef item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); //makeDuplicateFreeKey(name, kc); - //checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); + //checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); //ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); //CFReleaseNull(kc); @@ -251,8 +257,8 @@ static void testExportImportKeyPair() { secnotice("integrity", "************************************* %s", name); SecKeychainRef kc = newKeychain(name); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0); SecKeyRef pub; SecKeyRef priv; @@ -261,10 +267,10 @@ static void testExportImportKeyPair() { // Now that we have the key pair, make sure we can pull the individual keys out SecKeyRef item; - item = (SecKeyRef) checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); + item = (SecKeyRef) checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); checkHashesMatch(name, (SecKeychainItemRef)pub, (SecKeychainItemRef)item); - item = (SecKeyRef) checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); + item = (SecKeyRef) checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); checkHashesMatch(name, (SecKeychainItemRef)priv, (SecKeychainItemRef)item); CFMutableArrayRef applications = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks); @@ -296,9 +302,9 @@ static void testExportImportKeyPair() { CFRelease(pub); pub = NULL; - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0); ok_status(SecItemImport(keyData, NULL, NULL, NULL, kSecItemPemArmour, &keyParams, kc, &items), "%s: SecItemImport", name); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); ok_status(SecItemExport(priv, kSecFormatPEMSequence, kSecItemPemArmour, &keyParams, &keyData), "%s: SecItemExport", name); @@ -306,11 +312,11 @@ static void testExportImportKeyPair() { CFRelease(priv); priv = NULL; - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0); ok_status(SecItemImport(keyData, NULL, NULL, NULL, kSecItemPemArmour, &keyParams, kc, &items), "%s: SecItemImport", name); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); SecAccessRef newRef = NULL; ok_status(SecKeychainItemCopyAccess((SecKeychainItemRef) CFArrayGetValueAtIndex(items, 0), &newRef), "%s:SecKeychainItemCopyAccess", name); @@ -332,7 +338,7 @@ static void testExportImportKeyPair() { ok_status(SecKeychainItemCopyAccess((SecKeychainItemRef) CFArrayGetValueAtIndex(items, 0), &newRef), "%s:SecKeychainItemCopyAccess", name); // TODO: should probably check this AccessRef object to make sure it's simple - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); CFReleaseNull(kc); @@ -344,6 +350,7 @@ static void testExportImportKeyPair() { + 2 + checkNTests + 1 + checkNTests + 1 + 1 + 1 + checkNTests\ + 1) +#pragma clang diagnostic pop #else diff --git a/OSX/libsecurity_keychain/regressions/kc-30-xara-upgrade-helpers.h b/OSX/libsecurity_keychain/regressions/kc-30-xara-upgrade-helpers.h index ab3cc06f..3bd52297 100644 --- a/OSX/libsecurity_keychain/regressions/kc-30-xara-upgrade-helpers.h +++ b/OSX/libsecurity_keychain/regressions/kc-30-xara-upgrade-helpers.h @@ -31,6 +31,10 @@ #include "kc-30-xara-key-helpers.h" #include "kc-keychain-file-helpers.h" +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wunused-variable" +#pragma clang diagnostic ignored "-Wunused-function" + static void makeOldKeychainBlob() { char* name = "makeOldKeychainBlob"; @@ -43,8 +47,7 @@ static void makeOldKeychainBlob() { } static void makeEmptyKeychainBlob() { - char * name = "makeEmptyKeychainBlob"; - SecKeychainRef kc = newKeychain(keychainName); + newKeychain(keychainName); } // To construct, use the function above. @@ -3928,6 +3931,8 @@ static void writeFullV512Keyfile(const char* testname, const char * path) { writeFile(path, full_v512_keyfile, FULL_V512_KEYFILE_SIZE); } +#pragma clang diagnostic pop + #else #endif /* TARGET_OS_MAC */ diff --git a/OSX/libsecurity_keychain/regressions/kc-30-xara.c b/OSX/libsecurity_keychain/regressions/kc-30-xara.c index ffbfd0b9..dff385c2 100644 --- a/OSX/libsecurity_keychain/regressions/kc-30-xara.c +++ b/OSX/libsecurity_keychain/regressions/kc-30-xara.c @@ -127,10 +127,10 @@ static void testAttackItem(CSSM_DL_DB_HANDLE dldbHandle) { secnotice("integrity", "************************************* %s", name); SecKeychainRef kc = newKeychain(name); - checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 0); + checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 0); makeItemWithIntegrity(name, kc, kSecClassGenericPassword, CFSTR("265438ea6807b509c9c6962df3f5033fd1af118f76c5f550e3ed90cb0d3ffce4")); - SecKeychainItemRef item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); + SecKeychainItemRef item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); CFReleaseNull(item); CFReleaseNull(kc); @@ -138,7 +138,7 @@ static void testAttackItem(CSSM_DL_DB_HANDLE dldbHandle) { modifyAttributeInKeychain(name, dldbHandle, keychainDbFile, CSSM_DL_DB_RECORD_GENERIC_PASSWORD, "PrintName", modification, strlen(modification)); kc = openKeychain(name); - item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); + item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); readPasswordContentsWithResult(item, errSecInvalidItemRef, NULL); ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); @@ -151,10 +151,10 @@ static void testAttackKey(CSSM_DL_DB_HANDLE dldbHandle) { secnotice("integrity", "************************************* %s", name); SecKeychainRef kc = newKeychain(name); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0); makeKeyWithIntegrity(name, kc, CFSTR("44f10f6bb508d47f8905859efc06eaee500304bc4da408b1f4d2a58c6502147b")); - SecKeychainItemRef item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); + SecKeychainItemRef item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); checkKeyUse((SecKeyRef) item, errSecSuccess); @@ -165,7 +165,7 @@ static void testAttackKey(CSSM_DL_DB_HANDLE dldbHandle) { modifyAttributeInKeychain(name, dldbHandle, keychainDbFile, CSSM_DL_DB_RECORD_SYMMETRIC_KEY, "Label", modification, strlen(modification)); kc = openKeychain(name); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); + item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); checkKeyUse((SecKeyRef) item, errSecInvalidItemRef); ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); CFReleaseNull(kc); @@ -179,11 +179,10 @@ static void testAddAfterCorruptItem(CSSM_DL_DB_HANDLE dldbHandle) { secnotice("integrity", "************************************* %s", name); SecKeychainRef kc = newKeychain(name); - checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 0); + checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 0); makeCustomItemWithIntegrity(name, kc, kSecClassGenericPassword, CFSTR("test_label"), CFSTR("265438ea6807b509c9c6962df3f5033fd1af118f76c5f550e3ed90cb0d3ffce4")); - SecKeychainItemRef item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); - CFReleaseNull(item); + checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); makeDuplicateItem(name, kc, kSecClassGenericPassword); CFReleaseNull(kc); @@ -192,12 +191,12 @@ static void testAddAfterCorruptItem(CSSM_DL_DB_HANDLE dldbHandle) { modifyAttributeInKeychain(name, dldbHandle, keychainDbFile, CSSM_DL_DB_RECORD_GENERIC_PASSWORD, "PrintName", modification, strlen(modification)); kc = openKeychain(name); - item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); + SecKeychainItemRef item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); deleteItem(item); - checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 0); + checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 0); makeCustomItemWithIntegrity(name, kc, kSecClassGenericPassword, CFSTR("evil_application"), CFSTR("d2aa97b30a1f96f9e61fcade2b00d9f4284976a83a5b68392251ee5ec827f8cc")); - checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); + checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("evil_application")); ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); CFReleaseNull(kc); @@ -211,14 +210,14 @@ static void testAddAfterCorruptKey(CSSM_DL_DB_HANDLE dldbHandle) { secnotice("integrity", "************************************* %s", name); SecKeychainRef kc = newKeychain(name); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0); // Make a symmetric key makeCustomKeyWithIntegrity(name, kc, CFSTR("test_key"), CFSTR("44f10f6bb508d47f8905859efc06eaee500304bc4da408b1f4d2a58c6502147b")); - SecKeychainItemRef item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); + SecKeychainItemRef item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); makeCustomDuplicateKey(name, kc, CFSTR("test_key")); CFReleaseNull(item); @@ -226,8 +225,8 @@ static void testAddAfterCorruptKey(CSSM_DL_DB_HANDLE dldbHandle) { SecKeyRef pub; SecKeyRef priv; makeCustomKeyPair(name, kc, CFSTR("test_key_pair"), &pub, &priv); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); CFReleaseNull(pub); CFReleaseNull(priv); @@ -240,26 +239,26 @@ static void testAddAfterCorruptKey(CSSM_DL_DB_HANDLE dldbHandle) { kc = openKeychain(name); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); + item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); deleteItem(item); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); + item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); deleteItem(item); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); + item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); deleteItem(item); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0); makeCustomKeyWithIntegrity(name, kc, CFSTR("evil_application"), CFSTR("ca6d90a0b053113e43bbb67f64030230c96537f77601f66bdf821d8684431dfc")); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); + item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); makeCustomDuplicateKey(name, kc, CFSTR("evil_application")); makeCustomKeyPair(name, kc, CFSTR("evil_application"), &pub, &priv); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); // We cannot create a duplicate key pair, so don't try. @@ -308,7 +307,7 @@ static void testKeychainUpgrade() { for(int i = 0; i < 200; i++) { CFTypeRef result = NULL; CFStringRef cflabel = CFStringCreateWithFormat(NULL, NULL, CFSTR("item%d"), i); - CFMutableDictionaryRef query = makeAddCustomItemDictionaryWithService(kc, kSecClassInternetPassword, cflabel, cflabel, CFSTR("no service")); + CFMutableDictionaryRef query = createAddCustomItemDictionaryWithService(kc, kSecClassInternetPassword, cflabel, cflabel, CFSTR("no service")); SecItemAdd(query, &result); // don't particuluarly care if this fails... CFReleaseNull(query); CFReleaseNull(cflabel); @@ -340,7 +339,7 @@ static void testKeychainUpgrade() { secerror("beginning 1\n"); SecKeychainRef blockKc; SecKeychainOpen(keychainName, &blockKc); - SecKeychainItemRef item = checkN(blockName, makeQueryItemDictionary(blockKc, kSecClassGenericPassword), 1); + SecKeychainItemRef item = checkNCopyFirst(blockName, createQueryItemDictionary(blockKc, kSecClassGenericPassword), 1); checkIntegrityHash(blockName, item, CFSTR("39c56eadd3e3b496b6099e5f3d5ff88eaee9ca2e3a50c1be8319807a72e451e5")); checkPartitionIDs(blockName, item, 0); CFReleaseSafe(blockKc); @@ -353,7 +352,7 @@ static void testKeychainUpgrade() { secerror("beginning 2\n"); SecKeychainRef blockKc; SecKeychainOpen(keychainName, &blockKc); - SecKeychainItemRef item = checkN(blockName, makeQueryItemDictionaryWithService(blockKc, kSecClassInternetPassword, CFSTR("test_service")), 1); + SecKeychainItemRef item = checkNCopyFirst(blockName, createQueryItemDictionaryWithService(blockKc, kSecClassInternetPassword, CFSTR("test_service")), 1); checkIntegrityHash(blockName, item, CFSTR("4f1b64e3c156968916e72d8ff3f1a8eb78b32abe0b2b43f0578eb07c722aaf03")); checkPartitionIDs(blockName, item, 0); CFReleaseSafe(blockKc); @@ -366,7 +365,7 @@ static void testKeychainUpgrade() { secerror("beginning 3\n"); SecKeychainRef blockKc; SecKeychainOpen(keychainName, &blockKc); - SecKeychainItemRef item = checkN(blockName, makeQueryKeyDictionary(blockKc, kSecAttrKeyClassSymmetric), 1); + SecKeychainItemRef item = checkNCopyFirst(blockName, createQueryKeyDictionary(blockKc, kSecAttrKeyClassSymmetric), 1); checkIntegrityHash(blockName, (SecKeychainItemRef) item, CFSTR("44f10f6bb508d47f8905859efc06eaee500304bc4da408b1f4d2a58c6502147b")); checkPartitionIDs(blockName, (SecKeychainItemRef) item, 0); CFReleaseSafe(blockKc); @@ -379,7 +378,7 @@ static void testKeychainUpgrade() { secerror("beginning 4\n"); SecKeychainRef blockKc; SecKeychainOpen(keychainName, &blockKc); - SecKeychainItemRef item = checkN(blockName, makeQueryKeyDictionary(blockKc, kSecAttrKeyClassPublic), 1); + SecKeychainItemRef item = checkNCopyFirst(blockName, createQueryKeyDictionary(blockKc, kSecAttrKeyClassPublic), 1); checkIntegrityHash(blockName, (SecKeychainItemRef) item, CFSTR("42d29fd5e9935edffcf6d0261eabddb00782ec775caa93716119e8e553ab5578")); checkPartitionIDs(blockName, (SecKeychainItemRef) item, 0); CFReleaseSafe(blockKc); @@ -392,7 +391,7 @@ static void testKeychainUpgrade() { secerror("beginning 5\n"); SecKeychainRef blockKc; SecKeychainOpen(keychainName, &blockKc); - SecKeychainItemRef item = checkN(blockName, makeQueryKeyDictionary(blockKc, kSecAttrKeyClassPrivate), 1); + SecKeychainItemRef item = checkNCopyFirst(blockName, createQueryKeyDictionary(blockKc, kSecAttrKeyClassPrivate), 1); checkIntegrityHash(blockName, (SecKeychainItemRef) item, CFSTR("bdf219cdbc2dc6c4521cf39d1beda2e3491ef0330ba59eb41229dd909632f48d")); checkPartitionIDs(blockName, (SecKeychainItemRef) item, 0); CFReleaseSafe(blockKc); @@ -419,25 +418,25 @@ static void testKeychainUpgrade() { CFReleaseNull(kc); kc = openCustomKeychain(name, keychainName, "password"); - item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); + item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); checkIntegrityHash(name, item, CFSTR("39c56eadd3e3b496b6099e5f3d5ff88eaee9ca2e3a50c1be8319807a72e451e5")); checkPartitionIDs(name, item, 0); makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic")); - item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1); + item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1); checkIntegrityHash(name, item, CFSTR("4f1b64e3c156968916e72d8ff3f1a8eb78b32abe0b2b43f0578eb07c722aaf03")); checkPartitionIDs(name, item, 0); makeCustomDuplicateItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet")); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); + item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("44f10f6bb508d47f8905859efc06eaee500304bc4da408b1f4d2a58c6502147b")); checkPartitionIDs(name, (SecKeychainItemRef) item, 0); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); + item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("42d29fd5e9935edffcf6d0261eabddb00782ec775caa93716119e8e553ab5578")); checkPartitionIDs(name, (SecKeychainItemRef) item, 0); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); + item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("bdf219cdbc2dc6c4521cf39d1beda2e3491ef0330ba59eb41229dd909632f48d")); checkPartitionIDs(name, (SecKeychainItemRef) item, 0); @@ -480,8 +479,9 @@ static void testKeychainCreateOver() { // Check that we upgrade on SecKeychainOpen SecKeychainRef kc = openCustomKeychain(name, keychainName, "password"); - item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); + item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); checkIntegrityHash(name, item, CFSTR("39c56eadd3e3b496b6099e5f3d5ff88eaee9ca2e3a50c1be8319807a72e451e5")); + CFReleaseNull(item); ok_status(SecKeychainDelete(kc)); CFReleaseNull(kc); @@ -495,11 +495,11 @@ static void testKeychainCreateOver() { ok_status(SecKeychainCreate(keychainFile, (UInt32) strlen("password"), "password", false, NULL, &kc), "%s: SecKeychainCreate", name); // Directly after creating a keychain, there shouldn't be any items (even though an old keychain exists underneath) - item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 0); - item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 0); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0); + checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 0); + checkN(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 0); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 0); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 0); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 0); // Check the keychain's version and path ok_status(SecKeychainGetKeychainVersion(kc, &version), "%s: SecKeychainGetKeychainVersion", name); @@ -546,21 +546,21 @@ static void testKeychainDowngrade() { SecKeychainItemRef item; - item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); + item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); checkIntegrityHash(name, item, CFSTR("6ba8d9f77ddba54d9373b11ae5c8f7b55a5e81da27e05e86723eeceb0a9a8e0c")); makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic")); - item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1); + item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1); checkIntegrityHash(name, item, CFSTR("630a9fe4f0191db8a99d6e8455e7114f628ce8f0f9eb3559efa572a98877a2b2")); makeCustomDuplicateItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet")); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); + item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("44f10f6bb508d47f8905859efc06eaee500304bc4da408b1f4d2a58c6502147b")); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); + item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("d27ee2be4920d5b6f47f6b19696d09c9a6c1a5d80c6f148f778db27b4ba99d9a")); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); + item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); checkIntegrityHash(name, (SecKeychainItemRef) item, CFSTR("4b3f7bd7f9e48dc71006ce670990aed9dba6d5089b84d4113121bab41d0a3228")); @@ -569,14 +569,14 @@ static void testKeychainDowngrade() { ok_status(SecKeychainGetKeychainVersion(kc, &version), "%s: SecKeychainGetKeychainVersion", name); is(version, version_MacOS_10_0, "%s: version of downgraded keychain is incorrect", name); - checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); + checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic")); - checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1); + checkN(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1); makeCustomDuplicateItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet")); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); - checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); + checkN(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); CFReleaseNull(kc); @@ -620,7 +620,7 @@ static void testKeychainWrongFile256() { SecKeychainItemRef item; // Iterate over the keychain to trigger upgrade - item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); + item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic")); // We should have created keychainFile, check for it @@ -636,15 +636,15 @@ static void testKeychainWrongFile256() { ok_status(SecKeychainGetPath(kc, &len, path), "%s: SecKeychainGetPath", name); eq_stringn(path, len, keychainDbFile, strlen(keychainDbFile), "%s: paths do not match", name); - item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); + item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic")); - item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1); + item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1); makeCustomDuplicateItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet")); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); + item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); + item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); + item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); CFReleaseNull(kc); @@ -683,7 +683,7 @@ static void testKeychainWrongFile512() { SecKeychainItemRef item; // Iterate over the keychain to trigger upgrade - item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); + item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic")); // We should have move the keychain to keychainDbFile, check for it @@ -699,15 +699,15 @@ static void testKeychainWrongFile512() { ok_status(SecKeychainGetPath(kc, &len, path), "%s: SecKeychainGetPath", name); eq_stringn(path, len, keychainDbFile, strlen(keychainDbFile), "%s: paths do not match", name); - item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); + item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); makeCustomDuplicateItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic")); - item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1); + item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1); makeCustomDuplicateItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet")); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); + item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); + item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); + item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); CFReleaseNull(kc); @@ -815,17 +815,17 @@ static void testUidAccess() { SecAccessRef access = makeUidAccess(getuid()); SecKeychainRef kc = newKeychain(name); - CFMutableDictionaryRef query = makeAddItemDictionary(kc, kSecClassGenericPassword, CFSTR("test label")); + CFMutableDictionaryRef query = createAddItemDictionary(kc, kSecClassGenericPassword, CFSTR("test label")); CFDictionarySetValue(query, kSecAttrAccess, access); CFTypeRef result = NULL; ok_status(SecItemAdd(query, &result), "%s: SecItemAdd", name); ok(result != NULL, "%s: SecItemAdd returned a result", name); - SecKeychainItemRef item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); + SecKeychainItemRef item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); ok_status(SecKeychainItemSetAccess(item, access), "%s: SecKeychainItemSetAccess", name); - checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); + checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); // Check to make sure the ACL stays access = NULL; @@ -919,14 +919,14 @@ static void testMultipleUidAccess() { SecAccessRef access = makeMultipleUidAccess(uids, 5); SecKeychainRef kc = newKeychain(name); - CFMutableDictionaryRef query = makeAddItemDictionary(kc, kSecClassGenericPassword, CFSTR("test label")); + CFMutableDictionaryRef query = createAddItemDictionary(kc, kSecClassGenericPassword, CFSTR("test label")); CFDictionarySetValue(query, kSecAttrAccess, access); CFTypeRef result = NULL; ok_status(SecItemAdd(query, &result), "%s: SecItemAdd", name); ok(result != NULL, "%s: SecItemAdd returned a result", name); - checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); + checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); CFReleaseNull(kc); @@ -941,19 +941,20 @@ static void testRootUidAccess() { SecAccessRef access = SecAccessCreateWithOwnerAndACL(getuid(), 0, (kSecUseOnlyUID | kSecHonorRoot), NULL, NULL); SecKeychainRef kc = newKeychain(name); - CFMutableDictionaryRef query = makeAddItemDictionary(kc, kSecClassGenericPassword, CFSTR("test label")); + CFMutableDictionaryRef query = createAddItemDictionary(kc, kSecClassGenericPassword, CFSTR("test label")); CFDictionarySetValue(query, kSecAttrAccess, access); CFTypeRef result = NULL; ok_status(SecItemAdd(query, &result), "%s: SecItemAdd", name); ok(result != NULL, "%s: SecItemAdd returned a result", name); - query = makeQueryItemDictionary(kc, kSecClassGenericPassword); + query = createQueryItemDictionary(kc, kSecClassGenericPassword); - SecKeychainItemRef item = checkN(name, query, 1); + SecKeychainItemRef item = checkNCopyFirst(name, query, 1); ok_status(SecKeychainItemSetAccess(item, access), "%s: SecKeychainItemSetAccess", name); - checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); + CFReleaseNull(access); + checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); CFReleaseNull(kc); @@ -973,8 +974,8 @@ static void testBadACL() { SecKeychainRef kc = openCustomKeychain(name, keychainName, "password"); // Check that these exist in this keychain... - checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); - checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1); + checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); + checkN(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1); ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); CFRelease(kc); @@ -994,24 +995,24 @@ static void testBadACL() { kc = openCustomKeychain(name, keychainName, "password"); // These items exist in this keychain, but their ACL is corrupted. We should be able to find them, but not fetch data. - item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); + item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); readPasswordContentsWithResult(item, errSecInvalidItemRef, NULL); // we don't expect to be able to read this deleteItem(item); - checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 0); + checkN(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 0); - item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1); + item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1); readPasswordContentsWithResult(item, errSecInvalidItemRef, NULL); // we don't expect to be able to read this deleteItem(item); - checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 0); + checkN(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 0); // These should work makeItem(name, kc, kSecClassGenericPassword, CFSTR("test_generic")); makeItem(name, kc, kSecClassInternetPassword, CFSTR("test_internet")); // And now the items should exist - item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); + item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); readPasswordContents(item, CFSTR("data")); - item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1); + item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1); readPasswordContents(item, CFSTR("data")); ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); @@ -1035,12 +1036,12 @@ static void testIterateLockedKeychain() { ok_status(SecKeychainLock(kc), "%s: SecKeychainLock", name); - item = checkN(name, makeQueryItemDictionary(kc, kSecClassGenericPassword), 1); - item = checkN(name, makeQueryItemDictionary(kc, kSecClassInternetPassword), 1); + item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassGenericPassword), 1); + item = checkNCopyFirst(name, createQueryItemDictionary(kc, kSecClassInternetPassword), 1); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); - item = checkN(name, makeQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); + item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassSymmetric), 1); + item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPublic), 1); + item = checkNCopyFirst(name, createQueryKeyDictionary(kc, kSecAttrKeyClassPrivate), 1); ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", name); CFReleaseNull(kc); @@ -1145,7 +1146,7 @@ static void tests(void) //makeOldKeychainBlob(); } -#pragma clang pop +#pragma clang diagnostic pop #else #define kTestCount (0) diff --git a/OSX/libsecurity_keychain/regressions/kc-40-seckey.m b/OSX/libsecurity_keychain/regressions/kc-40-seckey.m index bfe25496..61f087b5 100644 --- a/OSX/libsecurity_keychain/regressions/kc-40-seckey.m +++ b/OSX/libsecurity_keychain/regressions/kc-40-seckey.m @@ -180,7 +180,7 @@ static void testkeygen(size_t keySizeInBits) { size_t keySizeInBytes = (keySizeInBits + 7) / 8; CFNumberRef kzib; - kzib = CFNumberCreate(NULL, kCFNumberSInt32Type, &keySizeInBits); + kzib = CFNumberCreate(NULL, kCFNumberSInt64Type, &keySizeInBits); CFMutableDictionaryRef kgp = CFDictionaryCreateMutable(NULL, 0, NULL, NULL); CFDictionaryAddValue(kgp, kSecAttrKeyType, kSecAttrKeyTypeRSA); CFDictionaryAddValue(kgp, kSecAttrKeySizeInBits, kzib); @@ -385,7 +385,7 @@ static void testkeygen2(size_t keySizeInBits) { CFDictionaryAddValue(pubd, kSecAttrLabel, publicName); CFDictionaryAddValue(privd, kSecAttrLabel, privateName); - kzib = CFNumberCreate(NULL, kCFNumberSInt32Type, &keySizeInBits); + kzib = CFNumberCreate(NULL, kCFNumberSInt64Type, &keySizeInBits); CFMutableDictionaryRef kgp = CFDictionaryCreateMutable(NULL, 0, NULL, NULL); CFDictionaryAddValue(kgp, kSecAttrKeyType, kSecAttrKeyTypeRSA); CFDictionaryAddValue(kgp, kSecAttrKeySizeInBits, kzib); @@ -530,8 +530,13 @@ PBKDF2Test(KDFVector *kdfvec) int status = 1; ok(testSecKDF(password, salt, rounds, kSecAttrPRFHmacAlgSHA1, dklen, expectedBytes, kdfvec->expected_failure), "Test SecKeyDeriveFromPassword PBKDF2"); - - if(expectedBytes) CFRelease(expectedBytes); + + CFReleaseNull(expectedBytes); + CFReleaseNull(password); + CFReleaseNull(salt); + CFReleaseNull(rounds); + CFReleaseNull(dklen); + return status; } @@ -849,7 +854,9 @@ static void testcreatewithdata(unsigned long keySizeInBits) ok(dataKey, "priv key SecKeyCreateWithData failed"); CFReleaseNull(error); - eq_cf(privExternalData, SecKeyCopyExternalRepresentation(dataKey, NULL), "priv keys differ"); + CFDataRef external = SecKeyCopyExternalRepresentation(dataKey, NULL); + eq_cf(privExternalData, external, "priv keys differ"); + CFReleaseNull(external); CFReleaseNull(dataKey); CFDictionarySetValue(kcwd, kSecAttrKeyClass, kSecAttrKeyClassPublic); @@ -885,7 +892,9 @@ static void testcreatewithdata(unsigned long keySizeInBits) ok(dataKey, "pub key SecKeyCreateWithData failed"); CFReleaseNull(error); - eq_cf(pubExternalData, SecKeyCopyExternalRepresentation(dataKey, NULL), "pub keys differ"); + CFDataRef external = SecKeyCopyExternalRepresentation(dataKey, NULL); + eq_cf(pubExternalData, external, "pub keys differ"); + CFReleaseNull(external); CFReleaseNull(dataKey); CFDictionarySetValue(kcwd, kSecAttrKeyClass, kSecAttrKeyClassPrivate); @@ -1143,8 +1152,8 @@ static void testcopypubkfromcert() { SecCertificateRef cert = SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef)certData); SecKeyRef pubKey = NULL; ok_status(SecCertificateCopyPublicKey(cert, &pubKey), "export public key from certificate"); - NSData *pubKeyData = (NSData *)SecKeyCopyExternalRepresentation(pubKey, NULL); - eq_cf(pubKeyData, pubKData, "public key exports itself into expected data"); + NSData *pubKeyData = (__bridge_transfer NSData *)SecKeyCopyExternalRepresentation(pubKey, NULL); + eq_cf( (__bridge CFTypeRef) pubKeyData, (__bridge CFTypeRef) pubKData, "public key exports itself into expected data"); CFReleaseNull(pubKey); CFReleaseNull(cert); } diff --git a/OSX/libsecurity_keychain/regressions/kc-41-sececkey.m b/OSX/libsecurity_keychain/regressions/kc-41-sececkey.m index c82f0a6d..3b0b0ff0 100644 --- a/OSX/libsecurity_keychain/regressions/kc-41-sececkey.m +++ b/OSX/libsecurity_keychain/regressions/kc-41-sececkey.m @@ -183,7 +183,7 @@ static void testkeygen(size_t keySizeInBits) { size_t keySizeInBytes = (keySizeInBits + 7) / 8; CFNumberRef kzib; - kzib = CFNumberCreate(NULL, kCFNumberSInt32Type, &keySizeInBits); + kzib = CFNumberCreate(NULL, kCFNumberSInt64Type, &keySizeInBits); CFMutableDictionaryRef kgp = CFDictionaryCreateMutable(NULL, 0, NULL, NULL); CFDictionaryAddValue(kgp, kSecAttrKeyType, kSecAttrKeyTypeEC); CFDictionaryAddValue(kgp, kSecAttrKeySizeInBits, kzib); @@ -271,7 +271,7 @@ static void testkeygen2(size_t keySizeInBits) { CFDictionaryAddValue(pubd, kSecAttrLabel, publicName); CFDictionaryAddValue(privd, kSecAttrLabel, privateName); - kzib = CFNumberCreate(NULL, kCFNumberSInt32Type, &keySizeInBits); + kzib = CFNumberCreate(NULL, kCFNumberSInt64Type, &keySizeInBits); CFMutableDictionaryRef kgp = CFDictionaryCreateMutable(NULL, 0, NULL, NULL); CFDictionaryAddValue(kgp, kSecAttrKeyType, kSecAttrKeyTypeEC); CFDictionaryAddValue(kgp, kSecAttrKeySizeInBits, kzib); @@ -561,21 +561,18 @@ static void testkeyexchange(unsigned long keySizeInBits) for (size_t ix = 0; ix < array_size(algos); ++ix) { CFErrorRef error = NULL; - NSData *secret1 = (NSData *)SecKeyCopyKeyExchangeResult(privKey1, algos[ix], pubKey2, (CFDictionaryRef)params, &error); - ok(secret1 != NULL && CFGetTypeID(secret1) == CFDataGetTypeID()); + NSData *secret1 = (__bridge_transfer NSData *)SecKeyCopyKeyExchangeResult(privKey1, algos[ix], pubKey2, (CFDictionaryRef)params, &error); + ok(secret1 != NULL && CFGetTypeID((__bridge CFTypeRef) secret1) == CFDataGetTypeID()); CFReleaseNull(error); - NSData *secret2 = (NSData *)SecKeyCopyKeyExchangeResult(privKey2, algos[ix], pubKey1, (CFDictionaryRef)params, &error); - ok(secret2 != NULL && CFGetTypeID(secret2) == CFDataGetTypeID()); + NSData *secret2 = (__bridge_transfer NSData *)SecKeyCopyKeyExchangeResult(privKey2, algos[ix], pubKey1, (CFDictionaryRef)params, &error); + ok(secret2 != NULL && CFGetTypeID((__bridge CFTypeRef) secret2) == CFDataGetTypeID()); CFReleaseNull(error); - eq_cf(secret1, secret2, "results of key exchange are equal"); + eq_cf((__bridge CFTypeRef) secret1, (__bridge CFTypeRef) secret2, "results of key exchange are equal"); if (algos[ix] != kSecKeyAlgorithmECDHKeyExchangeCofactor && algos[ix] != kSecKeyAlgorithmECDHKeyExchangeStandard) { is(secret1.length, requestedSize, "generated response has expected length"); } - - CFReleaseNull(secret1); - CFReleaseNull(secret2); } CFReleaseNull(privKey1); diff --git a/OSX/libsecurity_keychain/regressions/kc-42-trust-revocation.c b/OSX/libsecurity_keychain/regressions/kc-42-trust-revocation.c index 522ee277..6fafcc22 100644 --- a/OSX/libsecurity_keychain/regressions/kc-42-trust-revocation.c +++ b/OSX/libsecurity_keychain/regressions/kc-42-trust-revocation.c @@ -29,12 +29,6 @@ #include "utilities/SecCFRelease.h" #include "utilities/SecCFWrappers.h" -// TBD: ensure that this symbol is defined in every build context. -// Currently forcing this to be enabled if we do not have it defined. -#ifndef SECTRUST_OSX -#define SECTRUST_OSX 1 -#endif - /* s:/jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization/serialNumber=3014267/C=US/postalCode=95131-2021/ST=California/L=San Jose/street=2211 N 1st St/O=PayPal, Inc./OU=CDN Support/CN=www.paypal.com */ /* i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3 */ /* SHA1 Fingerprint=A5:AF:1D:73:96:A7:74:F8:8B:B7:43:FD:07:7A:97:47:D3:FA:EF:2F */ @@ -590,16 +584,12 @@ static void tests(void) CFDictionaryRef TrustResultsDict = SecTrustCopyResult(trust); CFBooleanRef ev = (CFBooleanRef)CFDictionaryGetValue(TrustResultsDict, kSecTrustExtendedValidation); -#if SECTRUST_OSX // With SecTrust Unification, the OCSP response is cached by the previous evaluation. // FIXME The semantics of the input to SecPolicyCreateRevocation are technically not honored, // since if neither the OCSP or CRL bits are set, we should not be using either. Unfortunately, // the iOS implementation treats this as a no-op, which for EV certs means an OCSP check by default. ok(ev && CFEqual(kCFBooleanTrue, ev), "Expect success even if unable to use network, due to caching"); -#else - ok(!ev || (ev && CFEqual(kCFBooleanFalse, ev)), "Expect no extended validation because of lack of revocation"); -#endif CFReleaseNull(TrustResultsDict); CFReleaseNull(trust); @@ -644,15 +634,10 @@ static void tests(void) ok_status(status = SecTrustEvaluate(trust, &trust_result), "SecTrustEvaluate"); // Check results -#if SECTRUST_OSX // with SecTrust Unification, the issuing cert may or may not be cached from the previous test if (trust_result == kSecTrustResultUnspecified) trust_result = kSecTrustResultRecoverableTrustFailure; is_status(trust_result, kSecTrustResultRecoverableTrustFailure, "trust is kSecTrustResultRecoverableTrustFailure"); -#else - // previously, no automatic caching of intermediates fetched from the network - is_status(trust_result, kSecTrustResultRecoverableTrustFailure, "trust is kSecTrustResultRecoverableTrustFailure"); -#endif CFReleaseNull(trust); } diff --git a/OSX/libsecurity_keychain/regressions/kc-43-seckey-interop.m b/OSX/libsecurity_keychain/regressions/kc-43-seckey-interop.m index 88fbdb72..1e75f44e 100644 --- a/OSX/libsecurity_keychain/regressions/kc-43-seckey-interop.m +++ b/OSX/libsecurity_keychain/regressions/kc-43-seckey-interop.m @@ -125,7 +125,7 @@ static void test_generate_access_control() { NSDictionary *params = @{ (id)kSecAttrKeyType: (id)kSecAttrKeyTypeRSA, (id)kSecAttrKeySizeInBits: @1024, - (id)kSecAttrAccessControl: (id)ac, + (id)kSecAttrAccessControl: (__bridge id)ac, (id)kSecAttrIsPermanent: @YES, (id)kSecAttrLabel: @"sectests:generate-access-control", }; @@ -166,7 +166,7 @@ static void test_add_ios_key() { ok_status(SecKeyGeneratePair((__bridge CFDictionaryRef)params, &pubKey, &privKey)); NSDictionary *attrs = @{ - (id)kSecValueRef: (id)privKey, + (id)kSecValueRef: (__bridge id)privKey, (id)kSecAttrLabel: @"sectests:add-ios-key", }; ok_status(SecItemAdd((__bridge CFDictionaryRef)attrs, NULL)); @@ -250,7 +250,7 @@ static void test_store_cert_to_ios() { // Store certificate to modern keychain. NSDictionary *attrs = @{ - (id)kSecValueRef: (id)cert, + (id)kSecValueRef: (__bridge id)cert, (id)kSecAttrLabel: @"sectests:store_cert_to_ios", (id)kSecAttrNoLegacy: @YES, (id)kSecReturnPersistentRef: @YES, @@ -294,7 +294,7 @@ static void test_store_identity_to_ios() { // Store identity to the iOS keychain. NSDictionary *attrs = @{ - (id)kSecValueRef: (id)identity, + (id)kSecValueRef: (__bridge id)identity, (id)kSecAttrLabel: @"sectests:store_identity_to_ios", (id)kSecAttrNoLegacy: @YES, (id)kSecReturnPersistentRef: @YES, @@ -336,7 +336,7 @@ static void test_transform_with_ioskey() { ok(signer != NULL, "create signing transform"); ok(SecTransformSetAttribute(signer, kSecTransformInputAttributeName, (CFDataRef)testData, NULL), "set input data to verify transform"); - NSData *signature = (NSData *)SecTransformExecute(signer, NULL); + NSData *signature = (__bridge_transfer NSData *)SecTransformExecute(signer, NULL); ok(signature != nil, "create signature with transform"); // Create verify transform with public key. @@ -347,7 +347,7 @@ static void test_transform_with_ioskey() { ok(SecTransformSetAttribute(verifier, kSecTransformInputAttributeName, (CFDataRef)testData, NULL), "set input data to verify transform"); - NSNumber *result = (NSNumber *)SecTransformExecute(verifier, NULL); + NSNumber *result = (__bridge_transfer NSNumber *)SecTransformExecute(verifier, NULL); ok(result != nil, "transform execution succeeded"); ok(result.boolValue, "transform verified signature"); @@ -379,7 +379,7 @@ static void test_convert_key_to_persistent_ref() { { NSDictionary *query = @{ (id)kSecAttrLabel: label, - (id)kSecValueRef: (id)privKey, + (id)kSecValueRef: (__bridge id)privKey, (id)kSecAttrNoLegacy: @YES, }; ok_status(SecItemAdd((CFDictionaryRef)query, NULL)); @@ -390,14 +390,14 @@ static void test_convert_key_to_persistent_ref() { SecKeyRef queriedKeyRef = NULL; { NSDictionary *query = @{ - (id)kSecValueRef: (id)privKey, + (id)kSecValueRef: (__bridge id)privKey, (id)kSecReturnPersistentRef: @YES, (id)kSecAttrNoLegacy: @YES, }; ok_status(SecItemCopyMatching((CFDictionaryRef)query, (CFTypeRef *)&queriedPersistentKeyRef)); }{ NSDictionary *query = @{ - (id)kSecValuePersistentRef: (id)queriedPersistentKeyRef, + (id)kSecValuePersistentRef: (__bridge id)queriedPersistentKeyRef, (id)kSecReturnRef: @YES, (id)kSecAttrNoLegacy: @YES, }; @@ -446,7 +446,7 @@ static void test_convert_cert_to_persistent_ref() { { NSDictionary *query = @{ (id)kSecAttrLabel: label, - (id)kSecValueRef: (id)cert, + (id)kSecValueRef: (__bridge id)cert, (id)kSecAttrNoLegacy: @YES, }; ok_status(SecItemAdd((CFDictionaryRef)query, NULL)); @@ -457,14 +457,14 @@ static void test_convert_cert_to_persistent_ref() { SecCertificateRef queriedCertRef = NULL; { NSDictionary *query = @{ - (id)kSecValueRef: (id)cert, + (id)kSecValueRef: (__bridge id)cert, (id)kSecReturnPersistentRef: @YES, (id)kSecAttrNoLegacy: @YES, }; ok_status(SecItemCopyMatching((CFDictionaryRef)query, (CFTypeRef *)&queriedPersistentCertRef)); }{ NSDictionary *query = @{ - (id)kSecValuePersistentRef: (id)queriedPersistentCertRef, + (id)kSecValuePersistentRef: (__bridge id)queriedPersistentCertRef, (id)kSecReturnRef: @YES, (id)kSecAttrNoLegacy: @YES, }; @@ -523,7 +523,7 @@ static void test_convert_identity_to_persistent_ref() { { NSDictionary *query = @{ (id)kSecAttrLabel: label, - (id)kSecValueRef: (id)idnt, + (id)kSecValueRef: (__bridge id)idnt, (id)kSecAttrNoLegacy: @YES, }; ok_status(SecItemAdd((CFDictionaryRef)query, NULL)); @@ -534,14 +534,14 @@ static void test_convert_identity_to_persistent_ref() { SecIdentityRef queriedIdntRef = NULL; { NSDictionary *query = @{ - (id)kSecValueRef: (id)idnt, + (id)kSecValueRef: (__bridge id)idnt, (id)kSecReturnPersistentRef: @YES, (id)kSecAttrNoLegacy: @YES, }; ok_status(SecItemCopyMatching((CFDictionaryRef)query, (CFTypeRef *)&queriedPersistentIdntRef)); }{ NSDictionary *query = @{ - (id)kSecValuePersistentRef: (id)queriedPersistentIdntRef, + (id)kSecValuePersistentRef: (__bridge id)queriedPersistentIdntRef, (id)kSecReturnRef: @YES, (id)kSecAttrNoLegacy: @YES, }; @@ -564,7 +564,7 @@ static void test_convert_identity_to_persistent_ref() { { NSDictionary *query = @{ // identities can't be filtered out using 'label', so we will use directly the ValueRef here: - (id)kSecValueRef: (id)idnt, + (id)kSecValueRef: (__bridge id)idnt, (id)kSecAttrNoLegacy: @YES, }; ok_status(SecItemDelete((CFDictionaryRef)query)); @@ -573,6 +573,41 @@ static void test_convert_identity_to_persistent_ref() { CFReleaseNull(idnt); } +static void test_cssm_from_ios_key_single(CFTypeRef keyType, int keySize) { + NSDictionary *params = @{ + (id)kSecAttrKeyType: (__bridge id)keyType, + (id)kSecAttrKeySizeInBits: @(keySize), + (id)kSecAttrNoLegacy: @YES, + (id)kSecAttrIsPermanent: @NO, + (id)kSecAttrLabel: @"sectests:cssm-from-ios-key", + }; + NSError *error; + id privateKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)params, (void *)&error)); + ok(privateKey != nil, "Failed to generate key, err %@", error); + id publicKey = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)privateKey)); + ok(publicKey != nil, "Failed to get public key from private key"); + + const CSSM_KEY *cssmKey = NULL; + OSStatus status = SecKeyGetCSSMKey((SecKeyRef)publicKey, &cssmKey); + ok_status(status, "Failed to get CSSM key"); + isnt(cssmKey, NULL, "Got NULL CSSM key"); + + CSSM_CSP_HANDLE cspHandle = 0; + status = SecKeyGetCSPHandle((SecKeyRef)publicKey, &cspHandle); + ok_status(status, "Failed to get CSP handle"); + isnt(cssmKey, NULL, "Got 0 CSP handle"); +} +static const int kTestCSSMFromIOSKeySingleCount = 5; + +static void test_cssm_from_ios_key() { + test_cssm_from_ios_key_single(kSecAttrKeyTypeECSECPrimeRandom, 256); + test_cssm_from_ios_key_single(kSecAttrKeyTypeECSECPrimeRandom, 384); + test_cssm_from_ios_key_single(kSecAttrKeyTypeECSECPrimeRandom, 521); + test_cssm_from_ios_key_single(kSecAttrKeyTypeRSA, 1024); + test_cssm_from_ios_key_single(kSecAttrKeyTypeRSA, 2048); +} +static const int kTestCSSMFromIOSKeyCount = kTestCSSMFromIOSKeySingleCount * 5; + static const int kTestCount = kTestGenerateNoLegacyCount + kTestGenerateAccessControlCount + @@ -582,7 +617,8 @@ static const int kTestCount = kTestTransformWithIOSKey + kTestConvertKeyToPersistentRef + kTestConvertCertToPersistentRef + - kTestConvertIdentityToPersistentRef; + kTestConvertIdentityToPersistentRef + + kTestCSSMFromIOSKeyCount; int kc_43_seckey_interop(int argc, char *const *argv) { plan_tests(kTestCount); @@ -598,6 +634,7 @@ int kc_43_seckey_interop(int argc, char *const *argv) { test_convert_key_to_persistent_ref(); test_convert_cert_to_persistent_ref(); test_convert_identity_to_persistent_ref(); + test_cssm_from_ios_key(); return 0; } diff --git a/OSX/libsecurity_keychain/regressions/kc-helpers.h b/OSX/libsecurity_keychain/regressions/kc-helpers.h index f5402b3e..b84d344a 100644 --- a/OSX/libsecurity_keychain/regressions/kc-helpers.h +++ b/OSX/libsecurity_keychain/regressions/kc-helpers.h @@ -77,7 +77,7 @@ static void deleteTestFiles() { deleteKeychainFiles(keychainFile); } -static SecKeychainRef getPopulatedTestKeychain() { +static SecKeychainRef CF_RETURNS_RETAINED getPopulatedTestKeychain() { deleteKeychainFiles(keychainFile); writeFile(keychainFile, test_keychain, sizeof(test_keychain)); @@ -89,6 +89,16 @@ static SecKeychainRef getPopulatedTestKeychain() { } #define getPopulatedTestKeychainTests 2 +static SecKeychainRef CF_RETURNS_RETAINED getEmptyTestKeychain() { + deleteKeychainFiles(keychainFile); + + SecKeychainRef kc = NULL; + ok_status(SecKeychainCreate(keychainFile, (UInt32) strlen(test_keychain_password), test_keychain_password, false, NULL, &kc), "%s: getPopulatedTestKeychain: SecKeychainCreate", testName); + return kc; +} +#define getEmptyTestKeychainTests 1 + + static void addToSearchList(SecKeychainRef keychain) { CFArrayRef searchList = NULL; SecKeychainCopySearchList(&searchList); @@ -102,7 +112,7 @@ static void addToSearchList(SecKeychainRef keychain) { /* Checks to be sure there are N elements in this search, and returns the first * if it exists. */ -static SecKeychainItemRef checkN(char* testName, const CFDictionaryRef query, uint32_t n) { +static SecKeychainItemRef checkNCopyFirst(char* testName, const CFDictionaryRef CF_CONSUMED query, uint32_t n) { CFArrayRef results = NULL; if(n > 0) { ok_status(SecItemCopyMatching(query, (CFTypeRef*) &results), "%s: SecItemCopyMatching", testName); @@ -127,9 +137,18 @@ static SecKeychainItemRef checkN(char* testName, const CFDictionaryRef query, ui pass("make test numbers match"); } + CFRetainSafe(item); + CFReleaseNull(results); + CFRelease(query); return item; } + +static void checkN(char* testName, const CFDictionaryRef CF_CONSUMED query, uint32_t n) { + SecKeychainItemRef item = checkNCopyFirst(testName, query, n); + CFReleaseSafe(item); +} + #define checkNTests 3 @@ -195,7 +214,9 @@ static void changePasswordContents(SecKeychainItemRef item, CFStringRef newPassw CFDictionarySetValue(query, kSecUseItemList, itemList); CFMutableDictionaryRef attrs = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - CFDictionarySetValue(attrs, kSecValueData, CFDataCreate(NULL, (const UInt8*) CFStringGetCStringPtr(newPassword, kCFStringEncodingUTF8), CFStringGetLength(newPassword))); + CFDataRef data = CFDataCreate(NULL, (const UInt8*) CFStringGetCStringPtr(newPassword, kCFStringEncodingUTF8), CFStringGetLength(newPassword)); + CFDictionarySetValue(attrs, kSecValueData, data); + CFReleaseNull(data); ok_status(SecItemUpdate(query, attrs), "%s: SecItemUpdate", testName); } diff --git a/OSX/libsecurity_keychain/regressions/kc-item-helpers.h b/OSX/libsecurity_keychain/regressions/kc-item-helpers.h index 1a4c901e..1532e72e 100644 --- a/OSX/libsecurity_keychain/regressions/kc-item-helpers.h +++ b/OSX/libsecurity_keychain/regressions/kc-item-helpers.h @@ -69,45 +69,47 @@ static CFMutableDictionaryRef makeBaseItemDictionary(CFStringRef itemclass, CFSt return query; } -static CFMutableDictionaryRef makeQueryItemDictionaryWithService(SecKeychainRef kc, CFStringRef itemclass, CFStringRef service) { +static CFMutableDictionaryRef createQueryItemDictionaryWithService(SecKeychainRef kc, CFStringRef itemclass, CFStringRef service) { return convertToQuery(makeBaseItemDictionary(itemclass, service), kc); } -static CFMutableDictionaryRef makeQueryItemDictionary(SecKeychainRef kc, CFStringRef itemclass) { - return makeQueryItemDictionaryWithService(kc, itemclass, NULL); +static CFMutableDictionaryRef createQueryItemDictionary(SecKeychainRef kc, CFStringRef itemclass) { + return createQueryItemDictionaryWithService(kc, itemclass, NULL); } static CFMutableDictionaryRef makeBaseQueryDictionary(SecKeychainRef kc, CFStringRef itemclass) { return convertToQuery(makeBaseDictionary(itemclass), kc); } -static CFMutableDictionaryRef makeQueryCustomItemDictionaryWithService(SecKeychainRef kc, CFStringRef itemclass, CFStringRef label, CFStringRef service) { - CFMutableDictionaryRef query = makeQueryItemDictionaryWithService(kc, itemclass, service); +static CFMutableDictionaryRef createQueryCustomItemDictionaryWithService(SecKeychainRef kc, CFStringRef itemclass, CFStringRef label, CFStringRef service) { + CFMutableDictionaryRef query = createQueryItemDictionaryWithService(kc, itemclass, service); CFDictionarySetValue(query, kSecAttrLabel, label); return query; } -static CFMutableDictionaryRef makeQueryCustomItemDictionary(SecKeychainRef kc, CFStringRef itemclass, CFStringRef label) { - return makeQueryCustomItemDictionaryWithService(kc, itemclass, label, NULL); +static CFMutableDictionaryRef createQueryCustomItemDictionary(SecKeychainRef kc, CFStringRef itemclass, CFStringRef label) { + return createQueryCustomItemDictionaryWithService(kc, itemclass, label, NULL); } -static CFMutableDictionaryRef makeAddCustomItemDictionaryWithService(SecKeychainRef kc, CFStringRef itemclass, CFStringRef label, CFStringRef account, CFStringRef service) { +static CFMutableDictionaryRef createAddCustomItemDictionaryWithService(SecKeychainRef kc, CFStringRef itemclass, CFStringRef label, CFStringRef account, CFStringRef service) { CFMutableDictionaryRef query = makeBaseItemDictionary(itemclass, service); CFDictionaryAddValue(query, kSecUseKeychain, kc); CFDictionarySetValue(query, kSecAttrAccount, account); CFDictionarySetValue(query, kSecAttrComment, CFSTR("a comment")); CFDictionarySetValue(query, kSecAttrLabel, label); - CFDictionarySetValue(query, kSecValueData, CFDataCreate(NULL, (void*)"data", 4)); + CFDataRef data = CFDataCreate(NULL, (void*)"data", 4); + CFDictionarySetValue(query, kSecValueData, data); + CFReleaseNull(data); return query; } -static CFMutableDictionaryRef makeAddCustomItemDictionary(SecKeychainRef kc, CFStringRef itemclass, CFStringRef label, CFStringRef account) { - return makeAddCustomItemDictionaryWithService(kc, itemclass, label, account, NULL); +static CFMutableDictionaryRef createAddCustomItemDictionary(SecKeychainRef kc, CFStringRef itemclass, CFStringRef label, CFStringRef account) { + return createAddCustomItemDictionaryWithService(kc, itemclass, label, account, NULL); } -static CFMutableDictionaryRef makeAddItemDictionary(SecKeychainRef kc, CFStringRef itemclass, CFStringRef label) { - return makeAddCustomItemDictionary(kc, itemclass, label, CFSTR("test_account")); +static CFMutableDictionaryRef createAddItemDictionary(SecKeychainRef kc, CFStringRef itemclass, CFStringRef label) { + return createAddCustomItemDictionary(kc, itemclass, label, CFSTR("test_account")); } -static SecKeychainItemRef makeCustomItem(const char* name, SecKeychainRef kc, CFDictionaryRef addDictionary) { +static SecKeychainItemRef createCustomItem(const char* name, SecKeychainRef kc, CFDictionaryRef CF_CONSUMED addDictionary) { CFTypeRef result = NULL; ok_status(SecItemAdd(addDictionary, &result), "%s: SecItemAdd", name); ok(result != NULL, "%s: SecItemAdd returned a result", name); @@ -117,20 +119,20 @@ static SecKeychainItemRef makeCustomItem(const char* name, SecKeychainRef kc, CF return item; } -#define makeCustomItemTests 3 +#define createCustomItemTests 3 static SecKeychainItemRef makeItem(const char* name, SecKeychainRef kc, CFStringRef itemclass, CFStringRef label) { - CFMutableDictionaryRef query = makeAddItemDictionary(kc, itemclass, label); + CFMutableDictionaryRef query = createAddItemDictionary(kc, itemclass, label); - SecKeychainItemRef item = makeCustomItem(name, kc, query); + SecKeychainItemRef item = createCustomItem(name, kc, query); CFReleaseNull(query); return item; } -#define makeItemTests makeCustomItemTests +#define makeItemTests createCustomItemTests static void makeCustomDuplicateItem(const char* name, SecKeychainRef kc, CFStringRef itemclass, CFStringRef label) { - CFMutableDictionaryRef query = makeAddItemDictionary(kc, itemclass, label); + CFMutableDictionaryRef query = createAddItemDictionary(kc, itemclass, label); CFTypeRef result = NULL; is(SecItemAdd(query, &result), errSecDuplicateItem, "%s: SecItemAdd (duplicate)", name); @@ -145,7 +147,7 @@ static void makeDuplicateItem(const char* name, SecKeychainRef kc, CFStringRef i #define makeDuplicateItemTests makeCustomDuplicateItemTests -#pragma clang pop +#pragma clang diagnostic pop #else #endif /* TARGET_OS_MAC */ diff --git a/OSX/libsecurity_keychain/regressions/kc-key-helpers.h b/OSX/libsecurity_keychain/regressions/kc-key-helpers.h index 08095c8a..a3508aa5 100644 --- a/OSX/libsecurity_keychain/regressions/kc-key-helpers.h +++ b/OSX/libsecurity_keychain/regressions/kc-key-helpers.h @@ -39,7 +39,7 @@ static CFMutableDictionaryRef makeBaseKeyDictionary() { return query; } -static CFMutableDictionaryRef makeQueryKeyDictionary(SecKeychainRef kc, CFStringRef keyClass) { +static CFMutableDictionaryRef createQueryKeyDictionary(SecKeychainRef kc, CFStringRef keyClass) { CFMutableDictionaryRef query = makeBaseKeyDictionary(); CFMutableArrayRef searchList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks); @@ -52,13 +52,13 @@ static CFMutableDictionaryRef makeQueryKeyDictionary(SecKeychainRef kc, CFString return query; } -static CFMutableDictionaryRef makeQueryKeyDictionaryWithLabel(SecKeychainRef kc, CFStringRef keyClass, CFStringRef label) { - CFMutableDictionaryRef query = makeQueryKeyDictionary(kc, keyClass); +static CFMutableDictionaryRef createQueryKeyDictionaryWithLabel(SecKeychainRef kc, CFStringRef keyClass, CFStringRef label) { + CFMutableDictionaryRef query = createQueryKeyDictionary(kc, keyClass); CFDictionarySetValue(query, kSecAttrLabel, label); return query; } -static CFMutableDictionaryRef makeAddKeyDictionaryWithApplicationLabel(SecKeychainRef kc, CFStringRef keyClass, CFStringRef label, CFStringRef applicationLabel) { +static CFMutableDictionaryRef createAddKeyDictionaryWithApplicationLabel(SecKeychainRef kc, CFStringRef keyClass, CFStringRef label, CFStringRef applicationLabel) { CFMutableDictionaryRef query = makeBaseKeyDictionary(); CFDictionaryAddValue(query, kSecUseKeychain, kc); @@ -80,15 +80,16 @@ static CFMutableDictionaryRef makeAddKeyDictionaryWithApplicationLabel(SecKeycha } CFNumberRef num = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &n); CFDictionarySetValue(query, kSecAttrKeySizeInBits, num); + CFReleaseNull(num); return query; } -static CFMutableDictionaryRef makeAddKeyDictionary(SecKeychainRef kc, CFStringRef keyClass, CFStringRef label) { - return makeAddKeyDictionaryWithApplicationLabel(kc, keyClass, label, NULL); +static CFMutableDictionaryRef createAddKeyDictionary(SecKeychainRef kc, CFStringRef keyClass, CFStringRef label) { + return createAddKeyDictionaryWithApplicationLabel(kc, keyClass, label, NULL); } -static SecKeyRef makeCustomKeyWithApplicationLabel(const char* name, SecKeychainRef kc, CFStringRef label, CFStringRef applicationLabel) { - CFMutableDictionaryRef query = makeAddKeyDictionaryWithApplicationLabel(kc, kSecAttrKeyClassSymmetric, label, applicationLabel); +static SecKeyRef createCustomKeyWithApplicationLabel(const char* name, SecKeychainRef kc, CFStringRef label, CFStringRef applicationLabel) { + CFMutableDictionaryRef query = createAddKeyDictionaryWithApplicationLabel(kc, kSecAttrKeyClassSymmetric, label, applicationLabel); CFErrorRef error = NULL; SecKeyRef item = SecKeyGenerateSymmetric(query, &error); @@ -97,20 +98,20 @@ static SecKeyRef makeCustomKeyWithApplicationLabel(const char* name, SecKeychain CFReleaseNull(query); return item; } -#define makeCustomKeyWithApplicationLabelTests 1 +#define createCustomKeyWithApplicationLabelTests 1 -static SecKeyRef makeCustomKey(const char* name, SecKeychainRef kc, CFStringRef label) { - return makeCustomKeyWithApplicationLabel(name, kc, label, NULL); +static SecKeyRef createCustomKey(const char* name, SecKeychainRef kc, CFStringRef label) { + return createCustomKeyWithApplicationLabel(name, kc, label, NULL); } -#define makeCustomKeyTests makeCustomKeyWithApplicationLabelTests +#define createCustomKeyTests createCustomKeyWithApplicationLabelTests static SecKeyRef makeKey(const char* name, SecKeychainRef kc) { - return makeCustomKey(name, kc, CFSTR("test_key")); + return createCustomKey(name, kc, CFSTR("test_key")); } -#define makeKeyTests makeCustomKeyTests +#define makeKeyTests createCustomKeyTests static void makeCustomKeyPair(const char* name, SecKeychainRef kc, CFStringRef label, SecKeyRef* aPub, SecKeyRef* aPriv) { - CFMutableDictionaryRef query = makeAddKeyDictionary(kc, kSecAttrKeyClassPublic, label); + CFMutableDictionaryRef query = createAddKeyDictionary(kc, kSecAttrKeyClassPublic, label); SecKeyRef pub; SecKeyRef priv; @@ -136,7 +137,7 @@ static void makeKeyPair(const char* name, SecKeychainRef kc, SecKeyRef* aPub, Se static void makeCustomDuplicateKey(const char* name, SecKeychainRef kc, CFStringRef label) { CFMutableDictionaryRef query; - query = makeAddKeyDictionary(kc, kSecAttrKeyClassSymmetric, label); + query = createAddKeyDictionary(kc, kSecAttrKeyClassSymmetric, label); CFErrorRef error = NULL; CFReleaseSafe(SecKeyGenerateSymmetric(query, &error)); is(CFErrorGetCode(error), errSecDuplicateItem, "%s: SecKeyGenerateSymmetric (duplicate) errored: %ld", name, error ? CFErrorGetCode(error) : -1); @@ -162,7 +163,7 @@ static SecKeyRef makeCustomFreeKey(const char* name, SecKeychainRef kc, CFString NULL, /* initialAccess */ &symkey), "%s: SecKeyGenerate", name);; - CFMutableDictionaryRef query = makeAddKeyDictionary(kc, kSecAttrKeyClassSymmetric, label); + CFMutableDictionaryRef query = createAddKeyDictionary(kc, kSecAttrKeyClassSymmetric, label); CFMutableArrayRef itemList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks); CFArrayAppendValue((CFMutableArrayRef)itemList, symkey); @@ -194,7 +195,7 @@ static SecKeyRef makeCustomDuplicateFreeKey(const char* name, SecKeychainRef kc, NULL, /* initialAccess */ &symkey), "%s: SecKeyGenerate", name);; - CFMutableDictionaryRef query = makeAddKeyDictionary(kc, kSecAttrKeyClassSymmetric, label); + CFMutableDictionaryRef query = createAddKeyDictionary(kc, kSecAttrKeyClassSymmetric, label); CFMutableArrayRef itemList = (CFMutableArrayRef) CFArrayCreateMutable(kCFAllocatorDefault, 1, &kCFTypeArrayCallBacks); CFArrayAppendValue((CFMutableArrayRef)itemList, symkey); diff --git a/OSX/libsecurity_keychain/regressions/keychain_regressions.h b/OSX/libsecurity_keychain/regressions/keychain_regressions.h index 74b23a55..188a7b1c 100644 --- a/OSX/libsecurity_keychain/regressions/keychain_regressions.h +++ b/OSX/libsecurity_keychain/regressions/keychain_regressions.h @@ -27,7 +27,9 @@ ONE_TEST(kc_20_identity_persistent_refs) ONE_TEST(kc_20_identity_key_attributes) ONE_TEST(kc_20_identity_find_stress) ONE_TEST(kc_20_key_find_stress) +ONE_TEST(kc_20_item_add_stress) ONE_TEST(kc_20_item_find_stress) +ONE_TEST(kc_20_item_delete_stress) ONE_TEST(kc_21_item_use_callback) ONE_TEST(kc_21_item_xattrs) ONE_TEST(kc_23_key_export_symmetric) diff --git a/OSX/libsecurity_keychain/regressions/si-33-keychain-backup.c b/OSX/libsecurity_keychain/regressions/si-33-keychain-backup.c index cdbfc900..0f417e30 100644 --- a/OSX/libsecurity_keychain/regressions/si-33-keychain-backup.c +++ b/OSX/libsecurity_keychain/regressions/si-33-keychain-backup.c @@ -29,6 +29,7 @@ #include #include #include +#include #include #include @@ -56,15 +57,15 @@ static void tests(void) CFNumberRef eighty = CFNumberCreate(NULL, kCFNumberSInt32Type, &v_eighty); const char *v_data = "test"; CFDataRef pwdata = CFDataCreate(NULL, (UInt8 *)v_data, strlen(v_data)); - CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0, NULL, NULL); + CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); CFTypeRef result = NULL; CFDictionaryAddValue(query, kSecClass, kSecClassInternetPassword); CFDictionaryAddValue(query, kSecAttrServer, CFSTR("members.spamcop.net")); CFDictionaryAddValue(query, kSecAttrAccount, CFSTR("smith")); - CFDictionaryAddValue(query, kSecAttrPort, eighty); + CFDictionaryAddValue(query, kSecAttrPort, eighty); CFReleaseNull(eighty); CFDictionaryAddValue(query, kSecAttrProtocol, kSecAttrProtocolHTTP); CFDictionaryAddValue(query, kSecAttrAuthenticationType, kSecAttrAuthenticationTypeDefault); - CFDictionaryAddValue(query, kSecValueData, pwdata); + CFDictionaryAddValue(query, kSecValueData, pwdata); CFReleaseNull(pwdata); CFDictionaryAddValue(query, kSecAttrSynchronizable, kCFBooleanTrue); CFDataRef keybag = NULL; @@ -96,8 +97,10 @@ static void tests(void) ok_status(SecItemDelete(query), "delete restored item"); - if (backup) { CFRelease(backup); } - if (password) { CFRelease(password); } + CFReleaseNull(backup); + CFReleaseNull(keybag); + CFReleaseNull(query); + CFReleaseNull(password); } int si_33_keychain_backup(int argc, char *const *argv) diff --git a/OSX/libsecurity_keychain/regressions/si-34-one-true-keychain.c b/OSX/libsecurity_keychain/regressions/si-34-one-true-keychain.c index 0242d399..6422576b 100644 --- a/OSX/libsecurity_keychain/regressions/si-34-one-true-keychain.c +++ b/OSX/libsecurity_keychain/regressions/si-34-one-true-keychain.c @@ -31,6 +31,7 @@ #include #include #include +#include #include #include @@ -44,12 +45,12 @@ static void tests(void) const char *v_data2 = "test"; CFDataRef pwdata = CFDataCreate(NULL, (UInt8 *)v_data, strlen(v_data)); CFDataRef pwdata2 = CFDataCreate(NULL, (UInt8 *)v_data2, strlen(v_data2)); - CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0, NULL, NULL); + CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); CFTypeRef result = NULL; CFDictionaryAddValue(query, kSecClass, kSecClassInternetPassword); CFDictionaryAddValue(query, kSecAttrServer, CFSTR("members.spamcop.net")); CFDictionaryAddValue(query, kSecAttrAccount, CFSTR("smith")); - CFDictionaryAddValue(query, kSecAttrPort, eighty); + CFDictionaryAddValue(query, kSecAttrPort, eighty); CFReleaseNull(eighty); CFDictionaryAddValue(query, kSecAttrProtocol, kSecAttrProtocolHTTP); CFDictionaryAddValue(query, kSecAttrAuthenticationType, kSecAttrAuthenticationTypeDefault); @@ -79,9 +80,10 @@ static void tests(void) is_status(SecItemCopyMatching(syncQuery, &result), errSecItemNotFound, "do not find the osx item with synchronizable"); CFReleaseNull(result); - CFMutableDictionaryRef toUpdate = CFDictionaryCreateMutable(NULL, 1, NULL, NULL); + CFMutableDictionaryRef toUpdate = CFDictionaryCreateMutable(NULL, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); CFDictionaryAddValue(toUpdate, kSecValueData, pwdata2); + CFReleaseNull(pwdata2); ok_status(SecItemUpdate(query, toUpdate), "update the osx item"); is_status(SecItemUpdate(noLegacyQuery, toUpdate), errSecItemNotFound, "do not update the osx item with noLegacy"); @@ -94,6 +96,7 @@ static void tests(void) CFDictionaryAddValue(noLegacyQuery, kSecValueData, pwdata); + CFReleaseNull(pwdata); ok_status(SecItemAdd(noLegacyQuery, &result), "add internet password in iOS keychain"); CFDictionaryRemoveValue(noLegacyQuery, kSecValueData); @@ -114,6 +117,11 @@ static void tests(void) ok_status(SecItemDelete(noLegacyQuery), "delete the item with noLegacy"); + CFReleaseNull(toUpdate); + CFReleaseNull(query); + CFReleaseNull(noLegacyQuery); + CFReleaseNull(syncQuery); + CFReleaseNull(syncAnyQuery); } int si_34_one_true_keychain(int argc, char *const *argv) diff --git a/OSX/libsecurity_keychain/xpc/main.c b/OSX/libsecurity_keychain/xpc/main.c index 08feac75..5cc39f1b 100644 --- a/OSX/libsecurity_keychain/xpc/main.c +++ b/OSX/libsecurity_keychain/xpc/main.c @@ -159,8 +159,8 @@ xpc_object_t create_keychain_and_lock_paths(xpc_connection_t peer, xpc_object_t // figure out the base and dir const char* path = xpc_array_get_string(keychain_path_array, i); - char* dir; - char* base; + char* dir = NULL; + char* base = NULL; char buffer[PATH_MAX]; strcpy(buffer, path); diff --git a/OSX/libsecurity_manifest/lib/AppleManifest.cpp b/OSX/libsecurity_manifest/lib/AppleManifest.cpp index 448b42fa..b1dc1e72 100644 --- a/OSX/libsecurity_manifest/lib/AppleManifest.cpp +++ b/OSX/libsecurity_manifest/lib/AppleManifest.cpp @@ -285,8 +285,8 @@ void AppleManifest::AddManifestItemListToManifest (CFMutableDataRef data, Manife -static const char gManifestHeader[] = {0x2F, 0xAA, 0x05, 0xB3, 0x64, 0x0E, 0x9D, 0x27}; // why these numbers? These were picked at random -static const char gManifestVersion[] = {0x01, 0x00, 0x00, 0x00}; +static const unsigned char gManifestHeader[] = {0x2F, 0xAA, 0x05, 0xB3, 0x64, 0x0E, 0x9D, 0x27}; // why these numbers? These were picked at random +static const unsigned char gManifestVersion[] = {0x01, 0x00, 0x00, 0x00}; diff --git a/OSX/libsecurity_manifest/lib/Download.cpp b/OSX/libsecurity_manifest/lib/Download.cpp index 625ea5e6..69171c43 100644 --- a/OSX/libsecurity_manifest/lib/Download.cpp +++ b/OSX/libsecurity_manifest/lib/Download.cpp @@ -154,7 +154,7 @@ SecPolicyRef Download::GetPolicy () void Download::ParseTicket (CFDataRef ticket) { // make a propertylist from the ticket - CFDictionaryRef mDict = (CFDictionaryRef) _SecureDownloadParseTicketXML (ticket); + CFRef mDict = (CFDictionaryRef) _SecureDownloadParseTicketXML (ticket); CheckCFThingForNULL (mDict); CFRetain (mDict); diff --git a/OSX/libsecurity_manifest/lib/ManifestInternal.cpp b/OSX/libsecurity_manifest/lib/ManifestInternal.cpp index df1bfa14..c771e478 100644 --- a/OSX/libsecurity_manifest/lib/ManifestInternal.cpp +++ b/OSX/libsecurity_manifest/lib/ManifestInternal.cpp @@ -600,8 +600,6 @@ std::string ManifestFileItem::ResourceFileName (char* path) { return ""; } - - return filePath; } diff --git a/OSX/libsecurity_manifest/lib/SecManifest.cpp b/OSX/libsecurity_manifest/lib/SecManifest.cpp index 401c193b..88924a74 100644 --- a/OSX/libsecurity_manifest/lib/SecManifest.cpp +++ b/OSX/libsecurity_manifest/lib/SecManifest.cpp @@ -3,7 +3,7 @@ #include "Manifest.h" #include #include -#include <../sec/Security/SecBase.h> +#include <../../base/SecBase.h> /* * Copyright (c) 2004,2011,2013-2014 Apple Inc. All Rights Reserved. * @@ -78,7 +78,7 @@ static const char* GetDescription (CFTypeRef object) { return CFStringGetCStringPtr (CFCopyDescription (object), kCFStringEncodingMacRoman); } -#pragma clang pop +#pragma clang diagnostic pop diff --git a/OSX/libsecurity_manifest/lib/SecManifest.h b/OSX/libsecurity_manifest/lib/SecManifest.h index 55e57bdf..125dc598 100644 --- a/OSX/libsecurity_manifest/lib/SecManifest.h +++ b/OSX/libsecurity_manifest/lib/SecManifest.h @@ -185,8 +185,6 @@ OSStatus SecManifestAddObject(SecManifestRef manifest, @abstraact Compare one manifest to another. @param manifest1 A manifest to be compared for equality. @param manifest2 A manifest to be compared for equality. - @param verifyOwnerAndGroup If true, owner and group ID's will be checked as - part of the verification process. @result A result code. */ OSStatus SecManifestCompare(SecManifestRef manifest1, diff --git a/OSX/libsecurity_manifest/lib/SecureDownload.cpp b/OSX/libsecurity_manifest/lib/SecureDownload.cpp index d09e1cd8..dc3a5fe7 100644 --- a/OSX/libsecurity_manifest/lib/SecureDownload.cpp +++ b/OSX/libsecurity_manifest/lib/SecureDownload.cpp @@ -24,7 +24,7 @@ #include #include #include -#include <../sec/Security/SecBase.h> +#include <../../base/SecBase.h> #include "Download.h" #include "SecureDownload.h" diff --git a/OSX/libsecurity_manifest/lib/SecureDownload.h b/OSX/libsecurity_manifest/lib/SecureDownload.h index 13d94b9d..bf517f13 100644 --- a/OSX/libsecurity_manifest/lib/SecureDownload.h +++ b/OSX/libsecurity_manifest/lib/SecureDownload.h @@ -111,11 +111,11 @@ typedef SecTrustResultType(*SecureDownloadTrustEvaluateCallback) @function SecureDownloadCreateWithTicket @abstract Create a SecureDownloadRef for use during the Secure Download process. @param ticket The download ticket. - @param setupCallback Called before trust is verified for each signer of the ticket. + @param setup Called before trust is verified for each signer of the ticket. This allows the user to modify the SecTrustRef if needed (see the SecTrust documentation). Returns a SecureDownloadTrustCallbackResult (see). @param setupContext User defined. Passed as a parameter to the setupCallback. - @param evaluateCallback Called after SecTrustEvaluate has been called for a + @param evaluate Called after SecTrustEvaluate has been called for a signer if the result was not trusted. This allows the developer to query the user as to whether or not to trust the signer. Returns a SecTrustResultType @@ -160,7 +160,6 @@ OSStatus SecureDownloadCopyName (SecureDownloadRef downloadRef, CFStringRef* nam @function SecureDownloadCopyCreationDate @abstract Return the date the downlooad ticket was created. @param downloadRef A SecureDownloadRef instance. - @param name On output, the creation date. @result A result code. */ @@ -170,7 +169,7 @@ OSStatus SecureDownloadCopyCreationDate (SecureDownloadRef downloadRef, CFDateRe @function SecureDownloadGetDownloadSize @abstract Return the size of the expected download. @param downloadRef A SecureDownloadRef instance. - @param size On output, the size of the download. + @param downloadSize On output, the size of the download. @result A result code. See "Security Error Codes" (SecBase.h). */ diff --git a/OSX/libsecurity_manifest/lib/SecureDownloadInternal.c b/OSX/libsecurity_manifest/lib/SecureDownloadInternal.c index a12dd14c..99fd2f9c 100644 --- a/OSX/libsecurity_manifest/lib/SecureDownloadInternal.c +++ b/OSX/libsecurity_manifest/lib/SecureDownloadInternal.c @@ -104,7 +104,7 @@ static inline unsigned char decode64(unsigned char c) // Decodes base64 data into a binary CFData object // If first character on a line is not in the base64 alphabet, the line // is ignored. -static CFDataRef decodeBase64Data(const UInt8* ptr, size_t len) { +static CF_RETURNS_RETAINED CFDataRef decodeBase64Data(const UInt8* ptr, size_t len) { CFMutableDataRef result = CFDataCreateMutable(NULL, len); // data can't exceed len bytes if (!result) return NULL; @@ -160,7 +160,7 @@ http://www.faqs.org/rfcs/rfc3548.html // Returns a CFString containing the base64 representation of the data. // boolean argument for whether to line wrap at 64 columns or not. -static CFStringRef encodeBase64String(const UInt8* ptr, size_t len, int wrap) { +static CF_RETURNS_RETAINED CFStringRef encodeBase64String(const UInt8* ptr, size_t len, int wrap) { const char* alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz" "0123456789+/="; diff --git a/OSX/libsecurity_manifest/lib/SecureDownloadInternal.h b/OSX/libsecurity_manifest/lib/SecureDownloadInternal.h index 94b75529..dfb74686 100644 --- a/OSX/libsecurity_manifest/lib/SecureDownloadInternal.h +++ b/OSX/libsecurity_manifest/lib/SecureDownloadInternal.h @@ -14,7 +14,7 @@ extern "C" { #define SD_XML_SECTOR_SIZE CFSTR("sector_size") #define SD_XML_DIGESTS CFSTR("digests") -CFPropertyListRef _SecureDownloadParseTicketXML(CFDataRef xmlData); +CF_RETURNS_RETAINED CFPropertyListRef _SecureDownloadParseTicketXML(CFDataRef xmlData); CFDataRef _SecureDownloadCreateTicketXML(CFPropertyListRef plist); #ifdef __cplusplus diff --git a/OSX/libsecurity_manifest/lib/security_manifest.exp b/OSX/libsecurity_manifest/lib/security_manifest.exp deleted file mode 100644 index af5af6be..00000000 --- a/OSX/libsecurity_manifest/lib/security_manifest.exp +++ /dev/null @@ -1,41 +0,0 @@ -# -# Copyright (c) 2004,2011,2014 Apple Inc. All Rights Reserved. -# -# @APPLE_LICENSE_HEADER_START@ -# -# This file contains Original Code and/or Modifications of Original Code -# as defined in and that are subject to the Apple Public Source License -# Version 2.0 (the 'License'). You may not use this file except in -# compliance with the License. Please obtain a copy of the License at -# http://www.opensource.apple.com/apsl/ and read it before using this -# file. -# -# The Original Code and all software distributed under the License are -# distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER -# EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, -# INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. -# Please see the License for the specific language governing rights and -# limitations under the License. -# -# @APPLE_LICENSE_HEADER_END@ -# -_SecManifestGetVersion -_SecManifestCompare -_SecManifestCreate -_SecManifestRelease -_SecManifestVerifySignature -_SecManifestVerifySignatureWithPolicy -_SecManifestCreateSignature -_SecManifestAddObject -_SecManifestAddSigner -_SecureDownloadCreateWithTicket -_SecureDownloadUpdateWithData -_SecureDownloadFinished -_SecureDownloadRelease -_SecureDownloadCopyName -_SecureDownloadCopyURLs -_SecureDownloadCopyCreationDate -_SecureDownloadGetDownloadSize -__SecureDownloadCreateTicketXML -_SecureDownloadCopyTicketLocation diff --git a/OSX/libsecurity_manifest/libsecurity_manifest.xcodeproj/project.pbxproj b/OSX/libsecurity_manifest/libsecurity_manifest.xcodeproj/project.pbxproj deleted file mode 100644 index 6c31b8c5..00000000 --- a/OSX/libsecurity_manifest/libsecurity_manifest.xcodeproj/project.pbxproj +++ /dev/null @@ -1,372 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - D60C834A09F5AD980069DF6D /* Download.cpp in Sources */ = {isa = PBXBuildFile; fileRef = D60C834409F5AD980069DF6D /* Download.cpp */; }; - D60C834B09F5AD980069DF6D /* Download.h in Headers */ = {isa = PBXBuildFile; fileRef = D60C834509F5AD980069DF6D /* Download.h */; }; - D60C834C09F5AD980069DF6D /* SecureDownload.cpp in Sources */ = {isa = PBXBuildFile; fileRef = D60C834609F5AD980069DF6D /* SecureDownload.cpp */; }; - D60C834D09F5AD980069DF6D /* SecureDownload.h in Headers */ = {isa = PBXBuildFile; fileRef = D60C834709F5AD980069DF6D /* SecureDownload.h */; settings = {ATTRIBUTES = (); }; }; - D60C834E09F5AD980069DF6D /* SecureDownloadInternal.c in Sources */ = {isa = PBXBuildFile; fileRef = D60C834809F5AD980069DF6D /* SecureDownloadInternal.c */; }; - D60C834F09F5AD980069DF6D /* SecureDownloadInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = D60C834909F5AD980069DF6D /* SecureDownloadInternal.h */; settings = {ATTRIBUTES = (); }; }; - D6C8AFBC05DD26C6003DB724 /* SecManifest.h in Headers */ = {isa = PBXBuildFile; fileRef = D658622705DA860900E7380F /* SecManifest.h */; settings = {ATTRIBUTES = (); }; }; - D6C8AFBD05DD26D3003DB724 /* Manifest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = D637ECC205DA85AD0096F1E6 /* Manifest.cpp */; }; - D6C8AFBE05DD26D6003DB724 /* SecManifest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = D637ECC305DA85AD0096F1E6 /* SecManifest.cpp */; }; - D6CDE5BE05E3DBD9006C8558 /* AppleManifest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = D6CDE5B805E3DBD9006C8558 /* AppleManifest.cpp */; }; - D6CDE5BF05E3DBD9006C8558 /* AppleManifest.h in Headers */ = {isa = PBXBuildFile; fileRef = D6CDE5B905E3DBD9006C8558 /* AppleManifest.h */; }; - D6D22A7505DD9B8100C52E2D /* Manifest.h in Headers */ = {isa = PBXBuildFile; fileRef = D658622605DA860900E7380F /* Manifest.h */; }; - D6E7672605F3F8B6007C5669 /* ManifestInternal.cpp in Sources */ = {isa = PBXBuildFile; fileRef = D6E7672205F3F8B6007C5669 /* ManifestInternal.cpp */; }; - D6E7672705F3F8B6007C5669 /* ManifestInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = D6E7672305F3F8B6007C5669 /* ManifestInternal.h */; }; - D6E7672805F3F8B6007C5669 /* ManifestSigner.cpp in Sources */ = {isa = PBXBuildFile; fileRef = D6E7672405F3F8B6007C5669 /* ManifestSigner.cpp */; }; - D6E7672905F3F8B6007C5669 /* ManifestSigner.h in Headers */ = {isa = PBXBuildFile; fileRef = D6E7672505F3F8B6007C5669 /* ManifestSigner.h */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 182BB326146F0F6D000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 182BB321146F0F6D000BF1F3 /* libsecurity_utilities.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA2A53A0523D32800978A7B; - remoteInfo = libsecurity_utilities; - }; - 182BB32A146F0F8B000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 182BB321146F0F6D000BF1F3 /* libsecurity_utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = C2C9C69D0CECBE8400B3FE07; - remoteInfo = libsecurity_utilitiesDTrace; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXFileReference section */ - 182BB31D146F0F07000BF1F3 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 182BB31E146F0F07000BF1F3 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 182BB31F146F0F07000BF1F3 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 182BB320146F0F07000BF1F3 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 182BB321146F0F6D000BF1F3 /* libsecurity_utilities.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_utilities.xcodeproj; path = ../libsecurity_utilities/libsecurity_utilities.xcodeproj; sourceTree = ""; }; - D60C834409F5AD980069DF6D /* Download.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = Download.cpp; path = lib/Download.cpp; sourceTree = ""; }; - D60C834509F5AD980069DF6D /* Download.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = Download.h; path = lib/Download.h; sourceTree = ""; }; - D60C834609F5AD980069DF6D /* SecureDownload.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = SecureDownload.cpp; path = lib/SecureDownload.cpp; sourceTree = ""; }; - D60C834709F5AD980069DF6D /* SecureDownload.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = SecureDownload.h; path = lib/SecureDownload.h; sourceTree = ""; }; - D60C834809F5AD980069DF6D /* SecureDownloadInternal.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = SecureDownloadInternal.c; path = lib/SecureDownloadInternal.c; sourceTree = ""; }; - D60C834909F5AD980069DF6D /* SecureDownloadInternal.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = SecureDownloadInternal.h; path = lib/SecureDownloadInternal.h; sourceTree = ""; }; - D637ECC205DA85AD0096F1E6 /* Manifest.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = Manifest.cpp; path = lib/Manifest.cpp; sourceTree = ""; }; - D637ECC305DA85AD0096F1E6 /* SecManifest.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; name = SecManifest.cpp; path = lib/SecManifest.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - D658622605DA860900E7380F /* Manifest.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = Manifest.h; path = lib/Manifest.h; sourceTree = ""; }; - D658622705DA860900E7380F /* SecManifest.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = SecManifest.h; path = lib/SecManifest.h; sourceTree = ""; }; - D658622E05DA866200E7380F /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = /System/Library/Frameworks/CoreFoundation.framework; sourceTree = ""; }; - D658627305DA867300E7380F /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = /System/Library/Frameworks/Security.framework; sourceTree = ""; }; - D6C8AFAE05DD2430003DB724 /* libsecurity_manifest.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_manifest.a; sourceTree = BUILT_PRODUCTS_DIR; }; - D6C8AFE005DD2FF8003DB724 /* security_manifest.exp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.exports; name = security_manifest.exp; path = lib/security_manifest.exp; sourceTree = ""; }; - D6CDE5B805E3DBD9006C8558 /* AppleManifest.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; name = AppleManifest.cpp; path = lib/AppleManifest.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - D6CDE5B905E3DBD9006C8558 /* AppleManifest.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = AppleManifest.h; path = lib/AppleManifest.h; sourceTree = ""; }; - D6E7672205F3F8B6007C5669 /* ManifestInternal.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; name = ManifestInternal.cpp; path = lib/ManifestInternal.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - D6E7672305F3F8B6007C5669 /* ManifestInternal.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = ManifestInternal.h; path = lib/ManifestInternal.h; sourceTree = ""; }; - D6E7672405F3F8B6007C5669 /* ManifestSigner.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = ManifestSigner.cpp; path = lib/ManifestSigner.cpp; sourceTree = ""; }; - D6E7672505F3F8B6007C5669 /* ManifestSigner.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = ManifestSigner.h; path = lib/ManifestSigner.h; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - D6C8AFAB05DD2430003DB724 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 034768DDFF38A45A11DB9C8B /* Products */ = { - isa = PBXGroup; - children = ( - D6C8AFAE05DD2430003DB724 /* libsecurity_manifest.a */, - ); - name = Products; - sourceTree = ""; - }; - 0867D691FE84028FC02AAC07 /* libsecurity_manifest */ = { - isa = PBXGroup; - children = ( - 182BB321146F0F6D000BF1F3 /* libsecurity_utilities.xcodeproj */, - 08FB77ACFE841707C02AAC07 /* Source */, - 182BB31C146F0F07000BF1F3 /* config */, - 089C1665FE841158C02AAC07 /* Resources */, - 0867D69AFE84028FC02AAC07 /* External Frameworks and Libraries */, - 034768DDFF38A45A11DB9C8B /* Products */, - D6C8AFE005DD2FF8003DB724 /* security_manifest.exp */, - ); - name = libsecurity_manifest; - sourceTree = ""; - }; - 0867D69AFE84028FC02AAC07 /* External Frameworks and Libraries */ = { - isa = PBXGroup; - children = ( - D658627305DA867300E7380F /* Security.framework */, - D658622E05DA866200E7380F /* CoreFoundation.framework */, - ); - name = "External Frameworks and Libraries"; - sourceTree = ""; - }; - 089C1665FE841158C02AAC07 /* Resources */ = { - isa = PBXGroup; - children = ( - ); - name = Resources; - sourceTree = ""; - }; - 08FB77ACFE841707C02AAC07 /* Source */ = { - isa = PBXGroup; - children = ( - D60C834409F5AD980069DF6D /* Download.cpp */, - D60C834509F5AD980069DF6D /* Download.h */, - D60C834609F5AD980069DF6D /* SecureDownload.cpp */, - D60C834709F5AD980069DF6D /* SecureDownload.h */, - D60C834809F5AD980069DF6D /* SecureDownloadInternal.c */, - D60C834909F5AD980069DF6D /* SecureDownloadInternal.h */, - D6CDE5B805E3DBD9006C8558 /* AppleManifest.cpp */, - D6CDE5B905E3DBD9006C8558 /* AppleManifest.h */, - D6E7672205F3F8B6007C5669 /* ManifestInternal.cpp */, - D6E7672305F3F8B6007C5669 /* ManifestInternal.h */, - D6E7672405F3F8B6007C5669 /* ManifestSigner.cpp */, - D6E7672505F3F8B6007C5669 /* ManifestSigner.h */, - D637ECC205DA85AD0096F1E6 /* Manifest.cpp */, - D658622605DA860900E7380F /* Manifest.h */, - D658622705DA860900E7380F /* SecManifest.h */, - D637ECC305DA85AD0096F1E6 /* SecManifest.cpp */, - ); - name = Source; - sourceTree = ""; - }; - 182BB31C146F0F07000BF1F3 /* config */ = { - isa = PBXGroup; - children = ( - 182BB31D146F0F07000BF1F3 /* base.xcconfig */, - 182BB31E146F0F07000BF1F3 /* debug.xcconfig */, - 182BB31F146F0F07000BF1F3 /* lib.xcconfig */, - 182BB320146F0F07000BF1F3 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 182BB322146F0F6D000BF1F3 /* Products */ = { - isa = PBXGroup; - children = ( - 182BB327146F0F6D000BF1F3 /* libsecurity_utilities.a */, - ); - name = Products; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - D6C8AFA905DD2430003DB724 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - D6CDE5BF05E3DBD9006C8558 /* AppleManifest.h in Headers */, - D60C834D09F5AD980069DF6D /* SecureDownload.h in Headers */, - D6D22A7505DD9B8100C52E2D /* Manifest.h in Headers */, - D6E7672705F3F8B6007C5669 /* ManifestInternal.h in Headers */, - D6C8AFBC05DD26C6003DB724 /* SecManifest.h in Headers */, - D60C834F09F5AD980069DF6D /* SecureDownloadInternal.h in Headers */, - D6E7672905F3F8B6007C5669 /* ManifestSigner.h in Headers */, - D60C834B09F5AD980069DF6D /* Download.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - D6C8AFAD05DD2430003DB724 /* libsecurity_manifest */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD3960987FCDE001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_manifest" */; - buildPhases = ( - D6C8AFA905DD2430003DB724 /* Headers */, - D6C8AFAA05DD2430003DB724 /* Sources */, - D6C8AFAB05DD2430003DB724 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_manifest; - productName = libsecurity_manifest; - productReference = D6C8AFAE05DD2430003DB724 /* libsecurity_manifest.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 0867D690FE84028FC02AAC07 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD39A0987FCDE001272E0 /* Build configuration list for PBXProject "libsecurity_manifest" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - English, - Japanese, - French, - German, - ); - mainGroup = 0867D691FE84028FC02AAC07 /* libsecurity_manifest */; - productRefGroup = 034768DDFF38A45A11DB9C8B /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 182BB322146F0F6D000BF1F3 /* Products */; - ProjectRef = 182BB321146F0F6D000BF1F3 /* libsecurity_utilities.xcodeproj */; - }, - ); - projectRoot = ""; - targets = ( - D6C8AFAD05DD2430003DB724 /* libsecurity_manifest */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 182BB327146F0F6D000BF1F3 /* libsecurity_utilities.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_utilities.a; - remoteRef = 182BB326146F0F6D000BF1F3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; -/* End PBXReferenceProxy section */ - -/* Begin PBXSourcesBuildPhase section */ - D6C8AFAA05DD2430003DB724 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - D6C8AFBD05DD26D3003DB724 /* Manifest.cpp in Sources */, - D6C8AFBE05DD26D6003DB724 /* SecManifest.cpp in Sources */, - D6CDE5BE05E3DBD9006C8558 /* AppleManifest.cpp in Sources */, - D6E7672605F3F8B6007C5669 /* ManifestInternal.cpp in Sources */, - D6E7672805F3F8B6007C5669 /* ManifestSigner.cpp in Sources */, - D60C834A09F5AD980069DF6D /* Download.cpp in Sources */, - D60C834C09F5AD980069DF6D /* SecureDownload.cpp in Sources */, - D60C834E09F5AD980069DF6D /* SecureDownloadInternal.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - 182BB32B146F0F8B000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_utilitiesDTrace; - targetProxy = 182BB32A146F0F8B000BF1F3 /* PBXContainerItemProxy */; - }; -/* End PBXTargetDependency section */ - -/* Begin XCBuildConfiguration section */ - C27AD3970987FCDE001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB31E146F0F07000BF1F3 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - WARNING_CFLAGS = ( - "-Wno-error=#warnings", - "-Wmost", - "-Wno-four-char-constants", - "-Wno-unknown-pragmas", - "$(inherited)", - ); - }; - name = Debug; - }; - C27AD3990987FCDE001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB320146F0F07000BF1F3 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - WARNING_CFLAGS = ( - "-Wno-error=#warnings", - "-Wmost", - "-Wno-four-char-constants", - "-Wno-unknown-pragmas", - "$(inherited)", - ); - }; - name = Release; - }; - C27AD39B0987FCDE001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB31F146F0F07000BF1F3 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD39D0987FCDE001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB31F146F0F07000BF1F3 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C27AD3960987FCDE001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_manifest" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3970987FCDE001272E0 /* Debug */, - C27AD3990987FCDE001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD39A0987FCDE001272E0 /* Build configuration list for PBXProject "libsecurity_manifest" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD39B0987FCDE001272E0 /* Debug */, - C27AD39D0987FCDE001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 0867D690FE84028FC02AAC07 /* Project object */; -} diff --git a/OSX/libsecurity_mds/lib/MDSDatabase.cpp b/OSX/libsecurity_mds/lib/MDSDatabase.cpp index b9c2bfe5..a822021a 100644 --- a/OSX/libsecurity_mds/lib/MDSDatabase.cpp +++ b/OSX/libsecurity_mds/lib/MDSDatabase.cpp @@ -140,7 +140,6 @@ MDSDatabase::dataGetNext (DbContext &dbContext, CSSM_DB_UNIQUE_RECORD_PTR &UniqueRecordIdentifier) { CssmError ::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); - return false; } void diff --git a/OSX/libsecurity_mds/lib/MDSDictionary.cpp b/OSX/libsecurity_mds/lib/MDSDictionary.cpp index 6bae2b8e..4e330e97 100644 --- a/OSX/libsecurity_mds/lib/MDSDictionary.cpp +++ b/OSX/libsecurity_mds/lib/MDSDictionary.cpp @@ -384,7 +384,7 @@ void MDSDictionary::lookupAttributes( * } * ...else return error; */ -const CFPropertyListRef MDSDictionary::lookupWithIndirect( +CFPropertyListRef MDSDictionary::lookupWithIndirect( const char *key, CFBundleRef bundle, CFTypeID desiredType) diff --git a/OSX/libsecurity_mds/lib/MDSDictionary.h b/OSX/libsecurity_mds/lib/MDSDictionary.h index 04916659..62e89584 100644 --- a/OSX/libsecurity_mds/lib/MDSDictionary.h +++ b/OSX/libsecurity_mds/lib/MDSDictionary.h @@ -104,7 +104,7 @@ public: * Lookup with file-based indirection. Allows multiple mdsinfo file to share * commmon info from a separate plist file. */ - const CFPropertyListRef lookupWithIndirect( + CFPropertyListRef lookupWithIndirect( const char *key, CFBundleRef bundle, CFTypeID desiredType); diff --git a/OSX/libsecurity_mds/lib/MDSSession.cpp b/OSX/libsecurity_mds/lib/MDSSession.cpp index d91669a5..6e5052c2 100644 --- a/OSX/libsecurity_mds/lib/MDSSession.cpp +++ b/OSX/libsecurity_mds/lib/MDSSession.cpp @@ -69,7 +69,7 @@ using namespace CssmClient; * DB files when they are the source of these copies; this is the same mechanism * used by the underlying AtomicFile. * - * The sticky bit in /var/db/mds ensures that users cannot modify other userss private + * The sticky bit in /var/db/mds ensures that users cannot modify other users' private * MDS directories. */ namespace Security @@ -785,9 +785,6 @@ MDSSession::LockHelper::obtainLock( return true; } } - - /* not reached */ - return false; } // @@ -943,7 +940,7 @@ static void safeCopyFile( } else { break; - haveLock = true; + //haveLock = true; } } diff --git a/OSX/libsecurity_mds/lib/security_mds.exp b/OSX/libsecurity_mds/lib/security_mds.exp deleted file mode 100644 index 76dbf609..00000000 --- a/OSX/libsecurity_mds/lib/security_mds.exp +++ /dev/null @@ -1,6 +0,0 @@ -_MDS_Initialize -_MDS_Install -_MDS_Terminate -_MDS_Uninstall -_MDS_InstallFile -_MDS_RemoveSubservice \ No newline at end of file diff --git a/OSX/libsecurity_mds/libsecurity_mds.xcodeproj/project.pbxproj b/OSX/libsecurity_mds/libsecurity_mds.xcodeproj/project.pbxproj deleted file mode 100644 index 195b6bba..00000000 --- a/OSX/libsecurity_mds/libsecurity_mds.xcodeproj/project.pbxproj +++ /dev/null @@ -1,343 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 4C30839C053237110028A8C6 /* mdsapi.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C308389053237100028A8C6 /* mdsapi.cpp */; }; - 4C30839D053237110028A8C6 /* MDSAttrParser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C30838A053237100028A8C6 /* MDSAttrParser.cpp */; }; - 4C30839E053237110028A8C6 /* MDSAttrParser.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C30838B053237100028A8C6 /* MDSAttrParser.h */; settings = {ATTRIBUTES = (); }; }; - 4C30839F053237110028A8C6 /* MDSAttrStrings.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C30838C053237100028A8C6 /* MDSAttrStrings.cpp */; }; - 4C3083A0053237110028A8C6 /* MDSAttrStrings.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C30838D053237100028A8C6 /* MDSAttrStrings.h */; settings = {ATTRIBUTES = (); }; }; - 4C3083A1053237110028A8C6 /* MDSAttrUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C30838E053237100028A8C6 /* MDSAttrUtils.cpp */; }; - 4C3083A2053237110028A8C6 /* MDSAttrUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C30838F053237100028A8C6 /* MDSAttrUtils.h */; settings = {ATTRIBUTES = (); }; }; - 4C3083A3053237110028A8C6 /* MDSDatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C308390053237100028A8C6 /* MDSDatabase.cpp */; }; - 4C3083A4053237110028A8C6 /* MDSDatabase.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C308391053237100028A8C6 /* MDSDatabase.h */; settings = {ATTRIBUTES = (); }; }; - 4C3083A5053237110028A8C6 /* MDSDictionary.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C308392053237100028A8C6 /* MDSDictionary.cpp */; }; - 4C3083A6053237110028A8C6 /* MDSDictionary.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C308393053237100028A8C6 /* MDSDictionary.h */; settings = {ATTRIBUTES = (); }; }; - 4C3083A7053237110028A8C6 /* MDSModule.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C308394053237100028A8C6 /* MDSModule.cpp */; }; - 4C3083A8053237110028A8C6 /* MDSModule.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C308395053237100028A8C6 /* MDSModule.h */; settings = {ATTRIBUTES = (); }; }; - 4C3083AB053237110028A8C6 /* MDSSchema.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C308398053237100028A8C6 /* MDSSchema.cpp */; }; - 4C3083AC053237110028A8C6 /* MDSSchema.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C308399053237100028A8C6 /* MDSSchema.h */; settings = {ATTRIBUTES = (); }; }; - 4C3083AD053237110028A8C6 /* MDSSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C30839A053237100028A8C6 /* MDSSession.cpp */; }; - 4C3083AE053237110028A8C6 /* MDSSession.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C30839B053237100028A8C6 /* MDSSession.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F80058137FF00834D11 /* mds.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCB009105800B7C00981D43 /* mds.h */; settings = {ATTRIBUTES = (); }; }; - 4CF36F81058137FF00834D11 /* mds_schema.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCB009005800B7C00981D43 /* mds_schema.h */; settings = {ATTRIBUTES = (); }; }; - C2FEF720067FB56800AE16D6 /* mdspriv.h in Headers */ = {isa = PBXBuildFile; fileRef = C2FEF71E067FB53F00AE16D6 /* mdspriv.h */; settings = {ATTRIBUTES = (); }; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 182BB367146F1255000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 182BB362146F1255000BF1F3 /* libsecurity_cdsa_plugin.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_cdsa_plugin; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXFileReference section */ - 182BB35E146F11F1000BF1F3 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 182BB35F146F11F1000BF1F3 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 182BB360146F11F1000BF1F3 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 182BB361146F11F1000BF1F3 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 182BB362146F1255000BF1F3 /* libsecurity_cdsa_plugin.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_cdsa_plugin.xcodeproj; path = ../libsecurity_cdsa_plugin/libsecurity_cdsa_plugin.xcodeproj; sourceTree = ""; }; - 4C308389053237100028A8C6 /* mdsapi.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = mdsapi.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4C30838A053237100028A8C6 /* MDSAttrParser.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MDSAttrParser.cpp; sourceTree = ""; }; - 4C30838B053237100028A8C6 /* MDSAttrParser.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MDSAttrParser.h; sourceTree = ""; }; - 4C30838C053237100028A8C6 /* MDSAttrStrings.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MDSAttrStrings.cpp; sourceTree = ""; }; - 4C30838D053237100028A8C6 /* MDSAttrStrings.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MDSAttrStrings.h; sourceTree = ""; }; - 4C30838E053237100028A8C6 /* MDSAttrUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MDSAttrUtils.cpp; sourceTree = ""; }; - 4C30838F053237100028A8C6 /* MDSAttrUtils.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = MDSAttrUtils.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - 4C308390053237100028A8C6 /* MDSDatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MDSDatabase.cpp; sourceTree = ""; }; - 4C308391053237100028A8C6 /* MDSDatabase.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MDSDatabase.h; sourceTree = ""; }; - 4C308392053237100028A8C6 /* MDSDictionary.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MDSDictionary.cpp; sourceTree = ""; }; - 4C308393053237100028A8C6 /* MDSDictionary.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MDSDictionary.h; sourceTree = ""; }; - 4C308394053237100028A8C6 /* MDSModule.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = MDSModule.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4C308395053237100028A8C6 /* MDSModule.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MDSModule.h; sourceTree = ""; }; - 4C308398053237100028A8C6 /* MDSSchema.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = MDSSchema.cpp; sourceTree = ""; }; - 4C308399053237100028A8C6 /* MDSSchema.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MDSSchema.h; sourceTree = ""; }; - 4C30839A053237100028A8C6 /* MDSSession.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = MDSSession.cpp; sourceTree = ""; usesTabs = 1; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4C30839B053237100028A8C6 /* MDSSession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = MDSSession.h; sourceTree = ""; }; - 4CA1FEBE052A3C8100F22E42 /* libsecurity_mds.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_mds.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CCB008B05800B0B00981D43 /* security_mds.exp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.exports; path = security_mds.exp; sourceTree = ""; }; - 4CCB009005800B7C00981D43 /* mds_schema.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = mds_schema.h; sourceTree = ""; }; - 4CCB009105800B7C00981D43 /* mds.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = mds.h; sourceTree = ""; }; - C2FEF71E067FB53F00AE16D6 /* mdspriv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = mdspriv.h; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 182BB35D146F11F1000BF1F3 /* config */ = { - isa = PBXGroup; - children = ( - 182BB35E146F11F1000BF1F3 /* base.xcconfig */, - 182BB35F146F11F1000BF1F3 /* debug.xcconfig */, - 182BB360146F11F1000BF1F3 /* lib.xcconfig */, - 182BB361146F11F1000BF1F3 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 182BB363146F1255000BF1F3 /* Products */ = { - isa = PBXGroup; - children = ( - 182BB368146F1255000BF1F3 /* libsecurity_cdsa_plugin.a */, - ); - name = Products; - sourceTree = ""; - }; - 4C308388053237100028A8C6 /* lib */ = { - isa = PBXGroup; - children = ( - 4C308389053237100028A8C6 /* mdsapi.cpp */, - 4C30838A053237100028A8C6 /* MDSAttrParser.cpp */, - 4C30838B053237100028A8C6 /* MDSAttrParser.h */, - 4C30838C053237100028A8C6 /* MDSAttrStrings.cpp */, - 4C30838D053237100028A8C6 /* MDSAttrStrings.h */, - 4C30838E053237100028A8C6 /* MDSAttrUtils.cpp */, - 4C30838F053237100028A8C6 /* MDSAttrUtils.h */, - 4C308390053237100028A8C6 /* MDSDatabase.cpp */, - 4C308391053237100028A8C6 /* MDSDatabase.h */, - 4C308392053237100028A8C6 /* MDSDictionary.cpp */, - 4C308393053237100028A8C6 /* MDSDictionary.h */, - 4C308394053237100028A8C6 /* MDSModule.cpp */, - 4C308395053237100028A8C6 /* MDSModule.h */, - 4C308398053237100028A8C6 /* MDSSchema.cpp */, - 4C308399053237100028A8C6 /* MDSSchema.h */, - 4C30839A053237100028A8C6 /* MDSSession.cpp */, - 4C30839B053237100028A8C6 /* MDSSession.h */, - 4CCB009005800B7C00981D43 /* mds_schema.h */, - 4CCB009105800B7C00981D43 /* mds.h */, - C2FEF71E067FB53F00AE16D6 /* mdspriv.h */, - 4CCB008B05800B0B00981D43 /* security_mds.exp */, - ); - path = lib; - sourceTree = ""; - }; - 4CA1FEA7052A3C3800F22E42 = { - isa = PBXGroup; - children = ( - 182BB362146F1255000BF1F3 /* libsecurity_cdsa_plugin.xcodeproj */, - 4C308388053237100028A8C6 /* lib */, - 182BB35D146F11F1000BF1F3 /* config */, - 4CA1FEBF052A3C8100F22E42 /* Products */, - ); - sourceTree = ""; - }; - 4CA1FEBF052A3C8100F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - 4CA1FEBE052A3C8100F22E42 /* libsecurity_mds.a */, - ); - name = Products; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 4CA1FEB9052A3C8100F22E42 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 4CF36F80058137FF00834D11 /* mds.h in Headers */, - 4CF36F81058137FF00834D11 /* mds_schema.h in Headers */, - C2FEF720067FB56800AE16D6 /* mdspriv.h in Headers */, - 4C30839E053237110028A8C6 /* MDSAttrParser.h in Headers */, - 4C3083A0053237110028A8C6 /* MDSAttrStrings.h in Headers */, - 4C3083A2053237110028A8C6 /* MDSAttrUtils.h in Headers */, - 4C3083A4053237110028A8C6 /* MDSDatabase.h in Headers */, - 4C3083A6053237110028A8C6 /* MDSDictionary.h in Headers */, - 4C3083A8053237110028A8C6 /* MDSModule.h in Headers */, - 4C3083AC053237110028A8C6 /* MDSSchema.h in Headers */, - 4C3083AE053237110028A8C6 /* MDSSession.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 4CA1FEBD052A3C8100F22E42 /* libsecurity_mds */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD3A40987FCDE001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_mds" */; - buildPhases = ( - 4CA1FEB9052A3C8100F22E42 /* Headers */, - 4CA1FEBA052A3C8100F22E42 /* Sources */, - 4CA1FEBB052A3C8100F22E42 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_mds; - productName = libsecurity_mds; - productReference = 4CA1FEBE052A3C8100F22E42 /* libsecurity_mds.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEAB052A3C3800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD3A80987FCDE001272E0 /* Build configuration list for PBXProject "libsecurity_mds" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - en, - ); - mainGroup = 4CA1FEA7052A3C3800F22E42; - productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 182BB363146F1255000BF1F3 /* Products */; - ProjectRef = 182BB362146F1255000BF1F3 /* libsecurity_cdsa_plugin.xcodeproj */; - }, - ); - projectRoot = ""; - targets = ( - 4CA1FEBD052A3C8100F22E42 /* libsecurity_mds */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 182BB368146F1255000BF1F3 /* libsecurity_cdsa_plugin.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_cdsa_plugin.a; - remoteRef = 182BB367146F1255000BF1F3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; -/* End PBXReferenceProxy section */ - -/* Begin PBXSourcesBuildPhase section */ - 4CA1FEBA052A3C8100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4C30839C053237110028A8C6 /* mdsapi.cpp in Sources */, - 4C30839D053237110028A8C6 /* MDSAttrParser.cpp in Sources */, - 4C30839F053237110028A8C6 /* MDSAttrStrings.cpp in Sources */, - 4C3083A1053237110028A8C6 /* MDSAttrUtils.cpp in Sources */, - 4C3083A3053237110028A8C6 /* MDSDatabase.cpp in Sources */, - 4C3083A5053237110028A8C6 /* MDSDictionary.cpp in Sources */, - 4C3083A7053237110028A8C6 /* MDSModule.cpp in Sources */, - 4C3083AB053237110028A8C6 /* MDSSchema.cpp in Sources */, - 4C3083AD053237110028A8C6 /* MDSSession.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin XCBuildConfiguration section */ - C27AD3A50987FCDE001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB35F146F11F1000BF1F3 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - WARNING_CFLAGS = ( - "$(inherited)", - "-Wno-error=overloaded-virtual", - ); - }; - name = Debug; - }; - C27AD3A70987FCDE001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB361146F11F1000BF1F3 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - WARNING_CFLAGS = ( - "$(inherited)", - "-Wno-error=overloaded-virtual", - ); - }; - name = Release; - }; - C27AD3A90987FCDE001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB360146F11F1000BF1F3 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD3AB0987FCDE001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB360146F11F1000BF1F3 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C27AD3A40987FCDE001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_mds" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3A50987FCDE001272E0 /* Debug */, - C27AD3A70987FCDE001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD3A80987FCDE001272E0 /* Build configuration list for PBXProject "libsecurity_mds" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3A90987FCDE001272E0 /* Debug */, - C27AD3AB0987FCDE001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; -} diff --git a/OSX/libsecurity_ocspd/common/ocspdUtils.cpp b/OSX/libsecurity_ocspd/common/ocspdUtils.cpp index efbdb8a6..abaa658f 100644 --- a/OSX/libsecurity_ocspd/common/ocspdUtils.cpp +++ b/OSX/libsecurity_ocspd/common/ocspdUtils.cpp @@ -217,7 +217,7 @@ CFAbsoluteTime genTimeToCFAbsTime( } } while(toGo != 0); - if(str[strLen - 1] == 'Z') { + if(strLen >= 1 && str[strLen - 1] == 'Z') { isGMT = true; strLen--; } @@ -267,6 +267,8 @@ void cfAbsTimeToGgenTime( /* time zone = GMT */ CFTimeZoneRef tz = CFTimeZoneCreateWithTimeIntervalFromGMT(NULL, 0.0); CFGregorianDate greg = CFAbsoluteTimeGetGregorianDate(absTime, tz); + CFRelease(tz); + int seconds = (int)greg.second; sprintf(genTime, "%04d%02d%02d%02d%02d%02dZ", (int)greg.year, greg.month, greg.day, greg.hour, diff --git a/OSX/libsecurity_ocspd/libsecurity_ocspd.xcodeproj/project.pbxproj b/OSX/libsecurity_ocspd/libsecurity_ocspd.xcodeproj/project.pbxproj deleted file mode 100644 index dc39772d..00000000 --- a/OSX/libsecurity_ocspd/libsecurity_ocspd.xcodeproj/project.pbxproj +++ /dev/null @@ -1,438 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 051BDB72069B36EA00F9D07E /* ocspd_client.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 051BDB71069B36EA00F9D07E /* ocspd_client.cpp */; }; - 056FCF9A069B5D2B00F710C4 /* ocspdClient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 056FCF99069B5D2B00F710C4 /* ocspdClient.cpp */; }; - 0586E577069CAEFA00F6FAAA /* ocspResponse.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0586E575069CAEFA00F6FAAA /* ocspResponse.cpp */; }; - 0586E578069CAEFA00F6FAAA /* ocspResponse.h in Headers */ = {isa = PBXBuildFile; fileRef = 0586E576069CAEFA00F6FAAA /* ocspResponse.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 0586E5AB069CB07D00F6FAAA /* ocspExtensions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0586E5A9069CB07D00F6FAAA /* ocspExtensions.cpp */; }; - 0586E5AC069CB07D00F6FAAA /* ocspExtensions.h in Headers */ = {isa = PBXBuildFile; fileRef = 0586E5AA069CB07D00F6FAAA /* ocspExtensions.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 0586E5AF069CB0D300F6FAAA /* ocspdUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = 0586E5AE069CB0D300F6FAAA /* ocspdUtils.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 0586E5B6069CB13500F6FAAA /* ocspdUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0586E5B5069CB13500F6FAAA /* ocspdUtils.cpp */; }; - 05B9047406A05453008F547D /* ocspdDbSchema.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 05B9047206A05453008F547D /* ocspdDbSchema.cpp */; }; - 05B9047506A05453008F547D /* ocspdDbSchema.h in Headers */ = {isa = PBXBuildFile; fileRef = 05B9047306A05453008F547D /* ocspdDbSchema.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 05E4ADFB06A8400F00546A37 /* ocspd.h in Headers */ = {isa = PBXBuildFile; fileRef = 056FCCEE069B390A00F710C4 /* ocspd.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 05E4ADFC06A8401000546A37 /* ocspd_server.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 056FCCEF069B390A00F710C4 /* ocspd_server.cpp */; }; - 18BFBA301472EF50006B86EC /* ocspdTypes.h in Headers */ = {isa = PBXBuildFile; fileRef = 056FCDBE069B429900F710C4 /* ocspdTypes.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BFBA311472EF50006B86EC /* ocspdDebug.h in Headers */ = {isa = PBXBuildFile; fileRef = 056FCCE6069B389300F710C4 /* ocspdDebug.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BFBA321472EF50006B86EC /* ocspdClient.h in Headers */ = {isa = PBXBuildFile; fileRef = 056FCF98069B5D1900F710C4 /* ocspdClient.h */; settings = {ATTRIBUTES = (Public, ); }; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 182BB3C2146F1D93000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1844612F146E8CB300B12992 /* libsecurity_utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = C2C9C69D0CECBE8400B3FE07; - remoteInfo = libsecurity_utilitiesDTrace; - }; - 18446128146E88C600B12992 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 051BDB75069B372600F9D07E; - remoteInfo = "MIG Interface"; - }; - 18446134146E8CB300B12992 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1844612F146E8CB300B12992 /* libsecurity_utilities.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA2A53A0523D32800978A7B; - remoteInfo = libsecurity_utilities; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXFileReference section */ - 051BDB6D069B36CD00F9D07E /* mig.mk */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = mig.mk; sourceTree = ""; }; - 051BDB6E069B36CD00F9D07E /* ocspd.defs */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.mig; path = ocspd.defs; sourceTree = ""; }; - 051BDB71069B36EA00F9D07E /* ocspd_client.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = ocspd_client.cpp; path = derived_src/security_ocspd/ocspd_client.cpp; sourceTree = BUILT_PRODUCTS_DIR; }; - 056FCCE6069B389300F710C4 /* ocspdDebug.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; lineEnding = 0; name = ocspdDebug.h; path = common/ocspdDebug.h; sourceTree = SOURCE_ROOT; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - 056FCCEE069B390A00F710C4 /* ocspd.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = ocspd.h; path = derived_src/security_ocspd/ocspd.h; sourceTree = BUILT_PRODUCTS_DIR; }; - 056FCCEF069B390A00F710C4 /* ocspd_server.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = ocspd_server.cpp; path = derived_src/security_ocspd/ocspd_server.cpp; sourceTree = BUILT_PRODUCTS_DIR; }; - 056FCDBE069B429900F710C4 /* ocspdTypes.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ocspdTypes.h; sourceTree = ""; }; - 056FCF98069B5D1900F710C4 /* ocspdClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ocspdClient.h; sourceTree = ""; }; - 056FCF99069B5D2B00F710C4 /* ocspdClient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ocspdClient.cpp; sourceTree = ""; }; - 0586E575069CAEFA00F6FAAA /* ocspResponse.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = ocspResponse.cpp; sourceTree = ""; }; - 0586E576069CAEFA00F6FAAA /* ocspResponse.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ocspResponse.h; sourceTree = ""; }; - 0586E5A9069CB07D00F6FAAA /* ocspExtensions.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = ocspExtensions.cpp; sourceTree = ""; }; - 0586E5AA069CB07D00F6FAAA /* ocspExtensions.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ocspExtensions.h; sourceTree = ""; }; - 0586E5AE069CB0D300F6FAAA /* ocspdUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ocspdUtils.h; sourceTree = ""; }; - 0586E5B5069CB13500F6FAAA /* ocspdUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ocspdUtils.cpp; sourceTree = ""; }; - 05B9047206A05453008F547D /* ocspdDbSchema.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = ocspdDbSchema.cpp; sourceTree = ""; }; - 05B9047306A05453008F547D /* ocspdDbSchema.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ocspdDbSchema.h; sourceTree = ""; }; - 1844612B146E894C00B12992 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 1844612C146E894C00B12992 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 1844612D146E894C00B12992 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 1844612E146E894C00B12992 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 1844612F146E8CB300B12992 /* libsecurity_utilities.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_utilities.xcodeproj; path = ../libsecurity_utilities/libsecurity_utilities.xcodeproj; sourceTree = ""; }; - 4CA1FEBE052A3C8100F22E42 /* libsecurity_ocspd.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_ocspd.a; sourceTree = BUILT_PRODUCTS_DIR; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 051BDB65069B365E00F9D07E /* mig */ = { - isa = PBXGroup; - children = ( - 051BDB6D069B36CD00F9D07E /* mig.mk */, - 051BDB6E069B36CD00F9D07E /* ocspd.defs */, - ); - path = mig; - sourceTree = ""; - }; - 051BDB68069B366800F9D07E /* derived_src */ = { - isa = PBXGroup; - children = ( - 056FCCEE069B390A00F710C4 /* ocspd.h */, - 056FCCEF069B390A00F710C4 /* ocspd_server.cpp */, - 051BDB71069B36EA00F9D07E /* ocspd_client.cpp */, - ); - path = derived_src; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 056FCD93069B41E300F710C4 /* common */ = { - isa = PBXGroup; - children = ( - 0586E5B5069CB13500F6FAAA /* ocspdUtils.cpp */, - 0586E5AE069CB0D300F6FAAA /* ocspdUtils.h */, - 056FCDBE069B429900F710C4 /* ocspdTypes.h */, - 056FCCE6069B389300F710C4 /* ocspdDebug.h */, - 05B9047206A05453008F547D /* ocspdDbSchema.cpp */, - 05B9047306A05453008F547D /* ocspdDbSchema.h */, - 0586E5A9069CB07D00F6FAAA /* ocspExtensions.cpp */, - 0586E5AA069CB07D00F6FAAA /* ocspExtensions.h */, - 0586E575069CAEFA00F6FAAA /* ocspResponse.cpp */, - 0586E576069CAEFA00F6FAAA /* ocspResponse.h */, - ); - path = common; - sourceTree = ""; - }; - 056FCF97069B5CE900F710C4 /* client */ = { - isa = PBXGroup; - children = ( - 056FCF99069B5D2B00F710C4 /* ocspdClient.cpp */, - 056FCF98069B5D1900F710C4 /* ocspdClient.h */, - ); - path = client; - sourceTree = ""; - }; - 1844612A146E894C00B12992 /* config */ = { - isa = PBXGroup; - children = ( - 1844612B146E894C00B12992 /* base.xcconfig */, - 1844612C146E894C00B12992 /* debug.xcconfig */, - 1844612D146E894C00B12992 /* lib.xcconfig */, - 1844612E146E894C00B12992 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 18446130146E8CB300B12992 /* Products */ = { - isa = PBXGroup; - children = ( - 18446135146E8CB300B12992 /* libsecurity_utilities.a */, - ); - name = Products; - sourceTree = ""; - }; - 4CA1FEA7052A3C3800F22E42 = { - isa = PBXGroup; - children = ( - 1844612F146E8CB300B12992 /* libsecurity_utilities.xcodeproj */, - 056FCD93069B41E300F710C4 /* common */, - 056FCF97069B5CE900F710C4 /* client */, - 1844612A146E894C00B12992 /* config */, - 051BDB65069B365E00F9D07E /* mig */, - 051BDB68069B366800F9D07E /* derived_src */, - 4CA1FEBF052A3C8100F22E42 /* Products */, - ); - sourceTree = ""; - }; - 4CA1FEBF052A3C8100F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - 4CA1FEBE052A3C8100F22E42 /* libsecurity_ocspd.a */, - ); - name = Products; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - C2EDE99A0545D8AD00E31CF9 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 18BFBA301472EF50006B86EC /* ocspdTypes.h in Headers */, - 18BFBA311472EF50006B86EC /* ocspdDebug.h in Headers */, - 18BFBA321472EF50006B86EC /* ocspdClient.h in Headers */, - 0586E578069CAEFA00F6FAAA /* ocspResponse.h in Headers */, - 0586E5AC069CB07D00F6FAAA /* ocspExtensions.h in Headers */, - 0586E5AF069CB0D300F6FAAA /* ocspdUtils.h in Headers */, - 05B9047506A05453008F547D /* ocspdDbSchema.h in Headers */, - 05E4ADFB06A8400F00546A37 /* ocspd.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXLegacyTarget section */ - 051BDB75069B372600F9D07E /* MIG Interface */ = { - isa = PBXLegacyTarget; - buildArgumentsString = "-f mig/mig.mk $(ACTION)"; - buildConfigurationList = C27AD3AE0987FCDF001272E0 /* Build configuration list for PBXLegacyTarget "MIG Interface" */; - buildPhases = ( - ); - buildToolPath = /usr/bin/gnumake; - dependencies = ( - ); - name = "MIG Interface"; - passBuildSettingsInEnvironment = 1; - productName = "MIG Interface"; - }; -/* End PBXLegacyTarget section */ - -/* Begin PBXNativeTarget section */ - 4CA1FEBD052A3C8100F22E42 /* libsecurity_ocspd */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD3B60987FCDF001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_ocspd" */; - buildPhases = ( - C2EDE99A0545D8AD00E31CF9 /* Headers */, - 4CA1FEBA052A3C8100F22E42 /* Sources */, - 4CA1FEBB052A3C8100F22E42 /* Frameworks */, - 18B96B0C14743FA9005A4D2E /* ShellScript */, - ); - buildRules = ( - ); - dependencies = ( - 18446129146E88C600B12992 /* PBXTargetDependency */, - ); - name = libsecurity_ocspd; - productInstallPath = /usr/local/lib; - productName = libsecurity_cdsa_client; - productReference = 4CA1FEBE052A3C8100F22E42 /* libsecurity_ocspd.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEAB052A3C3800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD3BA0987FCDF001272E0 /* Build configuration list for PBXProject "libsecurity_ocspd" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - en, - ); - mainGroup = 4CA1FEA7052A3C3800F22E42; - productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 18446130146E8CB300B12992 /* Products */; - ProjectRef = 1844612F146E8CB300B12992 /* libsecurity_utilities.xcodeproj */; - }, - ); - projectRoot = ../../../..; - targets = ( - 4CA1FEBD052A3C8100F22E42 /* libsecurity_ocspd */, - 051BDB75069B372600F9D07E /* MIG Interface */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 18446135146E8CB300B12992 /* libsecurity_utilities.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_utilities.a; - remoteRef = 18446134146E8CB300B12992 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; -/* End PBXReferenceProxy section */ - -/* Begin PBXShellScriptBuildPhase section */ - 18B96B0C14743FA9005A4D2E /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - "$(SRCROOT)/", - "$(SRCROOT)/mig/", - "$(SRCROOT)/client/", - "$(SRCROOT)/common/", - ); - outputPaths = ( - "${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}", - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "# with our source directories as input files, Xcode will only re-run this phase if there's been a source change\nnmedit -p \"${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}\"\nranlib \"${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}\""; - }; -/* End PBXShellScriptBuildPhase section */ - -/* Begin PBXSourcesBuildPhase section */ - 4CA1FEBA052A3C8100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 051BDB72069B36EA00F9D07E /* ocspd_client.cpp in Sources */, - 056FCF9A069B5D2B00F710C4 /* ocspdClient.cpp in Sources */, - 0586E577069CAEFA00F6FAAA /* ocspResponse.cpp in Sources */, - 0586E5AB069CB07D00F6FAAA /* ocspExtensions.cpp in Sources */, - 0586E5B6069CB13500F6FAAA /* ocspdUtils.cpp in Sources */, - 05B9047406A05453008F547D /* ocspdDbSchema.cpp in Sources */, - 05E4ADFC06A8401000546A37 /* ocspd_server.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - 182BB3C3146F1D93000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_utilitiesDTrace; - targetProxy = 182BB3C2146F1D93000BF1F3 /* PBXContainerItemProxy */; - }; - 18446129146E88C600B12992 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 051BDB75069B372600F9D07E /* MIG Interface */; - targetProxy = 18446128146E88C600B12992 /* PBXContainerItemProxy */; - }; -/* End PBXTargetDependency section */ - -/* Begin XCBuildConfiguration section */ - C27AD3AF0987FCDF001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - INSTALLHDRS_SCRIPT_PHASE = YES; - }; - name = Debug; - }; - C27AD3B10987FCDF001272E0 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - INSTALLHDRS_SCRIPT_PHASE = YES; - }; - name = Release; - }; - C27AD3B70987FCDF001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1844612C146E894C00B12992 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_ocspd; - SKIP_INSTALL = NO; - }; - name = Debug; - }; - C27AD3B90987FCDF001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1844612E146E894C00B12992 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_ocspd; - SKIP_INSTALL = NO; - }; - name = Release; - }; - C27AD3BB0987FCDF001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1844612D146E894C00B12992 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD3BD0987FCDF001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1844612D146E894C00B12992 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C27AD3AE0987FCDF001272E0 /* Build configuration list for PBXLegacyTarget "MIG Interface" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3AF0987FCDF001272E0 /* Debug */, - C27AD3B10987FCDF001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD3B60987FCDF001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_ocspd" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3B70987FCDF001272E0 /* Debug */, - C27AD3B90987FCDF001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD3BA0987FCDF001272E0 /* Build configuration list for PBXProject "libsecurity_ocspd" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3BB0987FCDF001272E0 /* Debug */, - C27AD3BD0987FCDF001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; -} diff --git a/OSX/libsecurity_ocspd/mig/mig.mk b/OSX/libsecurity_ocspd/mig/mig.mk deleted file mode 100644 index ecc3077d..00000000 --- a/OSX/libsecurity_ocspd/mig/mig.mk +++ /dev/null @@ -1,47 +0,0 @@ -# -# Copyright (c) 2003-2004,2011,2014 Apple Inc. All Rights Reserved. -# -# @APPLE_LICENSE_HEADER_START@ -# -# This file contains Original Code and/or Modifications of Original Code -# as defined in and that are subject to the Apple Public Source License -# Version 2.0 (the 'License'). You may not use this file except in -# compliance with the License. Please obtain a copy of the License at -# http://www.opensource.apple.com/apsl/ and read it before using this -# file. -# -# The Original Code and all software distributed under the License are -# distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER -# EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, -# INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. -# Please see the License for the specific language governing rights and -# limitations under the License. -# -# @APPLE_LICENSE_HEADER_END@ -# -# Makefile to build MIG-generated sources and headers -# -DERIVED_SRC = $(BUILT_PRODUCTS_DIR)/derived_src/security_ocspd - -HDRS = $(DERIVED_SRC)/ocspd.h -SRCS = $(DERIVED_SRC)/ocspd_server.cpp $(DERIVED_SRC)/ocspd_client.cpp -SDKROOT := $(shell xcrun --show-sdk-path --sdk macosx.internal) - -build: $(HDRS) $(SRCS) - -install: build - -installhdrs: $(HDRS) - -installsrc: - -clean: - rm -f $(HDRS) $(SRCS) - -$(HDRS) $(SRCS): $(PROJECT_DIR)/mig/ocspd.defs - mkdir -p $(DERIVED_SRC) - xcrun mig -isysroot "$(SDKROOT)" \ - -server $(DERIVED_SRC)/ocspd_server.cpp \ - -user $(DERIVED_SRC)/ocspd_client.cpp \ - -header $(DERIVED_SRC)/ocspd.h $(PROJECT_DIR)/mig/ocspd.defs diff --git a/OSX/libsecurity_pkcs12/lib/pkcs12Decode.cpp b/OSX/libsecurity_pkcs12/lib/pkcs12Decode.cpp index 9e426c1a..1ff9e1a5 100644 --- a/OSX/libsecurity_pkcs12/lib/pkcs12Decode.cpp +++ b/OSX/libsecurity_pkcs12/lib/pkcs12Decode.cpp @@ -31,6 +31,7 @@ #include "pkcs12Debug.h" #include "pkcs12Crypto.h" #include +#include #include /* top-level PKCS12 PFX decoder */ @@ -42,7 +43,7 @@ void P12Coder::decode( p12DecodeLog("decode"); memset(&pfx, 0, sizeof(pfx)); - const CSSM_DATA rawBlob = {CFDataGetLength(cdpfx), + const CSSM_DATA rawBlob = {int_cast(CFDataGetLength(cdpfx)), (uint8 *)CFDataGetBytePtr(cdpfx)}; if(localCdr.decodeItem(rawBlob, NSS_P12_DecodedPFXTemplate, &pfx)) { diff --git a/OSX/libsecurity_pkcs12/lib/pkcs12Utils.cpp b/OSX/libsecurity_pkcs12/lib/pkcs12Utils.cpp index 618ea3de..ba1ea6f1 100644 --- a/OSX/libsecurity_pkcs12/lib/pkcs12Utils.cpp +++ b/OSX/libsecurity_pkcs12/lib/pkcs12Utils.cpp @@ -104,7 +104,7 @@ void p12IntToData( } /* CFDataRef <--> CSSM_DATA */ -CFDataRef p12CssmDataToCf( +CFDataRef CF_RETURNS_RETAINED p12CssmDataToCf( const CSSM_DATA &c) { return CFDataCreate(NULL, c.Data, c.Length); diff --git a/OSX/libsecurity_pkcs12/libsecurity_pkcs12.xcodeproj/project.pbxproj b/OSX/libsecurity_pkcs12/libsecurity_pkcs12.xcodeproj/project.pbxproj deleted file mode 100644 index 7df8b7ca..00000000 --- a/OSX/libsecurity_pkcs12/libsecurity_pkcs12.xcodeproj/project.pbxproj +++ /dev/null @@ -1,347 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 05396DB60417A34400003D05 /* pkcs12BagAttrs.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 05396DB50417A34400003D05 /* pkcs12BagAttrs.cpp */; }; - 05396DBA0417B81000003D05 /* pkcs12Debug.h in Headers */ = {isa = PBXBuildFile; fileRef = 05396DB90417B81000003D05 /* pkcs12Debug.h */; }; - 054289220416A4EA00003D05 /* pkcs12SafeBag.h in Headers */ = {isa = PBXBuildFile; fileRef = 054289210416A4EA00003D05 /* pkcs12SafeBag.h */; }; - 054289240416A5A800003D05 /* pkcs12BagAttrs.h in Headers */ = {isa = PBXBuildFile; fileRef = 054289230416A5A800003D05 /* pkcs12BagAttrs.h */; }; - 054289260416AA2F00003D05 /* pkcs12Coder.h in Headers */ = {isa = PBXBuildFile; fileRef = 054289250416AA2F00003D05 /* pkcs12Coder.h */; }; - 054289290416B3D100003D05 /* pkcs12Coder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 054289280416B3D100003D05 /* pkcs12Coder.cpp */; }; - 0542892C0416B65F00003D05 /* pkcs12Encode.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0542892B0416B65F00003D05 /* pkcs12Encode.cpp */; }; - 0542892E0416B6C300003D05 /* pkcs12Decode.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0542892D0416B6C300003D05 /* pkcs12Decode.cpp */; }; - 054289340416C36700003D05 /* pkcs12SafeBag.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 054289330416C36700003D05 /* pkcs12SafeBag.cpp */; }; - 0592AC9F04156B2B00003D05 /* pkcs7Templates.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0592AC9804156B2B00003D05 /* pkcs7Templates.cpp */; }; - 0592ACA004156B2B00003D05 /* pkcs12Crypto.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0592AC9904156B2B00003D05 /* pkcs12Crypto.cpp */; }; - 0592ACA204156B2B00003D05 /* pkcs12Templates.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0592AC9B04156B2B00003D05 /* pkcs12Templates.cpp */; }; - 0592ACA304156B2B00003D05 /* pkcs12Utils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0592AC9C04156B2B00003D05 /* pkcs12Utils.cpp */; }; - 0592ACAD04156B4000003D05 /* pkcs7Templates.h in Headers */ = {isa = PBXBuildFile; fileRef = 0592ACA604156B4000003D05 /* pkcs7Templates.h */; }; - 0592ACAE04156B4000003D05 /* pkcs12Crypto.h in Headers */ = {isa = PBXBuildFile; fileRef = 0592ACA704156B4000003D05 /* pkcs12Crypto.h */; }; - 0592ACB004156B4000003D05 /* pkcs12Templates.h in Headers */ = {isa = PBXBuildFile; fileRef = 0592ACA904156B4000003D05 /* pkcs12Templates.h */; }; - 0592ACB104156B4000003D05 /* pkcs12Utils.h in Headers */ = {isa = PBXBuildFile; fileRef = 0592ACAA04156B4000003D05 /* pkcs12Utils.h */; }; - 0592ACD1041665AE00003D05 /* SecPkcs12.h in Headers */ = {isa = PBXBuildFile; fileRef = 0592ACD0041665AE00003D05 /* SecPkcs12.h */; }; - 0592ACD404167B1F00003D05 /* SecPkcs12.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0592ACD304167B1F00003D05 /* SecPkcs12.cpp */; }; - 05A9EF65041FB7C600003D05 /* pkcs12Keychain.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 05A9EF64041FB7C600003D05 /* pkcs12Keychain.cpp */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 182BB3E0146F2039000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 182BB3DB146F2039000BF1F3 /* libsecurity_utilities.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA2A53A0523D32800978A7B; - remoteInfo = libsecurity_utilities; - }; - 182BB3E2146F204A000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 182BB3DB146F2039000BF1F3 /* libsecurity_utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = C2C9C69D0CECBE8400B3FE07; - remoteInfo = libsecurity_utilitiesDTrace; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXFileReference section */ - 05396DB50417A34400003D05 /* pkcs12BagAttrs.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs12BagAttrs.cpp; sourceTree = ""; }; - 05396DB90417B81000003D05 /* pkcs12Debug.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = pkcs12Debug.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - 054289210416A4EA00003D05 /* pkcs12SafeBag.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs12SafeBag.h; sourceTree = ""; }; - 054289230416A5A800003D05 /* pkcs12BagAttrs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs12BagAttrs.h; sourceTree = ""; }; - 054289250416AA2F00003D05 /* pkcs12Coder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs12Coder.h; sourceTree = ""; }; - 054289280416B3D100003D05 /* pkcs12Coder.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs12Coder.cpp; sourceTree = ""; }; - 0542892B0416B65F00003D05 /* pkcs12Encode.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs12Encode.cpp; sourceTree = ""; }; - 0542892D0416B6C300003D05 /* pkcs12Decode.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs12Decode.cpp; sourceTree = ""; }; - 054289330416C36700003D05 /* pkcs12SafeBag.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs12SafeBag.cpp; sourceTree = ""; }; - 0592AC8C0415523C00003D05 /* libsecurity_pkcs12.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_pkcs12.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 0592AC9804156B2B00003D05 /* pkcs7Templates.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs7Templates.cpp; sourceTree = ""; }; - 0592AC9904156B2B00003D05 /* pkcs12Crypto.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs12Crypto.cpp; sourceTree = ""; }; - 0592AC9B04156B2B00003D05 /* pkcs12Templates.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs12Templates.cpp; sourceTree = ""; }; - 0592AC9C04156B2B00003D05 /* pkcs12Utils.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs12Utils.cpp; sourceTree = ""; }; - 0592ACA604156B4000003D05 /* pkcs7Templates.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = pkcs7Templates.h; sourceTree = ""; }; - 0592ACA704156B4000003D05 /* pkcs12Crypto.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = pkcs12Crypto.h; sourceTree = ""; }; - 0592ACA904156B4000003D05 /* pkcs12Templates.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = pkcs12Templates.h; sourceTree = ""; }; - 0592ACAA04156B4000003D05 /* pkcs12Utils.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = pkcs12Utils.h; sourceTree = ""; }; - 0592ACD0041665AE00003D05 /* SecPkcs12.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecPkcs12.h; sourceTree = ""; }; - 0592ACD304167B1F00003D05 /* SecPkcs12.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecPkcs12.cpp; sourceTree = ""; }; - 05A9EF64041FB7C600003D05 /* pkcs12Keychain.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs12Keychain.cpp; sourceTree = ""; }; - 182BB3D7146F1F86000BF1F3 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 182BB3D8146F1F86000BF1F3 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 182BB3D9146F1F86000BF1F3 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 182BB3DA146F1F86000BF1F3 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 182BB3DB146F2039000BF1F3 /* libsecurity_utilities.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_utilities.xcodeproj; path = ../libsecurity_utilities/libsecurity_utilities.xcodeproj; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 0592AC890415523C00003D05 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 0592AC81041551E100003D05 = { - isa = PBXGroup; - children = ( - 182BB3DB146F2039000BF1F3 /* libsecurity_utilities.xcodeproj */, - 0592AC96041552BB00003D05 /* lib */, - 182BB3D6146F1F86000BF1F3 /* config */, - 0592AC8D0415523C00003D05 /* Products */, - ); - sourceTree = ""; - }; - 0592AC8D0415523C00003D05 /* Products */ = { - isa = PBXGroup; - children = ( - 0592AC8C0415523C00003D05 /* libsecurity_pkcs12.a */, - ); - name = Products; - sourceTree = ""; - }; - 0592AC96041552BB00003D05 /* lib */ = { - isa = PBXGroup; - children = ( - 05396DB50417A34400003D05 /* pkcs12BagAttrs.cpp */, - 054289230416A5A800003D05 /* pkcs12BagAttrs.h */, - 054289280416B3D100003D05 /* pkcs12Coder.cpp */, - 054289250416AA2F00003D05 /* pkcs12Coder.h */, - 0592AC9904156B2B00003D05 /* pkcs12Crypto.cpp */, - 0592ACA704156B4000003D05 /* pkcs12Crypto.h */, - 05396DB90417B81000003D05 /* pkcs12Debug.h */, - 0542892D0416B6C300003D05 /* pkcs12Decode.cpp */, - 0542892B0416B65F00003D05 /* pkcs12Encode.cpp */, - 05A9EF64041FB7C600003D05 /* pkcs12Keychain.cpp */, - 054289330416C36700003D05 /* pkcs12SafeBag.cpp */, - 054289210416A4EA00003D05 /* pkcs12SafeBag.h */, - 0592AC9B04156B2B00003D05 /* pkcs12Templates.cpp */, - 0592ACA904156B4000003D05 /* pkcs12Templates.h */, - 0592AC9C04156B2B00003D05 /* pkcs12Utils.cpp */, - 0592ACAA04156B4000003D05 /* pkcs12Utils.h */, - 0592AC9804156B2B00003D05 /* pkcs7Templates.cpp */, - 0592ACA604156B4000003D05 /* pkcs7Templates.h */, - 0592ACD304167B1F00003D05 /* SecPkcs12.cpp */, - 0592ACD0041665AE00003D05 /* SecPkcs12.h */, - ); - path = lib; - sourceTree = ""; - }; - 182BB3D6146F1F86000BF1F3 /* config */ = { - isa = PBXGroup; - children = ( - 182BB3D7146F1F86000BF1F3 /* base.xcconfig */, - 182BB3D8146F1F86000BF1F3 /* debug.xcconfig */, - 182BB3D9146F1F86000BF1F3 /* lib.xcconfig */, - 182BB3DA146F1F86000BF1F3 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 182BB3DC146F2039000BF1F3 /* Products */ = { - isa = PBXGroup; - children = ( - 182BB3E1146F2039000BF1F3 /* libsecurity_utilities.a */, - ); - name = Products; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 0592AC870415523C00003D05 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 0592ACAD04156B4000003D05 /* pkcs7Templates.h in Headers */, - 0592ACAE04156B4000003D05 /* pkcs12Crypto.h in Headers */, - 0592ACB004156B4000003D05 /* pkcs12Templates.h in Headers */, - 0592ACB104156B4000003D05 /* pkcs12Utils.h in Headers */, - 0592ACD1041665AE00003D05 /* SecPkcs12.h in Headers */, - 054289220416A4EA00003D05 /* pkcs12SafeBag.h in Headers */, - 054289240416A5A800003D05 /* pkcs12BagAttrs.h in Headers */, - 054289260416AA2F00003D05 /* pkcs12Coder.h in Headers */, - 05396DBA0417B81000003D05 /* pkcs12Debug.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 0592AC8B0415523C00003D05 /* libsecurity_pkcs12 */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD3C40987FCDF001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_pkcs12" */; - buildPhases = ( - 0592AC870415523C00003D05 /* Headers */, - 0592AC880415523C00003D05 /* Sources */, - 0592AC890415523C00003D05 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_pkcs12; - productInstallPath = /usr/local/lib; - productName = libnsspkcs12; - productReference = 0592AC8C0415523C00003D05 /* libsecurity_pkcs12.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 0592AC85041551E100003D05 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD3C80987FCDF001272E0 /* Build configuration list for PBXProject "libsecurity_pkcs12" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - en, - ); - mainGroup = 0592AC81041551E100003D05; - productRefGroup = 0592AC8D0415523C00003D05 /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 182BB3DC146F2039000BF1F3 /* Products */; - ProjectRef = 182BB3DB146F2039000BF1F3 /* libsecurity_utilities.xcodeproj */; - }, - ); - projectRoot = ""; - targets = ( - 0592AC8B0415523C00003D05 /* libsecurity_pkcs12 */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 182BB3E1146F2039000BF1F3 /* libsecurity_utilities.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_utilities.a; - remoteRef = 182BB3E0146F2039000BF1F3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; -/* End PBXReferenceProxy section */ - -/* Begin PBXSourcesBuildPhase section */ - 0592AC880415523C00003D05 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 05396DB60417A34400003D05 /* pkcs12BagAttrs.cpp in Sources */, - 054289290416B3D100003D05 /* pkcs12Coder.cpp in Sources */, - 0592ACA004156B2B00003D05 /* pkcs12Crypto.cpp in Sources */, - 0542892E0416B6C300003D05 /* pkcs12Decode.cpp in Sources */, - 0542892C0416B65F00003D05 /* pkcs12Encode.cpp in Sources */, - 05A9EF65041FB7C600003D05 /* pkcs12Keychain.cpp in Sources */, - 054289340416C36700003D05 /* pkcs12SafeBag.cpp in Sources */, - 0592ACA204156B2B00003D05 /* pkcs12Templates.cpp in Sources */, - 0592ACA304156B2B00003D05 /* pkcs12Utils.cpp in Sources */, - 0592AC9F04156B2B00003D05 /* pkcs7Templates.cpp in Sources */, - 0592ACD404167B1F00003D05 /* SecPkcs12.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - 182BB3E3146F204A000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_utilitiesDTrace; - targetProxy = 182BB3E2146F204A000BF1F3 /* PBXContainerItemProxy */; - }; -/* End PBXTargetDependency section */ - -/* Begin XCBuildConfiguration section */ - C27AD3C50987FCDF001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB3D8146F1F86000BF1F3 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Debug; - }; - C27AD3C70987FCDF001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB3DA146F1F86000BF1F3 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Release; - }; - C27AD3C90987FCDF001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB3D9146F1F86000BF1F3 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD3CB0987FCDF001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB3D9146F1F86000BF1F3 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C27AD3C40987FCDF001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_pkcs12" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3C50987FCDF001272E0 /* Debug */, - C27AD3C70987FCDF001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD3C80987FCDF001272E0 /* Build configuration list for PBXProject "libsecurity_pkcs12" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3C90987FCDF001272E0 /* Debug */, - C27AD3CB0987FCDF001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 0592AC85041551E100003D05 /* Project object */; -} diff --git a/OSX/libsecurity_sd_cspdl/lib/SDCSPDLPlugin.cpp b/OSX/libsecurity_sd_cspdl/lib/SDCSPDLPlugin.cpp index 1d267ac6..372ff95e 100644 --- a/OSX/libsecurity_sd_cspdl/lib/SDCSPDLPlugin.cpp +++ b/OSX/libsecurity_sd_cspdl/lib/SDCSPDLPlugin.cpp @@ -41,6 +41,7 @@ SDCSPDLPlugin::SDCSPDLPlugin() : EventListener(kNotificationDomainCDSA, kNotificationAllEvents), mRawCsp(gGuidAppleCSP) { + mInitialized = true; EventListener::FinishedInitialization(this); } diff --git a/OSX/libsecurity_sd_cspdl/lib/SDCSPDLPlugin.h b/OSX/libsecurity_sd_cspdl/lib/SDCSPDLPlugin.h index fd88d5ac..e1cedbf6 100644 --- a/OSX/libsecurity_sd_cspdl/lib/SDCSPDLPlugin.h +++ b/OSX/libsecurity_sd_cspdl/lib/SDCSPDLPlugin.h @@ -55,6 +55,7 @@ public: private: void consume(SecurityServer::NotificationDomain domain, SecurityServer::NotificationEvent event, const CssmData &data); + bool initialized() { return mInitialized; } private: friend class SDCSPSession; diff --git a/OSX/libsecurity_sd_cspdl/lib/SDFactory.cpp b/OSX/libsecurity_sd_cspdl/lib/SDFactory.cpp index e187cc9b..c6af9b83 100644 --- a/OSX/libsecurity_sd_cspdl/lib/SDFactory.cpp +++ b/OSX/libsecurity_sd_cspdl/lib/SDFactory.cpp @@ -84,5 +84,4 @@ bool SDFactory::setup(SDCSPSession &session, CSPFullPluginSession::CSPContext * return true; } #endif - return false; } diff --git a/OSX/libsecurity_sd_cspdl/libsecurity_sd_cspdl.xcodeproj/project.pbxproj b/OSX/libsecurity_sd_cspdl/libsecurity_sd_cspdl.xcodeproj/project.pbxproj deleted file mode 100644 index 89e7ed41..00000000 --- a/OSX/libsecurity_sd_cspdl/libsecurity_sd_cspdl.xcodeproj/project.pbxproj +++ /dev/null @@ -1,340 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 4CC3A0BB05D45BC200484B20 /* SDContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CC3A0A805D45BC200484B20 /* SDContext.cpp */; }; - 4CC3A0BC05D45BC200484B20 /* SDContext.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC3A0A905D45BC200484B20 /* SDContext.h */; }; - 4CC3A0BD05D45BC200484B20 /* SDCSPDLBuiltin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CC3A0AA05D45BC200484B20 /* SDCSPDLBuiltin.cpp */; }; - 4CC3A0BE05D45BC200484B20 /* SDCSPDLDatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CC3A0AB05D45BC200484B20 /* SDCSPDLDatabase.cpp */; }; - 4CC3A0BF05D45BC200484B20 /* SDCSPDLDatabase.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC3A0AC05D45BC200484B20 /* SDCSPDLDatabase.h */; }; - 4CC3A0C005D45BC200484B20 /* SDCSPDLPlugin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CC3A0AD05D45BC200484B20 /* SDCSPDLPlugin.cpp */; }; - 4CC3A0C105D45BC200484B20 /* SDCSPDLPlugin.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC3A0AE05D45BC200484B20 /* SDCSPDLPlugin.h */; }; - 4CC3A0C205D45BC200484B20 /* SDCSPDLSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CC3A0AF05D45BC200484B20 /* SDCSPDLSession.cpp */; }; - 4CC3A0C305D45BC200484B20 /* SDCSPDLSession.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC3A0B005D45BC200484B20 /* SDCSPDLSession.h */; }; - 4CC3A0C405D45BC200484B20 /* SDCSPSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CC3A0B105D45BC200484B20 /* SDCSPSession.cpp */; }; - 4CC3A0C505D45BC200484B20 /* SDCSPSession.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC3A0B205D45BC200484B20 /* SDCSPSession.h */; }; - 4CC3A0C805D45BC200484B20 /* SDDLSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CC3A0B505D45BC200484B20 /* SDDLSession.cpp */; }; - 4CC3A0C905D45BC200484B20 /* SDDLSession.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC3A0B605D45BC200484B20 /* SDDLSession.h */; }; - 4CC3A0CA05D45BC200484B20 /* SDFactory.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CC3A0B705D45BC200484B20 /* SDFactory.cpp */; }; - 4CC3A0CB05D45BC200484B20 /* SDFactory.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC3A0B805D45BC200484B20 /* SDFactory.h */; }; - 4CC3A0CC05D45BC200484B20 /* SDKey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CC3A0B905D45BC200484B20 /* SDKey.cpp */; }; - 4CC3A0CD05D45BC200484B20 /* SDKey.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC3A0BA05D45BC200484B20 /* SDKey.h */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 182BB3D1146F1E61000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 182BB3CC146F1E61000BF1F3 /* libsecurity_cdsa_plugin.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_cdsa_plugin; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXFileReference section */ - 182BB3C7146F1DE0000BF1F3 /* base.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 182BB3C8146F1DE0000BF1F3 /* debug.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 182BB3C9146F1DE0000BF1F3 /* lib.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 182BB3CA146F1DE0000BF1F3 /* release.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 182BB3CC146F1E61000BF1F3 /* libsecurity_cdsa_plugin.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_cdsa_plugin.xcodeproj; path = ../libsecurity_cdsa_plugin/libsecurity_cdsa_plugin.xcodeproj; sourceTree = ""; }; - 4094B0AB057EA69D00B44BCC /* sd_cspdl_common.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.xml; path = sd_cspdl_common.mdsinfo; sourceTree = ""; }; - 4C2741E905D463310072C0F2 /* APPLE_LICENSE */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = APPLE_LICENSE; sourceTree = ""; }; - 4CA1FEBE052A3C8100F22E42 /* libsecurity_sd_cspdl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_sd_cspdl.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CC3A0A805D45BC200484B20 /* SDContext.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SDContext.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4CC3A0A905D45BC200484B20 /* SDContext.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SDContext.h; sourceTree = ""; }; - 4CC3A0AA05D45BC200484B20 /* SDCSPDLBuiltin.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SDCSPDLBuiltin.cpp; sourceTree = ""; }; - 4CC3A0AB05D45BC200484B20 /* SDCSPDLDatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SDCSPDLDatabase.cpp; sourceTree = ""; }; - 4CC3A0AC05D45BC200484B20 /* SDCSPDLDatabase.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SDCSPDLDatabase.h; sourceTree = ""; }; - 4CC3A0AD05D45BC200484B20 /* SDCSPDLPlugin.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SDCSPDLPlugin.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4CC3A0AE05D45BC200484B20 /* SDCSPDLPlugin.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SDCSPDLPlugin.h; sourceTree = ""; }; - 4CC3A0AF05D45BC200484B20 /* SDCSPDLSession.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SDCSPDLSession.cpp; sourceTree = ""; }; - 4CC3A0B005D45BC200484B20 /* SDCSPDLSession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SDCSPDLSession.h; sourceTree = ""; }; - 4CC3A0B105D45BC200484B20 /* SDCSPSession.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SDCSPSession.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4CC3A0B205D45BC200484B20 /* SDCSPSession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SDCSPSession.h; sourceTree = ""; }; - 4CC3A0B505D45BC200484B20 /* SDDLSession.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SDDLSession.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4CC3A0B605D45BC200484B20 /* SDDLSession.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SDDLSession.h; sourceTree = ""; }; - 4CC3A0B705D45BC200484B20 /* SDFactory.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SDFactory.cpp; sourceTree = ""; }; - 4CC3A0B805D45BC200484B20 /* SDFactory.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SDFactory.h; sourceTree = ""; }; - 4CC3A0B905D45BC200484B20 /* SDKey.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SDKey.cpp; sourceTree = ""; }; - 4CC3A0BA05D45BC200484B20 /* SDKey.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SDKey.h; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 182BB3C6146F1DE0000BF1F3 /* config */ = { - isa = PBXGroup; - children = ( - 182BB3C7146F1DE0000BF1F3 /* base.xcconfig */, - 182BB3C8146F1DE0000BF1F3 /* debug.xcconfig */, - 182BB3C9146F1DE0000BF1F3 /* lib.xcconfig */, - 182BB3CA146F1DE0000BF1F3 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 182BB3CD146F1E61000BF1F3 /* Products */ = { - isa = PBXGroup; - children = ( - 182BB3D2146F1E61000BF1F3 /* libsecurity_cdsa_plugin.a */, - ); - name = Products; - sourceTree = ""; - }; - 4094B0AA057EA69D00B44BCC /* mds */ = { - isa = PBXGroup; - children = ( - 4094B0AB057EA69D00B44BCC /* sd_cspdl_common.mdsinfo */, - ); - path = mds; - sourceTree = SOURCE_ROOT; - }; - 4C6AA9CE0535FDA6006E3284 /* lib */ = { - isa = PBXGroup; - children = ( - 4CC3A0A805D45BC200484B20 /* SDContext.cpp */, - 4CC3A0A905D45BC200484B20 /* SDContext.h */, - 4CC3A0AA05D45BC200484B20 /* SDCSPDLBuiltin.cpp */, - 4CC3A0AB05D45BC200484B20 /* SDCSPDLDatabase.cpp */, - 4CC3A0AC05D45BC200484B20 /* SDCSPDLDatabase.h */, - 4CC3A0AD05D45BC200484B20 /* SDCSPDLPlugin.cpp */, - 4CC3A0AE05D45BC200484B20 /* SDCSPDLPlugin.h */, - 4CC3A0AF05D45BC200484B20 /* SDCSPDLSession.cpp */, - 4CC3A0B005D45BC200484B20 /* SDCSPDLSession.h */, - 4CC3A0B105D45BC200484B20 /* SDCSPSession.cpp */, - 4CC3A0B205D45BC200484B20 /* SDCSPSession.h */, - 4CC3A0B505D45BC200484B20 /* SDDLSession.cpp */, - 4CC3A0B605D45BC200484B20 /* SDDLSession.h */, - 4CC3A0B705D45BC200484B20 /* SDFactory.cpp */, - 4CC3A0B805D45BC200484B20 /* SDFactory.h */, - 4CC3A0B905D45BC200484B20 /* SDKey.cpp */, - 4CC3A0BA05D45BC200484B20 /* SDKey.h */, - ); - path = lib; - sourceTree = ""; - }; - 4CA1FEA7052A3C3800F22E42 = { - isa = PBXGroup; - children = ( - 182BB3CC146F1E61000BF1F3 /* libsecurity_cdsa_plugin.xcodeproj */, - 4C2741E905D463310072C0F2 /* APPLE_LICENSE */, - 4C6AA9CE0535FDA6006E3284 /* lib */, - 182BB3C6146F1DE0000BF1F3 /* config */, - 4094B0AA057EA69D00B44BCC /* mds */, - 4CA1FEBF052A3C8100F22E42 /* Products */, - ); - sourceTree = ""; - }; - 4CA1FEBF052A3C8100F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - 4CA1FEBE052A3C8100F22E42 /* libsecurity_sd_cspdl.a */, - ); - name = Products; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 4CA1FEB9052A3C8100F22E42 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 4CC3A0BC05D45BC200484B20 /* SDContext.h in Headers */, - 4CC3A0BF05D45BC200484B20 /* SDCSPDLDatabase.h in Headers */, - 4CC3A0C105D45BC200484B20 /* SDCSPDLPlugin.h in Headers */, - 4CC3A0C305D45BC200484B20 /* SDCSPDLSession.h in Headers */, - 4CC3A0C505D45BC200484B20 /* SDCSPSession.h in Headers */, - 4CC3A0C905D45BC200484B20 /* SDDLSession.h in Headers */, - 4CC3A0CB05D45BC200484B20 /* SDFactory.h in Headers */, - 4CC3A0CD05D45BC200484B20 /* SDKey.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 4CA1FEBD052A3C8100F22E42 /* libsecurity_sd_cspdl */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD3D60987FCDF001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_sd_cspdl" */; - buildPhases = ( - 4CA1FEB9052A3C8100F22E42 /* Headers */, - 4CA1FEBA052A3C8100F22E42 /* Sources */, - 4CA1FEBB052A3C8100F22E42 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_sd_cspdl; - productInstallPath = /usr/local/lib; - productName = libsecurity_sd_cspdl; - productReference = 4CA1FEBE052A3C8100F22E42 /* libsecurity_sd_cspdl.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEAB052A3C3800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD3DE0987FCDF001272E0 /* Build configuration list for PBXProject "libsecurity_sd_cspdl" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - en, - ); - mainGroup = 4CA1FEA7052A3C3800F22E42; - productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 182BB3CD146F1E61000BF1F3 /* Products */; - ProjectRef = 182BB3CC146F1E61000BF1F3 /* libsecurity_cdsa_plugin.xcodeproj */; - }, - ); - projectRoot = ""; - targets = ( - 4CA1FEBD052A3C8100F22E42 /* libsecurity_sd_cspdl */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 182BB3D2146F1E61000BF1F3 /* libsecurity_cdsa_plugin.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_cdsa_plugin.a; - remoteRef = 182BB3D1146F1E61000BF1F3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; -/* End PBXReferenceProxy section */ - -/* Begin PBXSourcesBuildPhase section */ - 4CA1FEBA052A3C8100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4CC3A0BB05D45BC200484B20 /* SDContext.cpp in Sources */, - 4CC3A0BD05D45BC200484B20 /* SDCSPDLBuiltin.cpp in Sources */, - 4CC3A0BE05D45BC200484B20 /* SDCSPDLDatabase.cpp in Sources */, - 4CC3A0C005D45BC200484B20 /* SDCSPDLPlugin.cpp in Sources */, - 4CC3A0C205D45BC200484B20 /* SDCSPDLSession.cpp in Sources */, - 4CC3A0C405D45BC200484B20 /* SDCSPSession.cpp in Sources */, - 4CC3A0C805D45BC200484B20 /* SDDLSession.cpp in Sources */, - 4CC3A0CA05D45BC200484B20 /* SDFactory.cpp in Sources */, - 4CC3A0CC05D45BC200484B20 /* SDKey.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin XCBuildConfiguration section */ - C27AD3D70987FCDF001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB3C8146F1DE0000BF1F3 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - WARNING_CFLAGS = ( - "$(inherited)", - "-Wno-error=overloaded-virtual", - ); - }; - name = Debug; - }; - C27AD3DD0987FCDF001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB3CA146F1DE0000BF1F3 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - WARNING_CFLAGS = ( - "$(inherited)", - "-Wno-error=overloaded-virtual", - ); - }; - name = Release; - }; - C27AD3DF0987FCDF001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB3C9146F1DE0000BF1F3 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD3E50987FCDF001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB3C9146F1DE0000BF1F3 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C27AD3D60987FCDF001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_sd_cspdl" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3D70987FCDF001272E0 /* Debug */, - C27AD3DD0987FCDF001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD3DE0987FCDF001272E0 /* Build configuration list for PBXProject "libsecurity_sd_cspdl" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD3DF0987FCDF001272E0 /* Debug */, - C27AD3E50987FCDF001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; -} diff --git a/OSX/libsecurity_smime/lib/SecCMS.c b/OSX/libsecurity_smime/lib/SecCMS.c index 0bf6f89f..6c3b4933 100644 --- a/OSX/libsecurity_smime/lib/SecCMS.c +++ b/OSX/libsecurity_smime/lib/SecCMS.c @@ -36,6 +36,9 @@ #include #include #include +#include +#include +#include #include #include @@ -52,6 +55,10 @@ CFTypeRef kSecCMSSignedAttributes = CFSTR("kSecCMSSignedAttributes"); CFTypeRef kSecCMSSignDate = CFSTR("kSecCMSSignDate"); CFTypeRef kSecCMSAllCerts = CFSTR("kSecCMSAllCerts"); +CFTypeRef kSecCMSBulkEncryptionAlgorithm = CFSTR("kSecCMSBulkEncryptionAlgorithm"); +CFTypeRef kSecCMSEncryptionAlgorithmDESCBC = CFSTR("kSecCMSEncryptionAlgorithmDESCBC"); +CFTypeRef kSecCMSEncryptionAlgorithmAESCBC = CFSTR("kSecCMSEncryptionAlgorithmAESCBC"); + CFTypeRef kSecCMSSignHashAlgorithm = CFSTR("kSecCMSSignHashAlgorithm"); CFTypeRef kSecCMSHashingAlgorithmSHA1 = CFSTR("kSecCMSHashingAlgorithmSHA1"); CFTypeRef kSecCMSHashingAlgorithmSHA256 = CFSTR("kSecCMSHashingAlgorithmSHA256"); @@ -143,6 +150,8 @@ static OSStatus SecCMSSignDataOrDigestAndAttributes(SecIdentityRef identity, if (signed_attributes) CFDictionaryApplyFunction(signed_attributes, sign_all_attributes, signerinfo); + require_noerr(SecCmsSignedDataAddSignerInfo(sigd, signerinfo), out); + SecAsn1Item input = {}; if (data) { input.Length = CFDataGetLength(data); @@ -242,6 +251,9 @@ SecCmsSignedDataSetDigestContext(SecCmsSignedDataRef sigd, if (SecCmsSignedDataSetDigests(sigd, digestAlgorithms, digests) != SECSuccess) goto loser; + if (arena) { + PORT_FreeArena(arena, PR_FALSE); + } return 0; loser: if (arena) @@ -273,6 +285,7 @@ static OSStatus SecCMSVerifySignedData_internal(CFDataRef message, CFDataRef det SecCmsSignedDataRef sigd = NULL; OSStatus status = errSecParam; + require(message, out); SecAsn1Item encoded_message = { CFDataGetLength(message), (uint8_t*)CFDataGetBytePtr(message) }; require_noerr_action_quiet(SecCmsMessageDecode(&encoded_message, NULL, NULL, NULL, NULL, NULL, NULL, &cmsg), out, status = errSecDecode); @@ -565,3 +578,107 @@ out: } return message; } + +OSStatus SecCMSCreateEnvelopedData(CFTypeRef recipient_or_cfarray_thereof, + CFDictionaryRef params, CFDataRef data, CFMutableDataRef enveloped_data) +{ + SecCmsMessageRef cmsg = NULL; + SecCmsContentInfoRef cinfo; + SecCmsEnvelopedDataRef envd = NULL; + SECOidTag algorithmTag = SEC_OID_DES_EDE3_CBC; + int keySize = 192; + OSStatus status = errSecParam; + PLArenaPool *arena = NULL; + + if (params) { + CFStringRef algorithm_name = CFDictionaryGetValue(params, kSecCMSBulkEncryptionAlgorithm); + if (algorithm_name) { + if (CFEqual(kSecCMSEncryptionAlgorithmDESCBC, algorithm_name)) { + algorithmTag = SEC_OID_DES_CBC; + keySize = 64; + } else if (CFEqual(kSecCMSEncryptionAlgorithmAESCBC, algorithm_name)) { + algorithmTag = SEC_OID_AES_128_CBC; + keySize = 128; + } + } + } + + require(cmsg = SecCmsMessageCreate(NULL), out); + require(envd = SecCmsEnvelopedDataCreate(cmsg, algorithmTag, keySize), out); + require(cinfo = SecCmsMessageGetContentInfo(cmsg), out); + require_noerr(SecCmsContentInfoSetContentEnvelopedData(cmsg, cinfo, envd), out); + require(cinfo = SecCmsEnvelopedDataGetContentInfo(envd), out); + require_noerr(SecCmsContentInfoSetContentData(cmsg, cinfo, NULL, false), out); + // == wrapper of: require(SECSuccess == SecCmsContentInfoSetContent(cinfo, SEC_OID_PKCS7_DATA, NULL), out); + + if (CFGetTypeID(recipient_or_cfarray_thereof) == CFArrayGetTypeID()) { + CFIndex dex, numCerts = CFArrayGetCount(recipient_or_cfarray_thereof); + for(dex=0; dexrecipientInfos; + while (!used_recipient && *rinfo) { + used_recipient = (*rinfo)->cert; + rinfo++; + } + require_quiet(2 == SecCmsMessageContentLevelCount(cmsg), out); + require_quiet(cinfo = SecCmsMessageContentLevel(cmsg, 1), out); + require_quiet(SecCmsContentInfoGetContentTypeTag(cinfo) == SEC_OID_PKCS7_DATA, out); + const SecAsn1Item *content = SecCmsMessageGetContent(cmsg); + if (content) + CFDataAppendBytes(data, content->Data, content->Length); + if (recipient) { + CFRetainSafe(used_recipient); + *recipient = used_recipient; + } + status = errSecSuccess; +out: + if (cmsg) SecCmsMessageDestroy(cmsg); + return status; +} diff --git a/OSX/libsecurity_smime/lib/SecCMS.h b/OSX/libsecurity_smime/lib/SecCMS.h index cb88a9ba..52ca2d72 100644 --- a/OSX/libsecurity_smime/lib/SecCMS.h +++ b/OSX/libsecurity_smime/lib/SecCMS.h @@ -43,6 +43,10 @@ extern const void * kSecCMSHashingAlgorithmSHA256; extern const void * kSecCMSHashingAlgorithmSHA384; extern const void * kSecCMSHashingAlgorithmSHA512; +extern const void * kSecCMSBulkEncryptionAlgorithm; +extern const void * kSecCMSEncryptionAlgorithmDESCBC; +extern const void * kSecCMSEncryptionAlgorithmAESCBC; + /* Return an array of certificates contained in message, if message is of the type SignedData and has no signers, return NULL otherwise. Not that if the message is properly formed but has no certificates an empty array will @@ -107,4 +111,30 @@ OSStatus SecCMSCreateSignedData(SecIdentityRef identity, CFDataRef data, CFDictionaryRef parameters, CFDictionaryRef signed_attributes, CFMutableDataRef signed_data); +/*! + @function SecCMSCreateEnvelopedData + @abstract create a enveloped cms blob for recipients + @param recipient_or_cfarray_thereof SecCertificateRef for each recipient + @param params CFDictionaryRef with encryption parameters + @param data Data to be encrypted + @param enveloped_data (output) return enveloped message. + @result A result code. See "Security Error Codes" (SecBase.h). + errSecParam garbage in, garbage out. + */ +OSStatus SecCMSCreateEnvelopedData(CFTypeRef recipient_or_cfarray_thereof, + CFDictionaryRef params, CFDataRef data, CFMutableDataRef enveloped_data); + + +/*! + @function SecCMSDecryptEnvelopedData + @abstract open an enveloped cms blob. expects recipients identity in keychain. + @param message Eveloped message + @param data (output) return decrypted message. + @param recipient (output/optional) return addressed recipient + @result A result code. See "Security Error Codes" (SecBase.h). + errSecParam garbage in, garbage out. + */ +OSStatus SecCMSDecryptEnvelopedData(CFDataRef message, + CFMutableDataRef data, SecCertificateRef *recipient); + #endif diff --git a/OSX/libsecurity_smime/lib/SecCmsBase.h b/OSX/libsecurity_smime/lib/SecCmsBase.h index cebe62ff..69c3ed86 100644 --- a/OSX/libsecurity_smime/lib/SecCmsBase.h +++ b/OSX/libsecurity_smime/lib/SecCmsBase.h @@ -506,7 +506,7 @@ OSStatus SecArenaPoolCreate(size_t chunksize, SecArenaPoolRef *outArena); @abstract Free a SecArenaPool object and everything in it. @param arena The SecArenaPool object to free. @param zero If this is true the arena's memory will be zero filled before it is freed. - @result arena will no longer be valid and the memory used by it is returned to the malloc heap. + @discussion arena will no longer be valid and the memory used by it is returned to the malloc heap. @availability 10.4 and later @updated 2004-04-23 */ diff --git a/OSX/libsecurity_smime/lib/SecCmsDecoder.h b/OSX/libsecurity_smime/lib/SecCmsDecoder.h index 5ba334cf..01bfe7a2 100644 --- a/OSX/libsecurity_smime/lib/SecCmsDecoder.h +++ b/OSX/libsecurity_smime/lib/SecCmsDecoder.h @@ -113,7 +113,7 @@ SecCmsDecoderFinish(SecCmsDecoderRef decoder, SecCmsMessageRef *outMessage); @abstract Decode a CMS message from BER encoded data. @discussion This function basically does the same as calling SecCmsDecoderStart(), SecCmsDecoderUpdate() and SecCmsDecoderFinish(). - @param DERmessage Pointer to a CSSM_DATA containing the BER encoded cms + @param encodedMessage Pointer to a CSSM_DATA containing the BER encoded cms message to decode. @param cb callback function for delivery of inner content inner content will be stored in the message if cb is NULL. diff --git a/OSX/libsecurity_smime/lib/cert.c b/OSX/libsecurity_smime/lib/cert.c index d00935a2..ea5c9b9e 100644 --- a/OSX/libsecurity_smime/lib/cert.c +++ b/OSX/libsecurity_smime/lib/cert.c @@ -488,12 +488,15 @@ SecCertificateRef CERT_FindCertBySubjectKeyID (CFTypeRef keychainOrArray, } static SecIdentityRef -CERT_FindIdentityByCertificate (CFTypeRef keychainOrArray, SecCertificateRef certificate) +CERT_FindIdentityByCertificate (CFTypeRef keychainOrArray, SecCertificateRef CF_CONSUMED certificate) { SecIdentityRef identity = NULL; SecIdentityCreateWithCertificate(keychainOrArray, certificate, &identity); if (!identity) PORT_SetError(SEC_ERROR_NOT_A_RECIPIENT); + if (certificate) { + CFRelease(certificate); + } return identity; } diff --git a/OSX/libsecurity_smime/lib/cmsasn1.c b/OSX/libsecurity_smime/lib/cmsasn1.c index b11007c6..7a70f886 100644 --- a/OSX/libsecurity_smime/lib/cmsasn1.c +++ b/OSX/libsecurity_smime/lib/cmsasn1.c @@ -253,11 +253,10 @@ static const SecAsn1Template SecCmsRecipientIdentifierTemplate[] = { { SEC_ASN1_CHOICE, offsetof(SecCmsRecipientIdentifier,identifierType), NULL, sizeof(SecCmsRecipientIdentifier) }, - { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | - SEC_ASN1_XTRN | 0, - offsetof(SecCmsRecipientIdentifier,id.subjectKeyID), - SEC_ASN1_SUB(kSecAsn1PointerToOctetStringTemplate) , - SecCmsRecipientIDSubjectKeyID }, + { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, + offsetof(SecCmsRecipientIdentifier,id.subjectKeyID), + SEC_ASN1_SUB(kSecAsn1OctetStringTemplate) , + SecCmsRecipientIDSubjectKeyID }, { SEC_ASN1_POINTER | SEC_ASN1_XTRN, offsetof(SecCmsRecipientIdentifier,id.issuerAndSN), SEC_ASN1_SUB(SecCmsIssuerAndSNTemplate), diff --git a/OSX/libsecurity_smime/lib/cmsdecode.c b/OSX/libsecurity_smime/lib/cmsdecode.c index f6112e78..42107222 100644 --- a/OSX/libsecurity_smime/lib/cmsdecode.c +++ b/OSX/libsecurity_smime/lib/cmsdecode.c @@ -380,9 +380,6 @@ static OSStatus nss_cms_after_end(SecCmsDecoderRef p7dcx) { OSStatus rv; - PLArenaPool *poolp; - - poolp = p7dcx->cmsg->poolp; switch (p7dcx->type) { case SEC_OID_PKCS7_SIGNED_DATA: @@ -645,6 +642,10 @@ loser: OSStatus SecCmsDecoderUpdate(SecCmsDecoderRef p7dcx, const void *buf, CFIndex len) { + if (!p7dcx) { + return errSecParam; + } + if (p7dcx->dcx != NULL && p7dcx->error == 0) { /* if error is set already, don't bother */ if (SEC_ASN1DecoderUpdate (p7dcx->dcx, buf, len) != SECSuccess) { p7dcx->error = PORT_GetError(); @@ -674,8 +675,7 @@ SecCmsDecoderUpdate(SecCmsDecoderRef p7dcx, const void *buf, CFIndex len) void SecCmsDecoderDestroy(SecCmsDecoderRef p7dcx) { - /* XXXX what about inner decoders? running digests? decryption? */ - /* XXXX there's a leak here! */ + /* SecCmsMessageDestroy frees inner decoders and digests. */ if (p7dcx->cmsg) { SecCmsMessageDestroy(p7dcx->cmsg); } diff --git a/OSX/libsecurity_smime/lib/cmsdigest.c b/OSX/libsecurity_smime/lib/cmsdigest.c index 52e07480..6aa46146 100644 --- a/OSX/libsecurity_smime/lib/cmsdigest.c +++ b/OSX/libsecurity_smime/lib/cmsdigest.c @@ -263,6 +263,7 @@ loser: cleanup: if (cmsdigcx->digcnt > 0) { + SecCmsDigestContextCancel(cmsdigcx); PORT_Free(cmsdigcx->digobjs); cmsdigcx->digobjs = NULL; cmsdigcx->digcnt = 0; diff --git a/OSX/libsecurity_smime/lib/cmsencdata.c b/OSX/libsecurity_smime/lib/cmsencdata.c index 0bdf3fee..7dea92a2 100644 --- a/OSX/libsecurity_smime/lib/cmsencdata.c +++ b/OSX/libsecurity_smime/lib/cmsencdata.c @@ -61,7 +61,9 @@ SecCmsEncryptedDataCreate(SecCmsMessageRef cmsg, SECOidTag algorithm, int keysiz void *mark; SecCmsEncryptedDataRef encd; PLArenaPool *poolp; +#if 0 SECAlgorithmID *pbe_algid; +#endif OSStatus rv; poolp = cmsg->poolp; @@ -87,10 +89,11 @@ SecCmsEncryptedDataCreate(SecCmsMessageRef cmsg, SECOidTag algorithm, int keysiz /* Assume password-based-encryption. At least, try that. */ #if 1 // @@@ Fix me - pbe_algid = NULL; + rv = SECFailure; + break; #else pbe_algid = PK11_CreatePBEAlgorithmID(algorithm, 1, NULL); -#endif + if (pbe_algid == NULL) { rv = SECFailure; break; @@ -98,6 +101,7 @@ SecCmsEncryptedDataCreate(SecCmsMessageRef cmsg, SECOidTag algorithm, int keysiz rv = SecCmsContentInfoSetContentEncAlgID((SecArenaPoolRef)poolp, &(encd->contentInfo), pbe_algid, keysize); SECOID_DestroyAlgorithmID (pbe_algid, PR_TRUE); break; +#endif } if (rv != SECSuccess) goto loser; diff --git a/OSX/libsecurity_smime/lib/cmsencode.c b/OSX/libsecurity_smime/lib/cmsencode.c index 2d0e51e6..65d0f9ad 100644 --- a/OSX/libsecurity_smime/lib/cmsencode.c +++ b/OSX/libsecurity_smime/lib/cmsencode.c @@ -140,7 +140,6 @@ nss_cms_encoder_notify(void *arg, Boolean before, void *dest, int depth) SecCmsEncoderRef p7ecx; SecCmsContentInfoRef rootcinfo, cinfo; Boolean after = !before; - PLArenaPool *poolp; SECOidTag childtype; CSSM_DATA_PTR item; @@ -148,7 +147,6 @@ nss_cms_encoder_notify(void *arg, Boolean before, void *dest, int depth) PORT_Assert(p7ecx != NULL); rootcinfo = &(p7ecx->cmsg->contentInfo); - poolp = p7ecx->cmsg->poolp; #ifdef CMSDEBUG fprintf(stderr, "%6.6s, dest = %p, depth = %d\n", before ? "before" : "after", dest, depth); @@ -225,12 +223,9 @@ nss_cms_before_data(SecCmsEncoderRef p7ecx) OSStatus rv; SECOidTag childtype; SecCmsContentInfoRef cinfo; - PLArenaPool *poolp; SecCmsEncoderRef childp7ecx; const SecAsn1Template *template; - poolp = p7ecx->cmsg->poolp; - /* call _Encode_BeforeData handlers */ switch (p7ecx->type) { case SEC_OID_PKCS7_SIGNED_DATA: @@ -625,6 +620,10 @@ SecCmsEncoderUpdate(SecCmsEncoderRef p7ecx, const void *data, CFIndex len) SecCmsContentInfoRef cinfo; SECOidTag childtype; + if (!p7ecx) { + return errSecParam; + } + if (p7ecx->error) return p7ecx->error; diff --git a/OSX/libsecurity_smime/lib/cmsmessage.c b/OSX/libsecurity_smime/lib/cmsmessage.c index 211f7355..387fb52c 100644 --- a/OSX/libsecurity_smime/lib/cmsmessage.c +++ b/OSX/libsecurity_smime/lib/cmsmessage.c @@ -58,7 +58,7 @@ SecCmsMessageCreate(SecArenaPoolRef pool) { PLArenaPool *poolp = (PLArenaPool *)pool; void *mark = NULL; - SecCmsMessageRef cmsg; + SecCmsMessageRef cmsg = NULL; Boolean poolp_is_ours = PR_FALSE; if (poolp == NULL) { @@ -135,8 +135,8 @@ SecCmsMessageDestroy(SecCmsMessageRef cmsg) SecCmsContentInfoDestroy(&(cmsg->contentInfo)); /* if poolp is not NULL, cmsg is the owner of its arena */ - if (cmsg->poolp_is_ours) { - PORT_FreeArena (cmsg->poolp, PR_FALSE); /* XXX clear it? */ + if (cmsg->poolp_is_ours && cmsg->poolp) { + PORT_FreeArena (cmsg->poolp, PR_TRUE); } } diff --git a/OSX/libsecurity_smime/lib/cmsrecinfo.c b/OSX/libsecurity_smime/lib/cmsrecinfo.c index 3eb0effb..f6f5f9a6 100644 --- a/OSX/libsecurity_smime/lib/cmsrecinfo.c +++ b/OSX/libsecurity_smime/lib/cmsrecinfo.c @@ -95,7 +95,7 @@ nss_cmsrecipientinfo_create(SecCmsMessageRef cmsg, SecCmsRecipientIDSelector typ rv = SecCertificateGetAlgorithmID(cert,&algid); } else { PORT_Assert(pubKey); -#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE || TARGET_IPHONE_SIMULATOR)) +#if TARGET_OS_OSX rv = SecKeyGetAlgorithmID(pubKey,&algid); #else /* TBD: Unify this code. Currently, iOS has an incompatible @@ -117,7 +117,6 @@ nss_cmsrecipientinfo_create(SecCmsMessageRef cmsg, SecCmsRecipientIDSelector typ break; } } else if (type == SecCmsRecipientIDSubjectKeyID){ - SecCmsKeyTransRecipientInfoEx *riExtra; rid->id.subjectKeyID = PORT_ArenaNew(poolp, CSSM_DATA); if (rid->id.subjectKeyID == NULL) { @@ -125,20 +124,16 @@ nss_cmsrecipientinfo_create(SecCmsMessageRef cmsg, SecCmsRecipientIDSelector typ PORT_SetError(SEC_ERROR_NO_MEMORY); break; } - SECITEM_CopyItem(poolp, rid->id.subjectKeyID, subjKeyID); + if (SECITEM_CopyItem(poolp, rid->id.subjectKeyID, subjKeyID)) { + rv = SECFailure; + PORT_SetError(SEC_ERROR_UNKNOWN_CERT); + break; + } if (rid->id.subjectKeyID->Data == NULL) { rv = SECFailure; PORT_SetError(SEC_ERROR_NO_MEMORY); break; } - riExtra = &ri->ri.keyTransRecipientInfoEx; - riExtra->version = 0; - riExtra->pubKey = SECKEY_CopyPublicKey(pubKey); - if (riExtra->pubKey == NULL) { - rv = SECFailure; - PORT_SetError(SEC_ERROR_NO_MEMORY); - break; - } } else { PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; @@ -328,25 +323,32 @@ SecCmsRecipientInfoCreateWithSubjKeyID(SecCmsMessageRef cmsg, NULL, pubKey, subjKeyID); } +/* This is exported out of the Security framework, but it's in + * SecCertificateInternal.h, which we don't have access to from + * the libsecurity_smime project. */ +CFDataRef SecCertificateGetSubjectKeyID(SecCertificateRef certificate); + SecCmsRecipientInfoRef SecCmsRecipientInfoCreateWithSubjKeyIDFromCert(SecCmsMessageRef cmsg, SecCertificateRef cert) { - SecPublicKeyRef pubKey = NULL; + SecKeyRef pubKey = NULL; CSSM_DATA subjKeyID = {0, NULL}; SecCmsRecipientInfoRef retVal = NULL; + CFDataRef subjectKeyIDData = NULL; + if (!cmsg || !cert) { return NULL; } - pubKey = CERT_ExtractPublicKey(cert); - if (!pubKey) { - goto done; - } - if (CERT_FindSubjectKeyIDExtension(cert, &subjKeyID) != SECSuccess || - subjKeyID.Data == NULL) { - goto done; - } + + subjectKeyIDData = SecCertificateGetSubjectKeyID(cert); + if (!subjectKeyIDData) + goto done; + subjKeyID.Length = + CFDataGetLength(subjectKeyIDData); + subjKeyID.Data = (uint8_t *)CFDataGetBytePtr(subjectKeyIDData); + retVal = SecCmsRecipientInfoCreateWithSubjKeyID(cmsg, &subjKeyID, pubKey); done: if (pubKey) @@ -637,7 +639,6 @@ SecCmsRecipientInfoUnwrapBulkKey(SecCmsRecipientInfoRef ri, int subIndex, switch (ri->recipientInfoType) { case SecCmsRecipientInfoIDKeyTrans: - encalg = &(ri->ri.keyTransRecipientInfo.keyEncAlg); encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyTransRecipientInfo.keyEncAlg)); enckey = &(ri->ri.keyTransRecipientInfo.encKey); /* ignore subIndex */ switch (encalgtag) { @@ -650,6 +651,7 @@ SecCmsRecipientInfoUnwrapBulkKey(SecCmsRecipientInfoRef ri, int subIndex, case SEC_OID_NETSCAPE_SMIME_KEA: /* FORTEZZA key exchange algorithm */ /* the supplemental data is in the parameters of encalg */ + encalg = &(ri->ri.keyTransRecipientInfo.keyEncAlg); bulkkey = SecCmsUtilDecryptSymKeyMISSI(privkey, enckey, encalg, bulkalgtag, ri->cmsg->pwfn_arg); break; #endif /* 0 */ @@ -659,9 +661,7 @@ SecCmsRecipientInfoUnwrapBulkKey(SecCmsRecipientInfoRef ri, int subIndex, } break; case SecCmsRecipientInfoIDKeyAgree: - encalg = &(ri->ri.keyAgreeRecipientInfo.keyEncAlg); encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyAgreeRecipientInfo.keyEncAlg)); - enckey = &(ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[subIndex]->encKey); switch (encalgtag) { case SEC_OID_X942_DIFFIE_HELMAN_KEY: /* Diffie-Helman key exchange */ @@ -677,10 +677,13 @@ SecCmsRecipientInfoUnwrapBulkKey(SecCmsRecipientInfoRef ri, int subIndex, case SEC_OID_DH_SINGLE_STD_SHA1KDF: { /* ephemeral-static ECDH */ + enckey = &(ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[subIndex]->encKey); + encalg = &(ri->ri.keyAgreeRecipientInfo.keyEncAlg); SecCmsKeyAgreeRecipientInfo *kari = &ri->ri.keyAgreeRecipientInfo; SecCmsOriginatorIdentifierOrKey *oiok = &kari->originatorIdentifierOrKey; if(oiok->identifierType != SecCmsOriginatorIDOrKeyOriginatorPublicKey) { dprintf("SEC_OID_EC_PUBLIC_KEY unwrap key: bad oiok.id\n"); + error = SEC_ERROR_LIBRARY_FAILURE; goto loser; } SecCmsOriginatorPublicKey *opk = &oiok->id.originatorPublicKey; @@ -696,9 +699,6 @@ SecCmsRecipientInfoUnwrapBulkKey(SecCmsRecipientInfoRef ri, int subIndex, } break; case SecCmsRecipientInfoIDKEK: - encalg = &(ri->ri.kekRecipientInfo.keyEncAlg); - encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.kekRecipientInfo.keyEncAlg)); - enckey = &(ri->ri.kekRecipientInfo.encKey); /* not supported yet */ error = SEC_ERROR_UNSUPPORTED_KEYALG; goto loser; @@ -708,5 +708,6 @@ SecCmsRecipientInfoUnwrapBulkKey(SecCmsRecipientInfoRef ri, int subIndex, return bulkkey; loser: + PORT_SetError(error); return NULL; } diff --git a/OSX/libsecurity_smime/lib/cmssigdata.c b/OSX/libsecurity_smime/lib/cmssigdata.c index ebdc1bab..474d7633 100644 --- a/OSX/libsecurity_smime/lib/cmssigdata.c +++ b/OSX/libsecurity_smime/lib/cmssigdata.c @@ -440,9 +440,9 @@ SecCmsSignedDataEncodeAfterData(SecCmsSignedDataRef sigd) /* did we have digest calculation going on? */ if (cinfo->digcx) { rv = SecCmsDigestContextFinishMultiple(cinfo->digcx, (SecArenaPoolRef)poolp, &(sigd->digests)); + cinfo->digcx = NULL; if (rv != SECSuccess) goto loser; /* error has been set by SecCmsDigestContextFinishMultiple */ - cinfo->digcx = NULL; } signerinfos = sigd->signerInfos; @@ -617,8 +617,10 @@ SecCmsSignedDataDecodeAfterData(SecCmsSignedDataRef sigd) { /* did we have digest calculation going on? */ if (sigd->contentInfo.digcx) { - if (SecCmsDigestContextFinishMultiple(sigd->contentInfo.digcx, (SecArenaPoolRef)sigd->cmsg->poolp, &(sigd->digests)) != SECSuccess) + if (SecCmsDigestContextFinishMultiple(sigd->contentInfo.digcx, (SecArenaPoolRef)sigd->cmsg->poolp, &(sigd->digests)) != SECSuccess) { + sigd->contentInfo.digcx = NULL; return SECFailure; /* error has been set by SecCmsDigestContextFinishMultiple */ + } sigd->contentInfo.digcx = NULL; } return SECSuccess; @@ -956,9 +958,9 @@ SecCmsSignedDataGetDigestByAlgTag(SecCmsSignedDataRef sigd, SECOidTag algtag) { int idx; - if(sigd->digests == NULL) { - return NULL; - } + if(sigd == NULL || sigd->digests == NULL) { + return NULL; + } idx = SecCmsAlgArrayGetIndexByAlgTag(sigd->digestAlgorithms, algtag); return (idx >= 0) ? sigd->digests[idx] : NULL; } @@ -976,7 +978,8 @@ SecCmsSignedDataSetDigests(SecCmsSignedDataRef sigd, { int cnt, i, idx; - if (sigd->digestAlgorithms == NULL) { + /* Check input structure and items in structure */ + if (sigd == NULL || sigd->digestAlgorithms == NULL || sigd->cmsg == NULL || sigd->cmsg->poolp == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } diff --git a/OSX/libsecurity_smime/lib/cmssiginfo.c b/OSX/libsecurity_smime/lib/cmssiginfo.c index 1bc932dc..7f60d60c 100644 --- a/OSX/libsecurity_smime/lib/cmssiginfo.c +++ b/OSX/libsecurity_smime/lib/cmssiginfo.c @@ -267,8 +267,10 @@ nss_cmssignerinfo_create(SecCmsMessageRef cmsg, SecCmsSignerIDSelector type, Sec if (!subjKeyID) goto loser; signerinfo->signerIdentifier.id.subjectKeyID = PORT_ArenaNew(poolp, CSSM_DATA); - SECITEM_CopyItem(poolp, signerinfo->signerIdentifier.id.subjectKeyID, - subjKeyID); + if (SECITEM_CopyItem(poolp, signerinfo->signerIdentifier.id.subjectKeyID, + subjKeyID)) { + goto loser; + } signerinfo->pubKey = SECKEY_CopyPublicKey(pubKey); if (!signerinfo->pubKey) goto loser; diff --git a/OSX/libsecurity_smime/lib/cryptohi.c b/OSX/libsecurity_smime/lib/cryptohi.c index 4f39abf4..68a7c715 100644 --- a/OSX/libsecurity_smime/lib/cryptohi.c +++ b/OSX/libsecurity_smime/lib/cryptohi.c @@ -42,10 +42,7 @@ #include #include #include - -#if !USE_CDSA_CRYPTO #include -#endif #ifdef NDEBUG #define CSSM_PERROR(f, r) @@ -172,7 +169,7 @@ SECOID_FindyCssmAlgorithmByTag(SECOidTag algTag) static void SEC_PrintCFError(CFErrorRef CF_RELEASES_ARGUMENT error) { if (error) { CFStringRef errorDesc = CFErrorCopyDescription(error); - fprintf(stderr, "SecKey API returned: %ld, %s", CFErrorGetCode(error), + dprintf("SecKey API returned: %ld, %s", CFErrorGetCode(error), errorDesc ? CFStringGetCStringPtr(errorDesc, kCFStringEncodingUTF8) : ""); CFRelease(error); if (errorDesc) { CFRelease(errorDesc); } @@ -337,7 +334,7 @@ static SECStatus SGN_SignAll(uint8_t *buf, size_t len, /* we no longer support signing with MD5 */ if (keyAlg == kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5 || keyAlg == kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5) { - fprintf(stderr, "CMS signature failed: MD5 algorithm is disallowed for generating signatures."); + dprintf("CMS signature failed: MD5 algorithm is disallowed for generating signatures."); rv = SEC_ERROR_INVALID_ALGORITHM; goto out; } diff --git a/OSX/libsecurity_smime/lib/secitem.c b/OSX/libsecurity_smime/lib/secitem.c index 59070c65..1eea11ed 100644 --- a/OSX/libsecurity_smime/lib/secitem.c +++ b/OSX/libsecurity_smime/lib/secitem.c @@ -3,25 +3,25 @@ * License Version 1.1 (the "License"); you may not use this file * except in compliance with the License. You may obtain a copy of * the License at http://www.mozilla.org/MPL/ - * + * * Software distributed under the License is distributed on an "AS * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or * implied. See the License for the specific language governing * rights and limitations under the License. - * + * * The Original Code is the Netscape security libraries. - * + * * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are + * Communications Corporation. Portions created by Netscape are * Copyright (C) 1994-2000 Netscape Communications Corporation. All * Rights Reserved. - * + * * Contributor(s): - * + * * Alternatively, the contents of this file may be used under the * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your * version of this file only under the terms of the GPL and not to * allow others to use your version of this file under the MPL, * indicate your decision by deleting the provisions above and @@ -46,89 +46,79 @@ SECITEM_AllocItem(PRArenaPool *arena, SECItem *item, size_t len) void *mark = NULL; if (arena != NULL) { - mark = PORT_ArenaMark(arena); + mark = PORT_ArenaMark(arena); } if (item == NULL) { - if (arena != NULL) { - result = PORT_ArenaZAlloc(arena, sizeof(SECItem)); - } else { - result = PORT_ZAlloc(sizeof(SECItem)); - } - if (result == NULL) { - goto loser; - } + if (arena != NULL) { + result = PORT_ArenaZAlloc(arena, sizeof(SECItem)); + } else { + result = PORT_ZAlloc(sizeof(SECItem)); + } + if (result == NULL) { + goto loser; + } } else { - PORT_Assert(item->Data == NULL); - result = item; + PORT_Assert(item->Data == NULL); + result = item; } result->Length = len; if (len) { - if (arena != NULL) { - result->Data = PORT_ArenaAlloc(arena, len); - } else { - result->Data = PORT_Alloc(len); - } + if (arena != NULL) { + result->Data = PORT_ArenaAlloc(arena, len); + } else { + result->Data = PORT_Alloc(len); + } } if (mark) { - PORT_ArenaUnmark(arena, mark); + PORT_ArenaUnmark(arena, mark); } return(result); loser: - if ( arena != NULL ) { - if (mark) { - PORT_ArenaRelease(arena, mark); - } - if (item != NULL) { - item->Data = NULL; - item->Length = 0; - } - } else { - if (result != NULL) { - SECITEM_FreeItem(result, (item == NULL) ? PR_TRUE : PR_FALSE); - } + if (arena != NULL && mark) { + PORT_ArenaRelease(arena, mark); } return(NULL); } SECStatus SECITEM_ReallocItem(PRArenaPool *arena, SECItem *item, unsigned int oldlen, - unsigned int newlen) + unsigned int newlen) { PORT_Assert(item != NULL); if (item == NULL) { - /* XXX Set error. But to what? */ - return SECFailure; + /* XXX Set error. But to what? */ + return SECFailure; } /* * If no old length, degenerate to just plain alloc. */ if (oldlen == 0) { - PORT_Assert(item->Data == NULL || item->Length == 0); - if (newlen == 0) { - /* Nothing to do. Weird, but not a failure. */ - return SECSuccess; - } - item->Length = newlen; - if (arena != NULL) { - item->Data = PORT_ArenaAlloc(arena, newlen); - } else { - item->Data = PORT_Alloc(newlen); - } + PORT_Assert(item->Data == NULL || item->Length == 0); + if (newlen == 0) { + /* Nothing to do. Weird, but not a failure. */ + return SECSuccess; + } + item->Length = newlen; + if (arena != NULL) { + item->Data = PORT_ArenaAlloc(arena, newlen); + } else { + item->Data = PORT_Alloc(newlen); + } } else { - if (arena != NULL) { - item->Data = PORT_ArenaGrow(arena, item->Data, oldlen, newlen); - } else { - item->Data = PORT_Realloc(item->Data, newlen); - } + if (arena != NULL) { + item->Data = PORT_ArenaGrow(arena, item->Data, oldlen, newlen); + } else { + item->Data = PORT_Realloc(item->Data, newlen); + } } if (item->Data == NULL) { - return SECFailure; + return SECFailure; } return SECSuccess; @@ -141,16 +131,16 @@ SECITEM_CompareItem(const SECItem *a, const SECItem *b) SECComparison rv; m = ( ( a->Length < b->Length ) ? a->Length : b->Length ); - + rv = (SECComparison) PORT_Memcmp(a->Data, b->Data, m); if (rv) { - return rv; + return rv; } if (a->Length < b->Length) { - return SECLessThan; + return SECLessThan; } if (a->Length == b->Length) { - return SECEqual; + return SECEqual; } return SECGreaterThan; } @@ -161,10 +151,10 @@ SECITEM_ItemsAreEqual(const SECItem *a, const SECItem *b) if (a->Length != b->Length) return PR_FALSE; if (!a->Length) - return PR_TRUE; + return PR_TRUE; if (!a->Data || !b->Data) { /* avoid null pointer crash. */ - return (Boolean)(a->Data == b->Data); + return (Boolean)(a->Data == b->Data); } return (Boolean)!PORT_Memcmp(a->Data, b->Data, a->Length); } @@ -181,32 +171,32 @@ SECITEM_ArenaDupItem(PRArenaPool *arena, const SECItem *from) SECItem *to; if ( from == NULL ) { - return(NULL); + return(NULL); } if ( arena != NULL ) { - to = (SECItem *)PORT_ArenaAlloc(arena, sizeof(SECItem)); + to = (SECItem *)PORT_ArenaAlloc(arena, sizeof(SECItem)); } else { - to = (SECItem *)PORT_Alloc(sizeof(SECItem)); + to = (SECItem *)PORT_Alloc(sizeof(SECItem)); } if ( to == NULL ) { - return(NULL); + return(NULL); } if ( arena != NULL ) { - to->Data = (unsigned char *)PORT_ArenaAlloc(arena, from->Length); + to->Data = (unsigned char *)PORT_ArenaAlloc(arena, from->Length); } else { - to->Data = (unsigned char *)PORT_Alloc(from->Length); + to->Data = (unsigned char *)PORT_Alloc(from->Length); } if ( to->Data == NULL ) { - PORT_Free(to); - return(NULL); + PORT_Free(to); + return(NULL); } to->Length = from->Length; // to->type = from->type; if ( to->Length ) { - PORT_Memcpy(to->Data, from->Data, to->Length); + PORT_Memcpy(to->Data, from->Data, to->Length); } return(to); @@ -217,20 +207,20 @@ SECITEM_CopyItem(PRArenaPool *arena, SECItem *to, const SECItem *from) { // to->type = from->type; if (from->Data && from->Length) { - if ( arena ) { - to->Data = (unsigned char*) PORT_ArenaAlloc(arena, from->Length); - } else { - to->Data = (unsigned char*) PORT_Alloc(from->Length); - } - - if (!to->Data) { - return SECFailure; - } - PORT_Memcpy(to->Data, from->Data, from->Length); - to->Length = from->Length; + if ( arena ) { + to->Data = (unsigned char*) PORT_ArenaAlloc(arena, from->Length); + } else { + to->Data = (unsigned char*) PORT_Alloc(from->Length); + } + + if (!to->Data) { + return SECFailure; + } + PORT_Memcpy(to->Data, from->Data, from->Length); + to->Length = from->Length; } else { - to->Data = 0; - to->Length = 0; + to->Data = 0; + to->Length = 0; } return SECSuccess; } @@ -239,12 +229,12 @@ void SECITEM_FreeItem(SECItem *zap, Boolean freeit) { if (zap) { - PORT_Free(zap->Data); - zap->Data = 0; - zap->Length = 0; - if (freeit) { - PORT_Free(zap); - } + PORT_Free(zap->Data); + zap->Data = 0; + zap->Length = 0; + if (freeit) { + PORT_Free(zap); + } } } @@ -252,12 +242,12 @@ void SECITEM_ZfreeItem(SECItem *zap, Boolean freeit) { if (zap) { - PORT_ZFree(zap->Data, zap->Length); - zap->Data = 0; - zap->Length = 0; - if (freeit) { - PORT_ZFree(zap, sizeof(SECItem)); - } + PORT_ZFree(zap->Data, zap->Length); + zap->Data = 0; + zap->Length = 0; + if (freeit) { + PORT_ZFree(zap, sizeof(SECItem)); + } } } @@ -279,12 +269,12 @@ SECITEM_Hash ( const void *key) PRUint8 *data = (PRUint8 *)item->Data; PRUint32 i; PRUint8 *rvc = (PRUint8 *)&rv; - + for( i = 0; i < item->Length; i++ ) { rvc[ i % sizeof(rv) ] ^= *data; data++; } - + return rv; } @@ -299,6 +289,6 @@ SECITEM_HashCompare ( const void *k1, const void *k2) { const SECItem *i1 = (const SECItem *)k1; const SECItem *i2 = (const SECItem *)k2; - + return SECITEM_ItemsAreEqual(i1,i2); } diff --git a/OSX/libsecurity_smime/lib/security_smime.exp b/OSX/libsecurity_smime/lib/security_smime.exp deleted file mode 100644 index ff2d9897..00000000 --- a/OSX/libsecurity_smime/lib/security_smime.exp +++ /dev/null @@ -1,135 +0,0 @@ -# -# Copyright (c) 2004,2011-2012,2014 Apple Inc. All Rights Reserved. -# -# @APPLE_LICENSE_HEADER_START@ -# -# This file contains Original Code and/or Modifications of Original Code -# as defined in and that are subject to the Apple Public Source License -# Version 2.0 (the 'License'). You may not use this file except in -# compliance with the License. Please obtain a copy of the License at -# http://www.opensource.apple.com/apsl/ and read it before using this -# file. -# -# The Original Code and all software distributed under the License are -# distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER -# EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, -# INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. -# Please see the License for the specific language governing rights and -# limitations under the License. -# -# @APPLE_LICENSE_HEADER_END@ -# -_SecArenaPoolCreate -_SecArenaPoolFree -_SecCmsContentInfoGetBulkKey -_SecCmsContentInfoGetBulkKeySize -_SecCmsContentInfoGetChildContentInfo -_SecCmsContentInfoGetContent -_SecCmsContentInfoGetContentEncAlg -_SecCmsContentInfoGetContentEncAlgTag -_SecCmsContentInfoGetContentTypeOID -_SecCmsContentInfoGetContentTypeTag -_SecCmsContentInfoGetInnerContent -_SecCmsContentInfoSetBulkKey -_SecCmsContentInfoSetContentData -_SecCmsContentInfoSetContentDigestedData -_SecCmsContentInfoSetContentEncAlg -_SecCmsContentInfoSetContentEncAlgID -_SecCmsContentInfoSetContentEncryptedData -_SecCmsContentInfoSetContentEnvelopedData -_SecCmsContentInfoSetContentSignedData -_SecCmsContentInfoSetContentOther -_SecCmsDecoderCreate -_SecCmsDecoderDestroy -_SecCmsDecoderFinish -_SecCmsDecoderUpdate -_SecCmsDigestContextCancel -_SecCmsDigestContextFinishMultiple -_SecCmsDigestContextStartMultiple -_SecCmsDigestContextUpdate -_SecCmsDigestedDataCreate -_SecCmsDigestedDataDestroy -_SecCmsDigestedDataGetContentInfo -_SecCmsEncoderCreate -_SecCmsEncoderDestroy -_SecCmsEncoderFinish -_SecCmsEncoderUpdate -_SecCmsEncryptedDataCreate -_SecCmsEncryptedDataDestroy -_SecCmsEncryptedDataGetContentInfo -_SecCmsEnvelopedDataAddRecipient -_SecCmsEnvelopedDataCreate -_SecCmsEnvelopedDataDestroy -_SecCmsEnvelopedDataGetContentInfo -_SecCmsMessageContainsCertsOrCrls -_SecCmsMessageContentLevel -_SecCmsMessageContentLevelCount -_SecCmsMessageCopy -_SecCmsMessageCreate -_SecCmsMessageDecode -_SecCmsMessageDestroy -_SecCmsMessageEncode -_SecCmsMessageGetArena -_SecCmsMessageGetContent -_SecCmsMessageGetContentInfo -_SecCmsMessageIsContentEmpty -_SecCmsMessageIsEncrypted -_SecCmsMessageIsSigned -_SecCmsMessageContainsTSTInfo -_SecCmsMessageSetTSACallback -_SecCmsMessageSetTSAContext -_SecCmsTSAGetDefaultContext -_SecCmsTSADefaultCallback -_kTSAContextKeyURL -_kTSAContextKeyNoCerts -_kTSADebugContextKeyBadReq -_kTSADebugContextKeyBadNonce -_SecTSAResponseCopyDEREncoding -_SecCmsRecipientInfoCreate -_SecCmsRecipientInfoCreateWithSubjKeyID -_SecCmsRecipientInfoCreateWithSubjKeyIDFromCert -_SecCmsRecipientInfoDestroy -_SecCmsSignedDataAddCertChain -_SecCmsSignedDataAddCertList -_SecCmsSignedDataAddCertificate -_SecCmsSignedDataAddSignerInfo -_SecCmsSignedDataContainsCertsOrCrls -_SecCmsSignedDataCreate -_SecCmsSignedDataCreateCertsOnly -_SecCmsSignedDataDestroy -_SecCmsSignedDataGetCertificateList -_SecCmsSignedDataGetContentInfo -_SecCmsSignedDataGetDigestAlgs -_SecCmsSignedDataGetSignerInfo -_SecCmsSignedDataGetSignerInfos -_SecCmsSignedDataHasDigests -_SecCmsSignedDataImportCerts -_SecCmsSignedDataSetDigests -_SecCmsSignedDataSignerInfoCount -_SecCmsSignedDataVerifyCertsOnly -_SecCmsSignedDataVerifySignerInfo -_SecCmsSignerInfoAddCounterSignature -_SecCmsSignerInfoAddMSSMIMEEncKeyPrefs -_SecCmsSignerInfoAddSMIMECaps -_SecCmsSignerInfoAddSMIMEEncKeyPrefs -_SecCmsSignerInfoAddSigningTime -_SecCmsSignerInfoAddAppleCodesigningHashAgility -_SecCmsSignerInfoCreate -_SecCmsSignerInfoCreateWithSubjKeyID -_SecCmsSignerInfoDestroy -_SecCmsSignerInfoGetCertList -_SecCmsSignerInfoGetDigestAlg -_SecCmsSignerInfoGetDigestAlgTag -_SecCmsSignerInfoGetSignerCommonName -_SecCmsSignerInfoGetSignerEmailAddress -_SecCmsSignerInfoGetSigningCertificate -_SecCmsSignerInfoGetSigningTime -_SecCmsSignerInfoGetTimestampTime -_SecCmsSignerInfoGetAppleCodesigningHashAgility -_SecCmsSignerInfoGetVerificationStatus -_SecCmsSignerInfoGetEncDigest -_SecCmsSignerInfoIncludeCerts -_SecCmsSignerInfoSaveSMIMEProfile -_SecCmsUtilVerificationStatusToString -_SecSMIMEFindBulkAlgForRecipients diff --git a/OSX/libsecurity_smime/lib/smimeutil.c b/OSX/libsecurity_smime/lib/smimeutil.c index 989d27d5..3de3cbcb 100644 --- a/OSX/libsecurity_smime/lib/smimeutil.c +++ b/OSX/libsecurity_smime/lib/smimeutil.c @@ -191,8 +191,7 @@ SecSMIMEEnableCipher(uint32 which, Boolean on) return SECFailure; } - if (smime_cipher_map[mapi].enabled != on) - smime_cipher_map[mapi].enabled = on; + smime_cipher_map[mapi].enabled = on; return SECSuccess; } @@ -219,8 +218,7 @@ SecSMIMEAllowCipher(uint32 which, Boolean on) /* XXX set an error */ return SECFailure; - if (smime_cipher_map[mapi].allowed != on) - smime_cipher_map[mapi].allowed = on; + smime_cipher_map[mapi].allowed = on; return SECSuccess; } @@ -574,6 +572,9 @@ SecSMIMEFindBulkAlgForRecipients(SecCertificateRef *rcerts, SECOidTag *bulkalgta cipher = smime_choose_cipher(NULL, rcerts); mapi = smime_mapi_by_cipher(cipher); + if (mapi < 0) { + return SECFailure; + } *bulkalgtag = smime_cipher_map[mapi].algtag; *keysize = smime_keysize_by_cipher(smime_cipher_map[mapi].cipher); diff --git a/OSX/libsecurity_smime/libsecurity_smime.xcodeproj/project.pbxproj b/OSX/libsecurity_smime/libsecurity_smime.xcodeproj/project.pbxproj index 0ea47bb6..7d783184 100644 --- a/OSX/libsecurity_smime/libsecurity_smime.xcodeproj/project.pbxproj +++ b/OSX/libsecurity_smime/libsecurity_smime.xcodeproj/project.pbxproj @@ -127,7 +127,6 @@ 182BB39F146F1A68000BF1F3 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; 182BB3A0146F1A68000BF1F3 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; 182BB3A1146F1A68000BF1F3 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 4C21887E0635F4D300E64E02 /* security_smime.exp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.exports; path = security_smime.exp; sourceTree = ""; }; 4C2741F203E9FC5B00A80181 /* cmsarray.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = cmsarray.c; sourceTree = ""; tabWidth = 8; }; 4C2741F303E9FC5B00A80181 /* cmsasn1.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = cmsasn1.c; sourceTree = ""; tabWidth = 8; }; 4C2741F403E9FC5B00A80181 /* cmsattr.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = cmsattr.c; sourceTree = ""; tabWidth = 8; }; @@ -308,7 +307,6 @@ 4C8E166E0438EEE700CA2E66 /* secoidt.h */, 4C7183470637153700230DDE /* SecSMIME.h */, 4C424BE7063F28F600E9831A /* SecSMIMEPriv.h */, - 4C21887E0635F4D300E64E02 /* security_smime.exp */, 4C27420F03E9FC5B00A80181 /* smimeutil.c */, ACBEE90B18B403470021712D /* SecCMS.c */, ACBEE90D18B415B60021712D /* SecCMS.h */, @@ -418,7 +416,7 @@ 4C2741E803E9FBAF00A80181 /* Project object */ = { isa = PBXProject; attributes = { - LastUpgradeCheck = 0800; + LastUpgradeCheck = 0810; }; buildConfigurationList = C23B0CD909A298C100B7FCED /* Build configuration list for PBXProject "libsecurity_smime" */; compatibilityVersion = "Xcode 3.2"; @@ -515,6 +513,7 @@ isa = XCBuildConfiguration; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ALLOW_NON_MODULAR_INCLUDES_IN_FRAMEWORK_MODULES = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; CLANG_CXX_LIBRARY = "libc++"; CLANG_ENABLE_MODULES = YES; @@ -554,6 +553,7 @@ isa = XCBuildConfiguration; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ALLOW_NON_MODULAR_INCLUDES_IN_FRAMEWORK_MODULES = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; CLANG_CXX_LIBRARY = "libc++"; CLANG_ENABLE_MODULES = YES; @@ -588,10 +588,7 @@ baseConfigurationReference = 182BB39F146F1A68000BF1F3 /* debug.xcconfig */; buildSettings = { COMBINE_HIDPI_IMAGES = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - "$(inherited)", - "SECTRUST_OSX=1", - ); + GCC_PREPROCESSOR_DEFINITIONS = "$(inherited)"; }; name = Debug; }; @@ -600,10 +597,7 @@ baseConfigurationReference = 182BB3A1146F1A68000BF1F3 /* release.xcconfig */; buildSettings = { COMBINE_HIDPI_IMAGES = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - "$(inherited)", - "SECTRUST_OSX=1", - ); + GCC_PREPROCESSOR_DEFINITIONS = "$(inherited)"; }; name = Release; }; @@ -612,11 +606,14 @@ baseConfigurationReference = 182BB3A0146F1A68000BF1F3 /* lib.xcconfig */; buildSettings = { ASSETCATALOG_COMPRESSION = lossless; + CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED = YES; CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_EMPTY_BODY = YES; CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; ENABLE_STRICT_OBJC_MSGSEND = YES; @@ -634,11 +631,14 @@ baseConfigurationReference = 182BB3A0146F1A68000BF1F3 /* lib.xcconfig */; buildSettings = { ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; + CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED = YES; CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_EMPTY_BODY = YES; CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; ENABLE_STRICT_OBJC_MSGSEND = YES; diff --git a/OSX/libsecurity_smime/regressions/cms-01-basic.c b/OSX/libsecurity_smime/regressions/cms-01-basic.c index 40f66899..c1323698 100644 --- a/OSX/libsecurity_smime/regressions/cms-01-basic.c +++ b/OSX/libsecurity_smime/regressions/cms-01-basic.c @@ -94,6 +94,8 @@ static SecKeychainRef setup_keychain(const uint8_t *p12, size_t p12_len, SecIden CFReleaseNull(imported_items); out: + CFReleaseNull(oldSearchList); + CFReleaseNull(newSearchList); return keychain; } @@ -498,4 +500,4 @@ int cms_01_basic(int argc, char *const *argv) cleanup_keychain(kc, identity, certificate); return 0; -} \ No newline at end of file +} diff --git a/OSX/libsecurity_smime/regressions/smime-cms-test.c b/OSX/libsecurity_smime/regressions/smime-cms-test.c index b2ad45e8..05340ac3 100644 --- a/OSX/libsecurity_smime/regressions/smime-cms-test.c +++ b/OSX/libsecurity_smime/regressions/smime-cms-test.c @@ -484,6 +484,7 @@ static void tests(void) "SecCMSCertificatesOnlyMessageCopyCertificates"); is(CFArrayGetCount(certs), 1, "certificate count is 1"); CFReleaseNull(message); + CFReleaseNull(certs); // Premade message containing one certificate blob message = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, @@ -492,7 +493,7 @@ static void tests(void) "SecCMSCertificatesOnlyMessageCopyCertificates"); is(CFArrayGetCount(certs), 1, "certificate count is 1"); CFReleaseNull(message); - + CFReleaseNull(certs); SecCertificateRef another_cert = NULL; CFMutableArrayRef input_certs = NULL; @@ -504,6 +505,9 @@ static void tests(void) ok(certs = SecCMSCertificatesOnlyMessageCopyCertificates(message), "SecCMSCertificatesOnlyMessageCopyCertificates"); is(CFArrayGetCount(certs), 1, "certificate count is 1"); + CFReleaseNull(certs); + CFReleaseNull(message); + CFReleaseNull(another_cert); // Process two raw certificates and make it a message input_certs = CFArrayCreateMutable(NULL, 3, &kCFTypeArrayCallBacks); diff --git a/OSX/libsecurity_ssl/config/base.xcconfig b/OSX/libsecurity_ssl/config/base.xcconfig deleted file mode 100644 index ae70ec41..00000000 --- a/OSX/libsecurity_ssl/config/base.xcconfig +++ /dev/null @@ -1,18 +0,0 @@ -SDKROOT = macosx.internal -CODE_SIGN_IDENTITY = -; -GCC_VERSION = com.apple.compilers.llvm.clang.1_0 -DEBUG_INFORMATION_FORMAT = dwarf-with-dsym -CURRENT_PROJECT_VERSION = $(RC_ProjectSourceVersion) -VERSIONING_SYSTEM = apple-generic; -DEAD_CODE_STRIPPING = YES; - -ARCHS[sdk=macosx*] = $(ARCHS_STANDARD_32_64_BIT) - -// Debug symbols should be on obviously -GCC_GENERATE_DEBUGGING_SYMBOLS = YES -COPY_PHASE_STRIP = NO -STRIP_STYLE = debugging -STRIP_INSTALLED_PRODUCT = NO - -WARNING_CFLAGS = -Wglobal-constructors -Wno-deprecated-declarations $(inherited) -GCC_PREPROCESSOR_DEFINITIONS = $(inherited) OSSPINLOCK_USE_INLINED=0 diff --git a/OSX/libsecurity_ssl/config/debug.xcconfig b/OSX/libsecurity_ssl/config/debug.xcconfig deleted file mode 100644 index 53107c24..00000000 --- a/OSX/libsecurity_ssl/config/debug.xcconfig +++ /dev/null @@ -1,4 +0,0 @@ -GCC_OPTIMIZATION_LEVEL = 0 -GCC_PREPROCESSOR_DEFINITIONS = DEBUG=1 $(inherited) - -GCC_TREAT_WARNINGS_AS_ERRORS = YES diff --git a/OSX/libsecurity_ssl/config/kext.xcconfig b/OSX/libsecurity_ssl/config/kext.xcconfig deleted file mode 100644 index ef36c7e2..00000000 --- a/OSX/libsecurity_ssl/config/kext.xcconfig +++ /dev/null @@ -1,29 +0,0 @@ -#include "base.xcconfig" - -PRODUCT_NAME = $(TARGET_NAME) -EXECUTABLE_PREFIX = - -CODE_SIGN_IDENTITY = - -HEADER_SEARCH_PATHS = $(PROJECT_DIR) $(PROJECT_DIR)/../utilities $(SYSTEM_LIBRARY_DIR)/Frameworks/Kernel.framework/Headers $(SYSTEM_LIBRARY_DIR)/Frameworks/Kernel.framework/PrivateHeaders - -SKIP_INSTALL = YES - -ALWAYS_SEARCH_USER_PATHS = YES - -GCC_ENABLE_KERNEL_DEVELOPMENT = YES -GCC_C_LANGUAGE_STANDARD = gnu99 - -WARNING_CFLAGS = -Wmost -Wno-four-char-constants -Wno-unknown-pragmas $(inherited) - -OTHER_CFLAGS = -DKERNEL $(inherited) - -GCC_SYMBOLS_PRIVATE_EXTERN = NO -GCC_WARN_64_TO_32_BIT_CONVERSION = YES -GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES -GCC_WARN_ABOUT_RETURN_TYPE = YES -GCC_WARN_UNUSED_VARIABLE = YES - -LINK_WITH_STANDARD_LIBRARIES = NO - -SUPPORTED_PLATFORMS = macosx iphoneos appletvos watchos diff --git a/OSX/libsecurity_ssl/config/lib.xcconfig b/OSX/libsecurity_ssl/config/lib.xcconfig deleted file mode 100644 index 1cb93673..00000000 --- a/OSX/libsecurity_ssl/config/lib.xcconfig +++ /dev/null @@ -1,28 +0,0 @@ -#include "base.xcconfig" - -PRODUCT_NAME = $(TARGET_NAME) -EXECUTABLE_PREFIX = - -CODE_SIGN_IDENTITY = - -HEADER_SEARCH_PATHS[sdk=macosx*] = $(PROJECT_DIR) $(PROJECT_DIR)/../regressions $(PROJECT_DIR)/../include $(BUILT_PRODUCTS_DIR)/derived_src $(PROJECT_DIR)/../utilities $(PROJECT_DIR)/../libsecurity_keychain/ $(PROJECT_DIR)/../libsecurity_keychain/libDER $(BUILT_PRODUCTS_DIR) $(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks/CarbonCore.framework/Headers $(inherited) - -HEADER_SEARCH_PATHS[sdk=embedded*] = $(PROJECT_DIR) $(PROJECT_DIR)/../regressions $(PROJECT_DIR)/../utilities $(PROJECT_DIR)/../libsecurity_asn1 $(PROJECT_DIR)/../libsecurity_keychain/libDER $(PROJECT_DIR)/../sec $(BUILT_PRODUCTS_DIR)/usr/local/include $(inherited) - -SKIP_INSTALL = YES - -ALWAYS_SEARCH_USER_PATHS = YES - -GCC_C_LANGUAGE_STANDARD = gnu99 - -WARNING_CFLAGS = $(inherited) -Wno-error=#warnings -Wall -Wno-four-char-constants -Wno-unknown-pragmas - -GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO - -GCC_SYMBOLS_PRIVATE_EXTERN = NO -GCC_WARN_64_TO_32_BIT_CONVERSION = YES -GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES -GCC_WARN_ABOUT_RETURN_TYPE = YES -GCC_WARN_UNUSED_VARIABLE = YES - -SUPPORTED_PLATFORMS = macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator diff --git a/OSX/libsecurity_ssl/config/release.xcconfig b/OSX/libsecurity_ssl/config/release.xcconfig deleted file mode 100644 index 088ded92..00000000 --- a/OSX/libsecurity_ssl/config/release.xcconfig +++ /dev/null @@ -1,2 +0,0 @@ -GCC_OPTIMIZATION_LEVEL = s -GCC_PREPROCESSOR_DEFINITIONS = NDEBUG=1 $(inherited) diff --git a/OSX/libsecurity_ssl/config/tests.xcconfig b/OSX/libsecurity_ssl/config/tests.xcconfig deleted file mode 100644 index c09f5ab7..00000000 --- a/OSX/libsecurity_ssl/config/tests.xcconfig +++ /dev/null @@ -1,24 +0,0 @@ -#include "base.xcconfig" - -PRODUCT_NAME = $(TARGET_NAME) -EXECUTABLE_PREFIX = - -CODE_SIGN_IDENTITY = - -GCC_C_LANGUAGE_STANDARD = gnu99 - -WARNING_CFLAGS = -Wmost -Wno-four-char-constants -Wno-unknown-pragmas $(inherited) - -GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO - -GCC_SYMBOLS_PRIVATE_EXTERN = NO -GCC_WARN_64_TO_32_BIT_CONVERSION = YES -GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES -GCC_WARN_ABOUT_RETURN_TYPE = YES -GCC_WARN_UNUSED_VARIABLE = YES - -SUPPORTED_PLATFORMS = macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator - -INSTALL_PATH = /usr/local/bin - -HEADER_SEARCH_PATHS = $(PROJECT_DIR)/../utilities $(inherited) diff --git a/OSX/libsecurity_ssl/lib/SSLRecordInternal.c b/OSX/libsecurity_ssl/lib/SSLRecordInternal.c index 8e494509..8da7af2a 100644 --- a/OSX/libsecurity_ssl/lib/SSLRecordInternal.c +++ b/OSX/libsecurity_ssl/lib/SSLRecordInternal.c @@ -282,7 +282,7 @@ static int SSLSetInternalRecordLayerProtocolVersion(SSLRecordContextRef ref, SSLProtocolVersion negVersion) { struct SSLRecordInternalContext *ctx = ref; - return tls_record_set_protocol_version(ctx->filter, negVersion); + return tls_record_set_protocol_version(ctx->filter, (tls_protocol_version) negVersion); } static int @@ -323,10 +323,8 @@ SSLRecordSetOption(SSLRecordContextRef ref, SSLRecordOption option, bool value) switch (option) { case kSSLRecordOptionSendOneByteRecord: return tls_record_set_record_splitting(ctx->filter, value); - break; default: return 0; - break; } } diff --git a/OSX/libsecurity_ssl/lib/security_ssl.exp b/OSX/libsecurity_ssl/lib/security_ssl.exp deleted file mode 100644 index 624a672f..00000000 --- a/OSX/libsecurity_ssl/lib/security_ssl.exp +++ /dev/null @@ -1,95 +0,0 @@ -_SSLAddDistinguishedName -_SSLClose -_SSLContextGetTypeID -_SSLCreateContext -_SSLDisposeContext -_SSLGetAllowsAnyRoot -_SSLGetAllowsExpiredCerts -_SSLGetAllowsExpiredRoots -_SSLGetBufferedReadSize -_SSLGetClientCertificateState -_SSLGetClientSideAuthenticate -_SSLGetConnection -_SSLGetDatagramWriteSize -_SSLGetDiffieHellmanParams -_SSLGetEnableCertVerify -_SSLGetEnabledCiphers -_SSLGetMaxDatagramRecordSize -_SSLGetNegotiatedCipher -_SSLGetNegotiatedProtocolVersion -_SSLGetNumberEnabledCiphers -_SSLGetNumberOfSignatureAlgorithms -_SSLGetNumberSupportedCiphers -_SSLCopyPeerCertificates -_SSLCopyPeerTrust -_SSLGetPeerDomainName -_SSLGetPeerDomainNameLength -_SSLGetPeerID -_SSLGetPeerSecTrust -_SSLGetProtocolVersion -_SSLGetProtocolVersionEnabled -_SSLGetProtocolVersionMax -_SSLGetProtocolVersionMin -_SSLGetResumableSessionInfo -_SSLGetRsaBlinding -_SSLGetSessionOption -_SSLGetSessionState -_SSLGetSignatureAlgorithms -_SSLGetSupportedCiphers -_SSLCopyTrustedRoots -_SSLSetTrustedLeafCertificates -_SSLCopyTrustedLeafCertificates -_SSLHandshake -_SSLInternalClientRandom -_SSLInternalMasterSecret -_SSLInternalServerRandom -_SSLGetCipherSizes -_SSLInternal_PRF -_SSLNewContext -_SSLNewDatagramContext -_SSLRead -_SSLReHandshake -_SSLSetAllowsAnyRoot -_SSLSetAllowsExpiredCerts -_SSLSetAllowsExpiredRoots -_SSLSetCertificate -_SSLGetCertificate -_SSLSetClientSideAuthenticate -_SSLSetConnection -_SSLSetDatagramHelloCookie -_SSLSetDiffieHellmanParams -_SSLSetEnableCertVerify -_SSLSetEnabledCiphers -_SSLSetEncryptionCertificate -_SSLGetEncryptionCertificate -_SSLSetIOFuncs -_SSLSetMaxDatagramRecordSize -_SSLSetPeerDomainName -_SSLSetPeerID -_SSLSetProtocolVersion -_SSLSetProtocolVersionEnabled -_SSLSetProtocolVersionMax -_SSLSetProtocolVersionMin -_SSLSetRsaBlinding -_SSLSetTrustedRoots -_SSLWrite -_SSLSetSessionCacheTimeout -_SSLSetSessionOption -_SSLInternalSetMasterSecretFunction -_SSLInternalSetSessionTicket -_SSLSetAllowAnonymousCiphers -_SSLGetAllowAnonymousCiphers -_SSLCopyDistinguishedNames -_SSLSetCertificateAuthorities -_SSLCopyCertificateAuthorities -_SSLGetNegotiatedCurve -_SSLGetNumberOfECDSACurves -_SSLGetECDSACurves -_SSLSetECDSACurves -_SSLGetNumberOfClientAuthTypes -_SSLGetClientAuthTypes -_SSLGetNegotiatedClientAuthType -_SSLSetMinimumDHGroupSize -_SSLGetMinimumDHGroupSize -_SSLSetSessionConfig - diff --git a/OSX/libsecurity_ssl/lib/sslBuildFlags.h b/OSX/libsecurity_ssl/lib/sslBuildFlags.h index b17519b1..af18517e 100644 --- a/OSX/libsecurity_ssl/lib/sslBuildFlags.h +++ b/OSX/libsecurity_ssl/lib/sslBuildFlags.h @@ -32,14 +32,6 @@ extern "C" { #endif -/* - * Implementation-specific functionality. - */ -#if 1 -#undef USE_CDSA_CRYPTO /* use corecrypto, instead of CDSA */ -#undef USE_SSLCERTIFICATE /* use CF-based certs, not structs */ -#endif - /* * Work around the Netscape Server Key Exchange bug. When this is * true, only do server key exchange if both of the following are diff --git a/OSX/libsecurity_ssl/lib/sslContext.c b/OSX/libsecurity_ssl/lib/sslContext.c index 21dd4628..796b1c2f 100644 --- a/OSX/libsecurity_ssl/lib/sslContext.c +++ b/OSX/libsecurity_ssl/lib/sslContext.c @@ -151,6 +151,8 @@ CFTypeRef SSLPreferencesCopyValue(CFStringRef key, CFPropertyListRef managed_pre if(!value && managed_prefs) { value = CFDictionaryGetValue(managed_prefs, key); + if (value) + CFRetain(value); } return value; diff --git a/OSX/libsecurity_ssl/lib/sslContext.h b/OSX/libsecurity_ssl/lib/sslContext.h index 590efcb3..73113a35 100644 --- a/OSX/libsecurity_ssl/lib/sslContext.h +++ b/OSX/libsecurity_ssl/lib/sslContext.h @@ -36,9 +36,7 @@ #include #include -#ifdef USE_CDSA_CRYPTO -#include -#else + #if TARGET_OS_IPHONE #include #include @@ -47,7 +45,6 @@ // typedef struct OpaqueSecDHContext *SecDHContext; #endif #include -#endif #include #include diff --git a/OSX/libsecurity_ssl/lib/sslKeychain.c b/OSX/libsecurity_ssl/lib/sslKeychain.c index feadf29a..83762723 100644 --- a/OSX/libsecurity_ssl/lib/sslKeychain.c +++ b/OSX/libsecurity_ssl/lib/sslKeychain.c @@ -46,6 +46,9 @@ #include #include +#if SEC_OS_IPHONE +#include +#endif #include #include diff --git a/OSX/libsecurity_ssl/lib/sslTransport.c b/OSX/libsecurity_ssl/lib/sslTransport.c index 0be0d389..bc44005d 100644 --- a/OSX/libsecurity_ssl/lib/sslTransport.c +++ b/OSX/libsecurity_ssl/lib/sslTransport.c @@ -442,51 +442,15 @@ SSLHandshake(SSLContext *ctx) #if (TARGET_OS_IPHONE && !TARGET_IPHONE_SIMULATOR) -#include - -typedef void (*type_ADClientAddValueForScalarKey)(CFStringRef key, int64_t value); -static type_ADClientAddValueForScalarKey gADClientAddValueForScalarKey = NULL; -static dispatch_once_t gADFunctionPointersSet = 0; -static CFBundleRef gAggdBundleRef = NULL; - -static bool InitializeADFunctionPointers() -{ - if (gADClientAddValueForScalarKey) - { - return true; - } - - dispatch_once(&gADFunctionPointersSet, - ^{ - CFStringRef path_to_aggd_framework = CFSTR("/System/Library/PrivateFrameworks/AggregateDictionary.framework"); - - CFURLRef aggd_url = CFURLCreateWithFileSystemPath(kCFAllocatorDefault, path_to_aggd_framework, kCFURLPOSIXPathStyle, true); - - if (NULL != aggd_url) - { - gAggdBundleRef = CFBundleCreate(kCFAllocatorDefault, aggd_url); - if (NULL != gAggdBundleRef) - { - gADClientAddValueForScalarKey = (type_ADClientAddValueForScalarKey) - CFBundleGetFunctionPointerForName(gAggdBundleRef, CFSTR("ADClientAddValueForScalarKey")); - } - CFRelease(aggd_url); - } - }); - - return (gADClientAddValueForScalarKey!=NULL); -} +#include "SecADWrapper.h" static void ad_log_SecureTransport_early_fail(long signature) { - if (InitializeADFunctionPointers()) { + CFStringRef key = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("com.apple.SecureTransport.early_fail.%ld"), signature); - CFStringRef key = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("com.apple.SecureTransport.early_fail.%ld"), signature); - - if(key) { - gADClientAddValueForScalarKey(key, 1); - CFRelease(key); - } + if (key) { + SecADAddValueForScalarKey(key, 1); + CFRelease(key); } } diff --git a/OSX/libsecurity_ssl/libsecurity_ssl.xcodeproj/.gitignore b/OSX/libsecurity_ssl/libsecurity_ssl.xcodeproj/.gitignore deleted file mode 100644 index 7f42cdde..00000000 --- a/OSX/libsecurity_ssl/libsecurity_ssl.xcodeproj/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -project.xcworkspace -xcuserdata diff --git a/OSX/libsecurity_ssl/libsecurity_ssl.xcodeproj/project.pbxproj b/OSX/libsecurity_ssl/libsecurity_ssl.xcodeproj/project.pbxproj deleted file mode 100644 index fd242111..00000000 --- a/OSX/libsecurity_ssl/libsecurity_ssl.xcodeproj/project.pbxproj +++ /dev/null @@ -1,830 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXAggregateTarget section */ - 0C6C633A15D1BD4800BC68CD /* dtlsEcho */ = { - isa = PBXAggregateTarget; - buildConfigurationList = 0C6C633B15D1BD4800BC68CD /* Build configuration list for PBXAggregateTarget "dtlsEcho" */; - buildPhases = ( - ); - dependencies = ( - 0C6C633F15D1BD4D00BC68CD /* PBXTargetDependency */, - 0C6C634115D1BD4E00BC68CD /* PBXTargetDependency */, - ); - name = dtlsEcho; - productName = dtlsEcho; - }; -/* End PBXAggregateTarget section */ - -/* Begin PBXBuildFile section */ - 0C03D65917DFD8C00087643B /* sslCipherSpecs.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CCA413615C75863002AEC4C /* sslCipherSpecs.c */; }; - 0C03D65B17DFE67E0087643B /* tlsCallbacks.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C03D65A17DFE67E0087643B /* tlsCallbacks.c */; }; - 0C0E0467162C9DF0009F7C71 /* ssl-46-SSLGetSupportedCiphers.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C0E0466162C9DF0009F7C71 /* ssl-46-SSLGetSupportedCiphers.c */; }; - 0C0E046A162CA288009F7C71 /* ssl_regressions.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C0E0469162CA288009F7C71 /* ssl_regressions.h */; }; - 0C0F140B191AC0A200481BA2 /* ssl-50-server.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C0F140A191AC0A200481BA2 /* ssl-50-server.c */; }; - 0C1F06F7189B1F0600E65030 /* sslMemory.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CAFF4260534D89900303760 /* sslMemory.c */; }; - 0C4B8F3A1A895D6E00AE503B /* ssl-53-clientauth.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C4B8F391A895D6E00AE503B /* ssl-53-clientauth.c */; }; - 0C4B8F4F1A8A937600AE503B /* CA-ECC_Cert.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4B8F3B1A8A937600AE503B /* CA-ECC_Cert.h */; }; - 0C4B8F501A8A937600AE503B /* CA-ECC_Key.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4B8F3C1A8A937600AE503B /* CA-ECC_Key.h */; }; - 0C4B8F511A8A937600AE503B /* CA-RSA_Cert.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4B8F3D1A8A937600AE503B /* CA-RSA_Cert.h */; }; - 0C4B8F521A8A937600AE503B /* CA-RSA_Key.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4B8F3E1A8A937600AE503B /* CA-RSA_Key.h */; }; - 0C4B8F531A8A937600AE503B /* ClientECC_Cert_CA-ECC.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4B8F3F1A8A937600AE503B /* ClientECC_Cert_CA-ECC.h */; }; - 0C4B8F541A8A937600AE503B /* ClientECC_Cert_CA-RSA.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4B8F401A8A937600AE503B /* ClientECC_Cert_CA-RSA.h */; }; - 0C4B8F551A8A937600AE503B /* ClientECC_Key.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4B8F411A8A937600AE503B /* ClientECC_Key.h */; }; - 0C4B8F561A8A937600AE503B /* ClientRSA_Cert_CA-ECC.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4B8F421A8A937600AE503B /* ClientRSA_Cert_CA-ECC.h */; }; - 0C4B8F571A8A937600AE503B /* ClientRSA_Cert_CA-RSA.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4B8F431A8A937600AE503B /* ClientRSA_Cert_CA-RSA.h */; }; - 0C4B8F581A8A937600AE503B /* ClientRSA_Key.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4B8F441A8A937600AE503B /* ClientRSA_Key.h */; }; - 0C4B8F591A8A937600AE503B /* ServerECC_Cert_CA-ECC.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4B8F451A8A937600AE503B /* ServerECC_Cert_CA-ECC.h */; }; - 0C4B8F5A1A8A937600AE503B /* ServerECC_Cert_CA-RSA.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4B8F461A8A937600AE503B /* ServerECC_Cert_CA-RSA.h */; }; - 0C4B8F5B1A8A937600AE503B /* ServerECC_Key.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4B8F471A8A937600AE503B /* ServerECC_Key.h */; }; - 0C4B8F5C1A8A937600AE503B /* ServerRSA_Cert_CA-ECC.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4B8F481A8A937600AE503B /* ServerRSA_Cert_CA-ECC.h */; }; - 0C4B8F5D1A8A937600AE503B /* ServerRSA_Cert_CA-RSA.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4B8F491A8A937600AE503B /* ServerRSA_Cert_CA-RSA.h */; }; - 0C4B8F5E1A8A937600AE503B /* ServerRSA_Key.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4B8F4A1A8A937600AE503B /* ServerRSA_Key.h */; }; - 0C4B8F5F1A8A937600AE503B /* Untrusted-CA-RSA_Cert.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4B8F4B1A8A937600AE503B /* Untrusted-CA-RSA_Cert.h */; }; - 0C4B8F601A8A937600AE503B /* Untrusted-CA-RSA_Key.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4B8F4C1A8A937600AE503B /* Untrusted-CA-RSA_Key.h */; }; - 0C4B8F611A8A937600AE503B /* UntrustedClientRSA_Cert_Untrusted-CA-RSA.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4B8F4D1A8A937600AE503B /* UntrustedClientRSA_Cert_Untrusted-CA-RSA.h */; }; - 0C4B8F621A8A937600AE503B /* UntrustedClientRSA_Key.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C4B8F4E1A8A937600AE503B /* UntrustedClientRSA_Key.h */; }; - 0C6C633515D1BB4F00BC68CD /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 0C6C633315D1BB3300BC68CD /* Security.framework */; }; - 0C6C633615D1BB6000BC68CD /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 0C6C633315D1BB3300BC68CD /* Security.framework */; }; - 0C6C633815D1BB7100BC68CD /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 0C6C633715D1BB7100BC68CD /* CoreFoundation.framework */; }; - 0C6C633915D1BBAA00BC68CD /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 0C6C633715D1BB7100BC68CD /* CoreFoundation.framework */; }; - 0C6C634315D1BDCF00BC68CD /* ssl-utils.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C6C634215D1BDCF00BC68CD /* ssl-utils.c */; }; - 0C6C634515D1BE3900BC68CD /* ssl-utils.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C6C634415D1BE3900BC68CD /* ssl-utils.h */; }; - 0C6C641F15D5840700BC68CD /* cert-1.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C6C641C15D5840700BC68CD /* cert-1.h */; }; - 0C6C642015D5840700BC68CD /* identity-1.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C6C641D15D5840700BC68CD /* identity-1.h */; }; - 0C6C642115D5840700BC68CD /* privkey-1.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C6C641E15D5840700BC68CD /* privkey-1.h */; }; - 0C6C642315D5938E00BC68CD /* ssl-utils.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C6C634215D1BDCF00BC68CD /* ssl-utils.c */; }; - 0C6C642415D5939A00BC68CD /* ssl-utils.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C6C634215D1BDCF00BC68CD /* ssl-utils.c */; }; - 0C80AB1317E9025B008F7F5B /* sslCrypto.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C80AB1217E9025B008F7F5B /* sslCrypto.c */; }; - 0C86A5FD19705A08009B006A /* ssl-52-noconn.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C86A5FC19705A08009B006A /* ssl-52-noconn.c */; }; - 0C8DD1561B1CF75400D43050 /* ssl-54-dhe.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C8DD1531B1CEE9A00D43050 /* ssl-54-dhe.c */; }; - 0C9A76A81CB478D7002111EE /* ssl-56-renegotiate.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CD3A1951CB466DB00667E3F /* ssl-56-renegotiate.c */; }; - 0CA9800617E3925A00205D87 /* sslKeychain.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CAFF4230534D89900303760 /* sslKeychain.c */; }; - 0CA9803417E7899B00205D87 /* SSLRecordInternal.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CCA413A15C75863002AEC4C /* SSLRecordInternal.c */; }; - 0CB3EC4818AEDB6B00647921 /* ssl-48-split.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CB3EC4718AEDB6B00647921 /* ssl-48-split.c */; }; - 0CCA417915C89EA3002AEC4C /* ssl-39-echo.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CCA416815C89EA3002AEC4C /* ssl-39-echo.c */; }; - 0CCA417A15C89EA3002AEC4C /* ssl-40-clientauth.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CCA416915C89EA3002AEC4C /* ssl-40-clientauth.c */; }; - 0CCA417B15C89EA3002AEC4C /* ssl-41-clientauth.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CCA416A15C89EA3002AEC4C /* ssl-41-clientauth.c */; }; - 0CCA417C15C89EA3002AEC4C /* ssl-42-ciphers.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CCA416B15C89EA3002AEC4C /* ssl-42-ciphers.c */; }; - 0CCA417D15C89EA3002AEC4C /* ssl-43-ciphers.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CCA416C15C89EA3002AEC4C /* ssl-43-ciphers.c */; }; - 0CCA417E15C89EA3002AEC4C /* ssl-45-tls12.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CCA416D15C89EA3002AEC4C /* ssl-45-tls12.c */; }; - 0CCA42E115C8A3D9002AEC4C /* dtlsEchoClient.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CCA42C115C8A34E002AEC4C /* dtlsEchoClient.c */; }; - 0CCA42E215C8A3DE002AEC4C /* dtlsEchoServer.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CCA42C215C8A34E002AEC4C /* dtlsEchoServer.c */; }; - 0CCA42EC15C8A71A002AEC4C /* sslAppUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0CCA42EA15C8A71A002AEC4C /* sslAppUtils.cpp */; }; - 0CCA42ED15C8A71A002AEC4C /* sslAppUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0CCA42EA15C8A71A002AEC4C /* sslAppUtils.cpp */; }; - 0CCAB61A1B3C93E100C97526 /* ssl-55-sessioncache.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CCAB6191B3C93E100C97526 /* ssl-55-sessioncache.c */; }; - 0CCF28B8166D5F5000AFA37C /* ssl-47-falsestart.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CCF28B7166D5F5000AFA37C /* ssl-47-falsestart.c */; }; - 0CDDC9A7195CD44400E93A27 /* ssl-51-state.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CDDC9A6195CD44400E93A27 /* ssl-51-state.c */; }; - 0CEA459418CF71B700BD32A9 /* ssl-49-sni.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CEA459218CF71AE00BD32A9 /* ssl-49-sni.c */; }; - 4CAFF4540534D89900303760 /* sslContext.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CAFF41A0534D89900303760 /* sslContext.c */; }; - 4CAFF4640534D89900303760 /* sslRecord.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CAFF42A0534D89900303760 /* sslRecord.c */; }; - 4CAFF4680534D89900303760 /* sslTransport.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CAFF42E0534D89900303760 /* sslTransport.c */; }; - AAB589F216CACE540071FE64 /* ssl-44-crashes.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CC954F0161A62AE005D3D4A /* ssl-44-crashes.c */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 0C6C633E15D1BD4D00BC68CD /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 0CCA42C815C8A387002AEC4C; - remoteInfo = dtlsEchoClient; - }; - 0C6C634015D1BD4E00BC68CD /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 0CCA42D615C8A395002AEC4C; - remoteInfo = dtlsEchoServer; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXCopyFilesBuildPhase section */ - 0CCA42C715C8A387002AEC4C /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = /usr/share/man/man1/; - dstSubfolderSpec = 0; - files = ( - ); - runOnlyForDeploymentPostprocessing = 1; - }; - 0CCA42D515C8A395002AEC4C /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = /usr/share/man/man1/; - dstSubfolderSpec = 0; - files = ( - ); - runOnlyForDeploymentPostprocessing = 1; - }; -/* End PBXCopyFilesBuildPhase section */ - -/* Begin PBXFileReference section */ - 0C03D65A17DFE67E0087643B /* tlsCallbacks.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = tlsCallbacks.c; sourceTree = ""; }; - 0C03D65C17DFE6E20087643B /* tlsCallbacks.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tlsCallbacks.h; sourceTree = ""; }; - 0C0E0466162C9DF0009F7C71 /* ssl-46-SSLGetSupportedCiphers.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-46-SSLGetSupportedCiphers.c"; sourceTree = ""; }; - 0C0E0469162CA288009F7C71 /* ssl_regressions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ssl_regressions.h; sourceTree = ""; }; - 0C0F140A191AC0A200481BA2 /* ssl-50-server.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-50-server.c"; sourceTree = ""; }; - 0C1C92ED15C8AC52007D377B /* kext.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = kext.xcconfig; sourceTree = ""; }; - 0C4B8F391A895D6E00AE503B /* ssl-53-clientauth.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-53-clientauth.c"; sourceTree = ""; }; - 0C4B8F3B1A8A937600AE503B /* CA-ECC_Cert.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "CA-ECC_Cert.h"; sourceTree = ""; }; - 0C4B8F3C1A8A937600AE503B /* CA-ECC_Key.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "CA-ECC_Key.h"; sourceTree = ""; }; - 0C4B8F3D1A8A937600AE503B /* CA-RSA_Cert.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "CA-RSA_Cert.h"; sourceTree = ""; }; - 0C4B8F3E1A8A937600AE503B /* CA-RSA_Key.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "CA-RSA_Key.h"; sourceTree = ""; }; - 0C4B8F3F1A8A937600AE503B /* ClientECC_Cert_CA-ECC.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ClientECC_Cert_CA-ECC.h"; sourceTree = ""; }; - 0C4B8F401A8A937600AE503B /* ClientECC_Cert_CA-RSA.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ClientECC_Cert_CA-RSA.h"; sourceTree = ""; }; - 0C4B8F411A8A937600AE503B /* ClientECC_Key.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ClientECC_Key.h; sourceTree = ""; }; - 0C4B8F421A8A937600AE503B /* ClientRSA_Cert_CA-ECC.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ClientRSA_Cert_CA-ECC.h"; sourceTree = ""; }; - 0C4B8F431A8A937600AE503B /* ClientRSA_Cert_CA-RSA.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ClientRSA_Cert_CA-RSA.h"; sourceTree = ""; }; - 0C4B8F441A8A937600AE503B /* ClientRSA_Key.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ClientRSA_Key.h; sourceTree = ""; }; - 0C4B8F451A8A937600AE503B /* ServerECC_Cert_CA-ECC.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ServerECC_Cert_CA-ECC.h"; sourceTree = ""; }; - 0C4B8F461A8A937600AE503B /* ServerECC_Cert_CA-RSA.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ServerECC_Cert_CA-RSA.h"; sourceTree = ""; }; - 0C4B8F471A8A937600AE503B /* ServerECC_Key.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ServerECC_Key.h; sourceTree = ""; }; - 0C4B8F481A8A937600AE503B /* ServerRSA_Cert_CA-ECC.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ServerRSA_Cert_CA-ECC.h"; sourceTree = ""; }; - 0C4B8F491A8A937600AE503B /* ServerRSA_Cert_CA-RSA.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ServerRSA_Cert_CA-RSA.h"; sourceTree = ""; }; - 0C4B8F4A1A8A937600AE503B /* ServerRSA_Key.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ServerRSA_Key.h; sourceTree = ""; }; - 0C4B8F4B1A8A937600AE503B /* Untrusted-CA-RSA_Cert.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "Untrusted-CA-RSA_Cert.h"; sourceTree = ""; }; - 0C4B8F4C1A8A937600AE503B /* Untrusted-CA-RSA_Key.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "Untrusted-CA-RSA_Key.h"; sourceTree = ""; }; - 0C4B8F4D1A8A937600AE503B /* UntrustedClientRSA_Cert_Untrusted-CA-RSA.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "UntrustedClientRSA_Cert_Untrusted-CA-RSA.h"; sourceTree = ""; }; - 0C4B8F4E1A8A937600AE503B /* UntrustedClientRSA_Key.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = UntrustedClientRSA_Key.h; sourceTree = ""; }; - 0C6C633315D1BB3300BC68CD /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; path = Security.framework; sourceTree = BUILT_PRODUCTS_DIR; }; - 0C6C633715D1BB7100BC68CD /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = System/Library/Frameworks/CoreFoundation.framework; sourceTree = SDKROOT; }; - 0C6C634215D1BDCF00BC68CD /* ssl-utils.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-utils.c"; sourceTree = ""; }; - 0C6C634415D1BE3900BC68CD /* ssl-utils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ssl-utils.h"; sourceTree = ""; }; - 0C6C641C15D5840700BC68CD /* cert-1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "cert-1.h"; sourceTree = ""; }; - 0C6C641D15D5840700BC68CD /* identity-1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "identity-1.h"; sourceTree = ""; }; - 0C6C641E15D5840700BC68CD /* privkey-1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "privkey-1.h"; sourceTree = ""; }; - 0C80AB1217E9025B008F7F5B /* sslCrypto.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = sslCrypto.c; sourceTree = ""; }; - 0C85738D15DAB34C0038DFD7 /* tests.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = tests.xcconfig; sourceTree = ""; }; - 0C86A5FC19705A08009B006A /* ssl-52-noconn.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-52-noconn.c"; sourceTree = ""; }; - 0C8DD1531B1CEE9A00D43050 /* ssl-54-dhe.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-54-dhe.c"; sourceTree = ""; }; - 0CB3EC4718AEDB6B00647921 /* ssl-48-split.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-48-split.c"; sourceTree = ""; }; - 0CC954F0161A62AE005D3D4A /* ssl-44-crashes.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-44-crashes.c"; sourceTree = ""; }; - 0CCA413415C75863002AEC4C /* SecureTransportPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecureTransportPriv.h; path = ../lib/SecureTransportPriv.h; sourceTree = ""; }; - 0CCA413615C75863002AEC4C /* sslCipherSpecs.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = sslCipherSpecs.c; sourceTree = ""; }; - 0CCA413715C75863002AEC4C /* sslCipherSpecs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sslCipherSpecs.h; sourceTree = ""; }; - 0CCA413A15C75863002AEC4C /* SSLRecordInternal.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SSLRecordInternal.c; sourceTree = ""; }; - 0CCA413B15C75863002AEC4C /* SSLRecordInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SSLRecordInternal.h; sourceTree = ""; }; - 0CCA413C15C75863002AEC4C /* sslTypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sslTypes.h; path = ../lib/sslTypes.h; sourceTree = ""; }; - 0CCA414215C75863002AEC4C /* tls_record_internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tls_record_internal.h; sourceTree = ""; }; - 0CCA415915C89E8B002AEC4C /* libsecurity_ssl_regressions.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_ssl_regressions.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 0CCA416815C89EA3002AEC4C /* ssl-39-echo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-39-echo.c"; sourceTree = ""; }; - 0CCA416915C89EA3002AEC4C /* ssl-40-clientauth.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-40-clientauth.c"; sourceTree = ""; }; - 0CCA416A15C89EA3002AEC4C /* ssl-41-clientauth.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-41-clientauth.c"; sourceTree = ""; }; - 0CCA416B15C89EA3002AEC4C /* ssl-42-ciphers.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-42-ciphers.c"; sourceTree = ""; }; - 0CCA416C15C89EA3002AEC4C /* ssl-43-ciphers.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-43-ciphers.c"; sourceTree = ""; }; - 0CCA416D15C89EA3002AEC4C /* ssl-45-tls12.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-45-tls12.c"; sourceTree = ""; }; - 0CCA42C115C8A34E002AEC4C /* dtlsEchoClient.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = dtlsEchoClient.c; sourceTree = ""; }; - 0CCA42C215C8A34E002AEC4C /* dtlsEchoServer.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = dtlsEchoServer.c; sourceTree = ""; }; - 0CCA42C315C8A34E002AEC4C /* README */ = {isa = PBXFileReference; lastKnownFileType = text; path = README; sourceTree = ""; }; - 0CCA42C915C8A387002AEC4C /* dtlsEchoClient */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = dtlsEchoClient; sourceTree = BUILT_PRODUCTS_DIR; }; - 0CCA42D715C8A395002AEC4C /* dtlsEchoServer */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = dtlsEchoServer; sourceTree = BUILT_PRODUCTS_DIR; }; - 0CCA42EA15C8A71A002AEC4C /* sslAppUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = sslAppUtils.cpp; path = sslViewer/sslAppUtils.cpp; sourceTree = SOURCE_ROOT; }; - 0CCA42EB15C8A71A002AEC4C /* sslAppUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sslAppUtils.h; path = sslViewer/sslAppUtils.h; sourceTree = SOURCE_ROOT; }; - 0CCAB6191B3C93E100C97526 /* ssl-55-sessioncache.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-55-sessioncache.c"; sourceTree = ""; }; - 0CCF28B7166D5F5000AFA37C /* ssl-47-falsestart.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-47-falsestart.c"; sourceTree = ""; }; - 0CD3A1951CB466DB00667E3F /* ssl-56-renegotiate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-56-renegotiate.c"; sourceTree = ""; }; - 0CDDC9A6195CD44400E93A27 /* ssl-51-state.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-51-state.c"; sourceTree = ""; }; - 0CEA459218CF71AE00BD32A9 /* ssl-49-sni.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-49-sni.c"; sourceTree = ""; }; - 4CA1FEBE052A3C8100F22E42 /* libsecurity_ssl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_ssl.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CAFF4020534D89900303760 /* cipherSpecs.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cipherSpecs.h; sourceTree = ""; }; - 4CAFF4030534D89900303760 /* CipherSuite.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = CipherSuite.h; sourceTree = ""; }; - 4CAFF4090534D89900303760 /* SecureTransport.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecureTransport.h; sourceTree = ""; }; - 4CAFF40B0534D89900303760 /* ssl.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ssl.h; sourceTree = ""; }; - 4CAFF4170534D89900303760 /* sslBuildFlags.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = sslBuildFlags.h; sourceTree = ""; }; - 4CAFF41A0534D89900303760 /* sslContext.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = sslContext.c; sourceTree = ""; }; - 4CAFF41B0534D89900303760 /* sslContext.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = sslContext.h; sourceTree = ""; }; - 4CAFF41C0534D89900303760 /* sslDebug.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = sslDebug.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - 4CAFF4230534D89900303760 /* sslKeychain.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = sslKeychain.c; sourceTree = ""; }; - 4CAFF4240534D89900303760 /* sslKeychain.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = sslKeychain.h; sourceTree = ""; }; - 4CAFF4260534D89900303760 /* sslMemory.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = sslMemory.c; sourceTree = ""; }; - 4CAFF4270534D89900303760 /* sslMemory.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = sslMemory.h; sourceTree = ""; }; - 4CAFF4290534D89900303760 /* sslPriv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = sslPriv.h; sourceTree = ""; }; - 4CAFF42A0534D89900303760 /* sslRecord.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = sslRecord.c; sourceTree = ""; }; - 4CAFF42B0534D89900303760 /* sslRecord.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = sslRecord.h; sourceTree = ""; }; - 4CAFF42E0534D89900303760 /* sslTransport.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = sslTransport.c; sourceTree = ""; }; - 4CAFF42F0534D89900303760 /* sslUtils.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = sslUtils.c; sourceTree = ""; }; - 4CAFF4300534D89900303760 /* sslUtils.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = sslUtils.h; sourceTree = ""; }; - 4CCBFE3C057FF16800981D43 /* security_ssl.exp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.exports; path = security_ssl.exp; sourceTree = ""; }; - BE6A959C14E3700A00C158E0 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - BE6A959D14E3700A00C158E0 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - BE6A959E14E3700A00C158E0 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - BE6A959F14E3700A00C158E0 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - BEB382AE14EC84AC003C055B /* sslCrypto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sslCrypto.h; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 0CCA415615C89E8B002AEC4C /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 0CCA42C615C8A387002AEC4C /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 0C6C633815D1BB7100BC68CD /* CoreFoundation.framework in Frameworks */, - 0C6C633515D1BB4F00BC68CD /* Security.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 0CCA42D415C8A395002AEC4C /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 0C6C633915D1BBAA00BC68CD /* CoreFoundation.framework in Frameworks */, - 0C6C633615D1BB6000BC68CD /* Security.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 050651C7056A83F3008AD683 /* Apple Custom */ = { - isa = PBXGroup; - children = ( - 4CAFF4230534D89900303760 /* sslKeychain.c */, - ); - name = "Apple Custom"; - sourceTree = ""; - }; - 050651C8056A8404008AD683 /* SSL Core */ = { - isa = PBXGroup; - children = ( - 0CCA413A15C75863002AEC4C /* SSLRecordInternal.c */, - 0CCA413615C75863002AEC4C /* sslCipherSpecs.c */, - 4CAFF41A0534D89900303760 /* sslContext.c */, - 4CAFF42A0534D89900303760 /* sslRecord.c */, - 4CAFF42E0534D89900303760 /* sslTransport.c */, - 0C03D65A17DFE67E0087643B /* tlsCallbacks.c */, - 0C03D65C17DFE6E20087643B /* tlsCallbacks.h */, - ); - name = "SSL Core"; - sourceTree = ""; - }; - 050651C9056A840E008AD683 /* Private Headers */ = { - isa = PBXGroup; - children = ( - 0CCA413C15C75863002AEC4C /* sslTypes.h */, - 0CCA413415C75863002AEC4C /* SecureTransportPriv.h */, - ); - name = "Private Headers"; - path = ../Security; - sourceTree = ""; - }; - 050651CA056A8415008AD683 /* Public Headers */ = { - isa = PBXGroup; - children = ( - 4CAFF4030534D89900303760 /* CipherSuite.h */, - 4CAFF4090534D89900303760 /* SecureTransport.h */, - ); - name = "Public Headers"; - path = ../Security; - sourceTree = ""; - }; - 050651CB056A841C008AD683 /* Crypto */ = { - isa = PBXGroup; - children = ( - 0C80AB1217E9025B008F7F5B /* sslCrypto.c */, - ); - name = Crypto; - sourceTree = ""; - }; - 050651CC056A8421008AD683 /* Misc. */ = { - isa = PBXGroup; - children = ( - 4CAFF4260534D89900303760 /* sslMemory.c */, - 4CAFF42F0534D89900303760 /* sslUtils.c */, - ); - name = Misc.; - sourceTree = ""; - }; - 0C4B8F631A8A938A00AE503B /* test-certs */ = { - isa = PBXGroup; - children = ( - 0C4B8F3B1A8A937600AE503B /* CA-ECC_Cert.h */, - 0C4B8F3C1A8A937600AE503B /* CA-ECC_Key.h */, - 0C4B8F3D1A8A937600AE503B /* CA-RSA_Cert.h */, - 0C4B8F3E1A8A937600AE503B /* CA-RSA_Key.h */, - 0C4B8F3F1A8A937600AE503B /* ClientECC_Cert_CA-ECC.h */, - 0C4B8F401A8A937600AE503B /* ClientECC_Cert_CA-RSA.h */, - 0C4B8F411A8A937600AE503B /* ClientECC_Key.h */, - 0C4B8F421A8A937600AE503B /* ClientRSA_Cert_CA-ECC.h */, - 0C4B8F431A8A937600AE503B /* ClientRSA_Cert_CA-RSA.h */, - 0C4B8F441A8A937600AE503B /* ClientRSA_Key.h */, - 0C4B8F451A8A937600AE503B /* ServerECC_Cert_CA-ECC.h */, - 0C4B8F461A8A937600AE503B /* ServerECC_Cert_CA-RSA.h */, - 0C4B8F471A8A937600AE503B /* ServerECC_Key.h */, - 0C4B8F481A8A937600AE503B /* ServerRSA_Cert_CA-ECC.h */, - 0C4B8F491A8A937600AE503B /* ServerRSA_Cert_CA-RSA.h */, - 0C4B8F4A1A8A937600AE503B /* ServerRSA_Key.h */, - 0C4B8F4B1A8A937600AE503B /* Untrusted-CA-RSA_Cert.h */, - 0C4B8F4C1A8A937600AE503B /* Untrusted-CA-RSA_Key.h */, - 0C4B8F4D1A8A937600AE503B /* UntrustedClientRSA_Cert_Untrusted-CA-RSA.h */, - 0C4B8F4E1A8A937600AE503B /* UntrustedClientRSA_Key.h */, - ); - path = "test-certs"; - sourceTree = ""; - }; - 0CCA415D15C89EA3002AEC4C /* regressions */ = { - isa = PBXGroup; - children = ( - 0C4B8F631A8A938A00AE503B /* test-certs */, - 0C6C641C15D5840700BC68CD /* cert-1.h */, - 0C6C641D15D5840700BC68CD /* identity-1.h */, - 0C6C641E15D5840700BC68CD /* privkey-1.h */, - 0CCA416815C89EA3002AEC4C /* ssl-39-echo.c */, - 0CCA416915C89EA3002AEC4C /* ssl-40-clientauth.c */, - 0CCA416A15C89EA3002AEC4C /* ssl-41-clientauth.c */, - 0CCA416B15C89EA3002AEC4C /* ssl-42-ciphers.c */, - 0CCA416C15C89EA3002AEC4C /* ssl-43-ciphers.c */, - 0CC954F0161A62AE005D3D4A /* ssl-44-crashes.c */, - 0CCA416D15C89EA3002AEC4C /* ssl-45-tls12.c */, - 0C0E0466162C9DF0009F7C71 /* ssl-46-SSLGetSupportedCiphers.c */, - 0CCF28B7166D5F5000AFA37C /* ssl-47-falsestart.c */, - 0CB3EC4718AEDB6B00647921 /* ssl-48-split.c */, - 0CEA459218CF71AE00BD32A9 /* ssl-49-sni.c */, - 0C0F140A191AC0A200481BA2 /* ssl-50-server.c */, - 0CDDC9A6195CD44400E93A27 /* ssl-51-state.c */, - 0C86A5FC19705A08009B006A /* ssl-52-noconn.c */, - 0C4B8F391A895D6E00AE503B /* ssl-53-clientauth.c */, - 0C8DD1531B1CEE9A00D43050 /* ssl-54-dhe.c */, - 0CCAB6191B3C93E100C97526 /* ssl-55-sessioncache.c */, - 0CD3A1951CB466DB00667E3F /* ssl-56-renegotiate.c */, - 0C6C634215D1BDCF00BC68CD /* ssl-utils.c */, - 0C6C634415D1BE3900BC68CD /* ssl-utils.h */, - 0C0E0469162CA288009F7C71 /* ssl_regressions.h */, - ); - path = regressions; - sourceTree = ""; - }; - 0CCA42C015C8A34E002AEC4C /* dtlsEcho */ = { - isa = PBXGroup; - children = ( - 0CCA42EA15C8A71A002AEC4C /* sslAppUtils.cpp */, - 0CCA42EB15C8A71A002AEC4C /* sslAppUtils.h */, - 0CCA42C115C8A34E002AEC4C /* dtlsEchoClient.c */, - 0CCA42C215C8A34E002AEC4C /* dtlsEchoServer.c */, - 0CCA42C315C8A34E002AEC4C /* README */, - ); - path = dtlsEcho; - sourceTree = ""; - }; - 4CA1FEA7052A3C3800F22E42 = { - isa = PBXGroup; - children = ( - 0C6C633715D1BB7100BC68CD /* CoreFoundation.framework */, - 0C6C633315D1BB3300BC68CD /* Security.framework */, - 0CCA42C015C8A34E002AEC4C /* dtlsEcho */, - 0CCA415D15C89EA3002AEC4C /* regressions */, - BE6A959B14E3700A00C158E0 /* config */, - 4CAFF3FC0534D89900303760 /* lib */, - 4CA1FEBF052A3C8100F22E42 /* Products */, - ); - sourceTree = ""; - }; - 4CA1FEBF052A3C8100F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - 4CA1FEBE052A3C8100F22E42 /* libsecurity_ssl.a */, - 0CCA415915C89E8B002AEC4C /* libsecurity_ssl_regressions.a */, - 0CCA42C915C8A387002AEC4C /* dtlsEchoClient */, - 0CCA42D715C8A395002AEC4C /* dtlsEchoServer */, - ); - name = Products; - sourceTree = ""; - }; - 4CAFF3FC0534D89900303760 /* lib */ = { - isa = PBXGroup; - children = ( - 050651C7056A83F3008AD683 /* Apple Custom */, - 050651C8056A8404008AD683 /* SSL Core */, - 050651CA056A8415008AD683 /* Public Headers */, - 050651C9056A840E008AD683 /* Private Headers */, - BE967B0314E9F622002A348A /* Project Headers */, - 050651CB056A841C008AD683 /* Crypto */, - 050651CC056A8421008AD683 /* Misc. */, - 4CCBFE3C057FF16800981D43 /* security_ssl.exp */, - ); - path = lib; - sourceTree = ""; - }; - BE6A959B14E3700A00C158E0 /* config */ = { - isa = PBXGroup; - children = ( - BE6A959C14E3700A00C158E0 /* base.xcconfig */, - BE6A959D14E3700A00C158E0 /* debug.xcconfig */, - 0C1C92ED15C8AC52007D377B /* kext.xcconfig */, - BE6A959E14E3700A00C158E0 /* lib.xcconfig */, - BE6A959F14E3700A00C158E0 /* release.xcconfig */, - 0C85738D15DAB34C0038DFD7 /* tests.xcconfig */, - ); - path = config; - sourceTree = ""; - }; - BE967B0314E9F622002A348A /* Project Headers */ = { - isa = PBXGroup; - children = ( - 0CCA413715C75863002AEC4C /* sslCipherSpecs.h */, - 0CCA413B15C75863002AEC4C /* SSLRecordInternal.h */, - 0CCA414215C75863002AEC4C /* tls_record_internal.h */, - 4CAFF4020534D89900303760 /* cipherSpecs.h */, - 4CAFF40B0534D89900303760 /* ssl.h */, - 4CAFF4170534D89900303760 /* sslBuildFlags.h */, - 4CAFF41B0534D89900303760 /* sslContext.h */, - BEB382AE14EC84AC003C055B /* sslCrypto.h */, - 4CAFF41C0534D89900303760 /* sslDebug.h */, - 4CAFF4240534D89900303760 /* sslKeychain.h */, - 4CAFF4270534D89900303760 /* sslMemory.h */, - 4CAFF4290534D89900303760 /* sslPriv.h */, - 4CAFF42B0534D89900303760 /* sslRecord.h */, - 4CAFF4300534D89900303760 /* sslUtils.h */, - ); - name = "Project Headers"; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 0CCA415715C89E8B002AEC4C /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 0C4B8F541A8A937600AE503B /* ClientECC_Cert_CA-RSA.h in Headers */, - 0C4B8F501A8A937600AE503B /* CA-ECC_Key.h in Headers */, - 0C4B8F511A8A937600AE503B /* CA-RSA_Cert.h in Headers */, - 0C4B8F611A8A937600AE503B /* UntrustedClientRSA_Cert_Untrusted-CA-RSA.h in Headers */, - 0C4B8F5D1A8A937600AE503B /* ServerRSA_Cert_CA-RSA.h in Headers */, - 0C4B8F621A8A937600AE503B /* UntrustedClientRSA_Key.h in Headers */, - 0C4B8F601A8A937600AE503B /* Untrusted-CA-RSA_Key.h in Headers */, - 0C4B8F5F1A8A937600AE503B /* Untrusted-CA-RSA_Cert.h in Headers */, - 0C4B8F5B1A8A937600AE503B /* ServerECC_Key.h in Headers */, - 0C4B8F591A8A937600AE503B /* ServerECC_Cert_CA-ECC.h in Headers */, - 0C4B8F5A1A8A937600AE503B /* ServerECC_Cert_CA-RSA.h in Headers */, - 0C4B8F531A8A937600AE503B /* ClientECC_Cert_CA-ECC.h in Headers */, - 0C4B8F571A8A937600AE503B /* ClientRSA_Cert_CA-RSA.h in Headers */, - 0C4B8F561A8A937600AE503B /* ClientRSA_Cert_CA-ECC.h in Headers */, - 0C6C634515D1BE3900BC68CD /* ssl-utils.h in Headers */, - 0C6C641F15D5840700BC68CD /* cert-1.h in Headers */, - 0C4B8F5E1A8A937600AE503B /* ServerRSA_Key.h in Headers */, - 0C4B8F4F1A8A937600AE503B /* CA-ECC_Cert.h in Headers */, - 0C6C642015D5840700BC68CD /* identity-1.h in Headers */, - 0C4B8F5C1A8A937600AE503B /* ServerRSA_Cert_CA-ECC.h in Headers */, - 0C6C642115D5840700BC68CD /* privkey-1.h in Headers */, - 0C4B8F581A8A937600AE503B /* ClientRSA_Key.h in Headers */, - 0C0E046A162CA288009F7C71 /* ssl_regressions.h in Headers */, - 0C4B8F521A8A937600AE503B /* CA-RSA_Key.h in Headers */, - 0C4B8F551A8A937600AE503B /* ClientECC_Key.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 0CCA415815C89E8B002AEC4C /* libsecurity_ssl_regressions */ = { - isa = PBXNativeTarget; - buildConfigurationList = 0CCA415A15C89E8B002AEC4C /* Build configuration list for PBXNativeTarget "libsecurity_ssl_regressions" */; - buildPhases = ( - 0CCA415515C89E8B002AEC4C /* Sources */, - 0CCA415615C89E8B002AEC4C /* Frameworks */, - 0CCA415715C89E8B002AEC4C /* Headers */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_ssl_regressions; - productName = libsecurity_ssl_regressions; - productReference = 0CCA415915C89E8B002AEC4C /* libsecurity_ssl_regressions.a */; - productType = "com.apple.product-type.library.static"; - }; - 0CCA42C815C8A387002AEC4C /* dtlsEchoClient */ = { - isa = PBXNativeTarget; - buildConfigurationList = 0CCA42D015C8A387002AEC4C /* Build configuration list for PBXNativeTarget "dtlsEchoClient" */; - buildPhases = ( - 0CCA42C515C8A387002AEC4C /* Sources */, - 0CCA42C615C8A387002AEC4C /* Frameworks */, - 0CCA42C715C8A387002AEC4C /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = dtlsEchoClient; - productName = dtlsEchoClient; - productReference = 0CCA42C915C8A387002AEC4C /* dtlsEchoClient */; - productType = "com.apple.product-type.tool"; - }; - 0CCA42D615C8A395002AEC4C /* dtlsEchoServer */ = { - isa = PBXNativeTarget; - buildConfigurationList = 0CCA42DE15C8A395002AEC4C /* Build configuration list for PBXNativeTarget "dtlsEchoServer" */; - buildPhases = ( - 0CCA42D315C8A395002AEC4C /* Sources */, - 0CCA42D415C8A395002AEC4C /* Frameworks */, - 0CCA42D515C8A395002AEC4C /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = dtlsEchoServer; - productName = dtlsEchoServer; - productReference = 0CCA42D715C8A395002AEC4C /* dtlsEchoServer */; - productType = "com.apple.product-type.tool"; - }; - 4CA1FEBD052A3C8100F22E42 /* libsecurity_ssl */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD4000987FCDF001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_ssl" */; - buildPhases = ( - 4CA1FEBA052A3C8100F22E42 /* Sources */, - 4CA1FEBB052A3C8100F22E42 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_ssl; - productName = libsecurity_ssl; - productReference = 4CA1FEBE052A3C8100F22E42 /* libsecurity_ssl.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEAB052A3C3800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD4040987FCDF001272E0 /* Build configuration list for PBXProject "libsecurity_ssl" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - en, - ); - mainGroup = 4CA1FEA7052A3C3800F22E42; - productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; - projectDirPath = ""; - projectRoot = ""; - targets = ( - 4CA1FEBD052A3C8100F22E42 /* libsecurity_ssl */, - 0CCA415815C89E8B002AEC4C /* libsecurity_ssl_regressions */, - 0CCA42C815C8A387002AEC4C /* dtlsEchoClient */, - 0CCA42D615C8A395002AEC4C /* dtlsEchoServer */, - 0C6C633A15D1BD4800BC68CD /* dtlsEcho */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXSourcesBuildPhase section */ - 0CCA415515C89E8B002AEC4C /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 0CCA417915C89EA3002AEC4C /* ssl-39-echo.c in Sources */, - 0CB3EC4818AEDB6B00647921 /* ssl-48-split.c in Sources */, - 0CCA417A15C89EA3002AEC4C /* ssl-40-clientauth.c in Sources */, - 0CCA417B15C89EA3002AEC4C /* ssl-41-clientauth.c in Sources */, - 0CCA417C15C89EA3002AEC4C /* ssl-42-ciphers.c in Sources */, - 0CCA417D15C89EA3002AEC4C /* ssl-43-ciphers.c in Sources */, - 0C86A5FD19705A08009B006A /* ssl-52-noconn.c in Sources */, - AAB589F216CACE540071FE64 /* ssl-44-crashes.c in Sources */, - 0CCA417E15C89EA3002AEC4C /* ssl-45-tls12.c in Sources */, - 0C4B8F3A1A895D6E00AE503B /* ssl-53-clientauth.c in Sources */, - 0CEA459418CF71B700BD32A9 /* ssl-49-sni.c in Sources */, - 0CCF28B8166D5F5000AFA37C /* ssl-47-falsestart.c in Sources */, - 0CDDC9A7195CD44400E93A27 /* ssl-51-state.c in Sources */, - 0C6C634315D1BDCF00BC68CD /* ssl-utils.c in Sources */, - 0C0E0467162C9DF0009F7C71 /* ssl-46-SSLGetSupportedCiphers.c in Sources */, - 0C8DD1561B1CF75400D43050 /* ssl-54-dhe.c in Sources */, - 0CCAB61A1B3C93E100C97526 /* ssl-55-sessioncache.c in Sources */, - 0C0F140B191AC0A200481BA2 /* ssl-50-server.c in Sources */, - 0C9A76A81CB478D7002111EE /* ssl-56-renegotiate.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 0CCA42C515C8A387002AEC4C /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 0C6C642315D5938E00BC68CD /* ssl-utils.c in Sources */, - 0CCA42E115C8A3D9002AEC4C /* dtlsEchoClient.c in Sources */, - 0CCA42EC15C8A71A002AEC4C /* sslAppUtils.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 0CCA42D315C8A395002AEC4C /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 0C6C642415D5939A00BC68CD /* ssl-utils.c in Sources */, - 0CCA42E215C8A3DE002AEC4C /* dtlsEchoServer.c in Sources */, - 0CCA42ED15C8A71A002AEC4C /* sslAppUtils.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CA1FEBA052A3C8100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 0C1F06F7189B1F0600E65030 /* sslMemory.c in Sources */, - 0C80AB1317E9025B008F7F5B /* sslCrypto.c in Sources */, - 0CA9803417E7899B00205D87 /* SSLRecordInternal.c in Sources */, - 0CA9800617E3925A00205D87 /* sslKeychain.c in Sources */, - 0C03D65917DFD8C00087643B /* sslCipherSpecs.c in Sources */, - 4CAFF4540534D89900303760 /* sslContext.c in Sources */, - 0C03D65B17DFE67E0087643B /* tlsCallbacks.c in Sources */, - 4CAFF4640534D89900303760 /* sslRecord.c in Sources */, - 4CAFF4680534D89900303760 /* sslTransport.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - 0C6C633F15D1BD4D00BC68CD /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 0CCA42C815C8A387002AEC4C /* dtlsEchoClient */; - targetProxy = 0C6C633E15D1BD4D00BC68CD /* PBXContainerItemProxy */; - }; - 0C6C634115D1BD4E00BC68CD /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 0CCA42D615C8A395002AEC4C /* dtlsEchoServer */; - targetProxy = 0C6C634015D1BD4E00BC68CD /* PBXContainerItemProxy */; - }; -/* End PBXTargetDependency section */ - -/* Begin XCBuildConfiguration section */ - 0C6C633C15D1BD4800BC68CD /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; - }; - 0C6C633D15D1BD4800BC68CD /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; - }; - 0CCA415B15C89E8B002AEC4C /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = BE6A959E14E3700A00C158E0 /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Debug; - }; - 0CCA415C15C89E8B002AEC4C /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = BE6A959E14E3700A00C158E0 /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Release; - }; - 0CCA42D115C8A387002AEC4C /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 0C85738D15DAB34C0038DFD7 /* tests.xcconfig */; - buildSettings = { - }; - name = Debug; - }; - 0CCA42D215C8A387002AEC4C /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 0C85738D15DAB34C0038DFD7 /* tests.xcconfig */; - buildSettings = { - }; - name = Release; - }; - 0CCA42DF15C8A395002AEC4C /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 0C85738D15DAB34C0038DFD7 /* tests.xcconfig */; - buildSettings = { - }; - name = Debug; - }; - 0CCA42E015C8A395002AEC4C /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 0C85738D15DAB34C0038DFD7 /* tests.xcconfig */; - buildSettings = { - }; - name = Release; - }; - C27AD4010987FCDF001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = BE6A959E14E3700A00C158E0 /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Debug; - }; - C27AD4030987FCDF001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = BE6A959E14E3700A00C158E0 /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Release; - }; - C27AD4050987FCDF001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = BE6A959D14E3700A00C158E0 /* debug.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - ENABLE_TESTABILITY = YES; - ONLY_ACTIVE_ARCH = YES; - SDKROOT = macosx.internal; - }; - name = Debug; - }; - C27AD4070987FCDF001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = BE6A959F14E3700A00C158E0 /* release.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - SDKROOT = macosx.internal; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - 0C6C633B15D1BD4800BC68CD /* Build configuration list for PBXAggregateTarget "dtlsEcho" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 0C6C633C15D1BD4800BC68CD /* Debug */, - 0C6C633D15D1BD4800BC68CD /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 0CCA415A15C89E8B002AEC4C /* Build configuration list for PBXNativeTarget "libsecurity_ssl_regressions" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 0CCA415B15C89E8B002AEC4C /* Debug */, - 0CCA415C15C89E8B002AEC4C /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 0CCA42D015C8A387002AEC4C /* Build configuration list for PBXNativeTarget "dtlsEchoClient" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 0CCA42D115C8A387002AEC4C /* Debug */, - 0CCA42D215C8A387002AEC4C /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 0CCA42DE15C8A395002AEC4C /* Build configuration list for PBXNativeTarget "dtlsEchoServer" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 0CCA42DF15C8A395002AEC4C /* Debug */, - 0CCA42E015C8A395002AEC4C /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD4000987FCDF001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_ssl" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD4010987FCDF001272E0 /* Debug */, - C27AD4030987FCDF001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD4040987FCDF001272E0 /* Build configuration list for PBXProject "libsecurity_ssl" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD4050987FCDF001272E0 /* Debug */, - C27AD4070987FCDF001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; -} diff --git a/OSX/libsecurity_ssl/regressions/ssl-42-ciphers.c b/OSX/libsecurity_ssl/regressions/ssl-42-ciphers.c index c5c27d6f..b637558f 100644 --- a/OSX/libsecurity_ssl/regressions/ssl-42-ciphers.c +++ b/OSX/libsecurity_ssl/regressions/ssl-42-ciphers.c @@ -344,6 +344,9 @@ out: static bool check_peer_cert(SSLContextRef ctx, const ssl_test_handle *ssl, SecTrustRef *trust) { + CFMutableArrayRef peer_cert_array = NULL; + CFMutableArrayRef orig_peer_cert_array = NULL; + /* verify peer cert chain */ require_noerr(SSLCopyPeerTrust(ctx, trust), out); SecTrustResultType trust_result = 0; @@ -353,10 +356,8 @@ static bool check_peer_cert(SSLContextRef ctx, const ssl_test_handle *ssl, SecTr CFIndex n_certs = SecTrustGetCertificateCount(*trust); /* fprintf(stderr, "%ld certs; trust_eval: %d\n", n_certs, trust_result); */ - CFMutableArrayRef peer_cert_array = - CFArrayCreateMutable(NULL, n_certs, &kCFTypeArrayCallBacks); - CFMutableArrayRef orig_peer_cert_array = - CFArrayCreateMutableCopy(NULL, n_certs, ssl->peer_certs); + peer_cert_array = CFArrayCreateMutable(NULL, n_certs, &kCFTypeArrayCallBacks); + orig_peer_cert_array = CFArrayCreateMutableCopy(NULL, n_certs, ssl->peer_certs); while (n_certs--) CFArrayInsertValueAtIndex(peer_cert_array, 0, SecTrustGetCertificateAtIndex(*trust, n_certs)); @@ -369,8 +370,8 @@ static bool check_peer_cert(SSLContextRef ctx, const ssl_test_handle *ssl, SecTr CFRelease(peer_cert); require(CFEqual(orig_peer_cert_array, peer_cert_array), out); - CFRelease(orig_peer_cert_array); - CFRelease(peer_cert_array); + CFReleaseNull(orig_peer_cert_array); + CFReleaseNull(peer_cert_array); /* CFStringRef cert_name = SecCertificateCopySubjectSummary(cert); @@ -382,6 +383,8 @@ static bool check_peer_cert(SSLContextRef ctx, const ssl_test_handle *ssl, SecTr */ return true; out: + CFReleaseNull(orig_peer_cert_array); + CFReleaseNull(peer_cert_array); return false; } diff --git a/OSX/libsecurity_ssl/regressions/ssl-43-ciphers.c b/OSX/libsecurity_ssl/regressions/ssl-43-ciphers.c index e7d89c94..1577120e 100644 --- a/OSX/libsecurity_ssl/regressions/ssl-43-ciphers.c +++ b/OSX/libsecurity_ssl/regressions/ssl-43-ciphers.c @@ -315,7 +315,7 @@ static int SocketConnect(const char *hostName, int port) struct in_addr host; int sock; int err; - struct hostent *ent; + struct hostent *ent = NULL; if (hostName[0] >= '0' && hostName[0] <= '9') { diff --git a/OSX/libsecurity_ssl/regressions/ssl-50-server.c b/OSX/libsecurity_ssl/regressions/ssl-50-server.c index 513079b6..b20a9b02 100644 --- a/OSX/libsecurity_ssl/regressions/ssl-50-server.c +++ b/OSX/libsecurity_ssl/regressions/ssl-50-server.c @@ -244,7 +244,7 @@ tests(void) } //fprintf(stderr, "session_id: %d\n", session_id); - pthread_create(&server_thread, NULL, securetransport_ssl_thread, socket); + pthread_create(&server_thread, NULL, securetransport_ssl_thread, (void*)socket); system("/usr/bin/openssl s_client -msg -debug -connect localhost:4443"); diff --git a/OSX/libsecurity_ssl/regressions/ssl-utils.c b/OSX/libsecurity_ssl/regressions/ssl-utils.c index 73211a51..1837501a 100644 --- a/OSX/libsecurity_ssl/regressions/ssl-utils.c +++ b/OSX/libsecurity_ssl/regressions/ssl-utils.c @@ -77,6 +77,7 @@ SecKeyRef create_private_key_from_der(bool ecdsa, const unsigned char *pkey_der, } static +CF_RETURNS_RETAINED CFArrayRef chain_from_der(bool ecdsa, const unsigned char *pkey_der, size_t pkey_der_len, const unsigned char *cert_der, size_t cert_der_len) { SecKeyRef pkey = NULL; diff --git a/OSX/libsecurity_transform/Configurations/libsecurity_transform.Default.xcconfig b/OSX/libsecurity_transform/Configurations/libsecurity_transform.Default.xcconfig deleted file mode 100644 index 4c4241e2..00000000 --- a/OSX/libsecurity_transform/Configurations/libsecurity_transform.Default.xcconfig +++ /dev/null @@ -1,5 +0,0 @@ -BUILD_VARIANTS = normal debug -ZERO_LINK = NO -OPT_CFLAGS = -DNDEBUG -Os $(OPT_INLINEFLAGS) - -#include "libsecurity_transform_core.xcconfig" diff --git a/OSX/libsecurity_transform/Configurations/libsecurity_transform_Deployment.xcconfig b/OSX/libsecurity_transform/Configurations/libsecurity_transform_Deployment.xcconfig deleted file mode 100644 index d25effd7..00000000 --- a/OSX/libsecurity_transform/Configurations/libsecurity_transform_Deployment.xcconfig +++ /dev/null @@ -1,2 +0,0 @@ -#include "libsecurity_transform.Default.xcconfig" - diff --git a/OSX/libsecurity_transform/Configurations/libsecurity_transform_Development.xcconfig b/OSX/libsecurity_transform/Configurations/libsecurity_transform_Development.xcconfig deleted file mode 100644 index 77f91149..00000000 --- a/OSX/libsecurity_transform/Configurations/libsecurity_transform_Development.xcconfig +++ /dev/null @@ -1,6 +0,0 @@ -BUILD_VARIANTS = debug -GCC_GENERATE_DEBUGGING_SYMBOLS = YES -OPT_CFLAGS = -O0 -ZERO_LINK = YES - -#include "libsecurity_transform_core.xcconfig" diff --git a/OSX/libsecurity_transform/Configurations/libsecurity_transform_core.xcconfig b/OSX/libsecurity_transform/Configurations/libsecurity_transform_core.xcconfig deleted file mode 100644 index 2a6db42c..00000000 --- a/OSX/libsecurity_transform/Configurations/libsecurity_transform_core.xcconfig +++ /dev/null @@ -1,27 +0,0 @@ -EXECUTABLE_PREFIX = -PRIVATE_HEADERS_FOLDER_PATH = /usr/local/SecurityPieces/PrivateHeaders/Security -PRODUCT_NAME = security_transform -PUBLIC_HEADERS_FOLDER_PATH = /usr/local/SecurityPieces/Headers/Security -FRAMEWORK_SEARCH_PATHS = /usr/local/SecurityPieces/Components/Security /usr/local/SecurityPieces/Frameworks -HEADER_SEARCH_PATHS = $(BUILT_PRODUCTS_DIR)/SecurityPieces/Headers $(BUILT_PRODUCTS_DIR)/SecurityPieces/PrivateHeaders -WARNING_CFLAGS = -Wmost -Wno-four-char-constants -Wno-unknown-pragmas -EXECUTABLE_SUFFIX = -LIBRARY_STYLE = STATIC -OPT_CFLAGS = -DCOM_APPLE_SECURITY_ACTUALLY_BUILDING_LIBRARY -OPT_CPPFLAGS = $(OPT_CFLAGS) -OTHER_CFLAGS = -DCOM_APPLE_SECURITY_SANE_INCLUDES -OTHER_ASFLAGS_debug = $(OTHER_CFLAGS) -OTHER_ASFLAGS_normal = -DNDEBUG $(OTHER_CFLAGS) -OTHER_ASFLAGS_profile = -DNDEBUG $(OTHER_CFLAGS) -pg -OTHER_CFLAGS_debug = $(OTHER_CFLAGS) -O0 -fno-inline -OTHER_CFLAGS_normal = $(OPT_CFLAGS) $(OTHER_CFLAGS) -OTHER_CFLAGS_profile = $(OPT_CFLAGS) $(OTHER_CFLAGS) -pg -OTHER_CPLUSPLUSFLAGS_debug = $(OTHER_CFLAGS) -O0 -fno-inline -OTHER_CPLUSPLUSFLAGS_normal = $(OPT_CPPFLAGS) $(OTHER_CFLAGS) -OTHER_CPLUSPLUSFLAGS_profile = $(OPT_CPPFLAGS) $(OTHER_CFLAGS) -pg -OTHER_LDFLAGS_debug = -OTHER_LDFLAGS_normal = $(OPT_LDFLAGS) $(OTHER_LDFLAGS) -OTHER_LDFLAGS_profile = $(OPT_LDFLAGS) $(OTHER_LDFLAGS) -pg -GCC_ENABLE_CPP_EXCEPTIONS = NO -GCC_ENABLE_CPP_RTTI = NO -GCC_PREPROCESSOR_DEFINITIONS = $(inherited) OSSPINLOCK_USE_INLINED=0 diff --git a/OSX/libsecurity_transform/Configurations/security_transform_Default.xcconfig b/OSX/libsecurity_transform/Configurations/security_transform_Default.xcconfig deleted file mode 100644 index cb2357ee..00000000 --- a/OSX/libsecurity_transform/Configurations/security_transform_Default.xcconfig +++ /dev/null @@ -1,9 +0,0 @@ -INSTALL_PATH = /usr/local/SecurityPieces/Components/Security -EXECUTABLE_PREFIX = -FRAMEWORK_VERSION = A -PRODUCT_NAME = security_transform -WRAPPER_EXTENSION = framework -EXECUTABLE_SUFFIX = -GCC_ENABLE_CPP_EXCEPTIONS = NO -GCC_ENABLE_CPP_RTTI = NO -GCC_PREPROCESSOR_DEFINITIONS = $(inherited) OSSPINLOCK_USE_INLINED=0 diff --git a/OSX/libsecurity_transform/Configurations/security_transform_Deployment.xcconfig b/OSX/libsecurity_transform/Configurations/security_transform_Deployment.xcconfig deleted file mode 100644 index d79ea3fc..00000000 --- a/OSX/libsecurity_transform/Configurations/security_transform_Deployment.xcconfig +++ /dev/null @@ -1,11 +0,0 @@ -INSTALL_PATH = /usr/local/SecurityPieces/Components/Security -EXECUTABLE_PREFIX = -FRAMEWORK_VERSION = A -INFOPLIST_FILE = Info-security_transform.plist -PRODUCT_NAME = security_transform -WRAPPER_EXTENSION = framework -EXECUTABLE_SUFFIX = -ZERO_LINK = NO -GCC_ENABLE_CPP_EXCEPTIONS = NO -GCC_ENABLE_CPP_RTTI = NO -GCC_PREPROCESSOR_DEFINITIONS = $(inherited) OSSPINLOCK_USE_INLINED=0 diff --git a/OSX/libsecurity_transform/Configurations/security_transform_Development.xcconfig b/OSX/libsecurity_transform/Configurations/security_transform_Development.xcconfig deleted file mode 100644 index 0d2deb5a..00000000 --- a/OSX/libsecurity_transform/Configurations/security_transform_Development.xcconfig +++ /dev/null @@ -1,14 +0,0 @@ -BUILD_VARIANTS = debug -INSTALL_PATH = /usr/local/SecurityPieces/Components/Security -EXECUTABLE_PREFIX = -FRAMEWORK_VERSION = A -INFOPLIST_FILE = Info-security_transform.plist -PRODUCT_NAME = security_transform -WRAPPER_EXTENSION = framework -EXECUTABLE_SUFFIX = -GCC_DYNAMIC_NO_PIC = NO -GCC_GENERATE_DEBUGGING_SYMBOLS = YES -ZERO_LINK = YES -GCC_ENABLE_CPP_EXCEPTIONS = NO -GCC_ENABLE_CPP_RTTI = NO -GCC_PREPROCESSOR_DEFINITIONS = $(inherited) OSSPINLOCK_USE_INLINED=0 diff --git a/OSX/libsecurity_transform/lib/EncryptTransform.h b/OSX/libsecurity_transform/lib/EncryptTransform.h index 69b429c7..163efaf2 100644 --- a/OSX/libsecurity_transform/lib/EncryptTransform.h +++ b/OSX/libsecurity_transform/lib/EncryptTransform.h @@ -105,7 +105,7 @@ protected: public: virtual ~EncryptTransform(); - static SecTransformRef Make(); + static CF_RETURNS_RETAINED SecTransformRef Make(); }; @@ -125,7 +125,7 @@ protected: public: virtual ~DecryptTransform(); - static SecTransformRef Make(); + static CF_RETURNS_RETAINED SecTransformRef Make(); }; diff --git a/OSX/libsecurity_transform/lib/GroupTransform.cpp b/OSX/libsecurity_transform/lib/GroupTransform.cpp index 08ecf8ce..a14400ea 100644 --- a/OSX/libsecurity_transform/lib/GroupTransform.cpp +++ b/OSX/libsecurity_transform/lib/GroupTransform.cpp @@ -73,7 +73,9 @@ CFTypeRef GroupTransform::Make() static CFComparisonResult tr_cmp(const void *val1, const void *val2, void *context) { - return (intptr_t)val1 - (intptr_t)val2; + return (((intptr_t) val1 == (intptr_t) val2) ? kCFCompareEqualTo + : ((intptr_t) val1 > (intptr_t) val2) ? kCFCompareGreaterThan + : kCFCompareLessThan); } bool GroupTransform::HasMember(SecTransformRef member) diff --git a/OSX/libsecurity_transform/lib/SecExternalSourceTransform.h b/OSX/libsecurity_transform/lib/SecExternalSourceTransform.h index 181b347f..a8685884 100644 --- a/OSX/libsecurity_transform/lib/SecExternalSourceTransform.h +++ b/OSX/libsecurity_transform/lib/SecExternalSourceTransform.h @@ -62,4 +62,4 @@ extern "C" { #endif -#endif \ No newline at end of file +#endif diff --git a/OSX/libsecurity_transform/lib/SecMaskGenerationFunctionTransform.h b/OSX/libsecurity_transform/lib/SecMaskGenerationFunctionTransform.h index 37757a98..410b4e05 100644 --- a/OSX/libsecurity_transform/lib/SecMaskGenerationFunctionTransform.h +++ b/OSX/libsecurity_transform/lib/SecMaskGenerationFunctionTransform.h @@ -33,11 +33,10 @@ extern "C" { /*! @function SecMaskGenerationFunctionTransformCreate @abstract Creates a MGF computation object. - @param maskGenerationFunctionType The MGF algorigh to use, currently only kSecMaskGenerationFunctionMGF1 - @param digestType The type of digest to compute the MGF with. You may pass NULL + @param hashType The type of digest to compute the MGF with. You may pass NULL for this parameter, in which case an appropriate algorithm will be chosen for you (SHA1 for MGF1). - @param digestLength The desired digest length. Note that certain + @param length The desired digest length. Note that certain algorithms may only support certain sizes. You may pass 0 for this parameter, in which case an appropriate length will be chosen for you. diff --git a/OSX/libsecurity_transform/lib/SecSignVerifyTransform.c b/OSX/libsecurity_transform/lib/SecSignVerifyTransform.c index ea91fe95..50cea228 100644 --- a/OSX/libsecurity_transform/lib/SecSignVerifyTransform.c +++ b/OSX/libsecurity_transform/lib/SecSignVerifyTransform.c @@ -221,16 +221,13 @@ CFErrorRef pick_sign_alg(CFStringRef digest, int digest_length, const CSSM_KEY * switch (ckey->KeyHeader.AlgorithmId) { case CSSM_ALGID_RSA: return fancy_error(kSecTransformErrorDomain, kSecTransformErrorInvalidAlgorithm, CFSTR("Invalid digest algorithm for RSA signature, choose one of: SHA1, SHA2 (512bits, 348bits, 256bits, or 224 bits), MD2, or MD5")); - break; case CSSM_ALGID_ECDSA: return fancy_error(kSecTransformErrorDomain, kSecTransformErrorInvalidAlgorithm, CFSTR("Invalid digest algorithm for ECDSA signature, choose one of: SHA1, or SHA2 (512bits, 348bits, 256bits, or 224 bits)")); - break; - + case CSSM_ALGID_DSA: return fancy_error(kSecTransformErrorDomain, kSecTransformErrorInvalidAlgorithm, CFSTR("Invalid digest algorithm for DSA signature, only SHA1 is supported")); - break; - + default: return fancy_error(kSecTransformErrorDomain, kSecTransformErrorInvalidAlgorithm, CFSTR("Expected key to be RSA, DSA or ECDSA key")); } diff --git a/OSX/libsecurity_transform/lib/SecTransform.cpp b/OSX/libsecurity_transform/lib/SecTransform.cpp index 958d0974..12ee1cfc 100644 --- a/OSX/libsecurity_transform/lib/SecTransform.cpp +++ b/OSX/libsecurity_transform/lib/SecTransform.cpp @@ -445,7 +445,7 @@ SecTransformRef SecTransformCreateFromExternalRepresentation( CFIndex numTransforms = CFArrayGetCount(transforms); CFIndex n; - SecTransformRef aTransform; + SecTransformRef aTransform = NULL; for (n = 0; n < numTransforms; ++n) { diff --git a/OSX/libsecurity_transform/lib/SecTransformReadTransform.cpp b/OSX/libsecurity_transform/lib/SecTransformReadTransform.cpp index 5d998cf3..332ad58a 100644 --- a/OSX/libsecurity_transform/lib/SecTransformReadTransform.cpp +++ b/OSX/libsecurity_transform/lib/SecTransformReadTransform.cpp @@ -70,7 +70,6 @@ static SecTransformInstanceBlock StreamTransformImplementation(CFStringRef name, { return (CFTypeRef) CreateSecTransformErrorRef(kSecTransformErrorInvalidInput, "The read stream is in an error state"); } - break; default: // The assumption is that the stream is ready to go as is. diff --git a/OSX/libsecurity_transform/lib/SecTransformValidator.h b/OSX/libsecurity_transform/lib/SecTransformValidator.h index 2d06bed6..e6c8a496 100644 --- a/OSX/libsecurity_transform/lib/SecTransformValidator.h +++ b/OSX/libsecurity_transform/lib/SecTransformValidator.h @@ -45,4 +45,4 @@ SecTransformAttributeActionBlock SecTransformCreateValidatorForCFtype(CFTypeID e CF_EXTERN_C_END -#endif \ No newline at end of file +#endif diff --git a/OSX/libsecurity_transform/lib/Transform.cpp b/OSX/libsecurity_transform/lib/Transform.cpp index 20db57fa..eea4a673 100644 --- a/OSX/libsecurity_transform/lib/Transform.cpp +++ b/OSX/libsecurity_transform/lib/Transform.cpp @@ -585,7 +585,6 @@ CFTypeRef Transform::GetMetaAttribute(SecTransformStringOrAttributeRef key, SecT return ta->name; default: return CreateSecTransformErrorRef(kSecTransformErrorInvalidOperation, "Can't get unknown meta attribute #%d from %@", type, key); - break; } return NULL; @@ -1128,7 +1127,7 @@ void Transform::Debug(const char *cfmt, ...) { static dispatch_once_t once; static CFWriteStreamRef StdErrWriteStream; dispatch_once(&once, ^{ - auto GCC_BUG_WORKAROUND CFURLRef GCC_BUG_WORKAROUND p = CFURLCreateWithFileSystemPath(NULL, CFSTR("/dev/stderr"), kCFURLPOSIXPathStyle, FALSE); + CFURLRef p = CFURLCreateWithFileSystemPath(NULL, CFSTR("/dev/stderr"), kCFURLPOSIXPathStyle, FALSE); StdErrWriteStream = CFWriteStreamCreateWithFile(NULL, p); CFWriteStreamOpen(StdErrWriteStream); CFRelease(p); diff --git a/OSX/libsecurity_transform/lib/security_transform.exp b/OSX/libsecurity_transform/lib/security_transform.exp deleted file mode 100644 index 67eea74d..00000000 --- a/OSX/libsecurity_transform/lib/security_transform.exp +++ /dev/null @@ -1,99 +0,0 @@ -_SecTransformCreateFromExternalRepresentation -_SecTransformCreateValidatorForCFtype -_SecTransformCopyExternalRepresentation -_SecTransformConnectTransforms -_SecTransformSetAttribute -_SecTransformGetAttribute -_SecTransformFindByName -_SecTransformExecute -_SecTransformExecuteAsync -_SecNullTransformCreate -_SecDigestTransformCreate -_SecCreateMaskGenerationFunctionTransform -_SecTransformCreate -_SecTransformRegister -_SecTransformNoData -_kSecDigestMD2 -_kSecDigestMD4 -_kSecDigestMD5 -_kSecDigestSHA1 -_kSecDigestSHA2 -_kSecDigestHMACSHA1 -_kSecDigestHMACMD5 -_kSecDigestHMACKeyAttribute -_kSecDigestHMACSHA2 -_SecExternalSourceTransformCreate -_SecExternalSourceSetValue -_kSecDecodeTypeAttribute -_CreateSecTransformErrorRef -_kSecTransformAbortOriginatorKey -_SecGroupTransformHasMember -_kSecDigestTypeAttribute -_kSecDigestLengthAttribute -_kSecOAEPEncodingParametersAttributeName -_kSecTransformInputAttributeName -_kSecTransformDebugAttributeName -_kSecTransformOutputAttributeName -_kSecTransformTransformName -_kSecTransformAbortAttributeName -_kSecPaddingNoneKey -_kSecPaddingPKCS1Key -_kSecPaddingPKCS5Key -_kSecPaddingPKCS7Key -_kSecPaddingOAEPKey -_kSecModeNoneKey -_kSecModeECBKey -_kSecModeCBCKey -_kSecModeCFBKey -_kSecModeOFBKey -_kSecEncryptKey -_kSecPaddingKey -_kSecIVKey -_kSecEncryptionMode -_SecEncryptTransformCreate -_SecDecryptTransformCreate -_SecDecodeTransformCreate -_SecEncodeTransformCreate -_SecSignTransformCreate -_SecVerifyTransformCreate -_kSecBase32Encoding -_kSecBase64Encoding -_kSecZLibEncoding -_kSecEncodeLineLengthAttribute -_kSecEncodeTypeAttribute -_kSecCompressionRatio -_kSecKeyAttributeName -_kSecSignatureAttributeName -_kSecInputIsAttributeName -_kSecInputIsPlainText -_kSecInputIsDigest -_kSecInputIsRaw -_kSecTransformActionCanExecute -_kSecTransformActionStartingExecution -_kSecTransformActionFinalize -_kSecTransformActionProcessData -_SecTransformSetAttributeAction -_SecGroupTransformFindLastTransform -_SecGroupTransformFindMonitor -_SecTransformDisconnectTransforms -_SecTransformDotForDebugging -_SecCreateCollectTransform -_SecTransformGetTypeID -_SecGroupTransformGetTypeID -_SecTransformCreateGroupTransform -_SecTransformSetDataAction -_SecTransformSetTransformAction -_SecTranformCustomGetAttribute -_SecTransformCustomSetAttribute -_SecTransformPushbackAttribute -_kSecTransformActionExternalizeExtraData -_kSecTransformActionInternalizeExtraData -_kSecTransformActionAttributeNotification -_kSecTransformActionAttributeValidation -_kSecTransformErrorDomain -_kSecTransformPreviousErrorKey -_kSecLineLength64 -_kSecLineLength76 -_SecTransformCreateReadTransformWithReadStream -_kSecLineLength64 -_kSecLineLength76 diff --git a/OSX/libsecurity_transform/libsecurity_transform.xcodeproj/project.pbxproj b/OSX/libsecurity_transform/libsecurity_transform.xcodeproj/project.pbxproj deleted file mode 100644 index a48f2532..00000000 --- a/OSX/libsecurity_transform/libsecurity_transform.xcodeproj/project.pbxproj +++ /dev/null @@ -1,874 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 18C5A961148442000010EF34 /* libsecurity_transform.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CA1FEBE052A3C8100F22E42 /* libsecurity_transform.a */; }; - 18C5A9661484440D0010EF34 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 18C5A9651484440D0010EF34 /* Foundation.framework */; }; - 4C010B9B121AE9960094CB72 /* speed-test.mm in Sources */ = {isa = PBXBuildFile; fileRef = 4C010B9A121AE9960094CB72 /* speed-test.mm */; }; - 4C010BBB121AECF10094CB72 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5D16D6FB114EA1000096BD75 /* Security.framework */; }; - 4C010C52121B00350094CB72 /* SecExternalSourceTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C010C4B121AFCA70094CB72 /* SecExternalSourceTransform.h */; }; - 4C010C53121B00440094CB72 /* SecExternalSourceTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C010C4C121AFCA70094CB72 /* SecExternalSourceTransform.cpp */; }; - 4C0113511468693100E4F866 /* SecMaskGenerationFunctionTransform.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C01134F1468693100E4F866 /* SecMaskGenerationFunctionTransform.c */; }; - 4C0113521468693100E4F866 /* SecMaskGenerationFunctionTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C0113501468693100E4F866 /* SecMaskGenerationFunctionTransform.h */; settings = {ATTRIBUTES = (); }; }; - 4C01135C14686F2600E4F866 /* NSData+HexString.m in Sources */ = {isa = PBXBuildFile; fileRef = 4C01135A14686F2600E4F866 /* NSData+HexString.m */; }; - 4C27A37814F2DCB4007FCA66 /* CEncryptDecrypt.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C27A37714F2DCB4007FCA66 /* CEncryptDecrypt.c */; }; - 4C6E5966116D4E3E00A70E8F /* misc.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6E5964116D4E3E00A70E8F /* misc.c */; }; - 4C6E5967116D4E3E00A70E8F /* misc.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6E5965116D4E3E00A70E8F /* misc.h */; }; - 4C73822D112DCC4800EA003B /* SecCustomTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C73822B112DCC4800EA003B /* SecCustomTransform.h */; settings = {ATTRIBUTES = (); }; }; - 4C73822E112DCC4800EA003B /* SecCustomTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C73822C112DCC4800EA003B /* SecCustomTransform.cpp */; }; - 4C8174341133031E007F84D6 /* libsecurity_transform.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CA1FEBE052A3C8100F22E42 /* libsecurity_transform.a */; }; - 4CB89E62124D5667004DEC20 /* SecTransformValidator.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CB89E61124D5667004DEC20 /* SecTransformValidator.h */; settings = {ATTRIBUTES = (); }; }; - 4CC4A8B21264D22300075C8F /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5D16D6FB114EA1000096BD75 /* Security.framework */; }; - 4CD6A669113F41990094F287 /* libz.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CD6A668113F41990094F287 /* libz.dylib */; }; - 4CD87F501130A49400A98C5E /* 100-sha2.m in Sources */ = {isa = PBXBuildFile; fileRef = 4CD87F3D1130A34700A98C5E /* 100-sha2.m */; }; - 4CDF6DCC113C4E9E00C64234 /* EncodeDecodeTransforms.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CDF6DC9113C4E9E00C64234 /* EncodeDecodeTransforms.c */; }; - 4CDF6DCD113C4E9E00C64234 /* SecDecodeTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CDF6DCA113C4E9E00C64234 /* SecDecodeTransform.h */; settings = {ATTRIBUTES = (); }; }; - 4CDF6DCE113C4E9E00C64234 /* SecEncodeTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CDF6DCB113C4E9E00C64234 /* SecEncodeTransform.h */; settings = {ATTRIBUTES = (); }; }; - 5DCAD5B711F0E099003F2E7A /* SecCollectTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5DCAD5B511F0E099003F2E7A /* SecCollectTransform.cpp */; }; - 5DCAD5B811F0E099003F2E7A /* SecCollectTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = 5DCAD5B611F0E099003F2E7A /* SecCollectTransform.h */; }; - 5DD2E91E114E9044007429E7 /* EncryptTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = 5DD2E91C114E9044007429E7 /* EncryptTransform.h */; }; - 5DD2E91F114E9044007429E7 /* EncryptTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5DD2E91D114E9044007429E7 /* EncryptTransform.cpp */; }; - 5DD2E925114E9094007429E7 /* EncryptTransformUtilities.h in Headers */ = {isa = PBXBuildFile; fileRef = 5DD2E923114E9094007429E7 /* EncryptTransformUtilities.h */; }; - 5DD2E926114E9094007429E7 /* EncryptTransformUtilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5DD2E924114E9094007429E7 /* EncryptTransformUtilities.cpp */; }; - 5DD2E929114E90E2007429E7 /* SecEncryptTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = 5DD2E927114E90E2007429E7 /* SecEncryptTransform.h */; settings = {ATTRIBUTES = (); }; }; - 5DD2E92A114E90E2007429E7 /* SecEncryptTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5DD2E928114E90E2007429E7 /* SecEncryptTransform.cpp */; }; - 5DD2E938114E91CC007429E7 /* SecSignVerifyTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = 5DD2E936114E91CC007429E7 /* SecSignVerifyTransform.h */; settings = {ATTRIBUTES = (); }; }; - 5DD2E939114E91CC007429E7 /* SecSignVerifyTransform.c in Sources */ = {isa = PBXBuildFile; fileRef = 5DD2E937114E91CC007429E7 /* SecSignVerifyTransform.c */; }; - 5DD2E9B5114E986D007429E7 /* custom.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5DD2E96E114E95B1007429E7 /* custom.mm */; }; - AA068646138C420C0059E73E /* SecReadTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = AA068645138C420C0059E73E /* SecReadTransform.h */; settings = {ATTRIBUTES = (); }; }; - AA068EDF1174AB350002E9E0 /* GroupTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = AA068EDB1174AB350002E9E0 /* GroupTransform.cpp */; }; - AA068EE01174AB350002E9E0 /* GroupTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = AA068EDC1174AB350002E9E0 /* GroupTransform.h */; }; - AA068EE11174AB350002E9E0 /* SecGroupTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = AA068EDD1174AB350002E9E0 /* SecGroupTransform.cpp */; }; - AA068EE21174AB350002E9E0 /* SecGroupTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = AA068EDE1174AB350002E9E0 /* SecGroupTransform.h */; }; - AA068EEE1174ABB20002E9E0 /* SecTransformInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = AA068EED1174ABB20002E9E0 /* SecTransformInternal.h */; settings = {ATTRIBUTES = (); }; }; - AA957FCB122C571E00181BE1 /* SecTransformReadTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = AA957FCA122C571E00181BE1 /* SecTransformReadTransform.h */; settings = {ATTRIBUTES = (); }; }; - AA957FD5122C57AF00181BE1 /* SecTransformReadTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = AA957FD4122C57AF00181BE1 /* SecTransformReadTransform.cpp */; }; - AA9781A91175475500699E38 /* c++utils.h in Headers */ = {isa = PBXBuildFile; fileRef = AA9781A71175475500699E38 /* c++utils.h */; }; - AA9781AA1175475500699E38 /* c++utils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = AA9781A81175475500699E38 /* c++utils.cpp */; }; - AA9E1C221117966F00380F0D /* CoreFoundationBasics.cpp in Sources */ = {isa = PBXBuildFile; fileRef = AA9E1C051117966F00380F0D /* CoreFoundationBasics.cpp */; }; - AA9E1C231117966F00380F0D /* CoreFoundationBasics.h in Headers */ = {isa = PBXBuildFile; fileRef = AA9E1C061117966F00380F0D /* CoreFoundationBasics.h */; }; - AA9E1C241117966F00380F0D /* Digest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = AA9E1C071117966F00380F0D /* Digest.cpp */; }; - AA9E1C251117966F00380F0D /* Digest.h in Headers */ = {isa = PBXBuildFile; fileRef = AA9E1C081117966F00380F0D /* Digest.h */; }; - AA9E1C261117966F00380F0D /* LinkedList.cpp in Sources */ = {isa = PBXBuildFile; fileRef = AA9E1C091117966F00380F0D /* LinkedList.cpp */; }; - AA9E1C271117966F00380F0D /* LinkedList.h in Headers */ = {isa = PBXBuildFile; fileRef = AA9E1C0A1117966F00380F0D /* LinkedList.h */; }; - AA9E1C281117966F00380F0D /* Monitor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = AA9E1C0B1117966F00380F0D /* Monitor.cpp */; }; - AA9E1C291117966F00380F0D /* Monitor.h in Headers */ = {isa = PBXBuildFile; fileRef = AA9E1C0C1117966F00380F0D /* Monitor.h */; }; - AA9E1C2A1117966F00380F0D /* NullTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = AA9E1C0D1117966F00380F0D /* NullTransform.cpp */; }; - AA9E1C2B1117966F00380F0D /* NullTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = AA9E1C0E1117966F00380F0D /* NullTransform.h */; }; - AA9E1C2C1117966F00380F0D /* SecDigestTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = AA9E1C0F1117966F00380F0D /* SecDigestTransform.cpp */; }; - AA9E1C2D1117966F00380F0D /* SecDigestTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = AA9E1C101117966F00380F0D /* SecDigestTransform.h */; settings = {ATTRIBUTES = (); }; }; - AA9E1C2E1117966F00380F0D /* SecNullTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = AA9E1C111117966F00380F0D /* SecNullTransform.cpp */; }; - AA9E1C2F1117966F00380F0D /* SecNullTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = AA9E1C121117966F00380F0D /* SecNullTransform.h */; settings = {ATTRIBUTES = (); }; }; - AA9E1C301117966F00380F0D /* SecTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = AA9E1C131117966F00380F0D /* SecTransform.cpp */; }; - AA9E1C311117966F00380F0D /* SecTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = AA9E1C141117966F00380F0D /* SecTransform.h */; settings = {ATTRIBUTES = (); }; }; - AA9E1C331117966F00380F0D /* SingleShotSource.cpp in Sources */ = {isa = PBXBuildFile; fileRef = AA9E1C161117966F00380F0D /* SingleShotSource.cpp */; }; - AA9E1C341117966F00380F0D /* SingleShotSource.h in Headers */ = {isa = PBXBuildFile; fileRef = AA9E1C171117966F00380F0D /* SingleShotSource.h */; }; - AA9E1C351117966F00380F0D /* Source.cpp in Sources */ = {isa = PBXBuildFile; fileRef = AA9E1C181117966F00380F0D /* Source.cpp */; }; - AA9E1C361117966F00380F0D /* Source.h in Headers */ = {isa = PBXBuildFile; fileRef = AA9E1C191117966F00380F0D /* Source.h */; }; - AA9E1C371117966F00380F0D /* StreamSource.cpp in Sources */ = {isa = PBXBuildFile; fileRef = AA9E1C1A1117966F00380F0D /* StreamSource.cpp */; }; - AA9E1C381117966F00380F0D /* StreamSource.h in Headers */ = {isa = PBXBuildFile; fileRef = AA9E1C1B1117966F00380F0D /* StreamSource.h */; }; - AA9E1C391117966F00380F0D /* Transform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = AA9E1C1C1117966F00380F0D /* Transform.cpp */; }; - AA9E1C3A1117966F00380F0D /* Transform.h in Headers */ = {isa = PBXBuildFile; fileRef = AA9E1C1D1117966F00380F0D /* Transform.h */; }; - AA9E1C3B1117966F00380F0D /* TransformFactory.cpp in Sources */ = {isa = PBXBuildFile; fileRef = AA9E1C1E1117966F00380F0D /* TransformFactory.cpp */; }; - AA9E1C3C1117966F00380F0D /* TransformFactory.h in Headers */ = {isa = PBXBuildFile; fileRef = AA9E1C1F1117966F00380F0D /* TransformFactory.h */; }; - AA9E1C3D1117966F00380F0D /* Utilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = AA9E1C201117966F00380F0D /* Utilities.cpp */; }; - AA9E1C3E1117966F00380F0D /* Utilities.h in Headers */ = {isa = PBXBuildFile; fileRef = AA9E1C211117966F00380F0D /* Utilities.h */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 4C010B90121AE9070094CB72 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_transform; - }; - 4C817255112F030F007F84D6 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_transform; - }; - 4CD87FFF1131E0F500A98C5E /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_transform; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXFileReference section */ - 18BBC7391471F6DF00F2B224 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 18BBC73A1471F6DF00F2B224 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 18BBC73B1471F6DF00F2B224 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 18BBC73C1471F6DF00F2B224 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 18BBC73D1471F6DF00F2B224 /* security.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = security.xcconfig; sourceTree = ""; }; - 18C5A9651484440D0010EF34 /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = System/Library/Frameworks/Foundation.framework; sourceTree = SDKROOT; }; - 4C010B87121AE8DF0094CB72 /* input-speed-test */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = "input-speed-test"; sourceTree = BUILT_PRODUCTS_DIR; }; - 4C010B99121AE9960094CB72 /* speed-test.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = "speed-test.h"; path = "misc/speed-test.h"; sourceTree = ""; }; - 4C010B9A121AE9960094CB72 /* speed-test.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = "speed-test.mm"; path = "misc/speed-test.mm"; sourceTree = ""; }; - 4C010BBE121AED340094CB72 /* libc++.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = "libc++.dylib"; path = "usr/lib/libc++.dylib"; sourceTree = SDKROOT; }; - 4C010C4B121AFCA70094CB72 /* SecExternalSourceTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecExternalSourceTransform.h; sourceTree = ""; }; - 4C010C4C121AFCA70094CB72 /* SecExternalSourceTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecExternalSourceTransform.cpp; sourceTree = ""; }; - 4C01134F1468693100E4F866 /* SecMaskGenerationFunctionTransform.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecMaskGenerationFunctionTransform.c; sourceTree = ""; }; - 4C0113501468693100E4F866 /* SecMaskGenerationFunctionTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecMaskGenerationFunctionTransform.h; sourceTree = ""; }; - 4C01135A14686F2600E4F866 /* NSData+HexString.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSData+HexString.m"; sourceTree = ""; }; - 4C01135B14686F2600E4F866 /* NSData+HexString.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSData+HexString.h"; sourceTree = ""; }; - 4C27A37414F2D66C007FCA66 /* libcorecrypto.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libcorecrypto.dylib; path = usr/lib/system/libcorecrypto.dylib; sourceTree = SDKROOT; }; - 4C27A37714F2DCB4007FCA66 /* CEncryptDecrypt.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = CEncryptDecrypt.c; sourceTree = ""; }; - 4C6E5964116D4E3E00A70E8F /* misc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = misc.c; sourceTree = ""; }; - 4C6E5965116D4E3E00A70E8F /* misc.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = misc.h; sourceTree = ""; }; - 4C73822B112DCC4800EA003B /* SecCustomTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCustomTransform.h; sourceTree = ""; }; - 4C73822C112DCC4800EA003B /* SecCustomTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SecCustomTransform.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4C738257112DF65200EA003B /* unit-tests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = "unit-tests.xctest"; sourceTree = BUILT_PRODUCTS_DIR; }; - 4C738258112DF65200EA003B /* unit-tests-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "unit-tests-Info.plist"; sourceTree = ""; }; - 4C738260112DF68900EA003B /* custom.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = custom.h; sourceTree = ""; }; - 4CA1FEBE052A3C8100F22E42 /* libsecurity_transform.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_transform.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CB89E61124D5667004DEC20 /* SecTransformValidator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecTransformValidator.h; sourceTree = ""; }; - 4CBCBEB61130A2D700CC18E9 /* 100-sha2 */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = "100-sha2"; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CBCBEB81130A2D800CC18E9 /* Info-security_transform.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "Info-security_transform.plist"; sourceTree = ""; }; - 4CD6A668113F41990094F287 /* libz.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libz.dylib; path = usr/lib/libz.dylib; sourceTree = SDKROOT; }; - 4CD87F3D1130A34700A98C5E /* 100-sha2.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "100-sha2.m"; sourceTree = ""; }; - 4CDF6DC9113C4E9E00C64234 /* EncodeDecodeTransforms.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = EncodeDecodeTransforms.c; sourceTree = ""; }; - 4CDF6DCA113C4E9E00C64234 /* SecDecodeTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecDecodeTransform.h; sourceTree = ""; }; - 4CDF6DCB113C4E9E00C64234 /* SecEncodeTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecEncodeTransform.h; sourceTree = ""; }; - 5D16D6FB114EA1000096BD75 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = System/Library/Frameworks/Security.framework; sourceTree = SDKROOT; }; - 5DCAD5B511F0E099003F2E7A /* SecCollectTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecCollectTransform.cpp; sourceTree = ""; }; - 5DCAD5B611F0E099003F2E7A /* SecCollectTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCollectTransform.h; sourceTree = ""; }; - 5DD2E91C114E9044007429E7 /* EncryptTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = EncryptTransform.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - 5DD2E91D114E9044007429E7 /* EncryptTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = EncryptTransform.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 5DD2E923114E9094007429E7 /* EncryptTransformUtilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = EncryptTransformUtilities.h; sourceTree = ""; }; - 5DD2E924114E9094007429E7 /* EncryptTransformUtilities.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = EncryptTransformUtilities.cpp; sourceTree = ""; }; - 5DD2E927114E90E2007429E7 /* SecEncryptTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecEncryptTransform.h; sourceTree = ""; }; - 5DD2E928114E90E2007429E7 /* SecEncryptTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecEncryptTransform.cpp; sourceTree = ""; }; - 5DD2E936114E91CC007429E7 /* SecSignVerifyTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecSignVerifyTransform.h; sourceTree = ""; }; - 5DD2E937114E91CC007429E7 /* SecSignVerifyTransform.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecSignVerifyTransform.c; sourceTree = ""; }; - 5DD2E96E114E95B1007429E7 /* custom.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = custom.mm; sourceTree = ""; }; - AA068645138C420C0059E73E /* SecReadTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecReadTransform.h; sourceTree = ""; }; - AA068648138C42520059E73E /* SecReadTransform.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecReadTransform.h; sourceTree = ""; }; - AA068EDB1174AB350002E9E0 /* GroupTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = GroupTransform.cpp; sourceTree = ""; }; - AA068EDC1174AB350002E9E0 /* GroupTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GroupTransform.h; sourceTree = ""; }; - AA068EDD1174AB350002E9E0 /* SecGroupTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecGroupTransform.cpp; sourceTree = ""; }; - AA068EDE1174AB350002E9E0 /* SecGroupTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecGroupTransform.h; sourceTree = ""; }; - AA068EED1174ABB20002E9E0 /* SecTransformInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecTransformInternal.h; sourceTree = ""; }; - AA957FCA122C571E00181BE1 /* SecTransformReadTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecTransformReadTransform.h; sourceTree = ""; }; - AA957FD4122C57AF00181BE1 /* SecTransformReadTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecTransformReadTransform.cpp; sourceTree = ""; }; - AA9781A71175475500699E38 /* c++utils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "c++utils.h"; sourceTree = ""; }; - AA9781A81175475500699E38 /* c++utils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = "c++utils.cpp"; sourceTree = ""; }; - AA9E1C051117966F00380F0D /* CoreFoundationBasics.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CoreFoundationBasics.cpp; sourceTree = ""; }; - AA9E1C061117966F00380F0D /* CoreFoundationBasics.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CoreFoundationBasics.h; sourceTree = ""; }; - AA9E1C071117966F00380F0D /* Digest.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Digest.cpp; sourceTree = ""; }; - AA9E1C081117966F00380F0D /* Digest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Digest.h; sourceTree = ""; }; - AA9E1C091117966F00380F0D /* LinkedList.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = LinkedList.cpp; sourceTree = ""; }; - AA9E1C0A1117966F00380F0D /* LinkedList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LinkedList.h; sourceTree = ""; }; - AA9E1C0B1117966F00380F0D /* Monitor.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Monitor.cpp; sourceTree = ""; }; - AA9E1C0C1117966F00380F0D /* Monitor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Monitor.h; sourceTree = ""; }; - AA9E1C0D1117966F00380F0D /* NullTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NullTransform.cpp; sourceTree = ""; }; - AA9E1C0E1117966F00380F0D /* NullTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NullTransform.h; sourceTree = ""; }; - AA9E1C0F1117966F00380F0D /* SecDigestTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecDigestTransform.cpp; sourceTree = ""; }; - AA9E1C101117966F00380F0D /* SecDigestTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecDigestTransform.h; sourceTree = ""; }; - AA9E1C111117966F00380F0D /* SecNullTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecNullTransform.cpp; sourceTree = ""; }; - AA9E1C121117966F00380F0D /* SecNullTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecNullTransform.h; sourceTree = ""; }; - AA9E1C131117966F00380F0D /* SecTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecTransform.cpp; sourceTree = ""; }; - AA9E1C141117966F00380F0D /* SecTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecTransform.h; sourceTree = ""; }; - AA9E1C161117966F00380F0D /* SingleShotSource.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SingleShotSource.cpp; sourceTree = ""; }; - AA9E1C171117966F00380F0D /* SingleShotSource.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SingleShotSource.h; sourceTree = ""; }; - AA9E1C181117966F00380F0D /* Source.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Source.cpp; sourceTree = ""; }; - AA9E1C191117966F00380F0D /* Source.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Source.h; sourceTree = ""; }; - AA9E1C1A1117966F00380F0D /* StreamSource.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = StreamSource.cpp; sourceTree = ""; }; - AA9E1C1B1117966F00380F0D /* StreamSource.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StreamSource.h; sourceTree = ""; }; - AA9E1C1C1117966F00380F0D /* Transform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = Transform.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - AA9E1C1D1117966F00380F0D /* Transform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = Transform.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - AA9E1C1E1117966F00380F0D /* TransformFactory.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TransformFactory.cpp; sourceTree = ""; }; - AA9E1C1F1117966F00380F0D /* TransformFactory.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TransformFactory.h; sourceTree = ""; }; - AA9E1C201117966F00380F0D /* Utilities.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Utilities.cpp; sourceTree = ""; }; - AA9E1C211117966F00380F0D /* Utilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Utilities.h; sourceTree = ""; }; - AA9E1C9A1117A4A800380F0D /* security_transform.exp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.exports; name = security_transform.exp; path = lib/security_transform.exp; sourceTree = ""; }; - AA9E1CAD1117A6E000380F0D /* libsecurity_transform_Development.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = libsecurity_transform_Development.xcconfig; sourceTree = ""; }; - AA9E1CAE1117A6F200380F0D /* libsecurity_transform_Deployment.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = libsecurity_transform_Deployment.xcconfig; sourceTree = ""; }; - AA9E1CAF1117A70300380F0D /* libsecurity_transform.Default.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = libsecurity_transform.Default.xcconfig; sourceTree = ""; }; - AA9E1CB01117A78C00380F0D /* security_transform_Development.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = security_transform_Development.xcconfig; sourceTree = ""; }; - AA9E1CB11117A7A300380F0D /* security_transform_Deployment.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = security_transform_Deployment.xcconfig; sourceTree = ""; }; - AA9E1CB21117A7BA00380F0D /* security_transform_Default.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = security_transform_Default.xcconfig; sourceTree = ""; }; - AACAD86B11628E700070BA52 /* libsecurity_transform_core.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = libsecurity_transform_core.xcconfig; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 4C010B85121AE8DF0094CB72 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 4C010BBB121AECF10094CB72 /* Security.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4C738254112DF65200EA003B /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 18C5A9661484440D0010EF34 /* Foundation.framework in Frameworks */, - 18C5A961148442000010EF34 /* libsecurity_transform.a in Frameworks */, - 4CD6A669113F41990094F287 /* libz.dylib in Frameworks */, - 4CC4A8B21264D22300075C8F /* Security.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CBCBEB41130A2D700CC18E9 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 4C8174341133031E007F84D6 /* libsecurity_transform.a in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 18BBC7381471F6DF00F2B224 /* config */ = { - isa = PBXGroup; - children = ( - 18BBC7391471F6DF00F2B224 /* base.xcconfig */, - 18BBC73A1471F6DF00F2B224 /* debug.xcconfig */, - 18BBC73B1471F6DF00F2B224 /* lib.xcconfig */, - 18BBC73C1471F6DF00F2B224 /* release.xcconfig */, - 18BBC73D1471F6DF00F2B224 /* security.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 4C73825F112DF66700EA003B /* unit-tests */ = { - isa = PBXGroup; - children = ( - 4C01135A14686F2600E4F866 /* NSData+HexString.m */, - 4C01135B14686F2600E4F866 /* NSData+HexString.h */, - 4C738260112DF68900EA003B /* custom.h */, - 5DD2E96E114E95B1007429E7 /* custom.mm */, - ); - name = "unit-tests"; - sourceTree = ""; - }; - 4CA1FEA7052A3C3800F22E42 = { - isa = PBXGroup; - children = ( - 18C5A9651484440D0010EF34 /* Foundation.framework */, - 18BBC7381471F6DF00F2B224 /* config */, - 4C27A37414F2D66C007FCA66 /* libcorecrypto.dylib */, - 4C010BBE121AED340094CB72 /* libc++.dylib */, - 4CD6A668113F41990094F287 /* libz.dylib */, - 4C73825F112DF66700EA003B /* unit-tests */, - 4CBCBEB01130A2AB00CC18E9 /* misc-tests */, - AA9E1CA31117A67D00380F0D /* Configurations */, - AA9E1C9A1117A4A800380F0D /* security_transform.exp */, - 4CAFF3FC0534D89900303760 /* lib */, - 4CA1FEBF052A3C8100F22E42 /* Products */, - 4C738258112DF65200EA003B /* unit-tests-Info.plist */, - 4CBCBEB81130A2D800CC18E9 /* Info-security_transform.plist */, - 5D16D6FB114EA1000096BD75 /* Security.framework */, - ); - sourceTree = ""; - }; - 4CA1FEBF052A3C8100F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - 4CA1FEBE052A3C8100F22E42 /* libsecurity_transform.a */, - 4C738257112DF65200EA003B /* unit-tests.xctest */, - 4CBCBEB61130A2D700CC18E9 /* 100-sha2 */, - 4C010B87121AE8DF0094CB72 /* input-speed-test */, - ); - name = Products; - sourceTree = ""; - }; - 4CAFF3FC0534D89900303760 /* lib */ = { - isa = PBXGroup; - children = ( - 4C01134F1468693100E4F866 /* SecMaskGenerationFunctionTransform.c */, - 4C0113501468693100E4F866 /* SecMaskGenerationFunctionTransform.h */, - AA068645138C420C0059E73E /* SecReadTransform.h */, - 5DCAD5B511F0E099003F2E7A /* SecCollectTransform.cpp */, - 5DCAD5B611F0E099003F2E7A /* SecCollectTransform.h */, - AA9781A71175475500699E38 /* c++utils.h */, - AA9781A81175475500699E38 /* c++utils.cpp */, - AA9E1C051117966F00380F0D /* CoreFoundationBasics.cpp */, - AA9E1C061117966F00380F0D /* CoreFoundationBasics.h */, - AA9E1C071117966F00380F0D /* Digest.cpp */, - AA9E1C081117966F00380F0D /* Digest.h */, - 4CDF6DC9113C4E9E00C64234 /* EncodeDecodeTransforms.c */, - 5DD2E91C114E9044007429E7 /* EncryptTransform.h */, - 5DD2E91D114E9044007429E7 /* EncryptTransform.cpp */, - 4C27A37714F2DCB4007FCA66 /* CEncryptDecrypt.c */, - 5DD2E923114E9094007429E7 /* EncryptTransformUtilities.h */, - 5DD2E924114E9094007429E7 /* EncryptTransformUtilities.cpp */, - AA068EDB1174AB350002E9E0 /* GroupTransform.cpp */, - AA068EDC1174AB350002E9E0 /* GroupTransform.h */, - AA9E1C091117966F00380F0D /* LinkedList.cpp */, - AA9E1C0A1117966F00380F0D /* LinkedList.h */, - 4C6E5964116D4E3E00A70E8F /* misc.c */, - 4C6E5965116D4E3E00A70E8F /* misc.h */, - AA9E1C0B1117966F00380F0D /* Monitor.cpp */, - AA9E1C0C1117966F00380F0D /* Monitor.h */, - AA9E1C0D1117966F00380F0D /* NullTransform.cpp */, - AA9E1C0E1117966F00380F0D /* NullTransform.h */, - 4C73822B112DCC4800EA003B /* SecCustomTransform.h */, - 4C73822C112DCC4800EA003B /* SecCustomTransform.cpp */, - 4CDF6DCA113C4E9E00C64234 /* SecDecodeTransform.h */, - AA9E1C0F1117966F00380F0D /* SecDigestTransform.cpp */, - AA9E1C101117966F00380F0D /* SecDigestTransform.h */, - 5DD2E927114E90E2007429E7 /* SecEncryptTransform.h */, - 4CDF6DCB113C4E9E00C64234 /* SecEncodeTransform.h */, - 5DD2E928114E90E2007429E7 /* SecEncryptTransform.cpp */, - AA068EDD1174AB350002E9E0 /* SecGroupTransform.cpp */, - AA068EDE1174AB350002E9E0 /* SecGroupTransform.h */, - AA9E1C111117966F00380F0D /* SecNullTransform.cpp */, - 5DD2E936114E91CC007429E7 /* SecSignVerifyTransform.h */, - 5DD2E937114E91CC007429E7 /* SecSignVerifyTransform.c */, - AA9E1C121117966F00380F0D /* SecNullTransform.h */, - AA9E1C131117966F00380F0D /* SecTransform.cpp */, - AA9E1C141117966F00380F0D /* SecTransform.h */, - AA068EED1174ABB20002E9E0 /* SecTransformInternal.h */, - AA9E1C161117966F00380F0D /* SingleShotSource.cpp */, - AA9E1C171117966F00380F0D /* SingleShotSource.h */, - AA9E1C181117966F00380F0D /* Source.cpp */, - AA9E1C191117966F00380F0D /* Source.h */, - AA9E1C1A1117966F00380F0D /* StreamSource.cpp */, - AA9E1C1B1117966F00380F0D /* StreamSource.h */, - AA9E1C1C1117966F00380F0D /* Transform.cpp */, - AA9E1C1D1117966F00380F0D /* Transform.h */, - AA9E1C1E1117966F00380F0D /* TransformFactory.cpp */, - AA9E1C1F1117966F00380F0D /* TransformFactory.h */, - AA9E1C201117966F00380F0D /* Utilities.cpp */, - AA9E1C211117966F00380F0D /* Utilities.h */, - 4C010C4B121AFCA70094CB72 /* SecExternalSourceTransform.h */, - 4C010C4C121AFCA70094CB72 /* SecExternalSourceTransform.cpp */, - AA957FCA122C571E00181BE1 /* SecTransformReadTransform.h */, - AA957FD4122C57AF00181BE1 /* SecTransformReadTransform.cpp */, - 4CB89E61124D5667004DEC20 /* SecTransformValidator.h */, - AA068648138C42520059E73E /* SecReadTransform.h */, - ); - path = lib; - sourceTree = ""; - }; - 4CBCBEB01130A2AB00CC18E9 /* misc-tests */ = { - isa = PBXGroup; - children = ( - 4CD87F3D1130A34700A98C5E /* 100-sha2.m */, - 4C010B99121AE9960094CB72 /* speed-test.h */, - 4C010B9A121AE9960094CB72 /* speed-test.mm */, - ); - name = "misc-tests"; - sourceTree = ""; - }; - AA9E1CA31117A67D00380F0D /* Configurations */ = { - isa = PBXGroup; - children = ( - AACAD86B11628E700070BA52 /* libsecurity_transform_core.xcconfig */, - AA9E1CAD1117A6E000380F0D /* libsecurity_transform_Development.xcconfig */, - AA9E1CAE1117A6F200380F0D /* libsecurity_transform_Deployment.xcconfig */, - AA9E1CAF1117A70300380F0D /* libsecurity_transform.Default.xcconfig */, - AA9E1CB01117A78C00380F0D /* security_transform_Development.xcconfig */, - AA9E1CB11117A7A300380F0D /* security_transform_Deployment.xcconfig */, - AA9E1CB21117A7BA00380F0D /* security_transform_Default.xcconfig */, - ); - path = Configurations; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 4CA1FEB9052A3C8100F22E42 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - AA9E1C2D1117966F00380F0D /* SecDigestTransform.h in Headers */, - AA068646138C420C0059E73E /* SecReadTransform.h in Headers */, - AA9E1C311117966F00380F0D /* SecTransform.h in Headers */, - 4C73822D112DCC4800EA003B /* SecCustomTransform.h in Headers */, - 4CDF6DCD113C4E9E00C64234 /* SecDecodeTransform.h in Headers */, - 4CDF6DCE113C4E9E00C64234 /* SecEncodeTransform.h in Headers */, - 5DD2E929114E90E2007429E7 /* SecEncryptTransform.h in Headers */, - 5DD2E938114E91CC007429E7 /* SecSignVerifyTransform.h in Headers */, - AA957FCB122C571E00181BE1 /* SecTransformReadTransform.h in Headers */, - AA9E1C231117966F00380F0D /* CoreFoundationBasics.h in Headers */, - AA9E1C251117966F00380F0D /* Digest.h in Headers */, - 4CB89E62124D5667004DEC20 /* SecTransformValidator.h in Headers */, - AA9E1C2F1117966F00380F0D /* SecNullTransform.h in Headers */, - AA068EEE1174ABB20002E9E0 /* SecTransformInternal.h in Headers */, - AA9E1C271117966F00380F0D /* LinkedList.h in Headers */, - AA9E1C291117966F00380F0D /* Monitor.h in Headers */, - AA9E1C2B1117966F00380F0D /* NullTransform.h in Headers */, - AA9E1C341117966F00380F0D /* SingleShotSource.h in Headers */, - AA9E1C361117966F00380F0D /* Source.h in Headers */, - AA9E1C381117966F00380F0D /* StreamSource.h in Headers */, - AA9E1C3A1117966F00380F0D /* Transform.h in Headers */, - AA9E1C3C1117966F00380F0D /* TransformFactory.h in Headers */, - AA9E1C3E1117966F00380F0D /* Utilities.h in Headers */, - 4C0113521468693100E4F866 /* SecMaskGenerationFunctionTransform.h in Headers */, - 5DD2E91E114E9044007429E7 /* EncryptTransform.h in Headers */, - 5DD2E925114E9094007429E7 /* EncryptTransformUtilities.h in Headers */, - 4C6E5967116D4E3E00A70E8F /* misc.h in Headers */, - AA068EE01174AB350002E9E0 /* GroupTransform.h in Headers */, - AA068EE21174AB350002E9E0 /* SecGroupTransform.h in Headers */, - AA9781A91175475500699E38 /* c++utils.h in Headers */, - 5DCAD5B811F0E099003F2E7A /* SecCollectTransform.h in Headers */, - 4C010C52121B00350094CB72 /* SecExternalSourceTransform.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 4C010B86121AE8DF0094CB72 /* input-speed-test */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4C010B97121AE9340094CB72 /* Build configuration list for PBXNativeTarget "input-speed-test" */; - buildPhases = ( - 4C010B84121AE8DF0094CB72 /* Sources */, - 4C010B85121AE8DF0094CB72 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - 4C010B91121AE9070094CB72 /* PBXTargetDependency */, - ); - name = "input-speed-test"; - productName = "input-speed-test"; - productReference = 4C010B87121AE8DF0094CB72 /* input-speed-test */; - productType = "com.apple.product-type.tool"; - }; - 4C738256112DF65200EA003B /* unit-tests */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4C73825C112DF65400EA003B /* Build configuration list for PBXNativeTarget "unit-tests" */; - buildPhases = ( - 4C738252112DF65200EA003B /* Resources */, - 4C738253112DF65200EA003B /* Sources */, - 4C738254112DF65200EA003B /* Frameworks */, - 4C738255112DF65200EA003B /* ShellScript */, - ); - buildRules = ( - ); - dependencies = ( - 4C817256112F030F007F84D6 /* PBXTargetDependency */, - ); - name = "unit-tests"; - productName = "unit-tests"; - productReference = 4C738257112DF65200EA003B /* unit-tests.xctest */; - productType = "com.apple.product-type.bundle.unit-test"; - }; - 4CA1FEBD052A3C8100F22E42 /* libsecurity_transform */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD4000987FCDF001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_transform" */; - buildPhases = ( - 4CA1FEB9052A3C8100F22E42 /* Headers */, - 4CA1FEBA052A3C8100F22E42 /* Sources */, - 4CA1FEBB052A3C8100F22E42 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_transform; - productName = libsecurity_transform; - productReference = 4CA1FEBE052A3C8100F22E42 /* libsecurity_transform.a */; - productType = "com.apple.product-type.library.static"; - }; - 4CBCBEB51130A2D700CC18E9 /* 100-sha2 */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4CBCBEBC1130A2DB00CC18E9 /* Build configuration list for PBXNativeTarget "100-sha2" */; - buildPhases = ( - 4CBCBEB31130A2D700CC18E9 /* Sources */, - 4CBCBEB41130A2D700CC18E9 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - 4CD880001131E0F500A98C5E /* PBXTargetDependency */, - ); - name = "100-sha2"; - productName = "100-sha2"; - productReference = 4CBCBEB61130A2D700CC18E9 /* 100-sha2 */; - productType = "com.apple.product-type.tool"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEAB052A3C3800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastTestingUpgradeCheck = 0730; - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD4040987FCDF001272E0 /* Build configuration list for PBXProject "libsecurity_transform" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - English, - Japanese, - French, - German, - ); - mainGroup = 4CA1FEA7052A3C3800F22E42; - productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; - projectDirPath = ""; - projectRoot = ""; - targets = ( - 4CA1FEBD052A3C8100F22E42 /* libsecurity_transform */, - 4C738256112DF65200EA003B /* unit-tests */, - 4CBCBEB51130A2D700CC18E9 /* 100-sha2 */, - 4C010B86121AE8DF0094CB72 /* input-speed-test */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXResourcesBuildPhase section */ - 4C738252112DF65200EA003B /* Resources */ = { - isa = PBXResourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXResourcesBuildPhase section */ - -/* Begin PBXShellScriptBuildPhase section */ - 4C738255112DF65200EA003B /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - ); - outputPaths = ( - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "# Run the unit tests in this test bundle.\n\"${SYSTEM_DEVELOPER_DIR}/Tools/RunUnitTests\"\n"; - }; -/* End PBXShellScriptBuildPhase section */ - -/* Begin PBXSourcesBuildPhase section */ - 4C010B84121AE8DF0094CB72 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4C010B9B121AE9960094CB72 /* speed-test.mm in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4C738253112DF65200EA003B /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 5DD2E9B5114E986D007429E7 /* custom.mm in Sources */, - 4C01135C14686F2600E4F866 /* NSData+HexString.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CA1FEBA052A3C8100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - AA9E1C221117966F00380F0D /* CoreFoundationBasics.cpp in Sources */, - AA9E1C241117966F00380F0D /* Digest.cpp in Sources */, - AA9E1C261117966F00380F0D /* LinkedList.cpp in Sources */, - AA9E1C281117966F00380F0D /* Monitor.cpp in Sources */, - AA9E1C2A1117966F00380F0D /* NullTransform.cpp in Sources */, - AA9E1C2C1117966F00380F0D /* SecDigestTransform.cpp in Sources */, - AA9E1C2E1117966F00380F0D /* SecNullTransform.cpp in Sources */, - AA9E1C301117966F00380F0D /* SecTransform.cpp in Sources */, - AA9E1C331117966F00380F0D /* SingleShotSource.cpp in Sources */, - AA9E1C351117966F00380F0D /* Source.cpp in Sources */, - AA9E1C371117966F00380F0D /* StreamSource.cpp in Sources */, - AA9E1C391117966F00380F0D /* Transform.cpp in Sources */, - AA9E1C3B1117966F00380F0D /* TransformFactory.cpp in Sources */, - AA9E1C3D1117966F00380F0D /* Utilities.cpp in Sources */, - 4C73822E112DCC4800EA003B /* SecCustomTransform.cpp in Sources */, - 4CDF6DCC113C4E9E00C64234 /* EncodeDecodeTransforms.c in Sources */, - 5DD2E91F114E9044007429E7 /* EncryptTransform.cpp in Sources */, - 5DD2E926114E9094007429E7 /* EncryptTransformUtilities.cpp in Sources */, - 5DD2E92A114E90E2007429E7 /* SecEncryptTransform.cpp in Sources */, - 5DD2E939114E91CC007429E7 /* SecSignVerifyTransform.c in Sources */, - 4C6E5966116D4E3E00A70E8F /* misc.c in Sources */, - AA068EDF1174AB350002E9E0 /* GroupTransform.cpp in Sources */, - AA068EE11174AB350002E9E0 /* SecGroupTransform.cpp in Sources */, - AA9781AA1175475500699E38 /* c++utils.cpp in Sources */, - 5DCAD5B711F0E099003F2E7A /* SecCollectTransform.cpp in Sources */, - 4C010C53121B00440094CB72 /* SecExternalSourceTransform.cpp in Sources */, - AA957FD5122C57AF00181BE1 /* SecTransformReadTransform.cpp in Sources */, - 4C0113511468693100E4F866 /* SecMaskGenerationFunctionTransform.c in Sources */, - 4C27A37814F2DCB4007FCA66 /* CEncryptDecrypt.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CBCBEB31130A2D700CC18E9 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4CD87F501130A49400A98C5E /* 100-sha2.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - 4C010B91121AE9070094CB72 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4CA1FEBD052A3C8100F22E42 /* libsecurity_transform */; - targetProxy = 4C010B90121AE9070094CB72 /* PBXContainerItemProxy */; - }; - 4C817256112F030F007F84D6 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4CA1FEBD052A3C8100F22E42 /* libsecurity_transform */; - targetProxy = 4C817255112F030F007F84D6 /* PBXContainerItemProxy */; - }; - 4CD880001131E0F500A98C5E /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4CA1FEBD052A3C8100F22E42 /* libsecurity_transform */; - targetProxy = 4CD87FFF1131E0F500A98C5E /* PBXContainerItemProxy */; - }; -/* End PBXTargetDependency section */ - -/* Begin XCBuildConfiguration section */ - 4C010B89121AE8DF0094CB72 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = YES; - COPY_PHASE_STRIP = NO; - GCC_MODEL_TUNING = G5; - GCC_OPTIMIZATION_LEVEL = 0; - GCC_PRECOMPILE_PREFIX_HEADER = YES; - GCC_PREFIX_HEADER = "$(SYSTEM_LIBRARY_DIR)/Frameworks/AppKit.framework/Headers/AppKit.h"; - INSTALL_PATH = /usr/local/bin; - OTHER_LDFLAGS = ( - "-lz", - "-framework", - Foundation, - "-framework", - AppKit, - ); - PRODUCT_NAME = "input-speed-test"; - }; - name = Debug; - }; - 4C010B8B121AE8DF0094CB72 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - GCC_MODEL_TUNING = G5; - GCC_PRECOMPILE_PREFIX_HEADER = YES; - GCC_PREFIX_HEADER = "$(SYSTEM_LIBRARY_DIR)/Frameworks/AppKit.framework/Headers/AppKit.h"; - INSTALL_PATH = /usr/local/bin; - OTHER_LDFLAGS = ( - "-framework", - Foundation, - "-framework", - AppKit, - ); - PRODUCT_NAME = "input-speed-test"; - }; - name = Release; - }; - 4C738259112DF65400EA003B /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18BBC73B1471F6DF00F2B224 /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(DEVELOPER_FRAMEWORKS_DIR)", - ); - INFOPLIST_FILE = "unit-tests-Info.plist"; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - /usr/lib/system, - ); - PRODUCT_BUNDLE_IDENTIFIER = "com.yourcompany.${PRODUCT_NAME:rfc1034identifier}"; - PRODUCT_NAME = "unit-tests"; - }; - name = Debug; - }; - 4C73825B112DF65400EA003B /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18BBC73B1471F6DF00F2B224 /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(DEVELOPER_FRAMEWORKS_DIR)", - ); - INFOPLIST_FILE = "unit-tests-Info.plist"; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - /usr/lib/system, - ); - PRODUCT_BUNDLE_IDENTIFIER = "com.yourcompany.${PRODUCT_NAME:rfc1034identifier}"; - PRODUCT_NAME = "unit-tests"; - }; - name = Release; - }; - 4CBCBEB91130A2DB00CC18E9 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - COPY_PHASE_STRIP = NO; - GCC_DYNAMIC_NO_PIC = NO; - GCC_MODEL_TUNING = G5; - GCC_OPTIMIZATION_LEVEL = 0; - GCC_PREFIX_HEADER = "$(SYSTEM_LIBRARY_DIR)/Frameworks/AppKit.framework/Headers/AppKit.h"; - INSTALL_PATH = /usr/local/bin; - OTHER_LDFLAGS = ( - "-framework", - Foundation, - "-framework", - AppKit, - "-lstdc++", - ); - PRODUCT_NAME = "100-sha2"; - }; - name = Debug; - }; - 4CBCBEBB1130A2DB00CC18E9 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - GCC_MODEL_TUNING = G5; - GCC_PREFIX_HEADER = "$(SYSTEM_LIBRARY_DIR)/Frameworks/AppKit.framework/Headers/AppKit.h"; - INSTALL_PATH = /usr/local/bin; - OTHER_LDFLAGS = ( - "-framework", - Foundation, - "-framework", - AppKit, - "-lstdc++", - ); - PRODUCT_NAME = "100-sha2"; - }; - name = Release; - }; - C27AD4010987FCDF001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18BBC73B1471F6DF00F2B224 /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - /usr/lib/system, - ); - OTHER_CFLAGS = ( - "$(inherited)", - "-DCOM_APPLE_SECURITY_SANE_INCLUDES", - ); - WARNING_CFLAGS = ( - "$(inherited)", - "-Wno-error=overloaded-virtual", - ); - }; - name = Debug; - }; - C27AD4030987FCDF001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18BBC73B1471F6DF00F2B224 /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - /usr/lib/system, - ); - OTHER_CFLAGS = ( - "$(inherited)", - "-DCOM_APPLE_SECURITY_SANE_INCLUDES", - ); - WARNING_CFLAGS = ( - "$(inherited)", - "-Wno-error=overloaded-virtual", - ); - }; - name = Release; - }; - C27AD4050987FCDF001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18BBC73A1471F6DF00F2B224 /* debug.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - ENABLE_TESTABILITY = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - ONLY_ACTIVE_ARCH = YES; - SDKROOT = macosx.internal; - }; - name = Debug; - }; - C27AD4070987FCDF001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18BBC73C1471F6DF00F2B224 /* release.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - SDKROOT = macosx.internal; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - 4C010B97121AE9340094CB72 /* Build configuration list for PBXNativeTarget "input-speed-test" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 4C010B89121AE8DF0094CB72 /* Debug */, - 4C010B8B121AE8DF0094CB72 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 4C73825C112DF65400EA003B /* Build configuration list for PBXNativeTarget "unit-tests" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 4C738259112DF65400EA003B /* Debug */, - 4C73825B112DF65400EA003B /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 4CBCBEBC1130A2DB00CC18E9 /* Build configuration list for PBXNativeTarget "100-sha2" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 4CBCBEB91130A2DB00CC18E9 /* Debug */, - 4CBCBEBB1130A2DB00CC18E9 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD4000987FCDF001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_transform" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD4010987FCDF001272E0 /* Debug */, - C27AD4030987FCDF001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD4040987FCDF001272E0 /* Build configuration list for PBXProject "libsecurity_transform" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD4050987FCDF001272E0 /* Debug */, - C27AD4070987FCDF001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; -} diff --git a/OSX/libsecurity_translocate/lib/SecTranslocate.h b/OSX/libsecurity_translocate/lib/SecTranslocate.h index ba5a8136..c01e4127 100644 --- a/OSX/libsecurity_translocate/lib/SecTranslocate.h +++ b/OSX/libsecurity_translocate/lib/SecTranslocate.h @@ -49,7 +49,7 @@ __OSX_AVAILABLE(10.12); @abstract Initialize the SecTranslocate Library as the XPC Server, Disk Arbitration Listener, and Launch Services Notification listener - @param option (currently unused) A dictionary of options that could impact server startup + @param options (currently unused) A dictionary of options that could impact server startup @param outError On error will be populated with an error object describing the failure (a posix domain error such as EINVAL) @result True on success False on failure diff --git a/OSX/libsecurity_translocate/lib/SecTranslocateClient.cpp b/OSX/libsecurity_translocate/lib/SecTranslocateClient.cpp index 670f6c18..99095aa3 100644 --- a/OSX/libsecurity_translocate/lib/SecTranslocateClient.cpp +++ b/OSX/libsecurity_translocate/lib/SecTranslocateClient.cpp @@ -183,7 +183,6 @@ bool TranslocatorClient::destroyTranslocatedPathForUser(const string &translocat { Syslog::error("SecTranslocate, TranslocatorClient, delete operation not allowed"); UnixError::throwMe(EPERM); - return false; } } //namespace SecTranslocate diff --git a/OSX/libsecurity_translocate/lib/SecTranslocateDANotification.cpp b/OSX/libsecurity_translocate/lib/SecTranslocateDANotification.cpp index f8dfaa16..e600a745 100644 --- a/OSX/libsecurity_translocate/lib/SecTranslocateDANotification.cpp +++ b/OSX/libsecurity_translocate/lib/SecTranslocateDANotification.cpp @@ -32,7 +32,7 @@ #include "SecTranslocateDANotification.hpp" #include "SecTranslocateShared.hpp" -#include "SectranslocateUtilities.hpp" +#include "SecTranslocateUtilities.hpp" #define DA_FRAMEWORK_PATH "/System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration" diff --git a/OSX/libsecurity_translocate/lib/security_translocate.exp b/OSX/libsecurity_translocate/lib/security_translocate.exp deleted file mode 100644 index d18a7c00..00000000 --- a/OSX/libsecurity_translocate/lib/security_translocate.exp +++ /dev/null @@ -1,25 +0,0 @@ -# -# Copyright (c) 2016 Apple Inc. All Rights Reserved. -# -# @APPLE_LICENSE_HEADER_START@ -# -# This file contains Original Code and/or Modifications of Original Code -# as defined in and that are subject to the Apple Public Source License -# Version 2.0 (the 'License'). You may not use this file except in -# compliance with the License. Please obtain a copy of the License at -# http://www.opensource.apple.com/apsl/ and read it before using this -# file. -# -# The Original Code and all software distributed under the License are -# distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER -# EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, -# INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. -# Please see the License for the specific language governing rights and -# limitations under the License. -# -# @APPLE_LICENSE_HEADER_END@ -# - -_SecTranslocateCreateSecureDirectoryForURL -_SecTranslocateDeleteSecureDirectory diff --git a/OSX/libsecurity_translocate/libsecurity_translocate.xcodeproj/project.pbxproj b/OSX/libsecurity_translocate/libsecurity_translocate.xcodeproj/project.pbxproj deleted file mode 100644 index 19323604..00000000 --- a/OSX/libsecurity_translocate/libsecurity_translocate.xcodeproj/project.pbxproj +++ /dev/null @@ -1,383 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 1F2D0DD71CBC7294007390C6 /* SecTranslocateXPCServer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1F2D0DD51CBC7294007390C6 /* SecTranslocateXPCServer.cpp */; }; - 1F2D0DD81CBC7294007390C6 /* SecTranslocateXPCServer.hpp in Headers */ = {isa = PBXBuildFile; fileRef = 1F2D0DD61CBC7294007390C6 /* SecTranslocateXPCServer.hpp */; }; - 1F50781B1CB47EA500A017CD /* SecTranslocateUtilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1F5078191CB47EA500A017CD /* SecTranslocateUtilities.cpp */; }; - 1F50781C1CB47EA500A017CD /* SecTranslocateUtilities.hpp in Headers */ = {isa = PBXBuildFile; fileRef = 1F50781A1CB47EA500A017CD /* SecTranslocateUtilities.hpp */; }; - 1F5078221CB5769200A017CD /* SecTranslocateServer.hpp in Headers */ = {isa = PBXBuildFile; fileRef = 1F50781E1CB5747100A017CD /* SecTranslocateServer.hpp */; }; - 1F5A5D481CB5D8CF009BDA30 /* SecTranslocateLSNotification.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1F5A5D461CB5D8CF009BDA30 /* SecTranslocateLSNotification.cpp */; }; - 1F5A5D491CB5D8CF009BDA30 /* SecTranslocateLSNotification.hpp in Headers */ = {isa = PBXBuildFile; fileRef = 1F5A5D471CB5D8CF009BDA30 /* SecTranslocateLSNotification.hpp */; }; - 1F77EB011CBB15B7006E0E7E /* SecTranslocateDANotification.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1FB9D34D1CBB0E7C00374EF3 /* SecTranslocateDANotification.cpp */; }; - 1F975A3E1CBD5613003EF8F6 /* SecTranslocateClient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1F975A3C1CBD5613003EF8F6 /* SecTranslocateClient.cpp */; }; - 1F975A3F1CBD5613003EF8F6 /* SecTranslocateClient.hpp in Headers */ = {isa = PBXBuildFile; fileRef = 1F975A3D1CBD5613003EF8F6 /* SecTranslocateClient.hpp */; }; - 1FB9D3501CBB0E7C00374EF3 /* SecTranslocateDANotification.hpp in Headers */ = {isa = PBXBuildFile; fileRef = 1FB9D34E1CBB0E7C00374EF3 /* SecTranslocateDANotification.hpp */; }; - 1FC462B81C498980001E4B1F /* SecTranslocate.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1FC462B71C49897F001E4B1F /* SecTranslocate.cpp */; }; - 1FC462BA1C498991001E4B1F /* SecTranslocate.h in Headers */ = {isa = PBXBuildFile; fileRef = 1FC462B91C498991001E4B1F /* SecTranslocate.h */; }; - 1FC4A6151CBDA7B900390630 /* SecTranslocateInterface.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1FC4A6141CBDA7B900390630 /* SecTranslocateInterface.cpp */; }; - 1FC4A6161CBDC5C300390630 /* SecTranslocateServer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1F50781D1CB5747100A017CD /* SecTranslocateServer.cpp */; }; - 1FD0FA551CBC4A8C0037CB0E /* SecTranslocateInterface.hpp in Headers */ = {isa = PBXBuildFile; fileRef = 1FD0FA541CBC4A8C0037CB0E /* SecTranslocateInterface.hpp */; }; - 1FEFBDB01CB6D2AD00FAC2A1 /* SecTranslocateShared.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1F5A5D431CB58E97009BDA30 /* SecTranslocateShared.cpp */; }; - 1FEFBDB11CB6D2BC00FAC2A1 /* SecTranslocateShared.hpp in Headers */ = {isa = PBXBuildFile; fileRef = 1F5A5D421CB58E97009BDA30 /* SecTranslocateShared.hpp */; }; -/* End PBXBuildFile section */ - -/* Begin PBXFileReference section */ - 1F2D0DD51CBC7294007390C6 /* SecTranslocateXPCServer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = SecTranslocateXPCServer.cpp; path = lib/SecTranslocateXPCServer.cpp; sourceTree = SOURCE_ROOT; }; - 1F2D0DD61CBC7294007390C6 /* SecTranslocateXPCServer.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; name = SecTranslocateXPCServer.hpp; path = lib/SecTranslocateXPCServer.hpp; sourceTree = SOURCE_ROOT; }; - 1F5078191CB47EA500A017CD /* SecTranslocateUtilities.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = SecTranslocateUtilities.cpp; path = lib/SecTranslocateUtilities.cpp; sourceTree = SOURCE_ROOT; }; - 1F50781A1CB47EA500A017CD /* SecTranslocateUtilities.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; name = SecTranslocateUtilities.hpp; path = lib/SecTranslocateUtilities.hpp; sourceTree = SOURCE_ROOT; }; - 1F50781D1CB5747100A017CD /* SecTranslocateServer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = SecTranslocateServer.cpp; path = lib/SecTranslocateServer.cpp; sourceTree = SOURCE_ROOT; }; - 1F50781E1CB5747100A017CD /* SecTranslocateServer.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; name = SecTranslocateServer.hpp; path = lib/SecTranslocateServer.hpp; sourceTree = SOURCE_ROOT; }; - 1F5A5D421CB58E97009BDA30 /* SecTranslocateShared.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; name = SecTranslocateShared.hpp; path = lib/SecTranslocateShared.hpp; sourceTree = SOURCE_ROOT; }; - 1F5A5D431CB58E97009BDA30 /* SecTranslocateShared.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = SecTranslocateShared.cpp; path = lib/SecTranslocateShared.cpp; sourceTree = SOURCE_ROOT; }; - 1F5A5D461CB5D8CF009BDA30 /* SecTranslocateLSNotification.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = SecTranslocateLSNotification.cpp; path = lib/SecTranslocateLSNotification.cpp; sourceTree = SOURCE_ROOT; }; - 1F5A5D471CB5D8CF009BDA30 /* SecTranslocateLSNotification.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; name = SecTranslocateLSNotification.hpp; path = lib/SecTranslocateLSNotification.hpp; sourceTree = SOURCE_ROOT; }; - 1F975A3C1CBD5613003EF8F6 /* SecTranslocateClient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = SecTranslocateClient.cpp; path = lib/SecTranslocateClient.cpp; sourceTree = SOURCE_ROOT; }; - 1F975A3D1CBD5613003EF8F6 /* SecTranslocateClient.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; name = SecTranslocateClient.hpp; path = lib/SecTranslocateClient.hpp; sourceTree = SOURCE_ROOT; }; - 1FAA71431C10D8E000EAAE3E /* libsecurity_translocate.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_translocate.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 1FB9D34D1CBB0E7C00374EF3 /* SecTranslocateDANotification.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = SecTranslocateDANotification.cpp; path = lib/SecTranslocateDANotification.cpp; sourceTree = SOURCE_ROOT; }; - 1FB9D34E1CBB0E7C00374EF3 /* SecTranslocateDANotification.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; name = SecTranslocateDANotification.hpp; path = lib/SecTranslocateDANotification.hpp; sourceTree = SOURCE_ROOT; }; - 1FC462B71C49897F001E4B1F /* SecTranslocate.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = SecTranslocate.cpp; path = lib/SecTranslocate.cpp; sourceTree = SOURCE_ROOT; }; - 1FC462B91C498991001E4B1F /* SecTranslocate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTranslocate.h; path = lib/SecTranslocate.h; sourceTree = SOURCE_ROOT; }; - 1FC4A6141CBDA7B900390630 /* SecTranslocateInterface.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = SecTranslocateInterface.cpp; path = lib/SecTranslocateInterface.cpp; sourceTree = SOURCE_ROOT; }; - 1FD0FA541CBC4A8C0037CB0E /* SecTranslocateInterface.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; name = SecTranslocateInterface.hpp; path = lib/SecTranslocateInterface.hpp; sourceTree = SOURCE_ROOT; }; - 1FDA9ABE1C449C880083929D /* security_translocate.exp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.exports; name = security_translocate.exp; path = lib/security_translocate.exp; sourceTree = SOURCE_ROOT; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 1FAA71401C10D8E000EAAE3E /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 1FAA713A1C10D8E000EAAE3E = { - isa = PBXGroup; - children = ( - 1FAA71451C10D8E000EAAE3E /* lib */, - 1FAA71441C10D8E000EAAE3E /* Products */, - ); - sourceTree = ""; - }; - 1FAA71441C10D8E000EAAE3E /* Products */ = { - isa = PBXGroup; - children = ( - 1FAA71431C10D8E000EAAE3E /* libsecurity_translocate.a */, - ); - name = Products; - sourceTree = ""; - }; - 1FAA71451C10D8E000EAAE3E /* lib */ = { - isa = PBXGroup; - children = ( - 1F975A3C1CBD5613003EF8F6 /* SecTranslocateClient.cpp */, - 1F975A3D1CBD5613003EF8F6 /* SecTranslocateClient.hpp */, - 1F2D0DD51CBC7294007390C6 /* SecTranslocateXPCServer.cpp */, - 1F2D0DD61CBC7294007390C6 /* SecTranslocateXPCServer.hpp */, - 1FD0FA541CBC4A8C0037CB0E /* SecTranslocateInterface.hpp */, - 1FB9D34D1CBB0E7C00374EF3 /* SecTranslocateDANotification.cpp */, - 1FB9D34E1CBB0E7C00374EF3 /* SecTranslocateDANotification.hpp */, - 1F5A5D461CB5D8CF009BDA30 /* SecTranslocateLSNotification.cpp */, - 1F5A5D471CB5D8CF009BDA30 /* SecTranslocateLSNotification.hpp */, - 1F5A5D421CB58E97009BDA30 /* SecTranslocateShared.hpp */, - 1F5A5D431CB58E97009BDA30 /* SecTranslocateShared.cpp */, - 1F50781D1CB5747100A017CD /* SecTranslocateServer.cpp */, - 1F50781E1CB5747100A017CD /* SecTranslocateServer.hpp */, - 1FC462B91C498991001E4B1F /* SecTranslocate.h */, - 1FC462B71C49897F001E4B1F /* SecTranslocate.cpp */, - 1FDA9ABE1C449C880083929D /* security_translocate.exp */, - 1F5078191CB47EA500A017CD /* SecTranslocateUtilities.cpp */, - 1F50781A1CB47EA500A017CD /* SecTranslocateUtilities.hpp */, - 1FC4A6141CBDA7B900390630 /* SecTranslocateInterface.cpp */, - ); - name = lib; - path = libsecurity_translocate; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 1FAA71411C10D8E000EAAE3E /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 1FC462BA1C498991001E4B1F /* SecTranslocate.h in Headers */, - 1FD0FA551CBC4A8C0037CB0E /* SecTranslocateInterface.hpp in Headers */, - 1F975A3F1CBD5613003EF8F6 /* SecTranslocateClient.hpp in Headers */, - 1F5078221CB5769200A017CD /* SecTranslocateServer.hpp in Headers */, - 1FB9D3501CBB0E7C00374EF3 /* SecTranslocateDANotification.hpp in Headers */, - 1F5A5D491CB5D8CF009BDA30 /* SecTranslocateLSNotification.hpp in Headers */, - 1FEFBDB11CB6D2BC00FAC2A1 /* SecTranslocateShared.hpp in Headers */, - 1F2D0DD81CBC7294007390C6 /* SecTranslocateXPCServer.hpp in Headers */, - 1F50781C1CB47EA500A017CD /* SecTranslocateUtilities.hpp in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 1FAA71421C10D8E000EAAE3E /* libsecurity_translocate */ = { - isa = PBXNativeTarget; - buildConfigurationList = 1FAA714C1C10D8E000EAAE3E /* Build configuration list for PBXNativeTarget "libsecurity_translocate" */; - buildPhases = ( - 1FAA713F1C10D8E000EAAE3E /* Sources */, - 1FAA71401C10D8E000EAAE3E /* Frameworks */, - 1FAA71411C10D8E000EAAE3E /* Headers */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity_translocate; - productName = libsecurity_translocate; - productReference = 1FAA71431C10D8E000EAAE3E /* libsecurity_translocate.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 1FAA713B1C10D8E000EAAE3E /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - ORGANIZATIONNAME = Apple; - TargetAttributes = { - 1FAA71421C10D8E000EAAE3E = { - CreatedOnToolsVersion = 7.2; - }; - }; - }; - buildConfigurationList = 1FAA713E1C10D8E000EAAE3E /* Build configuration list for PBXProject "libsecurity_translocate" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 0; - knownRegions = ( - en, - ); - mainGroup = 1FAA713A1C10D8E000EAAE3E; - productRefGroup = 1FAA71441C10D8E000EAAE3E /* Products */; - projectDirPath = ""; - projectRoot = ""; - targets = ( - 1FAA71421C10D8E000EAAE3E /* libsecurity_translocate */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXSourcesBuildPhase section */ - 1FAA713F1C10D8E000EAAE3E /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 1FC4A6161CBDC5C300390630 /* SecTranslocateServer.cpp in Sources */, - 1F2D0DD71CBC7294007390C6 /* SecTranslocateXPCServer.cpp in Sources */, - 1FC462B81C498980001E4B1F /* SecTranslocate.cpp in Sources */, - 1F77EB011CBB15B7006E0E7E /* SecTranslocateDANotification.cpp in Sources */, - 1F975A3E1CBD5613003EF8F6 /* SecTranslocateClient.cpp in Sources */, - 1F5A5D481CB5D8CF009BDA30 /* SecTranslocateLSNotification.cpp in Sources */, - 1FEFBDB01CB6D2AD00FAC2A1 /* SecTranslocateShared.cpp in Sources */, - 1FC4A6151CBDA7B900390630 /* SecTranslocateInterface.cpp in Sources */, - 1F50781B1CB47EA500A017CD /* SecTranslocateUtilities.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin XCBuildConfiguration section */ - 1FAA714A1C10D8E000EAAE3E /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_MODULES = YES; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_IDENTITY = "-"; - COPY_PHASE_STRIP = NO; - DEBUG_INFORMATION_FORMAT = dwarf; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_NO_COMMON_BLOCKS = YES; - GCC_OPTIMIZATION_LEVEL = 0; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - GCC_WARN_UNUSED_FUNCTION = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - MACOSX_DEPLOYMENT_TARGET = 10.11; - MTL_ENABLE_DEBUG_INFO = YES; - ONLY_ACTIVE_ARCH = YES; - SDKROOT = macosx.internal; - }; - name = Debug; - }; - 1FAA714B1C10D8E000EAAE3E /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_MODULES = YES; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_IDENTITY = "-"; - COPY_PHASE_STRIP = NO; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - ENABLE_NS_ASSERTIONS = NO; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - GCC_WARN_UNUSED_FUNCTION = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - MACOSX_DEPLOYMENT_TARGET = 10.11; - MTL_ENABLE_DEBUG_INFO = NO; - SDKROOT = macosx.internal; - }; - name = Release; - }; - 1FAA714D1C10D8E000EAAE3E /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = YES; - "ARCHS[sdk=macosx*]" = "$(ARCHS_STANDARD_32_64_BIT)"; - CLANG_CXX_LANGUAGE_STANDARD = "compiler-default"; - CLANG_CXX_LIBRARY = "compiler-default"; - CLANG_ENABLE_MODULES = NO; - CLANG_ENABLE_OBJC_ARC = NO; - CLANG_WARN_BOOL_CONVERSION = NO; - CODE_SIGN_IDENTITY = ""; - COMBINE_HIDPI_IMAGES = YES; - DEAD_CODE_STRIPPING = YES; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - ENABLE_NS_ASSERTIONS = YES; - ENABLE_STRICT_OBJC_MSGSEND = NO; - EXECUTABLE_PREFIX = ""; - FRAMEWORK_SEARCH_PATHS = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks"; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/Frameworks/System.framework/PrivateHeaders", - "$(PROJECT_DIR)/../include", - "$(BUILT_PRODUCTS_DIR)/derived_src", - "$(PROJECT_DIR)/../utilities/", - ); - ONLY_ACTIVE_ARCH = NO; - PRODUCT_NAME = "$(TARGET_NAME)"; - PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_translocate; - SDKROOT = macosx.internal; - VERSIONING_SYSTEM = "apple-generic"; - WARNING_CFLAGS = ( - "$(inherited)", - "-Wall", - "-Wno-four-char-constants", - "-Wno-unknown-pragmas", - ); - }; - name = Debug; - }; - 1FAA714E1C10D8E000EAAE3E /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = YES; - "ARCHS[sdk=macosx*]" = "$(ARCHS_STANDARD_32_64_BIT)"; - CLANG_CXX_LANGUAGE_STANDARD = "compiler-default"; - CLANG_CXX_LIBRARY = "compiler-default"; - CLANG_ENABLE_MODULES = NO; - CLANG_ENABLE_OBJC_ARC = NO; - CLANG_WARN_BOOL_CONVERSION = NO; - CODE_SIGN_IDENTITY = ""; - COMBINE_HIDPI_IMAGES = YES; - DEAD_CODE_STRIPPING = YES; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - ENABLE_NS_ASSERTIONS = YES; - ENABLE_STRICT_OBJC_MSGSEND = NO; - EXECUTABLE_PREFIX = ""; - FRAMEWORK_SEARCH_PATHS = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks"; - GCC_PREPROCESSOR_DEFINITIONS = "NDEBUG=1"; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/Frameworks/System.framework/PrivateHeaders", - "$(PROJECT_DIR)/../include", - "$(BUILT_PRODUCTS_DIR)/derived_src", - "$(PROJECT_DIR)/../utilities/", - ); - ONLY_ACTIVE_ARCH = NO; - PRODUCT_NAME = "$(TARGET_NAME)"; - PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_translocate; - SDKROOT = macosx.internal; - VERSIONING_SYSTEM = "apple-generic"; - WARNING_CFLAGS = ( - "$(inherited)", - "-Wall", - "-Wno-four-char-constants", - "-Wno-unknown-pragmas", - ); - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - 1FAA713E1C10D8E000EAAE3E /* Build configuration list for PBXProject "libsecurity_translocate" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 1FAA714A1C10D8E000EAAE3E /* Debug */, - 1FAA714B1C10D8E000EAAE3E /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 1FAA714C1C10D8E000EAAE3E /* Build configuration list for PBXNativeTarget "libsecurity_translocate" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 1FAA714D1C10D8E000EAAE3E /* Debug */, - 1FAA714E1C10D8E000EAAE3E /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 1FAA713B1C10D8E000EAAE3E /* Project object */; -} diff --git a/OSX/libsecurity_utilities/lib/alloc.cpp b/OSX/libsecurity_utilities/lib/alloc.cpp index 61992434..04d109c3 100644 --- a/OSX/libsecurity_utilities/lib/alloc.cpp +++ b/OSX/libsecurity_utilities/lib/alloc.cpp @@ -27,13 +27,16 @@ // // Don't eat heavily before inspecting this code. // +#define __STDC_WANT_LIB_EXT1__ 1 +#include + #include #include #include #include #include -using LowLevelMemoryUtilities::alignof; +using LowLevelMemoryUtilities::alignof_template; using LowLevelMemoryUtilities::increment; using LowLevelMemoryUtilities::alignUp; @@ -135,7 +138,7 @@ void *CssmHeap::operator new (size_t size, Allocator *alloc) throw(std::bad_allo { if (alloc == NULL) alloc = &Allocator::standard(); - size = alignUp(size, alignof()); + size = alignUp(size, alignof_template()); size_t totalSize = size + sizeof(Allocator *); void *addr = alloc->malloc(totalSize); *(Allocator **)increment(addr, size) = alloc; @@ -149,7 +152,7 @@ void CssmHeap::operator delete (void *addr, size_t size, Allocator *alloc) throw void CssmHeap::operator delete (void *addr, size_t size) throw() { - void *end = increment(addr, alignUp(size, alignof())); + void *end = increment(addr, alignUp(size, alignof_template())); (*(Allocator **)end)->free(addr); } diff --git a/OSX/libsecurity_utilities/lib/cfmunge.cpp b/OSX/libsecurity_utilities/lib/cfmunge.cpp index b3776ed5..08edda35 100644 --- a/OSX/libsecurity_utilities/lib/cfmunge.cpp +++ b/OSX/libsecurity_utilities/lib/cfmunge.cpp @@ -29,6 +29,7 @@ #include "cfmunge.h" #include #include +#include namespace Security { @@ -242,7 +243,7 @@ CFTypeRef CFMake::makedictionary() if (add(dict)) return dict; else { - CFRelease(dict); + CFReleaseSafe(dict); return NULL; } } diff --git a/OSX/libsecurity_utilities/lib/cfutilities.cpp b/OSX/libsecurity_utilities/lib/cfutilities.cpp index c2f199bc..a1bc882e 100644 --- a/OSX/libsecurity_utilities/lib/cfutilities.cpp +++ b/OSX/libsecurity_utilities/lib/cfutilities.cpp @@ -28,6 +28,7 @@ #include #include #include +#include #include #include @@ -195,7 +196,7 @@ string cfString(CFStringRef str) return ret; } -string cfStringRelease(CFStringRef inStr) +string cfStringRelease(CFStringRef CF_CONSUMED inStr) { CFRef str(inStr); return cfString(str); @@ -213,7 +214,7 @@ string cfString(CFURLRef inUrl) CFError::throwMe(); } -string cfStringRelease(CFURLRef inUrl) +string cfStringRelease(CFURLRef CF_CONSUMED inUrl) { CFRef bundle(inUrl); return cfString(bundle); @@ -226,7 +227,7 @@ string cfString(CFBundleRef inBundle) return cfStringRelease(CFBundleCopyBundleURL(inBundle)); } -string cfStringRelease(CFBundleRef inBundle) +string cfStringRelease(CFBundleRef CF_CONSUMED inBundle) { CFRef bundle(inBundle); return cfString(bundle); @@ -244,8 +245,9 @@ string cfString(CFTypeRef it, OSStatus err) return cfString(CFURLRef(it)); else if (id == CFBundleGetTypeID()) return cfString(CFBundleRef(it)); - else - return cfString(CFCopyDescription(it), true); + else { + return cfStringRelease(CFCopyDescription(it)); + } } diff --git a/OSX/libsecurity_utilities/lib/cfutilities.h b/OSX/libsecurity_utilities/lib/cfutilities.h index a29174d0..b53e2c86 100644 --- a/OSX/libsecurity_utilities/lib/cfutilities.h +++ b/OSX/libsecurity_utilities/lib/cfutilities.h @@ -342,8 +342,8 @@ inline CFStringRef makeCFString(CFDataRef data, CFStringEncoding encoding = kCFS // // Create CFURL objects from various sources // -CFURLRef makeCFURL(const char *s, bool isDirectory = false, CFURLRef base = NULL); -CFURLRef makeCFURL(CFStringRef s, bool isDirectory = false, CFURLRef base = NULL); +CFURLRef CF_RETURNS_RETAINED makeCFURL(const char *s, bool isDirectory = false, CFURLRef base = NULL); +CFURLRef CF_RETURNS_RETAINED makeCFURL(CFStringRef s, bool isDirectory = false, CFURLRef base = NULL); inline CFURLRef makeCFURL(const string &s, bool isDirectory = false, CFURLRef base = NULL) { @@ -475,10 +475,10 @@ private: // // Make CFDictionaries from stuff // -CFDictionaryRef makeCFDictionary(unsigned count, ...); // key/value pairs -CFMutableDictionaryRef makeCFMutableDictionary(); // empty -CFMutableDictionaryRef makeCFMutableDictionary(unsigned count, ...); // (count) key/value pairs -CFMutableDictionaryRef makeCFMutableDictionary(CFDictionaryRef dict); // copy of dictionary +CFDictionaryRef makeCFDictionary(unsigned count, ...) CF_RETURNS_RETAINED; // key/value pairs +CFMutableDictionaryRef makeCFMutableDictionary() CF_RETURNS_RETAINED; // empty +CFMutableDictionaryRef makeCFMutableDictionary(unsigned count, ...) CF_RETURNS_RETAINED; // (count) key/value pairs +CFMutableDictionaryRef makeCFMutableDictionary(CFDictionaryRef dict) CF_RETURNS_RETAINED; // copy of dictionary CFDictionaryRef makeCFDictionaryFrom(CFDataRef data) CF_RETURNS_RETAINED;// interpret plist form CFDictionaryRef makeCFDictionaryFrom(const void *data, size_t length) CF_RETURNS_RETAINED; // ditto @@ -556,11 +556,11 @@ void cfDictionaryApplyBlock(CFDictionaryRef source, CFDictionaryApplierBlock blo // // CFURLAccess wrappers for specific purposes // -CFDataRef cfLoadFile(CFURLRef url); -CFDataRef cfLoadFile(int fd, size_t bytes); -inline CFDataRef cfLoadFile(CFStringRef path) { return cfLoadFile(CFTempURL(path)); } -inline CFDataRef cfLoadFile(const std::string &path) { return cfLoadFile(CFTempURL(path)); } -inline CFDataRef cfLoadFile(const char *path) { return cfLoadFile(CFTempURL(path)); } +CFDataRef CF_RETURNS_RETAINED cfLoadFile(CFURLRef url); +CFDataRef CF_RETURNS_RETAINED cfLoadFile(int fd, size_t bytes); +inline CFDataRef CF_RETURNS_RETAINED cfLoadFile(CFStringRef path) { return cfLoadFile(CFTempURL(path)); } +inline CFDataRef CF_RETURNS_RETAINED cfLoadFile(const std::string &path) { return cfLoadFile(CFTempURL(path)); } +inline CFDataRef CF_RETURNS_RETAINED cfLoadFile(const char *path) { return cfLoadFile(CFTempURL(path)); } // @@ -623,7 +623,7 @@ CFToVector::CFToVector(CFArrayRef arrayRef) // Make CFArrays from stuff. // template -inline CFArrayRef makeCFArrayFrom(const Generator &generate, Iterator first, Iterator last) +inline CFArrayRef CF_RETURNS_RETAINED makeCFArrayFrom(const Generator &generate, Iterator first, Iterator last) { // how many elements? size_t size = distance(first, last); diff --git a/OSX/libsecurity_utilities/lib/dtrace.mk b/OSX/libsecurity_utilities/lib/dtrace.mk deleted file mode 100644 index df299569..00000000 --- a/OSX/libsecurity_utilities/lib/dtrace.mk +++ /dev/null @@ -1,2 +0,0 @@ -utilities_dtrace.h: $(PROJECT_DIR)/lib/security_utilities.d - if [ ! -f "$(DERIVED_SRC)/utilities_dtrace.h" ]; then /usr/sbin/dtrace -h -C -s $(PROJECT_DIR)/lib/security_utilities.d -o $(DERIVED_SRC)/utilities_dtrace.h ; fi diff --git a/OSX/libsecurity_utilities/lib/endian.h b/OSX/libsecurity_utilities/lib/endian.h index 5f96a103..a85790d4 100644 --- a/OSX/libsecurity_utilities/lib/endian.h +++ b/OSX/libsecurity_utilities/lib/endian.h @@ -123,9 +123,9 @@ class Endian { public: typedef Type Value; Endian() : mValue(Type(0)) { } - Endian(Value v) : mValue(h2n(v)) { } + Endian(Value v) : mValue((Type) h2n(v)) { } - Type get () const { return n2h(mValue); } + Type get () const { return (Type) n2h(mValue); } operator Value () const { return this->get(); } Endian &operator = (Value v) { mValue = h2n(v); return *this; } diff --git a/OSX/libsecurity_utilities/lib/exports b/OSX/libsecurity_utilities/lib/exports deleted file mode 100644 index f262b943..00000000 --- a/OSX/libsecurity_utilities/lib/exports +++ /dev/null @@ -1,8 +0,0 @@ -_secdebug_internal -_secdebugfunc_internal -#ifdef TARGET_OS_OSX -_weak_os_log_impl -_weak_os_log_create -_weak_os_log_type_enabled -_logObjForScope -#endif diff --git a/OSX/libsecurity_utilities/lib/fdmover.cpp b/OSX/libsecurity_utilities/lib/fdmover.cpp index 0c20a8b7..38892045 100644 --- a/OSX/libsecurity_utilities/lib/fdmover.cpp +++ b/OSX/libsecurity_utilities/lib/fdmover.cpp @@ -34,7 +34,7 @@ namespace Security { namespace IPPlusPlus { -void *FdMover::Element::operator new (size_t base, size_t more) +void *FdMover::Element::operator new (size_t base, ssize_t more) { Element *element = (Element *)::malloc(CMSG_SPACE(more)); element->cmsg_len = (socklen_t)CMSG_LEN(more); @@ -42,6 +42,11 @@ void *FdMover::Element::operator new (size_t base, size_t more) } void FdMover::Element::operator delete (void *data, size_t base) +{ + ::free(data); +} + +void FdMover::Element::operator delete (void *data, ssize_t base) { ::free(data); } diff --git a/OSX/libsecurity_utilities/lib/fdmover.h b/OSX/libsecurity_utilities/lib/fdmover.h index 1116d4aa..02f99d7a 100644 --- a/OSX/libsecurity_utilities/lib/fdmover.h +++ b/OSX/libsecurity_utilities/lib/fdmover.h @@ -53,8 +53,9 @@ class FdMover : public Socket { private: class Element : public cmsghdr { public: - void *operator new (size_t base, size_t more); - void operator delete (void *addr, size_t size); + void *operator new (size_t base, ssize_t more); + void operator delete (void *addr, ssize_t size); + void operator delete (void *addr, size_t size); Element() { } Element(int level, int type); diff --git a/OSX/libsecurity_utilities/lib/macho++.cpp b/OSX/libsecurity_utilities/lib/macho++.cpp index 9587e253..c5599e5c 100644 --- a/OSX/libsecurity_utilities/lib/macho++.cpp +++ b/OSX/libsecurity_utilities/lib/macho++.cpp @@ -206,19 +206,28 @@ void MachO::validateStructure() struct symtab_command *symtab = NULL; if (cmd_type == LC_SEGMENT) { + if(flip(cmd->cmdsize) < sizeof(struct segment_command)) { + UnixError::throwMe(ENOEXEC); + } seg = (struct segment_command *)cmd; - if (strcmp(seg->segname, SEG_LINKEDIT) == 0) { + if (strncmp(seg->segname, SEG_LINKEDIT, sizeof(seg->segname)) == 0) { isValid = flip(seg->fileoff) + flip(seg->filesize) == this->length(); break; } } else if (cmd_type == LC_SEGMENT_64) { + if(flip(cmd->cmdsize) < sizeof(struct segment_command_64)) { + UnixError::throwMe(ENOEXEC); + } seg64 = (struct segment_command_64 *)cmd; - if (strcmp(seg64->segname, SEG_LINKEDIT) == 0) { + if (strncmp(seg64->segname, SEG_LINKEDIT, sizeof(seg64->segname)) == 0) { isValid = flip(seg64->fileoff) + flip(seg64->filesize) == this->length(); break; } /* PPC binaries have a SYMTAB section */ } else if (cmd_type == LC_SYMTAB) { + if(flip(cmd->cmdsize) < sizeof(struct symtab_command)) { + UnixError::throwMe(ENOEXEC); + } symtab = (struct symtab_command *)cmd; isValid = flip(symtab->stroff) + flip(symtab->strsize) == this->length(); break; @@ -322,8 +331,11 @@ const segment_command *MachOBase::findSegment(const char *segname) const case LC_SEGMENT: case LC_SEGMENT_64: { + if(flip(command->cmdsize) < sizeof(struct segment_command)) { + UnixError::throwMe(ENOEXEC); + } const segment_command *seg = reinterpret_cast(command); - if (!strcmp(seg->segname, segname)) + if (!strncmp(seg->segname, segname, sizeof(seg->segname))) return seg; break; } @@ -339,20 +351,23 @@ const section *MachOBase::findSection(const char *segname, const char *sectname) using LowLevelMemoryUtilities::increment; if (const segment_command *seg = findSegment(segname)) { if (is64()) { + if(flip(seg->cmdsize) < sizeof(segment_command_64)) { + UnixError::throwMe(ENOEXEC); + } const segment_command_64 *seg64 = reinterpret_cast(seg); - // As a sanity check, if the reported number of sections is not consistent - // with the reported size, return NULL - if (sizeof(*seg64) + (seg64->nsects * sizeof(section_64)) > seg64->cmdsize) + if (sizeof(*seg64) + (seg64->nsects * sizeof(section_64)) > flip(seg64->cmdsize)) // too many segments; doesn't fit (malformed Mach-O) return NULL; const section_64 *sect = increment(seg64 + 1, 0); for (unsigned n = flip(seg64->nsects); n > 0; n--, sect++) { - if (!strcmp(sect->sectname, sectname)) + if (!strncmp(sect->sectname, sectname, sizeof(sect->sectname))) return reinterpret_cast(sect); } } else { + if (sizeof(*seg) + (seg->nsects * sizeof(section)) > flip(seg->cmdsize)) // too many segments; doesn't fit (malformed Mach-O) + return NULL; const section *sect = increment(seg + 1, 0); for (unsigned n = flip(seg->nsects); n > 0; n--, sect++) { - if (!strcmp(sect->sectname, sectname)) + if (!strncmp(sect->sectname, sectname, sizeof(sect->sectname))) return sect; } } @@ -385,8 +400,12 @@ const char *MachOBase::string(const load_command *cmd, const lc_str &str) const // const linkedit_data_command *MachOBase::findCodeSignature() const { - if (const load_command *cmd = findCommand(LC_CODE_SIGNATURE)) + if (const load_command *cmd = findCommand(LC_CODE_SIGNATURE)) { + if(flip(cmd->cmdsize) < sizeof(linkedit_data_command)) { + UnixError::throwMe(ENOEXEC); + } return reinterpret_cast(cmd); + } return NULL; // not found } @@ -408,8 +427,12 @@ size_t MachOBase::signingLength() const const linkedit_data_command *MachOBase::findLibraryDependencies() const { - if (const load_command *cmd = findCommand(LC_DYLIB_CODE_SIGN_DRS)) + if (const load_command *cmd = findCommand(LC_DYLIB_CODE_SIGN_DRS)) { + if(flip(cmd->cmdsize) < sizeof(linkedit_data_command)) { + UnixError::throwMe(ENOEXEC); + } return reinterpret_cast(cmd); + } return NULL; // not found } @@ -421,6 +444,9 @@ const version_min_command *MachOBase::findMinVersion() const case LC_VERSION_MIN_IPHONEOS: case LC_VERSION_MIN_WATCHOS: case LC_VERSION_MIN_TVOS: + if(flip(command->cmdsize) < sizeof(version_min_command)) { + UnixError::throwMe(ENOEXEC); + } return reinterpret_cast(command); } return NULL; @@ -466,11 +492,11 @@ Universal::Universal(FileDesc fd, size_t offset /* = 0 */, size_t length /* = 0 union { fat_header header; // if this is a fat file mach_header mheader; // if this is a thin file - }; - const size_t size = max(sizeof(header), sizeof(mheader)); - if (fd.read(&header, size, offset) != size) + } unionHeader; + + if (fd.read(&unionHeader, sizeof(unionHeader), offset) != sizeof(unionHeader)) UnixError::throwMe(ENOEXEC); - switch (header.magic) { + switch (unionHeader.header.magic) { case FAT_MAGIC: case FAT_CIGAM: { @@ -481,7 +507,7 @@ Universal::Universal(FileDesc fd, size_t offset /* = 0 */, size_t length /* = 0 // We always read an extra entry; in the situations where this might hit end-of-file, // we are content to fail. // - mArchCount = ntohl(header.nfat_arch); + mArchCount = ntohl(unionHeader.header.nfat_arch); if (mArchCount > MAX_ARCH_COUNT) UnixError::throwMe(ENOEXEC); @@ -490,7 +516,7 @@ Universal::Universal(FileDesc fd, size_t offset /* = 0 */, size_t length /* = 0 mArchList = (fat_arch *)malloc(archSize); if (!mArchList) UnixError::throwMe(); - if (fd.read(mArchList, archSize, mBase + sizeof(header)) != archSize) { + if (fd.read(mArchList, archSize, mBase + sizeof(unionHeader.header)) != archSize) { ::free(mArchList); UnixError::throwMe(ENOEXEC); } @@ -517,7 +543,7 @@ Universal::Universal(FileDesc fd, size_t offset /* = 0 */, size_t length /* = 0 sortedList.sort(^ bool (const struct fat_arch *arch1, const struct fat_arch *arch2) { return arch1->offset < arch2->offset; }); - const size_t universalHeaderEnd = mBase + sizeof(header) + (sizeof(fat_arch) * mArchCount); + const size_t universalHeaderEnd = mBase + sizeof(unionHeader.header) + (sizeof(fat_arch) * mArchCount); size_t prevHeaderEnd = universalHeaderEnd; size_t prevArchSize = 0, prevArchStart = 0; @@ -578,14 +604,14 @@ Universal::Universal(FileDesc fd, size_t offset /* = 0 */, size_t length /* = 0 case MH_MAGIC_64: mArchList = NULL; mArchCount = 0; - mThinArch = Architecture(mheader.cputype, mheader.cpusubtype); + mThinArch = Architecture(unionHeader.mheader.cputype, unionHeader.mheader.cpusubtype); secinfo("macho", "%p is a thin file (%s)", this, mThinArch.name()); break; case MH_CIGAM: case MH_CIGAM_64: mArchList = NULL; mArchCount = 0; - mThinArch = Architecture(flip(mheader.cputype), flip(mheader.cpusubtype)); + mThinArch = Architecture(flip(unionHeader.mheader.cputype), flip(unionHeader.mheader.cpusubtype)); secinfo("macho", "%p is a thin file (%s)", this, mThinArch.name()); break; default: @@ -598,7 +624,7 @@ Universal::~Universal() ::free(mArchList); } -const size_t Universal::lengthOfSlice(size_t offset) const +size_t Universal::lengthOfSlice(size_t offset) const { auto ret = mSizes.find(offset); if (ret == mSizes.end()) @@ -769,11 +795,9 @@ uint32_t Universal::typeOf(FileDesc fd) case MH_MAGIC: case MH_MAGIC_64: return header.filetype; - break; case MH_CIGAM: case MH_CIGAM_64: return flip(header.filetype); - break; case FAT_MAGIC: case FAT_CIGAM: { diff --git a/OSX/libsecurity_utilities/lib/macho++.h b/OSX/libsecurity_utilities/lib/macho++.h index b9e9bc7b..23ede19d 100644 --- a/OSX/libsecurity_utilities/lib/macho++.h +++ b/OSX/libsecurity_utilities/lib/macho++.h @@ -209,7 +209,7 @@ public: bool isUniversal() const { return mArchList != NULL; } Architecture bestNativeArch() const; - const size_t lengthOfSlice(size_t offset) const; + size_t lengthOfSlice(size_t offset) const; size_t offset() const { return mBase; } size_t length() const { return mLength; } diff --git a/OSX/libsecurity_utilities/lib/memutils.h b/OSX/libsecurity_utilities/lib/memutils.h index 20333873..61268f7a 100644 --- a/OSX/libsecurity_utilities/lib/memutils.h +++ b/OSX/libsecurity_utilities/lib/memutils.h @@ -51,7 +51,7 @@ static const size_t systemAlignment = 4; // Get the local alignment for a type, as used by the acting compiler. // template -inline int alignof() { struct { char c; T t; } s; return sizeof(s) - sizeof(T); } +inline int alignof_template() { struct { char c; T t; } s; return sizeof(s) - sizeof(T); } // diff --git a/OSX/libsecurity_utilities/lib/pcsc++.cpp b/OSX/libsecurity_utilities/lib/pcsc++.cpp index 8c5e409d..fe80fee0 100644 --- a/OSX/libsecurity_utilities/lib/pcsc++.cpp +++ b/OSX/libsecurity_utilities/lib/pcsc++.cpp @@ -190,7 +190,7 @@ void Session::close() bool Session::check(long rc) { - switch (rc) { + switch ((unsigned long) rc) { case SCARD_S_SUCCESS: return true; // got reader(s), call succeeded case SCARD_E_READER_UNAVAILABLE: @@ -214,7 +214,7 @@ void Session::listReaders(vector &readers, const char *groups) decode(readers, mReaderBuffer, size); return; } - case SCARD_E_INSUFFICIENT_BUFFER: + case (int32_t) SCARD_E_INSUFFICIENT_BUFFER: mReaderBuffer.resize(size); break; default: diff --git a/OSX/libsecurity_utilities/lib/seccfobject.cpp b/OSX/libsecurity_utilities/lib/seccfobject.cpp index 11220f45..9fcfc7c0 100644 --- a/OSX/libsecurity_utilities/lib/seccfobject.cpp +++ b/OSX/libsecurity_utilities/lib/seccfobject.cpp @@ -28,7 +28,9 @@ #include #include +#if( __cplusplus <= 201103L) #include +#endif SecPointerBase::SecPointerBase(const SecPointerBase& p) { @@ -146,11 +148,7 @@ void SecCFObject::operator delete(void *object) throw() { CFTypeRef cfType = reinterpret_cast(reinterpret_cast(object) - kAlignedRuntimeSize); - if (CF_IS_COLLECTABLE(cfType)) - { - return; - } - + CFAllocatorRef allocator = CFGetAllocator(cfType); CFAllocatorDeallocate(allocator, (void*) cfType); } diff --git a/OSX/libsecurity_utilities/lib/seccfobject.h b/OSX/libsecurity_utilities/lib/seccfobject.h index 26c39288..dd593883 100644 --- a/OSX/libsecurity_utilities/lib/seccfobject.h +++ b/OSX/libsecurity_utilities/lib/seccfobject.h @@ -29,7 +29,10 @@ #include #include #include "threading.h" + +#if( __cplusplus <= 201103L) #include +#endif namespace Security { diff --git a/OSX/libsecurity_utilities/lib/threading.h b/OSX/libsecurity_utilities/lib/threading.h index 4de9ab4f..dc433b30 100644 --- a/OSX/libsecurity_utilities/lib/threading.h +++ b/OSX/libsecurity_utilities/lib/threading.h @@ -152,6 +152,13 @@ public: ~RecursiveMutex() {} }; +class NormalMutex : public Mutex +{ +public: + NormalMutex() : Mutex(normal) {} + ~NormalMutex() {} +}; + // // Condition variables // diff --git a/OSX/libsecurity_utilities/lib/unixchild.cpp b/OSX/libsecurity_utilities/lib/unixchild.cpp index edddcc0e..9e1c9f75 100644 --- a/OSX/libsecurity_utilities/lib/unixchild.cpp +++ b/OSX/libsecurity_utilities/lib/unixchild.cpp @@ -384,7 +384,6 @@ bool Child::checkStatus(int options) default: UnixError::throwMe(); } - break; // placebo case 0: return false; // child not ready (do nothing) default: @@ -437,7 +436,6 @@ void Child::checkChildren() default: UnixError::throwMe(); } - break; default: if (Child *child = mChildren()[pid]) { child->bury(status); diff --git a/OSX/libsecurity_utilities/lib/url.cpp b/OSX/libsecurity_utilities/lib/url.cpp index 86f7eeb1..3916bbae 100644 --- a/OSX/libsecurity_utilities/lib/url.cpp +++ b/OSX/libsecurity_utilities/lib/url.cpp @@ -29,6 +29,7 @@ #include #include #include +#include namespace Security { @@ -38,14 +39,15 @@ namespace Network { // // Turn a CFStringRef into an STL string and release the incoming CFStringRef // -static string mkstr(CFStringRef str) +static string mkstr(CFStringRef CF_CONSUMED str) { if (!str) return ""; char buffer[2048]; - if (CFStringGetCString(str, buffer, sizeof(buffer), kCFStringEncodingUTF8)) + if (CFStringGetCString(str, buffer, sizeof(buffer), kCFStringEncodingUTF8)) { + CFReleaseSafe(str); return buffer; - else + } else UnixError::throwMe(EINVAL); } @@ -84,7 +86,7 @@ URL::~URL() // URL::operator string() const { - return mkstr(CFURLGetString(ref)); + return mkstr(CFRetainSafe(CFURLGetString(ref))); } string URL::scheme() const diff --git a/OSX/libsecurity_utilities/lib/utilities.cpp b/OSX/libsecurity_utilities/lib/utilities.cpp index d1598c28..a69b2c35 100644 --- a/OSX/libsecurity_utilities/lib/utilities.cpp +++ b/OSX/libsecurity_utilities/lib/utilities.cpp @@ -26,6 +26,7 @@ // Utilities // #include +#include #include #include @@ -114,7 +115,7 @@ char *cached_realpath(const char * file_name, char * resolved_name) valueToReturn = realpath(file_name, resolved_name); } - CFRelease(input); + CFReleaseSafe(input); }); return valueToReturn; diff --git a/OSX/libsecurity_utilities/libsecurity_utilities.xcodeproj/project.pbxproj b/OSX/libsecurity_utilities/libsecurity_utilities.xcodeproj/project.pbxproj deleted file mode 100644 index f2ee6101..00000000 --- a/OSX/libsecurity_utilities/libsecurity_utilities.xcodeproj/project.pbxproj +++ /dev/null @@ -1,930 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXAggregateTarget section */ - C2C9C69D0CECBE8400B3FE07 /* libsecurity_utilitiesDTrace */ = { - isa = PBXAggregateTarget; - buildConfigurationList = C2C9C6A20CECBEA300B3FE07 /* Build configuration list for PBXAggregateTarget "libsecurity_utilitiesDTrace" */; - buildPhases = ( - C2C9C69C0CECBE8400B3FE07 /* ShellScript */, - ); - dependencies = ( - ); - name = libsecurity_utilitiesDTrace; - productName = DTrace; - }; -/* End PBXAggregateTarget section */ - -/* Begin PBXBuildFile section */ - 1807388C146D1B2900F05C24 /* crc.h in Headers */ = {isa = PBXBuildFile; fileRef = AAAA49990CC587B50099E9D4 /* crc.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1807388D146D1B2900F05C24 /* adornments.h in Headers */ = {isa = PBXBuildFile; fileRef = C2B1EBFE06D557B300F68F34 /* adornments.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1807388E146D1B2900F05C24 /* alloc.h in Headers */ = {isa = PBXBuildFile; fileRef = C27994F2052B5F77004B95B8 /* alloc.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA38B146D1D5A00A6D320 /* blob.h in Headers */ = {isa = PBXBuildFile; fileRef = C22550FF0A264BA0007D3358 /* blob.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA38C146D1D5A00A6D320 /* ccaudit.h in Headers */ = {isa = PBXBuildFile; fileRef = 4E4813D607739B0C0090D7C2 /* ccaudit.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA38D146D1D5A00A6D320 /* daemon.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684870525011D00233BF2 /* daemon.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA38E146D1D5A00A6D320 /* debugging_internal.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684890525011D00233BF2 /* debugging_internal.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA38F146D1D5A00A6D320 /* debugsupport.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA6848A0525011D00233BF2 /* debugsupport.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA390146D1D5A00A6D320 /* devrandom.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA6848C0525011D00233BF2 /* devrandom.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA391146D1D5A00A6D320 /* endian.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA6848E0525011D00233BF2 /* endian.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA392146D1D5A00A6D320 /* errors.h in Headers */ = {isa = PBXBuildFile; fileRef = C22EC38F052B7F5D00D55C69 /* errors.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA393146D1D5A00A6D320 /* globalizer.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684940525011D00233BF2 /* globalizer.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA394146D1D5A00A6D320 /* hashing.h in Headers */ = {isa = PBXBuildFile; fileRef = C2D382920A225B23005C63A2 /* hashing.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA395146D1D5A00A6D320 /* iodevices.h in Headers */ = {isa = PBXBuildFile; fileRef = C2D02F9C06FFD41200A4C9B0 /* iodevices.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA396146D1D5A00A6D320 /* ktracecodes.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA6849D0525011D00233BF2 /* ktracecodes.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA397146D1D5A00A6D320 /* logging.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA6849F0525011D00233BF2 /* logging.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA398146D1D5A00A6D320 /* memstreams.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684A20525011D00233BF2 /* memstreams.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA399146D1D5A00A6D320 /* memutils.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684A30525011D00233BF2 /* memutils.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA39A146D1D5A00A6D320 /* osxcode.h in Headers */ = {isa = PBXBuildFile; fileRef = C20A206A06B03FDC00979EF3 /* osxcode.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA39B146D1D5A00A6D320 /* powerwatch.h in Headers */ = {isa = PBXBuildFile; fileRef = C25F97E7052C93BD00EDA739 /* powerwatch.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA39C146D1D5A00A6D320 /* refcount.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684A40525011D00233BF2 /* refcount.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA39D146D1D5A00A6D320 /* seccfobject.h in Headers */ = {isa = PBXBuildFile; fileRef = D6C5F6BC05DD47EC00722571 /* seccfobject.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA39E146D1D5A00A6D320 /* security_utilities.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684A50525011D00233BF2 /* security_utilities.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA39F146D1D5A00A6D320 /* simpleprefs.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6A39A706FFAD8000B6E105 /* simpleprefs.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3A0146D1D5A00A6D320 /* sqlite++.h in Headers */ = {isa = PBXBuildFile; fileRef = C28342C90E366A8E00E54360 /* sqlite++.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3A1146D1D5A00A6D320 /* streams.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684AF0525011D00233BF2 /* streams.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3A2146D1D5A00A6D320 /* superblob.h in Headers */ = {isa = PBXBuildFile; fileRef = C2CBCF510A3E27CF0025C2F9 /* superblob.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3A3146D1D5A00A6D320 /* threading.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684B10525011E00233BF2 /* threading.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3A4146D1D5A00A6D320 /* threading_internal.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684B20525011E00233BF2 /* threading_internal.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3A5146D1D5A00A6D320 /* timeflow.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684B40525011E00233BF2 /* timeflow.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3A6146D1D5A00A6D320 /* tqueue.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684B60525011E00233BF2 /* tqueue.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3A7146D1D5A00A6D320 /* trackingallocator.h in Headers */ = {isa = PBXBuildFile; fileRef = C22EC335052B674000D55C69 /* trackingallocator.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3A8146D1D5A00A6D320 /* transactions.h in Headers */ = {isa = PBXBuildFile; fileRef = C285ECFD06FB47590007ECD6 /* transactions.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3A9146D1D5A00A6D320 /* typedvalue.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684B80525011E00233BF2 /* typedvalue.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3AA146D1D5A00A6D320 /* utilities.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684BE0525011E00233BF2 /* utilities.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3AB146D1D5A00A6D320 /* utility_config.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684BF0525011E00233BF2 /* utility_config.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3AE146D1D7600A6D320 /* fdmover.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684900525011D00233BF2 /* fdmover.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3AF146D1D7600A6D320 /* fdsel.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684920525011D00233BF2 /* fdsel.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3B0146D1D7600A6D320 /* kq++.h in Headers */ = {isa = PBXBuildFile; fileRef = C2C164890F66F2CA00FD6D34 /* kq++.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3B1146D1D7600A6D320 /* muscle++.h in Headers */ = {isa = PBXBuildFile; fileRef = C2B1EE2906D5929700F68F34 /* muscle++.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3B2146D1D7600A6D320 /* pcsc++.h in Headers */ = {isa = PBXBuildFile; fileRef = C2EF2B59066E516600F205D4 /* pcsc++.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3B3146D1D7600A6D320 /* selector.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684A70525011D00233BF2 /* selector.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3B4146D1D7600A6D320 /* unix++.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684BA0525011E00233BF2 /* unix++.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3B5146D1D7600A6D320 /* unixchild.h in Headers */ = {isa = PBXBuildFile; fileRef = C2A7D0B606AEDB94009A7A1E /* unixchild.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3B6146D1D7600A6D320 /* vproc++.h in Headers */ = {isa = PBXBuildFile; fileRef = C2E7B1F90E2415D700956987 /* vproc++.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3B7146D1D7F00A6D320 /* mach++.h in Headers */ = {isa = PBXBuildFile; fileRef = C2EA5E43052BA4E200473E26 /* mach++.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3B8146D1D7F00A6D320 /* mach_notify.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684A10525011D00233BF2 /* mach_notify.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3B9146D1D7F00A6D320 /* cfmach++.h in Headers */ = {isa = PBXBuildFile; fileRef = C24DAED306B8952E00387C29 /* cfmach++.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3BA146D1D7F00A6D320 /* macho++.h in Headers */ = {isa = PBXBuildFile; fileRef = C2B9F3620D5A288900CAB713 /* macho++.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3BB146D1D7F00A6D320 /* dyldcache.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AEE7EC0F30CF6600C7649E /* dyldcache.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3BC146D1D7F00A6D320 /* dyld_cache_format.h in Headers */ = {isa = PBXBuildFile; fileRef = C2AEE7E80F30CF5A00C7649E /* dyld_cache_format.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3BD146D1D7F00A6D320 /* machserver.h in Headers */ = {isa = PBXBuildFile; fileRef = C2EA5E47052BA4E200473E26 /* machserver.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3BE146D1D7F00A6D320 /* machrunloopserver.h in Headers */ = {isa = PBXBuildFile; fileRef = C2EA5E45052BA4E200473E26 /* machrunloopserver.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3BF146D1D8600A6D320 /* coderepository.h in Headers */ = {isa = PBXBuildFile; fileRef = C2D7B6FF0709CB8A00F2AE5F /* coderepository.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3C0146D1D8600A6D320 /* cfclass.h in Headers */ = {isa = PBXBuildFile; fileRef = D65C871305DC11C300B401EF /* cfclass.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3C1146D1D8600A6D320 /* cfmunge.h in Headers */ = {isa = PBXBuildFile; fileRef = C2B9F3600D5A288900CAB713 /* cfmunge.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3C2146D1D8600A6D320 /* cfutilities.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684850525011D00233BF2 /* cfutilities.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3C3146D1D8E00A6D320 /* bufferfifo.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684810525011D00233BF2 /* bufferfifo.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3C4146D1D8E00A6D320 /* buffers.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684830525011D00233BF2 /* buffers.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3C5146D1D8E00A6D320 /* headermap.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684960525011D00233BF2 /* headermap.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3C6146D1D8E00A6D320 /* hosts.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684980525011D00233BF2 /* hosts.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3C7146D1D8E00A6D320 /* inetreply.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA6849A0525011D00233BF2 /* inetreply.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3C8146D1D8E00A6D320 /* ip++.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA6849C0525011D00233BF2 /* ip++.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3C9146D1D8E00A6D320 /* url.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684BC0525011E00233BF2 /* url.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3CA146D1D9700A6D320 /* socks++.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684A90525011D00233BF2 /* socks++.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3CB146D1D9700A6D320 /* socks++4.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684AB0525011D00233BF2 /* socks++4.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 181EA3CC146D1D9700A6D320 /* socks++5.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA684AD0525011D00233BF2 /* socks++5.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 1865FC241472444600FD79DF /* utilities_dtrace.h in Headers */ = {isa = PBXBuildFile; fileRef = C2C9C6B00CECBF8E00B3FE07 /* utilities_dtrace.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 4C6A39A806FFAD8000B6E105 /* simpleprefs.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C6A39A606FFAD8000B6E105 /* simpleprefs.cpp */; }; - 4CA684C00525011E00233BF2 /* bufferfifo.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684800525011D00233BF2 /* bufferfifo.cpp */; }; - 4CA684C20525011E00233BF2 /* buffers.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684820525011D00233BF2 /* buffers.cpp */; }; - 4CA684C40525011E00233BF2 /* cfutilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684840525011D00233BF2 /* cfutilities.cpp */; }; - 4CA684C60525011E00233BF2 /* daemon.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684860525011D00233BF2 /* daemon.cpp */; }; - 4CA684C80525011E00233BF2 /* debugging_internal.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684880525011D00233BF2 /* debugging_internal.cpp */; }; - 4CA684CB0525011E00233BF2 /* devrandom.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA6848B0525011D00233BF2 /* devrandom.cpp */; }; - 4CA684CD0525011E00233BF2 /* endian.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA6848D0525011D00233BF2 /* endian.cpp */; }; - 4CA684CF0525011E00233BF2 /* fdmover.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA6848F0525011D00233BF2 /* fdmover.cpp */; }; - 4CA684D10525011E00233BF2 /* fdsel.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684910525011D00233BF2 /* fdsel.cpp */; }; - 4CA684D30525011E00233BF2 /* globalizer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684930525011D00233BF2 /* globalizer.cpp */; }; - 4CA684D50525011E00233BF2 /* headermap.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684950525011D00233BF2 /* headermap.cpp */; }; - 4CA684D70525011E00233BF2 /* hosts.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684970525011D00233BF2 /* hosts.cpp */; }; - 4CA684D90525011E00233BF2 /* inetreply.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684990525011D00233BF2 /* inetreply.cpp */; }; - 4CA684DB0525011E00233BF2 /* ip++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA6849B0525011D00233BF2 /* ip++.cpp */; }; - 4CA684DE0525011E00233BF2 /* logging.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA6849E0525011D00233BF2 /* logging.cpp */; }; - 4CA684E00525011E00233BF2 /* mach_notify.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684A00525011D00233BF2 /* mach_notify.c */; }; - 4CA684E60525011E00233BF2 /* selector.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684A60525011D00233BF2 /* selector.cpp */; }; - 4CA684E80525011E00233BF2 /* socks++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684A80525011D00233BF2 /* socks++.cpp */; }; - 4CA684EA0525011E00233BF2 /* socks++4.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684AA0525011D00233BF2 /* socks++4.cpp */; }; - 4CA684EC0525011E00233BF2 /* socks++5.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684AC0525011D00233BF2 /* socks++5.cpp */; }; - 4CA684EE0525011E00233BF2 /* streams.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684AE0525011D00233BF2 /* streams.cpp */; }; - 4CA684F00525011E00233BF2 /* threading.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684B00525011E00233BF2 /* threading.cpp */; }; - 4CA684F30525011E00233BF2 /* timeflow.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684B30525011E00233BF2 /* timeflow.cpp */; }; - 4CA684F50525011E00233BF2 /* tqueue.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684B50525011E00233BF2 /* tqueue.cpp */; }; - 4CA684F70525011E00233BF2 /* typedvalue.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684B70525011E00233BF2 /* typedvalue.cpp */; }; - 4CA684F90525011E00233BF2 /* unix++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684B90525011E00233BF2 /* unix++.cpp */; }; - 4CA684FB0525011E00233BF2 /* url.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684BB0525011E00233BF2 /* url.cpp */; }; - 4CA684FD0525011E00233BF2 /* utilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CA684BD0525011E00233BF2 /* utilities.cpp */; }; - 4E4813D707739B0C0090D7C2 /* ccaudit.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4E4813D507739B0C0090D7C2 /* ccaudit.cpp */; }; - 7A93A12419BE6FA600F07E9A /* dispatch.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A93A12219BE6FA600F07E9A /* dispatch.cpp */; }; - 7A93A12519BE6FA600F07E9A /* dispatch.h in Headers */ = {isa = PBXBuildFile; fileRef = 7A93A12319BE6FA600F07E9A /* dispatch.h */; }; - AAAA499A0CC587B50099E9D4 /* crc.c in Sources */ = {isa = PBXBuildFile; fileRef = AAAA49980CC587B50099E9D4 /* crc.c */; }; - C200C0800731DEA300564CE0 /* trackingallocator.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C200C07F0731DE8C00564CE0 /* trackingallocator.cpp */; }; - C20A206B06B03FDC00979EF3 /* osxcode.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C20A206906B03FDC00979EF3 /* osxcode.cpp */; }; - C22551000A264BA0007D3358 /* blob.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C22550FE0A264BA0007D3358 /* blob.cpp */; }; - C22EC3A9052B807700D55C69 /* errors.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C22EC3A8052B807700D55C69 /* errors.cpp */; }; - C24DAED406B8952E00387C29 /* cfmach++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C24DAED206B8952E00387C29 /* cfmach++.cpp */; }; - C25F97E8052C93BD00EDA739 /* powerwatch.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C25F97E6052C93BD00EDA739 /* powerwatch.cpp */; }; - C27994F3052B5F77004B95B8 /* alloc.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C27994F1052B5F77004B95B8 /* alloc.cpp */; }; - C28342CA0E366A8E00E54360 /* sqlite++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C28342C80E366A8E00E54360 /* sqlite++.cpp */; }; - C285ECFA06FB474B0007ECD6 /* transactions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C285ECF906FB474B0007ECD6 /* transactions.cpp */; }; - C2A7D0B706AEDB94009A7A1E /* unixchild.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2A7D0B506AEDB94009A7A1E /* unixchild.cpp */; }; - C2AEE7ED0F30CF8600C7649E /* dyldcache.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AEE7EB0F30CF6600C7649E /* dyldcache.cpp */; }; - C2B1EBFF06D557B300F68F34 /* adornments.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2B1EBFD06D557B300F68F34 /* adornments.cpp */; }; - C2B1EE2A06D5929700F68F34 /* muscle++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2B1EE2806D5929700F68F34 /* muscle++.cpp */; }; - C2B9F3630D5A28CA00CAB713 /* cfmunge.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2B9F35F0D5A288900CAB713 /* cfmunge.cpp */; }; - C2B9F3640D5A28D500CAB713 /* macho++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2B9F3610D5A288900CAB713 /* macho++.cpp */; }; - C2C1648E0F66F2D300FD6D34 /* kq++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2C1648D0F66F2D300FD6D34 /* kq++.cpp */; }; - C2CBCF520A3E27CF0025C2F9 /* superblob.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2CBCF500A3E27CF0025C2F9 /* superblob.cpp */; }; - C2D02F9D06FFD41200A4C9B0 /* iodevices.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D02F9B06FFD41200A4C9B0 /* iodevices.cpp */; }; - C2D382930A225B23005C63A2 /* hashing.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D382910A225B23005C63A2 /* hashing.cpp */; }; - C2D7B6FC0709CB7F00F2AE5F /* coderepository.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D7B6FB0709CB7F00F2AE5F /* coderepository.cpp */; }; - C2E7B1FA0E2415D700956987 /* vproc++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2E7B1F80E2415D700956987 /* vproc++.cpp */; }; - C2EA5E48052BA4E200473E26 /* mach++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2EA5E42052BA4E200473E26 /* mach++.cpp */; }; - C2EA5E4A052BA4E200473E26 /* machrunloopserver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2EA5E44052BA4E200473E26 /* machrunloopserver.cpp */; }; - C2EA5E4C052BA4E200473E26 /* machserver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2EA5E46052BA4E200473E26 /* machserver.cpp */; }; - C2EF2B5A066E516600F205D4 /* pcsc++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2EF2B58066E516600F205D4 /* pcsc++.cpp */; }; - D65C871405DC11C300B401EF /* cfclass.cpp in Sources */ = {isa = PBXBuildFile; fileRef = D65C871205DC11C300B401EF /* cfclass.cpp */; }; - D6C5F6BD05DD47EC00722571 /* seccfobject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = D6C5F6BB05DD47EC00722571 /* seccfobject.cpp */; }; - DC27E9F51BBC589500C9BC39 /* CSPDLTransaction.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC27E9F31BBC589500C9BC39 /* CSPDLTransaction.cpp */; }; - DC27E9F61BBC589500C9BC39 /* CSPDLTransaction.h in Headers */ = {isa = PBXBuildFile; fileRef = DC27E9F41BBC589500C9BC39 /* CSPDLTransaction.h */; }; - DC3122E71CE64E080040B1BD /* debugging.h in Headers */ = {isa = PBXBuildFile; fileRef = DC3122E61CE64E080040B1BD /* debugging.h */; settings = {ATTRIBUTES = (Public, ); }; }; - DCCBDF381C51A4DC004BB34E /* FileLockTransaction.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCCBDF361C51A4DC004BB34E /* FileLockTransaction.cpp */; }; - DCCBDF391C51A4DC004BB34E /* FileLockTransaction.h in Headers */ = {isa = PBXBuildFile; fileRef = DCCBDF371C51A4DC004BB34E /* FileLockTransaction.h */; }; - DCE4BC3E1C6E7BFC001596A7 /* casts.h in Headers */ = {isa = PBXBuildFile; fileRef = DCE4BC3C1C6E7BFC001596A7 /* casts.h */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 181EA3CE146D1E5D00A6D320 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA2A5330523D2CD00978A7B /* Project object */; - proxyType = 1; - remoteGlobalIDString = C2C9C69D0CECBE8400B3FE07; - remoteInfo = DTrace; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXFileReference section */ - 181EA3EA146D2A5F00A6D320 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 181EA3EB146D2A5F00A6D320 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 181EA3EC146D2A5F00A6D320 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 181EA3ED146D2A5F00A6D320 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 4C6A39A606FFAD8000B6E105 /* simpleprefs.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = simpleprefs.cpp; sourceTree = ""; }; - 4C6A39A706FFAD8000B6E105 /* simpleprefs.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = simpleprefs.h; sourceTree = ""; }; - 4CA2A53A0523D32800978A7B /* libsecurity_utilities.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurity_utilities.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CA684800525011D00233BF2 /* bufferfifo.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = bufferfifo.cpp; sourceTree = ""; }; - 4CA684810525011D00233BF2 /* bufferfifo.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = bufferfifo.h; sourceTree = ""; }; - 4CA684820525011D00233BF2 /* buffers.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = buffers.cpp; sourceTree = ""; }; - 4CA684830525011D00233BF2 /* buffers.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = buffers.h; sourceTree = ""; }; - 4CA684840525011D00233BF2 /* cfutilities.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = cfutilities.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4CA684850525011D00233BF2 /* cfutilities.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cfutilities.h; sourceTree = ""; }; - 4CA684860525011D00233BF2 /* daemon.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = daemon.cpp; sourceTree = ""; }; - 4CA684870525011D00233BF2 /* daemon.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = daemon.h; sourceTree = ""; }; - 4CA684880525011D00233BF2 /* debugging_internal.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = debugging_internal.cpp; sourceTree = ""; }; - 4CA684890525011D00233BF2 /* debugging_internal.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = debugging_internal.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - 4CA6848A0525011D00233BF2 /* debugsupport.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = debugsupport.h; sourceTree = ""; }; - 4CA6848B0525011D00233BF2 /* devrandom.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = devrandom.cpp; sourceTree = ""; }; - 4CA6848C0525011D00233BF2 /* devrandom.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = devrandom.h; sourceTree = ""; }; - 4CA6848D0525011D00233BF2 /* endian.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = endian.cpp; sourceTree = ""; }; - 4CA6848E0525011D00233BF2 /* endian.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = endian.h; sourceTree = ""; }; - 4CA6848F0525011D00233BF2 /* fdmover.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = fdmover.cpp; sourceTree = ""; }; - 4CA684900525011D00233BF2 /* fdmover.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = fdmover.h; sourceTree = ""; }; - 4CA684910525011D00233BF2 /* fdsel.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = fdsel.cpp; sourceTree = ""; }; - 4CA684920525011D00233BF2 /* fdsel.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = fdsel.h; sourceTree = ""; }; - 4CA684930525011D00233BF2 /* globalizer.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = globalizer.cpp; sourceTree = ""; }; - 4CA684940525011D00233BF2 /* globalizer.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = globalizer.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - 4CA684950525011D00233BF2 /* headermap.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = headermap.cpp; sourceTree = ""; }; - 4CA684960525011D00233BF2 /* headermap.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = headermap.h; sourceTree = ""; }; - 4CA684970525011D00233BF2 /* hosts.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = hosts.cpp; sourceTree = ""; }; - 4CA684980525011D00233BF2 /* hosts.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = hosts.h; sourceTree = ""; }; - 4CA684990525011D00233BF2 /* inetreply.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = inetreply.cpp; sourceTree = ""; }; - 4CA6849A0525011D00233BF2 /* inetreply.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = inetreply.h; sourceTree = ""; }; - 4CA6849B0525011D00233BF2 /* ip++.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = "ip++.cpp"; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4CA6849C0525011D00233BF2 /* ip++.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = "ip++.h"; sourceTree = ""; }; - 4CA6849D0525011D00233BF2 /* ktracecodes.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ktracecodes.h; sourceTree = ""; }; - 4CA6849E0525011D00233BF2 /* logging.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = logging.cpp; sourceTree = ""; }; - 4CA6849F0525011D00233BF2 /* logging.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = logging.h; sourceTree = ""; }; - 4CA684A00525011D00233BF2 /* mach_notify.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = mach_notify.c; sourceTree = ""; }; - 4CA684A10525011D00233BF2 /* mach_notify.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = mach_notify.h; sourceTree = ""; }; - 4CA684A20525011D00233BF2 /* memstreams.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = memstreams.h; sourceTree = ""; }; - 4CA684A30525011D00233BF2 /* memutils.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = memutils.h; sourceTree = ""; }; - 4CA684A40525011D00233BF2 /* refcount.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = refcount.h; sourceTree = ""; }; - 4CA684A50525011D00233BF2 /* security_utilities.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = security_utilities.h; sourceTree = ""; }; - 4CA684A60525011D00233BF2 /* selector.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = selector.cpp; sourceTree = ""; }; - 4CA684A70525011D00233BF2 /* selector.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = selector.h; sourceTree = ""; }; - 4CA684A80525011D00233BF2 /* socks++.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = "socks++.cpp"; sourceTree = ""; }; - 4CA684A90525011D00233BF2 /* socks++.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = "socks++.h"; sourceTree = ""; }; - 4CA684AA0525011D00233BF2 /* socks++4.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = "socks++4.cpp"; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4CA684AB0525011D00233BF2 /* socks++4.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = "socks++4.h"; sourceTree = ""; }; - 4CA684AC0525011D00233BF2 /* socks++5.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = "socks++5.cpp"; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4CA684AD0525011D00233BF2 /* socks++5.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = "socks++5.h"; sourceTree = ""; }; - 4CA684AE0525011D00233BF2 /* streams.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = streams.cpp; sourceTree = ""; }; - 4CA684AF0525011D00233BF2 /* streams.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = streams.h; sourceTree = ""; }; - 4CA684B00525011E00233BF2 /* threading.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = threading.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4CA684B10525011E00233BF2 /* threading.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = threading.h; sourceTree = ""; }; - 4CA684B20525011E00233BF2 /* threading_internal.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = threading_internal.h; sourceTree = ""; }; - 4CA684B30525011E00233BF2 /* timeflow.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = timeflow.cpp; sourceTree = ""; }; - 4CA684B40525011E00233BF2 /* timeflow.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = timeflow.h; sourceTree = ""; }; - 4CA684B50525011E00233BF2 /* tqueue.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tqueue.cpp; sourceTree = ""; }; - 4CA684B60525011E00233BF2 /* tqueue.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = tqueue.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - 4CA684B70525011E00233BF2 /* typedvalue.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = typedvalue.cpp; sourceTree = ""; }; - 4CA684B80525011E00233BF2 /* typedvalue.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = typedvalue.h; sourceTree = ""; }; - 4CA684B90525011E00233BF2 /* unix++.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = "unix++.cpp"; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4CA684BA0525011E00233BF2 /* unix++.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = "unix++.h"; sourceTree = ""; }; - 4CA684BB0525011E00233BF2 /* url.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = url.cpp; sourceTree = ""; }; - 4CA684BC0525011E00233BF2 /* url.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = url.h; sourceTree = ""; }; - 4CA684BD0525011E00233BF2 /* utilities.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = utilities.cpp; sourceTree = ""; }; - 4CA684BE0525011E00233BF2 /* utilities.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = utilities.h; sourceTree = ""; }; - 4CA684BF0525011E00233BF2 /* utility_config.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = utility_config.h; sourceTree = ""; }; - 4E4813D507739B0C0090D7C2 /* ccaudit.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = ccaudit.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4E4813D607739B0C0090D7C2 /* ccaudit.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ccaudit.h; sourceTree = ""; }; - 7A93A12219BE6FA600F07E9A /* dispatch.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = dispatch.cpp; sourceTree = ""; usesTabs = 1; }; - 7A93A12319BE6FA600F07E9A /* dispatch.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dispatch.h; sourceTree = ""; usesTabs = 1; }; - AA3BC08D166549EA00EF1D2E /* exports */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; lineEnding = 0; path = exports; sourceTree = ""; xcLanguageSpecificationIdentifier = ""; }; - AA5B97E70E140C3E0032C12F /* dtrace.mk */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = dtrace.mk; path = lib/dtrace.mk; sourceTree = ""; usesTabs = 1; }; - AAAA49980CC587B50099E9D4 /* crc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = crc.c; sourceTree = ""; }; - AAAA49990CC587B50099E9D4 /* crc.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = crc.h; sourceTree = ""; }; - C200C07F0731DE8C00564CE0 /* trackingallocator.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = trackingallocator.cpp; path = lib/trackingallocator.cpp; sourceTree = SOURCE_ROOT; }; - C20A206906B03FDC00979EF3 /* osxcode.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = osxcode.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C20A206A06B03FDC00979EF3 /* osxcode.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = osxcode.h; sourceTree = ""; }; - C22550FE0A264BA0007D3358 /* blob.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = blob.cpp; sourceTree = ""; }; - C22550FF0A264BA0007D3358 /* blob.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = blob.h; sourceTree = ""; }; - C22EC335052B674000D55C69 /* trackingallocator.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = trackingallocator.h; sourceTree = ""; }; - C22EC38F052B7F5D00D55C69 /* errors.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = errors.h; sourceTree = ""; }; - C22EC3A8052B807700D55C69 /* errors.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = errors.cpp; sourceTree = ""; }; - C24DAED206B8952E00387C29 /* cfmach++.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = "cfmach++.cpp"; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C24DAED306B8952E00387C29 /* cfmach++.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = "cfmach++.h"; sourceTree = ""; }; - C25F97E6052C93BD00EDA739 /* powerwatch.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = powerwatch.cpp; sourceTree = ""; }; - C25F97E7052C93BD00EDA739 /* powerwatch.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = powerwatch.h; sourceTree = ""; }; - C27994F1052B5F77004B95B8 /* alloc.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = alloc.cpp; sourceTree = ""; }; - C27994F2052B5F77004B95B8 /* alloc.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = alloc.h; sourceTree = ""; }; - C28342C80E366A8E00E54360 /* sqlite++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = "sqlite++.cpp"; sourceTree = ""; }; - C28342C90E366A8E00E54360 /* sqlite++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "sqlite++.h"; sourceTree = ""; }; - C285ECF906FB474B0007ECD6 /* transactions.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = transactions.cpp; sourceTree = ""; }; - C285ECFD06FB47590007ECD6 /* transactions.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = transactions.h; sourceTree = ""; }; - C2A7D0B506AEDB94009A7A1E /* unixchild.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = unixchild.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2A7D0B606AEDB94009A7A1E /* unixchild.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = unixchild.h; sourceTree = ""; }; - C2AEE7E80F30CF5A00C7649E /* dyld_cache_format.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dyld_cache_format.h; sourceTree = ""; }; - C2AEE7EB0F30CF6600C7649E /* dyldcache.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = dyldcache.cpp; sourceTree = ""; }; - C2AEE7EC0F30CF6600C7649E /* dyldcache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dyldcache.h; sourceTree = ""; }; - C2B1EBFD06D557B300F68F34 /* adornments.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = adornments.cpp; sourceTree = ""; }; - C2B1EBFE06D557B300F68F34 /* adornments.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = adornments.h; sourceTree = ""; }; - C2B1EE2806D5929700F68F34 /* muscle++.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = "muscle++.cpp"; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2B1EE2906D5929700F68F34 /* muscle++.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = "muscle++.h"; sourceTree = ""; }; - C2B9F35F0D5A288900CAB713 /* cfmunge.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cfmunge.cpp; sourceTree = ""; }; - C2B9F3600D5A288900CAB713 /* cfmunge.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cfmunge.h; sourceTree = ""; }; - C2B9F3610D5A288900CAB713 /* macho++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = "macho++.cpp"; sourceTree = ""; usesTabs = 1; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2B9F3620D5A288900CAB713 /* macho++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "macho++.h"; sourceTree = ""; }; - C2C164890F66F2CA00FD6D34 /* kq++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "kq++.h"; sourceTree = ""; }; - C2C1648D0F66F2D300FD6D34 /* kq++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = "kq++.cpp"; sourceTree = ""; }; - C2C9C6990CECBE5E00B3FE07 /* security_utilities.d */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.dtrace; name = security_utilities.d; path = lib/security_utilities.d; sourceTree = ""; }; - C2C9C6B00CECBF8E00B3FE07 /* utilities_dtrace.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = utilities_dtrace.h; path = derived_src/security_utilities/utilities_dtrace.h; sourceTree = BUILT_PRODUCTS_DIR; }; - C2CBCF500A3E27CF0025C2F9 /* superblob.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = superblob.cpp; sourceTree = ""; }; - C2CBCF510A3E27CF0025C2F9 /* superblob.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = superblob.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - C2D02F9B06FFD41200A4C9B0 /* iodevices.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = iodevices.cpp; sourceTree = ""; }; - C2D02F9C06FFD41200A4C9B0 /* iodevices.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = iodevices.h; sourceTree = ""; }; - C2D382910A225B23005C63A2 /* hashing.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = hashing.cpp; sourceTree = ""; }; - C2D382920A225B23005C63A2 /* hashing.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = hashing.h; sourceTree = ""; }; - C2D7B6FB0709CB7F00F2AE5F /* coderepository.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = coderepository.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2D7B6FF0709CB8A00F2AE5F /* coderepository.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = coderepository.h; sourceTree = ""; }; - C2E7B1F80E2415D700956987 /* vproc++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = "vproc++.cpp"; sourceTree = ""; }; - C2E7B1F90E2415D700956987 /* vproc++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "vproc++.h"; sourceTree = ""; }; - C2EA5E42052BA4E200473E26 /* mach++.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = "mach++.cpp"; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2EA5E43052BA4E200473E26 /* mach++.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = "mach++.h"; sourceTree = ""; }; - C2EA5E44052BA4E200473E26 /* machrunloopserver.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = machrunloopserver.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2EA5E45052BA4E200473E26 /* machrunloopserver.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = machrunloopserver.h; sourceTree = ""; }; - C2EA5E46052BA4E200473E26 /* machserver.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = machserver.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2EA5E47052BA4E200473E26 /* machserver.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = machserver.h; sourceTree = ""; }; - C2EF2B58066E516600F205D4 /* pcsc++.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = "pcsc++.cpp"; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2EF2B59066E516600F205D4 /* pcsc++.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = "pcsc++.h"; sourceTree = ""; }; - D65C871205DC11C300B401EF /* cfclass.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = cfclass.cpp; sourceTree = ""; }; - D65C871305DC11C300B401EF /* cfclass.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = cfclass.h; sourceTree = ""; }; - D6C5F6BB05DD47EC00722571 /* seccfobject.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = seccfobject.cpp; sourceTree = ""; }; - D6C5F6BC05DD47EC00722571 /* seccfobject.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = seccfobject.h; sourceTree = ""; }; - DC27E9F31BBC589500C9BC39 /* CSPDLTransaction.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = CSPDLTransaction.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - DC27E9F41BBC589500C9BC39 /* CSPDLTransaction.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CSPDLTransaction.h; sourceTree = ""; }; - DC3122E61CE64E080040B1BD /* debugging.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; name = debugging.h; path = ../../utilities/src/debugging.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - DCCBDF361C51A4DC004BB34E /* FileLockTransaction.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = FileLockTransaction.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - DCCBDF371C51A4DC004BB34E /* FileLockTransaction.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FileLockTransaction.h; sourceTree = ""; }; - DCE4BC3C1C6E7BFC001596A7 /* casts.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = casts.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 4CA2A5370523D32800978A7B /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 181EA3E9146D2A5F00A6D320 /* config */ = { - isa = PBXGroup; - children = ( - 181EA3EA146D2A5F00A6D320 /* base.xcconfig */, - 181EA3EB146D2A5F00A6D320 /* debug.xcconfig */, - 181EA3EC146D2A5F00A6D320 /* lib.xcconfig */, - 181EA3ED146D2A5F00A6D320 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 4CA2A52F0523D2CD00978A7B = { - isa = PBXGroup; - children = ( - 4CA6847F0525011D00233BF2 /* lib */, - 181EA3E9146D2A5F00A6D320 /* config */, - C2C79BFA0CFE2F790079CA7B /* DTrace */, - C2C9C6B40CECBFC100B3FE07 /* derived_src */, - 4CA2A53B0523D32800978A7B /* Products */, - ); - sourceTree = ""; - }; - 4CA2A53B0523D32800978A7B /* Products */ = { - isa = PBXGroup; - children = ( - 4CA2A53A0523D32800978A7B /* libsecurity_utilities.a */, - ); - name = Products; - sourceTree = ""; - }; - 4CA6847F0525011D00233BF2 /* lib */ = { - isa = PBXGroup; - children = ( - DC3122E61CE64E080040B1BD /* debugging.h */, - DCCBDF361C51A4DC004BB34E /* FileLockTransaction.cpp */, - DCCBDF371C51A4DC004BB34E /* FileLockTransaction.h */, - DC27E9F31BBC589500C9BC39 /* CSPDLTransaction.cpp */, - DC27E9F41BBC589500C9BC39 /* CSPDLTransaction.h */, - DCE4BC3C1C6E7BFC001596A7 /* casts.h */, - AAAA49980CC587B50099E9D4 /* crc.c */, - AAAA49990CC587B50099E9D4 /* crc.h */, - C2B1EBFE06D557B300F68F34 /* adornments.h */, - C2B1EBFD06D557B300F68F34 /* adornments.cpp */, - C27994F2052B5F77004B95B8 /* alloc.h */, - C27994F1052B5F77004B95B8 /* alloc.cpp */, - C22550FF0A264BA0007D3358 /* blob.h */, - C22550FE0A264BA0007D3358 /* blob.cpp */, - 4E4813D507739B0C0090D7C2 /* ccaudit.cpp */, - 4E4813D607739B0C0090D7C2 /* ccaudit.h */, - 4CA684870525011D00233BF2 /* daemon.h */, - 4CA684860525011D00233BF2 /* daemon.cpp */, - 4CA684890525011D00233BF2 /* debugging_internal.h */, - 4CA6848A0525011D00233BF2 /* debugsupport.h */, - 4CA684880525011D00233BF2 /* debugging_internal.cpp */, - 4CA6848C0525011D00233BF2 /* devrandom.h */, - 4CA6848B0525011D00233BF2 /* devrandom.cpp */, - 7A93A12219BE6FA600F07E9A /* dispatch.cpp */, - 7A93A12319BE6FA600F07E9A /* dispatch.h */, - 4CA6848E0525011D00233BF2 /* endian.h */, - 4CA6848D0525011D00233BF2 /* endian.cpp */, - C22EC38F052B7F5D00D55C69 /* errors.h */, - C22EC3A8052B807700D55C69 /* errors.cpp */, - 4CA684940525011D00233BF2 /* globalizer.h */, - 4CA684930525011D00233BF2 /* globalizer.cpp */, - C2D382920A225B23005C63A2 /* hashing.h */, - C2D382910A225B23005C63A2 /* hashing.cpp */, - C2D02F9C06FFD41200A4C9B0 /* iodevices.h */, - C2D02F9B06FFD41200A4C9B0 /* iodevices.cpp */, - 4CA6849D0525011D00233BF2 /* ktracecodes.h */, - 4CA6849F0525011D00233BF2 /* logging.h */, - 4CA6849E0525011D00233BF2 /* logging.cpp */, - 4CA684A20525011D00233BF2 /* memstreams.h */, - 4CA684A30525011D00233BF2 /* memutils.h */, - C20A206A06B03FDC00979EF3 /* osxcode.h */, - C20A206906B03FDC00979EF3 /* osxcode.cpp */, - C25F97E7052C93BD00EDA739 /* powerwatch.h */, - C25F97E6052C93BD00EDA739 /* powerwatch.cpp */, - 4CA684A40525011D00233BF2 /* refcount.h */, - D6C5F6BC05DD47EC00722571 /* seccfobject.h */, - D6C5F6BB05DD47EC00722571 /* seccfobject.cpp */, - 4CA684A50525011D00233BF2 /* security_utilities.h */, - 4C6A39A706FFAD8000B6E105 /* simpleprefs.h */, - 4C6A39A606FFAD8000B6E105 /* simpleprefs.cpp */, - C28342C90E366A8E00E54360 /* sqlite++.h */, - C28342C80E366A8E00E54360 /* sqlite++.cpp */, - 4CA684AF0525011D00233BF2 /* streams.h */, - 4CA684AE0525011D00233BF2 /* streams.cpp */, - C2CBCF510A3E27CF0025C2F9 /* superblob.h */, - C2CBCF500A3E27CF0025C2F9 /* superblob.cpp */, - 4CA684B10525011E00233BF2 /* threading.h */, - 4CA684B20525011E00233BF2 /* threading_internal.h */, - 4CA684B00525011E00233BF2 /* threading.cpp */, - 4CA684B40525011E00233BF2 /* timeflow.h */, - 4CA684B30525011E00233BF2 /* timeflow.cpp */, - 4CA684B60525011E00233BF2 /* tqueue.h */, - 4CA684B50525011E00233BF2 /* tqueue.cpp */, - C22EC335052B674000D55C69 /* trackingallocator.h */, - C200C07F0731DE8C00564CE0 /* trackingallocator.cpp */, - C285ECF906FB474B0007ECD6 /* transactions.cpp */, - C285ECFD06FB47590007ECD6 /* transactions.h */, - 4CA684B70525011E00233BF2 /* typedvalue.cpp */, - 4CA684B80525011E00233BF2 /* typedvalue.h */, - 4CA684BE0525011E00233BF2 /* utilities.h */, - 4CA684BD0525011E00233BF2 /* utilities.cpp */, - 4CA684BF0525011E00233BF2 /* utility_config.h */, - C2EF2B67066E52F700F205D4 /* Unix */, - C2EF2B64066E52C100F205D4 /* Mach */, - C20A209606B040D400979EF3 /* CoreFoundation */, - C2EF2B61066E52AB00F205D4 /* Network */, - AA3BC08D166549EA00EF1D2E /* exports */, - ); - path = lib; - sourceTree = ""; - }; - C20A209606B040D400979EF3 /* CoreFoundation */ = { - isa = PBXGroup; - children = ( - C2D7B6FF0709CB8A00F2AE5F /* coderepository.h */, - C2D7B6FB0709CB7F00F2AE5F /* coderepository.cpp */, - D65C871305DC11C300B401EF /* cfclass.h */, - D65C871205DC11C300B401EF /* cfclass.cpp */, - C2B9F3600D5A288900CAB713 /* cfmunge.h */, - C2B9F35F0D5A288900CAB713 /* cfmunge.cpp */, - 4CA684850525011D00233BF2 /* cfutilities.h */, - 4CA684840525011D00233BF2 /* cfutilities.cpp */, - ); - name = CoreFoundation; - sourceTree = ""; - }; - C2C79BFA0CFE2F790079CA7B /* DTrace */ = { - isa = PBXGroup; - children = ( - C2C9C6990CECBE5E00B3FE07 /* security_utilities.d */, - AA5B97E70E140C3E0032C12F /* dtrace.mk */, - ); - name = DTrace; - sourceTree = ""; - }; - C2C9C6B40CECBFC100B3FE07 /* derived_src */ = { - isa = PBXGroup; - children = ( - C2C9C6B00CECBF8E00B3FE07 /* utilities_dtrace.h */, - ); - path = derived_src; - sourceTree = BUILT_PRODUCTS_DIR; - }; - C2EF2B5E066E51F400F205D4 /* Socks */ = { - isa = PBXGroup; - children = ( - 4CA684A90525011D00233BF2 /* socks++.h */, - 4CA684A80525011D00233BF2 /* socks++.cpp */, - 4CA684AB0525011D00233BF2 /* socks++4.h */, - 4CA684AA0525011D00233BF2 /* socks++4.cpp */, - 4CA684AD0525011D00233BF2 /* socks++5.h */, - 4CA684AC0525011D00233BF2 /* socks++5.cpp */, - ); - name = Socks; - sourceTree = ""; - }; - C2EF2B61066E52AB00F205D4 /* Network */ = { - isa = PBXGroup; - children = ( - 4CA684810525011D00233BF2 /* bufferfifo.h */, - 4CA684800525011D00233BF2 /* bufferfifo.cpp */, - 4CA684830525011D00233BF2 /* buffers.h */, - 4CA684820525011D00233BF2 /* buffers.cpp */, - 4CA684960525011D00233BF2 /* headermap.h */, - 4CA684950525011D00233BF2 /* headermap.cpp */, - 4CA684980525011D00233BF2 /* hosts.h */, - 4CA684970525011D00233BF2 /* hosts.cpp */, - 4CA6849A0525011D00233BF2 /* inetreply.h */, - 4CA684990525011D00233BF2 /* inetreply.cpp */, - 4CA6849C0525011D00233BF2 /* ip++.h */, - 4CA6849B0525011D00233BF2 /* ip++.cpp */, - 4CA684BC0525011E00233BF2 /* url.h */, - 4CA684BB0525011E00233BF2 /* url.cpp */, - C2EF2B5E066E51F400F205D4 /* Socks */, - ); - name = Network; - sourceTree = ""; - }; - C2EF2B64066E52C100F205D4 /* Mach */ = { - isa = PBXGroup; - children = ( - C2EA5E43052BA4E200473E26 /* mach++.h */, - C2EA5E42052BA4E200473E26 /* mach++.cpp */, - 4CA684A10525011D00233BF2 /* mach_notify.h */, - 4CA684A00525011D00233BF2 /* mach_notify.c */, - C24DAED306B8952E00387C29 /* cfmach++.h */, - C24DAED206B8952E00387C29 /* cfmach++.cpp */, - C2B9F3620D5A288900CAB713 /* macho++.h */, - C2B9F3610D5A288900CAB713 /* macho++.cpp */, - C2AEE7EC0F30CF6600C7649E /* dyldcache.h */, - C2AEE7EB0F30CF6600C7649E /* dyldcache.cpp */, - C2AEE7E80F30CF5A00C7649E /* dyld_cache_format.h */, - C2EA5E47052BA4E200473E26 /* machserver.h */, - C2EA5E46052BA4E200473E26 /* machserver.cpp */, - C2EA5E45052BA4E200473E26 /* machrunloopserver.h */, - C2EA5E44052BA4E200473E26 /* machrunloopserver.cpp */, - ); - name = Mach; - sourceTree = ""; - }; - C2EF2B67066E52F700F205D4 /* Unix */ = { - isa = PBXGroup; - children = ( - 4CA684900525011D00233BF2 /* fdmover.h */, - 4CA6848F0525011D00233BF2 /* fdmover.cpp */, - 4CA684920525011D00233BF2 /* fdsel.h */, - 4CA684910525011D00233BF2 /* fdsel.cpp */, - C2C164890F66F2CA00FD6D34 /* kq++.h */, - C2C1648D0F66F2D300FD6D34 /* kq++.cpp */, - C2B1EE2906D5929700F68F34 /* muscle++.h */, - C2B1EE2806D5929700F68F34 /* muscle++.cpp */, - C2EF2B59066E516600F205D4 /* pcsc++.h */, - C2EF2B58066E516600F205D4 /* pcsc++.cpp */, - 4CA684A70525011D00233BF2 /* selector.h */, - 4CA684A60525011D00233BF2 /* selector.cpp */, - 4CA684BA0525011E00233BF2 /* unix++.h */, - 4CA684B90525011E00233BF2 /* unix++.cpp */, - C2A7D0B606AEDB94009A7A1E /* unixchild.h */, - C2A7D0B506AEDB94009A7A1E /* unixchild.cpp */, - C2E7B1F90E2415D700956987 /* vproc++.h */, - C2E7B1F80E2415D700956987 /* vproc++.cpp */, - ); - name = Unix; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 4CAA67D50559A917004E1C98 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 1807388C146D1B2900F05C24 /* crc.h in Headers */, - 1807388D146D1B2900F05C24 /* adornments.h in Headers */, - 1807388E146D1B2900F05C24 /* alloc.h in Headers */, - 181EA38B146D1D5A00A6D320 /* blob.h in Headers */, - 181EA38C146D1D5A00A6D320 /* ccaudit.h in Headers */, - 181EA38D146D1D5A00A6D320 /* daemon.h in Headers */, - DC3122E71CE64E080040B1BD /* debugging.h in Headers */, - 181EA38E146D1D5A00A6D320 /* debugging_internal.h in Headers */, - 181EA38F146D1D5A00A6D320 /* debugsupport.h in Headers */, - 181EA390146D1D5A00A6D320 /* devrandom.h in Headers */, - 181EA391146D1D5A00A6D320 /* endian.h in Headers */, - 181EA392146D1D5A00A6D320 /* errors.h in Headers */, - 181EA393146D1D5A00A6D320 /* globalizer.h in Headers */, - 181EA394146D1D5A00A6D320 /* hashing.h in Headers */, - 181EA395146D1D5A00A6D320 /* iodevices.h in Headers */, - 181EA396146D1D5A00A6D320 /* ktracecodes.h in Headers */, - 181EA397146D1D5A00A6D320 /* logging.h in Headers */, - 181EA398146D1D5A00A6D320 /* memstreams.h in Headers */, - 181EA399146D1D5A00A6D320 /* memutils.h in Headers */, - 181EA39A146D1D5A00A6D320 /* osxcode.h in Headers */, - 181EA39B146D1D5A00A6D320 /* powerwatch.h in Headers */, - 181EA39C146D1D5A00A6D320 /* refcount.h in Headers */, - 181EA39D146D1D5A00A6D320 /* seccfobject.h in Headers */, - DC27E9F61BBC589500C9BC39 /* CSPDLTransaction.h in Headers */, - 181EA39E146D1D5A00A6D320 /* security_utilities.h in Headers */, - 181EA39F146D1D5A00A6D320 /* simpleprefs.h in Headers */, - 181EA3A0146D1D5A00A6D320 /* sqlite++.h in Headers */, - 181EA3A1146D1D5A00A6D320 /* streams.h in Headers */, - 181EA3A2146D1D5A00A6D320 /* superblob.h in Headers */, - 181EA3A3146D1D5A00A6D320 /* threading.h in Headers */, - 181EA3A4146D1D5A00A6D320 /* threading_internal.h in Headers */, - 181EA3A5146D1D5A00A6D320 /* timeflow.h in Headers */, - 181EA3A6146D1D5A00A6D320 /* tqueue.h in Headers */, - 181EA3A7146D1D5A00A6D320 /* trackingallocator.h in Headers */, - 181EA3A8146D1D5A00A6D320 /* transactions.h in Headers */, - 181EA3A9146D1D5A00A6D320 /* typedvalue.h in Headers */, - 181EA3AA146D1D5A00A6D320 /* utilities.h in Headers */, - DCCBDF391C51A4DC004BB34E /* FileLockTransaction.h in Headers */, - 181EA3AB146D1D5A00A6D320 /* utility_config.h in Headers */, - 181EA3AE146D1D7600A6D320 /* fdmover.h in Headers */, - 181EA3AF146D1D7600A6D320 /* fdsel.h in Headers */, - 181EA3B0146D1D7600A6D320 /* kq++.h in Headers */, - 181EA3B1146D1D7600A6D320 /* muscle++.h in Headers */, - 181EA3B2146D1D7600A6D320 /* pcsc++.h in Headers */, - 181EA3B3146D1D7600A6D320 /* selector.h in Headers */, - 181EA3B4146D1D7600A6D320 /* unix++.h in Headers */, - 181EA3B5146D1D7600A6D320 /* unixchild.h in Headers */, - 181EA3B6146D1D7600A6D320 /* vproc++.h in Headers */, - 181EA3B7146D1D7F00A6D320 /* mach++.h in Headers */, - 181EA3B8146D1D7F00A6D320 /* mach_notify.h in Headers */, - 181EA3B9146D1D7F00A6D320 /* cfmach++.h in Headers */, - 181EA3BA146D1D7F00A6D320 /* macho++.h in Headers */, - 181EA3BB146D1D7F00A6D320 /* dyldcache.h in Headers */, - 181EA3BC146D1D7F00A6D320 /* dyld_cache_format.h in Headers */, - 181EA3BD146D1D7F00A6D320 /* machserver.h in Headers */, - 7A93A12519BE6FA600F07E9A /* dispatch.h in Headers */, - 181EA3BE146D1D7F00A6D320 /* machrunloopserver.h in Headers */, - 181EA3BF146D1D8600A6D320 /* coderepository.h in Headers */, - 181EA3C0146D1D8600A6D320 /* cfclass.h in Headers */, - 181EA3C1146D1D8600A6D320 /* cfmunge.h in Headers */, - 181EA3C2146D1D8600A6D320 /* cfutilities.h in Headers */, - 181EA3C3146D1D8E00A6D320 /* bufferfifo.h in Headers */, - 181EA3C4146D1D8E00A6D320 /* buffers.h in Headers */, - DCE4BC3E1C6E7BFC001596A7 /* casts.h in Headers */, - 181EA3C5146D1D8E00A6D320 /* headermap.h in Headers */, - 181EA3C6146D1D8E00A6D320 /* hosts.h in Headers */, - 181EA3C7146D1D8E00A6D320 /* inetreply.h in Headers */, - 181EA3C8146D1D8E00A6D320 /* ip++.h in Headers */, - 181EA3C9146D1D8E00A6D320 /* url.h in Headers */, - 181EA3CA146D1D9700A6D320 /* socks++.h in Headers */, - 181EA3CB146D1D9700A6D320 /* socks++4.h in Headers */, - 181EA3CC146D1D9700A6D320 /* socks++5.h in Headers */, - 1865FC241472444600FD79DF /* utilities_dtrace.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 4CA2A5390523D32800978A7B /* libsecurity_utilities */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD40F0987FCDF001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_utilities" */; - buildPhases = ( - 4CAA67D50559A917004E1C98 /* Headers */, - 4CA2A5360523D32800978A7B /* Sources */, - 4CA2A5370523D32800978A7B /* Frameworks */, - 18B96AFF14743F3A005A4D2E /* ShellScript */, - ); - buildRules = ( - ); - dependencies = ( - 181EA3CF146D1E5D00A6D320 /* PBXTargetDependency */, - ); - name = libsecurity_utilities; - productName = libsecurity_utilities.a; - productReference = 4CA2A53A0523D32800978A7B /* libsecurity_utilities.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA2A5330523D2CD00978A7B /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD4140987FCDF001272E0 /* Build configuration list for PBXProject "libsecurity_utilities" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - English, - Japanese, - French, - German, - ); - mainGroup = 4CA2A52F0523D2CD00978A7B; - productRefGroup = 4CA2A53B0523D32800978A7B /* Products */; - projectDirPath = ""; - projectRoot = ""; - targets = ( - 4CA2A5390523D32800978A7B /* libsecurity_utilities */, - C2C9C69D0CECBE8400B3FE07 /* libsecurity_utilitiesDTrace */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXShellScriptBuildPhase section */ - 18B96AFF14743F3A005A4D2E /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - "$(SRCROOT)/", - "$(SRCROOT)/lib/", - ); - outputPaths = ( - "${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}", - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "# with our source directories as input files, Xcode will only re-run this phase if there's been a source change\nnmedit -s lib/exports -p \"${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}\"\nranlib \"${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}\""; - }; - C2C9C69C0CECBE8400B3FE07 /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - "$(SRCROOT)/lib/security_utilities.d", - ); - outputPaths = ( - "$(BUILT_PRODUCTS_DIR)/derived_src/security_utilities/utilities_dtrace.h", - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "export DERIVED_SRC=$BUILT_PRODUCTS_DIR/derived_src/security_utilities\nmkdir -p $DERIVED_SRC\n#/usr/sbin/dtrace -h -C -s $SRCROOT/lib/security_utilities.d -o $DERIVED_SRC/utilities_dtrace.h\nmake -f $PROJECT_DIR/lib/dtrace.mk\n"; - }; -/* End PBXShellScriptBuildPhase section */ - -/* Begin PBXSourcesBuildPhase section */ - 4CA2A5360523D32800978A7B /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - C27994F3052B5F77004B95B8 /* alloc.cpp in Sources */, - 4CA684C00525011E00233BF2 /* bufferfifo.cpp in Sources */, - 4CA684C20525011E00233BF2 /* buffers.cpp in Sources */, - C2B9F3630D5A28CA00CAB713 /* cfmunge.cpp in Sources */, - 4CA684C40525011E00233BF2 /* cfutilities.cpp in Sources */, - 7A93A12419BE6FA600F07E9A /* dispatch.cpp in Sources */, - 4CA684C60525011E00233BF2 /* daemon.cpp in Sources */, - 4CA684C80525011E00233BF2 /* debugging_internal.cpp in Sources */, - 4CA684CB0525011E00233BF2 /* devrandom.cpp in Sources */, - DCCBDF381C51A4DC004BB34E /* FileLockTransaction.cpp in Sources */, - C2AEE7ED0F30CF8600C7649E /* dyldcache.cpp in Sources */, - 4CA684CD0525011E00233BF2 /* endian.cpp in Sources */, - C22EC3A9052B807700D55C69 /* errors.cpp in Sources */, - 4CA684CF0525011E00233BF2 /* fdmover.cpp in Sources */, - 4CA684D10525011E00233BF2 /* fdsel.cpp in Sources */, - 4CA684D30525011E00233BF2 /* globalizer.cpp in Sources */, - 4CA684D50525011E00233BF2 /* headermap.cpp in Sources */, - 4CA684D70525011E00233BF2 /* hosts.cpp in Sources */, - 4CA684D90525011E00233BF2 /* inetreply.cpp in Sources */, - 4CA684DB0525011E00233BF2 /* ip++.cpp in Sources */, - 4CA684DE0525011E00233BF2 /* logging.cpp in Sources */, - C2EA5E48052BA4E200473E26 /* mach++.cpp in Sources */, - 4CA684E00525011E00233BF2 /* mach_notify.c in Sources */, - C2B9F3640D5A28D500CAB713 /* macho++.cpp in Sources */, - C2EA5E4A052BA4E200473E26 /* machrunloopserver.cpp in Sources */, - C2EA5E4C052BA4E200473E26 /* machserver.cpp in Sources */, - C25F97E8052C93BD00EDA739 /* powerwatch.cpp in Sources */, - 4CA684E60525011E00233BF2 /* selector.cpp in Sources */, - 4CA684E80525011E00233BF2 /* socks++.cpp in Sources */, - 4CA684EA0525011E00233BF2 /* socks++4.cpp in Sources */, - 4CA684EC0525011E00233BF2 /* socks++5.cpp in Sources */, - 4CA684EE0525011E00233BF2 /* streams.cpp in Sources */, - 4CA684F00525011E00233BF2 /* threading.cpp in Sources */, - 4CA684F30525011E00233BF2 /* timeflow.cpp in Sources */, - 4CA684F50525011E00233BF2 /* tqueue.cpp in Sources */, - C200C0800731DEA300564CE0 /* trackingallocator.cpp in Sources */, - 4CA684F70525011E00233BF2 /* typedvalue.cpp in Sources */, - 4CA684F90525011E00233BF2 /* unix++.cpp in Sources */, - 4CA684FB0525011E00233BF2 /* url.cpp in Sources */, - 4CA684FD0525011E00233BF2 /* utilities.cpp in Sources */, - D65C871405DC11C300B401EF /* cfclass.cpp in Sources */, - D6C5F6BD05DD47EC00722571 /* seccfobject.cpp in Sources */, - C2EF2B5A066E516600F205D4 /* pcsc++.cpp in Sources */, - C2A7D0B706AEDB94009A7A1E /* unixchild.cpp in Sources */, - DC27E9F51BBC589500C9BC39 /* CSPDLTransaction.cpp in Sources */, - C20A206B06B03FDC00979EF3 /* osxcode.cpp in Sources */, - C24DAED406B8952E00387C29 /* cfmach++.cpp in Sources */, - C2B1EBFF06D557B300F68F34 /* adornments.cpp in Sources */, - C2B1EE2A06D5929700F68F34 /* muscle++.cpp in Sources */, - C285ECFA06FB474B0007ECD6 /* transactions.cpp in Sources */, - 4C6A39A806FFAD8000B6E105 /* simpleprefs.cpp in Sources */, - C2D02F9D06FFD41200A4C9B0 /* iodevices.cpp in Sources */, - C2D7B6FC0709CB7F00F2AE5F /* coderepository.cpp in Sources */, - 4E4813D707739B0C0090D7C2 /* ccaudit.cpp in Sources */, - C2D382930A225B23005C63A2 /* hashing.cpp in Sources */, - C22551000A264BA0007D3358 /* blob.cpp in Sources */, - C2CBCF520A3E27CF0025C2F9 /* superblob.cpp in Sources */, - AAAA499A0CC587B50099E9D4 /* crc.c in Sources */, - C2E7B1FA0E2415D700956987 /* vproc++.cpp in Sources */, - C28342CA0E366A8E00E54360 /* sqlite++.cpp in Sources */, - C2C1648E0F66F2D300FD6D34 /* kq++.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - 181EA3CF146D1E5D00A6D320 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = C2C9C69D0CECBE8400B3FE07 /* libsecurity_utilitiesDTrace */; - targetProxy = 181EA3CE146D1E5D00A6D320 /* PBXContainerItemProxy */; - }; -/* End PBXTargetDependency section */ - -/* Begin XCBuildConfiguration section */ - C27AD4100987FCDF001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 181EA3EB146D2A5F00A6D320 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - EXPORTED_SYMBOLS_FILE = ""; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_utilities; - SKIP_INSTALL = NO; - WARNING_CFLAGS = ( - "-Wno-error=#warnings", - "-Wmost", - "-Wno-four-char-constants", - "-Wno-unknown-pragmas", - "$(inherited)", - ); - }; - name = Debug; - }; - C27AD4130987FCDF001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 181EA3ED146D2A5F00A6D320 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - EXPORTED_SYMBOLS_FILE = ""; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_utilities; - SKIP_INSTALL = NO; - WARNING_CFLAGS = ( - "-Wno-error=#warnings", - "-Wmost", - "-Wno-four-char-constants", - "-Wno-unknown-pragmas", - "$(inherited)", - ); - }; - name = Release; - }; - C27AD4150987FCDF001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 181EA3EC146D2A5F00A6D320 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD4180987FCDF001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 181EA3EC146D2A5F00A6D320 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; - C2C9C69E0CECBE8500B3FE07 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - INSTALLHDRS_SCRIPT_PHASE = YES; - }; - name = Debug; - }; - C2C9C6A10CECBE8500B3FE07 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - INSTALLHDRS_SCRIPT_PHASE = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C27AD40F0987FCDF001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_utilities" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD4100987FCDF001272E0 /* Debug */, - C27AD4130987FCDF001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD4140987FCDF001272E0 /* Build configuration list for PBXProject "libsecurity_utilities" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD4150987FCDF001272E0 /* Debug */, - C27AD4180987FCDF001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C2C9C6A20CECBEA300B3FE07 /* Build configuration list for PBXAggregateTarget "libsecurity_utilitiesDTrace" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C2C9C69E0CECBE8500B3FE07 /* Debug */, - C2C9C6A10CECBE8500B3FE07 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA2A5330523D2CD00978A7B /* Project object */; -} diff --git a/OSX/libsecurityd/lib/SharedMemoryClient.cpp b/OSX/libsecurityd/lib/SharedMemoryClient.cpp index 6c2ea124..3acb37d2 100644 --- a/OSX/libsecurityd/lib/SharedMemoryClient.cpp +++ b/OSX/libsecurityd/lib/SharedMemoryClient.cpp @@ -8,12 +8,26 @@ #include "SharedMemoryClient.h" #include #include - -static const char* kPrefix = "/var/db/mds/messages/se_"; +#include +#include using namespace Security; -SharedMemoryClient::SharedMemoryClient (const char* segmentName, SegmentOffsetType segmentSize) +//================================================================================= +// SharedMemoryClient +//================================================================================= + +static std::string unixerrorstr(int errnum) { + string errstr; + char buf[1024]; + // might return ERANGE + /* int rx = */ strerror_r(errnum, buf, sizeof(buf)); + errstr = string(buf); + errstr += "(" + to_string(errnum) + ")"; + return errstr; +} + +SharedMemoryClient::SharedMemoryClient (const char* segmentName, SegmentOffsetType segmentSize, uid_t uid) { StLock _(mMutex); @@ -21,29 +35,33 @@ SharedMemoryClient::SharedMemoryClient (const char* segmentName, SegmentOffsetTy mSegmentSize = segmentSize; mSegment = (u_int8_t*) MAP_FAILED; mDataArea = mDataPtr = 0; + mUID = uid; + + secdebug("MDSPRIVACY","[%03d] creating SharedMemoryClient with segmentName %s, size: %d", mUID, segmentName, segmentSize); - if (segmentSize < sizeof(u_int32_t)) + if (segmentSize < sizeof(u_int32_t)) return; - + // make the name int segmentDescriptor; { - std::string name (kPrefix); - name += segmentName; - + std::string name(SharedMemoryCommon::SharedMemoryFilePath(mSegmentName.c_str(), mUID)); + // make a connection to the shared memory block - segmentDescriptor = open (name.c_str (), O_RDONLY, S_IROTH); + segmentDescriptor = open (name.c_str(), O_RDONLY, S_IROTH); if (segmentDescriptor < 0) // error on opening the shared memory segment? { + secdebug("MDSPRIVACY","[%03d] SharedMemoryClient open of %s failed: %s", mUID, name.c_str(), unixerrorstr(errno).c_str()); // CssmError::throwMe (CSSM_ERRCODE_INTERNAL_ERROR); return; } } - // check the file size is large enough to support Operations + // check that the file size is large enough to support operations struct stat statResult = {}; int result = fstat(segmentDescriptor, &statResult); if(result) { + secdebug("MDSPRIVACY","[%03d] SharedMemoryClient fstat failed: %d/%s", mUID, result, unixerrorstr(errno).c_str()); UnixError::throwMe(errno); } @@ -65,6 +83,7 @@ SharedMemoryClient::SharedMemoryClient (const char* segmentName, SegmentOffsetTy if (mSegment == MAP_FAILED) { + secdebug("MDSPRIVACY","[%03d] SharedMemoryClient mmap failed: %d", mUID, errno); return; } @@ -77,57 +96,41 @@ SharedMemoryClient::SharedMemoryClient (const char* segmentName, SegmentOffsetTy SharedMemoryClient::~SharedMemoryClient () { - StLock _(mMutex); - if (mSegment == NULL || mSegment == MAP_FAILED) // error on opening the shared memory segment? - { - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); - } - munmap (mSegment, mSegmentSize); + if (!uninitialized()) { + StLock _(mMutex); + munmap (mSegment, mSegmentSize); + } } - SegmentOffsetType SharedMemoryClient::GetProducerCount () { - if (mSegment == NULL || mSegment == MAP_FAILED) // error on opening the shared memory segment? - { + if (uninitialized()) { + secdebug("MDSPRIVACY","[%03d] SharedMemoryClient::GetProducerCount uninitialized", mUID); CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); } if( ((u_int8_t*) (((u_int32_t*) mSegment) + 1)) > mDataMax) { // Check we can actually read this u_int32_t + secdebug("MDSPRIVACY","[%03d] SharedMemoryClient::GetProducerCount uint > mDataMax", mUID); CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); } SegmentOffsetType offset = OSSwapBigToHostInt32 (*(u_int32_t*) mSegment); - if (&mSegment[offset] >= mDataMax) + if (&mSegment[offset] >= mDataMax) { + secdebug("MDSPRIVACY","[%03d] SharedMemoryClient::GetProducerCount offset > mDataMax", mUID); CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); - else - return offset; -} - - - -const char* SharedMemoryClient::GetSegmentName () -{ - return mSegmentName.c_str (); -} - - + } -size_t SharedMemoryClient::GetSegmentSize () -{ - return mSegmentSize; + return offset; } - - void SharedMemoryClient::ReadData (void* buffer, SegmentOffsetType length) { - if (mSegment == NULL || mSegment == MAP_FAILED) // error on opening the shared memory segment? - { - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); - } - + if (uninitialized()) { + secdebug("MDSPRIVACY","[%03d] ReadData mSegment fail uninitialized: %p", mUID, mSegment); + CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); + } + u_int8_t* bptr = (u_int8_t*) buffer; SegmentOffsetType bytesToEnd = (SegmentOffsetType)(mDataMax - mDataPtr); @@ -167,8 +170,8 @@ bool SharedMemoryClient::ReadMessage (void* message, SegmentOffsetType &length, { StLock _(mMutex); - if (mSegment == NULL || mSegment == MAP_FAILED) // error on opening the shared memory segment? - { + if (uninitialized()) { + secdebug("MDSPRIVACY","[%03d] ReadMessage mSegment fail uninitialized: %p", mUID, mSegment); CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); } @@ -177,6 +180,7 @@ bool SharedMemoryClient::ReadMessage (void* message, SegmentOffsetType &length, size_t offset = mDataPtr - mDataArea; if (offset == GetProducerCount()) { + secdebug("MDSPRIVACY","[%03d] ReadMessage GetProducerCount()", mUID); ur = kURNoMessage; return false; } @@ -188,14 +192,8 @@ bool SharedMemoryClient::ReadMessage (void* message, SegmentOffsetType &length, // get the length of the message stored there if (length == 0 || length >= kPoolAvailableForData) { - if (length == 0) - { - ur = kURNoMessage; - } - else - { - ur = kURBufferCorrupt; - } + secdebug("MDSPRIVACY","[%03d] ReadMessage length error: %d", mUID, length); + ur = (length == 0) ? kURNoMessage : kURBufferCorrupt; // something's gone wrong, reset. mDataPtr = mDataArea + GetProducerCount (); @@ -219,3 +217,52 @@ bool SharedMemoryClient::ReadMessage (void* message, SegmentOffsetType &length, return true; } + +//================================================================================= +// SharedMemoryCommon +//================================================================================= + +std::string SharedMemoryCommon::SharedMemoryFilePath(const char *segmentName, uid_t uid) { + std::string path; + uid = SharedMemoryCommon::fixUID(uid); + path = SharedMemoryCommon::kMDSMessagesDirectory; // i.e. /private/var/db/mds/messages/ + if (uid != 0) { + path += std::to_string(uid) + "/"; // e.g. /private/var/db/mds/messages/501/ + } + + path += SharedMemoryCommon::kUserPrefix; // e.g. /var/db/mds/messages/se_ + path += segmentName; // e.g. /var/db/mds/messages/501/se_SecurityMessages + return path; +} + +std::string SharedMemoryCommon::notificationDescription(int domain, int event) { + string domainstr, eventstr; + + switch (domain) { + case Security::SecurityServer::kNotificationDomainAll: domainstr = "all"; break; + case Security::SecurityServer::kNotificationDomainDatabase: domainstr = "database"; break; + case Security::SecurityServer::kNotificationDomainPCSC: domainstr = "pcsc"; break; + case Security::SecurityServer::kNotificationDomainCDSA: domainstr = "CDSA"; break; + default: + domainstr = "unknown"; + break; + } + + switch (event) { + case kSecLockEvent: eventstr = "lock"; break; + case kSecUnlockEvent: eventstr = "unlock"; break; + case kSecAddEvent: eventstr = "add"; break; + case kSecDeleteEvent: eventstr = "delete"; break; + case kSecUpdateEvent: eventstr = "update"; break; + case kSecPasswordChangedEvent: eventstr = "passwordChange"; break; + case kSecDefaultChangedEvent: eventstr = "defaultChange"; break; + case kSecDataAccessEvent: eventstr = "dataAccess"; break; + case kSecKeychainListChangedEvent: eventstr = "listChange"; break; + case kSecTrustSettingsChangedEvent: eventstr = "trustSettings"; break; + default: + domainstr = "unknown"; + break; + } + + return "Domain: " + domainstr + ", Event: " + eventstr; +} diff --git a/OSX/libsecurityd/lib/SharedMemoryClient.h b/OSX/libsecurityd/lib/SharedMemoryClient.h index b24b73bf..5e539af3 100644 --- a/OSX/libsecurityd/lib/SharedMemoryClient.h +++ b/OSX/libsecurityd/lib/SharedMemoryClient.h @@ -1,8 +1,29 @@ +/* + * Copyright (c) 2016-2017 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + #ifndef __SHAREDMEMORYCLIENT__ #define __SHAREDMEMORYCLIENT__ - - #include #include #include @@ -11,6 +32,7 @@ namespace Security { + enum UnavailableReason {kURNone, kURMessageDropped, kURMessagePending, kURNoMessage, kURBufferCorrupt}; class SharedMemoryClient @@ -19,28 +41,34 @@ protected: std::string mSegmentName; size_t mSegmentSize; Mutex mMutex; - + uid_t mUID; + u_int8_t* mSegment; u_int8_t* mDataArea; u_int8_t* mDataPtr; u_int8_t* mDataMax; SegmentOffsetType GetProducerCount (); - + void ReadData (void* buffer, SegmentOffsetType bytesToRead); SegmentOffsetType ReadOffset (); public: - SharedMemoryClient (const char* segmentName, SegmentOffsetType segmentSize); + SharedMemoryClient (const char* segmentName, SegmentOffsetType segmentSize, uid_t uid = 0); virtual ~SharedMemoryClient (); bool ReadMessage (void* message, SegmentOffsetType &length, UnavailableReason &ur); - const char* GetSegmentName (); - size_t GetSegmentSize (); -}; + const char* GetSegmentName() { return mSegmentName.c_str (); } + size_t GetSegmentSize() { return mSegmentSize; } + + uid_t getUID() const { return mUID; } + bool uninitialized() { return (mSegment == NULL || mSegment == MAP_FAILED); } }; +}; /* namespace */ + #endif + diff --git a/OSX/libsecurityd/lib/SharedMemoryCommon.h b/OSX/libsecurityd/lib/SharedMemoryCommon.h index 227993f0..951f0ad3 100644 --- a/OSX/libsecurityd/lib/SharedMemoryCommon.h +++ b/OSX/libsecurityd/lib/SharedMemoryCommon.h @@ -38,6 +38,24 @@ const unsigned kPoolAvailableForData = kSharedMemoryPoolSize - kBytesWrittenLeng typedef u_int32_t SegmentOffsetType; -#define SECURITY_MESSAGES_NAME "SecurityMessages" +class SharedMemoryCommon +{ +public: + SharedMemoryCommon() {} + virtual ~SharedMemoryCommon (); + + // Is this a system user or a regular user? + static uid_t fixUID(uid_t uid) { return (uid < 500) ? 0 : uid; } + + static std::string SharedMemoryFilePath(const char *segmentName, uid_t uid); + static std::string notificationDescription(int domain, int event); + + constexpr static const char* const kMDSDirectory = "/private/var/db/mds/"; + constexpr static const char* const kMDSMessagesDirectory = "/private/var/db/mds/messages/"; + constexpr static const char* const kUserPrefix = "se_"; + + constexpr static const char* const kDefaultSecurityMessagesName = "SecurityMessages"; +}; + #endif diff --git a/OSX/libsecurityd/lib/dictionary.h b/OSX/libsecurityd/lib/dictionary.h index adc04c38..76c3f74d 100644 --- a/OSX/libsecurityd/lib/dictionary.h +++ b/OSX/libsecurityd/lib/dictionary.h @@ -55,7 +55,7 @@ public: NameValuePair (const CssmData &data); ~NameValuePair (); - const uint32 Name () {return mName;} + uint32 Name () {return mName;} const CssmData& Value () const {return mValue;} void Export (CssmData &data) const; }; diff --git a/OSX/libsecurityd/lib/eventlistener.cpp b/OSX/libsecurityd/lib/eventlistener.cpp index 73690322..65cebe8f 100644 --- a/OSX/libsecurityd/lib/eventlistener.cpp +++ b/OSX/libsecurityd/lib/eventlistener.cpp @@ -46,7 +46,7 @@ static const char* GetNotificationName () const char* name = getenv (SECURITYSERVER_BOOTSTRAP_ENV); if (name == NULL) { - name = SECURITY_MESSAGES_NAME; + name = SharedMemoryCommon::kDefaultSecurityMessagesName; } return name; @@ -66,8 +66,9 @@ public: -SharedMemoryClientMaker::SharedMemoryClientMaker () : mClient (GetNotificationName (), kSharedMemoryPoolSize) +SharedMemoryClientMaker::SharedMemoryClientMaker () : mClient (GetNotificationName (), kSharedMemoryPoolSize, SharedMemoryCommon::fixUID(getuid())) { + secdebug("MDSPRIVACY","[%03d] SharedMemoryClientMaker uid: %d, euid: %d, name: %s", mClient.getUID(), getuid(), geteuid(), GetNotificationName ()); } @@ -86,12 +87,18 @@ ModuleNexus gMemoryClient; // // Note that once we start notifications, we want receive them forever. Don't have a cancel option. // -static void InitializeNotifications () { +static bool InitializeNotifications () { + bool initializationComplete = false; static dispatch_queue_t notification_queue = EventListener::getNotificationQueue(); + secdebug("MDSPRIVACY","EventListener Init: uid: %d, euid: %d, name: %s", getuid(), geteuid(), GetNotificationName ()); // Initialize the memory client gMemoryClient(); + if (gMemoryClient().Client()->uninitialized()) { + secdebug("MDSPRIVACY","[%03d] FATAL: InitializeNotifications EventListener uninitialized; process will never get keychain notifications", getuid()); + return initializationComplete; + } int out_token; notify_handler_t receive = ^(int token){ @@ -110,6 +117,7 @@ static void InitializeNotifications () { result = gMemoryClient().Client()->ReadMessage(buffer, length, ur); if (!result) { + secdebug("MDSPRIVACY","[%03d] notify_handler ReadMessage ur: %d", getuid(), ur); delete [] buffer; return; } @@ -127,6 +135,8 @@ static void InitializeNotifications () { SecurityServer::NotificationEvent event = (SecurityServer::NotificationEvent) OSSwapBigToHostInt32 (*ptr++); CssmData data ((u_int8_t*) ptr, buffer + length - (u_int8_t*) ptr); + string descrip = SharedMemoryCommon::notificationDescription(domain, event); + secdebug("MDSPRIVACY","[%03d] notify_handler: %s", getuid(), descrip.c_str()); EventListenerList::iterator it = eventList.begin (); while (it != eventList.end ()) { @@ -142,7 +152,7 @@ static void InitializeNotifications () { catch (CssmError &e) { // If we throw, libnotify will abort the process. Log these... - secerror("Caught CssmError while processing notification: %d %s", e.error, cssmErrorString(e.error)); + secerror("caught CssmError while processing notification: %d %s", e.error, cssmErrorString(e.error)); } } } @@ -161,44 +171,46 @@ static void InitializeNotifications () { secerror("caught MacOSError during notification: %d %s", (int) mose.osStatus(), mose.what()); } catch (...) { - secerror("cauth unknknown error during notification"); + secerror("caught unknown error during notification"); } }; uint32_t status = notify_register_dispatch(GetNotificationName(), &out_token, notification_queue, receive); - if(status) { + if (status) { secerror("notify_register_dispatch failed: %d", status); syslog(LOG_ERR, "notify_register_dispatch failed: %d", status); + } else { + initializationComplete = true; } + return initializationComplete; } EventListener::EventListener (NotificationDomain domain, NotificationMask eventMask) - : mDomain (domain), mMask (eventMask) + : mInitialized(false), mDomain (domain), mMask (eventMask) { // make sure that notifications are turned on. - InitializeNotifications (); + mInitialized = InitializeNotifications(); } // // StopNotification() is needed on destruction; everyone else cleans up after themselves. // -EventListener::~EventListener () -{ - StLock lock (gNotificationLock ()); - - // find the listener in the list and remove it - EventListenerList::iterator it = std::find (gEventListeners ().begin (), - gEventListeners ().end (), - this); - if (it != gEventListeners ().end ()) - { - gEventListeners ().erase (it); - } +EventListener::~EventListener () { + if (initialized()) { + StLock lock (gNotificationLock ()); + + // find the listener in the list and remove it + EventListenerList::iterator it = std::find (gEventListeners ().begin (), + gEventListeners ().end (), + this); + if (it != gEventListeners ().end ()) + { + gEventListeners ().erase (it); + } + } } - - // get rid of the pure virtual void EventListener::consume(NotificationDomain, NotificationEvent, const Security::CssmData&) { @@ -206,10 +218,11 @@ void EventListener::consume(NotificationDomain, NotificationEvent, const Securit -void EventListener::FinishedInitialization(EventListener *eventListener) -{ - StLock lock (gNotificationLock ()); - gEventListeners().push_back (eventListener); +void EventListener::FinishedInitialization(EventListener *eventListener) { + if (eventListener->initialized()) { + StLock lock (gNotificationLock ()); + gEventListeners().push_back (eventListener); + } } dispatch_once_t EventListener::queueOnceToken = 0; diff --git a/OSX/libsecurityd/lib/eventlistener.h b/OSX/libsecurityd/lib/eventlistener.h index 889cddf1..c798ea0e 100644 --- a/OSX/libsecurityd/lib/eventlistener.h +++ b/OSX/libsecurityd/lib/eventlistener.h @@ -39,6 +39,7 @@ namespace SecurityServer { class EventListener : public RefCount { protected: + bool mInitialized; NotificationDomain mDomain; NotificationMask mMask; @@ -50,6 +51,8 @@ public: EventListener(NotificationDomain domain, NotificationMask eventMask); virtual ~EventListener(); + virtual bool initialized() { return mInitialized; } + virtual void consume(NotificationDomain domain, NotificationEvent event, const CssmData& data); NotificationDomain GetDomain () {return mDomain;} diff --git a/OSX/libsecurityd/lib/sec_xdr.c b/OSX/libsecurityd/lib/sec_xdr.c index 54869b04..e3ae277a 100644 --- a/OSX/libsecurityd/lib/sec_xdr.c +++ b/OSX/libsecurityd/lib/sec_xdr.c @@ -64,7 +64,7 @@ bool_t sec_xdr_bytes(XDR *xdrs, uint8_t **cpp, u_int *sizep, u_int maxsize) if (!sp) { if (!sec_mem_alloc(xdrs, nodesize, &sp)) return (FALSE); - if (!sizeof_alloc) + if (!sizeof_alloc && cpp != NULL) *cpp = sp; /* sp can be NULL when counting required space */ } /* FALLTHROUGH */ @@ -263,7 +263,9 @@ bool_t copyout(const void *copy, u_int size, xdrproc_t proc, void **data, u_int if (proc(&xdr, data, 0)) { - *length = length_required; + if(length) { + *length = length_required; + } return (TRUE); } diff --git a/OSX/libsecurityd/lib/sec_xdr_array.c b/OSX/libsecurityd/lib/sec_xdr_array.c index 8d81b797..a0f710f1 100644 --- a/OSX/libsecurityd/lib/sec_xdr_array.c +++ b/OSX/libsecurityd/lib/sec_xdr_array.c @@ -129,8 +129,9 @@ sec_xdr_array(XDR *xdrs, uint8_t **addrp, u_int *sizep, u_int maxsize, u_int els return (FALSE); if (!target) target = &obj[0]; - if (!sizeof_alloc) + if (!sizeof_alloc && addrp != NULL) { *addrp = target; + } break; case XDR_FREE: @@ -155,7 +156,7 @@ sec_xdr_array(XDR *xdrs, uint8_t **addrp, u_int *sizep, u_int maxsize, u_int els /* * the array may need freeing */ - if (xdrs->x_op == XDR_FREE) { + if (xdrs->x_op == XDR_FREE && addrp != NULL) { sec_mem_free(xdrs, *addrp, nodesize); *addrp = NULL; } diff --git a/OSX/libsecurityd/lib/sec_xdr_reference.c b/OSX/libsecurityd/lib/sec_xdr_reference.c index 176e67a9..0ceadc0f 100644 --- a/OSX/libsecurityd/lib/sec_xdr_reference.c +++ b/OSX/libsecurityd/lib/sec_xdr_reference.c @@ -113,7 +113,7 @@ sec_xdr_reference(XDR *xdrs, uint8_t **pp, u_int size, xdrproc_t proc) memset(obj, 0, size); loc = &obj[0]; } - if (!sizeof_alloc) + if (!sizeof_alloc && pp != NULL) *pp = loc; break; } @@ -125,7 +125,9 @@ sec_xdr_reference(XDR *xdrs, uint8_t **pp, u_int size, xdrproc_t proc) if (xdrs->x_op == XDR_FREE) { sec_mem_free(xdrs, loc, size); - *pp = NULL; + if(pp) { + *pp = NULL; + } } return (stat); } @@ -143,7 +145,7 @@ sec_xdr_pointer(XDR *xdrs, uint8_t **objpp, u_int obj_size, xdrproc_t xdr_obj) bool_t sizeof_alloc = sec_xdr_arena_size_allocator(xdrs); if (! more_data) { - if ((xdrs->x_op == XDR_DECODE) && !sizeof_alloc) + if ((xdrs->x_op == XDR_DECODE) && !sizeof_alloc && objpp != NULL) *objpp = NULL; return (TRUE); } diff --git a/OSX/libsecurityd/lib/ssblob.cpp b/OSX/libsecurityd/lib/ssblob.cpp index a283ad30..da56d9d4 100644 --- a/OSX/libsecurityd/lib/ssblob.cpp +++ b/OSX/libsecurityd/lib/ssblob.cpp @@ -26,7 +26,7 @@ // ssclient - SecurityServer client interface library // #include "ssblob.h" - +#include namespace Security { namespace SecurityServer { @@ -46,11 +46,11 @@ uint32 CommonBlob::getCurrentVersion() { secnotice("integrity", "creating a old-style keychain; global is off"); ret = version_MacOS_10_0; } - CFRelease(integrity); } else { secnotice("integrity", "global integrity not set, defaulting to on"); ret = version_partition; } + CFReleaseSafe(integrity); return ret; } diff --git a/OSX/libsecurityd/libsecurityd.xcodeproj/project.pbxproj b/OSX/libsecurityd/libsecurityd.xcodeproj/project.pbxproj deleted file mode 100644 index 47dee45b..00000000 --- a/OSX/libsecurityd/libsecurityd.xcodeproj/project.pbxproj +++ /dev/null @@ -1,810 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXAggregateTarget section */ - 4C31C2D9055341AA006D00BD /* world */ = { - isa = PBXAggregateTarget; - buildConfigurationList = C27AD42F0987FCDF001272E0 /* Build configuration list for PBXAggregateTarget "world" */; - buildPhases = ( - ); - dependencies = ( - 4C31C2DA055341B2006D00BD /* PBXTargetDependency */, - 4C31C2DB055341B4006D00BD /* PBXTargetDependency */, - C2A788760B7AA6A900CFF85C /* PBXTargetDependency */, - ); - name = world; - productName = world; - }; -/* End PBXAggregateTarget section */ - -/* Begin PBXBuildFile section */ - 18B965A014730132005A4D2E /* ss_types.defs in Headers */ = {isa = PBXBuildFile; fileRef = C226118F06B72038008DD0C6 /* ss_types.defs */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BFBA381472F1B4006B86EC /* SharedMemoryCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = D6E144FA0A6323E6008AA7E8 /* SharedMemoryCommon.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BFBA391472F1B4006B86EC /* handletypes.h in Headers */ = {isa = PBXBuildFile; fileRef = B6304AAF0E16C414006C13E3 /* handletypes.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BFBA3A1472F1B4006B86EC /* sscommon.h in Headers */ = {isa = PBXBuildFile; fileRef = C22AB9A406B6DE670025E6A9 /* sscommon.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BFBA3B1472F1B4006B86EC /* ssblob.h in Headers */ = {isa = PBXBuildFile; fileRef = C2A594F9052E4FC200AF1EE3 /* ssblob.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BFBA3C1472F1B4006B86EC /* dictionary.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C92640C05347DF3004B0E72 /* dictionary.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BFBA3D1472F1B4006B86EC /* sec_xdr.h in Headers */ = {isa = PBXBuildFile; fileRef = 40302BAE09C0B8D600EF5C72 /* sec_xdr.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BFBA3E1472F1B4006B86EC /* xdr_auth.h in Headers */ = {isa = PBXBuildFile; fileRef = 79EDA1BA092021D600205D34 /* xdr_auth.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BFBA3F1472F1B4006B86EC /* xdr_cssm.h in Headers */ = {isa = PBXBuildFile; fileRef = 40302BB309C0B8D600EF5C72 /* xdr_cssm.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BFBA401472F1B4006B86EC /* xdr_dldb.h in Headers */ = {isa = PBXBuildFile; fileRef = 40302BB509C0B8D600EF5C72 /* xdr_dldb.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BFBA411472F1B4006B86EC /* eventlistener.h in Headers */ = {isa = PBXBuildFile; fileRef = D6942E280A642276000E7E2F /* eventlistener.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BFBA421472F1B4006B86EC /* ssnotify.h in Headers */ = {isa = PBXBuildFile; fileRef = C252A4600662631900C0383D /* ssnotify.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BFBA431472F1B4006B86EC /* sstransit.h in Headers */ = {isa = PBXBuildFile; fileRef = C2A59416052E3F0800AF1EE3 /* sstransit.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BFBA441472F1B4006B86EC /* ss_types.h in Headers */ = {isa = PBXBuildFile; fileRef = C22611CB06B72147008DD0C6 /* ss_types.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BFBA451472F1B4006B86EC /* ucsp_types.h in Headers */ = {isa = PBXBuildFile; fileRef = C2A59508052E506A00AF1EE3 /* ucsp_types.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BFBA461472F1B4006B86EC /* ucsp.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C52AD640540BDD400536F78 /* ucsp.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BFBA471472F1B4006B86EC /* ucspNotify.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C52AD650540BDD400536F78 /* ucspNotify.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BFBA481472F1B4006B86EC /* cshosting.h in Headers */ = {isa = PBXBuildFile; fileRef = C2BD60C50AC849180057FD3D /* cshosting.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 18BFBA491472F20F006B86EC /* ssclient.h in Headers */ = {isa = PBXBuildFile; fileRef = C2A59414052E3F0800AF1EE3 /* ssclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 40302BB709C0B8D600EF5C72 /* sec_xdr.c in Sources */ = {isa = PBXBuildFile; fileRef = 40302BAD09C0B8D600EF5C72 /* sec_xdr.c */; }; - 40302BB809C0B8D600EF5C72 /* sec_xdr_array.c in Sources */ = {isa = PBXBuildFile; fileRef = 40302BAF09C0B8D600EF5C72 /* sec_xdr_array.c */; }; - 40302BB909C0B8D600EF5C72 /* sec_xdr_reference.c in Sources */ = {isa = PBXBuildFile; fileRef = 40302BB009C0B8D600EF5C72 /* sec_xdr_reference.c */; }; - 40302BBA09C0B8D600EF5C72 /* sec_xdrmem.c in Sources */ = {isa = PBXBuildFile; fileRef = 40302BB109C0B8D600EF5C72 /* sec_xdrmem.c */; }; - 40302BBB09C0B8D600EF5C72 /* xdr_cssm.c in Sources */ = {isa = PBXBuildFile; fileRef = 40302BB209C0B8D600EF5C72 /* xdr_cssm.c */; }; - 40302BBC09C0B8D600EF5C72 /* xdr_dldb.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 40302BB409C0B8D600EF5C72 /* xdr_dldb.cpp */; }; - 40302BBD09C0B8D600EF5C72 /* sec_xdr_sizeof.c in Sources */ = {isa = PBXBuildFile; fileRef = 40302BB609C0B8D600EF5C72 /* sec_xdr_sizeof.c */; }; - 40D4B1D6053236AE00A4FD03 /* sstransit.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2A59415052E3F0800AF1EE3 /* sstransit.cpp */; }; - 40D4B1D8053236B900A4FD03 /* ssblob.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2A594F8052E4FC200AF1EE3 /* ssblob.cpp */; }; - 4C47FCAD05364616005AC196 /* ssclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2A59413052E3F0800AF1EE3 /* ssclient.cpp */; }; - 4C92640F05347DF3004B0E72 /* dictionary.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C92640B05347DF3004B0E72 /* dictionary.cpp */; }; - 4CAF73520536405300D9DA7C /* ucspNotifySender.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CAF734E0536405300D9DA7C /* ucspNotifySender.cpp */; }; - 4CAF73540536405300D9DA7C /* ucspClient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CAF73500536405300D9DA7C /* ucspClient.cpp */; }; - 4CAF73550536406300D9DA7C /* ucspNotifyReceiver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CAF734D0536405300D9DA7C /* ucspNotifyReceiver.cpp */; }; - 4CAF73560536406400D9DA7C /* ucspServer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CAF734F0536405300D9DA7C /* ucspServer.cpp */; }; - 79EDA1BD092021D600205D34 /* xdr_auth.c in Sources */ = {isa = PBXBuildFile; fileRef = 79EDA1BB092021D600205D34 /* xdr_auth.c */; }; - C22E54CA06E02FED00923E45 /* transition.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C22E54C906E02FED00923E45 /* transition.cpp */; }; - C2A788740B7AA69100CFF85C /* ucspClientC.c in Sources */ = {isa = PBXBuildFile; fileRef = C2A788430B7AA33400CFF85C /* ucspClientC.c */; }; - C2BD60C80AC849180057FD3D /* cshostingClient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2BD60C60AC849180057FD3D /* cshostingClient.cpp */; }; - C2BD60C90AC849180057FD3D /* cshostingServer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2BD60C70AC849180057FD3D /* cshostingServer.cpp */; }; - D6942E330A6423BC000E7E2F /* SharedMemoryClient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = D6942E310A6423BC000E7E2F /* SharedMemoryClient.cpp */; }; - D6942E410A644E1A000E7E2F /* eventlistener.cpp in Sources */ = {isa = PBXBuildFile; fileRef = D6942E270A642276000E7E2F /* eventlistener.cpp */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 182BB16E146E9FAE000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 4C09A2920557240300FED7A3; - remoteInfo = "generate mig"; - }; - 182BB17B146EA388000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 182BB176146EA388000BF1F3 /* libsecurity_utilities.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA2A53A0523D32800978A7B; - remoteInfo = libsecurity_utilities; - }; - 182BB512146F295E000BF1F3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 182BB176146EA388000BF1F3 /* libsecurity_utilities.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = C2C9C69D0CECBE8400B3FE07; - remoteInfo = libsecurity_utilitiesDTrace; - }; - 4C09A2950557242A00FED7A3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 4C09A2920557240300FED7A3; - remoteInfo = "generate mig"; - }; - 4C3CC171055341CC007753DF /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurityd_client; - }; - 4C3CC173055341CC007753DF /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 4CA1FEC8052A44A100F22E42; - remoteInfo = libsecurityd_server; - }; - C2A788750B7AA6A900CFF85C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = C2A788530B7AA65B00CFF85C; - remoteInfo = ucspc; - }; - C2A788B10B7AA9A100CFF85C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 4C09A2920557240300FED7A3; - remoteInfo = "generate mig"; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXFileReference section */ - 182BB172146EA1D6000BF1F3 /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 182BB173146EA1D6000BF1F3 /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 182BB174146EA1D6000BF1F3 /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 182BB175146EA1D6000BF1F3 /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 182BB176146EA388000BF1F3 /* libsecurity_utilities.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_utilities.xcodeproj; path = ../libsecurity_utilities/libsecurity_utilities.xcodeproj; sourceTree = ""; }; - 40302BAD09C0B8D600EF5C72 /* sec_xdr.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = sec_xdr.c; path = lib/sec_xdr.c; sourceTree = ""; }; - 40302BAE09C0B8D600EF5C72 /* sec_xdr.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = sec_xdr.h; path = lib/sec_xdr.h; sourceTree = ""; }; - 40302BAF09C0B8D600EF5C72 /* sec_xdr_array.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = sec_xdr_array.c; path = lib/sec_xdr_array.c; sourceTree = ""; }; - 40302BB009C0B8D600EF5C72 /* sec_xdr_reference.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = sec_xdr_reference.c; path = lib/sec_xdr_reference.c; sourceTree = ""; }; - 40302BB109C0B8D600EF5C72 /* sec_xdrmem.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = sec_xdrmem.c; path = lib/sec_xdrmem.c; sourceTree = ""; }; - 40302BB209C0B8D600EF5C72 /* xdr_cssm.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = xdr_cssm.c; path = lib/xdr_cssm.c; sourceTree = ""; }; - 40302BB309C0B8D600EF5C72 /* xdr_cssm.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = xdr_cssm.h; path = lib/xdr_cssm.h; sourceTree = ""; }; - 40302BB409C0B8D600EF5C72 /* xdr_dldb.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = xdr_dldb.cpp; path = lib/xdr_dldb.cpp; sourceTree = ""; }; - 40302BB509C0B8D600EF5C72 /* xdr_dldb.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = xdr_dldb.h; path = lib/xdr_dldb.h; sourceTree = ""; }; - 40302BB609C0B8D600EF5C72 /* sec_xdr_sizeof.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = sec_xdr_sizeof.c; path = lib/sec_xdr_sizeof.c; sourceTree = ""; }; - 4C24BEF7055724C300C95CD3 /* mig.mk */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = mig.mk; sourceTree = ""; }; - 4C52AD640540BDD400536F78 /* ucsp.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = ucsp.h; path = derived_src/securityd_client/ucsp.h; sourceTree = BUILT_PRODUCTS_DIR; }; - 4C52AD650540BDD400536F78 /* ucspNotify.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = ucspNotify.h; path = derived_src/securityd_client/ucspNotify.h; sourceTree = BUILT_PRODUCTS_DIR; }; - 4C92640B05347DF3004B0E72 /* dictionary.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = dictionary.cpp; path = lib/dictionary.cpp; sourceTree = ""; }; - 4C92640C05347DF3004B0E72 /* dictionary.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = dictionary.h; path = lib/dictionary.h; sourceTree = ""; }; - 4CA1FEBE052A3C8100F22E42 /* libsecurityd_client.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurityd_client.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CA1FECD052A44A100F22E42 /* libsecurityd_server.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurityd_server.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CAF734D0536405300D9DA7C /* ucspNotifyReceiver.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = ucspNotifyReceiver.cpp; path = derived_src/securityd_client/ucspNotifyReceiver.cpp; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CAF734E0536405300D9DA7C /* ucspNotifySender.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = ucspNotifySender.cpp; path = derived_src/securityd_client/ucspNotifySender.cpp; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CAF734F0536405300D9DA7C /* ucspServer.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = ucspServer.cpp; path = derived_src/securityd_client/ucspServer.cpp; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CAF73500536405300D9DA7C /* ucspClient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = ucspClient.cpp; path = derived_src/securityd_client/ucspClient.cpp; sourceTree = BUILT_PRODUCTS_DIR; }; - 79EDA1BA092021D600205D34 /* xdr_auth.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = xdr_auth.h; path = lib/xdr_auth.h; sourceTree = ""; }; - 79EDA1BB092021D600205D34 /* xdr_auth.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = xdr_auth.c; path = lib/xdr_auth.c; sourceTree = ""; }; - B6304AAF0E16C414006C13E3 /* handletypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = handletypes.h; path = lib/handletypes.h; sourceTree = ""; }; - C226118F06B72038008DD0C6 /* ss_types.defs */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.mig; path = ss_types.defs; sourceTree = ""; }; - C22611CB06B72147008DD0C6 /* ss_types.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = ss_types.h; path = lib/ss_types.h; sourceTree = ""; }; - C22AB9A406B6DE670025E6A9 /* sscommon.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = sscommon.h; path = lib/sscommon.h; sourceTree = ""; }; - C22E54C906E02FED00923E45 /* transition.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = transition.cpp; path = lib/transition.cpp; sourceTree = ""; }; - C252A4600662631900C0383D /* ssnotify.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = ssnotify.h; path = lib/ssnotify.h; sourceTree = ""; }; - C2A59413052E3F0800AF1EE3 /* ssclient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = ssclient.cpp; path = lib/ssclient.cpp; sourceTree = ""; }; - C2A59414052E3F0800AF1EE3 /* ssclient.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = ssclient.h; path = lib/ssclient.h; sourceTree = ""; }; - C2A59415052E3F0800AF1EE3 /* sstransit.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = sstransit.cpp; path = lib/sstransit.cpp; sourceTree = ""; }; - C2A59416052E3F0800AF1EE3 /* sstransit.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = sstransit.h; path = lib/sstransit.h; sourceTree = ""; }; - C2A59420052E3F2100AF1EE3 /* ucsp.defs */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.mig; path = ucsp.defs; sourceTree = ""; }; - C2A59421052E3F2100AF1EE3 /* ucspNotify.defs */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.mig; name = ucspNotify.defs; path = mig/ucspNotify.defs; sourceTree = SOURCE_ROOT; }; - C2A594F8052E4FC200AF1EE3 /* ssblob.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; name = ssblob.cpp; path = lib/ssblob.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2A594F9052E4FC200AF1EE3 /* ssblob.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = ssblob.h; path = lib/ssblob.h; sourceTree = ""; }; - C2A59508052E506A00AF1EE3 /* ucsp_types.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = ucsp_types.h; path = lib/ucsp_types.h; sourceTree = ""; }; - C2A788430B7AA33400CFF85C /* ucspClientC.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = ucspClientC.c; path = derived_src/securityd_client/ucspClientC.c; sourceTree = BUILT_PRODUCTS_DIR; }; - C2A788730B7AA65B00CFF85C /* ucspc.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = ucspc.a; sourceTree = BUILT_PRODUCTS_DIR; }; - C2BD60C50AC849180057FD3D /* cshosting.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = cshosting.h; path = derived_src/securityd_client/cshosting.h; sourceTree = BUILT_PRODUCTS_DIR; }; - C2BD60C60AC849180057FD3D /* cshostingClient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = cshostingClient.cpp; path = derived_src/securityd_client/cshostingClient.cpp; sourceTree = BUILT_PRODUCTS_DIR; }; - C2BD60C70AC849180057FD3D /* cshostingServer.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = cshostingServer.cpp; path = derived_src/securityd_client/cshostingServer.cpp; sourceTree = BUILT_PRODUCTS_DIR; }; - C2BF13F20ABF086900908B48 /* cshosting.defs */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.mig; path = cshosting.defs; sourceTree = ""; }; - D6942E270A642276000E7E2F /* eventlistener.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; name = eventlistener.cpp; path = lib/eventlistener.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - D6942E280A642276000E7E2F /* eventlistener.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = eventlistener.h; path = lib/eventlistener.h; sourceTree = ""; }; - D6942E310A6423BC000E7E2F /* SharedMemoryClient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = SharedMemoryClient.cpp; path = lib/SharedMemoryClient.cpp; sourceTree = ""; }; - D6942E320A6423BC000E7E2F /* SharedMemoryClient.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = SharedMemoryClient.h; path = lib/SharedMemoryClient.h; sourceTree = ""; }; - D6E144FA0A6323E6008AA7E8 /* SharedMemoryCommon.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = SharedMemoryCommon.h; path = lib/SharedMemoryCommon.h; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CA1FECB052A44A100F22E42 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - C2A7886C0B7AA65B00CFF85C /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 182BB171146EA1D6000BF1F3 /* config */ = { - isa = PBXGroup; - children = ( - 182BB172146EA1D6000BF1F3 /* base.xcconfig */, - 182BB173146EA1D6000BF1F3 /* debug.xcconfig */, - 182BB174146EA1D6000BF1F3 /* lib.xcconfig */, - 182BB175146EA1D6000BF1F3 /* release.xcconfig */, - ); - name = config; - path = ../config; - sourceTree = ""; - }; - 182BB177146EA388000BF1F3 /* Products */ = { - isa = PBXGroup; - children = ( - 182BB17C146EA388000BF1F3 /* libsecurity_utilities.a */, - ); - name = Products; - sourceTree = ""; - }; - 40302BA109C0B87000EF5C72 /* secxdr */ = { - isa = PBXGroup; - children = ( - 40302BAE09C0B8D600EF5C72 /* sec_xdr.h */, - 40302BAD09C0B8D600EF5C72 /* sec_xdr.c */, - 40302BAF09C0B8D600EF5C72 /* sec_xdr_array.c */, - 40302BB009C0B8D600EF5C72 /* sec_xdr_reference.c */, - 40302BB109C0B8D600EF5C72 /* sec_xdrmem.c */, - 40302BB609C0B8D600EF5C72 /* sec_xdr_sizeof.c */, - 79EDA1BA092021D600205D34 /* xdr_auth.h */, - 79EDA1BB092021D600205D34 /* xdr_auth.c */, - 40302BB309C0B8D600EF5C72 /* xdr_cssm.h */, - 40302BB209C0B8D600EF5C72 /* xdr_cssm.c */, - 40302BB509C0B8D600EF5C72 /* xdr_dldb.h */, - 40302BB409C0B8D600EF5C72 /* xdr_dldb.cpp */, - ); - name = secxdr; - sourceTree = ""; - }; - 4CA1FEA7052A3C3800F22E42 = { - isa = PBXGroup; - children = ( - 182BB176146EA388000BF1F3 /* libsecurity_utilities.xcodeproj */, - C2A593CE052E3A8400AF1EE3 /* lib */, - 182BB171146EA1D6000BF1F3 /* config */, - C2A5941F052E3F2100AF1EE3 /* mig */, - 4CAF734405363FE000D9DA7C /* derived_src */, - 4CA1FEBF052A3C8100F22E42 /* Products */, - ); - sourceTree = ""; - }; - 4CA1FEBF052A3C8100F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - 4CA1FEBE052A3C8100F22E42 /* libsecurityd_client.a */, - 4CA1FECD052A44A100F22E42 /* libsecurityd_server.a */, - C2A788730B7AA65B00CFF85C /* ucspc.a */, - ); - name = Products; - sourceTree = ""; - }; - 4CAF734405363FE000D9DA7C /* derived_src */ = { - isa = PBXGroup; - children = ( - 4C52AD640540BDD400536F78 /* ucsp.h */, - 4C52AD650540BDD400536F78 /* ucspNotify.h */, - 4CAF73500536405300D9DA7C /* ucspClient.cpp */, - C2A788430B7AA33400CFF85C /* ucspClientC.c */, - 4CAF734F0536405300D9DA7C /* ucspServer.cpp */, - 4CAF734E0536405300D9DA7C /* ucspNotifySender.cpp */, - 4CAF734D0536405300D9DA7C /* ucspNotifyReceiver.cpp */, - C2BD60C50AC849180057FD3D /* cshosting.h */, - C2BD60C60AC849180057FD3D /* cshostingClient.cpp */, - C2BD60C70AC849180057FD3D /* cshostingServer.cpp */, - ); - path = derived_src; - sourceTree = BUILT_PRODUCTS_DIR; - }; - C2A593CE052E3A8400AF1EE3 /* lib */ = { - isa = PBXGroup; - children = ( - C2DB7A4606D6E7EC003053EE /* Common */, - C2DB7A3E06D6E79A003053EE /* Client */, - C2DB7A4106D6E7C4003053EE /* MIG Support */, - ); - name = lib; - sourceTree = ""; - }; - C2A5941F052E3F2100AF1EE3 /* mig */ = { - isa = PBXGroup; - children = ( - C226118F06B72038008DD0C6 /* ss_types.defs */, - C2A59420052E3F2100AF1EE3 /* ucsp.defs */, - C2A59421052E3F2100AF1EE3 /* ucspNotify.defs */, - C2BF13F20ABF086900908B48 /* cshosting.defs */, - 4C24BEF7055724C300C95CD3 /* mig.mk */, - ); - path = mig; - sourceTree = ""; - }; - C2DB7A3E06D6E79A003053EE /* Client */ = { - isa = PBXGroup; - children = ( - D6942E310A6423BC000E7E2F /* SharedMemoryClient.cpp */, - D6942E320A6423BC000E7E2F /* SharedMemoryClient.h */, - D6942E270A642276000E7E2F /* eventlistener.cpp */, - D6942E280A642276000E7E2F /* eventlistener.h */, - C2A59414052E3F0800AF1EE3 /* ssclient.h */, - C252A4600662631900C0383D /* ssnotify.h */, - C2A59413052E3F0800AF1EE3 /* ssclient.cpp */, - C2A59416052E3F0800AF1EE3 /* sstransit.h */, - C2A59415052E3F0800AF1EE3 /* sstransit.cpp */, - C22E54C906E02FED00923E45 /* transition.cpp */, - ); - name = Client; - sourceTree = ""; - }; - C2DB7A4106D6E7C4003053EE /* MIG Support */ = { - isa = PBXGroup; - children = ( - C22611CB06B72147008DD0C6 /* ss_types.h */, - C2A59508052E506A00AF1EE3 /* ucsp_types.h */, - ); - name = "MIG Support"; - sourceTree = ""; - }; - C2DB7A4606D6E7EC003053EE /* Common */ = { - isa = PBXGroup; - children = ( - D6E144FA0A6323E6008AA7E8 /* SharedMemoryCommon.h */, - B6304AAF0E16C414006C13E3 /* handletypes.h */, - C22AB9A406B6DE670025E6A9 /* sscommon.h */, - C2A594F9052E4FC200AF1EE3 /* ssblob.h */, - C2A594F8052E4FC200AF1EE3 /* ssblob.cpp */, - 4C92640C05347DF3004B0E72 /* dictionary.h */, - 4C92640B05347DF3004B0E72 /* dictionary.cpp */, - 40302BA109C0B87000EF5C72 /* secxdr */, - ); - name = Common; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 18BFBA351472EFF8006B86EC /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 18BFBA491472F20F006B86EC /* ssclient.h in Headers */, - 18BFBA381472F1B4006B86EC /* SharedMemoryCommon.h in Headers */, - 18BFBA391472F1B4006B86EC /* handletypes.h in Headers */, - 18BFBA3A1472F1B4006B86EC /* sscommon.h in Headers */, - 18BFBA3B1472F1B4006B86EC /* ssblob.h in Headers */, - 18BFBA3C1472F1B4006B86EC /* dictionary.h in Headers */, - 18BFBA3D1472F1B4006B86EC /* sec_xdr.h in Headers */, - 18BFBA3E1472F1B4006B86EC /* xdr_auth.h in Headers */, - 18BFBA3F1472F1B4006B86EC /* xdr_cssm.h in Headers */, - 18BFBA401472F1B4006B86EC /* xdr_dldb.h in Headers */, - 18BFBA411472F1B4006B86EC /* eventlistener.h in Headers */, - 18BFBA421472F1B4006B86EC /* ssnotify.h in Headers */, - 18BFBA431472F1B4006B86EC /* sstransit.h in Headers */, - 18BFBA441472F1B4006B86EC /* ss_types.h in Headers */, - 18BFBA451472F1B4006B86EC /* ucsp_types.h in Headers */, - 18BFBA461472F1B4006B86EC /* ucsp.h in Headers */, - 18BFBA471472F1B4006B86EC /* ucspNotify.h in Headers */, - 18BFBA481472F1B4006B86EC /* cshosting.h in Headers */, - 18B965A014730132005A4D2E /* ss_types.defs in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXLegacyTarget section */ - 4C09A2920557240300FED7A3 /* libsecurityd_generate */ = { - isa = PBXLegacyTarget; - buildArgumentsString = "-f mig/mig.mk $(ACTION)"; - buildConfigurationList = C27AD41B0987FCDF001272E0 /* Build configuration list for PBXLegacyTarget "libsecurityd_generate" */; - buildPhases = ( - ); - buildToolPath = /usr/bin/gnumake; - buildWorkingDirectory = ""; - dependencies = ( - 182BB513146F295E000BF1F3 /* PBXTargetDependency */, - ); - name = libsecurityd_generate; - passBuildSettingsInEnvironment = 1; - productName = "generate mig"; - }; -/* End PBXLegacyTarget section */ - -/* Begin PBXNativeTarget section */ - 4CA1FEBD052A3C8100F22E42 /* libsecurityd_client */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD4230987FCDF001272E0 /* Build configuration list for PBXNativeTarget "libsecurityd_client" */; - buildPhases = ( - 18BFBA351472EFF8006B86EC /* Headers */, - 4CA1FEBA052A3C8100F22E42 /* Sources */, - 4CA1FEBB052A3C8100F22E42 /* Frameworks */, - 18B96B0F14743FC5005A4D2E /* ShellScript */, - ); - buildRules = ( - ); - dependencies = ( - 182BB16F146E9FAE000BF1F3 /* PBXTargetDependency */, - ); - name = libsecurityd_client; - productInstallPath = /usr/local/lib; - productName = libsecurityd; - productReference = 4CA1FEBE052A3C8100F22E42 /* libsecurityd_client.a */; - productType = "com.apple.product-type.library.static"; - }; - 4CA1FEC8052A44A100F22E42 /* libsecurityd_server */ = { - isa = PBXNativeTarget; - buildConfigurationList = C27AD42B0987FCDF001272E0 /* Build configuration list for PBXNativeTarget "libsecurityd_server" */; - buildPhases = ( - 4CA1FECA052A44A100F22E42 /* Sources */, - 4CA1FECB052A44A100F22E42 /* Frameworks */, - 18B96B1214743FCF005A4D2E /* ShellScript */, - ); - buildRules = ( - ); - dependencies = ( - 4C09A2960557242A00FED7A3 /* PBXTargetDependency */, - ); - name = libsecurityd_server; - productInstallPath = /usr/local/lib; - productName = libsecurityd; - productReference = 4CA1FECD052A44A100F22E42 /* libsecurityd_server.a */; - productType = "com.apple.product-type.library.static"; - }; - C2A788530B7AA65B00CFF85C /* ucspc */ = { - isa = PBXNativeTarget; - buildConfigurationList = C2A7886F0B7AA65B00CFF85C /* Build configuration list for PBXNativeTarget "ucspc" */; - buildPhases = ( - C2A788560B7AA65B00CFF85C /* Sources */, - C2A7886C0B7AA65B00CFF85C /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - C2A788B20B7AA9A100CFF85C /* PBXTargetDependency */, - ); - name = ucspc; - productInstallPath = /usr/local/lib; - productName = libsecurityd; - productReference = C2A788730B7AA65B00CFF85C /* ucspc.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEAB052A3C3800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD4330987FCDF001272E0 /* Build configuration list for PBXProject "libsecurityd" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - English, - Japanese, - French, - German, - ); - mainGroup = 4CA1FEA7052A3C3800F22E42; - productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 182BB177146EA388000BF1F3 /* Products */; - ProjectRef = 182BB176146EA388000BF1F3 /* libsecurity_utilities.xcodeproj */; - }, - ); - projectRoot = ""; - targets = ( - 4C31C2D9055341AA006D00BD /* world */, - 4CA1FEBD052A3C8100F22E42 /* libsecurityd_client */, - 4CA1FEC8052A44A100F22E42 /* libsecurityd_server */, - C2A788530B7AA65B00CFF85C /* ucspc */, - 4C09A2920557240300FED7A3 /* libsecurityd_generate */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 182BB17C146EA388000BF1F3 /* libsecurity_utilities.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_utilities.a; - remoteRef = 182BB17B146EA388000BF1F3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; -/* End PBXReferenceProxy section */ - -/* Begin PBXShellScriptBuildPhase section */ - 18B96B0F14743FC5005A4D2E /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - "$(SRCROOT)/", - "$(SRCROOT)/lib/", - "$(SRCROOT)/mig/", - ); - outputPaths = ( - "${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}", - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "# with our source directories as input files, Xcode will only re-run this phase if there's been a source change\nnmedit -p \"${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}\"\nranlib \"${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}\""; - }; - 18B96B1214743FCF005A4D2E /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - "$(SRCROOT)/", - "$(SRCROOT)/lib/", - "$(SRCROOT)/mig/", - ); - outputPaths = ( - "${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}", - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "# with our source directories as input files, Xcode will only re-run this phase if there's been a source change\nnmedit -p \"${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}\"\nranlib \"${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}\""; - }; -/* End PBXShellScriptBuildPhase section */ - -/* Begin PBXSourcesBuildPhase section */ - 4CA1FEBA052A3C8100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - D6942E330A6423BC000E7E2F /* SharedMemoryClient.cpp in Sources */, - D6942E410A644E1A000E7E2F /* eventlistener.cpp in Sources */, - 4CAF73520536405300D9DA7C /* ucspNotifySender.cpp in Sources */, - 4CAF73540536405300D9DA7C /* ucspClient.cpp in Sources */, - 4C92640F05347DF3004B0E72 /* dictionary.cpp in Sources */, - 40D4B1D8053236B900A4FD03 /* ssblob.cpp in Sources */, - 4C47FCAD05364616005AC196 /* ssclient.cpp in Sources */, - 40D4B1D6053236AE00A4FD03 /* sstransit.cpp in Sources */, - C22E54CA06E02FED00923E45 /* transition.cpp in Sources */, - 79EDA1BD092021D600205D34 /* xdr_auth.c in Sources */, - 40302BB709C0B8D600EF5C72 /* sec_xdr.c in Sources */, - 40302BB809C0B8D600EF5C72 /* sec_xdr_array.c in Sources */, - 40302BB909C0B8D600EF5C72 /* sec_xdr_reference.c in Sources */, - 40302BBA09C0B8D600EF5C72 /* sec_xdrmem.c in Sources */, - 40302BBB09C0B8D600EF5C72 /* xdr_cssm.c in Sources */, - 40302BBC09C0B8D600EF5C72 /* xdr_dldb.cpp in Sources */, - 40302BBD09C0B8D600EF5C72 /* sec_xdr_sizeof.c in Sources */, - C2BD60C80AC849180057FD3D /* cshostingClient.cpp in Sources */, - C2BD60C90AC849180057FD3D /* cshostingServer.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CA1FECA052A44A100F22E42 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4CAF73550536406300D9DA7C /* ucspNotifyReceiver.cpp in Sources */, - 4CAF73560536406400D9DA7C /* ucspServer.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - C2A788560B7AA65B00CFF85C /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - C2A788740B7AA69100CFF85C /* ucspClientC.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - 182BB16F146E9FAE000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4C09A2920557240300FED7A3 /* libsecurityd_generate */; - targetProxy = 182BB16E146E9FAE000BF1F3 /* PBXContainerItemProxy */; - }; - 182BB513146F295E000BF1F3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_utilitiesDTrace; - targetProxy = 182BB512146F295E000BF1F3 /* PBXContainerItemProxy */; - }; - 4C09A2960557242A00FED7A3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4C09A2920557240300FED7A3 /* libsecurityd_generate */; - targetProxy = 4C09A2950557242A00FED7A3 /* PBXContainerItemProxy */; - }; - 4C31C2DA055341B2006D00BD /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4CA1FEBD052A3C8100F22E42 /* libsecurityd_client */; - targetProxy = 4C3CC171055341CC007753DF /* PBXContainerItemProxy */; - }; - 4C31C2DB055341B4006D00BD /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4CA1FEC8052A44A100F22E42 /* libsecurityd_server */; - targetProxy = 4C3CC173055341CC007753DF /* PBXContainerItemProxy */; - }; - C2A788760B7AA6A900CFF85C /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = C2A788530B7AA65B00CFF85C /* ucspc */; - targetProxy = C2A788750B7AA6A900CFF85C /* PBXContainerItemProxy */; - }; - C2A788B20B7AA9A100CFF85C /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4C09A2920557240300FED7A3 /* libsecurityd_generate */; - targetProxy = C2A788B10B7AA9A100CFF85C /* PBXContainerItemProxy */; - }; -/* End PBXTargetDependency section */ - -/* Begin XCBuildConfiguration section */ - C27AD41C0987FCDF001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - }; - name = Debug; - }; - C27AD41E0987FCDF001272E0 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - }; - name = Release; - }; - C27AD4240987FCDF001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB173146EA1D6000BF1F3 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/securityd_client; - SKIP_INSTALL = NO; - }; - name = Debug; - }; - C27AD4260987FCDF001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB175146EA1D6000BF1F3 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/securityd_client; - SKIP_INSTALL = NO; - }; - name = Release; - }; - C27AD42C0987FCDF001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB173146EA1D6000BF1F3 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - SKIP_INSTALL = NO; - }; - name = Debug; - }; - C27AD42E0987FCDF001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB175146EA1D6000BF1F3 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - SKIP_INSTALL = NO; - }; - name = Release; - }; - C27AD4300987FCDF001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - }; - name = Debug; - }; - C27AD4320987FCDF001272E0 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - }; - name = Release; - }; - C27AD4340987FCDF001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB174146EA1D6000BF1F3 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD4360987FCDF001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB174146EA1D6000BF1F3 /* lib.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; - C2A788700B7AA65B00CFF85C /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB173146EA1D6000BF1F3 /* debug.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Debug; - }; - C2A788720B7AA65B00CFF85C /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 182BB175146EA1D6000BF1F3 /* release.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - C27AD41B0987FCDF001272E0 /* Build configuration list for PBXLegacyTarget "libsecurityd_generate" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD41C0987FCDF001272E0 /* Debug */, - C27AD41E0987FCDF001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD4230987FCDF001272E0 /* Build configuration list for PBXNativeTarget "libsecurityd_client" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD4240987FCDF001272E0 /* Debug */, - C27AD4260987FCDF001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD42B0987FCDF001272E0 /* Build configuration list for PBXNativeTarget "libsecurityd_server" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD42C0987FCDF001272E0 /* Debug */, - C27AD42E0987FCDF001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD42F0987FCDF001272E0 /* Build configuration list for PBXAggregateTarget "world" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD4300987FCDF001272E0 /* Debug */, - C27AD4320987FCDF001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD4330987FCDF001272E0 /* Build configuration list for PBXProject "libsecurityd" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD4340987FCDF001272E0 /* Debug */, - C27AD4360987FCDF001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C2A7886F0B7AA65B00CFF85C /* Build configuration list for PBXNativeTarget "ucspc" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C2A788700B7AA65B00CFF85C /* Debug */, - C2A788720B7AA65B00CFF85C /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; -} diff --git a/OSX/libsecurityd/mig/mig.mk b/OSX/libsecurityd/mig/mig.mk deleted file mode 100644 index 4c6ad3cd..00000000 --- a/OSX/libsecurityd/mig/mig.mk +++ /dev/null @@ -1,67 +0,0 @@ -# -# Copyright (c) 2003-2004,2006-2007,2011,2014 Apple Inc. All Rights Reserved. -# -# @APPLE_LICENSE_HEADER_START@ -# -# This file contains Original Code and/or Modifications of Original Code -# as defined in and that are subject to the Apple Public Source License -# Version 2.0 (the 'License'). You may not use this file except in -# compliance with the License. Please obtain a copy of the License at -# http://www.opensource.apple.com/apsl/ and read it before using this -# file. -# -# The Original Code and all software distributed under the License are -# distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER -# EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, -# INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. -# Please see the License for the specific language governing rights and -# limitations under the License. -# -# @APPLE_LICENSE_HEADER_END@ -# -# Makefile to build MIG-generated sources and headers -# -DERIVED_SRC = $(BUILT_PRODUCTS_DIR)/derived_src/securityd_client - -HDRS = $(DERIVED_SRC)/ucsp.h $(DERIVED_SRC)/ucspNotify.h $(DERIVED_SRC)/cshosting.h -SRCS = $(DERIVED_SRC)/ucspServer.cpp $(DERIVED_SRC)/ucspClient.cpp \ - $(DERIVED_SRC)/ucspClientC.c \ - $(DERIVED_SRC)/ucspNotifyReceiver.cpp $(DERIVED_SRC)/ucspNotifySender.cpp \ - $(DERIVED_SRC)/cshostingServer.cpp $(DERIVED_SRC)/cshostingClient.cpp -INCLUDES = $(PROJECT_DIR)/mig/ss_types.defs -SDKROOT := $(shell xcrun --show-sdk-path --sdk macosx.internal) -build: $(HDRS) $(SRCS) - -install: build - -installhdrs: $(HDRS) - -installsrc: - -clean: - rm -f $(HDRS) $(SRCS) - -$(DERIVED_SRC)/ucsp.h $(DERIVED_SRC)/ucspServer.cpp $(DERIVED_SRC)/ucspClient.cpp: $(PROJECT_DIR)/mig/ucsp.defs $(INCLUDES) - mkdir -p $(DERIVED_SRC) - xcrun mig -isysroot "$(SDKROOT)" \ - -server $(DERIVED_SRC)/ucspServer.cpp \ - -user $(DERIVED_SRC)/ucspClient.cpp \ - -header $(DERIVED_SRC)/ucsp.h $(PROJECT_DIR)/mig/ucsp.defs - -$(DERIVED_SRC)/ucspClientC.c: $(DERIVED_SRC)/ucspClient.cpp - cp $(DERIVED_SRC)/ucspClient.cpp $(DERIVED_SRC)/ucspClientC.c - -$(DERIVED_SRC)/ucspNotify.h $(DERIVED_SRC)/ucspNotifyReceiver.cpp $(DERIVED_SRC)/ucspNotifySender.cpp: $(PROJECT_DIR)/mig/ucspNotify.defs $(INCLUDES) - mkdir -p $(DERIVED_SRC) - xcrun mig -isysroot "$(SDKROOT)" \ - -server $(DERIVED_SRC)/ucspNotifyReceiver.cpp \ - -user $(DERIVED_SRC)/ucspNotifySender.cpp \ - -header $(DERIVED_SRC)/ucspNotify.h $(PROJECT_DIR)/mig/ucspNotify.defs - -$(DERIVED_SRC)/cshosting.h $(DERIVED_SRC)/cshostingServer.cpp $(DERIVED_SRC)/cshostingClient.cpp: $(PROJECT_DIR)/mig/cshosting.defs $(INCLUDES) - mkdir -p $(DERIVED_SRC) - xcrun mig -isysroot "$(SDKROOT)" \ - -server $(DERIVED_SRC)/cshostingServer.cpp \ - -user $(DERIVED_SRC)/cshostingClient.cpp \ - -header $(DERIVED_SRC)/cshosting.h $(PROJECT_DIR)/mig/cshosting.defs diff --git a/OSX/regressions/regressions.xcodeproj/.gitignore b/OSX/regressions/regressions.xcodeproj/.gitignore deleted file mode 100644 index 7f42cdde..00000000 --- a/OSX/regressions/regressions.xcodeproj/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -project.xcworkspace -xcuserdata diff --git a/OSX/regressions/regressions.xcodeproj/project.pbxproj b/OSX/regressions/regressions.xcodeproj/project.pbxproj deleted file mode 100644 index d1401020..00000000 --- a/OSX/regressions/regressions.xcodeproj/project.pbxproj +++ /dev/null @@ -1,365 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 4CC92AB915A3B19D00C6D578 /* testlist_end.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC92AB815A3B19D00C6D578 /* testlist_end.h */; settings = {ATTRIBUTES = (); }; }; - 4CC92ABC15A3B51100C6D578 /* test_regressions.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC92ABB15A3B51100C6D578 /* test_regressions.h */; settings = {ATTRIBUTES = (); }; }; - 4CC92ABD15A3B8FB00C6D578 /* testlist_begin.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC92AB715A3B19100C6D578 /* testlist_begin.h */; settings = {ATTRIBUTES = (); }; }; - 4CC92B1715A3BD1E00C6D578 /* test-00-test.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92B1615A3BD1E00C6D578 /* test-00-test.c */; }; - E710C7371331938000F85568 /* testenv.m in Sources */ = {isa = PBXBuildFile; fileRef = 0C25A6C412271FAF0050C2BD /* testenv.m */; }; - E710C7381331938000F85568 /* testmore.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C25A6C812271FAF0050C2BD /* testmore.c */; }; - E710C7391331938000F85568 /* testcert.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C25A6CA12271FAF0050C2BD /* testcert.c */; }; - E723A60F13DA18C50075AAC1 /* testcpp.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C25A6C312271FAF0050C2BD /* testcpp.h */; settings = {ATTRIBUTES = (); }; }; - E723A61013DA18C50075AAC1 /* testenv.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C25A6C512271FAF0050C2BD /* testenv.h */; settings = {ATTRIBUTES = (); }; }; - E723A61113DA18C50075AAC1 /* testmore.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C25A6C912271FAF0050C2BD /* testmore.h */; settings = {ATTRIBUTES = (); }; }; - E723A61213DA18C50075AAC1 /* testcert.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C25A6CB12271FAF0050C2BD /* testcert.h */; settings = {ATTRIBUTES = (); }; }; - E723A61313DA18C50075AAC1 /* testpolicy.h in Headers */ = {isa = PBXBuildFile; fileRef = E76CA47B13D8D5CB001B6A11 /* testpolicy.h */; settings = {ATTRIBUTES = (); }; }; - E76CA47913D8D5B4001B6A11 /* testpolicy.m in Sources */ = {isa = PBXBuildFile; fileRef = E76CA47813D8D5B4001B6A11 /* testpolicy.m */; }; -/* End PBXBuildFile section */ - -/* Begin PBXFileReference section */ - 0C25A68F12271FAF0050C2BD /* README */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = README; sourceTree = ""; }; - 0C25A69212271FAF0050C2BD /* Run3.pm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.perl; path = Run3.pm; sourceTree = ""; }; - 0C25A69312271FAF0050C2BD /* MyHarness.pm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.perl; path = MyHarness.pm; sourceTree = ""; }; - 0C25A6C012271FAF0050C2BD /* security.pl */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.perl; path = security.pl; sourceTree = ""; }; - 0C25A6C312271FAF0050C2BD /* testcpp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = testcpp.h; sourceTree = ""; }; - 0C25A6C412271FAF0050C2BD /* testenv.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = testenv.m; sourceTree = ""; }; - 0C25A6C512271FAF0050C2BD /* testenv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = testenv.h; sourceTree = ""; }; - 0C25A6C812271FAF0050C2BD /* testmore.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = testmore.c; sourceTree = ""; }; - 0C25A6C912271FAF0050C2BD /* testmore.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = testmore.h; sourceTree = ""; }; - 0C25A6CA12271FAF0050C2BD /* testcert.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = testcert.c; sourceTree = ""; }; - 0C25A6CB12271FAF0050C2BD /* testcert.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = testcert.h; sourceTree = ""; }; - 0C25A6CE12271FAF0050C2BD /* run_tests.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = run_tests.sh; sourceTree = ""; }; - 4CC92AB715A3B19100C6D578 /* testlist_begin.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = testlist_begin.h; sourceTree = ""; }; - 4CC92AB815A3B19D00C6D578 /* testlist_end.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = testlist_end.h; sourceTree = ""; }; - 4CC92ABB15A3B51100C6D578 /* test_regressions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = test_regressions.h; sourceTree = ""; }; - 4CC92B1615A3BD1E00C6D578 /* test-00-test.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "test-00-test.c"; sourceTree = ""; }; - E710C6FE133192E900F85568 /* libregressions.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libregressions.a; sourceTree = BUILT_PRODUCTS_DIR; }; - E76CA47813D8D5B4001B6A11 /* testpolicy.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = testpolicy.m; sourceTree = ""; }; - E76CA47B13D8D5CB001B6A11 /* testpolicy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = testpolicy.h; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - E710C6FB133192E900F85568 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 05441E5C08A971C700F0EC5A = { - isa = PBXGroup; - children = ( - 0C25A68F12271FAF0050C2BD /* README */, - 0C25A69012271FAF0050C2BD /* inc */, - 0C25A6BF12271FAF0050C2BD /* t */, - 0C25A6C112271FAF0050C2BD /* test */, - E710C6FE133192E900F85568 /* libregressions.a */, - ); - sourceTree = ""; - }; - 0C25A69012271FAF0050C2BD /* inc */ = { - isa = PBXGroup; - children = ( - 0C25A69112271FAF0050C2BD /* IPC */, - 0C25A69312271FAF0050C2BD /* MyHarness.pm */, - ); - path = inc; - sourceTree = ""; - }; - 0C25A69112271FAF0050C2BD /* IPC */ = { - isa = PBXGroup; - children = ( - 0C25A69212271FAF0050C2BD /* Run3.pm */, - ); - path = IPC; - sourceTree = ""; - }; - 0C25A6BF12271FAF0050C2BD /* t */ = { - isa = PBXGroup; - children = ( - 0C25A6C012271FAF0050C2BD /* security.pl */, - ); - path = t; - sourceTree = ""; - }; - 0C25A6C112271FAF0050C2BD /* test */ = { - isa = PBXGroup; - children = ( - 4CC92B1615A3BD1E00C6D578 /* test-00-test.c */, - 4CC92ABB15A3B51100C6D578 /* test_regressions.h */, - 4CC92AB715A3B19100C6D578 /* testlist_begin.h */, - 4CC92AB815A3B19D00C6D578 /* testlist_end.h */, - 0C25A6C312271FAF0050C2BD /* testcpp.h */, - 0C25A6C412271FAF0050C2BD /* testenv.m */, - 0C25A6C512271FAF0050C2BD /* testenv.h */, - 0C25A6C812271FAF0050C2BD /* testmore.c */, - 0C25A6C912271FAF0050C2BD /* testmore.h */, - 0C25A6CA12271FAF0050C2BD /* testcert.c */, - 0C25A6CB12271FAF0050C2BD /* testcert.h */, - E76CA47B13D8D5CB001B6A11 /* testpolicy.h */, - E76CA47813D8D5B4001B6A11 /* testpolicy.m */, - 0C25A6CE12271FAF0050C2BD /* run_tests.sh */, - ); - path = test; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - E710C6FC133192E900F85568 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - E723A61113DA18C50075AAC1 /* testmore.h in Headers */, - 4CC92ABC15A3B51100C6D578 /* test_regressions.h in Headers */, - 4CC92ABD15A3B8FB00C6D578 /* testlist_begin.h in Headers */, - 4CC92AB915A3B19D00C6D578 /* testlist_end.h in Headers */, - E723A61213DA18C50075AAC1 /* testcert.h in Headers */, - E723A60F13DA18C50075AAC1 /* testcpp.h in Headers */, - E723A61013DA18C50075AAC1 /* testenv.h in Headers */, - E723A61313DA18C50075AAC1 /* testpolicy.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - E710C6FD133192E900F85568 /* regressions */ = { - isa = PBXNativeTarget; - buildConfigurationList = E710C703133192E900F85568 /* Build configuration list for PBXNativeTarget "regressions" */; - buildPhases = ( - E710C6FA133192E900F85568 /* Sources */, - E710C6FB133192E900F85568 /* Frameworks */, - E710C6FC133192E900F85568 /* Headers */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = regressions; - productName = regressions; - productReference = E710C6FE133192E900F85568 /* libregressions.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 05441E6008A971C700F0EC5A /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = 4CD81AFC09BE1FD3000A9641 /* Build configuration list for PBXProject "regressions" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 0; - knownRegions = ( - English, - Japanese, - French, - German, - ); - mainGroup = 05441E5C08A971C700F0EC5A; - productRefGroup = 05441E5C08A971C700F0EC5A; - projectDirPath = ""; - projectRoot = ""; - targets = ( - E710C6FD133192E900F85568 /* regressions */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXSourcesBuildPhase section */ - E710C6FA133192E900F85568 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - E710C7371331938000F85568 /* testenv.m in Sources */, - E710C7381331938000F85568 /* testmore.c in Sources */, - E710C7391331938000F85568 /* testcert.c in Sources */, - E76CA47913D8D5B4001B6A11 /* testpolicy.m in Sources */, - 4CC92B1715A3BD1E00C6D578 /* test-00-test.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin XCBuildConfiguration section */ - 792E01860CBC0E6E007C00A0 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_STATIC_ANALYZER_MODE = deep; - COPY_PHASE_STRIP = NO; - ENABLE_TESTABILITY = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_OPTIMIZATION_LEVEL = 0; - GCC_PREPROCESSOR_DEFINITIONS = "DEBUG=1"; - "GCC_PREPROCESSOR_DEFINITIONS[sdk=embedded*]" = ( - "DEBUG=1", - "NO_SERVER=1", - ); - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_MISSING_NEWLINE = YES; - GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES; - GCC_WARN_CHECK_SWITCH_STATEMENTS = YES; - GCC_WARN_FOUR_CHARACTER_CONSTANTS = YES; - GCC_WARN_INITIALIZER_NOT_FULLY_BRACKETED = YES; - GCC_WARN_MISSING_PARENTHESES = YES; - GCC_WARN_SHADOW = YES; - GCC_WARN_SIGN_COMPARE = YES; - GCC_WARN_UNINITIALIZED_AUTOS = NO; - GCC_WARN_UNKNOWN_PRAGMAS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - GCC_WARN_UNUSED_LABEL = YES; - GCC_WARN_UNUSED_VALUE = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)/../utilities", - "$(PROJECT_DIR)/../sec", - "$(PROJECT_DIR)/../libDER", - "$(PROJECT_DIR)/..", - "$(PROJECT_DIR)", - "$(BUILT_PRODUCTS_DIR)/usr/local/include", - ); - ONLY_ACTIVE_ARCH = YES; - OTHER_CFLAGS = ( - "-fconstant-cfstrings", - "-fno-inline", - ); - "OTHER_LDFLAGS[sdk=embedded*][arch=*]" = ( - "$(OTHER_LDFLAGS)", - "-framework", - MobileKeyBag, - ); - RUN_CLANG_STATIC_ANALYZER = YES; - SDKROOT = macosx.internal; - SKIP_INSTALL = YES; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; - WARNING_CFLAGS = ( - "-Wall", - "-Wextra", - "-Wno-unused-parameter", - "-Wno-missing-field-initializers", - "-Wglobal-constructors", - "-Wno-deprecated-declarations", - "-Wno-four-char-constants", - "$(inherited)", - ); - }; - name = Debug; - }; - 792E01870CBC0E6E007C00A0 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_STATIC_ANALYZER_MODE = deep; - COPY_PHASE_STRIP = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_OPTIMIZATION_LEVEL = s; - GCC_PREPROCESSOR_DEFINITIONS = "NDEBUG=1"; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_MISSING_NEWLINE = YES; - GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES; - GCC_WARN_CHECK_SWITCH_STATEMENTS = YES; - GCC_WARN_FOUR_CHARACTER_CONSTANTS = YES; - GCC_WARN_INITIALIZER_NOT_FULLY_BRACKETED = YES; - GCC_WARN_MISSING_PARENTHESES = YES; - GCC_WARN_SHADOW = YES; - GCC_WARN_SIGN_COMPARE = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNKNOWN_PRAGMAS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - GCC_WARN_UNUSED_LABEL = YES; - GCC_WARN_UNUSED_VALUE = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)/../utilities", - "$(PROJECT_DIR)/../sec", - "$(PROJECT_DIR)/../libDER", - "$(PROJECT_DIR)/..", - "$(PROJECT_DIR)", - "$(BUILT_PRODUCTS_DIR)/usr/local/include", - ); - OTHER_CFLAGS = "-fconstant-cfstrings"; - RUN_CLANG_STATIC_ANALYZER = YES; - SDKROOT = macosx.internal; - SKIP_INSTALL = YES; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; - WARNING_CFLAGS = ( - "-Wall", - "-Wextra", - "-Wno-unused-parameter", - "-Wno-missing-field-initializers", - "-Wglobal-constructors", - "-Wno-deprecated-declarations", - "-Wno-four-char-constants", - "$(inherited)", - ); - }; - name = Release; - }; - E710C704133192E900F85568 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - "HEADER_SEARCH_PATHS[sdk=macosx*]" = ( - "$(BUILT_PRODUCTS_DIR)", - "$(PROJECT_DIR)/../utilities", - "$(PROJECT_DIR)", - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; - }; - E710C705133192E900F85568 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - "HEADER_SEARCH_PATHS[sdk=macosx*]" = ( - "$(BUILT_PRODUCTS_DIR)", - "$(PROJECT_DIR)/../utilities", - "$(PROJECT_DIR)", - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - 4CD81AFC09BE1FD3000A9641 /* Build configuration list for PBXProject "regressions" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 792E01860CBC0E6E007C00A0 /* Debug */, - 792E01870CBC0E6E007C00A0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - E710C703133192E900F85568 /* Build configuration list for PBXNativeTarget "regressions" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - E710C704133192E900F85568 /* Debug */, - E710C705133192E900F85568 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 05441E6008A971C700F0EC5A /* Project object */; -} diff --git a/OSX/regressions/test/testenv.m b/OSX/regressions/test/testenv.m index a96144c1..81f8d596 100644 --- a/OSX/regressions/test/testenv.m +++ b/OSX/regressions/test/testenv.m @@ -66,7 +66,6 @@ char **test_skip_leaks_test = NULL; static int current_dir = -1; static char scratch_dir[50]; static char *home_var; -static bool keep_scratch_dir = false; static int rmdir_recursive(const char *path) @@ -91,61 +90,66 @@ rmdir_recursive(const char *path) static int tests_init(void) { int ok = 0; #ifdef NO_SERVER - char preferences_dir[80]; - char library_dir[70]; setup("tests_init"); - /* Create scratch dir for tests to run in. */ - sprintf(scratch_dir, "/tmp/tst-%d", getpid()); - if (keep_scratch_dir) { - printf("running tests with HOME=%s\n", scratch_dir); - } + // Get TMP directory + NSError* error = nil; + NSString* pid = [NSString stringWithFormat: @"tst-%d", [[NSProcessInfo processInfo] processIdentifier]]; + NSURL* tmpDirURL = [[NSURL fileURLWithPath:NSTemporaryDirectory() isDirectory:YES] URLByAppendingPathComponent:pid]; + + ok = ok(tmpDirURL, "Got error setting up tmp dir: %@", error); + + ok = ok && ok([[NSFileManager defaultManager] createDirectoryAtURL:tmpDirURL + withIntermediateDirectories:NO + attributes:NULL + error:&error], + "Failed to make %@: %@", tmpDirURL, error); + + NSURL* libraryURL = [tmpDirURL URLByAppendingPathComponent:@"Library"]; + NSURL* preferencesURL = [tmpDirURL URLByAppendingPathComponent:@"Preferences"]; + + ok = (ok && ok_unix(current_dir = open(".", O_RDONLY), "open") + && ok_unix(chdir([tmpDirURL fileSystemRepresentation]), "chdir") + && ok_unix(setenv("HOME", [tmpDirURL fileSystemRepresentation], 1), "setenv") + && ok(home_var = getenv("HOME"), "getenv")); + + ok = ok && ok([[NSFileManager defaultManager] createDirectoryAtURL:libraryURL + withIntermediateDirectories:NO + attributes:NULL + error:&error], + "Failed to make %@: %@", libraryURL, error); + + ok = ok && ok([[NSFileManager defaultManager] createDirectoryAtURL:preferencesURL + withIntermediateDirectories:NO + attributes:NULL + error:&error], + "Failed to make %@: %@", preferencesURL, error); - sprintf(library_dir, "%s/Library", scratch_dir); - sprintf(preferences_dir, "%s/Preferences", library_dir); - ok = (ok_unix(mkdir(scratch_dir, 0755), "mkdir") && - ok_unix(current_dir = open(".", O_RDONLY), "open") && - ok_unix(chdir(scratch_dir), "chdir") && - ok_unix(setenv("HOME", scratch_dir, 1), "setenv") && - /* @@@ Work around a bug that the prefs code in - libsecurity_keychain never creates the Library/Preferences - dir. */ - ok_unix(mkdir(library_dir, 0755), "mkdir") && - ok_unix(mkdir(preferences_dir, 0755), "mkdir") && - ok(home_var = getenv("HOME"), "getenv")); - if (ok > 0) - securityd_init(scratch_dir); + securityd_init((__bridge CFURLRef) tmpDirURL); + #endif return ok; } -static int +static void tests_end(void) { #ifdef NO_SERVER setup("tests_end"); + /* Restore previous cwd and remove scratch dir. */ - int ok = ok_unix(fchdir(current_dir), "fchdir"); - if (ok) - ok = ok_unix(close(current_dir), "close"); - if (ok) { - if (!keep_scratch_dir) { - ok = ok_unix(rmdir_recursive(scratch_dir), "rmdir_recursive"); - } - } - - return ok; -#else - return 0; + ok_unix(fchdir(current_dir), "fchdir"); + ok_unix(close(current_dir), "close"); + ok_unix(rmdir_recursive(scratch_dir), "rmdir_recursive"); #endif } static void usage(const char *progname) { - fprintf(stderr, "usage: %s [-k][-w][testname [testargs] ...]\n", progname); + fprintf(stderr, "usage: %s [-w][testname [testargs] ...]\n", progname); exit(1); } @@ -391,15 +395,10 @@ tests_begin(int argc, char * const *argv) { for (;;) { - while (!testcase && (ch = getopt(argc, argv, "bklL1vwqs")) != -1) + while (!testcase && (ch = getopt(argc, argv, "blL1vwqs")) != -1) { switch (ch) { -#ifdef NO_SERVER - case 'k': - keep_scratch_dir = true; - break; -#endif case 's': if (!print_security_logs) { //add_security_log_handler(handle_logs); diff --git a/OSX/regressions/test/testmore.c b/OSX/regressions/test/testmore.c index 4cdbb14d..92922202 100644 --- a/OSX/regressions/test/testmore.c +++ b/OSX/regressions/test/testmore.c @@ -281,7 +281,7 @@ test_diag(const char *directive, const char *reason, } int -test_ok(int passed, __attribute((cf_consumed)) CFStringRef description, const char *directive, +test_ok(int passed, __attribute((cf_consumed)) CFStringRef CF_CONSUMED description, const char *directive, const char *reason, const char *file, unsigned line, const char *fmt, ...) { diff --git a/OSX/regressions/test/testmore.h b/OSX/regressions/test/testmore.h index cf9ccd04..6a776f78 100644 --- a/OSX/regressions/test/testmore.h +++ b/OSX/regressions/test/testmore.h @@ -66,20 +66,29 @@ extern struct one_test_s testlist[]; /* this test harnes rely on shadowing for TODO, SKIP and SETUP blocks */ #pragma GCC diagnostic ignored "-Wshadow" +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wunused-function" +// Call this function to stop the analyzer on a test failure. No-op. +static void test_failed_noreturn() __attribute((analyzer_noreturn)) { + // No-op. +} +#define TEST_CHECK(result) ((result) ? 1 : ({ test_failed_noreturn(); 0; })) +#pragma clang diagnostic pop + + #define test_create_description(TESTNAME, ...) \ CFStringCreateWithFormat(NULL, NULL, CFSTR(TESTNAME), ## __VA_ARGS__) #define ok(THIS, ...) \ ({ \ - bool is_ok = !!(THIS); \ - test_ok(is_ok, test_create_description(__VA_ARGS__), test_directive, \ + test_ok(TEST_CHECK(!!(THIS)), test_create_description(__VA_ARGS__), test_directive, \ test_reason, __FILE__, __LINE__, NULL); \ }) #define is(THIS, THAT, ...) \ ({ \ __typeof__(THIS) _this = (THIS); \ __typeof__(THAT) _that = (THAT); \ - test_ok((_this == _that), test_create_description(__VA_ARGS__), \ + test_ok(TEST_CHECK(_this == _that), test_create_description(__VA_ARGS__), \ test_directive, test_reason, __FILE__, __LINE__, \ "# got: '%d'\n" \ "# expected: '%d'\n", \ @@ -93,7 +102,7 @@ extern struct one_test_s testlist[]; ({ \ __typeof__(THIS) _this = (THIS); \ __typeof__(THAT) _that = (THAT); \ - test_ok((_this OP _that), test_create_description(__VA_ARGS__), \ + test_ok(TEST_CHECK(_this OP _that), test_create_description(__VA_ARGS__), \ test_directive, test_reason, __FILE__, __LINE__, \ "# '%d'\n" \ "# " #OP "\n" \ @@ -104,7 +113,7 @@ extern struct one_test_s testlist[]; ({ \ const char *_this = (THIS); \ const char *_that = (THAT); \ - test_ok(!strcmp(_this, _that), test_create_description(__VA_ARGS__), \ + test_ok(TEST_CHECK(!strcmp(_this, _that)), test_create_description(__VA_ARGS__), \ test_directive, test_reason, __FILE__, __LINE__, \ "# '%s'\n" \ "# eq\n" \ @@ -117,7 +126,7 @@ extern struct one_test_s testlist[]; __typeof__(THATLEN) _thatlen = (THATLEN); \ const char *_this = (THIS); \ const char *_that = (THAT); \ - test_ok(_thislen == _thatlen && !strncmp(_this, _that, _thislen), \ + test_ok(TEST_CHECK(_thislen == _thatlen) && TEST_CHECK(!strncmp(_this, _that, _thislen)), \ test_create_description(__VA_ARGS__), test_directive, test_reason, \ __FILE__, __LINE__, \ "# '%.*s'\n" \ @@ -129,7 +138,7 @@ extern struct one_test_s testlist[]; ({ \ CFTypeRef _this = (THIS); \ CFTypeRef _that = (THAT); \ - test_ok(CFEqualSafe(_this, _that), test_create_description(__VA_ARGS__), test_directive, test_reason, \ + test_ok(TEST_CHECK(CFEqualSafe(_this, _that)), test_create_description(__VA_ARGS__), test_directive, test_reason, \ __FILE__, __LINE__, \ "# '%@'\n" \ "# eq\n" \ @@ -157,7 +166,7 @@ extern struct one_test_s testlist[]; #define ok_status(THIS, ...) \ ({ \ - OSStatus _this = (THIS); \ + OSStatus _this = THIS; \ test_ok(!_this, test_create_description(__VA_ARGS__), \ test_directive, test_reason, __FILE__, __LINE__, \ "# status: %s(%" PRId32 ")\n", \ @@ -167,7 +176,7 @@ extern struct one_test_s testlist[]; ({ \ OSStatus _this = (THIS); \ OSStatus _that = (THAT); \ - test_ok(_this == _that, test_create_description(__VA_ARGS__), \ + test_ok(TEST_CHECK(_this == _that), test_create_description(__VA_ARGS__), \ test_directive, test_reason, __FILE__, __LINE__, \ "# got: %s(%" PRId32 ")\n" \ "# expected: %s(%" PRId32 ")\n", \ diff --git a/OSX/regressions/test/testpolicy.m b/OSX/regressions/test/testpolicy.m index c22adc33..c1bda31e 100644 --- a/OSX/regressions/test/testpolicy.m +++ b/OSX/regressions/test/testpolicy.m @@ -100,10 +100,10 @@ static void runOneLeafTest(SecPolicyRef policy, } certArray = [NSMutableArray arrayWithArray:intermediates]; - [certArray insertObject:(id)certRef atIndex:0]; //The certificate to be verified must be the first in the array. + [certArray insertObject:(__bridge id)certRef atIndex:0]; //The certificate to be verified must be the first in the array. OSStatus err; - err = SecTrustCreateWithCertificates(certArray, policy, &trustRef); + err = SecTrustCreateWithCertificates((__bridge CFTypeRef _Nonnull)(certArray), policy, &trustRef); if (err) { ok_status(err, "SecTrustCreateWithCertificates"); goto exit; @@ -162,22 +162,23 @@ static void runCertificateTestFor(SecPolicyRef policy, void runCertificateTestForDirectory(SecPolicyRef policy, CFStringRef resourceSubDirectory, CFDateRef date) { - NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init]; NSMutableArray* allRoots = [NSMutableArray array]; NSMutableArray* allCAs = [NSMutableArray array]; NSMutableArray* certTests = [NSMutableArray array]; NSDictionary* expect = NULL; /* Iterate though the nist-certs resources dir. */ - NSURL* filesDirectory = [[[NSBundle mainBundle] resourceURL] URLByAppendingPathComponent:(NSString*)resourceSubDirectory]; + NSURL* filesDirectory = [[[NSBundle mainBundle] resourceURL] URLByAppendingPathComponent:(__bridge NSString*)resourceSubDirectory]; for (NSURL* fileURL in [[NSFileManager defaultManager] contentsOfDirectoryAtURL:filesDirectory includingPropertiesForKeys:[NSArray array] options:NSDirectoryEnumerationSkipsSubdirectoryDescendants error:nil]) { NSString* path = [fileURL path]; if ([path hasSuffix:@"Cert.crt"]) { SecCertificateRef certRef = SecCertificateCreateWithData(NULL, (CFDataRef)[NSData dataWithContentsOfFile:path]); - [allCAs addObject:(id)certRef]; + [allCAs addObject:(__bridge id)certRef]; + CFReleaseNull(certRef); } else if ([path hasSuffix:@"RootCertificate.crt"]) { SecCertificateRef certRef = SecCertificateCreateWithData(NULL, (CFDataRef)[NSData dataWithContentsOfFile:path]); - [allRoots addObject:(id)certRef]; + [allRoots addObject:(__bridge id)certRef]; + CFReleaseNull(certRef); } else if ([path hasSuffix:@".crt"]) { [certTests addObject:path]; } else if ([path hasSuffix:@".plist"]) { @@ -190,6 +191,4 @@ void runCertificateTestForDirectory(SecPolicyRef policy, CFStringRef resourceSub } runCertificateTestFor(policy, allRoots, allCAs, certTests, expect, date); - - [pool release]; } diff --git a/OSX/sec/IDSKeychainSyncingProxy/IDSKeychainSyncingProxy.1 b/OSX/sec/KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy.1 similarity index 93% rename from OSX/sec/IDSKeychainSyncingProxy/IDSKeychainSyncingProxy.1 rename to OSX/sec/KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy.1 index 712803f7..02112ebe 100644 --- a/OSX/sec/IDSKeychainSyncingProxy/IDSKeychainSyncingProxy.1 +++ b/OSX/sec/KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy.1 @@ -4,10 +4,10 @@ .\"man mdoc for the short list of editing options .\"/usr/share/misc/mdoc.template .Dd 12/20/12 \" DATE -.Dt IDSKeychainSyncingProxy 1 \" Program name and manual section number +.Dt KeychainSyncingOverIDSProxy 1 \" Program name and manual section number .Os Darwin .Sh NAME \" Section Header - required - don't modify -.Nm IDSKeychainSyncingProxy, +.Nm KeychainSyncingOverIDSProxy, .\" The following lines are read in generating the apropos(man -k) database. Use only key .\" words here as the database is built based on the words here and in the .ND line. .Nm Other_name_for_same_program(), diff --git a/OSX/sec/SOSCircle/CKBridge/CKClient.c b/OSX/sec/SOSCircle/CKBridge/CKClient.c deleted file mode 100644 index f452dfb2..00000000 --- a/OSX/sec/SOSCircle/CKBridge/CKClient.c +++ /dev/null @@ -1,493 +0,0 @@ -/* - * Copyright (c) 2012,2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -// -// ckdxpcclient.c -// ckd-xpc -// - -/* - This XPC service is essentially just a proxy to iCloud KVS, which exists since - the main security code cannot link against Foundation. - - See sendTSARequestWithXPC in tsaSupport.c for how to call the service - - The client of an XPC service does not get connection events, nor does it - need to deal with transactions. -*/ - -//------------------------------------------------------------------------------------------------ - -#include - -#include -#include -#include -#include -#include - -#include -#include - -#include "CKConstants.h" - -#define __CKDXPC_CLIENT_PRIVATE_INDIRECT__ 1 -#include "CKClient.h" - - -#define pdebug(format...) secerror(format) - -#define verboseCKDDebugging 1 - -#ifndef NDEBUG - #define xpdebug(format...) \ - do { \ - if (verboseCKDDebugging) \ - printf(format); \ - } while (0) -#else - //empty - #define xpdebug(format...) -#endif - - -static xpc_connection_t serviceConnection = NULL; -static dispatch_queue_t xpc_queue = NULL; -static CloudKeychainReplyBlock itemsChangedBlock; - -static bool handle_xpc_event(const xpc_connection_t peer, xpc_object_t event); -static bool xpc_event_filter(const xpc_connection_t peer, xpc_object_t event, CFErrorRef *error); - -// extern CFTypeRef _CFXPCCreateCFObjectFromXPCObject(xpc_object_t xo); -// extern xpc_object_t _CFXPCCreateXPCObjectFromCFObject(CFTypeRef cf); - -// Debug -static void describeXPCObject(char *prefix, xpc_object_t object); -void describeXPCType(char *prefix, xpc_type_t xtype); - -static CFStringRef sErrorDomain = CFSTR("com.apple.security.cloudkeychain"); - -enum { - kSOSObjectMallocFailed = 1, - kAddDuplicateEntry, - kSOSObjectNotFoundError = 1, - kSOSObjectCantBeConvertedToXPCObject, - kSOSOUnexpectedConnectionEvent, - kSOSOUnexpectedXPCEvent, - kSOSConnectionNotOpen -}; - -#define WANTXPCREPLY 0 - -#pragma mark ----- utilities ----- - -static CFErrorRef makeError(CFIndex which) -{ - CFDictionaryRef userInfo = NULL; - return CFErrorCreate(kCFAllocatorDefault, sErrorDomain, which, userInfo); -} - -#pragma mark ----- SPI ----- - -void initXPCConnection() -{ - pdebug("initXPCConnection\n"); - - xpc_queue = dispatch_queue_create(xpcServiceName, DISPATCH_QUEUE_SERIAL); - - serviceConnection = xpc_connection_create_mach_service(xpcServiceName, xpc_queue, 0); - -// serviceConnection = xpc_connection_create(xpcServiceName, xpc_queue); - pdebug("serviceConnection: %p\n", serviceConnection); - - xpc_connection_set_event_handler(serviceConnection, ^(xpc_object_t event) - { - pdebug("xpc_connection_set_event_handler\n"); - handle_xpc_event(serviceConnection, event); - }); - - xpc_connection_resume(serviceConnection); - xpc_retain(serviceConnection); -} - -void closeXPCConnection() -{ - pdebug("closeXPCConnection\n"); - xpc_release(serviceConnection); -} - -void setItemsChangedBlock(CloudKeychainReplyBlock icb) -{ - if (icb != itemsChangedBlock) - { - if (itemsChangedBlock) - Block_release(itemsChangedBlock); - itemsChangedBlock = icb; - Block_copy(itemsChangedBlock); - } -} - -// typedef void (^CloudKeychainReplyBlock)(CFDictionaryRef returnedValues, CFErrorRef error); - -static bool handle_xpc_event(const xpc_connection_t peer, xpc_object_t event) -{ - CFErrorRef localError = NULL; - pdebug(">>>>> handle_connection_event via event_handler <<<<<\n"); - bool result = false; - if ((result = xpc_event_filter(peer, event, &localError))) - { - const char *operation = xpc_dictionary_get_string(event, kMessageKeyOperation); - if (!operation || strcmp(operation, kMessageOperationItemChanged)) // some op we don't care about - { - pdebug("operation: %s", operation); - return result; - } - - xpc_object_t xrv = xpc_dictionary_get_value(event, kMessageKeyValue); - if (!xrv) - { - pdebug("xrv null for kMessageKeyValue"); - return result; - } - describeXPCObject("xrv", xrv); - - CFDictionaryRef returnedValues = _CFXPCCreateCFObjectFromXPCObject(xrv); - pdebug("returnedValues: %@", returnedValues); - - if (itemsChangedBlock) - itemsChangedBlock(returnedValues, localError); - } - CFReleaseSafe(localError); - - return result; -} - -static bool xpc_event_filter(const xpc_connection_t peer, xpc_object_t event, CFErrorRef *error) -{ - // return true if the type is XPC_TYPE_DICTIONARY (and therefore something more to process) - pdebug("handle_connection_event\n"); - xpc_type_t xtype = xpc_get_type(event); - describeXPCType("handle_xpc_event", xtype); - if (XPC_TYPE_CONNECTION == xtype) - { - pdebug("handle_xpc_event: XPC_TYPE_CONNECTION (unexpected)"); - // The client of an XPC service does not get connection events - // For nwo, we log this and keep going - describeXPCObject("handle_xpc_event: XPC_TYPE_CONNECTION, obj : ", event); -#if 0 - if (error) - *error = makeError(kSOSOUnexpectedConnectionEvent); // FIX - assert(true); -#endif - } - else - if (XPC_TYPE_ERROR == xtype) - { - pdebug("default: xpc error: %s\n", xpc_dictionary_get_string(event, XPC_ERROR_KEY_DESCRIPTION)); - if (error) - *error = makeError(kSOSOUnexpectedConnectionEvent); // FIX - } - else - if (XPC_TYPE_DICTIONARY == xtype) - { - pdebug("received dictionary event %p\n", event); - return true; - } - else - { - pdebug("default: unexpected connection event %p\n", event); - describeXPCObject("handle_xpc_event: obj : ", event); - if (error) - *error = makeError(kSOSOUnexpectedXPCEvent); - } - return false; -} - -static void talkWithKVS(xpc_object_t message, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ - secerror("start"); - __block CFErrorRef error = NULL; - __block CFTypeRef object = NULL; - - dispatch_block_t callback = ^{ - secerror("callback"); - if (replyBlock) - replyBlock(object, error); - // if (object) - // CFRelease(object); - if (error) - { - secerror("callback error: %@", error); - // CFRelease(error); - } - dispatch_release(processQueue); - }; - - require_action(serviceConnection, xit, error = makeError(kSOSConnectionNotOpen)); - require_action(message, xit, error = makeError(kSOSObjectNotFoundError)); - dispatch_retain(processQueue); - secerror("xpc_connection_send_message_with_reply called"); - - Block_copy(callback); - -//#if !WANTXPCREPLY - // xpc_connection_send_message(serviceConnection, message); // Send message; don't want a reply -//#else - xpc_connection_send_message_with_reply(serviceConnection, message, xpc_queue, ^(xpc_object_t reply) - { - secerror("xpc_connection_send_message_with_reply handler called back"); - if (xpc_event_filter(serviceConnection, reply, &error) && reply) - { - describeXPCObject("getValuesFromKVS: reply : ", reply); - xpc_object_t xrv = xpc_dictionary_get_value(reply, kMessageKeyValue); - if (xrv) - { - describeXPCObject("talkWithKVS: xrv: ", xrv); - /* - * The given XPC object must be one that was previously returned by - * _CFXPCCreateXPCMessageWithCFObject(). - */ - object = _CFXPCCreateCFObjectFromXPCObject(xrv); // CF object is retained; release in callback - secerror("converted CF object: %@", object); - } - else - secerror("missing value reply"); - } - dispatch_async(processQueue, callback); - }); -//#endif - -//sleep(5); // DEBUG DEBUG FIX - // xpc_release(message); - return; - -xit: - secerror("talkWithKVS error: %@", error); - if (replyBlock) - dispatch_async(processQueue, callback); -} - -void putValuesWithXPC(CFDictionaryRef values, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ - CFErrorRef error = NULL; - - require_action(values, xit, error = makeError(kSOSObjectNotFoundError)); - - xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0); - xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion); - xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationPUTDictionary); - - xpc_object_t xobject = _CFXPCCreateXPCObjectFromCFObject(values); - require_action(xobject, xit, error = makeError(kSOSObjectCantBeConvertedToXPCObject)); - xpc_dictionary_set_value(message, kMessageKeyValue, xobject); - - talkWithKVS(message, processQueue, replyBlock); - return; - -xit: - if (replyBlock) - replyBlock(NULL, error); -} - -void synchronizeKVS(dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ - xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0); - xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion); - xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationSynchronize); - talkWithKVS(message, processQueue, replyBlock); -} - -void clearAll(dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ - xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0); - xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion); - xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationClearStore); - talkWithKVS(message, processQueue, replyBlock); -} - -/* -extern xpc_object_t xpc_create_reply_with_format(xpc_object_t original, const char * format, ...); - xpc_object_t reply = xpc_create_reply_with_format(event, - "{keychain-paths: %value, all-paths: %value, extensions: %value, keychain-home: %value}", - keychain_paths, all_paths, sandbox_extensions, home); -*/ - -void getValuesFromKVS(CFArrayRef keysToGet, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ - secerror("start"); - CFErrorRef error = NULL; - xpc_object_t xkeysOfInterest = xpc_dictionary_create(NULL, NULL, 0); - xpc_object_t xkeysToGet = keysToGet ? _CFXPCCreateXPCObjectFromCFObject(keysToGet) : xpc_null_create(); - - require_action(xkeysToGet, xit, error = makeError(kSOSObjectNotFoundError)); - - xpc_dictionary_set_value(xkeysOfInterest, kMessageKeyKeysToGet, xkeysToGet); - - xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0); - xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion); - xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationGETv2); - xpc_dictionary_set_value(message, kMessageKeyValue, xkeysOfInterest); - - talkWithKVS(message, processQueue, replyBlock); - - xpc_release(message); - return; - -xit: - if (replyBlock) - replyBlock(NULL, error); -} - -void registerKeysForKVS(CFArrayRef keysToGet, CFStringRef clientIdentifier, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ - secerror("start"); - - xpc_object_t xkeysOfInterest = xpc_dictionary_create(NULL, NULL, 0); - xpc_object_t xkeysToRegister = keysToGet ? _CFXPCCreateXPCObjectFromCFObject(keysToGet) : xpc_null_create(); - xpc_dictionary_set_value(xkeysOfInterest, kMessageKeyKeysToGet, xkeysToRegister); - - xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0); - xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion); - xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationRegisterKeysAndGet); - xpc_dictionary_set_value(message, kMessageKeyValue, xkeysOfInterest); - - if (clientIdentifier) - { - char *clientid = CFStringToCString(clientIdentifier); - if (clientid) - { - xpc_dictionary_set_string(message, kMessageKeyClientIdentifier, clientid); - free(clientid); - } - } - - setItemsChangedBlock(replyBlock); - talkWithKVS(message, processQueue, replyBlock); - - xpc_release(message); -} - -void unregisterKeysForKVS(CFArrayRef keysToUnregister, CFStringRef clientIdentifier, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ -#if NO_SERVERz - if (gCKD->unregisterKeys) { - return gCKD->unregisterKeys(...); - } -#endif - - secerror("start"); - - xpc_object_t xkeysOfInterest = xpc_dictionary_create(NULL, NULL, 0); - xpc_object_t xkeysToUnregister = keysToUnregister ? _CFXPCCreateXPCObjectFromCFObject(keysToUnregister) : xpc_null_create(); - xpc_dictionary_set_value(xkeysOfInterest, kMessageKeyKeysToGet, xkeysToUnregister); - - xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0); - xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion); - xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationUnregisterKeys); - xpc_dictionary_set_value(message, kMessageKeyValue, xkeysOfInterest); - - if (clientIdentifier) - { - char *clientid = CFStringToCString(clientIdentifier); - if (clientid) - { - xpc_dictionary_set_string(message, kMessageKeyClientIdentifier, clientid); - free(clientid); - } - } - - talkWithKVS(message, processQueue, replyBlock); - - xpc_release(message); -} - -#pragma mark ----- CF-XPC Utilities ----- - - -#pragma mark ----- DEBUG Utilities ----- - -//------------------------------------------------------------------------------------------------ -// DEBUG only -//------------------------------------------------------------------------------------------------ - -void clearStore() -{ - xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0); - xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion); - xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationClearStore); - xpc_connection_send_message(serviceConnection, message); // Send message; don't wait for a reply - xpc_release(message); -} - -void describeXPCObject(char *prefix, xpc_object_t object) -{ -//#ifndef NDEBUG - // This is useful for debugging. - if (object) - { - char *desc = xpc_copy_description(object); - pdebug("%s%s\n", prefix, desc); - free(desc); - } - else - pdebug("%s\n", prefix); -//#endif -} - -void describeXPCType(char *prefix, xpc_type_t xtype) -{ - /* - Add these as necessary: - XPC_TYPE_ENDPOINT - XPC_TYPE_NULL - XPC_TYPE_BOOL - XPC_TYPE_INT64 - XPC_TYPE_UINT64 - XPC_TYPE_DOUBLE - XPC_TYPE_DATE - XPC_TYPE_DATA - XPC_TYPE_STRING - XPC_TYPE_UUID - XPC_TYPE_FD - XPC_TYPE_SHMEM - XPC_TYPE_ARRAY - */ - -#ifndef NDEBUG - // This is useful for debugging. - char msg[256]={0,}; - if (XPC_TYPE_CONNECTION == xtype) - strcpy(msg, "XPC_TYPE_CONNECTION"); - else if (XPC_TYPE_ERROR == xtype) - strcpy(msg, "XPC_TYPE_ERROR"); - else if (XPC_TYPE_DICTIONARY == xtype) - strcpy(msg, "XPC_TYPE_DICTIONARY"); - else - strcpy(msg, ""); - - pdebug("%s type:%s\n", prefix, msg); -#endif -} - - - diff --git a/OSX/sec/SOSCircle/CKBridge/CKClient.h b/OSX/sec/SOSCircle/CKBridge/CKClient.h deleted file mode 100644 index 84f3475e..00000000 --- a/OSX/sec/SOSCircle/CKBridge/CKClient.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 2012,2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -// -// ckdxpcclient.h -// ckd-xpc -// - -#include -#include -#include "SOSCloudKeychainClient.h" - -#ifndef _CKDXPC_CLIENT_H_ -#define _CKDXPC_CLIENT_H_ - -//#ifndef __CKDXPC_CLIENT_PRIVATE_INDIRECT__ -//#error "Please #include "SOSCloudKeychainClient.h" instead of this file directly." -//#endif /* __CKDXPC_CLIENT_PRIVATE_INDIRECT__ */ - -__BEGIN_DECLS - -void initXPCConnection(void); -void closeXPCConnection(void); -void setItemsChangedBlock(CloudKeychainReplyBlock icb); - -void putValuesWithXPC(CFDictionaryRef values, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); -void getValuesFromKVS(CFArrayRef keysToGet, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); - -void registerKeysForKVS(CFArrayRef keysToGet, CFStringRef clientIdentifier, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); -void unregisterKeysForKVS(CFArrayRef keysToGet, CFStringRef clientIdentifier, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); - -void synchronizeKVS(dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); -void clearAll(dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); - -// Debug - -void clearStore(void); - -__END_DECLS - -#endif /* _CKDXPC_CLIENT_H_ */ - diff --git a/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainClient.c b/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainClient.c index 6503f798..5886d732 100644 --- a/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainClient.c +++ b/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainClient.c @@ -56,7 +56,6 @@ #include "SOSKVSKeys.h" #include "SOSUserKeygen.h" #include "SecOTRSession.h" -#include "SOSCloudKeychainLogging.h" #include #include @@ -64,7 +63,6 @@ static CFStringRef sErrorDomain = CFSTR("com.apple.security.sos.transport.error"); -#define KVSLOGSTATE "kvsLogState" #define SOSCKCSCOPE "sync" // MARK: ---------- SOSCloudTransport ---------- @@ -357,16 +355,25 @@ xit: os_activity_end(trace_activity); } -static void talkWithKVS(SOSXPCCloudTransportRef transport, xpc_object_t message, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ + +typedef void (^ProxyReplyBlock)(xpc_object_t reply); + +static bool messageToProxy(SOSXPCCloudTransportRef transport, xpc_object_t message, CFErrorRef *error, dispatch_queue_t processQueue, ProxyReplyBlock replyBlock) { CFErrorRef connectionError = NULL; - - os_activity_t trace_activity = os_activity_start("talkWithKVS", OS_ACTIVITY_FLAG_DEFAULT); + require_action(transport->serviceConnection, xit, connectionError = makeError(kSOSConnectionNotOpen)); require_action(message, xit, connectionError = makeError(kSOSObjectNotFoundError)); - dispatch_retain(processQueue); - xpc_connection_send_message_with_reply(transport->serviceConnection, message, transport->xpc_queue, ^(xpc_object_t reply) + xpc_connection_send_message_with_reply(transport->serviceConnection, message, processQueue, replyBlock); +xit: + return CFErrorPropagate(connectionError, error); +} + +static void talkWithKVS(SOSXPCCloudTransportRef transport, xpc_object_t message, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) +{ + CFErrorRef messagingError = NULL; + dispatch_retain(processQueue); + bool messaged = messageToProxy(transport, message, &messagingError, transport->xpc_queue, ^(xpc_object_t reply) { CFErrorRef serverError = NULL; CFTypeRef object = NULL; @@ -405,18 +412,16 @@ static void talkWithKVS(SOSXPCCloudTransportRef transport, xpc_object_t message, dispatch_release(processQueue); }); }); - return; -xit: - secerror("talkWithKVS error: %@", connectionError); - dispatch_async(processQueue, ^{ - if (replyBlock) - replyBlock(NULL, connectionError); - CFReleaseSafe(connectionError); - dispatch_release(processQueue); - }); - - os_activity_end(trace_activity); + if (!messaged) { + secerror("talkWithKVS error: %@", messagingError); + dispatch_async(processQueue, ^{ + if (replyBlock) + replyBlock(NULL, messagingError); + CFReleaseSafe(messagingError); + dispatch_release(processQueue); + }); + } } // MARK: ---------- SOSXPCCloudTransport Client Calls ---------- @@ -538,6 +543,40 @@ static void SOSCloudTransportSendFragmentedIDSMessage(SOSCloudTransportRef trans xpc_release(message); } +static void SOSCloudTransportRetrievePendingMessagesInFlight(SOSCloudTransportRef transport, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock){ + + SOSXPCCloudTransportRef xpcTransport = (SOSXPCCloudTransportRef)transport; + + xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0); + xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion); + xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationGetPendingMesages); + + talkWithIDS(xpcTransport, message, processQueue, replyBlock); + + xpc_release(message); +} + +static void SOSCloudTransportCheckIDSDeviceIDAvailability(SOSCloudTransportRef transport, CFArrayRef ids, CFStringRef peerID, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) +{ + secdebug(SOSCKCSCOPE, "start"); + SOSXPCCloudTransportRef xpcTransport = (SOSXPCCloudTransportRef)transport; + + xpc_object_t xIDSArray = _CFXPCCreateXPCObjectFromCFObject(ids); + + xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0); + xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion); + xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationSendDeviceList); + + SecXPCDictionarySetCFObject(message, kMessageKeyPeerID, peerID); + xpc_dictionary_set_value(message, kMessageKeyValue, xIDSArray); + + talkWithIDS(xpcTransport, message, processQueue, replyBlock); + + xpc_release(xIDSArray); + xpc_release(message); + +} + static void SOSCloudTransportSendIDSMessage(SOSCloudTransportRef transport, CFDictionaryRef messageData, CFStringRef deviceName, CFStringRef peerID, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock){ SOSXPCCloudTransportRef xpcTransport = (SOSXPCCloudTransportRef)transport; @@ -558,6 +597,7 @@ static void SOSCloudTransportSendIDSMessage(SOSCloudTransportRef transport, CFDi static void SOSCloudTransportUpdateKeys(SOSCloudTransportRef transport, CFDictionaryRef keys, + CFStringRef accountUUID, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) { @@ -570,7 +610,8 @@ static void SOSCloudTransportUpdateKeys(SOSCloudTransportRef transport, xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion); xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationRegisterKeys); xpc_dictionary_set_value(message, kMessageKeyValue, xkeysOfInterest); - + SecXPCDictionarySetCFObject(message, kMessageKeyAccountUUID, accountUUID); + talkWithKVS(xpcTransport, message, processQueue, replyBlock); xpc_release(message); xpc_release(xkeysOfInterest); @@ -617,67 +658,111 @@ static void SOSCloudTransportClearAll(SOSCloudTransportRef transport, dispatch_q xpc_release(message); } -static void SOSCloudTransportRequestSyncWithAllPeers(SOSCloudTransportRef transport, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) +static void SOSCloudTransportRequestSyncWithPeers(SOSCloudTransportRef transport, CFArrayRef /* CFStringRef */ peers, CFArrayRef /* CFStringRef */ backupPeers, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) { secdebug(SOSCKCSCOPE, "start"); SOSXPCCloudTransportRef xpcTransport = (SOSXPCCloudTransportRef)transport; xpc_object_t xpcmessage = xpc_dictionary_create(NULL, NULL, 0); + xpc_dictionary_set_uint64(xpcmessage, kMessageKeyVersion, kCKDXPCVersion); - xpc_dictionary_set_string(xpcmessage, kMessageKeyOperation, kOperationRequestSyncWithAllPeers); - + xpc_dictionary_set_string(xpcmessage, kMessageKeyOperation, kOperationRequestSyncWithPeers); + + SecXPCDictionarySetCFObject(xpcmessage, kMessageKeyPeerIDList, peers); + SecXPCDictionarySetCFObject(xpcmessage, kMesssgeKeyBackupPeerIDList, backupPeers); + talkWithKVS(xpcTransport, xpcmessage, processQueue, replyBlock); xpc_release(xpcmessage); } -static void SOSCloudTransportRequestEnsurePeerRegistration(SOSCloudTransportRef transport, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) + +static bool SOSCloudTransportHasPeerSyncPending(SOSCloudTransportRef transport, CFStringRef peerID, CFErrorRef* error) { secdebug(SOSCKCSCOPE, "start"); SOSXPCCloudTransportRef xpcTransport = (SOSXPCCloudTransportRef)transport; + __block bool isSyncing = false; + xpc_object_t xpcmessage = xpc_dictionary_create(NULL, NULL, 0); + xpc_dictionary_set_uint64(xpcmessage, kMessageKeyVersion, kCKDXPCVersion); - xpc_dictionary_set_string(xpcmessage, kMessageKeyOperation, kOperationRequestEnsurePeerRegistration); + xpc_dictionary_set_string(xpcmessage, kMessageKeyOperation, kOperationHasPendingSyncWithPeer); - talkWithKVS(xpcTransport, xpcmessage, processQueue, replyBlock); + SecXPCDictionarySetCFObject(xpcmessage, kMessageKeyPeerID, peerID); - xpc_release(xpcmessage); + dispatch_semaphore_t wait = dispatch_semaphore_create(0); + bool sent = messageToProxy(xpcTransport, xpcmessage, error, dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^(xpc_object_t reply) { + isSyncing = xpc_dictionary_get_bool(reply, kMessageKeyValue); + dispatch_semaphore_signal(wait); + }); + + if (sent) { + dispatch_semaphore_wait(wait, DISPATCH_TIME_FOREVER); + } + + dispatch_release(wait); + + return sent && isSyncing; } -static void SOSCloudTransportFlush(SOSCloudTransportRef transport, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) + +static bool SOSCloudTransportHasPendingKey(SOSCloudTransportRef transport, CFStringRef keyName, CFErrorRef* error) { secdebug(SOSCKCSCOPE, "start"); SOSXPCCloudTransportRef xpcTransport = (SOSXPCCloudTransportRef)transport; + __block bool kvsHasMessage = false; + xpc_object_t xpcmessage = xpc_dictionary_create(NULL, NULL, 0); + xpc_dictionary_set_uint64(xpcmessage, kMessageKeyVersion, kCKDXPCVersion); - xpc_dictionary_set_string(xpcmessage, kMessageKeyOperation, kOperationFlush); + xpc_dictionary_set_string(xpcmessage, kMessageKeyOperation, kOperationHasPendingKey); - talkWithKVS(xpcTransport, xpcmessage, processQueue, replyBlock); + SecXPCDictionarySetCFObject(xpcmessage, kMessageKeyKey, keyName); - xpc_release(xpcmessage); + dispatch_semaphore_t kvsWait = dispatch_semaphore_create(0); + bool kvsSent = messageToProxy(xpcTransport, xpcmessage, error, dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^(xpc_object_t reply) { + kvsHasMessage = xpc_dictionary_get_bool(reply, kMessageKeyValue); + dispatch_semaphore_signal(kvsWait); + }); + + if (kvsSent) { + dispatch_semaphore_wait(kvsWait, DISPATCH_TIME_FOREVER); + } + + dispatch_release(kvsWait); + + return kvsSent && kvsHasMessage; } -static void SOSCloudTransportCheckIDSDeviceIDAvailability(SOSCloudTransportRef transport, CFArrayRef ids, CFStringRef peerID, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) + +static void SOSCloudTransportRequestEnsurePeerRegistration(SOSCloudTransportRef transport, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) { secdebug(SOSCKCSCOPE, "start"); SOSXPCCloudTransportRef xpcTransport = (SOSXPCCloudTransportRef)transport; - xpc_object_t xIDSArray = _CFXPCCreateXPCObjectFromCFObject(ids); + xpc_object_t xpcmessage = xpc_dictionary_create(NULL, NULL, 0); + xpc_dictionary_set_uint64(xpcmessage, kMessageKeyVersion, kCKDXPCVersion); + xpc_dictionary_set_string(xpcmessage, kMessageKeyOperation, kOperationRequestEnsurePeerRegistration); - xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0); - xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion); - xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationSendDeviceList); + talkWithKVS(xpcTransport, xpcmessage, processQueue, replyBlock); - SecXPCDictionarySetCFObject(message, kMessageKeyPeerID, peerID); - xpc_dictionary_set_value(message, kMessageKeyValue, xIDSArray); + xpc_release(xpcmessage); +} - talkWithIDS(xpcTransport, message, processQueue, replyBlock); +static void SOSCloudTransportFlush(SOSCloudTransportRef transport, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) +{ + secdebug(SOSCKCSCOPE, "start"); + SOSXPCCloudTransportRef xpcTransport = (SOSXPCCloudTransportRef)transport; - xpc_release(xIDSArray); - xpc_release(message); + xpc_object_t xpcmessage = xpc_dictionary_create(NULL, NULL, 0); + xpc_dictionary_set_uint64(xpcmessage, kMessageKeyVersion, kCKDXPCVersion); + xpc_dictionary_set_string(xpcmessage, kMessageKeyOperation, kOperationFlush); + talkWithKVS(xpcTransport, xpcmessage, processQueue, replyBlock); + + xpc_release(xpcmessage); } static SOSCloudTransportRef SOSCloudTransportCreateXPCTransport(void) @@ -688,6 +773,7 @@ static SOSCloudTransportRef SOSCloudTransportCreateXPCTransport(void) st->transport.updateKeys = SOSCloudTransportUpdateKeys; st->transport.sendIDSMessage = SOSCloudTransportSendIDSMessage; st->transport.sendFragmentedIDSMessage = SOSCloudTransportSendFragmentedIDSMessage; + st->transport.retrieveMessages = SOSCloudTransportRetrievePendingMessagesInFlight; st->transport.getDeviceID = SOSCloudTransportGetIDSDeviceID; st->transport.get = SOSCloudTransportGet; @@ -695,10 +781,12 @@ static SOSCloudTransportRef SOSCloudTransportCreateXPCTransport(void) st->transport.synchronize = SOSCloudTransportSync; st->transport.synchronizeAndWait = SOSCloudTransportSyncAndWait; st->transport.clearAll = SOSCloudTransportClearAll; - st->transport.requestSyncWithAllPeers = SOSCloudTransportRequestSyncWithAllPeers; + st->transport.requestSyncWithPeers = SOSCloudTransportRequestSyncWithPeers; + st->transport.hasPeerSyncPending = SOSCloudTransportHasPeerSyncPending; + st->transport.hasPendingKey = SOSCloudTransportHasPendingKey; st->transport.requestEnsurePeerRegistration = SOSCloudTransportRequestEnsurePeerRegistration; - st->transport.flush = SOSCloudTransportFlush; st->transport.getIDSDeviceAvailability = SOSCloudTransportCheckIDSDeviceIDAvailability; + st->transport.flush = SOSCloudTransportFlush; st->transport.itemsChangedBlock = Block_copy(^CFArrayRef(CFDictionaryRef changes) { secerror("Calling default itemsChangedBlock - fatal: %@", changes); assert(false); @@ -725,11 +813,11 @@ void SOSCloudKeychainPutObjectsInCloud(CFDictionaryRef objects, dispatch_queue_t cTransportRef->put(cTransportRef, objects, processQueue, replyBlock); } -void SOSCloudKeychainUpdateKeys(CFDictionaryRef keys, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) +void SOSCloudKeychainUpdateKeys(CFDictionaryRef keys, CFStringRef accountUUID, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) { SOSCloudTransportRef cTransportRef = SOSCloudTransportDefaultTransport(); if (cTransportRef) - cTransportRef->updateKeys(cTransportRef, keys, processQueue, replyBlock); + cTransportRef->updateKeys(cTransportRef, keys, accountUUID, processQueue, replyBlock); } void SOSCloudKeychainSendIDSMessage(CFDictionaryRef message, CFStringRef deviceName, CFStringRef peerID, dispatch_queue_t processQueue, CFBooleanRef fragmentation, CloudKeychainReplyBlock replyBlock) @@ -742,12 +830,14 @@ void SOSCloudKeychainSendIDSMessage(CFDictionaryRef message, CFStringRef deviceN cTransportRef->sendIDSMessage(cTransportRef, message, deviceName, peerID, processQueue, replyBlock); } -void SOSCloudKeychainGetIDSDeviceAvailability(CFArrayRef ids, CFStringRef peerID, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock){ +void SOSCloudKeychainRetrievePendingMessageFromProxy(dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) +{ SOSCloudTransportRef cTransportRef = SOSCloudTransportDefaultTransport(); - if (cTransportRef) - cTransportRef->getIDSDeviceAvailability(cTransportRef, ids, peerID, processQueue, replyBlock); + if(cTransportRef) + cTransportRef->retrieveMessages(cTransportRef, processQueue, replyBlock); + } void SOSCloudKeychainGetIDSDeviceID(CloudKeychainReplyBlock replyBlock) { @@ -756,7 +846,13 @@ void SOSCloudKeychainGetIDSDeviceID(CloudKeychainReplyBlock replyBlock) cTransportRef->getDeviceID(cTransportRef, replyBlock); } - +void SOSCloudKeychainGetIDSDeviceAvailability(CFArrayRef ids, CFStringRef peerID, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock){ + + SOSCloudTransportRef cTransportRef = SOSCloudTransportDefaultTransport(); + + if (cTransportRef) + cTransportRef->getIDSDeviceAvailability(cTransportRef, ids, peerID, processQueue, replyBlock); +} CF_RETURNS_RETAINED CFArrayRef SOSCloudKeychainHandleUpdateMessage(CFDictionaryRef updates) { CFArrayRef result = NULL; @@ -803,11 +899,23 @@ void SOSCloudKeychainClearAll(dispatch_queue_t processQueue, CloudKeychainReplyB cTransportRef->clearAll(cTransportRef, processQueue, replyBlock); } -void SOSCloudKeychainRequestSyncWithAllPeers(dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) +void SOSCloudKeychainRequestSyncWithPeers(CFArrayRef /* CFStringRef */ peers, CFArrayRef /* CFStringRef */ backupPeers, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) { SOSCloudTransportRef cTransportRef = SOSCloudTransportDefaultTransport(); if (cTransportRef) - cTransportRef->requestSyncWithAllPeers(cTransportRef, processQueue, replyBlock); + cTransportRef->requestSyncWithPeers(cTransportRef, peers, backupPeers, processQueue, replyBlock); +} + +bool SOSCloudKeychainHasPendingKey(CFStringRef keyName, CFErrorRef* error) { + SOSCloudTransportRef cTransportRef = SOSCloudTransportDefaultTransport(); + + return cTransportRef && cTransportRef->hasPendingKey(cTransportRef, keyName, error); +} + +bool SOSCloudKeychainHasPendingSyncWithPeer(CFStringRef peerID, CFErrorRef* error) { + SOSCloudTransportRef cTransportRef = SOSCloudTransportDefaultTransport(); + + return cTransportRef && cTransportRef->hasPeerSyncPending(cTransportRef, peerID, error); } void SOSCloudKeychainRequestEnsurePeerRegistration(dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) diff --git a/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainClient.h b/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainClient.h index dc1bddc2..a33fbb89 100644 --- a/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainClient.h +++ b/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainClient.h @@ -65,11 +65,11 @@ typedef struct SOSCloudTransport *SOSCloudTransportRef; struct SOSCloudTransport { void (*put)(SOSCloudTransportRef transport, CFDictionaryRef valuesToPut, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); - void (*updateKeys)(SOSCloudTransportRef transport, CFDictionaryRef keys, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); + void (*updateKeys)(SOSCloudTransportRef transport, CFDictionaryRef keys, CFStringRef accountUUID, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); void (*sendIDSMessage)(SOSCloudTransportRef transport, CFDictionaryRef data, CFStringRef deviceName, CFStringRef peerID, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); void (*sendFragmentedIDSMessage)(SOSCloudTransportRef transport, CFDictionaryRef data, CFStringRef deviceName, CFStringRef peerID, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); - + void (*retrieveMessages) (SOSCloudTransportRef transport, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); void (*getDeviceID)(SOSCloudTransportRef transport, CloudKeychainReplyBlock replyBlock); // Debug calls @@ -80,11 +80,17 @@ struct SOSCloudTransport void (*clearAll)(SOSCloudTransportRef transport, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); void (*removeObjectForKey)(SOSCloudTransportRef transport, CFStringRef keyToRemove, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); - void (*requestSyncWithAllPeers)(SOSCloudTransportRef transport, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); + + bool (*hasPendingKey)(SOSCloudTransportRef transport, CFStringRef keyName, CFErrorRef* error); + + void (*requestSyncWithPeers)(SOSCloudTransportRef transport, CFArrayRef /* CFStringRef */ peers, CFArrayRef /* CFStringRef */ backupPeers, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); + bool (*hasPeerSyncPending)(SOSCloudTransportRef transport, CFStringRef peerID, CFErrorRef* error); + void (*requestEnsurePeerRegistration)(SOSCloudTransportRef transport, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); void (*flush)(SOSCloudTransportRef transport, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); - void (*getIDSDeviceAvailability)(SOSCloudTransportRef transport, CFArrayRef ids, CFStringRef peerID, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); const void *itemsChangedBlock; + void (*getIDSDeviceAvailability)(SOSCloudTransportRef transport, CFArrayRef ids, CFStringRef peerID, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); + }; /* Call this function before calling any other function in this header to provide @@ -93,8 +99,9 @@ void SOSCloudKeychainSetTransport(SOSCloudTransportRef transport); void SOSCloudKeychainGetIDSDeviceID(CloudKeychainReplyBlock replyBlock); void SOSCloudKeychainSendIDSMessage(CFDictionaryRef message, CFStringRef deviceName, CFStringRef peerID, dispatch_queue_t processQueue, CFBooleanRef fragmentation, CloudKeychainReplyBlock replyBlock); +void SOSCloudKeychainRetrievePendingMessageFromProxy(dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); -void SOSCloudKeychainUpdateKeys(CFDictionaryRef keys, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); +void SOSCloudKeychainUpdateKeys(CFDictionaryRef keys, CFStringRef accountUUID, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); void SOSCloudKeychainUnRegisterKeys(CFArrayRef keysToUnregister, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); void SOSCloudKeychainPutObjectsInCloud(CFDictionaryRef objects, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); @@ -110,13 +117,16 @@ void SOSCloudKeychainGetObjectsFromCloud(CFArrayRef keysToGet, dispatch_queue_t void SOSCloudKeychainSynchronize(dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); void SOSCloudKeychainClearAll(dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); void SOSCloudKeychainGetAllObjectsFromCloud(dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); +bool SOSCloudKeychainHasPendingKey(CFStringRef keyName, CFErrorRef* error); + +void SOSCloudKeychainRequestSyncWithPeers(CFArrayRef /* CFStringRef */ peers, CFArrayRef /* CFStringRef */ backupPeers, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); +bool SOSCloudKeychainHasPendingSyncWithPeer(CFStringRef peerID, CFErrorRef* error); -void SOSCloudKeychainRequestSyncWithAllPeers(dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); void SOSCloudKeychainRequestEnsurePeerRegistration(dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); void SOSCloudKeychainFlush(dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); -void SOSCloudKeychainGetIDSDeviceAvailability(CFArrayRef ids, CFStringRef peerID, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); CFDictionaryRef SOSCloudCopyKVSState(void); +void SOSCloudKeychainGetIDSDeviceAvailability(CFArrayRef ids, CFStringRef peerID, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); __END_DECLS diff --git a/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainConstants.c b/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainConstants.c index 6e3d4f35..9e69d9ef 100644 --- a/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainConstants.c +++ b/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainConstants.c @@ -41,7 +41,7 @@ const uint64_t kCKDXPCVersion = 1; // seems like launchd looks for the BundleIdentifier, not the name const char *xpcServiceName = "com.apple.security.cloudkeychainproxy3"; //"CloudKeychainProxy"; -const char *xpcIDSServiceName = "com.apple.security.idskeychainsyncingproxy"; +const char *xpcIDSServiceName = "com.apple.security.keychainsyncingoveridsproxy"; const char *kMessageKeyOperation = "operation"; const char *kMessageKeyKey = "key"; @@ -53,6 +53,9 @@ const char *kMessageKeyKeysToGet = "KeysToGet"; const char *kMessageKeyKeysRequireFirstUnlock = "KeysRequireFirstUnlock"; const char *kMessageKeyKeysRequiresUnlocked = "KeysRequiresUnlocked"; const char *kMessageKeyNotificationFlags = "NotificationFlags"; +const char *kMessageKeyPeerIDList = "peerIDList"; +const char *kMesssgeKeyBackupPeerIDList = "backupPeerIDList"; +const char *kOperationSendDeviceList = "IDSDeviceList"; /* parameters within the dictionary */ const char *kMessageAlwaysKeys = "AlwaysKeys"; @@ -69,6 +72,7 @@ const char *kMessageKeyIDSDataMessage = "idsDataMessage"; const char *kMessageKeyDeviceID = "deviceID"; const char *kMessageKeyPeerID = "peerID"; const char *kMessageKeySendersPeerID = "sendersPeerID"; +const char *kMessageKeyAccountUUID = "AcctUUID"; const char *kMessageOperationItemChanged = "ItemChanged"; @@ -84,11 +88,14 @@ const char *kOperationGETv2 = "GETv2"; const char *kOperationRegisterKeys = "RegisterKeys"; const char *kOperationGetDeviceID = "DeviceID"; -const char *kOperationSendDeviceList = "IDSDeviceList"; +const char *kOperationHasPendingKey = "hasPendingKey"; + const char *kOperationSendIDSMessage = "IDSMessage"; const char *kOperationSendFragmentedIDSMessage = "IDSMessageFragmented"; +const char *kOperationGetPendingMesages = "IDSPendingMessages"; -const char *kOperationRequestSyncWithAllPeers = "requestSyncWithAllPeers"; +const char *kOperationRequestSyncWithPeers = "requestSyncWithPeers"; +const char *kOperationHasPendingSyncWithPeer = "hasPendingSyncWithPeer"; const char *kOperationRequestEnsurePeerRegistration = "requestEnsurePeerRegistration"; diff --git a/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainConstants.h b/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainConstants.h index d3e36e24..d374954e 100644 --- a/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainConstants.h +++ b/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainConstants.h @@ -44,12 +44,16 @@ extern const char *kMessageKeyKeysRequireFirstUnlock; extern const char *kMessageKeyKeysRequiresUnlocked; extern const char *kMessageOperationItemChanged; extern const char *kMessageKeyNotificationFlags; +extern const char *kMessageKeyPeerIDList; +extern const char *kMesssgeKeyBackupPeerIDList; extern const char *kMessageKeyIDS; extern const char *kMessageKeyDeviceName; extern const char *kMessageKeyIDSDataMessage; extern const char *kMessageKeyDeviceID; extern const char *kMessageKeyPeerID; extern const char *kMessageKeySendersPeerID; +extern const char *kMessageKeyAccountUUID; +extern const char *kOperationSendDeviceList; extern const char *kMessageContext; extern const char *kMessageKeyParameter; @@ -69,17 +73,20 @@ extern const char *kOperationPUTDictionary; extern const char *kOperationGETv2; extern const char *kOperationRegisterKeys; extern const char *kOperationGetDeviceID; +extern const char *kOperationHasPendingKey; extern const uint64_t kCKDXPCVersion; extern const char *kOperationFlush; -extern const char *kOperationRequestSyncWithAllPeers; +extern const char *kOperationRequestSyncWithPeers; +extern const char *kOperationHasPendingSyncWithPeer; + extern const char *kOperationRequestEnsurePeerRegistration; extern const char *kOperationSendIDSMessage; -extern const char *kOperationSendDeviceList; extern const char *kOperationSendFragmentedIDSMessage; +extern const char *kOperationGetPendingMesages; extern const char * const kCloudKeychainStorechangeChangeNotification; diff --git a/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainLogging.c b/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainLogging.c deleted file mode 100644 index 066e05ec..00000000 --- a/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainLogging.c +++ /dev/null @@ -1,222 +0,0 @@ -// -// SOSCloudKeychainLogging.c -// sec -// -// Created by Richard Murphy on 6/21/16. -// -// - -#include -#include -//#include -//#include -#include -#include -#include -#include "SOSCloudKeychainConstants.h" -#include "SOSCloudKeychainClient.h" -#include "SOSKVSKeys.h" -#include "SOSUserKeygen.h" -#include "SecOTRSession.h" -#include "SOSCloudKeychainLogging.h" - - -#define DATE_LENGTH 18 - -#define KVSLOGSTATE "kvsLogState" - -static CFStringRef SOSCloudKVSCreateDateFromValue(CFDataRef valueAsData) { - CFStringRef dateString = NULL; - CFDataRef dateData = CFDataCreateCopyFromRange(kCFAllocatorDefault, valueAsData, CFRangeMake(0, DATE_LENGTH)); - require_quiet(dateData, retOut); - dateString = CFStringCreateFromExternalRepresentation(kCFAllocatorDefault, dateData, kCFStringEncodingUTF8); - CFReleaseNull(dateData); -retOut: - return dateString; -} - -static CFDataRef SOSCloudKVSCreateDataFromValueAfterDate(CFDataRef valueAsData) { - return CFDataCreateCopyFromPositions(kCFAllocatorDefault, valueAsData, DATE_LENGTH, CFDataGetLength(valueAsData)); -} - -static void SOSCloudKVSLogCircle(CFTypeRef key, CFStringRef dateString, CFTypeRef value) { - if(!isData(value)) return; - SOSCircleRef circle = SOSCircleCreateFromData(NULL, value, NULL); - require_quiet(circle, retOut); - secnotice(KVSLOGSTATE, "%@ %@:", key, dateString); - SOSCircleLogState(KVSLOGSTATE, circle, NULL, NULL); - CFReleaseSafe(circle); -retOut: - return; -} - -static void SOSCloudKVSLogLastCircle(CFTypeRef key, CFTypeRef value) { - if(!isData(value)) return; - CFStringRef circle = NULL; - CFStringRef from = NULL; - CFStringRef peerID = CFSTR(" "); - bool parsed = SOSKVSKeyParse(kLastCircleKey, key, &circle, NULL, NULL, NULL, &from, NULL); - if(parsed) { - peerID = from; - } - CFStringRef speerID = CFStringCreateTruncatedCopy(peerID, 8); - CFStringRef dateString = SOSCloudKVSCreateDateFromValue(value); - CFDataRef circleData = SOSCloudKVSCreateDataFromValueAfterDate(value); - CFStringRef keyPrefix = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("%@ from %@: "), circle, speerID); - SOSCloudKVSLogCircle(keyPrefix, dateString, circleData); - CFReleaseNull(keyPrefix); - CFReleaseNull(speerID); - CFReleaseNull(from); - CFReleaseNull(dateString); - CFReleaseNull(circleData); -} - -static void SOSCloudKVSLogKeyParameters(CFTypeRef key, CFStringRef dateString, CFTypeRef value) { - if(!isData(value)) return; - CFStringRef keyParameterDescription = UserParametersDescription(value); - if(!keyParameterDescription) keyParameterDescription = CFDataCopyHexString(value); - secnotice(KVSLOGSTATE, "%@: %@: %@", key, dateString, keyParameterDescription); - CFReleaseNull(keyParameterDescription); -} - -static void SOSCloudKVSLogLastKeyParameters(CFTypeRef key, CFTypeRef value) { - if(!isData(value)) return; - CFStringRef from = NULL; - CFStringRef peerID = CFSTR(" "); - bool parsed = SOSKVSKeyParse(kLastKeyParameterKey, key, NULL, NULL, NULL, NULL, &from, NULL); - if(parsed) { - peerID = from; - } - CFStringRef speerID = CFStringCreateTruncatedCopy(peerID, 8); - CFDataRef keyParameterData = SOSCloudKVSCreateDataFromValueAfterDate(value); - CFStringRef dateString = SOSCloudKVSCreateDateFromValue(value); - CFStringRef keyPrefix = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("k%@ from %@: "), kSOSKVSKeyParametersKey, speerID); - - SOSCloudKVSLogKeyParameters(keyPrefix, dateString, keyParameterData); - CFReleaseNull(keyPrefix); - CFReleaseNull(speerID); - CFReleaseNull(dateString); - CFReleaseNull(from); - CFReleaseNull(keyParameterData); -} - -static void SOSCloudKVSLogMessage(CFTypeRef key, CFTypeRef value) { - CFStringRef circle = NULL; - CFStringRef from = NULL; - CFStringRef to = NULL; - bool parsed = SOSKVSKeyParse(kMessageKey, key, &circle, NULL, NULL, NULL, &from, &to); - if(parsed) { - CFStringRef sfrom = CFStringCreateTruncatedCopy(from, 8); - CFStringRef sto = CFStringCreateTruncatedCopy(to, 8); - if(isData(value)){ - const char* messageType = SecOTRPacketTypeString(value); - secnotice(KVSLOGSTATE, "message packet from: %@ to: %@ : %s: %ld", sfrom, sto, messageType, CFDataGetLength(value)); - } else { - secnotice(KVSLOGSTATE, "message packet from: %@ to: %@: %@", sfrom, sto, value); - } - CFReleaseNull(sfrom); - CFReleaseNull(sto); - } else { - secnotice(KVSLOGSTATE, "%@: %@", key, value); - } - CFReleaseNull(circle); - CFReleaseNull(from); - CFReleaseNull(to); -} - -static void SOSCloudKVSLogRetirement(CFTypeRef key, CFTypeRef value) { - CFStringRef circle = NULL; - CFStringRef from = NULL; - bool parsed = SOSKVSKeyParse(kRetirementKey, key, &circle, NULL, NULL, NULL, &from, NULL); - if(parsed) { - CFStringRef sfrom = CFStringCreateTruncatedCopy(from, 8); - secnotice(KVSLOGSTATE, "Retired Peer: %@, from Circle: %@", sfrom, circle); - CFReleaseNull(sfrom); - } else { - secnotice(KVSLOGSTATE, "Retired Peer format unknown - %@", key); - } - CFReleaseNull(circle); - CFReleaseNull(from); -} - -static void SOSCloudKVSLogKeyType(CFTypeRef key, CFTypeRef value, SOSKVSKeyType type){ - switch (type) { - case kCircleKey: - SOSCloudKVSLogCircle(key, CFSTR(" Current "), value); - break; - case kRetirementKey: - SOSCloudKVSLogRetirement(key, value); - break; - case kMessageKey: - SOSCloudKVSLogMessage(key, value); - break; - case kParametersKey: - SOSCloudKVSLogKeyParameters(key, CFSTR(" Current "), value); - break; - case kLastKeyParameterKey: - SOSCloudKVSLogLastKeyParameters(key, value); - break; - case kLastCircleKey: - SOSCloudKVSLogLastCircle(key, value); - break; - case kInitialSyncKey: - case kAccountChangedKey: - case kDebugInfoKey: - case kRingKey: - case kPeerInfoKey: - default: - break; - } -} - -void SOSCloudKVSLogState(void) { - static int ordering[] = { - kParametersKey, - kLastKeyParameterKey, - kCircleKey, - kLastCircleKey, - kRetirementKey, - kMessageKey, - kInitialSyncKey, - kAccountChangedKey, - kDebugInfoKey, - kRingKey, - kPeerInfoKey, - kUnknownKey, - }; - dispatch_semaphore_t waitSemaphore = dispatch_semaphore_create(0); - dispatch_time_t finishTime = dispatch_time(DISPATCH_TIME_NOW, 10ull * NSEC_PER_SEC); - static volatile bool inUse = false; // Don't let log attempts stack - - if(!inUse) { - inUse = true; - dispatch_retain(waitSemaphore); - dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{ - CFDictionaryRef kvsDictionary = SOSCloudCopyKVSState(); - if(kvsDictionary){ - secnotice(KVSLOGSTATE, "Start"); - // if we have anything to log - do it here. - for (size_t i = 0; i < (sizeof(ordering) / sizeof(SOSKVSKeyType)); i++){ - CFDictionaryForEach(kvsDictionary, ^(const void *key, const void *value) { - if(SOSKVSKeyGetKeyType(key) == ordering[i]){ - SOSCloudKVSLogKeyType(key, value, ordering[i]); - } - }); - } - secnotice(KVSLOGSTATE, "Finish"); - CFReleaseNull(kvsDictionary); - } else{ - secnotice(KVSLOGSTATE, "dictionary from KVS is NULL"); - } - - inUse=false; - dispatch_semaphore_signal(waitSemaphore); - dispatch_release(waitSemaphore); - }); - } - - dispatch_semaphore_wait(waitSemaphore, finishTime); - dispatch_release(waitSemaphore); - -} - diff --git a/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainLogging.h b/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainLogging.h deleted file mode 100644 index 938d9c81..00000000 --- a/OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainLogging.h +++ /dev/null @@ -1,13 +0,0 @@ -// -// SOSCloudKeychainLogging.h -// sec -// -// -// - -#ifndef SOSCloudKeychainLogging_h -#define SOSCloudKeychainLogging_h - -void SOSCloudKVSLogState(void); - -#endif /* SOSCloudKeychainLogging_h */ diff --git a/OSX/sec/SOSCircle/CKBridge/SOSCloudTransport.c b/OSX/sec/SOSCircle/CKBridge/SOSCloudTransport.c deleted file mode 100644 index 5faf9fe3..00000000 --- a/OSX/sec/SOSCircle/CKBridge/SOSCloudTransport.c +++ /dev/null @@ -1,558 +0,0 @@ -/* - * Copyright (c) 2012,2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - - -/* - * SOSCloudTransport.c - Implementation of the transport layer from CKBridge to SOSAccount/SOSCircle - */ -/* - This XPC service is essentially just a proxy to iCloud KVS, which exists since - the main security code cannot link against Foundation. - - See sendTSARequestWithXPC in tsaSupport.c for how to call the service - - The client of an XPC service does not get connection events, nor does it - need to deal with transactions. -*/ - -#include -#include -#include -#include - -static CFStringRef sErrorDomain = CFSTR("com.apple.security.sos.transport.error"); - -enum -{ - kSOSObjectMallocFailed = 1, - kAddDuplicateEntry, - kSOSObjectNotFoundError = 1, - kSOSObjectCantBeConvertedToXPCObject, - kSOSOUnexpectedConnectionEvent, - kSOSOUnexpectedXPCEvent, - kSOSConnectionNotOpen -}; - -/* SOSCloudTransport, a statically initialized transport singleton. */ -struct SOSCloudTransport -{ - struct CloudTransport t; - unsigned version; - CFStringRef kvsID; - dispatch_once_t once; -}; - -#pragma mark ---------- Communication with XPC ---------- - - -//------------------------------------------------------------------------------------------------ - -#include - -#include -#include -#include -#include -#include - -#include -#include - -#include "CKConstants.h" - -#define zsecdebug(format...) secerror(format) - -static xpc_connection_t serviceConnection = NULL; -static dispatch_queue_t xpc_queue = NULL; -static CloudKeychainReplyBlock itemsChangedBlock; - -static bool handle_xpc_event(const xpc_connection_t peer, xpc_object_t event); -static bool xpc_event_filter(const xpc_connection_t peer, xpc_object_t event, CFErrorRef *error); - -// extern CFTypeRef _CFXPCCreateCFObjectFromXPCObject(xpc_object_t xo); -// extern xpc_object_t _CFXPCCreateXPCObjectFromCFObject(CFTypeRef cf); - -// Debug -static void describeXPCObject(char *prefix, xpc_object_t object); -static void describeXPCType(char *prefix, xpc_type_t xtype); - - - -#define WANTXPCREPLY 0 - -#pragma mark ----- utilities ----- - -static CFErrorRef makeError(CFIndex which) -{ - CFDictionaryRef userInfo = NULL; - return CFErrorCreate(kCFAllocatorDefault, sErrorDomain, which, userInfo); -} - -#pragma mark ----- SPI ----- - -static void initXPCConnection() -{ - zsecdebug("initXPCConnection\n"); - - xpc_queue = dispatch_queue_create(xpcServiceName, DISPATCH_QUEUE_SERIAL); - - serviceConnection = xpc_connection_create_mach_service(xpcServiceName, xpc_queue, 0); - -// serviceConnection = xpc_connection_create(xpcServiceName, xpc_queue); - zsecdebug("serviceConnection: %p\n", serviceConnection); - - xpc_connection_set_event_handler(serviceConnection, ^(xpc_object_t event) - { - zsecdebug("xpc_connection_set_event_handler\n"); - handle_xpc_event(serviceConnection, event); - }); - - xpc_connection_resume(serviceConnection); - xpc_retain(serviceConnection); -} - -#if 0 // unused -static void closeXPCConnection() -{ - zsecdebug("closeXPCConnection\n"); - xpc_release(serviceConnection); -} -#endif - -static void setItemsChangedBlock(CloudKeychainReplyBlock icb) -{ - if (icb != itemsChangedBlock) - { - if (itemsChangedBlock) - Block_release(itemsChangedBlock); - itemsChangedBlock = icb; - Block_copy(itemsChangedBlock); - } -} - -// typedef void (^CloudKeychainReplyBlock)(CFDictionaryRef returnedValues, CFErrorRef error); - -static bool handle_xpc_event(const xpc_connection_t peer, xpc_object_t event) -{ - CFErrorRef localError = NULL; - zsecdebug(">>>>> handle_connection_event via event_handler <<<<<\n"); - bool result = false; - if ((result = xpc_event_filter(peer, event, &localError))) - { - const char *operation = xpc_dictionary_get_string(event, kMessageKeyOperation); - if (!operation || strcmp(operation, kMessageOperationItemChanged)) // some op we don't care about - { - zsecdebug("operation: %s", operation); - return result; - } - - xpc_object_t xrv = xpc_dictionary_get_value(event, kMessageKeyValue); - if (!xrv) - { - zsecdebug("xrv null for kMessageKeyValue"); - return result; - } - describeXPCObject("xrv", xrv); - - CFDictionaryRef returnedValues = _CFXPCCreateCFObjectFromXPCObject(xrv); - zsecdebug("returnedValues: %@", returnedValues); - - if (itemsChangedBlock) - itemsChangedBlock(returnedValues, localError); - } - CFReleaseSafe(localError); - - return result; -} - -static bool xpc_event_filter(const xpc_connection_t peer, xpc_object_t event, CFErrorRef *error) -{ - // return true if the type is XPC_TYPE_DICTIONARY (and therefore something more to process) - zsecdebug("handle_connection_event\n"); - xpc_type_t xtype = xpc_get_type(event); - describeXPCType("handle_xpc_event", xtype); - if (XPC_TYPE_CONNECTION == xtype) - { - zsecdebug("handle_xpc_event: XPC_TYPE_CONNECTION (unexpected)"); - // The client of an XPC service does not get connection events - // For nwo, we log this and keep going - describeXPCObject("handle_xpc_event: XPC_TYPE_CONNECTION, obj : ", event); -#if 0 - if (error) - *error = makeError(kSOSOUnexpectedConnectionEvent); // FIX - assert(true); -#endif - } - else - if (XPC_TYPE_ERROR == xtype) - { - zsecdebug("default: xpc error: %s\n", xpc_dictionary_get_string(event, XPC_ERROR_KEY_DESCRIPTION)); - if (error) - *error = makeError(kSOSOUnexpectedConnectionEvent); // FIX - } - else - if (XPC_TYPE_DICTIONARY == xtype) - { - zsecdebug("received dictionary event %p\n", event); - return true; - } - else - { - zsecdebug("default: unexpected connection event %p\n", event); - describeXPCObject("handle_xpc_event: obj : ", event); - if (error) - *error = makeError(kSOSOUnexpectedXPCEvent); - } - return false; -} - -static void talkWithKVS(xpc_object_t message, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ - secerror("start"); - __block CFErrorRef error = NULL; - __block CFTypeRef object = NULL; - - dispatch_block_t callback = ^{ - secerror("callback"); - if (replyBlock) - replyBlock(object, error); - // if (object) - // CFRelease(object); - if (error) - { - secerror("callback error: %@", error); - // CFRelease(error); - } - dispatch_release(processQueue); - }; - - require_action(serviceConnection, xit, error = makeError(kSOSConnectionNotOpen)); - require_action(message, xit, error = makeError(kSOSObjectNotFoundError)); - dispatch_retain(processQueue); - secerror("xpc_connection_send_message_with_reply called"); - - Block_copy(callback); // TODO -- this should not be needed, I think - -//#if !WANTXPCREPLY - // xpc_connection_send_message(serviceConnection, message); // Send message; don't want a reply -//#else - xpc_connection_send_message_with_reply(serviceConnection, message, xpc_queue, ^(xpc_object_t reply) - { - secerror("xpc_connection_send_message_with_reply handler called back"); - if (xpc_event_filter(serviceConnection, reply, &error) && reply) - { - describeXPCObject("getValuesFromKVS: reply : ", reply); - xpc_object_t xrv = xpc_dictionary_get_value(reply, kMessageKeyValue); - if (xrv) - { - describeXPCObject("talkWithKVS: xrv: ", xrv); - /* - * The given XPC object must be one that was previously returned by - * _CFXPCCreateXPCMessageWithCFObject(). - */ - object = _CFXPCCreateCFObjectFromXPCObject(xrv); // CF object is retained; release in callback - secerror("converted CF object: %@", object); - } - else - secerror("missing value reply"); - } - dispatch_async(processQueue, callback); - }); -//#endif - -//sleep(5); // DEBUG DEBUG FIX - // xpc_release(message); - return; - -xit: - secerror("talkWithKVS error: %@", error); - if (replyBlock) - dispatch_async(processQueue, callback); -} - -static void putValuesWithXPC(CFDictionaryRef values, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ - CFErrorRef error = NULL; - - require_action(values, xit, error = makeError(kSOSObjectNotFoundError)); - - xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0); - xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion); - xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationPUTDictionary); - - xpc_object_t xobject = _CFXPCCreateXPCObjectFromCFObject(values); - require_action(xobject, xit, error = makeError(kSOSObjectCantBeConvertedToXPCObject)); - xpc_dictionary_set_value(message, kMessageKeyValue, xobject); - - talkWithKVS(message, processQueue, replyBlock); - return; - -xit: - if (replyBlock) - replyBlock(NULL, error); -} - -static void synchronizeKVS(dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ - xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0); - xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion); - xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationSynchronize); - talkWithKVS(message, processQueue, replyBlock); -} - -static void clearAll(dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ - xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0); - xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion); - xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationClearStore); - talkWithKVS(message, processQueue, replyBlock); -} - -static void getValuesFromKVS(CFArrayRef keysToGet, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ - secerror("start"); - CFErrorRef error = NULL; - xpc_object_t xkeysOfInterest = xpc_dictionary_create(NULL, NULL, 0); - xpc_object_t xkeysToGet = keysToGet ? _CFXPCCreateXPCObjectFromCFObject(keysToGet) : xpc_null_create(); - - require_action(xkeysToGet, xit, error = makeError(kSOSObjectNotFoundError)); - - xpc_dictionary_set_value(xkeysOfInterest, kMessageKeyKeysToGet, xkeysToGet); - - xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0); - xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion); - xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationGETv2); - xpc_dictionary_set_value(message, kMessageKeyValue, xkeysOfInterest); - - talkWithKVS(message, processQueue, replyBlock); - - xpc_release(message); - return; - -xit: - if (replyBlock) - replyBlock(NULL, error); -} - -static void registerKeysForKVS(CFArrayRef keysToGet, CFStringRef clientIdentifier, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ - secerror("start"); - - xpc_object_t xkeysOfInterest = xpc_dictionary_create(NULL, NULL, 0); - xpc_object_t xkeysToRegister = keysToGet ? _CFXPCCreateXPCObjectFromCFObject(keysToGet) : xpc_null_create(); - xpc_dictionary_set_value(xkeysOfInterest, kMessageKeyKeysToGet, xkeysToRegister); - - xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0); - xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion); - xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationRegisterKeysAndGet); - xpc_dictionary_set_value(message, kMessageKeyValue, xkeysOfInterest); - - if (clientIdentifier) - { - char *clientid = CFStringToCString(clientIdentifier); - if (clientid) - { - xpc_dictionary_set_string(message, kMessageKeyClientIdentifier, clientid); - free(clientid); - } - } - - setItemsChangedBlock(replyBlock); - talkWithKVS(message, processQueue, replyBlock); - - xpc_release(message); -} - -static void unregisterKeysForKVS(CFArrayRef keysToUnregister, CFStringRef clientIdentifier, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ -#if NO_SERVERz - if (gCKD->unregisterKeys) { - return gCKD->unregisterKeys(...); - } -#endif - - secerror("start"); - - xpc_object_t xkeysOfInterest = xpc_dictionary_create(NULL, NULL, 0); - xpc_object_t xkeysToUnregister = keysToUnregister ? _CFXPCCreateXPCObjectFromCFObject(keysToUnregister) : xpc_null_create(); - xpc_dictionary_set_value(xkeysOfInterest, kMessageKeyKeysToGet, xkeysToUnregister); - - xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0); - xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion); - xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationUnregisterKeys); - xpc_dictionary_set_value(message, kMessageKeyValue, xkeysOfInterest); - - if (clientIdentifier) - { - char *clientid = CFStringToCString(clientIdentifier); - if (clientid) - { - xpc_dictionary_set_string(message, kMessageKeyClientIdentifier, clientid); - free(clientid); - } - } - - talkWithKVS(message, processQueue, replyBlock); - - xpc_release(message); -} - -#pragma mark ----- DEBUG Utilities ----- - -//------------------------------------------------------------------------------------------------ -// DEBUG only -//------------------------------------------------------------------------------------------------ - -static void describeXPCObject(char *prefix, xpc_object_t object) -{ -//#ifndef NDEBUG - // This is useful for debugging. - if (object) - { - char *desc = xpc_copy_description(object); - zsecdebug("%s%s\n", prefix, desc); - free(desc); - } - else - zsecdebug("%s\n", prefix); -//#endif -} - -static void describeXPCType(char *prefix, xpc_type_t xtype) -{ - /* - Add these as necessary: - XPC_TYPE_ENDPOINT - XPC_TYPE_NULL - XPC_TYPE_BOOL - XPC_TYPE_INT64 - XPC_TYPE_UINT64 - XPC_TYPE_DOUBLE - XPC_TYPE_DATE - XPC_TYPE_DATA - XPC_TYPE_STRING - XPC_TYPE_UUID - XPC_TYPE_FD - XPC_TYPE_SHMEM - XPC_TYPE_ARRAY - */ - -#ifndef NDEBUG - // This is useful for debugging. - char msg[256]={0,}; - if (XPC_TYPE_CONNECTION == xtype) - strcpy(msg, "XPC_TYPE_CONNECTION"); - else if (XPC_TYPE_ERROR == xtype) - strcpy(msg, "XPC_TYPE_ERROR"); - else if (XPC_TYPE_DICTIONARY == xtype) - strcpy(msg, "XPC_TYPE_DICTIONARY"); - else - strcpy(msg, ""); - - zsecdebug("%s type:%s\n", prefix, msg); -#endif -} - -#pragma mark ---------- SOSCloudTransport ---------- - -static void SOSCloudTransportPut(SOSCloudTransportRef transport, CFDictionaryRef valuesToPut, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ - secerror("%@", valuesToPut); - putValuesWithXPC(valuesToPut, processQueue, replyBlock); -} - -static void SOSCloudTransportGet(SOSCloudTransportRef transport, CFArrayRef keysToGet, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ -// struct SOSCloudTransport *t = (struct SOSCloudTransport *)transport; - /* Get from KVS */ - secerror("%@", keysToGet); - getValuesFromKVS(keysToGet, processQueue, replyBlock); -} - -static void SOSCloudTransportRegisterKeys(SOSCloudTransportRef transport, CFArrayRef keysToGet, CFStringRef clientIdentifier, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ - /* RegisterKeys with KVS */ - registerKeysForKVS(keysToGet, clientIdentifier, processQueue, replyBlock); -} - -static void SOSCloudTransportUnregisterKeys(SOSCloudTransportRef transport, CFArrayRef keysToUnregister, CFStringRef clientIdentifier, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ - /* unregister from KVS */ - unregisterKeysForKVS(keysToUnregister, clientIdentifier, processQueue, replyBlock); -} - -static void SOSCloudTransportGetAll(SOSCloudTransportRef transport, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ - /* Get from KVS */ - getValuesFromKVS(NULL, processQueue, replyBlock); -} - -static void SOSCloudTransportSync(SOSCloudTransportRef transport, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ -// struct SOSCloudTransport *t = (struct SOSCloudTransport *)transport; - /* Sync KVS */ - synchronizeKVS(processQueue, replyBlock); -} - -static void SOSCloudTransportClearAll(SOSCloudTransportRef transport, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock) -{ -// struct SOSCloudTransport *t = (struct SOSCloudTransport *)transport; - /* clear KVS */ - clearAll(processQueue, replyBlock); -} - -static void SOSCloudTransportSetItemsChangedBlock(SOSCloudTransportRef transport, CloudKeychainReplyBlock itemsChangedBlock) -{ -// struct SOSCloudTransport *t = (struct SOSCloudTransport *)transport; - /* clear KVS */ - setItemsChangedBlock(itemsChangedBlock); -} - -static void SOSCloudTransportInit(void *ctx) -{ - struct SOSCloudTransport *st = (struct SOSCloudTransport *)ctx; - st->t.put = SOSCloudTransportPut; - st->t.registerKeys = SOSCloudTransportRegisterKeys; - st->t.unregisterKeys = SOSCloudTransportUnregisterKeys; - st->t.get = SOSCloudTransportGet; - st->t.getAll = SOSCloudTransportGetAll; - st->t.synchronize = SOSCloudTransportSync; - st->t.clearAll = SOSCloudTransportClearAll; - st->t.setItemsChangedBlock = SOSCloudTransportSetItemsChangedBlock; - - if (st->kvsID) - CFRetain(st->kvsID); - - st->version = 0; - initXPCConnection(); -} - -SOSCloudTransportRef SOSCloudTransportDefaultTransport(CFStringRef kvsID, uint32_t options) -{ - static struct SOSCloudTransport cloudTransport = {}; - cloudTransport.kvsID = kvsID; - dispatch_once_f(&cloudTransport.once, &cloudTransport, SOSCloudTransportInit); - return &cloudTransport.t; -} - - diff --git a/OSX/sec/SOSCircle/CKBridge/SOSCloudTransport.h b/OSX/sec/SOSCircle/CKBridge/SOSCloudTransport.h deleted file mode 100644 index 8a9631b8..00000000 --- a/OSX/sec/SOSCircle/CKBridge/SOSCloudTransport.h +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2012,2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - - -/* - * SOSCloudTransport.h - Implementation of the transport layer from CKBridge to SOSAccount/SOSCircle - */ - -/*! - @header SOSCloudTransport - The functions provided in SOSCloudTransport.h provide an interface - from CKBridge to SOSAccount/SOSCircle - */ - -#ifndef _SOSCLOUDTRANSPORT_H_ -#define _SOSCLOUDTRANSPORT_H_ - -#include - -#include "SOSCloudKeychainClient.h" - -__BEGIN_DECLS - -/* CKPTransport. */ - -/* CKPTransport protocol (not opaque). */ -typedef struct CloudTransport *SOSCloudTransportRef; -struct CloudTransport -{ - void (*put)(SOSCloudTransportRef transport, CFDictionaryRef valuesToPut, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); - - void (*registerKeys)(SOSCloudTransportRef transport, CFArrayRef keysToGet, CFStringRef clientIdentifier, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); - void (*unregisterKeys)(SOSCloudTransportRef transport, CFArrayRef keysToUnregister, CFStringRef clientIdentifier, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); - void (*setItemsChangedBlock)(SOSCloudTransportRef transport, CloudKeychainReplyBlock icb); - - // Debug calls - void (*get)(SOSCloudTransportRef transport, CFArrayRef keysToGet, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); - void (*getAll)(SOSCloudTransportRef transport, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); - void (*synchronize)(SOSCloudTransportRef transport, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); - void (*clearAll)(SOSCloudTransportRef transport, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock); -}; - -/* Return the singleton cloud transport instance. */ -/* pass NULL for kvsID to use real KVS */ -SOSCloudTransportRef SOSCloudTransportDefaultTransport(CFStringRef kvsID, uint32_t options); - -__END_DECLS - -#endif /* !_SOSCLOUDTRANSPORT_H_ */ diff --git a/OSX/sec/SOSCircle/CloudKeychainProxy/CKDKVSProxy.h b/OSX/sec/SOSCircle/CloudKeychainProxy/CKDKVSProxy.h deleted file mode 100644 index 6502ce5b..00000000 --- a/OSX/sec/SOSCircle/CloudKeychainProxy/CKDKVSProxy.h +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -// -// CKDKVSProxy.h -// ckd-xpc - -#import -#import -#import -#import - -#import - -#import "SOSCloudKeychainConstants.h" -#import "SOSCloudKeychainClient.h" - -#define XPROXYSCOPE "proxy" - -@interface UbiqitousKVSProxy : NSObject -{ - id currentiCloudToken; - CloudItemsChangedBlock itemsChangedCallback; - int callbackMethod; -} - -@property (retain, nonatomic) NSDictionary *keyParameterKeys; -@property (retain, nonatomic) NSDictionary *circleKeys; -@property (retain, nonatomic) NSDictionary *messageKeys; - -@property (retain, nonatomic) NSMutableSet *alwaysKeys; -@property (retain, nonatomic) NSMutableSet *firstUnlockKeys; -@property (retain, nonatomic) NSMutableSet *unlockedKeys; -@property (retain, nonatomic) NSMutableSet *pendingKeys; -@property (retain, nonatomic) NSMutableSet *shadowPendingKeys; -@property (retain, nonatomic) NSString *dsid; - -@property (atomic) bool syncWithPeersPending; -@property (atomic) bool shadowSyncWithPeersPending; -@property (atomic) bool inCallout; -@property (atomic) bool oldInCallout; -@property (atomic) bool unlockedSinceBoot; -@property (atomic) bool isLocked; -@property (atomic) bool seenKVSStoreChange; -@property (atomic) bool ensurePeerRegistration; -@property (atomic) bool shadowEnsurePeerRegistration; -@property (atomic) dispatch_time_t nextFreshnessTime; - -@property (atomic) dispatch_source_t syncTimer; -@property (atomic) bool syncTimerScheduled; -@property (atomic) dispatch_time_t deadline; -@property (atomic) dispatch_time_t lastSyncTime; - -@property (atomic) dispatch_queue_t ckdkvsproxy_queue; -@property (atomic) dispatch_queue_t calloutQueue; -@property (atomic) dispatch_queue_t freshParamsQueue; - -@property (atomic) dispatch_source_t penaltyTimer; -@property (atomic) bool penaltyTimerScheduled; -@property (retain, atomic) NSMutableDictionary *monitor; -@property (retain, atomic) NSDictionary *queuedMessages; - -+ (UbiqitousKVSProxy *) sharedKVSProxy; -- (NSString *)description; -- (id)init; -- (void)streamEvent:(xpc_object_t)notification; -- (void)setItemsChangedBlock:(CloudItemsChangedBlock)itemsChangedBlock; - -- (void)setObject:(id)obj forKey:(id)key; -- (id)get:(id)key; -- (NSDictionary *)getAll; -- (void)requestSynchronization:(bool)force; -- (void)waitForSynchronization:(NSArray *)keys handler:(void (^)(NSDictionary *values, NSError *err))handler; -- (void)clearStore; -- (void)recordWriteToKVS:(NSDictionary *)values; -- (NSDictionary*)recordHaltedValuesAndReturnValuesToSafelyWrite:(NSDictionary *)values; -- (void)setObjectsFromDictionary:(NSDictionary *)values; -- (void)removeObjectForKey:(NSString *)keyToRemove; -- (void)processAllItems; -- (void)requestSyncWithAllPeers; -- (void)requestEnsurePeerRegistration; - -- (NSUbiquitousKeyValueStore *)cloudStore; - --(void)registerAtTimeKeys:(NSDictionary*)keyparms; - -- (NSSet*) keysForCurrentLockState; -- (void) intersectWithCurrentLockState: (NSMutableSet*) set; - -- (NSMutableSet*) pendKeysAndGetNewlyPended: (NSSet*) keysToPend; - -- (NSMutableSet*) pendingKeysForCurrentLockState; -- (NSMutableSet*) pendKeysAndGetPendingForCurrentLockState: (NSSet*) startingSet; - -- (void) processPendingKeysForCurrentLockState; - -- (void)registerKeys: (NSDictionary*)keys; - -- (void)processKeyChangedEvent:(NSDictionary *)keysChangedInCloud; -- (NSMutableDictionary *)copyValues:(NSSet *)keysOfInterest; - -- (void) doAfterFlush: (dispatch_block_t) block; -- (void) calloutWith: (void(^)(NSSet *pending, bool syncWithPeersPending, bool ensurePeerRegistration, dispatch_queue_t queue, void(^done)(NSSet *handledKeys, bool handledSyncWithPeers, bool handledEnsurePeerRegistration))) callout; -- (void) sendKeysCallout: (NSSet *(^)(NSSet* pending, NSError **error)) handleKeys; - -@end diff --git a/OSX/sec/SOSCircle/CloudKeychainProxy/CKDKVSProxy.m b/OSX/sec/SOSCircle/CloudKeychainProxy/CKDKVSProxy.m deleted file mode 100644 index b4d0d7af..00000000 --- a/OSX/sec/SOSCircle/CloudKeychainProxy/CKDKVSProxy.m +++ /dev/null @@ -1,1428 +0,0 @@ -/* - * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -// -// CKDKVSProxy.m -// ckd-xpc -// - -#import -#import -#import -#import - -#import -#import -#import -#import -#import - -#import "CKDKVSProxy.h" -#import "CKDPersistentState.h" - -#include -#import - -#include -#include -#include - -#include "SOSCloudKeychainConstants.h" - -#include -#include - -/* - The total space available in your app’s iCloud key-value storage is 1 MB. - The maximum number of keys you can specify is 1024, and the size limit for - each value associated with a key is 1 MB. So, for example, if you store a - single large value of 1 MB for a single key, that consumes your total - available storage. If you store 1 KB of data for each key, you can use - 1,000 key-value pairs. - */ - -static const char *kStreamName = "com.apple.notifyd.matching"; - -static NSString *kKeyKeyParameterKeys = @"KeyParameterKeys"; -static NSString *kKeyCircleKeys = @"CircleKeys"; -static NSString *kKeyMessageKeys = @"MessageKeys"; - -static NSString *kKeyAlwaysKeys = @"AlwaysKeys"; -static NSString *kKeyFirstUnlockKeys = @"FirstUnlockKeys"; -static NSString *kKeyUnlockedKeys = @"UnlockedKeys"; -static NSString *kKeyPendingKeys = @"PendingKeys"; -static NSString *kKeyUnsentChangedKeys = @"unsentChangedKeys"; -static NSString *kKeyUnlockNotificationRequested = @"unlockNotificationRequested"; -static NSString *kKeySyncWithPeersPending = @"SyncWithPeersPending"; -static NSString *kKeyEnsurePeerRegistration = @"EnsurePeerRegistration"; -static NSString *kKeyDSID = @"DSID"; -static NSString *kMonitorState = @"MonitorState"; - -static NSString *kMonitorPenaltyBoxKey = @"Penalty"; -static NSString *kMonitorMessageKey = @"Message"; -static NSString *kMonitorConsecutiveWrites = @"ConsecutiveWrites"; -static NSString *kMonitorLastWriteTimestamp = @"LastWriteTimestamp"; -static NSString *kMonitorMessageQueue = @"MessageQueue"; -static NSString *kMonitorPenaltyTimer = @"PenaltyTimer"; - -static NSString *kMonitorTimeTable = @"TimeTable"; -static NSString *kMonitorFirstMinute = @"AFirstMinute"; -static NSString *kMonitorSecondMinute = @"BSecondMinute"; -static NSString *kMonitorThirdMinute = @"CThirdMinute"; -static NSString *kMonitorFourthMinute = @"DFourthMinute"; -static NSString *kMonitorFifthMinute = @"EFifthMinute"; -static NSString *kMonitorWroteInTimeSlice = @"TimeSlice"; - -#define kSecServerKeychainChangedNotification "com.apple.security.keychainchanged" - -static int max_penalty_timeout = 32; -static int seconds_per_minute = 5; -enum -{ - kCallbackMethodSecurityd = 0, - kCallbackMethodXPC = 1, -}; - -static const int64_t kMinSyncDelay = (NSEC_PER_MSEC * 500); // 500ms minimum delay before a syncWithAllPeers call. -static const int64_t kMaxSyncDelay = (NSEC_PER_SEC * 5); // 5s maximun delay for a given request -static const int64_t kMinSyncInterval = (NSEC_PER_SEC * 15); // 15s minimum time between successive syncWithAllPeers calls. -static const int64_t kSyncTimerLeeway = (NSEC_PER_MSEC * 250); // 250ms leeway for sync events. - -//KVS error codes -#define UPDATE_RESUBMIT 4 - -@interface NSUbiquitousKeyValueStore (NSUbiquitousKeyValueStore_PrivateZ) -- (void) _synchronizeWithCompletionHandler:(void (^)(NSError *error))completionHandler; - -@end - -@implementation UbiqitousKVSProxy - - -- (void)persistState -{ - [SOSPersistentState setRegisteredKeys:[self exportKeyInterests]]; -} - -+ (UbiqitousKVSProxy *) sharedKVSProxy -{ - static UbiqitousKVSProxy *sharedKVSProxy; - if (!sharedKVSProxy) { - static dispatch_once_t onceToken; - dispatch_once(&onceToken, ^{ - sharedKVSProxy = [[self alloc] init]; - }); - } - return sharedKVSProxy; -} - -- (id)init -{ - if (self = [super init]) - { - secnotice("event", "%@ start", self); - - _calloutQueue = dispatch_queue_create("CKDCallout", DISPATCH_QUEUE_SERIAL); - _freshParamsQueue = dispatch_queue_create("CKDFresh", DISPATCH_QUEUE_SERIAL); - _ckdkvsproxy_queue = dispatch_get_main_queue(); - - _syncTimer = dispatch_source_create(DISPATCH_SOURCE_TYPE_TIMER, 0, 0, dispatch_get_main_queue()); - dispatch_source_set_timer(_syncTimer, DISPATCH_TIME_FOREVER, DISPATCH_TIME_FOREVER, kSyncTimerLeeway); - dispatch_source_set_event_handler(_syncTimer, ^{ - [self timerFired]; - }); - dispatch_resume(_syncTimer); - - _monitor = [NSMutableDictionary dictionary]; - - [[NSNotificationCenter defaultCenter] - addObserver: self - selector: @selector (iCloudAccountAvailabilityChanged:) - name: NSUbiquityIdentityDidChangeNotification - object: nil]; - - [[NSNotificationCenter defaultCenter] addObserver:self - selector:@selector(cloudChanged:) - name:NSUbiquitousKeyValueStoreDidChangeExternallyNotification - object:nil]; - int notificationToken; - notify_register_dispatch(kSecServerKeychainChangedNotification, ¬ificationToken, dispatch_get_main_queue(), - ^ (int token __unused) - { - secinfo("backoff", "keychain changed, wiping backoff monitor state"); - _monitor = [NSMutableDictionary dictionary]; - }); - - [self importKeyInterests: [SOSPersistentState registeredKeys]]; - - // Register for lock state changes - xpc_set_event_stream_handler(kStreamName, dispatch_get_main_queue(), - ^(xpc_object_t notification){ - [self streamEvent:notification]; - }); - _dsid = @"";; - - [self updateUnlockedSinceBoot]; - [self updateIsLocked]; - if (!_isLocked) - [self keybagDidUnlock]; - - secdebug(XPROXYSCOPE, "%@ done", self); - } - return self; -} - -- (NSString *)description -{ - return [NSString stringWithFormat:@"<%s%s%s%s%s%s%s%s%s%s%s>", - _isLocked ? "L" : "U", - _unlockedSinceBoot ? "B" : "-", - _seenKVSStoreChange ? "K" : "-", - _syncTimerScheduled ? "T" : "-", - _syncWithPeersPending ? "s" : "-", - _ensurePeerRegistration ? "e" : "-", - [_pendingKeys count] ? "p" : "-", - _inCallout ? "C" : "-", - _shadowSyncWithPeersPending ? "S" : "-", - _shadowEnsurePeerRegistration ? "E" : "-", - [_shadowPendingKeys count] ? "P" : "-"]; -} - -- (void)processAllItems -{ - NSDictionary *allItems = [self getAll]; - if (allItems) - { - secnotice("event", "%@ sending: %@", self, [[allItems allKeys] componentsJoinedByString: @" "]); - [self processKeyChangedEvent:allItems]; - } - else - secdebug(XPROXYSCOPE, "%@ No items in KVS", self); -} - -- (void)setItemsChangedBlock:(CloudItemsChangedBlock)itemsChangedBlock -{ - self->itemsChangedCallback = itemsChangedBlock; -} - -- (void)dealloc -{ - secdebug(XPROXYSCOPE, "%@", self); - [[NSNotificationCenter defaultCenter] removeObserver:self - name:NSUbiquitousKeyValueStoreDidChangeExternallyNotification object:nil]; - - [[NSNotificationCenter defaultCenter] removeObserver:self - name:NSUbiquityIdentityDidChangeNotification object:nil]; -} - -// MARK: ----- Client Interface ----- - -- (void)setObject:(id)obj forKey:(id)key -{ - NSUbiquitousKeyValueStore *store = [self cloudStore]; - if (store) - { - id value = [store objectForKey:key]; - if (value) - secdebug("kvsdebug", "%@ key %@ changed: %@ to: %@", self, key, value, obj); - else - secdebug("kvsdebug", "%@ key %@ initialized to: %@", self, key, obj); - [store setObject:obj forKey:key]; - [self requestSynchronization:NO]; - } else { - secerror("Can't get kvs store, key: %@ not set to: %@", key, obj); - } -} - --(dispatch_source_t)setNewTimer:(int)timeout key:(NSString*)key -{ - __block dispatch_source_t timer = dispatch_source_create(DISPATCH_SOURCE_TYPE_TIMER, 0, 0, _ckdkvsproxy_queue); - dispatch_source_set_timer(timer, dispatch_time(DISPATCH_TIME_NOW, timeout * NSEC_PER_SEC * seconds_per_minute), DISPATCH_TIME_FOREVER, kSyncTimerLeeway); - dispatch_source_set_event_handler(timer, ^{ - [self penaltyTimerFired:key]; - }); - dispatch_resume(timer); - return timer; -} - --(void) increasePenalty:(NSNumber*)currentPenalty key:(NSString*)key keyEntry:(NSMutableDictionary**)keyEntry -{ - secinfo("backoff", "increasing penalty!"); - int newPenalty = 0; - if([currentPenalty intValue] == max_penalty_timeout){ - newPenalty = max_penalty_timeout; - } - else if ([currentPenalty intValue] == 0) - newPenalty = 1; - else - newPenalty = [currentPenalty intValue]*2; - - secinfo("backoff", "key %@, waiting %d minutes long to send next messages", key, newPenalty); - - NSNumber* penalty_timeout = [[NSNumber alloc]initWithInt:newPenalty]; - dispatch_source_t existingTimer = [*keyEntry valueForKey:kMonitorPenaltyTimer]; - - if(existingTimer != nil){ - [*keyEntry removeObjectForKey:kMonitorPenaltyTimer]; - dispatch_suspend(existingTimer); - dispatch_source_set_timer(existingTimer,dispatch_time(DISPATCH_TIME_NOW, newPenalty * NSEC_PER_SEC * seconds_per_minute), DISPATCH_TIME_FOREVER, kSyncTimerLeeway); - dispatch_resume(existingTimer); - [*keyEntry setObject:existingTimer forKey:kMonitorPenaltyTimer]; - } - else{ - dispatch_source_t timer = [self setNewTimer:newPenalty key:key]; - [*keyEntry setObject:timer forKey:kMonitorPenaltyTimer]; - } - - [*keyEntry setObject:penalty_timeout forKey:kMonitorPenaltyBoxKey]; - [_monitor setObject:*keyEntry forKey:key]; -} - --(void) decreasePenalty:(NSNumber*)currentPenalty key:(NSString*)key keyEntry:(NSMutableDictionary**)keyEntry -{ - int newPenalty = 0; - secinfo("backoff","decreasing penalty!"); - if([currentPenalty intValue] == 0 || [currentPenalty intValue] == 1) - newPenalty = 0; - else - newPenalty = [currentPenalty intValue]/2; - - secinfo("backoff","key %@, waiting %d minutes long to send next messages", key, newPenalty); - - NSNumber* penalty_timeout = [[NSNumber alloc]initWithInt:newPenalty]; - - dispatch_source_t existingTimer = [*keyEntry valueForKey:kMonitorPenaltyTimer]; - if(existingTimer != nil){ - [*keyEntry removeObjectForKey:kMonitorPenaltyTimer]; - dispatch_suspend(existingTimer); - if(newPenalty != 0){ - dispatch_source_set_timer(existingTimer,dispatch_time(DISPATCH_TIME_NOW, newPenalty * NSEC_PER_SEC * seconds_per_minute), DISPATCH_TIME_FOREVER, kSyncTimerLeeway); - dispatch_resume(existingTimer); - [*keyEntry setObject:existingTimer forKey:kMonitorPenaltyTimer]; - } - else{ - dispatch_resume(existingTimer); - dispatch_source_cancel(existingTimer); - } - } - else{ - if(newPenalty != 0){ - dispatch_source_t timer = [self setNewTimer:newPenalty key:key]; - [*keyEntry setObject:timer forKey:kMonitorPenaltyTimer]; - } - } - - [*keyEntry setObject:penalty_timeout forKey:kMonitorPenaltyBoxKey]; - [_monitor setObject:*keyEntry forKey:key]; - -} - -- (void)penaltyTimerFired:(NSString*)key -{ - secinfo("backoff","key: %@, !!!!!!!!!!!!!!!!penalty timeout is up!!!!!!!!!!!!", key); - NSMutableDictionary *keyEntry = [_monitor objectForKey:key]; - NSMutableDictionary *queuedMessages = [keyEntry objectForKey:kMonitorMessageQueue]; - secinfo("backoff","key: %@, queuedMessages: %@", key, queuedMessages); - if(queuedMessages && [queuedMessages count] != 0){ - secinfo("backoff","key: %@, message queue not empty, writing to KVS!", key); - [self setObjectsFromDictionary:queuedMessages]; - [keyEntry setObject:[NSMutableDictionary dictionary] forKey:kMonitorMessageQueue]; - } - //decrease timeout since we successfully wrote messages out - NSNumber *penalty_timeout = [keyEntry valueForKey:kMonitorPenaltyBoxKey]; - [self decreasePenalty:penalty_timeout key:key keyEntry:&keyEntry]; - - //recompute the timetable and number of consecutive writes to KVS - NSMutableDictionary *timetable = [keyEntry valueForKey:kMonitorTimeTable]; - NSNumber *consecutiveWrites = [keyEntry valueForKey:kMonitorConsecutiveWrites]; - [self recordTimestampForAppropriateInterval:&timetable key:key consecutiveWrites:&consecutiveWrites]; - - [keyEntry setObject:consecutiveWrites forKey:kMonitorConsecutiveWrites]; - [keyEntry setObject:timetable forKey:kMonitorTimeTable]; - [_monitor setObject:keyEntry forKey:key]; -} - --(NSMutableDictionary*)initializeTimeTable:(NSString*)key -{ - NSDate *currentTime = [NSDate date]; - NSMutableDictionary *firstMinute = [NSMutableDictionary dictionaryWithObjectsAndKeys:[currentTime dateByAddingTimeInterval: seconds_per_minute], kMonitorFirstMinute, @"YES", kMonitorWroteInTimeSlice, nil]; - NSMutableDictionary *secondMinute = [NSMutableDictionary dictionaryWithObjectsAndKeys:[currentTime dateByAddingTimeInterval: seconds_per_minute * 2],kMonitorSecondMinute, @"NO", kMonitorWroteInTimeSlice, nil]; - NSMutableDictionary *thirdMinute = [NSMutableDictionary dictionaryWithObjectsAndKeys:[currentTime dateByAddingTimeInterval: seconds_per_minute * 3], kMonitorThirdMinute, @"NO",kMonitorWroteInTimeSlice, nil]; - NSMutableDictionary *fourthMinute = [NSMutableDictionary dictionaryWithObjectsAndKeys:[currentTime dateByAddingTimeInterval: seconds_per_minute * 4],kMonitorFourthMinute, @"NO", kMonitorWroteInTimeSlice, nil]; - NSMutableDictionary *fifthMinute = [NSMutableDictionary dictionaryWithObjectsAndKeys:[currentTime dateByAddingTimeInterval: seconds_per_minute * 5], kMonitorFifthMinute, @"NO", kMonitorWroteInTimeSlice, nil]; - - NSMutableDictionary *timeTable = [NSMutableDictionary dictionaryWithObjectsAndKeys: firstMinute, kMonitorFirstMinute, - secondMinute, kMonitorSecondMinute, - thirdMinute, kMonitorThirdMinute, - fourthMinute, kMonitorFourthMinute, - fifthMinute, kMonitorFifthMinute, nil]; - return timeTable; -} - -- (void)initializeKeyEntry:(NSString*)key -{ - NSMutableDictionary *timeTable = [self initializeTimeTable:key]; - NSDate *currentTime = [NSDate date]; - - NSMutableDictionary *keyEntry = [NSMutableDictionary dictionaryWithObjectsAndKeys: key, kMonitorMessageKey, @0, kMonitorConsecutiveWrites, currentTime, kMonitorLastWriteTimestamp, @0, kMonitorPenaltyBoxKey, timeTable, kMonitorTimeTable,[NSMutableDictionary dictionary], kMonitorMessageQueue, nil]; - - [_monitor setObject:keyEntry forKey:key]; - -} - -- (void)recordTimestampForAppropriateInterval:(NSMutableDictionary**)timeTable key:(NSString*)key consecutiveWrites:(NSNumber**)consecutiveWrites -{ - NSDate *currentTime = [NSDate date]; - __block int cWrites = [*consecutiveWrites intValue]; - __block BOOL foundTimeSlot = NO; - __block NSMutableDictionary *previousTable = nil; - NSArray *sorted = [[*timeTable allKeys] sortedArrayUsingSelector:@selector(compare:)]; - [sorted enumerateObjectsUsingBlock:^(id sortedKey, NSUInteger idx, BOOL *stop) - { - if(foundTimeSlot == YES) - return; - [*timeTable enumerateKeysAndObjectsUsingBlock: ^(id key, id obj, BOOL *stop) - { - if(foundTimeSlot == YES) - return; - if([sortedKey isEqualToString:key]){ - NSMutableDictionary *minutesTable = (NSMutableDictionary*)obj; - NSString *minuteKey = (NSString*)key; - NSDate *date = [minutesTable valueForKey:minuteKey]; - if([date compare:currentTime] == NSOrderedDescending){ - foundTimeSlot = YES; - NSString* written = [minutesTable valueForKey:kMonitorWroteInTimeSlice]; - if([written isEqualToString:@"NO"]){ - [minutesTable setObject:@"YES" forKey:kMonitorWroteInTimeSlice]; - if(previousTable != nil){ - written = [previousTable valueForKey:kMonitorWroteInTimeSlice]; - if([written isEqualToString:@"YES"]){ - cWrites++; - } - else if ([written isEqualToString:@"NO"]){ - cWrites = 0; - } - } - } - return; - } - previousTable = minutesTable; - } - }]; - }]; - - if(foundTimeSlot == NO){ - //reset the time table - secinfo("backoff","didn't find a time slot, resetting the table"); - NSMutableDictionary *lastTable = [*timeTable valueForKey:kMonitorFifthMinute]; - NSDate *lastDate = [lastTable valueForKey:kMonitorFifthMinute]; - - if((double)[currentTime timeIntervalSinceDate: lastDate] >= seconds_per_minute){ - *consecutiveWrites = [[NSNumber alloc]initWithInt:0]; - } - else{ - NSString* written = [lastTable valueForKey:kMonitorWroteInTimeSlice]; - if([written isEqualToString:@"YES"]){ - cWrites++; - *consecutiveWrites = [[NSNumber alloc]initWithInt:cWrites]; - } - else{ - *consecutiveWrites = [[NSNumber alloc]initWithInt:0]; - } - } - - *timeTable = [self initializeTimeTable:key]; - return; - } - *consecutiveWrites = [[NSNumber alloc]initWithInt:cWrites]; -} -- (void)recordWriteToKVS:(NSDictionary *)values -{ - if([_monitor count] == 0){ - [values enumerateKeysAndObjectsUsingBlock: ^(id key, id obj, BOOL *stop) - { - [self initializeKeyEntry: key]; - }]; - } - else{ - [values enumerateKeysAndObjectsUsingBlock: ^(id key, id obj, BOOL *stop) - { - NSMutableDictionary *keyEntry = [_monitor objectForKey:key]; - if(keyEntry == nil){ - [self initializeKeyEntry: key]; - } - else{ - NSNumber *penalty_timeout = [keyEntry objectForKey:kMonitorPenaltyBoxKey]; - NSDate *lastWriteTimestamp = [keyEntry objectForKey:kMonitorLastWriteTimestamp]; - NSMutableDictionary *timeTable = [keyEntry objectForKey: kMonitorTimeTable]; - NSNumber *existingWrites = [keyEntry objectForKey: kMonitorConsecutiveWrites]; - NSDate *currentTime = [NSDate date]; - - [self recordTimestampForAppropriateInterval:&timeTable key:key consecutiveWrites:&existingWrites]; - - int consecutiveWrites = [existingWrites intValue]; - secinfo("backoff","consecutive writes: %d", consecutiveWrites); - [keyEntry setObject:existingWrites forKey:kMonitorConsecutiveWrites]; - [keyEntry setObject:timeTable forKey:kMonitorTimeTable]; - [keyEntry setObject:currentTime forKey:kMonitorLastWriteTimestamp]; - [_monitor setObject:keyEntry forKey:key]; - - if([penalty_timeout intValue] != 0 || ((double)[currentTime timeIntervalSinceDate: lastWriteTimestamp] <= 60 && consecutiveWrites >= 5)){ - if([penalty_timeout intValue] != 0) - secinfo("backoff","still in timeout, shouldn't write anything to KVS in this time period"); - else - secinfo("backoff","monitor: keys have been written for 5 or more minutes, time to bump penalty timers"); - [self increasePenalty:penalty_timeout key:key keyEntry:&keyEntry]; - } - //keep writing freely but record it - else if((double)[currentTime timeIntervalSinceDate: lastWriteTimestamp] <= 60 && consecutiveWrites < 5){ - secinfo("backoff","monitor: still writing freely"); - } - } - }]; - } -} - -- (NSDictionary*)recordHaltedValuesAndReturnValuesToSafelyWrite:(NSDictionary *)values -{ - NSMutableDictionary *SafeMessages = [NSMutableDictionary dictionary]; - [values enumerateKeysAndObjectsUsingBlock: ^(id key, id obj, BOOL *stop) - { - NSMutableDictionary *keyEntry = [_monitor objectForKey:key]; - NSNumber *penalty = [keyEntry objectForKey:kMonitorPenaltyBoxKey]; - if([penalty intValue] != 0){ - NSMutableDictionary* existingQueue = [keyEntry valueForKey:kMonitorMessageQueue]; - - [existingQueue setObject:obj forKey:key]; - - [keyEntry setObject:existingQueue forKey:kMonitorMessageQueue]; - [_monitor setObject:keyEntry forKey:key]; - } - else{ - [SafeMessages setObject:obj forKey:key]; - } - }]; - return SafeMessages; -} - -- (void)setObjectsFromDictionary:(NSDictionary *)values -{ - NSUbiquitousKeyValueStore *store = [self cloudStore]; - if (store && values) - { - secnoticeq("dsid", "Ensure DSIDs match"); - NSMutableDictionary *mutableValues = [NSMutableDictionary dictionaryWithCapacity:0]; - - secinfo("backoff","!!writing these keys to KVS!!: %@", values); - [values enumerateKeysAndObjectsUsingBlock: ^(id key, id obj, BOOL *stop) - { - if (obj == NULL || obj == [NSNull null]) - [store removeObjectForKey:key]; - - else if([key isEqualToString: @"^OfficialDSID"]){ - _dsid = obj; - secnotice("dsid", "setting dsid to %@", obj); - } - - else if([key isEqual: @"^Required"]){ - if( [_dsid isEqualToString: @""]){ - secdebug("dsid", "CloudKeychainProxy setting dsid to :%@ from securityd", obj); - _dsid = obj; - } - - else if(![_dsid isEqual: obj]){ - secerror("Account DSIDs do not match, cloud keychain proxy: %@, securityd: %@", _dsid, obj); - secerror("Not going to write these: %@ into KVS!", values); - return; - } - } - else - [ mutableValues setObject:obj forKey:key ]; - - }]; - - secnoticeq("keytrace", "%@ sending: %@", self, [[mutableValues allKeys] componentsJoinedByString: @" "]); - [mutableValues enumerateKeysAndObjectsUsingBlock: ^(id key, id obj, BOOL *stop) - { - if (obj == NULL || obj == [NSNull null]) - [store removeObjectForKey:key]; - - else { - id oldObj = [store objectForKey:key]; - if ([oldObj isEqual: obj]) { - if ([key hasPrefix:@"ak|"]) { // TODO: somewhat of a hack - // Fix KVS repeated message undelivery by sending a NULL first (deafness) - secnoticeq("keytrace", "forcing resend of peer-peer message: %@", key); - [store removeObjectForKey:key]; - } else { - // Resending circle messages is bad - secnoticeq("keytrace", "repeated message: %@ (not peer-peer); not propogated", key); - } - } - [store setObject:obj forKey:key]; - } - }]; - - [self requestSynchronization:NO]; - } - else - secdebug(XPROXYSCOPE, "%@ NULL? store: %@, values: %@", self, store, values); -} - -- (void)requestSynchronization:(bool)force -{ - if (force) - { - secdebug(XPROXYSCOPE, "%@ synchronize (forced)", self); - [[self cloudStore] synchronize]; - } - else - { - secdebug(XPROXYSCOPE, "%@ synchronize (soon)", self); - [[self cloudStore] synchronize]; - } -} - -- (NSUbiquitousKeyValueStore *)cloudStore -{ - NSUbiquitousKeyValueStore *iCloudStore = [NSUbiquitousKeyValueStore defaultStore]; - if (!iCloudStore) { - secerror("%s %@ NO NSUbiquitousKeyValueStore defaultStore", kWAIT2MINID, self); - } - return iCloudStore; -} - -/* - Only call out to syncdefaultsd once every 5 seconds, since parameters can't change that - fast and callers expect synchonicity. - - Since we don't actually get the values for the keys, just store off a timestamp. -*/ - -// try to synchronize asap, and invoke the handler on completion to take incoming changes. - -static bool isResubmitError(NSError* error) { - return error && (CFErrorGetCode((__bridge CFErrorRef) error) == UPDATE_RESUBMIT); // Why don't we check the domain?! -} - -- (BOOL) AttemptSynchronization:(NSError **)failure -{ - - __block NSError *tempFailure = NULL; - int triesRemaining = 10; - - NSUbiquitousKeyValueStore * store = [self cloudStore]; - - dispatch_semaphore_t freshSemaphore = dispatch_semaphore_create(0); - - do { - --triesRemaining; - secnoticeq("fresh", "%s CALLING OUT TO syncdefaultsd SWCH: %@", kWAIT2MINID, self); - - [store synchronizeWithCompletionHandler:^(NSError *error) { - if (error) { - tempFailure = error; - secerrorq("%s RETURNING FROM syncdefaultsd SWCH: %@: %@", kWAIT2MINID, self, error); - } else { - secnoticeq("fresh", "%s RETURNING FROM syncdefaultsd SWCH: %@", kWAIT2MINID, self); - [store synchronize]; // Per olivier in , sync before getting values - secnoticeq("fresh", "%s RETURNING FROM syncdefaultsd SYNC: %@", kWAIT2MINID, self); - } - dispatch_semaphore_signal(freshSemaphore); - }]; - dispatch_semaphore_wait(freshSemaphore, DISPATCH_TIME_FOREVER); - } while (triesRemaining > 0 && isResubmitError(tempFailure)); - - if (isResubmitError(tempFailure)) { - secerrorq("%s Number of retry attempts to request freshness exceeded", kWAIT2MINID); - } - - if (failure && (*failure == NULL)) { - *failure = tempFailure; - } - - return tempFailure == nil; -} - -static void wait_until(dispatch_time_t when) { - static dispatch_once_t once; - static dispatch_semaphore_t never_fires = nil; - dispatch_once(&once, ^{ - never_fires = dispatch_semaphore_create(0); - }); - - dispatch_semaphore_wait(never_fires, when); // Will always timeout. -} - -- (void)waitForSynchronization:(NSArray *)keys handler:(void (^)(NSDictionary *values, NSError *err))handler -{ - if (!keys) - { - NSError *err = [NSError errorWithDomain:(NSString *)NSPOSIXErrorDomain code:(NSInteger)ENOPROTOOPT userInfo:nil]; - secerrorq("%s RETURNING TO securityd: %@ param error; calling handler", kWAIT2MINID, self); - handler(@{}, err); - return; - } - - secnoticeq("fresh", "%s Requesting freshness", kWAIT2MINID); - - dispatch_async(_freshParamsQueue, ^{ - // Hold off (keeping the queue occupied) until we hit the next time we can fresh. - wait_until(_nextFreshnessTime); - - NSError *error = nil; - BOOL success = [self AttemptSynchronization:&error]; - - // Advance the next time can can call freshness. - const uint64_t delayBeforeCallingAgainInSeconds = 5ull * NSEC_PER_SEC; - _nextFreshnessTime = dispatch_time(DISPATCH_TIME_NOW, delayBeforeCallingAgainInSeconds); - - dispatch_async(dispatch_get_main_queue(), ^{ - NSDictionary * freshValues = success ? [self copyValues:[NSSet setWithArray:keys]] : @{}; - handler(freshValues, error); - }); - }); -} - -- (void)removeObjectForKey:(NSString *)keyToRemove -{ - [[self cloudStore] removeObjectForKey:keyToRemove]; -} - -- (void)clearStore -{ - secdebug(XPROXYSCOPE, "%@ clearStore", self); - NSDictionary *dict = [[self cloudStore] dictionaryRepresentation]; - NSArray *allKeys = [dict allKeys]; - NSMutableArray* nullKeys = [NSMutableArray array]; - - _alwaysKeys = [NSMutableSet setWithArray:nullKeys]; - _firstUnlockKeys = [NSMutableSet setWithArray:nullKeys]; - _unlockedKeys = [NSMutableSet setWithArray:nullKeys]; - _keyParameterKeys = @{}; - _circleKeys = @{}; - _messageKeys = @{}; - - [allKeys enumerateObjectsUsingBlock:^(id key, NSUInteger idx, BOOL *stop) - { - secdebug(XPROXYSCOPE, "%@ Clearing value for key %@", self, key); - [[self cloudStore] removeObjectForKey:(NSString *)key]; - }]; - - [self requestSynchronization:YES]; -} - - -// -// MARK: ----- KVS key lists ----- -// - -- (id)get:(id)key -{ - return [[self cloudStore] objectForKey:key]; -} - -- (NSDictionary *)getAll -{ - return [[self cloudStore] dictionaryRepresentation]; -} - -- (NSDictionary*) exportKeyInterests -{ - - return @{ kKeyAlwaysKeys:[_alwaysKeys allObjects], - kKeyFirstUnlockKeys:[_firstUnlockKeys allObjects], - kKeyUnlockedKeys:[_unlockedKeys allObjects], - kMonitorState:_monitor, - kKeyPendingKeys:[_pendingKeys allObjects], - kKeySyncWithPeersPending:[NSNumber numberWithBool:_syncWithPeersPending], - kKeyEnsurePeerRegistration:[NSNumber numberWithBool:_ensurePeerRegistration], - kKeyDSID:_dsid - }; -} - -- (void) importKeyInterests: (NSDictionary*) interests -{ - _alwaysKeys = [NSMutableSet setWithArray: interests[kKeyAlwaysKeys]]; - _firstUnlockKeys = [NSMutableSet setWithArray: interests[kKeyFirstUnlockKeys]]; - _unlockedKeys = [NSMutableSet setWithArray: interests[kKeyUnlockedKeys]]; - - _pendingKeys = [NSMutableSet setWithArray: interests[kKeyPendingKeys]]; - _syncWithPeersPending = [interests[kKeySyncWithPeersPending] boolValue]; - _ensurePeerRegistration = [interests[kKeyEnsurePeerRegistration] boolValue]; - _dsid = interests[kKeyDSID]; - _monitor = interests[kMonitorState]; - if(_monitor == nil) - _monitor = [NSMutableDictionary dictionary]; -} - -- (NSMutableSet *)copyAllKeys -{ - NSMutableSet *allKeys = [NSMutableSet setWithSet: _alwaysKeys]; - [allKeys unionSet: _firstUnlockKeys]; - [allKeys unionSet: _unlockedKeys]; - return allKeys; -} - --(void)registerAtTimeKeys:(NSDictionary*)keyparms -{ - NSArray *alwaysArray = [keyparms valueForKey: kKeyAlwaysKeys]; - NSArray *firstUnlockedKeysArray = [keyparms valueForKey: kKeyFirstUnlockKeys]; - NSArray *whenUnlockedKeysArray = [keyparms valueForKey: kKeyUnlockedKeys]; - - if(alwaysArray) - [_alwaysKeys unionSet: [NSMutableSet setWithArray: alwaysArray]]; - if(firstUnlockedKeysArray) - [_firstUnlockKeys unionSet: [NSMutableSet setWithArray: firstUnlockedKeysArray]]; - if(whenUnlockedKeysArray) - [_unlockedKeys unionSet: [NSMutableSet setWithArray: whenUnlockedKeysArray]]; -} - - -- (void)registerKeys: (NSDictionary*)keys -{ - secdebug(XPROXYSCOPE, "registerKeys: keys: %@", keys); - - NSMutableSet *allOldKeys = [self copyAllKeys]; - - NSDictionary *keyparms = [keys valueForKey: [NSString stringWithUTF8String: kMessageKeyParameter]]; - NSDictionary *circles = [keys valueForKey: [NSString stringWithUTF8String: kMessageCircle]]; - NSDictionary *messages = [keys valueForKey: [NSString stringWithUTF8String: kMessageMessage]]; - - _alwaysKeys = [NSMutableSet set]; - _firstUnlockKeys = [NSMutableSet set]; - _unlockedKeys = [NSMutableSet set]; - - _keyParameterKeys = keyparms; - _circleKeys = circles; - _messageKeys = messages; - - [self registerAtTimeKeys: _keyParameterKeys]; - [self registerAtTimeKeys: _circleKeys]; - [self registerAtTimeKeys: _messageKeys]; - - NSMutableSet *allNewKeys = [self copyAllKeys]; - - // Make sure keys we no longer care about are not pending - [_pendingKeys intersectSet:allNewKeys]; - if (_shadowPendingKeys) { - [_shadowPendingKeys intersectSet:allNewKeys]; - } - - // All new keys only is new keys (remove old keys) - [allNewKeys minusSet:allOldKeys]; - - // Mark new keys pending, they're new! - NSMutableSet *newKeysForCurrentLockState = [self pendKeysAndGetNewlyPended:allNewKeys]; - - [self persistState]; // Before we might call out, save our state so we recover if we crash - - [self intersectWithCurrentLockState: newKeysForCurrentLockState]; - // TODO: Don't processPendingKeysForCurrentLockState if none of the new keys have values. - if ([newKeysForCurrentLockState count] != 0) { - [self processPendingKeysForCurrentLockState]; - } -} - -- (void)saveToUbiquitousStore -{ - [self requestSynchronization:NO]; -} - -// MARK: ----- Event Handling ----- - -- (void)streamEvent:(xpc_object_t)notification -{ -#if (!TARGET_IPHONE_SIMULATOR) - const char *notificationName = xpc_dictionary_get_string(notification, "Notification"); - if (!notificationName) { - } else if (strcmp(notificationName, kUserKeybagStateChangeNotification)==0) { - return [self keybagStateChange]; - } else if (strcmp(notificationName, kCloudKeychainStorechangeChangeNotification)==0) { - return [self kvsStoreChange]; - } else if (strcmp(notificationName, kNotifyTokenForceUpdate)==0) { - // DEBUG -- Possibly remove in future - return [self processAllItems]; - } - const char *eventName = xpc_dictionary_get_string(notification, "XPCEventName"); - char *desc = xpc_copy_description(notification); - secnotice("event", "%@ event: %s name: %s desc: %s", self, eventName, notificationName, desc); - if (desc) - free((void *)desc); -#endif -} - -- (void)iCloudAccountAvailabilityChanged:(NSNotification*)notification -{ - /* - Continuing this example, you’d then implement an iCloudAccountAvailabilityChanged: method that would: - - Call the ubiquityIdentityToken method and store its return value. - Compare the new value to the previous value, to find out if the user logged out of their account or - logged in to a different account. If the previously-used account is now unavailable, save the current - state locally as needed, empty your iCloud-related data caches, and refresh all iCloud-related user interface elements. - */ - id previCloudToken = currentiCloudToken; - currentiCloudToken = [[NSFileManager defaultManager] ubiquityIdentityToken]; - if (previCloudToken != currentiCloudToken) - secnotice("event", "%@ iCloud account changed!", self); - else - secnotice("event", "%@ %@", self, notification); -} - -- (void)cloudChanged:(NSNotification*)notification -{ - /* - Posted when the value of one or more keys in the local key-value store - changed due to incoming data pushed from iCloud. This notification is - sent only upon a change received from iCloud; it is not sent when your - app sets a value. - - The user info dictionary can contain the reason for the notification as - well as a list of which values changed, as follows: - - The value of the NSUbiquitousKeyValueStoreChangeReasonKey key, when - present, indicates why the key-value store changed. Its value is one of - the constants in "Change Reason Values." - - The value of the NSUbiquitousKeyValueStoreChangedKeysKey, when present, - is an array of strings, each the name of a key whose value changed. The - notification object is the NSUbiquitousKeyValueStore object whose contents - changed. - - NSUbiquitousKeyValueStoreInitialSyncChange is only posted if there is any - local value that has been overwritten by a distant value. If there is no - conflict between the local and the distant values when doing the initial - sync (e.g. if the cloud has no data stored or the client has not stored - any data yet), you'll never see that notification. - - NSUbiquitousKeyValueStoreInitialSyncChange implies an initial round trip - with server but initial round trip with server does not imply - NSUbiquitousKeyValueStoreInitialSyncChange. - */ - os_activity_initiate("cloudChanged", OS_ACTIVITY_FLAG_DEFAULT, ^{ - secdebug(XPROXYSCOPE, "%@ cloudChanged notification: %@", self, notification); - - NSDictionary *userInfo = [notification userInfo]; - NSNumber *reason = [userInfo objectForKey:NSUbiquitousKeyValueStoreChangeReasonKey]; - if (reason) switch ([reason integerValue]) { - case NSUbiquitousKeyValueStoreInitialSyncChange: - case NSUbiquitousKeyValueStoreServerChange: - { - _seenKVSStoreChange = YES; - NSSet *keysChangedInCloud = [NSSet setWithArray:[userInfo objectForKey:NSUbiquitousKeyValueStoreChangedKeysKey]]; - - /* We are saying that we want to try processing a key no matter what, - * *if* it has changed in the cloud. */ - [_pendingKeys minusSet:keysChangedInCloud]; - - NSSet *keysOfInterestThatChanged = [self pendKeysAndGetPendingForCurrentLockState:keysChangedInCloud]; - NSMutableDictionary *changedValues = [self copyValues:keysOfInterestThatChanged]; - if ([reason integerValue] == NSUbiquitousKeyValueStoreInitialSyncChange) - changedValues[(__bridge NSString*)kSOSKVSInitialSyncKey] = @"true"; - - secnotice("event", "%@ keysChangedInCloud: %@ keysOfInterest: %@", self, [[keysChangedInCloud allObjects] componentsJoinedByString: @" "], [[changedValues allKeys] componentsJoinedByString: @" "]); - if ([changedValues count]) - [self processKeyChangedEvent:changedValues]; - break; - } - case NSUbiquitousKeyValueStoreQuotaViolationChange: - seccritical("%@ event received NSUbiquitousKeyValueStoreQuotaViolationChange", self); - break; - case NSUbiquitousKeyValueStoreAccountChange: - // The primary account changed. We do not get this for password changes on the same account - secnotice("event", "%@ NSUbiquitousKeyValueStoreAccountChange", self); - NSDictionary *changedValues = nil; - if(_dsid) - changedValues = @{ (__bridge NSString*)kSOSKVSAccountChangedKey: _dsid }; - else - changedValues = @{ (__bridge NSString*)kSOSKVSAccountChangedKey: @"true" }; - - [self processKeyChangedEvent:changedValues]; - break; - } - }); -} - -- (void) doAfterFlush: (dispatch_block_t) block -{ - // Flush any pending communication to Securityd. - - dispatch_async(_calloutQueue, block); -} - -- (void) calloutWith: (void(^)(NSSet *pending, bool syncWithPeersPending, bool ensurePeerRegistration, dispatch_queue_t queue, void(^done)(NSSet *handledKeys, bool handledSyncWithPeers, bool handledEnsurePeerRegistration))) callout -{ - // In CKDKVSProxy's serial queue - - _oldInCallout = YES; - - // dispatch_get_global_queue - well-known global concurrent queue - // dispatch_get_main_queue - default queue that is bound to the main thread - xpc_transaction_begin(); - dispatch_async(_calloutQueue, ^{ - __block NSSet *myPending; - __block bool mySyncWithPeersPending; - __block bool myEnsurePeerRegistration; - __block bool wasLocked; - dispatch_sync(_ckdkvsproxy_queue, ^{ - myPending = [_pendingKeys copy]; - mySyncWithPeersPending = _syncWithPeersPending; - myEnsurePeerRegistration = _ensurePeerRegistration; - wasLocked = _isLocked; - - _inCallout = YES; - if (!_oldInCallout) - secnotice("deaf", ">>>>>>>>>>> _oldInCallout is NO and we're heading in to the callout!"); - - _shadowPendingKeys = [NSMutableSet set]; - _shadowSyncWithPeersPending = NO; - }); - - callout(myPending, mySyncWithPeersPending, myEnsurePeerRegistration, _ckdkvsproxy_queue, ^(NSSet *handledKeys, bool handledSyncWithPeers, bool handledEnsurePeerRegistration) { - secdebug("event", "%@ %s%s before callout handled: %s%s", self, mySyncWithPeersPending ? "S" : "s", myEnsurePeerRegistration ? "E" : "e", handledSyncWithPeers ? "S" : "s", handledEnsurePeerRegistration ? "E" : "e"); - - // In CKDKVSProxy's serial queue - _inCallout = NO; - _oldInCallout = NO; - - // Update ensurePeerRegistration - _ensurePeerRegistration = ((myEnsurePeerRegistration && !handledEnsurePeerRegistration) || _shadowEnsurePeerRegistration); - - _shadowEnsurePeerRegistration = NO; - - if(_ensurePeerRegistration && !_isLocked) - [self doEnsurePeerRegistration]; - - // Update SyncWithPeers stuff. - _syncWithPeersPending = ((mySyncWithPeersPending && (!handledSyncWithPeers)) || _shadowSyncWithPeersPending); - - _shadowSyncWithPeersPending = NO; - if (handledSyncWithPeers) - _lastSyncTime = dispatch_time(DISPATCH_TIME_NOW, 0); - - // Update pendingKeys and handle them - [_pendingKeys minusSet: handledKeys]; - bool hadShadowPendingKeys = [_shadowPendingKeys count]; - // Move away shadownPendingKeys first, because pendKeysAndGetPendingForCurrentLockState - // will look at them. See rdar://problem/20733166. - NSSet *oldShadowPendingKeys = _shadowPendingKeys; - _shadowPendingKeys = nil; - - NSSet *filteredKeys = [self pendKeysAndGetPendingForCurrentLockState:oldShadowPendingKeys]; - - // Write state to disk - [self persistState]; - - // Handle shadow pended stuff - if (_syncWithPeersPending && !_isLocked) - [self scheduleSyncRequestTimer]; - /* We don't want to call processKeyChangedEvent if we failed to - handle pending keys and the device didn't unlock nor receive - any kvs changes while we were in our callout. - Doing so will lead to securityd and CloudKeychainProxy - talking to each other forever in a tight loop if securityd - repeatedly returns an error processing the same message. - Instead we leave any old pending keys until the next event. */ - if (hadShadowPendingKeys || (!_isLocked && wasLocked)) - [self processKeyChangedEvent:[self copyValues:filteredKeys]]; - - xpc_transaction_end(); - }); - }); -} - -- (void) sendKeysCallout: (NSSet *(^)(NSSet* pending, NSError** error)) handleKeys { - [self calloutWith: ^(NSSet *pending, bool syncWithPeersPending, bool ensurePeerRegistration, dispatch_queue_t queue, void(^done)(NSSet *, bool, bool)) { - NSError* error = NULL; - - NSSet * handled = handleKeys(pending, &error); - - dispatch_async(queue, ^{ - if (!handled) { - secerror("%@ ensurePeerRegistration failed: %@", self, error); - } - - done(handled, NO, NO); - }); - }]; -} - -- (void) doEnsurePeerRegistration -{ - [self calloutWith:^(NSSet *pending, bool syncWithPeersPending, bool ensurePeerRegistration, dispatch_queue_t queue, void(^done)(NSSet *, bool, bool)) { - CFErrorRef error = NULL; - bool handledEnsurePeerRegistration = SOSCCProcessEnsurePeerRegistration(&error); - secerror("%@ ensurePeerRegistration called, %@ (%@)", self, handledEnsurePeerRegistration ? @"success" : @"failure", error); - dispatch_async(queue, ^{ - if (!handledEnsurePeerRegistration) { - secerror("%@ ensurePeerRegistration failed: %@", self, error); - } - - done(nil, NO, handledEnsurePeerRegistration); - CFReleaseSafe(error); - }); - }]; -} - -- (void) doSyncWithAllPeers -{ - [self calloutWith:^(NSSet *pending, bool syncWithPeersPending, bool ensurePeerRegistration, dispatch_queue_t queue, void(^done)(NSSet *, bool, bool)) { - CFErrorRef error = NULL; - - SyncWithAllPeersReason reason = SOSCCProcessSyncWithAllPeers(&error); - dispatch_async(queue, ^{ - bool handledSyncWithPeers = NO; - if (reason == kSyncWithAllPeersSuccess) { - handledSyncWithPeers = YES; - secnotice("event", "%@ syncWithAllPeers succeeded", self); - } else if (reason == kSyncWithAllPeersLocked) { - secnotice("event", "%@ syncWithAllPeers attempted while locked - waiting for unlock", self); - handledSyncWithPeers = NO; - [self updateIsLocked]; - } else if (reason == kSyncWithAllPeersOtherFail) { - // Pretend we handled syncWithPeers, by pushing out the _lastSyncTime - // This will cause us to wait for kMinSyncInterval seconds before - // retrying, so we don't spam securityd if sync is failing - secerror("%@ syncWithAllPeers %@, rescheduling timer", self, error); - _lastSyncTime = dispatch_time(DISPATCH_TIME_NOW, 0); - } else { - secerror("%@ syncWithAllPeers %@, unknown reason: %d", self, error, reason); - } - - done(nil, handledSyncWithPeers, false); - CFReleaseSafe(error); - }); - }]; -} - -- (void)timerFired -{ - secnotice("event", "%@ syncWithPeersPending: %d inCallout: %d isLocked: %d", self, _syncWithPeersPending, _inCallout, _isLocked); - _syncTimerScheduled = NO; - if(_ensurePeerRegistration){ - [self doEnsurePeerRegistration]; - } - if (_syncWithPeersPending && !_inCallout && !_isLocked){ - [self doSyncWithAllPeers]; - } -} - -- (dispatch_time_t) nextSyncTime -{ - dispatch_time_t nextSync = dispatch_time(DISPATCH_TIME_NOW, kMinSyncDelay); - - // Don't sync again unless we waited at least kMinSyncInterval - if (_lastSyncTime) { - dispatch_time_t soonest = dispatch_time(_lastSyncTime, kMinSyncInterval); - if (nextSync < soonest || _deadline < soonest) { - secdebug("timer", "%@ backing off", self); - return soonest; - } - } - - // Don't delay more than kMaxSyncDelay after the first request. - if (nextSync > _deadline) { - secdebug("timer", "%@ hit deadline", self); - return _deadline; - } - - // Bump the timer by kMinSyncDelay - if (_syncTimerScheduled) - secdebug("timer", "%@ bumped timer", self); - else - secdebug("timer", "%@ scheduled timer", self); - - return nextSync; -} - -- (void)scheduleSyncRequestTimer -{ - dispatch_source_set_timer(_syncTimer, [self nextSyncTime], DISPATCH_TIME_FOREVER, kSyncTimerLeeway); - _syncTimerScheduled = YES; -} - -- (void)requestSyncWithAllPeers // secd calling SOSCCSyncWithAllPeers invokes this -{ -#if !defined(NDEBUG) - NSString *desc = [self description]; -#endif - - if (!_syncWithPeersPending || (_inCallout && !_shadowSyncWithPeersPending)) - _deadline = dispatch_time(DISPATCH_TIME_NOW, kMaxSyncDelay); - - if (!_syncWithPeersPending) { - _syncWithPeersPending = YES; - [self persistState]; - } - - if (_inCallout) - _shadowSyncWithPeersPending = YES; - else if (!_isLocked) - [self scheduleSyncRequestTimer]; - - secdebug("event", "%@ %@", desc, self); -} - -- (void)requestEnsurePeerRegistration // secd calling SOSCCSyncWithAllPeers invokes this -{ -#if !defined(NDEBUG) - NSString *desc = [self description]; -#endif - - if (_inCallout) { - _shadowEnsurePeerRegistration = YES; - } else { - _ensurePeerRegistration = YES; - if (!_isLocked){ - [self doEnsurePeerRegistration]; - } - [self persistState]; - } - - secdebug("event", "%@ %@", desc, self); -} - - -- (BOOL) updateUnlockedSinceBoot -{ - CFErrorRef aksError = NULL; - if (!SecAKSGetHasBeenUnlocked(&_unlockedSinceBoot, &aksError)) { - secerror("%@ Got error from SecAKSGetHasBeenUnlocked: %@", self, aksError); - CFReleaseSafe(aksError); - return NO; - } - return YES; -} - -- (BOOL) updateIsLocked -{ - CFErrorRef aksError = NULL; - if (!SecAKSGetIsLocked(&_isLocked, &aksError)) { - secerror("%@ Got error querying lock state: %@", self, aksError); - CFReleaseSafe(aksError); - return NO; - } - if (!_isLocked) - _unlockedSinceBoot = YES; - return YES; -} - -- (void) keybagStateChange -{ - os_activity_initiate("keybagStateChanged", OS_ACTIVITY_FLAG_DEFAULT, ^{ - BOOL wasLocked = _isLocked; - if ([self updateIsLocked]) { - if (wasLocked == _isLocked) - secdebug("event", "%@ still %s ignoring", self, _isLocked ? "locked" : "unlocked"); - else if (_isLocked) - [self keybagDidLock]; - else - [self keybagDidUnlock]; - } - }); -} - -- (void) keybagDidLock -{ - secnotice("event", "%@", self); -} - -- (void) keybagDidUnlock -{ - secnotice("event", "%@", self); - if (_ensurePeerRegistration) { - [self doEnsurePeerRegistration]; - } - - // First send changed keys to securityd so it can proccess updates - [self processPendingKeysForCurrentLockState]; - - // Then, tickle securityd to perform a sync if needed. - if (_syncWithPeersPending && !_syncTimerScheduled) { - [self doSyncWithAllPeers]; - } -} - -- (void) kvsStoreChange { - os_activity_initiate("kvsStoreChange", OS_ACTIVITY_FLAG_DEFAULT, ^{ - if (!_seenKVSStoreChange) { - _seenKVSStoreChange = YES; // Only do this once - secnotice("event", "%@ received darwin notification before first NSNotification", self); - // TODO This might not be needed if we always get the NSNotification - // deleived even if we were launched due to a kvsStoreChange - // Send all keys for current lock state to securityd so it can proccess them - [self pendKeysAndGetNewlyPended: [self copyAllKeys]]; - [self processPendingKeysForCurrentLockState]; - } else { - secdebug("event", "%@ ignored, waiting for NSNotification", self); - } - }); -} - -// -// MARK: ----- Key Filtering ----- -// - -- (NSSet*) keysForCurrentLockState -{ - secdebug("filtering", "%@ Filtering: unlockedSinceBoot: %d\n unlocked: %d\n, keysOfInterest: <%@>", self, (int) _unlockedSinceBoot, (int) !_isLocked, [SOSPersistentState dictionaryDescription: [self exportKeyInterests]]); - - NSMutableSet *currentStateKeys = [NSMutableSet setWithSet: _alwaysKeys]; - if (_unlockedSinceBoot) - [currentStateKeys unionSet: _firstUnlockKeys]; - - if (!_isLocked) - [currentStateKeys unionSet: _unlockedKeys]; - - return currentStateKeys; -} - -- (NSMutableSet*) pendKeysAndGetNewlyPended: (NSSet*) keysToPend -{ - NSMutableSet *newlyPendedKeys = [keysToPend mutableCopy]; - [newlyPendedKeys minusSet: _pendingKeys]; - if (_shadowPendingKeys) { - [newlyPendedKeys minusSet: _shadowPendingKeys]; - } - - [_pendingKeys unionSet:keysToPend]; - if (_shadowPendingKeys) { - [_shadowPendingKeys unionSet:keysToPend]; - } - - return newlyPendedKeys; -} - -- (void) intersectWithCurrentLockState: (NSMutableSet*) set -{ - [set intersectSet: [self keysForCurrentLockState]]; -} - -- (NSMutableSet*) pendingKeysForCurrentLockState -{ - NSMutableSet * result = [_pendingKeys mutableCopy]; - [self intersectWithCurrentLockState:result]; - return result; -} - -- (NSMutableSet*) pendKeysAndGetPendingForCurrentLockState: (NSSet*) startingSet -{ - [self pendKeysAndGetNewlyPended: startingSet]; - - return [self pendingKeysForCurrentLockState]; -} - -- (NSMutableDictionary *)copyValues:(NSSet*)keysOfInterest -{ - // Grab values from KVS. - NSUbiquitousKeyValueStore *store = [self cloudStore]; - NSMutableDictionary *changedValues = [NSMutableDictionary dictionaryWithCapacity:0]; - [keysOfInterest enumerateObjectsUsingBlock:^(id obj, BOOL *stop) - { - NSString* key = (NSString*) obj; - id objval = [store objectForKey:key]; - if (!objval) objval = [NSNull null]; - - [changedValues setObject:objval forKey:key]; - secdebug(XPROXYSCOPE, "%@ storeChanged updated value for %@", self, key); - }]; - return changedValues; -} - -/* - During RegisterKeys, separate keys-of-interest into three disjoint sets: - - keys that we always want to be notified about; this means we can get the - value at any time - - keys that require the device to have been unlocked at least once - - keys that require the device to be unlocked now - - Typically, the sets of keys will be: - - - Dk: alwaysKeys - - Ck: firstUnlock - - Ak: unlocked - - The caller is responsible for making sure that the keys in e.g. alwaysKeys are - values that can be handled at any time (that is, not when unlocked) - - Each time we get a notification from ubiquity that keys have changed, we need to - see if anything of interest changed. If we don't care, then done. - - For each key-of-interest that changed, we either notify the client that things - changed, or add it to a pendingNotifications list. If the notification to the - client fails, also add it to the pendingNotifications list. This pending list - should be written to persistent storage and consulted any time we either get an - item changed notification, or get a stream event signalling a change in lock state. - - We can notify the client either through XPC if a connection is set up, or call a - routine in securityd to launch it. - - */ - -- (void)processKeyChangedEvent:(NSDictionary *)changedValues -{ - NSMutableDictionary* filtered = [NSMutableDictionary dictionary]; - - NSMutableArray* nullKeys = [NSMutableArray array]; - // Remove nulls because we don't want them in securityd. - [changedValues enumerateKeysAndObjectsUsingBlock:^(id key, id obj, BOOL *stop) { - if (obj == [NSNull null]) - [nullKeys addObject:key]; - else{ - filtered[key] = obj; - } - }]; - if ([nullKeys count]) - [_pendingKeys minusSet: [NSSet setWithArray: nullKeys]]; - - if([filtered count] != 0 ){ - [self sendKeysCallout:^NSSet *(NSSet *pending, NSError** error) { - CFErrorRef cf_error = NULL; - NSArray* handledMessage = (__bridge_transfer NSArray*) _SecKeychainSyncUpdateMessage((__bridge CFDictionaryRef)filtered, &cf_error); - NSError *updateError = (__bridge_transfer NSError*)cf_error; - if (error) - *error = updateError; - - secnoticeq("keytrace", "%@ misc handled: %@ null: %@ pending: %@", self, - [handledMessage componentsJoinedByString: @" "], - [nullKeys componentsJoinedByString: @" "], - [[_pendingKeys allObjects] componentsJoinedByString: @" "]); - - return handledMessage ? [NSSet setWithArray: handledMessage] : nil; - }]; - } else { - secnoticeq("keytrace", "%@ null: %@ pending: %@", self, - [nullKeys componentsJoinedByString: @" "], - [[_pendingKeys allObjects] componentsJoinedByString: @" "]); - } -} - -- (void) processPendingKeysForCurrentLockState -{ - [self processKeyChangedEvent: [self copyValues: [self pendingKeysForCurrentLockState]]]; -} - -@end - - diff --git a/OSX/sec/SOSCircle/CloudKeychainProxy/CKDPersistentState.h b/OSX/sec/SOSCircle/CloudKeychainProxy/CKDPersistentState.h deleted file mode 100644 index 22934752..00000000 --- a/OSX/sec/SOSCircle/CloudKeychainProxy/CKDPersistentState.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -// -// SOSPersistentState.h -// ckdxpc -// - -#import - -@interface SOSPersistentState : NSObject -{ -} - -+ (id)read:(NSURL *)path error:(NSError **)error; -+ (BOOL)write:(NSURL *)path data:(id)plist error:(NSError **)error; -+ (NSString *)dictionaryDescription: (NSDictionary *)state; -+ (NSMutableDictionary *)registeredKeys; -+ (void)setRegisteredKeys: (NSDictionary *)keysToRegister; -+ (NSURL *)registrationFileURL; - -@end - diff --git a/OSX/sec/SOSCircle/CloudKeychainProxy/CKDPersistentState.m b/OSX/sec/SOSCircle/CloudKeychainProxy/CKDPersistentState.m deleted file mode 100644 index 9eb1e17c..00000000 --- a/OSX/sec/SOSCircle/CloudKeychainProxy/CKDPersistentState.m +++ /dev/null @@ -1,133 +0,0 @@ -/* - * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -// -// SOSPersistentState.m -// ckdxpc -// - -#import -#import -#import -#import -#import -#import -#import -#import - -#import "CKDPersistentState.h" - -#if ! __has_feature(objc_arc) -#error This file must be compiled with ARC. Either turn on ARC for the project or use -fobjc-arc flag -#endif - -// may want to have this hold incoming events in file as well - -// TODO: Sandbox stuff - -static CFStringRef kRegistrationFileName = CFSTR("com.apple.security.cloudkeychainproxy3.keysToRegister.plist"); - -@implementation SOSPersistentState - -+ (BOOL)write:(NSURL *)path data:(id)plist error:(NSError **)error -{ - if (![NSPropertyListSerialization propertyList: plist isValidForFormat: NSPropertyListXMLFormat_v1_0]) - { - secerror("can't save PersistentState as XML"); - return false; - } - - NSData *data = [NSPropertyListSerialization dataWithPropertyList: plist - format: NSPropertyListXMLFormat_v1_0 options: 0 error: error]; - if (data == nil) - { - secerror("error serializing PersistentState to xml: %@", *error); - return false; - } - - BOOL writeStatus = [data writeToURL: path options: NSDataWritingAtomic error: error]; - if (!writeStatus) - secerror("error writing PersistentState to file: %@", *error); - - return writeStatus; -} - -+ (id)read: (NSURL *)path error:(NSError **)error -{ - NSData *data = [NSData dataWithContentsOfURL: path options: 0 error: error]; - if (data == nil) - { - secdebug("keyregister", "error reading PersistentState from %@: %@", path, *error); - return nil; - } - - // Now the deserializing: - - NSPropertyListFormat format; - id plist = [NSPropertyListSerialization propertyListWithData: data - options: NSPropertyListMutableContainersAndLeaves format: &format error: error]; - - if (plist == nil) - secerror("could not deserialize PersistentState from %@: %@", path, *error); - - return plist; -} - -+ (NSURL *)registrationFileURL -{ - return (NSURL *)CFBridgingRelease(SecCopyURLForFileInPreferencesDirectory(kRegistrationFileName)); -} - -+ (NSString *)dictionaryDescription: (NSDictionary *)state -{ - NSMutableArray *elements = [NSMutableArray array]; - [state enumerateKeysAndObjectsUsingBlock: ^(NSString *key, id obj, BOOL *stop) { - [elements addObject: [key stringByAppendingString: @":"]]; - if ([obj isKindOfClass:[NSArray class]]) { - [elements addObject: [(NSArray *)obj componentsJoinedByString: @" "]]; - } else { - [elements addObject: [NSString stringWithFormat:@"%@", obj]]; - } - }]; - return [elements componentsJoinedByString: @" "]; -} - -+ (NSMutableDictionary *)registeredKeys -{ - NSError *error = NULL; - id stateDictionary = [SOSPersistentState read:[[self class] registrationFileURL] error:&error]; - secdebug("keyregister", "Read registeredKeys: <%@>", [self dictionaryDescription: stateDictionary]); - // Ignore older states with an NSArray - if (![stateDictionary isKindOfClass:[NSDictionary class]]) - return NULL; - return [NSMutableDictionary dictionaryWithDictionary:stateDictionary]; -} - -+ (void)setRegisteredKeys: (NSDictionary *)keysToRegister -{ - NSError *error = NULL; - secdebug("keyregister", "Write registeredKeys: <%@>", [self dictionaryDescription: keysToRegister]); - [SOSPersistentState write:[[self class] registrationFileURL] data:keysToRegister error:&error]; -} - -@end diff --git a/OSX/sec/SOSCircle/CloudKeychainProxy/ckdmain.m b/OSX/sec/SOSCircle/CloudKeychainProxy/ckdmain.m deleted file mode 100644 index 3871a9c1..00000000 --- a/OSX/sec/SOSCircle/CloudKeychainProxy/ckdmain.m +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -// -// main.m -// ckd-xpc -// -// - -/* - This XPC service is essentially just a proxy to iCloud KVS, which exists since - the main security code cannot link against Foundation. - - See sendTSARequestWithXPC in tsaSupport.c for how to call the service - - send message to app with xpc_connection_send_message - - For now, build this with: - - ~rc/bin/buildit . --rootsDirectory=/var/tmp -noverify -offline -target CloudKeychainProxy - - and install or upgrade with: - - darwinup install /var/tmp/sec.roots/sec~dst - darwinup upgrade /var/tmp/sec.roots/sec~dst - - You must use darwinup during development to update system caches -*/ - -//------------------------------------------------------------------------------------------------ - -#include -#include -#include - -extern int ckdproxymain(int argc, const char *argv[]); - -int main(int argc, const char *argv[]) -{ - // TODO: Remove log before ship - asl_log(NULL, NULL, ASL_LEVEL_NOTICE, "start"); - return ckdproxymain(argc, argv); -} diff --git a/OSX/sec/SOSCircle/CloudKeychainProxy/cloudkeychainproxy.m b/OSX/sec/SOSCircle/CloudKeychainProxy/cloudkeychainproxy.m deleted file mode 100644 index 5d9aa25d..00000000 --- a/OSX/sec/SOSCircle/CloudKeychainProxy/cloudkeychainproxy.m +++ /dev/null @@ -1,453 +0,0 @@ -/* - * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -// -// main.m -// ckd-xpc -// -// - -/* - This XPC service is essentially just a proxy to iCloud KVS, which exists since - the main security code cannot link against Foundation. - - See sendTSARequestWithXPC in tsaSupport.c for how to call the service - - send message to app with xpc_connection_send_message - - For now, build this with: - - ~rc/bin/buildit . --rootsDirectory=/var/tmp -noverify -offline -target CloudKeychainProxy - - and install or upgrade with: - - darwinup install /var/tmp/sec.roots/sec~dst - darwinup upgrade /var/tmp/sec.roots/sec~dst - - You must use darwinup during development to update system caches -*/ - -//------------------------------------------------------------------------------------------------ - -#include - -#import -#import -#import -#import -#import -#import -#import -#import -#import -#include -#include - -#import "CKDKVSProxy.h" - -void finalize_connection(void *not_used); -void handle_connection_event(const xpc_connection_t peer); -static void cloudkeychainproxy_peer_dictionary_handler(const xpc_connection_t peer, xpc_object_t event); - -static bool operation_put_dictionary(xpc_object_t event); -static bool operation_get_v2(xpc_object_t event); - -int ckdproxymain(int argc, const char *argv[]); - -#define PROXYXPCSCOPE "xpcproxy" - -static void describeXPCObject(char *prefix, xpc_object_t object) -{ -//#ifndef NDEBUG - // This is useful for debugging. - if (object) - { - char *desc = xpc_copy_description(object); - secdebug(PROXYXPCSCOPE, "%s%s\n", prefix, desc); - free(desc); - } - else - secdebug(PROXYXPCSCOPE, "%s\n", prefix); - -//#endif -} - -static void cloudkeychainproxy_peer_dictionary_handler(const xpc_connection_t peer, xpc_object_t event) -{ - bool result = false; - int err = 0; - - require_action_string(xpc_get_type(event) == XPC_TYPE_DICTIONARY, xit, err = -51, "expected XPC_TYPE_DICTIONARY"); - - const char *operation = xpc_dictionary_get_string(event, kMessageKeyOperation); - require_action(operation, xit, result = false); - - // Check protocol version - uint64_t version = xpc_dictionary_get_uint64(event, kMessageKeyVersion); - secdebug(PROXYXPCSCOPE, "Reply version: %lld\n", version); - require_action(version == kCKDXPCVersion, xit, result = false); - - // Operations - secdebug(PROXYXPCSCOPE, "Handling %s operation", operation); - - - if (operation && !strcmp(operation, kOperationPUTDictionary)) - { - operation_put_dictionary(event); - } - else if (operation && !strcmp(operation, kOperationGETv2)) - { - operation_get_v2(event); - } - else if (operation && !strcmp(operation, kOperationClearStore)) - { - [[UbiqitousKVSProxy sharedKVSProxy] clearStore]; - xpc_object_t replyMessage = xpc_dictionary_create_reply(event); - if (replyMessage) // Caller wanted an ACK, so give one - { - xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK"); - xpc_connection_send_message(peer, replyMessage); - } - } - else if (operation && !strcmp(operation, kOperationRemoveObjectForKey)) - { - const char *keyToRemove = xpc_dictionary_get_string(event, kMessageKeyKey); - [[UbiqitousKVSProxy sharedKVSProxy] removeObjectForKey:[NSString stringWithCString:keyToRemove encoding:NSUTF8StringEncoding]]; - xpc_object_t replyMessage = xpc_dictionary_create_reply(event); - if (replyMessage) // Caller wanted an ACK, so give one - { - xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK"); - xpc_connection_send_message(peer, replyMessage); - } - } - else if (operation && !strcmp(operation, kOperationSynchronize)) - { - [[UbiqitousKVSProxy sharedKVSProxy] requestSynchronization:YES]; - xpc_object_t replyMessage = xpc_dictionary_create_reply(event); - if (replyMessage) // Caller wanted an ACK, so give one - { - xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK"); - xpc_connection_send_message(peer, replyMessage); - } - } - else if (operation && !strcmp(operation, kOperationSynchronizeAndWait)) - { - xpc_object_t xkeysToGetDict = xpc_dictionary_get_value(event, kMessageKeyValue); - xpc_object_t replyMessage = xpc_dictionary_create_reply(event); - xpc_object_t xkeys = xpc_dictionary_get_value(xkeysToGetDict, kMessageKeyKeysToGet); - NSArray *keysToGet = (__bridge_transfer NSArray *)(_CFXPCCreateCFObjectFromXPCObject(xkeys)); - secnotice(XPROXYSCOPE, "%s XPC request: %s", kWAIT2MINID, kOperationSynchronizeAndWait); - - [[UbiqitousKVSProxy sharedKVSProxy] waitForSynchronization:keysToGet - handler:^(NSDictionary *values, NSError *err) { - if (replyMessage) // Caller wanted an ACK, so give one - { - secnotice(PROXYXPCSCOPE, "%s Result from [[UbiqitousKVSProxy sharedKVSProxy] waitForSynchronization:]: %@", kWAIT2MINID, err); - xpc_object_t xobject = values ? _CFXPCCreateXPCObjectFromCFObject((__bridge CFTypeRef)(values)) : xpc_null_create(); - xpc_dictionary_set_value(replyMessage, kMessageKeyValue, xobject); - if (err) - { - xpc_object_t xerrobj = SecCreateXPCObjectWithCFError((__bridge CFErrorRef)(err)); - xpc_dictionary_set_value(replyMessage, kMessageKeyError, xerrobj); - } - xpc_connection_send_message(peer, replyMessage); - } - else { - secerror("%s XPC request: %s - No replyMessage: %@", kWAIT2MINID, kOperationSynchronizeAndWait, err); - } - }]; - } - else if (operation && !strcmp(operation, kOperationRegisterKeys)) - { - xpc_object_t xkeysToRegisterDict = xpc_dictionary_get_value(event, kMessageKeyValue); - // describeXPCObject("xkeysToRegister: ", xkeysToRegisterDict); - - // KTR = keysToRegister - xpc_object_t xKTRallkeys = xpc_dictionary_get_value(xkeysToRegisterDict, kMessageAllKeys); - - NSDictionary *KTRallkeys = (__bridge_transfer NSDictionary *)(_CFXPCCreateCFObjectFromXPCObject(xKTRallkeys)); - - [[UbiqitousKVSProxy sharedKVSProxy] registerKeys: KTRallkeys]; - - xpc_object_t replyMessage = xpc_dictionary_create_reply(event); - xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK"); - xpc_connection_send_message(peer, replyMessage); - - secdebug(PROXYXPCSCOPE, "RegisterKeys message sent"); - } - else if (operation && !strcmp(operation, kOperationRequestSyncWithAllPeers)) - { - [[UbiqitousKVSProxy sharedKVSProxy] requestSyncWithAllPeers]; - xpc_object_t replyMessage = xpc_dictionary_create_reply(event); - if (replyMessage) // Caller wanted an ACK, so give one - { - xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK"); - xpc_connection_send_message(peer, replyMessage); - } - secdebug(PROXYXPCSCOPE, "RequestSyncWithAllPeers reply sent"); - } - else if (operation && !strcmp(operation, kOperationRequestEnsurePeerRegistration)) - { - [[UbiqitousKVSProxy sharedKVSProxy] requestEnsurePeerRegistration]; - xpc_object_t replyMessage = xpc_dictionary_create_reply(event); - if (replyMessage) // Caller wanted an ACK, so give one - { - xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK"); - xpc_connection_send_message(peer, replyMessage); - } - secdebug(PROXYXPCSCOPE, "RequestEnsurePeerRegistration reply sent"); - } - else if (operation && !strcmp(operation, kOperationFlush)) - { - [[UbiqitousKVSProxy sharedKVSProxy] doAfterFlush:^{ - xpc_object_t replyMessage = xpc_dictionary_create_reply(event); - if (replyMessage) // Caller wanted an ACK, so give one - { - xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK"); - xpc_connection_send_message(peer, replyMessage); - } - secdebug(PROXYXPCSCOPE, "flush reply sent"); - }]; - } - else - { - char *description = xpc_copy_description(event); - secdebug(PROXYXPCSCOPE, "Unknown op=%s request from pid %d: %s", operation, xpc_connection_get_pid(peer), description); - free(description); - } - result = true; -xit: - if (!result) - describeXPCObject("handle_operation fail: ", event); -} - -void finalize_connection(void *not_used) -{ - secdebug(PROXYXPCSCOPE, "finalize_connection"); - [[UbiqitousKVSProxy sharedKVSProxy] requestSynchronization:YES]; - xpc_transaction_end(); -} - -static bool operation_put_dictionary(xpc_object_t event) -{ - // PUT a set of objects into the KVS store. Return false if error - - describeXPCObject("operation_put_dictionary event: ", event); - xpc_object_t xvalue = xpc_dictionary_get_value(event, kMessageKeyValue); - if (!xvalue) - return false; - - CFTypeRef cfvalue = _CFXPCCreateCFObjectFromXPCObject(xvalue); - if (cfvalue && (CFGetTypeID(cfvalue)==CFDictionaryGetTypeID())) - { - [[UbiqitousKVSProxy sharedKVSProxy] recordWriteToKVS:(__bridge NSDictionary *)cfvalue]; - NSDictionary *safeValues = [[UbiqitousKVSProxy sharedKVSProxy] recordHaltedValuesAndReturnValuesToSafelyWrite:(__bridge NSDictionary *)cfvalue]; - if([safeValues count] !=0){ - [[UbiqitousKVSProxy sharedKVSProxy] setObjectsFromDictionary:safeValues]; - } - CFReleaseSafe(cfvalue); - return true; - } - else{ - describeXPCObject("operation_put_dictionary unable to convert to CF: ", xvalue); - CFReleaseSafe(cfvalue); - } - return false; -} - -static bool operation_get_v2(xpc_object_t event) -{ - // GET a set of objects from the KVS store. Return false if error - describeXPCObject("operation_get_v2 event: ", event); - xpc_connection_t peer = xpc_dictionary_get_remote_connection(event); - describeXPCObject("operation_get_v2: peer: ", peer); - - xpc_object_t replyMessage = xpc_dictionary_create_reply(event); - if (!replyMessage) - { - secdebug(PROXYXPCSCOPE, "can't create replyMessage"); - assert(true); //must have a reply handler - return false; - } - xpc_object_t returnedValues = xpc_dictionary_create(NULL, NULL, 0); - if (!returnedValues) - { - secdebug(PROXYXPCSCOPE, "can't create returnedValues"); - assert(true); // must have a spot for the returned values - return false; - } - - xpc_object_t xvalue = xpc_dictionary_get_value(event, kMessageKeyValue); - if (!xvalue) - { - secdebug(PROXYXPCSCOPE, "missing \"value\" key"); - return false; - } - - xpc_object_t xkeystoget = xpc_dictionary_get_value(xvalue, kMessageKeyKeysToGet); - if (xkeystoget) - { - secdebug(PROXYXPCSCOPE, "got xkeystoget"); - CFTypeRef keystoget = _CFXPCCreateCFObjectFromXPCObject(xkeystoget); - if (!keystoget || (CFGetTypeID(keystoget)!=CFArrayGetTypeID())) // not "getAll", this is an error of some kind - { - secdebug(PROXYXPCSCOPE, "can't convert keystoget or is not an array"); - CFReleaseSafe(keystoget); - return false; - } - - [(__bridge NSArray *)keystoget enumerateObjectsUsingBlock: ^ (id obj, NSUInteger idx, BOOL *stop) - { - NSString *key = (NSString *)obj; - id object = [[UbiqitousKVSProxy sharedKVSProxy] get:key]; - secdebug(PROXYXPCSCOPE, "[UbiqitousKVSProxy sharedKVSProxy] get: key: %@, object: %@", key, object); - xpc_object_t xobject = object ? _CFXPCCreateXPCObjectFromCFObject((__bridge CFTypeRef)object) : xpc_null_create(); - xpc_dictionary_set_value(returnedValues, [key UTF8String], xobject); - describeXPCObject("operation_get_v2: value from kvs: ", xobject); - }]; - } - else // get all values from kvs - { - secdebug(PROXYXPCSCOPE, "get all values from kvs"); - NSDictionary *all = [[UbiqitousKVSProxy sharedKVSProxy] getAll]; - [all enumerateKeysAndObjectsUsingBlock: ^ (id key, id obj, BOOL *stop) - { - xpc_object_t xobject = obj ? _CFXPCCreateXPCObjectFromCFObject((__bridge CFTypeRef)obj) : xpc_null_create(); - xpc_dictionary_set_value(returnedValues, [(NSString *)key UTF8String], xobject); - }]; - } - - xpc_dictionary_set_uint64(replyMessage, kMessageKeyVersion, kCKDXPCVersion); - xpc_dictionary_set_value(replyMessage, kMessageKeyValue, returnedValues); - xpc_connection_send_message(peer, replyMessage); - - return true; -} - -static void initializeProxyObjectWithConnection(const xpc_connection_t connection) -{ - [[UbiqitousKVSProxy sharedKVSProxy] setItemsChangedBlock:^CFArrayRef(CFDictionaryRef values) - { - secdebug(PROXYXPCSCOPE, "UbiqitousKVSProxy called back"); - xpc_object_t xobj = _CFXPCCreateXPCObjectFromCFObject(values); - xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0); - xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion); - xpc_dictionary_set_string(message, kMessageKeyOperation, kMessageOperationItemChanged); - xpc_dictionary_set_value(message, kMessageKeyValue, xobj?xobj:xpc_null_create()); - xpc_connection_send_message(connection, message); // Send message; don't wait for a reply - return NULL; - }]; -} - -static void cloudkeychainproxy_peer_event_handler(xpc_connection_t peer, xpc_object_t event) -{ - describeXPCObject("peer: ", peer); - xpc_type_t type = xpc_get_type(event); - if (type == XPC_TYPE_ERROR) { - if (event == XPC_ERROR_CONNECTION_INVALID) { - // The client process on the other end of the connection has either - // crashed or cancelled the connection. After receiving this error, - // the connection is in an invalid state, and you do not need to - // call xpc_connection_cancel(). Just tear down any associated state - // here. - } else if (event == XPC_ERROR_TERMINATION_IMMINENT) { - // Handle per-connection termination cleanup. - } - } else { - assert(type == XPC_TYPE_DICTIONARY); - // Handle the message. - // describeXPCObject("dictionary:", event); - dispatch_async(dispatch_get_main_queue(), ^{ - cloudkeychainproxy_peer_dictionary_handler(peer, event); - }); - } -} - -static void cloudkeychainproxy_event_handler(xpc_connection_t peer) -{ - // By defaults, new connections will target the default dispatch - // concurrent queue. - - if (xpc_get_type(peer) != XPC_TYPE_CONNECTION) - { - secdebug(PROXYXPCSCOPE, "expected XPC_TYPE_CONNECTION"); - return; - } - initializeProxyObjectWithConnection(peer); - xpc_connection_set_event_handler(peer, ^(xpc_object_t event) - { - cloudkeychainproxy_peer_event_handler(peer, event); - }); - - // This will tell the connection to begin listening for events. If you - // have some other initialization that must be done asynchronously, then - // you can defer this call until after that initialization is done. - xpc_connection_resume(peer); -} - -static void diagnostics(int argc, const char *argv[]) -{ - @autoreleasepool - { - NSDictionary *all = [[UbiqitousKVSProxy sharedKVSProxy] getAll]; - NSLog(@"All: %@",all); - } -} - -int ckdproxymain(int argc, const char *argv[]) -{ - secdebug(PROXYXPCSCOPE, "Starting CloudKeychainProxy"); - char *wait4debugger = getenv("WAIT4DEBUGGER"); - - if (wait4debugger && !strcasecmp("YES", wait4debugger)) - { - syslog(LOG_ERR, "Waiting for debugger"); - kill(getpid(), SIGTSTP); - } - - if (argc > 1) { - diagnostics(argc, argv); - return 0; - } - - // DISPATCH_TARGET_QUEUE_DEFAULT - xpc_connection_t listener = xpc_connection_create_mach_service(xpcServiceName, NULL, XPC_CONNECTION_MACH_SERVICE_LISTENER); - xpc_connection_set_event_handler(listener, ^(xpc_object_t object){ cloudkeychainproxy_event_handler(object); }); - - [UbiqitousKVSProxy sharedKVSProxy]; - - // It looks to me like there is insufficient locking to allow a request to come in on the XPC connection while doing the initial all items. - // Therefore I'm leaving the XPC connection suspended until that has time to process. - xpc_connection_resume(listener); - - @autoreleasepool - { - secdebug(PROXYXPCSCOPE, "Starting mainRunLoop"); - NSRunLoop *runLoop = [NSRunLoop mainRunLoop]; - [runLoop run]; - } - - secdebug(PROXYXPCSCOPE, "Exiting CloudKeychainProxy"); - - return EXIT_FAILURE; -} diff --git a/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/PhoneTerms2.applescript b/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/PhoneTerms2.applescript deleted file mode 100644 index 79ecbefa..00000000 --- a/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/PhoneTerms2.applescript +++ /dev/null @@ -1,126 +0,0 @@ -global verticalPos -global needVerticalAdjust -global desiredInitialVerticalOffset - -on makenewTab given theme:themeName - tell application "Terminal" - activate - tell application "System Events" to keystroke "t" using command down - repeat while contents of selected tab of front window starts with linefeed - delay 0.01 - end repeat - set current settings of selected tab of front window to first settings set whose name is themeName - end tell -end makenewTab - -on newPhoneTerm for phoneColor by phonePort - set horizontalOffset to 50 - set height to 180 - set width to 1800 - tell application "Terminal" - activate - if phoneColor is equal to "Red" then - set currentTheme to "Red Sands" - else if phoneColor is equal to "Green" then - set currentTheme to "Grass" - else if phoneColor is equal to "Beige" then - set currentTheme to "Novel" - else if phoneColor is equal to "Black" then - set currentTheme to "Pro" - else if phoneColor is equal to "Cyan" then - set currentTheme to "Cyan" - else if phoneColor is equal to "Orange" then - set currentTheme to "Orange" - else if phoneColor is equal to "Beige" then - set currentTheme to "Novel" - else - set currentTheme to "Ocean" - end if - - -- make a new window with the execution of a trivial command - do script "clear" - - -- load up the window id of the window we just created - -- set window_id to id of first window whose frontmost is true - set targetWindow to front window - -- Put it on the right hand screen first - set position of targetWindow to {horizontalOffset, 0} - set position of targetWindow to {horizontalOffset, verticalPos} - set size of targetWindow to {width, height} - set position of targetWindow to {horizontalOffset, verticalPos} - set pos to position of targetWindow - if needVerticalAdjust and ((item 2 of pos) is not equal to verticalPos) then - set needVerticalAdjust to false - set verticalPos to (item 2 of pos) + desiredInitialVerticalOffset - set position of targetWindow to {horizontalOffset, verticalPos} - end if - set verticalPos to verticalPos + height + 15 - - set current settings of selected tab of targetWindow to first settings set whose name is currentTheme - - - -- make tabs 2, 3, 4, 5 - repeat with i from 1 to 4 - makenewTab of me given theme:currentTheme - end repeat - - -- for each of the five tabs we've now made - repeat with i from 1 to 5 - - -- build the command, then execute it - if i is less than 5 then - set myuser to "root" - else - set myuser to "mobile" - end if - if (i = 1) then - set shcmd to "syslog -w" - else if (i = 2) then - set shcmd to "ls -1t /var/mobile/Library/Logs/CrashReporter/DiagnosticLogs/security.log.\\*Z \\| head -1 \\| xargs tail -100000F" - else if (i = 3) then - set shcmd to "ls -1t /var/mobile/Library/Logs/CrashReporter/DiagnosticLogs/security.log.\\*Z \\| head -1 \\| xargs tail -100000F \\| egrep \"'(event|keytrace|peer|coder|engine){}|'\"" - else if (i = 4) then - set shcmd to "security item -q class=inet,sync=1 \\| grep acct \\| tail -3" - else if (i = 5) then - set shcmd to "" - -- for c in inet genp keys; do for t in "" ,tomb=1; do security item class=$c,sync=1$t; done; done | grep agrp | wc -l - else - set shcmd to "" - end if - set custom title of tab i of targetWindow to phoneColor & " " & myuser & " " & phonePort - set cmd to "~/bin/sshauser " & "--retry " & phonePort & " " & myuser & " " & shcmd - do script cmd in tab i of targetWindow - - end repeat - - end tell - - -end newPhoneTerm - --- --- main code --- - -set desiredInitialVerticalOffset to 10 -set verticalPos to -10000 -set needVerticalAdjust to true - -newPhoneTerm of me for "Red" by 11022 -newPhoneTerm of me for "Blue" by 12022 --- newPhoneTerm of me for "Green" by 12022 --- newPhoneTerm of me for "Cyan" by 13022 --- newPhoneTerm of me for "Orange" by 15022 --- newPhoneTerm of me for "Beige" by 16022 --- newPhoneTerm of me for "Black" by 21022 - --- # Config file for ssh --- #UDID 79003b34516ba80b620e3d947e7da96e033bed48 johnsrediphone 10022 --- #UDID 96476595e5d0ef7496e8ff852aedf4725647960b johnsblueiphone 11022 --- #UDID b674745cb6d2a1616a065cddae7207f91980e95d johnsgreentouch 12022 --- #UDID a489e67286bc2a509ef74cda67fc6696e2e1a192 johnscyanmini 13022 --- #UDID df86edbd280fd986f1cfae1517e65acbac7188cd johnsyellowmini 14022 --- #UDID 16d4c2e0a63083ec16e3f2ed4f21755b12deb900 johnsorangemini 15022 --- #UDID 8b2aa30e1ead1c7c303c363216bfe44f1cb21ce6 johnsbeigeipad 16022 --- #UDID f80b8fbf11ca6b8d692f10e9ea29dea1e57fcbdf johnswhiteipad 17022 - diff --git a/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/PhoneTerms2.scpt b/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/PhoneTerms2.scpt deleted file mode 100644 index 7450706940b6a82244a479786169cc35cc066786..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 13258 zcmeHNcYM@Uwm;`LA;RyMJ1`+ zcS$8Vsa?JNRUCAt5L4MJcsh|r5)uP04Ht>1GE#hHvoYH zY@Q@5KT`)!vebP9xwVn%SR%F}6RBuU&xuqxs6zSFfdcXqx$>ijSBDYQE>jh&jp?W^ zak8}{g{ZLf}fm)WWM~U)!UO(W~(1a9u*h>i*z0xK*qs$hl146002oP zqJ#V(-^+Kd{6O7@*T&P)NHnuNQD0Lday*HgOPXf+p2(5!0H`CLP82c#7>R*jSK666 z8vxs7kh;jXvG6|O}F=up=nI^hk}EkxbWeI}o} zfFIvbclp}IE6-gLiPRYC?zh0`velKX)ZUBDtV~aj)>h`r*Ghb6zk&;@dvv58{6%}q zivL!SjxA422yWjS1Q#HYls6)6Z-}o+=m`ufH$5PAV(O4Ri0w11> zx&Oe|kfxvS(eWUpnF}1OKC>DA{9wBlv2xHOX*ig2~vNIFq;}E zO&N+&Ern?^Ek`PWe42(+gzE6uk#@z{Gm(o@+jP#DFaWk*Z|WmkT-kzp8C!1vIipzn?=7FxKo=m- zjjo6%3=Q-#>jf%43&>~02BX+c`cZ%R)Rj+BwI;Eo(m`v72FWJ|L^vs6Qw%$>2Msm= z&S>;rOyg+?4K)DHC@4fR?I|Bqp$h;!>QYM#75bx%q*3xwKt9sZhLSUm0yLV&(J&fr z0PN^vXfN69%4RgJgLN_xx3yiRw2yq~$%k#)E<=NTrT{}Kq7eqb_Be^A$p@}{pvXki zVBQG7-gsz9F_jnqTWj<#&VIDNYzoLGVn;qv zaTfUHIx9wXq*46z|A6gK^7d}HegRAkJ4hl+IS&jYc>T2TANG6_4q)Vx}vr=k> ze$ZNgIj{^VSP8WO5vuvO?L)togA_H7QPgS(T@IS8LO#&klSUhWfHECF*(mSIJ1iSP zj=Zbj9km~$@rV=en9?L*^Sys(xfQ(=Q_^RoV?CvRF0!FCf()+AHp+Vn(C=VO)y1bv_6?ObIxjqn_H}4q5Q!OJ037Qs z@C=$j6AggxF7R}k$-wsm@&GP3foE$0(5r58xAH!~Nbmj+X zzG8S-hzEKU>)f(l@^Bt%Pq z*#zX`w3NU>bw8F;l>xAH?SWM$PRk5{r3TIJP10_dPRsi8q%i~Jf+kB7(B<)aRvZ28CGk&{FRQU6BsW{-Q!__O2fJ}3P-}Q zq+vKXl}UYNs=}CQ;n>Ppv|iVeaB>N%WK!|v@kmWLnyjsjBr4H6HV`K$RVRk%MDR2W ziAJC$F{C1R5=gDUdxc$NDk0ydT*msF3bk$woQi=X_2?sxS_zaTp`(5;8Av1!8O70O z4a%bUR%=Isy>RF_;BgY2YyhmC98VMFFLa7L>EhLWcofcfWilOY>0|nPpi_M5jE6x! zHAtr_9jArpG)O0kaa1}fN1jwho{Z;oT5SL<%O}C(c|snSKeIfc+35n1*5_>$w+0mzRvQvk>~MB<*_ooNeHp1ZmiEht32| zYv^19&`i@~bRM10@|eqgcu6Xm$kZlL z98W{1>SO31igdoxc0q_PfHHIdCNYakOIj8~1(ezh=nglgeY%z)mukemWeZikD%95A z!cZtoZ75d;%A;jUYaDOwF$L;j2+svB7t%!rz#5E6SjjG?OALVB5U5Z5C|&9TH2Jib z`f4hSEAZgbhQDnb_L70{2_q=Z|mguhSvGtX3$J|I3N%6dPjb* zw&{wTlYb3eYv>x^c`v6q@{lVJft)~?qhjCr^WpW?$f!k9?$i3g8{Hq&I9Xjq?-(Y-44xzFm9$>41lBCp?S1W?xkB@ zfTr!xtv+#w(E_jB0L#}5W#kUIU2bE!Ls@#eg4>j@cjLK-?lk~*ernBI={~xj z@xuJP4;#@gzM04QS2|o$7#pLrlE;b>ck`q6e@KZE3+XFaZ^IdX!)v8m5tW zd><`L(71ci`aycg0JNJACC$JpJuJ7-@97V6v!RF88Z*|I)p8U4ksk5zYWpP4pbF+E z>FShEkHF`?ksg&BJiJ;R$UW+F@nqQd>pi)C2U5(J8wl>~E!1uVG4>M%$k~~*f>z4< zfUH*q`h#Dzl8%z=0&*SYvD~a|eF)EE^d|#g1+a$J$hC5ftYf)Wd4G+9bz1XJc>YX} z8vrW+t$8&)K~FMX5Wo}IQ4bF5)*}{)RyEoACGq94uocLP*dQbmSb1wBm5tW$NfpXp zLi87S!)m#buu!^Cs$-)^HLdNr+CM$$QA^e&G_~r38cP$XuS>5k&y{ND9tX;QrKb#l z72X;?fS#7C=oxxet~B(tzY|%@lju2zo-E|IkA@3$`!I!E@!zynXp#D<;sZ{ z@cfNlGys+pTJth`iC$*Bz=@aONA?R>)W>VEL}0CJ^dt&3lW24|V&QlO-9Ry4Rvx?( zqF1ny2}2d@L1j(j3g9~qty}@Cr2Y!04n#|*LOBzsj6*M?=l`Hr4S?Mdt;Kx(JG~~C z((48ZXMd>dTG-Hk&>IH8dS*8tdFZ-q757^IEb>!uKG0%vtatFZiu8G1L@^M#&V*t%zW6+C#4-Zuc22OHR- z59mYMOdlB}Ah>q0R`<}ya)F$0=wmgoWJ^AwPYr$IcfNt{lJh({FUOTnedJ)YaP+J?w;9iu^pydys6T@FxK+-Pvkh(aQP+~M=^F!J1^Ng~%UPbBl|%g- zADc(%F*!3JaClhGQPj`Y0lvcXEq!MI?7H;?rpNd6g8{HKJb_8HElAsxh95)pBeFHt zY!1V|MtzJT%tAPmc(;%eax);W3Y6=&2Afx!(@0IUrFtl<+v7U$B88sxxTXl_0_q4a z#d_oWFmYIf8J1hxQav4Yq}654px5ERMSC4i3$1xyh;2g{9+r-&V}&6qn;jBq>xhE z2wRWzU~D;$LCHQiN=o5RwP`&1>T5VJC*M;%Ii;0+VHO7N#Nd=mpU@Y)iySA% z8s5d{l9qJgu7j5yLliOv{3iqLS_-bm~5L#~~_ z_tSQL@fU`M=&rIB_E6~@Lw{OpS%37{)Q@Um%XApCG2CKit36LyjJ13P z`ciGKaijqXAV=u}`jIc?pV{Gl+~06NU&=o-@qi!?Q05E_@j#U_f?7>c>lL1?XeDKO zA5tE~dl>eEQn07H@n9ZecrZB?(76D2;-Oq<7;z>)ALL;?-0-lbyvs#A!r*kj@q2qN z<`RQlkB+MLS(baUe0zs?Tw;;uJeZe}K}J+)1CI)^?nlCg;j3#$?O|)`J*jWyy%?By zohq<8hW8Bep4xPDh)4TP3;m|BA(HVV)8@InVT9Zgm~r^=7#?eQjNP_zSKd|9uB3I_ z7SGfe9&77?CtZ0jE;YQD?oEk9+*MM%w<{^F2`}F8-u~FTa2Gk!lOuDJyVU>Ci9=H7 zN!^Zie!K@Hv=5InypI(*_vDd0p7%98-sgBv@OwYr-|&7-`68ac6Ae#j$`9p9JlVi` zw-V|J`A*@fh7k@>iT30HJdF=9Jgq6;j}PSO21gB+wLQ5v&j|7iW$nxm&qOfxSa=rd zT_&uDp?*mOK8DT>>`Dwz_Z#-+zC0_)v$SDZh|3Vc8iqezzI2Id(5l!Is&JvglJq3G z9SKeKI~~A#aCwl+wbO$_e2_2b$$mFbTuFG6_=S#4^qUUl;e2qA5l+~^vqL=FZweP* zF@O$BttYiDXNTc^?MGD$sqv(Sb{ate-_PW65X&5%Yj}=5XXH^lL8^HkAL2^&_Rbl3 zoOFUVUQ@O+Z4`X>RiFp#+fy(7em98_0p727cG`vvlzrz!GqC}-aA}mob zOjLIyq6P_mw};JQ^RD_C%Ws_ET_8sU2HP!_NpuKh1mus{b{q*l+Dq|Q=a)R7nce_;6kRA6|2D8pibiZAw+VJ6R% z`EsZn!h#bemO~XBqRN2ir9-gAd;~`fA7QK8SvpVV${ZG4Hes2oU=C_B0%lynQNtBl zlWon}a;;GH`05xT^vzD9B6I zqEv;r3iqh|LlxfzX>_?AMm>)6GJ`{>=JCs9mds=+)1hZ6n5pA0!&A+e_0?Jvy~Fa% zkm+(D%M7hFT>;L39o8vX%LxM;-Q4E^oa8!|0~FIFOzj{Iz!{k)ScNkF!5}V9$rP?<_zF|3eQGB?kSLL1TN6~4LA`+^NYMo4V~uL|+1rhs%luSBa!e3VRdWfEH1 zFg_pUx5}e-G9e%nh6eLxqVjv1f~m^%G@hgR7{iUhHkUf{v9iDHXBa^>J>W!%?90b7 zHU|6dkPbNYddP_wdp;izjK=c`e4;Dko9Q^g$Ebh|pA_Vil#Y`_d@@=zN1^liM6?{o zr^r68jBBQ)F`9)NeX@5z_8$FYzU-r9?5|)yr3K+YK9x^1j9qrqq$uUnc{NL^D$wbw zKyB(zEWWf+fl8VcXtm;ZMu^XV0{OAN|BCuFMxR?LPzeqntOA_|WY6TY44;`pb}v4g z&tch1kv)66$ks%n)xNfmX-4)OMRrYy*Zd}A8$-&ikR8*6>{&qeTt3h6xjAIV^7(uL z%UDJBd>p^*(e~7AW^GAsZeF0+UKrvF5s>~ZbMs%BtE_Eg?s>rXBEH!0MLB%O@FjdH z%NWJ?lI`Q$%-xdWX6_;iwt+7T@nyde-+$$AiM1zI84!Hq%XzKg%N1YWNRF00WfaS3 zRqs6&z%6%pEuJg*O2b#=YL1i=DP|d|l}Z%gW}w3ertwvReauz4nnf~PhOrcBrQr&O zp{9(`vuF(3u@mA4xU&~U6OImz2X5&y9B7;2{x}6AzCqs5%9$Xm=KQaZ7|972dm4#6+T>u9G=vIn)7K{Al9XhiX($?14;%0zy8us`g+pe zI=eV)*W1mW^lS4@V7~NK(yjvw`gqc(&3c`9J%w;LF^n5GU8T3|F1@6u>?XTP58RyW zF5UQg=_HHp_phm%hvib5^*^tkwi#}hlrEuY4>&6!Q zRU*`>aLU|{LB2*MxeJv_XW5x=;2S06A-kjdY@Jn_IAoGe(vfd+r4#Ve)z6cT+u3aA z^G#?H6e9($1kps7K2J=WJFk2xP}$!AMf1d!4$@wBl6+|=d7gON83>iz?9-DDmb|ua zae30-)@VCS?#WI~I}T6sTkZHfY1eWa=Lzl&Hf`KG@r^W;7fFE1aK~&u0>v>L3mu6= z)KzqufgrGhd(mDf?q~TlR(^roH~Y1waMa;uw<4uG(2!v7 z{?5*PfUocCHsVrS`%RPYnoon*y{GB-HQj672b%s+)1h^nHT{vM+kHIwt};6h>=c-M zciHD#YL;JTb-!##ghJIt5!!h{ggRqtTsyWHUv?>sP?y3fm`pvYBh^F5I7fqVgOEKRO0{20TJpq;FQVE9wW8mCr3J$DF?wb3XeO-<^ zw`RAvS-k__mc2K8vwz$RtHifCd>huQ6yNUf?MNJ*{oKiZjuk44+we~I3!SjHD7cl{ zXFubH?5EjJvL9zZ;*+wQ-Rx%&tQrb8t9R3N{s*$33=IadxM%KVKiYxe31l~qelnEZ mLc0up=iQB)-YcMXWrN@OVB?3H>PV4vG(`yUY/dev/null 2>&1 & - - (( sshport = $port_offset + 22 )) - - echo "Copying roots to device (via port $sshport)" - scp -P $sshport $sshopts $roots $syms $srcs root@localhost:/var/mobile/ - - echo "SSH to device and do commands" - ssh $sshopts -p $sshport root@localhost << END -/bin/hostname -/sbin/mount -uw / -mkdir -p /var/mobile/syms -mkdir -p /var/mobile/srcs -rm -rf /var/mobile/syms/* -rm -rf /var/mobile/srcs/* -/usr/local/bin/darwinup install "/var/mobile/`basename $roots`" | grep -v '^ /' -/usr/local/bin/darwinup uninstall superseded > /dev/null 2>&1 || true -touch /System/Library/Caches/com.apple.xpcd/xpcd_cache.dylib -/usr/local/bin/mobile_install rebuild internal -/bin/launchctl stop com.apple.securityd -/bin/launchctl stop com.apple.security.cloudkeychainproxy3 -/bin/launchctl stop com.apple.security.CircleJoinRequest -tar -xzvf "/var/mobile/`basename $syms`" -C /var/mobile/syms >/dev/null -tar -xzvf "/var/mobile/`basename $srcs`" -C /var/mobile/srcs >/dev/null -END - - kill -HUP %% -done - -echo "in lldb: settings set target.source-map ""$mysrcdir"" /var/mobile/srcs/" -echo "in lldb: add-dsym /var/mobile/syms/securityd.dSYM" - diff --git a/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/kcstatus b/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/kcstatus deleted file mode 100644 index 475e6e2e..00000000 --- a/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/kcstatus +++ /dev/null @@ -1,6 +0,0 @@ -#/bin/sh - -security item -q class=inet,sync=1 | grep acct | tail -3 -security item -q class=genp,sync=1 | grep acct | tail -3 -security item -q class=genp,sync=1 2>/dev/null | grep agrp > tmpkccount && security item -q class=inet,sync=1 2>/dev/null | grep agrp >> tmpkccount && echo "Syncable items: "`wc -l tmpkccount | awk '{print $1}'` - diff --git a/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/sosbuildroot b/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/sosbuildroot deleted file mode 100755 index 9ee0d614..00000000 --- a/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/sosbuildroot +++ /dev/null @@ -1 +0,0 @@ -#!/bin/zsh -e diff --git a/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/soscopy b/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/soscopy deleted file mode 100755 index 7e9b0d65..00000000 --- a/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/soscopy +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/zsh - -echo "10873 12873 15873" - -for port in "$@" -do - echo "Copying roots to port: $item" - RSYNC_PASSWORD=alpine rsync -av /tmp/security.roots.tgz rsync://root@localhost:$port/root/var/mobile/ - RSYNC_PASSWORD=alpine rsync -av /tmp/security.syms.tgz rsync://root@localhost:$port/root/var/mobile/ - RSYNC_PASSWORD=alpine rsync -av ~/bin/sosinstallroot rsync://root@localhost:$port/root/usr/local/bin/sosinstallroot - RSYNC_PASSWORD=alpine rsync -av /tmp/SyncedDefaults.roots.tgz rsync://root@localhost:$port/root/var/mobile/ -done - diff --git a/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/soscopysshkeys b/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/soscopysshkeys deleted file mode 100755 index 9f555e92..00000000 --- a/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/soscopysshkeys +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/zsh - -echo 'Copying ssh keys to devices' - -sshopts=(-o CheckHostIP=no -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes -o UserKnownHostsFile=/dev/null) - -locations=(`mobdev list | awk '/UDID/ { gsub(/^(.*location ID = )+|(,.*)+$/, ""); print}'`) - -port_offset=20000 - -mkdir -p /var/tmp/roothome/.ssh/ -cat ~/.ssh/id_*.pub > /var/tmp/roothome/.ssh/authorized_keys - -for location in $locations -do - echo 'Copying to location '"$location" - - tcprelay --portoffset $port_offset --locationid $location ssh --quiet & - - (( sshport = $port_offset + 22 )) - - echo "Copying file to device (via port $sshport)" - scp -r -P $sshport $sshopts /var/tmp/roothome/.ssh root@localhost:/var/root/ - - kill -HUP %% -done diff --git a/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/sosinstallroot b/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/sosinstallroot deleted file mode 100644 index b2315946..00000000 --- a/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/sosinstallroot +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh - -# This script should be run as root on the target device - -if [ $(id -u) != "0" ]; then - echo "You must be root to run this script" >&2 - exit 1 -fi - -echo "-----------------------------------------------" -echo "Tell launchctl to unload the old one" -launchctl unload -w /System/Library/LaunchDaemons/com.apple.security.cloudkeychainproxy.plist - -echo "call darwinup install" -darwinup install /var/mobile/security.roots.tgz - -/usr/local/bin/darwinup uninstall superseded > /dev/null 2>&1 || true - -echo "Untar sym files" -symdir="/var/mobile/secsyms" -if [ ! -d "$symdir" ]; then - mkdir $symdir -fi -echo "Untar sym files to " $symdir -tar -xzvf /var/mobile/security.syms.tgz -C $symdir -echo "To use, enter e.g. in gdb: add-dsym /var/mobile/secsyms/SecurityTests.app.dSYM" - -echo "touch cache" -touch /System/Library/Caches/com.apple.xpcd/xpcd_cache.dylib - -echo "Killing off old CloudKeychainProxy..." -killall -9 CloudKeychainProxy || true - -echo "Tell launchctl to load the new one" -launchctl load -w /System/Library/LaunchDaemons/com.apple.security.cloudkeychainproxy.plist -echo "done" - -echo "Kill the old SyncTest" -killall -9 SyncTest2 || true - -echo "Rebuild mobile app cache" -/usr/local/bin/mobile_install rebuild internal || true diff --git a/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/sosreset b/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/sosreset deleted file mode 100644 index 8737324c..00000000 --- a/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/sosreset +++ /dev/null @@ -1,10 +0,0 @@ -#/bin/sh - -killall SyncTest2; killall -9 securityd; killall CloudKeychainProxy; rm /Library/Keychains/PersistedAccount.plist -rm /tmp/com.apple.security.cloudkeychain.keysToRegister.plist - -/AppleInternal/Applications/SecurityTests.app/SecurityTests sc_kvstool -v -- --clear - -killall SyncTest2; killall -9 securityd; killall CloudKeychainProxy; rm /Library/Keychains/PersistedAccount.plist -rm /tmp/com.apple.security.cloudkeychain.keysToRegister.plist - diff --git a/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/tweak b/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/tweak deleted file mode 100755 index bdd6cb5d..00000000 --- a/OSX/sec/SOSCircle/CloudKeychainProxy/scripts/tweak +++ /dev/null @@ -1,131 +0,0 @@ -#!/bin/sh - -generateCreditCards=0 -generateAutofill=0 -helpme=0 -generateConflict=0 -clearAllItems=0 - -usage() { - echo 'Usage: Generate random credit card entries (-c) or autofill (-a). Both can be specified. x will generate a conflict item, K to clear all' - exit 2 -} - -args=`getopt cahxK $*` -test $? -eq 0 || usage -set -- $args -for i -do - case "$i" - in - -c) - generateCreditCards=1; - shift;; - -a) - generateAutofill=1; - shift;; - -x) - generateConflict=1; - shift;; - -K) - clearAllItems=1; - shift;; - -h) - helpme=1 - shift; break;; - --) - shift; break;; - esac -done - -test "$helpme" -ne 0 && usage - -if [ $generateCreditCards -eq 0 -a $generateAutofill -eq 0 -a $generateConflict -eq 0 ] -then - generateCreditCards=1 -fi - -# end of option processing - -# Set expiration date -exp=`date "+%Y-%m-%dT%H:%M:%SZ"` - -# Make up a credit card number -amexcc=`echo $((RANDOM%372711122299888+372711122299111))` -visacc=`echo $((RANDOM%4888123456789888+4888123456789111))` -mccc=`echo $((RANDOM%5523123456789888+5523123456789111))` -cclist=($amexcc $visacc $mccc) - -idx=`echo $((RANDOM%3+0))` - -cctypes=("American Express" "Visa" "Master Card") -ccnumber=${cclist[idx]} - -ccholders=("Sam" "Ella" "Alice" "Bob" "Mallory" "Eve") -cardholderName=${ccholders[$RANDOM % ${#ccholders[@]} ]} -cardholderName=`hostname | head -c 18` -cardholderShortName=`hostname | head -c 8` - -cardnamestring="$cardholderShortName""’s ""${cctypes[idx]}" - -cat < ccdata.plist - - - - - CardNameUIString - $cardnamestring - CardNumber - $ccnumber - CardholderName - $cardholderName - ExpirationDate - $exp - - -EOF - -plutil -convert binary1 -o ccdata.bin ccdata.plist - -# debug output -cat ccdata.plist - -uid=`uuidgen` - -# Create a random credit card item in the keychain - -if [ $generateCreditCards -ne 0 ] -then - security item -v -a -f ccdata.bin class=genp,sync=1,acct="$uid",agrp="com.apple.safari.credit-cards",icmt="This keychain item is used by Safari to automatically fill credit card information in web forms.",type=7477,pdmn=ak,svce="SafariCreditCardEntries",labl="Safari Credit Card Entry: $cardnamestring" - if [ "$?" -ne "0" ]; then - echo "credit card item add failed; is the device locked? " - fi -fi - -if [ $generateAutofill -ne 0 ] -then - `echo $((RANDOM%9999)) > tweakpw` - email=${ccholders[$RANDOM % ${#ccholders[@]} ]} - security item -v -a -f tweakpw class=inet,acct="$email@gmail.com",agrp="com.apple.cfnetwork",atyp=form,desc="Web form password",labl="accounts.google.com ($email@gmail.com)",pdmn=ak,port=0,ptcl=htps,srvr=accounts.google.com,type=7477,sync=1 - if [ "$?" -ne "0" ]; then - echo "autofill item add failed; is the device locked? " - fi -fi - -if [ $generateConflict -ne 0 ] -then - `echo "1234" > tweakpw` - email="conflict" - security item -v -a -f tweakpw class=inet,acct="$email@gmail.com",agrp="com.apple.cfnetwork",atyp=form,desc="Web form password",labl="accounts.google.com ($email@gmail.com)",pdmn=ak,port=0,ptcl=htps,srvr=accounts.google.com,type=7477,sync=1 - if [ "$?" -ne "0" ]; then - echo "conflict item add failed; is the device locked? " - fi -fi - -if [ $clearAllItems -ne 0 ] -then - echo "Deleting all tweak inet and genp items" - security item -D class=genp,type=7477,sync=1,pdmn=ak,svce="SafariCreditCardEntries" - security item -D class=inet,type=7477,ptcl=htps,srvr=accounts.google.com,sync=1 -fi - diff --git a/OSX/sec/SOSCircle/Regressions/CKDSimulatedAccount.h b/OSX/sec/SOSCircle/Regressions/CKDSimulatedAccount.h new file mode 100644 index 00000000..86e1e972 --- /dev/null +++ b/OSX/sec/SOSCircle/Regressions/CKDSimulatedAccount.h @@ -0,0 +1,32 @@ +// +// CKDSimulatedAccount.m +// Security +// + +#import "CKDAccount.h" + +#import + +@interface CKDSimulatedAccount : NSObject + +@property (readwrite) NSMutableSet* keysToNotHandle; +@property (readwrite) NSMutableSet* peersToNotSyncWith; +@property (readwrite) NSMutableSet* backupPeersToNotSyncWith; +@property (readwrite) NSError* peerRegistrationFailureReason; + ++ (instancetype) account; +- (instancetype) init; + +- (NSSet*) keysChanged: (NSDictionary*) keyValues error: (NSError**) error; +- (bool) ensurePeerRegistration: (NSError**) error; + +- (NSSet*) syncWithPeers: (NSSet*) peerIDs backups: (NSSet*) backupPeerIDs error: (NSError**) error; +- (bool) syncWithAllPeers: (NSError**) error; + +- (NSDictionary*) extractKeyChanges; +- (NSSet*) extractPeerChanges; +- (NSSet*) extractBackupPeerChanges; + +- (BOOL) extractRegistrationEnsured; + +@end diff --git a/OSX/sec/SOSCircle/Regressions/CKDSimulatedAccount.m b/OSX/sec/SOSCircle/Regressions/CKDSimulatedAccount.m new file mode 100644 index 00000000..311c75e9 --- /dev/null +++ b/OSX/sec/SOSCircle/Regressions/CKDSimulatedAccount.m @@ -0,0 +1,109 @@ +// +// CKDSimulatedAccount+CKDSimulatedAccount.m +// Security +// + +#import "CKDSimulatedAccount.h" + +#import + +@interface CKDSimulatedAccount () +@property (readwrite) NSMutableDictionary* keyChanges; +@property (readwrite) NSMutableSet* peerChanges; +@property (readwrite) NSMutableSet* backupPeerChanges; +@property (readwrite) BOOL peerRegistrationEnsured; +@end + +@implementation CKDSimulatedAccount + ++ (instancetype) account { + return [[CKDSimulatedAccount alloc] init]; +} +- (instancetype) init { + self = [super init]; + if (self) { + self.keysToNotHandle = [NSMutableSet set]; + self.keyChanges = [NSMutableDictionary dictionary]; + + self.peerChanges = [NSMutableSet set]; + self.peersToNotSyncWith = [NSMutableSet set]; + + self.backupPeerChanges = [NSMutableSet set]; + self.backupPeersToNotSyncWith = [NSMutableSet set]; + + self.peerRegistrationEnsured = NO; + } + return self; +} + +- (NSSet*) keysChanged: (NSDictionary*) keyValues + error: (NSError**) error { + + NSMutableSet* result = [NSMutableSet set]; + + [keyValues enumerateKeysAndObjectsUsingBlock:^(NSString * _Nonnull key, NSObject * _Nonnull obj, BOOL * _Nonnull stop) { + if (![self.keysToNotHandle containsObject:key]) { + [self.keyChanges setObject:obj forKey:key]; + [result addObject:key]; + } + }]; + + return result; +} + +- (bool) ensurePeerRegistration: (NSError**) error { + if (self.peerRegistrationFailureReason == nil) { + self.peerRegistrationEnsured = YES; + return true; + } else { + if (error) { + *error = self.peerRegistrationFailureReason; + } + return false; + } +} + +- (NSSet*) syncWithPeers: (NSSet*) peerIDs + backups: (NSSet*) backupPeerIDs + error: (NSError**) error { + NSMutableSet* peerIDsToTake = [peerIDs mutableCopy]; + [peerIDsToTake minusSet:self.peersToNotSyncWith]; + [self.peerChanges unionSet: peerIDsToTake]; + + NSMutableSet* backupPeerIDsToTake = [NSMutableSet setWithSet: backupPeerIDs]; + [backupPeerIDsToTake minusSet:self.backupPeersToNotSyncWith]; + [self.backupPeerChanges unionSet: backupPeerIDsToTake]; + + // Calculate what we took. + [peerIDsToTake unionSet:backupPeerIDsToTake]; + return peerIDsToTake; +} + +- (bool) syncWithAllPeers: (NSError**) error { + return true; +} + +- (NSDictionary*) extractKeyChanges { + NSDictionary* result = self.keyChanges; + self.keyChanges = [NSMutableDictionary dictionary]; + return result; +} + +- (NSSet*) extractPeerChanges { + NSSet* result = self.peerChanges; + self.peerChanges = [NSMutableSet set]; + return result; +} +- (NSSet*) extractBackupPeerChanges { + NSSet* result = self.backupPeerChanges; + self.backupPeerChanges = [NSMutableSet set]; + return result; +} + +- (BOOL) extractRegistrationEnsured { + BOOL result = self.peerRegistrationEnsured; + self.peerRegistrationEnsured = NO; + return result; +} + +@end diff --git a/OSX/sec/SOSCircle/Regressions/SOSRegressionUtilities.c b/OSX/sec/SOSCircle/Regressions/SOSRegressionUtilities.c index 6b72c558..75a6892d 100644 --- a/OSX/sec/SOSCircle/Regressions/SOSRegressionUtilities.c +++ b/OSX/sec/SOSCircle/Regressions/SOSRegressionUtilities.c @@ -216,7 +216,6 @@ CFTypeRef testGetObjectsFromCloud(CFArrayRef keysToGet, dispatch_queue_t process if (error) { secerror("SOSCloudKeychainGetObjectsFromCloud returned error: %@", error); - // CFRelease(*error); } dispatch_group_leave(dgroup); secnotice("test", "SOSCloudKeychainGetObjectsFromCloud block exit: %@", object); diff --git a/OSX/sec/SOSCircle/Regressions/SOSTestDataSource.c b/OSX/sec/SOSCircle/Regressions/SOSTestDataSource.c index beb83e15..79a61542 100644 --- a/OSX/sec/SOSCircle/Regressions/SOSTestDataSource.c +++ b/OSX/sec/SOSCircle/Regressions/SOSTestDataSource.c @@ -150,6 +150,10 @@ static CFDataRef copyDigest(SOSObjectRef object, CFErrorRef *error) { return digest; } +static CFDateRef copyModDate(SOSObjectRef object, CFErrorRef *error) { + return CFRetainSafe(asDate(CFDictionaryGetValue((CFDictionaryRef) object, kSecAttrModificationDate), NULL)); +} + static CFDataRef copyPrimaryKey(SOSObjectRef object, CFErrorRef *error) { CFMutableDictionaryRef ocopy = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); CFTypeRef pkNames[] = { @@ -314,7 +318,7 @@ static bool dsReadWith(SOSDataSourceRef ds, CFErrorRef *error, SOSDataSourceTran return true; } -static bool dsSetStateWithKey(SOSDataSourceRef ds, SOSTransactionRef txn, CFStringRef pdmn, CFStringRef key, CFDataRef state, CFErrorRef *error) { +static bool dsSetStateWithKey(SOSDataSourceRef ds, SOSTransactionRef txn, CFStringRef key, CFStringRef pdmn, CFDataRef state, CFErrorRef *error) { SOSTestDataSourceRef tds = (SOSTestDataSourceRef)ds; CFStringRef dbkey = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("%@-%@"), pdmn, key); CFDictionarySetValue(tds->statedb, dbkey, state); @@ -354,6 +358,7 @@ SOSDataSourceRef SOSTestDataSourceCreate(void) { ds->ds.dsRestoreObject = dsRestoreObject; ds->ds.objectCopyDigest = copyDigest; + ds->ds.objectCopyModDate = copyModDate; ds->ds.objectCreateWithPropertyList = createWithPropertyList; ds->ds.objectCopyPropertyList = copyPropertyList; ds->ds.objectCopyBackup = objectCopyBackup; @@ -508,6 +513,44 @@ SOSObjectRef SOSDataSourceCreateGenericItem(SOSDataSourceRef ds, CFStringRef acc return SOSDataSourceCreateGenericItemWithData(ds, account, service, false, NULL); } +SOSObjectRef SOSDataSourceCreateV0EngineStateWithData(SOSDataSourceRef ds, CFDataRef engineStateData) { + /* + MANGO-iPhone:~ mobile$ security item class=genp,acct=engine-state + acct : engine-state + agrp : com.apple.security.sos + cdat : 2016-04-18 20:40:33 +0000 + mdat : 2016-04-18 20:40:33 +0000 + musr : // + pdmn : dk + svce : SOSDataSource-ak + sync : 0 + tomb : 0 + */ + CFAbsoluteTime timestamp = 3700000; + CFDateRef now = CFDateCreate(kCFAllocatorDefault, timestamp); + CFDictionaryRef item = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, + kSecClass, kSecClassGenericPassword, + kSecAttrSynchronizable, kCFBooleanFalse, + kSecAttrTombstone, kCFBooleanFalse, + kSecAttrAccount, CFSTR("engine-state"), + kSecAttrService, CFSTR("SOSDataSource-ak"), + kSecAttrCreationDate, now, + kSecAttrModificationDate, now, + kSecAttrAccessGroup, CFSTR("com.apple.security.sos"), + kSecAttrAccessible, kSecAttrAccessibleAlwaysPrivate, + engineStateData ? kSecValueData : NULL, engineStateData, + NULL); + CFReleaseSafe(now); + CFErrorRef localError = NULL; + SOSObjectRef object = ds->objectCreateWithPropertyList(item, &localError); + if (!object) { + secerror("createWithPropertyList: %@ failed: %@", item, localError); + CFRelease(localError); + } + CFRelease(item); + return object; +} + SOSObjectRef SOSDataSourceCopyObject(SOSDataSourceRef ds, SOSObjectRef match, CFErrorRef *error) { __block SOSObjectRef result = NULL; diff --git a/OSX/sec/SOSCircle/Regressions/SOSTestDataSource.h b/OSX/sec/SOSCircle/Regressions/SOSTestDataSource.h index 62af20be..6d0cc615 100644 --- a/OSX/sec/SOSCircle/Regressions/SOSTestDataSource.h +++ b/OSX/sec/SOSCircle/Regressions/SOSTestDataSource.h @@ -55,6 +55,7 @@ void SOSTestDataSourceFactorySetDataSource(SOSDataSourceFactoryRef factory, CFSt SOSObjectRef SOSDataSourceCreateGenericItemWithData(SOSDataSourceRef ds, CFStringRef account, CFStringRef service, bool is_tomb, CFDataRef data); SOSObjectRef SOSDataSourceCreateGenericItem(SOSDataSourceRef ds, CFStringRef account, CFStringRef service); +SOSObjectRef SOSDataSourceCreateV0EngineStateWithData(SOSDataSourceRef ds, CFDataRef engineStateData); SOSObjectRef SOSDataSourceCopyObject(SOSDataSourceRef ds, SOSObjectRef match, CFErrorRef *error); diff --git a/OSX/sec/SOSCircle/Regressions/SOSTestDevice.c b/OSX/sec/SOSCircle/Regressions/SOSTestDevice.c index a06f523c..ff8f8b8e 100644 --- a/OSX/sec/SOSCircle/Regressions/SOSTestDevice.c +++ b/OSX/sec/SOSCircle/Regressions/SOSTestDevice.c @@ -149,11 +149,14 @@ SOSTestDeviceRef SOSTestDeviceCreateWithDbNamed(CFAllocatorRef allocator, CFStri return td; } -SOSTestDeviceRef SOSTestDeviceCreateWithTestDataSource(CFAllocatorRef allocator, CFStringRef engineID) { +SOSTestDeviceRef SOSTestDeviceCreateWithTestDataSource(CFAllocatorRef allocator, CFStringRef engineID, + void(^prepop)(SOSDataSourceRef ds)) { setup("create device"); SOSTestDeviceRef td = SOSTestDeviceCreateInternal(allocator, engineID); td->ds = SOSTestDataSourceCreate(); + if (prepop) + prepop(td->ds); CFErrorRef error = NULL; ok(td->ds->engine = SOSEngineCreate(td->ds, &error), "create engine: %@", error); SOSEngineCircleChanged(td->ds->engine, engineID, NULL, NULL); @@ -161,6 +164,7 @@ SOSTestDeviceRef SOSTestDeviceCreateWithTestDataSource(CFAllocatorRef allocator, return td; } + CFSetRef SOSViewsCopyTestV0Default() { const void *values[] = { kSOSViewKeychainV0 }; return CFSetCreate(kCFAllocatorDefault, values, array_size(values), &kCFTypeSetCallBacks); @@ -230,7 +234,23 @@ bool SOSTestDeviceSetEngineState(SOSTestDeviceRef td, CFDataRef derEngineState) return true; } +bool SOSTestDeviceEngineSave(SOSTestDeviceRef td, CFErrorRef *error) { + __block bool rx = false; + if (!SOSDataSourceWithAPI(td->ds, true, error, ^(SOSTransactionRef txn, bool *commit) { + rx = SOSTestEngineSave(td->ds->engine, txn, error); + })) + fail("ds transaction %@", error ? *error : NULL); + return rx; +} +bool SOSTestDeviceEngineLoad(SOSTestDeviceRef td, CFErrorRef *error) { + __block bool rx = false; + if (!SOSDataSourceWithAPI(td->ds, true, error, ^(SOSTransactionRef txn, bool *commit) { + rx = SOSTestEngineLoad(td->ds->engine, txn, error); + })) + fail("ds transaction %@", error ? *error : NULL); + return rx; +} CFDataRef SOSTestDeviceCreateMessage(SOSTestDeviceRef td, CFStringRef peerID) { setup("create message"); @@ -351,14 +371,32 @@ bool SOSTestDeviceAddGenericItems(SOSTestDeviceRef td, CFIndex count, CFStringRe return didAdd; } -CFMutableDictionaryRef SOSTestDeviceListCreate(bool realDb, CFIndex version, CFArrayRef deviceIDs) { +void SOSTestDeviceAddV0EngineStateWithData(SOSDataSourceRef ds, CFDataRef engineStateData) { + __block CFErrorRef error = NULL; + const CFStringRef kSOSEngineState = CFSTR("engine-state"); + + if (!SOSDataSourceWithAPI(ds, true, &error, ^(SOSTransactionRef txn, bool *commit) { + SOSObjectRef object = SOSDataSourceCreateV0EngineStateWithData(ds, engineStateData); + + // Note that state doesn't use SOSDataSourceMergeObject + SOSDataSourceSetStateWithKey(ds, txn, kSOSEngineState, kSecAttrAccessibleAlwaysPrivate, engineStateData, &error); + CFReleaseSafe(object); + CFReleaseNull(error); + })) + fail("ds transaction %@", error); + + CFReleaseNull(error); +} + +CFMutableDictionaryRef SOSTestDeviceListCreate(bool realDb, CFIndex version, CFArrayRef deviceIDs, + void(^prepop)(SOSDataSourceRef ds)) { CFMutableDictionaryRef testDevices = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); CFStringRef deviceID; CFSetRef defaultViews = realDb ? SOSViewsCopyTestV2Default() : SOSViewsCopyTestV0Default(); CFArrayForEachC(deviceIDs, deviceID) { SOSTestDeviceRef device; if (!realDb) { - device = SOSTestDeviceCreateWithTestDataSource(kCFAllocatorDefault, deviceID); + device = SOSTestDeviceCreateWithTestDataSource(kCFAllocatorDefault, deviceID, prepop); } else { device = SOSTestDeviceCreateWithDbNamed(kCFAllocatorDefault, deviceID, deviceID); } @@ -480,7 +518,7 @@ void SOSTestDeviceListTestSync(const char *name, const char *test_directive, con va_start(args, post); // Optionally prefix each peer with name to make them more unique. CFArrayRef deviceIDs = CFArrayCreateForVC(kCFAllocatorDefault, &kCFTypeArrayCallBacks, args); - CFMutableDictionaryRef testDevices = SOSTestDeviceListCreate(use_db, version, deviceIDs); + CFMutableDictionaryRef testDevices = SOSTestDeviceListCreate(use_db, version, deviceIDs, NULL); CFReleaseSafe(deviceIDs); SOSTestDeviceListSync(name, test_directive, test_reason, testDevices, pre, post); SOSTestDeviceListInSync(name, test_directive, test_reason, testDevices); diff --git a/OSX/sec/SOSCircle/Regressions/SOSTestDevice.h b/OSX/sec/SOSCircle/Regressions/SOSTestDevice.h index a5f304ae..33430d95 100644 --- a/OSX/sec/SOSCircle/Regressions/SOSTestDevice.h +++ b/OSX/sec/SOSCircle/Regressions/SOSTestDevice.h @@ -42,7 +42,8 @@ CFStringRef SOSTestDeviceGetID(SOSTestDeviceRef td); void SOSTestDeviceForEachPeerID(SOSTestDeviceRef td, void(^peerBlock)(CFStringRef peerID, bool *stop)); SOSTestDeviceRef SOSTestDeviceCreateWithDb(CFAllocatorRef allocator, CFStringRef engineID, SecDbRef db); SOSTestDeviceRef SOSTestDeviceCreateWithDbNamed(CFAllocatorRef allocator, CFStringRef engineID, CFStringRef dbName); -SOSTestDeviceRef SOSTestDeviceCreateWithTestDataSource(CFAllocatorRef allocator, CFStringRef engineID); +SOSTestDeviceRef SOSTestDeviceCreateWithTestDataSource(CFAllocatorRef allocator, CFStringRef engineID, + void(^prepop)(SOSDataSourceRef ds)); CFSetRef SOSViewsCopyTestV0Default(void); CFSetRef SOSViewsCopyTestV2Default(void); SOSTestDeviceRef SOSTestDeviceSetPeerIDs(SOSTestDeviceRef td, CFArrayRef peerIDs, CFIndex version, CFSetRef defaultViews); @@ -52,6 +53,8 @@ SOSTestDeviceRef SOSTestDeviceSetMute(SOSTestDeviceRef td, bool mute); bool SOSTestDeviceIsMute(SOSTestDeviceRef td); bool SOSTestDeviceSetEngineState(SOSTestDeviceRef td, CFDataRef derEngineState); +bool SOSTestDeviceEngineSave(SOSTestDeviceRef td, CFErrorRef *error); +bool SOSTestDeviceEngineLoad(SOSTestDeviceRef td, CFErrorRef *error); CFDataRef SOSTestDeviceCreateMessage(SOSTestDeviceRef td, CFStringRef peerID); @@ -62,8 +65,10 @@ void SOSTestDeviceAddGenericItemTombstone(SOSTestDeviceRef td, CFStringRef accou void SOSTestDeviceAddGenericItemWithData(SOSTestDeviceRef td, CFStringRef account, CFStringRef server, CFDataRef data); void SOSTestDeviceAddRemoteGenericItem(SOSTestDeviceRef td, CFStringRef account, CFStringRef server); bool SOSTestDeviceAddGenericItems(SOSTestDeviceRef td, CFIndex count, CFStringRef account, CFStringRef server); +void SOSTestDeviceAddV0EngineStateWithData(SOSDataSourceRef ds, CFDataRef engineStateData); -CFMutableDictionaryRef SOSTestDeviceListCreate(bool realDb, CFIndex version, CFArrayRef deviceIDs); +CFMutableDictionaryRef SOSTestDeviceListCreate(bool realDb, CFIndex version, CFArrayRef deviceIDs, + void(^prepop)(SOSDataSourceRef ds)); void SOSTestDeviceListSync(const char *name, const char *test_directive, const char *test_reason, CFMutableDictionaryRef testDevices, bool(^pre)(SOSTestDeviceRef source, SOSTestDeviceRef dest), bool(^post)(SOSTestDeviceRef source, SOSTestDeviceRef dest, SOSMessageRef message)); diff --git a/OSX/sec/SOSCircle/Regressions/secd-210-keyinterest.m b/OSX/sec/SOSCircle/Regressions/secd-210-keyinterest.m new file mode 100644 index 00000000..a3d9989b --- /dev/null +++ b/OSX/sec/SOSCircle/Regressions/secd-210-keyinterest.m @@ -0,0 +1,197 @@ +// +// sc-160-keyinterest.m +// Security +// +// Created by Mitch Adler on 10/31/16. +// +// + +#import + +#include "secd_regressions.h" + +#import "CKDStore.h" +#import "CKDKVSProxy.h" +#import "CKDSimulatedStore.h" +#import "CKDSimulatedAccount.h" +#import "CKDAKSLockMonitor.h" + +#include "SOSCloudKeychainConstants.h" + +@interface CKDSimulatedLockMonitor : NSObject + +@property (readwrite) BOOL unlockedSinceBoot; +@property (readwrite) BOOL locked; + +@property (weak) NSObject* listener; + ++ (instancetype) monitor; + +- (instancetype) init; + +- (void) recheck; + +- (void) notifyListener; +- (void) connectTo: (NSObject*) listener; + +- (void) lock; +- (void) unlock; + +@end + + +@implementation CKDSimulatedLockMonitor + ++ (instancetype) monitor { + return [[CKDSimulatedLockMonitor alloc] init]; +} + +- (instancetype) init { + self = [super init]; + if (self) { + _locked = true; + _unlockedSinceBoot = false; + } + + [self notifyListener]; + + return self; +} + +- (void) recheck { +} + +- (void) notifyListener { + if (self.listener) { + if (self.locked) { + [self.listener locked]; + } else { + [self.listener unlocked]; + } + } +} + +- (void) connectTo: (NSObject*) listener { + self.listener = listener; + [self notifyListener]; +} + +- (void) lock { + self.locked = true; + [self notifyListener]; +} +- (void) unlock { + self.locked = false; + self.unlockedSinceBoot = true; + [self notifyListener]; +} + + +@end + +@interface UbiqitousKVSProxy (Testing) +- (void) flush; +@end + +@implementation UbiqitousKVSProxy (Testing) +- (void) flush { + dispatch_semaphore_t sema = dispatch_semaphore_create(0); + + [self doAfterFlush:^{ + dispatch_semaphore_signal(sema); + }]; + + dispatch_semaphore_wait(sema, DISPATCH_TIME_FOREVER); +} +@end + +static void tests(void) { + CKDSimulatedStore* store = [CKDSimulatedStore simulatedInterface]; + CKDSimulatedAccount* account = [[CKDSimulatedAccount alloc] init]; + CKDSimulatedLockMonitor* monitor = [CKDSimulatedLockMonitor monitor]; + + NSString * testKey = @"TestKey"; + + UbiqitousKVSProxy * proxy = [UbiqitousKVSProxy withAccount:account + store:store + lockMonitor:monitor + persistence:[NSURL fileURLWithPath:@"/tmp/kvsPersistenceTestFile"]]; + + NSDictionary* interests = @{ [NSString stringWithUTF8String:kMessageKeyParameter]:@{ @"UnlockedKeys":@[ testKey ] } }; + NSString* accountID = @"Account1"; + + dispatch_sync([proxy ckdkvsproxy_queue], ^{ + [proxy registerKeys:interests forAccount:accountID]; + }); + + is([[account extractKeyChanges] count], (NSUInteger)0, "No changes yet"); + + [store remoteSetObject:@1 forKey:testKey]; + [proxy flush]; + + is([[account extractKeyChanges] count], (NSUInteger)0, "Still none while locked"); + + [monitor unlock]; + [proxy flush]; + + is([[account extractKeyChanges] count], (NSUInteger)1, "Notified after unlock"); + + [monitor lock]; + [monitor unlock]; + [proxy flush]; + + is([[account extractKeyChanges] count], (NSUInteger)0, "lock unlock and nothing changes"); + + [store remoteSetObject:@2 forKey:testKey]; + [proxy flush]; + + { + NSDictionary *changes = [account extractKeyChanges]; + is([changes count], (NSUInteger)1, "lock, nothing changes"); + is(changes[testKey], @2, "Sent second value"); + } + + [monitor lock]; + [store remoteSetObject:@3 forKey:testKey]; + [proxy flush]; + + is([[account extractKeyChanges] count], (NSUInteger)0, "Changes to Unlocked not when locked"); + + [monitor unlock]; + [proxy flush]; + + { + NSDictionary *changes = [account extractKeyChanges]; + is([changes count], (NSUInteger)1, "Change defered to after unlock"); + is(changes[testKey], @3, "Correct value"); + } + + dispatch_sync([proxy ckdkvsproxy_queue], ^{ + [proxy registerKeys:interests forAccount:accountID]; + }); + [proxy flush]; + + is([[account extractKeyChanges] count], (NSUInteger)0, "Same interests, no new data"); + + dispatch_sync([proxy ckdkvsproxy_queue], ^{ + [proxy registerKeys:interests forAccount:@"different"]; + }); + [proxy flush]; + + { + NSDictionary *changes = [account extractKeyChanges]; + is([changes count], (NSUInteger)1, "New account, same interests, new data"); + is(changes[testKey], @3, "Latest value for new data"); + } + +} + + +int secd_210_keyinterest(int argc, char *const *argv) +{ + plan_tests(12); + + tests(); + + return 0; +} diff --git a/OSX/sec/SOSCircle/SecureObjectSync/CKDSimulatedStore.h b/OSX/sec/SOSCircle/SecureObjectSync/CKDSimulatedStore.h new file mode 100644 index 00000000..a4444888 --- /dev/null +++ b/OSX/sec/SOSCircle/SecureObjectSync/CKDSimulatedStore.h @@ -0,0 +1,34 @@ +// +// CKDSimulatedStore.h +// Security +// +// Created by Mitch Adler on 10/31/16. +// +// + +#import "CKDStore.h" + +@interface CKDSimulatedStore : NSObject + ++ (instancetype)simulatedInterface; +- (instancetype)init; + +- (void)connectToProxy: (UbiqitousKVSProxy*) proxy; + +- (NSObject*)objectForKey:(NSString*)key; + +- (void)setObject:(id)obj forKey:(NSString*)key; +- (void)addEntriesFromDictionary:(NSDictionary *)otherDictionary; + +- (void)removeObjectForKey:(NSString*)key; +- (void)removeAllObjects; + +- (NSDictionary*) copyAsDictionary; + +- (void)pushWrites; +- (BOOL)pullUpdates:(NSError**) failure; + + +- (void)remoteSetObject:(id)obj forKey:(NSString*)key; + +@end diff --git a/OSX/sec/SOSCircle/SecureObjectSync/CKDSimulatedStore.m b/OSX/sec/SOSCircle/SecureObjectSync/CKDSimulatedStore.m new file mode 100644 index 00000000..562607b5 --- /dev/null +++ b/OSX/sec/SOSCircle/SecureObjectSync/CKDSimulatedStore.m @@ -0,0 +1,82 @@ +// +// CKDSimulatedStore.m +// Security +// + +#import "CKDSimulatedStore.h" +#import "CKDKVSProxy.h" + +#include "SOSCloudKeychainConstants.h" +#include + +#import "SyncedDefaults/SYDConstants.h" +#include + +@interface CKDSimulatedStore () +@property (readwrite, weak) UbiqitousKVSProxy* proxy; +@property (readwrite) NSMutableDictionary* data; +@end + +@implementation CKDSimulatedStore + ++ (instancetype)simulatedInterface { + return [[CKDSimulatedStore alloc] init]; +} + +- (instancetype)init { + self = [super init]; + + self.proxy = nil; + self.data = [NSMutableDictionary dictionary]; + + return self; +} + +- (void) connectToProxy: (UbiqitousKVSProxy*) proxy { + _proxy = proxy; +} + +- (void)setObject:(id)obj forKey:(NSString*)key { + [self.data setValue: obj forKey: key]; +} + +- (NSDictionary*) copyAsDictionary { + return self.data; +} + +- (void)addEntriesFromDictionary:(NSDictionary *)otherDictionary { + [otherDictionary enumerateKeysAndObjectsUsingBlock:^(NSString * _Nonnull key, NSObject * _Nonnull obj, BOOL * _Nonnull stop) { + [self setObject:obj forKey:key]; + }]; +} + +- (id)objectForKey:(NSString*)key { + return [self.data objectForKey:key]; +} + +- (void)removeObjectForKey:(NSString*)key { + return [self.data removeObjectForKey:key]; +} + +- (void)removeAllObjects { + [self.data removeAllObjects]; +} + +- (void)pushWrites { +} + +- (BOOL) pullUpdates:(NSError **)failure +{ + return true; +} + +- (void)remoteSetObject:(id)obj forKey:(NSString*)key +{ + [self.data setObject:obj forKey:key]; + + if (self.proxy) { + [self.proxy storeKeysChanged: [NSSet setWithObject:key] initial: NO]; + } +} + +@end diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccount.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccount.c index b387b6fb..c428a071 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccount.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccount.c @@ -8,6 +8,8 @@ */ #include "SOSAccountPriv.h" +#include +#include #include #include #include @@ -16,19 +18,20 @@ #include #include #include -#include #include #include #include #include +#include #include -#include #include +#include + #include #include -#include #include +#include CFGiblisWithCompareFor(SOSAccount); @@ -40,7 +43,10 @@ const CFStringRef kSOSEscrowRecord = CFSTR("EscrowRecord"); const CFStringRef kSOSUnsyncedViewsKey = CFSTR("unsynced"); const CFStringRef kSOSPendingEnableViewsToBeSetKey = CFSTR("pendingEnableViews"); const CFStringRef kSOSPendingDisableViewsToBeSetKey = CFSTR("pendingDisableViews"); - +const CFStringRef kSOSTestV2Settings = CFSTR("v2dictionary"); +const CFStringRef kSOSRecoveryKey = CFSTR("RecoveryKey"); +const CFStringRef kSOSRecoveryRing = CFSTR("RecoveryRing"); +const CFStringRef kSOSAccountUUID = CFSTR("UUID"); #define DATE_LENGTH 25 const CFStringRef kSOSAccountDebugScope = CFSTR("Scope"); @@ -99,8 +105,9 @@ SOSAccountRef SOSAccountCreateBasic(CFAllocatorRef allocator, a->kvs_message_transport = NULL; a->ids_message_transport = NULL; a->expansion = CFDictionaryCreateMutableForCFTypes(allocator); + SOSAccountAddRingDictionary(a); - + a->saveBlock = NULL; a->circle_rings_retirements_need_attention = false; a->engine_peer_state_needs_repair = false; @@ -219,6 +226,28 @@ bool SOSAccountUpdateGestalt(SOSAccountRef account, CFDictionaryRef new_gestalt) return true; } +CFDictionaryRef SOSAccountCopyGestalt(SOSAccountRef account) { + return CFDictionaryCreateCopy(kCFAllocatorDefault, account->gestalt); +} + +bool SOSAccountUpdateV2Dictionary(SOSAccountRef account, CFDictionaryRef newV2Dict) { + if(!newV2Dict) return true; + SOSAccountSetValue(account, kSOSTestV2Settings, newV2Dict, NULL); + if (account->trusted_circle && account->my_identity + && SOSFullPeerInfoUpdateV2Dictionary(account->my_identity, newV2Dict, NULL)) { + SOSAccountModifyCircle(account, NULL, ^(SOSCircleRef circle_to_change) { + secnotice("circleChange", "Calling SOSCircleUpdatePeerInfo for gestalt change"); + return SOSCircleUpdatePeerInfo(circle_to_change, SOSAccountGetMyPeerInfo(account)); + }); + } + return true; +} + +CFDictionaryRef SOSAccountCopyV2Dictionary(SOSAccountRef account) { + CFDictionaryRef v2dict = SOSAccountGetValue(account, kSOSTestV2Settings, NULL); + return CFDictionaryCreateCopy(kCFAllocatorDefault, v2dict); +} + static bool SOSAccountUpdateDSID(SOSAccountRef account, CFStringRef dsid){ SOSAccountSetValue(account, kSOSDSIDKey, dsid, NULL); //send new DSID over account changed @@ -258,31 +287,6 @@ bool SOSAccountUpdateFullPeerInfo(SOSAccountRef account, CFSetRef minimumViews, return true; } -static bool SOSAccountValueSetContainsValue(SOSAccountRef account, CFStringRef key, CFTypeRef value) { - CFSetRef foundSet = asSet(SOSAccountGetValue(account, key, NULL), NULL); - return foundSet && CFSetContainsValue(foundSet, value); -} - -static void SOSAccountValueUnionWith(SOSAccountRef account, CFStringRef key, CFSetRef valuesToUnion) { - CFMutableSetRef unionedSet = CFSetCreateMutableCopy(kCFAllocatorDefault, 0, valuesToUnion); - CFSetRef foundSet = asSet(SOSAccountGetValue(account, key, NULL), NULL); - if (foundSet) { - CFSetUnion(unionedSet, foundSet); - } - SOSAccountSetValue(account, key, unionedSet, NULL); - CFReleaseNull(unionedSet); -} - -static void SOSAccountValueSubtractFrom(SOSAccountRef account, CFStringRef key, CFSetRef valuesToSubtract) { - CFSetRef foundSet = asSet(SOSAccountGetValue(account, key, NULL), NULL); - if (foundSet) { - CFMutableSetRef subtractedSet = CFSetCreateMutableCopy(kCFAllocatorDefault, 0, foundSet); - CFSetSubtract(subtractedSet, valuesToSubtract); - SOSAccountSetValue(account, key, subtractedSet, NULL); - CFReleaseNull(subtractedSet); - } -} - void SOSAccountPendEnableViewSet(SOSAccountRef account, CFSetRef enabledViews) { if(CFSetGetValue(enabledViews, kSOSViewKeychainV0) != NULL) secnotice("viewChange", "Warning, attempting to Add KeychainV0"); @@ -504,6 +508,8 @@ SOSAccountRef SOSAccountCreate(CFAllocatorRef allocator, SOSAccountEnsureFactoryCircles(a); + SOSAccountEnsureUUID(a); + a->key_interests_need_updating = true; return a; @@ -639,16 +645,6 @@ do_keychain_delete_sbd() return result; } -void static SOSAccountResetKeyInterests(SOSAccountRef a) { - CFDictionaryRef emptyDictionary = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, NULL); - SOSCloudKeychainUpdateKeys(emptyDictionary, dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^(CFDictionaryRef returnedValues, CFErrorRef error) { - if (error) { - secerror("Error updating keys: %@", error); - } - }); - CFReleaseNull(emptyDictionary); -} - void SOSAccountSetToNew(SOSAccountRef a) { secnotice("accountChange", "Setting Account to New"); int result = 0; @@ -719,8 +715,8 @@ void SOSAccountSetToNew(SOSAccountRef a) { SOSAccountEnsureFactoryCircles(a); // Does rings too - // Reset our key interests since we are new, we need to hear about everything: - SOSAccountResetKeyInterests(a); + // By resetting our expansion dictionary we've reset our UUID, so we'll be notified properly + SOSAccountEnsureUUID(a); a->key_interests_need_updating = true; } @@ -792,276 +788,6 @@ SOSFullPeerInfoRef SOSAccountCopyAccountIdentityPeerInfo(SOSAccountRef account, return CFRetainSafe(account->my_identity); } -static bool SOSAccountThisDeviceCanSyncWithCircle(SOSAccountRef account) { - bool ok = false; - __block CFErrorRef error = NULL; - - if (!SOSAccountHasPublicKey(account, &error)) { - CFReleaseSafe(error); - return false; - } - - bool hasID = true; - - require_action_quiet(account->my_identity, xit, - SOSCreateError(kSOSErrorBadFormat, CFSTR("Account identity not set"), NULL, &error)); - - SOSTransportMessageIDSGetIDSDeviceID(account); - - require_action_quiet(account->trusted_circle, xit, - SOSCreateError(kSOSErrorBadFormat, CFSTR("Account trusted circle not set"), NULL, &error)); - - require_action_quiet(hasID, xit, - SOSCreateError(kSOSErrorBadFormat, CFSTR("Missing IDS device ID"), NULL, &error)); - ok = SOSCircleHasPeerWithID(account->trusted_circle, - SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(account->my_identity)), &error); -xit: - if (!ok) { - secerror("sync with device failure: %@", error); - } - CFReleaseSafe(error); - return ok; -} - -static bool SOSAccountIsThisPeerIDMe(SOSAccountRef account, CFStringRef peerID) { - SOSPeerInfoRef mypi = SOSFullPeerInfoGetPeerInfo(account->my_identity); - CFStringRef myPeerID = SOSPeerInfoGetPeerID(mypi); - - return myPeerID && CFEqualSafe(myPeerID, peerID); -} - -bool SOSAccountSendIKSPSyncList(SOSAccountRef account, CFErrorRef *error){ - bool result = true; - __block CFErrorRef localError = NULL; - __block CFMutableArrayRef ids = NULL; - SOSCircleRef circle = NULL; - - require_action_quiet(SOSAccountIsInCircle(account, NULL), xit, - SOSCreateError(kSOSErrorNoCircle, CFSTR("This device is not in circle"), - NULL, &localError)); - - circle = SOSAccountGetCircle(account, error); - ids = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault); - - require_action_quiet(SOSAccountThisDeviceCanSyncWithCircle(account), xit, - SOSCreateError(kSOSErrorNoCircle, CFSTR("This device cannot sync with circle"), - NULL, &localError)); - - SOSCircleForEachValidPeer(circle, account->user_public, ^(SOSPeerInfoRef peer) { - if (!SOSAccountIsThisPeerIDMe(account, SOSPeerInfoGetPeerID(peer))) { - if(SOSPeerInfoShouldUseIDSTransport(SOSFullPeerInfoGetPeerInfo(account->my_identity), peer) && - SOSPeerInfoShouldUseIDSMessageFragmentation(SOSFullPeerInfoGetPeerInfo(account->my_identity), peer)){ - SOSTransportMessageIDSSetFragmentationPreference(account->ids_message_transport, kCFBooleanTrue); - CFStringRef deviceID = SOSPeerInfoCopyDeviceID(peer); - if(deviceID != NULL){ - CFArrayAppendValue(ids, deviceID); - } - CFReleaseNull(deviceID); - } - } - }); - require_quiet(CFArrayGetCount(ids) != 0, xit); - secnotice("IDS Transport", "List of IDS Peers to ping: %@", ids); - - SOSCloudKeychainGetIDSDeviceAvailability(ids, SOSAccountGetMyPeerID(account), dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^(CFDictionaryRef returnedValues, CFErrorRef sync_error) { - bool success = (sync_error == NULL); - if(!success) - secerror("Failed to send list of IDS peers to IDSKSP: %@", sync_error); - }); -xit: - if(error && *error != NULL) - secerror("SOSAccountSendIKSPSyncList had an error: %@", *error); - - if(localError) - secerror("SOSAccountSendIKSPSyncList had an error: %@", localError); - - CFReleaseNull(ids); - CFReleaseNull(localError); - - return result; -} - -bool SOSAccountSyncWithAllKVSPeers(SOSAccountRef account, CFErrorRef *error) -{ - __block bool result = true; - - if(SOSAccountIsInCircle(account, NULL)) { - SOSCircleForEachValidPeer(account->trusted_circle, account->user_public, ^(SOSPeerInfoRef peer) { - if (!SOSAccountIsThisPeerIDMe(account, SOSPeerInfoGetPeerID(peer))) { - CFStringRef deviceID = SOSPeerInfoCopyDeviceID(peer); - if(deviceID == NULL || !SOSPeerInfoShouldUseIDSTransport(SOSFullPeerInfoGetPeerInfo(account->my_identity), peer)){ - result = SOSAccountSyncWithKVSPeer(account, SOSPeerInfoGetPeerID(peer), error); - if(result){ - secnotice("KVS Transport", "synced with peer: %@", SOSPeerInfoGetPeerID(peer)); - } - else{ - secnotice("KVS Transport", "failed to sync with peer: %@", SOSPeerInfoGetPeerID(peer)); - } - } - CFReleaseNull(deviceID); - } - }); - } - secnotice("sync", "SOSAccountSyncWithAllKVSPeers returns: %d", result); - return true; -} - -static CFMutableArrayRef SOSAccountCopyPeerIDsForDSID(SOSAccountRef account, CFStringRef deviceID, CFErrorRef* error) { - CFMutableArrayRef peerIDs = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault); - - SOSCircleForEachValidPeer(account->trusted_circle, account->user_public, ^(SOSPeerInfoRef peer) { - CFStringRef peerDeviceID = SOSPeerInfoCopyDeviceID(peer); - if(peerDeviceID != NULL && CFStringCompare(peerDeviceID, deviceID, 0) == 0){ - CFArrayAppendValue(peerIDs, SOSPeerInfoGetPeerID(peer)); - } - CFReleaseNull(peerDeviceID); - }); - - if (peerIDs == NULL || CFArrayGetCount(peerIDs) == 0) { - CFReleaseNull(peerIDs); - SOSErrorCreate(kSOSErrorPeerNotFound, error, NULL, CFSTR("No peer with DSID: %@"), deviceID); - } - - return peerIDs; -} - -static bool SOSAccountSyncWithKVSPeers(SOSAccountRef account, CFArrayRef peerIDs, CFErrorRef *error) { - CFDictionaryRef circleToPeerIDs = NULL; - - CFErrorRef localError = NULL; - bool result = false; - require_action_quiet(SOSAccountThisDeviceCanSyncWithCircle(account), xit, - SOSCreateError(kSOSErrorNoCircle, CFSTR("This device cannot sync with circle"), - NULL, &localError)); - - circleToPeerIDs = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, - SOSCircleGetName(account->trusted_circle), peerIDs, - NULL); - result = SOSTransportMessageSyncWithPeers(account->kvs_message_transport, circleToPeerIDs, &localError); - - SOSEngineRef engine = SOSTransportMessageGetEngine(account->kvs_message_transport); - result &= SOSEngineSyncWithPeers(engine, &localError); - - if (result) - SetCloudKeychainTraceValueForKey(kCloudKeychainNumberOfTimesSyncedWithPeers, 1); - -xit: - CFReleaseNull(circleToPeerIDs); - if (!result) { - // Tell account to update SOSEngine with current trusted peers - if (isSOSErrorCoded(localError, kSOSErrorPeerNotFound)) { - secnotice("Account", "Arming account to update SOSEngine with current trusted peers"); - account->engine_peer_state_needs_repair = true; - } - CFErrorPropagate(localError, error); - localError = NULL; - } - return result; - -} - -bool SOSAccountSyncWithKVSUsingIDSID(SOSAccountRef account, CFStringRef deviceID, CFErrorRef *error) { - bool result = false; - CFErrorRef localError = NULL; - - secnotice("KVS Transport","Syncing with KVS capable peer via DSID: %@", deviceID); - - CFArrayRef peerIDs = SOSAccountCopyPeerIDsForDSID(account, deviceID, &localError); - require_quiet(peerIDs, xit); - - CFStringArrayPerfromWithDescription(peerIDs, ^(CFStringRef peerIDList) { - secnotice("KVS Transport", "Syncing with KVS capable peers: %@", peerIDList); - }); - - result = SOSAccountSyncWithKVSPeers(account, peerIDs, &localError); - secerror("KVS sync %s. (%@)", result ? "succeeded" : "failed", localError); - -xit: - CFReleaseNull(peerIDs); - CFErrorPropagate(localError, error); - - return result; -} - -bool SOSAccountSyncWithKVSPeer(SOSAccountRef account, CFStringRef peerID, CFErrorRef *error) -{ - bool result = false; - CFErrorRef localError = NULL; - - secnotice("KVS Transport","Syncing with KVS capable peer: %@", peerID); - - CFArrayRef peerIDs = CFArrayCreateForCFTypes(kCFAllocatorDefault, peerID, NULL); - - result = SOSAccountSyncWithKVSPeers(account, peerIDs, &localError); - secerror("KVS sync %s. (%@)", result ? "succeeded" : "failed", localError); - - CFReleaseNull(peerIDs); - CFErrorPropagate(localError, error); - - return result; -} - -#define LOG_ENGINE_STATE_INTERVAL 20 - -bool SOSAccountSyncWithIDSPeer(SOSAccountRef account, CFStringRef deviceID, CFErrorRef *error) -{ - CFErrorRef localError = NULL; - CFMutableDictionaryRef circleToPeerIDs = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); - CFMutableArrayRef ids = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault); - static int engineLogCountDown = 0; - bool result = true; - - require_action_quiet(SOSAccountThisDeviceCanSyncWithCircle(account), xit, - SOSCreateError(kSOSErrorNoCircle, CFSTR("This device cannot sync with circle"), - NULL, &localError)); - SOSCircleForEachValidPeer(account->trusted_circle, account->user_public, ^(SOSPeerInfoRef peer) { - CFStringRef peerDeviceID = SOSPeerInfoCopyDeviceID(peer); - if(peerDeviceID != NULL && CFStringCompare(peerDeviceID, deviceID, 0) == 0){ - CFArrayAppendValue(ids, SOSPeerInfoGetPeerID(peer)); - } - CFReleaseNull(peerDeviceID); - }); - - require_action_quiet(CFArrayGetCount(ids), xit, SOSCreateError(kSOSErrorNoCircle, CFSTR("Cannot find peer in circle"), - NULL, &localError)); - - secnotice("IDS Transport","Syncing with IDS capable peer: %@", ids); - CFDictionarySetValue(circleToPeerIDs, SOSCircleGetName(account->trusted_circle), ids); - result = SOSTransportMessageSyncWithPeers(account->ids_message_transport, circleToPeerIDs, &localError); - secnotice("IDS Transport", "IDS Sync result: %d", result); - - SOSEngineRef engine = SOSTransportMessageGetEngine(account->ids_message_transport); - result &= SOSEngineSyncWithPeers(engine, &localError); - - if (result) - SetCloudKeychainTraceValueForKey(kCloudKeychainNumberOfTimesSyncedWithPeers, 1); - - if(engineLogCountDown <= 0) { - SOSEngineLogState(engine); - engineLogCountDown = LOG_ENGINE_STATE_INTERVAL; - } else { - engineLogCountDown--; - } - -xit: - CFReleaseNull(circleToPeerIDs); - - if (!result) { - secdebug("Account", "Could not sync with peer %@, error: %@", deviceID, localError); - // Tell account to update SOSEngine with current trusted peers - if (isSOSErrorCoded(localError, kSOSErrorPeerNotFound)) { - secnotice("Account", "Arming account to update SOSEngine with current trusted peers"); - account->engine_peer_state_needs_repair = true; - } - CFErrorPropagate(localError, error); - localError = NULL; - } - CFReleaseNull(ids); - CFReleaseSafe(localError); - - return result; -} - bool SOSAccountCleanupAfterPeer(SOSAccountRef account, size_t seconds, SOSCircleRef circle, @@ -1583,30 +1309,38 @@ bool SOSAccountEnsureInBackupRings(SOSAccountRef account) { require_action_quiet(account->backup_key, exit, result = true); backupKey = SOSPeerInfoV2DictionaryCopyData(SOSAccountGetMyPeerInfo(account), sBackupKeyKey); - - require_action_quiet(!CFEqualSafe(backupKey, account->backup_key), exit, result = true); // If we're already set up, we're done. - require_quiet(SOSAccountUpdatePeerInfo(account, CFSTR("Backup public key"), &error, ^bool(SOSFullPeerInfoRef fpi, CFErrorRef *error) { - return SOSFullPeerInfoUpdateBackupKey(fpi, account->backup_key, error); - }), exit); - + + bool updateBackupKey = !CFEqualSafe(backupKey, account->backup_key); + + if(updateBackupKey) { + require_quiet(SOSAccountUpdatePeerInfo(account, CFSTR("Backup public key"), &error, ^bool(SOSFullPeerInfoRef fpi, CFErrorRef *error) { + return SOSFullPeerInfoUpdateBackupKey(fpi, account->backup_key, error); + }), exit); + } require_quiet(account->backup_key, exit); // If it went null, we're done now. require_quiet(SOSBSKBIsGoodBackupPublic(account->backup_key, &error), exit); - - // It's a good key, we're going with it. Stop backing up the old way. - CFErrorRef localError = NULL; - if (!SOSDeleteV0Keybag(&localError)) { - secerror("Failed to delete v0 keybag: %@", localError); - } - CFReleaseNull(localError); - result = true; + CFDataRef recoveryKeyBackFromRing = SOSAccountCopyRecoveryPublic(kCFAllocatorDefault, account, &error); - // Setup backups the new way. - SOSAccountForEachBackupView(account, ^(const void *value) { - CFStringRef viewName = (CFStringRef)value; - result &= SOSAccountNewBKSBForView(account, viewName, &error); - }); + if(updateBackupKey || recoveryKeyBackFromRing) { + // It's a good key, we're going with it. Stop backing up the old way. + CFErrorRef localError = NULL; + if (!SOSDeleteV0Keybag(&localError)) { + secerror("Failed to delete v0 keybag: %@", localError); + } + CFReleaseNull(localError); + + result = true; + + // Setup backups the new way. + SOSAccountForEachBackupView(account, ^(const void *value) { + CFStringRef viewName = (CFStringRef)value; + if(updateBackupKey || (recoveryKeyBackFromRing && !SOSAccountRecoveryKeyIsInBackupAndCurrentInView(account, viewName))) { + result &= SOSAccountNewBKSBForView(account, viewName, &error); + } + }); + } exit: if (!result) { @@ -1616,6 +1350,37 @@ exit: return result; } +// +// MARK: Recovery Public Key Functions +// + +bool SOSAccountRegisterRecoveryPublicKey(SOSAccountTransactionRef txn, CFDataRef recovery_key, CFErrorRef *error){ + bool retval = SOSAccountSetRecoveryKey(txn->account, recovery_key, error); + if(retval) secnotice("recovery", "successfully registered recovery public key"); + else secnotice("recovery", "could not register recovery public key: %@", *error); + SOSClearErrorIfTrue(retval, error); + return retval; +} + +bool SOSAccountClearRecoveryPublicKey(SOSAccountTransactionRef txn, CFDataRef recovery_key, CFErrorRef *error){ + bool retval = SOSAccountRemoveRecoveryKey(txn->account, error); + SOSClearErrorIfTrue(retval, error); + return retval; +} + +CFDataRef SOSAccountCopyRecoveryPublicKey(SOSAccountTransactionRef txn, CFErrorRef *error){ + CFDataRef result = NULL; + result = SOSAccountCopyRecoveryPublic(kCFAllocatorDefault, txn->account, error); + if(!result) secnotice("recovery", "Could not retrieve the recovery public key from the ring: %@", *error); + + if (!isData(result)) { + CFReleaseNull(result); + } + SOSClearErrorIfTrue(result != NULL, error); + + return result; +} + // // MARK: Joining // @@ -1632,7 +1397,7 @@ static bool SOSAccountJoinCircle(SOSAccountTransactionRef aTxn, SecKeyRef user_k SOSFullPeerInfoRef myCirclePeer = account->my_identity; - if (SOSCircleCountPeers(account->trusted_circle) == 0) { + if (SOSCircleCountPeers(account->trusted_circle) == 0 || SOSAccountGhostResultsInReset(account)) { secnotice("resetToOffering", "Resetting circle to offering since there are no peers"); // this also clears initial sync data result = SOSAccountResetCircleToOffering(aTxn, user_key, error); @@ -1708,6 +1473,7 @@ done: } bool SOSAccountJoinCircles(SOSAccountTransactionRef aTxn, CFErrorRef* error) { + secnotice("circleJoin", "Normal path circle join (SOSAccountJoinCircles)"); return SOSAccountJoinCircles_internal(aTxn, false, error); } @@ -1722,8 +1488,9 @@ fail: return result; } -bool SOSAccountSetMyDSID(SOSAccountRef account, CFStringRef IDS, CFErrorRef* error){ +bool SOSAccountSetMyDSID(SOSAccountTransactionRef txn, CFStringRef IDS, CFErrorRef* error){ bool result = true; + SOSAccountRef account = txn->account; secdebug("IDS Transport", "We are setting our device ID: %@", IDS); if(IDS != NULL && (CFStringGetLength(IDS) > 0)){ @@ -1735,15 +1502,20 @@ bool SOSAccountSetMyDSID(SOSAccountRef account, CFStringRef IDS, CFErrorRef* err SOSFullPeerInfoUpdateTransportType(account->my_identity, SOSTransportMessageTypeIDSV2, error); SOSFullPeerInfoUpdateTransportPreference(account->my_identity, kCFBooleanFalse, error); SOSFullPeerInfoUpdateTransportFragmentationPreference(account->my_identity, kCFBooleanTrue, error); - + SOSFullPeerInfoUpdateTransportAckModelPreference(account->my_identity, kCFBooleanTrue, error); return SOSCircleHasPeer(circle, SOSFullPeerInfoGetPeerInfo(account->my_identity), NULL); }); } else result = false; - - SOSCCSyncWithAllPeers(); - + + // Initiate sync with all IDS peers, since we just learned we can talk that way. + SOSAccountForEachCirclePeerExceptMe(account, ^(SOSPeerInfoRef peer) { + if (SOSPeerInfoShouldUseIDSTransport(SOSAccountGetMyPeerInfo(account), peer)) { + SOSAccountTransactionAddSyncRequestForPeerID(txn, SOSPeerInfoGetPeerID(peer)); + } + }); + fail: CFReleaseNull(account->deviceID); account->deviceID = CFRetainSafe(IDS); @@ -1754,28 +1526,23 @@ bool SOSAccountSendIDSTestMessage(SOSAccountRef account, CFStringRef message, CF bool result = true; //construct message dictionary, circle -> peerID -> message - CFMutableDictionaryRef circleToPeerMessages = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); CFMutableDictionaryRef peerToMessage = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); - - char *messageCharStar; - asprintf(&messageCharStar, "%d", kIDSSendOneMessage); - CFStringRef messageString = CFStringCreateWithCString(kCFAllocatorDefault, messageCharStar, kCFStringEncodingUTF8); - - CFMutableDictionaryRef mutableDictionary = CFDictionaryCreateMutableForCFTypesWith(kCFAllocatorDefault, kIDSOperationType, messageString, kIDSMessageToSendKey, CFSTR("send IDS test message"), NULL); - - SOSCircleForEachPeer(account->trusted_circle, ^(SOSPeerInfoRef peer) { - if(!CFEqualSafe(peer, SOSAccountGetMyPeerInfo(account))) - CFDictionaryAddValue(peerToMessage, SOSPeerInfoGetPeerID(peer), mutableDictionary); + + CFStringRef operationString = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("%d"), kIDSSendOneMessage); + CFDictionaryRef rawMessage = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, + kIDSOperationType, operationString, + kIDSMessageToSendKey, CFSTR("send IDS test message"), + NULL); + + SOSAccountForEachCirclePeerExceptMe(account, ^(SOSPeerInfoRef peer) { + CFDictionaryAddValue(peerToMessage, SOSPeerInfoGetPeerID(peer), rawMessage); }); + + result = SOSTransportMessageSendMessages(account->ids_message_transport, peerToMessage, error); - CFDictionaryAddValue(circleToPeerMessages, SOSCircleGetName(account->trusted_circle), peerToMessage); - result = SOSTransportMessageSendMessages(account->ids_message_transport, circleToPeerMessages, error); - - CFReleaseNull(mutableDictionary); CFReleaseNull(peerToMessage); - CFReleaseNull(circleToPeerMessages); - CFReleaseNull(messageString); - free(messageCharStar); + CFReleaseNull(operationString); + CFReleaseNull(rawMessage); return result; } @@ -1787,35 +1554,29 @@ bool SOSAccountStartPingTest(SOSAccountRef account, CFStringRef message, CFError account->ids_message_transport = (SOSTransportMessageRef)SOSTransportMessageIDSCreate(account, SOSCircleGetName(account->trusted_circle), error); require_quiet(account->ids_message_transport, fail); - CFMutableDictionaryRef circleToPeerMessages = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); CFMutableDictionaryRef peerToMessage = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); - - char *messageCharStar; - asprintf(&messageCharStar, "%d", kIDSStartPingTestMessage); - CFStringRef operationToString = CFStringCreateWithCString(kCFAllocatorDefault, messageCharStar, kCFStringEncodingUTF8); - CFStringRef messageToSend = CFSTR("send IDS test message"); - - CFMutableDictionaryRef mutableDictionary = CFDictionaryCreateMutableForCFTypesWith(kCFAllocatorDefault, kIDSOperationType, operationToString, kIDSMessageToSendKey, messageToSend, NULL); + + CFStringRef operationString = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("%d"), kIDSStartPingTestMessage); + CFDictionaryRef rawMessage = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, + kIDSOperationType, operationString, + kIDSMessageToSendKey, CFSTR("send IDS test message"), + NULL); - SOSCircleForEachPeer(account->trusted_circle, ^(SOSPeerInfoRef peer) { - if(CFStringCompare(SOSAccountGetMyPeerID(account), SOSPeerInfoGetPeerID(peer), 0) != 0) - CFDictionaryAddValue(peerToMessage, SOSPeerInfoGetPeerID(peer), mutableDictionary); + SOSAccountForEachCirclePeerExceptMe(account, ^(SOSPeerInfoRef peer) { + CFDictionaryAddValue(peerToMessage, SOSPeerInfoGetPeerID(peer), rawMessage); }); - CFDictionaryAddValue(circleToPeerMessages, SOSCircleGetName(account->trusted_circle), peerToMessage); - result = SOSTransportMessageSendMessages(account->ids_message_transport, circleToPeerMessages, error); + result = SOSTransportMessageSendMessages(account->ids_message_transport, peerToMessage, error); - CFReleaseNull(mutableDictionary); CFReleaseNull(peerToMessage); - CFReleaseNull(circleToPeerMessages); - CFReleaseNull(operationToString); - free(messageCharStar); + CFReleaseNull(rawMessage); + CFReleaseNull(operationString); fail: return result; } -bool SOSAccountRetrieveDeviceIDFromIDSKeychainSyncingProxy(SOSAccountRef account, CFErrorRef *error){ +bool SOSAccountRetrieveDeviceIDFromKeychainSyncingOverIDSProxy(SOSAccountRef account, CFErrorRef *error){ bool result = true; __block bool success = true; @@ -1837,7 +1598,7 @@ bool SOSAccountRetrieveDeviceIDFromIDSKeychainSyncingProxy(SOSAccountRef account dispatch_release(wait_for); if(!success && localError != NULL && error != NULL){ - secerror("Could not ask IDSKeychainSyncingProxy for Device ID: %@", localError); + secerror("Could not ask KeychainSyncingOverIDSProxy for Device ID: %@", localError); *error = localError; result = false; } @@ -1848,6 +1609,7 @@ bool SOSAccountRetrieveDeviceIDFromIDSKeychainSyncingProxy(SOSAccountRef account } bool SOSAccountJoinCirclesAfterRestore(SOSAccountTransactionRef aTxn, CFErrorRef* error) { + secnotice("circleJoin", "Joining after restore (SOSAccountJoinCirclesAfterRestore)"); return SOSAccountJoinCircles_internal(aTxn, true, error); } @@ -1868,23 +1630,32 @@ bool SOSAccountLeaveCircle(SOSAccountRef account, CFErrorRef* error) bool SOSAccountRemovePeersFromCircle(SOSAccountRef account, CFArrayRef peers, CFErrorRef* error) { + bool result = false; + CFMutableSetRef peersToRemove = NULL; SecKeyRef user_key = SOSAccountGetPrivateCredential(account, error); - if (!user_key) - return false; - - bool result = true; + require_action_quiet(user_key, errOut, secnotice("removePeers", "Can't remove without userKey")); - CFMutableSetRef peersToRemove = CFSetCreateMutableForSOSPeerInfosByIDWithArray(kCFAllocatorDefault, peers); + SOSFullPeerInfoRef me_full = SOSAccountGetMyFullPeerInfo(account); + SOSPeerInfoRef me = SOSAccountGetMyPeerInfo(account); + require_action_quiet(me_full && me, errOut, { + SOSErrorCreate(kSOSErrorPeerNotFound, error, NULL, CFSTR("Can't remove without being active peer")); + secnotice("removePeers", "Can't remove without being active peer"); + }); + + result = true; // beyond this point failures would be rolled up in AccountModifyCircle. - bool leaveCircle = CFSetContainsValue(peersToRemove, SOSAccountGetMyPeerInfo(account)); + peersToRemove = CFSetCreateMutableForSOSPeerInfosByIDWithArray(kCFAllocatorDefault, peers); + require_action_quiet(peersToRemove, errOut, secnotice("removePeers", "No peerSet to remove")); - CFSetRemoveValue(peersToRemove, SOSAccountGetMyPeerInfo(account)); + // If we're one of the peers expected to leave - note that and then remove ourselves from the set (different handling). + bool leaveCircle = CFSetContainsValue(peersToRemove, me); + CFSetRemoveValue(peersToRemove, me); result &= SOSAccountModifyCircle(account, error, ^(SOSCircleRef circle) { bool success = false; if(CFSetGetCount(peersToRemove) != 0) { - require_quiet(SOSCircleRemovePeers(circle, user_key, SOSAccountGetMyFullPeerInfo(account), peersToRemove, error), done); + require_quiet(SOSCircleRemovePeers(circle, user_key, me_full, peersToRemove, error), done); success = SOSAccountGenerationSignatureUpdate(account, error); } else success = true; @@ -1898,6 +1669,8 @@ bool SOSAccountRemovePeersFromCircle(SOSAccountRef account, CFArrayRef peers, CF }); +errOut: + CFReleaseNull(peersToRemove); return result; } @@ -2065,45 +1838,6 @@ done: return result; } -static inline bool SOSAccountEnsureExpansion(SOSAccountRef account, CFErrorRef *error) { - if (!account->expansion) { - account->expansion = CFDictionaryCreateMutableForCFTypes(NULL); - } - - return SecAllocationError(account->expansion, error, CFSTR("Can't Alloc Account Expansion dictionary")); -} - -// -// Value manipulation -// - -bool SOSAccountClearValue(SOSAccountRef account, CFStringRef key, CFErrorRef *error) { - bool success = SOSAccountEnsureExpansion(account, error); - require_quiet(success, errOut); - - CFDictionaryRemoveValue(account->expansion, key); -errOut: - return success; -} - -bool SOSAccountSetValue(SOSAccountRef account, CFStringRef key, CFTypeRef value, CFErrorRef *error) { - if (value == NULL) return SOSAccountClearValue(account, key, error); - - bool success = SOSAccountEnsureExpansion(account, error); - require_quiet(success, errOut); - - CFDictionarySetValue(account->expansion, key, value); -errOut: - return success; -} - -CFTypeRef SOSAccountGetValue(SOSAccountRef account, CFStringRef key, CFErrorRef *error) { - if (!account->expansion) { - return NULL; - } - return CFDictionaryGetValue(account->expansion, key); -} - bool SOSAccountAddEscrowRecords(SOSAccountRef account, CFStringRef dsid, CFDictionaryRef record, CFErrorRef *error){ CFMutableDictionaryRef escrowRecords = (CFMutableDictionaryRef)SOSAccountGetValue(account, kSOSEscrowRecord, error); CFMutableDictionaryRef escrowCopied = NULL; @@ -2137,31 +1871,26 @@ bool SOSAccountAddEscrowToPeerInfo(SOSAccountRef account, SOSFullPeerInfoRef myP bool SOSAccountCheckPeerAvailability(SOSAccountRef account, CFErrorRef *error) { - CFMutableDictionaryRef circleToPeerMessages = NULL; - CFStringRef operationTypeAsString = NULL; - CFMutableDictionaryRef mutableDictionary = NULL; + CFStringRef operationString = NULL; + CFDictionaryRef rawMessage = NULL; CFMutableSetRef peers = NULL; CFMutableDictionaryRef peerList = NULL; char* message = NULL; bool result = false; + if(account->ids_message_transport == NULL) account->ids_message_transport = (SOSTransportMessageRef)SOSTransportMessageIDSCreate(account, SOSCircleGetName(account->trusted_circle), error); require_quiet(account->ids_message_transport, fail); - circleToPeerMessages = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); - - //adding message type kIDSPeerAvailability so IDSKeychainSyncingProxy does not send this message as a keychain item - - asprintf(&message, "%d", kIDSPeerAvailability); - operationTypeAsString = CFStringCreateWithCString(kCFAllocatorDefault, message, kCFStringEncodingUTF8); - - mutableDictionary = CFDictionaryCreateMutableForCFTypesWith(kCFAllocatorDefault, kIDSOperationType, operationTypeAsString, kIDSMessageToSendKey, CFSTR("checking peers"), NULL); - - //make sure there are peers in the circle - peers = SOSCircleCopyPeers(account->trusted_circle, kCFAllocatorDefault); - require_quiet(CFSetGetCount(peers) > 0, fail); - CFReleaseNull(peers); - + + //adding message type kIDSPeerAvailability so KeychainSyncingOverIDSProxy does not send this message as a keychain item + + operationString = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("%d"), kIDSPeerAvailability); + rawMessage = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, + kIDSOperationType, operationString, + kIDSMessageToSendKey, CFSTR("checking peers"), + NULL); + peerList = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); SOSCircleRef circle = account->trusted_circle; @@ -2174,7 +1903,7 @@ bool SOSAccountCheckPeerAvailability(SOSAccountRef account, CFErrorRef *error) if(CFEqualSafe(intersectSets, mySubSet)){ CFStringRef deviceID = SOSPeerInfoCopyDeviceID(peer); if(deviceID != NULL) - CFDictionaryAddValue(peerList, SOSPeerInfoGetPeerID(peer), mutableDictionary); + CFDictionaryAddValue(peerList, SOSPeerInfoGetPeerID(peer), rawMessage); CFReleaseNull(deviceID); } CFReleaseNull(peerViews); @@ -2183,14 +1912,12 @@ bool SOSAccountCheckPeerAvailability(SOSAccountRef account, CFErrorRef *error) }); require_quiet(CFDictionaryGetCount(peerList) > 0 , fail); - CFDictionaryAddValue(circleToPeerMessages, SOSCircleGetName(account->trusted_circle), peerList); - result = SOSTransportMessageSendMessages(account->ids_message_transport, circleToPeerMessages, error); + result = SOSTransportMessageSendMessages(account->ids_message_transport, peerList, error); fail: - CFReleaseNull(mutableDictionary); - CFReleaseNull(operationTypeAsString); + CFReleaseNull(rawMessage); + CFReleaseNull(operationString); CFReleaseNull(peerList); - CFReleaseNull(circleToPeerMessages); CFReleaseNull(peers); free(message); return result; @@ -2331,6 +2058,8 @@ CFDataRef SOSAccountCopyCircleJoiningBlob(SOSAccountRef account, SOSPeerInfoRef CFDataRef pbblob = NULL; + secnotice("circleJoin", "Making circle joining blob as sponsor (SOSAccountCopyCircleJoiningBlob)"); + SecKeyRef userKey = SOSAccountGetTrustedPublicCredential(account, error); require_quiet(userKey, errOut); @@ -2362,6 +2091,10 @@ errOut: CFReleaseNull(signature); CFReleaseNull(ourKey); + if(!pbblob) { + secnotice("circleJoin", "Failed to make circle joining blob as sponsor %@", *error); + } + return pbblob; } @@ -2369,6 +2102,8 @@ bool SOSAccountJoinWithCircleJoiningBlob(SOSAccountRef account, CFDataRef joinin bool retval = false; SecKeyRef userKey = NULL; struct piggyBackBlob *pbb = NULL; + + secnotice("circleJoin", "Joining circles through piggy-back (SOSAccountCopyCircleJoiningBlob)"); userKey = SOSAccountGetPrivateCredential(account, error); require_quiet(userKey, errOut); @@ -2447,3 +2182,11 @@ imOut: return; } + + +void SOSAccountSetTestSerialNumber(SOSAccountRef account, CFStringRef serial) { + if(!isString(serial)) return; + CFMutableDictionaryRef newv2dict = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); + CFDictionarySetValue(newv2dict, sSerialNumberKey, serial); + SOSAccountUpdateV2Dictionary(account, newv2dict); +} diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccount.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccount.h index d014ebbd..80cdb325 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccount.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccount.h @@ -33,6 +33,7 @@ /* Forward declarations of SOS types. */ typedef struct __OpaqueSOSAccount *SOSAccountRef; +typedef struct __OpaqueSOSRecoveryKeyBag *SOSRecoveryKeyBagRef; #include @@ -46,6 +47,7 @@ typedef struct __OpaqueSOSAccount *SOSAccountRef; #include #include #include +#include #include @@ -78,12 +80,6 @@ CFTypeID SOSAccountGetTypeID(void); SOSAccountRef SOSAccountCreateFromDER(CFAllocatorRef allocator, SOSDataSourceFactoryRef factory, CFErrorRef* error, const uint8_t** der_p, const uint8_t *der_end); - -SOSAccountRef SOSAccountCreateFromDER_V3(CFAllocatorRef allocator, - SOSDataSourceFactoryRef factory, - CFErrorRef* error, - const uint8_t** der_p, const uint8_t *der_end); - SOSAccountRef SOSAccountCreateFromData(CFAllocatorRef allocator, CFDataRef circleData, SOSDataSourceFactoryRef factory, CFErrorRef* error); @@ -96,10 +92,10 @@ CFDataRef SOSAccountCopyEncodedData(SOSAccountRef circle, CFAllocatorRef allocat // //MARK: IDS Device ID CFStringRef SOSAccountCopyDeviceID(SOSAccountRef account, CFErrorRef *error); -bool SOSAccountSetMyDSID(SOSAccountRef account, CFStringRef IDS, CFErrorRef* errror); +bool SOSAccountSetMyDSID(SOSAccountTransactionRef txn, CFStringRef IDS, CFErrorRef* errror); bool SOSAccountSendIDSTestMessage(SOSAccountRef account, CFStringRef message, CFErrorRef *error); bool SOSAccountStartPingTest(SOSAccountRef account, CFStringRef message, CFErrorRef *error); -bool SOSAccountRetrieveDeviceIDFromIDSKeychainSyncingProxy(SOSAccountRef account, CFErrorRef *error); +bool SOSAccountRetrieveDeviceIDFromKeychainSyncingOverIDSProxy(SOSAccountRef account, CFErrorRef *error); // // MARK: Credential management @@ -197,6 +193,12 @@ void SOSAccountAddSyncablePeerBlock(SOSAccountRef a, // bool SOSAccountUpdateGestalt(SOSAccountRef account, CFDictionaryRef new_gestalt); +CFDictionaryRef SOSAccountCopyGestalt(SOSAccountRef account); + +CFDictionaryRef SOSAccountCopyV2Dictionary(SOSAccountRef account); + +bool SOSAccountUpdateV2Dictionary(SOSAccountRef account, CFDictionaryRef newV2Dict); + bool SOSAccountUpdateFullPeerInfo(SOSAccountRef account, CFSetRef minimumViews, CFSetRef excludedViews); SOSViewResultCode SOSAccountUpdateView(SOSAccountRef account, CFStringRef viewname, SOSViewActionCode actionCode, CFErrorRef *error); @@ -216,14 +218,27 @@ SOSSecurityPropertyResultCode SOSAccountSecurityPropertyStatus(SOSAccountRef acc bool SOSAccountHandleParametersChange(SOSAccountRef account, CFDataRef updates, CFErrorRef *error); -bool SOSAccountSendIKSPSyncList(SOSAccountRef account, CFErrorRef *error); -bool SOSAccountSyncWithAllKVSPeers(SOSAccountRef account, CFErrorRef *error); +// +// MARK: Requests for syncing later +// +bool SOSAccountRequestSyncWithAllPeers(SOSAccountTransactionRef txn, CFErrorRef *error); + +// +// MARK: Outgoing/Sync functions +// + +bool SOSAccountSyncWithKVSPeerWithMessage(SOSAccountTransactionRef txn, CFStringRef peerid, CFDataRef message, CFErrorRef *error); +bool SOSAccountClearPeerMessageKey(SOSAccountTransactionRef txn, CFStringRef peerID, CFErrorRef *error); + +CF_RETURNS_RETAINED CFSetRef SOSAccountProcessSyncWithPeers(SOSAccountTransactionRef txn, CFSetRef /* CFStringRef */ peers, CFSetRef /* CFStringRef */ backupPeers, CFErrorRef *error); -bool SOSAccountSyncWithKVSPeer(SOSAccountRef account, CFStringRef peerID, CFErrorRef *error); +bool SOSAccountSendIKSPSyncList(SOSAccountRef account, CFErrorRef *error); bool SOSAccountSyncWithKVSUsingIDSID(SOSAccountRef account, CFStringRef deviceID, CFErrorRef *error); -bool SOSAccountSyncWithIDSPeer(SOSAccountRef account, CFStringRef peerID, CFErrorRef *error); +// +// MARK: Cleanup functions +// bool SOSAccountCleanupAfterPeer(SOSAccountRef account, size_t seconds, SOSCircleRef circle, SOSPeerInfoRef cleanupPeer, CFErrorRef* error); @@ -255,6 +270,22 @@ SOSBackupSliceKeyBagRef SOSAccountBackupSliceKeyBagForView(SOSAccountRef account bool SOSAccountIsLastBackupPeer(SOSAccountRef account, CFErrorRef *error); + +// +// MARK: Recovery Public Key Functions +// +bool SOSAccountRegisterRecoveryPublicKey(SOSAccountTransactionRef txn, CFDataRef recovery_key, CFErrorRef *error); +CFDataRef SOSAccountCopyRecoveryPublicKey(SOSAccountTransactionRef txn, CFErrorRef *error); +bool SOSAccountClearRecoveryPublicKey(SOSAccountTransactionRef txn, CFDataRef recovery_key, CFErrorRef *error); +bool SOSAccountSetRecoveryKey(SOSAccountRef account, CFDataRef pubData, CFErrorRef *error); +bool SOSAccountRemoveRecoveryKey(SOSAccountRef account, CFErrorRef *error); +SOSRecoveryKeyBagRef SOSAccountCopyRecoveryKeyBag(CFAllocatorRef allocator, SOSAccountRef account, CFErrorRef *error); +CFDataRef SOSAccountCopyRecoveryPublic(CFAllocatorRef allocator, SOSAccountRef account, CFErrorRef *error); +bool SOSAccountRecoveryKeyIsInBackupAndCurrentInView(SOSAccountRef account, CFStringRef viewname); +bool SOSAccountSetRecoveryKeyBagEntry(CFAllocatorRef allocator, SOSAccountRef account, SOSRecoveryKeyBagRef rkbg, CFErrorRef *error); +SOSRecoveryKeyBagRef SOSAccountCopyRecoveryKeyBagEntry(CFAllocatorRef allocator, SOSAccountRef account, CFErrorRef *error); +void SOSAccountEnsureRecoveryRing(SOSAccountRef account); + // // MARK: Private functions // @@ -316,6 +347,15 @@ void SOSAccountLogViewState(SOSAccountRef account); CFBooleanRef SOSAccountPeersHaveViewsEnabled(SOSAccountRef account, CFArrayRef viewNames, CFErrorRef *error); +void SOSAccountSetTestSerialNumber(SOSAccountRef account, CFStringRef serial); + + +// +// MARK: Syncing status functions +// +bool SOSAccountMessageFromPeerIsPending(SOSAccountTransactionRef txn, SOSPeerInfoRef peer, CFErrorRef *error); +bool SOSAccountSendToPeerIsPending(SOSAccountTransactionRef txn, SOSPeerInfoRef peer, CFErrorRef *error); + __END_DECLS #endif /* !_SOSACCOUNT_H_ */ diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountBackup.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountBackup.c index a34987d0..f27550f4 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountBackup.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountBackup.c @@ -12,6 +12,8 @@ #include "SOSInternal.h" + + // // MARK: V0 Keybag keychain stuff // @@ -99,14 +101,24 @@ static void SOSAccountWithBackupPeersForView(SOSAccountRef account, CFStringRef CFReleaseNull(backupPeersForView); } + static bool SOSAccountWithBSKBForView(SOSAccountRef account, CFStringRef viewName, CFErrorRef *error, bool (^action)(SOSBackupSliceKeyBagRef bskb, CFErrorRef *error)) { __block SOSBackupSliceKeyBagRef bskb = NULL; bool result = false; + CFDataRef rkbg = SOSAccountCopyRecoveryPublic(kCFAllocatorDefault, account, error); SOSAccountWithBackupPeersForView(account, viewName, ^(CFSetRef peers) { - bskb = SOSBackupSliceKeyBagCreate(kCFAllocatorDefault, peers, error); + if(! rkbg) { + bskb = SOSBackupSliceKeyBagCreate(kCFAllocatorDefault, peers, error); + } else { + CFMutableDictionaryRef additionalKeys = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); + CFDictionaryAddValue(additionalKeys, bskbRkbgPrefix, rkbg); + bskb = SOSBackupSliceKeyBagCreateWithAdditionalKeys(kCFAllocatorDefault, peers, additionalKeys, error); + CFReleaseNull(additionalKeys); + } }); + CFReleaseNull(rkbg); require_quiet(bskb, exit); @@ -123,29 +135,6 @@ CFStringRef SOSBackupCopyRingNameForView(CFStringRef viewName) { return CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("%@-tomb"), viewName); } -static bool SOSAccountUpdateNamedRing(SOSAccountRef account, CFStringRef ringName, CFErrorRef *error, - SOSRingRef (^create)(CFStringRef ringName, CFErrorRef *error), - SOSRingRef (^copyModified)(SOSRingRef existing, CFErrorRef *error)) { - bool result = false; - SOSRingRef found = SOSAccountCopyRing(account, ringName, error); - SOSRingRef newRing = NULL; - if(!found) { - found = create(ringName, error); - } - require_quiet(found, errOut); - newRing = copyModified(found, error); - CFReleaseNull(found); - - require_quiet(newRing, errOut); - - result = SOSAccountHandleUpdateRing(account, newRing, true, error); - -errOut: - CFReleaseNull(found); - CFReleaseNull(newRing); - return result; -} - static bool SOSAccountUpdateBackupRing(SOSAccountRef account, CFStringRef viewName, CFErrorRef *error, SOSRingRef (^modify)(SOSRingRef existing, CFErrorRef *error)) { @@ -350,7 +339,7 @@ fail: return result; } -void SOSAccountForEachBackupRingName(SOSAccountRef account, void (^operation)(CFStringRef value)) { +void SOSAccountForEachRingName(SOSAccountRef account, void (^operation)(CFStringRef value)) { SOSPeerInfoRef myPeer = SOSAccountGetMyPeerInfo(account); if (myPeer) { CFSetRef allViews = SOSViewCopyViewSet(kViewSetAll); // All non virtual views. @@ -364,8 +353,9 @@ void SOSAccountForEachBackupRingName(SOSAccountRef account, void (^operation)(CF CFReleaseNull(ringName); } }); - CFReleaseNull(allViews); + // Only one "ring" now (other than backup rings) when there's more this will need to be modified. + operation(kSOSRecoveryRing); } } @@ -380,6 +370,7 @@ void SOSAccountForEachBackupView(SOSAccountRef account, void (^operation)(const } } + bool SOSAccountSetBackupPublicKey(SOSAccountTransactionRef aTxn, CFDataRef backupKey, CFErrorRef *error) { SOSAccountRef account = aTxn->account; @@ -593,4 +584,3 @@ bool SOSAccountIsLastBackupPeer(SOSAccountRef account, CFErrorRef *error) { errOut: return retval; } - diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountCircles.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountCircles.c index 24e0089a..04afbfb8 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountCircles.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountCircles.c @@ -4,6 +4,7 @@ // #include "SOSAccountPriv.h" +#include #include #include #include @@ -142,3 +143,16 @@ fail: return success; } +CFSetRef SOSAccountCopyPeerSetMatching(SOSAccountRef account, bool (^action)(SOSPeerInfoRef peer)) { + CFMutableSetRef result = CFSetCreateMutableForSOSPeerInfosByID(kCFAllocatorDefault); + + if (account->trusted_circle) { + SOSCircleForEachPeer(account->trusted_circle, ^(SOSPeerInfoRef peer) { + if (action(peer)) { + CFSetAddValue(result, peer); + } + }); + } + + return result; +} diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountCredentials.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountCredentials.c index b7793230..3efa2412 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountCredentials.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountCredentials.c @@ -27,6 +27,8 @@ #include "SOSPeerInfoCollections.h" #include "SOSTransport.h" +#define kPublicKeyNotAvailable "com.apple.security.publickeynotavailable" + // // MARK: User Credential management // @@ -171,6 +173,7 @@ void SOSAccountSetUnTrustedUserPublicKey(SOSAccountRef account, SecKeyRef public } secnotice("keygen", "not trusting new public key: %@", account->user_public); + notify_post(kPublicKeyNotAvailable); } @@ -247,9 +250,12 @@ bool SOSAccountHasPublicKey(SOSAccountRef account, CFErrorRef* error) } static void sosAccountSetTrustedCredentials(SOSAccountRef account, CFDataRef user_password, SecKeyRef user_private, bool public_was_trusted) { - if(!SOSAccountFullPeerInfoVerify(account, user_private, NULL)) (void) SOSAccountPeerSignatureUpdate(account, user_private, NULL); + if(!SOSAccountFullPeerInfoVerify(account, user_private, NULL)) { + (void) SOSAccountPeerSignatureUpdate(account, user_private, NULL); + } SOSAccountSetTrustedUserPublicKey(account, public_was_trusted, user_private); SOSAccountSetPrivateCredential(account, user_private, user_password); + SOSAccountCheckForAlwaysOnViews(account); } static SecKeyRef sosAccountCreateKeyIfPasswordIsCorrect(SOSAccountRef account, CFDataRef user_password, CFErrorRef *error) { @@ -329,7 +335,16 @@ bool SOSAccountTryUserCredentials(SOSAccountRef account, CFStringRef user_accoun bool SOSAccountRetryUserCredentials(SOSAccountRef account) { CFDataRef cachedPassword = SOSAccountGetCachedPassword(account, NULL); - return (cachedPassword != NULL) && SOSAccountTryUserCredentials(account, NULL, cachedPassword, NULL); + if (cachedPassword == NULL) + return false; + /* + * SOSAccountTryUserCredentials reset the cached password internally, + * so we must have a retain of the password over SOSAccountTryUserCredentials(). + */ + CFRetain(cachedPassword); + bool res = SOSAccountTryUserCredentials(account, NULL, cachedPassword, NULL); + CFRelease(cachedPassword); + return res; } diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountFullPeerInfo.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountFullPeerInfo.c index c850705e..ee42fe36 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountFullPeerInfo.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountFullPeerInfo.c @@ -26,10 +26,9 @@ #include "SOSAccountPriv.h" #include "SOSInternal.h" #include "SOSViews.h" +#include "SOSPeerInfoV2.h" static CFStringRef kicloud_identity_name = CFSTR("Cloud Identity"); -#define kSecServerPeerInfoAvailable "com.apple.security.fpiAvailable" - SecKeyRef SOSAccountCopyDeviceKey(SOSAccountRef account, CFErrorRef *error) { SecKeyRef privateKey = NULL; @@ -105,6 +104,8 @@ bool SOSAccountEnsureFullPeerAvailable(SOSAccountRef account, CFErrorRef * error CFReleaseNull(account->my_identity); account->my_identity = SOSFullPeerInfoCreateWithViews(kCFAllocatorDefault, account->gestalt, account->backup_key, initialViews, full_key, error); + CFDictionaryRef v2dictionaryTestUpdates = SOSAccountGetValue(account, kSOSTestV2Settings, NULL); + if(v2dictionaryTestUpdates) SOSFullPeerInfoUpdateV2Dictionary(account->my_identity, v2dictionaryTestUpdates, NULL); CFReleaseNull(initialViews); CFReleaseNull(full_key); @@ -118,7 +119,7 @@ bool SOSAccountEnsureFullPeerAvailable(SOSAccountRef account, CFErrorRef * error secerror("Can't make FullPeerInfo for %@-%@ (%@) - is AKS ok?", SOSPeerGestaltGetName(account->gestalt), SOSCircleGetName(account->trusted_circle), error ? (void*)*error : (void*)CFSTR("-")); } else{ - secnotice("fpi", "alert IDSKeychainSyncingProxy the fpi is available"); + secnotice("fpi", "alert KeychainSyncingOverIDSProxy the fpi is available"); notify_post(kSecServerPeerInfoAvailable); if(account->deviceID) SOSFullPeerInfoUpdateDeviceID(account->my_identity, account->deviceID, error); @@ -164,6 +165,9 @@ SOSPeerInfoRef SOSAccountGetMyPeerInfo(SOSAccountRef account) { return SOSFullPeerInfoGetPeerInfo(SOSAccountGetMyFullPeerInfo(account)); } +CFStringRef SOSAccountGetMyPeerID(SOSAccountRef a) { + return SOSPeerInfoGetPeerID(SOSAccountGetMyPeerInfo(a)); +} SOSFullPeerInfoRef SOSAccountGetMyFullPeerInfo(SOSAccountRef account) { return account->trusted_circle ? account->my_identity : NULL; diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountGetSet.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountGetSet.c new file mode 100644 index 00000000..397b5051 --- /dev/null +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountGetSet.c @@ -0,0 +1,105 @@ +// +// SOSAccountGetSet.c +// Security +// +// + +#include "SOSAccountPriv.h" + +#include + +// +// MARK: Generic Value manipulation +// + +static inline bool SOSAccountEnsureExpansion(SOSAccountRef account, CFErrorRef *error) { + if (!account->expansion) { + account->expansion = CFDictionaryCreateMutableForCFTypes(NULL); + } + + return SecAllocationError(account->expansion, error, CFSTR("Can't Alloc Account Expansion dictionary")); +} + +bool SOSAccountClearValue(SOSAccountRef account, CFStringRef key, CFErrorRef *error) { + bool success = SOSAccountEnsureExpansion(account, error); + require_quiet(success, errOut); + + CFDictionaryRemoveValue(account->expansion, key); +errOut: + return success; +} + +bool SOSAccountSetValue(SOSAccountRef account, CFStringRef key, CFTypeRef value, CFErrorRef *error) { + if (value == NULL) return SOSAccountClearValue(account, key, error); + + bool success = SOSAccountEnsureExpansion(account, error); + require_quiet(success, errOut); + + CFDictionarySetValue(account->expansion, key, value); +errOut: + return success; +} + +CFTypeRef SOSAccountGetValue(SOSAccountRef account, CFStringRef key, CFErrorRef *error) { + if (!account->expansion) { + return NULL; + } + return CFDictionaryGetValue(account->expansion, key); +} + + +// +// MARK: Value as Set manipulation +// +bool SOSAccountValueSetContainsValue(SOSAccountRef account, CFStringRef key, CFTypeRef value); +void SOSAccountValueUnionWith(SOSAccountRef account, CFStringRef key, CFSetRef valuesToUnion); +void SOSAccountValueSubtractFrom(SOSAccountRef account, CFStringRef key, CFSetRef valuesToSubtract); + +bool SOSAccountValueSetContainsValue(SOSAccountRef account, CFStringRef key, CFTypeRef value) { + CFSetRef foundSet = asSet(SOSAccountGetValue(account, key, NULL), NULL); + return foundSet && CFSetContainsValue(foundSet, value); +} + +void SOSAccountValueUnionWith(SOSAccountRef account, CFStringRef key, CFSetRef valuesToUnion) { + CFMutableSetRef unionedSet = CFSetCreateMutableCopy(kCFAllocatorDefault, 0, valuesToUnion); + CFSetRef foundSet = asSet(SOSAccountGetValue(account, key, NULL), NULL); + if (foundSet) { + CFSetUnion(unionedSet, foundSet); + } + SOSAccountSetValue(account, key, unionedSet, NULL); + CFReleaseNull(unionedSet); +} + +void SOSAccountValueSubtractFrom(SOSAccountRef account, CFStringRef key, CFSetRef valuesToSubtract) { + CFSetRef foundSet = asSet(SOSAccountGetValue(account, key, NULL), NULL); + if (foundSet) { + CFMutableSetRef subtractedSet = CFSetCreateMutableCopy(kCFAllocatorDefault, 0, foundSet); + CFSetSubtract(subtractedSet, valuesToSubtract); + SOSAccountSetValue(account, key, subtractedSet, NULL); + CFReleaseNull(subtractedSet); + } +} + +// +// MARK: UUID +CFStringRef SOSAccountCopyUUID(SOSAccountRef account) { + CFStringRef uuid = CFRetainSafe(asString(SOSAccountGetValue(account, kSOSAccountUUID, NULL), NULL)); + if (uuid == NULL) { + CFUUIDRef newID = CFUUIDCreate(kCFAllocatorDefault); + uuid = CFUUIDCreateString(kCFAllocatorDefault, newID); + + CFErrorRef setError = NULL; + if (!SOSAccountSetValue(account, kSOSAccountUUID, uuid, &setError)) { + secerror("Failed to set UUID: %@ (%@)", uuid, setError); + } + CFReleaseNull(setError); + CFReleaseNull(newID); + } + return uuid; +} + +void SOSAccountEnsureUUID(SOSAccountRef account) { + CFStringRef uuid = SOSAccountCopyUUID(account); + CFReleaseNull(uuid); +} + diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountGhost.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountGhost.c new file mode 100644 index 00000000..bfcce031 --- /dev/null +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountGhost.c @@ -0,0 +1,149 @@ +// +// SOSAccountGhost.c +// sec +// +// Created by Richard Murphy on 4/12/16. +// +// + +#include "SOSAccountPriv.h" +#include "SOSAccountGhost.h" +#include +#include +#include +#include +#include +#include + +#define DETECT_IOS_ONLY 1 + +static bool sosGhostCheckValid(SOSPeerInfoRef pi) { +#if DETECT_IOS_ONLY + bool retval = false; + require_quiet(pi, retOut); + SOSPeerInfoDeviceClass peerClass = SOSPeerInfoGetClass(pi); + switch(peerClass) { + case SOSPeerInfo_iOS: + case SOSPeerInfo_tvOS: + case SOSPeerInfo_watchOS: + retval = true; + break; + case SOSPeerInfo_macOS: + case SOSPeerInfo_iCloud: + case SOSPeerInfo_unknown: + default: + retval = false; + break; + } +retOut: + return retval; +#else + return true; +#endif +} + +static CFSetRef SOSCircleCreateGhostsOfPeerSet(SOSCircleRef circle, SOSPeerInfoRef me) { + CFMutableSetRef ghosts = NULL; + require_quiet(me, errOut); + require_quiet(sosGhostCheckValid(me), errOut); + require_quiet(circle, errOut); + require_quiet(SOSPeerInfoSerialNumberIsSet(me), errOut); + CFStringRef mySerial = SOSPeerInfoCopySerialNumber(me); + require_quiet(mySerial, errOut); + CFStringRef myPeerID = SOSPeerInfoGetPeerID(me); + ghosts = CFSetCreateMutableForCFTypes(kCFAllocatorDefault); + require_quiet(ghosts, errOut1); + SOSCircleForEachPeer(circle, ^(SOSPeerInfoRef pi) { + CFStringRef theirPeerID = SOSPeerInfoGetPeerID(pi); + if(!CFEqual(myPeerID, theirPeerID)) { + CFStringRef piSerial = SOSPeerInfoCopySerialNumber(pi); + if(CFEqualSafe(mySerial, piSerial)) { + CFSetAddValue(ghosts, theirPeerID); + } + CFReleaseNull(piSerial); + } + }); +errOut1: + CFReleaseNull(mySerial); +errOut: + return ghosts; + +} + +static CFSetRef SOSTrustedCircleCreateGhostsOfPeerSet(SOSAccountRef account, SOSPeerInfoRef pi) { + return (account) ? SOSCircleCreateGhostsOfPeerSet(SOSAccountGetCircle(account, NULL), pi): NULL; +} + +static CFSetRef SOSTrustedCircleCopyGhostSet(SOSAccountRef account) { + CFSetRef ghosts = NULL; + require_quiet(account, errOut); + SOSPeerInfoRef me = SOSAccountGetMyPeerInfo(account); + require_quiet(me, errOut); + require_quiet(sosGhostCheckValid(me), errOut); + ghosts = SOSTrustedCircleCreateGhostsOfPeerSet(account, me); +errOut: + return ghosts; + +} + +static CFIndex SOSTrustedCircleGhostSetCount(SOSAccountRef account) { + CFIndex retval = 0; + CFSetRef ghosts = SOSTrustedCircleCopyGhostSet(account); + require_quiet(ghosts, retOut); + retval = CFSetGetCount(ghosts); + CFReleaseNull(ghosts); +retOut: + return retval; +} + +bool SOSAccountTrustedCircleHasNoGhostOfMe(SOSAccountRef account) { + return SOSTrustedCircleGhostSetCount(account) == 0; +} + +bool SOSAccountGhostResultsInReset(SOSAccountRef account) { + return SOSTrustedCircleGhostSetCount(account) == SOSCircleCountActivePeers(SOSAccountGetCircle(account, NULL)); +} + + +// This only works if you're in the circle and have the private key + +SOSCircleRef SOSAccountCloneCircleWithoutMyGhosts(SOSAccountRef account, SOSCircleRef startCircle) { + SOSCircleRef newCircle = NULL; + CFSetRef ghosts = NULL; + require_quiet(account, retOut); + SecKeyRef userPrivKey = SOSAccountGetPrivateCredential(account, NULL); + require_quiet(userPrivKey, retOut); + SOSFullPeerInfoRef meFull = SOSAccountGetMyFullPeerInfo(account); + require_quiet(meFull, retOut); + SOSPeerInfoRef me = SOSFullPeerInfoGetPeerInfo(meFull); + require_quiet(me, retOut); + bool iAmApplicant = SOSCircleHasApplicant(startCircle, me, NULL); + + ghosts = SOSCircleCreateGhostsOfPeerSet(startCircle, me); + require_quiet(ghosts, retOut); + require_quiet(CFSetGetCount(ghosts), retOut); + + CFStringSetPerformWithDescription(ghosts, ^(CFStringRef description) { + secnotice("ghostbust", "Removing peers: %@", description); + }); + + newCircle = SOSCircleCopyCircle(kCFAllocatorDefault, startCircle, NULL); + require_quiet(newCircle, retOut); + if(iAmApplicant) { + if(SOSCircleRemovePeersByIDUnsigned(newCircle, ghosts) && (SOSCircleCountPeers(newCircle) == 0)) { + secnotice("resetToOffering", "Reset to offering with last ghost and me as applicant"); + if(!SOSCircleResetToOffering(newCircle, userPrivKey, meFull, NULL) || + !SOSAccountAddiCloudIdentity(account, newCircle, userPrivKey, NULL)) { + CFReleaseNull(newCircle); + } + } else { + CFReleaseNull(newCircle); + } + } else { + SOSCircleRemovePeersByID(newCircle, userPrivKey, meFull, ghosts, NULL); + } +retOut: + CFReleaseNull(ghosts); + return newCircle; +} + diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountGhost.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountGhost.h new file mode 100644 index 00000000..049c11a7 --- /dev/null +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountGhost.h @@ -0,0 +1,18 @@ +// +// SOSAccountGhost.h +// sec +// +// Created by Richard Murphy on 4/12/16. +// +// + +#ifndef SOSAccountGhost_h +#define SOSAccountGhost_h + +#include "SOSAccount.h" + +bool SOSAccountTrustedCircleHasNoGhostOfMe(SOSAccountRef account); +bool SOSAccountGhostResultsInReset(SOSAccountRef account); +SOSCircleRef SOSAccountCloneCircleWithoutMyGhosts(SOSAccountRef account, SOSCircleRef startCircle); + +#endif /* SOSAccountGhost_h */ diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPeers.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPeers.c index 618f2757..eefec614 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPeers.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPeers.c @@ -34,11 +34,6 @@ bool SOSAccountIsMyPeerActive(SOSAccountRef account, CFErrorRef* error) { return me ? SOSCircleHasActivePeer(account->trusted_circle, me, error) : false; } -SOSTransportMessageRef SOSAccountGetMessageTransportFor(SOSAccountRef account, SOSPeerInfoRef peerInfo) { - // Returns the transport to use to talk to that peer. if he's a member of the circle. - return (SOSPeerInfoHasDeviceID(peerInfo) && (false)) ? account->ids_message_transport : account->kvs_message_transport; -} - // // MARK: Peer Querying // diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPersistence.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPersistence.c index 9854611e..c0b7ea45 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPersistence.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPersistence.c @@ -41,9 +41,6 @@ #include #include -#include "SOSAccountPriv.h" -#define kSecServerPeerInfoAvailable "com.apple.security.fpiAvailable" - static SOSAccountRef SOSAccountCreateFromRemainingDER_v6(CFAllocatorRef allocator, SOSDataSourceFactoryRef factory, @@ -325,20 +322,7 @@ SOSAccountRef SOSAccountCreateFromDER(CFAllocatorRef allocator, SOSPeerInfoRef myPI = SOSAccountGetMyPeerInfo(account); if (myPI) { - if(SOSAccountHasCompletedInitialSync(account)) { - CFMutableSetRef viewsToEnsure = SOSViewCopyViewSet(kViewSetAlwaysOn); - - // Previous version PeerInfo if we were syncing legacy keychain, ensure we include those legacy views. - if(!SOSPeerInfoVersionIsCurrent(myPI) && SOSAccountIsInCircle(account, NULL)) { - CFSetRef V0toAdd = SOSViewCopyViewSet(kViewSetV0); - CFSetUnion(viewsToEnsure, V0toAdd); - CFReleaseNull(V0toAdd); - } - - SOSAccountUpdateFullPeerInfo(account, viewsToEnsure, SOSViewsGetV0ViewSet()); // We don't permit V0 view proper, only sub-views - CFReleaseNull(viewsToEnsure); - } - + SOSAccountCheckForAlwaysOnViews(account); SOSPeerInfoRef oldPI = myPI; // if UpdateFullPeerInfo did something - we need to make sure we have the right Ref myPI = SOSAccountGetMyPeerInfo(account); @@ -350,10 +334,14 @@ SOSAccountRef SOSAccountCreateFromDER(CFAllocatorRef allocator, CFReleaseNull(transportTypeInflatedFromDER); } + SOSAccountEnsureRecoveryRing(account); + SOSAccountWithTransactionSync(account, ^(SOSAccountRef account, SOSAccountTransactionRef txn) { account->key_interests_need_updating = true; }); + SOSAccountEnsureUUID(account); + result = CFRetainSafe(account); errOut: diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPriv.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPriv.h index e5fce352..9cff709c 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPriv.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPriv.h @@ -44,6 +44,7 @@ #include +extern const CFStringRef kSOSRecoveryRing; struct __OpaqueSOSAccount { CFRuntimeBase _base; @@ -97,6 +98,7 @@ struct __OpaqueSOSAccount { SOSAccountSaveBlock saveBlock; }; extern const CFStringRef kSOSEscrowRecord; +extern const CFStringRef kSOSTestV2Settings; SOSAccountRef SOSAccountCreateBasic(CFAllocatorRef allocator, CFDictionaryRef gestalt, @@ -108,7 +110,17 @@ void SOSAccountSetToNew(SOSAccountRef a); bool SOSAccountIsMyPeerActive(SOSAccountRef account, CFErrorRef* error); -SOSTransportMessageRef SOSAccountGetMessageTransportFor(SOSAccountRef account, SOSPeerInfoRef peerInfo); +// MARK: Notifications + +#define kSecServerPeerInfoAvailable "com.apple.security.fpiAvailable" + + +// MARK: Getters and Setters + +// UUID, no setter just getter and ensuring value. +void SOSAccountEnsureUUID(SOSAccountRef account); +CFStringRef SOSAccountCopyUUID(SOSAccountRef account); + // MARK: Transactional @@ -132,6 +144,8 @@ void SOSAccountUpdateOutOfSyncViews(SOSAccountTransactionRef aTxn, CFSetRef view void SOSAccountEnsureSyncChecking(SOSAccountRef account); void SOSAccountCancelSyncChecking(SOSAccountRef account); +bool SOSAccountCheckForAlwaysOnViews(SOSAccountRef account); + CFMutableSetRef SOSAccountCopyOutstandingViews(SOSAccountRef account); CFMutableSetRef SOSAccountCopyIntersectionWithOustanding(SOSAccountRef account, CFSetRef inSet); bool SOSAccountIntersectsWithOutstanding(SOSAccountRef account, CFSetRef views); @@ -214,7 +228,7 @@ void SOSAccountForEachBackupView(SOSAccountRef account, void (^operation)(const bool SOSAccountUpdatePeerInfo(SOSAccountRef account, CFStringRef updateDescription, CFErrorRef *error, bool (^update)(SOSFullPeerInfoRef fpi, CFErrorRef *error)); // Currently permitted backup rings. -void SOSAccountForEachBackupRingName(SOSAccountRef account, void (^operation)(CFStringRef value)); +void SOSAccountForEachRingName(SOSAccountRef account, void (^operation)(CFStringRef value)); // My Circle bool SOSAccountHasCircle(SOSAccountRef account, CFErrorRef* error); @@ -226,6 +240,7 @@ bool SOSAccountUpdateCircle(SOSAccountRef account, SOSCircleRef newCircle, CFErr bool SOSAccountModifyCircle(SOSAccountRef account, CFErrorRef* error, bool (^action)(SOSCircleRef circle)); +CFSetRef SOSAccountCopyPeerSetMatching(SOSAccountRef account, bool (^action)(SOSPeerInfoRef peer)); void AppendCircleKeyName(CFMutableArrayRef array, CFStringRef name); @@ -316,6 +331,8 @@ extern const CFStringRef SOSTransportMessageTypeKVS; extern const CFStringRef kSOSUnsyncedViewsKey; extern const CFStringRef kSOSPendingEnableViewsToBeSetKey; extern const CFStringRef kSOSPendingDisableViewsToBeSetKey; +extern const CFStringRef kSOSRecoveryKey; +extern const CFStringRef kSOSAccountUUID; typedef enum{ kSOSTransportNone = 0, @@ -327,10 +344,17 @@ typedef enum{ SOSPeerInfoRef SOSAccountCopyPeerWithID(SOSAccountRef account, CFStringRef peerid, CFErrorRef *error); +// MARK: Value setting/clearing bool SOSAccountSetValue(SOSAccountRef account, CFStringRef key, CFTypeRef value, CFErrorRef *error); bool SOSAccountClearValue(SOSAccountRef account, CFStringRef key, CFErrorRef *error); CFTypeRef SOSAccountGetValue(SOSAccountRef account, CFStringRef key, CFErrorRef *error); +// MARK: Value as Set +bool SOSAccountValueSetContainsValue(SOSAccountRef account, CFStringRef key, CFTypeRef value); +void SOSAccountValueUnionWith(SOSAccountRef account, CFStringRef key, CFSetRef valuesToUnion); +void SOSAccountValueSubtractFrom(SOSAccountRef account, CFStringRef key, CFSetRef valuesToSubtract); + + bool SOSAccountAddEscrowToPeerInfo(SOSAccountRef account, SOSFullPeerInfoRef myPeer, CFErrorRef *error); bool SOSAccountAddEscrowRecords(SOSAccountRef account, CFStringRef dsid, CFDictionaryRef record, CFErrorRef *error); bool SOSAccountCheckForRings(SOSAccountRef a, CFErrorRef *error); @@ -351,6 +375,9 @@ bool SOSAccountRemoveBackupPeers(SOSAccountRef account, CFArrayRef peerIDs, CFEr bool SOSAccountResetRing(SOSAccountRef account, CFStringRef ringName, CFErrorRef *error); bool SOSAccountResetAllRings(SOSAccountRef account, CFErrorRef *error); bool SOSAccountCheckPeerAvailability(SOSAccountRef account, CFErrorRef *error); +bool SOSAccountUpdateNamedRing(SOSAccountRef account, CFStringRef ringName, CFErrorRef *error, + SOSRingRef (^create)(CFStringRef ringName, CFErrorRef *error), + SOSRingRef (^copyModified)(SOSRingRef existing, CFErrorRef *error)); // // MARK: Backup translation functions @@ -369,4 +396,5 @@ bool SOSAccountDeleteEngineStateFromKeychain(CFErrorRef *error); bool SOSAccountIsNew(SOSAccountRef account, CFErrorRef *error); + #endif diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountRecovery.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountRecovery.c new file mode 100644 index 00000000..1d6cf242 --- /dev/null +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountRecovery.c @@ -0,0 +1,236 @@ +/* + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +// +// SOSAccountRecovery.c +// Security +// + +#include +#include "SOSAccountPriv.h" +#include "SOSCloudKeychainClient.h" + +// #include +#include +#include + +#include "SOSInternal.h" +#include "SecADWrapper.h" + + + +#include +#include + +CFStringRef kRecoveryRingKey = CFSTR("recoveryKeyBag"); + +bool SOSAccountSetRecoveryKeyBagEntry(CFAllocatorRef allocator, SOSAccountRef account, SOSRecoveryKeyBagRef rkbg, CFErrorRef *error) { + CFDataRef rkbg_as_data = NULL; + bool result = false; + rkbg_as_data = SOSRecoveryKeyBagCopyEncoded(rkbg, error); + result = rkbg_as_data && SOSAccountSetValue(account, kRecoveryRingKey, rkbg_as_data, error); + CFReleaseNull(rkbg_as_data); + return result; +} + +SOSRecoveryKeyBagRef SOSAccountCopyRecoveryKeyBagEntry(CFAllocatorRef allocator, SOSAccountRef account, CFErrorRef *error) { + SOSRecoveryKeyBagRef retval = NULL; + CFDataRef rkbg_as_data = asData(SOSAccountGetValue(account, kRecoveryRingKey, error), error); + require_quiet(rkbg_as_data, errOut); + retval = SOSRecoveryKeyBagCreateFromData(allocator, rkbg_as_data, error); +errOut: + return retval; +} + +SOSRecoveryKeyBagRef SOSAccountCopyRecoveryKeyBag(CFAllocatorRef allocator, SOSAccountRef account, CFErrorRef *error) { + SOSRingRef recRing = NULL; + SOSRecoveryKeyBagRef rkbg = NULL; + require_action_quiet(account, errOut, SOSCreateError(kSOSErrorParam, CFSTR("No Account Object"), NULL, error)); + recRing = SOSAccountCopyRingNamed(account, kSOSRecoveryRing, error); + require_quiet(recRing, errOut); + rkbg = SOSRingCopyRecoveryKeyBag(recRing, error); +errOut: + CFReleaseNull(recRing); + return rkbg; +} + +CFDataRef SOSAccountCopyRecoveryPublic(CFAllocatorRef allocator, SOSAccountRef account, CFErrorRef *error) { + SOSRecoveryKeyBagRef rkbg = SOSAccountCopyRecoveryKeyBag(allocator, account, error); + CFDataRef recKey = NULL; + require_quiet(rkbg, errOut); + CFDataRef tmpKey = SOSRecoveryKeyBagGetKeyData(rkbg, error); + if(tmpKey) recKey = CFDataCreateCopy(kCFAllocatorDefault, tmpKey); +errOut: + CFReleaseNull(rkbg); + return recKey; +} + +static bool SOSAccountUpdateRecoveryRing(SOSAccountRef account, CFErrorRef *error, + SOSRingRef (^modify)(SOSRingRef existing, CFErrorRef *error)) { + bool result = SOSAccountUpdateNamedRing(account, kSOSRecoveryRing, error, ^SOSRingRef(CFStringRef ringName, CFErrorRef *error) { + return SOSRingCreate(ringName, SOSAccountGetMyPeerID(account), kSOSRingRecovery, error); + }, modify); + + return result; +} + +static bool SOSAccountSetKeybagForRecoveryRing(SOSAccountRef account, SOSRecoveryKeyBagRef keyBag, CFErrorRef *error) { + bool result = SOSAccountUpdateRecoveryRing(account, error, ^SOSRingRef(SOSRingRef existing, CFErrorRef *error) { + SOSRingRef newRing = NULL; + CFSetRef peerSet = SOSAccountCopyPeerSetMatching(account, ^bool(SOSPeerInfoRef peer) { + return true; + }); + CFMutableSetRef cleared = CFSetCreateMutableForCFTypes(NULL); + + SOSRingSetPeerIDs(existing, cleared); + SOSRingAddAll(existing, peerSet); + + require_quiet(SOSRingSetRecoveryKeyBag(existing, SOSAccountGetMyFullPeerInfo(account), keyBag, error), exit); + + newRing = CFRetainSafe(existing); + exit: + CFReleaseNull(cleared); + return newRing; + }); + + SOSClearErrorIfTrue(result, error); + + if (!result) { + secnotice("recovery", "Got error setting keybag for recovery : %@", error ? (CFTypeRef) *error : (CFTypeRef) CFSTR("No error space.")); + } + return result; +} + + +bool SOSAccountRemoveRecoveryKey(SOSAccountRef account, CFErrorRef *error) { + bool result = SOSAccountSetKeybagForRecoveryRing(account, NULL, error); + SOSAccountSetRecoveryKeyBagEntry(kCFAllocatorDefault, account, NULL, NULL); + account->circle_rings_retirements_need_attention = true; + return result; +} + +bool SOSAccountSetRecoveryKey(SOSAccountRef account, CFDataRef pubData, CFErrorRef *error) { + __block bool result = false; + CFDataRef oldRecoveryKey = NULL; + SOSRecoveryKeyBagRef rkbg = NULL; + + require_quiet(SOSAccountIsInCircle(account, error), exit); + oldRecoveryKey = SOSAccountCopyRecoveryPublic(kCFAllocatorDefault, account, NULL); // ok to fail here. don't collect error + require_action_quiet(!CFEqualSafe(pubData, oldRecoveryKey), exit, result = true); + + CFDataPerformWithHexString(pubData, ^(CFStringRef recoveryKeyString) { + CFDataPerformWithHexString(oldRecoveryKey, ^(CFStringRef oldRecoveryKeyString) { + secnotice("recovery", "SetRecoveryPublic: %@ from %@", recoveryKeyString, oldRecoveryKeyString); + }); + }); + + rkbg = SOSRecoveryKeyBagCreateForAccount(kCFAllocatorDefault, account, pubData, error); + require_quiet(rkbg, exit); + + result = SOSAccountSetKeybagForRecoveryRing(account, rkbg, error); + SOSAccountSetRecoveryKeyBagEntry(kCFAllocatorDefault, account, rkbg, NULL); + + account->circle_rings_retirements_need_attention = true; + +exit: + CFReleaseNull(oldRecoveryKey); + CFReleaseNull(rkbg); + SOSClearErrorIfTrue(result, error); + if (!result) { + secnotice("recovery", "SetRecoveryPublic Failed: %@", error ? (CFTypeRef) *error : (CFTypeRef) CFSTR("No error space")); + } + return result; +} + +bool SOSAccountRecoveryKeyIsInBackupAndCurrentInView(SOSAccountRef account, CFStringRef viewname) { + bool result = false; + CFErrorRef bsError = NULL; + CFDataRef backupSliceData = NULL; + SOSRingRef ring = NULL; + SOSBackupSliceKeyBagRef backupSlice = NULL; + + CFDataRef rkbg = SOSAccountCopyRecoveryPublic(kCFAllocatorDefault, account, NULL); + require_quiet(rkbg, errOut); + + CFStringRef ringName = SOSBackupCopyRingNameForView(viewname); + ring = SOSAccountCopyRing(account, ringName, &bsError); + CFReleaseNull(ringName); + + require_quiet(ring, errOut); + + //grab the backup slice from the ring + backupSliceData = SOSRingGetPayload(ring, &bsError); + require_quiet(backupSliceData, errOut); + + backupSlice = SOSBackupSliceKeyBagCreateFromData(kCFAllocatorDefault, backupSliceData, &bsError); + require_quiet(backupSlice, errOut); + + result = SOSBKSBPrefixedKeyIsInKeyBag(backupSlice, bskbRkbgPrefix, rkbg); + CFReleaseNull(backupSlice); +errOut: + CFReleaseNull(ring); + CFReleaseNull(rkbg); + + if (bsError) { + secnotice("backup", "Failed to find BKSB: %@, %@ (%@)", backupSliceData, backupSlice, bsError); + } + CFReleaseNull(bsError); + return result; + +} + +static void sosRecoveryAlertAndNotify(SOSAccountRef account, SOSRecoveryKeyBagRef oldRingRKBG, SOSRecoveryKeyBagRef ringRKBG) { + secnotice("recovery", "Recovery Key changed: old %@ new %@", oldRingRKBG, ringRKBG); + notify_post(kSOSCCRecoveryKeyChanged); +} + +void SOSAccountEnsureRecoveryRing(SOSAccountRef account) { + static SOSRecoveryKeyBagRef oldRingRKBG = NULL; + bool inCircle = SOSAccountIsInCircle(account, NULL); + CFStringRef accountDSID = SOSAccountGetValue(account, kSOSDSIDKey, NULL); // murfxxx this needs to be consulted still + SOSRecoveryKeyBagRef acctRKBG = SOSAccountCopyRecoveryKeyBagEntry(kCFAllocatorDefault, account, NULL); + SOSRecoveryKeyBagRef ringRKBG = SOSAccountCopyRecoveryKeyBag(kCFAllocatorDefault, account, NULL); + if(!SOSRecoveryKeyBagDSIDIs(ringRKBG, accountDSID)) CFReleaseNull(ringRKBG); + if(!SOSRecoveryKeyBagDSIDIs(acctRKBG, accountDSID)) CFReleaseNull(acctRKBG); + + if(inCircle && acctRKBG == NULL && ringRKBG == NULL) { + // Nothing to do at this time - notify if this is a change down below. + } else if(inCircle && acctRKBG == NULL) { // then we have a ringRKBG + secnotice("recovery", "Harvesting account recovery key from ring"); + SOSAccountSetRecoveryKeyBagEntry(kCFAllocatorDefault, account, ringRKBG, NULL); + } else if(ringRKBG == NULL) { + // Nothing to do at this time - notify if this is a change down below. + secnotice("recovery", "Account has a recovery key, but none found in recovery ring"); + } else if(!CFEqual(acctRKBG, ringRKBG)) { + secnotice("recovery", "Harvesting account recovery key from ring"); + SOSAccountSetRecoveryKeyBagEntry(kCFAllocatorDefault, account, ringRKBG, NULL); + } + + if(!CFEqualSafe(oldRingRKBG, ringRKBG)) { + sosRecoveryAlertAndNotify(account, oldRingRKBG, ringRKBG); + CFTransferRetained(oldRingRKBG, ringRKBG); + } + + CFReleaseNull(ringRKBG); + CFReleaseNull(acctRKBG); +} diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountRingUpdate.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountRingUpdate.c index cf3ac04b..0e6fe98c 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountRingUpdate.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountRingUpdate.c @@ -90,6 +90,11 @@ static bool SOSAccountBackupSliceKeyBagNeedsFix(SOSAccountRef account, SOSBackup CFReleaseNull(myBK); CFReleaseNull(meInBagBK); } + + CFDataRef rkbg = SOSAccountCopyRecoveryPublic(kCFAllocatorDefault, account, NULL); + if(rkbg) needsFix |= !SOSBKSBPrefixedKeyIsInKeyBag(bskb, bskbRkbgPrefix, rkbg); + else needsFix |= SOSBSKBHasRecoveryKey(bskb); // if we don't have a recovery key - the bskb shouldn't + CFReleaseNull(rkbg); return needsFix; } @@ -220,6 +225,7 @@ bool SOSAccountHandleUpdateRing(SOSAccountRef account, SOSRingRef prospectiveRin bool iWasInOldRing = peerID && SOSRingHasPeerID(oldRing, peerID); bool iAmInNewRing = peerID && SOSRingHasPeerID(newRing, peerID); bool ringIsBackup = SOSRingGetType(newRing) == kSOSRingBackup; + bool ringIsRecovery = SOSRingGetType(newRing) == kSOSRingRecovery; if (ringIsBackup && peerActive) { if (ringAction == accept || ringAction == countersign) { @@ -249,6 +255,11 @@ bool SOSAccountHandleUpdateRing(SOSAccountRef account, SOSRingRef prospectiveRin // Fall through to normal modify handling. } } + + if (ringIsRecovery && peerActive && (ringAction == modify)) { + SOSAccountSetRing(account, newRing, ringName, error); + } + if (ringAction == modify) { ringAction = ignore; diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountRings.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountRings.c index ff2e4ac5..6f75a8da 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountRings.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountRings.c @@ -196,16 +196,7 @@ SOSRingRef SOSAccountCopyRingNamed(SOSAccountRef a, CFStringRef ringName, CFErro return found; } -CFStringRef SOSAccountGetMyPeerID(SOSAccountRef a) { - SOSFullPeerInfoRef fpi = SOSAccountGetMyFullPeerInfo(a); - require_quiet(fpi, errOut); - SOSPeerInfoRef pi = SOSFullPeerInfoGetPeerInfo(fpi); - require_quiet(pi, errOut); - return SOSPeerInfoGetPeerID(pi); -errOut: - return NULL; -} - +/* Unused? */ SOSRingRef SOSAccountRingCreateForName(SOSAccountRef a, CFStringRef ringName, CFErrorRef *error) { ringDefPtr rdef = getRingDef(ringName); if(!rdef) return NULL; @@ -241,6 +232,8 @@ bool SOSAccountUpdateRing(SOSAccountRef account, SOSRingRef newRing, CFErrorRef return SOSAccountHandleUpdateRing(account, newRing, true, error); } + +/* Unused? */ bool SOSAccountModifyRing(SOSAccountRef account, CFStringRef ringName, CFErrorRef* error, bool (^action)(SOSRingRef ring)) { bool success = false; @@ -257,6 +250,7 @@ fail: return success; } +/* Unused? */ CFDataRef SOSAccountRingCopyPayload(SOSAccountRef account, CFStringRef ringName, CFErrorRef *error) { SOSRingRef ring = SOSAccountCopyRing(account, ringName, error); CFDataRef payload = SOSRingGetPayload(ring, error); @@ -265,6 +259,7 @@ CFDataRef SOSAccountRingCopyPayload(SOSAccountRef account, CFStringRef ringName, return retval; } +/* Unused? */ SOSRingRef SOSAccountRingCopyWithPayload(SOSAccountRef account, CFStringRef ringName, CFDataRef payload, CFErrorRef *error) { SOSRingRef ring = SOSAccountCopyRing(account, ringName, error); require_quiet(ring, errOut); @@ -309,3 +304,28 @@ errOut: return retval; } + +bool SOSAccountUpdateNamedRing(SOSAccountRef account, CFStringRef ringName, CFErrorRef *error, + SOSRingRef (^create)(CFStringRef ringName, CFErrorRef *error), + SOSRingRef (^copyModified)(SOSRingRef existing, CFErrorRef *error)) { + bool result = false; + SOSRingRef found = SOSAccountCopyRing(account, ringName, error); + SOSRingRef newRing = NULL; + if(!found) { + found = create(ringName, error); + } + require_quiet(found, errOut); + newRing = copyModified(found, error); + CFReleaseNull(found); + + require_quiet(newRing, errOut); + + result = SOSAccountHandleUpdateRing(account, newRing, true, error); + +errOut: + CFReleaseNull(found); + CFReleaseNull(newRing); + return result; +} + + diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountSync.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountSync.c new file mode 100644 index 00000000..e7907c79 --- /dev/null +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountSync.c @@ -0,0 +1,428 @@ + +#include "SOSAccountPriv.h" + +#include +#include +#include +#include +#include +#include +#include + +#include + +#include + +#include + +// MARK: Engine Logging +#define LOG_ENGINE_STATE_INTERVAL 20 + +static void SOSAccountConsiderLoggingEngineState(SOSAccountTransactionRef txn) { + static int engineLogCountDown = 0; + + if(engineLogCountDown <= 0) { + SOSEngineRef engine = SOSTransportMessageGetEngine(txn->account->kvs_message_transport); + + SOSEngineLogState(engine); + engineLogCountDown = LOG_ENGINE_STATE_INTERVAL; + } else { + engineLogCountDown--; + } +} + +static bool SOSAccountIsThisPeerIDMe(SOSAccountRef account, CFStringRef peerID) { + SOSPeerInfoRef mypi = SOSFullPeerInfoGetPeerInfo(account->my_identity); + CFStringRef myPeerID = SOSPeerInfoGetPeerID(mypi); + + return myPeerID && CFEqualSafe(myPeerID, peerID); +} + +bool SOSAccountSendIKSPSyncList(SOSAccountRef account, CFErrorRef *error){ + bool result = true; + __block CFErrorRef localError = NULL; + __block CFMutableArrayRef ids = NULL; + SOSCircleRef circle = NULL; + + require_action_quiet(SOSAccountIsInCircle(account, NULL), xit, + SOSCreateError(kSOSErrorNoCircle, CFSTR("This device is not in circle"), + NULL, &localError)); + + circle = SOSAccountGetCircle(account, error); + ids = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault); + + SOSCircleForEachValidPeer(circle, account->user_public, ^(SOSPeerInfoRef peer) { + if (!SOSAccountIsThisPeerIDMe(account, SOSPeerInfoGetPeerID(peer))) { + if(SOSPeerInfoShouldUseIDSTransport(SOSFullPeerInfoGetPeerInfo(account->my_identity), peer) && + SOSPeerInfoShouldUseIDSMessageFragmentation(SOSFullPeerInfoGetPeerInfo(account->my_identity), peer) && + !SOSPeerInfoShouldUseACKModel(SOSFullPeerInfoGetPeerInfo(account->my_identity), peer)){ + SOSTransportMessageIDSSetFragmentationPreference(account->ids_message_transport, kCFBooleanTrue); + CFStringRef deviceID = SOSPeerInfoCopyDeviceID(peer); + if(deviceID != NULL){ + CFArrayAppendValue(ids, deviceID); + } + CFReleaseNull(deviceID); + } + } + }); + require_quiet(CFArrayGetCount(ids) != 0, xit); + secnotice("IDS Transport", "List of IDS Peers to ping: %@", ids); + + SOSCloudKeychainGetIDSDeviceAvailability(ids, SOSAccountGetMyPeerID(account), dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^(CFDictionaryRef returnedValues, CFErrorRef sync_error) { + bool success = (sync_error == NULL); + if(!success) + secerror("Failed to send list of IDS peers to IDSKSP: %@", sync_error); + }); +xit: + if(error && *error != NULL) + secerror("SOSAccountSendIKSPSyncList had an error: %@", *error); + + if(localError) + secerror("SOSAccountSendIKSPSyncList had an error: %@", localError); + + CFReleaseNull(ids); + CFReleaseNull(localError); + + return result; +} +// +// MARK: KVS Syncing +// + +static bool SOSAccountSyncWithKVSPeers(SOSAccountTransactionRef txn, CFSetRef peerIDs, CFErrorRef *error) { + SOSAccountRef account = txn->account; + CFErrorRef localError = NULL; + bool result = false; + + require_quiet(SOSAccountIsInCircle(account, &localError), xit); + + result = SOSTransportMessageSyncWithPeers(account->kvs_message_transport, peerIDs, &localError); + + if (result) + SetCloudKeychainTraceValueForKey(kCloudKeychainNumberOfTimesSyncedWithPeers, 1); + +xit: + if (!result) { + // Tell account to update SOSEngine with current trusted peers + if (isSOSErrorCoded(localError, kSOSErrorPeerNotFound)) { + secnotice("Account", "Arming account to update SOSEngine with current trusted peers"); + account->engine_peer_state_needs_repair = true; + } + CFErrorPropagate(localError, error); + localError = NULL; + } + return result; + +} + +bool SOSAccountSyncWithKVSPeerWithMessage(SOSAccountTransactionRef txn, CFStringRef peerid, CFDataRef message, CFErrorRef *error) { + SOSAccountRef account = txn->account; + bool result = false; + CFErrorRef localError = NULL; + CFDictionaryRef encapsulatedMessage = NULL; + + secnotice("KVS Transport","Syncing with KVS capable peer: %@", peerid); + secnotice("KVS Transport", "message: %@", message); + + require_quiet(message, xit); + require_quiet(peerid, xit); + + encapsulatedMessage = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, peerid, message, NULL); + + result = SOSTransportMessageSendMessages(account->kvs_message_transport, encapsulatedMessage, &localError); + secerror("KVS sync %s. (%@)", result ? "succeeded" : "failed", localError); + + SOSAccountConsiderLoggingEngineState(txn); + +xit: + CFReleaseNull(encapsulatedMessage); + CFErrorPropagate(localError, error); + + return result; +} + + +static bool SOSAccountSyncWithKVSPeer(SOSAccountTransactionRef txn, CFStringRef peerID, CFErrorRef *error) +{ + bool result = false; + CFErrorRef localError = NULL; + + secnotice("KVS Transport","Syncing with KVS capable peer: %@", peerID); + + CFMutableSetRef peerIDs = CFSetCreateMutableForCFTypes(kCFAllocatorDefault); + CFSetAddValue(peerIDs, peerID); + + result = SOSAccountSyncWithKVSPeers(txn, peerIDs, &localError); + secerror("KVS sync %s. (%@)", result ? "succeeded" : "failed", localError); + + CFReleaseNull(peerIDs); + CFErrorPropagate(localError, error); + + return result; +} + + +static CFMutableArrayRef SOSAccountCopyPeerIDsForDSID(SOSAccountRef account, CFStringRef deviceID, CFErrorRef* error) { + CFMutableArrayRef peerIDs = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault); + + SOSCircleForEachValidPeer(account->trusted_circle, account->user_public, ^(SOSPeerInfoRef peer) { + CFStringRef peerDeviceID = SOSPeerInfoCopyDeviceID(peer); + if(peerDeviceID != NULL && CFStringCompare(peerDeviceID, deviceID, 0) == 0){ + CFArrayAppendValue(peerIDs, SOSPeerInfoGetPeerID(peer)); + } + CFReleaseNull(peerDeviceID); + }); + + if (peerIDs == NULL || CFArrayGetCount(peerIDs) == 0) { + CFReleaseNull(peerIDs); + SOSErrorCreate(kSOSErrorPeerNotFound, error, NULL, CFSTR("No peer with DSID: %@"), deviceID); + } + + return peerIDs; +} + +static bool SOSAccountSyncWithKVSPeerFromPing(SOSAccountRef account, CFArrayRef peerIDs, CFErrorRef *error) { + + CFErrorRef localError = NULL; + bool result = false; + + CFSetRef peerSet = CFSetCreateCopyOfArrayForCFTypes(peerIDs); + result = SOSTransportMessageSyncWithPeers(account->kvs_message_transport, peerSet, &localError); + + CFReleaseNull(peerSet); + + return result; +} + +bool SOSAccountSyncWithKVSUsingIDSID(SOSAccountRef account, CFStringRef deviceID, CFErrorRef *error) { + bool result = false; + CFErrorRef localError = NULL; + + secnotice("KVS Transport","Syncing with KVS capable peer via DSID: %@", deviceID); + + CFArrayRef peerIDs = SOSAccountCopyPeerIDsForDSID(account, deviceID, &localError); + require_quiet(peerIDs, xit); + + CFStringArrayPerfromWithDescription(peerIDs, ^(CFStringRef peerIDList) { + secnotice("KVS Transport", "Syncing with KVS capable peers: %@", peerIDList); + }); + + result = SOSAccountSyncWithKVSPeerFromPing(account, peerIDs, &localError); + secerror("KVS sync %s. (%@)", result ? "succeeded" : "failed", localError); + +xit: + CFReleaseNull(peerIDs); + CFErrorPropagate(localError, error); + + return result; +} + +static __nonnull CF_RETURNS_RETAINED CFSetRef SOSAccountSyncWithPeersOverKVS(SOSAccountTransactionRef txn, CFSetRef peers) { + CFMutableSetRef handled = CFSetCreateMutableForCFTypes(kCFAllocatorDefault); + + CFSetForEach(peers, ^(const void *value) { + CFStringRef peerID = asString(value, NULL); + CFErrorRef localError = NULL; + if (peerID && SOSAccountSyncWithKVSPeer(txn, peerID, &localError)) { + CFSetAddValue(handled, peerID); + secnotice("KVS Transport", "synced with peer: %@", peerID); + } else { + secnotice("KVS Transport", "failed to sync with peer: %@ error: %@", peerID, localError); + } + }); + + return handled; +} + +static __nonnull CF_RETURNS_RETAINED CFSetRef SOSAccountSyncWithPeersOverIDS(SOSAccountTransactionRef txn, __nonnull CFSetRef peers) { + CFErrorRef localError = NULL; + + CFStringSetPerformWithDescription(peers, ^(CFStringRef peerDescription) { + secnotice("IDS Transport","Syncing with IDS capable peers: %@", peerDescription); + }); + + // We should change this to return a set of peers we succeeded with, but for now assume they all worked. + bool result = SOSTransportMessageSyncWithPeers(txn->account->ids_message_transport, peers, &localError); + secnotice("IDS Transport", "IDS Sync result: %d", result); + + return CFRetainSafe(peers); +} + +static CF_RETURNS_RETAINED CFMutableSetRef SOSAccountSyncWithPeers(SOSAccountTransactionRef txn, CFSetRef /* CFStringRef */ peerIDs, CFErrorRef *error) { + CFMutableSetRef notMePeers = NULL; + CFMutableSetRef handledPeerIDs = NULL; + CFMutableSetRef peersForIDS = NULL; + CFMutableSetRef peersForKVS = NULL; + + SOSAccountRef account = txn->account; + + require_action_quiet(SOSAccountIsInCircle(account, error), done, + handledPeerIDs = CFSetCreateMutableCopy(kCFAllocatorDefault, 0, peerIDs)); + + // Kick getting our device ID if we don't have it, and find out if we're setup to use IDS. + bool canUseIDS = SOSTransportMessageIDSGetIDSDeviceID(account); + + handledPeerIDs = CFSetCreateMutableForCFTypes(kCFAllocatorDefault); + peersForIDS = CFSetCreateMutableForCFTypes(kCFAllocatorDefault); + peersForKVS = CFSetCreateMutableForCFTypes(kCFAllocatorDefault); + + SOSPeerInfoRef myPeerInfo = SOSAccountGetMyPeerInfo(account); + require(myPeerInfo, done); + + CFStringRef myPeerID = SOSPeerInfoGetPeerID(myPeerInfo); + + notMePeers = CFSetCreateMutableCopy(kCFAllocatorDefault, 0, peerIDs); + CFSetRemoveValue(notMePeers, myPeerID); + + if(!SOSAccountSendIKSPSyncList(account, error)){ + if(error != NULL) + secnotice("IDS Transport", "Did not send list of peers to ping (pre-E): %@", *error); + } + + CFSetForEach(notMePeers, ^(const void *value) { + CFErrorRef localError = NULL; + CFStringRef peerID = asString(value, &localError); + SOSPeerInfoRef peerInfo = NULL; + + require_quiet(peerID, skip); + + peerInfo = SOSCircleCopyPeerWithID(account->trusted_circle, peerID, NULL); + if (peerInfo && SOSCircleHasValidSyncingPeer(account->trusted_circle, peerInfo, account->user_public, NULL)) { + if (canUseIDS && SOSPeerInfoShouldUseIDSTransport(myPeerInfo, peerInfo) && SOSPeerInfoShouldUseACKModel(myPeerInfo, peerInfo)) { + CFSetAddValue(peersForIDS, peerID); + } else { + CFSetAddValue(peersForKVS, peerID); + } + } else { + CFSetAddValue(handledPeerIDs, peerID); + } + + skip: + CFReleaseNull(peerInfo); + if (localError) { + secnotice("sync-with-peers", "Skipped peer ID: %@ due to %@", peerID, localError); + } + CFReleaseNull(localError); + }); + + CFSetRef handledIDSPeerIDs = SOSAccountSyncWithPeersOverIDS(txn, peersForIDS); + CFSetUnion(handledPeerIDs, handledIDSPeerIDs); + CFReleaseNull(handledIDSPeerIDs); + + CFSetRef handledKVSPeerIDs = SOSAccountSyncWithPeersOverKVS(txn, peersForKVS); + CFSetUnion(handledPeerIDs, handledKVSPeerIDs); + CFReleaseNull(handledKVSPeerIDs); + + SOSAccountConsiderLoggingEngineState(txn); + +done: + CFReleaseNull(notMePeers); + CFReleaseNull(peersForIDS); + CFReleaseNull(peersForKVS); + return handledPeerIDs; +} + +bool SOSAccountClearPeerMessageKey(SOSAccountTransactionRef txn, CFStringRef peerID, CFErrorRef *error) +{ + SOSAccountRef account = txn->account; + + secnotice("IDS Transport", "clearing peer message for %@", peerID); + CFTypeRef dsid = SOSAccountGetValue(account, kSOSDSIDKey, error); + + if(dsid == NULL) + dsid = kCFNull; + + CFStringRef message_to_peer_key = SOSMessageKeyCreateFromTransportToPeer(account->kvs_message_transport, peerID); + CFDictionaryRef a_message_to_a_peer = CFDictionaryCreateForCFTypes(NULL, message_to_peer_key, kCFNull, kSOSKVSRequiredKey, dsid, NULL); + + CloudKeychainReplyBlock log_error = ^(CFDictionaryRef returnedValues __unused, CFErrorRef block_error) { + if (block_error) { + secerror("Error putting: %@", block_error); + } + }; + + SOSCloudKeychainPutObjectsInCloud(a_message_to_a_peer, dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), log_error); + + CFReleaseNull(a_message_to_a_peer); + CFReleaseNull(message_to_peer_key); + + return true; +} + +CF_RETURNS_RETAINED CFSetRef SOSAccountProcessSyncWithPeers(SOSAccountTransactionRef txn, CFSetRef /* CFStringRef */ peers, CFSetRef /* CFStringRef */ backupPeers, CFErrorRef *error) +{ + CFErrorRef localError = NULL; + CFMutableSetRef handled = SOSAccountSyncWithPeers(txn, peers, &localError); + + SOSTransportMessageIDSGetIDSDeviceID(txn->account); + + if (!handled) { + secnotice("account-sync", "Peer Sync failed: %@", localError); + handled = CFSetCreateMutableForCFTypes(kCFAllocatorDefault); + } + CFReleaseNull(localError); + + SOSEngineRef engine = SOSTransportMessageGetEngine(txn->account->kvs_message_transport); + CFSetRef engineHandled = SOSEngineSyncWithBackupPeers(engine, backupPeers, error); + + if (engineHandled) { + CFSetUnion(handled, engineHandled); + } else { + secnotice("account-sync", "Engine Backup Sync failed: %@", localError); + } + CFReleaseNull(localError); + CFReleaseNull(engineHandled); + + return handled; +} + +bool SOSAccountRequestSyncWithAllPeers(SOSAccountTransactionRef txn, CFErrorRef *error) +{ + bool success = false; + CFMutableSetRef allSyncingPeers = NULL; + + require_quiet(SOSAccountIsInCircle(txn->account, error), xit); + + SOSTransportMessageIDSGetIDSDeviceID(txn->account); + + allSyncingPeers = CFSetCreateMutableForCFTypes(kCFAllocatorDefault); + + SOSCircleForEachValidSyncingPeer(txn->account->trusted_circle, txn->account->user_public, ^(SOSPeerInfoRef peer) { + CFSetAddValue(allSyncingPeers, SOSPeerInfoGetPeerID(peer)); + }); + + SOSAccountTransactionAddSyncRequestForAllPeerIDs(txn, allSyncingPeers); + + success = true; + +xit: + CFReleaseNull(allSyncingPeers); + return success; +} + +// +// MARK: Syncing status functions +// +bool SOSAccountMessageFromPeerIsPending(SOSAccountTransactionRef txn, SOSPeerInfoRef peer, CFErrorRef *error) { + bool success = false; + require_quiet(SOSAccountIsInCircle(txn->account, error), xit); + + // This translation belongs inside KVS..way down in CKD, but for now we reach over and do it here. + CFStringRef peerMessage = SOSMessageKeyCreateFromPeerToTransport(txn->account->kvs_message_transport, SOSPeerInfoGetPeerID(peer)); + + success = SOSCloudKeychainHasPendingKey(peerMessage, error); + +xit: + return success; +} + +bool SOSAccountSendToPeerIsPending(SOSAccountTransactionRef txn, SOSPeerInfoRef peer, CFErrorRef *error) { + bool success = false; + require_quiet(SOSAccountIsInCircle(txn->account, error), xit); + + success = SOSCCIsSyncPendingFor(SOSPeerInfoGetPeerID(peer), error); +xit: + return success; + + +} diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountTransaction.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountTransaction.c index 7d891d59..cd074040 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountTransaction.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountTransaction.c @@ -27,6 +27,7 @@ static void SOSAccountTransactionDestroy(CFTypeRef aObj) { CFReleaseNull(at->account); CFReleaseNull(at->initialViews); CFReleaseNull(at->initialKeyParameters); + CFReleaseNull(at->peersToRequestSync); } static CFStringRef SOSAccountTransactionCopyFormatDescription(CFTypeRef aObj, CFDictionaryRef formatOptions) { @@ -62,6 +63,8 @@ static void SOSAccountTransactionRestart(SOSAccountTransactionRef txn) { CFAssignRetained(txn->initialViews, mpi ? SOSPeerInfoCopyEnabledViews(mpi) : NULL); CFRetainAssign(txn->initialID, SOSPeerInfoGetPeerID(mpi)); + + CFReleaseNull(txn->peersToRequestSync); CFStringSetPerformWithDescription(txn->initialViews, ^(CFStringRef description) { secnotice("acct-txn", "Starting as:%s v:%@", txn->initialInCircle ? "member" : "non-member", description); @@ -80,7 +83,8 @@ SOSAccountTransactionRef SOSAccountTransactionCreate(SOSAccountRef account) { at->initialTrusted = false; at->initialUnsyncedViews = NULL; at->initialID = NULL; - + at->peersToRequestSync = NULL; + SOSAccountTransactionRestart(at); return at; @@ -95,9 +99,14 @@ void SOSAccountTransactionFinish(SOSAccountTransactionRef txn) { SOSPeerInfoRef mpi = SOSAccountGetMyPeerInfo(txn->account); - bool inCircle = SOSAccountIsInCircle(txn->account, NULL); + bool isInCircle = SOSAccountIsInCircle(txn->account, NULL); + + if (isInCircle && txn->peersToRequestSync) { + SOSCCRequestSyncWithPeers(txn->peersToRequestSync); + } + CFReleaseNull(txn->peersToRequestSync); - if (inCircle) { + if (isInCircle) { SOSAccountEnsureSyncChecking(txn->account); } else { SOSAccountCancelSyncChecking(txn->account); @@ -137,6 +146,7 @@ void SOSAccountTransactionFinish(SOSAccountTransactionRef txn) { if(txn->account->circle_rings_retirements_need_attention){ SOSAccountRecordRetiredPeersInCircle(txn->account); + SOSAccountEnsureRecoveryRing(txn->account); SOSAccountEnsureInBackupRings(txn->account); CFErrorRef localError = NULL; @@ -162,8 +172,8 @@ void SOSAccountTransactionFinish(SOSAccountTransactionRef txn) { SOSAccountFlattenToSaveBlock(txn->account); - // Check for firing view membership change. On change of view membership or circle membership - bool isInCircle = SOSAccountIsInCircle(txn->account, NULL); + // Refresh isInCircle since we could have changed our mind + isInCircle = SOSAccountIsInCircle(txn->account, NULL); mpi = SOSAccountGetMyPeerInfo(txn->account); CFSetRef views = mpi ? SOSPeerInfoCopyEnabledViews(mpi) : NULL; @@ -197,3 +207,20 @@ void SOSAccountTransactionFinishAndRestart(SOSAccountTransactionRef txn) { SOSAccountTransactionRestart(txn); } +void SOSAccountTransactionAddSyncRequestForPeerID(SOSAccountTransactionRef txn, CFStringRef peerID) { + if (!txn->peersToRequestSync) { + txn->peersToRequestSync = CFSetCreateMutableForCFTypes(kCFAllocatorDefault); + } + + CFSetAddValue(txn->peersToRequestSync, peerID); +} + +void SOSAccountTransactionAddSyncRequestForAllPeerIDs(SOSAccountTransactionRef txn, CFSetRef /* CFStringRef */ peerIDs) { + if (!txn->peersToRequestSync) { + txn->peersToRequestSync = CFSetCreateMutableForCFTypes(kCFAllocatorDefault); + } + + CFSetUnion(txn->peersToRequestSync, peerIDs); +} + + diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountTransaction.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountTransaction.h index 87254a22..667e53be 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountTransaction.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountTransaction.h @@ -29,6 +29,8 @@ struct __OpaqueSOSAccountTransaction { bool initialTrusted; _Nullable CFDataRef initialKeyParameters; + + _Nullable CFMutableSetRef peersToRequestSync; }; @@ -36,6 +38,9 @@ SOSAccountTransactionRef SOSAccountTransactionCreate(SOSAccountRef account); void SOSAccountTransactionFinish(SOSAccountTransactionRef txn); void SOSAccountTransactionFinishAndRestart(SOSAccountTransactionRef txn); +void SOSAccountTransactionAddSyncRequestForPeerID(SOSAccountTransactionRef txn, CFStringRef peerID); +void SOSAccountTransactionAddSyncRequestForAllPeerIDs(SOSAccountTransactionRef txn, CFSetRef /* CFStringRef */ peerIDs); + CF_ASSUME_NONNULL_END #endif /* SOSAccountTransaction_h */ diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountUpdate.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountUpdate.c index 7fe47f25..2f8091bf 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountUpdate.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountUpdate.c @@ -15,6 +15,8 @@ #include #include #include +#include + static void DifferenceAndCall(CFSetRef old_members, CFSetRef new_members, void (^updatedCircle)(CFSetRef additions, CFSetRef removals)) { @@ -472,6 +474,12 @@ bool SOSAccountHandleUpdateCircle(SOSAccountRef account, SOSCircleRef prospectiv SOSAccountScanForRetired(account, prospective_circle, error); SOSCircleRef newCircle = SOSAccountCloneCircleWithRetirement(account, prospective_circle, error); if(!newCircle) return false; + + SOSCircleRef ghostCleaned = SOSAccountCloneCircleWithoutMyGhosts(account, newCircle); + if(ghostCleaned) { + CFRetainAssign(newCircle, ghostCleaned); + writeUpdate = true; + } SOSFullPeerInfoRef me_full = account->my_identity; SOSPeerInfoRef me = SOSFullPeerInfoGetPeerInfo(me_full); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountViewSync.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountViewSync.c index 185ca204..820f550b 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountViewSync.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountViewSync.c @@ -377,3 +377,22 @@ void SOSAccountCancelSyncChecking(SOSAccountRef account) { } } +bool SOSAccountCheckForAlwaysOnViews(SOSAccountRef account) { + bool changed = false; + SOSPeerInfoRef myPI = SOSAccountGetMyPeerInfo(account); + require_quiet(myPI, done); + require_quiet(SOSAccountIsInCircle(account, NULL), done); + require_quiet(SOSAccountHasCompletedInitialSync(account), done); + CFMutableSetRef viewsToEnsure = SOSViewCopyViewSet(kViewSetAlwaysOn); + // Previous version PeerInfo if we were syncing legacy keychain, ensure we include those legacy views. + if(!SOSPeerInfoVersionIsCurrent(myPI)) { + CFSetRef V0toAdd = SOSViewCopyViewSet(kViewSetV0); + CFSetUnion(viewsToEnsure, V0toAdd); + CFReleaseNull(V0toAdd); + } + changed = SOSAccountUpdateFullPeerInfo(account, viewsToEnsure, SOSViewsGetV0ViewSet()); // We don't permit V0 view proper, only sub-views + CFReleaseNull(viewsToEnsure); +done: + return changed; +} + diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSBackupInformation.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSBackupInformation.c new file mode 100644 index 00000000..7f4e28a8 --- /dev/null +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSBackupInformation.c @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +// +// SOSBackupInformation.c +// Security +// + +#include "SOSBackupInformation.h" +#include "SOSAccountPriv.h" +#include +#include + +const CFStringRef kSOSBkpInfoStatus = CFSTR("BkpInfoStatus"); +const CFStringRef kSOSBkpInfoBSKB = CFSTR("BkpInfoBSKB"); +const CFStringRef kSOSBkpInfoRKBG = CFSTR("BkpInfoRKBG"); + +CFDictionaryRef SOSBackupInformation(SOSAccountTransactionRef txn, CFErrorRef *error) { + CFNumberRef status = NULL; + int ibkpInfoStatus; + __block bool havebskbcontent = false; + CFMutableDictionaryRef retval = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); + require_action_quiet(txn && txn->account, errOut, ibkpInfoStatus = noTxnorAcct); + require_action_quiet(retval, errOut, ibkpInfoStatus = noAlloc); + require_action_quiet(txn, errOut, ibkpInfoStatus = noTxnorAcct); + SOSAccountRef account = txn->account; + require_action_quiet(account->user_public && account->user_public_trusted, errOut, ibkpInfoStatus = noTrustedPubKey); + CFMutableDictionaryRef bskbders = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); + SOSAccountForEachRing(account, ^SOSRingRef(CFStringRef name, SOSRingRef ring) { + if(SOSRingGetType(ring) == kSOSRingBackup) { + CFDataRef bskbder = SOSRingGetPayload(ring, NULL); + if(bskbder) CFDictionaryAddValue(bskbders, name, bskbder); + havebskbcontent = true; + } else if(SOSRingGetType(ring) == kSOSRingRecovery) { + CFDataRef rkbgder = SOSRingGetPayload(ring, NULL); + if(rkbgder) CFDictionaryAddValue(retval, kSOSBkpInfoRKBG, rkbgder); + } + return NULL; // we're reporting - never changing the ring + }); + if(havebskbcontent) { + ibkpInfoStatus = noError; + CFDictionaryAddValue(retval, kSOSBkpInfoBSKB, bskbders); + } else { + ibkpInfoStatus = noBSKBs; + } + CFReleaseNull(bskbders); + +errOut: + status = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &ibkpInfoStatus); + CFDictionaryAddValue(retval, kSOSBkpInfoStatus, status); + CFReleaseNull(status); + return retval; +} diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSBackupInformation.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSBackupInformation.h new file mode 100644 index 00000000..6c24be26 --- /dev/null +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSBackupInformation.h @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +// +// SOSBackupInformation.h +// Security +// + +#ifndef SOSBackupInformation_h +#define SOSBackupInformation_h + +#include +#include + +enum { + noError = 0, + noTxnorAcct, + noAlloc, + noTrustedPubKey, + noBSKBs, +}; + +extern const CFStringRef kSOSBkpInfoStatus; +extern const CFStringRef kSOSBkpInfoBSKB; +extern const CFStringRef kSOSBkpInfoRKBG; + +CFDictionaryRef SOSBackupInformation(SOSAccountTransactionRef txn, CFErrorRef *error); + +#endif /* SOSBackupInformation_h */ diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSBackupSliceKeyBag.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSBackupSliceKeyBag.c index 2cd87920..62013882 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSBackupSliceKeyBag.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSBackupSliceKeyBag.c @@ -23,6 +23,7 @@ // Our Header + #include @@ -45,7 +46,12 @@ #include +#include "SecRecoveryKey.h" +#include "SOSKeyedPubKeyIdentifier.h" #include "SOSInternal.h" +#include "SecADWrapper.h" + +CFStringRef bskbRkbgPrefix = CFSTR("RK"); // // MARK: Type creation @@ -72,15 +78,29 @@ static void SOSBackupSliceKeyBagDestroy(CFTypeRef aObj) { CFReleaseNull(vb->wrapped_keys); } +static CFSetRef SOSBackupSliceKeyBagCopyPeerNames(SOSBackupSliceKeyBagRef bksb) { + CFMutableSetRef retval = CFSetCreateMutableForCFTypes(kCFAllocatorDefault); + if(!retval) return NULL; + CFSetForEach(bksb->peers, ^(const void *value) { + SOSPeerInfoRef pi = (SOSPeerInfoRef) value; + CFSetAddValue(retval, SOSPeerInfoGetPeerName(pi)); + }); + return retval; +} + static CFStringRef SOSBackupSliceKeyBagCopyFormatDescription(CFTypeRef aObj, CFDictionaryRef formatOptions) { SOSBackupSliceKeyBagRef vb = (SOSBackupSliceKeyBagRef) aObj; - CFMutableStringRef description = CFStringCreateMutable(kCFAllocatorDefault, 0); - - CFStringAppendFormat(description, NULL, CFSTR("peers ? CFSetGetCount(vb->peers) : 0); - CFStringAppend(description, CFSTR(">")); + CFMutableStringRef retval = CFStringCreateMutable(kCFAllocatorDefault, 0); + + CFSetRef peerIDs = SOSBackupSliceKeyBagCopyPeerNames(vb); + CFStringSetPerformWithDescription(peerIDs, ^(CFStringRef description) { + CFStringAppendFormat(retval, NULL, CFSTR("peers ? CFSetGetCount(vb->peers) : 0, description); + }); + CFReleaseNull(peerIDs); + CFStringAppend(retval, CFSTR(">")); - return description; + return retval; } @@ -165,6 +185,7 @@ fail: } + SOSBackupSliceKeyBagRef SOSBackupSliceKeyBagCreateFromData(CFAllocatorRef allocator, CFDataRef data, CFErrorRef *error) { SOSBackupSliceKeyBagRef result = NULL; SOSBackupSliceKeyBagRef decodedBag = NULL; @@ -219,7 +240,7 @@ exit: } -static CFDictionaryRef SOSBackupSliceKeyBagCopyWrappedKeys(SOSBackupSliceKeyBagRef vb, CFDataRef secret, CFErrorRef *error) { +static CFDictionaryRef SOSBackupSliceKeyBagCopyWrappedKeys(SOSBackupSliceKeyBagRef vb, CFDataRef secret, CFDictionaryRef additionalKeys, CFErrorRef *error) { CFDictionaryRef result = NULL; CFMutableDictionaryRef wrappedKeys = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); @@ -256,6 +277,41 @@ static CFDictionaryRef SOSBackupSliceKeyBagCopyWrappedKeys(SOSBackupSliceKeyBagR } }); + CFDictionaryForEach(additionalKeys, ^(const void *key, const void *value) { + CFStringRef prefix = asString(key, NULL); + CFDataRef backupKey = asData(value, NULL); + if (backupKey) { + CFDataRef wrappedKey = NULL; + CFErrorRef localError = NULL; + CFStringRef id = SOSKeyedPubKeyIdentifierCreateWithData(prefix, backupKey); + require_quiet(id, done); + + wrappedKey = SOSCopyECWrapped(backupKey, secret, &localError); + require_quiet(wrappedKey, done); + + CFDictionaryAddValue(wrappedKeys, id, wrappedKey); + + done: + if (!localError) { + CFDataPerformWithHexString(backupKey, ^(CFStringRef backupKeyString) { + CFDataPerformWithHexString(wrappedKey, ^(CFStringRef wrappedKeyString) { + secnotice("bskb", "Add for bk: %@, wrapped: %@", backupKeyString, wrappedKeyString); + }); + }); + } else { + CFDataPerformWithHexString(backupKey, ^(CFStringRef backupKeyString) { + secnotice("bskb", "Failed at bk: %@ error: %@", backupKeyString, localError); + }); + CFErrorPropagate(localError, error); + success = false; + } + CFReleaseNull(wrappedKey); + CFReleaseNull(id); + } else { + secnotice("bskb", "Skipping %@, not data.", value); + } + }); + if (success) CFTransferRetained(result, wrappedKeys); @@ -263,7 +319,7 @@ static CFDictionaryRef SOSBackupSliceKeyBagCopyWrappedKeys(SOSBackupSliceKeyBagR return result; } -static bool SOSBackupSliceKeyBagCreateBackupBag(SOSBackupSliceKeyBagRef vb, CFErrorRef* error) { +static bool SOSBackupSliceKeyBagCreateBackupBag(SOSBackupSliceKeyBagRef vb, CFDictionaryRef/*CFDataRef*/ additionalKeys, CFErrorRef* error) { CFReleaseNull(vb->aks_bag); // Choose a random key. @@ -274,7 +330,7 @@ static bool SOSBackupSliceKeyBagCreateBackupBag(SOSBackupSliceKeyBagRef vb, CFEr secret = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, buffer, size, kCFAllocatorNull); - CFAssignRetained(vb->wrapped_keys, SOSBackupSliceKeyBagCopyWrappedKeys(vb, secret, error)); + CFAssignRetained(vb->wrapped_keys, SOSBackupSliceKeyBagCopyWrappedKeys(vb, secret, additionalKeys, error)); CFAssignRetained(vb->aks_bag, SecAKSCopyBackupBagWithSecret(size, buffer, error)); fail: @@ -317,6 +373,19 @@ static CFSetRef SOSBackupSliceKeyBagCreatePeerSet(CFAllocatorRef allocator, CFSe } SOSBackupSliceKeyBagRef SOSBackupSliceKeyBagCreate(CFAllocatorRef allocator, CFSetRef peers, CFErrorRef* error) { + CFMutableDictionaryRef additionalKeys = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); + + SOSBackupSliceKeyBagRef result = SOSBackupSliceKeyBagCreateWithAdditionalKeys(allocator, peers, additionalKeys, NULL); + + CFReleaseNull(additionalKeys); + + return result; +} + +SOSBackupSliceKeyBagRef SOSBackupSliceKeyBagCreateWithAdditionalKeys(CFAllocatorRef allocator, + CFSetRef /*SOSPeerInfoRef*/ peers, + CFDictionaryRef /*CFStringRef (prefix) CFDataRef (keydata) */ additionalKeys, + CFErrorRef* error) { SOSBackupSliceKeyBagRef result = NULL; SOSBackupSliceKeyBagRef vb = CFTypeAllocate(SOSBackupSliceKeyBag, struct __OpaqueSOSBackupSliceKeyBag, allocator); require_quiet(SecAllocationError(vb, error, CFSTR("View bag allocation failed")), fail); @@ -326,7 +395,7 @@ SOSBackupSliceKeyBagRef SOSBackupSliceKeyBagCreate(CFAllocatorRef allocator, CFS vb->peers = SOSBackupSliceKeyBagCreatePeerSet(allocator, peers); vb->wrapped_keys = CFDictionaryCreateMutableForCFTypes(allocator); - require_quiet(SOSBackupSliceKeyBagCreateBackupBag(vb, error), fail); + require_quiet(SOSBackupSliceKeyBagCreateBackupBag(vb, additionalKeys, error), fail); CFTransferRetained(result, vb); @@ -335,6 +404,7 @@ fail: return result; } + SOSBackupSliceKeyBagRef SOSBackupSliceKeyBagCreateDirect(CFAllocatorRef allocator, CFDataRef aks_bag, CFErrorRef *error) { SOSBackupSliceKeyBagRef result = NULL; @@ -380,6 +450,35 @@ bool SOSBSKBPeerIsInKeyBag(SOSBackupSliceKeyBagRef backupSliceKeyBag, SOSPeerInf return CFSetGetValue(backupSliceKeyBag->peers, pi) != NULL; } + + +bool SOSBKSBKeyIsInKeyBag(SOSBackupSliceKeyBagRef backupSliceKeyBag, CFDataRef publicKey) { + bool result = false; + CFStringRef keyID = SOSCopyIDOfDataBuffer(publicKey, NULL); + require_quiet(keyID, done); + + result = CFDictionaryContainsKey(backupSliceKeyBag->wrapped_keys, keyID); + +done: + CFReleaseSafe(keyID); + return result; +} + +bool SOSBKSBPrefixedKeyIsInKeyBag(SOSBackupSliceKeyBagRef backupSliceKeyBag, CFStringRef prefix, CFDataRef publicKey) { + bool result = false; + CFStringRef kpkid = SOSKeyedPubKeyIdentifierCreateWithData(prefix, publicKey); + require_quiet(kpkid, done); + + result = CFDictionaryContainsKey(backupSliceKeyBag->wrapped_keys, kpkid); + +done: + CFReleaseSafe(kpkid); + return result; + +} + + + bskb_keybag_handle_t SOSBSKBLoadLocked(SOSBackupSliceKeyBagRef backupSliceKeyBag, CFErrorRef *error) { @@ -496,3 +595,108 @@ keybag_handle_t SOSBSKBLoadAndUnlockWithDirectSecret(SOSBackupSliceKeyBagRef bac exit: return result; } + +#include "SecRecoveryKey.h" + +static bool SOSPerformWithRecoveryKeyFullKey(CFDataRef wrappingSecret, CFErrorRef *error, void (^operation)(ccec_full_ctx_t fullKey, CFStringRef keyID)) { + bool result = false; + + CFStringRef keyID = NULL; + SecRecoveryKey *sRecKey = NULL; + CFDataRef fullKeyBytes = NULL; + CFDataRef pubKeyBytes = NULL; + CFStringRef restoreKeySecret = CFStringCreateWithBytes(kCFAllocatorDefault, CFDataGetBytePtr(wrappingSecret), CFDataGetLength(wrappingSecret), kCFStringEncodingUTF8, false); + require_action_quiet(restoreKeySecret, errOut, SOSErrorCreate(kSOSErrorDecodeFailure, error, NULL, CFSTR("Unable to create key string from data."))); + sRecKey = SecRKCreateRecoveryKey(restoreKeySecret); + require_action_quiet(sRecKey, errOut, SOSErrorCreate(kSOSErrorDecodeFailure, error, NULL, CFSTR("Unable to create recovery key from string."))); + fullKeyBytes = SecRKCopyBackupFullKey(sRecKey); + pubKeyBytes = SecRKCopyBackupPublicKey(sRecKey); + require_action_quiet(fullKeyBytes && pubKeyBytes, errOut, SOSErrorCreate(kSOSErrorDecodeFailure, error, NULL, CFSTR("Unable to create recovery key public and private keys."))); + keyID = SOSCopyIDOfDataBuffer(pubKeyBytes, error); + require_quiet(keyID, errOut); + { + size_t keysize = ccec_compact_import_priv_size(CFDataGetLength(fullKeyBytes)); + ccec_const_cp_t cp = ccec_curve_for_length_lookup(keysize, ccec_cp_256(), ccec_cp_384(), ccec_cp_521()); + ccec_full_ctx_decl_cp(cp, fullKey); + int res = ccec_compact_import_priv(cp, CFDataGetLength(fullKeyBytes), CFDataGetBytePtr(fullKeyBytes), fullKey); + if(res == 0) { + operation(fullKey, keyID); + result = true; + ccec_full_ctx_clear_cp(cp, fullKey); + } + } + if(!result) SOSErrorCreate(kSOSErrorProcessingFailure, error, NULL, CFSTR("Unable to perform crypto operation from fullKeyBytes.")); + +errOut: + CFReleaseNull(keyID); + CFReleaseNull(sRecKey); + CFReleaseNull(fullKeyBytes); + CFReleaseNull(pubKeyBytes); + CFReleaseNull(restoreKeySecret); + return result; +} + +bskb_keybag_handle_t SOSBSKBLoadAndUnlockWithWrappingSecret(SOSBackupSliceKeyBagRef backupSliceKeyBag, + CFDataRef wrappingSecret, + CFErrorRef *error) { + __block keybag_handle_t result = bad_keybag_handle; + + CFDataRef lookedUpData = SOSBSKBCopyRecoveryKey(backupSliceKeyBag); + require_quiet(SecRequirementError(lookedUpData != NULL, error, CFSTR("no recovery key found in %@"), backupSliceKeyBag), errOut); + + SOSPerformWithRecoveryKeyFullKey(wrappingSecret, error, ^(ccec_full_ctx_t fullKey, CFStringRef keyID) { + SOSPerformWithUnwrappedData(fullKey, lookedUpData, error, ^(size_t size, uint8_t *buffer) { + result = SOSBSKBLoadAndUnlockBagWithSecret(backupSliceKeyBag, size, buffer, error); + }); + }); + +errOut: + CFReleaseSafe(lookedUpData); + return result; +} + +static CFDictionaryRef SOSBSKBCopyAdditionalKeysWithPrefix(CFAllocatorRef allocator, SOSBackupSliceKeyBagRef bskb, CFStringRef prefix) { + CFMutableDictionaryRef retval = CFDictionaryCreateMutableForCFTypes(allocator); + if(!retval) return NULL; + CFDictionaryForEach(bskb->wrapped_keys, ^(const void *key, const void *value) { + CFStringRef kpkid = asString(key, NULL); + CFDataRef keyData = asData(value, NULL); + if(kpkid && keyData && SOSKeyedPubKeyIdentifierIsPrefixed(kpkid)) { + CFStringRef idPrefix = SOSKeyedPubKeyIdentifierCopyPrefix(kpkid); + if(CFEqualSafe(idPrefix, prefix)) { + CFDictionaryAddValue(retval, kpkid, keyData); + } + CFReleaseNull(idPrefix); + } + }); + return retval; +} + +static bool SOSBSKBHasPrefixedKey(SOSBackupSliceKeyBagRef bskb, CFStringRef prefix) { + CFDictionaryRef keyDict = SOSBSKBCopyAdditionalKeysWithPrefix(kCFAllocatorDefault, bskb, prefix); + bool haveKeys = CFDictionaryGetCount(keyDict) > 0; + CFReleaseNull(keyDict); + return haveKeys; +} + +CFDataRef SOSBSKBCopyRecoveryKey(SOSBackupSliceKeyBagRef bskb) { + CFDictionaryRef keyDict = SOSBSKBCopyAdditionalKeysWithPrefix(kCFAllocatorDefault, bskb, bskbRkbgPrefix); + if(CFDictionaryGetCount(keyDict) == 1) { + __block CFDataRef keyData = NULL; + CFDictionaryForEach(keyDict, ^(const void *key, const void *value) { + keyData = asData(value, NULL); + }); + return CFDataCreateCopy(kCFAllocatorDefault, keyData); + } + CFReleaseNull(keyDict); + return NULL; +} + +bool SOSBSKBHasRecoveryKey(SOSBackupSliceKeyBagRef bskb) { + if(SOSBSKBHasPrefixedKey(bskb, bskbRkbgPrefix)) return true; + // old way for RecoveryKeys + int keyCount = (int) CFDictionaryGetCount(bskb->wrapped_keys); + int peerCount = SOSBSKBCountPeers(bskb); + return !SOSBSKBIsDirect(bskb) && ((keyCount - peerCount) > 0); +} + diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSBackupSliceKeyBag.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSBackupSliceKeyBag.h index bd8ce2e5..79ec67e3 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSBackupSliceKeyBag.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSBackupSliceKeyBag.h @@ -31,6 +31,8 @@ #include #include +extern CFStringRef bskbRkbgPrefix; + // We don't have a portable header (particularly for the SIM) so for now we define the one type we need. // This should be fixed when we get a portable AKS interface. typedef int32_t bskb_keybag_handle_t; @@ -42,6 +44,11 @@ CFTypeRef SOSBackupSliceKeyBageGetTypeID(void); SOSBackupSliceKeyBagRef SOSBackupSliceKeyBagCreate(CFAllocatorRef allocator, CFSetRef peers, CFErrorRef* error); SOSBackupSliceKeyBagRef SOSBackupSliceKeyBagCreateDirect(CFAllocatorRef allocator, CFDataRef aks_bag, CFErrorRef *error); +SOSBackupSliceKeyBagRef SOSBackupSliceKeyBagCreateWithAdditionalKeys(CFAllocatorRef allocator, + CFSetRef /*SOSPeerInfoRef*/ peers, + CFDictionaryRef /*CFStringRef (prefix) CFDataRef (keydata) */ additionalKeys, + CFErrorRef* error); + SOSBackupSliceKeyBagRef SOSBackupSliceKeyBagCreateFromData(CFAllocatorRef allocator, CFDataRef data, CFErrorRef *error); CFDataRef SOSBSKBCopyEncoded(SOSBackupSliceKeyBagRef BackupSliceKeyBag, CFErrorRef* error); @@ -54,6 +61,8 @@ CFSetRef SOSBSKBGetPeers(SOSBackupSliceKeyBagRef backupSliceKeyBag); int SOSBSKBCountPeers(SOSBackupSliceKeyBagRef backupSliceKeyBag); bool SOSBSKBPeerIsInKeyBag(SOSBackupSliceKeyBagRef backupSliceKeyBag, SOSPeerInfoRef pi); +bool SOSBKSBKeyIsInKeyBag(SOSBackupSliceKeyBagRef backupSliceKeyBag, CFDataRef publicKey); +bool SOSBKSBPrefixedKeyIsInKeyBag(SOSBackupSliceKeyBagRef backupSliceKeyBag, CFStringRef prefix, CFDataRef publicKey); // Keybag fetching CFDataRef SOSBSKBCopyAKSBag(SOSBackupSliceKeyBagRef backupSliceKeyBag, CFErrorRef* error); @@ -83,7 +92,14 @@ bskb_keybag_handle_t SOSBSKBLoadAndUnlockWithDirectSecret(SOSBackupSliceKeyBagRe CFDataRef directSecret, CFErrorRef *error); +bskb_keybag_handle_t SOSBSKBLoadAndUnlockWithWrappingSecret(SOSBackupSliceKeyBagRef backupSliceKeyBag, + CFDataRef wrappingSecret, + CFErrorRef *error); + // Utilities for backup keys bool SOSBSKBIsGoodBackupPublic(CFDataRef publicKey, CFErrorRef *error); +CFDataRef SOSBSKBCopyRecoveryKey(SOSBackupSliceKeyBagRef bskb); +bool SOSBSKBHasRecoveryKey(SOSBackupSliceKeyBagRef bskb); + #endif /* defined(_sec_SOSBackupSliceKeyBag_) */ diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSChangeTracker.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSChangeTracker.c index 42463be1..6d68036b 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSChangeTracker.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSChangeTracker.c @@ -72,7 +72,7 @@ CFStringRef SOSChangesCopyDescription(CFArrayRef changes) { if (changes) CFArrayForEachC(changes, change) { CFStringRef changeDesc = SOSChangeCopyDescription(change); CFStringAppend(desc, changeDesc); - CFRetainSafe(changeDesc); + CFReleaseNull(changeDesc); } CFStringAppend(desc, CFSTR(")")); return desc; diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSCircle.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSCircle.c index c0f00fc3..2dc787bd 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSCircle.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSCircle.c @@ -46,6 +46,8 @@ #include #include +#include + #include //#include "ckdUtilities.h" @@ -666,8 +668,10 @@ static void SOSCircleDestroy(CFTypeRef aObj) { CFReleaseNull(c->signatures); } -static CFMutableStringRef defaultDescription(CFTypeRef aObj){ +static CFMutableStringRef defaultDescriptionCreate(CFTypeRef aObj){ SOSCircleRef c = (SOSCircleRef) aObj; + CFStringRef initPeerSep = CFSTR("\n"); + CFStringRef peerSep = CFSTR("\n"); CFMutableStringRef description = CFStringCreateMutable(kCFAllocatorDefault, 0); @@ -675,7 +679,7 @@ static CFMutableStringRef defaultDescription(CFTypeRef aObj){ CFStringAppendFormat(description, NULL, CFSTR("name, genDescription); }); - __block CFStringRef separator = CFSTR(""); + __block CFStringRef separator = initPeerSep; SOSCircleForEachActivePeer(c, ^(SOSPeerInfoRef peer) { CFStringRef sig = NULL; if (SOSCircleVerifyPeerSigned(c, peer, NULL)) { @@ -688,39 +692,39 @@ static CFMutableStringRef defaultDescription(CFTypeRef aObj){ } CFStringAppendFormat(description, NULL, CFSTR("%@%@ %@"), separator, peer, sig); - separator = CFSTR(","); + separator = peerSep; }); //applicants CFStringAppend(description, CFSTR("], A:[")); - separator = CFSTR(""); + separator = initPeerSep; if(CFSetGetCount(c->applicants) == 0 ) CFStringAppendFormat(description, NULL, CFSTR("-")); else{ SOSCircleForEachApplicant(c, ^(SOSPeerInfoRef peer) { CFStringAppendFormat(description, NULL, CFSTR("%@%@"), separator, peer); - separator = CFSTR(","); + separator = peerSep; }); } //rejected CFStringAppend(description, CFSTR("], R:[")); - separator = CFSTR(""); + separator = initPeerSep; if(CFSetGetCount(c->rejected_applicants) == 0) CFStringAppendFormat(description, NULL, CFSTR("-")); else{ CFSetForEach(c->rejected_applicants, ^(const void *value) { SOSPeerInfoRef peer = (SOSPeerInfoRef) value; CFStringAppendFormat(description, NULL, CFSTR("%@%@"), separator, peer); - separator = CFSTR(","); + separator = peerSep; }); } CFStringAppend(description, CFSTR("]>")); return description; } -static CFMutableStringRef descriptionWithFormatOptions(CFTypeRef aObj, CFDictionaryRef formatOptions){ +static CFMutableStringRef descriptionCreateWithFormatOptions(CFTypeRef aObj, CFDictionaryRef formatOptions){ SOSCircleRef c = (SOSCircleRef) aObj; CFMutableStringRef description = CFStringCreateMutable(kCFAllocatorDefault, 0); @@ -774,7 +778,7 @@ static CFMutableStringRef descriptionWithFormatOptions(CFTypeRef aObj, CFDiction else{ CFReleaseNull(description); - description = defaultDescription(aObj); + description = defaultDescriptionCreate(aObj); } return description; @@ -788,10 +792,10 @@ static CFStringRef SOSCircleCopyFormatDescription(CFTypeRef aObj, CFDictionaryRe CFMutableStringRef description = NULL; if(formatOptions != NULL){ - description = descriptionWithFormatOptions(aObj, formatOptions); + description = descriptionCreateWithFormatOptions(aObj, formatOptions); } else{ - description = defaultDescription(aObj); + description = defaultDescriptionCreate(aObj); } return description; } @@ -922,58 +926,6 @@ CFMutableArrayRef SOSCircleCopyRejectedApplicants(SOSCircleRef circle, CFAllocat return CFSetCopyValuesCFArray(circle->rejected_applicants); } -bool SOSCircleHasPeerWithID(SOSCircleRef circle, CFStringRef peerid, CFErrorRef *error) { - SOSCircleAssertStable(circle); - __block bool found = false; - SOSCircleForEachPeer(circle, ^(SOSPeerInfoRef peer) { - if(peerid && peer && CFEqualSafe(peerid, SOSPeerInfoGetPeerID(peer))) found = true; - }); - return found; -} - -SOSPeerInfoRef SOSCircleCopyPeerWithID(SOSCircleRef circle, CFStringRef peerid, CFErrorRef *error) { - SOSCircleAssertStable(circle); - __block SOSPeerInfoRef found = NULL; - SOSCircleForEachPeer(circle, ^(SOSPeerInfoRef peer) { - if(peerid && peer && CFEqualSafe(peerid, SOSPeerInfoGetPeerID(peer))) found = peer; - }); - return found ? SOSPeerInfoCreateCopy(kCFAllocatorDefault, found, NULL) : NULL; -} - -bool SOSCircleHasPeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error) { - if(!peerInfo) return false; - return SOSCircleHasPeerWithID(circle, SOSPeerInfoGetPeerID(peerInfo), error); -} - -bool SOSCircleHasActivePeerWithID(SOSCircleRef circle, CFStringRef peerid, CFErrorRef *error) { - SOSCircleAssertStable(circle); - __block bool found = false; - SOSCircleForEachActivePeer(circle, ^(SOSPeerInfoRef peer) { - if(peerid && peer && CFEqualSafe(peerid, SOSPeerInfoGetPeerID(peer))) found = true; - }); - return found; -} - -bool SOSCircleHasActivePeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error) { - if(!peerInfo) return false; - return SOSCircleHasActivePeerWithID(circle, SOSPeerInfoGetPeerID(peerInfo), error); -} - -bool SOSCircleHasActiveValidPeerWithID(SOSCircleRef circle, CFStringRef peerid, SecKeyRef user_public_key, CFErrorRef *error) { - SOSCircleAssertStable(circle); - __block bool found = false; - SOSCircleForEachActivePeer(circle, ^(SOSPeerInfoRef peer) { - if(peerid && peer && CFEqualSafe(peerid, SOSPeerInfoGetPeerID(peer)) && SOSPeerInfoApplicationVerify(peer, user_public_key, NULL)) found = true; - }); - return found; -} - -bool SOSCircleHasActiveValidPeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, SecKeyRef user_public_key, CFErrorRef *error) { - if(!peerInfo) return false; - return SOSCircleHasActiveValidPeerWithID(circle, SOSPeerInfoGetPeerID(peerInfo), user_public_key, error); -} - - bool SOSCircleResetToEmpty(SOSCircleRef circle, CFErrorRef *error) { CFSetRemoveAllValues(circle->applicants); CFSetRemoveAllValues(circle->rejected_applicants); @@ -990,6 +942,7 @@ bool SOSCircleResetToEmptyWithSameGeneration(SOSCircleRef circle, CFErrorRef *er SOSGenCountRef gen = SOSGenerationCopy(SOSCircleGetGeneration(circle)); SOSCircleResetToEmpty(circle, error); SOSCircleSetGeneration(circle, gen); + CFReleaseNull(gen); return true; } @@ -1106,6 +1059,53 @@ exit: return success; } + +bool SOSCircleRemovePeersByID(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFSetRef peersToRemove, CFErrorRef *error) { + + bool success = false; + + __block bool removed_all = true; + CFSetForEach(peersToRemove, ^(const void *value) { + CFStringRef peerID = asString(value, NULL); + if(peerID) { + SOSPeerInfoRef peerInfo = SOSCircleCopyPeerInfo(circle, peerID, NULL); + if (peerInfo) { + removed_all &= SOSCircleRemovePeerInternal(circle, requestor, peerInfo, error); + CFReleaseNull(peerInfo); + } + } + }); + + require_quiet(removed_all, exit); + + require_quiet(SOSCircleGenerationSign(circle, user_privkey, requestor, error), exit); + + success = true; + +exit: + return success; +} + +static bool SOSCircleRemovePeerUnsigned(SOSCircleRef circle, SOSPeerInfoRef peer_to_remove) { + bool retval = false; + if (SOSCircleHasPeer(circle, peer_to_remove, NULL)) { + CFSetRemoveValue(circle->peers, peer_to_remove); + retval = true; + } + return retval; +} + +bool SOSCircleRemovePeersByIDUnsigned(SOSCircleRef circle, CFSetRef peersToRemove) { + __block bool removed_all = true; + CFSetForEach(peersToRemove, ^(const void *value) { + CFStringRef peerID = asString(value, NULL); + SOSPeerInfoRef peerInfo = SOSCircleCopyPeerInfo(circle, peerID, NULL); + removed_all &= SOSCircleRemovePeerUnsigned(circle, peerInfo); + CFReleaseNull(peerInfo); + }); + return removed_all; +} + bool SOSCircleRemovePeer(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, SOSPeerInfoRef peer_to_remove, CFErrorRef *error) { bool success = false; @@ -1222,6 +1222,10 @@ bool SOSCirclePeerSigUpdate(SOSCircleRef circle, SecKeyRef userPrivKey, SOSFullP return result; } +// +// Peer iteration and membership +// + static inline void SOSCircleForEachPeerMatching(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer), bool (^condition)(SOSPeerInfoRef peer)) { @@ -1248,6 +1252,13 @@ void SOSCircleForEachRetiredPeer(SOSCircleRef circle, void (^action)(SOSPeerInfo }); } +void SOSCircleForEachiCloudIdentityPeer(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer)) { + SOSCircleForEachPeerMatching(circle, action, ^bool(SOSPeerInfoRef peer) { + return SOSPeerInfoIsCloudIdentity(peer); + }); +} + + void SOSCircleForEachActivePeer(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer)) { SOSCircleForEachPeerMatching(circle, action, ^bool(SOSPeerInfoRef peer) { return true; @@ -1275,6 +1286,54 @@ void SOSCircleForEachApplicant(SOSCircleRef circle, void (^action)(SOSPeerInfoRe } +bool SOSCircleHasPeerWithID(SOSCircleRef circle, CFStringRef peerid, CFErrorRef *error) { + SOSCircleAssertStable(circle); + + SOSPeerInfoRef found = asSOSPeerInfo(CFSetGetValue(circle->peers, peerid)); + return found && !isHiddenPeer(found); +} + +SOSPeerInfoRef SOSCircleCopyPeerWithID(SOSCircleRef circle, CFStringRef peerid, CFErrorRef *error) { + SOSCircleAssertStable(circle); + + SOSPeerInfoRef found = asSOSPeerInfo(CFSetGetValue(circle->peers, peerid)); + return found ? SOSPeerInfoCreateCopy(kCFAllocatorDefault, found, NULL) : NULL; +} + +bool SOSCircleHasPeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error) { + if(!peerInfo) return false; + return SOSCircleHasPeerWithID(circle, SOSPeerInfoGetPeerID(peerInfo), error); +} + +bool SOSCircleHasActivePeerWithID(SOSCircleRef circle, CFStringRef peerid, CFErrorRef *error) { + SOSCircleAssertStable(circle); + SOSPeerInfoRef found = asSOSPeerInfo(CFSetGetValue(circle->peers, peerid)); + return found; +} + +bool SOSCircleHasActivePeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error) { + if(!peerInfo) return false; + return SOSCircleHasActivePeerWithID(circle, SOSPeerInfoGetPeerID(peerInfo), error); +} + +bool SOSCircleHasActiveValidPeerWithID(SOSCircleRef circle, CFStringRef peerid, SecKeyRef user_public_key, CFErrorRef *error) { + SOSCircleAssertStable(circle); + SOSPeerInfoRef found = asSOSPeerInfo(CFSetGetValue(circle->peers, peerid)); + return found && SOSPeerInfoApplicationVerify(found, user_public_key, NULL); +} + +bool SOSCircleHasValidSyncingPeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, SecKeyRef user_public_key, CFErrorRef *error) { + SOSCircleAssertStable(circle); + SOSPeerInfoRef found = asSOSPeerInfo(CFSetGetValue(circle->peers, peerInfo)); + return found && !isHiddenPeer(found) && SOSPeerInfoApplicationVerify(found, user_public_key, NULL); +} + +bool SOSCircleHasActiveValidPeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, SecKeyRef user_public_key, CFErrorRef *error) { + if(!peerInfo) return false; + return SOSCircleHasActiveValidPeerWithID(circle, SOSPeerInfoGetPeerID(peerInfo), user_public_key, error); +} + + CFMutableSetRef SOSCircleCopyPeers(SOSCircleRef circle, CFAllocatorRef allocator) { SOSCircleAssertStable(circle); @@ -1283,7 +1342,7 @@ CFMutableSetRef SOSCircleCopyPeers(SOSCircleRef circle, CFAllocatorRef allocator SOSCircleForEachPeer(circle, ^(SOSPeerInfoRef peer) { CFSetAddValue(result, peer); }); - + return result; } @@ -1376,6 +1435,14 @@ bool SOSCircleAcceptPeerFromHSA2(SOSCircleRef circle, SecKeyRef userKey, SOSGenC */ +static inline void logPeerInfo(char *category, SOSCircleRef circle, SecKeyRef pubKey, CFStringRef myPID, SOSPeerInfoRef peer) { + char sigchr = 'v'; + if (SOSCircleVerifyPeerSigned(circle, peer, NULL)) { + sigchr = 'V'; + } + SOSPeerInfoLogState(category, peer, pubKey, myPID, sigchr); +} + void SOSCircleLogState(char *category, SOSCircleRef circle, SecKeyRef pubKey, CFStringRef myPID) { if(!circle) return; CFStringRef genString = SOSGenerationCountCopyDescription(SOSCircleGetGeneration(circle)); @@ -1389,11 +1456,13 @@ void SOSCircleLogState(char *category, SOSCircleRef circle, SecKeyRef pubKey, CF else{ secnotice(category, "Peers In Circle:"); SOSCircleForEachPeer(circle, ^(SOSPeerInfoRef peer) { - char sigchr = 'v'; - if (SOSCircleVerifyPeerSigned(circle, peer, NULL)) { - sigchr = 'V'; - } - SOSPeerInfoLogState(category, peer, pubKey, myPID, sigchr); + logPeerInfo(category, circle, pubKey, myPID, peer); + }); + SOSCircleForEachRetiredPeer(circle, ^(SOSPeerInfoRef peer) { + logPeerInfo(category, circle, pubKey, myPID, peer); + }); + SOSCircleForEachiCloudIdentityPeer(circle, ^(SOSPeerInfoRef peer) { + logPeerInfo(category, circle, pubKey, myPID, peer); }); } @@ -1420,3 +1489,4 @@ void SOSCircleLogState(char *category, SOSCircleRef circle, SecKeyRef pubKey, CF } CFReleaseNull(genString); } + diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSCircle.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSCircle.h index 17479989..b5271ab8 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSCircle.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSCircle.h @@ -104,6 +104,7 @@ int SOSCircleCountRetiredPeers(SOSCircleRef circle); void SOSCircleForEachPeer(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer)); void SOSCircleForEachRetiredPeer(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer)); +void SOSCircleForEachiCloudIdentityPeer(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer)); void SOSCircleForEachActivePeer(SOSCircleRef circle, void (^action)(SOSPeerInfoRef peer)); void SOSCircleForEachActiveValidPeer(SOSCircleRef circle, SecKeyRef user_public_key, void (^action)(SOSPeerInfoRef peer)); void SOSCircleForEachValidPeer(SOSCircleRef circle, SecKeyRef user_public_key, void (^action)(SOSPeerInfoRef peer)); @@ -116,6 +117,7 @@ bool SOSCircleHasActivePeerWithID(SOSCircleRef circle, CFStringRef peerid, CFErr bool SOSCircleHasActivePeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, CFErrorRef *error); bool SOSCircleHasActiveValidPeerWithID(SOSCircleRef circle, CFStringRef peerid, SecKeyRef user_public_key, CFErrorRef *error); bool SOSCircleHasActiveValidPeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, SecKeyRef user_public_key, CFErrorRef *error); +bool SOSCircleHasValidSyncingPeer(SOSCircleRef circle, SOSPeerInfoRef peerInfo, SecKeyRef user_public_key, CFErrorRef *error); bool SOSCircleResetToOffering(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error); bool SOSCircleResetToEmpty(SOSCircleRef circle, CFErrorRef *error); @@ -135,10 +137,11 @@ bool SOSCirclePeerSigUpdate(SOSCircleRef circle, SecKeyRef userPrivKey, SOSFullP // No resigning of the circle is done, only updates to their own self signed description. // bool SOSCircleUpdatePeerInfo(SOSCircleRef circle, SOSPeerInfoRef replacement_peer_info); +bool SOSCircleRemovePeersByIDUnsigned(SOSCircleRef circle, CFSetRef peersToRemove); bool SOSCircleRemovePeer(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef device_approver, SOSPeerInfoRef peerInfo, CFErrorRef *error); bool SOSCircleRemovePeers(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef device_approver, CFSetRef peerInfo, CFErrorRef *error); - +bool SOSCircleRemovePeersByID(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef device_approver, CFSetRef peerIDs, CFErrorRef *error); bool SOSCircleRemoveRetired(SOSCircleRef circle, CFErrorRef *error); bool SOSCircleAcceptRequests(SOSCircleRef circle, SecKeyRef user_privkey, SOSFullPeerInfoRef device_approver, CFErrorRef *error); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSCircleDer.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSCircleDer.c index 0bbe42bb..fb0ae75b 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSCircleDer.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSCircleDer.c @@ -71,7 +71,7 @@ SOSCircleRef SOSCircleCreateFromDER(CFAllocatorRef allocator, CFErrorRef* error, SOSCreateError(kSOSErrorIncompatibleCircle, CFSTR("Bad Circle Version"), NULL, error)); *der_p = der_decode_string(allocator, 0, &cir->name, error, *der_p, sequence_end); - *der_p = der_decode_number(allocator, 0, &cir->generation, error, *der_p, sequence_end); + cir->generation = SOSGenCountCreateFromDER(kCFAllocatorDefault, error, der_p, sequence_end); cir->peers = SOSPeerInfoSetCreateFromArrayDER(allocator, &kSOSPeerSetCallbacks, error, der_p, sequence_end); cir->applicants = SOSPeerInfoSetCreateFromArrayDER(allocator, &kSOSPeerSetCallbacks, error, der_p, sequence_end); @@ -104,7 +104,7 @@ size_t SOSCircleGetDEREncodedSize(SOSCircleRef cir, CFErrorRef *error) { require_quiet(accumulate_size(&total_payload, ccder_sizeof_uint64(kOnlyCompatibleVersion)), fail); require_quiet(accumulate_size(&total_payload, der_sizeof_string(cir->name, error)), fail); - require_quiet(accumulate_size(&total_payload, der_sizeof_number(cir->generation, error)), fail); + require_quiet(accumulate_size(&total_payload, SOSGenCountGetDEREncodedSize(cir->generation, error)), fail); require_quiet(accumulate_size(&total_payload, SOSPeerInfoSetGetDEREncodedArraySize(cir->peers, error)), fail); require_quiet(accumulate_size(&total_payload, SOSPeerInfoSetGetDEREncodedArraySize(cir->applicants, error)), fail); require_quiet(accumulate_size(&total_payload, SOSPeerInfoSetGetDEREncodedArraySize(cir->rejected_applicants, error)), fail); @@ -123,7 +123,7 @@ uint8_t* SOSCircleEncodeToDER(SOSCircleRef cir, CFErrorRef* error, const uint8_t return ccder_encode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE, der_end, der, ccder_encode_uint64(kOnlyCompatibleVersion, der, der_encode_string(cir->name, error, der, - der_encode_number(cir->generation, error, der, + SOSGenCountEncodeToDER(cir->generation, error, der, SOSPeerInfoSetEncodeToArrayDER(cir->peers, error, der, SOSPeerInfoSetEncodeToArrayDER(cir->applicants, error, der, SOSPeerInfoSetEncodeToArrayDER(cir->rejected_applicants, error, der, diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSCloudCircle.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSCloudCircle.c index 090eba1e..15824158 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSCloudCircle.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSCloudCircle.c @@ -66,6 +66,8 @@ const char * kSOSCCViewMembershipChangedNotification = "com.apple.security.secur const char * kSOSCCInitialSyncChangedNotification = "com.apple.security.secureobjectsync.initialsyncchanged"; const char * kSOSCCHoldLockForInitialSync = "com.apple.security.secureobjectsync.holdlock"; const char * kSOSCCPeerAvailable = "com.apple.security.secureobjectsync.peeravailable"; +const char * kSOSCCRecoveryKeyChanged = "com.apple.security.secureobjectsync.recoverykeychanged"; +const CFStringRef kSOSErrorDomain = CFSTR("com.apple.security.sos.error"); #define do_if_registered(sdp, ...) if (gSecurityd && gSecurityd->sdp) { return gSecurityd->sdp(__VA_ARGS__); } @@ -134,6 +136,25 @@ static bool cfstring_to_error_request(enum SecXPCOperation op, CFStringRef strin return result; } +static bool deviceid_to_bool_error_request(enum SecXPCOperation op, + CFStringRef IDS, + CFErrorRef* error) +{ + __block bool result = false; + + securityd_send_sync_and_do(op, error, ^bool(xpc_object_t message, CFErrorRef *error) { + CFStringPerformWithCString(IDS, ^(const char *utf8Str) { + xpc_dictionary_set_string(message, kSecXPCKeyDeviceID, utf8Str); + }); + return true; + }, ^bool(xpc_object_t response, CFErrorRef *error) { + result = xpc_dictionary_get_bool(response, kSecXPCKeyResult); + return result; + }); + + return result; +} + static SOSRingStatus cfstring_to_uint64_request(enum SecXPCOperation op, CFStringRef string, CFErrorRef* error) { __block bool result = false; @@ -184,6 +205,30 @@ static bool simple_bool_error_request(enum SecXPCOperation op, CFErrorRef* error return result; } +static bool SecXPCDictionarySetPeerInfoData(xpc_object_t message, const char *key, SOSPeerInfoRef peerInfo, CFErrorRef *error) { + bool success = false; + CFDataRef peerData = SOSPeerInfoCopyEncodedData(peerInfo, kCFAllocatorDefault, error); + if (peerData) { + success = SecXPCDictionarySetData(message, key, peerData, error); + } + CFReleaseNull(peerData); + return success; +} + +static bool peer_info_to_bool_error_request(enum SecXPCOperation op, SOSPeerInfoRef peerInfo, CFErrorRef* error) +{ + __block bool result = false; + + secdebug("sosops","enter - operation: %d", op); + securityd_send_sync_and_do(op, error, ^bool(xpc_object_t message, CFErrorRef *error) { + return SecXPCDictionarySetPeerInfoData(message, kSecXPCKeyPeerInfo, peerInfo, error); + }, ^bool(xpc_object_t response, __unused CFErrorRef *error) { + result = xpc_dictionary_get_bool(response, kSecXPCKeyResult); + return result; + }); + return result; +} + static CFBooleanRef cfarray_to_cfboolean_error_request(enum SecXPCOperation op, CFArrayRef views, CFErrorRef* error) { __block bool result = false; @@ -199,6 +244,25 @@ static CFBooleanRef cfarray_to_cfboolean_error_request(enum SecXPCOperation op, } +static CFSetRef cfset_cfset_to_cfset_error_request(enum SecXPCOperation op, CFSetRef set1, CFSetRef set2, CFErrorRef* error) +{ + __block CFSetRef result = NULL; + + secdebug("sosops","enter - operation: %d", op); + bool noError = securityd_send_sync_and_do(op, error, ^bool(xpc_object_t message, CFErrorRef *error) { + return SecXPCDictionarySetPList(message, kSecXPCKeySet, set1, error) && SecXPCDictionarySetPList(message, kSecXPCKeySet2, set2, error); + }, ^bool(xpc_object_t response, __unused CFErrorRef *error) { + result = SecXPCDictionaryCopySet(response, kSecXPCKeyResult, error); + return result; + }); + + if (!noError) { + CFReleaseNull(result); + } + return result; +} + + static bool escrow_to_bool_error_request(enum SecXPCOperation op, CFStringRef escrow_label, uint64_t tries, CFErrorRef* error) { __block bool result = false; @@ -228,7 +292,7 @@ static bool escrow_to_bool_error_request(enum SecXPCOperation op, CFStringRef es static CF_RETURNS_RETAINED CFArrayRef simple_array_error_request(enum SecXPCOperation op, CFErrorRef* error) { __block CFArrayRef result = NULL; - + secdebug("sosops","enter - operation: %d", op); if (securityd_send_sync_and_do(op, error, NULL, ^bool(xpc_object_t response, CFErrorRef *error) { xpc_object_t temp_result = xpc_dictionary_get_value(response, kSecXPCKeyResult); @@ -243,6 +307,26 @@ static CF_RETURNS_RETAINED CFArrayRef simple_array_error_request(enum SecXPCOper return result; } +static CF_RETURNS_RETAINED CFArrayRef der_array_error_request(enum SecXPCOperation op, CFErrorRef* error) +{ + __block CFArrayRef result = NULL; + + secdebug("sosops","enter - operation: %d", op); + if (securityd_send_sync_and_do(op, error, NULL, ^bool(xpc_object_t response, CFErrorRef *error) { + size_t length = 0; + const uint8_t* bytes = xpc_dictionary_get_data(response, kSecXPCKeyResult, &length); + der_decode_plist(kCFAllocatorDefault, 0, (CFPropertyListRef*) &result, error, bytes, bytes + length); + + return result != NULL; + })) { + if (!isArray(result)) { + SOSErrorCreate(kSOSErrorUnexpectedType, error, NULL, CFSTR("Expected array, got: %@"), result); + CFReleaseNull(result); + } + } + return result; +} + static CFDictionaryRef strings_to_dictionary_error_request(enum SecXPCOperation op, CFErrorRef* error) { __block CFDictionaryRef result = NULL; @@ -310,7 +394,6 @@ static CFDataRef data_to_error_request(enum SecXPCOperation op, CFErrorRef *erro __block CFDataRef result = NULL; secdebug("sosops", "enter -- operation: %d", op); - secdebug("sosops","enter - operation: %d", op); securityd_send_sync_and_do(op, error, NULL, ^bool(xpc_object_t response, CFErrorRef *error) { xpc_object_t temp_result = xpc_dictionary_get_value(response, kSecXPCKeyResult); if (response && (NULL != temp_result)) { @@ -347,7 +430,7 @@ static CFArrayRef array_of_info_error_request(enum SecXPCOperation op, CFErrorRe return result; } -static SOSPeerInfoRef data_to_peer_info_error_request(enum SecXPCOperation op, CFDataRef secret, CFErrorRef* error) +static CF_RETURNS_RETAINED SOSPeerInfoRef data_to_peer_info_error_request(enum SecXPCOperation op, CFDataRef secret, CFErrorRef* error) { __block SOSPeerInfoRef result = false; __block CFDataRef data = NULL; @@ -399,6 +482,22 @@ static bool keybag_and_bool_to_bool_error_request(enum SecXPCOperation op, CFDat }); } +static bool recovery_and_bool_to_bool_error_request(enum SecXPCOperation op, CFDataRef data, CFErrorRef* error) +{ + secdebug("sosops", "enter - operation: %d", op); + return securityd_send_sync_and_do(op, error, ^bool(xpc_object_t message, CFErrorRef *error) { + xpc_object_t xData = _CFXPCCreateXPCObjectFromCFObject(data); + bool success = false; + if (xData){ + xpc_dictionary_set_value(message, kSecXPCKeyRecoveryPublicKey, xData); + xpc_release(xData); + success = true; + } + return success; + }, ^bool(xpc_object_t response, __unused CFErrorRef *error) { + return xpc_dictionary_get_bool(response, kSecXPCKeyResult); + }); +} static bool info_array_to_bool_error_request(enum SecXPCOperation op, CFArrayRef peer_infos, CFErrorRef* error) { @@ -408,7 +507,7 @@ static bool info_array_to_bool_error_request(enum SecXPCOperation op, CFArrayRef securityd_send_sync_and_do(op, error, ^bool(xpc_object_t message, CFErrorRef *error) { xpc_object_t encoded_peers = CreateXPCObjectWithArrayOfPeerInfo(peer_infos, error); if (encoded_peers) - xpc_dictionary_set_value(message, kSecXPCKeyPeerInfos, encoded_peers); + xpc_dictionary_set_value(message, kSecXPCKeyPeerInfoArray, encoded_peers); return encoded_peers != NULL; }, ^bool(xpc_object_t response, __unused CFErrorRef *error) { result = xpc_dictionary_get_bool(response, kSecXPCKeyResult); @@ -541,10 +640,8 @@ static CFDataRef cfdata_error_request_returns_cfdata(enum SecXPCOperation op, CF xpc_object_t temp_result = xpc_dictionary_get_value(response, kSecXPCKeyResult); if (response && (NULL != temp_result)) { CFTypeRef object = _CFXPCCreateCFObjectFromXPCObject(temp_result); - result = asData(object, error); - if (!result) { - CFReleaseNull(object); - } + result = copyIfData(object, error); + CFReleaseNull(object); } return (bool) (result != NULL); }); @@ -552,7 +649,6 @@ static CFDataRef cfdata_error_request_returns_cfdata(enum SecXPCOperation op, CF return result; } - bool SOSCCRequestToJoinCircle(CFErrorRef* error) { sec_trace_enter_api(NULL); @@ -902,16 +998,80 @@ SOSPeerInfoRef SOSCCCopyMyPeerInfo(CFErrorRef *error) }, CFSTR("return=%@")); } -CFArrayRef SOSCCCopyEngineState(CFErrorRef* error) +static CFArrayRef SOSCCCopyEngineState(CFErrorRef* error) { sec_trace_enter_api(NULL); sec_trace_return_api(CFArrayRef, ^{ do_if_registered(soscc_CopyEngineState, error); - return simple_array_error_request(kSecXPCOpCopyEngineState, error); + return der_array_error_request(kSecXPCOpCopyEngineState, error); }, CFSTR("return=%@")); } +CFStringRef kSOSCCEngineStatePeerIDKey = CFSTR("PeerID"); +CFStringRef kSOSCCEngineStateManifestCountKey = CFSTR("ManifestCount"); +CFStringRef kSOSCCEngineStateSyncSetKey = CFSTR("SyncSet"); +CFStringRef kSOSCCEngineStateCoderKey = CFSTR("CoderDump"); +CFStringRef kSOSCCEngineStateManifestHashKey = CFSTR("ManifestHash"); + +void SOSCCForEachEngineStateAsStringFromArray(CFArrayRef states, void (^block)(CFStringRef oneStateString)) { + + CFArrayForEach(states, ^(const void *value) { + CFDictionaryRef dict = asDictionary(value, NULL); + if (dict) { + CFMutableStringRef description = CFStringCreateMutable(kCFAllocatorDefault, 0); + + CFStringRef id = asString(CFDictionaryGetValue(dict, kSOSCCEngineStatePeerIDKey), NULL); + + if (id) { + CFStringAppendFormat(description, NULL, CFSTR("remote %@ "), id); + } else { + CFStringAppendFormat(description, NULL, CFSTR("local ")); + } + + CFSetRef viewSet = asSet(CFDictionaryGetValue(dict, kSOSCCEngineStateSyncSetKey), NULL); + if (viewSet) { + CFStringSetPerformWithDescription(viewSet, ^(CFStringRef setDescription) { + CFStringAppend(description, setDescription); + }); + } else { + CFStringAppendFormat(description, NULL, CFSTR("")); + } + + CFStringAppendFormat(description, NULL, CFSTR(" [%@]"), + CFDictionaryGetValue(dict, kSOSCCEngineStateManifestCountKey)); + + CFDataRef mainfestHash = asData(CFDictionaryGetValue(dict, kSOSCCEngineStateManifestHashKey), NULL); + + if (mainfestHash) { + CFDataPerformWithHexString(mainfestHash, ^(CFStringRef dataString) { + CFStringAppendFormat(description, NULL, CFSTR(" %@"), dataString); + }); + } + + CFStringRef coderDescription = asString(CFDictionaryGetValue(dict, kSOSCCEngineStateCoderKey), NULL); + if (coderDescription) { + CFStringAppendFormat(description, NULL, CFSTR(" %@"), coderDescription); + } + + block(description); + + CFReleaseNull(description); + } + }); +} + +bool SOSCCForEachEngineStateAsString(CFErrorRef* error, void (^block)(CFStringRef oneStateString)) { + CFArrayRef states = SOSCCCopyEngineState(error); + if (states == NULL) + return false; + + SOSCCForEachEngineStateAsStringFromArray(states, block); + + return true; +} + + bool SOSCCAcceptApplicants(CFArrayRef applicants, CFErrorRef* error) { sec_trace_enter_api(NULL); @@ -932,7 +1092,7 @@ bool SOSCCRejectApplicants(CFArrayRef applicants, CFErrorRef *error) }, NULL) } -static SOSPeerInfoRef SOSSetNewPublicBackupKey(CFDataRef pubKey, CFErrorRef *error) +static CF_RETURNS_RETAINED SOSPeerInfoRef SOSSetNewPublicBackupKey(CFDataRef pubKey, CFErrorRef *error) { sec_trace_enter_api(NULL); sec_trace_return_api(SOSPeerInfoRef, ^{ @@ -945,7 +1105,11 @@ static SOSPeerInfoRef SOSSetNewPublicBackupKey(CFDataRef pubKey, CFErrorRef *err SOSPeerInfoRef SOSCCCopyMyPeerWithNewDeviceRecoverySecret(CFDataRef secret, CFErrorRef *error){ CFDataRef publicKeyData = SOSCopyDeviceBackupPublicKey(secret, error); - return publicKeyData ? SOSSetNewPublicBackupKey(publicKeyData, error) : NULL; + SOSPeerInfoRef copiedPeer = publicKeyData ? SOSSetNewPublicBackupKey(publicKeyData, error) : NULL; + + CFReleaseNull(publicKeyData); + + return copiedPeer; } bool SOSCCRegisterSingleRecoverySecret(CFDataRef aks_bag, bool forV0Only, CFErrorRef *error){ @@ -957,6 +1121,21 @@ bool SOSCCRegisterSingleRecoverySecret(CFDataRef aks_bag, bool forV0Only, CFErro } +bool SOSCCRegisterRecoveryPublicKey(CFDataRef recovery_key, CFErrorRef *error){ + sec_trace_enter_api(NULL); + sec_trace_return_bool_api(^{ + do_if_registered(soscc_RegisterRecoveryPublicKey, recovery_key, error); + return recovery_and_bool_to_bool_error_request(kSecXPCOpRegisterRecoveryPublicKey, recovery_key, error); + }, NULL); +} + +CFDataRef SOSCCCopyRecoveryPublicKey(CFErrorRef *error){ + sec_trace_enter_api(NULL); + sec_trace_return_api(CFDataRef, ^{ + do_if_registered(soscc_CopyRecoveryPublicKey, error); + return data_to_error_request(kSecXPCOpGetRecoveryPublicKey, error); + }, CFSTR("return=%@")); +} static bool label_and_password_to_bool_error_request(enum SecXPCOperation op, CFStringRef user_label, CFDataRef user_password, CFErrorRef* error) @@ -1000,14 +1179,14 @@ static bool label_and_password_and_dsid_to_bool_error_request(enum SecXPCOperati return result; } -static bool deviceid_to_bool_error_request(enum SecXPCOperation op, - CFStringRef IDS, +static bool cfstring_to_bool_error_request(enum SecXPCOperation op, + CFStringRef string, CFErrorRef* error) { __block bool result = false; securityd_send_sync_and_do(op, error, ^bool(xpc_object_t message, CFErrorRef *error) { - CFStringPerformWithCString(IDS, ^(const char *utf8Str) { + CFStringPerformWithCString(string, ^(const char *utf8Str) { xpc_dictionary_set_string(message, kSecXPCKeyDeviceID, utf8Str); }); return true; @@ -1039,6 +1218,23 @@ static int idsDict_to_int_error_request(enum SecXPCOperation op, return result; } +static bool idsData_peerID_to_bool_error_request(enum SecXPCOperation op, CFStringRef peerID, + CFDataRef IDSMessage, + CFErrorRef* error) +{ + __block bool result = 0; + + securityd_send_sync_and_do(op, error, ^bool(xpc_object_t message, CFErrorRef *error) { + SecXPCDictionarySetData(message, kSecXPCKeyIDSMessage, IDSMessage, error); + SecXPCDictionarySetString(message, kSecXPCKeyDeviceID, peerID, error); + return true; + }, ^bool(xpc_object_t response, CFErrorRef *error) { + result = xpc_dictionary_get_bool(response, kSecXPCKeyResult); + return result; + }); + return result; +} + static bool idscommand_to_bool_error_request(enum SecXPCOperation op, CFStringRef idsMessage, CFErrorRef* error) @@ -1081,14 +1277,21 @@ bool SOSCCSetUserCredentialsAndDSID(CFStringRef user_label, CFDataRef user_passw sec_trace_enter_api(CFSTR("user_label=%@"), user_label); sec_trace_return_bool_api(^{ do_if_registered(soscc_SetUserCredentialsAndDSID, user_label, user_password, dsid, error); - if(dsid == NULL){ - return label_and_password_and_dsid_to_bool_error_request(kSecXPCOpSetUserCredentialsAndDSID, user_label, user_password, CFSTR(""), error); - } - else{ - return label_and_password_and_dsid_to_bool_error_request(kSecXPCOpSetUserCredentialsAndDSID, user_label, user_password, dsid, error); + + bool result = false; + __block CFStringRef account_dsid = dsid; + + require_action_quiet(user_label, out, SOSErrorCreate(kSOSErrorParam, error, NULL, CFSTR("user_label is nil"))); + require_action_quiet(user_password, out, SOSErrorCreate(kSOSErrorParam, error, NULL, CFSTR("user_password is nil"))); + + if(account_dsid == NULL){ + account_dsid = CFSTR(""); } + return label_and_password_and_dsid_to_bool_error_request(kSecXPCOpSetUserCredentialsAndDSID, user_label, user_password, account_dsid, error); + out: + return result; + }, NULL) - } bool SOSCCSetDeviceID(CFStringRef IDS, CFErrorRef* error) { @@ -1096,7 +1299,7 @@ bool SOSCCSetDeviceID(CFStringRef IDS, CFErrorRef* error) sec_trace_enter_api(NULL); sec_trace_return_bool_api(^{ do_if_registered(soscc_SetDeviceID, IDS, error); - bool result = deviceid_to_bool_error_request(kSecXPCOpSetDeviceID, IDS, error); + bool result = cfstring_to_bool_error_request(kSecXPCOpSetDeviceID, IDS, error); return result; }, NULL) } @@ -1141,23 +1344,34 @@ HandleIDSMessageReason SOSCCHandleIDSMessage(CFDictionaryRef IDS, CFErrorRef* er }, NULL) } -bool SOSCCRequestSyncWithPeerOverKVS(CFStringRef peerID, CFErrorRef *error) +bool SOSCCClearPeerMessageKeyInKVS(CFStringRef peerID, CFErrorRef *error) { - secnotice("sosops", "SOSCCRequestSyncWithPeerOverKVS!! %@\n", peerID); + secnotice("sosops", "SOSCCClearPeerMessageKeyInKVS!! %@\n", peerID); sec_trace_enter_api(NULL); sec_trace_return_bool_api(^{ - do_if_registered(soscc_requestSyncWithPeerOverKVS, peerID, error); - return deviceid_to_bool_error_request(kSecXPCOpSyncWithKVSPeer, peerID, error); + do_if_registered(socc_clearPeerMessageKeyInKVS, peerID, error); + return cfstring_to_bool_error_request(kSecXPCOpClearKVSPeerMessage, peerID, error); }, NULL) + } -bool SOSCCRequestSyncWithPeerOverIDS(CFStringRef deviceID, CFErrorRef *error) +bool SOSCCRequestSyncWithPeerOverKVSUsingIDOnly(CFStringRef peerID, CFErrorRef *error) { - secnotice("sosops", "SOSCCRequestSyncWithPeerOverIDS!! %@\n", deviceID); + secnotice("sosops", "SOSCCRequestSyncWithPeerOverKVSUsingIDOnly!! %@\n", peerID); sec_trace_enter_api(NULL); sec_trace_return_bool_api(^{ - do_if_registered(soscc_requestSyncWithPeerOverIDS, deviceID, error); - return deviceid_to_bool_error_request(kSecXPCOpSyncWithIDSPeer, deviceID, error); + do_if_registered(soscc_requestSyncWithPeerOverKVSIDOnly, peerID, error); + return deviceid_to_bool_error_request(kSecXPCOpSyncWithKVSPeerIDOnly, peerID, error); + }, NULL) +} + +bool SOSCCRequestSyncWithPeerOverKVS(CFStringRef peerID, CFDataRef message, CFErrorRef *error) +{ + secnotice("sosops", "SOSCCRequestSyncWithPeerOverKVS!! %@\n", peerID); + sec_trace_enter_api(NULL); + sec_trace_return_bool_api(^{ + do_if_registered(soscc_requestSyncWithPeerOverKVS, peerID, message, error); + return idsData_peerID_to_bool_error_request(kSecXPCOpSyncWithKVSPeer, peerID, message, error); }, NULL) } @@ -1245,6 +1459,17 @@ bool SOSCCProcessEnsurePeerRegistration(CFErrorRef* error){ } +CFSetRef /* CFString */ SOSCCProcessSyncWithPeers(CFSetRef peers, CFSetRef backupPeers, CFErrorRef* error) +{ + sec_trace_enter_api(NULL); + sec_trace_return_api(CFSetRef, ^{ + do_if_registered(soscc_ProcessSyncWithPeers, peers, backupPeers, error); + + return cfset_cfset_to_cfset_error_request(kSecXPCOpProcessSyncWithPeers, peers, backupPeers, error); + }, NULL) +} + + SyncWithAllPeersReason SOSCCProcessSyncWithAllPeers(CFErrorRef* error) { sec_trace_enter_api(NULL); @@ -1433,6 +1658,15 @@ CFDictionaryRef SOSCCCopyEscrowRecord(CFErrorRef *error){ } +CFDictionaryRef SOSCCCopyBackupInformation(CFErrorRef *error) { + secnotice("escrow", "enter SOSCCCopyBackupInformation"); + sec_trace_enter_api(NULL); + sec_trace_return_api(CFDictionaryRef, ^{ + do_if_registered(soscc_CopyBackupInformation, error); + return strings_to_dictionary_error_request(kSecXPCOpCopyBackupInformation, error); + }, CFSTR("return=%@")) +} + bool SOSCCCheckPeerAvailability(CFErrorRef *error){ secnotice("peer", "enter SOSCCCheckPeerAvailability"); sec_trace_enter_api(NULL); @@ -1511,3 +1745,22 @@ CFBooleanRef SOSCCPeersHaveViewsEnabled(CFArrayRef viewNames, CFErrorRef *error) }, CFSTR("return=%@")) } +bool SOSCCMessageFromPeerIsPending(SOSPeerInfoRef peer, CFErrorRef *error) { + secnotice("pending-check", "enter SOSCCMessageFromPeerIsPending"); + + sec_trace_return_bool_api(^{ + do_if_registered(soscc_SOSCCMessageFromPeerIsPending, peer, error); + + return peer_info_to_bool_error_request(kSecXPCOpMessageFromPeerIsPending, peer, error); + }, NULL) + +} + +bool SOSCCSendToPeerIsPending(SOSPeerInfoRef peer, CFErrorRef *error) { + sec_trace_return_bool_api(^{ + do_if_registered(soscc_SOSCCSendToPeerIsPending, peer, error); + + return peer_info_to_bool_error_request(kSecXPCOpSendToPeerIsPending, peer, error); + }, NULL) + +} diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSCloudCircle.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSCloudCircle.h index aee7a32f..8ab0f274 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSCloudCircle.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSCloudCircle.h @@ -43,7 +43,7 @@ __BEGIN_DECLS // CFError info for propogated errors // -extern CFStringRef kSOSErrorDomain; +extern const CFStringRef kSOSErrorDomain; enum { kSOSErrorPrivateKeyAbsent = 1, @@ -76,7 +76,7 @@ extern const char * kSOSCCViewMembershipChangedNotification; extern const char * kSOSCCInitialSyncChangedNotification; extern const char * kSOSCCHoldLockForInitialSync; extern const char * kSOSCCPeerAvailable; - +extern const char * kSOSCCRecoveryKeyChanged; /*! @function SOSCCSetUserCredentials @abstract Uses the user authentication credential (password) to create an internal EC Key Pair for authenticating Circle changes. @@ -179,7 +179,9 @@ SOSCCStatus SOSCCThisDeviceIsInCircle(CFErrorRef* error); /*! @function SOSCCIsIcloudKeychainSyncing @abstract determines whether baseline keychain syncing is occuring (V0/V2) - @result true if we're in the circle. false otherwise. + @result true if we're in the circle and baseline keychain syncing views + (kSOSViewAutofillPasswords/kSOSViewSafariCreditCards/kSOSViewWiFi/kSOSViewOtherSyncable + are enabled. false otherwise. */ bool SOSCCIsIcloudKeychainSyncing(void); @@ -187,7 +189,7 @@ bool SOSCCIsIcloudKeychainSyncing(void); /*! @function SOSCCIsSafariSyncing @abstract determines whether Safari keychain item syncing is occuring (kSOSViewAutofillPasswords/kSOSViewSafariCreditCards) - @result true if we're in the circle. false otherwise. + @result true if we're in the circle and the kSOSViewAutofillPasswords/kSOSViewSafariCreditCards views are enabled. false otherwise. */ bool SOSCCIsSafariSyncing(void); @@ -195,7 +197,7 @@ bool SOSCCIsSafariSyncing(void); /*! @function SOSCCIsAppleTVSyncing @abstract determines whether appleTV keychain syncing is occuring (kSOSViewAppleTV) - @result true if we're in the circle. false otherwise. + @result true if we're in the circle and the kSOSViewAppleTV view is enabled. false otherwise. */ bool SOSCCIsAppleTVSyncing(void); @@ -204,7 +206,7 @@ bool SOSCCIsAppleTVSyncing(void); /*! @function SOSCCIsHomeKitSyncing @abstract determines whether homekit keychain syncing is occuring (kSOSViewHomeKit) - @result true if we're in the circle. false otherwise. + @result true if we're in the circle and the kSOSViewHomeKit view is enabled. false otherwise. */ bool SOSCCIsHomeKitSyncing(void); @@ -212,16 +214,17 @@ bool SOSCCIsHomeKitSyncing(void); /*! @function SOSCCIsWiFiSyncing - @abstract determines whether homekit keychain syncing is occuring (kSOSViewWiFi) - @result true if we're in the circle. false otherwise. + @abstract determines whether WiFi keychain syncing is occuring (kSOSViewWiFi) + @result true if we're in the circle and the kSOSViewWiFi view is enabled. false otherwise. */ bool SOSCCIsWiFiSyncing(void); /*! - @function SOSCCIsAlwaysOnNoInitialSyncSyncing - @abstract determines whether homekit keychain syncing is occuring (kSOSViewHomeKit) - @result true if we're in the circle. false otherwise. + @function SOSCCIsContinuityUnlockSyncing + @abstract determines whether Continuity Unlock keychain syncing is occuring (kSOSViewContinuityUnlock) + @result true if we're in the circle and the kSOSViewContinuityUnlock view is enabled. false otherwise. +. */ bool SOSCCIsContinuityUnlockSyncing(void); @@ -385,13 +388,22 @@ CFArrayRef SOSCCCopyRetirementPeerInfo(CFErrorRef* error); */ CFArrayRef SOSCCCopyViewUnawarePeerInfo(CFErrorRef* error); +/* + * Keys to find data in engine state dictionary + */ +extern CFStringRef kSOSCCEngineStatePeerIDKey; +extern CFStringRef kSOSCCEngineStateManifestCountKey; +extern CFStringRef kSOSCCEngineStateSyncSetKey; +extern CFStringRef kSOSCCEngineStateCoderKey; +extern CFStringRef kSOSCCEngineStateManifestHashKey; + /*! - @function SOSCCCopyEngineState - @abstract Get the list of peers the engine knows about and their state. + @function SOSCCForEachEngineStateAsString + @abstract Get a string for each peer to dump to your favorite location. @param error What went wrong. - @result Array of EnginePeerInfos for connected peers. + @result if we had an error. */ -CFArrayRef SOSCCCopyEngineState(CFErrorRef* error); +bool SOSCCForEachEngineStateAsString(CFErrorRef* error, void (^block)(CFStringRef oneStateString)); /*! @function SOSCCAcceptApplicants @@ -430,16 +442,14 @@ bool SOSCCSetAutoAcceptInfo(CFDataRef autoaccept, CFErrorRef *error); /*! @function SOSCCCheckPeerAvailability - @abstract Prompts IDSKeychainSyncingProxy to query all devices in the circle with the same view. + @abstract Prompts KeychainSyncingOverIDSProxy to query all devices in the circle with the same view. @param error What went wrong. @result true if the operation succeeded, otherwise false. */ bool SOSCCCheckPeerAvailability(CFErrorRef *error); -/*! - @function SOSCCGetLastDepartureReason - @abstract Returns the code of why you left the circle. - @param error What went wrong if we returned kSOSDepartureReasonError. +/* + * Return values for SOSCCGetLastDepartureReason */ enum DepartureReason { kSOSDepartureReasonError = 0, @@ -455,12 +465,17 @@ enum DepartureReason { kSOSNumDepartureReasons, // ACHTUNG: this *MUST* be the last entry - ALWAYS! }; +/*! + @function SOSCCGetLastDepartureReason + @abstract Returns the code of why you left the circle. + @param error What went wrong if we returned kSOSDepartureReasonError. + */ enum DepartureReason SOSCCGetLastDepartureReason(CFErrorRef *error); /*! @function SOSCCSetLastDepartureReason @abstract Manually set the code of why the circle was left. - @param DepartureReason Custom departure reason be be set. + @param reason Custom departure reason be be set. @param error What went wrong if we returned false. */ @@ -542,7 +557,7 @@ extern const CFStringRef kSOSViewAccessoryPairing; /*! @function SOSCCView @abstract Enable, disable or query status of a View for this peer. - @param dataSource The View for which the action should be performed. + @param view The View for which the action should be performed. @param action The action code to take with the View @param error More description of the error if one occurred. @discussion @@ -570,9 +585,8 @@ SOSViewResultCode SOSCCView(CFStringRef view, SOSViewActionCode action, CFErrorR /*! @function SOSCCViewSet @abstract Enable, disable or query status of a views for this peer. - @param dataSource The views (as CFSet) for which the action should be performed. - @param action The action code to take with the views - @param error More description of the error if one occurred. + @param enabledviews The views (as CFSet) for which the action should be performed. + @param disabledviews TODO @discussion This call enables bulk setting of views for a peer. This is done for convenience as well as better performance; it requires less circle changes by grouping all the view enabling/disabling. @@ -636,7 +650,7 @@ SOSPeerInfoRef SOSCCCopyMyPeerWithNewDeviceRecoverySecret(CFDataRef secret, CFEr /*! @function SOSCCRegisterSingleRecoverySecret - @param aks_bag + @param aks_bag TODO @param error What went wrong trying to register the new secret @result true if we saved the bag, false if we had an error @discussion Asserts the keybag for use for backups when having a single secret. All views get backed up with this single bag. @@ -664,8 +678,6 @@ bool SOSCCSetEscrowRecord(CFStringRef escrow_label, uint64_t tries, CFErrorRef * /*! @function SOSCCCopyEscrowRecord - @param dsid Account DSID - @param escrow_label Account label @param error What went wrong trying to set the escrow label @result dictionary of the escrow record, false if we had an error, dictionary will be of format: [account label: ], dictionary will contain (ex): "Burned Recovery Attempt Attestation Date" = "[2015-08-19 15:21]"; "Burned Recovery Attempt Count" = 8; @@ -707,6 +719,33 @@ bool SOSCCJoinWithCircleJoiningBlob(CFDataRef joiningBlob, CFErrorRef *error); */ CFBooleanRef SOSCCPeersHaveViewsEnabled(CFArrayRef viewNames, CFErrorRef *error); +/*! + @function: bool SOSCCRegisterRecoveryPublicKey(CFDataRef recovery_key, CFErrorRef *error); + @param recovery_key the cf data representation of the recovery public key + Can be passed in as NULL to indicate the CFDataRef should be removed from the keychain + @result CFBooleanTrue if the public key was successfully stored in the syncable keychain + CFBooleanFalse if securityd could not store the recovery key (locked?) + NULL if we have an error. + */ +bool SOSCCRegisterRecoveryPublicKey(CFDataRef recovery_key, CFErrorRef *error); + +/*! + @function: bool SOSCCMessageFromPeerIsPending(SOSPeerInfoRef peer, CFErrorRef *error) + @param peer PeerInfo for the peer to ask about + @param error failure if we fail + @reulst true if we have a message pending that we haven't processed, false if we don't have one queued right now or an error occurred. + */ +bool SOSCCMessageFromPeerIsPending(SOSPeerInfoRef peer, CFErrorRef *error); + +/*! + @function: bool SOSCCSendToPeerIsPending(SOSPeerInfoRef peer, CFErrorRef *error) + @param peer PeerInfo for the peer to ask about + @param error failure if we fail + @reulst true if we have an attempt to sync pending that we haven't processed, false if we don't have one queued right now or an error occurred. + */ +bool SOSCCSendToPeerIsPending(SOSPeerInfoRef peer, CFErrorRef *error); + + __END_DECLS #endif diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSCloudCircleInternal.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSCloudCircleInternal.h index 42a0794e..82e2a4e4 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSCloudCircleInternal.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSCloudCircleInternal.h @@ -60,18 +60,25 @@ bool SOSCCAccountIsNew(CFErrorRef *error); /*! @function SOSCCHandleIDSMessage - @abstract Handles an IDS message from IDSKeychainSyncingProxy + @abstract Handles an IDS message from KeychainSyncingOverIDSProxy @param IDS The incoming IDS message @param error What went wrong if we returned false */ HandleIDSMessageReason SOSCCHandleIDSMessage(CFDictionaryRef IDS, CFErrorRef* error); +/*! + @function SOSCCProcessSyncWithPeers + @abstract Returns the peers for whom we handled syncing from the list send to us. + @param peers Set of peerIDs to sync with + @param backupPeers Set of backup peerIDs to sync with + */ +CFSetRef /* CFString */ SOSCCProcessSyncWithPeers(CFSetRef peers, CFSetRef backupPeers, CFErrorRef* error); + /*! @function SOSCCProcessSyncWithAllPeers @abstract Returns the information (string, hopefully URL) that will lead to an explanation of why you have an incompatible circle. @param error What went wrong if we returned NULL. */ - SyncWithAllPeersReason SOSCCProcessSyncWithAllPeers(CFErrorRef* error); bool SOSCCProcessEnsurePeerRegistration(CFErrorRef* error); @@ -111,7 +118,7 @@ bool SOSCCIDSPingTest(CFStringRef message, CFErrorRef *error); /*! @function SOSCCIDSDeviceIDIsAvailableTest - @abstract Attempts to communicate with IDSKeychainSyncingProxy to retrieve the device ID using IDS framework + @abstract Attempts to communicate with KeychainSyncingOverIDSProxy to retrieve the device ID using IDS framework @param error What went wrong if we returned false */ bool SOSCCIDSDeviceIDIsAvailableTest(CFErrorRef *error); @@ -134,11 +141,16 @@ CFDataRef SOSCCCopyAccountState(CFErrorRef* error); bool SOSCCDeleteAccountState(CFErrorRef *error); CFDataRef SOSCCCopyEngineData(CFErrorRef* error); bool SOSCCDeleteEngineState(CFErrorRef *error); -bool SOSCCRequestSyncWithPeerOverKVS( CFStringRef peerID, CFErrorRef *error); -bool SOSCCRequestSyncWithPeerOverIDS(CFStringRef peerID, CFErrorRef *error); +bool SOSCCRequestSyncWithPeerOverKVS( CFStringRef peerID, CFDataRef message, CFErrorRef *error); +bool SOSCCClearPeerMessageKeyInKVS(CFStringRef peerID, CFErrorRef *error); +CFDataRef SOSCCCopyRecoveryPublicKey(CFErrorRef *error); +CFDictionaryRef SOSCCCopyBackupInformation(CFErrorRef *error); +bool SOSCCRequestSyncWithPeerOverKVSUsingIDOnly(CFStringRef peerID, CFErrorRef *error); char *SOSCCSysdiagnose(const char *directoryname); +void SOSCCForEachEngineStateAsStringFromArray(CFArrayRef states, void (^block)(CFStringRef oneStateString)); + __END_DECLS #endif diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSCoder.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSCoder.c index d422d2f6..1a57d845 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSCoder.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSCoder.c @@ -69,12 +69,16 @@ CFGiblisWithCompareFor(SOSCoder) static CFStringRef SOSCoderCopyFormatDescription(CFTypeRef cf, CFDictionaryRef formatOptions) { SOSCoderRef coder = (SOSCoderRef)cf; if(coder){ - CFStringRef desc = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR(""), - coder->sessRef, - coder->hashOfLastReceived, - coder->waitingForDataPacket ? "W" : "w", - coder->lastReceivedWasOld ? "O" : "o" - ); + __block CFStringRef desc = NULL; + CFDataPerformWithHexString(coder->hashOfLastReceived, ^(CFStringRef dataString) { + desc = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR(""), + coder->sessRef, + dataString, + coder->waitingForDataPacket ? "W" : "w", + coder->lastReceivedWasOld ? "O" : "o" + ); + + }); return desc; } else @@ -117,7 +121,7 @@ static const char *SOSCoderString(SOSCoderStatus coderStatus) { } */ -static CFMutableDataRef sessSerialized(SOSCoderRef coder, CFErrorRef *error) { +static CFMutableDataRef sessSerializedCreate(SOSCoderRef coder, CFErrorRef *error) { CFMutableDataRef otr_state = NULL; if(!coder || !coder->sessRef) { @@ -152,7 +156,7 @@ static uint8_t* der_encode_optional_data(CFDataRef data, CFErrorRef *error, cons static size_t SOSCoderGetDEREncodedSize(SOSCoderRef coder, CFErrorRef *error) { size_t encoded_size = 0; - CFMutableDataRef otr_state = sessSerialized(coder, error); + CFMutableDataRef otr_state = sessSerializedCreate(coder, error); if (otr_state) { size_t data_size = der_sizeof_data(otr_state, error); @@ -172,7 +176,7 @@ static size_t SOSCoderGetDEREncodedSize(SOSCoderRef coder, CFErrorRef *error) { static uint8_t* SOSCoderEncodeToDER(SOSCoderRef coder, CFErrorRef* error, const uint8_t* der, uint8_t* der_end) { if(!der_end) return NULL; uint8_t* result = NULL; - CFMutableDataRef otr_state = sessSerialized(coder, error); + CFMutableDataRef otr_state = sessSerializedCreate(coder, error); if(otr_state) { result = ccder_encode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE, der_end, der, diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSDataSource.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSDataSource.h index f75ca70b..c434c5af 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSDataSource.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSDataSource.h @@ -37,6 +37,7 @@ #include #include #include +#include __BEGIN_DECLS @@ -62,7 +63,8 @@ static inline CFStringRef SOSDataSourceFactoryCopyName(SOSDataSourceFactoryRef d } static inline SOSDataSourceRef SOSDataSourceFactoryCreateDataSource(SOSDataSourceFactoryRef dsf, CFStringRef dataSourceName, CFErrorRef *error) { - return dsf->create_datasource(dsf, dataSourceName, error); + SecRequirementError(dsf != NULL, error, CFSTR("No datasource")); + return dsf ? dsf->create_datasource(dsf, dataSourceName, error) : NULL; } static inline void SOSDataSourceFactoryRelease(SOSDataSourceFactoryRef dsf) { @@ -145,6 +147,7 @@ struct SOSDataSource { // SOSObject methods CFDataRef (*objectCopyDigest)(SOSObjectRef object, CFErrorRef *error); + CFDateRef (*objectCopyModDate)(SOSObjectRef object, CFErrorRef *error); SOSObjectRef (*objectCreateWithPropertyList)(CFDictionaryRef plist, CFErrorRef *error); CFDictionaryRef (*objectCopyPropertyList)(SOSObjectRef object, CFErrorRef *error); CFDictionaryRef (*objectCopyBackup)(SOSObjectRef object, uint64_t handle, CFErrorRef *error); @@ -233,6 +236,10 @@ static inline CFDataRef SOSObjectCopyDigest(SOSDataSourceRef ds, SOSObjectRef ob return ds->objectCopyDigest(object, error); } +static inline CFDateRef SOSObjectCopyModificationDate(SOSDataSourceRef ds, SOSObjectRef object, CFErrorRef *error) { + return ds->objectCopyModDate(object, error); +} + static inline SOSObjectRef SOSObjectCreateWithPropertyList(SOSDataSourceRef ds, CFDictionaryRef plist, CFErrorRef *error) { return ds->objectCreateWithPropertyList(plist, error); } diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSDigestVector.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSDigestVector.c index 6c6674ec..cf9749a6 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSDigestVector.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSDigestVector.c @@ -25,7 +25,6 @@ #include #include #include -#include #include #include diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSEngine.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSEngine.c index 80579496..05313501 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSEngine.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSEngine.c @@ -34,6 +34,7 @@ #include #include #include +#include #include #include #include @@ -48,6 +49,9 @@ #include #include #include +#include +#include + #include #include @@ -82,25 +86,22 @@ static CFStringRef kSOSEngineTraceDateKey = CFSTR("traceDate"); //---------------------------------------------------------------------------------------- // MARK: Engine state v2 //---------------------------------------------------------------------------------------- + #if !TARGET_IPHONE_SIMULATOR static const CFIndex kCurrentEngineVersion = 2; #endif // Keychain/datasource items // Used for the kSecAttrAccount when saving in the datasource with dsSetStateWithKey // Class D [kSecAttrAccessibleAlwaysPrivate/kSecAttrAccessibleAlwaysThisDeviceOnly] -static CFStringRef kSOSEngineStatev2 = CFSTR("engine-state-v2"); -static CFStringRef kSOSEnginePeerStates = CFSTR("engine-peer-states"); -static CFStringRef kSOSEngineManifestCache = CFSTR("engine-manifest-cache"); -#define kSOSEngineProtectionDomainClassD kSecAttrAccessibleAlwaysPrivate // >>>> or kSecAttrAccessibleAlwaysThisDeviceOnly -// Class A [kSecAttrAccessibleWhenUnlockedThisDeviceOnly] -static CFStringRef kSOSEngineCoders = CFSTR("engine-coders"); +CFStringRef kSOSEngineStatev2 = CFSTR("engine-state-v2"); +CFStringRef kSOSEnginePeerStates = CFSTR("engine-peer-states"); +CFStringRef kSOSEngineManifestCache = CFSTR("engine-manifest-cache"); +CFStringRef kSOSEngineCoders = CFSTR("engine-coders"); #define kSOSEngineProtectionDomainClassA kSecAttrAccessibleWhenUnlockedThisDeviceOnly // Keys for individual dictionaries // engine-state-v2 -#if !TARGET_IPHONE_SIMULATOR -static CFStringRef kSOSEngineStateVersionKey = CFSTR("engine-stateVersion"); -#endif +CFStringRef kSOSEngineStateVersionKey = CFSTR("engine-stateVersion"); // Current save/load routines // SOSEngineCreate/SOSEngineLoad/SOSEngineSetState @@ -377,6 +378,7 @@ CFMutableArrayRef SOSEngineCopyPersistedManifestArray(SOSEngineRef engine, CFDic } return manifests; } + #if !TARGET_IPHONE_SIMULATOR static CFDictionaryRef SOSEngineCopyEncodedManifestCache_locked(SOSEngineRef engine, CFErrorRef *error) { CFMutableDictionaryRef mfc = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); @@ -576,6 +578,7 @@ static CFDictionaryRef SOSEngineCopyBasicState(SOSEngineRef engine, CFErrorRef * SOSPersistCFIndex(state, kSOSEngineStateVersionKey, kCurrentEngineVersion); return state; } + static bool SOSEngineDoSaveOneState(SOSEngineRef engine, SOSTransactionRef txn, CFStringRef key, CFStringRef pdmn, CFDictionaryRef state, CFErrorRef *error) { CFDataRef derState = CFPropertyListCreateDERData(kCFAllocatorDefault, state, error); @@ -583,6 +586,7 @@ static bool SOSEngineDoSaveOneState(SOSEngineRef engine, SOSTransactionRef txn, CFReleaseSafe(derState); return ok; } + static bool SOSEngineDoSave(SOSEngineRef engine, SOSTransactionRef txn, CFErrorRef *error) { bool ok = true; @@ -680,7 +684,7 @@ static bool SOSEngineSetPeerStateWithDictionary(SOSEngineRef engine, CFDictionar return true; } -static CFMutableDictionaryRef derStateToDictionaryCopy(CFDataRef state, CFErrorRef *error) { +CFMutableDictionaryRef derStateToDictionaryCopy(CFDataRef state, CFErrorRef *error) { bool ok = true; CFMutableDictionaryRef stateDict = NULL; if (state) { @@ -798,7 +802,10 @@ static bool SOSEngineLoad(SOSEngineRef engine, SOSTransactionRef txn, CFErrorRef } secnotice("coder", "Migrating from v0 engine state; dropping coders and forcing re-negotiation"); SOSCCEnsurePeerRegistration(); - SOSCCSyncWithAllPeers(); + + if (engine->peerIDs) { + SOSCCRequestSyncWithPeersList(engine->peerIDs); + } } ok = engineState && SOSEngineSetStateWithDictionary(engine, engineState, error); @@ -820,12 +827,17 @@ bool SOSTestEngineSaveWithDER(SOSEngineRef engine, CFDataRef derState, CFErrorRe return true; } -/* - bool SOSTestEngineSave(SOSEngineRef engine, CFErrorRef *error) { - +bool SOSTestEngineSave(SOSEngineRef engine, SOSTransactionRef txn, CFErrorRef *error) { + bool bx = SOSEngineSave(engine, txn, error); + secnotice("test", "saved engine: %@", engine); + return bx; } -*/ +bool SOSTestEngineLoad(SOSEngineRef engine, SOSTransactionRef txn, CFErrorRef *error) { + bool bx = SOSEngineLoad(engine, txn, error); + secnotice("test", "loaded engine: %@", engine); + return bx; +} //---------------------------------------------------------------------------------------- // MARK: Change Trackers and Peer Manifests @@ -1135,12 +1147,22 @@ static bool SOSEngineUpdateChanges_locked(SOSEngineRef engine, SOSTransactionRef if (deleted) { bool someoneCares = SOSChangeMapperIngestChange(&cm, false, deleted); if (someoneCares) { +#if TARGET_OS_EMBEDDED + SecADAddValueForScalarKey(CFSTR("com.apple.security.sos.delete"), 1); +#endif mappedItemChanged = true; } } if (inserted) { bool someoneCares = SOSChangeMapperIngestChange(&cm, true, inserted); if (someoneCares) { +#if TARGET_OS_EMBEDDED + if (deleted == NULL) { + SecADAddValueForScalarKey(CFSTR("com.apple.security.sos.add"), 1); + } else { + SecADAddValueForScalarKey(CFSTR("com.apple.security.sos.update"), 1); + } +#endif mappedItemChanged = true; } if (!someoneCares && !isData(inserted) && SecDbItemIsTombstone((SecDbItemRef)inserted) && !CFEqualSafe(SecDbItemGetValue((SecDbItemRef)inserted, &v7utomb, NULL), kCFBooleanTrue)) { @@ -1167,6 +1189,9 @@ static bool SOSEngineUpdateChanges_locked(SOSEngineRef engine, SOSTransactionRef // Write SOSEngine and SOSPeer state to disk secnotice("engine", "saving engine state"); ok &= SOSEngineSave(engine, txn, error); + + if (kSOSDataSourceAPITransaction == source) + SOSCCRequestSyncWithPeersList(engine->peerIDs); } else { secnotice("engine", "Not saving engine state, nothing changed."); } @@ -1757,12 +1782,39 @@ static void SOSEngineForEachBackupPeer(SOSEngineRef engine, void (^with)(SOSPeer }); } +#if TARGET_OS_EMBEDDED && !TARGET_IPHONE_SIMULATOR +static const CFStringRef kSecADSecurityNewItemSyncTimeKey = CFSTR("com.apple.security.secureobjectsync.itemtime.new"); +static const CFStringRef kSecADSecurityKnownItemSyncTimeKey = CFSTR("com.apple.security.secureobjectsync.itemtime.known"); +#else +#endif + + +static void ReportItemSyncTime(SOSDataSourceRef ds, bool known, SOSObjectRef object) +{ + CFDateRef itemModDate = SOSObjectCopyModificationDate(ds, object, NULL); + if (itemModDate) { + CFAbsoluteTime syncTime = 0; + CFAbsoluteTime now = CFAbsoluteTimeGetCurrent(); + + CFAbsoluteTime peerModificationAbsoluteTime = CFDateGetAbsoluteTime(itemModDate); + if (peerModificationAbsoluteTime > now) { + syncTime = now - peerModificationAbsoluteTime; + } + +#if TARGET_OS_EMBEDDED && !TARGET_IPHONE_SIMULATOR + SecADClientPushValueForDistributionKey(known ? kSecADSecurityKnownItemSyncTimeKey : kSecADSecurityNewItemSyncTimeKey, + SecBucket2Significant(syncTime)); +#else +#endif + } +} /* Handle incoming message from peer p. Return false if there was an error, true otherwise. */ bool SOSEngineHandleMessage_locked(SOSEngineRef engine, CFStringRef peerID, SOSMessageRef message, SOSTransactionRef txn, bool *commit, bool *somethingChanged, CFErrorRef *error) { SOSPeerRef peer = SOSEngineCopyPeerWithID_locked(engine, peerID, error); if (!peer) return false; + CFStringRef peerDesc = NULL; SOSManifestRef localManifest = NULL; SOSManifestRef allAdditions = NULL; @@ -1781,6 +1833,8 @@ bool SOSEngineHandleMessage_locked(SOSEngineRef engine, CFStringRef peerID, SOSM require_action_quiet(peer, exit, ok = SOSErrorCreate(errSecParam, error, NULL, CFSTR("Couldn't create peer with Engine for %@"), peerID)); peerDesc = CFCopyDescription(peer); + bool hadBeenInSyncAtStart = SOSPeerHasBeenInSync(peer); + SOSMessageWithExtensions(message, true, ^(CFDataRef oid, bool isCritical, CFDataRef extension, bool *stop) { // OMFG a Critical extension what shall I do! ok = SOSErrorCreate(kSOSErrorNotReady, error, NULL, CFSTR("Unknown criticial extension in peer message")); @@ -1823,6 +1877,13 @@ bool SOSEngineHandleMessage_locked(SOSEngineRef engine, CFStringRef peerID, SOSM // Ensure localObject is in local manifest (possible corruption) by posting an update when we are done. SOSChangesAppendAdd(changes, mergedObject); } + + if (ok && hadBeenInSyncAtStart) { + ReportItemSyncTime(engine->dataSource, + mr == kSOSMergeLocalObject, + peersObject); + } + CFReleaseSafe(mergedObject); CFReleaseSafe(digest); }), exit); @@ -2161,6 +2222,8 @@ static void SOSEngineCompletedSyncWithPeer(SOSEngineRef engine, SOSPeerRef peer) CFReleaseSafe(block_to_call); }); } + + SOSPeerSetHasBeenInSync(peer, true); } @@ -2583,17 +2646,44 @@ done: return ok; } -bool SOSEngineSyncWithPeers(SOSEngineRef engine, CFErrorRef *error) { - __block bool ok = true; +CF_RETURNS_RETAINED CFSetRef SOSEngineSyncWithBackupPeers(SOSEngineRef engine, CFSetRef /* CFStringRef */ peers, CFErrorRef *error) +{ __block bool incomplete = false; - ok &= SOSEngineDoTxnOnQueue(engine, error, ^(SOSTransactionRef txn, bool *commit) { + CFMutableSetRef handledSet = CFSetCreateMutableForCFTypes(kCFAllocatorDefault); + + bool ok = SOSEngineDoTxnOnQueue(engine, error, ^(SOSTransactionRef txn, bool *commit) { __block bool dirty = false; - SOSEngineForEachBackupPeer_locked(engine, ^(SOSPeerRef peer) { - ok = SOSEngineWriteToBackup_locked(engine, peer, false, &dirty, &incomplete, error); + CFSetForEach(peers, ^(const void *value) { + bool report_handled = true; + CFErrorRef localError = NULL; + SOSPeerRef peer = NULL; + CFStringRef peerID = asString(value, &localError); + require_action_quiet(peerID, done, report_handled = false); + + peer = SOSEngineCopyPeerWithID_locked(engine, peerID, &localError); + require_quiet(peerID, done); + + if (SOSPeerMapEntryIsBackup(peer)) { + report_handled = SOSEngineWriteToBackup_locked(engine, peer, false, &dirty, &incomplete, &localError); + } + + done: + if (localError) { + secnotice("engine-sync", "Failed to process sync for %@: %@", peerID, localError); + } + if (report_handled) { + CFSetAddValue(handledSet, peerID); + } + CFReleaseNull(localError); + CFReleaseNull(peer); }); - if (dirty) - ok = SOSEngineSave(engine, txn, error); + if (dirty) { + CFErrorRef saveError = NULL; + if (!SOSEngineSave(engine, txn, &saveError)) { + secnotice("engine-save", "Failed to save engine: %@", saveError); + } + } }); if (incomplete) { // Ensure we get called again in a while (after a backup timeout) @@ -2601,7 +2691,10 @@ bool SOSEngineSyncWithPeers(SOSEngineRef engine, CFErrorRef *error) { // TODO: This relies on us not writing complete marker for update // event while we havn't finished a full backup, which we currently still do. } - return ok; + if (!ok) + CFReleaseNull(handledSet); + + return handledSet; } bool SOSEngineHandleMessage(SOSEngineRef engine, CFStringRef peerID, @@ -2615,7 +2708,7 @@ bool SOSEngineHandleMessage(SOSEngineRef engine, CFStringRef peerID, }); CFReleaseSafe(message); if (somethingChanged) - SecKeychainChanged(false); + SecKeychainChanged(); return result; } @@ -2623,6 +2716,10 @@ void SOSEngineCircleChanged(SOSEngineRef engine, CFStringRef myPeerID, CFArrayRe __block bool peersOrViewsChanged = false; SOSEngineDoOnQueue(engine, ^{ peersOrViewsChanged = SOSEngineCircleChanged_locked(engine, myPeerID, trustedPeers, untrustedPeers); + + // We should probably get a more precise list of peers that actually need talking to + if (peersOrViewsChanged && engine->myID && CFArrayGetCount(engine->peerIDs) != 0) + SOSCCRequestSyncWithPeersList(engine->peerIDs); }); __block bool ok = true; @@ -2635,8 +2732,6 @@ void SOSEngineCircleChanged(SOSEngineRef engine, CFStringRef myPeerID, CFArrayRe CFReleaseSafe(localError); } - if (peersOrViewsChanged) - SOSCCSyncWithAllPeers(); } SOSManifestRef SOSEngineCopyManifest(SOSEngineRef engine, CFErrorRef *error) { @@ -2782,40 +2877,40 @@ CFArrayRef SOSEngineCopyBackupPeerNames(SOSEngineRef engine, CFErrorRef *error) return backupNames; } -static CFStringRef CFStringCreateWithLabelAndViewNameSetDescription(CFStringRef label, CFStringRef peerID, CFSetRef vns, SOSManifestRef manifest) { - __block CFStringRef desc; - CFStringSetPerformWithDescription(vns, ^(CFStringRef description) { - desc = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("%@ %@ (%@) [%lu]"), label, peerID, description, (manifest) ? SOSManifestGetCount(manifest): 0); - }); - return desc; +static CFMutableDictionaryRef SOSEngineCreateStateDictionary(CFStringRef peerID, SOSManifestRef manifest, CFSetRef vns, CFStringRef coderString) { + CFNumberRef manifestCount = CFNumberCreateWithCFIndex(kCFAllocatorDefault, SOSManifestGetCount(manifest)); + CFDataRef manifestHash = SOSManifestGetDigest(manifest, NULL); + CFMutableDictionaryRef result = CFDictionaryCreateMutableForCFTypesWithSafe(kCFAllocatorDefault, + kSOSCCEngineStatePeerIDKey, peerID, + kSOSCCEngineStateManifestCountKey, manifestCount, + kSOSCCEngineStateManifestHashKey, manifestHash, + kSOSCCEngineStateSyncSetKey, asSet(vns, NULL), + kSOSCCEngineStateCoderKey, coderString, + NULL); + CFReleaseNull(manifestCount); + return result; } -static void CFArrayAppendConfirmedDigestsEntry(CFMutableArrayRef array, CFStringRef label, CFStringRef peerID, CFSetRef vns, SOSManifestRef manifest) { - CFStringRef desc = CFStringCreateWithLabelAndViewNameSetDescription(label, peerID, vns, manifest); - CFArrayAppendValue(array, desc); - CFReleaseSafe(desc); - CFDataRef digest = SOSManifestGetDigest(manifest, NULL); - if (digest) { - CFArrayAppendValue(array, digest); - } else { - CFDataRef nullDigest = CFDataCreate(kCFAllocatorDefault, NULL, 0); - CFArrayAppendValue(array, nullDigest); - CFReleaseSafe(nullDigest); - } +static void SOSEngineAppendStateDictionary(CFMutableArrayRef stateArray, CFStringRef peerID, SOSManifestRef manifest, CFSetRef vns, CFStringRef coderString) { + CFMutableDictionaryRef newState = SOSEngineCreateStateDictionary(peerID, manifest, vns, coderString); + CFArrayAppendValue(stateArray, newState); + CFReleaseNull(newState); } static CFArrayRef SOSEngineCopyPeerConfirmedDigests_locked(SOSEngineRef engine, CFErrorRef *error) { CFMutableArrayRef result = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault); CFDictionaryForEach(engine->viewNameSet2ChangeTracker, ^(const void *vns, const void *ct) { SOSManifestRef manifest = SOSEngineCopyManifestWithViewNameSet_locked(engine, vns, error); - CFArrayAppendConfirmedDigestsEntry(result, CFSTR("local "), engine->myID, (CFSetRef)vns, manifest); - CFReleaseSafe(manifest); + SOSEngineAppendStateDictionary(result, NULL, manifest, vns, NULL); + CFReleaseNull(manifest); }); // Copy other peers even if we aren't in the circle, since we're observing it. SOSEngineForEachPeer_locked(engine, ^(SOSPeerRef peer) { - CFArrayAppendConfirmedDigestsEntry(result, CFSTR("remote"), SOSPeerGetID(peer), SOSPeerGetViewNameSet(peer), - SOSPeerGetConfirmedManifest(peer)); + CFTypeRef coderObject = engine->coders ? CFDictionaryGetValue(engine->coders, SOSPeerGetID(peer)) : CFSTR("Coders not loaded."); + CFStringRef coderState = coderObject ? CFCopyDescription(coderObject) : NULL; + SOSEngineAppendStateDictionary(result, SOSPeerGetID(peer), SOSPeerGetConfirmedManifest(peer), SOSPeerGetViewNameSet(peer), coderState); + CFReleaseNull(coderState); }); return result; } @@ -2842,16 +2937,11 @@ void SOSEngineLogState(SOSEngineRef engine) { require_action_quiet(engine, retOut, secnotice(ENGINELOGSTATE, "No Engine Available")); confirmedDigests = SOSEngineCopyPeerConfirmedDigests(engine, &error); require_action_quiet(confirmedDigests, retOut, secnotice(ENGINELOGSTATE, "No engine peers: %@\n", error)); - CFIndex entries = CFArrayGetCount(confirmedDigests) / 2; - for(CFIndex i = 0; i < entries; i++) { - CFStringRef partA = asString(CFArrayGetValueAtIndex(confirmedDigests, i*2), NULL); - CFDataRef partB = asData(CFArrayGetValueAtIndex(confirmedDigests, i*2+1), NULL); - if(partA && partB) { - CFStringRef hexDigest = CFDataCopyHexString(partB); - secnotice(ENGINELOGSTATE, "%@ %@", partA, hexDigest); - CFReleaseNull(hexDigest); - } - } + + SOSCCForEachEngineStateAsStringFromArray(confirmedDigests, ^(CFStringRef onePeerDescription) { + secnotice(ENGINELOGSTATE, "%@", onePeerDescription); + }); + retOut: CFReleaseNull(error); CFReleaseNull(confirmedDigests); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSEngine.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSEngine.h index 4d90cfae..8ad3f48d 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSEngine.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSEngine.h @@ -86,8 +86,7 @@ void SOSEngineCircleChanged(SOSEngineRef engine, CFStringRef myPeerID, CFArrayRe // Iterate over all peers. void SOSEngineForEachPeer(SOSEngineRef engine, void (^with)(SOSPeerRef peer)); -// TODO: Move SOSTransportMessageIDSRef declarations somewhere we can get to them here. -bool SOSEngineSyncWithPeers(SOSEngineRef engine, CFErrorRef *error); +CF_RETURNS_RETAINED CFSetRef SOSEngineSyncWithBackupPeers(SOSEngineRef engine, CFSetRef /* CFStringRef */ peers, CFErrorRef *error); // Don't call this unless you know what you are doing. If you do then still don't call it. bool SOSEngineHandleMessage_locked(SOSEngineRef engine, CFStringRef peerID, SOSMessageRef message, @@ -129,6 +128,9 @@ CFArrayRef SOSEngineCopyPeerConfirmedDigests(SOSEngineRef engine, CFErrorRef *er // Private do not use! SOSDataSourceRef SOSEngineGetDataSource(SOSEngineRef engine); bool SOSTestEngineSaveWithDER(SOSEngineRef engine, CFDataRef derState, CFErrorRef *error); +bool SOSTestEngineSave(SOSEngineRef engine, SOSTransactionRef txn, CFErrorRef *error); +bool SOSTestEngineLoad(SOSEngineRef engine, SOSTransactionRef txn, CFErrorRef *error); +CFMutableDictionaryRef derStateToDictionaryCopy(CFDataRef state, CFErrorRef *error); bool SOSTestEngineSaveCoders(SOSEngineRef engine, SOSTransactionRef txn, CFErrorRef *error); bool TestSOSEngineLoadCoders(SOSEngineRef engine, SOSTransactionRef txn, CFErrorRef *error); @@ -141,6 +143,19 @@ void SOSEngineSetSyncCompleteListenerQueue(SOSEngineRef engine, dispatch_queue_t // Engine State by Log void SOSEngineLogState(SOSEngineRef engine); +// Keychain/datasource items +// Used for the kSecAttrAccount when saving in the datasource with dsSetStateWithKey +// Class D [kSecAttrAccessibleAlwaysPrivate/kSecAttrAccessibleAlwaysThisDeviceOnly] +extern CFStringRef kSOSEngineStatev2; +extern CFStringRef kSOSEnginePeerStates; +extern CFStringRef kSOSEngineManifestCache; +#define kSOSEngineProtectionDomainClassD kSecAttrAccessibleAlwaysPrivate +// Class A [kSecAttrAccessibleWhenUnlockedThisDeviceOnly] +extern CFStringRef kSOSEngineCoders; +#define kSOSEngineProtectionDomainClassA kSecAttrAccessibleWhenUnlockedThisDeviceOnly + +extern CFStringRef kSOSEngineStateVersionKey; + __END_DECLS #endif /* !_SEC_SOSENGINE_H_ */ diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSExports.exp-in b/OSX/sec/SOSCircle/SecureObjectSync/SOSExports.exp-in index b29f9403..ad40ac35 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSExports.exp-in +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSExports.exp-in @@ -5,51 +5,77 @@ // Cloud Circle API // - _SOSCCAcceptApplicants +_SOSCCAccountHasPublicKey +_SOSCCAccountIsNew _SOSCCAccountSetToNew _SOSCCBailFromCircle_BestEffort _SOSCCCanAuthenticate +_SOSCCCheckPeerAvailability +_SOSCCClearPeerMessageKeyInKVS +_SOSCCCopyAccountState _SOSCCCopyApplicantPeerInfo +_SOSCCCopyApplication +_SOSCCCopyBackupInformation +_SOSCCCopyCircleJoiningBlob _SOSCCCopyConcurringPeerPeerInfo -_SOSCCCopyEngineState +_SOSCCCopyDeviceID +_SOSCCCopyEngineData +_SOSCCCopyEscrowRecord _SOSCCCopyGenerationPeerInfo _SOSCCCopyIncompatibilityInfo _SOSCCCopyMyPeerInfo _SOSCCCopyMyPeerWithNewDeviceRecoverySecret _SOSCCCopyNotValidPeerPeerInfo _SOSCCCopyPeerPeerInfo +_SOSCCCopyRecoveryPublicKey _SOSCCCopyRetirementPeerInfo _SOSCCCopyValidPeerPeerInfo _SOSCCCopyViewUnawarePeerInfo _SOSCCCopyYetToSyncViewsList +_SOSCCDeleteAccountState +_SOSCCDeleteEngineState +_SOSCCForEachEngineStateAsString +_SOSCCForEachEngineStateAsStringFromArray _SOSCCGetLastDepartureReason _SOSCCGetStatusDescription _SOSCCHandleIDSMessage _SOSCCRequestSyncWithPeerOverKVS -_SOSCCRequestSyncWithPeerOverIDS +_SOSCCRequestSyncWithPeerOverKVSUsingIDOnly _SOSCCIDSDeviceIDIsAvailableTest _SOSCCIDSPingTest _SOSCCIDSServiceRegistrationTest +_SOSCCIsAppleTVSyncing +_SOSCCIsContinuityUnlockSyncing +_SOSCCIsHomeKitSyncing +_SOSCCIsIcloudKeychainSyncing +_SOSCCIsSafariSyncing +_SOSCCIsWiFiSyncing +_SOSCCJoinWithCircleJoiningBlob +_SOSCCLoggedOutOfAccount +_SOSCCMessageFromPeerIsPending _SOSCCPeersHaveViewsEnabled _SOSCCProcessEnsurePeerRegistration _SOSCCProcessSyncWithAllPeers +_SOSCCProcessSyncWithPeers _SOSCCPurgeUserCredentials +_SOSCCRegisterRecoveryPublicKey _SOSCCRegisterSingleRecoverySecret _SOSCCRegisterUserCredentials _SOSCCRejectApplicants _SOSCCRemovePeersFromCircle _SOSCCRemoveThisDeviceFromCircle -_SOSCCLoggedOutOfAccount -_SOSCCCopyDeviceID _SOSCCRequestEnsureFreshParameters +_SOSCCRequestSyncWithPeerOverKVS _SOSCCRequestToJoinCircle _SOSCCRequestToJoinCircleAfterRestore _SOSCCResetToEmpty _SOSCCResetToOffering _SOSCCSecurityProperty +_SOSCCSendToPeerIsPending _SOSCCSetAutoAcceptInfo _SOSCCSetDeviceID +_SOSCCSetEscrowRecord _SOSCCSetLastDepartureReason _SOSCCSetUserCredentials _SOSCCSetUserCredentialsAndDSID @@ -60,26 +86,13 @@ _SOSCCTryUserCredentials _SOSCCValidateUserPublic _SOSCCView _SOSCCViewSet -_SOSCCSecurityProperty -_SOSCCIsIcloudKeychainSyncing -_SOSCCIsSafariSyncing -_SOSCCIsAppleTVSyncing -_SOSCCIsHomeKitSyncing -_SOSCCIsWiFiSyncing -_SOSCCIsContinuityUnlockSyncing _SOSCCWaitForInitialSync -_SOSCCSetEscrowRecord -_SOSCCCopyEscrowRecord -_SOSCCCheckPeerAvailability -_SOSCCCopyAccountState -_SOSCCDeleteAccountState -_SOSCCCopyEngineData -_SOSCCDeleteEngineState -_SOSCCCopyApplication -_SOSCCCopyCircleJoiningBlob -_SOSCCJoinWithCircleJoiningBlob -_SOSCCAccountHasPublicKey -_SOSCCAccountIsNew + +_kSOSCCEngineStateCoderKey +_kSOSCCEngineStateManifestCountKey +_kSOSCCEngineStateManifestHashKey +_kSOSCCEngineStatePeerIDKey +_kSOSCCEngineStateSyncSetKey _UserParametersDescription @@ -88,10 +101,15 @@ _kSOSCCViewMembershipChangedNotification _kSOSCCInitialSyncChangedNotification _kSOSCCHoldLockForInitialSync _kSOSCCPeerAvailable +_kSOSCCRecoveryKeyChanged _SOSCCSetLastDepartureReason _SOSCCAccountSetToNew +_SOSCCDumpCircleInformation +_SOSCCDumpCircleKVSInformation + + // // Peer Info interfaces for SPI // @@ -187,10 +205,12 @@ _SOSBSKBCopyAKSBag _SOSBSKBCopyEncoded _SOSBSKBIsDirect _SOSBSKBGetPeers +_SOSBSKBCopyRecoveryKey _SOSBSKBLoadLocked _SOSBSKBLoadAndUnlockWithDirectSecret _SOSBSKBLoadAndUnlockWithPeerSecret +_SOSBSKBLoadAndUnlockWithWrappingSecret _SOSBackupSliceKeyBagCreate _SOSBackupSliceKeyBagCreateDirect _SOSBackupSliceKeyBagCreateFromData @@ -200,6 +220,8 @@ _der_encode_BackupSliceKeyBag _der_sizeof_BackupSliceKeyBag _SOSWrapToBackupSliceKeyBagForView +_SOSAccountRecoveryKeyIsInBackupAndCurrentInView +_SOSBSKBHasRecoveryKey // // View SPI @@ -216,7 +238,6 @@ _SOSViewsGetAllCurrent #include "Security/SecureObjectSync/SOSViews.exp-in" -_kSecUseSystemKeychain _kSecUseSyncBubbleKeychain // @@ -227,6 +248,7 @@ _SOSCircleGenerationIncrement _SOSCircleGenerationSetValue _SOSCircleGetGenerationSint _SOSAccountPeerGotInSync +_SOSCloudKeychainRetrievePendingMessageFromProxy _SOSCloudKeychainClearAll _SOSCloudKeychainGetAllObjectsFromCloud @@ -277,12 +299,20 @@ _sViewsKey _sSerialNumberKey _sPreferIDS _sPreferIDSFragmentation +_sPreferIDSACKModel _sDeviceID _sTransportType _sSecurityPropertiesKey - +_kIDSOperationType +_kIDSMessageToSendKey +_kIDSMessageUniqueID +_kIDSMessageRecipientPeerID +_kIDSMessageRecipientDeviceID +_kIDSMessageUsesAckModel _SOSGenerationCountCopyDescription +_SOSLogSetOutputTo + #if !(TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) // Symbols only for embedded, typically for tests diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSFullPeerInfo.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSFullPeerInfo.c index ea3a6cc9..4d1b3205 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSFullPeerInfo.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSFullPeerInfo.c @@ -26,18 +26,19 @@ #include #include +#include #include #include #include +#include #include #include #include #include #include -#include #include #include @@ -133,10 +134,11 @@ SOSFullPeerInfoRef SOSFullPeerInfoCreateWithViews(CFAllocatorRef allocator, CFStringRef transportType =SOSTransportMessageTypeIDSV2; CFBooleanRef preferIDS = kCFBooleanFalse; CFBooleanRef preferIDSFragmentation = kCFBooleanTrue; - + CFBooleanRef preferACKModel = kCFBooleanTrue; + fpi->peer_info = SOSPeerInfoCreateWithTransportAndViews(allocator, gestalt, backupKey, IDSID, transportType, preferIDS, - preferIDSFragmentation, initialViews, + preferIDSFragmentation, preferACKModel, initialViews, signingKey, error); require_quiet(fpi->peer_info, exit); @@ -192,6 +194,11 @@ bool SOSFullPeerInfoUpdateTransportFragmentationPreference(SOSFullPeerInfoRef pe }); } +bool SOSFullPeerInfoUpdateTransportAckModelPreference(SOSFullPeerInfoRef peer, CFBooleanRef preference, CFErrorRef* error){ + return SOSFullPeerInfoUpdate(peer, error, ^SOSPeerInfoRef(SOSPeerInfoRef peer, SecKeyRef key, CFErrorRef *error) { + return SOSPeerInfoSetIDSACKModelPreference(kCFAllocatorDefault, peer, preference, key, error); + }); +} SOSFullPeerInfoRef SOSFullPeerInfoCreateCloudIdentity(CFAllocatorRef allocator, SOSPeerInfoRef peer, CFErrorRef* error) { SOSFullPeerInfoRef fpi = CFTypeAllocate(SOSFullPeerInfo, struct __OpaqueSOSFullPeerInfo, allocator); @@ -299,6 +306,14 @@ bool SOSFullPeerInfoUpdateGestalt(SOSFullPeerInfoRef peer, CFDictionaryRef gesta }); } +bool SOSFullPeerInfoUpdateV2Dictionary(SOSFullPeerInfoRef peer, CFDictionaryRef newv2dict, CFErrorRef* error) +{ + return SOSFullPeerInfoUpdate(peer, error, ^SOSPeerInfoRef(SOSPeerInfoRef peer, SecKeyRef key, CFErrorRef *error) { + return SOSPeerInfoCopyWithV2DictionaryUpdate(kCFAllocatorDefault, peer, + newv2dict, key, error); + }); +} + bool SOSFullPeerInfoUpdateBackupKey(SOSFullPeerInfoRef peer, CFDataRef backupKey, CFErrorRef* error) { return SOSFullPeerInfoUpdate(peer, error, ^SOSPeerInfoRef(SOSPeerInfoRef peer, SecKeyRef key, CFErrorRef *error) { @@ -365,6 +380,7 @@ static bool sosFullPeerInfoRequiresUpdate(SOSFullPeerInfoRef peer, CFSetRef mini if(!(SOSPeerInfoV2DictionaryHasString(peer->peer_info, sTransportType))) return true; if(!(SOSPeerInfoV2DictionaryHasBoolean(peer->peer_info, sPreferIDS))) return true; if(!(SOSPeerInfoV2DictionaryHasBoolean(peer->peer_info, sPreferIDSFragmentation))) return true; + if(!(SOSPeerInfoV2DictionaryHasBoolean(peer->peer_info, sPreferIDSACKModel))) return true; if(SOSFullPeerInfoNeedsViewUpdate(peer, minimumViews, excludedViews)) return true; return false; @@ -388,7 +404,7 @@ bool SOSFullPeerInfoUpdateToCurrent(SOSFullPeerInfoRef peer, CFSetRef minimumVie secnotice("upgrade", "SOSFullPeerInfoCopyDeviceKey failed: %@", copyError)); SOSPeerInfoRef newPeer = SOSPeerInfoCreateCurrentCopy(kCFAllocatorDefault, peer->peer_info, - NULL, NULL, kCFBooleanFalse, kCFBooleanTrue, newViews, + NULL, NULL, kCFBooleanFalse, kCFBooleanTrue, kCFBooleanTrue, newViews, device_key, &createError); require_action_quiet(newPeer, errOut, secnotice("upgrade", "Peer info v2 create copy failed: %@", createError)); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSFullPeerInfo.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSFullPeerInfo.h index e4e0f4bd..25f2c9eb 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSFullPeerInfo.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSFullPeerInfo.h @@ -66,6 +66,8 @@ bool SOSFullPeerInfoPrivKeyExists(SOSFullPeerInfoRef peer); bool SOSFullPeerInfoUpdateGestalt(SOSFullPeerInfoRef peer, CFDictionaryRef gestalt, CFErrorRef* error); +bool SOSFullPeerInfoUpdateV2Dictionary(SOSFullPeerInfoRef peer, CFDictionaryRef newv2dict, CFErrorRef* error); + bool SOSFullPeerInfoUpdateBackupKey(SOSFullPeerInfoRef peer, CFDataRef backupKey, CFErrorRef* error); bool SOSFullPeerInfoAddEscrowRecord(SOSFullPeerInfoRef peer, CFStringRef dsid, CFDictionaryRef escrowRecord, CFErrorRef* error); @@ -100,6 +102,7 @@ bool SOSFullPeerInfoUpdateTransportType(SOSFullPeerInfoRef peer, CFStringRef tra bool SOSFullPeerInfoUpdateDeviceID(SOSFullPeerInfoRef peer, CFStringRef deviceID, CFErrorRef* error); bool SOSFullPeerInfoUpdateTransportPreference(SOSFullPeerInfoRef peer, CFBooleanRef preference, CFErrorRef* error); bool SOSFullPeerInfoUpdateTransportFragmentationPreference(SOSFullPeerInfoRef peer, CFBooleanRef preference, CFErrorRef* error); +bool SOSFullPeerInfoUpdateTransportAckModelPreference(SOSFullPeerInfoRef peer, CFBooleanRef preference, CFErrorRef* error); SOSSecurityPropertyResultCode SOSFullPeerInfoUpdateSecurityProperty(SOSFullPeerInfoRef peer, SOSViewActionCode action, CFStringRef property, CFErrorRef* error); SOSSecurityPropertyResultCode SOSFullPeerInfoSecurityPropertyStatus(SOSFullPeerInfoRef peer, CFStringRef property, CFErrorRef *error); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSGenCount.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSGenCount.c index fb8d8518..5163e901 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSGenCount.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSGenCount.c @@ -9,6 +9,9 @@ #include "SOSGenCount.h" #include #include +#include +#include + static CFAbsoluteTime SOSGenerationCountGetDateBits(int64_t genValue) { return (uint32_t) ((((uint64_t) genValue) >> 32) << 1); @@ -116,3 +119,24 @@ SOSGenCountRef SOSGenerationCreateWithBaseline(SOSGenCountRef reference) { } return retval; } + + +SOSGenCountRef SOSGenCountCreateFromDER(CFAllocatorRef allocator, CFErrorRef* error, + const uint8_t** der_p, const uint8_t *der_end) { + SOSGenCountRef retval = NULL; + *der_p = der_decode_number(allocator, 0, &retval, error, *der_p, der_end); + if(retval == NULL) + retval = SOSGenerationCreate(); + return retval; +} + +size_t SOSGenCountGetDEREncodedSize(SOSGenCountRef gencount, CFErrorRef *error) { + return der_sizeof_number(gencount, error); +} + +uint8_t *SOSGenCountEncodeToDER(SOSGenCountRef gencount, CFErrorRef* error, const uint8_t* der, uint8_t* der_end) { + return der_encode_number(gencount, error, der, der_end); +} + + + diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSGenCount.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSGenCount.h index 53ad32f9..fc425951 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSGenCount.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSGenCount.h @@ -21,7 +21,13 @@ SOSGenCountRef SOSGenerationCopy(SOSGenCountRef gen); bool SOSGenerationIsOlder(SOSGenCountRef current, SOSGenCountRef proposed); SOSGenCountRef SOSGenerationCreateWithBaseline(SOSGenCountRef reference); +SOSGenCountRef SOSGenCountCreateFromDER(CFAllocatorRef allocator, CFErrorRef* error, + const uint8_t** der_p, const uint8_t *der_end); +size_t SOSGenCountGetDEREncodedSize(SOSGenCountRef gencount, CFErrorRef *error); +uint8_t *SOSGenCountEncodeToDER(SOSGenCountRef gencount, CFErrorRef* error, const uint8_t* der, uint8_t* der_end); + void SOSGenerationCountWithDescription(SOSGenCountRef gen, void (^operation)(CFStringRef description)); CFStringRef SOSGenerationCountCopyDescription(SOSGenCountRef gen); + #endif /* defined(_sec_SOSGenCount_) */ diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSInternal.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSInternal.c index b743f85f..cc6b0837 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSInternal.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSInternal.c @@ -52,7 +52,13 @@ #include -CFStringRef kSOSErrorDomain = CFSTR("com.apple.security.sos.error"); +const CFStringRef kSecIDSErrorDomain = CFSTR("com.apple.security.ids.error"); +const CFStringRef kIDSOperationType = CFSTR("IDSMessageOperation"); +const CFStringRef kIDSMessageToSendKey = CFSTR("MessageToSendKey"); +const CFStringRef kIDSMessageUniqueID = CFSTR("MessageID"); +const CFStringRef kIDSMessageRecipientPeerID = CFSTR("RecipientPeerID"); +const CFStringRef kIDSMessageRecipientDeviceID = CFSTR("RecipientDeviceID"); +const CFStringRef kIDSMessageUsesAckModel = CFSTR("UsesAckModel"); bool SOSErrorCreate(CFIndex errorCode, CFErrorRef *error, CFDictionaryRef formatOptions, CFStringRef format, ...) { if (!errorCode) return true; @@ -166,27 +172,35 @@ CFStringRef SOSItemsChangedCopyDescription(CFDictionaryRef changes, bool is_send return string; } -CFStringRef SOSCopyIDOfKey(SecKeyRef key, CFErrorRef *error) -{ - const struct ccdigest_info * di = ccsha1_di(); - CFDataRef publicBytes = NULL; - CFStringRef result = NULL; +CFStringRef SOSCopyIDOfDataBuffer(CFDataRef data, CFErrorRef *error) { + const struct ccdigest_info * di = ccsha1_di(); uint8_t digest[di->output_size]; char encoded[2 * di->output_size]; // Big enough for base64 encoding. - - require_quiet(SecError(SecKeyCopyPublicBytes(key, &publicBytes), error, CFSTR("Failed to export public bytes %@"), key), fail); - ccdigest(di, CFDataGetLength(publicBytes), CFDataGetBytePtr(publicBytes), digest); - + ccdigest(di, CFDataGetLength(data), CFDataGetBytePtr(data), digest); + size_t length = SecBase64Encode(digest, sizeof(digest), encoded, sizeof(encoded)); assert(length && length < sizeof(encoded)); if (length > 26) - length = 26; + length = 26; encoded[length] = 0; - CFReleaseNull(publicBytes); return CFStringCreateWithCString(kCFAllocatorDefault, encoded, kCFStringEncodingASCII); +} +CFStringRef SOSCopyIDOfDataBufferWithLength(CFDataRef data, CFIndex len, CFErrorRef *error) { + CFStringRef retval = NULL; + CFStringRef tmp = SOSCopyIDOfDataBuffer(data, error); + if(tmp) retval = CFStringCreateWithSubstring(kCFAllocatorDefault, tmp, CFRangeMake(0, len)); + CFReleaseNull(tmp); + return retval; +} + +CFStringRef SOSCopyIDOfKey(SecKeyRef key, CFErrorRef *error) { + CFDataRef publicBytes = NULL; + CFStringRef result = NULL; + require_quiet(SecError(SecKeyCopyPublicBytes(key, &publicBytes), error, CFSTR("Failed to export public bytes %@"), key), fail); + result = SOSCopyIDOfDataBuffer(publicBytes, error); fail: CFReleaseNull(publicBytes); return result; @@ -200,6 +214,7 @@ CFStringRef SOSCopyIDOfKeyWithLength(SecKeyRef key, CFIndex len, CFErrorRef *err return retval; } + CFGiblisGetSingleton(ccec_const_cp_t, SOSGetBackupKeyCurveParameters, sBackupKeyCurveParameters, ^{ *sBackupKeyCurveParameters = ccec_cp_256(); }); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSInternal.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSInternal.h index 3aadefe3..5fb74418 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSInternal.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSInternal.h @@ -68,9 +68,9 @@ enum { kSOSErrorNoRing = 1043, kSOSErrorNoiCloudPeer = 1044, + kSOSErrorParam = 1045, }; -extern CFStringRef kSOSErrorDomain; // Returns false unless errorCode is 0. bool SOSErrorCreate(CFIndex errorCode, CFErrorRef *error, CFDictionaryRef formatOptions, CFStringRef descriptionString, ...); @@ -85,6 +85,15 @@ bool SOSCreateErrorWithFormatAndArguments(CFIndex errorCode, CFErrorRef previous CFDictionaryRef formatOptions, CFStringRef formatString, va_list args) CF_FORMAT_FUNCTION(5,0); + +static inline bool SOSClearErrorIfTrue(bool condition, CFErrorRef *error) { + if(condition && error && *error) { + secdebug("errorBug", "Got Success and Error (dropping error): %@", *error); + CFReleaseNull(*error); + } + return true; +} + static inline bool isSOSErrorCoded(CFErrorRef error, CFIndex sosErrorCode) { return error && CFErrorGetCode(error) == sosErrorCode && CFEqualSafe(CFErrorGetDomain(error), kSOSErrorDomain); } @@ -114,6 +123,9 @@ OSStatus GeneratePermanentECPair(int keySize, SecKeyRef* public, SecKeyRef *full CFStringRef SOSItemsChangedCopyDescription(CFDictionaryRef changes, bool is_sender); +CFStringRef SOSCopyIDOfDataBuffer(CFDataRef data, CFErrorRef *error); +CFStringRef SOSCopyIDOfDataBufferWithLength(CFDataRef data, CFIndex len, CFErrorRef *error); + CFStringRef SOSCopyIDOfKey(SecKeyRef key, CFErrorRef *error); CFStringRef SOSCopyIDOfKeyWithLength(SecKeyRef key, CFIndex len, CFErrorRef *error); @@ -130,6 +142,15 @@ CFDataRef SOSDateCreate(void); CFDataRef CFDataCreateWithDER(CFAllocatorRef allocator, CFIndex size, uint8_t*(^operation)(size_t size, uint8_t *buffer)); +extern const CFStringRef kSecIDSErrorDomain; +extern const CFStringRef kIDSOperationType; +extern const CFStringRef kIDSMessageToSendKey; +extern const CFStringRef kIDSMessageUniqueID; +extern const CFStringRef kIDSMessageRecipientPeerID; +extern const CFStringRef kIDSMessageRecipientDeviceID; +extern const CFStringRef kIDSMessageUsesAckModel; + + __END_DECLS diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSKeyedPubKeyIdentifier.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSKeyedPubKeyIdentifier.c new file mode 100644 index 00000000..8dd71be1 --- /dev/null +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSKeyedPubKeyIdentifier.c @@ -0,0 +1,88 @@ +/* + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +// +// SOSKeyedPubKeyIdentifier.c +// Security +// + +#include "SOSKeyedPubKeyIdentifier.h" +#include "AssertMacros.h" +#include "SOSInternal.h" +#include + +#define SEPARATOR CFSTR("-") +#define SEPLOC 2 + +bool SOSKeyedPubKeyIdentifierIsPrefixed(CFStringRef kpkid) { + CFRange seploc = CFStringFind(kpkid, SEPARATOR, 0); + return seploc.location == SEPLOC; +} + +static CFStringRef SOSKeyedPubKeyIdentifierCreateWithPrefixAndID(CFStringRef prefix, CFStringRef id) { + CFMutableStringRef retval = NULL; + require_quiet(prefix, errOut); + require_quiet(id, errOut); + require_quiet(CFStringGetLength(prefix) == SEPLOC, errOut); + retval = CFStringCreateMutableCopy(kCFAllocatorDefault, 50, prefix); + CFStringAppend(retval, SEPARATOR); + CFStringAppend(retval, id); +errOut: + return retval; +} + +CFStringRef SOSKeyedPubKeyIdentifierCreateWithData(CFStringRef prefix, CFDataRef pubKeyData) { + CFErrorRef localError = NULL; + CFStringRef id = SOSCopyIDOfDataBuffer(pubKeyData, &localError); + CFStringRef retval = SOSKeyedPubKeyIdentifierCreateWithPrefixAndID(prefix, id); + if(!id) secnotice("kpid", "Couldn't create kpid: %@", localError); + CFReleaseNull(id); + CFReleaseNull(localError); + return retval; +} + +CFStringRef SOSKeyedPubKeyIdentifierCreateWithSecKey(CFStringRef prefix, SecKeyRef pubKey) { + CFErrorRef localError = NULL; + CFStringRef id = SOSCopyIDOfKey(pubKey, &localError); + CFStringRef retval = SOSKeyedPubKeyIdentifierCreateWithPrefixAndID(prefix, id); + if(!id) secnotice("kpid", "Couldn't create kpid: %@", localError); + CFReleaseNull(id); + CFReleaseNull(localError); + return retval; +} + + +CFStringRef SOSKeyedPubKeyIdentifierCopyPrefix(CFStringRef kpkid) { + CFRange seploc = CFStringFind(kpkid, SEPARATOR, 0); + if(seploc.location != SEPLOC) return NULL; + CFRange prefloc = CFRangeMake(0, SEPLOC); + return CFStringCreateWithSubstring(kCFAllocatorDefault, kpkid, prefloc);; +} + +CFStringRef SOSKeyedPubKeyIdentifierCopyHpub(CFStringRef kpkid) { + CFRange seploc = CFStringFind(kpkid, SEPARATOR, 0); + if(seploc.location != SEPLOC) return NULL; + CFRange idloc = CFRangeMake(seploc.location+1, CFStringGetLength(kpkid) - (SEPLOC+1)); + return CFStringCreateWithSubstring(kCFAllocatorDefault, kpkid, idloc);; +} + diff --git a/OSX/sec/Security/Security.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSKeyedPubKeyIdentifier.h similarity index 55% rename from OSX/sec/Security/Security.h rename to OSX/sec/SOSCircle/SecureObjectSync/SOSKeyedPubKeyIdentifier.h index 98047399..1dc8aaa3 100644 --- a/OSX/sec/Security/Security.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSKeyedPubKeyIdentifier.h @@ -1,15 +1,15 @@ /* - * Copyright (c) 2007-2008,2012,2014 Apple Inc. All Rights Reserved. - * + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + * * @APPLE_LICENSE_HEADER_START@ - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -17,21 +17,29 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_LICENSE_HEADER_END@ */ -#include -#include -#include -#include -#include -#include +// +// SOSKeyedPubKeyIdentifier.h +// Security +// + +#ifndef SOSKeyedPubKeyIdentifier_h +#define SOSKeyedPubKeyIdentifier_h + +#include #include -#include -#include -#include -#include -#if !TARGET_OS_IPHONE -#include -#endif + +// Simple Prefix on Hash of PubKey strings - 2 characters and a dash +// RK-xxxxxxxxxxxxxxxxxxx... +bool SOSKeyedPubKeyIdentifierIsPrefixed(CFStringRef kpkid); +CFStringRef SOSKeyedPubKeyIdentifierCreateWithData(CFStringRef prefix, CFDataRef pubKeyData); +CFStringRef SOSKeyedPubKeyIdentifierCreateWithSecKey(CFStringRef prefix, SecKeyRef pubKey); +CFStringRef SOSKeyedPubKeyIdentifierCopyPrefix(CFStringRef kpkid); +CFStringRef SOSKeyedPubKeyIdentifierCopyHpub(CFStringRef kpid); + + + +#endif /* SOSKeyedPubKeyIdentifier_h */ diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSMessage.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSMessage.c index 89662cea..3e98390d 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSMessage.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSMessage.c @@ -318,21 +318,25 @@ static CFStringRef SOSMessageCopyFormatDescription(CFTypeRef cf, CFDictionaryRef SOSDataSourceFactoryRef dsf = SecItemDataSourceFactoryGetDefault(); SOSDataSourceRef ds = SOSDataSourceFactoryCreateDataSource(dsf, kSecAttrAccessibleWhenUnlocked, NULL); - __block size_t maxEntries = 16; - CFStringAppendFormat(objects, NULL, CFSTR("{[%zu]"), SOSMessageCountObjects(message)); - SOSMessageWithSOSObjects(message, ds, NULL, ^(SOSObjectRef object, bool *stop) { - CFDataRef digest = SOSObjectCopyDigest(ds, object, NULL); - const uint8_t *O = CFDataGetBytePtr(digest); - CFStringAppendFormat(objects, NULL, CFSTR(" %02X%02X%02X%02X"), O[0],O[1],O[2],O[3]); - CFReleaseSafe(digest); - if (!--maxEntries) { - CFStringAppend(objects, CFSTR("...")); - *stop = true; - } - }); - CFStringAppend(objects, CFSTR("}")); + if (ds) { + __block size_t maxEntries = 16; + CFStringAppendFormat(objects, NULL, CFSTR("{[%zu]"), SOSMessageCountObjects(message)); + SOSMessageWithSOSObjects(message, ds, NULL, ^(SOSObjectRef object, bool *stop) { + CFDataRef digest = SOSObjectCopyDigest(ds, object, NULL); + const uint8_t *O = CFDataGetBytePtr(digest); + CFStringAppendFormat(objects, NULL, CFSTR(" %02X%02X%02X%02X"), O[0],O[1],O[2],O[3]); + CFReleaseSafe(digest); + if (!--maxEntries) { + CFStringAppend(objects, CFSTR("...")); + *stop = true; + } + }); + CFStringAppend(objects, CFSTR("}")); + } else { + CFStringAppend(objects, CFSTR("{NO DATASOURCE}")); + } - CFStringRef desc; + CFStringRef desc = NULL; if (message->version == 0) { switch (SOSMessageInferType(message, NULL)) { case SOSManifestInvalidMessageType: diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSMessage.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSMessage.h index 28513cff..c3ad5195 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSMessage.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSMessage.h @@ -61,9 +61,8 @@ typedef uint64_t SOSDigestTypes; /* SOSMessage interface. */ typedef struct __OpaqueSOSMessage *SOSMessageRef; -//#define kSOSMessageMaxObjectsSize (8192) -#define kSOSMessageMaxObjectsSize (65536) -#define kSOSBackupMaxFileSize (65536) +#define kSOSMessageMaxObjectsSize (64000) +#define kSOSBackupMaxFileSize (64000) #define kEngineMessageProtocolVersion 2 diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeer.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeer.c index 6ba78c45..470c7869 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeer.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeer.c @@ -70,6 +70,7 @@ CFStringRef kSOSPeerDataLabel = CFSTR("iCloud Peer Data Meta-data"); // PeerState dictionary keys static CFStringRef kSOSPeerSendObjectsKey = CFSTR("send-objects"); // bool static CFStringRef kSOSPeerMustSendMessageKey = CFSTR("must-send"); // bool +static CFStringRef kSOSPeerHasBeenInSyncKey = CFSTR("has-been-in-sync"); // bool static CFStringRef kSOSPeerPendingObjectsKey = CFSTR("pending-objects"); // digest static CFStringRef kSOSPeerUnwantedManifestKey = CFSTR("unwanted-manifest"); // digest static CFStringRef kSOSPeerConfirmedManifestKey = CFSTR("confirmed-manifest"); //digest @@ -215,6 +216,7 @@ CFTypeRef SOSPeerOrStateSetViewsKeyBagAndCreateCopy(CFTypeRef peerOrState, CFSet CFTypeRef SOSPeerOrStateSetViewsAndCopyState(CFTypeRef peerOrState, CFSetRef views) { assert(views); + if (peerOrState && CFGetTypeID(peerOrState) == SOSPeerGetTypeID()) { // Inflated peer, update its views and deflate it SOSPeerRef peer = (SOSPeerRef)peerOrState; @@ -222,8 +224,12 @@ CFTypeRef SOSPeerOrStateSetViewsAndCopyState(CFTypeRef peerOrState, CFSetRef vie return SOSPeerCopyState(peer, NULL); } else if (peerOrState && CFGetTypeID(peerOrState) == CFDictionaryGetTypeID()) { // We have a deflated peer. Update its views and keep it deflated + CFSetRef oldViews = (CFSetRef) CFDictionaryGetValue(peerOrState, kSOSPeerViewsKey); CFMutableDictionaryRef state = CFDictionaryCreateMutableCopy(kCFAllocatorDefault, 0, peerOrState); CFDictionarySetValue(state, kSOSPeerViewsKey, views); + if (oldViews && !CFSetIsSubset(views, oldViews)) { + CFDictionarySetValue(state, kSOSPeerHasBeenInSyncKey, kCFBooleanFalse); + } return state; } else { return NULL; @@ -315,6 +321,8 @@ struct __OpaqueSOSPeer { bool mustSendMessage; bool sendObjects; + bool hasBeenInSync; + SOSManifestRef pendingObjects; SOSManifestRef unwantedManifest; SOSManifestRef confirmedManifest; @@ -336,10 +344,11 @@ static CFStringRef SOSPeerCopyFormatDescription(CFTypeRef cf, CFDictionaryRef fo CFStringRef co = SOSManifestCreateOptionalDescriptionWithLabel(peer->confirmedManifest, CFSTR("C")); CFStringRef pe = SOSManifestArrayCreateOptionalDescriptionWithLabel(peer->proposedManifests, CFSTR("P")); CFStringRef lo = SOSManifestArrayCreateOptionalDescriptionWithLabel(peer->localManifests, CFSTR("L")); - CFStringRef desc = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("<%@ %s%s%@%@%@%@%@>"), + CFStringRef desc = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("<%@ %s%s%s%@%@%@%@%@>"), SOSPeerGetID(peer), SOSPeerMustSendMessage(peer) ? "F" : "f", SOSPeerSendObjects(peer) ? "S" : "s", + SOSPeerHasBeenInSync(peer) ? "K" : "k", po, uo, co, pe, lo); CFReleaseSafe(lo); CFReleaseSafe(pe); @@ -433,7 +442,9 @@ static FILE *fopen_journal(const char *journalPath, const char *mode, CFErrorRef #if !defined(NDEBUG) static off_t getFileSize(int fd) { - return lseek(fd, 0, SEEK_END); + struct stat sb; + fstat(fd, &sb); + return sb.st_size; } #endif @@ -511,6 +522,7 @@ bool SOSPeerSetState(SOSPeerRef p, SOSEngineRef engine, CFDictionaryRef state, C p->sequenceNumber = SOSPeerGetPersistedInt64(state, kSOSPeerSequenceNumberKey); p->mustSendMessage = SOSPeerGetPersistedBoolean(state, kSOSPeerMustSendMessageKey); p->sendObjects = SOSPeerGetPersistedBoolean(state, kSOSPeerSendObjectsKey); + p->hasBeenInSync = SOSPeerGetPersistedBoolean(state, kSOSPeerHasBeenInSyncKey); CFRetainAssign(p->views, SOSPeerGetPersistedViewNameSet(p, state, kSOSPeerViewsKey)); SOSPeerSetKeyBag(p, SOSPeerGetPersistedData(state, kSOSPeerKeyBagKey)); CFAssignRetained(p->pendingObjects, SOSEngineCopyPersistedManifest(engine, state, kSOSPeerPendingObjectsKey)); @@ -598,6 +610,7 @@ CFDictionaryRef SOSPeerCopyState(SOSPeerRef peer, CFErrorRef *error) { SOSPeerPersistBool(state, kSOSPeerMustSendMessageKey, peer->mustSendMessage); SOSPeerPersistBool(state, kSOSPeerSendObjectsKey, peer->sendObjects); + SOSPeerPersistBool(state, kSOSPeerHasBeenInSyncKey, peer->hasBeenInSync); SOSPeerPersistOptionalValue(state, kSOSPeerViewsKey, peer->views); CFDataRef keybag = SOSPeerGetKeyBag(peer); @@ -651,6 +664,10 @@ CFSetRef SOSPeerGetViewNameSet(SOSPeerRef peer) { } void SOSPeerSetViewNameSet(SOSPeerRef peer, CFSetRef views) { + if (peer->views && !CFSetIsSubset(views, peer->views)) { + SOSPeerSetHasBeenInSync(peer, false); + } + CFRetainAssign(peer->views, views); } @@ -675,9 +692,12 @@ static bool SOSPeerWriteReset(SOSPeerRef peer, CFErrorRef *error) { if (ok && !peer->_keyBag) ok = SOSBackupEventWriteCompleteMarker(journalFile, 999, &localError); }); + if (!ok) { secwarning("%@ failed to write reset to backup journal: %@", peer->peer_id, localError); CFErrorPropagate(localError, error); + } else { + secnotice("backup-peer", "%@ Wrote reset.", peer->peer_id); } // Forget we ever wrote anything to the journal. @@ -698,7 +718,7 @@ void SOSPeerKeyBagDidChange(SOSPeerRef peer) { // Attempt to write a reset (ignoring failures since it will // be pended stickily if it fails). SOSPeerWriteReset(peer, NULL); - SOSCCSyncWithAllPeers(); + SOSCCRequestSyncWithBackupPeer(SOSPeerGetID(peer)); } } @@ -745,6 +765,14 @@ void SOSPeerSetSendObjects(SOSPeerRef peer, bool sendObjects) { peer->sendObjects = sendObjects; } +bool SOSPeerHasBeenInSync(SOSPeerRef peer) { + return peer->hasBeenInSync; +} + +void SOSPeerSetHasBeenInSync(SOSPeerRef peer, bool hasBeenInSync) { + peer->hasBeenInSync = hasBeenInSync; +} + // MARK: Manifests SOSManifestRef SOSPeerGetProposedManifest(SOSPeerRef peer) { @@ -994,7 +1022,7 @@ bool SOSPeerDataSourceWillChange(SOSPeerRef peer, SOSDataSourceRef dataSource, S if (!ok) { // We were unable to stream everything out neatly - SOSCCSyncWithAllPeers(); + SOSCCRequestSyncWithBackupPeer(SOSPeerGetID(peer)); } return ok; } diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeer.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeer.h index 61b2f68f..418b5737 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeer.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeer.h @@ -99,6 +99,9 @@ void SOSPeerSetMustSendMessage(SOSPeerRef peer, bool must); bool SOSPeerSendObjects(SOSPeerRef peer); void SOSPeerSetSendObjects(SOSPeerRef peer, bool sendObjects); +bool SOSPeerHasBeenInSync(SOSPeerRef peer); +void SOSPeerSetHasBeenInSync(SOSPeerRef peer, bool hasBeenInSync); + SOSManifestRef SOSPeerGetProposedManifest(SOSPeerRef peer); SOSManifestRef SOSPeerGetConfirmedManifest(SOSPeerRef peer); void SOSPeerSetConfirmedManifest(SOSPeerRef peer, SOSManifestRef confirmed); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerCoder.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerCoder.c index ea916a4c..a7aa186f 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerCoder.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerCoder.c @@ -103,7 +103,8 @@ xit: return result; } -bool SOSPeerCoderSendMessageIfNeeded(SOSEngineRef engine, SOSTransactionRef txn, SOSPeerRef peer, SOSCoderRef coder, CFDataRef *message_to_send, CFStringRef circle_id, CFStringRef peer_id, SOSEnginePeerMessageSentBlock *sent, CFErrorRef *error) { + +bool SOSPeerCoderSendMessageIfNeeded(SOSEngineRef engine, SOSTransactionRef txn, SOSPeerRef peer, SOSCoderRef coder, CFDataRef *message_to_send, CFStringRef peer_id, SOSEnginePeerMessageSentBlock *sent, CFErrorRef *error) { bool ok = false; secnotice("transport", "coder state: %@", coder); require_action_quiet(coder, xit, secerror("%@ getCoder: %@", peer_id, error ? *error : NULL)); @@ -132,7 +133,7 @@ bool SOSPeerCoderSendMessageIfNeeded(SOSEngineRef engine, SOSTransactionRef txn, } else { *message_to_send = SOSCoderCopyPendingResponse(coder); engine->codersNeedSaving = true; - secinfo("transport", "%@ negotiating, %@", peer_id, message_to_send ? CFSTR("sending negotiation message.") : CFSTR("waiting for negotiation message.")); + secinfo("transport", "%@ negotiating, %@", peer_id, (message_to_send && *message_to_send) ? CFSTR("sending negotiation message.") : CFSTR("waiting for negotiation message.")); *sent = Block_copy(^(bool wasSent){ if (wasSent) SOSCoderConsumeResponse(coder); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerCoder.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerCoder.h index 88b3bb23..e2a998e4 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerCoder.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerCoder.h @@ -33,7 +33,7 @@ enum SOSCoderUnwrapStatus{ SOSCoderUnwrapHandled = 2 }; -bool SOSPeerCoderSendMessageIfNeeded(SOSEngineRef engine, SOSTransactionRef txn, SOSPeerRef peer, SOSCoderRef coder, CFDataRef *message_to_send, CFStringRef circle_id, CFStringRef peer_id, SOSEnginePeerMessageSentBlock *sent, CFErrorRef *error); +bool SOSPeerCoderSendMessageIfNeeded(SOSEngineRef engine, SOSTransactionRef txn, SOSPeerRef peer, SOSCoderRef coder, CFDataRef *message_to_send, CFStringRef peer_id, SOSEnginePeerMessageSentBlock *sent, CFErrorRef *error); enum SOSCoderUnwrapStatus SOSPeerHandleCoderMessage(SOSPeerRef peer, SOSCoderRef coder, CFStringRef peer_id, CFDataRef codedMessage, CFDataRef *decodedMessage, bool *forceSave, CFErrorRef *error); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfo.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfo.c index bf7f74cc..78f932da 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfo.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfo.c @@ -93,6 +93,7 @@ CFStringRef kSOSPeerInfoNameKey = CFSTR("SOSPeerInfoName"); //Peer Info V2 Dictionary IDS keys CFStringRef sPreferIDS = CFSTR("PreferIDS"); CFStringRef sPreferIDSFragmentation = CFSTR("PreferIDFragmentation"); +CFStringRef sPreferIDSACKModel = CFSTR("PreferIDSAckModel"); CFStringRef sTransportType = CFSTR("TransportType"); CFStringRef sDeviceID = CFSTR("DeviceID"); @@ -139,7 +140,7 @@ static bool SOSDescriptionHash(SOSPeerInfoRef peer, const struct ccdigest_info * #define SIGLEN 128 -static CFDataRef sosSignHash(SecKeyRef privkey, const struct ccdigest_info *di, uint8_t *hbuf) { +static CFDataRef sosCopySignedHash(SecKeyRef privkey, const struct ccdigest_info *di, uint8_t *hbuf) { OSStatus stat; size_t siglen = SIGLEN; uint8_t sig[siglen]; @@ -163,7 +164,7 @@ bool SOSPeerInfoSign(SecKeyRef privKey, SOSPeerInfoRef peer, CFErrorRef *error) require_action_quiet(SOSDescriptionHash(peer, di, hbuf, error), fail, SOSCreateError(kSOSErrorUnexpectedType, CFSTR("Failed to hash description for peer"), NULL, error)); - newSignature = sosSignHash(privKey, di, hbuf); + newSignature = sosCopySignedHash(privKey, di, hbuf); require_action_quiet(newSignature, fail, SOSCreateError(kSOSErrorUnexpectedType, CFSTR("Failed to sign peerinfo for peer"), NULL, error)); CFReleaseNull(peer->signature); @@ -207,7 +208,8 @@ void SOSPeerInfoSetVersionNumber(SOSPeerInfoRef pi, int version) { static SOSPeerInfoRef SOSPeerInfoCreate_Internal(CFAllocatorRef allocator, CFDictionaryRef gestalt, CFDataRef backup_key, CFStringRef IDSID, CFStringRef transportType, CFBooleanRef preferIDS, - CFBooleanRef preferFragmentation, CFSetRef enabledViews, + CFBooleanRef preferFragmentation, CFBooleanRef preferAckModel, + CFSetRef enabledViews, SecKeyRef signingKey, CFErrorRef* error, void (^ description_modifier)(CFMutableDictionaryRef description)) { SOSPeerInfoRef pi = CFTypeAllocate(SOSPeerInfo, struct __OpaqueSOSPeerInfo, allocator); @@ -265,7 +267,7 @@ static SOSPeerInfoRef SOSPeerInfoCreate_Internal(CFAllocatorRef allocator, SOSPeerInfoV2DictionarySetValue(pi, sTransportType, transportType); SOSPeerInfoV2DictionarySetValue(pi, sPreferIDS, preferIDS); SOSPeerInfoV2DictionarySetValue(pi, sPreferIDSFragmentation, preferFragmentation); - + SOSPeerInfoV2DictionarySetValue(pi, sPreferIDSACKModel, preferAckModel); SOSPeerInfoV2DictionarySetValue(pi, sViewsKey, enabledViews); // ================ V2 Additions End @@ -282,20 +284,19 @@ exit: } SOSPeerInfoRef SOSPeerInfoCreate(CFAllocatorRef allocator, CFDictionaryRef gestalt, CFDataRef backup_key, SecKeyRef signingKey, CFErrorRef* error) { - return SOSPeerInfoCreate_Internal(allocator, gestalt, backup_key, NULL, NULL, NULL, NULL, NULL, signingKey, error, ^(CFMutableDictionaryRef description) {}); + return SOSPeerInfoCreate_Internal(allocator, gestalt, backup_key, NULL, NULL, NULL, NULL, NULL, NULL, signingKey, error, ^(CFMutableDictionaryRef description) {}); } SOSPeerInfoRef SOSPeerInfoCreateWithTransportAndViews(CFAllocatorRef allocator, CFDictionaryRef gestalt, CFDataRef backup_key, CFStringRef IDSID, CFStringRef transportType, CFBooleanRef preferIDS, - CFBooleanRef preferFragmentation, CFSetRef enabledViews, - SecKeyRef signingKey, CFErrorRef* error) + CFBooleanRef preferFragmentation, CFBooleanRef preferAckModel, CFSetRef enabledViews, SecKeyRef signingKey, CFErrorRef* error) { - return SOSPeerInfoCreate_Internal(allocator, gestalt, backup_key, IDSID, transportType, preferIDS, preferFragmentation, enabledViews, signingKey, error, ^(CFMutableDictionaryRef description) {}); + return SOSPeerInfoCreate_Internal(allocator, gestalt, backup_key, IDSID, transportType, preferIDS, preferFragmentation, preferAckModel, enabledViews, signingKey, error, ^(CFMutableDictionaryRef description) {}); } SOSPeerInfoRef SOSPeerInfoCreateCloudIdentity(CFAllocatorRef allocator, CFDictionaryRef gestalt, SecKeyRef signingKey, CFErrorRef* error) { - return SOSPeerInfoCreate_Internal(allocator, gestalt, NULL, NULL, NULL, NULL, NULL, NULL, signingKey, error, ^(CFMutableDictionaryRef description) { + return SOSPeerInfoCreate_Internal(allocator, gestalt, NULL, NULL, NULL, NULL, NULL, NULL, NULL, signingKey, error, ^(CFMutableDictionaryRef description) { CFDictionarySetValue(description, sCloudIdentityKey, kCFBooleanTrue); }); @@ -328,13 +329,13 @@ bool SOSPeerInfoVersionHasV2Data(SOSPeerInfoRef pi) { } SOSPeerInfoRef SOSPeerInfoCreateCurrentCopy(CFAllocatorRef allocator, SOSPeerInfoRef toCopy, - CFStringRef IDSID, CFStringRef transportType, CFBooleanRef preferIDS, CFBooleanRef preferFragmentation,CFSetRef enabledViews, + CFStringRef IDSID, CFStringRef transportType, CFBooleanRef preferIDS, CFBooleanRef preferFragmentation, CFBooleanRef preferAckModel, CFSetRef enabledViews, SecKeyRef signingKey, CFErrorRef* error) { SOSPeerInfoRef pi = SOSPeerInfoCreateCopy(allocator, toCopy, error); if(!SOSPeerInfoVersionHasV2Data(pi)) SOSPeerInfoUpdateToV2(pi, error); - SOSPeerInfoSetSerialNumber(pi); + //SOSPeerInfoSetSerialNumber(pi); if (IDSID) { SOSPeerInfoV2DictionarySetValue(pi, sDeviceID, IDSID); @@ -345,9 +346,12 @@ SOSPeerInfoRef SOSPeerInfoCreateCurrentCopy(CFAllocatorRef allocator, SOSPeerInf if (preferIDS) { SOSPeerInfoV2DictionarySetValue(pi, sPreferIDS, preferIDS); } - if (sPreferIDSFragmentation) { + if (preferFragmentation) { SOSPeerInfoV2DictionarySetValue(pi, sPreferIDSFragmentation, preferFragmentation); } + if (preferAckModel) { + SOSPeerInfoV2DictionarySetValue(pi, sPreferIDSACKModel, preferAckModel); + } if (enabledViews) { SOSPeerInfoV2DictionarySetValue(pi, sViewsKey, enabledViews); } @@ -536,7 +540,6 @@ static void SOSPeerInfoDestroy(CFTypeRef aObj) { CFReleaseNull(pi->gestalt); CFReleaseNull(pi->id); if(pi->v2Dictionary) CFReleaseNull(pi->v2Dictionary); - if(pi->secproperties) CFReleaseNull(pi->secproperties); } static Boolean SOSPeerInfoCompare(CFTypeRef lhs, CFTypeRef rhs) { @@ -571,50 +574,56 @@ static CFHashCode SOSPeerInfoHash(CFTypeRef cf) { return CFHash(peer->description) ^ CFHash(peer->signature); } + +static char boolToChars(bool val, char truechar, char falsechar) { + return val? truechar: falsechar; +} + +static CFStringRef isKnown(CFStringRef ref) { + return ref? ref: CFSTR("Unknown "); +} + static CFStringRef copyDescriptionWithFormatOptions(CFTypeRef aObj, CFDictionaryRef formatOptions){ SOSPeerInfoRef pi = (SOSPeerInfoRef) aObj; - CFStringRef description = NULL; - + if(!pi) return NULL; + CFStringRef description = NULL; // Get the format options we care about: - CFNumberRef peerIDLengthNumber = formatOptions ? CFDictionaryGetValue(formatOptions, peerIDLengthKey) : NULL; - bool useSyncDFormat = formatOptions && CFDictionaryContainsKey(formatOptions, CFSTR("SyncD")); + bool retired = SOSPeerInfoIsRetirementTicket(pi); + bool selfValid = SOSPeerInfoVerify(pi, NULL); + bool backingUp = SOSPeerInfoHasBackupKey(pi); + bool isKVS = SOSPeerInfoKVSOnly(pi); + CFStringRef osVersion = CFDictionaryGetValue(pi->gestalt, kPIOSVersionKey); + CFStringRef tmp = SOSPeerInfoV2DictionaryCopyString(pi, sDeviceID); + CFStringRef deviceID = CFStringCreateTruncatedCopy(tmp, 8); + CFReleaseNull(tmp); + CFStringRef serialNum = SOSPeerInfoCopySerialNumber(pi); + CFStringRef peerID = CFStringCreateTruncatedCopy(SOSPeerInfoGetPeerID(pi), 8); // Calculate the truncated length - CFIndex truncatedLength = CFStringGetLength(pi->id); - if (isNumber(peerIDLengthNumber)) { - CFIndex peerIDMaximumLength = truncatedLength; - CFNumberGetValue(peerIDLengthNumber, kCFNumberCFIndexType, &peerIDMaximumLength); - truncatedLength = MIN(truncatedLength, peerIDMaximumLength); - } - CFStringRef displayPeerID = CFStringCreateWithSubstring(kCFAllocatorDefault, pi->id, CFRangeMake(0, truncatedLength)); - - CFStringRef objectPrefix = useSyncDFormat ? CFSTR("PI") : - CFStringCreateWithFormat(kCFAllocatorDefault, formatOptions, CFSTR("PeerInfo@%p"), pi); - CFStringRef osVersion = CFDictionaryGetValue(pi->gestalt, kPIOSVersionKey); + CFStringRef objectPrefix = CFStringCreateWithFormat(kCFAllocatorDefault, formatOptions, CFSTR("PI@%p"), pi); + + description = CFStringCreateWithFormat(kCFAllocatorDefault, formatOptions, + CFSTR("<%@: [name: %20@] [%c%c%c%c%c%c%c] [type: %-20@] [spid: %8@] [os: %10@] [devid: %10@] [serial: %12@]"), + objectPrefix, + isKnown(SOSPeerInfoGetPeerName(pi)), + '-', + '-', + boolToChars(selfValid, 'S', 's'), + boolToChars(retired, 'R', 'r'), + boolToChars(backingUp, 'B', 'b'), + boolToChars(isKVS, 'K', 'I'), + '-', + isKnown(SOSPeerInfoGetPeerDeviceType(pi)), isKnown(peerID), + isKnown(osVersion), isKnown(deviceID), isKnown(serialNum)); - CFStringRef transportType = SOSPeerInfoV2DictionaryCopyString(pi, sTransportType); - CFStringRef deviceID = SOSPeerInfoV2DictionaryCopyString(pi, sDeviceID); - - description = CFStringCreateWithFormat(NULL, NULL, CFSTR("<%@: %s%s '%@' %@ %@ %@ %@ %@ %ld>"), - objectPrefix, - SOSPeerInfoIsRetirementTicket(pi) ? "R" : "-", - SOSPeerInfoHasBackupKey(pi) ? "B" : "-", - CFDictionaryGetValue(pi->gestalt, kPIUserDefinedDeviceNameKey), - CFDictionaryGetValue(pi->gestalt, kPIDeviceModelNameKey), - osVersion ? osVersion : CFSTR("????"), - transportType ? transportType : CFSTR("KVS"), - deviceID ? deviceID : CFSTR(""), - displayPeerID, - pi->version); - CFReleaseNull(transportType); + CFReleaseNull(peerID); CFReleaseNull(deviceID); - + CFReleaseNull(serialNum); CFReleaseNull(objectPrefix); - CFReleaseNull(displayPeerID); return description; } @@ -628,14 +637,6 @@ static CFStringRef SOSPeerInfoCopyFormatDescription(CFTypeRef aObj, CFDictionary return description; } -static char boolToChars(bool val, char truechar, char falsechar) { - return val? truechar: falsechar; -} - -static CFStringRef isKnown(CFStringRef ref) { - return ref? ref: CFSTR("Unknown "); -} - void SOSPeerInfoLogState(char *category, SOSPeerInfoRef pi, SecKeyRef pubKey, CFStringRef myPID, char sigchr) { if(!pi) return; bool appValid = SOSPeerInfoApplicationVerify(pi, pubKey, NULL); @@ -784,7 +785,7 @@ SOSPeerInfoRef SOSPeerInfoCopyAsApplication(SOSPeerInfoRef original, SecKeyRef u require_action_quiet(sospeer_application_hash(pi, di, hbuf), fail, SOSCreateError(kSOSErrorUnexpectedType, CFSTR("Failed to create hash for peer applicant"), NULL, error)); - usersig = sosSignHash(userkey, di, hbuf); + usersig = sosCopySignedHash(userkey, di, hbuf); require_action_quiet(usersig, fail, SOSCreateError(kSOSErrorUnexpectedType, CFSTR("Failed to sign public key hash for peer"), NULL, error)); @@ -886,8 +887,7 @@ CFStringRef SOSPeerInfoInspectRetirementTicket(SOSPeerInfoRef pi, CFErrorRef *er require_quiet(SOSPeerInfoVerify(pi, error), err); - retirement = asDate(sosCreateCFDate(CFDictionaryGetValue(pi->description, sRetirementDate)), error); - + retirement = sosCreateCFDate(CFDictionaryGetValue(pi->description, sRetirementDate)); require_action_quiet(retirement, err, SOSCreateError(kSOSErrorUnexpectedType, CFSTR("Peer is not retired"), NULL, error)); @@ -950,6 +950,11 @@ CFBooleanRef SOSPeerInfoCopyIDSFragmentationPreference(SOSPeerInfoRef peer){ return (preference ? preference : CFRetain(kCFBooleanFalse)); } +CFBooleanRef SOSPeerInfoCopyIDSACKModelPreference(SOSPeerInfoRef peer){ + CFBooleanRef preference = (CFBooleanRef)SOSPeerInfoV2DictionaryCopyBoolean(peer, sPreferIDSACKModel); + return (preference ? preference : CFRetain(kCFBooleanFalse)); +} + SOSPeerInfoRef SOSPeerInfoSetIDSFragmentationPreference(CFAllocatorRef allocator, SOSPeerInfoRef toCopy, CFBooleanRef preference, SecKeyRef signingKey, CFErrorRef *error){ return SOSPeerInfoCopyWithModification(allocator, toCopy, signingKey, error, ^bool(SOSPeerInfoRef peerToModify, CFErrorRef *error) { @@ -958,6 +963,17 @@ SOSPeerInfoRef SOSPeerInfoSetIDSFragmentationPreference(CFAllocatorRef allocator }); } +SOSPeerInfoRef SOSPeerInfoSetIDSACKModelPreference(CFAllocatorRef allocator, SOSPeerInfoRef toCopy, CFBooleanRef preference, SecKeyRef signingKey, CFErrorRef *error){ + return SOSPeerInfoCopyWithModification(allocator, toCopy, signingKey, error, + ^bool(SOSPeerInfoRef peerToModify, CFErrorRef *error) { + SOSPeerInfoV2DictionarySetValue(peerToModify, sPreferIDSACKModel, preference); + return true; + }); +} + +bool SOSPeerInfoTransportTypeIs(SOSPeerInfoRef pi, CFStringRef transportType) { + return SOSPeerInfoV2DictionaryHasStringValue(pi, sTransportType, transportType); +} CFStringRef SOSPeerInfoCopyTransportType(SOSPeerInfoRef peer){ CFStringRef transportType = (CFStringRef)SOSPeerInfoV2DictionaryCopyString(peer, sTransportType); @@ -996,24 +1012,10 @@ SOSPeerInfoRef SOSPeerInfoSetDeviceID(CFAllocatorRef allocator, SOSPeerInfoRef t return true; }); } -bool SOSPeerInfoShouldUseIDSTransport(SOSPeerInfoRef myPeer, SOSPeerInfoRef theirPeer){ - - CFStringRef myTransportType = SOSPeerInfoCopyTransportType(myPeer); - CFStringRef theirTransportType = SOSPeerInfoCopyTransportType(theirPeer); - - bool success = false; - - //sync only if we are the new IDS fragmented system - if((CFStringCompare(myTransportType, SOSTransportMessageTypeIDSV2, 0) == 0 && CFStringCompare(theirTransportType, SOSTransportMessageTypeIDSV2, 0) == 0)) - success = true; - else - success = false; - - CFReleaseSafe(myTransportType); - CFReleaseSafe(theirTransportType); - - return success; +bool SOSPeerInfoShouldUseIDSTransport(SOSPeerInfoRef myPeer, SOSPeerInfoRef theirPeer){ + return SOSPeerInfoHasDeviceID(myPeer) && SOSPeerInfoTransportTypeIs(myPeer, SOSTransportMessageTypeIDSV2) && + SOSPeerInfoHasDeviceID(theirPeer) && SOSPeerInfoTransportTypeIs(theirPeer, SOSTransportMessageTypeIDSV2); } bool SOSPeerInfoShouldUseIDSMessageFragmentation(SOSPeerInfoRef myPeer, SOSPeerInfoRef theirPeer){ @@ -1023,7 +1025,7 @@ bool SOSPeerInfoShouldUseIDSMessageFragmentation(SOSPeerInfoRef myPeer, SOSPeerI CFBooleanRef myPreference = SOSPeerInfoCopyIDSFragmentationPreference(myPeer); CFBooleanRef theirPreference = SOSPeerInfoCopyIDSFragmentationPreference(theirPeer); - secerror("mypreference: %@, theirpreference: %@", myPreference, theirPreference); + secnotice("IDS Transport", "mypreference: %@, theirpreference: %@", myPreference, theirPreference); if((myPreference == kCFBooleanTrue && theirPreference == kCFBooleanTrue)) success = true; @@ -1031,3 +1033,56 @@ bool SOSPeerInfoShouldUseIDSMessageFragmentation(SOSPeerInfoRef myPeer, SOSPeerI CFReleaseNull(theirPreference); return success; } + +bool SOSPeerInfoShouldUseACKModel(SOSPeerInfoRef myPeer, SOSPeerInfoRef theirPeer){ + bool success = false; + + CFBooleanRef myPreference = SOSPeerInfoCopyIDSACKModelPreference(myPeer); + + CFBooleanRef theirPreference = SOSPeerInfoCopyIDSACKModelPreference(theirPeer); + secnotice("IDS Transport", "mypreference: %@, theirpreference: %@", myPreference, theirPreference); + if((myPreference == kCFBooleanTrue && theirPreference == kCFBooleanTrue)) + success = true; + + CFReleaseNull(myPreference); + CFReleaseNull(theirPreference); + return success; + +} + +SOSPeerInfoDeviceClass SOSPeerInfoGetClass(SOSPeerInfoRef pi) { + static CFDictionaryRef devID2Class = NULL; + static dispatch_once_t onceToken = 0; + + dispatch_once(&onceToken, ^{ + CFNumberRef cfSOSPeerInfo_macOS = CFNumberCreateWithCFIndex(kCFAllocatorDefault, SOSPeerInfo_macOS); + CFNumberRef cfSOSPeerInfo_iOS = CFNumberCreateWithCFIndex(kCFAllocatorDefault, SOSPeerInfo_iOS); + CFNumberRef cfSOSPeerInfo_iCloud = CFNumberCreateWithCFIndex(kCFAllocatorDefault, SOSPeerInfo_iCloud); + // CFNumberRef cfSOSPeerInfo_watchOS = CFNumberCreateWithCFIndex(kCFAllocatorDefault, SOSPeerInfo_watchOS); + // CFNumberRef cfSOSPeerInfo_tvOS = CFNumberCreateWithCFIndex(kCFAllocatorDefault, SOSPeerInfo_tvOS); + + devID2Class = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, + CFSTR("Mac Pro"), cfSOSPeerInfo_macOS, + CFSTR("MacBook"), cfSOSPeerInfo_macOS, + CFSTR("MacBook Pro"), cfSOSPeerInfo_macOS, + CFSTR("iCloud"), cfSOSPeerInfo_iCloud, + CFSTR("iMac"), cfSOSPeerInfo_macOS, + CFSTR("iPad"), cfSOSPeerInfo_iOS, + CFSTR("iPhone"), cfSOSPeerInfo_iOS, + CFSTR("iPod touch"), cfSOSPeerInfo_iOS, + NULL); + CFReleaseNull(cfSOSPeerInfo_macOS); + CFReleaseNull(cfSOSPeerInfo_iOS); + CFReleaseNull(cfSOSPeerInfo_iCloud); + }); + SOSPeerInfoDeviceClass retval = SOSPeerInfo_unknown; + CFStringRef dt = SOSPeerInfoGetPeerDeviceType(pi); + require_quiet(dt, errOut); + CFNumberRef classNum = CFDictionaryGetValue(devID2Class, dt); + require_quiet(classNum, errOut); + CFIndex tmp; + require_quiet(CFNumberGetValue(classNum, kCFNumberCFIndexType, &tmp), errOut); + retval = (SOSPeerInfoDeviceClass) tmp; +errOut: + return retval; +} diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfo.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfo.h index f84daaa1..6ab58698 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfo.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfo.h @@ -65,14 +65,13 @@ SOSPeerInfoRef SOSPeerInfoCreate(CFAllocatorRef allocator, CFDictionaryRef gesta SOSPeerInfoRef SOSPeerInfoCreateWithTransportAndViews(CFAllocatorRef allocator, CFDictionaryRef gestalt, CFDataRef backup_key, CFStringRef IDSID, CFStringRef transportType, CFBooleanRef preferIDS, - CFBooleanRef preferFragmentation, CFSetRef enabledViews, - SecKeyRef signingKey, CFErrorRef* error); + CFBooleanRef preferFragmentation, CFBooleanRef preferAckModel, CFSetRef enabledViews, SecKeyRef signingKey, CFErrorRef* error); SOSPeerInfoRef SOSPeerInfoCreateCloudIdentity(CFAllocatorRef allocator, CFDictionaryRef gestalt, SecKeyRef signingKey, CFErrorRef* error); SOSPeerInfoRef SOSPeerInfoCreateCopy(CFAllocatorRef allocator, SOSPeerInfoRef toCopy, CFErrorRef* error); SOSPeerInfoRef SOSPeerInfoCreateCurrentCopy(CFAllocatorRef allocator, SOSPeerInfoRef toCopy, - CFStringRef IDSID, CFStringRef transportType, CFBooleanRef preferIDS, CFBooleanRef preferFragmentation, CFSetRef enabledViews, + CFStringRef IDSID, CFStringRef transportType, CFBooleanRef preferIDS, CFBooleanRef preferFragmentation, CFBooleanRef preferAckModel, CFSetRef enabledViews, SecKeyRef signingKey, CFErrorRef* error); bool SOSPeerInfoVersionIsCurrent(SOSPeerInfoRef pi); bool SOSPeerInfoVersionHasV2Data(SOSPeerInfoRef pi); @@ -206,9 +205,12 @@ CFBooleanRef SOSPeerInfoCopyIDSPreference(SOSPeerInfoRef peer); SOSPeerInfoRef SOSPeerInfoSetIDSPreference(CFAllocatorRef allocator, SOSPeerInfoRef toCopy, CFBooleanRef preference, SecKeyRef signingKey, CFErrorRef *error); CFBooleanRef SOSPeerInfoCopyIDSFragmentationPreference(SOSPeerInfoRef peer); +CFBooleanRef SOSPeerInfoCopyIDSACKModelPreference(SOSPeerInfoRef peer); SOSPeerInfoRef SOSPeerInfoSetIDSFragmentationPreference(CFAllocatorRef allocator, SOSPeerInfoRef toCopy, CFBooleanRef preference, SecKeyRef signingKey, CFErrorRef *error); +SOSPeerInfoRef SOSPeerInfoSetIDSACKModelPreference(CFAllocatorRef allocator, SOSPeerInfoRef toCopy, CFBooleanRef preference, SecKeyRef signingKey, CFErrorRef *error); CFStringRef SOSPeerInfoCopyTransportType(SOSPeerInfoRef peer); +bool SOSPeerInfoTransportTypeIs(SOSPeerInfoRef pi, CFStringRef transportType); SOSPeerInfoRef SOSPeerInfoSetTransportType(CFAllocatorRef allocator, SOSPeerInfoRef toCopy, CFStringRef transportType, SecKeyRef signingKey, CFErrorRef *error); bool SOSPeerInfoKVSOnly(SOSPeerInfoRef pi); @@ -219,9 +221,23 @@ SOSPeerInfoRef SOSPeerInfoSetDeviceID(CFAllocatorRef allocator, SOSPeerInfoRef t bool SOSPeerInfoShouldUseIDSTransport(SOSPeerInfoRef myPeer, SOSPeerInfoRef theirPeer); bool SOSPeerInfoShouldUseIDSMessageFragmentation(SOSPeerInfoRef myPeer, SOSPeerInfoRef theirPeer); +bool SOSPeerInfoShouldUseACKModel(SOSPeerInfoRef myPeer, SOSPeerInfoRef theirPeer); void SOSPeerInfoLogState(char *category, SOSPeerInfoRef pi, SecKeyRef pubKey, CFStringRef myPID, char sigchr); +enum { + SOSPeerInfo_unknown = 0, + SOSPeerInfo_iCloud = 1, + SOSPeerInfo_iOS = 2, + SOSPeerInfo_macOS = 3, + SOSPeerInfo_watchOS = 4, + SOSPeerInfo_tvOS = 5, +}; +typedef uint32_t SOSPeerInfoDeviceClass; + +SOSPeerInfoDeviceClass SOSPeerInfoGetClass(SOSPeerInfoRef pi); + + __END_DECLS #endif diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfoPriv.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfoPriv.h index 0f991a2d..b7aba714 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfoPriv.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfoPriv.h @@ -24,7 +24,6 @@ struct __OpaqueSOSPeerInfo { CFStringRef id; CFIndex version; /* V2 and beyond are listed below */ - CFSetRef secproperties; CFMutableDictionaryRef v2Dictionary; }; diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfoV2.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfoV2.c index d48a7b91..b4450b97 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfoV2.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfoV2.c @@ -10,6 +10,7 @@ #include "SOSPeerInfoV2.h" #include #include +#include #include #include #include @@ -78,6 +79,10 @@ void SOSPeerInfoSetSerialNumber(SOSPeerInfoRef pi) { const CFStringRef SOSSerialUnknown = CFSTR("Unknown"); +void SOSPeerInfoSetTestSerialNumber(SOSPeerInfoRef pi, CFStringRef serialNumber) { + if(serialNumber) SOSPeerInfoV2DictionarySetValue(pi, sSerialNumberKey, serialNumber); +} + CFStringRef SOSPeerInfoCopySerialNumber(SOSPeerInfoRef pi) { CFStringRef retval = SOSPeerInfoV2DictionaryCopyString(pi, sSerialNumberKey); return (retval ? retval : CFRetain(SOSSerialUnknown)); @@ -156,13 +161,8 @@ bool SOSPeerInfoUpdateToV2(SOSPeerInfoRef pi, CFErrorRef *error) { SOSPeerInfoSetVersionNumber(pi, PEERINFO_CURRENT_VERSION); CFMutableDictionaryRef v2Dictionary = CFDictionaryCreateMutable(NULL, 2, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - CFStringRef serialNumber = SOSCopySerialNumberAsString(error); - if(serialNumber == NULL) { - secnotice("signing", "serialNumber was returned NULL\n"); - } CFMutableSetRef views = SOSViewCopyViewSet(kViewSetDefault); CFMutableSetRef secproperties = CFSetCreateMutable(NULL, 0, &kCFTypeSetCallBacks); - if(serialNumber) CFDictionaryAddValue(v2Dictionary, sSerialNumberKey, serialNumber); CFDictionaryAddValue(v2Dictionary, sViewsKey, views); CFDictionaryAddValue(v2Dictionary, sSecurityPropertiesKey, secproperties); @@ -170,17 +170,18 @@ bool SOSPeerInfoUpdateToV2(SOSPeerInfoRef pi, CFErrorRef *error) { CFDictionaryAddValue(v2Dictionary, sTransportType, SOSTransportMessageTypeIDSV2); CFDictionaryAddValue(v2Dictionary, sPreferIDS, kCFBooleanFalse); CFDictionaryAddValue(v2Dictionary, sPreferIDSFragmentation, kCFBooleanTrue); + CFDictionaryAddValue(v2Dictionary, sPreferIDSACKModel, kCFBooleanTrue); require_action_quiet((v2data = SOSCreateDERFromDictionary(v2Dictionary, error)), out, SOSCreateError(kSOSErrorAllocationFailure, CFSTR("No Memory"), NULL, error)); CFDictionaryAddValue(pi->description, sV2DictionaryKey, v2data); + // To use the central serial number setting routine this must be done after the V2 dictionary is installed. + SOSPeerInfoSetSerialNumber(pi); SOSPeerInfoExpandV2Data(pi, error); retval = true; out: CFReleaseNull(views); - CFReleaseNull(secproperties); CFReleaseNull(v2data); CFReleaseNull(v2Dictionary); - CFReleaseNull(serialNumber); return retval; } @@ -238,14 +239,22 @@ errOut: return false; } - -bool SOSPeerInfoV2DictionaryHasString(SOSPeerInfoRef pi, const void *key) { +// Not API to prevent owenership confusion +static CFStringRef SOSPeerInfoV2DictionaryGetAsString(SOSPeerInfoRef pi, const void *key) { require_quiet(SOSPeerInfoExpandV2Data(pi, NULL), errOut); - CFTypeRef value = CFDictionaryGetValue(pi->v2Dictionary, key); - if(asString(value,NULL) != NULL) - return true; + return asString(CFDictionaryGetValue(pi->v2Dictionary, key), NULL); errOut: - return false; + return NULL; + +} + +bool SOSPeerInfoV2DictionaryHasStringValue(SOSPeerInfoRef pi, const void *key, CFStringRef value) { + return CFEqualSafe(SOSPeerInfoV2DictionaryGetAsString(pi, key), value); +} + +bool SOSPeerInfoV2DictionaryHasString(SOSPeerInfoRef pi, const void *key) { + CFStringRef possibleID = SOSPeerInfoV2DictionaryGetAsString(pi, key); + return possibleID != NULL && CFStringGetLength(possibleID) > 0; } bool SOSPeerInfoV2DictionaryHasSet(SOSPeerInfoRef pi, const void *key) { @@ -266,7 +275,7 @@ errOut: return false; } -const CFMutableStringRef SOSPeerInfoV2DictionaryCopyString(SOSPeerInfoRef pi, const void *key) { +CFMutableStringRef SOSPeerInfoV2DictionaryCopyString(SOSPeerInfoRef pi, const void *key) { require_quiet(SOSPeerInfoExpandV2Data(pi, NULL), errOut); CFStringRef value = asString(CFDictionaryGetValue(pi->v2Dictionary, key), NULL); if(value != NULL) @@ -293,7 +302,7 @@ void SOSPeerInfoV2DictionaryWithSet(SOSPeerInfoRef pi, const void *key, void(^op }); } -const CFMutableSetRef SOSPeerInfoV2DictionaryCopySet(SOSPeerInfoRef pi, const void *key) { +CFMutableSetRef SOSPeerInfoV2DictionaryCopySet(SOSPeerInfoRef pi, const void *key) { require_quiet(SOSPeerInfoExpandV2Data(pi, NULL), errOut); CFSetRef value = asSet(CFDictionaryGetValue(pi->v2Dictionary, key), NULL); if(value != NULL) @@ -321,7 +330,7 @@ errOut: return value && CFSetContainsValue(value, member); } -const CFMutableDataRef SOSPeerInfoV2DictionaryCopyData(SOSPeerInfoRef pi, const void *key) { +CFMutableDataRef SOSPeerInfoV2DictionaryCopyData(SOSPeerInfoRef pi, const void *key) { require_quiet(SOSPeerInfoExpandV2Data(pi, NULL), errOut); CFDataRef value = asData(CFDictionaryGetValue(pi->v2Dictionary, key), NULL); if(value != NULL) @@ -330,7 +339,7 @@ errOut: return NULL; } -const CFBooleanRef SOSPeerInfoV2DictionaryCopyBoolean(SOSPeerInfoRef pi, const void *key) { +CFBooleanRef SOSPeerInfoV2DictionaryCopyBoolean(SOSPeerInfoRef pi, const void *key) { require_quiet(SOSPeerInfoExpandV2Data(pi, NULL), errOut); CFBooleanRef value = asBoolean(CFDictionaryGetValue(pi->v2Dictionary, key), NULL); if(value != NULL) @@ -339,7 +348,7 @@ errOut: return NULL; } -const CFMutableDictionaryRef SOSPeerInfoV2DictionaryCopyDictionary(SOSPeerInfoRef pi, const void *key) { +CFMutableDictionaryRef SOSPeerInfoV2DictionaryCopyDictionary(SOSPeerInfoRef pi, const void *key) { require_quiet(SOSPeerInfoExpandV2Data(pi, NULL), errOut); CFDictionaryRef value = asDictionary(CFDictionaryGetValue(pi->v2Dictionary, key), NULL); if(value != NULL) @@ -347,3 +356,17 @@ const CFMutableDictionaryRef SOSPeerInfoV2DictionaryCopyDictionary(SOSPeerInfoRe errOut: return NULL; } + + +SOSPeerInfoRef SOSPeerInfoCopyWithV2DictionaryUpdate(CFAllocatorRef allocator, SOSPeerInfoRef toCopy, CFDictionaryRef newv2dict, SecKeyRef signingKey, CFErrorRef* error) { + SOSPeerInfoRef retval = SOSPeerInfoCreateCopy(kCFAllocatorDefault, toCopy, error); + require_quiet(retval, errOut); + require_action_quiet(SOSPeerInfoExpandV2Data(retval, error), errOut, CFReleaseNull(retval)); + CFDictionaryForEach(newv2dict, ^(const void *key, const void *value) { + CFDictionarySetValue(retval->v2Dictionary, key, value); + }); + SOSPeerInfoPackV2Data(retval); + require_action_quiet(SOSPeerInfoSign(signingKey, retval, error), errOut, CFReleaseNull(retval)); +errOut: + return retval; +} diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfoV2.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfoV2.h index 69052ab5..ef9cd5b3 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfoV2.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfoV2.h @@ -24,6 +24,7 @@ extern CFStringRef sSecurityPropertiesKey; // Set of Security Properties extern CFStringRef kSOSHsaCrKeyDictionary; // HSA Challenge-Response area extern CFStringRef sPreferIDS; // Whether or not a peer requires to speak over IDS or KVS extern CFStringRef sPreferIDSFragmentation; // Whether or not a peer requires to speak over fragmented IDS or not +extern CFStringRef sPreferIDSACKModel; //If a peer prefers to use the ACK model and not ping extern CFStringRef sTransportType; // Dictates the transport type extern CFStringRef sDeviceID; // The IDS device id @@ -37,17 +38,20 @@ bool SOSPeerInfoExpandV2Data(SOSPeerInfoRef pi, CFErrorRef *error); void SOSPeerInfoV2DictionarySetValue(SOSPeerInfoRef peer, const void *key, const void *value); void SOSPeerInfoV2DictionaryRemoveValue(SOSPeerInfoRef peer, const void *key); -const CFMutableDataRef SOSPeerInfoV2DictionaryCopyData(SOSPeerInfoRef pi, const void *key); -const CFMutableSetRef SOSPeerInfoV2DictionaryCopySet(SOSPeerInfoRef pi, const void *key); -const CFMutableStringRef SOSPeerInfoV2DictionaryCopyString(SOSPeerInfoRef pi, const void *key); -const CFBooleanRef SOSPeerInfoV2DictionaryCopyBoolean(SOSPeerInfoRef pi, const void *key); -const CFMutableDictionaryRef SOSPeerInfoV2DictionaryCopyDictionary(SOSPeerInfoRef pi, const void *key); +CFMutableDataRef SOSPeerInfoV2DictionaryCopyData(SOSPeerInfoRef pi, const void *key); +CFMutableSetRef SOSPeerInfoV2DictionaryCopySet(SOSPeerInfoRef pi, const void *key); +CFMutableStringRef SOSPeerInfoV2DictionaryCopyString(SOSPeerInfoRef pi, const void *key); +CFBooleanRef SOSPeerInfoV2DictionaryCopyBoolean(SOSPeerInfoRef pi, const void *key); +CFMutableDictionaryRef SOSPeerInfoV2DictionaryCopyDictionary(SOSPeerInfoRef pi, const void *key); +SOSPeerInfoRef SOSPeerInfoCopyWithV2DictionaryUpdate(CFAllocatorRef allocator, SOSPeerInfoRef toCopy, CFDictionaryRef newv2dict, SecKeyRef signingKey, CFErrorRef* error); bool SOSPeerInfoV2DictionaryHasSet(SOSPeerInfoRef pi, const void *key); bool SOSPeerInfoV2DictionaryHasData(SOSPeerInfoRef pi, const void *key); bool SOSPeerInfoV2DictionaryHasString(SOSPeerInfoRef pi, const void *key); bool SOSPeerInfoV2DictionaryHasBoolean(SOSPeerInfoRef pi, const void *key); +bool SOSPeerInfoV2DictionaryHasStringValue(SOSPeerInfoRef pi, const void *key, CFStringRef value); + bool SOSPeerInfoV2DictionaryHasSetContaining(SOSPeerInfoRef pi, const void *key, const void* value); void SOSPeerInfoV2DictionaryForEachSetValue(SOSPeerInfoRef pi, const void *key, void (^action)(const void* value)); void SOSPeerInfoV2DictionaryWithSet(SOSPeerInfoRef pi, const void *key, void(^operation)(CFSetRef set)); @@ -55,6 +59,7 @@ void SOSPeerInfoV2DictionaryWithSet(SOSPeerInfoRef pi, const void *key, void(^op bool SOSPeerInfoSerialNumberIsSet(SOSPeerInfoRef pi); void SOSPeerInfoSetSerialNumber(SOSPeerInfoRef pi); +void SOSPeerInfoSetTestSerialNumber(SOSPeerInfoRef pi, CFStringRef serialNumber); CFStringRef SOSPeerInfoCopySerialNumber(SOSPeerInfoRef pi); #endif /* defined(_sec_SOSPeerInfoV2_) */ diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSRecoveryKeyBag.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSRecoveryKeyBag.c new file mode 100644 index 00000000..8d07b18c --- /dev/null +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSRecoveryKeyBag.c @@ -0,0 +1,237 @@ +/* + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +// +// SOSRecoveryKeyBag.c +// sec +// + +#include "SOSRecoveryKeyBag.h" +#include "AssertMacros.h" +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "SOSInternal.h" + +#define CURRENT_RKB_VERSION 1 + +// +// MARK: Type creation +// + + +struct __OpaqueSOSRecoveryKeyBag { + CFRuntimeBase _base; + CFStringRef accountDSID; + SOSGenCountRef generation; + uint64_t rkbVersion; + CFDataRef recoveryKeyBag; +}; + + + +static void SOSRecoveryKeyBagDestroy(CFTypeRef aObj) { + SOSRecoveryKeyBagRef rb = (SOSRecoveryKeyBagRef) aObj; + + CFReleaseNull(rb->accountDSID); + CFReleaseNull(rb->generation); + CFReleaseNull(rb->recoveryKeyBag); +} + +static CFStringRef SOSRecoveryKeyBagCopyFormatDescription(CFTypeRef aObj, CFDictionaryRef formatOptions) { + SOSRecoveryKeyBagRef rb = (SOSRecoveryKeyBagRef) aObj; + CFStringRef gcString = SOSGenerationCountCopyDescription(rb->generation); + CFStringRef rkbID = SOSCopyIDOfDataBufferWithLength(rb->recoveryKeyBag, 8, NULL); + + CFMutableStringRef description = CFStringCreateMutable(kCFAllocatorDefault, 0); + + CFStringAppendFormat(description, NULL, CFSTR("accountDSID, (int) rb->rkbVersion, gcString, rkbID); + CFStringAppend(description, CFSTR(">")); + + CFReleaseNull(gcString); + CFReleaseNull(rkbID); + return description; +} + +CFGiblisFor(SOSRecoveryKeyBag); + +// Der encoding/decoding +const uint8_t* der_decode_RecoveryKeyBag(CFAllocatorRef allocator, + SOSRecoveryKeyBagRef* RecoveryKeyBag, CFErrorRef *error, + const uint8_t* der, const uint8_t *der_end) { + if (der == NULL) return der; + const uint8_t *result = NULL; + + SOSRecoveryKeyBagRef rb = CFTypeAllocate(SOSRecoveryKeyBag, struct __OpaqueSOSRecoveryKeyBag, allocator); + require_quiet(SecAllocationError(rb, error, CFSTR("Recovery bag allocation failed")), fail); + + const uint8_t *sequence_end = NULL; + der = ccder_decode_sequence_tl(&sequence_end, der, der_end); + require_quiet(sequence_end == der_end, fail); + + der = der_decode_string(kCFAllocatorDefault, kCFPropertyListImmutable, &rb->accountDSID, error, der, sequence_end); + rb->generation = SOSGenCountCreateFromDER(kCFAllocatorDefault, error, &der, sequence_end); + der = ccder_decode_uint64(&rb->rkbVersion, der, sequence_end); + der = der_decode_data(allocator, kCFPropertyListImmutable, &rb->recoveryKeyBag, error, der, sequence_end); + + require_quiet(SecRequirementError(der == der_end, error, CFSTR("Extra space in sequence")), fail); + if (RecoveryKeyBag) CFTransferRetained(*RecoveryKeyBag, rb); + result = der; +fail: + CFReleaseNull(rb); + return result; +} + +size_t der_sizeof_RecoveryKeyBag(SOSRecoveryKeyBagRef RecoveryKeyBag, CFErrorRef *error) { + size_t result = 0; + if(RecoveryKeyBag && RecoveryKeyBag->recoveryKeyBag && RecoveryKeyBag->accountDSID && RecoveryKeyBag->generation) { + size_t partSize = der_sizeof_string(RecoveryKeyBag->accountDSID, NULL); + partSize += SOSGenCountGetDEREncodedSize(RecoveryKeyBag->generation, NULL); + partSize += ccder_sizeof_uint64(RecoveryKeyBag->rkbVersion); + partSize += der_sizeof_data(RecoveryKeyBag->recoveryKeyBag, NULL); + result = ccder_sizeof(CCDER_CONSTRUCTED_SEQUENCE, partSize); + } else { + SOSCreateError(kSOSErrorEncodeFailure, CFSTR("Null RecoveryKeyBag"), NULL, error); + } + return result; +} + +uint8_t* der_encode_RecoveryKeyBag(SOSRecoveryKeyBagRef RecoveryKeyBag, CFErrorRef *error, + const uint8_t *der, uint8_t *der_end) { + uint8_t *result = NULL; + if (der_end == NULL) return der_end; + if(RecoveryKeyBag && RecoveryKeyBag->recoveryKeyBag && RecoveryKeyBag->accountDSID && RecoveryKeyBag->generation) { + der_end = ccder_encode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE, der_end, der, + der_encode_string(RecoveryKeyBag->accountDSID, error, der, + SOSGenCountEncodeToDER(RecoveryKeyBag->generation, error, der, + ccder_encode_uint64(RecoveryKeyBag->rkbVersion, der, + der_encode_data(RecoveryKeyBag->recoveryKeyBag, error, der, der_end))))); + + require_quiet(der_end == der, errOut); + result = der_end; + } else { + SOSCreateError(kSOSErrorEncodeFailure, CFSTR("Null RecoveryKeyBag"), NULL, error); + } + +errOut: + return result; +} + +SOSRecoveryKeyBagRef SOSRecoveryKeyBagCreateForAccount(CFAllocatorRef allocator, SOSAccountRef account, CFDataRef pubData, CFErrorRef *error) { + SOSRecoveryKeyBagRef retval = NULL; + SOSGenCountRef gencount = NULL; + require_action_quiet(account, errOut, SOSCreateError(kSOSErrorEncodeFailure, CFSTR("Null Account Object"), NULL, error)); + CFStringRef dsid = asString(SOSAccountGetValue(account, kSOSDSIDKey, NULL), error); + gencount = SOSGenerationCreate(); + + require_action_quiet(pubData && dsid && gencount, errOut, SOSCreateError(kSOSErrorEncodeFailure, CFSTR("Couldn't get recovery keybag components"), NULL, error)); + retval = CFTypeAllocate(SOSRecoveryKeyBag, struct __OpaqueSOSRecoveryKeyBag, allocator); + require_action_quiet(retval, errOut, SOSCreateError(kSOSErrorEncodeFailure, CFSTR("Couldn't get memory for recoveryKeyBag"), NULL, error)); + retval->rkbVersion = CURRENT_RKB_VERSION; + retval->accountDSID = CFStringCreateCopy(allocator, dsid); + CFRetainAssign(retval->generation, gencount); + retval->recoveryKeyBag = CFDataCreateCopy(allocator, pubData); +errOut: + CFReleaseNull(gencount); + return retval; +} + +CFDataRef SOSRecoveryKeyCopyKeyForAccount(CFAllocatorRef allocator, SOSAccountRef account, SOSRecoveryKeyBagRef recoveryKeyBag, CFErrorRef *error) { + CFDataRef retval = NULL; + require_action_quiet(recoveryKeyBag && recoveryKeyBag->recoveryKeyBag && recoveryKeyBag->accountDSID, + errOut, SOSCreateError(kSOSErrorDecodeFailure, CFSTR("Null recoveryKeyBag Object"), NULL, error)); + CFStringRef dsid = asString(SOSAccountGetValue(account, kSOSDSIDKey, NULL), error); + require_action_quiet(dsid, errOut, SOSCreateError(kSOSErrorDecodeFailure, CFSTR("No DSID in Account"), NULL, error)); + require_action_quiet(CFEqual(dsid, recoveryKeyBag->accountDSID), errOut, SOSCreateError(kSOSErrorDecodeFailure, CFSTR("Account/RecoveryKeybag DSID miss-match"), NULL, error)); + retval = CFDataCreateCopy(allocator, recoveryKeyBag->recoveryKeyBag); +errOut: + return retval; +} + + +CFDataRef SOSRecoveryKeyBagCopyEncoded(SOSRecoveryKeyBagRef RecoveryKeyBag, CFErrorRef* error) { + CFDataRef result = NULL; + CFMutableDataRef encoded = NULL; + + size_t encodedSize = der_sizeof_RecoveryKeyBag(RecoveryKeyBag, error); + require_quiet(encodedSize, fail); + + encoded = CFDataCreateMutableWithScratch(kCFAllocatorDefault, encodedSize); + require_quiet(SecAllocationError(encoded, error, CFSTR("Failed to create scratch")), fail); + + uint8_t *encode_to = CFDataGetMutableBytePtr(encoded); + uint8_t *encode_to_end = encode_to + CFDataGetLength(encoded); + require_quiet(encode_to == der_encode_RecoveryKeyBag(RecoveryKeyBag, error, encode_to, encode_to_end), fail); + + CFTransferRetained(result, encoded); + +fail: + CFReleaseSafe(encoded); + return result; +} + + + +SOSRecoveryKeyBagRef SOSRecoveryKeyBagCreateFromData(CFAllocatorRef allocator, CFDataRef data, CFErrorRef *error) { + SOSRecoveryKeyBagRef result = NULL; + SOSRecoveryKeyBagRef decodedBag = NULL; + + const uint8_t *der = CFDataGetBytePtr(data); + const uint8_t *der_end = der + CFDataGetLength(data); + + der = der_decode_RecoveryKeyBag(allocator, &decodedBag, error, der, der_end); + + require_quiet(SecRequirementError(der == der_end, error, CFSTR("Didn't consume all data supplied")), fail); + + CFTransferRetained(result, decodedBag); + +fail: + CFReleaseNull(decodedBag); + return result; +} + +CFDataRef SOSRecoveryKeyBagGetKeyData(SOSRecoveryKeyBagRef rkbg, CFErrorRef *error) { + return rkbg->recoveryKeyBag; +} + +bool SOSRecoveryKeyBagDSIDIs(SOSRecoveryKeyBagRef rkbg, CFStringRef dsid) { + if(!rkbg) return false; + return CFEqualSafe(rkbg->accountDSID, dsid); +} + + + + diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSRecoveryKeyBag.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSRecoveryKeyBag.h new file mode 100644 index 00000000..d9d0fb2f --- /dev/null +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSRecoveryKeyBag.h @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +// +// SOSRecoveryKeyBag.h +// sec +// + +#ifndef SOSRecoveryKeyBag_h +#define SOSRecoveryKeyBag_h + +#include +#include +#include + + +CFTypeRef SOSRecoveryKeyBageGetTypeID(void); + +SOSRecoveryKeyBagRef SOSRecoveryKeyBagCreateForAccount(CFAllocatorRef allocator, SOSAccountRef account, CFDataRef pubData, CFErrorRef *error); +CFDataRef SOSRecoveryKeyCopyKeyForAccount(CFAllocatorRef allocator, SOSAccountRef account, SOSRecoveryKeyBagRef recoveryKeyBag, CFErrorRef *error); + +CFDataRef SOSRecoveryKeyBagCopyEncoded(SOSRecoveryKeyBagRef RecoveryKeyBag, CFErrorRef* error); +SOSRecoveryKeyBagRef SOSRecoveryKeyBagCreateFromData(CFAllocatorRef allocator, CFDataRef data, CFErrorRef *error); +CFDataRef SOSRecoveryKeyBagGetKeyData(SOSRecoveryKeyBagRef rkbg, CFErrorRef *error); + +bool SOSRecoveryKeyBagDSIDIs(SOSRecoveryKeyBagRef rkbg, CFStringRef dsid);; + +// Der encoding +const uint8_t* der_decode_RecoveryKeyBag(CFAllocatorRef allocator, + SOSRecoveryKeyBagRef* RecoveryKeyBag, CFErrorRef *error, + const uint8_t* der, const uint8_t *der_end); + +size_t der_sizeof_RecoveryKeyBag(SOSRecoveryKeyBagRef RecoveryKeyBag, CFErrorRef *error); +uint8_t* der_encode_RecoveryKeyBag(SOSRecoveryKeyBagRef RecoveryKeyBag, CFErrorRef *error, + const uint8_t *der, uint8_t *der_end); + +#endif /* SOSRecoveryKeyBag_h */ diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSRing.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSRing.h index f79e2858..97687345 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSRing.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSRing.h @@ -15,7 +15,6 @@ #include #include #include - #include typedef struct __OpaqueSOSRing *SOSRingRef; @@ -36,12 +35,12 @@ enum { kSOSRingPeerKeyed = 2, kSOSRingEntropyKeyed = 3, kSOSRingPKKeyed = 4, - kSOSRingTypeCount = 5, + kSOSRingRecovery = 5, + kSOSRingTypeCount = 6, kSOSRingTypeError = 0xfbad, }; typedef uint32_t SOSRingType; - CFTypeID SOSRingGetTypeID(void); SOSRingRef SOSRingCreate(CFStringRef name, CFStringRef myPeerID, SOSRingType type, CFErrorRef *error); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSRingBackup.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSRingBackup.c index 75d448f5..667af5d9 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSRingBackup.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSRingBackup.c @@ -28,87 +28,14 @@ #include "SOSRingUtils.h" #include "SOSRingTypes.h" +#include "SOSRingBasic.h" // MARK: Backup Ring Ops static SOSRingRef SOSRingCreate_Backup(CFStringRef name, CFStringRef myPeerID, CFErrorRef *error) { - SOSRingRef retval = NULL; - retval = SOSRingCreate_Internal(name, kSOSRingBackup, error); - if(!retval) return NULL; - SOSRingSetLastModifier(retval, myPeerID); - return retval; + return SOSRingCreate_ForType(name, kSOSRingBackup, myPeerID, error); } -static bool SOSRingResetToEmpty_Backup(SOSRingRef ring, CFStringRef myPeerID, CFErrorRef *error) { - return SOSRingResetToEmpty_Internal(ring, error) && SOSRingSetLastModifier(ring, myPeerID); -} - -static bool SOSRingResetToOffering_Backup(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) { - CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor)); - SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error); - bool retval = priv && myPeerID && - SOSRingResetToEmpty_Internal(ring, error) && - SOSRingAddPeerID(ring, myPeerID) && - SOSRingSetLastModifier(ring, myPeerID) && - SOSRingGenerationSign_Internal(ring, priv, error); - if(user_privkey) SOSRingConcordanceSign_Internal(ring, user_privkey, error); - CFReleaseNull(priv); - return retval; -} - -static SOSRingStatus SOSRingDeviceIsInRing_Backup(SOSRingRef ring, CFStringRef peerID) { - if(SOSRingHasPeerID(ring, peerID)) return kSOSRingMember; - if(SOSRingHasApplicant(ring, peerID)) return kSOSRingApplicant; - if(SOSRingHasRejection(ring, peerID)) return kSOSRingReject; - return kSOSRingNotInRing; -} - -static bool SOSRingApply_Backup(SOSRingRef ring, SecKeyRef user_pubkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) { - bool retval = false; - CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor)); - SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error); - require_action_quiet(SOSRingDeviceIsInRing_Backup(ring, myPeerID) == kSOSRingNotInRing, errOut, secnotice("ring", "Already associated with ring")); - retval = priv && myPeerID && - SOSRingAddPeerID(ring, myPeerID) && - SOSRingSetLastModifier(ring, myPeerID) && - SOSRingGenerationSign_Internal(ring, priv, error); - CFReleaseNull(priv); -errOut: - return retval; - -} - -static bool SOSRingWithdraw_Backup(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) { - CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor)); - if(SOSRingHasPeerID(ring, myPeerID)) { - SOSRingRemovePeerID(ring, myPeerID); - } else if(SOSRingHasApplicant(ring, myPeerID)) { - SOSRingRemoveApplicant(ring, myPeerID); - } else if(SOSRingHasRejection(ring, myPeerID)) { - SOSRingRemoveRejection(ring, myPeerID); - } else { - SOSCreateError(kSOSErrorPeerNotFound, CFSTR("Not associated with Ring"), NULL, error); - return false; - } - SOSRingSetLastModifier(ring, myPeerID); - - SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error); - SOSRingGenerationSign_Internal(ring, priv, error); - if(user_privkey) SOSRingConcordanceSign_Internal(ring, user_privkey, error); - CFReleaseNull(priv); - return true; -} - -static bool SOSRingGenerationSign_Backup(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) { - CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor)); - SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error); - bool retval = priv && myPeerID && - SOSRingSetLastModifier(ring, myPeerID) && - SOSRingGenerationSign_Internal(ring, priv, error); - if(user_privkey) SOSRingConcordanceSign_Internal(ring, user_privkey, error); - CFReleaseNull(priv); - return retval; -} // Make sure all the peers in the ring have access to the ring views static bool SOSBackupRingPeersInViews(CFSetRef peers, SOSRingRef ring) { @@ -183,33 +110,6 @@ static SOSConcordanceStatus SOSRingPeerKeyConcordanceTrust_Backup(SOSFullPeerInf return GetSignersStatus_Transitive(peers, knownRing, proposedRing, userPubkey, excludePeerID, error); } - -static bool SOSRingConcordanceSign_Backup(SOSRingRef ring, SOSFullPeerInfoRef requestor, CFErrorRef *error) { - CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor)); - SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error); - bool retval = priv && myPeerID && - SOSRingSetLastModifier(ring, myPeerID) && - SOSRingConcordanceSign_Internal(ring, priv, error); - CFReleaseNull(priv); - return retval; -} - -static bool SOSRingSetPayload_Backup(SOSRingRef ring, SecKeyRef user_privkey, CFDataRef payload, SOSFullPeerInfoRef requestor, CFErrorRef *error) { - CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor)); - SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error); - bool retval = priv && myPeerID && - SOSRingSetLastModifier(ring, myPeerID) && - SOSRingSetPayload_Internal(ring, payload) && - SOSRingGenerationSign_Internal(ring, priv, error); - if(user_privkey) SOSRingConcordanceSign_Internal(ring, user_privkey, error); - CFReleaseNull(priv); - return retval; -} - -static CFDataRef SOSRingGetPayload_Backup(SOSRingRef ring, CFErrorRef *error) { - return SOSRingGetPayload_Internal(ring); -} - bool SOSBackupRingSetViews(SOSRingRef ring, SOSFullPeerInfoRef requestor, CFSetRef viewSet, CFErrorRef *error) { CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor)); SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error); @@ -229,16 +129,16 @@ ringFuncStruct backup = { "Backup", 1, SOSRingCreate_Backup, - SOSRingResetToEmpty_Backup, - SOSRingResetToOffering_Backup, - SOSRingDeviceIsInRing_Backup, - SOSRingApply_Backup, - SOSRingWithdraw_Backup, - SOSRingGenerationSign_Backup, - SOSRingConcordanceSign_Backup, + SOSRingResetToEmpty_Basic, + SOSRingResetToOffering_Basic, + SOSRingDeviceIsInRing_Basic, + SOSRingApply_Basic, + SOSRingWithdraw_Basic, + SOSRingGenerationSign_Basic, + SOSRingConcordanceSign_Basic, SOSRingPeerKeyConcordanceTrust_Backup, NULL, NULL, - SOSRingSetPayload_Backup, - SOSRingGetPayload_Backup, + SOSRingSetPayload_Basic, + SOSRingGetPayload_Basic, }; diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSRingBasic.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSRingBasic.c index d6f43442..673eddae 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSRingBasic.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSRingBasic.c @@ -30,19 +30,15 @@ // MARK: Basic Ring Ops -static SOSRingRef SOSRingCreate_Basic(CFStringRef name, CFStringRef myPeerID, CFErrorRef *error) { - SOSRingRef retval = NULL; - retval = SOSRingCreate_Internal(name, 0, error); - if(!retval) return NULL; - SOSRingSetLastModifier(retval, myPeerID); - return retval; +SOSRingRef SOSRingCreate_Basic(CFStringRef name, CFStringRef myPeerID, CFErrorRef *error) { + return SOSRingCreate_ForType(name, kSOSRingBase, myPeerID, error); } -static bool SOSRingResetToEmpty_Basic(SOSRingRef ring, CFStringRef myPeerID, CFErrorRef *error) { +bool SOSRingResetToEmpty_Basic(SOSRingRef ring, CFStringRef myPeerID, CFErrorRef *error) { return SOSRingResetToEmpty_Internal(ring, error) && SOSRingSetLastModifier(ring, myPeerID); } -static bool SOSRingResetToOffering_Basic(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) { +bool SOSRingResetToOffering_Basic(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) { CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor)); SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error); bool retval = priv && myPeerID && @@ -55,14 +51,14 @@ static bool SOSRingResetToOffering_Basic(SOSRingRef ring, SecKeyRef user_privkey return retval; } -static SOSRingStatus SOSRingDeviceIsInRing_Basic(SOSRingRef ring, CFStringRef peerID) { +SOSRingStatus SOSRingDeviceIsInRing_Basic(SOSRingRef ring, CFStringRef peerID) { if(SOSRingHasPeerID(ring, peerID)) return kSOSRingMember; if(SOSRingHasApplicant(ring, peerID)) return kSOSRingApplicant; if(SOSRingHasRejection(ring, peerID)) return kSOSRingReject; return kSOSRingNotInRing; } -static bool SOSRingApply_Basic(SOSRingRef ring, SecKeyRef user_pubkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) { +bool SOSRingApply_Basic(SOSRingRef ring, SecKeyRef user_pubkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) { bool retval = false; CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor)); SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error); @@ -77,7 +73,7 @@ errOut: } -static bool SOSRingWithdraw_Basic(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) { +bool SOSRingWithdraw_Basic(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) { CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor)); if(SOSRingHasPeerID(ring, myPeerID)) { SOSRingRemovePeerID(ring, myPeerID); @@ -98,7 +94,7 @@ static bool SOSRingWithdraw_Basic(SOSRingRef ring, SecKeyRef user_privkey, SOSFu return true; } -static bool SOSRingGenerationSign_Basic(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) { +bool SOSRingGenerationSign_Basic(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) { CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor)); SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error); bool retval = priv && myPeerID && @@ -109,7 +105,7 @@ static bool SOSRingGenerationSign_Basic(SOSRingRef ring, SecKeyRef user_privkey, return retval; } -static bool SOSRingConcordanceSign_Basic(SOSRingRef ring, SOSFullPeerInfoRef requestor, CFErrorRef *error) { +bool SOSRingConcordanceSign_Basic(SOSRingRef ring, SOSFullPeerInfoRef requestor, CFErrorRef *error) { CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor)); SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error); bool retval = priv && myPeerID && @@ -119,7 +115,7 @@ static bool SOSRingConcordanceSign_Basic(SOSRingRef ring, SOSFullPeerInfoRef req return retval; } -static bool SOSRingSetPayload_Basic(SOSRingRef ring, SecKeyRef user_privkey, CFDataRef payload, SOSFullPeerInfoRef requestor, CFErrorRef *error) { +bool SOSRingSetPayload_Basic(SOSRingRef ring, SecKeyRef user_privkey, CFDataRef payload, SOSFullPeerInfoRef requestor, CFErrorRef *error) { CFStringRef myPeerID = SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(requestor)); SecKeyRef priv = SOSFullPeerInfoCopyDeviceKey(requestor, error); bool retval = priv && myPeerID && @@ -131,7 +127,7 @@ static bool SOSRingSetPayload_Basic(SOSRingRef ring, SecKeyRef user_privkey, CFD return retval; } -static CFDataRef SOSRingGetPayload_Basic(SOSRingRef ring, CFErrorRef *error) { +CFDataRef SOSRingGetPayload_Basic(SOSRingRef ring, CFErrorRef *error) { return SOSRingGetPayload_Internal(ring); } diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSRingBasic.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSRingBasic.h index c09c91fe..85dfdf49 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSRingBasic.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSRingBasic.h @@ -11,6 +11,18 @@ #include "SOSRingTypes.h" +SOSRingRef SOSRingCreate_Basic(CFStringRef name, CFStringRef myPeerID, CFErrorRef *error); +bool SOSRingResetToEmpty_Basic(SOSRingRef ring, CFStringRef myPeerID, CFErrorRef *error); +SOSRingStatus SOSRingDeviceIsInRing_Basic(SOSRingRef ring, CFStringRef peerID); + +bool SOSRingResetToOffering_Basic(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error); +bool SOSRingApply_Basic(SOSRingRef ring, SecKeyRef user_pubkey, SOSFullPeerInfoRef requestor, CFErrorRef *error); +bool SOSRingWithdraw_Basic(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error); +bool SOSRingGenerationSign_Basic(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error); +bool SOSRingConcordanceSign_Basic(SOSRingRef ring, SOSFullPeerInfoRef requestor, CFErrorRef *error); +bool SOSRingSetPayload_Basic(SOSRingRef ring, SecKeyRef user_privkey, CFDataRef payload, SOSFullPeerInfoRef requestor, CFErrorRef *error); +CFDataRef SOSRingGetPayload_Basic(SOSRingRef ring, CFErrorRef *error); + extern ringFuncStruct basic; #endif /* defined(_sec_SOSRingBasic_) */ diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSRingRecovery.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSRingRecovery.c new file mode 100644 index 00000000..4faf03d6 --- /dev/null +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSRingRecovery.c @@ -0,0 +1,122 @@ +/* + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +// +// SOSRingRecovery.c +// sec +// + +#include "SOSRingRecovery.h" +#include "SOSRingBackup.h" + +#include + +#include +#include +#include +#include +#include +#include + +#include + +#include +#include +#include + +#include + +#include +#include + +#include "SOSRingUtils.h" +#include "SOSRingTypes.h" +#include "SOSRingBasic.h" + +// MARK: Recovery Ring Ops + +static SOSRingRef SOSRingCreate_Recovery(CFStringRef name, CFStringRef myPeerID, CFErrorRef *error) { + return SOSRingCreate_ForType(name, kSOSRingRecovery, myPeerID, error); +} + + + +ringFuncStruct recovery = { + "Recovery", + 1, + SOSRingCreate_Recovery, + SOSRingResetToEmpty_Basic, + SOSRingResetToOffering_Basic, + SOSRingDeviceIsInRing_Basic, + SOSRingApply_Basic, + SOSRingWithdraw_Basic, + SOSRingGenerationSign_Basic, + SOSRingConcordanceSign_Basic, + SOSRingPeerKeyConcordanceTrust, + NULL, + NULL, + SOSRingSetPayload_Basic, + SOSRingGetPayload_Basic, +}; + + +static bool isRecoveryRing(SOSRingRef ring, CFErrorRef *error) { + SOSRingType type = SOSRingGetType(ring); + require_quiet(kSOSRingRecovery == type, errOut); + return true; +errOut: + SOSCreateError(kSOSErrorUnexpectedType, CFSTR("Not recovery ring type"), NULL, error); + return false; +} + +bool SOSRingSetRecoveryKeyBag(SOSRingRef ring, SOSFullPeerInfoRef fpi, SOSRecoveryKeyBagRef rkbg, CFErrorRef *error) { + SOSRingAssertStable(ring); + CFDataRef rkbg_as_data = NULL; + bool result = false; + require_quiet(isRecoveryRing(ring, error), errOut); + + rkbg_as_data = SOSRecoveryKeyBagCopyEncoded(rkbg, error); + result = rkbg_as_data && + SOSRingSetPayload(ring, NULL, rkbg_as_data, fpi, error); +errOut: + CFReleaseNull(rkbg_as_data); + return result; +} + +SOSRecoveryKeyBagRef SOSRingCopyRecoveryKeyBag(SOSRingRef ring, CFErrorRef *error) { + SOSRingAssertStable(ring); + + CFDataRef rkbg_as_data = NULL; + SOSRecoveryKeyBagRef result = NULL; + require_quiet(isRecoveryRing(ring, error), errOut); + + rkbg_as_data = SOSRingGetPayload(ring, error); + require_quiet(rkbg_as_data, errOut); + + result = SOSRecoveryKeyBagCreateFromData(kCFAllocatorDefault, rkbg_as_data, error); + +errOut: + return result; +} + + diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSRingRecovery.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSRingRecovery.h new file mode 100644 index 00000000..ac58dbf0 --- /dev/null +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSRingRecovery.h @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +// +// SOSRingRecovery.h +// sec +// + +#ifndef SOSRecoveryRing_h +#define SOSRecoveryRing_h + + +#include "SOSRingTypes.h" +#include +#include + +extern ringFuncStruct recovery; + +static inline CFDataRef SOSRecoveryRingGetKeyBag(SOSRingRef ring, CFErrorRef *error) { + if(SOSRingGetType(ring) != kSOSRingRecovery) return NULL; + return SOSRingGetPayload(ring, error); +} + +bool SOSRingSetRecoveryKeyBag(SOSRingRef ring, SOSFullPeerInfoRef fpi, SOSRecoveryKeyBagRef rkbg, CFErrorRef *error); +SOSRecoveryKeyBagRef SOSRingCopyRecoveryKeyBag(SOSRingRef ring, CFErrorRef *error); + +#endif /* SOSRecoveryRing_h */ diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSRingTypes.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSRingTypes.c index 6b807ba8..845ea54b 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSRingTypes.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSRingTypes.c @@ -1,26 +1,52 @@ +/* + * Copyright (c) 2015-2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + // // SOSRingTypes.c -// sec -// -// Created by Richard Murphy on 2/23/15. -// // #include "SOSRing.h" #include "SOSRingTypes.h" #include "SOSRingBasic.h" #include "SOSRingBackup.h" +#include "SOSRingRecovery.h" #include #include +// These need to track the ring type enums in SOSRingTypes.h static ringFuncs ringTypes[] = { - &basic, - &backup, + &basic, // kSOSRingBase + &backup, // kSOSRingBackup + NULL, // kSOSRingPeerKeyed + NULL, // kSOSRingEntropyKeyed + NULL, // kSOSRingPKKeyed + &recovery, // kSOSRingRecovery }; static const size_t typecount = sizeof(ringTypes) / sizeof(ringFuncs); static bool SOSRingValidType(SOSRingType type) { - return type < typecount; + if(type >= typecount || ringTypes[type] == NULL) return false; + return true; } // MARK: Exported Functions @@ -190,7 +216,7 @@ CFDataRef SOSRingGetPayload(SOSRingRef ring, CFErrorRef *error) { return ringTypes[type]->sosRingGetPayload(ring, error); errOut: SOSCreateError(kSOSErrorUnexpectedType, CFSTR("Not valid ring type"), NULL, error); - return false; + return NULL; } CFSetRef SOSRingGetBackupViewset(SOSRingRef ring, CFErrorRef *error) { @@ -200,7 +226,7 @@ CFSetRef SOSRingGetBackupViewset(SOSRingRef ring, CFErrorRef *error) { return SOSRingGetBackupViewset_Internal(ring); errOut: SOSCreateError(kSOSErrorUnexpectedType, CFSTR("Not backup ring type"), NULL, error); - return false; + return NULL; } static bool isBackupRing(SOSRingRef ring, CFErrorRef *error) { @@ -264,312 +290,3 @@ exit: CFReleaseNull(pubkey); return retval; } - - -#if 0 -static inline -bool SOSAccountKnowsRings(SOSAccountRef account, CFErrorRef *error) { - if(account->rings) return true; - SOSCreateError(kSOSErrorUnsupported, CFSTR("This account doesn't support rings"), NULL, error); - return false; -} - - -// ViewRequirements -bool SOSRingRequirementKnown(SOSAccountRef account, CFStringRef name, CFErrorRef *error) { - bool retval = false; - require_quiet(SOSAccountKnowsRings(account, error), errOut); - retval = CFDictionaryContainsValue(account->rings, name); -errOut: - return retval; -} - -bool SOSRingRequirementCreate(SOSAccountRef account, CFStringRef name, SOSRingType type, CFErrorRef *error) { - if(account->rings) return false; - if(CFDictionaryContainsValue(account->rings, name)) return true; - if(!SOSRingValidType(type)) return false; - SOSRingRef ring = SOSRingCreate(NULL, name, type, error); - if(!ring) return false; - CFDictionaryAddValue(account->rings, name, ring); - return false; -} - -static SOSRingRef getRingFromAccount(SOSAccountRef account, CFStringRef name, CFErrorRef* error) { - SOSRingRef retval = NULL; - require_quiet(SOSAccountKnowsRings(account, error), errOut); - retval = (SOSRingRef) CFDictionaryGetValue(account->rings, name); - -errOut: - return retval; - -} - -// Admins -bool SOSRingRequirementResetToOffering(SOSAccountRef account, CFStringRef name, CFErrorRef* error) { - SOSRingRef ring = getRingFromAccount(account, name, error); - SOSFullPeerInfoRef fpi = SOSAccountGetMyFullPeerInfo(account); - require_action_quiet(ring, errOut, - SOSCreateError(kSOSErrorNoCircle, CFSTR("No ring by name specified"), NULL, error)); - switch(SOSRingGetType(ring)) { - - } - SOSRingResetToOffering(ring, account->__user_private, fpi, error); - -errOut: - return false; -} - - -bool SOSRingRequirementResetToEmpty(SOSAccountRef account, CFStringRef name, CFErrorRef* error) { - return false; -} - - - -// Clients -bool SOSRingRequirementRequestToJoin(SOSAccountRef account, CFStringRef name, CFErrorRef* error) { - return false; -} - -bool SOSRingRequirementRemoveThisDevice(SOSAccountRef account, CFStringRef name, CFErrorRef* error) { - return false; -} - -// Approvers -CFArrayRef SOSRingRequirementGetApplicants(SOSAccountRef account, CFStringRef name, CFErrorRef* error) { - return false; -} - - -bool SOSRingRequirementAcceptApplicants(SOSAccountRef account, CFStringRef name, CFArrayRef applicants, CFErrorRef* error) { - return false; -} - - -bool SOSRingRequirementRejectApplicants(SOSAccountRef account, CFStringRef name, CFArrayRef applicants, CFErrorRef *error) { - return false; -} - - -bool SOSRingResetToOffering(SOSCircleRef circle, SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error){ - - return SOSRingResetToEmpty(ring, error) - && SOSRingRequestAdmission(ring, user_privkey, requestor, error) - && SOSRingAcceptRequest(ring, user_privkey, requestor, SOSFullPeerInfoGetPeerInfo(requestor), error); -} - - -static bool SOSRingRecordAdmissionRequest(SOSRingRef ring, SecKeyRef user_pubkey, CFStringRef peerID, CFErrorRef *error) { - SOSRingAssertStable(ring); - - bool isPeer = SOSRingHasPeerWithID(ring, peerID, error); - require_action_quiet(!isPeer, fail, SOSCreateError(kSOSErrorAlreadyPeer, CFSTR("Cannot request admission when already a peer"), NULL, error)); - CFSetRemoveValue(ring->rejections, requestorPeerInfo); // We remove from rejected list, in case? - CFSetSetValue(ring->applicants, requestorPeerInfo); - - return true; - -fail: - return false; - -} - -bool SOSRingRequestReadmission(SOSRingRef ring, SecKeyRef user_pubkey, SOSPeerInfoRef peer, CFErrorRef *error) { - bool success = false; - - require_quiet(SOSPeerInfoApplicationVerify(peer, user_pubkey, error), fail); - success = SOSRingRecordAdmissionRequest(ring, user_pubkey, peer, error); -fail: - return success; -} - -bool SOSRingRequestAdmission(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, CFErrorRef *error) { - bool success = false; - - SecKeyRef user_pubkey = SecKeyCreatePublicFromPrivate(user_privkey); - require_action_quiet(user_pubkey, fail, SOSCreateError(kSOSErrorBadKey, CFSTR("No public key for key"), NULL, error)); - - require(SOSFullPeerInfoPromoteToApplication(requestor, user_privkey, error), fail); - - success = SOSRingRecordAdmissionRequest(ring, user_pubkey, SOSFullPeerInfoGetPeerInfo(requestor), error); -fail: - CFReleaseNull(user_pubkey); - return success; -} - - -bool SOSRingRemovePeer(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef requestor, SOSPeerInfoRef peer_to_remove, CFErrorRef *error) { - SOSPeerInfoRef requestor_peer_info = SOSFullPeerInfoGetPeerInfo(requestor); - - if (SOSRingHasApplicant(ring, peer_to_remove, error)) { - return SOSRingRejectRequest(ring, requestor, peer_to_remove, error); - } - - if (!SOSRingHasPeer(ring, requestor_peer_info, error)) { - SOSCreateError(kSOSErrorAlreadyPeer, CFSTR("Must be peer to remove peer"), NULL, error); - return false; - } - - CFSetRemoveValue(ring->peers, peer_to_remove); - - SOSRingGenerationSign(ring, user_privkey, requestor, error); - - return true; -} - -bool SOSRingAcceptRequest(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef device_approver, SOSPeerInfoRef peerInfo, CFErrorRef *error) { - SOSRingAssertStable(ring); - - SecKeyRef publicKey = NULL; - bool result = false; - - require_action_quiet(CFSetContainsValue(ring->applicants, peerInfo), fail, - SOSCreateError(kSOSErrorNotApplicant, CFSTR("Cannot accept non-applicant"), NULL, error)); - - publicKey = SecKeyCreatePublicFromPrivate(user_privkey); - require_quiet(SOSPeerInfoApplicationVerify(peerInfo, publicKey, error), fail); - - CFSetRemoveValue(ring->applicants, peerInfo); - CFSetSetValue(ring->peers, peerInfo); - - result = SOSRingGenerationSign(ring, user_privkey, device_approver, error); - secnotice("ring", "Accepted %@", peerInfo); - -fail: - CFReleaseNull(publicKey); - return result; -} - -bool SOSRingWithdrawRequest(SOSRingRef ring, SOSPeerInfoRef peerInfo, CFErrorRef *error) { - SOSRingAssertStable(ring); - - CFSetRemoveValue(ring->applicants, peerInfo); - - return true; -} - -bool SOSRingRemoveRejectedPeer(SOSRingRef ring, SOSPeerInfoRef peerInfo, CFErrorRef *error) { - SOSRingAssertStable(ring); - - CFSetRemoveValue(ring->rejected_applicants, peerInfo); - - return true; -} - - -bool SOSRingRejectRequest(SOSRingRef ring, SOSFullPeerInfoRef device_rejector, - SOSPeerInfoRef peerInfo, CFErrorRef *error) { - SOSRingAssertStable(ring); - - if (CFEqual(SOSPeerInfoGetPeerID(peerInfo), SOSPeerInfoGetPeerID(SOSFullPeerInfoGetPeerInfo(device_rejector)))) - return SOSRingWithdrawRequest(ring, peerInfo, error); - - if (!CFSetContainsValue(ring->applicants, peerInfo)) { - SOSCreateError(kSOSErrorNotApplicant, CFSTR("Cannot reject non-applicant"), NULL, error); - return false; - } - - CFSetRemoveValue(ring->applicants, peerInfo); - CFSetSetValue(ring->rejected_applicants, peerInfo); - - // TODO: Maybe we sign the rejection with device_rejector. - - return true; -} - -bool SOSRingAcceptRequests(SOSRingRef ring, SecKeyRef user_privkey, SOSFullPeerInfoRef device_approver, - CFErrorRef *error) { - // Returns true if we accepted someone and therefore have to post the ring back to KVS - __block bool result = false; - - SOSRingForEachApplicant(ring, ^(SOSPeerInfoRef peer) { - if (!SOSRingAcceptRequest(ring, user_privkey, device_approver, peer, error)) - printf("error in SOSRingAcceptRequest\n"); - else { - secnotice("ring", "Accepted peer: %@", peer); - result = true; - } - }); - - if (result) { - SOSRingGenerationSign(ring, user_privkey, device_approver, error); - secnotice("ring", "Countersigned accepted requests"); - } - - return result; -} - -bool SOSRingPeerSigUpdate(SOSRingRef ring, SecKeyRef userPrivKey, SOSFullPeerInfoRef fpi, - CFErrorRef *error) { - // Returns true if we accepted someone and therefore have to post the ring back to KVS - __block bool result = false; - SecKeyRef userPubKey = SecKeyCreatePublicFromPrivate(userPrivKey); - - // We're going to remove any applicants using a mismatched user key. - SOSRingForEachApplicant(ring, ^(SOSPeerInfoRef peer) { - if(!SOSPeerInfoApplicationVerify(peer, userPubKey, NULL)) { - if(!SOSRingRejectRequest(ring, fpi, peer, NULL)) { - // do we care? - } - } - }); - - result = SOSRingUpdatePeerInfo(ring, SOSFullPeerInfoGetPeerInfo(fpi)); - - if (result) { - SOSRingGenerationSign(ring, userPrivKey, fpi, error); - secnotice("ring", "Generation signed updated signatures on peerinfo"); - } - - return result; -} - - -SOSFullPeerInfoRef SOSRingGetiCloudFullPeerInfoRef(SOSCircleRef circle, SOSRingRef ring) { - __block SOSFullPeerInfoRef cloud_full_peer = NULL; - SOSRingForEachActivePeer(circle, ring, ^(SOSPeerInfoRef peer) { - if (SOSPeerInfoIsCloudIdentity(peer)) { - if (cloud_full_peer == NULL) { - CFErrorRef localError = NULL; - cloud_full_peer = SOSFullPeerInfoCreateCloudIdentity(kCFAllocatorDefault, peer, &localError); - - if (localError) { - secerror("Found cloud peer in ring but can't make full peer: %@", localError); - CFReleaseNull(localError); - } - - } else { - secerror("More than one cloud identity found in ring: %@", ring); - } - } - }); - return cloud_full_peer; -} - - -CFMutableArrayRef SOSRingCopyConcurringPeers(SOSRingRef ring, CFErrorRef* error) { - SOSRingAssertStable(ring); - - CFMutableArrayRef concurringPeers = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault); - - if (!SOSRingAppendConcurringPeers(ring, concurringPeers, error)) - CFReleaseNull(concurringPeers); - - return concurringPeers; -} - - -bool SOSRingAppendConcurringPeers(SOSCircleRef circle, SOSRingRef ring, CFMutableArrayRef appendHere, CFErrorRef *error) { - SOSRingForEachActivePeer(circle, ring, ^(SOSPeerInfoRef peer) { - CFErrorRef localError = NULL; - if (SOSRingVerifyPeerSigned(ring, peer, &localError)) { - CFArrayAppendValue(appendHere, peer); - } else if (error != NULL) { - secerror("Error checking concurrence: %@", localError); - } - CFReleaseNull(localError); - }); - - return true; -} -#endif diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSRingTypes.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSRingTypes.h index 15462c2f..cb9e46d3 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSRingTypes.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSRingTypes.h @@ -1,9 +1,28 @@ +/* + * Copyright (c) 2015-2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + // // SOSRingTypes.h -// sec -// -// Created by Richard Murphy on 2/23/15. -// // #ifndef _sec_SOSRingTypes_ @@ -14,8 +33,6 @@ #include #include #include -#include "SOSRing.h" - typedef struct ringfuncs_t { char *typeName; @@ -55,4 +72,12 @@ CFArrayRef SOSRingRequirementGetApplicants(SOSAccountRef account, CFStringRef na bool SOSRingRequirementAcceptApplicants(SOSAccountRef account, CFStringRef name, CFArrayRef applicants, CFErrorRef* error); bool SOSRingRequirementRejectApplicants(SOSAccountRef account, CFStringRef name, CFArrayRef applicants, CFErrorRef *error); +static inline SOSRingRef SOSRingCreate_ForType(CFStringRef name, SOSRingType type, CFStringRef myPeerID, CFErrorRef *error) { + SOSRingRef retval = NULL; + retval = SOSRingCreate_Internal(name, type, error); + if(!retval) return NULL; + SOSRingSetLastModifier(retval, myPeerID); + return retval; +} + #endif /* defined(_sec_SOSRingTypes_) */ diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSRingUtils.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSRingUtils.c index cc36d298..8483a72f 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSRingUtils.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSRingUtils.c @@ -643,7 +643,7 @@ static bool SOSRingRemoveSignatures(SOSRingRef ring, CFErrorRef *error) { return true; } -static CFDataRef SOSHashSign(SecKeyRef privKey, CFDataRef hash, CFErrorRef *error) { +static CFDataRef SOSCopySignedHash(SecKeyRef privKey, CFDataRef hash, CFErrorRef *error) { size_t siglen = SecKeyGetSize(privKey, kSecKeySignatureSize)+16; uint8_t sig[siglen]; OSStatus stat = SecKeyRawSign(privKey, kSecPaddingNone, CFDataGetBytePtr(hash), CFDataGetLength(hash), sig, &siglen); @@ -661,7 +661,7 @@ static bool SOSRingSign(SOSRingRef ring, SecKeyRef privKey, CFErrorRef *error) { } const struct ccdigest_info *di = ccsha256_di(); CFDataRef hash = SOSRingCreateHash(di, ring, error); - CFDataRef signature = SOSHashSign(privKey, hash, error); + CFDataRef signature = SOSCopySignedHash(privKey, hash, error); SOSRingSetSignature(ring, privKey, signature, error); CFRelease(signature); CFReleaseNull(hash); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSSysdiagnose.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSSysdiagnose.c index 9975c403..780651d9 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSSysdiagnose.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSSysdiagnose.c @@ -42,6 +42,8 @@ #include "keychain_log.h" #include "secToolFileIO.h" #include "secViewDisplay.h" +#include "accountCirclesViewsPrint.h" + #include @@ -66,462 +68,6 @@ use_default: return retval; } - - -#define MAXKVSKEYTYPE kUnknownKey -#define DATE_LENGTH 18 - -// -// secToolFileIO.c -// sec -// -// Created by Richard Murphy on 1/22/16. -// -// - -#include -#include -#include - -#define printmsg(format, ...) _printcfmsg(outFile, NULL, format, __VA_ARGS__) -#define printmsgWithFormatOptions(formatOptions, format, ...) _printcfmsg(outFile, formatOptions, format, __VA_ARGS__) -#define printerr(format, ...) _printcfmsg(errFile, NULL, format, __VA_ARGS__) - - -FILE *outFile = NULL; -FILE *errFile = NULL; - -void _printcfmsg(FILE *ff, CFDictionaryRef formatOptions, CFStringRef format, ...) -{ - va_list args; - va_start(args, format); - CFStringRef message = CFStringCreateWithFormatAndArguments(kCFAllocatorDefault, formatOptions, format, args); - va_end(args); - CFStringPerformWithCString(message, ^(const char *utf8String) { fprintf(ff, utf8String, ""); }); - CFRelease(message); -} - - -int setOutputTo(char *dir, char *filename) { - size_t pathlen = 0; - - if(dir && filename) { - pathlen = strlen(dir) + strlen(filename) + 2; - char path[pathlen]; - snprintf(path, pathlen, "%s/%s", dir, filename); - outFile = fopen(path, "a"); - } else if(dir || filename) { - outFile = stdout; - return -1; - } else { - outFile = stdout; - } - errFile = stderr; - return 0; -} - -void closeOutput(void) { - if(outFile != stdout) { - fclose(outFile); - } - outFile = stdout; -} - -int copyFileToOutputDir(char *dir, char *toCopy) { - char *bname = basename(toCopy); - char destpath[256]; - int status; - copyfile_state_t cpfilestate = copyfile_state_alloc(); - - status = snprintf(destpath, 256, "%s/%s", dir, bname); - if(status < 0 || status > 256) return -1; - - int retval = copyfile(toCopy, destpath, cpfilestate, COPYFILE_ALL); - - copyfile_state_free(cpfilestate); - return retval; -} - - - -static const char *getSOSCCStatusDescription(SOSCCStatus ccstatus) -{ - switch (ccstatus) - { - case kSOSCCInCircle: return "In Circle"; - case kSOSCCNotInCircle: return "Not in Circle"; - case kSOSCCRequestPending: return "Request pending"; - case kSOSCCCircleAbsent: return "Circle absent"; - case kSOSCCError: return "Circle error"; - - default: - return ""; - break; - } -} - -static void printPeerInfos(char *label, CFArrayRef (^getArray)(CFErrorRef *error)) { - CFErrorRef error = NULL; - CFArrayRef ppi = getArray(&error); - SOSPeerInfoRef me = SOSCCCopyMyPeerInfo(NULL); - CFStringRef mypeerID = SOSPeerInfoGetPeerID(me); - - if(ppi) { - printmsg(CFSTR("%s count: %ld\n"), label, (long)CFArrayGetCount(ppi)); - CFArrayForEach(ppi, ^(const void *value) { - char buf[160]; - SOSPeerInfoRef peer = (SOSPeerInfoRef)value; - CFIndex version = SOSPeerInfoGetVersion(peer); - CFStringRef peerName = SOSPeerInfoGetPeerName(peer); - CFStringRef devtype = SOSPeerInfoGetPeerDeviceType(peer); - CFStringRef peerID = SOSPeerInfoGetPeerID(peer); - CFStringRef transportType = CFSTR("KVS"); - CFStringRef deviceID = CFSTR(""); - CFDictionaryRef gestalt = SOSPeerInfoCopyPeerGestalt(peer); - CFStringRef osVersion = CFDictionaryGetValue(gestalt, CFSTR("OSVersion")); - CFReleaseNull(gestalt); - - - if(version >= 2){ - CFDictionaryRef v2Dictionary = peer->v2Dictionary; - transportType = CFDictionaryGetValue(v2Dictionary, sTransportType); - deviceID = CFDictionaryGetValue(v2Dictionary, sDeviceID); - } - char *pname = CFStringToCString(peerName); - char *dname = CFStringToCString(devtype); - char *tname = CFStringToCString(transportType); - char *iname = CFStringToCString(deviceID); - char *osname = CFStringToCString(osVersion); - const char *me = CFEqualSafe(mypeerID, peerID) ? "me>" : " "; - - - snprintf(buf, 160, "%s %s: %-16s %-16s %-16s %-16s", me, label, pname, dname, tname, iname); - - free(pname); - free(dname); - CFStringRef pid = SOSPeerInfoGetPeerID(peer); - CFIndex vers = SOSPeerInfoGetVersion(peer); - printmsg(CFSTR("%s %@ V%d OS:%s\n"), buf, pid, vers, osname); - free(osname); - }); - } else { - printmsg(CFSTR("No %s, error: %@\n"), label, error); - } - CFReleaseNull(ppi); - CFReleaseNull(error); -} - -static void dumpCircleInfo() -{ - CFErrorRef error = NULL; - CFArrayRef generations = NULL; - CFArrayRef confirmedDigests = NULL; - bool is_user_public_trusted = false; - __block int count = 0; - - SOSCCStatus ccstatus = SOSCCThisDeviceIsInCircle(&error); - if(ccstatus == kSOSCCError) { - printmsg(CFSTR("End of Dump - unable to proceed due to ccstatus (%s) error: %@\n"), getSOSCCStatusDescription(ccstatus), error); - return; - } - printmsg(CFSTR("ccstatus: %s (%d)\n"), getSOSCCStatusDescription(ccstatus), ccstatus, error); - - is_user_public_trusted = SOSCCValidateUserPublic(&error); - if(is_user_public_trusted) - printmsg(CFSTR("Account user public is trusted%@"),CFSTR("\n")); - else - printmsg(CFSTR("Account user public is not trusted error:(%@)\n"), error); - CFReleaseNull(error); - - generations = SOSCCCopyGenerationPeerInfo(&error); - if(generations) { - CFArrayForEach(generations, ^(const void *value) { - count++; - if(count%2 == 0) - printmsg(CFSTR("Circle name: %@, "),value); - - if(count%2 != 0) { - CFStringRef genDesc = SOSGenerationCountCopyDescription(value); - printmsg(CFSTR("Generation Count: %@"), genDesc); - CFReleaseNull(genDesc); - } - printmsg(CFSTR("%s\n"), ""); - }); - } else { - printmsg(CFSTR("No generation count: %@\n"), error); - } - CFReleaseNull(generations); - CFReleaseNull(error); - - printPeerInfos(" Peers", ^(CFErrorRef *error) { return SOSCCCopyValidPeerPeerInfo(error); }); - printPeerInfos(" Invalid", ^(CFErrorRef *error) { return SOSCCCopyNotValidPeerPeerInfo(error); }); - printPeerInfos(" Retired", ^(CFErrorRef *error) { return SOSCCCopyRetirementPeerInfo(error); }); - printPeerInfos(" Concur", ^(CFErrorRef *error) { return SOSCCCopyConcurringPeerPeerInfo(error); }); - printPeerInfos("Applicants", ^(CFErrorRef *error) { return SOSCCCopyApplicantPeerInfo(error); }); - - confirmedDigests = SOSCCCopyEngineState(&error); - if(confirmedDigests) - { - count = 0; - CFArrayForEach(confirmedDigests, ^(const void *value) { - count++; - if(count % 2 != 0) - printmsg(CFSTR("%@"), value); - - if(count % 2 == 0) { - CFStringRef hexDigest = CFDataCopyHexString(value); - printmsg(CFSTR(" %@\n"), hexDigest); - CFReleaseSafe(hexDigest); - } - }); - } - else - printmsg(CFSTR("No engine peers: %@\n"), error); - CFReleaseNull(confirmedDigests); -} - -static CFTypeRef getObjectsFromCloud(CFArrayRef keysToGet, dispatch_queue_t processQueue, dispatch_group_t dgroup) -{ - __block CFTypeRef object = NULL; - - const uint64_t maxTimeToWaitInSeconds = 30ull * NSEC_PER_SEC; - dispatch_semaphore_t waitSemaphore = dispatch_semaphore_create(0); - dispatch_time_t finishTime = dispatch_time(DISPATCH_TIME_NOW, maxTimeToWaitInSeconds); - - dispatch_group_enter(dgroup); - - CloudKeychainReplyBlock replyBlock = - ^ (CFDictionaryRef returnedValues, CFErrorRef error) - { - secinfo("sync", "SOSCloudKeychainGetObjectsFromCloud returned: %@", returnedValues); - object = returnedValues; - if (object) - CFRetain(object); - if (error) - { - secerror("SOSCloudKeychainGetObjectsFromCloud returned error: %@", error); - // CFRelease(*error); - } - dispatch_group_leave(dgroup); - secinfo("sync", "SOSCloudKeychainGetObjectsFromCloud block exit: %@", object); - dispatch_semaphore_signal(waitSemaphore); - }; - - if (!keysToGet) - SOSCloudKeychainGetAllObjectsFromCloud(processQueue, replyBlock); - else - SOSCloudKeychainGetObjectsFromCloud(keysToGet, processQueue, replyBlock); - - dispatch_semaphore_wait(waitSemaphore, finishTime); - dispatch_release(waitSemaphore); - if (object && (CFGetTypeID(object) == CFNullGetTypeID())) // return a NULL instead of a CFNull - { - CFRelease(object); - object = NULL; - } - secerror("returned: %@", object); - return object; -} - -static CFStringRef printFullDataString(CFDataRef data){ - __block CFStringRef fullData = NULL; - - BufferPerformWithHexString(CFDataGetBytePtr(data), CFDataGetLength(data), ^(CFStringRef dataHex) { - fullData = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("%@"), dataHex); - }); - - return fullData; -} - -static void displayLastKeyParameters(CFTypeRef key, CFTypeRef value) -{ - CFDataRef valueAsData = asData(value, NULL); - if(valueAsData){ - CFDataRef dateData = CFDataCreateCopyFromRange(kCFAllocatorDefault, valueAsData, CFRangeMake(0, DATE_LENGTH)); - CFDataRef keyParameterData = CFDataCreateCopyFromPositions(kCFAllocatorDefault, valueAsData, DATE_LENGTH, CFDataGetLength(valueAsData)); - CFStringRef dateString = CFStringCreateFromExternalRepresentation(kCFAllocatorDefault, dateData, kCFStringEncodingUTF8); - CFStringRef keyParameterDescription = UserParametersDescription(keyParameterData); - if(keyParameterDescription) - printmsg(CFSTR("%@: %@: %@\n"), key, dateString, keyParameterDescription); - else - printmsg(CFSTR("%@: %@\n"), key, printFullDataString(value)); - CFReleaseNull(dateString); - CFReleaseNull(keyParameterData); - CFReleaseNull(dateData); - CFReleaseNull(keyParameterDescription); - } - else{ - printmsg(CFSTR("%@: %@\n"), key, value); - } -} - -static void displayKeyParameters(CFTypeRef key, CFTypeRef value) -{ - if(isData(value)){ - CFStringRef keyParameterDescription = UserParametersDescription((CFDataRef)value); - - if(keyParameterDescription) - printmsg(CFSTR("%@: %@\n"), key, keyParameterDescription); - else - printmsg(CFSTR("%@: %@\n"), key, value); - - CFReleaseNull(keyParameterDescription); - } - else{ - printmsg(CFSTR("%@: %@\n"), key, value); - } -} - -static void displayLastCircle(CFTypeRef key, CFTypeRef value) -{ - CFDataRef valueAsData = asData(value, NULL); - if(valueAsData){ - CFErrorRef localError = NULL; - - CFDataRef dateData = CFDataCreateCopyFromRange(kCFAllocatorDefault, valueAsData, CFRangeMake(0, DATE_LENGTH)); - CFDataRef circleData = CFDataCreateCopyFromPositions(kCFAllocatorDefault, valueAsData, DATE_LENGTH, CFDataGetLength(valueAsData)); - CFStringRef dateString = CFStringCreateFromExternalRepresentation(kCFAllocatorDefault, dateData, kCFStringEncodingUTF8); - SOSCircleRef circle = SOSCircleCreateFromData(NULL, (CFDataRef) circleData, &localError); - - if(circle){ - CFIndex size = 5; - CFNumberRef idLength = CFNumberCreate(kCFAllocatorDefault, kCFNumberCFIndexType, &size); - CFDictionaryRef format = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, CFSTR("SyncD"), CFSTR("SyncD"), CFSTR("idLength"), idLength, NULL); - printmsgWithFormatOptions(format, CFSTR("%@: %@: %@\n"), key, dateString, circle); - CFReleaseNull(idLength); - CFReleaseNull(format); - - } - else - printmsg(CFSTR("%@: %@\n"), key, printFullDataString(circleData)); - - CFReleaseNull(dateString); - CFReleaseNull(circleData); - CFReleaseSafe(circle); - CFReleaseNull(dateData); - CFReleaseNull(localError); - } - else{ - printmsg(CFSTR("%@: %@\n"), key, value); - } -} - -static void displayCircle(CFTypeRef key, CFTypeRef value) -{ - CFDataRef circleData = (CFDataRef)value; - - CFErrorRef localError = NULL; - if (isData(circleData)) - { - CFIndex size = 5; - CFNumberRef idLength = CFNumberCreate(kCFAllocatorDefault, kCFNumberCFIndexType, &size); - CFDictionaryRef format = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, CFSTR("SyncD"), CFSTR("SyncD"), CFSTR("idLength"), idLength, NULL); - SOSCircleRef circle = SOSCircleCreateFromData(NULL, circleData, &localError); - printmsgWithFormatOptions(format, CFSTR("%@: %@\n"), key, circle); - CFReleaseSafe(circle); - CFReleaseNull(idLength); - CFReleaseNull(format); - - } - else - printmsg(CFSTR("%@: %@\n"), key, value); -} - -static void displayMessage(CFTypeRef key, CFTypeRef value) -{ - CFDataRef message = (CFDataRef)value; - if(isData(message)){ - const char* messageType = SecOTRPacketTypeString(message); - printmsg(CFSTR("%@: %s: %ld\n"), key, messageType, CFDataGetLength(message)); - } - else - printmsg(CFSTR("%@: %@\n"), key, value); -} - -static void printEverything(CFTypeRef objects) -{ - CFDictionaryForEach(objects, ^(const void *key, const void *value) { - if (isData(value)) - { - printmsg(CFSTR("%@: %@\n\n"), key, printFullDataString(value)); - } - else - printmsg(CFSTR("%@: %@\n"), key, value); - }); - -} - -static void decodeForKeyType(CFTypeRef key, CFTypeRef value, SOSKVSKeyType type){ - switch (type) { - case kCircleKey: - displayCircle(key, value); - break; - case kRetirementKey: - case kMessageKey: - displayMessage(key, value); - break; - case kParametersKey: - displayKeyParameters(key, value); - break; - case kLastKeyParameterKey: - displayLastKeyParameters(key, value); - break; - case kLastCircleKey: - displayLastCircle(key, value); - break; - case kInitialSyncKey: - case kAccountChangedKey: - case kDebugInfoKey: - case kRingKey: - case kPeerInfoKey: - default: - printmsg(CFSTR("%@: %@\n"), key, value); - break; - } -} - -static void decodeAllTheValues(CFTypeRef objects){ - SOSKVSKeyType keyType = 0; - __block bool didPrint = false; - - for (keyType = 0; keyType <= MAXKVSKEYTYPE; keyType++){ - CFDictionaryForEach(objects, ^(const void *key, const void *value) { - if(SOSKVSKeyGetKeyType(key) == keyType){ - decodeForKeyType(key, value, keyType); - didPrint = true; - } - }); - if(didPrint) - printmsg(CFSTR("%@\n"), CFSTR("")); - didPrint = false; - } -} -static bool dumpKVS(char *itemName, CFErrorRef *err) -{ - CFArrayRef keysToGet = NULL; - if (itemName) - { - CFStringRef itemStr = CFStringCreateWithCString(kCFAllocatorDefault, itemName, kCFStringEncodingUTF8); - fprintf(outFile, "Retrieving %s from KVS\n", itemName); - keysToGet = CFArrayCreateForCFTypes(kCFAllocatorDefault, itemStr, NULL); - CFReleaseSafe(itemStr); - } - dispatch_queue_t generalq = dispatch_queue_create("general", DISPATCH_QUEUE_SERIAL); - dispatch_group_t work_group = dispatch_group_create(); - CFTypeRef objects = getObjectsFromCloud(keysToGet, generalq, work_group); - CFReleaseSafe(keysToGet); - if (objects) - { - fprintf(outFile, "All keys and values straight from KVS\n"); - printEverything(objects); - fprintf(outFile, "\nAll values in decoded form...\n"); - decodeAllTheValues(objects); - } - fprintf(outFile, "\n"); - return true; -} - - static char *createDateStrNow() { char *retval = NULL; time_t clock; @@ -609,7 +155,7 @@ static char *sysdiagnose_dump(const char *dirname) { mkdir(outputDir, 0700); - setOutputTo(outputDir, "sw_vers.log"); + SOSLogSetOutputTo(outputDir, "sw_vers.log"); // report uname stuff + hostname fprintf(outFile, "HostName: %s\n", hostname); fprintf(outFile, "ProductName: %s\n", productName); @@ -617,17 +163,17 @@ static char *sysdiagnose_dump(const char *dirname) { fprintf(outFile, "BuildVersion: %s\n", buildVersion); closeOutput(); - setOutputTo(outputDir, "syncD.log"); + SOSLogSetOutputTo(outputDir, "syncD.log"); // do sync -D - dumpKVS(optarg, NULL); + SOSCCDumpCircleKVSInformation(optarg); closeOutput(); - setOutputTo(outputDir, "synci.log"); + SOSLogSetOutputTo(outputDir, "synci.log"); // do sync -i - dumpCircleInfo(); + SOSCCDumpCircleInformation(); closeOutput(); - setOutputTo(outputDir, "syncL.log"); + SOSLogSetOutputTo(outputDir, "syncL.log"); // do sync -L listviewcmd(NULL); closeOutput(); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransport.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransport.c index 8e671deb..4783d877 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransport.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransport.c @@ -11,7 +11,6 @@ #include #include -#include #include #include #include @@ -189,12 +188,14 @@ void SOSUpdateKeyInterest(SOSAccountRef account) // secnotice("key-interests", "Updating interests: %@", keyDict); - SOSCloudKeychainUpdateKeys(keyDict, dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^(CFDictionaryRef returnedValues, CFErrorRef error) { + CFStringRef uuid = SOSAccountCopyUUID(account); + SOSCloudKeychainUpdateKeys(keyDict, uuid, dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^(CFDictionaryRef returnedValues, CFErrorRef error) { if (error) { secerror("Error updating keys: %@", error); } }); - + CFReleaseNull(uuid); + CFReleaseNull(alwaysKeys); CFReleaseNull(afterFirstUnlockKeys); CFReleaseNull(whenUnlockedKeys); @@ -230,15 +231,15 @@ static void showWhatWasHandled(CFDictionaryRef updates, CFMutableArrayRef handle #define KVS_STATE_INTERVAL 50 CF_RETURNS_RETAINED -CFMutableArrayRef SOSTransportDispatchMessages(SOSAccountRef account, CFDictionaryRef updates, CFErrorRef *error){ - static int KVSLogCountDown = 0; +CFMutableArrayRef SOSTransportDispatchMessages(SOSAccountTransactionRef txn, CFDictionaryRef updates, CFErrorRef *error){ + SOSAccountRef account = txn->account; CFMutableArrayRef handledKeys = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault); CFStringRef dsid = NULL; if(CFDictionaryGetValueIfPresent(updates, kSOSKVSAccountChangedKey, (const void**)&dsid)){ secnotice("accountChange", "SOSTransportDispatchMessages received kSOSKVSAccountChangedKey"); - KVSLogCountDown = 0; // Get an initial check on KVS values + // While changing accounts we may modify the key params array. To avoid stepping on ourselves we // copy the list for iteration. Now modifying the transport outside of the list iteration. CFMutableArrayRef transportsToUse = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault); @@ -439,81 +440,39 @@ CFMutableArrayRef SOSTransportDispatchMessages(SOSAccountRef account, CFDictiona } if(CFDictionaryGetCount(circle_peer_messages_table)) { CFArrayForEach(SOSGetTransportMessages(), ^(const void *value) { - SOSTransportMessageRef tkvs = (SOSTransportMessageRef) value; - - if(SOSTransportMessageGetTransportType(tkvs, error) == kIDSTest){ //this case is for the IDS test transport - if(CFEqualSafe(SOSTransportMessageGetAccount((SOSTransportMessageRef)value), account)){ - CFErrorRef handleMessagesError = NULL; - CFDictionaryRef handledPeers = SOSTransportMessageHandleMessages(account->ids_message_transport, circle_peer_messages_table, &handleMessagesError); - - if (handledPeers) { - // We need to look for and send responses. - SOSAccountSendIKSPSyncList(account, error); - SOSAccountSyncWithAllKVSPeers(account, error); - - CFDictionaryForEach(handledPeers, ^(const void *key, const void *value) { - if (isString(key) && isArray(value)) { - CFArrayForEach(value, ^(const void *value) { - if (isString(value)) { - CFStringRef peerID = (CFStringRef) value; - CFStringRef kvsHandledKey = SOSMessageKeyCreateFromPeerToTransport(account->ids_message_transport, peerID); - CFArrayAppendValue(handledKeys, kvsHandledKey); - CFReleaseSafe(kvsHandledKey); - } - }); - } - }); - CFErrorRef flushError = NULL; - if (!SOSTransportMessageFlushChanges((SOSTransportMessageRef)account->kvs_message_transport, &flushError)) { - secerror("Flush failed: %@", flushError); - } - } - else { - secerror("Didn't handle? : %@", handleMessagesError); - } - CFReleaseNull(handledPeers); - CFReleaseNull(handleMessagesError); - } - } + SOSTransportMessageRef tmsg = (SOSTransportMessageRef) value; + CFDictionaryRef circleToPeersHandled = NULL; + CFErrorRef handleMessagesError = NULL; + CFErrorRef flushError = NULL; - else if(SOSTransportMessageGetTransportType(tkvs, error) != kIDS){ - if(CFEqualSafe(SOSTransportMessageGetAccount((SOSTransportMessageRef)value), account)){ - CFErrorRef handleMessagesError = NULL; - CFDictionaryRef handledPeers = SOSTransportMessageHandleMessages(account->kvs_message_transport, circle_peer_messages_table, &handleMessagesError); + require_quiet(CFEqualSafe(SOSTransportMessageGetAccount(tmsg), account), done); - if (handledPeers) { - // We need to look for and send responses. - SOSAccountSendIKSPSyncList(account, error); - SOSAccountSyncWithAllKVSPeers(account, error); + circleToPeersHandled = SOSTransportMessageHandleMessages(tmsg, circle_peer_messages_table, &handleMessagesError); + require_action_quiet(circleToPeersHandled, done, secnotice("msg", "No messages handled: %@", handleMessagesError)); + + CFArrayRef handledPeers = asArray(CFDictionaryGetValue(circleToPeersHandled, SOSTransportMessageGetCircleName(tmsg)), NULL); + + if (handledPeers) { + CFArrayForEach(handledPeers, ^(const void *value) { + CFStringRef peerID = asString(value, NULL); + if (peerID) { - CFDictionaryForEach(handledPeers, ^(const void *key, const void *value) { - if (isString(key) && isArray(value)) { - CFArrayForEach(value, ^(const void *value) { - if (isString(value)) { - CFStringRef peerID = (CFStringRef) value; - - CFStringRef kvsHandledKey = SOSMessageKeyCreateFromPeerToTransport(account->kvs_message_transport, peerID); - if(kvsHandledKey != NULL) - CFArrayAppendValue(handledKeys, kvsHandledKey); - CFReleaseSafe(kvsHandledKey); - } - }); - } - }); - CFErrorRef flushError = NULL; - if (!SOSTransportMessageFlushChanges((SOSTransportMessageRef)account->kvs_message_transport, &flushError)) { - secerror("Flush failed: %@", flushError); + CFStringRef kvsHandledKey = SOSMessageKeyCreateFromPeerToTransport(tmsg, peerID); + if (kvsHandledKey) { + CFArrayAppendValue(handledKeys, kvsHandledKey); } + CFReleaseNull(kvsHandledKey); } - else { - secerror("Didn't handle? : %@", handleMessagesError); - } - CFReleaseNull(handledPeers); - CFReleaseNull(handleMessagesError); - } + }); } - }); + require_action_quiet(SOSTransportMessageFlushChanges(tmsg, &flushError), done, secnotice("msg", "Flush failed: %@", flushError);); + + done: + CFReleaseNull(flushError); + CFReleaseNull(circleToPeersHandled); + CFReleaseNull(handleMessagesError); + }); } if(CFDictionaryGetCount(circle_circle_messages_table)) { CFArrayForEach(SOSGetTransportCircles(), ^(const void *value) { @@ -583,11 +542,6 @@ CFMutableArrayRef SOSTransportDispatchMessages(SOSAccountRef account, CFDictiona CFReleaseNull(ring_update_message_table); CFReleaseNull(peer_info_message_table); CFReleaseNull(debug_info_message_table); - - if(KVSLogCountDown <= 0) { - SOSCloudKVSLogState(); - KVSLogCountDown = KVS_STATE_INTERVAL; - } else KVSLogCountDown--; showWhatWasHandled(updates, handledKeys); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransport.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransport.h index 23b19bf4..cbdeb5dc 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransport.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransport.h @@ -7,7 +7,7 @@ #include #include -CF_RETURNS_RETAINED CFMutableArrayRef SOSTransportDispatchMessages(SOSAccountRef account, CFDictionaryRef updates, CFErrorRef *error); +CF_RETURNS_RETAINED CFMutableArrayRef SOSTransportDispatchMessages(SOSAccountTransactionRef txn, CFDictionaryRef updates, CFErrorRef *error); void SOSRegisterTransportMessage(SOSTransportMessageRef additional); void SOSUnregisterTransportMessage(SOSTransportMessageRef removal); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportCircleKVS.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportCircleKVS.c index 2f9e0371..70ea45ab 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportCircleKVS.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportCircleKVS.c @@ -75,10 +75,9 @@ static void destroy(SOSTransportCircleRef transport){ } static bool SOSTransportCircleKVSUpdateKVS(SOSTransportCircleRef transport, CFDictionaryRef changes, CFErrorRef *error){ - CloudKeychainReplyBlock log_error = ^(CFDictionaryRef returnedValues __unused, CFErrorRef error) { - if (error) { - secerror("Error putting: %@", error); - CFReleaseSafe(error); + CloudKeychainReplyBlock log_error = ^(CFDictionaryRef returnedValues __unused, CFErrorRef block_error) { + if (block_error) { + secerror("Error putting: %@", block_error); } }; @@ -326,8 +325,6 @@ fail: //register ring key bool SOSTransportCircleKVSAppendRingKeyInterest(SOSTransportCircleKVSRef transport, CFMutableArrayRef alwaysKeys, CFMutableArrayRef afterFirstUnlockKeys, CFMutableArrayRef unlockedKeys, CFErrorRef *error){ - CFMutableSetRef ringKeys = CFSetCreateMutableForCFTypes(kCFAllocatorDefault); - if(SOSAccountHasPublicKey(SOSTransportCircleGetAccount((SOSTransportCircleRef)transport), NULL)){ SOSAccountRef account = SOSTransportCircleGetAccount((SOSTransportCircleRef)transport); require_quiet(account, fail); @@ -335,29 +332,14 @@ bool SOSTransportCircleKVSAppendRingKeyInterest(SOSTransportCircleKVSRef transpo require_quiet(circle, fail); // Always interested in backup rings: - - SOSAccountForEachBackupRingName(account, ^(CFStringRef ringName) { + SOSAccountForEachRingName(account, ^(CFStringRef ringName) { CFStringRef ring_key = SOSRingKeyCreateWithRingName(ringName); - CFSetAddValue(ringKeys, ring_key); - CFReleaseNull(ring_key); - }); - - SOSAccountForEachRing(account, ^SOSRingRef(CFStringRef name, SOSRingRef ring) { - CFStringRef ring_key = SOSRingKeyCreateWithRingName(name); - CFSetAddValue(ringKeys, ring_key); + CFArrayAppendValue(unlockedKeys, ring_key); CFReleaseNull(ring_key); - return NULL; - }); - - CFSetForEach(ringKeys, ^(const void *value) { - CFArrayAppendValue(alwaysKeys, value); }); } - CFReleaseSafe(ringKeys); return true; - fail: - CFReleaseNull(ringKeys); return false; } diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportKeyParameterKVS.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportKeyParameterKVS.c index 66d664a0..ce921e49 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportKeyParameterKVS.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportKeyParameterKVS.c @@ -59,7 +59,6 @@ bool SOSTransportKeyParameterKVSHandleCloudParameterChange(SOSTransportKeyParame bool SOSTransportKeyParameterKVSAppendKeyInterests(SOSTransportKeyParameterKVSRef transport, CFMutableArrayRef alwaysKeys, CFMutableArrayRef afterFirstUnlockKeys, CFMutableArrayRef unlockedKeys, CFErrorRef*error){ - CFArrayAppendValue(alwaysKeys, kSOSKVSKeyParametersKey); return true; @@ -71,10 +70,9 @@ static bool publishCloudParameters(SOSTransportKeyParameterRef transport, CFData } static bool SOSTransportKeyParameterKVSUpdateKVS(CFDictionaryRef changes, CFErrorRef *error){ - CloudKeychainReplyBlock log_error = ^(CFDictionaryRef returnedValues __unused, CFErrorRef error) { - if (error) { - secerror("Error putting: %@", error); - CFReleaseSafe(error); + CloudKeychainReplyBlock log_error = ^(CFDictionaryRef returnedValues __unused, CFErrorRef block_error) { + if (block_error) { + secerror("Error putting: %@", block_error); } }; diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessage.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessage.c index 282866ad..870015ef 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessage.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessage.c @@ -64,16 +64,25 @@ static Boolean SOSTransportMessageCompare(CFTypeRef lhs, CFTypeRef rhs){ return SOSTransportMessageHash(lhs) == SOSTransportMessageHash(rhs); } -bool SOSTransportMessageSendMessages(SOSTransportMessageRef transport, CFDictionaryRef circle_messages, CFErrorRef *error) { - return transport->sendMessages(transport, circle_messages, error); +bool SOSTransportMessageSendMessage(SOSTransportMessageRef transport, CFStringRef peerID, CFDataRef message, CFErrorRef *error) { + CFDictionaryRef peerMessage = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, peerID, message, NULL); + + bool result = SOSTransportMessageSendMessages(transport, peerMessage, error); + + CFReleaseNull(peerMessage); + return result; +} + +bool SOSTransportMessageSendMessages(SOSTransportMessageRef transport, CFDictionaryRef peer_messages, CFErrorRef *error) { + return transport->sendMessages(transport, peer_messages, error); } bool SOSTransportMessageFlushChanges(SOSTransportMessageRef transport, CFErrorRef *error){ return transport->flushChanges(transport, error); } -bool SOSTransportMessageSyncWithPeers(SOSTransportMessageRef transport, CFDictionaryRef circleToPeerIDs, CFErrorRef *error){ - return transport->syncWithPeers(transport, circleToPeerIDs, error); +bool SOSTransportMessageSyncWithPeers(SOSTransportMessageRef transport, CFSetRef peers, CFErrorRef *error){ + return transport->syncWithPeers(transport, peers, error); } bool SOSTransportMessageCleanupAfterPeerMessages(SOSTransportMessageRef transport, CFDictionaryRef circleToPeerIDs, CFErrorRef* error){ @@ -89,10 +98,10 @@ SOSEngineRef SOSTransportMessageGetEngine(SOSTransportMessageRef transport) { return transport->engine; } -bool SOSTransportMessageHandlePeerMessage(SOSTransportMessageRef transport, CFStringRef peerID, CFDataRef codedMessage, CFErrorRef *error) { +static bool SOSEngineHandleCodedMessage(SOSEngineRef engine, CFStringRef peerID, CFDataRef codedMessage, CFErrorRef*error) { __block bool result = true; __block bool somethingChanged = false; - SOSEngineRef engine = SOSTransportMessageGetEngine(transport); + result &= SOSEngineWithPeerID(engine, peerID, error, ^(SOSPeerRef peer, SOSCoderRef coder, SOSDataSourceRef dataSource, SOSTransactionRef txn, bool *shouldSave) { CFDataRef decodedMessage = NULL; enum SOSCoderUnwrapStatus uwstatus = SOSPeerHandleCoderMessage(peer, coder, peerID, codedMessage, &decodedMessage, shouldSave, error); @@ -113,41 +122,48 @@ bool SOSTransportMessageHandlePeerMessage(SOSTransportMessageRef transport, CFSt } CFReleaseNull(decodedMessage); }); - // TODO: Wish this wasn't here but alas. See the comment for SOSEngineHandleMessage_locked() on why this is needed. - if (somethingChanged) - SecKeychainChanged(false); + + if (somethingChanged) { + SecKeychainChanged(); + } + + if (result) { + SOSCCRequestSyncWithPeer(peerID); + } return result; } +bool SOSTransportMessageHandlePeerMessage(SOSTransportMessageRef transport, CFStringRef peerID, CFDataRef codedMessage, CFErrorRef *error) { + bool result = false; + SOSEngineRef engine = SOSTransportMessageGetEngine(transport); + require_quiet(SecRequirementError(engine != NULL, error, CFSTR("Missing engine")), done); + + result = SOSEngineHandleCodedMessage(engine, peerID, codedMessage, error); + +done: + return result; +} + bool SOSTransportMessageSendMessageIfNeeded(SOSTransportMessageRef transport, CFStringRef circle_id, CFStringRef peer_id, CFErrorRef *error) { __block bool ok = true; SOSEngineRef engine = SOSTransportMessageGetEngine(transport); ok &= SOSEngineWithPeerID(engine, peer_id, error, ^(SOSPeerRef peer, SOSCoderRef coder, SOSDataSourceRef dataSource, SOSTransactionRef txn, bool *forceSaveState) { - // Now under engine lock do stuff - CFDataRef message_to_send = NULL; - SOSEnginePeerMessageSentBlock sent = NULL; - ok = SOSPeerCoderSendMessageIfNeeded(engine, txn, peer, coder, &message_to_send, circle_id, peer_id, &sent, error); - if (message_to_send) { - CFDictionaryRef peer_dict = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, - peer_id, message_to_send, - NULL); - CFDictionaryRef circle_peers = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, - circle_id, peer_dict, - NULL); - ok = ok && SOSTransportMessageSendMessages(transport, circle_peers, error); - - SOSPeerCoderConsume(&sent, ok); - - CFReleaseSafe(peer_dict); - CFReleaseSafe(circle_peers); - }else{ - secnotice("transport", "no message to send to peer: %@", peer_id); - } + // Now under engine lock do stuff + CFDataRef message_to_send = NULL; + SOSEnginePeerMessageSentBlock sent = NULL; + ok = SOSPeerCoderSendMessageIfNeeded(engine, txn, peer, coder, &message_to_send, peer_id, &sent, error); + if (message_to_send) { + ok = ok && SOSTransportMessageSendMessage(transport, peer_id, message_to_send, error); + + SOSPeerCoderConsume(&sent, ok); + }else{ + secnotice("transport", "no message to send to peer: %@", peer_id); + } - Block_release(sent); - CFReleaseSafe(message_to_send); + Block_release(sent); + CFReleaseSafe(message_to_send); *forceSaveState = ok; }); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessage.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessage.h index 58c00a96..f9cf47c9 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessage.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessage.h @@ -5,6 +5,7 @@ #include #include #include +#include typedef struct __OpaqueSOSTransportMessage *SOSTransportMessageRef; @@ -20,7 +21,7 @@ struct __OpaqueSOSTransportMessage { CFStringRef (*getName)(SOSTransportMessageRef object); /* send message operations */ - bool (*syncWithPeers)(SOSTransportMessageRef transport, CFDictionaryRef circleToPeerIDs, CFErrorRef *error); + bool (*syncWithPeers)(SOSTransportMessageRef transport, CFSetRef peers, CFErrorRef *error); bool (*cleanupAfterPeerMessages)(SOSTransportMessageRef transport, CFDictionaryRef circleToPeerIDs, CFErrorRef* error); bool (*sendMessages)(SOSTransportMessageRef transport, CFDictionaryRef circle_messages, CFErrorRef *error); bool (*flushChanges)(SOSTransportMessageRef transport, CFErrorRef *error); @@ -40,12 +41,13 @@ SOSEngineRef SOSTransportMessageGetEngine(SOSTransportMessageRef transport); SOSAccountRef SOSTransportMessageGetAccount(SOSTransportMessageRef transport); -bool SOSTransportMessageCleanupAfterPeerMessages(SOSTransportMessageRef transport, CFDictionaryRef circleToPeerIDs, CFErrorRef* error); +bool SOSTransportMessageCleanupAfterPeerMessages(SOSTransportMessageRef transport, CFDictionaryRef peers, CFErrorRef* error); -bool SOSTransportMessageSendMessages(SOSTransportMessageRef transport, CFDictionaryRef circle_messages, CFErrorRef *error); +bool SOSTransportMessageSendMessage(SOSTransportMessageRef transport, CFStringRef peerID, CFDataRef message, CFErrorRef *error); +bool SOSTransportMessageSendMessages(SOSTransportMessageRef transport, CFDictionaryRef peer_messages, CFErrorRef *error); bool SOSTransportMessageFlushChanges(SOSTransportMessageRef transport, CFErrorRef *error); -bool SOSTransportMessageSyncWithPeers(SOSTransportMessageRef transport, CFDictionaryRef circleToPeerIDs, CFErrorRef *error); +bool SOSTransportMessageSyncWithPeers(SOSTransportMessageRef transport, CFSetRef peers, CFErrorRef *error); SOSTransportMessageRef SOSTransportMessageCreateForSubclass(size_t size, SOSAccountRef account, CFStringRef circleName, diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageIDS.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageIDS.c index 9e2d7747..2841b08f 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageIDS.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageIDS.c @@ -19,7 +19,7 @@ #include #include - +#include #define IDS "IDS transport" @@ -28,15 +28,11 @@ struct __OpaqueSOSTransportMessageIDS { CFBooleanRef useFragmentation; }; -const CFStringRef kSecIDSErrorDomain = CFSTR("com.apple.security.ids.error"); -const CFStringRef kIDSOperationType = CFSTR("IDSMessageOperation"); -const CFStringRef kIDSMessageToSendKey = CFSTR("MessageToSendKey"); - // // V-table implementation forward declarations // -static bool sendToPeer(SOSTransportMessageRef transport, CFStringRef circleName, CFStringRef deviceID, CFStringRef peerID,CFDictionaryRef message, CFErrorRef *error); -static bool syncWithPeers(SOSTransportMessageRef transport, CFDictionaryRef circleToPeerIDs, CFErrorRef *error); +static bool sendToPeer(SOSTransportMessageRef transport, bool shouldUseAckModel, CFStringRef circleName, CFStringRef deviceID, CFStringRef peerID,CFDictionaryRef message, CFErrorRef *error); +static bool syncWithPeers(SOSTransportMessageRef transport, CFSetRef peers, CFErrorRef *error); static bool sendMessages(SOSTransportMessageRef transport, CFDictionaryRef circleToPeersToMessage, CFErrorRef *error); static void destroy(SOSTransportMessageRef transport); static bool cleanupAfterPeer(SOSTransportMessageRef transport, CFDictionaryRef circle_to_peer_ids, CFErrorRef *error); @@ -130,13 +126,15 @@ HandleIDSMessageReason SOSTransportMessageIDSHandleMessage(SOSAccountRef account CFStringRef dataKey = CFStringCreateWithCString(kCFAllocatorDefault, kMessageKeyIDSDataMessage, kCFStringEncodingASCII); CFStringRef deviceIDKey = CFStringCreateWithCString(kCFAllocatorDefault, kMessageKeyDeviceID, kCFStringEncodingASCII); CFStringRef sendersPeerIDKey = CFStringCreateWithCString(kCFAllocatorDefault, kMessageKeySendersPeerID, kCFStringEncodingASCII); + CFStringRef ourPeerIdKey = CFStringCreateWithCString(kCFAllocatorDefault, kMessageKeyPeerID, kCFStringEncodingASCII); HandleIDSMessageReason result = kHandleIDSMessageSuccess; CFDataRef messageData = asData(CFDictionaryGetValue(message, dataKey), NULL); __block CFStringRef fromDeviceID = asString(CFDictionaryGetValue(message, deviceIDKey), NULL); __block CFStringRef fromPeerID = (CFStringRef)CFDictionaryGetValue(message, sendersPeerIDKey); - + CFStringRef ourPeerID = asString(CFDictionaryGetValue(message, ourPeerIdKey), NULL); + CFStringRef peerID = NULL; SOSPeerInfoRef theirPeer = NULL; @@ -144,15 +142,15 @@ HandleIDSMessageReason SOSTransportMessageIDSHandleMessage(SOSAccountRef account require_action_quiet(fromPeerID, exit, result = kHandleIDSMessageDontHandle); require_action_quiet(messageData && CFDataGetLength(messageData) != 0, exit, result = kHandleIDSMessageDontHandle); require_action_quiet(SOSAccountHasFullPeerInfo(account, error), exit, result = kHandleIDSMessageNotReady); + require_action_quiet(ourPeerID && CFEqualSafe(ourPeerID, SOSAccountGetMyPeerID(account)), exit, result = kHandleIDSMessageDontHandle; secnotice("IDS Transport","ignoring message for: %@", ourPeerID)); require_quiet((result = checkMessageValidity( account, fromDeviceID, fromPeerID, &peerID, &theirPeer)) == kHandleIDSMessageSuccess, exit); if (SOSTransportMessageHandlePeerMessage(account->ids_message_transport, peerID, messageData, error)) { CFMutableDictionaryRef peersToSyncWith = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); - CFMutableArrayRef peerIDs = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault); - CFArrayAppendValue(peerIDs, peerID); - CFDictionaryAddValue(peersToSyncWith, SOSCircleGetName(account->trusted_circle), peerIDs); - + CFMutableSetRef peerIDs = CFSetCreateMutableForCFTypes(kCFAllocatorDefault); + CFSetAddValue(peerIDs, peerID); + //sync using fragmentation? if(SOSPeerInfoShouldUseIDSMessageFragmentation(SOSFullPeerInfoGetPeerInfo(account->my_identity), theirPeer)){ //set useFragmentation bit @@ -162,7 +160,7 @@ HandleIDSMessageReason SOSTransportMessageIDSHandleMessage(SOSAccountRef account SOSTransportMessageIDSSetFragmentationPreference(account->ids_message_transport, kCFBooleanFalse); } - if(!SOSTransportMessageSyncWithPeers(account->ids_message_transport, peersToSyncWith, error)){ + if(!SOSTransportMessageSyncWithPeers(account->ids_message_transport, peerIDs, error)){ secerror("SOSTransportMessageIDSHandleMessage Could not sync with all peers: %@", *error); }else{ secnotice("IDS Transport", "Synced with all peers!"); @@ -173,7 +171,7 @@ HandleIDSMessageReason SOSTransportMessageIDSHandleMessage(SOSAccountRef account }else{ if(error && *error != NULL){ CFStringRef errorMessage = CFErrorCopyDescription(*error); - if (-25308 == CFErrorGetCode(*error)) { // tell IDSKeychainSyncingProxy to call us back when device unlocks + if (-25308 == CFErrorGetCode(*error)) { // tell KeychainSyncingOverIDSProxy to call us back when device unlocks result = kHandleIDSMessageLocked; }else{ //else drop it, couldn't handle the message result = kHandleIDSMessageDontHandle; @@ -190,6 +188,7 @@ HandleIDSMessageReason SOSTransportMessageIDSHandleMessage(SOSAccountRef account } exit: + CFReleaseNull(ourPeerIdKey); CFReleaseNull(sendersPeerIDKey); CFReleaseNull(deviceIDKey); CFReleaseNull(dataKey); @@ -197,7 +196,7 @@ exit: } -static bool sendToPeer(SOSTransportMessageRef transport, CFStringRef circleName, CFStringRef deviceID, CFStringRef peerID,CFDictionaryRef message, CFErrorRef *error) +static bool sendToPeer(SOSTransportMessageRef transport, bool shouldUseAckModel, CFStringRef circleName, CFStringRef deviceID, CFStringRef peerID,CFDictionaryRef message, CFErrorRef *error) { __block bool success = false; CFStringRef errorMessage = NULL; @@ -214,18 +213,27 @@ static bool sendToPeer(SOSTransportMessageRef transport, CFStringRef circleName, require_action_quiet((deviceID != NULL && CFStringGetLength(deviceID) >0), fail, errorMessage = CFSTR("Need an IDS Device ID to sync")); if(CFDictionaryGetValue(message, kIDSOperationType) == NULL && SOSTransportMessageIDSGetFragmentationPreference(transport) == kCFBooleanTrue){ - //otherwise handle a keychain data blob using fragmentation! + //handle a keychain data blob using fragmentation! secnotice("IDS Transport","sendToPeer: using fragmentation!"); - char *messageCharStar; - asprintf(&messageCharStar, "%d", kIDSKeychainSyncIDSFragmentation); - operationToString = CFStringCreateWithCString(kCFAllocatorDefault, messageCharStar, kCFStringEncodingUTF8); - free(messageCharStar); - - messagetoSend = CFDictionaryCreateMutableForCFTypesWith(kCFAllocatorDefault, kIDSOperationType, operationToString, kIDSMessageToSendKey, message, NULL); + + operationToString = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("%d"), kIDSKeychainSyncIDSFragmentation); + messagetoSend = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, + kIDSOperationType, operationToString, + kIDSMessageRecipientDeviceID, deviceID, + kIDSMessageRecipientPeerID, peerID, + kIDSMessageUsesAckModel, (shouldUseAckModel ? CFSTR("YES") : CFSTR("NO")), + kIDSMessageToSendKey, message, + NULL); } else{ //otherhandle handle the test message without fragmentation - messagetoSend = CFDictionaryCreateMutableCopy(kCFAllocatorDefault, CFDictionaryGetCount(message), message); secnotice("IDS Transport","sendToPeer: not going to fragment message"); + + CFMutableDictionaryRef annotatedMessage = CFDictionaryCreateMutableCopy(kCFAllocatorDefault, 0, message); + CFDictionaryAddValue(annotatedMessage, kIDSMessageRecipientPeerID, peerID); + CFDictionaryAddValue(annotatedMessage, kIDSMessageRecipientDeviceID, deviceID); + CFDictionaryAddValue(annotatedMessage, kIDSMessageUsesAckModel, (shouldUseAckModel ? CFSTR("YES") : CFSTR("NO"))); + CFTransferRetained(messagetoSend, annotatedMessage); + CFReleaseNull(annotatedMessage); } dispatch_semaphore_t wait_for = dispatch_semaphore_create(0); @@ -280,71 +288,74 @@ fail: } -static bool syncWithPeers(SOSTransportMessageRef transport, CFDictionaryRef circleToPeerIDs, CFErrorRef *error) { +static bool syncWithPeers(SOSTransportMessageRef transport, CFSetRef peers, CFErrorRef *error) { // Each entry is keyed by circle name and contains a list of peerIDs __block bool result = true; - - CFDictionaryForEach(circleToPeerIDs, ^(const void *key, const void *value) { - if (isString(key) && isArray(value)) { - CFStringRef circleName = (CFStringRef) key; - CFArrayForEach(value, ^(const void *value) { - if (isString(value)) { - CFStringRef peerID = (CFStringRef) value; - result &= SOSTransportMessageSendMessageIfNeeded(transport, circleName, peerID, error); - } - }); - } + + CFSetForEach(peers, ^(const void *value) { + CFStringRef peerID = asString(value, NULL); + result &= SOSTransportMessageSendMessageIfNeeded(transport, transport->circleName, peerID, error); }); - + return result; } -static bool sendMessages(SOSTransportMessageRef transport, CFDictionaryRef circleToPeersToMessage, CFErrorRef *error) { +static bool sendMessages(SOSTransportMessageRef transport, CFDictionaryRef peersToMessage, CFErrorRef *error) { __block bool result = true; - SOSCircleRef circle = SOSAccountGetCircle(transport->account, error); + SOSPeerInfoRef myPeer = SOSAccountGetMyPeerInfo(transport->account); - __block CFDictionaryRef message = NULL; - __block CFStringRef peerID = NULL; + CFStringRef myID = SOSPeerInfoGetPeerID(myPeer); require_quiet(myPeer, fail); - - - CFDictionaryForEach(circleToPeersToMessage, ^(const void *key, const void *value) { - if (isString(key) && isDictionary(value)) { - CFStringRef circleName = (CFStringRef) key; - - CFDictionaryForEach(value, ^(const void *key1, const void *value1) { - if (isString(key1) && isDictionary(value1)) { - peerID = (CFStringRef) key1; - message = CFRetainSafe((CFDictionaryRef) value1); - } - else{ - peerID = (CFStringRef) key1; - message = CFDictionaryCreateMutableForCFTypesWith(kCFAllocatorDefault, key1, value1, NULL); - } - SOSCircleForEachPeer(circle, ^(SOSPeerInfoRef peer) { - if(!CFEqualSafe(myPeer, peer)){ - if(SOSPeerInfoShouldUseIDSMessageFragmentation(myPeer, peer)){ - SOSTransportMessageIDSSetFragmentationPreference(transport, kCFBooleanTrue); - } - else{ - SOSTransportMessageIDSSetFragmentationPreference(transport, kCFBooleanFalse); - } - - CFStringRef deviceID = SOSPeerInfoCopyDeviceID(peer); - if(CFStringCompare(SOSPeerInfoGetPeerID(peer), peerID, 0) == 0){ - bool rx = false; - rx = sendToPeer(transport, circleName, deviceID, peerID, message, error); - result &= rx; - } - CFReleaseNull(deviceID); - } - }); - }); + + CFStringRef circleName = transport->circleName; + + CFDictionaryForEach(peersToMessage, ^(const void *key, const void *value) { + CFErrorRef error = NULL; + + SOSPeerInfoRef peer = NULL; + CFStringRef deviceID = NULL; + CFDictionaryRef message = NULL; + + CFStringRef peerID = asString(key, &error); + require_quiet(peerID, skip); + require_quiet(!CFEqualSafe(myID, key), skip); + + message = CFRetainSafe(asDictionary(value, &error)); + if (message == NULL) { + // If it's not a data, return the error + CFDataRef messageData = asData(value, NULL); + if (messageData) { + CFReleaseNull(error); + message = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, peerID, messageData, NULL); + } + } + require_quiet(message, skip); + + peer = SOSAccountCopyPeerWithID(transport->account, peerID, &error); + require_quiet(peer, skip); + + deviceID = SOSPeerInfoCopyDeviceID(peer); + require_action_quiet(deviceID, skip, SOSErrorCreate(kSOSErrorSendFailure, &error, NULL, CFSTR("No IDS ID"))); + + SOSTransportMessageIDSSetFragmentationPreference(transport, + SOSPeerInfoShouldUseIDSMessageFragmentation(myPeer, peer) ? kCFBooleanTrue : kCFBooleanFalse); + bool shouldUseAckModel = SOSPeerInfoShouldUseACKModel(myPeer, peer); + + result &= sendToPeer(transport, shouldUseAckModel, circleName, deviceID, peerID, message, &error); + + skip: + if (error) { + secerror("Failed to sync to %@ over IDS: %@", peerID, error); } + + CFReleaseNull(peer); + CFReleaseNull(deviceID); + CFReleaseNull(message); + + CFReleaseNull(error); }); fail: - CFReleaseNull(message); return result; } @@ -359,19 +370,22 @@ static bool cleanupAfterPeer(SOSTransportMessageRef transport, CFDictionaryRef c return true; } -void SOSTransportMessageIDSGetIDSDeviceID(SOSAccountRef account){ - +bool SOSTransportMessageIDSGetIDSDeviceID(SOSAccountRef account){ CFStringRef deviceID = SOSPeerInfoCopyDeviceID(SOSFullPeerInfoGetPeerInfo(account->my_identity)); - if( deviceID == NULL || CFStringGetLength(deviceID) == 0){ + bool hasDeviceID = deviceID != NULL && CFStringGetLength(deviceID) != 0; + CFReleaseNull(deviceID); + + if(!hasDeviceID){ SOSCloudKeychainGetIDSDeviceID(^(CFDictionaryRef returnedValues, CFErrorRef sync_error){ bool success = (sync_error == NULL); if (!success) { - secerror("Could not ask IDSKeychainSyncingProxy for Device ID: %@", sync_error); + secerror("Could not ask KeychainSyncingOverIDSProxy for Device ID: %@", sync_error); } else{ secnotice("IDS Transport", "Successfully attempting to retrieve the IDS Device ID"); } }); } - CFReleaseNull(deviceID); + + return hasDeviceID; } diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageIDS.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageIDS.h index 783b3323..21e68271 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageIDS.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageIDS.h @@ -9,11 +9,11 @@ typedef enum { kIDSStartPingTestMessage = 1, kIDSEndPingTestMessage= 2, kIDSSendOneMessage = 3, - kIDSSyncMessagesRaw = 4, - kIDSSyncMessagesCompact = 5, + kIDSPeerReceivedACK = 4, kIDSPeerAvailability = 6, kIDSPeerAvailabilityDone = 7, - kIDSKeychainSyncIDSFragmentation = 8 + kIDSKeychainSyncIDSFragmentation = 8, + kIDSPeerUsesACK = 9 } idsOperation; //error handling stuff @@ -28,18 +28,13 @@ typedef enum { } idsError; - -extern const CFStringRef kSecIDSErrorDomain; -extern const CFStringRef kIDSOperationType; -extern const CFStringRef kIDSMessageToSendKey; - typedef struct __OpaqueSOSTransportMessageIDS *SOSTransportMessageIDSRef; SOSTransportMessageIDSRef SOSTransportMessageIDSCreate(SOSAccountRef account, CFStringRef circleName, CFErrorRef *error); HandleIDSMessageReason SOSTransportMessageIDSHandleMessage(SOSAccountRef account, CFDictionaryRef message, CFErrorRef *error); -void SOSTransportMessageIDSGetIDSDeviceID(SOSAccountRef account); +bool SOSTransportMessageIDSGetIDSDeviceID(SOSAccountRef account); void SOSTransportMessageIDSSetFragmentationPreference(SOSTransportMessageRef transport, CFBooleanRef preference); CFBooleanRef SOSTransportMessageIDSGetFragmentationPreference(SOSTransportMessageRef transport); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageKVS.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageKVS.c index fb2bdf17..de46ddae 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageKVS.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageKVS.c @@ -18,8 +18,8 @@ struct __OpaqueSOSTransportMessageKVS { // V-table implementation forward declarations // static bool sendToPeer(SOSTransportMessageRef transport, CFStringRef circleName, CFStringRef peerID, CFDataRef message, CFErrorRef *error); -static bool syncWithPeers(SOSTransportMessageRef transport, CFDictionaryRef circleToPeerIDs, CFErrorRef *error); -static bool sendMessages(SOSTransportMessageRef transport, CFDictionaryRef circleToPeersToMessage, CFErrorRef *error); +static bool syncWithPeers(SOSTransportMessageRef transport, CFSetRef peers, CFErrorRef *error); +static bool sendMessages(SOSTransportMessageRef transport, CFDictionaryRef peersToMessage, CFErrorRef *error); static bool cleanupAfterPeer(SOSTransportMessageRef transport, CFDictionaryRef circle_to_peer_ids, CFErrorRef *error); static void destroy(SOSTransportMessageRef transport); static inline CFIndex getTransportType(SOSTransportMessageRef transport, CFErrorRef *error); @@ -83,10 +83,9 @@ static inline CFIndex getTransportType(SOSTransportMessageRef transport, CFError static bool SOSTransportMessageKVSUpdateKVS(SOSTransportMessageKVSRef transport, CFDictionaryRef changes, CFErrorRef *error){ - CloudKeychainReplyBlock log_error = ^(CFDictionaryRef returnedValues __unused, CFErrorRef error) { - if (error) { - secerror("Error putting: %@", error); - CFReleaseSafe(error); + CloudKeychainReplyBlock log_error = ^(CFDictionaryRef returnedValues __unused, CFErrorRef block_error) { + if (block_error) { + secerror("Error putting: %@", block_error); } }; @@ -219,9 +218,14 @@ static bool sendToPeer(SOSTransportMessageRef transport, CFStringRef circleName, if(dsid == NULL) dsid = kCFNull; - + CFStringRef message_to_peer_key = SOSMessageKeyCreateFromTransportToPeer((SOSTransportMessageRef)kvsTransport, peerID); - CFDictionaryRef a_message_to_a_peer = CFDictionaryCreateForCFTypes(NULL, message_to_peer_key, message, kSOSKVSRequiredKey, dsid, NULL); + + CFTypeRef messageToSend = message != NULL ? (CFTypeRef) message : (CFTypeRef) kCFNull; + CFDictionaryRef a_message_to_a_peer = CFDictionaryCreateForCFTypes(NULL, + message_to_peer_key, messageToSend, + kSOSKVSRequiredKey, dsid, + NULL); if (!SOSTransportMessageKVSUpdateKVS(kvsTransport, a_message_to_a_peer, error)) { secerror("Sync with peers failed to send to %@ [%@], %@", peerID, a_message_to_a_peer, *error); @@ -233,42 +237,31 @@ static bool sendToPeer(SOSTransportMessageRef transport, CFStringRef circleName, return result; } -static bool syncWithPeers(SOSTransportMessageRef transport, CFDictionaryRef circleToPeerIDs, CFErrorRef *error) { +static bool syncWithPeers(SOSTransportMessageRef transport, CFSetRef peers, CFErrorRef *error) { // Each entry is keyed by circle name and contains a list of peerIDs __block bool result = true; - - CFDictionaryForEach(circleToPeerIDs, ^(const void *key, const void *value) { - if (isString(key) && isArray(value)) { - CFStringRef circleName = (CFStringRef) key; - CFArrayForEach(value, ^(const void *value) { - if (isString(value)) { - CFStringRef peerID = (CFStringRef) value; - result &= SOSTransportMessageSendMessageIfNeeded(transport, circleName, peerID, error); - } - }); - } + + CFSetForEach(peers, ^(const void *value) { + CFStringRef peerID = asString(value, NULL); + result &= SOSTransportMessageSendMessageIfNeeded(transport, transport->circleName, peerID, error); }); - + return result; } -static bool sendMessages(SOSTransportMessageRef transport, CFDictionaryRef circleToPeersToMessage, CFErrorRef *error) { +static bool sendMessages(SOSTransportMessageRef transport, CFDictionaryRef peersToMessage, CFErrorRef *error) { __block bool result = true; - CFDictionaryForEach(circleToPeersToMessage, ^(const void *key, const void *value) { - if (isString(key) && isDictionary(value)) { - CFStringRef circleName = (CFStringRef) key; - CFDictionaryForEach(value, ^(const void *key, const void *value) { - if (isString(key) && isData(value)) { - CFStringRef peerID = (CFStringRef) key; - CFDataRef message = (CFDataRef) value; - bool rx = sendToPeer(transport, circleName, peerID, message, error); - result &= rx; - } - }); + CFStringRef circleName = transport->circleName; + CFDictionaryForEach(peersToMessage, ^(const void *key, const void *value) { + CFStringRef peerID = asString(key, NULL); + CFDataRef message = asData(value,NULL); + if (peerID && message) { + bool rx = sendToPeer(transport, circleName, peerID, message, error); + result &= rx; } }); - + return true; } diff --git a/OSX/sec/SOSCircle/SecureObjectSync/ViewList.list b/OSX/sec/SOSCircle/SecureObjectSync/ViewList.list index 27c99bdc..e5b7a028 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/ViewList.list +++ b/OSX/sec/SOSCircle/SecureObjectSync/ViewList.list @@ -26,15 +26,15 @@ DOVIEWMACRO(ContinuityUnlock, "ContinuityUnlock", "continuityunlock", DOVIEWMACRO(AppleTV, "AppleTV", "appletv", D, , A, , ) DOVIEWMACRO(HomeKit, "HomeKit", "homekit", D, , A, , ) DOVIEWMACRO(AccessoryPairing, "AccessoryPairing", "accessorypairing", D, , A, , ) -DOVIEWMACRO(PCSCloudKit, "PCS-CloudKit", "cloudkit", D, , A, , ) +DOVIEWMACRO(PCSCloudKit, "PCS-CloudKit", "cloudkit", D, I, A, , ) DOVIEWMACRO(PCSEscrow, "PCS-Escrow", "escrow", D, I, A, B, ) -DOVIEWMACRO(PCSFDE, "PCS-FDE", "fde", D, , A, , ) -DOVIEWMACRO(PCSFeldspar, "PCS-Feldspar", "feldspar", D, , A, , ) -DOVIEWMACRO(PCSMailDrop, "PCS-Maildrop", "maildrop", D, , A, , ) +DOVIEWMACRO(PCSFDE, "PCS-FDE", "fde", D, I, A, , ) +DOVIEWMACRO(PCSFeldspar, "PCS-Feldspar", "feldspar", D, I, A, , ) +DOVIEWMACRO(PCSMailDrop, "PCS-Maildrop", "maildrop", D, I, A, , ) DOVIEWMACRO(PCSMasterKey, "PCS-MasterKey", "masterkey", D, I, A, B, ) -DOVIEWMACRO(PCSNotes, "PCS-Notes", "notes", D, , A, , ) -DOVIEWMACRO(PCSPhotos, "PCS-Photos", "photos", D, , A, , ) -DOVIEWMACRO(PCSSharing, "PCS-Sharing", "sharing", D, , A, , ) +DOVIEWMACRO(PCSNotes, "PCS-Notes", "notes", D, I, A, , ) +DOVIEWMACRO(PCSPhotos, "PCS-Photos", "photos", D, I, A, , ) +DOVIEWMACRO(PCSSharing, "PCS-Sharing", "sharing", D, I, A, , ) DOVIEWMACRO(PCSiCloudBackup, "PCS-Backup", "icloudbackup", D, I, A, , ) -DOVIEWMACRO(PCSiCloudDrive, "PCS-iCloudDrive", "iclouddrive", D, , A, , ) -DOVIEWMACRO(PCSiMessage, "PCS-iMessage", "imessage", D, , A, , ) +DOVIEWMACRO(PCSiCloudDrive, "PCS-iCloudDrive", "iclouddrive", D, I, A, , ) +DOVIEWMACRO(PCSiMessage, "PCS-iMessage", "imessage", D, I, A, , ) diff --git a/OSX/sec/SOSCircle/Tool/accountCirclesViewsPrint.c b/OSX/sec/SOSCircle/Tool/accountCirclesViewsPrint.c new file mode 100644 index 00000000..0bb83bed --- /dev/null +++ b/OSX/sec/SOSCircle/Tool/accountCirclesViewsPrint.c @@ -0,0 +1,429 @@ +// +// accountCirclesViewsPrint.c +// Security +// +// Created by Richard Murphy on 12/8/16. +// +// + +#include "accountCirclesViewsPrint.h" + +// +// SOSSysdiagnose.c +// sec +// +// Created by Richard Murphy on 1/27/16. +// +// + + +#include "SOSCloudCircleInternal.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include + +#include "keychain_log.h" +#include "secToolFileIO.h" +#include "secViewDisplay.h" + + +#include + +/* Copied from CFPriv.h */ +// #include + +CF_EXPORT CFDictionaryRef _CFCopySystemVersionDictionary(void); +CF_EXPORT const CFStringRef _kCFSystemVersionProductNameKey; +CF_EXPORT const CFStringRef _kCFSystemVersionProductVersionKey; +CF_EXPORT const CFStringRef _kCFSystemVersionBuildVersionKey; + +#define MAXKVSKEYTYPE kUnknownKey +#define DATE_LENGTH 18 + +#include + + +static const char *getSOSCCStatusDescription(SOSCCStatus ccstatus) +{ + switch (ccstatus) + { + case kSOSCCInCircle: return "In Circle"; + case kSOSCCNotInCircle: return "Not in Circle"; + case kSOSCCRequestPending: return "Request pending"; + case kSOSCCCircleAbsent: return "Circle absent"; + case kSOSCCError: return "Circle error"; + + default: + return ""; + break; + } +} + +static void printPeerInfos(char *label, CFArrayRef (^getArray)(CFErrorRef *error)) { + CFErrorRef error = NULL; + CFArrayRef ppi = getArray(&error); + SOSPeerInfoRef me = SOSCCCopyMyPeerInfo(NULL); + CFStringRef mypeerID = SOSPeerInfoGetPeerID(me); + + if(ppi) { + printmsg(CFSTR("%s count: %ld\n"), label, (long)CFArrayGetCount(ppi)); + CFArrayForEach(ppi, ^(const void *value) { + char buf[160]; + SOSPeerInfoRef peer = (SOSPeerInfoRef)value; + CFIndex version = SOSPeerInfoGetVersion(peer); + CFStringRef peerName = SOSPeerInfoGetPeerName(peer); + CFStringRef devtype = SOSPeerInfoGetPeerDeviceType(peer); + CFStringRef peerID = SOSPeerInfoGetPeerID(peer); + CFStringRef transportType = CFSTR("KVS"); + CFStringRef deviceID = CFSTR(""); + CFDictionaryRef gestalt = SOSPeerInfoCopyPeerGestalt(peer); + CFStringRef osVersion = CFDictionaryGetValue(gestalt, CFSTR("OSVersion")); + CFReleaseNull(gestalt); + + + if(version >= 2){ + CFDictionaryRef v2Dictionary = peer->v2Dictionary; + transportType = CFDictionaryGetValue(v2Dictionary, sTransportType); + deviceID = CFDictionaryGetValue(v2Dictionary, sDeviceID); + } + char *pname = CFStringToCString(peerName); + char *dname = CFStringToCString(devtype); + char *tname = CFStringToCString(transportType); + char *iname = CFStringToCString(deviceID); + char *osname = CFStringToCString(osVersion); + const char *me = CFEqualSafe(mypeerID, peerID) ? "me>" : " "; + + + snprintf(buf, 160, "%s %s: %-16s %-16s %-16s %-16s", me, label, pname, dname, tname, iname); + + free(pname); + free(dname); + CFStringRef pid = SOSPeerInfoGetPeerID(peer); + CFIndex vers = SOSPeerInfoGetVersion(peer); + printmsg(CFSTR("%s %@ V%d OS:%s\n"), buf, pid, vers, osname); + free(osname); + }); + } else { + printmsg(CFSTR("No %s, error: %@\n"), label, error); + } + CFReleaseNull(ppi); + CFReleaseNull(error); +} + +void SOSCCDumpCircleInformation() +{ + CFErrorRef error = NULL; + CFArrayRef generations = NULL; + bool is_user_public_trusted = false; + __block int count = 0; + + SOSCCStatus ccstatus = SOSCCThisDeviceIsInCircle(&error); + printmsg(CFSTR("ccstatus: %s (%d)\n"), getSOSCCStatusDescription(ccstatus), ccstatus); + + is_user_public_trusted = SOSCCValidateUserPublic(&error); + if(is_user_public_trusted) + printmsg(CFSTR("Account user public is trusted%@"),CFSTR("\n")); + else + printmsg(CFSTR("Account user public is not trusted error:(%@)\n"), error); + CFReleaseNull(error); + + generations = SOSCCCopyGenerationPeerInfo(&error); + if(generations) { + CFArrayForEach(generations, ^(const void *value) { + count++; + if(count%2 == 0) + printmsg(CFSTR("Circle name: %@, "),value); + + if(count%2 != 0) { + CFStringRef genDesc = SOSGenerationCountCopyDescription(value); + printmsg(CFSTR("Generation Count: %@"), genDesc); + CFReleaseNull(genDesc); + } + printmsg(CFSTR("%s\n"), ""); + }); + } else { + printmsg(CFSTR("No generation count: %@\n"), error); + } + CFReleaseNull(generations); + CFReleaseNull(error); + + printPeerInfos(" Peers", ^(CFErrorRef *error) { return SOSCCCopyValidPeerPeerInfo(error); }); + printPeerInfos(" Invalid", ^(CFErrorRef *error) { return SOSCCCopyNotValidPeerPeerInfo(error); }); + printPeerInfos(" Retired", ^(CFErrorRef *error) { return SOSCCCopyRetirementPeerInfo(error); }); + printPeerInfos(" Concur", ^(CFErrorRef *error) { return SOSCCCopyConcurringPeerPeerInfo(error); }); + printPeerInfos("Applicants", ^(CFErrorRef *error) { return SOSCCCopyApplicantPeerInfo(error); }); + + CFReleaseNull(error); +} + + + + +/* KVS Dumping Support for iCloud Keychain */ + +static CFTypeRef getObjectsFromCloud(CFArrayRef keysToGet, dispatch_queue_t processQueue, dispatch_group_t dgroup) +{ + __block CFTypeRef object = NULL; + + const uint64_t maxTimeToWaitInSeconds = 30ull * NSEC_PER_SEC; + dispatch_semaphore_t waitSemaphore = dispatch_semaphore_create(0); + dispatch_time_t finishTime = dispatch_time(DISPATCH_TIME_NOW, maxTimeToWaitInSeconds); + + dispatch_group_enter(dgroup); + + CloudKeychainReplyBlock replyBlock = + ^ (CFDictionaryRef returnedValues, CFErrorRef error) + { + secinfo("sync", "SOSCloudKeychainGetObjectsFromCloud returned: %@", returnedValues); + object = returnedValues; + if (object) + CFRetain(object); + if (error) + { + secerror("SOSCloudKeychainGetObjectsFromCloud returned error: %@", error); + } + dispatch_group_leave(dgroup); + secinfo("sync", "SOSCloudKeychainGetObjectsFromCloud block exit: %@", object); + dispatch_semaphore_signal(waitSemaphore); + }; + + if (!keysToGet) + SOSCloudKeychainGetAllObjectsFromCloud(processQueue, replyBlock); + else + SOSCloudKeychainGetObjectsFromCloud(keysToGet, processQueue, replyBlock); + + dispatch_semaphore_wait(waitSemaphore, finishTime); + dispatch_release(waitSemaphore); + if (object && (CFGetTypeID(object) == CFNullGetTypeID())) // return a NULL instead of a CFNull + { + CFRelease(object); + object = NULL; + } + secerror("returned: %@", object); + return object; +} + +static CFStringRef printFullDataString(CFDataRef data){ + __block CFStringRef fullData = NULL; + + BufferPerformWithHexString(CFDataGetBytePtr(data), CFDataGetLength(data), ^(CFStringRef dataHex) { + fullData = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("%@"), dataHex); + }); + + return fullData; +} + +static void displayLastKeyParameters(CFTypeRef key, CFTypeRef value) +{ + CFDataRef valueAsData = asData(value, NULL); + if(valueAsData){ + CFDataRef dateData = CFDataCreateCopyFromRange(kCFAllocatorDefault, valueAsData, CFRangeMake(0, DATE_LENGTH)); + CFDataRef keyParameterData = CFDataCreateCopyFromPositions(kCFAllocatorDefault, valueAsData, DATE_LENGTH, CFDataGetLength(valueAsData)); + CFStringRef dateString = CFStringCreateFromExternalRepresentation(kCFAllocatorDefault, dateData, kCFStringEncodingUTF8); + CFStringRef keyParameterDescription = UserParametersDescription(keyParameterData); + if(keyParameterDescription) + printmsg(CFSTR("%@: %@: %@\n"), key, dateString, keyParameterDescription); + else + printmsg(CFSTR("%@: %@\n"), key, printFullDataString(value)); + CFReleaseNull(dateString); + CFReleaseNull(keyParameterData); + CFReleaseNull(dateData); + CFReleaseNull(keyParameterDescription); + } + else{ + printmsg(CFSTR("%@: %@\n"), key, value); + } +} + +static void displayKeyParameters(CFTypeRef key, CFTypeRef value) +{ + if(isData(value)){ + CFStringRef keyParameterDescription = UserParametersDescription((CFDataRef)value); + + if(keyParameterDescription) + printmsg(CFSTR("%@: %@\n"), key, keyParameterDescription); + else + printmsg(CFSTR("%@: %@\n"), key, value); + + CFReleaseNull(keyParameterDescription); + } + else{ + printmsg(CFSTR("%@: %@\n"), key, value); + } +} + +static void displayLastCircle(CFTypeRef key, CFTypeRef value) +{ + CFDataRef valueAsData = asData(value, NULL); + if(valueAsData){ + CFErrorRef localError = NULL; + + CFDataRef dateData = CFDataCreateCopyFromRange(kCFAllocatorDefault, valueAsData, CFRangeMake(0, DATE_LENGTH)); + CFDataRef circleData = CFDataCreateCopyFromPositions(kCFAllocatorDefault, valueAsData, DATE_LENGTH, CFDataGetLength(valueAsData)); + CFStringRef dateString = CFStringCreateFromExternalRepresentation(kCFAllocatorDefault, dateData, kCFStringEncodingUTF8); + SOSCircleRef circle = SOSCircleCreateFromData(NULL, (CFDataRef) circleData, &localError); + + if(circle){ + CFIndex size = 5; + CFNumberRef idLength = CFNumberCreate(kCFAllocatorDefault, kCFNumberCFIndexType, &size); + CFDictionaryRef format = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, CFSTR("SyncD"), CFSTR("SyncD"), CFSTR("idLength"), idLength, NULL); + printmsgWithFormatOptions(format, CFSTR("%@: %@: %@\n"), key, dateString, circle); + CFReleaseNull(idLength); + CFReleaseNull(format); + + } + else + printmsg(CFSTR("%@: %@\n"), key, printFullDataString(circleData)); + + CFReleaseNull(dateString); + CFReleaseNull(circleData); + CFReleaseSafe(circle); + CFReleaseNull(dateData); + CFReleaseNull(localError); + } + else{ + printmsg(CFSTR("%@: %@\n"), key, value); + } +} + +static void displayCircle(CFTypeRef key, CFTypeRef value) +{ + CFDataRef circleData = (CFDataRef)value; + + CFErrorRef localError = NULL; + if (isData(circleData)) + { + CFIndex size = 5; + CFNumberRef idLength = CFNumberCreate(kCFAllocatorDefault, kCFNumberCFIndexType, &size); + CFDictionaryRef format = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, CFSTR("SyncD"), CFSTR("SyncD"), CFSTR("idLength"), idLength, NULL); + SOSCircleRef circle = SOSCircleCreateFromData(NULL, circleData, &localError); + printmsgWithFormatOptions(format, CFSTR("%@: %@\n"), key, circle); + CFReleaseSafe(circle); + CFReleaseNull(idLength); + CFReleaseNull(format); + + } + else + printmsg(CFSTR("%@: %@\n"), key, value); +} + +static void displayMessage(CFTypeRef key, CFTypeRef value) +{ + CFDataRef message = (CFDataRef)value; + if(isData(message)){ + const char* messageType = SecOTRPacketTypeString(message); + printmsg(CFSTR("%@: %s: %ld\n"), key, messageType, CFDataGetLength(message)); + } + else + printmsg(CFSTR("%@: %@\n"), key, value); +} + +static void printEverything(CFTypeRef objects) +{ + CFDictionaryForEach(objects, ^(const void *key, const void *value) { + if (isData(value)) + { + printmsg(CFSTR("%@: %@\n\n"), key, printFullDataString(value)); + } + else + printmsg(CFSTR("%@: %@\n"), key, value); + }); + +} + +static void decodeForKeyType(CFTypeRef key, CFTypeRef value, SOSKVSKeyType type){ + switch (type) { + case kCircleKey: + displayCircle(key, value); + break; + case kRetirementKey: + case kMessageKey: + displayMessage(key, value); + break; + case kParametersKey: + displayKeyParameters(key, value); + break; + case kLastKeyParameterKey: + displayLastKeyParameters(key, value); + break; + case kLastCircleKey: + displayLastCircle(key, value); + break; + case kInitialSyncKey: + case kAccountChangedKey: + case kDebugInfoKey: + case kRingKey: + case kPeerInfoKey: + default: + printmsg(CFSTR("%@: %@\n"), key, value); + break; + } +} + +static void decodeAllTheValues(CFTypeRef objects){ + SOSKVSKeyType keyType = 0; + __block bool didPrint = false; + + for (keyType = 0; keyType <= MAXKVSKEYTYPE; keyType++){ + CFDictionaryForEach(objects, ^(const void *key, const void *value) { + if(SOSKVSKeyGetKeyType(key) == keyType){ + decodeForKeyType(key, value, keyType); + didPrint = true; + } + }); + if(didPrint) + printmsg(CFSTR("%@\n"), CFSTR("")); + didPrint = false; + } +} + +bool SOSCCDumpCircleKVSInformation(char *itemName) { + CFArrayRef keysToGet = NULL; + if (itemName) + { + CFStringRef itemStr = CFStringCreateWithCString(kCFAllocatorDefault, itemName, kCFStringEncodingUTF8); + fprintf(outFile, "Retrieving %s from KVS\n", itemName); + keysToGet = CFArrayCreateForCFTypes(kCFAllocatorDefault, itemStr, NULL); + CFReleaseSafe(itemStr); + } + dispatch_queue_t generalq = dispatch_queue_create("general", DISPATCH_QUEUE_SERIAL); + dispatch_group_t work_group = dispatch_group_create(); + CFTypeRef objects = getObjectsFromCloud(keysToGet, generalq, work_group); + CFReleaseSafe(keysToGet); + if (objects) + { + fprintf(outFile, "All keys and values straight from KVS\n"); + printEverything(objects); + fprintf(outFile, "\nAll values in decoded form...\n"); + decodeAllTheValues(objects); + } + fprintf(outFile, "\n"); + return true; +} diff --git a/OSX/sec/SOSCircle/Tool/accountCirclesViewsPrint.h b/OSX/sec/SOSCircle/Tool/accountCirclesViewsPrint.h new file mode 100644 index 00000000..2a3c4362 --- /dev/null +++ b/OSX/sec/SOSCircle/Tool/accountCirclesViewsPrint.h @@ -0,0 +1,18 @@ +// +// accountCirclesViewsPrint.h +// Security +// +// Created by Richard Murphy on 12/8/16. +// +// + +#ifndef accountCirclesViewsPrint_h +#define accountCirclesViewsPrint_h + +#include +#include + +void SOSCCDumpCircleInformation(void); +bool SOSCCDumpCircleKVSInformation(char *itemName); + +#endif /* accountCirclesViewsPrint_h */ diff --git a/OSX/sec/SOSCircle/Tool/keychain_log.c b/OSX/sec/SOSCircle/Tool/keychain_log.c index 5dc6d745..89af2f74 100644 --- a/OSX/sec/SOSCircle/Tool/keychain_log.c +++ b/OSX/sec/SOSCircle/Tool/keychain_log.c @@ -147,7 +147,6 @@ static void dumpCircleInfo() { CFErrorRef error = NULL; CFArrayRef generations = NULL; - CFArrayRef confirmedDigests = NULL; bool is_user_public_trusted = false; __block int count = 0; @@ -191,25 +190,13 @@ static void dumpCircleInfo() printPeerInfos(" Concur", ^(CFErrorRef *error) { return SOSCCCopyConcurringPeerPeerInfo(error); }); printPeerInfos("Applicants", ^(CFErrorRef *error) { return SOSCCCopyApplicantPeerInfo(error); }); - confirmedDigests = SOSCCCopyEngineState(&error); - if(confirmedDigests) - { - count = 0; - CFArrayForEach(confirmedDigests, ^(const void *value) { - count++; - if(count % 2 != 0) - printmsg(CFSTR("%@"), value); - - if(count % 2 == 0) { - CFStringRef hexDigest = CFDataCopyHexString(value); - printmsg(CFSTR(" %@\n"), hexDigest); - CFReleaseSafe(hexDigest); - } - }); - } - else + if (!SOSCCForEachEngineStateAsString(&error, ^(CFStringRef oneStateString) { + printmsg(CFSTR("%@\n"), oneStateString); + })) { printmsg(CFSTR("No engine peers: %@\n"), error); - CFReleaseNull(confirmedDigests); + } + + CFReleaseNull(error); } static CFTypeRef getObjectsFromCloud(CFArrayRef keysToGet, dispatch_queue_t processQueue, dispatch_group_t dgroup) @@ -232,7 +219,6 @@ static CFTypeRef getObjectsFromCloud(CFArrayRef keysToGet, dispatch_queue_t proc if (error) { secerror("SOSCloudKeychainGetObjectsFromCloud returned error: %@", error); - // CFRelease(*error); } dispatch_group_leave(dgroup); secinfo("sync", "SOSCloudKeychainGetObjectsFromCloud block exit: %@", object); @@ -547,7 +533,7 @@ static void sysdiagnose_dump() { mkdir(outputDir, 0700); - setOutputTo(outputDir, "sw_vers.log"); + SOSLogSetOutputTo(outputDir, "sw_vers.log"); // report uname stuff + hostname fprintf(outFile, "HostName: %s\n", hostname); fprintf(outFile, "ProductName: %s\n", productName); @@ -555,17 +541,17 @@ static void sysdiagnose_dump() { fprintf(outFile, "BuildVersion: %s\n", buildVersion); closeOutput(); - setOutputTo(outputDir, "syncD.log"); + SOSLogSetOutputTo(outputDir, "syncD.log"); // do sync -D dumpKVS(optarg, NULL); closeOutput(); - setOutputTo(outputDir, "synci.log"); + SOSLogSetOutputTo(outputDir, "synci.log"); // do sync -i dumpCircleInfo(); closeOutput(); - setOutputTo(outputDir, "syncL.log"); + SOSLogSetOutputTo(outputDir, "syncL.log"); // do sync -L listviewcmd(NULL); closeOutput(); @@ -608,7 +594,7 @@ keychain_log(int argc, char * const *argv) " -M string place a mark in the syslog - category \"mark\"" */ - setOutputTo(NULL, NULL); + SOSLogSetOutputTo(NULL, NULL); int ch, result = 0; CFErrorRef error = NULL; diff --git a/OSX/sec/SOSCircle/Tool/keychain_sync.c b/OSX/sec/SOSCircle/Tool/keychain_sync.c index c8722326..830c9b4e 100644 --- a/OSX/sec/SOSCircle/Tool/keychain_sync.c +++ b/OSX/sec/SOSCircle/Tool/keychain_sync.c @@ -203,24 +203,13 @@ static void dumpCircleInfo() printPeerInfos(" Concur", ^(CFErrorRef *error) { return SOSCCCopyConcurringPeerPeerInfo(error); }); printPeerInfos("Applicants", ^(CFErrorRef *error) { return SOSCCCopyApplicantPeerInfo(error); }); - confirmedDigests = SOSCCCopyEngineState(&error); - if(confirmedDigests) - { - count = 0; - CFArrayForEach(confirmedDigests, ^(const void *value) { - count++; - if(count % 2 != 0) - printmsg(CFSTR("%@"), value); - - if(count % 2 == 0) { - CFStringRef hexDigest = CFDataCopyHexString(value); - printmsg(CFSTR(" %@\n"), hexDigest); - CFReleaseSafe(hexDigest); - } - }); - } - else + if (!SOSCCForEachEngineStateAsString(&error, ^(CFStringRef oneStateString) { + printmsg(CFSTR("%@\n"), oneStateString); + })) { printmsg(CFSTR("No engine peers: %@\n"), error); + } + + CFReleaseNull(error); CFReleaseNull(confirmedDigests); } @@ -309,7 +298,6 @@ static CFTypeRef getObjectsFromCloud(CFArrayRef keysToGet, dispatch_queue_t proc if (error) { secerror("SOSCloudKeychainGetObjectsFromCloud returned error: %@", error); - // CFRelease(*error); } dispatch_group_leave(dgroup); secinfo("sync", "SOSCloudKeychainGetObjectsFromCloud block exit: %@", object); @@ -666,12 +654,13 @@ static bool dumpMyPeer(CFErrorRef *error) { CFStringRef serialNumber = SOSPeerInfoV2DictionaryCopyString(myPeer, sSerialNumberKey); CFBooleanRef preferIDS = SOSPeerInfoV2DictionaryCopyBoolean(myPeer, sPreferIDS); CFBooleanRef preferIDSFragmentation = SOSPeerInfoV2DictionaryCopyBoolean(myPeer, sPreferIDSFragmentation); + CFBooleanRef preferIDSACKModel = SOSPeerInfoV2DictionaryCopyBoolean(myPeer, sPreferIDSACKModel); CFStringRef transportType = SOSPeerInfoV2DictionaryCopyString(myPeer, sTransportType); CFStringRef idsDeviceID = SOSPeerInfoV2DictionaryCopyString(myPeer, sDeviceID); CFMutableSetRef properties = SOSPeerInfoV2DictionaryCopySet(myPeer, sSecurityPropertiesKey); - printmsg(CFSTR("Serial#: %@ PrefIDS#: %@ PrefFragmentation#: %@ transportType#: %@ idsDeviceID#: %@\n"), - serialNumber, preferIDS, preferIDSFragmentation, transportType, idsDeviceID); + printmsg(CFSTR("Serial#: %@ PrefIDS#: %@ PrefFragmentation#: %@ PrefACK#: %@ transportType#: %@ idsDeviceID#: %@\n"), + serialNumber, preferIDS, preferIDSFragmentation, preferIDSACKModel, transportType, idsDeviceID); dumpStringSet(CFSTR(" Views: "), views); dumpStringSet(CFSTR("SecurityProperties: "), properties); @@ -779,7 +768,6 @@ keychain_sync(int argc, char * const *argv) " -e enable (join/create circle)" " -i info (current status)" " -m dump my peer" - " -S schedule sync with all peers" " "Account/Circle Management" " -a accept all applicants" @@ -810,7 +798,7 @@ keychain_sync(int argc, char * const *argv) " -p retrieve IDS device id" " -x ping all devices in an IDS account" " -w check IDS availability" - " -z retrieve IDS id through IDSKeychainSyncingProxy" + " -z retrieve IDS id through KeychainSyncingOverIDSProxy" " "Password" " -P [label:]password set password (optionally for a given label) for sync" @@ -834,14 +822,13 @@ keychain_sync(int argc, char * const *argv) " -H Set escrow record.\n" " -J Get the escrow record.\n" " -M Check peer availability.\n" - */ int ch, result = 0; CFErrorRef error = NULL; bool hadError = false; - setOutputTo(NULL, NULL); + SOSLogSetOutputTo(NULL, NULL); - while ((ch = getopt(argc, argv, "ab:deg:hikl:mopq:rsSv:w:x:zA:B:MNJCDEF:HG:ILOP:RT:UWX:VY01234")) != -1) + while ((ch = getopt(argc, argv, "ab:deg:hikl:mopq:rSv:w:x:zA:B:MNJCDEF:HG:ILOP:RT:UWX:VY01234")) != -1) switch (ch) { case 'l': { @@ -1043,14 +1030,6 @@ keychain_sync(int argc, char * const *argv) break; } - case 's': - #if TARGET_OS_EMBEDDED - SOSCloudKeychainRequestSyncWithAllPeers(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), NULL); - #else - fprintf(outFile, "not exported yet...\n"); - #endif - break; - case 'E': { fprintf(outFile, "Ensuring Fresh Parameters\n"); @@ -1071,6 +1050,7 @@ keychain_sync(int argc, char * const *argv) fprintf(outFile, "Applying to Ring\n"); CFStringRef ringName = CFStringCreateWithCString(kCFAllocatorDefault, (char *)optarg, kCFStringEncodingUTF8); hadError = SOSCCApplyToARing(ringName, &error); + CFReleaseNull(ringName); break; } case 'B': @@ -1078,6 +1058,7 @@ keychain_sync(int argc, char * const *argv) fprintf(outFile, "Withdrawing from Ring\n"); CFStringRef ringName = CFStringCreateWithCString(kCFAllocatorDefault, (char *)optarg, kCFStringEncodingUTF8); hadError = SOSCCWithdrawlFromARing(ringName, &error); + CFReleaseNull(ringName); break; } case 'F': @@ -1085,6 +1066,7 @@ keychain_sync(int argc, char * const *argv) fprintf(outFile, "Status of this device in the Ring\n"); CFStringRef ringName = CFStringCreateWithCString(kCFAllocatorDefault, (char *)optarg, kCFStringEncodingUTF8); hadError = SOSCCRingStatus(ringName, &error); + CFReleaseNull(ringName); break; } case 'G': @@ -1092,6 +1074,7 @@ keychain_sync(int argc, char * const *argv) fprintf(outFile, "Enabling Ring\n"); CFStringRef ringName = CFStringCreateWithCString(kCFAllocatorDefault, (char *)optarg, kCFStringEncodingUTF8); hadError = SOSCCEnableRing(ringName, &error); + CFReleaseNull(ringName); break; } case 'H': @@ -1232,8 +1215,7 @@ keychain_sync(int argc, char * const *argv) case 'Y': hadError = dumpYetToSync(&error); break; - - case '?': + case '?': default: return 2; /* Return 2 triggers usage message. */ } diff --git a/OSX/sec/SOSCircle/Tool/keychain_sync.h b/OSX/sec/SOSCircle/Tool/keychain_sync.h index c54d0ab5..8c90a82a 100644 --- a/OSX/sec/SOSCircle/Tool/keychain_sync.h +++ b/OSX/sec/SOSCircle/Tool/keychain_sync.h @@ -63,7 +63,7 @@ SECURITY_COMMAND( " -p retrieve IDS device id\n" " -x ping all devices in an IDS account\n" " -w check IDS availability\n" - " -z retrieve IDS id through IDSKeychainSyncingProxy\n" + " -z retrieve IDS id through KeychainSyncingOverIDSProxy\n" "\n" "Password\n" " -P [label:]password set password (optionally for a given label) for sync\n" diff --git a/OSX/sec/SOSCircle/Tool/keychain_sync_test.h b/OSX/sec/SOSCircle/Tool/keychain_sync_test.h index fabf163c..8dfc474c 100644 --- a/OSX/sec/SOSCircle/Tool/keychain_sync_test.h +++ b/OSX/sec/SOSCircle/Tool/keychain_sync_test.h @@ -11,5 +11,6 @@ SECURITY_COMMAND( "[options]\n" "Keychain Sync Test\n" " -p|--enabled-peer-views \n" + " -m|--message-pending-state\n" "\n", "Keychain Syncing test commands." ) diff --git a/OSX/sec/SOSCircle/Tool/keychain_sync_test.m b/OSX/sec/SOSCircle/Tool/keychain_sync_test.m index 834aea63..8b4db90a 100644 --- a/OSX/sec/SOSCircle/Tool/keychain_sync_test.m +++ b/OSX/sec/SOSCircle/Tool/keychain_sync_test.m @@ -14,12 +14,19 @@ #include #include +#include +#include + #import #include #import "NSFileHandle+Formatting.h" +static char boolToChars(bool val, char truechar, char falsechar) { + return val? truechar: falsechar; +} + int keychain_sync_test(int argc, char * const *argv) { @@ -31,9 +38,11 @@ keychain_sync_test(int argc, char * const *argv) */ int result = 0; NSError* error = nil; - CFErrorRef cfError = NULL; + __block CFErrorRef cfError = NULL; static int verbose_flag = 0; + bool dump_pending = false; + static struct option long_options[] = { /* These options set a flag. */ @@ -42,9 +51,10 @@ keychain_sync_test(int argc, char * const *argv) /* These options don’t set a flag. We distinguish them by their indices. */ {"enabled-peer-views", required_argument, 0, 'p'}, + {"message-pending-state", no_argument, 0, 'm'}, {0, 0, 0, 0} }; - static const char * params = "abc:d:f:"; + static const char * params = "p:m"; /* getopt_long stores the option index here. */ int option_index = 0; @@ -62,6 +72,9 @@ keychain_sync_test(int argc, char * const *argv) } break; + case 'm': + dump_pending = true; + break; case -1: break; default: @@ -78,6 +91,32 @@ keychain_sync_test(int argc, char * const *argv) } } + if (dump_pending) { + CFArrayRef peers = SOSCCCopyPeerPeerInfo(&cfError); + [fhout writeFormat: @"Dumping state for %ld peers\n", CFArrayGetCount(peers)]; + + CFArrayForEach(peers, ^(const void *value) { + SOSPeerInfoRef thisPeer = (SOSPeerInfoRef) value; + if (thisPeer) { + CFReleaseNull(cfError); + bool message = SOSCCMessageFromPeerIsPending(thisPeer, &cfError); + if (!message && cfError != NULL) { + [fherr writeFormat: @"Error from SOSCCMessageFromPeerIsPending: %@\n", cfError]; + } + CFReleaseNull(cfError); + bool send = SOSCCSendToPeerIsPending(thisPeer, &cfError); + if (!message && cfError != NULL) { + [fherr writeFormat: @"Error from SOSCCSendToPeerIsPending: %@\n", cfError]; + } + CFReleaseNull(cfError); + + [fhout writeFormat: @"Peer: %c%c %@\n", boolToChars(message, 'M', 'm'), boolToChars(send, 'S', 's'), thisPeer]; + } else { + [fherr writeFormat: @"Non SOSPeerInfoRef in array: %@\n", value]; + } + }); + } + if (cfError != NULL) { [fherr writeFormat: @"Error: %@\n", cfError]; } diff --git a/SecurityFeatures/OSX/SecurityFeatures.h b/OSX/sec/SOSCircle/Tool/recovery_key.h similarity index 63% rename from SecurityFeatures/OSX/SecurityFeatures.h rename to OSX/sec/SOSCircle/Tool/recovery_key.h index 6636e599..0fe4c43a 100644 --- a/SecurityFeatures/OSX/SecurityFeatures.h +++ b/OSX/sec/SOSCircle/Tool/recovery_key.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015 Apple Inc. All Rights Reserved. + * Copyright (c) 2013-2016 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * @@ -21,15 +21,14 @@ * @APPLE_LICENSE_HEADER_END@ */ -/* - * What features are enabled for this platform, used so that - * header files can be shared between the the different platforms - */ - -#ifndef SECURITY_SECURITY_FEATURES_H -#define SECURITY_SECURITY_FEATURES_H 1 -#define SECURITY_LEGACY_CSSM 1 -#define SECURITY_LEGACY_SECURE_TRANSPORT 1 +#include -#endif /* SECURITY_SECURITY_FEATURES_H */ +SECURITY_COMMAND( + "recovery-key", recovery_key, + "[options]\n" + "Recovery Key\n" + " -s //Set the recovery key\n" + " -g //Get the recovery key\n" + " -c //Clear the recovery key\n", + "Recovery Key." ) diff --git a/OSX/sec/SOSCircle/Tool/recovery_key.m b/OSX/sec/SOSCircle/Tool/recovery_key.m new file mode 100644 index 00000000..6e5170d7 --- /dev/null +++ b/OSX/sec/SOSCircle/Tool/recovery_key.m @@ -0,0 +1,151 @@ +/* + * Copyright (c) 2013-2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +#import +#include "recovery_key.h" + +#include +#include +#include +#include + +#include +#include +#include + +#import + + +#include "secToolFileIO.h" + +int +recovery_key(int argc, char * const *argv) +{ + int ch, result = 0; + CFErrorRef error = NULL; + BOOL hadError = false; + SOSLogSetOutputTo(NULL, NULL); + + static struct option long_options[] = + { + /* These options set a flag. */ + {"generate", required_argument, NULL, 'G'}, + {"set", required_argument, NULL, 's'}, + {"get", no_argument, NULL, 'g'}, + {"clear", no_argument, NULL, 'c'}, + {"follow-up", no_argument, NULL, 'F'}, + {0, 0, 0, 0} + }; + int option_index = 0; + + while ((ch = getopt_long(argc, argv, "FG:Rs:gc", long_options, &option_index)) != -1) + switch (ch) { + case 'G': { + NSString *testString = [NSString stringWithUTF8String:optarg]; + if(testString == nil) + return 2; + + SecRecoveryKey *rk = SecRKCreateRecoveryKey(testString); + if(rk == nil) + return 2; + NSData *publicKey = SecRKCopyBackupPublicKey(rk); + if(publicKey == nil) + return 2; + + printmsg(CFSTR("public recovery key: %@\n"), publicKey); + break; + } + case 'R': { + NSString *testString = SecRKCreateRecoveryKeyString(NULL); + if(testString == nil) + return 2; + + printmsg(CFSTR("public recovery string: %@\n"), testString); + + break; + } + case 's': + { + NSString *testString = [NSString stringWithUTF8String:optarg]; + if(testString == nil) + return 2; + + SecRecoveryKey *rk = SecRKCreateRecoveryKey(testString); + if(rk == nil) + return 2; + + NSData *publicKey = SecRKCopyBackupPublicKey(rk); + if(publicKey == nil) + return 2; + + hadError = SOSCCRegisterRecoveryPublicKey((__bridge CFDataRef)(publicKey), &error) != true; + break; + } + case 'g': + { + CFDataRef recovery_key = SOSCCCopyRecoveryPublicKey(&error); + hadError = recovery_key == NULL; + if(!hadError) + printmsg(CFSTR("recovery key: %@\n"), recovery_key); + CFReleaseNull(recovery_key); + break; + } + case 'c': + { + CFDataRef empty = CFDataCreate(kCFAllocatorDefault, 0, 0); + hadError = SOSCCRegisterRecoveryPublicKey(empty, &error) != true; + CFReleaseNull(empty); + break; + } + case 'F': + { + NSError *localError = nil; + + CDPFollowUpController *cdpd = [[CDPFollowUpController alloc] init]; + + CDPFollowUpContext *context = [CDPFollowUpContext contextForRecoveryKeyRepair]; + context.force = true; + + [cdpd postFollowUpWithContext:context error:&localError]; + if(localError){ + printmsg(CFSTR("Request to CoreCDP to follow up failed: %@\n"), localError); + } else { + printmsg(CFSTR("CoreCDP handling follow up\n")); + } + break; + } + case '?': + default: + { + printf("%s [...options]\n", getprogname()); + for (unsigned n = 0; n < sizeof(long_options)/sizeof(long_options[0]); n++) { + printf("\t [-%c|--%s\n", long_options[n].val, long_options[n].name); + } + return 2; + } + } + if (hadError) + printerr(CFSTR("Error: %@\n"), error); + + return result; +} diff --git a/OSX/sec/SOSCircle/Tool/secToolFileIO.c b/OSX/sec/SOSCircle/Tool/secToolFileIO.c index 6c982743..6f5a0e9e 100644 --- a/OSX/sec/SOSCircle/Tool/secToolFileIO.c +++ b/OSX/sec/SOSCircle/Tool/secToolFileIO.c @@ -25,7 +25,7 @@ void _printcfmsg(FILE *ff, CFDictionaryRef formatOptions, CFStringRef format, .. } -int setOutputTo(char *dir, char *filename) { +int SOSLogSetOutputTo(char *dir, char *filename) { size_t pathlen = 0; if(dir && filename) { diff --git a/OSX/sec/SOSCircle/Tool/secToolFileIO.h b/OSX/sec/SOSCircle/Tool/secToolFileIO.h index a31ffc8d..5601b7e7 100644 --- a/OSX/sec/SOSCircle/Tool/secToolFileIO.h +++ b/OSX/sec/SOSCircle/Tool/secToolFileIO.h @@ -16,16 +16,16 @@ #include #include -#define printmsg(format, ...) _printcfmsg(outFile, NULL, format, __VA_ARGS__) -#define printmsgWithFormatOptions(formatOptions, format, ...) _printcfmsg(outFile, formatOptions, format, __VA_ARGS__) -#define printerr(format, ...) _printcfmsg(errFile, NULL, format, __VA_ARGS__) +#define printmsg(format, ...) _printcfmsg(outFile, NULL, format, ##__VA_ARGS__) +#define printmsgWithFormatOptions(formatOptions, format, ...) _printcfmsg(outFile, formatOptions, format, ##__VA_ARGS__) +#define printerr(format, ...) _printcfmsg(errFile, NULL, format, ##__VA_ARGS__) extern FILE *outFile; extern FILE *errFile; void _printcfmsg(FILE *ff, CFDictionaryRef formatOptions, CFStringRef format, ...); -int setOutputTo(char *dir, char *filename); +int SOSLogSetOutputTo(char *dir, char *filename); void closeOutput(void); diff --git a/OSX/sec/SOSCircle/Tool/syncbackup.c b/OSX/sec/SOSCircle/Tool/syncbackup.c index d202ee3e..acb04d92 100644 --- a/OSX/sec/SOSCircle/Tool/syncbackup.c +++ b/OSX/sec/SOSCircle/Tool/syncbackup.c @@ -38,6 +38,7 @@ #include #include +#include #include @@ -53,6 +54,58 @@ static bool dumpBackupInfo(CFErrorRef *error) { return *error != NULL; } +static bool longListing(CFErrorRef *error) { + CFDataRef rkbgder = NULL; + CFDictionaryRef bskbders = NULL; + + CFDictionaryRef backupInfo = SOSCCCopyBackupInformation(error); + SOSRecoveryKeyBagRef rkbg = NULL; + CFNumberRef status = CFDictionaryGetValue(backupInfo, kSOSBkpInfoStatus); + int infoStatus; + CFNumberGetValue(status, kCFNumberIntType, &infoStatus); + + switch(infoStatus) { + case noError: + rkbgder = CFDictionaryGetValue(backupInfo, kSOSBkpInfoRKBG); + bskbders = CFDictionaryGetValue(backupInfo, kSOSBkpInfoBSKB); + break; + case noTxnorAcct: + break; + case noAlloc: + break; + case noTrustedPubKey: + break; + case noBSKBs: + rkbgder = CFDictionaryGetValue(backupInfo, kSOSBkpInfoRKBG); + break; + default: + break; + } + + if(rkbgder) { + rkbg = SOSRecoveryKeyBagCreateFromData(kCFAllocatorDefault, rkbgder, NULL); + printmsg(CFSTR("Recovery Keybag: %@\n"), rkbg); + } + + if(bskbders) { + CFDataRef rkPub = NULL; + if(rkbg) rkPub = SOSRecoveryKeyBagGetKeyData(rkbg, NULL); + CFDictionaryForEach(bskbders, ^(const void *key, const void *value) { + CFDataRef bskbder = asData(value, NULL); + SOSBackupSliceKeyBagRef bskb = SOSBackupSliceKeyBagCreateFromData(kCFAllocatorDefault, bskbder, NULL); + if(bskb) { + bool reckeyPresent = (rkPub && SOSBKSBPrefixedKeyIsInKeyBag(bskb, bskbRkbgPrefix, rkPub)); + printmsg(CFSTR("BackupSliceKeybag %@: Recovery Key %s; %@\n"), key, (reckeyPresent) ? "Present": "Absent ", bskb); + CFReleaseNull(bskb); + } + }); + } + CFReleaseNull(backupInfo); + CFReleaseNull(rkbg); + return *error != NULL; +} + + int syncbackup(int argc, char * const *argv) @@ -62,19 +115,23 @@ syncbackup(int argc, char * const *argv) " -i info (current status)" */ - setOutputTo(NULL, NULL); + SOSLogSetOutputTo(NULL, NULL); int ch, result = 0; CFErrorRef error = NULL; bool hadError = false; - while ((ch = getopt(argc, argv, "i")) != -1) + while ((ch = getopt(argc, argv, "il")) != -1) switch (ch) { case 'i': hadError = dumpBackupInfo(&error); break; + case 'l': + hadError = longListing(&error); + break; + case '?': default: return 2; /* Return 2 triggers usage message. */ diff --git a/OSX/sec/SOSCircle/Tool/syncbackup.h b/OSX/sec/SOSCircle/Tool/syncbackup.h index 4050dd32..90510dca 100644 --- a/OSX/sec/SOSCircle/Tool/syncbackup.h +++ b/OSX/sec/SOSCircle/Tool/syncbackup.h @@ -35,6 +35,7 @@ SECURITY_COMMAND( "syncbackup", syncbackup, "[options]\n" " -i info (current status)\n" + " -l list backup slice keybag membership and recovery status" "\n", "iCloud Circle Backup Information") diff --git a/OSX/sec/Security/AuthorizationStatus.h b/OSX/sec/Security/AuthorizationStatus.h deleted file mode 100644 index 6075f2b9..00000000 --- a/OSX/sec/Security/AuthorizationStatus.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) 2012 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header AuthorizationStatus - The data types in AuthorizationStatus define the various states of Authorization for accessing services. -*/ - -/*! - @typedef ABAuthorizationStatus - @abstract Specifies the AuthorizationStatus result when accessing a service. - @constant kABAuthorizationStatusNotDetermined indicates the user has not yet made a choice if this app can access the service. - @constant kABAuthorizationStatusRestricted indicates the app is not authorized to use the service. Due to active restrictions on the service the user cannot change this status and may not have personally denied authorization. - @constant kABAuthorizationStatusDenied indicates the user has explicitly denied authorization for this app or the service is disabled in Settings. - @constant kABAuthorizationStatusAuthorized indicates the user has authorized this app to access the service. - */ - -typedef enum { - kABAuthorizationStatusNotDetermined = 0, - kABAuthorizationStatusRestricted, - kABAuthorizationStatusDenied, - kABAuthorizationStatusAuthorized -} ABAuthorizationStatus; - diff --git a/OSX/sec/Security/Regressions/Security_regressions.h b/OSX/sec/Security/Regressions/Security_regressions.h index f9701408..b9bf311a 100644 --- a/OSX/sec/Security/Regressions/Security_regressions.h +++ b/OSX/sec/Security/Regressions/Security_regressions.h @@ -10,6 +10,7 @@ ONE_TEST(pbkdf2_00_hmac_sha1) ONE_TEST(spbkdf_00_hmac_sha1) +ONE_TEST(spbkdf_01_hmac_sha256) ONE_TEST(si_00_find_nothing) ONE_TEST(si_05_add) @@ -32,11 +33,9 @@ ONE_TEST(si_43_persistent) ONE_TEST(si_50_secrandom) ONE_TEST(si_60_cms) ONE_TEST(si_61_pkcs12) -ONE_TEST(si_62_csr) ONE_TEST(si_63_scep) ONE_TEST(si_64_ossl_cms) ONE_TEST(si_65_cms_cert_policy) -ONE_TEST(si_66_smime) ONE_TEST(si_68_secmatchissuer) ONE_TEST(si_69_keydesc) ONE_TEST(si_72_syncableitems) diff --git a/OSX/sec/Security/Regressions/crypto/spbkdf-00-hmac-sha1.c b/OSX/sec/Security/Regressions/crypto/spbkdf-00-hmac-sha1.c index 8bd80a02..843dfb79 100644 --- a/OSX/sec/Security/Regressions/crypto/spbkdf-00-hmac-sha1.c +++ b/OSX/sec/Security/Regressions/crypto/spbkdf-00-hmac-sha1.c @@ -13,18 +13,6 @@ #include "Security_regressions.h" -#if 0 -static void -printComparison(const uint8_t*left, const uint8_t* right, int length) -{ - int i; - for(i = 0; i < length; ++i) - { - fprintf(stderr, "# Values :: 0x%02x :: 0x%02x\n", left[i], right[i]); - } -} -#endif - static int kTestTestCount = 8; static void tests(void) @@ -45,7 +33,7 @@ static void tests(void) pbkdf2_hmac_sha1((const uint8_t*) password, strlen(password), (const uint8_t*) salt, strlen(salt), iterations, actual, resultSize); - ok(memcmp(expected, actual, resultSize) == 0, "pbkdf-sha-1: P-'password' S-'Salt' I-1"); + ok(memcmp(expected, actual, resultSize) == 0, "pbkdf-sha-1: P-'password' S-'salt' I-1"); } { @@ -64,7 +52,7 @@ static void tests(void) pbkdf2_hmac_sha1((const uint8_t*) password, strlen(password), (const uint8_t*) salt, strlen(salt), iterations, actual, resultSize); - ok(memcmp(expected, actual, resultSize) == 0, "pbkdf-sha-1: P-'password' S-'Salt' I-2"); + ok(memcmp(expected, actual, resultSize) == 0, "pbkdf-sha-1: P-'password' S-'salt' I-2"); } { @@ -83,7 +71,7 @@ static void tests(void) pbkdf2_hmac_sha1((const uint8_t*) password, strlen(password), (const uint8_t*) salt, strlen(salt), iterations, actual, resultSize); - ok(memcmp(expected, actual, resultSize) == 0, "pbkdf-sha-1: P-'password' S-'Salt' I-4096"); + ok(memcmp(expected, actual, resultSize) == 0, "pbkdf-sha-1: P-'password' S-'salt' I-4096"); } SKIP: { @@ -104,7 +92,7 @@ static void tests(void) pbkdf2_hmac_sha1((const uint8_t*) password, strlen(password), (const uint8_t*) salt, strlen(salt), iterations, actual, resultSize); - ok(memcmp(expected, actual, resultSize) == 0, "pbkdf-sha-1: P-'password' S-'Salt' I-16777216"); + ok(memcmp(expected, actual, resultSize) == 0, "pbkdf-sha-1: P-'password' S-'salt' I-16777216"); } @@ -129,7 +117,7 @@ static void tests(void) SecKeyFromPassphraseDataHMACSHA1(passwordData, saltData, iterations, resultData); - ok(memcmp(expected, CFDataGetBytePtr(resultData), resultSize) == 0, "pbkdf-sha-1: P-'password' S-'Salt' I-1"); + ok(memcmp(expected, CFDataGetBytePtr(resultData), resultSize) == 0, "pbkdf-sha-1: P-'password' S-'salt' I-1"); CFReleaseSafe(password); CFReleaseSafe(salt); @@ -159,7 +147,7 @@ static void tests(void) SecKeyFromPassphraseDataHMACSHA1(passwordData, saltData, iterations, resultData); - ok(memcmp(expected, CFDataGetBytePtr(resultData), resultSize) == 0, "pbkdf-sha-1: P-'password' S-'Salt' I-1"); + ok(memcmp(expected, CFDataGetBytePtr(resultData), resultSize) == 0, "pbkdf-sha-1: P-'password' S-'salt' I-2"); CFReleaseSafe(password); CFReleaseSafe(salt); @@ -190,7 +178,7 @@ static void tests(void) SecKeyFromPassphraseDataHMACSHA1(passwordData, saltData, iterations, resultData); - ok(memcmp(expected, CFDataGetBytePtr(resultData), resultSize) == 0, "pbkdf-sha-1: P-'password' S-'Salt' I-1"); + ok(memcmp(expected, CFDataGetBytePtr(resultData), resultSize) == 0, "pbkdf-sha-1: P-'password' S-'salt' I-4096"); CFReleaseSafe(password); CFReleaseSafe(salt); @@ -223,7 +211,7 @@ static void tests(void) SecKeyFromPassphraseDataHMACSHA1(passwordData, saltData, iterations, resultData); - ok(memcmp(expected, CFDataGetBytePtr(resultData), resultSize) == 0, "pbkdf-sha-1: P-'password' S-'Salt' I-1"); + ok(memcmp(expected, CFDataGetBytePtr(resultData), resultSize) == 0, "pbkdf-sha-1: P-'password' S-'salt' I-16777216"); CFReleaseSafe(password); CFReleaseSafe(salt); diff --git a/OSX/sec/Security/Regressions/crypto/spbkdf-01-hmac-sha256.c b/OSX/sec/Security/Regressions/crypto/spbkdf-01-hmac-sha256.c new file mode 100644 index 00000000..744041a8 --- /dev/null +++ b/OSX/sec/Security/Regressions/crypto/spbkdf-01-hmac-sha256.c @@ -0,0 +1,239 @@ +/* + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "Security_regressions.h" + +static int kTestTestCount = 8; + +static void tests(void) +{ + { + const char *password = "password"; + const char *salt = "salt"; + const int iterations = 1; + const uint8_t expected[32] = { + 0x12, 0x0f, 0xb6, 0xcf, 0xfc, 0xf8, 0xb3, 0x2c, + 0x43, 0xe7, 0x22, 0x52, 0x56, 0xc4, 0xf8, 0x37, + 0xa8, 0x65, 0x48, 0xc9, 0x2c, 0xcc, 0x35, 0x48, + 0x08, 0x05, 0x98, 0x7c, 0xb7, 0x0b, 0xe1, 0x7b + }; + + const char resultSize = sizeof(expected); + + uint8_t actual[resultSize]; + + pbkdf2_hmac_sha256((const uint8_t*) password, strlen(password), (const uint8_t*) salt, strlen(salt), iterations, actual, resultSize); + + ok(memcmp(expected, actual, resultSize) == 0, "pbkdf-sha-256: P-'password' S-'salt' I-1"); + } + + { + const char *password = "password"; + const char *salt = "salt"; + const int iterations = 2; + const uint8_t expected[32] = { + 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3, + 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0, + 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf, + 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43 + }; + + const char resultSize = sizeof(expected); + + uint8_t actual[resultSize]; + + pbkdf2_hmac_sha256((const uint8_t*) password, strlen(password), (const uint8_t*) salt, strlen(salt), iterations, actual, resultSize); + + ok(memcmp(expected, actual, resultSize) == 0, "pbkdf-sha-256: P-'password' S-'salt' I-2"); + } + + { + const char *password = "password"; + const char *salt = "salt"; + const int iterations = 4096; + const uint8_t expected[32] = { + 0xc5, 0xe4, 0x78, 0xd5, 0x92, 0x88, 0xc8, 0x41, + 0xaa, 0x53, 0x0d, 0xb6, 0x84, 0x5c, 0x4c, 0x8d, + 0x96, 0x28, 0x93, 0xa0, 0x01, 0xce, 0x4e, 0x11, + 0xa4, 0x96, 0x38, 0x73, 0xaa, 0x98, 0x13, 0x4a + }; + + const char resultSize = sizeof(expected); + + uint8_t actual[resultSize]; + + pbkdf2_hmac_sha256((const uint8_t*) password, strlen(password), (const uint8_t*) salt, strlen(salt), iterations, actual, resultSize); + + ok(memcmp(expected, actual, resultSize) == 0, "pbkdf-sha-256: P-'password' S-'salt' I-4096"); + } + +SKIP: { + skip("16777216 iterations is too slow", 1, 0); + + const char *password = "password"; + const char *salt = "salt"; + const int iterations = 16777216; + const uint8_t expected[32] = { + 0xcf, 0x81, 0xc6, 0x6f, 0xe8, 0xcf, 0xc0, 0x4d, + 0x1f, 0x31, 0xec, 0xb6, 0x5d, 0xab, 0x40, 0x89, + 0xf7, 0xf1, 0x79, 0xe8, 0x9b, 0x3b, 0x0b, 0xcb, + 0x17, 0xad, 0x10, 0xe3, 0xac, 0x6e, 0xba, 0x46 + }; + + const char resultSize = sizeof(expected); + + uint8_t actual[resultSize]; + + pbkdf2_hmac_sha256((const uint8_t*) password, strlen(password), (const uint8_t*) salt, strlen(salt), iterations, actual, resultSize); + + ok(memcmp(expected, actual, resultSize) == 0, "pbkdf-sha-256: P-'password' S-'salt' I-16777216"); +} + + + { + CFStringRef password = CFStringCreateWithCString(NULL, "password", kCFStringEncodingUTF8); + CFStringRef salt = CFStringCreateWithCString(NULL, "salt", kCFStringEncodingUTF8); + + CFDataRef passwordData = CFStringCreateExternalRepresentation(NULL, password, kCFStringEncodingUTF8, 0); + CFDataRef saltData = CFStringCreateExternalRepresentation(NULL, salt, kCFStringEncodingUTF8, 0); + + const int iterations = 1; + const uint8_t expected[32] = { + 0x12, 0x0f, 0xb6, 0xcf, 0xfc, 0xf8, 0xb3, 0x2c, + 0x43, 0xe7, 0x22, 0x52, 0x56, 0xc4, 0xf8, 0x37, + 0xa8, 0x65, 0x48, 0xc9, 0x2c, 0xcc, 0x35, 0x48, + 0x08, 0x05, 0x98, 0x7c, 0xb7, 0x0b, 0xe1, 0x7b + }; + + const char resultSize = sizeof(expected); + + CFMutableDataRef resultData = CFDataCreateMutable(NULL, resultSize); + CFDataIncreaseLength(resultData, resultSize); + + SecKeyFromPassphraseDataHMACSHA256(passwordData, saltData, iterations, resultData); + + ok(memcmp(expected, CFDataGetBytePtr(resultData), resultSize) == 0, "pbkdf-sha-256: P-'password' S-'salt' I-1"); + + CFReleaseSafe(password); + CFReleaseSafe(salt); + CFReleaseSafe(passwordData); + CFReleaseSafe(saltData); + CFReleaseSafe(resultData); + } + + { + CFStringRef password = CFStringCreateWithCString(NULL, "password", kCFStringEncodingUTF8); + CFStringRef salt = CFStringCreateWithCString(NULL, "salt", kCFStringEncodingUTF8); + + CFDataRef passwordData = CFStringCreateExternalRepresentation(NULL, password, kCFStringEncodingUTF8, 0); + CFDataRef saltData = CFStringCreateExternalRepresentation(NULL, salt, kCFStringEncodingUTF8, 0); + + const int iterations = 2; + const uint8_t expected[32] = { + 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3, + 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0, + 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf, + 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43 + }; + + const char resultSize = sizeof(expected); + + CFMutableDataRef resultData = CFDataCreateMutable(NULL, resultSize); + CFDataIncreaseLength(resultData, resultSize); + + SecKeyFromPassphraseDataHMACSHA256(passwordData, saltData, iterations, resultData); + + ok(memcmp(expected, CFDataGetBytePtr(resultData), resultSize) == 0, "pbkdf-sha-256: P-'password' S-'salt' I-2"); + + CFReleaseSafe(password); + CFReleaseSafe(salt); + CFReleaseSafe(passwordData); + CFReleaseSafe(saltData); + CFReleaseSafe(resultData); + } + + { + CFStringRef password = CFStringCreateWithCString(NULL, "password", kCFStringEncodingUTF8); + CFStringRef salt = CFStringCreateWithCString(NULL, "salt", kCFStringEncodingUTF8); + + CFDataRef passwordData = CFStringCreateExternalRepresentation(NULL, password, kCFStringEncodingUTF8, 0); + CFDataRef saltData = CFStringCreateExternalRepresentation(NULL, salt, kCFStringEncodingUTF8, 0); + + const int iterations = 4096; + const uint8_t expected[32] = { + 0xc5, 0xe4, 0x78, 0xd5, 0x92, 0x88, 0xc8, 0x41, + 0xaa, 0x53, 0x0d, 0xb6, 0x84, 0x5c, 0x4c, 0x8d, + 0x96, 0x28, 0x93, 0xa0, 0x01, 0xce, 0x4e, 0x11, + 0xa4, 0x96, 0x38, 0x73, 0xaa, 0x98, 0x13, 0x4a + }; + + const char resultSize = sizeof(expected); + + CFMutableDataRef resultData = CFDataCreateMutable(NULL, resultSize); + CFDataIncreaseLength(resultData, resultSize); + + SecKeyFromPassphraseDataHMACSHA256(passwordData, saltData, iterations, resultData); + + ok(memcmp(expected, CFDataGetBytePtr(resultData), resultSize) == 0, "pbkdf-sha-256: P-'password' S-'salt' I-4096"); + + CFReleaseSafe(password); + CFReleaseSafe(salt); + CFReleaseSafe(passwordData); + CFReleaseSafe(saltData); + CFReleaseSafe(resultData); + } + +SKIP: { + skip("16777216 iterations is too slow", 1, 0); + + CFStringRef password = CFStringCreateWithCString(NULL, "password", kCFStringEncodingUTF8); + CFStringRef salt = CFStringCreateWithCString(NULL, "salt", kCFStringEncodingUTF8); + + CFDataRef passwordData = CFStringCreateExternalRepresentation(NULL, password, kCFStringEncodingUTF8, 0); + CFDataRef saltData = CFStringCreateExternalRepresentation(NULL, salt, kCFStringEncodingUTF8, 0); + + const int iterations = 16777216; + const uint8_t expected[32] = { + 0xcf, 0x81, 0xc6, 0x6f, 0xe8, 0xcf, 0xc0, 0x4d, + 0x1f, 0x31, 0xec, 0xb6, 0x5d, 0xab, 0x40, 0x89, + 0xf7, 0xf1, 0x79, 0xe8, 0x9b, 0x3b, 0x0b, 0xcb, + 0x17, 0xad, 0x10, 0xe3, 0xac, 0x6e, 0xba, 0x46 + }; + + + const char resultSize = sizeof(expected); + + CFMutableDataRef resultData = CFDataCreateMutable(NULL, resultSize); + CFDataIncreaseLength(resultData, resultSize); + + SecKeyFromPassphraseDataHMACSHA256(passwordData, saltData, iterations, resultData); + + ok(memcmp(expected, CFDataGetBytePtr(resultData), resultSize) == 0, "pbkdf-sha-256: P-'password' S-'salt' I-16777216"); + + CFReleaseSafe(password); + CFReleaseSafe(salt); + CFReleaseSafe(passwordData); + CFReleaseSafe(saltData); + CFReleaseSafe(resultData); +} + +} + +int spbkdf_01_hmac_sha256(int argc, char *const *argv) +{ + plan_tests(kTestTestCount); + + tests(); + + return 0; +} diff --git a/OSX/sec/Security/Regressions/rk_01_recoverykey.m b/OSX/sec/Security/Regressions/rk_01_recoverykey.m new file mode 100644 index 00000000..a9c55b5e --- /dev/null +++ b/OSX/sec/Security/Regressions/rk_01_recoverykey.m @@ -0,0 +1,67 @@ +// +// rk_01_recoverykey.m +// + +#define __KEYCHAINCORE__ 1 + +#include +#include + +#include "SecRecoveryKey.h" +#include "shared_regressions.h" + +int rk_01_recoverykey(int argc, char *const *argv) +{ + NSArray *testData = @[ + @{ + @"recoverykey" : @"AAAA-AAAA-AAAA-AAAA-AAAA-AAAA-AAGW", + @"publicKey" : @"UUjq5Wv572RSsKahddvUPQAEIeErSHMK9J+NKb6sVdo=", + @"privateKey" : @"UUjq5Wv572RSsKahddvUPQAEIeErSHMK9J+NKb6sVdpi00pR5UGzfoARLnpxCFmqCh1XCRtjCptztGfN1XW11w==", + @"password" : @"Ze14tkzC8keZEnoIv+LoWvicxOTSSqUwhE8xyChmZAs=", + }, + @{ // same again to make sure it works + @"recoverykey" : @"AAAA-AAAA-AAAA-AAAA-AAAA-AAAA-AAGW", + @"publicKey" : @"UUjq5Wv572RSsKahddvUPQAEIeErSHMK9J+NKb6sVdo=", + @"privateKey" : @"UUjq5Wv572RSsKahddvUPQAEIeErSHMK9J+NKb6sVdpi00pR5UGzfoARLnpxCFmqCh1XCRtjCptztGfN1XW11w==", + @"password" : @"Ze14tkzC8keZEnoIv+LoWvicxOTSSqUwhE8xyChmZAs=", + }, + @{ + @"recoverykey" : @"BBBB-BBBB-BBBB-BBBB-BBBB-BBBB-BBAY", + @"publicKey" : @"fomczHhXphIMaCbuQlKPefXO8YEIH2M9TFslcBjvJXY=", + @"privateKey" : @"fomczHhXphIMaCbuQlKPefXO8YEIH2M9TFslcBjvJXa/W5BWvgJmZO9xShq1sePpLDfGf5lOkwhwzFzFypiXgw==", + @"password" : @"P7nC1leKBTJ3aMsXZImVsR2kIlqlsvoSEI8yFKv6xdw=", + }, + ]; + + + plan_tests(7 * (int)[testData count]); + + [testData enumerateObjectsUsingBlock:^(NSDictionary * _Nonnull obj, NSUInteger idx, BOOL * _Nonnull stop) { + NSString *recoveryKey = obj[@"recoverykey"]; + NSString *knownPublicKey = obj[@"publicKey"]; + NSString *knownPrivateKey = obj[@"privateKey"]; + NSString *knownPassword = obj[@"password"]; + + SecRecoveryKey *rk = SecRKCreateRecoveryKey(recoveryKey); + ok(rk, "got recovery key"); + + NSData *publicKey = SecRKCopyBackupPublicKey(rk); + ok(publicKey, "got publicKey"); + + ok([publicKey isEqualToData:[[NSData alloc] initWithBase64EncodedString:knownPublicKey options:0]], + "public key same: %@", [publicKey base64EncodedStringWithOptions:0]); + + NSData *privateKey = SecRKCopyBackupFullKey(rk); + ok(privateKey, "got privateKey"); + + ok([privateKey isEqualToData:[[NSData alloc] initWithBase64EncodedString:knownPrivateKey options:0]], + "privateKey key same: %@", [privateKey base64EncodedStringWithOptions:0]); + + NSString *recoveryPassword = SecRKCopyAccountRecoveryPassword(rk); + ok(recoveryPassword, "got account recovery password"); + + ok([recoveryPassword isEqualToString:knownPassword], "password same: %@", recoveryPassword); + }]; + + return 0; +} diff --git a/OSX/sec/Security/Regressions/secitem/si-05-add.c b/OSX/sec/Security/Regressions/secitem/si-05-add.c index fc871aad..2161488a 100644 --- a/OSX/sec/Security/Regressions/secitem/si-05-add.c +++ b/OSX/sec/Security/Regressions/secitem/si-05-add.c @@ -293,11 +293,11 @@ static void tests(void) CFDataRef tagData = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, (const UInt8 *)"funnytag", 8, kCFAllocatorNull); CFDictionaryAddValue(dict, kSecAttrApplicationTag, tagData); - is_status(SecItemAdd(dict, &certHandle), errSecParam, - "Case 7: add certificate with bogus attribute returns errSecParam"); + is_status(SecItemAdd(dict, &certHandle), errSecNoSuchAttr, + "Case 7: add certificate with bogus attribute returns errSecNoSuchAttr"); CFReleaseNull(certHandle); - is_status(SecItemDelete(dict), errSecParam, - "delete certificate with bogus attribute returns errSecParam"); + is_status(SecItemDelete(dict), errSecNoSuchAttr, + "delete certificate with bogus attribute returns errSecNoSuchAttr"); CFDictionaryRemoveValue(dict, kSecAttrApplicationTag); CFReleaseNull(tagData); diff --git a/OSX/sec/Security/Regressions/secitem/si-15-certificate.c b/OSX/sec/Security/Regressions/secitem/si-15-certificate.c index 0c6f925f..90b7a9e0 100644 --- a/OSX/sec/Security/Regressions/secitem/si-15-certificate.c +++ b/OSX/sec/Security/Regressions/secitem/si-15-certificate.c @@ -2,11 +2,13 @@ * Copyright (c) 2008-2010,2012 Apple Inc. All Rights Reserved. */ +#include #include #include #include #include #include +#include #include #include @@ -689,8 +691,100 @@ static unsigned char _wapi_as_der[] = { static unsigned int _wapi_as_der_len = 443; #endif -#define CFReleaseSafe(CF) { CFTypeRef _cf = (CF); if (_cf) CFRelease(_cf); } -#define CFReleaseNull(CF) { CFTypeRef _cf = (CF); if (_cf) CFRelease(_cf); (CF) = NULL; } +/* subject:/DC=com/DC=outsidevpntest/CN=Users/CN=certxauthsplit */ +/* issuer :/DC=com/DC=outsidevpntest/CN=outsidevpntest-SERVER02-CA */ +static uint8_t two_common_names[1427]={ + 0x30,0x82,0x05,0x8F,0x30,0x82,0x04,0x77,0xA0,0x03,0x02,0x01,0x02,0x02,0x0A,0x45, + 0x0F,0xA6,0x09,0x00,0x00,0x00,0x00,0x00,0x16,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48, + 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x5A,0x31,0x13,0x30,0x11,0x06,0x0A, + 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,0x16,0x03,0x63,0x6F,0x6D,0x31, + 0x1E,0x30,0x1C,0x06,0x0A,0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,0x16, + 0x0E,0x6F,0x75,0x74,0x73,0x69,0x64,0x65,0x76,0x70,0x6E,0x74,0x65,0x73,0x74,0x31, + 0x23,0x30,0x21,0x06,0x03,0x55,0x04,0x03,0x13,0x1A,0x6F,0x75,0x74,0x73,0x69,0x64, + 0x65,0x76,0x70,0x6E,0x74,0x65,0x73,0x74,0x2D,0x53,0x45,0x52,0x56,0x45,0x52,0x30, + 0x32,0x2D,0x43,0x41,0x30,0x1E,0x17,0x0D,0x31,0x32,0x30,0x39,0x30,0x36,0x30,0x33, + 0x30,0x32,0x30,0x30,0x5A,0x17,0x0D,0x31,0x33,0x30,0x39,0x30,0x36,0x30,0x33,0x30, + 0x32,0x30,0x30,0x5A,0x30,0x5E,0x31,0x13,0x30,0x11,0x06,0x0A,0x09,0x92,0x26,0x89, + 0x93,0xF2,0x2C,0x64,0x01,0x19,0x16,0x03,0x63,0x6F,0x6D,0x31,0x1E,0x30,0x1C,0x06, + 0x0A,0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,0x16,0x0E,0x6F,0x75,0x74, + 0x73,0x69,0x64,0x65,0x76,0x70,0x6E,0x74,0x65,0x73,0x74,0x31,0x0E,0x30,0x0C,0x06, + 0x03,0x55,0x04,0x03,0x13,0x05,0x55,0x73,0x65,0x72,0x73,0x31,0x17,0x30,0x15,0x06, + 0x03,0x55,0x04,0x03,0x13,0x0E,0x63,0x65,0x72,0x74,0x78,0x61,0x75,0x74,0x68,0x73, + 0x70,0x6C,0x69,0x74,0x30,0x81,0x9F,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, + 0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8D,0x00,0x30,0x81,0x89,0x02,0x81,0x81, + 0x00,0xB9,0xC7,0x0A,0x4A,0x2D,0xA4,0xD4,0x8F,0x0A,0xC3,0x49,0xDC,0xA0,0xE2,0x36, + 0x67,0x2E,0x0E,0xD2,0x02,0xA8,0x3B,0x23,0xDF,0xE4,0x67,0xCA,0x98,0xB9,0x37,0x10, + 0xF9,0x7D,0x76,0x40,0x3F,0xED,0xBE,0x0E,0x8C,0x3B,0x1A,0x91,0x61,0x37,0x5B,0x8E, + 0xDA,0xB5,0x98,0xD0,0x4A,0x2E,0x1B,0xB4,0xF8,0xBC,0xAB,0x5B,0x90,0xE7,0x46,0x3C, + 0xDC,0x62,0x0F,0xD0,0x97,0x28,0x15,0x91,0x2F,0xD5,0x33,0x63,0xA5,0x4F,0xD2,0x84, + 0x0D,0x7C,0xD0,0x8A,0x5B,0x20,0x23,0xF3,0xAA,0x1E,0xAC,0xB4,0x31,0xE3,0xAF,0x6C, + 0x51,0xBE,0xC1,0xBE,0xCE,0x12,0x34,0x6E,0x6D,0x09,0xB3,0x9D,0x88,0x6D,0x35,0x37, + 0xCB,0xDB,0x08,0xF3,0x55,0x98,0x62,0x75,0x93,0x6B,0x15,0xD0,0xF1,0xFC,0x59,0xB4, + 0x37,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x02,0xD5,0x30,0x82,0x02,0xD1,0x30,0x0E, + 0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x44, + 0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,0x04,0x37,0x30,0x35,0x30, + 0x0E,0x06,0x08,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,0x02,0x02,0x00,0x80,0x30, + 0x0E,0x06,0x08,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04,0x02,0x02,0x00,0x80,0x30, + 0x07,0x06,0x05,0x2B,0x0E,0x03,0x02,0x07,0x30,0x0A,0x06,0x08,0x2A,0x86,0x48,0x86, + 0xF7,0x0D,0x03,0x07,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xDD, + 0x63,0xE5,0xA8,0xBE,0x94,0x8D,0x3B,0xCF,0xDB,0x51,0x4A,0xAB,0x63,0xDC,0x5A,0x30, + 0x12,0x66,0x16,0x30,0x17,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02, + 0x04,0x0A,0x1E,0x08,0x00,0x55,0x00,0x73,0x00,0x65,0x00,0x72,0x30,0x1F,0x06,0x03, + 0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x13,0x9B,0xAB,0x61,0x39,0x5F,0x45, + 0x84,0xDB,0x37,0x72,0xD7,0xAC,0x67,0x19,0x26,0xBD,0x85,0x33,0xC0,0x30,0x81,0xE0, + 0x06,0x03,0x55,0x1D,0x1F,0x04,0x81,0xD8,0x30,0x81,0xD5,0x30,0x81,0xD2,0xA0,0x81, + 0xCF,0xA0,0x81,0xCC,0x86,0x81,0xC9,0x6C,0x64,0x61,0x70,0x3A,0x2F,0x2F,0x2F,0x43, + 0x4E,0x3D,0x6F,0x75,0x74,0x73,0x69,0x64,0x65,0x76,0x70,0x6E,0x74,0x65,0x73,0x74, + 0x2D,0x53,0x45,0x52,0x56,0x45,0x52,0x30,0x32,0x2D,0x43,0x41,0x2C,0x43,0x4E,0x3D, + 0x73,0x65,0x72,0x76,0x65,0x72,0x30,0x32,0x2C,0x43,0x4E,0x3D,0x43,0x44,0x50,0x2C, + 0x43,0x4E,0x3D,0x50,0x75,0x62,0x6C,0x69,0x63,0x25,0x32,0x30,0x4B,0x65,0x79,0x25, + 0x32,0x30,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x2C,0x43,0x4E,0x3D,0x53,0x65, + 0x72,0x76,0x69,0x63,0x65,0x73,0x2C,0x43,0x4E,0x3D,0x43,0x6F,0x6E,0x66,0x69,0x67, + 0x75,0x72,0x61,0x74,0x69,0x6F,0x6E,0x2C,0x44,0x43,0x3D,0x6F,0x75,0x74,0x73,0x69, + 0x64,0x65,0x76,0x70,0x6E,0x74,0x65,0x73,0x74,0x2C,0x44,0x43,0x3D,0x63,0x6F,0x6D, + 0x3F,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x52,0x65,0x76,0x6F, + 0x63,0x61,0x74,0x69,0x6F,0x6E,0x4C,0x69,0x73,0x74,0x3F,0x62,0x61,0x73,0x65,0x3F, + 0x6F,0x62,0x6A,0x65,0x63,0x74,0x43,0x6C,0x61,0x73,0x73,0x3D,0x63,0x52,0x4C,0x44, + 0x69,0x73,0x74,0x72,0x69,0x62,0x75,0x74,0x69,0x6F,0x6E,0x50,0x6F,0x69,0x6E,0x74, + 0x30,0x81,0xD3,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x81,0xC6, + 0x30,0x81,0xC3,0x30,0x81,0xC0,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, + 0x86,0x81,0xB3,0x6C,0x64,0x61,0x70,0x3A,0x2F,0x2F,0x2F,0x43,0x4E,0x3D,0x6F,0x75, + 0x74,0x73,0x69,0x64,0x65,0x76,0x70,0x6E,0x74,0x65,0x73,0x74,0x2D,0x53,0x45,0x52, + 0x56,0x45,0x52,0x30,0x32,0x2D,0x43,0x41,0x2C,0x43,0x4E,0x3D,0x41,0x49,0x41,0x2C, + 0x43,0x4E,0x3D,0x50,0x75,0x62,0x6C,0x69,0x63,0x25,0x32,0x30,0x4B,0x65,0x79,0x25, + 0x32,0x30,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x2C,0x43,0x4E,0x3D,0x53,0x65, + 0x72,0x76,0x69,0x63,0x65,0x73,0x2C,0x43,0x4E,0x3D,0x43,0x6F,0x6E,0x66,0x69,0x67, + 0x75,0x72,0x61,0x74,0x69,0x6F,0x6E,0x2C,0x44,0x43,0x3D,0x6F,0x75,0x74,0x73,0x69, + 0x64,0x65,0x76,0x70,0x6E,0x74,0x65,0x73,0x74,0x2C,0x44,0x43,0x3D,0x63,0x6F,0x6D, + 0x3F,0x63,0x41,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x3F,0x62, + 0x61,0x73,0x65,0x3F,0x6F,0x62,0x6A,0x65,0x63,0x74,0x43,0x6C,0x61,0x73,0x73,0x3D, + 0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x41,0x75,0x74, + 0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x29,0x06,0x03,0x55,0x1D,0x25,0x04,0x22,0x30, + 0x20,0x06,0x0A,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,0x06,0x08,0x2B, + 0x06,0x01,0x05,0x05,0x07,0x03,0x04,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03, + 0x02,0x30,0x3C,0x06,0x03,0x55,0x1D,0x11,0x04,0x35,0x30,0x33,0xA0,0x31,0x06,0x0A, + 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,0xA0,0x23,0x0C,0x21,0x63,0x65, + 0x72,0x74,0x78,0x61,0x75,0x74,0x68,0x73,0x70,0x6C,0x69,0x74,0x40,0x6F,0x75,0x74, + 0x73,0x69,0x64,0x65,0x76,0x70,0x6E,0x74,0x65,0x73,0x74,0x2E,0x63,0x6F,0x6D,0x30, + 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82, + 0x01,0x01,0x00,0x98,0xD5,0x24,0x83,0x28,0xC0,0xB5,0xE2,0xF9,0x22,0xE6,0xED,0x9C, + 0xC8,0xFB,0x07,0xB0,0x23,0x16,0xD0,0x62,0x32,0xF4,0xCC,0x71,0x00,0x31,0x48,0x8A, + 0x5D,0xFA,0xDC,0x80,0x49,0x35,0x38,0x16,0x81,0xA8,0xA8,0x01,0x69,0xC1,0x64,0xD9, + 0x64,0x72,0xC4,0xB3,0x24,0x02,0x7C,0xB8,0xD9,0x92,0xAA,0x28,0xB0,0x87,0x63,0x73, + 0x21,0xD7,0x4D,0x68,0x2D,0x99,0xF5,0x9B,0x10,0xD1,0x6B,0xF3,0xF8,0x1B,0x7B,0x73, + 0x2E,0x06,0xF1,0x17,0xCA,0xEE,0xAA,0xD7,0x6B,0x14,0x72,0x2E,0xA5,0x3C,0xC3,0x4A, + 0xFA,0x1C,0x28,0x72,0x16,0x08,0x33,0xF7,0x94,0xA1,0x30,0x94,0x37,0xF0,0xB3,0xAF, + 0xA5,0x49,0xD1,0x87,0xEB,0xD7,0xA0,0x3F,0xA7,0xDA,0x4D,0x70,0xFD,0xA9,0x53,0x82, + 0x1B,0xA7,0x6A,0xC8,0x3A,0x9D,0x9C,0x09,0x4D,0xD5,0xB1,0x71,0xFC,0xC4,0xC6,0x9D, + 0x9F,0xC5,0x16,0x13,0x7F,0x53,0x7C,0x5E,0x83,0xB0,0x8F,0xFA,0x24,0x9F,0xD3,0x2A, + 0x64,0x7E,0xA2,0x98,0x30,0x5B,0x7F,0x41,0x6C,0xE3,0xD4,0xE8,0x1E,0x18,0x2A,0x83, + 0x05,0x0F,0x0C,0x6A,0xF6,0x03,0xEB,0xF9,0x77,0x67,0xB9,0x4C,0xF7,0x98,0x45,0xC6, + 0x52,0x7E,0xF0,0xFA,0xAD,0x96,0xCC,0xA3,0x19,0xA7,0xF5,0x06,0x35,0x28,0x5E,0xE4, + 0xAC,0x8E,0x06,0x32,0xCC,0xEB,0xA6,0x0C,0x39,0xD3,0xF8,0xCF,0xA5,0xEC,0x87,0x74, + 0x58,0xFA,0xBE,0xB7,0x89,0xA3,0x4A,0xD6,0x62,0x9D,0x3E,0x37,0x5E,0x1E,0xC1,0x9F, + 0xBC,0xE0,0xF7,0x86,0xE2,0x6D,0xFF,0x71,0x9B,0x93,0xA8,0xEE,0xD8,0xA0,0x8C,0x1B, + 0x99,0x58,0xFC, +}; /* Test basic add delete update copy matching stuff. */ static void tests(void) @@ -787,11 +881,25 @@ errOut: CFReleaseSafe(cert6); } +static void test_common_name(void) { + SecCertificateRef cert = NULL; + CFStringRef commonName = NULL; + + require(cert = SecCertificateCreateWithBytes(NULL, two_common_names, sizeof(two_common_names)), errOut); + require_noerr(SecCertificateCopyCommonName(cert, &commonName), errOut); + is(CFStringCompare(commonName, CFSTR("certxauthsplit"), 0), kCFCompareEqualTo, "copy common name got the wrong name"); + +errOut: + CFReleaseSafe(commonName); + CFReleaseSafe(cert); +} + int si_15_certificate(int argc, char *const *argv) { - plan_tests(23); + plan_tests(24); tests(); + test_common_name(); return 0; } diff --git a/OSX/sec/Security/Regressions/secitem/si-16-ec-certificate.c b/OSX/sec/Security/Regressions/secitem/si-16-ec-certificate.c index 807bc7b1..0aff5eee 100644 --- a/OSX/sec/Security/Regressions/secitem/si-16-ec-certificate.c +++ b/OSX/sec/Security/Regressions/secitem/si-16-ec-certificate.c @@ -1082,7 +1082,7 @@ unsigned char secp521r1server_secp521r1ca_cer[714]={ static void test_trust_ok(const uint8_t *cert_data, size_t cert_len, const uint8_t *root_data, size_t root_len, const char *date_str, - CFStringRef testname, const char *directive, + CFStringRef CF_CONSUMED testname, const char *directive, const char *reason, const char *file, int line) { SecTrustResultType trustResult; SETUP: { diff --git a/OSX/sec/Security/Regressions/secitem/si-20-sectrust.c b/OSX/sec/Security/Regressions/secitem/si-20-sectrust.c index 5240ddbe..ba421bbc 100644 --- a/OSX/sec/Security/Regressions/secitem/si-20-sectrust.c +++ b/OSX/sec/Security/Regressions/secitem/si-20-sectrust.c @@ -1,7 +1,8 @@ /* - * Copyright (c) 2006-2010,2012-2015 Apple Inc. All Rights Reserved. + * Copyright (c) 2006-2010,2012-2016 Apple Inc. All Rights Reserved. */ +#include #include #include #include @@ -42,7 +43,7 @@ static void basic_tests(void) }; policy = SecPolicyCreateSSL(false, NULL); certs = CFArrayCreate(NULL, v_certs, - array_size(v_certs), NULL); + array_size(v_certs), &kCFTypeArrayCallBacks); /* SecTrustCreateWithCertificates failures. */ is_status(SecTrustCreateWithCertificates(kCFBooleanTrue, policy, &trust), @@ -152,7 +153,7 @@ SKIP: { CFReleaseNull(certs); isnt(cert_xedge2 = SecCertificateCreateWithBytes(NULL, xedge2_certificate, sizeof(xedge2_certificate)), NULL, "create cert_xedge2"); - certs = CFArrayCreate(NULL, (const void **)&cert_xedge2, 1, NULL); + certs = CFArrayCreate(NULL, (const void **)&cert_xedge2, 1, &kCFTypeArrayCallBacks); CFReleaseNull(trust); CFReleaseNull(policy); @@ -168,7 +169,7 @@ SKIP: { isnt(_root = SecCertificateCreateWithBytes(NULL, entrust1024RootCA, sizeof(entrust1024RootCA)), NULL, "create root"); const void *v_roots[] = { _root }; - isnt(_anchors = CFArrayCreate(NULL, v_roots, array_size(v_roots), NULL), + isnt(_anchors = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks), NULL, "create anchors"); if (!_anchors) { goto errOut; } ok_status(SecTrustSetAnchorCertificates(trust, _anchors), "set anchors"); @@ -251,7 +252,7 @@ SKIP: { server = true; isnt(garthc2 = SecCertificateCreateWithBytes(NULL, garthc2_certificate, sizeof(garthc2_certificate)), NULL, "create garthc2"); - certs = CFArrayCreate(NULL, (const void **)&garthc2, 1, NULL); + certs = CFArrayCreate(NULL, (const void **)&garthc2, 1, &kCFTypeArrayCallBacks); policy = SecPolicyCreateSSL(server, CFSTR("garthc2.apple.com")); ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust for ip server garthc2.apple.com"); @@ -290,7 +291,7 @@ static void negative_integer_tests(void) isnt(negIntSigLeaf = SecCertificateCreateWithBytes(NULL, _leaf_NegativeIntInSig, sizeof(_leaf_NegativeIntInSig)), NULL, "create negIntSigLeaf"); CFArrayRef certs = NULL; - isnt(certs = CFArrayCreate(NULL, &negIntSigLeaf, 1, NULL), NULL, "failed to create certs array"); + isnt(certs = CFArrayCreate(NULL, &negIntSigLeaf, 1, &kCFTypeArrayCallBacks), NULL, "failed to create certs array"); SecPolicyRef policy = NULL; isnt(policy = SecPolicyCreateiAP(), NULL, "failed to create policy"); SecTrustRef trust = NULL; @@ -301,7 +302,7 @@ static void negative_integer_tests(void) isnt(rootAACA2 = SecCertificateCreateWithBytes(NULL, _root_AACA2, sizeof(_root_AACA2)), NULL, "create rootAACA2"); CFArrayRef anchors = NULL; - isnt(anchors = CFArrayCreate(NULL, &rootAACA2, 1, NULL), NULL, "failed to create anchors array"); + isnt(anchors = CFArrayCreate(NULL, &rootAACA2, 1, &kCFTypeArrayCallBacks), NULL, "failed to create anchors array"); if (!anchors) { goto errOut; } ok_status(SecTrustSetAnchorCertificates(trust, anchors), "set anchor certificates"); @@ -325,7 +326,7 @@ static void rsa8k_tests(void) isnt(prt_forest_fi = SecCertificateCreateWithBytes(NULL, prt_forest_fi_certificate, sizeof(prt_forest_fi_certificate)), NULL, "create prt_forest_fi"); CFArrayRef certs = NULL; - isnt(certs = CFArrayCreate(NULL, &prt_forest_fi, 1, NULL), NULL, "failed to create cert array"); + isnt(certs = CFArrayCreate(NULL, &prt_forest_fi, 1, &kCFTypeArrayCallBacks), NULL, "failed to create cert array"); SecPolicyRef policy = NULL; isnt(policy = SecPolicyCreateSSL(false, CFSTR("owa.prt-forest.fi")), NULL, "failed to create policy"); SecTrustRef trust = NULL; @@ -355,9 +356,9 @@ static void date_tests(void) isnt(root = SecCertificateCreateWithBytes(NULL, longroot, sizeof(longroot)), NULL, "create root"); CFArrayRef certs = NULL; - isnt(certs = CFArrayCreate(NULL, &leaf, 1, NULL), NULL, "failed to create cert array"); + isnt(certs = CFArrayCreate(NULL, &leaf, 1, &kCFTypeArrayCallBacks), NULL, "failed to create cert array"); CFArrayRef anchors = NULL; - isnt(anchors = CFArrayCreate(NULL, &root, 1, NULL), NULL, "failed to create anchors array"); + isnt(anchors = CFArrayCreate(NULL, &root, 1, &kCFTypeArrayCallBacks), NULL, "failed to create anchors array"); SecPolicyRef policy = NULL; isnt(policy = SecPolicyCreateBasicX509(), NULL, "failed to create policy"); @@ -422,10 +423,10 @@ static bool test_chain_of_three(uint8_t *cert0, size_t cert0len, const void *v_certs[] = { secCert0, secCert1 }; CFArrayRef certs = NULL; - isnt(certs = CFArrayCreate(NULL, v_certs, sizeof(v_certs)/sizeof(*v_certs), NULL), + isnt(certs = CFArrayCreate(NULL, v_certs, sizeof(v_certs)/sizeof(*v_certs), &kCFTypeArrayCallBacks), NULL, "failed to create cert array"); CFArrayRef anchors = NULL; - isnt(anchors = CFArrayCreate(NULL, &secRoot, 1, NULL), NULL, "failed to create anchors array"); + isnt(anchors = CFArrayCreate(NULL, &secRoot, 1, &kCFTypeArrayCallBacks), NULL, "failed to create anchors array"); SecPolicyRef policy = NULL; isnt(policy = SecPolicyCreateBasicX509(), NULL, "failed to create policy"); @@ -502,12 +503,94 @@ static void ec_key_size_tests() { } +static void test_input_certificates() { + SecCertificateRef cert0 = NULL, cert1 = NULL; + SecPolicyRef policy = NULL; + SecTrustRef trust = NULL; + CFArrayRef certificates = NULL; + + require(cert0 = SecCertificateCreateWithBytes(NULL, _c0, sizeof(_c0)), errOut); + require(cert1 = SecCertificateCreateWithBytes(NULL, _c1, sizeof(_c1)), errOut); + require(policy = SecPolicyCreateBasicX509(), errOut); + require_noerr(SecTrustCreateWithCertificates(cert0, policy, &trust), errOut); + + ok_status(SecTrustCopyInputCertificates(trust, &certificates), "SecTrustCopyInputCertificates failed"); + is(CFArrayGetCount(certificates), 1, "got too many input certs back"); + is(CFArrayGetValueAtIndex(certificates, 0), cert0, "wrong input cert"); + CFReleaseNull(certificates); + + ok_status(SecTrustAddToInputCertificates(trust, cert1), "SecTrustAddToInputCertificates failed"); + ok_status(SecTrustCopyInputCertificates(trust, &certificates), "SecTrustCopyInputCertificates failed"); + is(CFArrayGetCount(certificates), 2, "got wrong number of input certs back"); + is(CFArrayGetValueAtIndex(certificates, 0), cert0, "wrong input cert0"); + is(CFArrayGetValueAtIndex(certificates, 1), cert1, "wrong input cert1"); + is(SecTrustGetCertificateCount(trust), 3, "output number of certs is 3"); + +errOut: + CFReleaseNull(cert0); + CFReleaseNull(cert1); + CFReleaseNull(policy); + CFReleaseNull(trust); + CFReleaseNull(certificates); +} + +static void test_async_trust() { + SecCertificateRef cert0 = NULL, cert1 = NULL; + SecPolicyRef policy = NULL; + SecTrustRef trust = NULL; + CFArrayRef certificates = NULL; + CFDateRef date = NULL; + + require(cert0 = SecCertificateCreateWithBytes(NULL, _c0, sizeof(_c0)), errOut); + require(cert1 = SecCertificateCreateWithBytes(NULL, _c1, sizeof(_c1)), errOut); + const void *v_certs[] = { + cert0, + cert1 + }; + certificates = CFArrayCreate(NULL, v_certs, + array_size(v_certs), + &kCFTypeArrayCallBacks); + + require(policy = SecPolicyCreateBasicX509(), errOut); + require_noerr(SecTrustCreateWithCertificates(certificates, policy, &trust), errOut); + + /* Jul 30 2014. */ + require(date = CFDateCreateForGregorianZuluMoment(NULL, 2014, 7, 30, 12, 0, 0), errOut); + require_noerr(SecTrustSetVerifyDate(trust, date), errOut); + + /* This shouldn't crash. */ + ok_status(SecTrustEvaluateAsync(trust, dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), + ^(SecTrustRef _Nonnull trustRef, SecTrustResultType trustResult) { + if ((trustResult == kSecTrustResultProceed) || + (trustResult == kSecTrustResultUnspecified)) + { + // Evaluation succeeded! + SecKeyRef publicKey = SecTrustCopyPublicKey(trustRef); + + CFReleaseSafe(publicKey); + + } else if (trustResult == kSecTrustResultRecoverableTrustFailure) { + // Evaluation failed, but may be able to recover . . . + } else { + // Evaluation failed + } + }), "evaluate trust asynchronously"); + CFReleaseNull(trust); + +errOut: + CFReleaseNull(cert0); + CFReleaseNull(cert1); + CFReleaseNull(policy); + CFReleaseNull(certificates); + CFReleaseNull(date); +} + int si_20_sectrust(int argc, char *const *argv) { #if TARGET_OS_IPHONE - plan_tests(101+9+(8*13)); + plan_tests(101+9+(8*13)+9+1); #else - plan_tests(97+9+(8*13)); + plan_tests(97+9+(8*13)+9+1); #endif basic_tests(); @@ -516,6 +599,8 @@ int si_20_sectrust(int argc, char *const *argv) date_tests(); rsa_key_size_tests(); ec_key_size_tests(); + test_input_certificates(); + test_async_trust(); return 0; } diff --git a/OSX/sec/Security/Regressions/secitem/si-29-sectrust-sha1-deprecation.h b/OSX/sec/Security/Regressions/secitem/si-29-sectrust-sha1-deprecation.h new file mode 100644 index 00000000..cf6d65dd --- /dev/null +++ b/OSX/sec/Security/Regressions/secitem/si-29-sectrust-sha1-deprecation.h @@ -0,0 +1,430 @@ +/* + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + */ + +#ifndef si_29_sectrust_sha1_deprecation_h +#define si_29_sectrust_sha1_deprecation_h + +/* subject:/C=US/ST=California/L=Walnut Creek/O=Lucas Garron/CN=*.badssl.com */ +/* issuer :/C=US/O=DigiCert Inc/CN=DigiCert Secure Server CA */ +unsigned char _badssl_sha1[1286]={ + 0x30,0x82,0x05,0x02,0x30,0x82,0x03,0xEA,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x0B, + 0xA1,0x28,0x31,0xAB,0x8A,0x7D,0x86,0x4E,0x61,0x59,0xDC,0x34,0xE7,0x5E,0x0D,0x30, + 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x48, + 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x15,0x30, + 0x13,0x06,0x03,0x55,0x04,0x0A,0x13,0x0C,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74, + 0x20,0x49,0x6E,0x63,0x31,0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x03,0x13,0x19,0x44, + 0x69,0x67,0x69,0x43,0x65,0x72,0x74,0x20,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53, + 0x65,0x72,0x76,0x65,0x72,0x20,0x43,0x41,0x30,0x1E,0x17,0x0D,0x31,0x35,0x30,0x36, + 0x30,0x39,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x31,0x37,0x30,0x31,0x30, + 0x35,0x31,0x32,0x30,0x30,0x30,0x30,0x5A,0x30,0x67,0x31,0x0B,0x30,0x09,0x06,0x03, + 0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x08, + 0x13,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x15,0x30,0x13, + 0x06,0x03,0x55,0x04,0x07,0x13,0x0C,0x57,0x61,0x6C,0x6E,0x75,0x74,0x20,0x43,0x72, + 0x65,0x65,0x6B,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x0A,0x13,0x0C,0x4C,0x75, + 0x63,0x61,0x73,0x20,0x47,0x61,0x72,0x72,0x6F,0x6E,0x31,0x15,0x30,0x13,0x06,0x03, + 0x55,0x04,0x03,0x0C,0x0C,0x2A,0x2E,0x62,0x61,0x64,0x73,0x73,0x6C,0x2E,0x63,0x6F, + 0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, + 0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01, + 0x01,0x00,0xC2,0x04,0xEC,0xF8,0x8C,0xEE,0x04,0xC2,0xB3,0xD8,0x50,0xD5,0x70,0x58, + 0xCC,0x93,0x18,0xEB,0x5C,0xA8,0x68,0x49,0xB0,0x22,0xB5,0xF9,0x95,0x9E,0xB1,0x2B, + 0x2C,0x76,0x3E,0x6C,0xC0,0x4B,0x60,0x4C,0x4C,0xEA,0xB2,0xB4,0xC0,0x0F,0x80,0xB6, + 0xB0,0xF9,0x72,0xC9,0x86,0x02,0xF9,0x5C,0x41,0x5D,0x13,0x2B,0x7F,0x71,0xC4,0x4B, + 0xBC,0xE9,0x94,0x2E,0x50,0x37,0xA6,0x67,0x1C,0x61,0x8C,0xF6,0x41,0x42,0xC5,0x46, + 0xD3,0x16,0x87,0x27,0x9F,0x74,0xEB,0x0A,0x9D,0x11,0x52,0x26,0x21,0x73,0x6C,0x84, + 0x4C,0x79,0x55,0xE4,0xD1,0x6B,0xE8,0x06,0x3D,0x48,0x15,0x52,0xAD,0xB3,0x28,0xDB, + 0xAA,0xFF,0x6E,0xFF,0x60,0x95,0x4A,0x77,0x6B,0x39,0xF1,0x24,0xD1,0x31,0xB6,0xDD, + 0x4D,0xC0,0xC4,0xFC,0x53,0xB9,0x6D,0x42,0xAD,0xB5,0x7C,0xFE,0xAE,0xF5,0x15,0xD2, + 0x33,0x48,0xE7,0x22,0x71,0xC7,0xC2,0x14,0x7A,0x6C,0x28,0xEA,0x37,0x4A,0xDF,0xEA, + 0x6C,0xB5,0x72,0xB4,0x7E,0x5A,0xA2,0x16,0xDC,0x69,0xB1,0x57,0x44,0xDB,0x0A,0x12, + 0xAB,0xDE,0xC3,0x0F,0x47,0x74,0x5C,0x41,0x22,0xE1,0x9A,0xF9,0x1B,0x93,0xE6,0xAD, + 0x22,0x06,0x29,0x2E,0xB1,0xBA,0x49,0x1C,0x0C,0x27,0x9E,0xA3,0xFB,0x8B,0xF7,0x40, + 0x72,0x00,0xAC,0x92,0x08,0xD9,0x8C,0x57,0x84,0x53,0x81,0x05,0xCB,0xE6,0xFE,0x6B, + 0x54,0x98,0x40,0x27,0x85,0xC7,0x10,0xBB,0x73,0x70,0xEF,0x69,0x18,0x41,0x07,0x45, + 0x55,0x7C,0xF9,0x64,0x3F,0x3D,0x2C,0xC3,0xA9,0x7C,0xEB,0x93,0x1A,0x4C,0x86,0xD1, + 0xCA,0x85,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0xC7,0x30,0x82,0x01,0xC3,0x30, + 0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x90,0x71,0xDB,0x37, + 0xEB,0x73,0xC8,0xEF,0xDC,0xD5,0x1E,0x12,0xB6,0x34,0xBA,0x2B,0x5A,0xA0,0xA6,0x92, + 0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x9D,0xEE,0xC1,0x7B,0x81, + 0x0B,0x3A,0x47,0x69,0x71,0x18,0x7D,0x11,0x37,0x93,0xBC,0xA5,0x1B,0x3F,0xFB,0x30, + 0x23,0x06,0x03,0x55,0x1D,0x11,0x04,0x1C,0x30,0x1A,0x82,0x0A,0x62,0x61,0x64,0x73, + 0x73,0x6C,0x2E,0x63,0x6F,0x6D,0x82,0x0C,0x2A,0x2E,0x62,0x61,0x64,0x73,0x73,0x6C, + 0x2E,0x63,0x6F,0x6D,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04, + 0x03,0x02,0x05,0xA0,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04,0x16,0x30,0x14,0x06, + 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x08,0x2B,0x06,0x01,0x05,0x05, + 0x07,0x03,0x01,0x30,0x61,0x06,0x03,0x55,0x1D,0x1F,0x04,0x5A,0x30,0x58,0x30,0x2A, + 0xA0,0x28,0xA0,0x26,0x86,0x24,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C, + 0x33,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x73, + 0x73,0x63,0x61,0x2D,0x67,0x37,0x2E,0x63,0x72,0x6C,0x30,0x2A,0xA0,0x28,0xA0,0x26, + 0x86,0x24,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x34,0x2E,0x64,0x69, + 0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x73,0x73,0x63,0x61,0x2D, + 0x67,0x37,0x2E,0x63,0x72,0x6C,0x30,0x42,0x06,0x03,0x55,0x1D,0x20,0x04,0x3B,0x30, + 0x39,0x30,0x37,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xFD,0x6C,0x01,0x01,0x30,0x2A, + 0x30,0x28,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1C,0x68,0x74, + 0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x64,0x69,0x67,0x69,0x63,0x65, + 0x72,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x50,0x53,0x30,0x78,0x06,0x08,0x2B,0x06, + 0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x6C,0x30,0x6A,0x30,0x24,0x06,0x08,0x2B,0x06, + 0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x18,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F, + 0x63,0x73,0x70,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D, + 0x30,0x42,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x36,0x68,0x74, + 0x74,0x70,0x3A,0x2F,0x2F,0x63,0x61,0x63,0x65,0x72,0x74,0x73,0x2E,0x64,0x69,0x67, + 0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x44,0x69,0x67,0x69,0x43,0x65, + 0x72,0x74,0x53,0x65,0x63,0x75,0x72,0x65,0x53,0x65,0x72,0x76,0x65,0x72,0x43,0x41, + 0x2E,0x63,0x72,0x74,0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x02, + 0x30,0x00,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05, + 0x00,0x03,0x82,0x01,0x01,0x00,0x63,0x5C,0x60,0xD0,0xDB,0x4D,0x93,0xF9,0xAE,0x41, + 0xF0,0x4E,0xBF,0xFF,0x2A,0x11,0x6A,0x5E,0x15,0x5C,0x95,0x61,0x95,0x04,0x6A,0xD8, + 0x0E,0xA1,0xA2,0x80,0x12,0x4A,0x9E,0x15,0x3B,0x80,0x7A,0x4F,0xAA,0x49,0xCB,0x86, + 0xDA,0xD8,0xAF,0xF1,0xE2,0x87,0x36,0xA3,0xE6,0xDB,0xCA,0x98,0xDF,0x5A,0x3C,0x5C, + 0xDF,0x95,0x1C,0xA7,0xE9,0xCB,0xB2,0xD9,0xF5,0xE2,0x20,0x5C,0x4D,0xF4,0xD3,0x6D, + 0xCE,0x4A,0xE9,0xE2,0x20,0x32,0x29,0x0C,0x1B,0x60,0x01,0x9B,0xEA,0xDB,0x84,0xEF, + 0x1B,0xBD,0xA7,0xC7,0x4B,0x20,0x5F,0xD9,0x9D,0x1B,0xDB,0xEB,0x82,0x79,0x3E,0xDF, + 0xFD,0xDA,0xCF,0xFD,0x8C,0x50,0x1B,0xDD,0x6F,0x71,0x82,0x92,0x23,0x03,0x64,0xF0, + 0x00,0x57,0x28,0xFA,0x8B,0x03,0x3F,0xB9,0xCC,0x90,0x40,0x93,0xBB,0x70,0xC8,0x56, + 0x59,0xA8,0x4D,0x6A,0x77,0x94,0xAA,0x15,0xEE,0x5E,0x13,0x10,0xC8,0x07,0xC4,0xCD, + 0xC7,0xFA,0x24,0x25,0xFB,0xDB,0x8A,0x1C,0xB2,0x2E,0xA1,0x52,0xB9,0x28,0x3F,0xD8, + 0x50,0x22,0xB2,0x04,0x0C,0xB4,0x81,0x83,0xB8,0xC3,0x4A,0x0C,0xF9,0xB2,0xAC,0x89, + 0x5C,0xDD,0x04,0xE6,0x26,0xFA,0xF5,0x09,0x5E,0x34,0xCD,0x4C,0xE0,0xAB,0x02,0xBB, + 0x98,0x63,0x7E,0x07,0x57,0x6E,0xAA,0x61,0x8A,0x53,0xFC,0x3E,0x95,0x77,0x84,0x8C, + 0x4D,0x4B,0x5F,0x6E,0xA3,0x38,0x06,0x0E,0x82,0x63,0x57,0xA1,0x22,0x87,0x95,0x12, + 0x71,0xA1,0x84,0x61,0xBA,0xF1,0x0B,0x07,0xB4,0x01,0x32,0x68,0x14,0x29,0xC9,0x58, + 0x3A,0x57,0xE6,0x5C,0x21,0x78, +}; + +/* subject:/C=US/O=DigiCert Inc/CN=DigiCert Secure Server CA */ +/* issuer :/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA */ +unsigned char _digiCertSSCA[1171]={ + 0x30,0x82,0x04,0x8F,0x30,0x82,0x03,0x77,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x06, + 0x9E,0x1D,0xB7,0x7F,0xCF,0x1D,0xFB,0xA9,0x7A,0xF5,0xE5,0xC9,0xA2,0x40,0x37,0x30, + 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x61, + 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x15,0x30, + 0x13,0x06,0x03,0x55,0x04,0x0A,0x13,0x0C,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74, + 0x20,0x49,0x6E,0x63,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0B,0x13,0x10,0x77, + 0x77,0x77,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x31, + 0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x03,0x13,0x17,0x44,0x69,0x67,0x69,0x43,0x65, + 0x72,0x74,0x20,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43, + 0x41,0x30,0x1E,0x17,0x0D,0x31,0x33,0x30,0x33,0x30,0x38,0x31,0x32,0x30,0x30,0x30, + 0x30,0x5A,0x17,0x0D,0x32,0x33,0x30,0x33,0x30,0x38,0x31,0x32,0x30,0x30,0x30,0x30, + 0x5A,0x30,0x48,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53, + 0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x0A,0x13,0x0C,0x44,0x69,0x67,0x69,0x43, + 0x65,0x72,0x74,0x20,0x49,0x6E,0x63,0x31,0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x03, + 0x13,0x19,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74,0x20,0x53,0x65,0x63,0x75,0x72, + 0x65,0x20,0x53,0x65,0x72,0x76,0x65,0x72,0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30, + 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82, + 0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xBB,0x57,0xE4,0x21, + 0xA9,0xD5,0x9B,0x60,0x37,0x7E,0x8E,0xA1,0x61,0x7F,0x81,0xE2,0x1A,0xC2,0x75,0x64, + 0xD9,0x91,0x50,0x0B,0xE4,0x36,0x44,0x24,0x6E,0x30,0xD2,0x9B,0x7A,0x27,0xFA,0xC2, + 0x6A,0xAE,0x6A,0x70,0x09,0x38,0xB9,0x20,0x0A,0xC8,0x65,0x10,0x4A,0x88,0xAC,0x31, + 0xF2,0xDC,0x92,0xF2,0x63,0xA1,0x5D,0x80,0x63,0x59,0x80,0x92,0x23,0x1C,0xE6,0xEF, + 0x76,0x4A,0x50,0x35,0xC9,0xD8,0x71,0x38,0xB9,0xED,0xF0,0xE6,0x42,0xAE,0xD3,0x38, + 0x26,0x79,0x30,0xF9,0x22,0x94,0xC6,0xDB,0xA6,0x3F,0x41,0x78,0x90,0xD8,0xDE,0x5C, + 0x7E,0x69,0x7D,0xF8,0x90,0x15,0x3A,0xD0,0xA1,0xA0,0xBE,0xFA,0xB2,0xB2,0x19,0xA1, + 0xD8,0x2B,0xD1,0xCE,0xBF,0x6B,0xDD,0x49,0xAB,0xA3,0x92,0xFE,0xB5,0xAB,0xC8,0xC1, + 0x3E,0xEE,0x01,0x00,0xD8,0xA9,0x44,0xB8,0x42,0x73,0x88,0xC3,0x61,0xF5,0xAB,0x4A, + 0x83,0x28,0x0A,0xD2,0xD4,0x49,0xFA,0x6A,0xB1,0xCD,0xDF,0x57,0x2C,0x94,0xE5,0xE2, + 0xCA,0x83,0x5F,0xB7,0xBA,0x62,0x5C,0x2F,0x68,0xA5,0xF0,0xC0,0xB9,0xFD,0x2B,0xD1, + 0xE9,0x1F,0xD8,0x1A,0x62,0x15,0xBD,0xFF,0x3D,0xA6,0xF7,0xCB,0xEF,0xE6,0xDB,0x65, + 0x2F,0x25,0x38,0xEC,0xFB,0xE6,0x20,0x66,0x58,0x96,0x34,0x19,0xD2,0x15,0xCE,0x21, + 0xD3,0x24,0xCC,0xD9,0x14,0x6F,0xD8,0xFE,0x55,0xC7,0xE7,0x6F,0xB6,0x0F,0x1A,0x8C, + 0x49,0xBE,0x29,0xF2,0xBA,0x5A,0x9A,0x81,0x26,0x37,0x24,0x6F,0xD7,0x48,0x12,0x6C, + 0x2E,0x59,0xF5,0x9C,0x18,0xBB,0xD9,0xF6,0x68,0xE2,0xDF,0x45,0x02,0x03,0x01,0x00, + 0x01,0xA3,0x82,0x01,0x5A,0x30,0x82,0x01,0x56,0x30,0x12,0x06,0x03,0x55,0x1D,0x13, + 0x01,0x01,0xFF,0x04,0x08,0x30,0x06,0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x0E,0x06, + 0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x34,0x06, + 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x28,0x30,0x26,0x30,0x24,0x06, + 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x18,0x68,0x74,0x74,0x70,0x3A, + 0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E, + 0x63,0x6F,0x6D,0x30,0x7B,0x06,0x03,0x55,0x1D,0x1F,0x04,0x74,0x30,0x72,0x30,0x37, + 0xA0,0x35,0xA0,0x33,0x86,0x31,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C, + 0x33,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x44, + 0x69,0x67,0x69,0x43,0x65,0x72,0x74,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x52,0x6F,0x6F, + 0x74,0x43,0x41,0x2E,0x63,0x72,0x6C,0x30,0x37,0xA0,0x35,0xA0,0x33,0x86,0x31,0x68, + 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x34,0x2E,0x64,0x69,0x67,0x69,0x63, + 0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74, + 0x47,0x6C,0x6F,0x62,0x61,0x6C,0x52,0x6F,0x6F,0x74,0x43,0x41,0x2E,0x63,0x72,0x6C, + 0x30,0x3D,0x06,0x03,0x55,0x1D,0x20,0x04,0x36,0x30,0x34,0x30,0x32,0x06,0x04,0x55, + 0x1D,0x20,0x00,0x30,0x2A,0x30,0x28,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02, + 0x01,0x16,0x1C,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x64, + 0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x50,0x53,0x30, + 0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x90,0x71,0xDB,0x37,0xEB,0x73, + 0xC8,0xEF,0xDC,0xD5,0x1E,0x12,0xB6,0x34,0xBA,0x2B,0x5A,0xA0,0xA6,0x92,0x30,0x1F, + 0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x03,0xDE,0x50,0x35,0x56, + 0xD1,0x4C,0xBB,0x66,0xF0,0xA3,0xE2,0x1B,0x1B,0xC3,0x97,0xB2,0x3D,0xD1,0x55,0x30, + 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82, + 0x01,0x01,0x00,0x30,0xCE,0xD1,0x95,0x51,0x00,0xAE,0x06,0x0B,0xA1,0x0E,0x02,0xC0, + 0x17,0xAC,0xB6,0x7F,0x8F,0x20,0xF6,0x40,0x75,0x74,0x1C,0xCC,0x78,0xB1,0xA4,0x4F, + 0xEA,0xF4,0xD0,0xC4,0x9D,0xA2,0xDE,0x81,0x07,0x26,0x1F,0x40,0x88,0x51,0xF0,0x1F, + 0xCF,0xB7,0x4C,0x40,0x99,0xD0,0xF4,0x3C,0x71,0x98,0x73,0x88,0x97,0x2C,0x19,0xD7, + 0x6E,0x84,0x8F,0xA4,0x1F,0x9C,0x5A,0x20,0xE3,0x51,0x5C,0xB0,0xC5,0x9E,0x99,0x6A, + 0x4F,0xC8,0x69,0xF7,0x10,0xFF,0x4E,0xAD,0x19,0xD9,0xC9,0x58,0xB3,0x33,0xAE,0x0C, + 0xD9,0x96,0x29,0x9E,0x71,0xB2,0x70,0x63,0xA3,0xB6,0x99,0x16,0x42,0x1D,0x65,0xF3, + 0xF7,0xA0,0x1E,0x7D,0xC5,0xD4,0x65,0x14,0xB2,0x62,0x84,0xD4,0x6C,0x5C,0x08,0x0C, + 0xD8,0x6C,0x93,0x2B,0xB4,0x76,0x59,0x8A,0xD1,0x7F,0xFF,0x03,0xD8,0xC2,0x5D,0xB8, + 0x2F,0x22,0xD6,0x38,0xF0,0xF6,0x9C,0x6B,0x7D,0x46,0xEB,0x99,0x74,0xF7,0xEB,0x4A, + 0x0E,0xA9,0xA6,0x04,0xEB,0x7B,0xCE,0xF0,0x5C,0x6B,0x98,0x31,0x5A,0x98,0x40,0xEB, + 0x69,0xC4,0x05,0xF4,0x20,0xA8,0xCA,0x08,0x3A,0x65,0x6C,0x38,0x15,0xF5,0x5C,0x2C, + 0xB2,0x55,0xE4,0x2C,0x6B,0x41,0xF0,0xBE,0x5C,0x46,0xCA,0x4A,0x29,0xA0,0x48,0x5E, + 0x20,0xD2,0x45,0xFF,0x05,0xDE,0x34,0xAF,0x70,0x4B,0x81,0x39,0xE2,0xCA,0x07,0x57, + 0x7C,0xB6,0x31,0xDC,0x21,0x29,0xE2,0xBE,0x97,0x0E,0x77,0x90,0x14,0x51,0x40,0xE1, + 0xBF,0xE3,0xCC,0x1B,0x19,0x9C,0x25,0xCA,0xA7,0x06,0xB2,0x53,0xDF,0x23,0xB2,0xCF, + 0x12,0x19,0xA3, +}; + +/* subject:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA */ +/* issuer :/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA */ +unsigned char _digiCertRoot[947]={ + 0x30,0x82,0x03,0xAF,0x30,0x82,0x02,0x97,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x08, + 0x3B,0xE0,0x56,0x90,0x42,0x46,0xB1,0xA1,0x75,0x6A,0xC9,0x59,0x91,0xC7,0x4A,0x30, + 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x61, + 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x15,0x30, + 0x13,0x06,0x03,0x55,0x04,0x0A,0x13,0x0C,0x44,0x69,0x67,0x69,0x43,0x65,0x72,0x74, + 0x20,0x49,0x6E,0x63,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0B,0x13,0x10,0x77, + 0x77,0x77,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x31, + 0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x03,0x13,0x17,0x44,0x69,0x67,0x69,0x43,0x65, + 0x72,0x74,0x20,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43, + 0x41,0x30,0x1E,0x17,0x0D,0x30,0x36,0x31,0x31,0x31,0x30,0x30,0x30,0x30,0x30,0x30, + 0x30,0x5A,0x17,0x0D,0x33,0x31,0x31,0x31,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x30, + 0x5A,0x30,0x61,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53, + 0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x0A,0x13,0x0C,0x44,0x69,0x67,0x69,0x43, + 0x65,0x72,0x74,0x20,0x49,0x6E,0x63,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0B, + 0x13,0x10,0x77,0x77,0x77,0x2E,0x64,0x69,0x67,0x69,0x63,0x65,0x72,0x74,0x2E,0x63, + 0x6F,0x6D,0x31,0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x03,0x13,0x17,0x44,0x69,0x67, + 0x69,0x43,0x65,0x72,0x74,0x20,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x20,0x52,0x6F,0x6F, + 0x74,0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86, + 0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A, + 0x02,0x82,0x01,0x01,0x00,0xE2,0x3B,0xE1,0x11,0x72,0xDE,0xA8,0xA4,0xD3,0xA3,0x57, + 0xAA,0x50,0xA2,0x8F,0x0B,0x77,0x90,0xC9,0xA2,0xA5,0xEE,0x12,0xCE,0x96,0x5B,0x01, + 0x09,0x20,0xCC,0x01,0x93,0xA7,0x4E,0x30,0xB7,0x53,0xF7,0x43,0xC4,0x69,0x00,0x57, + 0x9D,0xE2,0x8D,0x22,0xDD,0x87,0x06,0x40,0x00,0x81,0x09,0xCE,0xCE,0x1B,0x83,0xBF, + 0xDF,0xCD,0x3B,0x71,0x46,0xE2,0xD6,0x66,0xC7,0x05,0xB3,0x76,0x27,0x16,0x8F,0x7B, + 0x9E,0x1E,0x95,0x7D,0xEE,0xB7,0x48,0xA3,0x08,0xDA,0xD6,0xAF,0x7A,0x0C,0x39,0x06, + 0x65,0x7F,0x4A,0x5D,0x1F,0xBC,0x17,0xF8,0xAB,0xBE,0xEE,0x28,0xD7,0x74,0x7F,0x7A, + 0x78,0x99,0x59,0x85,0x68,0x6E,0x5C,0x23,0x32,0x4B,0xBF,0x4E,0xC0,0xE8,0x5A,0x6D, + 0xE3,0x70,0xBF,0x77,0x10,0xBF,0xFC,0x01,0xF6,0x85,0xD9,0xA8,0x44,0x10,0x58,0x32, + 0xA9,0x75,0x18,0xD5,0xD1,0xA2,0xBE,0x47,0xE2,0x27,0x6A,0xF4,0x9A,0x33,0xF8,0x49, + 0x08,0x60,0x8B,0xD4,0x5F,0xB4,0x3A,0x84,0xBF,0xA1,0xAA,0x4A,0x4C,0x7D,0x3E,0xCF, + 0x4F,0x5F,0x6C,0x76,0x5E,0xA0,0x4B,0x37,0x91,0x9E,0xDC,0x22,0xE6,0x6D,0xCE,0x14, + 0x1A,0x8E,0x6A,0xCB,0xFE,0xCD,0xB3,0x14,0x64,0x17,0xC7,0x5B,0x29,0x9E,0x32,0xBF, + 0xF2,0xEE,0xFA,0xD3,0x0B,0x42,0xD4,0xAB,0xB7,0x41,0x32,0xDA,0x0C,0xD4,0xEF,0xF8, + 0x81,0xD5,0xBB,0x8D,0x58,0x3F,0xB5,0x1B,0xE8,0x49,0x28,0xA2,0x70,0xDA,0x31,0x04, + 0xDD,0xF7,0xB2,0x16,0xF2,0x4C,0x0A,0x4E,0x07,0xA8,0xED,0x4A,0x3D,0x5E,0xB5,0x7F, + 0xA3,0x90,0xC3,0xAF,0x27,0x02,0x03,0x01,0x00,0x01,0xA3,0x63,0x30,0x61,0x30,0x0E, + 0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x0F, + 0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30, + 0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x03,0xDE,0x50,0x35,0x56,0xD1, + 0x4C,0xBB,0x66,0xF0,0xA3,0xE2,0x1B,0x1B,0xC3,0x97,0xB2,0x3D,0xD1,0x55,0x30,0x1F, + 0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x03,0xDE,0x50,0x35,0x56, + 0xD1,0x4C,0xBB,0x66,0xF0,0xA3,0xE2,0x1B,0x1B,0xC3,0x97,0xB2,0x3D,0xD1,0x55,0x30, + 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82, + 0x01,0x01,0x00,0xCB,0x9C,0x37,0xAA,0x48,0x13,0x12,0x0A,0xFA,0xDD,0x44,0x9C,0x4F, + 0x52,0xB0,0xF4,0xDF,0xAE,0x04,0xF5,0x79,0x79,0x08,0xA3,0x24,0x18,0xFC,0x4B,0x2B, + 0x84,0xC0,0x2D,0xB9,0xD5,0xC7,0xFE,0xF4,0xC1,0x1F,0x58,0xCB,0xB8,0x6D,0x9C,0x7A, + 0x74,0xE7,0x98,0x29,0xAB,0x11,0xB5,0xE3,0x70,0xA0,0xA1,0xCD,0x4C,0x88,0x99,0x93, + 0x8C,0x91,0x70,0xE2,0xAB,0x0F,0x1C,0xBE,0x93,0xA9,0xFF,0x63,0xD5,0xE4,0x07,0x60, + 0xD3,0xA3,0xBF,0x9D,0x5B,0x09,0xF1,0xD5,0x8E,0xE3,0x53,0xF4,0x8E,0x63,0xFA,0x3F, + 0xA7,0xDB,0xB4,0x66,0xDF,0x62,0x66,0xD6,0xD1,0x6E,0x41,0x8D,0xF2,0x2D,0xB5,0xEA, + 0x77,0x4A,0x9F,0x9D,0x58,0xE2,0x2B,0x59,0xC0,0x40,0x23,0xED,0x2D,0x28,0x82,0x45, + 0x3E,0x79,0x54,0x92,0x26,0x98,0xE0,0x80,0x48,0xA8,0x37,0xEF,0xF0,0xD6,0x79,0x60, + 0x16,0xDE,0xAC,0xE8,0x0E,0xCD,0x6E,0xAC,0x44,0x17,0x38,0x2F,0x49,0xDA,0xE1,0x45, + 0x3E,0x2A,0xB9,0x36,0x53,0xCF,0x3A,0x50,0x06,0xF7,0x2E,0xE8,0xC4,0x57,0x49,0x6C, + 0x61,0x21,0x18,0xD5,0x04,0xAD,0x78,0x3C,0x2C,0x3A,0x80,0x6B,0xA7,0xEB,0xAF,0x15, + 0x14,0xE9,0xD8,0x89,0xC1,0xB9,0x38,0x6C,0xE2,0x91,0x6C,0x8A,0xFF,0x64,0xB9,0x77, + 0x25,0x57,0x30,0xC0,0x1B,0x24,0xA3,0xE1,0xDC,0xE9,0xDF,0x47,0x7C,0xB5,0xB4,0x24, + 0x08,0x05,0x30,0xEC,0x2D,0xBD,0x0B,0xBF,0x45,0xBF,0x50,0xB9,0xA9,0xF3,0xEB,0x98, + 0x01,0x12,0xAD,0xC8,0x88,0xC6,0x98,0x34,0x5F,0x8D,0x0A,0x3C,0xC6,0xE9,0xD5,0x95, + 0x95,0x6D,0xDE, +}; + +/* subject:/OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.badssl.com */ +/* issuer :/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA */ +unsigned char _badssl_sha2[1359]={ + 0x30,0x82,0x05,0x4B,0x30,0x82,0x04,0x33,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x4C, + 0x8E,0x18,0x71,0x4B,0x34,0xE7,0x5E,0x8D,0xAE,0xFB,0xE8,0xF6,0x4C,0x3A,0x82,0x30, + 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x81, + 0x90,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x47,0x42,0x31,0x1B, + 0x30,0x19,0x06,0x03,0x55,0x04,0x08,0x13,0x12,0x47,0x72,0x65,0x61,0x74,0x65,0x72, + 0x20,0x4D,0x61,0x6E,0x63,0x68,0x65,0x73,0x74,0x65,0x72,0x31,0x10,0x30,0x0E,0x06, + 0x03,0x55,0x04,0x07,0x13,0x07,0x53,0x61,0x6C,0x66,0x6F,0x72,0x64,0x31,0x1A,0x30, + 0x18,0x06,0x03,0x55,0x04,0x0A,0x13,0x11,0x43,0x4F,0x4D,0x4F,0x44,0x4F,0x20,0x43, + 0x41,0x20,0x4C,0x69,0x6D,0x69,0x74,0x65,0x64,0x31,0x36,0x30,0x34,0x06,0x03,0x55, + 0x04,0x03,0x13,0x2D,0x43,0x4F,0x4D,0x4F,0x44,0x4F,0x20,0x52,0x53,0x41,0x20,0x44, + 0x6F,0x6D,0x61,0x69,0x6E,0x20,0x56,0x61,0x6C,0x69,0x64,0x61,0x74,0x69,0x6F,0x6E, + 0x20,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53,0x65,0x72,0x76,0x65,0x72,0x20,0x43, + 0x41,0x30,0x1E,0x17,0x0D,0x31,0x36,0x30,0x37,0x30,0x37,0x30,0x30,0x30,0x30,0x30, + 0x30,0x5A,0x17,0x0D,0x31,0x37,0x30,0x39,0x30,0x35,0x32,0x33,0x35,0x39,0x35,0x39, + 0x5A,0x30,0x59,0x31,0x21,0x30,0x1F,0x06,0x03,0x55,0x04,0x0B,0x13,0x18,0x44,0x6F, + 0x6D,0x61,0x69,0x6E,0x20,0x43,0x6F,0x6E,0x74,0x72,0x6F,0x6C,0x20,0x56,0x61,0x6C, + 0x69,0x64,0x61,0x74,0x65,0x64,0x31,0x1D,0x30,0x1B,0x06,0x03,0x55,0x04,0x0B,0x13, + 0x14,0x50,0x6F,0x73,0x69,0x74,0x69,0x76,0x65,0x53,0x53,0x4C,0x20,0x57,0x69,0x6C, + 0x64,0x63,0x61,0x72,0x64,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x03,0x0C,0x0C, + 0x2A,0x2E,0x62,0x61,0x64,0x73,0x73,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0x22, + 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03, + 0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xC2,0x04,0xEC, + 0xF8,0x8C,0xEE,0x04,0xC2,0xB3,0xD8,0x50,0xD5,0x70,0x58,0xCC,0x93,0x18,0xEB,0x5C, + 0xA8,0x68,0x49,0xB0,0x22,0xB5,0xF9,0x95,0x9E,0xB1,0x2B,0x2C,0x76,0x3E,0x6C,0xC0, + 0x4B,0x60,0x4C,0x4C,0xEA,0xB2,0xB4,0xC0,0x0F,0x80,0xB6,0xB0,0xF9,0x72,0xC9,0x86, + 0x02,0xF9,0x5C,0x41,0x5D,0x13,0x2B,0x7F,0x71,0xC4,0x4B,0xBC,0xE9,0x94,0x2E,0x50, + 0x37,0xA6,0x67,0x1C,0x61,0x8C,0xF6,0x41,0x42,0xC5,0x46,0xD3,0x16,0x87,0x27,0x9F, + 0x74,0xEB,0x0A,0x9D,0x11,0x52,0x26,0x21,0x73,0x6C,0x84,0x4C,0x79,0x55,0xE4,0xD1, + 0x6B,0xE8,0x06,0x3D,0x48,0x15,0x52,0xAD,0xB3,0x28,0xDB,0xAA,0xFF,0x6E,0xFF,0x60, + 0x95,0x4A,0x77,0x6B,0x39,0xF1,0x24,0xD1,0x31,0xB6,0xDD,0x4D,0xC0,0xC4,0xFC,0x53, + 0xB9,0x6D,0x42,0xAD,0xB5,0x7C,0xFE,0xAE,0xF5,0x15,0xD2,0x33,0x48,0xE7,0x22,0x71, + 0xC7,0xC2,0x14,0x7A,0x6C,0x28,0xEA,0x37,0x4A,0xDF,0xEA,0x6C,0xB5,0x72,0xB4,0x7E, + 0x5A,0xA2,0x16,0xDC,0x69,0xB1,0x57,0x44,0xDB,0x0A,0x12,0xAB,0xDE,0xC3,0x0F,0x47, + 0x74,0x5C,0x41,0x22,0xE1,0x9A,0xF9,0x1B,0x93,0xE6,0xAD,0x22,0x06,0x29,0x2E,0xB1, + 0xBA,0x49,0x1C,0x0C,0x27,0x9E,0xA3,0xFB,0x8B,0xF7,0x40,0x72,0x00,0xAC,0x92,0x08, + 0xD9,0x8C,0x57,0x84,0x53,0x81,0x05,0xCB,0xE6,0xFE,0x6B,0x54,0x98,0x40,0x27,0x85, + 0xC7,0x10,0xBB,0x73,0x70,0xEF,0x69,0x18,0x41,0x07,0x45,0x55,0x7C,0xF9,0x64,0x3F, + 0x3D,0x2C,0xC3,0xA9,0x7C,0xEB,0x93,0x1A,0x4C,0x86,0xD1,0xCA,0x85,0x02,0x03,0x01, + 0x00,0x01,0xA3,0x82,0x01,0xD5,0x30,0x82,0x01,0xD1,0x30,0x1F,0x06,0x03,0x55,0x1D, + 0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x90,0xAF,0x6A,0x3A,0x94,0x5A,0x0B,0xD8,0x90, + 0xEA,0x12,0x56,0x73,0xDF,0x43,0xB4,0x3A,0x28,0xDA,0xE7,0x30,0x1D,0x06,0x03,0x55, + 0x1D,0x0E,0x04,0x16,0x04,0x14,0x9D,0xEE,0xC1,0x7B,0x81,0x0B,0x3A,0x47,0x69,0x71, + 0x18,0x7D,0x11,0x37,0x93,0xBC,0xA5,0x1B,0x3F,0xFB,0x30,0x0E,0x06,0x03,0x55,0x1D, + 0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x0C,0x06,0x03,0x55,0x1D, + 0x13,0x01,0x01,0xFF,0x04,0x02,0x30,0x00,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04, + 0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B, + 0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x30,0x4F,0x06,0x03,0x55,0x1D,0x20,0x04,0x48, + 0x30,0x46,0x30,0x3A,0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0xB2,0x31,0x01,0x02,0x02, + 0x07,0x30,0x2B,0x30,0x29,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16, + 0x1D,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x73,0x65,0x63,0x75,0x72,0x65,0x2E, + 0x63,0x6F,0x6D,0x6F,0x64,0x6F,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x50,0x53,0x30,0x08, + 0x06,0x06,0x67,0x81,0x0C,0x01,0x02,0x01,0x30,0x54,0x06,0x03,0x55,0x1D,0x1F,0x04, + 0x4D,0x30,0x4B,0x30,0x49,0xA0,0x47,0xA0,0x45,0x86,0x43,0x68,0x74,0x74,0x70,0x3A, + 0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x63,0x6F,0x6D,0x6F,0x64,0x6F,0x63,0x61,0x2E,0x63, + 0x6F,0x6D,0x2F,0x43,0x4F,0x4D,0x4F,0x44,0x4F,0x52,0x53,0x41,0x44,0x6F,0x6D,0x61, + 0x69,0x6E,0x56,0x61,0x6C,0x69,0x64,0x61,0x74,0x69,0x6F,0x6E,0x53,0x65,0x63,0x75, + 0x72,0x65,0x53,0x65,0x72,0x76,0x65,0x72,0x43,0x41,0x2E,0x63,0x72,0x6C,0x30,0x81, + 0x85,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x79,0x30,0x77,0x30, + 0x4F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x43,0x68,0x74,0x74, + 0x70,0x3A,0x2F,0x2F,0x63,0x72,0x74,0x2E,0x63,0x6F,0x6D,0x6F,0x64,0x6F,0x63,0x61, + 0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x4F,0x4D,0x4F,0x44,0x4F,0x52,0x53,0x41,0x44,0x6F, + 0x6D,0x61,0x69,0x6E,0x56,0x61,0x6C,0x69,0x64,0x61,0x74,0x69,0x6F,0x6E,0x53,0x65, + 0x63,0x75,0x72,0x65,0x53,0x65,0x72,0x76,0x65,0x72,0x43,0x41,0x2E,0x63,0x72,0x74, + 0x30,0x24,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x18,0x68,0x74, + 0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E,0x63,0x6F,0x6D,0x6F,0x64,0x6F, + 0x63,0x61,0x2E,0x63,0x6F,0x6D,0x30,0x23,0x06,0x03,0x55,0x1D,0x11,0x04,0x1C,0x30, + 0x1A,0x82,0x0C,0x2A,0x2E,0x62,0x61,0x64,0x73,0x73,0x6C,0x2E,0x63,0x6F,0x6D,0x82, + 0x0A,0x62,0x61,0x64,0x73,0x73,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x06,0x09,0x2A, + 0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x75, + 0x48,0x83,0x88,0x9C,0x55,0x24,0x37,0x30,0x07,0xEB,0x26,0x68,0xC8,0x79,0x1C,0x5C, + 0xAE,0x9A,0x02,0x9A,0xB5,0x52,0x75,0x44,0xAC,0xA9,0xED,0x59,0x65,0xD0,0xC6,0x47, + 0x26,0x04,0x8D,0x57,0x89,0x16,0x2E,0x71,0x18,0x48,0x98,0x68,0x1C,0xF6,0x31,0xF5, + 0x26,0x4B,0xE8,0x81,0x44,0xB1,0xFF,0x5C,0x65,0x3D,0x78,0x54,0x94,0xC3,0x86,0x9D, + 0x48,0x96,0xE8,0x32,0xAF,0xE1,0x8F,0x94,0x47,0xBE,0x37,0x8C,0xC3,0xED,0x4D,0x97, + 0xBB,0xC6,0x2A,0x37,0x72,0x01,0x3A,0x8F,0x82,0xA4,0x34,0x44,0xC4,0xC4,0xF8,0x50, + 0x24,0x48,0x9E,0x19,0xF0,0xEC,0xE1,0xC6,0x13,0x44,0x26,0xB6,0x65,0xE1,0x62,0x49, + 0x87,0xA4,0xF4,0xD8,0xC4,0x39,0x3C,0x7D,0x42,0xC8,0xA4,0x2A,0x54,0x05,0xA0,0xDC, + 0x0A,0xF8,0x2B,0x22,0x94,0x93,0x78,0x4E,0x6A,0x36,0x1B,0xD2,0xE7,0xE9,0xAE,0x84, + 0xED,0x13,0x1D,0xA1,0xF7,0xA2,0x83,0x81,0x03,0x4C,0x9E,0x21,0xFB,0xBF,0xA8,0x30, + 0xFE,0xEB,0x00,0x68,0xB1,0x7F,0xBA,0x5D,0xE2,0x5D,0xFF,0x41,0x1F,0xD6,0xF5,0xA6, + 0x5C,0x8A,0xEF,0x81,0x80,0xC8,0xF1,0x52,0x00,0x17,0x9D,0xD1,0x96,0x1A,0x7D,0x5E, + 0xD2,0x83,0xB3,0x82,0xC2,0x3D,0x46,0x83,0xA5,0x1E,0xB4,0x36,0x35,0x38,0xC4,0x7A, + 0x2E,0xDF,0x0B,0xA1,0x98,0x63,0x58,0x0B,0x1E,0xD0,0x6D,0x83,0x1F,0xF1,0x72,0x4D, + 0x09,0xAC,0x96,0x1A,0x0B,0xE5,0xF6,0x34,0x4C,0xAB,0xBC,0xBC,0x99,0x5B,0x82,0x59, + 0xE6,0x6C,0xD3,0xDB,0x98,0xE0,0xCE,0x95,0x3B,0xCF,0x4E,0x17,0xC3,0xEE,0x3A, +}; + +/* subject:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA */ +/* issuer :/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority */ +unsigned char _COMODO_DV[1548]={ + 0x30,0x82,0x06,0x08,0x30,0x82,0x03,0xF0,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x2B, + 0x2E,0x6E,0xEA,0xD9,0x75,0x36,0x6C,0x14,0x8A,0x6E,0xDB,0xA3,0x7C,0x8C,0x07,0x30, + 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,0x05,0x00,0x30,0x81, + 0x85,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x47,0x42,0x31,0x1B, + 0x30,0x19,0x06,0x03,0x55,0x04,0x08,0x13,0x12,0x47,0x72,0x65,0x61,0x74,0x65,0x72, + 0x20,0x4D,0x61,0x6E,0x63,0x68,0x65,0x73,0x74,0x65,0x72,0x31,0x10,0x30,0x0E,0x06, + 0x03,0x55,0x04,0x07,0x13,0x07,0x53,0x61,0x6C,0x66,0x6F,0x72,0x64,0x31,0x1A,0x30, + 0x18,0x06,0x03,0x55,0x04,0x0A,0x13,0x11,0x43,0x4F,0x4D,0x4F,0x44,0x4F,0x20,0x43, + 0x41,0x20,0x4C,0x69,0x6D,0x69,0x74,0x65,0x64,0x31,0x2B,0x30,0x29,0x06,0x03,0x55, + 0x04,0x03,0x13,0x22,0x43,0x4F,0x4D,0x4F,0x44,0x4F,0x20,0x52,0x53,0x41,0x20,0x43, + 0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74, + 0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x1E,0x17,0x0D,0x31,0x34,0x30,0x32,0x31,0x32, + 0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x32,0x39,0x30,0x32,0x31,0x31,0x32, + 0x33,0x35,0x39,0x35,0x39,0x5A,0x30,0x81,0x90,0x31,0x0B,0x30,0x09,0x06,0x03,0x55, + 0x04,0x06,0x13,0x02,0x47,0x42,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x08,0x13, + 0x12,0x47,0x72,0x65,0x61,0x74,0x65,0x72,0x20,0x4D,0x61,0x6E,0x63,0x68,0x65,0x73, + 0x74,0x65,0x72,0x31,0x10,0x30,0x0E,0x06,0x03,0x55,0x04,0x07,0x13,0x07,0x53,0x61, + 0x6C,0x66,0x6F,0x72,0x64,0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x0A,0x13,0x11, + 0x43,0x4F,0x4D,0x4F,0x44,0x4F,0x20,0x43,0x41,0x20,0x4C,0x69,0x6D,0x69,0x74,0x65, + 0x64,0x31,0x36,0x30,0x34,0x06,0x03,0x55,0x04,0x03,0x13,0x2D,0x43,0x4F,0x4D,0x4F, + 0x44,0x4F,0x20,0x52,0x53,0x41,0x20,0x44,0x6F,0x6D,0x61,0x69,0x6E,0x20,0x56,0x61, + 0x6C,0x69,0x64,0x61,0x74,0x69,0x6F,0x6E,0x20,0x53,0x65,0x63,0x75,0x72,0x65,0x20, + 0x53,0x65,0x72,0x76,0x65,0x72,0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,0x0D,0x06, + 0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F, + 0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0x8E,0xC2,0x02,0x19,0xE1,0xA0, + 0x59,0xA4,0xEB,0x38,0x35,0x8D,0x2C,0xFD,0x01,0xD0,0xD3,0x49,0xC0,0x64,0xC7,0x0B, + 0x62,0x05,0x45,0x16,0x3A,0xA8,0xA0,0xC0,0x0C,0x02,0x7F,0x1D,0xCC,0xDB,0xC4,0xA1, + 0x6D,0x77,0x03,0xA3,0x0F,0x86,0xF9,0xE3,0x06,0x9C,0x3E,0x0B,0x81,0x8A,0x9B,0x49, + 0x1B,0xAD,0x03,0xBE,0xFA,0x4B,0xDB,0x8C,0x20,0xED,0xD5,0xCE,0x5E,0x65,0x8E,0x3E, + 0x0D,0xAF,0x4C,0xC2,0xB0,0xB7,0x45,0x5E,0x52,0x2F,0x34,0xDE,0x48,0x24,0x64,0xB4, + 0x41,0xAE,0x00,0x97,0xF7,0xBE,0x67,0xDE,0x9E,0xD0,0x7A,0xA7,0x53,0x80,0x3B,0x7C, + 0xAD,0xF5,0x96,0x55,0x6F,0x97,0x47,0x0A,0x7C,0x85,0x8B,0x22,0x97,0x8D,0xB3,0x84, + 0xE0,0x96,0x57,0xD0,0x70,0x18,0x60,0x96,0x8F,0xEE,0x2D,0x07,0x93,0x9D,0xA1,0xBA, + 0xCA,0xD1,0xCD,0x7B,0xE9,0xC4,0x2A,0x9A,0x28,0x21,0x91,0x4D,0x6F,0x92,0x4F,0x25, + 0xA5,0xF2,0x7A,0x35,0xDD,0x26,0xDC,0x46,0xA5,0xD0,0xAC,0x59,0x35,0x8C,0xFF,0x4E, + 0x91,0x43,0x50,0x3F,0x59,0x93,0x1E,0x6C,0x51,0x21,0xEE,0x58,0x14,0xAB,0xFE,0x75, + 0x50,0x78,0x3E,0x4C,0xB0,0x1C,0x86,0x13,0xFA,0x6B,0x98,0xBC,0xE0,0x3B,0x94,0x1E, + 0x85,0x52,0xDC,0x03,0x93,0x24,0x18,0x6E,0xCB,0x27,0x51,0x45,0xE6,0x70,0xDE,0x25, + 0x43,0xA4,0x0D,0xE1,0x4A,0xA5,0xED,0xB6,0x7E,0xC8,0xCD,0x6D,0xEE,0x2E,0x1D,0x27, + 0x73,0x5D,0xDC,0x45,0x30,0x80,0xAA,0xE3,0xB2,0x41,0x0B,0xAF,0xBD,0x44,0x87,0xDA, + 0xB9,0xE5,0x1B,0x9D,0x7F,0xAE,0xE5,0x85,0x82,0xA5,0x02,0x03,0x01,0x00,0x01,0xA3, + 0x82,0x01,0x65,0x30,0x82,0x01,0x61,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18, + 0x30,0x16,0x80,0x14,0xBB,0xAF,0x7E,0x02,0x3D,0xFA,0xA6,0xF1,0x3C,0x84,0x8E,0xAD, + 0xEE,0x38,0x98,0xEC,0xD9,0x32,0x32,0xD4,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04, + 0x16,0x04,0x14,0x90,0xAF,0x6A,0x3A,0x94,0x5A,0x0B,0xD8,0x90,0xEA,0x12,0x56,0x73, + 0xDF,0x43,0xB4,0x3A,0x28,0xDA,0xE7,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01, + 0xFF,0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01, + 0xFF,0x04,0x08,0x30,0x06,0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x1D,0x06,0x03,0x55, + 0x1D,0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, + 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x30,0x1B,0x06,0x03,0x55,0x1D, + 0x20,0x04,0x14,0x30,0x12,0x30,0x06,0x06,0x04,0x55,0x1D,0x20,0x00,0x30,0x08,0x06, + 0x06,0x67,0x81,0x0C,0x01,0x02,0x01,0x30,0x4C,0x06,0x03,0x55,0x1D,0x1F,0x04,0x45, + 0x30,0x43,0x30,0x41,0xA0,0x3F,0xA0,0x3D,0x86,0x3B,0x68,0x74,0x74,0x70,0x3A,0x2F, + 0x2F,0x63,0x72,0x6C,0x2E,0x63,0x6F,0x6D,0x6F,0x64,0x6F,0x63,0x61,0x2E,0x63,0x6F, + 0x6D,0x2F,0x43,0x4F,0x4D,0x4F,0x44,0x4F,0x52,0x53,0x41,0x43,0x65,0x72,0x74,0x69, + 0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74, + 0x79,0x2E,0x63,0x72,0x6C,0x30,0x71,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01, + 0x01,0x04,0x65,0x30,0x63,0x30,0x3B,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30, + 0x02,0x86,0x2F,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x74,0x2E,0x63,0x6F, + 0x6D,0x6F,0x64,0x6F,0x63,0x61,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x4F,0x4D,0x4F,0x44, + 0x4F,0x52,0x53,0x41,0x41,0x64,0x64,0x54,0x72,0x75,0x73,0x74,0x43,0x41,0x2E,0x63, + 0x72,0x74,0x30,0x24,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x18, + 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E,0x63,0x6F,0x6D,0x6F, + 0x64,0x6F,0x63,0x61,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86, + 0xF7,0x0D,0x01,0x01,0x0C,0x05,0x00,0x03,0x82,0x02,0x01,0x00,0x4E,0x2B,0x76,0x4F, + 0x92,0x1C,0x62,0x36,0x89,0xBA,0x77,0xC1,0x27,0x05,0xF4,0x1C,0xD6,0x44,0x9D,0xA9, + 0x9A,0x3E,0xAA,0xD5,0x66,0x66,0x01,0x3E,0xEA,0x49,0xE6,0xA2,0x35,0xBC,0xFA,0xF6, + 0xDD,0x95,0x8E,0x99,0x35,0x98,0x0E,0x36,0x18,0x75,0xB1,0xDD,0xDD,0x50,0x72,0x7C, + 0xAE,0xDC,0x77,0x88,0xCE,0x0F,0xF7,0x90,0x20,0xCA,0xA3,0x67,0x2E,0x1F,0x56,0x7F, + 0x7B,0xE1,0x44,0xEA,0x42,0x95,0xC4,0x5D,0x0D,0x01,0x50,0x46,0x15,0xF2,0x81,0x89, + 0x59,0x6C,0x8A,0xDD,0x8C,0xF1,0x12,0xA1,0x8D,0x3A,0x42,0x8A,0x98,0xF8,0x4B,0x34, + 0x7B,0x27,0x3B,0x08,0xB4,0x6F,0x24,0x3B,0x72,0x9D,0x63,0x74,0x58,0x3C,0x1A,0x6C, + 0x3F,0x4F,0xC7,0x11,0x9A,0xC8,0xA8,0xF5,0xB5,0x37,0xEF,0x10,0x45,0xC6,0x6C,0xD9, + 0xE0,0x5E,0x95,0x26,0xB3,0xEB,0xAD,0xA3,0xB9,0xEE,0x7F,0x0C,0x9A,0x66,0x35,0x73, + 0x32,0x60,0x4E,0xE5,0xDD,0x8A,0x61,0x2C,0x6E,0x52,0x11,0x77,0x68,0x96,0xD3,0x18, + 0x75,0x51,0x15,0x00,0x1B,0x74,0x88,0xDD,0xE1,0xC7,0x38,0x04,0x43,0x28,0xE9,0x16, + 0xFD,0xD9,0x05,0xD4,0x5D,0x47,0x27,0x60,0xD6,0xFB,0x38,0x3B,0x6C,0x72,0xA2,0x94, + 0xF8,0x42,0x1A,0xDF,0xED,0x6F,0x06,0x8C,0x45,0xC2,0x06,0x00,0xAA,0xE4,0xE8,0xDC, + 0xD9,0xB5,0xE1,0x73,0x78,0xEC,0xF6,0x23,0xDC,0xD1,0xDD,0x6C,0x8E,0x1A,0x8F,0xA5, + 0xEA,0x54,0x7C,0x96,0xB7,0xC3,0xFE,0x55,0x8E,0x8D,0x49,0x5E,0xFC,0x64,0xBB,0xCF, + 0x3E,0xBD,0x96,0xEB,0x69,0xCD,0xBF,0xE0,0x48,0xF1,0x62,0x82,0x10,0xE5,0x0C,0x46, + 0x57,0xF2,0x33,0xDA,0xD0,0xC8,0x63,0xED,0xC6,0x1F,0x94,0x05,0x96,0x4A,0x1A,0x91, + 0xD1,0xF7,0xEB,0xCF,0x8F,0x52,0xAE,0x0D,0x08,0xD9,0x3E,0xA8,0xA0,0x51,0xE9,0xC1, + 0x87,0x74,0xD5,0xC9,0xF7,0x74,0xAB,0x2E,0x53,0xFB,0xBB,0x7A,0xFB,0x97,0xE2,0xF8, + 0x1F,0x26,0x8F,0xB3,0xD2,0xA0,0xE0,0x37,0x5B,0x28,0x3B,0x31,0xE5,0x0E,0x57,0x2D, + 0x5A,0xB8,0xAD,0x79,0xAC,0x5E,0x20,0x66,0x1A,0xA5,0xB9,0xA6,0xB5,0x39,0xC1,0xF5, + 0x98,0x43,0xFF,0xEE,0xF9,0xA7,0xA7,0xFD,0xEE,0xCA,0x24,0x3D,0x80,0x16,0xC4,0x17, + 0x8F,0x8A,0xC1,0x60,0xA1,0x0C,0xAE,0x5B,0x43,0x47,0x91,0x4B,0xD5,0x9A,0x17,0x5F, + 0xF9,0xD4,0x87,0xC1,0xC2,0x8C,0xB7,0xE7,0xE2,0x0F,0x30,0x19,0x37,0x86,0xAC,0xE0, + 0xDC,0x42,0x03,0xE6,0x94,0xA8,0x9D,0xAE,0xFD,0x0F,0x24,0x51,0x94,0xCE,0x92,0x08, + 0xD1,0xFC,0x50,0xF0,0x03,0x40,0x7B,0x88,0x59,0xED,0x0E,0xDD,0xAC,0xD2,0x77,0x82, + 0x34,0xDC,0x06,0x95,0x02,0xD8,0x90,0xF9,0x2D,0xEA,0x37,0xD5,0x1A,0x60,0xD0,0x67, + 0x20,0xD7,0xD8,0x42,0x0B,0x45,0xAF,0x82,0x68,0xDE,0xDD,0x66,0x24,0x37,0x90,0x29, + 0x94,0x19,0x46,0x19,0x25,0xB8,0x80,0xD7,0xCB,0xD4,0x86,0x28,0x6A,0x44,0x70,0x26, + 0x23,0x62,0xA9,0x9F,0x86,0x6F,0xBF,0xBA,0x90,0x70,0xD2,0x56,0x77,0x85,0x78,0xEF, + 0xEA,0x25,0xA9,0x17,0xCE,0x50,0x72,0x8C,0x00,0x3A,0xAA,0xE3,0xDB,0x63,0x34,0x9F, + 0xF8,0x06,0x71,0x01,0xE2,0x82,0x20,0xD4,0xFE,0x6F,0xBD,0xB1, +}; + +#endif /* si_29_sectrust_sha1_deprecation_h */ diff --git a/OSX/sec/Security/Regressions/secitem/si-29-sectrust-sha1-deprecation.m b/OSX/sec/Security/Regressions/secitem/si-29-sectrust-sha1-deprecation.m new file mode 100644 index 00000000..58c29a71 --- /dev/null +++ b/OSX/sec/Security/Regressions/secitem/si-29-sectrust-sha1-deprecation.m @@ -0,0 +1,185 @@ +/* + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + */ + +#include +#import +#include +#include +#include +#include +#include +#include +#include + +#if TARGET_OS_IPHONE +#include +#else +#include +#endif + +#include "shared_regressions.h" + +#include "si-29-sectrust-sha1-deprecation.h" + +#import + +static SecCertificateRef sha1_root = NULL; + +#if TARGET_OS_IPHONE +static SecTrustStoreRef defaultStore = NULL; +#else +#define kSystemLoginKeychainPath "/Library/Keychains/System.keychain" +static NSMutableArray *deleteMeCertificates = NULL; +#endif + + +static void setup_globals(void) { + + sha1_root = SecCertificateCreateWithBytes(NULL, _digiCertRoot, sizeof(_digiCertRoot)); + +#if TARGET_OS_IPHONE + defaultStore = SecTrustStoreForDomain(kSecTrustStoreDomainUser); +#else + /* Since we're putting trust settings in the admin domain, + * we need to add the certs to the system keychain. */ + SecKeychainRef kcRef = NULL; + CFArrayRef certRef = NULL; + NSDictionary *attrs = nil; + + SecKeychainOpen(kSystemLoginKeychainPath, &kcRef); + if (!kcRef) { + goto out; + } + + deleteMeCertificates = [[NSMutableArray alloc] init]; + + attrs = @{(__bridge NSString*)kSecValueRef: (__bridge id)sha1_root, + (__bridge NSString*)kSecUseKeychain: (__bridge id)kcRef, + (__bridge NSString*)kSecReturnPersistentRef: @YES}; + if (SecItemAdd((CFDictionaryRef)attrs, (void *)&certRef) == 0) + [deleteMeCertificates addObject:(__bridge NSArray *)certRef]; + CFReleaseNull(certRef); + + out: + CFReleaseNull(kcRef); +#endif +} + +static void cleanup_globals(void) { +#if !TARGET_OS_IPHONE + [deleteMeCertificates enumerateObjectsUsingBlock:^(id _Nonnull obj, NSUInteger idx, BOOL * _Nonnull stop) { + SecItemDelete((CFDictionaryRef)@{ (__bridge NSString*)kSecValuePersistentRef: [obj objectAtIndex:0]}); + }]; +#endif + + CFReleaseNull(sha1_root); +} + + +static void setTrust(SecTrustRef *trust, NSArray *certs, SecPolicyRef policy) +{ + // November 4, 2016 at 5:53:20 PM PDT + NSDate *verifyDate = [NSDate dateWithTimeIntervalSinceReferenceDate:500000000.0]; + CFReleaseNull(*trust); + require_noerr_string(SecTrustCreateWithCertificates((__bridge CFArrayRef)certs, policy, trust), cleanup, "failed to create trust"); + require_noerr_string(SecTrustSetVerifyDate(*trust, (__bridge CFDateRef)verifyDate), + cleanup, "failed to set verify date"); +cleanup: + return; +} + +static void tests(void) +{ + SecCertificateRef sha1_leaf = NULL, sha1_int = NULL, + sha2_leaf = NULL, sha2_int = NULL; + NSArray *anchors = nil, *sha1_certs = nil, *sha2_certs = nil; + SecPolicyRef serverPolicy = NULL, clientPolicy = NULL; + SecTrustRef trust = NULL; + SecTrustResultType trustResult = kSecTrustResultInvalid; + + sha1_leaf = SecCertificateCreateWithBytes(NULL, _badssl_sha1, sizeof(_badssl_sha1)); + sha1_int = SecCertificateCreateWithBytes(NULL, _digiCertSSCA, sizeof(_digiCertSSCA)); + sha2_leaf = SecCertificateCreateWithBytes(NULL, _badssl_sha2, sizeof(_badssl_sha2)); + sha2_int = SecCertificateCreateWithBytes(NULL, _COMODO_DV, sizeof(_COMODO_DV)); + + /* SHA1 cert from system roots fails SSL server policy*/ + sha1_certs = @[ (__bridge id)sha1_leaf, (__bridge id)sha1_int]; + serverPolicy = SecPolicyCreateSSL(true, CFSTR("www.badssl.com")); + setTrust(&trust, sha1_certs, serverPolicy); + require_noerr_string(SecTrustEvaluate(trust, &trustResult), cleanup, "failed to evaluate trust"); + is(trustResult, kSecTrustResultRecoverableTrustFailure, "reject test: system-trusted SHA-1 SSL server"); + + /* Add trust setting for root */ +#if TARGET_OS_IPHONE + require_noerr_string(SecTrustStoreSetTrustSettings(defaultStore, sha1_root, NULL), + cleanup, "failed to set trust settings"); +#else + require_noerr_string(SecTrustSettingsSetTrustSettings(sha1_root, kSecTrustSettingsDomainAdmin, + NULL), + cleanup, "failed to set trust settings"); + usleep(20000); +#endif + + /* SHA1 cert now passes SSL server*/ + setTrust(&trust, sha1_certs, serverPolicy); + require_noerr_string(SecTrustEvaluate(trust, &trustResult), cleanup, "failed to evaluate trust"); + is(trustResult, kSecTrustResultUnspecified, "accept test: user-trusted SHA-1 SSL server"); + + /* Remove trust setting for root */ +#if TARGET_OS_IPHONE + require_noerr_string(SecTrustStoreRemoveCertificate(defaultStore, sha1_root), + cleanup, "failed to remove trust settings"); +#else + require_noerr_string(SecTrustSettingsRemoveTrustSettings(sha1_root, kSecTrustSettingsDomainAdmin), + cleanup, "failed to remove trust settings"); +#endif + + /* SHA1 cert fails SSL server */ + setTrust(&trust, sha1_certs, serverPolicy); + require_noerr_string(SecTrustEvaluate(trust, &trustResult), cleanup, "failed to evaluate trust"); + is(trustResult, kSecTrustResultRecoverableTrustFailure, "reject test: system-trusted SHA-1 SSL server"); + + /* Set anchor for root */ + require_quiet(sha1_root, cleanup); + anchors = @[(__bridge id)sha1_root]; + require_noerr_string(SecTrustSetAnchorCertificates(trust, (__bridge CFArrayRef)anchors), cleanup, "failed to set anchors"); + + /* SHA1 cert passes SSL server */ + require_noerr_string(SecTrustEvaluate(trust, &trustResult), cleanup, "failed to evaluate trust"); + is(trustResult, kSecTrustResultUnspecified, "accept test: app-trusted SHA-1 SSL server"); + + /* SHA1 cert from system root passes SSL client */ + clientPolicy = SecPolicyCreateSSL(false, CFSTR("www.badssl.com")); + setTrust(&trust, sha1_certs, clientPolicy); + require_noerr_string(SecTrustEvaluate(trust, &trustResult), cleanup, "failed to evaluate trust"); + is(trustResult, kSecTrustResultUnspecified, "accept test: system-trusted SHA-1 SSL client"); + + /* SHA256 cert from system root passes SSL server */ + sha2_certs = @[ (__bridge id)sha2_leaf, (__bridge id)sha2_int]; + setTrust(&trust, sha2_certs, serverPolicy); + require_noerr_string(SecTrustEvaluate(trust, &trustResult), cleanup, "failed to evaluate trust"); + is(trustResult, kSecTrustResultUnspecified, "accept test: system-trusted SHA2 SSL server"); + +cleanup: + CFReleaseNull(sha1_leaf); + CFReleaseNull(sha1_int); + CFReleaseNull(sha2_leaf); + CFReleaseNull(sha2_int); + CFReleaseNull(serverPolicy); + CFReleaseNull(clientPolicy); + CFReleaseNull(trust); +} + +int si_29_sectrust_sha1_deprecation(int argc, char *const *argv) +{ + plan_tests(6); + + @autoreleasepool { + setup_globals(); + tests(); + cleanup_globals(); + } + + return 0; +} diff --git a/OSX/sec/Security/Regressions/secitem/si-40-seckey.c b/OSX/sec/Security/Regressions/secitem/si-40-seckey.c index 531912b5..a00e17c1 100644 --- a/OSX/sec/Security/Regressions/secitem/si-40-seckey.c +++ b/OSX/sec/Security/Regressions/secitem/si-40-seckey.c @@ -348,7 +348,7 @@ static void testkeygen(size_t keySizeInBits) { #define kKeyGen2TestCount 12 static void testkeygen2(size_t keySizeInBits) { SecKeyRef pubKey = NULL, privKey = NULL; - size_t keySizeInBytes = (keySizeInBits + 7) / 8; + int32_t keySizeInBytes = (int32_t)((keySizeInBits + 7) / 8); CFNumberRef kzib; CFUUIDRef ourUUID = CFUUIDCreate(kCFAllocatorDefault); @@ -378,8 +378,8 @@ static void testkeygen2(size_t keySizeInBits) { OSStatus status; ok_status(status = SecKeyGeneratePair(kgp, &pubKey, &privKey), - "Generate %ld bit (%ld byte) persistent RSA keypair", - keySizeInBits, keySizeInBytes); + "Generate %d bit (%d byte) persistent RSA keypair", + (int)keySizeInBits, (int)keySizeInBytes); CFRelease(kzib); CFRelease(kgp); @@ -440,7 +440,7 @@ static const int kTestSupportedCount = 3 + (4 * 11) + 2 + (4 * 5); static void testsupportedalgos(size_t keySizeInBits) { SecKeyRef pubKey = NULL, privKey = NULL; - size_t keySizeInBytes = (keySizeInBits + 7) / 8; + int32_t keySizeInBytes = (int)((keySizeInBits + 7) / 8); CFNumberRef kzib; int32_t iKeySizeInBits = (int32_t) keySizeInBits; @@ -451,8 +451,8 @@ static void testsupportedalgos(size_t keySizeInBits) OSStatus status; ok_status(status = SecKeyGeneratePair(kgp, &pubKey, &privKey), - "Generate %ld bit (%ld byte) persistent RSA keypair", - keySizeInBits, keySizeInBytes); + "Generate %d bit (%d byte) persistent RSA keypair", + (int)keySizeInBits, (int)keySizeInBytes); CFRelease(kzib); CFRelease(kgp); diff --git a/OSX/sec/Security/Regressions/secitem/si-62-csr.c b/OSX/sec/Security/Regressions/secitem/si-62-csr.c index 13ac8169..239c51b0 100644 --- a/OSX/sec/Security/Regressions/secitem/si-62-csr.c +++ b/OSX/sec/Security/Regressions/secitem/si-62-csr.c @@ -37,7 +37,7 @@ #include #include -#include "Security_regressions.h" +#include "shared_regressions.h" #include __unused static inline void write_data(const char * path, CFDataRef data) @@ -52,12 +52,15 @@ static void tests(void) { SecKeyRef phone_publicKey = NULL, phone_privateKey = NULL; SecKeyRef ca_publicKey = NULL, ca_privateKey = NULL; + + int keysize = 2048; + CFNumberRef key_size_num = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &keysize); const void *keygen_keys[] = { kSecAttrKeyType, kSecAttrKeySizeInBits }; - const void *keygen_vals[] = { kSecAttrKeyTypeRSA, CFSTR("512") }; + const void *keygen_vals[] = { kSecAttrKeyTypeRSA, key_size_num }; CFDictionaryRef parameters = CFDictionaryCreate(kCFAllocatorDefault, keygen_keys, keygen_vals, array_size(keygen_vals), &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks ); - + CFReleaseNull(key_size_num); CFMutableDictionaryRef subject_alt_names = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); CFDictionarySetValue(subject_alt_names, CFSTR("dnsname"), CFSTR("xey.nl")); @@ -131,8 +134,12 @@ static void tests(void) CFDictionaryRef dict = CFDictionaryCreate(NULL, (const void **)&kSecValueRef, (const void **)&ca_identity, 1, NULL, NULL); ok_status(SecItemAdd(dict, NULL), "add ca identity"); CFReleaseSafe(dict); +#if TARGET_OS_IPHONE TODO: { todo("Adding a cert with the same issuer/serial but a different key should return something other than errSecDuplicateItem"); +#else + { +#endif dict = CFDictionaryCreate(NULL, (const void **)&kSecValueRef, (const void **)&ca_identity_phone_key, 1, NULL, NULL); is_status(errSecDuplicateItem, SecItemAdd(dict, NULL), "add ca identity"); CFReleaseSafe(dict); @@ -197,10 +204,12 @@ static void tests(void) CFReleaseNull(subject_alt_names); CFDictionaryRemoveAllValues(random_extensions); +#if TARGET_OS_IPHONE CFDataRef scep_request = SecSCEPGenerateCertificateRequest(rdns, csr_parameters, phone_publicKey, phone_privateKey, NULL, ca_cert); isnt(scep_request, NULL, "got scep blob"); //write_data("/tmp/scep_request.der", scep_request); +#endif CFReleaseNull(email_dn); CFReleaseNull(cn_dn); @@ -208,6 +217,7 @@ static void tests(void) CFReleaseNull(dn_array[1]); CFReleaseNull(rdns); +#if TARGET_OS_IPHONE CFDataRef scep_reply = SecSCEPCertifyRequest(scep_request, ca_identity, serialno, false); isnt(scep_reply, NULL, "produced scep reply"); //write_data("/tmp/scep_reply.der", scep_reply); @@ -227,6 +237,15 @@ static void tests(void) ok(CFArrayContainsValue(issued_certs, CFRangeMake(0, CFArrayGetCount(issued_certs)), ra_signing_certificate), "found ra"); ok(!ra_encryption_certificate, "no separate encryption cert"); + CFReleaseSafe(ca_certificate); + CFReleaseSafe(ra_signing_certificate); + CFReleaseSafe(scep_certs); + + CFReleaseSafe(scep_request); + CFReleaseSafe(scep_reply); + CFReleaseSafe(issued_certs); +#endif + // cleanups dict = CFDictionaryCreate(NULL, (const void **)&kSecValueRef, (const void **)&ca_identity, 1, NULL, NULL); ok_status(SecItemDelete(dict), "delete ca identity"); @@ -235,14 +254,6 @@ static void tests(void) ok_status(SecItemDelete(dict), "delete phone private key"); CFReleaseSafe(dict); - - CFReleaseSafe(ca_certificate); - CFReleaseSafe(ra_signing_certificate); - CFReleaseSafe(scep_certs); - - CFReleaseSafe(scep_request); - CFReleaseSafe(scep_reply); - CFReleaseSafe(issued_certs); CFReleaseSafe(serialno); CFReleaseSafe(cert); @@ -259,12 +270,73 @@ static void tests(void) CFReleaseSafe(phone_privateKey); } +static void test_ec_csr(void) { + SecKeyRef ecPublicKey = NULL, ecPrivateKey = NULL; + + int keysize = 256; + CFNumberRef key_size_num = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &keysize); + + const void *keyParamsKeys[] = { kSecAttrKeyType, kSecAttrKeySizeInBits }; + const void *keyParamsValues[] = { kSecAttrKeyTypeECSECPrimeRandom, key_size_num}; + CFDictionaryRef keyParameters = CFDictionaryCreate(NULL, keyParamsKeys, keyParamsValues, 2, + &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); + ok_status(SecKeyGeneratePair(keyParameters, &ecPublicKey, &ecPrivateKey), + "unable to generate EC key"); + + SecATV cn_phone[] = { { kSecOidCommonName, SecASN1PrintableString, CFSTR("My iPhone") }, {} }; + SecATV c[] = { { kSecOidCountryName, SecASN1PrintableString, CFSTR("US") }, {} }; + SecATV st[] = { { kSecOidStateProvinceName, SecASN1PrintableString, CFSTR("CA") }, {} }; + SecATV l[] = { { kSecOidLocalityName, SecASN1PrintableString, CFSTR("Cupertino") }, {} }; + SecATV o[] = { { CFSTR("2.5.4.10"), SecASN1PrintableString, CFSTR("Apple Inc.") }, {} }; + SecATV ou[] = { { kSecOidOrganizationalUnit, SecASN1PrintableString, CFSTR("iPhone") }, {} }; + + SecRDN atvs_phone[] = { cn_phone, c, st, l, o, ou, NULL }; + + CFMutableDictionaryRef subject_alt_names = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); + CFDictionarySetValue(subject_alt_names, CFSTR("dnsname"), CFSTR("xey.nl")); + + int key_usage = kSecKeyUsageDigitalSignature | kSecKeyUsageKeyEncipherment; + CFNumberRef key_usage_num = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &key_usage); + + CFMutableDictionaryRef random_extensions = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); + + const void *key[] = { kSecCSRChallengePassword, kSecSubjectAltName, kSecCertificateKeyUsage, kSecCertificateExtensions }; + const void *val[] = { CFSTR("magic"), subject_alt_names, key_usage_num, random_extensions }; + CFDictionaryRef csr_parameters = CFDictionaryCreate(kCFAllocatorDefault, + key, val, array_size(key), &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); + + + CFDataRef csr = SecGenerateCertificateRequestWithParameters(atvs_phone, csr_parameters, ecPublicKey, ecPrivateKey); + isnt(csr, NULL, "csr w/ params"); + //write_data("/tmp/csr", csr); + CFDataRef subject, extensions; + CFStringRef challenge; + ok(SecVerifyCertificateRequest(csr, NULL, &challenge, &subject, &extensions), "verify csr"); + + CFReleaseNull(csr); + CFReleaseNull(key_size_num); + CFReleaseNull(keyParameters); + CFReleaseNull(ecPublicKey); + CFReleaseNull(ecPrivateKey); + CFReleaseNull(subject_alt_names); + CFReleaseNull(key_usage_num); + CFReleaseNull(random_extensions); + CFReleaseNull(csr_parameters); + CFReleaseNull(subject); + CFReleaseNull(extensions); + CFReleaseNull(challenge); +} + int si_62_csr(int argc, char *const *argv) { - plan_tests(24); - +#if TARGET_OS_IPHONE + plan_tests(27); +#else + plan_tests(20); +#endif tests(); + test_ec_csr(); return 0; } diff --git a/OSX/sec/Security/Regressions/secitem/si-66-smime.c b/OSX/sec/Security/Regressions/secitem/si-66-smime.c index 41cf18f5..d554103f 100644 --- a/OSX/sec/Security/Regressions/secitem/si-66-smime.c +++ b/OSX/sec/Security/Regressions/secitem/si-66-smime.c @@ -48,7 +48,12 @@ #include -#include "Security_regressions.h" +#if TARGET_OS_OSX +#include +#include +#endif + +#include "shared_regressions.h" #include "si-66-smime/signed-receipt.h" uint8_t message_hash[] = { @@ -2507,12 +2512,13 @@ static void tests(void) SecKeyRef publicKey = NULL, privateKey = NULL; const void *keygen_keys[] = { kSecAttrKeyType, kSecAttrKeySizeInBits }; - const void *keygen_vals[] = { kSecAttrKeyTypeRSA, CFSTR("512") }; + const void *keygen_vals[] = { kSecAttrKeyTypeRSA, CFSTR("2048") }; CFDictionaryRef parameters = CFDictionaryCreate(kCFAllocatorDefault, keygen_keys, keygen_vals, array_size(keygen_vals), &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks ); ok_status(SecKeyGeneratePair(parameters, &publicKey, &privateKey), "generate key pair"); + CFReleaseNull(parameters); CFMutableDictionaryRef subject_alt_names = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); CFDictionarySetValue(subject_alt_names, CFSTR("rfc822name"), CFSTR("xey@nl")); @@ -2528,8 +2534,11 @@ static void tests(void) CFArrayRef rdns = CFArrayCreate(kCFAllocatorDefault, (const void **)&cn_dn, 1, NULL); SecCertificateRef cert = SecGenerateSelfSignedCertificate(rdns, self_signed_parameters, publicKey, privateKey); + CFReleaseNull(subject_alt_names); + CFReleaseNull(key_usage_num); CFReleaseSafe(rdns); + CFReleaseNull(cn_dn); CFReleaseSafe(self_signed_parameters); SECOidTag algorithmTag; int keySize; @@ -2550,20 +2559,53 @@ static void tests(void) CFMutableDataRef signed_data = CFDataCreateMutable(kCFAllocatorDefault, 0); SecIdentityRef signer; + // Bear with us here: the function parameters are slightly different on macOS ok(signer = SecIdentityCreate(kCFAllocatorDefault, cert, privateKey), "identity"); +#if TARGET_OS_IPHONE ok(cmsg = SecCmsMessageCreate(), "create message"); +#else + ok(cmsg = SecCmsMessageCreate(NULL), "create message"); +#endif ok(sigd = SecCmsSignedDataCreate(cmsg), "create signed message"); ok(cinfo = SecCmsMessageGetContentInfo(cmsg), "get content info"); +#if TARGET_OS_IPHONE ok_status(SecCmsContentInfoSetContentSignedData(cinfo, sigd), "signed message into message"); +#else + ok_status(SecCmsContentInfoSetContentSignedData(cmsg, cinfo, sigd), "signed message into message"); +#endif ok(cinfo = SecCmsSignedDataGetContentInfo(sigd), "reset content info"); +#if TARGET_OS_IPHONE ok_status(SecCmsContentInfoSetContentData(cinfo, NULL, false), "attached"); ok(signerinfo = SecCmsSignerInfoCreate(sigd, signer, SEC_OID_SHA1), "set up signer"); +#else + ok_status(SecCmsContentInfoSetContentData(cmsg, cinfo, NULL, false), "attached"); + ok(signerinfo = SecCmsSignerInfoCreate(cmsg, signer, SEC_OID_SHA1), "set up signer"); +#endif // ok_status(SecCmsSignerInfoIncludeCerts(signerinfo, SecCmsCMCertChain, certUsageAnyCA), out); ok_status(SecCmsSignerInfoAddSigningTime(signerinfo, CFAbsoluteTimeGetCurrent()), "set current time"); ok_status(SecCmsSignerInfoAddSMIMEEncKeyPrefs(signerinfo, cert, NULL), "set signing cert as preferred encryption cert"); //SecCmsSignerInfoAddMSSMIMEEncKeyPrefs + CFReleaseNull(cert); +#if TARGET_OS_IPHONE + pass(); ok_status(SecCmsMessageEncode(cmsg, NULL, signed_data), "encode signed message"); +#else + // This is implicit in the SignerInfoCreate on iOS + ok_status(SecCmsSignedDataAddSignerInfo(sigd, signerinfo), "add signer to signed data"); + CSSM_DATA cssm_signed_data = {0, NULL}; + // macOS doesn't support empty data + uint8_t string_to_sign[] = "This message is signed. Ain't it pretty?"; + CSSM_DATA cssm_data_to_sign = { sizeof(string_to_sign), string_to_sign }; + // make an encoder context + PLArenaPool *arena = NULL; + arena = PORT_NewArena(1024); + ok_status(SecCmsMessageEncode(cmsg, &cssm_data_to_sign, (SecArenaPoolRef)arena, &cssm_signed_data), "encode signed message"); + if (signed_data && cssm_signed_data.Data) { + CFDataAppendBytes(signed_data, cssm_signed_data.Data, cssm_signed_data.Length); + } + if (arena) PORT_FreeArena(arena, PR_FALSE); +#endif if (cmsg) SecCmsMessageDestroy(cmsg); int data_file = open("/var/tmp/smime", O_CREAT|O_WRONLY|O_TRUNC, 0644); @@ -2586,6 +2628,7 @@ static void tests(void) CFReleaseNull(eml); CFReleaseNull(sig); CFReleaseNull(policy); + CFReleaseNull(trust); CFDataRef msg = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, __9639569_bin, __9639569_bin_len, kCFAllocatorNull); CFMutableDataRef data = CFDataCreateMutable(kCFAllocatorDefault, 0); @@ -2603,22 +2646,17 @@ static void tests(void) CFDictionaryRef item_dict = CFArrayGetValueAtIndex(items, 0); SecIdentityRef local_identity = (SecIdentityRef)CFDictionaryGetValue(item_dict, kSecImportItemIdentity); CFDictionaryRef dict = CFDictionaryCreate(NULL, (const void **)&kSecValueRef, (const void **)&local_identity, 1, NULL, NULL); + +#if TARGET_OS_IPHONE + // SecPKCS12Import doesn't add items to the keychain on iOS ok_status(SecItemAdd(dict, NULL), "add p12 identy"); +#else + pass("skip test on macOS"); +#endif const uint8_t foo[] = "here's something"; CFDataRef sample = CFDataCreate(kCFAllocatorDefault, foo, strlen((char *)foo)); - -#if 0 - SecCertificateRef local_cert = NULL; - ok_status(SecIdentityCopyCertificate(local_identity, &local_cert), "get cert"); - CFDataSetLength(data, 0); - ok_status(SecCMSCreateEnvelopedData(local_cert, NULL, sample, data), "envelope data (should use signer identifier)"); - int data_file = open("/var/tmp/smime", O_CREAT|O_WRONLY|O_TRUNC, 0644); - write(data_file, CFDataGetBytePtr(data), CFDataGetLength(data)); - close(data_file); -#else CFReleaseNull(data); -#endif msg = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, smime_skid, smime_skid_len, kCFAllocatorNull); CFMutableDataRef dec = CFDataCreateMutable(kCFAllocatorDefault, 0); @@ -2637,14 +2675,20 @@ static void tests(void) // parse signed-receipt msg = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, signed_receipt_bin, signed_receipt_bin_len, kCFAllocatorNull); policy = SecPolicyCreateBasicX509(); +#if TARGET_OS_IPHONE ok(errSecDecode == SecCMSVerifySignedData(msg, NULL, policy, &trust, NULL, NULL, NULL), "decode signed receipt w/ special oid"); +#else + // macOS can handle undefined OIDs. + ok_status(SecCMSVerifySignedData(msg, NULL, policy, &trust, NULL, NULL, NULL), "decode signed receipt w/ special oid"); +#endif + CFReleaseNull(trust); CFReleaseNull(policy); CFReleaseNull(msg); } int si_66_smime(int argc, char *const *argv) { - plan_tests(32); + plan_tests(33); tests(); diff --git a/OSX/sec/Security/Regressions/secitem/si-73-secpasswordgenerate.c b/OSX/sec/Security/Regressions/secitem/si-73-secpasswordgenerate.c index e87294c8..88cae06b 100644 --- a/OSX/sec/Security/Regressions/secitem/si-73-secpasswordgenerate.c +++ b/OSX/sec/Security/Regressions/secitem/si-73-secpasswordgenerate.c @@ -527,12 +527,55 @@ static void tests(void) is(true, SecPasswordIsPasswordWeak2(true, CFSTR("098765"))); is(true, SecPasswordIsPasswordWeak(CFSTR("0987"))); - + + is(true, SecPasswordIsPasswordWeak2(false, CFSTR("122222"))); + is(true, SecPasswordIsPasswordWeak2(false, CFSTR("222221"))); + is(true, SecPasswordIsPasswordWeak2(false, CFSTR("222114"))); + is(true, SecPasswordIsPasswordWeak2(false, CFSTR("221114"))); + is(false, SecPasswordIsPasswordWeak2(false, CFSTR("221144"))); + + is(true, SecPasswordIsPasswordWeak2(false, CFSTR("123456"))); + is(true, SecPasswordIsPasswordWeak2(false, CFSTR("666666"))); + is(true, SecPasswordIsPasswordWeak2(false, CFSTR("111111"))); + is(true, SecPasswordIsPasswordWeak2(false, CFSTR("520520"))); + is(true, SecPasswordIsPasswordWeak2(false, CFSTR("121212"))); + is(true, SecPasswordIsPasswordWeak2(false, CFSTR("000000"))); + is(true, SecPasswordIsPasswordWeak2(false, CFSTR("654321"))); + + is(true, SecPasswordIsPasswordWeak2(true, CFSTR("123456"))); + is(true, SecPasswordIsPasswordWeak2(true, CFSTR("666666"))); + is(true, SecPasswordIsPasswordWeak2(true, CFSTR("111111"))); + is(true, SecPasswordIsPasswordWeak2(true, CFSTR("520520"))); + is(true, SecPasswordIsPasswordWeak2(true, CFSTR("121212"))); + is(true, SecPasswordIsPasswordWeak2(true, CFSTR("000000"))); + is(true, SecPasswordIsPasswordWeak2(true, CFSTR("654321"))); + + is(true, SecPasswordIsPasswordWeak2(true, CFSTR("030379"))); + is(true, SecPasswordIsPasswordWeak2(true, CFSTR("101471"))); + is(true, SecPasswordIsPasswordWeak2(true, CFSTR("112233"))); + is(true, SecPasswordIsPasswordWeak2(true, CFSTR("123123"))); + is(true, SecPasswordIsPasswordWeak2(true, CFSTR("123321"))); + + is(true, SecPasswordIsPasswordWeak2(true, CFSTR("123654"))); + is(true, SecPasswordIsPasswordWeak2(true, CFSTR("147258"))); + is(true, SecPasswordIsPasswordWeak2(true, CFSTR("159753"))); + is(true, SecPasswordIsPasswordWeak2(true, CFSTR("321654"))); + is(true, SecPasswordIsPasswordWeak2(true, CFSTR("520131"))); + is(true, SecPasswordIsPasswordWeak2(true, CFSTR("520520"))); + is(true, SecPasswordIsPasswordWeak2(true, CFSTR("789456"))); + + is(true, SecPasswordIsPasswordWeak2(false, CFSTR("123654"))); + is(true, SecPasswordIsPasswordWeak2(false, CFSTR("147258"))); + is(true, SecPasswordIsPasswordWeak2(false, CFSTR("159753"))); + is(true, SecPasswordIsPasswordWeak2(false, CFSTR("321654"))); + is(true, SecPasswordIsPasswordWeak2(false, CFSTR("520131"))); + is(true, SecPasswordIsPasswordWeak2(false, CFSTR("520520"))); + is(true, SecPasswordIsPasswordWeak2(false, CFSTR("789456"))); } int si_73_secpasswordgenerate(int argc, char *const *argv) { - plan_tests(310); + plan_tests(348); tests(); return 0; diff --git a/OSX/sec/Security/Regressions/secitem/si-74-OTAPKISigner.c b/OSX/sec/Security/Regressions/secitem/si-74-OTAPKISigner.c index 36ce0067..006dc95c 100644 --- a/OSX/sec/Security/Regressions/secitem/si-74-OTAPKISigner.c +++ b/OSX/sec/Security/Regressions/secitem/si-74-OTAPKISigner.c @@ -34,13 +34,12 @@ #include #include #include +#include #include #include #include "shared_regressions.h" -#define CFReleaseSafe(CF) { CFTypeRef _cf = (CF); if (_cf) { CFRelease(_cf); } } - static const UInt8 kSignedPList[] = { 0x30, 0x80, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x80, 0x30, 0x80, 0x02, 0x01, 0x01, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, @@ -905,7 +904,7 @@ static void test_OTA_PKI() NULL, "Get the Apple PKI Settings Root Certification Authority Cert"); CFArrayRef anchors = CFArrayCreate(kCFAllocatorDefault, (const void **)&apple_pki_settings_root_certificate_authority_cert, 1, &kCFTypeArrayCallBacks); - CFReleaseSafe(apple_pki_settings_root_certificate_authority_cert); + CFReleaseNull(apple_pki_settings_root_certificate_authority_cert); apple_pki_settings_root_certificate_authority_cert = NULL; SecTrustSetAnchorCertificates(trustRef, anchors); @@ -984,7 +983,7 @@ static void test_OTA_PKI() CFReleaseSafe(manifestRef); CFReleaseSafe(base_manifest_data); CFReleaseSafe(base_manifestRef); - + CFReleaseSafe(anchors); CFReleaseSafe(apple_pki_settings_root_certificate_authority_cert_data); } diff --git a/OSX/sec/Security/Regressions/secitem/si-90-emcs.m b/OSX/sec/Security/Regressions/secitem/si-90-emcs.m index 1e192f6a..76d48884 100644 --- a/OSX/sec/Security/Regressions/secitem/si-90-emcs.m +++ b/OSX/sec/Security/Regressions/secitem/si-90-emcs.m @@ -15,6 +15,7 @@ static void tests(void) NSData *emcsKey = SecEMCSCreateDerivedEMCSKey(idmsData, @"1234", NULL); ok(emcsKey, "emcs key"); + if (!emcsKey) @throw @"emacsKey missing"; /* * change password diff --git a/OSX/sec/Security/Regressions/secitem/si_77_SecAccessControl.c b/OSX/sec/Security/Regressions/secitem/si_77_SecAccessControl.c index bd1da9bd..66d6339d 100644 --- a/OSX/sec/Security/Regressions/secitem/si_77_SecAccessControl.c +++ b/OSX/sec/Security/Regressions/secitem/si_77_SecAccessControl.c @@ -28,30 +28,23 @@ #include #include #include +#include #include #include #include #include #include -#if TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_IPHONE_SIMULATOR) -#define USE_KEYSTORE 1 -#elif TARGET_OS_EMBEDDED && !TARGET_IPHONE_SIMULATOR -#define USE_KEYSTORE 1 -#else /* no keystore on this platform */ -#define USE_KEYSTORE 0 -#endif - -#if USE_KEYSTORE +#if TARGET_HAS_KEYSTORE #include #include #include #include -#endif +#endif /* TARGET_HAS_KEYSTORE */ #include "Security_regressions.h" -#if LA_CONTEXT_IMPLEMENTED +#if LA_CONTEXT_IMPLEMENTED && TARGET_HAS_KEYSTORE static bool aks_consistency_test(bool currentAuthDataFormat, kern_return_t expectedAksResult, SecAccessControlRef access_control, CFDataRef acm_context); static CFDataRef kc_create_auth_data(SecAccessControlRef access_control, CFDictionaryRef auth_attributes); static CFDataRef kc_copy_constraints_data(SecAccessControlRef access_control, CFDictionaryRef auth_attributes); @@ -273,7 +266,7 @@ static void tests(void) CFReleaseNull(acl); -#if LA_CONTEXT_IMPLEMENTED +#if LA_CONTEXT_IMPLEMENTED && TARGET_HAS_KEYSTORE // AKS consistency test: acl = SecAccessControlCreateWithFlags(allocator, protection, kSecAccessControlUserPresence, &error); @@ -351,7 +344,7 @@ static void tests(void) CFReleaseNull(acl); } -#if LA_CONTEXT_IMPLEMENTED +#if LA_CONTEXT_IMPLEMENTED && TARGET_HAS_KEYSTORE static bool aks_consistency_test(bool currentAuthDataFormat, kern_return_t expectedAksResult, SecAccessControlRef access_control, CFDataRef acm_context) { @@ -511,7 +504,7 @@ static CFDataRef kc_copy_constraints_data(SecAccessControlRef access_control, CF int si_77_SecAccessControl(int argc, char *const *argv) { -#if LA_CONTEXT_IMPLEMENTED +#if LA_CONTEXT_IMPLEMENTED && TARGET_HAS_KEYSTORE plan_tests(71); #else plan_tests(63); diff --git a/OSX/sec/Security/SecAccessControl.h b/OSX/sec/Security/SecAccessControl.h index ddef861d..047e08d8 100644 --- a/OSX/sec/Security/SecAccessControl.h +++ b/OSX/sec/Security/SecAccessControl.h @@ -63,13 +63,13 @@ typedef CF_OPTIONS(CFOptionFlags, SecAccessControlCreateFlags) { typedef CF_OPTIONS(CFOptionFlags, SecAccessControlCreateFlags) { kSecAccessControlUserPresence = 1 << 0, // User presence policy using Touch ID or Passcode. Touch ID does not have to be available or enrolled. Item is still accessible by Touch ID even if fingers are added or removed. - kSecAccessControlTouchIDAny CF_ENUM_AVAILABLE(10_12, 9_0) = 1u << 1, // Constraint: Touch ID (any finger). Touch ID must be available and at least one finger must be enrolled. Item is still accessible by Touch ID even if fingers are added or removed. - kSecAccessControlTouchIDCurrentSet CF_ENUM_AVAILABLE(10_12, 9_0) = 1u << 3, // Constraint: Touch ID from the set of currently enrolled fingers. Touch ID must be available and at least one finger must be enrolled. When fingers are added or removed, the item is invalidated. + kSecAccessControlTouchIDAny CF_ENUM_AVAILABLE(10_12_1, 9_0) = 1u << 1, // Constraint: Touch ID (any finger). Touch ID must be available and at least one finger must be enrolled. Item is still accessible by Touch ID even if fingers are added or removed. + kSecAccessControlTouchIDCurrentSet CF_ENUM_AVAILABLE(10_12_1, 9_0) = 1u << 3, // Constraint: Touch ID from the set of currently enrolled fingers. Touch ID must be available and at least one finger must be enrolled. When fingers are added or removed, the item is invalidated. kSecAccessControlDevicePasscode CF_ENUM_AVAILABLE(10_11, 9_0) = 1u << 4, // Constraint: Device passcode - kSecAccessControlOr CF_ENUM_AVAILABLE(10_12, 9_0) = 1u << 14, // Constraint logic operation: when using more than one constraint, at least one of them must be satisfied. - kSecAccessControlAnd CF_ENUM_AVAILABLE(10_12, 9_0) = 1u << 15, // Constraint logic operation: when using more than one constraint, all must be satisfied. - kSecAccessControlPrivateKeyUsage CF_ENUM_AVAILABLE(10_12, 9_0) = 1u << 30, // Create access control for private key operations (i.e. sign operation) - kSecAccessControlApplicationPassword CF_ENUM_AVAILABLE(10_12, 9_0) = 1u << 31, // Security: Application provided password for data encryption key generation. This is not a constraint but additional item encryption mechanism. + kSecAccessControlOr CF_ENUM_AVAILABLE(10_12_1, 9_0) = 1u << 14, // Constraint logic operation: when using more than one constraint, at least one of them must be satisfied. + kSecAccessControlAnd CF_ENUM_AVAILABLE(10_12_1, 9_0) = 1u << 15, // Constraint logic operation: when using more than one constraint, all must be satisfied. + kSecAccessControlPrivateKeyUsage CF_ENUM_AVAILABLE(10_12_1, 9_0) = 1u << 30, // Create access control for private key operations (i.e. sign operation) + kSecAccessControlApplicationPassword CF_ENUM_AVAILABLE(10_12_1, 9_0) = 1u << 31, // Security: Application provided password for data encryption key generation. This is not a constraint but additional item encryption mechanism. } __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0); #endif diff --git a/OSX/sec/Security/SecBase.h b/OSX/sec/Security/SecBase.h deleted file mode 100644 index 7a9bf1ff..00000000 --- a/OSX/sec/Security/SecBase.h +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Copyright (c) 2000-2009,2011-2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecBase - SecBase contains common declarations for the Security functions. -*/ - -#ifndef _SECURITY_SECBASE_H_ -#define _SECURITY_SECBASE_H_ - -#include -#include -#include - -#if defined(__clang__) -#define SEC_DEPRECATED_ATTRIBUTE DEPRECATED_ATTRIBUTE -#else -#define SEC_DEPRECATED_ATTRIBUTE -#endif - -__BEGIN_DECLS - -CF_ASSUME_NONNULL_BEGIN -CF_IMPLICIT_BRIDGING_ENABLED - -/*! - @typedef SecCertificateRef - @abstract CFType representing a X.509 certificate. - See SecCertificate.h for details. -*/ -typedef struct CF_BRIDGED_TYPE(id) __SecCertificate *SecCertificateRef; - -/*! - @typedef SecIdentityRef - @abstract CFType representing an identity, which contains - a SecKeyRef and an associated SecCertificateRef. See - SecIdentity.h for details. -*/ -typedef struct CF_BRIDGED_TYPE(id) __SecIdentity *SecIdentityRef; - -/*! - @typedef SecKeyRef - @abstract CFType representing a cryptographic key. See - SecKey.h for details. -*/ -typedef struct CF_BRIDGED_TYPE(id) __SecKey *SecKeyRef; - -/*! - @typedef SecPolicyRef - @abstract CFType representing a X.509 certificate trust policy. - See SecPolicy.h for details. -*/ -typedef struct CF_BRIDGED_TYPE(id) __SecPolicy *SecPolicyRef; - -/*! - @typedef SecAccessControl - @abstract CFType representing access control for an item. - SecAccessControl.h for details. -*/ -typedef struct CF_BRIDGED_TYPE(id) __SecAccessControl *SecAccessControlRef; - -/*********************************************** - *** OSStatus values unique to Security APIs *** - ***********************************************/ - -/* - Note: the comments that appear after these errors are used to create - SecErrorMessages.strings. The comments must not be multi-line, and - should be in a form meaningful to an end user. If a different or - additional comment is needed, it can be put in the header doc format, - or on a line that does not start with errZZZ. -*/ - -CF_ENUM(OSStatus) -{ - errSecSuccess = 0, /* No error. */ - errSecUnimplemented = -4, /* Function or operation not implemented. */ - errSecIO = -36, /*I/O error (bummers)*/ - errSecOpWr = -49, /*file already open with with write permission*/ - errSecParam = -50, /* One or more parameters passed to a function where not valid. */ - errSecAllocate = -108, /* Failed to allocate memory. */ - errSecUserCanceled = -128, /* User canceled the operation. */ - errSecBadReq = -909, /* Bad parameter or invalid state for operation. */ - errSecInternalComponent = -2070, - errSecNotAvailable = -25291, /* No keychain is available. You may need to restart your computer. */ - errSecDuplicateItem = -25299, /* The specified item already exists in the keychain. */ - errSecItemNotFound = -25300, /* The specified item could not be found in the keychain. */ - errSecInteractionNotAllowed = -25308, /* User interaction is not allowed. */ - errSecDecode = -26275, /* Unable to decode the provided data. */ - errSecAuthFailed = -25293, /* The user name or passphrase you entered is not correct. */ - errSecVerifyFailed = -67808, /* A cryptographic verification failure has occurred. */ -}; - -CF_IMPLICIT_BRIDGING_DISABLED -CF_ASSUME_NONNULL_END - -__END_DECLS - -#endif /* !_SECURITY_SECBASE_H_ */ diff --git a/OSX/sec/Security/SecBase64.c b/OSX/sec/Security/SecBase64.c index 48431d3a..b92d8dba 100644 --- a/OSX/sec/Security/SecBase64.c +++ b/OSX/sec/Security/SecBase64.c @@ -45,6 +45,7 @@ #include #include +#include /* ///////////////////////////////////////////////////////////////////////////// * Constants and definitions @@ -438,7 +439,7 @@ size_t SecBase64Encode2( void const *src lineLen = 76; break; default: - assert(!"Bad line length flag specified to SecBase64Encode2()"); + assert(false); // "Bad line length flag specified to SecBase64Encode2()" case kSecB64_F_LINE_LEN_INFINITE: lineLen = 0; break; diff --git a/OSX/sec/Security/SecCMS.c b/OSX/sec/Security/SecCMS.c index 155f3299..aa79e2c1 100644 --- a/OSX/sec/Security/SecCMS.c +++ b/OSX/sec/Security/SecCMS.c @@ -394,7 +394,8 @@ static OSStatus SecCMSVerifySignedData_internal(CFDataRef message, CFDataRef det SecCmsContentInfoRef cinfo; SecCmsSignedDataRef sigd = NULL; OSStatus status = errSecParam; - + + require(message, out); SecAsn1Item encoded_message = { CFDataGetLength(message), (uint8_t*)CFDataGetBytePtr(message) }; require_noerr_action_quiet(SecCmsMessageDecode(&encoded_message, NULL, NULL, NULL, NULL, NULL, NULL, &cmsg), out, status = errSecDecode); diff --git a/OSX/sec/Security/SecCMS.h b/OSX/sec/Security/SecCMS.h index 4f4b106d..1832b655 100644 --- a/OSX/sec/Security/SecCMS.h +++ b/OSX/sec/Security/SecCMS.h @@ -147,7 +147,7 @@ OSStatus SecCMSCreateSignedData(SecIdentityRef identity, CFDataRef data, /*! @function SecCMSCreateEnvelopedData @abstract create a enveloped cms blob for recipients - @param recipients SecCertificateRef for each recipient + @param recipient_or_cfarray_thereof SecCertificateRef for each recipient @param params CFDictionaryRef with encryption parameters @param data Data to be encrypted @param enveloped_data (output) return enveloped message. diff --git a/OSX/sec/Security/SecCTKKey.c b/OSX/sec/Security/SecCTKKey.c index a223e646..9087714b 100644 --- a/OSX/sec/Security/SecCTKKey.c +++ b/OSX/sec/Security/SecCTKKey.c @@ -34,10 +34,6 @@ #include #include -#if TKTOKEN_CLIENT_INTERFACE_VERSION <= 1 -#define kTKTokenCreateAttributeAuxParams "auxParams" -#endif - #include "SecECKey.h" #include "SecRSAKey.h" #include "SecCTKKeyPriv.h" @@ -66,15 +62,8 @@ static void SecCTKKeyDestroy(SecKeyRef key) { static CFIndex SecCTKGetAlgorithmID(SecKeyRef key) { SecCTKKeyData *kd = key->key; - CFTypeRef type = CFDictionaryGetValue(kd->attributes.dictionary, kSecAttrKeyType); - if (type != NULL) { - if (CFGetTypeID(type) == CFNumberGetTypeID()) { - CFIndex keyType; - if (CFNumberGetValue(type, kCFNumberCFIndexType, &keyType) && keyType == 73 /* kSecAttrKeyTypeEC */) - return kSecECDSAAlgorithmID; - } else if (CFGetTypeID(type) == CFStringGetTypeID() && CFEqual(type, kSecAttrKeyTypeEC)) { - return kSecECDSAAlgorithmID; - } + if (CFEqualSafe(CFDictionaryGetValue(kd->attributes.dictionary, kSecAttrKeyType), kSecAttrKeyTypeECSECPrimeRandom)) { + return kSecECDSAAlgorithmID; } return kSecRSAAlgorithmID; } @@ -125,11 +114,7 @@ static CFTypeRef SecCTKKeyCopyOperationResult(SecKeyRef key, SecKeyOperationType } } -#if TKTOKEN_CLIENT_INTERFACE_VERSION >= 1 result = TKTokenCopyOperationResult(token, kd->objectID, operation, algorithms, mode, in1, in2, error); -#else - result = TKTokenCopyCryptoResult(token, kd->objectID, operation, (CFIndex)algorithm, in1, in2, error); -#endif return (result != NULL) ? kSecItemAuthResultOK : SecCTKProcessError(*aclOperations[operation], token, kd->objectID, ac_pairs, error); }); @@ -330,6 +315,29 @@ SecKeyRef SecKeyCreateCTKKey(CFAllocatorRef allocator, CFDictionaryRef refAttrib if (CFDictionaryGetValue(kd->attributes.dictionary, kSecAttrIsPrivate) == NULL) { CFDictionarySetValue(SecCFDictionaryCOWGetMutable(&kd->attributes), kSecAttrIsPrivate, kCFBooleanTrue); } + + // Convert some attributes which are stored as numbers in iOS keychain but a lot of code counts that the values + // are actually strings as specified by kSecAttrXxx constants. + static const CFStringRef *numericAttributes[] = { + &kSecAttrKeyType, + &kSecAttrKeyClass, + NULL, + }; + + for (const CFStringRef **attrName = &numericAttributes[0]; *attrName != NULL; attrName++) { + CFTypeRef value = CFDictionaryGetValue(kd->attributes.dictionary, **attrName); + if (value != NULL && CFGetTypeID(value) == CFNumberGetTypeID()) { + CFIndex number; + if (CFNumberGetValue(value, kCFNumberCFIndexType, &number)) { + CFStringRef newValue = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("%ld"), (long)number); + if (newValue != NULL) { + CFDictionarySetValue(SecCFDictionaryCOWGetMutable(&kd->attributes), **attrName, newValue); + CFRelease(newValue); + } + } + } + } + return key; } diff --git a/OSX/sec/Security/SecCertificate.c b/OSX/sec/Security/SecCertificate.c index 3d437f1f..a5ae2010 100644 --- a/OSX/sec/Security/SecCertificate.c +++ b/OSX/sec/Security/SecCertificate.c @@ -81,13 +81,6 @@ typedef struct SecCertificateExtension { DERItem extnValue; } SecCertificateExtension; -#if 0 -typedef struct KnownExtension { - bool critical; - DERItem extnValue; -} KnownExtension; -#endif - enum { kSecSelfSignedUnknown = 0, kSecSelfSignedFalse, @@ -115,37 +108,14 @@ struct __SecCertificate { DERItem _issuerUniqueID; /* bit string, optional */ DERItem _subjectUniqueID; /* bit string, optional */ -#if 0 - /* Known extensions if the certificate contains them, - extnValue.length will be > 0. */ - KnownExtension _authorityKeyID; - - /* This extension is used to uniquely identify a certificate from among - several that have the same subject name. If the extension is not - present, its value is calculated by performing a SHA-1 hash of the - certificate's DER encoded subjectPublicKeyInfo, as recommended by - PKIX. */ - KnownExtension _subjectKeyID; - KnownExtension _keyUsage; - KnownExtension _extendedKeyUsage; - KnownExtension _basicConstraints; - KnownExtension _netscapeCertType; - KnownExtension _subjectAltName; - KnownExtension _qualCertStatements; - -#endif bool _foundUnknownCriticalExtension; /* Well known certificate extensions. */ SecCEBasicConstraints _basicConstraints; SecCEPolicyConstraints _policyConstraints; - CFDictionaryRef _policyMappings; + SecCEPolicyMappings _policyMappings; SecCECertificatePolicies _certificatePolicies; - - /* If InhibitAnyPolicy extension is not present or invalid UINT32_MAX, - value of the SkipCerts field of the InhibitAnyPolicy extension - otherwise. */ - uint32_t _inhibitAnyPolicySkipCerts; + SecCEInhibitAnyPolicy _inhibitAnyPolicySkipCerts; /* If KeyUsage extension is not present this is 0, otherwise it's the value of the extension. */ @@ -245,13 +215,13 @@ typedef void (*SecCertificateExtensionParser)(SecCertificateRef certificate, static CFDictionaryRef sExtensionParsers; /* Forward declarations of static functions. */ -static CFStringRef SecCertificateDescribe(CFTypeRef cf); +static CFStringRef SecCertificateCopyDescription(CFTypeRef cf); static void SecCertificateDestroy(CFTypeRef cf); static bool derDateGetAbsoluteTime(const DERItem *dateChoice, CFAbsoluteTime *absTime) __attribute__((__nonnull__)); /* Static functions. */ -static CF_RETURNS_RETAINED CFStringRef SecCertificateDescribe(CFTypeRef cf) { +static CFStringRef SecCertificateCopyDescription(CFTypeRef cf) { SecCertificateRef certificate = (SecCertificateRef)cf; CFStringRef subject = SecCertificateCopySubjectSummary(certificate); CFStringRef issuer = SecCertificateCopyIssuerSummary(certificate); @@ -266,7 +236,9 @@ static void SecCertificateDestroy(CFTypeRef cf) { SecCertificateRef certificate = (SecCertificateRef)cf; if (certificate->_certificatePolicies.policies) free(certificate->_certificatePolicies.policies); - CFReleaseSafe(certificate->_policyMappings); + if (certificate->_policyMappings.mappings) { + free(certificate->_policyMappings.mappings); + } CFReleaseSafe(certificate->_crlDistributionPoints); CFReleaseSafe(certificate->_ocspResponders); CFReleaseSafe(certificate->_caIssuers); @@ -772,13 +744,13 @@ static DERReturn parseGeneralSubtrees(DERItem *derSubtrees, CFArrayRef *generalS CFArrayAppendValue(gs, generalName); CFReleaseNull(generalName); } + require_quiet(drtn == DR_EndOfSequence, badDER); // since generalSubtrees is a pointer to an instance variable, // make sure we release the existing array before assignment. CFReleaseSafe(*generalSubtrees); *generalSubtrees = gs; - require_quiet(drtn == DR_EndOfSequence, badDER); return DR_Success; badDER: @@ -920,7 +892,8 @@ static void SecCEPCertificatePolicies(SecCertificateRef certificate, require_quiet(drtn == DR_EndOfSequence, badDER); policies = (SecCEPolicyInformation *)malloc(sizeof(SecCEPolicyInformation) * (policy_count > 0 ? policy_count : 1)); - DERDecodeSeqInit(&extn->extnValue, &tag, &piSeq); + drtn = DERDecodeSeqInit(&extn->extnValue, &tag, &piSeq); + require_noerr_quiet(drtn, badDER); DERSize policy_ix = 0; while ((policy_ix < (policy_count > 0 ? policy_count : 1)) && (drtn = DERDecodeSeqNext(&piSeq, &piContent)) == DR_Success) { @@ -952,7 +925,7 @@ badDER: issuerDomainPolicy CertPolicyId, subjectDomainPolicy CertPolicyId } */ -#if 0 +#define MAX_POLICY_MAPPINGS 8192 static void SecCEPPolicyMappings(SecCertificateRef certificate, const SecCertificateExtension *extn) { secdebug("cert", "critical: %s", extn->critical ? "yes" : "no"); @@ -964,15 +937,20 @@ static void SecCEPPolicyMappings(SecCertificateRef certificate, require_quiet(tag == ASN1_CONSTR_SEQUENCE, badDER); DERDecodedInfo pmContent; DERSize mapping_count = 0; - while ((drtn = DERDecodeSeqNext(&pmSeq, &pmContent)) == DR_Success) { + while ((mapping_count < MAX_POLICY_MAPPINGS) && + (drtn = DERDecodeSeqNext(&pmSeq, &pmContent)) == DR_Success) { require_quiet(pmContent.tag == ASN1_CONSTR_SEQUENCE, badDER); mapping_count++; } + require_quiet(drtn == DR_EndOfSequence, badDER); mappings = (SecCEPolicyMapping *)malloc(sizeof(SecCEPolicyMapping) - * mapping_count); - DERDecodeSeqInit(&extn->extnValue, &tag, &pmSeq); + * (mapping_count > 0 ? mapping_count : 1)); + drtn = DERDecodeSeqInit(&extn->extnValue, &tag, &pmSeq); + require_noerr_quiet(drtn, badDER); DERSize mapping_ix = 0; - while ((drtn = DERDecodeSeqNext(&pmSeq, &pmContent)) == DR_Success) { + while ((mapping_ix < (mapping_count > 0 ? mapping_count : 1)) && + (drtn = DERDecodeSeqNext(&pmSeq, &pmContent)) == DR_Success) { + require_quiet(pmContent.tag == ASN1_CONSTR_SEQUENCE, badDER); DERPolicyMapping pm; drtn = DERParseSequenceContent(&pmContent.content, DERNumPolicyMappingItemSpecs, @@ -982,70 +960,18 @@ static void SecCEPPolicyMappings(SecCertificateRef certificate, mappings[mapping_ix].issuerDomainPolicy = pm.issuerDomainPolicy; mappings[mapping_ix++].subjectDomainPolicy = pm.subjectDomainPolicy; } - require_quiet(drtn == DR_EndOfSequence, badDER); certificate->_policyMappings.present = true; certificate->_policyMappings.critical = extn->critical; certificate->_policyMappings.numMappings = mapping_count; certificate->_policyMappings.mappings = mappings; return; badDER: - if (mappings) + if (mappings) { free(mappings); - CFReleaseSafe(mappings); - certificate->_policyMappings.present = false; - secwarning("Invalid CertificatePolicies Extension"); -} -#else -static void SecCEPPolicyMappings(SecCertificateRef certificate, - const SecCertificateExtension *extn) { - secdebug("cert", "critical: %s", extn->critical ? "yes" : "no"); - DERTag tag; - DERSequence pmSeq; - CFMutableDictionaryRef mappings = NULL; - CFDataRef idp = NULL, sdp = NULL; - DERReturn drtn = DERDecodeSeqInit(&extn->extnValue, &tag, &pmSeq); - require_noerr_quiet(drtn, badDER); - require_quiet(tag == ASN1_CONSTR_SEQUENCE, badDER); - DERDecodedInfo pmContent; - require_quiet(mappings = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, - &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks), - badDER); - while ((drtn = DERDecodeSeqNext(&pmSeq, &pmContent)) == DR_Success) { - require_quiet(pmContent.tag == ASN1_CONSTR_SEQUENCE, badDER); - DERPolicyMapping pm; - drtn = DERParseSequenceContent(&pmContent.content, - DERNumPolicyMappingItemSpecs, - DERPolicyMappingItemSpecs, - &pm, sizeof(pm)); - require_noerr_quiet(drtn, badDER); - require_quiet(idp = CFDataCreate(kCFAllocatorDefault, - pm.issuerDomainPolicy.data, pm.issuerDomainPolicy.length), badDER); - require_quiet(sdp = CFDataCreate(kCFAllocatorDefault, - pm.subjectDomainPolicy.data, pm.subjectDomainPolicy.length), badDER); - CFMutableArrayRef sdps = - (CFMutableArrayRef)CFDictionaryGetValue(mappings, idp); - if (sdps) { - CFArrayAppendValue(sdps, sdp); - } else { - require_quiet(sdps = CFArrayCreateMutable(kCFAllocatorDefault, 0, - &kCFTypeArrayCallBacks), badDER); - CFDictionarySetValue(mappings, idp, sdps); - CFRelease(sdps); - } - CFReleaseNull(idp); - CFReleaseNull(sdp); } - require_quiet(drtn == DR_EndOfSequence, badDER); - certificate->_policyMappings = mappings; - return; -badDER: - CFReleaseSafe(idp); - CFReleaseSafe(sdp); - CFReleaseSafe(mappings); - certificate->_policyMappings = NULL; + certificate->_policyMappings.present = false; secwarning("Invalid CertificatePolicies Extension"); } -#endif /* AuthorityKeyIdentifier ::= SEQUENCE { @@ -1129,12 +1055,18 @@ static void SecCEPExtendedKeyUsage(SecCertificateRef certificate, static void SecCEPInhibitAnyPolicy(SecCertificateRef certificate, const SecCertificateExtension *extn) { secdebug("cert", "critical: %s", extn->critical ? "yes" : "no"); + DERDecodedInfo iapContent; + require_noerr_quiet(DERDecodeItem(&extn->extnValue, &iapContent), badDER); + require_quiet(iapContent.tag == ASN1_INTEGER, badDER); require_noerr_quiet(DERParseInteger( - &extn->extnValue, - &certificate->_inhibitAnyPolicySkipCerts), badDER); + &iapContent.content, + &certificate->_inhibitAnyPolicySkipCerts.skipCerts), badDER); + + certificate->_inhibitAnyPolicySkipCerts.present = true; + certificate->_inhibitAnyPolicySkipCerts.critical = extn->critical; return; badDER: - certificate->_inhibitAnyPolicySkipCerts = UINT32_MAX; + certificate->_inhibitAnyPolicySkipCerts.present = false; secwarning("Invalid InhibitAnyPolicy Extension"); } @@ -1355,7 +1287,7 @@ static void SecCertificateInitializeExtensionParsers(void) { &SecDERItemKeyCallBacks, NULL); } -CFGiblisWithFunctions(SecCertificate, NULL, NULL, SecCertificateDestroy, SecCertificateEqual, SecCertificateHash, NULL, SecCertificateDescribe, NULL, NULL, ^{ +CFGiblisWithFunctions(SecCertificate, NULL, NULL, SecCertificateDestroy, SecCertificateEqual, SecCertificateHash, NULL, SecCertificateCopyDescription, NULL, NULL, ^{ SecCertificateInitializeExtensionParsers(); }) @@ -1634,6 +1566,10 @@ static bool SecCertificateParse(SecCertificateRef certificate) require_quiet(decoded.tag == ASN1_INTEGER, badCert); require_quiet(decoded.content.length == 1, badCert); certificate->_version = decoded.content.data[0]; + if (certificate->_version > 2) { + secwarning("Invalid certificate version (%d), must be 0..2", + certificate->_version); + } require_quiet(certificate->_version > 0, badCert); require_quiet(certificate->_version < 3, badCert); } else { @@ -1645,14 +1581,18 @@ static bool SecCertificateParse(SecCertificateRef certificate) certificate->_serialNum = tbsCert.serialNum; certificate->_serialNumber = CFDataCreate(allocator, tbsCert.serialNum.data, tbsCert.serialNum.length); + /* RFC5280 4.1.2.2 limits serial number values to 20 octets. + %%% At some point, this should be treated as a hard error.*/ + if (tbsCert.serialNum.length < 1 || tbsCert.serialNum.length > 20) { + secwarning("Invalid serial number length (%ld), must be 1..20", + tbsCert.serialNum.length); + } /* sequence we're given: decode the tbsCerts TBS Signature Algorithm. */ drtn = DERParseSequenceContent(&tbsCert.tbsSigAlg, DERNumAlgorithmIdItemSpecs, DERAlgorithmIdItemSpecs, &certificate->_tbsSigAlg, sizeof(certificate->_tbsSigAlg)); require_noerr_quiet(drtn, badCert); - require_quiet(DEROidCompare(&certificate->_sigAlg.oid, - &certificate->_tbsSigAlg.oid), badCert); /* The issuer is in the tbsCert.issuer - it's a sequence without the tag and length fields. */ @@ -2105,19 +2045,6 @@ static CFStringRef copyIPAddressContentDescription(CFAllocatorRef allocator, return value; } -#if 0 -static CFStringRef copyFullOidDescription(CFAllocatorRef allocator, - const DERItem *oid) { - CFStringRef decimal = SecDERItemCopyOIDDecimalRepresentation(allocator, oid); - CFStringRef name = copyLocalizedOidDescription(allocator, oid); - CFStringRef oid_string = CFStringCreateWithFormat(allocator, NULL, - CFSTR("%@ (%@)"), name, decimal); - CFRelease(name); - CFRelease(decimal); - return oid_string; -} -#endif - void appendProperty(CFMutableArrayRef properties, CFStringRef propertyType, CFStringRef label, CFStringRef localizedLabel, CFTypeRef value) { CFDictionaryRef property; @@ -2179,51 +2106,59 @@ static inline int parseDecimalPair(const DERByte **p) { return 10 * (cp[0] - '0') + cp[1] - '0'; } -/* Decode a choice of UTCTime or GeneralizedTime to a CFAbsoluteTime. Return - true if the date was valid and properly decoded, also return the result in - absTime. Return false otherwise. */ -CFAbsoluteTime SecAbsoluteTimeFromDateContent(DERTag tag, const uint8_t *bytes, - size_t length) { - if (bytes == NULL) - return NULL_TIME; - if (length == 0) - return NULL_TIME; +/* Decode a choice of UTCTime or GeneralizedTime to a CFAbsoluteTime. + Return a CFErrorRef in the error parameter if decoding fails. + Note that this is needed to distinguish an error condition from a + valid time which specifies 2001-01-01 00:00:00 (i.e. a value of 0). +*/ +static CFAbsoluteTime SecAbsoluteTimeFromDateContentWithError(DERTag tag, + const uint8_t *bytes, + size_t length, + CFErrorRef *error) { + if (error) { + *error = NULL; + } + if (NULL == bytes || 0 == length) { + goto decodeErr; + } bool isUtcLength = false; bool isLocalized = false; bool noSeconds = false; - switch (length) { - case UTC_TIME_NOSEC_ZULU_LEN: /* YYMMDDhhmmZ */ + switch (length) { + case UTC_TIME_NOSEC_ZULU_LEN: /* YYMMDDhhmmZ */ isUtcLength = true; noSeconds = true; - break; - case UTC_TIME_ZULU_LEN: /* YYMMDDhhmmssZ */ + break; + case UTC_TIME_ZULU_LEN: /* YYMMDDhhmmssZ */ isUtcLength = true; - break; - case GENERALIZED_TIME_ZULU_LEN: /* YYYYMMDDhhmmssZ */ - break; - case UTC_TIME_LOCALIZED_LEN: /* YYMMDDhhmmssThhmm (where T=[+,-]) */ + break; + case GENERALIZED_TIME_ZULU_LEN: /* YYYYMMDDhhmmssZ */ + break; + case UTC_TIME_LOCALIZED_LEN: /* YYMMDDhhmmssThhmm (where T=[+,-]) */ isUtcLength = true; /*DROPTHROUGH*/ case GENERALIZED_TIME_LOCALIZED_LEN:/* YYYYMMDDhhmmssThhmm (where T=[+,-]) */ isLocalized = true; break; - default: /* unknown format */ - return NULL_TIME; - } + default: /* unknown format */ + goto decodeErr; + } /* Make sure the der tag fits the thing inside it. */ if (tag == ASN1_UTC_TIME) { - if (!isUtcLength) - return NULL_TIME; + if (!isUtcLength) { + goto decodeErr; + } } else if (tag == ASN1_GENERALIZED_TIME) { - if (isUtcLength) - return NULL_TIME; + if (isUtcLength) { + goto decodeErr; + } } else { - return NULL_TIME; + goto decodeErr; } - const DERByte *cp = bytes; + const DERByte *cp = bytes; /* Check that all characters are digits, except if localized the timezone indicator or if not localized the 'Z' at the end. */ DERSize ix; @@ -2234,12 +2169,12 @@ CFAbsoluteTime SecAbsoluteTimeFromDateContent(DERTag tag, const uint8_t *bytes, (!isLocalized && ix == length - 1 && cp[ix] == 'Z')) { continue; } - return NULL_TIME; + goto decodeErr; } } /* Parse the date and time fields. */ - int year, month, day, hour, minute, second; + int year, month, day, hour, minute, second; if (isUtcLength) { year = parseDecimalPair(&cp); if (year < 50) { @@ -2253,7 +2188,7 @@ CFAbsoluteTime SecAbsoluteTimeFromDateContent(DERTag tag, const uint8_t *bytes, year += 1900; } } else { - year = 100 * parseDecimalPair(&cp) + parseDecimalPair(&cp); + year = 100 * parseDecimalPair(&cp) + parseDecimalPair(&cp); } month = parseDecimalPair(&cp); day = parseDecimalPair(&cp); @@ -2287,7 +2222,7 @@ CFAbsoluteTime SecAbsoluteTimeFromDateContent(DERTag tag, const uint8_t *bytes, || (month == 2 && day > mdays[month] - mdays[month - 1] + is_leap_year) || (month != 2 && day > mdays[month] - mdays[month - 1])) { /* Invalid date. */ - return NULL_TIME; + goto decodeErr; } int dy = year - 2001; @@ -2301,15 +2236,30 @@ CFAbsoluteTime SecAbsoluteTimeFromDateContent(DERTag tag, const uint8_t *bytes, day += is_leap_year; CFAbsoluteTime absTime = (CFAbsoluteTime)((day * 24.0 + hour) * 60.0 + minute) * 60.0 + second; - return absTime - timeZoneOffset; + return absTime - timeZoneOffset; + +decodeErr: + if (error) { + *error = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificate, NULL); + } + return NULL_TIME; +} + +CFAbsoluteTime SecAbsoluteTimeFromDateContent(DERTag tag, const uint8_t *bytes, + size_t length) { + return SecAbsoluteTimeFromDateContentWithError(tag, bytes, length, NULL); } __attribute__((__nonnull__)) static bool derDateContentGetAbsoluteTime(DERTag tag, const DERItem *date, CFAbsoluteTime *pabsTime) { - CFAbsoluteTime absTime = SecAbsoluteTimeFromDateContent(tag, date->data, - date->length); - if (absTime == NULL_TIME) + CFErrorRef error = NULL; + CFAbsoluteTime absTime = SecAbsoluteTimeFromDateContentWithError(tag, date->data, + date->length, &error); + if (error) { + secwarning("Invalid date specification in certificate (see RFC5280 4.1.2.5)"); + CFRelease(error); return false; + } *pabsTime = absTime; return true; @@ -2396,6 +2346,20 @@ static void appendDateProperty(CFMutableArrayRef properties, CFRelease(date); } +static void appendValidityPeriodProperty(CFMutableArrayRef parent, CFStringRef label, + SecCertificateRef certificate) { + CFAllocatorRef allocator = CFGetAllocator(parent); + CFMutableArrayRef properties = CFArrayCreateMutable(allocator, 0, &kCFTypeArrayCallBacks); + + appendDateProperty(properties, SEC_NOT_VALID_BEFORE_KEY, + certificate->_notBefore); + appendDateProperty(properties, SEC_NOT_VALID_AFTER_KEY, + certificate->_notAfter); + + appendProperty(parent, kSecPropertyTypeSection, label, NULL, properties); + CFReleaseNull(properties); +} + static void appendIPAddressContentProperty(CFMutableArrayRef properties, CFStringRef label, const DERItem *ip) { CFStringRef value = @@ -2465,6 +2429,75 @@ static void appendAlgorithmProperty(CFMutableArrayRef properties, CFRelease(alg_props); } +static void appendPublicKeyProperty(CFMutableArrayRef parent, CFStringRef label, + SecCertificateRef certificate) { + CFAllocatorRef allocator = CFGetAllocator(parent); + CFMutableArrayRef properties = CFArrayCreateMutable(allocator, 0, &kCFTypeArrayCallBacks); + + /* Public key algorithm. */ + appendAlgorithmProperty(properties, SEC_PUBLIC_KEY_ALG_KEY, + &certificate->_algId); + + /* Public Key Size */ +#if TARGET_OS_IPHONE + SecKeyRef publicKey = SecCertificateCopyPublicKey(certificate); +#else + SecKeyRef publicKey = SecCertificateCopyPublicKey_ios(certificate); +#endif + if (publicKey) { + size_t sizeInBytes = SecKeyGetBlockSize(publicKey); + CFStringRef sizeInBitsString = CFStringCreateWithFormat(allocator, NULL, + CFSTR("%ld"), (sizeInBytes*8)); + if (sizeInBitsString) { + appendProperty(properties, kSecPropertyTypeString, SEC_PUBLIC_KEY_SIZE_KEY, + NULL, sizeInBitsString); + } + CFReleaseNull(sizeInBitsString); + } + CFReleaseNull(publicKey); + + /* Consider breaking down an RSA public key into modulus and + exponent? */ + appendDataProperty(properties, SEC_PUBLIC_KEY_DATA_KEY, NULL, + &certificate->_pubKeyDER); + + appendProperty(parent, kSecPropertyTypeSection, label, NULL, properties); + CFReleaseNull(properties); +} + +static void appendSignatureProperty(CFMutableArrayRef parent, CFStringRef label, + SecCertificateRef certificate) { + CFAllocatorRef allocator = CFGetAllocator(parent); + CFMutableArrayRef properties = CFArrayCreateMutable(allocator, 0, &kCFTypeArrayCallBacks); + + appendAlgorithmProperty(properties, SEC_SIGNATURE_ALGORITHM_KEY, + &certificate->_tbsSigAlg); + + appendDataProperty(properties, SEC_SIGNATURE_DATA_KEY, NULL, + &certificate->_signature); + + appendProperty(parent, kSecPropertyTypeSection, label, NULL, properties); + CFReleaseNull(properties); +} + +static void appendFingerprintsProperty(CFMutableArrayRef parent, CFStringRef label, SecCertificateRef certificate) { + CFAllocatorRef allocator = CFGetAllocator(parent); + CFMutableArrayRef properties = CFArrayCreateMutable(allocator, 0, &kCFTypeArrayCallBacks); + + CFDataRef sha256Fingerprint = SecCertificateCopySHA256Digest(certificate); + if (sha256Fingerprint) { + appendProperty(properties, kSecPropertyTypeData, SEC_SHA2_FINGERPRINT_KEY, + NULL, sha256Fingerprint); + } + CFReleaseNull(sha256Fingerprint); + + appendProperty(properties, kSecPropertyTypeData, SEC_SHA1_FINGERPRINT_KEY, + NULL, SecCertificateGetSHA1Digest(certificate)); + + appendProperty(parent, kSecPropertyTypeSection, label, NULL, properties); + CFReleaseNull(properties); +} + static CFStringRef copyHexDescription(CFAllocatorRef allocator, const DERItem *blob) { CFIndex ix, length = blob->length /* < 24 ? blob->length : 24 */; @@ -2759,6 +2792,20 @@ static void appendBooleanProperty(CFMutableArrayRef properties, } } +static void appendSerialNumberProperty(CFMutableArrayRef parent, CFStringRef label, + DERItem *serialNum) { + CFAllocatorRef allocator = CFGetAllocator(parent); + CFMutableArrayRef properties = CFArrayCreateMutable(allocator, 0, &kCFTypeArrayCallBacks); + + if (serialNum->length) { + appendIntegerProperty(properties, SEC_SERIAL_NUMBER_KEY, + serialNum); + appendProperty(parent, kSecPropertyTypeSection, label, NULL, properties); + } + + CFReleaseNull(properties); +} + static void appendBitStringContentNames(CFMutableArrayRef properties, CFStringRef label, const DERItem *bitStringContent, const CFStringRef *names, CFIndex namesCount) { @@ -2817,78 +2864,6 @@ badDER: appendInvalidProperty(properties, label, bitString); } -#if 0 -typedef uint16_t SecKeyUsage; - -#define kSecKeyUsageDigitalSignature 0x8000 -#define kSecKeyUsageNonRepudiation 0x4000 -#define kSecKeyUsageKeyEncipherment 0x2000 -#define kSecKeyUsageDataEncipherment 0x1000 -#define kSecKeyUsageKeyAgreement 0x0800 -#define kSecKeyUsageKeyCertSign 0x0400 -#define kSecKeyUsageCRLSign 0x0200 -#define kSecKeyUsageEncipherOnly 0x0100 -#define kSecKeyUsageDecipherOnly 0x0080 - -/* - KeyUsage ::= BIT STRING { - digitalSignature (0), - nonRepudiation (1), - keyEncipherment (2), - dataEncipherment (3), - keyAgreement (4), - keyCertSign (5), - cRLSign (6), - encipherOnly (7), - decipherOnly (8) } - */ -static void appendKeyUsage(CFMutableArrayRef properties, - const DERItem *extnValue) { - if ((extnValue->length != 4 && extnValue->length != 5) || - extnValue->data[0] != ASN1_BIT_STRING || - extnValue->data[1] < 2 || extnValue->data[1] > 3 || - extnValue->data[2] > 7) { - appendInvalidProperty(properties, CFSTR("KeyUsage Extension"), - extnValue); - } else { - CFMutableStringRef string = - CFStringCreateMutable(CFGetAllocator(properties), 0); - SecKeyUsage usage = (extnValue->data[3] << 8); - if (extnValue->length == 5) - usage += extnValue->data[4]; - secdebug("keyusage", "keyusage: %04X", usage); - static const CFStringRef usageNames[] = { - CFSTR("Digital Signature"), - CFSTR("Non-Repudiation"), - CFSTR("Key Encipherment"), - CFSTR("Data Encipherment"), - CFSTR("Key Agreement"), - CFSTR("Cert Sign"), - CFSTR("CRL Sign"), - CFSTR("Encipher"), - CFSTR("Decipher"), - }; - bool didOne = false; - SecKeyUsage mask = kSecKeyUsageDigitalSignature; - CFIndex ix, bits = (extnValue->data[1] - 1) * 8 - extnValue->data[2]; - for (ix = 0; ix < bits; ++ix) { - if (usage & mask) { - if (didOne) { - CFStringAppend(string, CFSTR(", ")); - } else { - didOne = true; - } - /* @@@ Localize usageNames[ix]. */ - CFStringAppend(string, usageNames[ix]); - } - mask >>= 1; - } - appendProperty(properties, kSecPropertyTypeString, CFSTR("Usage"), - string); - CFRelease(string); - } -} -#else static void appendKeyUsage(CFMutableArrayRef properties, const DERItem *extnValue) { static const CFStringRef usageNames[] = { @@ -2905,7 +2880,6 @@ static void appendKeyUsage(CFMutableArrayRef properties, appendBitStringNames(properties, SEC_USAGE_KEY, extnValue, usageNames, array_size(usageNames)); } -#endif static void appendPrivateKeyUsagePeriod(CFMutableArrayRef properties, const DERItem *extnValue) { @@ -3174,6 +3148,7 @@ static void appendNameConstraints(CFMutableArrayRef properties, CFRelease(base); } } + require_quiet(drtn == DR_EndOfSequence, badDER); } if (nc.excludedSubtrees.length) { DERSequence gsSeq; @@ -3202,6 +3177,7 @@ static void appendNameConstraints(CFMutableArrayRef properties, CFRelease(base); } } + require_quiet(drtn == DR_EndOfSequence, badDER); } return; @@ -3305,26 +3281,25 @@ static void appendIntegerSequenceContent(CFMutableArrayRef properties, CFStringRef label, const DERItem *intSequenceContent) { CFAllocatorRef allocator = CFGetAllocator(properties); DERSequence intSeq; + CFStringRef fmt = NULL, value = NULL, intDesc = NULL, v = NULL; DERReturn drtn = DERDecodeSeqContentInit(intSequenceContent, &intSeq); require_noerr_quiet(drtn, badDER); DERDecodedInfo intContent; - CFStringRef value = NULL; - CFStringRef fmt = SecCopyCertString(SEC_STRING_LIST_KEY); + fmt = SecCopyCertString(SEC_STRING_LIST_KEY); while ((drtn = DERDecodeSeqNext(&intSeq, &intContent)) == DR_Success) { require_quiet(intContent.tag == ASN1_INTEGER, badDER); - CFStringRef intDesc = copyIntegerContentDescription( + intDesc = copyIntegerContentDescription( allocator, &intContent.content); if (value) { - CFStringRef v; v = CFStringCreateWithFormat(allocator, NULL, fmt, value, intDesc); - CFRelease(value); + CFReleaseNull(value); value = v; - CFRelease(intDesc); + CFReleaseNull(intDesc); } else { value = intDesc; } } - CFRelease(fmt); + CFReleaseNull(fmt); require_quiet(drtn == DR_EndOfSequence, badDER); if (value) { appendProperty(properties, kSecPropertyTypeString, label, NULL, value); @@ -3333,6 +3308,9 @@ static void appendIntegerSequenceContent(CFMutableArrayRef properties, } /* DROPTHOUGH if !value. */ badDER: + CFReleaseNull(fmt); + CFReleaseNull(intDesc); + CFReleaseNull(v); appendInvalidProperty(properties, label, intSequenceContent); } @@ -3603,34 +3581,6 @@ static void appendNetscapeCertType(CFMutableArrayRef properties, certTypes, array_size(certTypes)); } -#if 0 -static void appendEntrustVersInfo(CFMutableArrayRef properties, - const DERItem *extnValue) { -} - -/* - * The list of Qualified Cert Statement statementIds we understand, even though - * we don't actually do anything with them; if these are found in a Qualified - * Cert Statement that's critical, we can truthfully say "yes we understand this". - */ -static const CSSM_OID_PTR knownQualifiedCertStatements[] = -{ - /* id-qcs := { id-pkix 11 } */ - (const CSSM_OID_PTR)&CSSMOID_OID_QCS_SYNTAX_V1, /* id-qcs 1 */ - (const CSSM_OID_PTR)&CSSMOID_OID_QCS_SYNTAX_V2, /* id-qcs 2 */ - (const CSSM_OID_PTR)&CSSMOID_ETSI_QCS_QC_COMPLIANCE, - (const CSSM_OID_PTR)&CSSMOID_ETSI_QCS_QC_LIMIT_VALUE, - (const CSSM_OID_PTR)&CSSMOID_ETSI_QCS_QC_RETENTION, - (const CSSM_OID_PTR)&CSSMOID_ETSI_QCS_QC_SSCD -}; -#define NUM_KNOWN_QUAL_CERT_STATEMENTS (sizeof(knownQualifiedCertStatements) / sizeof(CSSM_OID_PTR)) -*/ -static void appendQCCertStatements(CFMutableArrayRef properties, - const DERItem *extnValue) { -} - -#endif - static bool appendPrintableDERSequence(CFMutableArrayRef properties, CFStringRef label, const DERItem *sequence) { DERTag tag; @@ -3695,7 +3645,6 @@ static void appendExtension(CFMutableArrayRef parent, appendBoolProperty(properties, SEC_CRITICAL_KEY, extn->critical); require_quiet(extnID, xit); -#if 1 bool handled = true; /* Extensions that we know how to handle ourselves... */ if (extnID->length == oidSubjectKeyIdentifier.length && @@ -3782,51 +3731,6 @@ static void appendExtension(CFMutableArrayRef parent, appendUnparsedProperty(properties, SEC_DATA_KEY, NULL, extnValue); } } -#else - /* Extensions that we know how to handle ourselves... */ - if (DEROidCompare(extnID, &oidSubjectKeyIdentifier)) { - appendSubjectKeyIdentifier(properties, extnValue); - } else if (DEROidCompare(extnID, &oidKeyUsage)) { - appendKeyUsage(properties, extnValue); - } else if (DEROidCompare(extnID, &oidPrivateKeyUsagePeriod)) { - appendPrivateKeyUsagePeriod(properties, extnValue); - } else if (DEROidCompare(extnID, &oidSubjectAltName)) { - appendGeneralNames(properties, extnValue); - } else if (DEROidCompare(extnID, &oidIssuerAltName)) { - appendGeneralNames(properties, extnValue); - } else if (DEROidCompare(extnID, &oidBasicConstraints)) { - appendBasicConstraints(properties, extnValue); - } else if (DEROidCompare(extnID, &oidNameConstraints)) { - appendNameConstraints(properties, extnValue); - } else if (DEROidCompare(extnID, &oidCrlDistributionPoints)) { - appendCrlDistributionPoints(properties, extnValue); - } else if (DEROidCompare(extnID, &oidCertificatePolicies)) { - appendCertificatePolicies(properties, extnValue); - } else if (DEROidCompare(extnID, &oidAuthorityKeyIdentifier)) { - appendAuthorityKeyIdentifier(properties, extnValue); - } else if (DEROidCompare(extnID, &oidPolicyConstraints)) { - appendPolicyConstraints(properties, extnValue); - } else if (DEROidCompare(extnID, &oidExtendedKeyUsage)) { - appendExtendedKeyUsage(properties, extnValue); - } else if (DEROidCompare(extnID, &oidAuthorityInfoAccess)) { - appendInfoAccess(properties, extnValue); - } else if (DEROidCompare(extnID, &oidSubjectInfoAccess)) { - appendInfoAccess(properties, extnValue); - } else if (DEROidCompare(extnID, &oidNetscapeCertType)) { - appendNetscapeCertType(properties, extnValue); -#if 0 - } else if (DEROidCompare(extnID, &oidEntrustVersInfo)) { - appendEntrustVersInfo(properties, extnValue); -#endif - } else - /* Try to parse and display printable string(s). */ - if (appendPrintableDERSequence(properties, SEC_DATA_KEY, extnValue)) { - /* Nothing to do here appendPrintableDERSequence did the work. */ - } else { - /* Couldn't parse extension; dump the raw unparsed data as hex. */ - appendUnparsedProperty(properties, SEC_DATA_KEY, NULL, extnValue); - } -#endif label = SecDERItemCopyOIDDecimalRepresentation(allocator, extnID); localizedLabel = copyLocalizedOidDescription(allocator, extnID); appendProperty(parent, kSecPropertyTypeSection, label, localizedLabel, properties); @@ -4026,12 +3930,6 @@ CFMutableArrayRef SecCertificateCopySummaryProperties( NULL, NULL, ssummary); CFRelease(ssummary); } -#if 0 - CFStringRef isummary = SEC_ISSUER_SUMMARY_KEY; - appendProperty(summary, kSecPropertyTypeString, - SEC_ISSUED_BY_KEY, isummary); - CFRelease(isummary); -#endif /* Let see if this certificate is currently valid. */ CFStringRef label; @@ -4090,21 +3988,6 @@ CFArrayRef SecCertificateCopyProperties(SecCertificateRef certificate) { SEC_SUBJECT_NAME_KEY, NULL, subject_plist); CFRelease(subject_plist); -#if 0 - /* Put Normalized subject in for testing. */ - if (certificate->_normalizedSubject) { - DERItem nsubject = { - (DERByte *)CFDataGetBytePtr(certificate->_normalizedSubject), - CFDataGetLength(certificate->_normalizedSubject) - }; - CFArrayRef nsubject_plist = createPropertiesForX501NameContent(allocator, - &nsubject); - appendProperty(properties, kSecPropertyTypeSection, - CFSTR("Normalized Subject Name"), nsubject_plist); - CFRelease(nsubject_plist); - } -#endif - /* Next we put the Issuer Name in the property list. */ CFArrayRef issuer_plist = createPropertiesForX501NameContent(allocator, &certificate->_issuer); @@ -4112,18 +3995,6 @@ CFArrayRef SecCertificateCopyProperties(SecCertificateRef certificate) { SEC_ISSUER_NAME_KEY, NULL, issuer_plist); CFRelease(issuer_plist); -#if 0 - /* Certificate version/type. */ - bool isRoot = false; - CFStringRef fmt = SecCopyCertString(SEC_X509_VERSION_KEY); - CFStringRef typeString = CFStringCreateWithFormat(allocator, NULL, - fmt, certificate->_version + 1, isRoot ? "root " : ""); - CFRelease(fmt); - appendProperty(properties, kSecPropertyTypeString, - SEC_CERTIFICATE_TYPE_KEY, typeString); - CFRelease(typeString); -#endif - /* Version */ CFStringRef fmt = SecCopyCertString(SEC_CERT_VERSION_VALUE_KEY); CFStringRef versionString = CFStringCreateWithFormat(allocator, @@ -4134,25 +4005,10 @@ CFArrayRef SecCertificateCopyProperties(SecCertificateRef certificate) { CFRelease(versionString); /* Serial Number */ - if (certificate->_serialNum.length) { - appendIntegerProperty(properties, SEC_SERIAL_NUMBER_KEY, - &certificate->_serialNum); - } - - /* Signature algorithm. */ -#if 0 - appendAlgorithmProperty(properties, SEC_SIGNATURE_ALGORITHM_KEY, - &certificate->_sigAlg); -#endif - appendAlgorithmProperty(properties, SEC_SIGNATURE_ALGORITHM_KEY, - &certificate->_tbsSigAlg); - + appendSerialNumberProperty(properties, SEC_SERIAL_NUMBER_KEY, &certificate->_serialNum); /* Validity dates. */ - appendDateProperty(properties, SEC_NOT_VALID_BEFORE_KEY, - certificate->_notBefore); - appendDateProperty(properties, SEC_NOT_VALID_AFTER_KEY, - certificate->_notAfter); + appendValidityPeriodProperty(properties, SEC_VALIDITY_PERIOD_KEY, certificate); if (certificate->_subjectUniqueID.length) { appendDataProperty(properties, SEC_SUBJECT_UNIQUE_ID_KEY, NULL, @@ -4163,26 +4019,17 @@ CFArrayRef SecCertificateCopyProperties(SecCertificateRef certificate) { &certificate->_issuerUniqueID); } - /* Public key algorithm. */ - appendAlgorithmProperty(properties, SEC_PUBLIC_KEY_ALG_KEY, - &certificate->_algId); - - /* Consider breaking down an RSA public key into modulus and - exponent? */ - appendDataProperty(properties, SEC_PULIC_KEY_DATA_KEY, NULL, - &certificate->_pubKeyDER); - /* TODO: Add Key Size. */ - /* TODO: Add Key Usage. */ - - appendDataProperty(properties, SEC_SIGNATURE_KEY, NULL, - &certificate->_signature); + appendPublicKeyProperty(properties, SEC_PUBLIC_KEY_KEY, certificate); CFIndex ix; for (ix = 0; ix < certificate->_extensionCount; ++ix) { appendExtension(properties, &certificate->_extensions[ix]); } - /* TODO: Certificate/Key Fingerprints. */ + /* Signature */ + appendSignatureProperty(properties, SEC_SIGNATURE_KEY, certificate); + + appendFingerprintsProperty(properties, SEC_FINGERPRINTS_KEY, certificate); certificate->_properties = properties; } @@ -4191,7 +4038,7 @@ CFArrayRef SecCertificateCopyProperties(SecCertificateRef certificate) { return certificate->_properties; } -#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) +#if TARGET_OS_OSX /* On OS X, the SecCertificateCopySerialNumber API takes two arguments. */ CFDataRef SecCertificateCopySerialNumber( SecCertificateRef certificate, @@ -4238,8 +4085,17 @@ OSStatus SecCertificateIsSignedBy(SecCertificateRef certificate, algId.parameters.Length = certificate->_tbsSigAlg.params.length; algId.parameters.Data = certificate->_tbsSigAlg.params.data; + /* RFC5280 4.1.1.2, 4.1.2.3 requires the actual signature algorithm + must match the specified algorithm in the TBSCertificate. */ + bool sigAlgMatch = DEROidCompare(&certificate->_sigAlg.oid, + &certificate->_tbsSigAlg.oid); + if (!sigAlgMatch) { + secwarning("Signature algorithm mismatch in certificate (see RFC5280 4.1.1.2)"); + } + CFErrorRef error = NULL; - if (!SecVerifySignatureWithPublicKey(issuerKey, &algId, + if (!sigAlgMatch || + !SecVerifySignatureWithPublicKey(issuerKey, &algId, certificate->_tbs.data, certificate->_tbs.length, certificate->_signature.data, certificate->_signature.length, &error)) { @@ -4253,180 +4109,6 @@ OSStatus SecCertificateIsSignedBy(SecCertificateRef certificate, return errSecSuccess; } -#if 0 -static OSStatus SecCertificateIsIssuedBy(SecCertificateRef certificate, - SecCertificateRef issuer, bool signatureCheckOnly) { - if (!signatureCheckOnly) { - /* It turns out we don't actually need to use normalized subject and - issuer according to rfc2459. */ - - /* If present we should check issuerID against the issuer subjectID. */ - - /* If we have an AuthorityKeyIdentifier extension that has a keyIdentifier - then we should look for a SubjectKeyIdentifier in the issuer - certificate. - If we have a authorityCertSerialNumber we can use that for chaining. - If we have a authorityCertIssuer we can use that? (or not) */ - - /* Verify that this cert was issued by issuer. Do so by chaining - either issuerID to subjectID or normalized issuer to normalized - subject. */ - CFDataRef normalizedIssuer = - SecCertificateGetNormalizedIssuerContent(certificate); - CFDataRef normalizedIssuerSubject = - SecCertificateGetNormalizedSubjectContent(issuer); - if (normalizedIssuer && normalizedIssuerSubject && - !CFEqual(normalizedIssuer, normalizedIssuerSubject)) - return errSecIssuerMismatch; - } - - /* Next verify that this cert was signed by issuer. */ - SecKeyRef issuerKey = SecCertificateGetPublicKey(issuer); - - /* Get the encodedDigestInfo from the digest of the subject's TBSCert */ - /* FIXME: We sould cache this (or at least the digest) until we find - a suitable issuer. */ - uint8_t signedData[DER_SHA1_DIGEST_INFO_LEN]; - CFIndex signedDataLength; - CertVerifyReturn crtn; - if (DEROidCompare(&certificate->_tbsSigAlg.oid, &oidSha1Rsa)) { - signedDataLength = DER_SHA1_DIGEST_INFO_LEN; - crtn = sha1DigestInfo(&certificate->_tbs, signedData); - } else if(DEROidCompare(&certificate->_tbsSigAlg.oid, &oidMd5Rsa)) { - signedDataLength = DER_MD_DIGEST_INFO_LEN; - crtn = mdDigestInfo(WD_MD5, &certificate->_tbs, signedData); - } else if(DEROidCompare(&certificate->_tbsSigAlg.oid, &oidMd2Rsa)) { - signedDataLength = DER_MD_DIGEST_INFO_LEN; - crtn = mdDigestInfo(WD_MD2, &certificate->_tbs, signedData); - } else { - secdebug("verify", "unsupported algorithm"); - return errSecUnsupportedAlgorithm; - } - if (crtn) { - secdebug("verify", "*DigestInfo returned: %d", crtn); - /* FIXME: Do proper error code translation. */ - return errSecUnsupportedAlgorithm; - } - - OSStatus status = SecKeyRawVerify(issuerKey, kSecPaddingPKCS1, - signedData, signedDataLength, - certificate->_signature.data, certificate->_signature.length); - if (status) { - secdebug("verify", "signature verify failed: %d", status); - return errSecNotSigner; - } - - return errSecSuccess; -} - -static OSStatus _SecCertificateSetParent(SecCertificateRef certificate, - SecCertificateRef issuer, bool signatureCheckOnly) { - check(issuer); - if (certificate->_parent) { - /* Setting a certificates issuer twice is only allowed if the new - issuer is equal to the current one. */ - return issuer && CFEqual(certificate->_parent, issuer); - } - -#if 0 - OSStatus status = SecCertificateIsIssuedBy(certificate, issuer, - signatureCheckOnly); -#else - OSStatus status = errSecSuccess; -#endif - if (!status) { - if (CFEqual(certificate, issuer)) { - /* We don't retain ourselves cause that would be bad mojo, - however we do record that we are properly self signed. */ - certificate->_isSelfSigned = kSecSelfSignedTrue; - secdebug("cert", "set self as parent"); - return errSecSuccess; - } - - CFRetain(issuer); - certificate->_parent = issuer; - certificate->_isSelfSigned = kSecSelfSignedFalse; - } - - return status; -} - -/* Return true iff we were able to set our own parent from one of the - certificates in other_certificates, return false otherwise. If - signatureCheckOnly is true, we can skip the subject == issuer or - authorityKeyIdentifier tests. */ -static bool SecCertificateSetParentFrom(SecCertificateRef certificate, - CFArrayRef other_certificates, bool signatureCheckOnly) { - CFIndex count = CFArrayGetCount(other_certificates); - CFIndex ix; - for (ix = 0; ix < count; ++ix) { - SecCertificateRef candidate = (SecCertificateRef) - CFArrayGetValueAtIndex(other_certificates, ix); - if (_SecCertificateSetParent(certificate, candidate, - signatureCheckOnly)) - return true; - } - return false; -} - -/* Lookup the parent of certificate in the keychain and set it. */ -static bool SecCertificateFindParent(SecCertificateRef certificate) { - /* FIXME: Search for things other than just subject of our issuer if we - have a subjectID or authorityKeyIdentifier. */ - CFDataRef normalizedIssuer = - SecCertificateGetNormalizedIssuerContent(certificate); - const void *keys[] = { - kSecClass, - kSecReturnRef, - kSecMatchLimit, - kSecAttrSubject - }, - *values[] = { - kSecClassCertificate, - kCFBooleanTrue, - kSecMatchLimitAll, - normalizedIssuer - }; - CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values, 4, - &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - CFTypeRef results; - OSStatus status = SecItemCopyMatching(query, &results); - CFRelease(query); - if (status) { - secdebug("cert", "SecCertificateFindParent: SecItemCopyMatching: %d", - status); - return false; - } - CFArrayRef certs = (CFArrayRef)results; - /* Since we already know the certificates we are providing as candidates - have been checked for subject matching, we can ask - SecCertificateSetParentFrom to skip everything except the signature - checks. */ - bool result = SecCertificateSetParentFrom(certificate, certs, true); - CFRelease(certs); - return result; -} - -OSStatus SecCertificateCompleteChain(SecCertificateRef certificate, - CFArrayRef other_certificates) { - for (;;) { - if (certificate->_parent == NULL) { - Boolean isSelfSigned = false; - OSStatus status = SecCertificateIsSelfSigned(certificate, &isSelfSigned); - if (!status && isSelfSigned) - return errSecSuccess; - if (!other_certificates || - !SecCertificateSetParentFrom(certificate, other_certificates, - false)) { - if (!SecCertificateFindParent(certificate)) - return errSecIssuerNotFound; - } - } - certificate = certificate->_parent; - } -} -#endif - const DERItem * SecCertificateGetSubjectAltName(SecCertificateRef certificate) { if (!certificate->_subjectAltName) { return NULL; @@ -4674,6 +4356,14 @@ CFArrayRef SecCertificateCopyRFC822Names(SecCertificateRef certificate) { return rfc822Names; } +OSStatus SecCertificateCopyEmailAddresses(SecCertificateRef certificate, CFArrayRef * __nonnull CF_RETURNS_RETAINED emailAddresses) { + if (!certificate || !emailAddresses) { + return errSecParam; + } + *emailAddresses = SecCertificateCopyRFC822Names(certificate); + return errSecSuccess; +} + static OSStatus appendCommonNamesFromX501Name(void *context, const DERItem *type, const DERItem *value, CFIndex rdnIX) { CFMutableArrayRef commonNames = (CFMutableArrayRef)context; @@ -4703,6 +4393,24 @@ CFArrayRef SecCertificateCopyCommonNames(SecCertificateRef certificate) { return commonNames; } +OSStatus SecCertificateCopyCommonName(SecCertificateRef certificate, CFStringRef *commonName) +{ + if (!certificate) { + return errSecParam; + } + CFArrayRef commonNames = SecCertificateCopyCommonNames(certificate); + if (!commonNames) { + return errSecInternal; + } + + if (commonName) { + CFIndex count = CFArrayGetCount(commonNames); + *commonName = CFRetainSafe(CFArrayGetValueAtIndex(commonNames, count-1)); + } + CFReleaseSafe(commonNames); + return errSecSuccess; +} + static OSStatus appendOrganizationFromX501Name(void *context, const DERItem *type, const DERItem *value, CFIndex rdnIX) { CFMutableArrayRef organization = (CFMutableArrayRef)context; @@ -4761,6 +4469,35 @@ CFArrayRef SecCertificateCopyOrganizationalUnit(SecCertificateRef certificate) { return organizationalUnit; } +static OSStatus appendCountryFromX501Name(void *context, + const DERItem *type, const DERItem *value, CFIndex rdnIX) { + CFMutableArrayRef countries = (CFMutableArrayRef)context; + if (DEROidCompare(type, &oidCountryName)) { + CFStringRef string = copyDERThingDescription(kCFAllocatorDefault, + value, true); + if (string) { + CFArrayAppendValue(countries, string); + CFRelease(string); + } else { + return errSecInvalidCertificate; + } + } + return errSecSuccess; +} + +CFArrayRef SecCertificateCopyCountry(SecCertificateRef certificate) { + CFMutableArrayRef countries = CFArrayCreateMutable(kCFAllocatorDefault, + 0, &kCFTypeArrayCallBacks); + OSStatus status; + status = parseX501NameContent(&certificate->_subject, countries, + appendCountryFromX501Name); + if (status || CFArrayGetCount(countries) == 0) { + CFRelease(countries); + countries = NULL; + } + return countries; +} + const SecCEBasicConstraints * SecCertificateGetBasicConstraints(SecCertificateRef certificate) { if (certificate->_basicConstraints.present) @@ -4785,9 +4522,13 @@ SecCertificateGetPolicyConstraints(SecCertificateRef certificate) { return NULL; } -CFDictionaryRef +const SecCEPolicyMappings * SecCertificateGetPolicyMappings(SecCertificateRef certificate) { - return certificate->_policyMappings; + if (certificate->_policyMappings.present) { + return &certificate->_policyMappings; + } else { + return NULL; + } } const SecCECertificatePolicies * @@ -4798,9 +4539,13 @@ SecCertificateGetCertificatePolicies(SecCertificateRef certificate) { return NULL; } -uint32_t +const SecCEInhibitAnyPolicy * SecCertificateGetInhibitAnyPolicySkipCerts(SecCertificateRef certificate) { - return certificate->_inhibitAnyPolicySkipCerts; + if (certificate->_inhibitAnyPolicySkipCerts.present) { + return &certificate->_inhibitAnyPolicySkipCerts; + } else { + return NULL; + } } static OSStatus appendNTPrincipalNamesFromGeneralNames(void *context, @@ -5003,6 +4748,28 @@ CFDataRef SecCertificateCopySubjectSequence( return SecDERItemCopySequence(&certificate->_subject); } +CFDataRef SecCertificateCopyNormalizedIssuerSequence(SecCertificateRef certificate) { + if (!certificate || !certificate->_normalizedIssuer) { + return NULL; + } + DERItem tmpItem; + tmpItem.data = (void *)CFDataGetBytePtr(certificate->_normalizedIssuer); + tmpItem.length = CFDataGetLength(certificate->_normalizedIssuer); + + return SecDERItemCopySequence(&tmpItem); +} + +CFDataRef SecCertificateCopyNormalizedSubjectSequence(SecCertificateRef certificate) { + if (!certificate || !certificate->_normalizedSubject) { + return NULL; + } + DERItem tmpItem; + tmpItem.data = (void *)CFDataGetBytePtr(certificate->_normalizedSubject); + tmpItem.length = CFDataGetLength(certificate->_normalizedSubject); + + return SecDERItemCopySequence(&tmpItem); +} + const DERAlgorithmId *SecCertificateGetPublicKeyAlgorithm( SecCertificateRef certificate) { return &certificate->_algId; @@ -5012,13 +4779,13 @@ const DERItem *SecCertificateGetPublicKeyData(SecCertificateRef certificate) { return &certificate->_pubKeyDER; } -#if SECTRUST_OSX +#if TARGET_OS_OSX /* There is already a SecCertificateCopyPublicKey with different args on OS X, so we will refer to this one internally as SecCertificateCopyPublicKey_ios. */ -SecKeyRef SecCertificateCopyPublicKey_ios(SecCertificateRef certificate) +__nullable SecKeyRef SecCertificateCopyPublicKey_ios(SecCertificateRef certificate) #else -SecKeyRef SecCertificateCopyPublicKey(SecCertificateRef certificate) +__nullable SecKeyRef SecCertificateCopyPublicKey(SecCertificateRef certificate) #endif { if (certificate->_pubKey == NULL) { @@ -5048,7 +4815,7 @@ SecKeyRef SecCertificateCopyPublicKey(SecCertificateRef certificate) bool SecCertificateIsWeakKey(SecCertificateRef certificate) { bool weak = true; SecKeyRef pubKey = NULL; -#if SECTRUST_OSX +#if TARGET_OS_OSX require_quiet(pubKey = SecCertificateCopyPublicKey_ios(certificate), out); #else require_quiet(pubKey = SecCertificateCopyPublicKey(certificate) ,out); @@ -5087,7 +4854,7 @@ bool SecCertificateIsAtLeastMinKeySize(SecCertificateRef certificate, CFDictionaryRef keySizes) { bool goodSize = false; SecKeyRef pubKey = NULL; -#if SECTRUST_OSX +#if TARGET_OS_OSX require_quiet(pubKey = SecCertificateCopyPublicKey_ios(certificate), out); #else require_quiet(pubKey = SecCertificateCopyPublicKey(certificate) ,out); @@ -5328,7 +5095,7 @@ static bool _SecCertificateIsSelfSigned(SecCertificateRef certificate) { certificate->_isSelfSigned = kSecSelfSignedFalse; SecKeyRef publicKey = NULL; require(certificate && (CFGetTypeID(certificate) == SecCertificateGetTypeID()), out); -#if SECTRUST_OSX +#if TARGET_OS_OSX require(publicKey = SecCertificateCopyPublicKey_ios(certificate), out); #else require(publicKey = SecCertificateCopyPublicKey(certificate), out); diff --git a/OSX/sec/Security/SecCertificate.h b/OSX/sec/Security/SecCertificate.h deleted file mode 100644 index aea0830a..00000000 --- a/OSX/sec/Security/SecCertificate.h +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Copyright (c) 2006-2009,2012-2015 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecCertificate - The functions provided in SecCertificate.h implement and manage a - particular type of keychain item that represents a X.509 public key - certificate. You can store a certificate in a keychain, but a - certificate can also be a transient object. - - You can use a certificate as a keychain item in most functions. -*/ - -#ifndef _SECURITY_SECCERTIFICATE_H_ -#define _SECURITY_SECCERTIFICATE_H_ - -#include -#include - -__BEGIN_DECLS - -CF_ASSUME_NONNULL_BEGIN -CF_IMPLICIT_BRIDGING_ENABLED - -/*! - @function SecCertificateGetTypeID - @abstract Returns the type identifier of SecCertificate instances. - @result The CFTypeID of SecCertificate instances. -*/ -CFTypeID SecCertificateGetTypeID(void) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); - -/*! - @function SecCertificateCreateWithData - @abstract Create a certificate given it's DER representation as a CFData. - @param allocator CFAllocator to allocate the certificate with. - @param certificate DER encoded X.509 certificate. - @result Return NULL if the passed-in data is not a valid DER-encoded - X.509 certificate, return a SecCertificateRef otherwise. -*/ -__nullable -SecCertificateRef SecCertificateCreateWithData(CFAllocatorRef __nullable allocator, - CFDataRef data) __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - -/*! - @function SecCertificateCopyData - @abstract Return the DER representation of an X.509 certificate. - @param certificate SecCertificate object created with - SecCertificateCreateWithData(). - @result DER encoded X.509 certificate. -*/ -CFDataRef SecCertificateCopyData(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - -/*! - @function SecCertificateCopySubjectSummary - @abstract Return a simple string which hopefully represents a human - understandable summary. - @param certificate SecCertificate object created with - SecCertificateCreateWithData(). - @discussion All the data in this string comes from the certificate itself - and thus it's in whatever language the certificate itself is in. - @result A CFStringRef which the caller should CFRelease() once it's no - longer needed. -*/ -__nullable -CFStringRef SecCertificateCopySubjectSummary(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - -CF_IMPLICIT_BRIDGING_DISABLED -CF_ASSUME_NONNULL_END - -__END_DECLS - -#endif /* !_SECURITY_SECCERTIFICATE_H_ */ - diff --git a/OSX/sec/Security/SecCertificateInternal.h b/OSX/sec/Security/SecCertificateInternal.h index fe449f36..998960d8 100644 --- a/OSX/sec/Security/SecCertificateInternal.h +++ b/OSX/sec/Security/SecCertificateInternal.h @@ -52,12 +52,6 @@ CFArrayRef SecCertificateGetCAIssuers(SecCertificateRef certificate); /* Dump certificate for debugging. */ void SecCertificateShow(SecCertificateRef certificate); -/* Return the DER encoded issuer sequence for the receiving certificates issuer. */ -CFDataRef SecCertificateCopyIssuerSequence(SecCertificateRef certificate); - -/* Return the DER encoded subject sequence for the receiving certificates subject. */ -CFDataRef SecCertificateCopySubjectSequence(SecCertificateRef certificate); - /* Return the normalized name or NULL if it fails to parse */ CFDataRef SecDistinguishedNameCopyNormalizedContent(CFDataRef distinguished_name); @@ -73,10 +67,6 @@ const DERItem * SecCertificateGetSubjectAltName(SecCertificateRef certificate); are unable to parse. */ bool SecCertificateHasUnknownCriticalExtension(SecCertificateRef certificate); -/* Return true iff certificate is valid as of verifyTime. */ -bool SecCertificateIsValid(SecCertificateRef certificate, - CFAbsoluteTime verifyTime); - /* Return an attribute dictionary used to store this item in a keychain. */ CFDictionaryRef SecCertificateCopyAttributeDictionary( SecCertificateRef certificate); @@ -87,10 +77,8 @@ SecCertificateRef SecCertificateCreateFromAttributeDictionary( CFDictionaryRef refAttributes); /* Return a SecKeyRef for the public key embedded in the cert. */ -#if SECTRUST_OSX +#if TARGET_OS_OSX SecKeyRef SecCertificateCopyPublicKey_ios(SecCertificateRef certificate); -#else -SecKeyRef SecCertificateCopyPublicKey(SecCertificateRef certificate); #endif /* Return the SecCEBasicConstraints extension for this certificate if it @@ -116,7 +104,7 @@ SecCertificateGetPolicyConstraints(SecCertificateRef certificate); /* Return a dictionary from CFDataRef to CFArrayRef of CFDataRef representing the policyMapping extension of this certificate. */ -CFDictionaryRef +const SecCEPolicyMappings * SecCertificateGetPolicyMappings(SecCertificateRef certificate); /* Return the SecCECertificatePolicies extension for this certificate if it @@ -127,7 +115,7 @@ SecCertificateGetCertificatePolicies(SecCertificateRef certificate); /* Returns UINT32_MAX if InhibitAnyPolicy extension is not present or invalid, returns the value of the SkipCerts field of the InhibitAnyPolicy extension otherwise. */ -uint32_t +const SecCEInhibitAnyPolicy * SecCertificateGetInhibitAnyPolicySkipCerts(SecCertificateRef certificate); /* Return the public key algorithm and parameters for certificate. */ @@ -143,158 +131,6 @@ const DERItem *SecCertificateGetPublicKeyData(SecCertificateRef certificate); OSStatus SecCertificateIsSignedBy(SecCertificateRef certificate, SecKeyRef issuerKey); -// MARK: - -// MARK: Certificate Creation - -#ifdef OPTIONAL_METHODS -/* Return a certificate for the PEM representation of this certificate. - Return NULL the passed in der_certificate is not a valid DER encoded X.509 - certificate, and return a CFError by reference. It is the - responsibility of the caller to release the CFError. */ -SecCertificateRef SecCertificateCreateWithPEM(CFAllocatorRef allocator, - CFStringRef pem_certificate); - -/* Return a CFStringRef containing the the pem representation of this - certificate. */ -CFStringRef SecCertificateGetPEM(SecCertificateRef der_certificate); - -#endif /* OPTIONAL_METHODS */ - -#if 0 -/* Complete the certificate chain of this certificate, setting the parent - certificate for each certificate along they way. Return 0 if the - system is able to find all the certificates to complete the certificate - chain either in the passed in other_certificates array or in the user or - the systems keychain(s). - If the certifcates issuer chain can not be completed, this function - will return an error status code. - NOTE: This function does not verify whether the certificate is trusted it's - main use is just to ensure that anyone using this certificate upstream will - have access to a complete (or as complete as possible in the case of - something going wrong) certificate chain. */ -OSStatus SecCertificateCompleteChain(SecCertificateRef certificate, - CFArrayRef other_certificates); -#endif - -#if 0 - -/*! - @function SecCertificateGetVersionNumber - @abstract Retrieves the version of a given certificate as a CFNumberRef. - @param certificate A reference to the certificate from which to obtain the certificate version. - @result A CFNumberRef representing the certificate version. The following values are currently known to be returned, but more may be added in the future: - 1: X509v1 - 2: X509v2 - 3: X509v3 -*/ -CFNumberRef SecCertificateGetVersionNumber(SecCertificateRef certificate); - -/*! - @function SecCertificateGetSerialDER - @abstract Retrieves the serial number of a given certificate in DER encoding. - @param certificate A reference to the certificate from which to obtain the serial number. - @result A CFDataRef containing the DER encoded serial number of the certificate, minus the tag and length fields. -*/ -CFDataRef SecCertificateGetSerialDER(SecCertificateRef certificate); - - -/*! - @function SecCertificateGetSerialString - @abstract Retrieves the serial number of a given certificate in human readable form. - @param certificate A reference to the certificate from which to obtain the serial number. - @result A CFStringRef containing the human readable serial number of the certificate in decimal form. -*/ -CFStringRef SecCertificateGetSerialString(SecCertificateRef certificate); - - - -CFDataRef SecCertificateGetPublicKeyDER(SecCertificateRef certificate); -CFDataRef SecCertificateGetPublicKeySHA1FingerPrint(SecCertificateRef certificate); -CFDataRef SecCertificateGetPublicKeyMD5FingerPrint(SecCertificateRef certificate); -CFDataRef SecCertificateGetSignatureAlgorithmDER(SecCertificateRef certificate); -CFDataRef SecCertificateGetSignatureAlgorithmName(SecCertificateRef certificate); -CFStringRef SecCertificateGetSignatureAlgorithmOID(SecCertificateRef certificate); -CFDataRef SecCertificateGetSignatureDER(SecCertificateRef certificate); -CFDataRef SecCertificateGetSignatureAlgorithmParametersDER(SecCertificateRef certificate); - -/* plist top level array is ordered list of key/value pairs */ -CFArrayRef SecCertificateGetSignatureAlgorithmParametersArray(SecCertificateRef certificate); - -#if 0 -/* This cert is signed by its parent? */ -bool SecCertificateIsSignatureValid(SecCertificateRef certificate); - -/* This cert is signed by its parent and so on until no parent certificate can be found? */ -bool SecCertificateIsIssuerChainValid(SecCertificateRef certificate, CFArrayRef additionalCertificatesToSearch); - -/* This cert is signed by its parent and so on until no parent certificate can be found? */ -bool SecCertificateIsSignatureChainValid(SecCertificateRef certificate); - -/* This cert is signed by its parent and so on until a certificate in anchors can be found. */ -bool SecCertificateIssuerChainHasAnchorIn(SecCertificateRef certificate, CFArrayRef anchors); - -/* This cert is signed by its parent and so on until a certificate in anchors can be found. */ -bool SecCertificateSignatureChainHasAnchorIn(SecCertificateRef certificate, CFArrayRef anchors); -#endif - - -/* The entire certificate in DER encoding including the outer tag and length fields. */ -CFDataRef SecCertificateGetDER(SecCertificateRef certificate); - -/* Returns the status code of the last failed call for this certificate on this thread. */ -OSStatus SecCertificateGetStatus(SecCertificateRef certificate); - -CFDataRef SecCertificateGetIssuerDER(SecCertificateRef certificate); -CFDataRef SecCertificateGetNormalizedIssuerDER(SecCertificateRef certificate); - -/* Return the issuer as an X509 name encoded in an array. Each element in this array is an array. Each inner array has en even number of elements. Each pair of elements in the inner array represents a key and a value. The key is a string and the value is also a string. Elements in the outer array should be considered ordered while pairs in the inner array should not. */ -CFArrayRef SecCertificateGetIssuerArray(SecCertificateRef certificate); - - -CFDataRef SecCertificateGetSubjectDER(SecCertificateRef certificate); -CFDataRef SecCertificateGetNormalizedSubjectDER(SecCertificateRef certificate); -/* See SecCertificateGetIssuerArray for a description of the returned array. */ -CFArrayRef SecCertificateGetSubjectArray(SecCertificateRef certificate); - -CFDateRef SecCertificateGetNotValidBeforeDate(SecCertificateRef certificate); -CFDateRef SecCertificateGetNotValidDateDate(SecCertificateRef certificate); - - -#if 0 - -CFIndex SecCertificateGetExtensionCount(SecCertificateRef certificate, index); -CFDataRef SecCertificateGetExtensionAtIndexDER(SecCertificateRef certificate, CFIndex index); -bool SecCertificateIsExtensionAtIndexCritical(SecCertificateRef certificate, CFIndex index); - -/* array see email example. */ -CFArrayRef SecCertificateGetExtensionAtIndexParamsArray(SecCertificateRef certificate, CFIndex index); - -CFStringRef SecCertificateGetExtensionAtIndexName(SecCertificateRef certificate, CFIndex index); -CFStringRef SecCertificateGetExtensionAtIndexOID(SecCertificateRef certificate, CFIndex index); - -#else - -/* Return an array with all of this certificates SecCertificateExtensionRefs. */ -CFArrayRef SecCertificateGetExtensions(SecCertificateRef certificate); - -/* Return the SecCertificateExtensionRef for the extension with the given oid. Return NULL if it does not exist or if an error occours call SecCertificateGetStatus() to see if an error occured or not. */ -SecCertificateExtensionRef SecCertificateGetExtensionWithOID(SecCertificateRef certificate, CFDataRef oid); - -CFDataRef SecCertificateExtensionGetDER(SecCertificateExtensionRef extension, CFDataRef oid); -CFStringRef SecCertificateExtensionName(SecCertificateExtensionRef extension); -CFDataRef SecCertificateExtensionGetOIDDER(SecCertificateExtensionRef extension, CFDataRef oid); -CFStringRef SecCertificateExtensionGetOIDString(SecCertificateExtensionRef extension, CFDataRef oid); -bool SecCertificateExtensionIsCritical(SecCertificateExtensionRef extension); -CFArrayRef SecCertificateExtensionGetContentDER(SecCertificateExtensionRef extension); - -/* Return the content of extension as an array. The array has en even number of elements. Each pair of elements in the array represents a key and a value. The key is a string and the value is either a string, or dictionary or an array of key value pairs like the outer array. */ -CFArrayRef SecCertificateExtensionGetContentArray(SecCertificateExtensionRef extension); - -#endif /* 0 */ - -#endif /* 0 */ - - void appendProperty(CFMutableArrayRef properties, CFStringRef propertyType, CFStringRef label, CFStringRef localizedLabel, CFTypeRef value); diff --git a/OSX/sec/Security/SecCertificatePath.c b/OSX/sec/Security/SecCertificatePath.c index d215ee4d..86c1810b 100644 --- a/OSX/sec/Security/SecCertificatePath.c +++ b/OSX/sec/Security/SecCertificatePath.c @@ -250,7 +250,7 @@ exit: return result; } -SecCertificatePathRef SecCertificatPathCreateDeserialized(CFArrayRef certificates, CFErrorRef *error) { +SecCertificatePathRef SecCertificatePathCreateDeserialized(CFArrayRef certificates, CFErrorRef *error) { SecCertificatePathRef result = NULL; require_action_quiet(isArray(certificates), exit, SecError(errSecParam, error, CFSTR("certificates is not an array"))); @@ -563,7 +563,7 @@ SecKeyRef SecCertificatePathCopyPublicKeyAtIndex( SecCertificatePathRef certificatePath, CFIndex ix) { SecCertificateRef certificate = SecCertificatePathGetCertificateAtIndex(certificatePath, ix); -#if SECTRUST_OSX +#if TARGET_OS_OSX return SecCertificateCopyPublicKey_ios(certificate); #else return SecCertificateCopyPublicKey(certificate); diff --git a/OSX/sec/Security/SecCertificatePath.h b/OSX/sec/Security/SecCertificatePath.h index 46d9855f..4d9aac04 100644 --- a/OSX/sec/Security/SecCertificatePath.h +++ b/OSX/sec/Security/SecCertificatePath.h @@ -51,7 +51,7 @@ SecCertificatePathRef SecCertificatePathCreate(SecCertificatePathRef path, SecCertificatePathRef SecCertificatePathCreateWithXPCArray(xpc_object_t xpc_path, CFErrorRef *error); /* Create a new certificate path from a CFArray of datas. */ -SecCertificatePathRef SecCertificatPathCreateDeserialized(CFArrayRef certificates, CFErrorRef *error); +SecCertificatePathRef SecCertificatePathCreateDeserialized(CFArrayRef certificates, CFErrorRef *error); /* Create an array of CFDataRefs from a certificate path. */ xpc_object_t SecCertificatePathCopyXPCArray(SecCertificatePathRef path, CFErrorRef *error); diff --git a/OSX/sec/Security/SecCertificatePriv.h b/OSX/sec/Security/SecCertificatePriv.h deleted file mode 100644 index 358e1b46..00000000 --- a/OSX/sec/Security/SecCertificatePriv.h +++ /dev/null @@ -1,293 +0,0 @@ -/* - * Copyright (c) 2006-2015 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecCertificatePriv - The functions provided in SecCertificatePriv.h implement and manage a particular - type of keychain item that represents a certificate. You can store a - certificate in a keychain, but a certificate can also be a transient - object. - - You can use a certificate as a keychain item in most functions. - Certificates are able to compute their parent certificates, and much more. -*/ - -#ifndef _SECURITY_SECCERTIFICATEPRIV_H_ -#define _SECURITY_SECCERTIFICATEPRIV_H_ - -#include -#include -#include -#include -#include -#include -#include -#include - -__BEGIN_DECLS - -typedef CF_OPTIONS(uint32_t, SecKeyUsage) { - kSecKeyUsageUnspecified = 0, - kSecKeyUsageDigitalSignature = 1 << 0, - kSecKeyUsageNonRepudiation = 1 << 1, - kSecKeyUsageContentCommitment= 1 << 1, - kSecKeyUsageKeyEncipherment = 1 << 2, - kSecKeyUsageDataEncipherment = 1 << 3, - kSecKeyUsageKeyAgreement = 1 << 4, - kSecKeyUsageKeyCertSign = 1 << 5, - kSecKeyUsageCRLSign = 1 << 6, - kSecKeyUsageEncipherOnly = 1 << 7, - kSecKeyUsageDecipherOnly = 1 << 8, - kSecKeyUsageCritical = 1 << 31, - kSecKeyUsageAll = 0x7FFFFFFF -}; - -typedef CF_ENUM(uint32_t, SecCertificateEscrowRootType) { - kSecCertificateBaselineEscrowRoot = 0, - kSecCertificateProductionEscrowRoot = 1, - kSecCertificateBaselinePCSEscrowRoot = 2, - kSecCertificateProductionPCSEscrowRoot = 3, - kSecCertificateBaselineEscrowBackupRoot = 4, // v100 and v101 - kSecCertificateProductionEscrowBackupRoot = 5, - kSecCertificateBaselineEscrowEnrollmentRoot = 6, // v101 only - kSecCertificateProductionEscrowEnrollmentRoot = 7, -}; - -/* The names of the files that contain the escrow certificates */ -extern const CFStringRef kSecCertificateProductionEscrowKey; -extern const CFStringRef kSecCertificateProductionPCSEscrowKey; -extern const CFStringRef kSecCertificateEscrowFileName; - - -/* Return a certificate for the DER representation of this certificate. - Return NULL if the passed-in data is not a valid DER-encoded X.509 - certificate. */ -SecCertificateRef SecCertificateCreateWithBytes(CFAllocatorRef allocator, - const UInt8 *bytes, CFIndex length); - -/* Return the length of the DER representation of this certificate. */ -CFIndex SecCertificateGetLength(SecCertificateRef certificate); - -/* Return the bytes of the DER representation of this certificate. */ -const UInt8 *SecCertificateGetBytePtr(SecCertificateRef certificate); - -// MARK: - -// MARK: Certificate Accessors - -CFDataRef SecCertificateGetSHA1Digest(SecCertificateRef certificate); - -CFDataRef SecCertificateCopyIssuerSHA1Digest(SecCertificateRef certificate); - -CFDataRef SecCertificateCopyPublicKeySHA1Digest(SecCertificateRef certificate); - -CFDataRef SecCertificateCopySubjectPublicKeyInfoSHA1Digest(SecCertificateRef certificate); - -CFDataRef SecCertificateCopySubjectPublicKeyInfoSHA256Digest(SecCertificateRef certificate); - -CFDataRef SecCertificateCopySHA256Digest(SecCertificateRef certificate); - -SecKeyRef SecCertificateCopyPublicKey(SecCertificateRef certificate); - -SecCertificateRef SecCertificateCreateWithKeychainItem(CFAllocatorRef allocator, - CFDataRef der_certificate, CFTypeRef keychainItem); - -OSStatus SecCertificateSetKeychainItem(SecCertificateRef certificate, - CFTypeRef keychain_item); - -CFTypeRef SecCertificateCopyKeychainItem(SecCertificateRef certificate); - -/*! - @function SecCertificateCopyIssuerSummary - @abstract Return a simple string which hopefully represents a human understandable issuer. - @param certificate SecCertificate object created with SecCertificateCreateWithData(). - @discussion All the data in this string comes from the certificate itself - and thus it's in whatever language the certificate itself is in. - @result A CFStringRef which the caller should CFRelease() once it's no longer needed. -*/ -CFStringRef SecCertificateCopyIssuerSummary(SecCertificateRef certificate); - -/*! - @function SecCertificateCopyProperties - @abstract Return a property array for this trust certificate. - @param certificate A reference to the certificate to evaluate. - @result A property array. It is the caller's responsability to CFRelease - the returned array when it is no longer needed. - See SecTrustCopySummaryPropertiesAtIndex on how to intepret this array. - Unlike that function call this function returns a detailed description - of the certificate in question. -*/ -CFArrayRef SecCertificateCopyProperties(SecCertificateRef certificate); - -CFMutableArrayRef SecCertificateCopySummaryProperties( - SecCertificateRef certificate, CFAbsoluteTime verifyTime); - -/* Return the content of a DER-encoded integer (without the tag and length - fields) for this certificate's serial number. The caller must CFRelease - the value returned. */ -#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) -CFDataRef SecCertificateCopySerialNumber(SecCertificateRef certificate, CFErrorRef *error); -#else -CFDataRef SecCertificateCopySerialNumber(SecCertificateRef certificate); -#endif - -/* Return the content of a DER encoded X.501 name (without the tag and length - fields) for the receiving certificates issuer. */ -CFDataRef SecCertificateGetNormalizedIssuerContent(SecCertificateRef certificate); - -/* Return the content of a DER encoded X.501 name (without the tag and length - fields) for the receiving certificates subject. */ -CFDataRef SecCertificateGetNormalizedSubjectContent(SecCertificateRef certificate); - -/* Return an array of CFStringRefs representing the ip addresses in the - certificate if any. */ -CFArrayRef SecCertificateCopyIPAddresses(SecCertificateRef certificate); - -/* Return an array of CFStringRefs representing the dns addresses in the - certificate if any. */ -CFArrayRef SecCertificateCopyDNSNames(SecCertificateRef certificate); - -/* Return an array of CFStringRefs representing the email addresses in the - certificate if any. */ -CFArrayRef SecCertificateCopyRFC822Names(SecCertificateRef certificate); - -/* Return an array of CFStringRefs representing the common names in the - certificates subject if any. */ -CFArrayRef SecCertificateCopyCommonNames(SecCertificateRef certificate); - -/* Return an array of CFStringRefs representing the organization in the - certificate's subject if any. */ -CFArrayRef SecCertificateCopyOrganization(SecCertificateRef certificate); - -/* Return an array of CFStringRefs representing the organizational unit in the - certificate's subject if any. */ -CFArrayRef SecCertificateCopyOrganizationalUnit(SecCertificateRef certificate); - -/* Return an array of CFStringRefs representing the NTPrincipalNames in the - certificate if any. */ -CFArrayRef SecCertificateCopyNTPrincipalNames(SecCertificateRef certificate); - -/* Return a string formatted according to RFC 2253 representing the complete - subject of certificate. */ -CFStringRef SecCertificateCopySubjectString(SecCertificateRef certificate); - -/* Return a string with the company name of an ev leaf certificate. */ -CFStringRef SecCertificateCopyCompanyName(SecCertificateRef certificate); - -/* X.509 Certificate Version: 1, 2 or 3. */ -CFIndex SecCertificateVersion(SecCertificateRef certificate); -CFAbsoluteTime SecCertificateNotValidBefore(SecCertificateRef certificate); -CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRef certificate); - -/* Return true in isSelfSigned output parameter if certificate is self-signed. - Function result is a non-zero status if the answer cannot be determined - (e.g. certRef is invalid), otherwise errSecSuccess. */ -OSStatus SecCertificateIsSelfSigned(SecCertificateRef certRef, Boolean *isSelfSigned); - -/* Return true iff certificate is self signed and has a basic constraints - extension indicating that it's a certificate authority. */ -bool SecCertificateIsSelfSignedCA(SecCertificateRef certificate); - -/* Return true if certificate has a basic constraints extension - indicating that it's a certificate authority. */ -bool SecCertificateIsCA(SecCertificateRef certificate); - -SecKeyUsage SecCertificateGetKeyUsage(SecCertificateRef certificate); - -/* Returns an array of CFDataRefs for all extended key usage oids or NULL */ -CFArrayRef SecCertificateCopyExtendedKeyUsage(SecCertificateRef certificate); - -/* Returns an array of CFDataRefs for all embedded SCTs */ -CFArrayRef SecCertificateCopySignedCertificateTimestamps(SecCertificateRef certificate); - -/* Returns a certificate from a pem blob */ -SecCertificateRef SecCertificateCreateWithPEM(CFAllocatorRef allocator, - CFDataRef pem_certificate); - -/* Append certificate to xpc_certificates. */ -bool SecCertificateAppendToXPCArray(SecCertificateRef certificate, xpc_object_t xpc_certificates, CFErrorRef *error); - -/* Decode certificate from xpc_certificates[index] as encoded by SecCertificateAppendToXPCArray(). */ -SecCertificateRef SecCertificateCreateWithXPCArrayAtIndex(xpc_object_t xpc_certificates, size_t index, CFErrorRef *error); - -/* Retrieve the array of valid Escrow certificates for a given root type */ -CFArrayRef SecCertificateCopyEscrowRoots(SecCertificateEscrowRootType escrowRootType); - -/* Return an xpc_array of data from an array of SecCertificateRefs. */ -xpc_object_t SecCertificateArrayCopyXPCArray(CFArrayRef certificates, CFErrorRef *error); - -/* Return an array of SecCertificateRefs from a xpc_object array of datas. */ -CFArrayRef SecCertificateXPCArrayCopyArray(xpc_object_t xpc_certificates, CFErrorRef *error); - -/* Return the precert TBSCertificate DER data - used for Certificate Transparency */ -CFDataRef SecCertificateCopyPrecertTBS(SecCertificateRef certificate); - -/* Return an attribute dictionary used to store this item in a keychain. */ -CFDictionaryRef SecCertificateCopyAttributeDictionary(SecCertificateRef certificate); - -/* - * Enumerated constants for signature hash algorithms. - */ -typedef CF_ENUM(uint32_t, SecSignatureHashAlgorithm){ - kSecSignatureHashAlgorithmUnknown = 0, - kSecSignatureHashAlgorithmMD2 = 1, - kSecSignatureHashAlgorithmMD4 = 2, - kSecSignatureHashAlgorithmMD5 = 3, - kSecSignatureHashAlgorithmSHA1 = 4, - kSecSignatureHashAlgorithmSHA224 = 5, - kSecSignatureHashAlgorithmSHA256 = 6, - kSecSignatureHashAlgorithmSHA384 = 7, - kSecSignatureHashAlgorithmSHA512 = 8 -}; - -/*! - @function SecCertificateGetSignatureHashAlgorithm - @abstract Determine the hash algorithm used in a certificate's signature. - @param certificate A certificate reference. - @result Returns an enumerated value indicating the signature hash algorithm - used in a certificate. If the hash algorithm is unsupported or cannot be - obtained (e.g. because the supplied certificate reference is invalid), a - value of 0 (kSecSignatureHashAlgorithmUnknown) is returned. -*/ -SecSignatureHashAlgorithm SecCertificateGetSignatureHashAlgorithm(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); - -/* Return the auth capabilities bitmask from the iAP marker extension */ -CF_RETURNS_RETAINED CFDataRef SecCertificateCopyiAPAuthCapabilities(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); - -typedef CF_ENUM(uint32_t, SeciAuthVersion) { - kSeciAuthInvalid = 0, - kSeciAuthVersion1 = 1, /* unused */ - kSeciAuthVersion2 = 2, - kSeciAuthVersion3 = 3, -} __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); - -/* Return the iAuth version indicated by the certificate. This function does - * not guarantee that the certificate is valid, so the caller must still call - * SecTrustEvaluate to guarantee that the certificate was properly issued */ -SeciAuthVersion SecCertificateGetiAuthVersion(SecCertificateRef certificate) - __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); - -__END_DECLS - -#endif /* !_SECURITY_SECCERTIFICATEPRIV_H_ */ diff --git a/OSX/sec/Security/SecCertificateRequest.c b/OSX/sec/Security/SecCertificateRequest.c index 9f598a15..330fdecb 100644 --- a/OSX/sec/Security/SecCertificateRequest.c +++ b/OSX/sec/Security/SecCertificateRequest.c @@ -55,6 +55,10 @@ OSStatus SecCmsArraySortByDER(void **objs, const SecAsn1Template *objtemplate, v #include #include +#if TARGET_OS_IPHONE +#include +#endif + #include #include @@ -675,8 +679,9 @@ CFDataRef SecGenerateCertificateRequestWithParameters(SecRDN *subject, CFDictionaryRef parameters, SecKeyRef publicKey, SecKeyRef privateKey) { CFDataRef csr = NULL; + CFDataRef publicKeyData= NULL; + uint8_t *signature = NULL, *spki_params = NULL; PRArenaPool *poolp = PORT_NewArena(1024); - CFDictionaryRef pubkey_attrs = NULL; if (!poolp) return NULL; @@ -724,17 +729,43 @@ CFDataRef SecGenerateCertificateRequestWithParameters(SecRDN *subject, certReq.reqInfo.subject.rdns = rdnps; /* public key info */ - certReq.reqInfo.subjectPublicKeyInfo.algorithm.algorithm.Length = oidRsa.length; - certReq.reqInfo.subjectPublicKeyInfo.algorithm.algorithm.Data = oidRsa.data; - certReq.reqInfo.subjectPublicKeyInfo.algorithm.parameters = asn1_null; - - pubkey_attrs = SecKeyCopyAttributeDictionary(publicKey); - CFDataRef pkcs1_pubkey = (CFDataRef)CFDictionaryGetValue(pubkey_attrs, kSecValueData); - uint8_t signature[8 * CFDataGetLength(pkcs1_pubkey)]; - size_t signature_length = sizeof(signature); + if (SecKeyGetAlgorithmId(publicKey) == kSecRSAAlgorithmID) { + certReq.reqInfo.subjectPublicKeyInfo.algorithm.algorithm.Length = oidRsa.length; + certReq.reqInfo.subjectPublicKeyInfo.algorithm.algorithm.Data = oidRsa.data; + certReq.reqInfo.subjectPublicKeyInfo.algorithm.parameters = asn1_null; + } else if (SecKeyGetAlgorithmId(publicKey) == kSecECDSAAlgorithmID) { + certReq.reqInfo.subjectPublicKeyInfo.algorithm.algorithm.Length = oidEcPubKey.length; + certReq.reqInfo.subjectPublicKeyInfo.algorithm.algorithm.Data = oidEcPubKey.data; + size_t parameters_size = 0; + SecECNamedCurve namedCurve = SecECKeyGetNamedCurve(publicKey); + switch (namedCurve) { + case kSecECCurveSecp256r1: + parameters_size = oidEcPrime256v1.length + 2; + spki_params = malloc(parameters_size); + memcpy(spki_params + 2, oidEcPrime256v1.data, oidEcPrime256v1.length); + break; + case kSecECCurveSecp384r1: + parameters_size = oidAnsip384r1.length + 2; + spki_params = malloc(parameters_size); + memcpy(spki_params + 2, oidAnsip384r1.data, oidAnsip384r1.length); + break; + case kSecECCurveSecp521r1: + parameters_size = oidAnsip521r1.length + 2; + spki_params = malloc(parameters_size); + memcpy(spki_params + 2, oidAnsip521r1.data, oidAnsip521r1.length); + break; + default: + goto out; + } + spki_params[0] = 0x06; + spki_params[1] = (uint8_t)(parameters_size - 2); + certReq.reqInfo.subjectPublicKeyInfo.algorithm.parameters.Length = parameters_size; + certReq.reqInfo.subjectPublicKeyInfo.algorithm.parameters.Data = spki_params; + } - certReq.reqInfo.subjectPublicKeyInfo.subjectPublicKey.Length = 8 * CFDataGetLength(pkcs1_pubkey); - certReq.reqInfo.subjectPublicKeyInfo.subjectPublicKey.Data = (uint8_t*)CFDataGetBytePtr(pkcs1_pubkey); + publicKeyData = SecKeyCopyExternalRepresentation(publicKey, NULL); + certReq.reqInfo.subjectPublicKeyInfo.subjectPublicKey.Length = 8 * CFDataGetLength(publicKeyData); + certReq.reqInfo.subjectPublicKeyInfo.subjectPublicKey.Data = (uint8_t*)CFDataGetBytePtr(publicKeyData); certReq.reqInfo.attributes = nss_attributes_from_parameters_dict(poolp, parameters); SecCmsArraySortByDER((void **)certReq.reqInfo.attributes, kSecAsn1AttributeTemplate, NULL); @@ -743,18 +774,49 @@ CFDataRef SecGenerateCertificateRequestWithParameters(SecRDN *subject, SecAsn1Item reqinfo = {}; SEC_ASN1EncodeItem(poolp, &reqinfo, &certReq.reqInfo, kSecAsn1CertRequestInfoTemplate); - /* calculate signature */ - uint8_t reqinfo_hash[CC_SHA1_DIGEST_LENGTH]; - CCDigest(kCCDigestSHA1, reqinfo.Data, (CC_LONG)reqinfo.Length, reqinfo_hash); - require_noerr_quiet(SecKeyRawSign(privateKey, kSecPaddingPKCS1SHA1, - reqinfo_hash, sizeof(reqinfo_hash), signature, &signature_length), out); - - /* signature and info */ - certReq.signatureAlgorithm.algorithm.Length = oidSha1Rsa.length; - certReq.signatureAlgorithm.algorithm.Data = oidSha1Rsa.data; - certReq.signatureAlgorithm.parameters = asn1_null; - certReq.signature.Data = signature; - certReq.signature.Length = signature_length * 8; + /* Use SHA-1 for RSA for backwards compatbility. */ + if (SecKeyGetAlgorithmId(privateKey) == kSecRSAAlgorithmID) { + /* calculate signature */ + uint8_t reqinfo_hash[CC_SHA1_DIGEST_LENGTH]; + CCDigest(kCCDigestSHA1, reqinfo.Data, (CC_LONG)reqinfo.Length, reqinfo_hash); + CFDataRef digest = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, reqinfo_hash, CC_SHA1_DIGEST_LENGTH, kCFAllocatorNull); + CFDataRef sigData = SecKeyCreateSignature(privateKey, kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1, + digest, nil); + CFReleaseNull(digest); + require_quiet(sigData, out); + size_t signature_length = (size_t)CFDataGetLength(sigData); + signature = malloc(signature_length); + memcpy(signature, CFDataGetBytePtr(sigData), CFDataGetLength(sigData)); + CFReleaseNull(sigData); + + /* signature and info */ + certReq.signatureAlgorithm.algorithm.Length = oidSha1Rsa.length; + certReq.signatureAlgorithm.algorithm.Data = oidSha1Rsa.data; + certReq.signatureAlgorithm.parameters = asn1_null; + certReq.signature.Data = signature; + certReq.signature.Length = signature_length * 8; + } else if (SecKeyGetAlgorithmId(privateKey) == kSecECDSAAlgorithmID) { + /* calculate signature */ + uint8_t reqinfo_hash[CC_SHA256_DIGEST_LENGTH]; + CCDigest(kCCDigestSHA256, reqinfo.Data, (CC_LONG)reqinfo.Length, reqinfo_hash); + CFDataRef digest = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, reqinfo_hash, CC_SHA256_DIGEST_LENGTH, kCFAllocatorNull); + CFDataRef sigData = SecKeyCreateSignature(privateKey, kSecKeyAlgorithmECDSASignatureDigestX962SHA256, + digest, nil); + CFReleaseNull(digest); + require_quiet(sigData, out); + size_t signature_length = (size_t)CFDataGetLength(sigData); + signature = malloc(signature_length); + memcpy(signature, CFDataGetBytePtr(sigData), CFDataGetLength(sigData)); + CFReleaseNull(sigData); + + /* signature and info */ + certReq.signatureAlgorithm.algorithm.Length = oidSha256Ecdsa.length; + certReq.signatureAlgorithm.algorithm.Data = oidSha256Ecdsa.data; + certReq.signatureAlgorithm.parameters.Data = NULL; + certReq.signatureAlgorithm.parameters.Length = 0; + certReq.signature.Data = signature; + certReq.signature.Length = signature_length * 8; + } /* encode csr */ SecAsn1Item cert_request = {}; @@ -765,7 +827,9 @@ CFDataRef SecGenerateCertificateRequestWithParameters(SecRDN *subject, out: if (poolp) PORT_FreeArena(poolp, PR_TRUE); - CFReleaseSafe(pubkey_attrs); + if (signature) { free(signature); } + if (spki_params) { free(spki_params); } + CFReleaseSafe(publicKeyData); return csr; } @@ -775,6 +839,7 @@ CFDataRef SecGenerateCertificateRequest(CFArrayRef subject, CFDataRef csr = NULL; PRArenaPool *poolp = PORT_NewArena(1024); CFDictionaryRef pubkey_attrs = NULL; + uint8_t *signature = NULL; if (!poolp) return NULL; @@ -797,8 +862,6 @@ CFDataRef SecGenerateCertificateRequest(CFArrayRef subject, pubkey_attrs = SecKeyCopyAttributeDictionary(publicKey); CFDataRef pkcs1_pubkey = (CFDataRef)CFDictionaryGetValue(pubkey_attrs, kSecValueData); - uint8_t signature[8 * CFDataGetLength(pkcs1_pubkey)]; - size_t signature_length = sizeof(signature); certReq.reqInfo.subjectPublicKeyInfo.subjectPublicKey.Length = 8 * CFDataGetLength(pkcs1_pubkey); certReq.reqInfo.subjectPublicKeyInfo.subjectPublicKey.Data = (uint8_t*)CFDataGetBytePtr(pkcs1_pubkey); @@ -813,9 +876,16 @@ CFDataRef SecGenerateCertificateRequest(CFArrayRef subject, /* calculate signature */ uint8_t reqinfo_hash[CC_SHA1_DIGEST_LENGTH]; CCDigest(kCCDigestSHA1, reqinfo.Data, reqinfo.Length, reqinfo_hash); - require_noerr_quiet(SecKeyRawSign(privateKey, kSecPaddingPKCS1SHA1, - reqinfo_hash, sizeof(reqinfo_hash), signature, &signature_length), out); - + CFDataRef digest = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, reqinfo_hash, CC_SHA1_DIGEST_LENGTH, kCFAllocatorNull); + CFDataRef sigData = SecKeyCreateSignature(privateKey, kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1, + digest, nil); + CFReleaseNull(digest); + require_quiet(sigData, out); + size_t signature_length = (size_t)CFDataGetLength(sigData); + signature = malloc(signature_length); + memcpy(signature, CFDataGetBytePtr(sigData), CFDataGetLength(sigData)); + CFReleaseNull(sigData); + /* signature and info */ certReq.signatureAlgorithm.algorithm.Length = oidSha1Rsa.length; certReq.signatureAlgorithm.algorithm.Data = oidSha1Rsa.data; @@ -833,6 +903,7 @@ out: if (poolp) PORT_FreeArena(poolp, PR_TRUE); CFReleaseSafe(pubkey_attrs); + if (signature) { free(signature); } return csr; } @@ -841,6 +912,8 @@ bool SecVerifyCertificateRequest(CFDataRef csr, SecKeyRef *publicKey, { PRArenaPool *poolp = PORT_NewArena(1024); SecKeyRef candidatePublicKey = NULL; + CFMutableDictionaryRef keyAttrs = NULL; + CFDataRef keyData = NULL, hash = NULL, signature = NULL; bool valid = false; NSSCertRequest certReq; memset(&certReq, 0, sizeof(certReq)); @@ -849,11 +922,16 @@ bool SecVerifyCertificateRequest(CFDataRef csr, SecKeyRef *publicKey, &csr_item), out); /* signature and info */ - require(certReq.signatureAlgorithm.algorithm.Length == oidSha1Rsa.length, out); - require_noerr(memcmp(oidSha1Rsa.data, certReq.signatureAlgorithm.algorithm.Data, - oidSha1Rsa.length), out); - require(certReq.signatureAlgorithm.parameters.Length == asn1_null.Length, out); - require_noerr(memcmp(asn1_null.Data, certReq.signatureAlgorithm.parameters.Data, + require(certReq.signatureAlgorithm.algorithm.Length == oidSha1Rsa.length || + certReq.signatureAlgorithm.algorithm.Length == oidSha256Ecdsa.length, out); + require(0 == memcmp(oidSha1Rsa.data, certReq.signatureAlgorithm.algorithm.Data, + oidSha1Rsa.length) || + 0 == memcmp(oidSha256Ecdsa.data, certReq.signatureAlgorithm.algorithm.Data, + oidSha256Ecdsa.length), out); + require(certReq.signatureAlgorithm.parameters.Length == asn1_null.Length || + certReq.signatureAlgorithm.parameters.Length == 0, out); + require(certReq.signatureAlgorithm.parameters.Length == 0 || + 0 == memcmp(asn1_null.Data, certReq.signatureAlgorithm.parameters.Data, asn1_null.Length), out); /* encode request info by itself to calculate signature */ @@ -861,20 +939,48 @@ bool SecVerifyCertificateRequest(CFDataRef csr, SecKeyRef *publicKey, SEC_ASN1EncodeItem(poolp, &reqinfo, &certReq.reqInfo, kSecAsn1CertRequestInfoTemplate); /* calculate signature */ - uint8_t reqinfo_hash[CC_SHA1_DIGEST_LENGTH]; - require(reqinfo.Length<=UINT32_MAX, out); - CCDigest(kCCDigestSHA1, reqinfo.Data, (CC_LONG)reqinfo.Length, reqinfo_hash); + uint8_t reqinfo_hash[CC_SHA256_DIGEST_LENGTH]; + CFIndex hash_size = 0; + if (0 == memcmp(oidSha1Rsa.data, certReq.signatureAlgorithm.algorithm.Data, + oidSha1Rsa.length)) { + require(reqinfo.Length<=UINT32_MAX, out); + CCDigest(kCCDigestSHA1, reqinfo.Data, (CC_LONG)reqinfo.Length, reqinfo_hash); + hash_size = CC_SHA1_DIGEST_LENGTH; + } else { + require(reqinfo.Length<=UINT32_MAX, out); + CCDigest(kCCDigestSHA256, reqinfo.Data, (CC_LONG)reqinfo.Length, reqinfo_hash); + hash_size = CC_SHA256_DIGEST_LENGTH; + } /* @@@ check for version 0 */ + SecKeyAlgorithm alg = NULL; + if (certReq.reqInfo.subjectPublicKeyInfo.algorithm.algorithm.Length == oidRsa.length && + 0 == memcmp(oidRsa.data, certReq.reqInfo.subjectPublicKeyInfo.algorithm.algorithm.Data, oidRsa.length)) { + require(candidatePublicKey = SecKeyCreateRSAPublicKey(kCFAllocatorDefault, + certReq.reqInfo.subjectPublicKeyInfo.subjectPublicKey.Data, + certReq.reqInfo.subjectPublicKeyInfo.subjectPublicKey.Length / 8, + kSecKeyEncodingPkcs1), out); + alg = kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1; + } else if (certReq.reqInfo.subjectPublicKeyInfo.algorithm.algorithm.Length == oidEcPubKey.length && + 0 == memcmp(oidEcPubKey.data, certReq.reqInfo.subjectPublicKeyInfo.algorithm.algorithm.Data, oidEcPubKey.length)) { + keyData = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, + certReq.reqInfo.subjectPublicKeyInfo.subjectPublicKey.Data, + certReq.reqInfo.subjectPublicKeyInfo.subjectPublicKey.Length / 8, + kCFAllocatorNull); + keyAttrs = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, + &kCFTypeDictionaryValueCallBacks); + CFDictionaryAddValue(keyAttrs, kSecAttrKeyType, kSecAttrKeyTypeECSECPrimeRandom); + CFDictionaryAddValue(keyAttrs, kSecAttrKeyClass, kSecAttrKeyClassPublic); + require(candidatePublicKey = SecKeyCreateWithData(keyData, keyAttrs, NULL), + out); + alg = kSecKeyAlgorithmECDSASignatureDigestX962SHA256; + } else { + goto out; + } - require(candidatePublicKey = SecKeyCreateRSAPublicKey(kCFAllocatorDefault, - certReq.reqInfo.subjectPublicKeyInfo.subjectPublicKey.Data, - certReq.reqInfo.subjectPublicKeyInfo.subjectPublicKey.Length / 8, - kSecKeyEncodingPkcs1), out); - - require_noerr_quiet(SecKeyRawVerify(candidatePublicKey, kSecPaddingPKCS1SHA1, - reqinfo_hash, sizeof(reqinfo_hash), - certReq.signature.Data, certReq.signature.Length / 8), out); + hash = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, reqinfo_hash, hash_size, kCFAllocatorNull); + signature = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, certReq.signature.Data, certReq.signature.Length / 8, kCFAllocatorNull); + require_quiet(SecKeyVerifySignature(candidatePublicKey, alg, hash, signature, NULL), out); SecAsn1Item subject_item = { 0 }, extensions_item = { 0 }, challenge_item = { 0 }; require_quiet(SEC_ASN1EncodeItem(poolp, &subject_item, @@ -914,6 +1020,10 @@ bool SecVerifyCertificateRequest(CFDataRef csr, SecKeyRef *publicKey, valid = true; out: CFReleaseSafe(candidatePublicKey); + CFReleaseNull(keyAttrs); + CFReleaseNull(keyData); + CFReleaseNull(hash); + CFReleaseNull(signature); if (poolp) PORT_FreeArena(poolp, PR_TRUE); return valid; @@ -971,6 +1081,8 @@ SecGenerateSelfSignedCertificate(CFArrayRef subject, CFDictionaryRef parameters, SecCertificateRef cert = NULL; PRArenaPool *poolp = PORT_NewArena(1024); CFDictionaryRef pubkey_attrs = NULL; + CFDataRef publicKeyData = NULL; + uint8_t *signature = NULL; if (!poolp) return NULL; @@ -1007,9 +1119,9 @@ SecGenerateSelfSignedCertificate(CFArrayRef subject, CFDictionaryRef parameters, cert_tmpl.tbs.subjectPublicKeyInfo.algorithm.algorithm = CSSMOID_RSA; cert_tmpl.tbs.subjectPublicKeyInfo.algorithm.parameters = asn1_null; - CFDataRef pkcs1_pubkey = (CFDataRef)CFDictionaryGetValue(pubkey_attrs, kSecValueData); - cert_tmpl.tbs.subjectPublicKeyInfo.subjectPublicKey.Length = 8 * CFDataGetLength(pkcs1_pubkey); - cert_tmpl.tbs.subjectPublicKeyInfo.subjectPublicKey.Data = (uint8_t*)CFDataGetBytePtr(pkcs1_pubkey); + publicKeyData = SecKeyCopyExternalRepresentation(publicKey, NULL); + cert_tmpl.tbs.subjectPublicKeyInfo.subjectPublicKey.Length = 8 * CFDataGetLength(publicKeyData); + cert_tmpl.tbs.subjectPublicKeyInfo.subjectPublicKey.Data = (uint8_t*)CFDataGetBytePtr(publicKeyData); /* signature algorithm */ cert_tmpl.tbs.signature.algorithm = CSSMOID_SHA1WithRSA; @@ -1024,10 +1136,15 @@ SecGenerateSelfSignedCertificate(CFArrayRef subject, CFDictionaryRef parameters, /* calculate signature */ uint8_t tbscert_hash[CC_SHA1_DIGEST_LENGTH]; CCDigest(kCCDigestSHA1, tbscert.Data, tbscert.Length, tbscert_hash); - uint8_t signature[8 * CFDataGetLength(pkcs1_pubkey)]; - size_t signature_length = sizeof(signature); - require_noerr_quiet(SecKeyRawSign(privateKey, kSecPaddingPKCS1SHA1, - tbscert_hash, sizeof(tbscert_hash), signature, &signature_length), out); + CFDataRef digest = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, tbscert_hash, CC_SHA1_DIGEST_LENGTH, kCFAllocatorNull); + CFDataRef sigData = SecKeyCreateSignature(privateKey, kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1, + digest, NULL); + CFReleaseNull(digest); + require_quiet(sigData, out); + size_t signature_length = (size_t)CFDataGetLength(sigData); + signature = malloc(signature_length); + memcpy(signature, CFDataGetBytePtr(sigData), CFDataGetLength(sigData)); + CFReleaseNull(sigData); /* signature */ cert_tmpl.signature.Data = signature; @@ -1044,6 +1161,8 @@ out: if (poolp) PORT_FreeArena(poolp, PR_TRUE); CFReleaseSafe(pubkey_attrs); + CFReleaseNull(publicKeyData); + if (signature) { free(signature); } return cert; } @@ -1054,6 +1173,7 @@ SecIdentitySignCertificate(SecIdentityRef issuer, CFDataRef serialno, { SecCertificateRef cert = NULL; SecKeyRef privateKey = NULL; + uint8_t *signature = NULL; PRArenaPool *poolp = PORT_NewArena(1024); CFDictionaryRef pubkey_attrs = NULL; @@ -1131,12 +1251,17 @@ SecIdentitySignCertificate(SecIdentityRef issuer, CFDataRef serialno, /* calculate signature */ uint8_t tbscert_hash[CC_SHA1_DIGEST_LENGTH]; CCDigest(kCCDigestSHA1, tbscert.Data, tbscert.Length, tbscert_hash); - uint8_t signature[8 * CFDataGetLength(pkcs1_pubkey)]; - size_t signature_length = sizeof(signature); require_noerr_quiet(SecIdentityCopyPrivateKey(issuer, &privateKey), out); - require_noerr_quiet(SecKeyRawSign(privateKey, kSecPaddingPKCS1SHA1, - tbscert_hash, sizeof(tbscert_hash), signature, &signature_length), out); + CFDataRef digest = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, tbscert_hash, CC_SHA1_DIGEST_LENGTH, kCFAllocatorNull); + CFDataRef sigData = SecKeyCreateSignature(privateKey, kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1, + digest, NULL); + CFReleaseNull(digest); + require_quiet(sigData, out); + size_t signature_length = (size_t)CFDataGetLength(sigData); + signature = malloc(signature_length); + memcpy(signature, CFDataGetBytePtr(sigData), CFDataGetLength(sigData)); + CFReleaseNull(sigData); /* signature */ cert_tmpl.signature.Data = signature; @@ -1154,6 +1279,7 @@ out: if (poolp) PORT_FreeArena(poolp, PR_TRUE); CFReleaseSafe(pubkey_attrs); + if (signature) { free(signature); } return cert; } diff --git a/OSX/sec/Security/SecCertificateRequest.h b/OSX/sec/Security/SecCertificateRequest.h deleted file mode 100644 index 61f32bc3..00000000 --- a/OSX/sec/Security/SecCertificateRequest.h +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright (c) 2008-2009,2012-2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecCertificateRequest -*/ - -#ifndef _SECURITY_SECCERTIFICATEREQUEST_H_ -#define _SECURITY_SECCERTIFICATEREQUEST_H_ - -#include -#include - -__BEGIN_DECLS - -extern const void * kSecOidCommonName; -extern const void * kSecOidCountryName; -extern const void * kSecOidStateProvinceName; -extern const void * kSecOidLocalityName; -extern const void * kSecOidOrganization; -extern const void * kSecOidOrganizationalUnit; - -extern const unsigned char SecASN1PrintableString; -extern const unsigned char SecASN1UTF8String; - -/* - Parameter keys for certificate request generation: - @param kSecCSRChallengePassword CFStringRef - conversion to PrintableString or UTF8String needs to be possible. - @param kSecCertificateKeyUsage CFNumberRef - with key usage mask using kSecKeyUsage constants. - @param kSecSubjectAltName CFArrayRef of CFStringRef or CFDataRef - either dnsName or emailAddress (if contains @) or - ipAddress, ipv4 (4) or ipv6 (16) bytes - @param kSecCSRBasicContraintsPathLen CFNumberRef - if set will include basic constraints and mark it as - a CA cert. If 0 <= number < 256, specifies path length, otherwise - path length will be omitted. Basic contraints will always be - marked critical. - @param kSecCertificateExtensions CFDictionaryRef - if set all keys (strings with oids in dotted notation) will be added - as extensions with accompanying value in binary (CFDataRef) or - appropriate string (CFStringRef) type (based on used character set). - @param kSecCertificateExtensionsEncoded CFDictionaryRef - if set all keys (strings with oids in dotted notation) will be added - as extensions with accompanying value. It is assumed that the value - is a CFDataRef and is already properly encoded. This value will be - placed straight into the extension value OCTET STRING. -*/ -extern const void * kSecCSRChallengePassword; -extern const void * kSecSubjectAltName; -extern const void * kSecCertificateKeyUsage; -extern const void * kSecCSRBasicContraintsPathLen; -extern const void * kSecCertificateExtensions; -extern const void * kSecCertificateExtensionsEncoded; - -typedef struct { - const void *oid; /* kSecOid constant or CFDataRef with oid */ - unsigned char type; /* currently only SecASN1PrintableString */ - CFTypeRef value; /* CFStringRef -> ASCII, UTF8, CFDataRef -> binary */ -} SecATV; - -typedef SecATV *SecRDN; - -/* - @function SecGenerateCertificateRequest - @abstract Return a newly generated CSR for subject and keypair. - @param subject RDNs in the subject - @param num Number of RDNs - @param publicKey Public key - @param privateKey Private key - @discussion only handles RSA keypairs and uses a SHA-1 PKCS1 signature - @result On success, a newly allocated CSR, otherwise NULL - -Example for subject: - SecATV cn[] = { { kSecOidCommonName, SecASN1PrintableString, CFSTR("test") }, {} }; - SecATV c[] = { { kSecOidCountryName, SecASN1PrintableString, CFSTR("US") }, {} }; - SecATV o[] = { { kSecOidOrganization, SecASN1PrintableString, CFSTR("Apple Inc.") }, {} }; - SecRDN atvs[] = { cn, c, o, NULL }; -*/ -CFDataRef SecGenerateCertificateRequestWithParameters(SecRDN *subject, - CFDictionaryRef parameters, SecKeyRef publicKey, SecKeyRef privateKey) CF_RETURNS_RETAINED; - -CFDataRef SecGenerateCertificateRequest(CFArrayRef subject, - CFDictionaryRef parameters, SecKeyRef publicKey, SecKeyRef privateKey) CF_RETURNS_RETAINED; - -/* - @function SecVerifyCertificateRequest - @abstract validate a CSR and return contained information to certify - @param publicKey (optional/out) SecKeyRef public key to certify - @param challenge (optional/out) CFStringRef enclosed challenge - @param subject (optional/out) encoded subject RDNs - @param extensions (optional/out) encoded extensions -*/ -bool SecVerifyCertificateRequest(CFDataRef csr, SecKeyRef *publicKey, - CFStringRef *challenge, CFDataRef *subject, CFDataRef *extensions); - -SecCertificateRef -SecGenerateSelfSignedCertificate(CFArrayRef subject, CFDictionaryRef parameters, - SecKeyRef publicKey, SecKeyRef privateKey); - -SecCertificateRef -SecIdentitySignCertificate(SecIdentityRef issuer, CFDataRef serialno, - SecKeyRef publicKey, CFTypeRef subject, CFTypeRef extensions); - - -/* PRIVATE */ - -CF_RETURNS_RETAINED -CFDataRef -SecGenerateCertificateRequestSubject(SecCertificateRef ca_certificate, CFArrayRef subject); - -__END_DECLS - -#endif /* _SECURITY_SECCERTIFICATEREQUEST_H_ */ diff --git a/OSX/sec/Security/SecECKey.c b/OSX/sec/Security/SecECKey.c index 118e87af..7c1ab2b3 100644 --- a/OSX/sec/Security/SecECKey.c +++ b/OSX/sec/Security/SecECKey.c @@ -376,7 +376,7 @@ static CFDataRef SecECKeyCopyWrapKey(SecKeyRef key, SecKeyWrapType type, CFDataR num = CFDictionaryGetValue(parameters, _kSecKeyWrapRFC6637Flags); if (isNumber(num)) { - if (!CFNumberGetValue(num, kCFNumberLongType, &flags)) { + if (!CFNumberGetValue(num, kCFNumberSInt32Type, &flags)) { SecError(errSecUnsupportedOperation, error, CFSTR("invalid flags: %@"), num); return NULL; } @@ -814,7 +814,7 @@ SecECNamedCurve SecECKeyGetNamedCurve(SecKeyRef key) { require_quiet(SecKeyGetAlgorithmId(key) == kSecECDSAAlgorithmID, out); require_quiet(attributes = SecKeyCopyAttributes(key), out); CFTypeRef bitsRef = CFDictionaryGetValue(attributes, kSecAttrKeySizeInBits); - CFIndex bits; + CFIndex bits = 0; require_quiet(bitsRef != NULL && CFGetTypeID(bitsRef) == CFNumberGetTypeID() && CFNumberGetValue(bitsRef, kCFNumberCFIndexType, &bits), out); switch (bits) { diff --git a/OSX/sec/Security/SecECKey.h b/OSX/sec/Security/SecECKey.h index 27df9ffc..a5da19eb 100644 --- a/OSX/sec/Security/SecECKey.h +++ b/OSX/sec/Security/SecECKey.h @@ -30,6 +30,7 @@ #ifndef _SECURITY_SECECKEY_H_ #define _SECURITY_SECECKEY_H_ +#include #include #include #include @@ -59,6 +60,7 @@ SecKeyRef SecKeyCreateECPrivateKey(CFAllocatorRef allocator, const uint8_t *keyData, CFIndex keyDataLength, SecKeyEncoding encoding); +#if SEC_OS_IPHONE_INCLUDES /* These are the named curves we support. These values come from RFC 4492 section 5.1.1, with the exception of SSL_Curve_None which means "ECDSA not negotiated". */ @@ -73,6 +75,7 @@ typedef enum /* Return a named curve enum for ecPrivateKey. */ SecECNamedCurve SecECKeyGetNamedCurve(SecKeyRef ecPrivateKey); CFDataRef SecECKeyCopyPublicBits(SecKeyRef key); +#endif __END_DECLS diff --git a/OSX/sec/Security/SecEMCS.m b/OSX/sec/Security/SecEMCS.m index 234dc087..e22cb7c5 100644 --- a/OSX/sec/Security/SecEMCS.m +++ b/OSX/sec/Security/SecEMCS.m @@ -211,7 +211,7 @@ SecEMCSCreateNewiDMSKey(NSDictionary *options, *emcsKey = NULL; if (oldEMCSKey) { - if (CFGetTypeID(oldEMCSKey) != CFDataGetTypeID()) + if (CFGetTypeID((__bridge CFTypeRef)(oldEMCSKey)) != CFDataGetTypeID()) return NULL; if (CFDataGetLength((__bridge CFDataRef)oldEMCSKey) != KEY_LENGTH) return NULL; diff --git a/OSX/sec/Security/SecExports.exp-in b/OSX/sec/Security/SecExports.exp-in index 7511598e..0a85fdd6 100644 --- a/OSX/sec/Security/SecExports.exp-in +++ b/OSX/sec/Security/SecExports.exp-in @@ -33,19 +33,24 @@ _SecPasswordIsPasswordWeak2 _SecPasswordGenerate _SecPasswordCopyDefaultPasswordLength _SecPasswordCreateWithRandomDigits +_SecPasswordValidatePasswordFormat // // Base64 // _SecBase64Encode +#if TARGET_OS_IPHONE _SecBase64Encode2 +#endif // // Trust // +_SecIsInternalRelease // Policies + _kSecPolicyAppleAST2DiagnosticsServerAuth _kSecPolicyAppleATVVPNProfileSigning _kSecPolicyAppleCodeSigning @@ -61,6 +66,8 @@ _kSecPolicyAppleGenericAppleSSLPinned _kSecPolicyAppleGSService _kSecPolicyAppleHomeKitServerAuth _kSecPolicyAppleiAP +_kSecPolicyAppleiCloudSetupServerAuth +_kSecPolicyAppleiCloudSetupCompatibilityServerAuth _kSecPolicyAppleIDAuthority _kSecPolicyAppleIDSService _kSecPolicyAppleIDSServiceContext @@ -136,23 +143,27 @@ _kSecPolicyCheckExtendedValidation _kSecPolicyCheckGrayListedKey _kSecPolicyCheckGrayListedLeaf _kSecPolicyCheckIdLinkage +_kSecPolicyCheckIntermediateCountry _kSecPolicyCheckIntermediateEKU _kSecPolicyCheckIntermediateMarkerOid +_kSecPolicyCheckIntermediateOrganization _kSecPolicyCheckIntermediateSPKISHA256 _kSecPolicyCheckIssuerCommonName _kSecPolicyCheckKeySize _kSecPolicyCheckKeyUsage _kSecPolicyCheckLeafMarkerOid _kSecPolicyCheckLeafMarkerOidWithoutValueCheck +_kSecPolicyCheckLeafMarkersProdAndQA _kSecPolicyCheckNoNetworkAccess _kSecPolicyCheckNonEmptySubject _kSecPolicyCheckNotValidBefore _kSecPolicyCheckQualifiedCertStatements _kSecPolicyCheckRevocation -_kSecPolicyCheckRevocationResponseRequired -_kSecPolicyCheckRevocationOCSP -_kSecPolicyCheckRevocationCRL _kSecPolicyCheckRevocationAny +_kSecPolicyCheckRevocationCRL +_kSecPolicyCheckRevocationOCSP +_kSecPolicyCheckRevocationOnline +_kSecPolicyCheckRevocationResponseRequired _kSecPolicyCheckSignatureHashAlgorithms _kSecPolicyCheckSSLHostname _kSecPolicyCheckSubjectCommonName @@ -160,6 +171,7 @@ _kSecPolicyCheckSubjectCommonNamePrefix _kSecPolicyCheckSubjectCommonNameTEST _kSecPolicyCheckSubjectOrganization _kSecPolicyCheckSubjectOrganizationalUnit +_kSecPolicyCheckSystemTrustedWeakHash _kSecPolicyCheckUsageConstraints _kSecPolicyCheckValidIntermediates _kSecPolicyCheckValidLeaf @@ -167,6 +179,8 @@ _kSecPolicyCheckValidRoot _kSecPolicyCheckWeakIntermediates _kSecPolicyCheckWeakLeaf _kSecPolicyCheckWeakRoot +_kSecPolicyLeafMarkerProd +_kSecPolicyLeafMarkerQA // Policy Properties _kSecPolicyClient @@ -179,7 +193,7 @@ _kSecPolicyPolicyName _kSecPolicyRevocationFlags _kSecPolicyTeamIdentifier -#if TARGET_OS_MAC && !TARGET_OS_IPHONE +#if TARGET_OS_OSX _kSecPolicyKU_CRLSign _kSecPolicyKU_DataEncipherment _kSecPolicyKU_DecipherOnly @@ -203,6 +217,7 @@ _SecPolicyCheckCertSSLHostname _SecPolicyCheckCertSubjectCommonName _SecPolicyCheckCertSubjectCommonNamePrefix _SecPolicyCheckCertSubjectCommonNameTEST +_SecPolicyCheckCertSubjectCountry _SecPolicyCheckCertSubjectOrganization _SecPolicyCheckCertSubjectOrganizationalUnit _SecPolicyCopyProperties @@ -211,11 +226,13 @@ _SecPolicyCreateAppleAST2Service _SecPolicyCreateAppleATVVPNProfileSigning _SecPolicyCreateAppleCompatibilityEscrowProxyService _SecPolicyCreateAppleCompatibilityMMCSService +_SecPolicyCreateAppleCompatibilityiCloudSetupService _SecPolicyCreateAppleEscrowProxyService _SecPolicyCreateAppleExternalDeveloper _SecPolicyCreateAppleFMiPService _SecPolicyCreateAppleGSService _SecPolicyCreateAppleHomeKitServerAuth +_SecPolicyCreateAppleiCloudSetupService _SecPolicyCreateAppleIDAuthorityPolicy _SecPolicyCreateAppleIDSService _SecPolicyCreateAppleIDSServiceContext @@ -274,7 +291,7 @@ _SecPolicyCreateWithProperties _SecPolicyGetName _SecPolicyGetOidString _SecPolicyGetTypeID -#if TARGET_OS_MAC && !TARGET_OS_IPHONE +#if TARGET_OS_OSX _SecPolicyCopy _SecPolicyCopyAll _SecPolicyCreateAppleTimeStampingAndRevocationPolicies @@ -320,24 +337,27 @@ _kSecTrustCertificateTransparency _kSecTrustCertificateTransparencyWhiteList _kSecTrustEvaluationDate _kSecTrustExtendedValidation -_kSecTrustOrganizationName -_kSecTrustResultDetails -_kSecTrustResultValue -_kSecTrustRevocationChecked -_kSecTrustRevocationReason -_kSecTrustRevocationValidUntilDate _kSecTrustInfoCertificateTransparencyKey _kSecTrustInfoCertificateTransparencyWhiteListKey _kSecTrustInfoCompanyNameKey _kSecTrustInfoExtendedValidationKey _kSecTrustInfoRevocationKey _kSecTrustInfoRevocationValidUntilKey +_kSecTrustOrganizationName +_kSecTrustResultDetails +_kSecTrustResultValue +_kSecTrustRevocationChecked +_kSecTrustRevocationReason +_kSecTrustRevocationValidUntilDate +_SecTrustAddToInputCertificates _SecTrustCopyCustomAnchorCertificates _SecTrustCopyDetailedPropertiesAtIndex _SecTrustCopyExceptions _SecTrustCopyFailureDescription +_SecTrustCopyFilteredDetails _SecTrustCopyInfo +_SecTrustCopyInputCertificates _SecTrustCopyPolicies _SecTrustCopyProperties _SecTrustCopyPublicKey @@ -369,7 +389,7 @@ _SecTrustSetPolicies _SecTrustSetSignedCertificateTimestamps _SecTrustSetTrustedLogs _SecTrustSetVerifyDate -#if TARGET_OS_MAC && !TARGET_OS_IPHONE +#if TARGET_OS_OSX _SecTrustCopyAnchorCertificates _SecTrustCopyExtendedResult _SecTrustCopyProperties_ios @@ -387,14 +407,44 @@ _SecTrustSetOptions _SecTrustSetParameters _SecTrustSetUserTrust _SecTrustSetUserTrustLegacy + +_SecTrustSettingsCopyCertificates +_SecTrustSettingsCopyCertificatesForUserAdminDomains +_SecTrustSettingsCopyModificationDate +_SecTrustSettingsCopyQualifiedCerts +_SecTrustSettingsCopyTrustSettings +_SecTrustSettingsCopyUnrestrictedRoots +_SecTrustSettingsCreateExternalRepresentation +_SecTrustSettingsEvaluateCert +_SecTrustSettingsImportExternalRepresentation +_SecTrustSettingsRemoveTrustSettings +_SecTrustSettingsSetTrustSettings +_SecTrustSettingsSetTrustSettingsExternal +_SecTrustedApplicationCopyData +_SecTrustedApplicationCopyExternalRepresentation +_SecTrustedApplicationCopyRequirement +_SecTrustedApplicationCreateApplicationGroup +_SecTrustedApplicationCreateFromPath +_SecTrustedApplicationCreateFromRequirement +_SecTrustedApplicationCreateWithExternalRepresentation +_SecTrustedApplicationGetTypeID +_SecTrustedApplicationIsUpdateCandidate +_SecTrustedApplicationMakeEquivalent +_SecTrustedApplicationRemoveEquivalence +_SecTrustedApplicationSetData +_SecTrustedApplicationUseAlternateSystem +_SecTrustedApplicationValidateWithPath #endif + +#if TARGET_OS_IPHONE _SecTrustStoreContains +_SecTrustStoreCopyAll +_SecTrustStoreCopyUsageConstraints _SecTrustStoreForDomain _SecTrustStoreGetSettingsVersionNumber _SecTrustStoreRemoveCertificate _SecTrustStoreSetTrustSettings -_SecTrustStoreCopyAll -_SecTrustStoreCopyUsageConstraints +#endif // // Identity @@ -404,24 +454,24 @@ _SecIdentityCopyCertificate _SecIdentityCopyPrivateKey _SecIdentityCreate _SecIdentityGetTypeID -_SecIdentitySignCertificate + // // Certificate // -_kSecCertificateKeyUsage _kSecCertificateEscrowFileName -_kSecCertificateExtensions -_kSecCertificateExtensionsEncoded _kSecCertificateProductionEscrowKey _kSecCertificateProductionPCSEscrowKey _SecCertificateCopyAttributeDictionary +_SecCertificateCopyCommonName _SecCertificateCopyCommonNames _SecCertificateCopyCompanyName -_SecCertificateCopyEscrowRoots +_SecCertificateCopyCountry _SecCertificateCopyDNSNames _SecCertificateCopyData +_SecCertificateCopyEmailAddresses +_SecCertificateCopyEscrowRoots _SecCertificateCopyExtendedKeyUsage _SecCertificateCopyiAPAuthCapabilities _SecCertificateCopyIPAddresses @@ -429,6 +479,8 @@ _SecCertificateCopyIssuerSHA1Digest _SecCertificateCopyIssuerSequence _SecCertificateCopyIssuerSummary _SecCertificateCopyKeychainItem +_SecCertificateCopyNormalizedIssuerSequence +_SecCertificateCopyNormalizedSubjectSequence _SecCertificateCopyNTPrincipalNames _SecCertificateCopyOrganization _SecCertificateCopyOrganizationalUnit @@ -446,7 +498,7 @@ _SecCertificateCopySubjectSequence _SecCertificateCopySubjectString _SecCertificateCopySubjectSummary _SecCertificateCopySummaryProperties -_SecCertificateCreate +_SecCertificateCreateFromAttributeDictionary _SecCertificateCreateOidDataFromString _SecCertificateCreateWithBytes _SecCertificateCreateWithData @@ -466,10 +518,10 @@ _SecCertificateGetKeyUsage _SecCertificateGetLength _SecCertificateGetNormalizedIssuerContent _SecCertificateGetNormalizedSubjectContent -_SecDistinguishedNameCopyNormalizedContent _SecCertificateGetOCSPResponders _SecCertificateGetPermittedSubtrees _SecCertificateGetPolicyConstraints +_SecCertificateGetPolicyMappings _SecCertificateGetPublicKeyAlgorithm _SecCertificateGetPublicKeyData _SecCertificateGetSHA1Digest @@ -494,6 +546,61 @@ _SecCertificateNotValidAfter _SecCertificateNotValidBefore _SecCertificateParseGeneralNameContentProperty _SecCertificateParseGeneralNames +_SecCertificateSetKeychainItem +_SecCertificateShow +_SecCertificateVersion +_SecDistinguishedNameCopyNormalizedContent +#if TARGET_OS_OSX +_SecCertificateAddToKeychain +_SecCertificateCopyFieldValues +_SecCertificateCopyFirstFieldValue +_SecCertificateCopyLongDescription +_SecCertificateCopyNormalizedIssuerContent +_SecCertificateCopyNormalizedSubjectContent +_SecCertificateCopyPreference +_SecCertificateCopyPreferred +_SecCertificateCopyPublicKey_ios +_SecCertificateCopyPublicKeyP +_SecCertificateCopyPublicKeySHA1DigestFromCertificateData +_SecCertificateCopyShortDescription +_SecCertificateCopySubjectComponent +_SecCertificateCopyValues +_SecCertificateCreateFromData +_SecCertificateCreateItemImplInstance +_SecCertificateCreateWithDataP +_SecCertificateFindByEmail +_SecCertificateFindByIssuerAndSN +_SecCertificateFindBySubjectKeyID +_SecCertificateGetAlgorithmID +_SecCertificateGetCLHandle +_SecCertificateGetCLHandle_legacy +_SecCertificateGetCommonName +_SecCertificateGetData +_SecCertificateGetEmailAddress +_SecCertificateGetIssuer +_SecCertificateGetSubject +_SecCertificateGetType +_SecCertificateInferLabel +_SecCertificateIsValidX +_SecCertificateReleaseFieldValues +_SecCertificateReleaseFirstFieldValue +_SecCertificateSetPreference +_SecCertificateSetPreferred +#endif + +// +// CertificateBundle +// + +#if TARGET_OS_OSX +_SecCertifcateBundleExport +_SecCertificateBundleExport +_SecCertificateBundleImport +#endif /* TARGET_OS_OSX */ + +// +// CertificatePath +// _SecCertificatePathCopyAddingLeaf _SecCertificatePathCopyCertificates _SecCertificatePathCopyFromParent @@ -516,9 +623,8 @@ _SecCertificatePathSetIsAnchored _SecCertificatePathSetNextSourceIndex _SecCertificatePathSetSelfIssued _SecCertificatePathVerify -_SecCertificateSetKeychainItem -_SecCertificateVersion +#if TARGET_OS_IPHONE // // SCEP // @@ -528,60 +634,89 @@ _SecSCEPGenerateCertificateRequest _SecSCEPVerifyReply _SecSCEPValidateCACertMessage _SecSCEPGetCertInitial +#endif // // CSR // - +_kSecCertificateKeyUsage +_kSecCertificateExtensions +_kSecCertificateExtensionsEncoded +_kSecCSRBasicContraintsPathLen +_kSecCSRChallengePassword +_kSecOidCommonName +_kSecOidCountryName +_kSecOidLocalityName +_kSecOidOrganization +_kSecOidOrganizationalUnit +_kSecOidStateProvinceName _kSecSubjectAltName -_SecVerifyCertificateRequest +_SecASN1PrintableString +_SecASN1UTF8String _SecGenerateCertificateRequest _SecGenerateCertificateRequestWithParameters _SecGenerateSelfSignedCertificate +_SecIdentitySignCertificate +_SecVerifyCertificateRequest +#if TARGET_OS_OSX +_SecCertificateFindRequest +_SecCertificateRequestCreate +_SecCertificateRequestGetData +_SecCertificateRequestGetResult +_SecCertificateRequestGetType +_SecCertificateRequestGetTypeID +_SecCertificateRequestSubmit +#endif // // OTR // -_SecOTRSKickTimeToRoll -_SecOTRSGetTheirKeyID -_SecOTRSGetKeyID + +#if TARGET_OS_IPHONE _SecFDHKAppendCompactPublicSerialization _SecFDHKAppendPublicSerialization + _SecOTRCopyIncomingBytes -_SecOTRPublicDHKCreateFromSerialization -_SecOTRPublicDHKCreateFromCompactSerialization _SecOTRDHKGenerateOTRKeys -_SecOTRFullDHKCreate -_SecOTRPublicDHKCreateFromFullKey -_SecOTRSessionCreateFromID -_SecOTRSessionCreateFromIDAndFlags -_SecOTRSessionCreateFromData -_SecOTRSessionReset -_SecOTRSAppendSerialization -_SecOTRSAppendStartPacket -_SecOTRSAppendRestartPacket -_SecOTRSProcessPacket -_SecOTRSEndSession -_SecOTRSGetIsReadyForMessages -_SecOTRSGetIsIdle -_SecOTRSGetMessageKind -_SecOTRSIsForKeys -_SecOTRSSignAndProtectMessage -_SecOTRSVerifyAndExposeMessage -_SecOTRSPrecalculateKeys _SecOTRFIAppendSerialization _SecOTRFIPurgeAllFromKeychain _SecOTRFIPurgeFromKeychain +_SecOTRFullDHKCreate _SecOTRFullIdentityCreate _SecOTRFullIdentityCreateFromData -_SecOTRFullIdentityCreateFromSecKeyRef _SecOTRPIAppendSerialization +_SecOTRPacketTypeString +_SecOTRPublicDHKCreateFromCompactSerialization +_SecOTRPublicDHKCreateFromFullKey +_SecOTRPublicDHKCreateFromSerialization _SecOTRPublicIdentityCopyFromPrivate _SecOTRPublicIdentityCreateFromData -_SecOTRPublicIdentityCreateFromSecKeyRef -_SecOTRPacketTypeString +_SecOTRSEndSession +_SecOTRSGetKeyID +_SecOTRSGetTheirKeyID +_SecOTRSKickTimeToRoll +_SecOTRSPrecalculateKeys _SecOTRSessionCreateRemote _SecOTRSessionProcessPacketRemote +#endif + +_SecOTRFullIdentityCreateFromSecKeyRef +_SecOTRSIsForKeys +_SecOTRPublicIdentityCreateFromSecKeyRef +_SecOTRSAppendRestartPacket +_SecOTRSAppendSerialization +_SecOTRSAppendStartPacket +_SecOTRSGetIsIdle +_SecOTRSGetIsReadyForMessages +_SecOTRSGetMessageKind +_SecOTRSProcessPacket +_SecOTRSSignAndProtectMessage +_SecOTRSVerifyAndExposeMessage +_SecOTRSessionCreateFromData +_SecOTRSessionCreateFromID +_SecOTRSessionCreateFromIDAndFlags +_SecOTRSessionReset + // // DH @@ -589,7 +724,9 @@ _SecOTRSessionProcessPacketRemote _SecDHComputeKey _SecDHCreate +#if TARGET_OS_IPHONE _SecDHCreateFromAlgorithmId +#endif _SecDHCreateFromParameters _SecDHDecodeParams _SecDHDestroy @@ -597,17 +734,21 @@ _SecDHEncodeParams _SecDHGenerateKeypair _SecDHGetMaxKeyLength +#if TARGET_OS_IPHONE // // Securityd client // _gSecurityd +#endif +#if TARGET_OS_IPHONE // // XPC // -_kSecXPCKeyPeerInfos +_kSecXPCKeyPeerInfoArray +_kSecXPCKeyPeerInfo _kSecXPCKeyOperation _kSecXPCKeyResult _kSecXPCKeyError @@ -619,6 +760,7 @@ _sSecXPCErrorDomain _kSecXPCKeyOTAFileDirectory _kSecXPCKeyEscrowLabel _kSecXPCKeyTriesLabel +#endif // @@ -633,23 +775,136 @@ _SecSetLoggingInfoForCircleScope // CMS // +#if TARGET_OS_IPHONE + +_SecCMSCertificatesOnlyMessageCopyCertificates +_SecCMSCreateCertificatesOnlyMessage +_SecCMSCreateCertificatesOnlyMessageIAP +_SecCMSCreateEnvelopedData +_SecCMSDecryptEnvelopedData +_SecCMSSignDataAndAttributes +_SecCMSSignDigestAndAttributes +_SecCmsContentInfoGetBulkKey +_SecCmsContentInfoGetBulkKeySize +_SecCmsContentInfoGetChildContentInfo +_SecCmsContentInfoGetContent +_SecCmsContentInfoGetContentEncAlg +_SecCmsContentInfoGetContentEncAlgTag +_SecCmsContentInfoGetContentTypeOID +_SecCmsContentInfoGetContentTypeTag +_SecCmsContentInfoGetInnerContent +_SecCmsContentInfoSetBulkKey +_SecCmsContentInfoSetContentData +_SecCmsContentInfoSetContentDigestedData +_SecCmsContentInfoSetContentEncAlg +_SecCmsContentInfoSetContentEncAlgID +_SecCmsContentInfoSetContentEncryptedData +_SecCmsContentInfoSetContentEnvelopedData +_SecCmsContentInfoSetContentSignedData +_SecCmsDecoderCreate +_SecCmsDecoderDestroy +_SecCmsDecoderFinish +_SecCmsDecoderUpdate +_SecCmsDigestContextCancel +_SecCmsDigestContextDestroy +_SecCmsDigestContextFinishMultiple +_SecCmsDigestContextStartMultiple +_SecCmsDigestContextUpdate +_SecCmsDigestedDataCreate +_SecCmsDigestedDataDestroy +_SecCmsDigestedDataGetContentInfo +_SecCmsEncoderCreate +_SecCmsEncoderDestroy +_SecCmsEncoderFinish +_SecCmsEncoderUpdate +_SecCmsEncryptedDataCreate +_SecCmsEncryptedDataDestroy +_SecCmsEncryptedDataGetContentInfo +_SecCmsEnvelopedDataCreate +_SecCmsEnvelopedDataDestroy +_SecCmsEnvelopedDataGetContentInfo +_SecCmsMessageContainsCertsOrCrls +_SecCmsMessageContentLevel +_SecCmsMessageContentLevelCount +_SecCmsMessageCopy +_SecCmsMessageCreate +_SecCmsMessageDecode +_SecCmsMessageDestroy +_SecCmsMessageEncode +_SecCmsMessageGetContent +_SecCmsMessageGetContentInfo +_SecCmsMessageIsContentEmpty +_SecCmsMessageIsEncrypted +_SecCmsMessageIsSigned +_SecCmsRecipientInfoCreate +_SecCmsRecipientInfoCreateWithSubjKeyID +_SecCmsSignedDataAddCertChain +_SecCmsSignedDataAddCertList +_SecCmsSignedDataAddCertificate +_SecCmsSignedDataContainsCertsOrCrls +_SecCmsSignedDataCreate +_SecCmsSignedDataCreateCertsOnly +_SecCmsSignedDataDestroy +_SecCmsSignedDataGetCertificateList +_SecCmsSignedDataGetContentInfo +_SecCmsSignedDataGetDigestAlgs +_SecCmsSignedDataGetSignerInfo +_SecCmsSignedDataGetSignerInfos +_SecCmsSignedDataHasDigests +_SecCmsSignedDataImportCerts +_SecCmsSignedDataSetDigestContext +_SecCmsSignedDataSignerInfoCount +_SecCmsSignedDataVerifyCertsOnly +_SecCmsSignedDataVerifySignerInfo +_SecCmsSignerInfoAddAppleCodesigningHashAgility +_SecCmsSignerInfoAddCounterSignature +_SecCmsSignerInfoAddMSSMIMEEncKeyPrefs +_SecCmsSignerInfoAddSMIMECaps +_SecCmsSignerInfoAddSMIMEEncKeyPrefs +_SecCmsSignerInfoAddSigningTime +_SecCmsSignerInfoCreate +_SecCmsSignerInfoCreateWithSubjKeyID +_SecCmsSignerInfoGetAppleCodesigningHashAgility +_SecCmsSignerInfoGetCertList +_SecCmsSignerInfoGetDigestAlg +_SecCmsSignerInfoGetDigestAlgTag +_SecCmsSignerInfoGetSignerCommonName +_SecCmsSignerInfoGetSignerEmailAddress +_SecCmsSignerInfoGetSigningCertificate +_SecCmsSignerInfoGetSigningTime +_SecCmsSignerInfoGetVerificationStatus +_SecCmsSignerInfoIncludeCerts +_SecCmsSignerInfoSaveSMIMEProfile +_SecCmsUtilVerificationStatusToString +_kSecCMSAdditionalCerts +_kSecCMSAllCerts _kSecCMSBulkEncryptionAlgorithm -_kSecCMSSignDigest -_kSecCMSSignDetached -_kSecCMSSignHashAlgorithm -_kSecCMSEncryptionAlgorithmDESCBC +_kSecCMSCertChainMode +_kSecCMSCertChainModeNone _kSecCMSEncryptionAlgorithmAESCBC +_kSecCMSEncryptionAlgorithmDESCBC _kSecCMSHashingAlgorithmMD5 _kSecCMSHashingAlgorithmSHA1 _kSecCMSHashingAlgorithmSHA256 _kSecCMSHashingAlgorithmSHA384 _kSecCMSHashingAlgorithmSHA512 -_kSecCMSCertChainMode -_kSecCMSAdditionalCerts -_kSecCMSSignedAttributes _kSecCMSSignDate -_kSecCMSAllCerts -_kSecCMSCertChainModeNone +_kSecCMSSignDetached +_kSecCMSSignDigest +_kSecCMSSignHashAlgorithm +_kSecCMSSignedAttributes + +#elif TARGET_OS_OSX +// +// libsecurity_smime +// +_SecArenaPoolCreate +_SecArenaPoolFree +_SecCMSCertificatesOnlyMessageCopyCertificates +_SecCMSCreateCertificatesOnlyMessage +_SecCMSCreateCertificatesOnlyMessageIAP +_SecCMSCreateEnvelopedData +_SecCMSDecryptEnvelopedData _SecCmsContentInfoGetBulkKey _SecCmsContentInfoGetBulkKeySize _SecCmsContentInfoGetChildContentInfo @@ -666,13 +921,13 @@ _SecCmsContentInfoSetContentEncAlg _SecCmsContentInfoSetContentEncAlgID _SecCmsContentInfoSetContentEncryptedData _SecCmsContentInfoSetContentEnvelopedData +_SecCmsContentInfoSetContentOther _SecCmsContentInfoSetContentSignedData _SecCmsDecoderCreate _SecCmsDecoderDestroy _SecCmsDecoderFinish _SecCmsDecoderUpdate _SecCmsDigestContextCancel -_SecCmsDigestContextDestroy _SecCmsDigestContextFinishMultiple _SecCmsDigestContextStartMultiple _SecCmsDigestContextUpdate @@ -686,10 +941,12 @@ _SecCmsEncoderUpdate _SecCmsEncryptedDataCreate _SecCmsEncryptedDataDestroy _SecCmsEncryptedDataGetContentInfo +_SecCmsEnvelopedDataAddRecipient _SecCmsEnvelopedDataCreate _SecCmsEnvelopedDataDestroy _SecCmsEnvelopedDataGetContentInfo _SecCmsMessageContainsCertsOrCrls +_SecCmsMessageContainsTSTInfo _SecCmsMessageContentLevel _SecCmsMessageContentLevelCount _SecCmsMessageCopy @@ -697,16 +954,22 @@ _SecCmsMessageCreate _SecCmsMessageDecode _SecCmsMessageDestroy _SecCmsMessageEncode +_SecCmsMessageGetArena _SecCmsMessageGetContent _SecCmsMessageGetContentInfo _SecCmsMessageIsContentEmpty _SecCmsMessageIsEncrypted _SecCmsMessageIsSigned +_SecCmsMessageSetTSACallback +_SecCmsMessageSetTSAContext _SecCmsRecipientInfoCreate _SecCmsRecipientInfoCreateWithSubjKeyID +_SecCmsRecipientInfoCreateWithSubjKeyIDFromCert +_SecCmsRecipientInfoDestroy _SecCmsSignedDataAddCertChain _SecCmsSignedDataAddCertList _SecCmsSignedDataAddCertificate +_SecCmsSignedDataAddSignerInfo _SecCmsSignedDataContainsCertsOrCrls _SecCmsSignedDataCreate _SecCmsSignedDataCreateCertsOnly @@ -718,125 +981,217 @@ _SecCmsSignedDataGetSignerInfo _SecCmsSignedDataGetSignerInfos _SecCmsSignedDataHasDigests _SecCmsSignedDataImportCerts -_SecCmsSignedDataSetDigestContext +_SecCmsSignedDataSetDigests _SecCmsSignedDataSignerInfoCount _SecCmsSignedDataVerifyCertsOnly _SecCmsSignedDataVerifySignerInfo +_SecCmsSignerInfoAddAppleCodesigningHashAgility _SecCmsSignerInfoAddCounterSignature _SecCmsSignerInfoAddMSSMIMEEncKeyPrefs _SecCmsSignerInfoAddSMIMECaps _SecCmsSignerInfoAddSMIMEEncKeyPrefs _SecCmsSignerInfoAddSigningTime -_SecCmsSignerInfoAddAppleCodesigningHashAgility _SecCmsSignerInfoCreate _SecCmsSignerInfoCreateWithSubjKeyID +_SecCmsSignerInfoDestroy +_SecCmsSignerInfoGetAppleCodesigningHashAgility _SecCmsSignerInfoGetCertList _SecCmsSignerInfoGetDigestAlg _SecCmsSignerInfoGetDigestAlgTag +_SecCmsSignerInfoGetEncDigest _SecCmsSignerInfoGetSignerCommonName _SecCmsSignerInfoGetSignerEmailAddress _SecCmsSignerInfoGetSigningCertificate _SecCmsSignerInfoGetSigningTime -_SecCmsSignerInfoGetAppleCodesigningHashAgility +_SecCmsSignerInfoGetTimestampTime _SecCmsSignerInfoGetVerificationStatus _SecCmsSignerInfoIncludeCerts _SecCmsSignerInfoSaveSMIMEProfile +_SecCmsTSADefaultCallback +_SecCmsTSAGetDefaultContext _SecCmsUtilVerificationStatusToString -_SecCMSCertificatesOnlyMessageCopyCertificates -_SecCMSCreateCertificatesOnlyMessage -_SecCMSCreateCertificatesOnlyMessageIAP -_SecCMSCreateEnvelopedData -_SecCMSDecryptEnvelopedData -_SecCMSSignDataAndAttributes -_SecCMSSignDigestAndAttributes +_SecTSAResponseCopyDEREncoding +_kSecCMSAdditionalCerts +_kSecCMSAllCerts +_kSecCMSBulkEncryptionAlgorithm +_kSecCMSCertChainMode +_kSecCMSEncryptionAlgorithmAESCBC +_kSecCMSEncryptionAlgorithmDESCBC +_kSecCMSHashingAlgorithmSHA1 +_kSecCMSHashingAlgorithmSHA256 +_kSecCMSHashingAlgorithmSHA384 +_kSecCMSHashingAlgorithmSHA512 +_kSecCMSSignDate +_kSecCMSSignDetached +_kSecCMSSignDigest +_kSecCMSSignHashAlgorithm +_kSecCMSSignedAttributes +_kTSAContextKeyNoCerts +_kTSAContextKeyURL +_kTSADebugContextKeyBadNonce +_kTSADebugContextKeyBadReq +#endif // TARGET_OS_OSX + _SecCMSVerify _SecCMSVerifyCopyDataAndAttributes _SecCMSVerifySignedData _SecCMSCreateSignedData + +#if TARGET_OS_IPHONE // // pbkdf2 // _pbkdf2 _pbkdf2_hmac_sha1 +_pbkdf2_hmac_sha256 _hmac_sha1_PRF +_hmac_sha256_PRF _SecKeyFromPassphraseDataHMACSHA1 +_SecKeyFromPassphraseDataHMACSHA256 +#endif // // Key // _CreatePrivateKeyMatchingQuery +#if TARGET_OS_IPHONE _SecECDoWithFullKey _SecECDoWithPubKey +#endif _SecECKeyCopyPublicBits _SecECKeyGetNamedCurve + + _SecKeyCopyAttestationKey +#if TARGET_OS_IPHONE _SecKeyCopyAttributeDictionary +#endif /* TARGET_OS_IPHONE */ _SecKeyCopyAttributes _SecKeyCopyExponent _SecKeyCopyExternalRepresentation +_SecKeyCopyKeyExchangeResult _SecKeyCopyMatchingPrivateKey _SecKeyCopyModulus _SecKeyCopyPersistentRef _SecKeyCopyPublicBytes _SecKeyCopyPublicKey -_SecKeyCopyKeyExchangeResult _SecKeyCreate _SecKeyCreateAttestation -_SecKeyCreateEncryptedData _SecKeyCreateDecryptedData _SecKeyCreateDuplicate -_SecKeyCreatePublicFromPrivate -_SecKeyCreateSignature -_SecKeyCreateFromAttributeDictionary +#if TARGET_OS_IPHONE _SecKeyCreateECPrivateKey _SecKeyCreateECPublicKey +#endif /* TARGET_OS_IPHONE */ +_SecKeyCreateEncryptedData +_SecKeyCreateFromAttributeDictionary + +#if TARGET_OS_OSX +_SecKeyCreateFromData +#endif /* TARGET_OS_OSX */ + _SecKeyCreateFromPublicBytes _SecKeyCreateFromPublicData _SecKeyCreateFromSubjectPublicKeyInfoData +#if TARGET_OS_OSX +_SecKeyCreatePair +#endif /* TARGET_OS_OSX */ _SecKeyCreatePersistentRefToMatchingPrivateKey -_SecKeyCreateRandomKey +_SecKeyCreatePublicFromPrivate +#if TARGET_OS_IPHONE _SecKeyCreateRSAPrivateKey +#endif /* TARGET_OS_IPHONE */ _SecKeyCreateRSAPublicKey +#if TARGET_OS_IPHONE _SecKeyCreateRSAPublicKey_ios +#endif /* TARGET_OS_IPHONE */ +_SecKeyCreateRandomKey +_SecKeyCreateSignature +#if TARGET_OS_OSX +_SecKeyCreateWithCSSMKey +#endif /* TARGET_OS_OSX */ _SecKeyCreateWithData _SecKeyDecrypt -_SecKeyFindWithPersistentRef +#if TARGET_OS_OSX +_SecKeyDeriveFromPassword +#endif +#if TARGET_OS_IPHONE _SecKeyDigestAndSign +#endif /* TARGET_OS_IPHONE */ _SecKeyDigestAndVerify _SecKeyEncrypt +#if TARGET_OS_OSX +_SecKeyGenerate +#endif +#if TARGET_OS_IPHONE +_SecKeyFindWithPersistentRef +#endif /* TARGET_OS_IPHONE */ _SecKeyGeneratePair +#if TARGET_OS_OSX +_SecKeyGeneratePairAsync +_SecKeyGenerateSymmetric +#endif /* TARGET_OS_OSX */ _SecKeyGetAlgorithmID _SecKeyGetAlgorithmId +#if TARGET_OS_IPHONE _SecKeyGetAlgorithmIdentifier +#endif /* TARGET_OS_IPHONE */ _SecKeyGetBlockSize +#if TARGET_OS_OSX +_SecKeyGetCSPHandle +_SecKeyGetCSSMKey +_SecKeyGetCredentials +#endif /* TARGET_OS_OSX */ _SecKeyGetMatchingPrivateKeyStatus _SecKeyGetSize +#if TARGET_OS_OSX +_SecKeyGetStrengthInBits +#endif /* TARGET_OS_OSX */ _SecKeyGetTypeID +#if TARGET_OS_OSX +_SecKeyImportPair +#endif /* TARGET_OS_OSX */ _SecKeyIsAlgorithmSupported _SecKeyRawSign _SecKeyRawVerify +#if TARGET_OS_OSX +_SecKeyRawVerifyOSX +#endif /* TARGET_OS_OSX */ _SecKeySetParameter _SecKeySignDigest +#if TARGET_OS_OSX +_SecKeyUnwrapSymmetric +#endif /* TARGET_OS_OSX */ _SecKeyVerifyDigest _SecKeyVerifySignature -_kSecKeyAlgorithmRSASignatureRaw -_kSecKeyAlgorithmRSASignatureRawCCUnit -_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw -_kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5 -_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 -_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 -_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 -_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 -_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 -_kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5 -_kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1 -_kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224 -_kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256 -_kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384 -_kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512 -_kSecKeyAlgorithmECDSASignatureRFC4754 + +#if TARGET_OS_OSX +_SecKeyWrapSymmetric +#endif +#if TARGET_OS_IPHONE +__SecKeyCopyUnwrapKey +__SecKeyCopyWrapKey +__kSecKeyWrapPGPFingerprint +__kSecKeyWrapPGPSymAlg +__kSecKeyWrapPGPWrapAlg +__kSecKeyWrapRFC6637Flags +__kSecKeyWrapRFC6637WrapDigestSHA256KekAES128 +__kSecKeyWrapRFC6637WrapDigestSHA512KekAES256 +#endif /* TARGET_OS_IPHONE */ +_kSecKeyAlgorithmECDHKeyExchangeCofactor +_kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1 +_kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224 +_kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256 +_kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384 +_kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512 +_kSecKeyAlgorithmECDHKeyExchangeStandard +_kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1 +_kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224 +_kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256 +_kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384 +_kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512 _kSecKeyAlgorithmECDSASignatureDigestX962 _kSecKeyAlgorithmECDSASignatureDigestX962SHA1 _kSecKeyAlgorithmECDSASignatureDigestX962SHA224 @@ -848,61 +1203,64 @@ _kSecKeyAlgorithmECDSASignatureMessageX962SHA224 _kSecKeyAlgorithmECDSASignatureMessageX962SHA256 _kSecKeyAlgorithmECDSASignatureMessageX962SHA384 _kSecKeyAlgorithmECDSASignatureMessageX962SHA512 -_kSecKeyAlgorithmRSAEncryptionRaw -_kSecKeyAlgorithmRSAEncryptionRawCCUnit -_kSecKeyAlgorithmRSAEncryptionPKCS1 +_kSecKeyAlgorithmECDSASignatureRFC4754 +_kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM +_kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM +_kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM +_kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM +_kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM +_kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM +_kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM +_kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM +_kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM +_kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM _kSecKeyAlgorithmRSAEncryptionOAEPSHA1 -_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 -_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 -_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 -_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 _kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM +_kSecKeyAlgorithmRSAEncryptionOAEPSHA224 _kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM +_kSecKeyAlgorithmRSAEncryptionOAEPSHA256 _kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM +_kSecKeyAlgorithmRSAEncryptionOAEPSHA384 _kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM +_kSecKeyAlgorithmRSAEncryptionOAEPSHA512 _kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM -_kSecKeyAlgorithmECDHKeyExchangeStandard -_kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1 -_kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224 -_kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256 -_kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384 -_kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512 -_kSecKeyAlgorithmECDHKeyExchangeCofactor -_kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1 -_kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224 -_kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256 -_kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384 -_kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512 -_kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM -_kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM -_kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM -_kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM -_kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM -_kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM -_kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM -_kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM -_kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM -_kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM -_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw +_kSecKeyAlgorithmRSAEncryptionPKCS1 +_kSecKeyAlgorithmRSAEncryptionRaw +_kSecKeyAlgorithmRSAEncryptionRawCCUnit +_kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5 _kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5 +_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw +_kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw +_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 +_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 +_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 +_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 +_kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 _kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5 +_kSecKeyAlgorithmRSASignatureMessagePKCS1v15MD5 +_kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1 +_kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224 +_kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256 +_kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384 +_kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512 +_kSecKeyAlgorithmRSASignatureRaw +_kSecKeyAlgorithmRSASignatureRawCCUnit +#if TARGET_OS_OSX +_kSecKeyAttributeName +#endif /* TARGET_OS_OSX */ _kSecKeyKeyExchangeParameterRequestedSize _kSecKeyKeyExchangeParameterSharedInfo +#if TARGET_OS_IPHONE _kSecPrivateKeyAttrs _kSecPublicKeyAttrs -__SecKeyCopyWrapKey -__SecKeyCopyUnwrapKey -__kSecKeyWrapPGPSymAlg -__kSecKeyWrapPGPFingerprint -__kSecKeyWrapPGPWrapAlg -__kSecKeyWrapRFC6637WrapDigestSHA256KekAES128 -__kSecKeyWrapRFC6637WrapDigestSHA512KekAES256 -__kSecKeyWrapRFC6637Flags +#endif /* TARGET_OS_IPHONE */ // // Keychain/SecItem // +#if TARGET_OS_IPHONE + _kSecAttrAFPServerSignature _kSecAttrAccessGroup _kSecAttrAccessGroupToken @@ -1023,11 +1381,157 @@ _kSecAttrTokenID _kSecAttrTokenIDSecureEnclave _kSecAttrTokenOID _kSecAttrTombstone -#include "Security/SecureObjectSync/SOSViews.exp-in" _kSecAttrType _kSecAttrVolume _kSecAttrWasAlwaysSensitive _kSecAttrWasNeverExtractable +#elif TARGET_OS_OSX + +_kSecAttrAFPServerSignature +_kSecAttrAccess +_kSecAttrAccessGroup +_kSecAttrAccessGroupToken +_kSecAttrAccessible +_kSecAttrAccessibleAfterFirstUnlock +_kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly +_kSecAttrAccessibleAlways +_kSecAttrAccessibleAlwaysPrivate +_kSecAttrAccessibleAlwaysThisDeviceOnly +_kSecAttrAccessibleAlwaysThisDeviceOnlyPrivate +_kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly +_kSecAttrAccessibleWhenUnlocked +_kSecAttrAccessibleWhenUnlockedThisDeviceOnly +_kSecAttrAccount +_kSecAttrAddress +_kSecAttrAlias +_kSecAttrApplicationLabel +_kSecAttrApplicationTag +_kSecAttrAuthenticationType +_kSecAttrAuthenticationTypeDPA +_kSecAttrAuthenticationTypeDefault +_kSecAttrAuthenticationTypeHTMLForm +_kSecAttrAuthenticationTypeHTTPBasic +_kSecAttrAuthenticationTypeHTTPDigest +_kSecAttrAuthenticationTypeMSN +_kSecAttrAuthenticationTypeNTLM +_kSecAttrAuthenticationTypeRPA +_kSecAttrCRLEncoding +_kSecAttrCRLType +_kSecAttrCanDecrypt +_kSecAttrCanDerive +_kSecAttrCanEncrypt +_kSecAttrCanSign +_kSecAttrCanSignRecover +_kSecAttrCanUnwrap +_kSecAttrCanVerify +_kSecAttrCanVerifyRecover +_kSecAttrCanWrap +_kSecAttrCertificateEncoding +_kSecAttrCertificateType +_kSecAttrComment +_kSecAttrCreationDate +_kSecAttrCreator +_kSecAttrDescription +_kSecAttrEffectiveKeySize +_kSecAttrEndDate +_kSecAttrGeneric +_kSecAttrHasCustomIcon +_kSecAttrIsExtractable +_kSecAttrIsInvisible +_kSecAttrIsModifiable +_kSecAttrIsNegative +_kSecAttrIsPermanent +_kSecAttrIsPrivate +_kSecAttrIsSensitive +_kSecAttrIssuer +_kSecAttrKeyClass +_kSecAttrKeyClassPrivate +_kSecAttrKeyClassPublic +_kSecAttrKeyClassSymmetric +_kSecAttrKeyCreator +_kSecAttrKeySizeInBits +_kSecAttrKeyType +_kSecAttrKeyType3DES +_kSecAttrKeyTypeAES +_kSecAttrKeyTypeCAST +_kSecAttrKeyTypeDES +_kSecAttrKeyTypeDSA +_kSecAttrKeyTypeEC +_kSecAttrKeyTypeECDSA +_kSecAttrKeyTypeECSECPrimeRandom +_kSecAttrKeyTypeRC2 +_kSecAttrKeyTypeRC4 +_kSecAttrKeyTypeRSA +_kSecAttrLabel +_kSecAttrModificationDate +_kSecAttrMultiUser +_kSecAttrNoLegacy +_kSecAttrPRF +_kSecAttrPRFHmacAlgSHA1 +_kSecAttrPRFHmacAlgSHA224 +_kSecAttrPRFHmacAlgSHA256 +_kSecAttrPRFHmacAlgSHA384 +_kSecAttrPRFHmacAlgSHA512 +_kSecAttrPath +_kSecAttrPort +_kSecAttrProtocol +_kSecAttrProtocolAFP +_kSecAttrProtocolAppleTalk +_kSecAttrProtocolDAAP +_kSecAttrProtocolEPPC +_kSecAttrProtocolFTP +_kSecAttrProtocolFTPAccount +_kSecAttrProtocolFTPProxy +_kSecAttrProtocolFTPS +_kSecAttrProtocolHTTP +_kSecAttrProtocolHTTPProxy +_kSecAttrProtocolHTTPS +_kSecAttrProtocolHTTPSProxy +_kSecAttrProtocolIMAP +_kSecAttrProtocolIMAPS +_kSecAttrProtocolIPP +_kSecAttrProtocolIRC +_kSecAttrProtocolIRCS +_kSecAttrProtocolLDAP +_kSecAttrProtocolLDAPS +_kSecAttrProtocolNNTP +_kSecAttrProtocolNNTPS +_kSecAttrProtocolPOP3 +_kSecAttrProtocolPOP3S +_kSecAttrProtocolRTSP +_kSecAttrProtocolRTSPProxy +_kSecAttrProtocolSMB +_kSecAttrProtocolSMTP +_kSecAttrProtocolSOCKS +_kSecAttrProtocolSSH +_kSecAttrProtocolTelnet +_kSecAttrProtocolTelnetS +_kSecAttrPublicKeyHash +_kSecAttrRounds +_kSecAttrSalt +_kSecAttrScriptCode +_kSecAttrSecurityDomain +_kSecAttrSerialNumber +_kSecAttrServer +_kSecAttrService +_kSecAttrStartDate +_kSecAttrSubject +_kSecAttrSubjectKeyID +_kSecAttrSyncViewHint +_kSecAttrSynchronizable +_kSecAttrSynchronizableAny +_kSecAttrTokenID +_kSecAttrTokenIDSecureEnclave +_kSecAttrTokenOID +_kSecAttrTombstone +_kSecAttrType +_kSecAttrVolume +_kSecAttrWasAlwaysSensitive +_kSecAttrWasNeverExtractable +#endif // TARGET_OS_OSX + +#include "Security/SecureObjectSync/SOSViews.exp-in" + _kSecClass _kSecClassAppleSharePassword _kSecClassCertificate @@ -1067,29 +1571,37 @@ _SecItemAdd _SecItemCopyDisplayNames _SecItemCopyMatching _SecItemDelete +#if TARGET_OS_IPHONE _SecItemDeleteAll +#endif _SecItemUpdate + __SecItemMakePersistentRef __SecItemParsePersistentRef +__SecKeychainBackupSyncable __SecKeychainCopyBackup __SecKeychainCopyOTABackup __SecKeychainRestoreBackup -__SecKeychainSyncUpdateMessage -__SecKeychainBackupSyncable -__SecKeychainRestoreSyncable __SecKeychainRestoreBackupFromFileDescriptor +__SecKeychainRestoreSyncable +__SecKeychainSyncUpdateMessage __SecKeychainWriteBackupToFileDescriptor __SecKeychainCopyKeybagUUIDFromFileDescriptor + _SecItemBackupWithRegisteredBackups _SecItemBackupSetConfirmedManifest _SecItemBackupRestore _SecItemBackupCopyMatching _SecItemBackupWithChanges +#if TARGET_OS_IPHONE __SecKeychainRollKeys + _SecAddSharedWebCredential _SecRequestSharedWebCredential _SecCreateSharedWebCredentialPassword _kSecSharedPassword +#endif + __SecSecuritydCopyWhoAmI __SecSyncBubbleTransfer __SecSystemKeychainTransfer @@ -1098,6 +1610,7 @@ _SecItemUpdateTokenItems _SecItemDeleteAllWithAccessGroups __SecTokenItemCopyValueData +#if TARGET_OS_IPHONE _kSecXPCKeyAttributesToUpdate _kSecXPCKeyBackup _kSecXPCKeyCertificate @@ -1113,11 +1626,14 @@ _kSecXPCOTRReady _kSecXPCKeyDeviceID _kSecXPCKeyIDSMessage _kSecXPCKeySendIDSMessage +#endif _SecCertificatePathCopyXPCArray _SecCertificateXPCArrayCopyArray _SecPolicyXPCArrayCopyArray +#if TARGET_OS_IPHONE _SecServerSetMachServiceName +#endif // // ServerEncryption @@ -1138,17 +1654,21 @@ _der_decode_plist _CFPropertyListCreateDERData _CFPropertyListCreateWithDERData +#if TARGET_OS_IPHONE // // DER // _DERDecodeItem +#endif // // EMCS // +#if TARGET_OS_IPHONE _SecEMCSCreateDerivedEMCSKey _SecEMCSCreateNewiDMSKey +#endif // // Custom CFAllocators diff --git a/OSX/sec/Security/SecFrameworkStrings.h b/OSX/sec/Security/SecFrameworkStrings.h index f628db3f..5f4519b0 100644 --- a/OSX/sec/Security/SecFrameworkStrings.h +++ b/OSX/sec/Security/SecFrameworkStrings.h @@ -70,6 +70,7 @@ __BEGIN_DECLS #define SEC_USAGE_KEY SecStringWithDefaultValue("Usage", "Certificate", 0, "Usage", "Label for KeyUsage bitfield values") #define SEC_NOT_VALID_BEFORE_KEY SecStringWithDefaultValue("Not Valid Before", "Certificate", 0, "Not Valid Before", "label indicating the soonest date at which something is valid") #define SEC_NOT_VALID_AFTER_KEY SecStringWithDefaultValue("Not Valid After", "Certificate", 0, "Not Valid After", "label indicating the date after which something is no longer valid") +#define SEC_VALIDITY_PERIOD_KEY SecStringWithDefaultValue("Validity Period", "Certificate", 0, "Validity Period", "") #define SEC_PRIVATE_KU_PERIOD_KEY SecStringWithDefaultValue("Private Key Usage Period", "Certificate", 0, "Private Key Usage Period", "Label for an invlaid private key se perion value") #define SEC_OTHER_NAME_KEY SecStringWithDefaultValue("Other Name", "Certificate", 0, "Other Name", "Label used for Other Name RDN when value is invalid") #define SEC_EMAIL_ADDRESS_KEY SecStringWithDefaultValue("Email Address", "Certificate", 0, "Email Address", "label for general name field value") @@ -173,12 +174,21 @@ __BEGIN_DECLS #define SEC_CERT_VERSION_VALUE_KEY SecStringWithDefaultValue("%d", "Certificate", 0, "%d", "format string to turn version number into a string") #define SEC_VERSION_KEY SecStringWithDefaultValue("Version", "Certificate", 0, "Version", "") #define SEC_SERIAL_NUMBER_KEY SecStringWithDefaultValue("Serial Number", "Certificate", 0, "Serial Number", "") -#define SEC_SIGNATURE_ALGORITHM_KEY SecStringWithDefaultValue("Signature Algorithm", "Certificate", 0, "Signature Algorithm", "") #define SEC_SUBJECT_UNIQUE_ID_KEY SecStringWithDefaultValue("Subject Unique ID", "Certificate", 0, "Subject Unique ID", "") #define SEC_ISSUER_UNIQUE_ID_KEY SecStringWithDefaultValue("Issuer Unique ID", "Certificate", 0, "Issuer Unique ID", "") + +#define SEC_PUBLIC_KEY_KEY SecStringWithDefaultValue("Public Key Info", "Certificate", 0, "Public Key Info", "") #define SEC_PUBLIC_KEY_ALG_KEY SecStringWithDefaultValue("Public Key Algorithm", "Certificate", 0, "Public Key Algorithm", "") -#define SEC_PULIC_KEY_DATA_KEY SecStringWithDefaultValue("Public Key Data", "Certificate", 0, "Public Key Data", "") +#define SEC_PUBLIC_KEY_DATA_KEY SecStringWithDefaultValue("Public Key Data", "Certificate", 0, "Public Key Data", "") +#define SEC_PUBLIC_KEY_SIZE_KEY SecStringWithDefaultValue("Public Key Size", "Certificate", 0, "Public Key Size", "") + #define SEC_SIGNATURE_KEY SecStringWithDefaultValue("Signature", "Certificate", 0, "Signature", "") +#define SEC_SIGNATURE_ALGORITHM_KEY SecStringWithDefaultValue("Signature Algorithm", "Certificate", 0, "Signature Algorithm", "") +#define SEC_SIGNATURE_DATA_KEY SecStringWithDefaultValue("Signature Data", "Certificate", 0, "Signature Data", "") + +#define SEC_FINGERPRINTS_KEY SecStringWithDefaultValue("Fingerprints", "Certificate", 0, "Fingerprints", "") +#define SEC_SHA1_FINGERPRINT_KEY SecStringWithDefaultValue("SHA-1", "Certificate", 0, "SHA-1", "") +#define SEC_SHA2_FINGERPRINT_KEY SecStringWithDefaultValue("SHA-256", "Certificate", 0, "SHA-256", "") /* SecTrust Strings. */ #define SEC_INVALID_LINKAGE_KEY SecStringWithDefaultValue("Invalid certificate chain linkage.", "Certificate", 0, "Invalid certificate chain linkage.", "") diff --git a/OSX/sec/Security/SecIdentity.h b/OSX/sec/Security/SecIdentity.h deleted file mode 100644 index 6ab8a4c9..00000000 --- a/OSX/sec/Security/SecIdentity.h +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright (c) 2002-2004,2007-2009,2012-2013 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecIdentity - The functions provided in SecIdentity.h implement a convenient way to - match private keys with certificates. -*/ - -#ifndef _SECURITY_SECIDENTITY_H_ -#define _SECURITY_SECIDENTITY_H_ - -#include -#include - -__BEGIN_DECLS - -CF_ASSUME_NONNULL_BEGIN -CF_IMPLICIT_BRIDGING_ENABLED - -/*! - @function SecIdentityGetTypeID - @abstract Returns the type identifier of SecIdentity instances. - @result The CFTypeID of SecIdentity instances. -*/ -CFTypeID SecIdentityGetTypeID(void) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); - -/*! - @function SecIdentityCopyCertificate - @abstract Returns a reference to a certificate for the given identity - reference. - @param identityRef An identity reference. - @param certificateRef On return, a pointer to the found certificate - reference. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecIdentityCopyCertificate( - SecIdentityRef identityRef, - SecCertificateRef * __nonnull CF_RETURNS_RETAINED certificateRef) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); - -/*! - @function SecIdentityCopyPrivateKey - @abstract Returns the private key associated with an identity. - @param identityRef An identity reference. - @param privateKeyRef On return, a pointer to the private key for the given - identity. The private key must be of class type kSecAppleKeyItemClass. - @result A result code. See "Security Error Codes" (SecBase.h). -*/ -OSStatus SecIdentityCopyPrivateKey( - SecIdentityRef identityRef, - SecKeyRef * __nonnull CF_RETURNS_RETAINED privateKeyRef) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); - -CF_IMPLICIT_BRIDGING_DISABLED -CF_ASSUME_NONNULL_END - -__END_DECLS - -#endif /* !_SECURITY_SECIDENTITY_H_ */ diff --git a/OSX/sec/Security/SecIdentityPriv.h b/OSX/sec/Security/SecIdentityPriv.h deleted file mode 100644 index 8d39dd20..00000000 --- a/OSX/sec/Security/SecIdentityPriv.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (c) 2007-2008,2010,2012-2013 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecIdentityPriv - The functions provided in SecIdentityPriv.h implement a convenient way to - match private keys with certificates. -*/ - -#ifndef _SECURITY_SECIDENTITYPRIV_H_ -#define _SECURITY_SECIDENTITYPRIV_H_ - -#include -#include - -__BEGIN_DECLS - -/*! @function SecIdentityCreate. - @abstract create a new identity object from the passed-in certificate - and private key. - @discussion this function will most likely become private SPI soon. -*/ -SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator, - SecCertificateRef certificate, SecKeyRef privateKey); - -__END_DECLS - -#endif /* !_SECURITY_SECIDENTITYPRIV_H_ */ diff --git a/OSX/sec/Security/SecImportExport.h b/OSX/sec/Security/SecImportExport.h deleted file mode 100644 index fcb56eb5..00000000 --- a/OSX/sec/Security/SecImportExport.h +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright (c) 2007-2009,2012-2013 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecImportExport - contains import/export functionality for keys and certificates. -*/ - -#ifndef _SECURITY_SECIMPORTEXPORT_H_ -#define _SECURITY_SECIMPORTEXPORT_H_ - -#include -#include -#include -#include -#include - -__BEGIN_DECLS - -CF_ASSUME_NONNULL_BEGIN -CF_IMPLICIT_BRIDGING_ENABLED - -/*! - @enum Import/Export options - @discussion Predefined key constants used to pass in arguments to the - import/export functions - @constant kSecImportExportPassphrase Specifies a passphrase represented by - a CFStringRef to be used to encrypt/decrypt. -*/ -extern const CFStringRef kSecImportExportPassphrase - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - -/*! - @enum Import/Export item description - @discussion Predefined key constants used to pass back a CFArray with a - CFDictionary per item. - - @constant kSecImportItemLabel a CFStringRef representing the item label. - This implementation specific identifier cannot be expected to have - any format. - @constant kSecImportItemKeyID a CFDataRef representing the key id. Often - the SHA-1 digest of the public key. - @constant kSecImportItemIdentity a SecIdentityRef representing the identity. - @constant kSecImportItemTrust a SecTrustRef set up with all relevant - certificates. Not guaranteed to succesfully evaluate. - @constant kSecImportItemCertChain a CFArrayRef holding all relevant - certificates for this item's identity -*/ -extern const CFStringRef kSecImportItemLabel - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecImportItemKeyID - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecImportItemTrust - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecImportItemCertChain - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); -extern const CFStringRef kSecImportItemIdentity - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - -/*! - @function SecPKCS12Import - @abstract return contents of a PKCS#12 formatted blob. - @param pkcs12_data PKCS#12 formatted data - @param options Dictionary containing options for decode. A - kSecImportExportPassphrase is required at a minimum. Only password- - based PKCS#12 blobs are currently supported. - @param items Array containing a dictionary for every item extracted. See - kSecImportItem constants. - @result errSecSuccess in case of success. errSecDecode means either the - blob can't be read or it is malformed. errSecAuthFailed means an - incorrect password was passed, or data in the container got damaged. -*/ -OSStatus SecPKCS12Import(CFDataRef pkcs12_data, CFDictionaryRef options, - CFArrayRef * __nonnull CF_RETURNS_RETAINED items) __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - -CF_IMPLICIT_BRIDGING_DISABLED -CF_ASSUME_NONNULL_END - -__END_DECLS - -#endif /* !_SECURITY_SECIMPORTEXPORT_H_ */ diff --git a/OSX/sec/Security/SecItem.c b/OSX/sec/Security/SecItem.c index dfed2289..0a2e523c 100644 --- a/OSX/sec/Security/SecItem.c +++ b/OSX/sec/Security/SecItem.c @@ -1158,17 +1158,19 @@ bool SecItemAuthDo(SecCFDictionaryCOW *auth_params, CFErrorRef *error, SecItemAu bool ok = false; CFArrayRef ac_pairs = NULL; SecCFDictionaryCOW auth_options = { NULL }; - //We need to create shared LAContext for Mail to reduce popups with Auth UI. - //This app-hack will be removed by: + // We need to create shared LAContext for Mail to reduce popups with Auth UI. + // This app-hack will be removed by: + // Similar workaround is for Safari, will be removed by fixing static CFTypeRef sharedLAContext = NULL; static CFDataRef sharedACMContext = NULL; static dispatch_once_t onceToken; dispatch_once(&onceToken, ^{ CFBundleRef bundle = CFBundleGetMainBundle(); - CFStringRef bundleName = (bundle != NULL)?CFBundleGetIdentifier(bundle):NULL; - if (bundleName && CFEqual(bundleName, CFSTR("com.apple.mail"))) { + CFStringRef bundleName = (bundle != NULL) ? CFBundleGetIdentifier(bundle) : NULL; + if (CFEqualSafe(bundleName, CFSTR("com.apple.mail")) || + CFEqualSafe(bundleName, CFSTR("com.apple.WebKit.Networking"))) { sharedLAContext = LACreateNewContextWithACMContext(NULL, error); - sharedACMContext = (sharedLAContext != NULL)?LACopyACMContext(sharedLAContext, error):NULL; + sharedACMContext = (sharedLAContext != NULL) ? LACopyACMContext(sharedLAContext, error) : NULL; } }); if (sharedLAContext && sharedACMContext && @@ -1834,18 +1836,17 @@ OSStatus SecItemDeleteAll(void) { return SecOSStatusWith(^bool (CFErrorRef *error) { - bool ok; + bool ok = true; if (gSecurityd) { - ok = true; #ifndef SECITEM_SHIM_OSX SecTrustStoreRef ts = SecTrustStoreForDomain(kSecTrustStoreDomainUser); if (!gSecurityd->sec_truststore_remove_all(ts, error)) - ok = SecError(errSecInternal, error, CFSTR("sec_truststore_remove_all is NULL")); + ok &= SecError(errSecInternal, error, CFSTR("sec_truststore_remove_all is NULL")); #endif // *** END SECITEM_SHIM_OSX *** if (!gSecurityd->sec_item_delete_all(error)) - ok = SecError(errSecInternal, error, CFSTR("sec_item_delete_all is NULL")); + ok &= SecError(errSecInternal, error, CFSTR("sec_item_delete_all is NULL")); } else { - ok = securityd_send_sync_and_do(sec_delete_all_id, error, NULL, NULL); + ok &= securityd_send_sync_and_do(sec_delete_all_id, error, NULL, NULL); } return ok; }); diff --git a/OSX/sec/Security/SecItemBackup.c b/OSX/sec/Security/SecItemBackup.c index f7009811..d11bdee0 100644 --- a/OSX/sec/Security/SecItemBackup.c +++ b/OSX/sec/Security/SecItemBackup.c @@ -47,6 +47,8 @@ #include #include +#include + static CFDataRef client_data_data_to_data_error_request(enum SecXPCOperation op, SecurityClient *client, CFDataRef keybag, CFDataRef passcode, CFErrorRef *error) { __block CFDataRef result = NULL; securityd_send_sync_and_do(op, error, ^bool(xpc_object_t message, CFErrorRef *error) { @@ -286,7 +288,9 @@ static bool SecKeychainWithBackupFile(CFStringRef backupName, CFErrorRef *error, secdebug("backup", "Receiving file for %@ failed, %d", backupName, errno); return SecCheckErrno(!backup, error, CFSTR("fdopen")); } else { - secdebug("backup", "Receiving file for %@ with fd %d of size %llu", backupName, fd, lseek(fd, 0, SEEK_END)); + struct stat sb; + fstat(fd, &sb); + secdebug("backup", "Receiving file for %@ with fd %d of size %llu", backupName, fd, sb.st_size); } with(backup); diff --git a/OSX/sec/Security/SecItemBackup.h b/OSX/sec/Security/SecItemBackup.h index 18dea32f..5cf8fc69 100644 --- a/OSX/sec/Security/SecItemBackup.h +++ b/OSX/sec/Security/SecItemBackup.h @@ -59,7 +59,7 @@ bool SecItemBackupWithRegisteredBackups(CFErrorRef *error, void(^backup)(CFStrin items for each of the built in dataSources to. @param backupName Name of this backup set. @param error Returned if there is a failure. - @param result bool standard CFError contract. + @result bool standard CFError contract. @discussion CloudServices is expected to call this SPI to stream out changes already spooled into a backup file by securityd. */ bool SecItemBackupWithChanges(CFStringRef backupName, CFErrorRef *error, void (^event)(SecBackupEventType et, CFTypeRef key, CFTypeRef item)); @@ -69,7 +69,7 @@ bool SecItemBackupWithChanges(CFStringRef backupName, CFErrorRef *error, void (^ @param backupName Name of this backup set. @param keybagDigest The SHA1 hash of the last received keybag. @param manifest Manifest of the backup. - @param result bool standard CFError contract. + @result bool standard CFError contract. @discussion cloudsvc is expected to call this SPI to whenever it thinks securityd might not be in sync with backupd of whenever it reads a backup from or writes a backup to kvs. */ bool SecItemBackupSetConfirmedManifest(CFStringRef backupName, CFDataRef keybagDigest, CFDataRef manifest, CFErrorRef *error); @@ -81,7 +81,6 @@ bool SecItemBackupSetConfirmedManifest(CFStringRef backupName, CFDataRef keybagD @param secret Credential to unlock keybag @param keybag keybag for this backup @param backup backup to be restored - @result Return true iff successful, return false and sets error to a suitable error if not. @discussion CloudServices iterates over all the backups, calling this for each backup with peer infos matching the chosen device. */ void SecItemBackupRestore(CFStringRef backupName, CFStringRef peerID, CFDataRef keybag, CFDataRef secret, CFTypeRef backup, void (^completion)(CFErrorRef error)); @@ -95,7 +94,7 @@ void SecItemBackupRestore(CFStringRef backupName, CFStringRef peerID, CFDataRef optional attributes for controlling the search. See the "Keychain Search Attributes" section of SecItemCopyMatching for a description of currently defined search attributes. - @param result CFTypeRef reference to the found item(s). The + @result CFTypeRef reference to the found item(s). The exact type of the result is based on the search attributes supplied in the query. Returns NULL and sets *error if there is a failure. @discussion This allows clients to "restore" a backup and fetch an item from diff --git a/OSX/sec/Security/SecItemInternal.h b/OSX/sec/Security/SecItemInternal.h index fb1fda87..30d4c20b 100644 --- a/OSX/sec/Security/SecItemInternal.h +++ b/OSX/sec/Security/SecItemInternal.h @@ -36,13 +36,14 @@ __BEGIN_DECLS -#define kSecServerKeychainChangedNotification "com.apple.security.keychainchanged" +#define kSecServerKeychainChangedNotification "com.apple.security.keychainchanged" +#define kSecServerCertificateTrustNotification "com.apple.security.certificatetrust" /* label when certificate data is joined with key data */ static const CFStringRef kSecAttrIdentityCertificateData = CFSTR("certdata"); static const CFStringRef kSecAttrIdentityCertificateTokenID = CFSTR("certtkid"); -CF_RETURNS_RETAINED CFDataRef _SecItemMakePersistentRef(CFTypeRef class, sqlite_int64 rowid); +CF_RETURNS_RETAINED CFDataRef _SecItemMakePersistentRef(CFTypeRef iclass, sqlite_int64 rowid); bool _SecItemParsePersistentRef(CFDataRef persistent_ref, CFStringRef *return_class, sqlite_int64 *return_rowid); diff --git a/OSX/sec/Security/SecKey.c b/OSX/sec/Security/SecKey.c index 1375ce93..62fb980a 100644 --- a/OSX/sec/Security/SecKey.c +++ b/OSX/sec/Security/SecKey.c @@ -24,7 +24,7 @@ /* * SecKey.c - CoreFoundation based key object */ - +#include #include #include @@ -41,10 +41,10 @@ #include "SecECKeyPriv.h" #include "SecCTKKeyPriv.h" #include "SecBasePriv.h" +#include #include #include -#include #include #include #include @@ -191,6 +191,8 @@ static Boolean SecKeyEqual(CFTypeRef cf1, CFTypeRef cf2) d2 = SecKeyCopyAttributeDictionary(key2); // Returning NULL is an error; bail out of the equality check if(!d1 || !d2) { + CFReleaseSafe(d1); + CFReleaseSafe(d2); return false; } Boolean result = CFEqual(d1, d2); @@ -560,7 +562,7 @@ static OSStatus SecKeyPerformLegacyOperation(SecKeyRef key, CFErrorRef error = NULL; OSStatus status = errSecSuccess; CFDataRef in1 = CFDataCreateWithBytesNoCopy(NULL, in1Ptr, in1Len, kCFAllocatorNull); - CFDataRef in2 = in2Ptr ? CFDataCreateWithBytesNoCopy(NULL, in2Ptr, in2Len, kCFAllocatorNull) : NULL; + CFDataRef in2 = CFDataCreateWithBytesNoCopy(NULL, in2Ptr, in2Len, kCFAllocatorNull); CFRange range = { 0, -1 }; CFTypeRef output = operation(in1, in2, &range, &error); require_quiet(output, out); @@ -619,7 +621,7 @@ OSStatus SecKeyRawVerify( } OSStatus status = SecKeyPerformLegacyOperation(key, signedData, signedDataLen, sig, sigLen, NULL, NULL, ^CFTypeRef(CFDataRef in1, CFDataRef in2, CFRange *range, CFErrorRef *error) { - return in2 != NULL && SecKeyVerifySignature(key, algorithm, in1, in2, error) + return SecKeyVerifySignature(key, algorithm, in1, in2, error) ? kCFBooleanTrue : NULL; }); return status; diff --git a/OSX/sec/Security/SecKey.h b/OSX/sec/Security/SecKey.h deleted file mode 100644 index 26c980d0..00000000 --- a/OSX/sec/Security/SecKey.h +++ /dev/null @@ -1,959 +0,0 @@ -/* - * Copyright (c) 2006-2009,2011-2013 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecKey - The functions provided in SecKey.h implement and manage a particular - type of keychain item that represents a key. A key can be stored in a - keychain, but a key can also be a transient object. -*/ - -#ifndef _SECURITY_SECKEY_H_ -#define _SECURITY_SECKEY_H_ - -#include -#include -#include -#include -#include -#include - -__BEGIN_DECLS - -CF_ASSUME_NONNULL_BEGIN -CF_IMPLICIT_BRIDGING_ENABLED - -/* Padding Types (iPhone OS 2.0 and later only). */ -typedef CF_OPTIONS(uint32_t, SecPadding) -{ - kSecPaddingNone = 0, - kSecPaddingPKCS1 = 1, // For EC, defaults to a signature in x9.62 DER encoding. - kSecPaddingOAEP = 2, - - /* For SecKeyRawSign/SecKeyRawVerify only, - ECDSA signature is raw byte format {r,s}, big endian. - First half is r, second half is s */ - kSecPaddingSigRaw = 0x4000, - - /* For SecKeyRawSign/SecKeyRawVerify only, data to be signed is an MD2 - hash; standard ASN.1 padding will be done, as well as PKCS1 padding - of the underlying RSA operation. */ - kSecPaddingPKCS1MD2 = 0x8000, /* Unsupported as of iOS 5.0 */ - - /* For SecKeyRawSign/SecKeyRawVerify only, data to be signed is an MD5 - hash; standard ASN.1 padding will be done, as well as PKCS1 padding - of the underlying RSA operation. */ - kSecPaddingPKCS1MD5 = 0x8001, /* Unsupported as of iOS 5.0 */ - - /* For SecKeyRawSign/SecKeyRawVerify only, data to be signed is a SHA1 - hash; standard ASN.1 padding will be done, as well as PKCS1 padding - of the underlying RSA operation. */ - kSecPaddingPKCS1SHA1 = 0x8002, - - /* For SecKeyRawSign/SecKeyRawVerify only, data to be signed is a SHA224 - hash; standard ASN.1 padding will be done, as well as PKCS1 padding - of the underlying RSA operation. */ - kSecPaddingPKCS1SHA224 = 0x8003, - - /* For SecKeyRawSign/SecKeyRawVerify only, data to be signed is a SHA256 - hash; standard ASN.1 padding will be done, as well as PKCS1 padding - of the underlying RSA operation. */ - kSecPaddingPKCS1SHA256 = 0x8004, - - /* For SecKeyRawSign/SecKeyRawVerify only, data to be signed is a SHA384 - hash; standard ASN.1 padding will be done, as well as PKCS1 padding - of the underlying RSA operation. */ - kSecPaddingPKCS1SHA384 = 0x8005, - - /* For SecKeyRawSign/SecKeyRawVerify only, data to be signed is a SHA512 - hash; standard ASN.1 padding will be done, as well as PKCS1 padding - of the underlying RSA operation. */ - kSecPaddingPKCS1SHA512 = 0x8006, -}; - - -/*! - @function SecKeyGetTypeID - @abstract Returns the type identifier of SecKey instances. - @result The CFTypeID of SecKey instances. -*/ -CFTypeID SecKeyGetTypeID(void) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); - -/*! - @enum Dictionary key constants for SecKeyGeneratePair API. - @discussion Predefined key constants used to get or set values - in a dictionary. - @constant kSecPrivateKeyAttrs The value for this key is a CFDictionaryRef - containing attributes specific for the private key to be generated. - @constant kSecPublicKeyAttrs The value for this key is a CFDictionaryRef - containing attributes specific for the public key to be generated. -*/ -extern const CFStringRef kSecPrivateKeyAttrs - __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_2_0); -extern const CFStringRef kSecPublicKeyAttrs - __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_2_0); - -/*! - @function SecKeyGeneratePair - @abstract Generate a private/public keypair. - @param parameters A dictionary containing one or more key-value pairs. - See the discussion sections below for a complete overview of options. - @param publicKey On return, a SecKeyRef reference to the public key. - @param privateKey On return, a SecKeyRef reference to the private key. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion In order to generate a keypair the parameters dictionary must - at least contain the following keys: - - * kSecAttrKeyType with a value being kSecAttrKeyTypeRSA or any other - kSecAttrKeyType defined in SecItem.h - * kSecAttrKeySizeInBits with a value being a CFNumberRef or CFStringRef - containing the requested key size in bits. Example sizes for RSA - keys are: 512, 768, 1024, 2048. - - The values below may be set either in the top-level dictionary or in a - dictionary that is the value of the kSecPrivateKeyAttrs or - kSecPublicKeyAttrs key in the top-level dictionary. Setting these - attributes explicitly will override the defaults below. See SecItem.h - for detailed information on these attributes including the types of - the values. - - * kSecAttrLabel default NULL - * kSecAttrIsPermanent if this key is present and has a Boolean - value of true, the key or key pair will be added to the default - keychain. - * kSecAttrTokenID if this key should be generated on specified token. This - attribute can contain CFStringRef and can be present only in the top-level - parameters dictionary. - * kSecAttrApplicationTag default NULL - * kSecAttrEffectiveKeySize default NULL same as kSecAttrKeySizeInBits - * kSecAttrCanEncrypt default false for private keys, true for public keys - * kSecAttrCanDecrypt default true for private keys, false for public keys - * kSecAttrCanDerive default true - * kSecAttrCanSign default true for private keys, false for public keys - * kSecAttrCanVerify default false for private keys, true for public keys - * kSecAttrCanWrap default false for private keys, true for public keys - * kSecAttrCanUnwrap default true for private keys, false for public keys - -*/ -OSStatus SecKeyGeneratePair(CFDictionaryRef parameters, SecKeyRef * _Nullable CF_RETURNS_RETAINED publicKey, - SecKeyRef * _Nullable CF_RETURNS_RETAINED privateKey) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); - - -/*! - @function SecKeyRawSign - @abstract Given a private key and data to sign, generate a digital - signature. - @param key Private key with which to sign. - @param padding See Padding Types above, typically kSecPaddingPKCS1SHA1. - @param dataToSign The data to be signed, typically the digest of the - actual data. - @param dataToSignLen Length of dataToSign in bytes. - @param sig Pointer to buffer in which the signature will be returned. - @param sigLen IN/OUT maximum length of sig buffer on input, actualy - length of sig on output. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion If the padding argument is kSecPaddingPKCS1, PKCS1 padding - will be performed prior to signing. If this argument is kSecPaddingNone, - the incoming data will be signed "as is". - - When PKCS1 padding is performed, the maximum length of data that can - be signed is the value returned by SecKeyGetBlockSize() - 11. - - NOTE: The behavior this function with kSecPaddingNone is undefined if the - first byte of dataToSign is zero; there is no way to verify leading zeroes - as they are discarded during the calculation. - - If you want to generate a proper PKCS1 style signature with DER encoding - of the digest type - and the dataToSign is a SHA1 digest - use - kSecPaddingPKCS1SHA1. - */ -OSStatus SecKeyRawSign( - SecKeyRef key, - SecPadding padding, - const uint8_t *dataToSign, - size_t dataToSignLen, - uint8_t *sig, - size_t *sigLen) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); - - -/*! - @function SecKeyRawVerify - @abstract Given a public key, data which has been signed, and a signature, - verify the signature. - @param key Public key with which to verify the signature. - @param padding See Padding Types above, typically kSecPaddingPKCS1SHA1. - @param signedData The data over which sig is being verified, typically - the digest of the actual data. - @param signedDataLen Length of signedData in bytes. - @param sig Pointer to the signature to verify. - @param sigLen Length of sig in bytes. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion If the padding argument is kSecPaddingPKCS1, PKCS1 padding - will be checked during verification. If this argument is kSecPaddingNone, - the incoming data will be compared directly to sig. - - If you are verifying a proper PKCS1-style signature, with DER encoding - of the digest type - and the signedData is a SHA1 digest - use - kSecPaddingPKCS1SHA1. - */ -OSStatus SecKeyRawVerify( - SecKeyRef key, - SecPadding padding, - const uint8_t *signedData, - size_t signedDataLen, - const uint8_t *sig, - size_t sigLen) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); - - -/*! - @function SecKeyEncrypt - @abstract Encrypt a block of plaintext. - @param key Public key with which to encrypt the data. - @param padding See Padding Types above, typically kSecPaddingPKCS1. - @param plainText The data to encrypt. - @param plainTextLen Length of plainText in bytes, this must be less - or equal to the value returned by SecKeyGetBlockSize(). - @param cipherText Pointer to the output buffer. - @param cipherTextLen On input, specifies how much space is available at - cipherText; on return, it is the actual number of cipherText bytes written. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion If the padding argument is kSecPaddingPKCS1 or kSecPaddingOAEP, - PKCS1 (respectively kSecPaddingOAEP) padding will be performed prior to encryption. - If this argument is kSecPaddingNone, the incoming data will be encrypted "as is". - kSecPaddingOAEP is the recommended value. Other value are not recommended - for security reason (Padding attack or malleability). - - When PKCS1 padding is performed, the maximum length of data that can - be encrypted is the value returned by SecKeyGetBlockSize() - 11. - - When memory usage is a critical issue, note that the input buffer - (plainText) can be the same as the output buffer (cipherText). - */ -OSStatus SecKeyEncrypt( - SecKeyRef key, - SecPadding padding, - const uint8_t *plainText, - size_t plainTextLen, - uint8_t *cipherText, - size_t *cipherTextLen) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); - - -/*! - @function SecKeyDecrypt - @abstract Decrypt a block of ciphertext. - @param key Private key with which to decrypt the data. - @param padding See Padding Types above, typically kSecPaddingPKCS1. - @param cipherText The data to decrypt. - @param cipherTextLen Length of cipherText in bytes, this must be less - or equal to the value returned by SecKeyGetBlockSize(). - @param plainText Pointer to the output buffer. - @param plainTextLen On input, specifies how much space is available at - plainText; on return, it is the actual number of plainText bytes written. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion If the padding argument is kSecPaddingPKCS1 or kSecPaddingOAEP, - the corresponding padding will be removed after decryption. - If this argument is kSecPaddingNone, the decrypted data will be returned "as is". - - When memory usage is a critical issue, note that the input buffer - (plainText) can be the same as the output buffer (cipherText). - */ -OSStatus SecKeyDecrypt( - SecKeyRef key, /* Private key */ - SecPadding padding, /* kSecPaddingNone, - kSecPaddingPKCS1, - kSecPaddingOAEP */ - const uint8_t *cipherText, - size_t cipherTextLen, /* length of cipherText */ - uint8_t *plainText, - size_t *plainTextLen) /* IN/OUT */ - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); - -/*! - @function SecKeyGetBlockSize - @abstract Returns size of the block for specified key, in bytes. - @param key The key for which the block length is requested. - @result The block length of the key in bytes. - @discussion If for example key is an RSA key the value returned by - this function is the size of the modulus. - */ -size_t SecKeyGetBlockSize(SecKeyRef key) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); - -/*! - @function SecKeyCreateRandomKey - @abstract Generates a new public/private key pair. - @param parameters A dictionary containing one or more key-value pairs. - See the discussion sections below for a complete overview of options. - @param error On error, will be populated with an error object describing the failure. - See "Security Error Codes" (SecBase.h). - @return Newly generated private key. To get associated public key, use SecKeyCopyPublicKey(). - @discussion In order to generate a keypair the parameters dictionary must - at least contain the following keys: - - * kSecAttrKeyType with a value being kSecAttrKeyTypeRSA or any other - kSecAttrKeyType defined in SecItem.h - * kSecAttrKeySizeInBits with a value being a CFNumberRef or CFStringRef - containing the requested key size in bits. Example sizes for RSA - keys are: 512, 768, 1024, 2048. - - The values below may be set either in the top-level dictionary or in a - dictionary that is the value of the kSecPrivateKeyAttrs or - kSecPublicKeyAttrs key in the top-level dictionary. Setting these - attributes explicitly will override the defaults below. See SecItem.h - for detailed information on these attributes including the types of - the values. - - * kSecAttrLabel default NULL - * kSecAttrIsPermanent if this key is present and has a Boolean value of true, - the key or key pair will be added to the default keychain. - * kSecAttrTokenID if this key should be generated on specified token. This - attribute can contain CFStringRef and can be present only in the top-level - parameters dictionary. - * kSecAttrApplicationTag default NULL - * kSecAttrEffectiveKeySize default NULL same as kSecAttrKeySizeInBits - * kSecAttrCanEncrypt default false for private keys, true for public keys - * kSecAttrCanDecrypt default true for private keys, false for public keys - * kSecAttrCanDerive default true - * kSecAttrCanSign default true for private keys, false for public keys - * kSecAttrCanVerify default false for private keys, true for public keys - * kSecAttrCanWrap default false for private keys, true for public keys - * kSecAttrCanUnwrap default true for private keys, false for public keys - */ -SecKeyRef _Nullable SecKeyCreateRandomKey(CFDictionaryRef parameters, CFErrorRef *error) -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecKeyCreateWithData - @abstract Create a SecKey from a well-defined external representation. - @param keyData CFData representing the key. The format of the data depends on the type of key being created. - @param attributes Dictionary containing attributes describing the key to be imported. The keys in this dictionary - are kSecAttr* constants from SecItem.h. Mandatory attributes are: - * kSecAttrKeyType - * kSecAttrKeyClass - * kSecAttrKeySizeInBits - @param error On error, will be populated with an error object describing the failure. - See "Security Error Codes" (SecBase.h). - @result A SecKey object representing the key, or NULL on failure. - @discussion This function does not add keys to any keychain, but the SecKey object it returns can be added - to keychain using the SecItemAdd function. - The requested data format depend on the type of key (kSecAttrKeyType) being created: - * kSecAttrKeyTypeRSA PKCS#1 format - * kSecAttrKeyTypeECSECPrimeRandom SEC1 format (www.secg.org) - */ -SecKeyRef _Nullable SecKeyCreateWithData(CFDataRef keyData, CFDictionaryRef attributes, CFErrorRef *error) -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecKeyCopyExternalRepresentation - @abstract Create an external representation for the given key suitable for the key's type. - @param key The key to be exported. - @param error On error, will be populated with an error object describing the failure. - See "Security Error Codes" (SecBase.h). - @result A CFData representing the key in a format suitable for that key type. - @discussion This function may fail if the key is not exportable (e.g., bound to a smart card or Secure Enclave). - The format in which the key will be exported depends on the type of key: - * kSecAttrKeyTypeRSA PKCS#1 format - * kSecAttrKeyTypeECSECPrimeRandom SEC1 format (www.secg.org) - */ -CFDataRef _Nullable SecKeyCopyExternalRepresentation(SecKeyRef key, CFErrorRef *error) -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecKeyCopyAttributes - @abstract Retrieve keychain attributes of a key. - @param key The key whose attributes are to be retrieved. - @result Dictionary containing attributes of the key. The keys that populate this dictionary are defined - and discussed in SecItem.h. - @discussion The attributes provided by this function are: - * kSecAttrCanEncrypt - * kSecAttrCanDecrypt - * kSecAttrCanDerive - * kSecAttrCanSign - * kSecAttrCanVerify - * kSecAttrKeyClass - * kSecAttrKeyType - * kSecAttrKeySizeInBits - * kSecAttrTokenID - * kSecAttrApplicationLabel - Other values returned in that dictionary are RFU. - */ -CFDictionaryRef _Nullable SecKeyCopyAttributes(SecKeyRef key) -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecKeyCopyPublicKey - @abstract Retrieve the public key from a key pair or private key. - @param key The key from which to retrieve a public key. - @result The public key or NULL if public key is not available for specified key. - @discussion Fails if key does not contain a public key or no public key can be computed from it. - */ -SecKeyRef _Nullable SecKeyCopyPublicKey(SecKeyRef key) -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @enum SecKeyAlgorithm - @abstract Available algorithms for performing cryptographic operations with SecKey object. String representation - of constant can be used for logging or debugging purposes, because they contain human readable names of the algorithm. - - @constant kSecKeyAlgorithmRSASignatureRaw - Raw RSA sign/verify operation, size of input data must be the same as value returned by SecKeyGetBlockSize(). - - @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw - RSA sign/verify operation, assumes that input data is digest and OID and digest algorithm as specified in PKCS# v1.5. - This algorithm is typically not used directly, instead use algorithm with specified digest, like - kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256. - - @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 - RSA signature with PKCS#1 padding, input data must be SHA-1 generated digest. - - @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 - RSA signature with PKCS#1 padding, input data must be SHA-224 generated digest. - - @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 - RSA signature with PKCS#1 padding, input data must be SHA-256 generated digest. - - @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 - RSA signature with PKCS#1 padding, input data must be SHA-384 generated digest. - - @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 - RSA signature with PKCS#1 padding, input data must be SHA-512 generated digest. - - @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1 - RSA signature with PKCS#1 padding, SHA-1 digest is generated from input data of any size. - - @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224 - RSA signature with PKCS#1 padding, SHA-224 digest is generated from input data of any size. - - @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256 - RSA signature with PKCS#1 padding, SHA-256 digest is generated from input data of any size. - - @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384 - RSA signature with PKCS#1 padding, SHA-384 digest is generated from input data of any size. - - @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512 - RSA signature with PKCS#1 padding, SHA-512 digest is generated from input data of any size. - - @constant kSecKeyAlgorithmECDSASignatureRFC4754 - ECDSA algorithm, signature is concatenated r and s, big endian, data is message digest. - - @constant kSecKeyAlgorithmECDSASignatureDigestX962 - ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest. - - @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1 - ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA1 algorithm. - - @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1 - ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA224 algorithm. - - @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1 - ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA256 algorithm. - - @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1 - ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA384 algorithm. - - @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1 - ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA512 algorithm. - - @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA1 - ECDSA algorithm, signature is in DER x9.62 encoding, SHA-1 digest is generated from input data of any size. - - @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA224 - ECDSA algorithm, signature is in DER x9.62 encoding, SHA-224 digest is generated from input data of any size. - - @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA256 - ECDSA algorithm, signature is in DER x9.62 encoding, SHA-256 digest is generated from input data of any size. - - @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA384 - ECDSA algorithm, signature is in DER x9.62 encoding, SHA-384 digest is generated from input data of any size. - - @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA512 - ECDSA algorithm, signature is in DER x9.62 encoding, SHA-512 digest is generated from input data of any size. - - @constant kSecKeyAlgorithmRSAEncryptionRaw - Raw RSA encryption or decryption, size of data must match RSA key modulus size. Note that direct - use of this algorithm without padding is cryptographically very weak, it is important to always introduce - some kind of padding. Input data size must be less or equal to the key block size and returned block has always - the same size as block size, as returned by SecKeyGetBlockSize(). - - @constant kSecKeyAlgorithmRSAEncryptionPKCS1 - RSA encryption or decryption, data is padded using PKCS#1 padding scheme. This algorithm should be used only for - backward compatibility with existing protocols and data. New implementations should choose cryptographically - stronger algorithm instead (see kSecKeyAlgorithmRSAEncryptionOAEP). Input data must be at most - "key block size - 11" bytes long and returned block has always the same size as block size, as returned - by SecKeyGetBlockSize(). - - @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA1 - RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA1. Input data must be at most - "key block size - 42" bytes long and returned block has always the same size as block size, as returned - by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM to be able to encrypt and decrypt arbitrary long data. - - @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA224 - RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA224. Input data must be at most - "key block size - 58" bytes long and returned block has always the same size as block size, as returned - by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM to be able to encrypt and decrypt arbitrary long data. - - @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA256 - RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA256. Input data must be at most - "key block size - 66" bytes long and returned block has always the same size as block size, as returned - by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM to be able to encrypt and decrypt arbitrary long data. - - @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA384 - RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA384. Input data must be at most - "key block size - 98" bytes long and returned block has always the same size as block size, as returned - by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM to be able to encrypt and decrypt arbitrary long data. - - @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA512 - RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA512. Input data must be at most - "key block size - 130" bytes long and returned block has always the same size as block size, as returned - by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM to be able to encrypt and decrypt arbitrary long data. - - @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM - Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM - mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext. - 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used - as authentication data for AES-GCM encryption. - - @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM - Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM - mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext. - 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used - as authentication data for AES-GCM encryption. - - @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM - Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM - mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext. - 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used - as authentication data for AES-GCM encryption. - - @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM - Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM - mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext. - 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used - as authentication data for AES-GCM encryption. - - @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM - Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM - mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext. - 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used - as authentication data for AES-GCM encryption. - - @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM - ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. - Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size - is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, - and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and - all-zero 16 byte long IV (initialization vector). - - @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM - ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. - Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size - is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, - and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and - all-zero 16 byte long IV (initialization vector). - - @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM - ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. - Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size - is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, - and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and - all-zero 16 byte long IV (initialization vector). - - @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM - ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. - Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size - is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, - and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and - all-zero 16 byte long IV (initialization vector). - - @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM - ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. - Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size - is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, - and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and - all-zero 16 byte long IV (initialization vector). - - @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM - ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. - Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size - is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, - and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and - all-zero 16 byte long IV (initialization vector). - - @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM - ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. - Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size - is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, - and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and - all-zero 16 byte long IV (initialization vector). - - @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM - ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. - Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size - is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, - and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and - all-zero 16 byte long IV (initialization vector). - - @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM - ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. - Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size - is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, - and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and - all-zero 16 byte long IV (initialization vector). - - @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM - ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. - Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size - is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, - and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and - all-zero 16 byte long IV (initialization vector). - - @constant kSecKeyAlgorithmECDHKeyExchangeCofactor - Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys. - This algorithm does not accept any parameters, length of output raw shared secret is given by the length of the key. - - @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1 - Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys - and apply ANSI X9.63 KDF with SHA1 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows - kSecKeyKeyExchangeParameterSharedInfo parameters to be used. - - @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224 - Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys - and apply ANSI X9.63 KDF with SHA224 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows - kSecKeyKeyExchangeParameterSharedInfo parameters to be used. - - @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256 - Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys - and apply ANSI X9.63 KDF with SHA256 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows - kSecKeyKeyExchangeParameterSharedInfo parameters to be used. - - @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384 - Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys - and apply ANSI X9.63 KDF with SHA384 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows - kSecKeyKeyExchangeParameterSharedInfo parameters to be used. - - @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512 - Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys - and apply ANSI X9.63 KDF with SHA512 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows - kSecKeyKeyExchangeParameterSharedInfo parameters to be used. - - @constant kSecKeyAlgorithmECDHKeyExchangeStandard - Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys. - This algorithm does not accept any parameters, length of output raw shared secret is given by the length of the key. - - @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1 - Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys - and apply ANSI X9.63 KDF with SHA1 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows - kSecKeyKeyExchangeParameterSharedInfo parameters to be used. - - @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224 - Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys - and apply ANSI X9.63 KDF with SHA224 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows - kSecKeyKeyExchangeParameterSharedInfo parameters to be used. - - @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256 - Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys - and apply ANSI X9.63 KDF with SHA256 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows - kSecKeyKeyExchangeParameterSharedInfo parameters to be used. - - @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384 - Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys - and apply ANSI X9.63 KDF with SHA384 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows - kSecKeyKeyExchangeParameterSharedInfo parameters to be used. - - @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512 - Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys - and apply ANSI X9.63 KDF with SHA512 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows - kSecKeyKeyExchangeParameterSharedInfo parameters to be used. - */ - -typedef CFStringRef SecKeyAlgorithm CF_STRING_ENUM -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureRaw -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureRFC4754 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA1 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA224 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA256 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA384 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureDigestX962SHA512 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA1 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA224 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA256 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA384 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECDSASignatureMessageX962SHA512 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionRaw -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionPKCS1 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA1 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA224 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA256 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA384 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA512 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandard -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactor -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512 -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecKeyCreateSignature - @abstract Given a private key and data to sign, generate a digital signature. - @param key Private key with which to sign. - @param algorithm One of SecKeyAlgorithm constants suitable to generate signature with this key. - @param dataToSign The data to be signed, typically the digest of the actual data. - @param error On error, will be populated with an error object describing the failure. - See "Security Error Codes" (SecBase.h). - @result The signature over dataToSign represented as a CFData, or NULL on failure. - @discussion Computes digital signature using specified key over input data. The operation algorithm - further defines the exact format of input data, operation to be performed and output signature. - */ -CFDataRef _Nullable SecKeyCreateSignature(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef dataToSign, - CFErrorRef *error) -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecKeyVerifySignature - @abstract Given a public key, data which has been signed, and a signature, verify the signature. - @param key Public key with which to verify the signature. - @param algorithm One of SecKeyAlgorithm constants suitable to verify signature with this key. - @param signedData The data over which sig is being verified, typically the digest of the actual data. - @param signature The signature to verify. - @param error On error, will be populated with an error object describing the failure. - See "Security Error Codes" (SecBase.h). - @result True if the signature was valid, False otherwise. - @discussion Verifies digital signature operation using specified key and signed data. The operation algorithm - further defines the exact format of input data, signature and operation to be performed. - */ -Boolean SecKeyVerifySignature(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef signedData, CFDataRef signature, CFErrorRef *error) -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecKeyCreateEncryptedData - @abstract Encrypt a block of plaintext. - @param key Public key with which to encrypt the data. - @param algorithm One of SecKeyAlgorithm constants suitable to perform encryption with this key. - @param plaintext The data to encrypt. The length and format of the data must conform to chosen algorithm, - typically be less or equal to the value returned by SecKeyGetBlockSize(). - @param error On error, will be populated with an error object describing the failure. - See "Security Error Codes" (SecBase.h). - @result The ciphertext represented as a CFData, or NULL on failure. - @discussion Encrypts plaintext data using specified key. The exact type of the operation including the format - of input and output data is specified by encryption algorithm. - */ -CFDataRef _Nullable SecKeyCreateEncryptedData(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef plaintext, CFErrorRef *error) -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecKeyCreateDecryptedData - @abstract Decrypt a block of ciphertext. - @param key Private key with which to decrypt the data. - @param algorithm One of SecKeyAlgorithm constants suitable to perform decryption with this key. - @param ciphertext The data to decrypt. The length and format of the data must conform to chosen algorithm, - typically be less or equal to the value returned by SecKeyGetBlockSize(). - @param error On error, will be populated with an error object describing the failure. - See "Security Error Codes" (SecBase.h). - @result The plaintext represented as a CFData, or NULL on failure. - @discussion Decrypts ciphertext data using specified key. The exact type of the operation including the format - of input and output data is specified by decryption algorithm. - */ -CFDataRef _Nullable SecKeyCreateDecryptedData(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef ciphertext, CFErrorRef *error) -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @enum SecKeyKeyExchangeParameter SecKey Key Exchange parameters - @constant kSecKeyKeyExchangeParameterRequestedSize Contains CFNumberRef with requested result size in bytes. - @constant kSecKeyKeyExchangeParameterSharedInfo Contains CFDataRef with additional shared info - for KDF (key derivation function). - */ -typedef CFStringRef SecKeyKeyExchangeParameter CF_STRING_ENUM -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyKeyExchangeParameter kSecKeyKeyExchangeParameterRequestedSize -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); -extern const SecKeyKeyExchangeParameter kSecKeyKeyExchangeParameterSharedInfo -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecKeyCopyKeyExchangeResult - @abstract Perform Diffie-Hellman style of key exchange operation, optionally with additional key-derivation steps. - @param algorithm One of SecKeyAlgorithm constants suitable to perform this operation. - @param publicKey Remote party's public key. - @param parameters Dictionary with parameters, see SecKeyKeyExchangeParameter constants. Used algorithm - determines the set of required and optional parameters to be used. - @param error Pointer to an error object on failure. - See "Security Error Codes" (SecBase.h). - @result Result of key exchange operation as a CFDataRef, or NULL on failure. - */ -CFDataRef _Nullable SecKeyCopyKeyExchangeResult(SecKeyRef privateKey, SecKeyAlgorithm algorithm, SecKeyRef publicKey, CFDictionaryRef parameters, CFErrorRef *error) -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @enum SecKeyOperationType - @abstract Defines types of cryptographic operations available with SecKey instance. - - @constant kSecKeyOperationTypeSign - Represents SecKeyCreateSignature() - - @constant kSecKeyOperationTypeVerify - Represents SecKeyVerifySignature() - - @constant kSecKeyOperationTypeEncrypt - Represents SecKeyCreateEncryptedData() - - @constant kSecKeyOperationTypeDecrypt - Represents SecKeyCreateDecryptedData() - - @constant kSecKeyOperationTypeKeyExchange - Represents SecKeyCopyKeyExchangeResult() - */ -typedef CF_ENUM(CFIndex, SecKeyOperationType) { - kSecKeyOperationTypeSign = 0, - kSecKeyOperationTypeVerify = 1, - kSecKeyOperationTypeEncrypt = 2, - kSecKeyOperationTypeDecrypt = 3, - kSecKeyOperationTypeKeyExchange = 4, -} __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -/*! - @function SecKeyIsAlgorithmSupported - @abstract Checks whether key supports specified algorithm for specified operation. - @param key Key to query - @param operation Operation type for which the key is queried - @param algorithm Algorithm which is queried - @return True if key supports specified algorithm for specified operation, False otherwise. - */ -Boolean SecKeyIsAlgorithmSupported(SecKeyRef key, SecKeyOperationType operation, SecKeyAlgorithm algorithm) -__OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); - -CF_IMPLICIT_BRIDGING_DISABLED -CF_ASSUME_NONNULL_END - -__END_DECLS - -#endif /* !_SECURITY_SECKEY_H_ */ diff --git a/OSX/sec/Security/SecKeyAdaptors.c b/OSX/sec/Security/SecKeyAdaptors.c index 84179768..35392ef8 100644 --- a/OSX/sec/Security/SecKeyAdaptors.c +++ b/OSX/sec/Security/SecKeyAdaptors.c @@ -138,7 +138,7 @@ static void PerformWithCFDataBuffer(CFIndex size, void (^operation)(uint8_t *buf }); } -static CFDataRef SecKeyMessageToDigestAdaptor(SecKeyOperationContext *context, CFDataRef message, CFDataRef in2, +static CF_RETURNS_RETAINED CFDataRef SecKeyMessageToDigestAdaptor(SecKeyOperationContext *context, CFDataRef message, CFDataRef in2, const struct ccdigest_info *di, CFErrorRef *error) { if (context->mode == kSecKeyOperationModeCheckIfSupported) { return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error); @@ -277,8 +277,8 @@ PKCS1v15_EMSA_SIGN_ADAPTOR(MD5, seckey_ccoid_md5) #undef PKCS1v15_EMSA_SIGN_ADAPTOR -static CFTypeRef SecKeyAlgorithmAdaptorBigEndianToCCUnit(SecKeyOperationContext *context, - CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { +static CFTypeRef SecKeyAlgorithmAdaptorCopyBigEndianToCCUnit(SecKeyOperationContext *context, + CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { if (context->mode == kSecKeyOperationModeCheckIfSupported) { return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error); } @@ -293,8 +293,8 @@ static CFTypeRef SecKeyAlgorithmAdaptorBigEndianToCCUnit(SecKeyOperationContext return result; } -static CFTypeRef SecKeyAlgorithmAdaptorCCUnitToBigEndian(SecKeyOperationContext *context, - CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { +static CFTypeRef SecKeyAlgorithmAdaptorCopyCCUnitToBigEndian(SecKeyOperationContext *context, + CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { if (context->mode == kSecKeyOperationModeCheckIfSupported) { return SecKeyRunAlgorithmAndCopyResult(context, NULL, NULL, error); } @@ -312,21 +312,21 @@ static CFTypeRef SecKeyAlgorithmAdaptorCCUnitToBigEndian(SecKeyOperationContext static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRaw(SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureRawCCUnit); - return SecKeyAlgorithmAdaptorBigEndianToCCUnit(context, in1, in2, error); + return SecKeyAlgorithmAdaptorCopyBigEndianToCCUnit(context, in1, in2, error); } static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_SignVerify_RSASignatureRawCCUnit(SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSASignatureRaw); - return SecKeyAlgorithmAdaptorCCUnitToBigEndian(context, in1, in2, error); + return SecKeyAlgorithmAdaptorCopyCCUnitToBigEndian(context, in1, in2, error); } static bool SecKeyVerifyBadSignature(CFErrorRef *error) { return SecError(errSecVerifyFailed, error, CFSTR("RSA signature verification failed, no match")); } -static CFTypeRef SecKeyRSAVerifyAdaptor(SecKeyOperationContext *context, CFTypeRef signature, CFErrorRef *error, - Boolean (^verifyBlock)(CFDataRef decrypted)) { +static CFTypeRef SecKeyRSAVerifyAdaptorCopyResult(SecKeyOperationContext *context, CFTypeRef signature, CFErrorRef *error, + Boolean (^verifyBlock)(CFDataRef decrypted)) { CFTypeRef result = NULL; context->operation = kSecKeyOperationTypeDecrypt; CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRaw); @@ -344,7 +344,7 @@ static CFTypeRef SecKeyRSAVerifyAdaptor(SecKeyOperationContext *context, CFTypeR static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureRaw(SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { - return SecKeyRSAVerifyAdaptor(context, in2, error, ^Boolean(CFDataRef decrypted) { + return SecKeyRSAVerifyAdaptorCopyResult(context, in2, error, ^Boolean(CFDataRef decrypted) { // Skip zero-padding from the beginning of the decrypted signature. const UInt8 *data = CFDataGetBytePtr(decrypted); CFIndex length = CFDataGetLength(decrypted); @@ -360,7 +360,7 @@ static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureRaw(SecKeyO #define PKCS1v15_EMSA_VERIFY_ADAPTOR(name, oid) \ static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_Verify_RSASignatureDigestPKCS1v15 ## name( \ SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { \ - return SecKeyRSAVerifyAdaptor(context, in2, error, ^Boolean(CFDataRef decrypted) { \ + return SecKeyRSAVerifyAdaptorCopyResult(context, in2, error, ^Boolean(CFDataRef decrypted) { \ return ccrsa_emsa_pkcs1v15_verify(CFDataGetLength(decrypted), \ (uint8_t *)CFDataGetBytePtr(decrypted), \ CFDataGetLength(in1), CFDataGetBytePtr(in1), oid) == 0; \ @@ -380,13 +380,13 @@ PKCS1v15_EMSA_VERIFY_ADAPTOR(MD5, seckey_ccoid_md5) static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRaw(SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRawCCUnit); - return SecKeyAlgorithmAdaptorBigEndianToCCUnit(context, in1, in2, error); + return SecKeyAlgorithmAdaptorCopyBigEndianToCCUnit(context, in1, in2, error); } static CFTypeRef SecKeyAlgorithmAdaptorCopyResult_EncryptDecrypt_RSAEncryptionRawCCUnit(SecKeyOperationContext *context, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { CFArrayAppendValue(context->algorithm, kSecKeyAlgorithmRSAEncryptionRaw); - return SecKeyAlgorithmAdaptorCCUnitToBigEndian(context, in1, in2, error); + return SecKeyAlgorithmAdaptorCopyCCUnitToBigEndian(context, in1, in2, error); } static CFTypeRef SecKeyRSACopyEncryptedWithPadding(SecKeyOperationContext *context, const struct ccdigest_info *di, diff --git a/OSX/sec/Security/SecKeyInternal.h b/OSX/sec/Security/SecKeyInternal.h index 73cedd87..9266ecec 100644 --- a/OSX/sec/Security/SecKeyInternal.h +++ b/OSX/sec/Security/SecKeyInternal.h @@ -28,6 +28,8 @@ #ifndef _SECURITY_SECKEYINTERNAL_H_ #define _SECURITY_SECKEYINTERNAL_H_ +#include + #include #include diff --git a/OSX/sec/Security/SecOTRSession.c b/OSX/sec/Security/SecOTRSession.c index f3ae8f93..a3e5e482 100644 --- a/OSX/sec/Security/SecOTRSession.c +++ b/OSX/sec/Security/SecOTRSession.c @@ -24,7 +24,6 @@ #include #include -#include "utilities/comparison.h" #include #include "SecOTRSession.h" @@ -104,7 +103,7 @@ static void SecOTRSExpireCachedKeysForFullKey(SecOTRSessionRef session, SecOTRFu { for(int i = 0; i < kOTRKeyCacheSize; ++i) { - if (0 == constant_memcmp(session->_keyCache[i]._fullKeyHash, SecFDHKGetHash(myKey), CCSHA1_OUTPUT_SIZE)) { + if (0 == timingsafe_bcmp(session->_keyCache[i]._fullKeyHash, SecFDHKGetHash(myKey), CCSHA1_OUTPUT_SIZE)) { CFDataAppendBytes(session->_macKeysToExpose, session->_keyCache[i]._receiveMacKey, sizeof(session->_keyCache[i]._receiveMacKey)); bzero(&session->_keyCache[i], sizeof(session->_keyCache[i])); } @@ -115,7 +114,7 @@ static void SecOTRSExpireCachedKeysForPublicKey(SecOTRSessionRef session, SecOTR { for(int i = 0; i < kOTRKeyCacheSize; ++i) { - if (0 == constant_memcmp(session->_keyCache[i]._publicKeyHash, SecPDHKGetHash(theirKey), CCSHA1_OUTPUT_SIZE)) { + if (0 == timingsafe_bcmp(session->_keyCache[i]._publicKeyHash, SecPDHKGetHash(theirKey), CCSHA1_OUTPUT_SIZE)) { CFDataAppendBytes(session->_macKeysToExpose, session->_keyCache[i]._receiveMacKey, sizeof(session->_keyCache[i]._receiveMacKey)); bzero(&session->_keyCache[i], sizeof(session->_keyCache[i])); @@ -455,8 +454,8 @@ static void SecOTRSFindKeysForMessage(SecOTRSessionRef session, for(int i = 0; i < kOTRKeyCacheSize; ++i) { - if (0 == constant_memcmp(session->_keyCache[i]._fullKeyHash, SecFDHKGetHash(myKey), CCSHA1_OUTPUT_SIZE) - && (0 == constant_memcmp(session->_keyCache[i]._publicKeyHash, SecPDHKGetHash(theirKey), CCSHA1_OUTPUT_SIZE))) { + if (0 == timingsafe_bcmp(session->_keyCache[i]._fullKeyHash, SecFDHKGetHash(myKey), CCSHA1_OUTPUT_SIZE) + && (0 == timingsafe_bcmp(session->_keyCache[i]._publicKeyHash, SecPDHKGetHash(theirKey), CCSHA1_OUTPUT_SIZE))) { cachedKeys = &session->_keyCache[i]; #if DEBUG secdebug("OTR","session@[%p] found key match: mk: %@, tk: %@", session, myKey, theirKey); @@ -1126,7 +1125,7 @@ static OSStatus SecOTRVerifyAndExposeRaw_locked(SecOTRSessionRef session, macDataSize, macDataStart, mac); - require_noerr_action_quiet(constant_memcmp(mac, bytes, sizeof(mac)), fail, result = errSecAuthFailed); + require_noerr_action_quiet(timingsafe_bcmp(mac, bytes, sizeof(mac)), fail, result = errSecAuthFailed); uint8_t* dataSpace = CFDataIncreaseLengthAndGetMutableBytes(exposedMessageContents, (CFIndex)messageSize); @@ -1255,7 +1254,7 @@ static OSStatus SecOTRVerifyAndExposeRawCompact_locked(SecOTRSessionRef session, macDataSize, macDataStart, mac); - require_noerr_action_quiet(constant_memcmp(mac, bytes, kCompactMessageMACSize), fail, result = errSecAuthFailed); + require_noerr_action_quiet(timingsafe_bcmp(mac, bytes, kCompactMessageMACSize), fail, result = errSecAuthFailed); uint8_t* dataSpace = CFDataIncreaseLengthAndGetMutableBytes(exposedMessageContents, (CFIndex)messageSize); diff --git a/OSX/sec/Security/SecOTRSession.h b/OSX/sec/Security/SecOTRSession.h index e6e27835..0814e2b9 100644 --- a/OSX/sec/Security/SecOTRSession.h +++ b/OSX/sec/Security/SecOTRSession.h @@ -101,7 +101,7 @@ void SecOTRSPrecalculateKeys(SecOTRSessionRef session); @function @abstract Encrypts and Signs a message with OTR credentials. @param session OTRSession receiving message - @param incomingMessage Cleartext message to protect + @param sourceMessage Cleartext message to protect @param protectedMessage Data to append the encoded protected message to @result OSStatus errSecAuthFailed -> bad signature, no data appended. */ diff --git a/OSX/sec/Security/SecOTRSessionAKE.c b/OSX/sec/Security/SecOTRSessionAKE.c index 65c4d5c8..55ed9c61 100644 --- a/OSX/sec/Security/SecOTRSessionAKE.c +++ b/OSX/sec/Security/SecOTRSessionAKE.c @@ -32,6 +32,7 @@ #include "SecOTRDHKey.h" #include +#include #include #include @@ -404,113 +405,113 @@ static OSStatus SecVerifySignatureAndMac(SecOTRSessionRef session, const uint8_t **signatureAndMacBytes, size_t *signatureAndMacSize) { - OSStatus result = errSecDecode; - - uint8_t m1[kOTRAuthMACKeyBytes]; - uint8_t m2[kOTRAuthMACKeyBytes]; - uint8_t c[kOTRAuthKeyBytes]; - - { - cc_unit s[kExponentiationUnits]; - - SecPDHKeyGenerateS(session->_myKey, session->_theirKey, s); - // Derive M1, M2 and C, either prime or normal versions. - DeriveOTR256BitsFromS(usePrimes ? kM1Prime : kM1, - kExponentiationUnits, s, sizeof(m1), m1); - DeriveOTR256BitsFromS(usePrimes ? kM2Prime : kM2, - kExponentiationUnits, s, sizeof(m2), m2); - DeriveOTR128BitPairFromS(kCs, - kExponentiationUnits, s, - sizeof(c),usePrimes ? NULL : c, - sizeof(c), usePrimes ? c : NULL); - bzero(s, sizeof(s)); - } - - cchmac_di_decl(ccsha256_di(), mBContext); - - cchmac_init(ccsha256_di(), mBContext, sizeof(m1), m1); - - { - CFMutableDataRef toHash = CFDataCreateMutable(kCFAllocatorDefault, 0); - - SecPDHKAppendSerialization(session->_theirKey, toHash); - SecFDHKAppendPublicSerialization(session->_myKey, toHash); - - cchmac_update(ccsha256_di(), mBContext, (size_t)CFDataGetLength(toHash), CFDataGetBytePtr(toHash)); - - CFReleaseNull(toHash); - } - - const uint8_t* encSigDataBlobStart = *signatureAndMacBytes; - - uint32_t xbSize = 0; - result = ReadLong(signatureAndMacBytes, signatureAndMacSize, &xbSize); - require_noerr(result, exit); - require_action(xbSize > 4, exit, result = errSecDecode); - require_action(xbSize <= *signatureAndMacSize, exit, result = errSecDecode); - - uint8_t signatureMac[CCSHA256_OUTPUT_SIZE]; - cchmac(ccsha256_di(), sizeof(m2), m2, xbSize + 4, encSigDataBlobStart, signatureMac); - - require(xbSize + kSHA256HMAC160Bytes <= *signatureAndMacSize, exit); - const uint8_t *macStart = *signatureAndMacBytes + xbSize; - - // check the outer hmac - require_action(0 == cc_cmp_safe(kSHA256HMAC160Bytes, macStart, signatureMac), exit, result = errSecDecode); - - - { - uint8_t xb[xbSize]; - // Decrypt and copy the signature block - AES_CTR_IV0_Transform(sizeof(c), c, xbSize, *signatureAndMacBytes, xb); + __block OSStatus result = errSecDecode; + + PerformWithBufferAndClear(kOTRAuthMACKeyBytes, ^(size_t m1_size, uint8_t *m1) { + PerformWithBufferAndClear(kOTRAuthMACKeyBytes, ^(size_t m2_size, uint8_t *m2) { + PerformWithBufferAndClear(kOTRAuthKeyBytes, ^(size_t c_size, uint8_t *c) { + { + cc_unit s[kExponentiationUnits]; + + SecPDHKeyGenerateS(session->_myKey, session->_theirKey, s); + // Derive M1, M2 and C, either prime or normal versions. + DeriveOTR256BitsFromS(usePrimes ? kM1Prime : kM1, + kExponentiationUnits, s, m1_size, m1); + DeriveOTR256BitsFromS(usePrimes ? kM2Prime : kM2, + kExponentiationUnits, s, m2_size, m2); + DeriveOTR128BitPairFromS(kCs, + kExponentiationUnits, s, + c_size,usePrimes ? NULL : c, + c_size, usePrimes ? c : NULL); + bzero(s, sizeof(s)); + } + + const uint8_t* encSigDataBlobStart = *signatureAndMacBytes; + + uint32_t xbSize = 0; + result = ReadLong(signatureAndMacBytes, signatureAndMacSize, &xbSize); + require_noerr(result, exit); + require_action(xbSize > 4, exit, result = errSecDecode); + require_action(xbSize <= *signatureAndMacSize, exit, result = errSecDecode); + + uint8_t signatureMac[CCSHA256_OUTPUT_SIZE]; + cchmac(ccsha256_di(), m2_size, m2, xbSize + 4, encSigDataBlobStart, signatureMac); + + require_action(xbSize + kSHA256HMAC160Bytes <= *signatureAndMacSize, exit, result = errSecDecode); + const uint8_t *macStart = *signatureAndMacBytes + xbSize; + + // check the outer hmac + require_action(0 == cc_cmp_safe(kSHA256HMAC160Bytes, macStart, signatureMac), exit, result = errSecDecode); + + + PerformWithBufferAndClear(xbSize, ^(size_t size, uint8_t *xb) { + cchmac_di_decl(ccsha256_di(), mBContext); + + cchmac_init(ccsha256_di(), mBContext, m1_size, m1); + + { + CFMutableDataRef toHash = CFDataCreateMutable(kCFAllocatorDefault, 0); + + SecPDHKAppendSerialization(session->_theirKey, toHash); + SecFDHKAppendPublicSerialization(session->_myKey, toHash); + + cchmac_update(ccsha256_di(), mBContext, (size_t)CFDataGetLength(toHash), CFDataGetBytePtr(toHash)); + + CFReleaseNull(toHash); + } + + // Decrypt and copy the signature block + AES_CTR_IV0_Transform(c_size, c, xbSize, *signatureAndMacBytes, xb); + + const uint8_t* signaturePacket = xb; + size_t signaturePacketSize = xbSize; + + uint16_t pubKeyType; + result = ReadShort(&signaturePacket, &signaturePacketSize, &pubKeyType); + require_noerr(result, exit); + require_action(pubKeyType == 0xF000, exit, result = errSecUnimplemented); + + uint32_t pubKeySize; + result = ReadLong(&signaturePacket, &signaturePacketSize, &pubKeySize); + require_noerr(result, exit); + require_action(pubKeySize <= signaturePacketSize, exit, result = errSecDecode); + require(((CFIndex)pubKeySize) >= 0, exit); + + // Add the signature and keyid to the hash. + // PUBKEY of our type is 2 bytes of type, 2 bytes of size and size bytes. + // Key ID is 4 bytes. + cchmac_update(ccsha256_di(), mBContext, 2 + 4 + pubKeySize + 4, xb); + + uint8_t mb[CCSHA256_OUTPUT_SIZE]; + cchmac_final(ccsha256_di(), mBContext, mb); + + // Make reference to the deflated key + require_action(SecOTRPIEqualToBytes(session->_them, signaturePacket, (CFIndex)pubKeySize), exit, result = errSecAuthFailed); + + signaturePacket += pubKeySize; + signaturePacketSize -= pubKeySize; + + result = ReadLong(&signaturePacket, &signaturePacketSize, &session->_theirKeyID); + require_noerr(result, exit); + + uint32_t sigSize; + result = ReadLong(&signaturePacket, &signaturePacketSize, &sigSize); + require_noerr(result, exit); + require_action(sigSize <= signaturePacketSize, exit, result = errSecDecode); + + bool bresult = SecOTRPIVerifySignature(session->_them, mb, sizeof(mb), signaturePacket, sigSize, NULL); + result = bresult ? errSecSuccess : errSecDecode; + require_noerr(result, exit); + exit: + ; + }); + exit: + ; + }); + }); + }); - const uint8_t* signaturePacket = xb; - size_t signaturePacketSize = xbSize; - - uint16_t pubKeyType; - result = ReadShort(&signaturePacket, &signaturePacketSize, &pubKeyType); - require_noerr(result, exit); - require_action(pubKeyType == 0xF000, exit, result = errSecUnimplemented); - - uint32_t pubKeySize; - result = ReadLong(&signaturePacket, &signaturePacketSize, &pubKeySize); - require_noerr(result, exit); - require_action(pubKeySize <= signaturePacketSize, exit, result = errSecDecode); - require(((CFIndex)pubKeySize) >= 0, exit); - - // Add the signature and keyid to the hash. - // PUBKEY of our type is 2 bytes of type, 2 bytes of size and size bytes. - // Key ID is 4 bytes. - cchmac_update(ccsha256_di(), mBContext, 2 + 4 + pubKeySize + 4, xb); - - uint8_t mb[CCSHA256_OUTPUT_SIZE]; - cchmac_final(ccsha256_di(), mBContext, mb); - - // Make reference to the deflated key - require_action(SecOTRPIEqualToBytes(session->_them, signaturePacket, (CFIndex)pubKeySize), exit, result = errSecAuthFailed); - - signaturePacket += pubKeySize; - signaturePacketSize -= pubKeySize; - - result = ReadLong(&signaturePacket, &signaturePacketSize, &session->_theirKeyID); - require_noerr(result, exit); - - uint32_t sigSize; - result = ReadLong(&signaturePacket, &signaturePacketSize, &sigSize); - require_noerr(result, exit); - require_action(sigSize <= signaturePacketSize, exit, result = errSecDecode); - - bool bresult = SecOTRPIVerifySignature(session->_them, mb, sizeof(mb), signaturePacket, sigSize, NULL); - result = bresult ? errSecSuccess : errSecDecode; - require_noerr(result, exit); - - } -exit: - bzero(m1, sizeof(m1)); - bzero(m2, sizeof(m2)); - bzero(c, sizeof(c)); - return result; } diff --git a/OSX/sec/Security/SecPBKDF.c b/OSX/sec/Security/SecPBKDF.c index 0aa2bc24..84ac9409 100644 --- a/OSX/sec/Security/SecPBKDF.c +++ b/OSX/sec/Security/SecPBKDF.c @@ -26,6 +26,19 @@ void hmac_sha1_PRF(const uint8_t *key, CCHmacFinal(&hmac_sha1_context, digest); } +void hmac_sha256_PRF(const uint8_t *key, + size_t key_len, + const uint8_t *text, + size_t text_len, + uint8_t digest[CC_SHA256_DIGEST_LENGTH]) +{ + CCHmacContext hmac_sha256_context; + + CCHmacInit(&hmac_sha256_context, kCCHmacAlgSHA256, key, key_len); + CCHmacUpdate(&hmac_sha256_context, text, text_len); + CCHmacFinal(&hmac_sha256_context, digest); +} + /* This implements the HMAC SHA-1 version of pbkdf2 and allocates a local buffer for the HMAC */ void pbkdf2_hmac_sha1(const uint8_t *passwordPtr, size_t passwordLen, @@ -48,6 +61,26 @@ void pbkdf2_hmac_sha1(const uint8_t *passwordPtr, size_t passwordLen, bzero(temp_data, kBigEnoughSize); } +/* This implements the HMAC SHA-256 version of pbkdf2 and allocates a local buffer for the HMAC */ +void pbkdf2_hmac_sha256(const uint8_t *passwordPtr, size_t passwordLen, + const uint8_t *saltPtr, size_t saltLen, + uint32_t iterationCount, + void *dkPtr, size_t dkLen) +{ + // MAX(salt_length + 4, 32 /* SHA1 Digest size */) + 2 * 32; + // salt_length + HASH_SIZE is bigger than either salt + 4 and digestSize. + const size_t kBigEnoughSize = (saltLen + CC_SHA256_DIGEST_LENGTH) + 2 * CC_SHA256_DIGEST_LENGTH; + uint8_t temp_data[kBigEnoughSize]; + + pbkdf2(hmac_sha256_PRF, CC_SHA256_DIGEST_LENGTH, + passwordPtr, passwordLen, + saltPtr, saltLen, + iterationCount, + dkPtr, dkLen, + temp_data); + + bzero(temp_data, kBigEnoughSize); +} void SecKeyFromPassphraseDataHMACSHA1(CFDataRef password, CFDataRef salt, uint32_t interationCount, CFMutableDataRef derivedKey) { @@ -57,3 +90,12 @@ void SecKeyFromPassphraseDataHMACSHA1(CFDataRef password, CFDataRef salt, uint32 CFDataGetMutableBytePtr(derivedKey), CFDataGetLength(derivedKey)); } + +void SecKeyFromPassphraseDataHMACSHA256(CFDataRef password, CFDataRef salt, uint32_t interationCount, CFMutableDataRef derivedKey) +{ + pbkdf2_hmac_sha256(CFDataGetBytePtr(password), CFDataGetLength(password), + CFDataGetBytePtr(salt), CFDataGetLength(salt), + interationCount, + CFDataGetMutableBytePtr(derivedKey), CFDataGetLength(derivedKey)); + +} diff --git a/OSX/sec/Security/SecPBKDF.h b/OSX/sec/Security/SecPBKDF.h index 9f92da94..167339c7 100644 --- a/OSX/sec/Security/SecPBKDF.h +++ b/OSX/sec/Security/SecPBKDF.h @@ -16,6 +16,11 @@ void hmac_sha1_PRF(const uint8_t *key, size_t text_len, uint8_t digest[CC_SHA1_DIGEST_LENGTH]); +void hmac_sha256_PRF(const uint8_t *key, + size_t key_len, + const uint8_t *text, + size_t text_len, + uint8_t digest[CC_SHA256_DIGEST_LENGTH]); /* PBKDF for clients who want to let us allocate the intermediate buffer. We over write any intermediate results we use in calculating */ @@ -24,7 +29,10 @@ void pbkdf2_hmac_sha1(const uint8_t *passwordPtr, size_t passwordLen, uint32_t iterationCount, void *dkPtr, size_t dkLen); - +void pbkdf2_hmac_sha256(const uint8_t *passwordPtr, size_t passwordLen, + const uint8_t *saltPtr, size_t saltLen, + uint32_t iterationCount, + void *dkPtr, size_t dkLen); /* Transformation conveninces from and to CFData where the password bytes used are the UTF-8 representation and 1000 iterations @@ -44,7 +52,6 @@ void pbkdf2_hmac_sha1(const uint8_t *passwordPtr, size_t passwordLen, CFDataGetBytePtr(salt), CFDataGetLength(salt), interationCount, CFDataGetMutableBytePtr(derivedKey), CFDataGetLength(derivedKey)); - } Suggested way to transform strings into data: @@ -58,3 +65,4 @@ void pbkdf2_hmac_sha1(const uint8_t *passwordPtr, size_t passwordLen, */ void SecKeyFromPassphraseDataHMACSHA1(CFDataRef password, CFDataRef salt, uint32_t interationCount, CFMutableDataRef derivedKey); +void SecKeyFromPassphraseDataHMACSHA256(CFDataRef password, CFDataRef salt, uint32_t interationCount, CFMutableDataRef derivedKey); diff --git a/OSX/sec/Security/SecPasswordGenerate.c b/OSX/sec/Security/SecPasswordGenerate.c index 009516f8..5a99e0cb 100644 --- a/OSX/sec/Security/SecPasswordGenerate.c +++ b/OSX/sec/Security/SecPasswordGenerate.c @@ -37,6 +37,10 @@ #include #include #include +#include +#include +#include "SecCFAllocator.h" + // Keys for external dictionaries with password generation requirements we read from plist. CFStringRef kSecPasswordMinLengthKey = CFSTR("PasswordMinLength"); @@ -61,6 +65,7 @@ CFStringRef kSecPasswordSeparator = CFSTR("SecPasswordSeparator"); // Keys for internally used dictionaries with password generation parameters (never exposed to external API). static CFStringRef kSecUseDefaultPasswordFormatKey = CFSTR("UseDefaultPasswordFormat"); static CFStringRef kSecNumberOfRequiredRandomCharactersKey = CFSTR("NumberOfRequiredRandomCharacters"); +static CFStringRef kSecNumberOfChecksumCharactersKey = CFSTR("NumberOfChecksumCharacters"); static CFStringRef kSecAllowedCharactersKey = CFSTR("AllowedCharacters"); static CFStringRef kSecRequiredCharacterSetsKey = CFSTR("RequiredCharacterSets"); @@ -168,6 +173,33 @@ static unsigned int pinhash (const char *str, unsigned int len) return len + asso_values[(unsigned char)str[3]+9] + asso_values[(unsigned char)str[2]] + asso_values[(unsigned char)str[1]] + asso_values[(unsigned char)str[0]+3]; } +///<://problem/29089896> warn against using these common PINs +static bool isTopTenSixDigitPasscode(CFStringRef passcode){ + bool result = false; + CFMutableArrayRef topTen = CFArrayCreateMutableForCFTypesWith(kCFAllocatorDefault, + CFSTR("030379"), + CFSTR("101471"), + CFSTR("112233"), + CFSTR("123123"), + CFSTR("123321"), + CFSTR("123654"), + CFSTR("147258"), + CFSTR("159753"), + CFSTR("321654"), + CFSTR("520131"), + CFSTR("520520"), + CFSTR("789456"), NULL); + + for(CFIndex i = 0; i < CFArrayGetCount(topTen); i++){ + if(CFEqualSafe(passcode, CFArrayGetValueAtIndex(topTen, i))){ + result = true; + break; + } + } + CFReleaseNull(topTen); + return result; +} + CFStringRef SecPasswordCreateWithRandomDigits(int n, CFErrorRef *error){ int min = n; int max = n; @@ -430,6 +462,106 @@ static bool SecPasswordIsPasswordRepeatingTwoNumbers(CFStringRef passcode){ return false; } +static int SecPasswordNumberOfRepeatedDigits(CFStringRef passcode){ + int repeating = 1; + CFIndex length = CFStringGetLength(passcode); + CFNumberRef highest = NULL; + CFMutableArrayRef highestRepeatingcount = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault); + + for(int i = 0; i < length; i++){ + + if(i+1 == length){ + CFNumberRef newRepeatingAddition = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &repeating); + CFArrayAppendValue(highestRepeatingcount, newRepeatingAddition); + CFReleaseNull(newRepeatingAddition); + break; + } + if(CFStringGetCharacterAtIndex(passcode, i) == CFStringGetCharacterAtIndex(passcode,i+1)) + repeating++; + else{ + if(repeating != 1) + { + CFNumberRef newRepeatingAddition = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &repeating); + CFArrayAppendValue(highestRepeatingcount, newRepeatingAddition); + CFReleaseNull(newRepeatingAddition); + } + repeating = 1; + + } + } + + for(int i =0; i< CFArrayGetCount(highestRepeatingcount); i++){ + if(i == 0){ + highest = CFArrayGetValueAtIndex(highestRepeatingcount, i); + continue; + } + else{ + CFNumberRef competitor = CFArrayGetValueAtIndex(highestRepeatingcount, i); + if(CFNumberCompare(competitor, highest, NULL) == kCFCompareGreaterThan){ + highest = competitor; + } + } + } + int finalRepeating = 0; + if(highest != NULL) + CFNumberGetValue(highest, kCFNumberIntType, &finalRepeating); + return finalRepeating; +} + +static bool SecPasswordIsPalindrome(CFStringRef passcode){ + char* pin = CFStringToCString(passcode); + long length = CFStringGetLength(passcode); + long j = length-1; + + for(int i = 0; i < CFStringGetLength(passcode); i++) + { + if(length%2 == 1 && i == j){ + free(pin); + return true; + } + else if(length%2 == 0 && i == j-1){ + if(pin[i] == pin[j]){ + free(pin); + return true; + } + else + break; + } + else if(pin[i] == pin[j]){ + j--; + continue; + } + else + break; + } + free(pin); + return false; +} + +static bool SecPasswordHasRepeatingGroups(CFStringRef passcode){ + char* pin = CFStringToCString(passcode); + + for(int i = 0; i < CFStringGetLength(passcode); i++) + { + if(i+4 == CFStringGetLength(passcode)){ + if(pin[i] == pin[i+3]){ + free(pin); + return true; + } + else + break; + } + else if(pin[i] == pin[i+3]) + continue; + else + break; + } + + free(pin); + + return false; +} + bool SecPasswordIsPasswordWeak2(bool isSimple, CFStringRef passcode) { uppercaseLetterCharacterSet = CFCharacterSetGetPredefined(kCFCharacterSetUppercaseLetter); @@ -508,6 +640,22 @@ bool SecPasswordIsPasswordWeak2(bool isSimple, CFStringRef passcode) else break; } + //not in the top 10 + if(isTopTenSixDigitPasscode(passcode)){ + free(pin); + return true; + } + //palindrome test + if(SecPasswordIsPalindrome(passcode)){ + free(pin); + return true; + } + + //2 identical groups + if(SecPasswordHasRepeatingGroups(passcode)){ + free(pin); + return true; + } //passcode is incrementing ex 123456 or 654321 if(SecPasswordIsPasscodeIncrementingOrDecrementingDigits(passcode)) { free(pin); @@ -525,16 +673,27 @@ bool SecPasswordIsPasswordWeak2(bool isSimple, CFStringRef passcode) else if(isPasscodeNumber && !isSimple){ //dealing with a complex numeric passcode pin = CFStringToCString(passcode); //check if PIN is all the same number - for(int i = 0; i < CFStringGetLength(passcode); i++){ - if(i+1 >= CFStringGetLength(passcode)){ - free(pin); - return true; - } - else if (pin[i] == pin[i+1]) - continue; - else - break; + int repeatingDigits = SecPasswordNumberOfRepeatedDigits(passcode); + if(repeatingDigits >= (CFStringGetLength(passcode)/2)){ + free(pin); + return true; + } + //palindrome test + if(SecPasswordIsPalindrome(passcode)){ + free(pin); + return true; } + //not in the top 10 + if(isTopTenSixDigitPasscode(passcode)){ + free(pin); + return true; + } + //2 identical groups + if(SecPasswordHasRepeatingGroups(passcode) && CFStringGetLength(passcode) >= 6){ + free(pin); + return true; + } + if(SecPasswordIsPasscodeIncrementingOrDecrementingDigits(passcode)) { free(pin); return true; @@ -773,15 +932,38 @@ fail: static CFDictionaryRef passwordGenerateCreateDefaultParametersDictionary(SecPasswordType type, CFDictionaryRef requirements){ CFMutableArrayRef requiredCharacterSets = NULL; - CFNumberRef numReqChars = NULL; + CFNumberRef numReqChars = NULL, checksumChars = NULL; CFStringRef defaultPasswordFormat = NULL; requiredCharacterSets = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault); defaultPasswordFormat = CFSTR("true"); CFTypeRef groupSizeRef = NULL, numberOfGroupsRef = NULL; - CFIndex groupSize, numberOfGroups; + CFIndex groupSize, numberOfGroups, checksumSize = 0; CFDictionaryRef returned = NULL; switch(type){ + case kSecPasswordTypeiCloudRecoveryKey: + groupSize = 4; + numberOfGroups = 7; + checksumSize = 2; + numReqChars = CFNumberCreateWithCFIndex(kCFAllocatorDefault, (groupSize * numberOfGroups) - checksumSize); + checksumChars = CFNumberCreateWithCFIndex(kCFAllocatorDefault, checksumSize); + groupSizeRef = CFNumberCreate(NULL, kCFNumberCFIndexType, &groupSize); + numberOfGroupsRef = CFNumberCreate(NULL, kCFNumberCFIndexType, &numberOfGroups); + + uppercaseLetterCharacterSet = CFCharacterSetGetPredefined(kCFCharacterSetUppercaseLetter); + decimalDigitCharacterSet = CFCharacterSetGetPredefined(kCFCharacterSetDecimalDigit); + CFArrayAppendValue(requiredCharacterSets, uppercaseLetterCharacterSet); + CFArrayAppendValue(requiredCharacterSets, decimalDigitCharacterSet); + returned = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, + kSecUseDefaultPasswordFormatKey, defaultPasswordFormat, + kSecNumberOfRequiredRandomCharactersKey, numReqChars, + kSecNumberOfChecksumCharactersKey, checksumChars, + kSecAllowedCharactersKey, defaultiCloudCharacters, + kSecRequiredCharacterSetsKey, requiredCharacterSets, + kSecPasswordGroupSize, groupSizeRef, + kSecPasswordNumberOfGroups, numberOfGroupsRef, + NULL); + break; case(kSecPasswordTypeiCloudRecovery): numReqChars = CFNumberCreateWithCFIndex(kCFAllocatorDefault, defaultiCloudPasswordLength); groupSize = 4; @@ -875,6 +1057,7 @@ static CFDictionaryRef passwordGenerateCreateDefaultParametersDictionary(SecPass CFReleaseNull(requiredCharacterSets); CFReleaseNull(groupSizeRef); CFReleaseNull(numberOfGroupsRef); + CFReleaseNull(checksumChars); return returned; } static CFDictionaryRef passwordGenerationCreateParametersDictionary(SecPasswordType type, CFDictionaryRef requirements) @@ -1201,7 +1384,7 @@ static bool doesFinalPasswordPass(bool isSimple, CFStringRef password, CFDiction CFTypeRef characters, identicalRef = NULL, NRef = NULL, endWith= NULL, startWith= NULL, atLeastCharacters= NULL, atMostCharacters = NULL; uint64_t valuePtr; - CFIndex N, identicalCount; + CFIndex N, identicalCount = 0; CFArrayRef requiredCharacterSet = (CFArrayRef)CFDictionaryGetValue(requirements, kSecRequiredCharacterSetsKey); if(!CFDictionaryGetValueIfPresent(requirements, kSecPasswordCantEndWithChars, &endWith)) @@ -1260,15 +1443,45 @@ static bool doesFinalPasswordPass(bool isSimple, CFStringRef password, CFDiction return true; } +static CFStringRef +CreateChecksum(SecPasswordType type, CFStringRef password, CFIndex length, CFStringRef allowedChars) +{ + if (type != kSecPasswordTypeiCloudRecoveryKey) + return NULL; + + CFMutableStringRef checksum = NULL; + uint8_t digest[CCSHA256_OUTPUT_SIZE]; + if (length > (CFIndex)sizeof(digest)) + return NULL; + + CFDataRef data = CFStringCreateExternalRepresentation(SecCFAllocatorZeroize(), password, kCFStringEncodingUTF8, 0); + if (data == NULL) + return NULL; + + ccdigest(ccsha256_di(), CFDataGetLength(data), CFDataGetBytePtr(data), digest); + CFReleaseNull(data); + + CFIndex allowedCharLength = CFStringGetLength(allowedChars); + + checksum = CFStringCreateMutable(SecCFAllocatorZeroize(), 0); + for (CFIndex n = 0; n < length; n++) { + CFIndex selection = digest[n] % allowedCharLength; + UniChar c = CFStringGetCharacterAtIndex(allowedChars, selection); + CFStringAppendCharacters(checksum, &c, 1); + } + + return checksum; +} + //entry point into password generation CF_RETURNS_RETAINED CFStringRef SecPasswordGenerate(SecPasswordType type, CFErrorRef *error, CFDictionaryRef passwordRequirements){ bool check = false, isSimple = false; CFTypeRef separator = NULL, defaults = NULL, groupSizeRef = NULL, numberOfGroupsRef = NULL; CFDictionaryRef properlyFormattedRequirements = NULL; CFErrorRef localError = NULL; - uint64_t valuePtr, groupSize, numberOfGroups; - CFNumberRef numberOfRequiredRandomCharacters; - CFIndex requiredCharactersSize; + uint64_t valuePtr, groupSize = 0, numberOfGroups, checksumChars = 0; + CFNumberRef numberOfRequiredRandomCharacters, checksumCharacters; + CFIndex requiredCharactersSize = 0; CFStringRef randomCharacters = NULL, password = NULL, allowedChars = NULL; CFMutableStringRef finalPassword = NULL; @@ -1288,8 +1501,13 @@ CF_RETURNS_RETAINED CFStringRef SecPasswordGenerate(SecPasswordType type, CFErro require_quiet(localError == NULL && properlyFormattedRequirements != NULL, fail); numberOfRequiredRandomCharacters = (CFNumberRef)CFDictionaryGetValue(properlyFormattedRequirements, kSecNumberOfRequiredRandomCharactersKey); - CFNumberGetValue(numberOfRequiredRandomCharacters, kCFNumberSInt64Type, &valuePtr); - requiredCharactersSize = (long)valuePtr; + if (isNumber(numberOfRequiredRandomCharacters) && CFNumberGetValue(numberOfRequiredRandomCharacters, kCFNumberSInt64Type, &valuePtr)) + requiredCharactersSize = (long)valuePtr; + + checksumCharacters = (CFNumberRef)CFDictionaryGetValue(properlyFormattedRequirements, kSecNumberOfChecksumCharactersKey); + if (isNumber(checksumCharacters) && CFNumberGetValue(checksumCharacters, kCFNumberSInt64Type, &valuePtr)) + checksumChars = (long)valuePtr; + if(!CFDictionaryGetValueIfPresent(properlyFormattedRequirements, kSecPasswordGroupSize, &groupSizeRef)){ groupSizeRef = NULL; @@ -1303,6 +1521,8 @@ CF_RETURNS_RETAINED CFStringRef SecPasswordGenerate(SecPasswordType type, CFErro else CFNumberGetValue((CFNumberRef)numberOfGroupsRef, kCFNumberSInt64Type, &numberOfGroups); + require(requiredCharactersSize, fail); + while (true) { allowedChars = CFDictionaryGetValue(properlyFormattedRequirements, kSecAllowedCharactersKey); getPasswordRandomCharacters(&randomCharacters, properlyFormattedRequirements, &requiredCharactersSize, allowedChars); @@ -1338,6 +1558,11 @@ CF_RETURNS_RETAINED CFStringRef SecPasswordGenerate(SecPasswordType type, CFErro i+=(requiredCharactersSize - i); } } + if (checksumChars) { + CFStringRef checksum = CreateChecksum(type, randomCharacters, (CFIndex)checksumChars, allowedChars); + CFStringAppend(finalPassword, checksum); + CFReleaseNull(checksum); + } password = CFStringCreateCopy(kCFAllocatorDefault, finalPassword); CFReleaseNull(finalPassword); } @@ -1414,6 +1639,11 @@ CFDictionaryRef SecPasswordCopyDefaultPasswordLength(SecPasswordType type, CFErr CFDictionaryRef result = NULL; switch(type){ + case(kSecPasswordTypeiCloudRecoveryKey): + tupleLengthInt = 4; + numOfTuplesInt = 7; + break; + case(kSecPasswordTypeiCloudRecovery): tupleLengthInt = 4; numOfTuplesInt = 6; @@ -1448,10 +1678,87 @@ CFDictionaryRef SecPasswordCopyDefaultPasswordLength(SecPasswordType type, CFErr CFDictionaryAddValue(passwordLengthDefaults, kSecPasswordGroupSize, tupleLength); CFDictionaryAddValue(passwordLengthDefaults, kSecPasswordNumberOfGroups, numOfTuples); result = CFDictionaryCreateCopy(kCFAllocatorDefault, passwordLengthDefaults); -} + } CFReleaseSafe(tupleLength); CFReleaseSafe(numOfTuples); CFReleaseSafe(passwordLengthDefaults); return result; } + +bool +SecPasswordValidatePasswordFormat(SecPasswordType type, CFStringRef password, CFErrorRef *error) +{ + CFIndex tupleLengthInt = 0, numOfTuplesInt = 0, checkSumChars = 3; + CFStringRef checksum = NULL, madeChecksum = NULL, passwordNoChecksum = NULL; + CFMutableStringRef randomChars = NULL; + CFStringRef allowedChars = NULL; + bool res = false; + + if (type != kSecPasswordTypeiCloudRecoveryKey) { + return false; + } + + tupleLengthInt = 4; + numOfTuplesInt = 7; + checkSumChars = 2; + allowedChars = defaultiCloudCharacters; + + if (numOfTuplesInt < 1) + return false; + if (checkSumChars > tupleLengthInt) + return false; + + CFIndex numberOfChars = numOfTuplesInt * tupleLengthInt + (numOfTuplesInt - 1); + + /* + * First check expected length + */ + + require(CFStringGetLength(password) == numberOfChars, out); /* N groups of M with (N-1) seperator - in-between */ + + randomChars = CFStringCreateMutable(SecCFAllocatorZeroize(), 0); + require(randomChars, out); + + /* + * make sure dash-es are at the expected spots + */ + + for (CFIndex n = 0; n < numOfTuplesInt; n++) { + if (n != 0) { + UniChar c = CFStringGetCharacterAtIndex(password, (n * (tupleLengthInt + 1)) - 1); + require(c == '-', out); + } + CFStringRef substr = CFStringCreateWithSubstring(SecCFAllocatorZeroize(), password, CFRangeMake(n * (tupleLengthInt + 1), tupleLengthInt)); + CFStringAppend(randomChars, substr); + CFReleaseNull(substr); + } + + /* + * Pull apart and password and checksum + */ + + checksum = CFStringCreateWithSubstring(SecCFAllocatorZeroize(), randomChars, CFRangeMake((numOfTuplesInt * tupleLengthInt) - checkSumChars, checkSumChars)); + require(checksum, out); + + passwordNoChecksum = CFStringCreateWithSubstring(SecCFAllocatorZeroize(), randomChars, CFRangeMake(0, (numOfTuplesInt * tupleLengthInt) - checkSumChars)); + require(passwordNoChecksum, out); + + /* + * Validate checksum + */ + + madeChecksum = CreateChecksum(type, passwordNoChecksum, checkSumChars, allowedChars); + require(madeChecksum, out); + + require(CFEqual(madeChecksum, checksum), out); + + res = true; +out: + CFReleaseNull(randomChars); + CFReleaseNull(madeChecksum); + CFReleaseNull(checksum); + CFReleaseNull(passwordNoChecksum); + + return res; +} diff --git a/OSX/sec/Security/SecPasswordGenerate.h b/OSX/sec/Security/SecPasswordGenerate.h index 2310cf56..ece9a1a6 100644 --- a/OSX/sec/Security/SecPasswordGenerate.h +++ b/OSX/sec/Security/SecPasswordGenerate.h @@ -42,7 +42,8 @@ enum { kSecPasswordTypeSafari = 0, kSecPasswordTypeiCloudRecovery = 1, kSecPasswordTypeWifi = 2, - kSecPasswordTypePIN = 3 + kSecPasswordTypePIN = 3, + kSecPasswordTypeiCloudRecoveryKey __OSX_AVAILABLE(10.12.4) __IOS_AVAILABLE(10.4) = 4, } __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); // Keys for external dictionaries with password generation requirements we read from plist. @@ -95,7 +96,13 @@ extern CFStringRef kSecPasswordSeparator CFDictionaryRef SecPasswordCopyDefaultPasswordLength(SecPasswordType type, CFErrorRef *error) __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); - +/* + * Check that password is propery formated (groups, checksum). Make no claim about password quality. + */ +bool +SecPasswordValidatePasswordFormat(SecPasswordType type, CFStringRef password, CFErrorRef *error) + __OSX_AVAILABLE(10.12.4) __IOS_AVAILABLE(10.4) __WATCHOS_AVAILABLE(3.4) __TVOS_AVAILABLE(10.4); + /* @function SecPasswordIsPasswordWeak @abstract Evalutes the weakness of a passcode. This function can take any type of passcode. Currently diff --git a/OSX/sec/Security/SecPolicy.c b/OSX/sec/Security/SecPolicy.c index ce03cdf9..f8779042 100644 --- a/OSX/sec/Security/SecPolicy.c +++ b/OSX/sec/Security/SecPolicy.c @@ -93,11 +93,22 @@ SEC_CONST_DECL (kSecPolicyCheckEAPTrustedServerNames, "EAPTrustedServerNames"); SEC_CONST_DECL (kSecPolicyCheckCertificatePolicy, "CertificatePolicy"); +SEC_CONST_DECL (kSecPolicyCheckLeafMarkerOid, "CheckLeafMarkerOid"); +SEC_CONST_DECL (kSecPolicyCheckLeafMarkerOidWithoutValueCheck, "CheckLeafMarkerOidNoValueCheck"); +SEC_CONST_DECL (kSecPolicyCheckLeafMarkersProdAndQA, "CheckLeafMarkersProdAndQA"); + +/* options for kSecPolicyCheckLeafMarkersProdAndQA */ +SEC_CONST_DECL (kSecPolicyLeafMarkerProd, "ProdMarker"); +SEC_CONST_DECL (kSecPolicyLeafMarkerQA, "QAMarker"); + #if 0 /* Check for basic constraints on leaf to be valid. (rfc5280 check) */ SEC_CONST_DECL (kSecPolicyCheckLeafBasicConstraints, "LeafBasicContraints"); #endif +SEC_CONST_DECL (kSecPolicyCheckBlackListedLeaf, "BlackListedLeaf"); +SEC_CONST_DECL (kSecPolicyCheckGrayListedLeaf, "GrayListedLeaf"); + /******************************************************** *********** Unverified Intermediate Checks ************* ********************************************************/ @@ -105,8 +116,11 @@ SEC_CONST_DECL (kSecPolicyCheckKeyUsage, "KeyUsage"); /* (rfc5280 check) */ SEC_CONST_DECL (kSecPolicyCheckExtendedKeyUsage, "ExtendedKeyUsage"); /* (rfc5280 check) */ SEC_CONST_DECL (kSecPolicyCheckBasicConstraints, "BasicConstraints"); /* (rfc5280 check) */ SEC_CONST_DECL (kSecPolicyCheckQualifiedCertStatements, "QualifiedCertStatements"); /* (rfc5280 check) */ -SEC_CONST_DECL (kSecPolicyCheckIntermediateSPKISHA256, "IntermediateSPKISHA256") -SEC_CONST_DECL (kSecPolicyCheckIntermediateEKU, "IntermediateEKU") +SEC_CONST_DECL (kSecPolicyCheckIntermediateSPKISHA256, "IntermediateSPKISHA256"); +SEC_CONST_DECL (kSecPolicyCheckIntermediateEKU, "IntermediateEKU"); +SEC_CONST_DECL (kSecPolicyCheckIntermediateMarkerOid, "CheckIntermediateMarkerOid"); +SEC_CONST_DECL (kSecPolicyCheckIntermediateOrganization, "CheckIntermediateOrganization"); +SEC_CONST_DECL (kSecPolicyCheckIntermediateCountry, "CheckIntermediateCountry"); /******************************************************** ************** Unverified Anchor Checks **************** @@ -129,10 +143,6 @@ SEC_CONST_DECL (kSecPolicyAppleAnchorIncludeTestRoots, "AnchorAppleTestRoots"); /* Unverified Certificate Checks (any of the above) */ SEC_CONST_DECL (kSecPolicyCheckNonEmptySubject, "NonEmptySubject"); SEC_CONST_DECL (kSecPolicyCheckIdLinkage, "IdLinkage") /* (rfc5280 check) */ -#if 0 -SEC_CONST_DECL (kSecPolicyCheckValidityStarted, "ValidStarted"); -SEC_CONST_DECL (kSecPolicyCheckValidityExpired, "ValidExpired"); -#else SEC_CONST_DECL (kSecPolicyCheckValidIntermediates, "ValidIntermediates"); SEC_CONST_DECL (kSecPolicyCheckValidLeaf, "ValidLeaf"); SEC_CONST_DECL (kSecPolicyCheckValidRoot, "ValidRoot"); @@ -141,8 +151,6 @@ SEC_CONST_DECL (kSecPolicyCheckWeakLeaf, "WeakLeaf"); SEC_CONST_DECL (kSecPolicyCheckWeakRoot, "WeakRoot"); SEC_CONST_DECL (kSecPolicyCheckKeySize, "KeySize"); SEC_CONST_DECL (kSecPolicyCheckSignatureHashAlgorithms, "SignatureHashAlgorithms"); -#endif - /******************************************************** **************** Verified Path Checks ****************** @@ -159,6 +167,16 @@ SEC_CONST_DECL (kSecPolicyCheckChainLength, "ChainLength"); /* (rfc5280 check) */ SEC_CONST_DECL (kSecPolicyCheckBasicCertificateProcessing, "BasicCertificateProcessing"); +/* Check Certificate Transparency if specified. */ +SEC_CONST_DECL (kSecPolicyCheckCertificateTransparency, "CertificateTransparency"); + +SEC_CONST_DECL (kSecPolicyCheckGrayListedKey, "GrayListedKey"); +SEC_CONST_DECL (kSecPolicyCheckBlackListedKey, "BlackListedKey"); + +SEC_CONST_DECL (kSecPolicyCheckUsageConstraints, "UsageConstraints"); + +SEC_CONST_DECL (kSecPolicyCheckSystemTrustedWeakHash, "SystemTrustedWeakHash"); + /******************************************************** ******************* Feature toggles ******************** ********************************************************/ @@ -170,26 +188,12 @@ SEC_CONST_DECL (kSecPolicyCheckRevocationResponseRequired, "RevocationResponseRe SEC_CONST_DECL (kSecPolicyCheckRevocationOCSP, "OCSP"); SEC_CONST_DECL (kSecPolicyCheckRevocationCRL, "CRL"); SEC_CONST_DECL (kSecPolicyCheckRevocationAny, "AnyRevocationMethod"); - -/* Check Certificate Transparency if specified. */ -SEC_CONST_DECL (kSecPolicyCheckCertificateTransparency, "CertificateTransparency"); +SEC_CONST_DECL (kSecPolicyCheckRevocationOnline, "Online"); /* If present and true, we never go out to the network for anything (OCSP, CRL or CA Issuer checking) but just used cached data instead. */ SEC_CONST_DECL (kSecPolicyCheckNoNetworkAccess, "NoNetworkAccess"); -/* Hack to quickly blacklist certain certs. */ -SEC_CONST_DECL (kSecPolicyCheckBlackListedLeaf, "BlackListedLeaf"); -SEC_CONST_DECL (kSecPolicyCheckGrayListedLeaf, "GrayListedLeaf"); -SEC_CONST_DECL (kSecPolicyCheckGrayListedKey, "GrayListedKey"); -SEC_CONST_DECL (kSecPolicyCheckBlackListedKey, "BlackListedKey"); - -SEC_CONST_DECL (kSecPolicyCheckLeafMarkerOid, "CheckLeafMarkerOid"); -SEC_CONST_DECL (kSecPolicyCheckLeafMarkerOidWithoutValueCheck, "CheckLeafMarkerOidNoValueCheck"); -SEC_CONST_DECL (kSecPolicyCheckIntermediateMarkerOid, "CheckIntermediateMarkerOid"); - -SEC_CONST_DECL (kSecPolicyCheckUsageConstraints, "UsageConstraints"); - /* Public policy names. */ SEC_CONST_DECL (kSecPolicyAppleX509Basic, "1.2.840.113635.100.1.2"); SEC_CONST_DECL (kSecPolicyAppleSSL, "1.2.840.113635.100.1.3"); @@ -262,6 +266,8 @@ SEC_CONST_DECL (kSecPolicyAppleEscrowProxyCompatibilityServerAuth, "1.2.840.1136 SEC_CONST_DECL (kSecPolicyAppleMMCSCompatibilityServerAuth, "1.2.840.113635.100.1.74"); SEC_CONST_DECL (kSecPolicyAppleSecureIOStaticAsset, "1.2.840.113635.100.1.75"); SEC_CONST_DECL (kSecPolicyAppleWarsaw, "1.2.840.113635.100.1.76"); +SEC_CONST_DECL (kSecPolicyAppleiCloudSetupServerAuth, "1.2.840.113635.100.1.77"); +SEC_CONST_DECL (kSecPolicyAppleiCloudSetupCompatibilityServerAuth, "1.2.840.113635.100.1.78"); SEC_CONST_DECL (kSecPolicyOid, "SecPolicyOid"); SEC_CONST_DECL (kSecPolicyName, "SecPolicyName"); @@ -353,6 +359,7 @@ static CFStringRef kSecPolicyNameApplePPQService = CFSTR("PPQ"); static CFStringRef kSecPolicyNameAppleUniqueDeviceCertificate = CFSTR("UCRT"); static CFStringRef kSecPolicyNameAppleSecureIOStaticAsset = CFSTR("SecureIOStaticAsset"); static CFStringRef kSecPolicyNameAppleWarsaw = CFSTR("Warsaw"); +static CFStringRef kSecPolicyNameAppleiCloudSetupService = CFSTR("iCloudSetup"); /* Policies will now change to multiple categories of checks. @@ -837,10 +844,18 @@ SecPolicyRef SecPolicyCreateWithProperties(CFTypeRef policyIdentifier, policy = SecPolicyCreateAppleIDAuthorityPolicy(); } else if (CFEqual(policyIdentifier, kSecPolicyAppleGenericApplePinned)) { - policy = SecPolicyCreateApplePinned(policyName, intermediateMarkerOid, leafMarkerOid); + if (policyName) { + policy = SecPolicyCreateApplePinned(policyName, intermediateMarkerOid, leafMarkerOid); + } else { + secerror("policy \"%@\" requires kSecPolicyPolicyName input", policyIdentifier); + } } else if (CFEqual(policyIdentifier, kSecPolicyAppleGenericAppleSSLPinned)) { - policy = SecPolicyCreateAppleSSLPinned(policyName, name, intermediateMarkerOid, leafMarkerOid); + if (policyName) { + policy = SecPolicyCreateAppleSSLPinned(policyName, name, intermediateMarkerOid, leafMarkerOid); + } else { + secerror("policy \"%@\" requires kSecPolicyPolicyName input", policyIdentifier); + } } else if (CFEqual(policyIdentifier, kSecPolicyAppleSoftwareSigning)) { policy = SecPolicyCreateAppleSoftwareSigning(); @@ -868,7 +883,7 @@ SecPolicyRef SecPolicyCreateWithProperties(CFTypeRef policyIdentifier, secerror("policy \"%@\" requires kSecPolicyName input", policyIdentifier); } } - else if (name && CFEqual(policyIdentifier, kSecPolicyAppleLegacyPushService)) { + else if (CFEqual(policyIdentifier, kSecPolicyAppleLegacyPushService)) { if (name) { policy = SecPolicyCreateApplePushServiceLegacy(name); } else { @@ -881,14 +896,14 @@ SecPolicyRef SecPolicyCreateWithProperties(CFTypeRef policyIdentifier, else if (CFEqual(policyIdentifier, kSecPolicyAppleUniqueDeviceIdentifierCertificate)) { policy = SecPolicyCreateAppleUniqueDeviceCertificate(rootDigest); } - else if (name && CFEqual(policyIdentifier, kSecPolicyAppleEscrowProxyCompatibilityServerAuth)) { + else if (CFEqual(policyIdentifier, kSecPolicyAppleEscrowProxyCompatibilityServerAuth)) { if (name) { policy = SecPolicyCreateAppleCompatibilityEscrowProxyService(name); } else { secerror("policy \"%@\" requires kSecPolicyName input", policyIdentifier); } } - else if (name && CFEqual(policyIdentifier, kSecPolicyAppleMMCSCompatibilityServerAuth)) { + else if (CFEqual(policyIdentifier, kSecPolicyAppleMMCSCompatibilityServerAuth)) { if (name) { policy = SecPolicyCreateAppleCompatibilityMMCSService(name); } else { @@ -897,6 +912,23 @@ SecPolicyRef SecPolicyCreateWithProperties(CFTypeRef policyIdentifier, } else if (CFEqual(policyIdentifier, kSecPolicyAppleSecureIOStaticAsset)) { policy = SecPolicyCreateAppleSecureIOStaticAsset(); + } + else if (CFEqual(policyIdentifier, kSecPolicyAppleWarsaw)) { + policy = SecPolicyCreateAppleWarsaw(); + } + else if (CFEqual(policyIdentifier, kSecPolicyAppleiCloudSetupServerAuth)) { + if (name) { + policy = SecPolicyCreateAppleiCloudSetupService(name, context); + } else { + secerror("policy \"%@\" requires kSecPolicyName input", policyIdentifier); + } + } + else if (CFEqual(policyIdentifier, kSecPolicyAppleiCloudSetupCompatibilityServerAuth)) { + if (name) { + policy = SecPolicyCreateAppleCompatibilityiCloudSetupService(name); + } else { + secerror("policy \"%@\" requires kSecPolicyName input", policyIdentifier); + } } else { secerror("ERROR: policy \"%@\" is unsupported", policyIdentifier); @@ -1008,7 +1040,7 @@ void SecPolicySetOptionsValue(SecPolicyRef policy, CFStringRef key, CFTypeRef va /* Local forward declaration */ static void set_ssl_ekus(CFMutableDictionaryRef options, bool server); -#if !SECTRUST_OSX +#if TARGET_OS_IPHONE // this is declared as NA for iPhone in SecPolicy.h, so declare here OSStatus SecPolicySetProperties(SecPolicyRef policyRef, CFDictionaryRef properties); #endif @@ -1562,6 +1594,77 @@ static void add_leaf_marker_string(CFMutableDictionaryRef options, CFStringRef m add_leaf_marker_value_string(options, markerOid, NULL); } +static void add_leaf_prod_qa_element(CFMutableDictionaryRef options, CFTypeRef prodValue, CFTypeRef qaValue) +{ + CFMutableDictionaryRef prodAndQADictionary = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, + &kCFTypeDictionaryValueCallBacks); + CFDictionaryRef old_value = CFDictionaryGetValue(options, kSecPolicyCheckLeafMarkersProdAndQA); + if (old_value) { + CFMutableArrayRef prodArray = NULL, qaArray = NULL; + CFTypeRef old_prod_value = CFDictionaryGetValue(old_value, kSecPolicyLeafMarkerProd); + CFTypeRef old_qa_value = CFDictionaryGetValue(old_value, kSecPolicyLeafMarkerQA); + if (isArray(old_prod_value) && isArray(old_qa_value)) { + prodArray = (CFMutableArrayRef)CFRetainSafe(old_prod_value); + qaArray = (CFMutableArrayRef)CFRetainSafe(old_qa_value); + } else { + prodArray = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); + qaArray = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); + CFArrayAppendValue(prodArray, old_prod_value); + CFArrayAppendValue(qaArray, old_qa_value); + } + CFArrayAppendValue(prodArray, prodValue); + CFArrayAppendValue(qaArray, qaValue); + CFDictionaryAddValue(prodAndQADictionary, kSecPolicyLeafMarkerProd, prodArray); + CFDictionaryAddValue(prodAndQADictionary, kSecPolicyLeafMarkerQA, qaArray); + CFReleaseNull(prodArray); + CFReleaseNull(qaArray); + + } else { + CFDictionaryAddValue(prodAndQADictionary, kSecPolicyLeafMarkerProd, prodValue); + CFDictionaryAddValue(prodAndQADictionary, kSecPolicyLeafMarkerQA, qaValue); + } + CFDictionarySetValue(options, kSecPolicyCheckLeafMarkersProdAndQA, prodAndQADictionary); + CFReleaseNull(prodAndQADictionary); + +} + +static void add_leaf_prod_qa_markers(CFMutableDictionaryRef options, const DERItem *prodMarkerOid, const DERItem *qaMarkerOid) +{ + CFDataRef prodData = NULL, qaData = NULL; + prodData = CFDataCreate(NULL, prodMarkerOid ? prodMarkerOid->data : NULL, + prodMarkerOid ? prodMarkerOid->length : 0); + qaData = CFDataCreate(NULL, qaMarkerOid ? qaMarkerOid->data : NULL, + qaMarkerOid ? qaMarkerOid->length : 0); + add_leaf_prod_qa_element(options, prodData, qaData); + CFReleaseNull(prodData); + CFReleaseNull(qaData); +} + +static void add_leaf_prod_qa_markers_string(CFMutableDictionaryRef options, CFStringRef prodMarkerOid, CFStringRef qaMarkerOid) +{ + add_leaf_prod_qa_element(options, prodMarkerOid, qaMarkerOid); +} + +static void add_leaf_prod_qa_markers_value_string(CFMutableDictionaryRef options, + CFStringRef prodMarkerOid, CFStringRef prod_value, + CFStringRef qaMarkerOid, CFStringRef qa_value) +{ + if (!prod_value && !qa_value) { + add_leaf_prod_qa_element(options, prodMarkerOid, qaMarkerOid); + } else { + CFDictionaryRef prodData = NULL, qaData = NULL; + const void *prodKey[1] = { prodMarkerOid }, *qaKey[1] = { qaMarkerOid }; + const void *prodValue[1] = { prod_value }, *qaValue[1] = { qa_value }; + prodData = CFDictionaryCreate(NULL, prodKey, prodValue, 1, &kCFTypeDictionaryKeyCallBacks, + &kCFTypeDictionaryValueCallBacks); + qaData = CFDictionaryCreate(NULL, qaKey, qaValue, 1, &kCFTypeDictionaryKeyCallBacks, + &kCFTypeDictionaryValueCallBacks); + add_leaf_prod_qa_element(options, prodData, qaData); + CFReleaseNull(prodData); + CFReleaseNull(qaData); + } +} + static void add_intermediate_marker_value_string(CFMutableDictionaryRef options, CFStringRef markerOid, CFStringRef string_value) { if (NULL == string_value) { add_element(options, kSecPolicyCheckIntermediateMarkerOid, markerOid); @@ -1710,6 +1813,9 @@ static bool isAppleOid(CFStringRef oid) { static bool isCFPreferenceInSecurityDomain(CFStringRef setting) { /* For backwards compatibility reasons we have to check both "com.apple.security" and "com.apple.Security". */ + if (CFPreferencesGetAppBooleanValue(setting, CFSTR("com.apple.Security"), NULL)) { + secwarning("DEPRECATION WARNING: Preference set in \"com.apple.Security\" domain. This domain is deprecated. Please use \"com.apple.security\" instead"); + } return (CFPreferencesGetAppBooleanValue(setting, CFSTR("com.apple.security"), NULL) || CFPreferencesGetAppBooleanValue(setting, CFSTR("com.apple.Security"), NULL)); } @@ -1792,6 +1898,10 @@ SecPolicyRef SecPolicyCreateSSL(Boolean server, CFStringRef hostname) { CFDictionaryAddValue(options, kSecPolicyCheckBlackListedLeaf, kCFBooleanTrue); CFDictionaryAddValue(options, kSecPolicyCheckGrayListedLeaf, kCFBooleanTrue); + if (server) { + CFDictionaryAddValue(options, kSecPolicyCheckSystemTrustedWeakHash, kCFBooleanTrue); + } + set_ssl_ekus(options, server); require(result = SecPolicyCreate(kSecPolicyAppleSSL, @@ -1841,6 +1951,8 @@ SecPolicyRef SecPolicyCreateApplePinned(CFStringRef policyName, CFStringRef inte /* RSA key sizes are 2048-bit or larger. EC key sizes are P-256 or larger. */ require(SecPolicyAddStrongKeySizeOptions(options), errOut); + /* Check for weak hashes */ + CFDictionaryAddValue(options, kSecPolicyCheckSystemTrustedWeakHash, kCFBooleanTrue); require(result = SecPolicyCreate(kSecPolicyAppleGenericApplePinned, policyName, options), errOut); @@ -1935,6 +2047,9 @@ SecPolicyRef SecPolicyCreateAppleSSLPinned(CFStringRef policyName, CFStringRef h /* RSA key sizes are 2048-bit or larger. EC key sizes are P-256 or larger. */ require(SecPolicyAddStrongKeySizeOptions(options), errOut); + /* Check for weak hashes */ + CFDictionaryAddValue(options, kSecPolicyCheckSystemTrustedWeakHash, kCFBooleanTrue); + /* Check revocation using any available method */ add_element(options, kSecPolicyCheckRevocation, kSecPolicyCheckRevocationAny); @@ -2124,6 +2239,11 @@ SecPolicyRef SecPolicyCreateEAP(Boolean server, CFArrayRef trustedServerNames) { CFDictionaryAddValue(options, kSecPolicyCheckEAPTrustedServerNames, trustedServerNames); } + if (server) { + /* Check for weak hashes */ + CFDictionaryAddValue(options, kSecPolicyCheckSystemTrustedWeakHash, kCFBooleanTrue); + } + /* We need to check for EKU per rdar://22206018 */ set_ssl_ekus(options, server); @@ -2192,7 +2312,7 @@ SecPolicyRef SecPolicyCreateiPhoneApplicationSigning(void) { } /* Leaf checks */ - if (SecIsInternalRelease() && !SecIsProductionFused()) { + if (SecIsInternalRelease()) { /* Allow a prod hierarchy-signed test cert */ CFDictionaryAddValue(options, kSecPolicyCheckSubjectCommonNameTEST, CFSTR("Apple iPhone OS Application Signing")); @@ -2267,7 +2387,7 @@ SecPolicyRef SecPolicyCreateiPhoneProvisioningProfileSigning(void) { subject "Apple iPhone OS Provisioning Profile Signing" for the common name. */ CFDictionaryAddValue(options, kSecPolicyCheckIssuerCommonName, CFSTR("Apple iPhone Certification Authority")); - if (SecIsInternalRelease() && !SecIsProductionFused()) { + if (SecIsInternalRelease()) { CFDictionaryAddValue(options, kSecPolicyCheckSubjectCommonNameTEST, CFSTR("Apple iPhone OS Provisioning Profile Signing")); } @@ -2315,9 +2435,9 @@ SecPolicyRef SecPolicyCreateAppleTVOSApplicationSigning(void) { /* Check for prod or test AppleTV Application Signing OIDs */ /* Prod: 1.2.840.113635.100.6.1.24 */ - /* Test: 1.2.840.113635.100.6.1.24.1 */ + /* ProdQA: 1.2.840.113635.100.6.1.24.1 */ add_leaf_marker(options, &oidAppleTVOSApplicationSigningProd); - add_leaf_marker(options, &oidAppleTVOSApplicationSigningTest); + add_leaf_marker(options, &oidAppleTVOSApplicationSigningProdQA); require(result = SecPolicyCreate(kSecPolicyAppleTVOSApplicationSigning, kSecPolicyNameAppleTVOSApplicationSigning, options), @@ -2351,6 +2471,8 @@ errOut: return result; } +const CFOptionFlags kSecRevocationOnlineCheck = (1 << 5); + SecPolicyRef SecPolicyCreateRevocation(CFOptionFlags revocationFlags) { CFMutableDictionaryRef options = NULL; SecPolicyRef result = NULL; @@ -2385,8 +2507,12 @@ SecPolicyRef SecPolicyCreateRevocation(CFOptionFlags revocationFlags) { CFDictionaryAddValue(options, kSecPolicyCheckNoNetworkAccess, kCFBooleanFalse); } - /* Only flag bits 0-4 are currently defined */ - require(((revocationFlags >> 5) == 0), errOut); + if (revocationFlags & kSecRevocationOnlineCheck) { + CFDictionaryAddValue(options, kSecPolicyCheckRevocationOnline, kCFBooleanTrue); + } + + /* Only flag bits 0-5 are currently defined */ + require(((revocationFlags >> 6) == 0), errOut); require(result = SecPolicyCreate(kSecPolicyAppleRevocation, kSecPolicyNameRevocation, options), errOut); @@ -2797,7 +2923,7 @@ static SecPolicyRef CreateMobileStoreSigner(Boolean forTest) add_ku(options, kSecKeyUsageDigitalSignature); - const DERItem* pOID = (forTest) ? &oidApplePolicyTestMobileStore : &oidApplePolicyMobileStore; + const DERItem* pOID = (forTest) ? &oidApplePolicyMobileStoreProdQA : &oidApplePolicyMobileStore; add_certificate_policy_oid(options, pOID); @@ -3184,41 +3310,40 @@ errOut: } static bool -allowUATRoot(bool allowNonProd, CFStringRef service, CFDictionaryRef context) +allowUATRoot(CFStringRef service, CFDictionaryRef context) { bool UATAllowed = false; CFStringRef setting = NULL; - if (SecIsInternalRelease() || allowNonProd) { - setting = CFStringCreateWithFormat(NULL, NULL, CFSTR("AppleServerAuthenticationAllowUAT%@"), service); - CFTypeRef value = NULL; - require(setting, fail); + setting = CFStringCreateWithFormat(NULL, NULL, CFSTR("AppleServerAuthenticationAllowUAT%@"), service); + CFTypeRef value = NULL; + require(setting, fail); - if (context && - CFDictionaryGetValueIfPresent(context, setting, &value) && - isBoolean(value) && - CFBooleanGetValue(value)) - { - UATAllowed = true; - } + if (context && + CFDictionaryGetValueIfPresent(context, setting, &value) && + isBoolean(value) && + CFBooleanGetValue(value)) + { + UATAllowed = true; + } - if (isCFPreferenceInSecurityDomain(setting)) { - UATAllowed = true; - } + /* CFPreference for this service */ + if (isCFPreferenceInSecurityDomain(setting)) { + UATAllowed = true; + } - if (!UATAllowed) { - secnotice("pinningQA", "could not enable test cert: %@ not true", setting); - } else { - goto fail; - } + if (!UATAllowed) { + secnotice("pinningQA", "could not enable test cert: %@ not true", setting); + } else { + goto fail; + } - if (isCFPreferenceInSecurityDomain(CFSTR("AppleServerAuthenticationAllowUAT"))) { - UATAllowed = true; - } else { - secnotice("pinningQA", "could not enable test hierarchy: AppleServerAuthenticationAllowUAT not true"); - } + /* Generic CFPreference */ + if (isCFPreferenceInSecurityDomain(CFSTR("AppleServerAuthenticationAllowUAT"))) { + UATAllowed = true; } else { - secnotice("pinningQA", "could not enable test cert: not an internal release"); + secnotice("pinningQA", "could not enable test hierarchy: AppleServerAuthenticationAllowUAT not true"); } + fail: CFReleaseNull(setting); return UATAllowed; @@ -3241,7 +3366,7 @@ fail: static SecPolicyRef SecPolicyCreateAppleServerAuthCommon(CFStringRef hostname, CFDictionaryRef __unused context, - CFStringRef policyOID, CFStringRef service, bool allowNonProd, + CFStringRef policyOID, CFStringRef service, const DERItem *leafMarkerOID, const DERItem *UATLeafMarkerOID) { @@ -3264,7 +3389,7 @@ SecPolicyCreateAppleServerAuthCommon(CFStringRef hostname, add_eku(options, &oidExtendedKeyUsageServerAuth); if (requireUATPinning(service)) { - bool allowUAT = allowUATRoot(allowNonProd, service, context); + bool allowUAT = allowUATRoot(service, context); /* * Require pinning to the Apple CA's (and if UAT environment, @@ -3286,9 +3411,10 @@ SecPolicyCreateAppleServerAuthCommon(CFStringRef hostname, * as some variants of the UAT environment uses that instead * of the test Apple CA's. */ - add_leaf_marker(options, leafMarkerOID); if (allowUAT && UATLeafMarkerOID) { - add_leaf_marker(options, UATLeafMarkerOID); + add_leaf_prod_qa_markers(options, leafMarkerOID, UATLeafMarkerOID); + } else { + add_leaf_marker(options, leafMarkerOID); } /* new-style leaf marker OIDs */ @@ -3298,12 +3424,13 @@ SecPolicyCreateAppleServerAuthCommon(CFStringRef hostname, UATLeafMarkerOIDStr = SecDERItemCopyOIDDecimalRepresentation(NULL, UATLeafMarkerOID); } - if (leafMarkerOIDStr) { + if (allowUAT && leafMarkerOIDStr && UATLeafMarkerOIDStr) { + add_leaf_prod_qa_markers_value_string(options, + CFSTR("1.2.840.113635.100.6.48.1"), leafMarkerOIDStr, + CFSTR("1.2.840.113635.100.6.48.1"), UATLeafMarkerOIDStr); + } else if (leafMarkerOIDStr) { add_leaf_marker_value_string(options, CFSTR("1.2.840.113635.100.6.48.1"), leafMarkerOIDStr); } - if (allowUAT && UATLeafMarkerOIDStr) { - add_leaf_marker_value_string(options, CFSTR("1.2.840.113635.100.6.48.1"), UATLeafMarkerOIDStr); - } CFReleaseNull(leafMarkerOIDStr); CFReleaseNull(UATLeafMarkerOIDStr); @@ -3311,6 +3438,8 @@ SecPolicyCreateAppleServerAuthCommon(CFStringRef hostname, add_oid(options, kSecPolicyCheckIntermediateMarkerOid, &oidAppleIntmMarkerAppleServerAuthentication); } + /* Check for weak hashes */ + CFDictionaryAddValue(options, kSecPolicyCheckSystemTrustedWeakHash, kCFBooleanTrue); CFDictionaryAddValue(options, kSecPolicyCheckRevocation, kSecPolicyCheckRevocationAny); @@ -3346,9 +3475,9 @@ SecPolicyRef SecPolicyCreateAppleIDSService(CFStringRef hostname) SecPolicyRef SecPolicyCreateAppleIDSServiceContext(CFStringRef hostname, CFDictionaryRef context) { return SecPolicyCreateAppleServerAuthCommon(hostname, context, kSecPolicyAppleIDSServiceContext, - kSecPolicyNameAppleIDSServiceContext, false, + kSecPolicyNameAppleIDSServiceContext, &oidAppleCertExtAppleServerAuthenticationIDSProd, - &oidAppleCertExtAppleServerAuthenticationIDSTest); + &oidAppleCertExtAppleServerAuthenticationIDSProdQA); } /*! @@ -3358,7 +3487,7 @@ SecPolicyRef SecPolicyCreateAppleIDSServiceContext(CFStringRef hostname, CFDicti SecPolicyRef SecPolicyCreateAppleGSService(CFStringRef hostname, CFDictionaryRef context) { return SecPolicyCreateAppleServerAuthCommon(hostname, context, kSecPolicyAppleGSService, - kSecPolicyNameAppleGSService, false, + kSecPolicyNameAppleGSService, &oidAppleCertExtAppleServerAuthenticationGS, NULL); } @@ -3370,9 +3499,9 @@ SecPolicyRef SecPolicyCreateAppleGSService(CFStringRef hostname, CFDictionaryRef SecPolicyRef SecPolicyCreateApplePushService(CFStringRef hostname, CFDictionaryRef context) { return SecPolicyCreateAppleServerAuthCommon(hostname, context, kSecPolicyApplePushService, - kSecPolicyNameApplePushService, false, + kSecPolicyNameApplePushService, &oidAppleCertExtAppleServerAuthenticationAPNProd, - &oidAppleCertExtAppleServerAuthenticationAPNTest); + &oidAppleCertExtAppleServerAuthenticationAPNProdQA); } /*! @@ -3382,9 +3511,9 @@ SecPolicyRef SecPolicyCreateApplePushService(CFStringRef hostname, CFDictionaryR SecPolicyRef SecPolicyCreateApplePPQService(CFStringRef hostname, CFDictionaryRef context) { return SecPolicyCreateAppleServerAuthCommon(hostname, context, kSecPolicyApplePPQService, - kSecPolicyNameApplePPQService, false, + kSecPolicyNameApplePPQService, &oidAppleCertExtAppleServerAuthenticationPPQProd , - &oidAppleCertExtAppleServerAuthenticationPPQTest); + &oidAppleCertExtAppleServerAuthenticationPPQProdQA); } /*! @@ -3394,9 +3523,9 @@ SecPolicyRef SecPolicyCreateApplePPQService(CFStringRef hostname, CFDictionaryRe SecPolicyRef SecPolicyCreateAppleAST2Service(CFStringRef hostname, CFDictionaryRef context) { return SecPolicyCreateAppleServerAuthCommon(hostname, context, kSecPolicyAppleAST2DiagnosticsServerAuth, - kSecPolicyNameAppleAST2Service, true, + kSecPolicyNameAppleAST2Service, &oidAppleCertExtAST2DiagnosticsServerAuthProd, - &oidAppleCertExtAST2DiagnosticsServerAuthTest); + &oidAppleCertExtAST2DiagnosticsServerAuthProdQA); } /*! @@ -3406,9 +3535,9 @@ SecPolicyRef SecPolicyCreateAppleAST2Service(CFStringRef hostname, CFDictionaryR SecPolicyRef SecPolicyCreateAppleEscrowProxyService(CFStringRef hostname, CFDictionaryRef context) { return SecPolicyCreateAppleServerAuthCommon(hostname, context, kSecPolicyAppleEscrowProxyServerAuth, - kSecPolicyNameAppleEscrowProxyService, false, - &oidAppleCertExtEscrowProxyServerAuthProd, - &oidAppleCertExtEscrowProxyServerAuthTest); + kSecPolicyNameAppleEscrowProxyService, + &oidAppleCertExtEscrowProxyServerAuthProd, + &oidAppleCertExtEscrowProxyServerAuthProdQA); } /* subject:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA */ @@ -3420,16 +3549,10 @@ unsigned char GeoTrust_Global_CA_sha256[kSecPolicySHA256Size] = { 0xcf, 0xab, 0xaa, 0xde, 0x40, 0x79, 0x9c, 0x72, 0x2d, 0xe4, 0xd2, 0xb5, 0xdb, 0x36, 0xa7, 0x3a }; -/* SKID: D8:7A:94:44:7C:90:70:90:16:9E:DD:17:9C:01:44:03:86:D6:2A:29 */ -unsigned char AppleISTCA2G1_spki_sha256[kSecPolicySHA256Size] = { - 0xb5, 0xcf, 0x82, 0xd4, 0x7e, 0xf9, 0x82, 0x3f, 0x9a, 0xa7, 0x8f, 0x12, 0x31, 0x86, 0xc5, 0x2e, - 0x88, 0x79, 0xea, 0x84, 0xb0, 0xf8, 0x22, 0xc9, 0x1d, 0x83, 0xe0, 0x42, 0x79, 0xb7, 0x8f, 0xd5 -}; - static SecPolicyRef SecPolicyCreateAppleGeoTrustServerAuthCommon(CFStringRef hostname, CFStringRef policyOid, - CFStringRef policyName, bool allowNonProd, + CFStringRef policyName, CFStringRef leafMarkerOid, - CFStringRef testLeafMarkerOid) { + CFStringRef qaLeafMarkerOid) { CFMutableDictionaryRef options = NULL; CFDataRef spkiDigest = NULL; SecPolicyRef result = NULL; @@ -3450,23 +3573,27 @@ static SecPolicyRef SecPolicyCreateAppleGeoTrustServerAuthCommon(CFStringRef hos /* GeoTrust root */ SecPolicyAddAnchorSHA256Options(options, GeoTrust_Global_CA_sha256); - /* Public key for Apple IST CA 2 */ - spkiDigest = CFDataCreateWithBytesNoCopy(NULL, AppleISTCA2G1_spki_sha256, - kSecPolicySHA256Size, kCFAllocatorNull); - require_action(spkiDigest, errOut, CFReleaseNull(result)); - CFDictionaryAddValue(options, kSecPolicyCheckIntermediateSPKISHA256, spkiDigest); + /* Issued to Apple Inc. in the US */ + add_element(options, kSecPolicyCheckIntermediateCountry, CFSTR("US")); + add_element(options, kSecPolicyCheckIntermediateOrganization, CFSTR("Apple Inc.")); require_action(SecPolicyAddChainLengthOptions(options, 3), errOut, CFReleaseNull(result)); /* Marker OIDs in both formats */ - add_leaf_marker_string(options, leafMarkerOid); - add_leaf_marker_value_string(options, CFSTR("1.2.840.113635.100.6.48.1"), leafMarkerOid); - if (testLeafMarkerOid && allowUATRoot(allowNonProd, policyName, NULL)) { - add_leaf_marker_string(options, testLeafMarkerOid); - add_leaf_marker_value_string(options, CFSTR("1.2.840.113635.100.6.48.1"), testLeafMarkerOid); + if (qaLeafMarkerOid && allowUATRoot(policyName, NULL)) { + add_leaf_prod_qa_markers_string(options, leafMarkerOid, qaLeafMarkerOid); + add_leaf_prod_qa_markers_value_string(options, + CFSTR("1.2.840.113635.100.6.48.1"), leafMarkerOid, + CFSTR("1.2.840.113635.100.6.48.1"), qaLeafMarkerOid); + } else { + add_leaf_marker_string(options, leafMarkerOid); + add_leaf_marker_value_string(options, CFSTR("1.2.840.113635.100.6.48.1"), leafMarkerOid); } } + /* Check for weak hashes */ + CFDictionaryAddValue(options, kSecPolicyCheckSystemTrustedWeakHash, kCFBooleanTrue); + /* See for more details */ result = SecPolicyCreate(policyOid, policyName, options); @@ -3479,7 +3606,7 @@ errOut: SecPolicyRef SecPolicyCreateAppleCompatibilityEscrowProxyService(CFStringRef hostname) { return SecPolicyCreateAppleGeoTrustServerAuthCommon(hostname, kSecPolicyAppleEscrowProxyCompatibilityServerAuth, - kSecPolicyNameAppleEscrowProxyService, false, + kSecPolicyNameAppleEscrowProxyService, CFSTR("1.2.840.113635.100.6.27.7.2"), CFSTR("1.2.840.113635.100.6.27.7.1")); } @@ -3491,9 +3618,9 @@ SecPolicyRef SecPolicyCreateAppleCompatibilityEscrowProxyService(CFStringRef hos SecPolicyRef SecPolicyCreateAppleFMiPService(CFStringRef hostname, CFDictionaryRef context) { return SecPolicyCreateAppleServerAuthCommon(hostname, context, kSecPolicyAppleFMiPServerAuth, - kSecPolicyNameAppleFMiPService, false, + kSecPolicyNameAppleFMiPService, &oidAppleCertExtFMiPServerAuthProd, - &oidAppleCertExtFMiPServerAuthTest); + &oidAppleCertExtFMiPServerAuthProdQA); } @@ -3551,18 +3678,35 @@ errOut: SecPolicyRef SecPolicyCreateAppleMMCSService(CFStringRef hostname, CFDictionaryRef context) { return SecPolicyCreateAppleServerAuthCommon(hostname, context, kSecPolicyAppleMMCSService, - kSecPolicyNameAppleMMCSService, false, + kSecPolicyNameAppleMMCSService, &oidAppleCertExtAppleServerAuthenticationMMCSProd, - &oidAppleCertExtAppleServerAuthenticationMMCSTest); + &oidAppleCertExtAppleServerAuthenticationMMCSProdQA); } SecPolicyRef SecPolicyCreateAppleCompatibilityMMCSService(CFStringRef hostname) { return SecPolicyCreateAppleGeoTrustServerAuthCommon(hostname, kSecPolicyAppleMMCSCompatibilityServerAuth, - kSecPolicyNameAppleMMCSService, false, + kSecPolicyNameAppleMMCSService, CFSTR("1.2.840.113635.100.6.27.11.2"), CFSTR("1.2.840.113635.100.6.27.11.1")); } + +SecPolicyRef SecPolicyCreateAppleiCloudSetupService(CFStringRef hostname, CFDictionaryRef context) +{ + return SecPolicyCreateAppleServerAuthCommon(hostname, context, kSecPolicyAppleiCloudSetupServerAuth, + kSecPolicyNameAppleiCloudSetupService, + &oidAppleCertExtAppleServerAuthenticationiCloudSetupProd, + &oidAppleCertExtAppleServerAuthenticationiCloudSetupProdQA); +} + +SecPolicyRef SecPolicyCreateAppleCompatibilityiCloudSetupService(CFStringRef hostname) +{ + return SecPolicyCreateAppleGeoTrustServerAuthCommon(hostname, kSecPolicyAppleiCloudSetupCompatibilityServerAuth, + kSecPolicyNameAppleiCloudSetupService, + CFSTR("1.2.840.113635.100.6.27.15.2"), + CFSTR("1.2.840.113635.100.6.27.15.1")); +} + /*! @function SecPolicyCreateAppleSSLService @abstract Ensure we're appropriately pinned to an Apple server (SSL + Apple restrictions) @@ -3586,6 +3730,9 @@ SecPolicyRef SecPolicyCreateAppleSSLService(CFStringRef hostname) // Check intermediate for Apple Server Authentication intermediate marker (1.2.840.113635.100.6.2.12) add_oid(options, kSecPolicyCheckIntermediateMarkerOid, &oidAppleIntmMarkerAppleServerAuthentication); + /* Check for weak hashes */ + CFDictionaryAddValue(options, kSecPolicyCheckSystemTrustedWeakHash, kCFBooleanTrue); + CFDictionaryAddValue(options, kSecPolicyCheckRevocation, kSecPolicyCheckRevocationAny); SecPolicySetOid(policy, kSecPolicyAppleServerAuthentication); @@ -3667,7 +3814,7 @@ SecPolicyRef SecPolicyCreateTestApplePPQSigning(void) CFSTR("Apple System Integration 2 Certification Authority")); // Check that leaf has extension with "Apple PPQ Signing" test oid (1.2.840.113635.100.6.38.1) - add_leaf_marker(options, &oidAppleCertExtApplePPQSigningTest); + add_leaf_marker(options, &oidAppleCertExtApplePPQSigningProdQA); // Check that intermediate has extension (1.2.840.113635.100.6.2.10) add_oid(options, kSecPolicyCheckIntermediateMarkerOid, &oidAppleIntmMarkerAppleSystemIntg2); @@ -3807,7 +3954,7 @@ SecPolicyRef SecPolicyCreateAppleHomeKitServerAuth(CFStringRef hostname) { add_eku(options, &oidExtendedKeyUsageServerAuth); if (requireUATPinning(kSecPolicyNameAppleHomeKitServerAuth)) { - bool allowUAT = allowUATRoot(false, kSecPolicyNameAppleHomeKitServerAuth, NULL); + bool allowUAT = allowUATRoot(kSecPolicyNameAppleHomeKitServerAuth, NULL); // Cert chain length 3 require(SecPolicyAddChainLengthOptions(options, 3), errOut); @@ -3826,6 +3973,8 @@ SecPolicyRef SecPolicyCreateAppleHomeKitServerAuth(CFStringRef hostname) { add_oid(options, kSecPolicyCheckIntermediateMarkerOid, &oidAppleIntmMarkerAppleHomeKitServerCA); } + /* Check for weak hashes */ + CFDictionaryAddValue(options, kSecPolicyCheckSystemTrustedWeakHash, kCFBooleanTrue); CFDictionaryAddValue(options, kSecPolicyCheckRevocation, kSecPolicyCheckRevocationAny); @@ -3951,7 +4100,7 @@ SecPolicyRef SecPolicyCreateAppleUniqueDeviceCertificate(CFDataRef testRootHash) /* Anchored to the SEP Root CA. Allow alternative root for developers */ require(SecPolicyAddAnchorSHA256Options(options, SEPRootCA_SHA256),errOut); - if (testRootHash && SecIsInternalRelease() && !SecIsProductionFused() && + if (testRootHash && SecIsInternalRelease() && allowTestHierarchyForPolicy(kSecPolicyNameAppleUniqueDeviceCertificate, false) && (kSecPolicySHA256Size == CFDataGetLength(testRootHash))) { add_element(options, kSecPolicyCheckAnchorSHA256, testRootHash); diff --git a/OSX/sec/Security/SecPolicy.h b/OSX/sec/Security/SecPolicy.h deleted file mode 100644 index 60e325e0..00000000 --- a/OSX/sec/Security/SecPolicy.h +++ /dev/null @@ -1,424 +0,0 @@ -/* - * Copyright (c) 2002-2016 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecPolicy - The functions provided in SecPolicy.h provide an interface to various - X.509 certificate trust policies. -*/ - -#ifndef _SECURITY_SECPOLICY_H_ -#define _SECURITY_SECPOLICY_H_ - -#include -#include -#include - -__BEGIN_DECLS - -CF_ASSUME_NONNULL_BEGIN -CF_IMPLICIT_BRIDGING_ENABLED - -/*! - @enum Policy Constants - @discussion Predefined constants used to specify a policy. - @constant kSecPolicyAppleX509Basic - @constant kSecPolicyAppleSSL - @constant kSecPolicyAppleSMIME - @constant kSecPolicyAppleEAP - @constant kSecPolicyAppleiChat - @constant kSecPolicyAppleIPsec - @constant kSecPolicyApplePKINITClient - @constant kSecPolicyApplePKINITServer - @constant kSecPolicyAppleCodeSigning - @constant kSecPolicyMacAppStoreReceipt - @constant kSecPolicyAppleIDValidation - @constant kSecPolicyAppleTimeStamping - @constant kSecPolicyAppleRevocation - @constant kSecPolicyApplePassbookSigning - @constant kSecPolicyApplePayIssuerEncryption -*/ -extern const CFStringRef kSecPolicyAppleX509Basic - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_7_0); -extern const CFStringRef kSecPolicyAppleSSL - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_7_0); -extern const CFStringRef kSecPolicyAppleSMIME - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_7_0); -extern const CFStringRef kSecPolicyAppleEAP - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_7_0); -extern const CFStringRef kSecPolicyAppleIPsec - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_7_0); -#if TARGET_OS_MAC && !TARGET_OS_IPHONE -extern const CFStringRef kSecPolicyAppleiChat - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_7, __MAC_10_9, __IPHONE_NA, __IPHONE_NA); -#endif -extern const CFStringRef kSecPolicyApplePKINITClient - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecPolicyApplePKINITServer - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecPolicyAppleCodeSigning - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_7_0); -extern const CFStringRef kSecPolicyMacAppStoreReceipt - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_9_0); -extern const CFStringRef kSecPolicyAppleIDValidation - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_7_0); -extern const CFStringRef kSecPolicyAppleTimeStamping - __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_7_0); -extern const CFStringRef kSecPolicyAppleRevocation - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); -extern const CFStringRef kSecPolicyApplePassbookSigning - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); -extern const CFStringRef kSecPolicyApplePayIssuerEncryption - __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); - -/*! - @enum Policy Value Constants - @abstract Predefined property key constants used to get or set values in - a dictionary for a policy instance. - @discussion - All policies will have the following read-only value: - kSecPolicyOid (the policy object identifier) - - Additional policy values which your code can optionally set: - kSecPolicyName (name which must be matched) - kSecPolicyClient (evaluate for client, rather than server) - kSecPolicyRevocationFlags (only valid for a revocation policy) - kSecPolicyTeamIdentifier (only valid for a Passbook signing policy) - - @constant kSecPolicyOid Specifies the policy OID (value is a CFStringRef) - @constant kSecPolicyName Specifies a CFStringRef (or CFArrayRef of same) - containing a name which must be matched in the certificate to satisfy - this policy. For SSL/TLS, EAP, and IPSec policies, this specifies the - server name which must match the common name of the certificate. - For S/MIME, this specifies the RFC822 email address. For Passbook - signing, this specifies the pass signer. - @constant kSecPolicyClient Specifies a CFBooleanRef value that indicates - this evaluation should be for a client certificate. If not set (or - false), the policy evaluates the certificate as a server certificate. - @constant kSecPolicyRevocationFlags Specifies a CFNumberRef that holds a - kCFNumberCFIndexType bitmask value. See "Revocation Policy Constants" - for a description of individual bits in this value. - @constant kSecPolicyTeamIdentifier Specifies a CFStringRef containing a - team identifier which must be matched in the certificate to satisfy - this policy. For the Passbook signing policy, this string must match - the Organizational Unit field of the certificate subject. - */ -extern const CFStringRef kSecPolicyOid - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_7_0); -extern const CFStringRef kSecPolicyName - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_7_0); -extern const CFStringRef kSecPolicyClient - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_7_0); -extern const CFStringRef kSecPolicyRevocationFlags - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); -extern const CFStringRef kSecPolicyTeamIdentifier - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); - - -/*! - @function SecPolicyGetTypeID - @abstract Returns the type identifier of SecPolicy instances. - @result The CFTypeID of SecPolicy instances. -*/ -CFTypeID SecPolicyGetTypeID(void) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); - -/*! - @function SecPolicyCopyProperties - @abstract Returns a dictionary of this policy's properties. - @param policyRef A policy reference. - @result A properties dictionary. See "Policy Value Constants" for a list - of currently defined property keys. It is the caller's responsibility to - CFRelease this reference when it is no longer needed. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function returns the properties for a policy, as set by the - policy's construction function or by a prior call to SecPolicySetProperties. -*/ -__nullable -CFDictionaryRef SecPolicyCopyProperties(SecPolicyRef policyRef) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_7_0); - -/*! - @function SecPolicyCreateBasicX509 - @abstract Returns a policy object for the default X.509 policy. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -SecPolicyRef SecPolicyCreateBasicX509(void) - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - -/*! - @function SecPolicyCreateSSL - @abstract Returns a policy object for evaluating SSL certificate chains. - @param server Passing true for this parameter creates a policy for SSL - server certificates. - @param hostname (Optional) If present, the policy will require the specified - hostname to match the hostname in the leaf certificate. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. -*/ -SecPolicyRef SecPolicyCreateSSL(Boolean server, CFStringRef __nullable hostname) - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - -/*! - @enum Revocation Policy Constants - @abstract Predefined constants which allow you to specify how revocation - checking will be performed for a trust evaluation. - @constant kSecRevocationOCSPMethod If this flag is set, perform revocation - checking using OCSP (Online Certificate Status Protocol). - @constant kSecRevocationCRLMethod If this flag is set, perform revocation - checking using the CRL (Certificate Revocation List) method. - @constant kSecRevocationPreferCRL If this flag is set, then CRL revocation - checking will be preferred over OCSP (by default, OCSP is preferred.) - Note that this flag only matters if both revocation methods are specified. - @constant kSecRevocationRequirePositiveResponse If this flag is set, then - the policy will fail unless a verified positive response is obtained. If - the flag is not set, revocation checking is done on a "best attempt" basis, - where failure to reach the server is not considered fatal. - @constant kSecRevocationNetworkAccessDisabled If this flag is set, then - no network access is performed; only locally cached replies are consulted. - @constant kSecRevocationUseAnyAvailableMethod Specifies that either - OCSP or CRL may be used, depending on the method(s) specified in the - certificate and the value of kSecRevocationPreferCRL. - */ -CF_ENUM(CFOptionFlags) { - kSecRevocationOCSPMethod = (1 << 0), - kSecRevocationCRLMethod = (1 << 1), - kSecRevocationPreferCRL = (1 << 2), - kSecRevocationRequirePositiveResponse = (1 << 3), - kSecRevocationNetworkAccessDisabled = (1 << 4), - kSecRevocationUseAnyAvailableMethod = (kSecRevocationOCSPMethod | - kSecRevocationCRLMethod) -}; - -/*! - @function SecPolicyCreateRevocation - @abstract Returns a policy object for checking revocation of certificates. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - @param revocationFlags Flags to specify revocation checking options. - @discussion Use this function to create a revocation policy with behavior - specified by revocationFlags. See the "Revocation Policy Constants" section - for a description of these flags. Note: it is usually not necessary to - create a revocation policy yourself unless you wish to override default - system behavior (e.g. to force a particular method, or to disable - revocation checking entirely.) -*/ -__nullable -SecPolicyRef SecPolicyCreateRevocation(CFOptionFlags revocationFlags) - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); - -/*! - @function SecPolicyCreateWithProperties - @abstract Returns a policy object based on an object identifier for the - policy type. See the "Policy Constants" section for a list of defined - policy object identifiers. - @param policyIdentifier The identifier for the desired policy type. - @param properties (Optional) A properties dictionary. See "Policy Value - Constants" for a list of currently defined property keys. - @result The returned policy reference, or NULL if the policy could not be - created. -*/ -__nullable -SecPolicyRef SecPolicyCreateWithProperties(CFTypeRef policyIdentifier, - CFDictionaryRef __nullable properties) - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); - -CF_IMPLICIT_BRIDGING_DISABLED -CF_ASSUME_NONNULL_END - -/* - * Legacy functions (OS X only) - */ -#if TARGET_OS_MAC && !TARGET_OS_IPHONE -#include - -CF_ASSUME_NONNULL_BEGIN -CF_IMPLICIT_BRIDGING_ENABLED - -/*! - @enum Policy Value Constants (OS X) - @discussion Predefined property key constants used to get or set values in - a dictionary for a policy instance. - - Some policy values may specify CFBooleanRef key usage constraints: - kSecPolicyKU_DigitalSignature - kSecPolicyKU_NonRepudiation - kSecPolicyKU_KeyEncipherment - kSecPolicyKU_DataEncipherment - kSecPolicyKU_KeyAgreement - kSecPolicyKU_KeyCertSign - kSecPolicyKU_CRLSign - kSecPolicyKU_EncipherOnly - kSecPolicyKU_DecipherOnly - - kSecPolicyKU policy values define certificate-level key purposes, - in contrast to the key-level definitions in SecItem.h - - For example, a key in a certificate might be acceptable to use for - signing a CRL, but not for signing another certificate. In either - case, this key would have the ability to sign (i.e. kSecAttrCanSign - is true), but may only sign for specific purposes allowed by these - policy constants. Similarly, a public key might have the capability - to perform encryption or decryption, but the certificate in which it - resides might have a decipher-only certificate policy. - - These constants correspond to values defined in RFC 5280, section - 4.2.1.3 (Key Usage) which define the purpose of a key contained in a - certificate, in contrast to section 4.1.2.7 which define the uses that - a key is capable of. - - Note: these constants are not available on iOS. Your code should - avoid direct reliance on these values for making policy decisions - and use higher level policies where possible. - - @constant kSecPolicyKU_DigitalSignature Specifies that the certificate must - have a key usage that allows it to be used for signing. - @constant kSecPolicyKU_NonRepudiation Specifies that the certificate must - have a key usage that allows it to be used for non-repudiation. - @constant kSecPolicyKU_KeyEncipherment Specifies that the certificate must - have a key usage that allows it to be used for key encipherment. - @constant kSecPolicyKU_DataEncipherment Specifies that the certificate must - have a key usage that allows it to be used for data encipherment. - @constant kSecPolicyKU_KeyAgreement Specifies that the certificate must - have a key usage that allows it to be used for key agreement. - @constant kSecPolicyKU_KeyCertSign Specifies that the certificate must - have a key usage that allows it to be used for signing certificates. - @constant kSecPolicyKU_CRLSign Specifies that the certificate must - have a key usage that allows it to be used for signing CRLs. - @constant kSecPolicyKU_EncipherOnly Specifies that the certificate must - have a key usage that permits it to be used for encryption only. - @constant kSecPolicyKU_DecipherOnly Specifies that the certificate must - have a key usage that permits it to be used for decryption only. - */ -extern const CFStringRef kSecPolicyKU_DigitalSignature - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecPolicyKU_NonRepudiation - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecPolicyKU_KeyEncipherment - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecPolicyKU_DataEncipherment - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecPolicyKU_KeyAgreement - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecPolicyKU_KeyCertSign - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecPolicyKU_CRLSign - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecPolicyKU_EncipherOnly - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -extern const CFStringRef kSecPolicyKU_DecipherOnly - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); - -/*! - @function SecPolicyCreateWithOID - @abstract Returns a policy object based on an object identifier for the - policy type. See the "Policy Constants" section for a list of defined - policy object identifiers. - @param policyOID The OID of the desired policy. - @result The returned policy reference, or NULL if the policy could not be - created. - @discussion This function is deprecated in Mac OS X 10.9 and later; - use SecPolicyCreateWithProperties (or a more specific policy creation - function) instead. -*/ -__nullable -SecPolicyRef SecPolicyCreateWithOID(CFTypeRef policyOID) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_7, __MAC_10_9, __IPHONE_NA, __IPHONE_NA); - -/*! - @function SecPolicyGetOID - @abstract Returns a policy's object identifier. - @param policyRef A policy reference. - @param oid On return, a pointer to the policy's object identifier. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is deprecated in Mac OS X 10.7 and later; - use SecPolicyCopyProperties instead. -*/ -OSStatus SecPolicyGetOID(SecPolicyRef policyRef, CSSM_OID *oid) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA); - -/*! - @function SecPolicyGetValue - @abstract Returns a policy's value. - @param policyRef A policy reference. - @param value On return, a pointer to the policy's value. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is deprecated in Mac OS X 10.7 and later; - use SecPolicyCopyProperties instead. -*/ -OSStatus SecPolicyGetValue(SecPolicyRef policyRef, CSSM_DATA *value) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA); - -/*! - @function SecPolicySetValue - @abstract Sets a policy's value. - @param policyRef A policy reference. - @param value The value to be set into the policy object, replacing any - previous value. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is deprecated in Mac OS X 10.7 and later. Policy - instances should be considered read-only; in cases where your code would - consider changing properties of a policy, it should instead create a new - policy instance with the desired properties. -*/ -OSStatus SecPolicySetValue(SecPolicyRef policyRef, const CSSM_DATA *value) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA); - -/*! - @function SecPolicySetProperties - @abstract Sets a policy's properties. - @param policyRef A policy reference. - @param properties A properties dictionary. See "Policy Value Constants" - for a list of currently defined property keys. This dictionary replaces the - policy's existing properties, if any. Note that the policy OID (specified - by kSecPolicyOid) is a read-only property of the policy and cannot be set. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is deprecated in Mac OS X 10.9 and later. Policy - instances should be considered read-only; in cases where your code would - consider changing properties of a policy, it should instead create a new - policy instance with the desired properties. -*/ -OSStatus SecPolicySetProperties(SecPolicyRef policyRef, - CFDictionaryRef properties) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_7, __MAC_10_9, __IPHONE_NA, __IPHONE_NA); - -/*! - @function SecPolicyGetTPHandle - @abstract Returns the CSSM trust policy handle for the given policy. - @param policyRef A policy reference. - @param tpHandle On return, a pointer to a value of type CSSM_TP_HANDLE. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is deprecated in Mac OS X 10.7 and later. -*/ -OSStatus SecPolicyGetTPHandle(SecPolicyRef policyRef, CSSM_TP_HANDLE *tpHandle) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA); - -CF_IMPLICIT_BRIDGING_DISABLED -CF_ASSUME_NONNULL_END - -#endif /* TARGET_OS_MAC && !TARGET_OS_IPHONE */ - -__END_DECLS - -#endif /* !_SECURITY_SECPOLICY_H_ */ diff --git a/OSX/sec/Security/SecPolicyInternal.h b/OSX/sec/Security/SecPolicyInternal.h index cd522cc4..6e71ad96 100644 --- a/OSX/sec/Security/SecPolicyInternal.h +++ b/OSX/sec/Security/SecPolicyInternal.h @@ -87,9 +87,13 @@ struct __SecPolicy { @constant kSecPolicyCheckRevocationOCSP Use OCSP to perform revocation check. @constant kSecPolicyCheckRevocationCRL Use CRL to perform revocation check. @constant kSecPolicyCheckRevocationAny Use any available method (OCSP or CRL) to perform revocation check. + @constant kSecPolicyCheckRevocationOnline Force an "online" OCSP check. @constant kSecPolicyCheckNoNetworkAccess @@@. @constant kSecPolicyCheckBlackListedLeaf @@@. @constant kSecPolicyCheckUsageConstraints @@@. + @constant kSecPolicyCheckSystemTrustedWeakHash Check whether the leaf or intermediates are using a weak hash in chains that end with a system-trusted anchor. + @constant kSecPolicyCheckIntermediateOrganization Fails if any (non-leaf and non-root) certificates in the chain do not have a matching Organization string. + @constant kSecPolicyCheckIntermediateCountry Fails if any (non-leaf and non-root) certificates in the chain do not have a matching Country string. */ extern const CFStringRef kSecPolicyCheckBasicConstraints; extern const CFStringRef kSecPolicyCheckCriticalExtensions; @@ -129,22 +133,31 @@ extern const CFStringRef kSecPolicyCheckRevocationResponseRequired; extern const CFStringRef kSecPolicyCheckRevocationOCSP; extern const CFStringRef kSecPolicyCheckRevocationCRL; extern const CFStringRef kSecPolicyCheckRevocationAny; +extern const CFStringRef kSecPolicyCheckRevocationOnline; extern const CFStringRef kSecPolicyCheckNoNetworkAccess; extern const CFStringRef kSecPolicyCheckBlackListedLeaf; extern const CFStringRef kSecPolicyCheckBlackListedKey; extern const CFStringRef kSecPolicyCheckGrayListedLeaf; extern const CFStringRef kSecPolicyCheckLeafMarkerOid; extern const CFStringRef kSecPolicyCheckLeafMarkerOidWithoutValueCheck; +extern const CFStringRef kSecPolicyCheckLeafMarkersProdAndQA; extern const CFStringRef kSecPolicyCheckIntermediateMarkerOid; extern const CFStringRef kSecPolicyCheckIntermediateSPKISHA256; extern const CFStringRef kSecPolicyCheckIntermediateEKU; extern const CFStringRef kSecPolicyCheckGrayListedKey; extern const CFStringRef kSecPolicyCheckCertificateTransparency; extern const CFStringRef kSecPolicyCheckUsageConstraints; +extern const CFStringRef kSecPolicyCheckSystemTrustedWeakHash; +extern const CFStringRef kSecPolicyCheckIntermediateOrganization; +extern const CFStringRef kSecPolicyCheckIntermediateCountry; /* Special option for checking Apple Anchors */ extern const CFStringRef kSecPolicyAppleAnchorIncludeTestRoots; +/* Special option for checking Prod and QA Markers */ +extern const CFStringRef kSecPolicyLeafMarkerProd; +extern const CFStringRef kSecPolicyLeafMarkerQA; + SecPolicyRef SecPolicyCreate(CFStringRef oid, CFStringRef name, CFDictionaryRef options); CFDictionaryRef SecPolicyGetOptions(SecPolicyRef policy); @@ -173,6 +186,7 @@ bool SecPolicyCheckCertEAPTrustedServerNames(SecCertificateRef cert, CFTypeRef p bool SecPolicyCheckCertLeafMarkerOid(SecCertificateRef cert, CFTypeRef pvcValue); bool SecPolicyCheckCertLeafMarkerOidWithoutValueCheck(SecCertificateRef cert, CFTypeRef pvcValue); bool SecPolicyCheckCertSignatureHashAlgorithms(SecCertificateRef cert, CFTypeRef pvcValue); +bool SecPolicyCheckCertSubjectCountry(SecCertificateRef cert, CFTypeRef pvcValue); /* diff --git a/OSX/sec/Security/SecPolicyLeafCallbacks.c b/OSX/sec/Security/SecPolicyLeafCallbacks.c index d3783937..eb337104 100644 --- a/OSX/sec/Security/SecPolicyLeafCallbacks.c +++ b/OSX/sec/Security/SecPolicyLeafCallbacks.c @@ -468,6 +468,24 @@ bool SecPolicyCheckCertSubjectOrganizationalUnit(SecCertificateRef cert, CFTypeR return match; } +bool SecPolicyCheckCertSubjectCountry(SecCertificateRef cert, CFTypeRef pvcValue) { + CFStringRef country = pvcValue; + bool match = true; + if (!isString(country)) { + /* @@@ We can't return an error here and making the evaluation fail + won't help much either. */ + return false; + } + CFArrayRef certCountry = SecCertificateCopyCountry(cert); + if (!certCountry || CFArrayGetCount(certCountry) != 1 || + !CFEqual(country, CFArrayGetValueAtIndex(certCountry, 0))) { + /* Subject Country mismatch. */ + match = false; + } + CFReleaseSafe(certCountry); + return match; +} + bool SecPolicyCheckCertEAPTrustedServerNames(SecCertificateRef cert, CFTypeRef pvcValue) { CFArrayRef trustedServerNames = pvcValue; /* No names specified means we accept any name. */ diff --git a/OSX/sec/Security/SecRSAKey.c b/OSX/sec/Security/SecRSAKey.c index 9ecc96cb..842ad6c8 100644 --- a/OSX/sec/Security/SecRSAKey.c +++ b/OSX/sec/Security/SecRSAKey.c @@ -244,10 +244,12 @@ static CFTypeRef SecRSAPublicKeyCopyOperationResult(SecKeyRef key, SecKeyOperati ccrsa_pub_ctx_t pubkey; pubkey.pub = key->key; result = kCFBooleanTrue; + int ccerr = 0; switch (operation) { case kSecKeyOperationTypeEncrypt: if (mode == kSecKeyOperationModePerform) { - // Verify that plaintext is smaller than modulus. + // Verify that plaintext is smaller than modulus. Note that since we already verified that input algorithm + // is kSecKeyAlgorithmRSAEncryptionRawCCUnit, we can safely access in1 CFDataRef contents as cc_unit *. require_action_quiet(ccn_cmpn(ccn_nof_size(CFDataGetLength(in1)), (const cc_unit *)CFDataGetBytePtr(in1), ccrsa_ctx_n(pubkey), ccrsa_ctx_m(pubkey)) < 0, out, (result = NULL, @@ -255,16 +257,16 @@ static CFTypeRef SecRSAPublicKeyCopyOperationResult(SecKeyRef key, SecKeyOperati // Encrypt into output buffer. result = CFDataCreateMutableWithScratch(NULL, ccrsa_block_size(pubkey)); - ccrsa_pub_crypt(pubkey, (cc_unit *)CFDataGetMutableBytePtr((CFMutableDataRef)result), - (const cc_unit *)CFDataGetBytePtr(in1)); + ccerr = ccrsa_pub_crypt(pubkey, (cc_unit *)CFDataGetMutableBytePtr((CFMutableDataRef)result), + (const cc_unit *)CFDataGetBytePtr(in1)); } break; case kSecKeyOperationTypeDecrypt: if (mode == kSecKeyOperationModePerform) { // Decrypt into output buffer. result = CFDataCreateMutableWithScratch(NULL, ccrsa_block_size(pubkey)); - ccrsa_pub_crypt(pubkey, (cc_unit *)CFDataGetMutableBytePtr((CFMutableDataRef)result), - (const cc_unit *)CFDataGetBytePtr(in1)); + ccerr = ccrsa_pub_crypt(pubkey, (cc_unit *)CFDataGetMutableBytePtr((CFMutableDataRef)result), + (const cc_unit *)CFDataGetBytePtr(in1)); } break; default: @@ -272,6 +274,8 @@ static CFTypeRef SecRSAPublicKeyCopyOperationResult(SecKeyRef key, SecKeyOperati break; } + require_noerr_action_quiet(ccerr, out, (CFReleaseNull(result), + SecError(errSecParam, error, CFSTR("rsa_pub_crypt failed, ccerr=%d"), error))); out: return result; } @@ -529,11 +533,13 @@ static CFTypeRef SecRSAPrivateKeyCopyOperationResult(SecKeyRef key, SecKeyOperat CFTypeRef result = kCFNull; ccrsa_full_ctx_t fullkey = { .full = key->key }; + int ccerr = 0; switch (operation) { case kSecKeyOperationTypeSign: if (CFEqual(algorithm, kSecKeyAlgorithmRSASignatureRawCCUnit)) { if (mode == kSecKeyOperationModePerform) { - // Verify that data is smaller than modulus. + // Verify that data is smaller than modulus. Note that since we already verified that input algorithm + // is kSecKeyAlgorithmRSASignatureRawCCUnit, we can safely access in1 CFDataRef contents as cc_unit *. require_action_quiet(ccn_cmpn(ccn_nof_size(CFDataGetLength(in1)), (const cc_unit *)CFDataGetBytePtr(in1), ccrsa_ctx_n(fullkey), ccrsa_ctx_m(fullkey)) < 0, out, (result = NULL, @@ -542,8 +548,8 @@ static CFTypeRef SecRSAPrivateKeyCopyOperationResult(SecKeyRef key, SecKeyOperat // Encrypt buffer and write it to output data. result = CFDataCreateMutableWithScratch(kCFAllocatorDefault, ccrsa_block_size(ccrsa_ctx_public(fullkey))); - ccrsa_priv_crypt(fullkey, (cc_unit *)CFDataGetMutableBytePtr((CFMutableDataRef)result), - (const cc_unit *)CFDataGetBytePtr(in1)); + ccerr = ccrsa_priv_crypt(fullkey, (cc_unit *)CFDataGetMutableBytePtr((CFMutableDataRef)result), + (const cc_unit *)CFDataGetBytePtr(in1)); } else { // Operation is supported. result = kCFBooleanTrue; @@ -555,8 +561,8 @@ static CFTypeRef SecRSAPrivateKeyCopyOperationResult(SecKeyRef key, SecKeyOperat if (mode == kSecKeyOperationModePerform) { // Decrypt buffer and write it to output data. result = CFDataCreateMutableWithScratch(NULL, ccrsa_block_size(fullkey)); - ccrsa_priv_crypt(fullkey, (cc_unit *)CFDataGetMutableBytePtr((CFMutableDataRef)result), - (const cc_unit *)CFDataGetBytePtr(in1)); + ccerr = ccrsa_priv_crypt(fullkey, (cc_unit *)CFDataGetMutableBytePtr((CFMutableDataRef)result), + (const cc_unit *)CFDataGetBytePtr(in1)); } else { // Operation is supported. result = kCFBooleanTrue; @@ -567,6 +573,8 @@ static CFTypeRef SecRSAPrivateKeyCopyOperationResult(SecKeyRef key, SecKeyOperat break; } + require_noerr_action_quiet(ccerr, out, (CFReleaseNull(result), + SecError(errSecParam, error, CFSTR("rsa_priv_crypt failed, ccerr=%d"), error))); out: return result; } diff --git a/OSX/sec/Security/SecRSAKey.h b/OSX/sec/Security/SecRSAKey.h index e54bf82c..4007c70f 100644 --- a/OSX/sec/Security/SecRSAKey.h +++ b/OSX/sec/Security/SecRSAKey.h @@ -36,13 +36,6 @@ __BEGIN_DECLS -typedef struct SecRSAPublicKeyParams { - uint8_t *modulus; /* modulus */ - CFIndex modulusLength; - uint8_t *exponent; /* public exponent */ - CFIndex exponentLength; -} SecRSAPublicKeyParams; - /* Given an RSA public key in encoded form return a SecKeyRef representing that key. Supported encodings are kSecKeyEncodingPkcs1. */ SecKeyRef SecKeyCreateRSAPublicKey(CFAllocatorRef allocator, diff --git a/OSX/sec/Security/SecRandom.h b/OSX/sec/Security/SecRandom.h deleted file mode 100644 index 0ee81c63..00000000 --- a/OSX/sec/Security/SecRandom.h +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2007-2009,2012-2013 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecRandom - The functions provided in SecRandom.h implement high-level accessors - to cryptographically secure random numbers. -*/ - -#ifndef _SECURITY_SECRANDOM_H_ -#define _SECURITY_SECRANDOM_H_ - -#include -#include -#include - -__BEGIN_DECLS - -CF_ASSUME_NONNULL_BEGIN -CF_IMPLICIT_BRIDGING_ENABLED - -/*! - @typedef SecRandomRef - @abstract Reference to a (psuedo) random number generator. -*/ -typedef const struct __SecRandom * SecRandomRef; - -/* This is a synonym for NULL, if you'd rather use a named constant. This - refers to a cryptographically secure random number generator. */ -extern const SecRandomRef kSecRandomDefault - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); - -/*! - @function SecRandomCopyBytes - @abstract Return count random bytes in *bytes, allocated by the caller. - It is critical to check the return value for error - @result Return 0 on success or -1 if something went wrong, check errno - to find out the real error. -*/ -int SecRandomCopyBytes(SecRandomRef __nullable rnd, size_t count, uint8_t *bytes) - __attribute__ ((warn_unused_result)) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); - -CF_IMPLICIT_BRIDGING_DISABLED -CF_ASSUME_NONNULL_END - -__END_DECLS - -#endif /* !_SECURITY_SECRANDOM_H_ */ diff --git a/OSX/sec/Security/SecRecoveryKey.h b/OSX/sec/Security/SecRecoveryKey.h new file mode 100644 index 00000000..65fb59ee --- /dev/null +++ b/OSX/sec/Security/SecRecoveryKey.h @@ -0,0 +1,50 @@ +// +// SecRecoveryKey.h +// +// + +#ifndef SecRecoveryKey_h +#define SecRecoveryKey_h + +#include + +#if __OBJC__ +@class SecRecoveryKey; +#else +typedef struct __SecRecoveryKey SecRecoveryKey; +#endif + +bool +SecRKRegisterBackupPublicKey(SecRecoveryKey *rk, CFErrorRef *error); + +#if __OBJC__ + +SecRecoveryKey * +SecRKCreateRecoveryKey(NSString *recoveryKey); + +NSString * +SecRKCreateRecoveryKeyString(NSError **error); + +NSString * +SecRKCopyAccountRecoveryPassword(SecRecoveryKey *rk); + +NSData * +SecRKCopyBackupFullKey(SecRecoveryKey *rk); + +NSData * +SecRKCopyBackupPublicKey(SecRecoveryKey *rk); + +#else + +SecRecoveryKey * +SecRKCreateRecoveryKey(CFStringRef recoveryKey); + +CFDataRef +SecRKCopyBackupFullKey(SecRecoveryKey *rk); + +CFDataRef +SecRKCopyBackupPublicKey(SecRecoveryKey *rk); + +#endif + +#endif diff --git a/OSX/sec/Security/SecRecoveryKey.m b/OSX/sec/Security/SecRecoveryKey.m new file mode 100644 index 00000000..d379a19e --- /dev/null +++ b/OSX/sec/Security/SecRecoveryKey.m @@ -0,0 +1,248 @@ +// +// SecRecoveryKey.c +// + +#import "SecRecoveryKey.h" + +#import +#import +#import + +#import +#import +#import + +#import + +#import "SecCFAllocator.h" +#import "SecPasswordGenerate.h" +#import "SecBase64.h" + +typedef struct _CFSecRecoveryKey *CFSecRecoveryKeyRef; + + +static uint8_t backupPublicKey[] = { 'B', 'a', 'c', 'k', 'u', ' ', 'P', 'u', 'b', 'l', 'i', 'c', 'k', 'e', 'y' }; +static uint8_t passwordInfoKey[] = { 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', ' ', 's', 'e', 'c', 'r', 'e', 't' }; + +#define RK_BACKUP_HKDF_SIZE 128 +#define RK_PASSWORD_HKDF_SIZE 32 + +CFGiblisFor(CFSecRecoveryKey); + +struct _CFSecRecoveryKey { + CFRuntimeBase _base; + CFDataRef basecode; +}; + +static void +CFSecRecoveryKeyDestroy(CFTypeRef cf) +{ + CFSecRecoveryKeyRef rk = (CFSecRecoveryKeyRef)cf; + CFReleaseNull(rk->basecode); +} + + +static CFStringRef +CFSecRecoveryKeyCopyFormatDescription(CFTypeRef cf, CFDictionaryRef formatOptions) +{ + return CFStringCreateWithFormat(NULL, NULL, CFSTR(""), cf); +} + + +static bool +ValidateRecoveryKey(CFStringRef recoveryKey) +{ + + return SecPasswordValidatePasswordFormat(kSecPasswordTypeiCloudRecoveryKey, recoveryKey, NULL); +} + + +NSString * +SecRKCreateRecoveryKeyString(NSError **error) +{ + CFErrorRef cferror = NULL; + + CFStringRef recoveryKey = SecPasswordGenerate(kSecPasswordTypeiCloudRecoveryKey, &cferror, NULL); + if (recoveryKey == NULL) { + if (error) { + *error = CFBridgingRelease(cferror); + } else { + CFReleaseNull(cferror); + } + return NULL; + } + if (!ValidateRecoveryKey(recoveryKey)) { + CFRelease(recoveryKey); + return NULL; + } + + return (__bridge NSString *)recoveryKey; +} + + +SecRecoveryKey * +SecRKCreateRecoveryKey(NSString *masterKey) +{ + if (!ValidateRecoveryKey((__bridge CFStringRef)masterKey)) + return NULL; + + CFSecRecoveryKeyRef rk = CFTypeAllocate(CFSecRecoveryKey, struct _CFSecRecoveryKey, NULL); + if (rk == NULL) + return NULL; + + rk->basecode = CFStringCreateExternalRepresentation(SecCFAllocatorZeroize(), + (__bridge CFStringRef)masterKey, + kCFStringEncodingUTF8, 0); + if (rk->basecode == NULL) { + CFRelease(rk); + return NULL; + } + + return (__bridge SecRecoveryKey *)rk; +} + +static CFDataRef +SecRKCreateDerivedSecret(CFSecRecoveryKeyRef rk, CFIndex outputLength, + const uint8_t *variant, size_t variantLength) +{ + CFMutableDataRef derived; + int status; + + derived = CFDataCreateMutableWithScratch(SecCFAllocatorZeroize(), outputLength); + if (derived == NULL) + return NULL; + + status = cchkdf(ccsha256_di(), + CFDataGetLength(rk->basecode), CFDataGetBytePtr(rk->basecode), + 4, "salt", + variantLength, variant, + CFDataGetLength(derived), CFDataGetMutableBytePtr(derived)); + if (status) { + CFReleaseNull(derived); + } + return derived; +} + + +NSString * +SecRKCopyAccountRecoveryPassword(SecRecoveryKey *rk) +{ + CFStringRef base64Data = NULL; + CFDataRef derived = NULL; + void *b64string = NULL; + size_t base64Len = 0; + + derived = SecRKCreateDerivedSecret((__bridge CFSecRecoveryKeyRef)rk, + RK_PASSWORD_HKDF_SIZE, + passwordInfoKey, sizeof(passwordInfoKey)); + require(derived, fail); + + base64Len = SecBase64Encode(CFDataGetBytePtr(derived), CFDataGetLength(derived), NULL, 0); + assert(base64Len < 1024); + + b64string = malloc(base64Len); + require(b64string, fail); + + SecBase64Encode(CFDataGetBytePtr(derived), CFDataGetLength(derived), b64string, base64Len); + + base64Data = CFStringCreateWithBytes(SecCFAllocatorZeroize(), + (const UInt8 *)b64string, base64Len, + kCFStringEncodingUTF8, false); + require(base64Data, fail); + +fail: + if (b64string) { + cc_clear(base64Len, b64string); + free(b64string); + } + CFReleaseNull(derived); + + return (__bridge NSString *)base64Data; +} + +#if 0 +NSString * +SecRKCopyAccountRecoveryVerifier(SecRecoveryKey *rk, + NSString *type, + NSData *salt, + NSNumber *iterations, + NSError **error) +{ + /* use verifier create function from AppleIDAuthSupport with dlopen/dlsym + + CFDataRef + AppleIDAuthSupportCreateVerifier(CFStringRef proto, + CFStringRef username, + CFDataRef salt, + CFNumberRef iter, + CFStringRef password, + CFErrorRef *error); + */ + + return NULL; +} +#endif + +static NSData * +RKBackupCreateECKey(SecRecoveryKey *rk, bool fullkey) +{ + CFMutableDataRef publicKeyData = NULL; + CFDataRef derivedSecret = NULL; + ccec_const_cp_t cp = ccec_cp_256(); + CFDataRef result = NULL; + int status; + + ccec_full_ctx_decl_cp(cp, fullKey); + + derivedSecret = SecRKCreateDerivedSecret((__bridge CFSecRecoveryKeyRef)rk, RK_BACKUP_HKDF_SIZE, + backupPublicKey, sizeof(backupPublicKey)); + require(derivedSecret, fail); + + status = ccec_generate_key_deterministic(cp, + CFDataGetLength(derivedSecret), CFDataGetBytePtr(derivedSecret), + ccDRBGGetRngState(), + CCEC_GENKEY_DETERMINISTIC_COMPACT, + fullKey); + require_noerr(status, fail); + + size_t space = ccec_compact_export_size(fullkey, fullKey); + publicKeyData = CFDataCreateMutableWithScratch(SecCFAllocatorZeroize(), space); + require_quiet(publicKeyData, fail); + + ccec_compact_export(fullkey, CFDataGetMutableBytePtr(publicKeyData), fullKey); + + CFTransferRetained(result, publicKeyData); +fail: + CFReleaseNull(derivedSecret); + CFReleaseNull(publicKeyData); + + return (__bridge NSData *)result; +} + +NSData * +SecRKCopyBackupFullKey(SecRecoveryKey *rk) +{ + return RKBackupCreateECKey(rk, true); +} + + +NSData * +SecRKCopyBackupPublicKey(SecRecoveryKey *rk) +{ + return RKBackupCreateECKey(rk, false); +} + +bool +SecRKRegisterBackupPublicKey(SecRecoveryKey *rk, CFErrorRef *error) +{ + CFDataRef backupKey = (__bridge CFDataRef)SecRKCopyBackupPublicKey(rk); + bool res = false; + + require(backupKey, fail); + + res = SOSCCRegisterRecoveryPublicKey(backupKey, error); +fail: + CFReleaseNull(backupKey); + + return res; +} diff --git a/OSX/sec/Security/SecSCEP.c b/OSX/sec/Security/SecSCEP.c index e8f0254d..d436bbc5 100644 --- a/OSX/sec/Security/SecSCEP.c +++ b/OSX/sec/Security/SecSCEP.c @@ -366,7 +366,11 @@ SecSCEPCertifyRequest(CFDataRef request, SecIdentityRef ca_identity, CFDataRef s CFDictionaryRef parameters = NULL; require_noerr(SecIdentityCopyCertificate(ca_identity, &ca_certificate), out); +#if TARGET_OS_IPHONE ca_public_key = SecCertificateCopyPublicKey(ca_certificate); /*@@@*/ +#else + ca_public_key = SecCertificateCopyPublicKey_ios(ca_certificate); +#endif /* unwrap outer layer: */ policy = SecPolicyCreateBasicX509(); diff --git a/OSX/sec/Security/SecSCEP.h b/OSX/sec/Security/SecSCEP.h index dc5c7da4..b173b57f 100644 --- a/OSX/sec/Security/SecSCEP.h +++ b/OSX/sec/Security/SecSCEP.h @@ -101,7 +101,7 @@ SecSCEPGetCertInitial(SecCertificateRef ca_certificate, CFArrayRef subject, CFDi @param certs a PKCS#7 GetCACert response @param ca_fingerprint CFDataRef with CA fingerprint. Size indicates hash type. Recognises SHA-1 and MD5. @param ca_certificate SecCertificateRef CA certificate - @param ra_certificate SecCertificateRef RA certificate. Use both for signing and encryption unless ra_encryption_certificate is also returned. + @param ra_signing_certificate SecCertificateRef RA certificate. Use both for signing and encryption unless ra_encryption_certificate is also returned. @param ra_encryption_certificate SecCertificateRef RA encryption certificate. Returned if there isn't an RA certificate that can both sign and encrypt. @result status errSecSuccess on success. */ diff --git a/OSX/sec/Security/SecTrust.c b/OSX/sec/Security/SecTrust.c index 73ee03c6..6768a063 100644 --- a/OSX/sec/Security/SecTrust.c +++ b/OSX/sec/Security/SecTrust.c @@ -56,6 +56,7 @@ #include #include #include +#include #include "SecRSAKey.h" #include @@ -132,6 +133,9 @@ struct __SecTrust { */ SecTrustResultType _trustResultBeforeExceptions; + /* Dispatch queue for thread-safety */ + dispatch_queue_t _trustQueue; + /* === IMPORTANT! === * Any change to this structure definition * must also be made in the TSecTrust structure, @@ -154,18 +158,19 @@ static CFStringRef SecTrustCopyFormatDescription(CFTypeRef cf, CFDictionaryRef f static void SecTrustDestroy(CFTypeRef cf) { SecTrustRef trust = (SecTrustRef)cf; - CFReleaseSafe(trust->_certificates); - CFReleaseSafe(trust->_policies); - CFReleaseSafe(trust->_responses); - CFReleaseSafe(trust->_SCTs); - CFReleaseSafe(trust->_trustedLogs); - CFReleaseSafe(trust->_verifyDate); - CFReleaseSafe(trust->_anchors); - CFReleaseSafe(trust->_chain); - CFReleaseSafe(trust->_publicKey); - CFReleaseSafe(trust->_details); - CFReleaseSafe(trust->_info); - CFReleaseSafe(trust->_exceptions); + dispatch_release_null(trust->_trustQueue); + CFReleaseNull(trust->_certificates); + CFReleaseNull(trust->_policies); + CFReleaseNull(trust->_responses); + CFReleaseNull(trust->_SCTs); + CFReleaseNull(trust->_trustedLogs); + CFReleaseNull(trust->_verifyDate); + CFReleaseNull(trust->_anchors); + CFReleaseNull(trust->_chain); + CFReleaseNull(trust->_publicKey); + CFReleaseNull(trust->_details); + CFReleaseNull(trust->_info); + CFReleaseNull(trust->_exceptions); if (trust->_legacy_info_array) { free(trust->_legacy_info_array); @@ -239,6 +244,7 @@ errOut: result->_certificates = l_certs; result->_policies = l_policies; result->_keychainsAllowed = true; + result->_trustQueue = dispatch_queue_create("trust", DISPATCH_QUEUE_SERIAL); if (trust) *trust = result; else @@ -247,11 +253,55 @@ errOut: return status; } +OSStatus SecTrustCopyInputCertificates(SecTrustRef trust, CFArrayRef *certificates) { + if (!trust || !certificates) { + return errSecParam; + } + __block CFArrayRef certArray = NULL; + dispatch_sync(trust->_trustQueue, ^{ + certArray = CFArrayCreateCopy(NULL, trust->_certificates); + }); + if (!certArray) { + return errSecAllocate; + } + *certificates = certArray; + return errSecSuccess; +} + +OSStatus SecTrustAddToInputCertificates(SecTrustRef trust, CFTypeRef certificates) { + if (!trust || !certificates) { + return errSecParam; + } + __block CFMutableArrayRef newCertificates = NULL; + dispatch_sync(trust->_trustQueue, ^{ + newCertificates = CFArrayCreateMutableCopy(NULL, 0, trust->_certificates); + }); + + if (isArray(certificates)) { + CFArrayAppendArray(newCertificates, certificates, + CFRangeMake(0, CFArrayGetCount(certificates))); + } else if (CFGetTypeID(certificates) == SecCertificateGetTypeID()) { + CFArrayAppendValue(newCertificates, certificates); + } else { + CFReleaseNull(newCertificates); + return errSecParam; + } + + dispatch_sync(trust->_trustQueue, ^{ + CFReleaseNull(trust->_certificates); + trust->_certificates = (CFArrayRef)newCertificates; + }); + + return errSecSuccess; +} + static void SecTrustSetNeedsEvaluation(SecTrustRef trust) { check(trust); if (trust) { - trust->_trustResult = kSecTrustResultInvalid; - trust->_trustResultBeforeExceptions = kSecTrustResultInvalid; + dispatch_sync(trust->_trustQueue, ^{ + trust->_trustResult = kSecTrustResultInvalid; + trust->_trustResultBeforeExceptions = kSecTrustResultInvalid; + }); } } @@ -274,9 +324,11 @@ OSStatus SecTrustSetAnchorCertificates(SecTrustRef trust, SecTrustSetNeedsEvaluation(trust); if (anchorCertificates) CFRetain(anchorCertificates); - if (trust->_anchors) - CFRelease(trust->_anchors); - trust->_anchors = anchorCertificates; + dispatch_sync(trust->_trustQueue, ^{ + if (trust->_anchors) + CFRelease(trust->_anchors); + trust->_anchors = anchorCertificates; + }); trust->_anchorsOnly = (anchorCertificates != NULL); return errSecSuccess; @@ -287,13 +339,13 @@ OSStatus SecTrustCopyCustomAnchorCertificates(SecTrustRef trust, if (!trust|| !anchors) { return errSecParam; } - CFArrayRef anchorsArray = NULL; - if (trust->_anchors) { - anchorsArray = CFArrayCreateCopy(kCFAllocatorDefault, trust->_anchors); - if (!anchorsArray) { - return errSecAllocate; - } - } + __block CFArrayRef anchorsArray = NULL; + dispatch_sync(trust->_trustQueue, ^{ + if (trust->_anchors) { + anchorsArray = CFArrayCreateCopy(kCFAllocatorDefault, trust->_anchors); + } + }); + *anchors = anchorsArray; return errSecSuccess; } @@ -314,10 +366,11 @@ OSStatus SecTrustSetOCSPResponse(SecTrustRef trust, CFTypeRef responseData) { return errSecParam; } } - if (trust->_responses) - CFRelease(trust->_responses); - trust->_responses = responseArray; - + dispatch_sync(trust->_trustQueue, ^{ + if (trust->_responses) + CFRelease(trust->_responses); + trust->_responses = responseArray; + }); return errSecSuccess; } @@ -326,8 +379,9 @@ OSStatus SecTrustSetSignedCertificateTimestamps(SecTrustRef trust, CFArrayRef sc return errSecParam; } SecTrustSetNeedsEvaluation(trust); - CFRetainAssign(trust->_SCTs, sctArray); - + dispatch_sync(trust->_trustQueue, ^{ + CFRetainAssign(trust->_SCTs, sctArray); + }); return errSecSuccess; } @@ -336,8 +390,9 @@ OSStatus SecTrustSetTrustedLogs(SecTrustRef trust, CFArrayRef trustedLogs) { return errSecParam; } SecTrustSetNeedsEvaluation(trust); - CFRetainAssign(trust->_trustedLogs, trustedLogs); - + dispatch_sync(trust->_trustQueue, ^{ + CFRetainAssign(trust->_trustedLogs, trustedLogs); + }); return errSecSuccess; } @@ -347,8 +402,9 @@ OSStatus SecTrustSetVerifyDate(SecTrustRef trust, CFDateRef verifyDate) { } SecTrustSetNeedsEvaluation(trust); check(verifyDate); - CFRetainAssign(trust->_verifyDate, verifyDate); - + dispatch_sync(trust->_trustQueue, ^{ + CFRetainAssign(trust->_verifyDate, verifyDate); + }); return errSecSuccess; } @@ -359,7 +415,7 @@ OSStatus SecTrustSetPolicies(SecTrustRef trust, CFTypeRef newPolicies) { SecTrustSetNeedsEvaluation(trust); check(newPolicies); - CFArrayRef policyArray = NULL; + __block CFArrayRef policyArray = NULL; if (CFGetTypeID(newPolicies) == CFArrayGetTypeID()) { policyArray = CFArrayCreateCopy(kCFAllocatorDefault, newPolicies); } else if (CFGetTypeID(newPolicies) == SecPolicyGetTypeID()) { @@ -369,9 +425,10 @@ OSStatus SecTrustSetPolicies(SecTrustRef trust, CFTypeRef newPolicies) { return errSecParam; } - if (trust->_policies) - CFRelease(trust->_policies); - trust->_policies = policyArray; + dispatch_sync(trust->_trustQueue, ^{ + CFReleaseSafe(trust->_policies); + trust->_policies = policyArray; + }); return errSecSuccess; } @@ -399,10 +456,10 @@ OSStatus SecTrustCopyPolicies(SecTrustRef trust, CFArrayRef *policies) { if (!trust|| !policies) { return errSecParam; } - if (!trust->_policies) { - return errSecInternal; - } - CFArrayRef policyArray = CFArrayCreateCopy(kCFAllocatorDefault, trust->_policies); + __block CFArrayRef policyArray = NULL; + dispatch_sync(trust->_trustQueue, ^{ + policyArray = CFArrayCreateCopy(kCFAllocatorDefault, trust->_policies); + }); if (!policyArray) { return errSecAllocate; } @@ -473,30 +530,28 @@ OSStatus SecTrustSetNetworkFetchAllowed(SecTrustRef trust, Boolean allowFetch) { if (!trust) { return errSecParam; } - if (!trust->_policies) { - return errSecInternal; - } - if (!allowFetch) { - return SecTrustSetOptionInPolicies(trust->_policies, kSecPolicyCheckNoNetworkAccess, kCFBooleanTrue); - } - else { - return SecTrustRemoveOptionInPolicies(trust->_policies, kSecPolicyCheckNoNetworkAccess); - } - return errSecSuccess; + __block OSStatus status = errSecSuccess; + dispatch_sync(trust->_trustQueue, ^{ + if (!allowFetch) { + status = SecTrustSetOptionInPolicies(trust->_policies, kSecPolicyCheckNoNetworkAccess, kCFBooleanTrue); + } else { + status = SecTrustRemoveOptionInPolicies(trust->_policies, kSecPolicyCheckNoNetworkAccess); + } + }); + return status; } OSStatus SecTrustGetNetworkFetchAllowed(SecTrustRef trust, Boolean *allowFetch) { if (!trust || !allowFetch) { return errSecParam; } - if (!trust->_policies) { - return errSecInternal; - } - CFArrayRef foundValues = NULL; - if ((foundValues = SecTrustCopyOptionsFromPolicies(trust->_policies, kSecPolicyCheckNoNetworkAccess))) { + __block CFArrayRef foundValues = NULL; + dispatch_sync(trust->_trustQueue, ^{ + foundValues = SecTrustCopyOptionsFromPolicies(trust->_policies, kSecPolicyCheckNoNetworkAccess); + }); + if (foundValues) { *allowFetch = false; - } - else { + } else { *allowFetch = true; } CFReleaseNull(foundValues); @@ -504,16 +559,18 @@ OSStatus SecTrustGetNetworkFetchAllowed(SecTrustRef trust, Boolean *allowFetch) } CFAbsoluteTime SecTrustGetVerifyTime(SecTrustRef trust) { - CFAbsoluteTime verifyTime; - if (trust && trust->_verifyDate) { - verifyTime = CFDateGetAbsoluteTime(trust->_verifyDate); - } else { - verifyTime = CFAbsoluteTimeGetCurrent(); - /* Record the verifyDate we ended up using. */ - if (trust) { + __block CFAbsoluteTime verifyTime = CFAbsoluteTimeGetCurrent(); + if (!trust) { + return verifyTime; + } + dispatch_sync(trust->_trustQueue, ^{ + if (trust->_verifyDate) { + verifyTime = CFDateGetAbsoluteTime(trust->_verifyDate); + } else { trust->_verifyDate = CFDateCreate(CFGetAllocator(trust), verifyTime); } - } + }); + return verifyTime; } @@ -530,22 +587,34 @@ OSStatus SecTrustGetTrustResult(SecTrustRef trust, if (!trust || !result) { return errSecParam; } - *result = trust->_trustResult; + dispatch_sync(trust->_trustQueue, ^{ + *result = trust->_trustResult; + }); return errSecSuccess; } static CFStringRef kSecCertificateDetailSHA1Digest = CFSTR("SHA1Digest"); static CFDictionaryRef SecTrustGetExceptionForCertificateAtIndex(SecTrustRef trust, CFIndex ix) { - if (!trust->_exceptions || ix >= CFArrayGetCount(trust->_exceptions)) - return NULL; - CFDictionaryRef exception = (CFDictionaryRef)CFArrayGetValueAtIndex(trust->_exceptions, ix); - if (CFGetTypeID(exception) != CFDictionaryGetTypeID()) - return NULL; + CFDictionaryRef exception = NULL; + __block CFArrayRef exceptions = NULL; + dispatch_sync(trust->_trustQueue, ^{ + exceptions = CFRetainSafe(trust->_exceptions); + }); + if (!exceptions || ix >= CFArrayGetCount(exceptions)) { + goto out; + } - SecCertificateRef certificate = SecTrustGetCertificateAtIndex(trust, ix); - if (!certificate) - return NULL; + SecCertificateRef certificate = SecTrustGetCertificateAtIndex(trust, ix); + if (!certificate) { + goto out; + } + + exception = (CFDictionaryRef)CFArrayGetValueAtIndex(exceptions, ix); + if (CFGetTypeID(exception) != CFDictionaryGetTypeID()) { + exception = NULL; + goto out; + } /* If the exception contains the current certificates sha1Digest in the kSecCertificateDetailSHA1Digest key then we use it otherwise we ignore it. */ @@ -554,9 +623,66 @@ static CFDictionaryRef SecTrustGetExceptionForCertificateAtIndex(SecTrustRef tru if (!digestValue || !CFEqual(sha1Digest, digestValue)) exception = NULL; +out: + CFReleaseSafe(exceptions); return exception; } +struct SecTrustFilteredDetailContext { + CFDictionaryRef exception; + CFMutableDictionaryRef filteredDetail; +}; + +static void SecTrustFilterDetail(const void *key, const void *value, void *context) { + struct SecTrustFilteredDetailContext *ctx = (struct SecTrustFilteredDetailContext *)context; + if (!key || !value || !ctx->exception || !ctx->filteredDetail) { + return; + } + if (CFEqual(kSecCertificateDetailSHA1Digest, key)) { + return; /* ignore SHA1 hash entry */ + } + CFTypeRef exceptionValue = CFDictionaryGetValue(ctx->exception, key); + if (exceptionValue && CFEqual(exceptionValue, value)) { + /* both key and value match the exception */ + CFDictionaryRemoveValue(ctx->filteredDetail, key); + } +} + +CFArrayRef SecTrustCopyFilteredDetails(SecTrustRef trust) { + if (!trust) { + return NULL; + } + SecTrustEvaluateIfNecessary(trust); + __block CFArrayRef details = NULL; + dispatch_sync(trust->_trustQueue, ^{ + details = CFRetainSafe(trust->_details); + }); + CFIndex ix, pathLength = details ? CFArrayGetCount(details) : 0; + CFMutableArrayRef filteredDetails = CFArrayCreateMutable(kCFAllocatorDefault, pathLength, &kCFTypeArrayCallBacks); + if (!filteredDetails) { + CFReleaseNull(details); + return NULL; + } + for (ix = 0; ix < pathLength; ++ix) { + CFDictionaryRef detail = (CFDictionaryRef)CFArrayGetValueAtIndex(details, ix); + CFIndex count = (detail) ? CFDictionaryGetCount(detail) : 0; + CFMutableDictionaryRef filteredDetail = CFDictionaryCreateMutableCopy(kCFAllocatorDefault, count, detail); + CFDictionaryRef exception = SecTrustGetExceptionForCertificateAtIndex(trust, ix); + if (exception) { + /* for each entry in the detail dictionary, remove from filteredDetail + if it also appears in the corresponding exception dictionary. */ + struct SecTrustFilteredDetailContext context = { exception, filteredDetail }; + CFDictionaryApplyFunction(detail, SecTrustFilterDetail, &context); + } + if (filteredDetail) { + CFArrayAppendValue(filteredDetails, filteredDetail); + CFReleaseSafe(filteredDetail); + } + } + CFReleaseNull(details); + return filteredDetails; +} + struct SecTrustCheckExceptionContext { CFDictionaryRef exception; bool exceptionNotFound; @@ -595,24 +721,29 @@ static void SecTrustAddPolicyAnchors(SecTrustRef trust) This is used to evaluate test policies where the anchor is not provided in the root store and may not be able to be supplied by the caller. */ - CFArrayRef policies = (trust) ? trust->_policies : NULL; - if (!policies) { - return; - } + if (!trust) { return; } + __block CFArrayRef policies = NULL; + dispatch_sync(trust->_trustQueue, ^{ + policies = CFRetain(trust->_policies); + }); CFIndex ix, count = CFArrayGetCount(policies); for (ix = 0; ix < count; ++ix) { SecPolicyRef policy = (SecPolicyRef) CFArrayGetValueAtIndex(policies, ix); if (policy) { #if TARGET_OS_IPHONE if (CFEqual(policy->_oid, kSecPolicyAppleTestSMPEncryption)) { - CFReleaseSafe(trust->_anchors); - trust->_anchors = SecTrustCreatePolicyAnchorsArray(_SEC_TestAppleRootCAECC, sizeof(_SEC_TestAppleRootCAECC)); + __block CFArrayRef policyAnchors = SecTrustCreatePolicyAnchorsArray(_SEC_TestAppleRootCAECC, sizeof(_SEC_TestAppleRootCAECC)); + dispatch_sync(trust->_trustQueue, ^{ + CFReleaseSafe(trust->_anchors); + trust->_anchors = policyAnchors; + }); trust->_anchorsOnly = true; break; } #endif } } + CFReleaseSafe(policies); } @@ -657,7 +788,7 @@ static void sectrustshow(CFTypeRef obj, const char *context) } static void cert_trust_dump(SecTrustRef trust) { - SecCertificateRef leaf = (SecCertificateRef) CFArrayGetValueAtIndex(trust->_certificates, 0); + SecCertificateRef leaf = SecTrustGetCertificateAtIndex(trust, 0); CFStringRef name = (leaf) ? SecCertificateCopySubjectSummary(leaf) : NULL; secerror("leaf \"%@\"", name); secerror(": result = %d", (int) trust->_trustResult); @@ -702,32 +833,48 @@ OSStatus SecTrustEvaluate(SecTrustRef trust, SecTrustResultType *result) { return status; } /* post-process trust result based on exceptions */ - SecTrustResultType trustResult = trust->_trustResult; + __block SecTrustResultType trustResult = kSecTrustResultInvalid; + dispatch_sync(trust->_trustQueue, ^{ + trustResult = trust->_trustResult; + }); if (trustResult == kSecTrustResultUnspecified) { /* If leaf is in exceptions -> proceed, otherwise unspecified. */ if (SecTrustGetExceptionForCertificateAtIndex(trust, 0)) trustResult = kSecTrustResultProceed; } else if (trustResult == kSecTrustResultRecoverableTrustFailure) { /* If we have exceptions get details and match to exceptions. */ - CFIndex pathLength = (trust->_details) ? CFArrayGetCount(trust->_details) : 0; + __block CFArrayRef details = NULL; + dispatch_sync(trust->_trustQueue, ^{ + details = CFRetainSafe(trust->_details); + }); + CFIndex pathLength = details ? CFArrayGetCount(details) : 0; struct SecTrustCheckExceptionContext context = {}; CFIndex ix; for (ix = 0; ix < pathLength; ++ix) { - CFDictionaryRef detail = (CFDictionaryRef)CFArrayGetValueAtIndex(trust->_details, ix); + CFDictionaryRef detail = (CFDictionaryRef)CFArrayGetValueAtIndex(details, ix); context.exception = SecTrustGetExceptionForCertificateAtIndex(trust, ix); CFDictionaryApplyFunction(detail, SecTrustCheckException, &context); if (context.exceptionNotFound) { break; } } - if (!trust->_exceptions || !CFArrayGetCount(trust->_exceptions)) { + CFReleaseSafe(details); + __block bool done = false; + dispatch_sync(trust->_trustQueue, ^{ + if (!trust->_exceptions || !CFArrayGetCount(trust->_exceptions)) { + done = true; + } + }); + if (done) { goto DoneCheckingTrust; } if (!context.exceptionNotFound) trustResult = kSecTrustResultProceed; } DoneCheckingTrust: - trust->_trustResult = trustResult; + dispatch_sync(trust->_trustQueue, ^{ + trust->_trustResult = trustResult; + }); /* log to syslog when there is a trust failure */ if (trustResult != kSecTrustResultProceed && @@ -749,12 +896,14 @@ DoneCheckingTrust: OSStatus SecTrustEvaluateAsync(SecTrustRef trust, dispatch_queue_t queue, SecTrustCallback result) { + CFRetainSafe(trust); dispatch_async(queue, ^{ SecTrustResultType trustResult; if (errSecSuccess != SecTrustEvaluate(trust, &trustResult)) { trustResult = kSecTrustResultInvalid; } result(trust, trustResult); + CFReleaseSafe(trust); }); return errSecSuccess; } @@ -983,21 +1132,21 @@ static OSStatus SecTrustValidateInput(SecTrustRef trust) { static void SecTrustPostEvaluate(SecTrustRef trust) { - if (!trust) { return; } - - CFIndex pathLength = (trust->_details) ? CFArrayGetCount(trust->_details) : 0; - CFIndex ix; - for (ix = 0; ix < pathLength; ++ix) { - CFDictionaryRef detail = (CFDictionaryRef)CFArrayGetValueAtIndex(trust->_details, ix); - if ((ix == 0) && CFDictionaryContainsKey(detail, kSecPolicyCheckBlackListedLeaf)) { - trust->_trustResult = kSecTrustResultFatalTrustFailure; - return; - } - if (CFDictionaryContainsKey(detail, kSecPolicyCheckBlackListedKey)) { - trust->_trustResult = kSecTrustResultFatalTrustFailure; - return; - } - } + if (!trust) { return; } + + CFIndex pathLength = (trust->_details) ? CFArrayGetCount(trust->_details) : 0; + CFIndex ix; + for (ix = 0; ix < pathLength; ++ix) { + CFDictionaryRef detail = (CFDictionaryRef)CFArrayGetValueAtIndex(trust->_details, ix); + if ((ix == 0) && CFDictionaryContainsKey(detail, kSecPolicyCheckBlackListedLeaf)) { + trust->_trustResult = kSecTrustResultFatalTrustFailure; + return; + } + if (CFDictionaryContainsKey(detail, kSecPolicyCheckBlackListedKey)) { + trust->_trustResult = kSecTrustResultFatalTrustFailure; + return; + } + } } static OSStatus SecTrustEvaluateIfNecessary(SecTrustRef trust) { @@ -1006,56 +1155,60 @@ static OSStatus SecTrustEvaluateIfNecessary(SecTrustRef trust) { if (!trust) return errSecParam; - if (trust->_trustResult != kSecTrustResultInvalid) - return errSecSuccess; + __block CFAbsoluteTime verifyTime = SecTrustGetVerifyTime(trust); + SecTrustAddPolicyAnchors(trust); + dispatch_sync(trust->_trustQueue, ^{ + if (trust->_trustResult != kSecTrustResultInvalid) { + result = errSecSuccess; + return; + } - trust->_trustResult = kSecTrustResultOtherError; /* to avoid potential recursion */ + trust->_trustResult = kSecTrustResultOtherError; /* to avoid potential recursion */ - CFReleaseNull(trust->_chain); - CFReleaseNull(trust->_details); - CFReleaseNull(trust->_info); - if (trust->_legacy_info_array) { - free(trust->_legacy_info_array); - trust->_legacy_info_array = NULL; - } - if (trust->_legacy_status_array) { - free(trust->_legacy_status_array); - trust->_legacy_status_array = NULL; - } - - os_activity_initiate("SecTrustEvaluateIfNecessary", OS_ACTIVITY_FLAG_DEFAULT, ^{ - SecTrustAddPolicyAnchors(trust); - SecTrustValidateInput(trust); - - /* @@@ Consider an optimization where we keep a side dictionary with the SHA1 hash of ever SecCertificateRef we send, so we only send potential duplicates once, and have the server respond with either just the SHA1 hash of a certificate, or the complete certificate in the response depending on whether the client already sent it, so we don't send back certificates to the client it already has. */ - result = SecOSStatusWith(^bool (CFErrorRef *error) { - trust->_trustResult = SECURITYD_XPC(sec_trust_evaluate, - certs_anchors_bool_bool_policies_responses_scts_logs_date_ag_to_details_info_chain_int_error_request, - trust->_certificates, trust->_anchors, trust->_anchorsOnly, trust->_keychainsAllowed, - trust->_policies, trust->_responses, trust->_SCTs, trust->_trustedLogs, - SecTrustGetVerifyTime(trust), SecAccessGroupsGetCurrent(), - &trust->_details, &trust->_info, &trust->_chain, error); - if (trust->_trustResult == kSecTrustResultInvalid /* TODO check domain */ && - SecErrorGetOSStatus(*error) == errSecNotAvailable && - CFArrayGetCount(trust->_certificates)) { - /* We failed to talk to securityd. The only time this should - happen is when we are running prior to launchd enabling - registration of services. This currently happens when we - are running from the ramdisk. To make ASR happy we initialize - _chain and return success with a failure as the trustResult, to - make it seem like we did a cert evaluation, so ASR can extract - the public key from the leaf. */ - trust->_chain = SecCertificatePathCreate(NULL, (SecCertificateRef)CFArrayGetValueAtIndex(trust->_certificates, 0), NULL); - if (error) - CFReleaseNull(*error); - return true; - } - SecTrustPostEvaluate(trust); - trust->_trustResultBeforeExceptions = trust->_trustResult; - return trust->_trustResult != kSecTrustResultInvalid; + CFReleaseNull(trust->_chain); + CFReleaseNull(trust->_details); + CFReleaseNull(trust->_info); + if (trust->_legacy_info_array) { + free(trust->_legacy_info_array); + trust->_legacy_info_array = NULL; + } + if (trust->_legacy_status_array) { + free(trust->_legacy_status_array); + trust->_legacy_status_array = NULL; + } + + os_activity_initiate("SecTrustEvaluateIfNecessary", OS_ACTIVITY_FLAG_DEFAULT, ^{ + SecTrustValidateInput(trust); + + /* @@@ Consider an optimization where we keep a side dictionary with the SHA1 hash of ever SecCertificateRef we send, so we only send potential duplicates once, and have the server respond with either just the SHA1 hash of a certificate, or the complete certificate in the response depending on whether the client already sent it, so we don't send back certificates to the client it already has. */ + result = SecOSStatusWith(^bool (CFErrorRef *error) { + trust->_trustResult = SECURITYD_XPC(sec_trust_evaluate, + certs_anchors_bool_bool_policies_responses_scts_logs_date_ag_to_details_info_chain_int_error_request, + trust->_certificates, trust->_anchors, trust->_anchorsOnly, trust->_keychainsAllowed, + trust->_policies, trust->_responses, trust->_SCTs, trust->_trustedLogs, + verifyTime, SecAccessGroupsGetCurrent(), + &trust->_details, &trust->_info, &trust->_chain, error); + if (trust->_trustResult == kSecTrustResultInvalid /* TODO check domain */ && + SecErrorGetOSStatus(*error) == errSecNotAvailable && + CFArrayGetCount(trust->_certificates)) { + /* We failed to talk to securityd. The only time this should + happen is when we are running prior to launchd enabling + registration of services. This currently happens when we + are running from the ramdisk. To make ASR happy we initialize + _chain and return success with a failure as the trustResult, to + make it seem like we did a cert evaluation, so ASR can extract + the public key from the leaf. */ + trust->_chain = SecCertificatePathCreate(NULL, (SecCertificateRef)CFArrayGetValueAtIndex(trust->_certificates, 0), NULL); + if (error) + CFReleaseNull(*error); + return true; + } + SecTrustPostEvaluate(trust); + trust->_trustResultBeforeExceptions = trust->_trustResult; + return trust->_trustResult != kSecTrustResultInvalid; + }); }); }); - return result; } @@ -1067,8 +1220,15 @@ static int compare_strings(const void *a1, const void *a2) { } CFStringRef SecTrustCopyFailureDescription(SecTrustRef trust) { + if (!trust) { + return NULL; + } CFMutableStringRef reason = CFStringCreateMutable(NULL, 0); - CFArrayRef details = SecTrustGetDetails(trust); + SecTrustEvaluateIfNecessary(trust); + __block CFArrayRef details = NULL; + dispatch_sync(trust->_trustQueue, ^{ + details = CFRetainSafe(trust->_details); + }); CFIndex pathLength = details ? CFArrayGetCount(details) : 0; for (CFIndex ix = 0; ix < pathLength; ++ix) { CFDictionaryRef detail = (CFDictionaryRef)CFArrayGetValueAtIndex(details, ix); @@ -1094,10 +1254,11 @@ CFStringRef SecTrustCopyFailureDescription(SecTrustRef trust) { CFStringAppend(reason, CFSTR("]")); } } + CFReleaseSafe(details); return reason; } -#if SECTRUST_OSX +#if TARGET_OS_OSX /* On OS X we need SecTrustCopyPublicKey to give us a CDSA-based SecKeyRef, so we will refer to this one internally as SecTrustCopyPublicKey_ios, and call it from SecTrustCopyPublicKey. @@ -1110,40 +1271,33 @@ SecKeyRef SecTrustCopyPublicKey(SecTrustRef trust) if (!trust) { return NULL; } - if (!trust->_publicKey) { - if (!trust->_chain) { - /* Trust hasn't been evaluated yet, first attempt to retrieve public key from leaf cert as is. */ - #if SECTRUST_OSX - trust->_publicKey = SecCertificateCopyPublicKey_ios(SecTrustGetCertificateAtIndex(trust, 0)); - #else - trust->_publicKey = SecCertificateCopyPublicKey(SecTrustGetCertificateAtIndex(trust, 0)); - #endif -#if 0 - if (!trust->_publicKey) { - /* If this fails, use the passed-in certs in order as if they are a valid cert path, - and attempt to extract the key. */ - SecCertificatePathRef path; - // SecCertificatePathCreateWithArray would have crashed if this code was ever called, - // since it expected an array of CFDataRefs, not an array of certificates. - path = SecCertificatePathCreateWithArray(trust->_certificates); - trust->_publicKey = SecCertificatePathCopyPublicKeyAtIndex(path, 0); - CFRelease(path); - } -#endif - if (!trust->_publicKey) { - /* Last resort, we evaluate the trust to get a _chain. */ - SecTrustEvaluateIfNecessary(trust); - } + __block SecKeyRef publicKey = NULL; + dispatch_sync(trust->_trustQueue, ^{ + if (trust->_publicKey) { + publicKey = CFRetainSafe(trust->_publicKey); + return; } - if (trust->_chain) { - trust->_publicKey = SecCertificatePathCopyPublicKeyAtIndex(trust->_chain, 0); + SecCertificateRef leaf = (SecCertificateRef)CFArrayGetValueAtIndex(trust->_certificates, 0); +#if TARGET_OS_OSX + trust->_publicKey = SecCertificateCopyPublicKey_ios(leaf); +#else + trust->_publicKey = SecCertificateCopyPublicKey(leaf); +#endif + if (trust->_publicKey) { + publicKey = CFRetainSafe(trust->_publicKey); } - } - - if (trust->_publicKey) - CFRetain(trust->_publicKey); - - return trust->_publicKey; + }); + /* If we couldn't get a public key from the leaf cert alone. */ + if (!publicKey) { + SecTrustEvaluateIfNecessary(trust); + dispatch_sync(trust->_trustQueue, ^{ + if (trust->_chain) { + trust->_publicKey = SecCertificatePathCopyPublicKeyAtIndex(trust->_chain, 0); + publicKey = CFRetainSafe(trust->_publicKey); + } + }); + } + return publicKey; } CFIndex SecTrustGetCertificateCount(SecTrustRef trust) { @@ -1151,7 +1305,13 @@ CFIndex SecTrustGetCertificateCount(SecTrustRef trust) { return 0; } SecTrustEvaluateIfNecessary(trust); - return (trust->_chain) ? SecCertificatePathGetCount(trust->_chain) : 1; + __block CFIndex certCount = 1; + dispatch_sync(trust->_trustQueue, ^{ + if (trust->_chain) { + certCount = SecCertificatePathGetCount(trust->_chain); + } + }); + return certCount; } SecCertificateRef SecTrustGetCertificateAtIndex(SecTrustRef trust, @@ -1159,11 +1319,20 @@ SecCertificateRef SecTrustGetCertificateAtIndex(SecTrustRef trust, if (!trust) { return NULL; } + __block SecCertificateRef cert = NULL; if (ix == 0) { - return (SecCertificateRef)CFArrayGetValueAtIndex(trust->_certificates, 0); + dispatch_sync(trust->_trustQueue, ^{ + cert = (SecCertificateRef)CFArrayGetValueAtIndex(trust->_certificates, 0); + }); + return cert; } SecTrustEvaluateIfNecessary(trust); - return (trust->_chain) ? SecCertificatePathGetCertificateAtIndex(trust->_chain, ix) : NULL; + dispatch_sync(trust->_trustQueue, ^{ + if (trust->_chain) { + cert = SecCertificatePathGetCertificateAtIndex(trust->_chain, ix); + } + }); + return cert; } CFDictionaryRef SecTrustCopyInfo(SecTrustRef trust) { @@ -1171,9 +1340,10 @@ CFDictionaryRef SecTrustCopyInfo(SecTrustRef trust) { return NULL; } SecTrustEvaluateIfNecessary(trust); - CFDictionaryRef info = trust->_info; - if (info) - CFRetain(info); + __block CFDictionaryRef info = NULL; + dispatch_sync(trust->_trustQueue, ^{ + info = CFRetainSafe(trust->_info); + }); return info; } @@ -1182,7 +1352,11 @@ CFArrayRef SecTrustGetTrustExceptionsArray(SecTrustRef trust) { } CFDataRef SecTrustCopyExceptions(SecTrustRef trust) { - CFArrayRef details = SecTrustGetDetails(trust); + __block CFArrayRef details = NULL; + SecTrustEvaluateIfNecessary(trust); + dispatch_sync(trust->_trustQueue, ^{ + details = CFRetainSafe(trust->_details); + }); CFIndex pathLength = details ? CFArrayGetCount(details) : 0; CFMutableArrayRef exceptions = CFArrayCreateMutable(kCFAllocatorDefault, pathLength, &kCFTypeArrayCallBacks); CFIndex ix; @@ -1218,7 +1392,7 @@ CFDataRef SecTrustCopyExceptions(SecTrustRef trust) { CFDataRef encodedExceptions = CFPropertyListCreateData(kCFAllocatorDefault, exceptions, kCFPropertyListBinaryFormat_v1_0, 0, NULL); CFRelease(exceptions); - + CFReleaseSafe(details); return encodedExceptions; } @@ -1238,20 +1412,24 @@ bool SecTrustSetExceptions(SecTrustRef trust, CFDataRef encodedExceptions) { exceptions = NULL; } - if (trust->_exceptions && !exceptions) { - /* Exceptions are currently set and now we are clearing them. */ - trust->_trustResult = trust->_trustResultBeforeExceptions; - } + dispatch_sync(trust->_trustQueue, ^{ + if (trust->_exceptions && !exceptions) { + /* Exceptions are currently set and now we are clearing them. */ + trust->_trustResult = trust->_trustResultBeforeExceptions; + } - CFReleaseSafe(trust->_exceptions); - trust->_exceptions = exceptions; + CFReleaseSafe(trust->_exceptions); + trust->_exceptions = exceptions; + }); /* If there is a valid exception entry for our current leaf we're golden. */ if (SecTrustGetExceptionForCertificateAtIndex(trust, 0)) return true; /* The passed in exceptions didn't match our current leaf, so we discard it. */ - CFReleaseNull(trust->_exceptions); + dispatch_sync(trust->_trustQueue, ^{ + CFReleaseNull(trust->_exceptions); + }); return false; } @@ -1449,14 +1627,21 @@ static void appendError(CFMutableArrayRef properties, CFStringRef error) { CFReleaseNull(localizedError); } -#if SECTRUST_OSX || !TARGET_OS_IPHONE +#if TARGET_OS_OSX /* OS X properties array has a different structure and is implemented SecTrust.cpp. */ CFArrayRef SecTrustCopyProperties_ios(SecTrustRef trust) #else CFArrayRef SecTrustCopyProperties(SecTrustRef trust) #endif { - CFArrayRef details = SecTrustGetDetails(trust); + if (!trust) { + return NULL; + } + SecTrustEvaluateIfNecessary(trust); + __block CFArrayRef details = NULL; + dispatch_sync(trust->_trustQueue, ^{ + details = CFRetainSafe(trust->_details); + }); if (!details) return NULL; @@ -1506,6 +1691,7 @@ CFArrayRef SecTrustCopyProperties(SecTrustRef trust) CFReleaseNull(properties); } + CFReleaseNull(details); return properties; } @@ -1514,73 +1700,76 @@ CFDictionaryRef SecTrustCopyResult(SecTrustRef trust) { if (!trust) { return NULL; } - CFMutableDictionaryRef results = CFDictionaryCreateMutable(NULL, 0, + __block CFMutableDictionaryRef results = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - // kSecTrustResultDetails (per-cert results) - CFArrayRef details = SecTrustGetDetails(trust); - if (details) { - CFDictionarySetValue(results, (const void *)kSecTrustResultDetails, (const void *)details); - } + SecTrustEvaluateIfNecessary(trust); + dispatch_sync(trust->_trustQueue, ^{ + // kSecTrustResultDetails (per-cert results) + CFArrayRef details = trust->_details; + if (details) { + CFDictionarySetValue(results, (const void *)kSecTrustResultDetails, (const void *)details); + } - // kSecTrustResultValue (overall trust result) - CFNumberRef numValue = CFNumberCreate(NULL, kCFNumberSInt32Type, &trust->_trustResult); - if (numValue) { - CFDictionarySetValue(results, (const void *)kSecTrustResultValue, (const void *)numValue); - CFRelease(numValue); - } - CFDictionaryRef info = trust->_info; - if (trust->_trustResult == kSecTrustResultInvalid || !info) { - return results; // we have nothing more to add - } + // kSecTrustResultValue (overall trust result) + CFNumberRef numValue = CFNumberCreate(NULL, kCFNumberSInt32Type, &trust->_trustResult); + if (numValue) { + CFDictionarySetValue(results, (const void *)kSecTrustResultValue, (const void *)numValue); + CFRelease(numValue); + } + CFDictionaryRef info = trust->_info; + if (trust->_trustResult == kSecTrustResultInvalid || !info) { + return; // we have nothing more to add + } - // kSecTrustEvaluationDate - CFDateRef evaluationDate = trust->_verifyDate; - if (evaluationDate) { - CFDictionarySetValue(results, (const void *)kSecTrustEvaluationDate, (const void *)evaluationDate); - } + // kSecTrustEvaluationDate + CFDateRef evaluationDate = trust->_verifyDate; + if (evaluationDate) { + CFDictionarySetValue(results, (const void *)kSecTrustEvaluationDate, (const void *)evaluationDate); + } - // kSecTrustCertificateTransparency - CFBooleanRef ctValue; - if (CFDictionaryGetValueIfPresent(info, kSecTrustInfoCertificateTransparencyKey, (const void **)&ctValue)) { - CFDictionarySetValue(results, (const void *)kSecTrustCertificateTransparency, (const void *)ctValue); - } + // kSecTrustCertificateTransparency + CFBooleanRef ctValue; + if (CFDictionaryGetValueIfPresent(info, kSecTrustInfoCertificateTransparencyKey, (const void **)&ctValue)) { + CFDictionarySetValue(results, (const void *)kSecTrustCertificateTransparency, (const void *)ctValue); + } - // kSecTrustCertificateTransparencyWhiteList - CFBooleanRef ctWhiteListValue; - if (CFDictionaryGetValueIfPresent(info, kSecTrustInfoCertificateTransparencyWhiteListKey, (const void **)&ctWhiteListValue)) { - CFDictionarySetValue(results, (const void *)kSecTrustCertificateTransparencyWhiteList, (const void *)ctWhiteListValue); - } + // kSecTrustCertificateTransparencyWhiteList + CFBooleanRef ctWhiteListValue; + if (CFDictionaryGetValueIfPresent(info, kSecTrustInfoCertificateTransparencyWhiteListKey, (const void **)&ctWhiteListValue)) { + CFDictionarySetValue(results, (const void *)kSecTrustCertificateTransparencyWhiteList, (const void *)ctWhiteListValue); + } - // kSecTrustExtendedValidation - CFBooleanRef evValue; - if (CFDictionaryGetValueIfPresent(info, kSecTrustInfoExtendedValidationKey, (const void **)&evValue)) { - CFDictionarySetValue(results, (const void *)kSecTrustExtendedValidation, (const void *)evValue); - } + // kSecTrustExtendedValidation + CFBooleanRef evValue; + if (CFDictionaryGetValueIfPresent(info, kSecTrustInfoExtendedValidationKey, (const void **)&evValue)) { + CFDictionarySetValue(results, (const void *)kSecTrustExtendedValidation, (const void *)evValue); + } - // kSecTrustOrganizationName - CFStringRef organizationName; - if (CFDictionaryGetValueIfPresent(info, kSecTrustInfoCompanyNameKey, (const void **)&organizationName)) { - CFDictionarySetValue(results, (const void *)kSecTrustOrganizationName, (const void *)organizationName); - } + // kSecTrustOrganizationName + CFStringRef organizationName; + if (CFDictionaryGetValueIfPresent(info, kSecTrustInfoCompanyNameKey, (const void **)&organizationName)) { + CFDictionarySetValue(results, (const void *)kSecTrustOrganizationName, (const void *)organizationName); + } - // kSecTrustRevocationChecked - CFBooleanRef revocationChecked; - if (CFDictionaryGetValueIfPresent(info, kSecTrustRevocationChecked, (const void **)&revocationChecked)) { - CFDictionarySetValue(results, (const void *)kSecTrustRevocationChecked, (const void *)revocationChecked); - } + // kSecTrustRevocationChecked + CFBooleanRef revocationChecked; + if (CFDictionaryGetValueIfPresent(info, kSecTrustRevocationChecked, (const void **)&revocationChecked)) { + CFDictionarySetValue(results, (const void *)kSecTrustRevocationChecked, (const void *)revocationChecked); + } - // kSecTrustRevocationReason - CFNumberRef revocationReason; - if (CFDictionaryGetValueIfPresent(info, kSecTrustRevocationReason, (const void **)&revocationReason)) { - CFDictionarySetValue(results, (const void *)kSecTrustRevocationReason, (const void *)revocationReason); - } + // kSecTrustRevocationReason + CFNumberRef revocationReason; + if (CFDictionaryGetValueIfPresent(info, kSecTrustRevocationReason, (const void **)&revocationReason)) { + CFDictionarySetValue(results, (const void *)kSecTrustRevocationReason, (const void *)revocationReason); + } - // kSecTrustRevocationValidUntilDate - CFDateRef validUntilDate; - if (CFDictionaryGetValueIfPresent(info, kSecTrustRevocationValidUntilDate, (const void **)&validUntilDate)) { - CFDictionarySetValue(results, (const void *)kSecTrustRevocationValidUntilDate, (const void *)validUntilDate); - } + // kSecTrustRevocationValidUntilDate + CFDateRef validUntilDate; + if (CFDictionaryGetValueIfPresent(info, kSecTrustRevocationValidUntilDate, (const void **)&validUntilDate)) { + CFDictionarySetValue(results, (const void *)kSecTrustRevocationValidUntilDate, (const void *)validUntilDate); + } + }); return results; } @@ -1659,41 +1848,49 @@ OSStatus SecTrustEvaluateLeafOnly(SecTrustRef trust, SecTrustResultType *result) return errSecParam; } OSStatus status = errSecSuccess; + SecTrustResultType trustResult = kSecTrustResultInvalid; if((status = SecTrustValidateInput(trust))) { return status; } struct OpaqueSecLeafPVC pvc; - SecCertificateRef leaf = (SecCertificateRef)CFArrayGetValueAtIndex(trust->_certificates, 0); - - SecLeafPVCInit(&pvc, leaf, trust->_policies, SecTrustGetVerifyTime(trust)); + SecCertificateRef leaf = SecTrustGetCertificateAtIndex(trust, 0); + __block CFArrayRef policies = NULL; + dispatch_sync(trust->_trustQueue, ^{ + policies = CFRetainSafe(trust->_policies); + }); + SecLeafPVCInit(&pvc, leaf, policies, SecTrustGetVerifyTime(trust)); if(!SecLeafPVCLeafChecks(&pvc)) { - trust->_trustResult = kSecTrustResultRecoverableTrustFailure; + trustResult = kSecTrustResultRecoverableTrustFailure; } else { - trust->_trustResult = kSecTrustResultUnspecified; + trustResult = kSecTrustResultUnspecified; } /* Set other result context information */ - trust->_details = CFRetainSafe(pvc.details); - trust->_info = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, - &kCFTypeDictionaryKeyCallBacks, - &kCFTypeDictionaryValueCallBacks); - trust->_chain = SecCertificatePathCreate(NULL, (SecCertificateRef)CFArrayGetValueAtIndex(trust->_certificates, 0), NULL); + dispatch_sync(trust->_trustQueue, ^{ + trust->_trustResult = trustResult; + trust->_details = CFRetainSafe(pvc.details); + trust->_info = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, + &kCFTypeDictionaryKeyCallBacks, + &kCFTypeDictionaryValueCallBacks); + trust->_chain = SecCertificatePathCreate(NULL, (SecCertificateRef)CFArrayGetValueAtIndex(trust->_certificates, 0), NULL); + }); SecLeafPVCDelete(&pvc); /* log to syslog when there is a trust failure */ - if (trust->_trustResult != kSecTrustResultUnspecified) { + if (trustResult != kSecTrustResultUnspecified) { CFStringRef failureDesc = SecTrustCopyFailureDescription(trust); secerror("%@", failureDesc); CFRelease(failureDesc); } if (result) { - *result = trust->_trustResult; + *result = trustResult; } + CFReleaseSafe(policies); return status; } @@ -1708,7 +1905,7 @@ static void deserializeCert(const void *value, void *context) { } } -static CFArrayRef SecCertificateArrayDeserialize(CFArrayRef serializedCertificates) { +static CF_RETURNS_RETAINED CFArrayRef SecCertificateArrayDeserialize(CFArrayRef serializedCertificates) { CFMutableArrayRef result = NULL; require_quiet(isArray(serializedCertificates), errOut); CFIndex count = CFArrayGetCount(serializedCertificates); @@ -1742,76 +1939,77 @@ errOut: } static CFPropertyListRef SecTrustCopyPlist(SecTrustRef trust) { - CFMutableDictionaryRef output = NULL; - CFNumberRef trustResult = NULL; - + __block CFMutableDictionaryRef output = NULL; output = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - if (trust->_certificates) { - CFArrayRef serializedCerts = SecCertificateArraySerialize(trust->_certificates); - if (serializedCerts) { - CFDictionaryAddValue(output, CFSTR(kSecTrustCertificatesKey), serializedCerts); - CFRelease(serializedCerts); + + dispatch_sync(trust->_trustQueue, ^{ + if (trust->_certificates) { + CFArrayRef serializedCerts = SecCertificateArraySerialize(trust->_certificates); + if (serializedCerts) { + CFDictionaryAddValue(output, CFSTR(kSecTrustCertificatesKey), serializedCerts); + CFRelease(serializedCerts); + } } - } - if (trust->_anchors) { - CFArrayRef serializedAnchors = SecCertificateArraySerialize(trust->_anchors); - if (serializedAnchors) { - CFDictionaryAddValue(output, CFSTR(kSecTrustAnchorsKey), serializedAnchors); - CFRelease(serializedAnchors); + if (trust->_anchors) { + CFArrayRef serializedAnchors = SecCertificateArraySerialize(trust->_anchors); + if (serializedAnchors) { + CFDictionaryAddValue(output, CFSTR(kSecTrustAnchorsKey), serializedAnchors); + CFRelease(serializedAnchors); + } } - } - if (trust->_policies) { - CFArrayRef serializedPolicies = SecPolicyArrayCreateSerialized(trust->_policies); - if (serializedPolicies) { - CFDictionaryAddValue(output, CFSTR(kSecTrustPoliciesKey), serializedPolicies); - CFRelease(serializedPolicies); + if (trust->_policies) { + CFArrayRef serializedPolicies = SecPolicyArrayCreateSerialized(trust->_policies); + if (serializedPolicies) { + CFDictionaryAddValue(output, CFSTR(kSecTrustPoliciesKey), serializedPolicies); + CFRelease(serializedPolicies); + } } - } - if (trust->_responses) { - CFDictionaryAddValue(output, CFSTR(kSecTrustResponsesKey), trust->_responses); - } - if (trust->_SCTs) { - CFDictionaryAddValue(output, CFSTR(kSecTrustSCTsKey), trust->_SCTs); - } - if (trust->_trustedLogs) { - CFDictionaryAddValue(output, CFSTR(kSecTrustTrustedLogsKey), trust->_trustedLogs); - } - if (trust->_verifyDate) { - CFDictionaryAddValue(output, CFSTR(kSecTrustVerifyDateKey), trust->_verifyDate); - } - if (trust->_chain) { - CFArrayRef serializedChain = SecCertificatePathCreateSerialized(trust->_chain, NULL); - if (serializedChain) { - CFDictionaryAddValue(output, CFSTR(kSecTrustChainKey), serializedChain); - CFRelease(serializedChain); + if (trust->_responses) { + CFDictionaryAddValue(output, CFSTR(kSecTrustResponsesKey), trust->_responses); } - } - if (trust->_details) { - CFDictionaryAddValue(output, CFSTR(kSecTrustDetailsKey), trust->_details); - } - if (trust->_info) { - CFDictionaryAddValue(output, CFSTR(kSecTrustInfoKey), trust->_info); - } - if (trust->_exceptions) { - CFDictionaryAddValue(output, CFSTR(kSecTrustExceptionsKey), trust->_exceptions); - } - trustResult = CFNumberCreate(NULL, kCFNumberSInt32Type, &trust->_trustResult); - if (trustResult) { - CFDictionaryAddValue(output, CFSTR(kSecTrustResultKey), trustResult); - } - if (trust->_anchorsOnly) { - CFDictionaryAddValue(output, CFSTR(kSecTrustAnchorsOnlyKey), kCFBooleanTrue); - } else { - CFDictionaryAddValue(output, CFSTR(kSecTrustAnchorsOnlyKey), kCFBooleanFalse); - } - if (trust->_keychainsAllowed) { - CFDictionaryAddValue(output, CFSTR(kSecTrustKeychainsAllowedKey), kCFBooleanTrue); - } else { - CFDictionaryAddValue(output, CFSTR(kSecTrustKeychainsAllowedKey), kCFBooleanFalse); - } + if (trust->_SCTs) { + CFDictionaryAddValue(output, CFSTR(kSecTrustSCTsKey), trust->_SCTs); + } + if (trust->_trustedLogs) { + CFDictionaryAddValue(output, CFSTR(kSecTrustTrustedLogsKey), trust->_trustedLogs); + } + if (trust->_verifyDate) { + CFDictionaryAddValue(output, CFSTR(kSecTrustVerifyDateKey), trust->_verifyDate); + } + if (trust->_chain) { + CFArrayRef serializedChain = SecCertificatePathCreateSerialized(trust->_chain, NULL); + if (serializedChain) { + CFDictionaryAddValue(output, CFSTR(kSecTrustChainKey), serializedChain); + CFRelease(serializedChain); + } + } + if (trust->_details) { + CFDictionaryAddValue(output, CFSTR(kSecTrustDetailsKey), trust->_details); + } + if (trust->_info) { + CFDictionaryAddValue(output, CFSTR(kSecTrustInfoKey), trust->_info); + } + if (trust->_exceptions) { + CFDictionaryAddValue(output, CFSTR(kSecTrustExceptionsKey), trust->_exceptions); + } + CFNumberRef trustResult = CFNumberCreate(NULL, kCFNumberSInt32Type, &trust->_trustResult); + if (trustResult) { + CFDictionaryAddValue(output, CFSTR(kSecTrustResultKey), trustResult); + } + CFReleaseNull(trustResult); + if (trust->_anchorsOnly) { + CFDictionaryAddValue(output, CFSTR(kSecTrustAnchorsOnlyKey), kCFBooleanTrue); + } else { + CFDictionaryAddValue(output, CFSTR(kSecTrustAnchorsOnlyKey), kCFBooleanFalse); + } + if (trust->_keychainsAllowed) { + CFDictionaryAddValue(output, CFSTR(kSecTrustKeychainsAllowedKey), kCFBooleanTrue); + } else { + CFDictionaryAddValue(output, CFSTR(kSecTrustKeychainsAllowedKey), kCFBooleanFalse); + } + }); - CFReleaseNull(trustResult); return output; } @@ -1871,7 +2069,7 @@ static OSStatus SecTrustCreateFromPlist(CFPropertyListRef plist, SecTrustRef CF_ } serializedChain = CFDictionaryGetValue(plist, CFSTR(kSecTrustChainKey)); if (isArray(serializedChain)) { - chain = SecCertificatPathCreateDeserialized(serializedChain, NULL); + chain = SecCertificatePathCreateDeserialized(serializedChain, NULL); output->_chain = chain; } details = CFDictionaryGetValue(plist, CFSTR(kSecTrustDetailsKey)); @@ -1925,416 +2123,3 @@ out: CFReleaseNull(plist); return trust; } - -#if 0 -// MARK: - -// MARK: SecTrustNode -/******************************************************** - **************** SecTrustNode object ******************* - ********************************************************/ -typedef uint8_t SecFetchingState; -enum { - kSecFetchingStatePassedIn = 0, - kSecFetchingStateLocal, - kSecFetchingStateFromURL, - kSecFetchingStateDone, -}; - -typedef uint8_t SecTrustState; -enum { - kSecTrustStateUnknown = 0, - kSecTrustStateNotSigner, - kSecTrustStateValidSigner, -}; - -typedef struct __SecTrustNode *SecTrustNodeRef; -struct __SecTrustNode { - SecTrustNodeRef _child; - SecCertificateRef _certificate; - - /* Cached information about _certificate */ - bool _isAnchor; - bool _isSelfSigned; - - /* Set of all certificates we have ever considered as a parent. We use - this to avoid having to recheck certs when we go to the next phase. */ - CFMutableSet _certificates; - - /* Parents that are still partial chains we haven't yet considered. */ - CFMutableSet _partials; - /* Parents that are still partial chains we have rejected. We reconsider - these if we get to the final phase and we still haven't found a valid - candidate. */ - CFMutableSet _rejected_partials; - - /* Parents that are complete chains we haven't yet considered. */ - CFMutableSet _candidates; - /* Parents that are complete chains we have rejected. */ - CFMutableSet _rejected_candidates; - - /* State of candidate fetching. */ - SecFetchingState _fetchingState; - - /* Trust state of _candidates[_candidateIndex] */ - SecTrustState _trustState; -}; -typedef struct __SecTrustNode SecTrustNode; - -/* Forward declarations of static functions. */ -static CFStringRef SecTrustNodeDescribe(CFTypeRef cf); -static void SecTrustNodeDestroy(CFTypeRef cf); - -/* Static functions. */ -static CFStringRef SecTrustNodeCopyDescription(CFTypeRef cf) { - SecTrustNodeRef node = (SecTrustNodeRef)cf; - return CFStringCreateWithFormat(kCFAllocatorDefault, NULL, - CFSTR(""), node); -} - -static void SecTrustNodeDestroy(CFTypeRef cf) { - SecTrustNodeRef trust = (SecTrustNodeRef)cf; - if (trust->_child) { - free(trust->_child); - } - if (trust->_certificate) { - free(trust->_certificate); - } - if (trust->_candidates) { - CFRelease(trust->_candidates); - } -} - -/* SecTrustNode API functions. */ -CFGiblisFor(SecTrustNode) - -SecTrustNodeRef SecTrustNodeCreate(SecTrustRef trust, - SecCertificateRef certificate, SecTrustNodeRef child) { - CFAllocatorRef allocator = kCFAllocatorDefault; - check(trust); - check(certificate); - - CFIndex size = sizeof(struct __SecTrustNode); - SecTrustNodeRef result = (SecTrustNodeRef)_CFRuntimeCreateInstance( - allocator, SecTrustNodeGetTypeID(), size - sizeof(CFRuntimeBase), 0); - if (!result) - return NULL; - - memset((char*)result + sizeof(result->_base), 0, - sizeof(*result) - sizeof(result->_base)); - if (child) { - CFRetain(child); - result->_child = child; - } - CFRetain(certificate); - result->_certificate = certificate; - result->_isAnchor = SecTrustCertificateIsAnchor(certificate); - - return result; -} - -SecCertificateRef SecTrustGetCertificate(SecTrustNodeRef node) { - check(node); - return node->_certificate; -} - -CFArrayRef SecTrustNodeCopyProperties(SecTrustNodeRef node, - SecTrustRef trust) { - check(node); - check(trust); - CFMutableArrayRef summary = SecCertificateCopySummaryProperties( - node->_certificate, SecTrustGetVerifyTime(trust)); - /* FIXME Add more details in the failure case. */ - return summary; -} - -/* Attempt to verify this node's signature chain down to the child. */ -SecTrustState SecTrustNodeVerifySignatureChain(SecTrustNodeRef node) { - /* FIXME */ - return kSecTrustStateUnknown; -} - - -/* See if the next candidate works. */ -SecTrustNodeRef SecTrustNodeCopyNextCandidate(SecTrustNodeRef node, - SecTrustRef trust, SecFetchingState fetchingState) { - check(node); - check(trust); - - CFAbsoluteTime verifyTime = SecTrustGetVerifyTime(trust); - - for (;;) { - /* If we have any unconsidered candidates left check those first. */ - while (node->_candidateIndex < CFArrayGetCount(node->_candidates)) { - SecCertificateRef candidate = (SecCertificateRef) - CFArrayGetValueAtIndex(node->_candidates, node->_candidateIndex); - if (node->_fetchingState != kSecFetchingStateDone) { - /* If we still have potential sources to fetch other candidates - from we ignore expired candidates. */ - if (!SecCertificateIsValidOn(candidate, verifyTime)) { - node->_candidateIndex++; - continue; - } - } - - SecTrustNodeRef parent = SecTrustNodeCreate(candidate, node); - CFArrayRemoveValueAtIndex(node->_candidates, node->_candidateIndex); - if (SecTrustNodeVerifySignatureChain(parent) == - kSecTrustStateNotSigner) { - /* This candidate parent is not a valid signer of its - child. */ - CFRelease(parent); - /* If another signature failed further down the chain we need - to backtrack down to whatever child is still a valid - candidate and has additional candidates to consider. - @@@ We really want to make the fetchingState a global of - SecTrust itself as well and not have any node go beyond the - current state of SecTrust if there are other (read cheap) - options to consider. */ - continue; - } - return parent; - } - - /* We've run out of candidates in our current state so let's try to - find some more. Note we fetch candidates in increasing order of - cost in the hope we won't ever get to the more expensive fetching - methods. */ - SecCertificateRef certificate = node->_certificate; - switch (node->_fetchingState) { - case kSecFetchingStatePassedIn: - /* Get the list of candidates from SecTrust. */ - CFDataRef akid = SecCertificateGetAuthorityKeyID(certificate); - if (akid) { - SecTrustAppendCandidatesWithAuthorityKeyID(akid, node->_candidates); - } else { - CFDataRef issuer = - SecCertificateGetNormalizedIssuerContent(certificate); - SecTrustAppendCandidatesWithSubject(issuer, node->_candidates); - } - node->_fetchingState = kSecFetchingStateLocal; - break; - case kSecFetchingStateLocal: - /* Lookup candidates in the local database. */ - node->_fetchingState = kSecFetchingStateFromURL; - break; - case kSecFetchingStateFromURL: - node->_fetchingState = kSecFetchingStateCheckExpired; - break; - case kSecFetchingStateCheckExpired: - /* Time to start considering expired candidates as well. */ - node->_candidateIndex = 0; - node->_fetchingState = kSecFetchingStateDone; - break; - case kSecFetchingStateDone; - return NULL; - } - } - - CFAllocatorRef allocator = CFGetAllocator(node); - - /* A trust node has a number of states. - 1) Look for issuing certificates by asking SecTrust about known - parent certificates. - 2) Look for issuing certificates in certificate databases (keychains) - 3) Look for issuing certificates by going out to the web if the nodes - certificate has a issuer location URL. - 4) Look through expired or not yet valid candidates we have put aside. - - We go though the stages 1 though 3 looking for candidate issuer - certificates. If a candidate certificate is not valid at verifyTime - we put it in a to be examined later queue. If a candidate certificate - is valid we verify if it actually signed our certificate (if possible). - If not we discard it and continue on to the next candidate certificate. - If it is we return a new SecTrustNodeRef for that certificate. */ - - CFMutableArrayRef issuers = CFArrayCreateMutable(allocator, 0, - &kCFTypeArrayCallBacks); - - /* Find a node's parent. */ - certificate = node->_certificate; - CFDataRef akid = SecCertificateGetAuthorityKeyID(certificate); - CFTypeRef candidates = NULL; - if (akid) { - candidates = (CFTypeRef)CFDictionaryGetValueForKey(skidDict, akid); - if (candidates) { - addValidIssuersFrom(issuers, certificate, candidates, true); - } - } - if (!candidates) { - CFDataRef issuer = - SecCertificateGetNormalizedIssuerContent(certificate); - candidates = (CFTypeRef) - CFDictionaryGetValueForKey(subjectDict, issuer); - addValidIssuersFrom(issuers, certificate, candidates, false); - } - - if (CFArrayGetCount(issuers) == 0) { - /* O no! we can't find an issuer for this certificate. Let's see - if we can find one in the local database. */ - } - - return errSecSuccess; -} - -CFArrayRef SecTrustNodeCopyNextChain(SecTrustNodeRef node, - SecTrustRef trust) { - /* Return the next full chain that isn't a reject unless we are in - a state where we consider returning rejects. */ - - switch (node->_fetchingState) { - case kSecFetchingStatePassedIn: - /* Get the list of candidates from SecTrust. */ - CFDataRef akid = SecCertificateGetAuthorityKeyID(certificate); - if (akid) { - SecTrustAppendCandidatesWithAuthorityKeyID(akid, node->_candidates); - } else { - CFDataRef issuer = - SecCertificateGetNormalizedIssuerContent(certificate); - SecTrustAppendCandidatesWithSubject(issuer, node->_candidates); - } - node->_fetchingState = kSecFetchingStateLocal; - break; - case kSecFetchingStateLocal: - /* Lookup candidates in the local database. */ - node->_fetchingState = kSecFetchingStateFromURL; - break; - case kSecFetchingStateFromURL: - node->_fetchingState = kSecFetchingStateCheckExpired; - break; - case kSecFetchingStateCheckExpired: - /* Time to start considering expired candidates as well. */ - node->_candidateIndex = 0; - node->_fetchingState = kSecFetchingStateDone; - break; - case kSecFetchingStateDone; - return NULL; - } -} - -class Source { - Iterator parentIterator(Cert); -}; - -class NodeCache { - Set nodes; - - static bool unique(Node node) { - if (nodes.contains(node)) - return false; - nodes.add(node); - return true; - } - - static bool isAnchor(Cert cert); -}; - -class Node { - Cert cert; - Node child; - int nextSource; - Iterator parentIterator; /* For current source of parents. */ - - Node(Cert inCert) : child(nil), cert(inCert), nextSource(0) {} - Node(Node inChild, Cert inCert) : child(inChild), cert(inCert), - nextSource(0) {} - - CertPath certPath() { - CertPath path; - Node node = this; - while (node) { - path.add(node.cert); - node = node.child; - } - return path; - } - - void contains(Cert cert) { - Node node = this; - while (node) { - if (cert == node.cert) - return true; - node = node.child; - } - return false; - } - - Node nextParent(Array currentSources) { - for (;;) { - if (!nextSource || - parentIterator == currentSources[nextSource - 1].end()) { - if (nextSource == currentSources.count) { - /* We ran out of parent sources. */ - return nil; - } - parentIterator = currentSources[nextSource++].begin(); - } - Certificate cert = *parentIterator++; - /* Check for cycles and self signed chains. */ - if (!contains(cert)) { - Node node = Node(this, parent); - if (!NodeCache.unique(node)) - return node; - } - } - } -}; - - -class PathBuilder { - List nodes; - List rejects; - Array currentSources; - Iterator nit; - Array allSources; - Iterator sourceIT; - CertPath chain; - - PathBuilder(Cert cert) { - nodes.append(Node(cert)); - nit = nodes.begin(); - sourceIT = allSources.begin(); - } - - nextAnchoredPath() { - if (nit == nodes.end()) { - /* We should add another source to the list of sources to - search. */ - if (sourceIT == allSources.end()) { - /* No more sources to add. */ - } - currentSources += *sourceIT++; - /* Resort nodes by size. */ - Nodes.sortBySize(); - nit = nodes.begin(); - /* Set the source list for all nodes. */ - - } - while (Node node = *nit) { - Node candidate = node.nextParent(currentSources); - if (!candidate) { - /* The current node has no more candidate parents so move - along. */ - nit++; - continue; - } - - if (candidate.isAnchored) { - candidates.append(candidate); - } else - nodes.insert(candidate, nit); - } - } - - findValidPath() { - while (Node node = nextAnchoredPath()) { - if (node.isValid()) { - chain = node.certPath; - break; - } - rejects.append(node); - } - } -} - - -#endif diff --git a/OSX/sec/Security/SecTrustPriv.h b/OSX/sec/Security/SecTrustPriv.h deleted file mode 100644 index 314932e3..00000000 --- a/OSX/sec/Security/SecTrustPriv.h +++ /dev/null @@ -1,454 +0,0 @@ -/* - * Copyright (c) 2003-2016 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecTrustPriv - The functions and data types in SecTrustPriv implement trust computation - and allow the user to apply trust decisions to the trust configuration. -*/ - -#ifndef _SECURITY_SECTRUSTPRIV_H_ -#define _SECURITY_SECTRUSTPRIV_H_ - -#include -#include -#include -#include - -__BEGIN_DECLS - -CF_ASSUME_NONNULL_BEGIN -CF_IMPLICIT_BRIDGING_ENABLED - -/* Constants used as keys in property lists. See - SecTrustCopySummaryPropertiesAtIndex for more information. */ -extern const CFStringRef kSecPropertyKeyType; -extern const CFStringRef kSecPropertyKeyLabel; -extern const CFStringRef kSecPropertyKeyLocalizedLabel; -extern const CFStringRef kSecPropertyKeyValue; - -extern const CFStringRef kSecPropertyTypeWarning; -extern const CFStringRef kSecPropertyTypeSuccess; -extern const CFStringRef kSecPropertyTypeSection; -extern const CFStringRef kSecPropertyTypeData; -extern const CFStringRef kSecPropertyTypeString; -extern const CFStringRef kSecPropertyTypeURL; -extern const CFStringRef kSecPropertyTypeDate; - -/* Constants used as keys in the dictionary returned by SecTrustCopyInfo. */ -extern const CFStringRef kSecTrustInfoExtendedValidationKey; -extern const CFStringRef kSecTrustInfoCompanyNameKey; -extern const CFStringRef kSecTrustInfoRevocationKey; -extern const CFStringRef kSecTrustInfoRevocationValidUntilKey; -extern const CFStringRef kSecTrustInfoCertificateTransparencyKey; -extern const CFStringRef kSecTrustInfoCertificateTransparencyWhiteListKey; - -/*! - @enum Trust Result Constants - @discussion Predefined key constants used to obtain values in a - dictionary of trust evaluation results for a certificate chain, - as retrieved from a call to SecTrustCopyResult. - - @constant kSecTrustResultDetails - This key will be present if a trust evaluation has been performed. - Its value is a CFArrayRef of CFDictionaryRef representing detailed - status info for each certificate in the completed chain. - @constant kSecTrustRevocationReason - This key will be present iff this chain had its revocation checked, - and a "revoked" response was received. The value of this key will - be a CFNumberRef indicating the reason for revocation. The possible - reason code values are described in RFC 5280, section 5.3.1. - */ -extern const CFStringRef kSecTrustResultDetails; - /*__OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_9_0);*/ -extern const CFStringRef kSecTrustRevocationReason; - /*__OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);*/ - -/*! - @function SecTrustCopySummaryPropertiesAtIndex - @abstract Return a property array for the certificate. - @param trust A reference to the trust object to evaluate. - @param ix The index of the requested certificate. Indices run from 0 - (leaf) to the anchor (or last certificate found if no anchor was found). - @result A property array. It is the caller's responsibility to CFRelease - the returned array when it is no longer needed. This function returns a - short summary description of the certificate in question. The property - at index 0 of the array might also include general information about the - entire chain's validity in the context of this trust evaluation. - - @discussion Returns a property array for this trust certificate. A property - array is an array of CFDictionaryRefs. Each dictionary (we call it a - property for short) has the following keys: - - kSecPropertyKeyType This key's value determines how this property - should be displayed. Its associated value is one of the - following: - kSecPropertyTypeWarning - The kSecPropertyKeyLocalizedLabel and kSecPropertyKeyLabel keys are not - set. The kSecPropertyKeyValue is a CFStringRef which should - be displayed in yellow with a warning triangle. - kSecPropertyTypeError - The kSecPropertyKeyLocalizedLabel and kSecPropertyKeyLabel keys are not - set. The kSecPropertyKeyValue is a CFStringRef which should - be displayed in red with an error X. - kSecPropertyTypeSuccess - The kSecPropertyKeyLocalizedLabel and kSecPropertyKeyLabel keys are not - set. The kSecPropertyKeyValue is a CFStringRef which should - be displayed in green with a checkmark in front of it. - kSecPropertyTypeTitle - The kSecPropertyKeyLocalizedLabel and kSecPropertyKeyLabel keys are not - set. The kSecPropertyKeyValue is a CFStringRef which should - be displayed in a larger bold font. - kSecPropertyTypeSection - The optional kSecPropertyKeyLocalizedLabel is a CFStringRef with the name - of the next section to display. The value of the - kSecPropertyKeyValue key is a CFArrayRef which is a property - array as defined here. - kSecPropertyTypeData - The optional kSecPropertyKeyLocalizedLabel is a CFStringRef containing - the localized label for the value for the kSecPropertyKeyValue. - The type of this value is a CFDataRef. Its contents should be - displayed as: "bytes length_of_data : hexdump_of_data". Ideally - the UI will only show one line of hex dump data and have a - disclosure arrow to see the remainder. - kSecPropertyTypeString - The optional kSecPropertyKeyLocalizedLabel is a CFStringRef containing - the localized label for the value for the kSecPropertyKeyValue. - The type of this value is a CFStringRef. It's contents should be - displayed in the normal font. - kSecPropertyTypeURL - The optional kSecPropertyKeyLocalizedLabel is a CFStringRef containing - the localized label for the value for the kSecPropertyKeyValue. - The type of this value is a CFURLRef. It's contents should be - displayed as a hyperlink. - kSecPropertyTypeDate - The optional kSecPropertyKeyLocalizedLabel is a CFStringRef containing - the localized label for the value for the kSecPropertyKeyValue. - The type of this value is a CFDateRef. It's contents should be - displayed in human readable form (probably in the current - timezone). - kSecPropertyKeyLocalizedLabel - Human readable localized label for a given property. - kSecPropertyKeyValue - See description of kSecPropertyKeyType to determine what the value - for this key is. - kSecPropertyKeyLabel - Non localized key (label) for this value. This is only - present for properties with fixed label names. - @param certificate A reference to the certificate to evaluate. - @result A property array. It is the caller's responsability to CFRelease - the returned array when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -CFArrayRef SecTrustCopySummaryPropertiesAtIndex(SecTrustRef trust, CFIndex ix); - -/*! - @function SecTrustCopyDetailedPropertiesAtIndex - @abstract Return a property array for the certificate. - @param trust A reference to the trust object to evaluate. - @param ix The index of the requested certificate. Indices run from 0 - (leaf) to the anchor (or last certificate found if no anchor was found). - @result A property array. It is the caller's responsibility to CFRelease - the returned array when it is no longer needed. - See SecTrustCopySummaryPropertiesAtIndex on how to intepret this array. - Unlike that function call this function returns a detailed description - of the certificate in question. -*/ -__nullable CF_RETURNS_RETAINED -CFArrayRef SecTrustCopyDetailedPropertiesAtIndex(SecTrustRef trust, CFIndex ix); - -/*! - @function SecTrustCopyInfo - @abstract Return a dictionary with additional information about the - evaluated certificate chain for use by clients. - @param trust A reference to an evaluated trust object. - @discussion Returns a dictionary for this trust evaluation. This - dictionary may have the following keys: - - kSecTrustInfoExtendedValidationKey this key will be present and have - a value of kCFBooleanTrue if this chain was validated for EV. - kSecTrustInfoCompanyNameKey Company name field of subject of leaf - certificate, this field is meant to be displayed to the user - if the kSecTrustInfoExtendedValidationKey is present. - kSecTrustInfoRevocationKey this key will be present iff this chain - had its revocation checked. The value will be a kCFBooleanTrue - if revocation checking was successful and none of the - certificates in the chain were revoked. - The value will be kCFBooleanFalse if no current revocation status - could be obtained for one or more certificates in the chain due - to connection problems or timeouts etc. This is a hint to a - client to retry revocation checking at a later time. - kSecTrustInfoRevocationValidUntilKey this key will be present iff - kSecTrustInfoRevocationKey has a value of kCFBooleanTrue. - The value will be a CFDateRef representing the earliest date at - which the revocation info for one of the certificates in this chain - might change. - - @result A dictionary with various fields that can be displayed to the user, - or NULL if no additional info is available or the trust has not yet been - validated. The caller is responsible for calling CFRelease on the value - returned when it is no longer needed. -*/ -__nullable CF_RETURNS_RETAINED -CFDictionaryRef SecTrustCopyInfo(SecTrustRef trust); - -/* For debugging purposes. */ -__nullable CF_RETURNS_RETAINED -CFArrayRef SecTrustGetDetails(SecTrustRef trust); - -/* For debugging purposes. */ -__nullable CF_RETURNS_RETAINED -CFStringRef SecTrustCopyFailureDescription(SecTrustRef trust); - -OSStatus SecTrustGetOTAPKIAssetVersionNumber(int* versionNumber); - -OSStatus SecTrustOTAPKIGetUpdatedAsset(int* didUpdateAsset); - -/*! - @function SecTrustSignedCertificateTimestampList - @abstract Attach SignedCertificateTimestampList data to a trust object. - @param trust A reference to a trust object. - @param sctArray is a CFArray of CFData objects each containing a SCT (per RFC 6962). - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion Allows the caller to provide SCT data (which may be - obtained during a TLS/SSL handshake, per RFC 6962) as input to a trust - evaluation. - */ -OSStatus SecTrustSetSignedCertificateTimestamps(SecTrustRef trust, CFArrayRef sctArray); - -/*! - @function SecTrustSetTrustedLogs - @abstract Sets the trusted CT logs for a given trust. - @param trust A reference to a trust object. - @param trustedLogs An array of trusted logs. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion trustedLog is a CFArray of CFData containing the DER-encode SubjectPublicKeyInfo - of the trusted CT logs. - */ -OSStatus SecTrustSetTrustedLogs(SecTrustRef trust, CFArrayRef trustedLogs); - -/* Keychain searches are allowed by default. Use this to turn off seaching of - -keychain search list (i.e. login.keychain, system.keychain) - -Local Items/iCloud Keychain - -user- and admin-trusted roots - -network-fetched issuers - User must provide all necessary certificates in the input certificates and/or anchors. */ -OSStatus SecTrustSetKeychainsAllowed(SecTrustRef trust, Boolean allowed) - __OSX_AVAILABLE(__MAC_10_12) __IOS_AVAILABLE(__IPHONE_10_0) __TVOS_AVAILABLE(__TVOS_10_0) __WATCHOS_AVAILABLE(__WATCHOS_3_0); - -/* Get the keychain search policy for the trust object. */ -OSStatus SecTrustGetKeychainsAllowed(SecTrustRef trust, Boolean * __nonnull allowed) - __OSX_AVAILABLE(__MAC_10_12) __IOS_AVAILABLE(__IPHONE_10_0) __TVOS_AVAILABLE(__TVOS_10_0) __WATCHOS_AVAILABLE(__WATCHOS_3_0); - -/*! - @function SecTrustEvaluateLeafOnly - @abstract Evaluates the leaf of the trust reference synchronously. - @param trust A reference to the trust object to evaluate. - @param result A pointer to a result type. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function will only evaluate the trust of the leaf certificate. - No chain will be built and only those aspects of the SecPolicyRef that address - the expected contents of the leaf will be checked. This function does not honor - any set exceptions. - */ -OSStatus SecTrustEvaluateLeafOnly(SecTrustRef trust, SecTrustResultType * __nonnull result) - __OSX_AVAILABLE(__MAC_10_12) __IOS_AVAILABLE(__IPHONE_10_0) __TVOS_AVAILABLE(__TVOS_10_0) __WATCHOS_AVAILABLE(__WATCHOS_3_0); - -/*! - @function SecTrustSerialize - @abstract Creates a serialized version of the trust object - @param trust A reference to the trust object to serialize. - @param error A pointer to an error. - @result The serialized trust object. - @discussion This function is intended to be used to share SecTrustRefs between - processes. Saving the results to disk or sending them over network channels - may cause unexpected behavior. - */ -__nullable CF_RETURNS_RETAINED -CFDataRef SecTrustSerialize(SecTrustRef trust, CFErrorRef *error) - __OSX_AVAILABLE(__MAC_10_12) __IOS_AVAILABLE(__IPHONE_10_0) __TVOS_AVAILABLE(__TVOS_10_0) __WATCHOS_AVAILABLE(__WATCHOS_3_0); - -/*! - @function SecTrustDeserialize - @abstract Creates a trust object from the serialized data - @param serialiedTrust A reference to the serialized trust object - @param error A pointer to an error. - @result A trust object - @discussion This function is intended to be used to share SecTrustRefs between - processes. Saving the results to disk or sending them over network channels - may cause unexpected behavior. - */ -__nullable CF_RETURNS_RETAINED -SecTrustRef SecTrustDeserialize(CFDataRef serializedTrust, CFErrorRef *error) - __OSX_AVAILABLE(__MAC_10_12) __IOS_AVAILABLE(__IPHONE_10_0) __TVOS_AVAILABLE(__TVOS_10_0) __WATCHOS_AVAILABLE(__WATCHOS_3_0); - -/*! - @function SecTrustGetTrustExceptionsArray - @abstract Return the exceptions array current set in the trust object - @param trust A reference to the trust object - @result The array of exceptions. - @discussion This function returns an array of exceptions that was previously set - using SecTrustSetExceptions, unlike SecTrustCopyExceptions which returns the - exceptions which could be set using SecTrustSetExceptions. - */ -__nullable CFArrayRef SecTrustGetTrustExceptionsArray(SecTrustRef trust) - __OSX_AVAILABLE(__MAC_10_12) __IOS_AVAILABLE(__IPHONE_10_0) __TVOS_AVAILABLE(__TVOS_10_0) __WATCHOS_AVAILABLE(__WATCHOS_3_0); - -CF_IMPLICIT_BRIDGING_DISABLED -CF_ASSUME_NONNULL_END - -/* - * Legacy functions (OS X only) - */ -#if TARGET_OS_MAC && !TARGET_OS_IPHONE - -CF_ASSUME_NONNULL_BEGIN -CF_IMPLICIT_BRIDGING_ENABLED - -#pragma clang diagnostic push -#pragma clang diagnostic ignored "-Wfour-char-constants" -/* - unique keychain item attributes for user trust records. - */ -enum { - kSecTrustCertAttr = 'tcrt', - kSecTrustPolicyAttr = 'tpol', - /* Leopard and later */ - kSecTrustPubKeyAttr = 'tpbk', - kSecTrustSignatureAttr = 'tsig' -}; - -#pragma clang diagnostic pop - -/*! - @function SecTrustGetUserTrust - @abstract Gets the user-specified trust settings of a certificate and policy. - @param certificate A reference to a certificate. - @param policy A reference to a policy. - @param trustSetting On return, a pointer to the user specified trust settings. - @result A result code. See "Security Error Codes" (SecBase.h). - @availability Mac OS X version 10.4. Deprecated in Mac OS X version 10.5. - */ -OSStatus SecTrustGetUserTrust(SecCertificateRef __nullable certificate, SecPolicyRef __nullable policy, SecTrustUserSetting * __nullable trustSetting) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_5, __IPHONE_NA, __IPHONE_NA); - -/*! - @function SecTrustSetUserTrust - @abstract Sets the user-specified trust settings of a certificate and policy. - @param certificate A reference to a certificate. - @param policy A reference to a policy. - @param trustSetting The user-specified trust settings. - @result A result code. See "Security Error Codes" (SecBase.h). - @availability Mac OS X version 10.4. Deprecated in Mac OS X version 10.5. - @discussion as of Mac OS version 10.5, this will result in a call to - SecTrustSettingsSetTrustSettings(). - */ -OSStatus SecTrustSetUserTrust(SecCertificateRef __nullable certificate, SecPolicyRef __nullable policy, SecTrustUserSetting trustSetting) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_5, __IPHONE_NA, __IPHONE_NA); - -/*! - @function SecTrustSetUserTrustLegacy - @abstract Sets the user-specified trust settings of a certificate and policy. - @param certificate A reference to a certificate. - @param policy A reference to a policy. - @param trustSetting The user-specified trust settings. - @result A result code. See "Security Error Codes" (SecBase.h). - - @This is the private version of what used to be SecTrustSetUserTrust(); it operates - on UserTrust entries as that function used to. The current SecTrustSetUserTrust() - function operated on Trust Settings. - */ -OSStatus SecTrustSetUserTrustLegacy(SecCertificateRef __nullable certificate, SecPolicyRef __nullable policy, SecTrustUserSetting trustSetting) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_5, __MAC_10_12, __IPHONE_NA, __IPHONE_NA); - -/*! - @function SecTrustGetCSSMAnchorCertificates - @abstract Retrieves the CSSM anchor certificates. - @param cssmAnchors A pointer to an array of anchor certificates. - @param cssmAnchorCount A pointer to the number of certificates in anchors. - @result A result code. See "Security Error Codes" (SecBase.h). - @availability Mac OS X version 10.4. Deprecated in Mac OS X version 10.5. - */ -OSStatus SecTrustGetCSSMAnchorCertificates(const CSSM_DATA * __nullable * __nullable cssmAnchors, uint32 *cssmAnchorCount) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_5, __IPHONE_NA, __IPHONE_NA); - -/*! - @function SecTrustCopyExtendedResult - @abstract Gets the extended trust result after an evaluation has been performed. - @param trust A trust reference. - @param result On return, result points to a CFDictionaryRef containing extended trust results (if no error occurred). - The caller is responsible for releasing this dictionary with CFRelease when finished with it. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function may only be used after SecTrustEvaluate has been called for the trust reference, otherwise - errSecTrustNotAvailable is returned. If the certificate is not an extended validation certificate, there is - no extended result data and errSecDataNotAvailable is returned. Currently, only one dictionary key is defined - (kSecEVOrganizationName). - - Note: this function will be deprecated in a future release of OS X. Your - code should use SecTrustCopyResult to obtain the trust results dictionary. - */ -OSStatus SecTrustCopyExtendedResult(SecTrustRef trust, CFDictionaryRef * __nonnull CF_RETURNS_RETAINED result) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_5, __MAC_10_12, __IPHONE_NA, __IPHONE_NA); - -/* - * Preference-related strings for Revocation policies. - */ - -/* - * Preference domain, i.e., the name of a plist in ~/Library/Preferences or in - * /Library/Preferences - */ -#define kSecRevocationDomain "com.apple.security.revocation" - -/* OCSP and CRL style keys, followed by values used for both of them */ -#define kSecRevocationOcspStyle CFSTR("OCSPStyle") -#define kSecRevocationCrlStyle CFSTR("CRLStyle") -#define kSecRevocationOff CFSTR("None") -#define kSecRevocationBestAttempt CFSTR("BestAttempt") -#define kSecRevocationRequireIfPresent CFSTR("RequireIfPresent") -#define kSecRevocationRequireForAll CFSTR("RequireForAll") - -/* Which first if both enabled? */ -#define kSecRevocationWhichFirst CFSTR("RevocationFirst") -#define kSecRevocationOcspFirst CFSTR("OCSP") -#define kSecRevocationCrlFirst CFSTR("CRL") - -/* boolean: A "this policy is sufficient per cert" for each */ -#define kSecRevocationOCSPSufficientPerCert CFSTR("OCSPSufficientPerCert") -#define kSecRevocationCRLSufficientPerCert CFSTR("CRLSufficientPerCert") - -/* local OCSP responder URI, value arbitrary string value */ -#define kSecOCSPLocalResponder CFSTR("OCSPLocalResponder") - -/* Extended trust result keys (now in public API) */ -#define kSecEVOrganizationName kSecTrustOrganizationName -#define kSecTrustExpirationDate kSecTrustRevocationValidUntilDate - -CF_IMPLICIT_BRIDGING_DISABLED -CF_ASSUME_NONNULL_END - -#endif /* TARGET_OS_MAC && !TARGET_OS_IPHONE */ - -__END_DECLS - -#endif /* !_SECURITY_SECTRUSTPRIV_H_ */ diff --git a/OSX/sec/Security/SecTrustSettings.c b/OSX/sec/Security/SecTrustSettings.c deleted file mode 100644 index 78f09e60..00000000 --- a/OSX/sec/Security/SecTrustSettings.c +++ /dev/null @@ -1,533 +0,0 @@ -/* - * Copyright (c) 2007-2008,2010,2012-2015 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/* - * SecTrustSettings.c - Implement trust settings for certificates - */ - -#include "SecTrustSettings.h" -#include "SecTrustSettingsPriv.h" -#include -#include -#include -#include -#include "SecBasePriv.h" -#include -#include -#include - -#define trustSettingsDbg(args...) secdebug("trustSettings", ## args) -#define trustSettingsEvalDbg(args...) secdebug("trustSettingsEval", ## args) - -// MARK: - -// MARK: Static Functions - -/* Return a CFDataRef representation of a (hex)string. */ -static CFDataRef SecCopyDataFromHexString(CFStringRef string) { - CFMutableDataRef data; - CFIndex ix, length; - UInt8 *bytes; - - length = string ? CFStringGetLength(string) : 0; - if (length & 1) { - secwarning("Odd length string: %@ returning NULL", string); - return NULL; - } - - data = CFDataCreateMutable(kCFAllocatorDefault, length / 2); - CFDataSetLength(data, length / 2); - bytes = CFDataGetMutableBytePtr(data); - - CFStringInlineBuffer buf = {}; - CFRange range = { 0, length }; - CFStringInitInlineBuffer(string, &buf, range); - UInt8 lastv = 0; - for (ix = 0; ix < length; ++ix) { - UniChar c = CFStringGetCharacterFromInlineBuffer(&buf, ix); - UInt8 v; - if ('0' <= c && c <= '9') - v = c - '0'; - else if ('A' <= c && c <= 'F') - v = c = 'A' + 10; - else if ('a' <= c && c <= 'a') - v = c = 'a' + 10; - else { - secwarning("Non hex string: %@ returning NULL", string); - CFRelease(data); - return NULL; - } - if (ix & 1) { - *bytes++ = (lastv << 4) + v; - } else { - lastv = v; - } - } - - return data; -} - -#if 0 -/* - * Obtain a string representing a cert's SHA1 digest. This string is - * the key used to look up per-cert trust settings in a TrustSettings record. - */ -static CFStringRef SecTrustSettingsCertHashStrFromCert( - SecCertificateRef certRef) -{ - if (certRef == NULL) { - return NULL; - } - - if(certRef == kSecTrustSettingsDefaultRootCertSetting) { - /* use this string instead of the cert hash as the dictionary key */ - secdebug("trustsettings","DefaultSetting"); - return kSecTrustRecordDefaultRootCert; - } - - CFDataRef digest = SecCertificateGetSHA1Digest(certRef); - return CFDataCopyHexString(digest); -} -#endif - -// MARK: - -// MARK: SecTrustSettings -/******************************************************** - ************** SecTrustSettings object ***************** - ********************************************************/ - -struct __SecTrustSettings { - CFRuntimeBase _base; - - /* the overall parsed TrustSettings - may be NULL if this is trimmed */ - CFDictionaryRef _propList; - - /* and the main thing we work with, the dictionary of per-cert trust settings */ - CFMutableDictionaryRef _trustDict; - - /* version number of mPropDict */ - SInt32 _dictVersion; - - SecTrustSettingsDomain _domain; - bool _dirty; /* we've changed _trustDict since creation */ -}; - -static CFStringRef SecTrustSettingsCopyFormatDescription(CFTypeRef cf, CFDictionaryRef formatOptions) { - SecTrustSettingsRef ts = (SecTrustSettingsRef)cf; - return CFStringCreateWithFormat(kCFAllocatorDefault, NULL, - CFSTR(""), ts); -} - -static void SecTrustSettingsDestroy(CFTypeRef cf) { - SecTrustSettingsRef ts = (SecTrustSettingsRef) cf; - CFReleaseSafe(ts->_propList); - CFReleaseSafe(ts->_trustDict); -} - -/* SecTrustSettings API functions. */ -CFGiblisFor(SecTrustSettings) - -/* Make sure a presumed CFNumber can be converted to a 32-bit number */ -static bool tsIsGoodCfNum(CFNumberRef cfn, SInt32 *num) -{ - /* by convention */ - if (cfn == NULL) { - *num = 0; - return true; - } - require(CFGetTypeID(cfn) == CFNumberGetTypeID(), errOut); - return CFNumberGetValue(cfn, kCFNumberSInt32Type, num); -errOut: - return false; -} - -static bool validateUsageConstraint(const void *value) { - CFDictionaryRef ucDict = (CFDictionaryRef)value; - require(CFGetTypeID(ucDict) == CFDictionaryGetTypeID(), errOut); - - CFDataRef certPolicy = (CFDataRef)CFDictionaryGetValue(ucDict, - kSecTrustSettingsPolicy); - require(certPolicy && CFGetTypeID(certPolicy) == CFDataGetTypeID(), errOut); - - CFStringRef certApp = (CFStringRef)CFDictionaryGetValue(ucDict, - kSecTrustSettingsApplication); - require(certApp && CFGetTypeID(certApp) == CFStringGetTypeID(), errOut); - - CFStringRef policyStr = (CFStringRef)CFDictionaryGetValue(ucDict, - kSecTrustSettingsPolicyString); - require(policyStr && CFGetTypeID(policyStr) == CFStringGetTypeID(), errOut); - - SInt32 dummy; - CFNumberRef allowedError = (CFNumberRef)CFDictionaryGetValue(ucDict, - kSecTrustSettingsAllowedError); - require(tsIsGoodCfNum(allowedError, &dummy), errOut); - - CFNumberRef trustSettingsResult = (CFNumberRef)CFDictionaryGetValue(ucDict, - kSecTrustSettingsResult); - require(tsIsGoodCfNum(trustSettingsResult, &dummy), errOut); - - CFNumberRef keyUsage = (CFNumberRef)CFDictionaryGetValue(ucDict, - kSecTrustSettingsKeyUsage); - require(tsIsGoodCfNum(keyUsage, &dummy), errOut); - - return true; -errOut: - return false; -} - -static bool validateTrustSettingsArray(CFArrayRef usageConstraints) { - CFIndex ix, numConstraints = CFArrayGetCount(usageConstraints); - bool result = true; - for (ix = 0; ix < numConstraints; ++ix) { - if (!validateUsageConstraint(CFArrayGetValueAtIndex(usageConstraints, ix))) - result = false; - } - return result; -} - -struct trustListContext { - CFMutableDictionaryRef dict; - SInt32 version; - bool trim; - OSStatus status; -}; - -static void trustListApplierFunction(const void *key, const void *value, void *context) { - CFStringRef digest = (CFStringRef)key; - CFDictionaryRef certDict = (CFDictionaryRef)value; - struct trustListContext *tlc = (struct trustListContext *)context; - CFDataRef newKey = NULL; - CFMutableDictionaryRef newDict = NULL; - - /* Get the key. */ - require(digest && CFGetTypeID(digest) == CFStringGetTypeID(), errOut); - /* Convert it to a CFDataRef. */ - require(newKey = SecCopyDataFromHexString(digest), errOut); - - /* get per-cert dictionary */ - require(certDict && CFGetTypeID(certDict) == CFDictionaryGetTypeID(), errOut); - - /* Create the to be inserted dictionary. */ - require(newDict = CFDictionaryCreateMutable(kCFAllocatorDefault, - tlc->trim ? 1 : 4, &kCFTypeDictionaryKeyCallBacks, - &kCFTypeDictionaryValueCallBacks), errOut); - - /* The certDict dictionary should have exactly four entries. - If we're trimming, all we need is the actual trust settings. */ - - /* issuer */ - CFDataRef issuer = (CFDataRef)CFDictionaryGetValue(certDict, - kTrustRecordIssuer); - require(issuer && CFGetTypeID(issuer) == CFDataGetTypeID(), errOut); - - /* serial number */ - CFDataRef serial = (CFDataRef)CFDictionaryGetValue(certDict, - kTrustRecordSerialNumber); - require(serial && CFGetTypeID(serial) == CFDataGetTypeID(), errOut); - - /* modification date */ - CFDateRef modDate = (CFDateRef)CFDictionaryGetValue(certDict, - kTrustRecordModDate); - require(modDate && CFGetTypeID(modDate) == CFDateGetTypeID(), errOut); - - /* If we are not trimming we copy these extra values as well. */ - if (!tlc->trim) { - CFDictionaryAddValue(newDict, kTrustRecordIssuer, issuer); - CFDictionaryAddValue(newDict, kTrustRecordSerialNumber, serial); - CFDictionaryAddValue(newDict, kTrustRecordModDate, modDate); - } - - /* The actual trust settings */ - CFArrayRef trustSettings = (CFArrayRef)CFDictionaryGetValue(certDict, - kTrustRecordTrustSettings); - /* optional; this cert's entry is good */ - if(trustSettings) { - require(CFGetTypeID(trustSettings) == CFArrayGetTypeID(), errOut); - - /* Now validate the usageConstraint array contents */ - require(validateTrustSettingsArray(trustSettings), errOut); - - /* Add the trustSettings to the dict. */ - CFDictionaryAddValue(newDict, kTrustRecordTrustSettings, trustSettings); - } - - CFDictionaryAddValue(tlc->dict, newKey, newDict); - CFRelease(newKey); - CFRelease(newDict); - - return; -errOut: - CFReleaseSafe(newKey); - CFReleaseSafe(newDict); - tlc->status = errSecInvalidTrustSettings; -} - -static OSStatus SecTrustSettingsValidate(SecTrustSettingsRef ts, bool trim) { - /* top level dictionary */ - require(ts->_propList, errOut); - require(CFGetTypeID(ts->_propList) == CFDictionaryGetTypeID(), errOut); - - /* That dictionary has two entries */ - CFNumberRef cfVers = (CFNumberRef)CFDictionaryGetValue(ts->_propList, kTrustRecordVersion); - require(cfVers != NULL && CFGetTypeID(cfVers) == CFNumberGetTypeID(), errOut); - require(CFNumberGetValue(cfVers, kCFNumberSInt32Type, &ts->_dictVersion), errOut); - require((ts->_dictVersion <= kSecTrustRecordVersionCurrent) && - (ts->_dictVersion != kSecTrustRecordVersionInvalid), errOut); - - /* other backwards-compatibility handling done later, if needed, per _dictVersion */ - - require(ts->_trustDict = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, - &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks), errOut); - - CFDictionaryRef trustList = (CFDictionaryRef)CFDictionaryGetValue( - ts->_propList, kTrustRecordTrustList); - require(trustList != NULL && - CFGetTypeID(trustList) == CFDictionaryGetTypeID(), errOut); - - /* Convert the per-cert entries from on disk to in memory format. */ - struct trustListContext context = { - ts->_trustDict, ts->_dictVersion, trim, errSecSuccess - }; - CFDictionaryApplyFunction(trustList, trustListApplierFunction, &context); - - if (trim) { - /* we don't need the top-level dictionary any more */ - CFRelease(ts->_propList); - ts->_propList = NULL; - } - - return context.status; - -errOut: - return errSecInvalidTrustSettings; -} - -OSStatus SecTrustSettingsCreateFromExternal(SecTrustSettingsDomain domain, - CFDataRef external, SecTrustSettingsRef *ts) { - CFAllocatorRef allocator = kCFAllocatorDefault; - CFIndex size = sizeof(struct __SecTrustSettings); - SecTrustSettingsRef result; - - require(result = (SecTrustSettingsRef)_CFRuntimeCreateInstance(allocator, - SecTrustSettingsGetTypeID(), size - sizeof(CFRuntimeBase), 0), errOut); - - CFErrorRef error = NULL; - CFPropertyListRef plist = CFPropertyListCreateWithData(kCFAllocatorDefault, - external, kCFPropertyListImmutable, NULL, &error); - if (!plist) { - secwarning("SecTrustSettingsCreateFromExternal: %@", error); - CFReleaseSafe(error); - CFReleaseSafe(result); - goto errOut; - } - - result->_propList = plist; - result->_trustDict = NULL; - SecTrustSettingsValidate(result, false); - - *ts = result; - - return errSecSuccess; - -errOut: - return errSecInvalidTrustSettings; -} - -SecTrustSettingsRef SecTrustSettingsCreate(SecTrustSettingsDomain domain, - bool create, bool trim) { - CFAllocatorRef allocator = kCFAllocatorDefault; - CFIndex size = sizeof(struct __SecTrustSettings); - SecTrustSettingsRef result = - (SecTrustSettingsRef)_CFRuntimeCreateInstance(allocator, - SecTrustSettingsGetTypeID(), size - sizeof(CFRuntimeBase), 0); - if (!result) - return NULL; - - //result->_data = NULL; - - return result; -} - -CFDataRef SecTrustSettingsCopyExternal(SecTrustSettingsRef ts) { - /* Transform the internal represantation of the trustSettings to an - external form. */ - // @@@ SecTrustSettingsUpdatePropertyList(SecTrustSettingsRef ts); - CFDataRef xmlData; - verify(xmlData = CFPropertyListCreateXMLData(kCFAllocatorDefault, - ts->_propList)); - return xmlData; -} - -void SecTrustSettingsSet(SecCertificateRef certRef, - CFTypeRef trustSettingsDictOrArray) { -} - - - -// MARK: - -// MARK: SPI functions - - -/* - * Fundamental routine used by TP to ascertain status of one cert. - * - * Returns true in *foundMatchingEntry if a trust setting matching - * specific constraints was found for the cert. Returns true in - * *foundAnyEntry if any entry was found for the cert, even if it - * did not match the specified constraints. The TP uses this to - * optimize for the case where a cert is being evaluated for - * one type of usage, and then later for another type. If - * foundAnyEntry is false, the second evaluation need not occur. - * - * Returns the domain in which a setting was found in *foundDomain. - * - * Allowed errors applying to the specified cert evaluation - * are returned in a mallocd array in *allowedErrors and must - * be freed by caller. - * - * The design of the entire TrustSettings module is centered around - * optimizing the performance of this routine (security concerns - * aside, that is). It's why the per-cert dictionaries are stored - * as a dictionary, keyed off of the cert hash. It's why TrustSettings - * are cached in memory by tsGetGlobalTrustSettings(), and why those - * cached TrustSettings objects are 'trimmed' of dictionary fields - * which are not needed to verify a cert. - * - * The API functions which are used to manipulate Trust Settings - * are called infrequently and need not be particularly fast since - * they result in user interaction for authentication. Thus they do - * not use cached TrustSettings as this function does. - */ -OSStatus SecTrustSettingsEvaluateCertificate( - SecCertificateRef certificate, - SecPolicyRef policy, - SecTrustSettingsKeyUsage keyUsage, /* optional */ - bool isSelfSignedCert, /* for checking default setting */ - /* RETURNED values */ - SecTrustSettingsDomain *foundDomain, - CFArrayRef *allowedErrors, /* RETURNED */ - SecTrustSettingsResult *resultType, /* RETURNED */ - bool *foundMatchingEntry,/* RETURNED */ - bool *foundAnyEntry) /* RETURNED */ -{ -#if 0 - BEGIN_RCSAPI - - StLock _(sutCacheLock()); - - TS_REQUIRED(certHashStr) - TS_REQUIRED(foundDomain) - TS_REQUIRED(allowedErrors) - TS_REQUIRED(numAllowedErrors) - TS_REQUIRED(resultType) - TS_REQUIRED(foundMatchingEntry) - TS_REQUIRED(foundMatchingEntry) - - /* ensure a NULL_terminated string */ - auto_array polStr; - if(policyString != NULL) { - polStr.allocate(policyStringLen + 1); - memmove(polStr.get(), policyString, policyStringLen); - if(policyString[policyStringLen - 1] != '\0') { - (polStr.get())[policyStringLen] = '\0'; - } - } - - /* initial condition - this can grow if we inspect multiple TrustSettings */ - *allowedErrors = NULL; - *numAllowedErrors = 0; - - /* - * This loop relies on the ordering of the SecTrustSettingsDomain enum: - * search user first, then admin, then system. - */ - assert(kSecTrustSettingsDomainAdmin == (kSecTrustSettingsDomainUser + 1)); - assert(kSecTrustSettingsDomainSystem == (kSecTrustSettingsDomainAdmin + 1)); - bool foundAny = false; - for(unsigned domain=kSecTrustSettingsDomainUser; - domain<=kSecTrustSettingsDomainSystem; - domain++) { - TrustSettings *ts = tsGetGlobalTrustSettings(domain); - if(ts == NULL) { - continue; - } - - /* validate cert returns true if matching entry was found */ - bool foundAnyHere = false; - bool found = ts->evaluateCert(certHashStr, policyOID, - polStr.get(), keyUsage, isRootCert, - allowedErrors, numAllowedErrors, resultType, &foundAnyHere); - - if(found) { - /* - * Note this, even though we may overwrite it later if this - * is an Unspecified entry and we find a definitive entry - * later - */ - *foundDomain = domain; - } - if(found && (*resultType != kSecTrustSettingsResultUnspecified)) { - trustSettingsDbg("SecTrustSettingsEvaluateCert: found in domain %d", domain); - *foundAnyEntry = true; - *foundMatchingEntry = true; - return errSecSuccess; - } - foundAny |= foundAnyHere; - } - trustSettingsDbg("SecTrustSettingsEvaluateCert: NOT FOUND"); - *foundAnyEntry = foundAny; - *foundMatchingEntry = false; - return errSecSuccess; - END_RCSAPI -#endif - return errSecSuccess; -} - -/* - * Add a cert's TrustSettings to a non-persistent TrustSettings record. - * No locking or cache flushing here; it's all local to the TrustSettings - * we construct here. - */ -#if SECTRUST_OSX -// There is already a SecTrustSettingsSetTrustSettingsExternal API on OS X -// with different arguments, so give this one an _ios extension. -OSStatus SecTrustSettingsSetTrustSettingsExternal_ios( -#else -OSStatus SecTrustSettingsSetTrustSettingsExternal( -#endif - CFDataRef settingsIn, /* optional */ - SecCertificateRef certRef, /* optional */ - CFTypeRef trustSettingsDictOrArray, /* optional */ - CFDataRef *settingsOut) /* RETURNED */ -{ - SecTrustSettingsRef ts = NULL; - OSStatus status; - - require_noerr(status = SecTrustSettingsCreateFromExternal( - kSecTrustSettingsDomainMemory, settingsIn, &ts), errOut); - SecTrustSettingsSet(certRef, trustSettingsDictOrArray); - *settingsOut = SecTrustSettingsCopyExternal(ts); - -errOut: - CFReleaseSafe(ts); - return status; -} diff --git a/OSX/sec/Security/SecTrustSettings.h b/OSX/sec/Security/SecTrustSettings.h deleted file mode 100644 index 5a9c94e8..00000000 --- a/OSX/sec/Security/SecTrustSettings.h +++ /dev/null @@ -1,250 +0,0 @@ -/* - * Copyright (c) 2007,2012 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/*! - @header SecTrustSettings - The functions and data types in SecTrustSettings implement a way to - set and retrive trustability of certificates. -*/ - -#ifndef _SECURITY_SECTRUSTSETTINGS_H_ -#define _SECURITY_SECTRUSTSETTINGS_H_ - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Any certificate (cert) which resides in a keychain can have associated with - * it a set of Trust Settings. Trust Settings specify conditions in which a - * given cert can be trusted or explicitly distrusted. A "trusted" cert is - * either a root (self-signed) cert that, when a cert chain verifies back to that - * root, the entire cert chain is trusted; or a non-root cert that does not need - * to verify to a trusted root cert (which is normally the case when verifying a - * cert chain). An "explicitly distrusted" cert is one which will, when encountered - * during the evaluation of a cert chain, cause immediate and unconditional failure - * of the verify operation. - * - * Trust Settings are configurable by the user; they can apply on three levels - * (called domains): - * - * -- Per-user. - * -- Locally administered, system-wide. Administrator privileges are required - * to make changes to this domain. - * -- System. These Trust Settings are immutable and comprise the set of trusted - * root certificates supplied in Mac OS X. - * - * Per-user Trust Settings override locally administered Trust Settings, which - * in turn override the System Trust Settings. - * - * Each cert's Trust Settings are expressed as a CFArray which includes any - * number (including zero) of CFDictionaries, each of which comprises one set of - * Usage Constraints. Each Usage Constraints dictionary contains zero or one of - * each the following components: - * - * key = kSecTrustSettingsPolicy value = policy OID as CFString - * key = kSecTrustSettingsPolicyName value = policy name as CFString - * key = kSecTrustSettingsApplication value = SecTrustedApplicationRef - * key = kSecTrustSettingsPolicyString value = CFString, policy-specific - * key = kSecTrustSettingsKeyUsage value = CFNumber, an SInt32 key usage - * - * A given Usage Constraints dictionary applies to a given cert if *all* of the - * usage constraint components specified in the dictionary match the usage of - * the cert being evaluated; when this occurs, the value of the - * kSecTrustSettingsResult entry in the dictionary, shown below, is the effective - * trust setting for the cert. - * - * key = kSecTrustSettingsResult value = CFNumber, an SInt32 SecTrustSettingsResult - * - * The overall Trust Settings of a given cert are the sum of all such Usage - * Constraints CFDictionaries: Trust Settings for a given usage apply if *any* - * of the CFDictionaries in the cert's Trust Settings array satisfies - * the specified usage. Thus, when a cert has multiple Usage Constraints - * dictionaries in its Trust Settings array, the overall Trust Settings - * for the cert are - * - * (Usage Constraint 0 component 0 AND Usage Constraint 0 component 1 ...) - * -- OR -- - * (Usage Constraint 1 component 0 AND Usage Constraint 1 component 1 ...) - * -- OR -- - * ... - * - * Notes on the various Usage Constraints components: - * - * kSecTrustSettingsPolicy Specifies a cert verification policy, e.g., SSL, - * SMIME, etc, using Policy Constants - * kSecTrustSettingsPolicyName Specifies a cert verification policy, e.g., - * sslServer, eapClient, etc, using policy names. - * This entry can be used to restrict the policy where - * the same Policy Constant is used for multiple policyNames. - * kSecTrustSettingsApplication Specifies the application performing the cert - * verification. - * kSecTrustSettingsPolicyString Policy-specific. For the SMIME policy, this is - * an email address. - * For the SSL policy, this is a host name. - * kSecTrustSettingsKeyUsage A bitfield indicating key operations (sign, - * encrypt, etc.) for which this Usage Constraint - * apply. Values are defined below as the - * SecTrustSettingsKeyUsage enum. - * kSecTrustSettingsResult The resulting trust value. If not present this has a - * default of kSecTrustSettingsResultTrustRoot, meaning - * "trust this root cert". Other legal values are: - * kSecTrustSettingsResultTrustAsRoot : trust non-root - * cert as if it were a trusted root. - * kSecTrustSettingsResultDeny : explicitly distrust this - * cert. - * kSecTrustSettingsResultUnspecified : neither trust nor - * distrust; can be used to specify an "Allowed error" - * (see below) without assigning trust to a specific - * cert. - * - * Another optional component in a Usage Constraints dictionary is a CSSM_RETURN - * which, if encountered during certificate verification, is ignored for that - * cert. These "allowed error" values are constrained by Usage Constraints as - * described above; a Usage Constraint dictionary with no constraints but with - * an Allowed Error value causes that error to always be allowed when the cert - * is being evaluated. - * - * The "allowed error" entry in a Usage Constraints dictionary is formatted - * as follows: - * - * key = kSecTrustSettingsAllowedError value = CFNumber, an SInt32 CSSM_RETURN - * - * Note that if kSecTrustSettingsResult value of kSecTrustSettingsResultUnspecified - * is *not* present for a Usage Constraints dictionary with no Usage - * Constraints, the default of kSecTrustSettingsResultTrustRoot is assumed. To - * specify a kSecTrustSettingsAllowedError without explicitly trusting (or - * distrusting) the associated cert, specify kSecTrustSettingsResultUnspecified - * for the kSecTrustSettingsResult component. - * - * Note that an empty Trust Settings array means "always trust this cert, - * with a resulting kSecTrustSettingsResult of kSecTrustSettingsResultTrustRoot". - * An empty Trust Settings array is definitely not the same as *no* Trust - * Settings, which means "this cert must be verified to a known trusted cert". - * - * Note the distinction between kSecTrustSettingsResultTrustRoot and - * kSecTrustSettingsResultTrustAsRoot; the former can only be applied to - * root (self-signed) certs; the latter can only be applied to non-root - * certs. This also means that an empty TrustSettings array for a non-root - * cert is invalid, since the default value for kSecTrustSettingsResult is - * kSecTrustSettingsResultTrustRoot, which is invalid for a non-root cert. - * - * Authentication - * -------------- - * - * When making changes to the per-user Trust Settings, the user will be - * prompted with an alert panel asking for authentication via user name a - * password (or other credentials normally used for login). This means - * that it is not possible to modify per-user Trust Settings when not - * running in a GUI environment (i.e. the user is not logged in via - * Loginwindow). - * - * When making changes to the system-wide Trust Settings, the user will be - * prompted with an alert panel asking for an administrator's name and - * password, unless the calling process is running as root in which case - * no futher authentication is needed. - */ - -/* - * The keys in one Usage Constraints dictionary. - */ -#define kSecTrustSettingsPolicy CFSTR("kSecTrustSettingsPolicy") -#define kSecTrustSettingsPolicyName CFSTR("kSecTrustSettingsPolicyName") -#define kSecTrustSettingsApplication CFSTR("kSecTrustSettingsApplication") -#define kSecTrustSettingsPolicyString CFSTR("kSecTrustSettingsPolicyString") -#define kSecTrustSettingsKeyUsage CFSTR("kSecTrustSettingsKeyUsage") -#define kSecTrustSettingsAllowedError CFSTR("kSecTrustSettingsAllowedError") -#define kSecTrustSettingsResult CFSTR("kSecTrustSettingsResult") - -/* - * Key usage bits, the value for Usage Constraints key kSecTrustSettingsKeyUsage. - */ -typedef CF_OPTIONS(uint32_t, SecTrustSettingsKeyUsage) { - /* sign/verify data */ - kSecTrustSettingsKeyUseSignature = 0x00000001, - /* bulk encryption */ - kSecTrustSettingsKeyUseEnDecryptData = 0x00000002, - /* key wrap/unwrap */ - kSecTrustSettingsKeyUseEnDecryptKey = 0x00000004, - /* sign/verify cert */ - kSecTrustSettingsKeyUseSignCert = 0x00000008, - /* sign/verify CRL and OCSP */ - kSecTrustSettingsKeyUseSignRevocation = 0x00000010, - /* key exchange, e.g., Diffie-Hellman */ - kSecTrustSettingsKeyUseKeyExchange = 0x00000020, - /* any usage (the default if this value is not specified) */ - kSecTrustSettingsKeyUseAny = 0xffffffff -}; - -/*! - @enum SecTrustSettingsResult - @abstract Result of a trust settings evaluation. -*/ -typedef CF_ENUM(uint32_t, SecTrustSettingsResult) { - kSecTrustSettingsResultInvalid = 0, /* Never valid in a Trust Settings array or - * in an API call. */ - kSecTrustSettingsResultTrustRoot, /* Root cert is explicitly trusted */ - kSecTrustSettingsResultTrustAsRoot, /* Non-root cert is explicitly trusted */ - kSecTrustSettingsResultDeny, /* Cert is explicitly distrusted */ - kSecTrustSettingsResultUnspecified /* Neither trusted nor distrusted; evaluation - * proceeds as usual */ -}; - -/* - * Specify user, local administrator, or system domain Trust Properties. - * Note that kSecTrustSettingsDomainSystem settings are read-only, even by - * root. - */ -typedef CF_ENUM(uint32_t, SecTrustSettingsDomain) { - kSecTrustSettingsDomainUser = 0, - kSecTrustSettingsDomainAdmin, - kSecTrustSettingsDomainSystem -}; - -/* - * SecCertificateRef value indicating the default Root Certificate Trust Settings - * for a given domain. When evaluating Trust Settings for a root cert in - * a given domain, *and* no matching explicit Trust Settings exists for the - * root cert in questions, *and* default Root Cert Trust Settings exist - * in that domain which matches the evaluation condition, then the - * SecTrustSettingsResult for that default Trust Setting (if not - * kSecTrustSettingsResultUnspecified) will apply. - * - * This can be used e.g. by a system administrator to explicilty distrust all - * of the root certs in the (immutable) system domain for a specific policy. - * - * This const is passed as the 'SecCertificateRef certRef' argument to - * SecTrustSettingsCopyTrustSettings(), SecTrustSettingsSetTrustSettings(), - * and SecTrustSettingsRemoveTrustSettings(), and - * SecTrustSettingsCopyModificationDate(). - */ -#define kSecTrustSettingsDefaultRootCertSetting ((SecCertificateRef)-1) - -#ifdef __cplusplus -} -#endif - -#endif /* _SECURITY_SECTRUSTSETTINGS_H_ */ diff --git a/OSX/sec/Security/SecTrustSettingsPriv.h b/OSX/sec/Security/SecTrustSettingsPriv.h deleted file mode 100644 index 66ecb9a7..00000000 --- a/OSX/sec/Security/SecTrustSettingsPriv.h +++ /dev/null @@ -1,242 +0,0 @@ -/* - * Copyright (c) 2007-2008,2010,2012-2015 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/* - * SecTrustSettingsPriv.h - TrustSettings SPI functions. - */ - -#ifndef _SECURITY_SECTRUSTSETTINGSPRIV_H_ -#define _SECURITY_SECTRUSTSETTINGSPRIV_H_ - -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * A TrustSettings Record contains the XML encoding of a CFDictionary. This dictionary - * currently contains two name/value pairs: - * - * key = kTrustRecordVersion, value = SInt32 version number - * key = kTrustRecordTrustList, value = CFDictionary - * - * Each key/value pair of the CFDictionary associated with key kTrustRecordTrustList - * consists of: - * -- key = the ASCII representation (with alpha characters in upper case) of the - * cert's SHA1 digest. - * -- value = a CFDictionary representing one cert. - * - * Key/value pairs in the per-cert dictionary are as follows: - * - * -- key = kTrustRecordIssuer, value = non-normalized issuer as CFData - * -- key = kTrustRecordSerialNumber, value = serial number as CFData - * -- key = kTrustRecordModDate, value = CFDateRef of the last modification - date of the per-cert entry. - * -- key = kTrustRecordTrustSettings, value = array of dictionaries. The - * dictionaries are as described in the API in SecUserTrust.h - * although we store the values differently (see below). - * As written to disk, this key/value is always present although - * the usageConstraints array may be empty. - * - * A usageConstraints dictionary is like so (all elements are optional). These key - * strings are defined in SecUserTrust.h. - * - * key = kSecTrustSettingsPolicy value = policy OID as CFString - * key = kSecTrustSettingsPolicyName value = policy name as CFString - * key = kSecTrustSettingsApplication value = application path as CFString - * key = kSecTrustSettingsPolicyString value = CFString, policy-specific - * key = kSecTrustSettingsAllowedError value = CFNumber, an SInt32 CSSM_RETURN - * key = kSecTrustSettingsResult value = CFNumber, an SInt32 SecTrustSettingsResult - * key = kSecTrustSettingsKeyUsage value = CFNumber, an SInt32 key usage - * key = kSecTrustSettingsModifyDate value = CFDate, last modification - */ - -/* - * Keys in the top-level dictionary - */ -#define kTrustRecordVersion CFSTR("trustVersion") -#define kTrustRecordTrustList CFSTR("trustList") - -/* - * Keys in the per-cert dictionary in the TrustedRootList record. - */ -/* value = non-normalized issuer as CFData */ -#define kTrustRecordIssuer CFSTR("issuerName") - -/* value = serial number as CFData */ -#define kTrustRecordSerialNumber CFSTR("serialNumber") - -/* value = CFDateRef representation of modification date */ -#define kTrustRecordModDate CFSTR("modDate") - -/* - * value = array of CFDictionaries as used in public API - * Not present for a cert which has no usage Constraints (i.e. - * "wide open" unrestricted, kSecTrustSettingsResultTrustRoot as - * the default SecTrustSettingsResult). - */ -#define kTrustRecordTrustSettings CFSTR("trustSettings") - -/* - * Version of the top-level dictionary. - */ -enum { - kSecTrustRecordVersionInvalid = 0, /* should never be seen on disk */ - kSecTrustRecordVersionCurrent = 1 -}; - -/* - * Key for the (optional) default entry in a TrustSettings record. This - * appears in place of the cert's hash string, and corresponds to - * kSecTrustSettingsDefaultRootCertSetting at the public API. - * If you change this, make sure it has characters other than those - * appearing in a normal cert hash string (0..9 and A..F). - */ -#define kSecTrustRecordDefaultRootCert CFSTR("kSecTrustRecordDefaultRootCert") - -/* - * The location of the system root keychain and its associated TrustSettings. - * These are immutable; this module never modifies either of them. - */ -#define SYSTEM_ROOT_STORE_PATH "/System/Library/Keychains/SystemRootCertificates.keychain" -#define SYSTEM_TRUST_SETTINGS_PATH "/System/Library/Keychains/SystemTrustSettings.plist" - -/* - * The local admin cert store. - */ -#define ADMIN_CERT_STORE_PATH "/Library/Keychains/System.keychain" - -/* - * Per-user and local admin TrustSettings are stored in this directory. - * Per-user settings are of the form .plist. - */ -#define TRUST_SETTINGS_PATH "/Library/Trust Settings" -#define ADMIN_TRUST_SETTINGS "Admin.plist" - -/* - * Additional values for the SecTrustSettingsDomain enum. - */ -enum { - /* - * This indicates a TrustSettings that exists only in memory; it - * can't be written to disk. - */ - kSecTrustSettingsDomainMemory = 100 -}; - -typedef struct __SecTrustSettings *SecTrustSettingsRef; - -CFTypeID SecTrustSettingsGetTypeID(void); -OSStatus SecTrustSettingsCreateFromExternal(SecTrustSettingsDomain domain, - CFDataRef external, SecTrustSettingsRef *ts); -SecTrustSettingsRef SecTrustSettingsCreate(SecTrustSettingsDomain domain, - bool create, bool trim); -CFDataRef SecTrustSettingsCopyExternal(SecTrustSettingsRef ts); -void SecTrustSettingsSet(SecCertificateRef certRef, - CFTypeRef trustSettingsDictOrArray); - -/* - * Fundamental routine used to ascertain status of one cert. - * - * Returns true in *foundMatchingEntry if a trust setting matching - * specific constraints was found for the cert. Returns true in - * *foundAnyEntry if any entry was found for the cert, even if it - * did not match the specified constraints. The TP uses this to - * optimize for the case where a cert is being evaluated for - * one type of usage, and then later for another type. If - * foundAnyEntry is false, the second evaluation need not occur. - * - * Returns the domain in which a setting was found in *foundDomain. - * - * Allowed errors applying to the specified cert evaluation - * are returned in a mallocd array in *allowedErrors and must - * be freed by caller. - */ -OSStatus SecTrustSettingsEvaluateCertificate( - SecCertificateRef certificate, - SecPolicyRef policy, - SecTrustSettingsKeyUsage keyUsage, /* optional */ - bool isSelfSignedCert, /* for checking default setting */ - /* RETURNED values */ - SecTrustSettingsDomain *foundDomain, - CFArrayRef *allowedErrors, /* RETURNED */ - SecTrustSettingsResult *resultType, /* RETURNED */ - bool *foundMatchingEntry,/* RETURNED */ - bool *foundAnyEntry); /* RETURNED */ - -/* - * Add a cert's TrustSettings to a non-persistent TrustSettings record. - * Primarily intended for use in creating a system TrustSettings record - * (which is itself immutable via this module). - * - * The settingsIn argument is an external representation of a TrustSettings - * record, obtianed from this function or from - * SecTrustSettingsCreateExternalRepresentation(). - * If settingsIn is NULL, a new (empty) TrustSettings will be created. - * - * The certRef and trustSettingsDictOrArray arguments are as in - * SecTrustSettingsSetTrustSettings(). May be NULL, when e.g. creating - * a new and empty TrustSettings record. - * - * The external representation is written to the settingOut argument, - * which must eventually be CFReleased by the caller. - */ -#if SECTRUST_OSX -OSStatus SecTrustSettingsSetTrustSettingsExternal_ios( -#else -OSStatus SecTrustSettingsSetTrustSettingsExternal( -#endif - CFDataRef settingsIn, /* optional */ - SecCertificateRef certRef, /* optional */ - CFTypeRef trustSettingsDictOrArray, /* optional */ - CFDataRef *settingsOut); /* RETURNED */ - -#if (SECTRUST_OSX && !TARGET_OS_IPHONE) -/* - * A wrapper around SecTrustSettingsCopyCertificates that combines user and admin - * domain outputs. - */ -OSStatus SecTrustSettingsCopyCertificatesForUserAdminDomains( - CFArrayRef CF_RETURNS_RETAINED *certArray); - -/* - * Obtain Trust Settings for specified cert. - * Caller must CFRelease() the returned CFArray. - * Returns errSecItemNotFound if no Trust settings exist for the cert. - */ -OSStatus SecTrustSettingsCopyTrustSettings( - SecCertificateRef certRef, - SecTrustSettingsDomain domain, - CFArrayRef * CF_RETURNS_RETAINED trustSettings); /* RETURNED */ -#endif - -#ifdef __cplusplus -} -#endif - -#endif /* _SECURITY_SECTRUSTSETTINGSPRIV_H_ */ - diff --git a/OSX/sec/Security/SecTrustStore.c b/OSX/sec/Security/SecTrustStore.c index f4ea4a24..6b5c1049 100644 --- a/OSX/sec/Security/SecTrustStore.c +++ b/OSX/sec/Security/SecTrustStore.c @@ -40,7 +40,7 @@ #include #include #include "SecTrustPriv.h" -#include "SecTrustSettings.h" +#include #include #include #include "utilities/SecDb.h" diff --git a/OSX/sec/Security/SecuritydXPC.c b/OSX/sec/Security/SecuritydXPC.c index cfc717b1..225a6d65 100644 --- a/OSX/sec/Security/SecuritydXPC.c +++ b/OSX/sec/Security/SecuritydXPC.c @@ -35,7 +35,8 @@ const char *kSecXPCKeyOperation = "operation"; const char *kSecXPCKeyResult = "status"; const char *kSecXPCKeyError = "error"; const char *kSecXPCKeyClientToken = "client"; -const char *kSecXPCKeyPeerInfos = "peer-infos"; +const char *kSecXPCKeyPeerInfoArray = "peer-infos"; +const char *kSecXPCKeyPeerInfo = "peer-info"; const char *kSecXPCKeyUserLabel = "userlabel"; const char *kSecXPCKeyBackup = "backup"; const char *kSecXPCKeyKeybag = "keybag"; @@ -61,7 +62,10 @@ const char *kSecXPCKeyViewActionCode = "viewactioncode"; const char *kSecXPCKeyHSA2AutoAcceptInfo = "autoacceptinfo"; const char *kSecXPCKeyString = "cfstring"; const char *kSecXPCKeyArray = "cfarray"; +const char *kSecXPCKeySet = "cfset"; +const char *kSecXPCKeySet2 = "cfset2"; const char *kSecXPCKeyNewPublicBackupKey = "newPublicBackupKey"; +const char *kSecXPCKeyRecoveryPublicKey = "RecoveryPublicKey"; const char *kSecXPCKeyIncludeV0 = "includeV0"; const char *kSecXPCKeyReason = "reason"; const char *kSecXPCKeyEnabledViewsKey = "enabledViews"; @@ -135,12 +139,16 @@ CFStringRef SOSCCGetOperationDescription(enum SecXPCOperation op) return CFSTR("SyncIDSPeer"); case kSecXPCOpIDSDeviceID: return CFSTR("IDSDeviceID"); + case kSecXPCOpClearKVSPeerMessage: + return CFSTR("kSecXPCOpClearKVSPeerMessage"); case kSecXPCOpLoggedOutOfAccount: return CFSTR("LoggedOutOfAccount"); case kSecXPCOpPingTest: return CFSTR("PingTest"); case kSecXPCOpProcessSyncWithAllPeers: return CFSTR("ProcessSyncWithAllPeers"); + case kSecXPCOpProcessSyncWithPeers: + return CFSTR("ProcessSyncWithPeers"); case kSecXPCOpProcessUnlockNotification: return CFSTR("ProcessUnlockNotification"); case kSecXPCOpPurgeUserCredentials: @@ -273,6 +281,18 @@ CFStringRef SOSCCGetOperationDescription(enum SecXPCOperation op) return CFSTR("sec_delete_items_with_access_groups_id"); case kSecXPCOpPeersHaveViewsEnabled: return CFSTR("kSecXPCOpPeersHaveViewsEnabled"); + case kSecXPCOpRegisterRecoveryPublicKey: + return CFSTR("RegisterRecoveryPublicKey"); + case kSecXPCOpGetRecoveryPublicKey: + return CFSTR("GetRecoveryPublicKey"); + case kSecXPCOpCopyBackupInformation: + return CFSTR("CopyBackupInformation"); + case sec_device_is_internal_id: + return CFSTR("DeviceIsInternal"); + case kSecXPCOpMessageFromPeerIsPending: + return CFSTR("MessageFromPeerIsPending"); + case kSecXPCOpSendToPeerIsPending: + return CFSTR("SendToPeerIsPending"); default: return CFSTR("Unknown xpc operation"); } @@ -360,6 +380,18 @@ int SecXPCDictionaryDupFileDescriptor(xpc_object_t message, const char *key, CFE return fd; } +CFSetRef SecXPCDictionaryCopySet(xpc_object_t message, const char *key, CFErrorRef *error) { + CFTypeRef obj = SecXPCDictionaryCopyPList(message, key, error); + CFSetRef set = copyIfSet(obj, error); + if (obj && !set) { + CFStringRef description = CFCopyTypeIDDescription(CFGetTypeID(obj)); + SecError(errSecParam, error, CFSTR("object for key %s not set but %@"), key, description); + CFReleaseNull(description); + } + CFReleaseNull(obj); + return set; +} + CFArrayRef SecXPCDictionaryCopyArray(xpc_object_t message, const char *key, CFErrorRef *error) { CFTypeRef array = SecXPCDictionaryCopyPList(message, key, error); if (array) { diff --git a/OSX/sec/Security/SecuritydXPC.h b/OSX/sec/Security/SecuritydXPC.h index bd0b63be..8dcf9d8d 100644 --- a/OSX/sec/Security/SecuritydXPC.h +++ b/OSX/sec/Security/SecuritydXPC.h @@ -24,6 +24,7 @@ #include #include +#include #ifndef _UTILITIES_SECURITYDXPC_H_ #define _UTILITIES_SECURITYDXPC_H_ @@ -63,4 +64,6 @@ CFStringRef SecXPCDictionaryCopyString(xpc_object_t message, const char *key, CF bool SecXPCDictionaryCopyStringOptional(xpc_object_t message, const char *key, CFStringRef *pstring, CFErrorRef *error); +CFSetRef SecXPCDictionaryCopySet(xpc_object_t message, const char *key, CFErrorRef *error); + #endif diff --git a/OSX/sec/Security/Tool/keychain_add.c b/OSX/sec/Security/Tool/keychain_add.c index dc0c231d..b8555aec 100644 --- a/OSX/sec/Security/Tool/keychain_add.c +++ b/OSX/sec/Security/Tool/keychain_add.c @@ -26,7 +26,7 @@ #include #if TARGET_OS_EMBEDDED -#include "Securitycommands.h" +#include "SecurityCommands.h" #include "security.h" #include diff --git a/OSX/sec/Security/Tool/keychain_backup.c b/OSX/sec/Security/Tool/keychain_backup.c index 7d0dccbe..de2582ad 100644 --- a/OSX/sec/Security/Tool/keychain_backup.c +++ b/OSX/sec/Security/Tool/keychain_backup.c @@ -26,7 +26,7 @@ #include #if TARGET_OS_EMBEDDED -#include "Securitycommands.h" +#include "SecurityCommands.h" #include #include diff --git a/OSX/sec/Security/Tool/scep.c b/OSX/sec/Security/Tool/scep.c index 738b1af8..415543b7 100644 --- a/OSX/sec/Security/Tool/scep.c +++ b/OSX/sec/Security/Tool/scep.c @@ -470,6 +470,7 @@ extern int command_scep(int argc, char * const *argv) CFShow(caps_data); } CFRelease(caps_data); + CFRelease(caps_data_string); } } else { caps = CFStringCreateArrayBySeparatingStrings(kCFAllocatorDefault, scep_capabilities, CFSTR(",")); @@ -490,6 +491,7 @@ extern int command_scep(int argc, char * const *argv) // but for now to quiet the analyzer we reference them here. see scep.c, command_scep assumes 3des and sha1 (void) scep_use_3des; (void) scep_can_use_sha1; + CFRelease(caps); } scep_use_3des = true; diff --git a/OSX/sec/Security/Tool/spc.c b/OSX/sec/Security/Tool/spc.c index 6b695bcb..c9cd9288 100644 --- a/OSX/sec/Security/Tool/spc.c +++ b/OSX/sec/Security/Tool/spc.c @@ -243,7 +243,7 @@ out: return url; } -static CFURLRef scep_url_operation(CFStringRef base, CFStringRef operation, CFStringRef message) +static CF_RETURNS_RETAINED CFURLRef scep_url_operation(CFStringRef base, CFStringRef operation, CFStringRef message) { CFURLRef url = NULL; const void *keys[] = { CFSTR("operation"), CFSTR("message") }; @@ -395,7 +395,6 @@ static CF_RETURNS_RETAINED CFDictionaryRef get_encrypted_profile_packet(CFString if (error) { CFShow(error); errx(1, "failed to decode encrypted profile response"); - CFRelease(error); } if (CFGetTypeID(result) != CFDictionaryGetTypeID()) CFReleaseNull(result); @@ -410,11 +409,16 @@ static SecCertificateRef get_ca_cert(CFStringRef scep_base_url, CFStringRef scep CFURLRef url = scep_url_operation(scep_base_url, CFSTR("GetCACert"), scep_ca_name); CFHTTPMessageRef request = CFHTTPMessageCreateRequest(kCFAllocatorDefault, CFSTR("GET"), url, kCFHTTPVersion1_1); + CFReleaseSafe(url); CFHTTPMessageRef result = load_request(request, data, 1); + CFReleaseSafe(request); - if (!result) + if (!result) { + CFReleaseSafe(data); return NULL; + } CFStringRef contentTypeValue = CFHTTPMessageCopyHeaderFieldValue(result, CFSTR("Content-Type")); + CFReleaseSafe(result); // CFHTTPMessageRef response = CFHTTPMessageCreateEmpty(kCFAllocatorDefault, false); // CFHTTPMessageAppendBytes(response, CFDataGetBytePtr(data), CFDataGetLength(data)); // CFDataRef bodyValue = CFHTTPMessageCopyBody(response); diff --git a/OSX/sec/Security/Tool/verify_cert.c b/OSX/sec/Security/Tool/verify_cert.c index 3db25f96..d75876bb 100644 --- a/OSX/sec/Security/Tool/verify_cert.c +++ b/OSX/sec/Security/Tool/verify_cert.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003-2007,2009-2010,2013-2014 Apple Inc. All Rights Reserved. + * Copyright (c) 2003-2007,2009-2010,2013-2017 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * @@ -26,6 +26,7 @@ #define CFRELEASE(cf) if (cf) { CFRelease(cf); } #include +#include #include #include #include @@ -43,21 +44,28 @@ static int addCertFile(const char *fileName, CFMutableArrayRef *array) { unsigned char *buf = NULL; size_t numBytes; int rtn = 0; - + if (readFileSizet(fileName, &buf, &numBytes)) { rtn = -1; goto errOut; } - + dataRef = CFDataCreate(NULL, buf, numBytes); certRef = SecCertificateCreateWithData(NULL, dataRef); - + if (!certRef) { + certRef = SecCertificateCreateWithPEM(NULL, dataRef); + if (!certRef) { + rtn = -1; + goto errOut; + } + } + if (*array == NULL) { *array = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); } - + CFArrayAppendValue(*array, certRef); - + errOut: /* Cleanup */ free(buf); @@ -110,35 +118,35 @@ int verify_cert(int argc, char * const *argv) { extern char *optarg; extern int optind; int arg; - + CFMutableArrayRef certs = NULL; CFMutableArrayRef roots = NULL; CFMutableDictionaryRef dict = NULL; CFStringRef name = NULL; CFBooleanRef client = kCFBooleanFalse; - + OSStatus ortn; int ourRtn = 0; bool quiet = false; - + struct tm time; CFGregorianDate gregorianDate; CFDateRef dateRef = NULL; - + CFStringRef policy = NULL; SecPolicyRef policyRef = NULL; Boolean fetch = true; SecTrustRef trustRef = NULL; SecTrustResultType resultType; - + if (argc < 2) { /* Return 2 triggers usage message. */ return 2; } - + optind = 1; - + while ((arg = getopt(argc, argv, "c:r:p:d:n:LqC")) != -1) { switch (arg) { case 'c': @@ -190,14 +198,14 @@ int verify_cert(int argc, char * const *argv) { goto errOut; } } - + gregorianDate.second = time.tm_sec; gregorianDate.minute = time.tm_min; gregorianDate.hour = time.tm_hour; gregorianDate.day = time.tm_mday; gregorianDate.month = time.tm_mon + 1; gregorianDate.year = time.tm_year + 1900; - + if (dateRef == NULL) { dateRef = CFDateCreate(NULL, CFGregorianDateGetAbsoluteTime(gregorianDate, NULL)); } @@ -208,16 +216,16 @@ int verify_cert(int argc, char * const *argv) { goto errOut; } } - + if (optind != argc) { ourRtn = 2; goto errOut; } - + if (policy == NULL) { policy = kSecPolicyAppleX509Basic; } - + if (certs == NULL) { if (roots == NULL) { fprintf(stderr, "No certs specified.\n"); @@ -238,7 +246,7 @@ int verify_cert(int argc, char * const *argv) { /* Per-policy options */ if (!CFStringCompare(policy, kSecPolicyAppleSSL, 0) || !CFStringCompare(policy, kSecPolicyAppleIPsec, 0)) { dict = CFDictionaryCreateMutable(NULL, 2, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - + if (name == NULL) { fprintf(stderr, "Name not specified for IPsec or SSL policy. '-n' is a required option for these policies."); ourRtn = 2; @@ -249,12 +257,12 @@ int verify_cert(int argc, char * const *argv) { } else if (!CFStringCompare(policy, kSecPolicyAppleEAP, 0)) { dict = CFDictionaryCreateMutable(NULL, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - + CFDictionaryAddValue(dict, kSecPolicyClient, client); } else if (!CFStringCompare(policy, kSecPolicyAppleSMIME, 0)) { dict = CFDictionaryCreateMutable(NULL, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - + if (name == NULL) { fprintf(stderr, "Name not specified for SMIME policy. '-n' is a required option for this policy."); ourRtn = 2; @@ -262,9 +270,9 @@ int verify_cert(int argc, char * const *argv) { } CFDictionaryAddValue(dict, kSecPolicyName, name); } - + policyRef = SecPolicyCreateWithProperties(policy, dict); - + /* Now create a SecTrustRef and set its options */ ortn = SecTrustCreateWithCertificates(certs, policyRef, &trustRef); if (ortn) { @@ -290,7 +298,7 @@ int verify_cert(int argc, char * const *argv) { goto errOut; } } - + /* Set verification time for trust object */ if (dateRef != NULL) { ortn = SecTrustSetVerifyDate(trustRef, dateRef); @@ -300,7 +308,7 @@ int verify_cert(int argc, char * const *argv) { goto errOut; } } - + /* Evaluate certs */ ortn = SecTrustEvaluate(trustRef, &resultType); if (ortn) { diff --git a/OSX/sec/Security/certextensions.h b/OSX/sec/Security/certextensions.h deleted file mode 100644 index d6fbb4df..00000000 --- a/OSX/sec/Security/certextensions.h +++ /dev/null @@ -1,546 +0,0 @@ -/* - * Copyright (c) 2000-2009,2012 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - * - * CertExtensions.h -- X.509 Cert Extensions as C structs - */ - -#ifndef _CERT_EXTENSIONS_H_ -#define _CERT_EXTENSIONS_H_ - -#include -#include -//#include - -/*** - *** Structs for declaring extension-specific data. - ***/ - -/* - * GeneralName, used in AuthorityKeyID, SubjectAltName, and - * IssuerAltName. - * - * For now, we just provide explicit support for the types which are - * represented as IA5Strings, OIDs, and octet strings. Constructed types - * such as EDIPartyName and x400Address are not explicitly handled - * right now and must be encoded and decoded by the caller. (See exception - * for Name and OtherName, below). In those cases the SecCEGeneralName.name.Data field - * represents the BER contents octets; SecCEGeneralName.name.Length is the - * length of the contents; the tag of the field is not needed - the BER - * encoding uses context-specific implicit tagging. The berEncoded field - * is set to true in these case. Simple types have berEncoded = false. - * - * In the case of a GeneralName in the form of a Name, we parse the Name - * into a CSSM_X509_NAME and place a pointer to the CSSM_X509_NAME in the - * SecCEGeneralName.name.Data field. SecCEGeneralName.name.Length is set to - * sizeof(CSSM_X509_NAME). In this case berEncoded is false. - * - * In the case of a GeneralName in the form of a OtherName, we parse the fields - * into a SecCEOtherName and place a pointer to the SecCEOtherName in the - * SecCEGeneralName.name.Data field. SecCEGeneralName.name.Length is set to - * sizeof(SecCEOtherName). In this case berEncoded is false. - * - * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName - * - * GeneralName ::= CHOICE { - * otherName [0] OtherName - * rfc822Name [1] IA5String, - * dNSName [2] IA5String, - * x400Address [3] ORAddress, - * directoryName [4] Name, - * ediPartyName [5] EDIPartyName, - * uniformResourceIdentifier [6] IA5String, - * iPAddress [7] OCTET STRING, - * registeredID [8] OBJECT IDENTIFIER} - * - * OtherName ::= SEQUENCE { - * type-id OBJECT IDENTIFIER, - * value [0] EXPLICIT ANY DEFINED BY type-id } - * - * EDIPartyName ::= SEQUENCE { - * nameAssigner [0] DirectoryString OPTIONAL, - * partyName [1] DirectoryString } - */ -typedef enum { - GNT_OtherName = 0, - GNT_RFC822Name, - GNT_DNSName, - GNT_X400Address, - GNT_DirectoryName, - GNT_EdiPartyName, - GNT_URI, - GNT_IPAddress, - GNT_RegisteredID -} SecCEGeneralNameType; - -typedef struct { - DERItem typeId; - DERItem value; // unparsed, BER-encoded -} SecCEOtherName; - -typedef struct { - SecCEGeneralNameType nameType; // GNT_RFC822Name, etc. - bool berEncoded; - DERItem name; -} SecCEGeneralName; - -typedef struct { - uint32_t numNames; - SecCEGeneralName *generalName; -} SecCEGeneralNames; - -/* - * id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } - * - * AuthorityKeyIdentifier ::= SEQUENCE { - * keyIdentifier [0] KeyIdentifier OPTIONAL, - * authorityCertIssuer [1] GeneralNames OPTIONAL, - * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } - * - * KeyIdentifier ::= OCTET STRING - * - * CSSM OID = CSSMOID_AuthorityKeyIdentifier - */ -typedef struct { - bool keyIdentifierPresent; - DERItem keyIdentifier; - bool generalNamesPresent; - SecCEGeneralNames *generalNames; - bool serialNumberPresent; - DERItem serialNumber; -} SecCEAuthorityKeyID; - -/* - * id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } - * SubjectKeyIdentifier ::= KeyIdentifier - * - * CSSM OID = CSSMOID_SubjectKeyIdentifier - */ -typedef DERItem SecCESubjectKeyID; - -/* - * id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } - * - * KeyUsage ::= BIT STRING { - * digitalSignature (0), - * nonRepudiation (1), - * keyEncipherment (2), - * dataEncipherment (3), - * keyAgreement (4), - * keyCertSign (5), - * cRLSign (6), - * encipherOnly (7), - * decipherOnly (8) } - * - * CSSM OID = CSSMOID_KeyUsage - * - */ -typedef uint16_t SecCEKeyUsage; - -#define SecCEKU_DigitalSignature 0x8000 -#define SecCEKU_NonRepudiation 0x4000 -#define SecCEKU_KeyEncipherment 0x2000 -#define SecCEKU_DataEncipherment 0x1000 -#define SecCEKU_KeyAgreement 0x0800 -#define SecCEKU_KeyCertSign 0x0400 -#define SecCEKU_CRLSign 0x0200 -#define SecCEKU_EncipherOnly 0x0100 -#define SecCEKU_DecipherOnly 0x0080 - -/* - * id-ce-cRLReason OBJECT IDENTIFIER ::= { id-ce 21 } - * - * -- reasonCode ::= { CRLReason } - * - * CRLReason ::= ENUMERATED { - * unspecified (0), - * keyCompromise (1), - * cACompromise (2), - * affiliationChanged (3), - * superseded (4), - * cessationOfOperation (5), - * certificateHold (6), - * removeFromCRL (8) } - * - * CSSM OID = CSSMOID_CrlReason - * - */ -typedef uint32_t SecCECrlReason; - -#define SecCECR_Unspecified 0 -#define SecCECR_KeyCompromise 1 -#define SecCECR_CACompromise 2 -#define SecCECR_AffiliationChanged 3 -#define SecCECR_Superseded 4 -#define SecCECR_CessationOfOperation 5 -#define SecCECR_CertificateHold 6 -#define SecCECR_RemoveFromCRL 8 - -/* - * id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } - * - * SubjectAltName ::= GeneralNames - * - * CSSM OID = CSSMOID_SubjectAltName - * - * GeneralNames defined above. - */ - -/* - * id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37} - * - * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId* - * - * KeyPurposeId ::= OBJECT IDENTIFIER - * - * CSSM OID = CSSMOID_ExtendedKeyUsage - */ -typedef struct { - uint32_t numPurposes; - DERItem *purposes; // in Intel pre-encoded format -} SecCEExtendedKeyUsage; - -/* - * id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } - * - * BasicConstraints ::= SEQUENCE { - * cA BOOLEAN DEFAULT FALSE, - * pathLenConstraint INTEGER (0..MAX) OPTIONAL } - * - * CSSM OID = CSSMOID_BasicConstraints - */ -typedef struct { - bool present; - bool critical; - bool isCA; - bool pathLenConstraintPresent; - uint32_t pathLenConstraint; -} SecCEBasicConstraints; - -typedef struct { - bool present; - bool critical; - bool requireExplicitPolicyPresent; - uint32_t requireExplicitPolicy; - bool inhibitPolicyMappingPresent; - uint32_t inhibitPolicyMapping; -} SecCEPolicyConstraints; - -/* - * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } - * - * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation - * - * PolicyInformation ::= SEQUENCE { - * policyIdentifier CertPolicyId, - * policyQualifiers SEQUENCE SIZE (1..MAX) OF - * PolicyQualifierInfo OPTIONAL } - * - * CertPolicyId ::= OBJECT IDENTIFIER - * - * PolicyQualifierInfo ::= SEQUENCE { - * policyQualifierId PolicyQualifierId, - * qualifier ANY DEFINED BY policyQualifierId } - * - * -- policyQualifierIds for Internet policy qualifiers - * - * id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } - * id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } - * id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } - * - * PolicyQualifierId ::= - * OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) - * - * Qualifier ::= CHOICE { - * cPSuri CPSuri, - * userNotice UserNotice } - * - * CPSuri ::= IA5String - * - * UserNotice ::= SEQUENCE { - * noticeRef NoticeReference OPTIONAL, - * explicitText DisplayText OPTIONAL} - * - * NoticeReference ::= SEQUENCE { - * organization DisplayText, - * noticeNumbers SEQUENCE OF INTEGER } - * - * DisplayText ::= CHOICE { - * visibleString VisibleString (SIZE (1..200)), - * bmpString BMPString (SIZE (1..200)), - * utf8String UTF8String (SIZE (1..200)) } - * - * CSSM OID = CSSMOID_CertificatePolicies - * - * We only support down to the level of Qualifier, and then only the CPSuri - * choice. UserNotice is transmitted to and from this library as a raw - * CSSM_DATA containing the BER-encoded UserNotice sequence. - */ -#if 0 -typedef struct { - DERItem policyQualifierId; // CSSMOID_QT_CPS, CSSMOID_QT_UNOTICE - DERItem qualifier; // CSSMOID_QT_CPS: IA5String contents - // CSSMOID_QT_UNOTICE : Sequence contents -} SecCEPolicyQualifierInfo; -#endif - -typedef struct { - DERItem policyIdentifier; - DERItem policyQualifiers; -} SecCEPolicyInformation; - -typedef struct { - bool present; - bool critical; - size_t numPolicies; // size of *policies; - SecCEPolicyInformation *policies; -} SecCECertificatePolicies; - -typedef struct { - DERItem issuerDomainPolicy; - DERItem subjectDomainPolicy; -} SecCEPolicyMapping; - -/* - PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { - issuerDomainPolicy CertPolicyId, - subjectDomainPolicy CertPolicyId } -*/ -typedef struct { - bool present; - bool critical; - uint32_t numMappings; // size of *mappings; - SecCEPolicyMapping *mappings; -} SecCEPolicyMappings; - -#if 0 -typedef struct { - bool present; - bool critical; - uint32_t skipCerts; -} SecCEInhibitAnyPolicy; - -/* - * netscape-cert-type, a bit string. - * - * CSSM OID = CSSMOID_NetscapeCertType - * - * Bit fields defined in oidsattr.h: SecCENCT_SSL_Client, etc. - */ -typedef uint16_t SecCENetscapeCertType; - -/* - * CRLDistributionPoints. - * - * id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } - * - * cRLDistributionPoints ::= { - * CRLDistPointsSyntax } - * - * CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint - * - * NOTE: RFC 2459 claims that the tag for the optional DistributionPointName - * is IMPLICIT as shown here, but in practice it is EXPLICIT. It has to be - - * because the underlying type also uses an implicit tag for distinguish - * between CHOICEs. - * - * DistributionPoint ::= SEQUENCE { - * distributionPoint [0] DistributionPointName OPTIONAL, - * reasons [1] ReasonFlags OPTIONAL, - * cRLIssuer [2] GeneralNames OPTIONAL } - * - * DistributionPointName ::= CHOICE { - * fullName [0] GeneralNames, - * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } - * - * ReasonFlags ::= BIT STRING { - * unused (0), - * keyCompromise (1), - * cACompromise (2), - * affiliationChanged (3), - * superseded (4), - * cessationOfOperation (5), - * certificateHold (6) } - * - * CSSM OID = CSSMOID_CrlDistributionPoints - */ - -/* - * Note that this looks similar to SecCECrlReason, but that's an enum and this - * is an OR-able bit string. - */ -typedef uint8_t SecCECrlDistReasonFlags; - -#define SecCECD_Unspecified 0x80 -#define SecCECD_KeyCompromise 0x40 -#define SecCECD_CACompromise 0x20 -#define SecCECD_AffiliationChanged 0x10 -#define SecCECD_Superseded 0x08 -#define SecCECD_CessationOfOperation 0x04 -#define SecCECD_CertificateHold 0x02 - -typedef enum { - SecCECDNT_FullName, - SecCECDNT_NameRelativeToCrlIssuer -} SecCECrlDistributionPointNameType; - -typedef struct { - SecCECrlDistributionPointNameType nameType; - union { - SecCEGeneralNames *fullName; - CSSM_X509_RDN_PTR rdn; - } dpn; -} SecCEDistributionPointName; - -/* - * The top-level CRLDistributionPoint. - * All fields are optional; NULL pointers indicate absence. - */ -typedef struct { - SecCEDistributionPointName *distPointName; - bool reasonsPresent; - SecCECrlDistReasonFlags reasons; - SecCEGeneralNames *crlIssuer; -} SecCECRLDistributionPoint; - -typedef struct { - uint32_t numDistPoints; - SecCECRLDistributionPoint *distPoints; -} SecCECRLDistPointsSyntax; - -/* - * Authority Information Access and Subject Information Access. - * - * CSSM OID = CSSMOID_AuthorityInfoAccess - * CSSM OID = CSSMOID_SubjectInfoAccess - * - * SubjAuthInfoAccessSyntax ::= - * SEQUENCE SIZE (1..MAX) OF AccessDescription - * - * AccessDescription ::= SEQUENCE { - * accessMethod OBJECT IDENTIFIER, - * accessLocation GeneralName } - */ -typedef struct { - DERItem accessMethod; - SecCEGeneralName accessLocation; -} SecCEAccessDescription; - -typedef struct { - uint32_t numAccessDescriptions; - SecCEAccessDescription *accessDescriptions; -} SecCEAuthorityInfoAccess; - -/*** CRL extensions ***/ - -/* - * cRLNumber, an integer. - * - * CSSM OID = CSSMOID_CrlNumber - */ -typedef uint32_t SecCECrlNumber; - -/* - * deltaCRLIndicator, an integer. - * - * CSSM OID = CSSMOID_DeltaCrlIndicator - */ -typedef uint32_t SecCEDeltaCrl; - -/* - * IssuingDistributionPoint - * - * id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 } - * - * issuingDistributionPoint ::= SEQUENCE { - * distributionPoint [0] DistributionPointName OPTIONAL, - * onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, - * onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, - * onlySomeReasons [3] ReasonFlags OPTIONAL, - * indirectCRL [4] BOOLEAN DEFAULT FALSE } - * - * CSSM OID = CSSMOID_IssuingDistributionPoint - */ -typedef struct { - SecCEDistributionPointName *distPointName; // optional - bool onlyUserCertsPresent; - bool onlyUserCerts; - bool onlyCACertsPresent; - bool onlyCACerts; - bool onlySomeReasonsPresent; - SecCECrlDistReasonFlags onlySomeReasons; - bool indirectCrlPresent; - bool indirectCrl; -} SecCEIssuingDistributionPoint; - -/* - * An enumerated list identifying one of the above per-extension - * structs. - */ -typedef enum { - DT_AuthorityKeyID, // SecCEAuthorityKeyID - DT_SubjectKeyID, // SecCESubjectKeyID - DT_KeyUsage, // SecCEKeyUsage - DT_SubjectAltName, // implies SecCEGeneralName - DT_IssuerAltName, // implies SecCEGeneralName - DT_ExtendedKeyUsage, // SecCEExtendedKeyUsage - DT_BasicConstraints, // SecCEBasicConstraints - DT_CertPolicies, // SecCECertPolicies - DT_NetscapeCertType, // SecCENetscapeCertType - DT_CrlNumber, // SecCECrlNumber - DT_DeltaCrl, // SecCEDeltaCrl - DT_CrlReason, // SecCECrlReason - DT_CrlDistributionPoints, // SecCECRLDistPointsSyntax - DT_IssuingDistributionPoint,// SecCEIssuingDistributionPoint - DT_AuthorityInfoAccess, // SecCEAuthorityInfoAccess - DT_Other // unknown, raw data as a CSSM_DATA -} SecCEDataType; - -/* - * One unified representation of all the cert adn CRL extensions we know about. - */ -typedef union { - SecCEAuthorityKeyID authorityKeyID; - SecCESubjectKeyID subjectKeyID; - SecCEKeyUsage keyUsage; - SecCEGeneralNames subjectAltName; - SecCEGeneralNames issuerAltName; - SecCEExtendedKeyUsage extendedKeyUsage; - SecCEBasicConstraints basicConstraints; - SecCECertPolicies certPolicies; - SecCENetscapeCertType netscapeCertType; - SecCECrlNumber crlNumber; - SecCEDeltaCrl deltaCrl; - SecCECrlReason crlReason; - SecCECRLDistPointsSyntax crlDistPoints; - SecCEIssuingDistributionPoint issuingDistPoint; - SecCEAuthorityInfoAccess authorityInfoAccess; - DERItem rawData; // unknown, not decoded -} SecCEData; - -typedef struct { - SecCEDataType type; - SecCEData extension; - bool critical; -} SecCEDataAndType; -#endif /* 0 */ - -#endif /* _CERT_EXTENSIONS_H_ */ diff --git a/OSX/sec/Security/cssmapple.h b/OSX/sec/Security/cssmapple.h deleted file mode 100644 index fcead425..00000000 --- a/OSX/sec/Security/cssmapple.h +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright (c) 2000-2004,2013-2015 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - * - * cssmapple.h -- CSSM features specific to Apple's Implementation - */ - -#ifndef _CSSMAPPLE_H_ -#define _CSSMAPPLE_H_ 1 - - -#ifdef __cplusplus -extern "C" { -#endif - -#pragma clang diagnostic push -#pragma clang diagnostic ignored "-Wdeprecated-declarations" - -/* First, an array of bits indicating various status of the cert. */ -typedef uint32 CSSM_TP_APPLE_CERT_STATUS; -enum -{ - CSSM_CERT_STATUS_EXPIRED = 0x00000001, - CSSM_CERT_STATUS_NOT_VALID_YET = 0x00000002, - CSSM_CERT_STATUS_IS_IN_INPUT_CERTS = 0x00000004, - CSSM_CERT_STATUS_IS_IN_ANCHORS = 0x00000008, - CSSM_CERT_STATUS_IS_ROOT = 0x00000010, - CSSM_CERT_STATUS_IS_FROM_NET = 0x00000020, - /* settings found in per-user Trust Settings */ - CSSM_CERT_STATUS_TRUST_SETTINGS_FOUND_USER = 0x00000040, - /* settings found in Admin Trust Settings */ - CSSM_CERT_STATUS_TRUST_SETTINGS_FOUND_ADMIN = 0x00000080, - /* settings found in System Trust Settings */ - CSSM_CERT_STATUS_TRUST_SETTINGS_FOUND_SYSTEM = 0x00000100, - /* Trust Settings result = Trust */ - CSSM_CERT_STATUS_TRUST_SETTINGS_TRUST = 0x00000200, - /* Trust Settings result = Deny */ - CSSM_CERT_STATUS_TRUST_SETTINGS_DENY = 0x00000400, - /* Per-cert error ignored due to Trust Settings */ - CSSM_CERT_STATUS_TRUST_SETTINGS_IGNORED_ERROR = 0x00000800 -}; - -typedef struct { - CSSM_TP_APPLE_CERT_STATUS StatusBits; - uint32 NumStatusCodes; - CSSM_RETURN *StatusCodes; - - /* index into raw cert group or AnchorCerts depending on IS_IN_ANCHORS */ - uint32 Index; - - /* nonzero if cert came from a DLDB */ - CSSM_DL_DB_HANDLE DlDbHandle; - CSSM_DB_UNIQUE_RECORD_PTR UniqueRecord; - - /* CRLReason code if cert is revoked */ - sint32 CrlReason; - -} CSSM_TP_APPLE_EVIDENCE_INFO; - -#pragma clang diagnostic pop - -#ifdef __cplusplus -} -#endif // __cplusplus - -#endif /* _CSSMAPPLE_H_ */ diff --git a/OSX/sec/SecurityTool/syncbubble.m b/OSX/sec/SecurityTool/syncbubble.m index 51eb4554..5865de0a 100644 --- a/OSX/sec/SecurityTool/syncbubble.m +++ b/OSX/sec/SecurityTool/syncbubble.m @@ -57,8 +57,6 @@ command_bubble(__unused int argc, __unused char * const * argv) } else { errx(1, "%s", [[NSString stringWithFormat:@"sync bubble failed to inflate: %@\n", error] UTF8String]); } - if (error) - CFRelease(error); } return 0; diff --git a/OSX/sec/SharedWebCredential/swcagent-entitlements.plist b/OSX/sec/SharedWebCredential/swcagent-entitlements.plist new file mode 100644 index 00000000..ab1db4af --- /dev/null +++ b/OSX/sec/SharedWebCredential/swcagent-entitlements.plist @@ -0,0 +1,26 @@ + + + + + application-identifier + com.apple.securityd + com.apple.keystore.access-keychain-keys + + com.apple.keystore.lockassertion + + com.apple.private.associated-domains + + com.apple.private.necp.match + + com.apple.private.network.socket-delegate + + com.apple.mkb.usersession.info + + com.apple.private.applecredentialmanager.allow + + com.apple.private.MobileGestalt.AllowedProtectedKeys + + SerialNumber + + + diff --git a/OSX/sec/SharedWebCredential/swcagent.m b/OSX/sec/SharedWebCredential/swcagent.m index 0073745b..0ecbeda3 100644 --- a/OSX/sec/SharedWebCredential/swcagent.m +++ b/OSX/sec/SharedWebCredential/swcagent.m @@ -147,18 +147,9 @@ enum { @property(retain) NSString *client_name; @property(retain) NSString *path; @property(retain) NSBundle *bundle; --(void)dealloc; @end -@implementation Client --(void)dealloc -{ - [_client release]; - [_client_name release]; - [_path release]; - [_bundle release]; - [super dealloc]; -} +@implementation Client @end static Client *identify_client(pid_t pid) @@ -173,7 +164,6 @@ static Client *identify_client(pid_t pid) #if TARGET_OS_IPHONE if (proc_pidpath(pid, path_buf, sizeof(path_buf)) <= 0) { secnotice("swcagent", "Refusing client without path (pid %d)", pid); - [client release]; return nil; } #else @@ -189,12 +179,11 @@ static Client *identify_client(pid_t pid) if (!(client.path = [NSString stringWithUTF8String:path_buf]) || !(path_url = [NSURL fileURLWithPath:client.path])) { secnotice("swcagent", "Refusing client without path (pid %d)", pid); - [client release]; return nil; } NSURL *bundle_url; - if ((bundle_url = (NSURL *)_CFBundleCopyBundleURLForExecutableURL((__bridge CFURLRef)path_url)) && + if ((bundle_url = CFBridgingRelease(_CFBundleCopyBundleURLForExecutableURL((__bridge CFURLRef)path_url))) && (client.bundle = [NSBundle bundleWithURL:bundle_url]) && (client.client = [client.bundle bundleIdentifier])) { client.client_type = CLIENT_TYPE_BUNDLE_IDENTIFIER; @@ -210,8 +199,6 @@ static Client *identify_client(pid_t pid) } else { #if TARGET_OS_IPHONE secnotice("swcagent", "Refusing client without bundle identifier (%s)", path_buf); - [client release]; - [bundle_url release]; return nil; #else client.client_type = CLIENT_TYPE_EXECUTABLE_PATH; @@ -233,8 +220,7 @@ static Client *identify_client(pid_t pid) #endif } - [bundle_url release]; - return client; + return client; } struct __SecTask { @@ -776,43 +762,36 @@ static void swca_xpc_dictionary_handler(const xpc_connection_t connection, xpc_o if (replyMessage) { xpc_connection_send_message(connection, replyMessage); - xpc_release(replyMessage); - } - if (xpcError) { - xpc_release(xpcError); } CFReleaseSafe(error); CFReleaseSafe(accessGroups); - [client release]; } +static xpc_connection_t swclistener = NULL; + static void swca_xpc_init() { secdebug("swcagent_xpc", "start"); - xpc_connection_t listener = xpc_connection_create_mach_service(kSWCAXPCServiceName, NULL, XPC_CONNECTION_MACH_SERVICE_LISTENER); - if (!listener) { + swclistener = xpc_connection_create_mach_service(kSWCAXPCServiceName, NULL, XPC_CONNECTION_MACH_SERVICE_LISTENER); + if (!swclistener) { seccritical("swcagent failed to register xpc listener, exiting"); abort(); } - xpc_connection_set_event_handler(listener, ^(xpc_object_t connection) { + xpc_connection_set_event_handler(swclistener, ^(xpc_object_t connection) { if (xpc_get_type(connection) == XPC_TYPE_CONNECTION) { xpc_connection_set_event_handler(connection, ^(xpc_object_t event) { if (xpc_get_type(event) == XPC_TYPE_DICTIONARY) { - xpc_retain(connection); - xpc_retain(event); dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{ swca_xpc_dictionary_handler(connection, event); - xpc_release(event); - xpc_release(connection); }); } }); xpc_connection_resume(connection); } }); - xpc_connection_resume(listener); + xpc_connection_resume(swclistener); } int main(int argc, char *argv[]) @@ -828,7 +807,6 @@ int main(int argc, char *argv[]) swca_xpc_init(); dispatch_main(); } - return 0; } /* vi:set ts=4 sw=4 et: */ diff --git a/OSX/sec/SharedWebCredential/swcagent_client.h b/OSX/sec/SharedWebCredential/swcagent_client.h index 1e86b9b9..fdb1f2e8 100644 --- a/OSX/sec/SharedWebCredential/swcagent_client.h +++ b/OSX/sec/SharedWebCredential/swcagent_client.h @@ -49,7 +49,8 @@ extern const char *kSecXPCKeyOperation; extern const char *kSecXPCKeyResult; extern const char *kSecXPCKeyError; extern const char *kSecXPCKeyClientToken; -extern const char *kSecXPCKeyPeerInfos; +extern const char *kSecXPCKeyPeerInfoArray; +extern const char *kSecXPCKeyPeerInfo; extern const char *kSecXPCKeyUserLabel; extern const char *kSecXPCKeyDSID; extern const char *kSecXPCKeyUserPassword; diff --git a/OSX/sec/config/base.xcconfig b/OSX/sec/config/base.xcconfig deleted file mode 100644 index 8786c5f9..00000000 --- a/OSX/sec/config/base.xcconfig +++ /dev/null @@ -1,50 +0,0 @@ -CODE_SIGN_IDENTITY = - -GCC_VERSION = com.apple.compilers.llvm.clang.1_0 -DEBUG_INFORMATION_FORMAT = dwarf-with-dsym -CURRENT_PROJECT_VERSION = $(RC_ProjectSourceVersion) -VERSIONING_SYSTEM = apple-generic -DEAD_CODE_STRIPPING = YES - -ARCHS[sdk=macosx*] = $(ARCHS_STANDARD_32_64_BIT) - -GCC_WARN_CHECK_SWITCH_STATEMENTS = YES -GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO // should be YES at some point -CLANG_WARN_EMPTY_BODY = YES -GCC_WARN_FOUR_CHARACTER_CONSTANTS = YES -GCC_WARN_SHADOW = NO // should be yes -CLANG_WARN_CONSTANT_CONVERSION = YES -GCC_WARN_64_TO_32_BIT_CONVERSION = YES -CLANG_WARN_ENUM_CONVERSION = YES -CLANG_WARN_INT_CONVERSION = NO// should be yes -CLANG_WARN_IMPLICIT_SIGN_CONVERSION = NO // should be yes -GCC_WARN_INITIALIZER_NOT_FULLY_BRACKETED = YES -GCC_WARN_ABOUT_RETURN_TYPE = YES -GCC_WARN_MISSING_PARENTHESES = YES -GCC_WARN_ABOUT_MISSING_FIELD_INITIALIZERS = NO // should be yes -GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES -GCC_WARN_ABOUT_MISSING_NEWLINE = YES -//WARNING_CFLAGS -GCC_WARN_ABOUT_POINTER_SIGNEDNESS = YES -GCC_WARN_SIGN_COMPARE = YES -CLANG_WARN_SUSPICIOUS_IMPLICIT_CONVERSION = NO // should be yes -GCC_TREAT_INCOMPATIBLE_POINTER_TYPE_WARNINGS_AS_ERRORS = YES -GCC_TREAT_IMPLICIT_FUNCTION_DECLARATIONS_AS_ERRORS = YES -GCC_WARN_TYPECHECK_CALLS_TO_PRINTF = YES -GCC_WARN_UNINITIALIZED_AUTOS = YES -GCC_WARN_UNKNOWN_PRAGMAS = YES -GCC_WARN_UNUSED_FUNCTION = YES -GCC_WARN_UNUSED_LABEL = YES -GCC_WARN_UNUSED_PARAMETER = NO // should be yes -GCC_WARN_UNUSED_VALUE = YES -GCC_WARN_UNUSED_VARIABLE = YES - -// No executables are made in sec, it can't know how -// Therefore we shouldn't strip anyting -// if somehow we decide to, the default is debuggable. - -COPY_PHASE_STRIP = NO -STRIP_STYLE = debugging -STRIP_INSTALLED_PRODUCT = NO - -WARNING_CFLAGS = -Wglobal-constructors -Wno-deprecated-declarations $(inherited) -GCC_PREPROCESSOR_DEFINITIONS = $(inherited) OSSPINLOCK_USE_INLINED=0 diff --git a/OSX/sec/config/debug.xcconfig b/OSX/sec/config/debug.xcconfig deleted file mode 100644 index 727836ce..00000000 --- a/OSX/sec/config/debug.xcconfig +++ /dev/null @@ -1,6 +0,0 @@ -#include "base.xcconfig" - -OTHER_CFLAGS = $(inherited) -Wno-error=#warnings -GCC_TREAT_WARNINGS_AS_ERRORS = YES -GCC_OPTIMIZATION_LEVEL = 0 -GCC_PREPROCESSOR_DEFINITIONS = $(inherited) DEBUG=1 NO_SERVER=1 diff --git a/OSX/sec/config/lib-arc-only.xcconfig b/OSX/sec/config/lib-arc-only.xcconfig deleted file mode 100644 index 929e881f..00000000 --- a/OSX/sec/config/lib-arc-only.xcconfig +++ /dev/null @@ -1,9 +0,0 @@ -#include "lib.xcconfig" - -ARCHS[sdk=macosx*] = x86_64 -VALID_ARCHS[sdk=macosx*] = x86_64 - -// TODO: This horrible hack makes #import work on osx -HEADER_SEARCH_PATHS[sdk=macosx*] = $(PROJECT_DIR)/ProjectHeaders $(PROJECT_DIR)/../utilities $(PROJECT_DIR)/ipc $(PROJECT_DIR)/../libsecurity_asn1 $(PROJECT_DIR)/../regressions $(PROJECT_DIR)/../libsecurity_keychain/libDER $(BUILT_PRODUCTS_DIR)/usr/local/include $(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks/CarbonCore.framework/Headers - -CLANG_ENABLE_OBJC_ARC = YES diff --git a/OSX/sec/config/lib.xcconfig b/OSX/sec/config/lib.xcconfig deleted file mode 100644 index 231bce19..00000000 --- a/OSX/sec/config/lib.xcconfig +++ /dev/null @@ -1,28 +0,0 @@ -PRODUCT_NAME = $(TARGET_NAME) -EXECUTABLE_PREFIX = - -CODE_SIGN_IDENTITY = - -HEADER_SEARCH_PATHS = $(inherited) $(PROJECT_DIR) $(PROJECT_DIR)/ProjectHeaders $(PROJECT_DIR)/../utilities $(PROJECT_DIR)/ipc $(PROJECT_DIR)/../sectask $(PROJECT_DIR)/../libsecurity_asn1 $(PROJECT_DIR)/../libsecurity_ssl $(PROJECT_DIR)/../regressions $(PROJECT_DIR)/../libsecurity_keychain/libDER $(BUILT_PRODUCTS_DIR)/usr/local/include - -HEADER_SEARCH_PATHS[sdk=macosx*] = $(inherited) $(PROJECT_DIR)/../libsecurity_smime $(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks/CarbonCore.framework/Headers - -HEADER_SEARCH_PATHS[sdk=embedded*] = $(inherited) $(PROJECT_DIR)/../../libsecurity_smime $(PROJECT_DIR)/sectask - -OTHER_CFLAGS = -isystem$(SDKROOT)/System/Library/Frameworks/System.framework/PrivateHeaders -iframework$(SDKROOT)/System/Library/PrivateFrameworks $(inherited) - -COPY_PHASE_STRIP = NO -SKIP_INSTALL = YES -COPY_PHASE_STRIP = NO - -ALWAYS_SEARCH_USER_PATHS = YES - -GCC_C_LANGUAGE_STANDARD = gnu99 - -HEADERMAP_INCLUDES_FRAMEWORK_ENTRIES_FOR_ALL_PRODUCT_TYPES = NO - -WARNING_CFLAGS = $(inherited) -Wmost -Wno-four-char-constants -Wno-unknown-pragmas - -GCC_SYMBOLS_PRIVATE_EXTERN = NO - -SUPPORTED_PLATFORMS = macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator diff --git a/OSX/sec/config/release.xcconfig b/OSX/sec/config/release.xcconfig deleted file mode 100644 index ba9ecc81..00000000 --- a/OSX/sec/config/release.xcconfig +++ /dev/null @@ -1,4 +0,0 @@ -#include "base.xcconfig" - -GCC_PREPROCESSOR_DEFINITIONS = $(inherited) NDEBUG=1 -GCC_PREPROCESSOR_DEFINITIONS[sdk=embeddedsimulator*] = $(inherited) NO_SERVER=1 diff --git a/OSX/sec/ipc/client.c b/OSX/sec/ipc/client.c index 441dbf60..24eea6af 100644 --- a/OSX/sec/ipc/client.c +++ b/OSX/sec/ipc/client.c @@ -185,6 +185,7 @@ static bool is_trust_operation(enum SecXPCOperation op) { case sec_trust_evaluate_id: case sec_trust_store_copy_all_id: case sec_trust_store_copy_usage_constraints_id: + case sec_device_is_internal_id: return true; default: break; diff --git a/OSX/sec/ipc/securityd_client.h b/OSX/sec/ipc/securityd_client.h index e853f37c..29d841ac 100644 --- a/OSX/sec/ipc/securityd_client.h +++ b/OSX/sec/ipc/securityd_client.h @@ -40,7 +40,7 @@ typedef struct SecCertificatePath *SecCertificatePathRef; # endif // _SECURITY_SECCERTIFICATEPATH_H_ #endif // MINIMIZE_INCLUDES -#if TARGET_OS_EMBEDDED +#if TARGET_HAS_KEYSTORE #include #endif @@ -75,7 +75,7 @@ extern CFStringRef sSecXPCErrorDomain; extern const char *kSecXPCKeyOperation; extern const char *kSecXPCKeyResult; extern const char *kSecXPCKeyError; -extern const char *kSecXPCKeyPeerInfos; +extern const char *kSecXPCKeyPeerInfoArray; extern const char *kSecXPCKeyUserLabel; extern const char *kSecXPCKeyBackup; extern const char *kSecXPCKeyKeybag; @@ -84,6 +84,7 @@ extern const char *kSecXPCKeyDSID; extern const char *kSecXPCKeyViewName; extern const char *kSecXPCKeyViewActionCode; extern const char *kSecXPCKeyNewPublicBackupKey; +extern const char *kSecXPCKeyRecoveryPublicKey; extern const char *kSecXPCKeyIncludeV0; extern const char *kSecXPCKeyEnabledViewsKey; extern const char *kSecXPCKeyDisabledViewsKey; @@ -111,7 +112,8 @@ extern const char *kSecXPCKeyClasses; extern const char *kSecXPCKeyOperation; extern const char *kSecXPCKeyResult; extern const char *kSecXPCKeyError; -extern const char *kSecXPCKeyPeerInfos; +extern const char *kSecXPCKeyPeerInfoArray; +extern const char *kSecXPCKeyPeerInfo; extern const char *kSecXPCKeyUserLabel; extern const char *kSecXPCKeyUserPassword; extern const char *kSecXPCKeyDSID; @@ -136,6 +138,8 @@ extern const char *kSecXPCKeyEscrowLabel; extern const char *kSecXPCKeyTriesLabel; extern const char *kSecXPCKeyString; extern const char *kSecXPCKeyArray; +extern const char *kSecXPCKeySet; +extern const char *kSecXPCKeySet2; extern const char *kSecXPCKeyReason; @@ -193,6 +197,7 @@ enum SecXPCOperation { kSecXPCOpSendIDSMessage, kSecXPCOpPingTest, kSecXPCOpIDSDeviceID, + kSecXPCOpSyncWithKVSPeerIDOnly, // any process using an operation below here is required to have entitlement keychain-cloud-circle kSecXPCOpTryUserCredentials, kSecXPCOpSetUserCredentials, @@ -245,6 +250,10 @@ enum SecXPCOperation { kSecXPCOpJoinWithCircleJoiningBlob, kSecXPCOpAccountHasPublicKey, kSecXPCOpAccountIsNew, + kSecXPCOpClearKVSPeerMessage, + kSecXPCOpRegisterRecoveryPublicKey, + kSecXPCOpGetRecoveryPublicKey, + kSecXPCOpCopyBackupInformation, /* after this is free for all */ kSecXPCOpWhoAmI, kSecXPCOpTransmogrifyToSyncBubble, @@ -258,6 +267,10 @@ enum SecXPCOperation { kSecXPCOpIsThisDeviceLastBackup, sec_keychain_backup_keybag_uuid_id, kSecXPCOpPeersHaveViewsEnabled, + kSecXPCOpProcessSyncWithPeers, + sec_device_is_internal_id, + kSecXPCOpMessageFromPeerIsPending, + kSecXPCOpSendToPeerIsPending, }; @@ -269,7 +282,7 @@ typedef struct { bool isNetworkExtension; uid_t uid; CFDataRef musr; -#if TARGET_OS_EMBEDDED +#if TARGET_OS_EMBEDDED && TARGET_HAS_KEYSTORE keybag_handle_t keybag; #endif #if TARGET_OS_IPHONE @@ -298,6 +311,7 @@ struct securityd { bool (*sec_truststore_remove_all)(SecTrustStoreRef ts, CFErrorRef* error); // TODO: remove, has no msg id bool (*sec_item_delete_all)(CFErrorRef* error); SecTrustResultType (*sec_trust_evaluate)(CFArrayRef certificates, CFArrayRef anchors, bool anchorsOnly, bool keychainsAllowed, CFArrayRef policies, CFArrayRef responses, CFArrayRef SCTs, CFArrayRef trustedLogs, CFAbsoluteTime verifyTime, __unused CFArrayRef accessGroups, CFArrayRef *details, CFDictionaryRef *info, SecCertificatePathRef *chain, CFErrorRef *error); + bool (*sec_device_is_internal)(CFErrorRef* error); CFDataRef (*sec_keychain_backup)(SecurityClient *client, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error); bool (*sec_keychain_restore)(CFDataRef backup, SecurityClient *client, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error); CFDictionaryRef (*sec_keychain_backup_syncable)(CFDictionaryRef backup_in, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error); @@ -336,6 +350,8 @@ struct securityd { bool (*soscc_ViewSet)(CFSetRef enabledViews, CFSetRef disabledViews); SOSSecurityPropertyResultCode (*soscc_SecurityProperty)(CFStringRef property, SOSSecurityPropertyActionCode action, CFErrorRef *error); bool (*soscc_RegisterSingleRecoverySecret)(CFDataRef backupSlice, bool forV0Only, CFErrorRef *error); + bool (*soscc_RegisterRecoveryPublicKey)(CFDataRef recovery_key, CFErrorRef *error); + CFDataRef (*soscc_CopyRecoveryPublicKey)(CFErrorRef *error); bool (*soscc_RemoveThisDeviceFromCircle)(CFErrorRef* error); bool (*soscc_RemovePeersFromCircle)(CFArrayRef peers, CFErrorRef* error); bool (*soscc_LoggedOutOfAccount)(CFErrorRef* error); @@ -359,6 +375,7 @@ struct securityd { bool (*soscc_SetLastDepartureReason)(enum DepartureReason, CFErrorRef* error); CFArrayRef (*ota_CopyEscrowCertificates)(uint32_t escrowRootType, CFErrorRef* error); int (*sec_ota_pki_get_new_asset)(CFErrorRef* error); + CFSetRef (*soscc_ProcessSyncWithPeers)(CFSetRef peerIDs, CFSetRef backupPeerIDs, CFErrorRef* error); SyncWithAllPeersReason (*soscc_ProcessSyncWithAllPeers)(CFErrorRef* error); bool (*soscc_EnsurePeerRegistration)(CFErrorRef* error); bool (*sec_roll_keys)(bool force, CFErrorRef* error); @@ -372,6 +389,7 @@ struct securityd { CFArrayRef (*soscc_CopyYetToSyncViewsList)(CFErrorRef*); bool (*soscc_SetEscrowRecords)(CFStringRef escrow_label, uint64_t tries, CFErrorRef *error); CFDictionaryRef (*soscc_CopyEscrowRecords)(CFErrorRef *error); + CFDictionaryRef (*soscc_CopyBackupInformation)(CFErrorRef *error); bool (*soscc_PeerAvailability)(CFErrorRef *error); bool (*sosbskb_WrapToBackupSliceKeyBagForView)(CFStringRef viewName, CFDataRef input, CFDataRef* output, CFDataRef* bskbEncoded, CFErrorRef* error); CFDataRef (*soscc_CopyAccountState)(CFErrorRef *error); @@ -388,9 +406,13 @@ struct securityd { bool (*sec_trust_store_copy_usage_constraints)(SecTrustStoreRef ts, CFDataRef digest, CFArrayRef *usageConstraints, CFErrorRef *error); bool (*sec_delete_items_with_access_groups)(CFArrayRef bundleIDs, SecurityClient *client, CFErrorRef *error); bool (*soscc_IsThisDeviceLastBackup)(CFErrorRef *error); - bool (*soscc_requestSyncWithPeerOverKVS)(CFStringRef peerID, CFErrorRef *error); + bool (*soscc_requestSyncWithPeerOverKVS)(CFStringRef peerID, CFDataRef message, CFErrorRef *error); bool (*soscc_requestSyncWithPeerOverIDS)(CFStringRef peerID, CFErrorRef *error); CFBooleanRef (*soscc_SOSCCPeersHaveViewsEnabled)(CFArrayRef views, CFErrorRef *error); + bool (*socc_clearPeerMessageKeyInKVS)(CFStringRef peerID, CFErrorRef *error); + bool (*soscc_requestSyncWithPeerOverKVSIDOnly)(CFStringRef peerID, CFErrorRef *error); + bool (*soscc_SOSCCMessageFromPeerIsPending)(SOSPeerInfoRef peer, CFErrorRef* error); + bool (*soscc_SOSCCSendToPeerIsPending)(SOSPeerInfoRef peer, CFErrorRef* error); }; extern struct securityd *gSecurityd; diff --git a/OSX/sec/ipc/server.c b/OSX/sec/ipc/server.c index 8c252d63..73b00523 100644 --- a/OSX/sec/ipc/server.c +++ b/OSX/sec/ipc/server.c @@ -52,15 +52,19 @@ #include #include #include +#include +#include #include #include #include // 13B104+Roots:Device never moved past spinner after using approval to ENABLE icdp -#if TARGET_OS_EMBEDDED + +#if __has_include() && TARGET_HAS_KEYSTORE #include +#define HAVE_MOBILE_KEYBAG_SUPPORT 1 #endif -#if !TARGET_OS_IPHONE +#if TARGET_OS_OSX #include #include #endif @@ -126,10 +130,12 @@ static CFStringRef SecTaskCopyApplicationIdentifier(SecTaskRef task) { kSecEntitlementApplicationIdentifier); } +#if TARGET_OS_IOS static CFArrayRef SecTaskCopySharedWebCredentialDomains(SecTaskRef task) { return SecTaskCopyArrayOfStringsForEntitlement(task, kSecEntitlementAssociatedDomains); } +#endif static CFArrayRef SecTaskCopyAccessGroups(SecTaskRef task) { CFMutableArrayRef groups = NULL; @@ -142,7 +148,7 @@ static CFArrayRef SecTaskCopyAccessGroups(SecTaskRef task) { CFIndex asagLen = appleSecurityApplicationGroups ? CFArrayGetCount(appleSecurityApplicationGroups) : 0; bool entitlementsValidated = true; bool hasEntitlements = (kagLen + asagLen + (appID ? 1 : 0)) > 0; -#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) +#if TARGET_OS_OSX entitlementsValidated = SecTaskEntitlementsValidated(task); if ((appID || asagLen) && !entitlementsValidated) { CFReleaseNull(appID); @@ -198,15 +204,15 @@ static void secTaskDiagnoseEntitlements(CFArrayRef accessGroups) { if (rawEntitlements == NULL && error) { CFErrorDomain domain = CFErrorGetDomain(error); if (domain && CFEqual(domain, kCFErrorDomainPOSIX)) { - CFNumberRef code = CFErrorGetCode(error); - int errno; - if (code && CFNumberGetValue(code, kCFNumberIntType, &errno)) - switch (errno) { - case ESRCH: // no such process (bad pid or process died) - return; - default: - break; - } + CFIndex c = CFErrorGetCode(error); + int err = (int) c; + + switch (err) { + case ESRCH: // no such process (bad pid or process died) + return; + default: + break; + } } } @@ -253,6 +259,7 @@ static bool SecTaskGetBooleanValueForEntitlement(SecTaskRef task, return ok; } +#if !TRUSTD_SERVER static void with_label_and_password(xpc_object_t message, void (^action)(CFStringRef label, CFDataRef password)) { const char *label_utf8 = xpc_dictionary_get_string(message, kSecXPCKeyUserLabel); @@ -298,6 +305,7 @@ static void with_label_and_number(xpc_object_t message, void (^action)(CFStringR action(user_label, number); CFReleaseNull(user_label); } +#endif /* !TRUSTD_SERVER */ static bool SecXPCDictionarySetChainOptional(xpc_object_t message, const char *key, SecCertificatePathRef path, CFErrorRef *error) { if (!path) @@ -437,6 +445,16 @@ static bool SecXPCDictionaryCopyCFDataArrayOptional(xpc_object_t message, const return *data_array != NULL; } +static SOSPeerInfoRef SecXPCDictionaryCopyPeerInfo(xpc_object_t message, const char *key, CFErrorRef *error) { + size_t length = 0; + const uint8_t *der = xpc_dictionary_get_data(message, key, &length); + + SecRequirementError(der != NULL, error, CFSTR("No data for key %s"), key); + + return der ? SOSPeerInfoCreateFromDER(kCFAllocatorDefault, error, &der, der + length) : NULL; + +} + static CFSetRef SecXPCSetCreateFromXPCDictionaryElement(xpc_object_t event, const char *key) { CFErrorRef error = NULL; xpc_object_t object = xpc_dictionary_get_value(event, key); @@ -493,7 +511,7 @@ SecDataCopyMmapFileDescriptor(int fd, void **mem, size_t *size, CFErrorRef *erro return CFDataCreateWithBytesNoCopy(NULL, *mem, *size, kCFAllocatorNull); } -static CFDataRef +static bool SecDataWriteFileDescriptor(int fd, CFDataRef data) { CFIndex count = CFDataGetLength(data); @@ -572,7 +590,8 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, // TODO: Find out what we're dispatching. replyMessage = xpc_dictionary_create_reply(event); -#if TARGET_OS_IOS && !TARGET_OS_SIMULATOR +#if HAVE_MOBILE_KEYBAG_SUPPORT && TARGET_OS_EMBEDDED + if (inMultiUser) { client.activeUser = MKBForegroundUserSessionID(&error); if (client.activeUser == -1 || client.activeUser == 0) { @@ -623,15 +642,14 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, client.allowSystemKeychain = SecTaskGetBooleanValueForEntitlement(client.task, kSecEntitlementPrivateSystemKeychain); client.isNetworkExtension = SecTaskGetBooleanValueForEntitlement(client.task, kSecEntitlementPrivateNetworkExtension); #endif -#if TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR +#if HAVE_MOBILE_KEYBAG_SUPPORT && TARGET_OS_EMBEDDED if (client.inMultiUser) { client.allowSyncBubbleKeychain = SecTaskGetBooleanValueForEntitlement(client.task, kSecEntitlementPrivateKeychainSyncBubble); } #endif secinfo("serverxpc", "XPC [%@] operation: %@ (%" PRIu64 ")", client.task, SOSCCGetOperationDescription((enum SecXPCOperation)operation), operation); - if (true) { - switch (operation) + switch (operation) { #if !TRUSTD_SERVER case sec_item_add_id: @@ -851,6 +869,12 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, CFReleaseSafe(trustedLogs); break; } + case sec_device_is_internal_id: + { + bool retval = SecIsDeviceInternal(NULL); + xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, retval); + break; + } #if !TRUSTD_SERVER case sec_keychain_backup_id: { @@ -1333,7 +1357,13 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, CFReleaseNull(IDS); } break; - + case kSecXPCOpClearKVSPeerMessage: + if (EntitlementPresentOrWhine(operation, client.task, kSecEntitlementKeychainCloudCircle, &error)) { + CFStringRef peerID = SecXPCDictionaryCopyString(event, kSecXPCKeyDeviceID, &error); + xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, SOSCCClearPeerMessageKeyInKVS_Server(peerID, &error)); + CFReleaseNull(peerID); + } + break; case kSecXPCOpSendIDSMessage: if (EntitlementPresentOrWhine(operation, client.task, kSecEntitlementKeychainCloudCircle, &error)) { CFStringRef message = SecXPCDictionaryCopyString(event, kSecXPCKeySendIDSMessage, &error); @@ -1344,17 +1374,18 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, case kSecXPCOpSyncWithKVSPeer: if (EntitlementPresentOrWhine(operation, client.task, kSecEntitlementKeychainCloudCircle, &error)) { CFStringRef peerID = SecXPCDictionaryCopyString(event, kSecXPCKeyDeviceID, &error); - xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, SOSCCRequestSyncWithPeerOverKVS(peerID, &error)); + CFDataRef message = SecXPCDictionaryCopyData(event, kSecXPCKeyIDSMessage, &error); + xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, SOSCCRequestSyncWithPeerOverKVS_Server(peerID, message, &error)); CFReleaseNull(peerID); } break; - case kSecXPCOpSyncWithIDSPeer: - if (EntitlementPresentOrWhine(operation, client.task, kSecEntitlementKeychainCloudCircle, &error)) { - CFStringRef deviceID = SecXPCDictionaryCopyString(event, kSecXPCKeyDeviceID, &error); - xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, SOSCCRequestSyncWithPeerOverIDS(deviceID, &error)); - CFReleaseNull(deviceID); - } - break; + case kSecXPCOpSyncWithKVSPeerIDOnly: + if (EntitlementPresentOrWhine(operation, client.task, kSecEntitlementKeychainCloudCircle, &error)) { + CFStringRef peerID = SecXPCDictionaryCopyString(event, kSecXPCKeyDeviceID, &error); + xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, SOSCCRequestSyncWithPeerOverKVSUsingIDOnly_Server(peerID, &error)); + CFReleaseNull(peerID); + } + break; case kSecXPCOpPingTest: if (EntitlementPresentOrWhine(operation, client.task, kSecEntitlementKeychainCloudCircle, &error)) { CFStringRef message = SecXPCDictionaryCopyString(event, kSecXPCKeySendIDSMessage, &error); @@ -1392,7 +1423,7 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, break; case kSecXPCOpRemovePeersFromCircle: if (EntitlementPresentOrWhine(operation, client.task, kSecEntitlementKeychainCloudCircle, &error)) { - CFArrayRef applicants = SecXPCDictionaryCopyPeerInfoArray(event, kSecXPCKeyPeerInfos, &error); + CFArrayRef applicants = SecXPCDictionaryCopyPeerInfoArray(event, kSecXPCKeyPeerInfoArray, &error); xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, SOSCCRemovePeersFromCircle_Server(applicants, &error)); CFReleaseNull(applicants); @@ -1413,7 +1444,7 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, break; case kSecXPCOpAcceptApplicants: if (EntitlementPresentOrWhine(operation, client.task, kSecEntitlementKeychainCloudCircle, &error)) { - xpc_object_t xapplicants = xpc_dictionary_get_value(event, kSecXPCKeyPeerInfos); + xpc_object_t xapplicants = xpc_dictionary_get_value(event, kSecXPCKeyPeerInfoArray); CFArrayRef applicants = CreateArrayOfPeerInfoWithXPCObject(xapplicants, &error); //(CFArrayRef)(_CFXPCCreateCFObjectFromXPCObject(xapplicants)); xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, (applicants && SOSCCAcceptApplicants_Server(applicants, &error))); @@ -1422,7 +1453,7 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, break; case kSecXPCOpRejectApplicants: if (EntitlementPresentOrWhine(operation, client.task, kSecEntitlementKeychainCloudCircle, &error)) { - xpc_object_t xapplicants = xpc_dictionary_get_value(event, kSecXPCKeyPeerInfos); + xpc_object_t xapplicants = xpc_dictionary_get_value(event, kSecXPCKeyPeerInfoArray); CFArrayRef applicants = CreateArrayOfPeerInfoWithXPCObject(xapplicants, &error); //(CFArrayRef)(_CFXPCCreateCFObjectFromXPCObject(xapplicants)); xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, (applicants && SOSCCRejectApplicants_Server(applicants, &error))); @@ -1447,6 +1478,28 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, } } break; + case kSecXPCOpRegisterRecoveryPublicKey: + { + if (EntitlementPresentAndTrue(operation, client.task, kSecEntitlementRestoreKeychain, &error)) { + CFDataRef recovery_key = SecXPCDictionaryCopyData(event, kSecXPCKeyRecoveryPublicKey, &error); + xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, SOSCCRegisterRecoveryPublicKey_Server(recovery_key, &error)); + CFReleaseNull(recovery_key); + } + } + break; + case kSecXPCOpGetRecoveryPublicKey: + { + if (EntitlementPresentAndTrue(operation, client.task, kSecEntitlementRestoreKeychain, &error)) { + xpc_object_t xpc_recovery_object = NULL; + CFDataRef recovery = SOSCCCopyRecoveryPublicKey(&error); + if(recovery) + xpc_recovery_object = _CFXPCCreateXPCObjectFromCFObject(recovery); + + xpc_dictionary_set_value(replyMessage, kSecXPCKeyResult, xpc_recovery_object); + CFReleaseNull(recovery); + } + } + break; case kSecXPCOpSetBagForAllSlices: { if (EntitlementPresentAndTrue(operation, client.task, kSecEntitlementRestoreKeychain, &error)) { @@ -1552,11 +1605,15 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, { if (EntitlementPresentAndTrue(operation, client.task, kSecEntitlementKeychainCloudCircle, &error)) { CFArrayRef array = SOSCCCopyEngineState_Server(&error); - if (array) { - xpc_object_t xpc_array = _CFXPCCreateXPCObjectFromCFObject(array); - xpc_dictionary_set_value(replyMessage, kSecXPCKeyResult, xpc_array); - xpc_release(xpc_array); - } + CFDataRef derData = NULL; + + require_quiet(array, done); + derData = CFPropertyListCreateDERData(kCFAllocatorDefault, array, &error); + + require_quiet(derData, done); + xpc_dictionary_set_data(replyMessage, kSecXPCKeyResult, CFDataGetBytePtr(derData), CFDataGetLength(derData)); + done: + CFReleaseNull(derData); CFReleaseNull(array); } } @@ -1599,16 +1656,31 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, int32_t reason = (int32_t) xpc_dictionary_get_int64(event, kSecXPCKeyReason); xpc_dictionary_set_int64(replyMessage, kSecXPCKeyResult, SOSCCSetLastDepartureReason_Server(reason, &error)); - break; } + break; + case kSecXPCOpProcessSyncWithPeers: + if (EntitlementPresentAndTrue(operation, client.task, kSecEntitlementKeychainSyncUpdates, &error)) { + CFSetRef peers = SecXPCDictionaryCopySet(event, kSecXPCKeySet, &error); + CFSetRef backupPeers = SecXPCDictionaryCopySet(event, kSecXPCKeySet2, &error); + if (peers && backupPeers) { + CFSetRef result = SOSCCProcessSyncWithPeers_Server(peers, backupPeers, &error); + if (result) { + SecXPCDictionarySetPList(replyMessage, kSecXPCKeyResult, result, &error); + } + CFReleaseNull(result); + } + CFReleaseNull(peers); + CFReleaseNull(backupPeers); + } + break; case kSecXPCOpProcessSyncWithAllPeers: - if (EntitlementPresentOrWhine(operation, client.task, kSecEntitlementKeychainCloudCircle, &error)) { + if (EntitlementPresentAndTrue(operation, client.task, kSecEntitlementKeychainSyncUpdates, &error)) { xpc_dictionary_set_int64(replyMessage, kSecXPCKeyResult, SOSCCProcessSyncWithAllPeers_Server(&error)); } break; case soscc_EnsurePeerRegistration_id: - if (EntitlementPresentOrWhine(operation, client.task, kSecEntitlementKeychainCloudCircle, &error)) { + if (EntitlementPresentAndTrue(operation, client.task, kSecEntitlementKeychainSyncUpdates, &error)) { xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, SOSCCProcessEnsurePeerRegistration_Server(&error)); } @@ -1618,8 +1690,8 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, CFStringRef iis = SOSCCCopyIncompatibilityInfo_Server(&error); SecXPCDictionarySetString(replyMessage, kSecXPCKeyResult, iis, &error); CFReleaseSafe(iis); - break; } + break; case kSecXPCOpOTAGetEscrowCertificates: { uint32_t escrowRootType = (uint32_t)xpc_dictionary_get_uint64(event, "escrowType"); @@ -1712,6 +1784,18 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, CFReleaseNull(record); } break; + case kSecXPCOpCopyBackupInformation: + if (EntitlementPresentOrWhine(operation, client.task, kSecEntitlementKeychainCloudCircle, &error)) { + CFDictionaryRef record = SOSCCCopyBackupInformation_Server(&error); + if (record) { + xpc_object_t xpc_dictionary = _CFXPCCreateXPCObjectFromCFObject(record); + xpc_dictionary_set_value(replyMessage, kSecXPCKeyResult, xpc_dictionary); + xpc_release(xpc_dictionary); + } + CFReleaseNull(record); + } + break; + case kSecXPCOpCheckPeerAvailability: if (EntitlementPresentOrWhine(operation, client.task, kSecEntitlementKeychainCloudCircle, &error)) { xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, SOSCCCheckPeerAvailability_Server(&error)); @@ -1792,7 +1876,7 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, } } - break; + break; case kSecXPCOpWrapToBackupSliceKeyBagForView: { CFStringRef viewname = SecXPCDictionaryCopyString(event, kSecXPCKeyViewName, &error); @@ -1858,6 +1942,26 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, CFReleaseNull(joiningBlob); } break; + case kSecXPCOpMessageFromPeerIsPending: + { + SOSPeerInfoRef peer = SecXPCDictionaryCopyPeerInfo(event, kSecXPCKeyPeerInfo, &error); + if (peer) { + xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, + SOSCCMessageFromPeerIsPending_Server(peer, &error)); + } + CFReleaseNull(peer); + break; + } + case kSecXPCOpSendToPeerIsPending: + { + SOSPeerInfoRef peer = SecXPCDictionaryCopyPeerInfo(event, kSecXPCKeyPeerInfo, &error); + if (peer) { + xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, + SOSCCSendToPeerIsPending(peer, &error)); + } + CFReleaseNull(peer); + break; + } case sec_delete_items_with_access_groups_id: { bool retval = false; @@ -1868,7 +1972,6 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, if (accessGroups) { retval = _SecItemServerDeleteAllWithAccessGroups(accessGroups, &client, &error); } - xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, retval); CFReleaseNull(accessGroups); } #endif @@ -1880,8 +1983,6 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, break; } - } - if (error) { if(SecErrorGetOSStatus(error) == errSecItemNotFound || isSOSErrorCoded(error, kSOSErrorPublicKeyAbsent)) @@ -2015,7 +2116,7 @@ int main(int argc, char *argv[]) kill(getpid(), SIGSTOP); } -#if TARGET_OS_IOS && !TARGET_OS_SIMULATOR +#if HAVE_MOBILE_KEYBAG_SUPPORT && TARGET_OS_EMBEDDED { CFDictionaryRef deviceMode = MKBUserTypeDeviceMode(NULL, NULL); CFTypeRef value = NULL; @@ -2066,8 +2167,6 @@ int main(int argc, char *argv[]) #endif dispatch_main(); - - return 0; } /* vi:set ts=4 sw=4 et: */ diff --git a/OSX/sec/sec.xcodeproj/project.pbxproj b/OSX/sec/sec.xcodeproj/project.pbxproj deleted file mode 100644 index b3b69d5b..00000000 --- a/OSX/sec/sec.xcodeproj/project.pbxproj +++ /dev/null @@ -1,3871 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 093F67A41CC1171B0033151D /* SecKeyAdaptors.c in Sources */ = {isa = PBXBuildFile; fileRef = 093F67A21CC1171B0033151D /* SecKeyAdaptors.c */; }; - 093F67A51CC1171B0033151D /* SecKeyAdaptors.c in Sources */ = {isa = PBXBuildFile; fileRef = 093F67A21CC1171B0033151D /* SecKeyAdaptors.c */; }; - 093F67A61CC1171B0033151D /* SecKeyAdaptors.c in Sources */ = {isa = PBXBuildFile; fileRef = 093F67A21CC1171B0033151D /* SecKeyAdaptors.c */; }; - 0982E02C1D19695B0060002E /* si-44-seckey-ec.m in Sources */ = {isa = PBXBuildFile; fileRef = 0982E02B1D19695B0060002E /* si-44-seckey-ec.m */; }; - 09AE116F1CEDA1E4004C617D /* si-44-seckey-ies.m in Sources */ = {isa = PBXBuildFile; fileRef = 09AE116D1CEDA17A004C617D /* si-44-seckey-ies.m */; }; - 09D1FC1F1CDCBABF00A82D0D /* si-44-seckey-gen.m in Sources */ = {isa = PBXBuildFile; fileRef = 09D1FC1D1CDCBA8800A82D0D /* si-44-seckey-gen.m */; }; - 09EC947F1CEDEA70003E5101 /* si-44-seckey-rsa.m in Sources */ = {isa = PBXBuildFile; fileRef = 09EC947E1CEDEA70003E5101 /* si-44-seckey-rsa.m */; }; - 0C062B1F175E784B00806CFE /* secd-30-keychain-upgrade.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C062B1C175E784B00806CFE /* secd-30-keychain-upgrade.c */; }; - 0C062B20175E784B00806CFE /* secd-31-keychain-bad.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C062B1D175E784B00806CFE /* secd-31-keychain-bad.c */; }; - 0C062B21175E784B00806CFE /* secd-31-keychain-unreadable.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C062B1E175E784B00806CFE /* secd-31-keychain-unreadable.c */; }; - 0C0BDB611756882A00BC1A7E /* secd_regressions.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C0BDB601756882A00BC1A7E /* secd_regressions.h */; }; - 0C0BDB63175688DA00BC1A7E /* secd-01-items.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C0BDB62175688DA00BC1A7E /* secd-01-items.c */; }; - 0C0C887A1CCED00E00617D1B /* shared_regressions.h in Headers */ = {isa = PBXBuildFile; fileRef = D40771B21C9B4CE50016AA66 /* shared_regressions.h */; }; - 0C27C3E81D6F8BB1008CB02F /* secd-201-coders.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C87F8301D6F838200A9EC17 /* secd-201-coders.c */; }; - 0C3276C31CB329AB005D6DDC /* secd_77_ids_messaging.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C3276C21CB329AB005D6DDC /* secd_77_ids_messaging.c */; }; - 0C60F39C1CAF0E8E00221D24 /* secd-76-idstransport.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C60F39B1CAF0E8E00221D24 /* secd-76-idstransport.c */; }; - 0C664AE8175951270092D3D9 /* secd-02-upgrade-while-locked.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C664AE7175951270092D3D9 /* secd-02-upgrade-while-locked.c */; }; - 0CBF93F8177B7CFC001E5658 /* secd-03-corrupted-items.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CBF93F5177B7CFC001E5658 /* secd-03-corrupted-items.c */; }; - 0CBF93F9177B7CFC001E5658 /* secd-04-corrupted-items.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CBF93F6177B7CFC001E5658 /* secd-04-corrupted-items.c */; }; - 0CBF93FC177BA9D9001E5658 /* secd-05-corrupted-items.m in Sources */ = {isa = PBXBuildFile; fileRef = 0CBF93FB177BA9D9001E5658 /* secd-05-corrupted-items.m */; }; - 0CE7ABDF171383E30088968F /* keychain_backup.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CE7ABDE171383E30088968F /* keychain_backup.c */; }; - 0CFDBAD91D6FC58D00826CDE /* SOSEnginePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 0CFDBAD81D6FC58D00826CDE /* SOSEnginePriv.h */; }; - 18270F5914CF654400B05E7F /* client.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD560614CB6E7A008233F2 /* client.c */; }; - 18AD560F14CB6E7A008233F2 /* securityd_client.h in Headers */ = {isa = PBXBuildFile; fileRef = 18AD560814CB6E7A008233F2 /* securityd_client.h */; }; - 18AD566714CB70A8008233F2 /* SecItem.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD563714CB6EB9008233F2 /* SecItem.c */; }; - 18D4043914CE1FE400A2BE4E /* p12import.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD561614CB6EB9008233F2 /* p12import.c */; }; - 18D4043A14CE1FE400A2BE4E /* p12pbegen.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD561814CB6EB9008233F2 /* p12pbegen.c */; }; - 18D4043B14CE1FE400A2BE4E /* pbkdf2.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD561A14CB6EB9008233F2 /* pbkdf2.c */; }; - 18D4043C14CE1FE400A2BE4E /* SecBase64.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD561D14CB6EB9008233F2 /* SecBase64.c */; }; - 18D4043D14CE1FE400A2BE4E /* SecCertificate.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD562014CB6EB9008233F2 /* SecCertificate.c */; }; - 18D4043E14CE1FE400A2BE4E /* SecCertificatePath.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD562314CB6EB9008233F2 /* SecCertificatePath.c */; }; - 18D4043F14CE1FE400A2BE4E /* SecCertificateRequest.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD562614CB6EB9008233F2 /* SecCertificateRequest.c */; }; - 18D4044014CE1FE400A2BE4E /* SecCMS.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD562814CB6EB9008233F2 /* SecCMS.c */; }; - 18D4044114CE1FE400A2BE4E /* SecDH.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD562A14CB6EB9008233F2 /* SecDH.c */; }; - 18D4044214CE1FE400A2BE4E /* SecECKey.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD562C14CB6EB9008233F2 /* SecECKey.c */; }; - 18D4044314CE1FE400A2BE4E /* SecFramework.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD562E14CB6EB9008233F2 /* SecFramework.c */; }; - 18D4044414CE1FE400A2BE4E /* SecIdentity.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD563114CB6EB9008233F2 /* SecIdentity.c */; }; - 18D4044514CE1FE400A2BE4E /* SecImportExport.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD563414CB6EB9008233F2 /* SecImportExport.c */; }; - 18D4044614CE1FE400A2BE4E /* SecItem.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD563714CB6EB9008233F2 /* SecItem.c */; }; - 18D4044714CE1FE400A2BE4E /* SecItemConstants.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD563914CB6EB9008233F2 /* SecItemConstants.c */; }; - 18D4044814CE1FE400A2BE4E /* SecKey.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD563C14CB6EB9008233F2 /* SecKey.c */; }; - 18D4044914CE1FE400A2BE4E /* SecPBKDF.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD564014CB6EB9008233F2 /* SecPBKDF.c */; }; - 18D4044A14CE1FE400A2BE4E /* SecPolicy.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD564214CB6EB9008233F2 /* SecPolicy.c */; }; - 18D4044B14CE1FE400A2BE4E /* SecRSAKey.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD564714CB6EB9008233F2 /* SecRSAKey.c */; }; - 18D4044C14CE1FE400A2BE4E /* SecSCEP.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD564A14CB6EB9008233F2 /* SecSCEP.c */; }; - 18D4044D14CE1FE400A2BE4E /* SecTrust.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD564C14CB6EB9008233F2 /* SecTrust.c */; }; - 18D4044E14CE1FE400A2BE4E /* SecTrustSettings.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD564F14CB6EB9008233F2 /* SecTrustSettings.c */; }; - 18D4044F14CE1FE400A2BE4E /* SecTrustStore.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD565214CB6EB9008233F2 /* SecTrustStore.c */; }; - 18D4045014CE1FE400A2BE4E /* vmdh.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD565514CB6EB9008233F2 /* vmdh.c */; }; - 18D4056614CE53DD00A2BE4E /* asynchttp.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD567D14CB865E008233F2 /* asynchttp.c */; }; - 18D4056814CE53DD00A2BE4E /* policytree.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD568214CB865E008233F2 /* policytree.c */; }; - 18D4056914CE53DD00A2BE4E /* SecCAIssuerCache.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD568414CB865E008233F2 /* SecCAIssuerCache.c */; }; - 18D4056A14CE53DD00A2BE4E /* SecCAIssuerRequest.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD568614CB865E008233F2 /* SecCAIssuerRequest.c */; }; - 18D4056B14CE53DD00A2BE4E /* SecItemServer.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD568814CB865E008233F2 /* SecItemServer.c */; }; - 18D4056C14CE53DD00A2BE4E /* SecOCSPCache.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD565914CB6F79008233F2 /* SecOCSPCache.c */; }; - 18D4056D14CE53DD00A2BE4E /* SecOCSPRequest.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD565B14CB6F79008233F2 /* SecOCSPRequest.c */; }; - 18D4056E14CE53DD00A2BE4E /* SecOCSPResponse.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD565D14CB6F79008233F2 /* SecOCSPResponse.c */; }; - 18D4056F14CE53DD00A2BE4E /* SecPolicyServer.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD565F14CB6F79008233F2 /* SecPolicyServer.c */; }; - 18D4057014CE53DD00A2BE4E /* SecTrustServer.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD566114CB6F79008233F2 /* SecTrustServer.c */; }; - 18D4057114CE53DD00A2BE4E /* SecTrustStoreServer.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD566314CB6F79008233F2 /* SecTrustStoreServer.c */; }; - 18D4057214CE547400A2BE4E /* spi.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD566514CB6F79008233F2 /* spi.c */; }; - 32FBBBE71B556F8900AEF9ED /* verify_cert.c in Sources */ = {isa = PBXBuildFile; fileRef = 32FBBBE61B556F8900AEF9ED /* verify_cert.c */; }; - 32FBBBE81B55B30E00AEF9ED /* verify_cert.c in Sources */ = {isa = PBXBuildFile; fileRef = 32FBBBE61B556F8900AEF9ED /* verify_cert.c */; }; - 3A70988218CDF648009FD2CC /* si_77_SecAccessControl.c in Sources */ = {isa = PBXBuildFile; fileRef = 3A70988118CDF648009FD2CC /* si_77_SecAccessControl.c */; }; - 43C3B1691AFD58AB00786702 /* IDS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD6C9BF81A813D52002AB913 /* IDS.framework */; }; - 43C3B16A1AFD58AC00786702 /* IDS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD6C9BF81A813D52002AB913 /* IDS.framework */; }; - 43C3B16B1AFD58BE00786702 /* IDS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD6C9BF81A813D52002AB913 /* IDS.framework */; }; - 4406660F19069C67000DA171 /* si-80-empty-data.c in Sources */ = {isa = PBXBuildFile; fileRef = 4406660E19069707000DA171 /* si-80-empty-data.c */; }; - 440BF8F81A7A82AE001760A7 /* si-82-token-ag.c in Sources */ = {isa = PBXBuildFile; fileRef = 440BF8F41A7A7EC9001760A7 /* si-82-token-ag.c */; }; - 442B69201BC3B149000F3A72 /* SecKey.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD563C14CB6EB9008233F2 /* SecKey.c */; }; - 442B69211BC3B196000F3A72 /* SecECKey.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD562C14CB6EB9008233F2 /* SecECKey.c */; }; - 442B69221BC3B1B9000F3A72 /* SecRSAKey.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD564714CB6EB9008233F2 /* SecRSAKey.c */; }; - 442B69251BC3DBA9000F3A72 /* SecCTKKey.c in Sources */ = {isa = PBXBuildFile; fileRef = 449265271AB0D6FF00644D4C /* SecCTKKey.c */; }; - 4469FC2C1AA0A6C90021AA26 /* secd-32-restore-bad-backup.c in Sources */ = {isa = PBXBuildFile; fileRef = 446CEEE319B6043900ECAF50 /* secd-32-restore-bad-backup.c */; }; - 4469FC2D1AA0A6D00021AA26 /* secd-33-keychain-ctk.m in Sources */ = {isa = PBXBuildFile; fileRef = 4469FC2A1AA0A69E0021AA26 /* secd-33-keychain-ctk.m */; }; - 446BB5E518F83172005D1B83 /* SecAccessControl.c in Sources */ = {isa = PBXBuildFile; fileRef = C6766767189884D200E9A12C /* SecAccessControl.c */; }; - 4477A8D918F28AB700B5BB9F /* si-78-query-attrs.c in Sources */ = {isa = PBXBuildFile; fileRef = 4477A8D718F28AAE00B5BB9F /* si-78-query-attrs.c */; }; - 448305101B46FB8700326450 /* ios8-inet-keychain-2.h in Headers */ = {isa = PBXBuildFile; fileRef = 4483050F1B46FB8700326450 /* ios8-inet-keychain-2.h */; }; - 449265291AB0D6FF00644D4C /* SecCTKKey.c in Sources */ = {isa = PBXBuildFile; fileRef = 449265271AB0D6FF00644D4C /* SecCTKKey.c */; }; - 4492652A1AB0D6FF00644D4C /* SecCTKKeyPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 449265281AB0D6FF00644D4C /* SecCTKKeyPriv.h */; }; - 4802A59816D7156D0059E5B9 /* SOSUserKeygen.h in Headers */ = {isa = PBXBuildFile; fileRef = 4802A59716D711190059E5B9 /* SOSUserKeygen.h */; settings = {ATTRIBUTES = (); }; }; - 48122CCA1CFF88FF009BE3E3 /* SOSAccountLog.h in Headers */ = {isa = PBXBuildFile; fileRef = 48122CC81CFF88DC009BE3E3 /* SOSAccountLog.h */; }; - 481A95511D1A02AA000B98F5 /* SOSCloudKeychainLogging.c in Sources */ = {isa = PBXBuildFile; fileRef = 481A954F1D1A02AA000B98F5 /* SOSCloudKeychainLogging.c */; }; - 481A95521D1A02AA000B98F5 /* SOSCloudKeychainLogging.h in Headers */ = {isa = PBXBuildFile; fileRef = 481A95501D1A02AA000B98F5 /* SOSCloudKeychainLogging.h */; }; - 4826374D1CC18A410082C9C8 /* secd-57-1-account-last-standing.c in Sources */ = {isa = PBXBuildFile; fileRef = 4826374C1CC18A410082C9C8 /* secd-57-1-account-last-standing.c */; }; - 48279BC51C57FEA20043457C /* keychain_log.c in Sources */ = {isa = PBXBuildFile; fileRef = 48279BC31C57FEA20043457C /* keychain_log.c */; }; - 4838F6BE1CB5AA7C009E8598 /* secViewDisplay.c in Sources */ = {isa = PBXBuildFile; fileRef = 4838F6BB1CB5AA5F009E8598 /* secViewDisplay.c */; }; - 4838F6BF1CB5AA7E009E8598 /* secViewDisplay.c in Sources */ = {isa = PBXBuildFile; fileRef = 4838F6BB1CB5AA5F009E8598 /* secViewDisplay.c */; }; - 4838F6C01CB5B055009E8598 /* secViewDisplay.c in Sources */ = {isa = PBXBuildFile; fileRef = 4838F6BB1CB5AA5F009E8598 /* secViewDisplay.c */; }; - 4838F6C11CB5B061009E8598 /* secToolFileIO.c in Sources */ = {isa = PBXBuildFile; fileRef = 4899F2E71C768BBE00762615 /* secToolFileIO.c */; }; - 484182611A30F2F200211511 /* SOSCirclePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 484182601A30F2E300211511 /* SOSCirclePriv.h */; }; - 484182641A30F8DE00211511 /* SOSPeerInfoPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 484182631A30F8D300211511 /* SOSPeerInfoPriv.h */; }; - 485B5E621AE068D800A3C183 /* secd-82-secproperties-basic.c in Sources */ = {isa = PBXBuildFile; fileRef = 485B5E611AE068D800A3C183 /* secd-82-secproperties-basic.c */; }; - 485FE6BE1CDBED9500C916C5 /* syncbackup.c in Sources */ = {isa = PBXBuildFile; fileRef = 485FE6BC1CDBED5800C916C5 /* syncbackup.c */; }; - 4868F41C1C7409EF0011825E /* SOSInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = E777C71B15B73F59004044A8 /* SOSInternal.h */; }; - 486C6C691795F9D600387075 /* secd-61-account-leave-not-in-kansas-anymore.c in Sources */ = {isa = PBXBuildFile; fileRef = 486C6C671795F20E00387075 /* secd-61-account-leave-not-in-kansas-anymore.c */; }; - 48764AF217FA3ACF0005C4F1 /* SOSKVSKeys.c in Sources */ = {isa = PBXBuildFile; fileRef = 48764AF117FA3ACF0005C4F1 /* SOSKVSKeys.c */; }; - 4878267B19C0F518002CB56F /* sc-42-circlegencount.c in Sources */ = {isa = PBXBuildFile; fileRef = 4878267919C0F505002CB56F /* sc-42-circlegencount.c */; }; - 4882C517177521AE0095D04B /* secd-58-password-change.c in Sources */ = {isa = PBXBuildFile; fileRef = 4882C516177521AE0095D04B /* secd-58-password-change.c */; }; - 4885010F1AF9857F00F10B61 /* SOSTypes.h in Headers */ = {isa = PBXBuildFile; fileRef = 52F8DE4A1AF2E9AE00A2C271 /* SOSTypes.h */; }; - 488902EC16C2F88400F119FF /* SOSCoder.c in Sources */ = {isa = PBXBuildFile; fileRef = 488902EB16C2F88400F119FF /* SOSCoder.c */; }; - 4898223A17BDB277003BEF32 /* secd-52-account-changed.c in Sources */ = {isa = PBXBuildFile; fileRef = 4898223917BDB277003BEF32 /* secd-52-account-changed.c */; }; - 4899F2E91C768BBE00762615 /* secToolFileIO.c in Sources */ = {isa = PBXBuildFile; fileRef = 4899F2E71C768BBE00762615 /* secToolFileIO.c */; }; - 4899F2EA1C768BBE00762615 /* secToolFileIO.h in Headers */ = {isa = PBXBuildFile; fileRef = 4899F2E81C768BBE00762615 /* secToolFileIO.h */; }; - 4899F2EC1C7690DE00762615 /* secToolFileIO.c in Sources */ = {isa = PBXBuildFile; fileRef = 4899F2E71C768BBE00762615 /* secToolFileIO.c */; }; - 489E6E4C1A71A87600D7EB8C /* SOSCircleDer.c in Sources */ = {isa = PBXBuildFile; fileRef = 489E6E4A1A71A87600D7EB8C /* SOSCircleDer.c */; }; - 489E6E4D1A71A87600D7EB8C /* SOSCircleDer.h in Headers */ = {isa = PBXBuildFile; fileRef = 489E6E4B1A71A87600D7EB8C /* SOSCircleDer.h */; }; - 48A071CF1AD6AEA900728AEF /* SOSPeerInfoSecurityProperties.c in Sources */ = {isa = PBXBuildFile; fileRef = 48A071CD1AD6AEA900728AEF /* SOSPeerInfoSecurityProperties.c */; }; - 48A071D01AD6AEA900728AEF /* SOSPeerInfoSecurityProperties.h in Headers */ = {isa = PBXBuildFile; fileRef = 48A071CE1AD6AEA900728AEF /* SOSPeerInfoSecurityProperties.h */; }; - 48A0FEDE1B6046E2001D6180 /* secd-64-circlereset.c in Sources */ = {isa = PBXBuildFile; fileRef = 48A0FEDD1B6046E2001D6180 /* secd-64-circlereset.c */; }; - 48A9E62F1C837B4100160B5F /* secd-90-hsa2.c in Sources */ = {isa = PBXBuildFile; fileRef = 48FABEE01AD05C7100C061D1 /* secd-90-hsa2.c */; }; - 48B0B36F1B27B01F003E1EDB /* sc-25-soskeygen.c in Sources */ = {isa = PBXBuildFile; fileRef = 48487D271B1D5E960078C7C9 /* sc-25-soskeygen.c */; }; - 48B5888C1D00ED9000E0C5A7 /* secd-200-logstate.c in Sources */ = {isa = PBXBuildFile; fileRef = 48B5888B1D00ED9000E0C5A7 /* secd-200-logstate.c */; }; - 48C34E921C45EF3000B7F29B /* secd60-account-cloud-exposure.c in Sources */ = {isa = PBXBuildFile; fileRef = 48C34E911C45EF3000B7F29B /* secd60-account-cloud-exposure.c */; }; - 48CE733E1731C49A004C2946 /* sc-130-resignationticket.c in Sources */ = {isa = PBXBuildFile; fileRef = 48CE733D1731C49A004C2946 /* sc-130-resignationticket.c */; }; - 48E928C5179DD05500A7F755 /* secd-51-account-inflate.c in Sources */ = {isa = PBXBuildFile; fileRef = 48E928C4179DD05500A7F755 /* secd-51-account-inflate.c */; }; - 48E9CDFC1C597FED00574D6B /* SOSSysdiagnose.c in Sources */ = {isa = PBXBuildFile; fileRef = 48E9CDFB1C597FED00574D6B /* SOSSysdiagnose.c */; }; - 48F32D7E1777AFA3001B84BA /* secd-59-account-cleanup.c in Sources */ = {isa = PBXBuildFile; fileRef = 48F32D7D1777AFA3001B84BA /* secd-59-account-cleanup.c */; }; - 48F7DF261A6DB32900046644 /* SOSViews.c in Sources */ = {isa = PBXBuildFile; fileRef = 48F7DF241A6DB32900046644 /* SOSViews.c */; }; - 48F7DF271A6DB32900046644 /* SOSViews.h in Headers */ = {isa = PBXBuildFile; fileRef = 48F7DF251A6DB32900046644 /* SOSViews.h */; }; - 48FABEDE1AD05C1D00C061D1 /* SOSAccountHSAJoin.h in Headers */ = {isa = PBXBuildFile; fileRef = 48FABEDC1AD05C1D00C061D1 /* SOSAccountHSAJoin.h */; }; - 48FABEE31AD06B6B00C061D1 /* secd-62-account-hsa-join.c in Sources */ = {isa = PBXBuildFile; fileRef = 48FABEDF1AD05C7100C061D1 /* secd-62-account-hsa-join.c */; }; - 48FB17021A76F56C00B586C7 /* SOSPeerInfoV2.c in Sources */ = {isa = PBXBuildFile; fileRef = 48FB17001A76F56C00B586C7 /* SOSPeerInfoV2.c */; }; - 48FB17031A76F56C00B586C7 /* SOSPeerInfoV2.h in Headers */ = {isa = PBXBuildFile; fileRef = 48FB17011A76F56C00B586C7 /* SOSPeerInfoV2.h */; }; - 48FB17061A771E5700B586C7 /* secd-80-views-basic.c in Sources */ = {isa = PBXBuildFile; fileRef = 48FB17041A77181A00B586C7 /* secd-80-views-basic.c */; }; - 48FD04F41CEFCFB900BEBBFF /* SOSAccountTransaction.h in Headers */ = {isa = PBXBuildFile; fileRef = 48FD04F21CEFCFB900BEBBFF /* SOSAccountTransaction.h */; }; - 4A5CCA5415ACEFD400702357 /* SecOTRDHKey.c in Sources */ = {isa = PBXBuildFile; fileRef = 4A971683158FDEB800D439B7 /* SecOTRDHKey.c */; }; - 4A5CCA5515ACEFD400702357 /* SecOTRFullIdentity.c in Sources */ = {isa = PBXBuildFile; fileRef = 4A971686158FDEB800D439B7 /* SecOTRFullIdentity.c */; }; - 4A5CCA5615ACEFD400702357 /* SecOTRMath.c in Sources */ = {isa = PBXBuildFile; fileRef = 4A971688158FDEB800D439B7 /* SecOTRMath.c */; }; - 4A5CCA5715ACEFD400702357 /* SecOTRPacketData.c in Sources */ = {isa = PBXBuildFile; fileRef = 4A97168B158FDEB800D439B7 /* SecOTRPacketData.c */; }; - 4A5CCA5815ACEFD400702357 /* SecOTRPackets.c in Sources */ = {isa = PBXBuildFile; fileRef = 4A97168D158FDEB800D439B7 /* SecOTRPackets.c */; }; - 4A5CCA5915ACEFD400702357 /* SecOTRPublicIdentity.c in Sources */ = {isa = PBXBuildFile; fileRef = 4A97168F158FDEB800D439B7 /* SecOTRPublicIdentity.c */; }; - 4A5CCA5A15ACEFD400702357 /* SecOTRSession.c in Sources */ = {isa = PBXBuildFile; fileRef = 4A971690158FDEB800D439B7 /* SecOTRSession.c */; }; - 4A5CCA5B15ACEFD400702357 /* SecOTRSessionAKE.c in Sources */ = {isa = PBXBuildFile; fileRef = 4A971692158FDEB800D439B7 /* SecOTRSessionAKE.c */; }; - 4A5CCA5C15ACEFD400702357 /* SecOTRUtils.c in Sources */ = {isa = PBXBuildFile; fileRef = 4A971694158FDEB800D439B7 /* SecOTRUtils.c */; }; - 4A971695158FDEB800D439B7 /* SecOTR.h in Headers */ = {isa = PBXBuildFile; fileRef = 4A971682158FDEB800D439B7 /* SecOTR.h */; }; - 4A971696158FDEB800D439B7 /* SecOTRDHKey.c in Sources */ = {isa = PBXBuildFile; fileRef = 4A971683158FDEB800D439B7 /* SecOTRDHKey.c */; }; - 4A971697158FDEB800D439B7 /* SecOTRDHKey.h in Headers */ = {isa = PBXBuildFile; fileRef = 4A971684158FDEB800D439B7 /* SecOTRDHKey.h */; }; - 4A971698158FDEB800D439B7 /* SecOTRErrors.h in Headers */ = {isa = PBXBuildFile; fileRef = 4A971685158FDEB800D439B7 /* SecOTRErrors.h */; }; - 4A971699158FDEB800D439B7 /* SecOTRFullIdentity.c in Sources */ = {isa = PBXBuildFile; fileRef = 4A971686158FDEB800D439B7 /* SecOTRFullIdentity.c */; }; - 4A97169A158FDEB800D439B7 /* SecOTRIdentityPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 4A971687158FDEB800D439B7 /* SecOTRIdentityPriv.h */; }; - 4A97169B158FDEB800D439B7 /* SecOTRMath.c in Sources */ = {isa = PBXBuildFile; fileRef = 4A971688158FDEB800D439B7 /* SecOTRMath.c */; }; - 4A97169C158FDEB800D439B7 /* SecOTRMath.h in Headers */ = {isa = PBXBuildFile; fileRef = 4A971689158FDEB800D439B7 /* SecOTRMath.h */; }; - 4A97169E158FDEB800D439B7 /* SecOTRPacketData.c in Sources */ = {isa = PBXBuildFile; fileRef = 4A97168B158FDEB800D439B7 /* SecOTRPacketData.c */; }; - 4A97169F158FDEB800D439B7 /* SecOTRPacketData.h in Headers */ = {isa = PBXBuildFile; fileRef = 4A97168C158FDEB800D439B7 /* SecOTRPacketData.h */; }; - 4A9716A0158FDEB800D439B7 /* SecOTRPackets.c in Sources */ = {isa = PBXBuildFile; fileRef = 4A97168D158FDEB800D439B7 /* SecOTRPackets.c */; }; - 4A9716A1158FDEB800D439B7 /* SecOTRPackets.h in Headers */ = {isa = PBXBuildFile; fileRef = 4A97168E158FDEB800D439B7 /* SecOTRPackets.h */; }; - 4A9716A2158FDEB800D439B7 /* SecOTRPublicIdentity.c in Sources */ = {isa = PBXBuildFile; fileRef = 4A97168F158FDEB800D439B7 /* SecOTRPublicIdentity.c */; }; - 4A9716A3158FDEB800D439B7 /* SecOTRSession.c in Sources */ = {isa = PBXBuildFile; fileRef = 4A971690158FDEB800D439B7 /* SecOTRSession.c */; }; - 4A9716A4158FDEB800D439B7 /* SecOTRSession.h in Headers */ = {isa = PBXBuildFile; fileRef = 4A971691158FDEB800D439B7 /* SecOTRSession.h */; }; - 4A9716A5158FDEB800D439B7 /* SecOTRSessionAKE.c in Sources */ = {isa = PBXBuildFile; fileRef = 4A971692158FDEB800D439B7 /* SecOTRSessionAKE.c */; }; - 4A9716A6158FDEB800D439B7 /* SecOTRSessionPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 4A971693158FDEB800D439B7 /* SecOTRSessionPriv.h */; }; - 4A9716A7158FDEB800D439B7 /* SecOTRUtils.c in Sources */ = {isa = PBXBuildFile; fileRef = 4A971694158FDEB800D439B7 /* SecOTRUtils.c */; }; - 4AD6F6F21651C86200DB4CE6 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E702E75614E1F3EA00CDE635 /* libSecureObjectSync.a */; }; - 4BD2F8001ADCDEAF0037CD5D /* sc-140-hsa2.c in Sources */ = {isa = PBXBuildFile; fileRef = 4BD2F7FF1ADCDEAA0037CD5D /* sc-140-hsa2.c */; }; - 4BD2F8021ADCDF790037CD5D /* SOSPlatform.h in Headers */ = {isa = PBXBuildFile; fileRef = 4BD2F8011ADCDF790037CD5D /* SOSPlatform.h */; }; - 4C055FF317B60F1E001A879A /* SecDbKeychainItem.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C055FED17B60F1E001A879A /* SecDbKeychainItem.c */; }; - 4C055FF417B60F1E001A879A /* SecDbQuery.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C055FEE17B60F1E001A879A /* SecDbQuery.c */; }; - 4C055FF517B60F1E001A879A /* SecItemDataSource.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C055FEF17B60F1E001A879A /* SecItemDataSource.c */; }; - 4C055FF617B60F1E001A879A /* SecItemDb.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C055FF017B60F1E001A879A /* SecItemDb.c */; }; - 4C055FF717B60F1E001A879A /* SecItemSchema.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C055FF117B60F1E001A879A /* SecItemSchema.c */; }; - 4C055FF817B60F1E001A879A /* SecKeybagSupport.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C055FF217B60F1E001A879A /* SecKeybagSupport.c */; }; - 4C05608A17B60F88001A879A /* SecDbKeychainItem.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C05608417B60F88001A879A /* SecDbKeychainItem.h */; }; - 4C05608B17B60F88001A879A /* SecDbQuery.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C05608517B60F88001A879A /* SecDbQuery.h */; }; - 4C05608C17B60F88001A879A /* SecItemDataSource.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C05608617B60F88001A879A /* SecItemDataSource.h */; }; - 4C05608D17B60F88001A879A /* SecItemDb.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C05608717B60F88001A879A /* SecItemDb.h */; }; - 4C05608E17B60F88001A879A /* SecItemSchema.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C05608817B60F88001A879A /* SecItemSchema.h */; }; - 4C05608F17B60F88001A879A /* SecKeybagSupport.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C05608917B60F88001A879A /* SecKeybagSupport.h */; }; - 4C2C8C3D17AB374700C24C13 /* si-12-item-stress.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C2C8C3C17AB374700C24C13 /* si-12-item-stress.c */; }; - 4C3CE9E7176005A700B521C2 /* SecuritydXPC.c in Sources */ = {isa = PBXBuildFile; fileRef = E7B01B8816572579000485F1 /* SecuritydXPC.c */; }; - 4C3CE9E8176005B500B521C2 /* SecuritydXPC.c in Sources */ = {isa = PBXBuildFile; fileRef = E7B01B8816572579000485F1 /* SecuritydXPC.c */; }; - 4C495EDD1982125E00BC1809 /* SOSTestDevice.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C495EDB1982125E00BC1809 /* SOSTestDevice.c */; }; - 4C495EDE1982125E00BC1809 /* SOSTestDevice.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C495EDC1982125E00BC1809 /* SOSTestDevice.h */; }; - 4C495EDF1982145200BC1809 /* SOSTestDevice.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C495EDB1982125E00BC1809 /* SOSTestDevice.c */; }; - 4C495EE21982171500BC1809 /* secd-70-engine-corrupt.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C495EE01982171500BC1809 /* secd-70-engine-corrupt.c */; }; - 4C64F59717C6B3B1009C5AC2 /* sc-45-digestvector.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C64F59617C6B3B1009C5AC2 /* sc-45-digestvector.c */; }; - 4C65154B17B5A08900691B6A /* SOSDigestVector.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C8BDDA017B4FE8100C20EA5 /* SOSDigestVector.c */; }; - 4C6ED19615CB0E72004379B7 /* sc-30-peerinfo.c in Sources */ = {isa = PBXBuildFile; fileRef = E777C72815B9C9F0004044A8 /* sc-30-peerinfo.c */; }; - 4C8BDD9B17B4FB8F00C20EA5 /* SOSDataSource.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C8BDD9A17B4FB8F00C20EA5 /* SOSDataSource.h */; }; - 4C8BDD9D17B4FD2A00C20EA5 /* SOSManifest.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C8BDD9C17B4FD2A00C20EA5 /* SOSManifest.h */; }; - 4C8BDD9F17B4FDE100C20EA5 /* SOSManifest.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C8BDD9E17B4FDE100C20EA5 /* SOSManifest.c */; }; - 4C8BDDA217B4FE9400C20EA5 /* SOSDigestVector.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C8BDDA117B4FE9400C20EA5 /* SOSDigestVector.h */; }; - 4C8D8627177A71E80019A804 /* SOSCloudCircle.c in Sources */ = {isa = PBXBuildFile; fileRef = E7217B1715F80E0F00D26031 /* SOSCloudCircle.c */; }; - 4C8D8628177A71FB0019A804 /* SecPasswordGenerate.c in Sources */ = {isa = PBXBuildFile; fileRef = CDC765C01729A72800721712 /* SecPasswordGenerate.c */; }; - 4CB8A83816164B7700B52EC7 /* SOSTestDataSource.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CB8A83716164B7700B52EC7 /* SOSTestDataSource.c */; }; - 4CBDB30D17B70206002FA799 /* SOSMessage.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CBDB30B17B70206002FA799 /* SOSMessage.c */; }; - 4CBDB30E17B70206002FA799 /* SOSMessage.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CBDB30C17B70206002FA799 /* SOSMessage.h */; }; - 4CBDB30F17B70306002FA799 /* SOSCoder.h in Headers */ = {isa = PBXBuildFile; fileRef = 488902ED16C2F89700F119FF /* SOSCoder.h */; }; - 4CBDB31017B70323002FA799 /* SOSPeerInfoInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = 485835871779013E0050F074 /* SOSPeerInfoInternal.h */; }; - 4CC07E26171E252300DCB6CE /* SOSCloudCircle.c in Sources */ = {isa = PBXBuildFile; fileRef = E7217B1715F80E0F00D26031 /* SOSCloudCircle.c */; }; - 4CC62F221B4EF136009FEF0E /* secd-75-engine-views.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC62F201B4C63FE009FEF0E /* secd-75-engine-views.c */; }; - 4CC929B515A3957800C6D578 /* SOSCircle.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC929AF15A3957800C6D578 /* SOSCircle.c */; }; - 4CC929B615A3957800C6D578 /* SOSCircle.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC929B015A3957800C6D578 /* SOSCircle.h */; settings = {ATTRIBUTES = (); }; }; - 4CC929B715A3957800C6D578 /* SOSPeer.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC929B115A3957800C6D578 /* SOSPeer.c */; }; - 4CC929B815A3957800C6D578 /* SOSPeer.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC929B215A3957800C6D578 /* SOSPeer.h */; settings = {ATTRIBUTES = (); }; }; - 4CC92A5F15A3ABD400C6D578 /* pbkdf2-00-hmac-sha1.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A0F15A3ABD400C6D578 /* pbkdf2-00-hmac-sha1.c */; }; - 4CC92A6015A3ABD400C6D578 /* spbkdf-00-hmac-sha1.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A1015A3ABD400C6D578 /* spbkdf-00-hmac-sha1.c */; }; - 4CC92A6115A3ABD400C6D578 /* otr-00-identity.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A1215A3ABD400C6D578 /* otr-00-identity.c */; }; - 4CC92A6215A3ABD400C6D578 /* otr-30-negotiation.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A1315A3ABD400C6D578 /* otr-30-negotiation.c */; }; - 4CC92A6315A3ABD400C6D578 /* otr-otrdh.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A1415A3ABD400C6D578 /* otr-otrdh.c */; }; - 4CC92A6415A3ABD400C6D578 /* otr-packetdata.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A1515A3ABD400C6D578 /* otr-packetdata.c */; }; - 4CC92A6515A3ABD400C6D578 /* si-00-find-nothing.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A1715A3ABD400C6D578 /* si-00-find-nothing.c */; }; - 4CC92A6615A3ABD400C6D578 /* si-05-add.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A1815A3ABD400C6D578 /* si-05-add.c */; }; - 4CC92A6715A3ABD400C6D578 /* si-10-find-internet.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A1915A3ABD400C6D578 /* si-10-find-internet.c */; }; - 4CC92A6815A3ABD400C6D578 /* si-11-update-data.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A1A15A3ABD400C6D578 /* si-11-update-data.c */; }; - 4CC92A6915A3ABD400C6D578 /* si-14-dateparse.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A1B15A3ABD400C6D578 /* si-14-dateparse.c */; }; - 4CC92A7E15A3ABD400C6D578 /* si-30-keychain-upgrade.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A3015A3ABD400C6D578 /* si-30-keychain-upgrade.c */; }; - 4CC92A7F15A3ABD400C6D578 /* si-31-keychain-bad.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A3115A3ABD400C6D578 /* si-31-keychain-bad.c */; }; - 4CC92A8015A3ABD400C6D578 /* si-31-keychain-unreadable.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A3215A3ABD400C6D578 /* si-31-keychain-unreadable.c */; }; - 4CC92A8215A3ABD400C6D578 /* si-33-keychain-backup.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A3415A3ABD400C6D578 /* si-33-keychain-backup.c */; }; - 4CC92A8315A3ABD400C6D578 /* si-40-seckey-custom.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A3515A3ABD400C6D578 /* si-40-seckey-custom.c */; }; - 4CC92A8415A3ABD400C6D578 /* si-40-seckey.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A3615A3ABD400C6D578 /* si-40-seckey.c */; }; - 4CC92A8515A3ABD400C6D578 /* si-41-sececkey.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A3715A3ABD400C6D578 /* si-41-sececkey.c */; }; - 4CC92A8615A3ABD400C6D578 /* si-42-identity.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A3815A3ABD400C6D578 /* si-42-identity.c */; }; - 4CC92A8715A3ABD400C6D578 /* si-43-persistent.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A3915A3ABD400C6D578 /* si-43-persistent.c */; }; - 4CC92A8815A3ABD400C6D578 /* si-50-secrandom.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A3A15A3ABD400C6D578 /* si-50-secrandom.c */; }; - 4CC92A8915A3ABD400C6D578 /* si-60-cms.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A3B15A3ABD400C6D578 /* si-60-cms.c */; }; - 4CC92A8A15A3ABD400C6D578 /* si-61-pkcs12.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A3C15A3ABD400C6D578 /* si-61-pkcs12.c */; }; - 4CC92A8B15A3ABD400C6D578 /* si-62-csr.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A3D15A3ABD400C6D578 /* si-62-csr.c */; }; - 4CC92A8C15A3ABD400C6D578 /* getcacert-mdes.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC92A3F15A3ABD400C6D578 /* getcacert-mdes.h */; }; - 4CC92A8D15A3ABD400C6D578 /* getcacert-mdesqa.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC92A4015A3ABD400C6D578 /* getcacert-mdesqa.h */; }; - 4CC92A8E15A3ABD400C6D578 /* si-63-scep.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A4115A3ABD400C6D578 /* si-63-scep.c */; }; - 4CC92A8F15A3ABD400C6D578 /* si-63-scep.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC92A4215A3ABD400C6D578 /* si-63-scep.h */; }; - 4CC92A9015A3ABD400C6D578 /* attached_no_data_signed_data.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC92A4415A3ABD400C6D578 /* attached_no_data_signed_data.h */; }; - 4CC92A9115A3ABD400C6D578 /* attached_signed_data.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC92A4515A3ABD400C6D578 /* attached_signed_data.h */; }; - 4CC92A9215A3ABD400C6D578 /* detached_content.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC92A4615A3ABD400C6D578 /* detached_content.h */; }; - 4CC92A9315A3ABD400C6D578 /* detached_signed_data.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC92A4715A3ABD400C6D578 /* detached_signed_data.h */; }; - 4CC92A9415A3ABD400C6D578 /* privkey.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC92A4815A3ABD400C6D578 /* privkey.h */; }; - 4CC92A9515A3ABD400C6D578 /* signer.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC92A4915A3ABD400C6D578 /* signer.h */; }; - 4CC92A9615A3ABD400C6D578 /* si-64-ossl-cms.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A4A15A3ABD400C6D578 /* si-64-ossl-cms.c */; }; - 4CC92A9715A3ABD400C6D578 /* si-65-cms-cert-policy.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A4B15A3ABD400C6D578 /* si-65-cms-cert-policy.c */; }; - 4CC92A9815A3ABD400C6D578 /* signed-receipt.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC92A4D15A3ABD400C6D578 /* signed-receipt.h */; }; - 4CC92A9915A3ABD400C6D578 /* si-66-smime.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A4E15A3ABD400C6D578 /* si-66-smime.c */; }; - 4CC92AA515A3ABD400C6D578 /* vmdh-40.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A5C15A3ABD400C6D578 /* vmdh-40.c */; }; - 4CC92AA615A3ABD400C6D578 /* vmdh-41-example.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A5D15A3ABD400C6D578 /* vmdh-41-example.c */; }; - 4CC92AA715A3ABD400C6D578 /* vmdh-42-example2.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A5E15A3ABD400C6D578 /* vmdh-42-example2.c */; }; - 4CC92AC015A3BC4300C6D578 /* Security_regressions.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC92AB015A3AD0000C6D578 /* Security_regressions.h */; }; - 4CC92AF915A3BC6B00C6D578 /* sd-10-policytree.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92AAC15A3AC4600C6D578 /* sd-10-policytree.c */; }; - 4CC92B1515A3BCA500C6D578 /* securityd_regressions.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC92AAE15A3ACCE00C6D578 /* securityd_regressions.h */; }; - 4CCD1B021B1E404500F6DF8D /* secd-74-engine-beer-servers.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CCD1B001B1E3EA200F6DF8D /* secd-74-engine-beer-servers.c */; }; - 4CD1897D169F835400BC96B8 /* print_cert.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CD1897B169F835400BC96B8 /* print_cert.c */; }; - 521C0CD615FF9B3300604B61 /* SOSRegressionUtilities.c in Sources */ = {isa = PBXBuildFile; fileRef = 521C0CD515FF9B3300604B61 /* SOSRegressionUtilities.c */; }; - 521C68601614A6E100E31C3E /* SOSCloudKeychainClient.h in Headers */ = {isa = PBXBuildFile; fileRef = 521C685D1614A6E100E31C3E /* SOSCloudKeychainClient.h */; settings = {ATTRIBUTES = (); }; }; - 5221C4981CBEDB7C006047E7 /* secd-71-engine-save.c in Sources */ = {isa = PBXBuildFile; fileRef = 5221C4971CBEDB7C006047E7 /* secd-71-engine-save.c */; }; - 5221C4C21CC5667E006047E7 /* secd-71-engine-save-sample1.h in Headers */ = {isa = PBXBuildFile; fileRef = 5221C4C11CC5667E006047E7 /* secd-71-engine-save-sample1.h */; }; - 523CBBF61B321C6A002C0884 /* secd-50-message.c in Sources */ = {isa = PBXBuildFile; fileRef = 523CBBF41B321C5C002C0884 /* secd-50-message.c */; }; - 523CBBF91B3227B5002C0884 /* secd-49-manifests.c in Sources */ = {isa = PBXBuildFile; fileRef = 523CBBF71B3227A2002C0884 /* secd-49-manifests.c */; }; - 525394AE1660A30000BA9687 /* SecDbItem.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C4B15931655ED9000734590 /* SecDbItem.c */; }; - 527258D11981C00F003CFCEC /* secd-70-engine.c in Sources */ = {isa = PBXBuildFile; fileRef = 527258CF1981C00F003CFCEC /* secd-70-engine.c */; }; - 5284629C1AE6FCF0004C1BA2 /* SOSBackupEvent.h in Headers */ = {isa = PBXBuildFile; fileRef = 5284629A1AE6FCF0004C1BA2 /* SOSBackupEvent.h */; }; - 529F46F31AEC7A2E0002392C /* secd-34-backup-der-parse.c in Sources */ = {isa = PBXBuildFile; fileRef = 529F46F11AEC759E0002392C /* secd-34-backup-der-parse.c */; }; - 52BF439C1AFC50EC00821B5D /* SecItemConstants.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD563914CB6EB9008233F2 /* SecItemConstants.c */; }; - 52D0F028169CA72800F07D79 /* SecOnOSX.h in Headers */ = {isa = PBXBuildFile; fileRef = 52D0F026169CA72800F07D79 /* SecOnOSX.h */; }; - 52EAF4BE163C52EB00803D0F /* SOSCloudKeychainClient.c in Sources */ = {isa = PBXBuildFile; fileRef = 521C685C1614A6E100E31C3E /* SOSCloudKeychainClient.c */; }; - 52FD829A1AEA9CEF00634FD3 /* SecItemBackup.c in Sources */ = {isa = PBXBuildFile; fileRef = 52FD82981AEA9CEF00634FD3 /* SecItemBackup.c */; }; - 52FD829E1AEAC6D600634FD3 /* SecItemBackupServer.c in Sources */ = {isa = PBXBuildFile; fileRef = 52FD829C1AEAC6D600634FD3 /* SecItemBackupServer.c */; }; - 52FD82A01AEAC8C100634FD3 /* SecItemBackup.c in Sources */ = {isa = PBXBuildFile; fileRef = 52FD82981AEA9CEF00634FD3 /* SecItemBackup.c */; }; - 5356520318E3C71000C383C0 /* SecOTRRemote.c in Sources */ = {isa = PBXBuildFile; fileRef = 5356520218E3C71000C383C0 /* SecOTRRemote.c */; }; - 5384299418E492A300E91AFE /* secd-70-otr-remote.c in Sources */ = {isa = PBXBuildFile; fileRef = 5384299318E492A300E91AFE /* secd-70-otr-remote.c */; }; - 5E0CE1651CB6347300E75776 /* secd-83-item-match-valid-on-date.m in Sources */ = {isa = PBXBuildFile; fileRef = 5E0CE1641CB6347300E75776 /* secd-83-item-match-valid-on-date.m */; }; - 5E0CE1671CB6348D00E75776 /* secd-83-item-match-trusted.m in Sources */ = {isa = PBXBuildFile; fileRef = 5E0CE1661CB6348D00E75776 /* secd-83-item-match-trusted.m */; }; - 5E19C6481AA5F361005964F8 /* secd-81-item-acl-stress.c in Sources */ = {isa = PBXBuildFile; fileRef = 5E19C6471AA5F34E005964F8 /* secd-81-item-acl-stress.c */; }; - 5EA016381AD41AC70061BCD7 /* secd-81-item-acl.c in Sources */ = {isa = PBXBuildFile; fileRef = 5EA016361AD41AB20061BCD7 /* secd-81-item-acl.c */; }; - 5EF2596F1CB5214B009B4C58 /* secd-83-item-match-policy.m in Sources */ = {isa = PBXBuildFile; fileRef = 5EF2596E1CB5214B009B4C58 /* secd-83-item-match-policy.m */; }; - 7249E1CB16C01E5F003D7268 /* OTATrustUtilities.c in Sources */ = {isa = PBXBuildFile; fileRef = 72E2DC0616BC47C800E7B236 /* OTATrustUtilities.c */; }; - 72B5923B17C6924000AE738B /* iCloudTrace.h in Headers */ = {isa = PBXBuildFile; fileRef = 72B5923A17C6924000AE738B /* iCloudTrace.h */; }; - 72B5923D17C6939A00AE738B /* iCloudTrace.c in Sources */ = {isa = PBXBuildFile; fileRef = 72B5923C17C6939A00AE738B /* iCloudTrace.c */; }; - ACFD56BE19007B2D00F5F5D9 /* ios6_1_keychain_2_db.h in Headers */ = {isa = PBXBuildFile; fileRef = ACFD56BD19007B2D00F5F5D9 /* ios6_1_keychain_2_db.h */; }; - BE061FCF1899E5BD00C739F6 /* si-76-shared-credentials.c in Sources */ = {isa = PBXBuildFile; fileRef = BE061FCE1899E5BD00C739F6 /* si-76-shared-credentials.c */; }; - BE4AC7DE1C938698002A28FE /* SecSignatureVerificationSupport.c in Sources */ = {isa = PBXBuildFile; fileRef = BE4AC7DC1C938698002A28FE /* SecSignatureVerificationSupport.c */; }; - BE4AC7DF1C938698002A28FE /* SecSignatureVerificationSupport.h in Headers */ = {isa = PBXBuildFile; fileRef = BE4AC7DD1C938698002A28FE /* SecSignatureVerificationSupport.h */; }; - BE4AC7E01C9386B9002A28FE /* SecSignatureVerificationSupport.c in Sources */ = {isa = PBXBuildFile; fileRef = BE4AC7DC1C938698002A28FE /* SecSignatureVerificationSupport.c */; }; - BE4AC9B518B8022D00B84964 /* swcagent_client.h in Headers */ = {isa = PBXBuildFile; fileRef = BEF9640918B418A400813FA3 /* swcagent_client.h */; }; - BE4AC9B618B8038400B84964 /* SecuritydXPC.c in Sources */ = {isa = PBXBuildFile; fileRef = E7B01B8816572579000485F1 /* SecuritydXPC.c */; }; - BE53FA301B0AC5C300719A63 /* SecKey.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD563C14CB6EB9008233F2 /* SecKey.c */; }; - BE53FA311B0AC65500719A63 /* SecECKey.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD562C14CB6EB9008233F2 /* SecECKey.c */; }; - BE53FA321B0AC65B00719A63 /* SecRSAKey.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD564714CB6EB9008233F2 /* SecRSAKey.c */; }; - BE5C5BD11D8C90F500A97339 /* si-84-sectrust-allowlist.m in Sources */ = {isa = PBXBuildFile; fileRef = BE5C5BD01D8C90C200A97339 /* si-84-sectrust-allowlist.m */; }; - BE5EC1F018C80108005E7682 /* swcagent_client.c in Sources */ = {isa = PBXBuildFile; fileRef = BEF9640A18B418A400813FA3 /* swcagent_client.c */; }; - BE62D7601747FF3E001EAA9D /* si-72-syncableitems.c in Sources */ = {isa = PBXBuildFile; fileRef = BE62D75F1747FF3E001EAA9D /* si-72-syncableitems.c */; }; - BE642BB2188F32C200C899A2 /* SecSharedCredential.c in Sources */ = {isa = PBXBuildFile; fileRef = BE642BB1188F32C200C899A2 /* SecSharedCredential.c */; }; - BE8D228F1ABB7253009A4E18 /* SecCertificate.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD562014CB6EB9008233F2 /* SecCertificate.c */; }; - BE8D22901ABB725C009A4E18 /* SecPolicy.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD564214CB6EB9008233F2 /* SecPolicy.c */; }; - BE8D22911ABB7264009A4E18 /* SecTrust.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD564C14CB6EB9008233F2 /* SecTrust.c */; }; - BE8D22921ABB726A009A4E18 /* SecTrustSettings.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD564F14CB6EB9008233F2 /* SecTrustSettings.c */; }; - BE8D22931ABB7272009A4E18 /* SecTrustStore.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD565214CB6EB9008233F2 /* SecTrustStore.c */; }; - BE8D22C21ABBA4D0009A4E18 /* SecCertificatePath.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD562314CB6EB9008233F2 /* SecCertificatePath.c */; }; - BEF9640D18B418A400813FA3 /* swcagent_client.c in Sources */ = {isa = PBXBuildFile; fileRef = BEF9640A18B418A400813FA3 /* swcagent_client.c */; }; - BEFE994E14F2E17200356A97 /* SecDH.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD562A14CB6EB9008233F2 /* SecDH.c */; }; - C6766768189884D200E9A12C /* SecAccessControl.c in Sources */ = {isa = PBXBuildFile; fileRef = C6766767189884D200E9A12C /* SecAccessControl.c */; }; - CD0F8AF218998685003E0C52 /* SOSKVSKeys.h in Headers */ = {isa = PBXBuildFile; fileRef = CD0F8AF118998685003E0C52 /* SOSKVSKeys.h */; }; - CD16F89A1AE84842004AE09C /* sc-150-ring.c in Sources */ = {isa = PBXBuildFile; fileRef = CD16F8941AE84822004AE09C /* sc-150-ring.c */; }; - CD32776B18F8AEFD006B5280 /* SOSPeerCoder.c in Sources */ = {isa = PBXBuildFile; fileRef = CD32776A18F8AEFD006B5280 /* SOSPeerCoder.c */; }; - CD32776D18F8B06E006B5280 /* SOSPeerCoder.h in Headers */ = {isa = PBXBuildFile; fileRef = CD32776C18F8B06E006B5280 /* SOSPeerCoder.h */; }; - CD35B82A1C2650FE00E0852A /* secd-154-engine-backoff.c in Sources */ = {isa = PBXBuildFile; fileRef = CD35B8291C2650FE00E0852A /* secd-154-engine-backoff.c */; }; - CD3FD10716C3064B00A83BB6 /* SecuritydXPC.c in Sources */ = {isa = PBXBuildFile; fileRef = E7B01B8816572579000485F1 /* SecuritydXPC.c */; }; - CD655E951AF02DDC00BD1B6E /* secd-62-account-backup.c in Sources */ = {isa = PBXBuildFile; fileRef = CD655E911AF02B9900BD1B6E /* secd-62-account-backup.c */; }; - CD655E961AF02F1800BD1B6E /* sc-150-backupkeyderivation.c in Sources */ = {isa = PBXBuildFile; fileRef = E7C4F5431AD482E1000B5862 /* sc-150-backupkeyderivation.c */; }; - CD773AC61ADDFDDB00C808BA /* SOSTransportBackupPeer.c in Sources */ = {isa = PBXBuildFile; fileRef = CD773AC21ADDF8C700C808BA /* SOSTransportBackupPeer.c */; }; - CD8E09011A2E918900A2503A /* otr-40-edgecases.c in Sources */ = {isa = PBXBuildFile; fileRef = CD8E09001A2E918900A2503A /* otr-40-edgecases.c */; }; - CD8F442D1B83C435004C0047 /* secd-95-escrow-persistence.c in Sources */ = {isa = PBXBuildFile; fileRef = CD8F442C1B83C435004C0047 /* secd-95-escrow-persistence.c */; }; - CD95312B19228D8D005A76B2 /* SOSTransportTestTransports.c in Sources */ = {isa = PBXBuildFile; fileRef = CDAD4E9818EC8424007D4BC2 /* SOSTransportTestTransports.c */; }; - CD95312C19228D92005A76B2 /* SOSTransportTestTransports.h in Headers */ = {isa = PBXBuildFile; fileRef = CDAD4E9A18EC8447007D4BC2 /* SOSTransportTestTransports.h */; }; - CD95312D19228D96005A76B2 /* SOSAccountTesting.h in Headers */ = {isa = PBXBuildFile; fileRef = E7A10FAA1771245D00C4602F /* SOSAccountTesting.h */; }; - CD9B54131CC6EED100CC487A /* secd-100-initialsync.c in Sources */ = {isa = PBXBuildFile; fileRef = CD9B54111CC6EC4D00CC487A /* secd-100-initialsync.c */; }; - CDA0CB55194B95C400EF624D /* IDSFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD558FA8193544F800CFB3B1 /* IDSFoundation.framework */; }; - CDAD4E9C18EC9B3D007D4BC2 /* SOSAccountTesting.h in Headers */ = {isa = PBXBuildFile; fileRef = E7A10FAA1771245D00C4602F /* SOSAccountTesting.h */; }; - CDAD4E9D18EC9B67007D4BC2 /* SOSTransportTestTransports.c in Sources */ = {isa = PBXBuildFile; fileRef = CDAD4E9818EC8424007D4BC2 /* SOSTransportTestTransports.c */; }; - CDAD4E9E18EC9B6D007D4BC2 /* SOSTransportTestTransports.h in Headers */ = {isa = PBXBuildFile; fileRef = CDAD4E9A18EC8447007D4BC2 /* SOSTransportTestTransports.h */; }; - CDB6A8B61A409BBF00646CD6 /* otr-50-roll.c in Sources */ = {isa = PBXBuildFile; fileRef = CDB6A8B51A409BBF00646CD6 /* otr-50-roll.c */; }; - CDB6A8B81A409BC600646CD6 /* otr-60-slowroll.c in Sources */ = {isa = PBXBuildFile; fileRef = CDB6A8B71A409BC600646CD6 /* otr-60-slowroll.c */; }; - CDC765C21729A72800721712 /* SecPasswordGenerate.c in Sources */ = {isa = PBXBuildFile; fileRef = CDC765C01729A72800721712 /* SecPasswordGenerate.c */; }; - CDC765C41729A72800721712 /* SecPasswordGenerate.h in Headers */ = {isa = PBXBuildFile; fileRef = CDC765C11729A72800721712 /* SecPasswordGenerate.h */; }; - CDD565A2173193AC00B6B074 /* si-73-secpasswordgenerate.c in Sources */ = {isa = PBXBuildFile; fileRef = CDD565A1173193AC00B6B074 /* si-73-secpasswordgenerate.c */; }; - CDDEF81A19465E2E0069763C /* IDSFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD558FA8193544F800CFB3B1 /* IDSFoundation.framework */; }; - CDE5F87B1AF025A40074958E /* SOSRingDER.c in Sources */ = {isa = PBXBuildFile; fileRef = CDC0DC321AE83E390020BA6C /* SOSRingDER.c */; }; - CDE5F87C1AF025AC0074958E /* SOSRingDER.h in Headers */ = {isa = PBXBuildFile; fileRef = CDC0DC331AE83E390020BA6C /* SOSRingDER.h */; }; - CDE5F87D1AF025AC0074958E /* SOSRingPeerInfoUtils.c in Sources */ = {isa = PBXBuildFile; fileRef = CDC0DC341AE83E390020BA6C /* SOSRingPeerInfoUtils.c */; }; - CDE5F87E1AF025AC0074958E /* SOSRingPeerInfoUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = CDC0DC351AE83E390020BA6C /* SOSRingPeerInfoUtils.h */; }; - CDE5F87F1AF025AC0074958E /* SOSRingTypes.c in Sources */ = {isa = PBXBuildFile; fileRef = CDC0DC361AE83E390020BA6C /* SOSRingTypes.c */; }; - CDE5F8801AF025AC0074958E /* SOSRingTypes.h in Headers */ = {isa = PBXBuildFile; fileRef = CDC0DC371AE83E390020BA6C /* SOSRingTypes.h */; }; - CDE5F8811AF025AC0074958E /* SOSRingUtils.c in Sources */ = {isa = PBXBuildFile; fileRef = CDC0DC381AE83E390020BA6C /* SOSRingUtils.c */; }; - CDE5F8821AF025AC0074958E /* SOSRingUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = CDC0DC391AE83E390020BA6C /* SOSRingUtils.h */; }; - CDE5F8831AF025AC0074958E /* SOSRingV0.c in Sources */ = {isa = PBXBuildFile; fileRef = CDC0DC3A1AE83E390020BA6C /* SOSRingV0.c */; }; - CDE5F8841AF025AC0074958E /* SOSRingV0.h in Headers */ = {isa = PBXBuildFile; fileRef = CDC0DC3B1AE83E390020BA6C /* SOSRingV0.h */; }; - CDE5F8851AF025B30074958E /* SOSConcordanceTrust.h in Headers */ = {isa = PBXBuildFile; fileRef = CDC0DC981AE842640020BA6C /* SOSConcordanceTrust.h */; }; - CDE5F8861AF025B30074958E /* SOSGenCount.c in Sources */ = {isa = PBXBuildFile; fileRef = CDC0DC991AE842640020BA6C /* SOSGenCount.c */; }; - CDE5F8871AF025B30074958E /* SOSGenCount.h in Headers */ = {isa = PBXBuildFile; fileRef = CDC0DC9A1AE842640020BA6C /* SOSGenCount.h */; }; - CDE5F8881AF025B30074958E /* SOSRing.h in Headers */ = {isa = PBXBuildFile; fileRef = CDC0DC2D1AE83E390020BA6C /* SOSRing.h */; }; - CDE5F8891AF025B30074958E /* SOSRingBackup.c in Sources */ = {isa = PBXBuildFile; fileRef = 489EA3C11AEAE659004A6AEB /* SOSRingBackup.c */; }; - CDE5F88A1AF025B30074958E /* SOSRingBackup.h in Headers */ = {isa = PBXBuildFile; fileRef = 489EA3C21AEAE659004A6AEB /* SOSRingBackup.h */; }; - CDE5F88B1AF025B30074958E /* SOSRingBasic.c in Sources */ = {isa = PBXBuildFile; fileRef = CDC0DC2E1AE83E390020BA6C /* SOSRingBasic.c */; }; - CDE5F88C1AF025B30074958E /* SOSRingBasic.h in Headers */ = {isa = PBXBuildFile; fileRef = CDC0DC2F1AE83E390020BA6C /* SOSRingBasic.h */; }; - CDE5F88D1AF025B30074958E /* SOSRingConcordanceTrust.c in Sources */ = {isa = PBXBuildFile; fileRef = CDC0DC301AE83E390020BA6C /* SOSRingConcordanceTrust.c */; }; - CDE5F88E1AF025B30074958E /* SOSRingConcordanceTrust.h in Headers */ = {isa = PBXBuildFile; fileRef = CDC0DC311AE83E390020BA6C /* SOSRingConcordanceTrust.h */; }; - CDE5F88F1AF025B80074958E /* SOSCircleV2.c in Sources */ = {isa = PBXBuildFile; fileRef = CDC0DC961AE842640020BA6C /* SOSCircleV2.c */; }; - CDE5F8901AF025B80074958E /* SOSCircleV2.h in Headers */ = {isa = PBXBuildFile; fileRef = CDC0DC971AE842640020BA6C /* SOSCircleV2.h */; }; - CDE5F8911AF025B80074958E /* SOSCircleRings.h in Headers */ = {isa = PBXBuildFile; fileRef = 484182621A30F38E00211511 /* SOSCircleRings.h */; }; - CDE5F89B1AF025BE0074958E /* SOSAccount.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC929AE15A3957800C6D578 /* SOSAccount.h */; }; - CDE5F89D1AF025BE0074958E /* SOSAccountPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 48764AEA17FA31670005C4F1 /* SOSAccountPriv.h */; }; - CDE5F8A11AF025BE0074958E /* SOSBackupSliceKeyBag.h in Headers */ = {isa = PBXBuildFile; fileRef = E71BAE811ACE1C6500DF0C29 /* SOSBackupSliceKeyBag.h */; }; - CDE5F8A21AF025D60074958E /* SOSPeerInfoDER.c in Sources */ = {isa = PBXBuildFile; fileRef = E7DBB6081AEAAF3700488C1F /* SOSPeerInfoDER.c */; }; - CDE5F8A31AF025D60074958E /* SOSPeerInfoDER.h in Headers */ = {isa = PBXBuildFile; fileRef = E7DBB6091AEAAF3700488C1F /* SOSPeerInfoDER.h */; }; - CDE5F8A41AF025D60074958E /* SOSPeerInfoCollections.h in Headers */ = {isa = PBXBuildFile; fileRef = E7A634E417FA472700920B67 /* SOSPeerInfoCollections.h */; }; - CDE5F8A51AF025D60074958E /* SOSPeerInfoRingState.c in Sources */ = {isa = PBXBuildFile; fileRef = CDC0DC2B1AE83E390020BA6C /* SOSPeerInfoRingState.c */; }; - CDE5F8A61AF025D60074958E /* SOSPeerInfoRingState.h in Headers */ = {isa = PBXBuildFile; fileRef = CDC0DC2C1AE83E390020BA6C /* SOSPeerInfoRingState.h */; }; - CDE5F8A71AF025DC0074958E /* SOSARCDefines.h in Headers */ = {isa = PBXBuildFile; fileRef = E7DBB6061AEAAF1200488C1F /* SOSARCDefines.h */; }; - CDE5F8A81AF025DC0074958E /* SOSECWrapUnwrap.c in Sources */ = {isa = PBXBuildFile; fileRef = E7C4F53F1AD4445C000B5862 /* SOSECWrapUnwrap.c */; }; - CDE5F8AA1AF026130074958E /* SOSTransportMessageIDS.c in Sources */ = {isa = PBXBuildFile; fileRef = CD2026B41936ABD300AB9D3C /* SOSTransportMessageIDS.c */; }; - CDE5F8AB1AF026180074958E /* SOSTransportMessageIDS.h in Headers */ = {isa = PBXBuildFile; fileRef = CD2026B31936ABD300AB9D3C /* SOSTransportMessageIDS.h */; }; - CDE5F8AC1AF026470074958E /* SOSTransport.c in Sources */ = {isa = PBXBuildFile; fileRef = CD86DE4D18BD554D00C90CDF /* SOSTransport.c */; }; - CDE5F8AD1AF026470074958E /* SOSTransport.h in Headers */ = {isa = PBXBuildFile; fileRef = CDF1B82218BD7DDE006309BC /* SOSTransport.h */; }; - CDE5F8B01AF026470074958E /* SOSTransportCircle.c in Sources */ = {isa = PBXBuildFile; fileRef = CD0F8AF51899BF46003E0C52 /* SOSTransportCircle.c */; }; - CDE5F8B11AF026470074958E /* SOSTransportCircle.h in Headers */ = {isa = PBXBuildFile; fileRef = CD0F8AF91899BF63003E0C52 /* SOSTransportCircle.h */; }; - CDE5F8B21AF026470074958E /* SOSTransportCircleKVS.c in Sources */ = {isa = PBXBuildFile; fileRef = CD32777218F8B31E006B5280 /* SOSTransportCircleKVS.c */; }; - CDE5F8B31AF026470074958E /* SOSTransportCircleKVS.h in Headers */ = {isa = PBXBuildFile; fileRef = CD32777418F8B330006B5280 /* SOSTransportCircleKVS.h */; }; - CDE5F8B41AF026470074958E /* SOSTransportKeyParameter.c in Sources */ = {isa = PBXBuildFile; fileRef = CD09B90718A08EBE00E787E1 /* SOSTransportKeyParameter.c */; }; - CDE5F8B51AF026470074958E /* SOSTransportKeyParameter.h in Headers */ = {isa = PBXBuildFile; fileRef = CD09B90918A08ECD00E787E1 /* SOSTransportKeyParameter.h */; }; - CDE5F8B61AF026470074958E /* SOSTransportKeyParameterKVS.c in Sources */ = {isa = PBXBuildFile; fileRef = CD32776E18F8B2FC006B5280 /* SOSTransportKeyParameterKVS.c */; }; - CDE5F8B71AF026470074958E /* SOSTransportKeyParameterKVS.h in Headers */ = {isa = PBXBuildFile; fileRef = CD32777018F8B30E006B5280 /* SOSTransportKeyParameterKVS.h */; }; - CDE5F8B81AF026470074958E /* SOSTransportMessage.c in Sources */ = {isa = PBXBuildFile; fileRef = CD0F8AF31899BF33003E0C52 /* SOSTransportMessage.c */; }; - CDE5F8B91AF026470074958E /* SOSTransportMessage.h in Headers */ = {isa = PBXBuildFile; fileRef = CD0F8AF71899BF57003E0C52 /* SOSTransportMessage.h */; }; - CDE5F8BA1AF026470074958E /* SOSTransportMessageKVS.c in Sources */ = {isa = PBXBuildFile; fileRef = CD32777618F8B39B006B5280 /* SOSTransportMessageKVS.c */; }; - CDE5F8BB1AF026470074958E /* SOSTransportMessageKVS.h in Headers */ = {isa = PBXBuildFile; fileRef = CD32777818F8B3B4006B5280 /* SOSTransportMessageKVS.h */; }; - CDF9BBE11B03E24D00D1AF0F /* secd-52-offering-gencount-reset.c in Sources */ = {isa = PBXBuildFile; fileRef = CDF9BBE01B03E24D00D1AF0F /* secd-52-offering-gencount-reset.c */; }; - D40771BE1C9B50590016AA66 /* si-82-seccertificate-ct.c in Sources */ = {isa = PBXBuildFile; fileRef = D40771AB1C9B4C530016AA66 /* si-82-seccertificate-ct.c */; }; - D40771BF1C9B50590016AA66 /* si-82-sectrust-ct.m in Sources */ = {isa = PBXBuildFile; fileRef = D40771AC1C9B4C530016AA66 /* si-82-sectrust-ct.m */; }; - D4273AA61B5D54E70007D67B /* nameconstraints.c in Sources */ = {isa = PBXBuildFile; fileRef = D4273AA21B5D54CA0007D67B /* nameconstraints.c */; }; - D43091551D84D7FE004097DA /* si-25-cms-skid.m in Sources */ = {isa = PBXBuildFile; fileRef = D43091511D84D482004097DA /* si-25-cms-skid.m */; }; - D43091561D84D80B004097DA /* si-25-cms-skid.h in Headers */ = {isa = PBXBuildFile; fileRef = D43091531D84D494004097DA /* si-25-cms-skid.h */; }; - D43CDF731C9C77540020217E /* si-28-sectrustsettings.m in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A2E15A3ABD400C6D578 /* si-28-sectrustsettings.m */; }; - D442160A1CCAD9C200D2D455 /* si-22-sectrust-iap.h in Headers */ = {isa = PBXBuildFile; fileRef = D44216091CCAD9C200D2D455 /* si-22-sectrust-iap.h */; }; - D44C81E81CD1944C00BE9A0D /* si-97-sectrust-path-scoring.m in Sources */ = {isa = PBXBuildFile; fileRef = D44C81E71CD1944C00BE9A0D /* si-97-sectrust-path-scoring.m */; }; - D44C81EA1CD1947200BE9A0D /* si-97-sectrust-path-scoring.h in Headers */ = {isa = PBXBuildFile; fileRef = D44C81E91CD1947200BE9A0D /* si-97-sectrust-path-scoring.h */; }; - D45FC3E71C9E084B00509CDA /* SecBase64.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD561D14CB6EB9008233F2 /* SecBase64.c */; }; - D4653DEB1C9E2299002ED6D5 /* si-28-sectrustsettings.h in Headers */ = {isa = PBXBuildFile; fileRef = D4653DEA1C9E2299002ED6D5 /* si-28-sectrustsettings.h */; }; - D4704F341C76AEB600E15025 /* SecPolicyLeafCallbacks.c in Sources */ = {isa = PBXBuildFile; fileRef = D48C567C1C73E5C300E41928 /* SecPolicyLeafCallbacks.c */; }; - D474EF341C8A1CBC00AA4D86 /* personalization.c in Sources */ = {isa = PBXBuildFile; fileRef = D474EF321C8A1CBB00AA4D86 /* personalization.c */; }; - D474EF351C8A1CBC00AA4D86 /* personalization.h in Headers */ = {isa = PBXBuildFile; fileRef = D474EF331C8A1CBB00AA4D86 /* personalization.h */; }; - D47F511D1C3B660500A7CEFE /* SecCFAllocator.c in Sources */ = {isa = PBXBuildFile; fileRef = D47F511B1C3B660500A7CEFE /* SecCFAllocator.c */; }; - D47F511E1C3B660500A7CEFE /* SecCFAllocator.c in Sources */ = {isa = PBXBuildFile; fileRef = D47F511B1C3B660500A7CEFE /* SecCFAllocator.c */; }; - D47F511F1C3B660500A7CEFE /* SecCFAllocator.h in Headers */ = {isa = PBXBuildFile; fileRef = D47F511C1C3B660500A7CEFE /* SecCFAllocator.h */; }; - D483DF6A1CD2DF9B00334824 /* si-20-sectrust.h in Headers */ = {isa = PBXBuildFile; fileRef = BE3171921BB3559600BBB212 /* si-20-sectrust.h */; }; - D48C567D1C73E5C300E41928 /* SecPolicyLeafCallbacks.c in Sources */ = {isa = PBXBuildFile; fileRef = D48C567C1C73E5C300E41928 /* SecPolicyLeafCallbacks.c */; }; - D4A919771CA9A3DD003D2ADA /* si-95-cms-basic.c in Sources */ = {isa = PBXBuildFile; fileRef = D4A919751CA9A3DD003D2ADA /* si-95-cms-basic.c */; }; - D4A919781CA9A3DD003D2ADA /* si-95-cms-basic.h in Headers */ = {isa = PBXBuildFile; fileRef = D4A919761CA9A3DD003D2ADA /* si-95-cms-basic.h */; }; - D4B2E7941DAEFBB500F79E03 /* wosign_certs.h in Headers */ = {isa = PBXBuildFile; fileRef = D4B2E7911DAEFBB500F79E03 /* wosign_certs.h */; }; - D4B2E7951DAEFBB500F79E03 /* date_testing_certs.h in Headers */ = {isa = PBXBuildFile; fileRef = D4B2E7921DAEFBB500F79E03 /* date_testing_certs.h */; }; - D4B2E7961DAEFBB500F79E03 /* cnnic_certs.h in Headers */ = {isa = PBXBuildFile; fileRef = D4B2E7931DAEFBB500F79E03 /* cnnic_certs.h */; }; - D4CBC1481BE9A89E00C5795E /* si-89-cms-hash-agility.c in Sources */ = {isa = PBXBuildFile; fileRef = D4CBC1461BE9A89E00C5795E /* si-89-cms-hash-agility.c */; }; - D4CBC1491BE9A89E00C5795E /* si-89-cms-hash-agility.h in Headers */ = {isa = PBXBuildFile; fileRef = D4CBC1471BE9A89E00C5795E /* si-89-cms-hash-agility.h */; }; - D4D886C11CEB9FAC00DC7583 /* si-87-sectrust-name-constraints.c in Sources */ = {isa = PBXBuildFile; fileRef = D4DFC9481B9958D00040945C /* si-87-sectrust-name-constraints.c */; }; - D4D886C21CEB9FC600DC7583 /* si-85-sectrust-ssl-policy.c in Sources */ = {isa = PBXBuildFile; fileRef = D4B4A9A61B8801960097B393 /* si-85-sectrust-ssl-policy.c */; }; - D4D886EB1CEBF9C300DC7583 /* si-15-certificate.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A1C15A3ABD400C6D578 /* si-15-certificate.c */; }; - D4D886EC1CEBF9C700DC7583 /* si-16-ec-certificate.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A1D15A3ABD400C6D578 /* si-16-ec-certificate.c */; }; - D4D886ED1CEC006100DC7583 /* si-20-sectrust.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A1F15A3ABD400C6D578 /* si-20-sectrust.c */; }; - D4D886EE1CEC007000DC7583 /* si-21-sectrust-asr.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A2015A3ABD400C6D578 /* si-21-sectrust-asr.c */; }; - D4D886EF1CEC007900DC7583 /* si-22-sectrust-iap.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A2115A3ABD400C6D578 /* si-22-sectrust-iap.c */; }; - D4D886F01CEC008600DC7583 /* si-23-sectrust-ocsp.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A2215A3ABD400C6D578 /* si-23-sectrust-ocsp.c */; }; - D4D886F11CECE75000DC7583 /* SecTrustInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = BE8D22C11ABB9B6E009A4E18 /* SecTrustInternal.h */; }; - D4D886F41CED027800DC7583 /* si-24-sectrust-itms.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A2615A3ABD400C6D578 /* si-24-sectrust-itms.c */; }; - D4D886F51CED027D00DC7583 /* si-24-sectrust-nist.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A2815A3ABD400C6D578 /* si-24-sectrust-nist.c */; }; - D4D887531CED0A9100DC7583 /* si-24-sectrust-digicert-malaysia.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A2415A3ABD400C6D578 /* si-24-sectrust-digicert-malaysia.c */; }; - D4D887541CED0A9700DC7583 /* si-24-sectrust-diginotar.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A2515A3ABD400C6D578 /* si-24-sectrust-diginotar.c */; }; - D4D887551CED0B7D00DC7583 /* si-24-sectrust-passbook.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A2A15A3ABD400C6D578 /* si-24-sectrust-passbook.c */; }; - D4D887561CED0B8600DC7583 /* si-26-sectrust-copyproperties.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A2C15A3ABD400C6D578 /* si-26-sectrust-copyproperties.c */; }; - D4D887571CED0B9400DC7583 /* si-27-sectrust-exceptions.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A2D15A3ABD400C6D578 /* si-27-sectrust-exceptions.c */; }; - D4D887581CED40A000DC7583 /* si-71-mobile-store-policy.c in Sources */ = {isa = PBXBuildFile; fileRef = 5DE4A7BC17441CCD0036339E /* si-71-mobile-store-policy.c */; }; - D4D887591CED40A500DC7583 /* si-70-sectrust-unified.c in Sources */ = {isa = PBXBuildFile; fileRef = BE62D7611747FF51001EAA9D /* si-70-sectrust-unified.c */; }; - D4D8875A1CED40AA00DC7583 /* si-67-sectrust-blacklist.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92A5A15A3ABD400C6D578 /* si-67-sectrust-blacklist.c */; }; - D4D8875E1CED490700DC7583 /* si-74-OTAPKISigner.c in Sources */ = {isa = PBXBuildFile; fileRef = 7255A46B1783333D006A8B9A /* si-74-OTAPKISigner.c */; }; - D4D8875F1CED491A00DC7583 /* si-83-seccertificate-sighashalg.c in Sources */ = {isa = PBXBuildFile; fileRef = BE0CC6061A96B68400662E69 /* si-83-seccertificate-sighashalg.c */; }; - D4D9BA2E1C7E5F19008785EB /* SecTrustInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = BE8D22C11ABB9B6E009A4E18 /* SecTrustInternal.h */; }; - D4D9BA2F1C7E611C008785EB /* SecServerEncryptionSupport.c in Sources */ = {isa = PBXBuildFile; fileRef = E795C9531913F88D00FA068C /* SecServerEncryptionSupport.c */; }; - D4EC94FF1CEA4A870083E753 /* si-20-sectrust-policies.m in Sources */ = {isa = PBXBuildFile; fileRef = D4EC94D31CEA47D70083E753 /* si-20-sectrust-policies.m */; }; - E703811514E1FEEF007CB458 /* SOSCloudCircle.h in Headers */ = {isa = PBXBuildFile; fileRef = E703811114E1FEE4007CB458 /* SOSCloudCircle.h */; }; - E71049F3169E023B00DB0045 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 521C0B9815FA5C4A00604B61 /* Foundation.framework */; }; - E7104A01169E036E00DB0045 /* SecurityTool.c in Sources */ = {isa = PBXBuildFile; fileRef = E71049FF169E036E00DB0045 /* SecurityTool.c */; }; - E7104A18169E216E00DB0045 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 521C0B9815FA5C4A00604B61 /* Foundation.framework */; }; - E71BAE7F1ACE1AB900DF0C29 /* sc-153-backupslicekeybag.c in Sources */ = {isa = PBXBuildFile; fileRef = E71BAE7E1ACE1AB900DF0C29 /* sc-153-backupslicekeybag.c */; }; - E7217B2715F8131A00D26031 /* SOSCloudKeychainConstants.c in Sources */ = {isa = PBXBuildFile; fileRef = E7217B2515F8131A00D26031 /* SOSCloudKeychainConstants.c */; }; - E7217B2815F8131A00D26031 /* SOSCloudKeychainConstants.h in Headers */ = {isa = PBXBuildFile; fileRef = E7217B2615F8131A00D26031 /* SOSCloudKeychainConstants.h */; settings = {ATTRIBUTES = (); }; }; - E7285C981AE1E4A800AD412D /* SOSEngine.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C9DC91915B602760036D941 /* SOSEngine.h */; }; - E7285CAD1AE1E4DF00AD412D /* SOSChangeTracker.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C31C3CC1A9E5CDA009098D8 /* SOSChangeTracker.h */; }; - E738B71A1D11D88C0099E5C5 /* SOSAccount.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC929AD15A3957800C6D578 /* SOSAccount.c */; }; - E738B71B1D11D88C0099E5C5 /* SOSAccountTransaction.c in Sources */ = {isa = PBXBuildFile; fileRef = 48FD04F11CEFCFB900BEBBFF /* SOSAccountTransaction.c */; }; - E738B71C1D11D88C0099E5C5 /* SOSAccountBackup.c in Sources */ = {isa = PBXBuildFile; fileRef = E7C4F5451AD75EBE000B5862 /* SOSAccountBackup.c */; }; - E738B71D1D11D88C0099E5C5 /* SOSAccountCircles.c in Sources */ = {isa = PBXBuildFile; fileRef = 48764AF417FA3FE50005C4F1 /* SOSAccountCircles.c */; }; - E738B71E1D11D88C0099E5C5 /* SOSAccountHSAJoin.c in Sources */ = {isa = PBXBuildFile; fileRef = 48FABEDB1AD05C1D00C061D1 /* SOSAccountHSAJoin.c */; }; - E738B71F1D11D88C0099E5C5 /* SOSAccountCloudParameters.c in Sources */ = {isa = PBXBuildFile; fileRef = 48C7DF9917FF44EF00904F1A /* SOSAccountCloudParameters.c */; }; - E738B7201D11D88C0099E5C5 /* SOSAccountCredentials.c in Sources */ = {isa = PBXBuildFile; fileRef = 48C7DF9217FF2DB500904F1A /* SOSAccountCredentials.c */; }; - E738B7211D11D88C0099E5C5 /* SOSAccountDer.c in Sources */ = {isa = PBXBuildFile; fileRef = 48764AE717FA2DD00005C4F1 /* SOSAccountDer.c */; }; - E738B7221D11D88C0099E5C5 /* SOSAccountFullPeerInfo.c in Sources */ = {isa = PBXBuildFile; fileRef = 48C7DF9717FF360F00904F1A /* SOSAccountFullPeerInfo.c */; }; - E738B7231D11D88C0099E5C5 /* SOSAccountPeers.c in Sources */ = {isa = PBXBuildFile; fileRef = 48C7DF9517FF351A00904F1A /* SOSAccountPeers.c */; }; - E738B7241D11D88C0099E5C5 /* SOSAccountPersistence.c in Sources */ = {isa = PBXBuildFile; fileRef = 48764AEB17FA31E50005C4F1 /* SOSAccountPersistence.c */; }; - E738B7251D11D88C0099E5C5 /* SOSAccountLog.c in Sources */ = {isa = PBXBuildFile; fileRef = 48122CC71CFF88DC009BE3E3 /* SOSAccountLog.c */; }; - E738B7261D11D88C0099E5C5 /* SOSAccountUpdate.c in Sources */ = {isa = PBXBuildFile; fileRef = 48764AEE17FA36200005C4F1 /* SOSAccountUpdate.c */; }; - E738B7271D11D88C0099E5C5 /* SOSAccountRings.c in Sources */ = {isa = PBXBuildFile; fileRef = CDC0DC941AE842640020BA6C /* SOSAccountRings.c */; }; - E738B7281D11D88C0099E5C5 /* SOSAccountRingUpdate.c in Sources */ = {isa = PBXBuildFile; fileRef = CDC0DC951AE842640020BA6C /* SOSAccountRingUpdate.c */; }; - E738B72A1D11D88C0099E5C5 /* SOSBackupEvent.c in Sources */ = {isa = PBXBuildFile; fileRef = 528462991AE6FCF0004C1BA2 /* SOSBackupEvent.c */; }; - E738B72B1D11D88C0099E5C5 /* SOSBackupSliceKeyBag.c in Sources */ = {isa = PBXBuildFile; fileRef = E71BAE801ACE1C6500DF0C29 /* SOSBackupSliceKeyBag.c */; }; - E738B72C1D11D88C0099E5C5 /* SOSUserKeygen.c in Sources */ = {isa = PBXBuildFile; fileRef = 4802A59516D711060059E5B9 /* SOSUserKeygen.c */; }; - E738B72F1D11D9760099E5C5 /* SOSChangeTracker.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C31C3CB1A9E5CDA009098D8 /* SOSChangeTracker.c */; }; - E738B7301D11D9840099E5C5 /* SOSEngine.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C9DC91C15B602910036D941 /* SOSEngine.c */; }; - E738B7321D11DAB70099E5C5 /* SOSAccountViewSync.c in Sources */ = {isa = PBXBuildFile; fileRef = E75320EB1D0B83FC00DAB140 /* SOSAccountViewSync.c */; }; - E739A9DB1D3078D9003C088A /* NSFileHandle+Formatting.m in Sources */ = {isa = PBXBuildFile; fileRef = E739A9DA1D3078D9003C088A /* NSFileHandle+Formatting.m */; }; - E748744515A61AF800624935 /* si-68-secmatchissuer.c in Sources */ = {isa = PBXBuildFile; fileRef = E748744415A61AF800624935 /* si-68-secmatchissuer.c */; }; - E75AB91B1AE9964800C5EF3F /* secd-40-cc-gestalt.c in Sources */ = {isa = PBXBuildFile; fileRef = E75AB9191AE9958300C5EF3F /* secd-40-cc-gestalt.c */; }; - E76079C11951FD2800F69731 /* SecLogging.c in Sources */ = {isa = PBXBuildFile; fileRef = E795C94119116EA200FA068C /* SecLogging.c */; }; - E763D6231624E2670038477D /* sc-20-keynames.c in Sources */ = {isa = PBXBuildFile; fileRef = E763D6221624E2670038477D /* sc-20-keynames.c */; }; - E777C6B115B4DDF2004044A8 /* sc-40-circle.c in Sources */ = {isa = PBXBuildFile; fileRef = E777C6B015B4DDF2004044A8 /* sc-40-circle.c */; }; - E777C71C15B73F59004044A8 /* SOSInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = E777C71B15B73F59004044A8 /* SOSInternal.h */; settings = {ATTRIBUTES = (); }; }; - E777C71E15B73F9E004044A8 /* SOSInternal.c in Sources */ = {isa = PBXBuildFile; fileRef = E777C71D15B73F9E004044A8 /* SOSInternal.c */; }; - E777C72615B87545004044A8 /* SOSPeerInfo.c in Sources */ = {isa = PBXBuildFile; fileRef = E777C72515B87544004044A8 /* SOSPeerInfo.c */; }; - E777C72715B882E5004044A8 /* SOSPeerInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = E777C72415B87528004044A8 /* SOSPeerInfo.h */; }; - E77DE60B1C2882EC005259C2 /* si-17-item-system-bluetooth.m in Sources */ = {isa = PBXBuildFile; fileRef = E7EF51911C24C6E3002D0C23 /* si-17-item-system-bluetooth.m */; }; - E7850ED01BB30E80002A54CA /* secd-63-account-resurrection.c in Sources */ = {isa = PBXBuildFile; fileRef = E731829F1B1FC9CD00FC334C /* secd-63-account-resurrection.c */; }; - E7850ED11BB30E87002A54CA /* secd-65-account-retirement-reset.c in Sources */ = {isa = PBXBuildFile; fileRef = E7850ECE1BB30E6E002A54CA /* secd-65-account-retirement-reset.c */; }; - E78A9AB21D34263100006B5B /* secd-130-other-peer-views.c in Sources */ = {isa = PBXBuildFile; fileRef = E739A9DC1D318FA4003C088A /* secd-130-other-peer-views.c */; }; - E78A9AB31D34630300006B5B /* secd-95-escrow-persistence.c in Sources */ = {isa = PBXBuildFile; fileRef = CD8F442C1B83C435004C0047 /* secd-95-escrow-persistence.c */; }; - E790C110169E53DF00E0C0C9 /* leaks.c in Sources */ = {isa = PBXBuildFile; fileRef = E790C10E169E53DF00E0C0C9 /* leaks.c */; }; - E790C141169E5C6200E0C0C9 /* add_internet_password.c in Sources */ = {isa = PBXBuildFile; fileRef = E790C136169E5C6200E0C0C9 /* add_internet_password.c */; }; - E790C142169E5C6200E0C0C9 /* codesign.c in Sources */ = {isa = PBXBuildFile; fileRef = E790C137169E5C6200E0C0C9 /* codesign.c */; }; - E790C143169E5C6200E0C0C9 /* keychain_add.c in Sources */ = {isa = PBXBuildFile; fileRef = E790C138169E5C6200E0C0C9 /* keychain_add.c */; }; - E790C144169E5C6200E0C0C9 /* keychain_find.c in Sources */ = {isa = PBXBuildFile; fileRef = E790C139169E5C6200E0C0C9 /* keychain_find.c */; }; - E790C145169E5C6200E0C0C9 /* pkcs12_util.c in Sources */ = {isa = PBXBuildFile; fileRef = E790C13A169E5C6200E0C0C9 /* pkcs12_util.c */; }; - E790C147169E5C6200E0C0C9 /* scep.c in Sources */ = {isa = PBXBuildFile; fileRef = E790C13D169E5C6200E0C0C9 /* scep.c */; }; - E790C148169E5C6200E0C0C9 /* show_certificates.c in Sources */ = {isa = PBXBuildFile; fileRef = E790C13F169E5C6200E0C0C9 /* show_certificates.c */; }; - E790C149169E5C6200E0C0C9 /* spc.c in Sources */ = {isa = PBXBuildFile; fileRef = E790C140169E5C6200E0C0C9 /* spc.c */; }; - E79277E3163B110A0096F3E2 /* SOSFullPeerInfo.c in Sources */ = {isa = PBXBuildFile; fileRef = E79277E1163B110A0096F3E2 /* SOSFullPeerInfo.c */; }; - E79277E4163B110A0096F3E2 /* SOSFullPeerInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = E79277E2163B110A0096F3E2 /* SOSFullPeerInfo.h */; settings = {ATTRIBUTES = (); }; }; - E795C94019100F6100FA068C /* log_control.c in Sources */ = {isa = PBXBuildFile; fileRef = E795C93E19100F5000FA068C /* log_control.c */; }; - E795C9481911A41300FA068C /* SecLogSettingsServer.c in Sources */ = {isa = PBXBuildFile; fileRef = E795C9471911A41200FA068C /* SecLogSettingsServer.c */; }; - E795C9541913F88D00FA068C /* SecServerEncryptionSupport.c in Sources */ = {isa = PBXBuildFile; fileRef = E795C9531913F88D00FA068C /* SecServerEncryptionSupport.c */; }; - E79D62BB176798FD005A9743 /* secd-50-account.c in Sources */ = {isa = PBXBuildFile; fileRef = E79D62B9176798BF005A9743 /* secd-50-account.c */; }; - E79D62BC176799DB005A9743 /* SOSRegressionUtilities.c in Sources */ = {isa = PBXBuildFile; fileRef = 521C0CD515FF9B3300604B61 /* SOSRegressionUtilities.c */; }; - E79D62BD176799EE005A9743 /* SOSTestDataSource.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CB8A83716164B7700B52EC7 /* SOSTestDataSource.c */; }; - E79D62C01767A5BC005A9743 /* SecdTestKeychainUtilities.c in Sources */ = {isa = PBXBuildFile; fileRef = E79D62BE1767A547005A9743 /* SecdTestKeychainUtilities.c */; }; - E7A10FAC1771246A00C4602F /* secd-55-account-circle.c in Sources */ = {isa = PBXBuildFile; fileRef = E7A10FAB1771246A00C4602F /* secd-55-account-circle.c */; }; - E7A10FAE1771249C00C4602F /* secd-57-account-leave.c in Sources */ = {isa = PBXBuildFile; fileRef = E7A10FAD1771249C00C4602F /* secd-57-account-leave.c */; }; - E7A634E317FA471500920B67 /* SOSPeerInfoCollections.c in Sources */ = {isa = PBXBuildFile; fileRef = E7A634E217FA471500920B67 /* SOSPeerInfoCollections.c */; }; - E7ACD2FB1D30204E0038050D /* keychain_sync_test.m in Sources */ = {isa = PBXBuildFile; fileRef = E7ACD2F91D30204E0038050D /* keychain_sync_test.m */; }; - E7B01B5B16532507000485F1 /* SOSCloudCircleInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = E7B01B5A16532507000485F1 /* SOSCloudCircleInternal.h */; settings = {ATTRIBUTES = (); }; }; - E7B01B691655DF20000485F1 /* SOSCloudCircleServer.c in Sources */ = {isa = PBXBuildFile; fileRef = E7B01B671655CCA6000485F1 /* SOSCloudCircleServer.c */; }; - E7CA197A17179EC20065299C /* si-69-keydesc.c in Sources */ = {isa = PBXBuildFile; fileRef = CDA7729616B899F10069434D /* si-69-keydesc.c */; }; - E7EBD75819145DF000D0F062 /* so_01_serverencryption.c in Sources */ = {isa = PBXBuildFile; fileRef = E7EBD75619145D6400D0F062 /* so_01_serverencryption.c */; }; - E7F0D3EA177BBE35001ACBC1 /* secd-55-account-incompatibility.c in Sources */ = {isa = PBXBuildFile; fileRef = E7F0D3E9177BBE35001ACBC1 /* secd-55-account-incompatibility.c */; }; - E7F18555177A44E000177B23 /* secd-60-account-cloud-identity.c in Sources */ = {isa = PBXBuildFile; fileRef = E7F18554177A44E000177B23 /* secd-60-account-cloud-identity.c */; }; - E7F18557177A502900177B23 /* secd-56-account-apply.c in Sources */ = {isa = PBXBuildFile; fileRef = E7F18556177A502900177B23 /* secd-56-account-apply.c */; }; - E7FEFB87169E363300E18152 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 521C0B9815FA5C4A00604B61 /* Foundation.framework */; }; - E7FEFB91169E36D800E18152 /* keychain_sync.c in Sources */ = {isa = PBXBuildFile; fileRef = E7FEFB90169E36D800E18152 /* keychain_sync.c */; }; - EB3409AF1C1D5BBE00D77661 /* secd-20-keychain_upgrade.m in Sources */ = {isa = PBXBuildFile; fileRef = EB3409AE1C1D5BB300D77661 /* secd-20-keychain_upgrade.m */; }; - EB36F0421D9041FC0094C601 /* secd-35-keychain-migrate-inet.c in Sources */ = {isa = PBXBuildFile; fileRef = 4483050D1B46FB6C00326450 /* secd-35-keychain-migrate-inet.c */; }; - EB36F0431D9041FC0094C601 /* secd-36-ks-encrypt.m in Sources */ = {isa = PBXBuildFile; fileRef = EB36F0401D9041F40094C601 /* secd-36-ks-encrypt.m */; }; - EB6432BD1C510A6E00B671F2 /* SecDigest.c in Sources */ = {isa = PBXBuildFile; fileRef = EB6432BC1C510A6E00B671F2 /* SecDigest.c */; }; - EB6432BE1C510A6E00B671F2 /* SecDigest.c in Sources */ = {isa = PBXBuildFile; fileRef = EB6432BC1C510A6E00B671F2 /* SecDigest.c */; }; - EB69AB041BF3C42F00913AF1 /* SecEMCS.m in Sources */ = {isa = PBXBuildFile; fileRef = EB69AB031BF3C42F00913AF1 /* SecEMCS.m */; }; - EB69AB061BF425FD00913AF1 /* si-90-emcs.m in Sources */ = {isa = PBXBuildFile; fileRef = EB69AB051BF425F300913AF1 /* si-90-emcs.m */; }; - EB69AB071BF4332700913AF1 /* si-90-emcs.m in Sources */ = {isa = PBXBuildFile; fileRef = EB69AB051BF425F300913AF1 /* si-90-emcs.m */; }; - EB9C1D0A1BDDBDE000F89272 /* si-13-item-system.m in Sources */ = {isa = PBXBuildFile; fileRef = EB9C1D091BDDBDD500F89272 /* si-13-item-system.m */; }; - EBC1B8B81BE96B3A00E6ACA6 /* digest_calc.c in Sources */ = {isa = PBXBuildFile; fileRef = E790C109169E4FD200E0C0C9 /* digest_calc.c */; }; - EBC1B8B91BE96B3A00E6ACA6 /* whoami.m in Sources */ = {isa = PBXBuildFile; fileRef = EBC1B8B61BE96B3200E6ACA6 /* whoami.m */; }; - EBD344801D234E37008B6DEA /* si-15-delete-access-group.m in Sources */ = {isa = PBXBuildFile; fileRef = EBD3447F1D234E26008B6DEA /* si-15-delete-access-group.m */; }; - EBDAECBC184D32BD005A18F1 /* sc-31-peerinfo-simplefuzz.c in Sources */ = {isa = PBXBuildFile; fileRef = EBDAECBA184D30C3005A18F1 /* sc-31-peerinfo-simplefuzz.c */; }; - EBE32B591BEEC8C900719AA8 /* syncbubble.m in Sources */ = {isa = PBXBuildFile; fileRef = EBE32B581BEEC8C900719AA8 /* syncbubble.m */; }; - EBF2D7661C1E482B006AB6FF /* secd-21-transmogrify.m in Sources */ = {isa = PBXBuildFile; fileRef = EBF2D7651C1E4823006AB6FF /* secd-21-transmogrify.m */; }; - F697632318F6CFD60090438B /* keychain_util.c in Sources */ = {isa = PBXBuildFile; fileRef = F697632118F6CC3F0090438B /* keychain_util.c */; }; - F9E0BD991AEF196E00554D49 /* secd-82-persistent-ref.c in Sources */ = {isa = PBXBuildFile; fileRef = F9E0BD981AEF196A00554D49 /* secd-82-persistent-ref.c */; }; - F9EF72F21AC0F98400A4D24A /* secd-70-engine-smash.c in Sources */ = {isa = PBXBuildFile; fileRef = F9EF72F01AC0F97C00A4D24A /* secd-70-engine-smash.c */; }; -/* End PBXBuildFile section */ - -/* Begin PBXCopyFilesBuildPhase section */ - E71049F0169E023B00DB0045 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = "include/${PRODUCT_NAME}"; - dstSubfolderSpec = 16; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - E7104A19169E216E00DB0045 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = "include/${PRODUCT_NAME}"; - dstSubfolderSpec = 16; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - E7FEFB88169E363300E18152 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = "include/${PRODUCT_NAME}"; - dstSubfolderSpec = 16; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXCopyFilesBuildPhase section */ - -/* Begin PBXFileReference section */ - 093F67A21CC1171B0033151D /* SecKeyAdaptors.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecKeyAdaptors.c; sourceTree = ""; }; - 0982E02B1D19695B0060002E /* si-44-seckey-ec.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "si-44-seckey-ec.m"; path = "../../../../shared_regressions/si-44-seckey-ec.m"; sourceTree = ""; }; - 09AE116D1CEDA17A004C617D /* si-44-seckey-ies.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "si-44-seckey-ies.m"; path = "../../../../shared_regressions/si-44-seckey-ies.m"; sourceTree = ""; }; - 09D1FC1D1CDCBA8800A82D0D /* si-44-seckey-gen.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "si-44-seckey-gen.m"; path = "../../../../shared_regressions/si-44-seckey-gen.m"; sourceTree = ""; }; - 09EC947E1CEDEA70003E5101 /* si-44-seckey-rsa.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "si-44-seckey-rsa.m"; path = "../../../../shared_regressions/si-44-seckey-rsa.m"; sourceTree = ""; }; - 0C062B1C175E784B00806CFE /* secd-30-keychain-upgrade.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-30-keychain-upgrade.c"; sourceTree = ""; }; - 0C062B1D175E784B00806CFE /* secd-31-keychain-bad.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-31-keychain-bad.c"; sourceTree = ""; }; - 0C062B1E175E784B00806CFE /* secd-31-keychain-unreadable.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-31-keychain-unreadable.c"; sourceTree = ""; }; - 0C0BDB5F175687EC00BC1A7E /* libsecdRegressions.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecdRegressions.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 0C0BDB601756882A00BC1A7E /* secd_regressions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = secd_regressions.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - 0C0BDB62175688DA00BC1A7E /* secd-01-items.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-01-items.c"; sourceTree = ""; }; - 0C3276C21CB329AB005D6DDC /* secd_77_ids_messaging.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = secd_77_ids_messaging.c; sourceTree = ""; }; - 0C60F39B1CAF0E8E00221D24 /* secd-76-idstransport.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-76-idstransport.c"; sourceTree = ""; }; - 0C664AE7175951270092D3D9 /* secd-02-upgrade-while-locked.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = "secd-02-upgrade-while-locked.c"; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.c; }; - 0C87F8301D6F838200A9EC17 /* secd-201-coders.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-201-coders.c"; sourceTree = ""; }; - 0CBF93F5177B7CFC001E5658 /* secd-03-corrupted-items.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-03-corrupted-items.c"; sourceTree = ""; }; - 0CBF93F6177B7CFC001E5658 /* secd-04-corrupted-items.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-04-corrupted-items.c"; sourceTree = ""; }; - 0CBF93FB177BA9D9001E5658 /* secd-05-corrupted-items.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "secd-05-corrupted-items.m"; sourceTree = ""; }; - 0CE7ABDE171383E30088968F /* keychain_backup.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_backup.c; sourceTree = ""; }; - 0CFDBAD81D6FC58D00826CDE /* SOSEnginePriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSEnginePriv.h; sourceTree = ""; }; - 18270C9714CF1AAD00B05E7F /* base.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = base.xcconfig; sourceTree = ""; }; - 18270C9814CF1AAD00B05E7F /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 18270C9914CF1AAD00B05E7F /* lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = lib.xcconfig; sourceTree = ""; }; - 18270C9A14CF1AAD00B05E7F /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 18270F5514CF651900B05E7F /* libsecipc_client.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecipc_client.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 186CDD0F14CA116C00AF9171 /* libSecItemShimOSX.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libSecItemShimOSX.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 18AD560614CB6E7A008233F2 /* client.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = client.c; sourceTree = ""; }; - 18AD560714CB6E7A008233F2 /* com.apple.securityd.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = com.apple.securityd.plist; sourceTree = ""; }; - 18AD560814CB6E7A008233F2 /* securityd_client.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = securityd_client.h; sourceTree = ""; }; - 18AD560D14CB6E7A008233F2 /* server.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = server.c; sourceTree = ""; }; - 18AD561514CB6EB9008233F2 /* certextensions.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = certextensions.h; sourceTree = ""; }; - 18AD561614CB6EB9008233F2 /* p12import.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = p12import.c; sourceTree = ""; }; - 18AD561714CB6EB9008233F2 /* p12import.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = p12import.h; sourceTree = ""; }; - 18AD561814CB6EB9008233F2 /* p12pbegen.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = p12pbegen.c; sourceTree = ""; }; - 18AD561914CB6EB9008233F2 /* p12pbegen.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = p12pbegen.h; sourceTree = ""; }; - 18AD561A14CB6EB9008233F2 /* pbkdf2.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = pbkdf2.c; sourceTree = ""; }; - 18AD561B14CB6EB9008233F2 /* pbkdf2.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = pbkdf2.h; sourceTree = ""; }; - 18AD561C14CB6EB9008233F2 /* SecBase.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecBase.h; sourceTree = ""; }; - 18AD561D14CB6EB9008233F2 /* SecBase64.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecBase64.c; sourceTree = ""; }; - 18AD561E14CB6EB9008233F2 /* SecBase64.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecBase64.h; sourceTree = ""; }; - 18AD561F14CB6EB9008233F2 /* SecBasePriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecBasePriv.h; sourceTree = ""; }; - 18AD562014CB6EB9008233F2 /* SecCertificate.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecCertificate.c; sourceTree = ""; }; - 18AD562114CB6EB9008233F2 /* SecCertificate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecCertificate.h; sourceTree = ""; }; - 18AD562214CB6EB9008233F2 /* SecCertificateInternal.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecCertificateInternal.h; sourceTree = ""; }; - 18AD562314CB6EB9008233F2 /* SecCertificatePath.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecCertificatePath.c; sourceTree = ""; }; - 18AD562414CB6EB9008233F2 /* SecCertificatePath.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecCertificatePath.h; sourceTree = ""; }; - 18AD562514CB6EB9008233F2 /* SecCertificatePriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecCertificatePriv.h; sourceTree = ""; }; - 18AD562614CB6EB9008233F2 /* SecCertificateRequest.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecCertificateRequest.c; sourceTree = ""; }; - 18AD562714CB6EB9008233F2 /* SecCertificateRequest.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecCertificateRequest.h; sourceTree = ""; }; - 18AD562814CB6EB9008233F2 /* SecCMS.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecCMS.c; sourceTree = ""; }; - 18AD562914CB6EB9008233F2 /* SecCMS.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecCMS.h; sourceTree = ""; }; - 18AD562A14CB6EB9008233F2 /* SecDH.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecDH.c; sourceTree = ""; }; - 18AD562B14CB6EB9008233F2 /* SecDH.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecDH.h; sourceTree = ""; }; - 18AD562C14CB6EB9008233F2 /* SecECKey.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecECKey.c; sourceTree = ""; }; - 18AD562D14CB6EB9008233F2 /* SecECKey.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecECKey.h; sourceTree = ""; }; - 18AD562E14CB6EB9008233F2 /* SecFramework.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecFramework.c; sourceTree = ""; }; - 18AD562F14CB6EB9008233F2 /* SecFramework.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecFramework.h; sourceTree = ""; }; - 18AD563014CB6EB9008233F2 /* SecFrameworkStrings.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecFrameworkStrings.h; sourceTree = ""; }; - 18AD563114CB6EB9008233F2 /* SecIdentity.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecIdentity.c; sourceTree = ""; }; - 18AD563214CB6EB9008233F2 /* SecIdentity.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecIdentity.h; sourceTree = ""; }; - 18AD563314CB6EB9008233F2 /* SecIdentityPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecIdentityPriv.h; sourceTree = ""; }; - 18AD563414CB6EB9008233F2 /* SecImportExport.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecImportExport.c; sourceTree = ""; }; - 18AD563514CB6EB9008233F2 /* SecImportExport.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecImportExport.h; sourceTree = ""; }; - 18AD563614CB6EB9008233F2 /* SecInternal.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecInternal.h; sourceTree = ""; }; - 18AD563714CB6EB9008233F2 /* SecItem.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecItem.c; sourceTree = ""; }; - 18AD563814CB6EB9008233F2 /* SecItem.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecItem.h; sourceTree = ""; }; - 18AD563914CB6EB9008233F2 /* SecItemConstants.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecItemConstants.c; sourceTree = ""; }; - 18AD563A14CB6EB9008233F2 /* SecItemInternal.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecItemInternal.h; sourceTree = ""; }; - 18AD563B14CB6EB9008233F2 /* SecItemPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecItemPriv.h; sourceTree = ""; }; - 18AD563C14CB6EB9008233F2 /* SecKey.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecKey.c; sourceTree = ""; }; - 18AD563D14CB6EB9008233F2 /* SecKey.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecKey.h; sourceTree = ""; }; - 18AD563E14CB6EB9008233F2 /* SecKeyInternal.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecKeyInternal.h; sourceTree = ""; }; - 18AD563F14CB6EB9008233F2 /* SecKeyPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecKeyPriv.h; sourceTree = ""; }; - 18AD564014CB6EB9008233F2 /* SecPBKDF.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecPBKDF.c; sourceTree = ""; }; - 18AD564114CB6EB9008233F2 /* SecPBKDF.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecPBKDF.h; sourceTree = ""; }; - 18AD564214CB6EB9008233F2 /* SecPolicy.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecPolicy.c; sourceTree = ""; }; - 18AD564314CB6EB9008233F2 /* SecPolicy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecPolicy.h; sourceTree = ""; }; - 18AD564414CB6EB9008233F2 /* SecPolicyInternal.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecPolicyInternal.h; sourceTree = ""; }; - 18AD564514CB6EB9008233F2 /* SecPolicyPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecPolicyPriv.h; sourceTree = ""; }; - 18AD564614CB6EB9008233F2 /* SecRandom.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecRandom.h; sourceTree = ""; }; - 18AD564714CB6EB9008233F2 /* SecRSAKey.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecRSAKey.c; sourceTree = ""; }; - 18AD564814CB6EB9008233F2 /* SecRSAKey.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecRSAKey.h; sourceTree = ""; }; - 18AD564914CB6EB9008233F2 /* SecRSAKeyPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecRSAKeyPriv.h; sourceTree = ""; }; - 18AD564A14CB6EB9008233F2 /* SecSCEP.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecSCEP.c; sourceTree = ""; }; - 18AD564B14CB6EB9008233F2 /* SecSCEP.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecSCEP.h; sourceTree = ""; }; - 18AD564C14CB6EB9008233F2 /* SecTrust.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecTrust.c; sourceTree = ""; }; - 18AD564D14CB6EB9008233F2 /* SecTrust.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecTrust.h; sourceTree = ""; }; - 18AD564E14CB6EB9008233F2 /* SecTrustPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecTrustPriv.h; sourceTree = ""; }; - 18AD564F14CB6EB9008233F2 /* SecTrustSettings.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecTrustSettings.c; sourceTree = ""; }; - 18AD565014CB6EB9008233F2 /* SecTrustSettings.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecTrustSettings.h; sourceTree = ""; }; - 18AD565114CB6EB9008233F2 /* SecTrustSettingsPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecTrustSettingsPriv.h; sourceTree = ""; }; - 18AD565214CB6EB9008233F2 /* SecTrustStore.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecTrustStore.c; sourceTree = ""; }; - 18AD565314CB6EB9008233F2 /* SecTrustStore.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecTrustStore.h; sourceTree = ""; }; - 18AD565414CB6EB9008233F2 /* Security.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = Security.h; sourceTree = ""; }; - 18AD565514CB6EB9008233F2 /* vmdh.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = vmdh.c; sourceTree = ""; }; - 18AD565614CB6EB9008233F2 /* vmdh.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = vmdh.h; sourceTree = ""; }; - 18AD565814CB6F79008233F2 /* SecItemServer.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecItemServer.h; sourceTree = ""; }; - 18AD565914CB6F79008233F2 /* SecOCSPCache.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecOCSPCache.c; sourceTree = ""; }; - 18AD565A14CB6F79008233F2 /* SecOCSPCache.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOCSPCache.h; sourceTree = ""; }; - 18AD565B14CB6F79008233F2 /* SecOCSPRequest.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecOCSPRequest.c; sourceTree = ""; }; - 18AD565C14CB6F79008233F2 /* SecOCSPRequest.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOCSPRequest.h; sourceTree = ""; }; - 18AD565D14CB6F79008233F2 /* SecOCSPResponse.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecOCSPResponse.c; sourceTree = ""; }; - 18AD565E14CB6F79008233F2 /* SecOCSPResponse.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOCSPResponse.h; sourceTree = ""; }; - 18AD565F14CB6F79008233F2 /* SecPolicyServer.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecPolicyServer.c; sourceTree = ""; }; - 18AD566014CB6F79008233F2 /* SecPolicyServer.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecPolicyServer.h; sourceTree = ""; }; - 18AD566114CB6F79008233F2 /* SecTrustServer.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = SecTrustServer.c; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.c; }; - 18AD566214CB6F79008233F2 /* SecTrustServer.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecTrustServer.h; sourceTree = ""; }; - 18AD566314CB6F79008233F2 /* SecTrustStoreServer.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecTrustStoreServer.c; sourceTree = ""; }; - 18AD566414CB6F79008233F2 /* SecTrustStoreServer.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecTrustStoreServer.h; sourceTree = ""; }; - 18AD566514CB6F79008233F2 /* spi.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = spi.c; sourceTree = ""; }; - 18AD566614CB6F79008233F2 /* spi.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = spi.h; sourceTree = ""; }; - 18AD567D14CB865E008233F2 /* asynchttp.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = asynchttp.c; sourceTree = ""; }; - 18AD567E14CB865E008233F2 /* asynchttp.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = asynchttp.h; sourceTree = ""; }; - 18AD567F14CB865E008233F2 /* entitlements.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = entitlements.plist; sourceTree = ""; }; - 18AD568214CB865E008233F2 /* policytree.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = policytree.c; sourceTree = ""; }; - 18AD568314CB865E008233F2 /* policytree.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = policytree.h; sourceTree = ""; }; - 18AD568414CB865E008233F2 /* SecCAIssuerCache.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecCAIssuerCache.c; sourceTree = ""; }; - 18AD568514CB865E008233F2 /* SecCAIssuerCache.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecCAIssuerCache.h; sourceTree = ""; }; - 18AD568614CB865E008233F2 /* SecCAIssuerRequest.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecCAIssuerRequest.c; sourceTree = ""; }; - 18AD568714CB865E008233F2 /* SecCAIssuerRequest.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecCAIssuerRequest.h; sourceTree = ""; }; - 18AD568814CB865E008233F2 /* SecItemServer.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = SecItemServer.c; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.c; }; - 18D4043514CE0CF300A2BE4E /* libsecurity.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 18D4056214CE53C200A2BE4E /* libsecurityd.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurityd.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 32FBBBE11B50365D00AEF9ED /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = System/Library/Frameworks/CoreFoundation.framework; sourceTree = SDKROOT; }; - 32FBBBE61B556F8900AEF9ED /* verify_cert.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = verify_cert.c; sourceTree = ""; }; - 3A70988118CDF648009FD2CC /* si_77_SecAccessControl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = si_77_SecAccessControl.c; sourceTree = ""; }; - 4406660E19069707000DA171 /* si-80-empty-data.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = "si-80-empty-data.c"; sourceTree = ""; }; - 440BF8F41A7A7EC9001760A7 /* si-82-token-ag.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-82-token-ag.c"; sourceTree = ""; }; - 442B69241BC3C5B9000F3A72 /* SecItemShim.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecItemShim.h; sourceTree = ""; }; - 4469FC2A1AA0A69E0021AA26 /* secd-33-keychain-ctk.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "secd-33-keychain-ctk.m"; sourceTree = ""; }; - 446CEEE319B6043900ECAF50 /* secd-32-restore-bad-backup.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-32-restore-bad-backup.c"; sourceTree = ""; }; - 4477A8D718F28AAE00B5BB9F /* si-78-query-attrs.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-78-query-attrs.c"; sourceTree = ""; }; - 4483050D1B46FB6C00326450 /* secd-35-keychain-migrate-inet.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-35-keychain-migrate-inet.c"; sourceTree = ""; }; - 4483050F1B46FB8700326450 /* ios8-inet-keychain-2.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ios8-inet-keychain-2.h"; sourceTree = ""; }; - 449265271AB0D6FF00644D4C /* SecCTKKey.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecCTKKey.c; sourceTree = ""; }; - 449265281AB0D6FF00644D4C /* SecCTKKeyPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCTKKeyPriv.h; sourceTree = ""; }; - 44B2606C18F82631008DF20F /* SecAccessControlExports.exp-in */ = {isa = PBXFileReference; lastKnownFileType = text; path = "SecAccessControlExports.exp-in"; sourceTree = ""; }; - 4802A59516D711060059E5B9 /* SOSUserKeygen.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSUserKeygen.c; sourceTree = ""; }; - 4802A59716D711190059E5B9 /* SOSUserKeygen.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSUserKeygen.h; sourceTree = ""; }; - 48122CC71CFF88DC009BE3E3 /* SOSAccountLog.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SOSAccountLog.c; sourceTree = ""; }; - 48122CC81CFF88DC009BE3E3 /* SOSAccountLog.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSAccountLog.h; sourceTree = ""; }; - 4812D5A51CAF07060041FAD8 /* SOSViews.exp-in */ = {isa = PBXFileReference; lastKnownFileType = text; path = "SOSViews.exp-in"; sourceTree = ""; }; - 4812D5A61CAF1FCB0041FAD8 /* ViewList.list */ = {isa = PBXFileReference; lastKnownFileType = text; path = ViewList.list; sourceTree = ""; }; - 481A954F1D1A02AA000B98F5 /* SOSCloudKeychainLogging.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSCloudKeychainLogging.c; sourceTree = ""; }; - 481A95501D1A02AA000B98F5 /* SOSCloudKeychainLogging.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSCloudKeychainLogging.h; sourceTree = ""; }; - 4826374C1CC18A410082C9C8 /* secd-57-1-account-last-standing.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-57-1-account-last-standing.c"; sourceTree = ""; }; - 48279BC31C57FEA20043457C /* keychain_log.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_log.c; sourceTree = ""; }; - 48279BC41C57FEA20043457C /* keychain_log.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychain_log.h; sourceTree = ""; }; - 4838F6BB1CB5AA5F009E8598 /* secViewDisplay.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = secViewDisplay.c; sourceTree = ""; }; - 4838F6BC1CB5AA5F009E8598 /* secViewDisplay.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = secViewDisplay.h; sourceTree = ""; }; - 484182601A30F2E300211511 /* SOSCirclePriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSCirclePriv.h; sourceTree = ""; }; - 484182621A30F38E00211511 /* SOSCircleRings.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSCircleRings.h; sourceTree = ""; }; - 484182631A30F8D300211511 /* SOSPeerInfoPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSPeerInfoPriv.h; sourceTree = ""; }; - 48487D271B1D5E960078C7C9 /* sc-25-soskeygen.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-25-soskeygen.c"; sourceTree = ""; }; - 485835871779013E0050F074 /* SOSPeerInfoInternal.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSPeerInfoInternal.h; sourceTree = ""; }; - 485B5E611AE068D800A3C183 /* secd-82-secproperties-basic.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-82-secproperties-basic.c"; sourceTree = ""; }; - 485FE6BC1CDBED5800C916C5 /* syncbackup.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = syncbackup.c; sourceTree = ""; }; - 485FE6BD1CDBED5800C916C5 /* syncbackup.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = syncbackup.h; sourceTree = ""; }; - 486C6C671795F20E00387075 /* secd-61-account-leave-not-in-kansas-anymore.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-61-account-leave-not-in-kansas-anymore.c"; sourceTree = ""; }; - 48764AE717FA2DD00005C4F1 /* SOSAccountDer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountDer.c; sourceTree = ""; }; - 48764AEA17FA31670005C4F1 /* SOSAccountPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSAccountPriv.h; sourceTree = ""; }; - 48764AEB17FA31E50005C4F1 /* SOSAccountPersistence.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountPersistence.c; sourceTree = ""; }; - 48764AEE17FA36200005C4F1 /* SOSAccountUpdate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountUpdate.c; sourceTree = ""; }; - 48764AF117FA3ACF0005C4F1 /* SOSKVSKeys.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSKVSKeys.c; sourceTree = ""; }; - 48764AF417FA3FE50005C4F1 /* SOSAccountCircles.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountCircles.c; sourceTree = ""; }; - 4878267919C0F505002CB56F /* sc-42-circlegencount.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-42-circlegencount.c"; sourceTree = ""; }; - 4882C516177521AE0095D04B /* secd-58-password-change.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-58-password-change.c"; sourceTree = ""; }; - 488902EB16C2F88400F119FF /* SOSCoder.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSCoder.c; sourceTree = ""; }; - 488902ED16C2F89700F119FF /* SOSCoder.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSCoder.h; sourceTree = ""; }; - 4898223917BDB277003BEF32 /* secd-52-account-changed.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-52-account-changed.c"; sourceTree = ""; }; - 4899F2E71C768BBE00762615 /* secToolFileIO.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = secToolFileIO.c; sourceTree = ""; }; - 4899F2E81C768BBE00762615 /* secToolFileIO.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = secToolFileIO.h; sourceTree = ""; }; - 489E6E4A1A71A87600D7EB8C /* SOSCircleDer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSCircleDer.c; sourceTree = ""; }; - 489E6E4B1A71A87600D7EB8C /* SOSCircleDer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSCircleDer.h; sourceTree = ""; }; - 489EA3C11AEAE659004A6AEB /* SOSRingBackup.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSRingBackup.c; sourceTree = ""; }; - 489EA3C21AEAE659004A6AEB /* SOSRingBackup.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSRingBackup.h; sourceTree = ""; }; - 48A071CD1AD6AEA900728AEF /* SOSPeerInfoSecurityProperties.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSPeerInfoSecurityProperties.c; sourceTree = ""; }; - 48A071CE1AD6AEA900728AEF /* SOSPeerInfoSecurityProperties.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSPeerInfoSecurityProperties.h; sourceTree = ""; }; - 48A0FEDD1B6046E2001D6180 /* secd-64-circlereset.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-64-circlereset.c"; sourceTree = ""; }; - 48B5888B1D00ED9000E0C5A7 /* secd-200-logstate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-200-logstate.c"; sourceTree = ""; }; - 48C34E911C45EF3000B7F29B /* secd60-account-cloud-exposure.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd60-account-cloud-exposure.c"; sourceTree = ""; }; - 48C7DF9217FF2DB500904F1A /* SOSAccountCredentials.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountCredentials.c; sourceTree = ""; }; - 48C7DF9517FF351A00904F1A /* SOSAccountPeers.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountPeers.c; sourceTree = ""; }; - 48C7DF9717FF360F00904F1A /* SOSAccountFullPeerInfo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountFullPeerInfo.c; sourceTree = ""; }; - 48C7DF9917FF44EF00904F1A /* SOSAccountCloudParameters.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountCloudParameters.c; sourceTree = ""; }; - 48CE733D1731C49A004C2946 /* sc-130-resignationticket.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-130-resignationticket.c"; sourceTree = ""; }; - 48E928C4179DD05500A7F755 /* secd-51-account-inflate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-51-account-inflate.c"; sourceTree = ""; }; - 48E9CDFB1C597FED00574D6B /* SOSSysdiagnose.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSSysdiagnose.c; sourceTree = ""; }; - 48F32D7D1777AFA3001B84BA /* secd-59-account-cleanup.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-59-account-cleanup.c"; sourceTree = ""; }; - 48F7DF241A6DB32900046644 /* SOSViews.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSViews.c; sourceTree = ""; }; - 48F7DF251A6DB32900046644 /* SOSViews.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSViews.h; sourceTree = ""; }; - 48FABEDB1AD05C1D00C061D1 /* SOSAccountHSAJoin.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountHSAJoin.c; sourceTree = ""; }; - 48FABEDC1AD05C1D00C061D1 /* SOSAccountHSAJoin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSAccountHSAJoin.h; sourceTree = ""; }; - 48FABEDF1AD05C7100C061D1 /* secd-62-account-hsa-join.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-62-account-hsa-join.c"; sourceTree = ""; }; - 48FABEE01AD05C7100C061D1 /* secd-90-hsa2.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-90-hsa2.c"; sourceTree = ""; }; - 48FB17001A76F56C00B586C7 /* SOSPeerInfoV2.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSPeerInfoV2.c; sourceTree = ""; }; - 48FB17011A76F56C00B586C7 /* SOSPeerInfoV2.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSPeerInfoV2.h; sourceTree = ""; }; - 48FB17041A77181A00B586C7 /* secd-80-views-basic.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-80-views-basic.c"; sourceTree = ""; }; - 48FD04F11CEFCFB900BEBBFF /* SOSAccountTransaction.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountTransaction.c; sourceTree = ""; }; - 48FD04F21CEFCFB900BEBBFF /* SOSAccountTransaction.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSAccountTransaction.h; sourceTree = ""; }; - 4A5CCA4F15ACEFA500702357 /* libSecOtrOSX.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libSecOtrOSX.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 4A824B03158FF07000F932C0 /* libSecurityRegressions.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libSecurityRegressions.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 4A971682158FDEB800D439B7 /* SecOTR.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecOTR.h; sourceTree = ""; }; - 4A971683158FDEB800D439B7 /* SecOTRDHKey.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecOTRDHKey.c; sourceTree = ""; }; - 4A971684158FDEB800D439B7 /* SecOTRDHKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecOTRDHKey.h; sourceTree = ""; }; - 4A971685158FDEB800D439B7 /* SecOTRErrors.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecOTRErrors.h; sourceTree = ""; }; - 4A971686158FDEB800D439B7 /* SecOTRFullIdentity.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecOTRFullIdentity.c; sourceTree = ""; }; - 4A971687158FDEB800D439B7 /* SecOTRIdentityPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecOTRIdentityPriv.h; sourceTree = ""; }; - 4A971688158FDEB800D439B7 /* SecOTRMath.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecOTRMath.c; sourceTree = ""; }; - 4A971689158FDEB800D439B7 /* SecOTRMath.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecOTRMath.h; sourceTree = ""; }; - 4A97168B158FDEB800D439B7 /* SecOTRPacketData.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecOTRPacketData.c; sourceTree = ""; }; - 4A97168C158FDEB800D439B7 /* SecOTRPacketData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecOTRPacketData.h; sourceTree = ""; }; - 4A97168D158FDEB800D439B7 /* SecOTRPackets.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecOTRPackets.c; sourceTree = ""; }; - 4A97168E158FDEB800D439B7 /* SecOTRPackets.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecOTRPackets.h; sourceTree = ""; }; - 4A97168F158FDEB800D439B7 /* SecOTRPublicIdentity.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecOTRPublicIdentity.c; sourceTree = ""; }; - 4A971690158FDEB800D439B7 /* SecOTRSession.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecOTRSession.c; sourceTree = ""; }; - 4A971691158FDEB800D439B7 /* SecOTRSession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecOTRSession.h; sourceTree = ""; }; - 4A971692158FDEB800D439B7 /* SecOTRSessionAKE.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecOTRSessionAKE.c; sourceTree = ""; }; - 4A971693158FDEB800D439B7 /* SecOTRSessionPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecOTRSessionPriv.h; sourceTree = ""; }; - 4A971694158FDEB800D439B7 /* SecOTRUtils.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecOTRUtils.c; sourceTree = ""; }; - 4BD2F7FF1ADCDEAA0037CD5D /* sc-140-hsa2.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = "sc-140-hsa2.c"; sourceTree = ""; }; - 4BD2F8011ADCDF790037CD5D /* SOSPlatform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSPlatform.h; sourceTree = ""; }; - 4C055FED17B60F1E001A879A /* SecDbKeychainItem.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecDbKeychainItem.c; sourceTree = ""; }; - 4C055FEE17B60F1E001A879A /* SecDbQuery.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecDbQuery.c; sourceTree = ""; }; - 4C055FEF17B60F1E001A879A /* SecItemDataSource.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecItemDataSource.c; sourceTree = ""; }; - 4C055FF017B60F1E001A879A /* SecItemDb.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecItemDb.c; sourceTree = ""; }; - 4C055FF117B60F1E001A879A /* SecItemSchema.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecItemSchema.c; sourceTree = ""; }; - 4C055FF217B60F1E001A879A /* SecKeybagSupport.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecKeybagSupport.c; sourceTree = ""; }; - 4C05608417B60F88001A879A /* SecDbKeychainItem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecDbKeychainItem.h; sourceTree = ""; }; - 4C05608517B60F88001A879A /* SecDbQuery.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecDbQuery.h; sourceTree = ""; }; - 4C05608617B60F88001A879A /* SecItemDataSource.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecItemDataSource.h; sourceTree = ""; }; - 4C05608717B60F88001A879A /* SecItemDb.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecItemDb.h; sourceTree = ""; }; - 4C05608817B60F88001A879A /* SecItemSchema.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecItemSchema.h; sourceTree = ""; }; - 4C05608917B60F88001A879A /* SecKeybagSupport.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecKeybagSupport.h; sourceTree = ""; }; - 4C2C8C3C17AB374700C24C13 /* si-12-item-stress.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-12-item-stress.c"; sourceTree = ""; }; - 4C31C3CB1A9E5CDA009098D8 /* SOSChangeTracker.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSChangeTracker.c; sourceTree = ""; }; - 4C31C3CC1A9E5CDA009098D8 /* SOSChangeTracker.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSChangeTracker.h; sourceTree = ""; }; - 4C495EDB1982125E00BC1809 /* SOSTestDevice.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTestDevice.c; sourceTree = ""; }; - 4C495EDC1982125E00BC1809 /* SOSTestDevice.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTestDevice.h; sourceTree = ""; }; - 4C495EE01982171500BC1809 /* secd-70-engine-corrupt.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-70-engine-corrupt.c"; sourceTree = ""; }; - 4C4B15931655ED9000734590 /* SecDbItem.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecDbItem.c; sourceTree = ""; }; - 4C4B15951655EDA700734590 /* SecDbItem.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecDbItem.h; sourceTree = ""; }; - 4C5EA365164C791400A136B8 /* lib-arc-only.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = "lib-arc-only.xcconfig"; sourceTree = ""; }; - 4C64F59617C6B3B1009C5AC2 /* sc-45-digestvector.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-45-digestvector.c"; sourceTree = ""; }; - 4C8BDD9A17B4FB8F00C20EA5 /* SOSDataSource.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSDataSource.h; sourceTree = ""; }; - 4C8BDD9C17B4FD2A00C20EA5 /* SOSManifest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSManifest.h; sourceTree = ""; }; - 4C8BDD9E17B4FDE100C20EA5 /* SOSManifest.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSManifest.c; sourceTree = ""; }; - 4C8BDDA017B4FE8100C20EA5 /* SOSDigestVector.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SOSDigestVector.c; sourceTree = ""; }; - 4C8BDDA117B4FE9400C20EA5 /* SOSDigestVector.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSDigestVector.h; sourceTree = ""; }; - 4C9DC91915B602760036D941 /* SOSEngine.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSEngine.h; sourceTree = ""; }; - 4C9DC91C15B602910036D941 /* SOSEngine.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSEngine.c; sourceTree = ""; }; - 4CB8A83716164B7700B52EC7 /* SOSTestDataSource.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTestDataSource.c; sourceTree = ""; }; - 4CB8A83916164B8C00B52EC7 /* SOSTestDataSource.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSTestDataSource.h; sourceTree = ""; }; - 4CBDB30B17B70206002FA799 /* SOSMessage.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSMessage.c; sourceTree = ""; }; - 4CBDB30C17B70206002FA799 /* SOSMessage.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSMessage.h; sourceTree = ""; }; - 4CC62F201B4C63FE009FEF0E /* secd-75-engine-views.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-75-engine-views.c"; sourceTree = ""; }; - 4CC929AD15A3957800C6D578 /* SOSAccount.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccount.c; sourceTree = ""; }; - 4CC929AE15A3957800C6D578 /* SOSAccount.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSAccount.h; sourceTree = ""; }; - 4CC929AF15A3957800C6D578 /* SOSCircle.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSCircle.c; sourceTree = ""; }; - 4CC929B015A3957800C6D578 /* SOSCircle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSCircle.h; sourceTree = ""; }; - 4CC929B115A3957800C6D578 /* SOSPeer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSPeer.c; sourceTree = ""; }; - 4CC929B215A3957800C6D578 /* SOSPeer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSPeer.h; sourceTree = ""; }; - 4CC92A0F15A3ABD400C6D578 /* pbkdf2-00-hmac-sha1.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "pbkdf2-00-hmac-sha1.c"; sourceTree = ""; }; - 4CC92A1015A3ABD400C6D578 /* spbkdf-00-hmac-sha1.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "spbkdf-00-hmac-sha1.c"; sourceTree = ""; }; - 4CC92A1215A3ABD400C6D578 /* otr-00-identity.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "otr-00-identity.c"; sourceTree = ""; }; - 4CC92A1315A3ABD400C6D578 /* otr-30-negotiation.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "otr-30-negotiation.c"; sourceTree = ""; }; - 4CC92A1415A3ABD400C6D578 /* otr-otrdh.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "otr-otrdh.c"; sourceTree = ""; }; - 4CC92A1515A3ABD400C6D578 /* otr-packetdata.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "otr-packetdata.c"; sourceTree = ""; }; - 4CC92A1715A3ABD400C6D578 /* si-00-find-nothing.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-00-find-nothing.c"; sourceTree = ""; }; - 4CC92A1815A3ABD400C6D578 /* si-05-add.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-05-add.c"; sourceTree = ""; }; - 4CC92A1915A3ABD400C6D578 /* si-10-find-internet.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-10-find-internet.c"; sourceTree = ""; }; - 4CC92A1A15A3ABD400C6D578 /* si-11-update-data.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-11-update-data.c"; sourceTree = ""; }; - 4CC92A1B15A3ABD400C6D578 /* si-14-dateparse.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-14-dateparse.c"; sourceTree = ""; }; - 4CC92A1C15A3ABD400C6D578 /* si-15-certificate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-15-certificate.c"; sourceTree = ""; }; - 4CC92A1D15A3ABD400C6D578 /* si-16-ec-certificate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-16-ec-certificate.c"; sourceTree = ""; }; - 4CC92A1F15A3ABD400C6D578 /* si-20-sectrust.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-20-sectrust.c"; sourceTree = ""; }; - 4CC92A2015A3ABD400C6D578 /* si-21-sectrust-asr.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-21-sectrust-asr.c"; sourceTree = ""; }; - 4CC92A2115A3ABD400C6D578 /* si-22-sectrust-iap.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-22-sectrust-iap.c"; sourceTree = ""; }; - 4CC92A2215A3ABD400C6D578 /* si-23-sectrust-ocsp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-23-sectrust-ocsp.c"; sourceTree = ""; }; - 4CC92A2415A3ABD400C6D578 /* si-24-sectrust-digicert-malaysia.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-24-sectrust-digicert-malaysia.c"; sourceTree = ""; }; - 4CC92A2515A3ABD400C6D578 /* si-24-sectrust-diginotar.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-24-sectrust-diginotar.c"; sourceTree = ""; }; - 4CC92A2615A3ABD400C6D578 /* si-24-sectrust-itms.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-24-sectrust-itms.c"; sourceTree = ""; }; - 4CC92A2815A3ABD400C6D578 /* si-24-sectrust-nist.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-24-sectrust-nist.c"; sourceTree = ""; }; - 4CC92A2A15A3ABD400C6D578 /* si-24-sectrust-passbook.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-24-sectrust-passbook.c"; sourceTree = ""; }; - 4CC92A2C15A3ABD400C6D578 /* si-26-sectrust-copyproperties.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-26-sectrust-copyproperties.c"; sourceTree = ""; }; - 4CC92A2D15A3ABD400C6D578 /* si-27-sectrust-exceptions.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-27-sectrust-exceptions.c"; sourceTree = ""; }; - 4CC92A2E15A3ABD400C6D578 /* si-28-sectrustsettings.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "si-28-sectrustsettings.m"; sourceTree = ""; }; - 4CC92A3015A3ABD400C6D578 /* si-30-keychain-upgrade.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-30-keychain-upgrade.c"; sourceTree = ""; }; - 4CC92A3115A3ABD400C6D578 /* si-31-keychain-bad.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-31-keychain-bad.c"; sourceTree = ""; }; - 4CC92A3215A3ABD400C6D578 /* si-31-keychain-unreadable.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-31-keychain-unreadable.c"; sourceTree = ""; }; - 4CC92A3415A3ABD400C6D578 /* si-33-keychain-backup.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-33-keychain-backup.c"; sourceTree = ""; }; - 4CC92A3515A3ABD400C6D578 /* si-40-seckey-custom.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-40-seckey-custom.c"; sourceTree = ""; }; - 4CC92A3615A3ABD400C6D578 /* si-40-seckey.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-40-seckey.c"; sourceTree = ""; }; - 4CC92A3715A3ABD400C6D578 /* si-41-sececkey.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-41-sececkey.c"; sourceTree = ""; }; - 4CC92A3815A3ABD400C6D578 /* si-42-identity.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-42-identity.c"; sourceTree = ""; }; - 4CC92A3915A3ABD400C6D578 /* si-43-persistent.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-43-persistent.c"; sourceTree = ""; }; - 4CC92A3A15A3ABD400C6D578 /* si-50-secrandom.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-50-secrandom.c"; sourceTree = ""; }; - 4CC92A3B15A3ABD400C6D578 /* si-60-cms.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-60-cms.c"; sourceTree = ""; }; - 4CC92A3C15A3ABD400C6D578 /* si-61-pkcs12.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-61-pkcs12.c"; sourceTree = ""; }; - 4CC92A3D15A3ABD400C6D578 /* si-62-csr.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-62-csr.c"; sourceTree = ""; }; - 4CC92A3F15A3ABD400C6D578 /* getcacert-mdes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "getcacert-mdes.h"; sourceTree = ""; }; - 4CC92A4015A3ABD400C6D578 /* getcacert-mdesqa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "getcacert-mdesqa.h"; sourceTree = ""; }; - 4CC92A4115A3ABD400C6D578 /* si-63-scep.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-63-scep.c"; sourceTree = ""; }; - 4CC92A4215A3ABD400C6D578 /* si-63-scep.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-63-scep.h"; sourceTree = ""; }; - 4CC92A4415A3ABD400C6D578 /* attached_no_data_signed_data.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = attached_no_data_signed_data.h; sourceTree = ""; }; - 4CC92A4515A3ABD400C6D578 /* attached_signed_data.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = attached_signed_data.h; sourceTree = ""; }; - 4CC92A4615A3ABD400C6D578 /* detached_content.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = detached_content.h; sourceTree = ""; }; - 4CC92A4715A3ABD400C6D578 /* detached_signed_data.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = detached_signed_data.h; sourceTree = ""; }; - 4CC92A4815A3ABD400C6D578 /* privkey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = privkey.h; sourceTree = ""; }; - 4CC92A4915A3ABD400C6D578 /* signer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = signer.h; sourceTree = ""; }; - 4CC92A4A15A3ABD400C6D578 /* si-64-ossl-cms.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-64-ossl-cms.c"; sourceTree = ""; }; - 4CC92A4B15A3ABD400C6D578 /* si-65-cms-cert-policy.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-65-cms-cert-policy.c"; sourceTree = ""; }; - 4CC92A4D15A3ABD400C6D578 /* signed-receipt.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "signed-receipt.h"; sourceTree = ""; }; - 4CC92A4E15A3ABD400C6D578 /* si-66-smime.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-66-smime.c"; sourceTree = ""; }; - 4CC92A5015A3ABD400C6D578 /* Global Trustee.cer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "Global Trustee.cer.h"; sourceTree = ""; }; - 4CC92A5115A3ABD400C6D578 /* UTN-USERFirst-Hardware.cer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "UTN-USERFirst-Hardware.cer.h"; sourceTree = ""; }; - 4CC92A5215A3ABD400C6D578 /* addons.mozilla.org.cer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = addons.mozilla.org.cer.h; sourceTree = ""; }; - 4CC92A5315A3ABD400C6D578 /* login.live.com.cer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = login.live.com.cer.h; sourceTree = ""; }; - 4CC92A5415A3ABD400C6D578 /* login.skype.com.cer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = login.skype.com.cer.h; sourceTree = ""; }; - 4CC92A5515A3ABD400C6D578 /* login.yahoo.com.1.cer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = login.yahoo.com.1.cer.h; sourceTree = ""; }; - 4CC92A5615A3ABD400C6D578 /* login.yahoo.com.2.cer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = login.yahoo.com.2.cer.h; sourceTree = ""; }; - 4CC92A5715A3ABD400C6D578 /* login.yahoo.com.cer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = login.yahoo.com.cer.h; sourceTree = ""; }; - 4CC92A5815A3ABD400C6D578 /* mail.google.com.cer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = mail.google.com.cer.h; sourceTree = ""; }; - 4CC92A5915A3ABD400C6D578 /* www.google.com.cer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = www.google.com.cer.h; sourceTree = ""; }; - 4CC92A5A15A3ABD400C6D578 /* si-67-sectrust-blacklist.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-67-sectrust-blacklist.c"; sourceTree = ""; }; - 4CC92A5C15A3ABD400C6D578 /* vmdh-40.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "vmdh-40.c"; sourceTree = ""; }; - 4CC92A5D15A3ABD400C6D578 /* vmdh-41-example.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "vmdh-41-example.c"; sourceTree = ""; }; - 4CC92A5E15A3ABD400C6D578 /* vmdh-42-example2.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "vmdh-42-example2.c"; sourceTree = ""; }; - 4CC92AAC15A3AC4600C6D578 /* sd-10-policytree.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sd-10-policytree.c"; sourceTree = ""; }; - 4CC92AAE15A3ACCE00C6D578 /* securityd_regressions.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = securityd_regressions.h; sourceTree = ""; }; - 4CC92AAF15A3ACE600C6D578 /* SOSCircle_regressions.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSCircle_regressions.h; sourceTree = ""; }; - 4CC92AB015A3AD0000C6D578 /* Security_regressions.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = Security_regressions.h; path = Regressions/Security_regressions.h; sourceTree = ""; }; - 4CC92B1415A3BC6B00C6D578 /* libsecuritydRegressions.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecuritydRegressions.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CCD1B001B1E3EA200F6DF8D /* secd-74-engine-beer-servers.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-74-engine-beer-servers.c"; sourceTree = ""; }; - 4CD1897B169F835400BC96B8 /* print_cert.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = print_cert.c; sourceTree = ""; }; - 4CD1897C169F835400BC96B8 /* print_cert.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = print_cert.h; sourceTree = ""; }; - 521C0B9815FA5C4A00604B61 /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = System/Library/Frameworks/Foundation.framework; sourceTree = SDKROOT; }; - 521C0CD515FF9B3300604B61 /* SOSRegressionUtilities.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSRegressionUtilities.c; sourceTree = ""; }; - 521C0CD815FF9B4B00604B61 /* SOSRegressionUtilities.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSRegressionUtilities.h; sourceTree = ""; }; - 521C685C1614A6E100E31C3E /* SOSCloudKeychainClient.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = SOSCloudKeychainClient.c; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.c; }; - 521C685D1614A6E100E31C3E /* SOSCloudKeychainClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = SOSCloudKeychainClient.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - 5221C4971CBEDB7C006047E7 /* secd-71-engine-save.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-71-engine-save.c"; sourceTree = ""; }; - 5221C4C11CC5667E006047E7 /* secd-71-engine-save-sample1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "secd-71-engine-save-sample1.h"; sourceTree = ""; }; - 523CBBF41B321C5C002C0884 /* secd-50-message.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-50-message.c"; sourceTree = ""; }; - 523CBBF71B3227A2002C0884 /* secd-49-manifests.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-49-manifests.c"; sourceTree = ""; }; - 526CBA5116079FB4008DF7C8 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = "../../build/Products/Debug-iphoneos/Security.framework"; sourceTree = ""; }; - 527258CF1981C00F003CFCEC /* secd-70-engine.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-70-engine.c"; sourceTree = ""; }; - 528462991AE6FCF0004C1BA2 /* SOSBackupEvent.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSBackupEvent.c; sourceTree = ""; }; - 5284629A1AE6FCF0004C1BA2 /* SOSBackupEvent.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSBackupEvent.h; sourceTree = ""; }; - 529F46F11AEC759E0002392C /* secd-34-backup-der-parse.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-34-backup-der-parse.c"; sourceTree = ""; }; - 52D0F026169CA72800F07D79 /* SecOnOSX.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecOnOSX.h; sourceTree = ""; }; - 52DD7069160CD40B0027A346 /* libutilities.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libutilities.a; path = ../../build/Release/libutilities.a; sourceTree = ""; }; - 52F8DE4A1AF2E9AE00A2C271 /* SOSTypes.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSTypes.h; sourceTree = ""; }; - 52FD82981AEA9CEF00634FD3 /* SecItemBackup.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecItemBackup.c; sourceTree = ""; }; - 52FD82991AEA9CEF00634FD3 /* SecItemBackup.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecItemBackup.h; sourceTree = ""; }; - 52FD829C1AEAC6D600634FD3 /* SecItemBackupServer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecItemBackupServer.c; sourceTree = ""; }; - 52FD829D1AEAC6D600634FD3 /* SecItemBackupServer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecItemBackupServer.h; sourceTree = ""; }; - 5356520218E3C71000C383C0 /* SecOTRRemote.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecOTRRemote.c; sourceTree = ""; }; - 5356520418E3C88D00C383C0 /* SecOTRRemote.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOTRRemote.h; sourceTree = ""; }; - 5384299318E492A300E91AFE /* secd-70-otr-remote.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-70-otr-remote.c"; sourceTree = ""; }; - 5DE4A7BC17441CCD0036339E /* si-71-mobile-store-policy.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-71-mobile-store-policy.c"; sourceTree = ""; }; - 5E0CE1641CB6347300E75776 /* secd-83-item-match-valid-on-date.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "secd-83-item-match-valid-on-date.m"; sourceTree = ""; }; - 5E0CE1661CB6348D00E75776 /* secd-83-item-match-trusted.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "secd-83-item-match-trusted.m"; sourceTree = ""; }; - 5E0CE1681CB64A1300E75776 /* secd-83-item-match.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "secd-83-item-match.h"; sourceTree = ""; }; - 5E19C6471AA5F34E005964F8 /* secd-81-item-acl-stress.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = "secd-81-item-acl-stress.c"; sourceTree = ""; }; - 5EA016361AD41AB20061BCD7 /* secd-81-item-acl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-81-item-acl.c"; sourceTree = ""; }; - 5EF2596E1CB5214B009B4C58 /* secd-83-item-match-policy.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "secd-83-item-match-policy.m"; sourceTree = ""; }; - 724D7363177A13A500FA10A1 /* AppleBaselineEscrowCertificates.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AppleBaselineEscrowCertificates.h; sourceTree = ""; }; - 7255A46B1783333D006A8B9A /* si-74-OTAPKISigner.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-74-OTAPKISigner.c"; sourceTree = ""; }; - 72B5923A17C6924000AE738B /* iCloudTrace.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = iCloudTrace.h; sourceTree = ""; }; - 72B5923C17C6939A00AE738B /* iCloudTrace.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = iCloudTrace.c; sourceTree = ""; }; - 72E2DC0616BC47C800E7B236 /* OTATrustUtilities.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = OTATrustUtilities.c; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.c; }; - 72E2DC0716BC47C800E7B236 /* OTATrustUtilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OTATrustUtilities.h; sourceTree = ""; }; - ACFD56BD19007B2D00F5F5D9 /* ios6_1_keychain_2_db.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ios6_1_keychain_2_db.h; sourceTree = ""; }; - BE061FCE1899E5BD00C739F6 /* si-76-shared-credentials.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-76-shared-credentials.c"; sourceTree = ""; }; - BE0CC6061A96B68400662E69 /* si-83-seccertificate-sighashalg.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-83-seccertificate-sighashalg.c"; sourceTree = ""; }; - BE3171921BB3559600BBB212 /* si-20-sectrust.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-20-sectrust.h"; sourceTree = ""; }; - BE4AC7DC1C938698002A28FE /* SecSignatureVerificationSupport.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecSignatureVerificationSupport.c; sourceTree = ""; }; - BE4AC7DD1C938698002A28FE /* SecSignatureVerificationSupport.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecSignatureVerificationSupport.h; sourceTree = ""; }; - BE556A5D19550E1600E6EE8C /* SecPolicyCerts.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecPolicyCerts.h; sourceTree = ""; }; - BE5C5BD01D8C90C200A97339 /* si-84-sectrust-allowlist.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "si-84-sectrust-allowlist.m"; sourceTree = ""; }; - BE62D75F1747FF3E001EAA9D /* si-72-syncableitems.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-72-syncableitems.c"; sourceTree = ""; }; - BE62D7611747FF51001EAA9D /* si-70-sectrust-unified.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-70-sectrust-unified.c"; sourceTree = ""; }; - BE642BAF188F32AD00C899A2 /* SecSharedCredential.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecSharedCredential.h; sourceTree = ""; }; - BE642BB1188F32C200C899A2 /* SecSharedCredential.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecSharedCredential.c; sourceTree = ""; }; - BE8D228E1ABB7199009A4E18 /* libSecTrustOSX.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libSecTrustOSX.a; sourceTree = BUILT_PRODUCTS_DIR; }; - BE8D22C11ABB9B6E009A4E18 /* SecTrustInternal.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecTrustInternal.h; sourceTree = ""; }; - BEF9640618B4171200813FA3 /* libSWCAgent.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libSWCAgent.a; sourceTree = BUILT_PRODUCTS_DIR; }; - BEF9640918B418A400813FA3 /* swcagent_client.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = swcagent_client.h; path = SharedWebCredential/swcagent_client.h; sourceTree = ""; }; - BEF9640A18B418A400813FA3 /* swcagent_client.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = swcagent_client.c; path = SharedWebCredential/swcagent_client.c; sourceTree = ""; }; - BEF9640B18B418A400813FA3 /* swcagent.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; lineEnding = 0; name = swcagent.m; path = SharedWebCredential/swcagent.m; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objc; }; - C62A296818996D90006C3A11 /* SecAccessControlPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecAccessControlPriv.h; sourceTree = ""; }; - C6766767189884D200E9A12C /* SecAccessControl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecAccessControl.c; sourceTree = ""; }; - C6EE78BA189821AD009B8FEB /* SecAccessControl.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecAccessControl.h; sourceTree = ""; }; - CD09B90718A08EBE00E787E1 /* SOSTransportKeyParameter.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTransportKeyParameter.c; sourceTree = ""; }; - CD09B90918A08ECD00E787E1 /* SOSTransportKeyParameter.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTransportKeyParameter.h; sourceTree = ""; }; - CD0F8AF118998685003E0C52 /* SOSKVSKeys.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSKVSKeys.h; sourceTree = ""; }; - CD0F8AF31899BF33003E0C52 /* SOSTransportMessage.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTransportMessage.c; sourceTree = ""; }; - CD0F8AF51899BF46003E0C52 /* SOSTransportCircle.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTransportCircle.c; sourceTree = ""; }; - CD0F8AF71899BF57003E0C52 /* SOSTransportMessage.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTransportMessage.h; sourceTree = ""; }; - CD0F8AF91899BF63003E0C52 /* SOSTransportCircle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTransportCircle.h; sourceTree = ""; }; - CD16F8941AE84822004AE09C /* sc-150-ring.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-150-ring.c"; sourceTree = ""; }; - CD2026B31936ABD300AB9D3C /* SOSTransportMessageIDS.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTransportMessageIDS.h; sourceTree = ""; }; - CD2026B41936ABD300AB9D3C /* SOSTransportMessageIDS.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTransportMessageIDS.c; sourceTree = ""; }; - CD32776A18F8AEFD006B5280 /* SOSPeerCoder.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSPeerCoder.c; sourceTree = ""; }; - CD32776C18F8B06E006B5280 /* SOSPeerCoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSPeerCoder.h; sourceTree = ""; }; - CD32776E18F8B2FC006B5280 /* SOSTransportKeyParameterKVS.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTransportKeyParameterKVS.c; sourceTree = ""; }; - CD32777018F8B30E006B5280 /* SOSTransportKeyParameterKVS.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTransportKeyParameterKVS.h; sourceTree = ""; }; - CD32777218F8B31E006B5280 /* SOSTransportCircleKVS.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTransportCircleKVS.c; sourceTree = ""; }; - CD32777418F8B330006B5280 /* SOSTransportCircleKVS.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTransportCircleKVS.h; sourceTree = ""; }; - CD32777618F8B39B006B5280 /* SOSTransportMessageKVS.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTransportMessageKVS.c; sourceTree = ""; }; - CD32777818F8B3B4006B5280 /* SOSTransportMessageKVS.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTransportMessageKVS.h; sourceTree = ""; }; - CD35B8291C2650FE00E0852A /* secd-154-engine-backoff.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-154-engine-backoff.c"; sourceTree = ""; }; - CD558FA8193544F800CFB3B1 /* IDSFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = IDSFoundation.framework; path = ../../../../../../../System/Library/PrivateFrameworks/IDSFoundation.framework; sourceTree = ""; }; - CD655E911AF02B9900BD1B6E /* secd-62-account-backup.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-62-account-backup.c"; sourceTree = ""; }; - CD6C9BF81A813D52002AB913 /* IDS.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = IDS.framework; path = System/Library/PrivateFrameworks/IDS.framework; sourceTree = SDKROOT; }; - CD773AC21ADDF8C700C808BA /* SOSTransportBackupPeer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTransportBackupPeer.c; sourceTree = ""; }; - CD773AC31ADDF8C700C808BA /* SOSTransportBackupPeer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTransportBackupPeer.h; sourceTree = ""; }; - CD86DE4D18BD554D00C90CDF /* SOSTransport.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTransport.c; sourceTree = ""; }; - CD8E09001A2E918900A2503A /* otr-40-edgecases.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "otr-40-edgecases.c"; sourceTree = ""; }; - CD8F442C1B83C435004C0047 /* secd-95-escrow-persistence.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-95-escrow-persistence.c"; sourceTree = ""; }; - CD9B54111CC6EC4D00CC487A /* secd-100-initialsync.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-100-initialsync.c"; sourceTree = ""; }; - CDA7729616B899F10069434D /* si-69-keydesc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-69-keydesc.c"; sourceTree = ""; }; - CDAD4E9818EC8424007D4BC2 /* SOSTransportTestTransports.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTransportTestTransports.c; sourceTree = ""; }; - CDAD4E9A18EC8447007D4BC2 /* SOSTransportTestTransports.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTransportTestTransports.h; sourceTree = ""; }; - CDB6A8B51A409BBF00646CD6 /* otr-50-roll.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "otr-50-roll.c"; sourceTree = ""; }; - CDB6A8B71A409BC600646CD6 /* otr-60-slowroll.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "otr-60-slowroll.c"; sourceTree = ""; }; - CDC0DC2B1AE83E390020BA6C /* SOSPeerInfoRingState.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSPeerInfoRingState.c; sourceTree = ""; }; - CDC0DC2C1AE83E390020BA6C /* SOSPeerInfoRingState.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSPeerInfoRingState.h; sourceTree = ""; }; - CDC0DC2D1AE83E390020BA6C /* SOSRing.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSRing.h; sourceTree = ""; }; - CDC0DC2E1AE83E390020BA6C /* SOSRingBasic.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSRingBasic.c; sourceTree = ""; }; - CDC0DC2F1AE83E390020BA6C /* SOSRingBasic.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSRingBasic.h; sourceTree = ""; }; - CDC0DC301AE83E390020BA6C /* SOSRingConcordanceTrust.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSRingConcordanceTrust.c; sourceTree = ""; }; - CDC0DC311AE83E390020BA6C /* SOSRingConcordanceTrust.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSRingConcordanceTrust.h; sourceTree = ""; }; - CDC0DC321AE83E390020BA6C /* SOSRingDER.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSRingDER.c; sourceTree = ""; }; - CDC0DC331AE83E390020BA6C /* SOSRingDER.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSRingDER.h; sourceTree = ""; }; - CDC0DC341AE83E390020BA6C /* SOSRingPeerInfoUtils.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSRingPeerInfoUtils.c; sourceTree = ""; }; - CDC0DC351AE83E390020BA6C /* SOSRingPeerInfoUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSRingPeerInfoUtils.h; sourceTree = ""; }; - CDC0DC361AE83E390020BA6C /* SOSRingTypes.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSRingTypes.c; sourceTree = ""; }; - CDC0DC371AE83E390020BA6C /* SOSRingTypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSRingTypes.h; sourceTree = ""; }; - CDC0DC381AE83E390020BA6C /* SOSRingUtils.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSRingUtils.c; sourceTree = ""; }; - CDC0DC391AE83E390020BA6C /* SOSRingUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSRingUtils.h; sourceTree = ""; }; - CDC0DC3A1AE83E390020BA6C /* SOSRingV0.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSRingV0.c; sourceTree = ""; }; - CDC0DC3B1AE83E390020BA6C /* SOSRingV0.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSRingV0.h; sourceTree = ""; }; - CDC0DC941AE842640020BA6C /* SOSAccountRings.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountRings.c; sourceTree = ""; }; - CDC0DC951AE842640020BA6C /* SOSAccountRingUpdate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountRingUpdate.c; sourceTree = ""; }; - CDC0DC961AE842640020BA6C /* SOSCircleV2.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSCircleV2.c; sourceTree = ""; }; - CDC0DC971AE842640020BA6C /* SOSCircleV2.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSCircleV2.h; sourceTree = ""; }; - CDC0DC981AE842640020BA6C /* SOSConcordanceTrust.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSConcordanceTrust.h; sourceTree = ""; }; - CDC0DC991AE842640020BA6C /* SOSGenCount.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSGenCount.c; sourceTree = ""; }; - CDC0DC9A1AE842640020BA6C /* SOSGenCount.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSGenCount.h; sourceTree = ""; }; - CDC765C01729A72800721712 /* SecPasswordGenerate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecPasswordGenerate.c; sourceTree = ""; }; - CDC765C11729A72800721712 /* SecPasswordGenerate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecPasswordGenerate.h; sourceTree = ""; }; - CDD565A1173193AC00B6B074 /* si-73-secpasswordgenerate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-73-secpasswordgenerate.c"; sourceTree = ""; }; - CDF1B82218BD7DDE006309BC /* SOSTransport.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTransport.h; sourceTree = ""; }; - CDF9BBE01B03E24D00D1AF0F /* secd-52-offering-gencount-reset.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-52-offering-gencount-reset.c"; sourceTree = ""; }; - D40771AB1C9B4C530016AA66 /* si-82-seccertificate-ct.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "si-82-seccertificate-ct.c"; path = "../../../../shared_regressions/si-82-seccertificate-ct.c"; sourceTree = ""; }; - D40771AC1C9B4C530016AA66 /* si-82-sectrust-ct.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "si-82-sectrust-ct.m"; path = "../../../../shared_regressions/si-82-sectrust-ct.m"; sourceTree = ""; }; - D40771B21C9B4CE50016AA66 /* shared_regressions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = shared_regressions.h; path = ../../shared_regressions/shared_regressions.h; sourceTree = ""; }; - D40771B81C9B4D200016AA66 /* libSharedRegressions.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libSharedRegressions.a; sourceTree = BUILT_PRODUCTS_DIR; }; - D4273AA21B5D54CA0007D67B /* nameconstraints.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = nameconstraints.c; sourceTree = ""; }; - D4273AA31B5D54CA0007D67B /* nameconstraints.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = nameconstraints.h; sourceTree = ""; }; - D43091511D84D482004097DA /* si-25-cms-skid.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "si-25-cms-skid.m"; sourceTree = ""; }; - D43091531D84D494004097DA /* si-25-cms-skid.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-25-cms-skid.h"; sourceTree = ""; }; - D44216091CCAD9C200D2D455 /* si-22-sectrust-iap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-22-sectrust-iap.h"; sourceTree = ""; }; - D44C81E71CD1944C00BE9A0D /* si-97-sectrust-path-scoring.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "si-97-sectrust-path-scoring.m"; sourceTree = ""; }; - D44C81E91CD1947200BE9A0D /* si-97-sectrust-path-scoring.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-97-sectrust-path-scoring.h"; sourceTree = ""; }; - D4653DEA1C9E2299002ED6D5 /* si-28-sectrustsettings.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-28-sectrustsettings.h"; sourceTree = ""; }; - D474EF321C8A1CBB00AA4D86 /* personalization.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = personalization.c; sourceTree = ""; }; - D474EF331C8A1CBB00AA4D86 /* personalization.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = personalization.h; sourceTree = ""; }; - D47F511B1C3B660500A7CEFE /* SecCFAllocator.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecCFAllocator.c; sourceTree = ""; }; - D47F511C1C3B660500A7CEFE /* SecCFAllocator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCFAllocator.h; sourceTree = ""; }; - D48C567C1C73E5C300E41928 /* SecPolicyLeafCallbacks.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecPolicyLeafCallbacks.c; sourceTree = ""; }; - D4A919751CA9A3DD003D2ADA /* si-95-cms-basic.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-95-cms-basic.c"; sourceTree = ""; }; - D4A919761CA9A3DD003D2ADA /* si-95-cms-basic.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-95-cms-basic.h"; sourceTree = ""; }; - D4B2E7911DAEFBB500F79E03 /* wosign_certs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wosign_certs.h; path = "si-84-sectrust-allowlist/wosign_certs.h"; sourceTree = ""; }; - D4B2E7921DAEFBB500F79E03 /* date_testing_certs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = date_testing_certs.h; path = "si-84-sectrust-allowlist/date_testing_certs.h"; sourceTree = ""; }; - D4B2E7931DAEFBB500F79E03 /* cnnic_certs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cnnic_certs.h; path = "si-84-sectrust-allowlist/cnnic_certs.h"; sourceTree = ""; }; - D4B4A9A61B8801960097B393 /* si-85-sectrust-ssl-policy.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-85-sectrust-ssl-policy.c"; sourceTree = ""; }; - D4C6E1681B9A0AE800E42591 /* si-85-sectrust-ssl-policy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-85-sectrust-ssl-policy.h"; sourceTree = ""; }; - D4CBC1461BE9A89E00C5795E /* si-89-cms-hash-agility.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-89-cms-hash-agility.c"; sourceTree = ""; }; - D4CBC1471BE9A89E00C5795E /* si-89-cms-hash-agility.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-89-cms-hash-agility.h"; sourceTree = ""; }; - D4DFC9481B9958D00040945C /* si-87-sectrust-name-constraints.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-87-sectrust-name-constraints.c"; sourceTree = ""; }; - D4DFC9491B9958D00040945C /* si-87-sectrust-name-constraints.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-87-sectrust-name-constraints.h"; sourceTree = ""; }; - D4EC94D31CEA47D70083E753 /* si-20-sectrust-policies.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "si-20-sectrust-policies.m"; path = "../../../../shared_regressions/si-20-sectrust-policies.m"; sourceTree = ""; }; - E702E75614E1F3EA00CDE635 /* libSecureObjectSync.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libSecureObjectSync.a; sourceTree = BUILT_PRODUCTS_DIR; }; - E702E77814E1F48800CDE635 /* libSOSRegressions.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libSOSRegressions.a; sourceTree = BUILT_PRODUCTS_DIR; }; - E703811114E1FEE4007CB458 /* SOSCloudCircle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSCloudCircle.h; sourceTree = ""; }; - E71049F2169E023B00DB0045 /* libSecurityTool.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libSecurityTool.a; sourceTree = BUILT_PRODUCTS_DIR; }; - E71049FE169E036E00DB0045 /* security.1 */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.man; path = security.1; sourceTree = ""; }; - E71049FF169E036E00DB0045 /* SecurityTool.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecurityTool.c; sourceTree = ""; }; - E7104A00169E036E00DB0045 /* SecurityTool.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecurityTool.h; sourceTree = ""; }; - E7104A0D169E1C1600DB0045 /* tool_errors.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tool_errors.h; sourceTree = ""; }; - E7104A1D169E216E00DB0045 /* libSecurityCommands.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libSecurityCommands.a; sourceTree = BUILT_PRODUCTS_DIR; }; - E71BAE7E1ACE1AB900DF0C29 /* sc-153-backupslicekeybag.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-153-backupslicekeybag.c"; sourceTree = ""; }; - E71BAE801ACE1C6500DF0C29 /* SOSBackupSliceKeyBag.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSBackupSliceKeyBag.c; sourceTree = ""; }; - E71BAE811ACE1C6500DF0C29 /* SOSBackupSliceKeyBag.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSBackupSliceKeyBag.h; sourceTree = ""; }; - E7217B1715F80E0F00D26031 /* SOSCloudCircle.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = SOSCloudCircle.c; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.c; }; - E7217B2515F8131A00D26031 /* SOSCloudKeychainConstants.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = SOSCloudKeychainConstants.c; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.c; }; - E7217B2615F8131A00D26031 /* SOSCloudKeychainConstants.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSCloudKeychainConstants.h; sourceTree = ""; }; - E731829F1B1FC9CD00FC334C /* secd-63-account-resurrection.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-63-account-resurrection.c"; sourceTree = ""; }; - E739A9DA1D3078D9003C088A /* NSFileHandle+Formatting.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSFileHandle+Formatting.m"; sourceTree = ""; }; - E739A9DC1D318FA4003C088A /* secd-130-other-peer-views.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-130-other-peer-views.c"; sourceTree = ""; }; - E748744415A61AF800624935 /* si-68-secmatchissuer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-68-secmatchissuer.c"; sourceTree = ""; }; - E75320EB1D0B83FC00DAB140 /* SOSAccountViewSync.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountViewSync.c; sourceTree = ""; }; - E757D42219254B3200AF22D9 /* SecECKeyPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecECKeyPriv.h; sourceTree = ""; }; - E75AB9191AE9958300C5EF3F /* secd-40-cc-gestalt.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-40-cc-gestalt.c"; sourceTree = ""; }; - E76079D21951FD2800F69731 /* liblogging.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = liblogging.a; sourceTree = BUILT_PRODUCTS_DIR; }; - E763D6221624E2670038477D /* sc-20-keynames.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-20-keynames.c"; sourceTree = ""; }; - E777C6B015B4DDF2004044A8 /* sc-40-circle.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-40-circle.c"; sourceTree = ""; }; - E777C71B15B73F59004044A8 /* SOSInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSInternal.h; sourceTree = ""; }; - E777C71D15B73F9E004044A8 /* SOSInternal.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSInternal.c; sourceTree = ""; }; - E777C72415B87528004044A8 /* SOSPeerInfo.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSPeerInfo.h; sourceTree = ""; }; - E777C72515B87544004044A8 /* SOSPeerInfo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSPeerInfo.c; sourceTree = ""; }; - E777C72815B9C9F0004044A8 /* sc-30-peerinfo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-30-peerinfo.c"; sourceTree = ""; }; - E7850ECE1BB30E6E002A54CA /* secd-65-account-retirement-reset.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-65-account-retirement-reset.c"; sourceTree = ""; }; - E78DCD671D306C9000DE7A88 /* NSFileHandle+Formatting.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSFileHandle+Formatting.h"; sourceTree = ""; }; - E790C0F4169E3D7200E0C0C9 /* keychain_sync.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = keychain_sync.h; sourceTree = ""; }; - E790C108169E4E7900E0C0C9 /* builtin_commands.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = builtin_commands.h; sourceTree = ""; }; - E790C109169E4FD200E0C0C9 /* digest_calc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = digest_calc.c; sourceTree = ""; }; - E790C10E169E53DF00E0C0C9 /* leaks.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = leaks.c; sourceTree = ""; }; - E790C10F169E53DF00E0C0C9 /* leaks.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = leaks.h; sourceTree = ""; }; - E790C136169E5C6200E0C0C9 /* add_internet_password.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = add_internet_password.c; sourceTree = ""; }; - E790C137169E5C6200E0C0C9 /* codesign.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = codesign.c; sourceTree = ""; }; - E790C138169E5C6200E0C0C9 /* keychain_add.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_add.c; sourceTree = ""; }; - E790C139169E5C6200E0C0C9 /* keychain_find.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_find.c; sourceTree = ""; }; - E790C13A169E5C6200E0C0C9 /* pkcs12_util.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = pkcs12_util.c; sourceTree = ""; }; - E790C13D169E5C6200E0C0C9 /* scep.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = scep.c; sourceTree = ""; }; - E790C13E169E5C6200E0C0C9 /* SecurityCommands.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecurityCommands.h; sourceTree = ""; }; - E790C13F169E5C6200E0C0C9 /* show_certificates.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = show_certificates.c; sourceTree = ""; }; - E790C140169E5C6200E0C0C9 /* spc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = spc.c; sourceTree = ""; }; - E79277E1163B110A0096F3E2 /* SOSFullPeerInfo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSFullPeerInfo.c; sourceTree = ""; }; - E79277E2163B110A0096F3E2 /* SOSFullPeerInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSFullPeerInfo.h; sourceTree = ""; }; - E795C93E19100F5000FA068C /* log_control.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = log_control.c; sourceTree = ""; }; - E795C94119116EA200FA068C /* SecLogging.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecLogging.c; sourceTree = ""; }; - E795C94319116ECA00FA068C /* SecLogging.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecLogging.h; sourceTree = ""; }; - E795C9461911A39800FA068C /* SecLogSettingsServer.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecLogSettingsServer.h; sourceTree = ""; }; - E795C9471911A41200FA068C /* SecLogSettingsServer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecLogSettingsServer.c; sourceTree = ""; }; - E795C9521913112F00FA068C /* SecServerEncryptionSupport.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecServerEncryptionSupport.h; sourceTree = ""; }; - E795C9531913F88D00FA068C /* SecServerEncryptionSupport.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecServerEncryptionSupport.c; sourceTree = ""; }; - E79D62B9176798BF005A9743 /* secd-50-account.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; name = "secd-50-account.c"; path = "securityd/Regressions/secd-50-account.c"; sourceTree = SOURCE_ROOT; }; - E79D62BE1767A547005A9743 /* SecdTestKeychainUtilities.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecdTestKeychainUtilities.c; sourceTree = ""; }; - E79D62BF1767A55F005A9743 /* SecdTestKeychainUtilities.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecdTestKeychainUtilities.h; sourceTree = ""; }; - E7A10FAA1771245D00C4602F /* SOSAccountTesting.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSAccountTesting.h; sourceTree = ""; }; - E7A10FAB1771246A00C4602F /* secd-55-account-circle.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-55-account-circle.c"; sourceTree = ""; }; - E7A10FAD1771249C00C4602F /* secd-57-account-leave.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-57-account-leave.c"; sourceTree = ""; }; - E7A634E217FA471500920B67 /* SOSPeerInfoCollections.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSPeerInfoCollections.c; sourceTree = ""; }; - E7A634E417FA472700920B67 /* SOSPeerInfoCollections.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSPeerInfoCollections.h; sourceTree = ""; }; - E7ACD2F91D30204E0038050D /* keychain_sync_test.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = keychain_sync_test.m; sourceTree = ""; }; - E7ACD2FA1D30204E0038050D /* keychain_sync_test.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychain_sync_test.h; sourceTree = ""; }; - E7B00701170B58BD00B27966 /* SecExports.exp-in */ = {isa = PBXFileReference; lastKnownFileType = text; path = "SecExports.exp-in"; sourceTree = ""; }; - E7B00702170B5FE100B27966 /* SOSExports.exp-in */ = {isa = PBXFileReference; lastKnownFileType = text; lineEnding = 0; path = "SOSExports.exp-in"; sourceTree = ""; }; - E7B01B5A16532507000485F1 /* SOSCloudCircleInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = SOSCloudCircleInternal.h; sourceTree = ""; }; - E7B01B661655CC99000485F1 /* SOSCloudCircleServer.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSCloudCircleServer.h; sourceTree = ""; }; - E7B01B671655CCA6000485F1 /* SOSCloudCircleServer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = SOSCloudCircleServer.c; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.c; }; - E7B01B8816572579000485F1 /* SecuritydXPC.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecuritydXPC.c; sourceTree = ""; }; - E7B01B8A1657259F000485F1 /* SecuritydXPC.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecuritydXPC.h; sourceTree = ""; }; - E7C4F53F1AD4445C000B5862 /* SOSECWrapUnwrap.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSECWrapUnwrap.c; sourceTree = ""; }; - E7C4F5431AD482E1000B5862 /* sc-150-backupkeyderivation.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-150-backupkeyderivation.c"; sourceTree = ""; }; - E7C4F5451AD75EBE000B5862 /* SOSAccountBackup.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountBackup.c; sourceTree = ""; }; - E7DBB6061AEAAF1200488C1F /* SOSARCDefines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSARCDefines.h; sourceTree = ""; }; - E7DBB6081AEAAF3700488C1F /* SOSPeerInfoDER.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSPeerInfoDER.c; sourceTree = ""; }; - E7DBB6091AEAAF3700488C1F /* SOSPeerInfoDER.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSPeerInfoDER.h; sourceTree = ""; }; - E7EBD75619145D6400D0F062 /* so_01_serverencryption.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = so_01_serverencryption.c; sourceTree = ""; }; - E7EF51911C24C6E3002D0C23 /* si-17-item-system-bluetooth.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "si-17-item-system-bluetooth.m"; sourceTree = ""; }; - E7F0D3E9177BBE35001ACBC1 /* secd-55-account-incompatibility.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-55-account-incompatibility.c"; sourceTree = ""; }; - E7F18554177A44E000177B23 /* secd-60-account-cloud-identity.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-60-account-cloud-identity.c"; sourceTree = ""; }; - E7F18556177A502900177B23 /* secd-56-account-apply.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-56-account-apply.c"; sourceTree = ""; }; - E7FEFB8C169E363300E18152 /* libSOSCommands.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libSOSCommands.a; sourceTree = BUILT_PRODUCTS_DIR; }; - E7FEFB90169E36D800E18152 /* keychain_sync.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = keychain_sync.c; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.c; }; - EB3409AE1C1D5BB300D77661 /* secd-20-keychain_upgrade.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "secd-20-keychain_upgrade.m"; sourceTree = ""; }; - EB36F0401D9041F40094C601 /* secd-36-ks-encrypt.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "secd-36-ks-encrypt.m"; sourceTree = ""; }; - EB6432BC1C510A6E00B671F2 /* SecDigest.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecDigest.c; sourceTree = ""; }; - EB69AB031BF3C42F00913AF1 /* SecEMCS.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SecEMCS.m; sourceTree = ""; }; - EB69AB051BF425F300913AF1 /* si-90-emcs.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "si-90-emcs.m"; sourceTree = ""; }; - EB69AB081BF4335100913AF1 /* SecEMCSPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecEMCSPriv.h; sourceTree = ""; }; - EB973200189C56310063DFED /* Cocoa.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Cocoa.framework; path = System/Library/Frameworks/Cocoa.framework; sourceTree = SDKROOT; }; - EB973204189C56310063DFED /* CoreData.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreData.framework; path = System/Library/Frameworks/CoreData.framework; sourceTree = SDKROOT; }; - EB973205189C56310063DFED /* AppKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AppKit.framework; path = System/Library/Frameworks/AppKit.framework; sourceTree = SDKROOT; }; - EB973215189C56310063DFED /* XCTest.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = XCTest.framework; path = Library/Frameworks/XCTest.framework; sourceTree = DEVELOPER_DIR; }; - EB97322D189C56DB0063DFED /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = ../../../../../../../System/Library/Frameworks/CoreFoundation.framework; sourceTree = ""; }; - EB9C1D091BDDBDD500F89272 /* si-13-item-system.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "si-13-item-system.m"; sourceTree = ""; }; - EBC1B8B61BE96B3200E6ACA6 /* whoami.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = whoami.m; sourceTree = ""; }; - EBD3447F1D234E26008B6DEA /* si-15-delete-access-group.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "si-15-delete-access-group.m"; sourceTree = ""; }; - EBDAECBA184D30C3005A18F1 /* sc-31-peerinfo-simplefuzz.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-31-peerinfo-simplefuzz.c"; sourceTree = ""; }; - EBE32B581BEEC8C900719AA8 /* syncbubble.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = syncbubble.m; sourceTree = ""; }; - EBE32B9B1BF00DA500719AA8 /* entitlements.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = entitlements.plist; sourceTree = ""; }; - EBF2D7651C1E4823006AB6FF /* secd-21-transmogrify.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "secd-21-transmogrify.m"; sourceTree = ""; }; - F697632118F6CC3F0090438B /* keychain_util.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = keychain_util.c; sourceTree = ""; }; - F697632218F6CC3F0090438B /* keychain_util.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = keychain_util.h; sourceTree = ""; }; - F9E0BD981AEF196A00554D49 /* secd-82-persistent-ref.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = "secd-82-persistent-ref.c"; sourceTree = ""; }; - F9EF72F01AC0F97C00A4D24A /* secd-70-engine-smash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-70-engine-smash.c"; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 0C0BDB59175687EC00BC1A7E /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - CDA0CB55194B95C400EF624D /* IDSFoundation.framework in Frameworks */, - 43C3B16B1AFD58BE00786702 /* IDS.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 18270F5214CF651900B05E7F /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 186CDD0C14CA116C00AF9171 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 18D4043214CE0CF300A2BE4E /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 18D4055F14CE53C200A2BE4E /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4A5CCA4C15ACEFA500702357 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4A824AFE158FF07000F932C0 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CC92AFA15A3BC6B00C6D578 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 43C3B16A1AFD58AC00786702 /* IDS.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - BE8D22881ABB7199009A4E18 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - BEF9640118B4171200813FA3 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - D40771B51C9B4D200016AA66 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - E702E74F14E1F3EA00CDE635 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - E702E77114E1F48800CDE635 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 43C3B1691AFD58AB00786702 /* IDS.framework in Frameworks */, - CDDEF81A19465E2E0069763C /* IDSFoundation.framework in Frameworks */, - 4AD6F6F21651C86200DB4CE6 /* libSecureObjectSync.a in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - E71049EF169E023B00DB0045 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - E71049F3169E023B00DB0045 /* Foundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - E7104A17169E216E00DB0045 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - E7104A18169E216E00DB0045 /* Foundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - E76079C21951FD2800F69731 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - E7FEFB86169E363300E18152 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - E7FEFB87169E363300E18152 /* Foundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 18270C9614CF1AAD00B05E7F /* config */ = { - isa = PBXGroup; - children = ( - 18270C9714CF1AAD00B05E7F /* base.xcconfig */, - 18270C9814CF1AAD00B05E7F /* debug.xcconfig */, - 4C5EA365164C791400A136B8 /* lib-arc-only.xcconfig */, - 18270C9914CF1AAD00B05E7F /* lib.xcconfig */, - 18270C9A14CF1AAD00B05E7F /* release.xcconfig */, - ); - path = config; - sourceTree = ""; - }; - 186CDD0414CA116C00AF9171 = { - isa = PBXGroup; - children = ( - 18270C9614CF1AAD00B05E7F /* config */, - 18AD565714CB6ECD008233F2 /* securityd */, - 186CDD1F14CA126D00AF9171 /* ipc */, - E7AC69CE14E1F78400CB09C1 /* SOSCircle */, - 186CDD3014CA159600AF9171 /* Security */, - E71049F4169E023B00DB0045 /* SecurityTool */, - BEF9640718B417EB00813FA3 /* SharedWebCredentialAgent */, - 521C0B9715FA5C4900604B61 /* Frameworks */, - 186CDD1014CA116C00AF9171 /* Products */, - ); - sourceTree = ""; - }; - 186CDD1014CA116C00AF9171 /* Products */ = { - isa = PBXGroup; - children = ( - 186CDD0F14CA116C00AF9171 /* libSecItemShimOSX.a */, - 18D4043514CE0CF300A2BE4E /* libsecurity.a */, - 18D4056214CE53C200A2BE4E /* libsecurityd.a */, - 18270F5514CF651900B05E7F /* libsecipc_client.a */, - E702E75614E1F3EA00CDE635 /* libSecureObjectSync.a */, - E702E77814E1F48800CDE635 /* libSOSRegressions.a */, - 4A824B03158FF07000F932C0 /* libSecurityRegressions.a */, - 4CC92B1415A3BC6B00C6D578 /* libsecuritydRegressions.a */, - 4A5CCA4F15ACEFA500702357 /* libSecOtrOSX.a */, - E71049F2169E023B00DB0045 /* libSecurityTool.a */, - E7104A1D169E216E00DB0045 /* libSecurityCommands.a */, - E7FEFB8C169E363300E18152 /* libSOSCommands.a */, - 0C0BDB5F175687EC00BC1A7E /* libsecdRegressions.a */, - BEF9640618B4171200813FA3 /* libSWCAgent.a */, - E76079D21951FD2800F69731 /* liblogging.a */, - BE8D228E1ABB7199009A4E18 /* libSecTrustOSX.a */, - D40771B81C9B4D200016AA66 /* libSharedRegressions.a */, - ); - name = Products; - sourceTree = ""; - }; - 186CDD1F14CA126D00AF9171 /* ipc */ = { - isa = PBXGroup; - children = ( - 18AD560614CB6E7A008233F2 /* client.c */, - 18AD560714CB6E7A008233F2 /* com.apple.securityd.plist */, - 18AD560814CB6E7A008233F2 /* securityd_client.h */, - 18AD560D14CB6E7A008233F2 /* server.c */, - ); - path = ipc; - sourceTree = ""; - }; - 186CDD3014CA159600AF9171 /* Security */ = { - isa = PBXGroup; - children = ( - 4A824AFA158FF05900F932C0 /* Regressions */, - E7104A0F169E1F0800DB0045 /* Tool */, - 724D7363177A13A500FA10A1 /* AppleBaselineEscrowCertificates.h */, - 18AD561514CB6EB9008233F2 /* certextensions.h */, - 18AD561614CB6EB9008233F2 /* p12import.c */, - 18AD561714CB6EB9008233F2 /* p12import.h */, - 18AD561814CB6EB9008233F2 /* p12pbegen.c */, - 18AD561914CB6EB9008233F2 /* p12pbegen.h */, - 18AD561A14CB6EB9008233F2 /* pbkdf2.c */, - 18AD561B14CB6EB9008233F2 /* pbkdf2.h */, - C6766767189884D200E9A12C /* SecAccessControl.c */, - C6EE78BA189821AD009B8FEB /* SecAccessControl.h */, - 44B2606C18F82631008DF20F /* SecAccessControlExports.exp-in */, - C62A296818996D90006C3A11 /* SecAccessControlPriv.h */, - 18AD561C14CB6EB9008233F2 /* SecBase.h */, - 18AD561D14CB6EB9008233F2 /* SecBase64.c */, - 18AD561E14CB6EB9008233F2 /* SecBase64.h */, - 18AD561F14CB6EB9008233F2 /* SecBasePriv.h */, - 18AD562014CB6EB9008233F2 /* SecCertificate.c */, - 18AD562114CB6EB9008233F2 /* SecCertificate.h */, - 18AD562214CB6EB9008233F2 /* SecCertificateInternal.h */, - 18AD562314CB6EB9008233F2 /* SecCertificatePath.c */, - 18AD562414CB6EB9008233F2 /* SecCertificatePath.h */, - 18AD562514CB6EB9008233F2 /* SecCertificatePriv.h */, - 18AD562614CB6EB9008233F2 /* SecCertificateRequest.c */, - 18AD562714CB6EB9008233F2 /* SecCertificateRequest.h */, - D47F511B1C3B660500A7CEFE /* SecCFAllocator.c */, - D47F511C1C3B660500A7CEFE /* SecCFAllocator.h */, - 18AD562814CB6EB9008233F2 /* SecCMS.c */, - 18AD562914CB6EB9008233F2 /* SecCMS.h */, - 449265271AB0D6FF00644D4C /* SecCTKKey.c */, - 449265281AB0D6FF00644D4C /* SecCTKKeyPriv.h */, - 18AD562A14CB6EB9008233F2 /* SecDH.c */, - 18AD562B14CB6EB9008233F2 /* SecDH.h */, - EB6432BC1C510A6E00B671F2 /* SecDigest.c */, - 18AD562C14CB6EB9008233F2 /* SecECKey.c */, - 18AD562D14CB6EB9008233F2 /* SecECKey.h */, - E757D42219254B3200AF22D9 /* SecECKeyPriv.h */, - EB69AB031BF3C42F00913AF1 /* SecEMCS.m */, - EB69AB081BF4335100913AF1 /* SecEMCSPriv.h */, - E7B00701170B58BD00B27966 /* SecExports.exp-in */, - 18AD562E14CB6EB9008233F2 /* SecFramework.c */, - 18AD562F14CB6EB9008233F2 /* SecFramework.h */, - 18AD563014CB6EB9008233F2 /* SecFrameworkStrings.h */, - 18AD563114CB6EB9008233F2 /* SecIdentity.c */, - 18AD563214CB6EB9008233F2 /* SecIdentity.h */, - 18AD563314CB6EB9008233F2 /* SecIdentityPriv.h */, - 18AD563414CB6EB9008233F2 /* SecImportExport.c */, - 18AD563514CB6EB9008233F2 /* SecImportExport.h */, - 18AD563614CB6EB9008233F2 /* SecInternal.h */, - 18AD563714CB6EB9008233F2 /* SecItem.c */, - 18AD563814CB6EB9008233F2 /* SecItem.h */, - 52FD82981AEA9CEF00634FD3 /* SecItemBackup.c */, - 52FD82991AEA9CEF00634FD3 /* SecItemBackup.h */, - 18AD563914CB6EB9008233F2 /* SecItemConstants.c */, - 18AD563A14CB6EB9008233F2 /* SecItemInternal.h */, - 18AD563B14CB6EB9008233F2 /* SecItemPriv.h */, - 442B69241BC3C5B9000F3A72 /* SecItemShim.h */, - 18AD563C14CB6EB9008233F2 /* SecKey.c */, - 18AD563D14CB6EB9008233F2 /* SecKey.h */, - 093F67A21CC1171B0033151D /* SecKeyAdaptors.c */, - 18AD563E14CB6EB9008233F2 /* SecKeyInternal.h */, - 18AD563F14CB6EB9008233F2 /* SecKeyPriv.h */, - E795C94119116EA200FA068C /* SecLogging.c */, - E795C94319116ECA00FA068C /* SecLogging.h */, - 52D0F026169CA72800F07D79 /* SecOnOSX.h */, - 4A971682158FDEB800D439B7 /* SecOTR.h */, - 4A971683158FDEB800D439B7 /* SecOTRDHKey.c */, - 4A971684158FDEB800D439B7 /* SecOTRDHKey.h */, - 4A971685158FDEB800D439B7 /* SecOTRErrors.h */, - 4A971686158FDEB800D439B7 /* SecOTRFullIdentity.c */, - 4A971687158FDEB800D439B7 /* SecOTRIdentityPriv.h */, - 4A971688158FDEB800D439B7 /* SecOTRMath.c */, - 4A971689158FDEB800D439B7 /* SecOTRMath.h */, - 4A97168B158FDEB800D439B7 /* SecOTRPacketData.c */, - 4A97168C158FDEB800D439B7 /* SecOTRPacketData.h */, - 4A97168D158FDEB800D439B7 /* SecOTRPackets.c */, - 4A97168E158FDEB800D439B7 /* SecOTRPackets.h */, - 4A97168F158FDEB800D439B7 /* SecOTRPublicIdentity.c */, - 4A971690158FDEB800D439B7 /* SecOTRSession.c */, - 4A971691158FDEB800D439B7 /* SecOTRSession.h */, - 4A971692158FDEB800D439B7 /* SecOTRSessionAKE.c */, - 4A971693158FDEB800D439B7 /* SecOTRSessionPriv.h */, - 4A971694158FDEB800D439B7 /* SecOTRUtils.c */, - CDC765C01729A72800721712 /* SecPasswordGenerate.c */, - CDC765C11729A72800721712 /* SecPasswordGenerate.h */, - 18AD564014CB6EB9008233F2 /* SecPBKDF.c */, - 18AD564114CB6EB9008233F2 /* SecPBKDF.h */, - 18AD564214CB6EB9008233F2 /* SecPolicy.c */, - D48C567C1C73E5C300E41928 /* SecPolicyLeafCallbacks.c */, - 18AD564314CB6EB9008233F2 /* SecPolicy.h */, - BE556A5D19550E1600E6EE8C /* SecPolicyCerts.h */, - 18AD564414CB6EB9008233F2 /* SecPolicyInternal.h */, - 18AD564514CB6EB9008233F2 /* SecPolicyPriv.h */, - 18AD564614CB6EB9008233F2 /* SecRandom.h */, - 18AD564714CB6EB9008233F2 /* SecRSAKey.c */, - 18AD564814CB6EB9008233F2 /* SecRSAKey.h */, - 18AD564914CB6EB9008233F2 /* SecRSAKeyPriv.h */, - 18AD564A14CB6EB9008233F2 /* SecSCEP.c */, - 18AD564B14CB6EB9008233F2 /* SecSCEP.h */, - E795C9531913F88D00FA068C /* SecServerEncryptionSupport.c */, - E795C9521913112F00FA068C /* SecServerEncryptionSupport.h */, - BE642BB1188F32C200C899A2 /* SecSharedCredential.c */, - BE642BAF188F32AD00C899A2 /* SecSharedCredential.h */, - BE4AC7DC1C938698002A28FE /* SecSignatureVerificationSupport.c */, - BE4AC7DD1C938698002A28FE /* SecSignatureVerificationSupport.h */, - 18AD564C14CB6EB9008233F2 /* SecTrust.c */, - 18AD564D14CB6EB9008233F2 /* SecTrust.h */, - BE8D22C11ABB9B6E009A4E18 /* SecTrustInternal.h */, - 18AD564E14CB6EB9008233F2 /* SecTrustPriv.h */, - 18AD564F14CB6EB9008233F2 /* SecTrustSettings.c */, - 18AD565014CB6EB9008233F2 /* SecTrustSettings.h */, - 18AD565114CB6EB9008233F2 /* SecTrustSettingsPriv.h */, - 18AD565214CB6EB9008233F2 /* SecTrustStore.c */, - 18AD565314CB6EB9008233F2 /* SecTrustStore.h */, - 18AD565414CB6EB9008233F2 /* Security.h */, - E7B01B8816572579000485F1 /* SecuritydXPC.c */, - E7B01B8A1657259F000485F1 /* SecuritydXPC.h */, - 18AD565514CB6EB9008233F2 /* vmdh.c */, - 18AD565614CB6EB9008233F2 /* vmdh.h */, - ); - path = Security; - sourceTree = ""; - }; - 18AD565714CB6ECD008233F2 /* securityd */ = { - isa = PBXGroup; - children = ( - 4CC92AAB15A3AC4600C6D578 /* Regressions */, - 18AD567D14CB865E008233F2 /* asynchttp.c */, - 18AD567E14CB865E008233F2 /* asynchttp.h */, - 18AD567F14CB865E008233F2 /* entitlements.plist */, - 72E2DC0616BC47C800E7B236 /* OTATrustUtilities.c */, - 72E2DC0716BC47C800E7B236 /* OTATrustUtilities.h */, - 18AD568214CB865E008233F2 /* policytree.c */, - 18AD568314CB865E008233F2 /* policytree.h */, - D4273AA21B5D54CA0007D67B /* nameconstraints.c */, - D4273AA31B5D54CA0007D67B /* nameconstraints.h */, - D474EF321C8A1CBB00AA4D86 /* personalization.c */, - D474EF331C8A1CBB00AA4D86 /* personalization.h */, - 18AD568414CB865E008233F2 /* SecCAIssuerCache.c */, - 18AD568514CB865E008233F2 /* SecCAIssuerCache.h */, - 18AD568614CB865E008233F2 /* SecCAIssuerRequest.c */, - 18AD568714CB865E008233F2 /* SecCAIssuerRequest.h */, - 4C4B15931655ED9000734590 /* SecDbItem.c */, - 4C4B15951655EDA700734590 /* SecDbItem.h */, - 4C055FED17B60F1E001A879A /* SecDbKeychainItem.c */, - 4C05608417B60F88001A879A /* SecDbKeychainItem.h */, - 4C055FEE17B60F1E001A879A /* SecDbQuery.c */, - 4C05608517B60F88001A879A /* SecDbQuery.h */, - 4C055FEF17B60F1E001A879A /* SecItemDataSource.c */, - 4C05608617B60F88001A879A /* SecItemDataSource.h */, - 4C055FF017B60F1E001A879A /* SecItemDb.c */, - 4C05608717B60F88001A879A /* SecItemDb.h */, - 4C055FF117B60F1E001A879A /* SecItemSchema.c */, - 4C05608817B60F88001A879A /* SecItemSchema.h */, - 18AD568814CB865E008233F2 /* SecItemServer.c */, - 18AD565814CB6F79008233F2 /* SecItemServer.h */, - 52FD829C1AEAC6D600634FD3 /* SecItemBackupServer.c */, - 52FD829D1AEAC6D600634FD3 /* SecItemBackupServer.h */, - 4C055FF217B60F1E001A879A /* SecKeybagSupport.c */, - 4C05608917B60F88001A879A /* SecKeybagSupport.h */, - 18AD565914CB6F79008233F2 /* SecOCSPCache.c */, - 18AD565A14CB6F79008233F2 /* SecOCSPCache.h */, - 18AD565B14CB6F79008233F2 /* SecOCSPRequest.c */, - 18AD565C14CB6F79008233F2 /* SecOCSPRequest.h */, - 18AD565D14CB6F79008233F2 /* SecOCSPResponse.c */, - 18AD565E14CB6F79008233F2 /* SecOCSPResponse.h */, - 18AD565F14CB6F79008233F2 /* SecPolicyServer.c */, - 18AD566014CB6F79008233F2 /* SecPolicyServer.h */, - 18AD566114CB6F79008233F2 /* SecTrustServer.c */, - 18AD566214CB6F79008233F2 /* SecTrustServer.h */, - E7B01B671655CCA6000485F1 /* SOSCloudCircleServer.c */, - E7B01B661655CC99000485F1 /* SOSCloudCircleServer.h */, - 18AD566314CB6F79008233F2 /* SecTrustStoreServer.c */, - 18AD566414CB6F79008233F2 /* SecTrustStoreServer.h */, - E795C9471911A41200FA068C /* SecLogSettingsServer.c */, - E795C9461911A39800FA068C /* SecLogSettingsServer.h */, - 18AD566514CB6F79008233F2 /* spi.c */, - 18AD566614CB6F79008233F2 /* spi.h */, - 72B5923A17C6924000AE738B /* iCloudTrace.h */, - 72B5923C17C6939A00AE738B /* iCloudTrace.c */, - 5356520218E3C71000C383C0 /* SecOTRRemote.c */, - 5356520418E3C88D00C383C0 /* SecOTRRemote.h */, - ); - path = securityd; - sourceTree = ""; - }; - 4A824AFA158FF05900F932C0 /* Regressions */ = { - isa = PBXGroup; - children = ( - 4CC92AB015A3AD0000C6D578 /* Security_regressions.h */, - D40771B21C9B4CE50016AA66 /* shared_regressions.h */, - 4CC92A0E15A3ABD400C6D578 /* crypto */, - 4CC92A1115A3ABD400C6D578 /* otr */, - 4CC92A1615A3ABD400C6D578 /* secitem */, - 4CC92A5B15A3ABD400C6D578 /* vmdh */, - E7EBD75619145D6400D0F062 /* so_01_serverencryption.c */, - ); - name = Regressions; - sourceTree = ""; - }; - 4CC92A0E15A3ABD400C6D578 /* crypto */ = { - isa = PBXGroup; - children = ( - 4CC92A0F15A3ABD400C6D578 /* pbkdf2-00-hmac-sha1.c */, - 4CC92A1015A3ABD400C6D578 /* spbkdf-00-hmac-sha1.c */, - ); - name = crypto; - path = Regressions/crypto; - sourceTree = ""; - }; - 4CC92A1115A3ABD400C6D578 /* otr */ = { - isa = PBXGroup; - children = ( - 4CC92A1215A3ABD400C6D578 /* otr-00-identity.c */, - 4CC92A1315A3ABD400C6D578 /* otr-30-negotiation.c */, - CD8E09001A2E918900A2503A /* otr-40-edgecases.c */, - CDB6A8B51A409BBF00646CD6 /* otr-50-roll.c */, - CDB6A8B71A409BC600646CD6 /* otr-60-slowroll.c */, - 4CC92A1415A3ABD400C6D578 /* otr-otrdh.c */, - 4CC92A1515A3ABD400C6D578 /* otr-packetdata.c */, - ); - name = otr; - path = Regressions/otr; - sourceTree = ""; - }; - 4CC92A1615A3ABD400C6D578 /* secitem */ = { - isa = PBXGroup; - children = ( - 4CC92A1715A3ABD400C6D578 /* si-00-find-nothing.c */, - 4CC92A1815A3ABD400C6D578 /* si-05-add.c */, - 4CC92A1915A3ABD400C6D578 /* si-10-find-internet.c */, - 4CC92A1A15A3ABD400C6D578 /* si-11-update-data.c */, - 4C2C8C3C17AB374700C24C13 /* si-12-item-stress.c */, - EB9C1D091BDDBDD500F89272 /* si-13-item-system.m */, - 4CC92A1B15A3ABD400C6D578 /* si-14-dateparse.c */, - EBD3447F1D234E26008B6DEA /* si-15-delete-access-group.m */, - 4CC92A1C15A3ABD400C6D578 /* si-15-certificate.c */, - 4CC92A1D15A3ABD400C6D578 /* si-16-ec-certificate.c */, - E7EF51911C24C6E3002D0C23 /* si-17-item-system-bluetooth.m */, - D4EC94D31CEA47D70083E753 /* si-20-sectrust-policies.m */, - 4CC92A1F15A3ABD400C6D578 /* si-20-sectrust.c */, - BE3171921BB3559600BBB212 /* si-20-sectrust.h */, - 4CC92A2015A3ABD400C6D578 /* si-21-sectrust-asr.c */, - 4CC92A2115A3ABD400C6D578 /* si-22-sectrust-iap.c */, - D44216091CCAD9C200D2D455 /* si-22-sectrust-iap.h */, - 4CC92A2215A3ABD400C6D578 /* si-23-sectrust-ocsp.c */, - 4CC92A2415A3ABD400C6D578 /* si-24-sectrust-digicert-malaysia.c */, - 4CC92A2515A3ABD400C6D578 /* si-24-sectrust-diginotar.c */, - 4CC92A2615A3ABD400C6D578 /* si-24-sectrust-itms.c */, - 4CC92A2815A3ABD400C6D578 /* si-24-sectrust-nist.c */, - 4CC92A2A15A3ABD400C6D578 /* si-24-sectrust-passbook.c */, - D43091511D84D482004097DA /* si-25-cms-skid.m */, - D43091531D84D494004097DA /* si-25-cms-skid.h */, - 4CC92A2C15A3ABD400C6D578 /* si-26-sectrust-copyproperties.c */, - 4CC92A2D15A3ABD400C6D578 /* si-27-sectrust-exceptions.c */, - 4CC92A2E15A3ABD400C6D578 /* si-28-sectrustsettings.m */, - D4653DEA1C9E2299002ED6D5 /* si-28-sectrustsettings.h */, - 4CC92A3015A3ABD400C6D578 /* si-30-keychain-upgrade.c */, - 4CC92A3115A3ABD400C6D578 /* si-31-keychain-bad.c */, - 4CC92A3215A3ABD400C6D578 /* si-31-keychain-unreadable.c */, - 4CC92A3415A3ABD400C6D578 /* si-33-keychain-backup.c */, - 4CC92A3515A3ABD400C6D578 /* si-40-seckey-custom.c */, - 4CC92A3615A3ABD400C6D578 /* si-40-seckey.c */, - 4CC92A3715A3ABD400C6D578 /* si-41-sececkey.c */, - 4CC92A3815A3ABD400C6D578 /* si-42-identity.c */, - 4CC92A3915A3ABD400C6D578 /* si-43-persistent.c */, - 09D1FC1D1CDCBA8800A82D0D /* si-44-seckey-gen.m */, - 09EC947E1CEDEA70003E5101 /* si-44-seckey-rsa.m */, - 0982E02B1D19695B0060002E /* si-44-seckey-ec.m */, - 09AE116D1CEDA17A004C617D /* si-44-seckey-ies.m */, - 4CC92A3A15A3ABD400C6D578 /* si-50-secrandom.c */, - 4CC92A3B15A3ABD400C6D578 /* si-60-cms.c */, - 4CC92A3C15A3ABD400C6D578 /* si-61-pkcs12.c */, - 4CC92A3D15A3ABD400C6D578 /* si-62-csr.c */, - 4CC92A3E15A3ABD400C6D578 /* si-63-scep */, - 4CC92A4115A3ABD400C6D578 /* si-63-scep.c */, - 4CC92A4215A3ABD400C6D578 /* si-63-scep.h */, - 4CC92A4315A3ABD400C6D578 /* si-64-ossl-cms */, - 4CC92A4A15A3ABD400C6D578 /* si-64-ossl-cms.c */, - 4CC92A4B15A3ABD400C6D578 /* si-65-cms-cert-policy.c */, - 4CC92A4C15A3ABD400C6D578 /* si-66-smime */, - 4CC92A4E15A3ABD400C6D578 /* si-66-smime.c */, - 4CC92A4F15A3ABD400C6D578 /* si-67-sectrust-blacklist */, - 4CC92A5A15A3ABD400C6D578 /* si-67-sectrust-blacklist.c */, - E748744415A61AF800624935 /* si-68-secmatchissuer.c */, - CDA7729616B899F10069434D /* si-69-keydesc.c */, - BE62D7611747FF51001EAA9D /* si-70-sectrust-unified.c */, - 5DE4A7BC17441CCD0036339E /* si-71-mobile-store-policy.c */, - BE62D75F1747FF3E001EAA9D /* si-72-syncableitems.c */, - CDD565A1173193AC00B6B074 /* si-73-secpasswordgenerate.c */, - 7255A46B1783333D006A8B9A /* si-74-OTAPKISigner.c */, - BE061FCE1899E5BD00C739F6 /* si-76-shared-credentials.c */, - 3A70988118CDF648009FD2CC /* si_77_SecAccessControl.c */, - 4477A8D718F28AAE00B5BB9F /* si-78-query-attrs.c */, - 4406660E19069707000DA171 /* si-80-empty-data.c */, - D40771AB1C9B4C530016AA66 /* si-82-seccertificate-ct.c */, - D40771AC1C9B4C530016AA66 /* si-82-sectrust-ct.m */, - 440BF8F41A7A7EC9001760A7 /* si-82-token-ag.c */, - BE0CC6061A96B68400662E69 /* si-83-seccertificate-sighashalg.c */, - D48D56CC1DAEC030005AA1C0 /* si-84-sectrust-allowlist */, - BE5C5BD01D8C90C200A97339 /* si-84-sectrust-allowlist.m */, - D4B4A9A61B8801960097B393 /* si-85-sectrust-ssl-policy.c */, - D4C6E1681B9A0AE800E42591 /* si-85-sectrust-ssl-policy.h */, - D4DFC9481B9958D00040945C /* si-87-sectrust-name-constraints.c */, - D4DFC9491B9958D00040945C /* si-87-sectrust-name-constraints.h */, - D4CBC1461BE9A89E00C5795E /* si-89-cms-hash-agility.c */, - D4CBC1471BE9A89E00C5795E /* si-89-cms-hash-agility.h */, - EB69AB051BF425F300913AF1 /* si-90-emcs.m */, - D4A919751CA9A3DD003D2ADA /* si-95-cms-basic.c */, - D4A919761CA9A3DD003D2ADA /* si-95-cms-basic.h */, - D44C81E71CD1944C00BE9A0D /* si-97-sectrust-path-scoring.m */, - D44C81E91CD1947200BE9A0D /* si-97-sectrust-path-scoring.h */, - ); - name = secitem; - path = Regressions/secitem; - sourceTree = ""; - }; - 4CC92A3E15A3ABD400C6D578 /* si-63-scep */ = { - isa = PBXGroup; - children = ( - 4CC92A3F15A3ABD400C6D578 /* getcacert-mdes.h */, - 4CC92A4015A3ABD400C6D578 /* getcacert-mdesqa.h */, - ); - path = "si-63-scep"; - sourceTree = ""; - }; - 4CC92A4315A3ABD400C6D578 /* si-64-ossl-cms */ = { - isa = PBXGroup; - children = ( - 4CC92A4415A3ABD400C6D578 /* attached_no_data_signed_data.h */, - 4CC92A4515A3ABD400C6D578 /* attached_signed_data.h */, - 4CC92A4615A3ABD400C6D578 /* detached_content.h */, - 4CC92A4715A3ABD400C6D578 /* detached_signed_data.h */, - 4CC92A4815A3ABD400C6D578 /* privkey.h */, - 4CC92A4915A3ABD400C6D578 /* signer.h */, - ); - path = "si-64-ossl-cms"; - sourceTree = ""; - }; - 4CC92A4C15A3ABD400C6D578 /* si-66-smime */ = { - isa = PBXGroup; - children = ( - 4CC92A4D15A3ABD400C6D578 /* signed-receipt.h */, - ); - path = "si-66-smime"; - sourceTree = ""; - }; - 4CC92A4F15A3ABD400C6D578 /* si-67-sectrust-blacklist */ = { - isa = PBXGroup; - children = ( - 4CC92A5015A3ABD400C6D578 /* Global Trustee.cer.h */, - 4CC92A5115A3ABD400C6D578 /* UTN-USERFirst-Hardware.cer.h */, - 4CC92A5215A3ABD400C6D578 /* addons.mozilla.org.cer.h */, - 4CC92A5315A3ABD400C6D578 /* login.live.com.cer.h */, - 4CC92A5415A3ABD400C6D578 /* login.skype.com.cer.h */, - 4CC92A5515A3ABD400C6D578 /* login.yahoo.com.1.cer.h */, - 4CC92A5615A3ABD400C6D578 /* login.yahoo.com.2.cer.h */, - 4CC92A5715A3ABD400C6D578 /* login.yahoo.com.cer.h */, - 4CC92A5815A3ABD400C6D578 /* mail.google.com.cer.h */, - 4CC92A5915A3ABD400C6D578 /* www.google.com.cer.h */, - ); - path = "si-67-sectrust-blacklist"; - sourceTree = ""; - }; - 4CC92A5B15A3ABD400C6D578 /* vmdh */ = { - isa = PBXGroup; - children = ( - 4CC92A5C15A3ABD400C6D578 /* vmdh-40.c */, - 4CC92A5D15A3ABD400C6D578 /* vmdh-41-example.c */, - 4CC92A5E15A3ABD400C6D578 /* vmdh-42-example2.c */, - ); - name = vmdh; - path = Regressions/vmdh; - sourceTree = ""; - }; - 4CC92AAB15A3AC4600C6D578 /* Regressions */ = { - isa = PBXGroup; - children = ( - ACFD56BD19007B2D00F5F5D9 /* ios6_1_keychain_2_db.h */, - 4483050F1B46FB8700326450 /* ios8-inet-keychain-2.h */, - 0CBF93F5177B7CFC001E5658 /* secd-03-corrupted-items.c */, - 0CBF93F6177B7CFC001E5658 /* secd-04-corrupted-items.c */, - 0CBF93FB177BA9D9001E5658 /* secd-05-corrupted-items.m */, - 4CC92AAE15A3ACCE00C6D578 /* securityd_regressions.h */, - 4CC92AAC15A3AC4600C6D578 /* sd-10-policytree.c */, - 0C0BDB601756882A00BC1A7E /* secd_regressions.h */, - 0C0BDB62175688DA00BC1A7E /* secd-01-items.c */, - 0C664AE7175951270092D3D9 /* secd-02-upgrade-while-locked.c */, - EB3409AE1C1D5BB300D77661 /* secd-20-keychain_upgrade.m */, - EBF2D7651C1E4823006AB6FF /* secd-21-transmogrify.m */, - 0C062B1C175E784B00806CFE /* secd-30-keychain-upgrade.c */, - 0C062B1D175E784B00806CFE /* secd-31-keychain-bad.c */, - 0C062B1E175E784B00806CFE /* secd-31-keychain-unreadable.c */, - 446CEEE319B6043900ECAF50 /* secd-32-restore-bad-backup.c */, - 4469FC2A1AA0A69E0021AA26 /* secd-33-keychain-ctk.m */, - 529F46F11AEC759E0002392C /* secd-34-backup-der-parse.c */, - 4483050D1B46FB6C00326450 /* secd-35-keychain-migrate-inet.c */, - EB36F0401D9041F40094C601 /* secd-36-ks-encrypt.m */, - E75AB9191AE9958300C5EF3F /* secd-40-cc-gestalt.c */, - E79D62B9176798BF005A9743 /* secd-50-account.c */, - 523CBBF71B3227A2002C0884 /* secd-49-manifests.c */, - 523CBBF41B321C5C002C0884 /* secd-50-message.c */, - 48E928C4179DD05500A7F755 /* secd-51-account-inflate.c */, - CDF9BBE01B03E24D00D1AF0F /* secd-52-offering-gencount-reset.c */, - 4898223917BDB277003BEF32 /* secd-52-account-changed.c */, - E7A10FAB1771246A00C4602F /* secd-55-account-circle.c */, - E7F0D3E9177BBE35001ACBC1 /* secd-55-account-incompatibility.c */, - E7F18556177A502900177B23 /* secd-56-account-apply.c */, - E7A10FAD1771249C00C4602F /* secd-57-account-leave.c */, - 4826374C1CC18A410082C9C8 /* secd-57-1-account-last-standing.c */, - 4882C516177521AE0095D04B /* secd-58-password-change.c */, - 48F32D7D1777AFA3001B84BA /* secd-59-account-cleanup.c */, - E7F18554177A44E000177B23 /* secd-60-account-cloud-identity.c */, - 48C34E911C45EF3000B7F29B /* secd60-account-cloud-exposure.c */, - 486C6C671795F20E00387075 /* secd-61-account-leave-not-in-kansas-anymore.c */, - CD655E911AF02B9900BD1B6E /* secd-62-account-backup.c */, - 48FABEDF1AD05C7100C061D1 /* secd-62-account-hsa-join.c */, - E731829F1B1FC9CD00FC334C /* secd-63-account-resurrection.c */, - E7850ECE1BB30E6E002A54CA /* secd-65-account-retirement-reset.c */, - 48A0FEDD1B6046E2001D6180 /* secd-64-circlereset.c */, - 527258CF1981C00F003CFCEC /* secd-70-engine.c */, - 4C495EE01982171500BC1809 /* secd-70-engine-corrupt.c */, - F9EF72F01AC0F97C00A4D24A /* secd-70-engine-smash.c */, - 5384299318E492A300E91AFE /* secd-70-otr-remote.c */, - 5221C4971CBEDB7C006047E7 /* secd-71-engine-save.c */, - 5221C4C11CC5667E006047E7 /* secd-71-engine-save-sample1.h */, - 4CCD1B001B1E3EA200F6DF8D /* secd-74-engine-beer-servers.c */, - 4CC62F201B4C63FE009FEF0E /* secd-75-engine-views.c */, - 0C60F39B1CAF0E8E00221D24 /* secd-76-idstransport.c */, - 0C3276C21CB329AB005D6DDC /* secd_77_ids_messaging.c */, - 48FB17041A77181A00B586C7 /* secd-80-views-basic.c */, - 485B5E611AE068D800A3C183 /* secd-82-secproperties-basic.c */, - 5E19C6471AA5F34E005964F8 /* secd-81-item-acl-stress.c */, - 5EA016361AD41AB20061BCD7 /* secd-81-item-acl.c */, - F9E0BD981AEF196A00554D49 /* secd-82-persistent-ref.c */, - 5EF2596E1CB5214B009B4C58 /* secd-83-item-match-policy.m */, - 5E0CE1641CB6347300E75776 /* secd-83-item-match-valid-on-date.m */, - 5E0CE1661CB6348D00E75776 /* secd-83-item-match-trusted.m */, - 5E0CE1681CB64A1300E75776 /* secd-83-item-match.h */, - 48FABEE01AD05C7100C061D1 /* secd-90-hsa2.c */, - CD8F442C1B83C435004C0047 /* secd-95-escrow-persistence.c */, - CD9B54111CC6EC4D00CC487A /* secd-100-initialsync.c */, - E739A9DC1D318FA4003C088A /* secd-130-other-peer-views.c */, - CD35B8291C2650FE00E0852A /* secd-154-engine-backoff.c */, - 48B5888B1D00ED9000E0C5A7 /* secd-200-logstate.c */, - 0C87F8301D6F838200A9EC17 /* secd-201-coders.c */, - E7A10FAA1771245D00C4602F /* SOSAccountTesting.h */, - E79D62BE1767A547005A9743 /* SecdTestKeychainUtilities.c */, - E79D62BF1767A55F005A9743 /* SecdTestKeychainUtilities.h */, - CDAD4E9818EC8424007D4BC2 /* SOSTransportTestTransports.c */, - CDAD4E9A18EC8447007D4BC2 /* SOSTransportTestTransports.h */, - ); - path = Regressions; - sourceTree = ""; - }; - 521C0B9715FA5C4900604B61 /* Frameworks */ = { - isa = PBXGroup; - children = ( - 32FBBBE11B50365D00AEF9ED /* CoreFoundation.framework */, - CD6C9BF81A813D52002AB913 /* IDS.framework */, - CD558FA8193544F800CFB3B1 /* IDSFoundation.framework */, - EB97322D189C56DB0063DFED /* CoreFoundation.framework */, - 52DD7069160CD40B0027A346 /* libutilities.a */, - 526CBA5116079FB4008DF7C8 /* Security.framework */, - 521C0B9815FA5C4A00604B61 /* Foundation.framework */, - EB973200189C56310063DFED /* Cocoa.framework */, - EB973215189C56310063DFED /* XCTest.framework */, - EB973202189C56310063DFED /* Other Frameworks */, - ); - name = Frameworks; - sourceTree = ""; - }; - BEF9640718B417EB00813FA3 /* SharedWebCredentialAgent */ = { - isa = PBXGroup; - children = ( - BEF9640918B418A400813FA3 /* swcagent_client.h */, - BEF9640A18B418A400813FA3 /* swcagent_client.c */, - BEF9640B18B418A400813FA3 /* swcagent.m */, - ); - name = SharedWebCredentialAgent; - sourceTree = ""; - }; - D48D56CC1DAEC030005AA1C0 /* si-84-sectrust-allowlist */ = { - isa = PBXGroup; - children = ( - D4B2E7911DAEFBB500F79E03 /* wosign_certs.h */, - D4B2E7921DAEFBB500F79E03 /* date_testing_certs.h */, - D4B2E7931DAEFBB500F79E03 /* cnnic_certs.h */, - ); - name = "si-84-sectrust-allowlist"; - sourceTree = ""; - }; - E71049F4169E023B00DB0045 /* SecurityTool */ = { - isa = PBXGroup; - children = ( - E790C108169E4E7900E0C0C9 /* builtin_commands.h */, - E790C109169E4FD200E0C0C9 /* digest_calc.c */, - EBE32B9B1BF00DA500719AA8 /* entitlements.plist */, - EBC1B8B61BE96B3200E6ACA6 /* whoami.m */, - EBE32B581BEEC8C900719AA8 /* syncbubble.m */, - E790C10E169E53DF00E0C0C9 /* leaks.c */, - E790C10F169E53DF00E0C0C9 /* leaks.h */, - 4CD1897B169F835400BC96B8 /* print_cert.c */, - 4CD1897C169F835400BC96B8 /* print_cert.h */, - E71049FE169E036E00DB0045 /* security.1 */, - E71049FF169E036E00DB0045 /* SecurityTool.c */, - E7104A00169E036E00DB0045 /* SecurityTool.h */, - E7104A0D169E1C1600DB0045 /* tool_errors.h */, - ); - path = SecurityTool; - sourceTree = ""; - }; - E7104A0F169E1F0800DB0045 /* Tool */ = { - isa = PBXGroup; - children = ( - 32FBBBE61B556F8900AEF9ED /* verify_cert.c */, - F697632118F6CC3F0090438B /* keychain_util.c */, - F697632218F6CC3F0090438B /* keychain_util.h */, - E790C136169E5C6200E0C0C9 /* add_internet_password.c */, - E795C93E19100F5000FA068C /* log_control.c */, - E790C137169E5C6200E0C0C9 /* codesign.c */, - E790C138169E5C6200E0C0C9 /* keychain_add.c */, - E790C139169E5C6200E0C0C9 /* keychain_find.c */, - 0CE7ABDE171383E30088968F /* keychain_backup.c */, - E790C13A169E5C6200E0C0C9 /* pkcs12_util.c */, - E790C13D169E5C6200E0C0C9 /* scep.c */, - E790C13E169E5C6200E0C0C9 /* SecurityCommands.h */, - E790C13F169E5C6200E0C0C9 /* show_certificates.c */, - E790C140169E5C6200E0C0C9 /* spc.c */, - ); - path = Tool; - sourceTree = ""; - }; - E7217B2015F8126700D26031 /* CKBridge */ = { - isa = PBXGroup; - children = ( - 521C685C1614A6E100E31C3E /* SOSCloudKeychainClient.c */, - 521C685D1614A6E100E31C3E /* SOSCloudKeychainClient.h */, - E7217B2515F8131A00D26031 /* SOSCloudKeychainConstants.c */, - E7217B2615F8131A00D26031 /* SOSCloudKeychainConstants.h */, - 481A954F1D1A02AA000B98F5 /* SOSCloudKeychainLogging.c */, - 481A95501D1A02AA000B98F5 /* SOSCloudKeychainLogging.h */, - ); - path = CKBridge; - sourceTree = ""; - }; - E7AC69CE14E1F78400CB09C1 /* SOSCircle */ = { - isa = PBXGroup; - children = ( - E7217B2015F8126700D26031 /* CKBridge */, - E7AC69CF14E1F78400CB09C1 /* Regressions */, - E7AC69D114E1F78400CB09C1 /* SecureObjectSync */, - E7FEFB81169E362100E18152 /* Tool */, - ); - path = SOSCircle; - sourceTree = ""; - }; - E7AC69CF14E1F78400CB09C1 /* Regressions */ = { - isa = PBXGroup; - children = ( - E763D6221624E2670038477D /* sc-20-keynames.c */, - 48487D271B1D5E960078C7C9 /* sc-25-soskeygen.c */, - E777C72815B9C9F0004044A8 /* sc-30-peerinfo.c */, - EBDAECBA184D30C3005A18F1 /* sc-31-peerinfo-simplefuzz.c */, - E777C6B015B4DDF2004044A8 /* sc-40-circle.c */, - 4878267919C0F505002CB56F /* sc-42-circlegencount.c */, - 4C64F59617C6B3B1009C5AC2 /* sc-45-digestvector.c */, - 48CE733D1731C49A004C2946 /* sc-130-resignationticket.c */, - 4BD2F7FF1ADCDEAA0037CD5D /* sc-140-hsa2.c */, - CD16F8941AE84822004AE09C /* sc-150-ring.c */, - E7C4F5431AD482E1000B5862 /* sc-150-backupkeyderivation.c */, - E71BAE7E1ACE1AB900DF0C29 /* sc-153-backupslicekeybag.c */, - 4CC92AAF15A3ACE600C6D578 /* SOSCircle_regressions.h */, - 521C0CD515FF9B3300604B61 /* SOSRegressionUtilities.c */, - 521C0CD815FF9B4B00604B61 /* SOSRegressionUtilities.h */, - 4CB8A83716164B7700B52EC7 /* SOSTestDataSource.c */, - 4CB8A83916164B8C00B52EC7 /* SOSTestDataSource.h */, - 4C495EDB1982125E00BC1809 /* SOSTestDevice.c */, - 4C495EDC1982125E00BC1809 /* SOSTestDevice.h */, - ); - path = Regressions; - sourceTree = ""; - }; - E7AC69D114E1F78400CB09C1 /* SecureObjectSync */ = { - isa = PBXGroup; - children = ( - E7B00702170B5FE100B27966 /* SOSExports.exp-in */, - E7DBB6011AE9E09700488C1F /* Account */, - E7DBB6031AE9E0D900488C1F /* Circle */, - E7DBB6041AEAABFD00488C1F /* Engine */, - E7DBB6021AE9E0AA00488C1F /* PeerInfo */, - E7DBB6051AEAAC8000488C1F /* Transport */, - E7DBB6061AEAAF1200488C1F /* SOSARCDefines.h */, - E7C4F53F1AD4445C000B5862 /* SOSECWrapUnwrap.c */, - E7217B1715F80E0F00D26031 /* SOSCloudCircle.c */, - E703811114E1FEE4007CB458 /* SOSCloudCircle.h */, - E7B01B5A16532507000485F1 /* SOSCloudCircleInternal.h */, - 48E9CDFB1C597FED00574D6B /* SOSSysdiagnose.c */, - E777C71D15B73F9E004044A8 /* SOSInternal.c */, - E777C71B15B73F59004044A8 /* SOSInternal.h */, - 52F8DE4A1AF2E9AE00A2C271 /* SOSTypes.h */, - 4BD2F8011ADCDF790037CD5D /* SOSPlatform.h */, - ); - path = SecureObjectSync; - sourceTree = ""; - }; - E7DBB6011AE9E09700488C1F /* Account */ = { - isa = PBXGroup; - children = ( - 4CC929AD15A3957800C6D578 /* SOSAccount.c */, - 4CC929AE15A3957800C6D578 /* SOSAccount.h */, - 48FD04F11CEFCFB900BEBBFF /* SOSAccountTransaction.c */, - 48FD04F21CEFCFB900BEBBFF /* SOSAccountTransaction.h */, - E7C4F5451AD75EBE000B5862 /* SOSAccountBackup.c */, - 48764AF417FA3FE50005C4F1 /* SOSAccountCircles.c */, - 48FABEDB1AD05C1D00C061D1 /* SOSAccountHSAJoin.c */, - 48FABEDC1AD05C1D00C061D1 /* SOSAccountHSAJoin.h */, - 48C7DF9917FF44EF00904F1A /* SOSAccountCloudParameters.c */, - 48C7DF9217FF2DB500904F1A /* SOSAccountCredentials.c */, - 48764AE717FA2DD00005C4F1 /* SOSAccountDer.c */, - 48C7DF9717FF360F00904F1A /* SOSAccountFullPeerInfo.c */, - 48C7DF9517FF351A00904F1A /* SOSAccountPeers.c */, - 48764AEB17FA31E50005C4F1 /* SOSAccountPersistence.c */, - 48122CC71CFF88DC009BE3E3 /* SOSAccountLog.c */, - 48122CC81CFF88DC009BE3E3 /* SOSAccountLog.h */, - 48764AEA17FA31670005C4F1 /* SOSAccountPriv.h */, - 48764AEE17FA36200005C4F1 /* SOSAccountUpdate.c */, - CDC0DC941AE842640020BA6C /* SOSAccountRings.c */, - CDC0DC951AE842640020BA6C /* SOSAccountRingUpdate.c */, - E75320EB1D0B83FC00DAB140 /* SOSAccountViewSync.c */, - 528462991AE6FCF0004C1BA2 /* SOSBackupEvent.c */, - 5284629A1AE6FCF0004C1BA2 /* SOSBackupEvent.h */, - E71BAE801ACE1C6500DF0C29 /* SOSBackupSliceKeyBag.c */, - E71BAE811ACE1C6500DF0C29 /* SOSBackupSliceKeyBag.h */, - 4802A59516D711060059E5B9 /* SOSUserKeygen.c */, - 4802A59716D711190059E5B9 /* SOSUserKeygen.h */, - ); - name = Account; - sourceTree = ""; - }; - E7DBB6021AE9E0AA00488C1F /* PeerInfo */ = { - isa = PBXGroup; - children = ( - E79277E1163B110A0096F3E2 /* SOSFullPeerInfo.c */, - E79277E2163B110A0096F3E2 /* SOSFullPeerInfo.h */, - E777C72515B87544004044A8 /* SOSPeerInfo.c */, - E777C72415B87528004044A8 /* SOSPeerInfo.h */, - E7DBB6081AEAAF3700488C1F /* SOSPeerInfoDER.c */, - E7DBB6091AEAAF3700488C1F /* SOSPeerInfoDER.h */, - 48FB17001A76F56C00B586C7 /* SOSPeerInfoV2.c */, - 48FB17011A76F56C00B586C7 /* SOSPeerInfoV2.h */, - 484182631A30F8D300211511 /* SOSPeerInfoPriv.h */, - E7A634E217FA471500920B67 /* SOSPeerInfoCollections.c */, - E7A634E417FA472700920B67 /* SOSPeerInfoCollections.h */, - 485835871779013E0050F074 /* SOSPeerInfoInternal.h */, - CDC0DC2B1AE83E390020BA6C /* SOSPeerInfoRingState.c */, - CDC0DC2C1AE83E390020BA6C /* SOSPeerInfoRingState.h */, - 48A071CD1AD6AEA900728AEF /* SOSPeerInfoSecurityProperties.c */, - 48A071CE1AD6AEA900728AEF /* SOSPeerInfoSecurityProperties.h */, - ); - name = PeerInfo; - sourceTree = ""; - }; - E7DBB6031AE9E0D900488C1F /* Circle */ = { - isa = PBXGroup; - children = ( - 4CC929AF15A3957800C6D578 /* SOSCircle.c */, - CDC0DC961AE842640020BA6C /* SOSCircleV2.c */, - CDC0DC971AE842640020BA6C /* SOSCircleV2.h */, - 484182601A30F2E300211511 /* SOSCirclePriv.h */, - 4CC929B015A3957800C6D578 /* SOSCircle.h */, - 484182621A30F38E00211511 /* SOSCircleRings.h */, - 489E6E4B1A71A87600D7EB8C /* SOSCircleDer.h */, - 489E6E4A1A71A87600D7EB8C /* SOSCircleDer.c */, - CDC0DC981AE842640020BA6C /* SOSConcordanceTrust.h */, - CDC0DC991AE842640020BA6C /* SOSGenCount.c */, - CDC0DC9A1AE842640020BA6C /* SOSGenCount.h */, - CDC0DC2D1AE83E390020BA6C /* SOSRing.h */, - 489EA3C11AEAE659004A6AEB /* SOSRingBackup.c */, - 489EA3C21AEAE659004A6AEB /* SOSRingBackup.h */, - CDC0DC2E1AE83E390020BA6C /* SOSRingBasic.c */, - CDC0DC2F1AE83E390020BA6C /* SOSRingBasic.h */, - CDC0DC301AE83E390020BA6C /* SOSRingConcordanceTrust.c */, - CDC0DC311AE83E390020BA6C /* SOSRingConcordanceTrust.h */, - CDC0DC321AE83E390020BA6C /* SOSRingDER.c */, - CDC0DC331AE83E390020BA6C /* SOSRingDER.h */, - CDC0DC341AE83E390020BA6C /* SOSRingPeerInfoUtils.c */, - CDC0DC351AE83E390020BA6C /* SOSRingPeerInfoUtils.h */, - CDC0DC361AE83E390020BA6C /* SOSRingTypes.c */, - CDC0DC371AE83E390020BA6C /* SOSRingTypes.h */, - CDC0DC381AE83E390020BA6C /* SOSRingUtils.c */, - CDC0DC391AE83E390020BA6C /* SOSRingUtils.h */, - CDC0DC3A1AE83E390020BA6C /* SOSRingV0.c */, - CDC0DC3B1AE83E390020BA6C /* SOSRingV0.h */, - 48F7DF241A6DB32900046644 /* SOSViews.c */, - 48F7DF251A6DB32900046644 /* SOSViews.h */, - 4812D5A61CAF1FCB0041FAD8 /* ViewList.list */, - 4812D5A51CAF07060041FAD8 /* SOSViews.exp-in */, - ); - name = Circle; - sourceTree = ""; - }; - E7DBB6041AEAABFD00488C1F /* Engine */ = { - isa = PBXGroup; - children = ( - 4C31C3CB1A9E5CDA009098D8 /* SOSChangeTracker.c */, - 4C31C3CC1A9E5CDA009098D8 /* SOSChangeTracker.h */, - 488902EB16C2F88400F119FF /* SOSCoder.c */, - 488902ED16C2F89700F119FF /* SOSCoder.h */, - 4C8BDD9A17B4FB8F00C20EA5 /* SOSDataSource.h */, - 4C8BDDA017B4FE8100C20EA5 /* SOSDigestVector.c */, - 4C8BDDA117B4FE9400C20EA5 /* SOSDigestVector.h */, - 4C9DC91C15B602910036D941 /* SOSEngine.c */, - 4C9DC91915B602760036D941 /* SOSEngine.h */, - 0CFDBAD81D6FC58D00826CDE /* SOSEnginePriv.h */, - 4C8BDD9E17B4FDE100C20EA5 /* SOSManifest.c */, - 4C8BDD9C17B4FD2A00C20EA5 /* SOSManifest.h */, - 4CBDB30B17B70206002FA799 /* SOSMessage.c */, - 4CBDB30C17B70206002FA799 /* SOSMessage.h */, - 4CC929B115A3957800C6D578 /* SOSPeer.c */, - 4CC929B215A3957800C6D578 /* SOSPeer.h */, - CD32776A18F8AEFD006B5280 /* SOSPeerCoder.c */, - CD32776C18F8B06E006B5280 /* SOSPeerCoder.h */, - ); - name = Engine; - sourceTree = ""; - }; - E7DBB6051AEAAC8000488C1F /* Transport */ = { - isa = PBXGroup; - children = ( - 48764AF117FA3ACF0005C4F1 /* SOSKVSKeys.c */, - CD0F8AF118998685003E0C52 /* SOSKVSKeys.h */, - CD86DE4D18BD554D00C90CDF /* SOSTransport.c */, - CDF1B82218BD7DDE006309BC /* SOSTransport.h */, - CD773AC21ADDF8C700C808BA /* SOSTransportBackupPeer.c */, - CD773AC31ADDF8C700C808BA /* SOSTransportBackupPeer.h */, - CD0F8AF51899BF46003E0C52 /* SOSTransportCircle.c */, - CD0F8AF91899BF63003E0C52 /* SOSTransportCircle.h */, - CD32777218F8B31E006B5280 /* SOSTransportCircleKVS.c */, - CD32777418F8B330006B5280 /* SOSTransportCircleKVS.h */, - CD09B90718A08EBE00E787E1 /* SOSTransportKeyParameter.c */, - CD09B90918A08ECD00E787E1 /* SOSTransportKeyParameter.h */, - CD32776E18F8B2FC006B5280 /* SOSTransportKeyParameterKVS.c */, - CD32777018F8B30E006B5280 /* SOSTransportKeyParameterKVS.h */, - CD0F8AF31899BF33003E0C52 /* SOSTransportMessage.c */, - CD0F8AF71899BF57003E0C52 /* SOSTransportMessage.h */, - CD2026B41936ABD300AB9D3C /* SOSTransportMessageIDS.c */, - CD2026B31936ABD300AB9D3C /* SOSTransportMessageIDS.h */, - CD32777618F8B39B006B5280 /* SOSTransportMessageKVS.c */, - CD32777818F8B3B4006B5280 /* SOSTransportMessageKVS.h */, - ); - name = Transport; - sourceTree = ""; - }; - E7FEFB81169E362100E18152 /* Tool */ = { - isa = PBXGroup; - children = ( - 4899F2E81C768BBE00762615 /* secToolFileIO.h */, - 4899F2E71C768BBE00762615 /* secToolFileIO.c */, - E78DCD671D306C9000DE7A88 /* NSFileHandle+Formatting.h */, - E739A9DA1D3078D9003C088A /* NSFileHandle+Formatting.m */, - E790C0F4169E3D7200E0C0C9 /* keychain_sync.h */, - E7FEFB90169E36D800E18152 /* keychain_sync.c */, - E7ACD2FA1D30204E0038050D /* keychain_sync_test.h */, - E7ACD2F91D30204E0038050D /* keychain_sync_test.m */, - 48279BC41C57FEA20043457C /* keychain_log.h */, - 48279BC31C57FEA20043457C /* keychain_log.c */, - 485FE6BD1CDBED5800C916C5 /* syncbackup.h */, - 485FE6BC1CDBED5800C916C5 /* syncbackup.c */, - 4838F6BB1CB5AA5F009E8598 /* secViewDisplay.c */, - 4838F6BC1CB5AA5F009E8598 /* secViewDisplay.h */, - ); - path = Tool; - sourceTree = ""; - }; - EB973202189C56310063DFED /* Other Frameworks */ = { - isa = PBXGroup; - children = ( - EB973204189C56310063DFED /* CoreData.framework */, - EB973205189C56310063DFED /* AppKit.framework */, - ); - name = "Other Frameworks"; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 0C0BDB5A175687EC00BC1A7E /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - ACFD56BE19007B2D00F5F5D9 /* ios6_1_keychain_2_db.h in Headers */, - CD95312D19228D96005A76B2 /* SOSAccountTesting.h in Headers */, - 0C0BDB611756882A00BC1A7E /* secd_regressions.h in Headers */, - CDAD4E9E18EC9B6D007D4BC2 /* SOSTransportTestTransports.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 18270F5314CF651900B05E7F /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 186CDD0D14CA116C00AF9171 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 18AD560F14CB6E7A008233F2 /* securityd_client.h in Headers */, - 4868F41C1C7409EF0011825E /* SOSInternal.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 18D4043314CE0CF300A2BE4E /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - D4D9BA2E1C7E5F19008785EB /* SecTrustInternal.h in Headers */, - 4899F2EA1C768BBE00762615 /* secToolFileIO.h in Headers */, - CDC765C41729A72800721712 /* SecPasswordGenerate.h in Headers */, - 4A971695158FDEB800D439B7 /* SecOTR.h in Headers */, - 4A971697158FDEB800D439B7 /* SecOTRDHKey.h in Headers */, - 4492652A1AB0D6FF00644D4C /* SecCTKKeyPriv.h in Headers */, - 4A971698158FDEB800D439B7 /* SecOTRErrors.h in Headers */, - 4A97169A158FDEB800D439B7 /* SecOTRIdentityPriv.h in Headers */, - 5221C4C21CC5667E006047E7 /* secd-71-engine-save-sample1.h in Headers */, - D47F511F1C3B660500A7CEFE /* SecCFAllocator.h in Headers */, - 4A97169C158FDEB800D439B7 /* SecOTRMath.h in Headers */, - 4A97169F158FDEB800D439B7 /* SecOTRPacketData.h in Headers */, - 4A9716A1158FDEB800D439B7 /* SecOTRPackets.h in Headers */, - BE4AC7DF1C938698002A28FE /* SecSignatureVerificationSupport.h in Headers */, - 4A9716A4158FDEB800D439B7 /* SecOTRSession.h in Headers */, - 4A9716A6158FDEB800D439B7 /* SecOTRSessionPriv.h in Headers */, - 52D0F028169CA72800F07D79 /* SecOnOSX.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 18D4056014CE53C200A2BE4E /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 72B5923B17C6924000AE738B /* iCloudTrace.h in Headers */, - 4C05608E17B60F88001A879A /* SecItemSchema.h in Headers */, - 4C05608F17B60F88001A879A /* SecKeybagSupport.h in Headers */, - E7285CAD1AE1E4DF00AD412D /* SOSChangeTracker.h in Headers */, - 4C05608C17B60F88001A879A /* SecItemDataSource.h in Headers */, - 4C05608D17B60F88001A879A /* SecItemDb.h in Headers */, - E7285C981AE1E4A800AD412D /* SOSEngine.h in Headers */, - 4C05608A17B60F88001A879A /* SecDbKeychainItem.h in Headers */, - 4C05608B17B60F88001A879A /* SecDbQuery.h in Headers */, - D474EF351C8A1CBC00AA4D86 /* personalization.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4A5CCA4D15ACEFA500702357 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4A824AFF158FF07000F932C0 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 4CC92AC015A3BC4300C6D578 /* Security_regressions.h in Headers */, - 4CC92A8C15A3ABD400C6D578 /* getcacert-mdes.h in Headers */, - 4CC92A8D15A3ABD400C6D578 /* getcacert-mdesqa.h in Headers */, - 4CC92A8F15A3ABD400C6D578 /* si-63-scep.h in Headers */, - 4CC92A9015A3ABD400C6D578 /* attached_no_data_signed_data.h in Headers */, - D4A919781CA9A3DD003D2ADA /* si-95-cms-basic.h in Headers */, - 4CC92A9115A3ABD400C6D578 /* attached_signed_data.h in Headers */, - 4CC92A9215A3ABD400C6D578 /* detached_content.h in Headers */, - 4CC92A9315A3ABD400C6D578 /* detached_signed_data.h in Headers */, - 4CC92A9415A3ABD400C6D578 /* privkey.h in Headers */, - 4CC92A9515A3ABD400C6D578 /* signer.h in Headers */, - 4CC92A9815A3ABD400C6D578 /* signed-receipt.h in Headers */, - D483DF6A1CD2DF9B00334824 /* si-20-sectrust.h in Headers */, - D4CBC1491BE9A89E00C5795E /* si-89-cms-hash-agility.h in Headers */, - D442160A1CCAD9C200D2D455 /* si-22-sectrust-iap.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CC92AFB15A3BC6B00C6D578 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 448305101B46FB8700326450 /* ios8-inet-keychain-2.h in Headers */, - CDAD4E9C18EC9B3D007D4BC2 /* SOSAccountTesting.h in Headers */, - 4CC92B1515A3BCA500C6D578 /* securityd_regressions.h in Headers */, - CD95312C19228D92005A76B2 /* SOSTransportTestTransports.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - BE8D22891ABB7199009A4E18 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - D4D886F11CECE75000DC7583 /* SecTrustInternal.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - BEF9640218B4171200813FA3 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - BE4AC9B518B8022D00B84964 /* swcagent_client.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - D40771B61C9B4D200016AA66 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 0C0C887A1CCED00E00617D1B /* shared_regressions.h in Headers */, - D44C81EA1CD1947200BE9A0D /* si-97-sectrust-path-scoring.h in Headers */, - D43091561D84D80B004097DA /* si-25-cms-skid.h in Headers */, - D4653DEB1C9E2299002ED6D5 /* si-28-sectrustsettings.h in Headers */, - D4B2E7961DAEFBB500F79E03 /* cnnic_certs.h in Headers */, - D4B2E7941DAEFBB500F79E03 /* wosign_certs.h in Headers */, - D4B2E7951DAEFBB500F79E03 /* date_testing_certs.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - E702E75014E1F3EA00CDE635 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - E777C72715B882E5004044A8 /* SOSPeerInfo.h in Headers */, - CDE5F87C1AF025AC0074958E /* SOSRingDER.h in Headers */, - 4885010F1AF9857F00F10B61 /* SOSTypes.h in Headers */, - 484182611A30F2F200211511 /* SOSCirclePriv.h in Headers */, - CDE5F8B11AF026470074958E /* SOSTransportCircle.h in Headers */, - E703811514E1FEEF007CB458 /* SOSCloudCircle.h in Headers */, - 4CC929B615A3957800C6D578 /* SOSCircle.h in Headers */, - 4CC929B815A3957800C6D578 /* SOSPeer.h in Headers */, - CDE5F88C1AF025B30074958E /* SOSRingBasic.h in Headers */, - CDE5F88E1AF025B30074958E /* SOSRingConcordanceTrust.h in Headers */, - CD0F8AF218998685003E0C52 /* SOSKVSKeys.h in Headers */, - E777C71C15B73F59004044A8 /* SOSInternal.h in Headers */, - 4C8BDD9B17B4FB8F00C20EA5 /* SOSDataSource.h in Headers */, - CDE5F8BB1AF026470074958E /* SOSTransportMessageKVS.h in Headers */, - 484182641A30F8DE00211511 /* SOSPeerInfoPriv.h in Headers */, - CDE5F87E1AF025AC0074958E /* SOSRingPeerInfoUtils.h in Headers */, - CDE5F8841AF025AC0074958E /* SOSRingV0.h in Headers */, - CDE5F8A31AF025D60074958E /* SOSPeerInfoDER.h in Headers */, - CDE5F8A41AF025D60074958E /* SOSPeerInfoCollections.h in Headers */, - CDE5F8B51AF026470074958E /* SOSTransportKeyParameter.h in Headers */, - CDE5F8851AF025B30074958E /* SOSConcordanceTrust.h in Headers */, - 0CFDBAD91D6FC58D00826CDE /* SOSEnginePriv.h in Headers */, - CDE5F8AD1AF026470074958E /* SOSTransport.h in Headers */, - CDE5F8801AF025AC0074958E /* SOSRingTypes.h in Headers */, - 4C8BDD9D17B4FD2A00C20EA5 /* SOSManifest.h in Headers */, - CDE5F8901AF025B80074958E /* SOSCircleV2.h in Headers */, - 4802A59816D7156D0059E5B9 /* SOSUserKeygen.h in Headers */, - 4BD2F8021ADCDF790037CD5D /* SOSPlatform.h in Headers */, - CDE5F8B91AF026470074958E /* SOSTransportMessage.h in Headers */, - CDE5F8B71AF026470074958E /* SOSTransportKeyParameterKVS.h in Headers */, - CDE5F8B31AF026470074958E /* SOSTransportCircleKVS.h in Headers */, - CDE5F88A1AF025B30074958E /* SOSRingBackup.h in Headers */, - 481A95521D1A02AA000B98F5 /* SOSCloudKeychainLogging.h in Headers */, - 48A071D01AD6AEA900728AEF /* SOSPeerInfoSecurityProperties.h in Headers */, - CDE5F89D1AF025BE0074958E /* SOSAccountPriv.h in Headers */, - 489E6E4D1A71A87600D7EB8C /* SOSCircleDer.h in Headers */, - 4CBDB30F17B70306002FA799 /* SOSCoder.h in Headers */, - CD32776D18F8B06E006B5280 /* SOSPeerCoder.h in Headers */, - 48F7DF271A6DB32900046644 /* SOSViews.h in Headers */, - CDE5F8881AF025B30074958E /* SOSRing.h in Headers */, - CDE5F8AB1AF026180074958E /* SOSTransportMessageIDS.h in Headers */, - 48FABEDE1AD05C1D00C061D1 /* SOSAccountHSAJoin.h in Headers */, - CDE5F8A61AF025D60074958E /* SOSPeerInfoRingState.h in Headers */, - 4CBDB31017B70323002FA799 /* SOSPeerInfoInternal.h in Headers */, - E7217B2815F8131A00D26031 /* SOSCloudKeychainConstants.h in Headers */, - 521C68601614A6E100E31C3E /* SOSCloudKeychainClient.h in Headers */, - CDE5F8A11AF025BE0074958E /* SOSBackupSliceKeyBag.h in Headers */, - CDE5F8821AF025AC0074958E /* SOSRingUtils.h in Headers */, - CDE5F89B1AF025BE0074958E /* SOSAccount.h in Headers */, - 48122CCA1CFF88FF009BE3E3 /* SOSAccountLog.h in Headers */, - CDE5F8911AF025B80074958E /* SOSCircleRings.h in Headers */, - CDE5F8871AF025B30074958E /* SOSGenCount.h in Headers */, - 48FB17031A76F56C00B586C7 /* SOSPeerInfoV2.h in Headers */, - 5284629C1AE6FCF0004C1BA2 /* SOSBackupEvent.h in Headers */, - 4CBDB30E17B70206002FA799 /* SOSMessage.h in Headers */, - 48FD04F41CEFCFB900BEBBFF /* SOSAccountTransaction.h in Headers */, - E79277E4163B110A0096F3E2 /* SOSFullPeerInfo.h in Headers */, - E7B01B5B16532507000485F1 /* SOSCloudCircleInternal.h in Headers */, - CDE5F8A71AF025DC0074958E /* SOSARCDefines.h in Headers */, - 4C8BDDA217B4FE9400C20EA5 /* SOSDigestVector.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - E702E77214E1F48800CDE635 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 4C495EDE1982125E00BC1809 /* SOSTestDevice.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - E76079C31951FD2800F69731 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - 0C0BDB55175687EC00BC1A7E /* libsecdRegressions */ = { - isa = PBXNativeTarget; - buildConfigurationList = 0C0BDB5C175687EC00BC1A7E /* Build configuration list for PBXNativeTarget "libsecdRegressions" */; - buildPhases = ( - 0C0BDB56175687EC00BC1A7E /* Sources */, - 0C0BDB59175687EC00BC1A7E /* Frameworks */, - 0C0BDB5A175687EC00BC1A7E /* Headers */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecdRegressions; - productName = security; - productReference = 0C0BDB5F175687EC00BC1A7E /* libsecdRegressions.a */; - productType = "com.apple.product-type.library.static"; - }; - 18270F5414CF651900B05E7F /* libsecipc_client */ = { - isa = PBXNativeTarget; - buildConfigurationList = 18270F5614CF651900B05E7F /* Build configuration list for PBXNativeTarget "libsecipc_client" */; - buildPhases = ( - 18270F5114CF651900B05E7F /* Sources */, - 18270F5214CF651900B05E7F /* Frameworks */, - 18270F5314CF651900B05E7F /* Headers */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecipc_client; - productName = libsecipc_client; - productReference = 18270F5514CF651900B05E7F /* libsecipc_client.a */; - productType = "com.apple.product-type.library.static"; - }; - 186CDD0E14CA116C00AF9171 /* libSecItemShimOSX */ = { - isa = PBXNativeTarget; - buildConfigurationList = 186CDD1314CA116C00AF9171 /* Build configuration list for PBXNativeTarget "libSecItemShimOSX" */; - buildPhases = ( - 186CDD0B14CA116C00AF9171 /* Sources */, - 186CDD0C14CA116C00AF9171 /* Frameworks */, - 186CDD0D14CA116C00AF9171 /* Headers */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libSecItemShimOSX; - productName = sec; - productReference = 186CDD0F14CA116C00AF9171 /* libSecItemShimOSX.a */; - productType = "com.apple.product-type.library.static"; - }; - 18D4043414CE0CF300A2BE4E /* libsecurity */ = { - isa = PBXNativeTarget; - buildConfigurationList = 18D4043614CE0CF300A2BE4E /* Build configuration list for PBXNativeTarget "libsecurity" */; - buildPhases = ( - 18D4043114CE0CF300A2BE4E /* Sources */, - 18D4043214CE0CF300A2BE4E /* Frameworks */, - 18D4043314CE0CF300A2BE4E /* Headers */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurity; - productName = security; - productReference = 18D4043514CE0CF300A2BE4E /* libsecurity.a */; - productType = "com.apple.product-type.library.static"; - }; - 18D4056114CE53C200A2BE4E /* libsecurityd */ = { - isa = PBXNativeTarget; - buildConfigurationList = 18D4056314CE53C200A2BE4E /* Build configuration list for PBXNativeTarget "libsecurityd" */; - buildPhases = ( - 18D4055E14CE53C200A2BE4E /* Sources */, - 18D4055F14CE53C200A2BE4E /* Frameworks */, - 18D4056014CE53C200A2BE4E /* Headers */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecurityd; - productName = securityd; - productReference = 18D4056214CE53C200A2BE4E /* libsecurityd.a */; - productType = "com.apple.product-type.library.static"; - }; - 4A5CCA4E15ACEFA500702357 /* libSecOtrOSX */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4A5CCA5215ACEFA500702357 /* Build configuration list for PBXNativeTarget "libSecOtrOSX" */; - buildPhases = ( - 4A5CCA4B15ACEFA500702357 /* Sources */, - 4A5CCA4C15ACEFA500702357 /* Frameworks */, - 4A5CCA4D15ACEFA500702357 /* Headers */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libSecOtrOSX; - productName = libSecOtrOSX; - productReference = 4A5CCA4F15ACEFA500702357 /* libSecOtrOSX.a */; - productType = "com.apple.product-type.library.static"; - }; - 4A824AFB158FF07000F932C0 /* libSecurityRegressions */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4A824B00158FF07000F932C0 /* Build configuration list for PBXNativeTarget "libSecurityRegressions" */; - buildPhases = ( - 4A824AFC158FF07000F932C0 /* Sources */, - 4A824AFE158FF07000F932C0 /* Frameworks */, - 4A824AFF158FF07000F932C0 /* Headers */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libSecurityRegressions; - productName = security; - productReference = 4A824B03158FF07000F932C0 /* libSecurityRegressions.a */; - productType = "com.apple.product-type.library.static"; - }; - 4CC92AC215A3BC6B00C6D578 /* libsecuritydRegressions */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4CC92B1115A3BC6B00C6D578 /* Build configuration list for PBXNativeTarget "libsecuritydRegressions" */; - buildPhases = ( - 4CC92AC315A3BC6B00C6D578 /* Sources */, - 4CC92AFA15A3BC6B00C6D578 /* Frameworks */, - 4CC92AFB15A3BC6B00C6D578 /* Headers */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libsecuritydRegressions; - productName = security; - productReference = 4CC92B1415A3BC6B00C6D578 /* libsecuritydRegressions.a */; - productType = "com.apple.product-type.library.static"; - }; - BE8D227F1ABB7199009A4E18 /* libSecTrustOSX */ = { - isa = PBXNativeTarget; - buildConfigurationList = BE8D228B1ABB7199009A4E18 /* Build configuration list for PBXNativeTarget "libSecTrustOSX" */; - buildPhases = ( - BE8D22801ABB7199009A4E18 /* Sources */, - BE8D22881ABB7199009A4E18 /* Frameworks */, - BE8D22891ABB7199009A4E18 /* Headers */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libSecTrustOSX; - productName = sec; - productReference = BE8D228E1ABB7199009A4E18 /* libSecTrustOSX.a */; - productType = "com.apple.product-type.library.static"; - }; - BEF963FE18B4171200813FA3 /* libSWCAgent */ = { - isa = PBXNativeTarget; - buildConfigurationList = BEF9640318B4171200813FA3 /* Build configuration list for PBXNativeTarget "libSWCAgent" */; - buildPhases = ( - BEF963FF18B4171200813FA3 /* Sources */, - BEF9640118B4171200813FA3 /* Frameworks */, - BEF9640218B4171200813FA3 /* Headers */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libSWCAgent; - productName = libsecipc_client; - productReference = BEF9640618B4171200813FA3 /* libSWCAgent.a */; - productType = "com.apple.product-type.library.static"; - }; - D40771B71C9B4D200016AA66 /* libSharedRegressions */ = { - isa = PBXNativeTarget; - buildConfigurationList = D40771B91C9B4D200016AA66 /* Build configuration list for PBXNativeTarget "libSharedRegressions" */; - buildPhases = ( - D40771B41C9B4D200016AA66 /* Sources */, - D40771B51C9B4D200016AA66 /* Frameworks */, - D40771B61C9B4D200016AA66 /* Headers */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libSharedRegressions; - productName = libSharedRegressions; - productReference = D40771B81C9B4D200016AA66 /* libSharedRegressions.a */; - productType = "com.apple.product-type.library.static"; - }; - E702E73514E1F3EA00CDE635 /* libSecureObjectSync */ = { - isa = PBXNativeTarget; - buildConfigurationList = E702E75314E1F3EA00CDE635 /* Build configuration list for PBXNativeTarget "libSecureObjectSync" */; - buildPhases = ( - E702E73614E1F3EA00CDE635 /* Sources */, - E702E74F14E1F3EA00CDE635 /* Frameworks */, - E702E75014E1F3EA00CDE635 /* Headers */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libSecureObjectSync; - productName = security; - productReference = E702E75614E1F3EA00CDE635 /* libSecureObjectSync.a */; - productType = "com.apple.product-type.library.static"; - }; - E702E75714E1F48800CDE635 /* libSOSRegressions */ = { - isa = PBXNativeTarget; - buildConfigurationList = E702E77514E1F48800CDE635 /* Build configuration list for PBXNativeTarget "libSOSRegressions" */; - buildPhases = ( - E702E75814E1F48800CDE635 /* Sources */, - E702E77114E1F48800CDE635 /* Frameworks */, - E702E77214E1F48800CDE635 /* Headers */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libSOSRegressions; - productName = security; - productReference = E702E77814E1F48800CDE635 /* libSOSRegressions.a */; - productType = "com.apple.product-type.library.static"; - }; - E71049F1169E023B00DB0045 /* libSecurityTool */ = { - isa = PBXNativeTarget; - buildConfigurationList = E71049FD169E023B00DB0045 /* Build configuration list for PBXNativeTarget "libSecurityTool" */; - buildPhases = ( - E71049EE169E023B00DB0045 /* Sources */, - E71049EF169E023B00DB0045 /* Frameworks */, - E71049F0169E023B00DB0045 /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libSecurityTool; - productName = SecurityTool; - productReference = E71049F2169E023B00DB0045 /* libSecurityTool.a */; - productType = "com.apple.product-type.library.static"; - }; - E7104A12169E216E00DB0045 /* libSecurityCommands */ = { - isa = PBXNativeTarget; - buildConfigurationList = E7104A1A169E216E00DB0045 /* Build configuration list for PBXNativeTarget "libSecurityCommands" */; - buildPhases = ( - E7104A13169E216E00DB0045 /* Sources */, - E7104A17169E216E00DB0045 /* Frameworks */, - E7104A19169E216E00DB0045 /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libSecurityCommands; - productName = SecurityTool; - productReference = E7104A1D169E216E00DB0045 /* libSecurityCommands.a */; - productType = "com.apple.product-type.library.static"; - }; - E76079971951FD2800F69731 /* liblogging */ = { - isa = PBXNativeTarget; - buildConfigurationList = E76079CF1951FD2800F69731 /* Build configuration list for PBXNativeTarget "liblogging" */; - buildPhases = ( - E76079981951FD2800F69731 /* Sources */, - E76079C21951FD2800F69731 /* Frameworks */, - E76079C31951FD2800F69731 /* Headers */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = liblogging; - productName = security; - productReference = E76079D21951FD2800F69731 /* liblogging.a */; - productType = "com.apple.product-type.library.static"; - }; - E7FEFB82169E363300E18152 /* libSOSCommands */ = { - isa = PBXNativeTarget; - buildConfigurationList = E7FEFB89169E363300E18152 /* Build configuration list for PBXNativeTarget "libSOSCommands" */; - buildPhases = ( - E7FEFB83169E363300E18152 /* Sources */, - E7FEFB86169E363300E18152 /* Frameworks */, - E7FEFB88169E363300E18152 /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = libSOSCommands; - productName = SecurityTool; - productReference = E7FEFB8C169E363300E18152 /* libSOSCommands.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 186CDD0614CA116C00AF9171 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - TargetAttributes = { - D40771B71C9B4D200016AA66 = { - CreatedOnToolsVersion = 7.3; - }; - }; - }; - buildConfigurationList = 186CDD0914CA116C00AF9171 /* Build configuration list for PBXProject "sec" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 0; - knownRegions = ( - en, - ); - mainGroup = 186CDD0414CA116C00AF9171; - productRefGroup = 186CDD1014CA116C00AF9171 /* Products */; - projectDirPath = ""; - projectRoot = ""; - targets = ( - 18D4043414CE0CF300A2BE4E /* libsecurity */, - 18D4056114CE53C200A2BE4E /* libsecurityd */, - 186CDD0E14CA116C00AF9171 /* libSecItemShimOSX */, - BE8D227F1ABB7199009A4E18 /* libSecTrustOSX */, - 18270F5414CF651900B05E7F /* libsecipc_client */, - E702E73514E1F3EA00CDE635 /* libSecureObjectSync */, - 4A5CCA4E15ACEFA500702357 /* libSecOtrOSX */, - E71049F1169E023B00DB0045 /* libSecurityTool */, - E7104A12169E216E00DB0045 /* libSecurityCommands */, - E7FEFB82169E363300E18152 /* libSOSCommands */, - BEF963FE18B4171200813FA3 /* libSWCAgent */, - E76079971951FD2800F69731 /* liblogging */, - E702E75714E1F48800CDE635 /* libSOSRegressions */, - 4A824AFB158FF07000F932C0 /* libSecurityRegressions */, - 4CC92AC215A3BC6B00C6D578 /* libsecuritydRegressions */, - 0C0BDB55175687EC00BC1A7E /* libsecdRegressions */, - D40771B71C9B4D200016AA66 /* libSharedRegressions */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXSourcesBuildPhase section */ - 0C0BDB56175687EC00BC1A7E /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4826374D1CC18A410082C9C8 /* secd-57-1-account-last-standing.c in Sources */, - CD655E951AF02DDC00BD1B6E /* secd-62-account-backup.c in Sources */, - 523CBBF61B321C6A002C0884 /* secd-50-message.c in Sources */, - E7F0D3EA177BBE35001ACBC1 /* secd-55-account-incompatibility.c in Sources */, - 0C0BDB63175688DA00BC1A7E /* secd-01-items.c in Sources */, - 4882C517177521AE0095D04B /* secd-58-password-change.c in Sources */, - 48B5888C1D00ED9000E0C5A7 /* secd-200-logstate.c in Sources */, - EB3409AF1C1D5BBE00D77661 /* secd-20-keychain_upgrade.m in Sources */, - E7A10FAE1771249C00C4602F /* secd-57-account-leave.c in Sources */, - 48FABEE31AD06B6B00C061D1 /* secd-62-account-hsa-join.c in Sources */, - CD9B54131CC6EED100CC487A /* secd-100-initialsync.c in Sources */, - 4469FC2C1AA0A6C90021AA26 /* secd-32-restore-bad-backup.c in Sources */, - 523CBBF91B3227B5002C0884 /* secd-49-manifests.c in Sources */, - E7F18555177A44E000177B23 /* secd-60-account-cloud-identity.c in Sources */, - 5EF2596F1CB5214B009B4C58 /* secd-83-item-match-policy.m in Sources */, - 5E0CE1651CB6347300E75776 /* secd-83-item-match-valid-on-date.m in Sources */, - 4CC62F221B4EF136009FEF0E /* secd-75-engine-views.c in Sources */, - F9EF72F21AC0F98400A4D24A /* secd-70-engine-smash.c in Sources */, - 0C27C3E81D6F8BB1008CB02F /* secd-201-coders.c in Sources */, - 5384299418E492A300E91AFE /* secd-70-otr-remote.c in Sources */, - E7F18557177A502900177B23 /* secd-56-account-apply.c in Sources */, - EB69AB071BF4332700913AF1 /* si-90-emcs.m in Sources */, - E7850ED01BB30E80002A54CA /* secd-63-account-resurrection.c in Sources */, - 0C664AE8175951270092D3D9 /* secd-02-upgrade-while-locked.c in Sources */, - 48FB17061A771E5700B586C7 /* secd-80-views-basic.c in Sources */, - 0CBF93F8177B7CFC001E5658 /* secd-03-corrupted-items.c in Sources */, - E75AB91B1AE9964800C5EF3F /* secd-40-cc-gestalt.c in Sources */, - 0CBF93FC177BA9D9001E5658 /* secd-05-corrupted-items.m in Sources */, - EB36F0421D9041FC0094C601 /* secd-35-keychain-migrate-inet.c in Sources */, - 5E0CE1671CB6348D00E75776 /* secd-83-item-match-trusted.m in Sources */, - 527258D11981C00F003CFCEC /* secd-70-engine.c in Sources */, - E7850ED11BB30E87002A54CA /* secd-65-account-retirement-reset.c in Sources */, - 4C495EDF1982145200BC1809 /* SOSTestDevice.c in Sources */, - E78A9AB21D34263100006B5B /* secd-130-other-peer-views.c in Sources */, - EB36F0431D9041FC0094C601 /* secd-36-ks-encrypt.m in Sources */, - 0CBF93F9177B7CFC001E5658 /* secd-04-corrupted-items.c in Sources */, - 4898223A17BDB277003BEF32 /* secd-52-account-changed.c in Sources */, - 0C062B1F175E784B00806CFE /* secd-30-keychain-upgrade.c in Sources */, - 0C062B20175E784B00806CFE /* secd-31-keychain-bad.c in Sources */, - 0C062B21175E784B00806CFE /* secd-31-keychain-unreadable.c in Sources */, - 48C34E921C45EF3000B7F29B /* secd60-account-cloud-exposure.c in Sources */, - E79D62BB176798FD005A9743 /* secd-50-account.c in Sources */, - 48E928C5179DD05500A7F755 /* secd-51-account-inflate.c in Sources */, - F9E0BD991AEF196E00554D49 /* secd-82-persistent-ref.c in Sources */, - 4CCD1B021B1E404500F6DF8D /* secd-74-engine-beer-servers.c in Sources */, - 5E19C6481AA5F361005964F8 /* secd-81-item-acl-stress.c in Sources */, - 48A0FEDE1B6046E2001D6180 /* secd-64-circlereset.c in Sources */, - 5EA016381AD41AC70061BCD7 /* secd-81-item-acl.c in Sources */, - 4C495EE21982171500BC1809 /* secd-70-engine-corrupt.c in Sources */, - CDAD4E9D18EC9B67007D4BC2 /* SOSTransportTestTransports.c in Sources */, - 48A9E62F1C837B4100160B5F /* secd-90-hsa2.c in Sources */, - 529F46F31AEC7A2E0002392C /* secd-34-backup-der-parse.c in Sources */, - 486C6C691795F9D600387075 /* secd-61-account-leave-not-in-kansas-anymore.c in Sources */, - E79D62BD176799EE005A9743 /* SOSTestDataSource.c in Sources */, - EBF2D7661C1E482B006AB6FF /* secd-21-transmogrify.m in Sources */, - 4469FC2D1AA0A6D00021AA26 /* secd-33-keychain-ctk.m in Sources */, - E79D62BC176799DB005A9743 /* SOSRegressionUtilities.c in Sources */, - E7A10FAC1771246A00C4602F /* secd-55-account-circle.c in Sources */, - E79D62C01767A5BC005A9743 /* SecdTestKeychainUtilities.c in Sources */, - 485B5E621AE068D800A3C183 /* secd-82-secproperties-basic.c in Sources */, - 48F32D7E1777AFA3001B84BA /* secd-59-account-cleanup.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 18270F5114CF651900B05E7F /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 18270F5914CF654400B05E7F /* client.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 186CDD0B14CA116C00AF9171 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 52FD82A01AEAC8C100634FD3 /* SecItemBackup.c in Sources */, - 093F67A51CC1171B0033151D /* SecKeyAdaptors.c in Sources */, - D47F511E1C3B660500A7CEFE /* SecCFAllocator.c in Sources */, - 18AD566714CB70A8008233F2 /* SecItem.c in Sources */, - 442B69221BC3B1B9000F3A72 /* SecRSAKey.c in Sources */, - BEFE994E14F2E17200356A97 /* SecDH.c in Sources */, - 442B69251BC3DBA9000F3A72 /* SecCTKKey.c in Sources */, - 4C8D8627177A71E80019A804 /* SOSCloudCircle.c in Sources */, - 446BB5E518F83172005D1B83 /* SecAccessControl.c in Sources */, - 442B69201BC3B149000F3A72 /* SecKey.c in Sources */, - 4C3CE9E7176005A700B521C2 /* SecuritydXPC.c in Sources */, - 442B69211BC3B196000F3A72 /* SecECKey.c in Sources */, - 52BF439C1AFC50EC00821B5D /* SecItemConstants.c in Sources */, - 4C8D8628177A71FB0019A804 /* SecPasswordGenerate.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 18D4043114CE0CF300A2BE4E /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 18D4043914CE1FE400A2BE4E /* p12import.c in Sources */, - 0C3276C31CB329AB005D6DDC /* secd_77_ids_messaging.c in Sources */, - 18D4043A14CE1FE400A2BE4E /* p12pbegen.c in Sources */, - 18D4043B14CE1FE400A2BE4E /* pbkdf2.c in Sources */, - D47F511D1C3B660500A7CEFE /* SecCFAllocator.c in Sources */, - C6766768189884D200E9A12C /* SecAccessControl.c in Sources */, - 18D4043C14CE1FE400A2BE4E /* SecBase64.c in Sources */, - CDF9BBE11B03E24D00D1AF0F /* secd-52-offering-gencount-reset.c in Sources */, - 18D4043D14CE1FE400A2BE4E /* SecCertificate.c in Sources */, - 18D4043E14CE1FE400A2BE4E /* SecCertificatePath.c in Sources */, - 18D4043F14CE1FE400A2BE4E /* SecCertificateRequest.c in Sources */, - 0C60F39C1CAF0E8E00221D24 /* secd-76-idstransport.c in Sources */, - 18D4044014CE1FE400A2BE4E /* SecCMS.c in Sources */, - 4899F2E91C768BBE00762615 /* secToolFileIO.c in Sources */, - 18D4044114CE1FE400A2BE4E /* SecDH.c in Sources */, - 5221C4981CBEDB7C006047E7 /* secd-71-engine-save.c in Sources */, - 449265291AB0D6FF00644D4C /* SecCTKKey.c in Sources */, - CD8F442D1B83C435004C0047 /* secd-95-escrow-persistence.c in Sources */, - 18D4044214CE1FE400A2BE4E /* SecECKey.c in Sources */, - CD35B82A1C2650FE00E0852A /* secd-154-engine-backoff.c in Sources */, - 093F67A41CC1171B0033151D /* SecKeyAdaptors.c in Sources */, - D48C567D1C73E5C300E41928 /* SecPolicyLeafCallbacks.c in Sources */, - 18D4044314CE1FE400A2BE4E /* SecFramework.c in Sources */, - 18D4044414CE1FE400A2BE4E /* SecIdentity.c in Sources */, - 18D4044514CE1FE400A2BE4E /* SecImportExport.c in Sources */, - EB69AB041BF3C42F00913AF1 /* SecEMCS.m in Sources */, - 18D4044614CE1FE400A2BE4E /* SecItem.c in Sources */, - 18D4044714CE1FE400A2BE4E /* SecItemConstants.c in Sources */, - 18D4044814CE1FE400A2BE4E /* SecKey.c in Sources */, - 18D4044914CE1FE400A2BE4E /* SecPBKDF.c in Sources */, - 18D4044A14CE1FE400A2BE4E /* SecPolicy.c in Sources */, - 4CC07E26171E252300DCB6CE /* SOSCloudCircle.c in Sources */, - 18D4044B14CE1FE400A2BE4E /* SecRSAKey.c in Sources */, - 18D4044C14CE1FE400A2BE4E /* SecSCEP.c in Sources */, - 18D4044D14CE1FE400A2BE4E /* SecTrust.c in Sources */, - 18D4044E14CE1FE400A2BE4E /* SecTrustSettings.c in Sources */, - BE642BB2188F32C200C899A2 /* SecSharedCredential.c in Sources */, - 52FD829A1AEA9CEF00634FD3 /* SecItemBackup.c in Sources */, - 32FBBBE71B556F8900AEF9ED /* verify_cert.c in Sources */, - CDC765C21729A72800721712 /* SecPasswordGenerate.c in Sources */, - 18D4044F14CE1FE400A2BE4E /* SecTrustStore.c in Sources */, - 18D4045014CE1FE400A2BE4E /* vmdh.c in Sources */, - 4A971696158FDEB800D439B7 /* SecOTRDHKey.c in Sources */, - E795C9541913F88D00FA068C /* SecServerEncryptionSupport.c in Sources */, - BE4AC7DE1C938698002A28FE /* SecSignatureVerificationSupport.c in Sources */, - 4838F6BF1CB5AA7E009E8598 /* secViewDisplay.c in Sources */, - 4A971699158FDEB800D439B7 /* SecOTRFullIdentity.c in Sources */, - EB6432BD1C510A6E00B671F2 /* SecDigest.c in Sources */, - 4A97169B158FDEB800D439B7 /* SecOTRMath.c in Sources */, - 4A97169E158FDEB800D439B7 /* SecOTRPacketData.c in Sources */, - 4A9716A0158FDEB800D439B7 /* SecOTRPackets.c in Sources */, - 4A9716A2158FDEB800D439B7 /* SecOTRPublicIdentity.c in Sources */, - 4A9716A3158FDEB800D439B7 /* SecOTRSession.c in Sources */, - 4A9716A5158FDEB800D439B7 /* SecOTRSessionAKE.c in Sources */, - 4A9716A7158FDEB800D439B7 /* SecOTRUtils.c in Sources */, - CD3FD10716C3064B00A83BB6 /* SecuritydXPC.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 18D4055E14CE53C200A2BE4E /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - E795C9481911A41300FA068C /* SecLogSettingsServer.c in Sources */, - 4C055FF717B60F1E001A879A /* SecItemSchema.c in Sources */, - E738B72F1D11D9760099E5C5 /* SOSChangeTracker.c in Sources */, - 4C055FF617B60F1E001A879A /* SecItemDb.c in Sources */, - 7249E1CB16C01E5F003D7268 /* OTATrustUtilities.c in Sources */, - 5356520318E3C71000C383C0 /* SecOTRRemote.c in Sources */, - 18D4056614CE53DD00A2BE4E /* asynchttp.c in Sources */, - 18D4056814CE53DD00A2BE4E /* policytree.c in Sources */, - 18D4056914CE53DD00A2BE4E /* SecCAIssuerCache.c in Sources */, - 18D4056A14CE53DD00A2BE4E /* SecCAIssuerRequest.c in Sources */, - 18D4056B14CE53DD00A2BE4E /* SecItemServer.c in Sources */, - 4C3CE9E8176005B500B521C2 /* SecuritydXPC.c in Sources */, - 18D4056C14CE53DD00A2BE4E /* SecOCSPCache.c in Sources */, - 72B5923D17C6939A00AE738B /* iCloudTrace.c in Sources */, - 4C055FF317B60F1E001A879A /* SecDbKeychainItem.c in Sources */, - 18D4056D14CE53DD00A2BE4E /* SecOCSPRequest.c in Sources */, - 18D4056E14CE53DD00A2BE4E /* SecOCSPResponse.c in Sources */, - 18D4056F14CE53DD00A2BE4E /* SecPolicyServer.c in Sources */, - E738B7301D11D9840099E5C5 /* SOSEngine.c in Sources */, - 4C055FF817B60F1E001A879A /* SecKeybagSupport.c in Sources */, - 4C055FF517B60F1E001A879A /* SecItemDataSource.c in Sources */, - 4C055FF417B60F1E001A879A /* SecDbQuery.c in Sources */, - 52FD829E1AEAC6D600634FD3 /* SecItemBackupServer.c in Sources */, - 18D4057014CE53DD00A2BE4E /* SecTrustServer.c in Sources */, - D4273AA61B5D54E70007D67B /* nameconstraints.c in Sources */, - 18D4057114CE53DD00A2BE4E /* SecTrustStoreServer.c in Sources */, - 18D4057214CE547400A2BE4E /* spi.c in Sources */, - E7B01B691655DF20000485F1 /* SOSCloudCircleServer.c in Sources */, - BE5EC1F018C80108005E7682 /* swcagent_client.c in Sources */, - 525394AE1660A30000BA9687 /* SecDbItem.c in Sources */, - D474EF341C8A1CBC00AA4D86 /* personalization.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4A5CCA4B15ACEFA500702357 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4A5CCA5415ACEFD400702357 /* SecOTRDHKey.c in Sources */, - 4A5CCA5515ACEFD400702357 /* SecOTRFullIdentity.c in Sources */, - 4A5CCA5615ACEFD400702357 /* SecOTRMath.c in Sources */, - 4A5CCA5715ACEFD400702357 /* SecOTRPacketData.c in Sources */, - 4A5CCA5815ACEFD400702357 /* SecOTRPackets.c in Sources */, - 4A5CCA5915ACEFD400702357 /* SecOTRPublicIdentity.c in Sources */, - 4A5CCA5A15ACEFD400702357 /* SecOTRSession.c in Sources */, - 4A5CCA5B15ACEFD400702357 /* SecOTRSessionAKE.c in Sources */, - 4A5CCA5C15ACEFD400702357 /* SecOTRUtils.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4A824AFC158FF07000F932C0 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - D4CBC1481BE9A89E00C5795E /* si-89-cms-hash-agility.c in Sources */, - 4CC92A5F15A3ABD400C6D578 /* pbkdf2-00-hmac-sha1.c in Sources */, - 4CC92A6015A3ABD400C6D578 /* spbkdf-00-hmac-sha1.c in Sources */, - 4CC92A6115A3ABD400C6D578 /* otr-00-identity.c in Sources */, - 4CC92A6215A3ABD400C6D578 /* otr-30-negotiation.c in Sources */, - 4CC92A6315A3ABD400C6D578 /* otr-otrdh.c in Sources */, - EBD344801D234E37008B6DEA /* si-15-delete-access-group.m in Sources */, - 4CC92A6415A3ABD400C6D578 /* otr-packetdata.c in Sources */, - 4CC92A6515A3ABD400C6D578 /* si-00-find-nothing.c in Sources */, - 4CC92A6615A3ABD400C6D578 /* si-05-add.c in Sources */, - 4CC92A6715A3ABD400C6D578 /* si-10-find-internet.c in Sources */, - 3A70988218CDF648009FD2CC /* si_77_SecAccessControl.c in Sources */, - CD8E09011A2E918900A2503A /* otr-40-edgecases.c in Sources */, - 4CC92A6815A3ABD400C6D578 /* si-11-update-data.c in Sources */, - 4CC92A6915A3ABD400C6D578 /* si-14-dateparse.c in Sources */, - D4A919771CA9A3DD003D2ADA /* si-95-cms-basic.c in Sources */, - 4406660F19069C67000DA171 /* si-80-empty-data.c in Sources */, - BE061FCF1899E5BD00C739F6 /* si-76-shared-credentials.c in Sources */, - BE62D7601747FF3E001EAA9D /* si-72-syncableitems.c in Sources */, - EB9C1D0A1BDDBDE000F89272 /* si-13-item-system.m in Sources */, - CDB6A8B81A409BC600646CD6 /* otr-60-slowroll.c in Sources */, - EB69AB061BF425FD00913AF1 /* si-90-emcs.m in Sources */, - 4477A8D918F28AB700B5BB9F /* si-78-query-attrs.c in Sources */, - 440BF8F81A7A82AE001760A7 /* si-82-token-ag.c in Sources */, - 4CC92A7E15A3ABD400C6D578 /* si-30-keychain-upgrade.c in Sources */, - 4C2C8C3D17AB374700C24C13 /* si-12-item-stress.c in Sources */, - 4CC92A7F15A3ABD400C6D578 /* si-31-keychain-bad.c in Sources */, - 4CC92A8015A3ABD400C6D578 /* si-31-keychain-unreadable.c in Sources */, - 4CC92A8215A3ABD400C6D578 /* si-33-keychain-backup.c in Sources */, - 4CC92A8315A3ABD400C6D578 /* si-40-seckey-custom.c in Sources */, - E7CA197A17179EC20065299C /* si-69-keydesc.c in Sources */, - 4CC92A8415A3ABD400C6D578 /* si-40-seckey.c in Sources */, - 4CC92A8515A3ABD400C6D578 /* si-41-sececkey.c in Sources */, - E7EBD75819145DF000D0F062 /* so_01_serverencryption.c in Sources */, - 4CC92A8615A3ABD400C6D578 /* si-42-identity.c in Sources */, - 4CC92A8715A3ABD400C6D578 /* si-43-persistent.c in Sources */, - 4CC92A8815A3ABD400C6D578 /* si-50-secrandom.c in Sources */, - 4CC92A8915A3ABD400C6D578 /* si-60-cms.c in Sources */, - CDB6A8B61A409BBF00646CD6 /* otr-50-roll.c in Sources */, - CDD565A2173193AC00B6B074 /* si-73-secpasswordgenerate.c in Sources */, - 4CC92A8A15A3ABD400C6D578 /* si-61-pkcs12.c in Sources */, - 4CC92A8B15A3ABD400C6D578 /* si-62-csr.c in Sources */, - 4CC92A8E15A3ABD400C6D578 /* si-63-scep.c in Sources */, - 4CC92A9615A3ABD400C6D578 /* si-64-ossl-cms.c in Sources */, - 4CC92A9715A3ABD400C6D578 /* si-65-cms-cert-policy.c in Sources */, - 4CC92A9915A3ABD400C6D578 /* si-66-smime.c in Sources */, - 4CC92AA515A3ABD400C6D578 /* vmdh-40.c in Sources */, - 4CC92AA615A3ABD400C6D578 /* vmdh-41-example.c in Sources */, - 4CC92AA715A3ABD400C6D578 /* vmdh-42-example2.c in Sources */, - E77DE60B1C2882EC005259C2 /* si-17-item-system-bluetooth.m in Sources */, - E748744515A61AF800624935 /* si-68-secmatchissuer.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 4CC92AC315A3BC6B00C6D578 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4CC92AF915A3BC6B00C6D578 /* sd-10-policytree.c in Sources */, - CD95312B19228D8D005A76B2 /* SOSTransportTestTransports.c in Sources */, - E78A9AB31D34630300006B5B /* secd-95-escrow-persistence.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - BE8D22801ABB7199009A4E18 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - BE8D228F1ABB7253009A4E18 /* SecCertificate.c in Sources */, - EB6432BE1C510A6E00B671F2 /* SecDigest.c in Sources */, - D45FC3E71C9E084B00509CDA /* SecBase64.c in Sources */, - BE8D22C21ABBA4D0009A4E18 /* SecCertificatePath.c in Sources */, - 093F67A61CC1171B0033151D /* SecKeyAdaptors.c in Sources */, - BE8D22901ABB725C009A4E18 /* SecPolicy.c in Sources */, - D4704F341C76AEB600E15025 /* SecPolicyLeafCallbacks.c in Sources */, - BE8D22911ABB7264009A4E18 /* SecTrust.c in Sources */, - BE8D22921ABB726A009A4E18 /* SecTrustSettings.c in Sources */, - BE8D22931ABB7272009A4E18 /* SecTrustStore.c in Sources */, - BE53FA301B0AC5C300719A63 /* SecKey.c in Sources */, - BE53FA311B0AC65500719A63 /* SecECKey.c in Sources */, - BE53FA321B0AC65B00719A63 /* SecRSAKey.c in Sources */, - D4D9BA2F1C7E611C008785EB /* SecServerEncryptionSupport.c in Sources */, - BE4AC7E01C9386B9002A28FE /* SecSignatureVerificationSupport.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - BEF963FF18B4171200813FA3 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - BE4AC9B618B8038400B84964 /* SecuritydXPC.c in Sources */, - BEF9640D18B418A400813FA3 /* swcagent_client.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - D40771B41C9B4D200016AA66 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 09AE116F1CEDA1E4004C617D /* si-44-seckey-ies.m in Sources */, - 09EC947F1CEDEA70003E5101 /* si-44-seckey-rsa.m in Sources */, - D4D887531CED0A9100DC7583 /* si-24-sectrust-digicert-malaysia.c in Sources */, - D43091551D84D7FE004097DA /* si-25-cms-skid.m in Sources */, - D4D886C21CEB9FC600DC7583 /* si-85-sectrust-ssl-policy.c in Sources */, - D4D887541CED0A9700DC7583 /* si-24-sectrust-diginotar.c in Sources */, - D4D887571CED0B9400DC7583 /* si-27-sectrust-exceptions.c in Sources */, - 0982E02C1D19695B0060002E /* si-44-seckey-ec.m in Sources */, - D44C81E81CD1944C00BE9A0D /* si-97-sectrust-path-scoring.m in Sources */, - BE5C5BD11D8C90F500A97339 /* si-84-sectrust-allowlist.m in Sources */, - D4D886F01CEC008600DC7583 /* si-23-sectrust-ocsp.c in Sources */, - D4D8875E1CED490700DC7583 /* si-74-OTAPKISigner.c in Sources */, - D4D886C11CEB9FAC00DC7583 /* si-87-sectrust-name-constraints.c in Sources */, - D4EC94FF1CEA4A870083E753 /* si-20-sectrust-policies.m in Sources */, - D4D887551CED0B7D00DC7583 /* si-24-sectrust-passbook.c in Sources */, - D4D887561CED0B8600DC7583 /* si-26-sectrust-copyproperties.c in Sources */, - D4D886EC1CEBF9C700DC7583 /* si-16-ec-certificate.c in Sources */, - D4D886EB1CEBF9C300DC7583 /* si-15-certificate.c in Sources */, - D4D886F41CED027800DC7583 /* si-24-sectrust-itms.c in Sources */, - D4D886EE1CEC007000DC7583 /* si-21-sectrust-asr.c in Sources */, - D4D887591CED40A500DC7583 /* si-70-sectrust-unified.c in Sources */, - D4D886ED1CEC006100DC7583 /* si-20-sectrust.c in Sources */, - D4D8875F1CED491A00DC7583 /* si-83-seccertificate-sighashalg.c in Sources */, - D4D886F51CED027D00DC7583 /* si-24-sectrust-nist.c in Sources */, - D4D8875A1CED40AA00DC7583 /* si-67-sectrust-blacklist.c in Sources */, - D43CDF731C9C77540020217E /* si-28-sectrustsettings.m in Sources */, - D4D887581CED40A000DC7583 /* si-71-mobile-store-policy.c in Sources */, - D40771BE1C9B50590016AA66 /* si-82-seccertificate-ct.c in Sources */, - D4D886EF1CEC007900DC7583 /* si-22-sectrust-iap.c in Sources */, - D40771BF1C9B50590016AA66 /* si-82-sectrust-ct.m in Sources */, - 09D1FC1F1CDCBABF00A82D0D /* si-44-seckey-gen.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - E702E73614E1F3EA00CDE635 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - CDE5F87F1AF025AC0074958E /* SOSRingTypes.c in Sources */, - CDE5F8A51AF025D60074958E /* SOSPeerInfoRingState.c in Sources */, - 4838F6C11CB5B061009E8598 /* secToolFileIO.c in Sources */, - 48A071CF1AD6AEA900728AEF /* SOSPeerInfoSecurityProperties.c in Sources */, - CDE5F8B01AF026470074958E /* SOSTransportCircle.c in Sources */, - CDE5F8861AF025B30074958E /* SOSGenCount.c in Sources */, - 489E6E4C1A71A87600D7EB8C /* SOSCircleDer.c in Sources */, - 4CC929B515A3957800C6D578 /* SOSCircle.c in Sources */, - 4CC929B715A3957800C6D578 /* SOSPeer.c in Sources */, - CDE5F88B1AF025B30074958E /* SOSRingBasic.c in Sources */, - CDE5F8891AF025B30074958E /* SOSRingBackup.c in Sources */, - CDE5F8A21AF025D60074958E /* SOSPeerInfoDER.c in Sources */, - CDE5F8AC1AF026470074958E /* SOSTransport.c in Sources */, - E738B7251D11D88C0099E5C5 /* SOSAccountLog.c in Sources */, - E738B7211D11D88C0099E5C5 /* SOSAccountDer.c in Sources */, - 48E9CDFC1C597FED00574D6B /* SOSSysdiagnose.c in Sources */, - CDE5F88F1AF025B80074958E /* SOSCircleV2.c in Sources */, - CD773AC61ADDFDDB00C808BA /* SOSTransportBackupPeer.c in Sources */, - E738B71B1D11D88C0099E5C5 /* SOSAccountTransaction.c in Sources */, - E738B7321D11DAB70099E5C5 /* SOSAccountViewSync.c in Sources */, - CDE5F8A81AF025DC0074958E /* SOSECWrapUnwrap.c in Sources */, - 48FB17021A76F56C00B586C7 /* SOSPeerInfoV2.c in Sources */, - E777C71E15B73F9E004044A8 /* SOSInternal.c in Sources */, - CDE5F8BA1AF026470074958E /* SOSTransportMessageKVS.c in Sources */, - E777C72615B87545004044A8 /* SOSPeerInfo.c in Sources */, - E738B7201D11D88C0099E5C5 /* SOSAccountCredentials.c in Sources */, - CDE5F8B61AF026470074958E /* SOSTransportKeyParameterKVS.c in Sources */, - E738B72B1D11D88C0099E5C5 /* SOSBackupSliceKeyBag.c in Sources */, - E738B7241D11D88C0099E5C5 /* SOSAccountPersistence.c in Sources */, - E738B71D1D11D88C0099E5C5 /* SOSAccountCircles.c in Sources */, - E738B7221D11D88C0099E5C5 /* SOSAccountFullPeerInfo.c in Sources */, - E7217B2715F8131A00D26031 /* SOSCloudKeychainConstants.c in Sources */, - 4C65154B17B5A08900691B6A /* SOSDigestVector.c in Sources */, - E738B7231D11D88C0099E5C5 /* SOSAccountPeers.c in Sources */, - E7A634E317FA471500920B67 /* SOSPeerInfoCollections.c in Sources */, - 48F7DF261A6DB32900046644 /* SOSViews.c in Sources */, - 481A95511D1A02AA000B98F5 /* SOSCloudKeychainLogging.c in Sources */, - E738B72A1D11D88C0099E5C5 /* SOSBackupEvent.c in Sources */, - E79277E3163B110A0096F3E2 /* SOSFullPeerInfo.c in Sources */, - CDE5F87B1AF025A40074958E /* SOSRingDER.c in Sources */, - E738B71C1D11D88C0099E5C5 /* SOSAccountBackup.c in Sources */, - CDE5F8831AF025AC0074958E /* SOSRingV0.c in Sources */, - CDE5F87D1AF025AC0074958E /* SOSRingPeerInfoUtils.c in Sources */, - CDE5F8AA1AF026130074958E /* SOSTransportMessageIDS.c in Sources */, - E738B7281D11D88C0099E5C5 /* SOSAccountRingUpdate.c in Sources */, - E738B7261D11D88C0099E5C5 /* SOSAccountUpdate.c in Sources */, - E738B71E1D11D88C0099E5C5 /* SOSAccountHSAJoin.c in Sources */, - E738B71A1D11D88C0099E5C5 /* SOSAccount.c in Sources */, - 52EAF4BE163C52EB00803D0F /* SOSCloudKeychainClient.c in Sources */, - CDE5F8B21AF026470074958E /* SOSTransportCircleKVS.c in Sources */, - 4C8BDD9F17B4FDE100C20EA5 /* SOSManifest.c in Sources */, - CDE5F8B81AF026470074958E /* SOSTransportMessage.c in Sources */, - CDE5F88D1AF025B30074958E /* SOSRingConcordanceTrust.c in Sources */, - 488902EC16C2F88400F119FF /* SOSCoder.c in Sources */, - 4CBDB30D17B70206002FA799 /* SOSMessage.c in Sources */, - CD32776B18F8AEFD006B5280 /* SOSPeerCoder.c in Sources */, - CDE5F8B41AF026470074958E /* SOSTransportKeyParameter.c in Sources */, - E738B71F1D11D88C0099E5C5 /* SOSAccountCloudParameters.c in Sources */, - CDE5F8811AF025AC0074958E /* SOSRingUtils.c in Sources */, - 48764AF217FA3ACF0005C4F1 /* SOSKVSKeys.c in Sources */, - E738B72C1D11D88C0099E5C5 /* SOSUserKeygen.c in Sources */, - 4838F6C01CB5B055009E8598 /* secViewDisplay.c in Sources */, - E738B7271D11D88C0099E5C5 /* SOSAccountRings.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - E702E75814E1F48800CDE635 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4C6ED19615CB0E72004379B7 /* sc-30-peerinfo.c in Sources */, - E777C6B115B4DDF2004044A8 /* sc-40-circle.c in Sources */, - 4C64F59717C6B3B1009C5AC2 /* sc-45-digestvector.c in Sources */, - 521C0CD615FF9B3300604B61 /* SOSRegressionUtilities.c in Sources */, - 48CE733E1731C49A004C2946 /* sc-130-resignationticket.c in Sources */, - CD16F89A1AE84842004AE09C /* sc-150-ring.c in Sources */, - 4878267B19C0F518002CB56F /* sc-42-circlegencount.c in Sources */, - 4CB8A83816164B7700B52EC7 /* SOSTestDataSource.c in Sources */, - E763D6231624E2670038477D /* sc-20-keynames.c in Sources */, - CD655E961AF02F1800BD1B6E /* sc-150-backupkeyderivation.c in Sources */, - E71BAE7F1ACE1AB900DF0C29 /* sc-153-backupslicekeybag.c in Sources */, - 4BD2F8001ADCDEAF0037CD5D /* sc-140-hsa2.c in Sources */, - 48B0B36F1B27B01F003E1EDB /* sc-25-soskeygen.c in Sources */, - 4C495EDD1982125E00BC1809 /* SOSTestDevice.c in Sources */, - EBDAECBC184D32BD005A18F1 /* sc-31-peerinfo-simplefuzz.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - E71049EE169E023B00DB0045 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 0CE7ABDF171383E30088968F /* keychain_backup.c in Sources */, - E7104A01169E036E00DB0045 /* SecurityTool.c in Sources */, - EBC1B8B91BE96B3A00E6ACA6 /* whoami.m in Sources */, - EBC1B8B81BE96B3A00E6ACA6 /* digest_calc.c in Sources */, - E790C110169E53DF00E0C0C9 /* leaks.c in Sources */, - EBE32B591BEEC8C900719AA8 /* syncbubble.m in Sources */, - 4CD1897D169F835400BC96B8 /* print_cert.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - E7104A13169E216E00DB0045 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 32FBBBE81B55B30E00AEF9ED /* verify_cert.c in Sources */, - F697632318F6CFD60090438B /* keychain_util.c in Sources */, - E790C141169E5C6200E0C0C9 /* add_internet_password.c in Sources */, - E790C142169E5C6200E0C0C9 /* codesign.c in Sources */, - E790C143169E5C6200E0C0C9 /* keychain_add.c in Sources */, - E790C144169E5C6200E0C0C9 /* keychain_find.c in Sources */, - E795C94019100F6100FA068C /* log_control.c in Sources */, - E790C145169E5C6200E0C0C9 /* pkcs12_util.c in Sources */, - E790C147169E5C6200E0C0C9 /* scep.c in Sources */, - E790C148169E5C6200E0C0C9 /* show_certificates.c in Sources */, - E790C149169E5C6200E0C0C9 /* spc.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - E76079981951FD2800F69731 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - E76079C11951FD2800F69731 /* SecLogging.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - E7FEFB83169E363300E18152 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 485FE6BE1CDBED9500C916C5 /* syncbackup.c in Sources */, - 48279BC51C57FEA20043457C /* keychain_log.c in Sources */, - 4838F6BE1CB5AA7C009E8598 /* secViewDisplay.c in Sources */, - 4899F2EC1C7690DE00762615 /* secToolFileIO.c in Sources */, - E7ACD2FB1D30204E0038050D /* keychain_sync_test.m in Sources */, - E7FEFB91169E36D800E18152 /* keychain_sync.c in Sources */, - E739A9DB1D3078D9003C088A /* NSFileHandle+Formatting.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin XCBuildConfiguration section */ - 0C0BDB5D175687EC00BC1A7E /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - }; - name = Debug; - }; - 0C0BDB5E175687EC00BC1A7E /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - }; - name = Release; - }; - 18270F5714CF651900B05E7F /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - "GCC_PREPROCESSOR_DEFINITIONS[sdk=macosx*]" = ( - "$(inherited)", - "SECITEM_SHIM_OSX=1", - ); - }; - name = Debug; - }; - 18270F5814CF651900B05E7F /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - "GCC_PREPROCESSOR_DEFINITIONS[sdk=macosx*]" = ( - "$(inherited)", - "SECITEM_SHIM_OSX=1", - ); - }; - name = Release; - }; - 186CDD1114CA116C00AF9171 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9814CF1AAD00B05E7F /* debug.xcconfig */; - buildSettings = { - CLANG_STATIC_ANALYZER_MODE = deep; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = NO; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - "$(inherited)", - "DEBUG=1", - "NO_SERVER=1", - "__KEYCHAINCORE__=1", - ); - GCC_WARN_UNDECLARED_SELECTOR = YES; - ONLY_ACTIVE_ARCH = YES; - RUN_CLANG_STATIC_ANALYZER = YES; - SDKROOT = macosx.internal; - }; - name = Debug; - }; - 186CDD1214CA116C00AF9171 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9A14CF1AAD00B05E7F /* release.xcconfig */; - buildSettings = { - CLANG_STATIC_ANALYZER_MODE = deep; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = NO; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - "$(inherited)", - "NDEBUG=1", - "__KEYCHAINCORE__=1", - ); - "GCC_PREPROCESSOR_DEFINITIONS[sdk=embeddedsimulator*]" = ( - "$(inherited)", - "NO_SERVER=1", - "__KEYCHAINCORE__=1", - ); - GCC_WARN_UNDECLARED_SELECTOR = YES; - RUN_CLANG_STATIC_ANALYZER = YES; - SDKROOT = macosx.internal; - }; - name = Release; - }; - 186CDD1414CA116C00AF9171 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - "$(inherited)", - "SECITEM_SHIM_OSX=1", - ); - SECITEM_SHIM_OSX = 1; - }; - name = Debug; - }; - 186CDD1514CA116C00AF9171 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - "$(inherited)", - "SECITEM_SHIM_OSX=1", - ); - SECITEM_SHIM_OSX = 1; - }; - name = Release; - }; - 18D4043714CE0CF300A2BE4E /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - CLANG_WARN_CONSTANT_CONVERSION = NO; - CLANG_WARN_ENUM_CONVERSION = NO; - CLANG_WARN_INT_CONVERSION = NO; - COMBINE_HIDPI_IMAGES = YES; - GCC_WARN_64_TO_32_BIT_CONVERSION = NO; - }; - name = Debug; - }; - 18D4043814CE0CF300A2BE4E /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - CLANG_WARN_CONSTANT_CONVERSION = NO; - CLANG_WARN_ENUM_CONVERSION = NO; - CLANG_WARN_INT_CONVERSION = NO; - COMBINE_HIDPI_IMAGES = YES; - GCC_WARN_64_TO_32_BIT_CONVERSION = NO; - }; - name = Release; - }; - 18D4056414CE53C200A2BE4E /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - "FRAMEWORK_SEARCH_PATHS[sdk=embeddedsimulator*]" = "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks"; - "GCC_PREPROCESSOR_DEFINITIONS[sdk=macosx*]" = ( - "$(inherited)", - "SECITEM_SHIM_OSX=1", - "SECTRUST_OSX=1", - ); - }; - name = Debug; - }; - 18D4056514CE53C200A2BE4E /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - "FRAMEWORK_SEARCH_PATHS[sdk=embeddedsimulator*]" = "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks"; - "GCC_PREPROCESSOR_DEFINITIONS[sdk=macosx*]" = ( - "$(inherited)", - "SECITEM_SHIM_OSX=1", - "SECTRUST_OSX=1", - ); - }; - name = Release; - }; - 4A5CCA5015ACEFA500702357 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COMBINE_HIDPI_IMAGES = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - }; - name = Debug; - }; - 4A5CCA5115ACEFA500702357 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COMBINE_HIDPI_IMAGES = YES; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - }; - name = Release; - }; - 4A824B01158FF07000F932C0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - RUN_CLANG_STATIC_ANALYZER = YES; - }; - name = Debug; - }; - 4A824B02158FF07000F932C0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - RUN_CLANG_STATIC_ANALYZER = YES; - }; - name = Release; - }; - 4CC92B1215A3BC6B00C6D578 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - }; - name = Debug; - }; - 4CC92B1315A3BC6B00C6D578 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - }; - name = Release; - }; - BE8D228C1ABB7199009A4E18 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - "$(inherited)", - "SECITEM_SHIM_OSX=1", - "SECTRUST_OSX=1", - ); - PRODUCT_NAME = libSecTrustOSX; - }; - name = Debug; - }; - BE8D228D1ABB7199009A4E18 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - "$(inherited)", - "SECITEM_SHIM_OSX=1", - "SECTRUST_OSX=1", - ); - PRODUCT_NAME = libSecTrustOSX; - }; - name = Release; - }; - BEF9640418B4171200813FA3 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - "GCC_PREPROCESSOR_DEFINITIONS[sdk=macosx*]" = ( - "$(inherited)", - "SECITEM_SHIM_OSX=1", - ); - PRODUCT_NAME = libSWCAgent; - }; - name = Debug; - }; - BEF9640518B4171200813FA3 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - "GCC_PREPROCESSOR_DEFINITIONS[sdk=macosx*]" = ( - "$(inherited)", - "SECITEM_SHIM_OSX=1", - ); - PRODUCT_NAME = libSWCAgent; - }; - name = Release; - }; - D40771BA1C9B4D200016AA66 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - COMBINE_HIDPI_IMAGES = YES; - COPY_PHASE_STRIP = NO; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - "HEADER_SEARCH_PATHS[sdk=macosx*]" = ( - "$(BUILT_PRODUCTS_DIR)", - "$(PROJECT_DIR)/../utilities", - "$(PROJECT_DIR)/../regressions", - ); - }; - name = Debug; - }; - D40771BB1C9B4D200016AA66 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - COMBINE_HIDPI_IMAGES = YES; - COPY_PHASE_STRIP = NO; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - "HEADER_SEARCH_PATHS[sdk=macosx*]" = ( - "$(BUILT_PRODUCTS_DIR)", - "$(PROJECT_DIR)/../regressions", - "$(PROJECT_DIR)/../utilities", - ); - }; - name = Release; - }; - E702E75414E1F3EA00CDE635 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - }; - name = Debug; - }; - E702E75514E1F3EA00CDE635 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - }; - name = Release; - }; - E702E77614E1F48800CDE635 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - }; - name = Debug; - }; - E702E77714E1F48800CDE635 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - }; - name = Release; - }; - E71049FB169E023B00DB0045 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - }; - name = Debug; - }; - E71049FC169E023B00DB0045 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - }; - name = Release; - }; - E7104A1B169E216E00DB0045 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - }; - name = Debug; - }; - E7104A1C169E216E00DB0045 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - }; - name = Release; - }; - E76079D01951FD2800F69731 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - CLANG_WARN_CONSTANT_CONVERSION = NO; - CLANG_WARN_ENUM_CONVERSION = NO; - CLANG_WARN_INT_CONVERSION = NO; - COMBINE_HIDPI_IMAGES = YES; - GCC_WARN_64_TO_32_BIT_CONVERSION = NO; - }; - name = Debug; - }; - E76079D11951FD2800F69731 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - CLANG_WARN_CONSTANT_CONVERSION = NO; - CLANG_WARN_ENUM_CONVERSION = NO; - CLANG_WARN_INT_CONVERSION = NO; - COMBINE_HIDPI_IMAGES = YES; - GCC_WARN_64_TO_32_BIT_CONVERSION = NO; - }; - name = Release; - }; - E7FEFB8A169E363300E18152 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - }; - name = Debug; - }; - E7FEFB8B169E363300E18152 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18270C9914CF1AAD00B05E7F /* lib.xcconfig */; - buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - 0C0BDB5C175687EC00BC1A7E /* Build configuration list for PBXNativeTarget "libsecdRegressions" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 0C0BDB5D175687EC00BC1A7E /* Debug */, - 0C0BDB5E175687EC00BC1A7E /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 18270F5614CF651900B05E7F /* Build configuration list for PBXNativeTarget "libsecipc_client" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 18270F5714CF651900B05E7F /* Debug */, - 18270F5814CF651900B05E7F /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 186CDD0914CA116C00AF9171 /* Build configuration list for PBXProject "sec" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 186CDD1114CA116C00AF9171 /* Debug */, - 186CDD1214CA116C00AF9171 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 186CDD1314CA116C00AF9171 /* Build configuration list for PBXNativeTarget "libSecItemShimOSX" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 186CDD1414CA116C00AF9171 /* Debug */, - 186CDD1514CA116C00AF9171 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 18D4043614CE0CF300A2BE4E /* Build configuration list for PBXNativeTarget "libsecurity" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 18D4043714CE0CF300A2BE4E /* Debug */, - 18D4043814CE0CF300A2BE4E /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 18D4056314CE53C200A2BE4E /* Build configuration list for PBXNativeTarget "libsecurityd" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 18D4056414CE53C200A2BE4E /* Debug */, - 18D4056514CE53C200A2BE4E /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 4A5CCA5215ACEFA500702357 /* Build configuration list for PBXNativeTarget "libSecOtrOSX" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 4A5CCA5015ACEFA500702357 /* Debug */, - 4A5CCA5115ACEFA500702357 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 4A824B00158FF07000F932C0 /* Build configuration list for PBXNativeTarget "libSecurityRegressions" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 4A824B01158FF07000F932C0 /* Debug */, - 4A824B02158FF07000F932C0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 4CC92B1115A3BC6B00C6D578 /* Build configuration list for PBXNativeTarget "libsecuritydRegressions" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 4CC92B1215A3BC6B00C6D578 /* Debug */, - 4CC92B1315A3BC6B00C6D578 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - BE8D228B1ABB7199009A4E18 /* Build configuration list for PBXNativeTarget "libSecTrustOSX" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - BE8D228C1ABB7199009A4E18 /* Debug */, - BE8D228D1ABB7199009A4E18 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - BEF9640318B4171200813FA3 /* Build configuration list for PBXNativeTarget "libSWCAgent" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - BEF9640418B4171200813FA3 /* Debug */, - BEF9640518B4171200813FA3 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - D40771B91C9B4D200016AA66 /* Build configuration list for PBXNativeTarget "libSharedRegressions" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - D40771BA1C9B4D200016AA66 /* Debug */, - D40771BB1C9B4D200016AA66 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - E702E75314E1F3EA00CDE635 /* Build configuration list for PBXNativeTarget "libSecureObjectSync" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - E702E75414E1F3EA00CDE635 /* Debug */, - E702E75514E1F3EA00CDE635 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - E702E77514E1F48800CDE635 /* Build configuration list for PBXNativeTarget "libSOSRegressions" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - E702E77614E1F48800CDE635 /* Debug */, - E702E77714E1F48800CDE635 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - E71049FD169E023B00DB0045 /* Build configuration list for PBXNativeTarget "libSecurityTool" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - E71049FB169E023B00DB0045 /* Debug */, - E71049FC169E023B00DB0045 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - E7104A1A169E216E00DB0045 /* Build configuration list for PBXNativeTarget "libSecurityCommands" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - E7104A1B169E216E00DB0045 /* Debug */, - E7104A1C169E216E00DB0045 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - E76079CF1951FD2800F69731 /* Build configuration list for PBXNativeTarget "liblogging" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - E76079D01951FD2800F69731 /* Debug */, - E76079D11951FD2800F69731 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - E7FEFB89169E363300E18152 /* Build configuration list for PBXNativeTarget "libSOSCommands" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - E7FEFB8A169E363300E18152 /* Debug */, - E7FEFB8B169E363300E18152 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 186CDD0614CA116C00AF9171 /* Project object */; -} diff --git a/OSX/sec/securityd/OTATrustUtilities.c b/OSX/sec/securityd/OTATrustUtilities.c index cd8fc600..4fd57bc5 100644 --- a/OSX/sec/securityd/OTATrustUtilities.c +++ b/OSX/sec/securityd/OTATrustUtilities.c @@ -589,7 +589,7 @@ static const char* InitOTADirectory(int* pAssetVersion) return result; } -static CFSetRef InitializeBlackList(const char* path_ptr) +static CF_RETURNS_RETAINED CFSetRef InitializeBlackList(const char* path_ptr) { CFPropertyListRef plist = CFPropertyListCopyFromAsset(path_ptr, CFSTR("Blocked")); CFSetRef result = CFSetCreateFromPropertyList(plist); @@ -598,7 +598,7 @@ static CFSetRef InitializeBlackList(const char* path_ptr) return result; } -static CFSetRef InitializeGrayList(const char* path_ptr) +static CF_RETURNS_RETAINED CFSetRef InitializeGrayList(const char* path_ptr) { CFPropertyListRef plist = CFPropertyListCopyFromAsset(path_ptr, CFSTR("GrayListedKeys")); CFSetRef result = CFSetCreateFromPropertyList(plist); @@ -607,7 +607,7 @@ static CFSetRef InitializeGrayList(const char* path_ptr) return result; } -static CFDataRef InitializeCTWhiteListData(const char* path_ptr) +static CF_RETURNS_RETAINED CFDataRef InitializeCTWhiteListData(const char* path_ptr) { CFPropertyListRef data = CFPropertyListCopyFromAsset(path_ptr, CFSTR("CTWhiteListData")); @@ -619,7 +619,7 @@ static CFDataRef InitializeCTWhiteListData(const char* path_ptr) } } -static CFDictionaryRef InitializeAllowList(const char* path_ptr) +static CF_RETURNS_RETAINED CFDictionaryRef InitializeAllowList(const char* path_ptr) { CFPropertyListRef allowList = CFPropertyListCopyFromAsset(path_ptr, CFSTR("Allowed")); @@ -631,7 +631,7 @@ static CFDictionaryRef InitializeAllowList(const char* path_ptr) } } -static CFArrayRef InitializeTrustedCTLogs(const char* path_ptr) +static CF_RETURNS_RETAINED CFArrayRef InitializeTrustedCTLogs(const char* path_ptr) { CFPropertyListRef trustedCTLogs = CFPropertyListCopyFromAsset(path_ptr, CFSTR("TrustedCTLogs")); @@ -643,7 +643,7 @@ static CFArrayRef InitializeTrustedCTLogs(const char* path_ptr) } } -static CFDictionaryRef InitializeEVPolicyToAnchorDigestsTable(const char* path_ptr) +static CF_RETURNS_RETAINED CFDictionaryRef InitializeEVPolicyToAnchorDigestsTable(const char* path_ptr) { CFDictionaryRef result = NULL; CFPropertyListRef evroots = CFPropertyListCopyFromAsset(path_ptr, CFSTR("EVRoots")); diff --git a/OSX/sec/securityd/Regressions/SOSAccountTesting.h b/OSX/sec/securityd/Regressions/SOSAccountTesting.h index 46ddd3cc..80b5619f 100644 --- a/OSX/sec/securityd/Regressions/SOSAccountTesting.h +++ b/OSX/sec/securityd/Regressions/SOSAccountTesting.h @@ -30,6 +30,8 @@ #include #include #include +#include +#include #include "SOSTestDataSource.h" #include "SOSRegressionUtilities.h" @@ -109,6 +111,15 @@ static inline SOSViewResultCode SOSAccountUpdateView_wTxn(SOSAccountRef account, return result; } +static inline bool SOSAccountSetMyDSID_wTxn(SOSAccountRef account, CFStringRef dsid, CFErrorRef* error) +{ + __block bool result = false; + SOSAccountWithTransactionSync(account, ^(SOSAccountRef account, SOSAccountTransactionRef txn) { + result = SOSAccountSetMyDSID(txn, dsid, error); + }); + return result; +} + // // Account comparison // @@ -512,7 +523,7 @@ static inline void FeedChangesTo(CFMutableDictionaryRef changes, SOSAccountRef a __block CFMutableArrayRef handled = NULL; SOSAccountWithTransactionSync(account, ^(SOSAccountRef account, SOSAccountTransactionRef txn) { __block CFErrorRef error = NULL; - ok(handled = SOSTransportDispatchMessages(account, account_pending_messages, &error), "SOSTransportHandleMessages failed (%@)", error); + ok(handled = SOSTransportDispatchMessages(txn, account_pending_messages, &error), "SOSTransportHandleMessages failed (%@)", error); CFReleaseNull(error); }); @@ -610,21 +621,84 @@ static inline int ProcessChangesUntilNoChange(CFMutableDictionaryRef changes, .. // MARK: Account creation // +static CFStringRef modelFromType(SOSPeerInfoDeviceClass cls) { + switch(cls) { + case SOSPeerInfo_macOS: return CFSTR("Mac Pro"); + case SOSPeerInfo_iOS: return CFSTR("iPhone"); + case SOSPeerInfo_iCloud: return CFSTR("iCloud"); + case SOSPeerInfo_watchOS: return CFSTR("needWatchOSDeviceName"); + case SOSPeerInfo_tvOS: return CFSTR("needTVOSDeviceName"); + default: return CFSTR("GENERICOSTHING"); + } +} -static inline SOSAccountRef CreateAccountForLocalChanges(CFStringRef name, CFStringRef data_source_name) -{ +static inline SOSAccountRef CreateAccountForLocalChangesWithStartingAttributes(CFStringRef name, CFStringRef data_source_name, SOSPeerInfoDeviceClass devclass, CFStringRef serial, CFBooleanRef preferIDS, CFBooleanRef preferIDSFragmentation, CFBooleanRef preferIDSACKModel, CFStringRef transportType, CFStringRef deviceID) { + SOSDataSourceFactoryRef factory = SOSTestDataSourceFactoryCreate(); SOSDataSourceRef ds = SOSTestDataSourceCreate(); SOSTestDataSourceFactorySetDataSource(factory, data_source_name, ds); SOSEngineRef engine = SOSEngineCreate(ds, NULL); ds->engine = engine; - CFDictionaryRef gestalt = SOSCreatePeerGestaltFromName(name); - + + CFMutableDictionaryRef gestalt = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); + CFDictionaryAddValue(gestalt, kPIUserDefinedDeviceNameKey, name); + CFDictionaryAddValue(gestalt, kPIDeviceModelNameKey, modelFromType(devclass)); + CFDictionaryAddValue(gestalt, kPIOSVersionKey, CFSTR("TESTRUN")); + + CFMutableDictionaryRef testV2dict = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); + CFDictionaryAddValue(testV2dict, sSerialNumberKey, serial); + CFDictionaryAddValue(testV2dict, sPreferIDS, preferIDS); + CFDictionaryAddValue(testV2dict, sPreferIDSFragmentation, preferIDSFragmentation); + CFDictionaryAddValue(testV2dict, sPreferIDSACKModel, preferIDSACKModel); + CFDictionaryAddValue(testV2dict, sTransportType, transportType); + CFDictionaryAddValue(testV2dict, sDeviceID, deviceID); SOSAccountRef result = SOSAccountCreateTest(kCFAllocatorDefault, name, gestalt, factory); + SOSAccountUpdateV2Dictionary(result, testV2dict); + + CFReleaseSafe(SOSAccountCopyUUID(result)); + + CFReleaseNull(gestalt); + CFReleaseNull(testV2dict); + return result; +} + +static CFStringRef sGestaltTest = CFSTR("GestaltTest"); +static CFStringRef sV2Test = CFSTR("V2Test"); +static inline CFDictionaryRef SOSTestSaveStaticAccountState(SOSAccountRef account) { + CFMutableDictionaryRef retval = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); + CFDictionaryRef gestalt = SOSAccountCopyGestalt(account); + CFDictionaryRef v2dictionary = SOSAccountCopyV2Dictionary(account); + CFDictionaryAddValue(retval, sGestaltTest, gestalt); + CFDictionaryAddValue(retval, sV2Test, v2dictionary); CFReleaseNull(gestalt); + CFReleaseNull(v2dictionary); + return retval; +} - return result; +static inline void SOSTestRestoreAccountState(SOSAccountRef account, CFDictionaryRef saved) { + SOSAccountUpdateGestalt(account, CFDictionaryGetValue(saved, sGestaltTest)); + SOSAccountUpdateV2Dictionary(account, CFDictionaryGetValue(saved, sV2Test)); +} + +static CFStringRef CFStringCreateRandomHexWithLength(size_t len) { + if(len%2) len++; + CFDataRef data = CFDataCreateWithRandomBytes(len/2); + CFMutableStringRef retval = CFStringCreateMutable(kCFAllocatorDefault, len); + CFStringAppendHexData(retval, data); + CFReleaseNull(data); + return retval; +} + +static inline SOSAccountRef CreateAccountForLocalChanges(CFStringRef name, CFStringRef data_source_name) +{ + CFStringRef randomSerial = CFStringCreateRandomHexWithLength(8); + CFStringRef randomDevID = CFStringCreateRandomHexWithLength(16); + SOSAccountRef retval = CreateAccountForLocalChangesWithStartingAttributes(name, data_source_name, SOSPeerInfo_iOS, randomSerial, + kCFBooleanTrue, kCFBooleanTrue, kCFBooleanTrue, SOSTransportMessageTypeIDSV2, randomDevID); + CFReleaseNull(randomSerial); + CFReleaseNull(randomDevID); + return retval; } static inline SOSAccountRef CreateAccountForLocalChangesFromData(CFDataRef flattenedData, CFStringRef name, CFStringRef data_source_name) @@ -749,4 +823,113 @@ errOut: return retval; } +static inline bool SOSTestStartCircleWithAccount(SOSAccountRef account, CFMutableDictionaryRef changes, CFStringRef cfaccount, CFDataRef cfpassword) { + bool retval = false; + require(SOSAccountAssertUserCredentialsAndUpdate(account, cfaccount, cfpassword, NULL), retOut); + is(ProcessChangesUntilNoChange(changes, account, NULL), 1, "updates"); + require(SOSAccountResetToOffering_wTxn(account, NULL), retOut); + is(ProcessChangesUntilNoChange(changes, account, NULL), 1, "updates"); + retval = true; +retOut: + return retval; +} + +static inline bool SOSTestApproveRequest(SOSAccountRef approver, CFIndex napplicants) { + bool retval = false; + CFErrorRef error = NULL; + CFArrayRef applicants = SOSAccountCopyApplicants(approver, &error); + + ok(applicants && CFArrayGetCount(applicants) == napplicants, "See %ld applicant(s) %@ (%@)", napplicants, applicants, error); + CFStringRef approvername = SOSAccountCopyName(approver); + ok((retval = SOSAccountAcceptApplicants(approver, applicants, &error)), "%@ accepts (%@)", approvername, error); + CFReleaseNull(error); + CFReleaseNull(applicants); + CFReleaseNull(approvername); + + return retval; +} + +#define DROP_USERKEY true +#define KEEP_USERKEY false + +static inline bool SOSTestJoinWith(CFDataRef cfpassword, CFStringRef cfaccount, CFMutableDictionaryRef changes, SOSAccountRef joiner) { + CFErrorRef error = NULL; + // retval will return op failures, not count failures - we'll still report those from in here. + bool retval = false; + + FeedChangesTo(changes, joiner); + + ok(SOSAccountAssertUserCredentialsAndUpdate(joiner, cfaccount, cfpassword, &error), "Credential setting (%@)", error); + CFReleaseNull(error); + + ProcessChangesUntilNoChange(changes, joiner, NULL); + + ok(retval = SOSAccountJoinCircles_wTxn(joiner, &error), "Applying (%@)", error); + CFReleaseNull(error); + return retval; +} + +static inline bool SOSTestJoinWithApproval(CFDataRef cfpassword, CFStringRef cfaccount, CFMutableDictionaryRef changes, SOSAccountRef approver, SOSAccountRef joiner, bool dropUserKey, int expectedCount, bool expectCleanup) { + //CFErrorRef error = NULL; + // retval will return op failures, not count failures - we'll still report those from in here. + bool retval = false; + + ok(retval = SOSTestJoinWith(cfpassword, cfaccount, changes, joiner), "Applyication Made"); + + is(ProcessChangesUntilNoChange(changes, approver, joiner, NULL), 2, "updates"); + + int nrounds = 2; + if(dropUserKey) SOSAccountPurgePrivateCredential(joiner); // lose the userKey so we don't "fix" the ghost problem yet. + else nrounds = 3; + + if(expectCleanup) nrounds++; + + ok(retval &= SOSTestApproveRequest(approver, 1), "Accepting Request to Join"); + is(ProcessChangesUntilNoChange(changes, approver, joiner, NULL), nrounds, "updates"); + + accounts_agree_internal("Successful join shows same circle view", joiner, approver, false); + is(countPeers(joiner), expectedCount, "There should be %d valid peers", expectedCount); + return retval; +} + + +static inline SOSAccountRef SOSTestCreateAccountAsSerialClone(CFStringRef name, SOSPeerInfoDeviceClass devClass, CFStringRef serial, CFStringRef idsID) { + return CreateAccountForLocalChangesWithStartingAttributes(name, CFSTR("TestSource"), devClass, serial, kCFBooleanTrue, kCFBooleanTrue, kCFBooleanTrue, SOSTransportMessageTypeIDSV2, idsID); +} + +static inline bool SOSTestMakeGhostInCircle(CFStringRef name, SOSPeerInfoDeviceClass devClass, CFStringRef serial, CFStringRef idsID, + CFDataRef cfpassword, CFStringRef cfaccount, CFMutableDictionaryRef changes, + SOSAccountRef approver, int expectedCount) { + bool retval = false; + SOSAccountRef ghostAccount = SOSTestCreateAccountAsSerialClone(name, devClass, serial, idsID); + ok(ghostAccount, "Created Ghost Account"); + require_quiet(ghostAccount, retOut); + if(!ghostAccount) return false; + ok(retval = SOSTestJoinWithApproval(cfpassword, cfaccount, changes, approver, ghostAccount, DROP_USERKEY, expectedCount, true), "Ghost Joined Circle with expected result"); + CFReleaseNull(ghostAccount); +retOut: + return retval; +} + +static inline bool SOSTestChangeAccountDeviceName(SOSAccountRef account, CFStringRef name) { + bool retval = false; + CFMutableDictionaryRef mygestalt = CFDictionaryCreateMutableCopy(kCFAllocatorDefault, 0, SOSPeerGetGestalt(SOSAccountGetMyPeerInfo(account))); + require_quiet(mygestalt, retOut); + CFDictionarySetValue(mygestalt, kPIUserDefinedDeviceNameKey, name); + retval = SOSAccountUpdateGestalt(account, mygestalt); +retOut: + CFReleaseNull(mygestalt); + return retval; +} + +static inline void SOSTestCleanup() { + SOSUnregisterAllTransportMessages(); + SOSUnregisterAllTransportCircles(); + SOSUnregisterAllTransportKeyParameters(); + CFArrayRemoveAllValues(key_transports); + CFArrayRemoveAllValues(circle_transports); + CFArrayRemoveAllValues(message_transports); +} + + #endif diff --git a/OSX/sec/securityd/Regressions/SOSTransportTestTransports.c b/OSX/sec/securityd/Regressions/SOSTransportTestTransports.c index 594724ec..8be5b636 100644 --- a/OSX/sec/securityd/Regressions/SOSTransportTestTransports.c +++ b/OSX/sec/securityd/Regressions/SOSTransportTestTransports.c @@ -15,7 +15,7 @@ #include "SOSTransportTestTransports.h" static bool sendToPeer(SOSTransportMessageRef transport, CFStringRef circleName, CFStringRef peerID, CFDataRef message, CFErrorRef *error); -static bool syncWithPeers(SOSTransportMessageRef transport, CFDictionaryRef circleToPeerIDs, CFErrorRef *error); +static bool syncWithPeers(SOSTransportMessageRef transport, CFSetRef peers, CFErrorRef *error); static bool sendMessages(SOSTransportMessageRef transport, CFDictionaryRef circleToPeersToMessage, CFErrorRef *error); static bool cleanupAfterPeer(SOSTransportMessageRef transport, CFDictionaryRef circle_to_peer_ids, CFErrorRef *error); static CF_RETURNS_RETAINED @@ -632,57 +632,50 @@ static bool sendToPeer(SOSTransportMessageRef transport, CFStringRef circleName, return result; } -static bool syncWithPeers(SOSTransportMessageRef transport, CFDictionaryRef circleToPeerIDs, CFErrorRef *error){ +static bool syncWithPeers(SOSTransportMessageRef transport, CFSetRef peers, CFErrorRef *error){ // Each entry is keyed by circle name and contains a list of peerIDs __block bool result = true; - CFDictionaryForEach(circleToPeerIDs, ^(const void *key, const void *value) { - if (isString(key) && isArray(value)) { - CFStringRef circleName = (CFStringRef) key; - CFArrayForEach(value, ^(const void *value) { - if (isString(value)) { - CFStringRef peerID = (CFStringRef) value; - SOSEngineRef engine = SOSTransportMessageGetEngine(transport); - SOSEngineWithPeerID(engine, peerID, error, ^(SOSPeerRef peer, SOSCoderRef coder, SOSDataSourceRef dataSource, SOSTransactionRef txn, bool *forceSaveState) { - SOSEnginePeerMessageSentBlock sent = NULL; - CFDataRef message_to_send = NULL; - bool ok = SOSPeerCoderSendMessageIfNeeded(engine, txn, peer, coder, &message_to_send, circleName, peerID, &sent, error); - if (message_to_send) { - CFDictionaryRef peer_dict = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, peerID, message_to_send, NULL); - CFDictionarySetValue(SOSTransportMessageTestGetChanges((SOSTransportMessageTestRef)transport), circleName, peer_dict); - SOSPeerCoderConsume(&sent, ok); - CFReleaseSafe(peer_dict); - } - Block_release(sent); - CFReleaseSafe(message_to_send); - }); - } + CFStringRef circleName = transport->circleName; + CFSetForEach(peers, ^(const void *value) { + CFStringRef peerID = asString(value, NULL); + + if (peerID) { + SOSEngineRef engine = SOSTransportMessageGetEngine(transport); + SOSEngineWithPeerID(engine, peerID, error, ^(SOSPeerRef peer, SOSCoderRef coder, SOSDataSourceRef dataSource, SOSTransactionRef txn, bool *forceSaveState) { + SOSEnginePeerMessageSentBlock sent = NULL; + CFDataRef message_to_send = NULL; + bool ok = SOSPeerCoderSendMessageIfNeeded(engine, txn, peer, coder, &message_to_send, peerID, &sent, error); + if (message_to_send) { + CFDictionaryRef peer_dict = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, peerID, message_to_send, NULL); + CFDictionarySetValue(SOSTransportMessageTestGetChanges((SOSTransportMessageTestRef)transport), circleName, peer_dict); + SOSPeerCoderConsume(&sent, ok); + CFReleaseSafe(peer_dict); + } + Block_release(sent); + CFReleaseSafe(message_to_send); }); - } + } }); - + return result; } -static bool sendMessages(SOSTransportMessageRef transport, CFDictionaryRef circleToPeersToMessage, CFErrorRef *error) { +static bool sendMessages(SOSTransportMessageRef transport, CFDictionaryRef peersToMessage, CFErrorRef *error) { __block bool result = true; - CFDictionaryForEach(circleToPeersToMessage, ^(const void *key, const void *value) { - if (isString(key) && isDictionary(value)) { - CFStringRef circleName = (CFStringRef) key; - CFDictionaryForEach(value, ^(const void *key, const void *value) { - if (isString(key) && isData(value)) { - CFStringRef peerID = (CFStringRef) key; - CFDataRef message = (CFDataRef) value; - bool rx = sendToPeer(transport, circleName, peerID, message, error); - result &= rx; - } - }); + CFStringRef circleName = transport->circleName; + CFDictionaryForEach(peersToMessage, ^(const void *key, const void *value) { + if (isString(key) && isData(value)) { + CFStringRef peerID = (CFStringRef) key; + CFDataRef message = (CFDataRef) value; + bool rx = sendToPeer(transport, circleName, peerID, message, error); + result &= rx; } }); - - return true; + + return result; } static CF_RETURNS_RETAINED @@ -745,7 +738,7 @@ struct SOSTransportMessageIDSTest { static bool sendDataToPeerIDSTest(SOSTransportMessageRef transport, CFStringRef circleName, CFStringRef deviceID, CFStringRef peerID, CFDataRef message, CFErrorRef *error); static bool sendDictionaryToPeerIDSTest(SOSTransportMessageRef transport, CFStringRef circleName, CFStringRef deviceID, CFStringRef peerID, CFDictionaryRef message, CFErrorRef *error); -static bool syncWithPeersIDSTest(SOSTransportMessageRef transport, CFDictionaryRef circleToPeerIDs, CFErrorRef *error); +static bool syncWithPeersIDSTest(SOSTransportMessageRef transport, CFSetRef peers, CFErrorRef *error); static bool sendMessagesIDSTest(SOSTransportMessageRef transport, CFDictionaryRef circleToPeersToMessage, CFErrorRef *error); static void destroyIDSTest(SOSTransportMessageRef transport); static bool cleanupAfterPeerIDSTest(SOSTransportMessageRef transport, CFDictionaryRef circle_to_peer_ids, CFErrorRef *error); @@ -884,75 +877,54 @@ static bool sendDictionaryToPeerIDSTest(SOSTransportMessageRef transport, CFStri } -static bool syncWithPeersIDSTest(SOSTransportMessageRef transport, CFDictionaryRef circleToPeerIDs, CFErrorRef *error){ +static bool syncWithPeersIDSTest(SOSTransportMessageRef transport, CFSetRef peerIDs, CFErrorRef *error){ // Each entry is keyed by circle name and contains a list of peerIDs __block bool result = true; - CFDictionaryForEach(circleToPeerIDs, ^(const void *key, const void *value) { - if (isString(key) && isArray(value)) { - CFStringRef circleName = (CFStringRef) key; - CFArrayForEach(value, ^(const void *value) { - if (isString(value)) { - CFStringRef peerID = (CFStringRef) value; - secnotice("transport", "IDS sync with peerIDs %@", peerID); - result &= SOSTransportMessageSendMessageIfNeeded(transport, circleName, peerID, error); - } - }); + CFSetForEach(peerIDs, ^(const void *value) { + CFStringRef peerID = asString(value, NULL); + if (peerID) { + secnotice("transport", "IDS sync with peerIDs %@", peerID); + result &= SOSTransportMessageSendMessageIfNeeded(transport, transport->circleName, peerID, error); } }); return result; } -static bool sendMessagesIDSTest(SOSTransportMessageRef transport, CFDictionaryRef circleToPeersToMessage, CFErrorRef *error) { +static bool sendMessagesIDSTest(SOSTransportMessageRef transport, CFDictionaryRef peersToMessage, CFErrorRef *error) { __block bool result = true; - SOSCircleRef circle = SOSAccountGetCircle(transport->account, error); - SOSPeerInfoRef myPeer = SOSAccountGetMyPeerInfo(transport->account); - __block CFStringRef peerID = NULL; - require_quiet(myPeer, fail); - - CFDictionaryForEach(circleToPeersToMessage, ^(const void *key, const void *value) { - if (isString(key) && isDictionary(value)) { - CFStringRef circleName = (CFStringRef) key; - - CFDictionaryForEach(value, ^(const void *key1, const void *value1) { - if (isString(key1) && isDictionary(value1)) { - peerID = (CFStringRef) key1; - CFMutableDictionaryRef message = CFRetainSafe((CFMutableDictionaryRef) value1); - SOSCircleForEachPeer(circle, ^(SOSPeerInfoRef peer) { - if(!CFEqualSafe(myPeer, peer)){ - CFStringRef deviceID = SOSPeerInfoCopyDeviceID(peer); - if(CFStringCompare(SOSPeerInfoGetPeerID(peer), peerID, 0) == 0){ - bool rx = false; - rx = sendDictionaryToPeerIDSTest(transport, circleName, deviceID, peerID, message, error); - result &= rx; - } - CFReleaseNull(deviceID); - } - }); - } - else{ - peerID = (CFStringRef) key1; - CFDataRef message = CFRetainSafe((CFDataRef) value1); - - SOSCircleForEachPeer(circle, ^(SOSPeerInfoRef peer) { - if(!CFEqualSafe(myPeer, peer)){ - - CFStringRef deviceID = SOSPeerInfoCopyDeviceID(peer); - if(CFStringCompare(SOSPeerInfoGetPeerID(peer), peerID, 0) == 0){ - bool rx = false; - rx = sendDataToPeerIDSTest(transport, circleName, deviceID, peerID, message, error); - result &= rx; - } - CFReleaseNull(deviceID); - } - }); - } - }); + SOSAccountRef account = transport->account; + + CFDictionaryForEach(peersToMessage, ^(const void *key, const void *value) { + CFStringRef idsDeviceID = NULL;; + CFStringRef peerID = asString(key, NULL); + SOSPeerInfoRef pi = NULL; + require(peerID, done); + require(!CFEqualSafe(peerID, SOSAccountGetMyPeerID(account)), done); + + pi = SOSAccountCopyPeerWithID(account, peerID, NULL); + require(pi, done); + + idsDeviceID = SOSPeerInfoCopyDeviceID(pi); + require(idsDeviceID, done); + + CFDictionaryRef messageDictionary = asDictionary(value, NULL); + if (messageDictionary) { + result &= sendDictionaryToPeerIDSTest(transport, transport->circleName, idsDeviceID, peerID, messageDictionary, error); + } else { + CFDataRef messageData = asData(value, NULL); + if (messageData) { + result &= sendDataToPeerIDSTest(transport, transport->circleName, idsDeviceID, peerID, messageData, error); + } } + done: + CFReleaseNull(idsDeviceID); + CFReleaseNull(pi); + }); -fail: + return result; } diff --git a/OSX/sec/securityd/Regressions/SecdTestKeychainUtilities.c b/OSX/sec/securityd/Regressions/SecdTestKeychainUtilities.c index 32891533..2efc3bbf 100644 --- a/OSX/sec/securityd/Regressions/SecdTestKeychainUtilities.c +++ b/OSX/sec/securityd/Regressions/SecdTestKeychainUtilities.c @@ -49,9 +49,7 @@ void secd_test_setup_temp_keychain(const char* test_prefix, dispatch_block_t do_ /* set custom keychain dir, reset db */ - CFStringPerformWithCString(tmp_dir, ^(const char *tmp_dir_string) { - SetCustomHomeURL(tmp_dir_string); - }); + SetCustomHomeURLString(tmp_dir); SecKeychainDbReset(do_in_reset); diff --git a/OSX/sec/securityd/Regressions/secd-01-items.c b/OSX/sec/securityd/Regressions/secd-01-items.c index 9b167286..a829dc49 100644 --- a/OSX/sec/securityd/Regressions/secd-01-items.c +++ b/OSX/sec/securityd/Regressions/secd-01-items.c @@ -138,7 +138,7 @@ int secd_01_items(int argc, char *const *argv) /* Reset keybag and custom $HOME */ SecItemServerResetKeychainKeybag(); - SetCustomHomeURL(NULL); + SetCustomHomePath(NULL); SecKeychainDbReset(NULL); diff --git a/OSX/sec/securityd/Regressions/secd-100-initialsync.c b/OSX/sec/securityd/Regressions/secd-100-initialsync.c index 04dcfe2a..c8620ab0 100644 --- a/OSX/sec/securityd/Regressions/secd-100-initialsync.c +++ b/OSX/sec/securityd/Regressions/secd-100-initialsync.c @@ -102,7 +102,7 @@ static void tests(void) ok(!SOSAccountCheckHasBeenInSync_wTxn(bob_account), "Bob should not be initially synced"); CFSetRef bob_viewSet = SOSPeerInfoCopyEnabledViews(SOSAccountGetMyPeerInfo(bob_account)); - is(CFSetGetCount(bob_viewSet), 5, "bob's initial view set should be just the 14 views"); + is(CFSetGetCount(bob_viewSet), 14, "bob's initial view set should be just the 14 views"); CFReleaseNull(bob_viewSet); ok(!SOSAccountCheckHasBeenInSync_wTxn(bob_account), "Bob should not be initially synced"); diff --git a/OSX/sec/securityd/Regressions/secd-130-other-peer-views.c b/OSX/sec/securityd/Regressions/secd-130-other-peer-views.c index 548e5802..33b21321 100644 --- a/OSX/sec/securityd/Regressions/secd-130-other-peer-views.c +++ b/OSX/sec/securityd/Regressions/secd-130-other-peer-views.c @@ -166,12 +166,7 @@ static void tests(void) { CFReleaseNull(carole_account); CFReleaseNull(david_account); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); + SOSTestCleanup(); } int secd_130_other_peer_views(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd-200-logstate.c b/OSX/sec/securityd/Regressions/secd-200-logstate.c index 42d71509..88ebadb7 100644 --- a/OSX/sec/securityd/Regressions/secd-200-logstate.c +++ b/OSX/sec/securityd/Regressions/secd-200-logstate.c @@ -40,7 +40,6 @@ #include #include #include -#include "SOSCloudKeychainLogging.h" #include #include @@ -166,7 +165,6 @@ static void tests(void) secLogEnable(); SOSAccountLogState(master_account); SOSAccountLogViewState(master_account); - SOSCloudKVSLogState(); secLogDisable(); CFDataRef acctData = SOSAccountCopyEncodedData(master_account, kCFAllocatorDefault, &error); @@ -188,12 +186,7 @@ static void tests(void) CFReleaseNull(master_account); CFReleaseNull(minion_accounts); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); + SOSTestCleanup(); } diff --git a/OSX/sec/securityd/Regressions/secd-201-coders.c b/OSX/sec/securityd/Regressions/secd-201-coders.c index c5fc6712..c85ea555 100644 --- a/OSX/sec/securityd/Regressions/secd-201-coders.c +++ b/OSX/sec/securityd/Regressions/secd-201-coders.c @@ -41,7 +41,6 @@ #include #include #include -#include "SOSCloudKeychainLogging.h" #include #include @@ -60,7 +59,7 @@ #include "SecdTestKeychainUtilities.h" -static int kTestTestCount = 182; +static int kTestTestCount = 124; static void TestSOSEngineDoOnQueue(SOSEngineRef engine, dispatch_block_t action) { @@ -104,10 +103,9 @@ static void ids_test_sync(SOSAccountRef alice_account, SOSAccountRef bob_account SOSPeerInfoShouldUseIDSMessageFragmentation(SOSFullPeerInfoGetPeerInfo(alice_account->my_identity), peer)){ secnotice("IDS Transport","Syncing with IDS capable peers using IDS!"); - CFMutableDictionaryRef circleToIdsId = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); - CFMutableArrayRef ids = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault); - CFArrayAppendValue(ids, SOSPeerInfoGetPeerID(peer)); - CFDictionaryAddValue(circleToIdsId, SOSCircleGetName(alice_account->trusted_circle), ids); + CFMutableSetRef ids = CFSetCreateMutableForCFTypes(kCFAllocatorDefault); + CFSetAddValue(ids, SOSPeerInfoGetPeerID(peer)); + SOSEngineRef alice_engine = SOSTransportMessageGetEngine(alice_account->ids_message_transport); //testing loading and saving coders @@ -126,7 +124,7 @@ static void ids_test_sync(SOSAccountRef alice_account, SOSAccountRef bob_account compareCoders(beforeCoders, alice_engine->coders); //syncing with all peers - SyncingCompletedOverIDS = SOSTransportMessageSyncWithPeers(alice_account->ids_message_transport, circleToIdsId, &localError); + SyncingCompletedOverIDS = SOSTransportMessageSyncWithPeers(alice_account->ids_message_transport, ids, &localError); //testing load after sync with all peers CFMutableDictionaryRef codersAfterSyncBeforeLoad = CFDictionaryCreateMutableCopy(kCFAllocatorDefault, CFDictionaryGetCount(alice_engine->coders), alice_engine->coders); @@ -137,7 +135,6 @@ static void ids_test_sync(SOSAccountRef alice_account, SOSAccountRef bob_account CFReleaseNull(codersAfterSyncBeforeLoad); CFReleaseNull(beforeCoders); - CFReleaseNull(circleToIdsId); CFReleaseNull(ids); } } @@ -151,10 +148,9 @@ static void ids_test_sync(SOSAccountRef alice_account, SOSAccountRef bob_account SOSPeerInfoShouldUseIDSMessageFragmentation(SOSFullPeerInfoGetPeerInfo(bob_account->my_identity), peer)){ secnotice("IDS Transport","Syncing with IDS capable peers using IDS!"); - CFMutableDictionaryRef circleToIdsId = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); - CFMutableArrayRef ids = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault); - CFArrayAppendValue(ids, SOSPeerInfoGetPeerID(peer)); - CFDictionaryAddValue(circleToIdsId, SOSCircleGetName(bob_account->trusted_circle), ids); + CFMutableSetRef ids = CFSetCreateMutableForCFTypes(kCFAllocatorDefault); + CFSetAddValue(ids, SOSPeerInfoGetPeerID(peer)); + SOSEngineRef bob_engine = SOSTransportMessageGetEngine(bob_account->ids_message_transport); //testing loading and saving coders @@ -172,7 +168,7 @@ static void ids_test_sync(SOSAccountRef alice_account, SOSAccountRef bob_account compareCoders(beforeCoders, bob_engine->coders); - SyncingCompletedOverIDS &= SOSTransportMessageSyncWithPeers(bob_account->ids_message_transport, circleToIdsId, &localError); + SyncingCompletedOverIDS &= SOSTransportMessageSyncWithPeers(bob_account->ids_message_transport, ids, &localError); //testing load after sync with all peers CFMutableDictionaryRef codersAfterSyncBeforeLoad = CFDictionaryCreateMutableCopy(kCFAllocatorDefault, CFDictionaryGetCount(bob_engine->coders), bob_engine->coders); @@ -182,7 +178,6 @@ static void ids_test_sync(SOSAccountRef alice_account, SOSAccountRef bob_account compareCoders(codersAfterSyncBeforeLoad, bob_engine->coders); CFReleaseNull(codersAfterSyncBeforeLoad); CFReleaseNull(beforeCoders); - CFReleaseNull(circleToIdsId); CFReleaseNull(ids); } } @@ -302,6 +297,7 @@ static void tests(void) SOSFullPeerInfoUpdateTransportType(alice_account->my_identity, SOSTransportMessageTypeIDSV2, &localError); SOSFullPeerInfoUpdateTransportPreference(alice_account->my_identity, kCFBooleanFalse, &localError); SOSFullPeerInfoUpdateTransportFragmentationPreference(alice_account->my_identity, kCFBooleanTrue, &localError); + SOSFullPeerInfoUpdateTransportAckModelPreference(alice_account->my_identity, kCFBooleanTrue, &localError); return SOSCircleHasPeer(circle, SOSFullPeerInfoGetPeerInfo(alice_account->my_identity), NULL); }); @@ -316,6 +312,7 @@ static void tests(void) SOSFullPeerInfoUpdateTransportType(bob_account->my_identity, SOSTransportMessageTypeIDSV2, &localError); SOSFullPeerInfoUpdateTransportPreference(bob_account->my_identity, kCFBooleanFalse, &localError); SOSFullPeerInfoUpdateTransportFragmentationPreference(bob_account->my_identity, kCFBooleanTrue, &localError); + SOSFullPeerInfoUpdateTransportAckModelPreference(bob_account->my_identity, kCFBooleanTrue, &localError); return SOSCircleHasPeer(circle, SOSFullPeerInfoGetPeerInfo(bob_account->my_identity), NULL); }); @@ -333,18 +330,18 @@ static void tests(void) SOSTransportMessageIDSTestSetName(alice_account->ids_message_transport, CFSTR("Alice Account")); ok(SOSTransportMessageIDSTestGetName(alice_account->ids_message_transport) != NULL, "retrieved getting account name"); - ok(SOSAccountRetrieveDeviceIDFromIDSKeychainSyncingProxy(alice_account, &error) != false, "device ID from IDSKeychainSyncingProxy"); + ok(SOSAccountRetrieveDeviceIDFromKeychainSyncingOverIDSProxy(alice_account, &error) != false, "device ID from KeychainSyncingOverIDSProxy"); SOSTransportMessageIDSTestSetName(bob_account->ids_message_transport, CFSTR("Bob Account")); ok(SOSTransportMessageIDSTestGetName(bob_account->ids_message_transport) != NULL, "retrieved getting account name"); - ok(SOSAccountRetrieveDeviceIDFromIDSKeychainSyncingProxy(bob_account, &error) != false, "device ID from IDSKeychainSyncingProxy"); + ok(SOSAccountRetrieveDeviceIDFromKeychainSyncingOverIDSProxy(bob_account, &error) != false, "device ID from KeychainSyncingOverIDSProxy"); - ok(SOSAccountSetMyDSID(alice_account, CFSTR("Alice"),&error), "Setting IDS device ID"); + ok(SOSAccountSetMyDSID_wTxn(alice_account, CFSTR("Alice"),&error), "Setting IDS device ID"); CFStringRef alice_dsid = SOSAccountCopyDeviceID(alice_account, &error); ok(CFEqualSafe(alice_dsid, CFSTR("Alice")), "Getting IDS device ID"); - ok(SOSAccountSetMyDSID(bob_account, CFSTR("Bob"),&error), "Setting IDS device ID"); + ok(SOSAccountSetMyDSID_wTxn(bob_account, CFSTR("Bob"),&error), "Setting IDS device ID"); CFStringRef bob_dsid = SOSAccountCopyDeviceID(bob_account, &error); ok(CFEqualSafe(bob_dsid, CFSTR("Bob")), "Getting IDS device ID"); @@ -363,7 +360,7 @@ static void tests(void) CFArrayRemoveAllValues(message_transports); CFReleaseNull(alice_account); CFReleaseNull(bob_account); - + CFReleaseNull(changes); } int secd_201_coders(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd-202-recoverykey.m b/OSX/sec/securityd/Regressions/secd-202-recoverykey.m new file mode 100644 index 00000000..b44533ac --- /dev/null +++ b/OSX/sec/securityd/Regressions/secd-202-recoverykey.m @@ -0,0 +1,67 @@ +// +// secd-202-recoverykey.c +// sec +// + +#import +#import + +#import + +#import + +#import +#import +#import + +#import "secd_regressions.h" +#import "SOSTestDataSource.h" +#import "SOSTestDevice.h" + +#import "SOSRegressionUtilities.h" +#import + +#import "SecdTestKeychainUtilities.h" + + +const int kTestRecoveryKeyCount = 3; + +static void testRecoveryKey(void) +{ + SecRecoveryKey *recoveryKey = NULL; + + recoveryKey = SecRKCreateRecoveryKey(@"AAAA-AAAA-AAAA-AAAA-AAAA-AAAA-AAGW"); + ok(recoveryKey, "got recovery key"); + + NSData *publicKey = SecRKCopyBackupPublicKey(recoveryKey); + ok(publicKey, "got publicKey"); +} + +const int kTestRecoveryKeyBasicNumberIterations = 100; +const int kTestRecoveryKeyBasicCount = 1 * kTestRecoveryKeyBasicNumberIterations; + +static void testRecoveryKeyBasic(void) +{ + NSString *recoveryKey = NULL; + NSError *error = NULL; + int n; + + for (n = 0; n < kTestRecoveryKeyBasicNumberIterations; n++) { + recoveryKey = SecRKCreateRecoveryKeyString(&error); + ok(recoveryKey, "SecRKCreateRecoveryKeyString: %@", error); + } +} + + +int secd_202_recoverykey(int argc, char *const *argv) +{ + plan_tests(kTestRecoveryKeyCount + kTestRecoveryKeyBasicCount); + + secd_test_setup_temp_keychain(__FUNCTION__, NULL); + + testRecoveryKeyBasic(); + + testRecoveryKey(); + + return 0; +} diff --git a/OSX/sec/securityd/Regressions/secd-31-keychain-unreadable.c b/OSX/sec/securityd/Regressions/secd-31-keychain-unreadable.c index 2001431a..343a83a7 100644 --- a/OSX/sec/securityd/Regressions/secd-31-keychain-unreadable.c +++ b/OSX/sec/securityd/Regressions/secd-31-keychain-unreadable.c @@ -1,15 +1,15 @@ /* - * Copyright (c) 2008-2010,2013-2014 Apple Inc. All Rights Reserved. + * Copyright (c) 2008-2010,2013-2014,2016 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -17,7 +17,7 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_LICENSE_HEADER_END@ */ @@ -42,11 +42,23 @@ #include "SecdTestKeychainUtilities.h" -/* Create an empty keychain file that can't be read or written and make sure - securityd can deal with it. */ -static void tests(void) +#if !(TARGET_OS_IOS && TARGET_OS_SIMULATOR) +static void setKeychainPermissions(int perm) { + CFStringRef kc_path_cf = __SecKeychainCopyPath(); + CFStringPerformWithCString(kc_path_cf, ^(const char *path) { + ok_unix(chmod(path, perm), "chmod keychain file %s to be %d", path, perm); + }); +} +#endif + +int secd_31_keychain_unreadable(int argc, char *const *argv) { - /* custom keychain dir */ +#if TARGET_OS_IOS && TARGET_OS_SIMULATOR + // When running on iOS device in debugger, the target usually runs + // as root, which means it has access to the file even after setting 000. + return 0; +#else + plan_tests(10 + kSecdTestSetupTestCount); secd_test_setup_temp_keychain("secd_31_keychain_unreadable", ^{ CFStringRef keychain_path_cf = __SecKeychainCopyPath(); @@ -56,14 +68,12 @@ static void tests(void) "create keychain file '%s'", keychain_path); ok_unix(fchmod(fd, 0), " keychain file '%s'", keychain_path); ok_unix(close(fd), "close keychain file '%s'", keychain_path); - + }); CFReleaseSafe(keychain_path_cf); }); - - __security_simulatecrash_enable(false); - + int v_eighty = 80; CFNumberRef eighty = CFNumberCreate(NULL, kCFNumberSInt32Type, &v_eighty); const char *v_data = "test"; @@ -76,32 +86,31 @@ static void tests(void) CFDictionaryAddValue(query, kSecAttrProtocol, kSecAttrProtocolHTTP); CFDictionaryAddValue(query, kSecAttrAuthenticationType, kSecAttrAuthenticationTypeDefault); CFDictionaryAddValue(query, kSecValueData, pwdata); - ok_status(SecItemAdd(query, NULL), "add internet password"); + + is_status(SecItemAdd(query, NULL), errSecNotAvailable, "Cannot add items to unreadable keychain"); + is_status(SecItemCopyMatching(query, NULL), errSecNotAvailable, "Cannot read items in unreadable keychain"); + + setKeychainPermissions(0644); + + ok_status(SecItemAdd(query, NULL), "Add internet password"); is_status(SecItemAdd(query, NULL), errSecDuplicateItem, - "add internet password again"); - + "Add internet password again"); ok_status(SecItemCopyMatching(query, NULL), "Found the item we added"); - + + // For commented tests need to convince secd to let go of connections. + // Without intervention it keeps them and accesses continue to succeed. + /* + setKeychainPermissions(0); + is_status(SecItemCopyMatching(query, NULL), errSecNotAvailable, "Still cannot read items in unreadable keychain"); + + setKeychainPermissions(0644); + ok_status(SecItemCopyMatching(query, NULL), "Found the item again"); + */ ok_status(SecItemDelete(query),"Deleted the item we added"); - -#if TARGET_OS_IPHONE && !TARGET_OS_SIMULATOR - // When running on iOS device in debugger, the target usually runs as root and no simcrash will actually happen, - // because file with access rights '000' is read-write available. - int crash_count = __security_simulatecrash_enable(true); - ok(crash_count == 0 || crash_count == 1, "Expecting no or one simcrash from recovery of corrupted DB"); -#else - is(__security_simulatecrash_enable(true), 0, "Not Expecting simcrash from recovery of corrupted DB"); -#endif - - CFReleaseSafe(eighty); - CFReleaseSafe(pwdata); - CFReleaseSafe(query); -} - -int secd_31_keychain_unreadable(int argc, char *const *argv) -{ - plan_tests(8 + kSecdTestSetupTestCount); - tests(); - - return 0; + + CFReleaseNull(eighty); + CFReleaseNull(pwdata); + CFReleaseNull(query); +#endif // !(TARGET_OS_IOS && TARGET_OS_SIMULATOR) + return 0; } diff --git a/OSX/sec/securityd/Regressions/secd-33-keychain-ctk.m b/OSX/sec/securityd/Regressions/secd-33-keychain-ctk.m index 31540cad..0ff05b44 100644 --- a/OSX/sec/securityd/Regressions/secd-33-keychain-ctk.m +++ b/OSX/sec/securityd/Regressions/secd-33-keychain-ctk.m @@ -44,6 +44,7 @@ #include #include #include +#include #include #include @@ -491,8 +492,6 @@ static const int kKeyGenerateTestCount = 14; static void test_key_sign(void) { -#if TKTOKEN_CLIENT_INTERFACE_VERSION >= 1 - static const UInt8 data[] = { 0x01, 0x02, 0x03, 0x04 }; CFDataRef valueData = CFDataCreate(NULL, data, sizeof(data)); @@ -615,16 +614,12 @@ static void test_key_sign(void) { CFReleaseSafe(cryptoError); CFRelease(sig); CFRelease(privateKey); -#endif } -#if TKTOKEN_CLIENT_INTERFACE_VERSION >= 1 - #if LA_CONTEXT_IMPLEMENTED + +#if LA_CONTEXT_IMPLEMENTED static const int kKeySignTestCount = 20; - #else -static const int kKeySignTestCount = 15; - #endif #else -static const int kKeySignTestCount = 0; +static const int kKeySignTestCount = 15; #endif static void test_key_generate_with_params(void) { @@ -691,10 +686,10 @@ static void test_error_codes(void) { ctk_error = kTKErrorCodeBadParameter; is_status(SecItemAdd(attrs, NULL), errSecParam); - ctk_error = -1 /* kTKErrorCodeNotImplemented */; + ctk_error = kTKErrorCodeNotImplemented; is_status(SecItemAdd(attrs, NULL), errSecUnimplemented); - ctk_error = -4 /* kTKErrorCodeCanceledByUser */; + ctk_error = kTKErrorCodeCanceledByUser; is_status(SecItemAdd(attrs, NULL), errSecUserCanceled); CFRelease(attrs); @@ -1010,6 +1005,117 @@ static void test_identity_on_two_tokens() { } static const int kIdentityonTwoTokensCount = 20; +static void test_ies(SecKeyRef privateKey, SecKeyAlgorithm algorithm) { + TKTokenTestSetHook(^(CFDictionaryRef attributes, TKTokenTestBlocks *blocks) { + + blocks->createOrUpdateObject = ^CFDataRef(CFDataRef objectID, CFMutableDictionaryRef at, CFErrorRef *error) { + is(objectID, NULL); + return CFBridgingRetain([@"oid" dataUsingEncoding:NSUTF8StringEncoding]); + }; + + blocks->copyPublicKeyData = ^CFDataRef(CFDataRef objectID, CFErrorRef *error) { + SecKeyRef publicKey = SecKeyCopyPublicKey(privateKey); + CFDataRef data = SecKeyCopyExternalRepresentation(publicKey, error); + CFReleaseNull(publicKey); + return data; + }; + + blocks->copyObjectData = ^CFTypeRef(CFDataRef oid, CFErrorRef *error) { + return kCFNull; + }; + + blocks->copyObjectAccessControl = ^CFDataRef(CFDataRef oid, CFErrorRef *error) { + SecAccessControlRef ac = SecAccessControlCreate(NULL, NULL); + SecAccessControlSetProtection(ac, kSecAttrAccessibleAlwaysPrivate, NULL); + SecAccessControlAddConstraintForOperation(ac, kAKSKeyOpDefaultAcl, kCFBooleanTrue, NULL); + CFDataRef acData = SecAccessControlCopyData(ac); + CFRelease(ac); + return acData; + }; + + blocks->copyOperationResult = ^CFTypeRef(CFDataRef objectID, CFIndex operation, CFArrayRef algorithms, CFIndex secKeyOperationMode, CFTypeRef in1, CFTypeRef in2, CFErrorRef *error) { + CFTypeRef result = kCFNull; + CFTypeRef algorithm = CFArrayGetValueAtIndex(algorithms, CFArrayGetCount(algorithms) - 1); + switch (operation) { + case kSecKeyOperationTypeKeyExchange: { + if (CFEqual(algorithm, kSecKeyAlgorithmECDHKeyExchangeStandard) || + CFEqual(algorithm, kSecKeyAlgorithmECDHKeyExchangeCofactor)) { + NSDictionary *attrs = CFBridgingRelease(SecKeyCopyAttributes(privateKey)); + NSDictionary *params = @{ + (id)kSecAttrKeyType: attrs[(id)kSecAttrKeyType], + (id)kSecAttrKeySizeInBits: attrs[(id)kSecAttrKeySizeInBits], + (id)kSecAttrKeyClass: (id)kSecAttrKeyClassPublic, + }; + SecKeyRef pubKey = SecKeyCreateWithData(in1, (CFDictionaryRef)params, error); + if (pubKey == NULL) { + return NULL; + } + result = SecKeyCopyKeyExchangeResult(privateKey, algorithm, pubKey, in2, error); + CFReleaseSafe(pubKey); + } + break; + } + case kSecKeyOperationTypeDecrypt: { + if (CFEqual(algorithm, kSecKeyAlgorithmRSAEncryptionRaw)) { + result = SecKeyCreateDecryptedData(privateKey, algorithm, in1, error); + } + break; + } + default: + break; + } + return result; + }; + }); + + NSDictionary *privateParams = CFBridgingRelease(SecKeyCopyAttributes(privateKey)); + NSDictionary *params = @{ (id)kSecAttrKeyType : privateParams[(id)kSecAttrKeyType], + (id)kSecAttrKeySizeInBits : privateParams[(id)kSecAttrKeySizeInBits], + (id)kSecAttrTokenID : @"tid-ies", + (id)kSecPrivateKeyAttrs : @{ (id)kSecAttrIsPermanent : @YES } + }; + NSError *error; + SecKeyRef tokenKey = SecKeyCreateRandomKey((CFDictionaryRef)params, (void *)&error); + ok(tokenKey != NULL, "create token-based key (err %@)", error); + SecKeyRef tokenPublicKey = SecKeyCopyPublicKey(tokenKey); + + NSData *plaintext = [@"plaintext" dataUsingEncoding:NSUTF8StringEncoding]; + + error = nil; + NSData *ciphertext = CFBridgingRelease(SecKeyCreateEncryptedData(tokenPublicKey, algorithm, (CFDataRef)plaintext, (void *)&error)); + ok(ciphertext, "failed to encrypt IES, err %@", error); + + NSData *decrypted = CFBridgingRelease(SecKeyCreateDecryptedData(tokenKey, algorithm, (CFDataRef)ciphertext, (void *)&error)); + ok(decrypted, "failed to decrypt IES, err %@", error); + + eq_cf((__bridge CFDataRef)plaintext, (__bridge CFDataRef)decrypted, "decrypted(%@) != plaintext(%@)", decrypted, plaintext); + + CFReleaseNull(tokenKey); + CFReleaseNull(tokenPublicKey); +} +static const int kIESCount = 4; + +static void test_ecies() { + NSError *error; + SecKeyRef privateKey = SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeECSECPrimeRandom, (id)kSecAttrKeySizeInBits: @256}, (void *)&error); + ok(privateKey != NULL, "failed to generate CPU EC key: %@", error); + + test_ies(privateKey, kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM); + + CFReleaseNull(privateKey); +} +static const int kECIESCount = kIESCount + 1; + +static void test_rsawrap() { + NSError *error; + SecKeyRef privateKey = SecKeyCreateRandomKey((CFDictionaryRef)@{(id)kSecAttrKeyType: (id)kSecAttrKeyTypeRSA, (id)kSecAttrKeySizeInBits: @2048}, (void *)&error); + ok(privateKey != NULL, "failed to generate CPU RSA key: %@", error); + + test_ies(privateKey, kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM); + + CFReleaseNull(privateKey); +} +static const int kRSAWrapCount = kIESCount + 1; static void tests(void) { /* custom keychain dir */ @@ -1025,6 +1131,8 @@ static void tests(void) { test_error_codes(); test_propagate_token_items(); test_identity_on_two_tokens(); + test_rsawrap(); + test_ecies(); } int secd_33_keychain_ctk(int argc, char *const *argv) { @@ -1038,6 +1146,8 @@ int secd_33_keychain_ctk(int argc, char *const *argv) { kErrorCodesCount + kPropagateCount + kIdentityonTwoTokensCount + + kECIESCount + + kRSAWrapCount + kSecdTestSetupTestCount); tests(); diff --git a/OSX/sec/securityd/Regressions/secd-34-backup-der-parse.c b/OSX/sec/securityd/Regressions/secd-34-backup-der-parse.c index 31f8c345..dcc571ec 100644 --- a/OSX/sec/securityd/Regressions/secd-34-backup-der-parse.c +++ b/OSX/sec/securityd/Regressions/secd-34-backup-der-parse.c @@ -425,11 +425,8 @@ static void secd_perform_with_data_in_file(const char* test_prefix, void(^with)( }); - /* set custom keychain dir, reset db */ - CFStringPerformWithCString(tmp_dir, ^(const char *tmp_dir_string) { - SetCustomHomeURL(tmp_dir_string); - }); + SetCustomHomeURLString(tmp_dir); if(do_before_reset) do_before_reset(); diff --git a/OSX/sec/securityd/Regressions/secd-50-account.c b/OSX/sec/securityd/Regressions/secd-50-account.c index be6c76c9..dda4cc6d 100644 --- a/OSX/sec/securityd/Regressions/secd-50-account.c +++ b/OSX/sec/securityd/Regressions/secd-50-account.c @@ -97,14 +97,7 @@ static void tests(void) SOSDataSourceFactoryRelease(test_factory); SOSDataSourceRelease(test_source, NULL); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); - + SOSTestCleanup(); } int secd_50_account(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd-51-account-inflate.c b/OSX/sec/securityd/Regressions/secd-51-account-inflate.c index 25c2febf..e5f9f016 100644 --- a/OSX/sec/securityd/Regressions/secd-51-account-inflate.c +++ b/OSX/sec/securityd/Regressions/secd-51-account-inflate.c @@ -246,12 +246,7 @@ static void tests(void) ok(testAccountPersistence(account), "Test Account->DER->Account Equivalence"); CFReleaseNull(account); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); + SOSTestCleanup(); test_factory->release(test_factory); SOSDataSourceRelease(test_source, NULL); diff --git a/OSX/sec/securityd/Regressions/secd-52-account-changed.c b/OSX/sec/securityd/Regressions/secd-52-account-changed.c index ea8db431..791558f9 100644 --- a/OSX/sec/securityd/Regressions/secd-52-account-changed.c +++ b/OSX/sec/securityd/Regressions/secd-52-account-changed.c @@ -109,9 +109,20 @@ static void tests(void) accounts_agree_internal("bob&alice pair", bob_account, alice_account, false); accounts_agree_internal("bob&carol pair", bob_account, carol_account, false); + CFDictionaryRef alice_devstate = SOSTestSaveStaticAccountState(alice_account); + CFDictionaryRef bob_devstate = SOSTestSaveStaticAccountState(bob_account); + CFDictionaryRef carol_devstate = SOSTestSaveStaticAccountState(carol_account); /* ==================== Three Accounts in circle =============================================*/ InjectChangeToMulti(changes, CFSTR("^AccountChanged"), CFSTR("none"), alice_account, bob_account, carol_account, NULL); + + SOSTestRestoreAccountState(alice_account, alice_devstate); + SOSTestRestoreAccountState(bob_account, bob_devstate); + SOSTestRestoreAccountState(carol_account, carol_devstate); + + CFReleaseNull(alice_devstate); + CFReleaseNull(bob_devstate); + CFReleaseNull(carol_devstate); SOSAccountEnsureFactoryCirclesTest(alice_account, CFSTR("Alice")); SOSAccountEnsureFactoryCirclesTest(bob_account, CFSTR("Bob")); @@ -184,21 +195,12 @@ static void tests(void) accounts_agree_internal("bob&carol pair", bob_account, carol_account, false); CFReleaseSafe(cfpassword2); - - CFReleaseNull(alice_account); - CFReleaseNull(bob_account); - CFReleaseNull(carol_account); - - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); CFReleaseNull(changes); CFReleaseNull(alice_account); CFReleaseNull(bob_account); CFReleaseNull(carol_account); + SOSTestCleanup(); + } diff --git a/OSX/sec/securityd/Regressions/secd-52-offering-gencount-reset.c b/OSX/sec/securityd/Regressions/secd-52-offering-gencount-reset.c index 2a28b991..c4b3820f 100644 --- a/OSX/sec/securityd/Regressions/secd-52-offering-gencount-reset.c +++ b/OSX/sec/securityd/Regressions/secd-52-offering-gencount-reset.c @@ -159,14 +159,7 @@ static void tests(void) CFReleaseNull(bob_account); CFReleaseNull(alice_account); CFReleaseNull(cfpassword); - - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); - + SOSTestCleanup(); } int secd_52_offering_gencount_reset(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd-55-account-circle.c b/OSX/sec/securityd/Regressions/secd-55-account-circle.c index 9a4258f9..fb13f9f4 100644 --- a/OSX/sec/securityd/Regressions/secd-55-account-circle.c +++ b/OSX/sec/securityd/Regressions/secd-55-account-circle.c @@ -338,14 +338,7 @@ static void tests(void) CFReleaseNull(bob_account); CFReleaseNull(alice_account); CFReleaseNull(carol_account); - - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); - + SOSTestCleanup(); } int secd_55_account_circle(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd-55-account-incompatibility.c b/OSX/sec/securityd/Regressions/secd-55-account-incompatibility.c index 569ba92a..63aa17ee 100644 --- a/OSX/sec/securityd/Regressions/secd-55-account-incompatibility.c +++ b/OSX/sec/securityd/Regressions/secd-55-account-incompatibility.c @@ -220,14 +220,7 @@ static void tests(void) CFReleaseNull(alice_account); CFReleaseNull(carol_account); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); - - + SOSTestCleanup(); } int secd_55_account_incompatibility(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd-56-account-apply.c b/OSX/sec/securityd/Regressions/secd-56-account-apply.c index 81d0d34e..da6d8e6d 100644 --- a/OSX/sec/securityd/Regressions/secd-56-account-apply.c +++ b/OSX/sec/securityd/Regressions/secd-56-account-apply.c @@ -212,13 +212,7 @@ static void tests(void) CFReleaseNull(carole_account); CFReleaseNull(david_account); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); - + SOSTestCleanup(); } int secd_56_account_apply(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd-57-1-account-last-standing.c b/OSX/sec/securityd/Regressions/secd-57-1-account-last-standing.c index 96ade6fa..0b5c6445 100644 --- a/OSX/sec/securityd/Regressions/secd-57-1-account-last-standing.c +++ b/OSX/sec/securityd/Regressions/secd-57-1-account-last-standing.c @@ -149,12 +149,7 @@ static void tests(void) CFReleaseNull(alice_account); CFReleaseNull(bob_account); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); + SOSTestCleanup(); } int secd_57_1_account_last_standing(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd-57-account-leave.c b/OSX/sec/securityd/Regressions/secd-57-account-leave.c index bbec4104..cbc8ea71 100644 --- a/OSX/sec/securityd/Regressions/secd-57-account-leave.c +++ b/OSX/sec/securityd/Regressions/secd-57-account-leave.c @@ -251,12 +251,7 @@ static void tests(void) CFReleaseNull(carole_account); CFReleaseNull(david_account); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); + SOSTestCleanup(); } int secd_57_account_leave(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd-58-password-change.c b/OSX/sec/securityd/Regressions/secd-58-password-change.c index 145d2253..b48fcc86 100644 --- a/OSX/sec/securityd/Regressions/secd-58-password-change.c +++ b/OSX/sec/securityd/Regressions/secd-58-password-change.c @@ -223,13 +223,7 @@ static void tests(void) CFReleaseNull(carol_account); CFReleaseNull(cfnewpassword); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); - + SOSTestCleanup(); } int secd_58_password_change(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd-59-account-cleanup.c b/OSX/sec/securityd/Regressions/secd-59-account-cleanup.c index 3affffcf..5269da45 100644 --- a/OSX/sec/securityd/Regressions/secd-59-account-cleanup.c +++ b/OSX/sec/securityd/Regressions/secd-59-account-cleanup.c @@ -170,12 +170,7 @@ static void tests(void) CFReleaseNull(bob_account); CFReleaseNull(alice_account); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); + SOSTestCleanup(); } int secd_59_account_cleanup(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd-60-account-cloud-identity.c b/OSX/sec/securityd/Regressions/secd-60-account-cloud-identity.c index 620ce259..b9591b74 100644 --- a/OSX/sec/securityd/Regressions/secd-60-account-cloud-identity.c +++ b/OSX/sec/securityd/Regressions/secd-60-account-cloud-identity.c @@ -195,13 +195,7 @@ static void tests(void) CFReleaseNull(carole_account); CFReleaseNull(cfpassword); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); - + SOSTestCleanup(); } int secd_60_account_cloud_identity(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd-61-account-leave-not-in-kansas-anymore.c b/OSX/sec/securityd/Regressions/secd-61-account-leave-not-in-kansas-anymore.c index 7269614a..1348d96b 100644 --- a/OSX/sec/securityd/Regressions/secd-61-account-leave-not-in-kansas-anymore.c +++ b/OSX/sec/securityd/Regressions/secd-61-account-leave-not-in-kansas-anymore.c @@ -180,13 +180,7 @@ static void tests(void) CFReleaseNull(alice_account); CFReleaseNull(cfpassword); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); - + SOSTestCleanup(); } int secd_61_account_leave_not_in_kansas_anymore(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd-62-account-backup.c b/OSX/sec/securityd/Regressions/secd-62-account-backup.c index dd88584d..ba094efc 100644 --- a/OSX/sec/securityd/Regressions/secd-62-account-backup.c +++ b/OSX/sec/securityd/Regressions/secd-62-account-backup.c @@ -260,15 +260,7 @@ static void tests(void) CFReleaseNull(alice_account); CFReleaseNull(cfpassword); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); - - CFReleaseNull(kTestView1); - CFReleaseNull(kTestView2); + SOSTestCleanup(); #endif } diff --git a/OSX/sec/securityd/Regressions/secd-62-account-hsa-join.c b/OSX/sec/securityd/Regressions/secd-62-account-hsa-join.c index 896d3515..304ef092 100644 --- a/OSX/sec/securityd/Regressions/secd-62-account-hsa-join.c +++ b/OSX/sec/securityd/Regressions/secd-62-account-hsa-join.c @@ -144,13 +144,7 @@ static void tests(void) CFReleaseNull(alice_account); CFReleaseNull(carole_account); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); - + SOSTestCleanup(); } int secd_62_account_hsa_join(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd-63-account-resurrection.c b/OSX/sec/securityd/Regressions/secd-63-account-resurrection.c index 9956f1fb..ea55c716 100644 --- a/OSX/sec/securityd/Regressions/secd-63-account-resurrection.c +++ b/OSX/sec/securityd/Regressions/secd-63-account-resurrection.c @@ -199,12 +199,7 @@ static void tests(void) CFReleaseNull(alice_resurrected); CFReleaseNull(frozen_alice); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); + SOSTestCleanup(); } int secd_63_account_resurrection(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd-64-circlereset.c b/OSX/sec/securityd/Regressions/secd-64-circlereset.c index d377f41a..88ceb4d3 100644 --- a/OSX/sec/securityd/Regressions/secd-64-circlereset.c +++ b/OSX/sec/securityd/Regressions/secd-64-circlereset.c @@ -128,13 +128,7 @@ static void tests(void) CFReleaseNull(alice_account); CFReleaseNull(cfpassword); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); - + SOSTestCleanup(); } int secd_64_circlereset(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd-65-account-retirement-reset.c b/OSX/sec/securityd/Regressions/secd-65-account-retirement-reset.c index 278e7a73..b6c17414 100644 --- a/OSX/sec/securityd/Regressions/secd-65-account-retirement-reset.c +++ b/OSX/sec/securityd/Regressions/secd-65-account-retirement-reset.c @@ -171,12 +171,7 @@ static void tests(void) CFReleaseNull(alice_resurrected); CFReleaseNull(frozen_alice); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); + SOSTestCleanup(); } int secd_65_account_retirement_reset(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd-66-account-recovery.c b/OSX/sec/securityd/Regressions/secd-66-account-recovery.c new file mode 100644 index 00000000..6a7fc8cb --- /dev/null +++ b/OSX/sec/securityd/Regressions/secd-66-account-recovery.c @@ -0,0 +1,326 @@ +// +// secd-66-account-recovery.c +// Security +// +// Created by Richard Murphy on 10/5/16. +// +// + +#include + +/* + * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + + + + +#include +#include + +#include + +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "secd_regressions.h" +#include "SOSTestDataSource.h" + +#include "SOSRegressionUtilities.h" +#include "SecRecoveryKey.h" + +#include +#include + +#include +#include "SecdTestKeychainUtilities.h" + +#if TARGET_IPHONE_SIMULATOR + +int secd_66_account_recovery(int argc, char *const *argv) { + plan_tests(1); + secd_test_setup_temp_keychain(__FUNCTION__, NULL); + return 0; +} + +#else + +#include "SOSAccountTesting.h" + + +static CFDataRef CopyBackupKeyForString(CFStringRef string, CFErrorRef *error) +{ + __block CFDataRef result = NULL; + CFStringPerformWithUTF8CFData(string, ^(CFDataRef stringAsData) { + result = SOSCopyDeviceBackupPublicKey(stringAsData, error); + }); + return result; +} + +// 6 test cases +static void registerRecoveryKeyNow(CFMutableDictionaryRef changes, SOSAccountRef registrar, SOSAccountRef observer, CFDataRef recoveryPub, bool recKeyFirst) { + CFErrorRef error = NULL; + + ok(SOSAccountSetRecoveryKey(registrar, recoveryPub, &error), "Set Recovery Key"); + CFReleaseNull(error); + + int nchanges = (recKeyFirst) ? 3: 4; + is(ProcessChangesUntilNoChange(changes, registrar, observer, NULL), nchanges, "updates"); + + CFDataRef registrar_recKey = SOSAccountCopyRecoveryPublic(kCFAllocatorDefault, registrar, &error); + ok(registrar_recKey, "Registrar retrieved recKey"); + CFReleaseNull(error); + + CFDataRef observer_recKey = SOSAccountCopyRecoveryPublic(kCFAllocatorDefault, observer, &error); + ok(observer_recKey, "Observer retrieved recKey"); + CFReleaseNull(error); + + ok(CFEqualSafe(registrar_recKey, observer_recKey), "recKeys are the same"); + ok(CFEqualSafe(registrar_recKey, recoveryPub), "recKeys are as expected"); + CFReleaseNull(observer_recKey); + CFReleaseNull(registrar_recKey); +} + +static void tests(bool recKeyFirst) +{ + __block CFErrorRef error = NULL; + CFStringRef sock_drawer_key = CFSTR("AAAA-AAAA-AAAA-AAAA-AAAA-AAAA-AAGW"); + SecRecoveryKey *sRecKey = NULL; + CFDataRef fullKeyBytes = NULL; + CFDataRef pubKeyBytes = NULL; + + sRecKey = SecRKCreateRecoveryKey(sock_drawer_key); + ok(sRecKey, "Create SecRecoveryKey from String"); + if(sRecKey) { + fullKeyBytes = SecRKCopyBackupFullKey(sRecKey); + pubKeyBytes = SecRKCopyBackupPublicKey(sRecKey); + ok(fullKeyBytes && pubKeyBytes, "Got KeyPair from SecRecoveryKey"); + } + if(!(fullKeyBytes && pubKeyBytes)) { + diag("Cannot Proceed - couldn't make usable recoveryKey from sock-drawer-key"); + CFReleaseNull(fullKeyBytes); + CFReleaseNull(pubKeyBytes); + return; + } + + CFDataRef cfpassword = CFDataCreate(NULL, (uint8_t *) "FooFooFoo", 10); + CFStringRef cfaccount = CFSTR("test@test.org"); + CFStringRef cfdsid = CFSTR("DSIDFooFoo"); + + secd_test_setup_testviews(); // for running this test solo + + CFMutableDictionaryRef changes = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); + SOSAccountRef alice_account = CreateAccountForLocalChanges(CFSTR("Alice"), CFSTR("TestSource")); + SOSAccountAssertDSID(alice_account, cfdsid); + SOSAccountRef bob_account = CreateAccountForLocalChanges(CFSTR("Bob"), CFSTR("TestSource")); + SOSAccountAssertDSID(bob_account, cfdsid); + + CFDataRef alice_backup_key = CopyBackupKeyForString(CFSTR("Alice Backup Entropy"), &error); + CFDataRef bob_backup_key = CopyBackupKeyForString(CFSTR("Bob Backup Entropy"), &error); + + // Start Circle + ok(SOSTestStartCircleWithAccount(alice_account, changes, cfaccount, cfpassword), "Have Alice start a circle"); + is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), 1, "updates"); + ok(SOSTestJoinWithApproval(cfpassword, cfaccount, changes, alice_account, bob_account, KEEP_USERKEY, 2, false), "Bob Joins"); + + CFArrayRef peers = SOSAccountCopyPeers(alice_account, &error); + ok(peers && CFArrayGetCount(peers) == 2, "See two peers %@ (%@)", peers, error); + CFReleaseNull(peers); + + if(recKeyFirst) registerRecoveryKeyNow(changes, alice_account, bob_account, pubKeyBytes, recKeyFirst); + + is(SOSAccountUpdateView(alice_account, kTestView1, kSOSCCViewEnable, &error), kSOSCCViewMember, "Enable view (%@)", error); + CFReleaseNull(error); + + ok(SOSAccountCheckForRings(alice_account, &error), "Alice_account is good"); + CFReleaseNull(error); + + is(SOSAccountUpdateView(bob_account, kTestView1, kSOSCCViewEnable, &error), kSOSCCViewMember, "Enable view (%@)", error); + CFReleaseNull(error); + + ok(SOSAccountCheckForRings(bob_account, &error), "Bob_account is good"); + CFReleaseNull(error); + + ok(SOSAccountSetBackupPublicKey_wTxn(alice_account, alice_backup_key, &error), "Set backup public key, alice (%@)", error); + CFReleaseNull(error); + + ok(SOSAccountCheckForRings(alice_account, &error), "Alice_account is good"); + CFReleaseNull(error); + + ok(SOSAccountSetBackupPublicKey_wTxn(bob_account, bob_backup_key, &error), "Set backup public key, bob (%@)", error); + CFReleaseNull(error); + + ok(SOSAccountCheckForRings(bob_account, &error), "Bob_account is good"); + CFReleaseNull(error); + + ok(SOSAccountIsMyPeerInBackupAndCurrentInView(alice_account, kTestView1), "Is alice is in backup before sync?"); + + if(!recKeyFirst) { + SOSBackupSliceKeyBagRef bskb = SOSAccountBackupSliceKeyBagForView(alice_account, kTestView1, &error); + CFReleaseNull(error); + ok(!SOSBSKBHasRecoveryKey(bskb), "BSKB should not have recovery key"); + CFReleaseNull(bskb); + } + + ok(SOSAccountCheckForRings(alice_account, &error), "Alice_account is good"); + CFReleaseNull(error); + + ok(SOSAccountIsMyPeerInBackupAndCurrentInView(bob_account, kTestView1), "Is bob in the backup after sync? - 1"); + + ok(SOSAccountCheckForRings(bob_account, &error), "Alice_account is good"); + CFReleaseNull(error); + + is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), 4, "updates"); + + + ok(SOSAccountCheckForRings(alice_account, &error), "Alice_account is good"); + CFReleaseNull(error); + + ok(SOSAccountIsMyPeerInBackupAndCurrentInView(alice_account, kTestView1), "Is alice is in backup after sync?"); + + ok(SOSAccountIsMyPeerInBackupAndCurrentInView(bob_account, kTestView1), "IS bob in the backup after sync"); + + ok(!SOSAccountIsLastBackupPeer(alice_account, &error), "Alice is not last backup peer"); + CFReleaseNull(error); + + // + //Bob leaves the circle + // + ok(SOSAccountLeaveCircle(bob_account, &error), "Bob Leaves (%@)", error); + CFReleaseNull(error); + + //Alice should kick Bob out of the backup! + is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), 2, "updates"); + + ok(SOSAccountIsMyPeerInBackupAndCurrentInView(alice_account, kTestView1), "Bob left the circle, Alice is not in the backup"); + + ok(SOSAccountIsLastBackupPeer(alice_account, &error), "Alice is last backup peer"); + CFReleaseNull(error); + ok(!SOSAccountIsLastBackupPeer(bob_account, &error), "Bob is not last backup peer"); + CFReleaseNull(error); + + ok(testAccountPersistence(alice_account), "Test Account->DER->Account Equivalence"); + + ok(!SOSAccountIsPeerInBackupAndCurrentInView(alice_account, SOSFullPeerInfoGetPeerInfo(bob_account->my_identity), kTestView1), "Bob is still in the backup!"); + + //Bob gets back into the circle + ok(SOSTestJoinWithApproval(cfpassword, cfaccount, changes, alice_account, bob_account, KEEP_USERKEY, 2, false), "Bob Re-Joins"); + + //enables view + is(SOSAccountUpdateView(bob_account, kTestView1, kSOSCCViewEnable, &error), kSOSCCViewMember, "Enable view (%@)", error); + CFReleaseNull(error); + + ok(!SOSAccountIsMyPeerInBackupAndCurrentInView(bob_account, kTestView1), "Bob isn't in the backup yet"); + + ok(!SOSAccountIsLastBackupPeer(alice_account, &error), "Alice is not last backup peer - Bob still registers as one"); + CFReleaseNull(error); + + ok(SOSAccountSetBackupPublicKey_wTxn(bob_account, bob_backup_key, &error), "Set backup public key, alice (%@)", error); + + is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), 1, "updates"); + + ok(!SOSAccountIsLastBackupPeer(alice_account, &error), "Alice is not last backup peer"); + CFReleaseNull(error); + + // + //removing backup key for bob account + // + + ok(SOSAccountRemoveBackupPublickey_wTxn(bob_account, &error), "Removing Bob's backup key (%@)", error); + int nchanges = (recKeyFirst) ? 4: 3; + is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), nchanges, "updates"); + + ok(!SOSAccountIsMyPeerInBackupAndCurrentInView(bob_account, kTestView1), "Bob's backup key is in the backup - should not be so!"); + ok(!SOSAccountIsPeerInBackupAndCurrentInView(alice_account, SOSFullPeerInfoGetPeerInfo(bob_account->my_identity), kTestView1), "Bob is up to date in the backup!"); + + // + // Setting new backup public key for Bob + // + + ok(SOSAccountSetBackupPublicKey_wTxn(bob_account, bob_backup_key, &error), "Set backup public key, alice (%@)", error); + CFReleaseNull(error); + + is(SOSAccountUpdateView(bob_account, kTestView1, kSOSCCViewEnable, &error), kSOSCCViewMember, "Enable view (%@)", error); + ok(SOSAccountNewBKSBForView(bob_account, kTestView1, &error), "Setting new backup public key for bob account failed: (%@)", error); + + //bob is in his own backup + ok(SOSAccountIsMyPeerInBackupAndCurrentInView(bob_account, kTestView1), "Bob's backup key is not in the backup"); + //alice does not have bob in her backup + ok(!SOSAccountIsPeerInBackupAndCurrentInView(alice_account, SOSFullPeerInfoGetPeerInfo(bob_account->my_identity), kTestView1), "Bob is up to date in the backup - should not be so!"); + + is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), 5, "updates"); + + ok(SOSAccountIsMyPeerInBackupAndCurrentInView(bob_account, kTestView1), "Bob's backup key should be in the backup"); + ok(SOSAccountIsMyPeerInBackupAndCurrentInView(alice_account, kTestView1), "Alice is in the backup"); + + if(!recKeyFirst) registerRecoveryKeyNow(changes, alice_account, bob_account, pubKeyBytes, recKeyFirst); + + ok(SOSAccountRecoveryKeyIsInBackupAndCurrentInView(alice_account, kTestView1), "Recovery Key is also in the backup"); + ok(SOSAccountRecoveryKeyIsInBackupAndCurrentInView(bob_account, kTestView1), "Recovery Key is also in the backup"); + + SOSBackupSliceKeyBagRef bskb = SOSAccountBackupSliceKeyBagForView(alice_account, kTestView1, &error); + CFReleaseNull(error); + + ok(SOSBSKBHasRecoveryKey(bskb), "BSKB should have recovery key"); + + CFDataRef wrappingKey = CFStringCreateExternalRepresentation(kCFAllocatorDefault, sock_drawer_key, kCFStringEncodingUTF8, 0); + ok(wrappingKey, "Made wrapping key from with sock drawer key"); + bskb_keybag_handle_t bskbHandle = SOSBSKBLoadAndUnlockWithWrappingSecret(bskb, wrappingKey, &error); + ok(bskbHandle, "Made bskbHandle with recover key"); + + ok(SOSAccountResetToEmpty(alice_account, &error), "Reset circle to empty"); + CFReleaseNull(error); + is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), 2, "updates"); + ok(SOSAccountIsBackupRingEmpty(bob_account, kTestView1), "Bob should not be in the backup"); + ok(SOSAccountIsBackupRingEmpty(alice_account, kTestView1), "Alice should not be in the backup"); + + CFReleaseNull(fullKeyBytes); + CFReleaseNull(pubKeyBytes); + CFReleaseNull(bskb); + + CFReleaseNull(bob_account); + CFReleaseNull(alice_account); + CFReleaseNull(cfpassword); + CFReleaseNull(wrappingKey); + + SOSTestCleanup(); +} + +int secd_66_account_recovery(int argc, char *const *argv) { + plan_tests(358); + + secd_test_setup_temp_keychain(__FUNCTION__, NULL); + + tests(true); + tests(false); + + return 0; +} + +#endif diff --git a/OSX/sec/securityd/Regressions/secd-668-ghosts.c b/OSX/sec/securityd/Regressions/secd-668-ghosts.c new file mode 100644 index 00000000..5e3e29cb --- /dev/null +++ b/OSX/sec/securityd/Regressions/secd-668-ghosts.c @@ -0,0 +1,199 @@ +/* + * Copyright (c) 2012-2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +// +// secd-668-ghosts.c +// sec +// + +#include +#include + +#include + +#include "secd_regressions.h" +#include "SOSAccountTesting.h" +#include "SecdTestKeychainUtilities.h" + +static int kTestTestCount = 538; + +/* + Make a circle with two peers - alice and bob(bob is iOS and serial#"abababababab") + have alice leave the circle + release bob, make a new bob - iOS and same serial number + try to join the circle - it should resetToOffering with ghost fix + + For phase 1 we expect the ghostfix to work with iOS devices, but not with MacOSX devices. + */ + +static void hauntedCircle(SOSPeerInfoDeviceClass devClass, bool expectGhostBusted) +{ + CFErrorRef error = NULL; + CFDataRef cfpassword = CFDataCreate(NULL, (uint8_t *) "FooFooFoo", 10); + CFStringRef cfaccount = CFSTR("test@test.org"); + CFStringRef ghostSerialID = CFSTR("abababababab"); + CFStringRef ghostIdsID = CFSTR("targetIDS"); + + CFMutableDictionaryRef changes = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); + SOSAccountRef alice_account = CreateAccountForLocalChanges(CFSTR("Alice"), CFSTR("TestSource")); + SOSAccountRef bob_account = SOSTestCreateAccountAsSerialClone(CFSTR("Bob"), devClass, ghostSerialID, ghostIdsID); + + // Start Circle + ok(SOSTestStartCircleWithAccount(alice_account, changes, cfaccount, cfpassword), "Have Alice start a circle"); + is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), 1, "updates"); + ok(SOSTestJoinWithApproval(cfpassword, cfaccount, changes, alice_account, bob_account, KEEP_USERKEY, 2, false), "Bob Joins"); + + // Alice Leaves + ok(SOSAccountLeaveCircle(alice_account, &error), "Alice Leaves (%@)", error); + CFReleaseNull(error); + is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), 2, "updates"); + accounts_agree("Alice bails", bob_account, alice_account); + is(countPeers(bob_account), 1, "There should only be 1 valid peer"); + // We're dropping all peers that are in the circle - leaving a circle with only one peer - and that's a ghost + CFReleaseNull(alice_account); + CFReleaseNull(bob_account); + + // Make new bob - same as the old bob except peerID + + SOSAccountRef bobFinal = SOSTestCreateAccountAsSerialClone(CFSTR("BobFinal"), devClass, ghostSerialID, ghostIdsID); + ok(SOSTestJoinWith(cfpassword, cfaccount, changes, bobFinal), "Application Made"); + + // Did ghostbuster work? + is(ProcessChangesUntilNoChange(changes, bobFinal, NULL), 2, "updates"); + if(expectGhostBusted) { // ghostbusting is currently disabled for MacOSX Peers + ok(SOSAccountIsInCircle(bobFinal, NULL), "Bob is in"); + } else { + ok(!SOSAccountIsInCircle(bobFinal, NULL), "Bob is not in"); + } + + is(countPeers(bobFinal), 1, "There should only be 1 valid peer"); + + CFReleaseNull(bobFinal); + CFReleaseNull(changes); + + SOSTestCleanup(); +} + +static void multiBob(SOSPeerInfoDeviceClass devClass, bool expectGhostBusted, bool delayedPrivKey) { + CFErrorRef error = NULL; + CFDataRef cfpassword = CFDataCreate(NULL, (uint8_t *) "FooFooFoo", 10); + CFStringRef cfaccount = CFSTR("test@test.org"); + CFStringRef ghostSerialID = CFSTR("abababababab"); + CFStringRef ghostIdsID = CFSTR("targetIDS"); + + CFMutableDictionaryRef changes = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); + SOSAccountRef alice_account = CreateAccountForLocalChanges(CFSTR("Alice"), CFSTR("TestSource")); + + // Start Circle + ok(SOSAccountAssertUserCredentialsAndUpdate(alice_account, cfaccount, cfpassword, &error), "Credential setting (%@)", error); + is(ProcessChangesUntilNoChange(changes, alice_account, NULL), 1, "updates"); + + ok(SOSAccountResetToOffering_wTxn(alice_account, &error), "Reset to offering (%@)", error); + CFReleaseNull(error); + + is(ProcessChangesUntilNoChange(changes, alice_account, NULL), 1, "updates"); + + SOSTestMakeGhostInCircle(CFSTR("Bob1"), devClass, ghostSerialID, ghostIdsID, cfpassword, cfaccount, changes, alice_account, 2); + SOSTestMakeGhostInCircle(CFSTR("Bob2"), devClass, ghostSerialID, ghostIdsID, cfpassword, cfaccount, changes, alice_account, 3); + SOSTestMakeGhostInCircle(CFSTR("Bob3"), devClass, ghostSerialID, ghostIdsID, cfpassword, cfaccount, changes, alice_account, 4); + SOSTestMakeGhostInCircle(CFSTR("Bob4"), devClass, ghostSerialID, ghostIdsID, cfpassword, cfaccount, changes, alice_account, 5); + + SOSAccountRef bobFinal_account = SOSTestCreateAccountAsSerialClone(CFSTR("BobFinal"), devClass, ghostSerialID, ghostIdsID); + if(delayedPrivKey) { + SOSTestJoinWithApproval(cfpassword, cfaccount, changes, alice_account, bobFinal_account, DROP_USERKEY, 6, true); + is(countPeers(bobFinal_account), 6, "Expect ghosts still in circle"); + SOSAccountTryUserCredentials(bobFinal_account, cfaccount, cfpassword, &error); + ok(SOSTestChangeAccountDeviceName(bobFinal_account, CFSTR("ThereCanBeOnlyOneBob")), "force an unrelated circle change"); + is(ProcessChangesUntilNoChange(changes, alice_account, bobFinal_account, NULL), 3, "updates"); + } else { + SOSTestJoinWithApproval(cfpassword, cfaccount, changes, alice_account, bobFinal_account, KEEP_USERKEY, 2, true); + } + + is(countPeers(bobFinal_account), 2, "Expect ghostBobs to be gone"); + is(countPeers(alice_account), 2, "Expect ghostBobs to be gone"); + accounts_agree_internal("Alice and ThereCanBeOnlyOneBob are the only circle peers and they agree", alice_account, bobFinal_account, false); + + CFReleaseNull(bobFinal_account); + CFReleaseNull(alice_account); + CFReleaseNull(changes); + + SOSTestCleanup(); +} + +static void iosICloudIdentity() { + CFErrorRef error = NULL; + CFDataRef cfpassword = CFDataCreate(NULL, (uint8_t *) "FooFooFoo", 10); + CFStringRef cfaccount = CFSTR("test@test.org"); + CFStringRef ghostIdsID = CFSTR("targetIDS"); + + CFMutableDictionaryRef changes = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); + SOSAccountRef alice_account = CreateAccountForLocalChanges(CFSTR("Alice"), CFSTR("TestSource")); + + // Start Circle + ok(SOSTestStartCircleWithAccount(alice_account, changes, cfaccount, cfpassword), "Have Alice start a circle"); + + SOSCircleRef circle = SOSAccountGetCircle(alice_account, &error); + __block CFStringRef serial = NULL; + SOSCircleForEachActivePeer(circle, ^(SOSPeerInfoRef peer) { + if(SOSPeerInfoIsCloudIdentity(peer)) { + serial = SOSPeerInfoCopySerialNumber(peer); + } + }); + + SOSAccountRef bob_account = SOSTestCreateAccountAsSerialClone(CFSTR("Bob"), SOSPeerInfo_iOS, serial, ghostIdsID); + + is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), 1, "updates"); + ok(SOSTestJoinWithApproval(cfpassword, cfaccount, changes, alice_account, bob_account, KEEP_USERKEY, 2, false), "Bob Joins"); + + circle = SOSAccountGetCircle(alice_account, &error); + __block bool hasiCloudIdentity = false; + SOSCircleForEachActivePeer(circle, ^(SOSPeerInfoRef peer) { + if(SOSPeerInfoIsCloudIdentity(peer)) { + hasiCloudIdentity = true; + } + }); + + ok(hasiCloudIdentity, "GhostBusting didn't mess with the iCloud Identity"); + + CFReleaseNull(alice_account); + CFReleaseNull(bob_account); + CFReleaseNull(changes); + + SOSTestCleanup(); +} + +int secd_668_ghosts(int argc, char *const *argv) +{ + plan_tests(kTestTestCount); + + secd_test_setup_temp_keychain(__FUNCTION__, NULL); + + hauntedCircle(SOSPeerInfo_iOS, true); + hauntedCircle(SOSPeerInfo_macOS, false); + multiBob(SOSPeerInfo_iOS, true, false); + multiBob(SOSPeerInfo_iOS, false, true); + + iosICloudIdentity(); + + return 0; +} diff --git a/OSX/sec/securityd/Regressions/secd-67-prefixedKeyIDs.c b/OSX/sec/securityd/Regressions/secd-67-prefixedKeyIDs.c new file mode 100644 index 00000000..2661e38c --- /dev/null +++ b/OSX/sec/securityd/Regressions/secd-67-prefixedKeyIDs.c @@ -0,0 +1,129 @@ +// +// secd-67-prefixedKeyIDs.c +// Security +// +// Created by Richard Murphy on 11/1/16. +// +// + +#include +// +// secd-66-account-recovery.c +// Security +// +// Created by Richard Murphy on 10/5/16. +// +// + +#include + +/* + * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + + + + +#include +#include +#include "SOSKeyedPubKeyIdentifier.h" + +#include +#include + +#include "secd_regressions.h" +#include "SOSTestDataSource.h" + +#include "SOSRegressionUtilities.h" + +#include +#include + + + +#include "SOSAccountTesting.h" +static void tests() { + CFErrorRef error = NULL; + int keySizeInBits = 256; + CFNumberRef kzib = CFNumberCreate(NULL, kCFNumberIntType, &keySizeInBits); + + CFDictionaryRef keyattributes = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, + kSecAttrKeyType, kSecAttrKeyTypeEC, + kSecAttrKeySizeInBits, kzib, + NULL); + CFReleaseNull(kzib); + + + SecKeyRef key = SecKeyCreateRandomKey(keyattributes, &error); + CFReleaseNull(keyattributes); + SecKeyRef pubKey = SecKeyCreatePublicFromPrivate(key); + CFDataRef pubKeyData = NULL; + SecKeyCopyPublicBytes(pubKey, &pubKeyData); + CFStringRef properPref = CFSTR("RK"); + CFStringRef shortPref = CFSTR("R"); + CFStringRef longPref = CFSTR("RKR"); + + ok(key, "Made private key"); + ok(pubKey, "Made public key"); + ok(pubKeyData, "Made public key data"); + + CFStringRef pkidseckey = SOSKeyedPubKeyIdentifierCreateWithSecKey(properPref, pubKey); + ok(pkidseckey, "made string"); + CFStringRef pkidseckeyshort = SOSKeyedPubKeyIdentifierCreateWithSecKey(shortPref, pubKey); + ok(!pkidseckeyshort, "didn't make string"); + CFStringRef pkidseckeylong = SOSKeyedPubKeyIdentifierCreateWithSecKey(longPref, pubKey); + ok(!pkidseckeylong, "didn't make string"); + + ok(SOSKeyedPubKeyIdentifierIsPrefixed(pkidseckey), "properly prefixed string was made"); + CFStringRef retPref = SOSKeyedPubKeyIdentifierCopyPrefix(pkidseckey); + ok(retPref, "got prefix"); + ok(CFEqualSafe(retPref, properPref), "prefix matches"); + CFReleaseNull(retPref); + CFStringRef retHpub = SOSKeyedPubKeyIdentifierCopyHpub(pkidseckey); + ok(retHpub, "got hash of pubkey"); + + + CFStringRef pkiddata = SOSKeyedPubKeyIdentifierCreateWithData(properPref, pubKeyData); + ok(pkiddata, "made string"); + ok(CFEqualSafe(pkiddata, pkidseckey), "strings match"); + + diag("pkiddata %@", pkiddata); + diag("retPref %@", retPref); + CFReleaseNull(retHpub); + CFReleaseNull(key); + CFReleaseNull(pubKey); + CFReleaseNull(pubKeyData); + CFReleaseNull(pkidseckey); + CFReleaseNull(pkidseckeyshort); + CFReleaseNull(pkidseckeylong); + CFReleaseNull(pkiddata); + + +} + +int secd_67_prefixedKeyIDs(int argc, char *const *argv) { + plan_tests(12); + + tests(); + return 0; +} + diff --git a/OSX/sec/securityd/Regressions/secd-70-engine.c b/OSX/sec/securityd/Regressions/secd-70-engine.c index 58046edb..58728a48 100644 --- a/OSX/sec/securityd/Regressions/secd-70-engine.c +++ b/OSX/sec/securityd/Regressions/secd-70-engine.c @@ -196,7 +196,7 @@ static void testsyncempty(void) { CFReleaseSafe(deviceID); if (deviceIX > 0) { for (CFIndex version = 0; version < 3; version += 2) { - CFMutableDictionaryRef testDevices = SOSTestDeviceListCreate(false, version, deviceIDs); + CFMutableDictionaryRef testDevices = SOSTestDeviceListCreate(false, version, deviceIDs, NULL); SOSTestDeviceListSync("syncempty", test_directive, test_reason, testDevices, NULL, NULL); SOSTestDeviceListInSync("syncempty", test_directive, test_reason, testDevices); SOSTestDeviceDestroyEngine(testDevices); @@ -221,7 +221,7 @@ static void testsyncmany(const char *name, const char *test_directive, const cha CFArrayAppendValue(deviceIDs, deviceID); CFReleaseSafe(deviceID); if (deviceIX >= devFirst) { - CFMutableDictionaryRef testDevices = SOSTestDeviceListCreate(false, version, deviceIDs); + CFMutableDictionaryRef testDevices = SOSTestDeviceListCreate(false, version, deviceIDs, NULL); __block int iteration = 0; SOSTestDeviceListSync(name, test_directive, test_reason, testDevices, ^bool(SOSTestDeviceRef source, SOSTestDeviceRef dest) { bool didAdd = false; diff --git a/OSX/sec/securityd/Regressions/secd-71-engine-save.c b/OSX/sec/securityd/Regressions/secd-71-engine-save.c index 7ba78df9..f7fd6701 100644 --- a/OSX/sec/securityd/Regressions/secd-71-engine-save.c +++ b/OSX/sec/securityd/Regressions/secd-71-engine-save.c @@ -44,105 +44,148 @@ #include #include -static int kTestTestCount = 28 + 1; // +1 for secd_test_setup_temp_keychain +static int kTestTestCount = 8; + +/* + Attributes for a v0 engine-state genp item + + MANGO-iPhone:~ mobile$ security item class=genp,acct=engine-state + acct : engine-state + agrp : com.apple.security.sos + cdat : 2016-04-18 20:40:33 +0000 + mdat : 2016-04-18 20:40:33 +0000 + musr : // + pdmn : dk + svce : SOSDataSource-ak + sync : 0 + tomb : 0 + */ #include "secd-71-engine-save-sample1.h" -static bool addEngineStateWithData(CFDataRef engineStateData) { - /* - MANGO-iPhone:~ mobile$ security item class=genp,acct=engine-state - acct : engine-state - agrp : com.apple.security.sos - cdat : 2016-04-18 20:40:33 +0000 - mdat : 2016-04-18 20:40:33 +0000 - musr : // - pdmn : dk - svce : SOSDataSource-ak - sync : 0 - tomb : 0 - */ - - CFMutableDictionaryRef item = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - - CFDictionarySetValue(item, kSecClass, kSecClassGenericPassword); - CFDictionarySetValue(item, kSecAttrAccount, CFSTR("engine-state")); - CFDictionarySetValue(item, kSecAttrAccessGroup, CFSTR("com.apple.security.sos")); - CFDictionarySetValue(item, kSecAttrAccessible, kSecAttrAccessibleAlwaysPrivate); - CFDictionarySetValue(item, kSecAttrService, CFSTR("SOSDataSource-ak")); - CFDictionarySetValue(item, kSecAttrSynchronizable, kCFBooleanFalse); - CFDictionarySetValue(item, kSecValueData, engineStateData); - - CFErrorRef localError = NULL; - OSStatus status = noErr; - is_status(status = SecItemAdd(item, (CFTypeRef *)&localError), errSecSuccess, "add v0 engine-state"); - CFReleaseSafe(item); - CFReleaseSafe(localError); - return status == noErr; +static bool verifyV2EngineState(SOSDataSourceRef ds, CFStringRef myPeerID) { + bool rx = false; + CFErrorRef error = NULL; + SOSTransactionRef txn = NULL; + CFDataRef basicEngineState = NULL; + CFDictionaryRef engineState = NULL; + + SKIP: { + CFDataRef basicEngineState = SOSDataSourceCopyStateWithKey(ds, kSOSEngineStatev2, kSecAttrAccessibleAlwaysPrivate, txn, &error); + skip("Failed to get V2 engine state", 2, basicEngineState); + ok(basicEngineState, "SOSDataSourceCopyStateWithKey:kSOSEngineStatev2"); + engineState = derStateToDictionaryCopy(basicEngineState, &error); + skip("Failed to DER decode V2 engine state", 1, basicEngineState); + CFStringRef engID = (CFStringRef)asString(CFDictionaryGetValue(engineState, CFSTR("id")), &error); + ok(CFEqualSafe(myPeerID, engID),"Check myPeerID"); + rx = true; + } + + CFReleaseSafe(basicEngineState); + CFReleaseSafe(engineState); + CFReleaseSafe(error); + return rx; } -#if 0 -static void testsync2(const char *name, const char *test_directive, const char *test_reason, void (^aliceInit)(SOSDataSourceRef ds), void (^bobInit)(SOSDataSourceRef ds), CFStringRef msg, ...) { - __block int iteration=0; - SOSTestDeviceListTestSync(name, test_directive, test_reason, kSOSPeerVersion, false, ^bool(SOSTestDeviceRef source, SOSTestDeviceRef dest) { - if (iteration == 96) { - pass("%@ before message", source); - } - return false; - }, ^bool(SOSTestDeviceRef source, SOSTestDeviceRef dest, SOSMessageRef message) { - iteration++; - if (iteration == 60) { - pass("%@ before addition", source); - //SOSTestDeviceAddGenericItem(source, CFSTR("test_account"), CFSTR("test service")); - SOSTestDeviceAddRemoteGenericItem(source, CFSTR("test_account"), CFSTR("test service")); - pass("%@ after addition", source); - return true; - } - return false; - }, CFSTR("alice"), CFSTR("bob"), CFSTR("claire"), CFSTR("dave"),CFSTR("edward"), CFSTR("frank"), CFSTR("gary"), NULL); -} -#endif - -static void testsync2p(void) { - __block int iteration = 0; - SOSTestDeviceListTestSync("testsync2p", test_directive, test_reason, 0, false, ^bool(SOSTestDeviceRef source, SOSTestDeviceRef dest) { - iteration++; - // Add 10 items in first 10 sync messages - if (iteration <= 10) { - CFStringRef account = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("item%d"), iteration); - SOSTestDeviceAddGenericItem(source, account, CFSTR("testsync2p")); - CFReleaseSafe(account); - return true; - } - return false; - }, ^bool(SOSTestDeviceRef source, SOSTestDeviceRef dest, SOSMessageRef message) { - return false; - }, CFSTR("Atestsync2p"), CFSTR("Btestsync2p"), NULL); +static bool verifyV2PeerStates(SOSDataSourceRef ds, CFStringRef myPeerID, CFArrayRef peers) { + bool rx = false; + __block CFErrorRef error = NULL; + SOSTransactionRef txn = NULL; + CFDictionaryRef peerStateDict = NULL; + CFDataRef data = NULL; + __block CFIndex peerCount = CFArrayGetCount(peers) - 1; // drop myPeerID + + SKIP: { + data = SOSDataSourceCopyStateWithKey(ds, kSOSEnginePeerStates, kSOSEngineProtectionDomainClassD, txn, &error); + skip("Failed to get V2 peerStates", 3, data); + + peerStateDict = derStateToDictionaryCopy(data, &error); + skip("Failed to DER decode V2 peerStates", 2, peerStateDict); + ok(peerStateDict, "SOSDataSourceCopyStateWithKey:kSOSEnginePeerStates"); + + // Check that each peer passed in exists in peerStateDict + CFArrayForEach(peers, ^(const void *key) { + CFStringRef peerID = (CFStringRef)asString(key, &error); + if (!CFEqualSafe(myPeerID, peerID)) { + if (CFDictionaryContainsKey(peerStateDict, peerID)) + peerCount--; + } + }); + ok(peerCount==0,"Peers exist in peer list (%ld)", (CFArrayGetCount(peers) - 1 - peerCount)); + rx = true; + } + + CFReleaseSafe(peerStateDict); + CFReleaseSafe(data); + CFReleaseSafe(error); + return rx; } -static void savetests(void) { - ok(true,"message"); -// SOSEngineSave(SOSEngineRef engine, SOSTransactionRef txn, CFErrorRef *error) - testsync2p(); +static bool checkV2EngineStates(SOSTestDeviceRef td, CFStringRef myPeerID, CFArrayRef peers) { + bool rx = true; + CFErrorRef error = NULL; + SOSTransactionRef txn = NULL; + CFDictionaryRef manifestCache = NULL; + CFDataRef data = NULL; +// CFMutableDictionaryRef codersDict = NULL; // SOSEngineLoadCoders + + rx &= verifyV2EngineState(td->ds, myPeerID); + + data = SOSDataSourceCopyStateWithKey(td->ds, kSOSEngineManifestCache, kSOSEngineProtectionDomainClassD, txn, &error); + manifestCache = derStateToDictionaryCopy(data, &error); + CFReleaseNull(data); + + rx &= verifyV2PeerStates(td->ds, myPeerID, peers); + + CFReleaseSafe(manifestCache); + return rx; } +static void testSaveRestore(void) { + CFMutableArrayRef deviceIDs = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault); + CFArrayAppendValue(deviceIDs, CFSTR("lemon")); + CFArrayAppendValue(deviceIDs, CFSTR("lime")); + CFArrayAppendValue(deviceIDs, CFSTR("orange")); + bool bx = false; + int version = 2; + CFErrorRef error = NULL; + __block int devIdx = 0; + CFMutableDictionaryRef testDevices = SOSTestDeviceListCreate(false, version, deviceIDs, ^(SOSDataSourceRef ds) { + // This block is called before SOSEngineLoad + if (devIdx == 0) { + // Test migration of v0 to v2 engine state + CFDataRef engineStateData = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, es_mango_bin, es_mango_bin_len, kCFAllocatorNull); + SOSTestDeviceAddV0EngineStateWithData(ds, engineStateData); + CFReleaseSafe(engineStateData); + } + devIdx++; + }); + + CFStringRef sourceID = (CFStringRef)CFArrayGetValueAtIndex(deviceIDs, 0); + SOSTestDeviceRef source = (SOSTestDeviceRef)CFDictionaryGetValue(testDevices, sourceID); + + ok(SOSTestDeviceEngineSave(source, &error),"SOSTestDeviceEngineSave: %@",error); + + bx = SOSTestDeviceEngineLoad(source, &error); + ok(bx,"SOSTestEngineLoad: %@",error); + + bx = checkV2EngineStates(source, sourceID, deviceIDs); + ok(bx,"getV2EngineStates: %@",error); + + bx = SOSTestDeviceEngineSave(source, &error); + ok(bx,"SOSTestDeviceEngineSave v2: %@",error); + + SOSTestDeviceDestroyEngine(testDevices); + CFReleaseSafe(deviceIDs); + CFReleaseSafe(testDevices); + CFReleaseSafe(error); +} + int secd_71_engine_save(int argc, char *const *argv) { plan_tests(kTestTestCount); - /* custom keychain dir */ - // secd_test_setup_temp_keychain(__FUNCTION__, NULL); - secd_test_setup_temp_keychain(__FUNCTION__, ^{ - CFStringRef keychain_path_cf = __SecKeychainCopyPath(); - - CFDataRef engineStateData = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, es_mango_bin, es_mango_bin_len, kCFAllocatorNull); - ok(addEngineStateWithData(engineStateData),"failed to add v0 engine state"); - CFReleaseSafe(engineStateData); - CFReleaseSafe(keychain_path_cf); - }); - - // TODO: use call that prepopulates keychain (block for above) - ok(sizeof(es_mango_bin)== es_mango_bin_len,"bad mango"); - savetests(); + testSaveRestore(); return 0; } diff --git a/OSX/sec/securityd/Regressions/secd-76-idstransport.c b/OSX/sec/securityd/Regressions/secd-76-idstransport.c index 10ced6b0..64c8e636 100644 --- a/OSX/sec/securityd/Regressions/secd-76-idstransport.c +++ b/OSX/sec/securityd/Regressions/secd-76-idstransport.c @@ -153,7 +153,8 @@ static void tests() SOSFullPeerInfoUpdateTransportType(alice_account->my_identity, SOSTransportMessageTypeIDSV2, &localError); SOSFullPeerInfoUpdateTransportPreference(alice_account->my_identity, kCFBooleanFalse, &localError); SOSFullPeerInfoUpdateTransportFragmentationPreference(alice_account->my_identity, kCFBooleanTrue, &localError); - + SOSFullPeerInfoUpdateTransportAckModelPreference(alice_account->my_identity, kCFBooleanTrue, &localError); + return SOSCircleHasPeer(circle, SOSFullPeerInfoGetPeerInfo(alice_account->my_identity), NULL); }); @@ -167,7 +168,8 @@ static void tests() SOSFullPeerInfoUpdateTransportType(bob_account->my_identity, SOSTransportMessageTypeIDSV2, &localError); SOSFullPeerInfoUpdateTransportPreference(bob_account->my_identity, kCFBooleanFalse, &localError); SOSFullPeerInfoUpdateTransportFragmentationPreference(bob_account->my_identity, kCFBooleanTrue, &localError); - + SOSFullPeerInfoUpdateTransportAckModelPreference(bob_account->my_identity, kCFBooleanTrue, &localError); + return SOSCircleHasPeer(circle, SOSFullPeerInfoGetPeerInfo(bob_account->my_identity), NULL); }); @@ -184,17 +186,17 @@ static void tests() SOSTransportMessageIDSTestSetName(alice_account->ids_message_transport, CFSTR("Alice Account")); ok(SOSTransportMessageIDSTestGetName(alice_account->ids_message_transport) != NULL, "retrieved getting account name"); - ok(SOSAccountRetrieveDeviceIDFromIDSKeychainSyncingProxy(alice_account, &error) != false, "device ID from IDSKeychainSyncingProxy"); + ok(SOSAccountRetrieveDeviceIDFromKeychainSyncingOverIDSProxy(alice_account, &error) != false, "device ID from KeychainSyncingOverIDSProxy"); SOSTransportMessageIDSTestSetName(bob_account->ids_message_transport, CFSTR("Bob Account")); ok(SOSTransportMessageIDSTestGetName(bob_account->ids_message_transport) != NULL, "retrieved getting account name"); - ok(SOSAccountRetrieveDeviceIDFromIDSKeychainSyncingProxy(bob_account, &error) != false, "device ID from IDSKeychainSyncingProxy"); + ok(SOSAccountRetrieveDeviceIDFromKeychainSyncingOverIDSProxy(bob_account, &error) != false, "device ID from KeychainSyncingOverIDSProxy"); - ok(SOSAccountSetMyDSID(alice_account, CFSTR("Alice"),&error), "Setting IDS device ID"); + ok(SOSAccountSetMyDSID_wTxn(alice_account, CFSTR("Alice"),&error), "Setting IDS device ID"); CFStringRef alice_dsid = SOSAccountCopyDeviceID(alice_account, &error); ok(CFEqualSafe(alice_dsid, CFSTR("Alice")), "Getting IDS device ID"); - ok(SOSAccountSetMyDSID(bob_account, CFSTR("Bob"),&error), "Setting IDS device ID"); + ok(SOSAccountSetMyDSID_wTxn(bob_account, CFSTR("Bob"),&error), "Setting IDS device ID"); CFStringRef bob_dsid = SOSAccountCopyDeviceID(bob_account, &error); ok(CFEqualSafe(bob_dsid, CFSTR("Bob")), "Getting IDS device ID"); @@ -202,9 +204,9 @@ static void tests() SOSTransportMessageIDSTestSetName(alice_account->ids_message_transport, CFSTR("Alice Account")); ok(SOSTransportMessageIDSTestGetName(alice_account->ids_message_transport) != NULL, "retrieved getting account name"); - ok(SOSAccountRetrieveDeviceIDFromIDSKeychainSyncingProxy(alice_account, &error) != false, "device ID from IDSKeychainSyncingProxy"); + ok(SOSAccountRetrieveDeviceIDFromKeychainSyncingOverIDSProxy(alice_account, &error) != false, "device ID from KeychainSyncingOverIDSProxy"); - ok(SOSAccountSetMyDSID(alice_account, CFSTR("DSID"),&error), "Setting IDS device ID"); + ok(SOSAccountSetMyDSID_wTxn(alice_account, CFSTR("DSID"),&error), "Setting IDS device ID"); CFStringRef dsid = SOSAccountCopyDeviceID(alice_account, &error); ok(CFEqualSafe(dsid, CFSTR("DSID")), "Getting IDS device ID"); CFReleaseNull(dsid); @@ -293,13 +295,7 @@ static void tests() CFReleaseNull(bob_dsid); CFReleaseNull(changes); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); - + SOSTestCleanup(); } int secd_76_idstransport(int argc, char *const *argv) { diff --git a/OSX/sec/securityd/Regressions/secd-80-views-alwayson.c b/OSX/sec/securityd/Regressions/secd-80-views-alwayson.c new file mode 100644 index 00000000..d786ddc9 --- /dev/null +++ b/OSX/sec/securityd/Regressions/secd-80-views-alwayson.c @@ -0,0 +1,108 @@ +/* + * Copyright (c) 2012-2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +// +// secd-80-views-alwayson.c +// Security +// +// +// + + +#include +#include + +#include + +#include "secd_regressions.h" +#include "SOSAccountTesting.h" +#include "SecdTestKeychainUtilities.h" + +static int kTestTestCount = 46; + + +static void testView(SOSAccountRef account, SOSViewResultCode expected, CFStringRef view, SOSViewActionCode action, char *label) { + CFErrorRef error = NULL; + SOSViewResultCode vcode = 9999; + switch(action) { + case kSOSCCViewQuery: + vcode = SOSAccountViewStatus(account, view, &error); + break; + case kSOSCCViewEnable: + case kSOSCCViewDisable: // fallthrough + vcode = SOSAccountUpdateView(account, view, action, &error); + break; + default: + break; + } + is(vcode, expected, "%s (%@)", label, error); + CFReleaseNull(error); +} + +/* + Make a circle with two peers - alice and bob + Check for ContinuityUnlock View on Alice - it should be there + turn off ContinuityUnlock on Alice + Change the password with Bob - makeing Alice invalid + Update Alice with the new password + see that ContinuityUnlock is automatically back on because it's "always on" + */ + +static void alwaysOnTest() +{ + CFDataRef cfpassword = CFDataCreate(NULL, (uint8_t *) "FooFooFoo", 10); + CFDataRef cfpasswordNew = CFDataCreate(NULL, (uint8_t *) "FooFooFo2", 10); + CFStringRef cfaccount = CFSTR("test@test.org"); + + CFMutableDictionaryRef changes = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); + SOSAccountRef alice_account = CreateAccountForLocalChanges(CFSTR("Alice"), CFSTR("TestSource")); + SOSAccountRef bob_account = CreateAccountForLocalChanges(CFSTR("Bob"), CFSTR("TestSource")); + + // Start Circle + ok(SOSTestStartCircleWithAccount(alice_account, changes, cfaccount, cfpassword), "Have Alice start a circle"); + is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), 1, "updates"); + ok(SOSTestJoinWithApproval(cfpassword, cfaccount, changes, alice_account, bob_account, KEEP_USERKEY, 2, false), "Bob Joins"); + + testView(alice_account, kSOSCCViewMember, kSOSViewContinuityUnlock, kSOSCCViewQuery, "Expected view capability for kSOSViewContinuityUnlock"); + testView(alice_account, kSOSCCViewNotMember, kSOSViewContinuityUnlock, kSOSCCViewDisable, "Expected to disable kSOSViewContinuityUnlock"); + + ok(SOSAccountAssertUserCredentialsAndUpdate(bob_account, cfaccount, cfpasswordNew, NULL), "Bob changes the password"); + testView(alice_account, kSOSCCViewNotMember, kSOSViewContinuityUnlock, kSOSCCViewQuery, "Expected kSOSViewContinuityUnlock is off for alice still"); + ok(SOSAccountAssertUserCredentialsAndUpdate(alice_account, cfaccount, cfpasswordNew, NULL), "Alice sets the new password"); + testView(alice_account, kSOSCCViewMember, kSOSViewContinuityUnlock, kSOSCCViewQuery, "Expected view capability for kSOSViewContinuityUnlock"); + + CFReleaseNull(alice_account); + CFReleaseNull(bob_account); + CFReleaseNull(changes); + + SOSTestCleanup(); +} + +int secd_80_views_alwayson(int argc, char *const *argv) +{ + plan_tests(kTestTestCount); + + secd_test_setup_temp_keychain(__FUNCTION__, NULL); + alwaysOnTest(); + return 0; +} diff --git a/OSX/sec/securityd/Regressions/secd-80-views-basic.c b/OSX/sec/securityd/Regressions/secd-80-views-basic.c index ad0a0327..9887f572 100644 --- a/OSX/sec/securityd/Regressions/secd-80-views-basic.c +++ b/OSX/sec/securityd/Regressions/secd-80-views-basic.c @@ -84,7 +84,7 @@ static void testViewLists(void) { is(CFSetGetCount(allViews), 22, "make sure count of allViews is correct"); is(CFSetGetCount(defaultViews), 18, "make sure count of defaultViews is correct"); - is(CFSetGetCount(initialViews), 5, "make sure count of initialViews is correct"); + is(CFSetGetCount(initialViews), 14, "make sure count of initialViews is correct"); is(CFSetGetCount(alwaysOnViews), 18, "make sure count of alwaysOnViews is correct"); is(CFSetGetCount(backupRequiredViews), 3, "make sure count of backupRequiredViews is correct"); is(CFSetGetCount(V0Views), 6, "make sure count of V0Views is correct"); @@ -168,14 +168,7 @@ static void tests(void) SOSDataSourceRelease(test_source, NULL); SOSDataSourceFactoryRelease(test_factory); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); - + SOSTestCleanup(); } int secd_80_views_basic(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd-81-item-acl.c b/OSX/sec/securityd/Regressions/secd-81-item-acl.c index 614b3543..bdd5209d 100644 --- a/OSX/sec/securityd/Regressions/secd-81-item-acl.c +++ b/OSX/sec/securityd/Regressions/secd-81-item-acl.c @@ -322,7 +322,7 @@ static void item_with_application_password(uint32_t *item_num) // Try to update item with ACL with application password with the same password (it will fail because ACM context is not allowd for update attributes). CFDictionarySetValue(update, kSecUseCredentialReference, credRefData); LASetErrorCodeBlock(okBlock); - is_status(SecItemUpdate(item, update), errSecParam, "update local - add application password"); + is_status(SecItemUpdate(item, update), errSecNoSuchAttr, "update local - add application password"); CFDictionaryRemoveValue(update, kSecUseCredentialReference); LASetErrorCodeBlock(okBlock); diff --git a/OSX/sec/securityd/Regressions/secd-82-secproperties-basic.c b/OSX/sec/securityd/Regressions/secd-82-secproperties-basic.c index a7ecb6e3..8f6b7188 100644 --- a/OSX/sec/securityd/Regressions/secd-82-secproperties-basic.c +++ b/OSX/sec/securityd/Regressions/secd-82-secproperties-basic.c @@ -117,14 +117,7 @@ static void tests(void) SOSDataSourceRelease(test_source, NULL); SOSDataSourceFactoryRelease(test_factory); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); - + SOSTestCleanup(); } int secd_82_secproperties_basic(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd-90-hsa2.c b/OSX/sec/securityd/Regressions/secd-90-hsa2.c index 42278bd5..8c31c8f6 100644 --- a/OSX/sec/securityd/Regressions/secd-90-hsa2.c +++ b/OSX/sec/securityd/Regressions/secd-90-hsa2.c @@ -143,13 +143,7 @@ static void tests(void) CFReleaseNull(alice_account); CFReleaseNull(carole_account); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); - + SOSTestCleanup(); } diff --git a/OSX/sec/securityd/Regressions/secd60-account-cloud-exposure.c b/OSX/sec/securityd/Regressions/secd60-account-cloud-exposure.c index efa5e095..4b197a14 100644 --- a/OSX/sec/securityd/Regressions/secd60-account-cloud-exposure.c +++ b/OSX/sec/securityd/Regressions/secd60-account-cloud-exposure.c @@ -212,13 +212,7 @@ static void tests(void) CFReleaseNull(carole_account); CFReleaseNull(cfpassword); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); - + SOSTestCleanup(); } int secd_60_account_cloud_exposure(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd_77_ids_messaging.c b/OSX/sec/securityd/Regressions/secd_77_ids_messaging.c index 82c0be16..8f0eb989 100644 --- a/OSX/sec/securityd/Regressions/secd_77_ids_messaging.c +++ b/OSX/sec/securityd/Regressions/secd_77_ids_messaging.c @@ -53,7 +53,7 @@ #include "SOSTestDataSource.h" #include -static int kTestTestCount = 101; +static int kTestTestCount = 114; static bool SOSAccountIsThisPeerIDMe(SOSAccountRef account, CFStringRef peerID) { SOSPeerInfoRef mypi = SOSFullPeerInfoGetPeerInfo(account->my_identity); @@ -75,12 +75,10 @@ static void ids_test_sync(SOSAccountRef alice_account, SOSAccountRef bob_account SOSPeerInfoShouldUseIDSMessageFragmentation(SOSFullPeerInfoGetPeerInfo(alice_account->my_identity), peer)){ secnotice("IDS Transport","Syncing with IDS capable peers using IDS!"); - CFMutableDictionaryRef circleToIdsId = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); - CFMutableArrayRef ids = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault); - CFArrayAppendValue(ids, SOSPeerInfoGetPeerID(peer)); - CFDictionaryAddValue(circleToIdsId, SOSCircleGetName(alice_account->trusted_circle), ids); - SyncingCompletedOverIDS = SOSTransportMessageSyncWithPeers(alice_account->ids_message_transport, circleToIdsId, &localError); - CFReleaseNull(circleToIdsId); + CFMutableSetRef ids = CFSetCreateMutableForCFTypes(kCFAllocatorDefault); + CFSetAddValue(ids, SOSPeerInfoGetPeerID(peer)); + + SyncingCompletedOverIDS = SOSTransportMessageSyncWithPeers(alice_account->ids_message_transport, ids, &localError); CFReleaseNull(ids); } } @@ -93,13 +91,11 @@ static void ids_test_sync(SOSAccountRef alice_account, SOSAccountRef bob_account if(SOSPeerInfoShouldUseIDSTransport(SOSFullPeerInfoGetPeerInfo(bob_account->my_identity), peer) && SOSPeerInfoShouldUseIDSMessageFragmentation(SOSFullPeerInfoGetPeerInfo(bob_account->my_identity), peer)){ secnotice("IDS Transport","Syncing with IDS capable peers using IDS!"); - - CFMutableDictionaryRef circleToIdsId = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault); - CFMutableArrayRef ids = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault); - CFArrayAppendValue(ids, SOSPeerInfoGetPeerID(peer)); - CFDictionaryAddValue(circleToIdsId, SOSCircleGetName(bob_account->trusted_circle), ids); - SyncingCompletedOverIDS &= SOSTransportMessageSyncWithPeers(bob_account->ids_message_transport, circleToIdsId, &localError); - CFReleaseNull(circleToIdsId); + + CFMutableSetRef ids = CFSetCreateMutableForCFTypes(kCFAllocatorDefault); + CFSetAddValue(ids, SOSPeerInfoGetPeerID(peer)); + + SyncingCompletedOverIDS = SOSTransportMessageSyncWithPeers(bob_account->ids_message_transport, ids, &localError); CFReleaseNull(ids); } } @@ -216,7 +212,8 @@ static void tests() SOSFullPeerInfoUpdateTransportType(alice_account->my_identity, SOSTransportMessageTypeIDSV2, &localError); SOSFullPeerInfoUpdateTransportPreference(alice_account->my_identity, kCFBooleanFalse, &localError); SOSFullPeerInfoUpdateTransportFragmentationPreference(alice_account->my_identity, kCFBooleanTrue, &localError); - + SOSFullPeerInfoUpdateTransportAckModelPreference(alice_account->my_identity, kCFBooleanTrue, &localError); + return SOSCircleHasPeer(circle, SOSFullPeerInfoGetPeerInfo(alice_account->my_identity), NULL); }); @@ -230,7 +227,8 @@ static void tests() SOSFullPeerInfoUpdateTransportType(bob_account->my_identity, SOSTransportMessageTypeIDSV2, &localError); SOSFullPeerInfoUpdateTransportPreference(bob_account->my_identity, kCFBooleanFalse, &localError); SOSFullPeerInfoUpdateTransportFragmentationPreference(bob_account->my_identity, kCFBooleanTrue, &localError); - + SOSFullPeerInfoUpdateTransportAckModelPreference(bob_account->my_identity, kCFBooleanTrue, &localError); + return SOSCircleHasPeer(circle, SOSFullPeerInfoGetPeerInfo(bob_account->my_identity), NULL); }); @@ -247,18 +245,18 @@ static void tests() SOSTransportMessageIDSTestSetName(alice_account->ids_message_transport, CFSTR("Alice Account")); ok(SOSTransportMessageIDSTestGetName(alice_account->ids_message_transport) != NULL, "retrieved getting account name"); - ok(SOSAccountRetrieveDeviceIDFromIDSKeychainSyncingProxy(alice_account, &error) != false, "device ID from IDSKeychainSyncingProxy"); + ok(SOSAccountRetrieveDeviceIDFromKeychainSyncingOverIDSProxy(alice_account, &error) != false, "device ID from KeychainSyncingOverIDSProxy"); SOSTransportMessageIDSTestSetName(bob_account->ids_message_transport, CFSTR("Bob Account")); ok(SOSTransportMessageIDSTestGetName(bob_account->ids_message_transport) != NULL, "retrieved getting account name"); - ok(SOSAccountRetrieveDeviceIDFromIDSKeychainSyncingProxy(bob_account, &error) != false, "device ID from IDSKeychainSyncingProxy"); + ok(SOSAccountRetrieveDeviceIDFromKeychainSyncingOverIDSProxy(bob_account, &error) != false, "device ID from KeychainSyncingOverIDSProxy"); - ok(SOSAccountSetMyDSID(alice_account, CFSTR("Alice"),&error), "Setting IDS device ID"); + ok(SOSAccountSetMyDSID_wTxn(alice_account, CFSTR("Alice"),&error), "Setting IDS device ID"); CFStringRef alice_dsid = SOSAccountCopyDeviceID(alice_account, &error); ok(CFEqualSafe(alice_dsid, CFSTR("Alice")), "Getting IDS device ID"); - ok(SOSAccountSetMyDSID(bob_account, CFSTR("Bob"),&error), "Setting IDS device ID"); + ok(SOSAccountSetMyDSID_wTxn(bob_account, CFSTR("Bob"),&error), "Setting IDS device ID"); CFStringRef bob_dsid = SOSAccountCopyDeviceID(bob_account, &error); ok(CFEqualSafe(bob_dsid, CFSTR("Bob")), "Getting IDS device ID"); @@ -278,13 +276,7 @@ static void tests() CFReleaseNull(alice_dsid); CFReleaseNull(changes); - SOSUnregisterAllTransportMessages(); - SOSUnregisterAllTransportCircles(); - SOSUnregisterAllTransportKeyParameters(); - CFArrayRemoveAllValues(key_transports); - CFArrayRemoveAllValues(circle_transports); - CFArrayRemoveAllValues(message_transports); - + SOSTestCleanup(); } int secd_77_ids_messaging(int argc, char *const *argv) diff --git a/OSX/sec/securityd/Regressions/secd_regressions.h b/OSX/sec/securityd/Regressions/secd_regressions.h index 32ce9856..b04481ef 100644 --- a/OSX/sec/securityd/Regressions/secd_regressions.h +++ b/OSX/sec/securityd/Regressions/secd_regressions.h @@ -60,10 +60,12 @@ ONE_TEST(secd_62_account_backup) ONE_TEST(secd_63_account_resurrection) ONE_TEST(secd_64_circlereset) ONE_TEST(secd_65_account_retirement_reset) +ONE_TEST(secd_66_account_recovery) +ONE_TEST(secd_67_prefixedKeyIDs) ONE_TEST(secd_70_engine) ONE_TEST(secd_70_engine_corrupt) ONE_TEST(secd_70_engine_smash) -DISABLED_ONE_TEST(secd_71_engine_save) +ONE_TEST(secd_71_engine_save) ONE_TEST(secd_76_idstransport) ONE_TEST(secd_77_ids_messaging) @@ -71,6 +73,7 @@ DISABLED_ONE_TEST(secd_70_otr_remote) ONE_TEST(secd_74_engine_beer_servers) OFF_ONE_TEST(secd_75_engine_views) ONE_TEST(secd_80_views_basic) +ONE_TEST(secd_80_views_alwayson) ONE_TEST(secd_82_secproperties_basic) #if TARGET_IPHONE_SIMULATOR OFF_ONE_TEST(secd_81_item_acl_stress) @@ -90,4 +93,7 @@ ONE_TEST(secd_100_initialsync) ONE_TEST(secd_130_other_peer_views) ONE_TEST(secd_200_logstate) ONE_TEST(secd_201_coders) +ONE_TEST(secd_202_recoverykey) +ONE_TEST(secd_210_keyinterest) +ONE_TEST(secd_668_ghosts) diff --git a/OSX/sec/securityd/SOSCloudCircleServer.c b/OSX/sec/securityd/SOSCloudCircleServer.c index 33503349..f9681639 100644 --- a/OSX/sec/securityd/SOSCloudCircleServer.c +++ b/OSX/sec/securityd/SOSCloudCircleServer.c @@ -43,14 +43,19 @@ #include #include #include +#include #include +#include #include #include + #include #include #include +#include + #include #include @@ -66,7 +71,6 @@ #include #include #include -#include #include @@ -91,6 +95,13 @@ #include +#if TARGET_OS_EMBEDDED && !TARGET_IPHONE_SIMULATOR +static int64_t getTimeDifference(time_t start); +CFStringRef const SOSAggdSyncCompletionKey = CFSTR("com.apple.security.sos.synccompletion"); +CFStringRef const SOSAggdSyncTimeoutKey = CFSTR("com.apple.security.sos.timeout"); + +#endif + static SOSCCAccountDataSourceFactoryBlock accountDataSourceOverride = NULL; bool SOSKeychainAccountSetFactoryForAccount(SOSCCAccountDataSourceFactoryBlock block) @@ -243,7 +254,11 @@ static SOSAccountRef SOSKeychainAccountCreateSharedAccount(CFDictionaryRef our_g SOSAccountRef account = NULL; SOSDataSourceFactoryRef factory = accountDataSourceOverride ? accountDataSourceOverride() : SecItemDataSourceFactoryGetDefault(); - + if (!factory) { + CFReleaseNull(savedAccount); + return NULL; + } + if (savedAccount) { CFErrorRef inflationError = NULL; @@ -367,6 +382,7 @@ static CFDictionaryRef CreateDeviceGestaltDictionary(SCDynamicStoreRef store, CF kPIMessageProtocolVersionKey, protocolVersion, kPIOSVersionKey, osVersion, NULL); + CFReleaseSafe(osVersion); CFReleaseSafe(modelName); CFReleaseSafe(computerName); CFReleaseSafe(protocolVersion); @@ -470,12 +486,12 @@ static SOSAccountRef GetSharedAccount(void) { CFSetRef peer_additions, CFSetRef peer_removals, CFSetRef applicant_additions, CFSetRef applicant_removals) { CFErrorRef pi_error = NULL; - SOSPeerInfoRef me = SOSFullPeerInfoGetPeerInfo(sSharedAccount->my_identity); + SOSPeerInfoRef me = SOSAccountGetMyPeerInfo(sSharedAccount); if (!me) { secerror("Error finding me for change: %@", pi_error); } else { // TODO: Figure out why peer_additions isn't right in some cases (like when joining a v2 circle with a v0 peer. - if (SOSCircleHasPeer(circle, me, NULL) /* && CFSetGetCount(peer_additions) != 0 */) { + if (SOSCircleHasPeer(circle, me, NULL) && CFSetGetCount(peer_additions) != 0) { secnotice("updates", "Requesting Ensure Peer Registration."); SOSCloudKeychainRequestEnsurePeerRegistration(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), NULL); } else { @@ -484,14 +500,18 @@ static SOSAccountRef GetSharedAccount(void) { if (CFSetContainsValue(peer_additions, me)) { // TODO: Potentially remove from here and move this to the engine - // TODO: We also need to do this when our views change. - SOSCCSyncWithAllPeers(); + // TODO: We also need to do this when our views change. + CFMutableSetRef peers = SOSCircleCopyPeers(circle, kCFAllocatorDefault); + CFSetRemoveValue(peers, me); + if (!CFSetIsEmpty(peers)) { + SOSCCRequestSyncWithPeers(peers); + } + CFReleaseNull(peers); } } CFReleaseNull(pi_error); - // TODO: We should notify the engine of these changes here if (CFSetGetCount(peer_additions) != 0 || CFSetGetCount(peer_removals) != 0 || CFSetGetCount(applicant_additions) != 0 || @@ -511,9 +531,6 @@ static SOSAccountRef GetSharedAccount(void) { CFReleaseNull(removed); } notify_post(kSOSCCCircleChangedNotification); - // This might be a bit chatty for now, but it will get things moving for clients. - notify_post(kSOSCCViewMembershipChangedNotification); - } }); @@ -526,7 +543,7 @@ static SOSAccountRef GetSharedAccount(void) { CFReleaseSafe(changeDescription); CFErrorRef error = NULL; - handledKeys = SOSTransportDispatchMessages(account, changes, &error); + handledKeys = SOSTransportDispatchMessages(txn, changes, &error); if (!handledKeys) { secerror("Error handling updates: %@", error); CFReleaseNull(error); @@ -1085,7 +1102,7 @@ bool SOSCCSetDeviceID_Server(CFStringRef IDS, CFErrorRef *error){ __block bool result = false; didSetID = do_with_account_while_unlocked(error, ^bool (SOSAccountRef account, SOSAccountTransactionRef txn, CFErrorRef* block_error) { - result = SOSAccountSetMyDSID(account, IDS, error); + result = SOSAccountSetMyDSID(txn, IDS, error); if(block_error && error != NULL ){ *error = *block_error; @@ -1096,23 +1113,12 @@ bool SOSCCSetDeviceID_Server(CFStringRef IDS, CFErrorRef *error){ return didSetID; } -bool SOSCCRequestSyncWithPeerOverKVS_Server(CFStringRef deviceID, CFErrorRef *error) +bool SOSCCRequestSyncWithPeerOverKVS_Server(CFStringRef peerid, CFDataRef message, CFErrorRef *error) { __block bool result = NULL; result = do_with_account_while_unlocked(error, ^bool(SOSAccountRef account, SOSAccountTransactionRef txn, CFErrorRef *error) { - result = SOSAccountSyncWithKVSUsingIDSID(account, deviceID, error); - return result; - }); - return result; -} - -bool SOSCCRequestSyncWithPeerOverIDS_Server(CFStringRef deviceID, CFErrorRef *error) -{ - __block bool result = NULL; - - result = do_with_account_while_unlocked(error, ^bool(SOSAccountRef account, SOSAccountTransactionRef txn, CFErrorRef *error) { - result = SOSAccountSyncWithIDSPeer(account, deviceID, error); + result = SOSAccountSyncWithKVSPeerWithMessage(txn, peerid, message, error); return result; }); return result; @@ -1128,10 +1134,9 @@ HandleIDSMessageReason SOSCCHandleIDSMessage_Server(CFDictionaryRef messageDict, return true; })) { if (action_error) { - CFStringRef errorMessage = CFErrorCopyDescription(action_error); - if (CFEqualSafe(errorMessage, CFSTR("The operation couldn’t be completed. (Mach error -536870174 - Kern return error)")) ) { - secnotice("updates", "SOSCCHandleIDSMessage_Server failed because device is locked; letting IDSKeychainSyncingProxy know"); - result = kHandleIDSMessageLocked; // tell IDSKeychainSyncingProxy to call us back when device unlocks + if(CFErrorIsMalfunctioningKeybagError(action_error)){ + secnotice("updates", "SOSCCHandleIDSMessage_Server failed because device is locked; letting KeychainSyncingOverIDSProxy know"); + result = kHandleIDSMessageLocked; // tell KeychainSyncingOverIDSProxy to call us back when device unlock } else { secerror("Unexpected error: %@", action_error); } @@ -1140,41 +1145,49 @@ HandleIDSMessageReason SOSCCHandleIDSMessage_Server(CFDictionaryRef messageDict, *error = action_error; action_error = NULL; } - CFReleaseNull(errorMessage); CFReleaseNull(action_error); } } return result; } +bool SOSCCClearPeerMessageKeyInKVS_Server(CFStringRef peerID, CFErrorRef *error) +{ + __block bool result = false; + + result = do_with_account_while_unlocked(error, ^bool(SOSAccountRef account, SOSAccountTransactionRef txn, CFErrorRef *error) { + SOSAccountClearPeerMessageKey(txn, peerID, error); + return true; + }); + + return result; +} + bool SOSCCIDSPingTest_Server(CFStringRef message, CFErrorRef *error){ - bool didSendTestMessages = false; __block bool result = true; __block CFErrorRef blockError = NULL; - didSendTestMessages = do_with_account_while_unlocked(error, ^bool (SOSAccountRef account, SOSAccountTransactionRef txn, CFErrorRef* block_error) { - result = SOSAccountStartPingTest(account, message, &blockError); + result = do_with_account_while_unlocked(error, ^bool (SOSAccountRef account, SOSAccountTransactionRef txn, CFErrorRef* block_error) { + result &= SOSAccountStartPingTest(account, message, &blockError); return result; }); if(blockError && error != NULL) *error = blockError; - return didSendTestMessages; + return result; } bool SOSCCIDSServiceRegistrationTest_Server(CFStringRef message, CFErrorRef *error){ - bool didSendTestMessages = false; __block bool result = true; __block CFErrorRef blockError = NULL; - didSendTestMessages = do_with_account_while_unlocked(error, ^bool (SOSAccountRef account, SOSAccountTransactionRef txn, CFErrorRef* block_error) { - result = SOSAccountSendIDSTestMessage(account, message, &blockError); - return result; + result = do_with_account_while_unlocked(error, ^bool (SOSAccountRef account, SOSAccountTransactionRef txn, CFErrorRef* block_error) { + return SOSAccountSendIDSTestMessage(account, message, &blockError); }); if(blockError != NULL && error != NULL) *error = blockError; - return didSendTestMessages; + return result; } bool SOSCCIDSDeviceIDIsAvailableTest_Server(CFErrorRef *error){ @@ -1183,7 +1196,7 @@ bool SOSCCIDSDeviceIDIsAvailableTest_Server(CFErrorRef *error){ __block CFErrorRef blockError = NULL; didSendTestMessages = do_with_account_while_unlocked(error, ^bool (SOSAccountRef account, SOSAccountTransactionRef txn, CFErrorRef* block_error) { - result = SOSAccountRetrieveDeviceIDFromIDSKeychainSyncingProxy(account, &blockError); + result = SOSAccountRetrieveDeviceIDFromKeychainSyncingOverIDSProxy(account, &blockError); return result; }); if(blockError != NULL && error != NULL) @@ -1383,7 +1396,19 @@ CFArrayRef SOSCCCopyEngineState_Server(CFErrorRef* error) return result; } +#if TARGET_OS_EMBEDDED && !TARGET_IPHONE_SIMULATOR +static int64_t getTimeDifference(time_t start) +{ + time_t stop; + int64_t duration; + + stop = time(NULL); + duration = stop - start; + + return SecBucket1Significant(duration); +} +#endif bool SOSCCWaitForInitialSync_Server(CFErrorRef* error) { __block dispatch_semaphore_t inSyncSema = NULL; @@ -1391,13 +1416,19 @@ bool SOSCCWaitForInitialSync_Server(CFErrorRef* error) { __block bool synced = false; bool timed_out = false; __block CFStringRef inSyncCallID = NULL; - +#if TARGET_OS_EMBEDDED && !TARGET_IPHONE_SIMULATOR + __block time_t start; +#endif + secnotice("initial sync", "Wait for initial sync start!"); result = do_with_account_if_after_first_unlock(error, ^bool (SOSAccountRef account, SOSAccountTransactionRef txn, CFErrorRef* block_error) { bool alreadyInSync = SOSAccountHasCompletedInitialSync(account); if (!alreadyInSync) { +#if TARGET_OS_EMBEDDED && !TARGET_IPHONE_SIMULATOR + start = time(NULL); +#endif inSyncSema = dispatch_semaphore_create(0); dispatch_retain(inSyncSema); // For the block @@ -1447,8 +1478,21 @@ bool SOSCCWaitForInitialSync_Server(CFErrorRef* error) { SOSErrorCreate(kSOSInitialSyncFailed, error, NULL, CFSTR("Initial sync timed out.")); } + +#if TARGET_OS_EMBEDDED && !TARGET_IPHONE_SIMULATOR + + if(result) + { + SecADClientPushValueForDistributionKey(SOSAggdSyncCompletionKey, getTimeDifference(start)); + } + else if(!result) + { + SecADAddValueForScalarKey(SOSAggdSyncTimeoutKey, 1); + } +#endif + secnotice("initial sync", "Finished!: %d", result); - + fail: CFReleaseNull(inSyncCallID); return result; @@ -1591,6 +1635,16 @@ CFDictionaryRef SOSCCCopyEscrowRecord_Server(CFErrorRef *error){ return result; } +CFDictionaryRef SOSCCCopyBackupInformation_Server(CFErrorRef *error) { + __block CFDictionaryRef result = NULL; + + (void) do_with_account_if_after_first_unlock(error, ^bool(SOSAccountRef account, SOSAccountTransactionRef txn, CFErrorRef *error) { + result = SOSBackupInformation(txn, error); + return true; + }); + return result; +} + bool SOSCCSetEscrowRecord_Server(CFStringRef escrow_label, uint64_t tries, CFErrorRef *error){ __block bool result = true; @@ -1911,6 +1965,19 @@ bool SOSCCProcessEnsurePeerRegistration_Server(CFErrorRef* error) }); } +CF_RETURNS_RETAINED CFSetRef SOSCCProcessSyncWithPeers_Server(CFSetRef peers, CFSetRef backupPeers, CFErrorRef *error) { + __block CFSetRef result = NULL; + if (!do_with_account_while_unlocked(error, ^bool(SOSAccountRef account, SOSAccountTransactionRef txn, CFErrorRef *error) { + result = SOSAccountProcessSyncWithPeers(txn, peers, backupPeers, error); + return result != NULL; + })) { + // Be sure we don't return a result if we got an error + CFReleaseNull(result); + } + + return result; +} + SyncWithAllPeersReason SOSCCProcessSyncWithAllPeers_Server(CFErrorRef* error) { /* @@ -1918,22 +1985,11 @@ SyncWithAllPeersReason SOSCCProcessSyncWithAllPeers_Server(CFErrorRef* error) #define kIOReturnLockedWrite iokit_common_err(0x2c4) // device write locked */ __block SyncWithAllPeersReason result = kSyncWithAllPeersSuccess; + CFErrorRef action_error = NULL; if (!do_with_account_while_unlocked(&action_error, ^bool (SOSAccountRef account, SOSAccountTransactionRef txn, CFErrorRef* block_error) { - CFErrorRef localError = NULL; - - SOSAccountSendIKSPSyncList(account, &localError); - - if (!SOSAccountSyncWithAllKVSPeers(account, &localError)) { - secerror("sync with all peers failed: %@", localError); - CFReleaseSafe(localError); - // This isn't a device-locked error, but returning false will - // have CloudKeychainProxy ask us to try sync again after next unlock - result = kSyncWithAllPeersOtherFail; - return false; - } - return true; + return SOSAccountRequestSyncWithAllPeers(txn, block_error); })) { if (action_error) { if (SecErrorGetOSStatus(action_error) == errSecInteractionNotAllowed) { @@ -1943,28 +1999,91 @@ SyncWithAllPeersReason SOSCCProcessSyncWithAllPeers_Server(CFErrorRef* error) } else { secerror("Unexpected error: %@", action_error); } - - if (error && *error == NULL) { - *error = action_error; - action_error = NULL; - } - - CFReleaseNull(action_error); } + + SecErrorPropagate(action_error, error); } return result; } -void SOSCCSyncWithAllPeers(void) +// +// Sync requesting +// + +void SOSCCRequestSyncWithPeer(CFStringRef peerID) { + CFArrayRef peers = CFArrayCreateForCFTypes(kCFAllocatorDefault, peerID, NULL); + + SOSCCRequestSyncWithPeersList(peers); + + CFReleaseNull(peers); +} + +bool SOSCCRequestSyncWithPeerOverKVSUsingIDOnly_Server(CFStringRef deviceID, CFErrorRef *error) { - os_activity_initiate("CloudCircle SyncWithAllPeers", OS_ACTIVITY_FLAG_DEFAULT, ^(void) { + __block bool result = NULL; + + result = do_with_account_while_unlocked(error, ^bool(SOSAccountRef account, SOSAccountTransactionRef txn, CFErrorRef *error) { + result = SOSAccountSyncWithKVSUsingIDSID(account, deviceID, error); + return result; + }); + return result; +} + +void SOSCCRequestSyncWithPeers(CFSetRef /*SOSPeerInfoRef/CFStringRef*/ peerIDs) { + CFMutableArrayRef peerIDArray = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault); + + CFSetForEach(peerIDs, ^(const void *value) { + if (isString(value)) { + CFArrayAppendValue(peerIDArray, value); + } else if (isSOSPeerInfo(value)) { + SOSPeerInfoRef peer = asSOSPeerInfo(value); + CFArrayAppendValue(peerIDArray, SOSPeerInfoGetPeerID(peer)); + } else { + secerror("Bad element, skipping: %@", value); + } + }); + + SOSCCRequestSyncWithPeersList(peerIDArray); - SOSCloudKeychainRequestSyncWithAllPeers(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), NULL); + CFReleaseNull(peerIDArray); +} + +void SOSCCRequestSyncWithPeersList(CFArrayRef /*CFStringRef*/ peerIDs) { + os_activity_initiate("CloudCircle RequestSyncWithPeersList", OS_ACTIVITY_FLAG_DEFAULT, ^(void) { + CFArrayRef empty = CFArrayCreateForCFTypes(kCFAllocatorDefault, NULL); + + CFStringArrayPerfromWithDescription(peerIDs, ^(CFStringRef description) { + secnotice("syncwith", "Request Sync With: %@", description); + }); + + SOSCloudKeychainRequestSyncWithPeers(peerIDs, empty, + dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), NULL); + CFReleaseNull(empty); + }); +} + +void SOSCCRequestSyncWithBackupPeer(CFStringRef backupPeerId) { + os_activity_initiate("CloudCircle RequestSyncWithPeersList", OS_ACTIVITY_FLAG_DEFAULT, ^(void) { + CFArrayRef empty = CFArrayCreateForCFTypes(kCFAllocatorDefault, NULL); + CFArrayRef backupPeerList = CFArrayCreateForCFTypes(kCFAllocatorDefault, backupPeerId, NULL); + + CFStringArrayPerfromWithDescription(backupPeerList, ^(CFStringRef description) { + secnotice("syncwith", "Request backup sync With: %@", description); + }); + + SOSCloudKeychainRequestSyncWithPeers(empty, backupPeerList, + dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), NULL); + CFReleaseNull(empty); + CFReleaseNull(backupPeerList); }); } +bool SOSCCIsSyncPendingFor(CFStringRef peerID, CFErrorRef *error) { + return SOSCloudKeychainHasPendingSyncWithPeer(peerID, error); +} + void SOSCCEnsurePeerRegistration(void) { os_activity_initiate("CloudCircle EnsurePeerRegistration", OS_ACTIVITY_FLAG_DEFAULT, ^(void) { @@ -2018,3 +2137,39 @@ CFBooleanRef SOSCCPeersHaveViewsEnabled_Server(CFArrayRef viewNames, CFErrorRef return result; } +bool SOSCCRegisterRecoveryPublicKey_Server(CFDataRef recovery_key, CFErrorRef *error){ + + __block bool result = NULL; + do_with_account_if_after_first_unlock(error, ^bool(SOSAccountRef account, SOSAccountTransactionRef txn, CFErrorRef *error) { + if(recovery_key != NULL && CFDataGetLength(recovery_key) != 0) + result = SOSAccountRegisterRecoveryPublicKey(txn, recovery_key, error); + else + result = SOSAccountClearRecoveryPublicKey(txn, recovery_key, error); + return result; + }); + + return result; +} + +CFDataRef SOSCCCopyRecoveryPublicKey_Server(CFErrorRef *error){ + + __block CFDataRef result = NULL; + do_with_account_if_after_first_unlock(error, ^bool(SOSAccountRef account, SOSAccountTransactionRef txn, CFErrorRef *error) { + result = SOSAccountCopyRecoveryPublicKey(txn, error); + return result != NULL; + }); + + return result; +} + +bool SOSCCMessageFromPeerIsPending_Server(SOSPeerInfoRef peer, CFErrorRef *error) { + return do_with_account_if_after_first_unlock(error, ^bool(SOSAccountRef account, SOSAccountTransactionRef txn, CFErrorRef *error) { + return SOSAccountMessageFromPeerIsPending(txn, peer, error); + }); +} + +bool SOSCCSendToPeerIsPending_Server(SOSPeerInfoRef peer, CFErrorRef *error) { + return do_with_account_if_after_first_unlock(error, ^bool(SOSAccountRef account, SOSAccountTransactionRef txn, CFErrorRef *error) { + return SOSAccountSendToPeerIsPending(txn, peer, error); + }); +} diff --git a/OSX/sec/securityd/SOSCloudCircleServer.h b/OSX/sec/securityd/SOSCloudCircleServer.h index 8da304e9..d22d48d3 100644 --- a/OSX/sec/securityd/SOSCloudCircleServer.h +++ b/OSX/sec/securityd/SOSCloudCircleServer.h @@ -47,8 +47,8 @@ bool SOSCCRequestToJoinCircleAfterRestore_Server(CFErrorRef* error); CFStringRef SOSCCCopyDeviceID_Server(CFErrorRef *error); bool SOSCCSetDeviceID_Server(CFStringRef IDS, CFErrorRef *error); HandleIDSMessageReason SOSCCHandleIDSMessage_Server(CFDictionaryRef messageDict, CFErrorRef* error); -bool SOSCCRequestSyncWithPeerOverKVS_Server(CFStringRef peerID, CFErrorRef *error); -bool SOSCCRequestSyncWithPeerOverIDS_Server(CFStringRef deviceID, CFErrorRef *error); +bool SOSCCRequestSyncWithPeerOverKVS_Server(CFStringRef peerID, CFDataRef message, CFErrorRef *error); +bool SOSCCClearPeerMessageKeyInKVS_Server(CFStringRef peerID, CFErrorRef *error); bool SOSCCIDSServiceRegistrationTest_Server(CFStringRef message, CFErrorRef *error); bool SOSCCIDSPingTest_Server(CFStringRef message, CFErrorRef *error); @@ -104,7 +104,10 @@ bool SOSCCSetLastDepartureReason_Server(enum DepartureReason reason, CFErrorRef bool SOSCCSetHSA2AutoAcceptInfo_Server(CFDataRef pubKey, CFErrorRef *error); bool SOSCCProcessEnsurePeerRegistration_Server(CFErrorRef* error); + +CF_RETURNS_RETAINED CFSetRef SOSCCProcessSyncWithPeers_Server(CFSetRef peers, CFSetRef backupPeers, CFErrorRef *error); SyncWithAllPeersReason SOSCCProcessSyncWithAllPeers_Server(CFErrorRef* error); +bool SOSCCRequestSyncWithPeerOverKVSUsingIDOnly_Server(CFStringRef deviceID, CFErrorRef *error); SOSPeerInfoRef SOSCCSetNewPublicBackupKey_Server(CFDataRef newPublicBackup, CFErrorRef *error); bool SOSCCRegisterSingleRecoverySecret_Server(CFDataRef backupSlice, bool setupV0Only, CFErrorRef *error); @@ -125,7 +128,13 @@ void sync_the_last_data_to_kvs(SOSAccountRef account, bool waitForeverForSynchro // Expected to be called when the data source changes. -void SOSCCSyncWithAllPeers(void); +void SOSCCRequestSyncWithPeer(CFStringRef peerID); +void SOSCCRequestSyncWithPeers(CFSetRef /*SOSPeerInfoRef/CFStringRef*/ peerIDs); +void SOSCCRequestSyncWithPeersList(CFArrayRef /*CFStringRef*/ peerIDs); +void SOSCCRequestSyncWithBackupPeer(CFStringRef backupPeerId); + +bool SOSCCIsSyncPendingFor(CFStringRef peerID, CFErrorRef *error); + void SOSCCEnsurePeerRegistration(void); void SOSCCAddSyncablePeerBlock(CFStringRef ds_name, SOSAccountSyncablePeersBlock changeBlock); dispatch_queue_t SOSCCGetAccountQueue(void); @@ -167,6 +176,10 @@ bool SOSItemUpdateOrAdd(CFStringRef label, CFStringRef accessibility, CFDataRef bool SOSCCSetEscrowRecord_Server(CFStringRef escrow_label, uint64_t tries, CFErrorRef *error); CFDictionaryRef SOSCCCopyEscrowRecord_Server(CFErrorRef *error); +bool SOSCCRegisterRecoveryPublicKey_Server(CFDataRef recovery_key, CFErrorRef *error); +CFDataRef SOSCCCopyRecoveryPublicKey_Server(CFErrorRef *error); + +CFDictionaryRef SOSCCCopyBackupInformation_Server(CFErrorRef *error); SOSPeerInfoRef SOSCCCopyApplication_Server(CFErrorRef *error); CFDataRef SOSCCCopyCircleJoiningBlob_Server(SOSPeerInfoRef applicant, CFErrorRef *error); @@ -175,6 +188,8 @@ bool SOSCCJoinWithCircleJoiningBlob_Server(CFDataRef joiningBlob, CFErrorRef *er bool SOSCCAccountHasPublicKey_Server(CFErrorRef *error); bool SOSCCAccountIsNew_Server(CFErrorRef *error); +bool SOSCCMessageFromPeerIsPending_Server(SOSPeerInfoRef peer, CFErrorRef *error); +bool SOSCCSendToPeerIsPending_Server(SOSPeerInfoRef peer, CFErrorRef *error); __END_DECLS diff --git a/OSX/sec/securityd/SecCAIssuerRequest.c b/OSX/sec/securityd/SecCAIssuerRequest.c index 40c893be..7f04b8e3 100644 --- a/OSX/sec/securityd/SecCAIssuerRequest.c +++ b/OSX/sec/securityd/SecCAIssuerRequest.c @@ -103,8 +103,8 @@ static bool SecCAIssuerRequestIssue(SecCAIssuerRequestRef request) { /* Releases parent unconditionally, and return a CFArrayRef containing parent if the normalized subject of parent matches the normalized issuer of certificate. */ -static CFArrayRef SecCAIssuerConvertToParents(SecCertificateRef certificate, - SecCertificateRef parent) { +static CF_RETURNS_RETAINED CFArrayRef SecCAIssuerConvertToParents(SecCertificateRef certificate, + SecCertificateRef CF_CONSUMED parent) { CFDataRef nic = SecCertificateGetNormalizedIssuerContent(certificate); CFArrayRef parents = NULL; if (parent) { @@ -139,8 +139,9 @@ static void SecCAIssuerRequestCompleted(asynchttp_t *http, if (!parent) { CFArrayRef certificates = NULL; certificates = SecCMSCertificatesOnlyMessageCopyCertificates(data); + /* @@@ Technically these can have more than one certificate */ if (certificates && CFArrayGetCount(certificates) == 1) { - parent = (SecCertificateRef)CFRetainSafe(CFArrayGetValueAtIndex(certificates, 0)); + parent = CFRetainSafe((SecCertificateRef)CFArrayGetValueAtIndex(certificates, 0)); } CFReleaseNull(certificates); } diff --git a/OSX/sec/securityd/SecCertificateSource.c b/OSX/sec/securityd/SecCertificateSource.c new file mode 100644 index 00000000..76811f4c --- /dev/null +++ b/OSX/sec/securityd/SecCertificateSource.c @@ -0,0 +1,762 @@ +/* + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + * + * SecCertificateSource.c - certificate sources for trust evaluation engine + * + */ + +#include +#include + +#include + +#include +#include +#include +#include +#include + +#include +#include + +#include +#include +#include +#include + +#include "OTATrustUtilities.h" +#include "SecCertificateSource.h" + +/******************************************************** + ***************** OTA Trust support ******************** + ********************************************************/ + + +//#ifndef SECITEM_SHIM_OSX + +static CFArrayRef subject_to_anchors(CFDataRef nic); +static CFArrayRef CopyCertsFromIndices(CFArrayRef offsets); + +static CFArrayRef subject_to_anchors(CFDataRef nic) +{ + CFArrayRef result = NULL; + + if (NULL == nic) + { + return result; + } + + SecOTAPKIRef otapkiref = SecOTAPKICopyCurrentOTAPKIRef(); + if (NULL == otapkiref) + { + return result; + } + + CFDictionaryRef lookupTable = SecOTAPKICopyAnchorLookupTable(otapkiref); + CFRelease(otapkiref); + + if (NULL == lookupTable) + { + return result; + } + + unsigned char subject_digest[CC_SHA1_DIGEST_LENGTH]; + memset(subject_digest, 0, CC_SHA1_DIGEST_LENGTH); + + (void)CC_SHA1(CFDataGetBytePtr(nic), (CC_LONG)CFDataGetLength(nic), subject_digest); + CFDataRef sha1Digest = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, subject_digest, CC_SHA1_DIGEST_LENGTH, kCFAllocatorNull); + + + result = (CFArrayRef)CFDictionaryGetValue(lookupTable, sha1Digest); + CFReleaseSafe(lookupTable); + CFReleaseSafe(sha1Digest); + + return result; +} + +static CFArrayRef CopyCertDataFromIndices(CFArrayRef offsets) +{ + CFMutableArrayRef result = NULL; + + SecOTAPKIRef otapkiref = SecOTAPKICopyCurrentOTAPKIRef(); + if (NULL == otapkiref) + { + return result; + } + + const char* anchorTable = SecOTAPKIGetAnchorTable(otapkiref); + if (NULL == anchorTable) + { + CFReleaseSafe(otapkiref); + return result; + } + + CFIndex num_offsets = CFArrayGetCount(offsets); + + result = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); + + for (CFIndex idx = 0; idx < num_offsets; idx++) + { + CFNumberRef offset = (CFNumberRef)CFArrayGetValueAtIndex(offsets, idx); + uint32_t offset_value = 0; + if (CFNumberGetValue(offset, kCFNumberSInt32Type, &offset_value)) + { + char* pDataPtr = (char *)(anchorTable + offset_value); + //int32_t record_length = *((int32_t * )pDataPtr); + //record_length = record_length; + pDataPtr += sizeof(uint32_t); + + int32_t cert_data_length = *((int32_t * )pDataPtr); + pDataPtr += sizeof(uint32_t); + + CFDataRef cert_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, (const UInt8 *)pDataPtr, + cert_data_length, kCFAllocatorNull); + if (NULL != cert_data) + { + CFArrayAppendValue(result, cert_data); + CFReleaseSafe(cert_data); + } + } + } + CFReleaseSafe(otapkiref); + return result; +} + +static CFArrayRef CopyCertsFromIndices(CFArrayRef offsets) +{ + CFMutableArrayRef result = NULL; + + CFArrayRef cert_data_array = CopyCertDataFromIndices(offsets); + + if (NULL != cert_data_array) + { + result = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); + CFIndex num_cert_datas = CFArrayGetCount(cert_data_array); + for (CFIndex idx = 0; idx < num_cert_datas; idx++) + { + CFDataRef cert_data = (CFDataRef)CFArrayGetValueAtIndex(cert_data_array, idx); + if (NULL != cert_data) + { + SecCertificateRef cert = SecCertificateCreateWithData(kCFAllocatorDefault, cert_data); + if (NULL != cert) + { + CFArrayAppendValue(result, cert); + CFRelease(cert); + } + } + } + CFRelease(cert_data_array); + } + return result; + +} +//#endif // SECITEM_SHIM_OSX + +/******************************************************** + *************** END OTA Trust support ****************** + ********************************************************/ + +/******************************************************** + ************ SecCertificateSource object *************** + ********************************************************/ + +bool SecCertificateSourceCopyParents(SecCertificateSourceRef source, + SecCertificateRef certificate, + void *context, SecCertificateSourceParents callback) { + return source->copyParents(source, certificate, context, callback); +} + +CFArrayRef SecCertificateSourceCopyUsageConstraints(SecCertificateSourceRef source, + SecCertificateRef certificate) { + if (source->copyUsageConstraints) { + return source->copyUsageConstraints(source, certificate); + } else { + return NULL; + } +} + +bool SecCertificateSourceContains(SecCertificateSourceRef source, + SecCertificateRef certificate) { + return source->contains(source, certificate); +} + +// MARK: - +// MARK: SecItemCertificateSource +/******************************************************** + *********** SecItemCertificateSource object ************ + ********************************************************/ +struct SecItemCertificateSource { + struct SecCertificateSource base; + CFArrayRef accessGroups; +}; +typedef struct SecItemCertificateSource *SecItemCertificateSourceRef; + +static CF_RETURNS_RETAINED CFTypeRef SecItemCertificateSourceResultsPost(CFTypeRef raw_results) { + if (isArray(raw_results)) { + CFMutableArrayRef result = CFArrayCreateMutable(kCFAllocatorDefault, CFArrayGetCount(raw_results), &kCFTypeArrayCallBacks); + CFArrayForEach(raw_results, ^(const void *value) { + SecCertificateRef cert = SecCertificateCreateWithData(kCFAllocatorDefault, value); + if (cert) { + CFArrayAppendValue(result, cert); + CFRelease(cert); + } + }); + return result; + } else if (isData(raw_results)) { + return SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef)raw_results); + } + return NULL; +} + +static bool SecItemCertificateSourceCopyParents( + SecCertificateSourceRef source, SecCertificateRef certificate, + void *context, SecCertificateSourceParents callback) { + SecItemCertificateSourceRef msource = (SecItemCertificateSourceRef)source; + /* FIXME: Search for things other than just subject of our issuer if we + have a subjectID or authorityKeyIdentifier. */ + CFDataRef normalizedIssuer = + SecCertificateGetNormalizedIssuerContent(certificate); + const void *keys[] = { + kSecClass, + kSecReturnData, + kSecMatchLimit, + kSecAttrSubject + }, + *values[] = { + kSecClassCertificate, + kCFBooleanTrue, + kSecMatchLimitAll, + normalizedIssuer + }; + CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values, 4, + NULL, NULL); + CFTypeRef results = NULL; + SecurityClient client = { + .task = NULL, + .accessGroups = msource->accessGroups, + .allowSystemKeychain = true, + .allowSyncBubbleKeychain = false, + .isNetworkExtension = false, + }; + + /* We can make this async or run this on a queue now easily. */ + CFErrorRef localError = NULL; + if (!_SecItemCopyMatching(query, &client, &results, &localError)) { + if (localError && (CFErrorGetCode(localError) != errSecItemNotFound)) { + secdebug("trust", "_SecItemCopyMatching: %@", localError); + } + CFReleaseSafe(localError); + } + CFRelease(query); + CFTypeRef certs = SecItemCertificateSourceResultsPost(results); + CFReleaseSafe(results); + callback(context, certs); + CFReleaseSafe(certs); + return true; +} + +static bool SecItemCertificateSourceContains(SecCertificateSourceRef source, + SecCertificateRef certificate) { + SecItemCertificateSourceRef msource = (SecItemCertificateSourceRef)source; + /* Look up a certificate by issuer and serial number. */ + CFDataRef normalizedIssuer = SecCertificateGetNormalizedIssuerContent(certificate); + CFRetainSafe(normalizedIssuer); + CFDataRef serialNumber = +#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) + SecCertificateCopySerialNumber(certificate, NULL); +#else + SecCertificateCopySerialNumber(certificate); +#endif + const void *keys[] = { + kSecClass, + kSecMatchLimit, + kSecAttrIssuer, + kSecAttrSerialNumber + }, + *values[] = { + kSecClassCertificate, + kSecMatchLimitOne, + normalizedIssuer, + serialNumber + }; + SecurityClient client = { + .task = NULL, + .accessGroups = msource->accessGroups, + .allowSystemKeychain = true, + .allowSyncBubbleKeychain = false, + .isNetworkExtension = false, + }; + CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values, 4, NULL, NULL); + CFErrorRef localError = NULL; + CFTypeRef results = NULL; + bool ok = _SecItemCopyMatching(query, &client, &results, &localError); + CFReleaseSafe(query); + CFReleaseSafe(serialNumber); + CFReleaseSafe(normalizedIssuer); + CFReleaseSafe(results); + if (!ok) { + if (CFErrorGetCode(localError) != errSecItemNotFound) { + secdebug("trust", "_SecItemCopyMatching: %@", localError); + } + CFReleaseSafe(localError); + return false; + } + return true; +} + +SecCertificateSourceRef SecItemCertificateSourceCreate(CFArrayRef accessGroups) { + SecItemCertificateSourceRef result = (SecItemCertificateSourceRef)malloc(sizeof(*result)); + result->base.copyParents = SecItemCertificateSourceCopyParents; + result->base.copyUsageConstraints = NULL; + result->base.contains = SecItemCertificateSourceContains; + result->accessGroups = accessGroups; + CFRetainSafe(accessGroups); + return (SecCertificateSourceRef)result; +} + +void SecItemCertificateSourceDestroy(SecCertificateSourceRef source) { + SecItemCertificateSourceRef msource = (SecItemCertificateSourceRef)source; + CFReleaseSafe(msource->accessGroups); + free(msource); +} + +// MARK: - +// MARK: SecSystemAnchorSource +/******************************************************** + *********** SecSystemAnchorSource object ************ + ********************************************************/ + +static bool SecSystemAnchorSourceCopyParents( + SecCertificateSourceRef source, SecCertificateRef certificate, + void *context, SecCertificateSourceParents callback) { + //#ifndef SECITEM_SHIM_OSX + CFArrayRef parents = NULL; + CFArrayRef anchors = NULL; + SecOTAPKIRef otapkiref = NULL; + + CFDataRef nic = SecCertificateGetNormalizedIssuerContent(certificate); + /* 64 bits cast: the worst that can happen here is we truncate the length and match an actual anchor. + It does not matter since we would be returning the wrong anchors */ + assert((unsigned long)CFDataGetLength(nic)subjects, + normalizedIssuer) : NULL; + /* FIXME filter parents by subjectID if certificate has an + authorityKeyIdentifier. */ + secdebug("trust", "%@ parents -> %@", certificate, parents); + callback(context, parents); + return true; +} + +static bool SecMemoryCertificateSourceContains(SecCertificateSourceRef source, + SecCertificateRef certificate) { + SecMemoryCertificateSourceRef msource = + (SecMemoryCertificateSourceRef)source; + return CFSetContainsValue(msource->certificates, certificate); +} + +static void dictAddValueToArrayForKey(CFMutableDictionaryRef dict, + const void *key, const void *value) { + if (!key) + return; + + CFMutableArrayRef values = + (CFMutableArrayRef)CFDictionaryGetValue(dict, key); + if (!values) { + values = CFArrayCreateMutable(kCFAllocatorDefault, 0, + &kCFTypeArrayCallBacks); + CFDictionaryAddValue(dict, key, values); + CFRelease(values); + } + + if (values) + CFArrayAppendValue(values, value); +} + +static void SecMemoryCertificateSourceApplierFunction(const void *value, + void *context) { + SecMemoryCertificateSourceRef msource = + (SecMemoryCertificateSourceRef)context; + SecCertificateRef certificate = (SecCertificateRef)value; + + /* CFSet's API has no way to combine these 2 operations into 1 sadly. */ + if (CFSetContainsValue(msource->certificates, certificate)) + return; + CFSetAddValue(msource->certificates, certificate); + + CFDataRef key = SecCertificateGetNormalizedSubjectContent(certificate); + dictAddValueToArrayForKey(msource->subjects, key, value); +} + +SecCertificateSourceRef SecMemoryCertificateSourceCreate(CFArrayRef certificates) { + SecMemoryCertificateSourceRef result = (SecMemoryCertificateSourceRef) + malloc(sizeof(*result)); + result->base.copyParents = SecMemoryCertificateSourceCopyParents; + result->base.copyUsageConstraints = NULL; + result->base.contains = SecMemoryCertificateSourceContains; + CFIndex count = CFArrayGetCount(certificates); + result->certificates = CFSetCreateMutable(kCFAllocatorDefault, count, + &kCFTypeSetCallBacks); + result->subjects = CFDictionaryCreateMutable(kCFAllocatorDefault, + count, &kCFTypeDictionaryKeyCallBacks, + &kCFTypeDictionaryValueCallBacks); + CFRange range = { 0, count }; + CFArrayApplyFunction(certificates, range, + SecMemoryCertificateSourceApplierFunction, result); + + return (SecCertificateSourceRef)result; +} + +void SecMemoryCertificateSourceDestroy(SecCertificateSourceRef source) { + SecMemoryCertificateSourceRef msource = + (SecMemoryCertificateSourceRef)source; + CFRelease(msource->certificates); + CFRelease(msource->subjects); + free(msource); +} + +// MARK: - +// MARK: SecCAIssuerCertificateSource +/******************************************************** + ********* SecCAIssuerCertificateSource object ********** + ********************************************************/ +static bool SecCAIssuerCertificateSourceCopyParents( + SecCertificateSourceRef source, SecCertificateRef certificate, + void *context, SecCertificateSourceParents callback) { + return SecCAIssuerCopyParents(certificate, SecPathBuilderGetQueue((SecPathBuilderRef)context), context, callback); +} + +static bool SecCAIssuerCertificateSourceContains( + SecCertificateSourceRef source, SecCertificateRef certificate) { + return false; +} + +struct SecCertificateSource _kSecCAIssuerSource = { + SecCAIssuerCertificateSourceCopyParents, + NULL, + SecCAIssuerCertificateSourceContains +}; + +const SecCertificateSourceRef kSecCAIssuerSource = &_kSecCAIssuerSource; + +#if TARGET_OS_OSX +#include +// MARK: - +// MARK: SecLegacyCertificateSource +/******************************************************** + ********** SecLegacyCertificateSource object *********** + ********************************************************/ + +static bool SecLegacyCertificateSourceCopyParents( + SecCertificateSourceRef source, SecCertificateRef certificate, + void *context, SecCertificateSourceParents callback) { + CFArrayRef parents = SecItemCopyParentCertificates(certificate, NULL); + callback(context, parents); + CFReleaseSafe(parents); + return true; +} + +static bool SecLegacyCertificateSourceContains( + SecCertificateSourceRef source, SecCertificateRef certificate) { + SecCertificateRef cert = SecItemCopyStoredCertificate(certificate, NULL); + bool result = (cert) ? true : false; + CFReleaseSafe(cert); + return result; +} + +struct SecCertificateSource _kSecLegacyCertificateSource = { + SecLegacyCertificateSourceCopyParents, + NULL, + SecLegacyCertificateSourceContains +}; + +const SecCertificateSourceRef kSecLegacyCertificateSource = &_kSecLegacyCertificateSource; + +#endif /* SecLegacyCertificateSource */ + +#if TARGET_OS_OSX +// MARK: - +// MARK: SecLegacyAnchorSource +/******************************************************** + ************ SecLegacyAnchorSource object ************** + ********************************************************/ + +static bool SecLegacyAnchorSourceCopyParents(SecCertificateSourceRef source, SecCertificateRef certificate, + void *context, SecCertificateSourceParents callback) { + CFMutableArrayRef anchors = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); + CFArrayRef parents = SecItemCopyParentCertificates(certificate, NULL); + CFArrayRef trusted = NULL; + if (parents == NULL) { + goto finish; + } + /* Get the custom anchors which have been trusted in the user and admin domains. + * We don't need system domain roots here, since SecSystemAnchorSource provides those. + */ + OSStatus status = SecTrustSettingsCopyCertificatesForUserAdminDomains(&trusted); + if (status == errSecSuccess && trusted) { + CFIndex index, count = CFArrayGetCount(parents); + for (index = 0; index < count; index++) { + SecCertificateRef parent = (SecCertificateRef)CFArrayGetValueAtIndex(parents, index); + if (parent && CFArrayContainsValue(trusted, CFRangeMake(0, CFArrayGetCount(trusted)), parent)) { + CFArrayAppendValue(anchors, parent); + } + } + } + +finish: + callback(context, anchors); + CFReleaseSafe(anchors); + CFReleaseSafe(parents); + CFReleaseSafe(trusted); + return true; +} + +static CFArrayRef SecLegacyAnchorSourceCopyUsageConstraints(SecCertificateSourceRef source, + SecCertificateRef certificate) { + CFArrayRef result = NULL; + CFArrayRef userTrustSettings = NULL, adminTrustSettings = NULL; + + OSStatus status = SecTrustSettingsCopyTrustSettings(certificate, + kSecTrustSettingsDomainUser, + &userTrustSettings); + if ((status == errSecSuccess) && (userTrustSettings != NULL)) { + result = CFRetain(userTrustSettings); + } + + status = SecTrustSettingsCopyTrustSettings(certificate, + kSecTrustSettingsDomainAdmin, + &adminTrustSettings); + /* user trust settings overrule admin trust settings */ + if ((status == errSecSuccess) && (adminTrustSettings != NULL) && (result == NULL)) { + result = CFRetain(adminTrustSettings); + } + + CFReleaseNull(userTrustSettings); + CFReleaseNull(adminTrustSettings); + return result; +} + +static bool SecLegacyAnchorSourceContains(SecCertificateSourceRef source, + SecCertificateRef certificate) { + if (certificate == NULL) { + return false; + } + CFArrayRef trusted = NULL; + bool result = false; + OSStatus status = SecTrustSettingsCopyCertificatesForUserAdminDomains(&trusted); + if ((status == errSecSuccess) && (trusted != NULL)) { + CFIndex index, count = CFArrayGetCount(trusted); + for (index = 0; index < count; index++) { + SecCertificateRef anchor = (SecCertificateRef)CFArrayGetValueAtIndex(trusted, index); + if (anchor && CFEqual(anchor, certificate)) { + result = true; + break; + } + } + } + CFReleaseSafe(trusted); + return result; +} + +struct SecCertificateSource _kSecLegacyAnchorSource = { + SecLegacyAnchorSourceCopyParents, + SecLegacyAnchorSourceCopyUsageConstraints, + SecLegacyAnchorSourceContains +}; + +const SecCertificateSourceRef kSecLegacyAnchorSource = &_kSecLegacyAnchorSource; + +#endif /* SecLegacyAnchorSource */ diff --git a/OSX/sec/securityd/SecCertificateSource.h b/OSX/sec/securityd/SecCertificateSource.h new file mode 100644 index 00000000..c2c99907 --- /dev/null +++ b/OSX/sec/securityd/SecCertificateSource.h @@ -0,0 +1,97 @@ +/* + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + * + * SecCertificateSource.h - certificate sources for trust evaluation engine + * + */ + +#ifndef _SECURITY_SECCERTIFICATESOURCE_H_ +#define _SECURITY_SECCERTIFICATESOURCE_H_ + +#include +#include + +/******************************************************** + ************ SecCertificateSource object *************** + ********************************************************/ +typedef struct SecCertificateSource *SecCertificateSourceRef; + +typedef void(*SecCertificateSourceParents)(void *, CFArrayRef); + +typedef bool(*CopyParents)(SecCertificateSourceRef source, + SecCertificateRef certificate, + void *context, SecCertificateSourceParents); + +typedef CFArrayRef(*CopyConstraints)(SecCertificateSourceRef source, + SecCertificateRef certificate); + +typedef bool(*Contains)(SecCertificateSourceRef source, + SecCertificateRef certificate); + +struct SecCertificateSource { + CopyParents copyParents; + CopyConstraints copyUsageConstraints; + Contains contains; +}; + +bool SecCertificateSourceCopyParents(SecCertificateSourceRef source, + SecCertificateRef certificate, + void *context, SecCertificateSourceParents callback); + +CFArrayRef SecCertificateSourceCopyUsageConstraints(SecCertificateSourceRef source, + SecCertificateRef certificate); + +bool SecCertificateSourceContains(SecCertificateSourceRef source, + SecCertificateRef certificate); + +/******************************************************** + ********************** Sources ************************* + ********************************************************/ + +/* SecItemCertificateSource */ +SecCertificateSourceRef SecItemCertificateSourceCreate(CFArrayRef accessGroups); +void SecItemCertificateSourceDestroy(SecCertificateSourceRef source); + +/* SecMemoryCertificateSource*/ +SecCertificateSourceRef SecMemoryCertificateSourceCreate(CFArrayRef certificates); +void SecMemoryCertificateSourceDestroy(SecCertificateSourceRef source); + +/* SecSystemAnchorSource */ +extern const SecCertificateSourceRef kSecSystemAnchorSource; + +#if TARGET_OS_IPHONE +/* SecUserAnchorSource */ +extern const SecCertificateSourceRef kSecUserAnchorSource; +#endif + +/* SecCAIssuerCertificateSource */ +extern const SecCertificateSourceRef kSecCAIssuerSource; + +#if TARGET_OS_OSX +/* SecLegacyCertificateSource */ +extern const SecCertificateSourceRef kSecLegacyCertificateSource; + +/* SecLegacyAnchorSource */ +extern const SecCertificateSourceRef kSecLegacyAnchorSource; +#endif + +#endif /* _SECURITY_SECCERTIFICATESOURCE_H_ */ diff --git a/OSX/sec/securityd/SecDbItem.c b/OSX/sec/securityd/SecDbItem.c index 06e9fb07..825416f6 100644 --- a/OSX/sec/securityd/SecDbItem.c +++ b/OSX/sec/securityd/SecDbItem.c @@ -496,6 +496,20 @@ CFTypeRef SecDbItemGetValue(SecDbItemRef item, const SecDbAttr *desc, CFErrorRef return value; } +CFTypeRef SecDbItemGetValueKind(SecDbItemRef item, SecDbAttrKind descKind, CFErrorRef *error) { + CFTypeRef result = NULL; + + const SecDbClass * itemClass = SecDbItemGetClass(item); + const SecDbAttr * desc = SecDbClassAttrWithKind(itemClass, descKind, error); + + if (desc) { + result = SecDbItemGetValue(item, desc, error); + } + + return result; +} + + // Similar as SecDbItemGetValue, but if attr represents attribute stored into DB field as hash, returns // hashed value for the attribute. static CFTypeRef SecDbItemCopyValueForDb(SecDbItemRef item, const SecDbAttr *desc, CFErrorRef *error) { diff --git a/OSX/sec/securityd/SecDbItem.h b/OSX/sec/securityd/SecDbItem.h index 4e6c6dd9..ce695f5a 100644 --- a/OSX/sec/securityd/SecDbItem.h +++ b/OSX/sec/securityd/SecDbItem.h @@ -167,6 +167,7 @@ void SecDbItemSetCallerAccessGroups(SecDbItemRef item, CFArrayRef caller_access_ CFTypeRef SecDbItemGetCachedValueWithName(SecDbItemRef item, CFStringRef name); CFTypeRef SecDbItemGetValue(SecDbItemRef item, const SecDbAttr *desc, CFErrorRef *error); +CFTypeRef SecDbItemGetValueKind(SecDbItemRef item, SecDbAttrKind desc, CFErrorRef *error); bool SecDbItemSetValue(SecDbItemRef item, const SecDbAttr *desc, CFTypeRef value, CFErrorRef *error); bool SecDbItemSetValues(SecDbItemRef item, CFDictionaryRef values, CFErrorRef *error); diff --git a/OSX/sec/securityd/SecDbKeychainItem.c b/OSX/sec/securityd/SecDbKeychainItem.c index 135845fb..b934d3a6 100644 --- a/OSX/sec/securityd/SecDbKeychainItem.c +++ b/OSX/sec/securityd/SecDbKeychainItem.c @@ -49,6 +49,7 @@ #include #include #include + #endif /* USE_KEYSTORE */ pthread_key_t CURRENT_CONNECTION_KEY; @@ -60,8 +61,8 @@ static keyclass_t kc_parse_keyclass(CFTypeRef value, CFErrorRef *error); static CFTypeRef kc_encode_keyclass(keyclass_t keyclass); static CFDataRef kc_copy_protection_data(SecAccessControlRef access_control); static CFTypeRef kc_copy_protection_from(const uint8_t *der, const uint8_t *der_end); -static CFMutableDictionaryRef s3dl_item_v2_decode(CFDataRef plain, CFErrorRef *error); -static CFMutableDictionaryRef s3dl_item_v3_decode(CFDataRef plain, CFErrorRef *error); +static CF_RETURNS_RETAINED CFMutableDictionaryRef s3dl_item_v2_decode(CFDataRef plain, CFErrorRef *error); +static CF_RETURNS_RETAINED CFMutableDictionaryRef s3dl_item_v3_decode(CFDataRef plain, CFErrorRef *error); #if USE_KEYSTORE static CFDataRef kc_create_auth_data(SecAccessControlRef access_control, CFDictionaryRef auth_attributes); static bool kc_attribs_key_encrypted_data_from_blob(keybag_handle_t keybag, const SecDbClass *class, const void *blob_data, size_t blob_data_len, SecAccessControlRef access_control, uint32_t version, @@ -174,7 +175,7 @@ bool ks_encrypt_data(keybag_handle_t keybag, SecAccessControlRef access_control, size_t ptLen = CFDataGetLength(plainText); size_t ctLen = ptLen; size_t tagLen = 16; - keyclass_t actual_class; + keyclass_t actual_class = 0; if (SecRandomCopyBytes(kSecRandomDefault, bulkKeySize, bulkKey)) { ok = SecError(errSecAllocate, error, CFSTR("ks_encrypt_data: SecRandomCopyBytes failed")); @@ -203,7 +204,7 @@ bool ks_encrypt_data(keybag_handle_t keybag, SecAccessControlRef access_control, key_wrapped_size = (uint32_t)CFDataGetLength(bulkKeyWrapped); UInt8 *cursor; size_t blobLen = sizeof(version); - uint32_t prot_length; + uint32_t prot_length = 0; if (!hasACLConstraints) { blobLen += sizeof(actual_class); @@ -579,26 +580,26 @@ bool ks_decrypt_data(keybag_handle_t keybag, CFTypeRef cryptoOp, SecAccessContro out: memset(CFDataGetMutableBytePtr(bulkKey), 0, CFDataGetLength(bulkKey)); - CFReleaseSafe(bulkKey); - CFReleaseSafe(plainText); + CFReleaseNull(bulkKey); + CFReleaseNull(plainText); // Always copy access control data (if present), because if we fail it may indicate why. if (paccess_control) *paccess_control = access_control; else - CFReleaseSafe(access_control); + CFReleaseNull(access_control); if (ok) { if (attributes_p) - *attributes_p = CFRetainSafe(attributes); + CFRetainAssign(*attributes_p, attributes); if (version_p) *version_p = version; } - CFReleaseSafe(attributes); + CFReleaseNull(attributes); #if USE_KEYSTORE - CFReleaseSafe(authenticated_attributes); - CFReleaseSafe(caller_access_groups_data); - CFReleaseSafe(ed_data); + CFReleaseNull(authenticated_attributes); + CFReleaseNull(caller_access_groups_data); + CFReleaseNull(ed_data); if (ref_key) aks_ref_key_free(&ref_key); #endif return ok; diff --git a/OSX/sec/securityd/SecDbQuery.c b/OSX/sec/securityd/SecDbQuery.c index 99c01e5d..fd9f2860 100644 --- a/OSX/sec/securityd/SecDbQuery.c +++ b/OSX/sec/securityd/SecDbQuery.c @@ -845,7 +845,7 @@ bool query_destroy(Query *q, CFErrorRef *error) { bool query_notify_and_destroy(Query *q, bool ok, CFErrorRef *error) { if (ok && !q->q_error && (q->q_sync_changed || (q->q_changed && !SecMUSRIsSingleUserView(q->q_musrView)))) { - SecKeychainChanged(true); + SecKeychainChanged(); } return query_destroy(q, error) && ok; } diff --git a/OSX/sec/securityd/SecItemBackupServer.c b/OSX/sec/securityd/SecItemBackupServer.c index 46e480af..66d1b998 100644 --- a/OSX/sec/securityd/SecItemBackupServer.c +++ b/OSX/sec/securityd/SecItemBackupServer.c @@ -116,7 +116,7 @@ static bool SOSDataSourceWithBackup(SOSDataSourceRef ds, CFDataRef backup, keyba bool SecServerItemBackupRestore(CFStringRef backupName, CFStringRef peerID, CFDataRef keybag, CFDataRef secret, CFDataRef backup, CFErrorRef *error) { // TODO: Decrypt and merge items in backup to dataSource - __block bool ok = true; + __block bool ok = false; // return false if the bag_handle code fails. CFDataRef aksKeybag = NULL; CFMutableSetRef viewSet = NULL; SOSBackupSliceKeyBagRef backupSliceKeyBag = NULL; @@ -128,13 +128,18 @@ bool SecServerItemBackupRestore(CFStringRef backupName, CFStringRef peerID, CFDa if (peerID) { bag_handle = SOSBSKBLoadAndUnlockWithPeerIDAndSecret(backupSliceKeyBag, peerID, secret, error); } else { - bag_handle = SOSBSKBLoadAndUnlockWithDirectSecret(backupSliceKeyBag, secret, error); + if (SOSBSKBIsDirect(backupSliceKeyBag)) { + bag_handle = SOSBSKBLoadAndUnlockWithDirectSecret(backupSliceKeyBag, secret, error); + } else { + bag_handle = SOSBSKBLoadAndUnlockWithWrappingSecret(backupSliceKeyBag, secret, error); + } } require(bag_handle != bad_keybag_handle, xit); // TODO: How do we know which views we are allow to restore //viewSet = SOSAccountCopyRestorableViews(); + ok = true; // Start from original code start point - otherwise begin in this nest of stuff ok &= withDataSourceAndEngine(error, ^(SOSDataSourceRef ds, SOSEngineRef engine) { ok &= SOSDataSourceWith(ds, error, ^(SOSTransactionRef txn, bool *commit) { ok &= SOSDataSourceWithBackup(ds, backup, bag_handle, error, ^(SOSObjectRef item) { diff --git a/OSX/sec/securityd/SecItemDataSource.c b/OSX/sec/securityd/SecItemDataSource.c index 8c5e064f..22313cb7 100644 --- a/OSX/sec/securityd/SecItemDataSource.c +++ b/OSX/sec/securityd/SecItemDataSource.c @@ -392,7 +392,8 @@ static bool dsForEachObject(SOSDataSourceRef data_source, SOSTransactionRef txn, for (size_t class_ix = 0; class_ix < array_size(dsSyncedClasses); ++class_ix) { result &= SecDbReleaseCachedStmt(dbconn, sqls[class_ix], stmts[class_ix], error); CFReleaseSafe(sqls[class_ix]); - result &= query_destroy(queries[class_ix], error); + if (queries[class_ix]) + result &= query_destroy(queries[class_ix], error); } }; @@ -435,6 +436,13 @@ static CFDataRef copyObjectDigest(SOSObjectRef object, CFErrorRef *error) { return digest; } +static CFDateRef copyObjectModDate(SOSObjectRef object, CFErrorRef *error) { + SecDbItemRef item = (SecDbItemRef) object; + CFDateRef modDate = SecDbItemGetValueKind(item, kSecDbModificationDateAttr, NULL); + CFRetainSafe(modDate); + return modDate; +} + static CFDictionaryRef objectCopyPropertyList(SOSObjectRef object, CFErrorRef *error) { SecDbItemRef item = (SecDbItemRef) object; CFMutableDictionaryRef cryptoDataDict = SecDbItemCopyPListWithMask(item, kSecDbInCryptoDataFlag, error); @@ -737,6 +745,7 @@ SOSDataSourceRef SecItemDataSourceCreate(SecDbRef db, CFStringRef name, CFErrorR // Object field accessors ds->ds.objectCopyDigest = copyObjectDigest; + ds->ds.objectCopyModDate = copyObjectModDate; // Object encode and decode. ds->ds.objectCreateWithPropertyList = objectCreateWithPropertyList; @@ -774,7 +783,7 @@ static SOSDataSourceRef SecItemDataSourceFactoryCopyDataSource(SOSDataSourceFact __block SOSDataSourceRef dataSource = NULL; dispatch_sync(f->queue, ^{ dataSource = (SOSDataSourceRef)CFDictionaryGetValue(f->dsCache, dataSourceName); - if (!dataSource) { + if (!dataSource && f->db) { dataSource = (SOSDataSourceRef)SecItemDataSourceCreate(f->db, dataSourceName, error); CFDictionarySetValue(f->dsCache, dataSourceName, dataSource); } @@ -832,24 +841,24 @@ SOSDataSourceFactoryRef SecItemDataSourceFactoryGetShared(SecDbRef db) { dispatch_once(&sDSFQueueOnce, ^{ sDSFQueue = dispatch_queue_create("dataSourceFactory queue", DISPATCH_QUEUE_SERIAL); + sDSTable = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, NULL); }); __block SOSDataSourceFactoryRef result = NULL; dispatch_sync(sDSFQueue, ^{ - CFStringRef dbPath = SecDbGetPath(db); - if (sDSTable) { - result = (SOSDataSourceFactoryRef) CFDictionaryGetValue(sDSTable, dbPath); - } else { - sDSTable = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, NULL); - } - - if (!result) { - result = SecItemDataSourceFactoryCreate(db); - - CFDictionaryAddValue(sDSTable, dbPath, result); + if(db) { + CFStringRef dbPath = SecDbGetPath(db); + if(dbPath) { + result = (SOSDataSourceFactoryRef) CFDictionaryGetValue(sDSTable, dbPath); + + if(!result) { + result = SecItemDataSourceFactoryCreate(db); + CFDictionaryAddValue(sDSTable, dbPath, result); + } + } } }); - + return result; } diff --git a/OSX/sec/securityd/SecItemDb.c b/OSX/sec/securityd/SecItemDb.c index 3df04a2d..a22546e7 100644 --- a/OSX/sec/securityd/SecItemDb.c +++ b/OSX/sec/securityd/SecItemDb.c @@ -561,7 +561,7 @@ static void SecDbAppendLimit(CFMutableStringRef sql, CFIndex limit) { CFStringAppendFormat(sql, NULL, CFSTR(" LIMIT %" PRIdCFIndex), limit); } -static CFStringRef s3dl_select_sql(Query *q, CFArrayRef accessGroups) { +static CF_RETURNS_RETAINED CFStringRef s3dl_select_sql(Query *q, CFArrayRef accessGroups) { CFMutableStringRef sql = CFStringCreateMutable(NULL, 0); if (q->q_class == &identity_class) { CFStringAppendFormat(sql, NULL, CFSTR("SELECT crowid, %@" diff --git a/OSX/sec/securityd/SecItemDb.h b/OSX/sec/securityd/SecItemDb.h index 78dee293..fd76e4c2 100644 --- a/OSX/sec/securityd/SecItemDb.h +++ b/OSX/sec/securityd/SecItemDb.h @@ -53,7 +53,7 @@ struct SecItemDbConnection { SecItemDbRef SecItemDbCreate(SecDbRef db); SecItemDbRef SecItemDbRegisterClass(SecItemDbRef db, const SecDbClass *class, void(^upgrade)(SecDbItemRef item, uint32_t current_version)); -SecItemDbConnectionRef SecItemDbAquireConnection(SecItemDbRef db); +SecItemDbConnectionRef SecItemDbAcquireConnection(SecItemDbRef db); void SecItemDbReleaseConnection(SecItemDbRef db, SecItemDbConnectionRef dbconn); bool SecItemDbInsert(SecItemDbConnectionRef dbconn, SecDbItemRef item, CFErrorRef *error); diff --git a/OSX/sec/securityd/SecItemServer.c b/OSX/sec/securityd/SecItemServer.c index a22e5375..e0e7fc3b 100644 --- a/OSX/sec/securityd/SecItemServer.c +++ b/OSX/sec/securityd/SecItemServer.c @@ -94,14 +94,12 @@ void SecItemServerSetKeychainChangedNotification(const char *notification_name) g_keychain_changed_notification = notification_name; } -void SecKeychainChanged(bool syncWithPeers) { +void SecKeychainChanged() { uint32_t result = notify_post(g_keychain_changed_notification); - if (syncWithPeers) - SOSCCSyncWithAllPeers(); if (result == NOTIFY_STATUS_OK) - secnotice("item", "Sent %s%s", syncWithPeers ? "SyncWithAllPeers and " : "", g_keychain_changed_notification); + secnotice("item", "Sent %s", g_keychain_changed_notification); else - secerror("%snotify_post %s returned: %" PRIu32, syncWithPeers ? "Sent SyncWithAllPeers, " : "", g_keychain_changed_notification, result); + secerror("notify_post %s returned: %" PRIu32, g_keychain_changed_notification, result); } /* Return the current database version in *version. */ @@ -605,9 +603,9 @@ out: CFIndex code = CFErrorGetCode(localError); if (CFEqualSafe(domain, kSecDbErrorDomain) && - ((code & 0xff) == SQLITE_LOCKED || (code & 0xff) == SQLITE_BUSY)) + ((code & 0xff) == SQLITE_LOCKED || (code & 0xff) == SQLITE_BUSY || (code & 0xff) == SQLITE_FULL)) { - /* sqlite just busy doing something else, lets try upgrading some other time */ + // TODO This should not be true but SecDb code is too eager to corrupt, rdar://problem/29771874 ok = true; markedCorrupt = false; CFReleaseNull(localError); @@ -758,8 +756,8 @@ static CFDataRef SecServerKeychainCreateBackup(SecDbConnectionRef dbt, SecurityC /* Export from system keybag to backup keybag. */ backup = SecServerExportBackupableKeychain(dbt, client, KEYBAG_DEVICE, backup_keybag, error); -out: #if USE_KEYSTORE +out: if (mkbhandle) CFRelease(mkbhandle); #endif @@ -895,13 +893,13 @@ void SecKeychainDbReset(dispatch_block_t inbetween) CFRelease(dbPath); } -static SecDbConnectionRef kc_aquire_dbt(bool writeAndRead, CFErrorRef *error) { +static SecDbConnectionRef kc_acquire_dbt(bool writeAndRead, CFErrorRef *error) { SecDbRef db = kc_dbhandle(); if (db == NULL) { SecError(errSecDataNotAvailable, error, CFSTR("failed to get a db handle")); return NULL; } - return SecDbConnectionAquire(db, !writeAndRead, error); + return SecDbConnectionAcquire(db, !writeAndRead, error); } /* Return a per thread dbt handle for the keychain. If create is true create @@ -914,7 +912,7 @@ static bool kc_with_dbt(bool writeAndRead, CFErrorRef *error, bool (^perform)(Se SecItemDataSourceFactoryGetDefault(); bool ok = false; - SecDbConnectionRef dbt = kc_aquire_dbt(writeAndRead, error); + SecDbConnectionRef dbt = kc_acquire_dbt(writeAndRead, error); if (dbt) { ok = perform(dbt); SecDbConnectionRelease(dbt); @@ -1167,6 +1165,17 @@ out: void (*SecTaskDiagnoseEntitlements)(CFArrayRef accessGroups) = NULL; +static bool SecEntitlementError(OSStatus status, CFErrorRef *error) +{ +#if TARGET_OS_OSX +#define SEC_ENTITLEMENT_WARNING CFSTR("com.apple.application-identifier, com.apple.security.application-groups nor keychain-access-groups") +#else +#define SEC_ENTITLEMENT_WARNING CFSTR("application-identifier nor keychain-access-groups") +#endif + + return SecError(errSecMissingEntitlement, error, CFSTR("Client has neither %@ entitlements"), SEC_ENTITLEMENT_WARNING); +} + /* AUDIT[securityd](done): query (ok) is a caller provided dictionary, only its cf type has been checked. */ @@ -1180,8 +1189,7 @@ SecItemServerCopyMatching(CFDictionaryRef query, CFTypeRef *result, if (!accessGroups || 0 == (ag_count = CFArrayGetCount(accessGroups))) { if (SecTaskDiagnoseEntitlements) SecTaskDiagnoseEntitlements(accessGroups); - return SecError(errSecMissingEntitlement, error, - CFSTR("client has neither application-identifier nor keychain-access-groups entitlements")); + return SecEntitlementError(errSecMissingEntitlement, error); } if (CFArrayContainsValue(accessGroups, CFRangeMake(0, ag_count), CFSTR("*"))) { @@ -1288,8 +1296,7 @@ _SecItemAdd(CFDictionaryRef attributes, SecurityClient *client, CFTypeRef *resul (ag_count == 1 && CFArrayContainsValue(accessGroups, CFRangeMake(0, ag_count), kSecAttrAccessGroupToken))) { if (SecTaskDiagnoseEntitlements) SecTaskDiagnoseEntitlements(accessGroups); - return SecError(errSecMissingEntitlement, error, - CFSTR("client has neither application-identifier nor keychain-access-groups entitlements")); + return SecEntitlementError(errSecMissingEntitlement, error); } Query *q = query_create_with_limit(attributes, client->musr, 0, error); @@ -1368,8 +1375,7 @@ _SecItemUpdate(CFDictionaryRef query, CFDictionaryRef attributesToUpdate, (ag_count == 1 && CFArrayContainsValue(accessGroups, CFRangeMake(0, ag_count), kSecAttrAccessGroupToken))) { if (SecTaskDiagnoseEntitlements) SecTaskDiagnoseEntitlements(accessGroups); - return SecError(errSecMissingEntitlement, error, - CFSTR("client has neither application-identifier nor keychain-access-groups entitlements")); + return SecEntitlementError(errSecMissingEntitlement, error); } if (CFArrayContainsValue(accessGroups, CFRangeMake(0, ag_count), CFSTR("*"))) { @@ -1453,8 +1459,7 @@ _SecItemDelete(CFDictionaryRef query, SecurityClient *client, CFErrorRef *error) (ag_count == 1 && CFArrayContainsValue(accessGroups, CFRangeMake(0, ag_count), kSecAttrAccessGroupToken))) { if (SecTaskDiagnoseEntitlements) SecTaskDiagnoseEntitlements(accessGroups); - return SecError(errSecMissingEntitlement, error, - CFSTR("client has neither application-identifier nor keychain-access-groups entitlements")); + return SecEntitlementError(errSecMissingEntitlement, error); } if (CFArrayContainsValue(accessGroups, CFRangeMake(0, ag_count), CFSTR("*"))) { @@ -1555,8 +1560,7 @@ bool _SecItemUpdateTokenItems(CFStringRef tokenID, CFArrayRef items, SecurityCli if (!accessGroups || 0 == (ag_count = CFArrayGetCount(accessGroups))) { if (SecTaskDiagnoseEntitlements) SecTaskDiagnoseEntitlements(accessGroups); - return SecError(errSecMissingEntitlement, error, - CFSTR("client has neither application-identifier nor keychain-access-groups entitlements")); + return SecEntitlementError(errSecMissingEntitlement, error); } ok = kc_with_dbt(true, error, ^bool (SecDbConnectionRef dbt) { @@ -2259,6 +2263,7 @@ _SecCopySharedWebCredential(CFDictionaryRef query, } CFDictionaryAddValue(attrs, kSecClass, kSecClassInternetPassword); CFDictionaryAddValue(attrs, kSecAttrAccessGroup, kSecSafariAccessGroup); + CFDictionaryAddValue(attrs, kSecAttrProtocol, kSecAttrProtocolHTTPS); CFDictionaryAddValue(attrs, kSecAttrAuthenticationType, kSecAttrAuthenticationTypeHTMLForm); CFDictionaryAddValue(attrs, kSecAttrServer, fqdn); if (account) { @@ -2462,7 +2467,7 @@ cleanup: CF_RETURNS_RETAINED CFDataRef _SecServerKeychainCreateBackup(SecurityClient *client, CFDataRef keybag, CFDataRef passcode, CFErrorRef *error) { CFDataRef backup; - SecDbConnectionRef dbt = SecDbConnectionAquire(kc_dbhandle(), false, error); + SecDbConnectionRef dbt = SecDbConnectionAcquire(kc_dbhandle(), false, error); if (!dbt) return NULL; @@ -2495,7 +2500,7 @@ _SecServerKeychainRestore(CFDataRef backup, SecurityClient *client, CFDataRef ke }); if (ok) { - SecKeychainChanged(true); + SecKeychainChanged(); } return ok; diff --git a/OSX/sec/securityd/SecItemServer.h b/OSX/sec/securityd/SecItemServer.h index 9d3986ee..4c1a5ce2 100644 --- a/OSX/sec/securityd/SecItemServer.h +++ b/OSX/sec/securityd/SecItemServer.h @@ -113,7 +113,7 @@ bool _SecServerGetKeyStats(const SecDbClass *qclass, struct _SecServerKeyStats * // Should all be blocks called from SecItemDb bool match_item(SecDbConnectionRef dbt, Query *q, CFArrayRef accessGroups, CFDictionaryRef item); bool itemInAccessGroup(CFDictionaryRef item, CFArrayRef accessGroups); -void SecKeychainChanged(bool syncWithPeers); +void SecKeychainChanged(void); extern void (*SecTaskDiagnoseEntitlements)(CFArrayRef accessGroups); diff --git a/OSX/sec/securityd/SecOCSPCache.c b/OSX/sec/securityd/SecOCSPCache.c index cf367047..6f856097 100644 --- a/OSX/sec/securityd/SecOCSPCache.c +++ b/OSX/sec/securityd/SecOCSPCache.c @@ -41,6 +41,9 @@ #include "utilities/SecFileLocations.h" #include "utilities/iOSforOSX.h" +/* Note that lastUsed is actually time of insert because we don't + refresh lastUsed on each SELECT. */ + #define expireSQL CFSTR("DELETE FROM responses WHERE expires? AND responseId=(SELECT responseId FROM ocsp WHERE " \ "issuerNameHash=? AND issuerPubKeyHash=? AND serialNum=? AND hashAlgorithm=?)" \ " ORDER BY expires DESC") - #define kSecOCSPCacheFileName CFSTR("ocspcache.sqlite3") @@ -288,7 +290,7 @@ static void _SecOCSPCacheReplaceResponse(SecOCSPCacheRef this, } static SecOCSPResponseRef _SecOCSPCacheCopyMatching(SecOCSPCacheRef this, - SecOCSPRequestRef request, CFURLRef responderURI) { + SecOCSPRequestRef request, CFURLRef responderURI, CFAbsoluteTime minInsertTime) { const DERItem *publicKey; CFDataRef issuer = NULL; CFDataRef serial = NULL; @@ -322,13 +324,14 @@ static SecOCSPResponseRef _SecOCSPCacheCopyMatching(SecOCSPCacheRef this, if (issuerNameHash && issuerPubKeyHash && ok) ok &= SecDbWithSQL(dbconn, selectResponseSQL, &localError, ^bool(sqlite3_stmt *selectResponse) { /* Now we have the serial, algorithm, issuerNameHash and issuerPubKeyHash so let's lookup the db entry. */ - if (ok) ok = SecDbBindBlob(selectResponse, 1, CFDataGetBytePtr(issuerNameHash), + if (ok) ok = SecDbBindDouble(selectResponse, 1, minInsertTime, &localError); + if (ok) ok = SecDbBindBlob(selectResponse, 2, CFDataGetBytePtr(issuerNameHash), CFDataGetLength(issuerNameHash), SQLITE_TRANSIENT, &localError); - if (ok) ok = SecDbBindBlob(selectResponse, 2, CFDataGetBytePtr(issuerPubKeyHash), + if (ok) ok = SecDbBindBlob(selectResponse, 3, CFDataGetBytePtr(issuerPubKeyHash), CFDataGetLength(issuerPubKeyHash), SQLITE_TRANSIENT, &localError); - if (ok) ok = SecDbBindBlob(selectResponse, 3, CFDataGetBytePtr(serial), + if (ok) ok = SecDbBindBlob(selectResponse, 4, CFDataGetBytePtr(serial), CFDataGetLength(serial), SQLITE_TRANSIENT, &localError); - if (ok) ok = SecDbBindBlob(selectResponse, 4, algorithm.Data, + if (ok) ok = SecDbBindBlob(selectResponse, 5, algorithm.Data, algorithm.Length, SQLITE_TRANSIENT, &localError); if (ok) ok &= SecDbStep(dbconn, selectResponse, &localError, ^(bool *stopResponse) { /* Found an entry! */ @@ -351,12 +354,6 @@ static SecOCSPResponseRef _SecOCSPCacheCopyMatching(SecOCSPCacheRef this, } CFRelease(resp); } -#if 0 - if (response) { - //sqlite3_int64 responseId = sqlite3_column_int64(this->selectResponse, 1); - /* @@@ Update the lastUsed field in the db. */ - } -#endif }); return ok; }); @@ -400,7 +397,16 @@ SecOCSPResponseRef SecOCSPCacheCopyMatching(SecOCSPRequestRef request, CFURLRef localResponderURI /* may be NULL */) { __block SecOCSPResponseRef response = NULL; SecOCSPCacheWith(^(SecOCSPCacheRef cache) { - response = _SecOCSPCacheCopyMatching(cache, request, localResponderURI); + response = _SecOCSPCacheCopyMatching(cache, request, localResponderURI, 0.0); + }); + return response; +} + +SecOCSPResponseRef SecOCSPCacheCopyMatchingWithMinInsertTime(SecOCSPRequestRef request, + CFURLRef localResponderURI, CFAbsoluteTime minInsertTime) { + __block SecOCSPResponseRef response = NULL; + SecOCSPCacheWith(^(SecOCSPCacheRef cache) { + response = _SecOCSPCacheCopyMatching(cache, request, localResponderURI, minInsertTime); }); return response; } diff --git a/OSX/sec/securityd/SecOCSPCache.h b/OSX/sec/securityd/SecOCSPCache.h index 99cef471..f0011134 100644 --- a/OSX/sec/securityd/SecOCSPCache.h +++ b/OSX/sec/securityd/SecOCSPCache.h @@ -44,6 +44,9 @@ void SecOCSPCacheReplaceResponse(SecOCSPResponseRef old_response, SecOCSPResponseRef SecOCSPCacheCopyMatching(SecOCSPRequestRef request, CFURLRef localResponderURI /* may be NULL */); +SecOCSPResponseRef SecOCSPCacheCopyMatchingWithMinInsertTime(SecOCSPRequestRef request, + CFURLRef localResponderURI, CFAbsoluteTime minInsertTime); + __END_DECLS #endif /* _SECURITY_SECOCSPCACHE_H_ */ diff --git a/OSX/sec/securityd/SecOCSPRequest.h b/OSX/sec/securityd/SecOCSPRequest.h index cf3acdde..8ab1e6b1 100644 --- a/OSX/sec/securityd/SecOCSPRequest.h +++ b/OSX/sec/securityd/SecOCSPRequest.h @@ -69,7 +69,7 @@ CFDataRef SecOCSPRequestGetDER(SecOCSPRequestRef ocspRequest); @function SecOCSPRequestFinalize @abstract Frees a SecOCSPRequestRef. @param ocspRequest A SecOCSPRequestRef. - @result The passed in SecOCSPRequestRef is deallocated + @note The passed in SecOCSPRequestRef is deallocated */ void SecOCSPRequestFinalize(SecOCSPRequestRef ocspRequest); diff --git a/OSX/sec/securityd/SecOCSPResponse.h b/OSX/sec/securityd/SecOCSPResponse.h index 73444a49..ae19dc71 100644 --- a/OSX/sec/securityd/SecOCSPResponse.h +++ b/OSX/sec/securityd/SecOCSPResponse.h @@ -105,7 +105,7 @@ struct __SecOCSPSingleResponse { /*! @function SecOCSPResponseCreate @abstract Returns a SecOCSPResponseRef from a BER encoded ocsp response. - @param berResponse The BER encoded ocsp response. + @param ocspResponse The BER encoded ocsp response. @result A SecOCSPResponseRef. */ SecOCSPResponseRef SecOCSPResponseCreate(CFDataRef ocspResponse); @@ -140,7 +140,6 @@ CFArrayRef SecOCSPResponseCopySigners(SecOCSPResponseRef ocspResponse); @function SecOCSPResponseFinalize @abstract Frees a SecOCSPResponseRef. @param ocspResponse The BER encoded ocsp response. - @result A SecOCSPResponseRef. */ void SecOCSPResponseFinalize(SecOCSPResponseRef ocspResponse); diff --git a/OSX/sec/securityd/SecOTRRemote.c b/OSX/sec/securityd/SecOTRRemote.c index 3c4ab6a9..ba67c259 100644 --- a/OSX/sec/securityd/SecOTRRemote.c +++ b/OSX/sec/securityd/SecOTRRemote.c @@ -45,6 +45,7 @@ CFDataRef SecOTRSessionCreateRemote_internal(CFDataRef publicAccountData, CFData CFDataRef result = NULL; SecOTRSessionRef ourSession = NULL; + require_quiet(ds, fail); require_quiet(publicPeerId, fail); privateAccount = (privateAccountData == NULL) ? CFRetainSafe(SOSKeychainAccountGetSharedAccount()) : SOSAccountCreateFromData(kCFAllocatorDefault, privateAccountData, ds, error); require_quiet(privateAccount, fail); diff --git a/OSX/sec/securityd/SecPolicyServer.c b/OSX/sec/securityd/SecPolicyServer.c index 78dbc697..0ccb00ac 100644 --- a/OSX/sec/securityd/SecPolicyServer.c +++ b/OSX/sec/securityd/SecPolicyServer.c @@ -49,7 +49,7 @@ #include #include #include -#include +#include #include #include #include @@ -62,6 +62,8 @@ #include #include #include +#include +#include #include #include #include @@ -624,7 +626,6 @@ static bool SecPolicyCheckDomain(SecPVCRef pvc, CFStringRef hostname) return true; } - /* AUDIT[securityd](done): policy->_options is a caller provided dictionary, only its cf type has been checked. @@ -1158,6 +1159,26 @@ static void SecPolicyCheckLeafMarkerOidWithoutValueCheck(SecPVCRef pvc, CFString } } +/* + * The value is a dictionary. The dictionary contains keys indicating + * whether the value is for Prod or QA. The values are the same as + * in the options dictionary for SecPolicyCheckLeafMarkerOid. + */ +static void SecPolicyCheckLeafMarkersProdAndQA(SecPVCRef pvc, CFStringRef key) +{ + SecCertificateRef cert = SecPVCGetCertificateAtIndex(pvc, 0); + SecPolicyRef policy = SecPVCGetPolicy(pvc); + CFDictionaryRef value = CFDictionaryGetValue(policy->_options, key); + CFTypeRef prodValue = CFDictionaryGetValue(value, kSecPolicyLeafMarkerProd); + + if (!SecPolicyCheckCertLeafMarkerOid(cert, prodValue)) { + bool result = false; + if (!result) { + SecPVCSetResult(pvc, key, 0, kCFBooleanFalse); + } + } +} + static void SecPolicyCheckIntermediateMarkerOid(SecPVCRef pvc, CFStringRef key) { CFIndex ix, count = SecPVCGetCertificateCount(pvc); @@ -1186,6 +1207,34 @@ static void SecPolicyCheckIntermediateEKU(SecPVCRef pvc, CFStringRef key) } } +static void SecPolicyCheckIntermediateOrganization(SecPVCRef pvc, CFStringRef key) +{ + CFIndex ix, count = SecPVCGetCertificateCount(pvc); + SecPolicyRef policy = SecPVCGetPolicy(pvc); + CFTypeRef organization = CFDictionaryGetValue(policy->_options, key); + + for (ix = 1; ix < count - 1; ix++) { + SecCertificateRef cert = SecPVCGetCertificateAtIndex(pvc, ix); + if (!SecPolicyCheckCertSubjectOrganization(cert, organization)) { + SecPVCSetResult(pvc, key, ix, kCFBooleanFalse); + } + } +} + +static void SecPolicyCheckIntermediateCountry(SecPVCRef pvc, CFStringRef key) +{ + CFIndex ix, count = SecPVCGetCertificateCount(pvc); + SecPolicyRef policy = SecPVCGetPolicy(pvc); + CFTypeRef country = CFDictionaryGetValue(policy->_options, key); + + for (ix = 1; ix < count - 1; ix++) { + SecCertificateRef cert = SecPVCGetCertificateAtIndex(pvc, ix); + if (!SecPolicyCheckCertSubjectCountry(cert, country)) { + SecPVCSetResult(pvc, key, ix, kCFBooleanFalse); + } + } +} + /* Returns true if path is on the allow list for the authority key of the certificate at certix, false otherwise. */ @@ -1311,47 +1360,8 @@ out: *********************** New rfc5280 Chain Validation *********************** ****************************************************************************/ -#if 0 -typedef struct cert_path *cert_path_t; -struct cert_path { - int length; -}; - -typedef struct x500_name *x500_name_t; -struct x500_name { -}; - -typedef struct algorithm_id *algorithm_id_t; -struct algorithm_id { - oid_t algorithm_oid; - der_t parameters; -}; - -typedef struct trust_anchor *trust_anchor_t; -struct trust_anchor { - x500_name_t issuer_name; - algorithm_id_t public_key_algorithm; /* includes optional params */ - SecKeyRef public_key; -}; - -typedef struct certificate_policy *certificate_policy_t; -struct certificate_policy { - policy_qualifier_t qualifiers; - oid_t oid; - SLIST_ENTRY(certificate_policy) policies; -}; - -typedef struct policy_mapping *policy_mapping_t; -struct policy_mapping { - SLIST_ENTRY(policy_mapping) mappings; - oid_t issuer_domain_policy; - oid_t subject_domain_policy; -}; - -typedef struct root_name *root_name_t; -struct root_name { -}; -#endif +#define POLICY_MAPPING 1 +#define POLICY_SUBTREES 1 struct policy_tree_add_ctx { oid_t p_oid; @@ -1411,17 +1421,17 @@ static bool policy_tree_add_expected(policy_tree_t node, void *ctx) { return added_node; } -#if 0 +#if POLICY_MAPPING /* For each node where ID-P is the valid_policy, set expected_policy_set to the set of subjectDomainPolicy values that are specified as equivalent to ID-P by the policy mappings extension. */ -static bool policy_tree_map(policy_tree_t node, void *ctx) { +static bool policy_tree_map_if_match(policy_tree_t node, void *ctx) { /* Can't map oidAnyPolicy. */ if (oid_equal(node->valid_policy, oidAnyPolicy)) return false; const SecCEPolicyMappings *pm = (const SecCEPolicyMappings *)ctx; - uint32_t mapping_ix, mapping_count = pm->numMappings; + size_t mapping_ix, mapping_count = pm->numMappings; policy_set_t policy_set = NULL; - /* First count how many mappings match this nodes valid_policy. */ + /* Generate the policy_set of sdps for matching idp */ for (mapping_ix = 0; mapping_ix < mapping_count; ++mapping_ix) { const SecCEPolicyMapping *mapping = &pm->mappings[mapping_ix]; if (oid_equal(node->valid_policy, mapping->issuerDomainPolicy)) { @@ -1437,10 +1447,97 @@ static bool policy_tree_map(policy_tree_t node, void *ctx) { } return false; } -#endif -#define POLICY_MAPPING 0 -#define POLICY_SUBTREES 1 +/* If no node of depth i in the valid_policy_tree has a valid_policy of ID-P but there is a node of depth i with a valid_policy of anyPolicy, then generate a child node of the node of depth i-1 that has a valid_policy of anyPolicy as follows: + (i) set the valid_policy to ID-P; + (ii) set the qualifier_set to the qualifier set of the policy anyPolicy in the certificate policies extension of certificate i; and + (iii) set the expected_policy_set to the set of subjectDomainPolicy values that are specified as equivalent to ID-P by the policy mappings extension. */ +static bool policy_tree_map_if_any(policy_tree_t node, void *ctx) { + if (!oid_equal(node->valid_policy, oidAnyPolicy)) { + return false; + } + + const SecCEPolicyMappings *pm = (const SecCEPolicyMappings *)ctx; + size_t mapping_ix, mapping_count = pm->numMappings; + CFMutableDictionaryRef mappings = NULL; + CFDataRef idp = NULL; + CFDataRef sdp = NULL; + require_quiet(mappings = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, + &kCFTypeDictionaryValueCallBacks), + errOut); + /* First we need to walk the mappings to generate the dictionary idp->sdps */ + for (mapping_ix = 0; mapping_ix < mapping_count; mapping_ix++) { + oid_t issuerDomainPolicy = pm->mappings[mapping_ix].issuerDomainPolicy; + oid_t subjectDomainPolicy = pm->mappings[mapping_ix].subjectDomainPolicy; + idp = CFDataCreateWithBytesNoCopy(NULL, issuerDomainPolicy.data, issuerDomainPolicy.length, kCFAllocatorNull); + sdp = CFDataCreateWithBytesNoCopy(NULL, subjectDomainPolicy.data, subjectDomainPolicy.length, kCFAllocatorNull); + CFMutableArrayRef sdps = (CFMutableArrayRef)CFDictionaryGetValue(mappings, idp); + if (sdps) { + CFArrayAppendValue(sdps, sdp); + } else { + require_quiet(sdps = CFArrayCreateMutable(kCFAllocatorDefault, 0, + &kCFTypeArrayCallBacks), errOut); + CFArrayAppendValue(sdps, sdp); + CFDictionarySetValue(mappings, idp, sdps); + CFRelease(sdps); + } + CFReleaseNull(idp); + CFReleaseNull(sdp); + } + + /* Now we use the dictionary to generate the new nodes */ + CFDictionaryForEach(mappings, ^(const void *key, const void *value) { + CFDataRef idp = key; + CFArrayRef sdps = value; + + /* (i) set the valid_policy to ID-P; */ + oid_t p_oid; + p_oid.data = (uint8_t *)CFDataGetBytePtr(idp); + p_oid.length = CFDataGetLength(idp); + + /* (ii) set the qualifier_set to the qualifier set of the policy anyPolicy in the certificate policies extension of certificate i */ + policy_qualifier_t p_q = node->qualifier_set; + + /* (iii) set the expected_policy_set to the set of subjectDomainPolicy values that are specified as equivalent to ID-P by the policy mappings extension. */ + __block policy_set_t p_expected = NULL; + CFArrayForEach(sdps, ^(const void *value) { + policy_set_t p_node = (policy_set_t)malloc(sizeof(*p_expected)); + p_node->oid.data = (void *)CFDataGetBytePtr(value); + p_node->oid.length = CFDataGetLength(value); + p_node->oid_next = p_expected ? p_expected : NULL; + p_expected = p_node; + }); + + policy_tree_add_sibling(node, &p_oid, p_q, p_expected); + }); + CFReleaseNull(mappings); + return true; + +errOut: + CFReleaseNull(mappings); + CFReleaseNull(idp); + CFReleaseNull(sdp); + return false; +} + +static bool policy_tree_map_delete_if_match(policy_tree_t node, void *ctx) { + /* Can't map oidAnyPolicy. */ + if (oid_equal(node->valid_policy, oidAnyPolicy)) + return false; + + const SecCEPolicyMappings *pm = (const SecCEPolicyMappings *)ctx; + size_t mapping_ix, mapping_count = pm->numMappings; + /* If this node matches any of the idps, delete it. */ + for (mapping_ix = 0; mapping_ix < mapping_count; ++mapping_ix) { + const SecCEPolicyMapping *mapping = &pm->mappings[mapping_ix]; + if (oid_equal(node->valid_policy, mapping->issuerDomainPolicy)) { + policy_tree_remove_node(&node); + break; + } + } + return true; +} +#endif /* POLICY_MAPPINGS */ /* rfc5280 basic cert processing. */ static void SecPolicyCheckBasicCertificateProcessing(SecPVCRef pvc, @@ -1461,7 +1558,7 @@ static void SecPolicyCheckBasicCertificateProcessing(SecPVCRef pvc, pvc->is_allowlisted = SecPVCCheckCertificateAllowList(pvc, n - 1); if (!pvc->is_allowlisted) { /* Add a detail for the root not being trusted. */ - if (SecPVCSetResultForced(pvc, kSecPolicyCheckAnchorTrusted, + if (!SecPVCSetResultForced(pvc, kSecPolicyCheckAnchorTrusted, n - 1, kCFBooleanFalse, true)) return; } @@ -1502,7 +1599,7 @@ static void SecPolicyCheckBasicCertificateProcessing(SecPVCRef pvc, for (i = 1; i <= n; ++i) { /* Process Cert */ cert = SecPVCGetCertificateAtIndex(pvc, n - i); - bool is_self_issued = SecPVCIsCertificateAtIndexSelfSigned(pvc, n - i); + bool is_self_issued = SecPVCIsCertificateAtIndexSelfIssued(pvc, n - i); /* (a) Verify the basic certificate information. */ /* @@@ Ensure that cert was signed with working_public_key_algorithm @@ -1601,41 +1698,33 @@ static void SecPolicyCheckBasicCertificateProcessing(SecPVCRef pvc, #if POLICY_MAPPING /* (a) verify that anyPolicy does not appear as an issuerDomainPolicy or a subjectDomainPolicy */ - CFDictionaryRef pm = SecCertificateGetPolicyMappings(cert); - if (pm) { - uint32_t mapping_ix, mapping_count = pm->numMappings; + const SecCEPolicyMappings *pm = SecCertificateGetPolicyMappings(cert); + if (pm && pm->present) { + size_t mapping_ix, mapping_count = pm->numMappings; for (mapping_ix = 0; mapping_ix < mapping_count; ++mapping_ix) { const SecCEPolicyMapping *mapping = &pm->mappings[mapping_ix]; if (oid_equal(mapping->issuerDomainPolicy, oidAnyPolicy) || oid_equal(mapping->subjectDomainPolicy, oidAnyPolicy)) { /* Policy mapping uses anyPolicy, illegal. */ - if (!SecPVCSetResultForced(pvc, key /* @@@ Need custom key */, n - i, kCFBooleanFalse)) { + if (!SecPVCSetResultForced(pvc, key /* @@@ Need custom key */, n - i, kCFBooleanFalse, true)) { goto errOut; } } } + /* (b) */ /* (1) If the policy_mapping variable is greater than 0 */ - if (policy_mapping > 0) { + if (policy_mapping > 0 && pvc->valid_policy_tree) { if (!policy_tree_walk_depth(pvc->valid_policy_tree, i, - policy_tree_map, (void *)pm)) { - /* If no node of depth i in the valid_policy_tree has a valid_policy of ID-P but there is a node of depth i with a valid_policy of anyPolicy, then generate a child node of the node of depth i-1 that has a valid_policy of anyPolicy as follows: - - (i) set the valid_policy to ID-P; - - (ii) set the qualifier_set to the qualifier set of the - policy anyPolicy in the certificate policies - extension of certificate i; and - (iii) set the expected_policy_set to the set of subjectDomainPolicy values that are specified as equivalent to ID-P by the policy mappings extension. */ - } - } else { - #if 0 + policy_tree_map_if_match, (void *)pm)) { + /* If no node of depth i in the valid_policy_tree has a valid_policy of ID-P but there is a node of depth i with a valid_policy of anyPolicy, then generate a child node of the node of depth i-1. */ + policy_tree_walk_depth(pvc->valid_policy_tree, i, policy_tree_map_if_any, (void *)pm); + } + } else if (pvc->valid_policy_tree) { /* (i) delete each node of depth i in the valid_policy_tree where ID-P is the valid_policy. */ - struct policy_tree_map_ctx ctx = { idp_oid, sdp_oid }; policy_tree_walk_depth(pvc->valid_policy_tree, i, - policy_tree_delete_if_match, &ctx); - #endif + policy_tree_map_delete_if_match, (void *)pm); /* (ii) If there is a node in the valid_policy_tree of depth i-1 or less without any child nodes, delete that node. Repeat this step until there are no nodes of @@ -1688,9 +1777,9 @@ static void SecPolicyCheckBasicCertificateProcessing(SecPVCRef pvc, } } /* (j) */ - uint32_t iap = SecCertificateGetInhibitAnyPolicySkipCerts(cert); - if (iap < inhibit_any_policy) { - inhibit_any_policy = iap; + const SecCEInhibitAnyPolicy *iap = SecCertificateGetInhibitAnyPolicySkipCerts(cert); + if (iap && iap->skipCerts < inhibit_any_policy) { + inhibit_any_policy = iap->skipCerts; } /* (k) */ const SecCEBasicConstraints *bc = @@ -2450,6 +2539,10 @@ static void SecPolicyCheckRevocationResponseRequired(SecPVCRef pvc, SecPVCSetCheckRevocationResponseRequired(pvc); } +static void SecPolicyCheckRevocationOnline(SecPVCRef pvc, CFStringRef key) { + SecPVCSetCheckRevocationOnline(pvc); +} + static void SecPolicyCheckNoNetworkAccess(SecPVCRef pvc, CFStringRef key) { SecPolicyRef policy = SecPVCGetPolicy(pvc); @@ -2523,6 +2616,110 @@ static void SecPolicyCheckSignatureHashAlgorithms(SecPVCRef pvc, } } +static bool leaf_is_on_weak_hash_whitelist(SecPVCRef pvc) { + SecCertificateRef leaf = SecPVCGetCertificateAtIndex(pvc, 0); + require_quiet(leaf, out); + + /* Leaf certificates that expire before Jan 3 2017 can get a pass. + * They must be updated before this goes live. */ + if (SecCertificateNotValidAfter(leaf) < 505200000.0) { + return true; + } + + /* And now a few special snowflakes */ + + /* subject:/C=UK/O=Vodafone Group/CN=Vodafone (Corporate Domain 2009) */ + /* issuer :/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root */ + /* Not After : Dec 19 17:25:36 2019 GMT */ + static const uint8_t vodafone[] = { + 0xC5, 0x0E, 0x88, 0xE5, 0x20, 0xA8, 0x10, 0x41, 0x1D, 0x63, + 0x4C, 0xB8, 0xF9, 0xCC, 0x93, 0x9B, 0xFD, 0x76, 0x93, 0x99 + }; + + CFIndex intermediate_ix = SecPVCGetCertificateCount(pvc) - 2; + require_quiet(intermediate_ix > 0, out); + SecCertificateRef intermediate = SecPVCGetCertificateAtIndex(pvc, intermediate_ix); + CFDataRef fingerprint = SecCertificateGetSHA1Digest(intermediate); + require_quiet(fingerprint, out); + const unsigned int len = 20; + const uint8_t *dp = CFDataGetBytePtr(fingerprint); + if (dp && (!memcmp(vodafone, dp, len))) { + return true; + } + +out: + return false; +} + +static bool SecPVCKeyIsConstraintPolicyOption(SecPVCRef pvc, CFStringRef key); + +static void SecPolicyCheckSystemTrustedWeakHash(SecPVCRef pvc, + CFStringRef key) { + CFIndex ix, count = SecPVCGetCertificateCount(pvc); +#if !NO_SERVER + CFDataRef clientAuditToken = NULL; + SecTaskRef task = NULL; +#endif + CFStringRef signingIdentifier = NULL; + + /* Only for Safari and WebKit. */ +#if NO_SERVER + require_quiet(signingIdentifier = CFRetainSafe(CFBundleGetIdentifier(CFBundleGetMainBundle())), out); +#else + require_quiet(clientAuditToken = SecPathBuilderCopyClientAuditToken(pvc->builder), out); + audit_token_t auditToken = {}; + require(sizeof(auditToken) == CFDataGetLength(clientAuditToken), out); + CFDataGetBytes(clientAuditToken, CFRangeMake(0, sizeof(auditToken)), (uint8_t *)&auditToken); + require_quiet(task = SecTaskCreateWithAuditToken(NULL, auditToken), out); + require_quiet(signingIdentifier = SecTaskCopySigningIdentifier(task, NULL), out); +#endif + require_quiet(CFStringHasPrefix(signingIdentifier, CFSTR("com.apple.Safari")) || + CFStringHasPrefix(signingIdentifier, CFSTR("com.apple.mobilesafari")) || + CFStringHasPrefix(signingIdentifier, CFSTR("com.apple.WebKit.Networking")) || + /* Or one of our test apps */ + CFStringHasPrefix(signingIdentifier, CFSTR("com.apple.security.SecurityTests")) || + CFStringHasPrefix(signingIdentifier, CFSTR("com.apple.security.SecurityDevTests")), out); + + Boolean keyInPolicy = false; + CFArrayRef policies = pvc->policies; + CFIndex policyIX, policyCount = CFArrayGetCount(policies); + for (policyIX = 0; policyIX < policyCount; ++policyIX) { + SecPolicyRef policy = (SecPolicyRef)CFArrayGetValueAtIndex(policies, policyIX); + if (policy && CFDictionaryContainsKey(policy->_options, key)) { + keyInPolicy = true; + } + } + + /* We only enforce this check when *both* of the following are true: + * 1. One of the certs in the path has this usage constraint, and + * 2. One of the policies in the PVC has this key + * (As compared to normal policy options which require only one to be true..) */ + require_quiet(SecPVCKeyIsConstraintPolicyOption(pvc, key) && + keyInPolicy, out); + + /* Ignore the anchor if it's trusted */ + if (SecCertificatePathIsAnchored(pvc->path)) { + count--; + } + for (ix = 0; ix < count; ++ix) { + SecCertificateRef cert = SecPVCGetCertificateAtIndex(pvc, ix); + if (SecCertificateIsWeakHash(cert)) { + if (!leaf_is_on_weak_hash_whitelist(pvc)) { + if (!SecPVCSetResult(pvc, key, ix, kCFBooleanFalse)) { + goto out; + } + } + } + } +out: +#if !NO_SERVER + CFReleaseNull(clientAuditToken); + CFReleaseNull(task); +#endif + CFReleaseNull(signingIdentifier); + return; +} + #define ENABLE_CRLS (TARGET_OS_MAC && !TARGET_OS_IPHONE) // MARK: - @@ -2550,6 +2747,9 @@ struct OpaqueSecRVC { SecCRVCRef crvc; #endif + /* Valid database info for this revocation check */ + SecValidInfoRef valid_info; + bool done; }; typedef struct OpaqueSecRVC *SecRVCRef; @@ -2559,6 +2759,7 @@ typedef struct OpaqueSecRVC *SecRVCRef; ****************** OCSP RVC Functions ****************** ********************************************************/ const CFAbsoluteTime kSecDefaultOCSPResponseTTL = 24.0 * 60.0 * 60.0; +const CFAbsoluteTime kSecOCSPResponseOnlineTTL = 5.0 * 60.0; #define OCSP_RESPONSE_TIMEOUT (3 * NSEC_PER_SEC) /* OCSP Revocation verification context. */ @@ -2955,10 +3156,11 @@ static SecORVCRef SecORVCCreate(SecRVCRef rvc, SecPVCRef pvc, CFIndex certIX) { orvc->done = false; SecCertificateRef cert = SecPVCGetCertificateAtIndex(pvc, certIX); - /* The certIX + 1 is ok here since certCount is always at least 1 - less than the actual number of certs in SecPVCCheckRevocation. */ - SecCertificateRef issuer = SecPVCGetCertificateAtIndex(pvc, certIX + 1); - orvc->ocspRequest = SecOCSPRequestCreate(cert, issuer); + CFIndex count = SecPVCGetCertificateCount(pvc); + if (certIX + 1 < count) { + SecCertificateRef issuer = SecPVCGetCertificateAtIndex(pvc, certIX + 1); + orvc->ocspRequest = SecOCSPRequestCreate(cert, issuer); + } } return orvc; } @@ -2983,7 +3185,6 @@ static void SecORVCProcessStapledResponses(SecORVCRef rvc) { ********************************************************/ #if ENABLE_CRLS #include <../trustd/SecTrustOSXEntryPoints.h> -OSStatus errSecCertificateRevoked = -67820; #define kSecDefaultCRLTTL kSecDefaultOCSPResponseTTL /* CRL Revocation verification context. */ @@ -3210,6 +3411,9 @@ static void SecRVCDelete(SecRVCRef rvc) { free(rvc->crvc); } #endif + if (rvc->valid_info) { + SecValidInfoRelease(rvc->valid_info); + } } static void SecRVCInit(SecRVCRef rvc, SecPVCRef pvc, CFIndex certIX) { @@ -3244,12 +3448,117 @@ static bool SecRVCShouldCheckOCSP(SecRVCRef rvc) { } #endif +static void SecRVCProcessValidInfoResults(SecRVCRef rvc) { + if (!rvc || !rvc->valid_info || !rvc->pvc) { + return; + } + /* Handle definitive revocations. + */ + bool valid = rvc->valid_info->valid; + SecValidInfoFormat format = rvc->valid_info->format; + if (!valid && (format == kSecValidInfoFormatSerial || format == kSecValidInfoFormatSHA256)) { + secdebug("validupdate", "rvc: revoked cert %" PRIdCFIndex, rvc->certIX); + SInt32 reason = 0; // unspecified, since the Valid db doesn't tell us + CFNumberRef cfreason = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &reason); + SecPVCSetResultForced(rvc->pvc, kSecPolicyCheckRevocation, rvc->certIX, + cfreason, true); + if (rvc->pvc->info) { + /* make the revocation reason available in the trust result */ + CFDictionarySetValue(rvc->pvc->info, kSecTrustRevocationReason, cfreason); + } + CFReleaseNull(cfreason); + + rvc->done = true; + return; + } + + /* Handle non-definitive information. + We set rvc->done = true above ONLY if the result was definitive; + otherwise we require a revocation check for SSL usage. + */ + if (format == kSecValidInfoFormatNto1) { + /* matched the filter */ + CFIndex count = SecPVCGetCertificateCount(rvc->pvc); + CFIndex issuerIX = rvc->certIX + 1; + if (issuerIX >= count) { + /* cannot perform a revocation check on the last cert in the + chain, since we don't have its issuer. */ + return; + } + SecPolicyRef policy = SecPVCGetPolicy(rvc->pvc); + CFStringRef policyName = (policy) ? SecPolicyGetName(policy) : NULL; + if (policyName && CFEqual(CFSTR("sslServer"), policyName)) { + /* perform revocation check for SSL policy; + require for leaf if an OCSP responder is present. */ + if (0 == rvc->certIX) { + SecCertificateRef cert = SecPVCGetCertificateAtIndex(rvc->pvc, rvc->certIX); + CFArrayRef resps = (cert) ? SecCertificateGetOCSPResponders(cert) : NULL; + CFIndex rcount = (resps) ? CFArrayGetCount(resps) : 0; + if (rcount > 0) { + rvc->pvc->response_required = true; + } + } + rvc->pvc->check_revocation = kSecPolicyCheckRevocationAny; + } + } + +} + +static bool SecRVCCheckValidInfoDatabase(SecRVCRef rvc) { + /* If the valid database is enabled... */ +#if (__MAC_OS_X_VERSION_MIN_REQUIRED >= 101300 || __IPHONE_OS_VERSION_MIN_REQUIRED >= 110000) + /* Make sure revocation db info is up-to-date, + if we are allowed to access the network */ +#if !TARGET_OS_BRIDGE + SecPathBuilderRef builder = rvc->pvc->builder; + if (SecPathBuilderCanAccessNetwork(builder)) { + SecRevocationDbCheckNextUpdate(); + } +#endif + /* Check whether we have valid db info for this cert, + given the cert and its issuer */ + SecValidInfoRef info = NULL; + CFIndex count = SecPVCGetCertificateCount(rvc->pvc); + if (count) { + SecCertificateRef cert = NULL; + SecCertificateRef issuer = NULL; + CFIndex issuerIX = rvc->certIX + 1; + if (count > issuerIX) { + issuer = SecPVCGetCertificateAtIndex(rvc->pvc, issuerIX); + } else if (count == issuerIX) { + CFIndex rootIX = SecCertificatePathSelfSignedIndex(rvc->pvc->path); + if (rootIX == rvc->certIX) { + issuer = SecPVCGetCertificateAtIndex(rvc->pvc, rootIX); + } + } + cert = SecPVCGetCertificateAtIndex(rvc->pvc, rvc->certIX); + info = SecRevocationDbCopyMatching(cert, issuer); + } + if (info) { + SecValidInfoRef old_info = rvc->valid_info; + rvc->valid_info = info; + if (old_info) { + SecValidInfoRelease(old_info); + } + return true; + } +#endif + return false; +} + static void SecRVCCheckRevocationCaches(SecRVCRef rvc) { /* Don't check OCSP cache if CRLs enabled and policy requested CRL only */ if (SecRVCShouldCheckOCSP(rvc)) { secdebug("ocsp", "Checking cached responses for cert %ld", rvc->certIX); + SecOCSPResponseRef response = NULL; + if (rvc->pvc->online_revocation) { + CFAbsoluteTime now = CFAbsoluteTimeGetCurrent(); + response = SecOCSPCacheCopyMatchingWithMinInsertTime(rvc->orvc->ocspRequest, NULL, now - kSecOCSPResponseOnlineTTL); + } else { + response = SecOCSPCacheCopyMatching(rvc->orvc->ocspRequest, NULL); + } SecORVCConsumeOCSPResponse(rvc->orvc, - SecOCSPCacheCopyMatching(rvc->orvc->ocspRequest, NULL), + response, NULL_TIME, false); } #if ENABLE_CRLS @@ -3301,9 +3610,12 @@ static bool SecPVCCheckRevocation(SecPVCRef pvc) { /* * Don't need to call SecPVCIsAnchored; having an issuer is sufficient here. - * We can't check revocation for the final cert in the chain. + * + * Note: we can't check revocation for the last certificate in the chain + * via OCSP or CRL methods, since there isn't a separate issuer cert to + * sign those responses. However, since a self-signed root has an implied + * issuer of itself, we can check for it in the valid database. */ - certCount--; if (pvc->rvcs) { /* We have done revocation checking already, we're done. */ @@ -3311,27 +3623,27 @@ static bool SecPVCCheckRevocation(SecPVCRef pvc) { return completed; } - /* Setup things so we check revocation status of all certs except the - anchor. */ + /* Setup things so we check revocation status of all certs. */ pvc->rvcs = calloc(sizeof(struct OpaqueSecRVC), certCount); /* Note that if we are multi threaded and a job completes after it is started but before we return from this function, we don't want a callback to decrement asyncJobCount to zero before we finish issuing - all the jobs. To avoid this we pretend we issued certCount async jobs, + all the jobs. To avoid this we pretend we issued certCount-1 async jobs, and decrement pvc->asyncJobCount for each cert that we don't start a - background fetch for. */ + background fetch for. (We will never start an async job for the final + cert in the chain.) */ #if !ENABLE_CRLS - pvc->asyncJobCount = (unsigned int) certCount; + pvc->asyncJobCount = (unsigned int)(certCount-1); #else /* If we enable CRLS, we may end up with two async jobs per cert: one * for OCSP and one for fetching the CRL */ - pvc->asyncJobCount = 2 * (unsigned int)certCount; + pvc->asyncJobCount = 2 * (unsigned int)(certCount-1); #endif secdebug("rvc", "set asyncJobCount to %d", pvc->asyncJobCount); /* Loop though certificates again and issue an ocsp fetch if the - revocation status checking isn't done yet. */ + * revocation status checking isn't done yet (and we have an issuer!) */ for (certIX = 0; certIX < certCount; ++certIX) { secdebug("rvc", "checking revocation for cert: %ld", certIX); SecRVCRef rvc = &((SecRVCRef)pvc->rvcs)[certIX]; @@ -3339,6 +3651,19 @@ static bool SecPVCCheckRevocation(SecPVCRef pvc) { if (rvc->done){ continue; } + +#if !TARGET_OS_BRIDGE + /* Check valid database first (separate from OCSP response cache) */ + if (SecRVCCheckValidInfoDatabase(rvc)) { + SecRVCProcessValidInfoResults(rvc); + } +#endif + /* Any other revocation method requires an issuer certificate; + * skip the last cert in the chain since it doesn't have one. */ + if (certIX+1 >= certCount) { + continue; + } + /* Ignore stapled OCSP responses only if CRLs are enabled and the * policy specifically requested CRLs only. */ if (SecRVCShouldCheckOCSP(rvc)) { @@ -3366,10 +3691,16 @@ static bool SecPVCCheckRevocation(SecPVCRef pvc) { rvc->done = true; } + /* If we got a cached response that is no longer valid (which can only be true for + * revoked responses), let's try to get a fresher response even if no one asked. + * This check resolves unrevocation events after the nextUpdate time. */ + bool old_cached_response = (!rvc->done && rvc->orvc->ocspResponse); + /* If the cert is EV or if revocation checking was explicitly enabled, attempt to fire off an async http request for this cert's revocation status, unless we already successfully checked - the revocation status of this cert based on the cache or stapled responses, */ - bool allow_fetch = SecPathBuilderCanAccessNetwork(pvc->builder) && (pvc->is_ev || pvc->check_revocation); + the revocation status of this cert based on the cache or stapled responses. */ + bool allow_fetch = SecPathBuilderCanAccessNetwork(pvc->builder) && + (pvc->is_ev || pvc->check_revocation || old_cached_response); bool fetch_done = true; if (rvc->done || !allow_fetch) { /* We got a cache hit or we aren't allowed to access the network */ @@ -3502,6 +3833,9 @@ void SecPolicyServerInitalize(void) { CFDictionaryAddValue(gSecPolicyLeafCallbacks, kSecPolicyCheckRevocationResponseRequired, SecPolicyCheckRevocationResponseRequired); + CFDictionaryAddValue(gSecPolicyLeafCallbacks, + kSecPolicyCheckRevocationOnline, + SecPolicyCheckRevocationOnline); CFDictionaryAddValue(gSecPolicyLeafCallbacks, kSecPolicyCheckNoNetworkAccess, SecPolicyCheckNoNetworkAccess); @@ -3517,6 +3851,9 @@ void SecPolicyServerInitalize(void) { CFDictionaryAddValue(gSecPolicyLeafCallbacks, kSecPolicyCheckLeafMarkerOidWithoutValueCheck, SecPolicyCheckLeafMarkerOidWithoutValueCheck); + CFDictionaryAddValue(gSecPolicyLeafCallbacks, + kSecPolicyCheckLeafMarkersProdAndQA, + SecPolicyCheckLeafMarkersProdAndQA); CFDictionaryAddValue(gSecPolicyPathCallbacks, kSecPolicyCheckIntermediateSPKISHA256, SecPolicyCheckIntermediateSPKISHA256); @@ -3544,6 +3881,15 @@ void SecPolicyServerInitalize(void) { CFDictionaryAddValue(gSecPolicyPathCallbacks, kSecPolicyCheckSignatureHashAlgorithms, SecPolicyCheckSignatureHashAlgorithms); + CFDictionaryAddValue(gSecPolicyPathCallbacks, + kSecPolicyCheckSystemTrustedWeakHash, + SecPolicyCheckSystemTrustedWeakHash); + CFDictionaryAddValue(gSecPolicyPathCallbacks, + kSecPolicyCheckIntermediateOrganization, + SecPolicyCheckIntermediateOrganization); + CFDictionaryAddValue(gSecPolicyPathCallbacks, + kSecPolicyCheckIntermediateCountry, + SecPolicyCheckIntermediateCountry); } // MARK: - @@ -3571,7 +3917,7 @@ void SecPVCInit(SecPVCRef pvc, SecPathBuilderRef builder, CFArrayRef policies, static void SecPVCDeleteRVCs(SecPVCRef pvc) { secdebug("alloc", "%p", pvc); if (pvc->rvcs) { - CFIndex certIX, certCount = SecPVCGetCertificateCount(pvc) - 1; + CFIndex certIX, certCount = SecPVCGetCertificateCount(pvc); for (certIX = 0; certIX < certCount; ++certIX) { SecRVCRef rvc = &((SecRVCRef)pvc->rvcs)[certIX]; SecRVCDelete(rvc); @@ -3628,8 +3974,20 @@ SecCertificateRef SecPVCGetCertificateAtIndex(SecPVCRef pvc, CFIndex ix) { return SecCertificatePathGetCertificateAtIndex(pvc->path, ix); } -bool SecPVCIsCertificateAtIndexSelfSigned(SecPVCRef pvc, CFIndex ix) { - return SecCertificatePathSelfSignedIndex(pvc->path) == ix; +bool SecPVCIsCertificateAtIndexSelfIssued(SecPVCRef pvc, CFIndex ix) { + /* The SecCertificatePath only tells us the last self-issued cert. + * The chain may have more than one self-issued cert, so we need to + * do the comparison. */ + bool result = false; + SecCertificateRef cert = SecPVCGetCertificateAtIndex(pvc, ix); + CFDataRef issuer = SecCertificateCopyNormalizedIssuerSequence(cert); + CFDataRef subject = SecCertificateCopyNormalizedSubjectSequence(cert); + if (issuer && subject && CFEqual(issuer, subject)) { + result = true; + } + CFReleaseNull(issuer); + CFReleaseNull(subject); + return result; } void SecPVCSetCheckRevocation(SecPVCRef pvc, CFStringRef method) { @@ -3642,6 +4000,11 @@ void SecPVCSetCheckRevocationResponseRequired(SecPVCRef pvc) { secdebug("rvc", "revocation response required"); } +void SecPVCSetCheckRevocationOnline(SecPVCRef pvc) { + pvc->online_revocation = true; + secdebug("rvc", "revocation force online check"); +} + bool SecPVCIsAnchored(SecPVCRef pvc) { return SecCertificatePathIsAnchored(pvc->path); } @@ -3698,6 +4061,28 @@ static bool SecPVCIsAllowedError(SecPVCRef pvc, CFIndex ix, CFStringRef key) { return result; } +static bool SecPVCKeyIsConstraintPolicyOption(SecPVCRef pvc, CFStringRef key) { + CFIndex certIX, certCount = SecCertificatePathGetCount(pvc->path); + for (certIX = 0; certIX < certCount; certIX++) { + CFArrayRef constraints = SecCertificatePathGetUsageConstraintsAtIndex(pvc->path, certIX); + CFIndex constraintIX, constraintCount = CFArrayGetCount(constraints); + for (constraintIX = 0; constraintIX < constraintCount; constraintIX++) { + CFDictionaryRef constraint = (CFDictionaryRef)CFArrayGetValueAtIndex(constraints, constraintIX); + if (!isDictionary(constraint)) { + continue; + } + + CFDictionaryRef policyOptions = NULL; + policyOptions = (CFDictionaryRef)CFDictionaryGetValue(constraint, kSecTrustSettingsPolicyOptions); + if (policyOptions && isDictionary(policyOptions) && + CFDictionaryContainsKey(policyOptions, key)) { + return true; + } + } + } + return false; +} + /* AUDIT[securityd](done): policy->_options is a caller provided dictionary, only its cf type has been checked. @@ -3714,12 +4099,12 @@ bool SecPVCSetResultForced(SecPVCRef pvc, /* If this is not something the current policy cares about ignore this error and return true so our caller continues evaluation. */ if (!force) { - /* @@@ The right long term fix might be to check if none of the passed - in policies contain this key, since not all checks are run for all - policies. */ + /* Either the policy or the usage constraints have to have this key */ SecPolicyRef policy = SecPVCGetPolicy(pvc); - if (policy && !CFDictionaryContainsKey(policy->_options, key)) + if (!(SecPVCKeyIsConstraintPolicyOption(pvc, key) || + (policy && CFDictionaryContainsKey(policy->_options, key)))) { return true; + } } /* Check to see if the SecTrustSettings for the certificate in question @@ -4126,9 +4511,6 @@ static bool SecPVCContainsTrustSettingsKeyUsage(SecPVCRef pvc, } #if TARGET_OS_MAC && !TARGET_OS_IPHONE -/* We need to declare the SecTrustedApplicationRef type for those binaries - * that don't include the OS X Security Framework headers. */ -typedef struct CF_BRIDGED_TYPE(id) OpaqueSecTrustedApplicationRef *SecTrustedApplicationRef; #include #include @@ -4155,12 +4537,36 @@ out: } #endif +static bool SecPVCContainsTrustSettingsPolicyOption(SecPVCRef pvc, CFDictionaryRef options) { + if (!isDictionary(options)) { + return false; + } + + /* Push */ + CFDictionaryRef currentCallbacks = pvc->callbacks; + + /* We need to run the leaf and path checks using these options. */ + pvc->callbacks = gSecPolicyLeafCallbacks; + CFDictionaryApplyFunction(options, SecPVCValidateKey, pvc); + + pvc->callbacks = gSecPolicyPathCallbacks; + CFDictionaryApplyFunction(options, SecPVCValidateKey, pvc); + + /* Pop */ + pvc->callbacks = currentCallbacks; + + /* Our work here is done; no need to claim a match */ + return false; +} + static bool SecPVCMeetsConstraint(SecPVCRef pvc, SecCertificateRef certificate, CFDictionaryRef constraint) { CFStringRef policyOid = NULL, policyString = NULL, policyName = NULL; CFNumberRef keyUsageNumber = NULL; CFTypeRef trustedApplicationData = NULL; + CFDictionaryRef policyOptions = NULL; - bool policyMatch = false, policyStringMatch = false, applicationMatch = false , keyUsageMatch = false; + bool policyMatch = false, policyStringMatch = false, applicationMatch = false , + keyUsageMatch = false, policyOptionMatch = false; bool result = false; #if TARGET_OS_MAC && !TARGET_OS_IPHONE @@ -4174,11 +4580,13 @@ static bool SecPVCMeetsConstraint(SecPVCRef pvc, SecCertificateRef certificate, policyName = (CFStringRef)CFDictionaryGetValue(constraint, kSecTrustSettingsPolicyName); policyString = (CFStringRef)CFDictionaryGetValue(constraint, kSecTrustSettingsPolicyString); keyUsageNumber = (CFNumberRef)CFDictionaryGetValue(constraint, kSecTrustSettingsKeyUsage); + policyOptions = (CFDictionaryRef)CFDictionaryGetValue(constraint, kSecTrustSettingsPolicyOptions); CFIndex policyIX = -1; policyMatch = SecPVCContainsPolicy(pvc, policyOid, policyName, &policyIX); policyStringMatch = SecPVCContainsString(pvc, policyIX, policyString); keyUsageMatch = SecPVCContainsTrustSettingsKeyUsage(pvc, certificate, policyIX, keyUsageNumber); + policyOptionMatch = SecPVCContainsTrustSettingsPolicyOption(pvc, policyOptions); #if TARGET_OS_MAC && !TARGET_OS_IPHONE trustedApplicationData = CFDictionaryGetValue(constraint, kSecTrustSettingsApplication); @@ -4197,7 +4605,8 @@ static bool SecPVCMeetsConstraint(SecPVCRef pvc, SecCertificateRef certificate, if (((!policyOid && !policyName) || policyMatch) && (!policyString || policyStringMatch) && (!trustedApplicationData || applicationMatch) && - (!keyUsageNumber || keyUsageMatch)) { + (!keyUsageNumber || keyUsageMatch) && + (!policyOptions || policyOptionMatch)) { result = true; } @@ -4350,6 +4759,9 @@ bool SecPVCPathChecks(SecPVCRef pvc) { return completed; } + // Reset + pvc->policyIX = 0; + /* Check whether the TrustSettings say to deny a cert in the path. */ (void)SecPVCCheckUsageConstraints(pvc); diff --git a/OSX/sec/securityd/SecPolicyServer.h b/OSX/sec/securityd/SecPolicyServer.h index a690bc64..c46df7eb 100644 --- a/OSX/sec/securityd/SecPolicyServer.h +++ b/OSX/sec/securityd/SecPolicyServer.h @@ -59,6 +59,7 @@ struct OpaqueSecPVC { CFStringRef check_revocation; bool response_required; + bool online_revocation; bool optionally_ev; bool is_ev; bool is_ct; @@ -76,7 +77,7 @@ SecPolicyRef SecPVCGetPolicy(SecPVCRef pv); CFAbsoluteTime SecPVCGetVerifyTime(SecPVCRef pv); CFIndex SecPVCGetCertificateCount(SecPVCRef pv); SecCertificateRef SecPVCGetCertificateAtIndex(SecPVCRef pv, CFIndex ix); -bool SecPVCIsCertificateAtIndexSelfSigned(SecPVCRef pvc, CFIndex ix); +bool SecPVCIsCertificateAtIndexSelfIssued(SecPVCRef pvc, CFIndex ix); bool SecPVCIsAnchored(SecPVCRef pvc); /* Set the string result as the reason for the sub policy check key @@ -93,6 +94,9 @@ void SecPVCSetCheckRevocation(SecPVCRef pvc, CFStringRef method); /* Require a revocation response for the leaf certificate. */ void SecPVCSetCheckRevocationResponseRequired(SecPVCRef pvc); +/* Require a online revocation response for the chain. */ +void SecPVCSetCheckRevocationOnline(SecPVCRef pvc); + /* Run static leaf checks on the path in pvc. */ bool SecPVCLeafChecks(SecPVCRef pvc); diff --git a/OSX/sec/securityd/SecRevocationDb.c b/OSX/sec/securityd/SecRevocationDb.c new file mode 100644 index 00000000..b9e7b3c2 --- /dev/null +++ b/OSX/sec/securityd/SecRevocationDb.c @@ -0,0 +1,1929 @@ +/* + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + * + */ + +/* + * SecRevocationDb.c + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "utilities/debugging.h" +#include "utilities/sqlutils.h" +#include "utilities/SecAppleAnchorPriv.h" +#include "utilities/iOSforOSX.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + + +static CFStringRef kAcceptEncoding = CFSTR("Accept-Encoding"); +static CFStringRef kAppEncoding = CFSTR("deflate"); +static CFStringRef kUserAgent = CFSTR("User-Agent"); +static CFStringRef kAppUserAgent = CFSTR("com.apple.trustd/1.0"); +static CFStringRef kValidUpdateServer = CFSTR("valid.apple.com"); + +static CFStringRef kSecPrefsDomain = CFSTR("com.apple.security"); +static CFStringRef kUpdateServerKey = CFSTR("ValidUpdateServer"); +static CFStringRef kUpdateEnabledKey = CFSTR("ValidUpdateEnabled"); +static CFStringRef kUpdateIntervalKey = CFSTR("ValidUpdateInterval"); +static CFStringRef kUpdateWiFiOnlyKey = CFSTR("ValidUpdateWiFiOnly"); + +typedef CF_OPTIONS(CFOptionFlags, SecValidInfoFlags) { + kSecValidInfoComplete = 1u << 0, + kSecValidInfoCheckOCSP = 1u << 1, + kSecValidInfoKnownOnly = 1u << 2, + kSecValidInfoRequireCT = 1u << 3, + kSecValidInfoAllowlist = 1u << 4 +}; + +/* minimum initial interval after process startup */ +#define kSecMinUpdateInterval (60.0 * 5) + +/* second and subsequent intervals */ +#define kSecStdUpdateInterval (60.0 * 60) + +/* maximum allowed interval */ +#define kSecMaxUpdateInterval (60.0 * 60 * 24 * 7) + +/* background download timeout */ +#define kSecMaxDownloadSeconds (60.0 * 10) + +#define kSecRevocationBasePath "/Library/Keychains/crls" +#define kSecRevocationDbFileName "valid.sqlite3" + +bool SecRevocationDbVerifyUpdate(CFDictionaryRef update); +CFIndex SecRevocationDbIngestUpdate(CFDictionaryRef update); +void SecRevocationDbApplyUpdate(CFDictionaryRef update, CFIndex version); +CFAbsoluteTime SecRevocationDbComputeNextUpdateTime(CFDictionaryRef update); +void SecRevocationDbSetSchemaVersion(CFIndex dbversion); +void SecRevocationDbSetNextUpdateTime(CFAbsoluteTime nextUpdate); +CFAbsoluteTime SecRevocationDbGetNextUpdateTime(void); +dispatch_queue_t SecRevocationDbGetUpdateQueue(void); +void SecRevocationDbRemoveAllEntries(void); + + +static CFDataRef copyInflatedData(CFDataRef data) { + if (!data) { + return NULL; + } + z_stream zs; + memset(&zs, 0, sizeof(zs)); + /* 32 is a magic value which enables automatic header detection + of gzip or zlib compressed data. */ + if (inflateInit2(&zs, 32+MAX_WBITS) != Z_OK) { + return NULL; + } + zs.next_in = (UInt8 *)(CFDataGetBytePtr(data)); + zs.avail_in = (uInt)CFDataGetLength(data); + + CFMutableDataRef outData = CFDataCreateMutable(NULL, 0); + if (!outData) { + return NULL; + } + CFIndex buf_sz = malloc_good_size(zs.avail_in ? zs.avail_in : 1024 * 4); + unsigned char *buf = malloc(buf_sz); + int rc; + do { + zs.next_out = (Bytef*)buf; + zs.avail_out = (uInt)buf_sz; + rc = inflate(&zs, 0); + CFIndex outLen = CFDataGetLength(outData); + if (outLen < (CFIndex)zs.total_out) { + CFDataAppendBytes(outData, (const UInt8*)buf, (CFIndex)zs.total_out - outLen); + } + } while (rc == Z_OK); + + inflateEnd(&zs); + + if (buf) { + free(buf); + } + if (rc != Z_STREAM_END) { + CFReleaseSafe(outData); + return NULL; + } + return (CFDataRef)outData; +} + +static CFDataRef copyDeflatedData(CFDataRef data) { + if (!data) { + return NULL; + } + z_stream zs; + memset(&zs, 0, sizeof(zs)); + if (deflateInit(&zs, Z_BEST_COMPRESSION) != Z_OK) { + return NULL; + } + zs.next_in = (UInt8 *)(CFDataGetBytePtr(data)); + zs.avail_in = (uInt)CFDataGetLength(data); + + CFMutableDataRef outData = CFDataCreateMutable(NULL, 0); + if (!outData) { + return NULL; + } + CFIndex buf_sz = malloc_good_size(zs.avail_in ? zs.avail_in : 1024 * 4); + unsigned char *buf = malloc(buf_sz); + int rc = Z_BUF_ERROR; + do { + zs.next_out = (Bytef*)buf; + zs.avail_out = (uInt)buf_sz; + rc = deflate(&zs, Z_FINISH); + + if (rc == Z_OK || rc == Z_STREAM_END) { + CFIndex buf_used = buf_sz - zs.avail_out; + CFDataAppendBytes(outData, (const UInt8*)buf, buf_used); + } + else if (rc == Z_BUF_ERROR) { + free(buf); + buf_sz = malloc_good_size(buf_sz * 2); + buf = malloc(buf_sz); + if (buf) { + rc = Z_OK; /* try again with larger buffer */ + } + } + } while (rc == Z_OK && zs.avail_in); + + deflateEnd(&zs); + + if (buf) { + free(buf); + } + if (rc != Z_STREAM_END) { + CFReleaseSafe(outData); + return NULL; + } + return (CFDataRef)outData; +} + +static uint32_t calculateCrc32(CFDataRef data) { + if (!data) { return 0; } + uint32_t crc = (uint32_t)crc32(0L, Z_NULL, 0); + uint32_t len = (uint32_t)CFDataGetLength(data); + const unsigned char *bytes = CFDataGetBytePtr(data); + return (uint32_t)crc32(crc, bytes, len); +} + +static int checkBasePath(const char *basePath) { + return mkpath_np((char*)basePath, 0755); +} + +static int writeFile(const char *fileName, + const unsigned char *bytes, // compressed data, if crc != 0 + size_t numBytes, // length of content to write + uint32_t crc, // crc32 over uncompressed content + uint32_t length) { // uncompressed content length + int rtn, fd; + off_t off; + size_t numToWrite=numBytes; + const unsigned char *p=bytes; + + fd = open(fileName, O_RDWR | O_CREAT | O_TRUNC, 0644); + if(fd < 0) { return errno; } + off = lseek(fd, 0, SEEK_SET); + if(off < 0) { return errno; } + if(crc) { + /* add gzip header per RFC1952 2.2 */ + uint8_t hdr[10] = { 31, 139, 8, 0, 0, 0, 0, 0, 2, 3 }; + write(fd, hdr, sizeof(hdr)); + /* skip 2-byte stream header and 4-byte trailing CRC */ + if (numToWrite > 6) { + numToWrite -= 6; + p += 2; + } + } + off = write(fd, p, numToWrite); + if((size_t)off != numToWrite) { + rtn = EIO; + } else { + rtn = 0; + } + if(crc) { + /* add gzip trailer per RFC1952 2.2 */ + /* note: gzip seems to want these values in host byte order. */ + write(fd, &crc, sizeof(crc)); + write(fd, &length, sizeof(length)); + } + close(fd); + return rtn; +} + +static int readFile(const char *fileName, + CFDataRef *bytes) { // allocated and returned + int rtn, fd; + char *buf; + struct stat sb; + size_t size; + ssize_t rrc; + + *bytes = NULL; + fd = open(fileName, O_RDONLY); + if(fd < 0) { return errno; } + rtn = fstat(fd, &sb); + if(rtn) { goto errOut; } + if (sb.st_size > (off_t) ((UINT32_MAX >> 1)-1)) { + rtn = EFBIG; + goto errOut; + } + size = (size_t)sb.st_size; + + *bytes = (CFDataRef)CFDataCreateMutable(NULL, (CFIndex)size); + if(!*bytes) { + rtn = ENOMEM; + goto errOut; + } + + CFDataSetLength((CFMutableDataRef)*bytes, (CFIndex)size); + buf = (char*)CFDataGetBytePtr(*bytes); + rrc = read(fd, buf, size); + if(rrc != (ssize_t) size) { + rtn = EIO; + } + else { + rtn = 0; + } + +errOut: + close(fd); + if(rtn) { + CFReleaseNull(*bytes); + } + return rtn; +} + +static bool isDbOwner() { +#if TARGET_OS_EMBEDDED + if (getuid() == 64) // _securityd +#else + if (getuid() == 0) +#endif + { + return true; + } + return false; +} + + +// MARK: - +// MARK: SecValidUpdateRequest + +/* ====================================================================== + SecValidUpdateRequest + ======================================================================*/ + +static CFAbsoluteTime gUpdateRequestScheduled = 0.0; +static CFAbsoluteTime gNextUpdate = 0.0; +static CFIndex gUpdateInterval = 0; +static CFIndex gLastVersion = 0; + +typedef struct SecValidUpdateRequest *SecValidUpdateRequestRef; +struct SecValidUpdateRequest { + asynchttp_t http; /* Must be first field. */ + CFStringRef server; /* Server name. (e.g. "valid.apple.com") */ + CFIndex version; /* Our current version. */ + xpc_object_t criteria; /* Constraints dictionary for request. */ +}; + +static void SecValidUpdateRequestRelease(SecValidUpdateRequestRef request) { + if (!request) { + return; + } + CFReleaseSafe(request->server); + asynchttp_free(&request->http); + if (request->criteria) { + xpc_release(request->criteria); + } + free(request); +} + +static void SecValidUpdateRequestIssue(SecValidUpdateRequestRef request) { + // issue the async http request now + CFStringRef urlStr = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, + CFSTR("https://%@/get/v%ld"), + request->server, (long)request->version); + + CFURLRef url = (urlStr) ? CFURLCreateWithString(kCFAllocatorDefault, urlStr, NULL) : NULL; + CFReleaseSafe(urlStr); + if (!url) { + secnotice("validupdate", "invalid update url"); + SecValidUpdateRequestRelease(request); + return; + } + CFHTTPMessageRef msg = CFHTTPMessageCreateRequest(kCFAllocatorDefault, + CFSTR("GET"), url, kCFHTTPVersion1_1); + CFReleaseSafe(url); + if (msg) { + secdebug("validupdate", "%@", msg); + CFHTTPMessageSetHeaderFieldValue(msg, CFSTR("Accept"), CFSTR("*/*")); + CFHTTPMessageSetHeaderFieldValue(msg, kAcceptEncoding, kAppEncoding); + CFHTTPMessageSetHeaderFieldValue(msg, kUserAgent, kAppUserAgent); + bool done = asynchttp_request(msg, kSecMaxDownloadSeconds*NSEC_PER_SEC, &request->http); + CFReleaseSafe(msg); + if (done == false) { + return; + } + } + secdebug("validupdate", "no request issued"); + SecValidUpdateRequestRelease(request); +} + +static bool SecValidUpdateRequestSchedule(SecValidUpdateRequestRef request) { + if (!request || !request->server) { + secnotice("validupdate", "invalid update request"); + SecValidUpdateRequestRelease(request); + return false; + } else if (gUpdateRequestScheduled != 0.0) { + // TBD: may need a separate scheduled activity which can perform a request with + // fewer constraints if our request has not been satisfied for a week or so + secdebug("validupdate", "update request already scheduled at %f, will not reissue", + (double)gUpdateRequestScheduled); + SecValidUpdateRequestRelease(request); + return true; // request is still in the queue + } else { + gUpdateRequestScheduled = CFAbsoluteTimeGetCurrent(); + secdebug("validupdate", "scheduling update at %f", (double)gUpdateRequestScheduled); + } + + // determine whether to issue request without waiting for activity criteria to be satisfied + bool updateOnWiFiOnly = true; + CFTypeRef value = (CFBooleanRef)CFPreferencesCopyValue(kUpdateWiFiOnlyKey, kSecPrefsDomain, kCFPreferencesAnyUser, kCFPreferencesCurrentHost); + if (isBoolean(value)) { + updateOnWiFiOnly = CFBooleanGetValue((CFBooleanRef)value); + } + CFReleaseNull(value); + if (!updateOnWiFiOnly) { + SecValidUpdateRequestIssue(request); + gUpdateRequestScheduled = 0.0; + return true; + } + + xpc_object_t criteria = xpc_dictionary_create(NULL, NULL, 0); + xpc_dictionary_set_bool(criteria, XPC_ACTIVITY_REPEATING, false); + xpc_dictionary_set_string(criteria, XPC_ACTIVITY_PRIORITY, XPC_ACTIVITY_PRIORITY_MAINTENANCE); + // we want to start as soon as possible + xpc_dictionary_set_int64(criteria, XPC_ACTIVITY_DELAY, 0); + xpc_dictionary_set_int64(criteria, XPC_ACTIVITY_GRACE_PERIOD, 5); + // we are downloading data and want to use WiFi instead of cellular + xpc_dictionary_set_bool(criteria, XPC_ACTIVITY_REQUIRE_NETWORK_CONNECTIVITY, true); + xpc_dictionary_set_bool(criteria, XPC_ACTIVITY_REQUIRE_INEXPENSIVE_NETWORK_CONNECTIVITY, true); + xpc_dictionary_set_string(criteria, XPC_ACTIVITY_NETWORK_TRANSFER_DIRECTION, XPC_ACTIVITY_NETWORK_TRANSFER_DIRECTION_DOWNLOAD); + + if (request->criteria) { + xpc_release(request->criteria); + } + request->criteria = criteria; + + xpc_activity_register("com.apple.trustd.validupdate", criteria, ^(xpc_activity_t activity) { + xpc_activity_state_t activityState = xpc_activity_get_state(activity); + switch (activityState) { + case XPC_ACTIVITY_STATE_CHECK_IN: { + secdebug("validupdate", "xpc activity state: XPC_ACTIVITY_STATE_CHECK_IN"); + break; + } + case XPC_ACTIVITY_STATE_RUN: { + secdebug("validupdate", "xpc activity state: XPC_ACTIVITY_STATE_RUN"); + if (!xpc_activity_set_state(activity, XPC_ACTIVITY_STATE_CONTINUE)) { + secnotice("validupdate", "unable to set activity state to XPC_ACTIVITY_STATE_CONTINUE"); + } + // criteria for this activity have been met; issue the network request + SecValidUpdateRequestIssue(request); + gUpdateRequestScheduled = 0.0; + if (!xpc_activity_set_state(activity, XPC_ACTIVITY_STATE_DONE)) { + secnotice("validupdate", "unable to set activity state to XPC_ACTIVITY_STATE_DONE"); + } + break; + } + default: { + secdebug("validupdate", "unhandled activity state (%ld)", (long)activityState); + break; + } + } + }); + + return true; +} + +static bool SecValidUpdateRequestConsumeReply(CF_CONSUMED CFDataRef data, CFIndex version, bool save) { + if (!data) { + secnotice("validupdate", "invalid data"); + return false; + } + CFIndex length = CFDataGetLength(data); + secdebug("validupdate", "data received: %ld bytes", (long)length); + + char *curPathBuf = NULL; + if (save) { + checkBasePath(kSecRevocationBasePath); + asprintf(&curPathBuf, "%s/%s.plist.gz", kSecRevocationBasePath, "update-current"); + } + // expand compressed data + CFDataRef inflatedData = copyInflatedData(data); + if (inflatedData) { + CFIndex cmplength = length; + length = CFDataGetLength(inflatedData); + if (curPathBuf) { + uint32_t crc = calculateCrc32(inflatedData); + writeFile(curPathBuf, CFDataGetBytePtr(data), cmplength, crc, (uint32_t)length); + } + CFReleaseSafe(data); + data = inflatedData; + } + secdebug("validupdate", "data expanded: %ld bytes", (long)length); + + // mmap the expanded data while property list object is created + CFPropertyListRef propertyList = NULL; + char *expPathBuf = NULL; + asprintf(&expPathBuf, "%s/%s.plist", kSecRevocationBasePath, "update-current"); + if (expPathBuf) { + writeFile(expPathBuf, CFDataGetBytePtr(data), length, 0, (uint32_t)length); + CFReleaseNull(data); + // no copies of data should exist in memory at this point + int fd = open(expPathBuf, O_RDONLY); + if (fd < 0) { + secerror("unable to open %s (errno %d)", expPathBuf, errno); + } + else { + void *p = mmap(NULL, length, PROT_READ, MAP_PRIVATE, fd, 0); + if (!p || p == MAP_FAILED) { + secerror("unable to map %s (errno %d)", expPathBuf, errno); + } + else { + data = CFDataCreateWithBytesNoCopy(NULL, (const UInt8 *)p, length, kCFAllocatorNull); + if (data) { + propertyList = CFPropertyListCreateWithData(kCFAllocatorDefault, data, + kCFPropertyListImmutable, NULL, NULL); + } + int rtn = munmap(p, length); + if (rtn != 0) { + secerror("unable to unmap %ld bytes at %p (error %d)", (long)length, p, rtn); + } + } + (void)close(fd); + } + // all done with this file + (void)remove(expPathBuf); + free(expPathBuf); + } + CFReleaseSafe(data); + + CFIndex curVersion = version; + Boolean fullUpdate = false; + if (isDictionary(propertyList)) { + if (SecRevocationDbVerifyUpdate((CFDictionaryRef)propertyList)) { + CFTypeRef value = (CFBooleanRef)CFDictionaryGetValue((CFDictionaryRef)propertyList, CFSTR("full")); + if (isBoolean(value)) { + fullUpdate = CFBooleanGetValue((CFBooleanRef)value); + } + curVersion = SecRevocationDbIngestUpdate((CFDictionaryRef)propertyList); + gNextUpdate = SecRevocationDbComputeNextUpdateTime((CFDictionaryRef)propertyList); + } + } else { + secerror("update failed: could not create property list"); + } + CFReleaseSafe(propertyList); + + if (curVersion > version) { + secdebug("validupdate", "update received: v%ld", (unsigned long)curVersion); + // save this update and make it current + char *newPathBuf = NULL; + if (fullUpdate) { + asprintf(&newPathBuf, "%s/update-full.plist.gz", kSecRevocationBasePath); + //%%% glob and remove all "update-v*.plist.gz" files here + } + else { + asprintf(&newPathBuf, "%s/update-v%ld.plist.gz", kSecRevocationBasePath, (unsigned long)curVersion); + } + if (newPathBuf) { + if (curPathBuf) { + if (fullUpdate) { + // try to save the latest full update + (void)rename(curPathBuf, newPathBuf); + } + else { + // try to remove delta updates + (void)remove(curPathBuf); + } + } + free(newPathBuf); + } + gLastVersion = curVersion; + } + if (curPathBuf) { + free(curPathBuf); + } + + // remember next update time in case of restart + SecRevocationDbSetNextUpdateTime(gNextUpdate); + + return true; +} + +static bool SecValidUpdateRequestSatisfiedLocally(SecValidUpdateRequestRef request) { + // if we can read the requested data locally, we don't need a network request. + + // note: only need this if we don't have any version and are starting from scratch. + // otherwise we don't know what the current version actually is; only the server + // can tell us that at any given time, so we have to ask it for any version >0. + // we cannot reuse a saved delta without being on the exact version from which + // it was generated. + // TBD: + // - if requested version N is 0, and no 'update-full' in kSecRevocationBasePath, + // call a OTATrustUtilities SPI to obtain static 'update-full' asset data. + + CFDataRef data = NULL; + char *curPathBuf = NULL; + if (0 == request->version) { + asprintf(&curPathBuf, "%s/update-full.plist.gz", kSecRevocationBasePath); + } + else { + return false; + //asprintf(&curPathBuf, "%s/update-v%ld.plist.gz", kSecRevocationBasePath, (unsigned long)request->version); + } + if (curPathBuf) { + secdebug("validupdate", "will read data from \"%s\"", curPathBuf); + int rtn = readFile(curPathBuf, &data); + free(curPathBuf); + if (rtn) { CFReleaseNull(data); } + } + if (data) { + secdebug("validupdate", "read %ld bytes from file", (long)CFDataGetLength(data)); + //%%% TBD dispatch this work on the request's queue and return true immediately + return SecValidUpdateRequestConsumeReply(data, request->version, false); + } + return false; +} + +static void SecValidUpdateRequestCompleted(asynchttp_t *http, CFTimeInterval maxAge) { + // cast depends on http being first field in struct SecValidUpdateRequest. + SecValidUpdateRequestRef request = (SecValidUpdateRequestRef)http; + if (!request) { + secnotice("validupdate", "no request to complete!"); + return; + } + CFDataRef data = (request->http.response) ? CFHTTPMessageCopyBody(request->http.response) : NULL; + CFIndex version = request->version; + SecValidUpdateRequestRelease(request); + if (!data) { + secdebug("validupdate", "no data received"); + return; + } + SecValidUpdateRequestConsumeReply(data, version, true); +} + + +// MARK: - +// MARK: SecValidInfoRef + +/* ====================================================================== + SecValidInfoRef + ====================================================================== + */ + +static SecValidInfoRef SecValidInfoCreate(SecValidInfoFormat format, + CFOptionFlags flags, + CFDataRef certHash, + CFDataRef issuerHash) { + SecValidInfoRef validInfo; + validInfo = (SecValidInfoRef)calloc(1, sizeof(struct __SecValidInfo)); + if (!validInfo) { return NULL; } + + CFRetainSafe(certHash); + CFRetainSafe(issuerHash); + validInfo->format = format; + validInfo->certHash = certHash; + validInfo->issuerHash = issuerHash; + validInfo->valid = (flags & kSecValidInfoAllowlist); + validInfo->complete = (flags & kSecValidInfoComplete); + validInfo->checkOCSP = (flags & kSecValidInfoCheckOCSP); + validInfo->knownOnly = (flags & kSecValidInfoKnownOnly); + validInfo->requireCT = (flags & kSecValidInfoRequireCT); + + return validInfo; +} + +void SecValidInfoRelease(SecValidInfoRef validInfo) { + if (validInfo) { + CFReleaseSafe(validInfo->certHash); + CFReleaseSafe(validInfo->issuerHash); + free(validInfo); + } +} + + +// MARK: - +// MARK: SecRevocationDb + +/* ====================================================================== + SecRevocationDb + ====================================================================== +*/ + +/* SecRevocationDbCheckNextUpdate returns true if we dispatched an + update request, otherwise false. +*/ +bool SecRevocationDbCheckNextUpdate(void) { + // are we the db owner instance? + if (!isDbOwner()) { + return false; + } + CFTypeRef value = NULL; + + // is it time to check? + CFAbsoluteTime now = CFAbsoluteTimeGetCurrent(); + CFAbsoluteTime minNextUpdate = now + gUpdateInterval; + if (0 == gNextUpdate) { + // first time we're called, check if we have a saved nextUpdate value + gNextUpdate = SecRevocationDbGetNextUpdateTime(); + // pin to minimum first-time interval, so we don't perturb startup + minNextUpdate = now + kSecMinUpdateInterval; + if (gNextUpdate < minNextUpdate) { + gNextUpdate = minNextUpdate; + } + // allow pref to override update interval, if it exists + CFIndex interval = -1; + value = (CFNumberRef)CFPreferencesCopyValue(kUpdateIntervalKey, kSecPrefsDomain, kCFPreferencesAnyUser, kCFPreferencesCurrentHost); + if (isNumber(value)) { + if (CFNumberGetValue((CFNumberRef)value, kCFNumberCFIndexType, &interval)) { + if (interval < kSecMinUpdateInterval) { + interval = kSecMinUpdateInterval; + } else if (interval > kSecMaxUpdateInterval) { + interval = kSecMaxUpdateInterval; + } + } + } + CFReleaseNull(value); + gUpdateInterval = kSecStdUpdateInterval; + if (interval > 0) { + gUpdateInterval = interval; + } + } + if (gNextUpdate > now) { + return false; + } + // set minimum next update time here in case we can't get an update + gNextUpdate = minNextUpdate; + + // determine which server to query + CFStringRef server; + value = (CFStringRef)CFPreferencesCopyValue(kUpdateServerKey, kSecPrefsDomain, kCFPreferencesAnyUser, kCFPreferencesCurrentHost); + if (isString(value)) { + server = (CFStringRef) CFRetain(value); + } else { + server = (CFStringRef) CFRetain(kValidUpdateServer); + } + CFReleaseNull(value); + + // determine what version we currently have + CFIndex version = SecRevocationDbGetVersion(); + secdebug("validupdate", "got version %ld from db", (long)version); + if (version <= 0) { + if (gLastVersion > 0) { + secdebug("validupdate", "error getting version; using last good version: %ld", (long)gLastVersion); + } + version = gLastVersion; + } + + // determine whether we need to recreate the database + CFIndex db_version = SecRevocationDbGetSchemaVersion(); + if (db_version == 1) { + /* code which created this db failed to update changed flags, + so we need to fully rebuild its contents. */ + SecRevocationDbRemoveAllEntries(); + version = gLastVersion = 0; + } + + // determine whether update fetching is enabled +#if (__MAC_OS_X_VERSION_MIN_REQUIRED >= 101300 || __IPHONE_OS_VERSION_MIN_REQUIRED >= 110000) + bool updateEnabled = true; // macOS 10.13 or iOS 11.0, not tvOS, not watchOS +#else + bool updateEnabled = false; +#endif + value = (CFBooleanRef)CFPreferencesCopyValue(kUpdateEnabledKey, kSecPrefsDomain, kCFPreferencesAnyUser, kCFPreferencesCurrentHost); + if (isBoolean(value)) { + updateEnabled = CFBooleanGetValue((CFBooleanRef)value); + } + CFReleaseNull(value); + + // set up a network request + SecValidUpdateRequestRef request = (SecValidUpdateRequestRef)calloc(1, sizeof(*request)); + request->http.queue = SecRevocationDbGetUpdateQueue(); + request->http.completed = SecValidUpdateRequestCompleted; + request->server = server; + request->version = version; + request->criteria = NULL; + + if (SecValidUpdateRequestSatisfiedLocally(request)) { + SecValidUpdateRequestRelease(request); + return true; + } + if (!updateEnabled) { + SecValidUpdateRequestRelease(request); + return false; + } + return SecValidUpdateRequestSchedule(request); +} + +bool SecRevocationDbVerifyUpdate(CFDictionaryRef update) { + + //%%% TBD: check signature with new SecPolicyRef; rdar://28619456 + return true; +} + +CFAbsoluteTime SecRevocationDbComputeNextUpdateTime(CFDictionaryRef update) { + CFIndex interval = 0; + // get server-provided interval + if (update) { + CFTypeRef value = (CFNumberRef)CFDictionaryGetValue(update, CFSTR("check-again")); + if (isNumber(value)) { + CFNumberGetValue((CFNumberRef)value, kCFNumberCFIndexType, &interval); + } + } + // try to use interval preference if it exists + CFTypeRef value = (CFNumberRef)CFPreferencesCopyValue(kUpdateIntervalKey, kSecPrefsDomain, kCFPreferencesAnyUser, kCFPreferencesCurrentHost); + if (isNumber(value)) { + CFNumberGetValue((CFNumberRef)value, kCFNumberCFIndexType, &interval); + } + CFReleaseNull(value); + + // sanity check + if (interval < kSecMinUpdateInterval) { + interval = kSecMinUpdateInterval; + } else if (interval > kSecMaxUpdateInterval) { + interval = kSecMaxUpdateInterval; + } + + // compute randomization factor, between 0 and 50% of the interval + CFIndex fuzz = arc4random() % (long)(interval/2.0); + CFAbsoluteTime nextUpdate = CFAbsoluteTimeGetCurrent() + interval + fuzz; + secdebug("validupdate", "next update in %ld seconds", (long)(interval + fuzz)); + return nextUpdate; +} + +CFIndex SecRevocationDbIngestUpdate(CFDictionaryRef update) { + CFIndex version = 0; + if (!update) { + return version; + } + CFTypeRef value = (CFNumberRef)CFDictionaryGetValue(update, CFSTR("version")); + if (isNumber(value)) { + if (!CFNumberGetValue((CFNumberRef)value, kCFNumberCFIndexType, &version)) { + version = 0; + } + } + SecRevocationDbApplyUpdate(update, version); + + return version; +} + +/* Database management */ + +/* v1 = initial version */ +/* v2 = fix for group entry transitions */ + +#define kSecRevocationDbSchemaVersion 2 + +#define selectGroupIdSQL CFSTR("SELECT DISTINCT groupid " \ +"FROM issuers WHERE issuer_hash=?") + +static SecDbRef SecRevocationDbCreate(CFStringRef path) { + /* only the db owner should open a read-write connection. */ + bool readWrite = isDbOwner(); + mode_t mode = 0644; + + SecDbRef result = SecDbCreateWithOptions(path, mode, readWrite, false, false, ^bool (SecDbConnectionRef dbconn, bool didCreate, bool *callMeAgainForNextConnection, CFErrorRef *error) { + __block bool ok = true; + CFErrorRef localError = NULL; + if (ok && !SecDbWithSQL(dbconn, selectGroupIdSQL, &localError, NULL) && CFErrorGetCode(localError) == SQLITE_ERROR) { + /* SecDbWithSQL returns SQLITE_ERROR if the table we are preparing the above statement for doesn't exist. */ + + /* admin table holds these key-value (or key-ival) pairs: + 'version' (integer) // version of database content + 'check_again' (double) // CFAbsoluteTime of next check (optional; this value is currently stored in prefs) + 'db_version' (integer) // version of database schema + 'db_hash' (blob) // SHA-256 database hash + --> entries in admin table are unique by text key + + issuers table holds map of issuing CA hashes to group identifiers: + issuer_hash (blob) // SHA-256 hash of issuer certificate (primary key) + groupid (integer) // associated group identifier in group ID table + --> entries in issuers table are unique by issuer_hash; + multiple issuer entries may have the same groupid! + + groups table holds records with these attributes: + groupid (integer) // ordinal ID associated with this group entry + flags (integer) // a bitmask of the following values: + kSecValidInfoComplete (0x00000001) set if we have all revocation info for this issuer group + kSecValidInfoCheckOCSP (0x00000002) set if must check ocsp for certs from this issuer group + kSecValidInfoKnownOnly (0x00000004) set if any CA from this issuer group must be in database + kSecValidInfoRequireCT (0x00000008) set if all certs from this issuer group must have SCTs + kSecValidInfoAllowlist (0x00000010) set if this entry describes valid certs (i.e. is allowed) + format (integer) // an integer describing format of entries: + kSecValidInfoFormatUnknown (0) unknown format + kSecValidInfoFormatSerial (1) serial number, not greater than 20 bytes in length + kSecValidInfoFormatSHA256 (2) SHA-256 hash, 32 bytes in length + kSecValidInfoFormatNto1 (3) filter data blob of arbitrary length + data (blob) // Bloom filter data if format is 'nto1', otherwise NULL + --> entries in groups table are unique by groupid + + serials table holds serial number blobs with these attributes: + rowid (integer) // ordinal ID associated with this serial number entry + serial (blob) // serial number + groupid (integer) // identifier for issuer group in the groups table + --> entries in serials table are unique by serial and groupid + + hashes table holds SHA-256 hashes of certificates with these attributes: + rowid (integer) // ordinal ID associated with this sha256 hash entry + sha256 (blob) // SHA-256 hash of subject certificate + groupid (integer) // identifier for issuer group in the groups table + --> entries in hashes table are unique by sha256 and groupid + */ + ok &= SecDbTransaction(dbconn, kSecDbExclusiveTransactionType, error, ^(bool *commit) { + ok = SecDbExec(dbconn, + CFSTR("CREATE TABLE admin(" + "key TEXT PRIMARY KEY NOT NULL," + "ival INTEGER NOT NULL," + "value BLOB" + ");" + "CREATE TABLE issuers(" + "issuer_hash BLOB PRIMARY KEY NOT NULL," + "groupid INTEGER NOT NULL" + ");" + "CREATE INDEX issuer_idx ON issuers(issuer_hash);" + "CREATE TABLE groups(" + "groupid INTEGER PRIMARY KEY AUTOINCREMENT," + "flags INTEGER NOT NULL," + "format INTEGER NOT NULL," + "data BLOB" + ");" + "CREATE TABLE serials(" + "rowid INTEGER PRIMARY KEY AUTOINCREMENT," + "serial BLOB NOT NULL," + "groupid INTEGER NOT NULL," + "UNIQUE(serial,groupid)" + ");" + "CREATE TABLE hashes(" + "rowid INTEGER PRIMARY KEY AUTOINCREMENT," + "sha256 BLOB NOT NULL," + "groupid INTEGER NOT NULL," + "UNIQUE(sha256,groupid)" + ");" + "CREATE TRIGGER group_del BEFORE DELETE ON groups FOR EACH ROW " + "BEGIN " + "DELETE FROM serials WHERE groupid=OLD.groupid; " + "DELETE FROM hashes WHERE groupid=OLD.groupid; " + "DELETE FROM issuers WHERE groupid=OLD.groupid; " + "END;"), error); + *commit = ok; + }); + } + CFReleaseSafe(localError); + if (!ok) + secerror("%s failed: %@", didCreate ? "Create" : "Open", error ? *error : NULL); + return ok; + }); + + return result; +} + +typedef struct __SecRevocationDb *SecRevocationDbRef; +struct __SecRevocationDb { + SecDbRef db; + dispatch_queue_t update_queue; + bool fullUpdateInProgress; +}; + +static dispatch_once_t kSecRevocationDbOnce; +static SecRevocationDbRef kSecRevocationDb = NULL; + +static SecRevocationDbRef SecRevocationDbInit(CFStringRef db_name) { + SecRevocationDbRef this; + dispatch_queue_attr_t attr; + + require(this = (SecRevocationDbRef)malloc(sizeof(struct __SecRevocationDb)), errOut); + this->db = NULL; + this->update_queue = NULL; + this->fullUpdateInProgress = false; + + require(this->db = SecRevocationDbCreate(db_name), errOut); + attr = dispatch_queue_attr_make_with_qos_class(DISPATCH_QUEUE_SERIAL, QOS_CLASS_BACKGROUND, 0); + require(this->update_queue = dispatch_queue_create(NULL, attr), errOut); + + return this; + +errOut: + secdebug("validupdate", "Failed to create db at \"%@\"", db_name); + if (this) { + if (this->update_queue) { + dispatch_release(this->update_queue); + } + CFReleaseSafe(this->db); + free(this); + } + return NULL; +} + +static CFStringRef SecRevocationDbCopyPath(void) { + CFURLRef revDbURL = NULL; + CFStringRef revInfoRelPath = NULL; + if ((revInfoRelPath = CFStringCreateWithFormat(NULL, NULL, CFSTR("%s"), kSecRevocationDbFileName)) != NULL) { + revDbURL = SecCopyURLForFileInRevocationInfoDirectory(revInfoRelPath); + } + CFReleaseSafe(revInfoRelPath); + + CFStringRef revDbPath = NULL; + if (revDbURL) { + revDbPath = CFURLCopyFileSystemPath(revDbURL, kCFURLPOSIXPathStyle); + CFRelease(revDbURL); + } + return revDbPath; +} + +static void SecRevocationDbWith(void(^dbJob)(SecRevocationDbRef db)) { + dispatch_once(&kSecRevocationDbOnce, ^{ + CFStringRef dbPath = SecRevocationDbCopyPath(); + if (dbPath) { + kSecRevocationDb = SecRevocationDbInit(dbPath); + CFRelease(dbPath); + } + }); + // Do pre job run work here (cancel idle timers etc.) + if (kSecRevocationDb->fullUpdateInProgress) { + return; // this would block since SecDb has an exclusive transaction lock + } + dbJob(kSecRevocationDb); + // Do post job run work here (gc timer, etc.) +} + +/* Instance implementation. */ + +#define selectVersionSQL CFSTR("SELECT ival FROM admin " \ +"WHERE key='version'") +#define selectDbVersionSQL CFSTR("SELECT ival FROM admin " \ +"WHERE key='db_version'") +#define selectDbHashSQL CFSTR("SELECT value FROM admin " \ +"WHERE key='db_hash'") +#define selectNextUpdateSQL CFSTR("SELECT value FROM admin " \ +"WHERE key='check_again'") +#define selectGroupRecordSQL CFSTR("SELECT flags,format,data FROM " \ +"groups WHERE groupid=?") +#define selectSerialRecordSQL CFSTR("SELECT rowid FROM serials " \ +"WHERE serial=? AND groupid=?") +#define selectHashRecordSQL CFSTR("SELECT rowid FROM hashes " \ +"WHERE sha256=? AND groupid=?") +#define insertAdminRecordSQL CFSTR("INSERT OR REPLACE INTO admin " \ +"(key,ival,value) VALUES (?,?,?)") +#define insertIssuerRecordSQL CFSTR("INSERT OR REPLACE INTO issuers " \ +"(issuer_hash,groupid) VALUES (?,?)") +#define insertGroupRecordSQL CFSTR("INSERT OR REPLACE INTO groups " \ +"(groupid,flags,format,data) VALUES (?,?,?,?)") +#define insertSerialRecordSQL CFSTR("INSERT OR REPLACE INTO serials " \ +"(rowid,serial,groupid) VALUES (?,?,?)") +#define insertSha256RecordSQL CFSTR("INSERT OR REPLACE INTO hashes " \ +"(rowid,sha256,groupid) VALUES (?,?,?)") +#define deleteGroupRecordSQL CFSTR("DELETE FROM groups WHERE groupid=?") + +#define deleteAllEntriesSQL CFSTR("DELETE from hashes; " \ +"DELETE from serials; DELETE from issuers; DELETE from groups; " \ +"DELETE from admin; DELETE from sqlite_sequence; VACUUM") + +static int64_t _SecRevocationDbGetVersion(SecRevocationDbRef this, CFErrorRef *error) { + /* look up version entry in admin table; returns -1 on error */ + __block int64_t version = -1; + __block bool ok = true; + __block CFErrorRef localError = NULL; + + ok &= SecDbPerformRead(this->db, &localError, ^(SecDbConnectionRef dbconn) { + if (ok) ok &= SecDbWithSQL(dbconn, selectVersionSQL, &localError, ^bool(sqlite3_stmt *selectVersion) { + ok = SecDbStep(dbconn, selectVersion, &localError, NULL); + version = sqlite3_column_int64(selectVersion, 0); + return ok; + }); + }); + (void) CFErrorPropagate(localError, error); + return version; +} + +static void _SecRevocationDbSetVersion(SecRevocationDbRef this, CFIndex version){ + secdebug("validupdate", "setting version to %ld", (long)version); + + __block CFErrorRef localError = NULL; + __block bool ok = true; + ok &= SecDbPerformWrite(this->db, &localError, ^(SecDbConnectionRef dbconn) { + ok &= SecDbTransaction(dbconn, kSecDbExclusiveTransactionType, &localError, ^(bool *commit) { + if (ok) ok = SecDbWithSQL(dbconn, insertAdminRecordSQL, &localError, ^bool(sqlite3_stmt *insertVersion) { + if (ok) { + const char *versionKey = "version"; + ok = SecDbBindText(insertVersion, 1, versionKey, strlen(versionKey), + SQLITE_TRANSIENT, &localError); + } + if (ok) { + ok = SecDbBindInt64(insertVersion, 2, + (sqlite3_int64)version, &localError); + } + if (ok) { + ok = SecDbStep(dbconn, insertVersion, &localError, NULL); + } + return ok; + }); + }); + }); + if (!ok) { + secerror("_SecRevocationDbSetVersion failed: %@", localError); + } + CFReleaseSafe(localError); +} + +static int64_t _SecRevocationDbGetSchemaVersion(SecRevocationDbRef this, CFErrorRef *error) { + /* look up db_version entry in admin table; returns -1 on error */ + __block int64_t db_version = -1; + __block bool ok = true; + __block CFErrorRef localError = NULL; + + ok &= SecDbPerformRead(this->db, &localError, ^(SecDbConnectionRef dbconn) { + if (ok) ok &= SecDbWithSQL(dbconn, selectDbVersionSQL, &localError, ^bool(sqlite3_stmt *selectDbVersion) { + ok = SecDbStep(dbconn, selectDbVersion, &localError, NULL); + db_version = sqlite3_column_int64(selectDbVersion, 0); + return ok; + }); + }); + (void) CFErrorPropagate(localError, error); + return db_version; +} + +static void _SecRevocationDbSetSchemaVersion(SecRevocationDbRef this, CFIndex dbversion){ + secdebug("validupdate", "setting db_version to %ld", (long)dbversion); + + __block CFErrorRef localError = NULL; + __block bool ok = true; + ok &= SecDbPerformWrite(this->db, &localError, ^(SecDbConnectionRef dbconn) { + ok &= SecDbTransaction(dbconn, kSecDbExclusiveTransactionType, &localError, ^(bool *commit) { + if (ok) ok = SecDbWithSQL(dbconn, insertAdminRecordSQL, &localError, ^bool(sqlite3_stmt *insertDbVersion) { + if (ok) { + const char *dbVersionKey = "db_version"; + ok = SecDbBindText(insertDbVersion, 1, dbVersionKey, strlen(dbVersionKey), + SQLITE_TRANSIENT, &localError); + } + if (ok) { + ok = SecDbBindInt64(insertDbVersion, 2, + (sqlite3_int64)dbversion, &localError); + } + if (ok) { + ok = SecDbStep(dbconn, insertDbVersion, &localError, NULL); + } + return ok; + }); + }); + }); + if (!ok) { + secerror("_SecRevocationDbSetSchemaVersion failed: %@", localError); + } + CFReleaseSafe(localError); +} + +static CFAbsoluteTime _SecRevocationDbGetNextUpdateTime(SecRevocationDbRef this, CFErrorRef *error) { + /* look up check_again entry in admin table; returns 0 on error */ + __block CFAbsoluteTime nextUpdate = 0; + __block bool ok = true; + __block CFErrorRef localError = NULL; + + ok &= SecDbPerformRead(this->db, &localError, ^(SecDbConnectionRef dbconn) { + if (ok) ok &= SecDbWithSQL(dbconn, selectNextUpdateSQL, &localError, ^bool(sqlite3_stmt *selectNextUpdate) { + ok = SecDbStep(dbconn, selectNextUpdate, &localError, NULL); + CFAbsoluteTime *p = (CFAbsoluteTime *)sqlite3_column_blob(selectNextUpdate, 0); + if (p != NULL) { + if (sizeof(CFAbsoluteTime) == sqlite3_column_bytes(selectNextUpdate, 0)) { + nextUpdate = *p; + } + } + return ok; + }); + }); + + (void) CFErrorPropagate(localError, error); + return nextUpdate; +} + +static void _SecRevocationDbSetNextUpdateTime(SecRevocationDbRef this, CFAbsoluteTime nextUpdate){ + secdebug("validupdate", "setting next update to %f", (double)nextUpdate); + + __block CFErrorRef localError = NULL; + __block bool ok = true; + ok &= SecDbPerformWrite(this->db, &localError, ^(SecDbConnectionRef dbconn) { + ok &= SecDbTransaction(dbconn, kSecDbExclusiveTransactionType, &localError, ^(bool *commit) { + if (ok) ok = SecDbWithSQL(dbconn, insertAdminRecordSQL, &localError, ^bool(sqlite3_stmt *insertRecord) { + if (ok) { + const char *nextUpdateKey = "check_again"; + ok = SecDbBindText(insertRecord, 1, nextUpdateKey, strlen(nextUpdateKey), + SQLITE_TRANSIENT, &localError); + } + if (ok) { + ok = SecDbBindInt64(insertRecord, 2, + (sqlite3_int64)0, &localError); + } + if (ok) { + ok = SecDbBindBlob(insertRecord, 3, + &nextUpdate, sizeof(CFAbsoluteTime), + SQLITE_TRANSIENT, &localError); + } + if (ok) { + ok = SecDbStep(dbconn, insertRecord, &localError, NULL); + } + return ok; + }); + }); + }); + if (!ok) { + secerror("_SecRevocationDbSetNextUpdate failed: %@", localError); + } + CFReleaseSafe(localError); +} + +static bool _SecRevocationDbRemoveAllEntries(SecRevocationDbRef this) { + /* remove all entries from all tables in the database */ + __block bool ok = true; + __block CFErrorRef localError = NULL; + + ok &= SecDbPerformWrite(this->db, &localError, ^(SecDbConnectionRef dbconn) { + ok &= SecDbTransaction(dbconn, kSecDbExclusiveTransactionType, &localError, ^(bool *commit) { + ok &= SecDbWithSQL(dbconn, deleteAllEntriesSQL, &localError, ^bool(sqlite3_stmt *deleteAll) { + ok = SecDbStep(dbconn, deleteAll, &localError, NULL); + return ok; + }); + }); + }); + /* one more thing: update the schema version */ + _SecRevocationDbSetSchemaVersion(this, kSecRevocationDbSchemaVersion); + + CFReleaseSafe(localError); + return ok; +} + +static bool _SecRevocationDbUpdateIssuers(SecRevocationDbRef this, int64_t groupId, CFArrayRef issuers, CFErrorRef *error) { + /* insert or replace issuer records in issuers table */ + if (!issuers || groupId < 0) { + return false; /* must have something to insert, and a group to associate with it */ + } + __block bool ok = true; + __block CFErrorRef localError = NULL; + + ok &= SecDbPerformWrite(this->db, &localError, ^(SecDbConnectionRef dbconn) { + ok &= SecDbTransaction(dbconn, kSecDbExclusiveTransactionType, &localError, ^(bool *commit) { + if (isArray(issuers)) { + CFIndex issuerIX, issuerCount = CFArrayGetCount(issuers); + for (issuerIX=0; issuerIXdb, &localError, ^(SecDbConnectionRef dbconn) { + ok &= SecDbTransaction(dbconn, kSecDbExclusiveTransactionType, &localError, ^(bool *commit) { + CFArrayRef addArray = (CFArrayRef)CFDictionaryGetValue(dict, CFSTR("add")); + if (isArray(addArray)) { + CFIndex identifierIX, identifierCount = CFArrayGetCount(addArray); + for (identifierIX=0; identifierIXdb, &localError, ^(SecDbConnectionRef dbconn) { + ok &= SecDbTransaction(dbconn, kSecDbExclusiveTransactionType, &localError, ^(bool *commit) { + ok &= SecDbWithSQL(dbconn, insertGroupRecordSQL, &localError, ^bool(sqlite3_stmt *insertGroup) { + CFTypeRef value; + SecValidInfoFormat format = kSecValidInfoFormatUnknown; + /* (groupid,flags,format,data) */ + /* groups.groupid */ + if (ok && !(groupId < 0)) { + /* bind to existing groupId row if known, otherwise will insert and autoincrement */ + ok = SecDbBindInt64(insertGroup, 1, groupId, &localError); + } + /* groups.flags */ + if (ok) { + int flags = 0; + value = (CFBooleanRef)CFDictionaryGetValue(dict, CFSTR("complete")); + if (isBoolean(value)) { + if (CFBooleanGetValue((CFBooleanRef)value)) { + flags |= kSecValidInfoComplete; + } + } + value = (CFBooleanRef)CFDictionaryGetValue(dict, CFSTR("check-ocsp")); + if (isBoolean(value)) { + if (CFBooleanGetValue((CFBooleanRef)value)) { + flags |= kSecValidInfoCheckOCSP; + } + } + value = (CFBooleanRef)CFDictionaryGetValue(dict, CFSTR("known-intermediates-only")); + if (isBoolean(value)) { + if (CFBooleanGetValue((CFBooleanRef)value)) { + flags |= kSecValidInfoKnownOnly; + } + } + value = (CFBooleanRef)CFDictionaryGetValue(dict, CFSTR("require-ct")); + if (isBoolean(value)) { + if (CFBooleanGetValue((CFBooleanRef)value)) { + flags |= kSecValidInfoRequireCT; + } + } + value = (CFBooleanRef)CFDictionaryGetValue(dict, CFSTR("valid")); + if (isBoolean(value)) { + if (CFBooleanGetValue((CFBooleanRef)value)) { + flags |= kSecValidInfoAllowlist; + } + } + ok = SecDbBindInt(insertGroup, 2, flags, &localError); + } + /* groups.format */ + if (ok) { + value = (CFBooleanRef)CFDictionaryGetValue(dict, CFSTR("format")); + if (isString(value)) { + if (CFStringCompare((CFStringRef)value, CFSTR("serial"), 0) == kCFCompareEqualTo) { + format = kSecValidInfoFormatSerial; + } else if (CFStringCompare((CFStringRef)value, CFSTR("sha256"), 0) == kCFCompareEqualTo) { + format = kSecValidInfoFormatSHA256; + } else if (CFStringCompare((CFStringRef)value, CFSTR("nto1"), 0) == kCFCompareEqualTo) { + format = kSecValidInfoFormatNto1; + } + } + ok = SecDbBindInt(insertGroup, 3, (int)format, &localError); + } + /* groups.data */ + CFDataRef xmlData = NULL; + if (ok && format == kSecValidInfoFormatNto1) { + CFMutableDictionaryRef nto1 = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, + &kCFTypeDictionaryKeyCallBacks, + &kCFTypeDictionaryValueCallBacks); + value = (CFDataRef)CFDictionaryGetValue(dict, CFSTR("xor")); + if (isData(value)) { + CFDictionaryAddValue(nto1, CFSTR("xor"), value); + } + value = (CFArrayRef)CFDictionaryGetValue(dict, CFSTR("params")); + if (isArray(value)) { + CFDictionaryAddValue(nto1, CFSTR("params"), value); + } + xmlData = CFPropertyListCreateData(kCFAllocatorDefault, nto1, + kCFPropertyListXMLFormat_v1_0, 0, &localError); + CFReleaseSafe(nto1); + + if (xmlData) { + // compress the xmlData blob, if possible + CFDataRef deflatedData = copyDeflatedData(xmlData); + if (deflatedData) { + if (CFDataGetLength(deflatedData) < CFDataGetLength(xmlData)) { + CFRelease(xmlData); + xmlData = deflatedData; + } + else { + CFRelease(deflatedData); + } + } + ok = SecDbBindBlob(insertGroup, 4, + CFDataGetBytePtr(xmlData), + CFDataGetLength(xmlData), + SQLITE_TRANSIENT, &localError); + } + } + + /* Execute the insert statement for the group record. */ + if (ok) { + ok = SecDbStep(dbconn, insertGroup, &localError, NULL); + result = (int64_t)sqlite3_last_insert_rowid(SecDbHandle(dbconn)); + } + if (!ok) { + secdebug("validupdate", "Failed to insert group %ld", (long)result); + } + /* Clean up temporary allocation made in this block. */ + CFReleaseSafe(xmlData); + return ok; + }); + }); + }); + + (void) CFErrorPropagate(localError, error); + return result; +} + +static int64_t _SecRevocationDbGroupIdForIssuerHash(SecRevocationDbRef this, CFDataRef hash, CFErrorRef *error) { + /* look up issuer hash in issuers table to get groupid, if it exists */ + __block int64_t groupId = -1; + __block bool ok = true; + __block CFErrorRef localError = NULL; + + require(hash, errOut); + + /* This is the starting point for any lookup; find a group id for the given issuer hash. + Before we do that, need to verify the current db_version. We cannot use results from a + database created with schema version 1. At the next database update interval, + we'll be removing and recreating the database contents with the current schema version. + */ + int64_t db_version = _SecRevocationDbGetSchemaVersion(this, NULL); + require(db_version > 1, errOut); + + /* Look up provided issuer_hash in the issuers table. + */ + ok &= SecDbPerformRead(this->db, &localError, ^(SecDbConnectionRef dbconn) { + ok &= SecDbWithSQL(dbconn, selectGroupIdSQL, &localError, ^bool(sqlite3_stmt *selectGroupId) { + ok = SecDbBindBlob(selectGroupId, 1, CFDataGetBytePtr(hash), CFDataGetLength(hash), SQLITE_TRANSIENT, &localError); + ok &= SecDbStep(dbconn, selectGroupId, &localError, ^(bool *stopGroupId) { + groupId = sqlite3_column_int64(selectGroupId, 0); + }); + return ok; + }); + }); + +errOut: + (void) CFErrorPropagate(localError, error); + return groupId; +} + +static bool _SecRevocationDbApplyGroupDelete(SecRevocationDbRef this, CFDataRef issuerHash, CFErrorRef *error) { + /* delete group associated with the given issuer; + schema trigger will delete associated issuers, serials, and hashes. */ + __block int64_t groupId = -1; + __block bool ok = true; + __block CFErrorRef localError = NULL; + + groupId = _SecRevocationDbGroupIdForIssuerHash(this, issuerHash, &localError); + require(!(groupId < 0), errOut); + + ok &= SecDbPerformWrite(this->db, &localError, ^(SecDbConnectionRef dbconn) { + ok &= SecDbTransaction(dbconn, kSecDbExclusiveTransactionType, &localError, ^(bool *commit) { + ok = SecDbWithSQL(dbconn, deleteGroupRecordSQL, &localError, ^bool(sqlite3_stmt *deleteResponse) { + ok = SecDbBindInt64(deleteResponse, 1, groupId, &localError); + /* Execute the delete statement. */ + if (ok) { + ok = SecDbStep(dbconn, deleteResponse, &localError, NULL); + } + return ok; + }); + }); + }); + +errOut: + (void) CFErrorPropagate(localError, error); + return (groupId < 0) ? false : true; +} + +static bool _SecRevocationDbApplyGroupUpdate(SecRevocationDbRef this, CFDictionaryRef dict, CFErrorRef *error) { + /* process one issuer group's update dictionary */ + int64_t groupId = -1; + CFErrorRef localError = NULL; + + CFArrayRef issuers = (dict) ? (CFArrayRef)CFDictionaryGetValue(dict, CFSTR("issuer-hash")) : NULL; + if (isArray(issuers)) { + CFIndex issuerIX, issuerCount = CFArrayGetCount(issuers); + /* while we have issuers and haven't found a matching group id */ + for (issuerIX=0; issuerIXupdate_queue, ^{ + + CFTypeRef value; + CFIndex deleteCount = 0; + CFIndex updateCount = 0; + + /* check whether this is a full update */ + this->fullUpdateInProgress = false; + value = (CFBooleanRef)CFDictionaryGetValue(update, CFSTR("full")); + if (isBoolean(value)) { + this->fullUpdateInProgress = CFBooleanGetValue((CFBooleanRef)value); + } + + /* process 'delete' list */ + value = (CFArrayRef)CFDictionaryGetValue(localUpdate, CFSTR("delete")); + if (isArray(value)) { + deleteCount = CFArrayGetCount((CFArrayRef)value); + secdebug("validupdate", "processing %ld deletes", (long)deleteCount); + for (CFIndex deleteIX=0; deleteIXdb, &localError, ^(SecDbConnectionRef dbconn) { + SecDbTransaction(dbconn, kSecDbExclusiveTransactionType, &localError, ^(bool *commit) { + SecDbExec(dbconn, CFSTR("VACUUM;"), &localError); + CFReleaseNull(localError); + }); + }); + this->fullUpdateInProgress = false; + + }); +} + +static bool _SecRevocationDbSerialInGroup(SecRevocationDbRef this, + CFDataRef serial, + int64_t groupId, + CFErrorRef *error) { + __block bool result = false; + __block bool ok = true; + __block CFErrorRef localError = NULL; + require(this && serial, errOut); + ok &= SecDbPerformRead(this->db, &localError, ^(SecDbConnectionRef dbconn) { + ok &= SecDbWithSQL(dbconn, selectSerialRecordSQL, &localError, ^bool(sqlite3_stmt *selectSerial) { + ok &= SecDbBindBlob(selectSerial, 1, CFDataGetBytePtr(serial), + CFDataGetLength(serial), SQLITE_TRANSIENT, &localError); + ok &= SecDbBindInt64(selectSerial, 2, groupId, &localError); + ok &= SecDbStep(dbconn, selectSerial, &localError, ^(bool *stop) { + int64_t foundRowId = (int64_t)sqlite3_column_int64(selectSerial, 0); + result = (foundRowId > 0); + }); + return ok; + }); + }); + +errOut: + (void) CFErrorPropagate(localError, error); + return result; +} + +static bool _SecRevocationDbCertHashInGroup(SecRevocationDbRef this, + CFDataRef certHash, + int64_t groupId, + CFErrorRef *error) { + __block bool result = false; + __block bool ok = true; + __block CFErrorRef localError = NULL; + require(this && certHash, errOut); + ok &= SecDbPerformRead(this->db, &localError, ^(SecDbConnectionRef dbconn) { + ok &= SecDbWithSQL(dbconn, selectHashRecordSQL, &localError, ^bool(sqlite3_stmt *selectHash) { + ok = SecDbBindBlob(selectHash, 1, CFDataGetBytePtr(certHash), + CFDataGetLength(certHash), SQLITE_TRANSIENT, &localError); + ok &= SecDbBindInt64(selectHash, 2, groupId, &localError); + ok &= SecDbStep(dbconn, selectHash, &localError, ^(bool *stop) { + int64_t foundRowId = (int64_t)sqlite3_column_int64(selectHash, 0); + result = (foundRowId > 0); + }); + return ok; + }); + }); + +errOut: + (void) CFErrorPropagate(localError, error); + return result; +} + +static bool _SecRevocationDbSerialInFilter(SecRevocationDbRef this, + CFDataRef serialData, + CFDataRef xmlData) { + /* N-To-1 filter implementation. + The 'xmlData' parameter is a flattened XML dictionary, + containing 'xor' and 'params' keys. First order of + business is to reconstitute the blob into components. + */ + bool result = false; + CFRetainSafe(xmlData); + CFDataRef propListData = xmlData; + /* Expand data blob if needed */ + CFDataRef inflatedData = copyInflatedData(propListData); + if (inflatedData) { + CFReleaseSafe(propListData); + propListData = inflatedData; + } + CFDataRef xor = NULL; + CFArrayRef params = NULL; + CFPropertyListRef nto1 = CFPropertyListCreateWithData(kCFAllocatorDefault, propListData, 0, NULL, NULL); + if (nto1) { + xor = (CFDataRef)CFDictionaryGetValue((CFDictionaryRef)nto1, CFSTR("xor")); + params = (CFArrayRef)CFDictionaryGetValue((CFDictionaryRef)nto1, CFSTR("params")); + } + uint8_t *hash = (xor) ? (uint8_t*)CFDataGetBytePtr(xor) : NULL; + CFIndex hashLen = (hash) ? CFDataGetLength(xor) : 0; + uint8_t *serial = (serialData) ? (uint8_t*)CFDataGetBytePtr(serialData) : NULL; + CFIndex serialLen = (serial) ? CFDataGetLength(serialData) : 0; + + require(hash && serial && params, errOut); + + const uint32_t FNV_OFFSET_BASIS = 2166136261; + const uint32_t FNV_PRIME = 16777619; + bool notInHash = false; + CFIndex ix, count = CFArrayGetCount(params); + for (ix = 0; ix < count; ix++) { + int32_t param; + CFNumberRef cfnum = (CFNumberRef)CFArrayGetValueAtIndex(params, ix); + if (!isNumber(cfnum) || + !CFNumberGetValue(cfnum, kCFNumberSInt32Type, ¶m)) { + secinfo("validupdate", "error processing filter params at index %ld", (long)ix); + continue; + } + /* process one param */ + uint32_t hval = FNV_OFFSET_BASIS ^ param; + CFIndex i = serialLen; + while (i > 0) { + hval = ((hval ^ (serial[--i])) * FNV_PRIME) & 0xFFFFFFFF; + } + hval = hval % (hashLen * 8); + if ((hash[hval/8] & (1 << (hval % 8))) == 0) { + notInHash = true; /* definitely not in hash */ + break; + } + } + if (!notInHash) { + /* probabilistically might be in hash if we get here. */ + result = true; + } + +errOut: + CFReleaseSafe(nto1); + CFReleaseSafe(propListData); + return result; +} + +static SecValidInfoRef _SecRevocationDbValidInfoForCertificate(SecRevocationDbRef this, + SecCertificateRef certificate, + CFDataRef issuerHash, + CFErrorRef *error) { + __block CFErrorRef localError = NULL; + __block bool ok = true; + __block int flags = 0; + __block SecValidInfoFormat format = kSecValidInfoFormatUnknown; + __block CFDataRef data = NULL; + + bool matched = false; + int64_t groupId = 0; + CFDataRef serial = NULL; + CFDataRef certHash = NULL; + SecValidInfoRef result = NULL; + +#if TARGET_OS_OSX + require(serial = SecCertificateCopySerialNumber(certificate, NULL), errOut); +#else + require(serial = SecCertificateCopySerialNumber(certificate), errOut); +#endif + require(certHash = SecCertificateCopySHA256Digest(certificate), errOut); + + require(groupId = _SecRevocationDbGroupIdForIssuerHash(this, issuerHash, &localError), errOut); + + /* Select the group record to determine flags and format. */ + ok &= SecDbPerformRead(this->db, &localError, ^(SecDbConnectionRef dbconn) { + ok &= SecDbWithSQL(dbconn, selectGroupRecordSQL, &localError, ^bool(sqlite3_stmt *selectGroup) { + ok = SecDbBindInt64(selectGroup, 1, groupId, &localError); + ok &= SecDbStep(dbconn, selectGroup, &localError, ^(bool *stop) { + flags = (int)sqlite3_column_int(selectGroup, 0); + format = (SecValidInfoFormat)sqlite3_column_int(selectGroup, 1); + uint8_t *p = (uint8_t *)sqlite3_column_blob(selectGroup, 2); + if (p != NULL && format == kSecValidInfoFormatNto1) { + CFIndex length = (CFIndex)sqlite3_column_bytes(selectGroup, 2); + data = CFDataCreate(kCFAllocatorDefault, p, length); + } + }); + return ok; + }); + }); + + if (format == kSecValidInfoFormatUnknown) { + /* No group record found for this issuer. */ + } + else if (format == kSecValidInfoFormatSerial) { + /* Look up certificate's serial number in the serials table. */ + matched = _SecRevocationDbSerialInGroup(this, serial, groupId, &localError); + } + else if (format == kSecValidInfoFormatSHA256) { + /* Look up certificate's SHA-256 hash in the hashes table. */ + matched = _SecRevocationDbCertHashInGroup(this, certHash, groupId, &localError); + } + else if (format == kSecValidInfoFormatNto1) { + /* Perform a Bloom filter match against the serial. If matched is false, + then the cert is definitely not in the list. But if matched is true, + we don't know for certain, so we would need to check OCSP. */ + matched = _SecRevocationDbSerialInFilter(this, serial, data); + } + + if (matched) { + /* Always return SecValidInfo for a matched certificate. */ + secdebug("validupdate", "Valid db matched cert: %@, format=%d, flags=%d", + certHash, format, flags); + result = SecValidInfoCreate(format, flags, certHash, issuerHash); + } + else if ((flags & kSecValidInfoComplete) && (flags & kSecValidInfoAllowlist)) { + /* Not matching against a complete whitelist is equivalent to revocation. */ + secdebug("validupdate", "Valid db did NOT match cert on allowlist: %@, format=%d, flags=%d", + certHash, format, flags); + result = SecValidInfoCreate(format, flags, certHash, issuerHash); + } + + if (result && SecIsAppleTrustAnchor(certificate, 0)) { + /* Prevent a catch-22. */ + secdebug("validupdate", "Valid db match for Apple trust anchor: %@, format=%d, flags=%d", + certHash, format, flags); + SecValidInfoRelease(result); + result = NULL; + } + +errOut: + (void) CFErrorPropagate(localError, error); + CFReleaseSafe(data); + CFReleaseSafe(certHash); + CFReleaseSafe(serial); + return result; +} + +static SecValidInfoRef _SecRevocationDbCopyMatching(SecRevocationDbRef db, + SecCertificateRef certificate, + SecCertificateRef issuer) { + SecValidInfoRef result = NULL; + CFErrorRef error = NULL; + CFDataRef issuerHash = NULL; + + require(certificate && issuer, errOut); + require(issuerHash = SecCertificateCopySHA256Digest(issuer), errOut); + + result = _SecRevocationDbValidInfoForCertificate(db, certificate, issuerHash, &error); + +errOut: + CFReleaseSafe(issuerHash); + CFReleaseSafe(error); + return result; +} + +static dispatch_queue_t _SecRevocationDbGetUpdateQueue(SecRevocationDbRef this) { + return (this) ? this->update_queue : NULL; +} + + +/* Given a valid update dictionary, insert/replace or delete records + in the revocation database. (This function is expected to be called only + by the database maintainer, normally the system instance of trustd.) +*/ +void SecRevocationDbApplyUpdate(CFDictionaryRef update, CFIndex version) { + SecRevocationDbWith(^(SecRevocationDbRef db) { + _SecRevocationDbApplyUpdate(db, update, version); + }); +} + +/* Set the schema version for the revocation database. + (This function is expected to be called only by the database maintainer, + normally the system instance of trustd.) +*/ +void SecRevocationDbSetSchemaVersion(CFIndex db_version) { + SecRevocationDbWith(^(SecRevocationDbRef db) { + _SecRevocationDbSetSchemaVersion(db, db_version); + }); +} + +/* Set the next update value for the revocation database. + (This function is expected to be called only by the database + maintainer, normally the system instance of trustd. If the + caller does not have write access, this is a no-op.) +*/ +void SecRevocationDbSetNextUpdateTime(CFAbsoluteTime nextUpdate) { + SecRevocationDbWith(^(SecRevocationDbRef db) { + _SecRevocationDbSetNextUpdateTime(db, nextUpdate); + }); +} + +/* Return the next update value as a CFAbsoluteTime. + If the value cannot be obtained, -1 is returned. +*/ +CFAbsoluteTime SecRevocationDbGetNextUpdateTime(void) { + __block CFAbsoluteTime result = -1; + SecRevocationDbWith(^(SecRevocationDbRef db) { + result = _SecRevocationDbGetNextUpdateTime(db, NULL); + }); + return result; +} + +/* Return the serial background queue for database updates. + If the queue cannot be obtained, NULL is returned. +*/ +dispatch_queue_t SecRevocationDbGetUpdateQueue(void) { + __block dispatch_queue_t result = NULL; + SecRevocationDbWith(^(SecRevocationDbRef db) { + result = _SecRevocationDbGetUpdateQueue(db); + }); + return result; +} + +/* Remove all entries in the revocation database and reset its version to 0. + (This function is expected to be called only by the database maintainer, + normally the system instance of trustd.) +*/ +void SecRevocationDbRemoveAllEntries(void) { + SecRevocationDbWith(^(SecRevocationDbRef db) { + _SecRevocationDbRemoveAllEntries(db); + }); +} + +/* === Public API === */ + +/* Given a certificate and its issuer, returns a SecValidInfoRef if the + valid database contains matching info; otherwise returns NULL. + Caller must release the returned SecValidInfoRef by calling + SecValidInfoRelease when finished. +*/ +SecValidInfoRef SecRevocationDbCopyMatching(SecCertificateRef certificate, + SecCertificateRef issuer) { + __block SecValidInfoRef result = NULL; + SecRevocationDbWith(^(SecRevocationDbRef db) { + result = _SecRevocationDbCopyMatching(db, certificate, issuer); + }); + return result; +} + +/* Return the current version of the revocation database. + A version of 0 indicates an empty database which must be populated. + If the version cannot be obtained, -1 is returned. +*/ +CFIndex SecRevocationDbGetVersion(void) { + __block CFIndex result = -1; + SecRevocationDbWith(^(SecRevocationDbRef db) { + result = (CFIndex)_SecRevocationDbGetVersion(db, NULL); + }); + return result; +} + +/* Return the current schema version of the revocation database. + A version of 0 indicates an empty database which must be populated. + If the schema version cannot be obtained, -1 is returned. +*/ +CFIndex SecRevocationDbGetSchemaVersion(void) { + __block CFIndex result = -1; + SecRevocationDbWith(^(SecRevocationDbRef db) { + result = (CFIndex)_SecRevocationDbGetSchemaVersion(db, NULL); + }); + return result; +} diff --git a/OSX/sec/securityd/SecRevocationDb.h b/OSX/sec/securityd/SecRevocationDb.h new file mode 100644 index 00000000..24808cc6 --- /dev/null +++ b/OSX/sec/securityd/SecRevocationDb.h @@ -0,0 +1,109 @@ +/* + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + * + */ + +/*! + @header SecRevocationDb + The functions in SecRevocationDb.h provide an interface to look up + revocation information, and refresh that information periodically. + */ + +#ifndef _SECURITY_SECREVOCATIONDB_H_ +#define _SECURITY_SECREVOCATIONDB_H_ + +#include +#include +#include +#include +#include +#include + +__BEGIN_DECLS + +/* issuer group data format */ +typedef CF_ENUM(uint32_t, SecValidInfoFormat) { + kSecValidInfoFormatUnknown = 0, + kSecValidInfoFormatSerial = 1, + kSecValidInfoFormatSHA256 = 2, + kSecValidInfoFormatNto1 = 3 +}; + +/*! + @typedef SecValidInfoRef + @abstract Object used to return valid info lookup results. + */ +typedef struct __SecValidInfo *SecValidInfoRef; + +struct __SecValidInfo { + SecValidInfoFormat format; // format of per-issuer validity data + CFDataRef certHash; // SHA-256 hash of cert to which the following info applies + CFDataRef issuerHash; // SHA-256 hash of issuing CA certificate + bool valid; // true if found on allow list, false if on block list + bool complete; // true if list is complete (i.e. status is definitive) + bool checkOCSP; // true if complete is false and OCSP check is required + bool knownOnly; // true if all intermediates under issuer must be found in database + bool requireCT; // true if this cert must have CT proof +}; + +/*! + @function SecValidInfoRelease + @abstract Releases a SecValidInfo reference previously obtained from a call to SecRevocationDbCopyMatching. + @param validInfo The SecValidInfo reference to be released. + */ +void SecValidInfoRelease(SecValidInfoRef validInfo); + +/*! + @function SecRevocationDbCheckNextUpdate + @abstract Periodic hook to poll for updates. + @result A boolean value indicating whether an update check was dispatched. + */ +bool SecRevocationDbCheckNextUpdate(void); + +/*! + @function SecRevocationDbCopyMatching + @abstract Returns a SecValidInfo reference if matching revocation (or allow list) info was found. + @param certificate The certificate whose validity status is being requested. + @param issuer The issuing CA certificate. If the cert is self-signed, the same reference should be passed in both certificate and issuer parameters. Omitting either cert parameter is an error and NULL will be returned. + @result A SecValidInfoRef if there was matching revocation info. Caller must release this reference when finished by calling SecValidInfoRelease. NULL is returned if no matching info was found in the database. + */ +SecValidInfoRef SecRevocationDbCopyMatching(SecCertificateRef certificate, + SecCertificateRef issuer); + +/*! + @function SecRevocationDbGetVersion + @abstract Returns a CFIndex containing the version number of the database. + @result On success, the returned version will be a value greater than or equal to zero. A version of 0 indicates an empty database which has yet to be populated. If the version cannot be obtained, -1 is returned. + */ +CFIndex SecRevocationDbGetVersion(void); + +/*! + @function SecRevocationDbGetSchemaVersion + @abstract Returns a CFIndex containing the schema version number of the database. + @result On success, the returned version will be a value greater than or equal to zero. A version of 0 indicates an empty database which has yet to be populated. If the version cannot be obtained, -1 is returned. + */ +CFIndex SecRevocationDbGetSchemaVersion(void); + + +__END_DECLS + +#endif /* _SECURITY_SECREVOCATIONDB_H_ */ diff --git a/SecurityTests/regressions/test/testcssm.h b/OSX/sec/securityd/SecTrustLoggingServer.c similarity index 75% rename from SecurityTests/regressions/test/testcssm.h rename to OSX/sec/securityd/SecTrustLoggingServer.c index 2e4c2914..16c771eb 100644 --- a/SecurityTests/regressions/test/testcssm.h +++ b/OSX/sec/securityd/SecTrustLoggingServer.c @@ -1,15 +1,15 @@ /* - * Copyright (c) 2005 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2016 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -17,14 +17,12 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_LICENSE_HEADER_END@ * - * cssmlib.h + * SecTrustLoggingServer.c - logging for certificate trust evaluation engine + * */ -#include +#include "SecTrustLoggingServer.h" -extern const CSSM_API_MEMORY_FUNCS gMemFuncs; -extern int cssm_attach(const CSSM_GUID *guid, CSSM_HANDLE *handle); -extern int cssm_detach(const CSSM_GUID *guid, CSSM_HANDLE handle); diff --git a/SecurityFeatures/iOS/SecurityFeatures.h b/OSX/sec/securityd/SecTrustLoggingServer.h similarity index 74% rename from SecurityFeatures/iOS/SecurityFeatures.h rename to OSX/sec/securityd/SecTrustLoggingServer.h index 9315e7b4..3ddf013c 100644 --- a/SecurityFeatures/iOS/SecurityFeatures.h +++ b/OSX/sec/securityd/SecTrustLoggingServer.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015 Apple Inc. All Rights Reserved. + * Copyright (c) 2016 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * @@ -19,14 +19,13 @@ * limitations under the License. * * @APPLE_LICENSE_HEADER_END@ + * + * SecTrustLoggingServer.h - logging for certificate trust evaluation engine + * */ -/* - * What features are enabled for this platform, used so that - * header files can be shared between the the different platforms - */ +#ifndef _SECURITY_SECTRUSTLOGGINGSERVER_H_ +#define _SECURITY_SECTRUSTLOGGINGSERVER_H_ -#ifndef SECURITY_SECURITY_FEATURES_H -#define SECURITY_SECURITY_FEATURES_H 1 -#endif /* SECURITY_SECURITY_FEATURES_H */ +#endif /* _SECURITY_SECTRUSTLOGGINGSERVER_H_ */ diff --git a/OSX/sec/securityd/SecTrustServer.c b/OSX/sec/securityd/SecTrustServer.c index 84faea33..d94f23ac 100644 --- a/OSX/sec/securityd/SecTrustServer.c +++ b/OSX/sec/securityd/SecTrustServer.c @@ -27,9 +27,8 @@ #include #include -#include -#include -#include +#include +#include #include #include @@ -72,703 +71,12 @@ #include #endif - -/******************************************************** - ***************** OTA Trust support ******************** - ********************************************************/ - - -//#ifndef SECITEM_SHIM_OSX - -static CFArrayRef subject_to_anchors(CFDataRef nic); -static CFArrayRef CopyCertsFromIndices(CFArrayRef offsets); - -static CFArrayRef subject_to_anchors(CFDataRef nic) -{ - CFArrayRef result = NULL; - - if (NULL == nic) - { - return result; - } - - SecOTAPKIRef otapkiref = SecOTAPKICopyCurrentOTAPKIRef(); - if (NULL == otapkiref) - { - return result; - } - - CFDictionaryRef lookupTable = SecOTAPKICopyAnchorLookupTable(otapkiref); - CFRelease(otapkiref); - - if (NULL == lookupTable) - { - return result; - } - - unsigned char subject_digest[CC_SHA1_DIGEST_LENGTH]; - memset(subject_digest, 0, CC_SHA1_DIGEST_LENGTH); - - (void)CC_SHA1(CFDataGetBytePtr(nic), (CC_LONG)CFDataGetLength(nic), subject_digest); - CFDataRef sha1Digest = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, subject_digest, CC_SHA1_DIGEST_LENGTH, kCFAllocatorNull); - - - result = (CFArrayRef)CFDictionaryGetValue(lookupTable, sha1Digest); - CFReleaseSafe(lookupTable); - CFReleaseSafe(sha1Digest); - - return result; -} - -static CFArrayRef CopyCertDataFromIndices(CFArrayRef offsets) -{ - CFMutableArrayRef result = NULL; - - SecOTAPKIRef otapkiref = SecOTAPKICopyCurrentOTAPKIRef(); - if (NULL == otapkiref) - { - return result; - } - - const char* anchorTable = SecOTAPKIGetAnchorTable(otapkiref); - if (NULL == anchorTable) - { - CFReleaseSafe(otapkiref); - return result; - } - - CFIndex num_offsets = CFArrayGetCount(offsets); - - result = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); - - for (CFIndex idx = 0; idx < num_offsets; idx++) - { - CFNumberRef offset = (CFNumberRef)CFArrayGetValueAtIndex(offsets, idx); - uint32_t offset_value = 0; - if (CFNumberGetValue(offset, kCFNumberSInt32Type, &offset_value)) - { - char* pDataPtr = (char *)(anchorTable + offset_value); - //int32_t record_length = *((int32_t * )pDataPtr); - //record_length = record_length; - pDataPtr += sizeof(uint32_t); - - int32_t cert_data_length = *((int32_t * )pDataPtr); - pDataPtr += sizeof(uint32_t); - - CFDataRef cert_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, (const UInt8 *)pDataPtr, - cert_data_length, kCFAllocatorNull); - if (NULL != cert_data) - { - CFArrayAppendValue(result, cert_data); - CFReleaseSafe(cert_data); - } - } - } - CFReleaseSafe(otapkiref); - return result; -} - -static CFArrayRef CopyCertsFromIndices(CFArrayRef offsets) -{ - CFMutableArrayRef result = NULL; - - CFArrayRef cert_data_array = CopyCertDataFromIndices(offsets); - - if (NULL != cert_data_array) - { - result = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); - CFIndex num_cert_datas = CFArrayGetCount(cert_data_array); - for (CFIndex idx = 0; idx < num_cert_datas; idx++) - { - CFDataRef cert_data = (CFDataRef)CFArrayGetValueAtIndex(cert_data_array, idx); - if (NULL != cert_data) - { - SecCertificateRef cert = SecCertificateCreateWithData(kCFAllocatorDefault, cert_data); - if (NULL != cert) - { - CFArrayAppendValue(result, cert); - CFRelease(cert); - } - } - } - CFRelease(cert_data_array); - } - return result; - -} -//#endif // SECITEM_SHIM_OSX - -/******************************************************** - *************** END OTA Trust support ****************** - ********************************************************/ - #define MAX_CHAIN_LENGTH 15 #define ACCEPT_PATH_SCORE 10000000 /* Forward declaration for use in SecCertificateSource. */ static void SecPathBuilderExtendPaths(void *context, CFArrayRef parents); - -// MARK: - -// MARK: SecCertificateSource -/******************************************************** - ************ SecCertificateSource object *************** - ********************************************************/ - -typedef struct SecCertificateSource *SecCertificateSourceRef; -typedef void(*SecCertificateSourceParents)(void *, CFArrayRef); -typedef bool(*CopyParents)(SecCertificateSourceRef source, - SecCertificateRef certificate, void *context, SecCertificateSourceParents); -typedef CFArrayRef(*CopyConstraints)(SecCertificateSourceRef source, - SecCertificateRef certificate); -typedef bool(*Contains)(SecCertificateSourceRef source, - SecCertificateRef certificate); - -struct SecCertificateSource { - CopyParents copyParents; - CopyConstraints copyUsageConstraints; - Contains contains; -}; - -static bool SecCertificateSourceCopyParents(SecCertificateSourceRef source, - SecCertificateRef certificate, - void *context, SecCertificateSourceParents callback) { - return source->copyParents(source, certificate, context, callback); -} - -static CFArrayRef SecCertificateSourceCopyUsageConstraints( - SecCertificateSourceRef source, SecCertificateRef certificate) { - if (source->copyUsageConstraints) { - return source->copyUsageConstraints(source, certificate); - } else { - return NULL; - } -} - -static bool SecCertificateSourceContains(SecCertificateSourceRef source, - SecCertificateRef certificate) { - return source->contains(source, certificate); -} - -// MARK: - -// MARK: SecItemCertificateSource -/******************************************************** - *********** SecItemCertificateSource object ************ - ********************************************************/ -struct SecItemCertificateSource { - struct SecCertificateSource base; - CFArrayRef accessGroups; -}; -typedef struct SecItemCertificateSource *SecItemCertificateSourceRef; - -static CFTypeRef SecItemCertificateSourceResultsPost(CFTypeRef raw_results) { - if (isArray(raw_results)) { - CFMutableArrayRef result = CFArrayCreateMutable(kCFAllocatorDefault, CFArrayGetCount(raw_results), &kCFTypeArrayCallBacks); - CFArrayForEach(raw_results, ^(const void *value) { - SecCertificateRef cert = SecCertificateCreateWithData(kCFAllocatorDefault, value); - if (cert) { - CFArrayAppendValue(result, cert); - CFRelease(cert); - } - }); - return result; - } else if (isData(raw_results)) { - return SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef)raw_results); - } - return NULL; -} - -static bool SecItemCertificateSourceCopyParents( - SecCertificateSourceRef source, SecCertificateRef certificate, - void *context, SecCertificateSourceParents callback) { - SecItemCertificateSourceRef msource = (SecItemCertificateSourceRef)source; - /* FIXME: Search for things other than just subject of our issuer if we - have a subjectID or authorityKeyIdentifier. */ - CFDataRef normalizedIssuer = - SecCertificateGetNormalizedIssuerContent(certificate); - const void *keys[] = { - kSecClass, - kSecReturnData, - kSecMatchLimit, - kSecAttrSubject - }, - *values[] = { - kSecClassCertificate, - kCFBooleanTrue, - kSecMatchLimitAll, - normalizedIssuer - }; - CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values, 4, - NULL, NULL); - CFTypeRef results = NULL; - SecurityClient client = { - .task = NULL, - .accessGroups = msource->accessGroups, - .allowSystemKeychain = true, - .allowSyncBubbleKeychain = false, - .isNetworkExtension = false, - }; - - /* We can make this async or run this on a queue now easily. */ - CFErrorRef localError = NULL; - if (!_SecItemCopyMatching(query, &client, &results, &localError)) { - if (localError && (CFErrorGetCode(localError) != errSecItemNotFound)) { - secdebug("trust", "_SecItemCopyMatching: %@", localError); - } - CFReleaseSafe(localError); - } - CFRelease(query); - CFTypeRef certs = SecItemCertificateSourceResultsPost(results); - CFReleaseSafe(results); - callback(context, certs); - CFReleaseSafe(certs); - return true; -} - -static bool SecItemCertificateSourceContains(SecCertificateSourceRef source, - SecCertificateRef certificate) { - SecItemCertificateSourceRef msource = (SecItemCertificateSourceRef)source; - /* Look up a certificate by issuer and serial number. */ - CFDataRef normalizedIssuer = SecCertificateGetNormalizedIssuerContent(certificate); - CFRetainSafe(normalizedIssuer); - CFDataRef serialNumber = - #if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) - SecCertificateCopySerialNumber(certificate, NULL); - #else - SecCertificateCopySerialNumber(certificate); - #endif - const void *keys[] = { - kSecClass, - kSecMatchLimit, - kSecAttrIssuer, - kSecAttrSerialNumber - }, - *values[] = { - kSecClassCertificate, - kSecMatchLimitOne, - normalizedIssuer, - serialNumber - }; - SecurityClient client = { - .task = NULL, - .accessGroups = msource->accessGroups, - .allowSystemKeychain = true, - .allowSyncBubbleKeychain = false, - .isNetworkExtension = false, - }; - CFDictionaryRef query = CFDictionaryCreate(NULL, keys, values, 4, NULL, NULL); - CFErrorRef localError = NULL; - CFTypeRef results = NULL; - bool ok = _SecItemCopyMatching(query, &client, &results, &localError); - CFReleaseSafe(query); - CFReleaseSafe(serialNumber); - CFReleaseSafe(normalizedIssuer); - CFReleaseSafe(results); - if (!ok) { - if (CFErrorGetCode(localError) != errSecItemNotFound) { - secdebug("trust", "_SecItemCopyMatching: %@", localError); - } - CFReleaseSafe(localError); - return false; - } - return true; -} - -static SecCertificateSourceRef SecItemCertificateSourceCreate(CFArrayRef accessGroups) { - SecItemCertificateSourceRef result = (SecItemCertificateSourceRef)malloc(sizeof(*result)); - result->base.copyParents = SecItemCertificateSourceCopyParents; - result->base.copyUsageConstraints = NULL; - result->base.contains = SecItemCertificateSourceContains; - result->accessGroups = accessGroups; - CFRetainSafe(accessGroups); - return (SecCertificateSourceRef)result; -} - -static void SecItemCertificateSourceDestroy(SecCertificateSourceRef source) { - SecItemCertificateSourceRef msource = (SecItemCertificateSourceRef)source; - CFReleaseSafe(msource->accessGroups); - free(msource); -} - -// MARK: - -// MARK: SecSystemAnchorSource -/******************************************************** - *********** SecSystemAnchorSource object ************ - ********************************************************/ - -static bool SecSystemAnchorSourceCopyParents( - SecCertificateSourceRef source, SecCertificateRef certificate, - void *context, SecCertificateSourceParents callback) { -//#ifndef SECITEM_SHIM_OSX - CFArrayRef parents = NULL; - CFArrayRef anchors = NULL; - SecOTAPKIRef otapkiref = NULL; - - CFDataRef nic = SecCertificateGetNormalizedIssuerContent(certificate); - /* 64 bits cast: the worst that can happen here is we truncate the length and match an actual anchor. - It does not matter since we would be returning the wrong anchors */ - assert((unsigned long)CFDataGetLength(nic)subjects, - normalizedIssuer) : NULL; - /* FIXME filter parents by subjectID if certificate has an - authorityKeyIdentifier. */ - secdebug("trust", "%@ parents -> %@", certificate, parents); - callback(context, parents); - return true; -} - -static bool SecMemoryCertificateSourceContains(SecCertificateSourceRef source, - SecCertificateRef certificate) { - SecMemoryCertificateSourceRef msource = - (SecMemoryCertificateSourceRef)source; - return CFSetContainsValue(msource->certificates, certificate); -} - -static void dictAddValueToArrayForKey(CFMutableDictionaryRef dict, - const void *key, const void *value) { - if (!key) - return; - - CFMutableArrayRef values = - (CFMutableArrayRef)CFDictionaryGetValue(dict, key); - if (!values) { - values = CFArrayCreateMutable(kCFAllocatorDefault, 0, - &kCFTypeArrayCallBacks); - CFDictionaryAddValue(dict, key, values); - CFRelease(values); - } - - if (values) - CFArrayAppendValue(values, value); -} - -static void SecMemoryCertificateSourceApplierFunction(const void *value, - void *context) { - SecMemoryCertificateSourceRef msource = - (SecMemoryCertificateSourceRef)context; - SecCertificateRef certificate = (SecCertificateRef)value; - - /* CFSet's API has no way to combine these 2 operations into 1 sadly. */ - if (CFSetContainsValue(msource->certificates, certificate)) - return; - CFSetAddValue(msource->certificates, certificate); - - CFDataRef key = SecCertificateGetNormalizedSubjectContent(certificate); - dictAddValueToArrayForKey(msource->subjects, key, value); -} - -static SecCertificateSourceRef SecMemoryCertificateSourceCreate( - CFArrayRef certificates) { - SecMemoryCertificateSourceRef result = (SecMemoryCertificateSourceRef) - malloc(sizeof(*result)); - result->base.copyParents = SecMemoryCertificateSourceCopyParents; - result->base.copyUsageConstraints = NULL; - result->base.contains = SecMemoryCertificateSourceContains; - CFIndex count = CFArrayGetCount(certificates); - result->certificates = CFSetCreateMutable(kCFAllocatorDefault, count, - &kCFTypeSetCallBacks); - result->subjects = CFDictionaryCreateMutable(kCFAllocatorDefault, - count, &kCFTypeDictionaryKeyCallBacks, - &kCFTypeDictionaryValueCallBacks); - CFRange range = { 0, count }; - CFArrayApplyFunction(certificates, range, - SecMemoryCertificateSourceApplierFunction, result); - - return (SecCertificateSourceRef)result; -} - -static void SecMemoryCertificateSourceDestroy( - SecCertificateSourceRef source) { - SecMemoryCertificateSourceRef msource = - (SecMemoryCertificateSourceRef)source; - CFRelease(msource->certificates); - CFRelease(msource->subjects); - free(msource); -} - -// MARK: - -// MARK: SecCAIssuerCertificateSource -/******************************************************** - ********* SecCAIssuerCertificateSource object ********** - ********************************************************/ -static bool SecCAIssuerCertificateSourceCopyParents( - SecCertificateSourceRef source, SecCertificateRef certificate, - void *context, SecCertificateSourceParents callback) { - return SecCAIssuerCopyParents(certificate, SecPathBuilderGetQueue((SecPathBuilderRef)context), context, callback); -} - -static bool SecCAIssuerCertificateSourceContains( - SecCertificateSourceRef source, SecCertificateRef certificate) { - return false; -} - -struct SecCertificateSource kSecCAIssuerSource = { - SecCAIssuerCertificateSourceCopyParents, - NULL, - SecCAIssuerCertificateSourceContains -}; - -#if (SECTRUST_OSX && TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE || TARGET_IPHONE_SIMULATOR)) -#include -// MARK: - -// MARK: SecLegacyCertificateSource -/******************************************************** - ********** SecLegacyCertificateSource object *********** - ********************************************************/ - -static bool SecLegacyCertificateSourceCopyParents( - SecCertificateSourceRef source, SecCertificateRef certificate, - void *context, SecCertificateSourceParents callback) { - CFArrayRef parents = SecItemCopyParentCertificates(certificate, NULL); - callback(context, parents); - CFReleaseSafe(parents); - return true; -} - -static bool SecLegacyCertificateSourceContains( - SecCertificateSourceRef source, SecCertificateRef certificate) { - SecCertificateRef cert = SecItemCopyStoredCertificate(certificate, NULL); - bool result = (cert) ? true : false; - CFReleaseSafe(cert); - return result; -} - -struct SecCertificateSource kSecLegacyCertificateSource = { - SecLegacyCertificateSourceCopyParents, - NULL, - SecLegacyCertificateSourceContains -}; -#endif /* SecLegacyCertificateSource */ - -#if (SECTRUST_OSX && TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE || TARGET_IPHONE_SIMULATOR)) -// MARK: - -// MARK: SecLegacyAnchorSource -/******************************************************** - ************ SecLegacyAnchorSource object ************** - ********************************************************/ - -static bool SecLegacyAnchorSourceCopyParents( - SecCertificateSourceRef source, SecCertificateRef certificate, - void *context, SecCertificateSourceParents callback) { - CFMutableArrayRef anchors = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); - CFArrayRef parents = SecItemCopyParentCertificates(certificate, NULL); - CFArrayRef trusted = NULL; - if (parents == NULL) { - goto finish; - } - /* Get the custom anchors which have been trusted in the user and admin domains. - * We don't need system domain roots here, since SecSystemAnchorSource provides those. - */ - OSStatus status = SecTrustSettingsCopyCertificatesForUserAdminDomains(&trusted); - if (status == errSecSuccess && trusted) { - CFIndex index, count = CFArrayGetCount(parents); - for (index = 0; index < count; index++) { - SecCertificateRef parent = (SecCertificateRef)CFArrayGetValueAtIndex(parents, index); - if (parent && CFArrayContainsValue(trusted, CFRangeMake(0, CFArrayGetCount(trusted)), parent)) { - CFArrayAppendValue(anchors, parent); - } - } - } - -finish: - callback(context, anchors); - CFReleaseSafe(anchors); - CFReleaseSafe(parents); - CFReleaseSafe(trusted); - return true; -} - -static CFArrayRef SecLegacyAnchorSourceCopyUsageConstraints( - SecCertificateSourceRef source, SecCertificateRef certificate) { - - CFArrayRef result = NULL; - CFArrayRef userTrustSettings = NULL, adminTrustSettings = NULL; - - OSStatus status = SecTrustSettingsCopyTrustSettings(certificate, - kSecTrustSettingsDomainUser, - &userTrustSettings); - if ((status == errSecSuccess) && (userTrustSettings != NULL)) { - result = CFRetain(userTrustSettings); - } - - status = SecTrustSettingsCopyTrustSettings(certificate, - kSecTrustSettingsDomainAdmin, - &adminTrustSettings); - /* user trust settings overrule admin trust settings */ - if ((status == errSecSuccess) && (adminTrustSettings != NULL) && (result == NULL)) { - result = CFRetain(adminTrustSettings); - } - - CFReleaseNull(userTrustSettings); - CFReleaseNull(adminTrustSettings); - return result; -} - -static bool SecLegacyAnchorSourceContains( - SecCertificateSourceRef source, SecCertificateRef certificate) { - if (certificate == NULL) { - return false; - } - CFArrayRef trusted = NULL; - bool result = false; - OSStatus status = SecTrustSettingsCopyCertificatesForUserAdminDomains(&trusted); - if ((status == errSecSuccess) && (trusted != NULL)) { - CFIndex index, count = CFArrayGetCount(trusted); - for (index = 0; index < count; index++) { - SecCertificateRef anchor = (SecCertificateRef)CFArrayGetValueAtIndex(trusted, index); - if (anchor && CFEqual(anchor, certificate)) { - result = true; - break; - } - } - } - CFReleaseSafe(trusted); - return result; -} - -struct SecCertificateSource kSecLegacyAnchorSource = { - SecLegacyAnchorSourceCopyParents, - SecLegacyAnchorSourceCopyUsageConstraints, - SecLegacyAnchorSourceContains -}; -#endif /* SecLegacyAnchorSource */ - // MARK: - // MARK: SecPathBuilder /******************************************************** @@ -910,8 +218,8 @@ static void SecPathBuilderInit(SecPathBuilderRef builder, CFArrayAppendValue(builder->parentSources, builder->itemCertificateSource); #if TARGET_OS_OSX /* On OS X, need additional parent source to search legacy keychain files. */ - if (kSecLegacyCertificateSource.contains && kSecLegacyCertificateSource.copyParents) { - CFArrayAppendValue(builder->parentSources, &kSecLegacyCertificateSource); + if (kSecLegacyCertificateSource->contains && kSecLegacyCertificateSource->copyParents) { + CFArrayAppendValue(builder->parentSources, kSecLegacyCertificateSource); } #endif } @@ -919,13 +227,13 @@ static void SecPathBuilderInit(SecPathBuilderRef builder, /* Add the Apple, system, and user anchor certificate db to the search list if we don't explicitly trust them. */ CFArrayAppendValue(builder->parentSources, builder->appleAnchorSource); - CFArrayAppendValue(builder->parentSources, &kSecSystemAnchorSource); + CFArrayAppendValue(builder->parentSources, kSecSystemAnchorSource); #if TARGET_OS_IPHONE - CFArrayAppendValue(builder->parentSources, &kSecUserAnchorSource); + CFArrayAppendValue(builder->parentSources, kSecUserAnchorSource); #endif } if (keychainsAllowed && builder->canAccessNetwork) { - CFArrayAppendValue(builder->parentSources, &kSecCAIssuerSource); + CFArrayAppendValue(builder->parentSources, kSecCAIssuerSource); } #else /* TARGET_OS_BRIDGE */ /* Bridge can only access memory sources. */ @@ -951,13 +259,13 @@ static void SecPathBuilderInit(SecPathBuilderRef builder, anchorSources if we are supposed to trust them. */ CFArrayAppendValue(builder->anchorSources, builder->appleAnchorSource); #if TARGET_OS_IPHONE - CFArrayAppendValue(builder->anchorSources, &kSecUserAnchorSource); + CFArrayAppendValue(builder->anchorSources, kSecUserAnchorSource); #else /* TARGET_OS_OSX */ - if (keychainsAllowed && kSecLegacyAnchorSource.contains && kSecLegacyAnchorSource.copyParents) { - CFArrayAppendValue(builder->anchorSources, &kSecLegacyAnchorSource); + if (keychainsAllowed && kSecLegacyAnchorSource->contains && kSecLegacyAnchorSource->copyParents) { + CFArrayAppendValue(builder->anchorSources, kSecLegacyAnchorSource); } #endif - CFArrayAppendValue(builder->anchorSources, &kSecSystemAnchorSource); + CFArrayAppendValue(builder->anchorSources, kSecSystemAnchorSource); } #else /* TARGET_OS_BRIDGE */ /* Bridge can only access memory sources. */ @@ -1061,7 +369,7 @@ void SecPathBuilderSetCanAccessNetwork(SecPathBuilderRef builder, bool allow) { secinfo("http", "network access re-enabled by policy"); /* re-enabling network_access re-adds kSecCAIssuerSource as a parent source. */ - CFArrayAppendValue(builder->parentSources, &kSecCAIssuerSource); + CFArrayAppendValue(builder->parentSources, kSecCAIssuerSource); #else secnotice("http", "network access not allowed on WatchOS"); builder->canAccessNetwork = false; @@ -1072,7 +380,7 @@ void SecPathBuilderSetCanAccessNetwork(SecPathBuilderRef builder, bool allow) { the list of parent sources. */ CFIndex ix = CFArrayGetFirstIndexOfValue(builder->parentSources, CFRangeMake(0, CFArrayGetCount(builder->parentSources)), - &kSecCAIssuerSource); + kSecCAIssuerSource); if (ix >= 0) CFArrayRemoveValueAtIndex(builder->parentSources, ix); } @@ -1094,6 +402,11 @@ CFArrayRef SecPathBuilderCopyTrustedLogs(SecPathBuilderRef builder) return CFRetainSafe(builder->trustedLogs); } +SecCertificatePathRef SecPathBuilderGetBestPath(SecPathBuilderRef builder) +{ + return builder->bestPath; +} + /* This function assumes that the input source is an anchor source */ static bool SecPathBuilderIsAnchorPerConstraints(SecPathBuilderRef builder, SecCertificateSourceRef source, SecCertificateRef certificate) { @@ -1450,8 +763,9 @@ static void SecPathBuilderReject(SecPathBuilderRef builder) { /* All policies accepted the candidate path. */ static void SecPathBuilderAccept(SecPathBuilderRef builder) { - check(builder); + if (!builder) { return; } SecPVCRef pvc = &builder->path; + if (!pvc) { return; } bool isSHA2 = !SecCertificatePathHasWeakHash(pvc->path); bool isOptionallySHA2 = !SecCertificateIsWeakHash(SecPVCGetCertificateAtIndex(pvc, 0)); CFIndex bestScore = builder->bestPathScore; @@ -1559,7 +873,6 @@ static bool SecPathBuilderComputeDetails(SecPathBuilderRef builder) { return completed; } - static bool SecPathBuilderReportResult(SecPathBuilderRef builder) { SecPVCRef pvc = &builder->path; bool haveRevocationResponse = false; @@ -1722,6 +1035,13 @@ SecTrustServerEvaluateCompleted(const void *userData, void SecTrustServerEvaluateBlock(CFDataRef clientAuditToken, CFArrayRef certificates, CFArrayRef anchors, bool anchorsOnly, bool keychainsAllowed, CFArrayRef policies, CFArrayRef responses, CFArrayRef SCTs, CFArrayRef trustedLogs, CFAbsoluteTime verifyTime, __unused CFArrayRef accessGroups, void (^evaluated)(SecTrustResultType tr, CFArrayRef details, CFDictionaryRef info, SecCertificatePathRef chain, CFErrorRef error)) { + /* We need an array containing at least one certificate to proceed. */ + if (!isArray(certificates) || !(CFArrayGetCount(certificates) > 0)) { + CFErrorRef certError = CFErrorCreate(NULL, kCFErrorDomainOSStatus, errSecInvalidCertificate, NULL); + evaluated(kSecTrustResultInvalid, NULL, NULL, NULL, certError); + CFReleaseSafe(certError); + return; + } SecTrustServerEvaluationCompleted userData = Block_copy(evaluated); /* Call the actual evaluator function. */ SecPathBuilderRef builder = SecPathBuilderCreate(clientAuditToken, diff --git a/OSX/sec/securityd/SecTrustServer.h b/OSX/sec/securityd/SecTrustServer.h index f65c2ad2..3dff2b4d 100644 --- a/OSX/sec/securityd/SecTrustServer.h +++ b/OSX/sec/securityd/SecTrustServer.h @@ -86,6 +86,8 @@ SecTrustResultType SecTrustServerEvaluate(CFArrayRef certificates, CFArrayRef an void InitializeAnchorTable(void); +/* Return the current best chain */ +SecCertificatePathRef SecPathBuilderGetBestPath(SecPathBuilderRef builder); __END_DECLS diff --git a/OSX/sec/securityd/asynchttp.c b/OSX/sec/securityd/asynchttp.c index 48c2c476..904ce862 100644 --- a/OSX/sec/securityd/asynchttp.c +++ b/OSX/sec/securityd/asynchttp.c @@ -440,7 +440,7 @@ bool asynchttp_request(CFHTTPMessageRef request, uint64_t timeout, asynchttp_t * /* Set source application property info */ if (http->token) { CFReadStreamSetProperty(http->stream, kCFStreamPropertySourceApplication, http->token); -} + } http->data = CFDataCreateMutable(kCFAllocatorDefault, 0); diff --git a/OSX/sec/securityd/entitlements.plist b/OSX/sec/securityd/entitlements.plist index de0f7780..7b98ab4f 100644 --- a/OSX/sec/securityd/entitlements.plist +++ b/OSX/sec/securityd/entitlements.plist @@ -18,5 +18,13 @@ com.apple.private.applecredentialmanager.allow + com.apple.private.MobileGestalt.AllowedProtectedKeys + + SerialNumber + + seatbelt-profiles + + securityd + diff --git a/OSX/sec/securityd/personalization.h b/OSX/sec/securityd/personalization.h index 6e1cdf19..6f6bf262 100644 --- a/OSX/sec/securityd/personalization.h +++ b/OSX/sec/securityd/personalization.h @@ -24,6 +24,7 @@ #ifndef _SECURITY_PERSONALIZATION_H_ #define _SECURITY_PERSONALIZATION_H_ +#include #include #include diff --git a/OSX/sec/securityd/policytree.c b/OSX/sec/securityd/policytree.c index 53d010bb..356e7a6a 100644 --- a/OSX/sec/securityd/policytree.c +++ b/OSX/sec/securityd/policytree.c @@ -112,11 +112,10 @@ void policy_set_intersect(policy_set_t *policy_set, policy_set_t other_set) { policy_tree_t policy_tree_create(const oid_t *p_oid, policy_qualifier_t p_q) { policy_tree_t node = malloc(sizeof(*node)); + memset(node, 0, sizeof(*node)); node->valid_policy = *p_oid; node->qualifier_set = p_q; node->expected_policy_set = policy_set_create(p_oid); - node->children = NULL; - node->siblings = NULL; secdebug("policy-node", "%p", node); return node; } @@ -171,6 +170,21 @@ static void policy_tree_free_node(policy_tree_t node) { free(node); } +void policy_tree_remove_node(policy_tree_t *node) { + /* Free node's children */ + policy_tree_t *child = &(*node)->children; + if (*child) + policy_tree_prune(child); + + /* Remove node from parent */ + policy_tree_t parent = (*node)->parent; + parent->children = (*node)->siblings; + + /* Free node */ + policy_tree_free_node(*node); + *node = NULL; +} + /* Prune nodes from node down. */ void policy_tree_prune(policy_tree_t *node) { /* Free all our children and siblings. */ @@ -237,10 +251,11 @@ void policy_tree_prune_childless(policy_tree_t *root, int depth) { static void policy_tree_add_child_explicit(policy_tree_t parent, const oid_t *p_oid, policy_qualifier_t p_q, policy_set_t p_expected) { policy_tree_t child = malloc(sizeof(*child)); + memset(child, 0, sizeof(*child)); child->valid_policy = *p_oid; child->qualifier_set = p_q; child->expected_policy_set = p_expected; - child->children = NULL; + child->parent = parent; #if 0 printf("# /%.08lx\\ |%.08lx| \\%.08lx/ >%.08lx> \\>%.08lx>/\n", @@ -266,6 +281,13 @@ void policy_tree_add_child(policy_tree_t parent, policy_tree_add_child_explicit(parent, p_oid, p_q, policy_set); } +/* Add a new sibling to the tree setting valid_policy to p_oid, + qualifier set to p_q and expected_policy_set to p_expected */ +void policy_tree_add_sibling(policy_tree_t sibling, const oid_t *p_oid, + policy_qualifier_t p_q, policy_set_t p_expected) { + policy_tree_add_child_explicit(sibling->parent, p_oid, p_q, p_expected); +} + void policy_tree_set_expected_policy(policy_tree_t node, policy_set_t p_expected) { if (node->expected_policy_set) diff --git a/OSX/sec/securityd/policytree.h b/OSX/sec/securityd/policytree.h index 38a60436..147285d5 100644 --- a/OSX/sec/securityd/policytree.h +++ b/OSX/sec/securityd/policytree.h @@ -57,6 +57,7 @@ struct policy_tree { policy_set_t expected_policy_set; policy_tree_t children; policy_tree_t siblings; + policy_tree_t parent; }; void policy_set_add(policy_set_t *policy_set, const oid_t *p_oid); @@ -69,10 +70,13 @@ policy_tree_t policy_tree_create(const oid_t *p_oid, policy_qualifier_t p_q); bool policy_tree_walk_depth(policy_tree_t root, int depth, bool(*callback)(policy_tree_t, void *), void *ctx); +void policy_tree_remove_node(policy_tree_t *node); void policy_tree_prune(policy_tree_t *node); void policy_tree_prune_childless(policy_tree_t *root, int depth); void policy_tree_add_child(policy_tree_t parent, const oid_t *p_oid, policy_qualifier_t p_q); +void policy_tree_add_sibling(policy_tree_t sibling, const oid_t *p_oid, + policy_qualifier_t p_q, policy_set_t p_expected); void policy_tree_set_expected_policy(policy_tree_t node, policy_set_t p_expected); diff --git a/OSX/sec/securityd/spi.c b/OSX/sec/securityd/spi.c index 9416e4e7..a07a834a 100644 --- a/OSX/sec/securityd/spi.c +++ b/OSX/sec/securityd/spi.c @@ -34,6 +34,7 @@ #include #include #include +#include #include #include "utilities/iOSforOSX.h" @@ -61,6 +62,7 @@ static struct securityd spi = { #if TRUSTD_SERVER || TARGET_OS_IPHONE /* Local trust evaluation only occurs in trustd and iOS securityd */ .sec_trust_evaluate = SecTrustServerEvaluate, + .sec_device_is_internal = SecIsDeviceInternal, #endif #if !TRUSTD_SERVER /* Trustd must xpc to secd to use these. */ @@ -113,6 +115,7 @@ static struct securityd spi = { .soscc_CopyConcurringPeerInfo = SOSCCCopyConcurringPeerPeerInfo_Server, .ota_CopyEscrowCertificates = SecOTAPKICopyCurrentEscrowCertificates, .sec_ota_pki_get_new_asset = SecOTAPKISignalNewAsset, + .soscc_ProcessSyncWithPeers = SOSCCProcessSyncWithPeers_Server, .soscc_ProcessSyncWithAllPeers = SOSCCProcessSyncWithAllPeers_Server, .soscc_EnsurePeerRegistration = SOSCCProcessEnsurePeerRegistration_Server, .sec_roll_keys = _SecServerRollKeysGlue, @@ -149,8 +152,14 @@ static struct securityd spi = { .sec_delete_items_with_access_groups = _SecItemServerDeleteAllWithAccessGroups, .soscc_IsThisDeviceLastBackup = SOSCCkSecXPCOpIsThisDeviceLastBackup_Server, .soscc_requestSyncWithPeerOverKVS = SOSCCRequestSyncWithPeerOverKVS_Server, - .soscc_requestSyncWithPeerOverIDS = SOSCCRequestSyncWithPeerOverIDS_Server, + .soscc_requestSyncWithPeerOverKVSIDOnly = SOSCCRequestSyncWithPeerOverKVSUsingIDOnly_Server, .soscc_SOSCCPeersHaveViewsEnabled = SOSCCPeersHaveViewsEnabled_Server, + .socc_clearPeerMessageKeyInKVS = SOSCCClearPeerMessageKeyInKVS_Server, + .soscc_RegisterRecoveryPublicKey = SOSCCRegisterRecoveryPublicKey_Server, + .soscc_CopyRecoveryPublicKey = SOSCCCopyRecoveryPublicKey_Server, + .soscc_CopyBackupInformation = SOSCCCopyBackupInformation_Server, + .soscc_SOSCCMessageFromPeerIsPending = SOSCCMessageFromPeerIsPending_Server, + .soscc_SOSCCSendToPeerIsPending = SOSCCSendToPeerIsPending_Server, #endif /* !TRUSTD_SERVER */ }; @@ -160,7 +169,7 @@ void securityd_init_server(void) { SecPolicyServerInitalize(); } -void securityd_init(char* home_path) { +void securityd_init(CFURLRef home_path) { if (home_path) SetCustomHomeURL(home_path); diff --git a/OSX/sec/securityd/spi.h b/OSX/sec/securityd/spi.h index 006b1f61..4c5f503a 100644 --- a/OSX/sec/securityd/spi.h +++ b/OSX/sec/securityd/spi.h @@ -25,12 +25,13 @@ #include #include +#include __BEGIN_DECLS /* Calling this function initializes the spi interface in the library to call directly into the backend. It uses home_dir for root of files if specified. */ -void securityd_init(char* home_dir); +void securityd_init(CFURLRef home_dir); // Don't call this function unless you are really securityd void securityd_init_server(void); diff --git a/OSX/shared_regressions/shared_regressions.h b/OSX/shared_regressions/shared_regressions.h index 24acf828..537de386 100644 --- a/OSX/shared_regressions/shared_regressions.h +++ b/OSX/shared_regressions/shared_regressions.h @@ -1,10 +1,10 @@ /* To add a test: 1) add it here 2) Add it as command line argument for SecurityTest.app/SecurityTestOSX.app in the Release, Debug schemes, and World schemes - 3) Add any resource your test needs in to the SecurityTest.app and SecurityTestOSX.app targets. + 3) Add any resource your test needs in to the SecurityTest.app, SecurityDevTest.app, and SecurityTestOSX.app targets. This file contains iOS/OSX shared tests that are built in libSharedRegression.a - For iOS only tests see Security_regressions.h + For iOS-only tests see Security_regressions.h */ #include @@ -28,10 +28,13 @@ ONE_TEST(si_25_cms_skid) ONE_TEST(si_26_sectrust_copyproperties) ONE_TEST(si_27_sectrust_exceptions) ONE_TEST(si_28_sectrustsettings) +ONE_TEST(si_29_sectrust_sha1_deprecation) ONE_TEST(si_44_seckey_gen) ONE_TEST(si_44_seckey_rsa) ONE_TEST(si_44_seckey_ec) ONE_TEST(si_44_seckey_ies) +ONE_TEST(si_62_csr) +ONE_TEST(si_66_smime) #if !TARGET_OS_WATCH ONE_TEST(si_67_sectrust_blacklist) ONE_TEST(si_84_sectrust_allowlist) @@ -48,3 +51,4 @@ ONE_TEST(si_83_seccertificate_sighashalg) ONE_TEST(si_85_sectrust_ssl_policy) ONE_TEST(si_87_sectrust_name_constraints) ONE_TEST(si_97_sectrust_path_scoring) +ONE_TEST(rk_01_recoverykey) diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/.gitignore b/OSX/shared_regressions/si-20-sectrust-policies-data/.gitignore deleted file mode 100644 index 82b43177..00000000 --- a/OSX/shared_regressions/si-20-sectrust-policies-data/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -.DS_Store -debugging.plist diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/DODEMAILCA30.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/DODEMAILCA30.cer new file mode 100644 index 0000000000000000000000000000000000000000..f56ad824e14036c1eb1dc1c5e5d50d336a53f8d5 GIT binary patch literal 1366 zcmXqLVhu8AVzFAl%*4pV#KgGMfR~L^tIebBJ1-+6D=ULRv>~?vCmVAp3!5-gXt1G# zff$IxCCneH7p$k?o?n()l$V>DS7OLxzy*@w7G`$IcR}I>czYU(8Hj-7n1y+PatcBD z`6UX@jtWKwa^k#(h6a`f7KUa9#s(HqK(09w*C3V}mP4J)EX?oX@1o%9>*(nNv|ZQO zz@Ujy3E8`htPIRejQk8haW1ANMn;Bbno3th)Gp4D3W_`0(p+43Fk$oN3sd&}m6;N{ z|67aB?2`vdir=3(H1pHUlewovE|>h@C-CXJ?*7xe*%rT>5#X50_%K{&+vz8#WY*LL znec7wV^^~?GF`tok?ZJFj%`AfJs}6HUVaRak8QR}H`uIsTh_|QQZe9$gibG8>AU2j zij1{Mb4r&?VY_UUEwrAEU2~uCf&S+biaZdcVmrjYm53yw`a#@SFX%|I5UfR9CtMZ`2Q zO@nh!m}+$Qnf;A%i8=^EeFHfD{uWg8>gnOofHjfVlz4O9Sx~SmF(0 z4Y=7j6WTl&Q<)gKS&=!M$Q(grju0|O7-%vV*Z`o@nWa#8(gx-rd*oRR4D<|i7HBQd zXj985DJihh*H13W(M!oJPSnfI%mH!qfhj1+-#^6J(MS)-1tt_mHV$nzU`AnQWMpal zV$k@}zzQZ}z|^LP&792Q;?mTVl6)k?;ypw33e1xY6ySOp+eDyx^OK7U;Eph8oB&tC z)YjOXladH?XL?F8T$z4yo~m&QFt4c^8Gv#dkaBhe5=N><$@!%~DPX3AF~O>m^MQh( z91T>2$kRY2$sqAy`{bhh;$r92qLR$C%;dz9)PTgyBI~5gyu_kP?UFiE9wM;=hf&hv{*E= z($d5+uXaa-L0HGUC#zCiZ!U02vfBRC@bbilkJ190(hIIeua4XjV$Wsk&D9+!9D**3|4J^hSt@0ErBul$_It`tDS7OL(zzve&7G`k^@b)y6GmrssnT17zJsfon72Hx& zQi~FE6oT^eOB9?P4dldm4UG+r42%uU3`~rTqJUg8DA&luBFZ3#SbKR4xFGg2yX3nV zB6uK2s2iw493cmkQ}E0yNiE7R06HTnGbgj866O{KLxUzpC1j5?vNA9?G4eA2#krW8 z7#SJn)NcBAHcBdbyTMl@eeQX)4$G`?GRn@03@>o9@mjfZ<6Wl*k^3s99r$0pQ+a=! zr_o30%;ML_irlZ)YwpjzHu?FM#3xH?WIlwQy|8(v%8`S$SKnP~?#;;P>6`I1R@36d zvdz!mDr!gUYL4FXg?WN~!aHsKX;<{j`&a91kzUlmYuf3a?BaH0m8*00L7Pj8&RtAp z!nxJqlKYoiRL+k7m4E+NVh{UG-%o1qKTR-|zy7zRXo9BM$GnmwcfN0xzTR4)xL)C8 z)zVtNl85~&InI|kzceqk6w>p*GUeCic=p@k&Fb^mmz`q2x86(mow=U*nu#xTbDDzo zGI6Yv=iI}kydd(=T_$Em2FArrOdkxInBExh0|Ql7n33^63#$P$kTM8mORFp7jE zLPF3$0?8;z1e=EuMFz=2G#MoQJWMEhkY$(+8W({)AO{Mm#_0x)Qx-H%G_YJ^ZeU7Q z;x>?6B5ojRC~P3e#>F{Ft#k4xofJk%G3MON9CA%{1?EI!kQ)_PbPTi%co1R1ERMpH zK;cOmM8RU1k(M!ck%QKaSieh za1C;F^7Qcxi45}h4{>%hjQ4Z`M>`+LLHwXVV*$oBn}Ixtugn50dKyI9X2m4^FP?n$ zVOPD^u@1fYc?;GF8CZi9$g`Lj7#SEW&|9F>riDMv!4nzKg$A-9&3r6kEFxuXa`)dd zoU9Wutcjk|r05yGuYeu7Q~(x-z*2#c!Sv8a2j#gJ6SraXzpkZ}OM7PxS1#ns|~X+<3S;44oIR>A@xO z@t1gwNyp30hd6z&h`(l7x+^Jhjd_&l5&mc{hEr4Tp4k$2sBx2mWme1Ly}=$Yb(tnd z?b<7~`TB*M4jDgy+XP2SqN85AvDm-4T;z>Rl8SntSADahACR zmyC+E`?)FpT~<>cgs4r{W1S&ja(Ye6v`f$4o_)r~^`O_i>RsciTd`MPy8b`@Y-YRA n50!s~Z)ayZ->kUXTKsPLkw>rAdG6qPYB`txi~l$6jfR&1X6EgM literal 0 HcmV?d00001 diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/DODInteroperabilityRootCA2.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/DODInteroperabilityRootCA2.cer new file mode 100644 index 0000000000000000000000000000000000000000..c04f86f2f1c4659b2ca85a8bef47290cdcffdb89 GIT binary patch literal 1778 zcmXqLVtZ%M#CmN3GZP~d6O-y1170>xtu~Lg@4SqR+^h@+;fCA>oNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp;E0XIm7TbRWyz}wSM-ar<_Wfm55OHD~FO3YDk zD#}brPgQVsR4_6yG&YbE=QT7lurM?=G&M0dF^d9nEn!?E<0yk1VlCz|;DT7p?2_+d zh~R--p>CiGafKXEPQf#;B(*5N0O*>e%$&@UN`;{O{1S+Rni!Rkea^_rz}&>h&tTBR z$i>ve$jI>h*oEfF&$yd4Uualw^LntRXWo|3!}lfX9&Iiz+LEy_?Z%AcSNr^-cX>rum-0byY+E@Jk zRWER~cU+7eAI68c+KFfoXAoU*o|aCamFjx=TQ{XX_3rgtFR<}abZNOj$z!ok zD(MwG+rF9cJH7wE_`vRCaa);~85tNCH!-g@XkuPzzz+;mSz$)T|17Kq%s|SZu>&Nc zz|z=YP-noy#+A_K!I%n6Qq0UKJRTIDDhiJmg(rx@6GGt$qwqvfckkCSrP(?_n7)YQP z1rItN78DtzK;>aYkx@nH=ix+=5kit-Ly-|il3_=Y5kZpSK#@Uq0hdAJd{BVMu{2IM zXq>X3aiW3c5_1Dnvhu8fOcJSe1; zS%5`ngUIf4C56oVq{=optnG0fmWLazH|ytm_Wya z3t3q{7BLo)|3B6VcTdu;oaDH;EJmks-mIf@Dv*mbU||j{(ij<97x}DyF#C#nrr(1v ztoeGO6Qa)b=k_r>&sT0Xo_H@Mck^HC@RmrH%lyp`!!DT=UpzK{x!ci#$xOFTPd&h! zV{vX@qp*kf`u^oHvS(}UpK#u8zF!(Uv1`-&7^~;3{b$t|fBgGlt4)GNnbr5*$F?pr zQ@>Ibmow?kPla>0ThcRs9B7K1(Hk4kST}*KG;!XWC+!h7&)@dkxaF$S@YGIM%j%W9 z=Hoqgr)=7DBSQR<{mdOl(oJ2ys(ii>p0Rb}`c2=xWJGJEU9@ku__S_szqwD~n3~M4 zmmk*V`u1H~sr%=R&Hi=gWW|qNxshOOUzS*!_HAFqHup8>yqsM`!uB^#5@_-~cnbiQ C0uiVH literal 0 HcmV?d00001 diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/DODRootCA2.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/DODRootCA2.cer new file mode 100644 index 0000000000000000000000000000000000000000..6551cea59d6bf8047b9e2964fe9cd0330998f1b7 GIT binary patch literal 1307 zcmXqLVih-NV*bB?nTe5!iHW(wfR~L^tIebBJ1-+6D=ULRjv==JCmVAp3!5-gXt1G# zff$IxCCneH7p$k?o?n()l$V>DS7OLxzy*@w7G`$IcR}I>czYVE8>oWhn1$tlatfY# zC8OBoQtW6k&)qm&cScJ)@%OT+gvN$x1&Uf z{Y`&i4*}_Dd7UG{J!gV zdM9soYWXsvpB6b#Miwxhb7W$O>%0w?L z_W!%&($l%SCYt=2_xX#i%)WplPWK}_{%39ewIav%bXZ{_>$KhT8=f|}My5M%czt+n z!jgtkHt{)pUz{Jz!7-vJlGy{2%v@#1Yy)=lFwaMLo z%W$$z#IPoMN|T~z_`U*m13r)fen!UsEG)pZ$7bLK;w!K?8#o$pvvDT0c`&9jF>w4I76x8!-8@GcvLi7~}!XhVl)V+Uzn)N(!v>^^=Qo^ind56ZLX4 zbM!Ndi%U~eO7itx{9Qc#LR^FV16+d~ojiR!Ln4Fx{X?7`4dXpS^a{+A4HV#JF}8_7 z&B{+ME`S?`u#J(M#m>OSzzVK|wM`GV?Mam&+ab0Y#d|t|ZQ}=piZCdYSPhtglmQP& zKn28WU}P|G2l3=t91MW=EU;Q&(PoCte4tnHcuWr{jhya*xgMDA85wdN#d=P9K1^H3 zw$MHL%K?#7^HQ$A@?74r&hPaaw-=&M?_Jry?s50@ZL`d4LKv0_e>&L|_2$pf!~?p? zmu+63*P9SNeYe)+FN(WrRHOH`OzeK~>#W3a?Sz^CinnG;N}InAmATfjY{L5Dh|qbC z_g{yx{BQ~_+_3w4l9K&Fq3FM7CM=w-cY68;CyDnOlOEqWYsd8E=(@vu7ngsVI#;4+ z-R{3ip}w~)D{CG|tl|-NHh7wpEKr!OGpX`&s?V7)0i$JFv#xJezwm!S*jv8;d@Nmw z)#~3me?B$67v?FwCGxG{R<1mSc@3#r*1qOex?UU~AOF5{#)W-p=kv&!I=^OFFV$M9 GE(HMkC%0Pw literal 0 HcmV?d00001 diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/ECARootCA4.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/ECARootCA4.cer new file mode 100644 index 0000000000000000000000000000000000000000..f950eba68d959260e2c92ed25e1d17fae3b3e142 GIT binary patch literal 1407 zcmXqLVy!l4Vo6@W%*4n91QQH+**LY@JlekVGBR?rG8p6-avN~6F^96S2{VNT8%h|6 zfjC^k{GocmdJ69OWvNAZxv6<2hCBvbAQ^69W|w>yBwm2Gr=hxmDoBo5SPm$s;F(vF zT9jXqT9lZSnUh&ksSuQ(U!vgbs9w>O>r}U9I+di9Vs=YB}D3&@~K6UL=9q*4Knr1HyWA1&8=`V|3&3Ntn z^Rw!!zicTEa57PC508=ynQ1+n@zv40Qx|V2+V-Ykq1LL_UmsUmOc7;gVrFDuT-?Ou zV$j6oU?2|+Ls?}OU=nB$`Tt{`aQ7tb%1Mrk%VKmI=gm4gr@}xMq=1h_j77vadTD-D zXo7a5x0=YA%Kcuux{dZ4@PVZH85#exumDpVn}IusFVEs&U}s>nz-oa-n^{IlNr9EV zesWQcUP@+hqF!!h4v3@g;_u?=7vdV^AK)6~=;Z0+84?-f?;qmqXru>}HmG6a&}L&~ zWo2h%WGOJnGw_1(4Vc>Ou$h@zTwI!(Qj(9y;CRmvy#n)O0|mHQjBO%Nv+|RR3*Zhk z$Od^sfhENt$$*EAE1}JUF%{@N9u^cHD+-Sdg~yJ<<3QnYqVTv3gg}-FgTj!*fDK47 zF)|u>g2d!NV)h2M3#<(+mzW!vl9f>m_(4XgfQ(`_U~XV!Km;WtHw!SD46NY6!P=&W zJ7|+C^?^AJ5=SQSo=)JPL@il>IgOE__NRhyirdAKn#W9=Wq+Dgs=sM>)BZ4{_Pv=8 zhp+Mj;~tM^A7hhFUgAwl+0n9}&1i%Dmf5#YaO~-7oh|mx;$eFq^RxFk^>rHT?3w;7 ztsB3nO-ePm>FD{$uS-tx!SxxB=gmkki&)qF@7-^vXDwdqqm7x0@5-grz5A@n;?aF& zPmJ-h@UN`uKgBfbmgUWVP+gmx?69w8`J-zJTxY~?MowA3d0PpCY-tt8V%_3^xb;)s z^L@DbX>rm%1}U?@mjf5`vg`|Yd|h$wf&0sVkkjjIw<$2nsGCfEZM>S%v2@GaeU1%1 lJKA=y)Z1ope>>-%H4LJc1j^OQFB}Yf&i5)wqFdtpDFEjCx~>2K literal 0 HcmV?d00001 diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/EntrustCAL1C.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/EntrustCAL1C.cer deleted file mode 100644 index 5d16f8d329d31f0969cadc909b4f868a42c5135e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1270 zcmXqLV)XDOu`!3Ta0zp} z=9Ltc7MJMdrIr{v7}$YCxkb#&%ggmr5iG&V2Yn15S{+Y{E>T!G>Z6A|MWzFfY^+9R<(4WIaPm19ONQ4bXjARFJ5USq$}Keo-RO zsZfum7NzDTry9x|$U?M=fxKsAU;y_X)NDNi9gqTMVO6M|3b;I_tKehkY|zB0gd97J ztPIRejQk8haW1ANMn;C|i*;@0-DABad`Pf&Zr|hjjV= z*>H*f8s`o?<71l`pxJ!!(_yXKH*Wi}oMCv~y=~f^J*$2Nm9reYE%{{KoWC~R%*M9Tgh4N)OvIH8IWEc`&uSOvPu$_gq7Z-?#tWHfJhZC^3E6 znR^PHo@OeUPT!uGCw+{}U1{^yWX|Hg+jp$4f9J}7uXp3>(*7?^%Lrv+W@KPo+{DNY3=wt%K493&@-s62XJG-R zZZ-pc5MLO?XEk63QU=Cs9NKKaG|tY*$f9llN{mpx0b`qZMoCG5mA-y{a&ZB2+BPr( znIg}kZJ=qOzCd+>a+@MlWpYstvO;}OGE7d?0}2~hgY+n{m;lqF0UHaD$zY&ipa!#z ziBU`nY6g}h22Mk=d@N!tB61&Bce4HPsIqJV+vX3Ni~d*WmB+X$ r-gIFw{JhV||0|af@1H-r#LB`pUGtdqse75-_BAn?uej~gTz3Kh(9g@> diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/EntrustRootCA.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/EntrustRootCA.cer deleted file mode 100644 index ce27297ade38c499c2db43ee85c55863b024de67..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1070 zcmXqLV$m{aVisD!%*4pV#A1d#AN85K^Mn+av27|^eh9U++Y|No7T*BP0 zc_l@q#U*-qsU?OE26iA(ZV~hH@^ZaYgp9s(KybW~fr*7eW?piBQGuR9Ql&ysYMP#c zMowmKW=XL^PG(|~o~EIyfilNcj^BP$im;<>c zhNgx_QA5>RO^iy&5yZ&Kz}&>h&tTBR$i>ve$jGqP*L$T<+oo5G71%|^Qna+aFYf2| z^6h)uP_{IEdxgV+Vy6=s2W|&z-;LW*Hp6ssx76GkVJklQ=clYYV>rYfPC8%yV7_b z|Jl34^I%!0r{v!QEB1CSPS-y+e@~%g!VcY+IwvQTrBzRPw7%k6YH+O0wK<#4Ycl`T zUlOqCipM!tqtLFun^JuEp3Gn`yZ1{7b3a8l4 z0_0EzW&>a-Gcs7u?hl)7@H}{CO;zP`-|5#Sr%w3ICV$Gf#x1#jTAIo)2Wdt1Q_qTu zKl%SNocZ?zk55MMv4$q$8Narzy%lTw@m$_FQNbxqJn!tMt`}U*e_j8cJad1zj@-%J zv!q<6zLxM`CV#dzTtI&|3ujcz*1Q|CRu8YuyO>iMS1BWM^zj9s$=0bhZ|~dgTlRFS z)Zwj?hxf)s@BXj+K11@f&}8)(X5D;)3v%0}*4&HwesR?b^=1Dm8;?}ZG!EY-v|;4~ zr<}>B!tVXcZQ313?^lna{o$tXR Z8g_pFN9~%pS!FLHCmgM5HWf?_1ORo~ir)YL diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/FakeDODIDSWCA37-noRequireExplicitPolicies.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/FakeDODIDSWCA37-noRequireExplicitPolicies.cer new file mode 100755 index 0000000000000000000000000000000000000000..f6c6568bd737f09af5d802c3422bbdf1772e9de1 GIT binary patch literal 1227 zcmXqLVmWTm#Jqk1GZP~d5KJ)OW#iOp^Jx3d%gD&h%3zRX$Zf#M#vIDRCd?EXY{+ZC z4dQSMv$#2WyBbOuh=I6V!u+9n!Fmer`DLj^dAX^1C5Ai(To8rKF8MAhobgg=t$Otxm-?=!-F$l-<{a`+SiF17*PZun={P!9Uv)J}y>@AC z<^-#+J((&~WdB}yq|o7EqkJ>lX)Vvq@YD@IT~C;=KeTE=_~MnPKB@lqQ@@;gn0t9r zmT<0(`sAhTMHU7e!eN3fGOe9W&rSykOP>A8siq@)r+ROp)qyF@PJ4?dYO?+Nc6Dv& z3!@q_cHix@ZS>doN$k0v%ChH(=CA9s?cClJTWqquws6(FmWJ~$7jUFy)ZSXDr|>vc zZ8{HIYpceL1r7&K-S{oDqw;!S%9aUYnwjM<%~Ng%GAnKE{roB8hr}{TCT2zk#>GvH z#lR5BHxL5GsH`v}<9`+o12!PV#K>U42NL54iLn5aSDS$ih%e7#YG7<&xIlk_Zku*S zNlAf~zJ791j$TS;aiU&sW{zH3VsL?0L-LH_c1ye;GVXaf;i2Xgp^7ON_AZZI`*uFtB%TisbdtWOAC0mDogxQNHz00%OK&z$&KcY78O(f|1w`9DfxkK zTJw|rKc6Jc^Sd<5u+&#n|D%Z8gX}pL>xFqw#g|*o5#KB7wDErU`4jKEe%$lv`5$r1 z@Zz232hzRs39T;DRV*cFA`^;stnn8j2Z+ zfaI8kd4X~YLHYS53eJuS#s+fYyoRO*mPW>grbfmFrcvU&MutdSgB%*T1?mH4VSX2X z7X?ojh2U_YV|0zp4VoC0kOPB}m4Ug5k)Hu5&c)Qk$jES%kHy1N_w42ep?R#?>-m%q z308@Aw!N4zg-hn9;Eb0_Yt^goxYTz&?dIF#Fz1km!s6XqzV5ttOUKc<`l_o*>a|OA zGbdPm?a5S`BK!BsBZUqR8|9nXPHTB?hNo`$>3YI^{h?J0!WXYR^-1-=pZew0!`#c0 zvV?PO)F&@xFS0P;5DpV;k!kI0dUiTUSn}*wPBk6bJJov&tqx3KcG_D!QIqZ8x2tPI zUl`ShvHNbHZKJ=wPh!vYRF*wQG=E*6ZRhr;*kY6IwS}wZwKSZ6xqu@rqxRNHJ%z`q zYSVexT3a<{EO0n@>c(%G9hKJuQ?^VH)66V?X`XUBkXdPK@8?e$KO~k(GBGnUFfMLl zYy^f#t$_kCMrD;*Bn`wHM02{PEGpmFP$b(}CAR9*opWjLTo3#=kOQgUV-aT&6;rAE zu6ywPB>R0X&qLx~{uAHzdEtKpK9D>=BjbM-7GPRzGw=cN6iVZa8Ym>3y=Du7}tEUX614M3g^h$qit zYG7<&xIlk_Zku*SNlAf~zJ791j$TS;aiU&sW{zH3VsL?4)3g8cnMoE?qzfLw!W zHV$nzMpjmKMn;x=gIoi97~g=Y%^0UanZ?DWsVOD-NT$VmhUgWTCmU$N4Pb1OgBp;Z zTwH+a6e|k@3nS!Y3e2;>WXi}O+8>`0cIjku+9a*x!W)0& zsOq!mN5!zlef4#{rq|T2xF&8|__1Csxhdub9F3YmzCS)}OO&kNn`AicCC{nF-}R<* zY!NQ*n4xWWe)U6E=F2e&a~gs~W&~AS@_%$R;6<^@R{K*;DT_~4OyZdQ^!fBd;(sT6 z49<0)BWmjQ(~Dcd28Hc9oV&B7TeUi z1kX6qw|-0Q?esH~oBTpoFMi4pej-?b{X?_&+7tRb)*%iby3SwHSo%Fn`c$#Q|5bAY g)-o2^^UHDf2YfH|zbbKLPM^|C$(K=iCbLTY0nPW4Qvd(} literal 0 HcmV?d00001 diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/FakeDODInteroperability-extraPolicies.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/FakeDODInteroperability-extraPolicies.cer new file mode 100755 index 0000000000000000000000000000000000000000..63c64a33538209268de6c5eb4982f8b2aa423fa6 GIT binary patch literal 1547 zcmXqLVq-UGVtK!SnTe5!iAh1lfR~L^tIebBJ1-+6H!FidnjyCVCmVAp3!5-gXs{u# z0XK-lEzIKP=ILg5xaXIp7Ukup=9M5T4Dj|elsAwCDP$HFb4yK0 zElSK$a4O17Nl#U9c2qDjFf=xh6X!KFGcYr-1hNec45Gw&jgYwp)nvMZ$AAmsU}l$m z7efRO!|`+}FgYgd8r6tPIRejQk7+ zO^jSjO^l2TOUgD(=sP3Y;j=}H#q{VjCRGzj!~XL(o*z4Ya`8Ni-0VyFQ88ZYFDBVZ z*r+CmJ-&2?wRG05l+E4$4z>Rfw0yeB{*lTa_2+llpPc+(5j;CUW74{nD-6#)Ipp@{ zdd%S(g`8uIH$%?(7}V)4eEUMuXKC}tIUfWbK9luv_`F4F+7;tTuTP)iRr{g->!9N% z?g>HxH;znhxbZ+|--ZXm8;g8tUK>UyiwkoMo-^Jg>(=Ws|$Und}$kEBu$1@}{$lpK2+0iK8(@78HfC7-E zax9q!=?hW~JeIf_xKJbA8%Qn@HxM-xHV|av;+&+`Ir)=L3ZtYLGth+wAs`zSS$qw= z4aC{F652c%Q-R)RW@h6AvzZvV)lnpP5E5D_5~>IZ6@wU%sR}Hi2EhhA$flz3cu;t% zC_G*io*=N;L2{1*$aG~ENdxf)(cR}t3Y$&*B8^-{;~f$b?r3k=^5nmP97qKpi#Utu z{~zmwyC-Q^PI6pa7NgTRZ`RQ{75|ZQGq98c=4M8Qk{^%eonGUszVSy#k#6a$t_Rvt z=h(m5Crh(l&oR1kkLTQ#uQNo`PcWUnx$1%Y^@tAHZ8;}HF6#Me+)}evtXt7x`g0!# z3q$D}35MtY{VSh7F6jAw-i&2RPJG^mMYq>%R#FMKQxVnc=D*84SFSlAYA&;C#?RKn zY7y)!n#A`#iSJutem~H;^83+_gR7F3c=U0Uh)Kou@$VuhAX&kg{MROmqf literal 0 HcmV?d00001 diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/FakeDODInteroperability-noRequireExplicitPolicies.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/FakeDODInteroperability-noRequireExplicitPolicies.cer new file mode 100755 index 0000000000000000000000000000000000000000..8ccc85275a9efe2b07ad788ec0f8f9de2140b729 GIT binary patch literal 1531 zcmXqLV*PH=#BzTDGZP~d6O)3H0WTY;R+~rLcV0$DZdL|^G(&C!PB!LH7B*p~&|pJe z18xw9TbRYo(c9Hf!axkf`B5=m z>n|qRN!X|+h&{e^hP8Cou9VH){|>eP5VU-{$^Mbb9`)yU*`J*JUlBYzKx5Lnl`9O- zJvrp|=6cNG8ikx=j5kBh`54scEqwbz(r0P&$2lJa9zK)xarnGNY1$RzNv}_z;#K>h z{_CLQChiGB0XL3JZn*J4XWxbg!W)kGpV!V*Vpz0i>#SGDj~VXr=c`pcGNGe@tuA!4 z^{d*q>4AsV8f}04c*WPEo@CY5Ny~Hpp1Y8+KqWrozQg}D=QEcJop))SypwOoaXX9o zTRpOu2dw>&Tlc2Mnz?b~DkGlrCM>s>Rx&X&GB7S~Vwz#l#5Bc#9~h{z!icIRZMqpHB?VUc`XEX#tspy7FFn6ZFD)@U zRX+)wO!U)|k`qDcL@&80#~^}@Lz|6}m6e^5k;TWr%fJK1H(+YBA!t-`qH}6dNwH^f zacOEwNIu-;0`p{WT9Gvaxsn0m4Hc+28i4}wFl!jOS%M7$4g6tz1J*WYsI@@n>7`^A zC+g*9=0H4<3AQJxQs2ej#nUguHON1}HOSG))5kL;GRWUQ#M#j(-qT4BWP1T9T;y0X z4bm5+8h9*mGjO3sqBoFSB5ojRC~P3e#>F{Ft#k4xofJk%F=n6(4MIRRDzf+*cpHeb zaV4~QFs1_i&dkil31%}fa;u|A@E|0#P$X0l5-Pxe0h+47;$h%sz=Lcm3Xcbcr;5Vk zMd1k=$bk&xV-aT&{r_W~aQ7tb%1Mrk%VKmI=gm4gr{ceX0!Ut&MbbdLL3H=IlEP*a zzepoj(Rhc1gge?BwmkWdR;mGWFC&BTx{rO`yO^16g&v!K+Yr2cnP!vphP16NO$QE4 z>HnKhxQ_L7u=w>Q^6A`fZXDhgWOYMd%F8xXDmM6@m$p(JL|I?f3k*Y%GUMI$d75Ad*O7R`cliPXWbEk;?(Qiw=Qt7zYV{b^c l-?uj_ALM!Hd)~bLhI;|4?{wR1m;0l&&VF*9+b-nc004zF=d%C+ literal 0 HcmV?d00001 diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/FakeDODInteroperability.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/FakeDODInteroperability.cer new file mode 100755 index 0000000000000000000000000000000000000000..ceb21e08f3477e41b4d3fc5f24d3f844f6d1d709 GIT binary patch literal 1536 zcmXqLV*O*##PVbTGZP~d6O)3X0WTY;R+~rLcV0$DZdL|^G(&C!PB!LH7B*p~&|pJe z18xw9TbRYo(c9Hf!axkfWM*JyU}$J;Y++~| zWl&9~OLz>pAWmj>$#*eC@IcN|H&BH*OAaWf;F(vFT9jV^bY4 zj7rEM!^q0O+{DPwV9>Z-f8+VF<0lu- zv&hZ9lphu2wf`{Mym;K4f{}sWr z12iVBTe-sU+>=9YZ?4B2u2IN2#&|R2oR2}B-om#pBz=}Pf1L9{;Nde_ABWFdl%`!V zp7i?kDPFZ7>c0*;ZsMLG6ma9nPc2@owPjn@3{*J3smAW?mPTnb3Svq(0P~E z$vgRW9JjNWzttmqdBEBaxpi-9teG1(t}@~|Z^CkGX(bagBLm~&CZ^d2O-$1b_gOIKj?lV&qmwk>Ei{XrV}`A|zA{ z3P7gHv1A&gFGw};SmI{jLXFgHAh|@`K-5s!K#+}#bCO!;d4u-U{f(#Tab-XS63j`oHvPyQR&fmFz|m>ZZH7%wnfpx>rTFec$q z2lR@897sPOi#Utu{~zmwyC-Q^PI6pa7NgTRZ`RQ{75|YlFtBI?W?)8!jH>m&8q>`* z?ZTBGblknAA;$Cb+oOMh8I>8TkIz`}nFgIybd^7RPckm(UWr3UmEzm`pG4kyzOr4C zz2L;1_5Nqx6uE?eGsVZqcaiDm8bbGSW&s!}dYGo4v7?T9_ouW#?v-~O*y zxa|V-!fg$&F6-^wqADG@^gzW!hV?(v3jQz6b6HgtYPg$Y%f3QRgT24D_8awb_0&Ar zC1LYkH)jRQVg3ah+Rb)xt^N~Q^J1I8WS<2#FR!kSJlL_V^6>weB|=HlC!T&|c~7Jz zmz8(Z?E;N;Q_J4Q-nL(r(QwhGN5xItVTG->`NmVGE2F9w%KlC$eC5UU=5V3WrVW#S HG8F;<1I_6f literal 0 HcmV?d00001 diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/FakeDODLeaf.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/FakeDODLeaf.cer new file mode 100755 index 0000000000000000000000000000000000000000..69ff851e8c85a05fc63b82cc8d68b65b86766f8e GIT binary patch literal 1219 zcmXqLV%cxd#Jqd~GZP~d6O-m#170>xtu~Lg@4SqR+^h@+IfmQ@oNUaYENsF|p}~f{ z2HYSHw=j#FqqnP}gn<}{%O%Vosu!%M;GSQWT9lWYnpa}TW55Mb$n28ug2W5(_JrwT z7Up;HcTwd87gG}>Bg2jd z|8I(Av@Sg1bXg*~eL8Qx#z(#1kI$A|5|f81N7(vrFFzw@aN)akiCKh+Vr|;iu-vb@O0$;z+OVU_ zb@sL&{z_*1_WjoCGl|}p(rdqK%FguDua2r@Mtg~JsfXL_tV-Hzzd}5~!l8YcPrFgW zjn_Zu(&&thy~XrRA9cY$`BW=2U#ft9{~a#4<6N@j7QUT$WNURq*yDo8{hnChGz-#hK}ONam*&8EC=v zF}BG;_2nlQ7ofV!%EG|H$Up()4`mif1Mvn?F_pUSx(DA+vfta`*z_T{HBM0`G3CS<}_HEO|Zd{Fr9x1Ceu;v!qk@rvoH(zcsez@Dv5|qXsewV1 zIIoeJfvJHZlxvVh1ILLOh(H|23vwLHEye~-j3{Bl$jZRn#K_M86z5`UVq|1E+INm2 z>F@mAy6s_>K3lG2{hUz~&E@2CbK(m23A5KU7d?`-Wc*V7BO}qldhLw{V<(wUF>U{O z9lUDgF0#D*p|81XrDXdtjexmQ>$1c`R4P54*0q?QknMSMa?Q533(e)86_e&UTxw7A;!8QP6W9+q<=_wR?&cimIGLEl#*>{r@`I zvD-?Kn``HWjek!@Z=e6=z%}8XoezKA+VnkLnq_uLK;)H1zc`sgDF^h-{EHJ9ubA)c zyP3Z2MV3R}@|m{|oQY;U+ZngPc8`nW7t>lcuca$KZ z5@t)8GchwVFfMLld;|=Udj|Z#Fq9Q$Wc<&vRn%!|SkG-&LGxrdRF zrQV`*_a~uzR&&78o$L$w3XwPcAM%4N5Bu0}EiT0tG!Ei#UsD zPS=!0cz33pG@uAJn!xGYAeao((> zb1MF$l@Y*vz{t>Y)qt-l|M<_!i6;6TkG>Ta?G>$N-|M$>rt$Np1iqE8=gsjDa%S8( z`9+9e=by!{IW|Y8e3)9m`-Gh@Eos-=Ie!ks8<^h{SMOcBIoIwtBgfREAKUIpRQnYN zzGb^x&h$%f_sPXA8*N@Wr|8T*#$ELBt!-~w(PU1)q{Z(aXEJDDu3lsn_h>R|DQ_jw&t&IWJa Z{&UsJFs2Rh7aobT$o{nXyC_BSA^>fLzQ_Oo literal 0 HcmV?d00001 diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/FakeDODRootCA3.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/FakeDODRootCA3.cer new file mode 100755 index 0000000000000000000000000000000000000000..15f691494eb2bfc603ad73bdce139b674a5dacd7 GIT binary patch literal 1372 zcmXqLVvR6pVsTi&%*4n91pNlQY@Awc9&O)w85y}*84RioxeYkkm_u3EgqcEv4S5Z? zK^$&j7B@$4S3?N{F%Xwam_Jl6SWm${zbv&VFE=%>#E{2;3!;$OCEo>!7vSw_sBWMN zl4BN@1Ij6Q=9Q!t^03rk7O+wzf}LoNOZ7Xd!xbF zN#;{b+kajMuUff_EH8iPYwlVp*?vqTV6N18VCE#@a=d)}N}v#sqybGc{5 zq&eBojkiji3_L6Sac;G~RqGX=4>_{dMbWbQUD3Hki`H)x^qj}`ZY^u=o??ZfD(6s( z6E0i-zfN}Swo>Hg+PPul-;>eX=YKhHO}J<0!(X>HeNUHWnOzbPd8N@WPUcX`0X;MS z;snMk=6m~Yrf++Z<&d|0=B)!~q8ZP2#%-|O59)AW%WuA{jP4bw{tWz zJ;s%}1;2PxUV2*to#TfI-8|i^3Cx1f>czC>t0V5PoCiW&wttfj!)5 ztZl{w{F+n=@+&0hjN?6>zv}ks*H40sqyjzP>2pzx}89ul(uKxT|m09(6w_ zT&m3@ZKfwxn)fBesqVIo*u~UqOYD>{^ltp!wCB^pAj^#1O2SK$1-Wj|U%vVf=ac^v z-ad&FJZSXsNYA&R#Oibv7waUqsOIrazvt!1b5Wn!sbO zDnI8IiCoA`e0ou0ck%n0^DKLgoKYx!ZTo8e1?ke$P2V|;d-C3|*2sNv&MNYoo%_+l zy0=3#10=7pN=&Q^xoRx0mwxNWimI5To#CdsCVF{a9M7gLIxE*~7<;if%>F^9x=PpF o$_bUuib@j#-n~`6o^E*bX2Ge8-8sLsx3vY_Si}B|-C3*)03`&*-T(jq literal 0 HcmV?d00001 diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/FakeFederalBridgeCA-extraPolicies.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/FakeFederalBridgeCA-extraPolicies.cer new file mode 100755 index 0000000000000000000000000000000000000000..9c9c5ea7af2fac9a9f9c3943fa85ae1a8847c321 GIT binary patch literal 1655 zcmXqLVkILg5xaXIp7Ukup=9M5T4Dj|eR5XwWDP$Iwa7#@| zElSK$aL&)o&CgQ^$j`}4u2gV#G>{YLH8e9YGq5x?H!?9Wh!W>DvOwY*q*2Eu@&>XH zmx#e!;#8EGlAa25f`XBOp|L>|qY`o;FtRc*H!<=v0L8hOniv@w?q5G%_lU7-!H+-O zf$O$@UlqFb)b*6J85;8n4zd<<{k~PR^MU5Y`NtnPE8je-%%1jk!^e;Mf0o$FD;RH` zb-r>!0<(<$n>qeZxQ@9$Z&#X@U6pqyFt)2gXhQWeyL$Iasd3G^-9H^l|F@jn zo^sg5@P2CW0i(HkQvd(1c&GXxBZw#PfJp7s?$_V1I3=8H5L?NiP(Ll|j%@G6PlxI^ z9z6RkoxNi+&o{OYTP#xMPVrj*e&X|A%$@slf)>obGAV+2oiEl&cAG8Qto=T6p+k+4#P?~x)=Jr>FW@?F&Kj=E z#LURRxVVW~-JpqC*?=Dyn6ko*jQ?3!4VZzH0Utr|PRl$;1kHeiz*dqJL6WNB5h({}Ar%zk_1!66yVAGcRC zloeDw)KSfI=?JTm|NX?(Yf9e*XQ6|Zx6~aq_8bTZ-mqf-nOU=c2s})@v%2>FtJV8! z13${@9$r)a+a>C@uI$#hQ*yfgo^yVzo_FVuI8%W9qN^vh1j3uoWCxqE1zbZda$QBiGfXJ{f?aJ>IPQKj}85&Hsu@FrL6$~`lImU literal 0 HcmV?d00001 diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/FakeFederalBridgeCA.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/FakeFederalBridgeCA.cer new file mode 100755 index 0000000000000000000000000000000000000000..da3517ee135fcdbefe52eb0419e421c2d2b9f455 GIT binary patch literal 1644 zcmXqLV#_dSVhvcp%*4pV#3VY!fR~L^tIebBJ1-+6H!Fidh9S2BCmVAp3!5-gXs{u# z0XK-lEzIKP=ILg5xaXIp7Ukup=9M5T4Dj|eR5XwWDP$Iwa7#@| zElSK$aL&)o&CgQ^$j`}4u2gV#G*A%dH8eIfFfueWH#9P}h?3wpGB7eTFf%YTG&VLf zG>tMyqmEnT4P+s15retKsVFlgJr(E(1tSAPV}m9}CFEdWWMyD(V&rE4igPhFF)}jT zzka;#5o6VYAAh(5*KPg2Ds=0q>nUe5H0Bi?WG&?SeXC~Y1I>%`k3Vo$zIjxcJ?-s= zk015_EU}eWFy1=reC31$W*Pf8bNruh9dm!)t~4#XD(_BUY*&TQgz9B>_YxSrxU?Np z#-@Z#lU=<*y<3=KJ1CN+HpAPioHMd-`EHlm7JBH@l5GU#yetHe0k=`+ej>hZ-Y^@6&#* zm9k4;z;)i7HC&g8nUR5UaTBwYK@+o>0Y5M>WrZ0T|Ff_fFas%IFd2h{6j+)VwSXKo z10FW6gfN8t&g@Ptr!!YDiu6rLyw zPYi`8j>3~b;Yp(Kq)>R$C_EK|5H=2NHbz!fc1A`P4+A#?7Z~4wsm&szq@=(~Umry2 zr4?jn>ZRwG>7^xRr|PFA7bGX@Cnq|m7L^ox78jSMriA2!1@#KdlMNbsL2;qT(%5Ry z*kmAq91}=vW)vBABpDtQ8380278Dr{BpFo{85JZMHG>G4uNb*md%TvPNB}`m@r{$BI z74w^%qSIg1=E|P4?%46Y+D$<3cg&)aWtPj`K3-RSW1yJDeP!~I4w2wk{=o1RX8W$2 z3clA+ig|juTupr4{n?WyN~jg=n!<9sX!euyvowyW$gOidDYM6PmGzsJ^)JpOpXa;a z`CL-xZd6kYOH|;4H?izz^}?P889dd$I4e-)flm_q3ro&zr4u|3y|irhT5`{|d#iI_ z>h#WiUvG$CtzFW=bJABPw6u>c{HDi@(?7KOa~Dl`7ROS%+4S4J>V)MwYma_76|6py qS<3dtj4M3ln~p_1_;O=Ya>mi{XL8RE8_zXy{_O9^etu5DEHMCcqwaqI literal 0 HcmV?d00001 diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/FakeFederalCommonPolicy.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/FakeFederalCommonPolicy.cer new file mode 100755 index 0000000000000000000000000000000000000000..800ad85a0f13b0cba36a7abde41489a5c349361b GIT binary patch literal 1173 zcmXqLVwq^r#9X<6nTe5!iHXs`fR~L^tIebBJ1-+6H!Fidh9S2BCmVAp3!5-gXs{u# z0XK-lEzIKP=ILg5xaXIp7Ukup=9M5T4Dj|eR5XwWDP$Iwa7#@| zElSK$aL&)o&CgQ^$j`}4u2gV#G>{YLH8e0ZGB7kWGch$Xj}qrKM&{DdB~6S<$icwK z%D~*j$j@NV#K^_e#K_2S;#)V#ElkVK{ zA6bL3j?I{}&X=iN(h_HEx=Vt+W!&Gv_SWaz5aHO=0& zC$;@Wl`a;_ZF`}*uSK2n)aIRsx2>1h{7mxik#9?km$B@=b^EktzGTnU$88(@7k}^X zFRYFJvXG^|oN3ajluLX2yr1R8hL^v2xHm)QPijuks!7{i!!4S`bxx;z{=DV)ZtMRA z`=z*SzH!YD+a>yCrk*6@y)seG)9fZE1H2^t^Y>cxEqeFth>GT{f7`6D%zV&Zd@teY z`WYX7R!Lu;l(qBYqs_(|%cJVDC+|MYe5R6#nUR5UaTB96FhuMP_<<2CE6m9FpM}+c z8Aus4{$}IQW@BV!WoP7OX?$nU_}ah)CSt(aW|2`+QedU852Eza3bHfx((}vo(h{>% z_0y6Ik`wil6P;6wN{T&;i%U~eoGQVBdIjdm291l5jA@*jladHB2SlNnlbmM@O=hY_ z29SgXWI&P{NW@Vmztq+Zm@aklZ9xeaD27P7U^!so)=9Pv4Yp5q1UV)%Ei*Z>B-J`8 zGcU2IQYX16zqlAlJRmW%2r6g52MP{;P;jsS^Awwb9Ei`yBF-YZmZz#T=IQ4dM=EFV ztwm@zo_sAJ`SmYClET`|6&*zJP^) zUg_&Jw^Tlc3V~v;eO=3x8tk+93RYb|>pcH&--LH}&ZgJp&Etz`IHgyf{2=CE*}Xs4 zvgfPcIhrJP^?&C|#&@%~uKKh%_RbNBL!Qs;*=>EjpNM3CTxNLK^yU9U$J9=C&;P~g za_hWO)I85tE54Z5N4|)hyCS|lbgko@qM1ya7qIBN%=b>HWR^>kt+aGsnBUgKc~6Gf j@ZqCvz296;Mr@lg@pMPT?w!GnpY;MfD)XbPW;6i+mE*Ch literal 0 HcmV?d00001 diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/FederalBridgeCA2013.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/FederalBridgeCA2013.cer new file mode 100644 index 0000000000000000000000000000000000000000..b6bdc37bf383b8676fd1d925f619d445bb85662f GIT binary patch literal 1641 zcmXqLVoNn>V)b3X%*4pV#H6#pfR~L^tIebBJ1-+6H!Fidq#?HfCmVAp3!5-gXt1G# zff$IxCCneH7p$k?o?n()l$V>DS7OL(zzve&7G`k^@b)xRG>`{znS~|XQd3fk5_1%s z^K*0a^ArN|b25`F6`UOnmE(n z{Y%h4*+NFHhJ$C`H!aa*r6dud=ku?;3edY!XP2V-L{CO~$J_YSEuR@g{drX;=@bSi z*}N9a+^l2q`9bl*8EU1=bi-D%uAhC(2VWcg-x|soDBZ zI?#_(Lx)}4tFp(@^++)H*{4^Q?VfCW!+hG|4cgI1k3RE^af~iq%ye6HUh#!xXP%sx zC3T#Uee#C;uXp^dzq49m%B1ezFFcx@0shg24{rs;E#80s&XTSV?A}bwj0}v6o0!cF znwX6Z_)oG9f3`w!cMLFOCMwX97j74Pkxst+W6Te6! zSJ8NfgoHcV8@4<_E?j_RD6nv0WH=y~tNx+VJ;<%)L`SUNoMmNy|NLydRB6Me`1{OX zb;~`Ar6#6?uZU|X+~AxxSL=tM`!1fki1_V+{mMJ<3cr{5)cGaQJhIX2NWoh7H{DXf zh0pap(~iAwk=FU_9BU(3?Whpl7gcnXvE`f5SH_Q4C+hmY{JLfu3}S=v|C3}x^He#^zMh@y65eWW`ihg$N?a7*M#*4Q%o?X5$Dep>poFM=TquK=k literal 0 HcmV?d00001 diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/FederalCommonPolicyCA.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/FederalCommonPolicyCA.cer new file mode 100644 index 0000000000000000000000000000000000000000..ae66c34d352c11f5dd7437b228c1c9edefce54f7 GIT binary patch literal 1124 zcmXqLVo5M)V)j_T%*4pV#KdS|z{|#|)#lOmotKf3o0Y*J(vaJLlZ`o)g-w_#G}utW zKn%p;66O!p3)WL`&o4_Y%F9j7D>39X;0DQX3$wTdczYTu8pwmV%)%0GsVS*Ni8%_+ z`MJ6Ic?tpfIho0o3eJuOa^k#(28KokhK6P)rbgyb;=IPlTv}S)#HfVqQASn<<|amd z27@L>E~X|%Mur=uzfHwVq8#@}t&cHa5s_J2;j;CW+N;vU<7dq(f7IOAs~MOUsra~Z z^_7Z!8+11;yt>I$O!>kYxqW;uR^K^%@|w`~bPr_hN)j<^tvq zT8qEgE2`Sw-)?lYPkpoU(g#7CW2e2`u;b{_`MZxU$ZK-geN>&*%=4O>dM1xa|9SN) zEw06m@x8LlZOx(&LJuCDp)>D|RM8!egLXe#F10irls;TywteSuGoz{>M%yl!ty7XP z>Fa|iy|jYtOuh8{GX1pVg5*T~*!g1fSFHu^2SiT$IUT&q!zcZrJ^Ibl^6RS}gj{$1(rWi+i|oCc zuKH--In%l>EHavZE60%M$CCGT#V;n_;ixKzTChH;G4cmP$)Xc?Lryt{x$k{>!2hkn z-N#Eg@2}H1^ylIU@f$+N^Y7`s+&gRHC!44#dJ~lzIv4gtoN2C7lPqOg%2&&!Rvh@M z?KJy}6MvJVOlMzOzu(``<6uj{ZPV&mlKfBmzhv>`8{d2_Q?Q8l@y-C|M5g~4 ChainLength 3 - EnableTestCertificates - ApplePinningAllowTestCertsAppleSMPEncryption MajorTestName @@ -998,7 +996,7 @@ 4 ChainLength 3 - EnableTestCerts + EnableTestCertificates ApplePinningAllowTestCertsiPhoneApplicationSigning @@ -1115,7 +1113,7 @@ 4 ChainLength 3 - EnableTestCerts + EnableTestCertificates ApplePinningAllowTestCertsiPhoneProvisioningProfileSigning @@ -1310,35 +1308,6 @@ EnableTestCertificates AppleServerAuthenticationAllowUATIDS - - MajorTestName - LegacyAPN - MinorTestName - PositiveTest - Policies - - PolicyIdentifier - 1.2.840.113635.100.1.70 - Properties - - SecPolicyName - courier.push.apple.com - - - Leaf - apn_legacy - Intermediates - - EntrustCAL1C - EntrustRootCA - - VerifyDate - 2015-05-11T19:00:00Z - ExpectedResult - 4 - ChainLength - 3 - MajorTestName IPSec @@ -2268,5 +2237,153 @@ EnableTestCertificates AllowAppleTestCertificatesSecureIOStaticAsset + + MajorTestName + FakeDOD + MinorTestName + PolicyMappings + Policies + + PolicyIdentifier + 1.2.840.113635.100.1.3 + Properties + + SecPolicyName + tlstest.com + + + Leaf + FakeDODLeaf + Intermediates + + FakeFederalBridgeCA + FakeDODInteroperability + FakeDODRootCA3 + FakeDODIDSWCA37 + + Anchors + FakeFederalCommonPolicy + ExpectedResult + 4 + VerifyDate + 2016-12-10T04:38:00Z + + + MajorTestName + FakeDOD + MinorTestName + NoRequireExplicitPoliciesConstraint + Policies + + PolicyIdentifier + 1.2.840.113635.100.1.3 + Properties + + SecPolicyName + tlstest.com + + + Leaf + FakeDODLeaf + Intermediates + + FakeFederalBridgeCA + FakeDODInteroperability-noRequireExplicitPolicies + FakeDODRootCA3-noRequireExplicitPolicies + FakeDODIDSWCA37-noRequireExplicitPolicies + + Anchors + FakeFederalCommonPolicy + ExpectedResult + 4 + VerifyDate + 2016-12-10T04:38:00Z + + + MajorTestName + FakeDOD + MinorTestName + ExtraPolicies + Policies + + PolicyIdentifier + 1.2.840.113635.100.1.3 + Properties + + SecPolicyName + tlstest.com + + + Leaf + FakeDODLeaf + Intermediates + + FakeFederalBridgeCA-extraPolicies + FakeDODInteroperability-extraPolicies + FakeDODRootCA3 + FakeDODIDSWCA37 + + Anchors + FakeFederalCommonPolicy + ExpectedResult + 4 + VerifyDate + 2016-12-10T04:38:00Z + + + MajorTestName + DOD + MinorTestName + SHA2 + Policies + + PolicyIdentifier + 1.2.840.113635.100.1.2 + + Leaf + ECARootCA4 + Intermediates + + FederalBridgeCA2013 + DODInteroperabilityRootCA2 + + Anchors + FederalCommonPolicyCA + ExpectedResult + 4 + VerifyDate + 2016-12-10T04:38:00Z + + + MajorTestName + DOD + MinorTestName + SHA1-SMIME + Policies + + PolicyIdentifier + 1.2.840.113635.100.1.8 + Properties + + SecPolicyName + bailey@eclipse.ncsc.mil + + + Leaf + smime_signing + Intermediates + + SHA1FederalRootCA + DODInteroperabilityRootCA1 + DODRootCA2 + DODEMAILCA30 + + Anchors + FederalCommonPolicyCA + ExpectedResult + 4 + VerifyDate + 2016-01-01T21:00:00Z + diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/SHA1FederalRootCA.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/SHA1FederalRootCA.cer new file mode 100644 index 0000000000000000000000000000000000000000..7b78215b3a2690f2d4b71a747ff83a4250926c96 GIT binary patch literal 1222 zcmXqLVmV~c#Jp+&GZP~d6O*{K0WTY;R+~rLcV0$DZdL|^NJDM|PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kofEy&kEzIH;;O%LsXdn;bG7C$%rKY47CFUqN z=jZ0;=P3l_=VT^VDmXhD$cghB8XFoJ7#o@!n;Tk00lDS|rUpiaX2xbl7EuOaWLhm} zAOo>lG}yyY*H8iGfS~;R5|F)3j7rG9WMpMvZerwT0E%-lH8C<$~*^>?xQ82vC5-PK_EIW3`L-S!uK|FXU&1g9A5Ju`MVsi=HEYooDWq2I?p zMNigEoT+tCb5?K3|BXhLOhuftQ%|r9uHR&_^;qBE4H5@m3C`6_>DMr@cLBK%UyZKi~*;w z>|gG9#C~?gAI2FIKfloFP|8p`KgCNVqSATlD~DMVTB`1*3o}ghG?=ofRdd4fjJZ~vaQF67pNgi(&UYi4We)$#%WwR|y*V{xfOgzk@C_FI~ zo;V6m0);0DG>}7^jggg=osp5n*}&1j9>zCdYBSC#DJihh*9TF0X$9Gtdg=LP`f14p z$%*>OiO#7-CB>e_#igk!A^BiIy#n)OgHV_OjNB}q2JQx~Funn6n16hzZJ{B<+k+xYeN&kx{UwznB?{%z0Z+_l_ zbwbEV7nnhTNtcmf@6P75xzdTBpFZG>G`_Js*f`M& zK{NISunRbEDM@pTD(ADD?Jp_Ik~wXP&HDMzZ1^<-x zeQEu!-XHm#q2~(3v|5W7>dY7IoSmR|;mn%A>B1Z(;sN5Nr>~sZS}Xb~rmgy_Z?F2g z_}4Ce{xiO@%B{`!2?@FVU-xuY24CEhP1*aGxmbmqSbc8Yp|X2>!ZtVGtg4@O?t>k7 a)vu@!%Wt=Z>vWno-Cj2*=E%h}PqhJU|EJCX literal 0 HcmV?d00001 diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/apn_legacy.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/apn_legacy.cer deleted file mode 100644 index b223c4b11c1af078015aefaa8ccd34467074eeab..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1319 zcmXqLVpTS1V&PuE%*4pV#NwlP-^75IjZ>@5qwPB{BO@y-gF)j)Lv903Hs(+kHesgF zU_&tj5fFzJSuFtAiWHCxX>2c&>mSQRR+ z;G9}il9`s7oLG{XpQqqhT9T1plvz@#psV0x=xiV-&TD95U}$7$U}$P$Y#s&Vnt{1M z($F%>AP3b;!UlpM<2i)6oD*|0)AEb*G7}Aj3 zmbM3qTr$6T{6W(3;sm{Ti~1u{5ihv6UZ~vq{Fai)$Avo{XlSgAa5l{4igz{Q-!@md za^j*5ORDm}e37VD`sX(7xz+y7tGzWh@-4VhVs^+}!n^apoFgHx%@eo9HdsS0~IYEDYzs0;r3*PB)(cCh#@W_Pt^>W{x!UiWb+aW~_ySW` z%FG{y0&EXYI711$rM1!@aa+LSU%N(!v>^^=QoP?BIyYFTQIVX_`j+#m&J03#zygh7~r zGK_D)*d`9upPyV@fNX$)K3ow~n=({UVrC+;8hs-J6AN9iEvZEYULdC_us9ny8kj;d z)VEr8Zzcl`12vdYOpIbuP@}M983PVBw)93GV74?+1eqnsB4r@age#57gOn(V}RqFg7qgO|gW?BlmO+N_E z;IhIjOa=_dNfns?fk~B-fhlNT+0ORdfKOcZuX8Rvi23&a#e+G;9II7#+!0XJ`!d(# z$=~A~P4)_F8bm5m9$!*BV&Cr{dq@11d5FWK=-DMMf7sNYefG7!E@)y_dh+MZikOTO zvmdQ8j-Hs`Y`!?R2mdqfljIEpMW?2=Ypp1G<(NV?<1kLCJn zzyDsQ!~Fa}ZkiYSi71CnC8uAsu&ysFWR0EI;>k84_4W6f*BY{txg4zfI2F74(@&Sw z&GM4633!=OZ`?X#ZXWYTrGW2C4xL*qyu<01dsgS)YuXP}w)@T0UA5ZsaNU&oamjP$ eoDAHp%9D0w2A|H-v-i1Hg-U-}9aJlES`Yx~`n>o6 diff --git a/OSX/shared_regressions/si-20-sectrust-policies-data/smime_signing.cer b/OSX/shared_regressions/si-20-sectrust-policies-data/smime_signing.cer new file mode 100644 index 0000000000000000000000000000000000000000..1205f63decdc46006429d404bacd2fa912225827 GIT binary patch literal 1286 zcmXqLVr4RDVt%!NnTe5!i8)Z?kpV9or&gOs+jm|@Mpjk^gIGgu15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJA1V3-I=Y>0%boaP@Wc z^ignj)HOCRkQ3)MG%+wV1TsM&3dl7Fa*d3PO)X6=qYSF4VLifW{=qJW8U|`0hcXMx zJ2?h>`nc*j0iEL-spsnB8651Y2Xu~snYodvg_%JUqY`p(FtRc*H!<=v0L8hOniv@w zE-iTF@ZkT_LoZ+0NBhdU2KXj({&)TFBHF%SaloU*wQI~v&KrnvZ<%^ibIJd|>((y* z{L7ck@c;2SpI+^r$S?TJS|Cp)u_4SRvo-F3v$scz^fg$kR5AW$xGi0wT1u08P zH)$7fjNF{a9AN`lkRm=7F&2?C z7s}s=A2isvFQAJ&c`jzT;SIqydqp10j)(N`u z>StRN+HXEQkTmB}T9DbkH;<-sb(~WZF}nD!Il8-D;`t@+qlqtW{@Hz9SxGlQ#${c> zeDfHEot+1-FMp!BMsQ{jcfZ#oLjP0CAO70x_pc5uG0#oWhiI>+uvUr1aVD6{{&bKAz;IV+FMUOVs0 z3dbpmGKY9?`p;55v6g+go4~RSVoWUSi$pw{uIw;$U_8%R8(NaR@|9Nc)tQQIe`gf) h-LGO>r5&lgd#&hU#!ro&F=8*DKRV-_fullTestName, (unsigned long)idx)); cert = SecCertificateCreateWithData(NULL, (CFDataRef)[NSData dataWithContentsOfFile:path]); require_action_quiet(cert, blockOut, fail("%@: failed to create certificate %ld from path %@", - _fullTestName, (unsigned long) idx, path)); + self->_fullTestName, (unsigned long) idx, path)); [outArray addObject:(__bridge id)cert]; CFReleaseNull(cert); @@ -234,14 +234,14 @@ errOut: [(NSArray *)policiesObj enumerateObjectsUsingBlock:^(NSDictionary *policyDict, NSUInteger idx, BOOL *stop) { NSString *policyIdentifier = [(NSDictionary *)policyDict objectForKey:kSecTrustTestPolicyOID]; NSDictionary *policyProperties = [(NSDictionary *)policyDict objectForKey:kSecTrustTestPolicyProperties]; - require_action_quiet(policyIdentifier, blockOut, fail("%@: failed to get policy OID", _fullTestName)); + require_action_quiet(policyIdentifier, blockOut, fail("%@: failed to get policy OID", self->_fullTestName)); policy = SecPolicyCreateWithProperties((__bridge CFStringRef)policyIdentifier, (__bridge CFDictionaryRef)policyProperties); require_action_quiet(policy, blockOut, fail("%@: failed to create properties for policy OID %@", - _fullTestName, policyIdentifier)); - [_policies addObject:(__bridge id)policy]; + self->_fullTestName, policyIdentifier)); + [self->_policies addObject:(__bridge id)policy]; CFReleaseNull(policy); return; diff --git a/OSX/shared_regressions/si-44-seckey-gen.m b/OSX/shared_regressions/si-44-seckey-gen.m index fa9f9664..27272263 100644 --- a/OSX/shared_regressions/si-44-seckey-gen.m +++ b/OSX/shared_regressions/si-44-seckey-gen.m @@ -43,7 +43,10 @@ static void create_random_key_worker(id keyType, int keySize, bool permPub, bool }; id privateKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)params, (void *)&error)); - ok(privateKey != nil, "successfully generated keys"); + ok(privateKey != nil, "generating key (type:%@, size:%d, permPub:%d, permPriv:%d) : %@", keyType, keySize, (int)permPub, (int)permPriv, error); + + id publicKey = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)privateKey)); + ok(publicKey != nil, "got public key from generated private key"); params = @{ (id)kSecClass: (id)kSecClassKey, @@ -63,6 +66,12 @@ static void create_random_key_worker(id keyType, int keySize, bool permPub, bool (id)kSecClass: (id)kSecClassKey, (id)kSecAttrKeyType: keyType, (id)kSecAttrKeySizeInBits: @(keySize), +#if TARGET_OS_OSX + // Despite headerdoc and other docs, SecItemDelete on macOS deletes only first found item, we need to persuade + // it to delete everything passing the query. On the other hand, iOS implementation errs out when + // kSecMatchLimit is given, so we need to add it only for macOS. + (id)kSecMatchLimit: (id)kSecMatchLimitAll, +#endif (id)kSecAttrLabel: @"si-44-seckey-gen:0", }; ok_status(SecItemDelete((CFDictionaryRef)params), "clear generated pair from keychain"); @@ -79,7 +88,7 @@ static void test_create_random_key() { create_random_key_worker((id)kSecAttrKeyTypeECSECPrimeRandom, 256, false, true); create_random_key_worker((id)kSecAttrKeyTypeECSECPrimeRandom, 256, true, true); } -static const int TestCountCreateRandomKey = (3 * 4 + 1 * 3) * 2; +static const int TestCountCreateRandomKey = (4 * 4 + 1 * 3) * 2; static const int TestCount = TestCountCreateRandomKey; diff --git a/OSX/shared_regressions/si-44-seckey-rsa.m b/OSX/shared_regressions/si-44-seckey-rsa.m index d38b4c75..b41a37e0 100644 --- a/OSX/shared_regressions/si-44-seckey-rsa.m +++ b/OSX/shared_regressions/si-44-seckey-rsa.m @@ -24,6 +24,9 @@ #import +#import +#import + #include "shared_regressions.h" static NSData *decryptAndUnpad(SecKeyRef privateKey, SecKeyAlgorithm algorithm, NSData *ciphertext, NSError **error) { @@ -177,9 +180,59 @@ static void test_bad_input_size() { } static const int TestCountBadInputSize = TestCountBadInputSizeStep * 8; +static void test_bad_signature() { + NSDictionary *params = @{ (id)kSecAttrKeyType: (id)kSecAttrKeyTypeRSA, (id)kSecAttrKeySizeInBits: @2048 }; + NSError *error; + id privateKey = CFBridgingRelease(SecKeyCreateRandomKey((CFDictionaryRef)params, (void *)&error)); + ok(privateKey, "Generate RSA-2048 temporary key, err %@", error); + id publicKey = CFBridgingRelease(SecKeyCopyPublicKey((SecKeyRef)privateKey)); + ok(publicKey, "Get public key from private key"); + +#if TARGET_OS_IPHONE + SecKeyAlgorithm algorithm = kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1; +#else + SecKeyAlgorithm algorithm = kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1; +#endif + + char digest[20] = "digest"; + NSData *digestData = [NSData dataWithBytes:digest length:sizeof(digest)]; + NSData *signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privateKey, algorithm, (CFDataRef)digestData, (void *)&error)); + ok(signature, "Sign digest, err %@", error); + + bool result = SecKeyVerifySignature((SecKeyRef)publicKey, algorithm, (CFDataRef)digestData, (CFDataRef)signature, (void *)&error); + ok(result, "Verify signature, err %@", error); + + OSStatus status = SecKeyRawVerify((SecKeyRef)publicKey, kSecPaddingPKCS1SHA1, (const uint8_t *)digest, sizeof(digest), signature.bytes, signature.length); + ok_status(status, "Raw verify correct signature"); + + status = SecKeyRawVerify((SecKeyRef)publicKey, kSecPaddingPKCS1SHA1, (const uint8_t *)digest, sizeof(digest), (void * _Nonnull)NULL, 0); + is_status(status, errSSLCrypto, "NULL signature failure"); + + const SecAsn1AlgId algId = { .algorithm = CSSMOID_SHA1WithRSA }; + signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privateKey, kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1, (CFDataRef)digestData, (void *)&error)); + ok(signature, "Sign message, err %@", error); + + status = SecKeyDigestAndVerify((__bridge SecKeyRef)publicKey, &algId, (const uint8_t *)digest, sizeof(digest), signature.bytes, signature.length); + ok_status(status, "Raw verify correct signature"); + + status = SecKeyDigestAndVerify((__bridge SecKeyRef)publicKey, &algId, (const uint8_t *)digest, sizeof(digest), (void * _Nonnull)NULL, 0); + is_status(status, errSSLCrypto, "NULL signature failure"); + + signature = CFBridgingRelease(SecKeyCreateSignature((SecKeyRef)privateKey, kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1, (CFDataRef)digestData, (void *)&error)); + ok(signature, "Sign message, err %@", error); + + status = SecKeyVerifyDigest((__bridge SecKeyRef)publicKey, &algId, (const uint8_t *)digest, sizeof(digest), signature.bytes, signature.length); + ok_status(status, "Raw verify correct signature"); + + status = SecKeyVerifyDigest((__bridge SecKeyRef)publicKey, &algId, (const uint8_t *)digest, sizeof(digest), (void * _Nonnull)NULL, 0); + is_status(status, errSSLCrypto, "NULL signature failure"); +} +static const int TestCountBadSignature = 12; + static const int TestCount = TestCountEncryption + -TestCountBadInputSize; +TestCountBadInputSize + +TestCountBadSignature; int si_44_seckey_rsa(int argc, char *const *argv) { plan_tests(TestCount); @@ -187,6 +240,7 @@ int si_44_seckey_rsa(int argc, char *const *argv) { @autoreleasepool { test_encryption(); test_bad_input_size(); + test_bad_signature(); } return 0; diff --git a/OSX/utilities/config/lib.xcconfig b/OSX/utilities/config/lib.xcconfig deleted file mode 100644 index 5ca24735..00000000 --- a/OSX/utilities/config/lib.xcconfig +++ /dev/null @@ -1,8 +0,0 @@ -COPY_PHASE_STRIP = NO -SKIP_INSTALL = YES - -WARNING_CFLAGS = -Wno-deprecated-declarations $(inherited) -GCC_PREPROCESSOR_DEFINITIONS = $(inherited) OSSPINLOCK_USE_INLINED=0 - - -HEADER_SEARCH_PATHS = $(SDKROOT)/System/Library/Frameworks/System.framework/PrivateHeaders $(inherited) diff --git a/OSX/utilities/src/NSURL+SOSPlistStore.h b/OSX/utilities/src/NSURL+SOSPlistStore.h new file mode 100644 index 00000000..b7dafaba --- /dev/null +++ b/OSX/utilities/src/NSURL+SOSPlistStore.h @@ -0,0 +1,10 @@ +// +// NSURL+SOSPlistStore.h +// + +#import + +@interface NSURL (SOSPlistStore) +- (id) readPlist; +- (BOOL) writePlist: (id) plist; +@end diff --git a/OSX/utilities/src/NSURL+SOSPlistStore.m b/OSX/utilities/src/NSURL+SOSPlistStore.m new file mode 100644 index 00000000..3f490de0 --- /dev/null +++ b/OSX/utilities/src/NSURL+SOSPlistStore.m @@ -0,0 +1,70 @@ +// +// NSURL+SOSPlistWriting.h +// + +#import +#import +#import +#import +#import +#import +#import +#import +#import + +#if ! __has_feature(objc_arc) +#error This file must be compiled with ARC. Either turn on ARC for the project or use -fobjc-arc flag +#endif + +// may want to have this hold incoming events in file as well + +@implementation NSURL (SOSPlistWriting) + +- (BOOL)writePlist: (id) plist +{ + NSError *error = nil; + if (![NSPropertyListSerialization propertyList: plist isValidForFormat: NSPropertyListXMLFormat_v1_0]) + { + secerror("can't save PersistentState as XML"); + return false; + } + + NSData *data = [NSPropertyListSerialization dataWithPropertyList: plist + format: NSPropertyListXMLFormat_v1_0 options: 0 error: &error]; + if (data == nil) + { + secerror("error serializing PersistentState to xml: %@", error); + return false; + } + + BOOL writeStatus = [data writeToURL:self options: NSDataWritingAtomic error: &error]; + if (!writeStatus) + secerror("error writing PersistentState to file: %@", error); + + return writeStatus; +} + +- (id) readPlist +{ + NSError *error = nil; + NSData *data = [NSData dataWithContentsOfURL: self options: 0 error: &error]; + if (data == nil) + { + secdebug("keyregister", "error reading PersistentState from %@: %@", self, error); + return nil; + } + + // Now the deserializing: + + NSPropertyListFormat format; + id plist = [NSPropertyListSerialization propertyListWithData: data + options: NSPropertyListMutableContainersAndLeaves format: &format error: &error]; + + if (plist == nil) + secerror("could not deserialize PersistentState from %@: %@", self, error); + + return plist; +} + +@end + diff --git a/OSX/utilities/src/SecADWrapper.c b/OSX/utilities/src/SecADWrapper.c new file mode 100644 index 00000000..4b3e1d3e --- /dev/null +++ b/OSX/utilities/src/SecADWrapper.c @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +#include "SecADWrapper.h" + +#if TARGET_OS_EMBEDDED +#include + +static typeof(ADClientAddValueForScalarKey) *soft_ADClientAddValueForScalarKey = NULL; +static typeof(ADClientClearScalarKey) *soft_ADClientClearScalarKey = NULL; +static typeof(ADClientSetValueForScalarKey) *soft_ADClientSetValueForScalarKey = NULL; +static typeof(ADClientPushValueForDistributionKey) *soft_ADClientPushValueForDistributionKey = NULL; + +static bool +setup(void) +{ + static dispatch_once_t onceToken; + static CFBundleRef bundle = NULL; + dispatch_once(&onceToken, ^{ + + CFURLRef url = CFURLCreateWithFileSystemPath(kCFAllocatorDefault, CFSTR("/System/Library/PrivateFrameworks/AggregateDictionary.framework"), kCFURLPOSIXPathStyle, true); + if (url == NULL) + return; + + bundle = CFBundleCreate(kCFAllocatorDefault, url); + CFRelease(url); + if (bundle == NULL) + return; + + soft_ADClientClearScalarKey = CFBundleGetFunctionPointerForName(bundle, CFSTR("ADClientClearScalarKey")); + soft_ADClientSetValueForScalarKey = CFBundleGetFunctionPointerForName(bundle, CFSTR("ADClientSetValueForScalarKey")); + soft_ADClientAddValueForScalarKey = CFBundleGetFunctionPointerForName(bundle, CFSTR("ADClientAddValueForScalarKey")); + soft_ADClientPushValueForDistributionKey = CFBundleGetFunctionPointerForName(bundle, CFSTR("ADClientPushValueForDistributionKey")); + + if (soft_ADClientClearScalarKey == NULL || + soft_ADClientSetValueForScalarKey == NULL || + soft_ADClientAddValueForScalarKey == NULL || + soft_ADClientPushValueForDistributionKey == NULL) + { + CFRelease(bundle); + bundle = NULL; + } + }); + return bundle != NULL; +} + +void +SecADClearScalarKey(CFStringRef key) +{ + if (setup()) + soft_ADClientClearScalarKey(key); +} + +void +SecADSetValueForScalarKey(CFStringRef key, int64_t value) +{ + if (setup()) + soft_ADClientSetValueForScalarKey(key, value); + +} +void +SecADAddValueForScalarKey(CFStringRef key, int64_t value) +{ + if (setup()) + soft_ADClientAddValueForScalarKey(key, value); +} + +void +SecADClientPushValueForDistributionKey(CFStringRef key, int64_t value) +{ + if (setup()) + soft_ADClientPushValueForDistributionKey(key, value); +} + +#endif diff --git a/SecurityTests/clxutils/rootStoreTool/parseTrustedRootList.h b/OSX/utilities/src/SecADWrapper.h similarity index 66% rename from SecurityTests/clxutils/rootStoreTool/parseTrustedRootList.h rename to OSX/utilities/src/SecADWrapper.h index fd7c1dec..3a7fbe07 100644 --- a/SecurityTests/clxutils/rootStoreTool/parseTrustedRootList.h +++ b/OSX/utilities/src/SecADWrapper.h @@ -1,15 +1,15 @@ /* - * Copyright (c) 2005-2006 Apple Computer, Inc. All Rights Reserved. - * + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + * * @APPLE_LICENSE_HEADER_START@ - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -17,30 +17,21 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_LICENSE_HEADER_END@ */ -/* - * parseTrustedRootList.h - parse the contents of a TrustedRootList record. - */ - -#ifndef _PARSE_TRUSTED_ROOT_LIST_H_ -#define _PARSE_TRUSTED_ROOT_LIST_H_ +#ifndef SecADWrapper_h +#define SecADWrapper_h +#include #include -#ifdef __cplusplus -extern "C" { +#if TARGET_OS_EMBEDDED +extern void SecADClearScalarKey(CFStringRef key); +extern void SecADSetValueForScalarKey(CFStringRef key, int64_t value); +extern void SecADAddValueForScalarKey(CFStringRef key, int64_t value); +extern void SecADClientPushValueForDistributionKey(CFStringRef key, int64_t value); #endif -/* Parse XML encoding of a TrustSettings external representation */ -extern int parseTrustedRootList( - CFDataRef plistData); - -#ifdef __cplusplus -} -#endif - -#endif /* _PARSE_TRUSTED_ROOT_LIST_H_ */ - +#endif /* SecADWrapper_h */ diff --git a/OSX/utilities/src/SecAKSWrappers.h b/OSX/utilities/src/SecAKSWrappers.h index 9b485c04..e2c8e371 100644 --- a/OSX/utilities/src/SecAKSWrappers.h +++ b/OSX/utilities/src/SecAKSWrappers.h @@ -32,14 +32,20 @@ #include -#if TARGET_OS_SIMULATOR +#if RC_HORIZON #define TARGET_HAS_KEYSTORE 0 -#elif TARGET_OS_MAC && !(TARGET_CPU_X86) +#elif TARGET_OS_SIMULATOR +#define TARGET_HAS_KEYSTORE 0 +#elif TARGET_OS_OSX +#if TARGET_CPU_X86 +#define TARGET_HAS_KEYSTORE 0 +#else #define TARGET_HAS_KEYSTORE 1 +#endif #elif TARGET_OS_EMBEDDED #define TARGET_HAS_KEYSTORE 1 -#else /* no keystore on this platform */ -#define TARGET_HAS_KEYSTORE 0 +#else +#error "unknown keystore status for this platform" #endif #if !TARGET_HAS_KEYSTORE diff --git a/OSX/utilities/src/SecCFError.h b/OSX/utilities/src/SecCFError.h index baf307e7..419c34a2 100644 --- a/OSX/utilities/src/SecCFError.h +++ b/OSX/utilities/src/SecCFError.h @@ -26,6 +26,7 @@ #define _SECCFERROR_H_ #include +#include // // Leaf error creation from other systems @@ -112,6 +113,69 @@ static inline bool asSetOptional(CFTypeRef cfType, CFSetRef *set, CFErrorRef *er // MARK: Required value type casting // +// +// MARK: Required value type casting +// + +static inline CFArrayRef copyIfArray(CFTypeRef cfType, CFErrorRef *error) { + if (cfType && CFGetTypeID(cfType) == CFArrayGetTypeID()) + return (CFArrayRef)CFRetainSafe(cfType); + SecError(-50, error, CFSTR("object %@ is not an array"), cfType); + return NULL; +} + +static inline CFBooleanRef copyIfBoolean(CFTypeRef cfType, CFErrorRef *error) { + if (cfType && CFGetTypeID(cfType) == CFBooleanGetTypeID()) + return (CFBooleanRef)CFRetainSafe(cfType); + SecError(-50, error, CFSTR("object %@ is not an boolean"), cfType); + return NULL; +} + +static inline CFDataRef copyIfData(CFTypeRef cfType, CFErrorRef *error) { + if (cfType && CFGetTypeID(cfType) == CFDataGetTypeID()) + return (CFDataRef)CFRetainSafe(cfType); + SecError(-50, error, CFSTR("object %@ is not a data"), cfType); + return NULL; +} + +static inline CFDateRef copyIfDate(CFTypeRef cfType, CFErrorRef *error) { + if (cfType && CFGetTypeID(cfType) == CFDateGetTypeID()) + return (CFDateRef)CFRetainSafe(cfType); + SecError(-50, error, CFSTR("object %@ is not a date"), cfType); + return NULL; +} + +static inline CFDictionaryRef copyIfDictionary(CFTypeRef cfType, CFErrorRef *error) { + if (cfType && CFGetTypeID(cfType) == CFDictionaryGetTypeID()) + return (CFDictionaryRef)CFRetainSafe(cfType); + SecError(-50, error, CFSTR("object %@ is not a dictionary"), cfType); + return NULL; +} + +static inline CFSetRef copyIfSet(CFTypeRef cfType, CFErrorRef *error) { + if (cfType && CFGetTypeID(cfType) == CFSetGetTypeID()) + return (CFSetRef)CFRetainSafe(cfType); + SecError(-50, error, CFSTR("object %@ is not a set"), cfType); + return NULL; +} + +static inline CFStringRef copyIfString(CFTypeRef cfType, CFErrorRef *error) { + if (cfType && CFGetTypeID(cfType) == CFStringGetTypeID()) + return (CFStringRef)CFRetainSafe(cfType); + SecError(-50, error, CFSTR("object %@ is not a string"), cfType); + return NULL; +} + +static inline CFUUIDRef copyIfUUID(CFTypeRef cfType, CFErrorRef *error) { + if (cfType && CFGetTypeID(cfType) == CFUUIDGetTypeID()) + return (CFUUIDRef)CFRetainSafe(cfType); + SecError(-50, error, CFSTR("object %@ is not a UUID"), cfType); + return NULL; +} + +// +// MARK: Analyzer confusing asXxx casting +// static inline CFArrayRef asArray(CFTypeRef cfType, CFErrorRef *error) { if (cfType && CFGetTypeID(cfType) == CFArrayGetTypeID()) return (CFArrayRef)cfType; @@ -161,4 +225,11 @@ static inline CFStringRef asString(CFTypeRef cfType, CFErrorRef *error) { return NULL; } +static inline CFUUIDRef asUUID(CFTypeRef cfType, CFErrorRef *error) { + if (cfType && CFGetTypeID(cfType) == CFUUIDGetTypeID()) + return (CFUUIDRef)cfType; + SecError(-50, error, CFSTR("object %@ is not a UUID"), cfType); + return NULL; +} + #endif /* _SECCFERROR_H_ */ diff --git a/OSX/utilities/src/SecCFRelease.h b/OSX/utilities/src/SecCFRelease.h index 8a07dd35..f0b91828 100644 --- a/OSX/utilities/src/SecCFRelease.h +++ b/OSX/utilities/src/SecCFRelease.h @@ -30,6 +30,25 @@ // Retains its argument unless it's NULL. Always returns its argument. #define CFRetainSafe(CF) ({ __typeof__(CF) _cf = (CF); _cf ? (CFRetain(_cf), _cf) : _cf; }) +// Releases CF unless it's NULL. Always returns NULL, for your convenience and constructs like: +// return CFReleaseSafe(foo); +#define CFReleaseSafe(CF) ({ __typeof__(CF) _cf = (CF); (_cf ? (CFRelease(_cf), ((__typeof__(CF))0)) : _cf); }) + + +#if 0 +// Objective-C defines & to be a constant reference, which we can't assign to, so we +// suffer multiple evaluations of arguments (avoid using it with side-effects) to make things compile well + +#define CFTransferRetained(VAR1, VAR2) ({ CFReleaseSafe(VAR1); VAR1 = VAR2; VAR2 = ((__typeof__(VAR2))0)); }) + +#define CFAssignRetained(VAR, CF) ({ CFReleaseSafe(VAR); VAR1 = CF; CF = ((__typeof__(CF))0)); }) + +#define CFRetainAssign(VAR,CF) ({ CFReleaseSafe(VAR); VAR = CFRetainSafe(CF); }) + +#define CFReleaseNull(CF) ({ CFReleaseSafe(CF); CF = ((__typeof__(CF))0)); }) + +#else + // Assume VAR1 is NULL or an already retained object and CFReleaseSafe VAR1 and assigns VAR2 to VAR1. Returns VAR2. #define CFTransferRetained(VAR1, VAR2) ({ \ __typeof__(VAR1) *const _pvar1 = &(VAR1); \ @@ -39,6 +58,7 @@ (*_pvar1) = *_pvar1 ? (CFRelease(*_pvar1), _var2) : _var2; \ }) + // Assume CF is NULL or an already retained object and CFReleaseSafe VAR and assigns CF to VAR. Returns CF. #define CFAssignRetained(VAR,CF) ({ \ __typeof__(VAR) *const _pvar = &(VAR); \ @@ -55,12 +75,10 @@ : (CFRelease(*_pvar), ((__typeof__(_cf))0))))); \ }) -// Releases CF unless it's NULL. Always returns NULL, for your convenience and constructs like: -// return CFReleaseSafe(foo); -#define CFReleaseSafe(CF) ({ __typeof__(CF) _cf = (CF); (_cf ? (CFRelease(_cf), ((__typeof__(CF))0)) : _cf); }) // Assigns NULL to CF. Releases the value stored at CF unless it was NULL. Always returns NULL, for your convenience #define CFReleaseNull(CF) ({ __typeof__(CF) *const _pcf = &(CF), _cf = *_pcf; (_cf ? (*_pcf) = ((__typeof__(CF))0), (CFRelease(_cf), ((__typeof__(CF))0)) : _cf); }) +#endif #endif /* _SECCFRELEASE_H_ */ diff --git a/OSX/utilities/src/SecCFWrappers.c b/OSX/utilities/src/SecCFWrappers.c index 5510ccd3..d259a8d2 100644 --- a/OSX/utilities/src/SecCFWrappers.c +++ b/OSX/utilities/src/SecCFWrappers.c @@ -261,7 +261,6 @@ CFDataRef CFDataCreateWithInitializer(CFAllocatorRef allocator, CFIndex size, bo if(!size) return NULL; if((result = CFDataCreateMutableWithScratch(allocator, size)) == NULL) return NULL; if (!operation(size, CFDataGetMutableBytePtr(result))) CFReleaseNull(result); -errOut: return result; } diff --git a/OSX/utilities/src/SecCFWrappers.h b/OSX/utilities/src/SecCFWrappers.h index e6c4378f..19f93a0b 100644 --- a/OSX/utilities/src/SecCFWrappers.h +++ b/OSX/utilities/src/SecCFWrappers.h @@ -30,6 +30,9 @@ #include #include +#include + +#include #include #include @@ -286,6 +289,19 @@ bool CFErrorPropagate(CFErrorRef possibleError CF_CONSUMED, CFErrorRef *error) { return true; } +static inline bool CFErrorIsMalfunctioningKeybagError(CFErrorRef error){ + switch(CFErrorGetCode(error)) + { + case(kIOReturnError): + case(kIOReturnBusy): + case(kIOReturnNotPermitted): + break; + default: + return false; + } + return CFEqualSafe(CFErrorGetDomain(error), kSecKernDomain); +} + // // MARK: CFNumber Helpers // @@ -638,6 +654,35 @@ static inline CFMutableArrayRef CFArrayCreateMutableForCFTypesWithCapacity(CFAll return CFArrayCreateMutable(allocator, capacity, &kCFTypeArrayCallBacks); } +static inline CFMutableArrayRef SECWRAPPER_SENTINEL CFArrayCreateMutableForCFTypesWith(CFAllocatorRef allocator, ...) +{ + + va_list args; + va_start(args, allocator); + CFIndex capacity = 0; + void* object = va_arg(args, void*); + + while (object != NULL) { + object = va_arg(args, void*); + capacity++; + }; + + va_end(args); + + CFMutableArrayRef result = CFArrayCreateMutableForCFTypesWithCapacity(allocator, capacity); + + va_start(args, allocator); + object = va_arg(args, void*); + + while (object != NULL) { + CFArrayAppendValue(result, object); + object = va_arg(args, void*); + }; + + va_end(args); + return result; +} + static inline CFMutableArrayRef CFArrayCreateMutableForCFTypes(CFAllocatorRef allocator) { @@ -648,8 +693,9 @@ static inline CFArrayRef SECWRAPPER_SENTINEL CFArrayCreateForCFTypes(CFAllocator { va_list args; va_start(args, allocator); - - return CFArrayCreateForVC(allocator, &kCFTypeArrayCallBacks, args); + CFArrayRef allocatedArray = CFArrayCreateForVC(allocator, &kCFTypeArrayCallBacks, args); + va_end(args); + return allocatedArray; } @@ -657,8 +703,9 @@ static inline CFArrayRef CFArrayCreateCountedForCFTypes(CFAllocatorRef allocator { va_list args; va_start(args, entries); - - return CFArrayCreateCountedForVC(allocator, &kCFTypeArrayCallBacks, entries, args); + CFArrayRef allocatedArray = CFArrayCreateCountedForVC(allocator, &kCFTypeArrayCallBacks, entries, args); + va_end(args); + return allocatedArray; } static inline CFArrayRef CFArrayCreateCountedForCFTypesV(CFAllocatorRef allocator, CFIndex entries, va_list args) @@ -670,6 +717,12 @@ static inline CFArrayRef CFArrayCreateCountedForCFTypesV(CFAllocatorRef allocato // MARK: CFDictionary of CFTypes helpers // +static void CFDictionarySetIfNonNull(CFMutableDictionaryRef dictionary, const void *key, const void *value) { + if (value) { + CFDictionarySetValue(dictionary, key, value); + } +} + static inline CFDictionaryRef CFDictionaryCreateCountedForCFTypesV(CFAllocatorRef allocator, CFIndex entries, va_list args) { const void *keys[entries]; @@ -700,19 +753,21 @@ static inline CFDictionaryRef SECWRAPPER_SENTINEL CFDictionaryCreateForCFTypes(C } entries /= 2; - + va_end(args); va_start(args, allocator); - - return CFDictionaryCreateCountedForCFTypesV(allocator, entries, args); - + CFDictionaryRef allocatedDictionary = CFDictionaryCreateCountedForCFTypesV(allocator, entries, args); + va_end(args); + return allocatedDictionary; } static inline CFDictionaryRef CFDictionaryCreateCountedForCFTypes(CFAllocatorRef allocator, CFIndex entries, ...) { va_list args; va_start(args, entries); + CFDictionaryRef allocatedDictionary = CFDictionaryCreateCountedForCFTypesV(allocator, entries, args); + va_end(args); - return CFDictionaryCreateCountedForCFTypesV(allocator, entries, args); + return allocatedDictionary; } static inline CFMutableDictionaryRef CFDictionaryCreateMutableForCFTypes(CFAllocatorRef allocator) @@ -733,7 +788,24 @@ static inline CFMutableDictionaryRef SECWRAPPER_SENTINEL CFDictionaryCreateMutab CFDictionarySetValue(result, key, va_arg(args, void*)); key = va_arg(args, void*); }; + va_end(args); + return result; +} + +static inline CFMutableDictionaryRef SECWRAPPER_SENTINEL CFDictionaryCreateMutableForCFTypesWithSafe(CFAllocatorRef allocator, ...) +{ + CFMutableDictionaryRef result = CFDictionaryCreateMutableForCFTypes(allocator); + + va_list args; + va_start(args, allocator); + void* key = va_arg(args, void*); + + while (key != NULL) { + CFDictionarySetIfNonNull(result, key, va_arg(args, void*)); + key = va_arg(args, void*); + }; + va_end(args); return result; } diff --git a/OSX/utilities/src/SecDb.c b/OSX/utilities/src/SecDb.c index be8b4fff..4224a4e9 100644 --- a/OSX/utilities/src/SecDb.c +++ b/OSX/utilities/src/SecDb.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved. + * Copyright (c) 2012-2016 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * @@ -91,6 +91,10 @@ struct __OpaqueSecDb { bool (^opened)(SecDbConnectionRef dbconn, bool didCreate, bool *callMeAgainForNextConnection, CFErrorRef *error); bool callOpenedHandlerForNextConnection; CFMutableArrayRef notifyPhase; /* array of SecDBNotifyBlock */ + mode_t mode; /* database file permissions, default 0600 */ + bool readWrite; /* open database read-write, default true */ + bool allowRepair; /* allow database repair, default true */ + bool useWAL; /* use WAL mode, default true */ }; // MARK: Error domains and error helper functions @@ -187,8 +191,8 @@ SecDbDestroy(CFTypeRef value) CFGiblisFor(SecDb) SecDbRef -SecDbCreate(CFStringRef dbName, - bool (^opened)(SecDbConnectionRef dbconn, bool didCreate, bool *callMeAgainForNextConnection, CFErrorRef *error)) +SecDbCreateWithOptions(CFStringRef dbName, mode_t mode, bool readWrite, bool allowRepair, bool useWAL, + bool (^opened)(SecDbConnectionRef dbconn, bool didCreate, bool *callMeAgainForNextConnection, CFErrorRef *error)) { SecDbRef db = NULL; @@ -215,11 +219,22 @@ SecDbCreate(CFStringRef dbName, } else { db->db_path = CFStringCreateCopy(kCFAllocatorDefault, dbName); } + db->mode = mode; + db->readWrite = readWrite; + db->allowRepair = allowRepair; + db->useWAL = useWAL; done: return db; } +SecDbRef +SecDbCreate(CFStringRef dbName, + bool (^opened)(SecDbConnectionRef dbconn, bool didCreate, bool *callMeAgainForNextConnection, CFErrorRef *error)) +{ + return SecDbCreateWithOptions(dbName, 0600, true, true, true, opened); +} + CFIndex SecDbIdleConnectionCount(SecDbRef db) { __block CFIndex count = 0; @@ -258,6 +273,9 @@ static void SecDbOnNotify(SecDbConnectionRef dbconn, void (^perform)()) { } CFStringRef SecDbGetPath(SecDbRef db) { + if(!db) { + return NULL; + } return db->db_path; } @@ -332,7 +350,7 @@ void SecDbCorrupt(SecDbConnectionRef dbconn, CFErrorRef error) char buffer[1000] = "?"; uint32_t errorCode = 0; CFStringGetCString(str, buffer, sizeof(buffer), kCFStringEncodingUTF8); - os_log_fault(logObjForScope("SecEmergency"), "%s", buffer); + os_log_fault(secLogObjForScope("SecEmergency"), "%s", buffer); if (error) errorCode = (uint32_t)CFErrorGetCode(error); __security_simulatecrash(str, __sec_exception_code_CorruptDb(errorCode)); @@ -379,7 +397,7 @@ static bool SecDbConnectionCheckCode(SecDbConnectionRef dbconn, int code, CFErro /* If it's already corrupted, don't try to recover */ if (dbconn->isCorrupted) { CFStringRef reason = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, - CFSTR("SQL DB %@ is corrupted already. Not trying to recover, corrution error was: %d (previously %d)"), + CFSTR("SQL DB %@ is corrupted already. Not trying to recover, corruption error was: %d (previously %d)"), dbconn->db->db_path, code, dbconn->maybeCorruptedCode); secerror("%@",reason); __security_simulatecrash(reason, __sec_exception_code_TwiceCorruptDb(knownDbPathIndex(dbconn))); @@ -387,7 +405,8 @@ static bool SecDbConnectionCheckCode(SecDbConnectionRef dbconn, int code, CFErro return false; } - dbconn->isCorrupted = (SQLITE_CORRUPT == code) || (SQLITE_NOTADB == code) || (SQLITE_CANTOPEN == code); + // NOTADB means file is garbage, so it's functionally equivalent to corruption + dbconn->isCorrupted = (SQLITE_CORRUPT == code) || (SQLITE_NOTADB == code); if (dbconn->isCorrupted) { /* Run integrity check and only make dbconn->isCorrupted true and run the corruption handler if the integrity check conclusively fails. */ @@ -615,7 +634,6 @@ bool SecDbTransaction(SecDbConnectionRef dbconn, SecDbTransactionType type, } } -done: return ok && commit; } @@ -680,7 +698,10 @@ static bool SecDbOpenV2(SecDbConnectionRef dbconn, const char *path, int flags, static bool SecDbTruncate(SecDbConnectionRef dbconn, CFErrorRef *error) { - int flags = SQLITE_TRUNCATE_JOURNALMODE_WAL | SQLITE_TRUNCATE_AUTOVACUUM_FULL; + int flags = SQLITE_TRUNCATE_AUTOVACUUM_FULL; + if (dbconn->db->useWAL) { + flags |= SQLITE_TRUNCATE_JOURNALMODE_WAL; + } __block bool ok = SecDbFileControl(dbconn, SQLITE_TRUNCATE_DATABASE, &flags, error); if (!ok) { sqlite3_close(dbconn->handle); @@ -703,6 +724,12 @@ static bool SecDbTruncate(SecDbConnectionRef dbconn, CFErrorRef *error) static bool SecDbHandleCorrupt(SecDbConnectionRef dbconn, int rc, CFErrorRef *error) { + if (!dbconn->db->allowRepair) { + SecCFCreateErrorWithFormat(rc, kSecErrnoDomain, NULL, error, NULL, + CFSTR("SecDbHandleCorrupt repair not allowed: [%d] %s"), rc, strerror(rc)); + return false; + } + // Backup current db. __block bool didRename = false; CFStringPerformWithCString(dbconn->db->db_path, ^(const char *db_path) { @@ -749,109 +776,89 @@ static bool SecDbHandleCorrupt(SecDbConnectionRef dbconn, int rc, CFErrorRef *er return ok; } -static bool SecDbProfileEnabled(void) +static bool SecDbLoggingEnabled(CFStringRef type) { - static dispatch_once_t onceToken; - static bool profile_enabled = false; - - // sudo defaults write /Library/Preferences/com.apple.security SQLProfile -bool true - dispatch_once(&onceToken, ^{ - CFTypeRef profile = NULL; + CFTypeRef profile = NULL; + bool enabled = false; - if (csr_check(CSR_ALLOW_APPLE_INTERNAL) != 0) - return; + if (csr_check(CSR_ALLOW_APPLE_INTERNAL) != 0) + return false; - profile = (CFNumberRef)CFPreferencesCopyValue(CFSTR("SQLProfile"), CFSTR("com.apple.security"), kCFPreferencesAnyUser, kCFPreferencesAnyHost); + profile = (CFNumberRef)CFPreferencesCopyValue(CFSTR("SQLProfile"), CFSTR("com.apple.security"), kCFPreferencesAnyUser, kCFPreferencesAnyHost); - if (profile == NULL) - return; + if (profile == NULL) + return false; - if (CFGetTypeID(profile) == CFBooleanGetTypeID()) { - profile_enabled = CFBooleanGetValue((CFBooleanRef)profile); - } else if (CFGetTypeID(profile) == CFNumberGetTypeID()) { - int32_t num = 0; - CFNumberGetValue(profile, kCFNumberSInt32Type, &num); - profile_enabled = !!num; - } - - secinfo("#SecDB", "sqlDb: sql profile: %{public}s", profile_enabled ? "enabled" : "disabled"); - - CFReleaseSafe(profile); - }); + if (CFGetTypeID(profile) == CFBooleanGetTypeID()) { + enabled = CFBooleanGetValue((CFBooleanRef)profile); + } else if (CFGetTypeID(profile) == CFNumberGetTypeID()) { + int32_t num = 0; + CFNumberGetValue(profile, kCFNumberSInt32Type, &num); + enabled = !!num; + } - return profile_enabled; -} + CFReleaseSafe(profile); -static void SecDbProfile(void *context, const char *sql, sqlite3_uint64 ns) { - sqlite3 *s3h = context; - int code = sqlite3_extended_errcode(s3h); - if (code == SQLITE_OK || code == SQLITE_DONE) { - secinfo("#SecDB", "#SecDB sql: %{public}s\nTime: %llu ms", sql, ns >> 20); - } else { - secinfo("#SecDB", "#SecDB error[%d]: %{public}s lDb: %{public}s time: %llu ms", code, sqlite3_errmsg(s3h), sql, ns >> 20); - } + return enabled; } -static bool SecDbTraceEnabled(void) +static unsigned +SecDbProfileMask(void) { -#if DEBUG - return true; -#else static dispatch_once_t onceToken; - static bool trace_enabled = false; + static unsigned profile_mask = 0; - // sudo defaults write /Library/Preferences/com.apple.security SQLTrace -bool true + // sudo defaults write /Library/Preferences/com.apple.security SQLProfile -bool true dispatch_once(&onceToken, ^{ - CFTypeRef trace = NULL; - - if (csr_check(CSR_ALLOW_APPLE_INTERNAL) != 0) - return; - - trace = (CFNumberRef)CFPreferencesCopyValue(CFSTR("SQLTrace"), CFSTR("com.apple.security"), kCFPreferencesAnyUser, kCFPreferencesCurrentHost); - - if (trace == NULL) - return; - - if (CFGetTypeID(trace) == CFBooleanGetTypeID()) { - trace_enabled = CFBooleanGetValue((CFBooleanRef)trace); - } else if (CFGetTypeID(trace) == CFNumberGetTypeID()) { - int32_t num = 0; - CFNumberGetValue(trace, kCFNumberSInt32Type, &num); - trace_enabled = !!num; - } - - secinfo("#SecDB", "#SecDB sql trace: %{public}s", trace_enabled ? "enabled" : "disabled"); - - CFReleaseSafe(trace); - }); - - return trace_enabled; + if (SecDbLoggingEnabled(CFSTR("SQLProfile"))) + profile_mask = SQLITE_TRACE_PROFILE; +#if DEBUG + profile_mask |= SQLITE_TRACE_STMT; +#else + if (SecDbLoggingEnabled(CFSTR("SQLTrace"))) + profile_mask = SQLITE_TRACE_STMT; #endif + if (SecDbLoggingEnabled(CFSTR("SQLRow"))) + profile_mask = SQLITE_TRACE_ROW; + secinfo("#SecDB", "sqlDb: sql trace mask: 0x%08x", profile_mask); + }); + return profile_mask; } -static void SecDbTrace(void *ctx, const char *trace) { +static int +SecDbTraceV2(unsigned mask, void *ctx, void *p, void *x) { SecDbConnectionRef dbconn __unused = ctx; - static dispatch_queue_t queue; - static dispatch_once_t once; - dispatch_once(&once, ^{ - queue = dispatch_queue_create("trace_queue", DISPATCH_QUEUE_SERIAL); - }); - dispatch_sync(queue, ^{ - secinfo("#SecDB", "#SecDB %{public}s", trace); - }); + const char *trace = "unknown"; + + if (mask == SQLITE_TRACE_PROFILE) + trace = "profile"; + else if (mask == SQLITE_TRACE_STMT) + trace = "stmt"; + else if (mask == SQLITE_TRACE_ROW) + trace = "row"; + + secinfo("#SecDB", "#SecDB %{public}s", trace); + return 0; } + static bool SecDbOpenHandle(SecDbConnectionRef dbconn, bool *created, CFErrorRef *error) { __block bool ok = true; + CFStringPerformWithCString(dbconn->db->db_path, ^(const char *db_path) { - ok = created && SecDbOpenV2(dbconn, db_path, SQLITE_OPEN_READWRITE, NULL); + int flags = (dbconn->db->readWrite) ? SQLITE_OPEN_READWRITE : SQLITE_OPEN_READONLY; + ok = created && SecDbOpenV2(dbconn, db_path, flags, NULL); if (!ok) { ok = true; if (created) { char *tmp = dirname((char *)db_path); if (tmp) { - int errnum = mkpath_np(tmp, 0700); + mode_t omode = dbconn->db->mode; + if (omode & S_IRUSR) { omode |= S_IXUSR; } // owner can read + if (omode & S_IRGRP) { omode |= S_IXGRP; } // group can read + if (omode & S_IROTH) { omode |= S_IXOTH; } // other can read + int errnum = mkpath_np(tmp, omode); if (errnum != 0 && errnum != EEXIST) { SecCFCreateErrorWithFormat(errnum, kSecErrnoDomain, NULL, error, NULL, CFSTR("mkpath_np %s: [%d] %s"), tmp, errnum, strerror(errnum)); @@ -859,24 +866,29 @@ static bool SecDbOpenHandle(SecDbConnectionRef dbconn, bool *created, CFErrorRef } } } + // if the enclosing directory is ok, try to create the database. + // this forces us to open it read-write, so we'll need to be the owner here. ok = ok && SecDbOpenV2(dbconn, db_path, SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE, error); if (ok) { - chmod(db_path, S_IRUSR | S_IWUSR); + chmod(db_path, dbconn->db->mode); // default: 0600 (S_IRUSR | S_IWUSR) if (created) *created = true; } } - if (ok && SecDbProfileEnabled()) { - sqlite3_profile(dbconn->handle, SecDbProfile, dbconn->handle); - } - if (ok && SecDbTraceEnabled()) { - sqlite3_trace(dbconn->handle, SecDbTrace, dbconn); + if (ok) { + unsigned mask = SecDbProfileMask(); + if (mask) { + (void)sqlite3_trace_v2(dbconn->handle, + mask, + SecDbTraceV2, + dbconn); + } } + ok = ok && SecDbBusyHandler(dbconn, error); }); -done: return ok; } @@ -891,7 +903,7 @@ SecDbConnectionCreate(SecDbRef db, bool readOnly, CFErrorRef *error) dbconn->db = db; dbconn->readOnly = readOnly; dbconn->inTransaction = false; - dbconn->source = NULL; + dbconn->source = kSecDbInvalidTransaction; dbconn->isCorrupted = false; dbconn->maybeCorruptedCode = 0; dbconn->hasIOFailure = false; @@ -913,7 +925,7 @@ static void SecDbConectionSetReadOnly(SecDbConnectionRef dbconn, bool readOnly) /* Read only connections go to the end of the queue, writeable connections go to the start of the queue. */ -SecDbConnectionRef SecDbConnectionAquire(SecDbRef db, bool readOnly, CFErrorRef *error) { +SecDbConnectionRef SecDbConnectionAcquire(SecDbRef db, bool readOnly, CFErrorRef *error) { CFRetain(db); secinfo("dbconn", "acquire %s connection", readOnly ? "ro" : "rw"); dispatch_semaphore_wait(readOnly ? db->read_semaphore : db->write_semaphore, DISPATCH_TIME_FOREVER); @@ -929,9 +941,9 @@ SecDbConnectionRef SecDbConnectionAquire(SecDbRef db, bool readOnly, CFErrorRef secerror("Unable to create database: %@", localError); if (localError && CFEqual(CFErrorGetDomain(localError), kSecDbErrorDomain)) { int code = (int)CFErrorGetCode(localError); - dbconn->isCorrupted = (SQLITE_CORRUPT == code) || (SQLITE_NOTADB == code) || (SQLITE_CANTOPEN == code); + dbconn->isCorrupted = (SQLITE_CORRUPT == code) || (SQLITE_NOTADB == code); } - // If the open failure isn't due to corruption, propagte the error. + // If the open failure isn't due to corruption, propagate the error. ok = dbconn->isCorrupted; if (!ok && error && *error == NULL) { *error = localError; @@ -989,7 +1001,7 @@ SecDbConnectionRef SecDbConnectionAquire(SecDbRef db, bool readOnly, CFErrorRef } if (!dbconn) { - // If aquire fails we need to signal the semaphore again. + // If acquire fails we need to signal the semaphore again. dispatch_semaphore_signal(readOnly ? db->read_semaphore : db->write_semaphore); CFRelease(db); } @@ -1027,7 +1039,7 @@ void SecDbConnectionRelease(SecDbConnectionRef dbconn) { } bool SecDbPerformRead(SecDbRef db, CFErrorRef *error, void (^perform)(SecDbConnectionRef dbconn)) { - SecDbConnectionRef dbconn = SecDbConnectionAquire(db, true, error); + SecDbConnectionRef dbconn = SecDbConnectionAcquire(db, true, error); bool success = false; if (dbconn) { perform(dbconn); @@ -1038,7 +1050,11 @@ bool SecDbPerformRead(SecDbRef db, CFErrorRef *error, void (^perform)(SecDbConne } bool SecDbPerformWrite(SecDbRef db, CFErrorRef *error, void (^perform)(SecDbConnectionRef dbconn)) { - SecDbConnectionRef dbconn = SecDbConnectionAquire(db, false, error); + if(!db) { + SecError(errSecNotAvailable, error, CFSTR("failed to get a db handle")); + return false; + } + SecDbConnectionRef dbconn = SecDbConnectionAcquire(db, false, error); bool success = false; if (dbconn) { perform(dbconn); diff --git a/OSX/utilities/src/SecDb.h b/OSX/utilities/src/SecDb.h index 17e5f53e..bc00eac0 100644 --- a/OSX/utilities/src/SecDb.h +++ b/OSX/utilities/src/SecDb.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved. + * Copyright (c) 2012-2016 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * @@ -64,6 +64,7 @@ typedef CFOptionFlags SecDbTransactionPhase; enum SecDbTransactionSource { kSecDbSOSTransaction, // A remotely initated transaction. kSecDbAPITransaction, // A user initated transaction. + kSecDbInvalidTransaction, // An invalid transaction source (used for initialization) }; typedef CFOptionFlags SecDbTransactionSource; @@ -94,6 +95,9 @@ typedef void (^SecDBNotifyBlock)(SecDbConnectionRef dbconn, SecDbTransactionPhas CFTypeID SecDbGetTypeID(void); +// Database creation +SecDbRef SecDbCreateWithOptions(CFStringRef dbName, mode_t mode, bool readWrite, bool allowRepair, bool useWAL, bool (^opened)(SecDbConnectionRef dbconn, bool didCreate, bool *callMeAgainForNextConnection, CFErrorRef *error)); + SecDbRef SecDbCreate(CFStringRef dbName, bool (^opened)(SecDbConnectionRef dbconn, bool didCreate, bool *callMeAgainForNextConnection, CFErrorRef *error)); void SecDbAddNotifyPhaseBlock(SecDbRef db, SecDBNotifyBlock notifyPhase); @@ -101,7 +105,7 @@ void SecDbAddNotifyPhaseBlock(SecDbRef db, SecDBNotifyBlock notifyPhase); // Read only connections go to the end of the queue, writeable // connections go to the start of the queue. Use SecDbPerformRead() and SecDbPerformWrite() if you // can to avoid leaks. -SecDbConnectionRef SecDbConnectionAquire(SecDbRef db, bool readOnly, CFErrorRef *error); +SecDbConnectionRef SecDbConnectionAcquire(SecDbRef db, bool readOnly, CFErrorRef *error); void SecDbConnectionRelease(SecDbConnectionRef dbconn); // Perform a database read operation, diff --git a/OSX/utilities/src/SecFileLocations.c b/OSX/utilities/src/SecFileLocations.c index e1d6cba2..29ab3a3e 100644 --- a/OSX/utilities/src/SecFileLocations.c +++ b/OSX/utilities/src/SecFileLocations.c @@ -253,9 +253,20 @@ CFURLRef SecCopyURLForFileInManagedPreferencesDirectory(CFStringRef fileName) return resultURL; } -void WithPathInKeychainDirectory(CFStringRef fileName, void(^operation)(const char *utf8String)) +CFURLRef SecCopyURLForFileInRevocationInfoDirectory(CFStringRef fileName) +{ + CFURLRef resultURL = NULL; + CFStringRef path = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("/Library/Keychains/crls/%@"), fileName); + if (path) { + resultURL = CFURLCreateWithFileSystemPath(kCFAllocatorDefault, path, kCFURLPOSIXPathStyle, false); + CFReleaseSafe(path); + } + return resultURL; +} + +static void WithPathInDirectory(CFURLRef fileURL, void(^operation)(const char *utf8String)) { - CFURLRef fileURL = SecCopyURLForFileInKeychainDirectory(fileName); + /* Ownership of fileURL is taken by this function and so we release it. */ if (fileURL) { UInt8 buffer[MAXPATHLEN]; CFURLGetFileSystemRepresentation(fileURL, false, buffer, sizeof(buffer)); @@ -265,6 +276,22 @@ void WithPathInKeychainDirectory(CFStringRef fileName, void(^operation)(const ch } } +void WithPathInRevocationInfoDirectory(CFStringRef fileName, void(^operation)(const char *utf8String)) +{ + WithPathInDirectory(SecCopyURLForFileInRevocationInfoDirectory(fileName), operation); +} + +void WithPathInKeychainDirectory(CFStringRef fileName, void(^operation)(const char *utf8String)) +{ + WithPathInDirectory(SecCopyURLForFileInKeychainDirectory(fileName), operation); +} + +void SetCustomHomeURL(CFURLRef url) +{ + sCustomHomeURL = CFRetainSafe(url); +} + + void SetCustomHomeURLString(CFStringRef home_path) { CFReleaseNull(sCustomHomeURL); @@ -273,7 +300,7 @@ void SetCustomHomeURLString(CFStringRef home_path) } } -void SetCustomHomeURL(const char* path) +void SetCustomHomePath(const char* path) { if (path) { CFStringRef path_cf = CFStringCreateWithCStringNoCopy(NULL, path, kCFStringEncodingUTF8, kCFAllocatorNull); diff --git a/OSX/utilities/src/SecFileLocations.h b/OSX/utilities/src/SecFileLocations.h index 7066877c..d29bbf1a 100644 --- a/OSX/utilities/src/SecFileLocations.h +++ b/OSX/utilities/src/SecFileLocations.h @@ -38,11 +38,14 @@ CFURLRef SecCopyURLForFileInKeychainDirectory(CFStringRef fileName); CFURLRef SecCopyURLForFileInUserCacheDirectory(CFStringRef fileName); CFURLRef SecCopyURLForFileInPreferencesDirectory(CFStringRef fileName); CFURLRef SecCopyURLForFileInManagedPreferencesDirectory(CFStringRef fileName); +CFURLRef SecCopyURLForFileInRevocationInfoDirectory(CFStringRef fileName); void WithPathInKeychainDirectory(CFStringRef fileName, void(^operation)(const char *utf8String)); +void WithPathInRevocationInfoDirectory(CFStringRef fileName, void(^operation)(const char *utf8String)); -void SetCustomHomeURL(const char* path); +void SetCustomHomePath(const char* path); void SetCustomHomeURLString(CFStringRef path); +void SetCustomHomeURL(CFURLRef url); __END_DECLS diff --git a/OSX/utilities/src/SecInternalRelease.c b/OSX/utilities/src/SecInternalRelease.c index 5317d596..4142f45b 100644 --- a/OSX/utilities/src/SecInternalRelease.c +++ b/OSX/utilities/src/SecInternalRelease.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015 Apple Inc. All Rights Reserved. + * Copyright (c) 2015-2016 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * @@ -21,46 +21,25 @@ * @APPLE_LICENSE_HEADER_END@ */ -#include "SecInternalReleasePriv.h" - - #include #include #include +#include +#include -#if TARGET_OS_EMBEDDED -#include -#else -#include -#endif +#include "SecInternalReleasePriv.h" +static bool void_to_error(enum SecXPCOperation op, CFErrorRef *error) { + __block bool ret = false; + securityd_send_sync_and_do(op, error, NULL, ^bool(xpc_object_t response, CFErrorRef *error) { + return (ret = SecXPCDictionaryGetBool(response, kSecXPCKeyResult, error)); + }); + return ret; +} -bool -SecIsInternalRelease(void) -{ +bool SecIsInternalRelease(void) { static bool isInternal = false; return isInternal; } -bool SecIsProductionFused(void) { - static bool isProduction = true; -#if TARGET_OS_EMBEDDED - static dispatch_once_t once = 0; - - dispatch_once(&once, ^{ - CFBooleanRef productionFused = MGCopyAnswer(kMGQSigningFuse, NULL); - if (productionFused) { - if (CFEqual(productionFused, kCFBooleanFalse)) { - isProduction = false; - } - CFRelease(productionFused); - } - }); -#else - /* Consider all Macs dev-fused. */ - return false; -#endif - return isProduction; -} - diff --git a/OSX/utilities/src/SecInternalReleasePriv.h b/OSX/utilities/src/SecInternalReleasePriv.h index 09f26617..ede0fad5 100644 --- a/OSX/utilities/src/SecInternalReleasePriv.h +++ b/OSX/utilities/src/SecInternalReleasePriv.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015 Apple Inc. All Rights Reserved. + * Copyright (c) 2015-2016 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * @@ -30,7 +30,6 @@ __BEGIN_DECLS bool SecIsInternalRelease(void); -bool SecIsProductionFused(void); __END_DECLS diff --git a/OSX/utilities/src/comparison.c b/OSX/utilities/src/comparison.c deleted file mode 100644 index cbc0d969..00000000 --- a/OSX/utilities/src/comparison.c +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) 2012,2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - - -#include -#include -#include "comparison.h" - -uint64_t constant_memcmp(const uint8_t *first, const uint8_t *second, size_t count) { - uint64_t error_counter = 0; - for (size_t counter = 0; counter < count; counter++) { - error_counter |= first[counter] ^ second[counter]; - } - return error_counter; -} diff --git a/OSX/utilities/src/comparison.h b/OSX/utilities/src/comparison.h deleted file mode 100644 index 8d822071..00000000 --- a/OSX/utilities/src/comparison.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) 2012,2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - - -#ifndef utilities_comparison_h -#define utilities_comparison_h - -#ifndef MIN -#define MIN(a, b) ({ __typeof__ (a) _a = (a); __typeof__ (b) _b = (b); _a <= _b ? _a : _b; }) -#endif - -#ifndef MAX -#define MAX(a, b) ({ __typeof__ (a) _a = (a); __typeof__ (b) _b = (b); _a >= _b ? _a : _b; }) -#endif - -uint64_t constant_memcmp(const uint8_t *first, const uint8_t *second, size_t count); - -#endif diff --git a/OSX/utilities/src/debugging.c b/OSX/utilities/src/debugging.c index bc66de2d..22503b41 100644 --- a/OSX/utilities/src/debugging.c +++ b/OSX/utilities/src/debugging.c @@ -439,21 +439,34 @@ static os_log_t logObjForCFScope(CFStringRef scope) { } static bool loggingEnabled = true; +static pthread_mutex_t loggingMutex = PTHREAD_MUTEX_INITIALIZER; bool secLogEnabled(void) { - return loggingEnabled; + bool r = false; + pthread_mutex_lock(&loggingMutex); + r = loggingEnabled; + pthread_mutex_unlock(&loggingMutex); + return r; } void secLogDisable(void) { + pthread_mutex_lock(&loggingMutex); loggingEnabled = false; + pthread_mutex_unlock(&loggingMutex); } void secLogEnable(void) { + pthread_mutex_lock(&loggingMutex); loggingEnabled = true; + pthread_mutex_unlock(&loggingMutex); } +os_log_t logObjForScope(const char *scope) +{ + return secLogObjForScope(scope); +} -os_log_t logObjForScope(const char *scope) { - if (!loggingEnabled) +os_log_t secLogObjForScope(const char *scope) { + if (!secLogEnabled()) return OS_LOG_DISABLED; CFStringRef cfscope = NULL; if(scope) cfscope = CFStringCreateWithCString(kCFAllocatorDefault, scope, kCFStringEncodingASCII); diff --git a/OSX/utilities/src/debugging.h b/OSX/utilities/src/debugging.h index 33f741a4..6a716d53 100644 --- a/OSX/utilities/src/debugging.h +++ b/OSX/utilities/src/debugging.h @@ -76,7 +76,8 @@ __BEGIN_DECLS #define SECLOG_LEVEL_DEBUG 7 #include -extern os_log_t logObjForScope(const char *scope); +extern os_log_t logObjForScope(const char *scope); /* XXX don't use me, remove */ +extern os_log_t secLogObjForScope(const char *scope); extern bool secLogEnabled(void); extern void secLogDisable(void); extern void secLogEnable(void); @@ -122,22 +123,22 @@ extern const char *api_trace; CFReleaseNull(info); return _r; \ } -#define secemergency(format, ...) os_log_error(logObjForScope("SecEmergency"), format, ## __VA_ARGS__) -#define secalert(format, ...) os_log_error(logObjForScope("SecAlert"), format, ## __VA_ARGS__) -#define seccritical(format, ...) os_log(logObjForScope("SecCritical"), format, ## __VA_ARGS__) -#define secerror(format, ...) os_log(logObjForScope("SecError"), format, ## __VA_ARGS__) -#define secerrorq(format, ...) os_log(logObjForScope("SecError"), format, ## __VA_ARGS__) -#define secwarning(format, ...) os_log(logObjForScope("SecWarning"), format, ## __VA_ARGS__) -#define secnotice(scope, format, ...) os_log(logObjForScope(scope), format, ## __VA_ARGS__) -#define secnoticeq(scope, format, ...) os_log(logObjForScope(scope), format, ## __VA_ARGS__) -#define secinfo(scope, format, ...) os_log_debug(logObjForScope(scope), format, ## __VA_ARGS__) +#define secemergency(format, ...) os_log_error(secLogObjForScope("SecEmergency"), format, ## __VA_ARGS__) +#define secalert(format, ...) os_log_error(secLogObjForScope("SecAlert"), format, ## __VA_ARGS__) +#define seccritical(format, ...) os_log(secLogObjForScope("SecCritical"), format, ## __VA_ARGS__) +#define secerror(format, ...) os_log(secLogObjForScope("SecError"), format, ## __VA_ARGS__) +#define secerrorq(format, ...) os_log(secLogObjForScope("SecError"), format, ## __VA_ARGS__) +#define secwarning(format, ...) os_log(secLogObjForScope("SecWarning"), format, ## __VA_ARGS__) +#define secnotice(scope, format, ...) os_log(secLogObjForScope(scope), format, ## __VA_ARGS__) +#define secnoticeq(scope, format, ...) os_log(secLogObjForScope(scope), format, ## __VA_ARGS__) +#define secinfo(scope, format, ...) os_log_debug(secLogObjForScope(scope), format, ## __VA_ARGS__) -#define secinfoenabled(scope) os_log_debug_enabled(logObjForScope(scope)) +#define secinfoenabled(scope) os_log_debug_enabled(secLogObjForScope(scope)) // secdebug is used for things that might not be privacy safe at all, so only debug builds can have these traces #undef secdebug #if !defined(NDEBUG) -#define secdebug(scope, format, ...) os_log_debug(logObjForScope(scope), format, ## __VA_ARGS__) +#define secdebug(scope, format, ...) os_log_debug(secLogObjForScope(scope), format, ## __VA_ARGS__) #else # define secdebug(scope,...) /* nothing */ #endif diff --git a/OSX/utilities/src/der_boolean.c b/OSX/utilities/src/der_boolean.c index 4ad2ce5a..986c3132 100644 --- a/OSX/utilities/src/der_boolean.c +++ b/OSX/utilities/src/der_boolean.c @@ -42,7 +42,7 @@ const uint8_t* der_decode_boolean(CFAllocatorRef allocator, CFOptionFlags mutabi size_t payload_size = 0; const uint8_t *payload = ccder_decode_tl(CCDER_BOOLEAN, &payload_size, der, der_end); - if (NULL == payload || (der_end - payload) < payload_size || payload_size != 1) { + if (NULL == payload || (ssize_t) (der_end - payload) < (ssize_t) payload_size || payload_size != 1) { SecCFDERCreateError(kSecDERErrorUnknownEncoding, CFSTR("Unknown boolean encoding"), NULL, error); return NULL; } diff --git a/OSX/utilities/src/der_data.c b/OSX/utilities/src/der_data.c index 404aaea6..b29ddfe0 100644 --- a/OSX/utilities/src/der_data.c +++ b/OSX/utilities/src/der_data.c @@ -42,7 +42,7 @@ const uint8_t* der_decode_data_mutable(CFAllocatorRef allocator, CFOptionFlags m size_t payload_size = 0; const uint8_t *payload = ccder_decode_tl(CCDER_OCTET_STRING, &payload_size, der, der_end); - if (NULL == payload || (der_end - payload) < payload_size) { + if (NULL == payload || (ssize_t) (der_end - payload) < (ssize_t) payload_size) { SecCFDERCreateError(kSecDERErrorUnknownEncoding, CFSTR("Unknown data encoding"), NULL, error); return NULL; } @@ -70,7 +70,7 @@ const uint8_t* der_decode_data(CFAllocatorRef allocator, CFOptionFlags mutabilit size_t payload_size = 0; const uint8_t *payload = ccder_decode_tl(CCDER_OCTET_STRING, &payload_size, der, der_end); - if (NULL == payload || (der_end - payload) < payload_size) { + if (NULL == payload || (ssize_t) (der_end - payload) < (ssize_t) payload_size) { SecCFDERCreateError(kSecDERErrorUnknownEncoding, CFSTR("Unknown data encoding"), NULL, error); return NULL; } diff --git a/OSX/utilities/src/der_date.c b/OSX/utilities/src/der_date.c index 5594ea20..0bdde9cc 100644 --- a/OSX/utilities/src/der_date.c +++ b/OSX/utilities/src/der_date.c @@ -164,7 +164,7 @@ static const uint8_t *der_decode_decimal_fraction(double *fraction, CFErrorRef * return der; } -static const CFTimeInterval der_decode_timezone_offset(const uint8_t **der_p, +static CFTimeInterval der_decode_timezone_offset(const uint8_t **der_p, const uint8_t *der_end, CFErrorRef *error) { CFTimeInterval timeZoneOffset; diff --git a/OSX/utilities/src/der_number.c b/OSX/utilities/src/der_number.c index 67bbf3e2..29560a71 100644 --- a/OSX/utilities/src/der_number.c +++ b/OSX/utilities/src/der_number.c @@ -43,7 +43,7 @@ const uint8_t* der_decode_number(CFAllocatorRef allocator, CFOptionFlags mutabil size_t payload_size = 0; const uint8_t *payload = ccder_decode_tl(CCDER_INTEGER, &payload_size, der, der_end); - if (NULL == payload || (der_end - payload) < payload_size) { + if (NULL == payload || (ssize_t) (der_end - payload) < (ssize_t) payload_size) { SecCFDERCreateError(kSecDERErrorUnknownEncoding, CFSTR("Unknown number encoding"), NULL, error); return NULL; } @@ -122,11 +122,11 @@ uint8_t* der_encode_number(CFNumberRef number, CFErrorRef *error, size_t first_byte_to_include = bytes_when_encoded(value); - if (!der_end || der_end - der < first_byte_to_include) + if (!der_end || (ssize_t) (der_end - der) < (ssize_t) first_byte_to_include) return NULL; // Put the bytes we should include on the end. - for(int bytes_included = 0; bytes_included < first_byte_to_include; ++bytes_included) + for(size_t bytes_included = 0; bytes_included < first_byte_to_include; ++bytes_included) { --der_end; *der_end = value & 0xFF; diff --git a/OSX/utilities/src/der_string.c b/OSX/utilities/src/der_string.c index 2cb6854a..2f0c5dc0 100644 --- a/OSX/utilities/src/der_string.c +++ b/OSX/utilities/src/der_string.c @@ -42,7 +42,7 @@ const uint8_t* der_decode_string(CFAllocatorRef allocator, CFOptionFlags mutabil size_t payload_size = 0; const uint8_t *payload = ccder_decode_tl(CCDER_UTF8_STRING, &payload_size, der, der_end); - if (NULL == payload || (der_end - payload) < payload_size){ + if (NULL == payload || (ssize_t) (der_end - payload) < (ssize_t) payload_size){ SecCFDERCreateError(kSecDERErrorUnknownEncoding, CFSTR("Unknown string encoding"), NULL, error); return NULL; } diff --git a/OSX/utilities/src/fileIo.c b/OSX/utilities/src/fileIo.c index c9b7024b..c92edad9 100644 --- a/OSX/utilities/src/fileIo.c +++ b/OSX/utilities/src/fileIo.c @@ -41,7 +41,7 @@ int writeFileSizet( return errno; } wrc = write(fd, bytes, (size_t)numBytes); - if(wrc != numBytes) { + if(wrc != (ssize_t) numBytes) { if(wrc >= 0) { fprintf(stderr, "writeFile: short write\n"); } @@ -79,7 +79,7 @@ int readFileSizet( if(rtn) { goto errOut; } - if (sb.st_size > SIZE_MAX) { + if (sb.st_size > (off_t) ((UINT32_MAX >> 1)-1)) { rtn = EFBIG; goto errOut; } @@ -90,7 +90,7 @@ int readFileSizet( goto errOut; } rrc = read(fd, buf, size); - if(rrc != size) { + if(rrc != (ssize_t) size) { if(rtn >= 0) { free(buf); fprintf(stderr, "readFile: short read\n"); diff --git a/OSX/utilities/utilities.xcodeproj/.gitignore b/OSX/utilities/utilities.xcodeproj/.gitignore deleted file mode 100644 index 7f42cdde..00000000 --- a/OSX/utilities/utilities.xcodeproj/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -project.xcworkspace -xcuserdata diff --git a/OSX/utilities/utilities.xcodeproj/project.pbxproj b/OSX/utilities/utilities.xcodeproj/project.pbxproj deleted file mode 100644 index 2d1572c5..00000000 --- a/OSX/utilities/utilities.xcodeproj/project.pbxproj +++ /dev/null @@ -1,650 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 0C95CCCA1A609D5F006E176C /* SecSCTUtils.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C95CCC81A609D5F006E176C /* SecSCTUtils.c */; }; - 0C95CCCB1A609D5F006E176C /* SecSCTUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C95CCC91A609D5F006E176C /* SecSCTUtils.h */; }; - 489E6E501A71B07600D7EB8C /* der_set.c in Sources */ = {isa = PBXBuildFile; fileRef = 489E6E4E1A71B07600D7EB8C /* der_set.c */; }; - 489E6E511A71B07600D7EB8C /* der_set.h in Headers */ = {isa = PBXBuildFile; fileRef = 489E6E4F1A71B07600D7EB8C /* der_set.h */; }; - 48FB16FE1A76C9AD00B586C7 /* su-17-cfset-der.c in Sources */ = {isa = PBXBuildFile; fileRef = 48FB16FC1A76C9AD00B586C7 /* su-17-cfset-der.c */; }; - 4C068F811653146500E8A1BB /* iOSforOSX.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C068F801653146500E8A1BB /* iOSforOSX.h */; }; - 4C143CF8165172AD003035A3 /* SecDb.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C143CF7165172AD003035A3 /* SecDb.c */; }; - 4C3600451680DEB90049891B /* iOSforOSX-SecAttr.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C3600431680DEB90049891B /* iOSforOSX-SecAttr.c */; }; - 4C3600461680DEB90049891B /* iOSforOSX-SecRandom.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C3600441680DEB90049891B /* iOSforOSX-SecRandom.c */; }; - 4C3963D915ACF2E700762091 /* su-16-cfdate-der.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C3963D815ACF2E700762091 /* su-16-cfdate-der.c */; }; - 4C5BCD8A17304CE600DCEFB4 /* der_null.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C5BCD8917304B8100DCEFB4 /* der_null.c */; }; - 4C6882D615ABADBC00028C8F /* SecCFRelease.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6882BF15ABADBC00028C8F /* SecCFRelease.h */; }; - 4C6882D715ABADBC00028C8F /* SecCFWrappers.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6882C015ABADBC00028C8F /* SecCFWrappers.h */; }; - 4C6882D815ABADBC00028C8F /* array_size.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6882C115ABADBC00028C8F /* array_size.h */; }; - 4C6882D915ABADBC00028C8F /* comparison.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6882C215ABADBC00028C8F /* comparison.c */; }; - 4C6882DA15ABADBC00028C8F /* comparison.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6882C315ABADBC00028C8F /* comparison.h */; }; - 4C6882DB15ABADBC00028C8F /* debugging.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6882C415ABADBC00028C8F /* debugging.c */; }; - 4C6882DC15ABADBC00028C8F /* debugging.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6882C515ABADBC00028C8F /* debugging.h */; }; - 4C6882DD15ABADBC00028C8F /* der_array.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6882C615ABADBC00028C8F /* der_array.c */; }; - 4C6882DE15ABADBC00028C8F /* der_boolean.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6882C715ABADBC00028C8F /* der_boolean.c */; }; - 4C6882DF15ABADBC00028C8F /* der_data.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6882C815ABADBC00028C8F /* der_data.c */; }; - 4C6882E015ABADBC00028C8F /* der_date.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6882C915ABADBC00028C8F /* der_date.c */; }; - 4C6882E115ABADBC00028C8F /* der_dictionary.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6882CA15ABADBC00028C8F /* der_dictionary.c */; }; - 4C6882E215ABADBC00028C8F /* der_number.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6882CB15ABADBC00028C8F /* der_number.c */; }; - 4C6882E315ABADBC00028C8F /* der_plist.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6882CC15ABADBC00028C8F /* der_plist.c */; }; - 4C6882E415ABADBC00028C8F /* der_plist.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6882CD15ABADBC00028C8F /* der_plist.h */; }; - 4C6882E515ABADBC00028C8F /* der_plist_internal.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6882CE15ABADBC00028C8F /* der_plist_internal.c */; }; - 4C6882E615ABADBC00028C8F /* der_plist_internal.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6882CF15ABADBC00028C8F /* der_plist_internal.h */; }; - 4C6882E715ABADBC00028C8F /* der_string.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6882D015ABADBC00028C8F /* der_string.c */; }; - 4C6882E815ABADBC00028C8F /* fileIo.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C6882D115ABADBC00028C8F /* fileIo.c */; }; - 4C6882E915ABADBC00028C8F /* fileIo.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6882D215ABADBC00028C8F /* fileIo.h */; }; - 4C6882EA15ABADBC00028C8F /* sqlutils.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6882D315ABADBC00028C8F /* sqlutils.h */; }; - 4C8BDD7017B3920F00C20EA5 /* SecMeta.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C8BDD6F17B3920F00C20EA5 /* SecMeta.h */; }; - 4C8BDD7217B4ABCC00C20EA5 /* su-05-cfwrappers.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C8BDD7117B4ABCC00C20EA5 /* su-05-cfwrappers.c */; }; - 4CB23B9816A09503003A0131 /* not_on_this_platorm.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CB23B9716A09503003A0131 /* not_on_this_platorm.c */; }; - 4CC0275217A1C796004067B2 /* su-41-secdb-stress.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC0275117A1C796004067B2 /* su-41-secdb-stress.c */; }; - 4CC92B1F15A3C55200C6D578 /* utilities_regressions.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CC92B1E15A3C55200C6D578 /* utilities_regressions.h */; }; - 4CF1FAC21654EAD100261CF4 /* SecCFWrappers.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CF1FAC11654EAD100261CF4 /* SecCFWrappers.c */; }; - 4CF1FAC416550F6900261CF4 /* su-40-secdb.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CF1FAC316550F6900261CF4 /* su-40-secdb.c */; }; - 521C60C61A9D31580034F742 /* SecCFCCWrappers.c in Sources */ = {isa = PBXBuildFile; fileRef = 521C60C41A9D31580034F742 /* SecCFCCWrappers.c */; }; - 521C60C71A9D31580034F742 /* SecCFCCWrappers.h in Headers */ = {isa = PBXBuildFile; fileRef = 521C60C51A9D31580034F742 /* SecCFCCWrappers.h */; }; - 52743BD616BB278C001A299D /* SecFileLocations.c in Sources */ = {isa = PBXBuildFile; fileRef = 52743BD516BB278C001A299D /* SecFileLocations.c */; }; - 52743BD816BB27A1001A299D /* SecFileLocations.h in Headers */ = {isa = PBXBuildFile; fileRef = 52743BD716BB27A1001A299D /* SecFileLocations.h */; }; - 52E2E4951738371400E78313 /* SecXPCError.h in Headers */ = {isa = PBXBuildFile; fileRef = 52E2E4941738371400E78313 /* SecXPCError.h */; }; - 52E2E4971738394C00E78313 /* SecXPCError.c in Sources */ = {isa = PBXBuildFile; fileRef = 52E2E4961738394C00E78313 /* SecXPCError.c */; }; - 72B918A1179723B500940533 /* iCloudKeychainTrace.c in Sources */ = {isa = PBXBuildFile; fileRef = 72B9189F179723AE00940533 /* iCloudKeychainTrace.c */; }; - 72B918A2179723C100940533 /* iCloudKeychainTrace.h in Headers */ = {isa = PBXBuildFile; fileRef = 72B918A0179723AE00940533 /* iCloudKeychainTrace.h */; }; - BEA22A361811E4C800BE7682 /* SecCertificateTrace.c in Sources */ = {isa = PBXBuildFile; fileRef = BEA22A341811E4A600BE7682 /* SecCertificateTrace.c */; }; - BEA22A371811E4CF00BE7682 /* SecCertificateTrace.h in Headers */ = {isa = PBXBuildFile; fileRef = BEA22A351811E4A600BE7682 /* SecCertificateTrace.h */; }; - E706B78A18FC822B00797907 /* simulate_crash.c in Sources */ = {isa = PBXBuildFile; fileRef = E706B78918FC822B00797907 /* simulate_crash.c */; }; - E7188DF81AAA819400B46156 /* SecBuffer.c in Sources */ = {isa = PBXBuildFile; fileRef = E7188DF61AAA819400B46156 /* SecBuffer.c */; }; - E7188DF91AAA819400B46156 /* SecBuffer.h in Headers */ = {isa = PBXBuildFile; fileRef = E7188DF71AAA819400B46156 /* SecBuffer.h */; }; - E72D461E175FB73100F70B9B /* SecAKSWrappers.h in Headers */ = {isa = PBXBuildFile; fileRef = E72D461D175FAF1E00F70B9B /* SecAKSWrappers.h */; }; - E72D462D175FC35500F70B9B /* SecAKSWrappers.c in Sources */ = {isa = PBXBuildFile; fileRef = E72D462C175FC35500F70B9B /* SecAKSWrappers.c */; }; - E73EB7991B229F3C0095E255 /* SecCoreCrypto.c in Sources */ = {isa = PBXBuildFile; fileRef = E73EB7971B229F3C0095E255 /* SecCoreCrypto.c */; }; - E73EB79A1B229F3C0095E255 /* SecCoreCrypto.h in Headers */ = {isa = PBXBuildFile; fileRef = E73EB7981B229F3C0095E255 /* SecCoreCrypto.h */; }; - E765E23615A79F77006C7347 /* su-15-cfdictionary-der.c in Sources */ = {isa = PBXBuildFile; fileRef = E765E23315A79EA6006C7347 /* su-15-cfdictionary-der.c */; }; - E777C72115B74029004044A8 /* SecCFError.h in Headers */ = {isa = PBXBuildFile; fileRef = E777C71F15B74024004044A8 /* SecCFError.h */; }; - E777C72315B74038004044A8 /* SecCFError.c in Sources */ = {isa = PBXBuildFile; fileRef = E777C72215B74037004044A8 /* SecCFError.c */; }; - E790C14C169E5D9C00E0C0C9 /* readline.c in Sources */ = {isa = PBXBuildFile; fileRef = E790C14A169E5D9C00E0C0C9 /* readline.c */; }; - E790C14D169E5D9C00E0C0C9 /* readline.h in Headers */ = {isa = PBXBuildFile; fileRef = E790C14B169E5D9C00E0C0C9 /* readline.h */; }; - E7934D7115A3A29D007666E0 /* su-14-cfarray-der.c in Sources */ = {isa = PBXBuildFile; fileRef = E7934D6E15A3A298007666E0 /* su-14-cfarray-der.c */; }; - E79D9CE3159D2DB8000834EC /* su-12-cfboolean-der.c in Sources */ = {isa = PBXBuildFile; fileRef = E79D9CE2159D2DB8000834EC /* su-12-cfboolean-der.c */; }; - E79D9CE5159D3138000834EC /* su-13-cfnumber-der.c in Sources */ = {isa = PBXBuildFile; fileRef = E79D9CE4159D3138000834EC /* su-13-cfnumber-der.c */; }; - E7AAB5FA15929D44005C8BCC /* su-11-cfdata-der.c in Sources */ = {isa = PBXBuildFile; fileRef = E7AAB5F815929D3E005C8BCC /* su-11-cfdata-der.c */; }; - E7B183661AAE3FA3006C3392 /* su-08-secbuffer.c in Sources */ = {isa = PBXBuildFile; fileRef = E7B183651AAE3FA3006C3392 /* su-08-secbuffer.c */; }; - E7CC89D51909E0A2005FFA08 /* su-07-debugging.c in Sources */ = {isa = PBXBuildFile; fileRef = E7CC89D41909E0A2005FFA08 /* su-07-debugging.c */; }; - E7E0D909158FD9CD002CA176 /* su-10-cfstring-der.c in Sources */ = {isa = PBXBuildFile; fileRef = E7E0D908158FD9CD002CA176 /* su-10-cfstring-der.c */; }; - EB0BC8F31C3C6E8E00785842 /* SecTrace.c in Sources */ = {isa = PBXBuildFile; fileRef = EB0BC8F11C3C6E8E00785842 /* SecTrace.c */; }; - EB0BC8F41C3C6E8E00785842 /* SecTrace.h in Headers */ = {isa = PBXBuildFile; fileRef = EB0BC8F21C3C6E8E00785842 /* SecTrace.h */; }; - EB7193901B0258890066F5E2 /* SecAppleAnchor.c in Sources */ = {isa = PBXBuildFile; fileRef = EB71938E1B0258890066F5E2 /* SecAppleAnchor.c */; }; - EB7193911B0258890066F5E2 /* SecAppleAnchorPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = EB71938F1B0258890066F5E2 /* SecAppleAnchorPriv.h */; }; - EB7193941B02606A0066F5E2 /* SecInternalRelease.c in Sources */ = {isa = PBXBuildFile; fileRef = EB7193921B02606A0066F5E2 /* SecInternalRelease.c */; }; - EB7193951B02606A0066F5E2 /* SecInternalReleasePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = EB7193931B02606A0066F5E2 /* SecInternalReleasePriv.h */; }; -/* End PBXBuildFile section */ - -/* Begin PBXFileReference section */ - 0C95CCC81A609D5F006E176C /* SecSCTUtils.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecSCTUtils.c; sourceTree = ""; }; - 0C95CCC91A609D5F006E176C /* SecSCTUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecSCTUtils.h; sourceTree = ""; }; - 489E6E4E1A71B07600D7EB8C /* der_set.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = der_set.c; sourceTree = ""; }; - 489E6E4F1A71B07600D7EB8C /* der_set.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = der_set.h; sourceTree = ""; }; - 48FB16FC1A76C9AD00B586C7 /* su-17-cfset-der.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-17-cfset-der.c"; sourceTree = ""; }; - 4C068F801653146500E8A1BB /* iOSforOSX.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = iOSforOSX.h; sourceTree = ""; }; - 4C068F821653147D00E8A1BB /* iOSforOSX.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = iOSforOSX.c; sourceTree = ""; }; - 4C143CF7165172AD003035A3 /* SecDb.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = SecDb.c; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.c; }; - 4C143CF9165172C0003035A3 /* SecDb.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecDb.h; sourceTree = ""; }; - 4C3600431680DEB90049891B /* iOSforOSX-SecAttr.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "iOSforOSX-SecAttr.c"; sourceTree = ""; }; - 4C3600441680DEB90049891B /* iOSforOSX-SecRandom.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "iOSforOSX-SecRandom.c"; sourceTree = ""; }; - 4C3963D815ACF2E700762091 /* su-16-cfdate-der.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-16-cfdate-der.c"; sourceTree = ""; }; - 4C5BCD8917304B8100DCEFB4 /* der_null.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = der_null.c; sourceTree = ""; }; - 4C6882BF15ABADBC00028C8F /* SecCFRelease.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCFRelease.h; sourceTree = ""; }; - 4C6882C015ABADBC00028C8F /* SecCFWrappers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = SecCFWrappers.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - 4C6882C115ABADBC00028C8F /* array_size.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = array_size.h; sourceTree = ""; }; - 4C6882C215ABADBC00028C8F /* comparison.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = comparison.c; sourceTree = ""; }; - 4C6882C315ABADBC00028C8F /* comparison.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = comparison.h; sourceTree = ""; }; - 4C6882C415ABADBC00028C8F /* debugging.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = debugging.c; sourceTree = ""; }; - 4C6882C515ABADBC00028C8F /* debugging.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = debugging.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - 4C6882C615ABADBC00028C8F /* der_array.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = der_array.c; sourceTree = ""; }; - 4C6882C715ABADBC00028C8F /* der_boolean.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = der_boolean.c; sourceTree = ""; }; - 4C6882C815ABADBC00028C8F /* der_data.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = der_data.c; sourceTree = ""; }; - 4C6882C915ABADBC00028C8F /* der_date.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = der_date.c; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.c; }; - 4C6882CA15ABADBC00028C8F /* der_dictionary.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = der_dictionary.c; sourceTree = ""; }; - 4C6882CB15ABADBC00028C8F /* der_number.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = der_number.c; sourceTree = ""; }; - 4C6882CC15ABADBC00028C8F /* der_plist.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = der_plist.c; sourceTree = ""; }; - 4C6882CD15ABADBC00028C8F /* der_plist.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = der_plist.h; sourceTree = ""; }; - 4C6882CE15ABADBC00028C8F /* der_plist_internal.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = der_plist_internal.c; sourceTree = ""; }; - 4C6882CF15ABADBC00028C8F /* der_plist_internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = der_plist_internal.h; sourceTree = ""; }; - 4C6882D015ABADBC00028C8F /* der_string.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = der_string.c; sourceTree = ""; }; - 4C6882D115ABADBC00028C8F /* fileIo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = fileIo.c; sourceTree = ""; }; - 4C6882D215ABADBC00028C8F /* fileIo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = fileIo.h; sourceTree = ""; }; - 4C6882D315ABADBC00028C8F /* sqlutils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sqlutils.h; sourceTree = ""; }; - 4C6882EB15ABC4B400028C8F /* der_date.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = der_date.h; sourceTree = ""; }; - 4C8BDD6F17B3920F00C20EA5 /* SecMeta.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = SecMeta.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; - 4C8BDD7117B4ABCC00C20EA5 /* su-05-cfwrappers.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-05-cfwrappers.c"; sourceTree = ""; }; - 4CB23B9616A09318003A0131 /* security_tool_commands_table.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = security_tool_commands_table.h; sourceTree = ""; }; - 4CB23B9716A09503003A0131 /* not_on_this_platorm.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = not_on_this_platorm.c; sourceTree = ""; }; - 4CC0275117A1C796004067B2 /* su-41-secdb-stress.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-41-secdb-stress.c"; sourceTree = ""; }; - 4CC92B1E15A3C55200C6D578 /* utilities_regressions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = utilities_regressions.h; sourceTree = ""; }; - 4CF1FAC11654EAD100261CF4 /* SecCFWrappers.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecCFWrappers.c; sourceTree = ""; }; - 4CF1FAC316550F6900261CF4 /* su-40-secdb.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-40-secdb.c"; sourceTree = ""; }; - 521C60C41A9D31580034F742 /* SecCFCCWrappers.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecCFCCWrappers.c; sourceTree = ""; }; - 521C60C51A9D31580034F742 /* SecCFCCWrappers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCFCCWrappers.h; sourceTree = ""; }; - 52743BD516BB278C001A299D /* SecFileLocations.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecFileLocations.c; sourceTree = ""; }; - 52743BD716BB27A1001A299D /* SecFileLocations.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecFileLocations.h; sourceTree = ""; }; - 52E2E4941738371400E78313 /* SecXPCError.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecXPCError.h; sourceTree = ""; }; - 52E2E4961738394C00E78313 /* SecXPCError.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecXPCError.c; sourceTree = ""; }; - 72B9189F179723AE00940533 /* iCloudKeychainTrace.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = iCloudKeychainTrace.c; sourceTree = ""; }; - 72B918A0179723AE00940533 /* iCloudKeychainTrace.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = iCloudKeychainTrace.h; sourceTree = ""; }; - BEA22A341811E4A600BE7682 /* SecCertificateTrace.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecCertificateTrace.c; sourceTree = ""; }; - BEA22A351811E4A600BE7682 /* SecCertificateTrace.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecCertificateTrace.h; sourceTree = ""; }; - E706B78918FC822B00797907 /* simulate_crash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = simulate_crash.c; sourceTree = ""; }; - E7188DF61AAA819400B46156 /* SecBuffer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecBuffer.c; sourceTree = ""; }; - E7188DF71AAA819400B46156 /* SecBuffer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecBuffer.h; sourceTree = ""; }; - E72D461D175FAF1E00F70B9B /* SecAKSWrappers.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecAKSWrappers.h; sourceTree = ""; }; - E72D462C175FC35500F70B9B /* SecAKSWrappers.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecAKSWrappers.c; sourceTree = ""; }; - E73EB7971B229F3C0095E255 /* SecCoreCrypto.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecCoreCrypto.c; sourceTree = ""; }; - E73EB7981B229F3C0095E255 /* SecCoreCrypto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCoreCrypto.h; sourceTree = ""; }; - E742A09C14E343E70052A486 /* libutilities.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libutilities.a; sourceTree = BUILT_PRODUCTS_DIR; }; - E742A0C014E344940052A486 /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = System/Library/Frameworks/CoreFoundation.framework; sourceTree = SDKROOT; }; - E765E23315A79EA6006C7347 /* su-15-cfdictionary-der.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-15-cfdictionary-der.c"; sourceTree = ""; }; - E777C71F15B74024004044A8 /* SecCFError.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecCFError.h; sourceTree = ""; }; - E777C72215B74037004044A8 /* SecCFError.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecCFError.c; sourceTree = ""; }; - E790C0F6169E4B8500E0C0C9 /* security_tool_commands.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = security_tool_commands.h; sourceTree = ""; }; - E790C14A169E5D9C00E0C0C9 /* readline.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = readline.c; sourceTree = ""; }; - E790C14B169E5D9C00E0C0C9 /* readline.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = readline.h; sourceTree = ""; }; - E7934D6E15A3A298007666E0 /* su-14-cfarray-der.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-14-cfarray-der.c"; sourceTree = ""; }; - E79D9CE2159D2DB8000834EC /* su-12-cfboolean-der.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-12-cfboolean-der.c"; sourceTree = ""; }; - E79D9CE4159D3138000834EC /* su-13-cfnumber-der.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-13-cfnumber-der.c"; sourceTree = ""; }; - E7AAB5F815929D3E005C8BCC /* su-11-cfdata-der.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-11-cfdata-der.c"; sourceTree = ""; }; - E7B01B961664031B000485F1 /* SecDispatchRelease.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecDispatchRelease.h; sourceTree = ""; }; - E7B183651AAE3FA3006C3392 /* su-08-secbuffer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-08-secbuffer.c"; sourceTree = ""; }; - E7CC89D31909DF3F005FFA08 /* debugging_test.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = debugging_test.h; sourceTree = ""; }; - E7CC89D41909E0A2005FFA08 /* su-07-debugging.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = "su-07-debugging.c"; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.c; }; - E7E0D8F9158FA9A3002CA176 /* libutilitiesRegressions.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libutilitiesRegressions.a; sourceTree = BUILT_PRODUCTS_DIR; }; - E7E0D908158FD9CD002CA176 /* su-10-cfstring-der.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-10-cfstring-der.c"; sourceTree = ""; }; - E7FC081B161A3038008E0760 /* SecIOFormat.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecIOFormat.h; sourceTree = ""; }; - EB0BC8F11C3C6E8E00785842 /* SecTrace.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecTrace.c; sourceTree = ""; }; - EB0BC8F21C3C6E8E00785842 /* SecTrace.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecTrace.h; sourceTree = ""; }; - EB71938E1B0258890066F5E2 /* SecAppleAnchor.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecAppleAnchor.c; sourceTree = ""; }; - EB71938F1B0258890066F5E2 /* SecAppleAnchorPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecAppleAnchorPriv.h; sourceTree = ""; }; - EB7193921B02606A0066F5E2 /* SecInternalRelease.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecInternalRelease.c; sourceTree = ""; }; - EB7193931B02606A0066F5E2 /* SecInternalReleasePriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecInternalReleasePriv.h; sourceTree = ""; }; - EBCB283E184D054900EF102F /* lib.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; name = lib.xcconfig; path = config/lib.xcconfig; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - E742A09914E343E70052A486 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; - E7E0D8ED158FA9A3002CA176 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 4C6882BC15ABADBC00028C8F /* src */ = { - isa = PBXGroup; - children = ( - 4C8BDD6F17B3920F00C20EA5 /* SecMeta.h */, - 72B9189F179723AE00940533 /* iCloudKeychainTrace.c */, - 72B918A0179723AE00940533 /* iCloudKeychainTrace.h */, - E72D462C175FC35500F70B9B /* SecAKSWrappers.c */, - E72D461D175FAF1E00F70B9B /* SecAKSWrappers.h */, - E7188DF61AAA819400B46156 /* SecBuffer.c */, - E7188DF71AAA819400B46156 /* SecBuffer.h */, - E73EB7971B229F3C0095E255 /* SecCoreCrypto.c */, - E73EB7981B229F3C0095E255 /* SecCoreCrypto.h */, - BEA22A341811E4A600BE7682 /* SecCertificateTrace.c */, - BEA22A351811E4A600BE7682 /* SecCertificateTrace.h */, - 521C60C41A9D31580034F742 /* SecCFCCWrappers.c */, - 521C60C51A9D31580034F742 /* SecCFCCWrappers.h */, - 4C6882BF15ABADBC00028C8F /* SecCFRelease.h */, - 4CF1FAC11654EAD100261CF4 /* SecCFWrappers.c */, - 4C6882C015ABADBC00028C8F /* SecCFWrappers.h */, - E777C72215B74037004044A8 /* SecCFError.c */, - E777C71F15B74024004044A8 /* SecCFError.h */, - E7B01B961664031B000485F1 /* SecDispatchRelease.h */, - E7FC081B161A3038008E0760 /* SecIOFormat.h */, - EB0BC8F11C3C6E8E00785842 /* SecTrace.c */, - EB0BC8F21C3C6E8E00785842 /* SecTrace.h */, - 4C6882C115ABADBC00028C8F /* array_size.h */, - 4C6882C215ABADBC00028C8F /* comparison.c */, - 4C6882C315ABADBC00028C8F /* comparison.h */, - 4C6882C415ABADBC00028C8F /* debugging.c */, - 4C6882C515ABADBC00028C8F /* debugging.h */, - E7CC89D31909DF3F005FFA08 /* debugging_test.h */, - 4C6882C615ABADBC00028C8F /* der_array.c */, - 4C6882C715ABADBC00028C8F /* der_boolean.c */, - 4C5BCD8917304B8100DCEFB4 /* der_null.c */, - 4C6882C815ABADBC00028C8F /* der_data.c */, - 4C6882C915ABADBC00028C8F /* der_date.c */, - 4C6882EB15ABC4B400028C8F /* der_date.h */, - 4C6882CA15ABADBC00028C8F /* der_dictionary.c */, - 4C6882CB15ABADBC00028C8F /* der_number.c */, - 4C6882CC15ABADBC00028C8F /* der_plist.c */, - 4C6882CD15ABADBC00028C8F /* der_plist.h */, - 4C6882CE15ABADBC00028C8F /* der_plist_internal.c */, - 4C6882CF15ABADBC00028C8F /* der_plist_internal.h */, - 489E6E4E1A71B07600D7EB8C /* der_set.c */, - 489E6E4F1A71B07600D7EB8C /* der_set.h */, - 4C6882D015ABADBC00028C8F /* der_string.c */, - 4C6882D115ABADBC00028C8F /* fileIo.c */, - 4C6882D215ABADBC00028C8F /* fileIo.h */, - 4C6882D315ABADBC00028C8F /* sqlutils.h */, - 4C068F801653146500E8A1BB /* iOSforOSX.h */, - 4C068F821653147D00E8A1BB /* iOSforOSX.c */, - 4C3600431680DEB90049891B /* iOSforOSX-SecAttr.c */, - 4C3600441680DEB90049891B /* iOSforOSX-SecRandom.c */, - 4C143CF7165172AD003035A3 /* SecDb.c */, - 4C143CF9165172C0003035A3 /* SecDb.h */, - 52743BD516BB278C001A299D /* SecFileLocations.c */, - 52743BD716BB27A1001A299D /* SecFileLocations.h */, - 52E2E4941738371400E78313 /* SecXPCError.h */, - 52E2E4961738394C00E78313 /* SecXPCError.c */, - E706B78918FC822B00797907 /* simulate_crash.c */, - 0C95CCC91A609D5F006E176C /* SecSCTUtils.h */, - 0C95CCC81A609D5F006E176C /* SecSCTUtils.c */, - EB71938E1B0258890066F5E2 /* SecAppleAnchor.c */, - EB71938F1B0258890066F5E2 /* SecAppleAnchorPriv.h */, - EB7193921B02606A0066F5E2 /* SecInternalRelease.c */, - EB7193931B02606A0066F5E2 /* SecInternalReleasePriv.h */, - ); - path = src; - sourceTree = ""; - }; - E742A09114E343E70052A486 = { - isa = PBXGroup; - children = ( - EBCB283D184D051D00EF102F /* config */, - 4C6882BC15ABADBC00028C8F /* src */, - E7E0D8E7158FA984002CA176 /* Regressions */, - E790C0F5169E4B5E00E0C0C9 /* SecurityTool */, - E742A09E14E343E70052A486 /* Frameworks */, - E742A09D14E343E70052A486 /* Products */, - ); - sourceTree = ""; - }; - E742A09D14E343E70052A486 /* Products */ = { - isa = PBXGroup; - children = ( - E742A09C14E343E70052A486 /* libutilities.a */, - E7E0D8F9158FA9A3002CA176 /* libutilitiesRegressions.a */, - ); - name = Products; - sourceTree = ""; - }; - E742A09E14E343E70052A486 /* Frameworks */ = { - isa = PBXGroup; - children = ( - E742A0C014E344940052A486 /* CoreFoundation.framework */, - ); - name = Frameworks; - sourceTree = ""; - }; - E790C0F5169E4B5E00E0C0C9 /* SecurityTool */ = { - isa = PBXGroup; - children = ( - E790C14A169E5D9C00E0C0C9 /* readline.c */, - E790C14B169E5D9C00E0C0C9 /* readline.h */, - E790C0F6169E4B8500E0C0C9 /* security_tool_commands.h */, - 4CB23B9616A09318003A0131 /* security_tool_commands_table.h */, - 4CB23B9716A09503003A0131 /* not_on_this_platorm.c */, - ); - path = SecurityTool; - sourceTree = ""; - }; - E7E0D8E7158FA984002CA176 /* Regressions */ = { - isa = PBXGroup; - children = ( - 4CC92B1E15A3C55200C6D578 /* utilities_regressions.h */, - 4C8BDD7117B4ABCC00C20EA5 /* su-05-cfwrappers.c */, - E7CC89D41909E0A2005FFA08 /* su-07-debugging.c */, - E7B183651AAE3FA3006C3392 /* su-08-secbuffer.c */, - E7E0D908158FD9CD002CA176 /* su-10-cfstring-der.c */, - E7AAB5F815929D3E005C8BCC /* su-11-cfdata-der.c */, - E79D9CE2159D2DB8000834EC /* su-12-cfboolean-der.c */, - E79D9CE4159D3138000834EC /* su-13-cfnumber-der.c */, - E7934D6E15A3A298007666E0 /* su-14-cfarray-der.c */, - E765E23315A79EA6006C7347 /* su-15-cfdictionary-der.c */, - 48FB16FC1A76C9AD00B586C7 /* su-17-cfset-der.c */, - 4C3963D815ACF2E700762091 /* su-16-cfdate-der.c */, - 4CF1FAC316550F6900261CF4 /* su-40-secdb.c */, - 4CC0275117A1C796004067B2 /* su-41-secdb-stress.c */, - ); - path = Regressions; - sourceTree = ""; - }; - EBCB283D184D051D00EF102F /* config */ = { - isa = PBXGroup; - children = ( - EBCB283E184D054900EF102F /* lib.xcconfig */, - ); - name = config; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - E742A09A14E343E70052A486 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 72B918A2179723C100940533 /* iCloudKeychainTrace.h in Headers */, - 521C60C71A9D31580034F742 /* SecCFCCWrappers.h in Headers */, - E73EB79A1B229F3C0095E255 /* SecCoreCrypto.h in Headers */, - 4C6882D615ABADBC00028C8F /* SecCFRelease.h in Headers */, - EB7193951B02606A0066F5E2 /* SecInternalReleasePriv.h in Headers */, - 52E2E4951738371400E78313 /* SecXPCError.h in Headers */, - 4C6882D715ABADBC00028C8F /* SecCFWrappers.h in Headers */, - E72D461E175FB73100F70B9B /* SecAKSWrappers.h in Headers */, - 4C6882D815ABADBC00028C8F /* array_size.h in Headers */, - EB7193911B0258890066F5E2 /* SecAppleAnchorPriv.h in Headers */, - 4C6882DA15ABADBC00028C8F /* comparison.h in Headers */, - 489E6E511A71B07600D7EB8C /* der_set.h in Headers */, - 4C6882DC15ABADBC00028C8F /* debugging.h in Headers */, - 4C6882E415ABADBC00028C8F /* der_plist.h in Headers */, - BEA22A371811E4CF00BE7682 /* SecCertificateTrace.h in Headers */, - 4C6882E615ABADBC00028C8F /* der_plist_internal.h in Headers */, - EB0BC8F41C3C6E8E00785842 /* SecTrace.h in Headers */, - 4C6882E915ABADBC00028C8F /* fileIo.h in Headers */, - 0C95CCCB1A609D5F006E176C /* SecSCTUtils.h in Headers */, - E7188DF91AAA819400B46156 /* SecBuffer.h in Headers */, - 4C6882EA15ABADBC00028C8F /* sqlutils.h in Headers */, - E777C72115B74029004044A8 /* SecCFError.h in Headers */, - 4C068F811653146500E8A1BB /* iOSforOSX.h in Headers */, - E790C14D169E5D9C00E0C0C9 /* readline.h in Headers */, - 52743BD816BB27A1001A299D /* SecFileLocations.h in Headers */, - 4C8BDD7017B3920F00C20EA5 /* SecMeta.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - E7E0D8EF158FA9A3002CA176 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 4CC92B1F15A3C55200C6D578 /* utilities_regressions.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - E742A09B14E343E70052A486 /* utilities */ = { - isa = PBXNativeTarget; - buildConfigurationList = E742A0A914E343E70052A486 /* Build configuration list for PBXNativeTarget "utilities" */; - buildPhases = ( - E742A09814E343E70052A486 /* Sources */, - E742A09914E343E70052A486 /* Frameworks */, - E742A09A14E343E70052A486 /* Headers */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = utilities; - productName = security_utilities; - productReference = E742A09C14E343E70052A486 /* libutilities.a */; - productType = "com.apple.product-type.library.static"; - }; - E7E0D8E8158FA9A3002CA176 /* utilitiesRegressions */ = { - isa = PBXNativeTarget; - buildConfigurationList = E7E0D8F6158FA9A3002CA176 /* Build configuration list for PBXNativeTarget "utilitiesRegressions" */; - buildPhases = ( - E7E0D8E9158FA9A3002CA176 /* Sources */, - E7E0D8ED158FA9A3002CA176 /* Frameworks */, - E7E0D8EF158FA9A3002CA176 /* Headers */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = utilitiesRegressions; - productName = security_utilities; - productReference = E7E0D8F9158FA9A3002CA176 /* libutilitiesRegressions.a */; - productType = "com.apple.product-type.library.static"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - E742A09314E343E70052A486 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - ORGANIZATIONNAME = "Apple Inc."; - }; - buildConfigurationList = E742A09614E343E70052A486 /* Build configuration list for PBXProject "utilities" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 0; - knownRegions = ( - en, - ); - mainGroup = E742A09114E343E70052A486; - productRefGroup = E742A09D14E343E70052A486 /* Products */; - projectDirPath = ""; - projectRoot = ""; - targets = ( - E742A09B14E343E70052A486 /* utilities */, - E7E0D8E8158FA9A3002CA176 /* utilitiesRegressions */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXSourcesBuildPhase section */ - E742A09814E343E70052A486 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4C6882D915ABADBC00028C8F /* comparison.c in Sources */, - 4C6882DB15ABADBC00028C8F /* debugging.c in Sources */, - 72B918A1179723B500940533 /* iCloudKeychainTrace.c in Sources */, - 4C6882DD15ABADBC00028C8F /* der_array.c in Sources */, - 4C6882DE15ABADBC00028C8F /* der_boolean.c in Sources */, - 4C6882DF15ABADBC00028C8F /* der_data.c in Sources */, - 4C6882E015ABADBC00028C8F /* der_date.c in Sources */, - E73EB7991B229F3C0095E255 /* SecCoreCrypto.c in Sources */, - EB0BC8F31C3C6E8E00785842 /* SecTrace.c in Sources */, - E706B78A18FC822B00797907 /* simulate_crash.c in Sources */, - E72D462D175FC35500F70B9B /* SecAKSWrappers.c in Sources */, - 4C6882E115ABADBC00028C8F /* der_dictionary.c in Sources */, - 4C6882E215ABADBC00028C8F /* der_number.c in Sources */, - EB7193901B0258890066F5E2 /* SecAppleAnchor.c in Sources */, - 4C6882E315ABADBC00028C8F /* der_plist.c in Sources */, - 4C6882E515ABADBC00028C8F /* der_plist_internal.c in Sources */, - 4C6882E715ABADBC00028C8F /* der_string.c in Sources */, - 4C6882E815ABADBC00028C8F /* fileIo.c in Sources */, - E777C72315B74038004044A8 /* SecCFError.c in Sources */, - 489E6E501A71B07600D7EB8C /* der_set.c in Sources */, - 4C143CF8165172AD003035A3 /* SecDb.c in Sources */, - 4CF1FAC21654EAD100261CF4 /* SecCFWrappers.c in Sources */, - 521C60C61A9D31580034F742 /* SecCFCCWrappers.c in Sources */, - 52E2E4971738394C00E78313 /* SecXPCError.c in Sources */, - E7188DF81AAA819400B46156 /* SecBuffer.c in Sources */, - 4C3600451680DEB90049891B /* iOSforOSX-SecAttr.c in Sources */, - 4C3600461680DEB90049891B /* iOSforOSX-SecRandom.c in Sources */, - BEA22A361811E4C800BE7682 /* SecCertificateTrace.c in Sources */, - E790C14C169E5D9C00E0C0C9 /* readline.c in Sources */, - 4CB23B9816A09503003A0131 /* not_on_this_platorm.c in Sources */, - 4C5BCD8A17304CE600DCEFB4 /* der_null.c in Sources */, - 52743BD616BB278C001A299D /* SecFileLocations.c in Sources */, - EB7193941B02606A0066F5E2 /* SecInternalRelease.c in Sources */, - 0C95CCCA1A609D5F006E176C /* SecSCTUtils.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - E7E0D8E9158FA9A3002CA176 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - E7B183661AAE3FA3006C3392 /* su-08-secbuffer.c in Sources */, - 4CC0275217A1C796004067B2 /* su-41-secdb-stress.c in Sources */, - 48FB16FE1A76C9AD00B586C7 /* su-17-cfset-der.c in Sources */, - E7E0D909158FD9CD002CA176 /* su-10-cfstring-der.c in Sources */, - E7AAB5FA15929D44005C8BCC /* su-11-cfdata-der.c in Sources */, - E79D9CE3159D2DB8000834EC /* su-12-cfboolean-der.c in Sources */, - E79D9CE5159D3138000834EC /* su-13-cfnumber-der.c in Sources */, - 4C8BDD7217B4ABCC00C20EA5 /* su-05-cfwrappers.c in Sources */, - E7934D7115A3A29D007666E0 /* su-14-cfarray-der.c in Sources */, - E765E23615A79F77006C7347 /* su-15-cfdictionary-der.c in Sources */, - 4C3963D915ACF2E700762091 /* su-16-cfdate-der.c in Sources */, - 4CF1FAC416550F6900261CF4 /* su-40-secdb.c in Sources */, - E7CC89D51909E0A2005FFA08 /* su-07-debugging.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin XCBuildConfiguration section */ - E742A0A714E343E70052A486 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - "ARCHS[sdk=macosx*]" = "$(ARCHS_STANDARD_32_64_BIT)"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_STATIC_ANALYZER_MODE = deep; - COPY_PHASE_STRIP = NO; - ENABLE_TESTABILITY = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_OPTIMIZATION_LEVEL = 0; - GCC_PREPROCESSOR_DEFINITIONS = ( - "$(inherited)", - "DEBUG=1", - ); - GCC_SYMBOLS_PRIVATE_EXTERN = NO; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - ONLY_ACTIVE_ARCH = YES; - RUN_CLANG_STATIC_ANALYZER = YES; - SDKROOT = macosx.internal; - SUPPORTED_PLATFORMS = "iphonesimulator iphoneos macosx appletvos appletvsimulator watchos watchsimulator"; - }; - name = Debug; - }; - E742A0A814E343E70052A486 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - "ARCHS[sdk=macosx*]" = "$(ARCHS_STANDARD_32_64_BIT)"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_STATIC_ANALYZER_MODE = deep; - COPY_PHASE_STRIP = NO; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_PREPROCESSOR_DEFINITIONS = "NDEBUG=1"; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - RUN_CLANG_STATIC_ANALYZER = YES; - SDKROOT = macosx.internal; - SUPPORTED_PLATFORMS = "iphonesimulator iphoneos macosx appletvos appletvsimulator watchos watchsimulator"; - VALIDATE_PRODUCT = YES; - }; - name = Release; - }; - E742A0AA14E343E70052A486 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = EBCB283E184D054900EF102F /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(PROJECT_DIR)", - "$(PROJECT_DIR)/../sec/ProjectHeaders/", - "$(BUILT_PRODUCTS_DIR)/usr/local/include", - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - SKIP_INSTALL = YES; - }; - name = Debug; - }; - E742A0AB14E343E70052A486 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = EBCB283E184D054900EF102F /* lib.xcconfig */; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(PROJECT_DIR)", - "$(PROJECT_DIR)/../sec/ProjectHeaders", - "$(BUILT_PRODUCTS_DIR)/usr/local/include", - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - SKIP_INSTALL = YES; - }; - name = Release; - }; - E7E0D8F7158FA9A3002CA176 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(PROJECT_DIR)", - "$(PROJECT_DIR)/../regressions", - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - SKIP_INSTALL = YES; - }; - name = Debug; - }; - E7E0D8F8158FA9A3002CA176 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(PROJECT_DIR)", - "$(PROJECT_DIR)/../regressions", - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - SKIP_INSTALL = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - E742A09614E343E70052A486 /* Build configuration list for PBXProject "utilities" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - E742A0A714E343E70052A486 /* Debug */, - E742A0A814E343E70052A486 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - E742A0A914E343E70052A486 /* Build configuration list for PBXNativeTarget "utilities" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - E742A0AA14E343E70052A486 /* Debug */, - E742A0AB14E343E70052A486 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - E7E0D8F6158FA9A3002CA176 /* Build configuration list for PBXNativeTarget "utilitiesRegressions" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - E7E0D8F7158FA9A3002CA176 /* Debug */, - E7E0D8F8158FA9A3002CA176 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = E742A09314E343E70052A486 /* Project object */; -} diff --git a/OTAPKIAssetTool/OTAServiceApp.m b/OTAPKIAssetTool/OTAServiceApp.m index eee3ecff..fb94a5a3 100644 --- a/OTAPKIAssetTool/OTAServiceApp.m +++ b/OTAPKIAssetTool/OTAServiceApp.m @@ -2,8 +2,6 @@ // OTAServiceApp.m // Security // -// Created by local on 2/11/13. -// // @@ -23,6 +21,7 @@ #import #import #import +#import #import #import #import @@ -628,7 +627,7 @@ out: */ xpc_transaction_begin(); - if (_verbose) + if (self->_verbose) { syslog(LOG_NOTICE, "BackgroundTaskAgent job %s fired", job_name); } @@ -640,14 +639,14 @@ out: } else if (job_status == kBackgroundTaskAgentJobSatisfied) { - if (_verbose) + if (self->_verbose) { syslog(LOG_NOTICE, "BTA job %s is satisfied -- performing asset query", job_name); } bool shouldReschedule = false; if ([self run:&shouldReschedule] || !shouldReschedule) { - if (_verbose) + if (self->_verbose) { syslog(LOG_NOTICE, "Unscheduling BTA job"); } @@ -655,8 +654,8 @@ out: } else { - syslog(LOG_NOTICE, "Asset query failed due to network error. Re-scheduling BTA job for another attempt in %f seconds.", _asset_query_retry_interval); - [self registerBackgroundTaskAgentJobWithDelay:_asset_query_retry_interval]; + syslog(LOG_NOTICE, "Asset query failed due to network error. Re-scheduling BTA job for another attempt in %f seconds.", self->_asset_query_retry_interval); + [self registerBackgroundTaskAgentJobWithDelay:self->_asset_query_retry_interval]; } } else if (job_status == kBackgroundTaskAgentJobUnsatisfied) @@ -681,7 +680,7 @@ out: { xpc_activity_state_t state = xpc_activity_get_state(activity); - if (_verbose) + if (self->_verbose) { xpc_object_t criteria = xpc_activity_copy_criteria(activity); @@ -703,7 +702,7 @@ out: * The activity is already configured in the launchd plist, so there * is nothing to do here */ - if (_verbose) + if (self->_verbose) { syslog(LOG_NOTICE, "Activity %s in check in state", kOTAPKIAssetToolActivity); } @@ -720,7 +719,7 @@ out: syslog(LOG_NOTICE, "Activity %s in run state. Scheduling BTA job for earliest network availability.", kOTAPKIAssetToolActivity); [self registerBackgroundTaskAgentJobWithDelay:0]; } - else if (_verbose) + else if (self->_verbose) { syslog(LOG_NOTICE, "Already have a BTA job registered. Ignoring activity."); } @@ -1183,20 +1182,27 @@ out: { return result; } - + NSError* error = nil; NSData* file_data = [NSData dataWithContentsOfFile:file_path options:0 error:&error]; if (nil != error) { return result; } + + NSMutableData *digest = [NSMutableData dataWithLength:CC_SHA256_DIGEST_LENGTH]; + uint8_t *dp = (digest) ? [digest mutableBytes] : NULL; + if (NULL == dp) + { + return result; + } + + memset(dp, 0, CC_SHA256_DIGEST_LENGTH); + CCDigest(kCCDigestSHA256, + (const uint8_t *)[file_data bytes], + (size_t)[file_data length], dp); - UInt8 buffer[CC_SHA256_DIGEST_LENGTH]; - memset(buffer, 0, CC_SHA256_DIGEST_LENGTH); - CC_SHA256([file_data bytes], (CC_LONG)[file_data length], buffer); - NSData* file_hash_data = [NSData dataWithBytesNoCopy:buffer length:CC_SHA256_DIGEST_LENGTH freeWhenDone:NO]; - - result = [hash isEqualToData:file_hash_data]; + result = [hash isEqualToData:digest]; return result; } diff --git a/RegressionTests/Security.plist b/RegressionTests/Security.plist index c21bfa12..36af039c 100644 --- a/RegressionTests/Security.plist +++ b/RegressionTests/Security.plist @@ -26,12 +26,12 @@ TestName BackupTest - Disabled - Command /AppleInternal/CoreOS/tests/Security/secbackuptest + EligibleResource + cpuArchitecture BEGINSWITH 'arm' TestName diff --git a/RegressionTests/secitemfunctionality/secitemfunctionality.m b/RegressionTests/secitemfunctionality/secitemfunctionality.m index b6baabc1..53b7556c 100644 --- a/RegressionTests/secitemfunctionality/secitemfunctionality.m +++ b/RegressionTests/secitemfunctionality/secitemfunctionality.m @@ -14,6 +14,7 @@ #include #include #include +#include #include #include @@ -532,23 +533,164 @@ CheckFindIdentityByReference(void) printf("[PASS] %s\n", __FUNCTION__); } +static uint64_t +timeDiff(uint64_t start, uint64_t stop) +{ + static uint64_t time_overhead_measured = 0; + static double timebase_factor = 0; + + if (time_overhead_measured == 0) { + uint64_t t0 = mach_absolute_time(); + time_overhead_measured = mach_absolute_time() - t0; + + struct mach_timebase_info timebase_info = {}; + mach_timebase_info(&timebase_info); + timebase_factor = ((double)timebase_info.numer)/((double)timebase_info.denom); + } + + return ((stop - start - time_overhead_measured) * timebase_factor) / NSEC_PER_USEC; +} + +static void +RunCopyPerfTest(NSString *name, NSDictionary *query) +{ + uint64_t start = mach_absolute_time(); + OSStatus status; + CFTypeRef result = NULL; + + status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &result); + if (status != 0) + abort(); + + uint64_t stop = mach_absolute_time(); + + if (result) + CFRelease(result); + + uint64_t us = timeDiff(start, stop); + + puts([[NSString stringWithFormat:@"[RESULT_KEY] SecItemCopyMatching-%@\n[RESULT_VALUE] %lu\n", + name, (unsigned long)us] UTF8String]); +} + +static void +CheckItemPerformance(void) +{ + unsigned n; + + printf("[TEST] %s\n", __FUNCTION__); + + /* + * Clean identities + */ + NSDictionary *clean1 = @{ + (id)kSecClass : (id)kSecClassGenericPassword, + (id)kSecAttrService : @"service", + (id)kSecAttrAccessGroup : @"keychain-test1", + (id)kSecAttrNoLegacy : (id)kCFBooleanTrue, + }; + (void)SecItemDelete((__bridge CFDictionaryRef)clean1); + + NSData *data = [NSData dataWithBytes:"password" length:8]; + + for (n = 0; n < 1000; n++) { + NSDictionary *item = @{ + (id)kSecClass : (id)kSecClassGenericPassword, + (id)kSecAttrAccount : [NSString stringWithFormat:@"account-%d", n], + (id)kSecAttrService : @"service", + (id)kSecAttrNoLegacy : (id)kCFBooleanTrue, + (id)kSecAttrAccessGroup : @"keychain-test1", + (id)kSecAttrNoLegacy : (id)kCFBooleanTrue, + (id)kSecValueData : data, + }; + SecItemAdd((__bridge CFDictionaryRef)item, NULL); + } + + + RunCopyPerfTest(@"FindOneItemLimit", @{ + (id)kSecClass : (id)kSecClassGenericPassword, + (id)kSecAttrService : @"service", + (id)kSecMatchLimit : (id)kSecMatchLimitOne, + }); + RunCopyPerfTest(@"FindOneItemUnique", @{ + (id)kSecClass : (id)kSecClassGenericPassword, + (id)kSecAttrAccount : @"account-0", + (id)kSecAttrService : @"service", + (id)kSecMatchLimit : (id)kSecMatchLimitAll, + }); + RunCopyPerfTest(@"Find1000Items", @{ + (id)kSecClass : (id)kSecClassGenericPassword, + (id)kSecAttrService : @"service", + (id)kSecMatchLimit : (id)kSecMatchLimitAll, + }); + RunCopyPerfTest(@"GetAttrOneItemUnique", @{ + (id)kSecClass : (id)kSecClassGenericPassword, + (id)kSecAttrAccount : @"account-0", + (id)kSecAttrService : @"service", + (id)kSecReturnAttributes : (id)kCFBooleanTrue, + (id)kSecMatchLimit : (id)kSecMatchLimitAll, + }); + RunCopyPerfTest(@"GetData1000Items", @{ + (id)kSecClass : (id)kSecClassGenericPassword, + (id)kSecAttrService : @"service", + (id)kSecReturnData : (id)kCFBooleanTrue, + (id)kSecMatchLimit : (id)kSecMatchLimitAll, + }); + RunCopyPerfTest(@"GetDataOneItemUnique", @{ + (id)kSecClass : (id)kSecClassGenericPassword, + (id)kSecAttrAccount : @"account-0", + (id)kSecAttrService : @"service", + (id)kSecReturnData : (id)kCFBooleanTrue, + (id)kSecMatchLimit : (id)kSecMatchLimitAll, + }); + RunCopyPerfTest(@"GetDataAttrOneItemUnique", @{ + (id)kSecClass : (id)kSecClassGenericPassword, + (id)kSecAttrAccount : @"account-0", + (id)kSecAttrService : @"service", + (id)kSecReturnData : (id)kCFBooleanTrue, + (id)kSecReturnAttributes : (id)kCFBooleanTrue, + (id)kSecMatchLimit : (id)kSecMatchLimitAll, + }); +#if TARGET_OS_IPHONE /* macOS doesn't support fetching data for more then one item */ + RunCopyPerfTest(@"GetData1000Items", @{ + (id)kSecClass : (id)kSecClassGenericPassword, + (id)kSecAttrService : @"service", + (id)kSecReturnData : (id)kCFBooleanTrue, + (id)kSecMatchLimit : (id)kSecMatchLimitAll, + }); + RunCopyPerfTest(@"GetDataAttr1000Items", @{ + (id)kSecClass : (id)kSecClassGenericPassword, + (id)kSecAttrService : @"service", + (id)kSecReturnData : (id)kCFBooleanTrue, + (id)kSecReturnAttributes : (id)kCFBooleanTrue, + (id)kSecMatchLimit : (id)kSecMatchLimitAll, + }); +#endif + + (void)SecItemDelete((__bridge CFDictionaryRef)clean1); + + + printf("[PASS] %s\n", __FUNCTION__); +} + int main(int argc, const char ** argv) { -#if !TARGET_OS_IPHONE +#if TARGET_OS_OSX char *user = getenv("USER"); if (user && strcmp("bats", user) == 0) { (void)SecKeychainUnlock(NULL, 4, "bats", true); } #endif + CheckItemPerformance(); + CheckFindIdentityByReference(); - if (random() == 17) { - CheckItemAddDeleteMaybeLegacyKeychainNoData(); - CheckItemAddDeleteNoData(); - CheckItemUpdateAccessGroupGENP(); - CheckItemUpdateAccessGroupIdentity(); - } + CheckItemAddDeleteMaybeLegacyKeychainNoData(); + CheckItemAddDeleteNoData(); + CheckItemUpdateAccessGroupGENP(); + CheckItemUpdateAccessGroupIdentity(); + return 0; } diff --git a/SOSCCAuthPlugin/SOSCCAuthPlugin.m b/SOSCCAuthPlugin/SOSCCAuthPlugin.m index 2716449b..ec8a7eef 100644 --- a/SOSCCAuthPlugin/SOSCCAuthPlugin.m +++ b/SOSCCAuthPlugin/SOSCCAuthPlugin.m @@ -10,12 +10,12 @@ #import #import #import -#import #import #import #import -#import -#include "utilities/SecCFRelease.h" +#import +#import "utilities/SecCFRelease.h" +#import "utilities/debugging.h" @implementation SOSCCAuthPlugin @@ -26,16 +26,16 @@ completion: (dispatch_block_t) completion { BOOL do_auth = NO; - ACLogNotice(@"parameters %@", parameters); - ACLogNotice(@"account %@", account); + secinfo("accounts", "parameters %@", parameters); + secinfo("accounts", "account %@", account); if ([account.accountType.identifier isEqualToString:ACAccountTypeIdentifierIdentityServices]) { ACAccount *icloud = [store aa_primaryAppleAccount]; NSString *dsid = [parameters[@"com.apple.private.ids"][@"service-data"][@"profile-id"] substringFromIndex:2]; // remove "D:" prefix - ACLogNotice(@"IDS account: iCloud %@ (personID %@)", icloud, icloud.aa_personID); + secinfo("accounts", "IDS account: iCloud %@ (personID %@)", icloud, icloud.aa_personID); do_auth = icloud && icloud.aa_personID && [icloud.aa_personID isEqualToString:dsid]; } else if ([account.accountType.identifier isEqualToString:ACAccountTypeIdentifierAppleAccount]) { - ACLogNotice(@"AppleID account: primary %@", @([account aa_isPrimaryAccount])); + secinfo("accounts", "AppleID account: primary %@", @([account aa_isPrimaryAccount])); do_auth = [account aa_isPrimaryAccount]; } @@ -49,10 +49,10 @@ const char *password = [rawPassword cStringUsingEncoding:NSUTF8StringEncoding]; CFDataRef passwordData = CFDataCreate(kCFAllocatorDefault, (const uint8_t *) password, strlen(password)); if (passwordData) { - ACLogNotice(@"Performing SOS circle credential set for account %@: %@", account.identifier, account.username); + secinfo("accounts", "Performing SOS circle credential set for account %@: %@", account.identifier, account.username); NSString *dsid = [account aa_personID]; if (!SOSCCSetUserCredentialsAndDSID((__bridge CFStringRef) account.username, passwordData, (__bridge CFStringRef) dsid, &authError)) { - ACLogError(@"Unable to set SOS circle credentials for account %@: %@", account.identifier, authError); + secerror("Unable to set SOS circle credentials for account %@: %@", account.identifier, authError); CFReleaseNull(authError); } @@ -60,12 +60,12 @@ } } else { if (!SOSCCCanAuthenticate(&authError)) { - ACLogError(@"Account %@ did not present a password and we could not authenticate the SOS circle: %@", account.identifier, authError); + secerror("Account %@ did not present a password and we could not authenticate the SOS circle: %@", account.identifier, authError); CFReleaseNull(authError); // CFReleaseSafe? } } } else { - ACLogNotice(@"NOT performing SOS circle credential set for account %@: %@", account.identifier, account.username); + secinfo("accounts", "NOT performing SOS circle credential set for account %@: %@", account.identifier, account.username); } completion(); diff --git a/SecureObjectSync.exp b/SecureObjectSync.exp deleted file mode 100644 index 796cb21e..00000000 --- a/SecureObjectSync.exp +++ /dev/null @@ -1 +0,0 @@ -_SecSyncCCDeriveUserIDFromEntropy diff --git a/Security.exp-in b/Security.exp-in index f34cc73a..b74b55f0 100644 --- a/Security.exp-in +++ b/Security.exp-in @@ -4,6 +4,10 @@ #include "Security/SecAccessControlExports.exp-in" #include "SecureObjectSync/SOSExports.exp-in" +#if TARGET_OS_OSX +#include "CSSMOID.exp-in" +#endif +#if TARGET_OS_IPHONE _CSSMOID_MD5WithRSA _CSSMOID_SHA1 _CSSMOID_SHA1WithRSA @@ -13,15 +17,22 @@ _CSSMOID_ECDSA_WithSHA1 _CSSMOID_ECDSA_WithSHA256 _CSSMOID_ECDSA_WithSHA384 _CSSMOID_PKCS5_HMAC_SHA1 +#endif + +#if TARGET_OS_IPHONE _DEROidCompare _NtlmCreateClientRequest _NtlmCreateClientResponse +__NtlmCreateClientResponse _NtlmGeneratePasswordHashes _NtlmGeneratorCreate _NtlmGeneratorRelease _NtlmGetNegotiatedVersion _OID_PKIX_OCSP_BASIC _OID_GOOGLE_OCSP_SCT +#endif + +#if TARGET_OS_IPHONE _SSLAddDistinguishedName _SSLClose _SSLContextGetTypeID @@ -136,6 +147,135 @@ __SSLSetProtocolVersion __SSLSetProtocolVersionEnabled __SSLSetRsaBlinding __SSLSetTrustedRoots +#endif // TARGET_OS_IPHONE + +#if TARGET_OS_OSX +// +// libsecurity_ssl +// +_SSLAddDistinguishedName +_SSLClose +_SSLContextGetTypeID +_SSLCreateContext +_SSLCreateContextWithRecordFuncs +_SSLDisposeContext +_SSLGetAllowsAnyRoot +_SSLGetAllowsExpiredCerts +_SSLGetAllowsExpiredRoots +_SSLGetBufferedReadSize +_SSLGetClientCertificateState +_SSLGetClientSideAuthenticate +_SSLGetConnection +_SSLGetDiffieHellmanParams +_SSLGetEnableCertVerify +_SSLGetEnabledCiphers +_SSLGetNegotiatedCipher +_SSLGetNegotiatedProtocolVersion +_SSLGetNumberEnabledCiphers +_SSLGetNumberSupportedCiphers +_SSLGetPeerCertificates +_SSLCopyPeerCertificates +_SSLCopyPeerTrust +_SSLGetPeerDomainName +_SSLGetPeerDomainNameLength +_SSLGetPeerID +_SSLGetPeerSecTrust +_SSLGetProtocolVersion +_SSLGetProtocolVersionEnabled +_SSLGetProtocolVersionMax +_SSLGetProtocolVersionMin +_SSLGetResumableSessionInfo +_SSLGetRsaBlinding +_SSLGetSessionOption +_SSLGetSessionState +_SSLGetSupportedCiphers +_SSLCopyTrustedRoots +_SSLSetTrustedLeafCertificates +_SSLCopyTrustedLeafCertificates +_SSLHandshake +_SSLInternalClientRandom +_SSLInternalMasterSecret +_SSLInternalServerRandom +_SSLGetCipherSizes +_SSLInternal_PRF +_SSLNewContext +_SSLRead +_SSLReHandshake +_SSLSetAllowsAnyRoot +_SSLSetAllowsExpiredCerts +_SSLSetAllowsExpiredRoots +_SSLSetCertificate +_SSLGetCertificate +_SSLSetClientSideAuthenticate +_SSLSetConnection +_SSLSetDatagramHelloCookie +_SSLSetMaxDatagramRecordSize +_SSLGetMaxDatagramRecordSize +_SSLSetDiffieHellmanParams +_SSLSetEnableCertVerify +_SSLSetEnabledCiphers +_SSLSetEncryptionCertificate +_SSLGetEncryptionCertificate +_SSLSetIOFuncs +_SSLSetPeerDomainName +_SSLSetPeerID +_SSLSetProtocolVersion +_SSLSetProtocolVersionEnabled +_SSLSetProtocolVersionMax +_SSLSetProtocolVersionMin +_SSLSetRecordContext +_SSLSetRsaBlinding +_SSLSetTrustedRoots +_SSLWrite +_SSLSetNPNFunc +_SSLSetNPNData +_SSLGetNPNData +_SSLSetALPNData +_SSLSetALPNFunc +_SSLGetALPNData +_SSLCopyRequestedPeerName +_SSLCopyRequestedPeerNameLength +_SSLSetSessionCacheTimeout +_SSLSetSessionOption +_SSLInternalSetMasterSecretFunction +_SSLInternalSetSessionTicket +_SSLSetAllowAnonymousCiphers +_SSLGetAllowAnonymousCiphers +_SSLCopyDistinguishedNames +_SSLSetCertificateAuthorities +_SSLCopyCertificateAuthorities +_SSLGetNegotiatedCurve +_SSLGetNumberOfECDSACurves +_SSLGetECDSACurves +_SSLSetECDSACurves +_SSLGetNumberOfClientAuthTypes +_SSLGetClientAuthTypes +_SSLGetNegotiatedClientAuthType +_SSLGetNumberOfSignatureAlgorithms +_SSLGetSignatureAlgorithms +_SSLNewDatagramContext +_SSLGetDatagramWriteSize +_SSLSetPSKSharedSecret +_SSLSetPSKIdentity +_SSLSetMinimumDHGroupSize +_SSLGetMinimumDHGroupSize +_SSLSetDHEEnabled +_SSLGetDHEEnabled +_SSLSetSessionConfig + +_kSSLSessionConfig_default +_kSSLSessionConfig_ATSv1 +_kSSLSessionConfig_ATSv1_noPFS +_kSSLSessionConfig_legacy +_kSSLSessionConfig_standard +_kSSLSessionConfig_RC4_fallback +_kSSLSessionConfig_TLSv1_fallback +_kSSLSessionConfig_TLSv1_RC4_fallback +_kSSLSessionConfig_3DES_fallback +_kSSLSessionConfig_TLSv1_3DES_fallback +_kSSLSessionConfig_legacy_DHE +_kSSLSessionConfig_anonymous +#endif /* Workaround for radar://9392483 */ /* _SSLCopyPeerCertificates */ @@ -146,23 +286,26 @@ __SSLSetTrustedRoots /* _SSLSetAllowsExpiredRoots */ /* _SSLSetProtocolVersionEnabled */ /* end workaround */ -_SecASN1PrintableString + _SecAbsoluteTimeFromDateContent -_SecASN1UTF8String + +#if TARGET_OS_IPHONE _SecAccessGroupsGetCurrent -_SecAsn1CoderCreate -_SecAsn1CoderRelease -_SecAsn1DecodeData -_SecAsn1EncodeItem -_SecAsn1OidCompare +#endif + _SecDERItemCopyOIDDecimalRepresentation _SecDigestCreate +#if TARGET_OS_IPHONE _SecFrameworkCopyResourceContents _SecFrameworkCopyResourceURL +#endif + _SecPKCS12Import _SecRandomCopyBytes +#if TARGET_OS_IPHONE _SecSHA1DigestCreate _SecSHA256DigestCreateFromData +#endif _SecTaskCopySigningIdentifier _SecTaskCopyValueForEntitlement _SecTaskCopyValuesForEntitlements @@ -170,31 +313,18 @@ _SecTaskCreateFromSelf _SecTaskCreateWithAuditToken _SecTaskGetCodeSignStatus _SecTaskGetTypeID -__NtlmCreateClientResponse -_kSecAsn1OCSPBasicResponseTemplate -_kSecAsn1OCSPCertStatusRevokedTemplate -_kSecAsn1OCSPResponderIDAsKeyTemplate -_kSecAsn1OCSPResponderIDAsNameTemplate -_kSecAsn1OCSPResponseDataTemplate -_kSecAsn1OCSPResponseTemplate -_kSecAsn1OCSPSignedRequestTemplate -_kSecAsn1OctetStringTemplate -_kSecCSRBasicContraintsPathLen -_kSecCSRChallengePassword -_kSecOidCommonName -_kSecOidCountryName -_kSecOidLocalityName -_kSecOidOrganization -_kSecOidOrganizationalUnit -_kSecOidStateProvinceName +#if TARGET_OS_OSX +_SecTaskEntitlementsValidated +#endif + _kSecRandomDefault -_oidAnyExtendedKeyUsage -_oidAnyPolicy +#if TARGET_OS_IPHONE _vmdh_create _vmdh_destroy _vmdh_encrypt_password _vmdh_generate_key +#endif _SecSMIMEFindBulkAlgForRecipients @@ -207,3 +337,1319 @@ _SecFrameworkCopyLocalizedString _readFileSizet _writeFileSizet +#if TARGET_OS_OSX +// +// libsecurity_cms +// +_kCMSEncoderDigestAlgorithmSHA1 +_kCMSEncoderDigestAlgorithmSHA256 +_CMSEncode +_CMSEncodeContent +_CMSEncoderAddSupportingCerts +_CMSEncoderAddRecipients +_CMSEncoderAddSigners +_CMSEncoderCopySupportingCerts +_CMSEncoderCopyRecipients +_CMSEncoderCopySigners +_CMSEncoderCreate +_CMSEncoderCopyEncodedContent +_CMSEncoderGetCmsMessage +_CMSEncoderSetSignerAlgorithm +_CMSEncoderSetHasDetachedContent +_CMSEncoderGetHasDetachedContent +_CMSEncoderCopyEncapsulatedContentType +_CMSEncoderGetEncoder +_CMSEncoderGetTypeID +_CMSEncoderSetEncapsulatedContentType +_CMSEncoderSetEncapsulatedContentTypeOID +_CMSEncoderSetEncoder +_CMSEncoderAddSignedAttributes +_CMSEncoderSetSigningTime +_CMSEncoderSetAppleCodesigningHashAgility +_CMSEncoderSetCertificateChainMode +_CMSEncoderGetCertificateChainMode +_CMSEncoderUpdateContent +_CMSDecoderCopyAllCerts +_CMSDecoderCopyContent +_CMSDecoderCopyDetachedContent +_CMSDecoderCopySignerStatus +_CMSDecoderCreate +_CMSDecoderGetTypeID +_CMSDecoderFinalizeMessage +_CMSDecoderGetDecoder +_CMSDecoderCopyEncapsulatedContentType +_CMSDecoderIsContentEncrypted +_CMSDecoderGetNumSigners +_CMSDecoderSetDecoder +_CMSDecoderSetDetachedContent +_CMSDecoderUpdateMessage +_CMSDecoderGetCmsMessage +_CMSDecoderSetSearchKeychain +_CMSDecoderCopySignerEmailAddress +_CMSDecoderCopySignerCert +_CmsMessageSetTSAContext +_CMSDecoderCopySignerSigningTime +_CMSDecoderCopySignerTimestamp +_CMSDecoderCopySignerTimestampWithPolicy +_CMSDecoderCopySignerTimestampCertificates +_CMSEncoderCopySignerTimestamp +_CMSEncoderCopySignerTimestampWithPolicy +_CMSDecoderCopySignerAppleCodesigningHashAgility +#endif // TARGET_OS_OSX + +#if TARGET_OS_OSX +// +// libsecurity_authorization +// +_AuthorizationCopyInfo +_AuthorizationCopyPrivilegedReference +_AuthorizationCopyRights +_AuthorizationCopyRightsAsync +_AuthorizationDismiss +_AuthorizationCreate +_AuthorizationCreateWithAuditToken +_AuthorizationCreateFromExternalForm +_AuthorizationExecuteWithPrivileges +_AuthorizationExecuteWithPrivilegesExternalForm +_AuthorizationFree +_AuthorizationFreeItemSet +_AuthorizationMakeExternalForm +_AuthorizationRightGet +_AuthorizationRightRemove +_AuthorizationRightSet +_AuthorizationEnableSmartCard +_SessionCreate +_SessionGetInfo +_SessionSetDistinguishedUser +_SessionGetDistinguishedUser +_SessionSetUserPreferences +#endif // TARGET_OS_OSX + +#if TARGET_OS_OSX +// +// libsecurity_cssm +// +_CSSM_AC_AuthCompute +_CSSM_AC_PassThrough +_CSSM_CL_CertAbortCache +_CSSM_CL_CertAbortQuery +_CSSM_CL_CertCache +_CSSM_CL_CertCreateTemplate +_CSSM_CL_CertDescribeFormat +_CSSM_CL_CertGetAllFields +_CSSM_CL_CertGetAllTemplateFields +_CSSM_CL_CertGetFirstCachedFieldValue +_CSSM_CL_CertGetFirstFieldValue +_CSSM_CL_CertGetKeyInfo +_CSSM_CL_CertGetNextCachedFieldValue +_CSSM_CL_CertGetNextFieldValue +_CSSM_CL_CertGroupFromVerifiedBundle +_CSSM_CL_CertGroupToSignedBundle +_CSSM_CL_CertSign +_CSSM_CL_CertVerify +_CSSM_CL_CertVerifyWithKey +_CSSM_CL_CrlAbortCache +_CSSM_CL_CrlAbortQuery +_CSSM_CL_CrlAddCert +_CSSM_CL_CrlCache +_CSSM_CL_CrlCreateTemplate +_CSSM_CL_CrlDescribeFormat +_CSSM_CL_CrlGetAllCachedRecordFields +_CSSM_CL_CrlGetAllFields +_CSSM_CL_CrlGetFirstCachedFieldValue +_CSSM_CL_CrlGetFirstFieldValue +_CSSM_CL_CrlGetNextCachedFieldValue +_CSSM_CL_CrlGetNextFieldValue +_CSSM_CL_CrlRemoveCert +_CSSM_CL_CrlSetFields +_CSSM_CL_CrlSign +_CSSM_CL_CrlVerify +_CSSM_CL_CrlVerifyWithKey +_CSSM_CL_FreeFieldValue +_CSSM_CL_FreeFields +_CSSM_CL_IsCertInCachedCrl +_CSSM_CL_IsCertInCrl +_CSSM_CL_PassThrough +_CSSM_CSP_ChangeLoginAcl +_CSSM_CSP_ChangeLoginOwner +_CSSM_CSP_CreateAsymmetricContext +_CSSM_CSP_CreateDeriveKeyContext +_CSSM_CSP_CreateDigestContext +_CSSM_CSP_CreateKeyGenContext +_CSSM_CSP_CreateMacContext +_CSSM_CSP_CreatePassThroughContext +_CSSM_CSP_CreateRandomGenContext +_CSSM_CSP_CreateSignatureContext +_CSSM_CSP_CreateSymmetricContext +_CSSM_CSP_GetLoginAcl +_CSSM_CSP_GetLoginOwner +_CSSM_CSP_GetOperationalStatistics +_CSSM_CSP_Login +_CSSM_CSP_Logout +_CSSM_CSP_ObtainPrivateKeyFromPublicKey +_CSSM_CSP_PassThrough +_CSSM_ChangeKeyAcl +_CSSM_ChangeKeyOwner +_CSSM_DL_Authenticate +_CSSM_DL_ChangeDbAcl +_CSSM_DL_ChangeDbOwner +_CSSM_DL_CreateRelation +_CSSM_DL_DataAbortQuery +_CSSM_DL_DataDelete +_CSSM_DL_DataGetFirst +_CSSM_DL_DataGetFromUniqueRecordId +_CSSM_DL_DataGetNext +_CSSM_DL_DataInsert +_CSSM_DL_DataModify +_CSSM_DL_DbClose +_CSSM_DL_DbCreate +_CSSM_DL_DbDelete +_CSSM_DL_DbOpen +_CSSM_DL_DestroyRelation +_CSSM_DL_FreeNameList +_CSSM_DL_FreeUniqueRecord +_CSSM_DL_GetDbAcl +_CSSM_DL_GetDbNameFromHandle +_CSSM_DL_GetDbNames +_CSSM_DL_GetDbOwner +_CSSM_DL_PassThrough +_CSSM_DecryptData +_CSSM_DecryptDataFinal +_CSSM_DecryptDataInit +_CSSM_DecryptDataInitP +_CSSM_DecryptDataP +_CSSM_DecryptDataUpdate +_CSSM_DeleteContext +_CSSM_DeleteContextAttributes +_CSSM_DeriveKey +_CSSM_DigestData +_CSSM_DigestDataClone +_CSSM_DigestDataFinal +_CSSM_DigestDataInit +_CSSM_DigestDataUpdate +_CSSM_EncryptData +_CSSM_EncryptDataFinal +_CSSM_EncryptDataInit +_CSSM_EncryptDataInitP +_CSSM_EncryptDataP +_CSSM_EncryptDataUpdate +_CSSM_FreeContext +_CSSM_FreeKey +_CSSM_GenerateAlgorithmParams +_CSSM_GenerateKey +_CSSM_GenerateKeyP +_CSSM_GenerateKeyPair +_CSSM_GenerateKeyPairP +_CSSM_GenerateMac +_CSSM_GenerateMacFinal +_CSSM_GenerateMacInit +_CSSM_GenerateMacUpdate +_CSSM_GenerateRandom +_CSSM_GetAPIMemoryFunctions +_CSSM_GetContext +_CSSM_GetContextAttribute +_CSSM_GetKeyAcl +_CSSM_GetKeyOwner +_CSSM_GetModuleGUIDFromHandle +_CSSM_GetPrivilege +_CSSM_GetSubserviceUIDFromHandle +_CSSM_GetTimeValue +_CSSM_Init +_CSSM_Introduce +_CSSM_ListAttachedModuleManagers +_CSSM_ModuleAttach +_CSSM_ModuleDetach +_CSSM_ModuleLoad +_CSSM_ModuleUnload +_CSSM_QueryKeySizeInBits +_CSSM_QuerySize +_CSSM_RetrieveCounter +_CSSM_RetrieveUniqueId +_CSSM_SetContext +_CSSM_SetPrivilege +_CSSM_SignData +_CSSM_SignDataFinal +_CSSM_SignDataInit +_CSSM_SignDataUpdate +_CSSM_TP_ApplyCrlToDb +_CSSM_TP_CertCreateTemplate +_CSSM_TP_CertGetAllTemplateFields +_CSSM_TP_CertGroupConstruct +_CSSM_TP_CertGroupPrune +_CSSM_TP_CertGroupToTupleGroup +_CSSM_TP_CertGroupVerify +_CSSM_TP_CertReclaimAbort +_CSSM_TP_CertReclaimKey +_CSSM_TP_CertRemoveFromCrlTemplate +_CSSM_TP_CertRevoke +_CSSM_TP_CertSign +_CSSM_TP_ConfirmCredResult +_CSSM_TP_CrlCreateTemplate +_CSSM_TP_CrlSign +_CSSM_TP_CrlVerify +_CSSM_TP_FormRequest +_CSSM_TP_FormSubmit +_CSSM_TP_PassThrough +_CSSM_TP_ReceiveConfirmation +_CSSM_TP_RetrieveCredResult +_CSSM_TP_SubmitCredRequest +_CSSM_TP_TupleGroupToCertGroup +_CSSM_Terminate +_CSSM_Unintroduce +_CSSM_UnwrapKey +_CSSM_UnwrapKeyP +_CSSM_UpdateContextAttributes +_CSSM_VerifyData +_CSSM_VerifyDataFinal +_CSSM_VerifyDataInit +_CSSM_VerifyDataUpdate +_CSSM_VerifyDevice +_CSSM_VerifyMac +_CSSM_VerifyMacFinal +_CSSM_VerifyMacInit +_CSSM_VerifyMacUpdate +_CSSM_WrapKey +_CSSM_WrapKeyP +_cssmAlgToOid +_cssmOidToAlg +_gGuidAppleCSP +_gGuidAppleCSPDL +_gGuidAppleFileDL +_gGuidAppleX509CL +_gGuidAppleX509TP +_gGuidAppleDotMacTP +_gGuidAppleSdCSPDL +_gGuidCssm +_gGuidAppleLDAPDL +_gGuidAppleDotMacDL +#endif // TARGET_OS_OSX + +#if TARGET_OS_OSX +// +// libsecurity_transform +// +_SecTransformCreateFromExternalRepresentation +_SecTransformCreateValidatorForCFtype +_SecTransformCopyExternalRepresentation +_SecTransformConnectTransforms +_SecTransformSetAttribute +_SecTransformGetAttribute +_SecTransformFindByName +_SecTransformExecute +_SecTransformExecuteAsync +_SecNullTransformCreate +_SecDigestTransformCreate +_SecCreateMaskGenerationFunctionTransform +_SecTransformCreate +_SecTransformRegister +_SecTransformNoData +_kSecDigestMD2 +_kSecDigestMD4 +_kSecDigestMD5 +_kSecDigestSHA1 +_kSecDigestSHA2 +_kSecDigestHMACSHA1 +_kSecDigestHMACMD5 +_kSecDigestHMACKeyAttribute +_kSecDigestHMACSHA2 +_SecExternalSourceTransformCreate +_SecExternalSourceSetValue +_kSecDecodeTypeAttribute +_CreateSecTransformErrorRef +_kSecTransformAbortOriginatorKey +_SecGroupTransformHasMember +_kSecDigestTypeAttribute +_kSecDigestLengthAttribute +_kSecOAEPEncodingParametersAttributeName +_kSecTransformInputAttributeName +_kSecTransformDebugAttributeName +_kSecTransformOutputAttributeName +_kSecTransformTransformName +_kSecTransformAbortAttributeName +_kSecPaddingNoneKey +_kSecPaddingPKCS1Key +_kSecPaddingPKCS5Key +_kSecPaddingPKCS7Key +_kSecPaddingOAEPKey +_kSecModeNoneKey +_kSecModeECBKey +_kSecModeCBCKey +_kSecModeCFBKey +_kSecModeOFBKey +_kSecEncryptKey +_kSecPaddingKey +_kSecIVKey +_kSecEncryptionMode +_SecEncryptTransformCreate +_SecDecryptTransformCreate +_SecDecodeTransformCreate +_SecEncodeTransformCreate +_SecSignTransformCreate +_SecVerifyTransformCreate +_kSecBase32Encoding +_kSecBase64Encoding +_kSecZLibEncoding +_kSecEncodeLineLengthAttribute +_kSecEncodeTypeAttribute +_kSecCompressionRatio +_kSecSignatureAttributeName +_kSecInputIsAttributeName +_kSecInputIsPlainText +_kSecInputIsDigest +_kSecInputIsRaw +_kSecTransformActionCanExecute +_kSecTransformActionStartingExecution +_kSecTransformActionFinalize +_kSecTransformActionProcessData +_SecTransformSetAttributeAction +_SecGroupTransformFindLastTransform +_SecGroupTransformFindMonitor +_SecTransformDisconnectTransforms +_SecTransformDotForDebugging +_SecCreateCollectTransform +_SecTransformGetTypeID +_SecGroupTransformGetTypeID +_SecTransformCreateGroupTransform +_SecTransformSetDataAction +_SecTransformSetTransformAction +_SecTranformCustomGetAttribute +_SecTransformCustomSetAttribute +_SecTransformPushbackAttribute +_kSecTransformActionExternalizeExtraData +_kSecTransformActionInternalizeExtraData +_kSecTransformActionAttributeNotification +_kSecTransformActionAttributeValidation +_kSecTransformErrorDomain +_kSecTransformPreviousErrorKey +_SecTransformCreateReadTransformWithReadStream +_kSecLineLength64 +_kSecLineLength76 +#endif // TARGET_OS_OSX + + + +#if TARGET_OS_OSX +// gate keeper logging + +_GKBIS_DS_Store_Present +_GKBIS_Dot_underbar_Present +_GKBIS_Num_localizations +_GKBIS_Num_files +_GKBIS_Num_dirs +_GKBIS_Num_symlinks +#endif // TARGET_OS_OSX + +#if TARGET_OS_OSX +// +// libsecurity_mds +// +_MDS_Initialize +_MDS_Install +_MDS_Terminate +_MDS_Uninstall +_MDS_InstallFile +_MDS_RemoveSubservice +#endif // TARGET_OS_OSX + +#if TARGET_OS_OSX +// +// libsecurity_keychain +// +_SecACLCopyAuthorizations +_SecACLCopyContents +_SecACLCopySimpleContents +_SecACLCreateFromSimpleContents +_SecACLCreateWithSimpleContents +_SecACLGetAuthorizations +_SecACLGetTypeID +_SecACLRemove +_SecACLSetAuthorizations +_SecACLSetContents +_SecACLSetSimpleContents +_SecACLUpdateAuthorizations +_SecAccessCopyACLList +_SecAccessCopyMatchingACLList +_SecAccessCopyOwnerAndACL +_SecAccessCopySelectedACLList +_SecAccessCreate +_SecAccessCreateFromOwnerAndACL +_SecAccessCreateWithOwnerAndACL +_SecAccessCreateWithTrustedApplications +_SecAccessGetOwnerAndACL +_SecAccessGetTypeID +_SecCopyErrorMessageString +_SecCreateRecoveryPassword +_SecDigestGetData +_SecDistinguishedNameCopyNormalizedContent +_SecFDERecoveryUnwrapCRSKWithPrivKey +_SecFDERecoveryWrapCRSKWithPubKey +_SecGenericPasswordCreate +_SecIdentityAddPreferenceItem +_SecIdentityCompare +_SecIdentityCopyFromPreferenceItem +_SecIdentityCopyPreference +_SecIdentityCopyPreferred +_SecIdentityCopySystemIdentity +_SecIdentityCreateWithCertificate +_SecIdentityFindPreferenceItem +_SecIdentitySearchCopyNext +_SecIdentitySearchCreate +_SecIdentitySearchCreateWithAttributes +_SecIdentitySearchCreateWithPolicy +_SecIdentitySearchGetTypeID +_SecIdentitySetPreference +_SecIdentitySetPreferred +_SecIdentitySetSystemIdentity +_SecIdentityUpdatePreferenceItem +_SecInferLabelFromX509Name +_SecItemAdd_ios +_SecItemCopyMatching_ios +_SecItemCopyParentCertificates +_SecItemCopyStoredCertificate +#if TARGET_OS_OSX +_SecItemCreateFromAttributeDictionary_osx +#endif +_SecItemDelete_ios +_SecItemExport +_SecItemImport +_SecItemUpdate_ios +_SecKeychainAddCallback +_SecKeychainAddDBToKeychainList +_SecKeychainAddGenericPassword +_SecKeychainAddIToolsPassword +_SecKeychainAddInternetPassword +_SecKeychainAttemptMigrationWithMasterKey +_SecKeychainAttributeInfoForItemID +_SecKeychainChangeKeyStorePassphrase +_SecKeychainChangePassword +_SecKeychainCopyAccess +_SecKeychainCopyBlob +_SecKeychainCopyDefault +_SecKeychainCopyDomainDefault +_SecKeychainCopyDomainSearchList +_SecKeychainCopyLogin +_SecKeychainCopySearchList +_SecKeychainCopySettings +_SecKeychainCopySignature +_SecKeychainCreate +_SecKeychainCreateNew +_SecKeychainCreateWithBlob +_SecKeychainDBIsInKeychainList +_SecKeychainDelete +_SecKeychainEraseUnlockKeyWithPubKeyHash +_SecKeychainErrFromOSStatus +_SecKeychainFindGenericPassword +_SecKeychainFindInternetPassword +_SecKeychainFreeAttributeInfo +_SecKeychainGetCSPHandle +_SecKeychainGetDLDBHandle +_SecKeychainGetKeychainVersion +_SecKeychainGetPath +_SecKeychainGetPreferenceDomain +_SecKeychainGetStatus +_SecKeychainGetTypeID +_SecKeychainGetUserInteractionAllowed +_SecKeychainGetUserPromptAttempts +_SecKeychainGetVersion +_SecKeychainIsValid +_SecKeychainItemAdd +_SecKeychainItemAddNoUI +_SecKeychainItemCopyAccess +_SecKeychainItemCopyAllExtendedAttributes +_SecKeychainItemCopyAttributesAndData +_SecKeychainItemCopyAttributesAndEncryptedData +_SecKeychainItemCopyContent +_SecKeychainItemCopyExtendedAttribute +_SecKeychainItemCopyFromPersistentReference +_SecKeychainItemCopyFromRecordIdentifier +_SecKeychainItemCopyKeychain +_SecKeychainItemCopyRecordIdentifier +_SecKeychainItemCreateCopy +_SecKeychainItemCreateFromContent +_SecKeychainItemCreateFromEncryptedContent +_SecKeychainItemCreateNew +_SecKeychainItemCreatePersistentReference +_SecKeychainItemDelete +_SecKeychainItemExport +_SecKeychainItemFindFirst +_SecKeychainItemFreeAttributesAndData +_SecKeychainItemFreeContent +_SecKeychainItemGetAttribute +_SecKeychainItemGetDLDBHandle +_SecKeychainItemGetData +_SecKeychainItemGetTypeID +_SecKeychainItemGetUniqueRecordID +_SecKeychainItemImport +_SecKeychainItemModifyAttributesAndData +_SecKeychainItemModifyContent +_SecKeychainItemModifyEncryptedData +_SecKeychainItemSetAccess +_SecKeychainItemSetAccessWithPassword +_SecKeychainItemSetAttribute +_SecKeychainItemSetData +_SecKeychainItemSetExtendedAttribute +_SecKeychainItemUpdate +_SecKeychainListCopyKeychainAtIndex +_SecKeychainListGetCount +_SecKeychainListRemoveKeychain +_SecKeychainLock +_SecKeychainLockAll +_SecKeychainLogin +_SecKeychainLogout +_SecKeychainMDSInstall +_SecKeychainMakeFromFullPath +_SecKeychainOpen +_SecKeychainOpenWithGuid +_SecKeychainRecodeKeychain +_SecKeychainRemoveCallback +_SecKeychainRemoveDBFromKeychainList +_SecKeychainRemoveFromSearchList +_SecKeychainResetLogin +_SecKeychainSearchCopyNext +_SecKeychainSearchCreateForCertificateByEmail +_SecKeychainSearchCreateForCertificateByIssuerAndSN +_SecKeychainSearchCreateForCertificateByIssuerAndSN_CF +_SecKeychainSearchCreateForCertificateBySubjectKeyID +_SecKeychainSearchCreateFromAttributes +_SecKeychainSearchCreateFromAttributesExtended +_SecKeychainSearchGetTypeID +_SecKeychainSetAccess +_SecKeychainSetBatchMode +_SecKeychainSetDefault +_SecKeychainSetDomainDefault +_SecKeychainSetDomainSearchList +_SecKeychainSetPreferenceDomain +_SecKeychainSetSearchList +_SecKeychainSetServerMode +_SecKeychainSetSettings +_SecKeychainSetUserInteractionAllowed +_SecKeychainStash +_SecKeychainStoreUnlockKey +_SecKeychainStoreUnlockKeyWithPubKeyHash +_SecKeychainSystemKeychainCheckWouldDeadlock +_SecKeychainUnlock +_SecKeychainVerifyKeyStorePassphrase +_SecPasswordAction +_SecPasswordSetInitialAccess +_SecRandomCopyData +_SecSHA256DigestCreateFromData +_SecUnwrapRecoveryPasswordWithAnswers +_SecWrapRecoveryPasswordWithAnswers +__SecItemGetPersistentReference +_cssmErrorString +_cssmPerror +_kSecACLAuthorizationAny +_kSecACLAuthorizationDecrypt +_kSecACLAuthorizationDelete +_kSecACLAuthorizationDerive +_kSecACLAuthorizationEncrypt +_kSecACLAuthorizationExportClear +_kSecACLAuthorizationExportWrapped +_kSecACLAuthorizationGenKey +_kSecACLAuthorizationImportClear +_kSecACLAuthorizationImportWrapped +_kSecACLAuthorizationIntegrity +_kSecACLAuthorizationKeychainCreate +_kSecACLAuthorizationKeychainDelete +_kSecACLAuthorizationKeychainItemDelete +_kSecACLAuthorizationKeychainItemInsert +_kSecACLAuthorizationKeychainItemModify +_kSecACLAuthorizationKeychainItemRead +_kSecACLAuthorizationLogin +_kSecACLAuthorizationMAC +_kSecACLAuthorizationPartitionID +_kSecACLAuthorizationSign + +_kSecIdentityDomainDefault +_kSecIdentityDomainKerberosKDC +_kSecImportExportAccess +_kSecImportExportKeychain +_kSecMatchDiacriticInsensitive +_kSecMatchSubjectEndsWith +_kSecMatchSubjectStartsWith +_kSecMatchSubjectWholeString +_kSecMatchWidthInsensitive +#endif // TARGET_OS_OSX + +#if TARGET_OS_OSX +_kSecOIDADC_CERT_POLICY +_kSecOIDAPPLE_CERT_POLICY +_kSecOIDAPPLE_EKU_CODE_SIGNING +_kSecOIDAPPLE_EKU_CODE_SIGNING_DEV +_kSecOIDAPPLE_EKU_ICHAT_ENCRYPTION +_kSecOIDAPPLE_EKU_ICHAT_SIGNING +_kSecOIDAPPLE_EKU_RESOURCE_SIGNING +_kSecOIDAPPLE_EKU_SYSTEM_IDENTITY +_kSecOIDAPPLE_EXTENSION +_kSecOIDAPPLE_EXTENSION_ADC_APPLE_SIGNING +_kSecOIDAPPLE_EXTENSION_ADC_DEV_SIGNING +_kSecOIDAPPLE_EXTENSION_APPLE_SIGNING +_kSecOIDAPPLE_EXTENSION_CODE_SIGNING +_kSecOIDAuthorityInfoAccess +_kSecOIDAuthorityKeyIdentifier +_kSecOIDBasicConstraints +_kSecOIDBiometricInfo +_kSecOIDCSSMKeyStruct +_kSecOIDCertIssuer +_kSecOIDCertificatePolicies +_kSecOIDClientAuth +_kSecOIDCollectiveStateProvinceName +_kSecOIDCollectiveStreetAddress +_kSecOIDCommonName +_kSecOIDCountryName +_kSecOIDCrlDistributionPoints +_kSecOIDCrlNumber +_kSecOIDCrlReason +_kSecOIDDOTMAC_CERT_EMAIL_ENCRYPT +_kSecOIDDOTMAC_CERT_EMAIL_SIGN +_kSecOIDDOTMAC_CERT_EXTENSION +_kSecOIDDOTMAC_CERT_IDENTITY +_kSecOIDDOTMAC_CERT_POLICY +_kSecOIDDeltaCrlIndicator +_kSecOIDDescription +_kSecOIDEKU_IPSec +_kSecOIDEmailAddress +_kSecOIDEmailProtection +_kSecOIDExtendedKeyUsage +_kSecOIDExtendedKeyUsageAny +_kSecOIDExtendedUseCodeSigning +_kSecOIDGivenName +_kSecOIDHoldInstructionCode +_kSecOIDInvalidityDate +_kSecOIDIssuerAltName +_kSecOIDIssuingDistributionPoint +_kSecOIDIssuingDistributionPoints +_kSecOIDKERBv5_PKINIT_KP_CLIENT_AUTH +_kSecOIDKERBv5_PKINIT_KP_KDC +_kSecOIDKeyUsage +_kSecOIDLocalityName +_kSecOIDMS_NTPrincipalName +_kSecOIDMicrosoftSGC +_kSecOIDNameConstraints +_kSecOIDNetscapeCertSequence +_kSecOIDNetscapeCertType +_kSecOIDNetscapeSGC +_kSecOIDOCSPSigning +_kSecOIDOrganizationName +_kSecOIDOrganizationalUnitName +_kSecOIDPolicyConstraints +_kSecOIDPolicyMappings +_kSecOIDPrivateKeyUsagePeriod +_kSecOIDQC_Statements +_kSecOIDSRVName +_kSecOIDSerialNumber +_kSecOIDServerAuth +_kSecOIDStateProvinceName +_kSecOIDStreetAddress +_kSecOIDSubjectAltName +_kSecOIDSubjectDirectoryAttributes +_kSecOIDSubjectEmailAddress +_kSecOIDSubjectInfoAccess +_kSecOIDSubjectKeyIdentifier +_kSecOIDSubjectPicture +_kSecOIDSubjectSignatureBitmap +_kSecOIDSurname +_kSecOIDTimeStamping +_kSecOIDTitle +_kSecOIDUseExemptions +_kSecOIDX509V1CertificateIssuerUniqueId +_kSecOIDX509V1CertificateSubjectUniqueId +_kSecOIDX509V1IssuerName +_kSecOIDX509V1IssuerNameCStruct +_kSecOIDX509V1IssuerNameLDAP +_kSecOIDX509V1IssuerNameStd +_kSecOIDX509V1SerialNumber +_kSecOIDX509V1Signature +_kSecOIDX509V1SignatureAlgorithm +_kSecOIDX509V1SignatureAlgorithmParameters +_kSecOIDX509V1SignatureAlgorithmTBS +_kSecOIDX509V1SignatureCStruct +_kSecOIDX509V1SignatureStruct +_kSecOIDX509V1SubjectName +_kSecOIDX509V1SubjectNameCStruct +_kSecOIDX509V1SubjectNameLDAP +_kSecOIDX509V1SubjectNameStd +_kSecOIDX509V1SubjectPublicKey +_kSecOIDX509V1SubjectPublicKeyAlgorithm +_kSecOIDX509V1SubjectPublicKeyAlgorithmParameters +_kSecOIDX509V1SubjectPublicKeyCStruct +_kSecOIDX509V1ValidityNotAfter +_kSecOIDX509V1ValidityNotBefore +_kSecOIDX509V1Version +_kSecOIDX509V3Certificate +_kSecOIDX509V3CertificateCStruct +_kSecOIDX509V3CertificateExtensionCStruct +_kSecOIDX509V3CertificateExtensionCritical +_kSecOIDX509V3CertificateExtensionId +_kSecOIDX509V3CertificateExtensionStruct +_kSecOIDX509V3CertificateExtensionType +_kSecOIDX509V3CertificateExtensionValue +_kSecOIDX509V3CertificateExtensionsCStruct +_kSecOIDX509V3CertificateExtensionsStruct +_kSecOIDX509V3CertificateNumberOfExtensions +_kSecOIDX509V3SignedCertificate +_kSecOIDX509V3SignedCertificateCStruct +#endif + +#if TARGET_OS_OSX +_kSecPrivateKeyAttrs +_kSecPublicKeyAttrs +_kSecRecIV +_kSecRecLocale +_kSecRecQuestions +_kSecRecVersionNumber +_kSecRecWrappedPassword +_kSecUseKeychain +#endif + +// +// libsecurity_asn1 +// +_SecAsn1OidCompare +#if TARGET_OS_IPHONE +_SecAsn1CoderCreate +_SecAsn1CoderRelease +_SecAsn1DecodeData +_SecAsn1EncodeItem + +_kSecAsn1OCSPBasicResponseTemplate +_kSecAsn1OCSPCertStatusRevokedTemplate +_kSecAsn1OCSPResponderIDAsKeyTemplate +_kSecAsn1OCSPResponderIDAsNameTemplate +_kSecAsn1OCSPResponseDataTemplate +_kSecAsn1OCSPResponseTemplate +_kSecAsn1OCSPSignedRequestTemplate +_kSecAsn1OctetStringTemplate +#elif TARGET_OS_OSX +_PORT_FreeArena +_PORT_NewArena +_SecAsn1AllocCopy +_SecAsn1AllocCopyItem +_SecAsn1AllocItem +_SecAsn1CoderCreate +_SecAsn1CoderRelease +_SecAsn1Decode +_SecAsn1DecodeData +_SecAsn1EncodeItem +_SecAsn1Malloc +_SecAsn1TaggedTemplateChooser +_kSecAsn1ATVTemplate +_kSecAsn1AccessDescriptionTemplate +_kSecAsn1AlgorithmIDTemplate +_kSecAsn1AnyTemplate +_kSecAsn1AttributeTemplate +_kSecAsn1AuthorityInfoAccessTemplate +_kSecAsn1AuthorityKeyIdTemplate +_kSecAsn1BMPStringTemplate +_kSecAsn1BasicConstraintsTemplate +_kSecAsn1BitStringTemplate +_kSecAsn1BooleanTemplate +_kSecAsn1CRLDistributionPointsTemplate +_kSecAsn1CertExtensionTemplate +_kSecAsn1CertPoliciesTemplate +_kSecAsn1CertRequestInfoTemplate +_kSecAsn1CertRequestTemplate +_kSecAsn1DHAlgorithmIdentifierX942Template +_kSecAsn1DHDomainParamsX942Template +_kSecAsn1DHParameterBlockTemplate +_kSecAsn1DHParameterTemplate +_kSecAsn1DHPrivateKeyPKCS8Template +_kSecAsn1DHPrivateKeyTemplate +_kSecAsn1DHPublicKeyX509Template +_kSecAsn1DHValidationParamsTemplate +_kSecAsn1DSAAlgParamsBSAFETemplate +_kSecAsn1DSAAlgParamsTemplate +_kSecAsn1DSAAlgorithmIdBSAFETemplate +_kSecAsn1DSAAlgorithmIdX509Template +_kSecAsn1DSAPrivateKeyBSAFETemplate +_kSecAsn1DSAPrivateKeyOctsTemplate +_kSecAsn1DSAPrivateKeyOpensslTemplate +_kSecAsn1DSAPrivateKeyPKCS8Template +_kSecAsn1DSAPublicKeyBSAFETemplate +_kSecAsn1DSAPublicKeyX509Template +_kSecAsn1DSASignatureTemplate +_kSecAsn1DigestInfoTemplate +_kSecAsn1DistPointFullNameTemplate +_kSecAsn1DistPointRDNTemplate +_kSecAsn1DistributionPointTemplate +_kSecAsn1EncryptedPrivateKeyInfoTemplate +_kSecAsn1EnumeratedTemplate +_kSecAsn1GenNameOtherNameTemplate +_kSecAsn1GeneralNameTemplate +_kSecAsn1GeneralizedTimeTemplate +_kSecAsn1IA5StringTemplate +_kSecAsn1IntegerTemplate +_kSecAsn1IssuingDistributionPointTemplate +_kSecAsn1NameTemplate +_kSecAsn1NullTemplate +_kSecAsn1OCSPBasicResponseTemplate +_kSecAsn1OCSPCertIDTemplate +_kSecAsn1OCSPCertStatusGoodTemplate +_kSecAsn1OCSPCertStatusRevokedTemplate +_kSecAsn1OCSPCertStatusUnknownTemplate +_kSecAsn1OCSPDRepliesTemplate +_kSecAsn1OCSPDReplyTemplate +_kSecAsn1OCSPDRequestTemplate +_kSecAsn1OCSPDRequestsTemplate +_kSecAsn1OCSPRequestTemplate +_kSecAsn1OCSPResponderIDAsKeyTemplate +_kSecAsn1OCSPResponderIDAsNameTemplate +_kSecAsn1OCSPResponseBytesTemplate +_kSecAsn1OCSPResponseDataTemplate +_kSecAsn1OCSPResponseTemplate +_kSecAsn1OCSPRevokedInfoTemplate +_kSecAsn1OCSPSignatureTemplate +_kSecAsn1OCSPSignedRequestTemplate +_kSecAsn1OCSPSingleResponseTemplate +_kSecAsn1OCSPTbsRequestTemplate +_kSecAsn1ObjectIDTemplate +_kSecAsn1OctetStringTemplate +_kSecAsn1OtherNameTemplate +_kSecAsn1PointerToAnyTemplate +_kSecAsn1PointerToBMPStringTemplate +_kSecAsn1PointerToBitStringTemplate +_kSecAsn1PointerToBooleanTemplate +_kSecAsn1PointerToEnumeratedTemplate +_kSecAsn1PointerToGeneralizedTimeTemplate +_kSecAsn1PointerToIA5StringTemplate +_kSecAsn1PointerToIntegerTemplate +_kSecAsn1PointerToNullTemplate +_kSecAsn1PointerToObjectIDTemplate +_kSecAsn1PointerToOctetStringTemplate +_kSecAsn1PointerToPrintableStringTemplate +_kSecAsn1PointerToT61StringTemplate +_kSecAsn1PointerToTeletexStringTemplate +_kSecAsn1PointerToUTCTimeTemplate +_kSecAsn1PointerToUTF8StringTemplate +_kSecAsn1PointerToUniversalStringTemplate +_kSecAsn1PointerToVisibleStringTemplate +_kSecAsn1PolicyInformationTemplate +_kSecAsn1PolicyQualifierTemplate +_kSecAsn1PrintableStringTemplate +_kSecAsn1PrivateKeyInfoTemplate +_kSecAsn1QC_StatementTemplate +_kSecAsn1QC_StatementsTemplate +_kSecAsn1RDNTemplate +_kSecAsn1RSAPrivateKeyPKCS1Template +_kSecAsn1RSAPublicKeyPKCS1Template +_kSecAsn1RevokedCertTemplate +_kSecAsn1SemanticsInformationTemplate +_kSecAsn1SequenceOfAnyTemplate +_kSecAsn1SequenceOfBMPStringTemplate +_kSecAsn1SequenceOfBitStringTemplate +_kSecAsn1SequenceOfBooleanTemplate +_kSecAsn1SequenceOfCertExtensionTemplate +_kSecAsn1SequenceOfEnumeratedTemplate +_kSecAsn1SequenceOfGeneralizedTimeTemplate +_kSecAsn1SequenceOfIA5StringTemplate +_kSecAsn1SequenceOfIntegerTemplate +_kSecAsn1SequenceOfNullTemplate +_kSecAsn1SequenceOfObjectIDTemplate +_kSecAsn1SequenceOfOctetStringTemplate +_kSecAsn1SequenceOfPrintableStringTemplate +_kSecAsn1SequenceOfRevokedCertTemplate +_kSecAsn1SequenceOfT61StringTemplate +_kSecAsn1SequenceOfTeletexStringTemplate +_kSecAsn1SequenceOfUTCTimeTemplate +_kSecAsn1SequenceOfUTF8StringTemplate +_kSecAsn1SequenceOfUniversalStringTemplate +_kSecAsn1SequenceOfVisibleStringTemplate +_kSecAsn1SetOfAnyTemplate +_kSecAsn1SetOfAttributeTemplate +_kSecAsn1SetOfBMPStringTemplate +_kSecAsn1SetOfBitStringTemplate +_kSecAsn1SetOfBooleanTemplate +_kSecAsn1SetOfEnumeratedTemplate +_kSecAsn1SetOfGeneralizedTimeTemplate +_kSecAsn1SetOfIA5StringTemplate +_kSecAsn1SetOfIntegerTemplate +_kSecAsn1SetOfNullTemplate +_kSecAsn1SetOfObjectIDTemplate +_kSecAsn1SetOfOctetStringTemplate +_kSecAsn1SetOfPrintableStringTemplate +_kSecAsn1SetOfT61StringTemplate +_kSecAsn1SetOfTeletexStringTemplate +_kSecAsn1SetOfUTCTimeTemplate +_kSecAsn1SetOfUTF8StringTemplate +_kSecAsn1SetOfUniversalStringTemplate +_kSecAsn1SetOfVisibleStringTemplate +_kSecAsn1SignedCertOrCRLTemplate +_kSecAsn1SignedCertRequestTemplate +_kSecAsn1SignedCertTemplate +_kSecAsn1SignedCrlTemplate +_kSecAsn1SkipTemplate +_kSecAsn1SubjectPublicKeyInfoTemplate +_kSecAsn1T61StringTemplate +_kSecAsn1TBSCertificateTemplate +_kSecAsn1TBSCrlTemplate +_kSecAsn1TeletexStringTemplate +_kSecAsn1UTCTimeTemplate +_kSecAsn1UTF8StringTemplate +_kSecAsn1UniversalStringTemplate +_kSecAsn1UnsignedIntegerTemplate +_kSecAsn1ValidityTemplate +_kSecAsn1VisibleStringTemplate +#endif // TARGET_OS_OSX + +#if TARGET_OS_OSX +// +// libsecurity_codesigning +// +_SecCodeGetTypeID +_SecCodeCopySelf +_SecCodeCopyInternalRequirement +_SecCodeGetStatus +_SecCodeSetStatus +_SecCodeCopyStaticCode +_SecCodeCopyHost +_SecCodeCopyGuestWithAttributes +_SecCodeCreateWithPID +_SecCodeCheckValidity +_SecCodeCheckValidityWithErrors +_SecCodeCopyPath +_SecCodeCopyDesignatedRequirement +_SecCodeCopySigningInformation +_SecCodeMapMemory +_SecCodeSetDetachedSignature +_SecCodeCopyComponent +_SecCodeValidateFileResource +_kSecCodeAttributeArchitecture +_kSecCodeAttributeBundleVersion +_kSecCodeAttributeSubarchitecture +_kSecCodeAttributeUniversalFileOffset +_SecStaticCodeGetTypeID +_SecStaticCodeCreateWithPath +_SecStaticCodeCreateWithPathAndAttributes +_SecStaticCodeCheckValidity +_SecStaticCodeCheckValidityWithErrors +_SecStaticCodeSetCallback +_SecStaticCodeSetValidationConditions +_SecStaticCodeCancelValidation +_SecRequirementGetTypeID +_SecRequirementCreateWithData +_SecRequirementCreateWithResource +_SecRequirementCreateWithString +_SecRequirementCreateWithStringAndErrors +_SecRequirementCreateGroup +_SecRequirementCopyData +_SecRequirementCopyString +_SecRequirementEvaluate +_SecRequirementsCreateFromRequirements +_SecRequirementsCopyRequirements +_SecRequirementsCreateWithString +_SecRequirementsCopyString +_SecCodeSignerGetTypeID +_SecCodeSignerCreate +_SecCodeSignerAddSignature +_SecCodeSignerAddSignatureWithErrors +_SecHostCreateGuest +_SecHostRemoveGuest +_SecHostSetGuestStatus +_SecHostSelectGuest +_SecHostSelectedGuest +_SecHostSetHostingPort +_kSecCodeDirectoryFlagTable +_kSecCodeSignerApplicationData +_kSecCodeSignerDetached +_kSecCodeSignerDigestAlgorithm +_kSecCodeSignerDryRun +_kSecCodeSignerEntitlements +_kSecCodeSignerFlags +_kSecCodeSignerIdentifier +_kSecCodeSignerIdentifierPrefix +_kSecCodeSignerIdentity +_kSecCodeSignerPageSize +_kSecCodeSignerPreserveMetadata +_kSecCodeSignerRequirements +_kSecCodeSignerResourceRules +_kSecCodeSignerSDKRoot +_kSecCodeSignerSigningTime +_kSecCodeSignerRequireTimestamp +_kSecCodeSignerTeamIdentifier +_kSecCodeSignerPlatformIdentifier +_kSecCodeSignerTimestampServer +_kSecCodeSignerTimestampAuthentication +_kSecCodeSignerTimestampOmitCertificates +_kSecCodeInfoCertificates +_kSecCodeInfoChangedFiles +_kSecCodeInfoCMS +_kSecCodeInfoTime +_kSecCodeInfoTimestamp +_kSecCodeInfoDesignatedRequirement +_kSecCodeInfoEntitlements +_kSecCodeInfoEntitlementsDict +_kSecCodeInfoFlags +_kSecCodeInfoFormat +_kSecCodeInfoDigestAlgorithm +_kSecCodeInfoDigestAlgorithms +_kSecCodeInfoIdentifier +_kSecCodeInfoImplicitDesignatedRequirement +_kSecCodeInfoMainExecutable +_kSecCodeInfoPList +_kSecCodeInfoRequirements +_kSecCodeInfoRequirementData +_kSecCodeInfoSource +_kSecCodeInfoStatus +_kSecCodeInfoTeamIdentifier +_kSecCodeInfoTrust +_kSecCodeInfoUnique +_kSecCodeInfoCdHashes +_kSecCodeInfoCodeDirectory +_kSecCodeInfoCodeOffset +_kSecCodeInfoDiskRepInfo +_kSecCodeInfoDiskRepOSPlatform +_kSecCodeInfoDiskRepOSVersionMin +_kSecCodeInfoDiskRepOSSDKVersion +_kSecCodeInfoDiskRepNoLibraryValidation +_kSecCodeInfoResourceDirectory +_kSecGuestAttributeCanonical +_kSecGuestAttributeDynamicCode +_kSecGuestAttributeDynamicCodeInfoPlist +_kSecGuestAttributeHash +_kSecGuestAttributeMachPort +_kSecGuestAttributePid +_kSecGuestAttributeAudit +_kSecRequirementKeyInfoPlist +_kSecRequirementKeyEntitlements +_kSecRequirementKeyIdentifier +_kSecCFErrorArchitecture +_kSecCFErrorPath +_kSecCFErrorPattern +_kSecCFErrorResourceSeal +_kSecCFErrorResourceAdded +_kSecCFErrorResourceAltered +_kSecCFErrorResourceMissing +_kSecCFErrorResourceSideband +_kSecCFErrorInfoPlist +_kSecCFErrorGuestAttributes +_kSecCFErrorRequirementSyntax + +_SecTaskValidateForRequirement + +_SecAssessmentCreate +_SecAssessmentCopyResult +_SecAssessmentUpdate +_SecAssessmentCopyUpdate +_SecAssessmentControl +_kSecAssessmentContextKeyOperation +_kSecAssessmentOperationTypeExecute +_kSecAssessmentOperationTypeInstall +_kSecAssessmentOperationTypeOpenDocument +_kSecAssessmentContextKeyUTI +_kSecAssessmentContextKeyFeedback +_kSecAssessmentFeedbackProgress +_kSecAssessmentFeedbackInfoCurrent +_kSecAssessmentFeedbackInfoTotal +_kSecAssessmentContextKeyUpdate +_kSecAssessmentUpdateOperationAdd +_kSecAssessmentUpdateOperationRemove +_kSecAssessmentUpdateOperationEnable +_kSecAssessmentUpdateOperationDisable +_kSecAssessmentUpdateOperationFind +_kSecAssessmentUpdateKeyAuthorization +_kSecAssessmentUpdateKeyAllow +_kSecAssessmentUpdateKeyExpires +_kSecAssessmentUpdateKeyLabel +_kSecAssessmentUpdateKeyPriority +_kSecAssessmentUpdateKeyRemarks +_kSecAssessmentUpdateKeyRow +_kSecAssessmentUpdateKeyCount +_kSecAssessmentUpdateKeyFound +_kSecAssessmentAssessmentAuthority +_kSecAssessmentAssessmentAuthorityOverride +_kSecAssessmentAssessmentAuthorityRow +_kSecAssessmentAssessmentFromCache +_kSecAssessmentAssessmentOriginator +_kSecAssessmentAssessmentSource +_kSecAssessmentAssessmentVerdict +_kSecAssessmentAssessmentWeakSignature +_kSecAssessmentAssessmentCodeSigningError +_kSecAssessmentRuleKeyID +_kSecAssessmentRuleKeyPriority +_kSecAssessmentRuleKeyAllow +_kSecAssessmentRuleKeyLabel +_kSecAssessmentRuleKeyRemarks +_kSecAssessmentRuleKeyRequirement +_kSecAssessmentRuleKeyType +_kSecAssessmentRuleKeyExpires +_kSecAssessmentRuleKeyDisabled +_kSecAssessmentRuleKeyBookmark +_kSecAssessmentContextKeyPrimarySignature +#endif // TARGET_OS_OSX + +#if TARGET_OS_OSX +//breadcrumb +_SecBreadcrumbCreateFromPassword +_SecBreadcrumbCopyPassword +_SecBreadcrumbCreateNewEncryptedKey +#endif // TARGET_OS_OSX + +#if TARGET_OS_IPHONE +_oidAnyExtendedKeyUsage +_oidAnyPolicy +#elif TARGET_OS_OSX +// +// libDER OIDs +// +_oidRsa +_oidMd2Rsa +_oidMd4Rsa +_oidMd5Rsa +_oidSha1Rsa +_oidSha256Rsa +_oidSha384Rsa +_oidSha512Rsa +_oidSha224Rsa +_oidEcPubKey +_oidSha1Ecdsa +_oidSha224Ecdsa +_oidSha256Ecdsa +_oidSha384Ecdsa +_oidSha512Ecdsa +_oidSha1Dsa +_oidMd2 +_oidMd4 +_oidMd5 +_oidSha1 +_oidSha1DsaOIW +_oidSha1DsaCommonOIW +_oidSha1RsaOIW +_oidSha256 +_oidSha384 +_oidSha512 +_oidSha224 +_oidFee +_oidMd5Fee +_oidSha1Fee +_oidSubjectKeyIdentifier +_oidKeyUsage +_oidPrivateKeyUsagePeriod +_oidSubjectAltName +_oidIssuerAltName +_oidBasicConstraints +_oidCrlDistributionPoints +_oidCertificatePolicies +_oidAnyPolicy +_oidPolicyMappings +_oidAuthorityKeyIdentifier +_oidPolicyConstraints +_oidExtendedKeyUsage +_oidAnyExtendedKeyUsage +_oidInhibitAnyPolicy +_oidAuthorityInfoAccess +_oidSubjectInfoAccess +_oidAdOCSP +_oidAdCAIssuer +_oidNetscapeCertType +_oidEntrustVersInfo +_oidMSNTPrincipalName +_oidQtCps +_oidQtUNotice +_oidCommonName +_oidCountryName +_oidLocalityName +_oidStateOrProvinceName +_oidOrganizationName +_oidOrganizationalUnitName +_oidDescription +_oidEmailAddress +_oidFriendlyName +_oidLocalKeyId +_oidExtendedKeyUsageServerAuth +_oidExtendedKeyUsageClientAuth +_oidExtendedKeyUsageCodeSigning +_oidExtendedKeyUsageEmailProtection +_oidExtendedKeyUsageOCSPSigning +_oidExtendedKeyUsageIPSec +_oidExtendedKeyUsageMicrosoftSGC +_oidExtendedKeyUsageNetscapeSGC +_oidGoogleEmbeddedSignedCertificateTimestamp +_oidGoogleOCSPSignedCertificateTimestamp +#endif // TARGET_OS_OSX + +#if TARGET_OS_OSX +// +// libsecurity_manifest +// +_SecManifestGetVersion +_SecManifestCompare +_SecManifestCreate +_SecManifestRelease +_SecManifestVerifySignature +_SecManifestVerifySignatureWithPolicy +_SecManifestCreateSignature +_SecManifestAddObject +_SecManifestAddSigner +_SecureDownloadCreateWithTicket +_SecureDownloadUpdateWithData +_SecureDownloadFinished +_SecureDownloadRelease +_SecureDownloadCopyName +_SecureDownloadCopyURLs +_SecureDownloadCopyCreationDate +_SecureDownloadGetDownloadSize +__SecureDownloadCreateTicketXML +_SecureDownloadCopyTicketLocation +#endif // TARGET_OS_OSX + +#if TARGET_OS_OSX +// +// anchor-test SPIs +// +_SecIsAppleTrustAnchorData +_SecIsAppleTrustAnchor +#endif + +#if TARGET_OS_OSX +// +// libsecurity_translocate +// +_SecTranslocateStartListening +_SecTranslocateStartListeningWithOptions +_SecTranslocateCreateSecureDirectoryForURL +_SecTranslocateDeleteSecureDirectory +_SecTranslocateAppLaunchCheckin +_SecTranslocateURLShouldRunTranslocated +_SecTranslocateIsTranslocatedURL +_SecTranslocateCreateOriginalPathForURL +#endif // TARGET_OS_OSX + +#if TARGET_OS_OSX +_SecurityVersionNumber +_SecurityVersionString +#endif // TARGET_OS_OSX + +#if TARGET_OS_OSX +// +// libsecurity_checkpw +// +_checkpw +_checkpw_internal +#endif // TARGET_OS_OSX + +#if TARGET_OS_OSX +// +// libsecurity_utilities +// +_secdebug_internal +_secdebugfunc_internal +_weak_os_log_impl +_weak_os_log_create +_weak_os_log_type_enabled +_secLogEnable +_secLogDisable +#endif + +_secLogObjForScope +_logObjForScope + +// +// Recovery Key +// + +_SecRKCreateRecoveryKey +_SecRKCopyAccountRecoveryPassword +_SecRKCopyBackupPublicKey +_SecRKCopyBackupFullKey +_SecRKRegisterBackupPublicKey +_SecRKCreateRecoveryKeyString diff --git a/Security.xcodeproj/project.pbxproj b/Security.xcodeproj/project.pbxproj index 734054f5..eabfe534 100644 --- a/Security.xcodeproj/project.pbxproj +++ b/Security.xcodeproj/project.pbxproj @@ -13,7 +13,8 @@ buildPhases = ( ); dependencies = ( - 05EF68B4194914C2007958C3 /* PBXTargetDependency */, + DCE4E9731D7F3FC200AFB96E /* PBXTargetDependency */, + DCE4E90C1D7F3B4A00AFB96E /* PBXTargetDependency */, ); name = Security_temporary_UI; productName = Security_temporary_UI; @@ -35,10 +36,25 @@ buildPhases = ( ); dependencies = ( + EBF374821DC058B60065D840 /* PBXTargetDependency */, + DCE4E7B81D7A456500AFB96E /* PBXTargetDependency */, + DC61096D1D78E72C002223DE /* PBXTargetDependency */, + DC610A421D78F3A5002223DE /* PBXTargetDependency */, + DC5ABE1C1D832F5E00CF422C /* PBXTargetDependency */, + DCE4E6AA1D7A38E700AFB96E /* PBXTargetDependency */, + DCE4E7F11D7A4BEC00AFB96E /* PBXTargetDependency */, + DC610A381D78F15C002223DE /* PBXTargetDependency */, + DC5AC12F1D8356DA00CF422C /* PBXTargetDependency */, + DCE4E82A1D7A4F2500AFB96E /* PBXTargetDependency */, + DCE4E8621D7A58BA00AFB96E /* PBXTargetDependency */, + DCE4E8D81D7F37F200AFB96E /* PBXTargetDependency */, + DC3A4B6B1D91EBEE00E46D4A /* PBXTargetDependency */, + DCBE6E4A1D91E23D00A3E5E5 /* PBXTargetDependency */, + DC610ABC1D791139002223DE /* PBXTargetDependency */, + DC610A6C1D78FAA2002223DE /* PBXTargetDependency */, + DC610A541D78F759002223DE /* PBXTargetDependency */, + DC61096B1D78E60C002223DE /* PBXTargetDependency */, EBD849361B242C8900C5FD1E /* PBXTargetDependency */, - 05EF68CA1949167B007958C3 /* PBXTargetDependency */, - E7E7B2201BFA865300B1E66B /* PBXTargetDependency */, - E745841F1BF66525001B54A4 /* PBXTargetDependency */, E74583BE1BF66489001B54A4 /* PBXTargetDependency */, E7E7B24B1BFC0CD900B1E66B /* PBXTargetDependency */, EB31EA831D3EF2FB008F952A /* PBXTargetDependency */, @@ -75,6 +91,7 @@ buildPhases = ( ); dependencies = ( + DC71D9E31D95BAD50065FB93 /* PBXTargetDependency */, EB6A6FBD1B90F9170045DC68 /* PBXTargetDependency */, ); name = Security_frameworks_ios; @@ -86,6 +103,7 @@ buildPhases = ( ); dependencies = ( + EBF374841DC058C00065D840 /* PBXTargetDependency */, EBB696D41BE2085700715F16 /* PBXTargetDependency */, 438169E71B4EE4B300C54D58 /* PBXTargetDependency */, 5EF7C2561B00EEF900E5E99C /* PBXTargetDependency */, @@ -98,7 +116,6 @@ 0C664AB41759270C0092D3D9 /* PBXTargetDependency */, 0C99B740131C984900584CF4 /* PBXTargetDependency */, 0CC827F2138712B100BD99B7 /* PBXTargetDependency */, - 0CD72A5A16D55BF100A4B8A3 /* PBXTargetDependency */, 52D82BF616A627100078DFE5 /* PBXTargetDependency */, CD0637811A840C6400C81E74 /* PBXTargetDependency */, 5DDD0BEE16D6748900D6C0D6 /* PBXTargetDependency */, @@ -142,6 +159,7 @@ buildPhases = ( ); dependencies = ( + EBF374881DC058CC0065D840 /* PBXTargetDependency */, D41AD45C1B978A7A008C7270 /* PBXTargetDependency */, D41AD4721B978F76008C7270 /* PBXTargetDependency */, D41AD45E1B978A7C008C7270 /* PBXTargetDependency */, @@ -163,6 +181,7 @@ buildPhases = ( ); dependencies = ( + EBF374861DC058C50065D840 /* PBXTargetDependency */, D41AD43A1B96721E008C7270 /* PBXTargetDependency */, D41AD4521B9788B2008C7270 /* PBXTargetDependency */, D41AD45A1B978944008C7270 /* PBXTargetDependency */, @@ -180,6 +199,135 @@ name = Security_executables_tvos; productName = Security_executables_tvos; }; + DC008B451D90CE53004002A3 /* securityd_macos_mig */ = { + isa = PBXAggregateTarget; + buildConfigurationList = DC008B561D90CE53004002A3 /* Build configuration list for PBXAggregateTarget "securityd_macos_mig" */; + buildPhases = ( + DC008B581D90CE70004002A3 /* securityd mig */, + ); + dependencies = ( + ); + name = securityd_macos_mig; + productName = securityd_macos_mig_nomake; + }; + DC63CAE81D90D63500C03317 /* libsecurityd_macos_mig */ = { + isa = PBXAggregateTarget; + buildConfigurationList = DC63CAEA1D90D63500C03317 /* Build configuration list for PBXAggregateTarget "libsecurityd_macos_mig" */; + buildPhases = ( + DC63CAE91D90D63500C03317 /* libsecurityd mig */, + ); + dependencies = ( + ); + name = libsecurityd_macos_mig; + productName = securityd_macos_mig_nomake; + }; + DC6BC26C1D90CFEF00DD57B3 /* securityd_macos_startup */ = { + isa = PBXAggregateTarget; + buildConfigurationList = DC6BC26E1D90CFEF00DD57B3 /* Build configuration list for PBXAggregateTarget "securityd_macos_startup" */; + buildPhases = ( + DC6BC2711D90D04900DD57B3 /* CopyFiles */, + ); + dependencies = ( + ); + name = securityd_macos_startup; + productName = securityd_macos_mig_nomake; + }; + DC6BC2751D90D0BE00DD57B3 /* securityd_macos_DTrace */ = { + isa = PBXAggregateTarget; + buildConfigurationList = DC6BC2771D90D0BE00DD57B3 /* Build configuration list for PBXAggregateTarget "securityd_macos_DTrace" */; + buildPhases = ( + DC6BC2761D90D0BE00DD57B3 /* securityd DTrace */, + ); + dependencies = ( + ); + name = securityd_macos_DTrace; + productName = securityd_macos_mig_nomake; + }; + DC6BC27C1D90D1EE00DD57B3 /* security_cssm_generator */ = { + isa = PBXAggregateTarget; + buildConfigurationList = DC6BC27E1D90D1EE00DD57B3 /* Build configuration list for PBXAggregateTarget "security_cssm_generator" */; + buildPhases = ( + DC6BC27D1D90D1EE00DD57B3 /* cssm generator */, + ); + dependencies = ( + ); + name = security_cssm_generator; + productName = securityd_macos_mig_nomake; + }; + DC82FFE51D90D3F60085674B /* security_utilities_DTrace */ = { + isa = PBXAggregateTarget; + buildConfigurationList = DC82FFE71D90D3F60085674B /* Build configuration list for PBXAggregateTarget "security_utilities_DTrace" */; + buildPhases = ( + DC82FFE61D90D3F60085674B /* security_utilities DTrace */, + ); + dependencies = ( + ); + name = security_utilities_DTrace; + productName = securityd_macos_mig_nomake; + }; + DC82FFEC1D90D4D20085674B /* security_ocspd_macos_mig */ = { + isa = PBXAggregateTarget; + buildConfigurationList = DC82FFEE1D90D4D20085674B /* Build configuration list for PBXAggregateTarget "security_ocspd_macos_mig" */; + buildPhases = ( + DC82FFED1D90D4D20085674B /* ocspd mig */, + ); + dependencies = ( + ); + name = security_ocspd_macos_mig; + productName = securityd_macos_mig_nomake; + }; + DCD067561D8CDCF3007602F1 /* codesigning_DTrace */ = { + isa = PBXAggregateTarget; + buildConfigurationList = DCD067571D8CDCF4007602F1 /* Build configuration list for PBXAggregateTarget "codesigning_DTrace" */; + buildPhases = ( + DCD0675A1D8CDCFD007602F1 /* ShellScript */, + ); + dependencies = ( + ); + name = codesigning_DTrace; + productName = codesigning_DTrace; + }; + DCD0675B1D8CDD6D007602F1 /* codesigning_SystemPolicy */ = { + isa = PBXAggregateTarget; + buildConfigurationList = DCD0675D1D8CDD6D007602F1 /* Build configuration list for PBXAggregateTarget "codesigning_SystemPolicy" */; + buildPhases = ( + DCD0675C1D8CDD6D007602F1 /* Make SystemPolicy */, + DCD067611D8CDDFA007602F1 /* Install System Policy */, + DCD0676D1D8CDEC1007602F1 /* CopyFiles */, + DCD067741D8CDEE2007602F1 /* CopyFiles */, + DCD067761D8CDEF9007602F1 /* CopyFiles */, + ); + dependencies = ( + ); + name = codesigning_SystemPolicy; + productName = codesigning_DTrace; + }; + DCD069661D8CE105007602F1 /* codesigning_RequirementsLanguage */ = { + isa = PBXAggregateTarget; + buildConfigurationList = DCD069681D8CE105007602F1 /* Build configuration list for PBXAggregateTarget "codesigning_RequirementsLanguage" */; + buildPhases = ( + DCD069671D8CE105007602F1 /* ShellScript */, + ); + dependencies = ( + ); + name = codesigning_RequirementsLanguage; + productName = codesigning_DTrace; + }; + DCD06A7B1D8CE32F007602F1 /* All Codesigning */ = { + isa = PBXAggregateTarget; + buildConfigurationList = DCD06A7C1D8CE330007602F1 /* Build configuration list for PBXAggregateTarget "All Codesigning" */; + buildPhases = ( + ); + dependencies = ( + DCD06A881D8CE34D007602F1 /* PBXTargetDependency */, + DCD06A861D8CE348007602F1 /* PBXTargetDependency */, + DCD06A841D8CE343007602F1 /* PBXTargetDependency */, + DCD06A821D8CE33F007602F1 /* PBXTargetDependency */, + DCD06A801D8CE33B007602F1 /* PBXTargetDependency */, + ); + name = "All Codesigning"; + productName = "All Codesigning"; + }; E74584661BF68EBA001B54A4 /* osx */ = { isa = PBXAggregateTarget; buildConfigurationList = E74584671BF68EBA001B54A4 /* Build configuration list for PBXAggregateTarget "osx" */; @@ -223,7 +371,11 @@ buildPhases = ( ); dependencies = ( - E79EEDDD1CD3FFE300C2FBFC /* PBXTargetDependency */, + DC71D9FD1D95BB440065FB93 /* PBXTargetDependency */, + DC71D9E11D95BAC40065FB93 /* PBXTargetDependency */, + DC5AC1341D835C2300CF422C /* PBXTargetDependency */, + DC178BF31D77ABE300B50D50 /* PBXTargetDependency */, + DC58C4431D77C1F8003C25A4 /* PBXTargetDependency */, ); name = Security_frameworks_osx; productName = Security_frameworks_macos; @@ -316,72 +468,39 @@ /* End PBXAggregateTarget section */ /* Begin PBXBuildFile section */ - 0C0BDB32175685B000BC1A7E /* main.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C0BDB31175685B000BC1A7E /* main.c */; }; - 0C0BDB851756A4B900BC1A7E /* libsecdRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 0C0BDB821756A1D700BC1A7E /* libsecdRegressions.a */; }; - 0C0BDB861756A4C100BC1A7E /* libsecurityd.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18F7F66514D77DF700F88A12 /* libsecurityd.a */; }; - 0C0BDB871756A4FA00BC1A7E /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; + 0C0BDB32175685B000BC1A7E /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = 0C0BDB31175685B000BC1A7E /* main.m */; }; 0C0BDB881756A51000BC1A7E /* libsqlite3.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CB740680A4749C800D641BB /* libsqlite3.dylib */; }; - 0C0BDB8A1756A5D500BC1A7E /* libDER.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C8786AD0B03E05E00BB77D4 /* libDER.a */; }; - 0C0BDB8B1756A5D900BC1A7E /* libASN1.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 795CA9860D38269B00BAE6A2 /* libASN1.a */; }; - 0C0BDB8C1756A5F500BC1A7E /* libregressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E710C708133192EA00F85568 /* libregressions.a */; }; 0C0BDB8D1756A66100BC1A7E /* CFNetwork.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CF730310EF9CDE300E17471 /* CFNetwork.framework */; }; - 0C0BDB8E1756A69A00BC1A7E /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C60888B155C943D00A0904F /* libSecureObjectSync.a */; }; 0C0BDB8F1756A6D500BC1A7E /* libMobileGestalt.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = E7D690911652E06A0079537A /* libMobileGestalt.dylib */; }; - 0C0BDB901756A80100BC1A7E /* libsecipc_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18F7F66914D77DF700F88A12 /* libsecipc_client.a */; }; 0C0BDB911756A8A400BC1A7E /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CBCE5A90BE7F69100FF81F5 /* IOKit.framework */; }; 0C0BDB931756A8C900BC1A7E /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E71F3E3016EA69A900FAF9B4 /* SystemConfiguration.framework */; }; 0C0C88781CCEC5C400617D1B /* si-82-sectrust-ct-data in Resources */ = {isa = PBXBuildFile; fileRef = 0C0C88771CCEC5BD00617D1B /* si-82-sectrust-ct-data */; }; 0C0C88791CCEC5C500617D1B /* si-82-sectrust-ct-data in Resources */ = {isa = PBXBuildFile; fileRef = 0C0C88771CCEC5BD00617D1B /* si-82-sectrust-ct-data */; }; - 0C150099161D01D700181E9D /* libDER.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C8786AD0B03E05E00BB77D4 /* libDER.a */; }; - 0C15009A161D01F400181E9D /* libCMS.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 79BDD39F0D60D5F9000D84D3 /* libCMS.a */; }; - 0C15009B161D020000181E9D /* libASN1.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 795CA9860D38269B00BAE6A2 /* libASN1.a */; }; + 0C0CECA41DA45ED700C22FBC /* recovery_key.m in Sources */ = {isa = PBXBuildFile; fileRef = 0C0CEC9E1DA45EA200C22FBC /* recovery_key.m */; }; 0C2BCBAF1D06401F00ED7A2F /* ioSock.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CE5A65809C79E0600D27A3F /* ioSock.c */; }; 0C2BCBB01D06401F00ED7A2F /* sslAppUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CE5A65A09C79E0600D27A3F /* sslAppUtils.cpp */; }; - 0C2BCBB11D06401F00ED7A2F /* print_cert.c in Sources */ = {isa = PBXBuildFile; fileRef = EBD8495A1B24BEA000C5FD1E /* print_cert.c */; }; - 0C2BCBB31D06401F00ED7A2F /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; 0C2BCBB41D06401F00ED7A2F /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C32C0AF0A4975F6002891BD /* Security.framework */; }; 0C2BCBB51D06401F00ED7A2F /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E43C48C1B00D07000E5ECB2 /* CoreFoundation.framework */; }; 0C2BCBBA1D06403B00ED7A2F /* dtlsEchoClient.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C2BCBA51D063F7D00ED7A2F /* dtlsEchoClient.c */; }; 0C2BCBC41D0648D100ED7A2F /* ioSock.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CE5A65809C79E0600D27A3F /* ioSock.c */; }; 0C2BCBC51D0648D100ED7A2F /* sslAppUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CE5A65A09C79E0600D27A3F /* sslAppUtils.cpp */; }; - 0C2BCBC61D0648D100ED7A2F /* print_cert.c in Sources */ = {isa = PBXBuildFile; fileRef = EBD8495A1B24BEA000C5FD1E /* print_cert.c */; }; - 0C2BCBC81D0648D100ED7A2F /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; 0C2BCBC91D0648D100ED7A2F /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C32C0AF0A4975F6002891BD /* Security.framework */; }; 0C2BCBCA1D0648D100ED7A2F /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E43C48C1B00D07000E5ECB2 /* CoreFoundation.framework */; }; 0C2BCBCF1D0648EF00ED7A2F /* dtlsEchoServer.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C2BCBA61D063F7D00ED7A2F /* dtlsEchoServer.c */; }; - 0C3145571496B8FB00427C0B /* SecureTransport.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C3145551496B8FB00427C0B /* SecureTransport.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 0C3145581496B8FB00427C0B /* SecureTransportPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C3145561496B8FB00427C0B /* SecureTransportPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 0C5D2EEB167FEAAC0077501D /* SecAsn1Coder.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C5D2EEA167FEAAC0077501D /* SecAsn1Coder.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 0C5D2EED167FEEC90077501D /* secasn1t.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C5D2EEC167FEEC90077501D /* secasn1t.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 0C5D2EEF167FF0560077501D /* SecAsn1Templates.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C5D2EEE167FF0560077501D /* SecAsn1Templates.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 0C5D2EF1167FF1FC0077501D /* oidsalg.h in Headers */ = {isa = PBXBuildFile; fileRef = 0C5D2EF0167FF1FC0077501D /* oidsalg.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 0C6E38FA1C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxyReceiveMessage.m in Sources */ = {isa = PBXBuildFile; fileRef = 0C6E38F51C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxyReceiveMessage.m */; }; - 0C6E38FB1C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxySendMessage.m in Sources */ = {isa = PBXBuildFile; fileRef = 0C6E38F71C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxySendMessage.m */; }; - 0C6E38FC1C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxyThrottle.m in Sources */ = {isa = PBXBuildFile; fileRef = 0C6E38F91C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxyThrottle.m */; }; 0C78F1CC16A5E1BF00654E08 /* sectask-10-sectask.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C78F1CA16A5E1BF00654E08 /* sectask-10-sectask.c */; }; 0C78F1CD16A5E1BF00654E08 /* sectask-10-sectask.c in Sources */ = {isa = PBXBuildFile; fileRef = 0C78F1CA16A5E1BF00654E08 /* sectask-10-sectask.c */; }; 0C78F1CE16A5E1BF00654E08 /* sectask_ipc.defs in Sources */ = {isa = PBXBuildFile; fileRef = 0C78F1CB16A5E1BF00654E08 /* sectask_ipc.defs */; settings = {ATTRIBUTES = (Client, Server, ); }; }; 0C78F1CF16A5E1BF00654E08 /* sectask_ipc.defs in Sources */ = {isa = PBXBuildFile; fileRef = 0C78F1CB16A5E1BF00654E08 /* sectask_ipc.defs */; settings = {ATTRIBUTES = (Client, Server, ); }; }; 0C78F1D016A5E3EB00654E08 /* libbsm.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 107227350D91FE89003CF14F /* libbsm.dylib */; }; 0C869B431C865E4D006A2873 /* CoreCDP.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 0C869B421C865E4D006A2873 /* CoreCDP.framework */; }; - 0CA31A4814BB5CDB00BD348C /* CipherSuite.h in Headers */ = {isa = PBXBuildFile; fileRef = 0CA31A4614BB5C9100BD348C /* CipherSuite.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 0CA31A7514BB6C2500BD348C /* sslTypes.h in Headers */ = {isa = PBXBuildFile; fileRef = 0CA31A7314BB6C2500BD348C /* sslTypes.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 0CC82948138716F400BD99B7 /* libregressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 0CC82947138716F400BD99B7 /* libregressions.a */; }; - 0CCA408015C745B9002AEC4C /* libsecurity_ssl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 0CCA406A15C73CA1002AEC4C /* libsecurity_ssl.a */; }; - 0CCA418715C89FBB002AEC4C /* libsecurity_ssl_regressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 0CCA418415C89ECD002AEC4C /* libsecurity_ssl_regressions.a */; }; - 0CCA418815C89FC4002AEC4C /* libsecurity_ssl_regressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 0CCA418415C89ECD002AEC4C /* libsecurity_ssl_regressions.a */; }; - 0CD72A5D16D5769A00A4B8A3 /* utilities.c in Sources */ = {isa = PBXBuildFile; fileRef = 0CD72A5B16D5769A00A4B8A3 /* utilities.c */; }; + 0CC319241DA46FBF005D42EA /* ProtectedCloudStorage.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 43DB542E1BB1F85B0083C3F1 /* ProtectedCloudStorage.framework */; }; + 0CFC029C1D41650700E6283B /* libcoretls.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 0CFC029B1D41650700E6283B /* libcoretls.dylib */; }; + 0CFC02C21D41651E00E6283B /* libcoretls.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 0CFC029B1D41650700E6283B /* libcoretls.dylib */; }; 107226D30D91DB32003CF14F /* SecTask.h in Headers */ = {isa = PBXBuildFile; fileRef = 107226D10D91DB32003CF14F /* SecTask.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 18F7F66E14D77E9700F88A12 /* libsecurity.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18F7F66314D77DF700F88A12 /* libsecurity.a */; }; - 18F7F66F14D77EA400F88A12 /* libsecipc_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18F7F66914D77DF700F88A12 /* libsecipc_client.a */; }; - 18F7F67214D77ED000F88A12 /* libsecurityd.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18F7F66514D77DF700F88A12 /* libsecurityd.a */; }; - 18F7F67514D77EF400F88A12 /* libsecurityd.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18F7F66514D77DF700F88A12 /* libsecurityd.a */; }; - 18F7F67814D77F0600F88A12 /* libsecurityd.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18F7F66514D77DF700F88A12 /* libsecurityd.a */; }; 18F7F67914D77F4400F88A12 /* NtlmGenerator.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C999BA10AB5F0BB0010451D /* NtlmGenerator.c */; }; 18F7F67A14D77F4400F88A12 /* ntlmBlobPriv.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C999BA30AB5F0BB0010451D /* ntlmBlobPriv.c */; }; 18F7F67C14D77F5000F88A12 /* SecTask.c in Sources */ = {isa = PBXBuildFile; fileRef = 107226D00D91DB32003CF14F /* SecTask.c */; }; 433E519E1B66D5F600482618 /* AppSupport.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 433E519D1B66D5F600482618 /* AppSupport.framework */; }; - 4364A1D81B2116CD00B6AFAC /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; 4381603A1B4DCE8F00C54D58 /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E71F3E3016EA69A900FAF9B4 /* SystemConfiguration.framework */; }; 4381603B1B4DCEFF00C54D58 /* AggregateDictionary.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 72B368BD179891FC004C37CE /* AggregateDictionary.framework */; }; 4381603C1B4DCF9E00C54D58 /* CFNetwork.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CF730310EF9CDE300E17471 /* CFNetwork.framework */; }; @@ -393,7 +512,6 @@ 438168BE1B4ED42700C54D58 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E43C48C1B00D07000E5ECB2 /* CoreFoundation.framework */; }; 438168BF1B4ED42C00C54D58 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E43C48C1B00D07000E5ECB2 /* CoreFoundation.framework */; }; 438168C01B4ED42C00C54D58 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E43C48C1B00D07000E5ECB2 /* CoreFoundation.framework */; }; - 438168C21B4ED43100C54D58 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E43C48C1B00D07000E5ECB2 /* CoreFoundation.framework */; }; 438168C31B4ED43200C54D58 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E43C48C1B00D07000E5ECB2 /* CoreFoundation.framework */; }; 438168C41B4ED43800C54D58 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E43C48C1B00D07000E5ECB2 /* CoreFoundation.framework */; }; 438168C51B4ED43B00C54D58 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E43C48C1B00D07000E5ECB2 /* CoreFoundation.framework */; }; @@ -406,7 +524,6 @@ 4432AF8B1A014664000958DC /* libcoreauthd_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF6A1A01458F000958DC /* libcoreauthd_client.a */; }; 4432AF8D1A01472C000958DC /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF8C1A01472C000958DC /* libaks_acl.a */; }; 4432B0B71A014987000958DC /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF8C1A01472C000958DC /* libaks_acl.a */; }; - 4432B0B81A014A93000958DC /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF8C1A01472C000958DC /* libaks_acl.a */; }; 4432B15E1A014D37000958DC /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF8C1A01472C000958DC /* libaks_acl.a */; }; 4432B15F1A014D55000958DC /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF8C1A01472C000958DC /* libaks_acl.a */; }; 4432B1601A014D85000958DC /* libcoreauthd_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF6A1A01458F000958DC /* libcoreauthd_client.a */; }; @@ -421,9 +538,23 @@ 44A655831AA4B4BB0059D185 /* libctkclient.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4469FBDD1AA0A45C0021AA26 /* libctkclient.a */; }; 44A655A51AA4B4C70059D185 /* libctkclient.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4469FBDD1AA0A45C0021AA26 /* libctkclient.a */; }; 44A655A61AA4B4C80059D185 /* libctkclient.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4469FBDD1AA0A45C0021AA26 /* libctkclient.a */; }; - 486326301CAA0BF400A466D9 /* com.apple.securityd.plist in Resources */ = {isa = PBXBuildFile; fileRef = 4863262F1CAA0BE900A466D9 /* com.apple.securityd.plist */; }; - 486326311CAA0C0F00A466D9 /* com.apple.securityd.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = 4863262F1CAA0BE900A466D9 /* com.apple.securityd.plist */; }; - 4ACED92D15A10A320060775A /* libSecurityRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E79D9CD5159BEA78000834EC /* libSecurityRegressions.a */; }; + 483E798F1DC87605005C0008 /* secd-67-prefixedKeyIDs.c in Sources */ = {isa = PBXBuildFile; fileRef = 483E79891DC875F2005C0008 /* secd-67-prefixedKeyIDs.c */; }; + 485B640B1DC16E8300B771B9 /* SOSKeyedPubKeyIdentifier.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 485B64091DC16E8300B771B9 /* SOSKeyedPubKeyIdentifier.h */; }; + 485B64111DC16ED600B771B9 /* SOSKeyedPubKeyIdentifier.c in Sources */ = {isa = PBXBuildFile; fileRef = 485B64081DC16E8300B771B9 /* SOSKeyedPubKeyIdentifier.c */; }; + 485B64121DC16EDA00B771B9 /* SOSKeyedPubKeyIdentifier.h in Headers */ = {isa = PBXBuildFile; fileRef = 485B64091DC16E8300B771B9 /* SOSKeyedPubKeyIdentifier.h */; }; + 48776C7A1DA5BB4C00CC09B9 /* SOSRecoveryKeyBag.c in Sources */ = {isa = PBXBuildFile; fileRef = 48776C731DA5BB4200CC09B9 /* SOSRecoveryKeyBag.c */; }; + 48776C7B1DA5BB4C00CC09B9 /* SOSRecoveryKeyBag.h in Headers */ = {isa = PBXBuildFile; fileRef = 48776C741DA5BB4200CC09B9 /* SOSRecoveryKeyBag.h */; }; + 48776C7E1DA5BB7600CC09B9 /* SOSRingRecovery.c in Sources */ = {isa = PBXBuildFile; fileRef = 48776C7C1DA5BB5F00CC09B9 /* SOSRingRecovery.c */; }; + 48776C7F1DA5BB7600CC09B9 /* SOSRingRecovery.h in Headers */ = {isa = PBXBuildFile; fileRef = 48776C7D1DA5BB5F00CC09B9 /* SOSRingRecovery.h */; }; + 48776C811DA5BC0E00CC09B9 /* SOSAccountRecovery.c in Sources */ = {isa = PBXBuildFile; fileRef = 48776C801DA5BC0E00CC09B9 /* SOSAccountRecovery.c */; }; + 48AFBA7C1DEF8D4800436D08 /* secd-80-views-alwayson.c in Sources */ = {isa = PBXBuildFile; fileRef = 48AFBA751DEF8D3100436D08 /* secd-80-views-alwayson.c */; }; + 48BC0F651DFA2B5B00DDDFF9 /* accountCirclesViewsPrint.c in Sources */ = {isa = PBXBuildFile; fileRef = 48BC0F5C1DFA2B4500DDDFF9 /* accountCirclesViewsPrint.c */; }; + 48BC0F661DFA2B5B00DDDFF9 /* accountCirclesViewsPrint.h in Headers */ = {isa = PBXBuildFile; fileRef = 48BC0F5D1DFA2B4500DDDFF9 /* accountCirclesViewsPrint.h */; }; + 48BC0F6A1DFA357000DDDFF9 /* accountCirclesViewsPrint.c in Sources */ = {isa = PBXBuildFile; fileRef = 48BC0F5C1DFA2B4500DDDFF9 /* accountCirclesViewsPrint.c */; }; + 48BC0F6B1DFA357200DDDFF9 /* accountCirclesViewsPrint.c in Sources */ = {isa = PBXBuildFile; fileRef = 48BC0F5C1DFA2B4500DDDFF9 /* accountCirclesViewsPrint.c */; }; + 48CC589F1DA5FF2700EBD9DB /* secd-66-account-recovery.c in Sources */ = {isa = PBXBuildFile; fileRef = 48CC58971DA5FF0B00EBD9DB /* secd-66-account-recovery.c */; }; + 48E617211DBEC6BA0098EAAD /* SOSBackupInformation.c in Sources */ = {isa = PBXBuildFile; fileRef = 48E6171A1DBEC40D0098EAAD /* SOSBackupInformation.c */; }; + 48E617221DBEC6C60098EAAD /* SOSBackupInformation.h in Headers */ = {isa = PBXBuildFile; fileRef = 48E6171B1DBEC40D0098EAAD /* SOSBackupInformation.h */; }; 4AF7000015AFB73800B9D400 /* SecOTRIdentityPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 4AF7FFF615AFB73800B9D400 /* SecOTRIdentityPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; 4AF7000115AFB73800B9D400 /* SecOTRMath.h in Headers */ = {isa = PBXBuildFile; fileRef = 4AF7FFF715AFB73800B9D400 /* SecOTRMath.h */; settings = {ATTRIBUTES = (Private, ); }; }; 4AF7000315AFB73800B9D400 /* SecOTRPacketData.h in Headers */ = {isa = PBXBuildFile; fileRef = 4AF7FFF915AFB73800B9D400 /* SecOTRPacketData.h */; settings = {ATTRIBUTES = (Private, ); }; }; @@ -435,25 +566,12 @@ 4AF7FFFF15AFB73800B9D400 /* SecOTRErrors.h in Headers */ = {isa = PBXBuildFile; fileRef = 4AF7FFF515AFB73800B9D400 /* SecOTRErrors.h */; settings = {ATTRIBUTES = (Private, ); }; }; 4C0B906E0ACCBD240077CD03 /* SecFramework.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C0B906C0ACCBD240077CD03 /* SecFramework.h */; }; 4C0CC642174C580200CC799A /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E71F3E3016EA69A900FAF9B4 /* SystemConfiguration.framework */; }; - 4C12828D0BB4957D00985BB0 /* SecTrustSettingsPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C12828C0BB4957D00985BB0 /* SecTrustSettingsPriv.h */; }; + 4C12828D0BB4957D00985BB0 /* SecTrustSettingsPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C12828C0BB4957D00985BB0 /* SecTrustSettingsPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; 4C198F220ACDB4BF00AAB142 /* Certificate.strings in Resources */ = {isa = PBXBuildFile; fileRef = 4C198F1D0ACDB4BF00AAB142 /* Certificate.strings */; }; 4C198F230ACDB4BF00AAB142 /* OID.strings in Resources */ = {isa = PBXBuildFile; fileRef = 4C198F1F0ACDB4BF00AAB142 /* OID.strings */; }; - 4C1ADEAA1615175500E4A8AF /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C60888B155C943D00A0904F /* libSecureObjectSync.a */; }; 4C1B442D0BB9CAF900461B82 /* SecTrustStore.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C1B442C0BB9CAF900461B82 /* SecTrustStore.h */; settings = {ATTRIBUTES = (Private, ); }; }; 4C2215220F3A612C00835155 /* libsqlite3.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CB740680A4749C800D641BB /* libsqlite3.dylib */; }; 4C2F81D50BF121D2003C4F77 /* SecRandom.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C2F81D40BF121D2003C4F77 /* SecRandom.h */; settings = {ATTRIBUTES = (Public, ); }; }; - 4C2FEC5215755D8C0008BE39 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; - 4C2FEC5315755DAB0008BE39 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; - 4C2FEC5415755DCD0008BE39 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; - 4C2FEC5515755DE50008BE39 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; - 4C2FEC5615755DF40008BE39 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; - 4C2FEC5715755E040008BE39 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; - 4C2FEC5A15755E2A0008BE39 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; - 4C2FEC5B15755E2F0008BE39 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; - 4C2FEC5D157571DD0008BE39 /* libSOSRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C60888D155C943D00A0904F /* libSOSRegressions.a */; }; - 4C2FEC5E157571E30008BE39 /* libSOSRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C60888D155C943D00A0904F /* libSOSRegressions.a */; }; - 4C2FEC66157588770008BE39 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C60888B155C943D00A0904F /* libSecureObjectSync.a */; }; - 4C2FEC671575887D0008BE39 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C60888B155C943D00A0904F /* libSecureObjectSync.a */; }; 4C32C1030A4976BF002891BD /* certextensions.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C28BCD60986EBCB0020C665 /* certextensions.h */; }; 4C32C1240A4976BF002891BD /* SecBase.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C696B3709BFA94F000CBC75 /* SecBase.h */; settings = {ATTRIBUTES = (Public, ); }; }; 4C32C1250A4976BF002891BD /* SecCertificate.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C8FD03D099D5C91006867B6 /* SecCertificate.h */; settings = {ATTRIBUTES = (Public, ); }; }; @@ -563,7 +681,6 @@ 4C711D6D13AFCD0900FE865D /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C32C0AF0A4975F6002891BD /* Security.framework */; }; 4C711D6F13AFCD0900FE865D /* CFNetwork.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CF730310EF9CDE300E17471 /* CFNetwork.framework */; }; 4C711D7013AFCD0900FE865D /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CBCE5A90BE7F69100FF81F5 /* IOKit.framework */; }; - 4C711D7113AFCD0900FE865D /* libregressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 0CC82947138716F400BD99B7 /* libregressions.a */; }; 4C7391790B01745000C4CBFA /* vmdh.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C7391770B01745000C4CBFA /* vmdh.h */; settings = {ATTRIBUTES = (Private, ); }; }; 4C7416040F1D71A2008E0E4D /* SecSCEP.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C7416020F1D71A2008E0E4D /* SecSCEP.h */; settings = {ATTRIBUTES = (Private, ); }; }; 4C7608B30AC34A8100980096 /* SecCertificatePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C7608B10AC34A8100980096 /* SecCertificatePriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; @@ -609,13 +726,9 @@ 4CC3D29D178F698D0070FCC4 /* PersistentState.m in Sources */ = {isa = PBXBuildFile; fileRef = 4CC3D290178F310C0070FCC4 /* PersistentState.m */; }; 4CC92B1C15A3BF2F00C6D578 /* testmain.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92B1B15A3BF2F00C6D578 /* testmain.c */; }; 4CC92B1D15A3BF2F00C6D578 /* testmain.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CC92B1B15A3BF2F00C6D578 /* testmain.c */; }; - 4CC92B2615A3C6FE00C6D578 /* libSecurityRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E79D9CD5159BEA78000834EC /* libSecurityRegressions.a */; }; - 4CC92B2715A3C73E00C6D578 /* libsecuritydRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CC92B1A15A3BF1E00C6D578 /* libsecuritydRegressions.a */; }; - 4CC92B3115A3C99600C6D578 /* libsecuritydRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CC92B1A15A3BF1E00C6D578 /* libsecuritydRegressions.a */; }; 4CCE0ADA0D41797400DDBB21 /* SecIdentityPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCE0AD90D41797400DDBB21 /* SecIdentityPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; 4CCE0ADE0D4179E500DDBB21 /* SecBasePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C0208F80D3C154200BFE54E /* SecBasePriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; 4CD3BA621106FF4D00BE8B75 /* SecECKey.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CD3BA601106FF4D00BE8B75 /* SecECKey.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 4CE39035169F87BB00026468 /* libSecurityTool.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E7104A06169E038F00DB0045 /* libSecurityTool.a */; }; 4CE5A55B09C7970A00D27A3F /* SSLViewer.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CE5A55709C7970A00D27A3F /* SSLViewer.c */; }; 4CE5A66009C79E0600D27A3F /* ioSock.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CE5A65809C79E0600D27A3F /* ioSock.c */; }; 4CE5A66109C79E0600D27A3F /* sslAppUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CE5A65A09C79E0600D27A3F /* sslAppUtils.cpp */; }; @@ -627,63 +740,16 @@ 4CF4C19D171E0EA600877419 /* Accounts.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CF4C19C171E0EA600877419 /* Accounts.framework */; }; 4CF730320EF9CDE300E17471 /* CFNetwork.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CF730310EF9CDE300E17471 /* CFNetwork.framework */; }; 4CFBF6100D5A951100969BBE /* SecPolicyInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CFBF5F10D5A92E100969BBE /* SecPolicyInternal.h */; }; - 5208F4BD1670027400A49DDA /* SyncViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 5208F4BC1670027400A49DDA /* SyncViewController.m */; }; - 5208F4BE1670027400A49DDA /* SyncViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 5208F4BC1670027400A49DDA /* SyncViewController.m */; }; - 5208F4CF16702D8800A49DDA /* CircleStatusView.m in Sources */ = {isa = PBXBuildFile; fileRef = 5208F4CE16702D8800A49DDA /* CircleStatusView.m */; }; - 5208F4D016702D8800A49DDA /* CircleStatusView.m in Sources */ = {isa = PBXBuildFile; fileRef = 5208F4CE16702D8800A49DDA /* CircleStatusView.m */; }; - 52222CC1167BDAE100EDD09C /* SpringBoardServices.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 52222CC0167BDAE100EDD09C /* SpringBoardServices.framework */; }; 52222CD0167BDAEC00EDD09C /* SpringBoardServices.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 52222CC0167BDAE100EDD09C /* SpringBoardServices.framework */; }; - 5223A7E316560CE400804179 /* libMobileGestalt.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = E7D690911652E06A0079537A /* libMobileGestalt.dylib */; }; - 5233635818CA9B2600333A5C /* libsecurityd.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18F7F66514D77DF700F88A12 /* libsecurityd.a */; }; - 5233636318CA9B3C00333A5C /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C60888B155C943D00A0904F /* libSecureObjectSync.a */; }; - 5233636418CA9B8900333A5C /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E71F3E3016EA69A900FAF9B4 /* SystemConfiguration.framework */; }; 524492941AFD6D480043695A /* der_plist.h in Headers */ = {isa = PBXBuildFile; fileRef = 524492931AFD6D480043695A /* der_plist.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 5262A64216AA01910038AFC1 /* Keychain_57x57.png in Resources */ = {isa = PBXBuildFile; fileRef = 527435A916A9E6D1001A96FF /* Keychain_57x57.png */; }; - 5264FB4E163674B50005D258 /* MyKeychain.m in Sources */ = {isa = PBXBuildFile; fileRef = 5264FB4D163674B50005D258 /* MyKeychain.m */; }; - 5264FB4F163674C00005D258 /* QuartzCore.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 520C98E7162485CA00A7C80B /* QuartzCore.framework */; }; - 5264FB50163674CF0005D258 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 52B35B051623753000B97D06 /* Security.framework */; }; - 5264FB52163675310005D258 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; - 52704B7E1638F4EB007FEBB0 /* KeychainKeys.png in Resources */ = {isa = PBXBuildFile; fileRef = 52704B7D1638F4EB007FEBB0 /* KeychainKeys.png */; }; - 52704B811638F610007FEBB0 /* NewPasswordViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 52704B801638F610007FEBB0 /* NewPasswordViewController.m */; }; - 52704B84163905EE007FEBB0 /* EditItemViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 52704B83163905EE007FEBB0 /* EditItemViewController.m */; }; - 52704B881639193F007FEBB0 /* Keychain-Entitlements.plist in Resources */ = {isa = PBXBuildFile; fileRef = 52704B871639193F007FEBB0 /* Keychain-Entitlements.plist */; }; - 527435AC16A9E6DB001A96FF /* Keychain_114x114.png in Resources */ = {isa = PBXBuildFile; fileRef = 527435AB16A9E6DB001A96FF /* Keychain_114x114.png */; }; - 527435AE16A9E6E5001A96FF /* Keychain_72x72.png in Resources */ = {isa = PBXBuildFile; fileRef = 527435AD16A9E6E5001A96FF /* Keychain_72x72.png */; }; - 527435B016A9E6EA001A96FF /* Keychain_144x144.png in Resources */ = {isa = PBXBuildFile; fileRef = 527435AF16A9E6E9001A96FF /* Keychain_144x144.png */; }; 5296CB4E1655B8F5009912AF /* libMobileGestalt.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = E7D690911652E06A0079537A /* libMobileGestalt.dylib */; }; 5296CB4F1655B92F009912AF /* libMobileGestalt.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = E7D690911652E06A0079537A /* libMobileGestalt.dylib */; }; 5296CB501655B990009912AF /* libMobileGestalt.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = E7D690911652E06A0079537A /* libMobileGestalt.dylib */; }; 5296CB521655B9B5009912AF /* libMobileGestalt.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = E7D690911652E06A0079537A /* libMobileGestalt.dylib */; }; - 5296CBAA1656A7AC009912AF /* libsqlite3.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CB740680A4749C800D641BB /* libsqlite3.dylib */; }; - 5296CBAB1656A7E2009912AF /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CBCE5A90BE7F69100FF81F5 /* IOKit.framework */; }; - 5296CBAC1656A7E9009912AF /* CFNetwork.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CF730310EF9CDE300E17471 /* CFNetwork.framework */; }; - 529990541661BA2600C297A2 /* DeviceTableViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 529990531661BA2600C297A2 /* DeviceTableViewController.m */; }; - 529990571661BADF00C297A2 /* DeviceItemCell.m in Sources */ = {isa = PBXBuildFile; fileRef = 529990561661BADF00C297A2 /* DeviceItemCell.m */; }; 52A23EDC161DEC3800E271E0 /* Default-568h@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 52A23EDB161DEC3700E271E0 /* Default-568h@2x.png */; }; 52A23EDD161DEC3F00E271E0 /* Default-568h@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 52A23EDB161DEC3700E271E0 /* Default-568h@2x.png */; }; - 52BF42C21AFAD10C00821B5D /* SOSCloudCircleInternal.h in Copy SecureObjectSync Headers */ = {isa = PBXBuildFile; fileRef = 9468B9691AF2B8FC00042383 /* SOSCloudCircleInternal.h */; }; - 52CD69FB16384C2000961848 /* KCAItemDetailViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 52CD69FA16384C2000961848 /* KCAItemDetailViewController.m */; }; 52D82BDF16A621F70078DFE5 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; 52D82BEE16A622370078DFE5 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 52D82BD316A5EADA0078DFE5 /* Security.framework */; }; - 52D82BF016A622570078DFE5 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; - 52DE816B1636347500F49F0C /* UIKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE411314471B000DE34E /* UIKit.framework */; }; - 52DE816C1636347500F49F0C /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; - 52DE816D1636347500F49F0C /* CoreGraphics.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE451314471B000DE34E /* CoreGraphics.framework */; }; - 52DE81751636347500F49F0C /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = 52DE81741636347500F49F0C /* main.m */; }; - 52DE81791636347600F49F0C /* AppDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = 52DE81781636347600F49F0C /* AppDelegate.m */; }; - 52DE817B1636347600F49F0C /* Default.png in Resources */ = {isa = PBXBuildFile; fileRef = 52DE817A1636347600F49F0C /* Default.png */; }; - 52DE817D1636347600F49F0C /* Default@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 52DE817C1636347600F49F0C /* Default@2x.png */; }; - 52DE817F1636347600F49F0C /* Default-568h@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 52DE817E1636347600F49F0C /* Default-568h@2x.png */; }; - 52DE81881636347600F49F0C /* FirstViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 52DE81871636347600F49F0C /* FirstViewController.m */; }; - 52DE818A1636347600F49F0C /* first.png in Resources */ = {isa = PBXBuildFile; fileRef = 52DE81891636347600F49F0C /* first.png */; }; - 52DE818C1636347600F49F0C /* first@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 52DE818B1636347600F49F0C /* first@2x.png */; }; - 52DE818F1636347600F49F0C /* ToolsViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 52DE818E1636347600F49F0C /* ToolsViewController.m */; }; - 52DE81911636347600F49F0C /* second.png in Resources */ = {isa = PBXBuildFile; fileRef = 52DE81901636347600F49F0C /* second.png */; }; - 52DE81931636347600F49F0C /* second@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 52DE81921636347600F49F0C /* second@2x.png */; }; - 52DE819C163636B900F49F0C /* KCATableViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 52DE819B163636B900F49F0C /* KCATableViewController.m */; }; - 52DE819F16363C1A00F49F0C /* KeychainItemCell.m in Sources */ = {isa = PBXBuildFile; fileRef = 52DE819E16363C1A00F49F0C /* KeychainItemCell.m */; }; - 52F63A201659F04E0076D2DE /* DeviceViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 52F63A1F1659F04E0076D2DE /* DeviceViewController.m */; }; - 52F8DE4E1AF2EB8F00A2C271 /* SOSTypes.h in Copy SecureObjectSync Headers */ = {isa = PBXBuildFile; fileRef = 52F8DE4D1AF2EB8F00A2C271 /* SOSTypes.h */; }; 5328C0521738903F00708984 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C32C0AF0A4975F6002891BD /* Security.framework */; }; 533B5D4F177CD63100995334 /* SpringBoardServices.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 52222CC0167BDAE100EDD09C /* SpringBoardServices.framework */; }; 5346480217331E1200FE9172 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; @@ -699,14 +765,9 @@ 5E43C48D1B00D07000E5ECB2 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E43C48C1B00D07000E5ECB2 /* CoreFoundation.framework */; }; 5E43C4921B00D0CD00E5ECB2 /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF8C1A01472C000958DC /* libaks_acl.a */; }; 5E43C4931B00D0DB00E5ECB2 /* libcoreauthd_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF6A1A01458F000958DC /* libcoreauthd_client.a */; }; - 5E43C4951B00D10A00E5ECB2 /* libregressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E710C708133192EA00F85568 /* libregressions.a */; }; 5E43C4961B00D3B500E5ECB2 /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CBCE5A90BE7F69100FF81F5 /* IOKit.framework */; }; 5E43C4981B00D49700E5ECB2 /* libsqlite3.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CB740680A4749C800D641BB /* libsqlite3.dylib */; }; 5E43C49A1B00D4D800E5ECB2 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C32C0AF0A4975F6002891BD /* Security.framework */; }; - 5E43C49B1B00D50F00E5ECB2 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C60888B155C943D00A0904F /* libSecureObjectSync.a */; }; - 5E43C49D1B00D55C00E5ECB2 /* libsecurityd.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18F7F66514D77DF700F88A12 /* libsecurityd.a */; }; - 5E43C49F1B00D63100E5ECB2 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; - 5E43C4A01B00D63F00E5ECB2 /* libMobileGestalt.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = E7D690911652E06A0079537A /* libMobileGestalt.dylib */; }; 5E4E05A41B0CA0FD001C4A31 /* sec_acl_stress.c in Sources */ = {isa = PBXBuildFile; fileRef = 5E4E05A31B0CA0FD001C4A31 /* sec_acl_stress.c */; }; 5E8B53A51AA0B8A600345E7B /* libcoreauthd_test_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E8B53A41AA0B8A600345E7B /* libcoreauthd_test_client.a */; }; 5EBE247D1B00CCAE0007DB0E /* main.c in Sources */ = {isa = PBXBuildFile; fileRef = 5EBE247C1B00CCAE0007DB0E /* main.c */; }; @@ -729,9 +790,7 @@ 7901791F12D51F7200CA4D44 /* SecCmsRecipientInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 7901791512D51F7200CA4D44 /* SecCmsRecipientInfo.h */; settings = {ATTRIBUTES = (Private, ); }; }; 7901792012D51F7200CA4D44 /* SecCmsSignedData.h in Headers */ = {isa = PBXBuildFile; fileRef = 7901791612D51F7200CA4D44 /* SecCmsSignedData.h */; settings = {ATTRIBUTES = (Private, ); }; }; 7901792112D51F7200CA4D44 /* SecCmsSignerInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 7901791712D51F7200CA4D44 /* SecCmsSignerInfo.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 7901792912D51FFC00CA4D44 /* SecAsn1Types.h in Headers */ = {isa = PBXBuildFile; fileRef = 7901792812D51FFC00CA4D44 /* SecAsn1Types.h */; settings = {ATTRIBUTES = (Private, ); }; }; 790850F70CA88AE10083CC4D /* securityd_client.h in Headers */ = {isa = PBXBuildFile; fileRef = 790850820CA87CF00083CC4D /* securityd_client.h */; }; - 790850F80CA88AE10083CC4D /* securityd_ipc_types.h in Headers */ = {isa = PBXBuildFile; fileRef = 790850830CA87CF00083CC4D /* securityd_ipc_types.h */; }; 790851D40CA9B19D0083CC4D /* server.c in Sources */ = {isa = PBXBuildFile; fileRef = 790850840CA87CF00083CC4D /* server.c */; }; 790851EE0CA9B3410083CC4D /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C32C0AF0A4975F6002891BD /* Security.framework */; }; 7913B2020D172B3900601FE9 /* ioSock.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CE5A65809C79E0600D27A3F /* ioSock.c */; }; @@ -739,7 +798,6 @@ 7913B2050D172B3900601FE9 /* sslServer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7913B1DF0D17280500601FE9 /* sslServer.cpp */; }; 7913B2080D172B3900601FE9 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C32C0AF0A4975F6002891BD /* Security.framework */; }; 791766DE0DD0162C00F3B974 /* SecCertificateRequest.h in Headers */ = {isa = PBXBuildFile; fileRef = 791766DD0DD0162C00F3B974 /* SecCertificateRequest.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 7930B06A134A4864007062F8 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C32C0AF0A4975F6002891BD /* Security.framework */; }; 7940D4130C3ACF9000FDB5D8 /* SecDH.h in Headers */ = {isa = PBXBuildFile; fileRef = 7940D4110C3ACF9000FDB5D8 /* SecDH.h */; settings = {ATTRIBUTES = (Private, ); }; }; 7947431A146213DC00D638A3 /* Invalid-www.cybersecurity.my.crt in Copy DigiCertMalaysia Resources */ = {isa = PBXBuildFile; fileRef = 794743191462137C00D638A3 /* Invalid-www.cybersecurity.my.crt */; }; 7947431B146213EF00D638A3 /* Invalid-www.cybersecurity.my.crt in Copy DigicertMalaysia Resources */ = {isa = PBXBuildFile; fileRef = 794743191462137C00D638A3 /* Invalid-www.cybersecurity.my.crt */; }; @@ -750,15 +808,12 @@ 79679E2A146202A800CF997F /* Invalid-webmail.jaring.my.crt in Copy DigiCertMalaysia Resources */ = {isa = PBXBuildFile; fileRef = 79679E261462028800CF997F /* Invalid-webmail.jaring.my.crt */; }; 79679E2C146202CB00CF997F /* Digisign-Server-ID-Enrich-Entrust-Cert.crt in Copy DigicertMalaysia Resources */ = {isa = PBXBuildFile; fileRef = 79679E251462028800CF997F /* Digisign-Server-ID-Enrich-Entrust-Cert.crt */; }; 79679E2D146202CB00CF997F /* Invalid-webmail.jaring.my.crt in Copy DigicertMalaysia Resources */ = {isa = PBXBuildFile; fileRef = 79679E261462028800CF997F /* Invalid-webmail.jaring.my.crt */; }; - 79863B710CADCEAB00818B0D /* com.apple.securityd.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = 79863B700CADCEAB00818B0D /* com.apple.securityd.plist */; }; - 79863B960CADD21700818B0D /* securityd_server.h in Headers */ = {isa = PBXBuildFile; fileRef = 79863B940CADD21700818B0D /* securityd_server.h */; }; 79BDD3C20D60DB84000D84D3 /* SecCMS.h in Headers */ = {isa = PBXBuildFile; fileRef = 79BDD3C00D60DB84000D84D3 /* SecCMS.h */; settings = {ATTRIBUTES = (Private, ); }; }; 79EF5B6E0D3D6A31009F5270 /* SecImportExport.h in Headers */ = {isa = PBXBuildFile; fileRef = 79EF5B6C0D3D6A31009F5270 /* SecImportExport.h */; settings = {ATTRIBUTES = (Public, ); }; }; 79EF5B730D3D6AFE009F5270 /* p12import.h in Headers */ = {isa = PBXBuildFile; fileRef = 79EF5B720D3D6AFE009F5270 /* p12import.h */; }; 8E02FA6B1107BE460043545E /* pbkdf2.h in Headers */ = {isa = PBXBuildFile; fileRef = 8E02FA691107BE460043545E /* pbkdf2.h */; settings = {ATTRIBUTES = (Private, ); }; }; 8ED6F6CA110904E300D2B368 /* SecPBKDF.h in Headers */ = {isa = PBXBuildFile; fileRef = 8ED6F6C8110904E300D2B368 /* SecPBKDF.h */; settings = {ATTRIBUTES = (Private, ); }; }; - 9468B9481AF2B60900042383 /* SOSBackupSliceKeyBag.h in Copy SecureObjectSync Headers */ = {isa = PBXBuildFile; fileRef = 9468B9471AF2B60800042383 /* SOSBackupSliceKeyBag.h */; }; - 9468B96E1AF2B93300042383 /* SOSViews.h in Copy SecureObjectSync Headers */ = {isa = PBXBuildFile; fileRef = 9468B96D1AF2B93300042383 /* SOSViews.h */; }; + 8EECC6601DAC699900972D50 /* MobileKeyBag.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FC30AB1332DE9000802946 /* MobileKeyBag.framework */; }; BE061FE11899ECEE00C739F6 /* SecSharedCredential.h in Headers */ = {isa = PBXBuildFile; fileRef = BE061FE01899ECEE00C739F6 /* SecSharedCredential.h */; settings = {ATTRIBUTES = (Public, ); }; }; BE197F2C19116FD100BA91D1 /* InfoPlist.strings in Resources */ = {isa = PBXBuildFile; fileRef = BE197F2A19116FD100BA91D1 /* InfoPlist.strings */; }; BE197F2E19116FD100BA91D1 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = BE197F2D19116FD100BA91D1 /* main.m */; }; @@ -768,9 +823,9 @@ BE197F5E191173A800BA91D1 /* SWCViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = BE197F5D191173A800BA91D1 /* SWCViewController.m */; }; BE197F61191173F200BA91D1 /* entitlements.plist in Resources */ = {isa = PBXBuildFile; fileRef = BE197F60191173F200BA91D1 /* entitlements.plist */; }; BE25C41618B83491003320E0 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; - BE2D511D1917739F0093C265 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; + BE405EE21DC2F10E00E227B1 /* libz.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = BE8ABDD71DC2DD9100EC2D58 /* libz.dylib */; }; + BE405EE31DC2F11E00E227B1 /* libz.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = BE8ABDD71DC2DD9100EC2D58 /* libz.dylib */; }; BE442BAE18B7FDB800F24DAE /* libMobileGestalt.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = E7D690911652E06A0079537A /* libMobileGestalt.dylib */; }; - BE442BB218B7FDB800F24DAE /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; BE442BB318B7FDB800F24DAE /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C32C0AF0A4975F6002891BD /* Security.framework */; }; BE442BB418B7FDB800F24DAE /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E71F3E3016EA69A900FAF9B4 /* SystemConfiguration.framework */; }; BE442BB618B7FDB800F24DAE /* CFNetwork.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CF730310EF9CDE300E17471 /* CFNetwork.framework */; }; @@ -779,42 +834,3043 @@ BE442BB918B7FDB800F24DAE /* libbsm.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 107227350D91FE89003CF14F /* libbsm.dylib */; }; BE4AC9A218B7FFAD00B84964 /* swcagent.m in Sources */ = {isa = PBXBuildFile; fileRef = BE4AC9A118B7FFAD00B84964 /* swcagent.m */; }; BE4AC9AE18B7FFC800B84964 /* com.apple.security.swcagent.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = BE4AC9AD18B7FFC800B84964 /* com.apple.security.swcagent.plist */; }; - BE4AC9B718B80CFF00B84964 /* libSWCAgent.a in Frameworks */ = {isa = PBXBuildFile; fileRef = BE442B9B18B7FD6700F24DAE /* libSWCAgent.a */; }; BE4AC9BA18B8273600B84964 /* SharedWebCredentials.strings in Resources */ = {isa = PBXBuildFile; fileRef = BE4AC9B818B8273600B84964 /* SharedWebCredentials.strings */; }; - BE5EC1E318C7F66D005E7682 /* libSWCAgent.a in Frameworks */ = {isa = PBXBuildFile; fileRef = BE442B9B18B7FD6700F24DAE /* libSWCAgent.a */; }; + BE6D96B71DB14B65001B76D4 /* cnnic_certs.h in Headers */ = {isa = PBXBuildFile; fileRef = BE6D96B41DB14B65001B76D4 /* cnnic_certs.h */; }; + BE6D96B81DB14B65001B76D4 /* date_testing_certs.h in Headers */ = {isa = PBXBuildFile; fileRef = BE6D96B51DB14B65001B76D4 /* date_testing_certs.h */; }; + BE6D96B91DB14B65001B76D4 /* wosign_certs.h in Headers */ = {isa = PBXBuildFile; fileRef = BE6D96B61DB14B65001B76D4 /* wosign_certs.h */; }; + BE6D96BB1DB14B9F001B76D4 /* si-84-sectrust-allowlist.m in Sources */ = {isa = PBXBuildFile; fileRef = BE6D96BA1DB14B9F001B76D4 /* si-84-sectrust-allowlist.m */; }; BE759DCB1917E38D00801E02 /* CoreGraphics.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE451314471B000DE34E /* CoreGraphics.framework */; }; - BEF8AFF719176B0C00F80109 /* libsecurityd.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18F7F66514D77DF700F88A12 /* libsecurityd.a */; }; - BEF8AFF819176B1400F80109 /* libSWCAgent.a in Frameworks */ = {isa = PBXBuildFile; fileRef = BE442B9B18B7FD6700F24DAE /* libSWCAgent.a */; }; - CD045E471A83F8C7005FA0AC /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; + BE8ABDD81DC2DD9100EC2D58 /* libz.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = BE8ABDD71DC2DD9100EC2D58 /* libz.dylib */; }; + BEE523D61DA610F500DD0AA3 /* SecRevocationDb.c in Sources */ = {isa = PBXBuildFile; fileRef = BEE523CF1DA610D800DD0AA3 /* SecRevocationDb.c */; }; + BEE523D71DACA97600DD0AA3 /* libz.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789221D7799A600B50D50 /* libz.dylib */; }; + BEE523D91DACAA2500DD0AA3 /* libz.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789221D7799A600B50D50 /* libz.dylib */; }; + BEE523DA1DACAA5700DD0AA3 /* libz.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789221D7799A600B50D50 /* libz.dylib */; }; + BEE523DB1DACAA8C00DD0AA3 /* libz.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789221D7799A600B50D50 /* libz.dylib */; }; + BEE523DC1DACAA9200DD0AA3 /* libz.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789221D7799A600B50D50 /* libz.dylib */; }; + BEE523DD1DACAA9800DD0AA3 /* libz.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789221D7799A600B50D50 /* libz.dylib */; }; CD0637551A84060600C81E74 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 52D82BD316A5EADA0078DFE5 /* Security.framework */; }; CD0637561A84065F00C81E74 /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CBCE5A90BE7F69100FF81F5 /* IOKit.framework */; }; CD0637571A84068F00C81E74 /* IDS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD744683195A00BB00FB01C0 /* IDS.framework */; }; + CD23B49E1DA06EB40047EDE9 /* IDSPersistentState.m in Sources */ = {isa = PBXBuildFile; fileRef = CD23B4931DA06EB30047EDE9 /* IDSPersistentState.m */; }; + CD23B4A01DA06EB40047EDE9 /* IDSProxy.m in Sources */ = {isa = PBXBuildFile; fileRef = CD23B4951DA06EB30047EDE9 /* IDSProxy.m */; }; + CD23B4A11DA06EB40047EDE9 /* keychainsyncingoveridsproxy.m in Sources */ = {isa = PBXBuildFile; fileRef = CD23B4961DA06EB30047EDE9 /* keychainsyncingoveridsproxy.m */; }; + CD23B4A31DA06EB40047EDE9 /* KeychainSyncingOverIDSProxy+ReceiveMessage.m in Sources */ = {isa = PBXBuildFile; fileRef = CD23B4981DA06EB30047EDE9 /* KeychainSyncingOverIDSProxy+ReceiveMessage.m */; }; + CD23B4A51DA06EB40047EDE9 /* KeychainSyncingOverIDSProxy+SendMessage.m in Sources */ = {isa = PBXBuildFile; fileRef = CD23B49A1DA06EB40047EDE9 /* KeychainSyncingOverIDSProxy+SendMessage.m */; }; + CD23B4A71DA06EB40047EDE9 /* KeychainSyncingOverIDSProxy+Throttle.m in Sources */ = {isa = PBXBuildFile; fileRef = CD23B49C1DA06EB40047EDE9 /* KeychainSyncingOverIDSProxy+Throttle.m */; }; CD276C281A83F60C003226BC /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; - CD4F44211B546A7E00FE3569 /* SOSPeerInfoV2.h in Copy SecureObjectSync Headers */ = {isa = PBXBuildFile; fileRef = CD4F44201B546A7E00FE3569 /* SOSPeerInfoV2.h */; }; - CD8B5AC61B618F1B004D4AEF /* SOSPeerInfoPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = CD8B5AC51B618F1B004D4AEF /* SOSPeerInfoPriv.h */; }; + CD31F89E1DCE86D600414B46 /* Accounts.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CF4C19C171E0EA600877419 /* Accounts.framework */; }; + CD51245E1DA1C67000962524 /* com.apple.private.alloy.keychainsync.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = CD23B4A81DA06ED10047EDE9 /* com.apple.private.alloy.keychainsync.plist */; }; CDB9FCAB179CD098000AAD66 /* Info.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = CDB9FCA9179CC757000AAD66 /* Info.plist */; }; CDDE9BD11729ABFA0013B0E8 /* SecPasswordGenerate.h in Headers */ = {isa = PBXBuildFile; fileRef = CDDE9BC31729AB910013B0E8 /* SecPasswordGenerate.h */; settings = {ATTRIBUTES = (Private, ); }; }; - CDF91EF31AAE024A00E88CF7 /* com.apple.private.alloy.keychainsync.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = CDF91EF11AAE023800E88CF7 /* com.apple.private.alloy.keychainsync.plist */; }; - D40771E91C9B518F0016AA66 /* libSharedRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = D40771E21C9B51830016AA66 /* libSharedRegressions.a */; }; - D40771EE1C9B51ED0016AA66 /* libSharedRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = D40771E21C9B51830016AA66 /* libSharedRegressions.a */; }; + D425EC1D1DD3C3CF00DE5DEC /* SecInternalRelease.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC761D8C68CF00070CB0 /* SecInternalRelease.c */; }; + D425EC231DD3FFF200DE5DEC /* SecInternalRelease.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC761D8C68CF00070CB0 /* SecInternalRelease.c */; }; + D42CDC351DC12FE90090E2C9 /* si-66-smime.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DEB1D8085FC00865A7C /* si-66-smime.c */; }; D447C4101D3094740082FC1D /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C32C0AF0A4975F6002891BD /* Security.framework */; }; - D447C4DA1D31C8280082FC1D /* libsecurity.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18F7F66314D77DF700F88A12 /* libsecurity.a */; }; - D447C4E81D31CA720082FC1D /* libCMS.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 79BDD39F0D60D5F9000D84D3 /* libCMS.a */; }; - D453BA341C8E797A00E4D91F /* libDER.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C8786AD0B03E05E00BB77D4 /* libDER.a */; }; - D453BA551C8E799100E4D91F /* libDER.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C8786AD0B03E05E00BB77D4 /* libDER.a */; }; - D45D1A471B3A293E00C63E16 /* oids.h in Headers */ = {isa = PBXBuildFile; fileRef = D45D1A461B3A293E00C63E16 /* oids.h */; settings = {ATTRIBUTES = (Private, ); }; }; + D45917E41DC13E6700752D25 /* SecCertificateRequest.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E3E1D8085FC00865A7C /* SecCertificateRequest.c */; }; + D46F315A1E00A27D0065B550 /* SecTrustLoggingServer.c in Sources */ = {isa = PBXBuildFile; fileRef = D46F31581E00A27D0065B550 /* SecTrustLoggingServer.c */; }; + D46F315B1E00A27D0065B550 /* SecTrustLoggingServer.h in Headers */ = {isa = PBXBuildFile; fileRef = D46F31591E00A27D0065B550 /* SecTrustLoggingServer.h */; }; + D46F31631E00CCD20065B550 /* SecCertificateSource.c in Sources */ = {isa = PBXBuildFile; fileRef = D46F31611E00CCD20065B550 /* SecCertificateSource.c */; }; + D46F31641E00CCD20065B550 /* SecCertificateSource.h in Headers */ = {isa = PBXBuildFile; fileRef = D46F31621E00CCD20065B550 /* SecCertificateSource.h */; }; D47F514C1C3B812500A7CEFE /* SecCFAllocator.h in Headers */ = {isa = PBXBuildFile; fileRef = D47F514B1C3B812500A7CEFE /* SecCFAllocator.h */; settings = {ATTRIBUTES = (Private, ); }; }; + D487B9821DFA28DB000410A1 /* SecInternalReleasePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC771D8C68CF00070CB0 /* SecInternalReleasePriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + D487B9881DFA2902000410A1 /* SecInternalReleasePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC771D8C68CF00070CB0 /* SecInternalReleasePriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + D487FBB81DB8357300D4BB0B /* si-29-sectrust-sha1-deprecation.m in Sources */ = {isa = PBXBuildFile; fileRef = D487FBB71DB8357300D4BB0B /* si-29-sectrust-sha1-deprecation.m */; }; + D487FBBA1DB835B500D4BB0B /* si-29-sectrust-sha1-deprecation.h in Headers */ = {isa = PBXBuildFile; fileRef = D487FBB91DB835B500D4BB0B /* si-29-sectrust-sha1-deprecation.h */; }; + D48E4E241E42F0620011B4BA /* si-62-csr.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DDA1D8085FC00865A7C /* si-62-csr.c */; }; D4AA9D121C3B1B1900A5640C /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C32C0AF0A4975F6002891BD /* Security.framework */; }; D4B858671D370D9A003B2D95 /* MobileCoreServices.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = D4B858661D370D9A003B2D95 /* MobileCoreServices.framework */; }; + D4D718351E04A721000AE7A6 /* spbkdf-01-hmac-sha256.c in Sources */ = {isa = PBXBuildFile; fileRef = D4D718341E04A721000AE7A6 /* spbkdf-01-hmac-sha256.c */; }; D4D886BF1CEB9F3B00DC7583 /* ssl-policy-certs in Resources */ = {isa = PBXBuildFile; fileRef = D4D886BE1CEB9F3B00DC7583 /* ssl-policy-certs */; }; D4D886C01CEB9F7200DC7583 /* ssl-policy-certs in Resources */ = {isa = PBXBuildFile; fileRef = D4D886BE1CEB9F3B00DC7583 /* ssl-policy-certs */; }; D4D886E91CEBDD2A00DC7583 /* nist-certs in Resources */ = {isa = PBXBuildFile; fileRef = D4D886E81CEBDD2A00DC7583 /* nist-certs */; }; D4D886EA1CEBDE0800DC7583 /* nist-certs in Resources */ = {isa = PBXBuildFile; fileRef = D4D886E81CEBDD2A00DC7583 /* nist-certs */; }; D4EC94FB1CEA482D0083E753 /* si-20-sectrust-policies-data in Resources */ = {isa = PBXBuildFile; fileRef = D4EC94FA1CEA482D0083E753 /* si-20-sectrust-policies-data */; }; D4EC94FE1CEA48760083E753 /* si-20-sectrust-policies-data in Resources */ = {isa = PBXBuildFile; fileRef = D4EC94FA1CEA482D0083E753 /* si-20-sectrust-policies-data */; }; - E7104A07169E03CE00DB0045 /* libSecurityTool.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E7104A06169E038F00DB0045 /* libSecurityTool.a */; }; + DC0067C11D87879D005AF8DB /* ucspServer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC6A82811D87734600418608 /* ucspServer.cpp */; }; + DC0067C21D8787A4005AF8DB /* ucspNotifyReceiver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC6A82831D87734600418608 /* ucspNotifyReceiver.cpp */; }; + DC0067D11D8788B7005AF8DB /* ucspClientC.c in Sources */ = {isa = PBXBuildFile; fileRef = DC6A82801D87734600418608 /* ucspClientC.c */; }; + DC00AB611D821BE600513D74 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8C61D80C25800B0A59C /* libSecureObjectSync.a */; }; + DC00AB621D821BEC00513D74 /* libsecipc_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8BA1D80C1EB00B0A59C /* libsecipc_client.a */; }; + DC00AB631D821BEF00513D74 /* libsecurity.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCC78EA91D8088E200865A7C /* libsecurity.a */; }; + DC00AB641D821BF300513D74 /* liblogging.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EC5C1D80D05200B0A59C /* liblogging.a */; }; + DC00AB6B1D821C1A00513D74 /* libSecTrustOSX.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCD66D731D8204A700DB1393 /* libSecTrustOSX.a */; }; + DC00AB6C1D821C1F00513D74 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8C61D80C25800B0A59C /* libSecureObjectSync.a */; }; + DC00AB6D1D821C2300513D74 /* liblogging.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EC5C1D80D05200B0A59C /* liblogging.a */; }; + DC00AB6E1D821C2700513D74 /* libsecipc_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8BA1D80C1EB00B0A59C /* libsecipc_client.a */; }; + DC00AB6F1D821C3400513D74 /* libSecItemShimOSX.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EE6E1D80D82600B0A59C /* libSecItemShimOSX.a */; }; + DC00AB701D821C3800513D74 /* libSecOtrOSX.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCD66DDB1D8205C400DB1393 /* libSecOtrOSX.a */; }; + DC00AB791D821C6700513D74 /* libsecipc_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8BA1D80C1EB00B0A59C /* libsecipc_client.a */; }; + DC00AB7A1D821C6B00513D74 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8C61D80C25800B0A59C /* libSecureObjectSync.a */; }; + DC00AB7B1D821C6E00513D74 /* libsecurity.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCC78EA91D8088E200865A7C /* libsecurity.a */; }; + DC00AB7C1D821C7100513D74 /* libsecurityd_ios.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E7C21D80BC8000B0A59C /* libsecurityd_ios.a */; }; + DC00AB811D821C9100513D74 /* libsecurityd_ios.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E7C21D80BC8000B0A59C /* libsecurityd_ios.a */; }; + DC00AB821D821C9500513D74 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8C61D80C25800B0A59C /* libSecureObjectSync.a */; }; + DC00AB831D821C9A00513D74 /* libSWCAgent.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EC4D1D80D00800B0A59C /* libSWCAgent.a */; }; + DC00AB8A1D821CB800513D74 /* libsecipc_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8BA1D80C1EB00B0A59C /* libsecipc_client.a */; }; + DC00AB8B1D821CBE00513D74 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8C61D80C25800B0A59C /* libSecureObjectSync.a */; }; + DC00AB8D1D821CC500513D74 /* libsecurityd_ios.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E7C21D80BC8000B0A59C /* libsecurityd_ios.a */; }; + DC00AB8E1D821D4900513D74 /* libSOSCommands.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EC341D80CFB200B0A59C /* libSOSCommands.a */; }; + DC00AB8F1D821D4D00513D74 /* libSecurityTool.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EA4C1D80CB7000B0A59C /* libSecurityTool.a */; }; + DC00AB901D821D5600513D74 /* libSecurityCommands.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EBD51D80CEF100B0A59C /* libSecurityCommands.a */; }; + DC00AB971D821D7100513D74 /* libSOSCommands.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EC341D80CFB200B0A59C /* libSOSCommands.a */; }; + DC00AB981D821D7400513D74 /* libSecurityTool.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EA4C1D80CB7000B0A59C /* libSecurityTool.a */; }; + DC00AB991D821D7700513D74 /* libSecurityCommands.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EBD51D80CEF100B0A59C /* libSecurityCommands.a */; }; + DC00AB9A1D821D8800513D74 /* libSWCAgent.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EC4D1D80D00800B0A59C /* libSWCAgent.a */; }; + DC00AB9B1D821D9F00513D74 /* libSWCAgent.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EC4D1D80D00800B0A59C /* libSWCAgent.a */; }; + DC00AB9C1D821DA400513D74 /* libsecurityd_ios.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E7C21D80BC8000B0A59C /* libsecurityd_ios.a */; }; + DC00ABA51D821DCD00513D74 /* libsecurity.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCC78EA91D8088E200865A7C /* libsecurity.a */; }; + DC00ABA61D821DD000513D74 /* libsecurityd_ios.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E7C21D80BC8000B0A59C /* libsecurityd_ios.a */; }; + DC00ABA71D821DD300513D74 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8C61D80C25800B0A59C /* libSecureObjectSync.a */; }; + DC00ABA81D821DD900513D74 /* libsecipc_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8BA1D80C1EB00B0A59C /* libsecipc_client.a */; }; + DC00ABB31D821E0400513D74 /* libSharedRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EE411D80D6DD00B0A59C /* libSharedRegressions.a */; }; + DC00ABB41D821E0700513D74 /* libsecurityd_ios.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E7C21D80BC8000B0A59C /* libsecurityd_ios.a */; }; + DC00ABB51D821E0B00513D74 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8C61D80C25800B0A59C /* libSecureObjectSync.a */; }; + DC00ABB71D821E2F00513D74 /* libiOSSecurityRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EC971D80D1A800B0A59C /* libiOSSecurityRegressions.a */; }; + DC00ABB81D821E3300513D74 /* libiOSsecuritydRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52ED9D1D80D4CD00B0A59C /* libiOSsecuritydRegressions.a */; }; + DC00ABB91D821E3A00513D74 /* libSOSRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EC681D80D0C400B0A59C /* libSOSRegressions.a */; }; + DC00ABC01D821EBE00513D74 /* libSharedRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EE411D80D6DD00B0A59C /* libSharedRegressions.a */; }; + DC00ABC11D821EC300513D74 /* libsecurityd_ios.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E7C21D80BC8000B0A59C /* libsecurityd_ios.a */; }; + DC00ABC21D821EC600513D74 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8C61D80C25800B0A59C /* libSecureObjectSync.a */; }; + DC00ABC41D821ED900513D74 /* libiOSSecurityRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EC971D80D1A800B0A59C /* libiOSSecurityRegressions.a */; }; + DC00ABC51D821EDC00513D74 /* libiOSsecuritydRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52ED9D1D80D4CD00B0A59C /* libiOSsecuritydRegressions.a */; }; + DC00ABC61D821EE500513D74 /* libSOSRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EC681D80D0C400B0A59C /* libSOSRegressions.a */; }; + DC00ABC71D821EF400513D74 /* libSharedRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EE411D80D6DD00B0A59C /* libSharedRegressions.a */; }; + DC00ABCC1D821F0B00513D74 /* libsecurityd_ios.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E7C21D80BC8000B0A59C /* libsecurityd_ios.a */; }; + DC00ABCD1D821F0D00513D74 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8C61D80C25800B0A59C /* libSecureObjectSync.a */; }; + DC00ABD61D821F3200513D74 /* libsecipc_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8BA1D80C1EB00B0A59C /* libsecipc_client.a */; }; + DC00ABD71D821F3F00513D74 /* libsecurity.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCC78EA91D8088E200865A7C /* libsecurity.a */; }; + DC00ABD81D821F4300513D74 /* libsecdRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EDB11D80D58400B0A59C /* libsecdRegressions.a */; }; + DC00ABD91D821F4700513D74 /* libsecurityd_ios.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E7C21D80BC8000B0A59C /* libsecurityd_ios.a */; }; + DC00ABDA1D821F4A00513D74 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8C61D80C25800B0A59C /* libSecureObjectSync.a */; }; + DC00ABE51D821F7200513D74 /* libsecipc_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8BA1D80C1EB00B0A59C /* libsecipc_client.a */; }; + DC00ABE61D821F7700513D74 /* libsecdRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EDB11D80D58400B0A59C /* libsecdRegressions.a */; }; + DC00ABE71D821F7A00513D74 /* libsecurity.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCC78EA91D8088E200865A7C /* libsecurity.a */; }; + DC00ABE81D821F7D00513D74 /* libsecurityd_ios.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E7C21D80BC8000B0A59C /* libsecurityd_ios.a */; }; + DC00ABE91D821F8000513D74 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8C61D80C25800B0A59C /* libSecureObjectSync.a */; }; + DC00ABEC1D821FA600513D74 /* libSecurityTool.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EA4C1D80CB7000B0A59C /* libSecurityTool.a */; }; + DC00ABF11D821FC400513D74 /* libsecurityd_ios.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E7C21D80BC8000B0A59C /* libsecurityd_ios.a */; }; + DC00ABF21D821FC800513D74 /* libSOSRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EC681D80D0C400B0A59C /* libSOSRegressions.a */; }; + DC00ABF31D821FCD00513D74 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8C61D80C25800B0A59C /* libSecureObjectSync.a */; }; + DC0B62281D90974300D43BCB /* si-25-cms-skid.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0B62261D90973900D43BCB /* si-25-cms-skid.h */; }; + DC0B62291D90974600D43BCB /* si-25-cms-skid.m in Sources */ = {isa = PBXBuildFile; fileRef = DC0B62271D90973900D43BCB /* si-25-cms-skid.m */; }; + DC0B622A1D9097C600D43BCB /* libsecurity_cms_regressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1002CB1D8E19D70025549C /* libsecurity_cms_regressions.a */; }; + DC0B622C1D90982C00D43BCB /* secd-201-coders.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0B622B1D90982100D43BCB /* secd-201-coders.c */; }; + DC0B622F1D909C4600D43BCB /* MainMenu.xib in Resources */ = {isa = PBXBuildFile; fileRef = DC0B622D1D909C4600D43BCB /* MainMenu.xib */; }; + DC0B62301D909C4600D43BCB /* MainMenu.xib in Resources */ = {isa = PBXBuildFile; fileRef = DC0B622D1D909C4600D43BCB /* MainMenu.xib */; }; + DC0BC55C1D8B6D2E00070CB0 /* XPCKeychainSandboxCheck.xpc in Embed XPC Services */ = {isa = PBXBuildFile; fileRef = DC0BC5511D8B6D2D00070CB0 /* XPCKeychainSandboxCheck.xpc */; settings = {ATTRIBUTES = (RemoveHeadersOnCopy, ); }; }; + DC0BC5611D8B6D6000070CB0 /* main.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC5461D8B6AFE00070CB0 /* main.c */; }; + DC0BC5621D8B6D7000070CB0 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789241D7799CD00B50D50 /* CoreFoundation.framework */; }; + DC0BC5671D8B6E3D00070CB0 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789241D7799CD00B50D50 /* CoreFoundation.framework */; }; + DC0BC5741D8B6E7700070CB0 /* main-tsa.m in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC5701D8B6E7700070CB0 /* main-tsa.m */; }; + DC0BC5751D8B6E7700070CB0 /* timestampclient.m in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC5721D8B6E7700070CB0 /* timestampclient.m */; }; + DC0BC5761D8B6E9300070CB0 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; + DC0BC5771D8B6EC300070CB0 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789041D77980500B50D50 /* Security.framework */; }; + DC0BC57A1D8B6EF500070CB0 /* XPCTimeStampingService.xpc in Embed XPC Services */ = {isa = PBXBuildFile; fileRef = DC0BC56C1D8B6E3D00070CB0 /* XPCTimeStampingService.xpc */; settings = {ATTRIBUTES = (RemoveHeadersOnCopy, ); }; }; + DC0BC57B1D8B6FF100070CB0 /* SecFDERecoveryAsymmetricCrypto.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17872A1D77903700B50D50 /* SecFDERecoveryAsymmetricCrypto.h */; }; + DC0BC57C1D8B700A00070CB0 /* AuthSession.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785201D7789AF00B50D50 /* AuthSession.h */; }; + DC0BC57D1D8B701B00070CB0 /* Authorization.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17851C1D7789AF00B50D50 /* Authorization.h */; }; + DC0BC57E1D8B702600070CB0 /* AuthorizationDB.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17851D1D7789AF00B50D50 /* AuthorizationDB.h */; }; + DC0BC57F1D8B703100070CB0 /* AuthorizationPlugin.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17851E1D7789AF00B50D50 /* AuthorizationPlugin.h */; }; + DC0BC5801D8B703C00070CB0 /* AuthorizationPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17875D1D7790E500B50D50 /* AuthorizationPriv.h */; }; + DC0BC5811D8B704700070CB0 /* AuthorizationTags.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17851F1D7789AF00B50D50 /* AuthorizationTags.h */; }; + DC0BC5821D8B705600070CB0 /* AuthorizationTagsPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17875E1D7790E500B50D50 /* AuthorizationTagsPriv.h */; }; + DC0BC5831D8B709F00070CB0 /* authutilities.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8A51D7F353900AFB96E /* authutilities.c */; }; + DC0BC59E1D8B711000070CB0 /* cuCdsaUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC58D1D8B711000070CB0 /* cuCdsaUtils.cpp */; }; + DC0BC59F1D8B711000070CB0 /* cuCdsaUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC58E1D8B711000070CB0 /* cuCdsaUtils.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC0BC5A01D8B711000070CB0 /* cuDbUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC58F1D8B711000070CB0 /* cuDbUtils.cpp */; }; + DC0BC5A11D8B711000070CB0 /* cuDbUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC5901D8B711000070CB0 /* cuDbUtils.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC0BC5A21D8B711000070CB0 /* cuEnc64.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC5911D8B711000070CB0 /* cuEnc64.c */; }; + DC0BC5A31D8B711000070CB0 /* cuEnc64.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC5921D8B711000070CB0 /* cuEnc64.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC0BC5A41D8B711000070CB0 /* cuFileIo.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC5931D8B711000070CB0 /* cuFileIo.c */; }; + DC0BC5A51D8B711000070CB0 /* cuFileIo.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC5941D8B711000070CB0 /* cuFileIo.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC0BC5A61D8B711000070CB0 /* cuOidParser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC5951D8B711000070CB0 /* cuOidParser.cpp */; }; + DC0BC5A71D8B711000070CB0 /* cuOidParser.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC5961D8B711000070CB0 /* cuOidParser.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC0BC5A81D8B711000070CB0 /* cuPem.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC5971D8B711000070CB0 /* cuPem.cpp */; }; + DC0BC5A91D8B711000070CB0 /* cuPem.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC5981D8B711000070CB0 /* cuPem.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC0BC5AA1D8B711000070CB0 /* cuPrintCert.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC5991D8B711000070CB0 /* cuPrintCert.cpp */; }; + DC0BC5AB1D8B711000070CB0 /* cuPrintCert.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC59A1D8B711000070CB0 /* cuPrintCert.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC0BC5AC1D8B711000070CB0 /* cuTimeStr.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC59B1D8B711000070CB0 /* cuTimeStr.cpp */; }; + DC0BC5AD1D8B711000070CB0 /* cuTimeStr.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC59C1D8B711000070CB0 /* cuTimeStr.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC0BC5BC1D8B723500070CB0 /* checkpw.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC5B91D8B723500070CB0 /* checkpw.c */; }; + DC0BC5BD1D8B723500070CB0 /* checkpw.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC5BA1D8B723500070CB0 /* checkpw.h */; }; + DC0BC5CF1D8B730D00070CB0 /* test-checkpw.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC5CE1D8B730D00070CB0 /* test-checkpw.c */; }; + DC0BC5D31D8B732D00070CB0 /* libpam.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC17891C1D77999700B50D50 /* libpam.dylib */; }; + DC0BC5D41D8B733500070CB0 /* libsecurity_checkpw.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BC5B71D8B71FD00070CB0 /* libsecurity_checkpw.a */; }; + DC0BC5D91D8B73B000070CB0 /* test-checkpw.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC5CE1D8B730D00070CB0 /* test-checkpw.c */; }; + DC0BC5DB1D8B73B000070CB0 /* libsecurity_checkpw.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BC5B71D8B71FD00070CB0 /* libsecurity_checkpw.a */; }; + DC0BC5DC1D8B73B000070CB0 /* libpam.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC17891C1D77999700B50D50 /* libpam.dylib */; }; + DC0BC5F11D8B745700070CB0 /* comcryption.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC5EB1D8B745700070CB0 /* comcryption.c */; }; + DC0BC5F21D8B745700070CB0 /* comcryption.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC5EC1D8B745700070CB0 /* comcryption.h */; }; + DC0BC5F31D8B745700070CB0 /* comcryptPriv.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC5ED1D8B745700070CB0 /* comcryptPriv.c */; }; + DC0BC5F41D8B745700070CB0 /* comcryptPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC5EE1D8B745700070CB0 /* comcryptPriv.h */; }; + DC0BC5F51D8B745700070CB0 /* comDebug.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC5EF1D8B745700070CB0 /* comDebug.h */; }; + DC0BC6511D8B755200070CB0 /* byteRep.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC6031D8B755200070CB0 /* byteRep.c */; }; + DC0BC6521D8B755200070CB0 /* byteRep.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6041D8B755200070CB0 /* byteRep.h */; }; + DC0BC6541D8B755200070CB0 /* CipherFileDES.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6061D8B755200070CB0 /* CipherFileDES.h */; }; + DC0BC6561D8B755200070CB0 /* CipherFileFEED.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6081D8B755200070CB0 /* CipherFileFEED.h */; }; + DC0BC6571D8B755200070CB0 /* CipherFileTypes.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6091D8B755200070CB0 /* CipherFileTypes.h */; }; + DC0BC6581D8B755200070CB0 /* ckconfig.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC60A1D8B755200070CB0 /* ckconfig.h */; }; + DC0BC65A1D8B755200070CB0 /* ckDES.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC60C1D8B755200070CB0 /* ckDES.h */; }; + DC0BC65C1D8B755200070CB0 /* ckMD5.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC60E1D8B755200070CB0 /* ckMD5.h */; }; + DC0BC65D1D8B755200070CB0 /* ckSHA1.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC60F1D8B755200070CB0 /* ckSHA1.c */; }; + DC0BC65E1D8B755200070CB0 /* ckSHA1.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6101D8B755200070CB0 /* ckSHA1.h */; }; + DC0BC6601D8B755200070CB0 /* ckSHA1_priv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6121D8B755200070CB0 /* ckSHA1_priv.h */; }; + DC0BC6611D8B755200070CB0 /* ckutilities.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC6131D8B755200070CB0 /* ckutilities.c */; }; + DC0BC6621D8B755200070CB0 /* ckutilities.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6141D8B755200070CB0 /* ckutilities.h */; }; + DC0BC6631D8B755200070CB0 /* Crypt.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6151D8B755200070CB0 /* Crypt.h */; }; + DC0BC6641D8B755200070CB0 /* CryptKitSA.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6161D8B755200070CB0 /* CryptKitSA.h */; }; + DC0BC6651D8B755200070CB0 /* CryptKit.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6171D8B755200070CB0 /* CryptKit.h */; }; + DC0BC6661D8B755200070CB0 /* CryptKitAsn1.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC6181D8B755200070CB0 /* CryptKitAsn1.cpp */; }; + DC0BC6671D8B755200070CB0 /* CryptKitAsn1.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6191D8B755200070CB0 /* CryptKitAsn1.h */; }; + DC0BC6681D8B755200070CB0 /* CryptKitDER.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC61A1D8B755200070CB0 /* CryptKitDER.cpp */; }; + DC0BC6691D8B755200070CB0 /* CryptKitDER.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC61B1D8B755200070CB0 /* CryptKitDER.h */; }; + DC0BC66A1D8B755200070CB0 /* curveParamData.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC61C1D8B755200070CB0 /* curveParamData.h */; }; + DC0BC66B1D8B755200070CB0 /* curveParamDataOld.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC61D1D8B755200070CB0 /* curveParamDataOld.h */; }; + DC0BC66C1D8B755200070CB0 /* curveParams.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC61E1D8B755200070CB0 /* curveParams.c */; }; + DC0BC66D1D8B755200070CB0 /* curveParams.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC61F1D8B755200070CB0 /* curveParams.h */; }; + DC0BC66E1D8B755200070CB0 /* ECDSA_Profile.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6201D8B755200070CB0 /* ECDSA_Profile.h */; }; + DC0BC66F1D8B755200070CB0 /* ECDSA_Verify_Prefix.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6211D8B755200070CB0 /* ECDSA_Verify_Prefix.h */; }; + DC0BC6701D8B755200070CB0 /* elliptic.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC6221D8B755200070CB0 /* elliptic.c */; }; + DC0BC6711D8B755200070CB0 /* elliptic.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6231D8B755200070CB0 /* elliptic.h */; }; + DC0BC6721D8B755200070CB0 /* ellipticMeasure.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6241D8B755200070CB0 /* ellipticMeasure.h */; }; + DC0BC6731D8B755200070CB0 /* ellipticProj.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC6251D8B755200070CB0 /* ellipticProj.c */; }; + DC0BC6741D8B755200070CB0 /* ellipticProj.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6261D8B755200070CB0 /* ellipticProj.h */; }; + DC0BC6751D8B755200070CB0 /* enc64.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC6271D8B755200070CB0 /* enc64.c */; }; + DC0BC6761D8B755200070CB0 /* enc64.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6281D8B755200070CB0 /* enc64.h */; }; + DC0BC6771D8B755200070CB0 /* engineNSA127.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC6291D8B755200070CB0 /* engineNSA127.c */; }; + DC0BC6781D8B755200070CB0 /* falloc.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC62A1D8B755200070CB0 /* falloc.c */; }; + DC0BC6791D8B755200070CB0 /* falloc.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC62B1D8B755200070CB0 /* falloc.h */; }; + DC0BC67A1D8B755200070CB0 /* feeCipherFile.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC62C1D8B755200070CB0 /* feeCipherFile.h */; }; + DC0BC67B1D8B755200070CB0 /* feeDebug.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC62D1D8B755200070CB0 /* feeDebug.h */; }; + DC0BC67C1D8B755200070CB0 /* feeDES.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC62E1D8B755200070CB0 /* feeDES.c */; }; + DC0BC67D1D8B755200070CB0 /* feeDES.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC62F1D8B755200070CB0 /* feeDES.h */; }; + DC0BC67E1D8B755200070CB0 /* feeDigitalSignature.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC6301D8B755200070CB0 /* feeDigitalSignature.c */; }; + DC0BC67F1D8B755200070CB0 /* feeDigitalSignature.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6311D8B755200070CB0 /* feeDigitalSignature.h */; }; + DC0BC6801D8B755200070CB0 /* feeECDSA.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC6321D8B755200070CB0 /* feeECDSA.c */; }; + DC0BC6811D8B755200070CB0 /* feeECDSA.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6331D8B755200070CB0 /* feeECDSA.h */; }; + DC0BC6821D8B755200070CB0 /* feeFEED.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC6341D8B755200070CB0 /* feeFEED.c */; }; + DC0BC6831D8B755200070CB0 /* feeFEED.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6351D8B755200070CB0 /* feeFEED.h */; }; + DC0BC6841D8B755200070CB0 /* feeFEEDExp.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC6361D8B755200070CB0 /* feeFEEDExp.c */; }; + DC0BC6851D8B755200070CB0 /* feeFEEDExp.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6371D8B755200070CB0 /* feeFEEDExp.h */; }; + DC0BC6861D8B755200070CB0 /* feeFunctions.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6381D8B755200070CB0 /* feeFunctions.h */; }; + DC0BC6871D8B755200070CB0 /* feeHash.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC6391D8B755200070CB0 /* feeHash.c */; }; + DC0BC6881D8B755200070CB0 /* feeHash.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC63A1D8B755200070CB0 /* feeHash.h */; }; + DC0BC6891D8B755200070CB0 /* feePublicKey.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC63B1D8B755200070CB0 /* feePublicKey.c */; }; + DC0BC68A1D8B755200070CB0 /* feePublicKey.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC63C1D8B755200070CB0 /* feePublicKey.h */; }; + DC0BC68B1D8B755200070CB0 /* feePublicKeyPrivate.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC63D1D8B755200070CB0 /* feePublicKeyPrivate.h */; }; + DC0BC68C1D8B755200070CB0 /* feeRandom.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC63E1D8B755200070CB0 /* feeRandom.c */; }; + DC0BC68D1D8B755200070CB0 /* feeRandom.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC63F1D8B755200070CB0 /* feeRandom.h */; }; + DC0BC68E1D8B755200070CB0 /* feeTypes.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6401D8B755200070CB0 /* feeTypes.h */; }; + DC0BC68F1D8B755200070CB0 /* giantIntegers.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC6411D8B755200070CB0 /* giantIntegers.c */; }; + DC0BC6901D8B755200070CB0 /* giantIntegers.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6421D8B755200070CB0 /* giantIntegers.h */; }; + DC0BC6911D8B755200070CB0 /* giantPort_Generic.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6431D8B755200070CB0 /* giantPort_Generic.h */; }; + DC0BC6921D8B755200070CB0 /* giantPort_i486.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6441D8B755200070CB0 /* giantPort_i486.h */; }; + DC0BC6931D8B755200070CB0 /* giantPort_PPC.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC6451D8B755200070CB0 /* giantPort_PPC.c */; }; + DC0BC6941D8B755200070CB0 /* giantPort_PPC.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6461D8B755200070CB0 /* giantPort_PPC.h */; }; + DC0BC6951D8B755200070CB0 /* giantPort_PPC_Gnu.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6471D8B755200070CB0 /* giantPort_PPC_Gnu.h */; }; + DC0BC6961D8B755200070CB0 /* giantPort_PPC_Gnu.s in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC6481D8B755200070CB0 /* giantPort_PPC_Gnu.s */; }; + DC0BC6971D8B755200070CB0 /* giantPortCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC6491D8B755200070CB0 /* giantPortCommon.h */; }; + DC0BC6981D8B755200070CB0 /* HmacSha1Legacy.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC64A1D8B755200070CB0 /* HmacSha1Legacy.c */; }; + DC0BC6991D8B755200070CB0 /* HmacSha1Legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC64B1D8B755200070CB0 /* HmacSha1Legacy.h */; }; + DC0BC69A1D8B755200070CB0 /* platform.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC64C1D8B755200070CB0 /* platform.c */; }; + DC0BC69B1D8B755200070CB0 /* platform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC64D1D8B755200070CB0 /* platform.h */; }; + DC0BC79B1D8B773000070CB0 /* attachfactory.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC7651D8B773000070CB0 /* attachfactory.cpp */; }; + DC0BC79C1D8B773000070CB0 /* attachfactory.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC7661D8B773000070CB0 /* attachfactory.h */; }; + DC0BC79D1D8B773000070CB0 /* attachment.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC7671D8B773000070CB0 /* attachment.cpp */; }; + DC0BC79E1D8B773000070CB0 /* attachment.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC7681D8B773000070CB0 /* attachment.h */; }; + DC0BC79F1D8B773000070CB0 /* cspattachment.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC7691D8B773000070CB0 /* cspattachment.cpp */; }; + DC0BC7A01D8B773000070CB0 /* cspattachment.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC76A1D8B773000070CB0 /* cspattachment.h */; }; + DC0BC7A11D8B773000070CB0 /* cssm.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC76B1D8B773000070CB0 /* cssm.cpp */; }; + DC0BC7A21D8B773000070CB0 /* cssmcontext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC76C1D8B773000070CB0 /* cssmcontext.cpp */; }; + DC0BC7A31D8B773000070CB0 /* cssmcontext.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC76D1D8B773000070CB0 /* cssmcontext.h */; }; + DC0BC7A41D8B773000070CB0 /* cssmint.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC76E1D8B773000070CB0 /* cssmint.h */; }; + DC0BC7A51D8B773000070CB0 /* cssmmds.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC76F1D8B773000070CB0 /* cssmmds.cpp */; }; + DC0BC7A61D8B773000070CB0 /* cssmmds.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC7701D8B773000070CB0 /* cssmmds.h */; }; + DC0BC7A71D8B773000070CB0 /* guids.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC7741D8B773000070CB0 /* guids.cpp */; }; + DC0BC7A81D8B773000070CB0 /* manager.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC7751D8B773000070CB0 /* manager.cpp */; }; + DC0BC7A91D8B773000070CB0 /* manager.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC7761D8B773000070CB0 /* manager.h */; }; + DC0BC7AA1D8B773000070CB0 /* modload_plugin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC7771D8B773000070CB0 /* modload_plugin.cpp */; }; + DC0BC7AB1D8B773000070CB0 /* modload_plugin.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC7781D8B773000070CB0 /* modload_plugin.h */; }; + DC0BC7AC1D8B773000070CB0 /* modload_static.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC7791D8B773000070CB0 /* modload_static.cpp */; }; + DC0BC7AD1D8B773000070CB0 /* modload_static.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC77A1D8B773000070CB0 /* modload_static.h */; }; + DC0BC7AE1D8B773000070CB0 /* modloader.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC77B1D8B773000070CB0 /* modloader.cpp */; }; + DC0BC7AF1D8B773000070CB0 /* modloader.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC77C1D8B773000070CB0 /* modloader.h */; }; + DC0BC7B01D8B773000070CB0 /* module.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC77D1D8B773000070CB0 /* module.cpp */; }; + DC0BC7B11D8B773000070CB0 /* module.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC77E1D8B773000070CB0 /* module.h */; }; + DC0BC7B21D8B773000070CB0 /* oidsalg.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC77F1D8B773000070CB0 /* oidsalg.c */; }; + DC0BC7B31D8B773000070CB0 /* oidscert.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC7801D8B773000070CB0 /* oidscert.cpp */; }; + DC0BC7B41D8B773000070CB0 /* oidscrl.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC7811D8B773000070CB0 /* oidscrl.cpp */; }; + DC0BC7B51D8B773000070CB0 /* transition.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC7821D8B773000070CB0 /* transition.cpp */; }; + DC0BC7C91D8B7AFD00070CB0 /* certextensions.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C28BCD60986EBCB0020C665 /* certextensions.h */; }; + DC0BC7CA1D8B7B2D00070CB0 /* cssm.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785581D778B4A00B50D50 /* cssm.h */; }; + DC0BC7CB1D8B7B7F00070CB0 /* cssmapplePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787421D77906C00B50D50 /* cssmapplePriv.h */; }; + DC0BC7CC1D8B7B7F00070CB0 /* cssmaci.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785591D778B4A00B50D50 /* cssmaci.h */; }; + DC0BC7CD1D8B7B7F00070CB0 /* cssmapi.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17855A1D778B4A00B50D50 /* cssmapi.h */; }; + DC0BC7CE1D8B7B7F00070CB0 /* cssmcli.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17855B1D778B4A00B50D50 /* cssmcli.h */; }; + DC0BC7CF1D8B7B7F00070CB0 /* cssmconfig.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17855C1D778B4A00B50D50 /* cssmconfig.h */; }; + DC0BC7D01D8B7B7F00070CB0 /* cssmcspi.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17855D1D778B4A00B50D50 /* cssmcspi.h */; }; + DC0BC7D11D8B7B7F00070CB0 /* cssmdli.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17855E1D778B4A00B50D50 /* cssmdli.h */; }; + DC0BC7D21D8B7B7F00070CB0 /* cssmerr.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17855F1D778B4A00B50D50 /* cssmerr.h */; }; + DC0BC7D31D8B7B7F00070CB0 /* cssmkrapi.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785601D778B4A00B50D50 /* cssmkrapi.h */; }; + DC0BC7D41D8B7B7F00070CB0 /* cssmkrspi.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785611D778B4A00B50D50 /* cssmkrspi.h */; }; + DC0BC7D51D8B7B7F00070CB0 /* cssmspi.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785621D778B4A00B50D50 /* cssmspi.h */; }; + DC0BC7D61D8B7B7F00070CB0 /* cssmtpi.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785631D778B4A00B50D50 /* cssmtpi.h */; }; + DC0BC7D71D8B7B7F00070CB0 /* cssmtype.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785641D778B4A00B50D50 /* cssmtype.h */; }; + DC0BC7D81D8B7B7F00070CB0 /* eisl.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785651D778B4A00B50D50 /* eisl.h */; }; + DC0BC7D91D8B7B7F00070CB0 /* emmspi.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785661D778B4A00B50D50 /* emmspi.h */; }; + DC0BC7DA1D8B7B7F00070CB0 /* emmtype.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785671D778B4A00B50D50 /* emmtype.h */; }; + DC0BC7DB1D8B7B7F00070CB0 /* oidsbase.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785681D778B4A00B50D50 /* oidsbase.h */; }; + DC0BC7DC1D8B7B7F00070CB0 /* oidscert.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785691D778B4A00B50D50 /* oidscert.h */; }; + DC0BC7DD1D8B7B7F00070CB0 /* oidscrl.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17856A1D778B4A00B50D50 /* oidscrl.h */; }; + DC0BC7DE1D8B7B7F00070CB0 /* x509defs.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17856B1D778B4A00B50D50 /* x509defs.h */; }; + DC0BC7DF1D8B7BBA00070CB0 /* cssmapple.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785981D778C5300B50D50 /* cssmapple.h */; }; + DC0BC8B51D8B7CFF00070CB0 /* OverUnderflowCheck.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC8A11D8B7CFF00070CB0 /* OverUnderflowCheck.h */; }; + DC0BC8B61D8B7CFF00070CB0 /* AppleDatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC8A21D8B7CFF00070CB0 /* AppleDatabase.cpp */; }; + DC0BC8B71D8B7CFF00070CB0 /* AppleDatabase.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC8A31D8B7CFF00070CB0 /* AppleDatabase.h */; }; + DC0BC8B81D8B7CFF00070CB0 /* AtomicFile.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC8A41D8B7CFF00070CB0 /* AtomicFile.cpp */; }; + DC0BC8B91D8B7CFF00070CB0 /* AtomicFile.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC8A51D8B7CFF00070CB0 /* AtomicFile.h */; }; + DC0BC8BA1D8B7CFF00070CB0 /* DbIndex.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC8A61D8B7CFF00070CB0 /* DbIndex.cpp */; }; + DC0BC8BB1D8B7CFF00070CB0 /* DbIndex.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC8A71D8B7CFF00070CB0 /* DbIndex.h */; }; + DC0BC8BC1D8B7CFF00070CB0 /* DbQuery.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC8A81D8B7CFF00070CB0 /* DbQuery.cpp */; }; + DC0BC8BD1D8B7CFF00070CB0 /* DbQuery.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC8A91D8B7CFF00070CB0 /* DbQuery.h */; }; + DC0BC8BE1D8B7CFF00070CB0 /* DbValue.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC8AA1D8B7CFF00070CB0 /* DbValue.cpp */; }; + DC0BC8BF1D8B7CFF00070CB0 /* DbValue.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC8AB1D8B7CFF00070CB0 /* DbValue.h */; }; + DC0BC8C01D8B7CFF00070CB0 /* MetaAttribute.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC8AC1D8B7CFF00070CB0 /* MetaAttribute.cpp */; }; + DC0BC8C11D8B7CFF00070CB0 /* MetaAttribute.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC8AD1D8B7CFF00070CB0 /* MetaAttribute.h */; }; + DC0BC8C21D8B7CFF00070CB0 /* MetaRecord.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC8AE1D8B7CFF00070CB0 /* MetaRecord.cpp */; }; + DC0BC8C31D8B7CFF00070CB0 /* MetaRecord.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC8AF1D8B7CFF00070CB0 /* MetaRecord.h */; }; + DC0BC8C41D8B7CFF00070CB0 /* ReadWriteSection.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC8B01D8B7CFF00070CB0 /* ReadWriteSection.h */; }; + DC0BC8C51D8B7CFF00070CB0 /* SelectionPredicate.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC8B11D8B7CFF00070CB0 /* SelectionPredicate.cpp */; }; + DC0BC8C61D8B7CFF00070CB0 /* SelectionPredicate.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC8B21D8B7CFF00070CB0 /* SelectionPredicate.h */; }; + DC0BC8C71D8B7CFF00070CB0 /* ReadWriteSection.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC8B31D8B7CFF00070CB0 /* ReadWriteSection.cpp */; }; + DC0BC8E51D8B7DCF00070CB0 /* Download.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC8D41D8B7DCF00070CB0 /* Download.cpp */; }; + DC0BC8E61D8B7DCF00070CB0 /* Download.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC8D51D8B7DCF00070CB0 /* Download.h */; }; + DC0BC8E71D8B7DCF00070CB0 /* SecureDownload.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC8D61D8B7DCF00070CB0 /* SecureDownload.cpp */; }; + DC0BC8E81D8B7DCF00070CB0 /* SecureDownload.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC8D71D8B7DCF00070CB0 /* SecureDownload.h */; }; + DC0BC8E91D8B7DD000070CB0 /* SecureDownloadInternal.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC8D81D8B7DCF00070CB0 /* SecureDownloadInternal.c */; }; + DC0BC8EA1D8B7DD000070CB0 /* SecureDownloadInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC8D91D8B7DCF00070CB0 /* SecureDownloadInternal.h */; }; + DC0BC8EB1D8B7DD000070CB0 /* AppleManifest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC8DA1D8B7DCF00070CB0 /* AppleManifest.cpp */; }; + DC0BC8EC1D8B7DD000070CB0 /* AppleManifest.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC8DB1D8B7DCF00070CB0 /* AppleManifest.h */; }; + DC0BC8ED1D8B7DD000070CB0 /* ManifestInternal.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC8DC1D8B7DCF00070CB0 /* ManifestInternal.cpp */; }; + DC0BC8EE1D8B7DD000070CB0 /* ManifestInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC8DD1D8B7DCF00070CB0 /* ManifestInternal.h */; }; + DC0BC8EF1D8B7DD000070CB0 /* ManifestSigner.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC8DE1D8B7DCF00070CB0 /* ManifestSigner.cpp */; }; + DC0BC8F01D8B7DD000070CB0 /* ManifestSigner.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC8DF1D8B7DCF00070CB0 /* ManifestSigner.h */; }; + DC0BC8F11D8B7DD000070CB0 /* Manifest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC8E01D8B7DCF00070CB0 /* Manifest.cpp */; }; + DC0BC8F21D8B7DD000070CB0 /* Manifest.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC8E11D8B7DCF00070CB0 /* Manifest.h */; }; + DC0BC8F31D8B7DD000070CB0 /* SecManifest.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC8E21D8B7DCF00070CB0 /* SecManifest.h */; }; + DC0BC8F41D8B7DD000070CB0 /* SecManifest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC8E31D8B7DCF00070CB0 /* SecManifest.cpp */; }; + DC0BC9171D8B7EA700070CB0 /* mdsapi.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9021D8B7EA700070CB0 /* mdsapi.cpp */; }; + DC0BC9181D8B7EA700070CB0 /* MDSAttrParser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9031D8B7EA700070CB0 /* MDSAttrParser.cpp */; }; + DC0BC9191D8B7EA700070CB0 /* MDSAttrParser.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9041D8B7EA700070CB0 /* MDSAttrParser.h */; }; + DC0BC91A1D8B7EA700070CB0 /* MDSAttrStrings.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9051D8B7EA700070CB0 /* MDSAttrStrings.cpp */; }; + DC0BC91B1D8B7EA700070CB0 /* MDSAttrStrings.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9061D8B7EA700070CB0 /* MDSAttrStrings.h */; }; + DC0BC91C1D8B7EA700070CB0 /* MDSAttrUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9071D8B7EA700070CB0 /* MDSAttrUtils.cpp */; }; + DC0BC91D1D8B7EA700070CB0 /* MDSAttrUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9081D8B7EA700070CB0 /* MDSAttrUtils.h */; }; + DC0BC91E1D8B7EA700070CB0 /* MDSDatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9091D8B7EA700070CB0 /* MDSDatabase.cpp */; }; + DC0BC91F1D8B7EA700070CB0 /* MDSDatabase.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC90A1D8B7EA700070CB0 /* MDSDatabase.h */; }; + DC0BC9201D8B7EA700070CB0 /* MDSDictionary.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC90B1D8B7EA700070CB0 /* MDSDictionary.cpp */; }; + DC0BC9211D8B7EA700070CB0 /* MDSDictionary.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC90C1D8B7EA700070CB0 /* MDSDictionary.h */; }; + DC0BC9221D8B7EA700070CB0 /* MDSModule.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC90D1D8B7EA700070CB0 /* MDSModule.cpp */; }; + DC0BC9231D8B7EA700070CB0 /* MDSModule.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC90E1D8B7EA700070CB0 /* MDSModule.h */; }; + DC0BC9241D8B7EA700070CB0 /* MDSSchema.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC90F1D8B7EA700070CB0 /* MDSSchema.cpp */; }; + DC0BC9251D8B7EA700070CB0 /* MDSSchema.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9101D8B7EA700070CB0 /* MDSSchema.h */; }; + DC0BC9261D8B7EA700070CB0 /* MDSSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9111D8B7EA700070CB0 /* MDSSession.cpp */; }; + DC0BC9271D8B7EA700070CB0 /* MDSSession.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9121D8B7EA700070CB0 /* MDSSession.h */; }; + DC0BC9281D8B7EA700070CB0 /* mds_schema.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9131D8B7EA700070CB0 /* mds_schema.h */; }; + DC0BC9291D8B7EA700070CB0 /* mds.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9141D8B7EA700070CB0 /* mds.h */; }; + DC0BC92A1D8B7EA700070CB0 /* mdspriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9151D8B7EA700070CB0 /* mdspriv.h */; }; + DC0BC9421D8B7FA700070CB0 /* ocspdUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9371D8B7FA600070CB0 /* ocspdUtils.cpp */; }; + DC0BC9431D8B7FA700070CB0 /* ocspdUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9381D8B7FA600070CB0 /* ocspdUtils.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC0BC9441D8B7FA700070CB0 /* ocspdTypes.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9391D8B7FA600070CB0 /* ocspdTypes.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC0BC9451D8B7FA700070CB0 /* ocspdDebug.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC93A1D8B7FA600070CB0 /* ocspdDebug.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC0BC9461D8B7FA700070CB0 /* ocspdDbSchema.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC93B1D8B7FA600070CB0 /* ocspdDbSchema.cpp */; }; + DC0BC9471D8B7FA700070CB0 /* ocspdDbSchema.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC93C1D8B7FA600070CB0 /* ocspdDbSchema.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC0BC9481D8B7FA700070CB0 /* ocspExtensions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC93D1D8B7FA600070CB0 /* ocspExtensions.cpp */; }; + DC0BC9491D8B7FA700070CB0 /* ocspExtensions.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC93E1D8B7FA600070CB0 /* ocspExtensions.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC0BC94A1D8B7FA700070CB0 /* ocspResponse.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC93F1D8B7FA600070CB0 /* ocspResponse.cpp */; }; + DC0BC94B1D8B7FA700070CB0 /* ocspResponse.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9401D8B7FA600070CB0 /* ocspResponse.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC0BC94F1D8B7FE000070CB0 /* ocspdClient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC94C1D8B7FE000070CB0 /* ocspdClient.cpp */; }; + DC0BC9501D8B7FE000070CB0 /* ocspdClient.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC94D1D8B7FE000070CB0 /* ocspdClient.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC0BC9581D8B7FFE00070CB0 /* ocspd.defs in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9521D8B7FFE00070CB0 /* ocspd.defs */; }; + DC0BC9591D8B7FFE00070CB0 /* ocspd.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9541D8B7FFE00070CB0 /* ocspd.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC0BC95A1D8B7FFE00070CB0 /* ocspd_server.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9551D8B7FFE00070CB0 /* ocspd_server.cpp */; }; + DC0BC95B1D8B7FFE00070CB0 /* ocspd_client.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9561D8B7FFE00070CB0 /* ocspd_client.cpp */; }; + DC0BC9841D8B813800070CB0 /* pkcs12BagAttrs.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC96F1D8B813800070CB0 /* pkcs12BagAttrs.cpp */; }; + DC0BC9851D8B813800070CB0 /* pkcs12BagAttrs.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9701D8B813800070CB0 /* pkcs12BagAttrs.h */; }; + DC0BC9861D8B813800070CB0 /* pkcs12Coder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9711D8B813800070CB0 /* pkcs12Coder.cpp */; }; + DC0BC9871D8B813800070CB0 /* pkcs12Coder.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9721D8B813800070CB0 /* pkcs12Coder.h */; }; + DC0BC9881D8B813800070CB0 /* pkcs12Crypto.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9731D8B813800070CB0 /* pkcs12Crypto.cpp */; }; + DC0BC9891D8B813800070CB0 /* pkcs12Crypto.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9741D8B813800070CB0 /* pkcs12Crypto.h */; }; + DC0BC98A1D8B813800070CB0 /* pkcs12Debug.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9751D8B813800070CB0 /* pkcs12Debug.h */; }; + DC0BC98B1D8B813800070CB0 /* pkcs12Decode.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9761D8B813800070CB0 /* pkcs12Decode.cpp */; }; + DC0BC98C1D8B813800070CB0 /* pkcs12Encode.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9771D8B813800070CB0 /* pkcs12Encode.cpp */; }; + DC0BC98D1D8B813800070CB0 /* pkcs12Keychain.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9781D8B813800070CB0 /* pkcs12Keychain.cpp */; }; + DC0BC98E1D8B813800070CB0 /* pkcs12SafeBag.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9791D8B813800070CB0 /* pkcs12SafeBag.cpp */; }; + DC0BC98F1D8B813800070CB0 /* pkcs12SafeBag.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC97A1D8B813800070CB0 /* pkcs12SafeBag.h */; }; + DC0BC9901D8B813800070CB0 /* pkcs12Templates.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC97B1D8B813800070CB0 /* pkcs12Templates.cpp */; }; + DC0BC9911D8B813800070CB0 /* pkcs12Templates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC97C1D8B813800070CB0 /* pkcs12Templates.h */; }; + DC0BC9921D8B813800070CB0 /* pkcs12Utils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC97D1D8B813800070CB0 /* pkcs12Utils.cpp */; }; + DC0BC9931D8B813800070CB0 /* pkcs12Utils.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC97E1D8B813800070CB0 /* pkcs12Utils.h */; }; + DC0BC9941D8B813800070CB0 /* pkcs7Templates.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC97F1D8B813800070CB0 /* pkcs7Templates.cpp */; }; + DC0BC9951D8B813800070CB0 /* pkcs7Templates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9801D8B813800070CB0 /* pkcs7Templates.h */; }; + DC0BC9961D8B813800070CB0 /* SecPkcs12.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9811D8B813800070CB0 /* SecPkcs12.cpp */; }; + DC0BC9971D8B813800070CB0 /* SecPkcs12.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9821D8B813800070CB0 /* SecPkcs12.h */; }; + DC0BC9B51D8B81EF00070CB0 /* SDContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9A31D8B81EF00070CB0 /* SDContext.cpp */; }; + DC0BC9B61D8B81EF00070CB0 /* SDContext.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9A41D8B81EF00070CB0 /* SDContext.h */; }; + DC0BC9B71D8B81EF00070CB0 /* SDCSPDLBuiltin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9A51D8B81EF00070CB0 /* SDCSPDLBuiltin.cpp */; }; + DC0BC9B81D8B81EF00070CB0 /* SDCSPDLDatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9A61D8B81EF00070CB0 /* SDCSPDLDatabase.cpp */; }; + DC0BC9B91D8B81EF00070CB0 /* SDCSPDLDatabase.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9A71D8B81EF00070CB0 /* SDCSPDLDatabase.h */; }; + DC0BC9BA1D8B81EF00070CB0 /* SDCSPDLPlugin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9A81D8B81EF00070CB0 /* SDCSPDLPlugin.cpp */; }; + DC0BC9BB1D8B81EF00070CB0 /* SDCSPDLPlugin.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9A91D8B81EF00070CB0 /* SDCSPDLPlugin.h */; }; + DC0BC9BC1D8B81EF00070CB0 /* SDCSPDLSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9AA1D8B81EF00070CB0 /* SDCSPDLSession.cpp */; }; + DC0BC9BD1D8B81EF00070CB0 /* SDCSPDLSession.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9AB1D8B81EF00070CB0 /* SDCSPDLSession.h */; }; + DC0BC9BE1D8B81EF00070CB0 /* SDCSPSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9AC1D8B81EF00070CB0 /* SDCSPSession.cpp */; }; + DC0BC9BF1D8B81EF00070CB0 /* SDCSPSession.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9AD1D8B81EF00070CB0 /* SDCSPSession.h */; }; + DC0BC9C01D8B81EF00070CB0 /* SDDLSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9AE1D8B81EF00070CB0 /* SDDLSession.cpp */; }; + DC0BC9C11D8B81EF00070CB0 /* SDDLSession.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9AF1D8B81EF00070CB0 /* SDDLSession.h */; }; + DC0BC9C21D8B81EF00070CB0 /* SDFactory.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9B01D8B81EF00070CB0 /* SDFactory.cpp */; }; + DC0BC9C31D8B81EF00070CB0 /* SDFactory.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9B11D8B81EF00070CB0 /* SDFactory.h */; }; + DC0BC9C41D8B81EF00070CB0 /* SDKey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9B21D8B81EF00070CB0 /* SDKey.cpp */; }; + DC0BC9C51D8B81EF00070CB0 /* SDKey.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9B31D8B81EF00070CB0 /* SDKey.h */; }; + DC0BC9F61D8B827200070CB0 /* sslKeychain.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9D11D8B827200070CB0 /* sslKeychain.c */; }; + DC0BC9F71D8B827200070CB0 /* SSLRecordInternal.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9D31D8B827200070CB0 /* SSLRecordInternal.c */; }; + DC0BC9F81D8B827200070CB0 /* sslCipherSpecs.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9D41D8B827200070CB0 /* sslCipherSpecs.c */; }; + DC0BC9F91D8B827200070CB0 /* sslContext.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9D51D8B827200070CB0 /* sslContext.c */; }; + DC0BC9FA1D8B827200070CB0 /* sslRecord.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9D61D8B827200070CB0 /* sslRecord.c */; }; + DC0BC9FB1D8B827200070CB0 /* sslTransport.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9D71D8B827200070CB0 /* sslTransport.c */; }; + DC0BC9FC1D8B827200070CB0 /* tlsCallbacks.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9D81D8B827200070CB0 /* tlsCallbacks.c */; }; + DC0BC9FD1D8B827200070CB0 /* tlsCallbacks.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9D91D8B827200070CB0 /* tlsCallbacks.h */; }; + DC0BC9FE1D8B827200070CB0 /* CipherSuite.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9DB1D8B827200070CB0 /* CipherSuite.h */; }; + DC0BC9FF1D8B827200070CB0 /* SecureTransport.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9DC1D8B827200070CB0 /* SecureTransport.h */; }; + DC0BCA001D8B827200070CB0 /* sslTypes.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9DE1D8B827200070CB0 /* sslTypes.h */; }; + DC0BCA011D8B827200070CB0 /* SecureTransportPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9DF1D8B827200070CB0 /* SecureTransportPriv.h */; }; + DC0BCA021D8B827200070CB0 /* sslCipherSpecs.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9E11D8B827200070CB0 /* sslCipherSpecs.h */; }; + DC0BCA031D8B827200070CB0 /* SSLRecordInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9E21D8B827200070CB0 /* SSLRecordInternal.h */; }; + DC0BCA041D8B827200070CB0 /* tls_record_internal.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9E31D8B827200070CB0 /* tls_record_internal.h */; }; + DC0BCA051D8B827200070CB0 /* cipherSpecs.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9E41D8B827200070CB0 /* cipherSpecs.h */; }; + DC0BCA061D8B827200070CB0 /* ssl.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9E51D8B827200070CB0 /* ssl.h */; }; + DC0BCA071D8B827200070CB0 /* sslBuildFlags.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9E61D8B827200070CB0 /* sslBuildFlags.h */; }; + DC0BCA081D8B827200070CB0 /* sslContext.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9E71D8B827200070CB0 /* sslContext.h */; }; + DC0BCA091D8B827200070CB0 /* sslCrypto.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9E81D8B827200070CB0 /* sslCrypto.h */; }; + DC0BCA0A1D8B827200070CB0 /* sslDebug.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9E91D8B827200070CB0 /* sslDebug.h */; }; + DC0BCA0B1D8B827200070CB0 /* sslKeychain.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9EA1D8B827200070CB0 /* sslKeychain.h */; }; + DC0BCA0C1D8B827200070CB0 /* sslMemory.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9EB1D8B827200070CB0 /* sslMemory.h */; }; + DC0BCA0D1D8B827200070CB0 /* sslPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9EC1D8B827200070CB0 /* sslPriv.h */; }; + DC0BCA0E1D8B827200070CB0 /* sslRecord.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9ED1D8B827200070CB0 /* sslRecord.h */; }; + DC0BCA0F1D8B827200070CB0 /* sslUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BC9EE1D8B827200070CB0 /* sslUtils.h */; }; + DC0BCA101D8B827200070CB0 /* sslCrypto.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9F01D8B827200070CB0 /* sslCrypto.c */; }; + DC0BCA111D8B827200070CB0 /* sslMemory.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BC9F21D8B827200070CB0 /* sslMemory.c */; }; + DC0BCA491D8B82CD00070CB0 /* CA-ECC_Cert.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA1B1D8B82CD00070CB0 /* CA-ECC_Cert.h */; }; + DC0BCA4A1D8B82CD00070CB0 /* CA-ECC_Key.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA1C1D8B82CD00070CB0 /* CA-ECC_Key.h */; }; + DC0BCA4B1D8B82CD00070CB0 /* CA-RSA_Cert.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA1D1D8B82CD00070CB0 /* CA-RSA_Cert.h */; }; + DC0BCA4C1D8B82CD00070CB0 /* CA-RSA_Key.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA1E1D8B82CD00070CB0 /* CA-RSA_Key.h */; }; + DC0BCA4D1D8B82CD00070CB0 /* ClientECC_Cert_CA-ECC.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA1F1D8B82CD00070CB0 /* ClientECC_Cert_CA-ECC.h */; }; + DC0BCA4E1D8B82CD00070CB0 /* ClientECC_Cert_CA-RSA.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA201D8B82CD00070CB0 /* ClientECC_Cert_CA-RSA.h */; }; + DC0BCA4F1D8B82CD00070CB0 /* ClientECC_Key.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA211D8B82CD00070CB0 /* ClientECC_Key.h */; }; + DC0BCA501D8B82CD00070CB0 /* ClientRSA_Cert_CA-ECC.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA221D8B82CD00070CB0 /* ClientRSA_Cert_CA-ECC.h */; }; + DC0BCA511D8B82CD00070CB0 /* ClientRSA_Cert_CA-RSA.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA231D8B82CD00070CB0 /* ClientRSA_Cert_CA-RSA.h */; }; + DC0BCA521D8B82CD00070CB0 /* ClientRSA_Key.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA241D8B82CD00070CB0 /* ClientRSA_Key.h */; }; + DC0BCA531D8B82CD00070CB0 /* ServerECC_Cert_CA-ECC.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA251D8B82CD00070CB0 /* ServerECC_Cert_CA-ECC.h */; }; + DC0BCA541D8B82CD00070CB0 /* ServerECC_Cert_CA-RSA.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA261D8B82CD00070CB0 /* ServerECC_Cert_CA-RSA.h */; }; + DC0BCA551D8B82CD00070CB0 /* ServerECC_Key.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA271D8B82CD00070CB0 /* ServerECC_Key.h */; }; + DC0BCA561D8B82CD00070CB0 /* ServerRSA_Cert_CA-ECC.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA281D8B82CD00070CB0 /* ServerRSA_Cert_CA-ECC.h */; }; + DC0BCA571D8B82CD00070CB0 /* ServerRSA_Cert_CA-RSA.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA291D8B82CD00070CB0 /* ServerRSA_Cert_CA-RSA.h */; }; + DC0BCA581D8B82CD00070CB0 /* ServerRSA_Key.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA2A1D8B82CD00070CB0 /* ServerRSA_Key.h */; }; + DC0BCA591D8B82CD00070CB0 /* Untrusted-CA-RSA_Cert.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA2B1D8B82CD00070CB0 /* Untrusted-CA-RSA_Cert.h */; }; + DC0BCA5A1D8B82CD00070CB0 /* Untrusted-CA-RSA_Key.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA2C1D8B82CD00070CB0 /* Untrusted-CA-RSA_Key.h */; }; + DC0BCA5B1D8B82CD00070CB0 /* UntrustedClientRSA_Cert_Untrusted-CA-RSA.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA2D1D8B82CD00070CB0 /* UntrustedClientRSA_Cert_Untrusted-CA-RSA.h */; }; + DC0BCA5C1D8B82CD00070CB0 /* UntrustedClientRSA_Key.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA2E1D8B82CD00070CB0 /* UntrustedClientRSA_Key.h */; }; + DC0BCA5D1D8B82CD00070CB0 /* cert-1.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA301D8B82CD00070CB0 /* cert-1.h */; }; + DC0BCA5E1D8B82CD00070CB0 /* identity-1.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA311D8B82CD00070CB0 /* identity-1.h */; }; + DC0BCA5F1D8B82CD00070CB0 /* privkey-1.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA321D8B82CD00070CB0 /* privkey-1.h */; }; + DC0BCA601D8B82CD00070CB0 /* ssl-39-echo.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA331D8B82CD00070CB0 /* ssl-39-echo.c */; }; + DC0BCA611D8B82CD00070CB0 /* ssl-40-clientauth.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA341D8B82CD00070CB0 /* ssl-40-clientauth.c */; }; + DC0BCA621D8B82CD00070CB0 /* ssl-41-clientauth.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA351D8B82CD00070CB0 /* ssl-41-clientauth.c */; }; + DC0BCA631D8B82CD00070CB0 /* ssl-42-ciphers.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA361D8B82CD00070CB0 /* ssl-42-ciphers.c */; }; + DC0BCA641D8B82CD00070CB0 /* ssl-43-ciphers.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA371D8B82CD00070CB0 /* ssl-43-ciphers.c */; }; + DC0BCA651D8B82CD00070CB0 /* ssl-44-crashes.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA381D8B82CD00070CB0 /* ssl-44-crashes.c */; }; + DC0BCA661D8B82CD00070CB0 /* ssl-45-tls12.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA391D8B82CD00070CB0 /* ssl-45-tls12.c */; }; + DC0BCA671D8B82CD00070CB0 /* ssl-46-SSLGetSupportedCiphers.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA3A1D8B82CD00070CB0 /* ssl-46-SSLGetSupportedCiphers.c */; }; + DC0BCA681D8B82CD00070CB0 /* ssl-47-falsestart.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA3B1D8B82CD00070CB0 /* ssl-47-falsestart.c */; }; + DC0BCA691D8B82CD00070CB0 /* ssl-48-split.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA3C1D8B82CD00070CB0 /* ssl-48-split.c */; }; + DC0BCA6A1D8B82CD00070CB0 /* ssl-49-sni.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA3D1D8B82CD00070CB0 /* ssl-49-sni.c */; }; + DC0BCA6B1D8B82CD00070CB0 /* ssl-50-server.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA3E1D8B82CD00070CB0 /* ssl-50-server.c */; }; + DC0BCA6C1D8B82CD00070CB0 /* ssl-51-state.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA3F1D8B82CD00070CB0 /* ssl-51-state.c */; }; + DC0BCA6D1D8B82CD00070CB0 /* ssl-52-noconn.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA401D8B82CD00070CB0 /* ssl-52-noconn.c */; }; + DC0BCA6E1D8B82CD00070CB0 /* ssl-53-clientauth.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA411D8B82CD00070CB0 /* ssl-53-clientauth.c */; }; + DC0BCA6F1D8B82CD00070CB0 /* ssl-54-dhe.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA421D8B82CD00070CB0 /* ssl-54-dhe.c */; }; + DC0BCA701D8B82CD00070CB0 /* ssl-55-sessioncache.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA431D8B82CD00070CB0 /* ssl-55-sessioncache.c */; }; + DC0BCA711D8B82CD00070CB0 /* ssl-56-renegotiate.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA441D8B82CD00070CB0 /* ssl-56-renegotiate.c */; }; + DC0BCA721D8B82CD00070CB0 /* ssl-utils.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA451D8B82CD00070CB0 /* ssl-utils.c */; }; + DC0BCA731D8B82CD00070CB0 /* ssl-utils.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA461D8B82CD00070CB0 /* ssl-utils.h */; }; + DC0BCA741D8B82CD00070CB0 /* ssl_regressions.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA471D8B82CD00070CB0 /* ssl_regressions.h */; }; + DC0BCAC11D8B85BC00070CB0 /* SecMaskGenerationFunctionTransform.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA821D8B85BC00070CB0 /* SecMaskGenerationFunctionTransform.c */; }; + DC0BCAC21D8B85BC00070CB0 /* SecMaskGenerationFunctionTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA831D8B85BC00070CB0 /* SecMaskGenerationFunctionTransform.h */; }; + DC0BCAC41D8B85BC00070CB0 /* SecCollectTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA851D8B85BC00070CB0 /* SecCollectTransform.cpp */; }; + DC0BCAC51D8B85BC00070CB0 /* SecCollectTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA861D8B85BC00070CB0 /* SecCollectTransform.h */; }; + DC0BCAC61D8B85BC00070CB0 /* c++utils.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA871D8B85BC00070CB0 /* c++utils.h */; }; + DC0BCAC71D8B85BC00070CB0 /* c++utils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA881D8B85BC00070CB0 /* c++utils.cpp */; }; + DC0BCAC81D8B85BC00070CB0 /* CoreFoundationBasics.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA891D8B85BC00070CB0 /* CoreFoundationBasics.cpp */; }; + DC0BCAC91D8B85BC00070CB0 /* CoreFoundationBasics.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA8A1D8B85BC00070CB0 /* CoreFoundationBasics.h */; }; + DC0BCACA1D8B85BC00070CB0 /* Digest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA8B1D8B85BC00070CB0 /* Digest.cpp */; }; + DC0BCACB1D8B85BC00070CB0 /* Digest.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA8C1D8B85BC00070CB0 /* Digest.h */; }; + DC0BCACC1D8B85BC00070CB0 /* EncodeDecodeTransforms.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA8D1D8B85BC00070CB0 /* EncodeDecodeTransforms.c */; }; + DC0BCACD1D8B85BC00070CB0 /* EncryptTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA8E1D8B85BC00070CB0 /* EncryptTransform.h */; }; + DC0BCACE1D8B85BC00070CB0 /* EncryptTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA8F1D8B85BC00070CB0 /* EncryptTransform.cpp */; }; + DC0BCACF1D8B85BC00070CB0 /* CEncryptDecrypt.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA901D8B85BC00070CB0 /* CEncryptDecrypt.c */; }; + DC0BCAD01D8B85BC00070CB0 /* EncryptTransformUtilities.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA911D8B85BC00070CB0 /* EncryptTransformUtilities.h */; }; + DC0BCAD11D8B85BC00070CB0 /* EncryptTransformUtilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA921D8B85BC00070CB0 /* EncryptTransformUtilities.cpp */; }; + DC0BCAD21D8B85BC00070CB0 /* GroupTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA931D8B85BC00070CB0 /* GroupTransform.cpp */; }; + DC0BCAD31D8B85BC00070CB0 /* GroupTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA941D8B85BC00070CB0 /* GroupTransform.h */; }; + DC0BCAD41D8B85BC00070CB0 /* LinkedList.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA951D8B85BC00070CB0 /* LinkedList.cpp */; }; + DC0BCAD51D8B85BC00070CB0 /* LinkedList.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA961D8B85BC00070CB0 /* LinkedList.h */; }; + DC0BCAD61D8B85BC00070CB0 /* misc.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA971D8B85BC00070CB0 /* misc.c */; }; + DC0BCAD71D8B85BC00070CB0 /* misc.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA981D8B85BC00070CB0 /* misc.h */; }; + DC0BCAD81D8B85BC00070CB0 /* Monitor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA991D8B85BC00070CB0 /* Monitor.cpp */; }; + DC0BCAD91D8B85BC00070CB0 /* Monitor.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA9A1D8B85BC00070CB0 /* Monitor.h */; }; + DC0BCADA1D8B85BC00070CB0 /* NullTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA9B1D8B85BC00070CB0 /* NullTransform.cpp */; }; + DC0BCADB1D8B85BC00070CB0 /* NullTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA9C1D8B85BC00070CB0 /* NullTransform.h */; }; + DC0BCADC1D8B85BC00070CB0 /* SecCustomTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA9D1D8B85BC00070CB0 /* SecCustomTransform.h */; }; + DC0BCADD1D8B85BC00070CB0 /* SecCustomTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCA9E1D8B85BC00070CB0 /* SecCustomTransform.cpp */; }; + DC0BCADE1D8B85BC00070CB0 /* SecDecodeTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCA9F1D8B85BC00070CB0 /* SecDecodeTransform.h */; }; + DC0BCADF1D8B85BC00070CB0 /* SecDigestTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCAA01D8B85BC00070CB0 /* SecDigestTransform.cpp */; }; + DC0BCAE01D8B85BC00070CB0 /* SecDigestTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCAA11D8B85BC00070CB0 /* SecDigestTransform.h */; }; + DC0BCAE11D8B85BC00070CB0 /* SecEncryptTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCAA21D8B85BC00070CB0 /* SecEncryptTransform.h */; }; + DC0BCAE21D8B85BC00070CB0 /* SecEncodeTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCAA31D8B85BC00070CB0 /* SecEncodeTransform.h */; }; + DC0BCAE31D8B85BC00070CB0 /* SecEncryptTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCAA41D8B85BC00070CB0 /* SecEncryptTransform.cpp */; }; + DC0BCAE41D8B85BC00070CB0 /* SecGroupTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCAA51D8B85BC00070CB0 /* SecGroupTransform.cpp */; }; + DC0BCAE51D8B85BC00070CB0 /* SecGroupTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCAA61D8B85BC00070CB0 /* SecGroupTransform.h */; }; + DC0BCAE61D8B85BC00070CB0 /* SecNullTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCAA71D8B85BC00070CB0 /* SecNullTransform.cpp */; }; + DC0BCAE71D8B85BC00070CB0 /* SecSignVerifyTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCAA81D8B85BC00070CB0 /* SecSignVerifyTransform.h */; }; + DC0BCAE81D8B85BC00070CB0 /* SecSignVerifyTransform.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCAA91D8B85BC00070CB0 /* SecSignVerifyTransform.c */; }; + DC0BCAE91D8B85BC00070CB0 /* SecNullTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCAAA1D8B85BC00070CB0 /* SecNullTransform.h */; }; + DC0BCAEA1D8B85BC00070CB0 /* SecTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCAAB1D8B85BC00070CB0 /* SecTransform.cpp */; }; + DC0BCAEB1D8B85BC00070CB0 /* SecTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCAAC1D8B85BC00070CB0 /* SecTransform.h */; }; + DC0BCAEC1D8B85BC00070CB0 /* SecTransformInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCAAD1D8B85BC00070CB0 /* SecTransformInternal.h */; }; + DC0BCAED1D8B85BC00070CB0 /* SingleShotSource.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCAAE1D8B85BC00070CB0 /* SingleShotSource.cpp */; }; + DC0BCAEE1D8B85BC00070CB0 /* SingleShotSource.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCAAF1D8B85BC00070CB0 /* SingleShotSource.h */; }; + DC0BCAEF1D8B85BC00070CB0 /* Source.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCAB01D8B85BC00070CB0 /* Source.cpp */; }; + DC0BCAF01D8B85BC00070CB0 /* Source.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCAB11D8B85BC00070CB0 /* Source.h */; }; + DC0BCAF11D8B85BC00070CB0 /* StreamSource.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCAB21D8B85BC00070CB0 /* StreamSource.cpp */; }; + DC0BCAF21D8B85BC00070CB0 /* StreamSource.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCAB31D8B85BC00070CB0 /* StreamSource.h */; }; + DC0BCAF31D8B85BC00070CB0 /* Transform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCAB41D8B85BC00070CB0 /* Transform.cpp */; }; + DC0BCAF41D8B85BC00070CB0 /* Transform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCAB51D8B85BC00070CB0 /* Transform.h */; }; + DC0BCAF51D8B85BC00070CB0 /* TransformFactory.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCAB61D8B85BC00070CB0 /* TransformFactory.cpp */; }; + DC0BCAF61D8B85BC00070CB0 /* TransformFactory.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCAB71D8B85BC00070CB0 /* TransformFactory.h */; }; + DC0BCAF71D8B85BC00070CB0 /* Utilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCAB81D8B85BC00070CB0 /* Utilities.cpp */; }; + DC0BCAF81D8B85BC00070CB0 /* Utilities.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCAB91D8B85BC00070CB0 /* Utilities.h */; }; + DC0BCAF91D8B85BC00070CB0 /* SecExternalSourceTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCABA1D8B85BC00070CB0 /* SecExternalSourceTransform.h */; }; + DC0BCAFA1D8B85BC00070CB0 /* SecExternalSourceTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCABB1D8B85BC00070CB0 /* SecExternalSourceTransform.cpp */; }; + DC0BCAFB1D8B85BC00070CB0 /* SecTransformReadTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCABC1D8B85BC00070CB0 /* SecTransformReadTransform.h */; }; + DC0BCAFC1D8B85BC00070CB0 /* SecTransformReadTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCABD1D8B85BC00070CB0 /* SecTransformReadTransform.cpp */; }; + DC0BCAFD1D8B85BC00070CB0 /* SecTransformValidator.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCABE1D8B85BC00070CB0 /* SecTransformValidator.h */; }; + DC0BCAFE1D8B85BC00070CB0 /* SecReadTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCABF1D8B85BC00070CB0 /* SecReadTransform.h */; }; + DC0BCB1D1D8B898100070CB0 /* SecTranslocateClient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCB0A1D8B898100070CB0 /* SecTranslocateClient.cpp */; }; + DC0BCB1E1D8B898100070CB0 /* SecTranslocateClient.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCB0B1D8B898100070CB0 /* SecTranslocateClient.hpp */; }; + DC0BCB1F1D8B898100070CB0 /* SecTranslocateXPCServer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCB0C1D8B898100070CB0 /* SecTranslocateXPCServer.cpp */; }; + DC0BCB201D8B898100070CB0 /* SecTranslocateXPCServer.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCB0D1D8B898100070CB0 /* SecTranslocateXPCServer.hpp */; }; + DC0BCB211D8B898100070CB0 /* SecTranslocateInterface.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCB0E1D8B898100070CB0 /* SecTranslocateInterface.hpp */; }; + DC0BCB221D8B898100070CB0 /* SecTranslocateDANotification.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCB0F1D8B898100070CB0 /* SecTranslocateDANotification.cpp */; }; + DC0BCB231D8B898100070CB0 /* SecTranslocateDANotification.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCB101D8B898100070CB0 /* SecTranslocateDANotification.hpp */; }; + DC0BCB241D8B898100070CB0 /* SecTranslocateLSNotification.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCB111D8B898100070CB0 /* SecTranslocateLSNotification.cpp */; }; + DC0BCB251D8B898100070CB0 /* SecTranslocateLSNotification.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCB121D8B898100070CB0 /* SecTranslocateLSNotification.hpp */; }; + DC0BCB261D8B898100070CB0 /* SecTranslocateShared.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCB131D8B898100070CB0 /* SecTranslocateShared.hpp */; }; + DC0BCB271D8B898100070CB0 /* SecTranslocateShared.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCB141D8B898100070CB0 /* SecTranslocateShared.cpp */; }; + DC0BCB281D8B898100070CB0 /* SecTranslocateServer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCB151D8B898100070CB0 /* SecTranslocateServer.cpp */; }; + DC0BCB291D8B898100070CB0 /* SecTranslocateServer.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCB161D8B898100070CB0 /* SecTranslocateServer.hpp */; }; + DC0BCB2A1D8B898100070CB0 /* SecTranslocate.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCB171D8B898100070CB0 /* SecTranslocate.h */; }; + DC0BCB2B1D8B898100070CB0 /* SecTranslocate.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCB181D8B898100070CB0 /* SecTranslocate.cpp */; }; + DC0BCB2C1D8B898100070CB0 /* SecTranslocateUtilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCB191D8B898100070CB0 /* SecTranslocateUtilities.cpp */; }; + DC0BCB2D1D8B898100070CB0 /* SecTranslocateUtilities.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCB1A1D8B898100070CB0 /* SecTranslocateUtilities.hpp */; }; + DC0BCB2E1D8B898100070CB0 /* SecTranslocateInterface.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCB1B1D8B898100070CB0 /* SecTranslocateInterface.cpp */; }; + DC0BCC0D1D8C64B500070CB0 /* test-00-test.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCBFE1D8C64B500070CB0 /* test-00-test.c */; }; + DC0BCC0E1D8C64B500070CB0 /* test_regressions.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCBFF1D8C64B500070CB0 /* test_regressions.h */; }; + DC0BCC0F1D8C64B600070CB0 /* testlist_begin.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC001D8C64B500070CB0 /* testlist_begin.h */; }; + DC0BCC101D8C64B600070CB0 /* testlist_end.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC011D8C64B500070CB0 /* testlist_end.h */; }; + DC0BCC111D8C64B600070CB0 /* testcpp.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC021D8C64B500070CB0 /* testcpp.h */; }; + DC0BCC121D8C64B600070CB0 /* testenv.m in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC031D8C64B500070CB0 /* testenv.m */; }; + DC0BCC131D8C64B600070CB0 /* testenv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC041D8C64B500070CB0 /* testenv.h */; }; + DC0BCC141D8C64B600070CB0 /* testmore.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC051D8C64B500070CB0 /* testmore.c */; }; + DC0BCC151D8C64B600070CB0 /* testmore.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC061D8C64B500070CB0 /* testmore.h */; }; + DC0BCC161D8C64B600070CB0 /* testcert.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC071D8C64B500070CB0 /* testcert.c */; }; + DC0BCC171D8C64B600070CB0 /* testcert.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC081D8C64B500070CB0 /* testcert.h */; }; + DC0BCC181D8C64B600070CB0 /* testpolicy.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC091D8C64B500070CB0 /* testpolicy.h */; }; + DC0BCC191D8C64B600070CB0 /* testpolicy.m in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC0A1D8C64B500070CB0 /* testpolicy.m */; }; + DC0BCC1A1D8C653600070CB0 /* MobileKeyBag.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FC30AB1332DE9000802946 /* MobileKeyBag.framework */; settings = {ATTRIBUTES = (Weak, ); }; }; + DC0BCC291D8C684F00070CB0 /* MobileKeyBag.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FC30AB1332DE9000802946 /* MobileKeyBag.framework */; settings = {ATTRIBUTES = (Weak, ); }; }; + DC0BCD1D1D8C694700070CB0 /* MobileKeyBag.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FC30AB1332DE9000802946 /* MobileKeyBag.framework */; settings = {ATTRIBUTES = (Weak, ); }; }; + DC0BCD661D8C69A000070CB0 /* utilities_regressions.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCD491D8C697100070CB0 /* utilities_regressions.h */; }; + DC0BCD671D8C69A000070CB0 /* su-05-cfwrappers.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCD4A1D8C697100070CB0 /* su-05-cfwrappers.c */; }; + DC0BCD681D8C69A000070CB0 /* su-07-debugging.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCD4B1D8C697100070CB0 /* su-07-debugging.c */; }; + DC0BCD691D8C69A000070CB0 /* su-08-secbuffer.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCD4C1D8C697100070CB0 /* su-08-secbuffer.c */; }; + DC0BCD6A1D8C69A000070CB0 /* su-10-cfstring-der.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCD4D1D8C697100070CB0 /* su-10-cfstring-der.c */; }; + DC0BCD6B1D8C69A000070CB0 /* su-11-cfdata-der.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCD4E1D8C697100070CB0 /* su-11-cfdata-der.c */; }; + DC0BCD6C1D8C69A000070CB0 /* su-12-cfboolean-der.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCD4F1D8C697100070CB0 /* su-12-cfboolean-der.c */; }; + DC0BCD6D1D8C69A000070CB0 /* su-13-cfnumber-der.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCD501D8C697100070CB0 /* su-13-cfnumber-der.c */; }; + DC0BCD6E1D8C69A000070CB0 /* su-14-cfarray-der.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCD511D8C697100070CB0 /* su-14-cfarray-der.c */; }; + DC0BCD6F1D8C69A000070CB0 /* su-15-cfdictionary-der.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCD521D8C697100070CB0 /* su-15-cfdictionary-der.c */; }; + DC0BCD701D8C69A000070CB0 /* su-17-cfset-der.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCD531D8C697100070CB0 /* su-17-cfset-der.c */; }; + DC0BCD711D8C69A000070CB0 /* su-16-cfdate-der.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCD541D8C697100070CB0 /* su-16-cfdate-der.c */; }; + DC0BCD721D8C69A000070CB0 /* su-40-secdb.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCD551D8C697100070CB0 /* su-40-secdb.c */; }; + DC0BCD731D8C69A000070CB0 /* su-41-secdb-stress.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCD561D8C697100070CB0 /* su-41-secdb-stress.c */; }; + DC0BCD741D8C6A1E00070CB0 /* SecMeta.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC391D8C68CF00070CB0 /* SecMeta.h */; }; + DC0BCD751D8C6A1E00070CB0 /* iCloudKeychainTrace.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC3A1D8C68CF00070CB0 /* iCloudKeychainTrace.c */; }; + DC0BCD761D8C6A1E00070CB0 /* iCloudKeychainTrace.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC3B1D8C68CF00070CB0 /* iCloudKeychainTrace.h */; }; + DC0BCD771D8C6A1E00070CB0 /* SecAKSWrappers.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC3C1D8C68CF00070CB0 /* SecAKSWrappers.c */; }; + DC0BCD781D8C6A1E00070CB0 /* SecAKSWrappers.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC3D1D8C68CF00070CB0 /* SecAKSWrappers.h */; }; + DC0BCD791D8C6A1E00070CB0 /* SecBuffer.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC3E1D8C68CF00070CB0 /* SecBuffer.c */; }; + DC0BCD7A1D8C6A1E00070CB0 /* SecBuffer.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC3F1D8C68CF00070CB0 /* SecBuffer.h */; }; + DC0BCD7B1D8C6A1E00070CB0 /* SecCoreCrypto.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC401D8C68CF00070CB0 /* SecCoreCrypto.c */; }; + DC0BCD7C1D8C6A1E00070CB0 /* SecCoreCrypto.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC411D8C68CF00070CB0 /* SecCoreCrypto.h */; }; + DC0BCD7D1D8C6A1E00070CB0 /* SecCertificateTrace.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC421D8C68CF00070CB0 /* SecCertificateTrace.c */; }; + DC0BCD7E1D8C6A1E00070CB0 /* SecCertificateTrace.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC431D8C68CF00070CB0 /* SecCertificateTrace.h */; }; + DC0BCD7F1D8C6A1E00070CB0 /* SecCFCCWrappers.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC441D8C68CF00070CB0 /* SecCFCCWrappers.c */; }; + DC0BCD801D8C6A1E00070CB0 /* SecCFCCWrappers.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC451D8C68CF00070CB0 /* SecCFCCWrappers.h */; }; + DC0BCD811D8C6A1E00070CB0 /* SecCFRelease.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC461D8C68CF00070CB0 /* SecCFRelease.h */; }; + DC0BCD821D8C6A1E00070CB0 /* SecCFWrappers.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC471D8C68CF00070CB0 /* SecCFWrappers.c */; }; + DC0BCD831D8C6A1E00070CB0 /* SecCFWrappers.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC481D8C68CF00070CB0 /* SecCFWrappers.h */; }; + DC0BCD841D8C6A1E00070CB0 /* SecCFError.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC491D8C68CF00070CB0 /* SecCFError.c */; }; + DC0BCD851D8C6A1E00070CB0 /* SecCFError.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC4A1D8C68CF00070CB0 /* SecCFError.h */; }; + DC0BCD861D8C6A1E00070CB0 /* SecDispatchRelease.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC4B1D8C68CF00070CB0 /* SecDispatchRelease.h */; }; + DC0BCD871D8C6A1E00070CB0 /* SecIOFormat.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC4C1D8C68CF00070CB0 /* SecIOFormat.h */; }; + DC0BCD881D8C6A1E00070CB0 /* SecTrace.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC4D1D8C68CF00070CB0 /* SecTrace.c */; }; + DC0BCD891D8C6A1E00070CB0 /* SecTrace.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC4E1D8C68CF00070CB0 /* SecTrace.h */; }; + DC0BCD8A1D8C6A1E00070CB0 /* array_size.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC4F1D8C68CF00070CB0 /* array_size.h */; }; + DC0BCD8D1D8C6A1E00070CB0 /* debugging.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC521D8C68CF00070CB0 /* debugging.c */; }; + DC0BCD8E1D8C6A1E00070CB0 /* debugging.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC531D8C68CF00070CB0 /* debugging.h */; }; + DC0BCD8F1D8C6A1E00070CB0 /* debugging_test.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC541D8C68CF00070CB0 /* debugging_test.h */; }; + DC0BCD901D8C6A1E00070CB0 /* der_array.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC551D8C68CF00070CB0 /* der_array.c */; }; + DC0BCD911D8C6A1E00070CB0 /* der_boolean.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC561D8C68CF00070CB0 /* der_boolean.c */; }; + DC0BCD921D8C6A1E00070CB0 /* der_null.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC571D8C68CF00070CB0 /* der_null.c */; }; + DC0BCD931D8C6A1E00070CB0 /* der_data.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC581D8C68CF00070CB0 /* der_data.c */; }; + DC0BCD941D8C6A1E00070CB0 /* der_date.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC591D8C68CF00070CB0 /* der_date.c */; }; + DC0BCD951D8C6A1E00070CB0 /* der_date.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC5A1D8C68CF00070CB0 /* der_date.h */; }; + DC0BCD961D8C6A1E00070CB0 /* der_dictionary.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC5B1D8C68CF00070CB0 /* der_dictionary.c */; }; + DC0BCD971D8C6A1E00070CB0 /* der_number.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC5C1D8C68CF00070CB0 /* der_number.c */; }; + DC0BCD981D8C6A1F00070CB0 /* der_plist.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC5D1D8C68CF00070CB0 /* der_plist.c */; }; + DC0BCD9A1D8C6A1F00070CB0 /* der_plist_internal.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC5F1D8C68CF00070CB0 /* der_plist_internal.c */; }; + DC0BCD9B1D8C6A1F00070CB0 /* der_plist_internal.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC601D8C68CF00070CB0 /* der_plist_internal.h */; }; + DC0BCD9C1D8C6A1F00070CB0 /* der_set.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC611D8C68CF00070CB0 /* der_set.c */; }; + DC0BCD9D1D8C6A1F00070CB0 /* der_set.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC621D8C68CF00070CB0 /* der_set.h */; }; + DC0BCD9E1D8C6A1F00070CB0 /* der_string.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC631D8C68CF00070CB0 /* der_string.c */; }; + DC0BCD9F1D8C6A1F00070CB0 /* fileIo.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC641D8C68CF00070CB0 /* fileIo.c */; }; + DC0BCDA01D8C6A1F00070CB0 /* fileIo.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC651D8C68CF00070CB0 /* fileIo.h */; }; + DC0BCDA11D8C6A1F00070CB0 /* sqlutils.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC661D8C68CF00070CB0 /* sqlutils.h */; }; + DC0BCDA21D8C6A1F00070CB0 /* iOSforOSX.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC671D8C68CF00070CB0 /* iOSforOSX.h */; }; + DC0BCDA41D8C6A1F00070CB0 /* iOSforOSX-SecAttr.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC691D8C68CF00070CB0 /* iOSforOSX-SecAttr.c */; }; + DC0BCDA51D8C6A1F00070CB0 /* iOSforOSX-SecRandom.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC6A1D8C68CF00070CB0 /* iOSforOSX-SecRandom.c */; }; + DC0BCDA61D8C6A1F00070CB0 /* SecDb.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC6B1D8C68CF00070CB0 /* SecDb.c */; }; + DC0BCDA71D8C6A1F00070CB0 /* SecDb.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC6C1D8C68CF00070CB0 /* SecDb.h */; }; + DC0BCDA81D8C6A1F00070CB0 /* SecFileLocations.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC6D1D8C68CF00070CB0 /* SecFileLocations.c */; }; + DC0BCDA91D8C6A1F00070CB0 /* SecFileLocations.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC6E1D8C68CF00070CB0 /* SecFileLocations.h */; }; + DC0BCDAA1D8C6A1F00070CB0 /* SecXPCError.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC6F1D8C68CF00070CB0 /* SecXPCError.h */; }; + DC0BCDAB1D8C6A1F00070CB0 /* SecXPCError.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC701D8C68CF00070CB0 /* SecXPCError.c */; }; + DC0BCDAC1D8C6A1F00070CB0 /* simulate_crash.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC711D8C68CF00070CB0 /* simulate_crash.c */; }; + DC0BCDAD1D8C6A1F00070CB0 /* SecSCTUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC721D8C68CF00070CB0 /* SecSCTUtils.h */; }; + DC0BCDAE1D8C6A1F00070CB0 /* SecSCTUtils.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC731D8C68CF00070CB0 /* SecSCTUtils.c */; }; + DC0BCDAF1D8C6A1F00070CB0 /* SecAppleAnchor.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCC741D8C68CF00070CB0 /* SecAppleAnchor.c */; }; + DC0BCDB01D8C6A1F00070CB0 /* SecAppleAnchorPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC751D8C68CF00070CB0 /* SecAppleAnchorPriv.h */; }; + DC0BCDB21D8C6A1F00070CB0 /* SecInternalReleasePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC0BCC771D8C68CF00070CB0 /* SecInternalReleasePriv.h */; }; + DC0BCDB51D8C6A5B00070CB0 /* not_on_this_platorm.c in Sources */ = {isa = PBXBuildFile; fileRef = DC0BCDB41D8C6A5B00070CB0 /* not_on_this_platorm.c */; }; + DC1002AF1D8E18870025549C /* libsecurity_codesigning.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCD0677F1D8CDF19007602F1 /* libsecurity_codesigning.a */; }; + DC1002D81D8E1A670025549C /* SecTask.h in Headers */ = {isa = PBXBuildFile; fileRef = 107226D10D91DB32003CF14F /* SecTask.h */; }; + DC1785161D77895A00B50D50 /* oidsalg.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785111D77895A00B50D50 /* oidsalg.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785171D77895A00B50D50 /* oidsattr.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785121D77895A00B50D50 /* oidsattr.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785181D77895A00B50D50 /* SecAsn1Coder.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785131D77895A00B50D50 /* SecAsn1Coder.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785191D77895A00B50D50 /* SecAsn1Templates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785141D77895A00B50D50 /* SecAsn1Templates.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17851A1D77895A00B50D50 /* SecAsn1Types.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785151D77895A00B50D50 /* SecAsn1Types.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785211D7789AF00B50D50 /* Authorization.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17851C1D7789AF00B50D50 /* Authorization.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785221D7789AF00B50D50 /* AuthorizationDB.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17851D1D7789AF00B50D50 /* AuthorizationDB.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785231D7789AF00B50D50 /* AuthorizationPlugin.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17851E1D7789AF00B50D50 /* AuthorizationPlugin.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785241D7789AF00B50D50 /* AuthorizationTags.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17851F1D7789AF00B50D50 /* AuthorizationTags.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785251D7789AF00B50D50 /* AuthSession.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785201D7789AF00B50D50 /* AuthSession.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785301D778A0100B50D50 /* SecCustomTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785271D778A0100B50D50 /* SecCustomTransform.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785311D778A0100B50D50 /* SecDecodeTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785281D778A0100B50D50 /* SecDecodeTransform.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785321D778A0100B50D50 /* SecDigestTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785291D778A0100B50D50 /* SecDigestTransform.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785331D778A0100B50D50 /* SecEncodeTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17852A1D778A0100B50D50 /* SecEncodeTransform.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785341D778A0100B50D50 /* SecEncryptTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17852B1D778A0100B50D50 /* SecEncryptTransform.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785351D778A0100B50D50 /* SecReadTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17852C1D778A0100B50D50 /* SecReadTransform.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785361D778A0100B50D50 /* SecSignVerifyTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17852D1D778A0100B50D50 /* SecSignVerifyTransform.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785371D778A0100B50D50 /* SecTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17852E1D778A0100B50D50 /* SecTransform.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785381D778A0100B50D50 /* SecTransformReadTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17852F1D778A0100B50D50 /* SecTransformReadTransform.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17853C1D778A3100B50D50 /* mds_schema.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17853A1D778A3100B50D50 /* mds_schema.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17853D1D778A3100B50D50 /* mds.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17853B1D778A3100B50D50 /* mds.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785401D778A4E00B50D50 /* SecureDownload.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17853F1D778A4E00B50D50 /* SecureDownload.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785431D778A7400B50D50 /* oids.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785421D778A7400B50D50 /* oids.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17854E1D778ACD00B50D50 /* SecAccess.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785451D778ACD00B50D50 /* SecAccess.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17854F1D778ACD00B50D50 /* SecACL.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785461D778ACD00B50D50 /* SecACL.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785501D778ACD00B50D50 /* SecCertificateOIDs.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785471D778ACD00B50D50 /* SecCertificateOIDs.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785511D778ACD00B50D50 /* SecIdentitySearch.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785481D778ACD00B50D50 /* SecIdentitySearch.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785521D778ACD00B50D50 /* SecKeychain.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785491D778ACD00B50D50 /* SecKeychain.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785531D778ACD00B50D50 /* SecKeychainItem.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17854A1D778ACD00B50D50 /* SecKeychainItem.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785541D778ACD00B50D50 /* SecKeychainSearch.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17854B1D778ACD00B50D50 /* SecKeychainSearch.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785551D778ACD00B50D50 /* SecPolicySearch.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17854C1D778ACD00B50D50 /* SecPolicySearch.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785561D778ACD00B50D50 /* SecTrustedApplication.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17854D1D778ACD00B50D50 /* SecTrustedApplication.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17856C1D778B4A00B50D50 /* cssm.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785581D778B4A00B50D50 /* cssm.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17856D1D778B4A00B50D50 /* cssmaci.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785591D778B4A00B50D50 /* cssmaci.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17856E1D778B4A00B50D50 /* cssmapi.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17855A1D778B4A00B50D50 /* cssmapi.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17856F1D778B4A00B50D50 /* cssmcli.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17855B1D778B4A00B50D50 /* cssmcli.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785701D778B4A00B50D50 /* cssmconfig.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17855C1D778B4A00B50D50 /* cssmconfig.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785711D778B4A00B50D50 /* cssmcspi.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17855D1D778B4A00B50D50 /* cssmcspi.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785721D778B4A00B50D50 /* cssmdli.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17855E1D778B4A00B50D50 /* cssmdli.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785731D778B4A00B50D50 /* cssmerr.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17855F1D778B4A00B50D50 /* cssmerr.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785741D778B4A00B50D50 /* cssmkrapi.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785601D778B4A00B50D50 /* cssmkrapi.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785751D778B4A00B50D50 /* cssmkrspi.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785611D778B4A00B50D50 /* cssmkrspi.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785761D778B4A00B50D50 /* cssmspi.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785621D778B4A00B50D50 /* cssmspi.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785771D778B4A00B50D50 /* cssmtpi.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785631D778B4A00B50D50 /* cssmtpi.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785781D778B4A00B50D50 /* cssmtype.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785641D778B4A00B50D50 /* cssmtype.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785791D778B4A00B50D50 /* eisl.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785651D778B4A00B50D50 /* eisl.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17857A1D778B4A00B50D50 /* emmspi.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785661D778B4A00B50D50 /* emmspi.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17857B1D778B4A00B50D50 /* emmtype.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785671D778B4A00B50D50 /* emmtype.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17857C1D778B4A00B50D50 /* oidsbase.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785681D778B4A00B50D50 /* oidsbase.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17857D1D778B4A00B50D50 /* oidscert.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785691D778B4A00B50D50 /* oidscert.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17857E1D778B4A00B50D50 /* oidscrl.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17856A1D778B4A00B50D50 /* oidscrl.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17857F1D778B4A00B50D50 /* x509defs.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17856B1D778B4A00B50D50 /* x509defs.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785871D778B8000B50D50 /* CodeSigning.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785811D778B7F00B50D50 /* CodeSigning.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785881D778B8000B50D50 /* CSCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785821D778B7F00B50D50 /* CSCommon.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785891D778B8000B50D50 /* SecCode.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785831D778B7F00B50D50 /* SecCode.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17858A1D778B8000B50D50 /* SecCodeHost.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785841D778B8000B50D50 /* SecCodeHost.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17858B1D778B8000B50D50 /* SecRequirement.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785851D778B8000B50D50 /* SecRequirement.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17858C1D778B8000B50D50 /* SecStaticCode.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785861D778B8000B50D50 /* SecStaticCode.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785901D778B9D00B50D50 /* CMSDecoder.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17858E1D778B9D00B50D50 /* CMSDecoder.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785911D778B9D00B50D50 /* CMSEncoder.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17858F1D778B9D00B50D50 /* CMSEncoder.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785921D778BE400B50D50 /* SecAccessControl.h in Headers */ = {isa = PBXBuildFile; fileRef = 443381D918A3D81400215606 /* SecAccessControl.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785931D778BEE00B50D50 /* SecBase.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C696B3709BFA94F000CBC75 /* SecBase.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785941D778BF400B50D50 /* SecPolicy.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CBA0E860BB33C0000E72B55 /* SecPolicy.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785951D778BFA00B50D50 /* SecRandom.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C2F81D40BF121D2003C4F77 /* SecRandom.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785961D778C0200B50D50 /* Security.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C64E00B0B8FBBF3009B306C /* Security.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785971D778C0800B50D50 /* certextensions.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C28BCD60986EBCB0020C665 /* certextensions.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785991D778C5300B50D50 /* cssmapple.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785981D778C5300B50D50 /* cssmapple.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17859A1D778C6E00B50D50 /* SecIdentity.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CAC87D60B8F82720009C9FC /* SecIdentity.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17859B1D778C7400B50D50 /* SecImportExport.h in Headers */ = {isa = PBXBuildFile; fileRef = 79EF5B6C0D3D6A31009F5270 /* SecImportExport.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17859C1D778C7900B50D50 /* SecItem.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF0484A0A5D988F00268236 /* SecItem.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17859D1D778C8000B50D50 /* SecKey.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C7072840AC9EA4E007CC205 /* SecKey.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17859E1D778C8800B50D50 /* SecTask.h in Headers */ = {isa = PBXBuildFile; fileRef = 107226D10D91DB32003CF14F /* SecTask.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC17859F1D778C8D00B50D50 /* SecCertificate.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C8FD03D099D5C91006867B6 /* SecCertificate.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785A01D778C9400B50D50 /* SecTrust.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C8FD03E099D5C91006867B6 /* SecTrust.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785A11D778C9A00B50D50 /* SecTrustSettings.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C4296300BB0A68200491999 /* SecTrustSettings.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785A51D778D0D00B50D50 /* CipherSuite.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785A31D778D0D00B50D50 /* CipherSuite.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1785A61D778D0D00B50D50 /* SecureTransport.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785A41D778D0D00B50D50 /* SecureTransport.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC1786F41D778EF800B50D50 /* SecTranslocate.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1786F31D778EF800B50D50 /* SecTranslocate.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1786F81D778F2500B50D50 /* SecExternalSourceTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1786F51D778F2500B50D50 /* SecExternalSourceTransform.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1786F91D778F2500B50D50 /* SecNullTransform.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1786F61D778F2500B50D50 /* SecNullTransform.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1786FA1D778F2500B50D50 /* SecTransformInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1786F71D778F2500B50D50 /* SecTransformInternal.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1786FC1D778F3D00B50D50 /* sslTypes.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1786FB1D778F3C00B50D50 /* sslTypes.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1786FE1D778F5000B50D50 /* SecureTransportPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1786FD1D778F5000B50D50 /* SecureTransportPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787111D778FA900B50D50 /* SecCMS.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787001D778FA900B50D50 /* SecCMS.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787121D778FAA00B50D50 /* SecCmsBase.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787011D778FA900B50D50 /* SecCmsBase.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787131D778FAA00B50D50 /* SecCmsContentInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787021D778FA900B50D50 /* SecCmsContentInfo.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787141D778FAA00B50D50 /* SecCmsDecoder.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787031D778FA900B50D50 /* SecCmsDecoder.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787151D778FAA00B50D50 /* SecCmsDigestContext.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787041D778FA900B50D50 /* SecCmsDigestContext.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787161D778FAA00B50D50 /* SecCmsDigestedData.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787051D778FA900B50D50 /* SecCmsDigestedData.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787171D778FAA00B50D50 /* SecCmsEncoder.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787061D778FA900B50D50 /* SecCmsEncoder.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787181D778FAA00B50D50 /* SecCmsEncryptedData.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787071D778FA900B50D50 /* SecCmsEncryptedData.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787191D778FAA00B50D50 /* SecCmsEnvelopedData.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787081D778FA900B50D50 /* SecCmsEnvelopedData.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17871A1D778FAA00B50D50 /* SecCmsMessage.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787091D778FA900B50D50 /* SecCmsMessage.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17871B1D778FAA00B50D50 /* SecCmsRecipientInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17870A1D778FA900B50D50 /* SecCmsRecipientInfo.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17871C1D778FAA00B50D50 /* SecCmsSignedData.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17870B1D778FA900B50D50 /* SecCmsSignedData.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17871D1D778FAA00B50D50 /* SecCmsSignerInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17870C1D778FA900B50D50 /* SecCmsSignerInfo.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17871E1D778FAA00B50D50 /* SecSMIME.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17870D1D778FA900B50D50 /* SecSMIME.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17871F1D778FAA00B50D50 /* tsaSupport.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17870E1D778FA900B50D50 /* tsaSupport.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787201D778FAA00B50D50 /* tsaSupportPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17870F1D778FA900B50D50 /* tsaSupportPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787211D778FAA00B50D50 /* tsaTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787101D778FA900B50D50 /* tsaTemplates.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787231D778FC900B50D50 /* mdspriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787221D778FC900B50D50 /* mdspriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787261D778FDE00B50D50 /* SecManifest.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787241D778FDE00B50D50 /* SecManifest.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787271D778FDE00B50D50 /* SecureDownloadInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787251D778FDE00B50D50 /* SecureDownloadInternal.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787351D77903700B50D50 /* SecAccessPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787281D77903700B50D50 /* SecAccessPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787361D77903700B50D50 /* SecCertificateBundle.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787291D77903700B50D50 /* SecCertificateBundle.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787371D77903700B50D50 /* SecFDERecoveryAsymmetricCrypto.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17872A1D77903700B50D50 /* SecFDERecoveryAsymmetricCrypto.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787381D77903700B50D50 /* SecIdentitySearchPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17872B1D77903700B50D50 /* SecIdentitySearchPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787391D77903700B50D50 /* SecKeychainItemExtendedAttributes.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17872C1D77903700B50D50 /* SecKeychainItemExtendedAttributes.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17873A1D77903700B50D50 /* SecKeychainItemPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17872D1D77903700B50D50 /* SecKeychainItemPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17873B1D77903700B50D50 /* SecKeychainPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17872E1D77903700B50D50 /* SecKeychainPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17873C1D77903700B50D50 /* SecKeychainSearchPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17872F1D77903700B50D50 /* SecKeychainSearchPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17873D1D77903700B50D50 /* SecPassword.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787301D77903700B50D50 /* SecPassword.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17873E1D77903700B50D50 /* SecRandomP.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787311D77903700B50D50 /* SecRandomP.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17873F1D77903700B50D50 /* SecRecoveryPassword.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787321D77903700B50D50 /* SecRecoveryPassword.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787401D77903700B50D50 /* SecTrustedApplicationPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787331D77903700B50D50 /* SecTrustedApplicationPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787411D77903700B50D50 /* TrustSettingsSchema.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787341D77903700B50D50 /* TrustSettingsSchema.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787431D77906C00B50D50 /* cssmapplePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787421D77906C00B50D50 /* cssmapplePriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17874E1D7790A500B50D50 /* CSCommonPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787441D7790A500B50D50 /* CSCommonPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17874F1D7790A500B50D50 /* SecAssessment.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787451D7790A500B50D50 /* SecAssessment.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787501D7790A500B50D50 /* SecCodeHostLib.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787461D7790A500B50D50 /* SecCodeHostLib.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787511D7790A500B50D50 /* SecCodePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787471D7790A500B50D50 /* SecCodePriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787521D7790A500B50D50 /* SecCodeSigner.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787481D7790A500B50D50 /* SecCodeSigner.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787531D7790A500B50D50 /* SecIntegrity.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787491D7790A500B50D50 /* SecIntegrity.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787541D7790A500B50D50 /* SecIntegrityLib.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17874A1D7790A500B50D50 /* SecIntegrityLib.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787551D7790A500B50D50 /* SecRequirementPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17874B1D7790A500B50D50 /* SecRequirementPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787561D7790A500B50D50 /* SecStaticCodePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17874C1D7790A500B50D50 /* SecStaticCodePriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787571D7790A500B50D50 /* SecTaskPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17874D1D7790A500B50D50 /* SecTaskPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787591D7790B600B50D50 /* CMSPrivate.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787581D7790B600B50D50 /* CMSPrivate.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17875C1D7790CE00B50D50 /* checkpw.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17875B1D7790CE00B50D50 /* checkpw.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17875F1D7790E500B50D50 /* AuthorizationPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17875D1D7790E500B50D50 /* AuthorizationPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787601D7790E500B50D50 /* AuthorizationTagsPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC17875E1D7790E500B50D50 /* AuthorizationTagsPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17876A1D77911D00B50D50 /* asn1Templates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787611D77911D00B50D50 /* asn1Templates.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17876B1D77911D00B50D50 /* certExtensionTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787621D77911D00B50D50 /* certExtensionTemplates.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17876C1D77911D00B50D50 /* csrTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787631D77911D00B50D50 /* csrTemplates.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17876D1D77911D00B50D50 /* keyTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787641D77911D00B50D50 /* keyTemplates.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17876E1D77911D00B50D50 /* nameTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787651D77911D00B50D50 /* nameTemplates.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17876F1D77911D00B50D50 /* ocspTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787661D77911D00B50D50 /* ocspTemplates.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787701D77911D00B50D50 /* osKeyTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787671D77911D00B50D50 /* osKeyTemplates.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787711D77911D00B50D50 /* secasn1t.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787681D77911D00B50D50 /* secasn1t.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787721D77911D00B50D50 /* X509Templates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787691D77911D00B50D50 /* X509Templates.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787741D77915500B50D50 /* SecBreadcrumb.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787731D77915500B50D50 /* SecBreadcrumb.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787751D77916000B50D50 /* SecAccessControlPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 443381DA18A3D81400215606 /* SecAccessControlPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787761D77916600B50D50 /* SecCFAllocator.h in Headers */ = {isa = PBXBuildFile; fileRef = D47F514B1C3B812500A7CEFE /* SecCFAllocator.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787771D77916A00B50D50 /* SecDH.h in Headers */ = {isa = PBXBuildFile; fileRef = 7940D4110C3ACF9000FDB5D8 /* SecDH.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787781D77917100B50D50 /* SecItemBackup.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CE7EA561AEAE8D60067F5BD /* SecItemBackup.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787791D77917700B50D50 /* SecPasswordGenerate.h in Headers */ = {isa = PBXBuildFile; fileRef = CDDE9BC31729AB910013B0E8 /* SecPasswordGenerate.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17877A1D77917D00B50D50 /* SecServerEncryptionSupport.h in Headers */ = {isa = PBXBuildFile; fileRef = E7676DB519411DF300498DD4 /* SecServerEncryptionSupport.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17877B1D77918C00B50D50 /* der_plist.h in Headers */ = {isa = PBXBuildFile; fileRef = 524492931AFD6D480043695A /* der_plist.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17877C1D77919500B50D50 /* SecBasePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C0208F80D3C154200BFE54E /* SecBasePriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17877D1D77919B00B50D50 /* SecPolicyPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C6416D40BB34F00001C83FD /* SecPolicyPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17877E1D7791A100B50D50 /* SecIdentityPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CCE0AD90D41797400DDBB21 /* SecIdentityPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17877F1D7791A800B50D50 /* SecItemPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CF0487F0A5F016300268236 /* SecItemPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787801D7791AD00B50D50 /* SecKeyPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C7072D30AC9ED5A007CC205 /* SecKeyPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787811D7791B200B50D50 /* SecEntitlements.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C7CE56E0DC7DB0A00AE53FC /* SecEntitlements.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787821D7791BE00B50D50 /* SecCertificatePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C7608B10AC34A8100980096 /* SecCertificatePriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787831D7791C400B50D50 /* SecCertificateRequest.h in Headers */ = {isa = PBXBuildFile; fileRef = 791766DD0DD0162C00F3B974 /* SecCertificateRequest.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787841D7791C900B50D50 /* SecTrustPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C87F3A70D611C26000E7104 /* SecTrustPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC1787851D7791CE00B50D50 /* SecTrustSettingsPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C12828C0BB4957D00985BB0 /* SecTrustSettingsPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC17890B1D77980500B50D50 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789041D77980500B50D50 /* Security.framework */; }; + DC1789131D7798B300B50D50 /* libDiagnosticMessagesClient.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789121D7798B300B50D50 /* libDiagnosticMessagesClient.dylib */; }; + DC1789151D77997F00B50D50 /* libOpenScriptingUtil.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789141D77997F00B50D50 /* libOpenScriptingUtil.dylib */; settings = {ATTRIBUTES = (Weak, ); }; }; + DC1789171D77998700B50D50 /* libauto.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789161D77998700B50D50 /* libauto.dylib */; }; + DC1789191D77998C00B50D50 /* libbsm.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789181D77998C00B50D50 /* libbsm.dylib */; }; + DC17891B1D77999200B50D50 /* libobjc.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC17891A1D77999200B50D50 /* libobjc.dylib */; }; + DC17891D1D77999700B50D50 /* libpam.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC17891C1D77999700B50D50 /* libpam.dylib */; }; + DC17891F1D77999D00B50D50 /* libsqlite3.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC17891E1D77999D00B50D50 /* libsqlite3.dylib */; }; + DC1789211D7799A100B50D50 /* libxar.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789201D7799A100B50D50 /* libxar.dylib */; }; + DC1789231D7799A600B50D50 /* libz.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789221D7799A600B50D50 /* libz.dylib */; }; + DC1789251D7799CD00B50D50 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789241D7799CD00B50D50 /* CoreFoundation.framework */; }; + DC1789271D7799D400B50D50 /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789261D7799D300B50D50 /* IOKit.framework */; }; + DC1789281D779A0F00B50D50 /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF8C1A01472C000958DC /* libaks_acl.a */; }; + DC1789291D779A2800B50D50 /* libctkclient.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4469FBDD1AA0A45C0021AA26 /* libctkclient.a */; }; + DC17892A1D779A3200B50D50 /* libcoreauthd_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF6A1A01458F000958DC /* libcoreauthd_client.a */; }; + DC1789471D779AAF00B50D50 /* libsecurity_smime.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1784491D77869A00B50D50 /* libsecurity_smime.a */; }; + DC1789A21D779DF400B50D50 /* SecBreadcrumb.c in Sources */ = {isa = PBXBuildFile; fileRef = DC1789A01D779DEE00B50D50 /* SecBreadcrumb.c */; }; + DC1789A51D779E3B00B50D50 /* dummy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC1789A41D779E3B00B50D50 /* dummy.cpp */; }; + DC1789E91D77A0F300B50D50 /* CloudKeychain.strings in CopyFiles */ = {isa = PBXBuildFile; fileRef = 53C0E1F1177FAC2C00F8A018 /* CloudKeychain.strings */; }; + DC178A1F1D77A1E700B50D50 /* cssm.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = DC178A0E1D77A1E700B50D50 /* cssm.mdsinfo */; }; + DC178A201D77A1E700B50D50 /* csp_capabilities.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = DC178A0F1D77A1E700B50D50 /* csp_capabilities.mdsinfo */; }; + DC178A211D77A1E700B50D50 /* csp_capabilities_common.mds in Resources */ = {isa = PBXBuildFile; fileRef = DC178A101D77A1E700B50D50 /* csp_capabilities_common.mds */; }; + DC178A221D77A1E700B50D50 /* csp_common.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = DC178A111D77A1E700B50D50 /* csp_common.mdsinfo */; }; + DC178A231D77A1E700B50D50 /* csp_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = DC178A121D77A1E700B50D50 /* csp_primary.mdsinfo */; }; + DC178A241D77A1E700B50D50 /* cspdl_common.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = DC178A131D77A1E700B50D50 /* cspdl_common.mdsinfo */; }; + DC178A251D77A1E700B50D50 /* cspdl_csp_capabilities.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = DC178A141D77A1E700B50D50 /* cspdl_csp_capabilities.mdsinfo */; }; + DC178A261D77A1E700B50D50 /* cspdl_csp_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = DC178A151D77A1E700B50D50 /* cspdl_csp_primary.mdsinfo */; }; + DC178A271D77A1E700B50D50 /* cspdl_dl_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = DC178A161D77A1E700B50D50 /* cspdl_dl_primary.mdsinfo */; }; + DC178A281D77A1E700B50D50 /* dl_common.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = DC178A171D77A1E700B50D50 /* dl_common.mdsinfo */; }; + DC178A291D77A1E700B50D50 /* dl_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = DC178A181D77A1E700B50D50 /* dl_primary.mdsinfo */; }; + DC178A2A1D77A1E700B50D50 /* cl_common.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = DC178A191D77A1E700B50D50 /* cl_common.mdsinfo */; }; + DC178A2B1D77A1E700B50D50 /* cl_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = DC178A1A1D77A1E700B50D50 /* cl_primary.mdsinfo */; }; + DC178A2C1D77A1E700B50D50 /* tp_common.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = DC178A1B1D77A1E700B50D50 /* tp_common.mdsinfo */; }; + DC178A2D1D77A1E700B50D50 /* tp_policyOids.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = DC178A1C1D77A1E700B50D50 /* tp_policyOids.mdsinfo */; }; + DC178A2E1D77A1E700B50D50 /* tp_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = DC178A1D1D77A1E700B50D50 /* tp_primary.mdsinfo */; }; + DC178A2F1D77A1E700B50D50 /* sd_cspdl_common.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = DC178A1E1D77A1E700B50D50 /* sd_cspdl_common.mdsinfo */; }; + DC178A411D77A1F500B50D50 /* iToolsTrustedApps.plist in Resources */ = {isa = PBXBuildFile; fileRef = DC178A301D77A1F500B50D50 /* iToolsTrustedApps.plist */; }; + DC178A421D77A1F600B50D50 /* FDEPrefs.plist in Resources */ = {isa = PBXBuildFile; fileRef = DC178A311D77A1F500B50D50 /* FDEPrefs.plist */; }; + DC178A431D77A1F600B50D50 /* SecDebugErrorMessages.strings in Resources */ = {isa = PBXBuildFile; fileRef = DC178A321D77A1F500B50D50 /* SecDebugErrorMessages.strings */; }; + DC178A441D77A1F600B50D50 /* SecErrorMessages.strings in Resources */ = {isa = PBXBuildFile; fileRef = DC178A331D77A1F500B50D50 /* SecErrorMessages.strings */; }; + DC178A451D77A1F600B50D50 /* framework.sb in Resources */ = {isa = PBXBuildFile; fileRef = DC178A351D77A1F500B50D50 /* framework.sb */; }; + DC178A471D77A1F600B50D50 /* InfoPlist.strings in Resources */ = {isa = PBXBuildFile; fileRef = DC178A381D77A1F500B50D50 /* InfoPlist.strings */; }; + DC178A481D77A1F600B50D50 /* TimeStampingPrefs.plist in Resources */ = {isa = PBXBuildFile; fileRef = DC178A3A1D77A1F500B50D50 /* TimeStampingPrefs.plist */; }; + DC178A491D77A1F600B50D50 /* authorization.dfr.prompts-BBBAA77A32-C4EBFEA440.strings in Resources */ = {isa = PBXBuildFile; fileRef = DC178A3B1D77A1F500B50D50 /* authorization.dfr.prompts-BBBAA77A32-C4EBFEA440.strings */; }; + DC178A4A1D77A1F600B50D50 /* authorization.buttons.strings in Resources */ = {isa = PBXBuildFile; fileRef = DC178A3D1D77A1F500B50D50 /* authorization.buttons.strings */; }; + DC178A4B1D77A1F600B50D50 /* authorization.prompts.strings in Resources */ = {isa = PBXBuildFile; fileRef = DC178A3F1D77A1F500B50D50 /* authorization.prompts.strings */; }; + DC3A4B4B1D91E30400E46D4A /* sec_xdr.h in Headers */ = {isa = PBXBuildFile; fileRef = DC6A825A1D87732E00418608 /* sec_xdr.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC3A4B531D91E8EB00E46D4A /* libsecurity_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCD06AB01D8E0D53007602F1 /* libsecurity_utilities.a */; }; + DC3A4B641D91EADC00E46D4A /* main.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC3A4B621D91EAC500E46D4A /* main.cpp */; }; + DC3A4B651D91EB0800E46D4A /* libsecurity_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCD06AB01D8E0D53007602F1 /* libsecurity_utilities.a */; }; + DC3A4B661D91EB0E00E46D4A /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789041D77980500B50D50 /* Security.framework */; }; + DC3A4B671D91EB1200E46D4A /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789241D7799CD00B50D50 /* CoreFoundation.framework */; }; + DC3A4B691D91EB1F00E46D4A /* com.apple.CodeSigningHelper.sb in CopyFiles */ = {isa = PBXBuildFile; fileRef = DC3A4B601D91EAC500E46D4A /* com.apple.CodeSigningHelper.sb */; }; + DC3C72E21D8374D600F6A832 /* SecureTransportPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1786FD1D778F5000B50D50 /* SecureTransportPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC3C72E31D8376D700F6A832 /* SOSTypes.h in Copy SecurityObjectSync Headers */ = {isa = PBXBuildFile; fileRef = DCC78D8F1D8085F200865A7C /* SOSTypes.h */; }; + DC3C72E41D8376DE00F6A832 /* SOSBackupSliceKeyBag.h in Copy SecurityObjectSync Headers */ = {isa = PBXBuildFile; fileRef = DCC78D2A1D8085F200865A7C /* SOSBackupSliceKeyBag.h */; }; + DC3C72E51D8376E600F6A832 /* SOSCloudCircle.h in Copy SecurityObjectSync Headers */ = {isa = PBXBuildFile; fileRef = DCC78D8A1D8085F200865A7C /* SOSCloudCircle.h */; }; + DC3C72E61D8376EC00F6A832 /* SOSCloudCircleInternal.h in Copy SecurityObjectSync Headers */ = {isa = PBXBuildFile; fileRef = DCC78D8B1D8085F200865A7C /* SOSCloudCircleInternal.h */; }; + DC3C72E71D8376F300F6A832 /* SOSPeerInfo.h in Copy SecurityObjectSync Headers */ = {isa = PBXBuildFile; fileRef = DCC78D641D8085F200865A7C /* SOSPeerInfo.h */; }; + DC3C72E81D8376F900F6A832 /* SOSViews.h in Copy SecurityObjectSync Headers */ = {isa = PBXBuildFile; fileRef = DCC78D4B1D8085F200865A7C /* SOSViews.h */; }; + DC3C72E91D83776B00F6A832 /* SOSBackupSliceKeyBag.h in Copy SecureObjectSync Headers */ = {isa = PBXBuildFile; fileRef = DCC78D2A1D8085F200865A7C /* SOSBackupSliceKeyBag.h */; }; + DC3C72EA1D83777100F6A832 /* SOSPeerInfoV2.h in Copy SecureObjectSync Headers */ = {isa = PBXBuildFile; fileRef = DCC78D681D8085F200865A7C /* SOSPeerInfoV2.h */; }; + DC3C72EB1D83777600F6A832 /* SOSCloudCircle.h in Copy SecureObjectSync Headers */ = {isa = PBXBuildFile; fileRef = DCC78D8A1D8085F200865A7C /* SOSCloudCircle.h */; }; + DC3C72EC1D83777B00F6A832 /* SOSPeerInfo.h in Copy SecureObjectSync Headers */ = {isa = PBXBuildFile; fileRef = DCC78D641D8085F200865A7C /* SOSPeerInfo.h */; }; + DC3C72ED1D83778100F6A832 /* SOSViews.h in Copy SecureObjectSync Headers */ = {isa = PBXBuildFile; fileRef = DCC78D4B1D8085F200865A7C /* SOSViews.h */; }; + DC3C72EE1D83778600F6A832 /* SOSTypes.h in Copy SecureObjectSync Headers */ = {isa = PBXBuildFile; fileRef = DCC78D8F1D8085F200865A7C /* SOSTypes.h */; }; + DC3C72EF1D83778B00F6A832 /* SOSCloudCircleInternal.h in Copy SecureObjectSync Headers */ = {isa = PBXBuildFile; fileRef = DCC78D8B1D8085F200865A7C /* SOSCloudCircleInternal.h */; }; + DC3C72F01D83779A00F6A832 /* SOSTypes.h in Old SOS header location */ = {isa = PBXBuildFile; fileRef = DCC78D8F1D8085F200865A7C /* SOSTypes.h */; }; + DC3C72F11D8377A300F6A832 /* SOSPeerInfo.h in Old SOS header location */ = {isa = PBXBuildFile; fileRef = DCC78D641D8085F200865A7C /* SOSPeerInfo.h */; }; + DC3C72F21D8377BE00F6A832 /* SOSTypes.h in Old SOS header location */ = {isa = PBXBuildFile; fileRef = DCC78D8F1D8085F200865A7C /* SOSTypes.h */; }; + DC3C72F31D8377C400F6A832 /* SOSPeerInfo.h in Old SOS header location */ = {isa = PBXBuildFile; fileRef = DCC78D641D8085F200865A7C /* SOSPeerInfo.h */; }; + DC3C73531D837AF800F6A832 /* SOSPeerInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D641D8085F200865A7C /* SOSPeerInfo.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC3C73541D837B1900F6A832 /* SOSCloudCircle.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D8A1D8085F200865A7C /* SOSCloudCircle.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC3C73551D837B2C00F6A832 /* SOSPeerInfoPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D691D8085F200865A7C /* SOSPeerInfoPriv.h */; }; + DC3C73561D837B9B00F6A832 /* SOSPeerInfoPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D691D8085F200865A7C /* SOSPeerInfoPriv.h */; }; + DC3C73571D837BCE00F6A832 /* SOSCloudCircle.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D8A1D8085F200865A7C /* SOSCloudCircle.h */; }; + DC3C73581D837BDC00F6A832 /* SOSCloudCircleInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D8B1D8085F200865A7C /* SOSCloudCircleInternal.h */; }; + DC3C73591D837BEC00F6A832 /* SOSPeerInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D641D8085F200865A7C /* SOSPeerInfo.h */; }; + DC3C735A1D837C0000F6A832 /* SOSPeerInfoPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D691D8085F200865A7C /* SOSPeerInfoPriv.h */; }; + DC3C735B1D837C0F00F6A832 /* SOSTypes.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D8F1D8085F200865A7C /* SOSTypes.h */; }; + DC3C789B1D83854700F6A832 /* SOSCloudKeychainConstants.c in Sources */ = {isa = PBXBuildFile; fileRef = E7A5F4D71C0D01B000F3BEBB /* SOSCloudKeychainConstants.c */; }; + DC3C7AB21D838B6D00F6A832 /* SecureTransport.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785A41D778D0D00B50D50 /* SecureTransport.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC3C7AB31D838BC300F6A832 /* CipherSuite.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785A31D778D0D00B50D50 /* CipherSuite.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC3C7AB41D838BEB00F6A832 /* SecAsn1Coder.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785131D77895A00B50D50 /* SecAsn1Coder.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC3C7AB51D838C1300F6A832 /* SecAsn1Templates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785141D77895A00B50D50 /* SecAsn1Templates.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC3C7AB61D838C2D00F6A832 /* SecAsn1Types.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785151D77895A00B50D50 /* SecAsn1Types.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC3C7AB71D838C5C00F6A832 /* secasn1t.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787681D77911D00B50D50 /* secasn1t.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC3C7AB81D838C6F00F6A832 /* oidsalg.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785111D77895A00B50D50 /* oidsalg.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC3C7AB91D838C8D00F6A832 /* oids.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785421D778A7400B50D50 /* oids.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC3C7ABA1D838C9F00F6A832 /* sslTypes.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1786FB1D778F3C00B50D50 /* sslTypes.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DC3C7C901D83957F00F6A832 /* NSFileHandle+Formatting.m in Sources */ = {isa = PBXBuildFile; fileRef = E78A9AD91D34959200006B5B /* NSFileHandle+Formatting.m */; }; + DC52E7C31D80BCA600B0A59C /* personalization.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C881D8085D800865A7C /* personalization.c */; }; + DC52E7C41D80BCAD00B0A59C /* SecDbItem.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C8E1D8085D800865A7C /* SecDbItem.c */; }; + DC52E7C51D80BCB300B0A59C /* swcagent_client.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78EA01D80860C00865A7C /* swcagent_client.c */; }; + DC52E7C61D80BCBA00B0A59C /* SOSCloudCircleServer.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78CAA1D8085D800865A7C /* SOSCloudCircleServer.c */; }; + DC52E7C71D80BCBE00B0A59C /* spi.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78CB01D8085D800865A7C /* spi.c */; }; + DC52E7C81D80BCC600B0A59C /* SecTrustStoreServer.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78CAC1D8085D800865A7C /* SecTrustStoreServer.c */; }; + DC52E7C91D80BCCB00B0A59C /* nameconstraints.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C861D8085D800865A7C /* nameconstraints.c */; }; + DC52E7CA1D80BCD300B0A59C /* SecTrustServer.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78CA81D8085D800865A7C /* SecTrustServer.c */; }; + DC52E7CB1D80BCD800B0A59C /* SecItemBackupServer.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C9C1D8085D800865A7C /* SecItemBackupServer.c */; }; + DC52E7CC1D80BCDF00B0A59C /* SecDbQuery.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C921D8085D800865A7C /* SecDbQuery.c */; }; + DC52E7CD1D80BCE700B0A59C /* SecItemDataSource.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C941D8085D800865A7C /* SecItemDataSource.c */; }; + DC52E7CE1D80BCF800B0A59C /* SecKeybagSupport.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C9E1D8085D800865A7C /* SecKeybagSupport.c */; }; + DC52E7CF1D80BCFD00B0A59C /* SOSEngine.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D561D8085F200865A7C /* SOSEngine.c */; }; + DC52E7D01D80BD0200B0A59C /* SecPolicyServer.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78CA61D8085D800865A7C /* SecPolicyServer.c */; }; + DC52E7D11D80BD0C00B0A59C /* SecOCSPResponse.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78CA41D8085D800865A7C /* SecOCSPResponse.c */; }; + DC52E7D21D80BD1200B0A59C /* SecOCSPRequest.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78CA21D8085D800865A7C /* SecOCSPRequest.c */; }; + DC52E7D31D80BD1800B0A59C /* SecDbKeychainItem.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C901D8085D800865A7C /* SecDbKeychainItem.c */; }; + DC52E7D41D80BD1D00B0A59C /* iCloudTrace.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78CB31D8085D800865A7C /* iCloudTrace.c */; }; + DC52E7D51D80BD2300B0A59C /* SecOCSPCache.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78CA01D8085D800865A7C /* SecOCSPCache.c */; }; + DC52E7D61D80BD2800B0A59C /* SecuritydXPC.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E9A1D8085FC00865A7C /* SecuritydXPC.c */; }; + DC52E7D71D80BD2D00B0A59C /* SecItemServer.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C9A1D8085D800865A7C /* SecItemServer.c */; }; + DC52E7D81D80BD3800B0A59C /* SecCAIssuerRequest.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C8C1D8085D800865A7C /* SecCAIssuerRequest.c */; }; + DC52E7D91D80BD3C00B0A59C /* SecCAIssuerCache.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C8A1D8085D800865A7C /* SecCAIssuerCache.c */; }; + DC52E7DA1D80BD4400B0A59C /* policytree.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C841D8085D800865A7C /* policytree.c */; }; + DC52E7DB1D80BD4A00B0A59C /* asynchttp.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C7F1D8085D800865A7C /* asynchttp.c */; }; + DC52E7DC1D80BD4F00B0A59C /* SecOTRRemote.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78CB41D8085D800865A7C /* SecOTRRemote.c */; }; + DC52E7DD1D80BD5500B0A59C /* OTATrustUtilities.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C821D8085D800865A7C /* OTATrustUtilities.c */; }; + DC52E7DE1D80BD7F00B0A59C /* SecItemDb.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C961D8085D800865A7C /* SecItemDb.c */; }; + DC52E7DF1D80BD8700B0A59C /* SOSChangeTracker.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D4F1D8085F200865A7C /* SOSChangeTracker.c */; }; + DC52E7E01D80BD8D00B0A59C /* SecItemSchema.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C981D8085D800865A7C /* SecItemSchema.c */; }; + DC52E7E11D80BD9300B0A59C /* SecLogSettingsServer.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78CAE1D8085D800865A7C /* SecLogSettingsServer.c */; }; + DC52E7E21D80BDA000B0A59C /* personalization.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78C891D8085D800865A7C /* personalization.h */; }; + DC52E7E31D80BDA600B0A59C /* SecDbQuery.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78C931D8085D800865A7C /* SecDbQuery.h */; }; + DC52E7E41D80BE6E00B0A59C /* SecDbKeychainItem.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78C911D8085D800865A7C /* SecDbKeychainItem.h */; }; + DC52E7E51D80BE7400B0A59C /* SOSEngine.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D571D8085F200865A7C /* SOSEngine.h */; }; + DC52E7E61D80BE7B00B0A59C /* SecItemDb.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78C971D8085D800865A7C /* SecItemDb.h */; }; + DC52E7E71D80BE8100B0A59C /* SecItemDataSource.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78C951D8085D800865A7C /* SecItemDataSource.h */; }; + DC52E7E81D80BE8700B0A59C /* SOSChangeTracker.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D501D8085F200865A7C /* SOSChangeTracker.h */; }; + DC52E7E91D80BE8D00B0A59C /* SecKeybagSupport.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78C9F1D8085D800865A7C /* SecKeybagSupport.h */; }; + DC52E7EA1D80BE9500B0A59C /* SecItemSchema.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78C991D8085D800865A7C /* SecItemSchema.h */; }; + DC52E7EB1D80BE9B00B0A59C /* iCloudTrace.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78CB21D8085D800865A7C /* iCloudTrace.h */; }; + DC52E8BB1D80C21700B0A59C /* client.c in Sources */ = {isa = PBXBuildFile; fileRef = 7908507F0CA87CF00083CC4D /* client.c */; }; + DC52E8C71D80C2FD00B0A59C /* SOSKVSKeys.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D721D8085F200865A7C /* SOSKVSKeys.c */; }; + DC52E8C81D80C2FD00B0A59C /* SOSTransport.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D741D8085F200865A7C /* SOSTransport.c */; }; + DC52E8C91D80C2FD00B0A59C /* SOSTransportBackupPeer.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D761D8085F200865A7C /* SOSTransportBackupPeer.c */; }; + DC52E8CA1D80C2FD00B0A59C /* SOSTransportCircle.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D781D8085F200865A7C /* SOSTransportCircle.c */; }; + DC52E8CB1D80C2FD00B0A59C /* SOSTransportCircleKVS.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D7A1D8085F200865A7C /* SOSTransportCircleKVS.c */; }; + DC52E8CC1D80C2FD00B0A59C /* SOSTransportKeyParameter.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D7C1D8085F200865A7C /* SOSTransportKeyParameter.c */; }; + DC52E8CD1D80C2FD00B0A59C /* SOSTransportKeyParameterKVS.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D7E1D8085F200865A7C /* SOSTransportKeyParameterKVS.c */; }; + DC52E8CE1D80C2FD00B0A59C /* SOSTransportMessage.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D801D8085F200865A7C /* SOSTransportMessage.c */; }; + DC52E8CF1D80C2FD00B0A59C /* SOSTransportMessageIDS.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D821D8085F200865A7C /* SOSTransportMessageIDS.c */; }; + DC52E8D01D80C2FD00B0A59C /* SOSTransportMessageKVS.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D841D8085F200865A7C /* SOSTransportMessageKVS.c */; }; + DC52E8D11D80C30500B0A59C /* SOSECWrapUnwrap.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D881D8085F200865A7C /* SOSECWrapUnwrap.c */; }; + DC52E8D31D80C30500B0A59C /* SOSSysdiagnose.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D8C1D8085F200865A7C /* SOSSysdiagnose.c */; }; + DC52E8D41D80C30500B0A59C /* SOSInternal.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D8D1D8085F200865A7C /* SOSInternal.c */; }; + DC52E8D51D80C31500B0A59C /* SOSFullPeerInfo.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D611D8085F200865A7C /* SOSFullPeerInfo.c */; }; + DC52E8D61D80C31500B0A59C /* SOSPeerInfo.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D631D8085F200865A7C /* SOSPeerInfo.c */; }; + DC52E8D71D80C31500B0A59C /* SOSPeerInfoDER.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D651D8085F200865A7C /* SOSPeerInfoDER.c */; }; + DC52E8D81D80C31500B0A59C /* SOSPeerInfoV2.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D671D8085F200865A7C /* SOSPeerInfoV2.c */; }; + DC52E8D91D80C31500B0A59C /* SOSPeerInfoCollections.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D6A1D8085F200865A7C /* SOSPeerInfoCollections.c */; }; + DC52E8DA1D80C31500B0A59C /* SOSPeerInfoRingState.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D6D1D8085F200865A7C /* SOSPeerInfoRingState.c */; }; + DC52E8DB1D80C31500B0A59C /* SOSPeerInfoSecurityProperties.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D6F1D8085F200865A7C /* SOSPeerInfoSecurityProperties.c */; }; + DC52E8DD1D80C31F00B0A59C /* SOSCoder.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D511D8085F200865A7C /* SOSCoder.c */; }; + DC52E8DE1D80C31F00B0A59C /* SOSDigestVector.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D541D8085F200865A7C /* SOSDigestVector.c */; }; + DC52E8E01D80C31F00B0A59C /* SOSManifest.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D581D8085F200865A7C /* SOSManifest.c */; }; + DC52E8E11D80C31F00B0A59C /* SOSMessage.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D5A1D8085F200865A7C /* SOSMessage.c */; }; + DC52E8E21D80C31F00B0A59C /* SOSPeer.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D5C1D8085F200865A7C /* SOSPeer.c */; }; + DC52E8E31D80C31F00B0A59C /* SOSPeerCoder.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D5E1D8085F200865A7C /* SOSPeerCoder.c */; }; + DC52E8E41D80C33000B0A59C /* SOSCircle.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D2E1D8085F200865A7C /* SOSCircle.c */; }; + DC52E8E51D80C33000B0A59C /* SOSCircleV2.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D2F1D8085F200865A7C /* SOSCircleV2.c */; }; + DC52E8E61D80C33000B0A59C /* SOSCircleDer.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D351D8085F200865A7C /* SOSCircleDer.c */; }; + DC52E8E71D80C33000B0A59C /* SOSGenCount.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D371D8085F200865A7C /* SOSGenCount.c */; }; + DC52E8E81D80C33000B0A59C /* SOSRingBackup.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D3A1D8085F200865A7C /* SOSRingBackup.c */; }; + DC52E8E91D80C33000B0A59C /* SOSRingBasic.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D3C1D8085F200865A7C /* SOSRingBasic.c */; }; + DC52E8EA1D80C33000B0A59C /* SOSRingConcordanceTrust.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D3E1D8085F200865A7C /* SOSRingConcordanceTrust.c */; }; + DC52E8EB1D80C33000B0A59C /* SOSRingDER.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D401D8085F200865A7C /* SOSRingDER.c */; }; + DC52E8EC1D80C33000B0A59C /* SOSRingPeerInfoUtils.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D421D8085F200865A7C /* SOSRingPeerInfoUtils.c */; }; + DC52E8ED1D80C33000B0A59C /* SOSRingTypes.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D441D8085F200865A7C /* SOSRingTypes.c */; }; + DC52E8EE1D80C33000B0A59C /* SOSRingUtils.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D461D8085F200865A7C /* SOSRingUtils.c */; }; + DC52E8EF1D80C33000B0A59C /* SOSRingV0.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D481D8085F200865A7C /* SOSRingV0.c */; }; + DC52E8F01D80C33000B0A59C /* SOSViews.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D4A1D8085F200865A7C /* SOSViews.c */; }; + DC52E8F11D80C34000B0A59C /* SOSAccount.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D121D8085F200865A7C /* SOSAccount.c */; }; + DC52E8F21D80C34000B0A59C /* SOSAccountTransaction.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D141D8085F200865A7C /* SOSAccountTransaction.c */; }; + DC52E8F31D80C34000B0A59C /* SOSAccountBackup.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D161D8085F200865A7C /* SOSAccountBackup.c */; }; + DC52E8F41D80C34000B0A59C /* SOSAccountCircles.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D171D8085F200865A7C /* SOSAccountCircles.c */; }; + DC52E8F51D80C34000B0A59C /* SOSAccountHSAJoin.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D181D8085F200865A7C /* SOSAccountHSAJoin.c */; }; + DC52E8F61D80C34000B0A59C /* SOSAccountCloudParameters.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D1A1D8085F200865A7C /* SOSAccountCloudParameters.c */; }; + DC52E8F71D80C34000B0A59C /* SOSAccountCredentials.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D1B1D8085F200865A7C /* SOSAccountCredentials.c */; }; + DC52E8F81D80C34000B0A59C /* SOSAccountDer.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D1C1D8085F200865A7C /* SOSAccountDer.c */; }; + DC52E8F91D80C34000B0A59C /* SOSAccountFullPeerInfo.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D1D1D8085F200865A7C /* SOSAccountFullPeerInfo.c */; }; + DC52E8FA1D80C34000B0A59C /* SOSAccountPeers.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D1E1D8085F200865A7C /* SOSAccountPeers.c */; }; + DC52E8FB1D80C34000B0A59C /* SOSAccountPersistence.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D1F1D8085F200865A7C /* SOSAccountPersistence.c */; }; + DC52E8FC1D80C34000B0A59C /* SOSAccountLog.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D201D8085F200865A7C /* SOSAccountLog.c */; }; + DC52E8FD1D80C34000B0A59C /* SOSAccountUpdate.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D231D8085F200865A7C /* SOSAccountUpdate.c */; }; + DC52E8FE1D80C34000B0A59C /* SOSAccountRings.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D241D8085F200865A7C /* SOSAccountRings.c */; }; + DC52E8FF1D80C34000B0A59C /* SOSAccountRingUpdate.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D251D8085F200865A7C /* SOSAccountRingUpdate.c */; }; + DC52E9001D80C34000B0A59C /* SOSAccountViewSync.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D261D8085F200865A7C /* SOSAccountViewSync.c */; }; + DC52E9011D80C34000B0A59C /* SOSBackupEvent.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D271D8085F200865A7C /* SOSBackupEvent.c */; }; + DC52E9021D80C34000B0A59C /* SOSBackupSliceKeyBag.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D291D8085F200865A7C /* SOSBackupSliceKeyBag.c */; }; + DC52E9031D80C34000B0A59C /* SOSUserKeygen.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D2B1D8085F200865A7C /* SOSUserKeygen.c */; }; + DC52E9051D80C36A00B0A59C /* secViewDisplay.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D9E1D8085F200865A7C /* secViewDisplay.c */; }; + DC52E9061D80C3AD00B0A59C /* SOSDigestVector.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D551D8085F200865A7C /* SOSDigestVector.h */; }; + DC52E9071D80C3B300B0A59C /* SOSARCDefines.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D871D8085F200865A7C /* SOSARCDefines.h */; }; + DC52E9091D80C3C600B0A59C /* SOSFullPeerInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D621D8085F200865A7C /* SOSFullPeerInfo.h */; }; + DC52E90A1D80C3CC00B0A59C /* SOSAccountTransaction.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D151D8085F200865A7C /* SOSAccountTransaction.h */; }; + DC52E90B1D80C3D400B0A59C /* SOSMessage.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D5B1D8085F200865A7C /* SOSMessage.h */; }; + DC52E90C1D80C3D900B0A59C /* SOSBackupEvent.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D281D8085F200865A7C /* SOSBackupEvent.h */; }; + DC52E90D1D80C3DF00B0A59C /* SOSPeerInfoV2.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D681D8085F200865A7C /* SOSPeerInfoV2.h */; }; + DC52E90E1D80C3E400B0A59C /* SOSGenCount.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D381D8085F200865A7C /* SOSGenCount.h */; }; + DC52E90F1D80C3EA00B0A59C /* SOSCircleRings.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D331D8085F200865A7C /* SOSCircleRings.h */; }; + DC52E9101D80C3EF00B0A59C /* SOSAccountLog.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D211D8085F200865A7C /* SOSAccountLog.h */; }; + DC52E9111D80C3F800B0A59C /* SOSAccount.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D131D8085F200865A7C /* SOSAccount.h */; }; + DC52E9121D80C3FE00B0A59C /* SOSRingUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D471D8085F200865A7C /* SOSRingUtils.h */; }; + DC52E9131D80C40300B0A59C /* SOSBackupSliceKeyBag.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D2A1D8085F200865A7C /* SOSBackupSliceKeyBag.h */; }; + DC52E9141D80C40B00B0A59C /* SOSCloudKeychainClient.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78CF71D8085F200865A7C /* SOSCloudKeychainClient.h */; }; + DC52E9151D80C41200B0A59C /* SOSCloudKeychainConstants.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78CF91D8085F200865A7C /* SOSCloudKeychainConstants.h */; }; + DC52E9161D80C41A00B0A59C /* SOSPeerInfoInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D6C1D8085F200865A7C /* SOSPeerInfoInternal.h */; }; + DC52E9171D80C41F00B0A59C /* SOSPeerInfoRingState.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D6E1D8085F200865A7C /* SOSPeerInfoRingState.h */; }; + DC52E9181D80C42600B0A59C /* SOSAccountHSAJoin.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D191D8085F200865A7C /* SOSAccountHSAJoin.h */; }; + DC52E9191D80C42F00B0A59C /* SOSTransportMessageIDS.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D831D8085F200865A7C /* SOSTransportMessageIDS.h */; }; + DC52E91A1D80C43500B0A59C /* SOSRing.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D391D8085F200865A7C /* SOSRing.h */; }; + DC52E91B1D80C43A00B0A59C /* SOSViews.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D4B1D8085F200865A7C /* SOSViews.h */; }; + DC52E91C1D80C43F00B0A59C /* SOSPeerCoder.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D5F1D8085F200865A7C /* SOSPeerCoder.h */; }; + DC52E91D1D80C44400B0A59C /* SOSCoder.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D521D8085F200865A7C /* SOSCoder.h */; }; + DC52E91E1D80C44A00B0A59C /* SOSCircleDer.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D341D8085F200865A7C /* SOSCircleDer.h */; }; + DC52E91F1D80C45100B0A59C /* SOSAccountPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D221D8085F200865A7C /* SOSAccountPriv.h */; }; + DC52E9201D80C45800B0A59C /* SOSPeerInfoSecurityProperties.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D701D8085F200865A7C /* SOSPeerInfoSecurityProperties.h */; }; + DC52E9221D80C46800B0A59C /* SOSRingBackup.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D3B1D8085F200865A7C /* SOSRingBackup.h */; }; + DC52E9231D80C47100B0A59C /* SOSTransportCircleKVS.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D7B1D8085F200865A7C /* SOSTransportCircleKVS.h */; }; + DC52E9241D80C47900B0A59C /* SOSTransportMessage.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D811D8085F200865A7C /* SOSTransportMessage.h */; }; + DC52E9251D80C48000B0A59C /* SOSPlatform.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D901D8085F200865A7C /* SOSPlatform.h */; }; + DC52E9261D80C48700B0A59C /* SOSUserKeygen.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D2C1D8085F200865A7C /* SOSUserKeygen.h */; }; + DC52E9271D80C48D00B0A59C /* SOSCircleV2.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D301D8085F200865A7C /* SOSCircleV2.h */; }; + DC52E9281D80C49300B0A59C /* SOSManifest.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D591D8085F200865A7C /* SOSManifest.h */; }; + DC52E9291D80C49A00B0A59C /* SOSRingTypes.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D451D8085F200865A7C /* SOSRingTypes.h */; }; + DC52E92A1D80C4A200B0A59C /* SOSTransport.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D751D8085F200865A7C /* SOSTransport.h */; }; + DC52E92B1D80C4A800B0A59C /* SOSConcordanceTrust.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D361D8085F200865A7C /* SOSConcordanceTrust.h */; }; + DC52E92C1D80C4AF00B0A59C /* SOSTransportKeyParameter.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D7D1D8085F200865A7C /* SOSTransportKeyParameter.h */; }; + DC52E92D1D80C4BC00B0A59C /* SOSPeerInfoCollections.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D6B1D8085F200865A7C /* SOSPeerInfoCollections.h */; }; + DC52E92E1D80C4C300B0A59C /* SOSPeerInfoDER.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D661D8085F200865A7C /* SOSPeerInfoDER.h */; }; + DC52E92F1D80C4C900B0A59C /* SOSRingV0.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D491D8085F200865A7C /* SOSRingV0.h */; }; + DC52E9301D80C4D000B0A59C /* SOSRingPeerInfoUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D431D8085F200865A7C /* SOSRingPeerInfoUtils.h */; }; + DC52E9321D80C4DF00B0A59C /* SOSTransportMessageKVS.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D851D8085F200865A7C /* SOSTransportMessageKVS.h */; }; + DC52E9331D80C4E500B0A59C /* SOSDataSource.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D531D8085F200865A7C /* SOSDataSource.h */; }; + DC52E9341D80C4EC00B0A59C /* SOSInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D8E1D8085F200865A7C /* SOSInternal.h */; }; + DC52E9351D80C4F300B0A59C /* SOSKVSKeys.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D731D8085F200865A7C /* SOSKVSKeys.h */; }; + DC52E9361D80C4FD00B0A59C /* SOSRingConcordanceTrust.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D3F1D8085F200865A7C /* SOSRingConcordanceTrust.h */; }; + DC52E9371D80C50300B0A59C /* SOSRingBasic.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D3D1D8085F200865A7C /* SOSRingBasic.h */; }; + DC52E9381D80C50800B0A59C /* SOSPeer.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D5D1D8085F200865A7C /* SOSPeer.h */; }; + DC52E9391D80C50E00B0A59C /* SOSCircle.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D321D8085F200865A7C /* SOSCircle.h */; }; + DC52E93D1D80C53C00B0A59C /* SOSTransportCircle.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D791D8085F200865A7C /* SOSTransportCircle.h */; }; + DC52E93E1D80C54300B0A59C /* SOSCirclePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D311D8085F200865A7C /* SOSCirclePriv.h */; }; + DC52E9401D80C55200B0A59C /* SOSRingDER.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D411D8085F200865A7C /* SOSRingDER.h */; }; + DC52E9431D80C5AA00B0A59C /* SOSTransportKeyParameterKVS.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D7F1D8085F200865A7C /* SOSTransportKeyParameterKVS.h */; }; + DC52E9E21D80C62D00B0A59C /* secToolFileIO.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D931D8085F200865A7C /* secToolFileIO.c */; }; + DC52E9E31D80CAFE00B0A59C /* SOSCloudKeychainClient.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78CF61D8085F200865A7C /* SOSCloudKeychainClient.c */; }; + DC52EA9C1D80CC8300B0A59C /* print_cert.c in Sources */ = {isa = PBXBuildFile; fileRef = DC52EA951D80CC2A00B0A59C /* print_cert.c */; }; + DC52EA9D1D80CC9700B0A59C /* syncbubble.m in Sources */ = {isa = PBXBuildFile; fileRef = DC52EA921D80CC2A00B0A59C /* syncbubble.m */; }; + DC52EA9E1D80CC9B00B0A59C /* leaks.c in Sources */ = {isa = PBXBuildFile; fileRef = DC52EA931D80CC2A00B0A59C /* leaks.c */; }; + DC52EA9F1D80CCA100B0A59C /* digest_calc.c in Sources */ = {isa = PBXBuildFile; fileRef = DC52EA8F1D80CC2A00B0A59C /* digest_calc.c */; }; + DC52EAA01D80CCA700B0A59C /* whoami.m in Sources */ = {isa = PBXBuildFile; fileRef = DC52EA911D80CC2A00B0A59C /* whoami.m */; }; + DC52EAA11D80CCAC00B0A59C /* SecurityTool.c in Sources */ = {isa = PBXBuildFile; fileRef = DC52EA981D80CC2A00B0A59C /* SecurityTool.c */; }; + DC52EAA21D80CCB200B0A59C /* keychain_backup.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E211D8085FC00865A7C /* keychain_backup.c */; }; + DC52EAA31D80CCC300B0A59C /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; + DC52EBC31D80CEBA00B0A59C /* print_cert.c in Sources */ = {isa = PBXBuildFile; fileRef = DC52EA951D80CC2A00B0A59C /* print_cert.c */; }; + DC52EBC41D80CEBA00B0A59C /* print_cert.c in Sources */ = {isa = PBXBuildFile; fileRef = DC52EA951D80CC2A00B0A59C /* print_cert.c */; }; + DC52EBC51D80CEBA00B0A59C /* print_cert.c in Sources */ = {isa = PBXBuildFile; fileRef = DC52EA951D80CC2A00B0A59C /* print_cert.c */; }; + DC52EBD01D80CEF100B0A59C /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; + DC52EC141D80CF0500B0A59C /* spc.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E261D8085FC00865A7C /* spc.c */; }; + DC52EC151D80CF0B00B0A59C /* show_certificates.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E251D8085FC00865A7C /* show_certificates.c */; }; + DC52EC161D80CF3B00B0A59C /* scep.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E231D8085FC00865A7C /* scep.c */; }; + DC52EC171D80CF4200B0A59C /* pkcs12_util.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E221D8085FC00865A7C /* pkcs12_util.c */; }; + DC52EC181D80CF4700B0A59C /* log_control.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E1D1D8085FC00865A7C /* log_control.c */; }; + DC52EC191D80CF4C00B0A59C /* keychain_find.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E201D8085FC00865A7C /* keychain_find.c */; }; + DC52EC1A1D80CF5100B0A59C /* keychain_add.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E1F1D8085FC00865A7C /* keychain_add.c */; }; + DC52EC1B1D80CF5600B0A59C /* codesign.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E1E1D8085FC00865A7C /* codesign.c */; }; + DC52EC1C1D80CF5D00B0A59C /* add_internet_password.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E1C1D8085FC00865A7C /* add_internet_password.c */; }; + DC52EC1D1D80CF6200B0A59C /* keychain_util.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E1A1D8085FC00865A7C /* keychain_util.c */; }; + DC52EC1E1D80CF6700B0A59C /* verify_cert.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E191D8085FC00865A7C /* verify_cert.c */; }; + DC52EC2F1D80CFB200B0A59C /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; + DC52EC361D80CFD000B0A59C /* keychain_sync.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D971D8085F200865A7C /* keychain_sync.c */; }; + DC52EC371D80CFD400B0A59C /* keychain_sync_test.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D991D8085F200865A7C /* keychain_sync_test.m */; }; + DC52EC381D80CFDB00B0A59C /* secToolFileIO.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D931D8085F200865A7C /* secToolFileIO.c */; }; + DC52EC391D80CFDF00B0A59C /* secViewDisplay.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D9E1D8085F200865A7C /* secViewDisplay.c */; }; + DC52EC3A1D80CFE400B0A59C /* keychain_log.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D9B1D8085F200865A7C /* keychain_log.c */; }; + DC52EC3B1D80CFE900B0A59C /* syncbackup.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D9D1D8085F200865A7C /* syncbackup.c */; }; + DC52EC4E1D80D01F00B0A59C /* swcagent_client.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78EA01D80860C00865A7C /* swcagent_client.c */; }; + DC52EC4F1D80D02400B0A59C /* SecuritydXPC.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E9A1D8085FC00865A7C /* SecuritydXPC.c */; }; + DC52EC5D1D80D06300B0A59C /* SecLogging.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E651D8085FC00865A7C /* SecLogging.c */; }; + DC52EC691D80D0DD00B0A59C /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8C61D80C25800B0A59C /* libSecureObjectSync.a */; }; + DC52EC6B1D80D0E300B0A59C /* IDSFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EC6A1D80D0E300B0A59C /* IDSFoundation.framework */; }; + DC52EC6C1D80D0E800B0A59C /* IDS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD744683195A00BB00FB01C0 /* IDS.framework */; }; + DC52EC6D1D80D0F100B0A59C /* sc-31-peerinfo-simplefuzz.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D001D8085F200865A7C /* sc-31-peerinfo-simplefuzz.c */; }; + DC52EC6E1D80D0F700B0A59C /* SOSTestDevice.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D0E1D8085F200865A7C /* SOSTestDevice.c */; }; + DC52EC6F1D80D11800B0A59C /* sc-25-soskeygen.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78CFE1D8085F200865A7C /* sc-25-soskeygen.c */; }; + DC52EC701D80D11C00B0A59C /* sc-140-hsa2.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D051D8085F200865A7C /* sc-140-hsa2.c */; }; + DC52EC711D80D12200B0A59C /* sc-153-backupslicekeybag.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D081D8085F200865A7C /* sc-153-backupslicekeybag.c */; }; + DC52EC721D80D12900B0A59C /* sc-150-backupkeyderivation.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D071D8085F200865A7C /* sc-150-backupkeyderivation.c */; }; + DC52EC731D80D12E00B0A59C /* sc-20-keynames.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78CFD1D8085F200865A7C /* sc-20-keynames.c */; }; + DC52EC741D80D13500B0A59C /* SOSTestDataSource.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D0C1D8085F200865A7C /* SOSTestDataSource.c */; }; + DC52EC751D80D13B00B0A59C /* sc-42-circlegencount.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D021D8085F200865A7C /* sc-42-circlegencount.c */; }; + DC52EC761D80D13F00B0A59C /* sc-150-ring.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D061D8085F200865A7C /* sc-150-ring.c */; }; + DC52EC771D80D14400B0A59C /* sc-130-resignationticket.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D041D8085F200865A7C /* sc-130-resignationticket.c */; }; + DC52EC781D80D14800B0A59C /* SOSRegressionUtilities.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D0A1D8085F200865A7C /* SOSRegressionUtilities.c */; }; + DC52EC791D80D14D00B0A59C /* sc-45-digestvector.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D031D8085F200865A7C /* sc-45-digestvector.c */; }; + DC52EC7A1D80D15200B0A59C /* sc-40-circle.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D011D8085F200865A7C /* sc-40-circle.c */; }; + DC52EC7B1D80D15600B0A59C /* sc-30-peerinfo.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78CFF1D8085F200865A7C /* sc-30-peerinfo.c */; }; + DC52EC981D80D1D100B0A59C /* vmdh-40.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E131D8085FC00865A7C /* vmdh-40.c */; }; + DC52EC991D80D1D100B0A59C /* vmdh-41-example.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E141D8085FC00865A7C /* vmdh-41-example.c */; }; + DC52EC9A1D80D1D100B0A59C /* vmdh-42-example2.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E151D8085FC00865A7C /* vmdh-42-example2.c */; }; + DC52EC9B1D80D22600B0A59C /* si-00-find-nothing.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DAF1D8085FC00865A7C /* si-00-find-nothing.c */; }; + DC52EC9C1D80D22600B0A59C /* si-05-add.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DB01D8085FC00865A7C /* si-05-add.c */; }; + DC52EC9D1D80D22600B0A59C /* si-10-find-internet.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DB11D8085FC00865A7C /* si-10-find-internet.c */; }; + DC52EC9E1D80D22600B0A59C /* si-11-update-data.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DB21D8085FC00865A7C /* si-11-update-data.c */; }; + DC52EC9F1D80D22600B0A59C /* si-12-item-stress.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DB31D8085FC00865A7C /* si-12-item-stress.c */; }; + DC52ECA01D80D22600B0A59C /* si-13-item-system.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DB41D8085FC00865A7C /* si-13-item-system.m */; }; + DC52ECA11D80D22600B0A59C /* si-14-dateparse.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DB51D8085FC00865A7C /* si-14-dateparse.c */; }; + DC52ECA21D80D22600B0A59C /* si-15-delete-access-group.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DB61D8085FC00865A7C /* si-15-delete-access-group.m */; }; + DC52ECA51D80D22600B0A59C /* si-17-item-system-bluetooth.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DB91D8085FC00865A7C /* si-17-item-system-bluetooth.m */; }; + DC52ECB61D80D22600B0A59C /* si-30-keychain-upgrade.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DCA1D8085FC00865A7C /* si-30-keychain-upgrade.c */; }; + DC52ECB71D80D22600B0A59C /* si-31-keychain-bad.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DCB1D8085FC00865A7C /* si-31-keychain-bad.c */; }; + DC52ECB81D80D22600B0A59C /* si-31-keychain-unreadable.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DCC1D8085FC00865A7C /* si-31-keychain-unreadable.c */; }; + DC52ECB91D80D22600B0A59C /* si-33-keychain-backup.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DCD1D8085FC00865A7C /* si-33-keychain-backup.c */; }; + DC52ECBA1D80D22600B0A59C /* si-40-seckey-custom.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DCE1D8085FC00865A7C /* si-40-seckey-custom.c */; }; + DC52ECBB1D80D22600B0A59C /* si-40-seckey.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DCF1D8085FC00865A7C /* si-40-seckey.c */; }; + DC52ECBC1D80D22600B0A59C /* si-41-sececkey.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DD01D8085FC00865A7C /* si-41-sececkey.c */; }; + DC52ECBD1D80D22600B0A59C /* si-42-identity.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DD11D8085FC00865A7C /* si-42-identity.c */; }; + DC52ECBE1D80D22600B0A59C /* si-43-persistent.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DD21D8085FC00865A7C /* si-43-persistent.c */; }; + DC52ECC31D80D22600B0A59C /* si-50-secrandom.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DD71D8085FC00865A7C /* si-50-secrandom.c */; }; + DC52ECC41D80D22600B0A59C /* si-60-cms.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DD81D8085FC00865A7C /* si-60-cms.c */; }; + DC52ECC51D80D22600B0A59C /* si-61-pkcs12.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DD91D8085FC00865A7C /* si-61-pkcs12.c */; }; + DC52ECC71D80D22600B0A59C /* si-63-scep.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DDE1D8085FC00865A7C /* si-63-scep.c */; }; + DC52ECC81D80D22600B0A59C /* si-64-ossl-cms.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DE71D8085FC00865A7C /* si-64-ossl-cms.c */; }; + DC52ECC91D80D22600B0A59C /* si-65-cms-cert-policy.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DE81D8085FC00865A7C /* si-65-cms-cert-policy.c */; }; + DC52ECCC1D80D22600B0A59C /* si-68-secmatchissuer.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DF81D8085FC00865A7C /* si-68-secmatchissuer.c */; }; + DC52ECCD1D80D22600B0A59C /* si-69-keydesc.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DF91D8085FC00865A7C /* si-69-keydesc.c */; }; + DC52ECD01D80D22600B0A59C /* si-72-syncableitems.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DFC1D8085FC00865A7C /* si-72-syncableitems.c */; }; + DC52ECD11D80D22600B0A59C /* si-73-secpasswordgenerate.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DFD1D8085FC00865A7C /* si-73-secpasswordgenerate.c */; }; + DC52ECD31D80D22600B0A59C /* si-76-shared-credentials.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DFF1D8085FC00865A7C /* si-76-shared-credentials.c */; }; + DC52ECD41D80D22600B0A59C /* si_77_SecAccessControl.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E001D8085FC00865A7C /* si_77_SecAccessControl.c */; }; + DC52ECD51D80D22600B0A59C /* si-78-query-attrs.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E011D8085FC00865A7C /* si-78-query-attrs.c */; }; + DC52ECD61D80D22600B0A59C /* si-80-empty-data.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E021D8085FC00865A7C /* si-80-empty-data.c */; }; + DC52ECD91D80D22600B0A59C /* si-82-token-ag.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E051D8085FC00865A7C /* si-82-token-ag.c */; }; + DC52ECDD1D80D22600B0A59C /* si-89-cms-hash-agility.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E0B1D8085FC00865A7C /* si-89-cms-hash-agility.c */; }; + DC52ECDE1D80D22600B0A59C /* si-90-emcs.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E0D1D8085FC00865A7C /* si-90-emcs.m */; }; + DC52ECDF1D80D22600B0A59C /* si-95-cms-basic.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E0E1D8085FC00865A7C /* si-95-cms-basic.c */; }; + DC52ECE11D80D2F000B0A59C /* otr-00-identity.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DA71D8085FC00865A7C /* otr-00-identity.c */; }; + DC52ECE21D80D2F000B0A59C /* otr-30-negotiation.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DA81D8085FC00865A7C /* otr-30-negotiation.c */; }; + DC52ECE31D80D2F000B0A59C /* otr-40-edgecases.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DA91D8085FC00865A7C /* otr-40-edgecases.c */; }; + DC52ECE41D80D2F000B0A59C /* otr-50-roll.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DAA1D8085FC00865A7C /* otr-50-roll.c */; }; + DC52ECE51D80D2F000B0A59C /* otr-60-slowroll.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DAB1D8085FC00865A7C /* otr-60-slowroll.c */; }; + DC52ECE61D80D2F000B0A59C /* otr-otrdh.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DAC1D8085FC00865A7C /* otr-otrdh.c */; }; + DC52ECE71D80D2F000B0A59C /* otr-packetdata.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DAD1D8085FC00865A7C /* otr-packetdata.c */; }; + DC52ECE81D80D2FA00B0A59C /* pbkdf2-00-hmac-sha1.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DA41D8085FC00865A7C /* pbkdf2-00-hmac-sha1.c */; }; + DC52ECE91D80D2FA00B0A59C /* spbkdf-00-hmac-sha1.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DA51D8085FC00865A7C /* spbkdf-00-hmac-sha1.c */; }; + DC52ECEA1D80D30900B0A59C /* so_01_serverencryption.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E171D8085FC00865A7C /* so_01_serverencryption.c */; }; + DC52ED9E1D80D4ED00B0A59C /* secd-95-escrow-persistence.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C741D8085D800865A7C /* secd-95-escrow-persistence.c */; }; + DC52ED9F1D80D4F200B0A59C /* SOSTransportTestTransports.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C7C1D8085D800865A7C /* SOSTransportTestTransports.c */; }; + DC52EDA01D80D4F700B0A59C /* sd-10-policytree.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C3D1D8085D800865A7C /* sd-10-policytree.c */; }; + DC52EDA11D80D4FC00B0A59C /* IDS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD744683195A00BB00FB01C0 /* IDS.framework */; }; + DC52EDAC1D80D58400B0A59C /* IDS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD744683195A00BB00FB01C0 /* IDS.framework */; }; + DC52EDB21D80D59700B0A59C /* IDSFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EC6A1D80D0E300B0A59C /* IDSFoundation.framework */; }; + DC52EDB51D80D5C500B0A59C /* secd-03-corrupted-items.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C391D8085D800865A7C /* secd-03-corrupted-items.c */; }; + DC52EDB61D80D5C500B0A59C /* secd-04-corrupted-items.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C3A1D8085D800865A7C /* secd-04-corrupted-items.c */; }; + DC52EDB71D80D5C500B0A59C /* secd-05-corrupted-items.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C3B1D8085D800865A7C /* secd-05-corrupted-items.m */; }; + DC52EDBB1D80D5C500B0A59C /* secd-01-items.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C3F1D8085D800865A7C /* secd-01-items.c */; }; + DC52EDBC1D80D5C500B0A59C /* secd-02-upgrade-while-locked.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C401D8085D800865A7C /* secd-02-upgrade-while-locked.c */; }; + DC52EDBD1D80D5C500B0A59C /* secd-20-keychain_upgrade.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C411D8085D800865A7C /* secd-20-keychain_upgrade.m */; }; + DC52EDBE1D80D5C500B0A59C /* secd-21-transmogrify.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C421D8085D800865A7C /* secd-21-transmogrify.m */; }; + DC52EDBF1D80D5C500B0A59C /* secd-30-keychain-upgrade.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C431D8085D800865A7C /* secd-30-keychain-upgrade.c */; }; + DC52EDC01D80D5C500B0A59C /* secd-31-keychain-bad.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C441D8085D800865A7C /* secd-31-keychain-bad.c */; }; + DC52EDC11D80D5C500B0A59C /* secd-31-keychain-unreadable.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C451D8085D800865A7C /* secd-31-keychain-unreadable.c */; }; + DC52EDC21D80D5C500B0A59C /* secd-32-restore-bad-backup.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C461D8085D800865A7C /* secd-32-restore-bad-backup.c */; }; + DC52EDC31D80D5C500B0A59C /* secd-33-keychain-ctk.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C471D8085D800865A7C /* secd-33-keychain-ctk.m */; }; + DC52EDC41D80D5C500B0A59C /* secd-34-backup-der-parse.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C481D8085D800865A7C /* secd-34-backup-der-parse.c */; }; + DC52EDC51D80D5C500B0A59C /* secd-35-keychain-migrate-inet.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C491D8085D800865A7C /* secd-35-keychain-migrate-inet.c */; }; + DC52EDC61D80D5C500B0A59C /* secd-40-cc-gestalt.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C4A1D8085D800865A7C /* secd-40-cc-gestalt.c */; }; + DC52EDC71D80D5C500B0A59C /* secd-50-account.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C4B1D8085D800865A7C /* secd-50-account.c */; }; + DC52EDC81D80D5C500B0A59C /* secd-49-manifests.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C4C1D8085D800865A7C /* secd-49-manifests.c */; }; + DC52EDC91D80D5C500B0A59C /* secd-50-message.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C4D1D8085D800865A7C /* secd-50-message.c */; }; + DC52EDCA1D80D5C500B0A59C /* secd-51-account-inflate.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C4E1D8085D800865A7C /* secd-51-account-inflate.c */; }; + DC52EDCC1D80D5C500B0A59C /* secd-52-account-changed.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C501D8085D800865A7C /* secd-52-account-changed.c */; }; + DC52EDCD1D80D5C500B0A59C /* secd-55-account-circle.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C511D8085D800865A7C /* secd-55-account-circle.c */; }; + DC52EDCE1D80D5C500B0A59C /* secd-55-account-incompatibility.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C521D8085D800865A7C /* secd-55-account-incompatibility.c */; }; + DC52EDCF1D80D5C500B0A59C /* secd-56-account-apply.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C531D8085D800865A7C /* secd-56-account-apply.c */; }; + DC52EDD01D80D5C500B0A59C /* secd-57-account-leave.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C541D8085D800865A7C /* secd-57-account-leave.c */; }; + DC52EDD11D80D5C500B0A59C /* secd-57-1-account-last-standing.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C551D8085D800865A7C /* secd-57-1-account-last-standing.c */; }; + DC52EDD21D80D5C500B0A59C /* secd-58-password-change.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C561D8085D800865A7C /* secd-58-password-change.c */; }; + DC52EDD31D80D5C500B0A59C /* secd-59-account-cleanup.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C571D8085D800865A7C /* secd-59-account-cleanup.c */; }; + DC52EDD41D80D5C500B0A59C /* secd-60-account-cloud-identity.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C581D8085D800865A7C /* secd-60-account-cloud-identity.c */; }; + DC52EDD51D80D5C500B0A59C /* secd60-account-cloud-exposure.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C591D8085D800865A7C /* secd60-account-cloud-exposure.c */; }; + DC52EDD61D80D5C500B0A59C /* secd-61-account-leave-not-in-kansas-anymore.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C5A1D8085D800865A7C /* secd-61-account-leave-not-in-kansas-anymore.c */; }; + DC52EDD71D80D5C500B0A59C /* secd-62-account-backup.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C5B1D8085D800865A7C /* secd-62-account-backup.c */; }; + DC52EDD81D80D5C500B0A59C /* secd-62-account-hsa-join.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C5C1D8085D800865A7C /* secd-62-account-hsa-join.c */; }; + DC52EDD91D80D5C500B0A59C /* secd-63-account-resurrection.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C5D1D8085D800865A7C /* secd-63-account-resurrection.c */; }; + DC52EDDA1D80D5C500B0A59C /* secd-65-account-retirement-reset.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C5E1D8085D800865A7C /* secd-65-account-retirement-reset.c */; }; + DC52EDDB1D80D5C500B0A59C /* secd-64-circlereset.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C5F1D8085D800865A7C /* secd-64-circlereset.c */; }; + DC52EDDC1D80D5C500B0A59C /* secd-70-engine.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C601D8085D800865A7C /* secd-70-engine.c */; }; + DC52EDDD1D80D5C500B0A59C /* secd-70-engine-corrupt.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C611D8085D800865A7C /* secd-70-engine-corrupt.c */; }; + DC52EDDE1D80D5C500B0A59C /* secd-70-engine-smash.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C621D8085D800865A7C /* secd-70-engine-smash.c */; }; + DC52EDDF1D80D5C500B0A59C /* secd-70-otr-remote.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C631D8085D800865A7C /* secd-70-otr-remote.c */; }; + DC52EDE21D80D5C500B0A59C /* secd-74-engine-beer-servers.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C661D8085D800865A7C /* secd-74-engine-beer-servers.c */; }; + DC52EDE31D80D5C500B0A59C /* secd-75-engine-views.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C671D8085D800865A7C /* secd-75-engine-views.c */; }; + DC52EDE61D80D5C500B0A59C /* secd-80-views-basic.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C6A1D8085D800865A7C /* secd-80-views-basic.c */; }; + DC52EDE71D80D5C500B0A59C /* secd-82-secproperties-basic.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C6B1D8085D800865A7C /* secd-82-secproperties-basic.c */; }; + DC52EDE81D80D5C500B0A59C /* secd-81-item-acl-stress.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C6C1D8085D800865A7C /* secd-81-item-acl-stress.c */; }; + DC52EDE91D80D5C500B0A59C /* secd-81-item-acl.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C6D1D8085D800865A7C /* secd-81-item-acl.c */; }; + DC52EDEA1D80D5C500B0A59C /* secd-82-persistent-ref.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C6E1D8085D800865A7C /* secd-82-persistent-ref.c */; }; + DC52EDEB1D80D5C500B0A59C /* secd-83-item-match-policy.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C6F1D8085D800865A7C /* secd-83-item-match-policy.m */; }; + DC52EDEC1D80D5C500B0A59C /* secd-83-item-match-valid-on-date.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C701D8085D800865A7C /* secd-83-item-match-valid-on-date.m */; }; + DC52EDED1D80D5C600B0A59C /* secd-83-item-match-trusted.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C711D8085D800865A7C /* secd-83-item-match-trusted.m */; }; + DC52EDEF1D80D5C600B0A59C /* secd-90-hsa2.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C731D8085D800865A7C /* secd-90-hsa2.c */; }; + DC52EDF11D80D5C600B0A59C /* secd-100-initialsync.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C751D8085D800865A7C /* secd-100-initialsync.c */; }; + DC52EDF21D80D5C600B0A59C /* secd-130-other-peer-views.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C761D8085D800865A7C /* secd-130-other-peer-views.c */; }; + DC52EDF41D80D5C600B0A59C /* secd-200-logstate.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C781D8085D800865A7C /* secd-200-logstate.c */; }; + DC52EDF51D80D62E00B0A59C /* SecdTestKeychainUtilities.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C7A1D8085D800865A7C /* SecdTestKeychainUtilities.c */; }; + DC52EDF61D80D62E00B0A59C /* SOSTransportTestTransports.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C7C1D8085D800865A7C /* SOSTransportTestTransports.c */; }; + DC52EDF71D80D65700B0A59C /* si-90-emcs.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E0D1D8085FC00865A7C /* si-90-emcs.m */; }; + DC52EDF81D80D65C00B0A59C /* SOSTestDevice.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D0E1D8085F200865A7C /* SOSTestDevice.c */; }; + DC52EDF91D80D66000B0A59C /* SOSTestDataSource.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D0C1D8085F200865A7C /* SOSTestDataSource.c */; }; + DC52EDFA1D80D66600B0A59C /* SOSRegressionUtilities.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D0A1D8085F200865A7C /* SOSRegressionUtilities.c */; }; + DC52EE421D80D71900B0A59C /* si-20-sectrust.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DBB1D8085FC00865A7C /* si-20-sectrust.c */; }; + DC52EE441D80D71900B0A59C /* si-21-sectrust-asr.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DBD1D8085FC00865A7C /* si-21-sectrust-asr.c */; }; + DC52EE451D80D71900B0A59C /* si-22-sectrust-iap.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DBE1D8085FC00865A7C /* si-22-sectrust-iap.c */; }; + DC52EE471D80D71900B0A59C /* si-23-sectrust-ocsp.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DC01D8085FC00865A7C /* si-23-sectrust-ocsp.c */; }; + DC52EE481D80D71900B0A59C /* si-24-sectrust-digicert-malaysia.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DC11D8085FC00865A7C /* si-24-sectrust-digicert-malaysia.c */; }; + DC52EE491D80D71900B0A59C /* si-24-sectrust-diginotar.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DC21D8085FC00865A7C /* si-24-sectrust-diginotar.c */; }; + DC52EE4A1D80D71900B0A59C /* si-24-sectrust-itms.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DC31D8085FC00865A7C /* si-24-sectrust-itms.c */; }; + DC52EE4B1D80D71900B0A59C /* si-24-sectrust-nist.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DC41D8085FC00865A7C /* si-24-sectrust-nist.c */; }; + DC52EE4C1D80D71900B0A59C /* si-24-sectrust-passbook.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DC51D8085FC00865A7C /* si-24-sectrust-passbook.c */; }; + DC52EE4D1D80D71900B0A59C /* si-26-sectrust-copyproperties.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DC61D8085FC00865A7C /* si-26-sectrust-copyproperties.c */; }; + DC52EE4E1D80D71900B0A59C /* si-27-sectrust-exceptions.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DC71D8085FC00865A7C /* si-27-sectrust-exceptions.c */; }; + DC52EE4F1D80D71900B0A59C /* si-28-sectrustsettings.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DC81D8085FC00865A7C /* si-28-sectrustsettings.m */; }; + DC52EE511D80D73800B0A59C /* si-15-certificate.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DB71D8085FC00865A7C /* si-15-certificate.c */; }; + DC52EE521D80D73800B0A59C /* si-16-ec-certificate.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DB81D8085FC00865A7C /* si-16-ec-certificate.c */; }; + DC52EE531D80D73800B0A59C /* si-44-seckey-gen.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DD31D8085FC00865A7C /* si-44-seckey-gen.m */; }; + DC52EE541D80D73800B0A59C /* si-44-seckey-rsa.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DD41D8085FC00865A7C /* si-44-seckey-rsa.m */; }; + DC52EE551D80D73800B0A59C /* si-44-seckey-ec.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DD51D8085FC00865A7C /* si-44-seckey-ec.m */; }; + DC52EE561D80D73800B0A59C /* si-44-seckey-ies.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DD61D8085FC00865A7C /* si-44-seckey-ies.m */; }; + DC52EE571D80D73800B0A59C /* si-67-sectrust-blacklist.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DF71D8085FC00865A7C /* si-67-sectrust-blacklist.c */; }; + DC52EE581D80D73800B0A59C /* si-70-sectrust-unified.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DFA1D8085FC00865A7C /* si-70-sectrust-unified.c */; }; + DC52EE591D80D73800B0A59C /* si-82-seccertificate-ct.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E031D8085FC00865A7C /* si-82-seccertificate-ct.c */; }; + DC52EE5A1D80D73800B0A59C /* si-83-seccertificate-sighashalg.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E061D8085FC00865A7C /* si-83-seccertificate-sighashalg.c */; }; + DC52EE5B1D80D73800B0A59C /* si-97-sectrust-path-scoring.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E101D8085FC00865A7C /* si-97-sectrust-path-scoring.m */; }; + DC52EE5C1D80D76300B0A59C /* si-20-sectrust-policies.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DBA1D8085FC00865A7C /* si-20-sectrust-policies.m */; }; + DC52EE5D1D80D76B00B0A59C /* si-87-sectrust-name-constraints.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E091D8085FC00865A7C /* si-87-sectrust-name-constraints.c */; }; + DC52EE5E1D80D78C00B0A59C /* si-82-sectrust-ct.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E041D8085FC00865A7C /* si-82-sectrust-ct.m */; }; + DC52EE5F1D80D79400B0A59C /* si-85-sectrust-ssl-policy.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E071D8085FC00865A7C /* si-85-sectrust-ssl-policy.c */; }; + DC52EE601D80D79900B0A59C /* si-74-OTAPKISigner.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DFE1D8085FC00865A7C /* si-74-OTAPKISigner.c */; }; + DC52EE611D80D79E00B0A59C /* si-71-mobile-store-policy.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78DFB1D8085FC00865A7C /* si-71-mobile-store-policy.c */; }; + DC52EE6F1D80D83F00B0A59C /* SecPasswordGenerate.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E7A1D8085FC00865A7C /* SecPasswordGenerate.c */; }; + DC52EE701D80D84700B0A59C /* SecItemConstants.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E5C1D8085FC00865A7C /* SecItemConstants.c */; }; + DC52EE711D80D85F00B0A59C /* SecECKey.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E491D8085FC00865A7C /* SecECKey.c */; }; + DC52EE721D80D86400B0A59C /* SecuritydXPC.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E9A1D8085FC00865A7C /* SecuritydXPC.c */; }; + DC52EE731D80D86800B0A59C /* SecKey.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E601D8085FC00865A7C /* SecKey.c */; }; + DC52EE741D80D86F00B0A59C /* SecAccessControl.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E301D8085FC00865A7C /* SecAccessControl.c */; }; + DC52EE751D80D87900B0A59C /* SOSCloudCircle.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D891D8085F200865A7C /* SOSCloudCircle.c */; }; + DC52EE761D80D87F00B0A59C /* SecCTKKey.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E441D8085FC00865A7C /* SecCTKKey.c */; }; + DC52EE771D80D88300B0A59C /* SecDH.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E461D8085FC00865A7C /* SecDH.c */; }; + DC52EE781D80D88800B0A59C /* SecRSAKey.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E851D8085FC00865A7C /* SecRSAKey.c */; }; + DC52EE791D80D88D00B0A59C /* SecItem.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E581D8085FC00865A7C /* SecItem.c */; }; + DC52EE7A1D80D89400B0A59C /* SecCFAllocator.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E401D8085FC00865A7C /* SecCFAllocator.c */; }; + DC52EE7B1D80D89900B0A59C /* SecKeyAdaptors.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E621D8085FC00865A7C /* SecKeyAdaptors.c */; }; + DC52EE7C1D80D89E00B0A59C /* SecItemBackup.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E5A1D8085FC00865A7C /* SecItemBackup.c */; }; + DC55329B1DDAA28600B6A6A7 /* XPCNotificationDispatcher.m in Sources */ = {isa = PBXBuildFile; fileRef = E7C787331DD0FED50087FC34 /* XPCNotificationDispatcher.m */; }; + DC55329C1DDAA28800B6A6A7 /* XPCNotificationDispatcher.m in Sources */ = {isa = PBXBuildFile; fileRef = E7C787331DD0FED50087FC34 /* XPCNotificationDispatcher.m */; }; + DC58C4331D77BE2E003C25A4 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789241D7799CD00B50D50 /* CoreFoundation.framework */; }; + DC58C43E1D77BED0003C25A4 /* csparser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC58C43B1D77BED0003C25A4 /* csparser.cpp */; }; + DC59E9A41D91C6F0001BDDF5 /* libCMS.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1002D71D8E19F20025549C /* libCMS.a */; }; + DC59E9A71D91C7C7001BDDF5 /* libCMS.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1002D71D8E19F20025549C /* libCMS.a */; }; + DC59E9FE1D91CA0A001BDDF5 /* DER_Keys.c in Sources */ = {isa = PBXBuildFile; fileRef = DC59E9ED1D91CA0A001BDDF5 /* DER_Keys.c */; }; + DC59EA011D91CA0A001BDDF5 /* DER_CertCrl.c in Sources */ = {isa = PBXBuildFile; fileRef = DC59E9F01D91CA0A001BDDF5 /* DER_CertCrl.c */; }; + DC59EA031D91CA0A001BDDF5 /* DER_Decode.c in Sources */ = {isa = PBXBuildFile; fileRef = DC59E9F21D91CA0A001BDDF5 /* DER_Decode.c */; }; + DC59EA051D91CA0A001BDDF5 /* DER_Encode.c in Sources */ = {isa = PBXBuildFile; fileRef = DC59E9F41D91CA0A001BDDF5 /* DER_Encode.c */; }; + DC59EA0A1D91CA0A001BDDF5 /* DER_Digest.c in Sources */ = {isa = PBXBuildFile; fileRef = DC59E9F91D91CA0A001BDDF5 /* DER_Digest.c */; }; + DC59EA0B1D91CA0A001BDDF5 /* oids.c in Sources */ = {isa = PBXBuildFile; fileRef = DC59E9FA1D91CA0A001BDDF5 /* oids.c */; }; + DC59EA2D1D91CA2C001BDDF5 /* libDERUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = DC59EA261D91CA2C001BDDF5 /* libDERUtils.h */; }; + DC59EA2E1D91CA2C001BDDF5 /* libDERUtils.c in Sources */ = {isa = PBXBuildFile; fileRef = DC59EA271D91CA2C001BDDF5 /* libDERUtils.c */; }; + DC59EA2F1D91CA2C001BDDF5 /* fileIo.c in Sources */ = {isa = PBXBuildFile; fileRef = DC59EA281D91CA2C001BDDF5 /* fileIo.c */; }; + DC59EA301D91CA2C001BDDF5 /* fileIo.h in Headers */ = {isa = PBXBuildFile; fileRef = DC59EA291D91CA2C001BDDF5 /* fileIo.h */; }; + DC59EA311D91CA2C001BDDF5 /* printFields.h in Headers */ = {isa = PBXBuildFile; fileRef = DC59EA2A1D91CA2C001BDDF5 /* printFields.h */; }; + DC59EA321D91CA2C001BDDF5 /* printFields.c in Sources */ = {isa = PBXBuildFile; fileRef = DC59EA2B1D91CA2C001BDDF5 /* printFields.c */; }; + DC59EA4E1D91CACE001BDDF5 /* parseCert.c in Sources */ = {isa = PBXBuildFile; fileRef = DC59EA491D91CACE001BDDF5 /* parseCert.c */; }; + DC59EA501D91CAE3001BDDF5 /* libDER_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC59E9EC1D91C9DC001BDDF5 /* libDER_not_installed.a */; }; + DC59EA511D91CAE8001BDDF5 /* libDERUtils.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC59EA251D91CA15001BDDF5 /* libDERUtils.a */; }; + DC59EA5A1D91CAF0001BDDF5 /* libDERUtils.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC59EA251D91CA15001BDDF5 /* libDERUtils.a */; }; + DC59EA5B1D91CAF0001BDDF5 /* libDER_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC59E9EC1D91C9DC001BDDF5 /* libDER_not_installed.a */; }; + DC59EA611D91CAFD001BDDF5 /* parseCrl.c in Sources */ = {isa = PBXBuildFile; fileRef = DC59EA4A1D91CACE001BDDF5 /* parseCrl.c */; }; + DC59EA6B1D91CB9F001BDDF5 /* libDER_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC59E9EC1D91C9DC001BDDF5 /* libDER_not_installed.a */; }; + DC59EA711D91CBB9001BDDF5 /* DER_Ticket.c in Sources */ = {isa = PBXBuildFile; fileRef = DC59EA461D91CACE001BDDF5 /* DER_Ticket.c */; }; + DC59EA721D91CBBD001BDDF5 /* parseTicket.c in Sources */ = {isa = PBXBuildFile; fileRef = DC59EA481D91CACE001BDDF5 /* parseTicket.c */; }; + DC59EA741D91CBD0001BDDF5 /* libcrypto.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC59EA731D91CBD0001BDDF5 /* libcrypto.dylib */; }; + DC59EA771D91CC6D001BDDF5 /* libDER_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC59E9EC1D91C9DC001BDDF5 /* libDER_not_installed.a */; }; + DC59EA7B1D91CC9F001BDDF5 /* libDER_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC59E9EC1D91C9DC001BDDF5 /* libDER_not_installed.a */; }; + DC59EA7E1D91CCB2001BDDF5 /* libDER_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC59E9EC1D91C9DC001BDDF5 /* libDER_not_installed.a */; }; + DC59EA7F1D91CCCA001BDDF5 /* libDER_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC59E9EC1D91C9DC001BDDF5 /* libDER_not_installed.a */; }; + DC59EA821D91CD24001BDDF5 /* libDER_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC59E9EC1D91C9DC001BDDF5 /* libDER_not_installed.a */; }; + DC59EA851D91CD35001BDDF5 /* libDER_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC59E9EC1D91C9DC001BDDF5 /* libDER_not_installed.a */; }; + DC59EA881D91CD7E001BDDF5 /* libDER_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC59E9EC1D91C9DC001BDDF5 /* libDER_not_installed.a */; }; + DC59EA8B1D91CD93001BDDF5 /* libDER_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC59E9EC1D91C9DC001BDDF5 /* libDER_not_installed.a */; }; + DC59EA8E1D91CDC1001BDDF5 /* libDER_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC59E9EC1D91C9DC001BDDF5 /* libDER_not_installed.a */; }; + DC59EA911D91CDCF001BDDF5 /* libDER_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC59E9EC1D91C9DC001BDDF5 /* libDER_not_installed.a */; }; + DC59EA941D91CDE0001BDDF5 /* libDER_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC59E9EC1D91C9DC001BDDF5 /* libDER_not_installed.a */; }; + DC59EA971D91CDFA001BDDF5 /* libDER_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC59E9EC1D91C9DC001BDDF5 /* libDER_not_installed.a */; }; + DC59EA9A1D91CE94001BDDF5 /* libDER_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC59E9EC1D91C9DC001BDDF5 /* libDER_not_installed.a */; }; + DC5ABDCC1D832E4000CF422C /* srCdsaUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABD781D832D5800CF422C /* srCdsaUtils.cpp */; }; + DC5ABDCD1D832E4000CF422C /* createFVMaster.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABD7A1D832D5800CF422C /* createFVMaster.c */; }; + DC5ABDCE1D832E4000CF422C /* mds_install.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABD7D1D832D5800CF422C /* mds_install.cpp */; }; + DC5ABDCF1D832E4000CF422C /* cmsutil.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABD7E1D832D5800CF422C /* cmsutil.c */; }; + DC5ABDD01D832E4000CF422C /* db_commands.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABD801D832D5800CF422C /* db_commands.cpp */; }; + DC5ABDD11D832E4000CF422C /* display_error_code.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABD821D832D5800CF422C /* display_error_code.c */; }; + DC5ABDD21D832E4000CF422C /* trusted_cert_dump.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABD841D832D5800CF422C /* trusted_cert_dump.c */; }; + DC5ABDD31D832E4000CF422C /* identity_find.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABD861D832D5800CF422C /* identity_find.c */; }; + DC5ABDD41D832E4000CF422C /* identity_prefs.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABD881D832D5800CF422C /* identity_prefs.c */; }; + DC5ABDD51D832E4000CF422C /* key_create.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABD8A1D832D5800CF422C /* key_create.c */; }; + DC5ABDD61D832E4000CF422C /* keychain_add.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABD8C1D832D5800CF422C /* keychain_add.c */; }; + DC5ABDD71D832E4000CF422C /* keychain_create.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABD8E1D832D5800CF422C /* keychain_create.c */; }; + DC5ABDD81D832E4000CF422C /* keychain_delete.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABD901D832D5800CF422C /* keychain_delete.c */; }; + DC5ABDD91D832E4000CF422C /* keychain_export.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABD921D832D5800CF422C /* keychain_export.c */; }; + DC5ABDDA1D832E4000CF422C /* keychain_find.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABD941D832D5800CF422C /* keychain_find.c */; }; + DC5ABDDB1D832E4000CF422C /* keychain_import.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABD961D832D5800CF422C /* keychain_import.c */; }; + DC5ABDDC1D832E4000CF422C /* keychain_list.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABD981D832D5800CF422C /* keychain_list.c */; }; + DC5ABDDD1D832E4000CF422C /* keychain_lock.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABD9A1D832D5800CF422C /* keychain_lock.c */; }; + DC5ABDDE1D832E4000CF422C /* keychain_recode.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABD9C1D832D5800CF422C /* keychain_recode.c */; }; + DC5ABDDF1D832E4000CF422C /* keychain_set_settings.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABD9E1D832D5800CF422C /* keychain_set_settings.c */; }; + DC5ABDE01D832E4000CF422C /* keychain_show_info.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABDA01D832D5800CF422C /* keychain_show_info.c */; }; + DC5ABDE11D832E4000CF422C /* keychain_unlock.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABDA21D832D5800CF422C /* keychain_unlock.c */; }; + DC5ABDE21D832E4000CF422C /* keychain_utilities.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABDA41D832D5800CF422C /* keychain_utilities.c */; }; + DC5ABDE31D832E4000CF422C /* leaks.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABDA61D832D5800CF422C /* leaks.c */; }; + DC5ABDE41D832E4000CF422C /* readline.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABDA81D832D5800CF422C /* readline.c */; }; + DC5ABDE51D832E4000CF422C /* security.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABDAA1D832D5800CF422C /* security.c */; }; + DC5ABDE61D832E4000CF422C /* trusted_cert_add.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABDAC1D832D5800CF422C /* trusted_cert_add.c */; }; + DC5ABDE71D832E4000CF422C /* trusted_cert_utils.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABDAE1D832D5800CF422C /* trusted_cert_utils.c */; }; + DC5ABDE81D832E4000CF422C /* trust_settings_impexp.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABDB11D832D5800CF422C /* trust_settings_impexp.c */; }; + DC5ABDE91D832E4000CF422C /* user_trust_enable.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABDB31D832D5800CF422C /* user_trust_enable.cpp */; }; + DC5ABDEA1D832E4000CF422C /* authz.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABDB51D832D5800CF422C /* authz.c */; }; + DC5ABDEB1D832E4000CF422C /* verify_cert.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABDB61D832D5800CF422C /* verify_cert.c */; }; + DC5ABDEC1D832E4000CF422C /* access_utils.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABDB81D832D5800CF422C /* access_utils.c */; }; + DC5ABDED1D832E4000CF422C /* translocate.c in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABDBC1D832D5800CF422C /* translocate.c */; }; + DC5ABDEE1D832E4E00CF422C /* smartcards.m in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABDBB1D832D5800CF422C /* smartcards.m */; }; + DC5ABDF01D832E8300CF422C /* srCdsaUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABD791D832D5800CF422C /* srCdsaUtils.h */; }; + DC5ABDF11D832E8300CF422C /* createFVMaster.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABD7B1D832D5800CF422C /* createFVMaster.h */; }; + DC5ABDF21D832E8300CF422C /* mds_install.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABD7C1D832D5800CF422C /* mds_install.h */; }; + DC5ABDF31D832E8300CF422C /* cmsutil.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABD7F1D832D5800CF422C /* cmsutil.h */; }; + DC5ABDF41D832E8300CF422C /* db_commands.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABD811D832D5800CF422C /* db_commands.h */; }; + DC5ABDF51D832E8300CF422C /* display_error_code.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABD831D832D5800CF422C /* display_error_code.h */; }; + DC5ABDF61D832E8300CF422C /* trusted_cert_dump.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABD851D832D5800CF422C /* trusted_cert_dump.h */; }; + DC5ABDF71D832E8300CF422C /* identity_find.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABD871D832D5800CF422C /* identity_find.h */; }; + DC5ABDF81D832E8300CF422C /* identity_prefs.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABD891D832D5800CF422C /* identity_prefs.h */; }; + DC5ABDF91D832E8300CF422C /* key_create.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABD8B1D832D5800CF422C /* key_create.h */; }; + DC5ABDFA1D832E8300CF422C /* keychain_add.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABD8D1D832D5800CF422C /* keychain_add.h */; }; + DC5ABDFB1D832E8300CF422C /* keychain_create.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABD8F1D832D5800CF422C /* keychain_create.h */; }; + DC5ABDFC1D832E8300CF422C /* keychain_delete.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABD911D832D5800CF422C /* keychain_delete.h */; }; + DC5ABDFD1D832E8300CF422C /* keychain_export.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABD931D832D5800CF422C /* keychain_export.h */; }; + DC5ABDFE1D832E8300CF422C /* keychain_find.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABD951D832D5800CF422C /* keychain_find.h */; }; + DC5ABDFF1D832E8300CF422C /* keychain_import.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABD971D832D5800CF422C /* keychain_import.h */; }; + DC5ABE001D832E8300CF422C /* keychain_list.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABD991D832D5800CF422C /* keychain_list.h */; }; + DC5ABE011D832E8300CF422C /* keychain_lock.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABD9B1D832D5800CF422C /* keychain_lock.h */; }; + DC5ABE021D832E8300CF422C /* keychain_recode.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABD9D1D832D5800CF422C /* keychain_recode.h */; }; + DC5ABE031D832E8300CF422C /* keychain_set_settings.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABD9F1D832D5800CF422C /* keychain_set_settings.h */; }; + DC5ABE041D832E8300CF422C /* keychain_show_info.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABDA11D832D5800CF422C /* keychain_show_info.h */; }; + DC5ABE051D832E8300CF422C /* keychain_unlock.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABDA31D832D5800CF422C /* keychain_unlock.h */; }; + DC5ABE061D832E8300CF422C /* keychain_utilities.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABDA51D832D5800CF422C /* keychain_utilities.h */; }; + DC5ABE071D832E8300CF422C /* leaks.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABDA71D832D5800CF422C /* leaks.h */; }; + DC5ABE081D832E8300CF422C /* readline_cssm.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABDA91D832D5800CF422C /* readline_cssm.h */; }; + DC5ABE091D832E8300CF422C /* security_tool.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABDAB1D832D5800CF422C /* security_tool.h */; }; + DC5ABE0A1D832E8300CF422C /* trusted_cert_add.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABDAD1D832D5800CF422C /* trusted_cert_add.h */; }; + DC5ABE0B1D832E8300CF422C /* trusted_cert_utils.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABDAF1D832D5800CF422C /* trusted_cert_utils.h */; }; + DC5ABE0C1D832E8300CF422C /* trust_settings_impexp.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABDB01D832D5800CF422C /* trust_settings_impexp.h */; }; + DC5ABE0D1D832E8300CF422C /* user_trust_enable.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABDB21D832D5800CF422C /* user_trust_enable.h */; }; + DC5ABE0E1D832E8300CF422C /* authz.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABDB41D832D5800CF422C /* authz.h */; }; + DC5ABE0F1D832E8300CF422C /* verify_cert.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABDB71D832D5800CF422C /* verify_cert.h */; }; + DC5ABE101D832E8300CF422C /* access_utils.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABDB91D832D5800CF422C /* access_utils.h */; }; + DC5ABE121D832E8300CF422C /* translocate.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABDBD1D832D5800CF422C /* translocate.h */; }; + DC5ABE181D832F2200CF422C /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789041D77980500B50D50 /* Security.framework */; }; + DC5ABE191D832F2700CF422C /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789241D7799CD00B50D50 /* CoreFoundation.framework */; }; + DC5ABE1A1D832F3E00CF422C /* security.1 in CopyFiles */ = {isa = PBXBuildFile; fileRef = DC5ABDBF1D832D5D00CF422C /* security.1 */; }; + DC5AC0C01D83538000CF422C /* securityd.1 in CopyFiles */ = {isa = PBXBuildFile; fileRef = DC5ABFE01D83513400CF422C /* securityd.1 */; }; + DC5AC0C11D83538800CF422C /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789261D7799D300B50D50 /* IOKit.framework */; }; + DC5AC0C21D83538D00CF422C /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789241D7799CD00B50D50 /* CoreFoundation.framework */; }; + DC5AC0C41D8353BB00CF422C /* System.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC5AC0C31D8353B900CF422C /* System.framework */; }; + DC5AC0C51D8353C200CF422C /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789041D77980500B50D50 /* Security.framework */; }; + DC5AC0C71D8353C800CF422C /* PCSC.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC5AC0C61D8353C800CF422C /* PCSC.framework */; }; + DC5AC0C91D8353D100CF422C /* libbsm.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789181D77998C00B50D50 /* libbsm.dylib */; }; + DC5AC0CE1D83542B00CF422C /* libsecurity_tokend_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC5AC0CD1D83542700CF422C /* libsecurity_tokend_client.a */; }; + DC5AC0D11D83544200CF422C /* libobjc.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC17891A1D77999200B50D50 /* libobjc.dylib */; }; + DC5AC0D21D83544800CF422C /* libauto.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789161D77998700B50D50 /* libauto.dylib */; }; + DC5AC0D31D83544D00CF422C /* libsqlite3.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC17891E1D77999D00B50D50 /* libsqlite3.dylib */; }; + DC5AC0D41D83547A00CF422C /* libsecuritydservice_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC5AC0B91D83533400CF422C /* libsecuritydservice_client.a */; }; + DC5AC0D61D83548300CF422C /* libDiagnosticMessagesClient.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789121D7798B300B50D50 /* libDiagnosticMessagesClient.dylib */; }; + DC5AC0D81D8354CA00CF422C /* main.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABF7A1D83511A00CF422C /* main.cpp */; }; + DC5AC0D91D8354CA00CF422C /* connection.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABF7C1D83511A00CF422C /* connection.cpp */; }; + DC5AC0DA1D8354CA00CF422C /* database.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABF7E1D83511A00CF422C /* database.cpp */; }; + DC5AC0DB1D8354CA00CF422C /* key.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABF801D83511A00CF422C /* key.cpp */; }; + DC5AC0DC1D8354CA00CF422C /* process.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABF821D83511A00CF422C /* process.cpp */; }; + DC5AC0DD1D8354CA00CF422C /* server.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABF841D83511A00CF422C /* server.cpp */; }; + DC5AC0DE1D8354CA00CF422C /* session.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABF861D83511A00CF422C /* session.cpp */; }; + DC5AC0DF1D8354CA00CF422C /* structure.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABF881D83511A00CF422C /* structure.cpp */; }; + DC5AC0E01D8354CA00CF422C /* dbcrypto.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABF8B1D83511A00CF422C /* dbcrypto.cpp */; }; + DC5AC0E11D8354CA00CF422C /* localdatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABF8E1D83511A00CF422C /* localdatabase.cpp */; }; + DC5AC0E21D8354CA00CF422C /* localkey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABF901D83511A00CF422C /* localkey.cpp */; }; + DC5AC0E31D8354CA00CF422C /* kcdatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABF931D83511A00CF422C /* kcdatabase.cpp */; }; + DC5AC0E41D8354CA00CF422C /* kckey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABF951D83511A00CF422C /* kckey.cpp */; }; + DC5AC0E51D8354CA00CF422C /* tempdatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABF981D83511A00CF422C /* tempdatabase.cpp */; }; + DC5AC0E61D8354CA00CF422C /* tokendatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABF9B1D83511A00CF422C /* tokendatabase.cpp */; }; + DC5AC0E71D8354CA00CF422C /* tokenkey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABF9D1D83511A00CF422C /* tokenkey.cpp */; }; + DC5AC0E81D8354CA00CF422C /* tokenaccess.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABF9F1D83511A00CF422C /* tokenaccess.cpp */; }; + DC5AC0E91D8354CA00CF422C /* pcscmonitor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFA31D83511A00CF422C /* pcscmonitor.cpp */; }; + DC5AC0EA1D8354CA00CF422C /* reader.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFA51D83511A00CF422C /* reader.cpp */; }; + DC5AC0EB1D8354CA00CF422C /* token.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFA71D83511A00CF422C /* token.cpp */; }; + DC5AC0EC1D8354CA00CF422C /* tokend.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFA91D83511A00CF422C /* tokend.cpp */; }; + DC5AC0ED1D8354CA00CF422C /* tokencache.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFAB1D83511A00CF422C /* tokencache.cpp */; }; + DC5AC0EE1D8354CA00CF422C /* transition.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFAD1D83511A00CF422C /* transition.cpp */; }; + DC5AC0EF1D8354CA00CF422C /* acls.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFB01D83511A00CF422C /* acls.cpp */; }; + DC5AC0F01D8354CA00CF422C /* tokenacl.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFB21D83511A00CF422C /* tokenacl.cpp */; }; + DC5AC0F11D8354CA00CF422C /* acl_keychain.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFB41D83511A00CF422C /* acl_keychain.cpp */; }; + DC5AC0F21D8354CA00CF422C /* acl_partition.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFB61D83511A00CF422C /* acl_partition.cpp */; }; + DC5AC0F31D8354CA00CF422C /* authhost.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFB91D83511A00CF422C /* authhost.cpp */; }; + DC5AC0F41D8354CA00CF422C /* credential.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFBB1D83511A00CF422C /* credential.cpp */; }; + DC5AC0F51D8354CA00CF422C /* clientid.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFBE1D83511A00CF422C /* clientid.cpp */; }; + DC5AC0F61D8354CA00CF422C /* codesigdb.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFC01D83511A00CF422C /* codesigdb.cpp */; }; + DC5AC0F71D8354CA00CF422C /* csproxy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFC31D83511A00CF422C /* csproxy.cpp */; }; + DC5AC0F81D8354CA00CF422C /* agentquery.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFC71D83511A00CF422C /* agentquery.cpp */; }; + DC5AC0F91D8354CA00CF422C /* auditevents.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFC91D83511A00CF422C /* auditevents.cpp */; }; + DC5AC0FA1D8354CA00CF422C /* ccaudit_extensions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFCB1D83511A00CF422C /* ccaudit_extensions.cpp */; }; + DC5AC0FB1D8354CA00CF422C /* child.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFCD1D83511A00CF422C /* child.cpp */; }; + DC5AC0FD1D8354CA00CF422C /* notifications.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFD11D83511A00CF422C /* notifications.cpp */; }; + DC5AC0FE1D8354CA00CF422C /* SharedMemoryServer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5ABFD31D83511A00CF422C /* SharedMemoryServer.cpp */; }; + DC5AC1031D83552000CF422C /* selfServer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5AC1001D83550300CF422C /* selfServer.cpp */; }; + DC5AC1041D83552000CF422C /* selfUser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC5AC1011D83550300CF422C /* selfUser.cpp */; }; + DC5AC1051D83555A00CF422C /* connection.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABF7B1D83511A00CF422C /* connection.h */; }; + DC5AC1061D83555A00CF422C /* database.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABF7D1D83511A00CF422C /* database.h */; }; + DC5AC1071D83555A00CF422C /* key.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABF7F1D83511A00CF422C /* key.h */; }; + DC5AC1081D83555A00CF422C /* process.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABF811D83511A00CF422C /* process.h */; }; + DC5AC1091D83555A00CF422C /* server.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABF831D83511A00CF422C /* server.h */; }; + DC5AC10A1D83555A00CF422C /* session.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABF851D83511A00CF422C /* session.h */; }; + DC5AC10B1D83555A00CF422C /* structure.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABF871D83511A00CF422C /* structure.h */; }; + DC5AC10C1D83555A00CF422C /* dbcrypto.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABF8A1D83511A00CF422C /* dbcrypto.h */; }; + DC5AC10D1D83555A00CF422C /* localdatabase.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABF8D1D83511A00CF422C /* localdatabase.h */; }; + DC5AC10E1D83555A00CF422C /* localkey.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABF8F1D83511A00CF422C /* localkey.h */; }; + DC5AC10F1D83555A00CF422C /* kcdatabase.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABF921D83511A00CF422C /* kcdatabase.h */; }; + DC5AC1101D83555A00CF422C /* kckey.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABF941D83511A00CF422C /* kckey.h */; }; + DC5AC1111D83555A00CF422C /* tempdatabase.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABF971D83511A00CF422C /* tempdatabase.h */; }; + DC5AC1121D83555A00CF422C /* tokendatabase.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABF9A1D83511A00CF422C /* tokendatabase.h */; }; + DC5AC1131D83555A00CF422C /* tokenkey.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABF9C1D83511A00CF422C /* tokenkey.h */; }; + DC5AC1141D83555A00CF422C /* tokenaccess.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABF9E1D83511A00CF422C /* tokenaccess.h */; }; + DC5AC1151D83555A00CF422C /* pcscmonitor.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFA21D83511A00CF422C /* pcscmonitor.h */; }; + DC5AC1161D83555A00CF422C /* reader.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFA41D83511A00CF422C /* reader.h */; }; + DC5AC1171D83555A00CF422C /* token.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFA61D83511A00CF422C /* token.h */; }; + DC5AC1181D83555A00CF422C /* tokend.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFA81D83511A00CF422C /* tokend.h */; }; + DC5AC1191D83555A00CF422C /* tokencache.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFAA1D83511A00CF422C /* tokencache.h */; }; + DC5AC11A1D83555A00CF422C /* acls.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFAF1D83511A00CF422C /* acls.h */; }; + DC5AC11B1D83555A00CF422C /* tokenacl.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFB11D83511A00CF422C /* tokenacl.h */; }; + DC5AC11C1D83555A00CF422C /* acl_keychain.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFB31D83511A00CF422C /* acl_keychain.h */; }; + DC5AC11D1D83555A00CF422C /* acl_partition.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFB51D83511A00CF422C /* acl_partition.h */; }; + DC5AC11E1D83555A00CF422C /* authhost.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFB81D83511A00CF422C /* authhost.h */; }; + DC5AC11F1D83555A00CF422C /* credential.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFBA1D83511A00CF422C /* credential.h */; }; + DC5AC1201D83555A00CF422C /* clientid.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFBD1D83511A00CF422C /* clientid.h */; }; + DC5AC1211D83555A00CF422C /* codesigdb.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFBF1D83511A00CF422C /* codesigdb.h */; }; + DC5AC1221D83555A00CF422C /* csproxy.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFC21D83511A00CF422C /* csproxy.h */; }; + DC5AC1231D83555A00CF422C /* agentclient.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFC51D83511A00CF422C /* agentclient.h */; }; + DC5AC1241D83555A00CF422C /* agentquery.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFC61D83511A00CF422C /* agentquery.h */; }; + DC5AC1251D83555A00CF422C /* auditevents.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFC81D83511A00CF422C /* auditevents.h */; }; + DC5AC1261D83555A00CF422C /* ccaudit_extensions.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFCA1D83511A00CF422C /* ccaudit_extensions.h */; }; + DC5AC1271D83555A00CF422C /* child.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFCC1D83511A00CF422C /* child.h */; }; + DC5AC1291D83555A00CF422C /* notifications.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFD01D83511A00CF422C /* notifications.h */; }; + DC5AC12A1D83555A00CF422C /* SharedMemoryServer.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFD21D83511A00CF422C /* SharedMemoryServer.h */; }; + DC5AC12B1D83555A00CF422C /* self.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5AC0FF1D83550300CF422C /* self.h */; }; + DC5AC12D1D83560100CF422C /* securityd_dtrace.h in Headers */ = {isa = PBXBuildFile; fileRef = DC5ABFD91D83512A00CF422C /* securityd_dtrace.h */; }; + DC610A181D78F129002223DE /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = 0C0BDB31175685B000BC1A7E /* main.m */; }; + DC610A1D1D78F129002223DE /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E43C48C1B00D07000E5ECB2 /* CoreFoundation.framework */; }; + DC610A1E1D78F129002223DE /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; + DC610A271D78F129002223DE /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C32C0AF0A4975F6002891BD /* Security.framework */; }; + DC610A281D78F129002223DE /* CFNetwork.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CF730310EF9CDE300E17471 /* CFNetwork.framework */; }; + DC610A291D78F129002223DE /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CBCE5A90BE7F69100FF81F5 /* IOKit.framework */; }; + DC610A2B1D78F129002223DE /* libcoreauthd_test_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E8B53A41AA0B8A600345E7B /* libcoreauthd_test_client.a */; }; + DC610A2C1D78F129002223DE /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF8C1A01472C000958DC /* libaks_acl.a */; }; + DC610A2E1D78F129002223DE /* libsqlite3.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CB740680A4749C800D641BB /* libsqlite3.dylib */; }; + DC610A2F1D78F129002223DE /* libctkclient_test.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4469FBDC1AA0A45C0021AA26 /* libctkclient_test.a */; }; + DC610A391D78F1B7002223DE /* libaks.a in Frameworks */ = {isa = PBXBuildFile; fileRef = EB2CA4D81D2C28C800AB770F /* libaks.a */; }; + DC610A3B1D78F234002223DE /* libACM.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC610A3A1D78F228002223DE /* libACM.a */; }; + DC610A3D1D78F25C002223DE /* libDiagnosticMessagesClient.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC610A3C1D78F25C002223DE /* libDiagnosticMessagesClient.dylib */; }; + DC610A501D78F715002223DE /* main.c in Sources */ = {isa = PBXBuildFile; fileRef = DC610A4F1D78F715002223DE /* main.c */; }; + DC610A511D78F744002223DE /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789041D77980500B50D50 /* Security.framework */; }; + DC610A521D78F74A002223DE /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789241D7799CD00B50D50 /* CoreFoundation.framework */; }; + DC610A611D78F9F2002223DE /* FatDynamicValidation.c in Sources */ = {isa = PBXBuildFile; fileRef = DC610A601D78F9F2002223DE /* FatDynamicValidation.c */; }; + DC610A651D78FA5B002223DE /* CaspianTests in CopyFiles */ = {isa = PBXBuildFile; fileRef = DC610A631D78FA54002223DE /* CaspianTests */; }; + DC610A661D78FA5B002223DE /* LocalCaspianTestRun.sh in CopyFiles */ = {isa = PBXBuildFile; fileRef = DC610A641D78FA54002223DE /* LocalCaspianTestRun.sh */; }; + DC610A691D78FA8C002223DE /* teamid.sh in CopyFiles */ = {isa = PBXBuildFile; fileRef = DC610A671D78FA76002223DE /* teamid.sh */; }; + DC610A6A1D78FA8C002223DE /* validation.sh in CopyFiles */ = {isa = PBXBuildFile; fileRef = DC610A681D78FA87002223DE /* validation.sh */; }; + DC610AB11D7910C3002223DE /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789241D7799CD00B50D50 /* CoreFoundation.framework */; }; + DC610ABA1D7910F8002223DE /* gk_reset_check.c in Sources */ = {isa = PBXBuildFile; fileRef = DC610AB91D7910F8002223DE /* gk_reset_check.c */; }; + DC63CAF81D91A15F00C03317 /* libsecurity_cms_regressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1002CB1D8E19D70025549C /* libsecurity_cms_regressions.a */; }; + DC65E7231D8CB28900152EF0 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DC65E7241D8CB29E00152EF0 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DC65E7271D8CB2EC00152EF0 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DC65E72A1D8CB2FC00152EF0 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DC65E72D1D8CB31B00152EF0 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DC65E7301D8CB32D00152EF0 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DC65E7311D8CB33800152EF0 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DC65E7361D8CB35E00152EF0 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DC65E7371D8CB37500152EF0 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DC65E73C1D8CB39B00152EF0 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DC65E7751D8CB81000152EF0 /* libregressionBase.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCBFD1D8C648C00070CB0 /* libregressionBase.a */; }; + DC65E7761D8CB81A00152EF0 /* libregressionBase.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCBFD1D8C648C00070CB0 /* libregressionBase.a */; }; + DC65E7771D8CB82500152EF0 /* libregressionBase.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCBFD1D8C648C00070CB0 /* libregressionBase.a */; }; + DC65E7781D8CB8A500152EF0 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8C61D80C25800B0A59C /* libSecureObjectSync.a */; }; + DC65E77A1D8CB8D200152EF0 /* libsqlite3.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CB740680A4749C800D641BB /* libsqlite3.dylib */; }; + DC65E77B1D8CB8E800152EF0 /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CBCE5A90BE7F69100FF81F5 /* IOKit.framework */; settings = {ATTRIBUTES = (Weak, ); }; }; + DC65E77C1D8CB8F100152EF0 /* MobileKeyBag.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FC30AB1332DE9000802946 /* MobileKeyBag.framework */; settings = {ATTRIBUTES = (Weak, ); }; }; + DC65E7BD1D8CBA6C00152EF0 /* libsecurityd_ios.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E7C21D80BC8000B0A59C /* libsecurityd_ios.a */; }; + DC65E7C01D8CBB1500152EF0 /* readline.c in Sources */ = {isa = PBXBuildFile; fileRef = DC65E7BE1D8CBB1500152EF0 /* readline.c */; }; + DC65E7C11D8CBB1500152EF0 /* readline.h in Headers */ = {isa = PBXBuildFile; fileRef = DC65E7BF1D8CBB1500152EF0 /* readline.h */; }; + DC65E7C21D8CBB5800152EF0 /* libregressionBase.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCBFD1D8C648C00070CB0 /* libregressionBase.a */; }; + DC65E7C31D8CBBA200152EF0 /* libregressionBase.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCBFD1D8C648C00070CB0 /* libregressionBase.a */; }; + DC65E7C41D8CBC0900152EF0 /* libregressionBase.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCBFD1D8C648C00070CB0 /* libregressionBase.a */; }; + DC6A82A01D87761700418608 /* cshosting.h in Headers */ = {isa = PBXBuildFile; fileRef = DC6A82841D87734600418608 /* cshosting.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC6A82A11D87761F00418608 /* ucspNotify.h in Headers */ = {isa = PBXBuildFile; fileRef = DC6A827E1D87734600418608 /* ucspNotify.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC6A82A21D87762400418608 /* ucsp.h in Headers */ = {isa = PBXBuildFile; fileRef = DC6A827D1D87734600418608 /* ucsp.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC6A82A31D87762900418608 /* ucsp_types.h in Headers */ = {isa = PBXBuildFile; fileRef = DC6A82741D87732E00418608 /* ucsp_types.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC6A82A41D87762F00418608 /* ss_types.h in Headers */ = {isa = PBXBuildFile; fileRef = DC6A82731D87732E00418608 /* ss_types.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC6A82A51D87763300418608 /* sstransit.h in Headers */ = {isa = PBXBuildFile; fileRef = DC6A826F1D87732E00418608 /* sstransit.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC6A82A61D87763C00418608 /* ssnotify.h in Headers */ = {isa = PBXBuildFile; fileRef = DC6A826D1D87732E00418608 /* ssnotify.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC6A82A71D87764300418608 /* eventlistener.h in Headers */ = {isa = PBXBuildFile; fileRef = DC6A826B1D87732E00418608 /* eventlistener.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC6A82A81D87764A00418608 /* xdr_dldb.h in Headers */ = {isa = PBXBuildFile; fileRef = DC6A82641D87732E00418608 /* xdr_dldb.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC6A82A91D87764F00418608 /* xdr_cssm.h in Headers */ = {isa = PBXBuildFile; fileRef = DC6A82621D87732E00418608 /* xdr_cssm.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC6A82AA1D87765600418608 /* xdr_auth.h in Headers */ = {isa = PBXBuildFile; fileRef = DC6A82601D87732E00418608 /* xdr_auth.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC6A82AB1D87765B00418608 /* dictionary.h in Headers */ = {isa = PBXBuildFile; fileRef = DC6A82581D87732E00418608 /* dictionary.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC6A82AC1D87765F00418608 /* ssblob.h in Headers */ = {isa = PBXBuildFile; fileRef = DC6A82561D87732E00418608 /* ssblob.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC6A82AD1D87766500418608 /* sscommon.h in Headers */ = {isa = PBXBuildFile; fileRef = DC6A82551D87732E00418608 /* sscommon.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC6A82AE1D87766C00418608 /* handletypes.h in Headers */ = {isa = PBXBuildFile; fileRef = DC6A82541D87732E00418608 /* handletypes.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC6A82AF1D87767200418608 /* SharedMemoryCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = DC6A82531D87732E00418608 /* SharedMemoryCommon.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC6A82B01D87767700418608 /* ssclient.h in Headers */ = {isa = PBXBuildFile; fileRef = DC6A826C1D87732E00418608 /* ssclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC6A82B11D87769800418608 /* dictionary.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC6A82591D87732E00418608 /* dictionary.cpp */; }; + DC6A82B21D87769800418608 /* sec_xdr.c in Sources */ = {isa = PBXBuildFile; fileRef = DC6A825B1D87732E00418608 /* sec_xdr.c */; }; + DC6A82B31D87769800418608 /* sec_xdr_array.c in Sources */ = {isa = PBXBuildFile; fileRef = DC6A825C1D87732E00418608 /* sec_xdr_array.c */; }; + DC6A82B41D87769800418608 /* sec_xdr_reference.c in Sources */ = {isa = PBXBuildFile; fileRef = DC6A825D1D87732E00418608 /* sec_xdr_reference.c */; }; + DC6A82B51D87769800418608 /* sec_xdrmem.c in Sources */ = {isa = PBXBuildFile; fileRef = DC6A825E1D87732E00418608 /* sec_xdrmem.c */; }; + DC6A82B61D87769800418608 /* sec_xdr_sizeof.c in Sources */ = {isa = PBXBuildFile; fileRef = DC6A825F1D87732E00418608 /* sec_xdr_sizeof.c */; }; + DC6A82B71D87769800418608 /* xdr_auth.c in Sources */ = {isa = PBXBuildFile; fileRef = DC6A82611D87732E00418608 /* xdr_auth.c */; }; + DC6A82B81D87769800418608 /* xdr_cssm.c in Sources */ = {isa = PBXBuildFile; fileRef = DC6A82631D87732E00418608 /* xdr_cssm.c */; }; + DC6A82B91D87769800418608 /* xdr_dldb.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC6A82651D87732E00418608 /* xdr_dldb.cpp */; }; + DC6A82BA1D87769800418608 /* SharedMemoryClient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC6A82681D87732E00418608 /* SharedMemoryClient.cpp */; }; + DC6A82BB1D87769800418608 /* eventlistener.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC6A826A1D87732E00418608 /* eventlistener.cpp */; }; + DC6A82BC1D87769800418608 /* ssclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC6A826E1D87732E00418608 /* ssclient.cpp */; }; + DC6A82BD1D87769800418608 /* sstransit.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC6A82701D87732E00418608 /* sstransit.cpp */; }; + DC6A82BE1D87769800418608 /* transition.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC6A82711D87732E00418608 /* transition.cpp */; }; + DC6A82BF1D8776B300418608 /* ucspClient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC6A827F1D87734600418608 /* ucspClient.cpp */; }; + DC6A82C01D8776B300418608 /* ucspNotifySender.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC6A82821D87734600418608 /* ucspNotifySender.cpp */; }; + DC6A82C11D8776B900418608 /* cshostingClient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC6A82851D87734600418608 /* cshostingClient.cpp */; }; + DC6A82C21D8776B900418608 /* cshostingServer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC6A82861D87734600418608 /* cshostingServer.cpp */; }; + DC6A82C41D8776D800418608 /* ssblob.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC6A82571D87732E00418608 /* ssblob.cpp */; }; + DC6BC2721D90D05900DD57B3 /* com.apple.securityd.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = DC5ABFE41D83514700CF422C /* com.apple.securityd.plist */; }; + DC71D85C1D94CCD40065FB93 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789041D77980500B50D50 /* Security.framework */; }; + DC71D8F51D959F150065FB93 /* com.apple.securityd.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCE4E80D1D7A4E3A00AFB96E /* com.apple.securityd.plist */; }; + DC71D9A11D95BA6C0065FB93 /* SecAsn1Coder.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785131D77895A00B50D50 /* SecAsn1Coder.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9A21D95BA6C0065FB93 /* SecAsn1Templates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785141D77895A00B50D50 /* SecAsn1Templates.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9A31D95BA6C0065FB93 /* SecAsn1Types.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785151D77895A00B50D50 /* SecAsn1Types.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9A41D95BA6C0065FB93 /* SecNssCoder.h in Headers */ = {isa = PBXBuildFile; fileRef = DC8834421D8A21AA00CE0ACA /* SecNssCoder.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9A51D95BA6C0065FB93 /* X509Templates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787691D77911D00B50D50 /* X509Templates.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9A61D95BA6C0065FB93 /* oidsbase.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785681D778B4A00B50D50 /* oidsbase.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9A71D95BA6C0065FB93 /* certExtensionTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787621D77911D00B50D50 /* certExtensionTemplates.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9A81D95BA6C0065FB93 /* csrTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787631D77911D00B50D50 /* csrTemplates.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9A91D95BA6C0065FB93 /* keyTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787641D77911D00B50D50 /* keyTemplates.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9AA1D95BA6C0065FB93 /* nameTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787651D77911D00B50D50 /* nameTemplates.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9AB1D95BA6C0065FB93 /* nssUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = DC8834201D8A21AA00CE0ACA /* nssUtils.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9AC1D95BA6C0065FB93 /* ocspTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787661D77911D00B50D50 /* ocspTemplates.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9AD1D95BA6C0065FB93 /* oidsalg.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785111D77895A00B50D50 /* oidsalg.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9AE1D95BA6C0065FB93 /* oidsattr.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785121D77895A00B50D50 /* oidsattr.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9AF1D95BA6C0065FB93 /* oidsocsp.h in Headers */ = {isa = PBXBuildFile; fileRef = DC88344F1D8A21AA00CE0ACA /* oidsocsp.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9B01D95BA6C0065FB93 /* osKeyTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787671D77911D00B50D50 /* osKeyTemplates.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9B11D95BA6C0065FB93 /* pkcs12Templates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC88341A1D8A21AA00CE0ACA /* pkcs12Templates.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9B21D95BA6C0065FB93 /* pkcs7Templates.h in Headers */ = {isa = PBXBuildFile; fileRef = DC8834181D8A21AA00CE0ACA /* pkcs7Templates.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9B31D95BA6C0065FB93 /* plarena.h in Headers */ = {isa = PBXBuildFile; fileRef = DC8834241D8A21AA00CE0ACA /* plarena.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9B41D95BA6C0065FB93 /* plarenas.h in Headers */ = {isa = PBXBuildFile; fileRef = DC8834251D8A21AA00CE0ACA /* plarenas.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9B51D95BA6C0065FB93 /* plstr.h in Headers */ = {isa = PBXBuildFile; fileRef = DC8834261D8A21AA00CE0ACA /* plstr.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9B61D95BA6C0065FB93 /* prbit.h in Headers */ = {isa = PBXBuildFile; fileRef = DC8834271D8A21AA00CE0ACA /* prbit.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9B71D95BA6C0065FB93 /* prcpucfg.h in Headers */ = {isa = PBXBuildFile; fileRef = DC8834281D8A21AA00CE0ACA /* prcpucfg.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9B81D95BA6C0065FB93 /* prerr.h in Headers */ = {isa = PBXBuildFile; fileRef = DC88342B1D8A21AA00CE0ACA /* prerr.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9B91D95BA6C0065FB93 /* prerror.h in Headers */ = {isa = PBXBuildFile; fileRef = DC88342C1D8A21AA00CE0ACA /* prerror.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9BA1D95BA6C0065FB93 /* prlog.h in Headers */ = {isa = PBXBuildFile; fileRef = DC8834301D8A21AA00CE0ACA /* prlog.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9BB1D95BA6C0065FB93 /* prmem.h in Headers */ = {isa = PBXBuildFile; fileRef = DC8834321D8A21AA00CE0ACA /* prmem.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9BC1D95BA6C0065FB93 /* protypes.h in Headers */ = {isa = PBXBuildFile; fileRef = DC8834341D8A21AA00CE0ACA /* protypes.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9BD1D95BA6C0065FB93 /* prtypes.h in Headers */ = {isa = PBXBuildFile; fileRef = DC8834371D8A21AA00CE0ACA /* prtypes.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9BE1D95BA6C0065FB93 /* secasn1.h in Headers */ = {isa = PBXBuildFile; fileRef = DC8834391D8A21AA00CE0ACA /* secasn1.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9BF1D95BA6C0065FB93 /* secasn1t.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787681D77911D00B50D50 /* secasn1t.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9C01D95BA6C0065FB93 /* seccomon.h in Headers */ = {isa = PBXBuildFile; fileRef = DC88343E1D8A21AA00CE0ACA /* seccomon.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9C11D95BA6C0065FB93 /* secerr.h in Headers */ = {isa = PBXBuildFile; fileRef = DC88343F1D8A21AA00CE0ACA /* secerr.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9C21D95BA6C0065FB93 /* secport.h in Headers */ = {isa = PBXBuildFile; fileRef = DC8834441D8A21AA00CE0ACA /* secport.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9C41D95BA6C0065FB93 /* X509Templates.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834451D8A21AA00CE0ACA /* X509Templates.c */; }; + DC71D9C51D95BA6C0065FB93 /* keyTemplates.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834131D8A21AA00CE0ACA /* keyTemplates.c */; }; + DC71D9C61D95BA6C0065FB93 /* SecAsn1Templates.c in Sources */ = {isa = PBXBuildFile; fileRef = DC88340C1D8A21AA00CE0ACA /* SecAsn1Templates.c */; }; + DC71D9C71D95BA6C0065FB93 /* osKeyTemplates.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834471D8A21AA00CE0ACA /* osKeyTemplates.c */; }; + DC71D9C81D95BA6C0065FB93 /* nsprPortX.c in Sources */ = {isa = PBXBuildFile; fileRef = DC88341B1D8A21AA00CE0ACA /* nsprPortX.c */; }; + DC71D9C91D95BA6C0065FB93 /* nameTemplates.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834151D8A21AA00CE0ACA /* nameTemplates.c */; }; + DC71D9CA1D95BA6C0065FB93 /* pkcs7Templates.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834171D8A21AA00CE0ACA /* pkcs7Templates.c */; }; + DC71D9CB1D95BA6C0065FB93 /* plarena.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834231D8A21AA00CE0ACA /* plarena.c */; }; + DC71D9CC1D95BA6C0065FB93 /* secasn1e.c in Sources */ = {isa = PBXBuildFile; fileRef = DC88343B1D8A21AA00CE0ACA /* secasn1e.c */; }; + DC71D9CD1D95BA6C0065FB93 /* SecNssCoder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC8834411D8A21AA00CE0ACA /* SecNssCoder.cpp */; }; + DC71D9CE1D95BA6C0065FB93 /* oidsalg.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834491D8A21AA00CE0ACA /* oidsalg.c */; }; + DC71D9CF1D95BA6C0065FB93 /* ocspTemplates.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834211D8A21AA00CE0ACA /* ocspTemplates.c */; }; + DC71D9D01D95BA6C0065FB93 /* certExtensionTemplates.c in Sources */ = {isa = PBXBuildFile; fileRef = DC88340F1D8A21AA00CE0ACA /* certExtensionTemplates.c */; }; + DC71D9D11D95BA6C0065FB93 /* secport.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834431D8A21AA00CE0ACA /* secport.c */; }; + DC71D9D21D95BA6C0065FB93 /* nssUtils.c in Sources */ = {isa = PBXBuildFile; fileRef = DC88341F1D8A21AA00CE0ACA /* nssUtils.c */; }; + DC71D9D31D95BA6C0065FB93 /* pkcs12Templates.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834191D8A21AA00CE0ACA /* pkcs12Templates.c */; }; + DC71D9D41D95BA6C0065FB93 /* csrTemplates.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834111D8A21AA00CE0ACA /* csrTemplates.c */; }; + DC71D9D51D95BA6C0065FB93 /* oidsattr.c in Sources */ = {isa = PBXBuildFile; fileRef = DC88344B1D8A21AA00CE0ACA /* oidsattr.c */; }; + DC71D9D61D95BA6C0065FB93 /* secErrorStr.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834401D8A21AA00CE0ACA /* secErrorStr.c */; }; + DC71D9D71D95BA6C0065FB93 /* oidsocsp.c in Sources */ = {isa = PBXBuildFile; fileRef = DC88344E1D8A21AA00CE0ACA /* oidsocsp.c */; }; + DC71D9D81D95BA6C0065FB93 /* secasn1d.c in Sources */ = {isa = PBXBuildFile; fileRef = DC88343A1D8A21AA00CE0ACA /* secasn1d.c */; }; + DC71D9D91D95BA6C0065FB93 /* SecAsn1Coder.c in Sources */ = {isa = PBXBuildFile; fileRef = DC88340A1D8A21AA00CE0ACA /* SecAsn1Coder.c */; }; + DC71D9DA1D95BA6C0065FB93 /* secasn1u.c in Sources */ = {isa = PBXBuildFile; fileRef = DC88343D1D8A21AA00CE0ACA /* secasn1u.c */; }; + DC71D9E61D95BB0A0065FB93 /* oidsPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DC59E9FC1D91CA0A001BDDF5 /* oidsPriv.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9E71D95BB0A0065FB93 /* libDER.h in Headers */ = {isa = PBXBuildFile; fileRef = DC59E9F71D91CA0A001BDDF5 /* libDER.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9E81D95BB0A0065FB93 /* DER_Decode.h in Headers */ = {isa = PBXBuildFile; fileRef = DC59E9F31D91CA0A001BDDF5 /* DER_Decode.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9E91D95BB0A0065FB93 /* DER_Keys.h in Headers */ = {isa = PBXBuildFile; fileRef = DC59E9EE1D91CA0A001BDDF5 /* DER_Keys.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9EA1D95BB0A0065FB93 /* DER_Encode.h in Headers */ = {isa = PBXBuildFile; fileRef = DC59E9F51D91CA0A001BDDF5 /* DER_Encode.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9EB1D95BB0A0065FB93 /* DER_Digest.h in Headers */ = {isa = PBXBuildFile; fileRef = DC59E9F81D91CA0A001BDDF5 /* DER_Digest.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9ED1D95BB0A0065FB93 /* asn1Types.h in Headers */ = {isa = PBXBuildFile; fileRef = DC59E9EF1D91CA0A001BDDF5 /* asn1Types.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9EE1D95BB0A0065FB93 /* libDER_config.h in Headers */ = {isa = PBXBuildFile; fileRef = DC59E9F61D91CA0A001BDDF5 /* libDER_config.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9EF1D95BB0A0065FB93 /* DER_CertCrl.h in Headers */ = {isa = PBXBuildFile; fileRef = DC59E9F11D91CA0A001BDDF5 /* DER_CertCrl.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC71D9F11D95BB0A0065FB93 /* DER_Decode.c in Sources */ = {isa = PBXBuildFile; fileRef = DC59E9F21D91CA0A001BDDF5 /* DER_Decode.c */; }; + DC71D9F21D95BB0A0065FB93 /* DER_Encode.c in Sources */ = {isa = PBXBuildFile; fileRef = DC59E9F41D91CA0A001BDDF5 /* DER_Encode.c */; }; + DC71D9F31D95BB0A0065FB93 /* DER_Keys.c in Sources */ = {isa = PBXBuildFile; fileRef = DC59E9ED1D91CA0A001BDDF5 /* DER_Keys.c */; }; + DC71D9F41D95BB0A0065FB93 /* DER_Digest.c in Sources */ = {isa = PBXBuildFile; fileRef = DC59E9F91D91CA0A001BDDF5 /* DER_Digest.c */; }; + DC71D9F51D95BB0A0065FB93 /* oids.c in Sources */ = {isa = PBXBuildFile; fileRef = DC59E9FA1D91CA0A001BDDF5 /* oids.c */; }; + DC71D9F61D95BB0A0065FB93 /* DER_CertCrl.c in Sources */ = {isa = PBXBuildFile; fileRef = DC59E9F01D91CA0A001BDDF5 /* DER_CertCrl.c */; }; + DC84E0BC1D9B2B6A004C57F7 /* libsecurity_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCD06AB01D8E0D53007602F1 /* libsecurity_utilities.a */; }; + DC84E0BD1D9B2B8C004C57F7 /* libsqlite3.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CB740680A4749C800D641BB /* libsqlite3.dylib */; }; + DC8834521D8A21AA00CE0ACA /* SecAsn1Coder.c in Sources */ = {isa = PBXBuildFile; fileRef = DC88340A1D8A21AA00CE0ACA /* SecAsn1Coder.c */; }; + DC8834541D8A21AA00CE0ACA /* SecAsn1Templates.c in Sources */ = {isa = PBXBuildFile; fileRef = DC88340C1D8A21AA00CE0ACA /* SecAsn1Templates.c */; }; + DC8834571D8A21AA00CE0ACA /* certExtensionTemplates.c in Sources */ = {isa = PBXBuildFile; fileRef = DC88340F1D8A21AA00CE0ACA /* certExtensionTemplates.c */; }; + DC8834591D8A21AA00CE0ACA /* csrTemplates.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834111D8A21AA00CE0ACA /* csrTemplates.c */; }; + DC88345B1D8A21AA00CE0ACA /* keyTemplates.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834131D8A21AA00CE0ACA /* keyTemplates.c */; }; + DC88345D1D8A21AA00CE0ACA /* nameTemplates.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834151D8A21AA00CE0ACA /* nameTemplates.c */; }; + DC88345F1D8A21AA00CE0ACA /* pkcs7Templates.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834171D8A21AA00CE0ACA /* pkcs7Templates.c */; }; + DC8834611D8A21AA00CE0ACA /* pkcs12Templates.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834191D8A21AA00CE0ACA /* pkcs12Templates.c */; }; + DC8834631D8A21AA00CE0ACA /* nsprPortX.c in Sources */ = {isa = PBXBuildFile; fileRef = DC88341B1D8A21AA00CE0ACA /* nsprPortX.c */; }; + DC8834671D8A21AA00CE0ACA /* nssUtils.c in Sources */ = {isa = PBXBuildFile; fileRef = DC88341F1D8A21AA00CE0ACA /* nssUtils.c */; }; + DC8834691D8A21AA00CE0ACA /* ocspTemplates.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834211D8A21AA00CE0ACA /* ocspTemplates.c */; }; + DC88346B1D8A21AA00CE0ACA /* plarena.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834231D8A21AA00CE0ACA /* plarena.c */; }; + DC8834821D8A21AB00CE0ACA /* secasn1d.c in Sources */ = {isa = PBXBuildFile; fileRef = DC88343A1D8A21AA00CE0ACA /* secasn1d.c */; }; + DC8834831D8A21AB00CE0ACA /* secasn1e.c in Sources */ = {isa = PBXBuildFile; fileRef = DC88343B1D8A21AA00CE0ACA /* secasn1e.c */; }; + DC8834851D8A21AB00CE0ACA /* secasn1u.c in Sources */ = {isa = PBXBuildFile; fileRef = DC88343D1D8A21AA00CE0ACA /* secasn1u.c */; }; + DC8834881D8A21AB00CE0ACA /* secErrorStr.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834401D8A21AA00CE0ACA /* secErrorStr.c */; }; + DC8834891D8A21AB00CE0ACA /* SecNssCoder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DC8834411D8A21AA00CE0ACA /* SecNssCoder.cpp */; }; + DC88348B1D8A21AB00CE0ACA /* secport.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834431D8A21AA00CE0ACA /* secport.c */; }; + DC88348D1D8A21AB00CE0ACA /* X509Templates.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834451D8A21AA00CE0ACA /* X509Templates.c */; }; + DC88348F1D8A21AB00CE0ACA /* osKeyTemplates.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834471D8A21AA00CE0ACA /* osKeyTemplates.c */; }; + DC8834911D8A21AB00CE0ACA /* oidsalg.c in Sources */ = {isa = PBXBuildFile; fileRef = DC8834491D8A21AA00CE0ACA /* oidsalg.c */; }; + DC8834931D8A21AB00CE0ACA /* oidsattr.c in Sources */ = {isa = PBXBuildFile; fileRef = DC88344B1D8A21AA00CE0ACA /* oidsattr.c */; }; + DC8834961D8A21AB00CE0ACA /* oidsocsp.c in Sources */ = {isa = PBXBuildFile; fileRef = DC88344E1D8A21AA00CE0ACA /* oidsocsp.c */; }; + DC9036B31D9DFED600B6C234 /* ss_types.defs in Headers */ = {isa = PBXBuildFile; fileRef = DC6A82771D87733C00418608 /* ss_types.defs */; settings = {ATTRIBUTES = (Public, ); }; }; + DC963E7E1D95EBB1008A153E /* libsecurity_apple_csp.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCF784F81D88B63800E694BB /* libsecurity_apple_csp.plist */; }; + DC963E801D95EBD1008A153E /* libsecurity_apple_csp.txt in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCF784F91D88B63800E694BB /* libsecurity_apple_csp.txt */; }; + DC963E821D95EC1C008A153E /* libsecurity_codesigning.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCD068CB1D8CDFFE007602F1 /* libsecurity_codesigning.plist */; }; + DC963E841D95EC31008A153E /* libsecurity_codesigning.txt in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCD068CC1D8CDFFE007602F1 /* libsecurity_codesigning.txt */; }; + DC963EC51D95F52C008A153E /* oids.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1785421D778A7400B50D50 /* oids.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DC963EC61D95F646008A153E /* der_plist.h in Headers */ = {isa = PBXBuildFile; fileRef = 524492931AFD6D480043695A /* der_plist.h */; }; + DCB3407D1D8A24F70054D16E /* Authorization.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB3406F1D8A24F70054D16E /* Authorization.c */; }; + DCB340841D8A24F70054D16E /* Authorization.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340761D8A24F70054D16E /* Authorization.cpp */; }; + DCB340871D8A24F70054D16E /* trampolineClient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340791D8A24F70054D16E /* trampolineClient.cpp */; }; + DCB340881D8A24F70054D16E /* trampolineServer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3407A1D8A24F70054D16E /* trampolineServer.cpp */; }; + DCB340C21D8A26AE0054D16E /* aclclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340961D8A26AE0054D16E /* aclclient.cpp */; }; + DCB340C31D8A26AE0054D16E /* aclclient.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB340971D8A26AE0054D16E /* aclclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB340C41D8A26AE0054D16E /* clclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340981D8A26AE0054D16E /* clclient.cpp */; }; + DCB340C51D8A26AE0054D16E /* clclient.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB340991D8A26AE0054D16E /* clclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB340C61D8A26AE0054D16E /* cryptoclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3409A1D8A26AE0054D16E /* cryptoclient.cpp */; }; + DCB340C71D8A26AE0054D16E /* cryptoclient.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3409B1D8A26AE0054D16E /* cryptoclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB340C81D8A26AE0054D16E /* cspclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3409C1D8A26AE0054D16E /* cspclient.cpp */; }; + DCB340C91D8A26AE0054D16E /* cspclient.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3409D1D8A26AE0054D16E /* cspclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB340CA1D8A26AE0054D16E /* cssmclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3409E1D8A26AE0054D16E /* cssmclient.cpp */; }; + DCB340CB1D8A26AE0054D16E /* cssmclient.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3409F1D8A26AE0054D16E /* cssmclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB340CC1D8A26AE0054D16E /* dlclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340A01D8A26AE0054D16E /* dlclient.cpp */; }; + DCB340CD1D8A26AE0054D16E /* dlclientpriv.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340A11D8A26AE0054D16E /* dlclientpriv.cpp */; }; + DCB340CE1D8A26AE0054D16E /* dlclient.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB340A21D8A26AE0054D16E /* dlclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB340CF1D8A26AE0054D16E /* dliterators.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340A31D8A26AE0054D16E /* dliterators.cpp */; }; + DCB340D01D8A26AE0054D16E /* dliterators.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB340A41D8A26AE0054D16E /* dliterators.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB340D11D8A26AE0054D16E /* dlquery.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340A51D8A26AE0054D16E /* dlquery.cpp */; }; + DCB340D21D8A26AE0054D16E /* dlquery.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB340A61D8A26AE0054D16E /* dlquery.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB340D31D8A26AE0054D16E /* dl_standard.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340A71D8A26AE0054D16E /* dl_standard.cpp */; }; + DCB340D41D8A26AE0054D16E /* dl_standard.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB340A81D8A26AE0054D16E /* dl_standard.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB340D51D8A26AE0054D16E /* DLDBList.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340A91D8A26AE0054D16E /* DLDBList.cpp */; }; + DCB340D61D8A26AE0054D16E /* DLDBList.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB340AA1D8A26AE0054D16E /* DLDBList.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB340D71D8A26AE0054D16E /* genkey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340AB1D8A26AE0054D16E /* genkey.cpp */; }; + DCB340D81D8A26AE0054D16E /* genkey.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB340AC1D8A26AE0054D16E /* genkey.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB340D91D8A26AE0054D16E /* keychainacl.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340AD1D8A26AE0054D16E /* keychainacl.cpp */; }; + DCB340DA1D8A26AE0054D16E /* keychainacl.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB340AE1D8A26AE0054D16E /* keychainacl.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB340DB1D8A26AE0054D16E /* keyclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340AF1D8A26AE0054D16E /* keyclient.cpp */; }; + DCB340DC1D8A26AE0054D16E /* keyclient.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB340B01D8A26AE0054D16E /* keyclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB340DD1D8A26AE0054D16E /* macclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340B11D8A26AE0054D16E /* macclient.cpp */; }; + DCB340DE1D8A26AE0054D16E /* macclient.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB340B21D8A26AE0054D16E /* macclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB340DF1D8A26AE0054D16E /* mdsclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340B31D8A26AE0054D16E /* mdsclient.cpp */; }; + DCB340E01D8A26AE0054D16E /* mdsclient.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB340B41D8A26AE0054D16E /* mdsclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB340E11D8A26AE0054D16E /* mds_standard.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340B51D8A26AE0054D16E /* mds_standard.cpp */; }; + DCB340E21D8A26AE0054D16E /* mds_standard.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB340B61D8A26AE0054D16E /* mds_standard.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB340E31D8A26AE0054D16E /* multidldb.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340B71D8A26AE0054D16E /* multidldb.cpp */; }; + DCB340E41D8A26AE0054D16E /* multidldb.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB340B81D8A26AE0054D16E /* multidldb.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB340E51D8A26AE0054D16E /* securestorage.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340B91D8A26AE0054D16E /* securestorage.cpp */; }; + DCB340E61D8A26AE0054D16E /* securestorage.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB340BA1D8A26AE0054D16E /* securestorage.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB340E71D8A26AE0054D16E /* signclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340BB1D8A26AE0054D16E /* signclient.cpp */; }; + DCB340E81D8A26AE0054D16E /* signclient.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB340BC1D8A26AE0054D16E /* signclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB340E91D8A26AE0054D16E /* tpclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340BD1D8A26AE0054D16E /* tpclient.cpp */; }; + DCB340EA1D8A26AE0054D16E /* tpclient.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB340BE1D8A26AE0054D16E /* tpclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB340EB1D8A26AE0054D16E /* wrapkey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB340BF1D8A26AE0054D16E /* wrapkey.cpp */; }; + DCB340EC1D8A26AE0054D16E /* wrapkey.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB340C01D8A26AE0054D16E /* wrapkey.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB3415A1D8A2A340054D16E /* ACsession.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341381D8A2A340054D16E /* ACsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB3415B1D8A2A340054D16E /* c++plugin.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341391D8A2A340054D16E /* c++plugin.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB3415C1D8A2A340054D16E /* CLsession.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3413A1D8A2A340054D16E /* CLsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB3415D1D8A2A340054D16E /* CSPsession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3413B1D8A2A340054D16E /* CSPsession.cpp */; }; + DCB3415E1D8A2A340054D16E /* CSPsession.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3413C1D8A2A340054D16E /* CSPsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB3415F1D8A2A340054D16E /* csputilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3413D1D8A2A340054D16E /* csputilities.cpp */; }; + DCB341601D8A2A340054D16E /* cssmplugin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3413E1D8A2A340054D16E /* cssmplugin.cpp */; }; + DCB341611D8A2A340054D16E /* cssmplugin.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3413F1D8A2A340054D16E /* cssmplugin.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341621D8A2A340054D16E /* Database.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341401D8A2A340054D16E /* Database.cpp */; }; + DCB341631D8A2A340054D16E /* Database.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341411D8A2A340054D16E /* Database.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341641D8A2A340054D16E /* DatabaseSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341421D8A2A340054D16E /* DatabaseSession.cpp */; }; + DCB341651D8A2A340054D16E /* DatabaseSession.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341431D8A2A340054D16E /* DatabaseSession.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341661D8A2A340054D16E /* DbContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341441D8A2A340054D16E /* DbContext.cpp */; }; + DCB341671D8A2A340054D16E /* DbContext.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341451D8A2A340054D16E /* DbContext.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341681D8A2A340054D16E /* DLsession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341461D8A2A340054D16E /* DLsession.cpp */; }; + DCB341691D8A2A340054D16E /* DLsession.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341471D8A2A340054D16E /* DLsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB3416A1D8A2A340054D16E /* pluginsession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3414B1D8A2A340054D16E /* pluginsession.cpp */; }; + DCB3416B1D8A2A340054D16E /* pluginsession.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3414C1D8A2A340054D16E /* pluginsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB3416C1D8A2A340054D16E /* pluginspi.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3414D1D8A2A340054D16E /* pluginspi.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB3416D1D8A2A340054D16E /* TPsession.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3414E1D8A2A340054D16E /* TPsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB3416E1D8A2A340054D16E /* ACabstractsession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3414F1D8A2A340054D16E /* ACabstractsession.cpp */; }; + DCB3416F1D8A2A340054D16E /* CLabstractsession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341501D8A2A340054D16E /* CLabstractsession.cpp */; }; + DCB341701D8A2A340054D16E /* CSPabstractsession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341511D8A2A340054D16E /* CSPabstractsession.cpp */; }; + DCB341711D8A2A340054D16E /* DLabstractsession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341521D8A2A340054D16E /* DLabstractsession.cpp */; }; + DCB341721D8A2A340054D16E /* TPabstractsession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341531D8A2A340054D16E /* TPabstractsession.cpp */; }; + DCB341731D8A2A340054D16E /* ACabstractsession.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341541D8A2A340054D16E /* ACabstractsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341741D8A2A340054D16E /* CLabstractsession.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341551D8A2A340054D16E /* CLabstractsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341751D8A2A340054D16E /* CSPabstractsession.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341561D8A2A340054D16E /* CSPabstractsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341761D8A2A340054D16E /* DLabstractsession.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341571D8A2A340054D16E /* DLabstractsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341771D8A2A340054D16E /* TPabstractsession.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341581D8A2A340054D16E /* TPabstractsession.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341DC1D8A2BAC0054D16E /* objectacl.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341831D8A2BAC0054D16E /* objectacl.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341DD1D8A2BAC0054D16E /* objectacl.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341841D8A2BAC0054D16E /* objectacl.cpp */; }; + DCB341DE1D8A2BAC0054D16E /* aclsubject.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341851D8A2BAC0054D16E /* aclsubject.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341DF1D8A2BAC0054D16E /* aclsubject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341861D8A2BAC0054D16E /* aclsubject.cpp */; }; + DCB341E01D8A2BAC0054D16E /* cssmacl.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341871D8A2BAC0054D16E /* cssmacl.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341E11D8A2BAC0054D16E /* cssmacl.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341881D8A2BAC0054D16E /* cssmacl.cpp */; }; + DCB341E21D8A2BAC0054D16E /* acl_any.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341891D8A2BAC0054D16E /* acl_any.cpp */; }; + DCB341E31D8A2BAC0054D16E /* acl_any.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3418A1D8A2BAC0054D16E /* acl_any.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341E41D8A2BAC0054D16E /* acl_codesigning.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3418B1D8A2BAC0054D16E /* acl_codesigning.cpp */; }; + DCB341E51D8A2BAC0054D16E /* acl_codesigning.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3418C1D8A2BAC0054D16E /* acl_codesigning.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341E61D8A2BAC0054D16E /* acl_comment.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3418D1D8A2BAC0054D16E /* acl_comment.cpp */; }; + DCB341E71D8A2BAC0054D16E /* acl_comment.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3418E1D8A2BAC0054D16E /* acl_comment.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341E81D8A2BAC0054D16E /* acl_password.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3418F1D8A2BAC0054D16E /* acl_password.cpp */; }; + DCB341E91D8A2BAC0054D16E /* acl_password.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341901D8A2BAC0054D16E /* acl_password.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341EA1D8A2BAC0054D16E /* acl_preauth.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341911D8A2BAC0054D16E /* acl_preauth.cpp */; }; + DCB341EB1D8A2BAC0054D16E /* acl_preauth.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341921D8A2BAC0054D16E /* acl_preauth.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341EC1D8A2BAC0054D16E /* acl_process.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341931D8A2BAC0054D16E /* acl_process.cpp */; }; + DCB341ED1D8A2BAC0054D16E /* acl_process.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341941D8A2BAC0054D16E /* acl_process.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341EE1D8A2BAC0054D16E /* acl_prompted.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341951D8A2BAC0054D16E /* acl_prompted.cpp */; }; + DCB341EF1D8A2BAC0054D16E /* acl_prompted.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341961D8A2BAC0054D16E /* acl_prompted.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341F01D8A2BAC0054D16E /* acl_protectedpw.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341971D8A2BAC0054D16E /* acl_protectedpw.cpp */; }; + DCB341F11D8A2BAC0054D16E /* acl_protectedpw.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341981D8A2BAC0054D16E /* acl_protectedpw.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341F21D8A2BAC0054D16E /* acl_secret.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341991D8A2BAC0054D16E /* acl_secret.cpp */; }; + DCB341F31D8A2BAC0054D16E /* acl_secret.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3419A1D8A2BAC0054D16E /* acl_secret.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341F41D8A2BAC0054D16E /* acl_threshold.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3419B1D8A2BAC0054D16E /* acl_threshold.cpp */; }; + DCB341F51D8A2BAD0054D16E /* acl_threshold.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3419C1D8A2BAC0054D16E /* acl_threshold.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341F61D8A2BAD0054D16E /* AuthorizationData.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3419F1D8A2BAC0054D16E /* AuthorizationData.cpp */; }; + DCB341F71D8A2BAD0054D16E /* AuthorizationData.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341A01D8A2BAC0054D16E /* AuthorizationData.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341F81D8A2BAD0054D16E /* AuthorizationWalkers.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341A11D8A2BAC0054D16E /* AuthorizationWalkers.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341F91D8A2BAD0054D16E /* callback.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341A21D8A2BAC0054D16E /* callback.cpp */; }; + DCB341FA1D8A2BAD0054D16E /* callback.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341A31D8A2BAC0054D16E /* callback.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341FB1D8A2BAD0054D16E /* constdata.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341A41D8A2BAC0054D16E /* constdata.cpp */; }; + DCB341FC1D8A2BAD0054D16E /* constdata.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341A51D8A2BAC0054D16E /* constdata.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341FD1D8A2BAD0054D16E /* context.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341A61D8A2BAC0054D16E /* context.cpp */; }; + DCB341FE1D8A2BAD0054D16E /* context.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341A71D8A2BAC0054D16E /* context.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB341FF1D8A2BAD0054D16E /* cssmaclpod.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341A81D8A2BAC0054D16E /* cssmaclpod.cpp */; }; + DCB342001D8A2BAD0054D16E /* cssmaclpod.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341A91D8A2BAC0054D16E /* cssmaclpod.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB342011D8A2BAD0054D16E /* cssmalloc.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341AA1D8A2BAC0054D16E /* cssmalloc.cpp */; }; + DCB342021D8A2BAD0054D16E /* cssmalloc.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341AB1D8A2BAC0054D16E /* cssmalloc.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB342031D8A2BAD0054D16E /* cssmbridge.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341AC1D8A2BAC0054D16E /* cssmbridge.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB342041D8A2BAD0054D16E /* cssmcert.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341AD1D8A2BAC0054D16E /* cssmcert.cpp */; }; + DCB342051D8A2BAD0054D16E /* cssmcert.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341AE1D8A2BAC0054D16E /* cssmcert.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB342061D8A2BAD0054D16E /* cssmcred.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341AF1D8A2BAC0054D16E /* cssmcred.cpp */; }; + DCB342071D8A2BAD0054D16E /* cssmcred.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341B01D8A2BAC0054D16E /* cssmcred.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB342081D8A2BAD0054D16E /* cssmdata.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341B11D8A2BAC0054D16E /* cssmdata.cpp */; }; + DCB342091D8A2BAD0054D16E /* cssmdata.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341B21D8A2BAC0054D16E /* cssmdata.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB3420A1D8A2BAD0054D16E /* cssmdates.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341B31D8A2BAC0054D16E /* cssmdates.cpp */; }; + DCB3420B1D8A2BAD0054D16E /* cssmdates.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341B41D8A2BAC0054D16E /* cssmdates.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB3420C1D8A2BAD0054D16E /* cssmdb.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341B51D8A2BAC0054D16E /* cssmdb.cpp */; }; + DCB3420D1D8A2BAD0054D16E /* cssmdb.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341B61D8A2BAC0054D16E /* cssmdb.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB3420E1D8A2BAD0054D16E /* cssmdbname.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341B71D8A2BAC0054D16E /* cssmdbname.cpp */; }; + DCB3420F1D8A2BAD0054D16E /* cssmdbname.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341B81D8A2BAC0054D16E /* cssmdbname.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB342101D8A2BAD0054D16E /* cssmendian.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341B91D8A2BAC0054D16E /* cssmendian.cpp */; }; + DCB342111D8A2BAD0054D16E /* cssmendian.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341BA1D8A2BAC0054D16E /* cssmendian.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB342121D8A2BAD0054D16E /* cssmerrors.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341BB1D8A2BAC0054D16E /* cssmerrors.cpp */; }; + DCB342131D8A2BAD0054D16E /* cssmerrors.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341BC1D8A2BAC0054D16E /* cssmerrors.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB342141D8A2BAD0054D16E /* cssmkey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341BD1D8A2BAC0054D16E /* cssmkey.cpp */; }; + DCB342151D8A2BAD0054D16E /* cssmkey.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341BE1D8A2BAC0054D16E /* cssmkey.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB342161D8A2BAD0054D16E /* cssmlist.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341BF1D8A2BAC0054D16E /* cssmlist.cpp */; }; + DCB342171D8A2BAD0054D16E /* cssmlist.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341C01D8A2BAC0054D16E /* cssmlist.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB342181D8A2BAD0054D16E /* cssmpods.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341C11D8A2BAC0054D16E /* cssmpods.cpp */; }; + DCB342191D8A2BAD0054D16E /* cssmpods.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341C21D8A2BAC0054D16E /* cssmpods.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB3421A1D8A2BAD0054D16E /* cssmtrust.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341C31D8A2BAC0054D16E /* cssmtrust.cpp */; }; + DCB3421B1D8A2BAD0054D16E /* cssmtrust.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341C41D8A2BAC0054D16E /* cssmtrust.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB3421C1D8A2BAD0054D16E /* cssmwalkers.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341C51D8A2BAC0054D16E /* cssmwalkers.cpp */; }; + DCB3421D1D8A2BAD0054D16E /* cssmwalkers.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341C61D8A2BAC0054D16E /* cssmwalkers.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB3421E1D8A2BAD0054D16E /* db++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341C71D8A2BAC0054D16E /* db++.cpp */; }; + DCB3421F1D8A2BAD0054D16E /* db++.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341C81D8A2BAC0054D16E /* db++.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB342201D8A2BAD0054D16E /* digestobject.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341C91D8A2BAC0054D16E /* digestobject.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB342211D8A2BAD0054D16E /* handleobject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341CA1D8A2BAC0054D16E /* handleobject.cpp */; }; + DCB342221D8A2BAD0054D16E /* handleobject.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341CB1D8A2BAC0054D16E /* handleobject.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB342231D8A2BAD0054D16E /* handletemplates.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341CC1D8A2BAC0054D16E /* handletemplates.cpp */; }; + DCB342241D8A2BAD0054D16E /* handletemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341CD1D8A2BAC0054D16E /* handletemplates.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB342251D8A2BAD0054D16E /* handletemplates_defs.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341CE1D8A2BAC0054D16E /* handletemplates_defs.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB342261D8A2BAD0054D16E /* KeySchema.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341CF1D8A2BAC0054D16E /* KeySchema.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB342271D8A2BAD0054D16E /* Schema.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341D11D8A2BAC0054D16E /* Schema.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB342281D8A2BAD0054D16E /* osxverifier.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341D31D8A2BAC0054D16E /* osxverifier.cpp */; }; + DCB342291D8A2BAD0054D16E /* osxverifier.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341D41D8A2BAC0054D16E /* osxverifier.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB3422A1D8A2BAD0054D16E /* u32handleobject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341D51D8A2BAC0054D16E /* u32handleobject.cpp */; }; + DCB3422B1D8A2BAD0054D16E /* u32handleobject.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341D61D8A2BAC0054D16E /* u32handleobject.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB3422C1D8A2BAD0054D16E /* uniformrandom.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341D71D8A2BAC0054D16E /* uniformrandom.cpp */; }; + DCB3422D1D8A2BAD0054D16E /* uniformrandom.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341D81D8A2BAC0054D16E /* uniformrandom.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB3422E1D8A2BAD0054D16E /* walkers.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB341D91D8A2BAC0054D16E /* walkers.cpp */; }; + DCB3422F1D8A2BAD0054D16E /* walkers.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB341DA1D8A2BAC0054D16E /* walkers.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCB342341D8A2C6B0054D16E /* KeySchema.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342311D8A2C6B0054D16E /* KeySchema.cpp */; }; + DCB342351D8A2C6B0054D16E /* Schema.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342321D8A2C6B0054D16E /* Schema.cpp */; }; + DCB342F91D8A32A20054D16E /* SecAccess.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342421D8A32A20054D16E /* SecAccess.cpp */; }; + DCB342FA1D8A32A20054D16E /* SecACL.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342431D8A32A20054D16E /* SecACL.cpp */; }; + DCB342FB1D8A32A20054D16E /* SecBase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342441D8A32A20054D16E /* SecBase.cpp */; }; + DCB342FC1D8A32A20054D16E /* SecBridge.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342451D8A32A20054D16E /* SecBridge.h */; }; + DCB342FD1D8A32A20054D16E /* SecCertificate.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342461D8A32A20054D16E /* SecCertificate.cpp */; }; + DCB342FE1D8A32A20054D16E /* SecCertificateBundle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342471D8A32A20054D16E /* SecCertificateBundle.cpp */; }; + DCB342FF1D8A32A20054D16E /* SecCertificateRequest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342481D8A32A20054D16E /* SecCertificateRequest.cpp */; }; + DCB343001D8A32A20054D16E /* SecIdentity.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342491D8A32A20054D16E /* SecIdentity.cpp */; }; + DCB343011D8A32A20054D16E /* SecIdentitySearch.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3424A1D8A32A20054D16E /* SecIdentitySearch.cpp */; }; + DCB343021D8A32A20054D16E /* SecItemConstants.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB3424B1D8A32A20054D16E /* SecItemConstants.c */; }; + DCB343031D8A32A20054D16E /* SecItem.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3424C1D8A32A20054D16E /* SecItem.cpp */; }; + DCB343041D8A32A20054D16E /* SecKey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3424D1D8A32A20054D16E /* SecKey.cpp */; }; + DCB343051D8A32A20054D16E /* SecKeychain.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3424E1D8A32A20054D16E /* SecKeychain.cpp */; }; + DCB343061D8A32A20054D16E /* SecKeychainItem.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3424F1D8A32A20054D16E /* SecKeychainItem.cpp */; }; + DCB343071D8A32A20054D16E /* SecKeychainItemExtendedAttributes.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342501D8A32A20054D16E /* SecKeychainItemExtendedAttributes.cpp */; }; + DCB343081D8A32A20054D16E /* SecKeychainSearch.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342511D8A32A20054D16E /* SecKeychainSearch.cpp */; }; + DCB343091D8A32A20054D16E /* SecPassword.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342521D8A32A20054D16E /* SecPassword.cpp */; }; + DCB3430A1D8A32A20054D16E /* SecPolicy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342531D8A32A20054D16E /* SecPolicy.cpp */; }; + DCB3430B1D8A32A20054D16E /* SecPolicySearch.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342541D8A32A20054D16E /* SecPolicySearch.cpp */; }; + DCB3430C1D8A32A20054D16E /* SecTrust.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342551D8A32A20054D16E /* SecTrust.cpp */; }; + DCB3430D1D8A32A20054D16E /* SecTrustedApplication.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342561D8A32A20054D16E /* SecTrustedApplication.cpp */; }; + DCB3430E1D8A32A20054D16E /* SecTrustSettings.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342571D8A32A20054D16E /* SecTrustSettings.cpp */; }; + DCB343361D8A32A20054D16E /* SecRandom.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB342811D8A32A20054D16E /* SecRandom.c */; }; + DCB343371D8A32A20054D16E /* SecFDERecoveryAsymmetricCrypto.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342821D8A32A20054D16E /* SecFDERecoveryAsymmetricCrypto.cpp */; }; + DCB343391D8A32A20054D16E /* SecRecoveryPassword.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB342841D8A32A20054D16E /* SecRecoveryPassword.c */; }; + DCB3433B1D8A32A20054D16E /* Access.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342861D8A32A20054D16E /* Access.cpp */; }; + DCB3433C1D8A32A20054D16E /* Access.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342871D8A32A20054D16E /* Access.h */; }; + DCB3433D1D8A32A20054D16E /* ACL.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342881D8A32A20054D16E /* ACL.cpp */; }; + DCB3433E1D8A32A20054D16E /* ACL.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342891D8A32A20054D16E /* ACL.h */; }; + DCB3433F1D8A32A20054D16E /* Certificate.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3428A1D8A32A20054D16E /* Certificate.cpp */; }; + DCB343401D8A32A20054D16E /* Certificate.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3428B1D8A32A20054D16E /* Certificate.h */; }; + DCB343411D8A32A20054D16E /* CertificateRequest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3428C1D8A32A20054D16E /* CertificateRequest.cpp */; }; + DCB343421D8A32A20054D16E /* CertificateRequest.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3428D1D8A32A20054D16E /* CertificateRequest.h */; }; + DCB343431D8A32A20054D16E /* CertificateValues.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3428E1D8A32A20054D16E /* CertificateValues.cpp */; }; + DCB343441D8A32A20054D16E /* CertificateValues.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3428F1D8A32A20054D16E /* CertificateValues.h */; }; + DCB343451D8A32A20054D16E /* ExtendedAttribute.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342901D8A32A20054D16E /* ExtendedAttribute.cpp */; }; + DCB343461D8A32A20054D16E /* ExtendedAttribute.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342911D8A32A20054D16E /* ExtendedAttribute.h */; }; + DCB343471D8A32A20054D16E /* Globals.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342921D8A32A20054D16E /* Globals.cpp */; }; + DCB343481D8A32A20054D16E /* Globals.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342931D8A32A20054D16E /* Globals.h */; }; + DCB343491D8A32A20054D16E /* Identity.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342941D8A32A20054D16E /* Identity.cpp */; }; + DCB3434A1D8A32A20054D16E /* Identity.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342951D8A32A20054D16E /* Identity.h */; }; + DCB3434B1D8A32A20054D16E /* IdentityCursor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342961D8A32A20054D16E /* IdentityCursor.cpp */; }; + DCB3434C1D8A32A20054D16E /* IdentityCursor.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342971D8A32A20054D16E /* IdentityCursor.h */; }; + DCB3434D1D8A32A20054D16E /* Item.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342981D8A32A20054D16E /* Item.cpp */; }; + DCB3434E1D8A32A20054D16E /* Item.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342991D8A32A20054D16E /* Item.h */; }; + DCB3434F1D8A32A20054D16E /* KCCursor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3429A1D8A32A20054D16E /* KCCursor.cpp */; }; + DCB343501D8A32A20054D16E /* KCCursor.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3429B1D8A32A20054D16E /* KCCursor.h */; }; + DCB343511D8A32A20054D16E /* Keychains.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3429C1D8A32A20054D16E /* Keychains.cpp */; }; + DCB343521D8A32A20054D16E /* Keychains.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3429D1D8A32A20054D16E /* Keychains.h */; }; + DCB343531D8A32A20054D16E /* KeyItem.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB3429E1D8A32A20054D16E /* KeyItem.cpp */; }; + DCB343541D8A32A20054D16E /* KeyItem.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3429F1D8A32A20054D16E /* KeyItem.h */; }; + DCB343551D8A32A20054D16E /* Password.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342A01D8A32A20054D16E /* Password.cpp */; }; + DCB343561D8A32A20054D16E /* Password.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342A11D8A32A20054D16E /* Password.h */; }; + DCB343571D8A32A20054D16E /* Policies.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342A21D8A32A20054D16E /* Policies.cpp */; }; + DCB343581D8A32A20054D16E /* Policies.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342A31D8A32A20054D16E /* Policies.h */; }; + DCB343591D8A32A20054D16E /* PolicyCursor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342A41D8A32A20054D16E /* PolicyCursor.cpp */; }; + DCB3435A1D8A32A20054D16E /* PolicyCursor.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342A51D8A32A20054D16E /* PolicyCursor.h */; }; + DCB3435B1D8A32A20054D16E /* SecCFTypes.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342A61D8A32A20054D16E /* SecCFTypes.cpp */; }; + DCB3435C1D8A32A20054D16E /* SecCFTypes.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342A71D8A32A20054D16E /* SecCFTypes.h */; }; + DCB3435D1D8A32A20054D16E /* SecKeychainAddIToolsPassword.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342A81D8A32A20054D16E /* SecKeychainAddIToolsPassword.cpp */; }; + DCB3435E1D8A32A20054D16E /* StorageManager.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342AA1D8A32A20054D16E /* StorageManager.cpp */; }; + DCB3435F1D8A32A20054D16E /* Trust.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342AB1D8A32A20054D16E /* Trust.cpp */; }; + DCB343601D8A32A20054D16E /* Trust.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342AC1D8A32A20054D16E /* Trust.h */; }; + DCB343611D8A32A20054D16E /* TrustRevocation.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342AD1D8A32A20054D16E /* TrustRevocation.cpp */; }; + DCB343621D8A32A20054D16E /* TrustedApplication.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342AE1D8A32A20054D16E /* TrustedApplication.cpp */; }; + DCB343631D8A32A20054D16E /* TrustedApplication.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342AF1D8A32A20054D16E /* TrustedApplication.h */; }; + DCB343641D8A32A20054D16E /* TrustSettings.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342B01D8A32A20054D16E /* TrustSettings.cpp */; }; + DCB343651D8A32A20054D16E /* TrustSettings.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342B11D8A32A20054D16E /* TrustSettings.h */; }; + DCB343661D8A32A20054D16E /* TrustKeychains.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342B21D8A32A20054D16E /* TrustKeychains.h */; }; + DCB343671D8A32A20054D16E /* SecTrustOSXEntryPoints.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342B31D8A32A20054D16E /* SecTrustOSXEntryPoints.cpp */; }; + DCB343681D8A32A20054D16E /* SecTrustOSXEntryPoints.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342B41D8A32A20054D16E /* SecTrustOSXEntryPoints.h */; }; + DCB3436A1D8A32A20054D16E /* CCallbackMgr.cp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342B71D8A32A20054D16E /* CCallbackMgr.cp */; }; + DCB3436B1D8A32A20054D16E /* CCallbackMgr.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342B81D8A32A20054D16E /* CCallbackMgr.h */; }; + DCB3436C1D8A32A20054D16E /* cssmdatetime.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342B91D8A32A20054D16E /* cssmdatetime.cpp */; }; + DCB3436D1D8A32A20054D16E /* cssmdatetime.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342BA1D8A32A20054D16E /* cssmdatetime.h */; }; + DCB3436E1D8A32A20054D16E /* defaultcreds.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342BB1D8A32A20054D16E /* defaultcreds.cpp */; }; + DCB3436F1D8A32A20054D16E /* defaultcreds.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342BC1D8A32A20054D16E /* defaultcreds.h */; }; + DCB343701D8A32A20054D16E /* DLDBListCFPref.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342BD1D8A32A20054D16E /* DLDBListCFPref.cpp */; }; + DCB343711D8A32A20054D16E /* DLDBListCFPref.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342BE1D8A32A20054D16E /* DLDBListCFPref.h */; }; + DCB343721D8A32A20054D16E /* DynamicDLDBList.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342BF1D8A32A20054D16E /* DynamicDLDBList.cpp */; }; + DCB343731D8A32A20054D16E /* DynamicDLDBList.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342C01D8A32A20054D16E /* DynamicDLDBList.h */; }; + DCB343741D8A32A20054D16E /* KCEventNotifier.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342C11D8A32A20054D16E /* KCEventNotifier.cpp */; }; + DCB343751D8A32A20054D16E /* KCEventNotifier.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342C21D8A32A20054D16E /* KCEventNotifier.h */; }; + DCB343761D8A32A20054D16E /* KCExceptions.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342C31D8A32A20054D16E /* KCExceptions.h */; }; + DCB343771D8A32A20054D16E /* KCUtilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342C41D8A32A20054D16E /* KCUtilities.cpp */; }; + DCB343781D8A32A20054D16E /* KCUtilities.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342C51D8A32A20054D16E /* KCUtilities.h */; }; + DCB343791D8A32A20054D16E /* MacOSErrorStrings.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342C61D8A32A20054D16E /* MacOSErrorStrings.h */; }; + DCB3437A1D8A32A20054D16E /* PrimaryKey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342C71D8A32A20054D16E /* PrimaryKey.cpp */; }; + DCB3437B1D8A32A20054D16E /* PrimaryKey.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342C81D8A32A20054D16E /* PrimaryKey.h */; }; + DCB3437D1D8A32A20054D16E /* StorageManager.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342CA1D8A32A20054D16E /* StorageManager.h */; }; + DCB3437E1D8A32A20054D16E /* TrustAdditions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342CB1D8A32A20054D16E /* TrustAdditions.cpp */; }; + DCB3437F1D8A32A20054D16E /* TrustAdditions.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342CC1D8A32A20054D16E /* TrustAdditions.h */; }; + DCB343801D8A32A20054D16E /* TrustItem.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342CD1D8A32A20054D16E /* TrustItem.cpp */; }; + DCB343811D8A32A20054D16E /* TrustItem.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342CE1D8A32A20054D16E /* TrustItem.h */; }; + DCB343821D8A32A20054D16E /* TrustStore.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342CF1D8A32A20054D16E /* TrustStore.cpp */; }; + DCB343831D8A32A20054D16E /* TrustStore.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342D01D8A32A20054D16E /* TrustStore.h */; }; + DCB343841D8A32A20054D16E /* UnlockReferralItem.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342D11D8A32A20054D16E /* UnlockReferralItem.cpp */; }; + DCB343851D8A32A20054D16E /* UnlockReferralItem.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342D21D8A32A20054D16E /* UnlockReferralItem.h */; }; + DCB343861D8A32A20054D16E /* TrustSettingsUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342D31D8A32A20054D16E /* TrustSettingsUtils.cpp */; }; + DCB343871D8A32A20054D16E /* TrustSettingsUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342D41D8A32A20054D16E /* TrustSettingsUtils.h */; }; + DCB343881D8A32A20054D16E /* SecCertificatePrivP.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342D51D8A32A20054D16E /* SecCertificatePrivP.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DCB343891D8A32A20054D16E /* SecBase64P.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB342D61D8A32A20054D16E /* SecBase64P.c */; }; + DCB3438A1D8A32A20054D16E /* SecFrameworkP.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB342D71D8A32A20054D16E /* SecFrameworkP.c */; }; + DCB3438B1D8A32A20054D16E /* SecCertificateP.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB342D81D8A32A20054D16E /* SecCertificateP.c */; }; + DCB3438C1D8A32A20054D16E /* SecCertificateP.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342D91D8A32A20054D16E /* SecCertificateP.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DCB3438D1D8A32A20054D16E /* SecCertificateInternalP.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342DA1D8A32A20054D16E /* SecCertificateInternalP.h */; }; + DCB3438E1D8A32A20054D16E /* tsaDERUtilities.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB342DC1D8A32A20054D16E /* tsaDERUtilities.c */; }; + DCB3438F1D8A32A20054D16E /* tsaDERUtilities.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342DD1D8A32A20054D16E /* tsaDERUtilities.h */; settings = {ATTRIBUTES = (Private, ); }; }; + DCB343901D8A32A20054D16E /* TokenLogin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342DE1D8A32A20054D16E /* TokenLogin.cpp */; }; + DCB343911D8A32A20054D16E /* TokenLogin.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342DF1D8A32A20054D16E /* TokenLogin.h */; }; + DCB343921D8A32A20054D16E /* SecExport.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342E11D8A32A20054D16E /* SecExport.cpp */; }; + DCB343931D8A32A20054D16E /* SecExternalRep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342E21D8A32A20054D16E /* SecExternalRep.cpp */; }; + DCB343941D8A32A20054D16E /* SecExternalRep.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342E31D8A32A20054D16E /* SecExternalRep.h */; }; + DCB343951D8A32A20054D16E /* SecImport.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342E41D8A32A20054D16E /* SecImport.cpp */; }; + DCB343961D8A32A20054D16E /* SecImportExport.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB342E51D8A32A20054D16E /* SecImportExport.c */; }; + DCB343971D8A32A20054D16E /* SecImportExportAgg.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342E61D8A32A20054D16E /* SecImportExportAgg.cpp */; }; + DCB343981D8A32A20054D16E /* SecImportExportAgg.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342E71D8A32A20054D16E /* SecImportExportAgg.h */; }; + DCB343991D8A32A20054D16E /* SecImportExportCrypto.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342E81D8A32A20054D16E /* SecImportExportCrypto.cpp */; }; + DCB3439A1D8A32A20054D16E /* SecImportExportCrypto.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342E91D8A32A20054D16E /* SecImportExportCrypto.h */; }; + DCB3439B1D8A32A20054D16E /* SecImportExportOpenSSH.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342EA1D8A32A20054D16E /* SecImportExportOpenSSH.cpp */; }; + DCB3439C1D8A32A20054D16E /* SecImportExportOpenSSH.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342EB1D8A32A20054D16E /* SecImportExportOpenSSH.h */; }; + DCB3439D1D8A32A20054D16E /* SecImportExportPem.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342EC1D8A32A20054D16E /* SecImportExportPem.cpp */; }; + DCB3439E1D8A32A20054D16E /* SecImportExportPem.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342ED1D8A32A20054D16E /* SecImportExportPem.h */; }; + DCB3439F1D8A32A20054D16E /* SecImportExportPkcs8.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342EE1D8A32A20054D16E /* SecImportExportPkcs8.cpp */; }; + DCB343A01D8A32A20054D16E /* SecImportExportPkcs8.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342EF1D8A32A20054D16E /* SecImportExportPkcs8.h */; }; + DCB343A11D8A32A20054D16E /* SecImportExportUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342F01D8A32A20054D16E /* SecImportExportUtils.cpp */; }; + DCB343A21D8A32A20054D16E /* SecImportExportUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342F11D8A32A20054D16E /* SecImportExportUtils.h */; }; + DCB343A31D8A32A20054D16E /* SecNetscapeTemplates.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342F21D8A32A20054D16E /* SecNetscapeTemplates.cpp */; }; + DCB343A41D8A32A20054D16E /* SecNetscapeTemplates.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342F31D8A32A20054D16E /* SecNetscapeTemplates.h */; }; + DCB343A51D8A32A20054D16E /* SecPkcs8Templates.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342F41D8A32A20054D16E /* SecPkcs8Templates.cpp */; }; + DCB343A61D8A32A20054D16E /* SecPkcs8Templates.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB342F51D8A32A20054D16E /* SecPkcs8Templates.h */; }; + DCB343A71D8A32A20054D16E /* SecWrappedKeys.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCB342F61D8A32A20054D16E /* SecWrappedKeys.cpp */; }; + DCB343AB1D8A33C10054D16E /* SecRandomP.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787311D77903700B50D50 /* SecRandomP.h */; }; + DCB343AC1D8A33E10054D16E /* SecRecoveryPassword.h in Headers */ = {isa = PBXBuildFile; fileRef = DC1787321D77903700B50D50 /* SecRecoveryPassword.h */; }; + DCB344741D8A35270054D16E /* keychain_regressions.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3443F1D8A35270054D16E /* keychain_regressions.h */; }; + DCB344751D8A35270054D16E /* kc-helpers.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB344401D8A35270054D16E /* kc-helpers.h */; }; + DCB344761D8A35270054D16E /* kc-item-helpers.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB344411D8A35270054D16E /* kc-item-helpers.h */; }; + DCB344771D8A35270054D16E /* kc-key-helpers.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB344421D8A35270054D16E /* kc-key-helpers.h */; }; + DCB344781D8A35270054D16E /* kc-identity-helpers.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB344431D8A35270054D16E /* kc-identity-helpers.h */; }; + DCB344791D8A35270054D16E /* kc-keychain-file-helpers.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB344441D8A35270054D16E /* kc-keychain-file-helpers.h */; }; + DCB3447A1D8A35270054D16E /* kc-01-keychain-creation.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB344451D8A35270054D16E /* kc-01-keychain-creation.c */; }; + DCB3447B1D8A35270054D16E /* kc-02-unlock-noui.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB344461D8A35270054D16E /* kc-02-unlock-noui.c */; }; + DCB3447C1D8A35270054D16E /* kc-03-status.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB344471D8A35270054D16E /* kc-03-status.c */; }; + DCB3447D1D8A35270054D16E /* kc-03-keychain-list.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB344481D8A35270054D16E /* kc-03-keychain-list.c */; }; + DCB3447E1D8A35270054D16E /* kc-04-is-valid.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB344491D8A35270054D16E /* kc-04-is-valid.c */; }; + DCB3447F1D8A35270054D16E /* kc-05-find-existing-items.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB3444A1D8A35270054D16E /* kc-05-find-existing-items.c */; }; + DCB344801D8A35270054D16E /* kc-05-find-existing-items-locked.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB3444B1D8A35270054D16E /* kc-05-find-existing-items-locked.c */; }; + DCB344811D8A35270054D16E /* kc-06-cert-search-email.m in Sources */ = {isa = PBXBuildFile; fileRef = DCB3444C1D8A35270054D16E /* kc-06-cert-search-email.m */; }; + DCB344821D8A35270054D16E /* kc-10-item-add-generic.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB3444D1D8A35270054D16E /* kc-10-item-add-generic.c */; }; + DCB344831D8A35270054D16E /* kc-10-item-add-internet.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB3444E1D8A35270054D16E /* kc-10-item-add-internet.c */; }; + DCB344841D8A35270054D16E /* kc-10-item-add-certificate.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB3444F1D8A35270054D16E /* kc-10-item-add-certificate.c */; }; + DCB344851D8A35270054D16E /* kc-12-key-create-symmetric.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB344501D8A35270054D16E /* kc-12-key-create-symmetric.c */; }; + DCB344861D8A35270054D16E /* kc-12-key-create-symmetric-and-use.m in Sources */ = {isa = PBXBuildFile; fileRef = DCB344511D8A35270054D16E /* kc-12-key-create-symmetric-and-use.m */; }; + DCB344871D8A35270054D16E /* kc-12-item-create-keypair.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB344521D8A35270054D16E /* kc-12-item-create-keypair.c */; }; + DCB344881D8A35270054D16E /* kc-15-key-update-valueref.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB344531D8A35270054D16E /* kc-15-key-update-valueref.c */; }; + DCB344891D8A35270054D16E /* kc-15-item-update-label-skimaad.m in Sources */ = {isa = PBXBuildFile; fileRef = DCB344541D8A35270054D16E /* kc-15-item-update-label-skimaad.m */; }; + DCB3448A1D8A35270054D16E /* kc-16-item-update-password.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB344551D8A35270054D16E /* kc-16-item-update-password.c */; }; + DCB3448B1D8A35270054D16E /* kc-18-find-combined.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB344561D8A35270054D16E /* kc-18-find-combined.c */; }; + DCB3448C1D8A35270054D16E /* kc-19-item-copy-internet.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB344571D8A35270054D16E /* kc-19-item-copy-internet.c */; }; + DCB3448D1D8A35270054D16E /* kc-20-identity-persistent-refs.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB344581D8A35270054D16E /* kc-20-identity-persistent-refs.c */; }; + DCB3448E1D8A35270054D16E /* kc-20-identity-key-attributes.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB344591D8A35270054D16E /* kc-20-identity-key-attributes.c */; }; + DCB3448F1D8A35270054D16E /* kc-20-item-find-stress.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB3445A1D8A35270054D16E /* kc-20-item-find-stress.c */; }; + DCB344901D8A35270054D16E /* kc-20-item-add-stress.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB3445B1D8A35270054D16E /* kc-20-item-add-stress.c */; }; + DCB344911D8A35270054D16E /* kc-20-key-find-stress.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB3445C1D8A35270054D16E /* kc-20-key-find-stress.c */; }; + DCB344921D8A35270054D16E /* kc-20-identity-find-stress.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB3445D1D8A35270054D16E /* kc-20-identity-find-stress.c */; }; + DCB344931D8A35270054D16E /* kc-21-item-use-callback.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB3445E1D8A35270054D16E /* kc-21-item-use-callback.c */; }; + DCB344941D8A35270054D16E /* kc-21-item-xattrs.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB3445F1D8A35270054D16E /* kc-21-item-xattrs.c */; }; + DCB344951D8A35270054D16E /* kc-23-key-export-symmetric.m in Sources */ = {isa = PBXBuildFile; fileRef = DCB344601D8A35270054D16E /* kc-23-key-export-symmetric.m */; }; + DCB344961D8A35270054D16E /* kc-24-key-copy-keychains.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB344611D8A35270054D16E /* kc-24-key-copy-keychains.c */; }; + DCB344971D8A35270054D16E /* kc-26-key-import-public.m in Sources */ = {isa = PBXBuildFile; fileRef = DCB344621D8A35270054D16E /* kc-26-key-import-public.m */; }; + DCB344981D8A35270054D16E /* kc-27-key-non-extractable.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB344631D8A35270054D16E /* kc-27-key-non-extractable.c */; }; + DCB344991D8A35270054D16E /* kc-28-p12-import.m in Sources */ = {isa = PBXBuildFile; fileRef = DCB344641D8A35270054D16E /* kc-28-p12-import.m */; }; + DCB3449A1D8A35270054D16E /* kc-28-cert-sign.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB344651D8A35270054D16E /* kc-28-cert-sign.c */; }; + DCB3449B1D8A35270054D16E /* kc-30-xara.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB344661D8A35270054D16E /* kc-30-xara.c */; }; + DCB3449C1D8A35270054D16E /* kc-30-xara-helpers.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB344671D8A35270054D16E /* kc-30-xara-helpers.h */; }; + DCB3449D1D8A35270054D16E /* kc-30-xara-upgrade-helpers.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB344681D8A35270054D16E /* kc-30-xara-upgrade-helpers.h */; }; + DCB3449E1D8A35270054D16E /* kc-30-xara-item-helpers.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB344691D8A35270054D16E /* kc-30-xara-item-helpers.h */; }; + DCB3449F1D8A35270054D16E /* kc-30-xara-key-helpers.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB3446A1D8A35270054D16E /* kc-30-xara-key-helpers.h */; }; + DCB344A01D8A35270054D16E /* kc-40-seckey.m in Sources */ = {isa = PBXBuildFile; fileRef = DCB3446B1D8A35270054D16E /* kc-40-seckey.m */; }; + DCB344A11D8A35270054D16E /* kc-41-sececkey.m in Sources */ = {isa = PBXBuildFile; fileRef = DCB3446C1D8A35270054D16E /* kc-41-sececkey.m */; }; + DCB344A21D8A35270054D16E /* kc-43-seckey-interop.m in Sources */ = {isa = PBXBuildFile; fileRef = DCB3446D1D8A35270054D16E /* kc-43-seckey-interop.m */; }; + DCB344A31D8A35270054D16E /* kc-42-trust-revocation.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB3446E1D8A35270054D16E /* kc-42-trust-revocation.c */; }; + DCB344A41D8A35270054D16E /* si-20-sectrust-provisioning.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB3446F1D8A35270054D16E /* si-20-sectrust-provisioning.c */; }; + DCB344A51D8A35270054D16E /* si-20-sectrust-provisioning.h in Headers */ = {isa = PBXBuildFile; fileRef = DCB344701D8A35270054D16E /* si-20-sectrust-provisioning.h */; }; + DCB344A61D8A35270054D16E /* si-33-keychain-backup.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB344711D8A35270054D16E /* si-33-keychain-backup.c */; }; + DCB344A71D8A35270054D16E /* si-34-one-true-keychain.c in Sources */ = {isa = PBXBuildFile; fileRef = DCB344721D8A35270054D16E /* si-34-one-true-keychain.c */; }; + DCB7D8C31D8E181B00867385 /* libsecurity_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCD06AB01D8E0D53007602F1 /* libsecurity_utilities.a */; }; + DCB7D8D01D8E183C00867385 /* libsecurity_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCD06AB01D8E0D53007602F1 /* libsecurity_utilities.a */; }; + DCB7D8D11D8E185900867385 /* libsecurity_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCD06AB01D8E0D53007602F1 /* libsecurity_utilities.a */; }; + DCBB8AC41D80DD95007ED154 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789041D77980500B50D50 /* Security.framework */; }; + DCC093791D80B02100F984E4 /* SecOnOSX.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78E671D8085FC00865A7C /* SecOnOSX.h */; }; + DCC0937A1D80B07200F984E4 /* SecOTRSessionPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 4AF7FFFC15AFB73800B9D400 /* SecOTRSessionPriv.h */; }; + DCC0937B1D80B07B00F984E4 /* SecOTRSession.h in Headers */ = {isa = PBXBuildFile; fileRef = 4AF7FFFB15AFB73800B9D400 /* SecOTRSession.h */; }; + DCC0937C1D80B09200F984E4 /* SecSignatureVerificationSupport.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78E8F1D8085FC00865A7C /* SecSignatureVerificationSupport.h */; }; + DCC0937D1D80B09E00F984E4 /* SecOTRPackets.h in Headers */ = {isa = PBXBuildFile; fileRef = 4AF7FFFA15AFB73800B9D400 /* SecOTRPackets.h */; }; + DCC0937E1D80B0A700F984E4 /* SecOTRPacketData.h in Headers */ = {isa = PBXBuildFile; fileRef = 4AF7FFF915AFB73800B9D400 /* SecOTRPacketData.h */; }; + DCC0937F1D80B0B100F984E4 /* SecOTRMath.h in Headers */ = {isa = PBXBuildFile; fileRef = 4AF7FFF715AFB73800B9D400 /* SecOTRMath.h */; }; + DCC093801D80B0B700F984E4 /* SecCFAllocator.h in Headers */ = {isa = PBXBuildFile; fileRef = D47F514B1C3B812500A7CEFE /* SecCFAllocator.h */; }; + DCC5BF1B1D93723A008D1E84 /* libsecurity_apple_csp.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCF783141D88B4DE00E694BB /* libsecurity_apple_csp.a */; }; + DCC5BF1C1D937242008D1E84 /* libsecurity_apple_cspdl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCF785E51D88B95500E694BB /* libsecurity_apple_cspdl.a */; }; + DCC5BF1D1D937249008D1E84 /* libsecurity_apple_file_dl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCF7883B1D88C8C400E694BB /* libsecurity_apple_file_dl.a */; }; + DCC5BF1E1D937251008D1E84 /* libsecurity_apple_x509_tp.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCF788D61D88CD2400E694BB /* libsecurity_apple_x509_tp.a */; }; + DCC5BF1F1D93725A008D1E84 /* libsecurity_authorization.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCB3406D1D8A24DF0054D16E /* libsecurity_authorization.a */; }; + DCC5BF201D937263008D1E84 /* libsecurity_cdsa_plugin.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCB341371D8A2A010054D16E /* libsecurity_cdsa_plugin.a */; }; + DCC5BF211D937269008D1E84 /* libsecurity_checkpw.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BC5B71D8B71FD00070CB0 /* libsecurity_checkpw.a */; }; + DCC5BF221D937270008D1E84 /* libsecurity_cms.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1002C91D8E19D70025549C /* libsecurity_cms.a */; }; + DCC5BF231D937277008D1E84 /* libsecurity_comcryption.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BC5E91D8B742200070CB0 /* libsecurity_comcryption.a */; }; + DCC5BF241D93727E008D1E84 /* libsecurity_cryptkit.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BC5FF1D8B752B00070CB0 /* libsecurity_cryptkit.a */; }; + DCC5BF251D937288008D1E84 /* libsecurity_cssm.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BC74C1D8B771600070CB0 /* libsecurity_cssm.a */; }; + DCC5BF261D93728D008D1E84 /* libsecurity_filedb.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BC89F1D8B7CBD00070CB0 /* libsecurity_filedb.a */; }; + DCC5BF271D937291008D1E84 /* libsecurity_manifest.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BC8D31D8B7DA200070CB0 /* libsecurity_manifest.a */; }; + DCC5BF281D937294008D1E84 /* libsecurity_mds.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BC9001D8B7E8000070CB0 /* libsecurity_mds.a */; }; + DCC5BF291D93729A008D1E84 /* libsecurity_sd_cspdl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BC9A11D8B81BE00070CB0 /* libsecurity_sd_cspdl.a */; }; + DCC5BF2A1D93729E008D1E84 /* libsecurity_ssl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BC9CF1D8B824700070CB0 /* libsecurity_ssl.a */; }; + DCC5BF2B1D9372A4008D1E84 /* libsecurity_transform.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCA801D8B858600070CB0 /* libsecurity_transform.a */; }; + DCC5BF2C1D9372AA008D1E84 /* libsecurity_translocate.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCB081D8B894F00070CB0 /* libsecurity_translocate.a */; }; + DCC78EB21D80890800865A7C /* secd_77_ids_messaging.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C691D8085D800865A7C /* secd_77_ids_messaging.c */; }; + DCC78EB31D80890E00865A7C /* secd-95-escrow-persistence.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C741D8085D800865A7C /* secd-95-escrow-persistence.c */; }; + DCC78EB41D80897E00865A7C /* secd-76-idstransport.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C681D8085D800865A7C /* secd-76-idstransport.c */; }; + DCC78EB51D80898500865A7C /* secd-71-engine-save.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C641D8085D800865A7C /* secd-71-engine-save.c */; }; + DCC78EB61D80898E00865A7C /* secd-52-offering-gencount-reset.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C4F1D8085D800865A7C /* secd-52-offering-gencount-reset.c */; }; + DCC78EB81D80899C00865A7C /* vmdh.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E9C1D8085FC00865A7C /* vmdh.c */; }; + DCC78EB91D8089A700865A7C /* pbkdf2.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E2E1D8085FC00865A7C /* pbkdf2.c */; }; + DCC78EBA1D8089BD00865A7C /* p12pbegen.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E2C1D8085FC00865A7C /* p12pbegen.c */; }; + DCC78EBB1D8089C200865A7C /* p12import.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E2A1D8085FC00865A7C /* p12import.c */; }; + DCC78EBC1D8089CD00865A7C /* verify_cert.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E191D8085FC00865A7C /* verify_cert.c */; }; + DCC78EBD1D808A0400865A7C /* SecuritydXPC.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E9A1D8085FC00865A7C /* SecuritydXPC.c */; }; + DCC78EBE1D808A0E00865A7C /* SecTrustStore.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E971D8085FC00865A7C /* SecTrustStore.c */; }; + DCC78EC01D808A1C00865A7C /* SecTrust.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E901D8085FC00865A7C /* SecTrust.c */; }; + DCC78EC11D808A2200865A7C /* SecSignatureVerificationSupport.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E8E1D8085FC00865A7C /* SecSignatureVerificationSupport.c */; }; + DCC78EC21D808A2800865A7C /* SecSharedCredential.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E8C1D8085FC00865A7C /* SecSharedCredential.c */; }; + DCC78EC31D808A2E00865A7C /* SecServerEncryptionSupport.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E8A1D8085FC00865A7C /* SecServerEncryptionSupport.c */; }; + DCC78EC41D808A3B00865A7C /* SecSCEP.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E881D8085FC00865A7C /* SecSCEP.c */; }; + DCC78EC51D808A4100865A7C /* SecRSAKey.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E851D8085FC00865A7C /* SecRSAKey.c */; }; + DCC78EC61D808A4700865A7C /* SecPolicyLeafCallbacks.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E7F1D8085FC00865A7C /* SecPolicyLeafCallbacks.c */; }; + DCC78EC71D808A4D00865A7C /* SecPolicy.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E7E1D8085FC00865A7C /* SecPolicy.c */; }; + DCC78EC81D808A5200865A7C /* SecPasswordGenerate.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E7A1D8085FC00865A7C /* SecPasswordGenerate.c */; }; + DCC78EC91D808A5700865A7C /* SecPBKDF.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E7C1D8085FC00865A7C /* SecPBKDF.c */; }; + DCC78ECA1D808A6000865A7C /* SecOTRUtils.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E791D8085FC00865A7C /* SecOTRUtils.c */; }; + DCC78ECB1D808A6600865A7C /* SecOTRSessionAKE.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E771D8085FC00865A7C /* SecOTRSessionAKE.c */; }; + DCC78ECC1D808A6B00865A7C /* SecOTRSession.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E751D8085FC00865A7C /* SecOTRSession.c */; }; + DCC78ECD1D808A7300865A7C /* SecOTRPublicIdentity.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E741D8085FC00865A7C /* SecOTRPublicIdentity.c */; }; + DCC78ECE1D808A7B00865A7C /* SecOTRPackets.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E721D8085FC00865A7C /* SecOTRPackets.c */; }; + DCC78ECF1D808A8200865A7C /* SecOTRPacketData.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E701D8085FC00865A7C /* SecOTRPacketData.c */; }; + DCC78ED01D808A8800865A7C /* SecOTRMath.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E6E1D8085FC00865A7C /* SecOTRMath.c */; }; + DCC78ED11D808A8E00865A7C /* SecOTRFullIdentity.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E6C1D8085FC00865A7C /* SecOTRFullIdentity.c */; }; + DCC78ED21D808A9500865A7C /* SecOTRDHKey.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E691D8085FC00865A7C /* SecOTRDHKey.c */; }; + DCC78ED31D808AA000865A7C /* SecKeyAdaptors.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E621D8085FC00865A7C /* SecKeyAdaptors.c */; }; + DCC78ED41D808AA800865A7C /* SecKey.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E601D8085FC00865A7C /* SecKey.c */; }; + DCC78ED51D808AAE00865A7C /* SecItemConstants.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E5C1D8085FC00865A7C /* SecItemConstants.c */; }; + DCC78ED61D808ABA00865A7C /* SecItemBackup.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E5A1D8085FC00865A7C /* SecItemBackup.c */; }; + DCC78ED71D808AC000865A7C /* SecItem.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E581D8085FC00865A7C /* SecItem.c */; }; + DCC78ED81D808AC600865A7C /* SecImportExport.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E551D8085FC00865A7C /* SecImportExport.c */; }; + DCC78ED91D808ACB00865A7C /* SecIdentity.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E521D8085FC00865A7C /* SecIdentity.c */; }; + DCC78EDA1D808AD100865A7C /* SecFramework.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E4F1D8085FC00865A7C /* SecFramework.c */; }; + DCC78EDB1D808ADF00865A7C /* SecEMCS.m in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E4C1D8085FC00865A7C /* SecEMCS.m */; }; + DCC78EDC1D808AE500865A7C /* SecECKey.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E491D8085FC00865A7C /* SecECKey.c */; }; + DCC78EDD1D808AEC00865A7C /* SecDigest.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E481D8085FC00865A7C /* SecDigest.c */; }; + DCC78EDE1D808AF100865A7C /* SecDH.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E461D8085FC00865A7C /* SecDH.c */; }; + DCC78EDF1D808AF800865A7C /* SecCertificateRequest.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E3E1D8085FC00865A7C /* SecCertificateRequest.c */; }; + DCC78EE01D808B0000865A7C /* SecCertificatePath.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E3B1D8085FC00865A7C /* SecCertificatePath.c */; }; + DCC78EE11D808B0900865A7C /* SecCertificate.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E381D8085FC00865A7C /* SecCertificate.c */; }; + DCC78EE21D808B0E00865A7C /* SecCTKKey.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E441D8085FC00865A7C /* SecCTKKey.c */; }; + DCC78EE31D808B1300865A7C /* SecCMS.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E421D8085FC00865A7C /* SecCMS.c */; }; + DCC78EE41D808B1B00865A7C /* SecCFAllocator.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E401D8085FC00865A7C /* SecCFAllocator.c */; }; + DCC78EE51D808B2100865A7C /* SecBase64.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E351D8085FC00865A7C /* SecBase64.c */; }; + DCC78EE61D808B2A00865A7C /* SecAccessControl.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E301D8085FC00865A7C /* SecAccessControl.c */; }; + DCC78EE71D808B2F00865A7C /* secViewDisplay.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D9E1D8085F200865A7C /* secViewDisplay.c */; }; + DCC78EE81D808B3500865A7C /* secToolFileIO.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D931D8085F200865A7C /* secToolFileIO.c */; }; + DCC78EE91D808B4100865A7C /* SOSCloudCircle.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78D891D8085F200865A7C /* SOSCloudCircle.c */; }; + DCCBFA1E1DBA95CD001DD54D /* kc-20-item-delete-stress.c in Sources */ = {isa = PBXBuildFile; fileRef = DCCBFA1D1DBA95CD001DD54D /* kc-20-item-delete-stress.c */; }; + DCD0676E1D8CDECD007602F1 /* gkmerge in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCD067631D8CDEB2007602F1 /* gkmerge */; }; + DCD0676F1D8CDED1007602F1 /* gkhandmake in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCD067641D8CDEB2007602F1 /* gkhandmake */; }; + DCD067701D8CDED5007602F1 /* gklist in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCD067651D8CDEB2007602F1 /* gklist */; }; + DCD067711D8CDED9007602F1 /* gkclear in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCD067661D8CDEB2007602F1 /* gkclear */; }; + DCD067721D8CDEDC007602F1 /* gkgenerate in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCD067671D8CDEB2007602F1 /* gkgenerate */; }; + DCD067731D8CDEE0007602F1 /* gkrecord in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCD067681D8CDEB2007602F1 /* gkrecord */; }; + DCD067751D8CDEF2007602F1 /* gkreport in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCD067691D8CDEB2007602F1 /* gkreport */; }; + DCD067771D8CDF02007602F1 /* com.apple.gkreport.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCD0676A1D8CDEB2007602F1 /* com.apple.gkreport.plist */; }; + DCD068151D8CDF7E007602F1 /* CodeSigning.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD0678A1D8CDF7E007602F1 /* CodeSigning.h */; }; + DCD068161D8CDF7E007602F1 /* CSCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD0678B1D8CDF7E007602F1 /* CSCommon.h */; }; + DCD068171D8CDF7E007602F1 /* CSCommonPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD0678C1D8CDF7E007602F1 /* CSCommonPriv.h */; }; + DCD068181D8CDF7E007602F1 /* SecCode.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD0678D1D8CDF7E007602F1 /* SecCode.h */; }; + DCD068191D8CDF7E007602F1 /* SecCodePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD0678E1D8CDF7E007602F1 /* SecCodePriv.h */; }; + DCD0681A1D8CDF7E007602F1 /* SecCode.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD0678F1D8CDF7E007602F1 /* SecCode.cpp */; }; + DCD0681B1D8CDF7E007602F1 /* SecStaticCode.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067901D8CDF7E007602F1 /* SecStaticCode.h */; }; + DCD0681C1D8CDF7E007602F1 /* SecStaticCodePriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067911D8CDF7E007602F1 /* SecStaticCodePriv.h */; }; + DCD0681D1D8CDF7E007602F1 /* SecStaticCode.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067921D8CDF7E007602F1 /* SecStaticCode.cpp */; }; + DCD0681E1D8CDF7E007602F1 /* SecRequirement.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067931D8CDF7E007602F1 /* SecRequirement.h */; }; + DCD0681F1D8CDF7E007602F1 /* SecRequirementPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067941D8CDF7E007602F1 /* SecRequirementPriv.h */; }; + DCD068201D8CDF7E007602F1 /* SecRequirement.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067951D8CDF7E007602F1 /* SecRequirement.cpp */; }; + DCD068211D8CDF7E007602F1 /* SecCodeSigner.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067961D8CDF7E007602F1 /* SecCodeSigner.h */; }; + DCD068221D8CDF7E007602F1 /* SecCodeSigner.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067971D8CDF7E007602F1 /* SecCodeSigner.cpp */; }; + DCD068231D8CDF7E007602F1 /* SecCodeHost.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067981D8CDF7E007602F1 /* SecCodeHost.h */; }; + DCD068241D8CDF7E007602F1 /* SecCodeHost.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067991D8CDF7E007602F1 /* SecCodeHost.cpp */; }; + DCD068251D8CDF7E007602F1 /* SecIntegrity.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD0679A1D8CDF7E007602F1 /* SecIntegrity.h */; }; + DCD068271D8CDF7E007602F1 /* cs.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD0679D1D8CDF7E007602F1 /* cs.h */; }; + DCD068281D8CDF7E007602F1 /* cs.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD0679E1D8CDF7E007602F1 /* cs.cpp */; }; + DCD068291D8CDF7E007602F1 /* Code.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD0679F1D8CDF7E007602F1 /* Code.h */; }; + DCD0682A1D8CDF7E007602F1 /* Code.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067A01D8CDF7E007602F1 /* Code.cpp */; }; + DCD0682B1D8CDF7E007602F1 /* StaticCode.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067A11D8CDF7E007602F1 /* StaticCode.h */; }; + DCD0682C1D8CDF7E007602F1 /* StaticCode.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067A21D8CDF7E007602F1 /* StaticCode.cpp */; }; + DCD0682D1D8CDF7E007602F1 /* Requirements.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067A31D8CDF7E007602F1 /* Requirements.h */; }; + DCD0682E1D8CDF7E007602F1 /* Requirements.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067A41D8CDF7E007602F1 /* Requirements.cpp */; }; + DCD0682F1D8CDF7E007602F1 /* CodeSigner.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067A51D8CDF7E007602F1 /* CodeSigner.h */; }; + DCD068301D8CDF7E007602F1 /* CodeSigner.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067A61D8CDF7E007602F1 /* CodeSigner.cpp */; }; + DCD068311D8CDF7E007602F1 /* signer.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067A81D8CDF7E007602F1 /* signer.h */; }; + DCD068321D8CDF7E007602F1 /* signer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067A91D8CDF7E007602F1 /* signer.cpp */; }; + DCD068331D8CDF7E007602F1 /* signerutils.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067AA1D8CDF7E007602F1 /* signerutils.h */; }; + DCD068341D8CDF7E007602F1 /* signerutils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067AB1D8CDF7E007602F1 /* signerutils.cpp */; }; + DCD068351D8CDF7E007602F1 /* codedirectory.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067AD1D8CDF7E007602F1 /* codedirectory.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD068361D8CDF7E007602F1 /* codedirectory.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067AE1D8CDF7E007602F1 /* codedirectory.cpp */; }; + DCD068371D8CDF7E007602F1 /* cdbuilder.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067AF1D8CDF7E007602F1 /* cdbuilder.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD068381D8CDF7E007602F1 /* cdbuilder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067B01D8CDF7E007602F1 /* cdbuilder.cpp */; }; + DCD068391D8CDF7E007602F1 /* RequirementKeywords.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067B31D8CDF7E007602F1 /* RequirementKeywords.h */; }; + DCD0683A1D8CDF7E007602F1 /* RequirementLexer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067B41D8CDF7E007602F1 /* RequirementLexer.cpp */; }; + DCD0683B1D8CDF7E007602F1 /* RequirementLexer.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD067B51D8CDF7E007602F1 /* RequirementLexer.hpp */; }; + DCD0683C1D8CDF7E007602F1 /* RequirementParser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067B61D8CDF7E007602F1 /* RequirementParser.cpp */; }; + DCD0683D1D8CDF7E007602F1 /* RequirementParser.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD067B71D8CDF7E007602F1 /* RequirementParser.hpp */; }; + DCD0683E1D8CDF7E007602F1 /* RequirementParserTokenTypes.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD067B81D8CDF7E007602F1 /* RequirementParserTokenTypes.hpp */; }; + DCD0683F1D8CDF7E007602F1 /* requirement.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067BA1D8CDF7E007602F1 /* requirement.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD068401D8CDF7E007602F1 /* requirement.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067BB1D8CDF7E007602F1 /* requirement.cpp */; }; + DCD068411D8CDF7E007602F1 /* reqmaker.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067BC1D8CDF7E007602F1 /* reqmaker.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD068421D8CDF7E007602F1 /* reqmaker.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067BD1D8CDF7E007602F1 /* reqmaker.cpp */; }; + DCD068431D8CDF7E007602F1 /* reqreader.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067BE1D8CDF7E007602F1 /* reqreader.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD068441D8CDF7E007602F1 /* reqreader.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067BF1D8CDF7E007602F1 /* reqreader.cpp */; }; + DCD068451D8CDF7E007602F1 /* reqinterp.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067C01D8CDF7E007602F1 /* reqinterp.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD068461D8CDF7E007602F1 /* reqinterp.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067C11D8CDF7E007602F1 /* reqinterp.cpp */; }; + DCD068471D8CDF7E007602F1 /* reqparser.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067C21D8CDF7E007602F1 /* reqparser.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD068481D8CDF7E007602F1 /* reqparser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067C31D8CDF7E007602F1 /* reqparser.cpp */; }; + DCD068491D8CDF7E007602F1 /* reqdumper.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067C41D8CDF7E007602F1 /* reqdumper.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD0684A1D8CDF7E007602F1 /* reqdumper.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067C51D8CDF7E007602F1 /* reqdumper.cpp */; }; + DCD0684B1D8CDF7E007602F1 /* drmaker.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067C61D8CDF7E007602F1 /* drmaker.h */; }; + DCD0684C1D8CDF7E007602F1 /* drmaker.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067C71D8CDF7E007602F1 /* drmaker.cpp */; }; + DCD0684D1D8CDF7E007602F1 /* cskernel.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067C91D8CDF7E007602F1 /* cskernel.h */; }; + DCD0684E1D8CDF7E007602F1 /* cskernel.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067CA1D8CDF7E007602F1 /* cskernel.cpp */; }; + DCD0684F1D8CDF7E007602F1 /* csprocess.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067CB1D8CDF7E007602F1 /* csprocess.h */; }; + DCD068501D8CDF7E007602F1 /* csprocess.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067CC1D8CDF7E007602F1 /* csprocess.cpp */; }; + DCD068511D8CDF7E007602F1 /* csgeneric.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067CD1D8CDF7E007602F1 /* csgeneric.h */; }; + DCD068521D8CDF7E007602F1 /* csgeneric.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067CE1D8CDF7E007602F1 /* csgeneric.cpp */; }; + DCD068531D8CDF7E007602F1 /* diskrep.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067D01D8CDF7E007602F1 /* diskrep.h */; }; + DCD068541D8CDF7E007602F1 /* diskrep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067D11D8CDF7E007602F1 /* diskrep.cpp */; }; + DCD068551D8CDF7E007602F1 /* filediskrep.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067D21D8CDF7E007602F1 /* filediskrep.h */; }; + DCD068561D8CDF7E007602F1 /* filediskrep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067D31D8CDF7E007602F1 /* filediskrep.cpp */; }; + DCD068571D8CDF7E007602F1 /* bundlediskrep.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067D41D8CDF7E007602F1 /* bundlediskrep.h */; }; + DCD068581D8CDF7E007602F1 /* bundlediskrep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067D51D8CDF7E007602F1 /* bundlediskrep.cpp */; }; + DCD068591D8CDF7E007602F1 /* kerneldiskrep.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067D61D8CDF7E007602F1 /* kerneldiskrep.h */; }; + DCD0685A1D8CDF7E007602F1 /* kerneldiskrep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067D71D8CDF7E007602F1 /* kerneldiskrep.cpp */; }; + DCD0685B1D8CDF7E007602F1 /* machorep.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067D81D8CDF7E007602F1 /* machorep.h */; }; + DCD0685C1D8CDF7E007602F1 /* machorep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067D91D8CDF7E007602F1 /* machorep.cpp */; }; + DCD0685D1D8CDF7E007602F1 /* slcrep.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067DA1D8CDF7E007602F1 /* slcrep.h */; }; + DCD0685E1D8CDF7E007602F1 /* slcrep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067DB1D8CDF7E007602F1 /* slcrep.cpp */; }; + DCD0685F1D8CDF7E007602F1 /* diskimagerep.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067DC1D8CDF7E007602F1 /* diskimagerep.h */; }; + DCD068601D8CDF7E007602F1 /* diskimagerep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067DD1D8CDF7E007602F1 /* diskimagerep.cpp */; }; + DCD068611D8CDF7E007602F1 /* singlediskrep.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067DE1D8CDF7E007602F1 /* singlediskrep.h */; }; + DCD068621D8CDF7E007602F1 /* singlediskrep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067DF1D8CDF7E007602F1 /* singlediskrep.cpp */; }; + DCD068631D8CDF7E007602F1 /* detachedrep.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067E01D8CDF7E007602F1 /* detachedrep.h */; }; + DCD068641D8CDF7E007602F1 /* detachedrep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067E11D8CDF7E007602F1 /* detachedrep.cpp */; }; + DCD068651D8CDF7E007602F1 /* piddiskrep.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067E21D8CDF7E007602F1 /* piddiskrep.h */; }; + DCD068661D8CDF7E007602F1 /* piddiskrep.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067E31D8CDF7E007602F1 /* piddiskrep.cpp */; }; + DCD068671D8CDF7E007602F1 /* SecIntegrityLib.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067E51D8CDF7E007602F1 /* SecIntegrityLib.h */; }; + DCD068691D8CDF7E007602F1 /* SecCodeHostLib.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067E71D8CDF7E007602F1 /* SecCodeHostLib.h */; }; + DCD0686E1D8CDF7E007602F1 /* csdatabase.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067EE1D8CDF7E007602F1 /* csdatabase.h */; }; + DCD0686F1D8CDF7E007602F1 /* csdatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067EF1D8CDF7E007602F1 /* csdatabase.cpp */; }; + DCD068701D8CDF7E007602F1 /* cserror.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067F01D8CDF7E007602F1 /* cserror.h */; }; + DCD068711D8CDF7E007602F1 /* cserror.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067F11D8CDF7E007602F1 /* cserror.cpp */; }; + DCD068721D8CDF7E007602F1 /* resources.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067F21D8CDF7E007602F1 /* resources.h */; }; + DCD068731D8CDF7E007602F1 /* resources.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067F31D8CDF7E007602F1 /* resources.cpp */; }; + DCD068741D8CDF7E007602F1 /* sigblob.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067F41D8CDF7E007602F1 /* sigblob.h */; }; + DCD068751D8CDF7E007602F1 /* sigblob.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067F51D8CDF7E007602F1 /* sigblob.cpp */; }; + DCD068761D8CDF7E007602F1 /* csutilities.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067F61D8CDF7E007602F1 /* csutilities.h */; }; + DCD068771D8CDF7E007602F1 /* csutilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067F71D8CDF7E007602F1 /* csutilities.cpp */; }; + DCD068781D8CDF7E007602F1 /* xar++.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067F81D8CDF7E007602F1 /* xar++.h */; }; + DCD068791D8CDF7E007602F1 /* xar++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067F91D8CDF7E007602F1 /* xar++.cpp */; }; + DCD0687A1D8CDF7E007602F1 /* quarantine++.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067FA1D8CDF7E007602F1 /* quarantine++.h */; }; + DCD0687B1D8CDF7E007602F1 /* quarantine++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067FB1D8CDF7E007602F1 /* quarantine++.cpp */; }; + DCD0687C1D8CDF7E007602F1 /* dirscanner.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067FC1D8CDF7E007602F1 /* dirscanner.h */; }; + DCD0687D1D8CDF7E007602F1 /* dirscanner.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD067FD1D8CDF7E007602F1 /* dirscanner.cpp */; }; + DCD0687E1D8CDF7E007602F1 /* antlrplugin.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067FF1D8CDF7E007602F1 /* antlrplugin.h */; }; + DCD0687F1D8CDF7E007602F1 /* antlrplugin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068001D8CDF7E007602F1 /* antlrplugin.cpp */; }; + DCD068811D8CDF7E007602F1 /* SecTaskPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD068031D8CDF7E007602F1 /* SecTaskPriv.h */; }; + DCD068821D8CDF7E007602F1 /* SecTask.c in Sources */ = {isa = PBXBuildFile; fileRef = DCD068041D8CDF7E007602F1 /* SecTask.c */; }; + DCD068831D8CDF7E007602F1 /* SecAssessment.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD068061D8CDF7E007602F1 /* SecAssessment.h */; }; + DCD068841D8CDF7E007602F1 /* SecAssessment.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068071D8CDF7E007602F1 /* SecAssessment.cpp */; }; + DCD068851D8CDF7E007602F1 /* evaluationmanager.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD068081D8CDF7E007602F1 /* evaluationmanager.h */; }; + DCD068861D8CDF7E007602F1 /* evaluationmanager.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068091D8CDF7E007602F1 /* evaluationmanager.cpp */; }; + DCD068871D8CDF7E007602F1 /* opaquewhitelist.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD0680A1D8CDF7E007602F1 /* opaquewhitelist.h */; }; + DCD068881D8CDF7E007602F1 /* opaquewhitelist.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD0680B1D8CDF7E007602F1 /* opaquewhitelist.cpp */; }; + DCD068891D8CDF7E007602F1 /* policydb.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD0680C1D8CDF7E007602F1 /* policydb.h */; }; + DCD0688A1D8CDF7E007602F1 /* policydb.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD0680D1D8CDF7E007602F1 /* policydb.cpp */; }; + DCD0688B1D8CDF7E007602F1 /* policyengine.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD0680E1D8CDF7E007602F1 /* policyengine.h */; }; + DCD0688C1D8CDF7E007602F1 /* policyengine.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD0680F1D8CDF7E007602F1 /* policyengine.cpp */; }; + DCD0688D1D8CDF7E007602F1 /* xpcengine.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD068101D8CDF7E007602F1 /* xpcengine.h */; }; + DCD0688E1D8CDF7E007602F1 /* xpcengine.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068111D8CDF7E007602F1 /* xpcengine.cpp */; }; + DCD068F51D8CDFFE007602F1 /* ANTLRException.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD0688F1D8CDFFE007602F1 /* ANTLRException.hpp */; }; + DCD068F61D8CDFFE007602F1 /* ANTLRUtil.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068901D8CDFFE007602F1 /* ANTLRUtil.hpp */; }; + DCD068F71D8CDFFE007602F1 /* AST.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068911D8CDFFE007602F1 /* AST.hpp */; }; + DCD068F81D8CDFFE007602F1 /* ASTArray.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068921D8CDFFE007602F1 /* ASTArray.hpp */; }; + DCD068F91D8CDFFE007602F1 /* ASTFactory.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068931D8CDFFE007602F1 /* ASTFactory.hpp */; }; + DCD068FA1D8CDFFE007602F1 /* ASTNULLType.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068941D8CDFFE007602F1 /* ASTNULLType.hpp */; }; + DCD068FB1D8CDFFE007602F1 /* ASTPair.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068951D8CDFFE007602F1 /* ASTPair.hpp */; }; + DCD068FC1D8CDFFE007602F1 /* ASTRefCount.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068961D8CDFFE007602F1 /* ASTRefCount.hpp */; }; + DCD068FD1D8CDFFE007602F1 /* BaseAST.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068971D8CDFFE007602F1 /* BaseAST.hpp */; }; + DCD068FE1D8CDFFE007602F1 /* BitSet.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068981D8CDFFE007602F1 /* BitSet.hpp */; }; + DCD068FF1D8CDFFE007602F1 /* CharBuffer.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068991D8CDFFE007602F1 /* CharBuffer.hpp */; }; + DCD069001D8CDFFE007602F1 /* CharInputBuffer.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD0689A1D8CDFFE007602F1 /* CharInputBuffer.hpp */; }; + DCD069011D8CDFFE007602F1 /* CharScanner.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD0689B1D8CDFFE007602F1 /* CharScanner.hpp */; }; + DCD069021D8CDFFE007602F1 /* CharStreamException.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD0689C1D8CDFFE007602F1 /* CharStreamException.hpp */; }; + DCD069031D8CDFFE007602F1 /* CharStreamIOException.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD0689D1D8CDFFE007602F1 /* CharStreamIOException.hpp */; }; + DCD069041D8CDFFE007602F1 /* CircularQueue.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD0689E1D8CDFFE007602F1 /* CircularQueue.hpp */; }; + DCD069051D8CDFFE007602F1 /* CommonAST.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD0689F1D8CDFFE007602F1 /* CommonAST.hpp */; }; + DCD069061D8CDFFE007602F1 /* CommonASTWithHiddenTokens.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068A01D8CDFFE007602F1 /* CommonASTWithHiddenTokens.hpp */; }; + DCD069071D8CDFFE007602F1 /* CommonHiddenStreamToken.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068A11D8CDFFE007602F1 /* CommonHiddenStreamToken.hpp */; }; + DCD069081D8CDFFE007602F1 /* CommonToken.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068A21D8CDFFE007602F1 /* CommonToken.hpp */; }; + DCD069091D8CDFFE007602F1 /* config.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068A31D8CDFFE007602F1 /* config.hpp */; }; + DCD0690A1D8CDFFE007602F1 /* InputBuffer.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068A41D8CDFFE007602F1 /* InputBuffer.hpp */; }; + DCD0690B1D8CDFFE007602F1 /* IOException.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068A51D8CDFFE007602F1 /* IOException.hpp */; }; + DCD0690C1D8CDFFE007602F1 /* LexerSharedInputState.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068A61D8CDFFE007602F1 /* LexerSharedInputState.hpp */; }; + DCD0690D1D8CDFFE007602F1 /* LLkParser.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068A71D8CDFFE007602F1 /* LLkParser.hpp */; }; + DCD0690E1D8CDFFE007602F1 /* MismatchedCharException.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068A91D8CDFFE007602F1 /* MismatchedCharException.hpp */; }; + DCD0690F1D8CDFFE007602F1 /* MismatchedTokenException.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068AA1D8CDFFE007602F1 /* MismatchedTokenException.hpp */; }; + DCD069101D8CDFFE007602F1 /* NoViableAltException.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068AB1D8CDFFE007602F1 /* NoViableAltException.hpp */; }; + DCD069111D8CDFFE007602F1 /* NoViableAltForCharException.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068AC1D8CDFFE007602F1 /* NoViableAltForCharException.hpp */; }; + DCD069121D8CDFFE007602F1 /* Parser.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068AD1D8CDFFE007602F1 /* Parser.hpp */; }; + DCD069131D8CDFFE007602F1 /* ParserSharedInputState.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068AE1D8CDFFE007602F1 /* ParserSharedInputState.hpp */; }; + DCD069141D8CDFFF007602F1 /* RecognitionException.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068AF1D8CDFFE007602F1 /* RecognitionException.hpp */; }; + DCD069151D8CDFFF007602F1 /* RefCount.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068B01D8CDFFE007602F1 /* RefCount.hpp */; }; + DCD069161D8CDFFF007602F1 /* SemanticException.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068B11D8CDFFE007602F1 /* SemanticException.hpp */; }; + DCD069171D8CDFFF007602F1 /* String.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068B21D8CDFFE007602F1 /* String.hpp */; }; + DCD069181D8CDFFF007602F1 /* Token.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068B31D8CDFFE007602F1 /* Token.hpp */; }; + DCD069191D8CDFFF007602F1 /* TokenBuffer.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068B41D8CDFFE007602F1 /* TokenBuffer.hpp */; }; + DCD0691A1D8CDFFF007602F1 /* TokenRefCount.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068B51D8CDFFE007602F1 /* TokenRefCount.hpp */; }; + DCD0691B1D8CDFFF007602F1 /* TokenStream.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068B61D8CDFFE007602F1 /* TokenStream.hpp */; }; + DCD0691C1D8CDFFF007602F1 /* TokenStreamBasicFilter.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068B71D8CDFFE007602F1 /* TokenStreamBasicFilter.hpp */; }; + DCD0691D1D8CDFFF007602F1 /* TokenStreamException.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068B81D8CDFFE007602F1 /* TokenStreamException.hpp */; }; + DCD0691E1D8CDFFF007602F1 /* TokenStreamHiddenTokenFilter.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068B91D8CDFFE007602F1 /* TokenStreamHiddenTokenFilter.hpp */; }; + DCD0691F1D8CDFFF007602F1 /* TokenStreamIOException.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068BA1D8CDFFE007602F1 /* TokenStreamIOException.hpp */; }; + DCD069201D8CDFFF007602F1 /* TokenStreamRecognitionException.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068BB1D8CDFFE007602F1 /* TokenStreamRecognitionException.hpp */; }; + DCD069211D8CDFFF007602F1 /* TokenStreamRetryException.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068BC1D8CDFFE007602F1 /* TokenStreamRetryException.hpp */; }; + DCD069221D8CDFFF007602F1 /* TokenStreamRewriteEngine.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068BD1D8CDFFE007602F1 /* TokenStreamRewriteEngine.hpp */; }; + DCD069231D8CDFFF007602F1 /* TokenStreamSelector.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068BE1D8CDFFE007602F1 /* TokenStreamSelector.hpp */; }; + DCD069241D8CDFFF007602F1 /* TokenWithIndex.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068BF1D8CDFFE007602F1 /* TokenWithIndex.hpp */; }; + DCD069251D8CDFFF007602F1 /* TreeParser.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068C01D8CDFFE007602F1 /* TreeParser.hpp */; }; + DCD069261D8CDFFF007602F1 /* TreeParserSharedInputState.hpp in Headers */ = {isa = PBXBuildFile; fileRef = DCD068C11D8CDFFE007602F1 /* TreeParserSharedInputState.hpp */; }; + DCD069281D8CDFFF007602F1 /* ANTLRUtil.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068D31D8CDFFE007602F1 /* ANTLRUtil.cpp */; }; + DCD069291D8CDFFF007602F1 /* ASTFactory.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068D41D8CDFFE007602F1 /* ASTFactory.cpp */; }; + DCD0692A1D8CDFFF007602F1 /* ASTNULLType.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068D51D8CDFFE007602F1 /* ASTNULLType.cpp */; }; + DCD0692B1D8CDFFF007602F1 /* ASTRefCount.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068D61D8CDFFE007602F1 /* ASTRefCount.cpp */; }; + DCD0692C1D8CDFFF007602F1 /* BaseAST.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068D71D8CDFFE007602F1 /* BaseAST.cpp */; }; + DCD0692D1D8CDFFF007602F1 /* BitSet.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068D81D8CDFFE007602F1 /* BitSet.cpp */; }; + DCD0692E1D8CDFFF007602F1 /* CharBuffer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068D91D8CDFFE007602F1 /* CharBuffer.cpp */; }; + DCD0692F1D8CDFFF007602F1 /* CharScanner.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068DA1D8CDFFE007602F1 /* CharScanner.cpp */; }; + DCD069301D8CDFFF007602F1 /* CommonAST.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068DB1D8CDFFE007602F1 /* CommonAST.cpp */; }; + DCD069311D8CDFFF007602F1 /* CommonASTWithHiddenTokens.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068DC1D8CDFFE007602F1 /* CommonASTWithHiddenTokens.cpp */; }; + DCD069321D8CDFFF007602F1 /* CommonHiddenStreamToken.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068DD1D8CDFFE007602F1 /* CommonHiddenStreamToken.cpp */; }; + DCD069331D8CDFFF007602F1 /* CommonToken.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068DE1D8CDFFE007602F1 /* CommonToken.cpp */; }; + DCD069351D8CDFFF007602F1 /* InputBuffer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068E01D8CDFFE007602F1 /* InputBuffer.cpp */; }; + DCD069361D8CDFFF007602F1 /* LLkParser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068E11D8CDFFE007602F1 /* LLkParser.cpp */; }; + DCD069371D8CDFFF007602F1 /* MismatchedCharException.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068E31D8CDFFE007602F1 /* MismatchedCharException.cpp */; }; + DCD069381D8CDFFF007602F1 /* MismatchedTokenException.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068E41D8CDFFE007602F1 /* MismatchedTokenException.cpp */; }; + DCD069391D8CDFFF007602F1 /* NoViableAltException.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068E51D8CDFFE007602F1 /* NoViableAltException.cpp */; }; + DCD0693A1D8CDFFF007602F1 /* NoViableAltForCharException.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068E61D8CDFFE007602F1 /* NoViableAltForCharException.cpp */; }; + DCD0693B1D8CDFFF007602F1 /* Parser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068E71D8CDFFE007602F1 /* Parser.cpp */; }; + DCD0693C1D8CDFFF007602F1 /* RecognitionException.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068E81D8CDFFE007602F1 /* RecognitionException.cpp */; }; + DCD0693D1D8CDFFF007602F1 /* String.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068E91D8CDFFE007602F1 /* String.cpp */; }; + DCD0693E1D8CDFFF007602F1 /* Token.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068EA1D8CDFFE007602F1 /* Token.cpp */; }; + DCD0693F1D8CDFFF007602F1 /* TokenBuffer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068EB1D8CDFFE007602F1 /* TokenBuffer.cpp */; }; + DCD069401D8CDFFF007602F1 /* TokenRefCount.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068EC1D8CDFFE007602F1 /* TokenRefCount.cpp */; }; + DCD069411D8CDFFF007602F1 /* TokenStreamBasicFilter.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068ED1D8CDFFE007602F1 /* TokenStreamBasicFilter.cpp */; }; + DCD069421D8CDFFF007602F1 /* TokenStreamHiddenTokenFilter.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068EE1D8CDFFE007602F1 /* TokenStreamHiddenTokenFilter.cpp */; }; + DCD069431D8CDFFF007602F1 /* TokenStreamRewriteEngine.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068EF1D8CDFFE007602F1 /* TokenStreamRewriteEngine.cpp */; }; + DCD069441D8CDFFF007602F1 /* TokenStreamSelector.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068F01D8CDFFE007602F1 /* TokenStreamSelector.cpp */; }; + DCD069451D8CDFFF007602F1 /* TreeParser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD068F11D8CDFFE007602F1 /* TreeParser.cpp */; }; + DCD06A401D8CE245007602F1 /* SecIntegrityLib.c in Sources */ = {isa = PBXBuildFile; fileRef = DCD067E61D8CDF7E007602F1 /* SecIntegrityLib.c */; }; + DCD06A411D8CE251007602F1 /* SecIntegrity.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD0679A1D8CDF7E007602F1 /* SecIntegrity.h */; }; + DCD06A521D8CE29C007602F1 /* SecCodeHostLib.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD067E71D8CDF7E007602F1 /* SecCodeHostLib.h */; }; + DCD06A531D8CE2A4007602F1 /* SecCodeHostLib.c in Sources */ = {isa = PBXBuildFile; fileRef = DCD067E81D8CDF7E007602F1 /* SecCodeHostLib.c */; }; + DCD06A751D8CE2F0007602F1 /* gkunpack.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD0676B1D8CDEB2007602F1 /* gkunpack.cpp */; }; + DCD06A761D8CE2F7007602F1 /* libsecurity_codesigning.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCD0677F1D8CDF19007602F1 /* libsecurity_codesigning.a */; }; + DCD06A781D8CE309007602F1 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DCD06A791D8CE30F007602F1 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E43C48C1B00D07000E5ECB2 /* CoreFoundation.framework */; }; + DCD06A7A1D8CE318007602F1 /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CBCE5A90BE7F69100FF81F5 /* IOKit.framework */; }; + DCD06B3D1D8E0D7D007602F1 /* debugging.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AB11D8E0D7D007602F1 /* debugging.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B3E1D8E0D7D007602F1 /* FileLockTransaction.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AB21D8E0D7D007602F1 /* FileLockTransaction.cpp */; }; + DCD06B3F1D8E0D7D007602F1 /* FileLockTransaction.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AB31D8E0D7D007602F1 /* FileLockTransaction.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B401D8E0D7D007602F1 /* CSPDLTransaction.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AB41D8E0D7D007602F1 /* CSPDLTransaction.cpp */; }; + DCD06B411D8E0D7D007602F1 /* CSPDLTransaction.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AB51D8E0D7D007602F1 /* CSPDLTransaction.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B421D8E0D7D007602F1 /* casts.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AB61D8E0D7D007602F1 /* casts.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B431D8E0D7D007602F1 /* crc.c in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AB71D8E0D7D007602F1 /* crc.c */; }; + DCD06B441D8E0D7D007602F1 /* crc.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AB81D8E0D7D007602F1 /* crc.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B451D8E0D7D007602F1 /* adornments.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AB91D8E0D7D007602F1 /* adornments.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B461D8E0D7D007602F1 /* adornments.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06ABA1D8E0D7D007602F1 /* adornments.cpp */; }; + DCD06B471D8E0D7D007602F1 /* alloc.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06ABB1D8E0D7D007602F1 /* alloc.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B481D8E0D7D007602F1 /* alloc.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06ABC1D8E0D7D007602F1 /* alloc.cpp */; }; + DCD06B491D8E0D7D007602F1 /* blob.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06ABD1D8E0D7D007602F1 /* blob.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B4A1D8E0D7D007602F1 /* blob.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06ABE1D8E0D7D007602F1 /* blob.cpp */; }; + DCD06B4B1D8E0D7D007602F1 /* ccaudit.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06ABF1D8E0D7D007602F1 /* ccaudit.cpp */; }; + DCD06B4C1D8E0D7D007602F1 /* ccaudit.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AC01D8E0D7D007602F1 /* ccaudit.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B4D1D8E0D7D007602F1 /* daemon.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AC11D8E0D7D007602F1 /* daemon.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B4E1D8E0D7D007602F1 /* daemon.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AC21D8E0D7D007602F1 /* daemon.cpp */; }; + DCD06B4F1D8E0D7D007602F1 /* debugging_internal.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AC31D8E0D7D007602F1 /* debugging_internal.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B501D8E0D7D007602F1 /* debugsupport.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AC41D8E0D7D007602F1 /* debugsupport.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B511D8E0D7D007602F1 /* debugging_internal.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AC51D8E0D7D007602F1 /* debugging_internal.cpp */; }; + DCD06B521D8E0D7D007602F1 /* devrandom.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AC61D8E0D7D007602F1 /* devrandom.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B531D8E0D7D007602F1 /* devrandom.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AC71D8E0D7D007602F1 /* devrandom.cpp */; }; + DCD06B541D8E0D7D007602F1 /* dispatch.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AC81D8E0D7D007602F1 /* dispatch.cpp */; }; + DCD06B551D8E0D7D007602F1 /* dispatch.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AC91D8E0D7D007602F1 /* dispatch.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B561D8E0D7D007602F1 /* endian.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06ACA1D8E0D7D007602F1 /* endian.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B571D8E0D7D007602F1 /* endian.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06ACB1D8E0D7D007602F1 /* endian.cpp */; }; + DCD06B581D8E0D7D007602F1 /* errors.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06ACC1D8E0D7D007602F1 /* errors.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B591D8E0D7D007602F1 /* errors.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06ACD1D8E0D7D007602F1 /* errors.cpp */; }; + DCD06B5A1D8E0D7D007602F1 /* globalizer.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06ACE1D8E0D7D007602F1 /* globalizer.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B5B1D8E0D7D007602F1 /* globalizer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06ACF1D8E0D7D007602F1 /* globalizer.cpp */; }; + DCD06B5C1D8E0D7D007602F1 /* hashing.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AD01D8E0D7D007602F1 /* hashing.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B5D1D8E0D7D007602F1 /* hashing.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AD11D8E0D7D007602F1 /* hashing.cpp */; }; + DCD06B5E1D8E0D7D007602F1 /* iodevices.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AD21D8E0D7D007602F1 /* iodevices.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B5F1D8E0D7D007602F1 /* iodevices.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AD31D8E0D7D007602F1 /* iodevices.cpp */; }; + DCD06B601D8E0D7D007602F1 /* ktracecodes.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AD41D8E0D7D007602F1 /* ktracecodes.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B611D8E0D7D007602F1 /* logging.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AD51D8E0D7D007602F1 /* logging.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B621D8E0D7D007602F1 /* logging.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AD61D8E0D7D007602F1 /* logging.cpp */; }; + DCD06B631D8E0D7D007602F1 /* memstreams.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AD71D8E0D7D007602F1 /* memstreams.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B641D8E0D7D007602F1 /* memutils.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AD81D8E0D7D007602F1 /* memutils.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B651D8E0D7D007602F1 /* osxcode.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AD91D8E0D7D007602F1 /* osxcode.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B661D8E0D7D007602F1 /* osxcode.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06ADA1D8E0D7D007602F1 /* osxcode.cpp */; }; + DCD06B671D8E0D7D007602F1 /* powerwatch.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06ADB1D8E0D7D007602F1 /* powerwatch.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B681D8E0D7D007602F1 /* powerwatch.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06ADC1D8E0D7D007602F1 /* powerwatch.cpp */; }; + DCD06B691D8E0D7D007602F1 /* refcount.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06ADD1D8E0D7D007602F1 /* refcount.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B6A1D8E0D7D007602F1 /* seccfobject.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06ADE1D8E0D7D007602F1 /* seccfobject.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B6B1D8E0D7D007602F1 /* seccfobject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06ADF1D8E0D7D007602F1 /* seccfobject.cpp */; }; + DCD06B6C1D8E0D7D007602F1 /* security_utilities.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AE01D8E0D7D007602F1 /* security_utilities.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B6D1D8E0D7D007602F1 /* simpleprefs.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AE11D8E0D7D007602F1 /* simpleprefs.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B6E1D8E0D7D007602F1 /* simpleprefs.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AE21D8E0D7D007602F1 /* simpleprefs.cpp */; }; + DCD06B6F1D8E0D7D007602F1 /* sqlite++.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AE31D8E0D7D007602F1 /* sqlite++.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B701D8E0D7D007602F1 /* sqlite++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AE41D8E0D7D007602F1 /* sqlite++.cpp */; }; + DCD06B711D8E0D7D007602F1 /* streams.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AE51D8E0D7D007602F1 /* streams.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B721D8E0D7D007602F1 /* streams.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AE61D8E0D7D007602F1 /* streams.cpp */; }; + DCD06B731D8E0D7D007602F1 /* superblob.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AE71D8E0D7D007602F1 /* superblob.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B741D8E0D7D007602F1 /* superblob.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AE81D8E0D7D007602F1 /* superblob.cpp */; }; + DCD06B751D8E0D7D007602F1 /* threading.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AE91D8E0D7D007602F1 /* threading.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B761D8E0D7D007602F1 /* threading_internal.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AEA1D8E0D7D007602F1 /* threading_internal.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B771D8E0D7D007602F1 /* threading.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AEB1D8E0D7D007602F1 /* threading.cpp */; }; + DCD06B781D8E0D7D007602F1 /* timeflow.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AEC1D8E0D7D007602F1 /* timeflow.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B791D8E0D7D007602F1 /* timeflow.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AED1D8E0D7D007602F1 /* timeflow.cpp */; }; + DCD06B7A1D8E0D7D007602F1 /* tqueue.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AEE1D8E0D7D007602F1 /* tqueue.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B7B1D8E0D7D007602F1 /* tqueue.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AEF1D8E0D7D007602F1 /* tqueue.cpp */; }; + DCD06B7C1D8E0D7D007602F1 /* trackingallocator.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AF01D8E0D7D007602F1 /* trackingallocator.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B7D1D8E0D7D007602F1 /* trackingallocator.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AF11D8E0D7D007602F1 /* trackingallocator.cpp */; }; + DCD06B7E1D8E0D7D007602F1 /* transactions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AF21D8E0D7D007602F1 /* transactions.cpp */; }; + DCD06B7F1D8E0D7D007602F1 /* transactions.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AF31D8E0D7D007602F1 /* transactions.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B801D8E0D7D007602F1 /* typedvalue.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AF41D8E0D7D007602F1 /* typedvalue.cpp */; }; + DCD06B811D8E0D7D007602F1 /* typedvalue.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AF51D8E0D7D007602F1 /* typedvalue.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B821D8E0D7D007602F1 /* utilities.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AF61D8E0D7D007602F1 /* utilities.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B831D8E0D7D007602F1 /* utilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AF71D8E0D7D007602F1 /* utilities.cpp */; }; + DCD06B841D8E0D7D007602F1 /* utility_config.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AF81D8E0D7D007602F1 /* utility_config.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B851D8E0D7D007602F1 /* fdmover.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AF91D8E0D7D007602F1 /* fdmover.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B861D8E0D7D007602F1 /* fdmover.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AFA1D8E0D7D007602F1 /* fdmover.cpp */; }; + DCD06B871D8E0D7D007602F1 /* fdsel.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AFB1D8E0D7D007602F1 /* fdsel.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B881D8E0D7D007602F1 /* fdsel.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AFC1D8E0D7D007602F1 /* fdsel.cpp */; }; + DCD06B891D8E0D7D007602F1 /* kq++.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AFD1D8E0D7D007602F1 /* kq++.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B8A1D8E0D7D007602F1 /* kq++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06AFE1D8E0D7D007602F1 /* kq++.cpp */; }; + DCD06B8B1D8E0D7D007602F1 /* muscle++.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06AFF1D8E0D7D007602F1 /* muscle++.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B8C1D8E0D7D007602F1 /* muscle++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B001D8E0D7D007602F1 /* muscle++.cpp */; }; + DCD06B8D1D8E0D7D007602F1 /* pcsc++.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B011D8E0D7D007602F1 /* pcsc++.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B8E1D8E0D7D007602F1 /* pcsc++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B021D8E0D7D007602F1 /* pcsc++.cpp */; }; + DCD06B8F1D8E0D7D007602F1 /* selector.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B031D8E0D7D007602F1 /* selector.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B901D8E0D7D007602F1 /* selector.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B041D8E0D7D007602F1 /* selector.cpp */; }; + DCD06B911D8E0D7D007602F1 /* unix++.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B051D8E0D7D007602F1 /* unix++.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B921D8E0D7D007602F1 /* unix++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B061D8E0D7D007602F1 /* unix++.cpp */; }; + DCD06B931D8E0D7D007602F1 /* unixchild.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B071D8E0D7D007602F1 /* unixchild.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B941D8E0D7D007602F1 /* unixchild.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B081D8E0D7D007602F1 /* unixchild.cpp */; }; + DCD06B951D8E0D7D007602F1 /* vproc++.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B091D8E0D7D007602F1 /* vproc++.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B961D8E0D7D007602F1 /* vproc++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B0A1D8E0D7D007602F1 /* vproc++.cpp */; }; + DCD06B971D8E0D7D007602F1 /* mach++.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B0C1D8E0D7D007602F1 /* mach++.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B981D8E0D7D007602F1 /* mach++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B0D1D8E0D7D007602F1 /* mach++.cpp */; }; + DCD06B991D8E0D7D007602F1 /* mach_notify.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B0E1D8E0D7D007602F1 /* mach_notify.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B9A1D8E0D7D007602F1 /* mach_notify.c in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B0F1D8E0D7D007602F1 /* mach_notify.c */; }; + DCD06B9B1D8E0D7D007602F1 /* cfmach++.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B101D8E0D7D007602F1 /* cfmach++.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B9C1D8E0D7D007602F1 /* cfmach++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B111D8E0D7D007602F1 /* cfmach++.cpp */; }; + DCD06B9D1D8E0D7D007602F1 /* macho++.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B121D8E0D7D007602F1 /* macho++.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06B9E1D8E0D7D007602F1 /* macho++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B131D8E0D7D007602F1 /* macho++.cpp */; }; + DCD06B9F1D8E0D7D007602F1 /* dyldcache.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B141D8E0D7D007602F1 /* dyldcache.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06BA01D8E0D7D007602F1 /* dyldcache.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B151D8E0D7D007602F1 /* dyldcache.cpp */; }; + DCD06BA11D8E0D7D007602F1 /* dyld_cache_format.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B161D8E0D7D007602F1 /* dyld_cache_format.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06BA21D8E0D7D007602F1 /* machserver.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B171D8E0D7D007602F1 /* machserver.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06BA31D8E0D7D007602F1 /* machserver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B181D8E0D7D007602F1 /* machserver.cpp */; }; + DCD06BA41D8E0D7D007602F1 /* machrunloopserver.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B191D8E0D7D007602F1 /* machrunloopserver.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06BA51D8E0D7D007602F1 /* machrunloopserver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B1A1D8E0D7D007602F1 /* machrunloopserver.cpp */; }; + DCD06BA61D8E0D7D007602F1 /* coderepository.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B1C1D8E0D7D007602F1 /* coderepository.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06BA71D8E0D7D007602F1 /* coderepository.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B1D1D8E0D7D007602F1 /* coderepository.cpp */; }; + DCD06BA81D8E0D7D007602F1 /* cfclass.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B1E1D8E0D7D007602F1 /* cfclass.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06BA91D8E0D7D007602F1 /* cfclass.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B1F1D8E0D7D007602F1 /* cfclass.cpp */; }; + DCD06BAA1D8E0D7D007602F1 /* cfmunge.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B201D8E0D7D007602F1 /* cfmunge.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06BAB1D8E0D7D007602F1 /* cfmunge.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B211D8E0D7D007602F1 /* cfmunge.cpp */; }; + DCD06BAC1D8E0D7D007602F1 /* cfutilities.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B221D8E0D7D007602F1 /* cfutilities.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06BAD1D8E0D7D007602F1 /* cfutilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B231D8E0D7D007602F1 /* cfutilities.cpp */; }; + DCD06BAE1D8E0D7D007602F1 /* bufferfifo.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B251D8E0D7D007602F1 /* bufferfifo.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06BAF1D8E0D7D007602F1 /* bufferfifo.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B261D8E0D7D007602F1 /* bufferfifo.cpp */; }; + DCD06BB01D8E0D7D007602F1 /* buffers.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B271D8E0D7D007602F1 /* buffers.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06BB11D8E0D7D007602F1 /* buffers.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B281D8E0D7D007602F1 /* buffers.cpp */; }; + DCD06BB21D8E0D7D007602F1 /* headermap.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B291D8E0D7D007602F1 /* headermap.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06BB31D8E0D7D007602F1 /* headermap.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B2A1D8E0D7D007602F1 /* headermap.cpp */; }; + DCD06BB41D8E0D7D007602F1 /* hosts.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B2B1D8E0D7D007602F1 /* hosts.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06BB51D8E0D7D007602F1 /* hosts.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B2C1D8E0D7D007602F1 /* hosts.cpp */; }; + DCD06BB61D8E0D7D007602F1 /* inetreply.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B2D1D8E0D7D007602F1 /* inetreply.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06BB71D8E0D7D007602F1 /* inetreply.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B2E1D8E0D7D007602F1 /* inetreply.cpp */; }; + DCD06BB81D8E0D7D007602F1 /* ip++.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B2F1D8E0D7D007602F1 /* ip++.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06BB91D8E0D7D007602F1 /* ip++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B301D8E0D7D007602F1 /* ip++.cpp */; }; + DCD06BBA1D8E0D7D007602F1 /* url.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B311D8E0D7D007602F1 /* url.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06BBB1D8E0D7D007602F1 /* url.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B321D8E0D7D007602F1 /* url.cpp */; }; + DCD06BBC1D8E0D7D007602F1 /* socks++.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B331D8E0D7D007602F1 /* socks++.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06BBD1D8E0D7D007602F1 /* socks++.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B341D8E0D7D007602F1 /* socks++.cpp */; }; + DCD06BBE1D8E0D7D007602F1 /* socks++4.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B351D8E0D7D007602F1 /* socks++4.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06BBF1D8E0D7D007602F1 /* socks++4.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B361D8E0D7D007602F1 /* socks++4.cpp */; }; + DCD06BC01D8E0D7D007602F1 /* socks++5.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06B371D8E0D7D007602F1 /* socks++5.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06BC11D8E0D7D007602F1 /* socks++5.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCD06B381D8E0D7D007602F1 /* socks++5.cpp */; }; + DCD06BC41D8E0DC2007602F1 /* utilities_dtrace.h in Headers */ = {isa = PBXBuildFile; fileRef = DCD06BC21D8E0DC2007602F1 /* utilities_dtrace.h */; settings = {ATTRIBUTES = (Public, ); }; }; + DCD06BD01D8E15BB007602F1 /* libsecurity_keychain.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCB342411D8A32820054D16E /* libsecurity_keychain.a */; }; + DCD06BD11D8E15ED007602F1 /* libsecurity_pkcs12.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BC96D1D8B810A00070CB0 /* libsecurity_pkcs12.a */; }; + DCD06BD21D8E1618007602F1 /* libsecurity_cdsa_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCB340951D8A267C0054D16E /* libsecurity_cdsa_client.a */; }; + DCD06BD31D8E1628007602F1 /* libsecurity_ocspd.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BC9351D8B7F6A00070CB0 /* libsecurity_ocspd.a */; }; + DCD06BD41D8E1644007602F1 /* libsecurity_apple_x509_cl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCF7884E1D88CA7200E694BB /* libsecurity_apple_x509_cl.a */; }; + DCD06BD51D8E173A007602F1 /* libsecurity_codesigning.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCD0677F1D8CDF19007602F1 /* libsecurity_codesigning.a */; }; + DCD06BD61D8E175D007602F1 /* libsecurity_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCD06AB01D8E0D53007602F1 /* libsecurity_utilities.a */; }; + DCD06BD71D8E17A0007602F1 /* libsecurity_codesigning.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCD0677F1D8CDF19007602F1 /* libsecurity_codesigning.a */; }; + DCD22D4B1D8CBF54001C9B81 /* libASN1_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC8834081D8A218F00CE0ACA /* libASN1_not_installed.a */; }; + DCD22D4C1D8CBF7E001C9B81 /* libsecurityd_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC6A82921D87749900418608 /* libsecurityd_client.a */; }; + DCD22D4D1D8CBF95001C9B81 /* libsecurity_cdsa_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCB341821D8A2B860054D16E /* libsecurity_cdsa_utilities.a */; }; + DCD22D4E1D8CBFAB001C9B81 /* libsecurity_cdsa_utils.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BC58C1D8B70E700070CB0 /* libsecurity_cdsa_utils.a */; }; + DCD22D511D8CC039001C9B81 /* libsecurity_cdsa_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCB341821D8A2B860054D16E /* libsecurity_cdsa_utilities.a */; }; + DCD22D521D8CC053001C9B81 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789041D77980500B50D50 /* Security.framework */; }; + DCD22D531D8CC0EF001C9B81 /* libASN1_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC8834081D8A218F00CE0ACA /* libASN1_not_installed.a */; }; + DCD22D541D8CC0FC001C9B81 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DCD22D551D8CC148001C9B81 /* libsecurity_keychain_regressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCB3443E1D8A34FD0054D16E /* libsecurity_keychain_regressions.a */; }; + DCD22D561D8CC154001C9B81 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DCD22D571D8CC196001C9B81 /* libsecurity_ssl_regressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCA1A1D8B82B000070CB0 /* libsecurity_ssl_regressions.a */; }; + DCD22D581D8CC1FA001C9B81 /* libASN1_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC8834081D8A218F00CE0ACA /* libASN1_not_installed.a */; }; + DCD22D591D8CC200001C9B81 /* libsecurity_cdsa_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCB340951D8A267C0054D16E /* libsecurity_cdsa_client.a */; }; + DCD22D5A1D8CC205001C9B81 /* libsecurity_cdsa_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCB341821D8A2B860054D16E /* libsecurity_cdsa_utilities.a */; }; + DCD22D5B1D8CC20D001C9B81 /* libsecurity_cdsa_utils.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BC58C1D8B70E700070CB0 /* libsecurity_cdsa_utils.a */; }; + DCD22D5C1D8CC224001C9B81 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DCD22D5E1D8CC269001C9B81 /* libsecurity_keychain_regressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCB3443E1D8A34FD0054D16E /* libsecurity_keychain_regressions.a */; }; + DCD22D5F1D8CC294001C9B81 /* libsecurity_ssl_regressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCA1A1D8B82B000070CB0 /* libsecurity_ssl_regressions.a */; }; + DCD22D601D8CC2EF001C9B81 /* libASN1_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC8834081D8A218F00CE0ACA /* libASN1_not_installed.a */; }; + DCD22D611D8CC2F8001C9B81 /* libbsm.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 107227350D91FE89003CF14F /* libbsm.dylib */; }; + DCD22D621D8CC326001C9B81 /* libSecItemShimOSX.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EE6E1D80D82600B0A59C /* libSecItemShimOSX.a */; }; + DCD22D631D8CC33A001C9B81 /* libSOSRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52EC681D80D0C400B0A59C /* libSOSRegressions.a */; }; + DCD22D641D8CC341001C9B81 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DCD22D651D8CC349001C9B81 /* libutilitiesRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCD481D8C694700070CB0 /* libutilitiesRegressions.a */; }; + DCD22D6A1D8CC601001C9B81 /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E71F3E3016EA69A900FAF9B4 /* SystemConfiguration.framework */; }; + DCD22D6B1D8CC685001C9B81 /* AppleSystemInfo.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC610A3F1D78F2FF002223DE /* AppleSystemInfo.framework */; }; + DCD22D6C1D8CC6FD001C9B81 /* libsecurityd_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC6A82921D87749900418608 /* libsecurityd_client.a */; }; + DCD22D6D1D8CC708001C9B81 /* libsecurityd_server.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0067C01D87876F005AF8DB /* libsecurityd_server.a */; }; + DCD22D6E1D8CC71D001C9B81 /* libsecurity_cdsa_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCB341821D8A2B860054D16E /* libsecurity_cdsa_utilities.a */; }; + DCD22D6F1D8CC728001C9B81 /* libsecurity_cdsa_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DCB340951D8A267C0054D16E /* libsecurity_cdsa_client.a */; }; + DCD22D701D8CC733001C9B81 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DCD22D711D8CC78E001C9B81 /* libASN1_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC8834081D8A218F00CE0ACA /* libASN1_not_installed.a */; }; + DCD22D721D8CC804001C9B81 /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E71F3E3016EA69A900FAF9B4 /* SystemConfiguration.framework */; }; + DCD22D731D8CC828001C9B81 /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E71F3E3016EA69A900FAF9B4 /* SystemConfiguration.framework */; }; + DCD22D741D8CC85E001C9B81 /* libASN1_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC8834081D8A218F00CE0ACA /* libASN1_not_installed.a */; }; + DCD22D751D8CC8A5001C9B81 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DCD22D761D8CC8CF001C9B81 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DCD22D771D8CC9CD001C9B81 /* libASN1_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC8834081D8A218F00CE0ACA /* libASN1_not_installed.a */; }; + DCD22D781D8CC9D8001C9B81 /* libsecurity_ssl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BC9CF1D8B824700070CB0 /* libsecurity_ssl.a */; }; + DCD22D791D8CC9F1001C9B81 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DCD22D801D8CCB0F001C9B81 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DCD22D851D8CCBB6001C9B81 /* libsecurityd_ios.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E7C21D80BC8000B0A59C /* libsecurityd_ios.a */; }; + DCD22D861D8CCBBB001C9B81 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8C61D80C25800B0A59C /* libSecureObjectSync.a */; }; + DCD22D871D8CCBEA001C9B81 /* libsecurityd_ios.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E7C21D80BC8000B0A59C /* libsecurityd_ios.a */; settings = {ATTRIBUTES = (Weak, ); }; }; + DCD22D881D8CCBEF001C9B81 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8C61D80C25800B0A59C /* libSecureObjectSync.a */; settings = {ATTRIBUTES = (Weak, ); }; }; + DCD22D891D8CCC1F001C9B81 /* libsecurityd_ios.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E7C21D80BC8000B0A59C /* libsecurityd_ios.a */; }; + DCD22D8A1D8CCC23001C9B81 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC52E8C61D80C25800B0A59C /* libSecureObjectSync.a */; }; + DCD22D8B1D8CCC58001C9B81 /* libASN1_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC8834081D8A218F00CE0ACA /* libASN1_not_installed.a */; }; + DCD22D8C1D8CCC63001C9B81 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DCD22D8D1D8CCC79001C9B81 /* libregressionBase.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCBFD1D8C648C00070CB0 /* libregressionBase.a */; }; + DCD22D901D8CCCA0001C9B81 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DCD22D911D8CCCB7001C9B81 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DCD22D921D8CCD09001C9B81 /* libsecurity_ssl_regressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCA1A1D8B82B000070CB0 /* libsecurity_ssl_regressions.a */; }; + DCD22D931D8CCD17001C9B81 /* libASN1_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC8834081D8A218F00CE0ACA /* libASN1_not_installed.a */; }; + DCD22D941D8CCDFA001C9B81 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DCD22D951D8CCE5E001C9B81 /* libutilitiesRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCD481D8C694700070CB0 /* libutilitiesRegressions.a */; }; + DCD22D961D8CCF08001C9B81 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DCD22D971D8CCF53001C9B81 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DCD22D981D8CCF78001C9B81 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DCD22D991D8CCFB4001C9B81 /* libsecurity_ssl_regressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCA1A1D8B82B000070CB0 /* libsecurity_ssl_regressions.a */; }; + DCD22D9A1D8CCFC1001C9B81 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; + DCD22D9B1D8CCFCB001C9B81 /* libASN1_not_installed.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC8834081D8A218F00CE0ACA /* libASN1_not_installed.a */; }; + DCD22D9C1D8CCFD6001C9B81 /* libutilitiesRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCD481D8C694700070CB0 /* libutilitiesRegressions.a */; }; + DCD66DB21D8204F500DB1393 /* SecSignatureVerificationSupport.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E8E1D8085FC00865A7C /* SecSignatureVerificationSupport.c */; }; + DCD66DB31D8204FB00DB1393 /* SecServerEncryptionSupport.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E8A1D8085FC00865A7C /* SecServerEncryptionSupport.c */; }; + DCD66DB41D82050000DB1393 /* SecRSAKey.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E851D8085FC00865A7C /* SecRSAKey.c */; }; + DCD66DB51D82050500DB1393 /* SecECKey.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E491D8085FC00865A7C /* SecECKey.c */; }; + DCD66DB61D82050900DB1393 /* SecKey.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E601D8085FC00865A7C /* SecKey.c */; }; + DCD66DB71D82050E00DB1393 /* SecTrustStore.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E971D8085FC00865A7C /* SecTrustStore.c */; }; + DCD66DB91D82051900DB1393 /* SecTrust.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E901D8085FC00865A7C /* SecTrust.c */; }; + DCD66DBA1D82052000DB1393 /* SecPolicyLeafCallbacks.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E7F1D8085FC00865A7C /* SecPolicyLeafCallbacks.c */; }; + DCD66DBB1D82052700DB1393 /* SecPolicy.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E7E1D8085FC00865A7C /* SecPolicy.c */; }; + DCD66DBC1D82052B00DB1393 /* SecKeyAdaptors.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E621D8085FC00865A7C /* SecKeyAdaptors.c */; }; + DCD66DBD1D82053100DB1393 /* SecCertificatePath.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E3B1D8085FC00865A7C /* SecCertificatePath.c */; }; + DCD66DBE1D82053700DB1393 /* SecBase64.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E351D8085FC00865A7C /* SecBase64.c */; }; + DCD66DBF1D82053E00DB1393 /* SecDigest.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E481D8085FC00865A7C /* SecDigest.c */; }; + DCD66DC01D82054500DB1393 /* SecCertificate.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E381D8085FC00865A7C /* SecCertificate.c */; }; + DCD66DC11D82055400DB1393 /* SecTrustInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78E921D8085FC00865A7C /* SecTrustInternal.h */; }; + DCD66DDC1D8205E500DB1393 /* SecOTRUtils.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E791D8085FC00865A7C /* SecOTRUtils.c */; }; + DCD66DDD1D8205FB00DB1393 /* SecOTRDHKey.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E691D8085FC00865A7C /* SecOTRDHKey.c */; }; + DCD66DDE1D8205FB00DB1393 /* SecOTRFullIdentity.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E6C1D8085FC00865A7C /* SecOTRFullIdentity.c */; }; + DCD66DDF1D8205FB00DB1393 /* SecOTRMath.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E6E1D8085FC00865A7C /* SecOTRMath.c */; }; + DCD66DE01D8205FB00DB1393 /* SecOTRPacketData.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E701D8085FC00865A7C /* SecOTRPacketData.c */; }; + DCD66DE11D8205FB00DB1393 /* SecOTRPackets.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E721D8085FC00865A7C /* SecOTRPackets.c */; }; + DCD66DE21D8205FB00DB1393 /* SecOTRPublicIdentity.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E741D8085FC00865A7C /* SecOTRPublicIdentity.c */; }; + DCD66DE31D8205FB00DB1393 /* SecOTRSession.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E751D8085FC00865A7C /* SecOTRSession.c */; }; + DCD66DE41D8205FB00DB1393 /* SecOTRSessionAKE.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78E771D8085FC00865A7C /* SecOTRSessionAKE.c */; }; + DCDCC7E31D9B54EE006487E8 /* secd-202-recoverykey.m in Sources */ = {isa = PBXBuildFile; fileRef = DCDCC7DD1D9B54DF006487E8 /* secd-202-recoverykey.m */; }; + DCDCC7E51D9B5526006487E8 /* SOSAccountSync.c in Sources */ = {isa = PBXBuildFile; fileRef = DCDCC7E41D9B551C006487E8 /* SOSAccountSync.c */; }; + DCDF0A4F1D81D76F007AF174 /* Security.exp-in in Sources */ = {isa = PBXBuildFile; fileRef = 4CB7405F0A47498100D641BB /* Security.exp-in */; }; + DCE4E6921D7A37FA00AFB96E /* security_tool_commands.c in Sources */ = {isa = PBXBuildFile; fileRef = E7104A0B169E171900DB0045 /* security_tool_commands.c */; }; + DCE4E6931D7A37FA00AFB96E /* NSFileHandle+Formatting.m in Sources */ = {isa = PBXBuildFile; fileRef = E78A9AD91D34959200006B5B /* NSFileHandle+Formatting.m */; }; + DCE4E6961D7A37FA00AFB96E /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E43C48C1B00D07000E5ECB2 /* CoreFoundation.framework */; }; + DCE4E69B1D7A37FA00AFB96E /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF8C1A01472C000958DC /* libaks_acl.a */; }; + DCE4E69E1D7A37FA00AFB96E /* CFNetwork.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CF730310EF9CDE300E17471 /* CFNetwork.framework */; }; + DCE4E69F1D7A37FA00AFB96E /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E71F3E3016EA69A900FAF9B4 /* SystemConfiguration.framework */; }; + DCE4E6A01D7A37FA00AFB96E /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; + DCE4E6A81D7A38C400AFB96E /* security2.1 in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCE4E6A71D7A38C000AFB96E /* security2.1 */; }; + DCE4E6AB1D7A3B0800AFB96E /* libbsm.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 107227350D91FE89003CF14F /* libbsm.dylib */; }; + DCE4E6AC1D7A3B5000AFB96E /* libACM.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC610A3A1D78F228002223DE /* libACM.a */; }; + DCE4E6AD1D7A3B9700AFB96E /* libaks.a in Frameworks */ = {isa = PBXBuildFile; fileRef = EB2CA4D81D2C28C800AB770F /* libaks.a */; }; + DCE4E6AE1D7A3C6A00AFB96E /* AppleSystemInfo.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC610A3F1D78F2FF002223DE /* AppleSystemInfo.framework */; }; + DCE4E7541D7A43B500AFB96E /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; + DCE4E75E1D7A43B500AFB96E /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5E43C48C1B00D07000E5ECB2 /* CoreFoundation.framework */; }; + DCE4E7681D7A43B500AFB96E /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CBCE5A90BE7F69100FF81F5 /* IOKit.framework */; }; + DCE4E76D1D7A43B500AFB96E /* nist-certs in Resources */ = {isa = PBXBuildFile; fileRef = D4D886E81CEBDD2A00DC7583 /* nist-certs */; }; + DCE4E76E1D7A43B500AFB96E /* ssl-policy-certs in Resources */ = {isa = PBXBuildFile; fileRef = D4D886BE1CEB9F3B00DC7583 /* ssl-policy-certs */; }; + DCE4E76F1D7A43B500AFB96E /* si-20-sectrust-policies-data in Resources */ = {isa = PBXBuildFile; fileRef = D4EC94FA1CEA482D0083E753 /* si-20-sectrust-policies-data */; }; + DCE4E7701D7A43B500AFB96E /* si-82-sectrust-ct-data in Resources */ = {isa = PBXBuildFile; fileRef = 0C0C88771CCEC5BD00617D1B /* si-82-sectrust-ct-data */; }; + DCE4E7721D7A43B500AFB96E /* Invalid-asterisk.google.com.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = 4C50ACFD1410671D00EE92DE /* Invalid-asterisk.google.com.crt */; }; + DCE4E7731D7A43B500AFB96E /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = 4C50ACFE1410671D00EE92DE /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt */; }; + DCE4E7741D7A43B500AFB96E /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = 4C50ACFF1410671D00EE92DE /* Invalid-webmail.terneuzen.nl-diginotar-services.crt */; }; + DCE4E7751D7A43B500AFB96E /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD001410671D00EE92DE /* Invalid-www.maestre.com-diginotal.extended.validation.crt */; }; + DCE4E7761D7A43B500AFB96E /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD011410671D00EE92DE /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt */; }; + DCE4E7771D7A43B500AFB96E /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD021410671D00EE92DE /* diginotar-public-ca-2025-Cert.crt */; }; + DCE4E7781D7A43B500AFB96E /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD031410671D00EE92DE /* diginotar-services-1024-entrust-secure-server-Cert.crt */; }; + DCE4E7791D7A43B500AFB96E /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD041410671D00EE92DE /* diginotar-services-diginotar-root-Cert.crt */; }; + DCE4E77A1D7A43B500AFB96E /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD051410671D00EE92DE /* diginotar.cyberca-gte.global.root-Cert.crt */; }; + DCE4E77B1D7A43B500AFB96E /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD061410671D00EE92DE /* diginotar.extended.validation-diginotar.root.ca-Cert.crt */; }; + DCE4E77C1D7A43B500AFB96E /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = 4C3CECEA1416DB2200947741 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt */; }; + DCE4E77D1D7A43B500AFB96E /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = 4C3CECEB1416DB2200947741 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt */; }; + DCE4E77E1D7A43B500AFB96E /* Invalid-diginotarpkioverheidcaoverheid.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = 4C3CECEC1416DB2200947741 /* Invalid-diginotarpkioverheidcaoverheid.crt */; }; + DCE4E77F1D7A43B500AFB96E /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = 4C3CECED1416DB2200947741 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt */; }; + DCE4E7801D7A43B500AFB96E /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = 4C3CECEE1416DB2200947741 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt */; }; + DCE4E7811D7A43B500AFB96E /* staatdernederlandenorganisatieca-g2-Cert.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = 4C3CECF01416DB2200947741 /* staatdernederlandenorganisatieca-g2-Cert.crt */; }; + DCE4E7821D7A43B500AFB96E /* staatdernederlandenoverheidca-Cert.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = 4C3CECF11416DB2200947741 /* staatdernederlandenoverheidca-Cert.crt */; }; + DCE4E7831D7A43B500AFB96E /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar Resources */ = {isa = PBXBuildFile; fileRef = 4C8B91C51416EB6A00A254E2 /* Invalid-webmail.portofamsterdam.nl.crt */; }; + DCE4E7851D7A43B500AFB96E /* Invalid-asterisk.google.com.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = 4C50ACFD1410671D00EE92DE /* Invalid-asterisk.google.com.crt */; }; + DCE4E7861D7A43B500AFB96E /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = 4C50ACFE1410671D00EE92DE /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt */; }; + DCE4E7871D7A43B500AFB96E /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = 4C50ACFF1410671D00EE92DE /* Invalid-webmail.terneuzen.nl-diginotar-services.crt */; }; + DCE4E7881D7A43B500AFB96E /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD001410671D00EE92DE /* Invalid-www.maestre.com-diginotal.extended.validation.crt */; }; + DCE4E7891D7A43B500AFB96E /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD011410671D00EE92DE /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt */; }; + DCE4E78A1D7A43B500AFB96E /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD021410671D00EE92DE /* diginotar-public-ca-2025-Cert.crt */; }; + DCE4E78B1D7A43B500AFB96E /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD031410671D00EE92DE /* diginotar-services-1024-entrust-secure-server-Cert.crt */; }; + DCE4E78C1D7A43B500AFB96E /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD041410671D00EE92DE /* diginotar-services-diginotar-root-Cert.crt */; }; + DCE4E78D1D7A43B500AFB96E /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD051410671D00EE92DE /* diginotar.cyberca-gte.global.root-Cert.crt */; }; + DCE4E78E1D7A43B500AFB96E /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD061410671D00EE92DE /* diginotar.extended.validation-diginotar.root.ca-Cert.crt */; }; + DCE4E78F1D7A43B500AFB96E /* diginotar.root.ca-entrust-secure-server-Cert.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD071410671D00EE92DE /* diginotar.root.ca-entrust-secure-server-Cert.crt */; }; + DCE4E7901D7A43B500AFB96E /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = 4C3CECEA1416DB2200947741 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt */; }; + DCE4E7911D7A43B500AFB96E /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = 4C3CECEB1416DB2200947741 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt */; }; + DCE4E7921D7A43B500AFB96E /* Invalid-diginotarpkioverheidcaoverheid.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = 4C3CECEC1416DB2200947741 /* Invalid-diginotarpkioverheidcaoverheid.crt */; }; + DCE4E7931D7A43B500AFB96E /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = 4C3CECED1416DB2200947741 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt */; }; + DCE4E7941D7A43B500AFB96E /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = 4C3CECEE1416DB2200947741 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt */; }; + DCE4E7951D7A43B500AFB96E /* staatdernederlandenorganisatieca-g2-Cert.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = 4C3CECF01416DB2200947741 /* staatdernederlandenorganisatieca-g2-Cert.crt */; }; + DCE4E7961D7A43B500AFB96E /* staatdernederlandenoverheidca-Cert.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = 4C3CECF11416DB2200947741 /* staatdernederlandenoverheidca-Cert.crt */; }; + DCE4E7971D7A43B500AFB96E /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar-Entrust Resources */ = {isa = PBXBuildFile; fileRef = 4C8B91C51416EB6A00A254E2 /* Invalid-webmail.portofamsterdam.nl.crt */; }; + DCE4E7991D7A43B500AFB96E /* DigiNotarCA2007RootCertificate.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = 4C50ACFC1410671D00EE92DE /* DigiNotarCA2007RootCertificate.crt */; }; + DCE4E79A1D7A43B500AFB96E /* DigiNotar_Root_CA_G2-RootCertificate.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = 4C3CECF21416E20400947741 /* DigiNotar_Root_CA_G2-RootCertificate.crt */; }; + DCE4E79B1D7A43B500AFB96E /* Invalid-asterisk.google.com.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = 4C50ACFD1410671D00EE92DE /* Invalid-asterisk.google.com.crt */; }; + DCE4E79C1D7A43B500AFB96E /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = 4C50ACFE1410671D00EE92DE /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt */; }; + DCE4E79D1D7A43B500AFB96E /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = 4C50ACFF1410671D00EE92DE /* Invalid-webmail.terneuzen.nl-diginotar-services.crt */; }; + DCE4E79E1D7A43B500AFB96E /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD001410671D00EE92DE /* Invalid-www.maestre.com-diginotal.extended.validation.crt */; }; + DCE4E79F1D7A43B500AFB96E /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD011410671D00EE92DE /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt */; }; + DCE4E7A01D7A43B500AFB96E /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD021410671D00EE92DE /* diginotar-public-ca-2025-Cert.crt */; }; + DCE4E7A11D7A43B500AFB96E /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD031410671D00EE92DE /* diginotar-services-1024-entrust-secure-server-Cert.crt */; }; + DCE4E7A21D7A43B500AFB96E /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD041410671D00EE92DE /* diginotar-services-diginotar-root-Cert.crt */; }; + DCE4E7A31D7A43B500AFB96E /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD051410671D00EE92DE /* diginotar.cyberca-gte.global.root-Cert.crt */; }; + DCE4E7A41D7A43B500AFB96E /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD061410671D00EE92DE /* diginotar.extended.validation-diginotar.root.ca-Cert.crt */; }; + DCE4E7A51D7A43B500AFB96E /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = 4C3CECEA1416DB2200947741 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt */; }; + DCE4E7A61D7A43B500AFB96E /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = 4C8B91C51416EB6A00A254E2 /* Invalid-webmail.portofamsterdam.nl.crt */; }; + DCE4E7A71D7A43B500AFB96E /* Expectations.plist in Copy DigiNotar-ok Resources */ = {isa = PBXBuildFile; fileRef = 4C50AD2F1410689300EE92DE /* Expectations.plist */; }; + DCE4E7A91D7A43B500AFB96E /* Digisign-Server-ID-Enrich-Entrust-Cert.crt in Copy DigiCertMalaysia Resources */ = {isa = PBXBuildFile; fileRef = 79679E251462028800CF997F /* Digisign-Server-ID-Enrich-Entrust-Cert.crt */; }; + DCE4E7AA1D7A43B500AFB96E /* Digisign-Server-ID-Enrich-GTETrust-Cert.crt in Copy DigiCertMalaysia Resources */ = {isa = PBXBuildFile; fileRef = 7947431C146214E500D638A3 /* Digisign-Server-ID-Enrich-GTETrust-Cert.crt */; }; + DCE4E7AB1D7A43B500AFB96E /* Invalid-webmail.jaring.my.crt in Copy DigiCertMalaysia Resources */ = {isa = PBXBuildFile; fileRef = 79679E261462028800CF997F /* Invalid-webmail.jaring.my.crt */; }; + DCE4E7AC1D7A43B500AFB96E /* Invalid-www.cybersecurity.my.crt in Copy DigiCertMalaysia Resources */ = {isa = PBXBuildFile; fileRef = 794743191462137C00D638A3 /* Invalid-www.cybersecurity.my.crt */; }; + DCE4E7B41D7A43DC00AFB96E /* si-82-sectrust-ct-logs.plist in Resources */ = {isa = PBXBuildFile; fileRef = DCE4E72E1D7A436300AFB96E /* si-82-sectrust-ct-logs.plist */; }; + DCE4E7B51D7A43FF00AFB96E /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E6D71D7A420D00AFB96E /* main.m */; }; + DCE4E7B61D7A440A00AFB96E /* bc-10-knife-on-bread.m in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E6D41D7A41E400AFB96E /* bc-10-knife-on-bread.m */; }; + DCE4E7BF1D7A463400AFB96E /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789041D77980500B50D50 /* Security.framework */; }; + DCE4E7C11D7A463E00AFB96E /* SecurityFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DCE4E7C01D7A463E00AFB96E /* SecurityFoundation.framework */; }; + DCE4E7C41D7A465500AFB96E /* libsecurity_smime_regressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC17844B1D77869A00B50D50 /* libsecurity_smime_regressions.a */; }; + DCE4E7C61D7A468300AFB96E /* libaks.a in Frameworks */ = {isa = PBXBuildFile; fileRef = EB2CA4D81D2C28C800AB770F /* libaks.a */; }; + DCE4E7DF1D7A4B4C00AFB96E /* bc-10-knife-on-bread.m in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E6D41D7A41E400AFB96E /* bc-10-knife-on-bread.m */; }; + DCE4E7E21D7A4B7F00AFB96E /* main.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E7E11D7A4B7F00AFB96E /* main.c */; }; + DCE4E7E41D7A4B8F00AFB96E /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7D848541C6C1D9C0025BB44 /* Foundation.framework */; }; + DCE4E7E71D7A4B9C00AFB96E /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789261D7799D300B50D50 /* IOKit.framework */; }; + DCE4E7E81D7A4BA400AFB96E /* libsecurity_smime_regressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC17844B1D77869A00B50D50 /* libsecurity_smime_regressions.a */; }; + DCE4E7EA1D7A4BAE00AFB96E /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789241D7799CD00B50D50 /* CoreFoundation.framework */; }; + DCE4E7EB1D7A4BB200AFB96E /* SecurityFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DCE4E6E71D7A427200AFB96E /* SecurityFoundation.framework */; }; + DCE4E7EC1D7A4BB800AFB96E /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789041D77980500B50D50 /* Security.framework */; }; + DCE4E7EF1D7A4BCB00AFB96E /* libaks.a in Frameworks */ = {isa = PBXBuildFile; fileRef = EB2CA4D81D2C28C800AB770F /* libaks.a */; }; + DCE4E8071D7A4DE200AFB96E /* server.c in Sources */ = {isa = PBXBuildFile; fileRef = 790850840CA87CF00083CC4D /* server.c */; }; + DCE4E80A1D7A4E1D00AFB96E /* com.apple.secd.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCE4E8091D7A4E1C00AFB96E /* com.apple.secd.plist */; }; + DCE4E80E1D7A4E3B00AFB96E /* com.apple.securityd.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCE4E80D1D7A4E3A00AFB96E /* com.apple.securityd.plist */; }; + DCE4E80F1D7A4E4600AFB96E /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789041D77980500B50D50 /* Security.framework */; }; + DCE4E8121D7A4E4F00AFB96E /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789261D7799D300B50D50 /* IOKit.framework */; }; + DCE4E8131D7A4E5300AFB96E /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789241D7799CD00B50D50 /* CoreFoundation.framework */; }; + DCE4E8151D7A4E6F00AFB96E /* CFNetwork.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DCE4E8141D7A4E6F00AFB96E /* CFNetwork.framework */; }; + DCE4E81C1D7A4E8F00AFB96E /* libsqlite3.0.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DCE4E81B1D7A4E8F00AFB96E /* libsqlite3.0.dylib */; }; + DCE4E81F1D7A4EA700AFB96E /* libctkclient.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4469FBDD1AA0A45C0021AA26 /* libctkclient.a */; }; + DCE4E8201D7A4EAC00AFB96E /* libcoreauthd_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF6A1A01458F000958DC /* libcoreauthd_client.a */; }; + DCE4E8211D7A4EB800AFB96E /* libbsm.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789181D77998C00B50D50 /* libbsm.dylib */; }; + DCE4E8231D7A4EC900AFB96E /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF8C1A01472C000958DC /* libaks_acl.a */; }; + DCE4E8241D7A4ECD00AFB96E /* libaks.a in Frameworks */ = {isa = PBXBuildFile; fileRef = EB2CA4D81D2C28C800AB770F /* libaks.a */; }; + DCE4E8251D7A4EE400AFB96E /* libACM.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC610A3A1D78F228002223DE /* libACM.a */; }; + DCE4E8261D7A4EEC00AFB96E /* libDiagnosticMessagesClient.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789121D7798B300B50D50 /* libDiagnosticMessagesClient.dylib */; }; + DCE4E8281D7A4F1600AFB96E /* login.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DCE4E8271D7A4F0E00AFB96E /* login.framework */; }; + DCE4E82C1D7A56FF00AFB96E /* AppleSystemInfo.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC610A3F1D78F2FF002223DE /* AppleSystemInfo.framework */; }; + DCE4E8391D7A57AE00AFB96E /* server.c in Sources */ = {isa = PBXBuildFile; fileRef = 790850840CA87CF00083CC4D /* server.c */; }; + DCE4E83B1D7A57AE00AFB96E /* login.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DCE4E8271D7A4F0E00AFB96E /* login.framework */; }; + DCE4E83C1D7A57AE00AFB96E /* libDiagnosticMessagesClient.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789121D7798B300B50D50 /* libDiagnosticMessagesClient.dylib */; }; + DCE4E83D1D7A57AE00AFB96E /* libACM.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC610A3A1D78F228002223DE /* libACM.a */; }; + DCE4E83E1D7A57AE00AFB96E /* libaks.a in Frameworks */ = {isa = PBXBuildFile; fileRef = EB2CA4D81D2C28C800AB770F /* libaks.a */; }; + DCE4E83F1D7A57AE00AFB96E /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF8C1A01472C000958DC /* libaks_acl.a */; }; + DCE4E8411D7A57AE00AFB96E /* libbsm.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789181D77998C00B50D50 /* libbsm.dylib */; }; + DCE4E8421D7A57AE00AFB96E /* libcoreauthd_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF6A1A01458F000958DC /* libcoreauthd_client.a */; }; + DCE4E8431D7A57AE00AFB96E /* libctkclient.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4469FBDD1AA0A45C0021AA26 /* libctkclient.a */; }; + DCE4E84C1D7A57AE00AFB96E /* CFNetwork.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DCE4E8141D7A4E6F00AFB96E /* CFNetwork.framework */; }; + DCE4E84D1D7A57AE00AFB96E /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789241D7799CD00B50D50 /* CoreFoundation.framework */; }; + DCE4E84E1D7A57AE00AFB96E /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789261D7799D300B50D50 /* IOKit.framework */; }; + DCE4E8501D7A57AE00AFB96E /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789041D77980500B50D50 /* Security.framework */; }; + DCE4E8511D7A57AE00AFB96E /* AppleSystemInfo.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC610A3F1D78F2FF002223DE /* AppleSystemInfo.framework */; }; + DCE4E85F1D7A586200AFB96E /* com.apple.trustd.agent.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCE4E85B1D7A583A00AFB96E /* com.apple.trustd.agent.plist */; }; + DCE4E8601D7A586A00AFB96E /* com.apple.trustd.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCE4E85C1D7A584000AFB96E /* com.apple.trustd.plist */; }; + DCE4E8B31D7F353900AFB96E /* agent.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8A11D7F353900AFB96E /* agent.c */; }; + DCE4E8B41D7F353900AFB96E /* authdb.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8A21D7F353900AFB96E /* authdb.c */; }; + DCE4E8B51D7F353900AFB96E /* authitems.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8A31D7F353900AFB96E /* authitems.c */; }; + DCE4E8B61D7F353900AFB96E /* authtoken.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8A41D7F353900AFB96E /* authtoken.c */; }; + DCE4E8B71D7F353900AFB96E /* authutilities.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8A51D7F353900AFB96E /* authutilities.c */; }; + DCE4E8B81D7F353900AFB96E /* ccaudit.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8A61D7F353900AFB96E /* ccaudit.c */; }; + DCE4E8B91D7F353900AFB96E /* crc.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8A71D7F353900AFB96E /* crc.c */; }; + DCE4E8BA1D7F353900AFB96E /* credential.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8A81D7F353900AFB96E /* credential.c */; }; + DCE4E8BB1D7F353900AFB96E /* debugging.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8A91D7F353900AFB96E /* debugging.c */; }; + DCE4E8BC1D7F353900AFB96E /* engine.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8AA1D7F353900AFB96E /* engine.c */; }; + DCE4E8BD1D7F353900AFB96E /* main.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8AB1D7F353900AFB96E /* main.c */; }; + DCE4E8BE1D7F353900AFB96E /* mechanism.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8AC1D7F353900AFB96E /* mechanism.c */; }; + DCE4E8BF1D7F353900AFB96E /* object.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8AD1D7F353900AFB96E /* object.c */; }; + DCE4E8C01D7F353900AFB96E /* process.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8AE1D7F353900AFB96E /* process.c */; }; + DCE4E8C11D7F353900AFB96E /* rule.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8AF1D7F353900AFB96E /* rule.c */; }; + DCE4E8C21D7F353900AFB96E /* server.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8B01D7F353900AFB96E /* server.c */; }; + DCE4E8C31D7F353900AFB96E /* session.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8B11D7F353900AFB96E /* session.c */; }; + DCE4E8C41D7F353900AFB96E /* connection.c in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8B21D7F353900AFB96E /* connection.c */; }; + DCE4E8C51D7F354300AFB96E /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789261D7799D300B50D50 /* IOKit.framework */; }; + DCE4E8C61D7F354700AFB96E /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789241D7799CD00B50D50 /* CoreFoundation.framework */; }; + DCE4E8C71D7F355900AFB96E /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789041D77980500B50D50 /* Security.framework */; }; + DCE4E8C81D7F355F00AFB96E /* libbsm.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789181D77998C00B50D50 /* libbsm.dylib */; }; + DCE4E8C91D7F356500AFB96E /* libsqlite3.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = DC17891E1D77999D00B50D50 /* libsqlite3.dylib */; }; + DCE4E8CD1D7F359F00AFB96E /* authorization.plist in Copy authorization.plist */ = {isa = PBXBuildFile; fileRef = DCE4E8CB1D7F357C00AFB96E /* authorization.plist */; }; + DCE4E8D01D7F35BB00AFB96E /* com.apple.authd.sb in Copy sandbox profile */ = {isa = PBXBuildFile; fileRef = DCE4E8CF1D7F35B800AFB96E /* com.apple.authd.sb */; }; + DCE4E8D31D7F35D800AFB96E /* com.apple.authd in Copy asl module */ = {isa = PBXBuildFile; fileRef = DCE4E8D21D7F35D200AFB96E /* com.apple.authd */; }; + DCE4E8D61D7F361F00AFB96E /* authd_private.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCE4E8D51D7F361D00AFB96E /* authd_private.h */; }; + DCE4E8F61D7F3A1100AFB96E /* KDSecCircle.m in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8F01D7F3A1100AFB96E /* KDSecCircle.m */; }; + DCE4E8F71D7F3A1100AFB96E /* KDCirclePeer.m in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8F11D7F3A1100AFB96E /* KDCirclePeer.m */; }; + DCE4E8F81D7F3A1100AFB96E /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8F21D7F3A1100AFB96E /* main.m */; }; + DCE4E8F91D7F3A1100AFB96E /* KDAppDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8F31D7F3A1100AFB96E /* KDAppDelegate.m */; }; + DCE4E8FA1D7F3A1100AFB96E /* KDSecItems.m in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8F41D7F3A1100AFB96E /* KDSecItems.m */; }; + DCE4E8FB1D7F3A1100AFB96E /* NSArray+mapWithBlock.m in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E8F51D7F3A1100AFB96E /* NSArray+mapWithBlock.m */; }; + DCE4E8FD1D7F3A1E00AFB96E /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789041D77980500B50D50 /* Security.framework */; }; + DCE4E8FF1D7F3A2300AFB96E /* Cocoa.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DCE4E8FE1D7F3A2300AFB96E /* Cocoa.framework */; }; + DCE4E9001D7F3A2700AFB96E /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789241D7799CD00B50D50 /* CoreFoundation.framework */; }; + DCE4E9011D7F3A3700AFB96E /* CloudServices.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C8A38C817B93DF10001B4C0 /* CloudServices.framework */; }; + DCE4E9081D7F3A4800AFB96E /* Icon.icns in Resources */ = {isa = PBXBuildFile; fileRef = DCE4E9031D7F3A4800AFB96E /* Icon.icns */; }; + DCE4E9091D7F3A4800AFB96E /* InfoPlist.strings in Resources */ = {isa = PBXBuildFile; fileRef = DCE4E9041D7F3A4800AFB96E /* InfoPlist.strings */; }; + DCE4E90A1D7F3A4800AFB96E /* Credits.rtf in Resources */ = {isa = PBXBuildFile; fileRef = DCE4E9061D7F3A4800AFB96E /* Credits.rtf */; }; + DCE4E92B1D7F3D7C00AFB96E /* KDSecCircle.m in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E9221D7F3D7B00AFB96E /* KDSecCircle.m */; }; + DCE4E92C1D7F3D7C00AFB96E /* KNPersistentState.m in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E9231D7F3D7C00AFB96E /* KNPersistentState.m */; }; + DCE4E92D1D7F3D7C00AFB96E /* NSArray+mapWithBlock.m in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E9241D7F3D7C00AFB96E /* NSArray+mapWithBlock.m */; }; + DCE4E92E1D7F3D7C00AFB96E /* NSDictionary+compactDescription.m in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E9251D7F3D7C00AFB96E /* NSDictionary+compactDescription.m */; }; + DCE4E92F1D7F3D7C00AFB96E /* NSString+compactDescription.m in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E9261D7F3D7C00AFB96E /* NSString+compactDescription.m */; }; + DCE4E9301D7F3D7C00AFB96E /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E9271D7F3D7C00AFB96E /* main.m */; }; + DCE4E9311D7F3D7C00AFB96E /* KDCirclePeer.m in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E9281D7F3D7C00AFB96E /* KDCirclePeer.m */; }; + DCE4E9321D7F3D7C00AFB96E /* KNAppDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E9291D7F3D7C00AFB96E /* KNAppDelegate.m */; }; + DCE4E9331D7F3D7C00AFB96E /* NSSet+compactDescription.m in Sources */ = {isa = PBXBuildFile; fileRef = DCE4E92A1D7F3D7C00AFB96E /* NSSet+compactDescription.m */; }; + DCE4E9371D7F3DAF00AFB96E /* CloudServices.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C8A38C817B93DF10001B4C0 /* CloudServices.framework */; }; + DCE4E9381D7F3DB500AFB96E /* Cocoa.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DCE4E8FE1D7F3A2300AFB96E /* Cocoa.framework */; }; + DCE4E93A1D7F3DF500AFB96E /* CrashReporterSupport.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DCE4E9391D7F3DF200AFB96E /* CrashReporterSupport.framework */; }; + DCE4E93C1D7F3E0C00AFB96E /* AOSUI.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DCE4E93B1D7F3E0900AFB96E /* AOSUI.framework */; }; + DCE4E93D1D7F3E1600AFB96E /* AppleSystemInfo.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC610A3F1D78F2FF002223DE /* AppleSystemInfo.framework */; }; + DCE4E93F1D7F3E4000AFB96E /* AOSAccounts.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DCE4E93E1D7F3E4000AFB96E /* AOSAccounts.framework */; }; + DCE4E9401D7F3E4D00AFB96E /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1789041D77980500B50D50 /* Security.framework */; }; + DCE4E9421D7F3E6E00AFB96E /* CoreCDP.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DCE4E9411D7F3E6E00AFB96E /* CoreCDP.framework */; }; + DCE4E9491D7F3E8E00AFB96E /* Localizable.strings in Resources */ = {isa = PBXBuildFile; fileRef = DCE4E9441D7F3E8700AFB96E /* Localizable.strings */; }; + DCE4E94A1D7F3E8E00AFB96E /* com.apple.security.keychain-circle-notification.plist in Resources */ = {isa = PBXBuildFile; fileRef = DCE4E9461D7F3E8700AFB96E /* com.apple.security.keychain-circle-notification.plist */; }; + DCE4E94B1D7F3E8E00AFB96E /* InfoPlist.strings in Resources */ = {isa = PBXBuildFile; fileRef = DCE4E9471D7F3E8700AFB96E /* InfoPlist.strings */; }; + DCE4E9711D7F3EBB00AFB96E /* com.apple.security.keychain-circle-notification.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCE4E9461D7F3E8700AFB96E /* com.apple.security.keychain-circle-notification.plist */; }; + DCE809F31D9342BE00F91177 /* com.apple.securityd.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = DCEE1E851D93424D00DC0EB7 /* com.apple.securityd.plist */; }; + DCEDE3511D80B0FA00C3826E /* secd-71-engine-save-sample1.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78C651D8085D800865A7C /* secd-71-engine-save-sample1.h */; }; + DCEDE3901D80B10100C3826E /* SecOTRIdentityPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = 4AF7FFF615AFB73800B9D400 /* SecOTRIdentityPriv.h */; }; + DCEDE3911D80B10800C3826E /* SecCTKKeyPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78E451D8085FC00865A7C /* SecCTKKeyPriv.h */; }; + DCEDE3921D80B10E00C3826E /* SecOTRDHKey.h in Headers */ = {isa = PBXBuildFile; fileRef = 4AF7FFF415AFB73800B9D400 /* SecOTRDHKey.h */; }; + DCEDE3931D80B11200C3826E /* SecOTR.h in Headers */ = {isa = PBXBuildFile; fileRef = 4AF7FFF315AFB73800B9D400 /* SecOTR.h */; }; + DCEDE3941D80B11800C3826E /* SecPasswordGenerate.h in Headers */ = {isa = PBXBuildFile; fileRef = CDDE9BC31729AB910013B0E8 /* SecPasswordGenerate.h */; }; + DCEDE3951D80B12000C3826E /* secToolFileIO.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78D921D8085F200865A7C /* secToolFileIO.h */; }; + DCEDE3961D80B12600C3826E /* SecTrustInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = DCC78E921D8085FC00865A7C /* SecTrustInternal.h */; }; + DCEE1E861D93427400DC0EB7 /* com.apple.securityd.plist in Resources */ = {isa = PBXBuildFile; fileRef = DCE4E80D1D7A4E3A00AFB96E /* com.apple.securityd.plist */; }; + DCF7839D1D88B60D00E694BB /* aesCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783151D88B60D00E694BB /* aesCommon.h */; }; + DCF7839E1D88B60D00E694BB /* aescsp.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783161D88B60D00E694BB /* aescsp.cpp */; }; + DCF7839F1D88B60D00E694BB /* aescspi.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783171D88B60D00E694BB /* aescspi.h */; }; + DCF783A01D88B60D00E694BB /* boxes-ref.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF783181D88B60D00E694BB /* boxes-ref.c */; }; + DCF783A11D88B60D00E694BB /* boxes-ref.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783191D88B60D00E694BB /* boxes-ref.h */; }; + DCF783A21D88B60D00E694BB /* gladmanContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7831A1D88B60D00E694BB /* gladmanContext.cpp */; }; + DCF783A31D88B60D00E694BB /* gladmanContext.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7831B1D88B60D00E694BB /* gladmanContext.h */; }; + DCF783A41D88B60D00E694BB /* rijndael-alg-ref.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7831C1D88B60D00E694BB /* rijndael-alg-ref.c */; }; + DCF783A51D88B60D00E694BB /* rijndael-alg-ref.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7831D1D88B60D00E694BB /* rijndael-alg-ref.h */; }; + DCF783A61D88B60D00E694BB /* rijndaelApi.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7831E1D88B60D00E694BB /* rijndaelApi.c */; }; + DCF783A71D88B60D00E694BB /* rijndaelApi.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7831F1D88B60D00E694BB /* rijndaelApi.h */; }; + DCF783A81D88B60D00E694BB /* vRijndael-alg-ref.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF783201D88B60D00E694BB /* vRijndael-alg-ref.c */; }; + DCF783A91D88B60D00E694BB /* AppleCSP.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783221D88B60D00E694BB /* AppleCSP.cpp */; }; + DCF783AA1D88B60D00E694BB /* AppleCSP.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783231D88B60D00E694BB /* AppleCSP.h */; }; + DCF783AB1D88B60D00E694BB /* AppleCSPBuiltin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783241D88B60D00E694BB /* AppleCSPBuiltin.cpp */; }; + DCF783AC1D88B60D00E694BB /* AppleCSPContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783251D88B60D00E694BB /* AppleCSPContext.cpp */; }; + DCF783AD1D88B60D00E694BB /* AppleCSPContext.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783261D88B60D00E694BB /* AppleCSPContext.h */; }; + DCF783AE1D88B60D00E694BB /* AppleCSPKeys.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783271D88B60D00E694BB /* AppleCSPKeys.cpp */; }; + DCF783AF1D88B60D00E694BB /* AppleCSPKeys.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783281D88B60D00E694BB /* AppleCSPKeys.h */; }; + DCF783B11D88B60D00E694BB /* AppleCSPSession.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7832A1D88B60D00E694BB /* AppleCSPSession.h */; }; + DCF783B21D88B60D00E694BB /* AppleCSPUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7832B1D88B60D00E694BB /* AppleCSPUtils.cpp */; }; + DCF783B31D88B60D00E694BB /* AppleCSPUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7832C1D88B60D00E694BB /* AppleCSPUtils.h */; }; + DCF783B41D88B60D00E694BB /* BinaryKey.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7832D1D88B60D00E694BB /* BinaryKey.h */; }; + DCF783B51D88B60D00E694BB /* BlockCryptor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7832E1D88B60D00E694BB /* BlockCryptor.cpp */; }; + DCF783B61D88B60D00E694BB /* BlockCryptor.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7832F1D88B60D00E694BB /* BlockCryptor.h */; }; + DCF783B71D88B60D00E694BB /* cspdebugging.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF783301D88B60D00E694BB /* cspdebugging.c */; }; + DCF783B81D88B60D00E694BB /* cspdebugging.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783311D88B60D00E694BB /* cspdebugging.h */; }; + DCF783B91D88B60D00E694BB /* deriveKey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783321D88B60D00E694BB /* deriveKey.cpp */; }; + DCF783BA1D88B60D00E694BB /* DigestContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783331D88B60D00E694BB /* DigestContext.cpp */; }; + DCF783BB1D88B60D00E694BB /* DigestContext.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783341D88B60D00E694BB /* DigestContext.h */; }; + DCF783BC1D88B60D00E694BB /* MacContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783351D88B60D00E694BB /* MacContext.cpp */; }; + DCF783BD1D88B60D00E694BB /* MacContext.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783361D88B60D00E694BB /* MacContext.h */; }; + DCF783BE1D88B60D00E694BB /* RawSigner.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783371D88B60D00E694BB /* RawSigner.h */; }; + DCF783BF1D88B60D00E694BB /* SignatureContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783381D88B60D00E694BB /* SignatureContext.cpp */; }; + DCF783C01D88B60D00E694BB /* SignatureContext.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783391D88B60D00E694BB /* SignatureContext.h */; }; + DCF783C11D88B60D00E694BB /* wrapKey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7833A1D88B60D00E694BB /* wrapKey.cpp */; }; + DCF783C21D88B60D00E694BB /* wrapKeyCms.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7833B1D88B60D00E694BB /* wrapKeyCms.cpp */; }; + DCF783C31D88B60D00E694BB /* YarrowConnection.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7833C1D88B60D00E694BB /* YarrowConnection.cpp */; }; + DCF783C41D88B60D00E694BB /* YarrowConnection.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7833D1D88B60D00E694BB /* YarrowConnection.h */; }; + DCF783C51D88B60D00E694BB /* algmaker.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7833F1D88B60D00E694BB /* algmaker.cpp */; }; + DCF783C61D88B60D00E694BB /* bsafeAsymmetric.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783401D88B60D00E694BB /* bsafeAsymmetric.cpp */; }; + DCF783C71D88B60D00E694BB /* bsafeContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783411D88B60D00E694BB /* bsafeContext.cpp */; }; + DCF783C81D88B60D00E694BB /* bsafecsp.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783421D88B60D00E694BB /* bsafecsp.h */; }; + DCF783C91D88B60D00E694BB /* bsafecspi.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783431D88B60D00E694BB /* bsafecspi.h */; }; + DCF783CA1D88B60D00E694BB /* bsafeKeyGen.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783441D88B60D00E694BB /* bsafeKeyGen.cpp */; }; + DCF783CB1D88B60D00E694BB /* bsafePKCS1.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783451D88B60D00E694BB /* bsafePKCS1.cpp */; }; + DCF783CC1D88B60D00E694BB /* bsafePKCS1.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783461D88B60D00E694BB /* bsafePKCS1.h */; }; + DCF783CD1D88B60D00E694BB /* bsafeSymmetric.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783471D88B60D00E694BB /* bsafeSymmetric.cpp */; }; + DCF783CE1D88B60D00E694BB /* bsobjects.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783481D88B60D00E694BB /* bsobjects.h */; }; + DCF783CF1D88B60D00E694BB /* memory.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783491D88B60D00E694BB /* memory.cpp */; }; + DCF783D01D88B60D00E694BB /* miscalgorithms.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7834A1D88B60D00E694BB /* miscalgorithms.cpp */; }; + DCF783D11D88B60D00E694BB /* ascContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7834C1D88B60D00E694BB /* ascContext.cpp */; }; + DCF783D21D88B60D00E694BB /* ascContext.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7834D1D88B60D00E694BB /* ascContext.h */; }; + DCF783D31D88B60D00E694BB /* ascFactory.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7834E1D88B60D00E694BB /* ascFactory.h */; }; + DCF783D41D88B60D00E694BB /* cryptkitcsp.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783501D88B60D00E694BB /* cryptkitcsp.cpp */; }; + DCF783D51D88B60D00E694BB /* cryptkitcsp.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783511D88B60D00E694BB /* cryptkitcsp.h */; }; + DCF783D61D88B60D00E694BB /* CryptKitSpace.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783521D88B60D00E694BB /* CryptKitSpace.h */; }; + DCF783D71D88B60D00E694BB /* FEEAsymmetricContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783531D88B60D00E694BB /* FEEAsymmetricContext.cpp */; }; + DCF783D81D88B60D00E694BB /* FEEAsymmetricContext.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783541D88B60D00E694BB /* FEEAsymmetricContext.h */; }; + DCF783D91D88B60D00E694BB /* FEECSPUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783551D88B60D00E694BB /* FEECSPUtils.cpp */; }; + DCF783DA1D88B60D00E694BB /* FEECSPUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783561D88B60D00E694BB /* FEECSPUtils.h */; }; + DCF783DB1D88B60D00E694BB /* FEEKeys.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783571D88B60D00E694BB /* FEEKeys.cpp */; }; + DCF783DC1D88B60D00E694BB /* FEEKeys.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783581D88B60D00E694BB /* FEEKeys.h */; }; + DCF783DD1D88B60D00E694BB /* FEESignatureObject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783591D88B60D00E694BB /* FEESignatureObject.cpp */; }; + DCF783DE1D88B60D00E694BB /* FEESignatureObject.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7835A1D88B60D00E694BB /* FEESignatureObject.h */; }; + DCF783DF1D88B60D00E694BB /* DH_csp.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7835C1D88B60D00E694BB /* DH_csp.cpp */; }; + DCF783E01D88B60D00E694BB /* DH_csp.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7835D1D88B60D00E694BB /* DH_csp.h */; }; + DCF783E11D88B60D00E694BB /* DH_exchange.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7835E1D88B60D00E694BB /* DH_exchange.cpp */; }; + DCF783E21D88B60D00E694BB /* DH_exchange.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7835F1D88B60D00E694BB /* DH_exchange.h */; }; + DCF783E31D88B60D00E694BB /* DH_keys.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783601D88B60D00E694BB /* DH_keys.cpp */; }; + DCF783E41D88B60D00E694BB /* DH_keys.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783611D88B60D00E694BB /* DH_keys.h */; }; + DCF783E51D88B60D00E694BB /* DH_utils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783621D88B60D00E694BB /* DH_utils.cpp */; }; + DCF783E61D88B60D00E694BB /* DH_utils.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783631D88B60D00E694BB /* DH_utils.h */; }; + DCF783E71D88B60D00E694BB /* HMACSHA1.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF783651D88B60D00E694BB /* HMACSHA1.c */; }; + DCF783E81D88B60D00E694BB /* HMACSHA1.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783661D88B60D00E694BB /* HMACSHA1.h */; }; + DCF783E91D88B60D00E694BB /* pbkdDigest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783671D88B60D00E694BB /* pbkdDigest.cpp */; }; + DCF783EA1D88B60D00E694BB /* pbkdDigest.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783681D88B60D00E694BB /* pbkdDigest.h */; }; + DCF783EB1D88B60D00E694BB /* pbkdf2.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF783691D88B60D00E694BB /* pbkdf2.c */; }; + DCF783EC1D88B60D00E694BB /* pbkdf2.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7836A1D88B60D00E694BB /* pbkdf2.h */; }; + DCF783ED1D88B60D00E694BB /* MD2Object.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7836C1D88B60D00E694BB /* MD2Object.cpp */; }; + DCF783EE1D88B60D00E694BB /* MD2Object.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7836D1D88B60D00E694BB /* MD2Object.h */; }; + DCF783EF1D88B60D00E694BB /* SHA1_MD5_Object.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7836E1D88B60D00E694BB /* SHA1_MD5_Object.cpp */; }; + DCF783F01D88B60D00E694BB /* SHA1_MD5_Object.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7836F1D88B60D00E694BB /* SHA1_MD5_Object.h */; }; + DCF783F11D88B60D00E694BB /* SHA2_Object.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783701D88B60D00E694BB /* SHA2_Object.cpp */; }; + DCF783F21D88B60D00E694BB /* SHA2_Object.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783711D88B60D00E694BB /* SHA2_Object.h */; }; + DCF783F31D88B60D00E694BB /* pkcs12Derive.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783731D88B60D00E694BB /* pkcs12Derive.cpp */; }; + DCF783F41D88B60D00E694BB /* pkcs12Derive.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783741D88B60D00E694BB /* pkcs12Derive.h */; }; + DCF783F51D88B60D00E694BB /* pkcs8.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783751D88B60D00E694BB /* pkcs8.cpp */; }; + DCF783F61D88B60D00E694BB /* pkcs8.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783761D88B60D00E694BB /* pkcs8.h */; }; + DCF783F71D88B60D00E694BB /* bfContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783781D88B60D00E694BB /* bfContext.cpp */; }; + DCF783F81D88B60D00E694BB /* bfContext.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783791D88B60D00E694BB /* bfContext.h */; }; + DCF783F91D88B60D00E694BB /* castContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7837A1D88B60D00E694BB /* castContext.cpp */; }; + DCF783FA1D88B60D00E694BB /* castContext.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7837B1D88B60D00E694BB /* castContext.h */; }; + DCF783FB1D88B60D00E694BB /* desContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7837C1D88B60D00E694BB /* desContext.cpp */; }; + DCF783FC1D88B60D00E694BB /* desContext.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7837D1D88B60D00E694BB /* desContext.h */; }; + DCF783FD1D88B60D00E694BB /* NullCryptor.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7837E1D88B60D00E694BB /* NullCryptor.h */; }; + DCF783FE1D88B60D00E694BB /* rc2Context.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7837F1D88B60D00E694BB /* rc2Context.cpp */; }; + DCF783FF1D88B60D00E694BB /* rc2Context.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783801D88B60D00E694BB /* rc2Context.h */; }; + DCF784001D88B60D00E694BB /* rc4Context.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783811D88B60D00E694BB /* rc4Context.cpp */; }; + DCF784011D88B60D00E694BB /* rc4Context.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783821D88B60D00E694BB /* rc4Context.h */; }; + DCF784021D88B60D00E694BB /* rc5Context.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783831D88B60D00E694BB /* rc5Context.cpp */; }; + DCF784031D88B60D00E694BB /* rc5Context.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783841D88B60D00E694BB /* rc5Context.h */; }; + DCF784041D88B60D00E694BB /* miscAlgFactory.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783861D88B60D00E694BB /* miscAlgFactory.cpp */; }; + DCF784051D88B60D00E694BB /* miscAlgFactory.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783871D88B60D00E694BB /* miscAlgFactory.h */; }; + DCF784061D88B60D00E694BB /* RSA_asymmetric.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783891D88B60D00E694BB /* RSA_asymmetric.cpp */; }; + DCF784071D88B60D00E694BB /* RSA_DSA_signature.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7838A1D88B60D00E694BB /* RSA_DSA_signature.cpp */; }; + DCF784081D88B60D00E694BB /* RSA_DSA_signature.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7838B1D88B60D00E694BB /* RSA_DSA_signature.h */; }; + DCF784091D88B60D00E694BB /* RSA_DSA_utils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7838C1D88B60D00E694BB /* RSA_DSA_utils.cpp */; }; + DCF7840A1D88B60D00E694BB /* RSA_DSA_utils.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7838D1D88B60D00E694BB /* RSA_DSA_utils.h */; }; + DCF7840B1D88B60D00E694BB /* RSA_DSA_csp.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7838E1D88B60D00E694BB /* RSA_DSA_csp.cpp */; }; + DCF7840C1D88B60D00E694BB /* RSA_DSA_csp.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7838F1D88B60D00E694BB /* RSA_DSA_csp.h */; }; + DCF7840D1D88B60D00E694BB /* RSA_DSA_keys.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783901D88B60D00E694BB /* RSA_DSA_keys.cpp */; }; + DCF7840E1D88B60D00E694BB /* RSA_DSA_keys.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783911D88B60D00E694BB /* RSA_DSA_keys.h */; }; + DCF7840F1D88B60D00E694BB /* RSA_asymmetric.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783921D88B60D00E694BB /* RSA_asymmetric.h */; }; + DCF784101D88B60D00E694BB /* opensshCoding.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783931D88B60D00E694BB /* opensshCoding.h */; }; + DCF784111D88B60D00E694BB /* opensshCoding.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783941D88B60D00E694BB /* opensshCoding.cpp */; }; + DCF784121D88B60D00E694BB /* opensshWrap.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783951D88B60D00E694BB /* opensshWrap.cpp */; }; + DCF784131D88B60D00E694BB /* opensslAsn1.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783971D88B60D00E694BB /* opensslAsn1.cpp */; }; + DCF784141D88B60D00E694BB /* opensslAsn1.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF783981D88B60D00E694BB /* opensslAsn1.h */; }; + DCF784151D88B60D00E694BB /* opensslUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF783991D88B60D00E694BB /* opensslUtils.cpp */; }; + DCF784161D88B60D00E694BB /* opensslUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7839A1D88B60D00E694BB /* opensslUtils.h */; }; + DCF784921D88B62D00E694BB /* bf_ecb.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7841C1D88B62D00E694BB /* bf_ecb.c */; }; + DCF784931D88B62D00E694BB /* bf_enc.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7841D1D88B62D00E694BB /* bf_enc.c */; }; + DCF784941D88B62D00E694BB /* bf_locl.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7841E1D88B62D00E694BB /* bf_locl.h */; }; + DCF784951D88B62D00E694BB /* bf_pi.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7841F1D88B62D00E694BB /* bf_pi.h */; }; + DCF784961D88B62D00E694BB /* bf_skey.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784201D88B62D00E694BB /* bf_skey.c */; }; + DCF784971D88B62D00E694BB /* bio_lib.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784241D88B62D00E694BB /* bio_lib.c */; }; + DCF784981D88B62D00E694BB /* bss_file.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784251D88B62D00E694BB /* bss_file.c */; }; + DCF784991D88B62D00E694BB /* bn_add.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784271D88B62D00E694BB /* bn_add.c */; }; + DCF7849A1D88B62D00E694BB /* bn_asm.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784281D88B62D00E694BB /* bn_asm.c */; }; + DCF7849B1D88B62D00E694BB /* bn_blind.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784291D88B62D00E694BB /* bn_blind.c */; }; + DCF7849C1D88B62D00E694BB /* bn_ctx.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7842A1D88B62D00E694BB /* bn_ctx.c */; }; + DCF7849D1D88B62D00E694BB /* bn_div.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7842B1D88B62D00E694BB /* bn_div.c */; }; + DCF7849E1D88B62D00E694BB /* bn_err.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7842C1D88B62D00E694BB /* bn_err.c */; }; + DCF7849F1D88B62D00E694BB /* bn_exp.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7842D1D88B62D00E694BB /* bn_exp.c */; }; + DCF784A01D88B62D00E694BB /* bn_exp2.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7842E1D88B62D00E694BB /* bn_exp2.c */; }; + DCF784A11D88B62D00E694BB /* bn_gcd.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7842F1D88B62D00E694BB /* bn_gcd.c */; }; + DCF784A21D88B62D00E694BB /* bn_lcl.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF784301D88B62D00E694BB /* bn_lcl.h */; }; + DCF784A31D88B62D00E694BB /* bn_lib.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784311D88B62D00E694BB /* bn_lib.c */; }; + DCF784A41D88B62D00E694BB /* bn_mont.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784321D88B62D00E694BB /* bn_mont.c */; }; + DCF784A51D88B62D00E694BB /* bn_mpi.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784331D88B62D00E694BB /* bn_mpi.c */; }; + DCF784A61D88B62D00E694BB /* bn_mul.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784341D88B62D00E694BB /* bn_mul.c */; }; + DCF784A71D88B62D00E694BB /* bn_prime.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784351D88B62D00E694BB /* bn_prime.c */; }; + DCF784A81D88B62D00E694BB /* bn_prime.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF784361D88B62D00E694BB /* bn_prime.h */; }; + DCF784A91D88B62D00E694BB /* bn_print.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784371D88B62D00E694BB /* bn_print.c */; }; + DCF784AA1D88B62D00E694BB /* bn_rand.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784381D88B62D00E694BB /* bn_rand.c */; }; + DCF784AB1D88B62D00E694BB /* bn_recp.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784391D88B62D00E694BB /* bn_recp.c */; }; + DCF784AC1D88B62D00E694BB /* bn_shift.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7843A1D88B62D00E694BB /* bn_shift.c */; }; + DCF784AD1D88B62D00E694BB /* bn_sqr.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7843B1D88B62D00E694BB /* bn_sqr.c */; }; + DCF784AE1D88B62D00E694BB /* bn_word.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7843C1D88B62D00E694BB /* bn_word.c */; }; + DCF784B61D88B62D00E694BB /* buf_err.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784451D88B62D00E694BB /* buf_err.c */; }; + DCF784B71D88B62D00E694BB /* buffer.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784461D88B62D00E694BB /* buffer.c */; }; + DCF784B81D88B62D00E694BB /* cryptlib.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784481D88B62D00E694BB /* cryptlib.c */; }; + DCF784B91D88B62E00E694BB /* cryptlib.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF784491D88B62D00E694BB /* cryptlib.h */; }; + DCF784BA1D88B62E00E694BB /* dh_check.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7844A1D88B62D00E694BB /* dh_check.c */; }; + DCF784BB1D88B62E00E694BB /* dh_err.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7844B1D88B62D00E694BB /* dh_err.c */; }; + DCF784BC1D88B62E00E694BB /* dh_gen.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7844C1D88B62D00E694BB /* dh_gen.c */; }; + DCF784BD1D88B62E00E694BB /* dh_key.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7844D1D88B62D00E694BB /* dh_key.c */; }; + DCF784BE1D88B62E00E694BB /* dh_lib.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7844E1D88B62D00E694BB /* dh_lib.c */; }; + DCF784BF1D88B62E00E694BB /* dsa_asn1.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784501D88B62D00E694BB /* dsa_asn1.c */; }; + DCF784C01D88B62E00E694BB /* dsa_err.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784511D88B62D00E694BB /* dsa_err.c */; }; + DCF784C11D88B62E00E694BB /* dsa_gen.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784521D88B62D00E694BB /* dsa_gen.c */; }; + DCF784C21D88B62E00E694BB /* dsa_key.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784531D88B62D00E694BB /* dsa_key.c */; }; + DCF784C31D88B62E00E694BB /* dsa_lib.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784541D88B62D00E694BB /* dsa_lib.c */; }; + DCF784C41D88B62E00E694BB /* dsa_ossl.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784551D88B62D00E694BB /* dsa_ossl.c */; }; + DCF784C51D88B62E00E694BB /* dsa_sign.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784561D88B62D00E694BB /* dsa_sign.c */; }; + DCF784C61D88B62E00E694BB /* dsa_vrf.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784571D88B62D00E694BB /* dsa_vrf.c */; }; + DCF784C71D88B62E00E694BB /* err.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784591D88B62D00E694BB /* err.c */; }; + DCF784C81D88B62E00E694BB /* err_prn.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7845A1D88B62D00E694BB /* err_prn.c */; }; + DCF784C91D88B62E00E694BB /* ex_data.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7845C1D88B62D00E694BB /* ex_data.c */; }; + DCF784CA1D88B62E00E694BB /* lhash.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7845D1D88B62D00E694BB /* lhash.c */; }; + DCF784CB1D88B62E00E694BB /* mem.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784601D88B62D00E694BB /* mem.c */; }; + DCF784CC1D88B62E00E694BB /* rc2_cbc.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784611D88B62D00E694BB /* rc2_cbc.c */; }; + DCF784CD1D88B62E00E694BB /* rc2_locl.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF784621D88B62D00E694BB /* rc2_locl.h */; }; + DCF784CE1D88B62E00E694BB /* rc2_skey.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784631D88B62D00E694BB /* rc2_skey.c */; }; + DCF784CF1D88B62E00E694BB /* rc5_enc.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784641D88B62D00E694BB /* rc5_enc.c */; }; + DCF784D01D88B62E00E694BB /* rc5_locl.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF784651D88B62D00E694BB /* rc5_locl.h */; }; + DCF784D11D88B62E00E694BB /* rc5_skey.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784661D88B62D00E694BB /* rc5_skey.c */; }; + DCF784D21D88B62E00E694BB /* asn1_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF784681D88B62D00E694BB /* asn1_legacy.h */; }; + DCF784D31D88B62E00E694BB /* bio_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF784691D88B62D00E694BB /* bio_legacy.h */; }; + DCF784D41D88B62E00E694BB /* blowfish_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7846A1D88B62D00E694BB /* blowfish_legacy.h */; }; + DCF784D51D88B62E00E694BB /* bn_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7846B1D88B62D00E694BB /* bn_legacy.h */; }; + DCF784D61D88B62E00E694BB /* buffer_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7846C1D88B62D00E694BB /* buffer_legacy.h */; }; + DCF784D71D88B62E00E694BB /* cast_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7846D1D88B62D00E694BB /* cast_legacy.h */; }; + DCF784D81D88B62E00E694BB /* crypto_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7846E1D88B62D00E694BB /* crypto_legacy.h */; }; + DCF784D91D88B62E00E694BB /* dh_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7846F1D88B62D00E694BB /* dh_legacy.h */; }; + DCF784DA1D88B62E00E694BB /* dsa_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF784701D88B62D00E694BB /* dsa_legacy.h */; }; + DCF784DB1D88B62E00E694BB /* e_os.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF784711D88B62D00E694BB /* e_os.h */; }; + DCF784DC1D88B62E00E694BB /* e_os2_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF784721D88B62D00E694BB /* e_os2_legacy.h */; }; + DCF784DD1D88B62E00E694BB /* opensslerr.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF784731D88B62D00E694BB /* opensslerr.h */; }; + DCF784DE1D88B62E00E694BB /* evp_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF784741D88B62D00E694BB /* evp_legacy.h */; }; + DCF784DF1D88B62E00E694BB /* lhash_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF784751D88B62D00E694BB /* lhash_legacy.h */; }; + DCF784E01D88B62E00E694BB /* objects_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF784761D88B62D00E694BB /* objects_legacy.h */; }; + DCF784E11D88B62E00E694BB /* openssl_pkcs7_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF784771D88B62D00E694BB /* openssl_pkcs7_legacy.h */; }; + DCF784E21D88B62E00E694BB /* opensslconf_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF784781D88B62D00E694BB /* opensslconf_legacy.h */; }; + DCF784E31D88B62E00E694BB /* opensslv_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF784791D88B62D00E694BB /* opensslv_legacy.h */; }; + DCF784E41D88B62E00E694BB /* rand.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7847A1D88B62D00E694BB /* rand.h */; }; + DCF784E51D88B62E00E694BB /* rc2_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7847B1D88B62D00E694BB /* rc2_legacy.h */; }; + DCF784E61D88B62E00E694BB /* rc5_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7847C1D88B62D00E694BB /* rc5_legacy.h */; }; + DCF784E71D88B62E00E694BB /* rsa_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7847D1D88B62D00E694BB /* rsa_legacy.h */; }; + DCF784E81D88B62E00E694BB /* safestack_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7847E1D88B62D00E694BB /* safestack_legacy.h */; }; + DCF784E91D88B62E00E694BB /* stack_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7847F1D88B62D00E694BB /* stack_legacy.h */; }; + DCF784EA1D88B62E00E694BB /* x509_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF784801D88B62D00E694BB /* x509_legacy.h */; }; + DCF784EB1D88B62E00E694BB /* x509_vfy_legacy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF784811D88B62D00E694BB /* x509_vfy_legacy.h */; }; + DCF784EC1D88B62E00E694BB /* rsa_chk.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784831D88B62D00E694BB /* rsa_chk.c */; }; + DCF784ED1D88B62E00E694BB /* rsa_eay.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784841D88B62D00E694BB /* rsa_eay.c */; }; + DCF784EE1D88B62E00E694BB /* rsa_err.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784851D88B62D00E694BB /* rsa_err.c */; }; + DCF784EF1D88B62E00E694BB /* rsa_gen.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784861D88B62D00E694BB /* rsa_gen.c */; }; + DCF784F01D88B62E00E694BB /* rsa_lib.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784871D88B62D00E694BB /* rsa_lib.c */; }; + DCF784F11D88B62E00E694BB /* rsa_none.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784881D88B62D00E694BB /* rsa_none.c */; }; + DCF784F21D88B62E00E694BB /* rsa_null.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF784891D88B62D00E694BB /* rsa_null.c */; }; + DCF784F31D88B62E00E694BB /* rsa_pk1.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7848A1D88B62D00E694BB /* rsa_pk1.c */; }; + DCF784F41D88B62E00E694BB /* rsa_saos.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7848B1D88B62D00E694BB /* rsa_saos.c */; }; + DCF784F51D88B62E00E694BB /* rsa_sign.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7848C1D88B62D00E694BB /* rsa_sign.c */; }; + DCF784F61D88B62E00E694BB /* rsa_ssl.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7848D1D88B62D00E694BB /* rsa_ssl.c */; }; + DCF784F71D88B62E00E694BB /* stack.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF7848F1D88B62D00E694BB /* stack.c */; }; + DCF7871A1D88BA0100E694BB /* CSPDLDatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF787061D88BA0100E694BB /* CSPDLDatabase.cpp */; }; + DCF7871B1D88BA0100E694BB /* CSPDLDatabase.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF787071D88BA0100E694BB /* CSPDLDatabase.h */; }; + DCF7871C1D88BA0100E694BB /* CSPDLPlugin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF787081D88BA0100E694BB /* CSPDLPlugin.cpp */; }; + DCF7871D1D88BA0100E694BB /* CSPDLPlugin.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF787091D88BA0100E694BB /* CSPDLPlugin.h */; }; + DCF7871E1D88BA0100E694BB /* SSContext.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7870A1D88BA0100E694BB /* SSContext.cpp */; }; + DCF7871F1D88BA0100E694BB /* SSContext.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7870B1D88BA0100E694BB /* SSContext.h */; }; + DCF787201D88BA0100E694BB /* SSCSPDLSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7870C1D88BA0100E694BB /* SSCSPDLSession.cpp */; }; + DCF787211D88BA0100E694BB /* SSCSPDLSession.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7870D1D88BA0100E694BB /* SSCSPDLSession.h */; }; + DCF787221D88BA0100E694BB /* SSCSPSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7870E1D88BA0100E694BB /* SSCSPSession.cpp */; }; + DCF787231D88BA0100E694BB /* SSCSPSession.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7870F1D88BA0100E694BB /* SSCSPSession.h */; }; + DCF787241D88BA0100E694BB /* SSDatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF787101D88BA0100E694BB /* SSDatabase.cpp */; }; + DCF787251D88BA0100E694BB /* SSDatabase.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF787111D88BA0100E694BB /* SSDatabase.h */; }; + DCF787261D88BA0100E694BB /* SSDLSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF787121D88BA0100E694BB /* SSDLSession.cpp */; }; + DCF787271D88BA0100E694BB /* SSDLSession.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF787131D88BA0100E694BB /* SSDLSession.h */; }; + DCF787281D88BA0100E694BB /* SSFactory.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF787141D88BA0100E694BB /* SSFactory.cpp */; }; + DCF787291D88BA0100E694BB /* SSFactory.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF787151D88BA0100E694BB /* SSFactory.h */; }; + DCF7872A1D88BA0100E694BB /* SSKey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF787161D88BA0100E694BB /* SSKey.cpp */; }; + DCF7872B1D88BA0100E694BB /* SSKey.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF787171D88BA0100E694BB /* SSKey.h */; }; + DCF787301D88C18A00E694BB /* AppleCSPDLBuiltin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7872F1D88C18A00E694BB /* AppleCSPDLBuiltin.cpp */; }; + DCF788411D88C8DE00E694BB /* AppleFileDL.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7883D1D88C8DE00E694BB /* AppleFileDL.cpp */; }; + DCF788421D88C8DE00E694BB /* AppleFileDL.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7883E1D88C8DE00E694BB /* AppleFileDL.h */; }; + DCF788441D88C8FF00E694BB /* AppleDLBuiltin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788431D88C8FF00E694BB /* AppleDLBuiltin.cpp */; }; + DCF788751D88CABC00E694BB /* AppleX509CL.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788501D88CABC00E694BB /* AppleX509CL.cpp */; }; + DCF788761D88CABC00E694BB /* AppleX509CL.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788511D88CABC00E694BB /* AppleX509CL.h */; }; + DCF788771D88CABC00E694BB /* AppleX509CLBuiltin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788521D88CABC00E694BB /* AppleX509CLBuiltin.cpp */; }; + DCF788781D88CABC00E694BB /* AppleX509CLPlugin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788531D88CABC00E694BB /* AppleX509CLPlugin.cpp */; }; + DCF788791D88CABC00E694BB /* AppleX509CLSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788541D88CABC00E694BB /* AppleX509CLSession.cpp */; }; + DCF7887A1D88CABC00E694BB /* AppleX509CLSession.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788551D88CABC00E694BB /* AppleX509CLSession.h */; }; + DCF7887B1D88CABC00E694BB /* CertFields.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788561D88CABC00E694BB /* CertFields.cpp */; }; + DCF7887C1D88CABC00E694BB /* CLCachedEntry.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788571D88CABC00E694BB /* CLCachedEntry.cpp */; }; + DCF7887D1D88CABC00E694BB /* CLCachedEntry.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788581D88CABC00E694BB /* CLCachedEntry.h */; }; + DCF7887E1D88CABC00E694BB /* CLCertExtensions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788591D88CABC00E694BB /* CLCertExtensions.cpp */; }; + DCF7887F1D88CABC00E694BB /* CLCertExtensions.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7885A1D88CABC00E694BB /* CLCertExtensions.h */; }; + DCF788801D88CABC00E694BB /* CLCrlExtensions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7885B1D88CABC00E694BB /* CLCrlExtensions.cpp */; }; + DCF788811D88CABC00E694BB /* CLCrlExtensions.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7885C1D88CABC00E694BB /* CLCrlExtensions.h */; }; + DCF788821D88CABC00E694BB /* cldebugging.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7885D1D88CABC00E694BB /* cldebugging.h */; }; + DCF788831D88CABC00E694BB /* CLFieldsCommon.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7885E1D88CABC00E694BB /* CLFieldsCommon.cpp */; }; + DCF788841D88CABC00E694BB /* CLFieldsCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7885F1D88CABC00E694BB /* CLFieldsCommon.h */; }; + DCF788851D88CABC00E694BB /* clNameUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788601D88CABC00E694BB /* clNameUtils.cpp */; }; + DCF788861D88CABC00E694BB /* clNameUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788611D88CABC00E694BB /* clNameUtils.h */; }; + DCF788871D88CABC00E694BB /* clNssUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788621D88CABC00E694BB /* clNssUtils.cpp */; }; + DCF788881D88CABC00E694BB /* clNssUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788631D88CABC00E694BB /* clNssUtils.h */; }; + DCF788891D88CABC00E694BB /* CrlFields.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788641D88CABC00E694BB /* CrlFields.cpp */; }; + DCF7888A1D88CABC00E694BB /* CSPAttacher.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788651D88CABC00E694BB /* CSPAttacher.cpp */; }; + DCF7888B1D88CABC00E694BB /* CSPAttacher.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788661D88CABC00E694BB /* CSPAttacher.h */; }; + DCF7888C1D88CABC00E694BB /* DecodedCert.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788671D88CABC00E694BB /* DecodedCert.cpp */; }; + DCF7888D1D88CABC00E694BB /* DecodedCert.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788681D88CABC00E694BB /* DecodedCert.h */; }; + DCF7888E1D88CABC00E694BB /* DecodedCrl.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788691D88CABC00E694BB /* DecodedCrl.cpp */; }; + DCF7888F1D88CABC00E694BB /* DecodedCrl.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7886A1D88CABC00E694BB /* DecodedCrl.h */; }; + DCF788901D88CABC00E694BB /* DecodedExtensions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7886B1D88CABC00E694BB /* DecodedExtensions.cpp */; }; + DCF788911D88CABC00E694BB /* DecodedExtensions.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7886C1D88CABC00E694BB /* DecodedExtensions.h */; }; + DCF788921D88CABC00E694BB /* DecodedItem.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF7886D1D88CABC00E694BB /* DecodedItem.cpp */; }; + DCF788931D88CABC00E694BB /* DecodedItem.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7886E1D88CABC00E694BB /* DecodedItem.h */; }; + DCF788941D88CABC00E694BB /* LockedMap.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF7886F1D88CABC00E694BB /* LockedMap.h */; }; + DCF788951D88CABC00E694BB /* Session_Cert.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788701D88CABC00E694BB /* Session_Cert.cpp */; }; + DCF788961D88CABC00E694BB /* Session_CRL.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788711D88CABC00E694BB /* Session_CRL.cpp */; }; + DCF788971D88CABC00E694BB /* Session_Crypto.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788721D88CABC00E694BB /* Session_Crypto.cpp */; }; + DCF788981D88CABC00E694BB /* Session_CSR.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788731D88CABC00E694BB /* Session_CSR.cpp */; }; + DCF788A51D88CB6800E694BB /* AppleX509CLPlugin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788531D88CABC00E694BB /* AppleX509CLPlugin.cpp */; }; + DCF788A61D88CB7000E694BB /* cl_common.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = DC178A191D77A1E700B50D50 /* cl_common.mdsinfo */; }; + DCF788A71D88CB7400E694BB /* cl_primary.mdsinfo in Resources */ = {isa = PBXBuildFile; fileRef = DC178A1A1D77A1E700B50D50 /* cl_primary.mdsinfo */; }; + DCF789211D88CD6700E694BB /* AppleTP.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788D71D88CD4200E694BB /* AppleTP.cpp */; }; + DCF789221D88CD6700E694BB /* AppleTP.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788D81D88CD4200E694BB /* AppleTP.h */; }; + DCF789231D88CD6700E694BB /* AppleTPSession.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788D91D88CD4200E694BB /* AppleTPSession.cpp */; }; + DCF789241D88CD6700E694BB /* AppleTPSession.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788DA1D88CD4200E694BB /* AppleTPSession.h */; }; + DCF789261D88CD6700E694BB /* certGroupUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788DC1D88CD4200E694BB /* certGroupUtils.cpp */; }; + DCF789271D88CD6700E694BB /* certGroupUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788DD1D88CD4200E694BB /* certGroupUtils.h */; }; + DCF789281D88CD6700E694BB /* cuEnc64.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF788DE1D88CD4200E694BB /* cuEnc64.c */; }; + DCF789291D88CD6700E694BB /* cuEnc64.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788DF1D88CD4200E694BB /* cuEnc64.h */; }; + DCF7892A1D88CD6700E694BB /* tpCertGroup.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788E01D88CD4200E694BB /* tpCertGroup.cpp */; }; + DCF7892B1D88CD6700E694BB /* TPCertInfo.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788E11D88CD4200E694BB /* TPCertInfo.cpp */; }; + DCF7892E1D88CD6700E694BB /* TPCertInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788E41D88CD4200E694BB /* TPCertInfo.h */; }; + DCF7892F1D88CD6700E694BB /* tpCredRequest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788E51D88CD4200E694BB /* tpCredRequest.cpp */; }; + DCF789301D88CD6700E694BB /* TPCrlInfo.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788E61D88CD4200E694BB /* TPCrlInfo.cpp */; }; + DCF789311D88CD6700E694BB /* TPCrlInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788E71D88CD4200E694BB /* TPCrlInfo.h */; }; + DCF789321D88CD6700E694BB /* tpCrlVerify.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788E81D88CD4200E694BB /* tpCrlVerify.cpp */; }; + DCF789331D88CD6700E694BB /* tpCrlVerify.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788E91D88CD4200E694BB /* tpCrlVerify.h */; }; + DCF789341D88CD6700E694BB /* TPDatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788EA1D88CD4200E694BB /* TPDatabase.cpp */; }; + DCF789351D88CD6700E694BB /* TPDatabase.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788EB1D88CD4200E694BB /* TPDatabase.h */; }; + DCF789361D88CD6700E694BB /* tpdebugging.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788EC1D88CD4200E694BB /* tpdebugging.h */; }; + DCF789371D88CD6700E694BB /* TPNetwork.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788ED1D88CD4200E694BB /* TPNetwork.cpp */; }; + DCF789381D88CD6700E694BB /* TPNetwork.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788EE1D88CD4200E694BB /* TPNetwork.h */; }; + DCF789391D88CD6700E694BB /* ocspRequest.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788EF1D88CD4200E694BB /* ocspRequest.cpp */; }; + DCF7893A1D88CD6700E694BB /* ocspRequest.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788F01D88CD4200E694BB /* ocspRequest.h */; }; + DCF7893B1D88CD6700E694BB /* tpOcspCache.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788F11D88CD4200E694BB /* tpOcspCache.cpp */; }; + DCF7893C1D88CD6700E694BB /* tpOcspCache.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788F21D88CD4200E694BB /* tpOcspCache.h */; }; + DCF7893D1D88CD6700E694BB /* tpOcspCertVfy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788F31D88CD4200E694BB /* tpOcspCertVfy.cpp */; }; + DCF7893E1D88CD6700E694BB /* tpOcspCertVfy.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788F41D88CD4200E694BB /* tpOcspCertVfy.h */; }; + DCF7893F1D88CD6700E694BB /* tpOcspVerify.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788F51D88CD4200E694BB /* tpOcspVerify.cpp */; }; + DCF789401D88CD6700E694BB /* tpOcspVerify.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788F61D88CD4200E694BB /* tpOcspVerify.h */; }; + DCF789411D88CD6700E694BB /* tpPolicies.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF788F71D88CD4200E694BB /* tpPolicies.cpp */; }; + DCF789421D88CD6700E694BB /* tpPolicies.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788F81D88CD4200E694BB /* tpPolicies.h */; }; + DCF789431D88CD6700E694BB /* tpTime.c in Sources */ = {isa = PBXBuildFile; fileRef = DCF788F91D88CD4200E694BB /* tpTime.c */; }; + DCF789441D88CD6700E694BB /* tpTime.h in Headers */ = {isa = PBXBuildFile; fileRef = DCF788FA1D88CD4200E694BB /* tpTime.h */; }; + DCF789481D88D17C00E694BB /* AppleX509TPBuiltin.cpp in Sources */ = {isa = PBXBuildFile; fileRef = DCF789471D88D17C00E694BB /* AppleX509TPBuiltin.cpp */; }; + DCFAEDCF1D999859005187E4 /* SOSAccountGhost.c in Sources */ = {isa = PBXBuildFile; fileRef = DCFAEDC81D999851005187E4 /* SOSAccountGhost.c */; }; + DCFAEDD01D999863005187E4 /* SOSAccountGhost.h in Headers */ = {isa = PBXBuildFile; fileRef = DCFAEDC91D999851005187E4 /* SOSAccountGhost.h */; }; + DCFAEDD21D99991F005187E4 /* secd-668-ghosts.c in Sources */ = {isa = PBXBuildFile; fileRef = DCFAEDD11D9998DD005187E4 /* secd-668-ghosts.c */; }; + DCFAEDD61D99A47A005187E4 /* secd-36-ks-encrypt.m in Sources */ = {isa = PBXBuildFile; fileRef = DCFAEDD51D99A464005187E4 /* secd-36-ks-encrypt.m */; }; + DCFAEDD71D99A4AB005187E4 /* secd-154-engine-backoff.c in Sources */ = {isa = PBXBuildFile; fileRef = DCC78C771D8085D800865A7C /* secd-154-engine-backoff.c */; }; E7104A0C169E171900DB0045 /* security_tool_commands.c in Sources */ = {isa = PBXBuildFile; fileRef = E7104A0B169E171900DB0045 /* security_tool_commands.c */; }; - E7104A24169E222F00DB0045 /* libSecurityCommands.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E7104A23169E21C000DB0045 /* libSecurityCommands.a */; }; E71454EF1C741E0800B5B20B /* KCError.h in Headers */ = {isa = PBXBuildFile; fileRef = E71454ED1C741E0800B5B20B /* KCError.h */; settings = {ATTRIBUTES = (Private, ); }; }; E71454F01C741E0800B5B20B /* KCError.m in Sources */ = {isa = PBXBuildFile; fileRef = E71454EE1C741E0800B5B20B /* KCError.m */; }; E71454F11C741E1500B5B20B /* KCDer.h in Headers */ = {isa = PBXBuildFile; fileRef = E71454C71C741DCD00B5B20B /* KCDer.h */; settings = {ATTRIBUTES = (Private, ); }; }; @@ -825,23 +3881,16 @@ E71F3E4216EA6A6300FAF9B4 /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E71F3E3016EA69A900FAF9B4 /* SystemConfiguration.framework */; }; E722E9121CE92DFC005AD94B /* CKDKVSStore.m in Sources */ = {isa = PBXBuildFile; fileRef = E722E9111CE92DFC005AD94B /* CKDKVSStore.m */; }; E72D462B175FBF3E00F70B9B /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CBCE5A90BE7F69100FF81F5 /* IOKit.framework */; }; - E73289281AED735A008CE839 /* SOSCloudCircle.h in Copy SecureObjectSync Headers */ = {isa = PBXBuildFile; fileRef = E7450BAC16D42B17009C07B8 /* SOSCloudCircle.h */; }; - E73289291AED7360008CE839 /* SOSPeerInfo.h in Copy SecureObjectSync Headers */ = {isa = PBXBuildFile; fileRef = E7450BAD16D42B17009C07B8 /* SOSPeerInfo.h */; }; - E732892B1AED7551008CE839 /* SOSCloudCircle.h in Headers */ = {isa = PBXBuildFile; fileRef = E732892A1AED7551008CE839 /* SOSCloudCircle.h */; settings = {ATTRIBUTES = (Private, ); }; }; - E732892D1AED764A008CE839 /* SOSPeerInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = E732892C1AED7631008CE839 /* SOSPeerInfo.h */; settings = {ATTRIBUTES = (Private, ); }; }; + E73A7E8B1DC81DF700A5B2D1 /* secd-210-keyinterest.m in Sources */ = {isa = PBXBuildFile; fileRef = E7FE40BD1DC803FD00F0F5B6 /* secd-210-keyinterest.m */; }; + E73A7E8F1DC81E0300A5B2D1 /* CKDSimulatedStore.m in Sources */ = {isa = PBXBuildFile; fileRef = E7FE40C41DC804E400F0F5B6 /* CKDSimulatedStore.m */; }; + E73A7E911DC81E0300A5B2D1 /* CKDSimulatedAccount.m in Sources */ = {isa = PBXBuildFile; fileRef = E7FE40C81DC8084600F0F5B6 /* CKDSimulatedAccount.m */; }; + E73A7E921DC81E0F00A5B2D1 /* CKDKVSProxy.m in Sources */ = {isa = PBXBuildFile; fileRef = E7A5F4C71C0CFF3200F3BEBB /* CKDKVSProxy.m */; }; E745836E1BF3CA13001B54A4 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; - E75112EB166EFBF0008C578B /* PeerListCell.m in Sources */ = {isa = PBXBuildFile; fileRef = E75112EA166EFBF0008C578B /* PeerListCell.m */; }; - E75112FA166F020E008C578B /* PeerListCell.m in Sources */ = {isa = PBXBuildFile; fileRef = E75112EA166EFBF0008C578B /* PeerListCell.m */; }; - E7531F7B1D0887E300DAB140 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; E75C0E821C6FC31D00E6953B /* KCSRPContext.h in Headers */ = {isa = PBXBuildFile; fileRef = E75C0E801C6FC31D00E6953B /* KCSRPContext.h */; settings = {ATTRIBUTES = (Public, ); }; }; E75C0E831C6FC31D00E6953B /* KCSRPContext.m in Sources */ = {isa = PBXBuildFile; fileRef = E75C0E811C6FC31D00E6953B /* KCSRPContext.m */; }; E75C0E851C71329900E6953B /* KeychainCircle.h in Headers */ = {isa = PBXBuildFile; fileRef = E75C0E841C71325000E6953B /* KeychainCircle.h */; settings = {ATTRIBUTES = (Public, ); }; }; - E75C27721C98D41400F7E12A /* libDER.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C8786AD0B03E05E00BB77D4 /* libDER.a */; }; - E75C27731C98D41C00F7E12A /* libASN1.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 795CA9860D38269B00BAE6A2 /* libASN1.a */; }; - E75C27741C98D42A00F7E12A /* libDER.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C8786AD0B03E05E00BB77D4 /* libDER.a */; }; - E75C27751C98D43700F7E12A /* libASN1.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 795CA9860D38269B00BAE6A2 /* libASN1.a */; }; - E76079DC1951FDBF00F69731 /* liblogging.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E76079DB1951FDBF00F69731 /* liblogging.a */; }; E7650E6F1C7699DA00378669 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 52D82BD316A5EADA0078DFE5 /* Security.framework */; }; + E76638A81DD679BC00B769D3 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC0BCC361D8C684F00070CB0 /* libutilities.a */; }; E7676DB619411DF300498DD4 /* SecServerEncryptionSupport.h in Headers */ = {isa = PBXBuildFile; fileRef = E7676DB519411DF300498DD4 /* SecServerEncryptionSupport.h */; settings = {ATTRIBUTES = (Private, ); }; }; E772FD471CC15EFA00D63E41 /* NSData+SecRandom.m in Sources */ = {isa = PBXBuildFile; fileRef = E772FD461CC15EFA00D63E41 /* NSData+SecRandom.m */; }; E772FD701CC15F1F00D63E41 /* NSData+SecRandom.h in Headers */ = {isa = PBXBuildFile; fileRef = E772FD6F1CC15F1F00D63E41 /* NSData+SecRandom.h */; }; @@ -852,53 +3901,23 @@ E7A011AE14E1B78800765C29 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; E7A011AF14E1B78C00765C29 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; E7A5F4D21C0CFF7900F3BEBB /* CKDKVSProxy.m in Sources */ = {isa = PBXBuildFile; fileRef = E7A5F4C71C0CFF3200F3BEBB /* CKDKVSProxy.m */; }; - E7A5F4D41C0CFF7900F3BEBB /* CKDPersistentState.m in Sources */ = {isa = PBXBuildFile; fileRef = E7A5F4CA1C0CFF3200F3BEBB /* CKDPersistentState.m */; }; E7A5F4D51C0CFF7900F3BEBB /* cloudkeychainproxy.m in Sources */ = {isa = PBXBuildFile; fileRef = E7A5F4CE1C0CFF3300F3BEBB /* cloudkeychainproxy.m */; }; E7A5F4D81C0D01B000F3BEBB /* SOSCloudKeychainConstants.c in Sources */ = {isa = PBXBuildFile; fileRef = E7A5F4D71C0D01B000F3BEBB /* SOSCloudKeychainConstants.c */; }; - E7A5F5531C0D03B400F3BEBB /* IDSPersistentState.m in Sources */ = {isa = PBXBuildFile; fileRef = E7A5F5511C0D03B400F3BEBB /* IDSPersistentState.m */; }; - E7A5F5541C0D03B400F3BEBB /* IDSProxy.m in Sources */ = {isa = PBXBuildFile; fileRef = E7A5F5521C0D03B400F3BEBB /* IDSProxy.m */; }; - E7A5F5581C0D03DB00F3BEBB /* idskeychainsyncingproxy.m in Sources */ = {isa = PBXBuildFile; fileRef = E7A5F5551C0D03DB00F3BEBB /* idskeychainsyncingproxy.m */; }; E7A5F5591C0D052600F3BEBB /* SOSCloudKeychainConstants.c in Sources */ = {isa = PBXBuildFile; fileRef = E7A5F4D71C0D01B000F3BEBB /* SOSCloudKeychainConstants.c */; }; E7B00700170B581D00B27966 /* Security.exp-in in Sources */ = {isa = PBXBuildFile; fileRef = 4CB7405F0A47498100D641BB /* Security.exp-in */; }; - E7B01B7716572123000485F1 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C60888B155C943D00A0904F /* libSecureObjectSync.a */; }; - E7B01BC3166594AB000485F1 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = 52DE81741636347500F49F0C /* main.m */; }; - E7B01BC4166594AB000485F1 /* AppDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = 52DE81781636347600F49F0C /* AppDelegate.m */; }; - E7B01BC5166594AB000485F1 /* FirstViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 52DE81871636347600F49F0C /* FirstViewController.m */; }; - E7B01BC6166594AB000485F1 /* ToolsViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 52DE818E1636347600F49F0C /* ToolsViewController.m */; }; - E7B01BC8166594AB000485F1 /* KCATableViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 52DE819B163636B900F49F0C /* KCATableViewController.m */; }; - E7B01BC9166594AB000485F1 /* KeychainItemCell.m in Sources */ = {isa = PBXBuildFile; fileRef = 52DE819E16363C1A00F49F0C /* KeychainItemCell.m */; }; - E7B01BCA166594AB000485F1 /* MyKeychain.m in Sources */ = {isa = PBXBuildFile; fileRef = 5264FB4D163674B50005D258 /* MyKeychain.m */; }; - E7B01BCB166594AB000485F1 /* KCAItemDetailViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 52CD69FA16384C2000961848 /* KCAItemDetailViewController.m */; }; - E7B01BCC166594AB000485F1 /* NewPasswordViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 52704B801638F610007FEBB0 /* NewPasswordViewController.m */; }; - E7B01BCD166594AB000485F1 /* EditItemViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 52704B83163905EE007FEBB0 /* EditItemViewController.m */; }; - E7B01BCE166594AB000485F1 /* DeviceViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 52F63A1F1659F04E0076D2DE /* DeviceViewController.m */; }; - E7B01BCF166594AB000485F1 /* DeviceTableViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 529990531661BA2600C297A2 /* DeviceTableViewController.m */; }; - E7B01BD0166594AB000485F1 /* DeviceItemCell.m in Sources */ = {isa = PBXBuildFile; fileRef = 529990561661BADF00C297A2 /* DeviceItemCell.m */; }; E7B01BD2166594AB000485F1 /* CFNetwork.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CF730310EF9CDE300E17471 /* CFNetwork.framework */; }; E7B01BD3166594AB000485F1 /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CBCE5A90BE7F69100FF81F5 /* IOKit.framework */; }; E7B01BD4166594AB000485F1 /* libsqlite3.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CB740680A4749C800D641BB /* libsqlite3.dylib */; }; E7B01BD6166594AB000485F1 /* libMobileGestalt.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = E7D690911652E06A0079537A /* libMobileGestalt.dylib */; }; - E7B01BD7166594AB000485F1 /* libsecurityd.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18F7F66514D77DF700F88A12 /* libsecurityd.a */; }; - E7B01BD9166594AB000485F1 /* libSOSRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C60888D155C943D00A0904F /* libSOSRegressions.a */; }; - E7B01BDA166594AB000485F1 /* libutilitiesRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E7E0D8FE158FAB3B002CA176 /* libutilitiesRegressions.a */; }; - E7B01BDB166594AB000485F1 /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C60888B155C943D00A0904F /* libSecureObjectSync.a */; }; - E7B01BDC166594AB000485F1 /* libregressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E710C708133192EA00F85568 /* libregressions.a */; }; - E7B01BDD166594AB000485F1 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; E7B01BDE166594AB000485F1 /* UIKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE411314471B000DE34E /* UIKit.framework */; }; E7B01BDF166594AB000485F1 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; E7B01BE0166594AB000485F1 /* CoreGraphics.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE451314471B000DE34E /* CoreGraphics.framework */; }; - E7B01BE1166594AB000485F1 /* QuartzCore.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 520C98E7162485CA00A7C80B /* QuartzCore.framework */; }; - E7B01BE2166594AB000485F1 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 52B35B051623753000B97D06 /* Security.framework */; }; - E7B01BE4166594AB000485F1 /* Default.png in Resources */ = {isa = PBXBuildFile; fileRef = 52DE817A1636347600F49F0C /* Default.png */; }; - E7B01BE5166594AB000485F1 /* Default@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 52DE817C1636347600F49F0C /* Default@2x.png */; }; - E7B01BE6166594AB000485F1 /* Default-568h@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 52DE817E1636347600F49F0C /* Default-568h@2x.png */; }; - E7B01BE9166594AB000485F1 /* first.png in Resources */ = {isa = PBXBuildFile; fileRef = 52DE81891636347600F49F0C /* first.png */; }; - E7B01BEA166594AB000485F1 /* first@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 52DE818B1636347600F49F0C /* first@2x.png */; }; - E7B01BEB166594AB000485F1 /* second.png in Resources */ = {isa = PBXBuildFile; fileRef = 52DE81901636347600F49F0C /* second.png */; }; - E7B01BEC166594AB000485F1 /* second@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = 52DE81921636347600F49F0C /* second@2x.png */; }; - E7B01BED166594AB000485F1 /* KeychainKeys.png in Resources */ = {isa = PBXBuildFile; fileRef = 52704B7D1638F4EB007FEBB0 /* KeychainKeys.png */; }; - E7B01BEE166594AB000485F1 /* Keychain-Entitlements.plist in Resources */ = {isa = PBXBuildFile; fileRef = 52704B871639193F007FEBB0 /* Keychain-Entitlements.plist */; }; E7B945B31CFE5EBD0027F31D /* CKDSecuritydAccount.m in Sources */ = {isa = PBXBuildFile; fileRef = E7B945B21CFE5EBD0027F31D /* CKDSecuritydAccount.m */; }; + E7C7871A1DCA4C5A0087FC34 /* CKDLockMonitor.h in Headers */ = {isa = PBXBuildFile; fileRef = E7C787181DCA4C5A0087FC34 /* CKDLockMonitor.h */; }; + E7C7871E1DCA4CF70087FC34 /* CKDAKSLockMonitor.h in Headers */ = {isa = PBXBuildFile; fileRef = E7C7871D1DCA4CF70087FC34 /* CKDAKSLockMonitor.h */; }; + E7C787201DCA4D430087FC34 /* CKDAKSLockMonitor.m in Sources */ = {isa = PBXBuildFile; fileRef = E7C7871F1DCA4D430087FC34 /* CKDAKSLockMonitor.m */; }; + E7C787211DCA4D430087FC34 /* CKDAKSLockMonitor.m in Sources */ = {isa = PBXBuildFile; fileRef = E7C7871F1DCA4D430087FC34 /* CKDAKSLockMonitor.m */; }; + E7C787351DD0FEF90087FC34 /* NSURL+SOSPlistStore.m in Sources */ = {isa = PBXBuildFile; fileRef = E7C787311DD0FED50087FC34 /* NSURL+SOSPlistStore.m */; }; E7D690921652E06A0079537A /* libMobileGestalt.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = E7D690911652E06A0079537A /* libMobileGestalt.dylib */; }; E7D690A11652E07B0079537A /* libMobileGestalt.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = E7D690911652E06A0079537A /* libMobileGestalt.dylib */; }; E7D690A21652E0870079537A /* libMobileGestalt.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = E7D690911652E06A0079537A /* libMobileGestalt.dylib */; }; @@ -906,12 +3925,9 @@ E7D848561C6C1E830025BB44 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7D848541C6C1D9C0025BB44 /* Foundation.framework */; }; E7D8489F1C6C244B0025BB44 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7D848541C6C1D9C0025BB44 /* Foundation.framework */; }; E7DC73B71C890F0E0008BF73 /* KeychainCircle.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7D847C51C6BE9710025BB44 /* KeychainCircle.framework */; }; - E7E0C73A1C90EDED00E69A21 /* libDER.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C8786AD0B03E05E00BB77D4 /* libDER.a */; }; - E7E0C73B1C90EDF500E69A21 /* libASN1.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 795CA9860D38269B00BAE6A2 /* libASN1.a */; }; - E7E0D902158FAFED002CA176 /* libutilitiesRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E7E0D8FE158FAB3B002CA176 /* libutilitiesRegressions.a */; }; - E7E0D903158FAFF7002CA176 /* libutilitiesRegressions.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E7E0D8FE158FAB3B002CA176 /* libutilitiesRegressions.a */; }; E7E3EFBA1CBC192A00E79A5D /* KCAccountKCCircleDelegate.m in Sources */ = {isa = PBXBuildFile; fileRef = E7E3EFB91CBC192A00E79A5D /* KCAccountKCCircleDelegate.m */; }; E7E3EFE31CBC195700E79A5D /* KCAccountKCCircleDelegate.h in Headers */ = {isa = PBXBuildFile; fileRef = E7E3EFE21CBC195700E79A5D /* KCAccountKCCircleDelegate.h */; settings = {ATTRIBUTES = (Public, ); }; }; + E7E5B55F1DC7ACAE00C03FFB /* SOSAccountGetSet.c in Sources */ = {isa = PBXBuildFile; fileRef = E7E5B55E1DC7ACAE00C03FFB /* SOSAccountGetSet.c */; }; E7EBDEBC1C87C0DB001BAA62 /* KeychainCircle.plist in Install BATS Tests */ = {isa = PBXBuildFile; fileRef = E7CFF7221C8660A000E3484E /* KeychainCircle.plist */; }; E7F480121C729C7B00390FDB /* NSError+KCCreationHelpers.h in Headers */ = {isa = PBXBuildFile; fileRef = E7F480111C729C7B00390FDB /* NSError+KCCreationHelpers.h */; settings = {ATTRIBUTES = (Private, ); }; }; E7F480151C73980D00390FDB /* KCJoiningRequestSession.m in Sources */ = {isa = PBXBuildFile; fileRef = E7F480141C73980D00390FDB /* KCJoiningRequestSession.m */; }; @@ -921,21 +3937,15 @@ E7F4809E1C74E86D00390FDB /* KCAESGCMTest.m in Sources */ = {isa = PBXBuildFile; fileRef = E7F4809D1C74E86D00390FDB /* KCAESGCMTest.m */; }; E7F482701C74FDD100390FDB /* KCJoiningSessionTest.m in Sources */ = {isa = PBXBuildFile; fileRef = E7F4826F1C74FDD100390FDB /* KCJoiningSessionTest.m */; }; E7F482961C74FDF800390FDB /* KCJoiningSession.h in Headers */ = {isa = PBXBuildFile; fileRef = E7F480131C7397CE00390FDB /* KCJoiningSession.h */; settings = {ATTRIBUTES = (Public, ); }; }; - E7F4829A1C75406900390FDB /* libSecureObjectSync.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C60888B155C943D00A0904F /* libSecureObjectSync.a */; }; - E7F4829C1C7540B200390FDB /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C2FEC5115755D710008BE39 /* libutilities.a */; }; - E7F4829D1C75413C00390FDB /* libsecurity.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18F7F66314D77DF700F88A12 /* libsecurity.a */; }; E7F482A11C7543E500390FDB /* libsqlite3.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CB740680A4749C800D641BB /* libsqlite3.dylib */; }; E7F482A31C7544E600390FDB /* libctkclient_test.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E7F482A21C7544E600390FDB /* libctkclient_test.a */; }; - E7F482A41C75450600390FDB /* libsecipc_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18F7F66914D77DF700F88A12 /* libsecipc_client.a */; }; E7F482A61C75453900390FDB /* libcoreauthd_test_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E7F482A51C75453900390FDB /* libcoreauthd_test_client.a */; }; E7F482AA1C7554FB00390FDB /* NSError+KCCreationHelpers.m in Sources */ = {isa = PBXBuildFile; fileRef = E7F482A91C7554F500390FDB /* NSError+KCCreationHelpers.m */; }; E7F482AC1C7558F700390FDB /* KCJoiningAcceptSession.m in Sources */ = {isa = PBXBuildFile; fileRef = E7F482AB1C7558F700390FDB /* KCJoiningAcceptSession.m */; }; E7F482E61C7640D300390FDB /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CBCE5A90BE7F69100FF81F5 /* IOKit.framework */; }; - E7F482E71C7641AA00390FDB /* libsecurityd.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18F7F66514D77DF700F88A12 /* libsecurityd.a */; }; E7FEEEF81332B7F70025EB06 /* libsqlite3.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CB740680A4749C800D641BB /* libsqlite3.dylib */; }; E7FEEEFA1332B8210025EB06 /* CFNetwork.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CF730310EF9CDE300E17471 /* CFNetwork.framework */; }; E7FEEEFB1332B8300025EB06 /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CBCE5A90BE7F69100FF81F5 /* IOKit.framework */; }; - E7FEFB94169E378500E18152 /* libSOSCommands.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FEFB8F169E36B000E18152 /* libSOSCommands.a */; }; EB0BC93A1C3C791500785842 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; EB0BC9671C3C798600785842 /* secedumodetest.m in Sources */ = {isa = PBXBuildFile; fileRef = EB0BC9661C3C794700785842 /* secedumodetest.m */; }; EB0BF1981D25B4BE000DEF32 /* README in CopyFiles */ = {isa = PBXBuildFile; fileRef = 4C4CE9120AF81F0E0056B01D /* README */; }; @@ -944,6 +3954,11 @@ EB2CA5571D2C36D400AB770F /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CBCE5A90BE7F69100FF81F5 /* IOKit.framework */; }; EB3409B01C1D627400D77661 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; EB3A8DFF1BEEC66F001A89AA /* Security_edumode.plist in Install BATS plist */ = {isa = PBXBuildFile; fileRef = EB3A8DD71BEEC4D6001A89AA /* Security_edumode.plist */; }; + EB3EBF101DBD413600620B2C /* libobjc.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = EB3EBF0F1DBD413600620B2C /* libobjc.dylib */; }; + EB3EBF111DBD413F00620B2C /* libobjc.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = EB3EBF0F1DBD413600620B2C /* libobjc.dylib */; }; + EB3EBF131DBD417A00620B2C /* libobjc.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = EB3EBF0F1DBD413600620B2C /* libobjc.dylib */; }; + EB3EBF141DBD41BD00620B2C /* libobjc.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = EB3EBF0F1DBD413600620B2C /* libobjc.dylib */; }; + EB3EBF151DBD85A600620B2C /* libobjc.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = EB3EBF0F1DBD413600620B2C /* libobjc.dylib */; }; EB425CA21C65846D000ECE53 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; EB425CCF1C658554000ECE53 /* secbackuptest.m in Sources */ = {isa = PBXBuildFile; fileRef = EB425CCE1C65854F000ECE53 /* secbackuptest.m */; }; EB425CDE1C658668000ECE53 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 52D82BD316A5EADA0078DFE5 /* Security.framework */; }; @@ -951,10 +3966,15 @@ EB433A291CC3244C00A7EACE /* secitemstresstest.m in Sources */ = {isa = PBXBuildFile; fileRef = EB433A1E1CC3242C00A7EACE /* secitemstresstest.m */; }; EB433A2A1CC3246800A7EACE /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 52D82BD316A5EADA0078DFE5 /* Security.framework */; }; EB433A2E1CC325E900A7EACE /* secitemstresstest.entitlements in Resources */ = {isa = PBXBuildFile; fileRef = EB433A2D1CC325E900A7EACE /* secitemstresstest.entitlements */; }; - EB5D73101B0CB09E009CAA47 /* SOSTypes.h in Old SOS header location */ = {isa = PBXBuildFile; fileRef = 52F8DE4D1AF2EB8F00A2C271 /* SOSTypes.h */; }; - EB5D73111B0CB0BE009CAA47 /* SOSPeerInfo.h in Old SOS header location */ = {isa = PBXBuildFile; fileRef = E7450BAD16D42B17009C07B8 /* SOSPeerInfo.h */; }; + EB4B6E201DC0682A00AFC494 /* SecADWrapper.c in Sources */ = {isa = PBXBuildFile; fileRef = EBF3749A1DC064200065D840 /* SecADWrapper.c */; }; + EB4B6E261DC0683600AFC494 /* SecADWrapper.h in Headers */ = {isa = PBXBuildFile; fileRef = EBF3749B1DC064200065D840 /* SecADWrapper.h */; }; + EB6928C51D9C9C6E00062A18 /* SecRecoveryKey.h in Headers */ = {isa = PBXBuildFile; fileRef = EB6928BE1D9C9C5900062A18 /* SecRecoveryKey.h */; settings = {ATTRIBUTES = (Private, ); }; }; + EB6928C61D9C9C6F00062A18 /* SecRecoveryKey.h in Headers */ = {isa = PBXBuildFile; fileRef = EB6928BE1D9C9C5900062A18 /* SecRecoveryKey.h */; settings = {ATTRIBUTES = (Private, ); }; }; + EB6928CA1D9C9E1800062A18 /* rk_01_recoverykey.m in Sources */ = {isa = PBXBuildFile; fileRef = EB6928C91D9C9D9D00062A18 /* rk_01_recoverykey.m */; }; + EB6928F91D9ED5BA00062A18 /* SecRecoveryKey.m in Sources */ = {isa = PBXBuildFile; fileRef = EB6928BF1D9C9C5900062A18 /* SecRecoveryKey.m */; }; EB69AB301BF4348000913AF1 /* SecEMCSPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = EB69AB091BF4347700913AF1 /* SecEMCSPriv.h */; settings = {ATTRIBUTES = (Private, ); }; }; - EB73F0111C210C11008191E3 /* SecurityFeatures.h in Headers */ = {isa = PBXBuildFile; fileRef = EBDED8B51C2107DF00E5ECDB /* SecurityFeatures.h */; settings = {ATTRIBUTES = (Public, ); }; }; + EB7F50C51DB8800A003D787D /* CoreCDP.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DCE4E9411D7F3E6E00AFB96E /* CoreCDP.framework */; }; + EB7F50CC1DB88A03003D787D /* CoreCDP.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DCE4E9411D7F3E6E00AFB96E /* CoreCDP.framework */; }; EB9C1D7B1BDFD0E000F89272 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; EB9C1D7E1BDFD0E100F89272 /* secbackupntest.m in Sources */ = {isa = PBXBuildFile; fileRef = EB9C1D7D1BDFD0E100F89272 /* secbackupntest.m */; }; EB9C1DB51BDFD50100F89272 /* Security.plist in Install BATS plist */ = {isa = PBXBuildFile; fileRef = EB9C1DAD1BDFD49400F89272 /* Security.plist */; }; @@ -964,20 +3984,31 @@ EBCF73F71CE45F9C00BED7CA /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 52D82BD316A5EADA0078DFE5 /* Security.framework */; }; EBCF73F81CE45F9C00BED7CA /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; EBCF73FD1CE45FAC00BED7CA /* secitemfunctionality.m in Sources */ = {isa = PBXBuildFile; fileRef = EBCF73F21CE45F8600BED7CA /* secitemfunctionality.m */; }; - EBD8495B1B24BEA000C5FD1E /* print_cert.c in Sources */ = {isa = PBXBuildFile; fileRef = EBD8495A1B24BEA000C5FD1E /* print_cert.c */; }; EBE54D761BE32F6F000C4856 /* AggregateDictionary.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 72B368BD179891FC004C37CE /* AggregateDictionary.framework */; }; EBE901721C2283F7007308C6 /* AggregateDictionary.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 72B368BD179891FC004C37CE /* AggregateDictionary.framework */; }; - EBE901991C2284EE007308C6 /* AggregateDictionary.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 72B368BD179891FC004C37CE /* AggregateDictionary.framework */; }; EBE9019A1C22852C007308C6 /* AggregateDictionary.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 72B368BD179891FC004C37CE /* AggregateDictionary.framework */; }; EBE9019B1C2285D4007308C6 /* AggregateDictionary.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 72B368BD179891FC004C37CE /* AggregateDictionary.framework */; }; EBE9019C1C2285DB007308C6 /* AggregateDictionary.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 72B368BD179891FC004C37CE /* AggregateDictionary.framework */; }; - EBE9019D1C228603007308C6 /* AggregateDictionary.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 72B368BD179891FC004C37CE /* AggregateDictionary.framework */; }; EBE9019E1C228610007308C6 /* AggregateDictionary.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 72B368BD179891FC004C37CE /* AggregateDictionary.framework */; }; EBF2D73C1C1E2B47006AB6FF /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = E7FCBE431314471B000DE34E /* Foundation.framework */; }; + EBF374751DC055590065D840 /* security-sysdiagnose.m in Sources */ = {isa = PBXBuildFile; fileRef = EBF374741DC055590065D840 /* security-sysdiagnose.m */; }; + EBF3747E1DC057B40065D840 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 52D82BD316A5EADA0078DFE5 /* Security.framework */; }; + EBF374801DC058070065D840 /* security-sysdiagnose.1 in CopyFiles */ = {isa = PBXBuildFile; fileRef = EBF3747F1DC057FE0065D840 /* security-sysdiagnose.1 */; }; F93C493B1AB8FF530047E01A /* ckcdiagnose.sh in CopyFiles */ = {isa = PBXBuildFile; fileRef = F93C493A1AB8FF530047E01A /* ckcdiagnose.sh */; settings = {ATTRIBUTES = (CodeSignOnCopy, ); }; }; /* End PBXBuildFile section */ /* Begin PBXBuildRule section */ + DC58C36E1D77B4AD003C25A4 /* PBXBuildRule */ = { + isa = PBXBuildRule; + compilerSpec = com.apple.compilers.proxy.script; + filePatterns = "*.exp-in"; + fileType = pattern.proxy; + isEditable = 1; + outputFiles = ( + "$(BUILT_PRODUCTS_DIR)/$(PRODUCT_NAME).$(CURRENT_ARCH).exp", + ); + script = "#!/bin/sh\n\nfor file in ${HEADER_SEARCH_PATHS[@]} ; do\nHEADER_SEARCH_OPTIONS=\"${HEADER_SEARCH_OPTIONS} -I${file}\"\ndone\n\nxcrun clang -E -Xpreprocessor -P -x c -arch ${CURRENT_ARCH} ${HEADER_SEARCH_OPTIONS} ${OTHER_INPUT_FILE_FLAGS} ${INPUT_FILE_PATH} -o ${BUILT_PRODUCTS_DIR}/${PRODUCT_NAME}.${CURRENT_ARCH}.exp\n"; + }; E7B006FF170B56E700B27966 /* PBXBuildRule */ = { isa = PBXBuildRule; compilerSpec = com.apple.compilers.proxy.script; @@ -985,1965 +4016,3156 @@ fileType = pattern.proxy; isEditable = 1; outputFiles = ( - "$(BUILT_PRODUCTS_DIR)/$(TARGETNAME).$(CURRENT_ARCH).exp", + "$(BUILT_PRODUCTS_DIR)/$(PRODUCT_NAME).$(CURRENT_ARCH).exp", ); - script = "#!/bin/sh\n\nfor file in ${HEADER_SEARCH_PATHS[@]} ; do\nHEADER_SEARCH_OPTIONS=\"${HEADER_SEARCH_OPTIONS} -I${file}\"\ndone\n\nxcrun clang -E -Xpreprocessor -P -x c -arch ${CURRENT_ARCH} ${HEADER_SEARCH_OPTIONS} ${INPUT_FILE_PATH} -o ${BUILT_PRODUCTS_DIR}/${TARGETNAME}.${CURRENT_ARCH}.exp\n"; + script = "#!/bin/sh\n\nfor file in ${HEADER_SEARCH_PATHS[@]} ; do\nHEADER_SEARCH_OPTIONS=\"${HEADER_SEARCH_OPTIONS} -I${file}\"\ndone\n\nxcrun clang -E -Xpreprocessor -P -x c -arch ${CURRENT_ARCH} ${HEADER_SEARCH_OPTIONS} ${OTHER_INPUT_FILE_FLAGS} ${INPUT_FILE_PATH} -o ${BUILT_PRODUCTS_DIR}/${PRODUCT_NAME}.${CURRENT_ARCH}.exp\n"; }; /* End PBXBuildRule section */ /* Begin PBXContainerItemProxy section */ - 051D8FD6194913E700AEF66A /* PBXContainerItemProxy */ = { + 0C10C9391DD548B6000602A8 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 1807384B146D0D4E00F05C24; - remoteInfo = Security; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC52E8BE1D80C25800B0A59C; + remoteInfo = SecureObjectSync; }; - 051D8FD8194913E700AEF66A /* PBXContainerItemProxy */ = { + 0C10C93B1DD548BD000602A8 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 182BB568146F4DCA000BF1F3; - remoteInfo = csparser; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = utilities; }; - 051D8FDA194913E700AEF66A /* PBXContainerItemProxy */ = { + 0C2BCBBB1D0640B200ED7A2F /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 18FE67EA1471A3AA00A2CBE3; - remoteInfo = copyHeaders; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 0C2BCBA81D06401F00ED7A2F; + remoteInfo = dtlsEchoClient; }; - 051D8FDC194913E700AEF66A /* PBXContainerItemProxy */ = { + 0C2BCBD01D0648FA00ED7A2F /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 18270ED614CF282600B05E7F; - remoteInfo = secd; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 0C2BCBBD1D0648D100ED7A2F; + remoteInfo = dtlsEchoServer; }; - 051D8FDE194913E700AEF66A /* PBXContainerItemProxy */ = { + 0C664AB31759270C0092D3D9 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 0CC3352D16C1ED8000399E53; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 0C0BDB2E175685B000BC1A7E; remoteInfo = secdtests; }; - 051D8FE0194913E700AEF66A /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 0C6C630B15D193C800BC68CD; - remoteInfo = sectests; - }; - 051D8FE2194913E700AEF66A /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 18F234EB15C9F9A600060520; - remoteInfo = authd; - }; - 051D8FE6194913E700AEF66A /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CB23B46169F5873003A0131; - remoteInfo = security2; - }; - 051D8FE8194913E700AEF66A /* PBXContainerItemProxy */ = { + 0C99B73F131C984900584CF4 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CC7A7B316CC2A84003E10C1; - remoteInfo = "Cloud Keychain Utility"; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 0C6799F912F7C37C00712919; + remoteInfo = dtlsTests; }; - 051D8FEA194913E700AEF66A /* PBXContainerItemProxy */ = { + 0CC827F1138712B100BD99B7 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4C96F7C116D6DF8300D3B39D; - remoteInfo = "Keychain Circle Notification"; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = E710C7411331946400F85568; + remoteInfo = SecurityTests; }; - 05EF68A41949143A007958C3 /* PBXContainerItemProxy */ = { + 438169E61B4EE4B300C54D58 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 05EF687F1949143A007958C3 /* securityd.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = AA6D4B8A0E6F3BB80050206D; - remoteInfo = securityd; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 4381690B1B4EDCBD00C54D58; + remoteInfo = SOSCCAuthPlugin; }; - 05EF68AD19491453007958C3 /* PBXContainerItemProxy */ = { + 4C52D0ED16EFCD720079966E /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 05EF68A919491453007958C3 /* SecurityTool.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = AACD2CBE0E12D81D00D485EA; - remoteInfo = security; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 4C52D0B316EFC61E0079966E; + remoteInfo = CircleJoinRequested; }; - 05EF68B3194914C2007958C3 /* PBXContainerItemProxy */ = { + 4C541F8B0F250C0400E508AE /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 4CE4729E16D833FD009070D1; - remoteInfo = Security_temporary_UI; + remoteGlobalIDString = 790851B50CA9859F0083CC4D; + remoteInfo = securityd; }; - 05EF68C91949167B007958C3 /* PBXContainerItemProxy */ = { + 4C541F8D0F250C0900E508AE /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 05EF68A919491453007958C3 /* SecurityTool.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = AACD2C7B0E12D81D00D485EA; + remoteGlobalIDString = 4CB740A20A47567C00D641BB; remoteInfo = security; }; - 0C0BDB811756A1D700BC1A7E /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 0C0BDB5F175687EC00BC1A7E; - remoteInfo = libsecdRegressions; - }; - 0C2BCBAA1D06401F00ED7A2F /* PBXContainerItemProxy */ = { + 4C541F8F0F250C0E00E508AE /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E71049F1169E023B00DB0045; - remoteInfo = libSecurityTool; + remoteGlobalIDString = 4CE5A54C09C796E100D27A3F; + remoteInfo = sslViewer; }; - 0C2BCBAC1D06401F00ED7A2F /* PBXContainerItemProxy */ = { + 4C541F910F250C1300E508AE /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = libutilities; + remoteGlobalIDString = 7913B1FF0D172B3900601FE9; + remoteInfo = sslServer; }; - 0C2BCBBB1D0640B200ED7A2F /* PBXContainerItemProxy */ = { + 4C541FA00F250C5200E508AE /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 0C2BCBA81D06401F00ED7A2F; - remoteInfo = dtlsEchoClient; + remoteGlobalIDString = 4C541F840F250BF500E508AE; + remoteInfo = phase2; }; - 0C2BCBBF1D0648D100ED7A2F /* PBXContainerItemProxy */ = { + 4C9DE9EE1181ACA000CF5C27 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E71049F1169E023B00DB0045; - remoteInfo = libSecurityTool; + remoteGlobalIDString = 4C9DE9D11181AC4800CF5C27; + remoteInfo = sslEcdsa; }; - 0C2BCBC11D0648D100ED7A2F /* PBXContainerItemProxy */ = { + 52D82BF516A627100078DFE5 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = libutilities; + remoteGlobalIDString = 52D82BDD16A621F70078DFE5; + remoteInfo = CloudKeychainProxy; }; - 0C2BCBD01D0648FA00ED7A2F /* PBXContainerItemProxy */ = { + 5346481A17331ED800FE9172 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 0C2BCBBD1D0648D100ED7A2F; - remoteInfo = dtlsEchoServer; + remoteGlobalIDString = 5346480017331E1100FE9172; + remoteInfo = KeychainSyncAccountNotification; }; - 0C664AB31759270C0092D3D9 /* PBXContainerItemProxy */ = { + 5DDD0BED16D6748900D6C0D6 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 0C0BDB2E175685B000BC1A7E; - remoteInfo = secdtests; + remoteGlobalIDString = 728B56A016D59979008FA3AB; + remoteInfo = OTAPKIAssetTool; }; - 0C664AD5175938F20092D3D9 /* PBXContainerItemProxy */ = { + 5E10995319A5E80B00A60E2B /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 18D4056114CE53C200A2BE4E; - remoteInfo = libsecurityd; + remoteGlobalIDString = 5E10992419A5E55800A60E2B; + remoteInfo = ISACLProtectedItems; }; - 0C664AD7175938F90092D3D9 /* PBXContainerItemProxy */ = { + 5EF7C2551B00EEF900E5E99C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 0C0BDB55175687EC00BC1A7E; - remoteInfo = libsecdRegressions; + remoteGlobalIDString = 5EBE24791B00CCAE0007DB0E; + remoteInfo = secacltests; }; - 0C664AD9175939490092D3D9 /* PBXContainerItemProxy */ = { + BE197F621911742900BA91D1 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = utilities; + remoteGlobalIDString = BE197F2519116FD100BA91D1; + remoteInfo = KeychainViewService; }; - 0C664ADB1759395E0092D3D9 /* PBXContainerItemProxy */ = { + BE4AC9B318B8020400B84964 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 0C25A871122726540050C2BD /* regressions.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E710C6FD133192E900F85568; - remoteInfo = regressions; + remoteGlobalIDString = BE442BA018B7FDB800F24DAE; + remoteInfo = swcagent; }; - 0C664ADD1759396C0092D3D9 /* PBXContainerItemProxy */ = { + CD6130EC1DA1C0CC00E1E42F /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 795CA97A0D38269B00BAE6A2 /* libsecurity_asn1.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 795CA7FE0D38013D00BAE6A2; - remoteInfo = libASN1; + remoteGlobalIDString = CD276C261A83F60C003226BC; + remoteInfo = KeychainSyncingOverIDSProxy; }; - 0C664ADF175939740092D3D9 /* PBXContainerItemProxy */ = { + CD6130ED1DA1C0CC00E1E42F /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C8786A10B03E05D00BB77D4 /* libDER.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 053BA313091C00BF00A7007A; - remoteInfo = libDER; + remoteGlobalIDString = CD276C261A83F60C003226BC; + remoteInfo = KeychainSyncingOverIDSProxy; }; - 0C664AE11759398A0092D3D9 /* PBXContainerItemProxy */ = { + D41AD4391B96721E008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 18D4043414CE0CF300A2BE4E; - remoteInfo = libsecurity; + remoteGlobalIDString = 790851B50CA9859F0083CC4D; + remoteInfo = securityd; }; - 0C664AE31759398A0092D3D9 /* PBXContainerItemProxy */ = { + D41AD43B1B96723B008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E702E73514E1F3EA00CDE635; - remoteInfo = libSecureObjectSync; + remoteGlobalIDString = E710C7411331946400F85568; + remoteInfo = SecurityTests; }; - 0C664AE517593BED0092D3D9 /* PBXContainerItemProxy */ = { + D41AD43D1B967242008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 18270F5414CF651900B05E7F; - remoteInfo = libsecipc_client; + remoteGlobalIDString = 0C0BDB2E175685B000BC1A7E; + remoteInfo = secdtests; }; - 0C99B73F131C984900584CF4 /* PBXContainerItemProxy */ = { + D41AD43F1B96724C008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; remoteGlobalIDString = 0C6799F912F7C37C00712919; remoteInfo = dtlsTests; }; - 0CC827F1138712B100BD99B7 /* PBXContainerItemProxy */ = { + D41AD4411B97866C008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E710C7411331946400F85568; - remoteInfo = SecurityTests; - }; - 0CCA406915C73CA1002AEC4C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 0C95403F14E473AA00077526 /* libsecurity_ssl.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; - remoteInfo = libsecurity_ssl; + remoteGlobalIDString = 7913B1FF0D172B3900601FE9; + remoteInfo = sslServer; }; - 0CCA408115C745C6002AEC4C /* PBXContainerItemProxy */ = { + D41AD4431B978681008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 0C95403F14E473AA00077526 /* libsecurity_ssl.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; - remoteInfo = libsecurity_ssl; + remoteGlobalIDString = 4C9DE9D11181AC4800CF5C27; + remoteInfo = sslEcdsa; }; - 0CCA418015C89ECD002AEC4C /* PBXContainerItemProxy */ = { + D41AD4451B9786A3008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 0C95403F14E473AA00077526 /* libsecurity_ssl.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 0CCA415815C89E8B002AEC4C; - remoteInfo = libsecurity_ssl_regressions; + remoteGlobalIDString = 4CB740A20A47567C00D641BB; + remoteInfo = securitytool; }; - 0CCA418315C89ECD002AEC4C /* PBXContainerItemProxy */ = { + D41AD4491B9786D8008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 0C95403F14E473AA00077526 /* libsecurity_ssl.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 0CCA415915C89E8B002AEC4C; - remoteInfo = libsecurity_ssl_regressions; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = F93C49021AB8FCE00047E01A; + remoteInfo = ckcdiagnose.sh; }; - 0CCA418515C89EDD002AEC4C /* PBXContainerItemProxy */ = { + D41AD44B1B9786E2008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 0C95403F14E473AA00077526 /* libsecurity_ssl.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 0CCA415815C89E8B002AEC4C; - remoteInfo = libsecurity_ssl_regressions; + remoteGlobalIDString = 5EBE24791B00CCAE0007DB0E; + remoteInfo = secacltests; }; - 0CCA42F015C8A806002AEC4C /* PBXContainerItemProxy */ = { + D41AD44D1B978791008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 0C95403F14E473AA00077526 /* libsecurity_ssl.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 0CCA42C915C8A387002AEC4C; - remoteInfo = dtlsEchoClient; - }; - 0CCA42F215C8A806002AEC4C /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 0C95403F14E473AA00077526 /* libsecurity_ssl.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 0CCA42D715C8A395002AEC4C; - remoteInfo = dtlsEchoServer; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 5E10992419A5E55800A60E2B; + remoteInfo = ISACLProtectedItems; }; - 0CD72A4B16D54BD300A4B8A3 /* PBXContainerItemProxy */ = { + D41AD4511B9788B2008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = utilities; + remoteGlobalIDString = 52D82BDD16A621F70078DFE5; + remoteInfo = CloudKeychainProxy; }; - 0CD72A5916D55BF100A4B8A3 /* PBXContainerItemProxy */ = { + D41AD4591B978944008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 52DE81681636347500F49F0C; - remoteInfo = Keychain; + remoteGlobalIDString = 728B56A016D59979008FA3AB; + remoteInfo = OTAPKIAssetTool; }; - 18F7F66214D77DF700F88A12 /* PBXContainerItemProxy */ = { + D41AD45B1B978A7A008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 18D4043514CE0CF300A2BE4E; - remoteInfo = libsecurity; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 790851B50CA9859F0083CC4D; + remoteInfo = securityd; }; - 18F7F66414D77DF700F88A12 /* PBXContainerItemProxy */ = { + D41AD45D1B978A7C008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 18D4056214CE53C200A2BE4E; - remoteInfo = libsecurityd; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 4CB740A20A47567C00D641BB; + remoteInfo = securitytool; }; - 18F7F66614D77DF700F88A12 /* PBXContainerItemProxy */ = { + D41AD45F1B978E18008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 186CDD0F14CA116C00AF9171; - remoteInfo = libSecItemShimOSX; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = E710C7411331946400F85568; + remoteInfo = SecurityTests; }; - 18F7F66814D77DF700F88A12 /* PBXContainerItemProxy */ = { + D41AD4611B978E24008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 18270F5514CF651900B05E7F; - remoteInfo = libsecipc_client; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 0C0BDB2E175685B000BC1A7E; + remoteInfo = secdtests; }; - 18F7F66A14D77E8500F88A12 /* PBXContainerItemProxy */ = { + D41AD4651B978F19008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 18D4043414CE0CF300A2BE4E; - remoteInfo = libsecurity; + remoteGlobalIDString = 0C6799F912F7C37C00712919; + remoteInfo = dtlsTests; }; - 18F7F66C14D77E8D00F88A12 /* PBXContainerItemProxy */ = { + D41AD4671B978F20008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 18270F5414CF651900B05E7F; - remoteInfo = libsecipc_client; + remoteGlobalIDString = 7913B1FF0D172B3900601FE9; + remoteInfo = sslServer; }; - 18F7F67014D77EC500F88A12 /* PBXContainerItemProxy */ = { + D41AD4691B978F24008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 18D4056114CE53C200A2BE4E; - remoteInfo = libsecurityd; + remoteGlobalIDString = 4CE5A54C09C796E100D27A3F; + remoteInfo = sslViewer; }; - 18F7F67314D77EE900F88A12 /* PBXContainerItemProxy */ = { + D41AD46B1B978F28008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 18D4056114CE53C200A2BE4E; - remoteInfo = libsecurityd; + remoteGlobalIDString = 4C9DE9D11181AC4800CF5C27; + remoteInfo = sslEcdsa; }; - 18F7F67614D77EFF00F88A12 /* PBXContainerItemProxy */ = { + D41AD46D1B978F4C008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 18D4056114CE53C200A2BE4E; - remoteInfo = libsecurityd; + remoteGlobalIDString = 5EBE24791B00CCAE0007DB0E; + remoteInfo = secacltests; }; - 3792618E1A8987DB008ADD3C /* PBXContainerItemProxy */ = { + D41AD4711B978F76008C7270 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 3705CAD21A896DE800402F75; - remoteInfo = SecTaskTest; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 728B56A016D59979008FA3AB; + remoteInfo = OTAPKIAssetTool; }; - 438169E61B4EE4B300C54D58 /* PBXContainerItemProxy */ = { + DC00678F1D878132005AF8DB /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 4381690B1B4EDCBD00C54D58; - remoteInfo = SOSCCAuthPlugin; + remoteGlobalIDString = DC6A82911D87749900418608; + remoteInfo = libsecurityd_client_macos; }; - 4ACED92A15A1095B0060775A /* PBXContainerItemProxy */ = { + DC0067C31D8787AE005AF8DB /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 4A824AFB158FF07000F932C0; - remoteInfo = libSecOTRRegressions; + remoteGlobalIDString = DC0067921D87876F005AF8DB; + remoteInfo = libsecurityd_server_macos; }; - 4ACED92E15A10A3E0060775A /* PBXContainerItemProxy */ = { + DC0067D21D8788C4005AF8DB /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 4A824AFB158FF07000F932C0; - remoteInfo = libSecOTRRegressions; + remoteGlobalIDString = DC0067C51D878898005AF8DB; + remoteInfo = libsecurityd_ucspc; }; - 4C0789C1113F4C7400422E2D /* PBXContainerItemProxy */ = { + DC008B591D90CEC7004002A3 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C8786A10B03E05D00BB77D4 /* libDER.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4C96C8CE113F4132005483E8; - remoteInfo = parseTicket; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC008B451D90CE53004002A3; + remoteInfo = securityd_macos_mig_nomake; }; - 4C1ADEB61615176500E4A8AF /* PBXContainerItemProxy */ = { + DC008B5B1D90CEE9004002A3 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E702E73514E1F3EA00CDE635; - remoteInfo = libSecureObjectSync; + remoteGlobalIDString = DC008B451D90CE53004002A3; + remoteInfo = securityd_macos_mig_nomake; }; - 4C2FEC5015755D710008BE39 /* PBXContainerItemProxy */ = { + DC008B631D90CF37004002A3 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = E742A09C14E343E70052A486; - remoteInfo = libutilities; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC008B451D90CE53004002A3; + remoteInfo = securityd_macos_mig_nomake; }; - 4C2FEC5F157571F80008BE39 /* PBXContainerItemProxy */ = { + DC008B651D90CF40004002A3 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E702E75714E1F48800CDE635; - remoteInfo = libSOSRegressions; + remoteGlobalIDString = DC008B451D90CE53004002A3; + remoteInfo = securityd_macos_mig_nomake; }; - 4C2FEC61157572130008BE39 /* PBXContainerItemProxy */ = { + DC00AB651D821BFD00513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E702E75714E1F48800CDE635; - remoteInfo = libSOSRegressions; + remoteGlobalIDString = DC52E88A1D80C1EB00B0A59C; + remoteInfo = libsecipc_client; }; - 4C3AD81D157589380047A498 /* PBXContainerItemProxy */ = { + DC00AB671D821C0500513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E702E73514E1F3EA00CDE635; + remoteGlobalIDString = DC52E8BE1D80C25800B0A59C; remoteInfo = libSecureObjectSync; }; - 4C3AD81F1575894C0047A498 /* PBXContainerItemProxy */ = { + DC00AB691D821C0700513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E702E73514E1F3EA00CDE635; - remoteInfo = libSecureObjectSync; + remoteGlobalIDString = DC52EC521D80D05200B0A59C; + remoteInfo = liblogging; }; - 4C52D0ED16EFCD720079966E /* PBXContainerItemProxy */ = { + DC00AB711D821C4600513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 4C52D0B316EFC61E0079966E; - remoteInfo = CircleJoinRequested; + remoteGlobalIDString = DCC78EA81D8088E200865A7C; + remoteInfo = libsecurity; }; - 4C541F8B0F250C0400E508AE /* PBXContainerItemProxy */ = { + DC00AB731D821C4800513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 790851B50CA9859F0083CC4D; - remoteInfo = securityd; + remoteGlobalIDString = DC52E7731D80BC8000B0A59C; + remoteInfo = libsecurityd; }; - 4C541F8D0F250C0900E508AE /* PBXContainerItemProxy */ = { + DC00AB751D821C4C00513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 4CB740A20A47567C00D641BB; - remoteInfo = security; + remoteGlobalIDString = DC52E8BE1D80C25800B0A59C; + remoteInfo = libSecureObjectSync; }; - 4C541F8F0F250C0E00E508AE /* PBXContainerItemProxy */ = { + DC00AB771D821C5000513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 4CE5A54C09C796E100D27A3F; - remoteInfo = sslViewer; + remoteGlobalIDString = DC52E88A1D80C1EB00B0A59C; + remoteInfo = libsecipc_client; }; - 4C541F910F250C1300E508AE /* PBXContainerItemProxy */ = { + DC00AB7D1D821C7F00513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 7913B1FF0D172B3900601FE9; - remoteInfo = sslServer; + remoteGlobalIDString = DC52E8BE1D80C25800B0A59C; + remoteInfo = libSecureObjectSync; }; - 4C541FA00F250C5200E508AE /* PBXContainerItemProxy */ = { + DC00AB7F1D821C8300513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 4C541F840F250BF500E508AE; - remoteInfo = phase2; + remoteGlobalIDString = DC52EC3E1D80D00800B0A59C; + remoteInfo = libSWCAgent; }; - 4C60888A155C943D00A0904F /* PBXContainerItemProxy */ = { + DC00AB841D821CA300513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = E702E75614E1F3EA00CDE635; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC52E8BE1D80C25800B0A59C; remoteInfo = libSecureObjectSync; }; - 4C60888C155C943D00A0904F /* PBXContainerItemProxy */ = { + DC00AB861D821CA900513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = E702E77814E1F48800CDE635; - remoteInfo = libSOSRegressions; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC52E7731D80BC8000B0A59C; + remoteInfo = libsecurityd; }; - 4C711D5A13AFCD0900FE865D /* PBXContainerItemProxy */ = { + DC00AB881D821CAD00513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C8786A10B03E05D00BB77D4 /* libDER.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 053BA313091C00BF00A7007A; - remoteInfo = libDER; + remoteGlobalIDString = DC52E88A1D80C1EB00B0A59C; + remoteInfo = libsecipc_client; }; - 4C711D6013AFCD0900FE865D /* PBXContainerItemProxy */ = { + DC00AB911D821D6000513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 0C25A871122726540050C2BD /* regressions.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E710C6FD133192E900F85568; - remoteInfo = regressions; + remoteGlobalIDString = DC52EC211D80CFB200B0A59C; + remoteInfo = libSOSCommands; }; - 4C8786AC0B03E05E00BB77D4 /* PBXContainerItemProxy */ = { + DC00AB931D821D6500513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C8786A10B03E05D00BB77D4 /* libDER.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 053BA314091C00BF00A7007A; - remoteInfo = libDER; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC52EBC61D80CEF100B0A59C; + remoteInfo = libSecurityCommands; }; - 4C8786AE0B03E05E00BB77D4 /* PBXContainerItemProxy */ = { + DC00AB951D821D6800513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C8786A10B03E05D00BB77D4 /* libDER.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 053BA445091FE58C00A7007A; - remoteInfo = parseCert; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC52EA441D80CB7000B0A59C; + remoteInfo = libSecurityTool; }; - 4C8786B00B03E05E00BB77D4 /* PBXContainerItemProxy */ = { + DC00AB9D1D821DBB00513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C8786A10B03E05D00BB77D4 /* libDER.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 053BA46B091FE63E00A7007A; - remoteInfo = libDERUtils; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCC78EA81D8088E200865A7C; + remoteInfo = libsecurity; }; - 4C8786B20B03E05E00BB77D4 /* PBXContainerItemProxy */ = { + DC00AB9F1D821DBC00513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C8786A10B03E05D00BB77D4 /* libDER.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 058F16540925135E009FA1C5; - remoteInfo = parseCrl; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC52E7731D80BC8000B0A59C; + remoteInfo = libsecurityd; }; - 4C9DE9EE1181ACA000CF5C27 /* PBXContainerItemProxy */ = { + DC00ABA11D821DBF00513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 4C9DE9D11181AC4800CF5C27; - remoteInfo = sslEcdsa; + remoteGlobalIDString = DC52E8BE1D80C25800B0A59C; + remoteInfo = libSecureObjectSync; }; - 4CC92B1915A3BF1E00C6D578 /* PBXContainerItemProxy */ = { + DC00ABA31D821DC400513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4CC92B1415A3BC6B00C6D578; - remoteInfo = "libsecuritydRegressions copy"; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC52E88A1D80C1EB00B0A59C; + remoteInfo = libsecipc_client; }; - 4CC92B2415A3C6DE00C6D578 /* PBXContainerItemProxy */ = { + DC00ABA91D821DE600513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 4CC92AC215A3BC6B00C6D578; - remoteInfo = libsecuritydRegressions; + remoteGlobalIDString = DC52E7731D80BC8000B0A59C; + remoteInfo = libsecurityd; }; - 4CC92B2C15A3C94500C6D578 /* PBXContainerItemProxy */ = { + DC00ABAB1D821DE700513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 4CC92AC215A3BC6B00C6D578; - remoteInfo = libsecuritydRegressions; + remoteGlobalIDString = DC52E8BE1D80C25800B0A59C; + remoteInfo = libSecureObjectSync; }; - 4CE39041169F87C400026468 /* PBXContainerItemProxy */ = { + DC00ABAD1D821DEB00513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E71049F1169E023B00DB0045; - remoteInfo = libSecurityTool; + remoteGlobalIDString = DC52EC7E1D80D1A800B0A59C; + remoteInfo = libiOSSecurityRegressions; }; - 4CE39043169F87DB00026468 /* PBXContainerItemProxy */ = { + DC00ABAF1D821DF300513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E71049F1169E023B00DB0045; - remoteInfo = libSecurityTool; + remoteGlobalIDString = DC52EC601D80D0C400B0A59C; + remoteInfo = libSOSRegressions; }; - 4CEC096E15758EAF008EB037 /* PBXContainerItemProxy */ = { + DC00ABB11D821DF600513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = libutilities; + remoteGlobalIDString = DC52EDFD1D80D6DD00B0A59C; + remoteInfo = libSharedRegressions; }; - 4CEC097015758EC5008EB037 /* PBXContainerItemProxy */ = { + DC00ABBA1D821E9B00513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = libutilities; + remoteGlobalIDString = DC52E7731D80BC8000B0A59C; + remoteInfo = libsecurityd; }; - 4CEC097415758F0A008EB037 /* PBXContainerItemProxy */ = { + DC00ABBC1D821E9F00513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = libutilities; + remoteGlobalIDString = DC52E8BE1D80C25800B0A59C; + remoteInfo = libSecureObjectSync; }; - 4CEC097815758F17008EB037 /* PBXContainerItemProxy */ = { + DC00ABBE1D821EA700513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = libutilities; + remoteGlobalIDString = DC52ED631D80D4CD00B0A59C; + remoteInfo = libiOSsecuritydRegressions; }; - 4CEC097C15758F23008EB037 /* PBXContainerItemProxy */ = { + DC00ABC81D821F0200513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = libutilities; + remoteGlobalIDString = DC52E7731D80BC8000B0A59C; + remoteInfo = libsecurityd; }; - 4CEC098615758F60008EB037 /* PBXContainerItemProxy */ = { + DC00ABCA1D821F0500513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = libutilities; + remoteGlobalIDString = DC52E8BE1D80C25800B0A59C; + remoteInfo = libSecureObjectSync; }; - 5250AC2F1C866F9D00169095 /* PBXContainerItemProxy */ = { + DC00ABCE1D821F1700513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 18D4043414CE0CF300A2BE4E; - remoteInfo = libsecurity; + remoteGlobalIDString = DC52E88A1D80C1EB00B0A59C; + remoteInfo = libsecipc_client; }; - 5250AC311C866F9D00169095 /* PBXContainerItemProxy */ = { + DC00ABD01D821F1A00513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 18D4056114CE53C200A2BE4E; - remoteInfo = libsecurityd; + remoteGlobalIDString = DCC78EA81D8088E200865A7C; + remoteInfo = libsecurity; }; - 5250AC331C866F9D00169095 /* PBXContainerItemProxy */ = { + DC00ABD21D821F1D00513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E702E73514E1F3EA00CDE635; + remoteGlobalIDString = DC52E8BE1D80C25800B0A59C; remoteInfo = libSecureObjectSync; }; - 5250AC351C866FA500169095 /* PBXContainerItemProxy */ = { + DC00ABD41D821F2700513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = utilities; + remoteGlobalIDString = DC52E7731D80BC8000B0A59C; + remoteInfo = libsecurityd; }; - 52D82BF116A622600078DFE5 /* PBXContainerItemProxy */ = { + DC00ABDB1D821F5300513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = utilities; + remoteGlobalIDString = DC52E88A1D80C1EB00B0A59C; + remoteInfo = libsecipc_client; }; - 52D82BF516A627100078DFE5 /* PBXContainerItemProxy */ = { + DC00ABDD1D821F5600513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 52D82BDD16A621F70078DFE5; - remoteInfo = CloudKeychainProxy; + remoteGlobalIDString = DCC78EA81D8088E200865A7C; + remoteInfo = libsecurity; }; - 5346481A17331ED800FE9172 /* PBXContainerItemProxy */ = { + DC00ABDF1D821F5C00513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 5346480017331E1100FE9172; - remoteInfo = KeychainSyncAccountNotification; + remoteGlobalIDString = DC52E8BE1D80C25800B0A59C; + remoteInfo = libSecureObjectSync; }; - 5D403D3115C6FE9E0030D492 /* PBXContainerItemProxy */ = { + DC00ABE11D821F6000513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = utilities; + remoteGlobalIDString = DC52EDA61D80D58400B0A59C; + remoteInfo = libsecdRegressions; }; - 5DDD0BED16D6748900D6C0D6 /* PBXContainerItemProxy */ = { + DC00ABE31D821F6200513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 728B56A016D59979008FA3AB; - remoteInfo = OTAPKIAssetTool; + remoteGlobalIDString = DC52E7731D80BC8000B0A59C; + remoteInfo = libsecurityd; }; - 5E10995319A5E80B00A60E2B /* PBXContainerItemProxy */ = { + DC00ABED1D821FB700513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 5E10992419A5E55800A60E2B; - remoteInfo = ISACLProtectedItems; + remoteGlobalIDString = DC52E8BE1D80C25800B0A59C; + remoteInfo = libSecureObjectSync; }; - 5EE556BB1B01DFB5006F78F2 /* PBXContainerItemProxy */ = { + DC00ABEF1D821FBA00513D74 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 0C25A871122726540050C2BD /* regressions.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E710C6FD133192E900F85568; - remoteInfo = regressions; + remoteGlobalIDString = DC52EC601D80D0C400B0A59C; + remoteInfo = libSOSRegressions; }; - 5EE556BD1B01DFC6006F78F2 /* PBXContainerItemProxy */ = { + DC0B62951D90B6DB00D43BCB /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E702E73514E1F3EA00CDE635; - remoteInfo = libSecureObjectSync; + remoteGlobalIDString = DC1785041D77873100B50D50; + remoteInfo = copyHeadersToSystem; }; - 5EE556BF1B01DFD9006F78F2 /* PBXContainerItemProxy */ = { + DC0BC55A1D8B6D2E00070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 18D4056114CE53C200A2BE4E; - remoteInfo = libsecurityd; + remoteGlobalIDString = DC0BC5501D8B6D2D00070CB0; + remoteInfo = XPCKeychainSandboxCheck; }; - 5EE556C11B01DFE2006F78F2 /* PBXContainerItemProxy */ = { + DC0BC5781D8B6EE200070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = utilities; + remoteGlobalIDString = DC0BC5631D8B6E3D00070CB0; + remoteInfo = XPCTimeStampingService; }; - 5EF7C2551B00EEF900E5E99C /* PBXContainerItemProxy */ = { + DC0BC5AE1D8B714000070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 5EBE24791B00CCAE0007DB0E; - remoteInfo = secacltests; + remoteGlobalIDString = DC0BC5851D8B70E700070CB0; + remoteInfo = security_cdsa_utils; }; - 5EF7C2721B00EEF900E5E99C /* PBXContainerItemProxy */ = { + DC0BC5C01D8B72BB00070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 5EF7C20A1B00E25400E5E99C; - remoteInfo = secacltests; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BC5B01D8B71FD00070CB0; + remoteInfo = security_checkpw; }; - 795CA9850D38269B00BAE6A2 /* PBXContainerItemProxy */ = { + DC0BC5D11D8B732300070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 795CA97A0D38269B00BAE6A2 /* libsecurity_asn1.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 795CA7FF0D38013D00BAE6A2; - remoteInfo = libASN1; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BC5B01D8B71FD00070CB0; + remoteInfo = security_checkpw; }; - 79BDD39A0D60D5F9000D84D3 /* PBXContainerItemProxy */ = { + DC0BC5D71D8B73B000070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 79BDD3940D60D5F9000D84D3 /* libsecurity_smime.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4C817F8405ED4D7A007975E6; - remoteInfo = libsecurity_smime; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BC5B01D8B71FD00070CB0; + remoteInfo = security_checkpw; }; - 79BDD39C0D60D5F9000D84D3 /* PBXContainerItemProxy */ = { + DC0BC5F61D8B749000070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 79BDD3940D60D5F9000D84D3 /* libsecurity_smime.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 4C7FAB41056AC7A200FE0C44; - remoteInfo = security_smime; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BC5E21D8B742200070CB0; + remoteInfo = security_comcryption; }; - 79BDD39E0D60D5F9000D84D3 /* PBXContainerItemProxy */ = { + DC0BC7421D8B762F00070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 79BDD3940D60D5F9000D84D3 /* libsecurity_smime.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 79DC33620D4E6EEA0039E4BC; - remoteInfo = cms; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BC5F81D8B752B00070CB0; + remoteInfo = security_cryptkit; }; - BE197F621911742900BA91D1 /* PBXContainerItemProxy */ = { + DC0BC7BE1D8B784F00070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = BE197F2519116FD100BA91D1; - remoteInfo = KeychainViewService; + remoteGlobalIDString = DC0BC7451D8B771600070CB0; + remoteInfo = security_cssm; }; - BE442B9A18B7FD6700F24DAE /* PBXContainerItemProxy */ = { + DC0BC8C81D8B7D1C00070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = BEF9640618B4171200813FA3; - remoteInfo = libSWCAgent; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BC8981D8B7CBD00070CB0; + remoteInfo = security_filedb; }; - BE442B9E18B7FD7D00F24DAE /* PBXContainerItemProxy */ = { + DC0BC8F51D8B7DE700070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = BEF963FE18B4171200813FA3; - remoteInfo = libSWCAgent; + remoteGlobalIDString = DC0BC8CC1D8B7DA200070CB0; + remoteInfo = security_manifest; }; - BE442BAA18B7FDB800F24DAE /* PBXContainerItemProxy */ = { + DC0BC92B1D8B7EBB00070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = BEF963FE18B4171200813FA3; - remoteInfo = libSWCAgent; + remoteGlobalIDString = DC0BC8F91D8B7E8000070CB0; + remoteInfo = security_mds; }; - BE4AC9B318B8020400B84964 /* PBXContainerItemProxy */ = { + DC0BC9641D8B80D200070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = BE442BA018B7FDB800F24DAE; - remoteInfo = swcagent; + remoteGlobalIDString = DC0BC92E1D8B7F6A00070CB0; + remoteInfo = security_ocspd; }; - CD045E3D1A83F855005FA0AC /* PBXContainerItemProxy */ = { + DC0BC9981D8B814A00070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = utilities; + remoteGlobalIDString = DC0BC9661D8B810A00070CB0; + remoteInfo = security_pkcs12; }; - CD0637801A840C6400C81E74 /* PBXContainerItemProxy */ = { + DC0BC9C61D8B820000070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = CD276C261A83F60C003226BC; - remoteInfo = IDSKeychainSyncingProxy; + remoteGlobalIDString = DC0BC99A1D8B81BE00070CB0; + remoteInfo = security_sd_cspdl; }; - CD8B5AE61B618F1B004D4AEF /* PBXContainerItemProxy */ = { + DC0BCA751D8B82E900070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = BE48AE211ADF1DF4000836C1; - remoteInfo = trustd; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BC9C81D8B824700070CB0; + remoteInfo = security_ssl; }; - CD8B5AEB1B618F1B004D4AEF /* PBXContainerItemProxy */ = { + DC0BCA771D8B830900070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = BE8D228E1ABB7199009A4E18; - remoteInfo = libSecTrustOSX; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BCA131D8B82B000070CB0; + remoteInfo = security_ssl_regressions; }; - D40771E11C9B51830016AA66 /* PBXContainerItemProxy */ = { + DC0BCAFF1D8B85E500070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = D40771B81C9B4D200016AA66; - remoteInfo = libSharedRegressions; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BCA791D8B858600070CB0; + remoteInfo = security_transform; }; - D40771EA1C9B51D80016AA66 /* PBXContainerItemProxy */ = { + DC0BCB2F1D8B89AB00070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = D40771B71C9B4D200016AA66; - remoteInfo = libSharedRegressions; + remoteGlobalIDString = DC0BCB011D8B894F00070CB0; + remoteInfo = security_translocate; }; - D40771EC1C9B51E30016AA66 /* PBXContainerItemProxy */ = { + DC0BCC1B1D8C655900070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = D40771B71C9B4D200016AA66; - remoteInfo = libSharedRegressions; + remoteGlobalIDString = DC0BCBD91D8C648C00070CB0; + remoteInfo = regressionHarness; }; - D41AD4391B96721E008C7270 /* PBXContainerItemProxy */ = { + DC0BCDB61D8C6AD100070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 790851B50CA9859F0083CC4D; - remoteInfo = securityd; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = iOSutilities; }; - D41AD43B1B96723B008C7270 /* PBXContainerItemProxy */ = { + DC0BCDB81D8C6AE000070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E710C7411331946400F85568; - remoteInfo = SecurityTests; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = iOSutilities; }; - D41AD43D1B967242008C7270 /* PBXContainerItemProxy */ = { + DC0BCDBA1D8C6AF000070CB0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 0C0BDB2E175685B000BC1A7E; - remoteInfo = secdtests; + remoteGlobalIDString = DC0BCCF41D8C694700070CB0; + remoteInfo = iOSutilitiesRegressions; }; - D41AD43F1B96724C008C7270 /* PBXContainerItemProxy */ = { + DC1002C81D8E19D70025549C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + containerPortal = DC1784AE1D7786C700B50D50 /* libsecurity_cms.xcodeproj */; + proxyType = 2; + remoteGlobalIDString = 4CA1FEBE052A3C8100F22E42; + remoteInfo = libsecurity_cms; + }; + DC1002CA1D8E19D70025549C /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = DC1784AE1D7786C700B50D50 /* libsecurity_cms.xcodeproj */; + proxyType = 2; + remoteGlobalIDString = D4C3345C1BE2A2B100D8C1EF; + remoteInfo = libsecurity_cms_regressions; + }; + DC1002D21D8E19F20025549C /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 79BDD3940D60D5F9000D84D3 /* libCMS.xcodeproj */; + proxyType = 2; + remoteGlobalIDString = 4C817F8405ED4D7A007975E6; + remoteInfo = libsecurity_smime; + }; + DC1002D41D8E19F20025549C /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 79BDD3940D60D5F9000D84D3 /* libCMS.xcodeproj */; + proxyType = 2; + remoteGlobalIDString = 4C7FAB41056AC7A200FE0C44; + remoteInfo = security_smime; + }; + DC1002D61D8E19F20025549C /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 79BDD3940D60D5F9000D84D3 /* libCMS.xcodeproj */; + proxyType = 2; + remoteGlobalIDString = 79DC33620D4E6EEA0039E4BC; + remoteInfo = libCMS; + }; + DC1784481D77869A00B50D50 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = DC1784421D77869A00B50D50 /* libsecurity_smime.xcodeproj */; + proxyType = 2; + remoteGlobalIDString = 4C817F8405ED4D7A007975E6; + remoteInfo = libsecurity_smime; + }; + DC17844A1D77869A00B50D50 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = DC1784421D77869A00B50D50 /* libsecurity_smime.xcodeproj */; + proxyType = 2; + remoteGlobalIDString = AC62F5F018B4356A00704BBD; + remoteInfo = libsecurity_smime_regressions; + }; + DC1789781D779C6700B50D50 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = DC1784421D77869A00B50D50 /* libsecurity_smime.xcodeproj */; proxyType = 1; - remoteGlobalIDString = 0C6799F912F7C37C00712919; - remoteInfo = dtlsTests; + remoteGlobalIDString = 4C2741ED03E9FBF700A80181; + remoteInfo = libsecurity_smime; }; - D41AD4411B97866C008C7270 /* PBXContainerItemProxy */ = { + DC178BF21D77ABE300B50D50 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 7913B1FF0D172B3900601FE9; - remoteInfo = sslServer; + remoteGlobalIDString = DC1789031D77980500B50D50; + remoteInfo = Security_osx; }; - D41AD4431B978681008C7270 /* PBXContainerItemProxy */ = { + DC3A4B6A1D91EBEE00E46D4A /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 4C9DE9D11181AC4800CF5C27; - remoteInfo = sslEcdsa; + remoteGlobalIDString = DC3A4B571D91E9FB00E46D4A; + remoteInfo = CodeSigningHelper; }; - D41AD4451B9786A3008C7270 /* PBXContainerItemProxy */ = { + DC52E84A1D80BF1100B0A59C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 4CB740A20A47567C00D641BB; - remoteInfo = securitytool; + remoteGlobalIDString = DC52E7731D80BC8000B0A59C; + remoteInfo = libsecurityd; }; - D41AD4491B9786D8008C7270 /* PBXContainerItemProxy */ = { + DC52E8BC1D80C23300B0A59C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = F93C49021AB8FCE00047E01A; - remoteInfo = ckcdiagnose.sh; + remoteGlobalIDString = DC52E88A1D80C1EB00B0A59C; + remoteInfo = libsecipc_client; }; - D41AD44B1B9786E2008C7270 /* PBXContainerItemProxy */ = { + DC52E9A21D80C5EE00B0A59C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 5EBE24791B00CCAE0007DB0E; - remoteInfo = secacltests; + remoteGlobalIDString = DC52E8BE1D80C25800B0A59C; + remoteInfo = libSecureObjectSync; }; - D41AD44D1B978791008C7270 /* PBXContainerItemProxy */ = { + DC52EAA41D80CCF600B0A59C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 5E10992419A5E55800A60E2B; - remoteInfo = ISACLProtectedItems; + remoteGlobalIDString = DC52EA441D80CB7000B0A59C; + remoteInfo = libSecurityTool; }; - D41AD4511B9788B2008C7270 /* PBXContainerItemProxy */ = { + DC52EC1F1D80CF7400B0A59C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 52D82BDD16A621F70078DFE5; - remoteInfo = CloudKeychainProxy; + remoteGlobalIDString = DC52EBC61D80CEF100B0A59C; + remoteInfo = libSecurityCommands; }; - D41AD4591B978944008C7270 /* PBXContainerItemProxy */ = { + DC52EC3C1D80CFF000B0A59C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 728B56A016D59979008FA3AB; - remoteInfo = OTAPKIAssetTool; + remoteGlobalIDString = DC52EC211D80CFB200B0A59C; + remoteInfo = libSOSCommands; }; - D41AD45B1B978A7A008C7270 /* PBXContainerItemProxy */ = { + DC52EC501D80D03100B0A59C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 790851B50CA9859F0083CC4D; - remoteInfo = securityd; + remoteGlobalIDString = DC52EC3E1D80D00800B0A59C; + remoteInfo = libSWCAgent; }; - D41AD45D1B978A7C008C7270 /* PBXContainerItemProxy */ = { + DC52EC5E1D80D08100B0A59C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 4CB740A20A47567C00D641BB; - remoteInfo = securitytool; + remoteGlobalIDString = DC52EC521D80D05200B0A59C; + remoteInfo = liblogging; }; - D41AD45F1B978E18008C7270 /* PBXContainerItemProxy */ = { + DC52EC7C1D80D18800B0A59C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E710C7411331946400F85568; - remoteInfo = SecurityTests; + remoteGlobalIDString = DC52EC601D80D0C400B0A59C; + remoteInfo = libSOSRegressions; }; - D41AD4611B978E24008C7270 /* PBXContainerItemProxy */ = { + DC52ECEB1D80D34C00B0A59C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 0C0BDB2E175685B000BC1A7E; - remoteInfo = secdtests; + remoteGlobalIDString = DC52EC7E1D80D1A800B0A59C; + remoteInfo = libSecurityRegressions; }; - D41AD4651B978F19008C7270 /* PBXContainerItemProxy */ = { + DC52EDA21D80D55300B0A59C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 0C6799F912F7C37C00712919; - remoteInfo = dtlsTests; + remoteGlobalIDString = DC52ED631D80D4CD00B0A59C; + remoteInfo = libiOSsecuritydRegressions; }; - D41AD4671B978F20008C7270 /* PBXContainerItemProxy */ = { + DC52EDFB1D80D67C00B0A59C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 7913B1FF0D172B3900601FE9; - remoteInfo = sslServer; + remoteGlobalIDString = DC52EDA61D80D58400B0A59C; + remoteInfo = libsecdRegressions; }; - D41AD4691B978F24008C7270 /* PBXContainerItemProxy */ = { + DC52EE621D80D7D900B0A59C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 4CE5A54C09C796E100D27A3F; - remoteInfo = sslViewer; + remoteGlobalIDString = DC52EDFD1D80D6DD00B0A59C; + remoteInfo = libSharedRegressions; }; - D41AD46B1B978F28008C7270 /* PBXContainerItemProxy */ = { + DC52EE641D80D7F000B0A59C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 4C9DE9D11181AC4800CF5C27; - remoteInfo = sslEcdsa; + remoteGlobalIDString = DC52EDFD1D80D6DD00B0A59C; + remoteInfo = libSharedRegressions; }; - D41AD46D1B978F4C008C7270 /* PBXContainerItemProxy */ = { + DC52EE7D1D80D8B100B0A59C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 5EBE24791B00CCAE0007DB0E; - remoteInfo = secacltests; + remoteGlobalIDString = DC52EE661D80D82600B0A59C; + remoteInfo = libSecItemShimOSX; }; - D41AD4711B978F76008C7270 /* PBXContainerItemProxy */ = { + DC58C4291D77BE03003C25A4 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 728B56A016D59979008FA3AB; - remoteInfo = OTAPKIAssetTool; + remoteGlobalIDString = DC1789031D77980500B50D50; + remoteInfo = Security_osx; }; - D42FA86F1C9B9081003E46A7 /* PBXContainerItemProxy */ = { + DC58C4421D77C1F8003C25A4 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = D42FA8241C9B8D3C003E46A7; - remoteInfo = SecurityTestsOSX; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC58C4221D77BDEA003C25A4; + remoteInfo = csparser_osx; }; - D447C4E41D31CA540082FC1D /* PBXContainerItemProxy */ = { + DC59E9A51D91C710001BDDF5 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 79BDD3940D60D5F9000D84D3 /* libsecurity_smime.xcodeproj */; + containerPortal = 79BDD3940D60D5F9000D84D3 /* libCMS.xcodeproj */; proxyType = 1; remoteGlobalIDString = D447C4DB1D31C9DD0082FC1D; remoteInfo = libCMSInstall; }; - D447C4E61D31CA650082FC1D /* PBXContainerItemProxy */ = { + DC59E9A81D91C7CC001BDDF5 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 79BDD3940D60D5F9000D84D3 /* libsecurity_smime.xcodeproj */; + containerPortal = 79BDD3940D60D5F9000D84D3 /* libCMS.xcodeproj */; proxyType = 1; remoteGlobalIDString = 79DC33610D4E6EEA0039E4BC; remoteInfo = libCMS; }; - D46B07721C8FAFA900B5939A /* PBXContainerItemProxy */ = { + DC59EA401D91CAAA001BDDF5 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C8786A10B03E05D00BB77D4 /* libDER.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 053BA313091C00BF00A7007A; - remoteInfo = libDER; + remoteGlobalIDString = DC59E9AC1D91C9DC001BDDF5; + remoteInfo = DER; }; - D46B07FF1C8FBE3300B5939A /* PBXContainerItemProxy */ = { + DC59EA421D91CAAE001BDDF5 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C8786A10B03E05D00BB77D4 /* libDER.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = D46B07EB1C8FBDC600B5939A; - remoteInfo = libDERHeaders; + remoteGlobalIDString = DC59EA0E1D91CA15001BDDF5; + remoteInfo = DERUtils; }; - D46B08A51C8FD8CF00B5939A /* PBXContainerItemProxy */ = { + DC59EA541D91CAF0001BDDF5 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 795CA97A0D38269B00BAE6A2 /* libsecurity_asn1.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = D46B08791C8FCA5000B5939A; - remoteInfo = libASN1Install; + remoteGlobalIDString = DC59EA0E1D91CA15001BDDF5; + remoteInfo = DERUtils; }; - D4DC13891C8F738A00175415 /* PBXContainerItemProxy */ = { + DC59EA561D91CAF0001BDDF5 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C8786A10B03E05D00BB77D4 /* libDER.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 053BA313091C00BF00A7007A; - remoteInfo = libDER; - }; - E7098DB21A3A53E000CBD4B3 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 37A7CEAB197DB8FA00926CE8; - remoteInfo = codesign_tests; + remoteGlobalIDString = DC59E9AC1D91C9DC001BDDF5; + remoteInfo = DER; }; - E7104A02169E038F00DB0045 /* PBXContainerItemProxy */ = { + DC59EA661D91CB9F001BDDF5 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E71049F1169E023B00DB0045; - remoteInfo = libSecurityTool; + remoteGlobalIDString = DC59E9AC1D91C9DC001BDDF5; + remoteInfo = DER; }; - E7104A05169E038F00DB0045 /* PBXContainerItemProxy */ = { + DC59EA751D91CC5E001BDDF5 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = E71049F2169E023B00DB0045; - remoteInfo = libSecurityTool; - }; - E7104A1F169E21C000DB0045 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E7104A12169E216E00DB0045; - remoteInfo = libSecurityCommands; + remoteGlobalIDString = DC59E9AC1D91C9DC001BDDF5; + remoteInfo = DER; }; - E7104A22169E21C000DB0045 /* PBXContainerItemProxy */ = { + DC59EA781D91CC78001BDDF5 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = E7104A1D169E216E00DB0045; - remoteInfo = libSecurityCommands; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC59E9AC1D91C9DC001BDDF5; + remoteInfo = DER; }; - E710C707133192EA00F85568 /* PBXContainerItemProxy */ = { + DC59EA7C1D91CCAA001BDDF5 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 0C25A871122726540050C2BD /* regressions.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = E710C6FE133192E900F85568; - remoteInfo = regressions; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC59E9AC1D91C9DC001BDDF5; + remoteInfo = DER; }; - E717A1471A7880440021E134 /* PBXContainerItemProxy */ = { + DC59EA801D91CD16001BDDF5 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 37AB390F1A44A88000B56E04; - remoteInfo = gk_reset_check; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC59E9AC1D91C9DC001BDDF5; + remoteInfo = DER; }; - E74583BD1BF66489001B54A4 /* PBXContainerItemProxy */ = { + DC59EA831D91CD2C001BDDF5 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 52D82BDD16A621F70078DFE5; - remoteInfo = CloudKeychainProxy; + remoteGlobalIDString = DC59E9AC1D91C9DC001BDDF5; + remoteInfo = DER; }; - E745841E1BF66525001B54A4 /* PBXContainerItemProxy */ = { + DC59EA861D91CD76001BDDF5 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 186F778C14E59FDA00434E1F; - remoteInfo = Security_executables; + remoteGlobalIDString = DC59E9AC1D91C9DC001BDDF5; + remoteInfo = DER; }; - E745846C1BF68ECB001B54A4 /* PBXContainerItemProxy */ = { + DC59EA891D91CD89001BDDF5 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 05EF68BB194915A5007958C3; - remoteInfo = Security_executables; + remoteGlobalIDString = DC59E9AC1D91C9DC001BDDF5; + remoteInfo = DER; }; - E745846E1BF68ECB001B54A4 /* PBXContainerItemProxy */ = { + DC59EA8C1D91CDB9001BDDF5 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 05EF68C1194915FB007958C3; - remoteInfo = Security_kexts; + remoteGlobalIDString = DC59E9AC1D91C9DC001BDDF5; + remoteInfo = DER; }; - E74584701BF68ECB001B54A4 /* PBXContainerItemProxy */ = { + DC59EA8F1D91CDC6001BDDF5 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 05EF68AF1949149C007958C3; - remoteInfo = Security_temporary_UI; + remoteGlobalIDString = DC59E9AC1D91C9DC001BDDF5; + remoteInfo = DER; }; - E749F26F1D18C284006C2B27 /* PBXContainerItemProxy */ = { + DC59EA921D91CDD6001BDDF5 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E742A09B14E343E70052A486; - remoteInfo = utilities; + remoteGlobalIDString = DC59E9AC1D91C9DC001BDDF5; + remoteInfo = DER; }; - E75C27701C98D40500F7E12A /* PBXContainerItemProxy */ = { + DC59EA951D91CDEE001BDDF5 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 795CA97A0D38269B00BAE6A2 /* libsecurity_asn1.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 795CA7FE0D38013D00BAE6A2; - remoteInfo = libASN1; + remoteGlobalIDString = DC59E9AC1D91C9DC001BDDF5; + remoteInfo = DER; }; - E75C27761C98D44300F7E12A /* PBXContainerItemProxy */ = { + DC59EA981D91CE8C001BDDF5 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 795CA97A0D38269B00BAE6A2 /* libsecurity_asn1.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 795CA7FE0D38013D00BAE6A2; - remoteInfo = libASN1; + remoteGlobalIDString = DC59E9AC1D91C9DC001BDDF5; + remoteInfo = DER; }; - E75E498E1C8F79BB0001A34F /* PBXContainerItemProxy */ = { + DC5ABE1B1D832F5E00CF422C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 18270F5414CF651900B05E7F; - remoteInfo = libsecipc_client; + remoteGlobalIDString = DC5ABDC41D832DAB00CF422C; + remoteInfo = securitytool_macos; }; - E76079DA1951FDBF00F69731 /* PBXContainerItemProxy */ = { + DC5AC0B41D83533400CF422C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = DC5AC0AD1D83533400CF422C /* securityd_service.xcodeproj */; proxyType = 2; - remoteGlobalIDString = E76079D21951FD2800F69731; - remoteInfo = liblogging; - }; - E76079FB1951FE1F00F69731 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E76079971951FD2800F69731; - remoteInfo = liblogging; + remoteGlobalIDString = 189D4635166AC95C001D8533; + remoteInfo = securityd_service; }; - E777C71415B63C0B004044A8 /* PBXContainerItemProxy */ = { + DC5AC0B61D83533400CF422C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = DC5AC0AD1D83533400CF422C /* securityd_service.xcodeproj */; proxyType = 2; - remoteGlobalIDString = 4A5CCA4F15ACEFA500702357; - remoteInfo = libSecOtrOSX; + remoteGlobalIDString = 189D465B166C15C1001D8533; + remoteInfo = securitydservicectrl; }; - E79D3388135CBEB1005777CF /* PBXContainerItemProxy */ = { + DC5AC0B81D83533400CF422C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 0C25A871122726540050C2BD /* regressions.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = E710C6FD133192E900F85568; - remoteInfo = regressions; + containerPortal = DC5AC0AD1D83533400CF422C /* securityd_service.xcodeproj */; + proxyType = 2; + remoteGlobalIDString = 1843240E1714797D00196B52; + remoteInfo = securitydservice_client; }; - E79D9CD4159BEA78000834EC /* PBXContainerItemProxy */ = { + DC5AC0BA1D83533400CF422C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = DC5AC0AD1D83533400CF422C /* securityd_service.xcodeproj */; proxyType = 2; - remoteGlobalIDString = 4A824B03158FF07000F932C0; - remoteInfo = libSecOTRRegressions; + remoteGlobalIDString = 18F4808E17497521009724DB; + remoteInfo = KeyStoreEvents; }; - E79EEDD61CD3F9F800C2FBFC /* PBXContainerItemProxy */ = { + DC5AC0BC1D83533E00CF422C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + containerPortal = DC5AC0AD1D83533400CF422C /* securityd_service.xcodeproj */; proxyType = 1; - remoteGlobalIDString = 0C7CFA2E14E1BA4800DF9D95; - remoteInfo = Security_frameworks_ios; + remoteGlobalIDString = 1843240D1714797D00196B52; + remoteInfo = securitydservice_client; }; - E79EEDDC1CD3FFE300C2FBFC /* PBXContainerItemProxy */ = { + DC5AC0BE1D83534300CF422C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; + containerPortal = DC5AC0AD1D83533400CF422C /* securityd_service.xcodeproj */; proxyType = 1; - remoteGlobalIDString = 186F778814E59FB200434E1F; - remoteInfo = Security_frameworks; + remoteGlobalIDString = 189D4634166AC95C001D8533; + remoteInfo = securityd_service; }; - E79EEDDE1CD3FFEA00C2FBFC /* PBXContainerItemProxy */ = { + DC5AC12E1D8356DA00CF422C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E79EEDD81CD3FFC800C2FBFC; - remoteInfo = Security_frameworks_macos; + remoteGlobalIDString = DC5AC04F1D8352D900CF422C; + remoteInfo = securityd_macos; }; - E79EEDE41CD4001300C2FBFC /* PBXContainerItemProxy */ = { + DC5AC1331D835C2300CF422C /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 05EF68BB194915A5007958C3; - remoteInfo = Security_executables_macos; + remoteGlobalIDString = DC1785041D77873100B50D50; + remoteInfo = copyHeadersToSystem; }; - E79EEDE61CD4003900C2FBFC /* PBXContainerItemProxy */ = { + DC61096A1D78E60C002223DE /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E79EEDD81CD3FFC800C2FBFC; - remoteInfo = Security_frameworks_macos; + remoteGlobalIDString = 5EBE24791B00CCAE0007DB0E; + remoteInfo = secacltests; }; - E7B01B8316572132000485F1 /* PBXContainerItemProxy */ = { + DC61096C1D78E72C002223DE /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E702E73514E1F3EA00CDE635; - remoteInfo = libSecureObjectSync; + remoteGlobalIDString = EB9C1D791BDFD0E000F89272; + remoteInfo = secbackupntest; }; - E7B01BBF166594AB000485F1 /* PBXContainerItemProxy */ = { + DC610A371D78F15C002223DE /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E702E73514E1F3EA00CDE635; - remoteInfo = libSecureObjectSync; + remoteGlobalIDString = DC610A021D78F129002223DE; + remoteInfo = secdtests_macos; }; - E7B01BC1166594AB000485F1 /* PBXContainerItemProxy */ = { + DC610A411D78F3A5002223DE /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E702E75714E1F48800CDE635; - remoteInfo = libSOSRegressions; + remoteGlobalIDString = F93C49021AB8FCE00047E01A; + remoteInfo = ckcdiagnose.sh; }; - E7CFF6701C84F62900E3484E /* PBXContainerItemProxy */ = { + DC610A531D78F759002223DE /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E7D847C41C6BE9710025BB44; - remoteInfo = KeychainCircle; + remoteGlobalIDString = DC610A461D78F48F002223DE; + remoteInfo = SecTaskTest_macos; }; - E7CFF6721C84F62900E3484E /* PBXContainerItemProxy */ = { + DC610A6B1D78FAA2002223DE /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E7D847CD1C6BE9720025BB44; - remoteInfo = KeychainCircleTests; + remoteGlobalIDString = DC610A551D78F9D2002223DE; + remoteInfo = codesign_tests_macos; }; - E7CFF6741C84F65D00E3484E /* PBXContainerItemProxy */ = { + DC610ABB1D791139002223DE /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E7CFF6471C84F61200E3484E; - remoteInfo = Security_KeychainCircle; + remoteGlobalIDString = DC610AAD1D7910C3002223DE; + remoteInfo = gk_reset_check_macos; }; - E7CFF6761C84F66A00E3484E /* PBXContainerItemProxy */ = { + DC63CAF21D90DF6000C03317 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E7CFF6471C84F61200E3484E; - remoteInfo = Security_KeychainCircle; + remoteGlobalIDString = DC63CAE81D90D63500C03317; + remoteInfo = libsecurityd_macos_mig; }; - E7D847D01C6BE9720025BB44 /* PBXContainerItemProxy */ = { + DC63CAF41D90DF6700C03317 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E7D847C41C6BE9710025BB44; - remoteInfo = KeychainCircle; + remoteGlobalIDString = DC63CAE81D90D63500C03317; + remoteInfo = libsecurityd_macos_mig; }; - E7E0C73C1C90EE0000E69A21 /* PBXContainerItemProxy */ = { + DC63CAF61D90DF7000C03317 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C8786A10B03E05D00BB77D4 /* libDER.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 053BA313091C00BF00A7007A; - remoteInfo = libDER; + remoteGlobalIDString = DC63CAE81D90D63500C03317; + remoteInfo = libsecurityd_macos_mig; }; - E7E0C73E1C90EE0500E69A21 /* PBXContainerItemProxy */ = { + DC63CAF91D91A16700C03317 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 795CA97A0D38269B00BAE6A2 /* libsecurity_asn1.xcodeproj */; + containerPortal = DC1784AE1D7786C700B50D50 /* libsecurity_cms.xcodeproj */; proxyType = 1; - remoteGlobalIDString = 795CA7FE0D38013D00BAE6A2; - remoteInfo = libASN1; + remoteGlobalIDString = D4C3345B1BE2A2B100D8C1EF; + remoteInfo = libsecurity_cms_regressions; }; - E7E0D8FA158FAB3B002CA176 /* PBXContainerItemProxy */ = { + DC65E7211D8CB27900152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E7E0D8E8158FA9A3002CA176; - remoteInfo = libutilitiesRegressions; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = iOSutilities; }; - E7E0D8FD158FAB3B002CA176 /* PBXContainerItemProxy */ = { + DC65E7251D8CB2E100152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = E7E0D8F9158FA9A3002CA176; - remoteInfo = libutilitiesRegressions; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = iOSutilities; }; - E7E0D8FF158FAB52002CA176 /* PBXContainerItemProxy */ = { + DC65E7281D8CB2F400152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E7E0D8E8158FA9A3002CA176; - remoteInfo = libutilitiesRegressions; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = iOSutilities; }; - E7E7B21F1BFA865300B1E66B /* PBXContainerItemProxy */ = { + DC65E72B1D8CB31200152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 05EF687F1949143A007958C3 /* securityd.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = AA6D4B890E6F3BB80050206D; - remoteInfo = securityd; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = iOSutilities; }; - E7E7B24A1BFC0CD900B1E66B /* PBXContainerItemProxy */ = { + DC65E72E1D8CB32400152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = CD276C261A83F60C003226BC; - remoteInfo = IDSKeychainSyncingProxy; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = iOSutilities; }; - E7EE5A33139DC042005C78BE /* PBXContainerItemProxy */ = { + DC65E7321D8CB34000152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 4C8786A10B03E05D00BB77D4 /* libDER.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 053BA313091C00BF00A7007A; - remoteInfo = libDER; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = iOSutilities; }; - E7FEFB8E169E36B000E18152 /* PBXContainerItemProxy */ = { + DC65E7381D8CB38300152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = E7FEFB8C169E363300E18152; - remoteInfo = libSOSCommands; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCB3417B1D8A2B860054D16E; + remoteInfo = security_cdsa_utilities; }; - E7FEFB92169E377900E18152 /* PBXContainerItemProxy */ = { + DC65E73A1D8CB39300152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = E7FEFB82169E363300E18152; - remoteInfo = libSOSCommands; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = iOSutilities; }; - EB31EA821D3EF2FB008F952A /* PBXContainerItemProxy */ = { + DC65E73D1D8CB3C100152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 5346480017331E1100FE9172; - remoteInfo = KeychainSyncAccountNotification; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = utilities; }; - EB3A8E001BEEC6F3001A89AA /* PBXContainerItemProxy */ = { + DC65E73F1D8CB3CD00152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = EB9C1D791BDFD0E000F89272; - remoteInfo = secbackupntest; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = utilities; }; - EB425CD01C6585F1000ECE53 /* PBXContainerItemProxy */ = { + DC65E7411D8CB3D400152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = EB425C9E1C65846D000ECE53; - remoteInfo = secbackuptest; + remoteGlobalIDString = DC8834011D8A218F00CE0ACA; + remoteInfo = ASN1; }; - EB433A2B1CC3252A00A7EACE /* PBXContainerItemProxy */ = { + DC65E7431D8CB3E000152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = EB433A201CC3243600A7EACE; - remoteInfo = secitemstresstest; + remoteGlobalIDString = DC8834011D8A218F00CE0ACA; + remoteInfo = ASN1; }; - EB63ADE01C3E74F900C45A69 /* PBXContainerItemProxy */ = { + DC65E7451D8CB3E700152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = EB0BC9361C3C791500785842; - remoteInfo = secedumodetest; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = utilities; }; - EB6A6FAC1B90F84D0045DC68 /* PBXContainerItemProxy */ = { + DC65E7471D8CB3F000152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 0C7CFA2E14E1BA4800DF9D95; - remoteInfo = Security_frameworks_ios; + remoteGlobalIDString = DC0BCA131D8B82B000070CB0; + remoteInfo = security_ssl_regressions; }; - EB6A6FB21B90F89F0045DC68 /* PBXContainerItemProxy */ = { + DC65E7491D8CB3FE00152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 790851B50CA9859F0083CC4D; - remoteInfo = securityd; + remoteGlobalIDString = DC0BCBD91D8C648C00070CB0; + remoteInfo = regressionBase; }; - EB6A6FB81B90F8D70045DC68 /* PBXContainerItemProxy */ = { + DC65E74B1D8CB40C00152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 4C541F840F250BF500E508AE; - remoteInfo = Security_executables_ios; + remoteGlobalIDString = DC0BCCF41D8C694700070CB0; + remoteInfo = utilitiesRegressions; }; - EB6A6FBA1B90F8EC0045DC68 /* PBXContainerItemProxy */ = { + DC65E74D1D8CB41E00152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 0C7CFA2E14E1BA4800DF9D95; - remoteInfo = Security_frameworks_ios; + remoteGlobalIDString = DC8834011D8A218F00CE0ACA; + remoteInfo = ASN1; }; - EB6A6FBC1B90F9170045DC68 /* PBXContainerItemProxy */ = { + DC65E74F1D8CB42700152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 4C32C0AE0A4975F6002891BD; - remoteInfo = Security; + remoteGlobalIDString = DC0BCA131D8B82B000070CB0; + remoteInfo = security_ssl_regressions; }; - EB9C1DB61BDFD51800F89272 /* PBXContainerItemProxy */ = { + DC65E7511D8CB45300152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = EB9C1DAE1BDFD4DE00F89272; - remoteInfo = SecurityBatsTests; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = utilities; }; - EB9FE08C1BFBC48F004FEAAF /* PBXContainerItemProxy */ = { + DC65E7531D8CB46100152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = EB9C1DAE1BDFD4DE00F89272; - remoteInfo = SecurityBatsTests; + remoteGlobalIDString = DC0BCBD91D8C648C00070CB0; + remoteInfo = regressionBase; }; - EB9FE0B51BFBC499004FEAAF /* PBXContainerItemProxy */ = { + DC65E7551D8CB47600152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = EB9C1DAE1BDFD4DE00F89272; - remoteInfo = SecurityBatsTests; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = utilities; }; - EBA9AA881CE3E76C004E2B68 /* PBXContainerItemProxy */ = { + DC65E7571D8CB47D00152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = EBA9AA7D1CE30E58004E2B68; - remoteInfo = secitemnotifications; + remoteGlobalIDString = DC0BCBD91D8C648C00070CB0; + remoteInfo = regressionBase; }; - EBB696D31BE2085700715F16 /* PBXContainerItemProxy */ = { + DC65E7591D8CB48900152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = EB9C1D791BDFD0E000F89272; - remoteInfo = secbackupntest; + remoteGlobalIDString = DC8834011D8A218F00CE0ACA; + remoteInfo = ASN1; }; - EBB697121BE20C7600715F16 /* PBXContainerItemProxy */ = { + DC65E75B1D8CB49200152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; - containerPortal = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = EBB697041BE208FC00715F16; - remoteInfo = secbackupntest; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BCBD91D8C648C00070CB0; + remoteInfo = regressionBase; }; - EBBE205B1C21382F00B7A639 /* PBXContainerItemProxy */ = { + DC65E75D1D8CB49A00152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = EBBE20571C21380100B7A639; - remoteInfo = SecurityFeatures; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = utilities; }; - EBC15EA81BE29AC3001C0C5B /* PBXContainerItemProxy */ = { + DC65E75F1D8CB4A300152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = EB9C1DAE1BDFD4DE00F89272; - remoteInfo = SecurityBatsTests; + remoteGlobalIDString = DC8834011D8A218F00CE0ACA; + remoteInfo = ASN1; }; - EBCF743E1CE593A700BED7CA /* PBXContainerItemProxy */ = { + DC65E7611D8CB4AA00152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = EBCF73F31CE45F9C00BED7CA; - remoteInfo = secitemfunctionality; + remoteGlobalIDString = DC0BCBD91D8C648C00070CB0; + remoteInfo = regressionBase; }; - EBD849351B242C8900C5FD1E /* PBXContainerItemProxy */ = { + DC65E7631D8CB4B100152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = 4CE5A54C09C796E100D27A3F; - remoteInfo = sslViewer; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = utilities; }; - F94E7AE11ACC8E7700F23132 /* PBXContainerItemProxy */ = { + DC65E7651D8CB4C200152EF0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 4C35DB69094F906D002917C4 /* Project object */; proxyType = 1; - remoteGlobalIDString = F93C49021AB8FCE00047E01A; - remoteInfo = ckcdiagnose.sh; + remoteGlobalIDString = DC0BCBD91D8C648C00070CB0; + remoteInfo = regressionBase; }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXCopyFilesBuildPhase section */ - 0C0BDB2D175685B000BC1A7E /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = /usr/share/man/man1/; - dstSubfolderSpec = 0; - files = ( - ); - runOnlyForDeploymentPostprocessing = 1; + DC65E7671D8CB4CB00152EF0 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCB343AD1D8A34FD0054D16E; + remoteInfo = security_keychain_regressions; }; - 4814D8691CAA059E002FFC36 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /System/Library/Preferences/Logging/Subsystems; - dstSubfolderSpec = 0; - files = ( - 486326311CAA0C0F00A466D9 /* com.apple.securityd.plist in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; + DC65E7691D8CB4D300152EF0 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BCA131D8B82B000070CB0; + remoteInfo = security_ssl_regressions; }; - 4C50AD081410673800EE92DE /* Copy DigiNotar Resources */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = DigiNotar; - dstSubfolderSpec = 7; - files = ( - 4C50AD0C1410679000EE92DE /* Invalid-asterisk.google.com.crt in Copy DigiNotar Resources */, - 4C50AD0D1410679000EE92DE /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar Resources */, - 4C50AD0E1410679000EE92DE /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar Resources */, - 4C50AD0F1410679000EE92DE /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar Resources */, - 4C50AD101410679000EE92DE /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar Resources */, - 4C50AD111410679000EE92DE /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar Resources */, - 4C50AD121410679000EE92DE /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar Resources */, - 4C50AD131410679000EE92DE /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar Resources */, - 4C50AD141410679000EE92DE /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar Resources */, - 4C50AD151410679000EE92DE /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar Resources */, - 4C8B91C91416ED7E00A254E2 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar Resources */, - 4C8B91CA1416ED7E00A254E2 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt in Copy DigiNotar Resources */, - 4C8B91CB1416ED7E00A254E2 /* Invalid-diginotarpkioverheidcaoverheid.crt in Copy DigiNotar Resources */, - 4C8B91CC1416ED7E00A254E2 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt in Copy DigiNotar Resources */, - 4C8B91CD1416ED7E00A254E2 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt in Copy DigiNotar Resources */, - 4C8B91CF1416ED7E00A254E2 /* staatdernederlandenorganisatieca-g2-Cert.crt in Copy DigiNotar Resources */, - 4C8B91D01416ED7E00A254E2 /* staatdernederlandenoverheidca-Cert.crt in Copy DigiNotar Resources */, - 4C8B91D11416ED7E00A254E2 /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar Resources */, - ); - name = "Copy DigiNotar Resources"; - runOnlyForDeploymentPostprocessing = 0; + DC65E76B1D8CB4DF00152EF0 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = utilities; }; - 4C50AD091410675400EE92DE /* Copy DigiNotar-Entrust Resources */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = "DigiNotar-Entrust"; - dstSubfolderSpec = 7; - files = ( - 4C50AD181410679900EE92DE /* Invalid-asterisk.google.com.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD191410679900EE92DE /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD1A1410679900EE92DE /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD1B1410679900EE92DE /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD1C1410679900EE92DE /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD1D1410679900EE92DE /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD1E1410679900EE92DE /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD1F1410679900EE92DE /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD201410679900EE92DE /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD211410679900EE92DE /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD221410679900EE92DE /* diginotar.root.ca-entrust-secure-server-Cert.crt in Copy DigiNotar-Entrust Resources */, - 4C8B91D21416ED8E00A254E2 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar-Entrust Resources */, - 4C8B91D31416ED8E00A254E2 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt in Copy DigiNotar-Entrust Resources */, - 4C8B91D41416ED8E00A254E2 /* Invalid-diginotarpkioverheidcaoverheid.crt in Copy DigiNotar-Entrust Resources */, - 4C8B91D51416ED8E00A254E2 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt in Copy DigiNotar-Entrust Resources */, - 4C8B91D61416ED8E00A254E2 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt in Copy DigiNotar-Entrust Resources */, - 4C8B91D81416ED8E00A254E2 /* staatdernederlandenorganisatieca-g2-Cert.crt in Copy DigiNotar-Entrust Resources */, - 4C8B91D91416ED8E00A254E2 /* staatdernederlandenoverheidca-Cert.crt in Copy DigiNotar-Entrust Resources */, - 4C8B91DA1416ED8E00A254E2 /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar-Entrust Resources */, - ); - name = "Copy DigiNotar-Entrust Resources"; - runOnlyForDeploymentPostprocessing = 0; + DC65E76D1D8CB4E600152EF0 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = utilities; }; - 4C50AD0A1410676300EE92DE /* Copy DigiNotar-ok Resources */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = "DigiNotar-ok"; - dstSubfolderSpec = 7; - files = ( - 4C50AD23141067A100EE92DE /* DigiNotarCA2007RootCertificate.crt in Copy DigiNotar-ok Resources */, - 4C8B91E41416ED9A00A254E2 /* DigiNotar_Root_CA_G2-RootCertificate.crt in Copy DigiNotar-ok Resources */, - 4C50AD24141067A100EE92DE /* Invalid-asterisk.google.com.crt in Copy DigiNotar-ok Resources */, - 4C50AD25141067A100EE92DE /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar-ok Resources */, - 4C50AD26141067A100EE92DE /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar-ok Resources */, - 4C50AD27141067A100EE92DE /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar-ok Resources */, - 4C50AD28141067A100EE92DE /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar-ok Resources */, - 4C50AD29141067A100EE92DE /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar-ok Resources */, - 4C50AD2A141067A100EE92DE /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar-ok Resources */, - 4C50AD2B141067A100EE92DE /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar-ok Resources */, - 4C50AD2C141067A100EE92DE /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar-ok Resources */, - 4C50AD2D141067A100EE92DE /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar-ok Resources */, - 4C8B91DB1416ED9400A254E2 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar-ok Resources */, - 4C8B91E31416ED9400A254E2 /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar-ok Resources */, - 4C50AD30141068C100EE92DE /* Expectations.plist in Copy DigiNotar-ok Resources */, - ); - name = "Copy DigiNotar-ok Resources"; - runOnlyForDeploymentPostprocessing = 0; + DC65E76F1D8CB4ED00152EF0 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = utilities; }; - 4C50AD3414106A2900EE92DE /* Copy DigiNotar Resources */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = DigiNotar; - dstSubfolderSpec = 7; - files = ( - 4C50AD3914106A4E00EE92DE /* Invalid-asterisk.google.com.crt in Copy DigiNotar Resources */, - 4C50AD3A14106A4E00EE92DE /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar Resources */, - 4C50AD3B14106A4E00EE92DE /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar Resources */, - 4C50AD3C14106A4E00EE92DE /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar Resources */, - 4C50AD3D14106A4E00EE92DE /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar Resources */, - 4C50AD3E14106A4E00EE92DE /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar Resources */, - 4C50AD3F14106A4E00EE92DE /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar Resources */, - 4C50AD4014106A4E00EE92DE /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar Resources */, - 4C50AD4114106A4E00EE92DE /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar Resources */, - 4C50AD4214106A4E00EE92DE /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar Resources */, - 4C3CECF41416E2EC00947741 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar Resources */, - 4C3CECF51416E2FA00947741 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt in Copy DigiNotar Resources */, - 4C3CECF61416E31A00947741 /* Invalid-diginotarpkioverheidcaoverheid.crt in Copy DigiNotar Resources */, - 4C3CECF81416E33500947741 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt in Copy DigiNotar Resources */, - 4C3CECF91416E34F00947741 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt in Copy DigiNotar Resources */, - 4C3CECFB1416E34F00947741 /* staatdernederlandenorganisatieca-g2-Cert.crt in Copy DigiNotar Resources */, - 4C3CECFC1416E34F00947741 /* staatdernederlandenoverheidca-Cert.crt in Copy DigiNotar Resources */, - 4C8B91C81416EBB500A254E2 /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar Resources */, - ); - name = "Copy DigiNotar Resources"; - runOnlyForDeploymentPostprocessing = 0; + DC65E7711D8CB4F400152EF0 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = utilities; }; - 4C50AD3514106A2B00EE92DE /* Copy DigiNotar-Entrust Resources */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = "DigiNotar-Entrust"; - dstSubfolderSpec = 7; - files = ( - 4C8B91C61416EB8B00A254E2 /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD4614106A5000EE92DE /* Invalid-asterisk.google.com.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD4714106A5000EE92DE /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD4814106A5000EE92DE /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD4914106A5000EE92DE /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD4A14106A5000EE92DE /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD4B14106A5000EE92DE /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD4C14106A5000EE92DE /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD4D14106A5000EE92DE /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD4E14106A5000EE92DE /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD4F14106A5000EE92DE /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar-Entrust Resources */, - 4C50AD5014106A5000EE92DE /* diginotar.root.ca-entrust-secure-server-Cert.crt in Copy DigiNotar-Entrust Resources */, - 4C3CECFD1416E35400947741 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar-Entrust Resources */, - 4C3CECFE1416E35400947741 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt in Copy DigiNotar-Entrust Resources */, - 4C3CECFF1416E35400947741 /* Invalid-diginotarpkioverheidcaoverheid.crt in Copy DigiNotar-Entrust Resources */, - 4C3CED001416E35400947741 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt in Copy DigiNotar-Entrust Resources */, - 4C3CED011416E35400947741 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt in Copy DigiNotar-Entrust Resources */, - 4C3CED031416E35400947741 /* staatdernederlandenorganisatieca-g2-Cert.crt in Copy DigiNotar-Entrust Resources */, - 4C3CED041416E35400947741 /* staatdernederlandenoverheidca-Cert.crt in Copy DigiNotar-Entrust Resources */, - ); - name = "Copy DigiNotar-Entrust Resources"; - runOnlyForDeploymentPostprocessing = 0; + DC65E7731D8CB4FB00152EF0 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = utilities; }; - 4C50AD3614106A2C00EE92DE /* Copy DigiNotar-ok Resources */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = "DigiNotar-ok"; - dstSubfolderSpec = 7; - files = ( - 4C50AD5114106A5400EE92DE /* Expectations.plist in Copy DigiNotar-ok Resources */, - 4C50AD5214106A5400EE92DE /* DigiNotarCA2007RootCertificate.crt in Copy DigiNotar-ok Resources */, - 4C3CECF31416E25C00947741 /* DigiNotar_Root_CA_G2-RootCertificate.crt in Copy DigiNotar-ok Resources */, - 4C50AD5314106A5400EE92DE /* Invalid-asterisk.google.com.crt in Copy DigiNotar-ok Resources */, - 4C50AD5414106A5400EE92DE /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar-ok Resources */, - 4C50AD5514106A5400EE92DE /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar-ok Resources */, - 4C50AD5614106A5400EE92DE /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar-ok Resources */, - 4C50AD5714106A5400EE92DE /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar-ok Resources */, - 4C50AD5814106A5400EE92DE /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar-ok Resources */, - 4C50AD5914106A5400EE92DE /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar-ok Resources */, - 4C50AD5A14106A5400EE92DE /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar-ok Resources */, - 4C50AD5B14106A5400EE92DE /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar-ok Resources */, - 4C50AD5C14106A5400EE92DE /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar-ok Resources */, - 4C3CED051416E35A00947741 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar-ok Resources */, - 4C8B91C71416EBA400A254E2 /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar-ok Resources */, - ); - name = "Copy DigiNotar-ok Resources"; - runOnlyForDeploymentPostprocessing = 0; + DC6BC2731D90D07800DD57B3 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC6BC26C1D90CFEF00DD57B3; + remoteInfo = securityd_macos_startup_nomake; }; - 4C52D0B216EFC61E0079966E /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = /System/Library/LaunchDaemons; - dstSubfolderSpec = 0; - files = ( - 4C52D0E916EFCCF80079966E /* com.apple.security.CircleJoinRequested.plist in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; + DC6BC27A1D90D11C00DD57B3 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC6BC2751D90D0BE00DD57B3; + remoteInfo = securityd_macos_DTrace_nomake; }; - 5E11CAD919A759E2008A3664 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /usr/local/bin; - dstSubfolderSpec = 0; - files = ( - 5E11CADA19A75A1F008A3664 /* KeychainItemsAclTest.sh in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; + DC6BC2811D90D30F00DD57B3 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC6BC27C1D90D1EE00DD57B3; + remoteInfo = security_cssm_generator_nomake; }; - 79679E231462023800CF997F /* Copy DigiCertMalaysia Resources */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = DigicertMalaysia; - dstSubfolderSpec = 7; - files = ( - 79679E29146202A800CF997F /* Digisign-Server-ID-Enrich-Entrust-Cert.crt in Copy DigiCertMalaysia Resources */, - 7947431E1462151E00D638A3 /* Digisign-Server-ID-Enrich-GTETrust-Cert.crt in Copy DigiCertMalaysia Resources */, - 79679E2A146202A800CF997F /* Invalid-webmail.jaring.my.crt in Copy DigiCertMalaysia Resources */, - 7947431A146213DC00D638A3 /* Invalid-www.cybersecurity.my.crt in Copy DigiCertMalaysia Resources */, - ); - name = "Copy DigiCertMalaysia Resources"; - runOnlyForDeploymentPostprocessing = 0; + DC71D8E31D959C000065FB93 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC52E7731D80BC8000B0A59C; + remoteInfo = libsecurityd_ios; }; - 79679E2B146202BC00CF997F /* Copy DigicertMalaysia Resources */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = DigicertMalaysia; - dstSubfolderSpec = 7; - files = ( - 79679E2C146202CB00CF997F /* Digisign-Server-ID-Enrich-Entrust-Cert.crt in Copy DigicertMalaysia Resources */, - 7947431D1462151400D638A3 /* Digisign-Server-ID-Enrich-GTETrust-Cert.crt in Copy DigicertMalaysia Resources */, - 79679E2D146202CB00CF997F /* Invalid-webmail.jaring.my.crt in Copy DigicertMalaysia Resources */, - 7947431B146213EF00D638A3 /* Invalid-www.cybersecurity.my.crt in Copy DigicertMalaysia Resources */, - ); - name = "Copy DigicertMalaysia Resources"; - runOnlyForDeploymentPostprocessing = 0; + DC71D8EA1D959C130065FB93 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = utilities; }; - 79863B6C0CADCE4300818B0D /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /System/Library/LaunchDaemons; - dstSubfolderSpec = 0; - files = ( - 79863B710CADCEAB00818B0D /* com.apple.securityd.plist in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; + DC71D9E01D95BAC40065FB93 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC71D99F1D95BA6C0065FB93; + remoteInfo = ASN1; }; - BE442BBA18B7FDB800F24DAE /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /System/Library/LaunchDaemons; - dstSubfolderSpec = 0; - files = ( - BE4AC9AE18B7FFC800B84964 /* com.apple.security.swcagent.plist in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; + DC71D9E21D95BAD50065FB93 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC71D99F1D95BA6C0065FB93; + remoteInfo = ASN1; }; - CDB9FCAA179CD054000AAD66 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /System/Library/Frameworks/Security.framework/CircleJoinRequested; - dstSubfolderSpec = 0; - files = ( - CDB9FCAB179CD098000AAD66 /* Info.plist in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; + DC71D9FC1D95BB440065FB93 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC71D9E41D95BB0A0065FB93; + remoteInfo = DER; }; - CDF91EA61AAE019800E88CF7 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /System/Library/IdentityServices/ServiceDefinitions; - dstSubfolderSpec = 0; - files = ( - CDF91EF31AAE024A00E88CF7 /* com.apple.private.alloy.keychainsync.plist in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; + DC71DA021D95BDEA0065FB93 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC8834011D8A218F00CE0ACA; + remoteInfo = ASN1_not_installed; }; - E73288DD1AED7215008CE839 /* Copy SecureObjectSync Headers */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = PrivateHeaders/SecureObjectSync; - dstSubfolderSpec = 1; - files = ( - 52BF42C21AFAD10C00821B5D /* SOSCloudCircleInternal.h in Copy SecureObjectSync Headers */, - 52F8DE4E1AF2EB8F00A2C271 /* SOSTypes.h in Copy SecureObjectSync Headers */, - 9468B96E1AF2B93300042383 /* SOSViews.h in Copy SecureObjectSync Headers */, - E73289291AED7360008CE839 /* SOSPeerInfo.h in Copy SecureObjectSync Headers */, - E73289281AED735A008CE839 /* SOSCloudCircle.h in Copy SecureObjectSync Headers */, - CD4F44211B546A7E00FE3569 /* SOSPeerInfoV2.h in Copy SecureObjectSync Headers */, - 9468B9481AF2B60900042383 /* SOSBackupSliceKeyBag.h in Copy SecureObjectSync Headers */, - ); - name = "Copy SecureObjectSync Headers"; - runOnlyForDeploymentPostprocessing = 0; + DC71DA041D95BDF90065FB93 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC8834011D8A218F00CE0ACA; + remoteInfo = ASN1_not_installed; }; - E7CFF7211C86602B00E3484E /* Install BATS Tests */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /AppleInternal/CoreOS/BATS/unit_tests; - dstSubfolderSpec = 0; - files = ( - E7EBDEBC1C87C0DB001BAA62 /* KeychainCircle.plist in Install BATS Tests */, - ); - name = "Install BATS Tests"; - runOnlyForDeploymentPostprocessing = 1; + DC71DA061D95BE2F0065FB93 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC8834011D8A218F00CE0ACA; + remoteInfo = ASN1_not_installed; }; - EB0BF1711D25B47A000DEF32 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /AppleInternal/CoreOS/tests/Security; - dstSubfolderSpec = 0; - files = ( - EB0BF1981D25B4BE000DEF32 /* README in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; + DC71DA081D95BEE00065FB93 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC59E9AC1D91C9DC001BDDF5; + remoteInfo = DER_not_installed; }; - EB0BF1991D25B54B000DEF32 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /AppleInternal/CoreOS/tests/Security; - dstSubfolderSpec = 0; - files = ( - EB0BF19A1D25B551000DEF32 /* README in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; + DC71DA0A1D95BEF60065FB93 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC59E9AC1D91C9DC001BDDF5; + remoteInfo = DER_not_installed; }; - EB5D72ED1B0CB082009CAA47 /* Old SOS header location */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /usr/local/include; - dstSubfolderSpec = 0; - files = ( - EB5D73111B0CB0BE009CAA47 /* SOSPeerInfo.h in Old SOS header location */, - EB5D73101B0CB09E009CAA47 /* SOSTypes.h in Old SOS header location */, - ); - name = "Old SOS header location"; - runOnlyForDeploymentPostprocessing = 1; + DC71DA0C1D95DD670065FB93 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC52E8BE1D80C25800B0A59C; + remoteInfo = SecureObjectSync; }; - EB9C1DB41BDFD4F200F89272 /* Install BATS plist */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /AppleInternal/CoreOS/BATS/unit_tests; - dstSubfolderSpec = 0; - files = ( - EB9C1DB51BDFD50100F89272 /* Security.plist in Install BATS plist */, - EB3A8DFF1BEEC66F001A89AA /* Security_edumode.plist in Install BATS plist */, - ); - name = "Install BATS plist"; - runOnlyForDeploymentPostprocessing = 1; + DC71DA0E1D95E1210065FB93 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC52EE661D80D82600B0A59C; + remoteInfo = SecItemShimOSX; }; - F93C49061AB8FCE50047E01A /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /usr/local/sbin; - dstSubfolderSpec = 0; - files = ( - F93C493B1AB8FF530047E01A /* ckcdiagnose.sh in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; + DC82FFEA1D90D4640085674B /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC82FFE51D90D3F60085674B; + remoteInfo = security_utilities_DTrace_nomake; }; -/* End PBXCopyFilesBuildPhase section */ - -/* Begin PBXFileReference section */ - 051D8F82194913E500AEF66A /* OSX.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = OSX.xcodeproj; path = OSX/OSX.xcodeproj; sourceTree = ""; }; - 05EF687F1949143A007958C3 /* securityd.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = securityd.xcodeproj; path = securityd/securityd.xcodeproj; sourceTree = ""; }; - 05EF68A919491453007958C3 /* SecurityTool.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = SecurityTool.xcodeproj; path = SecurityTool/SecurityTool.xcodeproj; sourceTree = ""; }; - 0C0BDB2F175685B000BC1A7E /* secdtests */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = secdtests; sourceTree = BUILT_PRODUCTS_DIR; }; - 0C0BDB31175685B000BC1A7E /* main.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = main.c; sourceTree = ""; }; - 0C0BDB441756868B00BC1A7E /* testlist.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = testlist.h; sourceTree = ""; }; - 0C0C88771CCEC5BD00617D1B /* si-82-sectrust-ct-data */ = {isa = PBXFileReference; lastKnownFileType = folder; name = "si-82-sectrust-ct-data"; path = "../OSX/shared_regressions/si-82-sectrust-ct-data"; sourceTree = ""; }; - 0C1EF18813A1946C000A4CE5 /* PostSecurityTests.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = PostSecurityTests.sh; sourceTree = ""; }; - 0C25A871122726540050C2BD /* regressions.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = regressions.xcodeproj; path = OSX/regressions/regressions.xcodeproj; sourceTree = ""; }; - 0C2BCBA51D063F7D00ED7A2F /* dtlsEchoClient.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = dtlsEchoClient.c; sourceTree = ""; }; - 0C2BCBA61D063F7D00ED7A2F /* dtlsEchoServer.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = dtlsEchoServer.c; sourceTree = ""; }; - 0C2BCBA71D063F7D00ED7A2F /* README */ = {isa = PBXFileReference; lastKnownFileType = text; path = README; sourceTree = ""; }; - 0C2BCBB91D06401F00ED7A2F /* dtlsEchoClient */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = dtlsEchoClient; sourceTree = BUILT_PRODUCTS_DIR; }; - 0C2BCBCE1D0648D100ED7A2F /* dtlsEchoServer */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = dtlsEchoServer; sourceTree = BUILT_PRODUCTS_DIR; }; - 0C3145551496B8FB00427C0B /* SecureTransport.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecureTransport.h; path = OSX/libsecurity_ssl/lib/SecureTransport.h; sourceTree = ""; }; - 0C3145561496B8FB00427C0B /* SecureTransportPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecureTransportPriv.h; path = OSX/libsecurity_ssl/lib/SecureTransportPriv.h; sourceTree = ""; }; - 0C550308139F0B970019E5EB /* PreSecurityTests.sh */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; path = PreSecurityTests.sh; sourceTree = ""; }; - 0C5D2EEA167FEAAC0077501D /* SecAsn1Coder.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = SecAsn1Coder.h; path = OSX/libsecurity_asn1/lib/SecAsn1Coder.h; sourceTree = ""; }; - 0C5D2EEC167FEEC90077501D /* secasn1t.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = secasn1t.h; path = OSX/libsecurity_asn1/lib/secasn1t.h; sourceTree = ""; }; - 0C5D2EEE167FF0560077501D /* SecAsn1Templates.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = SecAsn1Templates.h; path = OSX/libsecurity_asn1/lib/SecAsn1Templates.h; sourceTree = ""; }; - 0C5D2EF0167FF1FC0077501D /* oidsalg.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = oidsalg.h; path = OSX/libsecurity_asn1/lib/oidsalg.h; sourceTree = ""; }; - 0C664AB2175926B20092D3D9 /* secdtests-entitlements.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "secdtests-entitlements.plist"; sourceTree = ""; }; - 0C6E38F41C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxyReceiveMessage.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "IDSKeychainSyncingProxy+IDSProxyReceiveMessage.h"; sourceTree = ""; }; - 0C6E38F51C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxyReceiveMessage.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "IDSKeychainSyncingProxy+IDSProxyReceiveMessage.m"; sourceTree = ""; }; - 0C6E38F61C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxySendMessage.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "IDSKeychainSyncingProxy+IDSProxySendMessage.h"; sourceTree = ""; }; - 0C6E38F71C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxySendMessage.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "IDSKeychainSyncingProxy+IDSProxySendMessage.m"; sourceTree = ""; }; - 0C6E38F81C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxyThrottle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "IDSKeychainSyncingProxy+IDSProxyThrottle.h"; sourceTree = ""; }; - 0C6E38F91C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxyThrottle.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "IDSKeychainSyncingProxy+IDSProxyThrottle.m"; sourceTree = ""; }; - 0C78F1C916A5E13400654E08 /* sectask_regressions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sectask_regressions.h; sourceTree = ""; }; - 0C78F1CA16A5E1BF00654E08 /* sectask-10-sectask.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sectask-10-sectask.c"; sourceTree = ""; }; - 0C78F1CB16A5E1BF00654E08 /* sectask_ipc.defs */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.mig; path = sectask_ipc.defs; sourceTree = ""; }; - 0C869B421C865E4D006A2873 /* CoreCDP.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreCDP.framework; path = System/Library/PrivateFrameworks/CoreCDP.framework; sourceTree = SDKROOT; }; - 0C95403F14E473AA00077526 /* libsecurity_ssl.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_ssl.xcodeproj; path = OSX/libsecurity_ssl/libsecurity_ssl.xcodeproj; sourceTree = ""; }; - 0CA31A4614BB5C9100BD348C /* CipherSuite.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CipherSuite.h; path = OSX/libsecurity_ssl/lib/CipherSuite.h; sourceTree = ""; }; - 0CA31A7314BB6C2500BD348C /* sslTypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sslTypes.h; path = OSX/libsecurity_ssl/lib/sslTypes.h; sourceTree = ""; }; - 0CB321F01464A95F00587CD3 /* CreateCerts.sh */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; path = CreateCerts.sh; sourceTree = ""; }; - 0CC82947138716F400BD99B7 /* libregressions.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libregressions.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 0CD72A5B16D5769A00A4B8A3 /* utilities.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = utilities.c; sourceTree = ""; }; - 0CD72A5C16D5769A00A4B8A3 /* utilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = utilities.h; sourceTree = ""; }; - 107226D00D91DB32003CF14F /* SecTask.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecTask.c; sourceTree = ""; }; - 107226D10D91DB32003CF14F /* SecTask.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecTask.h; sourceTree = ""; }; - 107227350D91FE89003CF14F /* libbsm.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libbsm.dylib; path = usr/lib/libbsm.dylib; sourceTree = SDKROOT; }; - 18351B8F14CB65870097860E /* SecBase64.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecBase64.h; sourceTree = ""; }; - 18F7F65814D77DF700F88A12 /* sec.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = sec.xcodeproj; path = OSX/sec/sec.xcodeproj; sourceTree = ""; }; - 1FDA9AB91C44844D0083929D /* SecTranslocate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SecTranslocate.h; path = ../../libsecurity_translocate/lib/SecTranslocate.h; sourceTree = ""; }; - 2281820D17B4686C0067C9C9 /* BackgroundTaskAgent.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = BackgroundTaskAgent.framework; path = System/Library/PrivateFrameworks/BackgroundTaskAgent.framework; sourceTree = SDKROOT; }; - 22C002A31AC9D33100B3469E /* OTAPKIAssetTool.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = OTAPKIAssetTool.xcconfig; sourceTree = ""; }; - 433E519D1B66D5F600482618 /* AppSupport.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AppSupport.framework; path = System/Library/PrivateFrameworks/AppSupport.framework; sourceTree = SDKROOT; }; - 4381690C1B4EDCBD00C54D58 /* SOSCCAuthPlugin.bundle */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = SOSCCAuthPlugin.bundle; sourceTree = BUILT_PRODUCTS_DIR; }; - 4381690F1B4EDCBD00C54D58 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; - 438169E11B4EDEE200C54D58 /* SOSCCAuthPlugin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSCCAuthPlugin.h; sourceTree = ""; }; - 438169E21B4EDEE200C54D58 /* SOSCCAuthPlugin.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SOSCCAuthPlugin.m; sourceTree = ""; }; - 43DB542E1BB1F85B0083C3F1 /* ProtectedCloudStorage.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = ProtectedCloudStorage.framework; path = System/Library/PrivateFrameworks/ProtectedCloudStorage.framework; sourceTree = SDKROOT; }; - 4432AF6A1A01458F000958DC /* libcoreauthd_client.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; name = libcoreauthd_client.a; path = usr/local/lib/libcoreauthd_client.a; sourceTree = SDKROOT; }; - 4432AF8C1A01472C000958DC /* libaks_acl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; name = libaks_acl.a; path = usr/local/lib/libaks_acl.a; sourceTree = SDKROOT; }; - 443381D918A3D81400215606 /* SecAccessControl.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecAccessControl.h; sourceTree = ""; }; - 443381DA18A3D81400215606 /* SecAccessControlPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecAccessControlPriv.h; sourceTree = ""; }; - 4469FBDC1AA0A45C0021AA26 /* libctkclient_test.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libctkclient_test.a; path = usr/local/lib/libctkclient_test.a; sourceTree = SDKROOT; }; - 4469FBDD1AA0A45C0021AA26 /* libctkclient.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libctkclient.a; path = usr/local/lib/libctkclient.a; sourceTree = SDKROOT; }; - 48284A041D1DB06E00C76CB7 /* README_os_log_prefs.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = README_os_log_prefs.txt; path = OSX/sec/os_log/README_os_log_prefs.txt; sourceTree = ""; }; - 4863262F1CAA0BE900A466D9 /* com.apple.securityd.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = com.apple.securityd.plist; path = OSX/sec/os_log/com.apple.securityd.plist; sourceTree = ""; }; - 4AF7FFF315AFB73800B9D400 /* SecOTR.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOTR.h; sourceTree = ""; }; - 4AF7FFF415AFB73800B9D400 /* SecOTRDHKey.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOTRDHKey.h; sourceTree = ""; }; - 4AF7FFF515AFB73800B9D400 /* SecOTRErrors.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOTRErrors.h; sourceTree = ""; }; - 4AF7FFF615AFB73800B9D400 /* SecOTRIdentityPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOTRIdentityPriv.h; sourceTree = ""; }; - 4AF7FFF715AFB73800B9D400 /* SecOTRMath.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOTRMath.h; sourceTree = ""; }; - 4AF7FFF915AFB73800B9D400 /* SecOTRPacketData.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOTRPacketData.h; sourceTree = ""; }; - 4AF7FFFA15AFB73800B9D400 /* SecOTRPackets.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOTRPackets.h; sourceTree = ""; }; - 4AF7FFFB15AFB73800B9D400 /* SecOTRSession.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOTRSession.h; sourceTree = ""; }; - 4AF7FFFC15AFB73800B9D400 /* SecOTRSessionPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOTRSessionPriv.h; sourceTree = ""; }; - 4C0208F80D3C154200BFE54E /* SecBasePriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecBasePriv.h; sourceTree = ""; }; - 4C04A90811924BBC0020550C /* SecKeyInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecKeyInternal.h; sourceTree = ""; }; - 4C079EBC1794A96200D73970 /* ServiceManagement.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = ServiceManagement.framework; path = System/Library/PrivateFrameworks/ServiceManagement.framework; sourceTree = SDKROOT; }; - 4C0B906C0ACCBD240077CD03 /* SecFramework.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecFramework.h; sourceTree = ""; }; - 4C12828C0BB4957D00985BB0 /* SecTrustSettingsPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecTrustSettingsPriv.h; sourceTree = ""; }; - 4C198F1E0ACDB4BF00AAB142 /* English */ = {isa = PBXFileReference; fileEncoding = 10; lastKnownFileType = text.plist.strings; name = English; path = English.lproj/Certificate.strings; sourceTree = ""; }; - 4C198F200ACDB4BF00AAB142 /* English */ = {isa = PBXFileReference; fileEncoding = 10; lastKnownFileType = text.plist.strings; name = English; path = English.lproj/OID.strings; sourceTree = ""; usesTabs = 1; }; - 4C1B442C0BB9CAF900461B82 /* SecTrustStore.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecTrustStore.h; sourceTree = ""; }; - 4C28BCD60986EBCB0020C665 /* certextensions.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = certextensions.h; sourceTree = ""; }; - 4C2F81D40BF121D2003C4F77 /* SecRandom.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecRandom.h; sourceTree = ""; }; - 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = utilities.xcodeproj; path = OSX/utilities/utilities.xcodeproj; sourceTree = ""; }; - 4C32C0AF0A4975F6002891BD /* Security.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Security.framework; sourceTree = BUILT_PRODUCTS_DIR; }; - 4C35DC37094F9120002917C4 /* Security-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "Security-Info.plist"; sourceTree = ""; }; - 4C3CECEA1416DB2200947741 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Invalid-CertiID_Enterprise_Certificate_Authority.crt"; sourceTree = ""; }; - 4C3CECEB1416DB2200947741 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt"; sourceTree = ""; }; - 4C3CECEC1416DB2200947741 /* Invalid-diginotarpkioverheidcaoverheid.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Invalid-diginotarpkioverheidcaoverheid.crt"; sourceTree = ""; }; - 4C3CECED1416DB2200947741 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt"; sourceTree = ""; }; - 4C3CECEE1416DB2200947741 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt; sourceTree = ""; }; - 4C3CECEF1416DB2200947741 /* Ministerie_van_Defensie_Certificatie_Autoriteit.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = Ministerie_van_Defensie_Certificatie_Autoriteit.crt; sourceTree = ""; }; - 4C3CECF01416DB2200947741 /* staatdernederlandenorganisatieca-g2-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = "staatdernederlandenorganisatieca-g2-Cert.crt"; sourceTree = ""; }; - 4C3CECF11416DB2200947741 /* staatdernederlandenoverheidca-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = "staatdernederlandenoverheidca-Cert.crt"; sourceTree = ""; }; + DC82FFF11D90D54F0085674B /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC82FFEC1D90D4D20085674B; + remoteInfo = security_ocspd_macos_mig_nomake; + }; + DCB340181D8A248C0054D16E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC8834011D8A218F00CE0ACA; + remoteInfo = security_apple_asn1; + }; + DCB340891D8A25230054D16E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCB340661D8A24DF0054D16E; + remoteInfo = security_apple_authorization; + }; + DCB3412D1D8A29830054D16E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCB3408E1D8A267C0054D16E; + remoteInfo = security_cdsa_client; + }; + DCB341781D8A2AF10054D16E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCB341301D8A2A010054D16E; + remoteInfo = security_cdsa_plugin; + }; + DCB342361D8A2CD70054D16E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCB3417B1D8A2B860054D16E; + remoteInfo = security_cdsa_utilities; + }; + DCB345651D8A36060054D16E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCB3423A1D8A32820054D16E; + remoteInfo = security_keychain; + }; + DCB345B21D8A361F0054D16E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCB343AD1D8A34FD0054D16E; + remoteInfo = security_keychain_regressions; + }; + DCBE6E491D91E23D00A3E5E5 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCD06A541D8CE2D5007602F1; + remoteInfo = gkunpack; + }; + DCC093771D80ABC300F984E4 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCC78EA81D8088E200865A7C; + remoteInfo = libsecurity; + }; + DCC5BF371D937329008D1E84 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = DC1784AE1D7786C700B50D50 /* libsecurity_cms.xcodeproj */; + proxyType = 1; + remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; + remoteInfo = libsecurity_cms; + }; + DCD067821D8CDF58007602F1 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCD067561D8CDCF3007602F1; + remoteInfo = codesigning_DTrace; + }; + DCD067841D8CDF5C007602F1 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCD0675B1D8CDD6D007602F1; + remoteInfo = codesigning_SystemPolicy; + }; + DCD069711D8CE21C007602F1 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCD0675B1D8CDD6D007602F1; + remoteInfo = codesigning_SystemPolicy; + }; + DCD069731D8CE21C007602F1 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCD067561D8CDCF3007602F1; + remoteInfo = codesigning_DTrace; + }; + DCD06A441D8CE281007602F1 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCD0675B1D8CDD6D007602F1; + remoteInfo = codesigning_SystemPolicy; + }; + DCD06A461D8CE281007602F1 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCD067561D8CDCF3007602F1; + remoteInfo = codesigning_DTrace; + }; + DCD06A7F1D8CE33B007602F1 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCD067781D8CDF19007602F1; + remoteInfo = security_codesigning; + }; + DCD06A811D8CE33F007602F1 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCD0696F1D8CE21C007602F1; + remoteInfo = integrity; + }; + DCD06A831D8CE343007602F1 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCD06A421D8CE281007602F1; + remoteInfo = codehost; + }; + DCD06A851D8CE348007602F1 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCD069661D8CE105007602F1; + remoteInfo = codesigning_RequirementsLanguage; + }; + DCD06A871D8CE34D007602F1 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCD06A541D8CE2D5007602F1; + remoteInfo = gkunpack; + }; + DCD06A891D8CE356007602F1 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCD067781D8CDF19007602F1; + remoteInfo = security_codesigning; + }; + DCD06BCE1D8E0F01007602F1 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCD06AA91D8E0D53007602F1; + remoteInfo = security_utilities; + }; + DCD22D661D8CC387001C9B81 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC52EC601D80D0C400B0A59C; + remoteInfo = SOSRegressions; + }; + DCD22D681D8CC3A6001C9B81 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BCCF41D8C694700070CB0; + remoteInfo = utilitiesRegressions; + }; + DCD22D7A1D8CCA07001C9B81 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BC9C81D8B824700070CB0; + remoteInfo = security_ssl; + }; + DCD22D7C1D8CCA18001C9B81 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC8834011D8A218F00CE0ACA; + remoteInfo = ASN1; + }; + DCD22D7E1D8CCA2C001C9B81 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC0BCC211D8C684F00070CB0; + remoteInfo = utilities; + }; + DCD22D811D8CCB5A001C9B81 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC52E7731D80BC8000B0A59C; + remoteInfo = libsecurityd_ios; + }; + DCD22D831D8CCB72001C9B81 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DC52E8BE1D80C25800B0A59C; + remoteInfo = SecureObjectSync; + }; + DCD66DC21D82056C00DB1393 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCD66D5E1D8204A700DB1393; + remoteInfo = libSecTrustOSX; + }; + DCD66DE51D82061F00DB1393 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCD66DC41D8205C400DB1393; + remoteInfo = libSecOtrOSX; + }; + DCE4E6A91D7A38E700AFB96E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCE4E68A1D7A37FA00AFB96E; + remoteInfo = security2tool_macos; + }; + DCE4E7B71D7A456500AFB96E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCE4E7311D7A43B500AFB96E; + remoteInfo = SecurityTestsOSX; + }; + DCE4E7BB1D7A45ED00AFB96E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = DC1784421D77869A00B50D50 /* libsecurity_smime.xcodeproj */; + proxyType = 1; + remoteGlobalIDString = AC62F5EF18B4356A00704BBD; + remoteInfo = libsecurity_smime_regressions; + }; + DCE4E7D71D7A4B3500AFB96E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = DC1784421D77869A00B50D50 /* libsecurity_smime.xcodeproj */; + proxyType = 1; + remoteGlobalIDString = AC62F5EF18B4356A00704BBD; + remoteInfo = libsecurity_smime_regressions; + }; + DCE4E7F01D7A4BEC00AFB96E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCE4E7CB1D7A4AED00AFB96E; + remoteInfo = sectests_macos; + }; + DCE4E8291D7A4F2500AFB96E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCE4E7F51D7A4DA800AFB96E; + remoteInfo = secd; + }; + DCE4E8611D7A58BA00AFB96E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCE4E82D1D7A57AE00AFB96E; + remoteInfo = trustd; + }; + DCE4E8D71D7F37F200AFB96E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCE4E8931D7F34F600AFB96E; + remoteInfo = authd; + }; + DCE4E90B1D7F3B4A00AFB96E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCE4E8DC1D7F39DB00AFB96E; + remoteInfo = "Cloud Keychain Utility"; + }; + DCE4E9721D7F3FC200AFB96E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCE4E9101D7F3D5300AFB96E; + remoteInfo = "Keychain Circle Notification"; + }; + DCF785001D88B80600E694BB /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCF7830A1D88B4DE00E694BB; + remoteInfo = security_apple_csp; + }; + DCF787311D88C1B000E694BB /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCF785021D88B95500E694BB; + remoteInfo = security_apple_cspdl; + }; + DCF788451D88C98100E694BB /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCF788341D88C8C400E694BB; + remoteInfo = security_apple_filedl; + }; + DCF788A31D88CB6000E694BB /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCF788471D88CA7200E694BB; + remoteInfo = security_apple_x509_cl; + }; + DCF788A81D88CC3500E694BB /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCF788471D88CA7200E694BB; + remoteInfo = security_apple_x509_cl; + }; + DCF789451D88CD7C00E694BB /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = DCF788AB1D88CD2400E694BB; + remoteInfo = security_apple_x509_tp; + }; + E74583BD1BF66489001B54A4 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 52D82BDD16A621F70078DFE5; + remoteInfo = CloudKeychainProxy; + }; + E745846C1BF68ECB001B54A4 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 05EF68BB194915A5007958C3; + remoteInfo = Security_executables; + }; + E745846E1BF68ECB001B54A4 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 05EF68C1194915FB007958C3; + remoteInfo = Security_kexts; + }; + E74584701BF68ECB001B54A4 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 05EF68AF1949149C007958C3; + remoteInfo = Security_temporary_UI; + }; + E79EEDD61CD3F9F800C2FBFC /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 0C7CFA2E14E1BA4800DF9D95; + remoteInfo = Security_frameworks_ios; + }; + E79EEDDE1CD3FFEA00C2FBFC /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = E79EEDD81CD3FFC800C2FBFC; + remoteInfo = Security_frameworks_macos; + }; + E79EEDE41CD4001300C2FBFC /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 05EF68BB194915A5007958C3; + remoteInfo = Security_executables_macos; + }; + E79EEDE61CD4003900C2FBFC /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = E79EEDD81CD3FFC800C2FBFC; + remoteInfo = Security_frameworks_macos; + }; + E7CFF6701C84F62900E3484E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = E7D847C41C6BE9710025BB44; + remoteInfo = KeychainCircle; + }; + E7CFF6721C84F62900E3484E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = E7D847CD1C6BE9720025BB44; + remoteInfo = KeychainCircleTests; + }; + E7CFF6741C84F65D00E3484E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = E7CFF6471C84F61200E3484E; + remoteInfo = Security_KeychainCircle; + }; + E7CFF6761C84F66A00E3484E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = E7CFF6471C84F61200E3484E; + remoteInfo = Security_KeychainCircle; + }; + E7D847D01C6BE9720025BB44 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = E7D847C41C6BE9710025BB44; + remoteInfo = KeychainCircle; + }; + EB31EA821D3EF2FB008F952A /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 5346480017331E1100FE9172; + remoteInfo = KeychainSyncAccountNotification; + }; + EB3A8E001BEEC6F3001A89AA /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = EB9C1D791BDFD0E000F89272; + remoteInfo = secbackupntest; + }; + EB425CD01C6585F1000ECE53 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = EB425C9E1C65846D000ECE53; + remoteInfo = secbackuptest; + }; + EB433A2B1CC3252A00A7EACE /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = EB433A201CC3243600A7EACE; + remoteInfo = secitemstresstest; + }; + EB63ADE01C3E74F900C45A69 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = EB0BC9361C3C791500785842; + remoteInfo = secedumodetest; + }; + EB6A6FAC1B90F84D0045DC68 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 0C7CFA2E14E1BA4800DF9D95; + remoteInfo = Security_frameworks_ios; + }; + EB6A6FB21B90F89F0045DC68 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 790851B50CA9859F0083CC4D; + remoteInfo = securityd; + }; + EB6A6FB81B90F8D70045DC68 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 4C541F840F250BF500E508AE; + remoteInfo = Security_executables_ios; + }; + EB6A6FBA1B90F8EC0045DC68 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 0C7CFA2E14E1BA4800DF9D95; + remoteInfo = Security_frameworks_ios; + }; + EB6A6FBC1B90F9170045DC68 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 4C32C0AE0A4975F6002891BD; + remoteInfo = Security; + }; + EB9C1DB61BDFD51800F89272 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = EB9C1DAE1BDFD4DE00F89272; + remoteInfo = SecurityBatsTests; + }; + EB9FE08C1BFBC48F004FEAAF /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = EB9C1DAE1BDFD4DE00F89272; + remoteInfo = SecurityBatsTests; + }; + EB9FE0B51BFBC499004FEAAF /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = EB9C1DAE1BDFD4DE00F89272; + remoteInfo = SecurityBatsTests; + }; + EBA9AA881CE3E76C004E2B68 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = EBA9AA7D1CE30E58004E2B68; + remoteInfo = secitemnotifications; + }; + EBB696D31BE2085700715F16 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = EB9C1D791BDFD0E000F89272; + remoteInfo = secbackupntest; + }; + EBC15EA81BE29AC3001C0C5B /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = EB9C1DAE1BDFD4DE00F89272; + remoteInfo = SecurityBatsTests; + }; + EBCF743E1CE593A700BED7CA /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = EBCF73F31CE45F9C00BED7CA; + remoteInfo = secitemfunctionality; + }; + EBD849351B242C8900C5FD1E /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 4CE5A54C09C796E100D27A3F; + remoteInfo = sslViewer; + }; + EBF374811DC058B60065D840 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = EBF374711DC055580065D840; + remoteInfo = "security-sysdiagnose"; + }; + EBF374831DC058C00065D840 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = EBF374711DC055580065D840; + remoteInfo = "security-sysdiagnose"; + }; + EBF374851DC058C50065D840 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = EBF374711DC055580065D840; + remoteInfo = "security-sysdiagnose"; + }; + EBF374871DC058CC0065D840 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = EBF374711DC055580065D840; + remoteInfo = "security-sysdiagnose"; + }; + F94E7AE11ACC8E7700F23132 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4C35DB69094F906D002917C4 /* Project object */; + proxyType = 1; + remoteGlobalIDString = F93C49021AB8FCE00047E01A; + remoteInfo = ckcdiagnose.sh; + }; +/* End PBXContainerItemProxy section */ + +/* Begin PBXCopyFilesBuildPhase section */ + 0C0BDB2D175685B000BC1A7E /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = /usr/share/man/man1/; + dstSubfolderSpec = 0; + files = ( + ); + runOnlyForDeploymentPostprocessing = 1; + }; + 4814D8691CAA059E002FFC36 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /System/Library/Preferences/Logging/Subsystems; + dstSubfolderSpec = 0; + files = ( + DC71D8F51D959F150065FB93 /* com.apple.securityd.plist in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + 4C50AD081410673800EE92DE /* Copy DigiNotar Resources */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = DigiNotar; + dstSubfolderSpec = 7; + files = ( + 4C50AD0C1410679000EE92DE /* Invalid-asterisk.google.com.crt in Copy DigiNotar Resources */, + 4C50AD0D1410679000EE92DE /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar Resources */, + 4C50AD0E1410679000EE92DE /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar Resources */, + 4C50AD0F1410679000EE92DE /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar Resources */, + 4C50AD101410679000EE92DE /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar Resources */, + 4C50AD111410679000EE92DE /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar Resources */, + 4C50AD121410679000EE92DE /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar Resources */, + 4C50AD131410679000EE92DE /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar Resources */, + 4C50AD141410679000EE92DE /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar Resources */, + 4C50AD151410679000EE92DE /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar Resources */, + 4C8B91C91416ED7E00A254E2 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar Resources */, + 4C8B91CA1416ED7E00A254E2 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt in Copy DigiNotar Resources */, + 4C8B91CB1416ED7E00A254E2 /* Invalid-diginotarpkioverheidcaoverheid.crt in Copy DigiNotar Resources */, + 4C8B91CC1416ED7E00A254E2 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt in Copy DigiNotar Resources */, + 4C8B91CD1416ED7E00A254E2 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt in Copy DigiNotar Resources */, + 4C8B91CF1416ED7E00A254E2 /* staatdernederlandenorganisatieca-g2-Cert.crt in Copy DigiNotar Resources */, + 4C8B91D01416ED7E00A254E2 /* staatdernederlandenoverheidca-Cert.crt in Copy DigiNotar Resources */, + 4C8B91D11416ED7E00A254E2 /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar Resources */, + ); + name = "Copy DigiNotar Resources"; + runOnlyForDeploymentPostprocessing = 0; + }; + 4C50AD091410675400EE92DE /* Copy DigiNotar-Entrust Resources */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = "DigiNotar-Entrust"; + dstSubfolderSpec = 7; + files = ( + 4C50AD181410679900EE92DE /* Invalid-asterisk.google.com.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD191410679900EE92DE /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD1A1410679900EE92DE /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD1B1410679900EE92DE /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD1C1410679900EE92DE /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD1D1410679900EE92DE /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD1E1410679900EE92DE /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD1F1410679900EE92DE /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD201410679900EE92DE /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD211410679900EE92DE /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD221410679900EE92DE /* diginotar.root.ca-entrust-secure-server-Cert.crt in Copy DigiNotar-Entrust Resources */, + 4C8B91D21416ED8E00A254E2 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar-Entrust Resources */, + 4C8B91D31416ED8E00A254E2 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt in Copy DigiNotar-Entrust Resources */, + 4C8B91D41416ED8E00A254E2 /* Invalid-diginotarpkioverheidcaoverheid.crt in Copy DigiNotar-Entrust Resources */, + 4C8B91D51416ED8E00A254E2 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt in Copy DigiNotar-Entrust Resources */, + 4C8B91D61416ED8E00A254E2 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt in Copy DigiNotar-Entrust Resources */, + 4C8B91D81416ED8E00A254E2 /* staatdernederlandenorganisatieca-g2-Cert.crt in Copy DigiNotar-Entrust Resources */, + 4C8B91D91416ED8E00A254E2 /* staatdernederlandenoverheidca-Cert.crt in Copy DigiNotar-Entrust Resources */, + 4C8B91DA1416ED8E00A254E2 /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar-Entrust Resources */, + ); + name = "Copy DigiNotar-Entrust Resources"; + runOnlyForDeploymentPostprocessing = 0; + }; + 4C50AD0A1410676300EE92DE /* Copy DigiNotar-ok Resources */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = "DigiNotar-ok"; + dstSubfolderSpec = 7; + files = ( + 4C50AD23141067A100EE92DE /* DigiNotarCA2007RootCertificate.crt in Copy DigiNotar-ok Resources */, + 4C8B91E41416ED9A00A254E2 /* DigiNotar_Root_CA_G2-RootCertificate.crt in Copy DigiNotar-ok Resources */, + 4C50AD24141067A100EE92DE /* Invalid-asterisk.google.com.crt in Copy DigiNotar-ok Resources */, + 4C50AD25141067A100EE92DE /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar-ok Resources */, + 4C50AD26141067A100EE92DE /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar-ok Resources */, + 4C50AD27141067A100EE92DE /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar-ok Resources */, + 4C50AD28141067A100EE92DE /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar-ok Resources */, + 4C50AD29141067A100EE92DE /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar-ok Resources */, + 4C50AD2A141067A100EE92DE /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar-ok Resources */, + 4C50AD2B141067A100EE92DE /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar-ok Resources */, + 4C50AD2C141067A100EE92DE /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar-ok Resources */, + 4C50AD2D141067A100EE92DE /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar-ok Resources */, + 4C8B91DB1416ED9400A254E2 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar-ok Resources */, + 4C8B91E31416ED9400A254E2 /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar-ok Resources */, + 4C50AD30141068C100EE92DE /* Expectations.plist in Copy DigiNotar-ok Resources */, + ); + name = "Copy DigiNotar-ok Resources"; + runOnlyForDeploymentPostprocessing = 0; + }; + 4C50AD3414106A2900EE92DE /* Copy DigiNotar Resources */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = DigiNotar; + dstSubfolderSpec = 7; + files = ( + 4C50AD3914106A4E00EE92DE /* Invalid-asterisk.google.com.crt in Copy DigiNotar Resources */, + 4C50AD3A14106A4E00EE92DE /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar Resources */, + 4C50AD3B14106A4E00EE92DE /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar Resources */, + 4C50AD3C14106A4E00EE92DE /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar Resources */, + 4C50AD3D14106A4E00EE92DE /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar Resources */, + 4C50AD3E14106A4E00EE92DE /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar Resources */, + 4C50AD3F14106A4E00EE92DE /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar Resources */, + 4C50AD4014106A4E00EE92DE /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar Resources */, + 4C50AD4114106A4E00EE92DE /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar Resources */, + 4C50AD4214106A4E00EE92DE /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar Resources */, + 4C3CECF41416E2EC00947741 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar Resources */, + 4C3CECF51416E2FA00947741 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt in Copy DigiNotar Resources */, + 4C3CECF61416E31A00947741 /* Invalid-diginotarpkioverheidcaoverheid.crt in Copy DigiNotar Resources */, + 4C3CECF81416E33500947741 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt in Copy DigiNotar Resources */, + 4C3CECF91416E34F00947741 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt in Copy DigiNotar Resources */, + 4C3CECFB1416E34F00947741 /* staatdernederlandenorganisatieca-g2-Cert.crt in Copy DigiNotar Resources */, + 4C3CECFC1416E34F00947741 /* staatdernederlandenoverheidca-Cert.crt in Copy DigiNotar Resources */, + 4C8B91C81416EBB500A254E2 /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar Resources */, + ); + name = "Copy DigiNotar Resources"; + runOnlyForDeploymentPostprocessing = 0; + }; + 4C50AD3514106A2B00EE92DE /* Copy DigiNotar-Entrust Resources */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = "DigiNotar-Entrust"; + dstSubfolderSpec = 7; + files = ( + 4C8B91C61416EB8B00A254E2 /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD4614106A5000EE92DE /* Invalid-asterisk.google.com.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD4714106A5000EE92DE /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD4814106A5000EE92DE /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD4914106A5000EE92DE /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD4A14106A5000EE92DE /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD4B14106A5000EE92DE /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD4C14106A5000EE92DE /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD4D14106A5000EE92DE /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD4E14106A5000EE92DE /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD4F14106A5000EE92DE /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar-Entrust Resources */, + 4C50AD5014106A5000EE92DE /* diginotar.root.ca-entrust-secure-server-Cert.crt in Copy DigiNotar-Entrust Resources */, + 4C3CECFD1416E35400947741 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar-Entrust Resources */, + 4C3CECFE1416E35400947741 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt in Copy DigiNotar-Entrust Resources */, + 4C3CECFF1416E35400947741 /* Invalid-diginotarpkioverheidcaoverheid.crt in Copy DigiNotar-Entrust Resources */, + 4C3CED001416E35400947741 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt in Copy DigiNotar-Entrust Resources */, + 4C3CED011416E35400947741 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt in Copy DigiNotar-Entrust Resources */, + 4C3CED031416E35400947741 /* staatdernederlandenorganisatieca-g2-Cert.crt in Copy DigiNotar-Entrust Resources */, + 4C3CED041416E35400947741 /* staatdernederlandenoverheidca-Cert.crt in Copy DigiNotar-Entrust Resources */, + ); + name = "Copy DigiNotar-Entrust Resources"; + runOnlyForDeploymentPostprocessing = 0; + }; + 4C50AD3614106A2C00EE92DE /* Copy DigiNotar-ok Resources */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = "DigiNotar-ok"; + dstSubfolderSpec = 7; + files = ( + 4C50AD5114106A5400EE92DE /* Expectations.plist in Copy DigiNotar-ok Resources */, + 4C50AD5214106A5400EE92DE /* DigiNotarCA2007RootCertificate.crt in Copy DigiNotar-ok Resources */, + 4C3CECF31416E25C00947741 /* DigiNotar_Root_CA_G2-RootCertificate.crt in Copy DigiNotar-ok Resources */, + 4C50AD5314106A5400EE92DE /* Invalid-asterisk.google.com.crt in Copy DigiNotar-ok Resources */, + 4C50AD5414106A5400EE92DE /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar-ok Resources */, + 4C50AD5514106A5400EE92DE /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar-ok Resources */, + 4C50AD5614106A5400EE92DE /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar-ok Resources */, + 4C50AD5714106A5400EE92DE /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar-ok Resources */, + 4C50AD5814106A5400EE92DE /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar-ok Resources */, + 4C50AD5914106A5400EE92DE /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar-ok Resources */, + 4C50AD5A14106A5400EE92DE /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar-ok Resources */, + 4C50AD5B14106A5400EE92DE /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar-ok Resources */, + 4C50AD5C14106A5400EE92DE /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar-ok Resources */, + 4C3CED051416E35A00947741 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar-ok Resources */, + 4C8B91C71416EBA400A254E2 /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar-ok Resources */, + ); + name = "Copy DigiNotar-ok Resources"; + runOnlyForDeploymentPostprocessing = 0; + }; + 4C52D0B216EFC61E0079966E /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = /System/Library/LaunchDaemons; + dstSubfolderSpec = 0; + files = ( + 4C52D0E916EFCCF80079966E /* com.apple.security.CircleJoinRequested.plist in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + 5E11CAD919A759E2008A3664 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /usr/local/bin; + dstSubfolderSpec = 0; + files = ( + 5E11CADA19A75A1F008A3664 /* KeychainItemsAclTest.sh in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + 79679E231462023800CF997F /* Copy DigiCertMalaysia Resources */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = DigicertMalaysia; + dstSubfolderSpec = 7; + files = ( + 79679E29146202A800CF997F /* Digisign-Server-ID-Enrich-Entrust-Cert.crt in Copy DigiCertMalaysia Resources */, + 7947431E1462151E00D638A3 /* Digisign-Server-ID-Enrich-GTETrust-Cert.crt in Copy DigiCertMalaysia Resources */, + 79679E2A146202A800CF997F /* Invalid-webmail.jaring.my.crt in Copy DigiCertMalaysia Resources */, + 7947431A146213DC00D638A3 /* Invalid-www.cybersecurity.my.crt in Copy DigiCertMalaysia Resources */, + ); + name = "Copy DigiCertMalaysia Resources"; + runOnlyForDeploymentPostprocessing = 0; + }; + 79679E2B146202BC00CF997F /* Copy DigicertMalaysia Resources */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = DigicertMalaysia; + dstSubfolderSpec = 7; + files = ( + 79679E2C146202CB00CF997F /* Digisign-Server-ID-Enrich-Entrust-Cert.crt in Copy DigicertMalaysia Resources */, + 7947431D1462151400D638A3 /* Digisign-Server-ID-Enrich-GTETrust-Cert.crt in Copy DigicertMalaysia Resources */, + 79679E2D146202CB00CF997F /* Invalid-webmail.jaring.my.crt in Copy DigicertMalaysia Resources */, + 7947431B146213EF00D638A3 /* Invalid-www.cybersecurity.my.crt in Copy DigicertMalaysia Resources */, + ); + name = "Copy DigicertMalaysia Resources"; + runOnlyForDeploymentPostprocessing = 0; + }; + 79863B6C0CADCE4300818B0D /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /System/Library/LaunchDaemons; + dstSubfolderSpec = 0; + files = ( + DCE809F31D9342BE00F91177 /* com.apple.securityd.plist in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + BE442BBA18B7FDB800F24DAE /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /System/Library/LaunchDaemons; + dstSubfolderSpec = 0; + files = ( + BE4AC9AE18B7FFC800B84964 /* com.apple.security.swcagent.plist in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + CDB9FCAA179CD054000AAD66 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /System/Library/Frameworks/Security.framework/CircleJoinRequested; + dstSubfolderSpec = 0; + files = ( + CDB9FCAB179CD098000AAD66 /* Info.plist in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + CDF91EA61AAE019800E88CF7 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /System/Library/IdentityServices/ServiceDefinitions; + dstSubfolderSpec = 0; + files = ( + CD51245E1DA1C67000962524 /* com.apple.private.alloy.keychainsync.plist in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DC0BC5601D8B6D2E00070CB0 /* Embed XPC Services */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = "$(CONTENTS_FOLDER_PATH)/XPCServices"; + dstSubfolderSpec = 16; + files = ( + DC0BC57A1D8B6EF500070CB0 /* XPCTimeStampingService.xpc in Embed XPC Services */, + DC0BC55C1D8B6D2E00070CB0 /* XPCKeychainSandboxCheck.xpc in Embed XPC Services */, + ); + name = "Embed XPC Services"; + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC5C41D8B72E700070CB0 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = /usr/share/man/man1/; + dstSubfolderSpec = 0; + files = ( + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DC0BC5DD1D8B73B000070CB0 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = /usr/share/man/man1/; + dstSubfolderSpec = 0; + files = ( + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DC17886F1D77934100B50D50 /* Copy SecurityObjectSync Headers */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = PrivateHeaders/SecureObjectSync; + dstSubfolderSpec = 1; + files = ( + DC3C72E81D8376F900F6A832 /* SOSViews.h in Copy SecurityObjectSync Headers */, + DC3C72E71D8376F300F6A832 /* SOSPeerInfo.h in Copy SecurityObjectSync Headers */, + DC3C72E61D8376EC00F6A832 /* SOSCloudCircleInternal.h in Copy SecurityObjectSync Headers */, + DC3C72E51D8376E600F6A832 /* SOSCloudCircle.h in Copy SecurityObjectSync Headers */, + DC3C72E41D8376DE00F6A832 /* SOSBackupSliceKeyBag.h in Copy SecurityObjectSync Headers */, + DC3C72E31D8376D700F6A832 /* SOSTypes.h in Copy SecurityObjectSync Headers */, + ); + name = "Copy SecurityObjectSync Headers"; + runOnlyForDeploymentPostprocessing = 1; + }; + DC1789E81D77A0E700B50D50 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = en.lproj; + dstSubfolderSpec = 7; + files = ( + DC1789E91D77A0F300B50D50 /* CloudKeychain.strings in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC178B8A1D77A54000B50D50 /* Old SOS header location */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /usr/local/include; + dstSubfolderSpec = 0; + files = ( + DC3C72F31D8377C400F6A832 /* SOSPeerInfo.h in Old SOS header location */, + DC3C72F21D8377BE00F6A832 /* SOSTypes.h in Old SOS header location */, + ); + name = "Old SOS header location"; + runOnlyForDeploymentPostprocessing = 1; + }; + DC3A4B681D91EB1700E46D4A /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /System/Library/Sandbox/Profiles; + dstSubfolderSpec = 0; + files = ( + DC3A4B691D91EB1F00E46D4A /* com.apple.CodeSigningHelper.sb in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DC59EA351D91CA82001BDDF5 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = /usr/share/man/man1/; + dstSubfolderSpec = 0; + files = ( + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DC59EA5C1D91CAF0001BDDF5 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = /usr/share/man/man1/; + dstSubfolderSpec = 0; + files = ( + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DC59EA6C1D91CB9F001BDDF5 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = /usr/share/man/man1/; + dstSubfolderSpec = 0; + files = ( + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DC5ABDC31D832DAB00CF422C /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = /usr/share/man/man1/; + dstSubfolderSpec = 0; + files = ( + DC5ABE1A1D832F3E00CF422C /* security.1 in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DC5AC04E1D8352D900CF422C /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = /usr/share/man/man1/; + dstSubfolderSpec = 0; + files = ( + DC5AC0C01D83538000CF422C /* securityd.1 in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DC610A301D78F129002223DE /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = /usr/share/man/man1/; + dstSubfolderSpec = 0; + files = ( + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DC610A451D78F48F002223DE /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = /usr/share/man/man1/; + dstSubfolderSpec = 0; + files = ( + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DC610A5B1D78F9D2002223DE /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = /AppleInternal/CoreOS/codesign_tests; + dstSubfolderSpec = 0; + files = ( + DC610A651D78FA5B002223DE /* CaspianTests in CopyFiles */, + DC610A661D78FA5B002223DE /* LocalCaspianTestRun.sh in CopyFiles */, + DC610A691D78FA8C002223DE /* teamid.sh in CopyFiles */, + DC610A6A1D78FA8C002223DE /* validation.sh in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DC610AB31D7910C3002223DE /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = /usr/share/man/man1/; + dstSubfolderSpec = 0; + files = ( + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DC6BC2711D90D04900DD57B3 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /System/Library/LaunchDaemons; + dstSubfolderSpec = 0; + files = ( + DC6BC2721D90D05900DD57B3 /* com.apple.securityd.plist in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DC963E7D1D95EBA8008A153E /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /usr/local/OpenSourceVersions; + dstSubfolderSpec = 0; + files = ( + DC963E7E1D95EBB1008A153E /* libsecurity_apple_csp.plist in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DC963E7F1D95EBC2008A153E /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /usr/local/OpenSourceLicenses; + dstSubfolderSpec = 0; + files = ( + DC963E801D95EBD1008A153E /* libsecurity_apple_csp.txt in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DC963E811D95EC04008A153E /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /usr/local/OpenSourceVersions; + dstSubfolderSpec = 0; + files = ( + DC963E821D95EC1C008A153E /* libsecurity_codesigning.plist in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DC963E831D95EC20008A153E /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /usr/local/OpenSourceLicenses; + dstSubfolderSpec = 0; + files = ( + DC963E841D95EC31008A153E /* libsecurity_codesigning.txt in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DCD0676D1D8CDEC1007602F1 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /usr/local/bin; + dstSubfolderSpec = 0; + files = ( + DCD067731D8CDEE0007602F1 /* gkrecord in CopyFiles */, + DCD067721D8CDEDC007602F1 /* gkgenerate in CopyFiles */, + DCD067711D8CDED9007602F1 /* gkclear in CopyFiles */, + DCD067701D8CDED5007602F1 /* gklist in CopyFiles */, + DCD0676F1D8CDED1007602F1 /* gkhandmake in CopyFiles */, + DCD0676E1D8CDECD007602F1 /* gkmerge in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DCD067741D8CDEE2007602F1 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /usr/libexec; + dstSubfolderSpec = 0; + files = ( + DCD067751D8CDEF2007602F1 /* gkreport in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DCD067761D8CDEF9007602F1 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /System/Library/LaunchDaemons; + dstSubfolderSpec = 0; + files = ( + DCD067771D8CDF02007602F1 /* com.apple.gkreport.plist in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DCE4E6A51D7A388C00AFB96E /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /usr/local/share/man/man1; + dstSubfolderSpec = 0; + files = ( + DCE4E6A81D7A38C400AFB96E /* security2.1 in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DCE4E7711D7A43B500AFB96E /* Copy DigiNotar Resources */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = DigiNotar; + dstSubfolderSpec = 7; + files = ( + DCE4E7721D7A43B500AFB96E /* Invalid-asterisk.google.com.crt in Copy DigiNotar Resources */, + DCE4E7731D7A43B500AFB96E /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar Resources */, + DCE4E7741D7A43B500AFB96E /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar Resources */, + DCE4E7751D7A43B500AFB96E /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar Resources */, + DCE4E7761D7A43B500AFB96E /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar Resources */, + DCE4E7771D7A43B500AFB96E /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar Resources */, + DCE4E7781D7A43B500AFB96E /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar Resources */, + DCE4E7791D7A43B500AFB96E /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar Resources */, + DCE4E77A1D7A43B500AFB96E /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar Resources */, + DCE4E77B1D7A43B500AFB96E /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar Resources */, + DCE4E77C1D7A43B500AFB96E /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar Resources */, + DCE4E77D1D7A43B500AFB96E /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt in Copy DigiNotar Resources */, + DCE4E77E1D7A43B500AFB96E /* Invalid-diginotarpkioverheidcaoverheid.crt in Copy DigiNotar Resources */, + DCE4E77F1D7A43B500AFB96E /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt in Copy DigiNotar Resources */, + DCE4E7801D7A43B500AFB96E /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt in Copy DigiNotar Resources */, + DCE4E7811D7A43B500AFB96E /* staatdernederlandenorganisatieca-g2-Cert.crt in Copy DigiNotar Resources */, + DCE4E7821D7A43B500AFB96E /* staatdernederlandenoverheidca-Cert.crt in Copy DigiNotar Resources */, + DCE4E7831D7A43B500AFB96E /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar Resources */, + ); + name = "Copy DigiNotar Resources"; + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E7841D7A43B500AFB96E /* Copy DigiNotar-Entrust Resources */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = "DigiNotar-Entrust"; + dstSubfolderSpec = 7; + files = ( + DCE4E7851D7A43B500AFB96E /* Invalid-asterisk.google.com.crt in Copy DigiNotar-Entrust Resources */, + DCE4E7861D7A43B500AFB96E /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar-Entrust Resources */, + DCE4E7871D7A43B500AFB96E /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar-Entrust Resources */, + DCE4E7881D7A43B500AFB96E /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar-Entrust Resources */, + DCE4E7891D7A43B500AFB96E /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar-Entrust Resources */, + DCE4E78A1D7A43B500AFB96E /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar-Entrust Resources */, + DCE4E78B1D7A43B500AFB96E /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar-Entrust Resources */, + DCE4E78C1D7A43B500AFB96E /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar-Entrust Resources */, + DCE4E78D1D7A43B500AFB96E /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar-Entrust Resources */, + DCE4E78E1D7A43B500AFB96E /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar-Entrust Resources */, + DCE4E78F1D7A43B500AFB96E /* diginotar.root.ca-entrust-secure-server-Cert.crt in Copy DigiNotar-Entrust Resources */, + DCE4E7901D7A43B500AFB96E /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar-Entrust Resources */, + DCE4E7911D7A43B500AFB96E /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt in Copy DigiNotar-Entrust Resources */, + DCE4E7921D7A43B500AFB96E /* Invalid-diginotarpkioverheidcaoverheid.crt in Copy DigiNotar-Entrust Resources */, + DCE4E7931D7A43B500AFB96E /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt in Copy DigiNotar-Entrust Resources */, + DCE4E7941D7A43B500AFB96E /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt in Copy DigiNotar-Entrust Resources */, + DCE4E7951D7A43B500AFB96E /* staatdernederlandenorganisatieca-g2-Cert.crt in Copy DigiNotar-Entrust Resources */, + DCE4E7961D7A43B500AFB96E /* staatdernederlandenoverheidca-Cert.crt in Copy DigiNotar-Entrust Resources */, + DCE4E7971D7A43B500AFB96E /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar-Entrust Resources */, + ); + name = "Copy DigiNotar-Entrust Resources"; + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E7981D7A43B500AFB96E /* Copy DigiNotar-ok Resources */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = "DigiNotar-ok"; + dstSubfolderSpec = 7; + files = ( + DCE4E7991D7A43B500AFB96E /* DigiNotarCA2007RootCertificate.crt in Copy DigiNotar-ok Resources */, + DCE4E79A1D7A43B500AFB96E /* DigiNotar_Root_CA_G2-RootCertificate.crt in Copy DigiNotar-ok Resources */, + DCE4E79B1D7A43B500AFB96E /* Invalid-asterisk.google.com.crt in Copy DigiNotar-ok Resources */, + DCE4E79C1D7A43B500AFB96E /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt in Copy DigiNotar-ok Resources */, + DCE4E79D1D7A43B500AFB96E /* Invalid-webmail.terneuzen.nl-diginotar-services.crt in Copy DigiNotar-ok Resources */, + DCE4E79E1D7A43B500AFB96E /* Invalid-www.maestre.com-diginotal.extended.validation.crt in Copy DigiNotar-ok Resources */, + DCE4E79F1D7A43B500AFB96E /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt in Copy DigiNotar-ok Resources */, + DCE4E7A01D7A43B500AFB96E /* diginotar-public-ca-2025-Cert.crt in Copy DigiNotar-ok Resources */, + DCE4E7A11D7A43B500AFB96E /* diginotar-services-1024-entrust-secure-server-Cert.crt in Copy DigiNotar-ok Resources */, + DCE4E7A21D7A43B500AFB96E /* diginotar-services-diginotar-root-Cert.crt in Copy DigiNotar-ok Resources */, + DCE4E7A31D7A43B500AFB96E /* diginotar.cyberca-gte.global.root-Cert.crt in Copy DigiNotar-ok Resources */, + DCE4E7A41D7A43B500AFB96E /* diginotar.extended.validation-diginotar.root.ca-Cert.crt in Copy DigiNotar-ok Resources */, + DCE4E7A51D7A43B500AFB96E /* Invalid-CertiID_Enterprise_Certificate_Authority.crt in Copy DigiNotar-ok Resources */, + DCE4E7A61D7A43B500AFB96E /* Invalid-webmail.portofamsterdam.nl.crt in Copy DigiNotar-ok Resources */, + DCE4E7A71D7A43B500AFB96E /* Expectations.plist in Copy DigiNotar-ok Resources */, + ); + name = "Copy DigiNotar-ok Resources"; + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E7A81D7A43B500AFB96E /* Copy DigiCertMalaysia Resources */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = DigicertMalaysia; + dstSubfolderSpec = 7; + files = ( + DCE4E7A91D7A43B500AFB96E /* Digisign-Server-ID-Enrich-Entrust-Cert.crt in Copy DigiCertMalaysia Resources */, + DCE4E7AA1D7A43B500AFB96E /* Digisign-Server-ID-Enrich-GTETrust-Cert.crt in Copy DigiCertMalaysia Resources */, + DCE4E7AB1D7A43B500AFB96E /* Invalid-webmail.jaring.my.crt in Copy DigiCertMalaysia Resources */, + DCE4E7AC1D7A43B500AFB96E /* Invalid-www.cybersecurity.my.crt in Copy DigiCertMalaysia Resources */, + ); + name = "Copy DigiCertMalaysia Resources"; + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E7F41D7A4DA800AFB96E /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = /System/Library/LaunchAgents; + dstSubfolderSpec = 0; + files = ( + DCE4E80A1D7A4E1D00AFB96E /* com.apple.secd.plist in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DCE4E80B1D7A4E2900AFB96E /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /System/Library/Preferences/Logging/Subsystems; + dstSubfolderSpec = 0; + files = ( + DCE4E80E1D7A4E3B00AFB96E /* com.apple.securityd.plist in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DCE4E8521D7A57AE00AFB96E /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = /System/Library/LaunchAgents; + dstSubfolderSpec = 0; + files = ( + DCE4E85F1D7A586200AFB96E /* com.apple.trustd.agent.plist in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DCE4E8541D7A57AE00AFB96E /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /System/Library/LaunchDaemons; + dstSubfolderSpec = 0; + files = ( + DCE4E8601D7A586A00AFB96E /* com.apple.trustd.plist in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DCE4E8CC1D7F358C00AFB96E /* Copy authorization.plist */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = "$(SYSTEM_LIBRARY_DIR)/Security"; + dstSubfolderSpec = 0; + files = ( + DCE4E8CD1D7F359F00AFB96E /* authorization.plist in Copy authorization.plist */, + ); + name = "Copy authorization.plist"; + runOnlyForDeploymentPostprocessing = 1; + }; + DCE4E8CE1D7F35A300AFB96E /* Copy sandbox profile */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = "$(SYSTEM_LIBRARY_DIR)/Sandbox/Profiles"; + dstSubfolderSpec = 0; + files = ( + DCE4E8D01D7F35BB00AFB96E /* com.apple.authd.sb in Copy sandbox profile */, + ); + name = "Copy sandbox profile"; + runOnlyForDeploymentPostprocessing = 1; + }; + DCE4E8D11D7F35C400AFB96E /* Copy asl module */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /private/etc/asl; + dstSubfolderSpec = 0; + files = ( + DCE4E8D31D7F35D800AFB96E /* com.apple.authd in Copy asl module */, + ); + name = "Copy asl module"; + runOnlyForDeploymentPostprocessing = 1; + }; + DCE4E8D41D7F360C00AFB96E /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /usr/local/include; + dstSubfolderSpec = 0; + files = ( + DCE4E8D61D7F361F00AFB96E /* authd_private.h in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + DCE4E9701D7F3EA700AFB96E /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /System/Library/LaunchAgents; + dstSubfolderSpec = 0; + files = ( + DCE4E9711D7F3EBB00AFB96E /* com.apple.security.keychain-circle-notification.plist in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + E73288DD1AED7215008CE839 /* Copy SecureObjectSync Headers */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = PrivateHeaders/SecureObjectSync; + dstSubfolderSpec = 1; + files = ( + DC3C72EF1D83778B00F6A832 /* SOSCloudCircleInternal.h in Copy SecureObjectSync Headers */, + DC3C72EE1D83778600F6A832 /* SOSTypes.h in Copy SecureObjectSync Headers */, + DC3C72ED1D83778100F6A832 /* SOSViews.h in Copy SecureObjectSync Headers */, + DC3C72EC1D83777B00F6A832 /* SOSPeerInfo.h in Copy SecureObjectSync Headers */, + DC3C72EB1D83777600F6A832 /* SOSCloudCircle.h in Copy SecureObjectSync Headers */, + DC3C72EA1D83777100F6A832 /* SOSPeerInfoV2.h in Copy SecureObjectSync Headers */, + DC3C72E91D83776B00F6A832 /* SOSBackupSliceKeyBag.h in Copy SecureObjectSync Headers */, + ); + name = "Copy SecureObjectSync Headers"; + runOnlyForDeploymentPostprocessing = 0; + }; + E7CFF7211C86602B00E3484E /* Install BATS Tests */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /AppleInternal/CoreOS/BATS/unit_tests; + dstSubfolderSpec = 0; + files = ( + E7EBDEBC1C87C0DB001BAA62 /* KeychainCircle.plist in Install BATS Tests */, + ); + name = "Install BATS Tests"; + runOnlyForDeploymentPostprocessing = 1; + }; + EB0BF1711D25B47A000DEF32 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /AppleInternal/CoreOS/tests/Security; + dstSubfolderSpec = 0; + files = ( + 485B640B1DC16E8300B771B9 /* SOSKeyedPubKeyIdentifier.h in CopyFiles */, + EB0BF1981D25B4BE000DEF32 /* README in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + EB0BF1991D25B54B000DEF32 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /AppleInternal/CoreOS/tests/Security; + dstSubfolderSpec = 0; + files = ( + EB0BF19A1D25B551000DEF32 /* README in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + EB5D72ED1B0CB082009CAA47 /* Old SOS header location */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /usr/local/include; + dstSubfolderSpec = 0; + files = ( + DC3C72F11D8377A300F6A832 /* SOSPeerInfo.h in Old SOS header location */, + DC3C72F01D83779A00F6A832 /* SOSTypes.h in Old SOS header location */, + ); + name = "Old SOS header location"; + runOnlyForDeploymentPostprocessing = 1; + }; + EB9C1DB41BDFD4F200F89272 /* Install BATS plist */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /AppleInternal/CoreOS/BATS/unit_tests; + dstSubfolderSpec = 0; + files = ( + EB9C1DB51BDFD50100F89272 /* Security.plist in Install BATS plist */, + EB3A8DFF1BEEC66F001A89AA /* Security_edumode.plist in Install BATS plist */, + ); + name = "Install BATS plist"; + runOnlyForDeploymentPostprocessing = 1; + }; + EBF374701DC055580065D840 /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = /usr/share/man/man1; + dstSubfolderSpec = 0; + files = ( + EBF374801DC058070065D840 /* security-sysdiagnose.1 in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; + F93C49061AB8FCE50047E01A /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 8; + dstPath = /usr/local/sbin; + dstSubfolderSpec = 0; + files = ( + F93C493B1AB8FF530047E01A /* ckcdiagnose.sh in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 1; + }; +/* End PBXCopyFilesBuildPhase section */ + +/* Begin PBXFileReference section */ + 0C0BDB2F175685B000BC1A7E /* secdtests */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = secdtests; sourceTree = BUILT_PRODUCTS_DIR; }; + 0C0BDB31175685B000BC1A7E /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; + 0C0BDB441756868B00BC1A7E /* testlist.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = testlist.h; sourceTree = ""; }; + 0C0C88771CCEC5BD00617D1B /* si-82-sectrust-ct-data */ = {isa = PBXFileReference; lastKnownFileType = folder; name = "si-82-sectrust-ct-data"; path = "../OSX/shared_regressions/si-82-sectrust-ct-data"; sourceTree = ""; }; + 0C0CEC9D1DA45EA200C22FBC /* recovery_key.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = recovery_key.h; sourceTree = ""; }; + 0C0CEC9E1DA45EA200C22FBC /* recovery_key.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = recovery_key.m; sourceTree = ""; }; + 0C2BCBA51D063F7D00ED7A2F /* dtlsEchoClient.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = dtlsEchoClient.c; sourceTree = ""; }; + 0C2BCBA61D063F7D00ED7A2F /* dtlsEchoServer.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = dtlsEchoServer.c; sourceTree = ""; }; + 0C2BCBA71D063F7D00ED7A2F /* README */ = {isa = PBXFileReference; lastKnownFileType = text; path = README; sourceTree = ""; }; + 0C2BCBB91D06401F00ED7A2F /* dtlsEchoClient */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = dtlsEchoClient; sourceTree = BUILT_PRODUCTS_DIR; }; + 0C2BCBCE1D0648D100ED7A2F /* dtlsEchoServer */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = dtlsEchoServer; sourceTree = BUILT_PRODUCTS_DIR; }; + 0C664AB2175926B20092D3D9 /* secdtests-entitlements.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "secdtests-entitlements.plist"; sourceTree = ""; }; + 0C78F1C916A5E13400654E08 /* sectask_regressions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sectask_regressions.h; sourceTree = ""; }; + 0C78F1CA16A5E1BF00654E08 /* sectask-10-sectask.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sectask-10-sectask.c"; sourceTree = ""; }; + 0C78F1CB16A5E1BF00654E08 /* sectask_ipc.defs */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.mig; path = sectask_ipc.defs; sourceTree = ""; }; + 0C869B421C865E4D006A2873 /* CoreCDP.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreCDP.framework; path = System/Library/PrivateFrameworks/CoreCDP.framework; sourceTree = SDKROOT; }; + 0CB321F01464A95F00587CD3 /* CreateCerts.sh */ = {isa = PBXFileReference; lastKnownFileType = text.script.sh; path = CreateCerts.sh; sourceTree = ""; }; + 0CFC029B1D41650700E6283B /* libcoretls.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libcoretls.dylib; path = usr/lib/libcoretls.dylib; sourceTree = SDKROOT; }; + 107226D00D91DB32003CF14F /* SecTask.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecTask.c; sourceTree = ""; }; + 107226D10D91DB32003CF14F /* SecTask.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTask.h; path = sectask/SecTask.h; sourceTree = ""; }; + 107227350D91FE89003CF14F /* libbsm.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libbsm.dylib; path = usr/lib/libbsm.dylib; sourceTree = SDKROOT; }; + 18351B8F14CB65870097860E /* SecBase64.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecBase64.h; sourceTree = ""; }; + 2281820D17B4686C0067C9C9 /* BackgroundTaskAgent.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = BackgroundTaskAgent.framework; path = System/Library/PrivateFrameworks/BackgroundTaskAgent.framework; sourceTree = SDKROOT; }; + 22C002A31AC9D33100B3469E /* OTAPKIAssetTool.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = OTAPKIAssetTool.xcconfig; sourceTree = ""; }; + 433E519D1B66D5F600482618 /* AppSupport.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AppSupport.framework; path = System/Library/PrivateFrameworks/AppSupport.framework; sourceTree = SDKROOT; }; + 4381690C1B4EDCBD00C54D58 /* SOSCCAuthPlugin.bundle */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = SOSCCAuthPlugin.bundle; sourceTree = BUILT_PRODUCTS_DIR; }; + 4381690F1B4EDCBD00C54D58 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; + 438169E11B4EDEE200C54D58 /* SOSCCAuthPlugin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSCCAuthPlugin.h; sourceTree = ""; }; + 438169E21B4EDEE200C54D58 /* SOSCCAuthPlugin.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SOSCCAuthPlugin.m; sourceTree = ""; }; + 43DB542E1BB1F85B0083C3F1 /* ProtectedCloudStorage.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = ProtectedCloudStorage.framework; path = System/Library/PrivateFrameworks/ProtectedCloudStorage.framework; sourceTree = SDKROOT; }; + 4432AF6A1A01458F000958DC /* libcoreauthd_client.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; name = libcoreauthd_client.a; path = usr/local/lib/libcoreauthd_client.a; sourceTree = SDKROOT; }; + 4432AF8C1A01472C000958DC /* libaks_acl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; name = libaks_acl.a; path = usr/local/lib/libaks_acl.a; sourceTree = SDKROOT; }; + 443381D918A3D81400215606 /* SecAccessControl.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecAccessControl.h; sourceTree = ""; }; + 443381DA18A3D81400215606 /* SecAccessControlPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecAccessControlPriv.h; sourceTree = ""; }; + 4469FBDC1AA0A45C0021AA26 /* libctkclient_test.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libctkclient_test.a; path = usr/local/lib/libctkclient_test.a; sourceTree = SDKROOT; }; + 4469FBDD1AA0A45C0021AA26 /* libctkclient.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libctkclient.a; path = usr/local/lib/libctkclient.a; sourceTree = SDKROOT; }; + 48284A041D1DB06E00C76CB7 /* README_os_log_prefs.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = README_os_log_prefs.txt; path = OSX/sec/os_log/README_os_log_prefs.txt; sourceTree = ""; }; + 483E79891DC875F2005C0008 /* secd-67-prefixedKeyIDs.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = "secd-67-prefixedKeyIDs.c"; sourceTree = ""; }; + 485B64081DC16E8300B771B9 /* SOSKeyedPubKeyIdentifier.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSKeyedPubKeyIdentifier.c; sourceTree = ""; }; + 485B64091DC16E8300B771B9 /* SOSKeyedPubKeyIdentifier.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSKeyedPubKeyIdentifier.h; sourceTree = ""; }; + 48776C731DA5BB4200CC09B9 /* SOSRecoveryKeyBag.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSRecoveryKeyBag.c; sourceTree = ""; }; + 48776C741DA5BB4200CC09B9 /* SOSRecoveryKeyBag.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSRecoveryKeyBag.h; sourceTree = ""; }; + 48776C7C1DA5BB5F00CC09B9 /* SOSRingRecovery.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSRingRecovery.c; sourceTree = ""; }; + 48776C7D1DA5BB5F00CC09B9 /* SOSRingRecovery.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSRingRecovery.h; sourceTree = ""; }; + 48776C801DA5BC0E00CC09B9 /* SOSAccountRecovery.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountRecovery.c; sourceTree = ""; }; + 48AFBA751DEF8D3100436D08 /* secd-80-views-alwayson.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-80-views-alwayson.c"; sourceTree = ""; }; + 48BC0F5C1DFA2B4500DDDFF9 /* accountCirclesViewsPrint.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = accountCirclesViewsPrint.c; sourceTree = ""; }; + 48BC0F5D1DFA2B4500DDDFF9 /* accountCirclesViewsPrint.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = accountCirclesViewsPrint.h; sourceTree = ""; }; + 48CC58971DA5FF0B00EBD9DB /* secd-66-account-recovery.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-66-account-recovery.c"; sourceTree = ""; }; + 48E6171A1DBEC40D0098EAAD /* SOSBackupInformation.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSBackupInformation.c; sourceTree = ""; }; + 48E6171B1DBEC40D0098EAAD /* SOSBackupInformation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSBackupInformation.h; sourceTree = ""; }; + 4AF7FFF315AFB73800B9D400 /* SecOTR.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOTR.h; sourceTree = ""; }; + 4AF7FFF415AFB73800B9D400 /* SecOTRDHKey.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOTRDHKey.h; sourceTree = ""; }; + 4AF7FFF515AFB73800B9D400 /* SecOTRErrors.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOTRErrors.h; sourceTree = ""; }; + 4AF7FFF615AFB73800B9D400 /* SecOTRIdentityPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOTRIdentityPriv.h; sourceTree = ""; }; + 4AF7FFF715AFB73800B9D400 /* SecOTRMath.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOTRMath.h; sourceTree = ""; }; + 4AF7FFF915AFB73800B9D400 /* SecOTRPacketData.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOTRPacketData.h; sourceTree = ""; }; + 4AF7FFFA15AFB73800B9D400 /* SecOTRPackets.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOTRPackets.h; sourceTree = ""; }; + 4AF7FFFB15AFB73800B9D400 /* SecOTRSession.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOTRSession.h; sourceTree = ""; }; + 4AF7FFFC15AFB73800B9D400 /* SecOTRSessionPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOTRSessionPriv.h; sourceTree = ""; }; + 4C0208F80D3C154200BFE54E /* SecBasePriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecBasePriv.h; path = base/SecBasePriv.h; sourceTree = ""; }; + 4C04A90811924BBC0020550C /* SecKeyInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecKeyInternal.h; sourceTree = ""; }; + 4C079EBC1794A96200D73970 /* ServiceManagement.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = ServiceManagement.framework; path = System/Library/PrivateFrameworks/ServiceManagement.framework; sourceTree = SDKROOT; }; + 4C0B906C0ACCBD240077CD03 /* SecFramework.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecFramework.h; sourceTree = ""; }; + 4C12828C0BB4957D00985BB0 /* SecTrustSettingsPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTrustSettingsPriv.h; path = trust/SecTrustSettingsPriv.h; sourceTree = ""; }; + 4C198F1E0ACDB4BF00AAB142 /* English */ = {isa = PBXFileReference; fileEncoding = 10; lastKnownFileType = text.plist.strings; name = English; path = English.lproj/Certificate.strings; sourceTree = ""; }; + 4C198F200ACDB4BF00AAB142 /* English */ = {isa = PBXFileReference; fileEncoding = 10; lastKnownFileType = text.plist.strings; name = English; path = English.lproj/OID.strings; sourceTree = ""; usesTabs = 1; }; + 4C1B442C0BB9CAF900461B82 /* SecTrustStore.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecTrustStore.h; sourceTree = ""; }; + 4C28BCD60986EBCB0020C665 /* certextensions.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = certextensions.h; path = cssm/certextensions.h; sourceTree = ""; }; + 4C2F81D40BF121D2003C4F77 /* SecRandom.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecRandom.h; path = base/SecRandom.h; sourceTree = ""; }; + 4C32C0AF0A4975F6002891BD /* Security.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Security.framework; sourceTree = BUILT_PRODUCTS_DIR; }; + 4C35DC37094F9120002917C4 /* Security-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "Security-Info.plist"; sourceTree = ""; }; + 4C3CECEA1416DB2200947741 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Invalid-CertiID_Enterprise_Certificate_Authority.crt"; sourceTree = ""; }; + 4C3CECEB1416DB2200947741 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt"; sourceTree = ""; }; + 4C3CECEC1416DB2200947741 /* Invalid-diginotarpkioverheidcaoverheid.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Invalid-diginotarpkioverheidcaoverheid.crt"; sourceTree = ""; }; + 4C3CECED1416DB2200947741 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt"; sourceTree = ""; }; + 4C3CECEE1416DB2200947741 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt; sourceTree = ""; }; + 4C3CECEF1416DB2200947741 /* Ministerie_van_Defensie_Certificatie_Autoriteit.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = Ministerie_van_Defensie_Certificatie_Autoriteit.crt; sourceTree = ""; }; + 4C3CECF01416DB2200947741 /* staatdernederlandenorganisatieca-g2-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = "staatdernederlandenorganisatieca-g2-Cert.crt"; sourceTree = ""; }; + 4C3CECF11416DB2200947741 /* staatdernederlandenoverheidca-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = "staatdernederlandenoverheidca-Cert.crt"; sourceTree = ""; }; 4C3CECF21416E20400947741 /* DigiNotar_Root_CA_G2-RootCertificate.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = "DigiNotar_Root_CA_G2-RootCertificate.crt"; sourceTree = ""; }; 4C3DD6AE179755560093F9D8 /* NSDate+TimeIntervalDescription.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSDate+TimeIntervalDescription.h"; sourceTree = ""; }; 4C3DD6AF179755560093F9D8 /* NSDate+TimeIntervalDescription.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSDate+TimeIntervalDescription.m"; sourceTree = ""; }; - 4C4296300BB0A68200491999 /* SecTrustSettings.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecTrustSettings.h; sourceTree = ""; }; + 4C4296300BB0A68200491999 /* SecTrustSettings.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTrustSettings.h; path = trust/SecTrustSettings.h; sourceTree = ""; }; 4C465C7D13AFD82300E841AC /* SecurityDevTests-Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "SecurityDevTests-Info.plist"; sourceTree = ""; }; 4C4CB7100DDA44900026B660 /* entitlements.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = entitlements.plist; sourceTree = ""; }; 4C4CE9070AF81ED80056B01D /* TODO */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = TODO; sourceTree = ""; }; @@ -2969,30 +7191,27 @@ 4C52D0E416EFCCA20079966E /* com.apple.security.CircleJoinRequested.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = com.apple.security.CircleJoinRequested.plist; sourceTree = ""; }; 4C52D0E516EFCCA20079966E /* NSArray+map.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSArray+map.h"; sourceTree = ""; }; 4C52D0E616EFCCA20079966E /* NSArray+map.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSArray+map.m"; sourceTree = ""; }; - 4C6416D40BB34F00001C83FD /* SecPolicyPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecPolicyPriv.h; sourceTree = ""; }; - 4C6416F00BB357D5001C83FD /* SecInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecInternal.h; sourceTree = ""; }; - 4C64E00B0B8FBBF3009B306C /* Security.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Security.h; sourceTree = ""; }; - 4C696B3709BFA94F000CBC75 /* SecBase.h */ = {isa = PBXFileReference; explicitFileType = sourcecode.c.h; fileEncoding = 4; path = SecBase.h; sourceTree = ""; }; - 4C7072840AC9EA4E007CC205 /* SecKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecKey.h; sourceTree = ""; }; - 4C7072D30AC9ED5A007CC205 /* SecKeyPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecKeyPriv.h; sourceTree = ""; }; + 4C6416D40BB34F00001C83FD /* SecPolicyPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecPolicyPriv.h; path = trust/SecPolicyPriv.h; sourceTree = ""; }; + 4C6416F00BB357D5001C83FD /* SecInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecInternal.h; path = base/SecInternal.h; sourceTree = ""; }; + 4C64E00B0B8FBBF3009B306C /* Security.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Security.h; path = base/Security.h; sourceTree = ""; }; + 4C696B3709BFA94F000CBC75 /* SecBase.h */ = {isa = PBXFileReference; explicitFileType = sourcecode.c.h; fileEncoding = 4; name = SecBase.h; path = base/SecBase.h; sourceTree = ""; }; + 4C7072840AC9EA4E007CC205 /* SecKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecKey.h; path = keychain/SecKey.h; sourceTree = ""; }; + 4C7072D30AC9ED5A007CC205 /* SecKeyPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecKeyPriv.h; path = keychain/SecKeyPriv.h; sourceTree = ""; }; 4C7073C80ACB2BAD007CC205 /* SecRSAKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecRSAKey.h; sourceTree = ""; }; 4C711D7613AFCD0900FE865D /* SecurityDevTests.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = SecurityDevTests.app; sourceTree = BUILT_PRODUCTS_DIR; }; 4C7391770B01745000C4CBFA /* vmdh.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = vmdh.h; sourceTree = ""; }; 4C7416020F1D71A2008E0E4D /* SecSCEP.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecSCEP.h; sourceTree = ""; }; - 4C7608B10AC34A8100980096 /* SecCertificatePriv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecCertificatePriv.h; sourceTree = ""; }; + 4C7608B10AC34A8100980096 /* SecCertificatePriv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = SecCertificatePriv.h; path = trust/SecCertificatePriv.h; sourceTree = ""; }; 4C7913241799A5CB00A9633E /* MobileCoreServices.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = MobileCoreServices.framework; path = System/Library/Frameworks/MobileCoreServices.framework; sourceTree = SDKROOT; }; 4C7CE56E0DC7DB0A00AE53FC /* SecEntitlements.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecEntitlements.h; sourceTree = ""; }; 4C84DA541720698900AEE225 /* AppleAccount.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AppleAccount.framework; path = System/Library/PrivateFrameworks/AppleAccount.framework; sourceTree = SDKROOT; }; 4C84DA6217207E8D00AEE225 /* entitlements.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = entitlements.plist; sourceTree = ""; }; - 4C8786A10B03E05D00BB77D4 /* libDER.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libDER.xcodeproj; path = OSX/libsecurity_keychain/libDER/libDER.xcodeproj; sourceTree = ""; }; - 4C8786D90B03E1BC00BB77D4 /* libDER.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libDER.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 4C87F3A70D611C26000E7104 /* SecTrustPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecTrustPriv.h; sourceTree = ""; }; + 4C87F3A70D611C26000E7104 /* SecTrustPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTrustPriv.h; path = trust/SecTrustPriv.h; sourceTree = ""; }; 4C8A38C817B93DF10001B4C0 /* CloudServices.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CloudServices.framework; path = System/Library/PrivateFrameworks/CloudServices.framework; sourceTree = SDKROOT; }; 4C8B91C51416EB6A00A254E2 /* Invalid-webmail.portofamsterdam.nl.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Invalid-webmail.portofamsterdam.nl.crt"; sourceTree = ""; }; 4C8E99C20FC601D50072EB4C /* SecFrameworkStrings.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecFrameworkStrings.h; sourceTree = ""; }; - 4C8FD03D099D5C91006867B6 /* SecCertificate.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecCertificate.h; sourceTree = ""; }; - 4C8FD03E099D5C91006867B6 /* SecTrust.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecTrust.h; sourceTree = ""; }; - 4C97DD160AA65A94003FC05C /* SecItemConstants.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = SecItemConstants.c; sourceTree = ""; }; + 4C8FD03D099D5C91006867B6 /* SecCertificate.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = SecCertificate.h; path = trust/SecCertificate.h; sourceTree = ""; }; + 4C8FD03E099D5C91006867B6 /* SecTrust.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = SecTrust.h; path = trust/SecTrust.h; sourceTree = ""; }; 4C999BA10AB5F0BB0010451D /* NtlmGenerator.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = NtlmGenerator.c; sourceTree = ""; }; 4C999BA20AB5F0BB0010451D /* NtlmGenerator.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = NtlmGenerator.h; sourceTree = ""; }; 4C999BA30AB5F0BB0010451D /* ntlmBlobPriv.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = ntlmBlobPriv.c; sourceTree = ""; }; @@ -3004,17 +7223,17 @@ 4CA880C20DDBC87200D9A0F2 /* sslServer-entitlements.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "sslServer-entitlements.plist"; sourceTree = ""; }; 4CA880C30DDBC87200D9A0F2 /* sslViewer-entitlements.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "sslViewer-entitlements.plist"; sourceTree = ""; }; 4CAB97FD1114CC5300EFB38D /* README.keychain */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = README.keychain; sourceTree = ""; }; - 4CAC87D60B8F82720009C9FC /* SecIdentity.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecIdentity.h; sourceTree = ""; }; + 4CAC87D60B8F82720009C9FC /* SecIdentity.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecIdentity.h; path = keychain/SecIdentity.h; sourceTree = ""; }; 4CB7405F0A47498100D641BB /* Security.exp-in */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = "Security.exp-in"; sourceTree = ""; }; 4CB740680A4749C800D641BB /* libsqlite3.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libsqlite3.dylib; path = usr/lib/libsqlite3.dylib; sourceTree = SDKROOT; }; 4CB740A30A47567C00D641BB /* security */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = security; sourceTree = BUILT_PRODUCTS_DIR; }; - 4CBA0E860BB33C0000E72B55 /* SecPolicy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecPolicy.h; sourceTree = ""; }; + 4CBA0E860BB33C0000E72B55 /* SecPolicy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecPolicy.h; path = trust/SecPolicy.h; sourceTree = ""; }; 4CBCE5A90BE7F69100FF81F5 /* IOKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = IOKit.framework; path = System/Library/Frameworks/IOKit.framework; sourceTree = SDKROOT; }; 4CC3D28F178F310B0070FCC4 /* PersistentState.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = PersistentState.h; sourceTree = ""; }; 4CC3D290178F310C0070FCC4 /* PersistentState.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = PersistentState.m; sourceTree = ""; }; 4CC92ABA15A3B3D900C6D578 /* testlist.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = testlist.h; sourceTree = ""; }; 4CC92B1B15A3BF2F00C6D578 /* testmain.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = testmain.c; sourceTree = ""; }; - 4CCE0AD90D41797400DDBB21 /* SecIdentityPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecIdentityPriv.h; sourceTree = ""; }; + 4CCE0AD90D41797400DDBB21 /* SecIdentityPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecIdentityPriv.h; path = keychain/SecIdentityPriv.h; sourceTree = ""; }; 4CCE0AE10D417A2700DDBB21 /* sslAppUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sslAppUtils.h; sourceTree = ""; }; 4CD3BA601106FF4D00BE8B75 /* SecECKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecECKey.h; sourceTree = ""; }; 4CE5A54D09C796E200D27A3F /* sslViewer */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = sslViewer; sourceTree = BUILT_PRODUCTS_DIR; }; @@ -3031,64 +7250,17 @@ 4CE7EA561AEAE8D60067F5BD /* SecItemBackup.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecItemBackup.h; sourceTree = ""; }; 4CEDF7370F3A6CFB0027C4FE /* SecItemInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecItemInternal.h; sourceTree = ""; }; 4CEF4CA70C5551FE00062475 /* SecCertificateInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCertificateInternal.h; sourceTree = ""; }; - 4CF0484A0A5D988F00268236 /* SecItem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecItem.h; sourceTree = ""; }; - 4CF0487F0A5F016300268236 /* SecItemPriv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecItemPriv.h; sourceTree = ""; }; + 4CF0484A0A5D988F00268236 /* SecItem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecItem.h; path = keychain/SecItem.h; sourceTree = ""; }; + 4CF0487F0A5F016300268236 /* SecItemPriv.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = SecItemPriv.h; path = keychain/SecItemPriv.h; sourceTree = ""; }; 4CF41D0A0BBB4022005F3248 /* SecCertificatePath.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCertificatePath.h; sourceTree = ""; }; 4CF4C19C171E0EA600877419 /* Accounts.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Accounts.framework; path = System/Library/Frameworks/Accounts.framework; sourceTree = SDKROOT; }; 4CF730310EF9CDE300E17471 /* CFNetwork.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CFNetwork.framework; path = System/Library/Frameworks/CFNetwork.framework; sourceTree = SDKROOT; }; 4CFBF5F10D5A92E100969BBE /* SecPolicyInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecPolicyInternal.h; sourceTree = ""; }; - 5208F4BB1670027400A49DDA /* SyncViewController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SyncViewController.h; sourceTree = ""; }; - 5208F4BC1670027400A49DDA /* SyncViewController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SyncViewController.m; sourceTree = ""; }; - 5208F4CD16702D8800A49DDA /* CircleStatusView.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CircleStatusView.h; sourceTree = ""; }; - 5208F4CE16702D8800A49DDA /* CircleStatusView.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = CircleStatusView.m; sourceTree = ""; }; - 520C98E7162485CA00A7C80B /* QuartzCore.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = QuartzCore.framework; path = /System/Library/Frameworks/QuartzCore.framework; sourceTree = ""; }; 52222CC0167BDAE100EDD09C /* SpringBoardServices.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = SpringBoardServices.framework; path = System/Library/PrivateFrameworks/SpringBoardServices.framework; sourceTree = SDKROOT; }; - 524492931AFD6D480043695A /* der_plist.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = der_plist.h; path = ../../utilities/src/der_plist.h; sourceTree = ""; }; - 5264FB4C163674B50005D258 /* MyKeychain.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MyKeychain.h; sourceTree = ""; }; - 5264FB4D163674B50005D258 /* MyKeychain.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MyKeychain.m; sourceTree = ""; }; - 52704B7D1638F4EB007FEBB0 /* KeychainKeys.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = KeychainKeys.png; sourceTree = ""; }; - 52704B7F1638F610007FEBB0 /* NewPasswordViewController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NewPasswordViewController.h; sourceTree = ""; }; - 52704B801638F610007FEBB0 /* NewPasswordViewController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; lineEnding = 0; path = NewPasswordViewController.m; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objc; }; - 52704B82163905EE007FEBB0 /* EditItemViewController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = EditItemViewController.h; sourceTree = ""; }; - 52704B83163905EE007FEBB0 /* EditItemViewController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; lineEnding = 0; path = EditItemViewController.m; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objc; }; - 52704B871639193F007FEBB0 /* Keychain-Entitlements.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "Keychain-Entitlements.plist"; sourceTree = ""; }; - 527435A916A9E6D1001A96FF /* Keychain_57x57.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = Keychain_57x57.png; path = Keychain/Keychain_57x57.png; sourceTree = SOURCE_ROOT; }; - 527435AB16A9E6DB001A96FF /* Keychain_114x114.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = Keychain_114x114.png; path = Keychain/Keychain_114x114.png; sourceTree = SOURCE_ROOT; }; - 527435AD16A9E6E5001A96FF /* Keychain_72x72.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = Keychain_72x72.png; path = Keychain/Keychain_72x72.png; sourceTree = SOURCE_ROOT; }; - 527435AF16A9E6E9001A96FF /* Keychain_144x144.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = Keychain_144x144.png; path = Keychain/Keychain_144x144.png; sourceTree = SOURCE_ROOT; }; - 529990521661BA2600C297A2 /* DeviceTableViewController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DeviceTableViewController.h; sourceTree = ""; }; - 529990531661BA2600C297A2 /* DeviceTableViewController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = DeviceTableViewController.m; sourceTree = ""; }; - 529990551661BADF00C297A2 /* DeviceItemCell.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DeviceItemCell.h; sourceTree = ""; }; - 529990561661BADF00C297A2 /* DeviceItemCell.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = DeviceItemCell.m; sourceTree = ""; }; + 524492931AFD6D480043695A /* der_plist.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = der_plist.h; path = src/der_plist.h; sourceTree = ""; }; 52A23EDB161DEC3700E271E0 /* Default-568h@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = "Default-568h@2x.png"; path = "SecurityTests/Default-568h@2x.png"; sourceTree = SOURCE_ROOT; }; - 52B35B051623753000B97D06 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = /System/Library/Frameworks/Security.framework; sourceTree = ""; }; - 52CD69F916384C1F00961848 /* KCAItemDetailViewController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KCAItemDetailViewController.h; sourceTree = ""; }; - 52CD69FA16384C2000961848 /* KCAItemDetailViewController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = KCAItemDetailViewController.m; sourceTree = ""; }; 52D82BD316A5EADA0078DFE5 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = System/Library/Frameworks/Security.framework; sourceTree = SDKROOT; }; 52D82BDE16A621F70078DFE5 /* CloudKeychainProxy.bundle */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = CloudKeychainProxy.bundle; sourceTree = BUILT_PRODUCTS_DIR; }; - 52DE81691636347500F49F0C /* Keychain.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = Keychain.app; sourceTree = BUILT_PRODUCTS_DIR; }; - 52DE81701636347500F49F0C /* Keychain-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "Keychain-Info.plist"; sourceTree = ""; }; - 52DE81741636347500F49F0C /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; - 52DE81771636347600F49F0C /* AppDelegate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AppDelegate.h; sourceTree = ""; }; - 52DE81781636347600F49F0C /* AppDelegate.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = AppDelegate.m; sourceTree = ""; }; - 52DE817A1636347600F49F0C /* Default.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = Default.png; sourceTree = ""; }; - 52DE817C1636347600F49F0C /* Default@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "Default@2x.png"; sourceTree = ""; }; - 52DE817E1636347600F49F0C /* Default-568h@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = "Default-568h@2x.png"; path = "Keychain/Default-568h@2x.png"; sourceTree = SOURCE_ROOT; }; - 52DE81861636347600F49F0C /* FirstViewController.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = FirstViewController.h; sourceTree = ""; }; - 52DE81871636347600F49F0C /* FirstViewController.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = FirstViewController.m; sourceTree = ""; }; - 52DE81891636347600F49F0C /* first.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = first.png; sourceTree = ""; }; - 52DE818B1636347600F49F0C /* first@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "first@2x.png"; sourceTree = ""; }; - 52DE818D1636347600F49F0C /* ToolsViewController.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ToolsViewController.h; sourceTree = ""; }; - 52DE818E1636347600F49F0C /* ToolsViewController.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; lineEnding = 0; path = ToolsViewController.m; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objc; }; - 52DE81901636347600F49F0C /* second.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = second.png; sourceTree = ""; }; - 52DE81921636347600F49F0C /* second@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "second@2x.png"; sourceTree = ""; }; - 52DE819A163636B900F49F0C /* KCATableViewController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KCATableViewController.h; sourceTree = ""; }; - 52DE819B163636B900F49F0C /* KCATableViewController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = KCATableViewController.m; sourceTree = ""; }; - 52DE819D16363C1A00F49F0C /* KeychainItemCell.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KeychainItemCell.h; sourceTree = ""; }; - 52DE819E16363C1A00F49F0C /* KeychainItemCell.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = KeychainItemCell.m; sourceTree = ""; }; - 52F63A1E1659F04E0076D2DE /* DeviceViewController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DeviceViewController.h; sourceTree = ""; }; - 52F63A1F1659F04E0076D2DE /* DeviceViewController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = DeviceViewController.m; sourceTree = ""; }; - 52F8DE4D1AF2EB8F00A2C271 /* SOSTypes.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SOSTypes.h; path = SecureObjectSync/SOSTypes.h; sourceTree = ""; }; 5346480117331E1200FE9172 /* KeychainSyncAccountNotification.bundle */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = KeychainSyncAccountNotification.bundle; sourceTree = BUILT_PRODUCTS_DIR; }; 5346480517331E1200FE9172 /* KeychainSyncAccountNotification-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "KeychainSyncAccountNotification-Info.plist"; sourceTree = ""; }; 5346480717331E1200FE9172 /* en */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = en; path = en.lproj/InfoPlist.strings; sourceTree = ""; }; @@ -3120,48 +7292,37 @@ 72CD2BBC16D59AE30064EEE1 /* OTAServiceApp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OTAServiceApp.h; sourceTree = ""; }; 72CD2BBD16D59AE30064EEE1 /* OTAServicemain.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = OTAServicemain.m; sourceTree = ""; }; 78F92F10195128D70023B54B /* SecECKeyPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecECKeyPriv.h; sourceTree = ""; }; - 7901790E12D51F7200CA4D44 /* SecCmsBase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsBase.h; path = libsecurity_smime/lib/SecCmsBase.h; sourceTree = ""; }; - 7901790F12D51F7200CA4D44 /* SecCmsContentInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsContentInfo.h; path = libsecurity_smime/lib/SecCmsContentInfo.h; sourceTree = ""; }; - 7901791012D51F7200CA4D44 /* SecCmsDecoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsDecoder.h; path = libsecurity_smime/lib/SecCmsDecoder.h; sourceTree = ""; }; - 7901791112D51F7200CA4D44 /* SecCmsDigestContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsDigestContext.h; path = libsecurity_smime/lib/SecCmsDigestContext.h; sourceTree = ""; }; - 7901791212D51F7200CA4D44 /* SecCmsEncoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsEncoder.h; path = libsecurity_smime/lib/SecCmsEncoder.h; sourceTree = ""; }; - 7901791312D51F7200CA4D44 /* SecCmsEnvelopedData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsEnvelopedData.h; path = libsecurity_smime/lib/SecCmsEnvelopedData.h; sourceTree = ""; }; - 7901791412D51F7200CA4D44 /* SecCmsMessage.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsMessage.h; path = libsecurity_smime/lib/SecCmsMessage.h; sourceTree = ""; }; - 7901791512D51F7200CA4D44 /* SecCmsRecipientInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsRecipientInfo.h; path = libsecurity_smime/lib/SecCmsRecipientInfo.h; sourceTree = ""; }; - 7901791612D51F7200CA4D44 /* SecCmsSignedData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsSignedData.h; path = libsecurity_smime/lib/SecCmsSignedData.h; sourceTree = ""; }; - 7901791712D51F7200CA4D44 /* SecCmsSignerInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCmsSignerInfo.h; path = libsecurity_smime/lib/SecCmsSignerInfo.h; sourceTree = ""; }; - 7901792812D51FFC00CA4D44 /* SecAsn1Types.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecAsn1Types.h; path = OSX/libsecurity_asn1/lib/SecAsn1Types.h; sourceTree = ""; }; + 7901790E12D51F7200CA4D44 /* SecCmsBase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsBase.h; sourceTree = ""; }; + 7901790F12D51F7200CA4D44 /* SecCmsContentInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsContentInfo.h; sourceTree = ""; }; + 7901791012D51F7200CA4D44 /* SecCmsDecoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsDecoder.h; sourceTree = ""; }; + 7901791112D51F7200CA4D44 /* SecCmsDigestContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsDigestContext.h; sourceTree = ""; }; + 7901791212D51F7200CA4D44 /* SecCmsEncoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsEncoder.h; sourceTree = ""; }; + 7901791312D51F7200CA4D44 /* SecCmsEnvelopedData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsEnvelopedData.h; sourceTree = ""; }; + 7901791412D51F7200CA4D44 /* SecCmsMessage.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsMessage.h; sourceTree = ""; }; + 7901791512D51F7200CA4D44 /* SecCmsRecipientInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsRecipientInfo.h; sourceTree = ""; }; + 7901791612D51F7200CA4D44 /* SecCmsSignedData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsSignedData.h; sourceTree = ""; }; + 7901791712D51F7200CA4D44 /* SecCmsSignerInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsSignerInfo.h; sourceTree = ""; }; 7908507F0CA87CF00083CC4D /* client.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = client.c; sourceTree = ""; }; 790850820CA87CF00083CC4D /* securityd_client.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = securityd_client.h; sourceTree = ""; }; - 790850830CA87CF00083CC4D /* securityd_ipc_types.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = securityd_ipc_types.h; sourceTree = ""; }; 790850840CA87CF00083CC4D /* server.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = server.c; sourceTree = ""; }; 790851B60CA9859F0083CC4D /* securityd */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = securityd; sourceTree = BUILT_PRODUCTS_DIR; }; 7913B1DF0D17280500601FE9 /* sslServer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = sslServer.cpp; sourceTree = ""; }; 7913B2110D172B3900601FE9 /* sslServer */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = sslServer; sourceTree = BUILT_PRODUCTS_DIR; }; - 791766DD0DD0162C00F3B974 /* SecCertificateRequest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCertificateRequest.h; sourceTree = ""; }; + 791766DD0DD0162C00F3B974 /* SecCertificateRequest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCertificateRequest.h; path = trust/SecCertificateRequest.h; sourceTree = ""; }; 7940D4110C3ACF9000FDB5D8 /* SecDH.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SecDH.h; sourceTree = ""; }; 794743191462137C00D638A3 /* Invalid-www.cybersecurity.my.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Invalid-www.cybersecurity.my.crt"; sourceTree = ""; }; 7947431C146214E500D638A3 /* Digisign-Server-ID-Enrich-GTETrust-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Digisign-Server-ID-Enrich-GTETrust-Cert.crt"; sourceTree = ""; }; - 795CA97A0D38269B00BAE6A2 /* libsecurity_asn1.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_asn1.xcodeproj; path = OSX/libsecurity_asn1/libsecurity_asn1.xcodeproj; sourceTree = ""; }; 795CA9CC0D38435E00BAE6A2 /* p12pbegen.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = p12pbegen.h; sourceTree = ""; }; 79679E251462028800CF997F /* Digisign-Server-ID-Enrich-Entrust-Cert.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Digisign-Server-ID-Enrich-Entrust-Cert.crt"; sourceTree = ""; }; 79679E261462028800CF997F /* Invalid-webmail.jaring.my.crt */ = {isa = PBXFileReference; lastKnownFileType = file; path = "Invalid-webmail.jaring.my.crt"; sourceTree = ""; }; - 79863B700CADCEAB00818B0D /* com.apple.securityd.plist */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.plist.xml; path = com.apple.securityd.plist; sourceTree = ""; }; - 79863B940CADD21700818B0D /* securityd_server.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = securityd_server.h; sourceTree = ""; }; - 798B7FD40D3D7B5400AC1D04 /* libASN1.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libASN1.a; sourceTree = BUILT_PRODUCTS_DIR; }; - 79BDD3940D60D5F9000D84D3 /* libsecurity_smime.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_smime.xcodeproj; path = libsecurity_smime/libsecurity_smime.xcodeproj; sourceTree = ""; }; + 79BDD3940D60D5F9000D84D3 /* libCMS.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libCMS.xcodeproj; path = ../../../libsecurity_smime/libCMS.xcodeproj; sourceTree = ""; }; 79BDD3C00D60DB84000D84D3 /* SecCMS.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCMS.h; sourceTree = ""; }; - 79EF5B6C0D3D6A31009F5270 /* SecImportExport.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecImportExport.h; sourceTree = ""; }; + 79EF5B6C0D3D6A31009F5270 /* SecImportExport.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecImportExport.h; path = keychain/SecImportExport.h; sourceTree = ""; }; 79EF5B720D3D6AFE009F5270 /* p12import.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = p12import.h; sourceTree = ""; }; 8E02FA691107BE460043545E /* pbkdf2.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pbkdf2.h; sourceTree = ""; }; - 8E64DB451C17BCF40076C9DF /* com.apple.security.idskeychainsyncingproxy.ios.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = com.apple.security.idskeychainsyncingproxy.ios.plist; sourceTree = ""; }; - 8E64DB461C17BCF40076C9DF /* com.apple.security.idskeychainsyncingproxy.osx.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = com.apple.security.idskeychainsyncingproxy.osx.plist; sourceTree = ""; }; - 8E64DB4C1C17CD3F0076C9DF /* com.apple.security.cloudkeychainproxy.ios.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = com.apple.security.cloudkeychainproxy.ios.plist; path = KVSKeychainSyncingProxy/com.apple.security.cloudkeychainproxy.ios.plist; sourceTree = ""; }; - 8E64DB4D1C17CD400076C9DF /* com.apple.security.cloudkeychainproxy.osx.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = com.apple.security.cloudkeychainproxy.osx.plist; path = KVSKeychainSyncingProxy/com.apple.security.cloudkeychainproxy.osx.plist; sourceTree = ""; }; + 8E64DB4C1C17CD3F0076C9DF /* com.apple.security.cloudkeychainproxy3.ios.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = com.apple.security.cloudkeychainproxy3.ios.plist; path = KVSKeychainSyncingProxy/com.apple.security.cloudkeychainproxy3.ios.plist; sourceTree = ""; }; + 8E64DB4D1C17CD400076C9DF /* com.apple.security.cloudkeychainproxy3.osx.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = com.apple.security.cloudkeychainproxy3.osx.plist; path = KVSKeychainSyncingProxy/com.apple.security.cloudkeychainproxy3.osx.plist; sourceTree = ""; }; 8ED6F6C8110904E300D2B368 /* SecPBKDF.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecPBKDF.h; sourceTree = ""; }; - 9468B9471AF2B60800042383 /* SOSBackupSliceKeyBag.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SOSBackupSliceKeyBag.h; path = SecureObjectSync/SOSBackupSliceKeyBag.h; sourceTree = ""; }; - 9468B9691AF2B8FC00042383 /* SOSCloudCircleInternal.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SOSCloudCircleInternal.h; path = SecureObjectSync/SOSCloudCircleInternal.h; sourceTree = ""; }; - 9468B96D1AF2B93300042383 /* SOSViews.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SOSViews.h; path = SecureObjectSync/SOSViews.h; sourceTree = ""; }; BE061FE01899ECEE00C739F6 /* SecSharedCredential.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecSharedCredential.h; sourceTree = ""; }; BE197F2619116FD100BA91D1 /* SharedWebCredentialViewService.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = SharedWebCredentialViewService.app; sourceTree = BUILT_PRODUCTS_DIR; }; BE197F2919116FD100BA91D1 /* SharedWebCredentialViewService-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "SharedWebCredentialViewService-Info.plist"; sourceTree = ""; }; @@ -3175,24 +7336,2754 @@ BE197F5F191173C100BA91D1 /* SWCViewController.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SWCViewController.h; sourceTree = ""; }; BE197F60191173F200BA91D1 /* entitlements.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = entitlements.plist; sourceTree = ""; }; BE442BC118B7FDB800F24DAE /* swcagent */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = swcagent; sourceTree = BUILT_PRODUCTS_DIR; }; - BE4AC9A118B7FFAD00B84964 /* swcagent.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; lineEnding = 0; name = swcagent.m; path = OSX/sec/SharedWebCredential/swcagent.m; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objc; }; - BE4AC9AD18B7FFC800B84964 /* com.apple.security.swcagent.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = com.apple.security.swcagent.plist; path = OSX/sec/SharedWebCredential/com.apple.security.swcagent.plist; sourceTree = ""; }; + BE4AC9A118B7FFAD00B84964 /* swcagent.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; lineEnding = 0; path = swcagent.m; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objc; }; + BE4AC9AD18B7FFC800B84964 /* com.apple.security.swcagent.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = com.apple.security.swcagent.plist; sourceTree = ""; }; BE4AC9B918B8273600B84964 /* English */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = English; path = English.lproj/SharedWebCredentials.strings; sourceTree = ""; }; - CD276C271A83F60C003226BC /* IDSKeychainSyncingProxy.bundle */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = IDSKeychainSyncingProxy.bundle; sourceTree = BUILT_PRODUCTS_DIR; }; - CD3F91181A802B4900E07119 /* IDSKeychainSyncingProxy-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "IDSKeychainSyncingProxy-Info.plist"; sourceTree = ""; }; - CD4F44201B546A7E00FE3569 /* SOSPeerInfoV2.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SOSPeerInfoV2.h; path = SecureObjectSync/SOSPeerInfoV2.h; sourceTree = ""; }; + BE6D96B41DB14B65001B76D4 /* cnnic_certs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cnnic_certs.h; sourceTree = ""; }; + BE6D96B51DB14B65001B76D4 /* date_testing_certs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = date_testing_certs.h; sourceTree = ""; }; + BE6D96B61DB14B65001B76D4 /* wosign_certs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = wosign_certs.h; sourceTree = ""; }; + BE6D96BA1DB14B9F001B76D4 /* si-84-sectrust-allowlist.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "si-84-sectrust-allowlist.m"; sourceTree = ""; }; + BE8ABDD71DC2DD9100EC2D58 /* libz.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libz.dylib; path = usr/lib/libz.dylib; sourceTree = SDKROOT; }; + BEE523CF1DA610D800DD0AA3 /* SecRevocationDb.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecRevocationDb.c; sourceTree = ""; }; + BEE523D01DA610D800DD0AA3 /* SecRevocationDb.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecRevocationDb.h; sourceTree = ""; }; + CD23B4921DA06EB30047EDE9 /* IDSPersistentState.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = IDSPersistentState.h; path = KeychainSyncingOverIDSProxy/IDSPersistentState.h; sourceTree = ""; }; + CD23B4931DA06EB30047EDE9 /* IDSPersistentState.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = IDSPersistentState.m; path = KeychainSyncingOverIDSProxy/IDSPersistentState.m; sourceTree = ""; }; + CD23B4941DA06EB30047EDE9 /* IDSProxy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = IDSProxy.h; path = KeychainSyncingOverIDSProxy/IDSProxy.h; sourceTree = ""; }; + CD23B4951DA06EB30047EDE9 /* IDSProxy.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = IDSProxy.m; path = KeychainSyncingOverIDSProxy/IDSProxy.m; sourceTree = ""; }; + CD23B4961DA06EB30047EDE9 /* keychainsyncingoveridsproxy.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = keychainsyncingoveridsproxy.m; path = KeychainSyncingOverIDSProxy/keychainsyncingoveridsproxy.m; sourceTree = ""; }; + CD23B4971DA06EB30047EDE9 /* KeychainSyncingOverIDSProxy+ReceiveMessage.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = "KeychainSyncingOverIDSProxy+ReceiveMessage.h"; path = "KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+ReceiveMessage.h"; sourceTree = ""; }; + CD23B4981DA06EB30047EDE9 /* KeychainSyncingOverIDSProxy+ReceiveMessage.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = "KeychainSyncingOverIDSProxy+ReceiveMessage.m"; path = "KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+ReceiveMessage.m"; sourceTree = ""; }; + CD23B4991DA06EB40047EDE9 /* KeychainSyncingOverIDSProxy+SendMessage.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = "KeychainSyncingOverIDSProxy+SendMessage.h"; path = "KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+SendMessage.h"; sourceTree = ""; }; + CD23B49A1DA06EB40047EDE9 /* KeychainSyncingOverIDSProxy+SendMessage.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = "KeychainSyncingOverIDSProxy+SendMessage.m"; path = "KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+SendMessage.m"; sourceTree = ""; }; + CD23B49B1DA06EB40047EDE9 /* KeychainSyncingOverIDSProxy+Throttle.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = "KeychainSyncingOverIDSProxy+Throttle.h"; path = "KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+Throttle.h"; sourceTree = ""; }; + CD23B49C1DA06EB40047EDE9 /* KeychainSyncingOverIDSProxy+Throttle.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; name = "KeychainSyncingOverIDSProxy+Throttle.m"; path = "KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy+Throttle.m"; sourceTree = ""; }; + CD23B4A81DA06ED10047EDE9 /* com.apple.private.alloy.keychainsync.plist */ = {isa = PBXFileReference; lastKnownFileType = file.bplist; name = com.apple.private.alloy.keychainsync.plist; path = KeychainSyncingOverIDSProxy/com.apple.private.alloy.keychainsync.plist; sourceTree = ""; }; + CD276C271A83F60C003226BC /* KeychainSyncingOverIDSProxy.bundle */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = KeychainSyncingOverIDSProxy.bundle; sourceTree = BUILT_PRODUCTS_DIR; }; + CD6130D31DA06FC600E1E42F /* com.apple.security.keychainsyncingoveridsproxy.ios.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = com.apple.security.keychainsyncingoveridsproxy.ios.plist; path = KeychainSyncingOverIDSProxy/com.apple.security.keychainsyncingoveridsproxy.ios.plist; sourceTree = ""; }; + CD6130D41DA06FC600E1E42F /* com.apple.security.keychainsyncingoveridsproxy.osx.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = com.apple.security.keychainsyncingoveridsproxy.osx.plist; path = KeychainSyncingOverIDSProxy/com.apple.security.keychainsyncingoveridsproxy.osx.plist; sourceTree = ""; }; + CD6130D71DA06FC600E1E42F /* en */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = en; path = InfoPlist.strings; sourceTree = ""; }; + CD6130D81DA06FC600E1E42F /* KeychainSyncingOverIDSProxy-Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = "KeychainSyncingOverIDSProxy-Info.plist"; path = "KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy-Info.plist"; sourceTree = ""; }; + CD6130D91DA06FC600E1E42F /* keychainsyncingoveridsproxy.entitlements.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = keychainsyncingoveridsproxy.entitlements.plist; path = KeychainSyncingOverIDSProxy/keychainsyncingoveridsproxy.entitlements.plist; sourceTree = ""; }; CD744683195A00BB00FB01C0 /* IDS.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = IDS.framework; path = System/Library/PrivateFrameworks/IDS.framework; sourceTree = SDKROOT; }; - CD8B5AC51B618F1B004D4AEF /* SOSPeerInfoPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SOSPeerInfoPriv.h; path = SecureObjectSync/SOSPeerInfoPriv.h; sourceTree = ""; }; - CDB22D0B1A9D37440043E348 /* idskeychainsyncingproxy.entitlements.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = idskeychainsyncingproxy.entitlements.plist; sourceTree = ""; }; CDB9FCA9179CC757000AAD66 /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; CDDE9BC31729AB910013B0E8 /* SecPasswordGenerate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecPasswordGenerate.h; sourceTree = ""; }; - CDF91EF11AAE023800E88CF7 /* com.apple.private.alloy.keychainsync.plist */ = {isa = PBXFileReference; lastKnownFileType = file.bplist; path = com.apple.private.alloy.keychainsync.plist; sourceTree = ""; }; - D45D1A461B3A293E00C63E16 /* oids.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = oids.h; path = ../../libsecurity_keychain/libDER/libDER/oids.h; sourceTree = ""; }; + D46F31581E00A27D0065B550 /* SecTrustLoggingServer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecTrustLoggingServer.c; sourceTree = ""; }; + D46F31591E00A27D0065B550 /* SecTrustLoggingServer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecTrustLoggingServer.h; sourceTree = ""; }; + D46F31611E00CCD20065B550 /* SecCertificateSource.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecCertificateSource.c; sourceTree = ""; }; + D46F31621E00CCD20065B550 /* SecCertificateSource.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCertificateSource.h; sourceTree = ""; }; + D47C56AB1DCA831C00E18518 /* lib_ios_x64.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; name = lib_ios_x64.xcconfig; path = xcconfig/lib_ios_x64.xcconfig; sourceTree = ""; }; + D47C56AC1DCA835200E18518 /* lib_ios_x64_debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; name = lib_ios_x64_debug.xcconfig; path = xcconfig/lib_ios_x64_debug.xcconfig; sourceTree = ""; }; + D47C56AE1DCA839400E18518 /* lib_ios_x64_release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; name = lib_ios_x64_release.xcconfig; path = xcconfig/lib_ios_x64_release.xcconfig; sourceTree = ""; }; + D47C56AF1DCA841D00E18518 /* lib_ios_x64_debug_shim.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; name = lib_ios_x64_debug_shim.xcconfig; path = xcconfig/lib_ios_x64_debug_shim.xcconfig; sourceTree = ""; }; + D47C56B01DCA843800E18518 /* lib_ios_x64_release_shim.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; name = lib_ios_x64_release_shim.xcconfig; path = xcconfig/lib_ios_x64_release_shim.xcconfig; sourceTree = ""; }; + D47C56FB1DCA8F4900E18518 /* all_arches.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; name = all_arches.xcconfig; path = xcconfig/all_arches.xcconfig; sourceTree = ""; }; D47F514B1C3B812500A7CEFE /* SecCFAllocator.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecCFAllocator.h; sourceTree = ""; }; + D487FBB71DB8357300D4BB0B /* si-29-sectrust-sha1-deprecation.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "si-29-sectrust-sha1-deprecation.m"; sourceTree = ""; }; + D487FBB91DB835B500D4BB0B /* si-29-sectrust-sha1-deprecation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-29-sectrust-sha1-deprecation.h"; sourceTree = ""; }; D4B858661D370D9A003B2D95 /* MobileCoreServices.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = MobileCoreServices.framework; path = Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS10.0.Internal.sdk/System/Library/Frameworks/MobileCoreServices.framework; sourceTree = DEVELOPER_DIR; }; + D4D718341E04A721000AE7A6 /* spbkdf-01-hmac-sha256.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "spbkdf-01-hmac-sha256.c"; sourceTree = ""; }; D4D886BE1CEB9F3B00DC7583 /* ssl-policy-certs */ = {isa = PBXFileReference; lastKnownFileType = folder; path = "ssl-policy-certs"; sourceTree = ""; }; D4D886E81CEBDD2A00DC7583 /* nist-certs */ = {isa = PBXFileReference; lastKnownFileType = folder; path = "nist-certs"; sourceTree = ""; }; D4EC94FA1CEA482D0083E753 /* si-20-sectrust-policies-data */ = {isa = PBXFileReference; lastKnownFileType = folder; name = "si-20-sectrust-policies-data"; path = "../OSX/shared_regressions/si-20-sectrust-policies-data"; sourceTree = ""; }; + DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; name = macos_legacy_lib.xcconfig; path = xcconfig/macos_legacy_lib.xcconfig; sourceTree = ""; }; + DC0067C01D87876F005AF8DB /* libsecurityd_server.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurityd_server.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0067D01D878898005AF8DB /* libsecurityd_ucspc.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurityd_ucspc.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0B62261D90973900D43BCB /* si-25-cms-skid.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-25-cms-skid.h"; sourceTree = ""; }; + DC0B62271D90973900D43BCB /* si-25-cms-skid.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "si-25-cms-skid.m"; sourceTree = ""; }; + DC0B622B1D90982100D43BCB /* secd-201-coders.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-201-coders.c"; sourceTree = ""; }; + DC0B622E1D909C4600D43BCB /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/MainMenu.xib; sourceTree = ""; }; + DC0BC5461D8B6AFE00070CB0 /* main.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = main.c; sourceTree = ""; }; + DC0BC5471D8B6AFE00070CB0 /* XPCKeychainSandboxCheck-Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "XPCKeychainSandboxCheck-Info.plist"; sourceTree = ""; }; + DC0BC5511D8B6D2D00070CB0 /* XPCKeychainSandboxCheck.xpc */ = {isa = PBXFileReference; explicitFileType = "wrapper.xpc-service"; includeInIndex = 0; path = XPCKeychainSandboxCheck.xpc; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BC56C1D8B6E3D00070CB0 /* XPCTimeStampingService.xpc */ = {isa = PBXFileReference; explicitFileType = "wrapper.xpc-service"; includeInIndex = 0; path = XPCTimeStampingService.xpc; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BC56F1D8B6E7700070CB0 /* XPCTimeStampingService-Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = "XPCTimeStampingService-Info.plist"; path = "OSX/libsecurity_keychain/xpc-tsa/XPCTimeStampingService-Info.plist"; sourceTree = ""; }; + DC0BC5701D8B6E7700070CB0 /* main-tsa.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "main-tsa.m"; path = "OSX/libsecurity_keychain/xpc-tsa/main-tsa.m"; sourceTree = ""; }; + DC0BC5711D8B6E7700070CB0 /* timestampclient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = timestampclient.h; path = "OSX/libsecurity_keychain/xpc-tsa/timestampclient.h"; sourceTree = ""; }; + DC0BC5721D8B6E7700070CB0 /* timestampclient.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = timestampclient.m; path = "OSX/libsecurity_keychain/xpc-tsa/timestampclient.m"; sourceTree = ""; }; + DC0BC58C1D8B70E700070CB0 /* libsecurity_cdsa_utils.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_cdsa_utils.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BC58D1D8B711000070CB0 /* cuCdsaUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cuCdsaUtils.cpp; sourceTree = ""; }; + DC0BC58E1D8B711000070CB0 /* cuCdsaUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cuCdsaUtils.h; sourceTree = ""; }; + DC0BC58F1D8B711000070CB0 /* cuDbUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cuDbUtils.cpp; sourceTree = ""; }; + DC0BC5901D8B711000070CB0 /* cuDbUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cuDbUtils.h; sourceTree = ""; }; + DC0BC5911D8B711000070CB0 /* cuEnc64.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = cuEnc64.c; sourceTree = ""; }; + DC0BC5921D8B711000070CB0 /* cuEnc64.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cuEnc64.h; sourceTree = ""; }; + DC0BC5931D8B711000070CB0 /* cuFileIo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = cuFileIo.c; sourceTree = ""; }; + DC0BC5941D8B711000070CB0 /* cuFileIo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cuFileIo.h; sourceTree = ""; }; + DC0BC5951D8B711000070CB0 /* cuOidParser.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cuOidParser.cpp; sourceTree = ""; }; + DC0BC5961D8B711000070CB0 /* cuOidParser.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cuOidParser.h; sourceTree = ""; }; + DC0BC5971D8B711000070CB0 /* cuPem.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cuPem.cpp; sourceTree = ""; }; + DC0BC5981D8B711000070CB0 /* cuPem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cuPem.h; sourceTree = ""; }; + DC0BC5991D8B711000070CB0 /* cuPrintCert.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cuPrintCert.cpp; sourceTree = ""; }; + DC0BC59A1D8B711000070CB0 /* cuPrintCert.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cuPrintCert.h; sourceTree = ""; }; + DC0BC59B1D8B711000070CB0 /* cuTimeStr.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cuTimeStr.cpp; sourceTree = ""; }; + DC0BC59C1D8B711000070CB0 /* cuTimeStr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cuTimeStr.h; sourceTree = ""; }; + DC0BC5B71D8B71FD00070CB0 /* libsecurity_checkpw.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_checkpw.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BC5B91D8B723500070CB0 /* checkpw.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = checkpw.c; sourceTree = ""; }; + DC0BC5BA1D8B723500070CB0 /* checkpw.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = checkpw.h; sourceTree = ""; }; + DC0BC5BE1D8B725100070CB0 /* checkpw.pam */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = checkpw.pam; path = OSX/libsecurity_checkpw/checkpw.pam; sourceTree = ""; }; + DC0BC5C61D8B72E700070CB0 /* test-checkpw */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = "test-checkpw"; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BC5CE1D8B730D00070CB0 /* test-checkpw.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "test-checkpw.c"; path = "OSX/libsecurity_checkpw/test/test-checkpw.c"; sourceTree = ""; }; + DC0BC5E11D8B73B000070CB0 /* perf-checkpw */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = "perf-checkpw"; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BC5E91D8B742200070CB0 /* libsecurity_comcryption.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_comcryption.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BC5EB1D8B745700070CB0 /* comcryption.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = comcryption.c; sourceTree = ""; }; + DC0BC5EC1D8B745700070CB0 /* comcryption.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = comcryption.h; sourceTree = ""; }; + DC0BC5ED1D8B745700070CB0 /* comcryptPriv.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = comcryptPriv.c; sourceTree = ""; }; + DC0BC5EE1D8B745700070CB0 /* comcryptPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = comcryptPriv.h; sourceTree = ""; }; + DC0BC5EF1D8B745700070CB0 /* comDebug.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = comDebug.h; sourceTree = ""; }; + DC0BC5FF1D8B752B00070CB0 /* libsecurity_cryptkit.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_cryptkit.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BC6011D8B755200070CB0 /* feeCipherFile.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = feeCipherFile.c; sourceTree = ""; }; + DC0BC6021D8B755200070CB0 /* feeCipherFileAtom.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = feeCipherFileAtom.c; sourceTree = ""; }; + DC0BC6031D8B755200070CB0 /* byteRep.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = byteRep.c; sourceTree = ""; }; + DC0BC6041D8B755200070CB0 /* byteRep.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = byteRep.h; sourceTree = ""; }; + DC0BC6051D8B755200070CB0 /* CipherFileDES.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = CipherFileDES.c; sourceTree = ""; }; + DC0BC6061D8B755200070CB0 /* CipherFileDES.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CipherFileDES.h; sourceTree = ""; }; + DC0BC6071D8B755200070CB0 /* CipherFileFEED.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = CipherFileFEED.c; sourceTree = ""; }; + DC0BC6081D8B755200070CB0 /* CipherFileFEED.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CipherFileFEED.h; sourceTree = ""; }; + DC0BC6091D8B755200070CB0 /* CipherFileTypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CipherFileTypes.h; sourceTree = ""; }; + DC0BC60A1D8B755200070CB0 /* ckconfig.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ckconfig.h; sourceTree = ""; }; + DC0BC60B1D8B755200070CB0 /* ckDES.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ckDES.c; sourceTree = ""; }; + DC0BC60C1D8B755200070CB0 /* ckDES.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ckDES.h; sourceTree = ""; }; + DC0BC60D1D8B755200070CB0 /* ckMD5.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ckMD5.c; sourceTree = ""; }; + DC0BC60E1D8B755200070CB0 /* ckMD5.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ckMD5.h; sourceTree = ""; }; + DC0BC60F1D8B755200070CB0 /* ckSHA1.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ckSHA1.c; sourceTree = ""; }; + DC0BC6101D8B755200070CB0 /* ckSHA1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ckSHA1.h; sourceTree = ""; }; + DC0BC6111D8B755200070CB0 /* ckSHA1_priv.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ckSHA1_priv.c; sourceTree = ""; }; + DC0BC6121D8B755200070CB0 /* ckSHA1_priv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ckSHA1_priv.h; sourceTree = ""; }; + DC0BC6131D8B755200070CB0 /* ckutilities.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ckutilities.c; sourceTree = ""; }; + DC0BC6141D8B755200070CB0 /* ckutilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ckutilities.h; sourceTree = ""; }; + DC0BC6151D8B755200070CB0 /* Crypt.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Crypt.h; sourceTree = ""; }; + DC0BC6161D8B755200070CB0 /* CryptKitSA.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CryptKitSA.h; sourceTree = ""; }; + DC0BC6171D8B755200070CB0 /* CryptKit.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CryptKit.h; sourceTree = ""; }; + DC0BC6181D8B755200070CB0 /* CryptKitAsn1.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CryptKitAsn1.cpp; sourceTree = ""; }; + DC0BC6191D8B755200070CB0 /* CryptKitAsn1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CryptKitAsn1.h; sourceTree = ""; }; + DC0BC61A1D8B755200070CB0 /* CryptKitDER.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CryptKitDER.cpp; sourceTree = ""; }; + DC0BC61B1D8B755200070CB0 /* CryptKitDER.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CryptKitDER.h; sourceTree = ""; }; + DC0BC61C1D8B755200070CB0 /* curveParamData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = curveParamData.h; sourceTree = ""; }; + DC0BC61D1D8B755200070CB0 /* curveParamDataOld.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = curveParamDataOld.h; sourceTree = ""; }; + DC0BC61E1D8B755200070CB0 /* curveParams.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = curveParams.c; sourceTree = ""; }; + DC0BC61F1D8B755200070CB0 /* curveParams.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = curveParams.h; sourceTree = ""; }; + DC0BC6201D8B755200070CB0 /* ECDSA_Profile.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ECDSA_Profile.h; sourceTree = ""; }; + DC0BC6211D8B755200070CB0 /* ECDSA_Verify_Prefix.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ECDSA_Verify_Prefix.h; sourceTree = ""; }; + DC0BC6221D8B755200070CB0 /* elliptic.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = elliptic.c; sourceTree = ""; }; + DC0BC6231D8B755200070CB0 /* elliptic.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = elliptic.h; sourceTree = ""; }; + DC0BC6241D8B755200070CB0 /* ellipticMeasure.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ellipticMeasure.h; sourceTree = ""; }; + DC0BC6251D8B755200070CB0 /* ellipticProj.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ellipticProj.c; sourceTree = ""; }; + DC0BC6261D8B755200070CB0 /* ellipticProj.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ellipticProj.h; sourceTree = ""; }; + DC0BC6271D8B755200070CB0 /* enc64.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = enc64.c; sourceTree = ""; }; + DC0BC6281D8B755200070CB0 /* enc64.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = enc64.h; sourceTree = ""; }; + DC0BC6291D8B755200070CB0 /* engineNSA127.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = engineNSA127.c; sourceTree = ""; }; + DC0BC62A1D8B755200070CB0 /* falloc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = falloc.c; sourceTree = ""; }; + DC0BC62B1D8B755200070CB0 /* falloc.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = falloc.h; sourceTree = ""; }; + DC0BC62C1D8B755200070CB0 /* feeCipherFile.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = feeCipherFile.h; sourceTree = ""; }; + DC0BC62D1D8B755200070CB0 /* feeDebug.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = feeDebug.h; sourceTree = ""; }; + DC0BC62E1D8B755200070CB0 /* feeDES.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = feeDES.c; sourceTree = ""; }; + DC0BC62F1D8B755200070CB0 /* feeDES.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = feeDES.h; sourceTree = ""; }; + DC0BC6301D8B755200070CB0 /* feeDigitalSignature.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = feeDigitalSignature.c; sourceTree = ""; }; + DC0BC6311D8B755200070CB0 /* feeDigitalSignature.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = feeDigitalSignature.h; sourceTree = ""; }; + DC0BC6321D8B755200070CB0 /* feeECDSA.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = feeECDSA.c; sourceTree = ""; }; + DC0BC6331D8B755200070CB0 /* feeECDSA.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = feeECDSA.h; sourceTree = ""; }; + DC0BC6341D8B755200070CB0 /* feeFEED.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = feeFEED.c; sourceTree = ""; }; + DC0BC6351D8B755200070CB0 /* feeFEED.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = feeFEED.h; sourceTree = ""; }; + DC0BC6361D8B755200070CB0 /* feeFEEDExp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = feeFEEDExp.c; sourceTree = ""; }; + DC0BC6371D8B755200070CB0 /* feeFEEDExp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = feeFEEDExp.h; sourceTree = ""; }; + DC0BC6381D8B755200070CB0 /* feeFunctions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = feeFunctions.h; sourceTree = ""; }; + DC0BC6391D8B755200070CB0 /* feeHash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = feeHash.c; sourceTree = ""; }; + DC0BC63A1D8B755200070CB0 /* feeHash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = feeHash.h; sourceTree = ""; }; + DC0BC63B1D8B755200070CB0 /* feePublicKey.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = feePublicKey.c; sourceTree = ""; }; + DC0BC63C1D8B755200070CB0 /* feePublicKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = feePublicKey.h; sourceTree = ""; }; + DC0BC63D1D8B755200070CB0 /* feePublicKeyPrivate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = feePublicKeyPrivate.h; sourceTree = ""; }; + DC0BC63E1D8B755200070CB0 /* feeRandom.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = feeRandom.c; sourceTree = ""; }; + DC0BC63F1D8B755200070CB0 /* feeRandom.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = feeRandom.h; sourceTree = ""; }; + DC0BC6401D8B755200070CB0 /* feeTypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = feeTypes.h; sourceTree = ""; }; + DC0BC6411D8B755200070CB0 /* giantIntegers.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = giantIntegers.c; sourceTree = ""; }; + DC0BC6421D8B755200070CB0 /* giantIntegers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = giantIntegers.h; sourceTree = ""; }; + DC0BC6431D8B755200070CB0 /* giantPort_Generic.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = giantPort_Generic.h; sourceTree = ""; }; + DC0BC6441D8B755200070CB0 /* giantPort_i486.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = giantPort_i486.h; sourceTree = ""; }; + DC0BC6451D8B755200070CB0 /* giantPort_PPC.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = giantPort_PPC.c; sourceTree = ""; }; + DC0BC6461D8B755200070CB0 /* giantPort_PPC.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = giantPort_PPC.h; sourceTree = ""; }; + DC0BC6471D8B755200070CB0 /* giantPort_PPC_Gnu.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = giantPort_PPC_Gnu.h; sourceTree = ""; }; + DC0BC6481D8B755200070CB0 /* giantPort_PPC_Gnu.s */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.asm; path = giantPort_PPC_Gnu.s; sourceTree = ""; }; + DC0BC6491D8B755200070CB0 /* giantPortCommon.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = giantPortCommon.h; sourceTree = ""; }; + DC0BC64A1D8B755200070CB0 /* HmacSha1Legacy.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = HmacSha1Legacy.c; sourceTree = ""; }; + DC0BC64B1D8B755200070CB0 /* HmacSha1Legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = HmacSha1Legacy.h; sourceTree = ""; }; + DC0BC64C1D8B755200070CB0 /* platform.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = platform.c; sourceTree = ""; }; + DC0BC64D1D8B755200070CB0 /* platform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = platform.h; sourceTree = ""; }; + DC0BC74C1D8B771600070CB0 /* libsecurity_cssm.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_cssm.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BC7651D8B773000070CB0 /* attachfactory.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = attachfactory.cpp; sourceTree = ""; }; + DC0BC7661D8B773000070CB0 /* attachfactory.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = attachfactory.h; sourceTree = ""; }; + DC0BC7671D8B773000070CB0 /* attachment.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = attachment.cpp; sourceTree = ""; }; + DC0BC7681D8B773000070CB0 /* attachment.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = attachment.h; sourceTree = ""; }; + DC0BC7691D8B773000070CB0 /* cspattachment.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cspattachment.cpp; sourceTree = ""; }; + DC0BC76A1D8B773000070CB0 /* cspattachment.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cspattachment.h; sourceTree = ""; }; + DC0BC76B1D8B773000070CB0 /* cssm.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cssm.cpp; sourceTree = ""; }; + DC0BC76C1D8B773000070CB0 /* cssmcontext.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cssmcontext.cpp; sourceTree = ""; }; + DC0BC76D1D8B773000070CB0 /* cssmcontext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmcontext.h; sourceTree = ""; }; + DC0BC76E1D8B773000070CB0 /* cssmint.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmint.h; sourceTree = ""; }; + DC0BC76F1D8B773000070CB0 /* cssmmds.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cssmmds.cpp; sourceTree = ""; }; + DC0BC7701D8B773000070CB0 /* cssmmds.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmmds.h; sourceTree = ""; }; + DC0BC7711D8B773000070CB0 /* generator.cfg */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = generator.cfg; sourceTree = ""; }; + DC0BC7731D8B773000070CB0 /* generator.pl */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.perl; path = generator.pl; sourceTree = ""; }; + DC0BC7741D8B773000070CB0 /* guids.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = guids.cpp; sourceTree = ""; }; + DC0BC7751D8B773000070CB0 /* manager.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = manager.cpp; sourceTree = ""; }; + DC0BC7761D8B773000070CB0 /* manager.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = manager.h; sourceTree = ""; }; + DC0BC7771D8B773000070CB0 /* modload_plugin.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = modload_plugin.cpp; sourceTree = ""; }; + DC0BC7781D8B773000070CB0 /* modload_plugin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = modload_plugin.h; sourceTree = ""; }; + DC0BC7791D8B773000070CB0 /* modload_static.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = modload_static.cpp; sourceTree = ""; }; + DC0BC77A1D8B773000070CB0 /* modload_static.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = modload_static.h; sourceTree = ""; }; + DC0BC77B1D8B773000070CB0 /* modloader.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = modloader.cpp; sourceTree = ""; }; + DC0BC77C1D8B773000070CB0 /* modloader.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = modloader.h; sourceTree = ""; }; + DC0BC77D1D8B773000070CB0 /* module.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = module.cpp; sourceTree = ""; }; + DC0BC77E1D8B773000070CB0 /* module.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = module.h; sourceTree = ""; }; + DC0BC77F1D8B773000070CB0 /* oidsalg.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = oidsalg.c; sourceTree = ""; }; + DC0BC7801D8B773000070CB0 /* oidscert.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = oidscert.cpp; sourceTree = ""; }; + DC0BC7811D8B773000070CB0 /* oidscrl.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = oidscrl.cpp; sourceTree = ""; }; + DC0BC7821D8B773000070CB0 /* transition.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = transition.cpp; sourceTree = ""; }; + DC0BC89F1D8B7CBD00070CB0 /* libsecurity_filedb.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_filedb.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BC8A11D8B7CFF00070CB0 /* OverUnderflowCheck.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OverUnderflowCheck.h; sourceTree = ""; }; + DC0BC8A21D8B7CFF00070CB0 /* AppleDatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = AppleDatabase.cpp; sourceTree = ""; }; + DC0BC8A31D8B7CFF00070CB0 /* AppleDatabase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AppleDatabase.h; sourceTree = ""; }; + DC0BC8A41D8B7CFF00070CB0 /* AtomicFile.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AtomicFile.cpp; sourceTree = ""; }; + DC0BC8A51D8B7CFF00070CB0 /* AtomicFile.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AtomicFile.h; sourceTree = ""; }; + DC0BC8A61D8B7CFF00070CB0 /* DbIndex.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DbIndex.cpp; sourceTree = ""; }; + DC0BC8A71D8B7CFF00070CB0 /* DbIndex.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DbIndex.h; sourceTree = ""; }; + DC0BC8A81D8B7CFF00070CB0 /* DbQuery.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DbQuery.cpp; sourceTree = ""; }; + DC0BC8A91D8B7CFF00070CB0 /* DbQuery.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DbQuery.h; sourceTree = ""; }; + DC0BC8AA1D8B7CFF00070CB0 /* DbValue.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DbValue.cpp; sourceTree = ""; }; + DC0BC8AB1D8B7CFF00070CB0 /* DbValue.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DbValue.h; sourceTree = ""; }; + DC0BC8AC1D8B7CFF00070CB0 /* MetaAttribute.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MetaAttribute.cpp; sourceTree = ""; }; + DC0BC8AD1D8B7CFF00070CB0 /* MetaAttribute.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MetaAttribute.h; sourceTree = ""; }; + DC0BC8AE1D8B7CFF00070CB0 /* MetaRecord.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MetaRecord.cpp; sourceTree = ""; }; + DC0BC8AF1D8B7CFF00070CB0 /* MetaRecord.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MetaRecord.h; sourceTree = ""; }; + DC0BC8B01D8B7CFF00070CB0 /* ReadWriteSection.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ReadWriteSection.h; sourceTree = ""; }; + DC0BC8B11D8B7CFF00070CB0 /* SelectionPredicate.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SelectionPredicate.cpp; sourceTree = ""; }; + DC0BC8B21D8B7CFF00070CB0 /* SelectionPredicate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SelectionPredicate.h; sourceTree = ""; }; + DC0BC8B31D8B7CFF00070CB0 /* ReadWriteSection.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ReadWriteSection.cpp; sourceTree = ""; }; + DC0BC8D31D8B7DA200070CB0 /* libsecurity_manifest.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_manifest.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BC8D41D8B7DCF00070CB0 /* Download.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = Download.cpp; path = lib/Download.cpp; sourceTree = ""; }; + DC0BC8D51D8B7DCF00070CB0 /* Download.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Download.h; path = lib/Download.h; sourceTree = ""; }; + DC0BC8D61D8B7DCF00070CB0 /* SecureDownload.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = SecureDownload.cpp; path = lib/SecureDownload.cpp; sourceTree = ""; }; + DC0BC8D71D8B7DCF00070CB0 /* SecureDownload.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecureDownload.h; path = lib/SecureDownload.h; sourceTree = ""; }; + DC0BC8D81D8B7DCF00070CB0 /* SecureDownloadInternal.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = SecureDownloadInternal.c; path = lib/SecureDownloadInternal.c; sourceTree = ""; }; + DC0BC8D91D8B7DCF00070CB0 /* SecureDownloadInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecureDownloadInternal.h; path = lib/SecureDownloadInternal.h; sourceTree = ""; }; + DC0BC8DA1D8B7DCF00070CB0 /* AppleManifest.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; name = AppleManifest.cpp; path = lib/AppleManifest.cpp; sourceTree = ""; }; + DC0BC8DB1D8B7DCF00070CB0 /* AppleManifest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AppleManifest.h; path = lib/AppleManifest.h; sourceTree = ""; }; + DC0BC8DC1D8B7DCF00070CB0 /* ManifestInternal.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; name = ManifestInternal.cpp; path = lib/ManifestInternal.cpp; sourceTree = ""; }; + DC0BC8DD1D8B7DCF00070CB0 /* ManifestInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ManifestInternal.h; path = lib/ManifestInternal.h; sourceTree = ""; }; + DC0BC8DE1D8B7DCF00070CB0 /* ManifestSigner.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = ManifestSigner.cpp; path = lib/ManifestSigner.cpp; sourceTree = ""; }; + DC0BC8DF1D8B7DCF00070CB0 /* ManifestSigner.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ManifestSigner.h; path = lib/ManifestSigner.h; sourceTree = ""; }; + DC0BC8E01D8B7DCF00070CB0 /* Manifest.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = Manifest.cpp; path = lib/Manifest.cpp; sourceTree = ""; }; + DC0BC8E11D8B7DCF00070CB0 /* Manifest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Manifest.h; path = lib/Manifest.h; sourceTree = ""; }; + DC0BC8E21D8B7DCF00070CB0 /* SecManifest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecManifest.h; path = lib/SecManifest.h; sourceTree = ""; }; + DC0BC8E31D8B7DCF00070CB0 /* SecManifest.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; name = SecManifest.cpp; path = lib/SecManifest.cpp; sourceTree = ""; }; + DC0BC9001D8B7E8000070CB0 /* libsecurity_mds.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_mds.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BC9021D8B7EA700070CB0 /* mdsapi.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = mdsapi.cpp; sourceTree = ""; }; + DC0BC9031D8B7EA700070CB0 /* MDSAttrParser.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MDSAttrParser.cpp; sourceTree = ""; }; + DC0BC9041D8B7EA700070CB0 /* MDSAttrParser.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MDSAttrParser.h; sourceTree = ""; }; + DC0BC9051D8B7EA700070CB0 /* MDSAttrStrings.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MDSAttrStrings.cpp; sourceTree = ""; }; + DC0BC9061D8B7EA700070CB0 /* MDSAttrStrings.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MDSAttrStrings.h; sourceTree = ""; }; + DC0BC9071D8B7EA700070CB0 /* MDSAttrUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MDSAttrUtils.cpp; sourceTree = ""; }; + DC0BC9081D8B7EA700070CB0 /* MDSAttrUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = MDSAttrUtils.h; sourceTree = ""; }; + DC0BC9091D8B7EA700070CB0 /* MDSDatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MDSDatabase.cpp; sourceTree = ""; }; + DC0BC90A1D8B7EA700070CB0 /* MDSDatabase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MDSDatabase.h; sourceTree = ""; }; + DC0BC90B1D8B7EA700070CB0 /* MDSDictionary.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MDSDictionary.cpp; sourceTree = ""; }; + DC0BC90C1D8B7EA700070CB0 /* MDSDictionary.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MDSDictionary.h; sourceTree = ""; }; + DC0BC90D1D8B7EA700070CB0 /* MDSModule.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = MDSModule.cpp; sourceTree = ""; }; + DC0BC90E1D8B7EA700070CB0 /* MDSModule.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MDSModule.h; sourceTree = ""; }; + DC0BC90F1D8B7EA700070CB0 /* MDSSchema.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MDSSchema.cpp; sourceTree = ""; }; + DC0BC9101D8B7EA700070CB0 /* MDSSchema.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MDSSchema.h; sourceTree = ""; }; + DC0BC9111D8B7EA700070CB0 /* MDSSession.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = MDSSession.cpp; sourceTree = ""; }; + DC0BC9121D8B7EA700070CB0 /* MDSSession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MDSSession.h; sourceTree = ""; }; + DC0BC9131D8B7EA700070CB0 /* mds_schema.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = mds_schema.h; sourceTree = ""; }; + DC0BC9141D8B7EA700070CB0 /* mds.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = mds.h; sourceTree = ""; }; + DC0BC9151D8B7EA700070CB0 /* mdspriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = mdspriv.h; sourceTree = ""; }; + DC0BC9351D8B7F6A00070CB0 /* libsecurity_ocspd.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_ocspd.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BC9371D8B7FA600070CB0 /* ocspdUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ocspdUtils.cpp; sourceTree = ""; }; + DC0BC9381D8B7FA600070CB0 /* ocspdUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ocspdUtils.h; sourceTree = ""; }; + DC0BC9391D8B7FA600070CB0 /* ocspdTypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ocspdTypes.h; sourceTree = ""; }; + DC0BC93A1D8B7FA600070CB0 /* ocspdDebug.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = ocspdDebug.h; sourceTree = ""; }; + DC0BC93B1D8B7FA600070CB0 /* ocspdDbSchema.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ocspdDbSchema.cpp; sourceTree = ""; }; + DC0BC93C1D8B7FA600070CB0 /* ocspdDbSchema.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ocspdDbSchema.h; sourceTree = ""; }; + DC0BC93D1D8B7FA600070CB0 /* ocspExtensions.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ocspExtensions.cpp; sourceTree = ""; }; + DC0BC93E1D8B7FA600070CB0 /* ocspExtensions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ocspExtensions.h; sourceTree = ""; }; + DC0BC93F1D8B7FA600070CB0 /* ocspResponse.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ocspResponse.cpp; sourceTree = ""; }; + DC0BC9401D8B7FA600070CB0 /* ocspResponse.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ocspResponse.h; sourceTree = ""; }; + DC0BC94C1D8B7FE000070CB0 /* ocspdClient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ocspdClient.cpp; sourceTree = ""; }; + DC0BC94D1D8B7FE000070CB0 /* ocspdClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ocspdClient.h; sourceTree = ""; }; + DC0BC9521D8B7FFE00070CB0 /* ocspd.defs */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.mig; path = ocspd.defs; sourceTree = ""; }; + DC0BC9541D8B7FFE00070CB0 /* ocspd.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ocspd.h; path = derived_src/security_ocspd/ocspd.h; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BC9551D8B7FFE00070CB0 /* ocspd_server.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = ocspd_server.cpp; path = derived_src/security_ocspd/ocspd_server.cpp; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BC9561D8B7FFE00070CB0 /* ocspd_client.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = ocspd_client.cpp; path = derived_src/security_ocspd/ocspd_client.cpp; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BC96D1D8B810A00070CB0 /* libsecurity_pkcs12.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_pkcs12.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BC96F1D8B813800070CB0 /* pkcs12BagAttrs.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs12BagAttrs.cpp; sourceTree = ""; }; + DC0BC9701D8B813800070CB0 /* pkcs12BagAttrs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs12BagAttrs.h; sourceTree = ""; }; + DC0BC9711D8B813800070CB0 /* pkcs12Coder.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs12Coder.cpp; sourceTree = ""; }; + DC0BC9721D8B813800070CB0 /* pkcs12Coder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs12Coder.h; sourceTree = ""; }; + DC0BC9731D8B813800070CB0 /* pkcs12Crypto.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs12Crypto.cpp; sourceTree = ""; }; + DC0BC9741D8B813800070CB0 /* pkcs12Crypto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs12Crypto.h; sourceTree = ""; }; + DC0BC9751D8B813800070CB0 /* pkcs12Debug.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = pkcs12Debug.h; sourceTree = ""; }; + DC0BC9761D8B813800070CB0 /* pkcs12Decode.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs12Decode.cpp; sourceTree = ""; }; + DC0BC9771D8B813800070CB0 /* pkcs12Encode.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs12Encode.cpp; sourceTree = ""; }; + DC0BC9781D8B813800070CB0 /* pkcs12Keychain.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs12Keychain.cpp; sourceTree = ""; }; + DC0BC9791D8B813800070CB0 /* pkcs12SafeBag.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs12SafeBag.cpp; sourceTree = ""; }; + DC0BC97A1D8B813800070CB0 /* pkcs12SafeBag.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs12SafeBag.h; sourceTree = ""; }; + DC0BC97B1D8B813800070CB0 /* pkcs12Templates.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs12Templates.cpp; sourceTree = ""; }; + DC0BC97C1D8B813800070CB0 /* pkcs12Templates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs12Templates.h; sourceTree = ""; }; + DC0BC97D1D8B813800070CB0 /* pkcs12Utils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs12Utils.cpp; sourceTree = ""; }; + DC0BC97E1D8B813800070CB0 /* pkcs12Utils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs12Utils.h; sourceTree = ""; }; + DC0BC97F1D8B813800070CB0 /* pkcs7Templates.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs7Templates.cpp; sourceTree = ""; }; + DC0BC9801D8B813800070CB0 /* pkcs7Templates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs7Templates.h; sourceTree = ""; }; + DC0BC9811D8B813800070CB0 /* SecPkcs12.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecPkcs12.cpp; sourceTree = ""; }; + DC0BC9821D8B813800070CB0 /* SecPkcs12.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecPkcs12.h; sourceTree = ""; }; + DC0BC9A11D8B81BE00070CB0 /* libsecurity_sd_cspdl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_sd_cspdl.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BC9A31D8B81EF00070CB0 /* SDContext.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SDContext.cpp; sourceTree = ""; }; + DC0BC9A41D8B81EF00070CB0 /* SDContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SDContext.h; sourceTree = ""; }; + DC0BC9A51D8B81EF00070CB0 /* SDCSPDLBuiltin.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SDCSPDLBuiltin.cpp; sourceTree = ""; }; + DC0BC9A61D8B81EF00070CB0 /* SDCSPDLDatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SDCSPDLDatabase.cpp; sourceTree = ""; }; + DC0BC9A71D8B81EF00070CB0 /* SDCSPDLDatabase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SDCSPDLDatabase.h; sourceTree = ""; }; + DC0BC9A81D8B81EF00070CB0 /* SDCSPDLPlugin.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SDCSPDLPlugin.cpp; sourceTree = ""; }; + DC0BC9A91D8B81EF00070CB0 /* SDCSPDLPlugin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SDCSPDLPlugin.h; sourceTree = ""; }; + DC0BC9AA1D8B81EF00070CB0 /* SDCSPDLSession.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SDCSPDLSession.cpp; sourceTree = ""; }; + DC0BC9AB1D8B81EF00070CB0 /* SDCSPDLSession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SDCSPDLSession.h; sourceTree = ""; }; + DC0BC9AC1D8B81EF00070CB0 /* SDCSPSession.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SDCSPSession.cpp; sourceTree = ""; }; + DC0BC9AD1D8B81EF00070CB0 /* SDCSPSession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SDCSPSession.h; sourceTree = ""; }; + DC0BC9AE1D8B81EF00070CB0 /* SDDLSession.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SDDLSession.cpp; sourceTree = ""; }; + DC0BC9AF1D8B81EF00070CB0 /* SDDLSession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SDDLSession.h; sourceTree = ""; }; + DC0BC9B01D8B81EF00070CB0 /* SDFactory.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SDFactory.cpp; sourceTree = ""; }; + DC0BC9B11D8B81EF00070CB0 /* SDFactory.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SDFactory.h; sourceTree = ""; }; + DC0BC9B21D8B81EF00070CB0 /* SDKey.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SDKey.cpp; sourceTree = ""; }; + DC0BC9B31D8B81EF00070CB0 /* SDKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SDKey.h; sourceTree = ""; }; + DC0BC9CF1D8B824700070CB0 /* libsecurity_ssl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_ssl.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BC9D11D8B827200070CB0 /* sslKeychain.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = sslKeychain.c; sourceTree = ""; }; + DC0BC9D31D8B827200070CB0 /* SSLRecordInternal.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SSLRecordInternal.c; sourceTree = ""; }; + DC0BC9D41D8B827200070CB0 /* sslCipherSpecs.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = sslCipherSpecs.c; sourceTree = ""; }; + DC0BC9D51D8B827200070CB0 /* sslContext.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = sslContext.c; sourceTree = ""; }; + DC0BC9D61D8B827200070CB0 /* sslRecord.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = sslRecord.c; sourceTree = ""; }; + DC0BC9D71D8B827200070CB0 /* sslTransport.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = sslTransport.c; sourceTree = ""; }; + DC0BC9D81D8B827200070CB0 /* tlsCallbacks.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = tlsCallbacks.c; sourceTree = ""; }; + DC0BC9D91D8B827200070CB0 /* tlsCallbacks.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tlsCallbacks.h; sourceTree = ""; }; + DC0BC9DB1D8B827200070CB0 /* CipherSuite.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CipherSuite.h; sourceTree = ""; }; + DC0BC9DC1D8B827200070CB0 /* SecureTransport.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecureTransport.h; sourceTree = ""; }; + DC0BC9DE1D8B827200070CB0 /* sslTypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sslTypes.h; path = ../lib/sslTypes.h; sourceTree = ""; }; + DC0BC9DF1D8B827200070CB0 /* SecureTransportPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecureTransportPriv.h; path = ../lib/SecureTransportPriv.h; sourceTree = ""; }; + DC0BC9E11D8B827200070CB0 /* sslCipherSpecs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sslCipherSpecs.h; sourceTree = ""; }; + DC0BC9E21D8B827200070CB0 /* SSLRecordInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SSLRecordInternal.h; sourceTree = ""; }; + DC0BC9E31D8B827200070CB0 /* tls_record_internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tls_record_internal.h; sourceTree = ""; }; + DC0BC9E41D8B827200070CB0 /* cipherSpecs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cipherSpecs.h; sourceTree = ""; }; + DC0BC9E51D8B827200070CB0 /* ssl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ssl.h; sourceTree = ""; }; + DC0BC9E61D8B827200070CB0 /* sslBuildFlags.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sslBuildFlags.h; sourceTree = ""; }; + DC0BC9E71D8B827200070CB0 /* sslContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sslContext.h; sourceTree = ""; }; + DC0BC9E81D8B827200070CB0 /* sslCrypto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sslCrypto.h; sourceTree = ""; }; + DC0BC9E91D8B827200070CB0 /* sslDebug.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = sslDebug.h; sourceTree = ""; }; + DC0BC9EA1D8B827200070CB0 /* sslKeychain.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sslKeychain.h; sourceTree = ""; }; + DC0BC9EB1D8B827200070CB0 /* sslMemory.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sslMemory.h; sourceTree = ""; }; + DC0BC9EC1D8B827200070CB0 /* sslPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sslPriv.h; sourceTree = ""; }; + DC0BC9ED1D8B827200070CB0 /* sslRecord.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sslRecord.h; sourceTree = ""; }; + DC0BC9EE1D8B827200070CB0 /* sslUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sslUtils.h; sourceTree = ""; }; + DC0BC9F01D8B827200070CB0 /* sslCrypto.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = sslCrypto.c; sourceTree = ""; }; + DC0BC9F21D8B827200070CB0 /* sslMemory.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = sslMemory.c; sourceTree = ""; }; + DC0BC9F31D8B827200070CB0 /* sslUtils.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = sslUtils.c; sourceTree = ""; }; + DC0BCA1A1D8B82B000070CB0 /* libsecurity_ssl_regressions.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_ssl_regressions.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BCA1B1D8B82CD00070CB0 /* CA-ECC_Cert.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "CA-ECC_Cert.h"; sourceTree = ""; }; + DC0BCA1C1D8B82CD00070CB0 /* CA-ECC_Key.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "CA-ECC_Key.h"; sourceTree = ""; }; + DC0BCA1D1D8B82CD00070CB0 /* CA-RSA_Cert.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "CA-RSA_Cert.h"; sourceTree = ""; }; + DC0BCA1E1D8B82CD00070CB0 /* CA-RSA_Key.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "CA-RSA_Key.h"; sourceTree = ""; }; + DC0BCA1F1D8B82CD00070CB0 /* ClientECC_Cert_CA-ECC.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ClientECC_Cert_CA-ECC.h"; sourceTree = ""; }; + DC0BCA201D8B82CD00070CB0 /* ClientECC_Cert_CA-RSA.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ClientECC_Cert_CA-RSA.h"; sourceTree = ""; }; + DC0BCA211D8B82CD00070CB0 /* ClientECC_Key.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ClientECC_Key.h; sourceTree = ""; }; + DC0BCA221D8B82CD00070CB0 /* ClientRSA_Cert_CA-ECC.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ClientRSA_Cert_CA-ECC.h"; sourceTree = ""; }; + DC0BCA231D8B82CD00070CB0 /* ClientRSA_Cert_CA-RSA.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ClientRSA_Cert_CA-RSA.h"; sourceTree = ""; }; + DC0BCA241D8B82CD00070CB0 /* ClientRSA_Key.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ClientRSA_Key.h; sourceTree = ""; }; + DC0BCA251D8B82CD00070CB0 /* ServerECC_Cert_CA-ECC.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ServerECC_Cert_CA-ECC.h"; sourceTree = ""; }; + DC0BCA261D8B82CD00070CB0 /* ServerECC_Cert_CA-RSA.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ServerECC_Cert_CA-RSA.h"; sourceTree = ""; }; + DC0BCA271D8B82CD00070CB0 /* ServerECC_Key.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ServerECC_Key.h; sourceTree = ""; }; + DC0BCA281D8B82CD00070CB0 /* ServerRSA_Cert_CA-ECC.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ServerRSA_Cert_CA-ECC.h"; sourceTree = ""; }; + DC0BCA291D8B82CD00070CB0 /* ServerRSA_Cert_CA-RSA.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ServerRSA_Cert_CA-RSA.h"; sourceTree = ""; }; + DC0BCA2A1D8B82CD00070CB0 /* ServerRSA_Key.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ServerRSA_Key.h; sourceTree = ""; }; + DC0BCA2B1D8B82CD00070CB0 /* Untrusted-CA-RSA_Cert.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "Untrusted-CA-RSA_Cert.h"; sourceTree = ""; }; + DC0BCA2C1D8B82CD00070CB0 /* Untrusted-CA-RSA_Key.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "Untrusted-CA-RSA_Key.h"; sourceTree = ""; }; + DC0BCA2D1D8B82CD00070CB0 /* UntrustedClientRSA_Cert_Untrusted-CA-RSA.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "UntrustedClientRSA_Cert_Untrusted-CA-RSA.h"; sourceTree = ""; }; + DC0BCA2E1D8B82CD00070CB0 /* UntrustedClientRSA_Key.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = UntrustedClientRSA_Key.h; sourceTree = ""; }; + DC0BCA301D8B82CD00070CB0 /* cert-1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "cert-1.h"; sourceTree = ""; }; + DC0BCA311D8B82CD00070CB0 /* identity-1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "identity-1.h"; sourceTree = ""; }; + DC0BCA321D8B82CD00070CB0 /* privkey-1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "privkey-1.h"; sourceTree = ""; }; + DC0BCA331D8B82CD00070CB0 /* ssl-39-echo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-39-echo.c"; sourceTree = ""; }; + DC0BCA341D8B82CD00070CB0 /* ssl-40-clientauth.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-40-clientauth.c"; sourceTree = ""; }; + DC0BCA351D8B82CD00070CB0 /* ssl-41-clientauth.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-41-clientauth.c"; sourceTree = ""; }; + DC0BCA361D8B82CD00070CB0 /* ssl-42-ciphers.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-42-ciphers.c"; sourceTree = ""; }; + DC0BCA371D8B82CD00070CB0 /* ssl-43-ciphers.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-43-ciphers.c"; sourceTree = ""; }; + DC0BCA381D8B82CD00070CB0 /* ssl-44-crashes.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-44-crashes.c"; sourceTree = ""; }; + DC0BCA391D8B82CD00070CB0 /* ssl-45-tls12.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-45-tls12.c"; sourceTree = ""; }; + DC0BCA3A1D8B82CD00070CB0 /* ssl-46-SSLGetSupportedCiphers.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-46-SSLGetSupportedCiphers.c"; sourceTree = ""; }; + DC0BCA3B1D8B82CD00070CB0 /* ssl-47-falsestart.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-47-falsestart.c"; sourceTree = ""; }; + DC0BCA3C1D8B82CD00070CB0 /* ssl-48-split.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-48-split.c"; sourceTree = ""; }; + DC0BCA3D1D8B82CD00070CB0 /* ssl-49-sni.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-49-sni.c"; sourceTree = ""; }; + DC0BCA3E1D8B82CD00070CB0 /* ssl-50-server.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-50-server.c"; sourceTree = ""; }; + DC0BCA3F1D8B82CD00070CB0 /* ssl-51-state.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-51-state.c"; sourceTree = ""; }; + DC0BCA401D8B82CD00070CB0 /* ssl-52-noconn.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-52-noconn.c"; sourceTree = ""; }; + DC0BCA411D8B82CD00070CB0 /* ssl-53-clientauth.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-53-clientauth.c"; sourceTree = ""; }; + DC0BCA421D8B82CD00070CB0 /* ssl-54-dhe.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-54-dhe.c"; sourceTree = ""; }; + DC0BCA431D8B82CD00070CB0 /* ssl-55-sessioncache.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-55-sessioncache.c"; sourceTree = ""; }; + DC0BCA441D8B82CD00070CB0 /* ssl-56-renegotiate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-56-renegotiate.c"; sourceTree = ""; }; + DC0BCA451D8B82CD00070CB0 /* ssl-utils.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "ssl-utils.c"; sourceTree = ""; }; + DC0BCA461D8B82CD00070CB0 /* ssl-utils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ssl-utils.h"; sourceTree = ""; }; + DC0BCA471D8B82CD00070CB0 /* ssl_regressions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ssl_regressions.h; sourceTree = ""; }; + DC0BCA801D8B858600070CB0 /* libsecurity_transform.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_transform.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BCA821D8B85BC00070CB0 /* SecMaskGenerationFunctionTransform.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecMaskGenerationFunctionTransform.c; sourceTree = ""; }; + DC0BCA831D8B85BC00070CB0 /* SecMaskGenerationFunctionTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecMaskGenerationFunctionTransform.h; sourceTree = ""; }; + DC0BCA841D8B85BC00070CB0 /* SecReadTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecReadTransform.h; sourceTree = ""; }; + DC0BCA851D8B85BC00070CB0 /* SecCollectTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecCollectTransform.cpp; sourceTree = ""; }; + DC0BCA861D8B85BC00070CB0 /* SecCollectTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCollectTransform.h; sourceTree = ""; }; + DC0BCA871D8B85BC00070CB0 /* c++utils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "c++utils.h"; sourceTree = ""; }; + DC0BCA881D8B85BC00070CB0 /* c++utils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = "c++utils.cpp"; sourceTree = ""; }; + DC0BCA891D8B85BC00070CB0 /* CoreFoundationBasics.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CoreFoundationBasics.cpp; sourceTree = ""; }; + DC0BCA8A1D8B85BC00070CB0 /* CoreFoundationBasics.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CoreFoundationBasics.h; sourceTree = ""; }; + DC0BCA8B1D8B85BC00070CB0 /* Digest.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Digest.cpp; sourceTree = ""; }; + DC0BCA8C1D8B85BC00070CB0 /* Digest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Digest.h; sourceTree = ""; }; + DC0BCA8D1D8B85BC00070CB0 /* EncodeDecodeTransforms.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = EncodeDecodeTransforms.c; sourceTree = ""; }; + DC0BCA8E1D8B85BC00070CB0 /* EncryptTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = EncryptTransform.h; sourceTree = ""; }; + DC0BCA8F1D8B85BC00070CB0 /* EncryptTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = EncryptTransform.cpp; sourceTree = ""; }; + DC0BCA901D8B85BC00070CB0 /* CEncryptDecrypt.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = CEncryptDecrypt.c; sourceTree = ""; }; + DC0BCA911D8B85BC00070CB0 /* EncryptTransformUtilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = EncryptTransformUtilities.h; sourceTree = ""; }; + DC0BCA921D8B85BC00070CB0 /* EncryptTransformUtilities.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = EncryptTransformUtilities.cpp; sourceTree = ""; }; + DC0BCA931D8B85BC00070CB0 /* GroupTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = GroupTransform.cpp; sourceTree = ""; }; + DC0BCA941D8B85BC00070CB0 /* GroupTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GroupTransform.h; sourceTree = ""; }; + DC0BCA951D8B85BC00070CB0 /* LinkedList.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = LinkedList.cpp; sourceTree = ""; }; + DC0BCA961D8B85BC00070CB0 /* LinkedList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LinkedList.h; sourceTree = ""; }; + DC0BCA971D8B85BC00070CB0 /* misc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = misc.c; sourceTree = ""; }; + DC0BCA981D8B85BC00070CB0 /* misc.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = misc.h; sourceTree = ""; }; + DC0BCA991D8B85BC00070CB0 /* Monitor.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Monitor.cpp; sourceTree = ""; }; + DC0BCA9A1D8B85BC00070CB0 /* Monitor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Monitor.h; sourceTree = ""; }; + DC0BCA9B1D8B85BC00070CB0 /* NullTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NullTransform.cpp; sourceTree = ""; }; + DC0BCA9C1D8B85BC00070CB0 /* NullTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NullTransform.h; sourceTree = ""; }; + DC0BCA9D1D8B85BC00070CB0 /* SecCustomTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCustomTransform.h; sourceTree = ""; }; + DC0BCA9E1D8B85BC00070CB0 /* SecCustomTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SecCustomTransform.cpp; sourceTree = ""; }; + DC0BCA9F1D8B85BC00070CB0 /* SecDecodeTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecDecodeTransform.h; sourceTree = ""; }; + DC0BCAA01D8B85BC00070CB0 /* SecDigestTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecDigestTransform.cpp; sourceTree = ""; }; + DC0BCAA11D8B85BC00070CB0 /* SecDigestTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecDigestTransform.h; sourceTree = ""; }; + DC0BCAA21D8B85BC00070CB0 /* SecEncryptTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecEncryptTransform.h; sourceTree = ""; }; + DC0BCAA31D8B85BC00070CB0 /* SecEncodeTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecEncodeTransform.h; sourceTree = ""; }; + DC0BCAA41D8B85BC00070CB0 /* SecEncryptTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecEncryptTransform.cpp; sourceTree = ""; }; + DC0BCAA51D8B85BC00070CB0 /* SecGroupTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecGroupTransform.cpp; sourceTree = ""; }; + DC0BCAA61D8B85BC00070CB0 /* SecGroupTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecGroupTransform.h; sourceTree = ""; }; + DC0BCAA71D8B85BC00070CB0 /* SecNullTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecNullTransform.cpp; sourceTree = ""; }; + DC0BCAA81D8B85BC00070CB0 /* SecSignVerifyTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecSignVerifyTransform.h; sourceTree = ""; }; + DC0BCAA91D8B85BC00070CB0 /* SecSignVerifyTransform.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecSignVerifyTransform.c; sourceTree = ""; }; + DC0BCAAA1D8B85BC00070CB0 /* SecNullTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecNullTransform.h; sourceTree = ""; }; + DC0BCAAB1D8B85BC00070CB0 /* SecTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecTransform.cpp; sourceTree = ""; }; + DC0BCAAC1D8B85BC00070CB0 /* SecTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecTransform.h; sourceTree = ""; }; + DC0BCAAD1D8B85BC00070CB0 /* SecTransformInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecTransformInternal.h; sourceTree = ""; }; + DC0BCAAE1D8B85BC00070CB0 /* SingleShotSource.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SingleShotSource.cpp; sourceTree = ""; }; + DC0BCAAF1D8B85BC00070CB0 /* SingleShotSource.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SingleShotSource.h; sourceTree = ""; }; + DC0BCAB01D8B85BC00070CB0 /* Source.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Source.cpp; sourceTree = ""; }; + DC0BCAB11D8B85BC00070CB0 /* Source.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Source.h; sourceTree = ""; }; + DC0BCAB21D8B85BC00070CB0 /* StreamSource.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = StreamSource.cpp; sourceTree = ""; }; + DC0BCAB31D8B85BC00070CB0 /* StreamSource.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StreamSource.h; sourceTree = ""; }; + DC0BCAB41D8B85BC00070CB0 /* Transform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = Transform.cpp; sourceTree = ""; }; + DC0BCAB51D8B85BC00070CB0 /* Transform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = Transform.h; sourceTree = ""; }; + DC0BCAB61D8B85BC00070CB0 /* TransformFactory.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TransformFactory.cpp; sourceTree = ""; }; + DC0BCAB71D8B85BC00070CB0 /* TransformFactory.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TransformFactory.h; sourceTree = ""; }; + DC0BCAB81D8B85BC00070CB0 /* Utilities.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Utilities.cpp; sourceTree = ""; }; + DC0BCAB91D8B85BC00070CB0 /* Utilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Utilities.h; sourceTree = ""; }; + DC0BCABA1D8B85BC00070CB0 /* SecExternalSourceTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecExternalSourceTransform.h; sourceTree = ""; }; + DC0BCABB1D8B85BC00070CB0 /* SecExternalSourceTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecExternalSourceTransform.cpp; sourceTree = ""; }; + DC0BCABC1D8B85BC00070CB0 /* SecTransformReadTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecTransformReadTransform.h; sourceTree = ""; }; + DC0BCABD1D8B85BC00070CB0 /* SecTransformReadTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecTransformReadTransform.cpp; sourceTree = ""; }; + DC0BCABE1D8B85BC00070CB0 /* SecTransformValidator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecTransformValidator.h; sourceTree = ""; }; + DC0BCABF1D8B85BC00070CB0 /* SecReadTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecReadTransform.h; sourceTree = ""; }; + DC0BCB081D8B894F00070CB0 /* libsecurity_translocate.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_translocate.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BCB0A1D8B898100070CB0 /* SecTranslocateClient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecTranslocateClient.cpp; sourceTree = ""; }; + DC0BCB0B1D8B898100070CB0 /* SecTranslocateClient.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = SecTranslocateClient.hpp; sourceTree = ""; }; + DC0BCB0C1D8B898100070CB0 /* SecTranslocateXPCServer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecTranslocateXPCServer.cpp; sourceTree = ""; }; + DC0BCB0D1D8B898100070CB0 /* SecTranslocateXPCServer.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = SecTranslocateXPCServer.hpp; sourceTree = ""; }; + DC0BCB0E1D8B898100070CB0 /* SecTranslocateInterface.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = SecTranslocateInterface.hpp; sourceTree = ""; }; + DC0BCB0F1D8B898100070CB0 /* SecTranslocateDANotification.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecTranslocateDANotification.cpp; sourceTree = ""; }; + DC0BCB101D8B898100070CB0 /* SecTranslocateDANotification.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = SecTranslocateDANotification.hpp; sourceTree = ""; }; + DC0BCB111D8B898100070CB0 /* SecTranslocateLSNotification.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecTranslocateLSNotification.cpp; sourceTree = ""; }; + DC0BCB121D8B898100070CB0 /* SecTranslocateLSNotification.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = SecTranslocateLSNotification.hpp; sourceTree = ""; }; + DC0BCB131D8B898100070CB0 /* SecTranslocateShared.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = SecTranslocateShared.hpp; sourceTree = ""; }; + DC0BCB141D8B898100070CB0 /* SecTranslocateShared.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecTranslocateShared.cpp; sourceTree = ""; }; + DC0BCB151D8B898100070CB0 /* SecTranslocateServer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecTranslocateServer.cpp; sourceTree = ""; }; + DC0BCB161D8B898100070CB0 /* SecTranslocateServer.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = SecTranslocateServer.hpp; sourceTree = ""; }; + DC0BCB171D8B898100070CB0 /* SecTranslocate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecTranslocate.h; sourceTree = ""; }; + DC0BCB181D8B898100070CB0 /* SecTranslocate.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecTranslocate.cpp; sourceTree = ""; }; + DC0BCB191D8B898100070CB0 /* SecTranslocateUtilities.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecTranslocateUtilities.cpp; sourceTree = ""; }; + DC0BCB1A1D8B898100070CB0 /* SecTranslocateUtilities.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = SecTranslocateUtilities.hpp; sourceTree = ""; }; + DC0BCB1B1D8B898100070CB0 /* SecTranslocateInterface.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecTranslocateInterface.cpp; sourceTree = ""; }; + DC0BCBFD1D8C648C00070CB0 /* libregressionBase.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libregressionBase.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BCBFE1D8C64B500070CB0 /* test-00-test.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "test-00-test.c"; path = "OSX/regressions/test/test-00-test.c"; sourceTree = ""; }; + DC0BCBFF1D8C64B500070CB0 /* test_regressions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = test_regressions.h; path = OSX/regressions/test/test_regressions.h; sourceTree = ""; }; + DC0BCC001D8C64B500070CB0 /* testlist_begin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = testlist_begin.h; path = OSX/regressions/test/testlist_begin.h; sourceTree = ""; }; + DC0BCC011D8C64B500070CB0 /* testlist_end.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = testlist_end.h; path = OSX/regressions/test/testlist_end.h; sourceTree = ""; }; + DC0BCC021D8C64B500070CB0 /* testcpp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = testcpp.h; path = OSX/regressions/test/testcpp.h; sourceTree = ""; }; + DC0BCC031D8C64B500070CB0 /* testenv.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = testenv.m; path = OSX/regressions/test/testenv.m; sourceTree = ""; }; + DC0BCC041D8C64B500070CB0 /* testenv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = testenv.h; path = OSX/regressions/test/testenv.h; sourceTree = ""; }; + DC0BCC051D8C64B500070CB0 /* testmore.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = testmore.c; path = OSX/regressions/test/testmore.c; sourceTree = ""; }; + DC0BCC061D8C64B500070CB0 /* testmore.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = testmore.h; path = OSX/regressions/test/testmore.h; sourceTree = ""; }; + DC0BCC071D8C64B500070CB0 /* testcert.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = testcert.c; path = OSX/regressions/test/testcert.c; sourceTree = ""; }; + DC0BCC081D8C64B500070CB0 /* testcert.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = testcert.h; path = OSX/regressions/test/testcert.h; sourceTree = ""; }; + DC0BCC091D8C64B500070CB0 /* testpolicy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = testpolicy.h; path = OSX/regressions/test/testpolicy.h; sourceTree = ""; }; + DC0BCC0A1D8C64B500070CB0 /* testpolicy.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = testpolicy.m; path = OSX/regressions/test/testpolicy.m; sourceTree = ""; }; + DC0BCC361D8C684F00070CB0 /* libutilities.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libutilities.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BCC391D8C68CF00070CB0 /* SecMeta.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; name = SecMeta.h; path = src/SecMeta.h; sourceTree = ""; }; + DC0BCC3A1D8C68CF00070CB0 /* iCloudKeychainTrace.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = iCloudKeychainTrace.c; path = src/iCloudKeychainTrace.c; sourceTree = ""; }; + DC0BCC3B1D8C68CF00070CB0 /* iCloudKeychainTrace.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = iCloudKeychainTrace.h; path = src/iCloudKeychainTrace.h; sourceTree = ""; }; + DC0BCC3C1D8C68CF00070CB0 /* SecAKSWrappers.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = SecAKSWrappers.c; path = src/SecAKSWrappers.c; sourceTree = ""; }; + DC0BCC3D1D8C68CF00070CB0 /* SecAKSWrappers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecAKSWrappers.h; path = src/SecAKSWrappers.h; sourceTree = ""; }; + DC0BCC3E1D8C68CF00070CB0 /* SecBuffer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = SecBuffer.c; path = src/SecBuffer.c; sourceTree = ""; }; + DC0BCC3F1D8C68CF00070CB0 /* SecBuffer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecBuffer.h; path = src/SecBuffer.h; sourceTree = ""; }; + DC0BCC401D8C68CF00070CB0 /* SecCoreCrypto.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = SecCoreCrypto.c; path = src/SecCoreCrypto.c; sourceTree = ""; }; + DC0BCC411D8C68CF00070CB0 /* SecCoreCrypto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCoreCrypto.h; path = src/SecCoreCrypto.h; sourceTree = ""; }; + DC0BCC421D8C68CF00070CB0 /* SecCertificateTrace.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = SecCertificateTrace.c; path = src/SecCertificateTrace.c; sourceTree = ""; }; + DC0BCC431D8C68CF00070CB0 /* SecCertificateTrace.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCertificateTrace.h; path = src/SecCertificateTrace.h; sourceTree = ""; }; + DC0BCC441D8C68CF00070CB0 /* SecCFCCWrappers.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = SecCFCCWrappers.c; path = src/SecCFCCWrappers.c; sourceTree = ""; }; + DC0BCC451D8C68CF00070CB0 /* SecCFCCWrappers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCFCCWrappers.h; path = src/SecCFCCWrappers.h; sourceTree = ""; }; + DC0BCC461D8C68CF00070CB0 /* SecCFRelease.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCFRelease.h; path = src/SecCFRelease.h; sourceTree = ""; }; + DC0BCC471D8C68CF00070CB0 /* SecCFWrappers.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = SecCFWrappers.c; path = src/SecCFWrappers.c; sourceTree = ""; }; + DC0BCC481D8C68CF00070CB0 /* SecCFWrappers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; name = SecCFWrappers.h; path = src/SecCFWrappers.h; sourceTree = ""; }; + DC0BCC491D8C68CF00070CB0 /* SecCFError.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = SecCFError.c; path = src/SecCFError.c; sourceTree = ""; }; + DC0BCC4A1D8C68CF00070CB0 /* SecCFError.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCFError.h; path = src/SecCFError.h; sourceTree = ""; }; + DC0BCC4B1D8C68CF00070CB0 /* SecDispatchRelease.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecDispatchRelease.h; path = src/SecDispatchRelease.h; sourceTree = ""; }; + DC0BCC4C1D8C68CF00070CB0 /* SecIOFormat.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecIOFormat.h; path = src/SecIOFormat.h; sourceTree = ""; }; + DC0BCC4D1D8C68CF00070CB0 /* SecTrace.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = SecTrace.c; path = src/SecTrace.c; sourceTree = ""; }; + DC0BCC4E1D8C68CF00070CB0 /* SecTrace.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTrace.h; path = src/SecTrace.h; sourceTree = ""; }; + DC0BCC4F1D8C68CF00070CB0 /* array_size.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = array_size.h; path = src/array_size.h; sourceTree = ""; }; + DC0BCC521D8C68CF00070CB0 /* debugging.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = debugging.c; path = src/debugging.c; sourceTree = ""; }; + DC0BCC531D8C68CF00070CB0 /* debugging.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; name = debugging.h; path = src/debugging.h; sourceTree = ""; }; + DC0BCC541D8C68CF00070CB0 /* debugging_test.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = debugging_test.h; path = src/debugging_test.h; sourceTree = ""; }; + DC0BCC551D8C68CF00070CB0 /* der_array.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = der_array.c; path = src/der_array.c; sourceTree = ""; }; + DC0BCC561D8C68CF00070CB0 /* der_boolean.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = der_boolean.c; path = src/der_boolean.c; sourceTree = ""; }; + DC0BCC571D8C68CF00070CB0 /* der_null.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = der_null.c; path = src/der_null.c; sourceTree = ""; }; + DC0BCC581D8C68CF00070CB0 /* der_data.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = der_data.c; path = src/der_data.c; sourceTree = ""; }; + DC0BCC591D8C68CF00070CB0 /* der_date.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; name = der_date.c; path = src/der_date.c; sourceTree = ""; }; + DC0BCC5A1D8C68CF00070CB0 /* der_date.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = der_date.h; path = src/der_date.h; sourceTree = ""; }; + DC0BCC5B1D8C68CF00070CB0 /* der_dictionary.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = der_dictionary.c; path = src/der_dictionary.c; sourceTree = ""; }; + DC0BCC5C1D8C68CF00070CB0 /* der_number.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = der_number.c; path = src/der_number.c; sourceTree = ""; }; + DC0BCC5D1D8C68CF00070CB0 /* der_plist.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = der_plist.c; path = src/der_plist.c; sourceTree = ""; }; + DC0BCC5F1D8C68CF00070CB0 /* der_plist_internal.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = der_plist_internal.c; path = src/der_plist_internal.c; sourceTree = ""; }; + DC0BCC601D8C68CF00070CB0 /* der_plist_internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = der_plist_internal.h; path = src/der_plist_internal.h; sourceTree = ""; }; + DC0BCC611D8C68CF00070CB0 /* der_set.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = der_set.c; path = src/der_set.c; sourceTree = ""; }; + DC0BCC621D8C68CF00070CB0 /* der_set.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = der_set.h; path = src/der_set.h; sourceTree = ""; }; + DC0BCC631D8C68CF00070CB0 /* der_string.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = der_string.c; path = src/der_string.c; sourceTree = ""; }; + DC0BCC641D8C68CF00070CB0 /* fileIo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = fileIo.c; path = src/fileIo.c; sourceTree = ""; }; + DC0BCC651D8C68CF00070CB0 /* fileIo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = fileIo.h; path = src/fileIo.h; sourceTree = ""; }; + DC0BCC661D8C68CF00070CB0 /* sqlutils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sqlutils.h; path = src/sqlutils.h; sourceTree = ""; }; + DC0BCC671D8C68CF00070CB0 /* iOSforOSX.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = iOSforOSX.h; path = src/iOSforOSX.h; sourceTree = ""; }; + DC0BCC681D8C68CF00070CB0 /* iOSforOSX.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = iOSforOSX.c; path = src/iOSforOSX.c; sourceTree = ""; }; + DC0BCC691D8C68CF00070CB0 /* iOSforOSX-SecAttr.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "iOSforOSX-SecAttr.c"; path = "src/iOSforOSX-SecAttr.c"; sourceTree = ""; }; + DC0BCC6A1D8C68CF00070CB0 /* iOSforOSX-SecRandom.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "iOSforOSX-SecRandom.c"; path = "src/iOSforOSX-SecRandom.c"; sourceTree = ""; }; + DC0BCC6B1D8C68CF00070CB0 /* SecDb.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; name = SecDb.c; path = src/SecDb.c; sourceTree = ""; }; + DC0BCC6C1D8C68CF00070CB0 /* SecDb.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecDb.h; path = src/SecDb.h; sourceTree = ""; }; + DC0BCC6D1D8C68CF00070CB0 /* SecFileLocations.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = SecFileLocations.c; path = src/SecFileLocations.c; sourceTree = ""; }; + DC0BCC6E1D8C68CF00070CB0 /* SecFileLocations.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecFileLocations.h; path = src/SecFileLocations.h; sourceTree = ""; }; + DC0BCC6F1D8C68CF00070CB0 /* SecXPCError.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecXPCError.h; path = src/SecXPCError.h; sourceTree = ""; }; + DC0BCC701D8C68CF00070CB0 /* SecXPCError.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = SecXPCError.c; path = src/SecXPCError.c; sourceTree = ""; }; + DC0BCC711D8C68CF00070CB0 /* simulate_crash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = simulate_crash.c; path = src/simulate_crash.c; sourceTree = ""; }; + DC0BCC721D8C68CF00070CB0 /* SecSCTUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecSCTUtils.h; path = src/SecSCTUtils.h; sourceTree = ""; }; + DC0BCC731D8C68CF00070CB0 /* SecSCTUtils.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = SecSCTUtils.c; path = src/SecSCTUtils.c; sourceTree = ""; }; + DC0BCC741D8C68CF00070CB0 /* SecAppleAnchor.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = SecAppleAnchor.c; path = src/SecAppleAnchor.c; sourceTree = ""; }; + DC0BCC751D8C68CF00070CB0 /* SecAppleAnchorPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecAppleAnchorPriv.h; path = src/SecAppleAnchorPriv.h; sourceTree = ""; }; + DC0BCC761D8C68CF00070CB0 /* SecInternalRelease.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = SecInternalRelease.c; path = src/SecInternalRelease.c; sourceTree = ""; }; + DC0BCC771D8C68CF00070CB0 /* SecInternalReleasePriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecInternalReleasePriv.h; path = src/SecInternalReleasePriv.h; sourceTree = ""; }; + DC0BCD481D8C694700070CB0 /* libutilitiesRegressions.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libutilitiesRegressions.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC0BCD491D8C697100070CB0 /* utilities_regressions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = utilities_regressions.h; sourceTree = ""; }; + DC0BCD4A1D8C697100070CB0 /* su-05-cfwrappers.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-05-cfwrappers.c"; sourceTree = ""; }; + DC0BCD4B1D8C697100070CB0 /* su-07-debugging.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = "su-07-debugging.c"; sourceTree = ""; }; + DC0BCD4C1D8C697100070CB0 /* su-08-secbuffer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-08-secbuffer.c"; sourceTree = ""; }; + DC0BCD4D1D8C697100070CB0 /* su-10-cfstring-der.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-10-cfstring-der.c"; sourceTree = ""; }; + DC0BCD4E1D8C697100070CB0 /* su-11-cfdata-der.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-11-cfdata-der.c"; sourceTree = ""; }; + DC0BCD4F1D8C697100070CB0 /* su-12-cfboolean-der.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-12-cfboolean-der.c"; sourceTree = ""; }; + DC0BCD501D8C697100070CB0 /* su-13-cfnumber-der.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-13-cfnumber-der.c"; sourceTree = ""; }; + DC0BCD511D8C697100070CB0 /* su-14-cfarray-der.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-14-cfarray-der.c"; sourceTree = ""; }; + DC0BCD521D8C697100070CB0 /* su-15-cfdictionary-der.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-15-cfdictionary-der.c"; sourceTree = ""; }; + DC0BCD531D8C697100070CB0 /* su-17-cfset-der.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-17-cfset-der.c"; sourceTree = ""; }; + DC0BCD541D8C697100070CB0 /* su-16-cfdate-der.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-16-cfdate-der.c"; sourceTree = ""; }; + DC0BCD551D8C697100070CB0 /* su-40-secdb.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-40-secdb.c"; sourceTree = ""; }; + DC0BCD561D8C697100070CB0 /* su-41-secdb-stress.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "su-41-secdb-stress.c"; sourceTree = ""; }; + DC0BCDB41D8C6A5B00070CB0 /* not_on_this_platorm.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = not_on_this_platorm.c; path = ../../utilities/SecurityTool/not_on_this_platorm.c; sourceTree = ""; }; + DC1784421D77869A00B50D50 /* libsecurity_smime.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_smime.xcodeproj; path = OSX/libsecurity_smime/libsecurity_smime.xcodeproj; sourceTree = ""; }; + DC1784AE1D7786C700B50D50 /* libsecurity_cms.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = libsecurity_cms.xcodeproj; path = OSX/libsecurity_cms/libsecurity_cms.xcodeproj; sourceTree = ""; }; + DC1785051D77873100B50D50 /* Security.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Security.framework; sourceTree = BUILT_PRODUCTS_DIR; }; + DC1785111D77895A00B50D50 /* oidsalg.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = oidsalg.h; path = OSX/libsecurity_asn1/lib/oidsalg.h; sourceTree = ""; }; + DC1785121D77895A00B50D50 /* oidsattr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = oidsattr.h; path = OSX/libsecurity_asn1/lib/oidsattr.h; sourceTree = ""; }; + DC1785131D77895A00B50D50 /* SecAsn1Coder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecAsn1Coder.h; path = OSX/libsecurity_asn1/lib/SecAsn1Coder.h; sourceTree = ""; }; + DC1785141D77895A00B50D50 /* SecAsn1Templates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecAsn1Templates.h; path = OSX/libsecurity_asn1/lib/SecAsn1Templates.h; sourceTree = ""; }; + DC1785151D77895A00B50D50 /* SecAsn1Types.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecAsn1Types.h; path = OSX/libsecurity_asn1/lib/SecAsn1Types.h; sourceTree = ""; }; + DC17851C1D7789AF00B50D50 /* Authorization.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Authorization.h; path = OSX/libsecurity_authorization/lib/Authorization.h; sourceTree = ""; }; + DC17851D1D7789AF00B50D50 /* AuthorizationDB.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AuthorizationDB.h; path = OSX/libsecurity_authorization/lib/AuthorizationDB.h; sourceTree = ""; }; + DC17851E1D7789AF00B50D50 /* AuthorizationPlugin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AuthorizationPlugin.h; path = OSX/libsecurity_authorization/lib/AuthorizationPlugin.h; sourceTree = ""; }; + DC17851F1D7789AF00B50D50 /* AuthorizationTags.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AuthorizationTags.h; path = OSX/libsecurity_authorization/lib/AuthorizationTags.h; sourceTree = ""; }; + DC1785201D7789AF00B50D50 /* AuthSession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AuthSession.h; path = OSX/libsecurity_authorization/lib/AuthSession.h; sourceTree = ""; }; + DC1785271D778A0100B50D50 /* SecCustomTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCustomTransform.h; path = OSX/libsecurity_transform/lib/SecCustomTransform.h; sourceTree = ""; }; + DC1785281D778A0100B50D50 /* SecDecodeTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecDecodeTransform.h; path = OSX/libsecurity_transform/lib/SecDecodeTransform.h; sourceTree = ""; }; + DC1785291D778A0100B50D50 /* SecDigestTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecDigestTransform.h; path = OSX/libsecurity_transform/lib/SecDigestTransform.h; sourceTree = ""; }; + DC17852A1D778A0100B50D50 /* SecEncodeTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecEncodeTransform.h; path = OSX/libsecurity_transform/lib/SecEncodeTransform.h; sourceTree = ""; }; + DC17852B1D778A0100B50D50 /* SecEncryptTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecEncryptTransform.h; path = OSX/libsecurity_transform/lib/SecEncryptTransform.h; sourceTree = ""; }; + DC17852C1D778A0100B50D50 /* SecReadTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecReadTransform.h; path = OSX/libsecurity_transform/lib/SecReadTransform.h; sourceTree = ""; }; + DC17852D1D778A0100B50D50 /* SecSignVerifyTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecSignVerifyTransform.h; path = OSX/libsecurity_transform/lib/SecSignVerifyTransform.h; sourceTree = ""; }; + DC17852E1D778A0100B50D50 /* SecTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTransform.h; path = OSX/libsecurity_transform/lib/SecTransform.h; sourceTree = ""; }; + DC17852F1D778A0100B50D50 /* SecTransformReadTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTransformReadTransform.h; path = OSX/libsecurity_transform/lib/SecTransformReadTransform.h; sourceTree = ""; }; + DC17853A1D778A3100B50D50 /* mds_schema.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = mds_schema.h; path = OSX/libsecurity_mds/lib/mds_schema.h; sourceTree = ""; }; + DC17853B1D778A3100B50D50 /* mds.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = mds.h; path = OSX/libsecurity_mds/lib/mds.h; sourceTree = ""; }; + DC17853F1D778A4E00B50D50 /* SecureDownload.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecureDownload.h; path = OSX/libsecurity_manifest/lib/SecureDownload.h; sourceTree = ""; }; + DC1785421D778A7400B50D50 /* oids.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = oids.h; sourceTree = ""; }; + DC1785451D778ACD00B50D50 /* SecAccess.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecAccess.h; path = OSX/libsecurity_keychain/lib/SecAccess.h; sourceTree = ""; }; + DC1785461D778ACD00B50D50 /* SecACL.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecACL.h; path = OSX/libsecurity_keychain/lib/SecACL.h; sourceTree = ""; }; + DC1785471D778ACD00B50D50 /* SecCertificateOIDs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCertificateOIDs.h; path = OSX/libsecurity_keychain/lib/SecCertificateOIDs.h; sourceTree = ""; }; + DC1785481D778ACD00B50D50 /* SecIdentitySearch.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecIdentitySearch.h; path = OSX/libsecurity_keychain/lib/SecIdentitySearch.h; sourceTree = ""; }; + DC1785491D778ACD00B50D50 /* SecKeychain.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecKeychain.h; path = OSX/libsecurity_keychain/lib/SecKeychain.h; sourceTree = ""; }; + DC17854A1D778ACD00B50D50 /* SecKeychainItem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecKeychainItem.h; path = OSX/libsecurity_keychain/lib/SecKeychainItem.h; sourceTree = ""; }; + DC17854B1D778ACD00B50D50 /* SecKeychainSearch.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecKeychainSearch.h; path = OSX/libsecurity_keychain/lib/SecKeychainSearch.h; sourceTree = ""; }; + DC17854C1D778ACD00B50D50 /* SecPolicySearch.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecPolicySearch.h; path = OSX/libsecurity_keychain/lib/SecPolicySearch.h; sourceTree = ""; }; + DC17854D1D778ACD00B50D50 /* SecTrustedApplication.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTrustedApplication.h; path = OSX/libsecurity_keychain/lib/SecTrustedApplication.h; sourceTree = ""; }; + DC1785581D778B4A00B50D50 /* cssm.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssm.h; path = OSX/libsecurity_cssm/lib/cssm.h; sourceTree = ""; }; + DC1785591D778B4A00B50D50 /* cssmaci.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmaci.h; path = OSX/libsecurity_cssm/lib/cssmaci.h; sourceTree = ""; }; + DC17855A1D778B4A00B50D50 /* cssmapi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmapi.h; path = OSX/libsecurity_cssm/lib/cssmapi.h; sourceTree = ""; }; + DC17855B1D778B4A00B50D50 /* cssmcli.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmcli.h; path = OSX/libsecurity_cssm/lib/cssmcli.h; sourceTree = ""; }; + DC17855C1D778B4A00B50D50 /* cssmconfig.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmconfig.h; path = OSX/libsecurity_cssm/lib/cssmconfig.h; sourceTree = ""; }; + DC17855D1D778B4A00B50D50 /* cssmcspi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmcspi.h; path = OSX/libsecurity_cssm/lib/cssmcspi.h; sourceTree = ""; }; + DC17855E1D778B4A00B50D50 /* cssmdli.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmdli.h; path = OSX/libsecurity_cssm/lib/cssmdli.h; sourceTree = ""; }; + DC17855F1D778B4A00B50D50 /* cssmerr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmerr.h; path = OSX/libsecurity_cssm/lib/cssmerr.h; sourceTree = ""; }; + DC1785601D778B4A00B50D50 /* cssmkrapi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmkrapi.h; path = OSX/libsecurity_cssm/lib/cssmkrapi.h; sourceTree = ""; }; + DC1785611D778B4A00B50D50 /* cssmkrspi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmkrspi.h; path = OSX/libsecurity_cssm/lib/cssmkrspi.h; sourceTree = ""; }; + DC1785621D778B4A00B50D50 /* cssmspi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmspi.h; path = OSX/libsecurity_cssm/lib/cssmspi.h; sourceTree = ""; }; + DC1785631D778B4A00B50D50 /* cssmtpi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmtpi.h; path = OSX/libsecurity_cssm/lib/cssmtpi.h; sourceTree = ""; }; + DC1785641D778B4A00B50D50 /* cssmtype.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmtype.h; path = OSX/libsecurity_cssm/lib/cssmtype.h; sourceTree = ""; }; + DC1785651D778B4A00B50D50 /* eisl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = eisl.h; path = OSX/libsecurity_cssm/lib/eisl.h; sourceTree = ""; }; + DC1785661D778B4A00B50D50 /* emmspi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = emmspi.h; path = OSX/libsecurity_cssm/lib/emmspi.h; sourceTree = ""; }; + DC1785671D778B4A00B50D50 /* emmtype.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = emmtype.h; path = OSX/libsecurity_cssm/lib/emmtype.h; sourceTree = ""; }; + DC1785681D778B4A00B50D50 /* oidsbase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = oidsbase.h; path = OSX/libsecurity_cssm/lib/oidsbase.h; sourceTree = ""; }; + DC1785691D778B4A00B50D50 /* oidscert.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = oidscert.h; path = OSX/libsecurity_cssm/lib/oidscert.h; sourceTree = ""; }; + DC17856A1D778B4A00B50D50 /* oidscrl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = oidscrl.h; path = OSX/libsecurity_cssm/lib/oidscrl.h; sourceTree = ""; }; + DC17856B1D778B4A00B50D50 /* x509defs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = x509defs.h; path = OSX/libsecurity_cssm/lib/x509defs.h; sourceTree = ""; }; + DC1785811D778B7F00B50D50 /* CodeSigning.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CodeSigning.h; path = lib/CodeSigning.h; sourceTree = ""; }; + DC1785821D778B7F00B50D50 /* CSCommon.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CSCommon.h; path = lib/CSCommon.h; sourceTree = ""; }; + DC1785831D778B7F00B50D50 /* SecCode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCode.h; path = lib/SecCode.h; sourceTree = ""; }; + DC1785841D778B8000B50D50 /* SecCodeHost.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCodeHost.h; path = lib/SecCodeHost.h; sourceTree = ""; }; + DC1785851D778B8000B50D50 /* SecRequirement.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecRequirement.h; path = lib/SecRequirement.h; sourceTree = ""; }; + DC1785861D778B8000B50D50 /* SecStaticCode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecStaticCode.h; path = lib/SecStaticCode.h; sourceTree = ""; }; + DC17858E1D778B9D00B50D50 /* CMSDecoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CMSDecoder.h; path = OSX/libsecurity_cms/lib/CMSDecoder.h; sourceTree = ""; }; + DC17858F1D778B9D00B50D50 /* CMSEncoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CMSEncoder.h; path = OSX/libsecurity_cms/lib/CMSEncoder.h; sourceTree = ""; }; + DC1785981D778C5300B50D50 /* cssmapple.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmapple.h; path = cssm/cssmapple.h; sourceTree = ""; }; + DC1785A31D778D0D00B50D50 /* CipherSuite.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CipherSuite.h; path = OSX/libsecurity_ssl/lib/CipherSuite.h; sourceTree = ""; }; + DC1785A41D778D0D00B50D50 /* SecureTransport.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecureTransport.h; path = OSX/libsecurity_ssl/lib/SecureTransport.h; sourceTree = ""; }; + DC1786F31D778EF800B50D50 /* SecTranslocate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTranslocate.h; path = lib/SecTranslocate.h; sourceTree = ""; }; + DC1786F51D778F2500B50D50 /* SecExternalSourceTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecExternalSourceTransform.h; path = OSX/libsecurity_transform/lib/SecExternalSourceTransform.h; sourceTree = ""; }; + DC1786F61D778F2500B50D50 /* SecNullTransform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecNullTransform.h; path = OSX/libsecurity_transform/lib/SecNullTransform.h; sourceTree = ""; }; + DC1786F71D778F2500B50D50 /* SecTransformInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTransformInternal.h; path = OSX/libsecurity_transform/lib/SecTransformInternal.h; sourceTree = ""; }; + DC1786FB1D778F3C00B50D50 /* sslTypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sslTypes.h; path = OSX/libsecurity_ssl/lib/sslTypes.h; sourceTree = ""; }; + DC1786FD1D778F5000B50D50 /* SecureTransportPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecureTransportPriv.h; path = OSX/libsecurity_ssl/lib/SecureTransportPriv.h; sourceTree = ""; }; + DC1787001D778FA900B50D50 /* SecCMS.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCMS.h; sourceTree = ""; }; + DC1787011D778FA900B50D50 /* SecCmsBase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsBase.h; sourceTree = ""; }; + DC1787021D778FA900B50D50 /* SecCmsContentInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsContentInfo.h; sourceTree = ""; }; + DC1787031D778FA900B50D50 /* SecCmsDecoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsDecoder.h; sourceTree = ""; }; + DC1787041D778FA900B50D50 /* SecCmsDigestContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsDigestContext.h; sourceTree = ""; }; + DC1787051D778FA900B50D50 /* SecCmsDigestedData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsDigestedData.h; sourceTree = ""; }; + DC1787061D778FA900B50D50 /* SecCmsEncoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsEncoder.h; sourceTree = ""; }; + DC1787071D778FA900B50D50 /* SecCmsEncryptedData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsEncryptedData.h; sourceTree = ""; }; + DC1787081D778FA900B50D50 /* SecCmsEnvelopedData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsEnvelopedData.h; sourceTree = ""; }; + DC1787091D778FA900B50D50 /* SecCmsMessage.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsMessage.h; sourceTree = ""; }; + DC17870A1D778FA900B50D50 /* SecCmsRecipientInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsRecipientInfo.h; sourceTree = ""; }; + DC17870B1D778FA900B50D50 /* SecCmsSignedData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsSignedData.h; sourceTree = ""; }; + DC17870C1D778FA900B50D50 /* SecCmsSignerInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCmsSignerInfo.h; sourceTree = ""; }; + DC17870D1D778FA900B50D50 /* SecSMIME.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecSMIME.h; sourceTree = ""; }; + DC17870E1D778FA900B50D50 /* tsaSupport.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tsaSupport.h; sourceTree = ""; }; + DC17870F1D778FA900B50D50 /* tsaSupportPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tsaSupportPriv.h; sourceTree = ""; }; + DC1787101D778FA900B50D50 /* tsaTemplates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tsaTemplates.h; sourceTree = ""; }; + DC1787221D778FC900B50D50 /* mdspriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = mdspriv.h; path = OSX/libsecurity_mds/lib/mdspriv.h; sourceTree = ""; }; + DC1787241D778FDE00B50D50 /* SecManifest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecManifest.h; path = OSX/libsecurity_manifest/lib/SecManifest.h; sourceTree = ""; }; + DC1787251D778FDE00B50D50 /* SecureDownloadInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecureDownloadInternal.h; path = OSX/libsecurity_manifest/lib/SecureDownloadInternal.h; sourceTree = ""; }; + DC1787281D77903700B50D50 /* SecAccessPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecAccessPriv.h; path = OSX/libsecurity_keychain/lib/SecAccessPriv.h; sourceTree = ""; }; + DC1787291D77903700B50D50 /* SecCertificateBundle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCertificateBundle.h; path = OSX/libsecurity_keychain/lib/SecCertificateBundle.h; sourceTree = ""; }; + DC17872A1D77903700B50D50 /* SecFDERecoveryAsymmetricCrypto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecFDERecoveryAsymmetricCrypto.h; path = OSX/libsecurity_keychain/lib/SecFDERecoveryAsymmetricCrypto.h; sourceTree = ""; }; + DC17872B1D77903700B50D50 /* SecIdentitySearchPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecIdentitySearchPriv.h; path = OSX/libsecurity_keychain/lib/SecIdentitySearchPriv.h; sourceTree = ""; }; + DC17872C1D77903700B50D50 /* SecKeychainItemExtendedAttributes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecKeychainItemExtendedAttributes.h; path = OSX/libsecurity_keychain/lib/SecKeychainItemExtendedAttributes.h; sourceTree = ""; }; + DC17872D1D77903700B50D50 /* SecKeychainItemPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecKeychainItemPriv.h; path = OSX/libsecurity_keychain/lib/SecKeychainItemPriv.h; sourceTree = ""; }; + DC17872E1D77903700B50D50 /* SecKeychainPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecKeychainPriv.h; path = OSX/libsecurity_keychain/lib/SecKeychainPriv.h; sourceTree = ""; }; + DC17872F1D77903700B50D50 /* SecKeychainSearchPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecKeychainSearchPriv.h; path = OSX/libsecurity_keychain/lib/SecKeychainSearchPriv.h; sourceTree = ""; }; + DC1787301D77903700B50D50 /* SecPassword.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecPassword.h; path = OSX/libsecurity_keychain/lib/SecPassword.h; sourceTree = ""; }; + DC1787311D77903700B50D50 /* SecRandomP.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecRandomP.h; path = OSX/libsecurity_keychain/lib/SecRandomP.h; sourceTree = ""; }; + DC1787321D77903700B50D50 /* SecRecoveryPassword.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecRecoveryPassword.h; path = OSX/libsecurity_keychain/lib/SecRecoveryPassword.h; sourceTree = ""; }; + DC1787331D77903700B50D50 /* SecTrustedApplicationPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTrustedApplicationPriv.h; path = OSX/libsecurity_keychain/lib/SecTrustedApplicationPriv.h; sourceTree = ""; }; + DC1787341D77903700B50D50 /* TrustSettingsSchema.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = TrustSettingsSchema.h; path = OSX/libsecurity_keychain/lib/TrustSettingsSchema.h; sourceTree = ""; }; + DC1787421D77906C00B50D50 /* cssmapplePriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cssmapplePriv.h; path = OSX/libsecurity_cssm/lib/cssmapplePriv.h; sourceTree = ""; }; + DC1787441D7790A500B50D50 /* CSCommonPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CSCommonPriv.h; path = lib/CSCommonPriv.h; sourceTree = ""; }; + DC1787451D7790A500B50D50 /* SecAssessment.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecAssessment.h; path = lib/SecAssessment.h; sourceTree = ""; }; + DC1787461D7790A500B50D50 /* SecCodeHostLib.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCodeHostLib.h; path = lib/SecCodeHostLib.h; sourceTree = ""; }; + DC1787471D7790A500B50D50 /* SecCodePriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCodePriv.h; path = lib/SecCodePriv.h; sourceTree = ""; }; + DC1787481D7790A500B50D50 /* SecCodeSigner.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecCodeSigner.h; path = lib/SecCodeSigner.h; sourceTree = ""; }; + DC1787491D7790A500B50D50 /* SecIntegrity.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecIntegrity.h; path = lib/SecIntegrity.h; sourceTree = ""; }; + DC17874A1D7790A500B50D50 /* SecIntegrityLib.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecIntegrityLib.h; path = lib/SecIntegrityLib.h; sourceTree = ""; }; + DC17874B1D7790A500B50D50 /* SecRequirementPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecRequirementPriv.h; path = lib/SecRequirementPriv.h; sourceTree = ""; }; + DC17874C1D7790A500B50D50 /* SecStaticCodePriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecStaticCodePriv.h; path = lib/SecStaticCodePriv.h; sourceTree = ""; }; + DC17874D1D7790A500B50D50 /* SecTaskPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTaskPriv.h; path = lib/SecTaskPriv.h; sourceTree = ""; }; + DC1787581D7790B600B50D50 /* CMSPrivate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CMSPrivate.h; path = OSX/libsecurity_cms/lib/CMSPrivate.h; sourceTree = ""; }; + DC17875B1D7790CE00B50D50 /* checkpw.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = checkpw.h; path = OSX/libsecurity_checkpw/lib/checkpw.h; sourceTree = ""; }; + DC17875D1D7790E500B50D50 /* AuthorizationPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AuthorizationPriv.h; path = OSX/libsecurity_authorization/lib/AuthorizationPriv.h; sourceTree = ""; }; + DC17875E1D7790E500B50D50 /* AuthorizationTagsPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AuthorizationTagsPriv.h; path = OSX/libsecurity_authorization/lib/AuthorizationTagsPriv.h; sourceTree = ""; }; + DC1787611D77911D00B50D50 /* asn1Templates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = asn1Templates.h; path = OSX/libsecurity_asn1/lib/asn1Templates.h; sourceTree = ""; }; + DC1787621D77911D00B50D50 /* certExtensionTemplates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = certExtensionTemplates.h; path = OSX/libsecurity_asn1/lib/certExtensionTemplates.h; sourceTree = ""; }; + DC1787631D77911D00B50D50 /* csrTemplates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = csrTemplates.h; path = OSX/libsecurity_asn1/lib/csrTemplates.h; sourceTree = ""; }; + DC1787641D77911D00B50D50 /* keyTemplates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = keyTemplates.h; path = OSX/libsecurity_asn1/lib/keyTemplates.h; sourceTree = ""; }; + DC1787651D77911D00B50D50 /* nameTemplates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = nameTemplates.h; path = OSX/libsecurity_asn1/lib/nameTemplates.h; sourceTree = ""; }; + DC1787661D77911D00B50D50 /* ocspTemplates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ocspTemplates.h; path = OSX/libsecurity_asn1/lib/ocspTemplates.h; sourceTree = ""; }; + DC1787671D77911D00B50D50 /* osKeyTemplates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = osKeyTemplates.h; path = OSX/libsecurity_asn1/lib/osKeyTemplates.h; sourceTree = ""; }; + DC1787681D77911D00B50D50 /* secasn1t.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = secasn1t.h; path = OSX/libsecurity_asn1/lib/secasn1t.h; sourceTree = ""; }; + DC1787691D77911D00B50D50 /* X509Templates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = X509Templates.h; path = OSX/libsecurity_asn1/lib/X509Templates.h; sourceTree = ""; }; + DC1787731D77915500B50D50 /* SecBreadcrumb.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecBreadcrumb.h; path = OSX/Breadcrumb/SecBreadcrumb.h; sourceTree = SOURCE_ROOT; }; + DC1789041D77980500B50D50 /* Security.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Security.framework; sourceTree = BUILT_PRODUCTS_DIR; }; + DC1789121D7798B300B50D50 /* libDiagnosticMessagesClient.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libDiagnosticMessagesClient.dylib; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/usr/lib/libDiagnosticMessagesClient.dylib; sourceTree = DEVELOPER_DIR; }; + DC1789141D77997F00B50D50 /* libOpenScriptingUtil.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libOpenScriptingUtil.dylib; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/usr/lib/libOpenScriptingUtil.dylib; sourceTree = DEVELOPER_DIR; }; + DC1789161D77998700B50D50 /* libauto.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libauto.dylib; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/usr/lib/libauto.dylib; sourceTree = DEVELOPER_DIR; }; + DC1789181D77998C00B50D50 /* libbsm.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libbsm.dylib; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/usr/lib/libbsm.dylib; sourceTree = DEVELOPER_DIR; }; + DC17891A1D77999200B50D50 /* libobjc.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libobjc.dylib; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/usr/lib/libobjc.dylib; sourceTree = DEVELOPER_DIR; }; + DC17891C1D77999700B50D50 /* libpam.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libpam.dylib; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/usr/lib/libpam.dylib; sourceTree = DEVELOPER_DIR; }; + DC17891E1D77999D00B50D50 /* libsqlite3.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libsqlite3.dylib; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/usr/lib/libsqlite3.dylib; sourceTree = DEVELOPER_DIR; }; + DC1789201D7799A100B50D50 /* libxar.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libxar.dylib; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/usr/lib/libxar.dylib; sourceTree = DEVELOPER_DIR; }; + DC1789221D7799A600B50D50 /* libz.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libz.dylib; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/usr/lib/libz.dylib; sourceTree = DEVELOPER_DIR; }; + DC1789241D7799CD00B50D50 /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/CoreFoundation.framework; sourceTree = DEVELOPER_DIR; }; + DC1789261D7799D300B50D50 /* IOKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = IOKit.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/IOKit.framework; sourceTree = DEVELOPER_DIR; }; + DC1789A01D779DEE00B50D50 /* SecBreadcrumb.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = SecBreadcrumb.c; path = OSX/Breadcrumb/SecBreadcrumb.c; sourceTree = ""; }; + DC1789A41D779E3B00B50D50 /* dummy.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = dummy.cpp; path = OSX/lib/dummy.cpp; sourceTree = ""; }; + DC178A0E1D77A1E700B50D50 /* cssm.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = cssm.mdsinfo; path = OSX/libsecurity_cssm/mds/cssm.mdsinfo; sourceTree = ""; }; + DC178A0F1D77A1E700B50D50 /* csp_capabilities.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = csp_capabilities.mdsinfo; path = OSX/libsecurity_apple_csp/mds/csp_capabilities.mdsinfo; sourceTree = ""; }; + DC178A101D77A1E700B50D50 /* csp_capabilities_common.mds */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = csp_capabilities_common.mds; path = OSX/libsecurity_apple_csp/mds/csp_capabilities_common.mds; sourceTree = ""; }; + DC178A111D77A1E700B50D50 /* csp_common.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = csp_common.mdsinfo; path = OSX/libsecurity_apple_csp/mds/csp_common.mdsinfo; sourceTree = ""; }; + DC178A121D77A1E700B50D50 /* csp_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = csp_primary.mdsinfo; path = OSX/libsecurity_apple_csp/mds/csp_primary.mdsinfo; sourceTree = ""; }; + DC178A131D77A1E700B50D50 /* cspdl_common.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = cspdl_common.mdsinfo; path = OSX/libsecurity_apple_cspdl/mds/cspdl_common.mdsinfo; sourceTree = ""; }; + DC178A141D77A1E700B50D50 /* cspdl_csp_capabilities.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = cspdl_csp_capabilities.mdsinfo; path = OSX/libsecurity_apple_cspdl/mds/cspdl_csp_capabilities.mdsinfo; sourceTree = ""; }; + DC178A151D77A1E700B50D50 /* cspdl_csp_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = cspdl_csp_primary.mdsinfo; path = OSX/libsecurity_apple_cspdl/mds/cspdl_csp_primary.mdsinfo; sourceTree = ""; }; + DC178A161D77A1E700B50D50 /* cspdl_dl_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = cspdl_dl_primary.mdsinfo; path = OSX/libsecurity_apple_cspdl/mds/cspdl_dl_primary.mdsinfo; sourceTree = ""; }; + DC178A171D77A1E700B50D50 /* dl_common.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = dl_common.mdsinfo; path = OSX/libsecurity_apple_file_dl/mds/dl_common.mdsinfo; sourceTree = ""; }; + DC178A181D77A1E700B50D50 /* dl_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = dl_primary.mdsinfo; path = OSX/libsecurity_apple_file_dl/mds/dl_primary.mdsinfo; sourceTree = ""; }; + DC178A191D77A1E700B50D50 /* cl_common.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = cl_common.mdsinfo; path = OSX/libsecurity_apple_x509_cl/mds/cl_common.mdsinfo; sourceTree = ""; }; + DC178A1A1D77A1E700B50D50 /* cl_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = cl_primary.mdsinfo; path = OSX/libsecurity_apple_x509_cl/mds/cl_primary.mdsinfo; sourceTree = ""; }; + DC178A1B1D77A1E700B50D50 /* tp_common.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = tp_common.mdsinfo; path = OSX/libsecurity_apple_x509_tp/mds/tp_common.mdsinfo; sourceTree = ""; }; + DC178A1C1D77A1E700B50D50 /* tp_policyOids.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = tp_policyOids.mdsinfo; path = OSX/libsecurity_apple_x509_tp/mds/tp_policyOids.mdsinfo; sourceTree = ""; }; + DC178A1D1D77A1E700B50D50 /* tp_primary.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = tp_primary.mdsinfo; path = OSX/libsecurity_apple_x509_tp/mds/tp_primary.mdsinfo; sourceTree = ""; }; + DC178A1E1D77A1E700B50D50 /* sd_cspdl_common.mdsinfo */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = sd_cspdl_common.mdsinfo; path = OSX/libsecurity_sd_cspdl/mds/sd_cspdl_common.mdsinfo; sourceTree = ""; }; + DC178A301D77A1F500B50D50 /* iToolsTrustedApps.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = iToolsTrustedApps.plist; path = OSX/libsecurity_keychain/plist/iToolsTrustedApps.plist; sourceTree = ""; }; + DC178A311D77A1F500B50D50 /* FDEPrefs.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = FDEPrefs.plist; path = OSX/lib/FDEPrefs.plist; sourceTree = ""; }; + DC178A321D77A1F500B50D50 /* SecDebugErrorMessages.strings */ = {isa = PBXFileReference; fileEncoding = 10; lastKnownFileType = text.plist.strings; name = SecDebugErrorMessages.strings; path = derived_src/SecDebugErrorMessages.strings; sourceTree = BUILT_PRODUCTS_DIR; }; + DC178A341D77A1F500B50D50 /* SecErrorMessages.strings */ = {isa = PBXFileReference; fileEncoding = 10; lastKnownFileType = text.plist.strings; name = SecErrorMessages.strings; path = derived_src/en.lproj/SecErrorMessages.strings; sourceTree = BUILT_PRODUCTS_DIR; }; + DC178A351D77A1F500B50D50 /* framework.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = framework.sb; path = OSX/lib/framework.sb; sourceTree = ""; }; + DC178A391D77A1F500B50D50 /* en */ = {isa = PBXFileReference; fileEncoding = 10; lastKnownFileType = text.plist.strings; name = en; path = OSX/lib/en.lproj/InfoPlist.strings; sourceTree = ""; }; + DC178A3A1D77A1F500B50D50 /* TimeStampingPrefs.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = TimeStampingPrefs.plist; path = OSX/lib/TimeStampingPrefs.plist; sourceTree = ""; }; + DC178A3C1D77A1F500B50D50 /* en */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = en; path = "OSX/lib/en.lproj/authorization.dfr.prompts-BBBAA77A32-C4EBFEA440.strings"; sourceTree = ""; }; + DC178A3E1D77A1F500B50D50 /* en */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = en; path = OSX/lib/en.lproj/authorization.buttons.strings; sourceTree = ""; }; + DC178A401D77A1F500B50D50 /* en */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = en; path = OSX/lib/en.lproj/authorization.prompts.strings; sourceTree = ""; }; + DC178BB11D77A5F500B50D50 /* security_framework_macos.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; name = security_framework_macos.xcconfig; path = OSX/config/security_framework_macos.xcconfig; sourceTree = ""; }; + DC24B5581DA326B900330B48 /* agent.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = agent.h; path = OSX/authd/agent.h; sourceTree = ""; }; + DC24B5591DA326B900330B48 /* authdb.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = authdb.h; path = OSX/authd/authdb.h; sourceTree = ""; }; + DC24B55A1DA326B900330B48 /* authitems.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = authitems.h; path = OSX/authd/authitems.h; sourceTree = ""; }; + DC24B55B1DA326B900330B48 /* authtoken.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = authtoken.h; path = OSX/authd/authtoken.h; sourceTree = ""; }; + DC24B55C1DA326B900330B48 /* authtypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = authtypes.h; path = OSX/authd/authtypes.h; sourceTree = ""; }; + DC24B55D1DA326B900330B48 /* authutilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = authutilities.h; path = OSX/authd/authutilities.h; sourceTree = ""; }; + DC24B55E1DA326B900330B48 /* ccaudit.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ccaudit.h; path = OSX/authd/ccaudit.h; sourceTree = ""; }; + DC24B55F1DA326B900330B48 /* connection.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = connection.h; path = OSX/authd/connection.h; sourceTree = ""; }; + DC24B5601DA326B900330B48 /* crc.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = crc.h; path = OSX/authd/crc.h; sourceTree = ""; }; + DC24B5611DA326B900330B48 /* credential.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = credential.h; path = OSX/authd/credential.h; sourceTree = ""; }; + DC24B5621DA326B900330B48 /* debugging.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = debugging.h; path = OSX/authd/debugging.h; sourceTree = ""; }; + DC24B5631DA326B900330B48 /* engine.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = engine.h; path = OSX/authd/engine.h; sourceTree = ""; }; + DC24B5641DA326B900330B48 /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = Info.plist; path = OSX/authd/Info.plist; sourceTree = ""; }; + DC24B5651DA326B900330B48 /* mechanism.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = mechanism.h; path = OSX/authd/mechanism.h; sourceTree = ""; }; + DC24B5661DA326B900330B48 /* object.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = object.h; path = OSX/authd/object.h; sourceTree = ""; }; + DC24B5671DA326B900330B48 /* process.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = process.h; path = OSX/authd/process.h; sourceTree = ""; }; + DC24B5681DA326B900330B48 /* rule.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = rule.h; path = OSX/authd/rule.h; sourceTree = ""; }; + DC24B5691DA326B900330B48 /* server.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = server.h; path = OSX/authd/server.h; sourceTree = ""; }; + DC24B56A1DA326B900330B48 /* session.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = session.h; path = OSX/authd/session.h; sourceTree = ""; }; + DC24B5701DA3274000330B48 /* breadcrumb_regressions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = breadcrumb_regressions.h; path = OSX/Breadcrumb/breadcrumb_regressions.h; sourceTree = ""; }; + DC24B5711DA327A800330B48 /* KDAppDelegate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = KDAppDelegate.h; path = OSX/Keychain/KDAppDelegate.h; sourceTree = SOURCE_ROOT; }; + DC24B5721DA327A800330B48 /* KDCirclePeer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = KDCirclePeer.h; path = OSX/Keychain/KDCirclePeer.h; sourceTree = SOURCE_ROOT; }; + DC24B5731DA327A800330B48 /* KDSecCircle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = KDSecCircle.h; path = OSX/Keychain/KDSecCircle.h; sourceTree = SOURCE_ROOT; }; + DC24B5741DA327A800330B48 /* KDSecItems.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = KDSecItems.h; path = OSX/Keychain/KDSecItems.h; sourceTree = SOURCE_ROOT; }; + DC24B5751DA327A800330B48 /* Keychain-Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = "Keychain-Info.plist"; path = "OSX/Keychain/Keychain-Info.plist"; sourceTree = SOURCE_ROOT; }; + DC24B5761DA327A800330B48 /* Keychain-Prefix.pch */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = "Keychain-Prefix.pch"; path = "OSX/Keychain/Keychain-Prefix.pch"; sourceTree = SOURCE_ROOT; }; + DC24B5771DA3280D00330B48 /* entitlments.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = entitlments.plist; sourceTree = ""; }; + DC24B5781DA3280D00330B48 /* Keychain Circle Notification-Prefix.pch */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "Keychain Circle Notification-Prefix.pch"; sourceTree = ""; }; + DC24B5791DA3280D00330B48 /* KNAppDelegate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KNAppDelegate.h; sourceTree = ""; }; + DC24B57A1DA3280D00330B48 /* KNPersistentState.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KNPersistentState.h; sourceTree = ""; }; + DC24B57B1DA3280D00330B48 /* NSArray+mapWithBlock.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSArray+mapWithBlock.h"; sourceTree = ""; }; + DC24B57C1DA3280D00330B48 /* NSDictionary+compactDescription.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSDictionary+compactDescription.h"; sourceTree = ""; }; + DC24B57D1DA3280D00330B48 /* NSSet+compactDescription.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSSet+compactDescription.h"; sourceTree = ""; }; + DC24B57E1DA3280D00330B48 /* NSString+compactDescription.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSString+compactDescription.h"; sourceTree = ""; }; + DC24B57F1DA3283800330B48 /* Keychain Circle Notification-Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "Keychain Circle Notification-Info.plist"; sourceTree = ""; }; + DC24B5801DA3286D00330B48 /* Security.order */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = Security.order; path = OSX/lib/Security.order; sourceTree = ""; }; + DC24B5811DA420D700330B48 /* SOSEnginePriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSEnginePriv.h; sourceTree = ""; }; + DC24B5821DA420D700330B48 /* SOSPersist.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSPersist.h; sourceTree = ""; }; + DC24B5831DA422BE00330B48 /* base.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; name = base.xcconfig; path = OSX/config/base.xcconfig; sourceTree = ""; }; + DC24B5841DA432C600330B48 /* IDSKeychainSyncingProxy.1 */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.man; name = IDSKeychainSyncingProxy.1; path = OSX/sec/IDSKeychainSyncingProxy/IDSKeychainSyncingProxy.1; sourceTree = SOURCE_ROOT; }; + DC24B5851DA432E900330B48 /* CloudKeychainProxy.1 */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.man; name = CloudKeychainProxy.1; path = OSX/sec/CloudKeychainProxy/CloudKeychainProxy.1; sourceTree = ""; }; + DC3A4B581D91E9FB00E46D4A /* com.apple.CodeSigningHelper.xpc */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = com.apple.CodeSigningHelper.xpc; sourceTree = BUILT_PRODUCTS_DIR; }; + DC3A4B5F1D91EAC500E46D4A /* CodeSigningHelper-Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "CodeSigningHelper-Info.plist"; sourceTree = ""; }; + DC3A4B601D91EAC500E46D4A /* com.apple.CodeSigningHelper.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = com.apple.CodeSigningHelper.sb; sourceTree = ""; }; + DC3A4B621D91EAC500E46D4A /* main.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = main.cpp; sourceTree = ""; }; + DC52E7C21D80BC8000B0A59C /* libsecurityd_ios.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecurityd_ios.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC52E8BA1D80C1EB00B0A59C /* libsecipc_client.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecipc_client.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC52E8C61D80C25800B0A59C /* libSecureObjectSync.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libSecureObjectSync.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC52EA4C1D80CB7000B0A59C /* libSecurityTool.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libSecurityTool.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC52EA8E1D80CC2A00B0A59C /* builtin_commands.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = builtin_commands.h; sourceTree = ""; }; + DC52EA8F1D80CC2A00B0A59C /* digest_calc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = digest_calc.c; sourceTree = ""; }; + DC52EA901D80CC2A00B0A59C /* entitlements.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = entitlements.plist; sourceTree = ""; }; + DC52EA911D80CC2A00B0A59C /* whoami.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = whoami.m; sourceTree = ""; }; + DC52EA921D80CC2A00B0A59C /* syncbubble.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = syncbubble.m; sourceTree = ""; }; + DC52EA931D80CC2A00B0A59C /* leaks.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = leaks.c; sourceTree = ""; }; + DC52EA941D80CC2A00B0A59C /* leaks.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = leaks.h; sourceTree = ""; }; + DC52EA951D80CC2A00B0A59C /* print_cert.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = print_cert.c; sourceTree = ""; }; + DC52EA961D80CC2A00B0A59C /* print_cert.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = print_cert.h; sourceTree = ""; }; + DC52EA971D80CC2A00B0A59C /* security.1 */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.man; path = security.1; sourceTree = ""; }; + DC52EA981D80CC2A00B0A59C /* SecurityTool.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecurityTool.c; sourceTree = ""; }; + DC52EA991D80CC2A00B0A59C /* SecurityTool.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecurityTool.h; sourceTree = ""; }; + DC52EA9A1D80CC2A00B0A59C /* tool_errors.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tool_errors.h; sourceTree = ""; }; + DC52EBD51D80CEF100B0A59C /* libSecurityCommands.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libSecurityCommands.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC52EC341D80CFB200B0A59C /* libSOSCommands.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libSOSCommands.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC52EC4D1D80D00800B0A59C /* libSWCAgent.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libSWCAgent.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC52EC5C1D80D05200B0A59C /* liblogging.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = liblogging.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC52EC681D80D0C400B0A59C /* libSOSRegressions.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libSOSRegressions.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC52EC6A1D80D0E300B0A59C /* IDSFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = IDSFoundation.framework; path = System/Library/PrivateFrameworks/IDSFoundation.framework; sourceTree = SDKROOT; }; + DC52EC971D80D1A800B0A59C /* libiOSSecurityRegressions.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libiOSSecurityRegressions.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC52ED9D1D80D4CD00B0A59C /* libiOSsecuritydRegressions.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libiOSsecuritydRegressions.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC52EDB11D80D58400B0A59C /* libsecdRegressions.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libsecdRegressions.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC52EE411D80D6DD00B0A59C /* libSharedRegressions.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libSharedRegressions.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC52EE6E1D80D82600B0A59C /* libSecItemShimOSX.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libSecItemShimOSX.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC58C4231D77BDEA003C25A4 /* csparser.bundle */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = csparser.bundle; sourceTree = BUILT_PRODUCTS_DIR; }; + DC58C43A1D77BED0003C25A4 /* csparser-Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = "csparser-Info.plist"; path = "OSX/lib/plugins/csparser-Info.plist"; sourceTree = ""; }; + DC58C43B1D77BED0003C25A4 /* csparser.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = csparser.cpp; path = OSX/lib/plugins/csparser.cpp; sourceTree = ""; }; + DC58C43C1D77BED0003C25A4 /* csparser.exp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.exports; name = csparser.exp; path = OSX/lib/plugins/csparser.exp; sourceTree = ""; }; + DC58C4411D77BFA4003C25A4 /* security_macos.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; name = security_macos.xcconfig; path = OSX/config/security_macos.xcconfig; sourceTree = ""; }; + DC59E9EC1D91C9DC001BDDF5 /* libDER_not_installed.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libDER_not_installed.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC59E9ED1D91CA0A001BDDF5 /* DER_Keys.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = DER_Keys.c; sourceTree = ""; }; + DC59E9EE1D91CA0A001BDDF5 /* DER_Keys.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DER_Keys.h; sourceTree = ""; }; + DC59E9EF1D91CA0A001BDDF5 /* asn1Types.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = asn1Types.h; sourceTree = ""; }; + DC59E9F01D91CA0A001BDDF5 /* DER_CertCrl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = DER_CertCrl.c; sourceTree = ""; }; + DC59E9F11D91CA0A001BDDF5 /* DER_CertCrl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DER_CertCrl.h; sourceTree = ""; }; + DC59E9F21D91CA0A001BDDF5 /* DER_Decode.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = DER_Decode.c; sourceTree = ""; }; + DC59E9F31D91CA0A001BDDF5 /* DER_Decode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DER_Decode.h; sourceTree = ""; }; + DC59E9F41D91CA0A001BDDF5 /* DER_Encode.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = DER_Encode.c; sourceTree = ""; }; + DC59E9F51D91CA0A001BDDF5 /* DER_Encode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DER_Encode.h; sourceTree = ""; }; + DC59E9F61D91CA0A001BDDF5 /* libDER_config.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = libDER_config.h; sourceTree = ""; }; + DC59E9F71D91CA0A001BDDF5 /* libDER.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = libDER.h; sourceTree = ""; }; + DC59E9F81D91CA0A001BDDF5 /* DER_Digest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DER_Digest.h; sourceTree = ""; }; + DC59E9F91D91CA0A001BDDF5 /* DER_Digest.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = DER_Digest.c; sourceTree = ""; }; + DC59E9FA1D91CA0A001BDDF5 /* oids.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = oids.c; sourceTree = ""; }; + DC59E9FC1D91CA0A001BDDF5 /* oidsPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = oidsPriv.h; sourceTree = ""; }; + DC59EA251D91CA15001BDDF5 /* libDERUtils.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libDERUtils.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC59EA261D91CA2C001BDDF5 /* libDERUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = libDERUtils.h; sourceTree = ""; }; + DC59EA271D91CA2C001BDDF5 /* libDERUtils.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = libDERUtils.c; sourceTree = ""; }; + DC59EA281D91CA2C001BDDF5 /* fileIo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = fileIo.c; sourceTree = ""; }; + DC59EA291D91CA2C001BDDF5 /* fileIo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = fileIo.h; sourceTree = ""; }; + DC59EA2A1D91CA2C001BDDF5 /* printFields.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = printFields.h; sourceTree = ""; }; + DC59EA2B1D91CA2C001BDDF5 /* printFields.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = printFields.c; sourceTree = ""; }; + DC59EA371D91CA82001BDDF5 /* parseCert */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = parseCert; sourceTree = BUILT_PRODUCTS_DIR; }; + DC59EA451D91CACE001BDDF5 /* AppleMobilePersonalizedTicket.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AppleMobilePersonalizedTicket.h; sourceTree = ""; }; + DC59EA461D91CACE001BDDF5 /* DER_Ticket.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = DER_Ticket.c; sourceTree = ""; }; + DC59EA471D91CACE001BDDF5 /* DER_Ticket.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DER_Ticket.h; sourceTree = ""; }; + DC59EA481D91CACE001BDDF5 /* parseTicket.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = parseTicket.c; sourceTree = ""; }; + DC59EA491D91CACE001BDDF5 /* parseCert.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = parseCert.c; sourceTree = ""; }; + DC59EA4A1D91CACE001BDDF5 /* parseCrl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = parseCrl.c; sourceTree = ""; }; + DC59EA601D91CAF0001BDDF5 /* parseCrl */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = parseCrl; sourceTree = BUILT_PRODUCTS_DIR; }; + DC59EA701D91CB9F001BDDF5 /* parseTicket */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = parseTicket; sourceTree = BUILT_PRODUCTS_DIR; }; + DC59EA731D91CBD0001BDDF5 /* libcrypto.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libcrypto.dylib; path = usr/lib/libcrypto.dylib; sourceTree = SDKROOT; }; + DC5ABD781D832D5800CF422C /* srCdsaUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = srCdsaUtils.cpp; sourceTree = ""; }; + DC5ABD791D832D5800CF422C /* srCdsaUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = srCdsaUtils.h; sourceTree = ""; }; + DC5ABD7A1D832D5800CF422C /* createFVMaster.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = createFVMaster.c; sourceTree = ""; }; + DC5ABD7B1D832D5800CF422C /* createFVMaster.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = createFVMaster.h; sourceTree = ""; }; + DC5ABD7C1D832D5800CF422C /* mds_install.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = mds_install.h; sourceTree = ""; }; + DC5ABD7D1D832D5800CF422C /* mds_install.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = mds_install.cpp; sourceTree = ""; }; + DC5ABD7E1D832D5800CF422C /* cmsutil.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = cmsutil.c; sourceTree = ""; }; + DC5ABD7F1D832D5800CF422C /* cmsutil.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cmsutil.h; sourceTree = ""; }; + DC5ABD801D832D5800CF422C /* db_commands.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = db_commands.cpp; sourceTree = ""; }; + DC5ABD811D832D5800CF422C /* db_commands.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = db_commands.h; sourceTree = ""; }; + DC5ABD821D832D5800CF422C /* display_error_code.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = display_error_code.c; sourceTree = ""; }; + DC5ABD831D832D5800CF422C /* display_error_code.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = display_error_code.h; sourceTree = ""; }; + DC5ABD841D832D5800CF422C /* trusted_cert_dump.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = trusted_cert_dump.c; sourceTree = ""; }; + DC5ABD851D832D5800CF422C /* trusted_cert_dump.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = trusted_cert_dump.h; sourceTree = ""; }; + DC5ABD861D832D5800CF422C /* identity_find.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = identity_find.c; sourceTree = ""; }; + DC5ABD871D832D5800CF422C /* identity_find.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = identity_find.h; sourceTree = ""; }; + DC5ABD881D832D5800CF422C /* identity_prefs.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = identity_prefs.c; sourceTree = ""; }; + DC5ABD891D832D5800CF422C /* identity_prefs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = identity_prefs.h; sourceTree = ""; }; + DC5ABD8A1D832D5800CF422C /* key_create.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = key_create.c; sourceTree = ""; }; + DC5ABD8B1D832D5800CF422C /* key_create.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = key_create.h; sourceTree = ""; }; + DC5ABD8C1D832D5800CF422C /* keychain_add.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_add.c; sourceTree = ""; }; + DC5ABD8D1D832D5800CF422C /* keychain_add.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychain_add.h; sourceTree = ""; }; + DC5ABD8E1D832D5800CF422C /* keychain_create.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_create.c; sourceTree = ""; }; + DC5ABD8F1D832D5800CF422C /* keychain_create.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychain_create.h; sourceTree = ""; }; + DC5ABD901D832D5800CF422C /* keychain_delete.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_delete.c; sourceTree = ""; }; + DC5ABD911D832D5800CF422C /* keychain_delete.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychain_delete.h; sourceTree = ""; }; + DC5ABD921D832D5800CF422C /* keychain_export.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = keychain_export.c; sourceTree = ""; }; + DC5ABD931D832D5800CF422C /* keychain_export.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = keychain_export.h; sourceTree = ""; }; + DC5ABD941D832D5800CF422C /* keychain_find.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_find.c; sourceTree = ""; }; + DC5ABD951D832D5800CF422C /* keychain_find.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychain_find.h; sourceTree = ""; }; + DC5ABD961D832D5800CF422C /* keychain_import.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_import.c; sourceTree = ""; }; + DC5ABD971D832D5800CF422C /* keychain_import.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = keychain_import.h; sourceTree = ""; }; + DC5ABD981D832D5800CF422C /* keychain_list.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_list.c; sourceTree = ""; }; + DC5ABD991D832D5800CF422C /* keychain_list.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychain_list.h; sourceTree = ""; }; + DC5ABD9A1D832D5800CF422C /* keychain_lock.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_lock.c; sourceTree = ""; }; + DC5ABD9B1D832D5800CF422C /* keychain_lock.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychain_lock.h; sourceTree = ""; }; + DC5ABD9C1D832D5800CF422C /* keychain_recode.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = keychain_recode.c; sourceTree = ""; }; + DC5ABD9D1D832D5800CF422C /* keychain_recode.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = keychain_recode.h; sourceTree = ""; }; + DC5ABD9E1D832D5800CF422C /* keychain_set_settings.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_set_settings.c; sourceTree = ""; }; + DC5ABD9F1D832D5800CF422C /* keychain_set_settings.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychain_set_settings.h; sourceTree = ""; }; + DC5ABDA01D832D5800CF422C /* keychain_show_info.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = keychain_show_info.c; sourceTree = ""; }; + DC5ABDA11D832D5800CF422C /* keychain_show_info.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = keychain_show_info.h; sourceTree = ""; }; + DC5ABDA21D832D5800CF422C /* keychain_unlock.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = keychain_unlock.c; sourceTree = ""; }; + DC5ABDA31D832D5800CF422C /* keychain_unlock.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = keychain_unlock.h; sourceTree = ""; }; + DC5ABDA41D832D5800CF422C /* keychain_utilities.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_utilities.c; sourceTree = ""; }; + DC5ABDA51D832D5800CF422C /* keychain_utilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychain_utilities.h; sourceTree = ""; }; + DC5ABDA61D832D5800CF422C /* leaks.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = leaks.c; sourceTree = ""; }; + DC5ABDA71D832D5800CF422C /* leaks.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = leaks.h; sourceTree = ""; }; + DC5ABDA81D832D5800CF422C /* readline.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = readline.c; sourceTree = ""; }; + DC5ABDA91D832D5800CF422C /* readline_cssm.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = readline_cssm.h; sourceTree = ""; }; + DC5ABDAA1D832D5800CF422C /* security.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = security.c; sourceTree = ""; }; + DC5ABDAB1D832D5800CF422C /* security_tool.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = security_tool.h; sourceTree = ""; }; + DC5ABDAC1D832D5800CF422C /* trusted_cert_add.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = trusted_cert_add.c; sourceTree = ""; }; + DC5ABDAD1D832D5800CF422C /* trusted_cert_add.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = trusted_cert_add.h; sourceTree = ""; }; + DC5ABDAE1D832D5800CF422C /* trusted_cert_utils.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = trusted_cert_utils.c; sourceTree = ""; }; + DC5ABDAF1D832D5800CF422C /* trusted_cert_utils.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = trusted_cert_utils.h; sourceTree = ""; }; + DC5ABDB01D832D5800CF422C /* trust_settings_impexp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = trust_settings_impexp.h; sourceTree = ""; }; + DC5ABDB11D832D5800CF422C /* trust_settings_impexp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = trust_settings_impexp.c; sourceTree = ""; }; + DC5ABDB21D832D5800CF422C /* user_trust_enable.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = user_trust_enable.h; sourceTree = ""; }; + DC5ABDB31D832D5800CF422C /* user_trust_enable.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = user_trust_enable.cpp; sourceTree = ""; }; + DC5ABDB41D832D5800CF422C /* authz.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = authz.h; sourceTree = ""; }; + DC5ABDB51D832D5800CF422C /* authz.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = authz.c; sourceTree = ""; }; + DC5ABDB61D832D5800CF422C /* verify_cert.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = verify_cert.c; sourceTree = ""; }; + DC5ABDB71D832D5800CF422C /* verify_cert.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = verify_cert.h; sourceTree = ""; }; + DC5ABDB81D832D5800CF422C /* access_utils.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = access_utils.c; sourceTree = ""; }; + DC5ABDB91D832D5800CF422C /* access_utils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = access_utils.h; sourceTree = ""; }; + DC5ABDBA1D832D5800CF422C /* smartcards.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = smartcards.h; sourceTree = ""; }; + DC5ABDBB1D832D5800CF422C /* smartcards.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = smartcards.m; sourceTree = ""; }; + DC5ABDBC1D832D5800CF422C /* translocate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = translocate.c; sourceTree = ""; }; + DC5ABDBD1D832D5800CF422C /* translocate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = translocate.h; sourceTree = ""; }; + DC5ABDBF1D832D5D00CF422C /* security.1 */ = {isa = PBXFileReference; lastKnownFileType = text.man; path = security.1; sourceTree = ""; }; + DC5ABDC51D832DAB00CF422C /* security */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = security; sourceTree = BUILT_PRODUCTS_DIR; }; + DC5ABF7A1D83511A00CF422C /* main.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = main.cpp; sourceTree = ""; }; + DC5ABF7B1D83511A00CF422C /* connection.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = connection.h; sourceTree = ""; }; + DC5ABF7C1D83511A00CF422C /* connection.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = connection.cpp; sourceTree = ""; }; + DC5ABF7D1D83511A00CF422C /* database.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = database.h; sourceTree = ""; }; + DC5ABF7E1D83511A00CF422C /* database.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = database.cpp; sourceTree = ""; }; + DC5ABF7F1D83511A00CF422C /* key.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = key.h; sourceTree = ""; }; + DC5ABF801D83511A00CF422C /* key.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = key.cpp; sourceTree = ""; }; + DC5ABF811D83511A00CF422C /* process.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = process.h; sourceTree = ""; }; + DC5ABF821D83511A00CF422C /* process.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = process.cpp; sourceTree = ""; }; + DC5ABF831D83511A00CF422C /* server.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = server.h; sourceTree = ""; }; + DC5ABF841D83511A00CF422C /* server.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = server.cpp; sourceTree = ""; }; + DC5ABF851D83511A00CF422C /* session.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = session.h; sourceTree = ""; }; + DC5ABF861D83511A00CF422C /* session.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = session.cpp; sourceTree = ""; }; + DC5ABF871D83511A00CF422C /* structure.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = structure.h; sourceTree = ""; }; + DC5ABF881D83511A00CF422C /* structure.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = structure.cpp; sourceTree = ""; }; + DC5ABF8A1D83511A00CF422C /* dbcrypto.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = dbcrypto.h; sourceTree = ""; }; + DC5ABF8B1D83511A00CF422C /* dbcrypto.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = dbcrypto.cpp; sourceTree = ""; }; + DC5ABF8D1D83511A00CF422C /* localdatabase.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = localdatabase.h; sourceTree = ""; }; + DC5ABF8E1D83511A00CF422C /* localdatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = localdatabase.cpp; sourceTree = ""; }; + DC5ABF8F1D83511A00CF422C /* localkey.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = localkey.h; sourceTree = ""; }; + DC5ABF901D83511A00CF422C /* localkey.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = localkey.cpp; sourceTree = ""; }; + DC5ABF921D83511A00CF422C /* kcdatabase.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = kcdatabase.h; sourceTree = ""; }; + DC5ABF931D83511A00CF422C /* kcdatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = kcdatabase.cpp; sourceTree = ""; }; + DC5ABF941D83511A00CF422C /* kckey.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = kckey.h; sourceTree = ""; }; + DC5ABF951D83511A00CF422C /* kckey.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = kckey.cpp; sourceTree = ""; }; + DC5ABF971D83511A00CF422C /* tempdatabase.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tempdatabase.h; sourceTree = ""; }; + DC5ABF981D83511A00CF422C /* tempdatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tempdatabase.cpp; sourceTree = ""; }; + DC5ABF9A1D83511A00CF422C /* tokendatabase.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tokendatabase.h; sourceTree = ""; }; + DC5ABF9B1D83511A00CF422C /* tokendatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tokendatabase.cpp; sourceTree = ""; }; + DC5ABF9C1D83511A00CF422C /* tokenkey.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tokenkey.h; sourceTree = ""; }; + DC5ABF9D1D83511A00CF422C /* tokenkey.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tokenkey.cpp; sourceTree = ""; }; + DC5ABF9E1D83511A00CF422C /* tokenaccess.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tokenaccess.h; sourceTree = ""; }; + DC5ABF9F1D83511A00CF422C /* tokenaccess.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tokenaccess.cpp; sourceTree = ""; }; + DC5ABFA21D83511A00CF422C /* pcscmonitor.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = pcscmonitor.h; sourceTree = ""; }; + DC5ABFA31D83511A00CF422C /* pcscmonitor.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = pcscmonitor.cpp; sourceTree = ""; }; + DC5ABFA41D83511A00CF422C /* reader.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = reader.h; sourceTree = ""; }; + DC5ABFA51D83511A00CF422C /* reader.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = reader.cpp; sourceTree = ""; }; + DC5ABFA61D83511A00CF422C /* token.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = token.h; sourceTree = ""; }; + DC5ABFA71D83511A00CF422C /* token.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = token.cpp; sourceTree = ""; }; + DC5ABFA81D83511A00CF422C /* tokend.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tokend.h; sourceTree = ""; }; + DC5ABFA91D83511A00CF422C /* tokend.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tokend.cpp; sourceTree = ""; }; + DC5ABFAA1D83511A00CF422C /* tokencache.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tokencache.h; sourceTree = ""; }; + DC5ABFAB1D83511A00CF422C /* tokencache.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tokencache.cpp; sourceTree = ""; }; + DC5ABFAD1D83511A00CF422C /* transition.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = transition.cpp; sourceTree = ""; }; + DC5ABFAF1D83511A00CF422C /* acls.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = acls.h; sourceTree = ""; }; + DC5ABFB01D83511A00CF422C /* acls.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = acls.cpp; sourceTree = ""; }; + DC5ABFB11D83511A00CF422C /* tokenacl.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tokenacl.h; sourceTree = ""; }; + DC5ABFB21D83511A00CF422C /* tokenacl.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tokenacl.cpp; sourceTree = ""; }; + DC5ABFB31D83511A00CF422C /* acl_keychain.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = acl_keychain.h; sourceTree = ""; }; + DC5ABFB41D83511A00CF422C /* acl_keychain.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = acl_keychain.cpp; sourceTree = ""; }; + DC5ABFB51D83511A00CF422C /* acl_partition.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acl_partition.h; sourceTree = ""; }; + DC5ABFB61D83511A00CF422C /* acl_partition.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = acl_partition.cpp; sourceTree = ""; }; + DC5ABFB81D83511A00CF422C /* authhost.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = authhost.h; sourceTree = ""; }; + DC5ABFB91D83511A00CF422C /* authhost.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = authhost.cpp; sourceTree = ""; }; + DC5ABFBA1D83511A00CF422C /* credential.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = credential.h; sourceTree = ""; }; + DC5ABFBB1D83511A00CF422C /* credential.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = credential.cpp; sourceTree = ""; }; + DC5ABFBD1D83511A00CF422C /* clientid.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = clientid.h; sourceTree = ""; }; + DC5ABFBE1D83511A00CF422C /* clientid.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = clientid.cpp; sourceTree = ""; }; + DC5ABFBF1D83511A00CF422C /* codesigdb.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = codesigdb.h; sourceTree = ""; }; + DC5ABFC01D83511A00CF422C /* codesigdb.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = codesigdb.cpp; sourceTree = ""; }; + DC5ABFC21D83511A00CF422C /* csproxy.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = csproxy.h; sourceTree = ""; }; + DC5ABFC31D83511A00CF422C /* csproxy.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = csproxy.cpp; sourceTree = ""; }; + DC5ABFC51D83511A00CF422C /* agentclient.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = agentclient.h; sourceTree = ""; }; + DC5ABFC61D83511A00CF422C /* agentquery.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = agentquery.h; sourceTree = ""; }; + DC5ABFC71D83511A00CF422C /* agentquery.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = agentquery.cpp; sourceTree = ""; }; + DC5ABFC81D83511A00CF422C /* auditevents.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = auditevents.h; sourceTree = ""; }; + DC5ABFC91D83511A00CF422C /* auditevents.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = auditevents.cpp; sourceTree = ""; }; + DC5ABFCA1D83511A00CF422C /* ccaudit_extensions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ccaudit_extensions.h; sourceTree = ""; }; + DC5ABFCB1D83511A00CF422C /* ccaudit_extensions.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ccaudit_extensions.cpp; sourceTree = ""; }; + DC5ABFCC1D83511A00CF422C /* child.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = child.h; sourceTree = ""; }; + DC5ABFCD1D83511A00CF422C /* child.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = child.cpp; sourceTree = ""; }; + DC5ABFD01D83511A00CF422C /* notifications.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = notifications.h; sourceTree = ""; }; + DC5ABFD11D83511A00CF422C /* notifications.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = notifications.cpp; sourceTree = ""; }; + DC5ABFD21D83511A00CF422C /* SharedMemoryServer.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SharedMemoryServer.h; sourceTree = ""; }; + DC5ABFD31D83511A00CF422C /* SharedMemoryServer.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SharedMemoryServer.cpp; sourceTree = ""; }; + DC5ABFD71D83512200CF422C /* self.defs */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.mig; path = self.defs; sourceTree = ""; }; + DC5ABFD91D83512A00CF422C /* securityd_dtrace.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = securityd_dtrace.h; path = derived_src/securityd_dtrace.h; sourceTree = BUILT_PRODUCTS_DIR; }; + DC5ABFDA1D83512A00CF422C /* securityd.d */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.dtrace; name = securityd.d; path = src/securityd.d; sourceTree = ""; }; + DC5ABFDB1D83512A00CF422C /* dtrace.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = dtrace.h; path = src/dtrace.h; sourceTree = ""; }; + DC5ABFDC1D83512A00CF422C /* securityd-watch.d */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.dtrace; name = "securityd-watch.d"; path = "dtrace/securityd-watch.d"; sourceTree = ""; }; + DC5ABFDF1D83513400CF422C /* BLOBFORMAT */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = BLOBFORMAT; sourceTree = ""; }; + DC5ABFE01D83513400CF422C /* securityd.1 */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.man; path = securityd.1; sourceTree = ""; }; + DC5ABFE21D83513C00CF422C /* securityd.order */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = securityd.order; sourceTree = ""; }; + DC5ABFE41D83514700CF422C /* com.apple.securityd.plist */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.plist.xml; name = com.apple.securityd.plist; path = ../etc/com.apple.securityd.plist; sourceTree = ""; }; + DC5AC0501D8352D900CF422C /* securityd */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = securityd; sourceTree = BUILT_PRODUCTS_DIR; }; + DC5AC0AD1D83533400CF422C /* securityd_service.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = securityd_service.xcodeproj; path = securityd/securityd_service/securityd_service.xcodeproj; sourceTree = ""; }; + DC5AC0C31D8353B900CF422C /* System.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = System.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.Internal.sdk/System/Library/Frameworks/System.framework; sourceTree = DEVELOPER_DIR; }; + DC5AC0C61D8353C800CF422C /* PCSC.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = PCSC.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/PCSC.framework; sourceTree = DEVELOPER_DIR; }; + DC5AC0CD1D83542700CF422C /* libsecurity_tokend_client.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurity_tokend_client.a; path = /usr/local/lib/libsecurity_tokend_client.a; sourceTree = ""; }; + DC5AC0FF1D83550300CF422C /* self.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = self.h; path = derived_src/self.h; sourceTree = BUILT_PRODUCTS_DIR; }; + DC5AC1001D83550300CF422C /* selfServer.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = selfServer.cpp; path = derived_src/selfServer.cpp; sourceTree = BUILT_PRODUCTS_DIR; }; + DC5AC1011D83550300CF422C /* selfUser.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = selfUser.cpp; path = derived_src/selfUser.cpp; sourceTree = BUILT_PRODUCTS_DIR; }; + DC610A341D78F129002223DE /* secdtests */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = secdtests; sourceTree = BUILT_PRODUCTS_DIR; }; + DC610A3A1D78F228002223DE /* libACM.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libACM.a; path = usr/local/lib/libACM.a; sourceTree = SDKROOT; }; + DC610A3C1D78F25C002223DE /* libDiagnosticMessagesClient.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libDiagnosticMessagesClient.dylib; path = usr/lib/libDiagnosticMessagesClient.dylib; sourceTree = SDKROOT; }; + DC610A3F1D78F2FF002223DE /* AppleSystemInfo.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AppleSystemInfo.framework; path = System/Library/PrivateFrameworks/AppleSystemInfo.framework; sourceTree = SDKROOT; }; + DC610A471D78F48F002223DE /* SecTaskTest */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = SecTaskTest; sourceTree = BUILT_PRODUCTS_DIR; }; + DC610A4F1D78F715002223DE /* main.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = main.c; path = OSX/codesign_tests/main.c; sourceTree = ""; }; + DC610A5F1D78F9D2002223DE /* codesign_tests */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = codesign_tests; sourceTree = BUILT_PRODUCTS_DIR; }; + DC610A601D78F9F2002223DE /* FatDynamicValidation.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = FatDynamicValidation.c; path = OSX/codesign_tests/FatDynamicValidation.c; sourceTree = ""; }; + DC610A631D78FA54002223DE /* CaspianTests */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; name = CaspianTests; path = OSX/codesign_tests/CaspianTests/CaspianTests; sourceTree = ""; }; + DC610A641D78FA54002223DE /* LocalCaspianTestRun.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; name = LocalCaspianTestRun.sh; path = OSX/codesign_tests/CaspianTests/LocalCaspianTestRun.sh; sourceTree = ""; }; + DC610A671D78FA76002223DE /* teamid.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; name = teamid.sh; path = OSX/codesign_tests/teamid.sh; sourceTree = ""; }; + DC610A681D78FA87002223DE /* validation.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; name = validation.sh; path = OSX/codesign_tests/validation.sh; sourceTree = ""; }; + DC610AB71D7910C3002223DE /* gk_reset_check */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = gk_reset_check; sourceTree = BUILT_PRODUCTS_DIR; }; + DC610AB91D7910F8002223DE /* gk_reset_check.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = gk_reset_check.c; path = OSX/gk_reset_check/gk_reset_check.c; sourceTree = ""; }; + DC65E7BE1D8CBB1500152EF0 /* readline.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = readline.c; path = ../../utilities/SecurityTool/readline.c; sourceTree = ""; }; + DC65E7BF1D8CBB1500152EF0 /* readline.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = readline.h; path = ../../utilities/SecurityTool/readline.h; sourceTree = ""; }; + DC6A82531D87732E00418608 /* SharedMemoryCommon.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = SharedMemoryCommon.h; path = lib/SharedMemoryCommon.h; sourceTree = ""; }; + DC6A82541D87732E00418608 /* handletypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = handletypes.h; path = lib/handletypes.h; sourceTree = ""; }; + DC6A82551D87732E00418608 /* sscommon.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = sscommon.h; path = lib/sscommon.h; sourceTree = ""; }; + DC6A82561D87732E00418608 /* ssblob.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = ssblob.h; path = lib/ssblob.h; sourceTree = ""; }; + DC6A82571D87732E00418608 /* ssblob.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; name = ssblob.cpp; path = lib/ssblob.cpp; sourceTree = ""; }; + DC6A82581D87732E00418608 /* dictionary.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = dictionary.h; path = lib/dictionary.h; sourceTree = ""; }; + DC6A82591D87732E00418608 /* dictionary.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = dictionary.cpp; path = lib/dictionary.cpp; sourceTree = ""; }; + DC6A825A1D87732E00418608 /* sec_xdr.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = sec_xdr.h; path = lib/sec_xdr.h; sourceTree = ""; }; + DC6A825B1D87732E00418608 /* sec_xdr.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = sec_xdr.c; path = lib/sec_xdr.c; sourceTree = ""; }; + DC6A825C1D87732E00418608 /* sec_xdr_array.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = sec_xdr_array.c; path = lib/sec_xdr_array.c; sourceTree = ""; }; + DC6A825D1D87732E00418608 /* sec_xdr_reference.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = sec_xdr_reference.c; path = lib/sec_xdr_reference.c; sourceTree = ""; }; + DC6A825E1D87732E00418608 /* sec_xdrmem.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = sec_xdrmem.c; path = lib/sec_xdrmem.c; sourceTree = ""; }; + DC6A825F1D87732E00418608 /* sec_xdr_sizeof.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = sec_xdr_sizeof.c; path = lib/sec_xdr_sizeof.c; sourceTree = ""; }; + DC6A82601D87732E00418608 /* xdr_auth.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = xdr_auth.h; path = lib/xdr_auth.h; sourceTree = ""; }; + DC6A82611D87732E00418608 /* xdr_auth.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = xdr_auth.c; path = lib/xdr_auth.c; sourceTree = ""; }; + DC6A82621D87732E00418608 /* xdr_cssm.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = xdr_cssm.h; path = lib/xdr_cssm.h; sourceTree = ""; }; + DC6A82631D87732E00418608 /* xdr_cssm.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = xdr_cssm.c; path = lib/xdr_cssm.c; sourceTree = ""; }; + DC6A82641D87732E00418608 /* xdr_dldb.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = xdr_dldb.h; path = lib/xdr_dldb.h; sourceTree = ""; }; + DC6A82651D87732E00418608 /* xdr_dldb.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = xdr_dldb.cpp; path = lib/xdr_dldb.cpp; sourceTree = ""; }; + DC6A82681D87732E00418608 /* SharedMemoryClient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = SharedMemoryClient.cpp; path = lib/SharedMemoryClient.cpp; sourceTree = ""; }; + DC6A82691D87732E00418608 /* SharedMemoryClient.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = SharedMemoryClient.h; path = lib/SharedMemoryClient.h; sourceTree = ""; }; + DC6A826A1D87732E00418608 /* eventlistener.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; name = eventlistener.cpp; path = lib/eventlistener.cpp; sourceTree = ""; }; + DC6A826B1D87732E00418608 /* eventlistener.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = eventlistener.h; path = lib/eventlistener.h; sourceTree = ""; }; + DC6A826C1D87732E00418608 /* ssclient.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = ssclient.h; path = lib/ssclient.h; sourceTree = ""; }; + DC6A826D1D87732E00418608 /* ssnotify.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = ssnotify.h; path = lib/ssnotify.h; sourceTree = ""; }; + DC6A826E1D87732E00418608 /* ssclient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = ssclient.cpp; path = lib/ssclient.cpp; sourceTree = ""; }; + DC6A826F1D87732E00418608 /* sstransit.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = sstransit.h; path = lib/sstransit.h; sourceTree = ""; }; + DC6A82701D87732E00418608 /* sstransit.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = sstransit.cpp; path = lib/sstransit.cpp; sourceTree = ""; }; + DC6A82711D87732E00418608 /* transition.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = transition.cpp; path = lib/transition.cpp; sourceTree = ""; }; + DC6A82731D87732E00418608 /* ss_types.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = ss_types.h; path = lib/ss_types.h; sourceTree = ""; }; + DC6A82741D87732E00418608 /* ucsp_types.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = ucsp_types.h; path = lib/ucsp_types.h; sourceTree = ""; }; + DC6A82771D87733C00418608 /* ss_types.defs */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.mig; path = ss_types.defs; sourceTree = ""; }; + DC6A82781D87733C00418608 /* ucsp.defs */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.mig; path = ucsp.defs; sourceTree = ""; }; + DC6A82791D87733C00418608 /* ucspNotify.defs */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.mig; path = ucspNotify.defs; sourceTree = ""; }; + DC6A827A1D87733C00418608 /* cshosting.defs */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.mig; path = cshosting.defs; sourceTree = ""; }; + DC6A827D1D87734600418608 /* ucsp.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = ucsp.h; path = derived_src/securityd_client/ucsp.h; sourceTree = BUILT_PRODUCTS_DIR; }; + DC6A827E1D87734600418608 /* ucspNotify.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = ucspNotify.h; path = derived_src/securityd_client/ucspNotify.h; sourceTree = BUILT_PRODUCTS_DIR; }; + DC6A827F1D87734600418608 /* ucspClient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = ucspClient.cpp; path = derived_src/securityd_client/ucspClient.cpp; sourceTree = BUILT_PRODUCTS_DIR; }; + DC6A82801D87734600418608 /* ucspClientC.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = ucspClientC.c; path = derived_src/securityd_client/ucspClientC.c; sourceTree = BUILT_PRODUCTS_DIR; }; + DC6A82811D87734600418608 /* ucspServer.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = ucspServer.cpp; path = derived_src/securityd_client/ucspServer.cpp; sourceTree = BUILT_PRODUCTS_DIR; }; + DC6A82821D87734600418608 /* ucspNotifySender.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = ucspNotifySender.cpp; path = derived_src/securityd_client/ucspNotifySender.cpp; sourceTree = BUILT_PRODUCTS_DIR; }; + DC6A82831D87734600418608 /* ucspNotifyReceiver.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = ucspNotifyReceiver.cpp; path = derived_src/securityd_client/ucspNotifyReceiver.cpp; sourceTree = BUILT_PRODUCTS_DIR; }; + DC6A82841D87734600418608 /* cshosting.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = cshosting.h; path = derived_src/securityd_client/cshosting.h; sourceTree = BUILT_PRODUCTS_DIR; }; + DC6A82851D87734600418608 /* cshostingClient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = cshostingClient.cpp; path = derived_src/securityd_client/cshostingClient.cpp; sourceTree = BUILT_PRODUCTS_DIR; }; + DC6A82861D87734600418608 /* cshostingServer.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = cshostingServer.cpp; path = derived_src/securityd_client/cshostingServer.cpp; sourceTree = BUILT_PRODUCTS_DIR; }; + DC6A82921D87749900418608 /* libsecurityd_client.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurityd_client.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC71D8DD1D94CF3C0065FB93 /* lib_ios_debug_shim.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; name = lib_ios_debug_shim.xcconfig; path = xcconfig/lib_ios_debug_shim.xcconfig; sourceTree = ""; }; + DC71D8DE1D94CF6A0065FB93 /* lib_ios_release_shim.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; name = lib_ios_release_shim.xcconfig; path = xcconfig/lib_ios_release_shim.xcconfig; sourceTree = ""; }; + DC71D9DF1D95BA6C0065FB93 /* libASN1.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libASN1.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC71D9FB1D95BB0A0065FB93 /* libDER.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libDER.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC8834081D8A218F00CE0ACA /* libASN1_not_installed.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libASN1_not_installed.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DC88340A1D8A21AA00CE0ACA /* SecAsn1Coder.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecAsn1Coder.c; sourceTree = ""; }; + DC88340C1D8A21AA00CE0ACA /* SecAsn1Templates.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecAsn1Templates.c; sourceTree = ""; }; + DC88340F1D8A21AA00CE0ACA /* certExtensionTemplates.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = certExtensionTemplates.c; sourceTree = ""; }; + DC8834111D8A21AA00CE0ACA /* csrTemplates.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = csrTemplates.c; sourceTree = ""; }; + DC8834131D8A21AA00CE0ACA /* keyTemplates.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keyTemplates.c; sourceTree = ""; }; + DC8834151D8A21AA00CE0ACA /* nameTemplates.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = nameTemplates.c; sourceTree = ""; }; + DC8834171D8A21AA00CE0ACA /* pkcs7Templates.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = pkcs7Templates.c; sourceTree = ""; }; + DC8834181D8A21AA00CE0ACA /* pkcs7Templates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs7Templates.h; sourceTree = ""; }; + DC8834191D8A21AA00CE0ACA /* pkcs12Templates.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = pkcs12Templates.c; sourceTree = ""; }; + DC88341A1D8A21AA00CE0ACA /* pkcs12Templates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs12Templates.h; sourceTree = ""; }; + DC88341B1D8A21AA00CE0ACA /* nsprPortX.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = nsprPortX.c; sourceTree = ""; }; + DC88341C1D8A21AA00CE0ACA /* nssilckt.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = nssilckt.h; sourceTree = ""; }; + DC88341D1D8A21AA00CE0ACA /* nssilock.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = nssilock.h; sourceTree = ""; }; + DC88341E1D8A21AA00CE0ACA /* nsslocks.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = nsslocks.h; sourceTree = ""; }; + DC88341F1D8A21AA00CE0ACA /* nssUtils.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = nssUtils.c; sourceTree = ""; }; + DC8834201D8A21AA00CE0ACA /* nssUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = nssUtils.h; sourceTree = ""; }; + DC8834211D8A21AA00CE0ACA /* ocspTemplates.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ocspTemplates.c; sourceTree = ""; }; + DC8834231D8A21AA00CE0ACA /* plarena.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = plarena.c; sourceTree = ""; }; + DC8834241D8A21AA00CE0ACA /* plarena.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = plarena.h; sourceTree = ""; }; + DC8834251D8A21AA00CE0ACA /* plarenas.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = plarenas.h; sourceTree = ""; }; + DC8834261D8A21AA00CE0ACA /* plstr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = plstr.h; sourceTree = ""; }; + DC8834271D8A21AA00CE0ACA /* prbit.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = prbit.h; sourceTree = ""; }; + DC8834281D8A21AA00CE0ACA /* prcpucfg.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = prcpucfg.h; sourceTree = ""; }; + DC8834291D8A21AA00CE0ACA /* prcvar.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = prcvar.h; sourceTree = ""; }; + DC88342A1D8A21AA00CE0ACA /* prenv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = prenv.h; sourceTree = ""; }; + DC88342B1D8A21AA00CE0ACA /* prerr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = prerr.h; sourceTree = ""; }; + DC88342C1D8A21AA00CE0ACA /* prerror.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = prerror.h; sourceTree = ""; }; + DC88342D1D8A21AA00CE0ACA /* prinit.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = prinit.h; sourceTree = ""; }; + DC88342E1D8A21AA00CE0ACA /* prinrval.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = prinrval.h; sourceTree = ""; }; + DC88342F1D8A21AA00CE0ACA /* prlock.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = prlock.h; sourceTree = ""; }; + DC8834301D8A21AA00CE0ACA /* prlog.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = prlog.h; sourceTree = ""; }; + DC8834311D8A21AA00CE0ACA /* prlong.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = prlong.h; sourceTree = ""; }; + DC8834321D8A21AA00CE0ACA /* prmem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = prmem.h; sourceTree = ""; }; + DC8834331D8A21AA00CE0ACA /* prmon.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = prmon.h; sourceTree = ""; }; + DC8834341D8A21AA00CE0ACA /* protypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = protypes.h; sourceTree = ""; }; + DC8834351D8A21AA00CE0ACA /* prthread.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = prthread.h; sourceTree = ""; }; + DC8834361D8A21AA00CE0ACA /* prtime.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = prtime.h; sourceTree = ""; }; + DC8834371D8A21AA00CE0ACA /* prtypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = prtypes.h; sourceTree = ""; }; + DC8834381D8A21AA00CE0ACA /* prvrsion.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = prvrsion.h; sourceTree = ""; }; + DC8834391D8A21AA00CE0ACA /* secasn1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = secasn1.h; sourceTree = ""; }; + DC88343A1D8A21AA00CE0ACA /* secasn1d.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = secasn1d.c; sourceTree = ""; }; + DC88343B1D8A21AA00CE0ACA /* secasn1e.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = secasn1e.c; sourceTree = ""; }; + DC88343D1D8A21AA00CE0ACA /* secasn1u.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = secasn1u.c; sourceTree = ""; }; + DC88343E1D8A21AA00CE0ACA /* seccomon.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = seccomon.h; sourceTree = ""; }; + DC88343F1D8A21AA00CE0ACA /* secerr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = secerr.h; sourceTree = ""; }; + DC8834401D8A21AA00CE0ACA /* secErrorStr.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = secErrorStr.c; sourceTree = ""; }; + DC8834411D8A21AA00CE0ACA /* SecNssCoder.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecNssCoder.cpp; sourceTree = ""; }; + DC8834421D8A21AA00CE0ACA /* SecNssCoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecNssCoder.h; sourceTree = ""; }; + DC8834431D8A21AA00CE0ACA /* secport.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = secport.c; sourceTree = ""; }; + DC8834441D8A21AA00CE0ACA /* secport.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = secport.h; sourceTree = ""; }; + DC8834451D8A21AA00CE0ACA /* X509Templates.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = X509Templates.c; sourceTree = ""; }; + DC8834471D8A21AA00CE0ACA /* osKeyTemplates.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = osKeyTemplates.c; sourceTree = ""; }; + DC8834491D8A21AA00CE0ACA /* oidsalg.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = oidsalg.c; sourceTree = ""; }; + DC88344B1D8A21AA00CE0ACA /* oidsattr.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = oidsattr.c; sourceTree = ""; }; + DC88344E1D8A21AA00CE0ACA /* oidsocsp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = oidsocsp.c; sourceTree = ""; }; + DC88344F1D8A21AA00CE0ACA /* oidsocsp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = oidsocsp.h; sourceTree = ""; }; + DC8E04901D7F6780006D80EB /* lib_ios.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; name = lib_ios.xcconfig; path = xcconfig/lib_ios.xcconfig; sourceTree = ""; }; + DCB3406D1D8A24DF0054D16E /* libsecurity_authorization.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_authorization.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DCB3406F1D8A24F70054D16E /* Authorization.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = Authorization.c; path = lib/Authorization.c; sourceTree = ""; }; + DCB340761D8A24F70054D16E /* Authorization.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = Authorization.cpp; path = lib/Authorization.cpp; sourceTree = ""; }; + DCB340781D8A24F70054D16E /* privPort.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = privPort.h; path = lib/privPort.h; sourceTree = ""; }; + DCB340791D8A24F70054D16E /* trampolineClient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; name = trampolineClient.cpp; path = lib/trampolineClient.cpp; sourceTree = ""; }; + DCB3407A1D8A24F70054D16E /* trampolineServer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = trampolineServer.cpp; path = lib/trampolineServer.cpp; sourceTree = ""; }; + DCB340951D8A267C0054D16E /* libsecurity_cdsa_client.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_cdsa_client.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DCB340961D8A26AE0054D16E /* aclclient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = aclclient.cpp; sourceTree = ""; }; + DCB340971D8A26AE0054D16E /* aclclient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = aclclient.h; sourceTree = ""; }; + DCB340981D8A26AE0054D16E /* clclient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = clclient.cpp; sourceTree = ""; }; + DCB340991D8A26AE0054D16E /* clclient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = clclient.h; sourceTree = ""; }; + DCB3409A1D8A26AE0054D16E /* cryptoclient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cryptoclient.cpp; sourceTree = ""; }; + DCB3409B1D8A26AE0054D16E /* cryptoclient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cryptoclient.h; sourceTree = ""; }; + DCB3409C1D8A26AE0054D16E /* cspclient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cspclient.cpp; sourceTree = ""; }; + DCB3409D1D8A26AE0054D16E /* cspclient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cspclient.h; sourceTree = ""; }; + DCB3409E1D8A26AE0054D16E /* cssmclient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = cssmclient.cpp; sourceTree = ""; }; + DCB3409F1D8A26AE0054D16E /* cssmclient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmclient.h; sourceTree = ""; }; + DCB340A01D8A26AE0054D16E /* dlclient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = dlclient.cpp; sourceTree = ""; }; + DCB340A11D8A26AE0054D16E /* dlclientpriv.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = dlclientpriv.cpp; sourceTree = ""; }; + DCB340A21D8A26AE0054D16E /* dlclient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dlclient.h; sourceTree = ""; }; + DCB340A31D8A26AE0054D16E /* dliterators.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = dliterators.cpp; sourceTree = ""; }; + DCB340A41D8A26AE0054D16E /* dliterators.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dliterators.h; sourceTree = ""; }; + DCB340A51D8A26AE0054D16E /* dlquery.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = dlquery.cpp; sourceTree = ""; }; + DCB340A61D8A26AE0054D16E /* dlquery.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dlquery.h; sourceTree = ""; }; + DCB340A71D8A26AE0054D16E /* dl_standard.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = dl_standard.cpp; sourceTree = ""; }; + DCB340A81D8A26AE0054D16E /* dl_standard.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dl_standard.h; sourceTree = ""; }; + DCB340A91D8A26AE0054D16E /* DLDBList.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DLDBList.cpp; sourceTree = ""; }; + DCB340AA1D8A26AE0054D16E /* DLDBList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DLDBList.h; sourceTree = ""; }; + DCB340AB1D8A26AE0054D16E /* genkey.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = genkey.cpp; sourceTree = ""; }; + DCB340AC1D8A26AE0054D16E /* genkey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = genkey.h; sourceTree = ""; }; + DCB340AD1D8A26AE0054D16E /* keychainacl.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = keychainacl.cpp; sourceTree = ""; }; + DCB340AE1D8A26AE0054D16E /* keychainacl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychainacl.h; sourceTree = ""; }; + DCB340AF1D8A26AE0054D16E /* keyclient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = keyclient.cpp; sourceTree = ""; }; + DCB340B01D8A26AE0054D16E /* keyclient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keyclient.h; sourceTree = ""; }; + DCB340B11D8A26AE0054D16E /* macclient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = macclient.cpp; sourceTree = ""; }; + DCB340B21D8A26AE0054D16E /* macclient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = macclient.h; sourceTree = ""; }; + DCB340B31D8A26AE0054D16E /* mdsclient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = mdsclient.cpp; sourceTree = ""; }; + DCB340B41D8A26AE0054D16E /* mdsclient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = mdsclient.h; sourceTree = ""; }; + DCB340B51D8A26AE0054D16E /* mds_standard.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = mds_standard.cpp; sourceTree = ""; }; + DCB340B61D8A26AE0054D16E /* mds_standard.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = mds_standard.h; sourceTree = ""; }; + DCB340B71D8A26AE0054D16E /* multidldb.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = multidldb.cpp; sourceTree = ""; }; + DCB340B81D8A26AE0054D16E /* multidldb.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = multidldb.h; sourceTree = ""; }; + DCB340B91D8A26AE0054D16E /* securestorage.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = securestorage.cpp; sourceTree = ""; }; + DCB340BA1D8A26AE0054D16E /* securestorage.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = securestorage.h; sourceTree = ""; }; + DCB340BB1D8A26AE0054D16E /* signclient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = signclient.cpp; sourceTree = ""; }; + DCB340BC1D8A26AE0054D16E /* signclient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = signclient.h; sourceTree = ""; }; + DCB340BD1D8A26AE0054D16E /* tpclient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = tpclient.cpp; sourceTree = ""; }; + DCB340BE1D8A26AE0054D16E /* tpclient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tpclient.h; sourceTree = ""; }; + DCB340BF1D8A26AE0054D16E /* wrapkey.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = wrapkey.cpp; sourceTree = ""; }; + DCB340C01D8A26AE0054D16E /* wrapkey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = wrapkey.h; sourceTree = ""; }; + DCB341371D8A2A010054D16E /* libsecurity_cdsa_plugin.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_cdsa_plugin.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DCB341381D8A2A340054D16E /* ACsession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ACsession.h; sourceTree = ""; }; + DCB341391D8A2A340054D16E /* c++plugin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "c++plugin.h"; sourceTree = ""; }; + DCB3413A1D8A2A340054D16E /* CLsession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CLsession.h; sourceTree = ""; }; + DCB3413B1D8A2A340054D16E /* CSPsession.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = CSPsession.cpp; sourceTree = ""; }; + DCB3413C1D8A2A340054D16E /* CSPsession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CSPsession.h; sourceTree = ""; }; + DCB3413D1D8A2A340054D16E /* csputilities.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = csputilities.cpp; sourceTree = ""; }; + DCB3413E1D8A2A340054D16E /* cssmplugin.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cssmplugin.cpp; sourceTree = ""; }; + DCB3413F1D8A2A340054D16E /* cssmplugin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmplugin.h; sourceTree = ""; }; + DCB341401D8A2A340054D16E /* Database.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Database.cpp; sourceTree = ""; }; + DCB341411D8A2A340054D16E /* Database.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Database.h; sourceTree = ""; }; + DCB341421D8A2A340054D16E /* DatabaseSession.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = DatabaseSession.cpp; sourceTree = ""; }; + DCB341431D8A2A340054D16E /* DatabaseSession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DatabaseSession.h; sourceTree = ""; }; + DCB341441D8A2A340054D16E /* DbContext.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DbContext.cpp; sourceTree = ""; }; + DCB341451D8A2A340054D16E /* DbContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DbContext.h; sourceTree = ""; }; + DCB341461D8A2A340054D16E /* DLsession.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DLsession.cpp; sourceTree = ""; }; + DCB341471D8A2A340054D16E /* DLsession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DLsession.h; sourceTree = ""; }; + DCB341481D8A2A340054D16E /* generator.cfg */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = file; path = generator.cfg; sourceTree = ""; }; + DCB341491D8A2A340054D16E /* generator.mk */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = file; path = generator.mk; sourceTree = ""; }; + DCB3414A1D8A2A340054D16E /* generator.pl */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.perl; path = generator.pl; sourceTree = ""; }; + DCB3414B1D8A2A340054D16E /* pluginsession.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = pluginsession.cpp; sourceTree = ""; }; + DCB3414C1D8A2A340054D16E /* pluginsession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pluginsession.h; sourceTree = ""; }; + DCB3414D1D8A2A340054D16E /* pluginspi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pluginspi.h; sourceTree = ""; }; + DCB3414E1D8A2A340054D16E /* TPsession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TPsession.h; sourceTree = ""; }; + DCB3414F1D8A2A340054D16E /* ACabstractsession.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ACabstractsession.cpp; sourceTree = ""; }; + DCB341501D8A2A340054D16E /* CLabstractsession.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CLabstractsession.cpp; sourceTree = ""; }; + DCB341511D8A2A340054D16E /* CSPabstractsession.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CSPabstractsession.cpp; sourceTree = ""; }; + DCB341521D8A2A340054D16E /* DLabstractsession.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DLabstractsession.cpp; sourceTree = ""; }; + DCB341531D8A2A340054D16E /* TPabstractsession.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TPabstractsession.cpp; sourceTree = ""; }; + DCB341541D8A2A340054D16E /* ACabstractsession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ACabstractsession.h; sourceTree = ""; }; + DCB341551D8A2A340054D16E /* CLabstractsession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CLabstractsession.h; sourceTree = ""; }; + DCB341561D8A2A340054D16E /* CSPabstractsession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CSPabstractsession.h; sourceTree = ""; }; + DCB341571D8A2A340054D16E /* DLabstractsession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DLabstractsession.h; sourceTree = ""; }; + DCB341581D8A2A340054D16E /* TPabstractsession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TPabstractsession.h; sourceTree = ""; }; + DCB341821D8A2B860054D16E /* libsecurity_cdsa_utilities.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_cdsa_utilities.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DCB341831D8A2BAC0054D16E /* objectacl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = objectacl.h; sourceTree = ""; }; + DCB341841D8A2BAC0054D16E /* objectacl.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = objectacl.cpp; sourceTree = ""; }; + DCB341851D8A2BAC0054D16E /* aclsubject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = aclsubject.h; sourceTree = ""; }; + DCB341861D8A2BAC0054D16E /* aclsubject.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = aclsubject.cpp; sourceTree = ""; }; + DCB341871D8A2BAC0054D16E /* cssmacl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmacl.h; sourceTree = ""; }; + DCB341881D8A2BAC0054D16E /* cssmacl.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cssmacl.cpp; sourceTree = ""; }; + DCB341891D8A2BAC0054D16E /* acl_any.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = acl_any.cpp; sourceTree = ""; }; + DCB3418A1D8A2BAC0054D16E /* acl_any.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acl_any.h; sourceTree = ""; }; + DCB3418B1D8A2BAC0054D16E /* acl_codesigning.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = acl_codesigning.cpp; sourceTree = ""; }; + DCB3418C1D8A2BAC0054D16E /* acl_codesigning.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acl_codesigning.h; sourceTree = ""; }; + DCB3418D1D8A2BAC0054D16E /* acl_comment.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = acl_comment.cpp; sourceTree = ""; }; + DCB3418E1D8A2BAC0054D16E /* acl_comment.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acl_comment.h; sourceTree = ""; }; + DCB3418F1D8A2BAC0054D16E /* acl_password.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = acl_password.cpp; sourceTree = ""; }; + DCB341901D8A2BAC0054D16E /* acl_password.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acl_password.h; sourceTree = ""; }; + DCB341911D8A2BAC0054D16E /* acl_preauth.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = acl_preauth.cpp; sourceTree = ""; }; + DCB341921D8A2BAC0054D16E /* acl_preauth.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acl_preauth.h; sourceTree = ""; }; + DCB341931D8A2BAC0054D16E /* acl_process.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = acl_process.cpp; sourceTree = ""; }; + DCB341941D8A2BAC0054D16E /* acl_process.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acl_process.h; sourceTree = ""; }; + DCB341951D8A2BAC0054D16E /* acl_prompted.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = acl_prompted.cpp; sourceTree = ""; }; + DCB341961D8A2BAC0054D16E /* acl_prompted.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acl_prompted.h; sourceTree = ""; }; + DCB341971D8A2BAC0054D16E /* acl_protectedpw.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = acl_protectedpw.cpp; sourceTree = ""; }; + DCB341981D8A2BAC0054D16E /* acl_protectedpw.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acl_protectedpw.h; sourceTree = ""; }; + DCB341991D8A2BAC0054D16E /* acl_secret.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = acl_secret.cpp; sourceTree = ""; }; + DCB3419A1D8A2BAC0054D16E /* acl_secret.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acl_secret.h; sourceTree = ""; }; + DCB3419B1D8A2BAC0054D16E /* acl_threshold.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = acl_threshold.cpp; sourceTree = ""; }; + DCB3419C1D8A2BAC0054D16E /* acl_threshold.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acl_threshold.h; sourceTree = ""; }; + DCB3419F1D8A2BAC0054D16E /* AuthorizationData.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AuthorizationData.cpp; sourceTree = ""; }; + DCB341A01D8A2BAC0054D16E /* AuthorizationData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AuthorizationData.h; sourceTree = ""; }; + DCB341A11D8A2BAC0054D16E /* AuthorizationWalkers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AuthorizationWalkers.h; sourceTree = ""; }; + DCB341A21D8A2BAC0054D16E /* callback.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = callback.cpp; sourceTree = ""; }; + DCB341A31D8A2BAC0054D16E /* callback.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = callback.h; sourceTree = ""; }; + DCB341A41D8A2BAC0054D16E /* constdata.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = constdata.cpp; sourceTree = ""; }; + DCB341A51D8A2BAC0054D16E /* constdata.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = constdata.h; sourceTree = ""; }; + DCB341A61D8A2BAC0054D16E /* context.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = context.cpp; sourceTree = ""; }; + DCB341A71D8A2BAC0054D16E /* context.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = context.h; sourceTree = ""; }; + DCB341A81D8A2BAC0054D16E /* cssmaclpod.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cssmaclpod.cpp; sourceTree = ""; }; + DCB341A91D8A2BAC0054D16E /* cssmaclpod.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmaclpod.h; sourceTree = ""; }; + DCB341AA1D8A2BAC0054D16E /* cssmalloc.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cssmalloc.cpp; sourceTree = ""; }; + DCB341AB1D8A2BAC0054D16E /* cssmalloc.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmalloc.h; sourceTree = ""; }; + DCB341AC1D8A2BAC0054D16E /* cssmbridge.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmbridge.h; sourceTree = ""; }; + DCB341AD1D8A2BAC0054D16E /* cssmcert.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cssmcert.cpp; sourceTree = ""; }; + DCB341AE1D8A2BAC0054D16E /* cssmcert.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmcert.h; sourceTree = ""; }; + DCB341AF1D8A2BAC0054D16E /* cssmcred.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = cssmcred.cpp; sourceTree = ""; }; + DCB341B01D8A2BAC0054D16E /* cssmcred.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmcred.h; sourceTree = ""; }; + DCB341B11D8A2BAC0054D16E /* cssmdata.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cssmdata.cpp; sourceTree = ""; }; + DCB341B21D8A2BAC0054D16E /* cssmdata.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmdata.h; sourceTree = ""; }; + DCB341B31D8A2BAC0054D16E /* cssmdates.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cssmdates.cpp; sourceTree = ""; }; + DCB341B41D8A2BAC0054D16E /* cssmdates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmdates.h; sourceTree = ""; }; + DCB341B51D8A2BAC0054D16E /* cssmdb.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cssmdb.cpp; sourceTree = ""; }; + DCB341B61D8A2BAC0054D16E /* cssmdb.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmdb.h; sourceTree = ""; }; + DCB341B71D8A2BAC0054D16E /* cssmdbname.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cssmdbname.cpp; sourceTree = ""; }; + DCB341B81D8A2BAC0054D16E /* cssmdbname.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmdbname.h; sourceTree = ""; }; + DCB341B91D8A2BAC0054D16E /* cssmendian.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cssmendian.cpp; sourceTree = ""; }; + DCB341BA1D8A2BAC0054D16E /* cssmendian.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmendian.h; sourceTree = ""; }; + DCB341BB1D8A2BAC0054D16E /* cssmerrors.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cssmerrors.cpp; sourceTree = ""; }; + DCB341BC1D8A2BAC0054D16E /* cssmerrors.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmerrors.h; sourceTree = ""; }; + DCB341BD1D8A2BAC0054D16E /* cssmkey.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cssmkey.cpp; sourceTree = ""; }; + DCB341BE1D8A2BAC0054D16E /* cssmkey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmkey.h; sourceTree = ""; }; + DCB341BF1D8A2BAC0054D16E /* cssmlist.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cssmlist.cpp; sourceTree = ""; }; + DCB341C01D8A2BAC0054D16E /* cssmlist.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmlist.h; sourceTree = ""; }; + DCB341C11D8A2BAC0054D16E /* cssmpods.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cssmpods.cpp; sourceTree = ""; }; + DCB341C21D8A2BAC0054D16E /* cssmpods.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmpods.h; sourceTree = ""; }; + DCB341C31D8A2BAC0054D16E /* cssmtrust.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cssmtrust.cpp; sourceTree = ""; }; + DCB341C41D8A2BAC0054D16E /* cssmtrust.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmtrust.h; sourceTree = ""; }; + DCB341C51D8A2BAC0054D16E /* cssmwalkers.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cssmwalkers.cpp; sourceTree = ""; }; + DCB341C61D8A2BAC0054D16E /* cssmwalkers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmwalkers.h; sourceTree = ""; }; + DCB341C71D8A2BAC0054D16E /* db++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = "db++.cpp"; sourceTree = ""; }; + DCB341C81D8A2BAC0054D16E /* db++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "db++.h"; sourceTree = ""; }; + DCB341C91D8A2BAC0054D16E /* digestobject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = digestobject.h; sourceTree = ""; }; + DCB341CA1D8A2BAC0054D16E /* handleobject.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = handleobject.cpp; sourceTree = ""; }; + DCB341CB1D8A2BAC0054D16E /* handleobject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = handleobject.h; sourceTree = ""; }; + DCB341CC1D8A2BAC0054D16E /* handletemplates.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = handletemplates.cpp; sourceTree = ""; }; + DCB341CD1D8A2BAC0054D16E /* handletemplates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = handletemplates.h; sourceTree = ""; }; + DCB341CE1D8A2BAC0054D16E /* handletemplates_defs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = handletemplates_defs.h; sourceTree = ""; }; + DCB341CF1D8A2BAC0054D16E /* KeySchema.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KeySchema.h; sourceTree = ""; }; + DCB341D01D8A2BAC0054D16E /* KeySchema.m4 */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = KeySchema.m4; sourceTree = ""; }; + DCB341D11D8A2BAC0054D16E /* Schema.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Schema.h; sourceTree = ""; }; + DCB341D21D8A2BAC0054D16E /* Schema.m4 */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Schema.m4; sourceTree = ""; }; + DCB341D31D8A2BAC0054D16E /* osxverifier.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = osxverifier.cpp; sourceTree = ""; }; + DCB341D41D8A2BAC0054D16E /* osxverifier.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = osxverifier.h; sourceTree = ""; }; + DCB341D51D8A2BAC0054D16E /* u32handleobject.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = u32handleobject.cpp; sourceTree = ""; }; + DCB341D61D8A2BAC0054D16E /* u32handleobject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = u32handleobject.h; sourceTree = ""; }; + DCB341D71D8A2BAC0054D16E /* uniformrandom.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = uniformrandom.cpp; sourceTree = ""; }; + DCB341D81D8A2BAC0054D16E /* uniformrandom.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = uniformrandom.h; sourceTree = ""; }; + DCB341D91D8A2BAC0054D16E /* walkers.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = walkers.cpp; sourceTree = ""; }; + DCB341DA1D8A2BAC0054D16E /* walkers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = walkers.h; sourceTree = ""; }; + DCB342311D8A2C6B0054D16E /* KeySchema.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = KeySchema.cpp; sourceTree = ""; }; + DCB342321D8A2C6B0054D16E /* Schema.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Schema.cpp; sourceTree = ""; }; + DCB342411D8A32820054D16E /* libsecurity_keychain.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_keychain.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DCB342421D8A32A20054D16E /* SecAccess.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecAccess.cpp; sourceTree = ""; }; + DCB342431D8A32A20054D16E /* SecACL.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecACL.cpp; sourceTree = ""; }; + DCB342441D8A32A20054D16E /* SecBase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecBase.cpp; sourceTree = ""; }; + DCB342451D8A32A20054D16E /* SecBridge.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecBridge.h; sourceTree = ""; }; + DCB342461D8A32A20054D16E /* SecCertificate.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecCertificate.cpp; sourceTree = ""; }; + DCB342471D8A32A20054D16E /* SecCertificateBundle.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecCertificateBundle.cpp; sourceTree = ""; }; + DCB342481D8A32A20054D16E /* SecCertificateRequest.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecCertificateRequest.cpp; sourceTree = ""; }; + DCB342491D8A32A20054D16E /* SecIdentity.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecIdentity.cpp; sourceTree = ""; }; + DCB3424A1D8A32A20054D16E /* SecIdentitySearch.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecIdentitySearch.cpp; sourceTree = ""; }; + DCB3424B1D8A32A20054D16E /* SecItemConstants.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecItemConstants.c; sourceTree = ""; }; + DCB3424C1D8A32A20054D16E /* SecItem.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecItem.cpp; sourceTree = ""; }; + DCB3424D1D8A32A20054D16E /* SecKey.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecKey.cpp; sourceTree = ""; }; + DCB3424E1D8A32A20054D16E /* SecKeychain.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecKeychain.cpp; sourceTree = ""; }; + DCB3424F1D8A32A20054D16E /* SecKeychainItem.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecKeychainItem.cpp; sourceTree = ""; }; + DCB342501D8A32A20054D16E /* SecKeychainItemExtendedAttributes.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecKeychainItemExtendedAttributes.cpp; sourceTree = ""; }; + DCB342511D8A32A20054D16E /* SecKeychainSearch.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecKeychainSearch.cpp; sourceTree = ""; }; + DCB342521D8A32A20054D16E /* SecPassword.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SecPassword.cpp; sourceTree = ""; }; + DCB342531D8A32A20054D16E /* SecPolicy.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecPolicy.cpp; sourceTree = ""; }; + DCB342541D8A32A20054D16E /* SecPolicySearch.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecPolicySearch.cpp; sourceTree = ""; }; + DCB342551D8A32A20054D16E /* SecTrust.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecTrust.cpp; sourceTree = ""; }; + DCB342561D8A32A20054D16E /* SecTrustedApplication.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecTrustedApplication.cpp; sourceTree = ""; }; + DCB342571D8A32A20054D16E /* SecTrustSettings.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SecTrustSettings.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; + DCB342811D8A32A20054D16E /* SecRandom.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecRandom.c; sourceTree = ""; }; + DCB342821D8A32A20054D16E /* SecFDERecoveryAsymmetricCrypto.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecFDERecoveryAsymmetricCrypto.cpp; sourceTree = ""; }; + DCB342841D8A32A20054D16E /* SecRecoveryPassword.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecRecoveryPassword.c; sourceTree = ""; }; + DCB342861D8A32A20054D16E /* Access.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = Access.cpp; sourceTree = ""; }; + DCB342871D8A32A20054D16E /* Access.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Access.h; sourceTree = ""; }; + DCB342881D8A32A20054D16E /* ACL.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = ACL.cpp; sourceTree = ""; }; + DCB342891D8A32A20054D16E /* ACL.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ACL.h; sourceTree = ""; }; + DCB3428A1D8A32A20054D16E /* Certificate.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Certificate.cpp; sourceTree = ""; }; + DCB3428B1D8A32A20054D16E /* Certificate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Certificate.h; sourceTree = ""; }; + DCB3428C1D8A32A20054D16E /* CertificateRequest.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CertificateRequest.cpp; sourceTree = ""; }; + DCB3428D1D8A32A20054D16E /* CertificateRequest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CertificateRequest.h; sourceTree = ""; }; + DCB3428E1D8A32A20054D16E /* CertificateValues.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CertificateValues.cpp; sourceTree = ""; }; + DCB3428F1D8A32A20054D16E /* CertificateValues.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CertificateValues.h; sourceTree = ""; }; + DCB342901D8A32A20054D16E /* ExtendedAttribute.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ExtendedAttribute.cpp; sourceTree = ""; }; + DCB342911D8A32A20054D16E /* ExtendedAttribute.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ExtendedAttribute.h; sourceTree = ""; }; + DCB342921D8A32A20054D16E /* Globals.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Globals.cpp; sourceTree = ""; }; + DCB342931D8A32A20054D16E /* Globals.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Globals.h; sourceTree = ""; }; + DCB342941D8A32A20054D16E /* Identity.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Identity.cpp; sourceTree = ""; }; + DCB342951D8A32A20054D16E /* Identity.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Identity.h; sourceTree = ""; }; + DCB342961D8A32A20054D16E /* IdentityCursor.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = IdentityCursor.cpp; sourceTree = ""; }; + DCB342971D8A32A20054D16E /* IdentityCursor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = IdentityCursor.h; sourceTree = ""; }; + DCB342981D8A32A20054D16E /* Item.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = Item.cpp; sourceTree = ""; }; + DCB342991D8A32A20054D16E /* Item.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Item.h; sourceTree = ""; }; + DCB3429A1D8A32A20054D16E /* KCCursor.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = KCCursor.cpp; sourceTree = ""; }; + DCB3429B1D8A32A20054D16E /* KCCursor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KCCursor.h; sourceTree = ""; }; + DCB3429C1D8A32A20054D16E /* Keychains.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = Keychains.cpp; sourceTree = ""; }; + DCB3429D1D8A32A20054D16E /* Keychains.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Keychains.h; sourceTree = ""; }; + DCB3429E1D8A32A20054D16E /* KeyItem.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = KeyItem.cpp; sourceTree = ""; }; + DCB3429F1D8A32A20054D16E /* KeyItem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KeyItem.h; sourceTree = ""; }; + DCB342A01D8A32A20054D16E /* Password.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Password.cpp; sourceTree = ""; }; + DCB342A11D8A32A20054D16E /* Password.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Password.h; sourceTree = ""; }; + DCB342A21D8A32A20054D16E /* Policies.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = Policies.cpp; sourceTree = ""; }; + DCB342A31D8A32A20054D16E /* Policies.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Policies.h; sourceTree = ""; }; + DCB342A41D8A32A20054D16E /* PolicyCursor.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PolicyCursor.cpp; sourceTree = ""; }; + DCB342A51D8A32A20054D16E /* PolicyCursor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PolicyCursor.h; sourceTree = ""; }; + DCB342A61D8A32A20054D16E /* SecCFTypes.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecCFTypes.cpp; sourceTree = ""; }; + DCB342A71D8A32A20054D16E /* SecCFTypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCFTypes.h; sourceTree = ""; }; + DCB342A81D8A32A20054D16E /* SecKeychainAddIToolsPassword.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecKeychainAddIToolsPassword.cpp; sourceTree = ""; }; + DCB342AA1D8A32A20054D16E /* StorageManager.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = StorageManager.cpp; sourceTree = ""; }; + DCB342AB1D8A32A20054D16E /* Trust.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = Trust.cpp; sourceTree = ""; }; + DCB342AC1D8A32A20054D16E /* Trust.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Trust.h; sourceTree = ""; }; + DCB342AD1D8A32A20054D16E /* TrustRevocation.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TrustRevocation.cpp; sourceTree = ""; }; + DCB342AE1D8A32A20054D16E /* TrustedApplication.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = TrustedApplication.cpp; sourceTree = ""; }; + DCB342AF1D8A32A20054D16E /* TrustedApplication.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TrustedApplication.h; sourceTree = ""; }; + DCB342B01D8A32A20054D16E /* TrustSettings.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = TrustSettings.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; + DCB342B11D8A32A20054D16E /* TrustSettings.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TrustSettings.h; sourceTree = ""; }; + DCB342B21D8A32A20054D16E /* TrustKeychains.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TrustKeychains.h; sourceTree = ""; }; + DCB342B31D8A32A20054D16E /* SecTrustOSXEntryPoints.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecTrustOSXEntryPoints.cpp; sourceTree = ""; }; + DCB342B41D8A32A20054D16E /* SecTrustOSXEntryPoints.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecTrustOSXEntryPoints.h; path = ../../trustd/SecTrustOSXEntryPoints.h; sourceTree = ""; }; + DCB342B71D8A32A20054D16E /* CCallbackMgr.cp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CCallbackMgr.cp; sourceTree = ""; }; + DCB342B81D8A32A20054D16E /* CCallbackMgr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CCallbackMgr.h; sourceTree = ""; }; + DCB342B91D8A32A20054D16E /* cssmdatetime.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cssmdatetime.cpp; sourceTree = ""; }; + DCB342BA1D8A32A20054D16E /* cssmdatetime.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cssmdatetime.h; sourceTree = ""; }; + DCB342BB1D8A32A20054D16E /* defaultcreds.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = defaultcreds.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; + DCB342BC1D8A32A20054D16E /* defaultcreds.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = defaultcreds.h; sourceTree = ""; }; + DCB342BD1D8A32A20054D16E /* DLDBListCFPref.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DLDBListCFPref.cpp; sourceTree = ""; }; + DCB342BE1D8A32A20054D16E /* DLDBListCFPref.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DLDBListCFPref.h; sourceTree = ""; }; + DCB342BF1D8A32A20054D16E /* DynamicDLDBList.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DynamicDLDBList.cpp; sourceTree = ""; }; + DCB342C01D8A32A20054D16E /* DynamicDLDBList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DynamicDLDBList.h; sourceTree = ""; }; + DCB342C11D8A32A20054D16E /* KCEventNotifier.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = KCEventNotifier.cpp; sourceTree = ""; }; + DCB342C21D8A32A20054D16E /* KCEventNotifier.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KCEventNotifier.h; sourceTree = ""; }; + DCB342C31D8A32A20054D16E /* KCExceptions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KCExceptions.h; sourceTree = ""; }; + DCB342C41D8A32A20054D16E /* KCUtilities.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = KCUtilities.cpp; sourceTree = ""; }; + DCB342C51D8A32A20054D16E /* KCUtilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KCUtilities.h; sourceTree = ""; }; + DCB342C61D8A32A20054D16E /* MacOSErrorStrings.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MacOSErrorStrings.h; sourceTree = ""; }; + DCB342C71D8A32A20054D16E /* PrimaryKey.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PrimaryKey.cpp; sourceTree = ""; }; + DCB342C81D8A32A20054D16E /* PrimaryKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PrimaryKey.h; sourceTree = ""; }; + DCB342CA1D8A32A20054D16E /* StorageManager.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StorageManager.h; sourceTree = ""; }; + DCB342CB1D8A32A20054D16E /* TrustAdditions.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = TrustAdditions.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; + DCB342CC1D8A32A20054D16E /* TrustAdditions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TrustAdditions.h; sourceTree = ""; }; + DCB342CD1D8A32A20054D16E /* TrustItem.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = TrustItem.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; + DCB342CE1D8A32A20054D16E /* TrustItem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TrustItem.h; sourceTree = ""; }; + DCB342CF1D8A32A20054D16E /* TrustStore.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = TrustStore.cpp; sourceTree = ""; }; + DCB342D01D8A32A20054D16E /* TrustStore.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TrustStore.h; sourceTree = ""; }; + DCB342D11D8A32A20054D16E /* UnlockReferralItem.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = UnlockReferralItem.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; + DCB342D21D8A32A20054D16E /* UnlockReferralItem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = UnlockReferralItem.h; sourceTree = ""; }; + DCB342D31D8A32A20054D16E /* TrustSettingsUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TrustSettingsUtils.cpp; sourceTree = ""; }; + DCB342D41D8A32A20054D16E /* TrustSettingsUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TrustSettingsUtils.h; sourceTree = ""; }; + DCB342D51D8A32A20054D16E /* SecCertificatePrivP.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCertificatePrivP.h; sourceTree = ""; }; + DCB342D61D8A32A20054D16E /* SecBase64P.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecBase64P.c; sourceTree = ""; }; + DCB342D71D8A32A20054D16E /* SecFrameworkP.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecFrameworkP.c; sourceTree = ""; }; + DCB342D81D8A32A20054D16E /* SecCertificateP.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = SecCertificateP.c; sourceTree = ""; }; + DCB342D91D8A32A20054D16E /* SecCertificateP.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCertificateP.h; sourceTree = ""; }; + DCB342DA1D8A32A20054D16E /* SecCertificateInternalP.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCertificateInternalP.h; sourceTree = ""; }; + DCB342DB1D8A32A20054D16E /* generateErrStrings.pl */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.perl; path = generateErrStrings.pl; sourceTree = ""; }; + DCB342DC1D8A32A20054D16E /* tsaDERUtilities.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = tsaDERUtilities.c; sourceTree = ""; }; + DCB342DD1D8A32A20054D16E /* tsaDERUtilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tsaDERUtilities.h; sourceTree = ""; }; + DCB342DE1D8A32A20054D16E /* TokenLogin.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = TokenLogin.cpp; sourceTree = ""; }; + DCB342DF1D8A32A20054D16E /* TokenLogin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TokenLogin.h; sourceTree = ""; }; + DCB342E11D8A32A20054D16E /* SecExport.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecExport.cpp; sourceTree = ""; }; + DCB342E21D8A32A20054D16E /* SecExternalRep.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecExternalRep.cpp; sourceTree = ""; }; + DCB342E31D8A32A20054D16E /* SecExternalRep.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecExternalRep.h; sourceTree = ""; }; + DCB342E41D8A32A20054D16E /* SecImport.cpp */ = {isa = PBXFileReference; explicitFileType = sourcecode.cpp.cpp; fileEncoding = 4; path = SecImport.cpp; sourceTree = ""; }; + DCB342E51D8A32A20054D16E /* SecImportExport.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecImportExport.c; sourceTree = ""; }; + DCB342E61D8A32A20054D16E /* SecImportExportAgg.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecImportExportAgg.cpp; sourceTree = ""; }; + DCB342E71D8A32A20054D16E /* SecImportExportAgg.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecImportExportAgg.h; sourceTree = ""; }; + DCB342E81D8A32A20054D16E /* SecImportExportCrypto.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecImportExportCrypto.cpp; sourceTree = ""; }; + DCB342E91D8A32A20054D16E /* SecImportExportCrypto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecImportExportCrypto.h; sourceTree = ""; }; + DCB342EA1D8A32A20054D16E /* SecImportExportOpenSSH.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecImportExportOpenSSH.cpp; sourceTree = ""; }; + DCB342EB1D8A32A20054D16E /* SecImportExportOpenSSH.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecImportExportOpenSSH.h; sourceTree = ""; }; + DCB342EC1D8A32A20054D16E /* SecImportExportPem.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecImportExportPem.cpp; sourceTree = ""; }; + DCB342ED1D8A32A20054D16E /* SecImportExportPem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecImportExportPem.h; sourceTree = ""; }; + DCB342EE1D8A32A20054D16E /* SecImportExportPkcs8.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecImportExportPkcs8.cpp; sourceTree = ""; }; + DCB342EF1D8A32A20054D16E /* SecImportExportPkcs8.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecImportExportPkcs8.h; sourceTree = ""; }; + DCB342F01D8A32A20054D16E /* SecImportExportUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecImportExportUtils.cpp; sourceTree = ""; }; + DCB342F11D8A32A20054D16E /* SecImportExportUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = SecImportExportUtils.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; + DCB342F21D8A32A20054D16E /* SecNetscapeTemplates.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecNetscapeTemplates.cpp; sourceTree = ""; }; + DCB342F31D8A32A20054D16E /* SecNetscapeTemplates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecNetscapeTemplates.h; sourceTree = ""; }; + DCB342F41D8A32A20054D16E /* SecPkcs8Templates.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecPkcs8Templates.cpp; sourceTree = ""; }; + DCB342F51D8A32A20054D16E /* SecPkcs8Templates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecPkcs8Templates.h; sourceTree = ""; }; + DCB342F61D8A32A20054D16E /* SecWrappedKeys.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecWrappedKeys.cpp; sourceTree = ""; }; + DCB3443E1D8A34FD0054D16E /* libsecurity_keychain_regressions.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_keychain_regressions.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DCB3443F1D8A35270054D16E /* keychain_regressions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = keychain_regressions.h; path = regressions/keychain_regressions.h; sourceTree = ""; }; + DCB344401D8A35270054D16E /* kc-helpers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = "kc-helpers.h"; path = "regressions/kc-helpers.h"; sourceTree = ""; }; + DCB344411D8A35270054D16E /* kc-item-helpers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = "kc-item-helpers.h"; path = "regressions/kc-item-helpers.h"; sourceTree = ""; }; + DCB344421D8A35270054D16E /* kc-key-helpers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = "kc-key-helpers.h"; path = "regressions/kc-key-helpers.h"; sourceTree = ""; }; + DCB344431D8A35270054D16E /* kc-identity-helpers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = "kc-identity-helpers.h"; path = "regressions/kc-identity-helpers.h"; sourceTree = ""; }; + DCB344441D8A35270054D16E /* kc-keychain-file-helpers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = "kc-keychain-file-helpers.h"; path = "regressions/kc-keychain-file-helpers.h"; sourceTree = ""; }; + DCB344451D8A35270054D16E /* kc-01-keychain-creation.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-01-keychain-creation.c"; path = "regressions/kc-01-keychain-creation.c"; sourceTree = ""; }; + DCB344461D8A35270054D16E /* kc-02-unlock-noui.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-02-unlock-noui.c"; path = "regressions/kc-02-unlock-noui.c"; sourceTree = ""; }; + DCB344471D8A35270054D16E /* kc-03-status.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-03-status.c"; path = "regressions/kc-03-status.c"; sourceTree = ""; }; + DCB344481D8A35270054D16E /* kc-03-keychain-list.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-03-keychain-list.c"; path = "regressions/kc-03-keychain-list.c"; sourceTree = ""; }; + DCB344491D8A35270054D16E /* kc-04-is-valid.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-04-is-valid.c"; path = "regressions/kc-04-is-valid.c"; sourceTree = ""; }; + DCB3444A1D8A35270054D16E /* kc-05-find-existing-items.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-05-find-existing-items.c"; path = "regressions/kc-05-find-existing-items.c"; sourceTree = ""; }; + DCB3444B1D8A35270054D16E /* kc-05-find-existing-items-locked.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-05-find-existing-items-locked.c"; path = "regressions/kc-05-find-existing-items-locked.c"; sourceTree = ""; }; + DCB3444C1D8A35270054D16E /* kc-06-cert-search-email.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "kc-06-cert-search-email.m"; path = "regressions/kc-06-cert-search-email.m"; sourceTree = ""; }; + DCB3444D1D8A35270054D16E /* kc-10-item-add-generic.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-10-item-add-generic.c"; path = "regressions/kc-10-item-add-generic.c"; sourceTree = ""; }; + DCB3444E1D8A35270054D16E /* kc-10-item-add-internet.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-10-item-add-internet.c"; path = "regressions/kc-10-item-add-internet.c"; sourceTree = ""; }; + DCB3444F1D8A35270054D16E /* kc-10-item-add-certificate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-10-item-add-certificate.c"; path = "regressions/kc-10-item-add-certificate.c"; sourceTree = ""; }; + DCB344501D8A35270054D16E /* kc-12-key-create-symmetric.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-12-key-create-symmetric.c"; path = "regressions/kc-12-key-create-symmetric.c"; sourceTree = ""; }; + DCB344511D8A35270054D16E /* kc-12-key-create-symmetric-and-use.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "kc-12-key-create-symmetric-and-use.m"; path = "regressions/kc-12-key-create-symmetric-and-use.m"; sourceTree = ""; }; + DCB344521D8A35270054D16E /* kc-12-item-create-keypair.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-12-item-create-keypair.c"; path = "regressions/kc-12-item-create-keypair.c"; sourceTree = ""; }; + DCB344531D8A35270054D16E /* kc-15-key-update-valueref.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-15-key-update-valueref.c"; path = "regressions/kc-15-key-update-valueref.c"; sourceTree = ""; }; + DCB344541D8A35270054D16E /* kc-15-item-update-label-skimaad.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "kc-15-item-update-label-skimaad.m"; path = "regressions/kc-15-item-update-label-skimaad.m"; sourceTree = ""; }; + DCB344551D8A35270054D16E /* kc-16-item-update-password.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-16-item-update-password.c"; path = "regressions/kc-16-item-update-password.c"; sourceTree = ""; }; + DCB344561D8A35270054D16E /* kc-18-find-combined.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-18-find-combined.c"; path = "regressions/kc-18-find-combined.c"; sourceTree = ""; }; + DCB344571D8A35270054D16E /* kc-19-item-copy-internet.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-19-item-copy-internet.c"; path = "regressions/kc-19-item-copy-internet.c"; sourceTree = ""; }; + DCB344581D8A35270054D16E /* kc-20-identity-persistent-refs.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-20-identity-persistent-refs.c"; path = "regressions/kc-20-identity-persistent-refs.c"; sourceTree = ""; }; + DCB344591D8A35270054D16E /* kc-20-identity-key-attributes.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-20-identity-key-attributes.c"; path = "regressions/kc-20-identity-key-attributes.c"; sourceTree = ""; }; + DCB3445A1D8A35270054D16E /* kc-20-item-find-stress.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-20-item-find-stress.c"; path = "regressions/kc-20-item-find-stress.c"; sourceTree = ""; }; + DCB3445B1D8A35270054D16E /* kc-20-item-add-stress.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-20-item-add-stress.c"; path = "regressions/kc-20-item-add-stress.c"; sourceTree = ""; }; + DCB3445C1D8A35270054D16E /* kc-20-key-find-stress.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-20-key-find-stress.c"; path = "regressions/kc-20-key-find-stress.c"; sourceTree = ""; }; + DCB3445D1D8A35270054D16E /* kc-20-identity-find-stress.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-20-identity-find-stress.c"; path = "regressions/kc-20-identity-find-stress.c"; sourceTree = ""; }; + DCB3445E1D8A35270054D16E /* kc-21-item-use-callback.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-21-item-use-callback.c"; path = "regressions/kc-21-item-use-callback.c"; sourceTree = ""; }; + DCB3445F1D8A35270054D16E /* kc-21-item-xattrs.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-21-item-xattrs.c"; path = "regressions/kc-21-item-xattrs.c"; sourceTree = ""; }; + DCB344601D8A35270054D16E /* kc-23-key-export-symmetric.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "kc-23-key-export-symmetric.m"; path = "regressions/kc-23-key-export-symmetric.m"; sourceTree = ""; }; + DCB344611D8A35270054D16E /* kc-24-key-copy-keychains.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-24-key-copy-keychains.c"; path = "regressions/kc-24-key-copy-keychains.c"; sourceTree = ""; }; + DCB344621D8A35270054D16E /* kc-26-key-import-public.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "kc-26-key-import-public.m"; path = "regressions/kc-26-key-import-public.m"; sourceTree = ""; }; + DCB344631D8A35270054D16E /* kc-27-key-non-extractable.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-27-key-non-extractable.c"; path = "regressions/kc-27-key-non-extractable.c"; sourceTree = ""; }; + DCB344641D8A35270054D16E /* kc-28-p12-import.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "kc-28-p12-import.m"; path = "regressions/kc-28-p12-import.m"; sourceTree = ""; }; + DCB344651D8A35270054D16E /* kc-28-cert-sign.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-28-cert-sign.c"; path = "regressions/kc-28-cert-sign.c"; sourceTree = ""; }; + DCB344661D8A35270054D16E /* kc-30-xara.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; name = "kc-30-xara.c"; path = "regressions/kc-30-xara.c"; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.c; }; + DCB344671D8A35270054D16E /* kc-30-xara-helpers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = "kc-30-xara-helpers.h"; path = "regressions/kc-30-xara-helpers.h"; sourceTree = ""; }; + DCB344681D8A35270054D16E /* kc-30-xara-upgrade-helpers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = "kc-30-xara-upgrade-helpers.h"; path = "regressions/kc-30-xara-upgrade-helpers.h"; sourceTree = ""; }; + DCB344691D8A35270054D16E /* kc-30-xara-item-helpers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; name = "kc-30-xara-item-helpers.h"; path = "regressions/kc-30-xara-item-helpers.h"; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; + DCB3446A1D8A35270054D16E /* kc-30-xara-key-helpers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; name = "kc-30-xara-key-helpers.h"; path = "regressions/kc-30-xara-key-helpers.h"; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; + DCB3446B1D8A35270054D16E /* kc-40-seckey.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "kc-40-seckey.m"; path = "regressions/kc-40-seckey.m"; sourceTree = ""; }; + DCB3446C1D8A35270054D16E /* kc-41-sececkey.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "kc-41-sececkey.m"; path = "regressions/kc-41-sececkey.m"; sourceTree = ""; }; + DCB3446D1D8A35270054D16E /* kc-43-seckey-interop.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "kc-43-seckey-interop.m"; path = "regressions/kc-43-seckey-interop.m"; sourceTree = ""; }; + DCB3446E1D8A35270054D16E /* kc-42-trust-revocation.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-42-trust-revocation.c"; path = "regressions/kc-42-trust-revocation.c"; sourceTree = ""; }; + DCB3446F1D8A35270054D16E /* si-20-sectrust-provisioning.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "si-20-sectrust-provisioning.c"; path = "regressions/si-20-sectrust-provisioning.c"; sourceTree = ""; }; + DCB344701D8A35270054D16E /* si-20-sectrust-provisioning.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = "si-20-sectrust-provisioning.h"; path = "regressions/si-20-sectrust-provisioning.h"; sourceTree = ""; }; + DCB344711D8A35270054D16E /* si-33-keychain-backup.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "si-33-keychain-backup.c"; path = "regressions/si-33-keychain-backup.c"; sourceTree = ""; }; + DCB344721D8A35270054D16E /* si-34-one-true-keychain.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "si-34-one-true-keychain.c"; path = "regressions/si-34-one-true-keychain.c"; sourceTree = ""; }; + DCC0800D1CFF7903005C35C8 /* CSSMOID.exp-in */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "CSSMOID.exp-in"; sourceTree = ""; }; + DCC78C371D8085D800865A7C /* ios6_1_keychain_2_db.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ios6_1_keychain_2_db.h; sourceTree = ""; }; + DCC78C381D8085D800865A7C /* ios8-inet-keychain-2.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ios8-inet-keychain-2.h"; sourceTree = ""; }; + DCC78C391D8085D800865A7C /* secd-03-corrupted-items.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-03-corrupted-items.c"; sourceTree = ""; }; + DCC78C3A1D8085D800865A7C /* secd-04-corrupted-items.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-04-corrupted-items.c"; sourceTree = ""; }; + DCC78C3B1D8085D800865A7C /* secd-05-corrupted-items.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "secd-05-corrupted-items.m"; sourceTree = ""; }; + DCC78C3C1D8085D800865A7C /* securityd_regressions.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = securityd_regressions.h; sourceTree = ""; }; + DCC78C3D1D8085D800865A7C /* sd-10-policytree.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sd-10-policytree.c"; sourceTree = ""; }; + DCC78C3E1D8085D800865A7C /* secd_regressions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = secd_regressions.h; sourceTree = ""; }; + DCC78C3F1D8085D800865A7C /* secd-01-items.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-01-items.c"; sourceTree = ""; }; + DCC78C401D8085D800865A7C /* secd-02-upgrade-while-locked.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = "secd-02-upgrade-while-locked.c"; sourceTree = ""; }; + DCC78C411D8085D800865A7C /* secd-20-keychain_upgrade.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "secd-20-keychain_upgrade.m"; sourceTree = ""; }; + DCC78C421D8085D800865A7C /* secd-21-transmogrify.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "secd-21-transmogrify.m"; sourceTree = ""; }; + DCC78C431D8085D800865A7C /* secd-30-keychain-upgrade.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-30-keychain-upgrade.c"; sourceTree = ""; }; + DCC78C441D8085D800865A7C /* secd-31-keychain-bad.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-31-keychain-bad.c"; sourceTree = ""; }; + DCC78C451D8085D800865A7C /* secd-31-keychain-unreadable.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-31-keychain-unreadable.c"; sourceTree = ""; }; + DCC78C461D8085D800865A7C /* secd-32-restore-bad-backup.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-32-restore-bad-backup.c"; sourceTree = ""; }; + DCC78C471D8085D800865A7C /* secd-33-keychain-ctk.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "secd-33-keychain-ctk.m"; sourceTree = ""; }; + DCC78C481D8085D800865A7C /* secd-34-backup-der-parse.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-34-backup-der-parse.c"; sourceTree = ""; }; + DCC78C491D8085D800865A7C /* secd-35-keychain-migrate-inet.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-35-keychain-migrate-inet.c"; sourceTree = ""; }; + DCC78C4A1D8085D800865A7C /* secd-40-cc-gestalt.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-40-cc-gestalt.c"; sourceTree = ""; }; + DCC78C4B1D8085D800865A7C /* secd-50-account.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = "secd-50-account.c"; sourceTree = ""; }; + DCC78C4C1D8085D800865A7C /* secd-49-manifests.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-49-manifests.c"; sourceTree = ""; }; + DCC78C4D1D8085D800865A7C /* secd-50-message.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-50-message.c"; sourceTree = ""; }; + DCC78C4E1D8085D800865A7C /* secd-51-account-inflate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-51-account-inflate.c"; sourceTree = ""; }; + DCC78C4F1D8085D800865A7C /* secd-52-offering-gencount-reset.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-52-offering-gencount-reset.c"; sourceTree = ""; }; + DCC78C501D8085D800865A7C /* secd-52-account-changed.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-52-account-changed.c"; sourceTree = ""; }; + DCC78C511D8085D800865A7C /* secd-55-account-circle.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-55-account-circle.c"; sourceTree = ""; }; + DCC78C521D8085D800865A7C /* secd-55-account-incompatibility.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-55-account-incompatibility.c"; sourceTree = ""; }; + DCC78C531D8085D800865A7C /* secd-56-account-apply.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-56-account-apply.c"; sourceTree = ""; }; + DCC78C541D8085D800865A7C /* secd-57-account-leave.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-57-account-leave.c"; sourceTree = ""; }; + DCC78C551D8085D800865A7C /* secd-57-1-account-last-standing.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-57-1-account-last-standing.c"; sourceTree = ""; }; + DCC78C561D8085D800865A7C /* secd-58-password-change.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-58-password-change.c"; sourceTree = ""; }; + DCC78C571D8085D800865A7C /* secd-59-account-cleanup.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-59-account-cleanup.c"; sourceTree = ""; }; + DCC78C581D8085D800865A7C /* secd-60-account-cloud-identity.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-60-account-cloud-identity.c"; sourceTree = ""; }; + DCC78C591D8085D800865A7C /* secd60-account-cloud-exposure.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd60-account-cloud-exposure.c"; sourceTree = ""; }; + DCC78C5A1D8085D800865A7C /* secd-61-account-leave-not-in-kansas-anymore.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-61-account-leave-not-in-kansas-anymore.c"; sourceTree = ""; }; + DCC78C5B1D8085D800865A7C /* secd-62-account-backup.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-62-account-backup.c"; sourceTree = ""; }; + DCC78C5C1D8085D800865A7C /* secd-62-account-hsa-join.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-62-account-hsa-join.c"; sourceTree = ""; }; + DCC78C5D1D8085D800865A7C /* secd-63-account-resurrection.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-63-account-resurrection.c"; sourceTree = ""; }; + DCC78C5E1D8085D800865A7C /* secd-65-account-retirement-reset.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-65-account-retirement-reset.c"; sourceTree = ""; }; + DCC78C5F1D8085D800865A7C /* secd-64-circlereset.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-64-circlereset.c"; sourceTree = ""; }; + DCC78C601D8085D800865A7C /* secd-70-engine.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-70-engine.c"; sourceTree = ""; }; + DCC78C611D8085D800865A7C /* secd-70-engine-corrupt.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-70-engine-corrupt.c"; sourceTree = ""; }; + DCC78C621D8085D800865A7C /* secd-70-engine-smash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-70-engine-smash.c"; sourceTree = ""; }; + DCC78C631D8085D800865A7C /* secd-70-otr-remote.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-70-otr-remote.c"; sourceTree = ""; }; + DCC78C641D8085D800865A7C /* secd-71-engine-save.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-71-engine-save.c"; sourceTree = ""; }; + DCC78C651D8085D800865A7C /* secd-71-engine-save-sample1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "secd-71-engine-save-sample1.h"; sourceTree = ""; }; + DCC78C661D8085D800865A7C /* secd-74-engine-beer-servers.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-74-engine-beer-servers.c"; sourceTree = ""; }; + DCC78C671D8085D800865A7C /* secd-75-engine-views.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-75-engine-views.c"; sourceTree = ""; }; + DCC78C681D8085D800865A7C /* secd-76-idstransport.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-76-idstransport.c"; sourceTree = ""; }; + DCC78C691D8085D800865A7C /* secd_77_ids_messaging.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = secd_77_ids_messaging.c; sourceTree = ""; }; + DCC78C6A1D8085D800865A7C /* secd-80-views-basic.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-80-views-basic.c"; sourceTree = ""; }; + DCC78C6B1D8085D800865A7C /* secd-82-secproperties-basic.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-82-secproperties-basic.c"; sourceTree = ""; }; + DCC78C6C1D8085D800865A7C /* secd-81-item-acl-stress.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = "secd-81-item-acl-stress.c"; sourceTree = ""; }; + DCC78C6D1D8085D800865A7C /* secd-81-item-acl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-81-item-acl.c"; sourceTree = ""; }; + DCC78C6E1D8085D800865A7C /* secd-82-persistent-ref.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = "secd-82-persistent-ref.c"; sourceTree = ""; }; + DCC78C6F1D8085D800865A7C /* secd-83-item-match-policy.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "secd-83-item-match-policy.m"; sourceTree = ""; }; + DCC78C701D8085D800865A7C /* secd-83-item-match-valid-on-date.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "secd-83-item-match-valid-on-date.m"; sourceTree = ""; }; + DCC78C711D8085D800865A7C /* secd-83-item-match-trusted.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "secd-83-item-match-trusted.m"; sourceTree = ""; }; + DCC78C721D8085D800865A7C /* secd-83-item-match.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "secd-83-item-match.h"; sourceTree = ""; }; + DCC78C731D8085D800865A7C /* secd-90-hsa2.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-90-hsa2.c"; sourceTree = ""; }; + DCC78C741D8085D800865A7C /* secd-95-escrow-persistence.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-95-escrow-persistence.c"; sourceTree = ""; }; + DCC78C751D8085D800865A7C /* secd-100-initialsync.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-100-initialsync.c"; sourceTree = ""; }; + DCC78C761D8085D800865A7C /* secd-130-other-peer-views.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-130-other-peer-views.c"; sourceTree = ""; }; + DCC78C771D8085D800865A7C /* secd-154-engine-backoff.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-154-engine-backoff.c"; sourceTree = ""; }; + DCC78C781D8085D800865A7C /* secd-200-logstate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-200-logstate.c"; sourceTree = ""; }; + DCC78C791D8085D800865A7C /* SOSAccountTesting.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSAccountTesting.h; sourceTree = ""; }; + DCC78C7A1D8085D800865A7C /* SecdTestKeychainUtilities.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecdTestKeychainUtilities.c; sourceTree = ""; }; + DCC78C7B1D8085D800865A7C /* SecdTestKeychainUtilities.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecdTestKeychainUtilities.h; sourceTree = ""; }; + DCC78C7C1D8085D800865A7C /* SOSTransportTestTransports.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTransportTestTransports.c; sourceTree = ""; }; + DCC78C7D1D8085D800865A7C /* SOSTransportTestTransports.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTransportTestTransports.h; sourceTree = ""; }; + DCC78C7F1D8085D800865A7C /* asynchttp.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = asynchttp.c; sourceTree = ""; }; + DCC78C801D8085D800865A7C /* asynchttp.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = asynchttp.h; sourceTree = ""; }; + DCC78C811D8085D800865A7C /* entitlements.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = entitlements.plist; sourceTree = ""; }; + DCC78C821D8085D800865A7C /* OTATrustUtilities.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = OTATrustUtilities.c; sourceTree = ""; }; + DCC78C831D8085D800865A7C /* OTATrustUtilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OTATrustUtilities.h; sourceTree = ""; }; + DCC78C841D8085D800865A7C /* policytree.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = policytree.c; sourceTree = ""; }; + DCC78C851D8085D800865A7C /* policytree.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = policytree.h; sourceTree = ""; }; + DCC78C861D8085D800865A7C /* nameconstraints.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = nameconstraints.c; sourceTree = ""; }; + DCC78C871D8085D800865A7C /* nameconstraints.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = nameconstraints.h; sourceTree = ""; }; + DCC78C881D8085D800865A7C /* personalization.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = personalization.c; sourceTree = ""; }; + DCC78C891D8085D800865A7C /* personalization.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = personalization.h; sourceTree = ""; }; + DCC78C8A1D8085D800865A7C /* SecCAIssuerCache.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecCAIssuerCache.c; sourceTree = ""; }; + DCC78C8B1D8085D800865A7C /* SecCAIssuerCache.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecCAIssuerCache.h; sourceTree = ""; }; + DCC78C8C1D8085D800865A7C /* SecCAIssuerRequest.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecCAIssuerRequest.c; sourceTree = ""; }; + DCC78C8D1D8085D800865A7C /* SecCAIssuerRequest.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecCAIssuerRequest.h; sourceTree = ""; }; + DCC78C8E1D8085D800865A7C /* SecDbItem.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecDbItem.c; sourceTree = ""; }; + DCC78C8F1D8085D800865A7C /* SecDbItem.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecDbItem.h; sourceTree = ""; }; + DCC78C901D8085D800865A7C /* SecDbKeychainItem.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecDbKeychainItem.c; sourceTree = ""; }; + DCC78C911D8085D800865A7C /* SecDbKeychainItem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecDbKeychainItem.h; sourceTree = ""; }; + DCC78C921D8085D800865A7C /* SecDbQuery.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecDbQuery.c; sourceTree = ""; }; + DCC78C931D8085D800865A7C /* SecDbQuery.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecDbQuery.h; sourceTree = ""; }; + DCC78C941D8085D800865A7C /* SecItemDataSource.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecItemDataSource.c; sourceTree = ""; }; + DCC78C951D8085D800865A7C /* SecItemDataSource.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecItemDataSource.h; sourceTree = ""; }; + DCC78C961D8085D800865A7C /* SecItemDb.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecItemDb.c; sourceTree = ""; }; + DCC78C971D8085D800865A7C /* SecItemDb.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecItemDb.h; sourceTree = ""; }; + DCC78C981D8085D800865A7C /* SecItemSchema.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecItemSchema.c; sourceTree = ""; }; + DCC78C991D8085D800865A7C /* SecItemSchema.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecItemSchema.h; sourceTree = ""; }; + DCC78C9A1D8085D800865A7C /* SecItemServer.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = SecItemServer.c; sourceTree = ""; }; + DCC78C9B1D8085D800865A7C /* SecItemServer.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecItemServer.h; sourceTree = ""; }; + DCC78C9C1D8085D800865A7C /* SecItemBackupServer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecItemBackupServer.c; sourceTree = ""; }; + DCC78C9D1D8085D800865A7C /* SecItemBackupServer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecItemBackupServer.h; sourceTree = ""; }; + DCC78C9E1D8085D800865A7C /* SecKeybagSupport.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecKeybagSupport.c; sourceTree = ""; }; + DCC78C9F1D8085D800865A7C /* SecKeybagSupport.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecKeybagSupport.h; sourceTree = ""; }; + DCC78CA01D8085D800865A7C /* SecOCSPCache.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecOCSPCache.c; sourceTree = ""; }; + DCC78CA11D8085D800865A7C /* SecOCSPCache.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOCSPCache.h; sourceTree = ""; }; + DCC78CA21D8085D800865A7C /* SecOCSPRequest.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecOCSPRequest.c; sourceTree = ""; }; + DCC78CA31D8085D800865A7C /* SecOCSPRequest.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOCSPRequest.h; sourceTree = ""; }; + DCC78CA41D8085D800865A7C /* SecOCSPResponse.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecOCSPResponse.c; sourceTree = ""; }; + DCC78CA51D8085D800865A7C /* SecOCSPResponse.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOCSPResponse.h; sourceTree = ""; }; + DCC78CA61D8085D800865A7C /* SecPolicyServer.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecPolicyServer.c; sourceTree = ""; }; + DCC78CA71D8085D800865A7C /* SecPolicyServer.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecPolicyServer.h; sourceTree = ""; }; + DCC78CA81D8085D800865A7C /* SecTrustServer.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = SecTrustServer.c; sourceTree = ""; }; + DCC78CA91D8085D800865A7C /* SecTrustServer.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecTrustServer.h; sourceTree = ""; }; + DCC78CAA1D8085D800865A7C /* SOSCloudCircleServer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = SOSCloudCircleServer.c; sourceTree = ""; }; + DCC78CAB1D8085D800865A7C /* SOSCloudCircleServer.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSCloudCircleServer.h; sourceTree = ""; }; + DCC78CAC1D8085D800865A7C /* SecTrustStoreServer.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecTrustStoreServer.c; sourceTree = ""; }; + DCC78CAD1D8085D800865A7C /* SecTrustStoreServer.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecTrustStoreServer.h; sourceTree = ""; }; + DCC78CAE1D8085D800865A7C /* SecLogSettingsServer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecLogSettingsServer.c; sourceTree = ""; }; + DCC78CAF1D8085D800865A7C /* SecLogSettingsServer.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecLogSettingsServer.h; sourceTree = ""; }; + DCC78CB01D8085D800865A7C /* spi.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = spi.c; sourceTree = ""; }; + DCC78CB11D8085D800865A7C /* spi.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = spi.h; sourceTree = ""; }; + DCC78CB21D8085D800865A7C /* iCloudTrace.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = iCloudTrace.h; sourceTree = ""; }; + DCC78CB31D8085D800865A7C /* iCloudTrace.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = iCloudTrace.c; sourceTree = ""; }; + DCC78CB41D8085D800865A7C /* SecOTRRemote.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecOTRRemote.c; sourceTree = ""; }; + DCC78CB51D8085D800865A7C /* SecOTRRemote.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecOTRRemote.h; sourceTree = ""; }; + DCC78CF61D8085F200865A7C /* SOSCloudKeychainClient.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = SOSCloudKeychainClient.c; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.c; }; + DCC78CF71D8085F200865A7C /* SOSCloudKeychainClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = SOSCloudKeychainClient.h; sourceTree = ""; }; + DCC78CF91D8085F200865A7C /* SOSCloudKeychainConstants.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSCloudKeychainConstants.h; sourceTree = ""; }; + DCC78CFD1D8085F200865A7C /* sc-20-keynames.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-20-keynames.c"; sourceTree = ""; }; + DCC78CFE1D8085F200865A7C /* sc-25-soskeygen.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-25-soskeygen.c"; sourceTree = ""; }; + DCC78CFF1D8085F200865A7C /* sc-30-peerinfo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-30-peerinfo.c"; sourceTree = ""; }; + DCC78D001D8085F200865A7C /* sc-31-peerinfo-simplefuzz.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-31-peerinfo-simplefuzz.c"; sourceTree = ""; }; + DCC78D011D8085F200865A7C /* sc-40-circle.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-40-circle.c"; sourceTree = ""; }; + DCC78D021D8085F200865A7C /* sc-42-circlegencount.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-42-circlegencount.c"; sourceTree = ""; }; + DCC78D031D8085F200865A7C /* sc-45-digestvector.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-45-digestvector.c"; sourceTree = ""; }; + DCC78D041D8085F200865A7C /* sc-130-resignationticket.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-130-resignationticket.c"; sourceTree = ""; }; + DCC78D051D8085F200865A7C /* sc-140-hsa2.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = "sc-140-hsa2.c"; sourceTree = ""; }; + DCC78D061D8085F200865A7C /* sc-150-ring.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-150-ring.c"; sourceTree = ""; }; + DCC78D071D8085F200865A7C /* sc-150-backupkeyderivation.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-150-backupkeyderivation.c"; sourceTree = ""; }; + DCC78D081D8085F200865A7C /* sc-153-backupslicekeybag.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "sc-153-backupslicekeybag.c"; sourceTree = ""; }; + DCC78D091D8085F200865A7C /* SOSCircle_regressions.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSCircle_regressions.h; sourceTree = ""; }; + DCC78D0A1D8085F200865A7C /* SOSRegressionUtilities.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSRegressionUtilities.c; sourceTree = ""; }; + DCC78D0B1D8085F200865A7C /* SOSRegressionUtilities.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSRegressionUtilities.h; sourceTree = ""; }; + DCC78D0C1D8085F200865A7C /* SOSTestDataSource.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTestDataSource.c; sourceTree = ""; }; + DCC78D0D1D8085F200865A7C /* SOSTestDataSource.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSTestDataSource.h; sourceTree = ""; }; + DCC78D0E1D8085F200865A7C /* SOSTestDevice.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTestDevice.c; sourceTree = ""; }; + DCC78D0F1D8085F200865A7C /* SOSTestDevice.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTestDevice.h; sourceTree = ""; }; + DCC78D111D8085F200865A7C /* SOSExports.exp-in */ = {isa = PBXFileReference; lastKnownFileType = text; lineEnding = 0; path = "SOSExports.exp-in"; sourceTree = ""; }; + DCC78D121D8085F200865A7C /* SOSAccount.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccount.c; sourceTree = ""; }; + DCC78D131D8085F200865A7C /* SOSAccount.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSAccount.h; sourceTree = ""; }; + DCC78D141D8085F200865A7C /* SOSAccountTransaction.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountTransaction.c; sourceTree = ""; }; + DCC78D151D8085F200865A7C /* SOSAccountTransaction.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSAccountTransaction.h; sourceTree = ""; }; + DCC78D161D8085F200865A7C /* SOSAccountBackup.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountBackup.c; sourceTree = ""; }; + DCC78D171D8085F200865A7C /* SOSAccountCircles.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountCircles.c; sourceTree = ""; }; + DCC78D181D8085F200865A7C /* SOSAccountHSAJoin.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountHSAJoin.c; sourceTree = ""; }; + DCC78D191D8085F200865A7C /* SOSAccountHSAJoin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSAccountHSAJoin.h; sourceTree = ""; }; + DCC78D1A1D8085F200865A7C /* SOSAccountCloudParameters.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountCloudParameters.c; sourceTree = ""; }; + DCC78D1B1D8085F200865A7C /* SOSAccountCredentials.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountCredentials.c; sourceTree = ""; }; + DCC78D1C1D8085F200865A7C /* SOSAccountDer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountDer.c; sourceTree = ""; }; + DCC78D1D1D8085F200865A7C /* SOSAccountFullPeerInfo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountFullPeerInfo.c; sourceTree = ""; }; + DCC78D1E1D8085F200865A7C /* SOSAccountPeers.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountPeers.c; sourceTree = ""; }; + DCC78D1F1D8085F200865A7C /* SOSAccountPersistence.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountPersistence.c; sourceTree = ""; }; + DCC78D201D8085F200865A7C /* SOSAccountLog.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SOSAccountLog.c; sourceTree = ""; }; + DCC78D211D8085F200865A7C /* SOSAccountLog.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSAccountLog.h; sourceTree = ""; }; + DCC78D221D8085F200865A7C /* SOSAccountPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSAccountPriv.h; sourceTree = ""; }; + DCC78D231D8085F200865A7C /* SOSAccountUpdate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountUpdate.c; sourceTree = ""; }; + DCC78D241D8085F200865A7C /* SOSAccountRings.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountRings.c; sourceTree = ""; }; + DCC78D251D8085F200865A7C /* SOSAccountRingUpdate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountRingUpdate.c; sourceTree = ""; }; + DCC78D261D8085F200865A7C /* SOSAccountViewSync.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountViewSync.c; sourceTree = ""; }; + DCC78D271D8085F200865A7C /* SOSBackupEvent.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSBackupEvent.c; sourceTree = ""; }; + DCC78D281D8085F200865A7C /* SOSBackupEvent.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSBackupEvent.h; sourceTree = ""; }; + DCC78D291D8085F200865A7C /* SOSBackupSliceKeyBag.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSBackupSliceKeyBag.c; sourceTree = ""; }; + DCC78D2A1D8085F200865A7C /* SOSBackupSliceKeyBag.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSBackupSliceKeyBag.h; sourceTree = ""; }; + DCC78D2B1D8085F200865A7C /* SOSUserKeygen.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSUserKeygen.c; sourceTree = ""; }; + DCC78D2C1D8085F200865A7C /* SOSUserKeygen.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSUserKeygen.h; sourceTree = ""; }; + DCC78D2E1D8085F200865A7C /* SOSCircle.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSCircle.c; sourceTree = ""; }; + DCC78D2F1D8085F200865A7C /* SOSCircleV2.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSCircleV2.c; sourceTree = ""; }; + DCC78D301D8085F200865A7C /* SOSCircleV2.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSCircleV2.h; sourceTree = ""; }; + DCC78D311D8085F200865A7C /* SOSCirclePriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSCirclePriv.h; sourceTree = ""; }; + DCC78D321D8085F200865A7C /* SOSCircle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSCircle.h; sourceTree = ""; }; + DCC78D331D8085F200865A7C /* SOSCircleRings.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSCircleRings.h; sourceTree = ""; }; + DCC78D341D8085F200865A7C /* SOSCircleDer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSCircleDer.h; sourceTree = ""; }; + DCC78D351D8085F200865A7C /* SOSCircleDer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSCircleDer.c; sourceTree = ""; }; + DCC78D361D8085F200865A7C /* SOSConcordanceTrust.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSConcordanceTrust.h; sourceTree = ""; }; + DCC78D371D8085F200865A7C /* SOSGenCount.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSGenCount.c; sourceTree = ""; }; + DCC78D381D8085F200865A7C /* SOSGenCount.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSGenCount.h; sourceTree = ""; }; + DCC78D391D8085F200865A7C /* SOSRing.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSRing.h; sourceTree = ""; }; + DCC78D3A1D8085F200865A7C /* SOSRingBackup.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSRingBackup.c; sourceTree = ""; }; + DCC78D3B1D8085F200865A7C /* SOSRingBackup.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSRingBackup.h; sourceTree = ""; }; + DCC78D3C1D8085F200865A7C /* SOSRingBasic.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSRingBasic.c; sourceTree = ""; }; + DCC78D3D1D8085F200865A7C /* SOSRingBasic.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSRingBasic.h; sourceTree = ""; }; + DCC78D3E1D8085F200865A7C /* SOSRingConcordanceTrust.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSRingConcordanceTrust.c; sourceTree = ""; }; + DCC78D3F1D8085F200865A7C /* SOSRingConcordanceTrust.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSRingConcordanceTrust.h; sourceTree = ""; }; + DCC78D401D8085F200865A7C /* SOSRingDER.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSRingDER.c; sourceTree = ""; }; + DCC78D411D8085F200865A7C /* SOSRingDER.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSRingDER.h; sourceTree = ""; }; + DCC78D421D8085F200865A7C /* SOSRingPeerInfoUtils.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSRingPeerInfoUtils.c; sourceTree = ""; }; + DCC78D431D8085F200865A7C /* SOSRingPeerInfoUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSRingPeerInfoUtils.h; sourceTree = ""; }; + DCC78D441D8085F200865A7C /* SOSRingTypes.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSRingTypes.c; sourceTree = ""; }; + DCC78D451D8085F200865A7C /* SOSRingTypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSRingTypes.h; sourceTree = ""; }; + DCC78D461D8085F200865A7C /* SOSRingUtils.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSRingUtils.c; sourceTree = ""; }; + DCC78D471D8085F200865A7C /* SOSRingUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSRingUtils.h; sourceTree = ""; }; + DCC78D481D8085F200865A7C /* SOSRingV0.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSRingV0.c; sourceTree = ""; }; + DCC78D491D8085F200865A7C /* SOSRingV0.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSRingV0.h; sourceTree = ""; }; + DCC78D4A1D8085F200865A7C /* SOSViews.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSViews.c; sourceTree = ""; }; + DCC78D4B1D8085F200865A7C /* SOSViews.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSViews.h; sourceTree = ""; }; + DCC78D4C1D8085F200865A7C /* ViewList.list */ = {isa = PBXFileReference; lastKnownFileType = text; path = ViewList.list; sourceTree = ""; }; + DCC78D4D1D8085F200865A7C /* SOSViews.exp-in */ = {isa = PBXFileReference; lastKnownFileType = text; path = "SOSViews.exp-in"; sourceTree = ""; }; + DCC78D4F1D8085F200865A7C /* SOSChangeTracker.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSChangeTracker.c; sourceTree = ""; }; + DCC78D501D8085F200865A7C /* SOSChangeTracker.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSChangeTracker.h; sourceTree = ""; }; + DCC78D511D8085F200865A7C /* SOSCoder.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSCoder.c; sourceTree = ""; }; + DCC78D521D8085F200865A7C /* SOSCoder.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSCoder.h; sourceTree = ""; }; + DCC78D531D8085F200865A7C /* SOSDataSource.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSDataSource.h; sourceTree = ""; }; + DCC78D541D8085F200865A7C /* SOSDigestVector.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SOSDigestVector.c; sourceTree = ""; }; + DCC78D551D8085F200865A7C /* SOSDigestVector.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSDigestVector.h; sourceTree = ""; }; + DCC78D561D8085F200865A7C /* SOSEngine.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSEngine.c; sourceTree = ""; }; + DCC78D571D8085F200865A7C /* SOSEngine.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSEngine.h; sourceTree = ""; }; + DCC78D581D8085F200865A7C /* SOSManifest.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSManifest.c; sourceTree = ""; }; + DCC78D591D8085F200865A7C /* SOSManifest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSManifest.h; sourceTree = ""; }; + DCC78D5A1D8085F200865A7C /* SOSMessage.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSMessage.c; sourceTree = ""; }; + DCC78D5B1D8085F200865A7C /* SOSMessage.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSMessage.h; sourceTree = ""; }; + DCC78D5C1D8085F200865A7C /* SOSPeer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSPeer.c; sourceTree = ""; }; + DCC78D5D1D8085F200865A7C /* SOSPeer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSPeer.h; sourceTree = ""; }; + DCC78D5E1D8085F200865A7C /* SOSPeerCoder.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSPeerCoder.c; sourceTree = ""; }; + DCC78D5F1D8085F200865A7C /* SOSPeerCoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSPeerCoder.h; sourceTree = ""; }; + DCC78D611D8085F200865A7C /* SOSFullPeerInfo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSFullPeerInfo.c; sourceTree = ""; }; + DCC78D621D8085F200865A7C /* SOSFullPeerInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSFullPeerInfo.h; sourceTree = ""; }; + DCC78D631D8085F200865A7C /* SOSPeerInfo.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSPeerInfo.c; sourceTree = ""; }; + DCC78D641D8085F200865A7C /* SOSPeerInfo.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSPeerInfo.h; sourceTree = ""; }; + DCC78D651D8085F200865A7C /* SOSPeerInfoDER.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSPeerInfoDER.c; sourceTree = ""; }; + DCC78D661D8085F200865A7C /* SOSPeerInfoDER.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSPeerInfoDER.h; sourceTree = ""; }; + DCC78D671D8085F200865A7C /* SOSPeerInfoV2.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSPeerInfoV2.c; sourceTree = ""; }; + DCC78D681D8085F200865A7C /* SOSPeerInfoV2.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSPeerInfoV2.h; sourceTree = ""; }; + DCC78D691D8085F200865A7C /* SOSPeerInfoPriv.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSPeerInfoPriv.h; sourceTree = ""; }; + DCC78D6A1D8085F200865A7C /* SOSPeerInfoCollections.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSPeerInfoCollections.c; sourceTree = ""; }; + DCC78D6B1D8085F200865A7C /* SOSPeerInfoCollections.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSPeerInfoCollections.h; sourceTree = ""; }; + DCC78D6C1D8085F200865A7C /* SOSPeerInfoInternal.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSPeerInfoInternal.h; sourceTree = ""; }; + DCC78D6D1D8085F200865A7C /* SOSPeerInfoRingState.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSPeerInfoRingState.c; sourceTree = ""; }; + DCC78D6E1D8085F200865A7C /* SOSPeerInfoRingState.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSPeerInfoRingState.h; sourceTree = ""; }; + DCC78D6F1D8085F200865A7C /* SOSPeerInfoSecurityProperties.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSPeerInfoSecurityProperties.c; sourceTree = ""; }; + DCC78D701D8085F200865A7C /* SOSPeerInfoSecurityProperties.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSPeerInfoSecurityProperties.h; sourceTree = ""; }; + DCC78D721D8085F200865A7C /* SOSKVSKeys.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSKVSKeys.c; sourceTree = ""; }; + DCC78D731D8085F200865A7C /* SOSKVSKeys.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSKVSKeys.h; sourceTree = ""; }; + DCC78D741D8085F200865A7C /* SOSTransport.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTransport.c; sourceTree = ""; }; + DCC78D751D8085F200865A7C /* SOSTransport.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTransport.h; sourceTree = ""; }; + DCC78D761D8085F200865A7C /* SOSTransportBackupPeer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTransportBackupPeer.c; sourceTree = ""; }; + DCC78D771D8085F200865A7C /* SOSTransportBackupPeer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTransportBackupPeer.h; sourceTree = ""; }; + DCC78D781D8085F200865A7C /* SOSTransportCircle.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTransportCircle.c; sourceTree = ""; }; + DCC78D791D8085F200865A7C /* SOSTransportCircle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTransportCircle.h; sourceTree = ""; }; + DCC78D7A1D8085F200865A7C /* SOSTransportCircleKVS.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTransportCircleKVS.c; sourceTree = ""; }; + DCC78D7B1D8085F200865A7C /* SOSTransportCircleKVS.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTransportCircleKVS.h; sourceTree = ""; }; + DCC78D7C1D8085F200865A7C /* SOSTransportKeyParameter.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTransportKeyParameter.c; sourceTree = ""; }; + DCC78D7D1D8085F200865A7C /* SOSTransportKeyParameter.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTransportKeyParameter.h; sourceTree = ""; }; + DCC78D7E1D8085F200865A7C /* SOSTransportKeyParameterKVS.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTransportKeyParameterKVS.c; sourceTree = ""; }; + DCC78D7F1D8085F200865A7C /* SOSTransportKeyParameterKVS.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTransportKeyParameterKVS.h; sourceTree = ""; }; + DCC78D801D8085F200865A7C /* SOSTransportMessage.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTransportMessage.c; sourceTree = ""; }; + DCC78D811D8085F200865A7C /* SOSTransportMessage.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTransportMessage.h; sourceTree = ""; }; + DCC78D821D8085F200865A7C /* SOSTransportMessageIDS.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTransportMessageIDS.c; sourceTree = ""; }; + DCC78D831D8085F200865A7C /* SOSTransportMessageIDS.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTransportMessageIDS.h; sourceTree = ""; }; + DCC78D841D8085F200865A7C /* SOSTransportMessageKVS.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSTransportMessageKVS.c; sourceTree = ""; }; + DCC78D851D8085F200865A7C /* SOSTransportMessageKVS.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSTransportMessageKVS.h; sourceTree = ""; }; + DCC78D871D8085F200865A7C /* SOSARCDefines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSARCDefines.h; sourceTree = ""; }; + DCC78D881D8085F200865A7C /* SOSECWrapUnwrap.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSECWrapUnwrap.c; sourceTree = ""; }; + DCC78D891D8085F200865A7C /* SOSCloudCircle.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = SOSCloudCircle.c; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.c; }; + DCC78D8A1D8085F200865A7C /* SOSCloudCircle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSCloudCircle.h; sourceTree = ""; }; + DCC78D8B1D8085F200865A7C /* SOSCloudCircleInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = SOSCloudCircleInternal.h; sourceTree = ""; }; + DCC78D8C1D8085F200865A7C /* SOSSysdiagnose.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSSysdiagnose.c; sourceTree = ""; }; + DCC78D8D1D8085F200865A7C /* SOSInternal.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSInternal.c; sourceTree = ""; }; + DCC78D8E1D8085F200865A7C /* SOSInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSInternal.h; sourceTree = ""; }; + DCC78D8F1D8085F200865A7C /* SOSTypes.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SOSTypes.h; sourceTree = ""; }; + DCC78D901D8085F200865A7C /* SOSPlatform.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSPlatform.h; sourceTree = ""; }; + DCC78D921D8085F200865A7C /* secToolFileIO.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = secToolFileIO.h; sourceTree = ""; }; + DCC78D931D8085F200865A7C /* secToolFileIO.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = secToolFileIO.c; sourceTree = ""; }; + DCC78D961D8085F200865A7C /* keychain_sync.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = keychain_sync.h; sourceTree = ""; }; + DCC78D971D8085F200865A7C /* keychain_sync.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = keychain_sync.c; sourceTree = ""; }; + DCC78D981D8085F200865A7C /* keychain_sync_test.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychain_sync_test.h; sourceTree = ""; }; + DCC78D991D8085F200865A7C /* keychain_sync_test.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = keychain_sync_test.m; sourceTree = ""; }; + DCC78D9A1D8085F200865A7C /* keychain_log.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychain_log.h; sourceTree = ""; }; + DCC78D9B1D8085F200865A7C /* keychain_log.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_log.c; sourceTree = ""; }; + DCC78D9C1D8085F200865A7C /* syncbackup.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = syncbackup.h; sourceTree = ""; }; + DCC78D9D1D8085F200865A7C /* syncbackup.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = syncbackup.c; sourceTree = ""; }; + DCC78D9E1D8085F200865A7C /* secViewDisplay.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = secViewDisplay.c; sourceTree = ""; }; + DCC78D9F1D8085F200865A7C /* secViewDisplay.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = secViewDisplay.h; sourceTree = ""; }; + DCC78DA21D8085FC00865A7C /* Security_regressions.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = Security_regressions.h; path = Regressions/Security_regressions.h; sourceTree = ""; }; + DCC78DA31D8085FC00865A7C /* shared_regressions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = shared_regressions.h; path = ../../shared_regressions/shared_regressions.h; sourceTree = ""; }; + DCC78DA41D8085FC00865A7C /* pbkdf2-00-hmac-sha1.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "pbkdf2-00-hmac-sha1.c"; sourceTree = ""; }; + DCC78DA51D8085FC00865A7C /* spbkdf-00-hmac-sha1.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "spbkdf-00-hmac-sha1.c"; sourceTree = ""; }; + DCC78DA71D8085FC00865A7C /* otr-00-identity.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "otr-00-identity.c"; sourceTree = ""; }; + DCC78DA81D8085FC00865A7C /* otr-30-negotiation.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "otr-30-negotiation.c"; sourceTree = ""; }; + DCC78DA91D8085FC00865A7C /* otr-40-edgecases.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "otr-40-edgecases.c"; sourceTree = ""; }; + DCC78DAA1D8085FC00865A7C /* otr-50-roll.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "otr-50-roll.c"; sourceTree = ""; }; + DCC78DAB1D8085FC00865A7C /* otr-60-slowroll.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "otr-60-slowroll.c"; sourceTree = ""; }; + DCC78DAC1D8085FC00865A7C /* otr-otrdh.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "otr-otrdh.c"; sourceTree = ""; }; + DCC78DAD1D8085FC00865A7C /* otr-packetdata.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "otr-packetdata.c"; sourceTree = ""; }; + DCC78DAF1D8085FC00865A7C /* si-00-find-nothing.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-00-find-nothing.c"; sourceTree = ""; }; + DCC78DB01D8085FC00865A7C /* si-05-add.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-05-add.c"; sourceTree = ""; }; + DCC78DB11D8085FC00865A7C /* si-10-find-internet.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-10-find-internet.c"; sourceTree = ""; }; + DCC78DB21D8085FC00865A7C /* si-11-update-data.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-11-update-data.c"; sourceTree = ""; }; + DCC78DB31D8085FC00865A7C /* si-12-item-stress.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-12-item-stress.c"; sourceTree = ""; }; + DCC78DB41D8085FC00865A7C /* si-13-item-system.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "si-13-item-system.m"; sourceTree = ""; }; + DCC78DB51D8085FC00865A7C /* si-14-dateparse.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-14-dateparse.c"; sourceTree = ""; }; + DCC78DB61D8085FC00865A7C /* si-15-delete-access-group.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "si-15-delete-access-group.m"; sourceTree = ""; }; + DCC78DB71D8085FC00865A7C /* si-15-certificate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-15-certificate.c"; sourceTree = ""; }; + DCC78DB81D8085FC00865A7C /* si-16-ec-certificate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-16-ec-certificate.c"; sourceTree = ""; }; + DCC78DB91D8085FC00865A7C /* si-17-item-system-bluetooth.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "si-17-item-system-bluetooth.m"; sourceTree = ""; }; + DCC78DBA1D8085FC00865A7C /* si-20-sectrust-policies.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "si-20-sectrust-policies.m"; path = "../../../../shared_regressions/si-20-sectrust-policies.m"; sourceTree = ""; }; + DCC78DBB1D8085FC00865A7C /* si-20-sectrust.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-20-sectrust.c"; sourceTree = ""; }; + DCC78DBC1D8085FC00865A7C /* si-20-sectrust.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-20-sectrust.h"; sourceTree = ""; }; + DCC78DBD1D8085FC00865A7C /* si-21-sectrust-asr.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-21-sectrust-asr.c"; sourceTree = ""; }; + DCC78DBE1D8085FC00865A7C /* si-22-sectrust-iap.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-22-sectrust-iap.c"; sourceTree = ""; }; + DCC78DBF1D8085FC00865A7C /* si-22-sectrust-iap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-22-sectrust-iap.h"; sourceTree = ""; }; + DCC78DC01D8085FC00865A7C /* si-23-sectrust-ocsp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-23-sectrust-ocsp.c"; sourceTree = ""; }; + DCC78DC11D8085FC00865A7C /* si-24-sectrust-digicert-malaysia.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-24-sectrust-digicert-malaysia.c"; sourceTree = ""; }; + DCC78DC21D8085FC00865A7C /* si-24-sectrust-diginotar.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-24-sectrust-diginotar.c"; sourceTree = ""; }; + DCC78DC31D8085FC00865A7C /* si-24-sectrust-itms.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-24-sectrust-itms.c"; sourceTree = ""; }; + DCC78DC41D8085FC00865A7C /* si-24-sectrust-nist.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-24-sectrust-nist.c"; sourceTree = ""; }; + DCC78DC51D8085FC00865A7C /* si-24-sectrust-passbook.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-24-sectrust-passbook.c"; sourceTree = ""; }; + DCC78DC61D8085FC00865A7C /* si-26-sectrust-copyproperties.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-26-sectrust-copyproperties.c"; sourceTree = ""; }; + DCC78DC71D8085FC00865A7C /* si-27-sectrust-exceptions.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-27-sectrust-exceptions.c"; sourceTree = ""; }; + DCC78DC81D8085FC00865A7C /* si-28-sectrustsettings.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "si-28-sectrustsettings.m"; sourceTree = ""; }; + DCC78DC91D8085FC00865A7C /* si-28-sectrustsettings.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-28-sectrustsettings.h"; sourceTree = ""; }; + DCC78DCA1D8085FC00865A7C /* si-30-keychain-upgrade.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-30-keychain-upgrade.c"; sourceTree = ""; }; + DCC78DCB1D8085FC00865A7C /* si-31-keychain-bad.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-31-keychain-bad.c"; sourceTree = ""; }; + DCC78DCC1D8085FC00865A7C /* si-31-keychain-unreadable.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-31-keychain-unreadable.c"; sourceTree = ""; }; + DCC78DCD1D8085FC00865A7C /* si-33-keychain-backup.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-33-keychain-backup.c"; sourceTree = ""; }; + DCC78DCE1D8085FC00865A7C /* si-40-seckey-custom.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-40-seckey-custom.c"; sourceTree = ""; }; + DCC78DCF1D8085FC00865A7C /* si-40-seckey.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-40-seckey.c"; sourceTree = ""; }; + DCC78DD01D8085FC00865A7C /* si-41-sececkey.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-41-sececkey.c"; sourceTree = ""; }; + DCC78DD11D8085FC00865A7C /* si-42-identity.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-42-identity.c"; sourceTree = ""; }; + DCC78DD21D8085FC00865A7C /* si-43-persistent.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-43-persistent.c"; sourceTree = ""; }; + DCC78DD31D8085FC00865A7C /* si-44-seckey-gen.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "si-44-seckey-gen.m"; path = "../../../../shared_regressions/si-44-seckey-gen.m"; sourceTree = ""; }; + DCC78DD41D8085FC00865A7C /* si-44-seckey-rsa.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "si-44-seckey-rsa.m"; path = "../../../../shared_regressions/si-44-seckey-rsa.m"; sourceTree = ""; }; + DCC78DD51D8085FC00865A7C /* si-44-seckey-ec.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "si-44-seckey-ec.m"; path = "../../../../shared_regressions/si-44-seckey-ec.m"; sourceTree = ""; }; + DCC78DD61D8085FC00865A7C /* si-44-seckey-ies.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "si-44-seckey-ies.m"; path = "../../../../shared_regressions/si-44-seckey-ies.m"; sourceTree = ""; }; + DCC78DD71D8085FC00865A7C /* si-50-secrandom.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-50-secrandom.c"; sourceTree = ""; }; + DCC78DD81D8085FC00865A7C /* si-60-cms.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-60-cms.c"; sourceTree = ""; }; + DCC78DD91D8085FC00865A7C /* si-61-pkcs12.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-61-pkcs12.c"; sourceTree = ""; }; + DCC78DDA1D8085FC00865A7C /* si-62-csr.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-62-csr.c"; sourceTree = ""; }; + DCC78DDB1D8085FC00865A7C /* getcacert-mdes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "getcacert-mdes.h"; sourceTree = ""; }; + DCC78DDC1D8085FC00865A7C /* getcacert-mdesqa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "getcacert-mdesqa.h"; sourceTree = ""; }; + DCC78DDE1D8085FC00865A7C /* si-63-scep.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-63-scep.c"; sourceTree = ""; }; + DCC78DDF1D8085FC00865A7C /* si-63-scep.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-63-scep.h"; sourceTree = ""; }; + DCC78DE01D8085FC00865A7C /* attached_no_data_signed_data.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = attached_no_data_signed_data.h; sourceTree = ""; }; + DCC78DE11D8085FC00865A7C /* attached_signed_data.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = attached_signed_data.h; sourceTree = ""; }; + DCC78DE21D8085FC00865A7C /* detached_content.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = detached_content.h; sourceTree = ""; }; + DCC78DE31D8085FC00865A7C /* detached_signed_data.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = detached_signed_data.h; sourceTree = ""; }; + DCC78DE41D8085FC00865A7C /* privkey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = privkey.h; sourceTree = ""; }; + DCC78DE51D8085FC00865A7C /* signer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = signer.h; sourceTree = ""; }; + DCC78DE71D8085FC00865A7C /* si-64-ossl-cms.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-64-ossl-cms.c"; sourceTree = ""; }; + DCC78DE81D8085FC00865A7C /* si-65-cms-cert-policy.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-65-cms-cert-policy.c"; sourceTree = ""; }; + DCC78DE91D8085FC00865A7C /* signed-receipt.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "signed-receipt.h"; sourceTree = ""; }; + DCC78DEB1D8085FC00865A7C /* si-66-smime.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-66-smime.c"; sourceTree = ""; }; + DCC78DEC1D8085FC00865A7C /* Global Trustee.cer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "Global Trustee.cer.h"; sourceTree = ""; }; + DCC78DED1D8085FC00865A7C /* UTN-USERFirst-Hardware.cer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "UTN-USERFirst-Hardware.cer.h"; sourceTree = ""; }; + DCC78DEE1D8085FC00865A7C /* addons.mozilla.org.cer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = addons.mozilla.org.cer.h; sourceTree = ""; }; + DCC78DEF1D8085FC00865A7C /* login.live.com.cer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = login.live.com.cer.h; sourceTree = ""; }; + DCC78DF01D8085FC00865A7C /* login.skype.com.cer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = login.skype.com.cer.h; sourceTree = ""; }; + DCC78DF11D8085FC00865A7C /* login.yahoo.com.1.cer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = login.yahoo.com.1.cer.h; sourceTree = ""; }; + DCC78DF21D8085FC00865A7C /* login.yahoo.com.2.cer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = login.yahoo.com.2.cer.h; sourceTree = ""; }; + DCC78DF31D8085FC00865A7C /* login.yahoo.com.cer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = login.yahoo.com.cer.h; sourceTree = ""; }; + DCC78DF41D8085FC00865A7C /* mail.google.com.cer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = mail.google.com.cer.h; sourceTree = ""; }; + DCC78DF51D8085FC00865A7C /* www.google.com.cer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = www.google.com.cer.h; sourceTree = ""; }; + DCC78DF71D8085FC00865A7C /* si-67-sectrust-blacklist.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-67-sectrust-blacklist.c"; sourceTree = ""; }; + DCC78DF81D8085FC00865A7C /* si-68-secmatchissuer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-68-secmatchissuer.c"; sourceTree = ""; }; + DCC78DF91D8085FC00865A7C /* si-69-keydesc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-69-keydesc.c"; sourceTree = ""; }; + DCC78DFA1D8085FC00865A7C /* si-70-sectrust-unified.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-70-sectrust-unified.c"; sourceTree = ""; }; + DCC78DFB1D8085FC00865A7C /* si-71-mobile-store-policy.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-71-mobile-store-policy.c"; sourceTree = ""; }; + DCC78DFC1D8085FC00865A7C /* si-72-syncableitems.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-72-syncableitems.c"; sourceTree = ""; }; + DCC78DFD1D8085FC00865A7C /* si-73-secpasswordgenerate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-73-secpasswordgenerate.c"; sourceTree = ""; }; + DCC78DFE1D8085FC00865A7C /* si-74-OTAPKISigner.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-74-OTAPKISigner.c"; sourceTree = ""; }; + DCC78DFF1D8085FC00865A7C /* si-76-shared-credentials.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-76-shared-credentials.c"; sourceTree = ""; }; + DCC78E001D8085FC00865A7C /* si_77_SecAccessControl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = si_77_SecAccessControl.c; sourceTree = ""; }; + DCC78E011D8085FC00865A7C /* si-78-query-attrs.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-78-query-attrs.c"; sourceTree = ""; }; + DCC78E021D8085FC00865A7C /* si-80-empty-data.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = "si-80-empty-data.c"; sourceTree = ""; }; + DCC78E031D8085FC00865A7C /* si-82-seccertificate-ct.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "si-82-seccertificate-ct.c"; path = "../../../../shared_regressions/si-82-seccertificate-ct.c"; sourceTree = ""; }; + DCC78E041D8085FC00865A7C /* si-82-sectrust-ct.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "si-82-sectrust-ct.m"; path = "../../../../shared_regressions/si-82-sectrust-ct.m"; sourceTree = ""; }; + DCC78E051D8085FC00865A7C /* si-82-token-ag.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-82-token-ag.c"; sourceTree = ""; }; + DCC78E061D8085FC00865A7C /* si-83-seccertificate-sighashalg.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-83-seccertificate-sighashalg.c"; sourceTree = ""; }; + DCC78E071D8085FC00865A7C /* si-85-sectrust-ssl-policy.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-85-sectrust-ssl-policy.c"; sourceTree = ""; }; + DCC78E081D8085FC00865A7C /* si-85-sectrust-ssl-policy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-85-sectrust-ssl-policy.h"; sourceTree = ""; }; + DCC78E091D8085FC00865A7C /* si-87-sectrust-name-constraints.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-87-sectrust-name-constraints.c"; sourceTree = ""; }; + DCC78E0A1D8085FC00865A7C /* si-87-sectrust-name-constraints.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-87-sectrust-name-constraints.h"; sourceTree = ""; }; + DCC78E0B1D8085FC00865A7C /* si-89-cms-hash-agility.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-89-cms-hash-agility.c"; sourceTree = ""; }; + DCC78E0C1D8085FC00865A7C /* si-89-cms-hash-agility.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-89-cms-hash-agility.h"; sourceTree = ""; }; + DCC78E0D1D8085FC00865A7C /* si-90-emcs.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "si-90-emcs.m"; sourceTree = ""; }; + DCC78E0E1D8085FC00865A7C /* si-95-cms-basic.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-95-cms-basic.c"; sourceTree = ""; }; + DCC78E0F1D8085FC00865A7C /* si-95-cms-basic.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-95-cms-basic.h"; sourceTree = ""; }; + DCC78E101D8085FC00865A7C /* si-97-sectrust-path-scoring.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "si-97-sectrust-path-scoring.m"; sourceTree = ""; }; + DCC78E111D8085FC00865A7C /* si-97-sectrust-path-scoring.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-97-sectrust-path-scoring.h"; sourceTree = ""; }; + DCC78E131D8085FC00865A7C /* vmdh-40.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "vmdh-40.c"; sourceTree = ""; }; + DCC78E141D8085FC00865A7C /* vmdh-41-example.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "vmdh-41-example.c"; sourceTree = ""; }; + DCC78E151D8085FC00865A7C /* vmdh-42-example2.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "vmdh-42-example2.c"; sourceTree = ""; }; + DCC78E171D8085FC00865A7C /* so_01_serverencryption.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = so_01_serverencryption.c; sourceTree = ""; }; + DCC78E191D8085FC00865A7C /* verify_cert.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = verify_cert.c; sourceTree = ""; }; + DCC78E1A1D8085FC00865A7C /* keychain_util.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = keychain_util.c; sourceTree = ""; }; + DCC78E1B1D8085FC00865A7C /* keychain_util.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = keychain_util.h; sourceTree = ""; }; + DCC78E1C1D8085FC00865A7C /* add_internet_password.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = add_internet_password.c; sourceTree = ""; }; + DCC78E1D1D8085FC00865A7C /* log_control.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = log_control.c; sourceTree = ""; }; + DCC78E1E1D8085FC00865A7C /* codesign.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = codesign.c; sourceTree = ""; }; + DCC78E1F1D8085FC00865A7C /* keychain_add.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_add.c; sourceTree = ""; }; + DCC78E201D8085FC00865A7C /* keychain_find.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_find.c; sourceTree = ""; }; + DCC78E211D8085FC00865A7C /* keychain_backup.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = keychain_backup.c; path = ../Security/Tool/keychain_backup.c; sourceTree = ""; }; + DCC78E221D8085FC00865A7C /* pkcs12_util.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = pkcs12_util.c; sourceTree = ""; }; + DCC78E231D8085FC00865A7C /* scep.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = scep.c; sourceTree = ""; }; + DCC78E241D8085FC00865A7C /* SecurityCommands.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecurityCommands.h; sourceTree = ""; }; + DCC78E251D8085FC00865A7C /* show_certificates.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = show_certificates.c; sourceTree = ""; }; + DCC78E261D8085FC00865A7C /* spc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = spc.c; sourceTree = ""; }; + DCC78E281D8085FC00865A7C /* AppleBaselineEscrowCertificates.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AppleBaselineEscrowCertificates.h; sourceTree = ""; }; + DCC78E2A1D8085FC00865A7C /* p12import.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = p12import.c; sourceTree = ""; }; + DCC78E2C1D8085FC00865A7C /* p12pbegen.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = p12pbegen.c; sourceTree = ""; }; + DCC78E2E1D8085FC00865A7C /* pbkdf2.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = pbkdf2.c; sourceTree = ""; }; + DCC78E301D8085FC00865A7C /* SecAccessControl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecAccessControl.c; sourceTree = ""; }; + DCC78E321D8085FC00865A7C /* SecAccessControlExports.exp-in */ = {isa = PBXFileReference; lastKnownFileType = text; path = "SecAccessControlExports.exp-in"; sourceTree = ""; }; + DCC78E351D8085FC00865A7C /* SecBase64.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecBase64.c; sourceTree = ""; }; + DCC78E381D8085FC00865A7C /* SecCertificate.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecCertificate.c; sourceTree = ""; }; + DCC78E3B1D8085FC00865A7C /* SecCertificatePath.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecCertificatePath.c; sourceTree = ""; }; + DCC78E3E1D8085FC00865A7C /* SecCertificateRequest.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecCertificateRequest.c; sourceTree = ""; }; + DCC78E401D8085FC00865A7C /* SecCFAllocator.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecCFAllocator.c; sourceTree = ""; }; + DCC78E421D8085FC00865A7C /* SecCMS.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecCMS.c; sourceTree = ""; }; + DCC78E441D8085FC00865A7C /* SecCTKKey.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecCTKKey.c; sourceTree = ""; }; + DCC78E451D8085FC00865A7C /* SecCTKKeyPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCTKKeyPriv.h; sourceTree = ""; }; + DCC78E461D8085FC00865A7C /* SecDH.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecDH.c; sourceTree = ""; }; + DCC78E481D8085FC00865A7C /* SecDigest.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecDigest.c; sourceTree = ""; }; + DCC78E491D8085FC00865A7C /* SecECKey.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecECKey.c; sourceTree = ""; }; + DCC78E4C1D8085FC00865A7C /* SecEMCS.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SecEMCS.m; sourceTree = ""; }; + DCC78E4E1D8085FC00865A7C /* SecExports.exp-in */ = {isa = PBXFileReference; lastKnownFileType = text; path = "SecExports.exp-in"; sourceTree = ""; }; + DCC78E4F1D8085FC00865A7C /* SecFramework.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecFramework.c; sourceTree = ""; }; + DCC78E521D8085FC00865A7C /* SecIdentity.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecIdentity.c; sourceTree = ""; }; + DCC78E551D8085FC00865A7C /* SecImportExport.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecImportExport.c; sourceTree = ""; }; + DCC78E581D8085FC00865A7C /* SecItem.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecItem.c; sourceTree = ""; }; + DCC78E5A1D8085FC00865A7C /* SecItemBackup.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecItemBackup.c; sourceTree = ""; }; + DCC78E5C1D8085FC00865A7C /* SecItemConstants.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecItemConstants.c; sourceTree = ""; }; + DCC78E5F1D8085FC00865A7C /* SecItemShim.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecItemShim.h; sourceTree = ""; }; + DCC78E601D8085FC00865A7C /* SecKey.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecKey.c; sourceTree = ""; }; + DCC78E621D8085FC00865A7C /* SecKeyAdaptors.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecKeyAdaptors.c; sourceTree = ""; }; + DCC78E651D8085FC00865A7C /* SecLogging.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecLogging.c; sourceTree = ""; }; + DCC78E661D8085FC00865A7C /* SecLogging.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecLogging.h; sourceTree = ""; }; + DCC78E671D8085FC00865A7C /* SecOnOSX.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecOnOSX.h; sourceTree = ""; }; + DCC78E691D8085FC00865A7C /* SecOTRDHKey.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecOTRDHKey.c; sourceTree = ""; }; + DCC78E6C1D8085FC00865A7C /* SecOTRFullIdentity.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecOTRFullIdentity.c; sourceTree = ""; }; + DCC78E6E1D8085FC00865A7C /* SecOTRMath.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecOTRMath.c; sourceTree = ""; }; + DCC78E701D8085FC00865A7C /* SecOTRPacketData.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecOTRPacketData.c; sourceTree = ""; }; + DCC78E721D8085FC00865A7C /* SecOTRPackets.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecOTRPackets.c; sourceTree = ""; }; + DCC78E741D8085FC00865A7C /* SecOTRPublicIdentity.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecOTRPublicIdentity.c; sourceTree = ""; }; + DCC78E751D8085FC00865A7C /* SecOTRSession.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecOTRSession.c; sourceTree = ""; }; + DCC78E771D8085FC00865A7C /* SecOTRSessionAKE.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecOTRSessionAKE.c; sourceTree = ""; }; + DCC78E791D8085FC00865A7C /* SecOTRUtils.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecOTRUtils.c; sourceTree = ""; }; + DCC78E7A1D8085FC00865A7C /* SecPasswordGenerate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecPasswordGenerate.c; sourceTree = ""; }; + DCC78E7C1D8085FC00865A7C /* SecPBKDF.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecPBKDF.c; sourceTree = ""; }; + DCC78E7E1D8085FC00865A7C /* SecPolicy.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecPolicy.c; sourceTree = ""; }; + DCC78E7F1D8085FC00865A7C /* SecPolicyLeafCallbacks.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecPolicyLeafCallbacks.c; sourceTree = ""; }; + DCC78E811D8085FC00865A7C /* SecPolicyCerts.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecPolicyCerts.h; sourceTree = ""; }; + DCC78E851D8085FC00865A7C /* SecRSAKey.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecRSAKey.c; sourceTree = ""; }; + DCC78E881D8085FC00865A7C /* SecSCEP.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecSCEP.c; sourceTree = ""; }; + DCC78E8A1D8085FC00865A7C /* SecServerEncryptionSupport.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecServerEncryptionSupport.c; sourceTree = ""; }; + DCC78E8C1D8085FC00865A7C /* SecSharedCredential.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecSharedCredential.c; sourceTree = ""; }; + DCC78E8E1D8085FC00865A7C /* SecSignatureVerificationSupport.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecSignatureVerificationSupport.c; sourceTree = ""; }; + DCC78E8F1D8085FC00865A7C /* SecSignatureVerificationSupport.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecSignatureVerificationSupport.h; sourceTree = ""; }; + DCC78E901D8085FC00865A7C /* SecTrust.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecTrust.c; sourceTree = ""; }; + DCC78E921D8085FC00865A7C /* SecTrustInternal.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecTrustInternal.h; sourceTree = ""; }; + DCC78E971D8085FC00865A7C /* SecTrustStore.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecTrustStore.c; sourceTree = ""; }; + DCC78E9A1D8085FC00865A7C /* SecuritydXPC.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecuritydXPC.c; sourceTree = ""; }; + DCC78E9B1D8085FC00865A7C /* SecuritydXPC.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecuritydXPC.h; sourceTree = ""; }; + DCC78E9C1D8085FC00865A7C /* vmdh.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = vmdh.c; sourceTree = ""; }; + DCC78E9F1D80860C00865A7C /* swcagent_client.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = swcagent_client.h; sourceTree = ""; }; + DCC78EA01D80860C00865A7C /* swcagent_client.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = swcagent_client.c; sourceTree = ""; }; + DCC78EA11D80860C00865A7C /* swcagent.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; lineEnding = 0; path = swcagent.m; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objc; }; + DCC78EA31D80870D00865A7C /* lib_ios_debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; name = lib_ios_debug.xcconfig; path = xcconfig/lib_ios_debug.xcconfig; sourceTree = ""; }; + DCC78EA41D80870D00865A7C /* lib_ios_release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; name = lib_ios_release.xcconfig; path = xcconfig/lib_ios_release.xcconfig; sourceTree = ""; }; + DCC78EA91D8088E200865A7C /* libsecurity.a */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.dylib"; includeInIndex = 0; path = libsecurity.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DCCBFA1D1DBA95CD001DD54D /* kc-20-item-delete-stress.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "kc-20-item-delete-stress.c"; path = "regressions/kc-20-item-delete-stress.c"; sourceTree = ""; }; + DCD067631D8CDEB2007602F1 /* gkmerge */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.python; path = gkmerge; sourceTree = ""; }; + DCD067641D8CDEB2007602F1 /* gkhandmake */ = {isa = PBXFileReference; lastKnownFileType = text.script.python; path = gkhandmake; sourceTree = ""; }; + DCD067651D8CDEB2007602F1 /* gklist */ = {isa = PBXFileReference; lastKnownFileType = text.script.python; path = gklist; sourceTree = ""; }; + DCD067661D8CDEB2007602F1 /* gkclear */ = {isa = PBXFileReference; lastKnownFileType = text.script.python; path = gkclear; sourceTree = ""; }; + DCD067671D8CDEB2007602F1 /* gkgenerate */ = {isa = PBXFileReference; lastKnownFileType = text.script.python; path = gkgenerate; sourceTree = ""; }; + DCD067681D8CDEB2007602F1 /* gkrecord */ = {isa = PBXFileReference; lastKnownFileType = text.script.python; path = gkrecord; sourceTree = ""; }; + DCD067691D8CDEB2007602F1 /* gkreport */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = gkreport; sourceTree = ""; }; + DCD0676A1D8CDEB2007602F1 /* com.apple.gkreport.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = com.apple.gkreport.plist; sourceTree = ""; }; + DCD0676B1D8CDEB2007602F1 /* gkunpack.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = gkunpack.cpp; sourceTree = ""; }; + DCD0677F1D8CDF19007602F1 /* libsecurity_codesigning.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_codesigning.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DCD0678A1D8CDF7E007602F1 /* CodeSigning.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CodeSigning.h; sourceTree = ""; }; + DCD0678B1D8CDF7E007602F1 /* CSCommon.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CSCommon.h; sourceTree = ""; }; + DCD0678C1D8CDF7E007602F1 /* CSCommonPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CSCommonPriv.h; sourceTree = ""; }; + DCD0678D1D8CDF7E007602F1 /* SecCode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCode.h; sourceTree = ""; }; + DCD0678E1D8CDF7E007602F1 /* SecCodePriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCodePriv.h; sourceTree = ""; }; + DCD0678F1D8CDF7E007602F1 /* SecCode.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecCode.cpp; sourceTree = ""; }; + DCD067901D8CDF7E007602F1 /* SecStaticCode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecStaticCode.h; sourceTree = ""; }; + DCD067911D8CDF7E007602F1 /* SecStaticCodePriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecStaticCodePriv.h; sourceTree = ""; }; + DCD067921D8CDF7E007602F1 /* SecStaticCode.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecStaticCode.cpp; sourceTree = ""; }; + DCD067931D8CDF7E007602F1 /* SecRequirement.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecRequirement.h; sourceTree = ""; }; + DCD067941D8CDF7E007602F1 /* SecRequirementPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecRequirementPriv.h; sourceTree = ""; }; + DCD067951D8CDF7E007602F1 /* SecRequirement.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecRequirement.cpp; sourceTree = ""; }; + DCD067961D8CDF7E007602F1 /* SecCodeSigner.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCodeSigner.h; sourceTree = ""; }; + DCD067971D8CDF7E007602F1 /* SecCodeSigner.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecCodeSigner.cpp; sourceTree = ""; }; + DCD067981D8CDF7E007602F1 /* SecCodeHost.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCodeHost.h; sourceTree = ""; }; + DCD067991D8CDF7E007602F1 /* SecCodeHost.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecCodeHost.cpp; sourceTree = ""; }; + DCD0679A1D8CDF7E007602F1 /* SecIntegrity.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecIntegrity.h; sourceTree = ""; }; + DCD0679B1D8CDF7E007602F1 /* SecIntegrity.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecIntegrity.cpp; sourceTree = ""; }; + DCD0679D1D8CDF7E007602F1 /* cs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cs.h; sourceTree = ""; }; + DCD0679E1D8CDF7E007602F1 /* cs.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cs.cpp; sourceTree = ""; }; + DCD0679F1D8CDF7E007602F1 /* Code.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Code.h; sourceTree = ""; }; + DCD067A01D8CDF7E007602F1 /* Code.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Code.cpp; sourceTree = ""; }; + DCD067A11D8CDF7E007602F1 /* StaticCode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StaticCode.h; sourceTree = ""; }; + DCD067A21D8CDF7E007602F1 /* StaticCode.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = StaticCode.cpp; sourceTree = ""; }; + DCD067A31D8CDF7E007602F1 /* Requirements.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Requirements.h; sourceTree = ""; }; + DCD067A41D8CDF7E007602F1 /* Requirements.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Requirements.cpp; sourceTree = ""; }; + DCD067A51D8CDF7E007602F1 /* CodeSigner.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CodeSigner.h; sourceTree = ""; }; + DCD067A61D8CDF7E007602F1 /* CodeSigner.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CodeSigner.cpp; sourceTree = ""; }; + DCD067A81D8CDF7E007602F1 /* signer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = signer.h; sourceTree = ""; }; + DCD067A91D8CDF7E007602F1 /* signer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = signer.cpp; sourceTree = ""; }; + DCD067AA1D8CDF7E007602F1 /* signerutils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = signerutils.h; sourceTree = ""; }; + DCD067AB1D8CDF7E007602F1 /* signerutils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = signerutils.cpp; sourceTree = ""; }; + DCD067AD1D8CDF7E007602F1 /* codedirectory.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = codedirectory.h; sourceTree = ""; }; + DCD067AE1D8CDF7E007602F1 /* codedirectory.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = codedirectory.cpp; sourceTree = ""; }; + DCD067AF1D8CDF7E007602F1 /* cdbuilder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cdbuilder.h; sourceTree = ""; }; + DCD067B01D8CDF7E007602F1 /* cdbuilder.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cdbuilder.cpp; sourceTree = ""; }; + DCD067B21D8CDF7E007602F1 /* requirements.grammar */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = requirements.grammar; path = ../requirements.grammar; sourceTree = ""; }; + DCD067B31D8CDF7E007602F1 /* RequirementKeywords.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RequirementKeywords.h; sourceTree = ""; }; + DCD067B41D8CDF7E007602F1 /* RequirementLexer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RequirementLexer.cpp; sourceTree = ""; }; + DCD067B51D8CDF7E007602F1 /* RequirementLexer.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = RequirementLexer.hpp; sourceTree = ""; }; + DCD067B61D8CDF7E007602F1 /* RequirementParser.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RequirementParser.cpp; sourceTree = ""; }; + DCD067B71D8CDF7E007602F1 /* RequirementParser.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = RequirementParser.hpp; sourceTree = ""; }; + DCD067B81D8CDF7E007602F1 /* RequirementParserTokenTypes.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = RequirementParserTokenTypes.hpp; sourceTree = ""; }; + DCD067B91D8CDF7E007602F1 /* RequirementParserTokenTypes.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = RequirementParserTokenTypes.txt; sourceTree = ""; }; + DCD067BA1D8CDF7E007602F1 /* requirement.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = requirement.h; sourceTree = ""; }; + DCD067BB1D8CDF7E007602F1 /* requirement.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = requirement.cpp; sourceTree = ""; }; + DCD067BC1D8CDF7E007602F1 /* reqmaker.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = reqmaker.h; sourceTree = ""; }; + DCD067BD1D8CDF7E007602F1 /* reqmaker.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = reqmaker.cpp; sourceTree = ""; }; + DCD067BE1D8CDF7E007602F1 /* reqreader.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = reqreader.h; sourceTree = ""; }; + DCD067BF1D8CDF7E007602F1 /* reqreader.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = reqreader.cpp; sourceTree = ""; }; + DCD067C01D8CDF7E007602F1 /* reqinterp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = reqinterp.h; sourceTree = ""; }; + DCD067C11D8CDF7E007602F1 /* reqinterp.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = reqinterp.cpp; sourceTree = ""; }; + DCD067C21D8CDF7E007602F1 /* reqparser.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = reqparser.h; sourceTree = ""; }; + DCD067C31D8CDF7E007602F1 /* reqparser.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = reqparser.cpp; sourceTree = ""; }; + DCD067C41D8CDF7E007602F1 /* reqdumper.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = reqdumper.h; sourceTree = ""; }; + DCD067C51D8CDF7E007602F1 /* reqdumper.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = reqdumper.cpp; sourceTree = ""; }; + DCD067C61D8CDF7E007602F1 /* drmaker.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = drmaker.h; sourceTree = ""; }; + DCD067C71D8CDF7E007602F1 /* drmaker.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = drmaker.cpp; sourceTree = ""; }; + DCD067C91D8CDF7E007602F1 /* cskernel.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cskernel.h; sourceTree = ""; }; + DCD067CA1D8CDF7E007602F1 /* cskernel.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cskernel.cpp; sourceTree = ""; }; + DCD067CB1D8CDF7E007602F1 /* csprocess.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = csprocess.h; sourceTree = ""; }; + DCD067CC1D8CDF7E007602F1 /* csprocess.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = csprocess.cpp; sourceTree = ""; }; + DCD067CD1D8CDF7E007602F1 /* csgeneric.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = csgeneric.h; sourceTree = ""; }; + DCD067CE1D8CDF7E007602F1 /* csgeneric.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = csgeneric.cpp; sourceTree = ""; }; + DCD067D01D8CDF7E007602F1 /* diskrep.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = diskrep.h; sourceTree = ""; }; + DCD067D11D8CDF7E007602F1 /* diskrep.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = diskrep.cpp; sourceTree = ""; }; + DCD067D21D8CDF7E007602F1 /* filediskrep.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = filediskrep.h; sourceTree = ""; }; + DCD067D31D8CDF7E007602F1 /* filediskrep.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = filediskrep.cpp; sourceTree = ""; }; + DCD067D41D8CDF7E007602F1 /* bundlediskrep.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bundlediskrep.h; sourceTree = ""; }; + DCD067D51D8CDF7E007602F1 /* bundlediskrep.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = bundlediskrep.cpp; sourceTree = ""; }; + DCD067D61D8CDF7E007602F1 /* kerneldiskrep.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = kerneldiskrep.h; sourceTree = ""; }; + DCD067D71D8CDF7E007602F1 /* kerneldiskrep.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = kerneldiskrep.cpp; sourceTree = ""; }; + DCD067D81D8CDF7E007602F1 /* machorep.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = machorep.h; sourceTree = ""; }; + DCD067D91D8CDF7E007602F1 /* machorep.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = machorep.cpp; sourceTree = ""; }; + DCD067DA1D8CDF7E007602F1 /* slcrep.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = slcrep.h; sourceTree = ""; }; + DCD067DB1D8CDF7E007602F1 /* slcrep.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = slcrep.cpp; sourceTree = ""; }; + DCD067DC1D8CDF7E007602F1 /* diskimagerep.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = diskimagerep.h; sourceTree = ""; }; + DCD067DD1D8CDF7E007602F1 /* diskimagerep.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = diskimagerep.cpp; sourceTree = ""; }; + DCD067DE1D8CDF7E007602F1 /* singlediskrep.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = singlediskrep.h; sourceTree = ""; }; + DCD067DF1D8CDF7E007602F1 /* singlediskrep.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = singlediskrep.cpp; sourceTree = ""; }; + DCD067E01D8CDF7E007602F1 /* detachedrep.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = detachedrep.h; sourceTree = ""; }; + DCD067E11D8CDF7E007602F1 /* detachedrep.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = detachedrep.cpp; sourceTree = ""; }; + DCD067E21D8CDF7E007602F1 /* piddiskrep.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = piddiskrep.h; sourceTree = ""; }; + DCD067E31D8CDF7E007602F1 /* piddiskrep.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = piddiskrep.cpp; sourceTree = ""; }; + DCD067E51D8CDF7E007602F1 /* SecIntegrityLib.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecIntegrityLib.h; sourceTree = ""; }; + DCD067E61D8CDF7E007602F1 /* SecIntegrityLib.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecIntegrityLib.c; sourceTree = ""; }; + DCD067E71D8CDF7E007602F1 /* SecCodeHostLib.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecCodeHostLib.h; sourceTree = ""; }; + DCD067E81D8CDF7E007602F1 /* SecCodeHostLib.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecCodeHostLib.c; sourceTree = ""; }; + DCD067EA1D8CDF7E007602F1 /* sp-watch.d */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.dtrace; name = "sp-watch.d"; path = "../dtrace/sp-watch.d"; sourceTree = ""; }; + DCD067EB1D8CDF7E007602F1 /* security_codesigning.d */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.dtrace; path = security_codesigning.d; sourceTree = ""; }; + DCD067EC1D8CDF7E007602F1 /* codesign-watch.d */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.dtrace; name = "codesign-watch.d"; path = "../dtrace/codesign-watch.d"; sourceTree = ""; }; + DCD067EE1D8CDF7E007602F1 /* csdatabase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = csdatabase.h; sourceTree = ""; }; + DCD067EF1D8CDF7E007602F1 /* csdatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = csdatabase.cpp; sourceTree = ""; }; + DCD067F01D8CDF7E007602F1 /* cserror.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cserror.h; sourceTree = ""; }; + DCD067F11D8CDF7E007602F1 /* cserror.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cserror.cpp; sourceTree = ""; }; + DCD067F21D8CDF7E007602F1 /* resources.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = resources.h; sourceTree = ""; }; + DCD067F31D8CDF7E007602F1 /* resources.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = resources.cpp; sourceTree = ""; }; + DCD067F41D8CDF7E007602F1 /* sigblob.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sigblob.h; sourceTree = ""; }; + DCD067F51D8CDF7E007602F1 /* sigblob.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = sigblob.cpp; sourceTree = ""; }; + DCD067F61D8CDF7E007602F1 /* csutilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = csutilities.h; sourceTree = ""; }; + DCD067F71D8CDF7E007602F1 /* csutilities.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = csutilities.cpp; sourceTree = ""; }; + DCD067F81D8CDF7E007602F1 /* xar++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "xar++.h"; sourceTree = ""; }; + DCD067F91D8CDF7E007602F1 /* xar++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = "xar++.cpp"; sourceTree = ""; }; + DCD067FA1D8CDF7E007602F1 /* quarantine++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "quarantine++.h"; sourceTree = ""; }; + DCD067FB1D8CDF7E007602F1 /* quarantine++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = "quarantine++.cpp"; sourceTree = ""; }; + DCD067FC1D8CDF7E007602F1 /* dirscanner.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dirscanner.h; sourceTree = ""; }; + DCD067FD1D8CDF7E007602F1 /* dirscanner.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = dirscanner.cpp; sourceTree = ""; }; + DCD067FF1D8CDF7E007602F1 /* antlrplugin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = antlrplugin.h; path = lib/antlrplugin.h; sourceTree = ""; }; + DCD068001D8CDF7E007602F1 /* antlrplugin.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = antlrplugin.cpp; path = lib/antlrplugin.cpp; sourceTree = ""; }; + DCD068031D8CDF7E007602F1 /* SecTaskPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecTaskPriv.h; sourceTree = ""; }; + DCD068041D8CDF7E007602F1 /* SecTask.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecTask.c; sourceTree = ""; }; + DCD068061D8CDF7E007602F1 /* SecAssessment.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = SecAssessment.h; sourceTree = ""; }; + DCD068071D8CDF7E007602F1 /* SecAssessment.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SecAssessment.cpp; sourceTree = ""; }; + DCD068081D8CDF7E007602F1 /* evaluationmanager.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = evaluationmanager.h; sourceTree = ""; }; + DCD068091D8CDF7E007602F1 /* evaluationmanager.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = evaluationmanager.cpp; sourceTree = ""; }; + DCD0680A1D8CDF7E007602F1 /* opaquewhitelist.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = opaquewhitelist.h; sourceTree = ""; }; + DCD0680B1D8CDF7E007602F1 /* opaquewhitelist.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = opaquewhitelist.cpp; sourceTree = ""; }; + DCD0680C1D8CDF7E007602F1 /* policydb.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = policydb.h; sourceTree = ""; }; + DCD0680D1D8CDF7E007602F1 /* policydb.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = policydb.cpp; sourceTree = ""; }; + DCD0680E1D8CDF7E007602F1 /* policyengine.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = policyengine.h; sourceTree = ""; }; + DCD0680F1D8CDF7E007602F1 /* policyengine.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = policyengine.cpp; sourceTree = ""; }; + DCD068101D8CDF7E007602F1 /* xpcengine.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = xpcengine.h; sourceTree = ""; }; + DCD068111D8CDF7E007602F1 /* xpcengine.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = xpcengine.cpp; sourceTree = ""; }; + DCD068121D8CDF7E007602F1 /* syspolicy.sql */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = syspolicy.sql; sourceTree = ""; }; + DCD0688F1D8CDFFE007602F1 /* ANTLRException.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = ANTLRException.hpp; sourceTree = ""; }; + DCD068901D8CDFFE007602F1 /* ANTLRUtil.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = ANTLRUtil.hpp; sourceTree = ""; }; + DCD068911D8CDFFE007602F1 /* AST.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = AST.hpp; sourceTree = ""; }; + DCD068921D8CDFFE007602F1 /* ASTArray.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = ASTArray.hpp; sourceTree = ""; }; + DCD068931D8CDFFE007602F1 /* ASTFactory.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = ASTFactory.hpp; sourceTree = ""; }; + DCD068941D8CDFFE007602F1 /* ASTNULLType.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = ASTNULLType.hpp; sourceTree = ""; }; + DCD068951D8CDFFE007602F1 /* ASTPair.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = ASTPair.hpp; sourceTree = ""; }; + DCD068961D8CDFFE007602F1 /* ASTRefCount.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = ASTRefCount.hpp; sourceTree = ""; }; + DCD068971D8CDFFE007602F1 /* BaseAST.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = BaseAST.hpp; sourceTree = ""; }; + DCD068981D8CDFFE007602F1 /* BitSet.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = BitSet.hpp; sourceTree = ""; }; + DCD068991D8CDFFE007602F1 /* CharBuffer.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = CharBuffer.hpp; sourceTree = ""; }; + DCD0689A1D8CDFFE007602F1 /* CharInputBuffer.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = CharInputBuffer.hpp; sourceTree = ""; }; + DCD0689B1D8CDFFE007602F1 /* CharScanner.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = CharScanner.hpp; sourceTree = ""; }; + DCD0689C1D8CDFFE007602F1 /* CharStreamException.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = CharStreamException.hpp; sourceTree = ""; }; + DCD0689D1D8CDFFE007602F1 /* CharStreamIOException.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = CharStreamIOException.hpp; sourceTree = ""; }; + DCD0689E1D8CDFFE007602F1 /* CircularQueue.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = CircularQueue.hpp; sourceTree = ""; }; + DCD0689F1D8CDFFE007602F1 /* CommonAST.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = CommonAST.hpp; sourceTree = ""; }; + DCD068A01D8CDFFE007602F1 /* CommonASTWithHiddenTokens.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = CommonASTWithHiddenTokens.hpp; sourceTree = ""; }; + DCD068A11D8CDFFE007602F1 /* CommonHiddenStreamToken.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = CommonHiddenStreamToken.hpp; sourceTree = ""; }; + DCD068A21D8CDFFE007602F1 /* CommonToken.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = CommonToken.hpp; sourceTree = ""; }; + DCD068A31D8CDFFE007602F1 /* config.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = config.hpp; sourceTree = ""; }; + DCD068A41D8CDFFE007602F1 /* InputBuffer.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = InputBuffer.hpp; sourceTree = ""; }; + DCD068A51D8CDFFE007602F1 /* IOException.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = IOException.hpp; sourceTree = ""; }; + DCD068A61D8CDFFE007602F1 /* LexerSharedInputState.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = LexerSharedInputState.hpp; sourceTree = ""; }; + DCD068A71D8CDFFE007602F1 /* LLkParser.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = LLkParser.hpp; sourceTree = ""; }; + DCD068A81D8CDFFE007602F1 /* Makefile.in */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Makefile.in; sourceTree = ""; }; + DCD068A91D8CDFFE007602F1 /* MismatchedCharException.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = MismatchedCharException.hpp; sourceTree = ""; }; + DCD068AA1D8CDFFE007602F1 /* MismatchedTokenException.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = MismatchedTokenException.hpp; sourceTree = ""; }; + DCD068AB1D8CDFFE007602F1 /* NoViableAltException.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = NoViableAltException.hpp; sourceTree = ""; }; + DCD068AC1D8CDFFE007602F1 /* NoViableAltForCharException.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = NoViableAltForCharException.hpp; sourceTree = ""; }; + DCD068AD1D8CDFFE007602F1 /* Parser.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = Parser.hpp; sourceTree = ""; }; + DCD068AE1D8CDFFE007602F1 /* ParserSharedInputState.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = ParserSharedInputState.hpp; sourceTree = ""; }; + DCD068AF1D8CDFFE007602F1 /* RecognitionException.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = RecognitionException.hpp; sourceTree = ""; }; + DCD068B01D8CDFFE007602F1 /* RefCount.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = RefCount.hpp; sourceTree = ""; }; + DCD068B11D8CDFFE007602F1 /* SemanticException.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = SemanticException.hpp; sourceTree = ""; }; + DCD068B21D8CDFFE007602F1 /* String.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = String.hpp; sourceTree = ""; }; + DCD068B31D8CDFFE007602F1 /* Token.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = Token.hpp; sourceTree = ""; }; + DCD068B41D8CDFFE007602F1 /* TokenBuffer.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = TokenBuffer.hpp; sourceTree = ""; }; + DCD068B51D8CDFFE007602F1 /* TokenRefCount.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = TokenRefCount.hpp; sourceTree = ""; }; + DCD068B61D8CDFFE007602F1 /* TokenStream.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = TokenStream.hpp; sourceTree = ""; }; + DCD068B71D8CDFFE007602F1 /* TokenStreamBasicFilter.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = TokenStreamBasicFilter.hpp; sourceTree = ""; }; + DCD068B81D8CDFFE007602F1 /* TokenStreamException.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = TokenStreamException.hpp; sourceTree = ""; }; + DCD068B91D8CDFFE007602F1 /* TokenStreamHiddenTokenFilter.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = TokenStreamHiddenTokenFilter.hpp; sourceTree = ""; }; + DCD068BA1D8CDFFE007602F1 /* TokenStreamIOException.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = TokenStreamIOException.hpp; sourceTree = ""; }; + DCD068BB1D8CDFFE007602F1 /* TokenStreamRecognitionException.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = TokenStreamRecognitionException.hpp; sourceTree = ""; }; + DCD068BC1D8CDFFE007602F1 /* TokenStreamRetryException.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = TokenStreamRetryException.hpp; sourceTree = ""; }; + DCD068BD1D8CDFFE007602F1 /* TokenStreamRewriteEngine.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = TokenStreamRewriteEngine.hpp; sourceTree = ""; }; + DCD068BE1D8CDFFE007602F1 /* TokenStreamSelector.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = TokenStreamSelector.hpp; sourceTree = ""; }; + DCD068BF1D8CDFFE007602F1 /* TokenWithIndex.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = TokenWithIndex.hpp; sourceTree = ""; }; + DCD068C01D8CDFFE007602F1 /* TreeParser.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = TreeParser.hpp; sourceTree = ""; }; + DCD068C11D8CDFFE007602F1 /* TreeParserSharedInputState.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; path = TreeParserSharedInputState.hpp; sourceTree = ""; }; + DCD068C31D8CDFFE007602F1 /* AUTHORS */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = AUTHORS; sourceTree = ""; }; + DCD068C41D8CDFFE007602F1 /* ChangeLog */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = ChangeLog; sourceTree = ""; }; + DCD068C51D8CDFFE007602F1 /* antlr.bpr */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = antlr.bpr; sourceTree = ""; }; + DCD068C61D8CDFFE007602F1 /* antlr.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = antlr.cpp; sourceTree = ""; }; + DCD068C71D8CDFFE007602F1 /* README */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = README; sourceTree = ""; }; + DCD068CA1D8CDFFE007602F1 /* doxygen.cfg */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = doxygen.cfg; sourceTree = ""; }; + DCD068CB1D8CDFFE007602F1 /* libsecurity_codesigning.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = libsecurity_codesigning.plist; sourceTree = ""; }; + DCD068CC1D8CDFFE007602F1 /* libsecurity_codesigning.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = libsecurity_codesigning.txt; sourceTree = ""; }; + DCD068CD1D8CDFFE007602F1 /* LICENSE.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = LICENSE.txt; sourceTree = ""; }; + DCD068CE1D8CDFFE007602F1 /* Makefile.in */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Makefile.in; sourceTree = ""; }; + DCD068CF1D8CDFFE007602F1 /* README */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = README; sourceTree = ""; }; + DCD068D01D8CDFFE007602F1 /* cr_stripper.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = cr_stripper.sh; sourceTree = ""; }; + DCD068D11D8CDFFE007602F1 /* make_change_log.tcl */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = make_change_log.tcl; sourceTree = ""; }; + DCD068D31D8CDFFE007602F1 /* ANTLRUtil.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ANTLRUtil.cpp; sourceTree = ""; }; + DCD068D41D8CDFFE007602F1 /* ASTFactory.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ASTFactory.cpp; sourceTree = ""; }; + DCD068D51D8CDFFE007602F1 /* ASTNULLType.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ASTNULLType.cpp; sourceTree = ""; }; + DCD068D61D8CDFFE007602F1 /* ASTRefCount.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ASTRefCount.cpp; sourceTree = ""; }; + DCD068D71D8CDFFE007602F1 /* BaseAST.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = BaseAST.cpp; sourceTree = ""; }; + DCD068D81D8CDFFE007602F1 /* BitSet.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = BitSet.cpp; sourceTree = ""; }; + DCD068D91D8CDFFE007602F1 /* CharBuffer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CharBuffer.cpp; sourceTree = ""; }; + DCD068DA1D8CDFFE007602F1 /* CharScanner.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CharScanner.cpp; sourceTree = ""; }; + DCD068DB1D8CDFFE007602F1 /* CommonAST.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CommonAST.cpp; sourceTree = ""; }; + DCD068DC1D8CDFFE007602F1 /* CommonASTWithHiddenTokens.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CommonASTWithHiddenTokens.cpp; sourceTree = ""; }; + DCD068DD1D8CDFFE007602F1 /* CommonHiddenStreamToken.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CommonHiddenStreamToken.cpp; sourceTree = ""; }; + DCD068DE1D8CDFFE007602F1 /* CommonToken.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CommonToken.cpp; sourceTree = ""; }; + DCD068DF1D8CDFFE007602F1 /* dll.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = dll.cpp; sourceTree = ""; }; + DCD068E01D8CDFFE007602F1 /* InputBuffer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = InputBuffer.cpp; sourceTree = ""; }; + DCD068E11D8CDFFE007602F1 /* LLkParser.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = LLkParser.cpp; sourceTree = ""; }; + DCD068E21D8CDFFE007602F1 /* Makefile.in */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Makefile.in; sourceTree = ""; }; + DCD068E31D8CDFFE007602F1 /* MismatchedCharException.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MismatchedCharException.cpp; sourceTree = ""; }; + DCD068E41D8CDFFE007602F1 /* MismatchedTokenException.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MismatchedTokenException.cpp; sourceTree = ""; }; + DCD068E51D8CDFFE007602F1 /* NoViableAltException.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NoViableAltException.cpp; sourceTree = ""; }; + DCD068E61D8CDFFE007602F1 /* NoViableAltForCharException.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NoViableAltForCharException.cpp; sourceTree = ""; }; + DCD068E71D8CDFFE007602F1 /* Parser.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Parser.cpp; sourceTree = ""; }; + DCD068E81D8CDFFE007602F1 /* RecognitionException.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RecognitionException.cpp; sourceTree = ""; }; + DCD068E91D8CDFFE007602F1 /* String.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = String.cpp; sourceTree = ""; }; + DCD068EA1D8CDFFE007602F1 /* Token.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Token.cpp; sourceTree = ""; }; + DCD068EB1D8CDFFE007602F1 /* TokenBuffer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TokenBuffer.cpp; sourceTree = ""; }; + DCD068EC1D8CDFFE007602F1 /* TokenRefCount.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TokenRefCount.cpp; sourceTree = ""; }; + DCD068ED1D8CDFFE007602F1 /* TokenStreamBasicFilter.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TokenStreamBasicFilter.cpp; sourceTree = ""; }; + DCD068EE1D8CDFFE007602F1 /* TokenStreamHiddenTokenFilter.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TokenStreamHiddenTokenFilter.cpp; sourceTree = ""; }; + DCD068EF1D8CDFFE007602F1 /* TokenStreamRewriteEngine.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TokenStreamRewriteEngine.cpp; sourceTree = ""; }; + DCD068F01D8CDFFE007602F1 /* TokenStreamSelector.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TokenStreamSelector.cpp; sourceTree = ""; }; + DCD068F11D8CDFFE007602F1 /* TreeParser.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TreeParser.cpp; sourceTree = ""; }; + DCD068F31D8CDFFE007602F1 /* TODO */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = TODO; sourceTree = ""; }; + DCD06A3F1D8CE21D007602F1 /* libintegrity.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libintegrity.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DCD06A511D8CE281007602F1 /* libcodehost.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libcodehost.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DCD06A741D8CE2D5007602F1 /* gkunpack */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = gkunpack; sourceTree = BUILT_PRODUCTS_DIR; }; + DCD06AB01D8E0D53007602F1 /* libsecurity_utilities.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_utilities.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DCD06AB11D8E0D7D007602F1 /* debugging.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; name = debugging.h; path = ../../utilities/src/debugging.h; sourceTree = ""; }; + DCD06AB21D8E0D7D007602F1 /* FileLockTransaction.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = FileLockTransaction.cpp; sourceTree = ""; }; + DCD06AB31D8E0D7D007602F1 /* FileLockTransaction.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FileLockTransaction.h; sourceTree = ""; }; + DCD06AB41D8E0D7D007602F1 /* CSPDLTransaction.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = CSPDLTransaction.cpp; sourceTree = ""; }; + DCD06AB51D8E0D7D007602F1 /* CSPDLTransaction.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CSPDLTransaction.h; sourceTree = ""; }; + DCD06AB61D8E0D7D007602F1 /* casts.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = casts.h; sourceTree = ""; }; + DCD06AB71D8E0D7D007602F1 /* crc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = crc.c; sourceTree = ""; }; + DCD06AB81D8E0D7D007602F1 /* crc.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = crc.h; sourceTree = ""; }; + DCD06AB91D8E0D7D007602F1 /* adornments.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = adornments.h; sourceTree = ""; }; + DCD06ABA1D8E0D7D007602F1 /* adornments.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = adornments.cpp; sourceTree = ""; }; + DCD06ABB1D8E0D7D007602F1 /* alloc.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = alloc.h; sourceTree = ""; }; + DCD06ABC1D8E0D7D007602F1 /* alloc.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = alloc.cpp; sourceTree = ""; }; + DCD06ABD1D8E0D7D007602F1 /* blob.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blob.h; sourceTree = ""; }; + DCD06ABE1D8E0D7D007602F1 /* blob.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = blob.cpp; sourceTree = ""; }; + DCD06ABF1D8E0D7D007602F1 /* ccaudit.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = ccaudit.cpp; sourceTree = ""; }; + DCD06AC01D8E0D7D007602F1 /* ccaudit.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ccaudit.h; sourceTree = ""; }; + DCD06AC11D8E0D7D007602F1 /* daemon.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = daemon.h; sourceTree = ""; }; + DCD06AC21D8E0D7D007602F1 /* daemon.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = daemon.cpp; sourceTree = ""; }; + DCD06AC31D8E0D7D007602F1 /* debugging_internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = debugging_internal.h; sourceTree = ""; }; + DCD06AC41D8E0D7D007602F1 /* debugsupport.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = debugsupport.h; sourceTree = ""; }; + DCD06AC51D8E0D7D007602F1 /* debugging_internal.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = debugging_internal.cpp; sourceTree = ""; }; + DCD06AC61D8E0D7D007602F1 /* devrandom.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = devrandom.h; sourceTree = ""; }; + DCD06AC71D8E0D7D007602F1 /* devrandom.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = devrandom.cpp; sourceTree = ""; }; + DCD06AC81D8E0D7D007602F1 /* dispatch.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = dispatch.cpp; sourceTree = ""; }; + DCD06AC91D8E0D7D007602F1 /* dispatch.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dispatch.h; sourceTree = ""; }; + DCD06ACA1D8E0D7D007602F1 /* endian.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = endian.h; sourceTree = ""; }; + DCD06ACB1D8E0D7D007602F1 /* endian.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = endian.cpp; sourceTree = ""; }; + DCD06ACC1D8E0D7D007602F1 /* errors.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = errors.h; sourceTree = ""; }; + DCD06ACD1D8E0D7D007602F1 /* errors.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = errors.cpp; sourceTree = ""; }; + DCD06ACE1D8E0D7D007602F1 /* globalizer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = globalizer.h; sourceTree = ""; }; + DCD06ACF1D8E0D7D007602F1 /* globalizer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = globalizer.cpp; sourceTree = ""; }; + DCD06AD01D8E0D7D007602F1 /* hashing.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = hashing.h; sourceTree = ""; }; + DCD06AD11D8E0D7D007602F1 /* hashing.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = hashing.cpp; sourceTree = ""; }; + DCD06AD21D8E0D7D007602F1 /* iodevices.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = iodevices.h; sourceTree = ""; }; + DCD06AD31D8E0D7D007602F1 /* iodevices.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = iodevices.cpp; sourceTree = ""; }; + DCD06AD41D8E0D7D007602F1 /* ktracecodes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ktracecodes.h; sourceTree = ""; }; + DCD06AD51D8E0D7D007602F1 /* logging.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = logging.h; sourceTree = ""; }; + DCD06AD61D8E0D7D007602F1 /* logging.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = logging.cpp; sourceTree = ""; }; + DCD06AD71D8E0D7D007602F1 /* memstreams.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = memstreams.h; sourceTree = ""; }; + DCD06AD81D8E0D7D007602F1 /* memutils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = memutils.h; sourceTree = ""; }; + DCD06AD91D8E0D7D007602F1 /* osxcode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = osxcode.h; sourceTree = ""; }; + DCD06ADA1D8E0D7D007602F1 /* osxcode.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = osxcode.cpp; sourceTree = ""; }; + DCD06ADB1D8E0D7D007602F1 /* powerwatch.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = powerwatch.h; sourceTree = ""; }; + DCD06ADC1D8E0D7D007602F1 /* powerwatch.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = powerwatch.cpp; sourceTree = ""; }; + DCD06ADD1D8E0D7D007602F1 /* refcount.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = refcount.h; sourceTree = ""; }; + DCD06ADE1D8E0D7D007602F1 /* seccfobject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = seccfobject.h; sourceTree = ""; }; + DCD06ADF1D8E0D7D007602F1 /* seccfobject.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = seccfobject.cpp; sourceTree = ""; }; + DCD06AE01D8E0D7D007602F1 /* security_utilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = security_utilities.h; sourceTree = ""; }; + DCD06AE11D8E0D7D007602F1 /* simpleprefs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = simpleprefs.h; sourceTree = ""; }; + DCD06AE21D8E0D7D007602F1 /* simpleprefs.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = simpleprefs.cpp; sourceTree = ""; }; + DCD06AE31D8E0D7D007602F1 /* sqlite++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "sqlite++.h"; sourceTree = ""; }; + DCD06AE41D8E0D7D007602F1 /* sqlite++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = "sqlite++.cpp"; sourceTree = ""; }; + DCD06AE51D8E0D7D007602F1 /* streams.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = streams.h; sourceTree = ""; }; + DCD06AE61D8E0D7D007602F1 /* streams.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = streams.cpp; sourceTree = ""; }; + DCD06AE71D8E0D7D007602F1 /* superblob.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = superblob.h; sourceTree = ""; }; + DCD06AE81D8E0D7D007602F1 /* superblob.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = superblob.cpp; sourceTree = ""; }; + DCD06AE91D8E0D7D007602F1 /* threading.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = threading.h; sourceTree = ""; }; + DCD06AEA1D8E0D7D007602F1 /* threading_internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = threading_internal.h; sourceTree = ""; }; + DCD06AEB1D8E0D7D007602F1 /* threading.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = threading.cpp; sourceTree = ""; }; + DCD06AEC1D8E0D7D007602F1 /* timeflow.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = timeflow.h; sourceTree = ""; }; + DCD06AED1D8E0D7D007602F1 /* timeflow.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = timeflow.cpp; sourceTree = ""; }; + DCD06AEE1D8E0D7D007602F1 /* tqueue.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = tqueue.h; sourceTree = ""; }; + DCD06AEF1D8E0D7D007602F1 /* tqueue.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = tqueue.cpp; sourceTree = ""; }; + DCD06AF01D8E0D7D007602F1 /* trackingallocator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = trackingallocator.h; sourceTree = ""; }; + DCD06AF11D8E0D7D007602F1 /* trackingallocator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = trackingallocator.cpp; sourceTree = ""; }; + DCD06AF21D8E0D7D007602F1 /* transactions.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = transactions.cpp; sourceTree = ""; }; + DCD06AF31D8E0D7D007602F1 /* transactions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = transactions.h; sourceTree = ""; }; + DCD06AF41D8E0D7D007602F1 /* typedvalue.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = typedvalue.cpp; sourceTree = ""; }; + DCD06AF51D8E0D7D007602F1 /* typedvalue.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = typedvalue.h; sourceTree = ""; }; + DCD06AF61D8E0D7D007602F1 /* utilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = utilities.h; sourceTree = ""; }; + DCD06AF71D8E0D7D007602F1 /* utilities.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = utilities.cpp; sourceTree = ""; }; + DCD06AF81D8E0D7D007602F1 /* utility_config.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = utility_config.h; sourceTree = ""; }; + DCD06AF91D8E0D7D007602F1 /* fdmover.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = fdmover.h; sourceTree = ""; }; + DCD06AFA1D8E0D7D007602F1 /* fdmover.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = fdmover.cpp; sourceTree = ""; }; + DCD06AFB1D8E0D7D007602F1 /* fdsel.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = fdsel.h; sourceTree = ""; }; + DCD06AFC1D8E0D7D007602F1 /* fdsel.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = fdsel.cpp; sourceTree = ""; }; + DCD06AFD1D8E0D7D007602F1 /* kq++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "kq++.h"; sourceTree = ""; }; + DCD06AFE1D8E0D7D007602F1 /* kq++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = "kq++.cpp"; sourceTree = ""; }; + DCD06AFF1D8E0D7D007602F1 /* muscle++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "muscle++.h"; sourceTree = ""; }; + DCD06B001D8E0D7D007602F1 /* muscle++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = "muscle++.cpp"; sourceTree = ""; }; + DCD06B011D8E0D7D007602F1 /* pcsc++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "pcsc++.h"; sourceTree = ""; }; + DCD06B021D8E0D7D007602F1 /* pcsc++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = "pcsc++.cpp"; sourceTree = ""; }; + DCD06B031D8E0D7D007602F1 /* selector.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = selector.h; sourceTree = ""; }; + DCD06B041D8E0D7D007602F1 /* selector.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = selector.cpp; sourceTree = ""; }; + DCD06B051D8E0D7D007602F1 /* unix++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "unix++.h"; sourceTree = ""; }; + DCD06B061D8E0D7D007602F1 /* unix++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = "unix++.cpp"; sourceTree = ""; }; + DCD06B071D8E0D7D007602F1 /* unixchild.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = unixchild.h; sourceTree = ""; }; + DCD06B081D8E0D7D007602F1 /* unixchild.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = unixchild.cpp; sourceTree = ""; }; + DCD06B091D8E0D7D007602F1 /* vproc++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "vproc++.h"; sourceTree = ""; }; + DCD06B0A1D8E0D7D007602F1 /* vproc++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = "vproc++.cpp"; sourceTree = ""; }; + DCD06B0C1D8E0D7D007602F1 /* mach++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "mach++.h"; sourceTree = ""; }; + DCD06B0D1D8E0D7D007602F1 /* mach++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = "mach++.cpp"; sourceTree = ""; }; + DCD06B0E1D8E0D7D007602F1 /* mach_notify.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = mach_notify.h; sourceTree = ""; }; + DCD06B0F1D8E0D7D007602F1 /* mach_notify.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = mach_notify.c; sourceTree = ""; }; + DCD06B101D8E0D7D007602F1 /* cfmach++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "cfmach++.h"; sourceTree = ""; }; + DCD06B111D8E0D7D007602F1 /* cfmach++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = "cfmach++.cpp"; sourceTree = ""; }; + DCD06B121D8E0D7D007602F1 /* macho++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "macho++.h"; sourceTree = ""; }; + DCD06B131D8E0D7D007602F1 /* macho++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = "macho++.cpp"; sourceTree = ""; }; + DCD06B141D8E0D7D007602F1 /* dyldcache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dyldcache.h; sourceTree = ""; }; + DCD06B151D8E0D7D007602F1 /* dyldcache.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = dyldcache.cpp; sourceTree = ""; }; + DCD06B161D8E0D7D007602F1 /* dyld_cache_format.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dyld_cache_format.h; sourceTree = ""; }; + DCD06B171D8E0D7D007602F1 /* machserver.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = machserver.h; sourceTree = ""; }; + DCD06B181D8E0D7D007602F1 /* machserver.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = machserver.cpp; sourceTree = ""; }; + DCD06B191D8E0D7D007602F1 /* machrunloopserver.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = machrunloopserver.h; sourceTree = ""; }; + DCD06B1A1D8E0D7D007602F1 /* machrunloopserver.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = machrunloopserver.cpp; sourceTree = ""; }; + DCD06B1C1D8E0D7D007602F1 /* coderepository.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = coderepository.h; sourceTree = ""; }; + DCD06B1D1D8E0D7D007602F1 /* coderepository.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = coderepository.cpp; sourceTree = ""; }; + DCD06B1E1D8E0D7D007602F1 /* cfclass.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cfclass.h; sourceTree = ""; }; + DCD06B1F1D8E0D7D007602F1 /* cfclass.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cfclass.cpp; sourceTree = ""; }; + DCD06B201D8E0D7D007602F1 /* cfmunge.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cfmunge.h; sourceTree = ""; }; + DCD06B211D8E0D7D007602F1 /* cfmunge.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cfmunge.cpp; sourceTree = ""; }; + DCD06B221D8E0D7D007602F1 /* cfutilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cfutilities.h; sourceTree = ""; }; + DCD06B231D8E0D7D007602F1 /* cfutilities.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = cfutilities.cpp; sourceTree = ""; }; + DCD06B251D8E0D7D007602F1 /* bufferfifo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bufferfifo.h; sourceTree = ""; }; + DCD06B261D8E0D7D007602F1 /* bufferfifo.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = bufferfifo.cpp; sourceTree = ""; }; + DCD06B271D8E0D7D007602F1 /* buffers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = buffers.h; sourceTree = ""; }; + DCD06B281D8E0D7D007602F1 /* buffers.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = buffers.cpp; sourceTree = ""; }; + DCD06B291D8E0D7D007602F1 /* headermap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = headermap.h; sourceTree = ""; }; + DCD06B2A1D8E0D7D007602F1 /* headermap.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = headermap.cpp; sourceTree = ""; }; + DCD06B2B1D8E0D7D007602F1 /* hosts.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = hosts.h; sourceTree = ""; }; + DCD06B2C1D8E0D7D007602F1 /* hosts.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = hosts.cpp; sourceTree = ""; }; + DCD06B2D1D8E0D7D007602F1 /* inetreply.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = inetreply.h; sourceTree = ""; }; + DCD06B2E1D8E0D7D007602F1 /* inetreply.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = inetreply.cpp; sourceTree = ""; }; + DCD06B2F1D8E0D7D007602F1 /* ip++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "ip++.h"; sourceTree = ""; }; + DCD06B301D8E0D7D007602F1 /* ip++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = "ip++.cpp"; sourceTree = ""; }; + DCD06B311D8E0D7D007602F1 /* url.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = url.h; sourceTree = ""; }; + DCD06B321D8E0D7D007602F1 /* url.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = url.cpp; sourceTree = ""; }; + DCD06B331D8E0D7D007602F1 /* socks++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "socks++.h"; sourceTree = ""; }; + DCD06B341D8E0D7D007602F1 /* socks++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = "socks++.cpp"; sourceTree = ""; }; + DCD06B351D8E0D7D007602F1 /* socks++4.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "socks++4.h"; sourceTree = ""; }; + DCD06B361D8E0D7D007602F1 /* socks++4.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = "socks++4.cpp"; sourceTree = ""; }; + DCD06B371D8E0D7D007602F1 /* socks++5.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "socks++5.h"; sourceTree = ""; }; + DCD06B381D8E0D7D007602F1 /* socks++5.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = "socks++5.cpp"; sourceTree = ""; }; + DCD06BC21D8E0DC2007602F1 /* utilities_dtrace.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = utilities_dtrace.h; path = derived_src/security_utilities/utilities_dtrace.h; sourceTree = BUILT_PRODUCTS_DIR; }; + DCD06BC51D8E0DD3007602F1 /* security_utilities.d */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.dtrace; name = security_utilities.d; path = lib/security_utilities.d; sourceTree = ""; }; + DCD66D731D8204A700DB1393 /* libSecTrustOSX.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libSecTrustOSX.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DCD66DDB1D8205C400DB1393 /* libSecOtrOSX.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = libSecOtrOSX.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DCDCC7DD1D9B54DF006487E8 /* secd-202-recoverykey.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "secd-202-recoverykey.m"; sourceTree = ""; }; + DCDCC7E41D9B551C006487E8 /* SOSAccountSync.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountSync.c; sourceTree = ""; }; + DCE4E6A41D7A37FA00AFB96E /* security2 */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = security2; sourceTree = BUILT_PRODUCTS_DIR; }; + DCE4E6A71D7A38C000AFB96E /* security2.1 */ = {isa = PBXFileReference; lastKnownFileType = text.man; name = security2.1; path = ../OSX/security2/security2.1; sourceTree = ""; }; + DCE4E6D41D7A41E400AFB96E /* bc-10-knife-on-bread.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "bc-10-knife-on-bread.m"; path = "OSX/Breadcrumb/bc-10-knife-on-bread.m"; sourceTree = ""; }; + DCE4E6D71D7A420D00AFB96E /* main.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = main.m; path = OSX/SecurityTestsOSX/main.m; sourceTree = ""; }; + DCE4E6D91D7A421D00AFB96E /* libcoretls.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libcoretls.dylib; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/usr/lib/libcoretls.dylib; sourceTree = DEVELOPER_DIR; }; + DCE4E6E71D7A427200AFB96E /* SecurityFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = SecurityFoundation.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/SecurityFoundation.framework; sourceTree = DEVELOPER_DIR; }; + DCE4E72E1D7A436300AFB96E /* si-82-sectrust-ct-logs.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = "si-82-sectrust-ct-logs.plist"; path = "OSX/shared_regressions/si-82-sectrust-ct-logs.plist"; sourceTree = SOURCE_ROOT; }; + DCE4E7B21D7A43B500AFB96E /* SecurityTestsOSX.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = SecurityTestsOSX.app; sourceTree = BUILT_PRODUCTS_DIR; }; + DCE4E7C01D7A463E00AFB96E /* SecurityFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = SecurityFoundation.framework; path = System/Library/Frameworks/SecurityFoundation.framework; sourceTree = SDKROOT; }; + DCE4E7CC1D7A4AED00AFB96E /* sectests */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = sectests; sourceTree = BUILT_PRODUCTS_DIR; }; + DCE4E7E11D7A4B7F00AFB96E /* main.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = main.c; path = OSX/sectests/main.c; sourceTree = SOURCE_ROOT; }; + DCE4E7F61D7A4DA800AFB96E /* secd */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = secd; sourceTree = BUILT_PRODUCTS_DIR; }; + DCE4E8091D7A4E1C00AFB96E /* com.apple.secd.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = com.apple.secd.plist; path = ../ipc/com.apple.secd.plist; sourceTree = ""; }; + DCE4E80D1D7A4E3A00AFB96E /* com.apple.securityd.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = com.apple.securityd.plist; path = OSX/sec/os_log/com.apple.securityd.plist; sourceTree = ""; }; + DCE4E8141D7A4E6F00AFB96E /* CFNetwork.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CFNetwork.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/CFNetwork.framework; sourceTree = DEVELOPER_DIR; }; + DCE4E81B1D7A4E8F00AFB96E /* libsqlite3.0.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libsqlite3.0.dylib; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/usr/lib/libsqlite3.0.dylib; sourceTree = DEVELOPER_DIR; }; + DCE4E8271D7A4F0E00AFB96E /* login.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = login.framework; path = System/Library/PrivateFrameworks/login.framework; sourceTree = SDKROOT; }; + DCE4E82B1D7A54D300AFB96E /* ios_on_macos.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; name = ios_on_macos.xcconfig; path = xcconfig/ios_on_macos.xcconfig; sourceTree = ""; }; + DCE4E8591D7A57AE00AFB96E /* trustd */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = trustd; sourceTree = BUILT_PRODUCTS_DIR; }; + DCE4E85B1D7A583A00AFB96E /* com.apple.trustd.agent.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = com.apple.trustd.agent.plist; path = OSX/trustd/com.apple.trustd.agent.plist; sourceTree = ""; }; + DCE4E85C1D7A584000AFB96E /* com.apple.trustd.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = com.apple.trustd.plist; path = OSX/trustd/com.apple.trustd.plist; sourceTree = ""; }; + DCE4E8941D7F34F600AFB96E /* authd.xpc */ = {isa = PBXFileReference; explicitFileType = "wrapper.xpc-service"; includeInIndex = 0; path = authd.xpc; sourceTree = BUILT_PRODUCTS_DIR; }; + DCE4E8A11D7F353900AFB96E /* agent.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = agent.c; path = OSX/authd/agent.c; sourceTree = ""; }; + DCE4E8A21D7F353900AFB96E /* authdb.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = authdb.c; path = OSX/authd/authdb.c; sourceTree = ""; }; + DCE4E8A31D7F353900AFB96E /* authitems.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = authitems.c; path = OSX/authd/authitems.c; sourceTree = ""; }; + DCE4E8A41D7F353900AFB96E /* authtoken.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = authtoken.c; path = OSX/authd/authtoken.c; sourceTree = ""; }; + DCE4E8A51D7F353900AFB96E /* authutilities.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = authutilities.c; path = OSX/authd/authutilities.c; sourceTree = ""; }; + DCE4E8A61D7F353900AFB96E /* ccaudit.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = ccaudit.c; path = OSX/authd/ccaudit.c; sourceTree = ""; }; + DCE4E8A71D7F353900AFB96E /* crc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = crc.c; path = OSX/authd/crc.c; sourceTree = ""; }; + DCE4E8A81D7F353900AFB96E /* credential.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = credential.c; path = OSX/authd/credential.c; sourceTree = ""; }; + DCE4E8A91D7F353900AFB96E /* debugging.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = debugging.c; path = OSX/authd/debugging.c; sourceTree = ""; }; + DCE4E8AA1D7F353900AFB96E /* engine.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = engine.c; path = OSX/authd/engine.c; sourceTree = ""; }; + DCE4E8AB1D7F353900AFB96E /* main.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = main.c; path = OSX/authd/main.c; sourceTree = ""; }; + DCE4E8AC1D7F353900AFB96E /* mechanism.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = mechanism.c; path = OSX/authd/mechanism.c; sourceTree = ""; }; + DCE4E8AD1D7F353900AFB96E /* object.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = object.c; path = OSX/authd/object.c; sourceTree = ""; }; + DCE4E8AE1D7F353900AFB96E /* process.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = process.c; path = OSX/authd/process.c; sourceTree = ""; }; + DCE4E8AF1D7F353900AFB96E /* rule.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = rule.c; path = OSX/authd/rule.c; sourceTree = ""; }; + DCE4E8B01D7F353900AFB96E /* server.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = server.c; path = OSX/authd/server.c; sourceTree = ""; }; + DCE4E8B11D7F353900AFB96E /* session.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = session.c; path = OSX/authd/session.c; sourceTree = ""; }; + DCE4E8B21D7F353900AFB96E /* connection.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = connection.c; path = OSX/authd/connection.c; sourceTree = ""; }; + DCE4E8CB1D7F357C00AFB96E /* authorization.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = authorization.plist; path = OSX/authd/authorization.plist; sourceTree = ""; }; + DCE4E8CF1D7F35B800AFB96E /* com.apple.authd.sb */ = {isa = PBXFileReference; lastKnownFileType = text; name = com.apple.authd.sb; path = OSX/authd/com.apple.authd.sb; sourceTree = ""; }; + DCE4E8D21D7F35D200AFB96E /* com.apple.authd */ = {isa = PBXFileReference; lastKnownFileType = text; name = com.apple.authd; path = OSX/authd/com.apple.authd; sourceTree = ""; }; + DCE4E8D51D7F361D00AFB96E /* authd_private.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = authd_private.h; path = OSX/authd/authd_private.h; sourceTree = ""; }; + DCE4E8DD1D7F39DB00AFB96E /* Cloud Keychain Utility.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "Cloud Keychain Utility.app"; sourceTree = BUILT_PRODUCTS_DIR; }; + DCE4E8F01D7F3A1100AFB96E /* KDSecCircle.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = KDSecCircle.m; path = OSX/Keychain/KDSecCircle.m; sourceTree = SOURCE_ROOT; }; + DCE4E8F11D7F3A1100AFB96E /* KDCirclePeer.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = KDCirclePeer.m; path = OSX/Keychain/KDCirclePeer.m; sourceTree = SOURCE_ROOT; }; + DCE4E8F21D7F3A1100AFB96E /* main.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = main.m; path = OSX/Keychain/main.m; sourceTree = SOURCE_ROOT; }; + DCE4E8F31D7F3A1100AFB96E /* KDAppDelegate.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = KDAppDelegate.m; path = OSX/Keychain/KDAppDelegate.m; sourceTree = SOURCE_ROOT; }; + DCE4E8F41D7F3A1100AFB96E /* KDSecItems.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = KDSecItems.m; path = OSX/Keychain/KDSecItems.m; sourceTree = SOURCE_ROOT; }; + DCE4E8F51D7F3A1100AFB96E /* NSArray+mapWithBlock.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "NSArray+mapWithBlock.m"; path = "OSX/Keychain Circle Notification/NSArray+mapWithBlock.m"; sourceTree = SOURCE_ROOT; }; + DCE4E8FE1D7F3A2300AFB96E /* Cocoa.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Cocoa.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk/System/Library/Frameworks/Cocoa.framework; sourceTree = DEVELOPER_DIR; }; + DCE4E9031D7F3A4800AFB96E /* Icon.icns */ = {isa = PBXFileReference; lastKnownFileType = image.icns; name = Icon.icns; path = OSX/Keychain/Icon.icns; sourceTree = SOURCE_ROOT; }; + DCE4E9051D7F3A4800AFB96E /* en */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = en; path = OSX/Keychain/en.lproj/InfoPlist.strings; sourceTree = SOURCE_ROOT; }; + DCE4E9071D7F3A4800AFB96E /* en */ = {isa = PBXFileReference; lastKnownFileType = text.rtf; name = en; path = OSX/Keychain/en.lproj/Credits.rtf; sourceTree = SOURCE_ROOT; }; + DCE4E9111D7F3D5300AFB96E /* Keychain Circle Notification.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "Keychain Circle Notification.app"; sourceTree = BUILT_PRODUCTS_DIR; }; + DCE4E9221D7F3D7B00AFB96E /* KDSecCircle.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = KDSecCircle.m; path = ../Keychain/KDSecCircle.m; sourceTree = ""; }; + DCE4E9231D7F3D7C00AFB96E /* KNPersistentState.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = KNPersistentState.m; sourceTree = ""; }; + DCE4E9241D7F3D7C00AFB96E /* NSArray+mapWithBlock.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSArray+mapWithBlock.m"; sourceTree = ""; }; + DCE4E9251D7F3D7C00AFB96E /* NSDictionary+compactDescription.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSDictionary+compactDescription.m"; sourceTree = ""; }; + DCE4E9261D7F3D7C00AFB96E /* NSString+compactDescription.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSString+compactDescription.m"; sourceTree = ""; }; + DCE4E9271D7F3D7C00AFB96E /* main.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; + DCE4E9281D7F3D7C00AFB96E /* KDCirclePeer.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = KDCirclePeer.m; path = ../Keychain/KDCirclePeer.m; sourceTree = ""; }; + DCE4E9291D7F3D7C00AFB96E /* KNAppDelegate.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = KNAppDelegate.m; sourceTree = ""; }; + DCE4E92A1D7F3D7C00AFB96E /* NSSet+compactDescription.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSSet+compactDescription.m"; sourceTree = ""; }; + DCE4E9391D7F3DF200AFB96E /* CrashReporterSupport.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CrashReporterSupport.framework; path = System/Library/PrivateFrameworks/CrashReporterSupport.framework; sourceTree = SDKROOT; }; + DCE4E93B1D7F3E0900AFB96E /* AOSUI.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AOSUI.framework; path = System/Library/PrivateFrameworks/AOSUI.framework; sourceTree = SDKROOT; }; + DCE4E93E1D7F3E4000AFB96E /* AOSAccounts.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AOSAccounts.framework; path = System/Library/PrivateFrameworks/AOSAccounts.framework; sourceTree = SDKROOT; }; + DCE4E9411D7F3E6E00AFB96E /* CoreCDP.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreCDP.framework; path = System/Library/PrivateFrameworks/CoreCDP.framework; sourceTree = SDKROOT; }; + DCE4E9451D7F3E8700AFB96E /* en */ = {isa = PBXFileReference; fileEncoding = 10; lastKnownFileType = text.plist.strings; name = en; path = "OSX/Keychain Circle Notification/en.lproj/Localizable.strings"; sourceTree = SOURCE_ROOT; }; + DCE4E9461D7F3E8700AFB96E /* com.apple.security.keychain-circle-notification.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "com.apple.security.keychain-circle-notification.plist"; sourceTree = ""; }; + DCE4E9481D7F3E8700AFB96E /* en */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = en; path = "OSX/Keychain Circle Notification/en.lproj/InfoPlist.strings"; sourceTree = SOURCE_ROOT; }; + DCEE1E851D93424D00DC0EB7 /* com.apple.securityd.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = com.apple.securityd.plist; path = OSX/sec/ipc/com.apple.securityd.plist; sourceTree = SOURCE_ROOT; }; + DCF783141D88B4DE00E694BB /* libsecurity_apple_csp.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_apple_csp.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DCF783151D88B60D00E694BB /* aesCommon.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = aesCommon.h; sourceTree = ""; }; + DCF783161D88B60D00E694BB /* aescsp.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = aescsp.cpp; sourceTree = ""; }; + DCF783171D88B60D00E694BB /* aescspi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = aescspi.h; sourceTree = ""; }; + DCF783181D88B60D00E694BB /* boxes-ref.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "boxes-ref.c"; sourceTree = ""; }; + DCF783191D88B60D00E694BB /* boxes-ref.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "boxes-ref.h"; sourceTree = ""; }; + DCF7831A1D88B60D00E694BB /* gladmanContext.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = gladmanContext.cpp; sourceTree = ""; }; + DCF7831B1D88B60D00E694BB /* gladmanContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = gladmanContext.h; sourceTree = ""; }; + DCF7831C1D88B60D00E694BB /* rijndael-alg-ref.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "rijndael-alg-ref.c"; sourceTree = ""; }; + DCF7831D1D88B60D00E694BB /* rijndael-alg-ref.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "rijndael-alg-ref.h"; sourceTree = ""; }; + DCF7831E1D88B60D00E694BB /* rijndaelApi.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rijndaelApi.c; sourceTree = ""; }; + DCF7831F1D88B60D00E694BB /* rijndaelApi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = rijndaelApi.h; sourceTree = ""; }; + DCF783201D88B60D00E694BB /* vRijndael-alg-ref.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "vRijndael-alg-ref.c"; sourceTree = ""; }; + DCF783221D88B60D00E694BB /* AppleCSP.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = AppleCSP.cpp; sourceTree = ""; }; + DCF783231D88B60D00E694BB /* AppleCSP.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AppleCSP.h; sourceTree = ""; }; + DCF783241D88B60D00E694BB /* AppleCSPBuiltin.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AppleCSPBuiltin.cpp; sourceTree = ""; }; + DCF783251D88B60D00E694BB /* AppleCSPContext.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AppleCSPContext.cpp; sourceTree = ""; }; + DCF783261D88B60D00E694BB /* AppleCSPContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AppleCSPContext.h; sourceTree = ""; }; + DCF783271D88B60D00E694BB /* AppleCSPKeys.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AppleCSPKeys.cpp; sourceTree = ""; }; + DCF783281D88B60D00E694BB /* AppleCSPKeys.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AppleCSPKeys.h; sourceTree = ""; }; + DCF783291D88B60D00E694BB /* AppleCSPPlugin.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AppleCSPPlugin.cpp; sourceTree = ""; }; + DCF7832A1D88B60D00E694BB /* AppleCSPSession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AppleCSPSession.h; sourceTree = ""; }; + DCF7832B1D88B60D00E694BB /* AppleCSPUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = AppleCSPUtils.cpp; sourceTree = ""; }; + DCF7832C1D88B60D00E694BB /* AppleCSPUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AppleCSPUtils.h; sourceTree = ""; }; + DCF7832D1D88B60D00E694BB /* BinaryKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BinaryKey.h; sourceTree = ""; }; + DCF7832E1D88B60D00E694BB /* BlockCryptor.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = BlockCryptor.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; + DCF7832F1D88B60D00E694BB /* BlockCryptor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BlockCryptor.h; sourceTree = ""; }; + DCF783301D88B60D00E694BB /* cspdebugging.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = cspdebugging.c; sourceTree = ""; }; + DCF783311D88B60D00E694BB /* cspdebugging.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cspdebugging.h; sourceTree = ""; }; + DCF783321D88B60D00E694BB /* deriveKey.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = deriveKey.cpp; sourceTree = ""; }; + DCF783331D88B60D00E694BB /* DigestContext.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DigestContext.cpp; sourceTree = ""; }; + DCF783341D88B60D00E694BB /* DigestContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DigestContext.h; sourceTree = ""; }; + DCF783351D88B60D00E694BB /* MacContext.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MacContext.cpp; sourceTree = ""; }; + DCF783361D88B60D00E694BB /* MacContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MacContext.h; sourceTree = ""; }; + DCF783371D88B60D00E694BB /* RawSigner.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RawSigner.h; sourceTree = ""; }; + DCF783381D88B60D00E694BB /* SignatureContext.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SignatureContext.cpp; sourceTree = ""; }; + DCF783391D88B60D00E694BB /* SignatureContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SignatureContext.h; sourceTree = ""; }; + DCF7833A1D88B60D00E694BB /* wrapKey.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = wrapKey.cpp; sourceTree = ""; }; + DCF7833B1D88B60D00E694BB /* wrapKeyCms.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = wrapKeyCms.cpp; sourceTree = ""; }; + DCF7833C1D88B60D00E694BB /* YarrowConnection.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = YarrowConnection.cpp; sourceTree = ""; }; + DCF7833D1D88B60D00E694BB /* YarrowConnection.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = YarrowConnection.h; sourceTree = ""; }; + DCF7833F1D88B60D00E694BB /* algmaker.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = algmaker.cpp; sourceTree = ""; }; + DCF783401D88B60D00E694BB /* bsafeAsymmetric.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = bsafeAsymmetric.cpp; sourceTree = ""; }; + DCF783411D88B60D00E694BB /* bsafeContext.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = bsafeContext.cpp; sourceTree = ""; }; + DCF783421D88B60D00E694BB /* bsafecsp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bsafecsp.h; sourceTree = ""; }; + DCF783431D88B60D00E694BB /* bsafecspi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bsafecspi.h; sourceTree = ""; }; + DCF783441D88B60D00E694BB /* bsafeKeyGen.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = bsafeKeyGen.cpp; sourceTree = ""; }; + DCF783451D88B60D00E694BB /* bsafePKCS1.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = bsafePKCS1.cpp; sourceTree = ""; }; + DCF783461D88B60D00E694BB /* bsafePKCS1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bsafePKCS1.h; sourceTree = ""; }; + DCF783471D88B60D00E694BB /* bsafeSymmetric.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = bsafeSymmetric.cpp; sourceTree = ""; }; + DCF783481D88B60D00E694BB /* bsobjects.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bsobjects.h; sourceTree = ""; }; + DCF783491D88B60D00E694BB /* memory.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = memory.cpp; sourceTree = ""; }; + DCF7834A1D88B60D00E694BB /* miscalgorithms.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = miscalgorithms.cpp; sourceTree = ""; }; + DCF7834C1D88B60D00E694BB /* ascContext.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = ascContext.cpp; sourceTree = ""; }; + DCF7834D1D88B60D00E694BB /* ascContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ascContext.h; sourceTree = ""; }; + DCF7834E1D88B60D00E694BB /* ascFactory.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ascFactory.h; sourceTree = ""; }; + DCF783501D88B60D00E694BB /* cryptkitcsp.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cryptkitcsp.cpp; sourceTree = ""; }; + DCF783511D88B60D00E694BB /* cryptkitcsp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cryptkitcsp.h; sourceTree = ""; }; + DCF783521D88B60D00E694BB /* CryptKitSpace.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CryptKitSpace.h; sourceTree = ""; }; + DCF783531D88B60D00E694BB /* FEEAsymmetricContext.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FEEAsymmetricContext.cpp; sourceTree = ""; }; + DCF783541D88B60D00E694BB /* FEEAsymmetricContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FEEAsymmetricContext.h; sourceTree = ""; }; + DCF783551D88B60D00E694BB /* FEECSPUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = FEECSPUtils.cpp; sourceTree = ""; }; + DCF783561D88B60D00E694BB /* FEECSPUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FEECSPUtils.h; sourceTree = ""; }; + DCF783571D88B60D00E694BB /* FEEKeys.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = FEEKeys.cpp; sourceTree = ""; }; + DCF783581D88B60D00E694BB /* FEEKeys.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FEEKeys.h; sourceTree = ""; }; + DCF783591D88B60D00E694BB /* FEESignatureObject.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = FEESignatureObject.cpp; sourceTree = ""; }; + DCF7835A1D88B60D00E694BB /* FEESignatureObject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FEESignatureObject.h; sourceTree = ""; }; + DCF7835C1D88B60D00E694BB /* DH_csp.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DH_csp.cpp; sourceTree = ""; }; + DCF7835D1D88B60D00E694BB /* DH_csp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DH_csp.h; sourceTree = ""; }; + DCF7835E1D88B60D00E694BB /* DH_exchange.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DH_exchange.cpp; sourceTree = ""; }; + DCF7835F1D88B60D00E694BB /* DH_exchange.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DH_exchange.h; sourceTree = ""; }; + DCF783601D88B60D00E694BB /* DH_keys.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = DH_keys.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; + DCF783611D88B60D00E694BB /* DH_keys.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = DH_keys.h; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; }; + DCF783621D88B60D00E694BB /* DH_utils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = DH_utils.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; + DCF783631D88B60D00E694BB /* DH_utils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DH_utils.h; sourceTree = ""; }; + DCF783651D88B60D00E694BB /* HMACSHA1.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = HMACSHA1.c; sourceTree = ""; }; + DCF783661D88B60D00E694BB /* HMACSHA1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = HMACSHA1.h; sourceTree = ""; }; + DCF783671D88B60D00E694BB /* pbkdDigest.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = pbkdDigest.cpp; sourceTree = ""; }; + DCF783681D88B60D00E694BB /* pbkdDigest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pbkdDigest.h; sourceTree = ""; }; + DCF783691D88B60D00E694BB /* pbkdf2.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = pbkdf2.c; sourceTree = ""; }; + DCF7836A1D88B60D00E694BB /* pbkdf2.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pbkdf2.h; sourceTree = ""; }; + DCF7836C1D88B60D00E694BB /* MD2Object.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MD2Object.cpp; sourceTree = ""; }; + DCF7836D1D88B60D00E694BB /* MD2Object.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MD2Object.h; sourceTree = ""; }; + DCF7836E1D88B60D00E694BB /* SHA1_MD5_Object.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SHA1_MD5_Object.cpp; sourceTree = ""; }; + DCF7836F1D88B60D00E694BB /* SHA1_MD5_Object.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SHA1_MD5_Object.h; sourceTree = ""; }; + DCF783701D88B60D00E694BB /* SHA2_Object.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SHA2_Object.cpp; sourceTree = ""; }; + DCF783711D88B60D00E694BB /* SHA2_Object.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SHA2_Object.h; sourceTree = ""; }; + DCF783731D88B60D00E694BB /* pkcs12Derive.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs12Derive.cpp; sourceTree = ""; }; + DCF783741D88B60D00E694BB /* pkcs12Derive.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs12Derive.h; sourceTree = ""; }; + DCF783751D88B60D00E694BB /* pkcs8.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = pkcs8.cpp; sourceTree = ""; }; + DCF783761D88B60D00E694BB /* pkcs8.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = pkcs8.h; sourceTree = ""; }; + DCF783781D88B60D00E694BB /* bfContext.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = bfContext.cpp; sourceTree = ""; }; + DCF783791D88B60D00E694BB /* bfContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bfContext.h; sourceTree = ""; }; + DCF7837A1D88B60D00E694BB /* castContext.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = castContext.cpp; sourceTree = ""; }; + DCF7837B1D88B60D00E694BB /* castContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = castContext.h; sourceTree = ""; }; + DCF7837C1D88B60D00E694BB /* desContext.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = desContext.cpp; sourceTree = ""; }; + DCF7837D1D88B60D00E694BB /* desContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = desContext.h; sourceTree = ""; }; + DCF7837E1D88B60D00E694BB /* NullCryptor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NullCryptor.h; sourceTree = ""; }; + DCF7837F1D88B60D00E694BB /* rc2Context.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = rc2Context.cpp; sourceTree = ""; }; + DCF783801D88B60D00E694BB /* rc2Context.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = rc2Context.h; sourceTree = ""; }; + DCF783811D88B60D00E694BB /* rc4Context.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = rc4Context.cpp; sourceTree = ""; }; + DCF783821D88B60D00E694BB /* rc4Context.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = rc4Context.h; sourceTree = ""; }; + DCF783831D88B60D00E694BB /* rc5Context.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = rc5Context.cpp; sourceTree = ""; }; + DCF783841D88B60D00E694BB /* rc5Context.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = rc5Context.h; sourceTree = ""; }; + DCF783861D88B60D00E694BB /* miscAlgFactory.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = miscAlgFactory.cpp; sourceTree = ""; }; + DCF783871D88B60D00E694BB /* miscAlgFactory.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = miscAlgFactory.h; sourceTree = ""; }; + DCF783891D88B60D00E694BB /* RSA_asymmetric.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = RSA_asymmetric.cpp; sourceTree = ""; }; + DCF7838A1D88B60D00E694BB /* RSA_DSA_signature.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = RSA_DSA_signature.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; + DCF7838B1D88B60D00E694BB /* RSA_DSA_signature.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RSA_DSA_signature.h; sourceTree = ""; }; + DCF7838C1D88B60D00E694BB /* RSA_DSA_utils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = RSA_DSA_utils.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; + DCF7838D1D88B60D00E694BB /* RSA_DSA_utils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RSA_DSA_utils.h; sourceTree = ""; }; + DCF7838E1D88B60D00E694BB /* RSA_DSA_csp.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RSA_DSA_csp.cpp; sourceTree = ""; }; + DCF7838F1D88B60D00E694BB /* RSA_DSA_csp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RSA_DSA_csp.h; sourceTree = ""; }; + DCF783901D88B60D00E694BB /* RSA_DSA_keys.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = RSA_DSA_keys.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; + DCF783911D88B60D00E694BB /* RSA_DSA_keys.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RSA_DSA_keys.h; sourceTree = ""; }; + DCF783921D88B60D00E694BB /* RSA_asymmetric.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RSA_asymmetric.h; sourceTree = ""; }; + DCF783931D88B60D00E694BB /* opensshCoding.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = opensshCoding.h; sourceTree = ""; }; + DCF783941D88B60D00E694BB /* opensshCoding.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = opensshCoding.cpp; sourceTree = ""; }; + DCF783951D88B60D00E694BB /* opensshWrap.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = opensshWrap.cpp; sourceTree = ""; }; + DCF783971D88B60D00E694BB /* opensslAsn1.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = opensslAsn1.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; + DCF783981D88B60D00E694BB /* opensslAsn1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = opensslAsn1.h; sourceTree = ""; }; + DCF783991D88B60D00E694BB /* opensslUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = opensslUtils.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; + DCF7839A1D88B60D00E694BB /* opensslUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = opensslUtils.h; sourceTree = ""; }; + DCF7841C1D88B62D00E694BB /* bf_ecb.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bf_ecb.c; sourceTree = ""; }; + DCF7841D1D88B62D00E694BB /* bf_enc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bf_enc.c; sourceTree = ""; }; + DCF7841E1D88B62D00E694BB /* bf_locl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bf_locl.h; sourceTree = ""; }; + DCF7841F1D88B62D00E694BB /* bf_pi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bf_pi.h; sourceTree = ""; }; + DCF784201D88B62D00E694BB /* bf_skey.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bf_skey.c; sourceTree = ""; }; + DCF784211D88B62D00E694BB /* COPYRIGHT */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = COPYRIGHT; sourceTree = ""; }; + DCF784221D88B62D00E694BB /* README */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = README; sourceTree = ""; }; + DCF784241D88B62D00E694BB /* bio_lib.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bio_lib.c; sourceTree = ""; }; + DCF784251D88B62D00E694BB /* bss_file.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bss_file.c; sourceTree = ""; }; + DCF784271D88B62D00E694BB /* bn_add.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bn_add.c; sourceTree = ""; }; + DCF784281D88B62D00E694BB /* bn_asm.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bn_asm.c; sourceTree = ""; }; + DCF784291D88B62D00E694BB /* bn_blind.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bn_blind.c; sourceTree = ""; }; + DCF7842A1D88B62D00E694BB /* bn_ctx.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bn_ctx.c; sourceTree = ""; }; + DCF7842B1D88B62D00E694BB /* bn_div.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bn_div.c; sourceTree = ""; }; + DCF7842C1D88B62D00E694BB /* bn_err.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bn_err.c; sourceTree = ""; }; + DCF7842D1D88B62D00E694BB /* bn_exp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bn_exp.c; sourceTree = ""; }; + DCF7842E1D88B62D00E694BB /* bn_exp2.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bn_exp2.c; sourceTree = ""; }; + DCF7842F1D88B62D00E694BB /* bn_gcd.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bn_gcd.c; sourceTree = ""; }; + DCF784301D88B62D00E694BB /* bn_lcl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bn_lcl.h; sourceTree = ""; }; + DCF784311D88B62D00E694BB /* bn_lib.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bn_lib.c; sourceTree = ""; }; + DCF784321D88B62D00E694BB /* bn_mont.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bn_mont.c; sourceTree = ""; }; + DCF784331D88B62D00E694BB /* bn_mpi.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bn_mpi.c; sourceTree = ""; }; + DCF784341D88B62D00E694BB /* bn_mul.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bn_mul.c; sourceTree = ""; }; + DCF784351D88B62D00E694BB /* bn_prime.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bn_prime.c; sourceTree = ""; }; + DCF784361D88B62D00E694BB /* bn_prime.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bn_prime.h; sourceTree = ""; }; + DCF784371D88B62D00E694BB /* bn_print.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bn_print.c; sourceTree = ""; }; + DCF784381D88B62D00E694BB /* bn_rand.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bn_rand.c; sourceTree = ""; }; + DCF784391D88B62D00E694BB /* bn_recp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bn_recp.c; sourceTree = ""; }; + DCF7843A1D88B62D00E694BB /* bn_shift.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bn_shift.c; sourceTree = ""; }; + DCF7843B1D88B62D00E694BB /* bn_sqr.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bn_sqr.c; sourceTree = ""; }; + DCF7843C1D88B62D00E694BB /* bn_word.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bn_word.c; sourceTree = ""; }; + DCF7843D1D88B62D00E694BB /* bnspeed.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bnspeed.c; sourceTree = ""; }; + DCF7843E1D88B62D00E694BB /* bntest.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = bntest.c; sourceTree = ""; }; + DCF7843F1D88B62D00E694BB /* divtest.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = divtest.c; sourceTree = ""; }; + DCF784401D88B62D00E694BB /* exp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = exp.c; sourceTree = ""; }; + DCF784411D88B62D00E694BB /* expspeed.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = expspeed.c; sourceTree = ""; }; + DCF784421D88B62D00E694BB /* exptest.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = exptest.c; sourceTree = ""; }; + DCF784431D88B62D00E694BB /* vms-helper.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "vms-helper.c"; sourceTree = ""; }; + DCF784451D88B62D00E694BB /* buf_err.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = buf_err.c; sourceTree = ""; }; + DCF784461D88B62D00E694BB /* buffer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = buffer.c; sourceTree = ""; }; + DCF784481D88B62D00E694BB /* cryptlib.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = cryptlib.c; sourceTree = ""; }; + DCF784491D88B62D00E694BB /* cryptlib.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cryptlib.h; sourceTree = ""; }; + DCF7844A1D88B62D00E694BB /* dh_check.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = dh_check.c; sourceTree = ""; }; + DCF7844B1D88B62D00E694BB /* dh_err.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = dh_err.c; sourceTree = ""; }; + DCF7844C1D88B62D00E694BB /* dh_gen.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = dh_gen.c; sourceTree = ""; }; + DCF7844D1D88B62D00E694BB /* dh_key.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = dh_key.c; sourceTree = ""; }; + DCF7844E1D88B62D00E694BB /* dh_lib.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = dh_lib.c; sourceTree = ""; }; + DCF784501D88B62D00E694BB /* dsa_asn1.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = dsa_asn1.c; sourceTree = ""; }; + DCF784511D88B62D00E694BB /* dsa_err.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = dsa_err.c; sourceTree = ""; }; + DCF784521D88B62D00E694BB /* dsa_gen.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = dsa_gen.c; sourceTree = ""; }; + DCF784531D88B62D00E694BB /* dsa_key.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = dsa_key.c; sourceTree = ""; }; + DCF784541D88B62D00E694BB /* dsa_lib.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = dsa_lib.c; sourceTree = ""; }; + DCF784551D88B62D00E694BB /* dsa_ossl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = dsa_ossl.c; sourceTree = ""; }; + DCF784561D88B62D00E694BB /* dsa_sign.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = dsa_sign.c; sourceTree = ""; }; + DCF784571D88B62D00E694BB /* dsa_vrf.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = dsa_vrf.c; sourceTree = ""; }; + DCF784591D88B62D00E694BB /* err.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = err.c; sourceTree = ""; }; + DCF7845A1D88B62D00E694BB /* err_prn.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = err_prn.c; sourceTree = ""; }; + DCF7845C1D88B62D00E694BB /* ex_data.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ex_data.c; sourceTree = ""; }; + DCF7845D1D88B62D00E694BB /* lhash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = lhash.c; sourceTree = ""; }; + DCF7845F1D88B62D00E694BB /* LICENSE */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = LICENSE; sourceTree = ""; }; + DCF784601D88B62D00E694BB /* mem.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = mem.c; sourceTree = ""; }; + DCF784611D88B62D00E694BB /* rc2_cbc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rc2_cbc.c; sourceTree = ""; }; + DCF784621D88B62D00E694BB /* rc2_locl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = rc2_locl.h; sourceTree = ""; }; + DCF784631D88B62D00E694BB /* rc2_skey.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rc2_skey.c; sourceTree = ""; }; + DCF784641D88B62D00E694BB /* rc5_enc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rc5_enc.c; sourceTree = ""; }; + DCF784651D88B62D00E694BB /* rc5_locl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = rc5_locl.h; sourceTree = ""; }; + DCF784661D88B62D00E694BB /* rc5_skey.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rc5_skey.c; sourceTree = ""; }; + DCF784681D88B62D00E694BB /* asn1_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = asn1_legacy.h; sourceTree = ""; }; + DCF784691D88B62D00E694BB /* bio_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bio_legacy.h; sourceTree = ""; }; + DCF7846A1D88B62D00E694BB /* blowfish_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = blowfish_legacy.h; sourceTree = ""; }; + DCF7846B1D88B62D00E694BB /* bn_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bn_legacy.h; sourceTree = ""; }; + DCF7846C1D88B62D00E694BB /* buffer_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = buffer_legacy.h; sourceTree = ""; }; + DCF7846D1D88B62D00E694BB /* cast_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cast_legacy.h; sourceTree = ""; }; + DCF7846E1D88B62D00E694BB /* crypto_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = crypto_legacy.h; sourceTree = ""; }; + DCF7846F1D88B62D00E694BB /* dh_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dh_legacy.h; sourceTree = ""; }; + DCF784701D88B62D00E694BB /* dsa_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dsa_legacy.h; sourceTree = ""; }; + DCF784711D88B62D00E694BB /* e_os.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = e_os.h; sourceTree = ""; }; + DCF784721D88B62D00E694BB /* e_os2_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = e_os2_legacy.h; sourceTree = ""; }; + DCF784731D88B62D00E694BB /* opensslerr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = opensslerr.h; sourceTree = ""; }; + DCF784741D88B62D00E694BB /* evp_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = evp_legacy.h; sourceTree = ""; }; + DCF784751D88B62D00E694BB /* lhash_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = lhash_legacy.h; sourceTree = ""; }; + DCF784761D88B62D00E694BB /* objects_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = objects_legacy.h; sourceTree = ""; }; + DCF784771D88B62D00E694BB /* openssl_pkcs7_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = openssl_pkcs7_legacy.h; sourceTree = ""; }; + DCF784781D88B62D00E694BB /* opensslconf_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = opensslconf_legacy.h; sourceTree = ""; }; + DCF784791D88B62D00E694BB /* opensslv_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = opensslv_legacy.h; sourceTree = ""; }; + DCF7847A1D88B62D00E694BB /* rand.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = rand.h; sourceTree = ""; }; + DCF7847B1D88B62D00E694BB /* rc2_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = rc2_legacy.h; sourceTree = ""; }; + DCF7847C1D88B62D00E694BB /* rc5_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = rc5_legacy.h; sourceTree = ""; }; + DCF7847D1D88B62D00E694BB /* rsa_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = rsa_legacy.h; sourceTree = ""; }; + DCF7847E1D88B62D00E694BB /* safestack_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = safestack_legacy.h; sourceTree = ""; }; + DCF7847F1D88B62D00E694BB /* stack_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = stack_legacy.h; sourceTree = ""; }; + DCF784801D88B62D00E694BB /* x509_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = x509_legacy.h; sourceTree = ""; }; + DCF784811D88B62D00E694BB /* x509_vfy_legacy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = x509_vfy_legacy.h; sourceTree = ""; }; + DCF784831D88B62D00E694BB /* rsa_chk.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rsa_chk.c; sourceTree = ""; }; + DCF784841D88B62D00E694BB /* rsa_eay.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rsa_eay.c; sourceTree = ""; }; + DCF784851D88B62D00E694BB /* rsa_err.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rsa_err.c; sourceTree = ""; }; + DCF784861D88B62D00E694BB /* rsa_gen.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rsa_gen.c; sourceTree = ""; }; + DCF784871D88B62D00E694BB /* rsa_lib.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rsa_lib.c; sourceTree = ""; }; + DCF784881D88B62D00E694BB /* rsa_none.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rsa_none.c; sourceTree = ""; }; + DCF784891D88B62D00E694BB /* rsa_null.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rsa_null.c; sourceTree = ""; }; + DCF7848A1D88B62D00E694BB /* rsa_pk1.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rsa_pk1.c; sourceTree = ""; }; + DCF7848B1D88B62D00E694BB /* rsa_saos.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rsa_saos.c; sourceTree = ""; }; + DCF7848C1D88B62D00E694BB /* rsa_sign.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rsa_sign.c; sourceTree = ""; }; + DCF7848D1D88B62D00E694BB /* rsa_ssl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = rsa_ssl.c; sourceTree = ""; }; + DCF7848F1D88B62D00E694BB /* stack.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = stack.c; sourceTree = ""; }; + DCF784F81D88B63800E694BB /* libsecurity_apple_csp.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = libsecurity_apple_csp.plist; sourceTree = ""; }; + DCF784F91D88B63800E694BB /* libsecurity_apple_csp.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = libsecurity_apple_csp.txt; sourceTree = ""; }; + DCF785E51D88B95500E694BB /* libsecurity_apple_cspdl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_apple_cspdl.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DCF787051D88BA0100E694BB /* AppleCSPDLPlugin.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AppleCSPDLPlugin.cpp; sourceTree = ""; }; + DCF787061D88BA0100E694BB /* CSPDLDatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CSPDLDatabase.cpp; sourceTree = ""; }; + DCF787071D88BA0100E694BB /* CSPDLDatabase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CSPDLDatabase.h; sourceTree = ""; }; + DCF787081D88BA0100E694BB /* CSPDLPlugin.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CSPDLPlugin.cpp; sourceTree = ""; }; + DCF787091D88BA0100E694BB /* CSPDLPlugin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CSPDLPlugin.h; sourceTree = ""; }; + DCF7870A1D88BA0100E694BB /* SSContext.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SSContext.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; + DCF7870B1D88BA0100E694BB /* SSContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SSContext.h; sourceTree = ""; }; + DCF7870C1D88BA0100E694BB /* SSCSPDLSession.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SSCSPDLSession.cpp; sourceTree = ""; }; + DCF7870D1D88BA0100E694BB /* SSCSPDLSession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SSCSPDLSession.h; sourceTree = ""; }; + DCF7870E1D88BA0100E694BB /* SSCSPSession.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SSCSPSession.cpp; sourceTree = ""; }; + DCF7870F1D88BA0100E694BB /* SSCSPSession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SSCSPSession.h; sourceTree = ""; }; + DCF787101D88BA0100E694BB /* SSDatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SSDatabase.cpp; sourceTree = ""; }; + DCF787111D88BA0100E694BB /* SSDatabase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SSDatabase.h; sourceTree = ""; }; + DCF787121D88BA0100E694BB /* SSDLSession.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SSDLSession.cpp; sourceTree = ""; }; + DCF787131D88BA0100E694BB /* SSDLSession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SSDLSession.h; sourceTree = ""; }; + DCF787141D88BA0100E694BB /* SSFactory.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SSFactory.cpp; sourceTree = ""; }; + DCF787151D88BA0100E694BB /* SSFactory.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SSFactory.h; sourceTree = ""; }; + DCF787161D88BA0100E694BB /* SSKey.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = SSKey.cpp; sourceTree = ""; }; + DCF787171D88BA0100E694BB /* SSKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SSKey.h; sourceTree = ""; }; + DCF7872F1D88C18A00E694BB /* AppleCSPDLBuiltin.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = AppleCSPDLBuiltin.cpp; path = OSX/libsecurity_apple_cspdl/lib/AppleCSPDLBuiltin.cpp; sourceTree = ""; }; + DCF788331D88C86900E694BB /* libsecurity_apple_empty.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_apple_empty.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DCF7883B1D88C8C400E694BB /* libsecurity_apple_file_dl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_apple_file_dl.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DCF7883C1D88C8DE00E694BB /* AppleDLPlugin.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AppleDLPlugin.cpp; sourceTree = ""; }; + DCF7883D1D88C8DE00E694BB /* AppleFileDL.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AppleFileDL.cpp; sourceTree = ""; }; + DCF7883E1D88C8DE00E694BB /* AppleFileDL.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AppleFileDL.h; sourceTree = ""; }; + DCF788431D88C8FF00E694BB /* AppleDLBuiltin.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = AppleDLBuiltin.cpp; path = OSX/libsecurity_apple_file_dl/lib/AppleDLBuiltin.cpp; sourceTree = ""; }; + DCF7884E1D88CA7200E694BB /* libsecurity_apple_x509_cl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_apple_x509_cl.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DCF788501D88CABC00E694BB /* AppleX509CL.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AppleX509CL.cpp; sourceTree = ""; }; + DCF788511D88CABC00E694BB /* AppleX509CL.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AppleX509CL.h; sourceTree = ""; }; + DCF788521D88CABC00E694BB /* AppleX509CLBuiltin.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AppleX509CLBuiltin.cpp; sourceTree = ""; }; + DCF788531D88CABC00E694BB /* AppleX509CLPlugin.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AppleX509CLPlugin.cpp; sourceTree = ""; }; + DCF788541D88CABC00E694BB /* AppleX509CLSession.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = AppleX509CLSession.cpp; sourceTree = ""; }; + DCF788551D88CABC00E694BB /* AppleX509CLSession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AppleX509CLSession.h; sourceTree = ""; }; + DCF788561D88CABC00E694BB /* CertFields.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CertFields.cpp; sourceTree = ""; }; + DCF788571D88CABC00E694BB /* CLCachedEntry.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CLCachedEntry.cpp; sourceTree = ""; }; + DCF788581D88CABC00E694BB /* CLCachedEntry.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CLCachedEntry.h; sourceTree = ""; }; + DCF788591D88CABC00E694BB /* CLCertExtensions.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CLCertExtensions.cpp; sourceTree = ""; }; + DCF7885A1D88CABC00E694BB /* CLCertExtensions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CLCertExtensions.h; sourceTree = ""; }; + DCF7885B1D88CABC00E694BB /* CLCrlExtensions.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CLCrlExtensions.cpp; sourceTree = ""; }; + DCF7885C1D88CABC00E694BB /* CLCrlExtensions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CLCrlExtensions.h; sourceTree = ""; }; + DCF7885D1D88CABC00E694BB /* cldebugging.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = cldebugging.h; sourceTree = ""; }; + DCF7885E1D88CABC00E694BB /* CLFieldsCommon.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CLFieldsCommon.cpp; sourceTree = ""; }; + DCF7885F1D88CABC00E694BB /* CLFieldsCommon.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CLFieldsCommon.h; sourceTree = ""; }; + DCF788601D88CABC00E694BB /* clNameUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = clNameUtils.cpp; sourceTree = ""; }; + DCF788611D88CABC00E694BB /* clNameUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = clNameUtils.h; sourceTree = ""; }; + DCF788621D88CABC00E694BB /* clNssUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = clNssUtils.cpp; sourceTree = ""; }; + DCF788631D88CABC00E694BB /* clNssUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = clNssUtils.h; sourceTree = ""; }; + DCF788641D88CABC00E694BB /* CrlFields.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CrlFields.cpp; sourceTree = ""; }; + DCF788651D88CABC00E694BB /* CSPAttacher.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CSPAttacher.cpp; sourceTree = ""; }; + DCF788661D88CABC00E694BB /* CSPAttacher.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CSPAttacher.h; sourceTree = ""; }; + DCF788671D88CABC00E694BB /* DecodedCert.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DecodedCert.cpp; sourceTree = ""; }; + DCF788681D88CABC00E694BB /* DecodedCert.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DecodedCert.h; sourceTree = ""; }; + DCF788691D88CABC00E694BB /* DecodedCrl.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DecodedCrl.cpp; sourceTree = ""; }; + DCF7886A1D88CABC00E694BB /* DecodedCrl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DecodedCrl.h; sourceTree = ""; }; + DCF7886B1D88CABC00E694BB /* DecodedExtensions.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DecodedExtensions.cpp; sourceTree = ""; }; + DCF7886C1D88CABC00E694BB /* DecodedExtensions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DecodedExtensions.h; sourceTree = ""; }; + DCF7886D1D88CABC00E694BB /* DecodedItem.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DecodedItem.cpp; sourceTree = ""; }; + DCF7886E1D88CABC00E694BB /* DecodedItem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DecodedItem.h; sourceTree = ""; }; + DCF7886F1D88CABC00E694BB /* LockedMap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LockedMap.h; sourceTree = ""; }; + DCF788701D88CABC00E694BB /* Session_Cert.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Session_Cert.cpp; sourceTree = ""; }; + DCF788711D88CABC00E694BB /* Session_CRL.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Session_CRL.cpp; sourceTree = ""; }; + DCF788721D88CABC00E694BB /* Session_Crypto.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Session_Crypto.cpp; sourceTree = ""; }; + DCF788731D88CABC00E694BB /* Session_CSR.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Session_CSR.cpp; sourceTree = ""; }; + DCF7889D1D88CB5200E694BB /* apple_x509_cl.bundle */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = apple_x509_cl.bundle; sourceTree = BUILT_PRODUCTS_DIR; }; + DCF788D61D88CD2400E694BB /* libsecurity_apple_x509_tp.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity_apple_x509_tp.a; sourceTree = BUILT_PRODUCTS_DIR; }; + DCF788D71D88CD4200E694BB /* AppleTP.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AppleTP.cpp; sourceTree = ""; }; + DCF788D81D88CD4200E694BB /* AppleTP.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AppleTP.h; sourceTree = ""; }; + DCF788D91D88CD4200E694BB /* AppleTPSession.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AppleTPSession.cpp; sourceTree = ""; }; + DCF788DA1D88CD4200E694BB /* AppleTPSession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AppleTPSession.h; sourceTree = ""; }; + DCF788DB1D88CD4200E694BB /* AppleX509TPPlugin.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AppleX509TPPlugin.cpp; sourceTree = ""; }; + DCF788DC1D88CD4200E694BB /* certGroupUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = certGroupUtils.cpp; sourceTree = ""; }; + DCF788DD1D88CD4200E694BB /* certGroupUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = certGroupUtils.h; sourceTree = ""; }; + DCF788DE1D88CD4200E694BB /* cuEnc64.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = cuEnc64.c; sourceTree = ""; }; + DCF788DF1D88CD4200E694BB /* cuEnc64.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cuEnc64.h; sourceTree = ""; }; + DCF788E01D88CD4200E694BB /* tpCertGroup.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = tpCertGroup.cpp; sourceTree = ""; }; + DCF788E11D88CD4200E694BB /* TPCertInfo.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = TPCertInfo.cpp; sourceTree = ""; }; + DCF788E41D88CD4200E694BB /* TPCertInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TPCertInfo.h; sourceTree = ""; }; + DCF788E51D88CD4200E694BB /* tpCredRequest.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = tpCredRequest.cpp; sourceTree = ""; }; + DCF788E61D88CD4200E694BB /* TPCrlInfo.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TPCrlInfo.cpp; sourceTree = ""; }; + DCF788E71D88CD4200E694BB /* TPCrlInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TPCrlInfo.h; sourceTree = ""; }; + DCF788E81D88CD4200E694BB /* tpCrlVerify.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = tpCrlVerify.cpp; sourceTree = ""; }; + DCF788E91D88CD4200E694BB /* tpCrlVerify.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tpCrlVerify.h; sourceTree = ""; }; + DCF788EA1D88CD4200E694BB /* TPDatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TPDatabase.cpp; sourceTree = ""; }; + DCF788EB1D88CD4200E694BB /* TPDatabase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TPDatabase.h; sourceTree = ""; }; + DCF788EC1D88CD4200E694BB /* tpdebugging.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; path = tpdebugging.h; sourceTree = ""; }; + DCF788ED1D88CD4200E694BB /* TPNetwork.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TPNetwork.cpp; sourceTree = ""; }; + DCF788EE1D88CD4200E694BB /* TPNetwork.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TPNetwork.h; sourceTree = ""; }; + DCF788EF1D88CD4200E694BB /* ocspRequest.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ocspRequest.cpp; sourceTree = ""; }; + DCF788F01D88CD4200E694BB /* ocspRequest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ocspRequest.h; sourceTree = ""; }; + DCF788F11D88CD4200E694BB /* tpOcspCache.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = tpOcspCache.cpp; sourceTree = ""; }; + DCF788F21D88CD4200E694BB /* tpOcspCache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tpOcspCache.h; sourceTree = ""; }; + DCF788F31D88CD4200E694BB /* tpOcspCertVfy.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = tpOcspCertVfy.cpp; sourceTree = ""; }; + DCF788F41D88CD4200E694BB /* tpOcspCertVfy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tpOcspCertVfy.h; sourceTree = ""; }; + DCF788F51D88CD4200E694BB /* tpOcspVerify.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = tpOcspVerify.cpp; sourceTree = ""; }; + DCF788F61D88CD4200E694BB /* tpOcspVerify.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tpOcspVerify.h; sourceTree = ""; }; + DCF788F71D88CD4200E694BB /* tpPolicies.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = tpPolicies.cpp; sourceTree = ""; }; + DCF788F81D88CD4200E694BB /* tpPolicies.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tpPolicies.h; sourceTree = ""; }; + DCF788F91D88CD4200E694BB /* tpTime.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = tpTime.c; sourceTree = ""; }; + DCF788FA1D88CD4200E694BB /* tpTime.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = tpTime.h; sourceTree = ""; }; + DCF789471D88D17C00E694BB /* AppleX509TPBuiltin.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = AppleX509TPBuiltin.cpp; path = OSX/libsecurity_apple_x509_tp/lib/AppleX509TPBuiltin.cpp; sourceTree = ""; }; + DCFAEDC81D999851005187E4 /* SOSAccountGhost.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountGhost.c; sourceTree = ""; }; + DCFAEDC91D999851005187E4 /* SOSAccountGhost.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSAccountGhost.h; sourceTree = ""; }; + DCFAEDD11D9998DD005187E4 /* secd-668-ghosts.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "secd-668-ghosts.c"; sourceTree = ""; }; + DCFAEDD51D99A464005187E4 /* secd-36-ks-encrypt.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "secd-36-ks-encrypt.m"; sourceTree = ""; }; E7104A0B169E171900DB0045 /* security_tool_commands.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = security_tool_commands.c; sourceTree = ""; }; E710C7421331946400F85568 /* SecurityTests.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = SecurityTests.app; sourceTree = BUILT_PRODUCTS_DIR; }; E710C74C1331946500F85568 /* SecurityTests-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "SecurityTests-Info.plist"; sourceTree = ""; }; @@ -3202,18 +10093,13 @@ E71F3E3016EA69A900FAF9B4 /* SystemConfiguration.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = SystemConfiguration.framework; path = System/Library/Frameworks/SystemConfiguration.framework; sourceTree = SDKROOT; }; E722E9111CE92DFC005AD94B /* CKDKVSStore.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = CKDKVSStore.m; path = KVSKeychainSyncingProxy/CKDKVSStore.m; sourceTree = ""; }; E722E9381CE92EE0005AD94B /* CKDKVSStore.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CKDKVSStore.h; path = KVSKeychainSyncingProxy/CKDKVSStore.h; sourceTree = ""; }; - E732892A1AED7551008CE839 /* SOSCloudCircle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SOSCloudCircle.h; path = "Forwarding Headers/SOSCloudCircle.h"; sourceTree = SOURCE_ROOT; }; - E732892C1AED7631008CE839 /* SOSPeerInfo.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SOSPeerInfo.h; path = "Forwarding Headers/SOSPeerInfo.h"; sourceTree = SOURCE_ROOT; }; E73AC9421D0250D900FFFEE0 /* CKDStore.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CKDStore.h; path = KVSKeychainSyncingProxy/CKDStore.h; sourceTree = ""; }; - E7450BAC16D42B17009C07B8 /* SOSCloudCircle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SOSCloudCircle.h; path = SecureObjectSync/SOSCloudCircle.h; sourceTree = ""; }; - E7450BAD16D42B17009C07B8 /* SOSPeerInfo.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SOSPeerInfo.h; path = SecureObjectSync/SOSPeerInfo.h; sourceTree = ""; }; - E75112E9166EFBF0008C578B /* PeerListCell.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PeerListCell.h; sourceTree = ""; }; - E75112EA166EFBF0008C578B /* PeerListCell.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = PeerListCell.m; sourceTree = ""; }; E75C0E801C6FC31D00E6953B /* KCSRPContext.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KCSRPContext.h; sourceTree = ""; }; E75C0E811C6FC31D00E6953B /* KCSRPContext.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = KCSRPContext.m; sourceTree = ""; }; E75C0E841C71325000E6953B /* KeychainCircle.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = KeychainCircle.h; sourceTree = ""; }; E75E498A1C8F76360001A34F /* libDER.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libDER.a; path = ../../../../../usr/local/lib/libDER.a; sourceTree = ""; }; E75E498C1C8F76680001A34F /* libASN1.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libASN1.a; path = ../../../../../usr/local/lib/libASN1.a; sourceTree = ""; }; + E76638AE1DD67B7100B769D3 /* security-sysdiagnose.entitlements.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "security-sysdiagnose.entitlements.plist"; sourceTree = ""; }; E7676DB519411DF300498DD4 /* SecServerEncryptionSupport.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecServerEncryptionSupport.h; sourceTree = ""; }; E772FD461CC15EFA00D63E41 /* NSData+SecRandom.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSData+SecRandom.m"; sourceTree = ""; }; E772FD6F1CC15F1F00D63E41 /* NSData+SecRandom.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSData+SecRandom.h"; sourceTree = ""; }; @@ -3224,22 +10110,22 @@ E794BAFF1C7598F900339A0F /* KCJoiningMessages.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = KCJoiningMessages.m; sourceTree = ""; }; E7A5F4C61C0CFF3200F3BEBB /* CKDKVSProxy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CKDKVSProxy.h; path = KVSKeychainSyncingProxy/CKDKVSProxy.h; sourceTree = ""; }; E7A5F4C71C0CFF3200F3BEBB /* CKDKVSProxy.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = CKDKVSProxy.m; path = KVSKeychainSyncingProxy/CKDKVSProxy.m; sourceTree = ""; }; - E7A5F4C91C0CFF3200F3BEBB /* CKDPersistentState.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CKDPersistentState.h; path = KVSKeychainSyncingProxy/CKDPersistentState.h; sourceTree = ""; }; - E7A5F4CA1C0CFF3200F3BEBB /* CKDPersistentState.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = CKDPersistentState.m; path = KVSKeychainSyncingProxy/CKDPersistentState.m; sourceTree = ""; }; E7A5F4CB1C0CFF3300F3BEBB /* cloudkeychain.entitlements.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = cloudkeychain.entitlements.plist; path = KVSKeychainSyncingProxy/cloudkeychain.entitlements.plist; sourceTree = ""; }; E7A5F4CC1C0CFF3300F3BEBB /* CloudKeychainProxy-Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = "CloudKeychainProxy-Info.plist"; path = "KVSKeychainSyncingProxy/CloudKeychainProxy-Info.plist"; sourceTree = ""; }; E7A5F4CE1C0CFF3300F3BEBB /* cloudkeychainproxy.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = cloudkeychainproxy.m; path = KVSKeychainSyncingProxy/cloudkeychainproxy.m; sourceTree = ""; }; - E7A5F4D71C0D01B000F3BEBB /* SOSCloudKeychainConstants.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; name = SOSCloudKeychainConstants.c; path = OSX/sec/SOSCircle/CKBridge/SOSCloudKeychainConstants.c; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.c; }; - E7A5F5511C0D03B400F3BEBB /* IDSPersistentState.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = IDSPersistentState.m; sourceTree = ""; }; - E7A5F5521C0D03B400F3BEBB /* IDSProxy.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = IDSProxy.m; sourceTree = ""; }; - E7A5F5551C0D03DB00F3BEBB /* idskeychainsyncingproxy.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = idskeychainsyncingproxy.m; sourceTree = ""; }; - E7A5F5561C0D03DB00F3BEBB /* IDSPersistentState.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = IDSPersistentState.h; sourceTree = ""; }; - E7A5F5571C0D03DB00F3BEBB /* IDSProxy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = IDSProxy.h; sourceTree = ""; }; + E7A5F4D71C0D01B000F3BEBB /* SOSCloudKeychainConstants.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SOSCloudKeychainConstants.c; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.c; }; E7AAB5F415929493005C8BCC /* libcorecrypto.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libcorecrypto.dylib; path = usr/lib/system/libcorecrypto.dylib; sourceTree = SDKROOT; }; E7B01BF2166594AB000485F1 /* SyncDevTest2.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = SyncDevTest2.app; sourceTree = BUILT_PRODUCTS_DIR; }; E7B945B01CFE5D440027F31D /* CKDAccount.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = CKDAccount.h; path = KVSKeychainSyncingProxy/CKDAccount.h; sourceTree = ""; }; E7B945B11CFE5EBD0027F31D /* CKDSecuritydAccount.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CKDSecuritydAccount.h; path = KVSKeychainSyncingProxy/CKDSecuritydAccount.h; sourceTree = ""; }; E7B945B21CFE5EBD0027F31D /* CKDSecuritydAccount.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = CKDSecuritydAccount.m; path = KVSKeychainSyncingProxy/CKDSecuritydAccount.m; sourceTree = ""; }; + E7C787181DCA4C5A0087FC34 /* CKDLockMonitor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CKDLockMonitor.h; path = KVSKeychainSyncingProxy/CKDLockMonitor.h; sourceTree = ""; }; + E7C7871D1DCA4CF70087FC34 /* CKDAKSLockMonitor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CKDAKSLockMonitor.h; path = KVSKeychainSyncingProxy/CKDAKSLockMonitor.h; sourceTree = ""; }; + E7C7871F1DCA4D430087FC34 /* CKDAKSLockMonitor.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = CKDAKSLockMonitor.m; path = KVSKeychainSyncingProxy/CKDAKSLockMonitor.m; sourceTree = ""; }; + E7C787301DD0FED50087FC34 /* NSURL+SOSPlistStore.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = "NSURL+SOSPlistStore.h"; path = "src/NSURL+SOSPlistStore.h"; sourceTree = ""; }; + E7C787311DD0FED50087FC34 /* NSURL+SOSPlistStore.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "NSURL+SOSPlistStore.m"; path = "src/NSURL+SOSPlistStore.m"; sourceTree = ""; }; + E7C787321DD0FED50087FC34 /* XPCNotificationDispatcher.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = XPCNotificationDispatcher.h; path = KVSKeychainSyncingProxy/XPCNotificationDispatcher.h; sourceTree = ""; }; + E7C787331DD0FED50087FC34 /* XPCNotificationDispatcher.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = XPCNotificationDispatcher.m; path = KVSKeychainSyncingProxy/XPCNotificationDispatcher.m; sourceTree = ""; }; E7CFF7221C8660A000E3484E /* KeychainCircle.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; name = KeychainCircle.plist; path = Tests/KeychainCircle.plist; sourceTree = ""; }; E7D690911652E06A0079537A /* libMobileGestalt.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libMobileGestalt.dylib; path = usr/lib/libMobileGestalt.dylib; sourceTree = SDKROOT; }; E7D847C51C6BE9710025BB44 /* KeychainCircle.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = KeychainCircle.framework; sourceTree = BUILT_PRODUCTS_DIR; }; @@ -3251,6 +10137,7 @@ E7E3EFB91CBC192A00E79A5D /* KCAccountKCCircleDelegate.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = KCAccountKCCircleDelegate.m; sourceTree = ""; }; E7E3EFE21CBC195700E79A5D /* KCAccountKCCircleDelegate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = KCAccountKCCircleDelegate.h; sourceTree = ""; }; E7E4318813319C0700AF0CFD /* SecurityTests-Entitlements.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "SecurityTests-Entitlements.plist"; sourceTree = ""; }; + E7E5B55E1DC7ACAE00C03FFB /* SOSAccountGetSet.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SOSAccountGetSet.c; sourceTree = ""; }; E7F480111C729C7B00390FDB /* NSError+KCCreationHelpers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSError+KCCreationHelpers.h"; sourceTree = ""; }; E7F480131C7397CE00390FDB /* KCJoiningSession.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = KCJoiningSession.h; sourceTree = ""; }; E7F480141C73980D00390FDB /* KCJoiningRequestSession.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = KCJoiningRequestSession.m; sourceTree = ""; }; @@ -3267,6 +10154,11 @@ E7FCBE411314471B000DE34E /* UIKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = UIKit.framework; path = System/Library/Frameworks/UIKit.framework; sourceTree = SDKROOT; }; E7FCBE431314471B000DE34E /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = System/Library/Frameworks/Foundation.framework; sourceTree = SDKROOT; }; E7FCBE451314471B000DE34E /* CoreGraphics.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreGraphics.framework; path = System/Library/Frameworks/CoreGraphics.framework; sourceTree = SDKROOT; }; + E7FE40BD1DC803FD00F0F5B6 /* secd-210-keyinterest.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = "secd-210-keyinterest.m"; path = "../../SOSCircle/Regressions/secd-210-keyinterest.m"; sourceTree = ""; }; + E7FE40C41DC804E400F0F5B6 /* CKDSimulatedStore.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = CKDSimulatedStore.m; path = ../../SOSCircle/SecureObjectSync/CKDSimulatedStore.m; sourceTree = ""; }; + E7FE40C61DC804FA00F0F5B6 /* CKDSimulatedStore.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = CKDSimulatedStore.h; path = ../../SOSCircle/SecureObjectSync/CKDSimulatedStore.h; sourceTree = ""; }; + E7FE40C71DC8084600F0F5B6 /* CKDSimulatedAccount.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CKDSimulatedAccount.h; path = ../../SOSCircle/Regressions/CKDSimulatedAccount.h; sourceTree = ""; }; + E7FE40C81DC8084600F0F5B6 /* CKDSimulatedAccount.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = CKDSimulatedAccount.m; path = ../../SOSCircle/Regressions/CKDSimulatedAccount.m; sourceTree = ""; }; E7FEFB80169E26E200E18152 /* sub_commands.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = sub_commands.h; sourceTree = ""; }; EB0BC93E1C3C791500785842 /* secedumodetest */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = secedumodetest; sourceTree = BUILT_PRODUCTS_DIR; }; EB0BC9651C3C794700785842 /* secedumodetest.entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = secedumodetest.entitlements; path = secedumodetest/secedumodetest.entitlements; sourceTree = ""; }; @@ -3274,12 +10166,16 @@ EB2CA4D81D2C28C800AB770F /* libaks.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libaks.a; path = usr/local/lib/libaks.a; sourceTree = SDKROOT; }; EB2CA5561D2C30F700AB770F /* Security.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; name = Security.xcconfig; path = xcconfig/Security.xcconfig; sourceTree = ""; }; EB3A8DD71BEEC4D6001A89AA /* Security_edumode.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = Security_edumode.plist; sourceTree = ""; }; + EB3EBF0F1DBD413600620B2C /* libobjc.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libobjc.dylib; path = usr/lib/libobjc.dylib; sourceTree = SDKROOT; }; EB425CA61C65846D000ECE53 /* secbackuptest */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = secbackuptest; sourceTree = BUILT_PRODUCTS_DIR; }; EB425CCD1C65854F000ECE53 /* secbackuptest.entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = secbackuptest.entitlements; path = secbackuptest/secbackuptest.entitlements; sourceTree = ""; }; EB425CCE1C65854F000ECE53 /* secbackuptest.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = secbackuptest.m; path = secbackuptest/secbackuptest.m; sourceTree = ""; }; EB433A1E1CC3242C00A7EACE /* secitemstresstest.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = secitemstresstest.m; path = secitemstresstest/secitemstresstest.m; sourceTree = ""; }; EB433A281CC3243600A7EACE /* secitemstresstest */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = secitemstresstest; sourceTree = BUILT_PRODUCTS_DIR; }; EB433A2D1CC325E900A7EACE /* secitemstresstest.entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = secitemstresstest.entitlements; path = secitemstresstest/secitemstresstest.entitlements; sourceTree = ""; }; + EB6928BE1D9C9C5900062A18 /* SecRecoveryKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecRecoveryKey.h; sourceTree = ""; }; + EB6928BF1D9C9C5900062A18 /* SecRecoveryKey.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SecRecoveryKey.m; sourceTree = ""; }; + EB6928C91D9C9D9D00062A18 /* rk_01_recoverykey.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = rk_01_recoverykey.m; path = Regressions/rk_01_recoverykey.m; sourceTree = ""; }; EB69AB091BF4347700913AF1 /* SecEMCSPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecEMCSPriv.h; sourceTree = ""; }; EB8021411D3D90BB008540C4 /* Security.iOS.modulemap */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = "sourcecode.module-map"; name = Security.iOS.modulemap; path = Modules/Security.iOS.modulemap; sourceTree = ""; }; EB8021421D3D90BB008540C4 /* Security.macOS.modulemap */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = "sourcecode.module-map"; name = Security.macOS.modulemap; path = Modules/Security.macOS.modulemap; sourceTree = ""; }; @@ -3289,4555 +10185,22814 @@ EBA9AA7B1CE30CE7004E2B68 /* secitemnotifications.entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = secitemnotifications.entitlements; path = secitemnotifications/secitemnotifications.entitlements; sourceTree = ""; }; EBA9AA7C1CE30CE7004E2B68 /* secitemnotifications.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = secitemnotifications.m; path = secitemnotifications/secitemnotifications.m; sourceTree = ""; }; EBA9AA861CE30E58004E2B68 /* secitemnotifications */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = secitemnotifications; sourceTree = BUILT_PRODUCTS_DIR; }; - EBBE20311C2137E900B7A639 /* ExternalProject.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; name = ExternalProject.sh; path = SecurityFeatures/ExternalProject.sh; sourceTree = ""; }; + EBCF01001DF501310055AF97 /* swcagent-entitlements.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = "swcagent-entitlements.plist"; sourceTree = ""; }; EBCF73F11CE45F8600BED7CA /* secitemfunctionality.entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = secitemfunctionality.entitlements; path = secitemfunctionality/secitemfunctionality.entitlements; sourceTree = ""; }; EBCF73F21CE45F8600BED7CA /* secitemfunctionality.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = secitemfunctionality.m; path = secitemfunctionality/secitemfunctionality.m; sourceTree = ""; }; EBCF73FC1CE45F9C00BED7CA /* secitemfunctionality */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = secitemfunctionality; sourceTree = BUILT_PRODUCTS_DIR; }; - EBD8495A1B24BEA000C5FD1E /* print_cert.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = print_cert.c; path = OSX/sec/SecurityTool/print_cert.c; sourceTree = SOURCE_ROOT; }; - EBDED8AE1C21076C00E5ECDB /* CopyHeaders.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; name = CopyHeaders.sh; path = SecurityFeatures/CopyHeaders.sh; sourceTree = ""; }; - EBDED8AF1C21076C00E5ECDB /* README.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = README.txt; path = SecurityFeatures/README.txt; sourceTree = ""; }; - EBDED8B21C21078D00E5ECDB /* SecurityFeatures.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecurityFeatures.h; path = SecurityFeatures/OSX/SecurityFeatures.h; sourceTree = ""; }; - EBDED8B31C2107A200E5ECDB /* SecurityFeatures.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SecurityFeatures.h; path = SecurityFeatures/iOS/SecurityFeatures.h; sourceTree = ""; }; - EBDED8B51C2107DF00E5ECDB /* SecurityFeatures.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SecurityFeatures.h; path = include/Security/SecurityFeatures.h; sourceTree = ""; }; EBE54D771BE33227000C4856 /* libmis.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libmis.dylib; path = usr/lib/libmis.dylib; sourceTree = SDKROOT; }; + EBF374721DC055580065D840 /* security-sysdiagnose */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = "security-sysdiagnose"; sourceTree = BUILT_PRODUCTS_DIR; }; + EBF374741DC055590065D840 /* security-sysdiagnose.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "security-sysdiagnose.m"; sourceTree = ""; }; + EBF3747F1DC057FE0065D840 /* security-sysdiagnose.1 */ = {isa = PBXFileReference; lastKnownFileType = text.man; path = "security-sysdiagnose.1"; sourceTree = ""; }; + EBF3749A1DC064200065D840 /* SecADWrapper.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; name = SecADWrapper.c; path = src/SecADWrapper.c; sourceTree = ""; }; + EBF3749B1DC064200065D840 /* SecADWrapper.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = SecADWrapper.h; path = src/SecADWrapper.h; sourceTree = ""; }; F93C493A1AB8FF530047E01A /* ckcdiagnose.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = ckcdiagnose.sh; sourceTree = ""; }; /* End PBXFileReference section */ -/* Begin PBXFrameworksBuildPhase section */ - 0C0BDB2C175685B000BC1A7E /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; +/* Begin PBXFrameworksBuildPhase section */ + 0C0BDB2C175685B000BC1A7E /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + EBE901721C2283F7007308C6 /* AggregateDictionary.framework in Frameworks */, + DC00ABD61D821F3200513D74 /* libsecipc_client.a in Frameworks */, + DCD22D8D1D8CCC79001C9B81 /* libregressionBase.a in Frameworks */, + 438168C51B4ED43B00C54D58 /* CoreFoundation.framework in Frameworks */, + EB3409B01C1D627400D77661 /* Foundation.framework in Frameworks */, + DCD22D8B1D8CCC58001C9B81 /* libASN1_not_installed.a in Frameworks */, + DC59EA911D91CDCF001BDDF5 /* libDER_not_installed.a in Frameworks */, + DC59E9A71D91C7C7001BDDF5 /* libCMS.a in Frameworks */, + DC00ABD71D821F3F00513D74 /* libsecurity.a in Frameworks */, + DC00ABD81D821F4300513D74 /* libsecdRegressions.a in Frameworks */, + DC00ABD91D821F4700513D74 /* libsecurityd_ios.a in Frameworks */, + DC00ABDA1D821F4A00513D74 /* libSecureObjectSync.a in Frameworks */, + DCD22D8C1D8CCC63001C9B81 /* libutilities.a in Frameworks */, + D447C4101D3094740082FC1D /* Security.framework in Frameworks */, + 0C0BDB8D1756A66100BC1A7E /* CFNetwork.framework in Frameworks */, + 0C0BDB911756A8A400BC1A7E /* IOKit.framework in Frameworks */, + 0C0BDB931756A8C900BC1A7E /* SystemConfiguration.framework in Frameworks */, + 5E8B53A51AA0B8A600345E7B /* libcoreauthd_test_client.a in Frameworks */, + 4432B15F1A014D55000958DC /* libaks_acl.a in Frameworks */, + 0C0BDB8F1756A6D500BC1A7E /* libMobileGestalt.dylib in Frameworks */, + 0C0BDB881756A51000BC1A7E /* libsqlite3.dylib in Frameworks */, + BE8ABDD81DC2DD9100EC2D58 /* libz.dylib in Frameworks */, + 4469FBFF1AA0A4820021AA26 /* libctkclient_test.a in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 0C2BCBB21D06401F00ED7A2F /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DCD22D911D8CCCB7001C9B81 /* libutilities.a in Frameworks */, + 0C2BCBB41D06401F00ED7A2F /* Security.framework in Frameworks */, + 0C2BCBB51D06401F00ED7A2F /* CoreFoundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 0C2BCBC71D0648D100ED7A2F /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DCD22D901D8CCCA0001C9B81 /* libutilities.a in Frameworks */, + 0C2BCBC91D0648D100ED7A2F /* Security.framework in Frameworks */, + 0C2BCBCA1D0648D100ED7A2F /* CoreFoundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 438169091B4EDCBD00C54D58 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + 438169E41B4EE13B00C54D58 /* Accounts.framework in Frameworks */, + 438169E51B4EE14D00C54D58 /* Security.framework in Frameworks */, + 4381690D1B4EDCBD00C54D58 /* Foundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 4C32C0AD0A4975F6002891BD /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + EB3EBF111DBD413F00620B2C /* libobjc.dylib in Frameworks */, + DC00AB611D821BE600513D74 /* libSecureObjectSync.a in Frameworks */, + 5296CB4E1655B8F5009912AF /* libMobileGestalt.dylib in Frameworks */, + 0C78F1D016A5E3EB00654E08 /* libbsm.dylib in Frameworks */, + BEE523D71DACA97600DD0AA3 /* libz.dylib in Frameworks */, + DC59EA771D91CC6D001BDDF5 /* libDER_not_installed.a in Frameworks */, + DCD22D771D8CC9CD001C9B81 /* libASN1_not_installed.a in Frameworks */, + 44A655831AA4B4BB0059D185 /* libctkclient.a in Frameworks */, + DC59E9A41D91C6F0001BDDF5 /* libCMS.a in Frameworks */, + DCD22D781D8CC9D8001C9B81 /* libsecurity_ssl.a in Frameworks */, + DC00AB621D821BEC00513D74 /* libsecipc_client.a in Frameworks */, + DC00AB631D821BEF00513D74 /* libsecurity.a in Frameworks */, + DCD22D791D8CC9F1001C9B81 /* libutilities.a in Frameworks */, + DC00AB641D821BF300513D74 /* liblogging.a in Frameworks */, + 4432AF8B1A014664000958DC /* libcoreauthd_client.a in Frameworks */, + 4432AF8D1A01472C000958DC /* libaks_acl.a in Frameworks */, + 438166ED1B4ECF9400C54D58 /* CoreFoundation.framework in Frameworks */, + 4CAF67AC0F3A70220064A534 /* IOKit.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 4C52D0B116EFC61E0079966E /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + 0C869B431C865E4D006A2873 /* CoreCDP.framework in Frameworks */, + 43DB54551BB1F8920083C3F1 /* ProtectedCloudStorage.framework in Frameworks */, + 4C8A38C917B93DF10001B4C0 /* CloudServices.framework in Frameworks */, + 4C7913251799A5CC00A9633E /* MobileCoreServices.framework in Frameworks */, + 4381603B1B4DCEFF00C54D58 /* AggregateDictionary.framework in Frameworks */, + 4C3DD6BD179760280093F9D8 /* libMobileGestalt.dylib in Frameworks */, + 533B5D4F177CD63100995334 /* SpringBoardServices.framework in Frameworks */, + 7200D76F177B9999009BB396 /* ManagedConfiguration.framework in Frameworks */, + 433E519E1B66D5F600482618 /* AppSupport.framework in Frameworks */, + 4C84DA551720698900AEE225 /* AppleAccount.framework in Frameworks */, + 4CF4C19D171E0EA600877419 /* Accounts.framework in Frameworks */, + 438168C41B4ED43800C54D58 /* CoreFoundation.framework in Frameworks */, + 4C52D0EC16EFCD300079966E /* Security.framework in Frameworks */, + 4C52D0B516EFC61E0079966E /* Foundation.framework in Frameworks */, + DCD22D961D8CCF08001C9B81 /* libutilities.a in Frameworks */, + EB2CA5571D2C36D400AB770F /* IOKit.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 4C711D6513AFCD0900FE865D /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC00ABB31D821E0400513D74 /* libSharedRegressions.a in Frameworks */, + EBE9019C1C2285DB007308C6 /* AggregateDictionary.framework in Frameworks */, + E7D690A11652E07B0079537A /* libMobileGestalt.dylib in Frameworks */, + DCD22D991D8CCFB4001C9B81 /* libsecurity_ssl_regressions.a in Frameworks */, + DC00ABB41D821E0700513D74 /* libsecurityd_ios.a in Frameworks */, + DCD22D9A1D8CCFC1001C9B81 /* libutilities.a in Frameworks */, + DC00ABB51D821E0B00513D74 /* libSecureObjectSync.a in Frameworks */, + DCD22D9B1D8CCFCB001C9B81 /* libASN1_not_installed.a in Frameworks */, + DC59EA851D91CD35001BDDF5 /* libDER_not_installed.a in Frameworks */, + DC65E7771D8CB82500152EF0 /* libregressionBase.a in Frameworks */, + 438168C01B4ED42C00C54D58 /* CoreFoundation.framework in Frameworks */, + DCD22D9C1D8CCFD6001C9B81 /* libutilitiesRegressions.a in Frameworks */, + DC00ABB71D821E2F00513D74 /* libiOSSecurityRegressions.a in Frameworks */, + DC00ABB81D821E3300513D74 /* libiOSsecuritydRegressions.a in Frameworks */, + 44A655A61AA4B4C80059D185 /* libctkclient.a in Frameworks */, + DC00ABB91D821E3A00513D74 /* libSOSRegressions.a in Frameworks */, + 4C711D6C13AFCD0900FE865D /* libsqlite3.dylib in Frameworks */, + BE405EE31DC2F11E00E227B1 /* libz.dylib in Frameworks */, + 4432B1621A014D8F000958DC /* libcoreauthd_client.a in Frameworks */, + 4432B1631A014D8F000958DC /* libaks_acl.a in Frameworks */, + 0CFC02C21D41651E00E6283B /* libcoretls.dylib in Frameworks */, + 4C711D6F13AFCD0900FE865D /* CFNetwork.framework in Frameworks */, + 4C711D7013AFCD0900FE865D /* IOKit.framework in Frameworks */, + E7A011AF14E1B78C00765C29 /* Foundation.framework in Frameworks */, + 4C711D6D13AFCD0900FE865D /* Security.framework in Frameworks */, + E71F3E4216EA6A6300FAF9B4 /* SystemConfiguration.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 4C9DE9D01181AC4800CF5C27 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DCD22D8A1D8CCC23001C9B81 /* libSecureObjectSync.a in Frameworks */, + DCD22D891D8CCC1F001C9B81 /* libsecurityd_ios.a in Frameworks */, + 5296CB521655B9B5009912AF /* libMobileGestalt.dylib in Frameworks */, + 4432B1C91A024273000958DC /* libaks_acl.a in Frameworks */, + 438168BE1B4ED42700C54D58 /* CoreFoundation.framework in Frameworks */, + 4C9DEA451181B34C00CF5C27 /* Security.framework in Frameworks */, + E71F3E4016EA6A1800FAF9B4 /* SystemConfiguration.framework in Frameworks */, + 4C9DEAA71181B37500CF5C27 /* CFNetwork.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 4CB740A10A47567C00D641BB /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + EB7F50C51DB8800A003D787D /* CoreCDP.framework in Frameworks */, + EBE9019A1C22852C007308C6 /* AggregateDictionary.framework in Frameworks */, + 438168BB1B4ED42300C54D58 /* CoreFoundation.framework in Frameworks */, + DC00AB8E1D821D4900513D74 /* libSOSCommands.a in Frameworks */, + DC00AB8F1D821D4D00513D74 /* libSecurityTool.a in Frameworks */, + DC00AB901D821D5600513D74 /* libSecurityCommands.a in Frameworks */, + 5296CB4F1655B92F009912AF /* libMobileGestalt.dylib in Frameworks */, + 4432B0B71A014987000958DC /* libaks_acl.a in Frameworks */, + DC65E7361D8CB35E00152EF0 /* libutilities.a in Frameworks */, + DCD22D861D8CCBBB001C9B81 /* libSecureObjectSync.a in Frameworks */, + DCD22D851D8CCBB6001C9B81 /* libsecurityd_ios.a in Frameworks */, + 4C32C1A60A497A21002891BD /* Security.framework in Frameworks */, + 4CAE95DC0F3D6E020075278E /* CFNetwork.framework in Frameworks */, + 4C0CC642174C580200CC799A /* SystemConfiguration.framework in Frameworks */, + E745836E1BF3CA13001B54A4 /* Foundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 4CE5A54B09C796E100D27A3F /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DCD22D761D8CC8CF001C9B81 /* libutilities.a in Frameworks */, + 4C32C1990A497A0C002891BD /* Security.framework in Frameworks */, + 438168BD1B4ED42700C54D58 /* CoreFoundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 52D82BDB16A621F70078DFE5 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC65E7301D8CB32D00152EF0 /* libutilities.a in Frameworks */, + 52D82BEE16A622370078DFE5 /* Security.framework in Frameworks */, + 52D82BDF16A621F70078DFE5 /* Foundation.framework in Frameworks */, + E72D462B175FBF3E00F70B9B /* IOKit.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 534647FE17331E1100FE9172 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + 5328C0521738903F00708984 /* Security.framework in Frameworks */, + 5346481F17332F9C00FE9172 /* Accounts.framework in Frameworks */, + 5346480217331E1200FE9172 /* Foundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 5E10992219A5E55800A60E2B /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + 5E1D7E0419A5EBB700D322DA /* Preferences.framework in Frameworks */, + 5E10992619A5E55800A60E2B /* Foundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 5EBE24771B00CCAE0007DB0E /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC59EA8E1D91CDC1001BDDF5 /* libDER_not_installed.a in Frameworks */, + EBF2D73C1C1E2B47006AB6FF /* Foundation.framework in Frameworks */, + DCD22D801D8CCB0F001C9B81 /* libutilities.a in Frameworks */, + DC00ABCC1D821F0B00513D74 /* libsecurityd_ios.a in Frameworks */, + DC00ABCD1D821F0D00513D74 /* libSecureObjectSync.a in Frameworks */, + DC65E7C41D8CBC0900152EF0 /* libregressionBase.a in Frameworks */, + 4381603C1B4DCF9E00C54D58 /* CFNetwork.framework in Frameworks */, + 4381603A1B4DCE8F00C54D58 /* SystemConfiguration.framework in Frameworks */, + 5E43C4981B00D49700E5ECB2 /* libsqlite3.dylib in Frameworks */, + 5E43C4931B00D0DB00E5ECB2 /* libcoreauthd_client.a in Frameworks */, + 5E43C4921B00D0CD00E5ECB2 /* libaks_acl.a in Frameworks */, + 5E43C48D1B00D07000E5ECB2 /* CoreFoundation.framework in Frameworks */, + 5E43C4961B00D3B500E5ECB2 /* IOKit.framework in Frameworks */, + 5E43C49A1B00D4D800E5ECB2 /* Security.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 728B569E16D59979008FA3AB /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + 72DF9EFE178360230054641E /* libMobileGestalt.dylib in Frameworks */, + 72C3EC2E1705F24E0040C87C /* ManagedConfiguration.framework in Frameworks */, + 72CD2BCE16D59B010064EEE1 /* MobileAsset.framework in Frameworks */, + 72CD2BCD16D59AF30064EEE1 /* Security.framework in Frameworks */, + 728B56A216D59979008FA3AB /* Foundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 790851B40CA9859F0083CC4D /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + EB3EBF151DBD85A600620B2C /* libobjc.dylib in Frameworks */, + DC65E72A1D8CB2FC00152EF0 /* libutilities.a in Frameworks */, + EBE54D761BE32F6F000C4856 /* AggregateDictionary.framework in Frameworks */, + 438168941B4ED42300C54D58 /* CoreFoundation.framework in Frameworks */, + E7D690A21652E0870079537A /* libMobileGestalt.dylib in Frameworks */, + DC00AB811D821C9100513D74 /* libsecurityd_ios.a in Frameworks */, + DC00AB821D821C9500513D74 /* libSecureObjectSync.a in Frameworks */, + DC00AB831D821C9A00513D74 /* libSWCAgent.a in Frameworks */, + DC59EA7E1D91CCB2001BDDF5 /* libDER_not_installed.a in Frameworks */, + 790851EE0CA9B3410083CC4D /* Security.framework in Frameworks */, + E71F3E3116EA69A900FAF9B4 /* SystemConfiguration.framework in Frameworks */, + 4CF730320EF9CDE300E17471 /* CFNetwork.framework in Frameworks */, + 4CAF66190F3A6FCD0064A534 /* IOKit.framework in Frameworks */, + 4432B15E1A014D37000958DC /* libaks_acl.a in Frameworks */, + 4C2215220F3A612C00835155 /* libsqlite3.dylib in Frameworks */, + BEE523DD1DACAA9800DD0AA3 /* libz.dylib in Frameworks */, + 4C70664C0DDDFED9004DA56B /* libbsm.dylib in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 7913B2060D172B3900601FE9 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DCD22D881D8CCBEF001C9B81 /* libSecureObjectSync.a in Frameworks */, + DCD22D871D8CCBEA001C9B81 /* libsecurityd_ios.a in Frameworks */, + DC00ABEC1D821FA600513D74 /* libSecurityTool.a in Frameworks */, + 5296CB501655B990009912AF /* libMobileGestalt.dylib in Frameworks */, + DCD22D751D8CC8A5001C9B81 /* libutilities.a in Frameworks */, + 4432B1A61A024231000958DC /* libaks_acl.a in Frameworks */, + 438168BC1B4ED42600C54D58 /* CoreFoundation.framework in Frameworks */, + 7913B2080D172B3900601FE9 /* Security.framework in Frameworks */, + E71F3E3E16EA69CF00FAF9B4 /* SystemConfiguration.framework in Frameworks */, + 4CAE95D80F3D6DFC0075278E /* CFNetwork.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + BE197F2319116FD100BA91D1 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + D4AA9D121C3B1B1900A5640C /* Security.framework in Frameworks */, + DCD22D971D8CCF53001C9B81 /* libutilities.a in Frameworks */, + DC00AB9B1D821D9F00513D74 /* libSWCAgent.a in Frameworks */, + DC00AB9C1D821DA400513D74 /* libsecurityd_ios.a in Frameworks */, + BE197F5B1911723E00BA91D1 /* SpringBoardUIServices.framework in Frameworks */, + BE197F5C1911724900BA91D1 /* UIKit.framework in Frameworks */, + BE759DCB1917E38D00801E02 /* CoreGraphics.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + BE442BAD18B7FDB800F24DAE /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + BE442BAE18B7FDB800F24DAE /* libMobileGestalt.dylib in Frameworks */, + DC00AB9A1D821D8800513D74 /* libSWCAgent.a in Frameworks */, + DCD22D981D8CCF78001C9B81 /* libutilities.a in Frameworks */, + BE442BB318B7FDB800F24DAE /* Security.framework in Frameworks */, + BE442BB418B7FDB800F24DAE /* SystemConfiguration.framework in Frameworks */, + BE442BB618B7FDB800F24DAE /* CFNetwork.framework in Frameworks */, + BE25C41618B83491003320E0 /* Foundation.framework in Frameworks */, + BE442BB718B7FDB800F24DAE /* IOKit.framework in Frameworks */, + 438168C61B4ED43F00C54D58 /* CoreFoundation.framework in Frameworks */, + D4B858671D370D9A003B2D95 /* MobileCoreServices.framework in Frameworks */, + BE442BB818B7FDB800F24DAE /* libsqlite3.dylib in Frameworks */, + BE442BB918B7FDB800F24DAE /* libbsm.dylib in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + CD276C241A83F60C003226BC /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC65E7311D8CB33800152EF0 /* libutilities.a in Frameworks */, + CD0637551A84060600C81E74 /* Security.framework in Frameworks */, + CD0637571A84068F00C81E74 /* IDS.framework in Frameworks */, + CD0637561A84065F00C81E74 /* IOKit.framework in Frameworks */, + CD276C281A83F60C003226BC /* Foundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0067BC1D87876F005AF8DB /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0067CC1D878898005AF8DB /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC54E1D8B6D2D00070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC5621D8B6D7000070CB0 /* CoreFoundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC5661D8B6E3D00070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC5761D8B6E9300070CB0 /* Foundation.framework in Frameworks */, + DC0BC5771D8B6EC300070CB0 /* Security.framework in Frameworks */, + DC0BC5671D8B6E3D00070CB0 /* CoreFoundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC5881D8B70E700070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC5B31D8B71FD00070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC5C31D8B72E700070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC5D41D8B733500070CB0 /* libsecurity_checkpw.a in Frameworks */, + DC0BC5D31D8B732D00070CB0 /* libpam.dylib in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC5DA1D8B73B000070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC5DB1D8B73B000070CB0 /* libsecurity_checkpw.a in Frameworks */, + DC0BC5DC1D8B73B000070CB0 /* libpam.dylib in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC5E51D8B742200070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC5FB1D8B752B00070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC7481D8B771600070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC89B1D8B7CBD00070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC8CF1D8B7DA200070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC8FC1D8B7E8000070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC9311D8B7F6A00070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC9691D8B810A00070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC99D1D8B81BE00070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC9CB1D8B824700070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BCA161D8B82B000070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BCA7C1D8B858600070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BCB041D8B894F00070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BCBF81D8C648C00070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BCC1A1D8C653600070CB0 /* MobileKeyBag.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BCC281D8C684F00070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BCC291D8C684F00070CB0 /* MobileKeyBag.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BCD1C1D8C694700070CB0 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BCD1D1D8C694700070CB0 /* MobileKeyBag.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC1789001D77980500B50D50 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + EB3EBF101DBD413600620B2C /* libobjc.dylib in Frameworks */, + DCD22D4B1D8CBF54001C9B81 /* libASN1_not_installed.a in Frameworks */, + DC00AB6F1D821C3400513D74 /* libSecItemShimOSX.a in Frameworks */, + DC00AB701D821C3800513D74 /* libSecOtrOSX.a in Frameworks */, + DC00AB6B1D821C1A00513D74 /* libSecTrustOSX.a in Frameworks */, + DC00AB6C1D821C1F00513D74 /* libSecureObjectSync.a in Frameworks */, + DC00AB6D1D821C2300513D74 /* liblogging.a in Frameworks */, + DC00AB6E1D821C2700513D74 /* libsecipc_client.a in Frameworks */, + DCC5BF1B1D93723A008D1E84 /* libsecurity_apple_csp.a in Frameworks */, + DCC5BF1C1D937242008D1E84 /* libsecurity_apple_cspdl.a in Frameworks */, + DCC5BF1D1D937249008D1E84 /* libsecurity_apple_file_dl.a in Frameworks */, + DCD06BD41D8E1644007602F1 /* libsecurity_apple_x509_cl.a in Frameworks */, + DCC5BF1E1D937251008D1E84 /* libsecurity_apple_x509_tp.a in Frameworks */, + DCC5BF1F1D93725A008D1E84 /* libsecurity_authorization.a in Frameworks */, + DCD06BD21D8E1618007602F1 /* libsecurity_cdsa_client.a in Frameworks */, + DCC5BF201D937263008D1E84 /* libsecurity_cdsa_plugin.a in Frameworks */, + DCD22D4D1D8CBF95001C9B81 /* libsecurity_cdsa_utilities.a in Frameworks */, + DCD22D4E1D8CBFAB001C9B81 /* libsecurity_cdsa_utils.a in Frameworks */, + DCC5BF211D937269008D1E84 /* libsecurity_checkpw.a in Frameworks */, + DCC5BF221D937270008D1E84 /* libsecurity_cms.a in Frameworks */, + DCD06BD51D8E173A007602F1 /* libsecurity_codesigning.a in Frameworks */, + DCC5BF231D937277008D1E84 /* libsecurity_comcryption.a in Frameworks */, + DCC5BF241D93727E008D1E84 /* libsecurity_cryptkit.a in Frameworks */, + DCC5BF251D937288008D1E84 /* libsecurity_cssm.a in Frameworks */, + DCC5BF261D93728D008D1E84 /* libsecurity_filedb.a in Frameworks */, + DCD06BD01D8E15BB007602F1 /* libsecurity_keychain.a in Frameworks */, + DCC5BF271D937291008D1E84 /* libsecurity_manifest.a in Frameworks */, + DCC5BF281D937294008D1E84 /* libsecurity_mds.a in Frameworks */, + DCD06BD31D8E1628007602F1 /* libsecurity_ocspd.a in Frameworks */, + DCD06BD11D8E15ED007602F1 /* libsecurity_pkcs12.a in Frameworks */, + DCC5BF291D93729A008D1E84 /* libsecurity_sd_cspdl.a in Frameworks */, + DC1789471D779AAF00B50D50 /* libsecurity_smime.a in Frameworks */, + DCC5BF2A1D93729E008D1E84 /* libsecurity_ssl.a in Frameworks */, + DCC5BF2B1D9372A4008D1E84 /* libsecurity_transform.a in Frameworks */, + DCC5BF2C1D9372AA008D1E84 /* libsecurity_translocate.a in Frameworks */, + DCD06BD61D8E175D007602F1 /* libsecurity_utilities.a in Frameworks */, + DCD22D4C1D8CBF7E001C9B81 /* libsecurityd_client.a in Frameworks */, + DC65E7241D8CB29E00152EF0 /* libutilities.a in Frameworks */, + DC1789131D7798B300B50D50 /* libDiagnosticMessagesClient.dylib in Frameworks */, + DC1789151D77997F00B50D50 /* libOpenScriptingUtil.dylib in Frameworks */, + DC1789281D779A0F00B50D50 /* libaks_acl.a in Frameworks */, + DC1789171D77998700B50D50 /* libauto.dylib in Frameworks */, + DC1789191D77998C00B50D50 /* libbsm.dylib in Frameworks */, + DC17892A1D779A3200B50D50 /* libcoreauthd_client.a in Frameworks */, + DC1789291D779A2800B50D50 /* libctkclient.a in Frameworks */, + DC17891B1D77999200B50D50 /* libobjc.dylib in Frameworks */, + DC17891D1D77999700B50D50 /* libpam.dylib in Frameworks */, + DC17891F1D77999D00B50D50 /* libsqlite3.dylib in Frameworks */, + DC1789211D7799A100B50D50 /* libxar.dylib in Frameworks */, + DC1789231D7799A600B50D50 /* libz.dylib in Frameworks */, + DC1789251D7799CD00B50D50 /* CoreFoundation.framework in Frameworks */, + DC1789271D7799D400B50D50 /* IOKit.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC3A4B551D91E9FB00E46D4A /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC3A4B671D91EB1200E46D4A /* CoreFoundation.framework in Frameworks */, + DC3A4B661D91EB0E00E46D4A /* Security.framework in Frameworks */, + DC3A4B651D91EB0800E46D4A /* libsecurity_utilities.a in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52E7AD1D80BC8000B0A59C /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52E8AB1D80C1EB00B0A59C /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52E8C11D80C25800B0A59C /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EA471D80CB7000B0A59C /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC52EAA31D80CCC300B0A59C /* Foundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EBCF1D80CEF100B0A59C /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC52EBD01D80CEF100B0A59C /* Foundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EC2E1D80CFB200B0A59C /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC52EC2F1D80CFB200B0A59C /* Foundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EC471D80D00800B0A59C /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EC561D80D05200B0A59C /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EC631D80D0C400B0A59C /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC52EC6C1D80D0E800B0A59C /* IDS.framework in Frameworks */, + DC52EC6B1D80D0E300B0A59C /* IDSFoundation.framework in Frameworks */, + DC52EC691D80D0DD00B0A59C /* libSecureObjectSync.a in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EC8F1D80D1A800B0A59C /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52ED981D80D4CD00B0A59C /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC52EDA11D80D4FC00B0A59C /* IDS.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EDAB1D80D58400B0A59C /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC52EDB21D80D59700B0A59C /* IDSFoundation.framework in Frameworks */, + DC52EDAC1D80D58400B0A59C /* IDS.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EE3A1D80D6DD00B0A59C /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EE691D80D82600B0A59C /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC58C4201D77BDEA003C25A4 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC58C4331D77BE2E003C25A4 /* CoreFoundation.framework in Frameworks */, + DC65E73C1D8CB39B00152EF0 /* libutilities.a in Frameworks */, + DCB7D8C31D8E181B00867385 /* libsecurity_utilities.a in Frameworks */, + DCD06BD71D8E17A0007602F1 /* libsecurity_codesigning.a in Frameworks */, + DCD22D511D8CC039001C9B81 /* libsecurity_cdsa_utilities.a in Frameworks */, + DCD22D521D8CC053001C9B81 /* Security.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC59E9E81D91C9DC001BDDF5 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC59EA211D91CA15001BDDF5 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC59EA341D91CA82001BDDF5 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC59EA511D91CAE8001BDDF5 /* libDERUtils.a in Frameworks */, + DC59EA501D91CAE3001BDDF5 /* libDER_not_installed.a in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC59EA591D91CAF0001BDDF5 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC59EA5A1D91CAF0001BDDF5 /* libDERUtils.a in Frameworks */, + DC59EA5B1D91CAF0001BDDF5 /* libDER_not_installed.a in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC59EA691D91CB9F001BDDF5 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC59EA741D91CBD0001BDDF5 /* libcrypto.dylib in Frameworks */, + DC59EA6B1D91CB9F001BDDF5 /* libDER_not_installed.a in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC5ABDC21D832DAB00CF422C /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC5ABE191D832F2700CF422C /* CoreFoundation.framework in Frameworks */, + DC5ABE181D832F2200CF422C /* Security.framework in Frameworks */, + DCD22D581D8CC1FA001C9B81 /* libASN1_not_installed.a in Frameworks */, + DCD22D5C1D8CC224001C9B81 /* libutilities.a in Frameworks */, + DCB7D8D01D8E183C00867385 /* libsecurity_utilities.a in Frameworks */, + DCD22D591D8CC200001C9B81 /* libsecurity_cdsa_client.a in Frameworks */, + DCD22D5A1D8CC205001C9B81 /* libsecurity_cdsa_utilities.a in Frameworks */, + DCD22D5B1D8CC20D001C9B81 /* libsecurity_cdsa_utils.a in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC5AC04D1D8352D900CF422C /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC5AC0D61D83548300CF422C /* libDiagnosticMessagesClient.dylib in Frameworks */, + DC5AC0D41D83547A00CF422C /* libsecuritydservice_client.a in Frameworks */, + DC5AC0D31D83544D00CF422C /* libsqlite3.dylib in Frameworks */, + BEE523DC1DACAA9200DD0AA3 /* libz.dylib in Frameworks */, + DC5AC0D21D83544800CF422C /* libauto.dylib in Frameworks */, + DC5AC0D11D83544200CF422C /* libobjc.dylib in Frameworks */, + DC1002AF1D8E18870025549C /* libsecurity_codesigning.a in Frameworks */, + DCB7D8D11D8E185900867385 /* libsecurity_utilities.a in Frameworks */, + DCD22D6C1D8CC6FD001C9B81 /* libsecurityd_client.a in Frameworks */, + DCD22D6D1D8CC708001C9B81 /* libsecurityd_server.a in Frameworks */, + DC5AC0CE1D83542B00CF422C /* libsecurity_tokend_client.a in Frameworks */, + DCD22D6E1D8CC71D001C9B81 /* libsecurity_cdsa_utilities.a in Frameworks */, + DCD22D6F1D8CC728001C9B81 /* libsecurity_cdsa_client.a in Frameworks */, + DC5AC0C91D8353D100CF422C /* libbsm.dylib in Frameworks */, + DCD22D701D8CC733001C9B81 /* libutilities.a in Frameworks */, + DC5AC0C71D8353C800CF422C /* PCSC.framework in Frameworks */, + DC5AC0C51D8353C200CF422C /* Security.framework in Frameworks */, + DC5AC0C41D8353BB00CF422C /* System.framework in Frameworks */, + DC5AC0C21D83538D00CF422C /* CoreFoundation.framework in Frameworks */, + DC5AC0C11D83538800CF422C /* IOKit.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC610A191D78F129002223DE /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC610A3D1D78F25C002223DE /* libDiagnosticMessagesClient.dylib in Frameworks */, + DC610A3B1D78F234002223DE /* libACM.a in Frameworks */, + DC610A391D78F1B7002223DE /* libaks.a in Frameworks */, + DC610A2C1D78F129002223DE /* libaks_acl.a in Frameworks */, + DCD22D601D8CC2EF001C9B81 /* libASN1_not_installed.a in Frameworks */, + DC59EA941D91CDE0001BDDF5 /* libDER_not_installed.a in Frameworks */, + DCD22D611D8CC2F8001C9B81 /* libbsm.dylib in Frameworks */, + DC610A2B1D78F129002223DE /* libcoreauthd_test_client.a in Frameworks */, + DC610A2F1D78F129002223DE /* libctkclient_test.a in Frameworks */, + DC610A2E1D78F129002223DE /* libsqlite3.dylib in Frameworks */, + BEE523D91DACAA2500DD0AA3 /* libz.dylib in Frameworks */, + DC65E7C31D8CBBA200152EF0 /* libregressionBase.a in Frameworks */, + DC00ABE61D821F7700513D74 /* libsecdRegressions.a in Frameworks */, + DC00ABE51D821F7200513D74 /* libsecipc_client.a in Frameworks */, + DCD22D621D8CC326001C9B81 /* libSecItemShimOSX.a in Frameworks */, + DC00ABE91D821F8000513D74 /* libSecureObjectSync.a in Frameworks */, + DC00ABE71D821F7A00513D74 /* libsecurity.a in Frameworks */, + DC00ABE81D821F7D00513D74 /* libsecurityd_ios.a in Frameworks */, + DCD22D631D8CC33A001C9B81 /* libSOSRegressions.a in Frameworks */, + DCD22D641D8CC341001C9B81 /* libutilities.a in Frameworks */, + DCD22D651D8CC349001C9B81 /* libutilitiesRegressions.a in Frameworks */, + DC610A281D78F129002223DE /* CFNetwork.framework in Frameworks */, + DC610A1D1D78F129002223DE /* CoreFoundation.framework in Frameworks */, + DC610A1E1D78F129002223DE /* Foundation.framework in Frameworks */, + DCD22D6A1D8CC601001C9B81 /* SystemConfiguration.framework in Frameworks */, + DCD22D6B1D8CC685001C9B81 /* AppleSystemInfo.framework in Frameworks */, + DC610A291D78F129002223DE /* IOKit.framework in Frameworks */, + DC610A271D78F129002223DE /* Security.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC610A441D78F48F002223DE /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC610A521D78F74A002223DE /* CoreFoundation.framework in Frameworks */, + DC610A511D78F744002223DE /* Security.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC610A581D78F9D2002223DE /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC610AB01D7910C3002223DE /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC610AB11D7910C3002223DE /* CoreFoundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC6A828F1D87749900418608 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC71D9DB1D95BA6C0065FB93 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC71D9F71D95BB0A0065FB93 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC8834041D8A218F00CE0ACA /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCB340691D8A24DF0054D16E /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCB340911D8A267C0054D16E /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCB341331D8A2A010054D16E /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCB3417E1D8A2B860054D16E /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCB3423D1D8A32820054D16E /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC59EA9A1D91CE94001BDDF5 /* libDER_not_installed.a in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCB344391D8A34FD0054D16E /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCC78EA61D8088E200865A7C /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCD0677B1D8CDF19007602F1 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCD06A3B1D8CE21C007602F1 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCD06A4D1D8CE281007602F1 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCD06A621D8CE2D5007602F1 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DCD06A781D8CE309007602F1 /* libutilities.a in Frameworks */, + DC3A4B531D91E8EB00E46D4A /* libsecurity_utilities.a in Frameworks */, + DCD06A761D8CE2F7007602F1 /* libsecurity_codesigning.a in Frameworks */, + DCD06A791D8CE30F007602F1 /* CoreFoundation.framework in Frameworks */, + DCD06A7A1D8CE318007602F1 /* IOKit.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCD06AAC1D8E0D53007602F1 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCD66D6E1D8204A700DB1393 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCD66DD51D8205C400DB1393 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E6941D7A37FA00AFB96E /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + EB7F50CC1DB88A03003D787D /* CoreCDP.framework in Frameworks */, + DCE4E6AE1D7A3C6A00AFB96E /* AppleSystemInfo.framework in Frameworks */, + DCE4E6AD1D7A3B9700AFB96E /* libaks.a in Frameworks */, + DCE4E6AC1D7A3B5000AFB96E /* libACM.a in Frameworks */, + DCE4E6AB1D7A3B0800AFB96E /* libbsm.dylib in Frameworks */, + DCE4E6961D7A37FA00AFB96E /* CoreFoundation.framework in Frameworks */, + DC65E7BD1D8CBA6C00152EF0 /* libsecurityd_ios.a in Frameworks */, + DC65E7781D8CB8A500152EF0 /* libSecureObjectSync.a in Frameworks */, + DC00AB971D821D7100513D74 /* libSOSCommands.a in Frameworks */, + DC00AB981D821D7400513D74 /* libSecurityTool.a in Frameworks */, + DC00AB991D821D7700513D74 /* libSecurityCommands.a in Frameworks */, + DC65E7371D8CB37500152EF0 /* libutilities.a in Frameworks */, + DC65E77A1D8CB8D200152EF0 /* libsqlite3.dylib in Frameworks */, + DCE4E69B1D7A37FA00AFB96E /* libaks_acl.a in Frameworks */, + DCBB8AC41D80DD95007ED154 /* Security.framework in Frameworks */, + DCE4E69E1D7A37FA00AFB96E /* CFNetwork.framework in Frameworks */, + DCE4E69F1D7A37FA00AFB96E /* SystemConfiguration.framework in Frameworks */, + DCE4E6A01D7A37FA00AFB96E /* Foundation.framework in Frameworks */, + DC65E77B1D8CB8E800152EF0 /* IOKit.framework in Frameworks */, + DC65E77C1D8CB8F100152EF0 /* MobileKeyBag.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E7501D7A43B500AFB96E /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DCE4E7C61D7A468300AFB96E /* libaks.a in Frameworks */, + DCE4E75E1D7A43B500AFB96E /* CoreFoundation.framework in Frameworks */, + DCE4E7BF1D7A463400AFB96E /* Security.framework in Frameworks */, + DCE4E7C11D7A463E00AFB96E /* SecurityFoundation.framework in Frameworks */, + DCE4E7541D7A43B500AFB96E /* Foundation.framework in Frameworks */, + DCE4E7681D7A43B500AFB96E /* IOKit.framework in Frameworks */, + DC65E7751D8CB81000152EF0 /* libregressionBase.a in Frameworks */, + DC59EA8B1D91CD93001BDDF5 /* libDER_not_installed.a in Frameworks */, + DC00ABC71D821EF400513D74 /* libSharedRegressions.a in Frameworks */, + DCD22D551D8CC148001C9B81 /* libsecurity_keychain_regressions.a in Frameworks */, + DC63CAF81D91A15F00C03317 /* libsecurity_cms_regressions.a in Frameworks */, + DCE4E7C41D7A465500AFB96E /* libsecurity_smime_regressions.a in Frameworks */, + DCD22D571D8CC196001C9B81 /* libsecurity_ssl_regressions.a in Frameworks */, + DCD22D561D8CC154001C9B81 /* libutilities.a in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E7C91D7A4AED00AFB96E /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DCD22D5F1D8CC294001C9B81 /* libsecurity_ssl_regressions.a in Frameworks */, + DCE4E7E41D7A4B8F00AFB96E /* Foundation.framework in Frameworks */, + DCE4E7EF1D7A4BCB00AFB96E /* libaks.a in Frameworks */, + DC59EA971D91CDFA001BDDF5 /* libDER_not_installed.a in Frameworks */, + DC65E7C21D8CBB5800152EF0 /* libregressionBase.a in Frameworks */, + DCE4E7EC1D7A4BB800AFB96E /* Security.framework in Frameworks */, + DCE4E7EB1D7A4BB200AFB96E /* SecurityFoundation.framework in Frameworks */, + DCE4E7EA1D7A4BAE00AFB96E /* CoreFoundation.framework in Frameworks */, + DCD22D5E1D8CC269001C9B81 /* libsecurity_keychain_regressions.a in Frameworks */, + DCE4E7E81D7A4BA400AFB96E /* libsecurity_smime_regressions.a in Frameworks */, + DC0B622A1D9097C600D43BCB /* libsecurity_cms_regressions.a in Frameworks */, + DCE4E7E71D7A4B9C00AFB96E /* IOKit.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E7F31D7A4DA800AFB96E /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + EB3EBF131DBD417A00620B2C /* libobjc.dylib in Frameworks */, + DCE4E8281D7A4F1600AFB96E /* login.framework in Frameworks */, + DCE4E8261D7A4EEC00AFB96E /* libDiagnosticMessagesClient.dylib in Frameworks */, + DCE4E8251D7A4EE400AFB96E /* libACM.a in Frameworks */, + DCE4E8241D7A4ECD00AFB96E /* libaks.a in Frameworks */, + DCE4E8231D7A4EC900AFB96E /* libaks_acl.a in Frameworks */, + DCD22D711D8CC78E001C9B81 /* libASN1_not_installed.a in Frameworks */, + DC59EA7B1D91CC9F001BDDF5 /* libDER_not_installed.a in Frameworks */, + DCE4E8211D7A4EB800AFB96E /* libbsm.dylib in Frameworks */, + DCE4E8201D7A4EAC00AFB96E /* libcoreauthd_client.a in Frameworks */, + DCE4E81F1D7A4EA700AFB96E /* libctkclient.a in Frameworks */, + DCE4E81C1D7A4E8F00AFB96E /* libsqlite3.0.dylib in Frameworks */, + BEE523DA1DACAA5700DD0AA3 /* libz.dylib in Frameworks */, + DC00AB791D821C6700513D74 /* libsecipc_client.a in Frameworks */, + DC00AB7A1D821C6B00513D74 /* libSecureObjectSync.a in Frameworks */, + DC00AB7B1D821C6E00513D74 /* libsecurity.a in Frameworks */, + DC65E7271D8CB2EC00152EF0 /* libutilities.a in Frameworks */, + DC00AB7C1D821C7100513D74 /* libsecurityd_ios.a in Frameworks */, + DCE4E8151D7A4E6F00AFB96E /* CFNetwork.framework in Frameworks */, + DCE4E8131D7A4E5300AFB96E /* CoreFoundation.framework in Frameworks */, + DCE4E8121D7A4E4F00AFB96E /* IOKit.framework in Frameworks */, + DCD22D721D8CC804001C9B81 /* SystemConfiguration.framework in Frameworks */, + DCE4E80F1D7A4E4600AFB96E /* Security.framework in Frameworks */, + DCE4E82C1D7A56FF00AFB96E /* AppleSystemInfo.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E83A1D7A57AE00AFB96E /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + EB3EBF141DBD41BD00620B2C /* libobjc.dylib in Frameworks */, + 8EECC6601DAC699900972D50 /* MobileKeyBag.framework in Frameworks */, + DCE4E83B1D7A57AE00AFB96E /* login.framework in Frameworks */, + DC00AB8B1D821CBE00513D74 /* libSecureObjectSync.a in Frameworks */, + DCE4E83C1D7A57AE00AFB96E /* libDiagnosticMessagesClient.dylib in Frameworks */, + DCE4E83D1D7A57AE00AFB96E /* libACM.a in Frameworks */, + DCE4E8421D7A57AE00AFB96E /* libcoreauthd_client.a in Frameworks */, + DCE4E83E1D7A57AE00AFB96E /* libaks.a in Frameworks */, + DCD22D731D8CC828001C9B81 /* SystemConfiguration.framework in Frameworks */, + DC84E0BC1D9B2B6A004C57F7 /* libsecurity_utilities.a in Frameworks */, + DC65E72D1D8CB31B00152EF0 /* libutilities.a in Frameworks */, + DCE4E83F1D7A57AE00AFB96E /* libaks_acl.a in Frameworks */, + DCD22D741D8CC85E001C9B81 /* libASN1_not_installed.a in Frameworks */, + DC59EA7F1D91CCCA001BDDF5 /* libDER_not_installed.a in Frameworks */, + DCE4E84E1D7A57AE00AFB96E /* IOKit.framework in Frameworks */, + DCE4E8411D7A57AE00AFB96E /* libbsm.dylib in Frameworks */, + DC84E0BD1D9B2B8C004C57F7 /* libsqlite3.dylib in Frameworks */, + BEE523DB1DACAA8C00DD0AA3 /* libz.dylib in Frameworks */, + DC00AB8D1D821CC500513D74 /* libsecurityd_ios.a in Frameworks */, + DC00AB8A1D821CB800513D74 /* libsecipc_client.a in Frameworks */, + DCE4E8431D7A57AE00AFB96E /* libctkclient.a in Frameworks */, + DCE4E84C1D7A57AE00AFB96E /* CFNetwork.framework in Frameworks */, + DCE4E84D1D7A57AE00AFB96E /* CoreFoundation.framework in Frameworks */, + DCE4E8501D7A57AE00AFB96E /* Security.framework in Frameworks */, + DCE4E8511D7A57AE00AFB96E /* AppleSystemInfo.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E8911D7F34F600AFB96E /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DCE4E8C91D7F356500AFB96E /* libsqlite3.dylib in Frameworks */, + DCE4E8C81D7F355F00AFB96E /* libbsm.dylib in Frameworks */, + DCE4E8C71D7F355900AFB96E /* Security.framework in Frameworks */, + DCE4E8C61D7F354700AFB96E /* CoreFoundation.framework in Frameworks */, + DCE4E8C51D7F354300AFB96E /* IOKit.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E8DA1D7F39DB00AFB96E /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DCE4E9011D7F3A3700AFB96E /* CloudServices.framework in Frameworks */, + DCE4E9001D7F3A2700AFB96E /* CoreFoundation.framework in Frameworks */, + DCE4E8FF1D7F3A2300AFB96E /* Cocoa.framework in Frameworks */, + DCE4E8FD1D7F3A1E00AFB96E /* Security.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E90E1D7F3D5300AFB96E /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + CD31F89E1DCE86D600414B46 /* Accounts.framework in Frameworks */, + DCE4E93F1D7F3E4000AFB96E /* AOSAccounts.framework in Frameworks */, + DCE4E93C1D7F3E0C00AFB96E /* AOSUI.framework in Frameworks */, + 0CC319241DA46FBF005D42EA /* ProtectedCloudStorage.framework in Frameworks */, + DCE4E9401D7F3E4D00AFB96E /* Security.framework in Frameworks */, + DCE4E93D1D7F3E1600AFB96E /* AppleSystemInfo.framework in Frameworks */, + DCE4E93A1D7F3DF500AFB96E /* CrashReporterSupport.framework in Frameworks */, + DCE4E9381D7F3DB500AFB96E /* Cocoa.framework in Frameworks */, + DCE4E9371D7F3DAF00AFB96E /* CloudServices.framework in Frameworks */, + DCE4E9421D7F3E6E00AFB96E /* CoreCDP.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF783101D88B4DE00E694BB /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF785DD1D88B95500E694BB /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF7882B1D88C86900E694BB /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF788371D88C8C400E694BB /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF7884A1D88CA7200E694BB /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF7889A1D88CB5200E694BB /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF788D21D88CD2400E694BB /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + E710C73F1331946400F85568 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC00ABC01D821EBE00513D74 /* libSharedRegressions.a in Frameworks */, + EBE9019B1C2285D4007308C6 /* AggregateDictionary.framework in Frameworks */, + E7A011AE14E1B78800765C29 /* Foundation.framework in Frameworks */, + E7D690921652E06A0079537A /* libMobileGestalt.dylib in Frameworks */, + DCD22D921D8CCD09001C9B81 /* libsecurity_ssl_regressions.a in Frameworks */, + DC65E7761D8CB81A00152EF0 /* libregressionBase.a in Frameworks */, + DC00ABC11D821EC300513D74 /* libsecurityd_ios.a in Frameworks */, + DC00ABC21D821EC600513D74 /* libSecureObjectSync.a in Frameworks */, + DC59EA881D91CD7E001BDDF5 /* libDER_not_installed.a in Frameworks */, + DCD22D931D8CCD17001C9B81 /* libASN1_not_installed.a in Frameworks */, + DCD22D941D8CCDFA001C9B81 /* libutilities.a in Frameworks */, + DC17890B1D77980500B50D50 /* Security.framework in Frameworks */, + 438168BF1B4ED42C00C54D58 /* CoreFoundation.framework in Frameworks */, + DCD22D951D8CCE5E001C9B81 /* libutilitiesRegressions.a in Frameworks */, + DC00ABC41D821ED900513D74 /* libiOSSecurityRegressions.a in Frameworks */, + DC00ABC51D821EDC00513D74 /* libiOSsecuritydRegressions.a in Frameworks */, + 44A655A51AA4B4C70059D185 /* libctkclient.a in Frameworks */, + DC00ABC61D821EE500513D74 /* libSOSRegressions.a in Frameworks */, + 4432B1601A014D85000958DC /* libcoreauthd_client.a in Frameworks */, + 4432B1611A014D85000958DC /* libaks_acl.a in Frameworks */, + E7FEEEF81332B7F70025EB06 /* libsqlite3.dylib in Frameworks */, + BE405EE21DC2F10E00E227B1 /* libz.dylib in Frameworks */, + E7FEEEFA1332B8210025EB06 /* CFNetwork.framework in Frameworks */, + E7FEEEFB1332B8300025EB06 /* IOKit.framework in Frameworks */, + E71F3E4116EA6A5100FAF9B4 /* SystemConfiguration.framework in Frameworks */, + 0CFC029C1D41650700E6283B /* libcoretls.dylib in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + E7B01BD1166594AB000485F1 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + EBE9019E1C228610007308C6 /* AggregateDictionary.framework in Frameworks */, + 52222CD0167BDAEC00EDD09C /* SpringBoardServices.framework in Frameworks */, + E7B01BD2166594AB000485F1 /* CFNetwork.framework in Frameworks */, + E7B01BD3166594AB000485F1 /* IOKit.framework in Frameworks */, + E7B01BD4166594AB000485F1 /* libsqlite3.dylib in Frameworks */, + E7B01BD6166594AB000485F1 /* libMobileGestalt.dylib in Frameworks */, + DC00ABF11D821FC400513D74 /* libsecurityd_ios.a in Frameworks */, + DC00ABF21D821FC800513D74 /* libSOSRegressions.a in Frameworks */, + DC00ABF31D821FCD00513D74 /* libSecureObjectSync.a in Frameworks */, + 438168C31B4ED43200C54D58 /* CoreFoundation.framework in Frameworks */, + E7B01BDE166594AB000485F1 /* UIKit.framework in Frameworks */, + E7B01BDF166594AB000485F1 /* Foundation.framework in Frameworks */, + E7B01BE0166594AB000485F1 /* CoreGraphics.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + E7D847C11C6BE9710025BB44 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC65E7231D8CB28900152EF0 /* libutilities.a in Frameworks */, + E7D8489F1C6C244B0025BB44 /* Foundation.framework in Frameworks */, + E7650E6F1C7699DA00378669 /* Security.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + E7D847CB1C6BE9720025BB44 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + DC71D85C1D94CCD40065FB93 /* Security.framework in Frameworks */, + EB2CA4DA1D2C28F100AB770F /* libaks_acl.a in Frameworks */, + E7DC73B71C890F0E0008BF73 /* KeychainCircle.framework in Frameworks */, + E7D848561C6C1E830025BB44 /* Foundation.framework in Frameworks */, + E7F482E61C7640D300390FDB /* IOKit.framework in Frameworks */, + DC00ABA51D821DCD00513D74 /* libsecurity.a in Frameworks */, + DC00ABA61D821DD000513D74 /* libsecurityd_ios.a in Frameworks */, + DC00ABA71D821DD300513D74 /* libSecureObjectSync.a in Frameworks */, + DCD22D541D8CC0FC001C9B81 /* libutilities.a in Frameworks */, + DC59EA821D91CD24001BDDF5 /* libDER_not_installed.a in Frameworks */, + DCD22D531D8CC0EF001C9B81 /* libASN1_not_installed.a in Frameworks */, + E7F482A11C7543E500390FDB /* libsqlite3.dylib in Frameworks */, + DC00ABA81D821DD900513D74 /* libsecipc_client.a in Frameworks */, + E7F482A31C7544E600390FDB /* libctkclient_test.a in Frameworks */, + E7F482A61C75453900390FDB /* libcoreauthd_test_client.a in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + EB0BC9391C3C791500785842 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + EB0BC93A1C3C791500785842 /* Foundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + EB425CA11C65846D000ECE53 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + EB425CDE1C658668000ECE53 /* Security.framework in Frameworks */, + EB425CA21C65846D000ECE53 /* Foundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + EB433A231CC3243600A7EACE /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + EB433A2A1CC3246800A7EACE /* Security.framework in Frameworks */, + EB433A241CC3243600A7EACE /* Foundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + EB9C1D771BDFD0E000F89272 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + EB9C1D7B1BDFD0E000F89272 /* Foundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + EBA9AA801CE30E58004E2B68 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + EBA9AA811CE30E58004E2B68 /* Security.framework in Frameworks */, + EBA9AA821CE30E58004E2B68 /* Foundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + EBCF73F61CE45F9C00BED7CA /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + EBCF73F71CE45F9C00BED7CA /* Security.framework in Frameworks */, + EBCF73F81CE45F9C00BED7CA /* Foundation.framework in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + EBF3746F1DC055580065D840 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + EBF3747E1DC057B40065D840 /* Security.framework in Frameworks */, + E76638A81DD679BC00B769D3 /* libutilities.a in Frameworks */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXFrameworksBuildPhase section */ + +/* Begin PBXGroup section */ + 0C0BDB30175685B000BC1A7E /* secdtests */ = { + isa = PBXGroup; + children = ( + 0C664AB2175926B20092D3D9 /* secdtests-entitlements.plist */, + 0C0BDB31175685B000BC1A7E /* main.m */, + 0C0BDB441756868B00BC1A7E /* testlist.h */, + ); + path = secdtests; + sourceTree = ""; + }; + 0C2BCBA41D063F7D00ED7A2F /* dtlsEcho */ = { + isa = PBXGroup; + children = ( + 0C2BCBA51D063F7D00ED7A2F /* dtlsEchoClient.c */, + 0C2BCBA61D063F7D00ED7A2F /* dtlsEchoServer.c */, + 0C2BCBA71D063F7D00ED7A2F /* README */, + ); + path = dtlsEcho; + sourceTree = ""; + }; + 0C78F1C816A5E13400654E08 /* regressions */ = { + isa = PBXGroup; + children = ( + 0C78F1CA16A5E1BF00654E08 /* sectask-10-sectask.c */, + 0C78F1CB16A5E1BF00654E08 /* sectask_ipc.defs */, + 0C78F1C916A5E13400654E08 /* sectask_regressions.h */, + ); + path = regressions; + sourceTree = ""; + }; + 107226CF0D91DB32003CF14F /* sectask */ = { + isa = PBXGroup; + children = ( + 0C78F1C816A5E13400654E08 /* regressions */, + 107226D00D91DB32003CF14F /* SecTask.c */, + 4C7CE56E0DC7DB0A00AE53FC /* SecEntitlements.h */, + ); + name = sectask; + path = ../../../sectask; + sourceTree = ""; + }; + 4381690E1B4EDCBD00C54D58 /* SOSCCAuthPlugin */ = { + isa = PBXGroup; + children = ( + 438169E11B4EDEE200C54D58 /* SOSCCAuthPlugin.h */, + 438169E21B4EDEE200C54D58 /* SOSCCAuthPlugin.m */, + 4381690F1B4EDCBD00C54D58 /* Info.plist */, + ); + path = SOSCCAuthPlugin; + sourceTree = ""; + }; + 4814D86C1CAA064F002FFC36 /* os_log */ = { + isa = PBXGroup; + children = ( + DCE4E80D1D7A4E3A00AFB96E /* com.apple.securityd.plist */, + 48284A041D1DB06E00C76CB7 /* README_os_log_prefs.txt */, + ); + name = os_log; + path = ../../..; + sourceTree = ""; + }; + 4C198F1A0ACDB4BF00AAB142 /* strings */ = { + isa = PBXGroup; + children = ( + 53C0E1F1177FAC2C00F8A018 /* CloudKeychain.strings */, + BE4AC9B818B8273600B84964 /* SharedWebCredentials.strings */, + 4C198F1F0ACDB4BF00AAB142 /* OID.strings */, + 4C198F1D0ACDB4BF00AAB142 /* Certificate.strings */, + ); + name = strings; + path = ../../../resources; + sourceTree = ""; + }; + 4C35DB67094F906D002917C4 = { + isa = PBXGroup; + children = ( + DC5AC2021D83668700CF422C /* Security.framework */, + DC5AC1FD1D83647300CF422C /* SecureObjectSync */, + DCE4E8A01D7F352600AFB96E /* authd */, + DCE4E85A1D7A583100AFB96E /* trustd */, + DC5AC1FF1D83650C00CF422C /* securityd */, + DC0BC4E51D8B6AA600070CB0 /* applications */, + DC5AC2011D83663C00CF422C /* tests */, + EB2CA5311D2C30CD00AB770F /* xcconfig */, + EBF374731DC055590065D840 /* security-sysdiagnose */, + E7FCBE401314471B000DE34E /* Frameworks */, + 4C8BC620097DBC1B00C781D5 /* Libraries */, + 4C35DC36094F9120002917C4 /* Products */, + 4C4CE9120AF81F0E0056B01D /* README */, + 4CAB97FD1114CC5300EFB38D /* README.keychain */, + 4C4CE9070AF81ED80056B01D /* TODO */, + ); + sourceTree = ""; + }; + 4C35DC36094F9120002917C4 /* Products */ = { + isa = PBXGroup; + children = ( + 4C32C0AF0A4975F6002891BD /* Security.framework */, + 790851B60CA9859F0083CC4D /* securityd */, + 4CB740A30A47567C00D641BB /* security */, + 7913B2110D172B3900601FE9 /* sslServer */, + 4CE5A54D09C796E200D27A3F /* sslViewer */, + 4C9DE9D21181AC4800CF5C27 /* sslEcdsa */, + E710C7421331946400F85568 /* SecurityTests.app */, + 4C711D7613AFCD0900FE865D /* SecurityDevTests.app */, + E7B01BF2166594AB000485F1 /* SyncDevTest2.app */, + 52D82BDE16A621F70078DFE5 /* CloudKeychainProxy.bundle */, + 728B56A116D59979008FA3AB /* OTAPKIAssetTool */, + 4C52D0B416EFC61E0079966E /* CircleJoinRequested */, + 5346480117331E1200FE9172 /* KeychainSyncAccountNotification.bundle */, + 0C0BDB2F175685B000BC1A7E /* secdtests */, + BE442BC118B7FDB800F24DAE /* swcagent */, + BE197F2619116FD100BA91D1 /* SharedWebCredentialViewService.app */, + 5E10992519A5E55800A60E2B /* ISACLProtectedItems.bundle */, + CD276C271A83F60C003226BC /* KeychainSyncingOverIDSProxy.bundle */, + 5EBE247A1B00CCAE0007DB0E /* secacltests */, + 4381690C1B4EDCBD00C54D58 /* SOSCCAuthPlugin.bundle */, + EB9C1D7A1BDFD0E000F89272 /* secbackupntest */, + EB0BC93E1C3C791500785842 /* secedumodetest */, + EB425CA61C65846D000ECE53 /* secbackuptest */, + E7D847C51C6BE9710025BB44 /* KeychainCircle.framework */, + E7D847CE1C6BE9720025BB44 /* KeychainCircleTests.xctest */, + EB433A281CC3243600A7EACE /* secitemstresstest */, + EBA9AA861CE30E58004E2B68 /* secitemnotifications */, + EBCF73FC1CE45F9C00BED7CA /* secitemfunctionality */, + 0C2BCBB91D06401F00ED7A2F /* dtlsEchoClient */, + 0C2BCBCE1D0648D100ED7A2F /* dtlsEchoServer */, + DC1785051D77873100B50D50 /* Security.framework */, + DC1789041D77980500B50D50 /* Security.framework */, + DC58C4231D77BDEA003C25A4 /* csparser.bundle */, + DC610A341D78F129002223DE /* secdtests */, + DC610A471D78F48F002223DE /* SecTaskTest */, + DC610A5F1D78F9D2002223DE /* codesign_tests */, + DC610AB71D7910C3002223DE /* gk_reset_check */, + DCE4E6A41D7A37FA00AFB96E /* security2 */, + DCE4E7B21D7A43B500AFB96E /* SecurityTestsOSX.app */, + DCE4E7CC1D7A4AED00AFB96E /* sectests */, + DCE4E7F61D7A4DA800AFB96E /* secd */, + DCE4E8591D7A57AE00AFB96E /* trustd */, + DCE4E8941D7F34F600AFB96E /* authd.xpc */, + DCE4E8DD1D7F39DB00AFB96E /* Cloud Keychain Utility.app */, + DCE4E9111D7F3D5300AFB96E /* Keychain Circle Notification.app */, + DCC78EA91D8088E200865A7C /* libsecurity.a */, + DC52E7C21D80BC8000B0A59C /* libsecurityd_ios.a */, + DC52E8BA1D80C1EB00B0A59C /* libsecipc_client.a */, + DC52E8C61D80C25800B0A59C /* libSecureObjectSync.a */, + DC52EA4C1D80CB7000B0A59C /* libSecurityTool.a */, + DC52EBD51D80CEF100B0A59C /* libSecurityCommands.a */, + DC52EC341D80CFB200B0A59C /* libSOSCommands.a */, + DC52EC4D1D80D00800B0A59C /* libSWCAgent.a */, + DC52EC5C1D80D05200B0A59C /* liblogging.a */, + DC52EC681D80D0C400B0A59C /* libSOSRegressions.a */, + DC52EC971D80D1A800B0A59C /* libiOSSecurityRegressions.a */, + DC52ED9D1D80D4CD00B0A59C /* libiOSsecuritydRegressions.a */, + DC52EDB11D80D58400B0A59C /* libsecdRegressions.a */, + DC52EE411D80D6DD00B0A59C /* libSharedRegressions.a */, + DC52EE6E1D80D82600B0A59C /* libSecItemShimOSX.a */, + DCD66D731D8204A700DB1393 /* libSecTrustOSX.a */, + DCD66DDB1D8205C400DB1393 /* libSecOtrOSX.a */, + DC5ABDC51D832DAB00CF422C /* security */, + DC5AC0501D8352D900CF422C /* securityd */, + DC6A82921D87749900418608 /* libsecurityd_client.a */, + DC0067C01D87876F005AF8DB /* libsecurityd_server.a */, + DC0067D01D878898005AF8DB /* libsecurityd_ucspc.a */, + DCF783141D88B4DE00E694BB /* libsecurity_apple_csp.a */, + DCF785E51D88B95500E694BB /* libsecurity_apple_cspdl.a */, + DCF788331D88C86900E694BB /* libsecurity_apple_empty.a */, + DCF7883B1D88C8C400E694BB /* libsecurity_apple_file_dl.a */, + DCF7884E1D88CA7200E694BB /* libsecurity_apple_x509_cl.a */, + DCF7889D1D88CB5200E694BB /* apple_x509_cl.bundle */, + DCF788D61D88CD2400E694BB /* libsecurity_apple_x509_tp.a */, + DC8834081D8A218F00CE0ACA /* libASN1_not_installed.a */, + DCB3406D1D8A24DF0054D16E /* libsecurity_authorization.a */, + DCB340951D8A267C0054D16E /* libsecurity_cdsa_client.a */, + DCB341371D8A2A010054D16E /* libsecurity_cdsa_plugin.a */, + DCB341821D8A2B860054D16E /* libsecurity_cdsa_utilities.a */, + DCB342411D8A32820054D16E /* libsecurity_keychain.a */, + DCB3443E1D8A34FD0054D16E /* libsecurity_keychain_regressions.a */, + DC0BC5511D8B6D2D00070CB0 /* XPCKeychainSandboxCheck.xpc */, + DC0BC56C1D8B6E3D00070CB0 /* XPCTimeStampingService.xpc */, + DC0BC58C1D8B70E700070CB0 /* libsecurity_cdsa_utils.a */, + DC0BC5B71D8B71FD00070CB0 /* libsecurity_checkpw.a */, + DC0BC5C61D8B72E700070CB0 /* test-checkpw */, + DC0BC5E11D8B73B000070CB0 /* perf-checkpw */, + DC0BC5E91D8B742200070CB0 /* libsecurity_comcryption.a */, + DC0BC5FF1D8B752B00070CB0 /* libsecurity_cryptkit.a */, + DC0BC74C1D8B771600070CB0 /* libsecurity_cssm.a */, + DC0BC89F1D8B7CBD00070CB0 /* libsecurity_filedb.a */, + DC0BC8D31D8B7DA200070CB0 /* libsecurity_manifest.a */, + DC0BC9001D8B7E8000070CB0 /* libsecurity_mds.a */, + DC0BC9351D8B7F6A00070CB0 /* libsecurity_ocspd.a */, + DC0BC96D1D8B810A00070CB0 /* libsecurity_pkcs12.a */, + DC0BC9A11D8B81BE00070CB0 /* libsecurity_sd_cspdl.a */, + DC0BC9CF1D8B824700070CB0 /* libsecurity_ssl.a */, + DC0BCA1A1D8B82B000070CB0 /* libsecurity_ssl_regressions.a */, + DC0BCA801D8B858600070CB0 /* libsecurity_transform.a */, + DC0BCB081D8B894F00070CB0 /* libsecurity_translocate.a */, + DC0BCBFD1D8C648C00070CB0 /* libregressionBase.a */, + DC0BCC361D8C684F00070CB0 /* libutilities.a */, + DC0BCD481D8C694700070CB0 /* libutilitiesRegressions.a */, + DCD0677F1D8CDF19007602F1 /* libsecurity_codesigning.a */, + DCD06A3F1D8CE21D007602F1 /* libintegrity.a */, + DCD06A511D8CE281007602F1 /* libcodehost.a */, + DCD06A741D8CE2D5007602F1 /* gkunpack */, + DCD06AB01D8E0D53007602F1 /* libsecurity_utilities.a */, + DC59E9EC1D91C9DC001BDDF5 /* libDER_not_installed.a */, + DC59EA251D91CA15001BDDF5 /* libDERUtils.a */, + DC59EA371D91CA82001BDDF5 /* parseCert */, + DC59EA601D91CAF0001BDDF5 /* parseCrl */, + DC59EA701D91CB9F001BDDF5 /* parseTicket */, + DC3A4B581D91E9FB00E46D4A /* com.apple.CodeSigningHelper.xpc */, + DC71D9DF1D95BA6C0065FB93 /* libASN1.a */, + DC71D9FB1D95BB0A0065FB93 /* libDER.a */, + EBF374721DC055580065D840 /* security-sysdiagnose */, + ); + name = Products; + sourceTree = ""; + }; + 4C50ACFB1410671D00EE92DE /* DigiNotar */ = { + isa = PBXGroup; + children = ( + 4C3CECF21416E20400947741 /* DigiNotar_Root_CA_G2-RootCertificate.crt */, + 4C3CECEA1416DB2200947741 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt */, + 4C3CECEB1416DB2200947741 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt */, + 4C3CECEC1416DB2200947741 /* Invalid-diginotarpkioverheidcaoverheid.crt */, + 4C3CECED1416DB2200947741 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt */, + 4C3CECEE1416DB2200947741 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt */, + 4C3CECEF1416DB2200947741 /* Ministerie_van_Defensie_Certificatie_Autoriteit.crt */, + 4C3CECF01416DB2200947741 /* staatdernederlandenorganisatieca-g2-Cert.crt */, + 4C3CECF11416DB2200947741 /* staatdernederlandenoverheidca-Cert.crt */, + 4C8B91C51416EB6A00A254E2 /* Invalid-webmail.portofamsterdam.nl.crt */, + 4C50AD2F1410689300EE92DE /* Expectations.plist */, + 4C50ACFC1410671D00EE92DE /* DigiNotarCA2007RootCertificate.crt */, + 4C50ACFD1410671D00EE92DE /* Invalid-asterisk.google.com.crt */, + 4C50ACFE1410671D00EE92DE /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt */, + 4C50ACFF1410671D00EE92DE /* Invalid-webmail.terneuzen.nl-diginotar-services.crt */, + 4C50AD001410671D00EE92DE /* Invalid-www.maestre.com-diginotal.extended.validation.crt */, + 4C50AD011410671D00EE92DE /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt */, + 4C50AD021410671D00EE92DE /* diginotar-public-ca-2025-Cert.crt */, + 4C50AD031410671D00EE92DE /* diginotar-services-1024-entrust-secure-server-Cert.crt */, + 4C50AD041410671D00EE92DE /* diginotar-services-diginotar-root-Cert.crt */, + 4C50AD051410671D00EE92DE /* diginotar.cyberca-gte.global.root-Cert.crt */, + 4C50AD061410671D00EE92DE /* diginotar.extended.validation-diginotar.root.ca-Cert.crt */, + 4C50AD071410671D00EE92DE /* diginotar.root.ca-entrust-secure-server-Cert.crt */, + ); + path = DigiNotar; + sourceTree = ""; + }; + 4C52D0B616EFC61E0079966E /* CircleJoinRequested */ = { + isa = PBXGroup; + children = ( + 4C52D0B916EFC61E0079966E /* CircleJoinRequested.m */, + 4CC3D28F178F310B0070FCC4 /* PersistentState.h */, + 4CC3D290178F310C0070FCC4 /* PersistentState.m */, + 4C52D0E216EFCCA20079966E /* Applicant.h */, + 4C52D0E316EFCCA20079966E /* Applicant.m */, + 4C52D0E416EFCCA20079966E /* com.apple.security.CircleJoinRequested.plist */, + 4C52D0E516EFCCA20079966E /* NSArray+map.h */, + 4C52D0E616EFCCA20079966E /* NSArray+map.m */, + 4C52D0BD16EFC61E0079966E /* Readme.txt */, + 4C3DD6AE179755560093F9D8 /* NSDate+TimeIntervalDescription.h */, + 4C3DD6AF179755560093F9D8 /* NSDate+TimeIntervalDescription.m */, + 4C52D0B716EFC61E0079966E /* Supporting Files */, + 4C84DA6217207E8D00AEE225 /* entitlements.plist */, + ); + path = CircleJoinRequested; + sourceTree = ""; + }; + 4C52D0B716EFC61E0079966E /* Supporting Files */ = { + isa = PBXGroup; + children = ( + CDB9FCA9179CC757000AAD66 /* Info.plist */, + ); + name = "Supporting Files"; + sourceTree = ""; + }; + 4C8BC620097DBC1B00C781D5 /* Libraries */ = { + isa = PBXGroup; + children = ( + DC5AC0CD1D83542700CF422C /* libsecurity_tokend_client.a */, + DC610A3A1D78F228002223DE /* libACM.a */, + 4CA692640DA4027F001094C2 /* libCMS.a */, + E7D690911652E06A0079537A /* libMobileGestalt.dylib */, + 107227350D91FE89003CF14F /* libbsm.dylib */, + 4432AF6A1A01458F000958DC /* libcoreauthd_client.a */, + 5E8B53A41AA0B8A600345E7B /* libcoreauthd_test_client.a */, + E7AAB5F415929493005C8BCC /* libcorecrypto.dylib */, + 4469FBDD1AA0A45C0021AA26 /* libctkclient.a */, + 4469FBDC1AA0A45C0021AA26 /* libctkclient_test.a */, + 4CB740680A4749C800D641BB /* libsqlite3.dylib */, + ); + name = Libraries; + sourceTree = ""; + }; + 4C922CB2097F1984004CEEBD /* Security */ = { + isa = PBXGroup; + children = ( + DC1785981D778C5300B50D50 /* cssmapple.h */, + 4C28BCD60986EBCB0020C665 /* certextensions.h */, + 4C696B3709BFA94F000CBC75 /* SecBase.h */, + 4C0208F80D3C154200BFE54E /* SecBasePriv.h */, + 4C8FD03D099D5C91006867B6 /* SecCertificate.h */, + 4C7608B10AC34A8100980096 /* SecCertificatePriv.h */, + 791766DD0DD0162C00F3B974 /* SecCertificateRequest.h */, + 4CAC87D60B8F82720009C9FC /* SecIdentity.h */, + 4CCE0AD90D41797400DDBB21 /* SecIdentityPriv.h */, + 79EF5B6C0D3D6A31009F5270 /* SecImportExport.h */, + 4C6416F00BB357D5001C83FD /* SecInternal.h */, + 4CF0484A0A5D988F00268236 /* SecItem.h */, + 4CF0487F0A5F016300268236 /* SecItemPriv.h */, + 4C7072840AC9EA4E007CC205 /* SecKey.h */, + 4C7072D30AC9ED5A007CC205 /* SecKeyPriv.h */, + 4CBA0E860BB33C0000E72B55 /* SecPolicy.h */, + 4C6416D40BB34F00001C83FD /* SecPolicyPriv.h */, + 4C2F81D40BF121D2003C4F77 /* SecRandom.h */, + 107226D10D91DB32003CF14F /* SecTask.h */, + 4C8FD03E099D5C91006867B6 /* SecTrust.h */, + 4C87F3A70D611C26000E7104 /* SecTrustPriv.h */, + 4C4296300BB0A68200491999 /* SecTrustSettings.h */, + 4C12828C0BB4957D00985BB0 /* SecTrustSettingsPriv.h */, + 4C64E00B0B8FBBF3009B306C /* Security.h */, + ); + name = Security; + sourceTree = SOURCE_ROOT; + }; + 4C999BA00AB5F0BB0010451D /* ntlm */ = { + isa = PBXGroup; + children = ( + 4C999BA10AB5F0BB0010451D /* NtlmGenerator.c */, + 4C999BA20AB5F0BB0010451D /* NtlmGenerator.h */, + 4C999BA30AB5F0BB0010451D /* ntlmBlobPriv.c */, + 4C999BA40AB5F0BB0010451D /* ntlmBlobPriv.h */, + ); + name = ntlm; + path = ../../../ntlm; + sourceTree = ""; + }; + 4CB740FA0A47580400D641BB /* Security2Tool macOS */ = { + isa = PBXGroup; + children = ( + DCE4E6A71D7A38C000AFB96E /* security2.1 */, + E78A9AD81D34959200006B5B /* NSFileHandle+Formatting.h */, + E78A9AD91D34959200006B5B /* NSFileHandle+Formatting.m */, + 4C4CB7100DDA44900026B660 /* entitlements.plist */, + E7104A0B169E171900DB0045 /* security_tool_commands.c */, + E7FEFB80169E26E200E18152 /* sub_commands.h */, + ); + name = "Security2Tool macOS"; + path = SecurityTool; + sourceTree = ""; + }; + 4CE5A55609C7970A00D27A3F /* sslViewer */ = { + isa = PBXGroup; + children = ( + 4C9DE9E21181AC8300CF5C27 /* sslEcdsa.cpp */, + 4CA880C20DDBC87200D9A0F2 /* sslServer-entitlements.plist */, + 4CA880C30DDBC87200D9A0F2 /* sslViewer-entitlements.plist */, + 4CCE0AE10D417A2700DDBB21 /* sslAppUtils.h */, + 7913B1DF0D17280500601FE9 /* sslServer.cpp */, + 4CE5A65809C79E0600D27A3F /* ioSock.c */, + 4CE5A65909C79E0600D27A3F /* ioSock.h */, + 4CE5A65A09C79E0600D27A3F /* sslAppUtils.cpp */, + 4CE5A65B09C79E0600D27A3F /* sslClient.cpp */, + 4CE5A65C09C79E0600D27A3F /* sslServe.cpp */, + 4CE5A65D09C79E0600D27A3F /* sslThreading.h */, + 4CE5A55709C7970A00D27A3F /* SSLViewer.c */, + 4CE5A55809C7970A00D27A3F /* SSL_Sites */, + 4CE5A55909C7970A00D27A3F /* pingSslSites */, + 4CE5A55A09C7970A00D27A3F /* verifyPing */, + ); + path = sslViewer; + sourceTree = ""; + }; + 5346480317331E1200FE9172 /* KeychainSyncAccountNotification */ = { + isa = PBXGroup; + children = ( + 5346481C173322BD00FE9172 /* KeychainSyncAccountNotification.h */, + 5346481D173322BD00FE9172 /* KeychainSyncAccountNotification.m */, + 5346480417331E1200FE9172 /* Supporting Files */, + ); + path = KeychainSyncAccountNotification; + sourceTree = ""; + }; + 5346480417331E1200FE9172 /* Supporting Files */ = { + isa = PBXGroup; + children = ( + 5346480517331E1200FE9172 /* KeychainSyncAccountNotification-Info.plist */, + 5346480617331E1200FE9172 /* InfoPlist.strings */, + 5346480A17331E1200FE9172 /* KeychainSyncAccountNotification-Prefix.pch */, + ); + name = "Supporting Files"; + sourceTree = ""; + }; + 5E10992719A5E55800A60E2B /* ISACLProtectedItems */ = { + isa = PBXGroup; + children = ( + 5E10994E19A5E5CE00A60E2B /* ISProtectedItems.plist */, + 5E10994F19A5E5CE00A60E2B /* ISProtectedItemsController.h */, + 5E10995019A5E5CE00A60E2B /* ISProtectedItemsController.m */, + 5E10992819A5E55800A60E2B /* Supporting Files */, + ); + path = ISACLProtectedItems; + sourceTree = ""; + }; + 5E10992819A5E55800A60E2B /* Supporting Files */ = { + isa = PBXGroup; + children = ( + 5E10992919A5E55800A60E2B /* Info.plist */, + 5E11CAB919A759BD008A3664 /* KeychainItemsAclTest.sh */, + ); + name = "Supporting Files"; + sourceTree = ""; + }; + 5EBE247B1B00CCAE0007DB0E /* secacltests */ = { + isa = PBXGroup; + children = ( + 5E43C4881B00CF4600E5ECB2 /* secacltests-entitlements.plist */, + 5E43C4891B00CF4600E5ECB2 /* testlist.h */, + 5EBE247C1B00CCAE0007DB0E /* main.c */, + 5E4E05A31B0CA0FD001C4A31 /* sec_acl_stress.c */, + ); + path = secacltests; + sourceTree = ""; + }; + 728B56A316D59979008FA3AB /* OTAPKIAssetTool */ = { + isa = PBXGroup; + children = ( + 72CD2BBB16D59AE30064EEE1 /* OTAServiceApp.m */, + 72CD2BBC16D59AE30064EEE1 /* OTAServiceApp.h */, + 72CD2BBD16D59AE30064EEE1 /* OTAServicemain.m */, + 728B56A416D59979008FA3AB /* Supporting Files */, + ); + path = OTAPKIAssetTool; + sourceTree = ""; + }; + 728B56A416D59979008FA3AB /* Supporting Files */ = { + isa = PBXGroup; + children = ( + 5DDD0BDD16D6740E00D6C0D6 /* com.apple.OTAPKIAssetTool.plist */, + 5DDD0BDE16D6740E00D6C0D6 /* OTAPKIAssetTool-entitlements.plist */, + 22C002A31AC9D33100B3469E /* OTAPKIAssetTool.xcconfig */, + ); + name = "Supporting Files"; + sourceTree = ""; + }; + 7908507E0CA87CF00083CC4D /* ipc */ = { + isa = PBXGroup; + children = ( + 790850820CA87CF00083CC4D /* securityd_client.h */, + 7908507F0CA87CF00083CC4D /* client.c */, + 790850840CA87CF00083CC4D /* server.c */, + ); + name = ipc; + path = ../ipc; + sourceTree = ""; + }; + 79679E241462028800CF997F /* DigicertMalaysia */ = { + isa = PBXGroup; + children = ( + 7947431C146214E500D638A3 /* Digisign-Server-ID-Enrich-GTETrust-Cert.crt */, + 794743191462137C00D638A3 /* Invalid-www.cybersecurity.my.crt */, + 79679E251462028800CF997F /* Digisign-Server-ID-Enrich-Entrust-Cert.crt */, + 79679E261462028800CF997F /* Invalid-webmail.jaring.my.crt */, + ); + path = DigicertMalaysia; + sourceTree = ""; + }; + BE197F2719116FD100BA91D1 /* SharedWebCredentialViewService */ = { + isa = PBXGroup; + children = ( + BE197F3019116FD100BA91D1 /* SWCAppDelegate.h */, + BE197F3119116FD100BA91D1 /* SWCAppDelegate.m */, + BE197F5F191173C100BA91D1 /* SWCViewController.h */, + BE197F5D191173A800BA91D1 /* SWCViewController.m */, + BE197F2819116FD100BA91D1 /* Supporting Files */, + ); + path = SharedWebCredentialViewService; + sourceTree = ""; + }; + BE197F2819116FD100BA91D1 /* Supporting Files */ = { + isa = PBXGroup; + children = ( + BE197F2919116FD100BA91D1 /* SharedWebCredentialViewService-Info.plist */, + BE197F60191173F200BA91D1 /* entitlements.plist */, + BE197F2A19116FD100BA91D1 /* InfoPlist.strings */, + BE197F2D19116FD100BA91D1 /* main.m */, + BE197F2F19116FD100BA91D1 /* SharedWebCredentialViewService-Prefix.pch */, + ); + name = "Supporting Files"; + sourceTree = ""; + }; + BE6D96B31DB14B65001B76D4 /* si-84-sectrust-allowlist */ = { + isa = PBXGroup; + children = ( + BE6D96B41DB14B65001B76D4 /* cnnic_certs.h */, + BE6D96B51DB14B65001B76D4 /* date_testing_certs.h */, + BE6D96B61DB14B65001B76D4 /* wosign_certs.h */, + ); + path = "si-84-sectrust-allowlist"; + sourceTree = ""; + }; + CD6130CC1DA06F5700E1E42F /* KeychainSyncingOverIDSProxy */ = { + isa = PBXGroup; + children = ( + CD23B4961DA06EB30047EDE9 /* keychainsyncingoveridsproxy.m */, + CD23B4971DA06EB30047EDE9 /* KeychainSyncingOverIDSProxy+ReceiveMessage.h */, + CD23B4981DA06EB30047EDE9 /* KeychainSyncingOverIDSProxy+ReceiveMessage.m */, + CD23B4991DA06EB40047EDE9 /* KeychainSyncingOverIDSProxy+SendMessage.h */, + CD23B49A1DA06EB40047EDE9 /* KeychainSyncingOverIDSProxy+SendMessage.m */, + CD23B49B1DA06EB40047EDE9 /* KeychainSyncingOverIDSProxy+Throttle.h */, + CD23B49C1DA06EB40047EDE9 /* KeychainSyncingOverIDSProxy+Throttle.m */, + CD23B4931DA06EB30047EDE9 /* IDSPersistentState.m */, + CD23B4921DA06EB30047EDE9 /* IDSPersistentState.h */, + CD23B4951DA06EB30047EDE9 /* IDSProxy.m */, + CD23B4941DA06EB30047EDE9 /* IDSProxy.h */, + CD6130D21DA06FA800E1E42F /* Supporting Files */, + ); + name = KeychainSyncingOverIDSProxy; + sourceTree = ""; + }; + CD6130D21DA06FA800E1E42F /* Supporting Files */ = { + isa = PBXGroup; + children = ( + CD6130D31DA06FC600E1E42F /* com.apple.security.keychainsyncingoveridsproxy.ios.plist */, + CD6130D41DA06FC600E1E42F /* com.apple.security.keychainsyncingoveridsproxy.osx.plist */, + CD6130D51DA06FC600E1E42F /* en.lproj */, + CD6130D81DA06FC600E1E42F /* KeychainSyncingOverIDSProxy-Info.plist */, + CD6130D91DA06FC600E1E42F /* keychainsyncingoveridsproxy.entitlements.plist */, + CD23B4A81DA06ED10047EDE9 /* com.apple.private.alloy.keychainsync.plist */, + DC24B5841DA432C600330B48 /* IDSKeychainSyncingProxy.1 */, + ); + name = "Supporting Files"; + sourceTree = ""; + }; + CD6130D51DA06FC600E1E42F /* en.lproj */ = { + isa = PBXGroup; + children = ( + CD6130D61DA06FC600E1E42F /* InfoPlist.strings */, + ); + name = en.lproj; + path = KeychainSyncingOverIDSProxy/en.lproj; + sourceTree = ""; + }; + DC0BC4E51D8B6AA600070CB0 /* applications */ = { + isa = PBXGroup; + children = ( + DC58C4391D77BEA1003C25A4 /* csparser */, + 5E10992719A5E55800A60E2B /* ISACLProtectedItems */, + 728B56A316D59979008FA3AB /* OTAPKIAssetTool */, + DC5AC1FE1D8364BA00CF422C /* SecurityTool */, + DCC78EA21D80860C00865A7C /* SharedWebCredentialAgent */, + BE197F2719116FD100BA91D1 /* SharedWebCredentialViewService */, + DC0BC5361D8B6ABE00070CB0 /* XPCKeychainSandboxCheck */, + DC0BC56E1D8B6E6400070CB0 /* XPCTimeStampingService */, + ); + name = applications; + sourceTree = ""; + }; + DC0BC5361D8B6ABE00070CB0 /* XPCKeychainSandboxCheck */ = { + isa = PBXGroup; + children = ( + DC0BC5461D8B6AFE00070CB0 /* main.c */, + DC0BC5471D8B6AFE00070CB0 /* XPCKeychainSandboxCheck-Info.plist */, + ); + name = XPCKeychainSandboxCheck; + path = OSX/libsecurity_keychain/xpc; + sourceTree = ""; + }; + DC0BC56E1D8B6E6400070CB0 /* XPCTimeStampingService */ = { + isa = PBXGroup; + children = ( + DC0BC56F1D8B6E7700070CB0 /* XPCTimeStampingService-Info.plist */, + DC0BC5701D8B6E7700070CB0 /* main-tsa.m */, + DC0BC5711D8B6E7700070CB0 /* timestampclient.h */, + DC0BC5721D8B6E7700070CB0 /* timestampclient.m */, + ); + name = XPCTimeStampingService; + sourceTree = ""; + }; + DC0BC5841D8B70D100070CB0 /* cdsa_utils */ = { + isa = PBXGroup; + children = ( + DC0BC59D1D8B711000070CB0 /* lib */, + ); + name = cdsa_utils; + sourceTree = ""; + }; + DC0BC59D1D8B711000070CB0 /* lib */ = { + isa = PBXGroup; + children = ( + DC0BC58D1D8B711000070CB0 /* cuCdsaUtils.cpp */, + DC0BC58E1D8B711000070CB0 /* cuCdsaUtils.h */, + DC0BC58F1D8B711000070CB0 /* cuDbUtils.cpp */, + DC0BC5901D8B711000070CB0 /* cuDbUtils.h */, + DC0BC5911D8B711000070CB0 /* cuEnc64.c */, + DC0BC5921D8B711000070CB0 /* cuEnc64.h */, + DC0BC5931D8B711000070CB0 /* cuFileIo.c */, + DC0BC5941D8B711000070CB0 /* cuFileIo.h */, + DC0BC5951D8B711000070CB0 /* cuOidParser.cpp */, + DC0BC5961D8B711000070CB0 /* cuOidParser.h */, + DC0BC5971D8B711000070CB0 /* cuPem.cpp */, + DC0BC5981D8B711000070CB0 /* cuPem.h */, + DC0BC5991D8B711000070CB0 /* cuPrintCert.cpp */, + DC0BC59A1D8B711000070CB0 /* cuPrintCert.h */, + DC0BC59B1D8B711000070CB0 /* cuTimeStr.cpp */, + DC0BC59C1D8B711000070CB0 /* cuTimeStr.h */, + ); + name = lib; + path = OSX/libsecurity_cdsa_utils/lib; + sourceTree = ""; + }; + DC0BC5B81D8B721900070CB0 /* checkpw */ = { + isa = PBXGroup; + children = ( + DC0BC5BB1D8B723500070CB0 /* lib */, + DC17875B1D7790CE00B50D50 /* checkpw.h */, + DC0BC5BE1D8B725100070CB0 /* checkpw.pam */, + ); + name = checkpw; + sourceTree = ""; + }; + DC0BC5BB1D8B723500070CB0 /* lib */ = { + isa = PBXGroup; + children = ( + DC0BC5B91D8B723500070CB0 /* checkpw.c */, + DC0BC5BA1D8B723500070CB0 /* checkpw.h */, + ); + name = lib; + path = OSX/libsecurity_checkpw/lib; + sourceTree = ""; + }; + DC0BC5CD1D8B72FE00070CB0 /* test-checkpw */ = { + isa = PBXGroup; + children = ( + DC0BC5CE1D8B730D00070CB0 /* test-checkpw.c */, + ); + name = "test-checkpw"; + sourceTree = ""; + }; + DC0BC5EA1D8B743F00070CB0 /* comcryption */ = { + isa = PBXGroup; + children = ( + DC0BC5F01D8B745700070CB0 /* lib */, + ); + name = comcryption; + sourceTree = ""; + }; + DC0BC5F01D8B745700070CB0 /* lib */ = { + isa = PBXGroup; + children = ( + DC0BC5EB1D8B745700070CB0 /* comcryption.c */, + DC0BC5EC1D8B745700070CB0 /* comcryption.h */, + DC0BC5ED1D8B745700070CB0 /* comcryptPriv.c */, + DC0BC5EE1D8B745700070CB0 /* comcryptPriv.h */, + DC0BC5EF1D8B745700070CB0 /* comDebug.h */, + ); + name = lib; + path = OSX/libsecurity_comcryption/lib; + sourceTree = ""; + }; + DC0BC6001D8B754000070CB0 /* cryptkit */ = { + isa = PBXGroup; + children = ( + DC0BC64E1D8B755200070CB0 /* lib */, + ); + name = cryptkit; + sourceTree = ""; + }; + DC0BC64E1D8B755200070CB0 /* lib */ = { + isa = PBXGroup; + children = ( + DC0BC6011D8B755200070CB0 /* feeCipherFile.c */, + DC0BC6021D8B755200070CB0 /* feeCipherFileAtom.c */, + DC0BC6031D8B755200070CB0 /* byteRep.c */, + DC0BC6041D8B755200070CB0 /* byteRep.h */, + DC0BC6051D8B755200070CB0 /* CipherFileDES.c */, + DC0BC6061D8B755200070CB0 /* CipherFileDES.h */, + DC0BC6071D8B755200070CB0 /* CipherFileFEED.c */, + DC0BC6081D8B755200070CB0 /* CipherFileFEED.h */, + DC0BC6091D8B755200070CB0 /* CipherFileTypes.h */, + DC0BC60A1D8B755200070CB0 /* ckconfig.h */, + DC0BC60B1D8B755200070CB0 /* ckDES.c */, + DC0BC60C1D8B755200070CB0 /* ckDES.h */, + DC0BC60D1D8B755200070CB0 /* ckMD5.c */, + DC0BC60E1D8B755200070CB0 /* ckMD5.h */, + DC0BC60F1D8B755200070CB0 /* ckSHA1.c */, + DC0BC6101D8B755200070CB0 /* ckSHA1.h */, + DC0BC6111D8B755200070CB0 /* ckSHA1_priv.c */, + DC0BC6121D8B755200070CB0 /* ckSHA1_priv.h */, + DC0BC6131D8B755200070CB0 /* ckutilities.c */, + DC0BC6141D8B755200070CB0 /* ckutilities.h */, + DC0BC6151D8B755200070CB0 /* Crypt.h */, + DC0BC6161D8B755200070CB0 /* CryptKitSA.h */, + DC0BC6171D8B755200070CB0 /* CryptKit.h */, + DC0BC6181D8B755200070CB0 /* CryptKitAsn1.cpp */, + DC0BC6191D8B755200070CB0 /* CryptKitAsn1.h */, + DC0BC61A1D8B755200070CB0 /* CryptKitDER.cpp */, + DC0BC61B1D8B755200070CB0 /* CryptKitDER.h */, + DC0BC61C1D8B755200070CB0 /* curveParamData.h */, + DC0BC61D1D8B755200070CB0 /* curveParamDataOld.h */, + DC0BC61E1D8B755200070CB0 /* curveParams.c */, + DC0BC61F1D8B755200070CB0 /* curveParams.h */, + DC0BC6201D8B755200070CB0 /* ECDSA_Profile.h */, + DC0BC6211D8B755200070CB0 /* ECDSA_Verify_Prefix.h */, + DC0BC6221D8B755200070CB0 /* elliptic.c */, + DC0BC6231D8B755200070CB0 /* elliptic.h */, + DC0BC6241D8B755200070CB0 /* ellipticMeasure.h */, + DC0BC6251D8B755200070CB0 /* ellipticProj.c */, + DC0BC6261D8B755200070CB0 /* ellipticProj.h */, + DC0BC6271D8B755200070CB0 /* enc64.c */, + DC0BC6281D8B755200070CB0 /* enc64.h */, + DC0BC6291D8B755200070CB0 /* engineNSA127.c */, + DC0BC62A1D8B755200070CB0 /* falloc.c */, + DC0BC62B1D8B755200070CB0 /* falloc.h */, + DC0BC62C1D8B755200070CB0 /* feeCipherFile.h */, + DC0BC62D1D8B755200070CB0 /* feeDebug.h */, + DC0BC62E1D8B755200070CB0 /* feeDES.c */, + DC0BC62F1D8B755200070CB0 /* feeDES.h */, + DC0BC6301D8B755200070CB0 /* feeDigitalSignature.c */, + DC0BC6311D8B755200070CB0 /* feeDigitalSignature.h */, + DC0BC6321D8B755200070CB0 /* feeECDSA.c */, + DC0BC6331D8B755200070CB0 /* feeECDSA.h */, + DC0BC6341D8B755200070CB0 /* feeFEED.c */, + DC0BC6351D8B755200070CB0 /* feeFEED.h */, + DC0BC6361D8B755200070CB0 /* feeFEEDExp.c */, + DC0BC6371D8B755200070CB0 /* feeFEEDExp.h */, + DC0BC6381D8B755200070CB0 /* feeFunctions.h */, + DC0BC6391D8B755200070CB0 /* feeHash.c */, + DC0BC63A1D8B755200070CB0 /* feeHash.h */, + DC0BC63B1D8B755200070CB0 /* feePublicKey.c */, + DC0BC63C1D8B755200070CB0 /* feePublicKey.h */, + DC0BC63D1D8B755200070CB0 /* feePublicKeyPrivate.h */, + DC0BC63E1D8B755200070CB0 /* feeRandom.c */, + DC0BC63F1D8B755200070CB0 /* feeRandom.h */, + DC0BC6401D8B755200070CB0 /* feeTypes.h */, + DC0BC6411D8B755200070CB0 /* giantIntegers.c */, + DC0BC6421D8B755200070CB0 /* giantIntegers.h */, + DC0BC6431D8B755200070CB0 /* giantPort_Generic.h */, + DC0BC6441D8B755200070CB0 /* giantPort_i486.h */, + DC0BC6451D8B755200070CB0 /* giantPort_PPC.c */, + DC0BC6461D8B755200070CB0 /* giantPort_PPC.h */, + DC0BC6471D8B755200070CB0 /* giantPort_PPC_Gnu.h */, + DC0BC6481D8B755200070CB0 /* giantPort_PPC_Gnu.s */, + DC0BC6491D8B755200070CB0 /* giantPortCommon.h */, + DC0BC64A1D8B755200070CB0 /* HmacSha1Legacy.c */, + DC0BC64B1D8B755200070CB0 /* HmacSha1Legacy.h */, + DC0BC64C1D8B755200070CB0 /* platform.c */, + DC0BC64D1D8B755200070CB0 /* platform.h */, + ); + name = lib; + path = OSX/libsecurity_cryptkit/lib; + sourceTree = ""; + }; + DC0BC7441D8B76E500070CB0 /* cssm */ = { + isa = PBXGroup; + children = ( + DC0BC7831D8B773000070CB0 /* lib */, + DC1787421D77906C00B50D50 /* cssmapplePriv.h */, + DC1785581D778B4A00B50D50 /* cssm.h */, + DC1785591D778B4A00B50D50 /* cssmaci.h */, + DC17855A1D778B4A00B50D50 /* cssmapi.h */, + DC17855B1D778B4A00B50D50 /* cssmcli.h */, + DC17855C1D778B4A00B50D50 /* cssmconfig.h */, + DC17855D1D778B4A00B50D50 /* cssmcspi.h */, + DC17855E1D778B4A00B50D50 /* cssmdli.h */, + DC17855F1D778B4A00B50D50 /* cssmerr.h */, + DC1785601D778B4A00B50D50 /* cssmkrapi.h */, + DC1785611D778B4A00B50D50 /* cssmkrspi.h */, + DC1785621D778B4A00B50D50 /* cssmspi.h */, + DC1785631D778B4A00B50D50 /* cssmtpi.h */, + DC1785641D778B4A00B50D50 /* cssmtype.h */, + DC1785651D778B4A00B50D50 /* eisl.h */, + DC1785661D778B4A00B50D50 /* emmspi.h */, + DC1785671D778B4A00B50D50 /* emmtype.h */, + DC1785681D778B4A00B50D50 /* oidsbase.h */, + DC1785691D778B4A00B50D50 /* oidscert.h */, + DC17856A1D778B4A00B50D50 /* oidscrl.h */, + DC17856B1D778B4A00B50D50 /* x509defs.h */, + ); + name = cssm; + sourceTree = ""; + }; + DC0BC7831D8B773000070CB0 /* lib */ = { + isa = PBXGroup; + children = ( + DC0BC7651D8B773000070CB0 /* attachfactory.cpp */, + DC0BC7661D8B773000070CB0 /* attachfactory.h */, + DC0BC7671D8B773000070CB0 /* attachment.cpp */, + DC0BC7681D8B773000070CB0 /* attachment.h */, + DC0BC7691D8B773000070CB0 /* cspattachment.cpp */, + DC0BC76A1D8B773000070CB0 /* cspattachment.h */, + DC0BC76B1D8B773000070CB0 /* cssm.cpp */, + DC0BC76C1D8B773000070CB0 /* cssmcontext.cpp */, + DC0BC76D1D8B773000070CB0 /* cssmcontext.h */, + DC0BC76E1D8B773000070CB0 /* cssmint.h */, + DC0BC76F1D8B773000070CB0 /* cssmmds.cpp */, + DC0BC7701D8B773000070CB0 /* cssmmds.h */, + DC0BC7711D8B773000070CB0 /* generator.cfg */, + DC0BC7731D8B773000070CB0 /* generator.pl */, + DC0BC7741D8B773000070CB0 /* guids.cpp */, + DC0BC7751D8B773000070CB0 /* manager.cpp */, + DC0BC7761D8B773000070CB0 /* manager.h */, + DC0BC7771D8B773000070CB0 /* modload_plugin.cpp */, + DC0BC7781D8B773000070CB0 /* modload_plugin.h */, + DC0BC7791D8B773000070CB0 /* modload_static.cpp */, + DC0BC77A1D8B773000070CB0 /* modload_static.h */, + DC0BC77B1D8B773000070CB0 /* modloader.cpp */, + DC0BC77C1D8B773000070CB0 /* modloader.h */, + DC0BC77D1D8B773000070CB0 /* module.cpp */, + DC0BC77E1D8B773000070CB0 /* module.h */, + DC0BC77F1D8B773000070CB0 /* oidsalg.c */, + DC0BC7801D8B773000070CB0 /* oidscert.cpp */, + DC0BC7811D8B773000070CB0 /* oidscrl.cpp */, + DC0BC7821D8B773000070CB0 /* transition.cpp */, + ); + name = lib; + path = OSX/libsecurity_cssm/lib; + sourceTree = ""; + }; + DC0BC8A01D8B7CEE00070CB0 /* filedb */ = { + isa = PBXGroup; + children = ( + DC0BC8B41D8B7CFF00070CB0 /* lib */, + ); + name = filedb; + sourceTree = ""; + }; + DC0BC8B41D8B7CFF00070CB0 /* lib */ = { + isa = PBXGroup; + children = ( + DC0BC8A11D8B7CFF00070CB0 /* OverUnderflowCheck.h */, + DC0BC8A21D8B7CFF00070CB0 /* AppleDatabase.cpp */, + DC0BC8A31D8B7CFF00070CB0 /* AppleDatabase.h */, + DC0BC8A41D8B7CFF00070CB0 /* AtomicFile.cpp */, + DC0BC8A51D8B7CFF00070CB0 /* AtomicFile.h */, + DC0BC8A61D8B7CFF00070CB0 /* DbIndex.cpp */, + DC0BC8A71D8B7CFF00070CB0 /* DbIndex.h */, + DC0BC8A81D8B7CFF00070CB0 /* DbQuery.cpp */, + DC0BC8A91D8B7CFF00070CB0 /* DbQuery.h */, + DC0BC8AA1D8B7CFF00070CB0 /* DbValue.cpp */, + DC0BC8AB1D8B7CFF00070CB0 /* DbValue.h */, + DC0BC8AC1D8B7CFF00070CB0 /* MetaAttribute.cpp */, + DC0BC8AD1D8B7CFF00070CB0 /* MetaAttribute.h */, + DC0BC8AE1D8B7CFF00070CB0 /* MetaRecord.cpp */, + DC0BC8AF1D8B7CFF00070CB0 /* MetaRecord.h */, + DC0BC8B01D8B7CFF00070CB0 /* ReadWriteSection.h */, + DC0BC8B11D8B7CFF00070CB0 /* SelectionPredicate.cpp */, + DC0BC8B21D8B7CFF00070CB0 /* SelectionPredicate.h */, + DC0BC8B31D8B7CFF00070CB0 /* ReadWriteSection.cpp */, + ); + name = lib; + path = OSX/libsecurity_filedb/lib; + sourceTree = ""; + }; + DC0BC8CB1D8B7D9600070CB0 /* manifest */ = { + isa = PBXGroup; + children = ( + DC0BC8E41D8B7DCF00070CB0 /* lib */, + DC1787241D778FDE00B50D50 /* SecManifest.h */, + DC1787251D778FDE00B50D50 /* SecureDownloadInternal.h */, + DC17853F1D778A4E00B50D50 /* SecureDownload.h */, + ); + name = manifest; + sourceTree = ""; + }; + DC0BC8E41D8B7DCF00070CB0 /* lib */ = { + isa = PBXGroup; + children = ( + DC0BC8D41D8B7DCF00070CB0 /* Download.cpp */, + DC0BC8D51D8B7DCF00070CB0 /* Download.h */, + DC0BC8D61D8B7DCF00070CB0 /* SecureDownload.cpp */, + DC0BC8D71D8B7DCF00070CB0 /* SecureDownload.h */, + DC0BC8D81D8B7DCF00070CB0 /* SecureDownloadInternal.c */, + DC0BC8D91D8B7DCF00070CB0 /* SecureDownloadInternal.h */, + DC0BC8DA1D8B7DCF00070CB0 /* AppleManifest.cpp */, + DC0BC8DB1D8B7DCF00070CB0 /* AppleManifest.h */, + DC0BC8DC1D8B7DCF00070CB0 /* ManifestInternal.cpp */, + DC0BC8DD1D8B7DCF00070CB0 /* ManifestInternal.h */, + DC0BC8DE1D8B7DCF00070CB0 /* ManifestSigner.cpp */, + DC0BC8DF1D8B7DCF00070CB0 /* ManifestSigner.h */, + DC0BC8E01D8B7DCF00070CB0 /* Manifest.cpp */, + DC0BC8E11D8B7DCF00070CB0 /* Manifest.h */, + DC0BC8E21D8B7DCF00070CB0 /* SecManifest.h */, + DC0BC8E31D8B7DCF00070CB0 /* SecManifest.cpp */, + ); + name = lib; + path = OSX/libsecurity_manifest; + sourceTree = ""; + }; + DC0BC9011D8B7E9300070CB0 /* mds */ = { + isa = PBXGroup; + children = ( + DC0BC9161D8B7EA700070CB0 /* lib */, + DC1787221D778FC900B50D50 /* mdspriv.h */, + DC17853A1D778A3100B50D50 /* mds_schema.h */, + DC17853B1D778A3100B50D50 /* mds.h */, + ); + name = mds; + sourceTree = ""; + }; + DC0BC9161D8B7EA700070CB0 /* lib */ = { + isa = PBXGroup; + children = ( + DC0BC9021D8B7EA700070CB0 /* mdsapi.cpp */, + DC0BC9031D8B7EA700070CB0 /* MDSAttrParser.cpp */, + DC0BC9041D8B7EA700070CB0 /* MDSAttrParser.h */, + DC0BC9051D8B7EA700070CB0 /* MDSAttrStrings.cpp */, + DC0BC9061D8B7EA700070CB0 /* MDSAttrStrings.h */, + DC0BC9071D8B7EA700070CB0 /* MDSAttrUtils.cpp */, + DC0BC9081D8B7EA700070CB0 /* MDSAttrUtils.h */, + DC0BC9091D8B7EA700070CB0 /* MDSDatabase.cpp */, + DC0BC90A1D8B7EA700070CB0 /* MDSDatabase.h */, + DC0BC90B1D8B7EA700070CB0 /* MDSDictionary.cpp */, + DC0BC90C1D8B7EA700070CB0 /* MDSDictionary.h */, + DC0BC90D1D8B7EA700070CB0 /* MDSModule.cpp */, + DC0BC90E1D8B7EA700070CB0 /* MDSModule.h */, + DC0BC90F1D8B7EA700070CB0 /* MDSSchema.cpp */, + DC0BC9101D8B7EA700070CB0 /* MDSSchema.h */, + DC0BC9111D8B7EA700070CB0 /* MDSSession.cpp */, + DC0BC9121D8B7EA700070CB0 /* MDSSession.h */, + DC0BC9131D8B7EA700070CB0 /* mds_schema.h */, + DC0BC9141D8B7EA700070CB0 /* mds.h */, + DC0BC9151D8B7EA700070CB0 /* mdspriv.h */, + ); + name = lib; + path = OSX/libsecurity_mds/lib; + sourceTree = ""; + }; + DC0BC9361D8B7F7E00070CB0 /* ocspd */ = { + isa = PBXGroup; + children = ( + DC0BC9411D8B7FA600070CB0 /* common */, + DC0BC94E1D8B7FE000070CB0 /* client */, + DC0BC9531D8B7FFE00070CB0 /* mig */, + DC0BC9571D8B7FFE00070CB0 /* derived_src */, + ); + name = ocspd; + sourceTree = ""; + }; + DC0BC9411D8B7FA600070CB0 /* common */ = { + isa = PBXGroup; + children = ( + DC0BC9371D8B7FA600070CB0 /* ocspdUtils.cpp */, + DC0BC9381D8B7FA600070CB0 /* ocspdUtils.h */, + DC0BC9391D8B7FA600070CB0 /* ocspdTypes.h */, + DC0BC93A1D8B7FA600070CB0 /* ocspdDebug.h */, + DC0BC93B1D8B7FA600070CB0 /* ocspdDbSchema.cpp */, + DC0BC93C1D8B7FA600070CB0 /* ocspdDbSchema.h */, + DC0BC93D1D8B7FA600070CB0 /* ocspExtensions.cpp */, + DC0BC93E1D8B7FA600070CB0 /* ocspExtensions.h */, + DC0BC93F1D8B7FA600070CB0 /* ocspResponse.cpp */, + DC0BC9401D8B7FA600070CB0 /* ocspResponse.h */, + ); + name = common; + path = OSX/libsecurity_ocspd/common; + sourceTree = ""; + }; + DC0BC94E1D8B7FE000070CB0 /* client */ = { + isa = PBXGroup; + children = ( + DC0BC94C1D8B7FE000070CB0 /* ocspdClient.cpp */, + DC0BC94D1D8B7FE000070CB0 /* ocspdClient.h */, + ); + name = client; + path = OSX/libsecurity_ocspd/client; + sourceTree = ""; + }; + DC0BC9531D8B7FFE00070CB0 /* mig */ = { + isa = PBXGroup; + children = ( + DC0BC9521D8B7FFE00070CB0 /* ocspd.defs */, + ); + name = mig; + path = OSX/libsecurity_ocspd/mig; + sourceTree = ""; + }; + DC0BC9571D8B7FFE00070CB0 /* derived_src */ = { + isa = PBXGroup; + children = ( + DC0BC9541D8B7FFE00070CB0 /* ocspd.h */, + DC0BC9551D8B7FFE00070CB0 /* ocspd_server.cpp */, + DC0BC9561D8B7FFE00070CB0 /* ocspd_client.cpp */, + ); + path = derived_src; + sourceTree = BUILT_PRODUCTS_DIR; + }; + DC0BC96E1D8B811E00070CB0 /* pkcs12 */ = { + isa = PBXGroup; + children = ( + DC0BC9831D8B813800070CB0 /* lib */, + ); + name = pkcs12; + sourceTree = ""; + }; + DC0BC9831D8B813800070CB0 /* lib */ = { + isa = PBXGroup; + children = ( + DC0BC96F1D8B813800070CB0 /* pkcs12BagAttrs.cpp */, + DC0BC9701D8B813800070CB0 /* pkcs12BagAttrs.h */, + DC0BC9711D8B813800070CB0 /* pkcs12Coder.cpp */, + DC0BC9721D8B813800070CB0 /* pkcs12Coder.h */, + DC0BC9731D8B813800070CB0 /* pkcs12Crypto.cpp */, + DC0BC9741D8B813800070CB0 /* pkcs12Crypto.h */, + DC0BC9751D8B813800070CB0 /* pkcs12Debug.h */, + DC0BC9761D8B813800070CB0 /* pkcs12Decode.cpp */, + DC0BC9771D8B813800070CB0 /* pkcs12Encode.cpp */, + DC0BC9781D8B813800070CB0 /* pkcs12Keychain.cpp */, + DC0BC9791D8B813800070CB0 /* pkcs12SafeBag.cpp */, + DC0BC97A1D8B813800070CB0 /* pkcs12SafeBag.h */, + DC0BC97B1D8B813800070CB0 /* pkcs12Templates.cpp */, + DC0BC97C1D8B813800070CB0 /* pkcs12Templates.h */, + DC0BC97D1D8B813800070CB0 /* pkcs12Utils.cpp */, + DC0BC97E1D8B813800070CB0 /* pkcs12Utils.h */, + DC0BC97F1D8B813800070CB0 /* pkcs7Templates.cpp */, + DC0BC9801D8B813800070CB0 /* pkcs7Templates.h */, + DC0BC9811D8B813800070CB0 /* SecPkcs12.cpp */, + DC0BC9821D8B813800070CB0 /* SecPkcs12.h */, + ); + name = lib; + path = OSX/libsecurity_pkcs12/lib; + sourceTree = ""; + }; + DC0BC9A21D8B81D400070CB0 /* sd_cspdl */ = { + isa = PBXGroup; + children = ( + DC0BC9B41D8B81EF00070CB0 /* lib */, + ); + name = sd_cspdl; + sourceTree = ""; + }; + DC0BC9B41D8B81EF00070CB0 /* lib */ = { + isa = PBXGroup; + children = ( + DC0BC9A31D8B81EF00070CB0 /* SDContext.cpp */, + DC0BC9A41D8B81EF00070CB0 /* SDContext.h */, + DC0BC9A51D8B81EF00070CB0 /* SDCSPDLBuiltin.cpp */, + DC0BC9A61D8B81EF00070CB0 /* SDCSPDLDatabase.cpp */, + DC0BC9A71D8B81EF00070CB0 /* SDCSPDLDatabase.h */, + DC0BC9A81D8B81EF00070CB0 /* SDCSPDLPlugin.cpp */, + DC0BC9A91D8B81EF00070CB0 /* SDCSPDLPlugin.h */, + DC0BC9AA1D8B81EF00070CB0 /* SDCSPDLSession.cpp */, + DC0BC9AB1D8B81EF00070CB0 /* SDCSPDLSession.h */, + DC0BC9AC1D8B81EF00070CB0 /* SDCSPSession.cpp */, + DC0BC9AD1D8B81EF00070CB0 /* SDCSPSession.h */, + DC0BC9AE1D8B81EF00070CB0 /* SDDLSession.cpp */, + DC0BC9AF1D8B81EF00070CB0 /* SDDLSession.h */, + DC0BC9B01D8B81EF00070CB0 /* SDFactory.cpp */, + DC0BC9B11D8B81EF00070CB0 /* SDFactory.h */, + DC0BC9B21D8B81EF00070CB0 /* SDKey.cpp */, + DC0BC9B31D8B81EF00070CB0 /* SDKey.h */, + ); + name = lib; + path = OSX/libsecurity_sd_cspdl/lib; + sourceTree = ""; + }; + DC0BC9D01D8B825900070CB0 /* ssl */ = { + isa = PBXGroup; + children = ( + DC1786FD1D778F5000B50D50 /* SecureTransportPriv.h */, + DC1786FB1D778F3C00B50D50 /* sslTypes.h */, + DC1785A31D778D0D00B50D50 /* CipherSuite.h */, + DC1785A41D778D0D00B50D50 /* SecureTransport.h */, + DC0BC9F51D8B827200070CB0 /* lib */, + DC0BCA481D8B82CD00070CB0 /* regressions */, + ); + name = ssl; + sourceTree = ""; + }; + DC0BC9D21D8B827200070CB0 /* Apple Custom */ = { + isa = PBXGroup; + children = ( + DC0BC9D11D8B827200070CB0 /* sslKeychain.c */, + ); + name = "Apple Custom"; + sourceTree = ""; + }; + DC0BC9DA1D8B827200070CB0 /* SSL Core */ = { + isa = PBXGroup; + children = ( + DC0BC9D31D8B827200070CB0 /* SSLRecordInternal.c */, + DC0BC9D41D8B827200070CB0 /* sslCipherSpecs.c */, + DC0BC9D51D8B827200070CB0 /* sslContext.c */, + DC0BC9D61D8B827200070CB0 /* sslRecord.c */, + DC0BC9D71D8B827200070CB0 /* sslTransport.c */, + DC0BC9D81D8B827200070CB0 /* tlsCallbacks.c */, + DC0BC9D91D8B827200070CB0 /* tlsCallbacks.h */, + ); + name = "SSL Core"; + sourceTree = ""; + }; + DC0BC9DD1D8B827200070CB0 /* Public Headers */ = { + isa = PBXGroup; + children = ( + DC0BC9DB1D8B827200070CB0 /* CipherSuite.h */, + DC0BC9DC1D8B827200070CB0 /* SecureTransport.h */, + ); + name = "Public Headers"; + path = ../Security; + sourceTree = ""; + }; + DC0BC9E01D8B827200070CB0 /* Private Headers */ = { + isa = PBXGroup; + children = ( + DC0BC9DE1D8B827200070CB0 /* sslTypes.h */, + DC0BC9DF1D8B827200070CB0 /* SecureTransportPriv.h */, + ); + name = "Private Headers"; + path = ../Security; + sourceTree = ""; + }; + DC0BC9EF1D8B827200070CB0 /* Project Headers */ = { + isa = PBXGroup; + children = ( + DC0BC9E11D8B827200070CB0 /* sslCipherSpecs.h */, + DC0BC9E21D8B827200070CB0 /* SSLRecordInternal.h */, + DC0BC9E31D8B827200070CB0 /* tls_record_internal.h */, + DC0BC9E41D8B827200070CB0 /* cipherSpecs.h */, + DC0BC9E51D8B827200070CB0 /* ssl.h */, + DC0BC9E61D8B827200070CB0 /* sslBuildFlags.h */, + DC0BC9E71D8B827200070CB0 /* sslContext.h */, + DC0BC9E81D8B827200070CB0 /* sslCrypto.h */, + DC0BC9E91D8B827200070CB0 /* sslDebug.h */, + DC0BC9EA1D8B827200070CB0 /* sslKeychain.h */, + DC0BC9EB1D8B827200070CB0 /* sslMemory.h */, + DC0BC9EC1D8B827200070CB0 /* sslPriv.h */, + DC0BC9ED1D8B827200070CB0 /* sslRecord.h */, + DC0BC9EE1D8B827200070CB0 /* sslUtils.h */, + ); + name = "Project Headers"; + sourceTree = ""; + }; + DC0BC9F11D8B827200070CB0 /* Crypto */ = { + isa = PBXGroup; + children = ( + DC0BC9F01D8B827200070CB0 /* sslCrypto.c */, + ); + name = Crypto; + sourceTree = ""; + }; + DC0BC9F41D8B827200070CB0 /* Misc. */ = { + isa = PBXGroup; + children = ( + DC0BC9F21D8B827200070CB0 /* sslMemory.c */, + DC0BC9F31D8B827200070CB0 /* sslUtils.c */, + ); + name = Misc.; + sourceTree = ""; + }; + DC0BC9F51D8B827200070CB0 /* lib */ = { + isa = PBXGroup; + children = ( + DC0BC9D21D8B827200070CB0 /* Apple Custom */, + DC0BC9DA1D8B827200070CB0 /* SSL Core */, + DC0BC9DD1D8B827200070CB0 /* Public Headers */, + DC0BC9E01D8B827200070CB0 /* Private Headers */, + DC0BC9EF1D8B827200070CB0 /* Project Headers */, + DC0BC9F11D8B827200070CB0 /* Crypto */, + DC0BC9F41D8B827200070CB0 /* Misc. */, + ); + name = lib; + path = OSX/libsecurity_ssl/lib; + sourceTree = ""; + }; + DC0BCA2F1D8B82CD00070CB0 /* test-certs */ = { + isa = PBXGroup; + children = ( + DC0BCA1B1D8B82CD00070CB0 /* CA-ECC_Cert.h */, + DC0BCA1C1D8B82CD00070CB0 /* CA-ECC_Key.h */, + DC0BCA1D1D8B82CD00070CB0 /* CA-RSA_Cert.h */, + DC0BCA1E1D8B82CD00070CB0 /* CA-RSA_Key.h */, + DC0BCA1F1D8B82CD00070CB0 /* ClientECC_Cert_CA-ECC.h */, + DC0BCA201D8B82CD00070CB0 /* ClientECC_Cert_CA-RSA.h */, + DC0BCA211D8B82CD00070CB0 /* ClientECC_Key.h */, + DC0BCA221D8B82CD00070CB0 /* ClientRSA_Cert_CA-ECC.h */, + DC0BCA231D8B82CD00070CB0 /* ClientRSA_Cert_CA-RSA.h */, + DC0BCA241D8B82CD00070CB0 /* ClientRSA_Key.h */, + DC0BCA251D8B82CD00070CB0 /* ServerECC_Cert_CA-ECC.h */, + DC0BCA261D8B82CD00070CB0 /* ServerECC_Cert_CA-RSA.h */, + DC0BCA271D8B82CD00070CB0 /* ServerECC_Key.h */, + DC0BCA281D8B82CD00070CB0 /* ServerRSA_Cert_CA-ECC.h */, + DC0BCA291D8B82CD00070CB0 /* ServerRSA_Cert_CA-RSA.h */, + DC0BCA2A1D8B82CD00070CB0 /* ServerRSA_Key.h */, + DC0BCA2B1D8B82CD00070CB0 /* Untrusted-CA-RSA_Cert.h */, + DC0BCA2C1D8B82CD00070CB0 /* Untrusted-CA-RSA_Key.h */, + DC0BCA2D1D8B82CD00070CB0 /* UntrustedClientRSA_Cert_Untrusted-CA-RSA.h */, + DC0BCA2E1D8B82CD00070CB0 /* UntrustedClientRSA_Key.h */, + ); + path = "test-certs"; + sourceTree = ""; + }; + DC0BCA481D8B82CD00070CB0 /* regressions */ = { + isa = PBXGroup; + children = ( + DC0BCA2F1D8B82CD00070CB0 /* test-certs */, + DC0BCA301D8B82CD00070CB0 /* cert-1.h */, + DC0BCA311D8B82CD00070CB0 /* identity-1.h */, + DC0BCA321D8B82CD00070CB0 /* privkey-1.h */, + DC0BCA331D8B82CD00070CB0 /* ssl-39-echo.c */, + DC0BCA341D8B82CD00070CB0 /* ssl-40-clientauth.c */, + DC0BCA351D8B82CD00070CB0 /* ssl-41-clientauth.c */, + DC0BCA361D8B82CD00070CB0 /* ssl-42-ciphers.c */, + DC0BCA371D8B82CD00070CB0 /* ssl-43-ciphers.c */, + DC0BCA381D8B82CD00070CB0 /* ssl-44-crashes.c */, + DC0BCA391D8B82CD00070CB0 /* ssl-45-tls12.c */, + DC0BCA3A1D8B82CD00070CB0 /* ssl-46-SSLGetSupportedCiphers.c */, + DC0BCA3B1D8B82CD00070CB0 /* ssl-47-falsestart.c */, + DC0BCA3C1D8B82CD00070CB0 /* ssl-48-split.c */, + DC0BCA3D1D8B82CD00070CB0 /* ssl-49-sni.c */, + DC0BCA3E1D8B82CD00070CB0 /* ssl-50-server.c */, + DC0BCA3F1D8B82CD00070CB0 /* ssl-51-state.c */, + DC0BCA401D8B82CD00070CB0 /* ssl-52-noconn.c */, + DC0BCA411D8B82CD00070CB0 /* ssl-53-clientauth.c */, + DC0BCA421D8B82CD00070CB0 /* ssl-54-dhe.c */, + DC0BCA431D8B82CD00070CB0 /* ssl-55-sessioncache.c */, + DC0BCA441D8B82CD00070CB0 /* ssl-56-renegotiate.c */, + DC0BCA451D8B82CD00070CB0 /* ssl-utils.c */, + DC0BCA461D8B82CD00070CB0 /* ssl-utils.h */, + DC0BCA471D8B82CD00070CB0 /* ssl_regressions.h */, + ); + name = regressions; + path = OSX/libsecurity_ssl/regressions; + sourceTree = ""; + }; + DC0BCA811D8B859D00070CB0 /* transform */ = { + isa = PBXGroup; + children = ( + DC0BCAC01D8B85BC00070CB0 /* lib */, + DC1786F51D778F2500B50D50 /* SecExternalSourceTransform.h */, + DC1786F61D778F2500B50D50 /* SecNullTransform.h */, + DC1786F71D778F2500B50D50 /* SecTransformInternal.h */, + DC1785271D778A0100B50D50 /* SecCustomTransform.h */, + DC1785281D778A0100B50D50 /* SecDecodeTransform.h */, + DC1785291D778A0100B50D50 /* SecDigestTransform.h */, + DC17852A1D778A0100B50D50 /* SecEncodeTransform.h */, + DC17852B1D778A0100B50D50 /* SecEncryptTransform.h */, + DC17852C1D778A0100B50D50 /* SecReadTransform.h */, + DC17852D1D778A0100B50D50 /* SecSignVerifyTransform.h */, + DC17852E1D778A0100B50D50 /* SecTransform.h */, + DC17852F1D778A0100B50D50 /* SecTransformReadTransform.h */, + ); + name = transform; + sourceTree = ""; + }; + DC0BCAC01D8B85BC00070CB0 /* lib */ = { + isa = PBXGroup; + children = ( + DC0BCA821D8B85BC00070CB0 /* SecMaskGenerationFunctionTransform.c */, + DC0BCA831D8B85BC00070CB0 /* SecMaskGenerationFunctionTransform.h */, + DC0BCA841D8B85BC00070CB0 /* SecReadTransform.h */, + DC0BCA851D8B85BC00070CB0 /* SecCollectTransform.cpp */, + DC0BCA861D8B85BC00070CB0 /* SecCollectTransform.h */, + DC0BCA871D8B85BC00070CB0 /* c++utils.h */, + DC0BCA881D8B85BC00070CB0 /* c++utils.cpp */, + DC0BCA891D8B85BC00070CB0 /* CoreFoundationBasics.cpp */, + DC0BCA8A1D8B85BC00070CB0 /* CoreFoundationBasics.h */, + DC0BCA8B1D8B85BC00070CB0 /* Digest.cpp */, + DC0BCA8C1D8B85BC00070CB0 /* Digest.h */, + DC0BCA8D1D8B85BC00070CB0 /* EncodeDecodeTransforms.c */, + DC0BCA8E1D8B85BC00070CB0 /* EncryptTransform.h */, + DC0BCA8F1D8B85BC00070CB0 /* EncryptTransform.cpp */, + DC0BCA901D8B85BC00070CB0 /* CEncryptDecrypt.c */, + DC0BCA911D8B85BC00070CB0 /* EncryptTransformUtilities.h */, + DC0BCA921D8B85BC00070CB0 /* EncryptTransformUtilities.cpp */, + DC0BCA931D8B85BC00070CB0 /* GroupTransform.cpp */, + DC0BCA941D8B85BC00070CB0 /* GroupTransform.h */, + DC0BCA951D8B85BC00070CB0 /* LinkedList.cpp */, + DC0BCA961D8B85BC00070CB0 /* LinkedList.h */, + DC0BCA971D8B85BC00070CB0 /* misc.c */, + DC0BCA981D8B85BC00070CB0 /* misc.h */, + DC0BCA991D8B85BC00070CB0 /* Monitor.cpp */, + DC0BCA9A1D8B85BC00070CB0 /* Monitor.h */, + DC0BCA9B1D8B85BC00070CB0 /* NullTransform.cpp */, + DC0BCA9C1D8B85BC00070CB0 /* NullTransform.h */, + DC0BCA9D1D8B85BC00070CB0 /* SecCustomTransform.h */, + DC0BCA9E1D8B85BC00070CB0 /* SecCustomTransform.cpp */, + DC0BCA9F1D8B85BC00070CB0 /* SecDecodeTransform.h */, + DC0BCAA01D8B85BC00070CB0 /* SecDigestTransform.cpp */, + DC0BCAA11D8B85BC00070CB0 /* SecDigestTransform.h */, + DC0BCAA21D8B85BC00070CB0 /* SecEncryptTransform.h */, + DC0BCAA31D8B85BC00070CB0 /* SecEncodeTransform.h */, + DC0BCAA41D8B85BC00070CB0 /* SecEncryptTransform.cpp */, + DC0BCAA51D8B85BC00070CB0 /* SecGroupTransform.cpp */, + DC0BCAA61D8B85BC00070CB0 /* SecGroupTransform.h */, + DC0BCAA71D8B85BC00070CB0 /* SecNullTransform.cpp */, + DC0BCAA81D8B85BC00070CB0 /* SecSignVerifyTransform.h */, + DC0BCAA91D8B85BC00070CB0 /* SecSignVerifyTransform.c */, + DC0BCAAA1D8B85BC00070CB0 /* SecNullTransform.h */, + DC0BCAAB1D8B85BC00070CB0 /* SecTransform.cpp */, + DC0BCAAC1D8B85BC00070CB0 /* SecTransform.h */, + DC0BCAAD1D8B85BC00070CB0 /* SecTransformInternal.h */, + DC0BCAAE1D8B85BC00070CB0 /* SingleShotSource.cpp */, + DC0BCAAF1D8B85BC00070CB0 /* SingleShotSource.h */, + DC0BCAB01D8B85BC00070CB0 /* Source.cpp */, + DC0BCAB11D8B85BC00070CB0 /* Source.h */, + DC0BCAB21D8B85BC00070CB0 /* StreamSource.cpp */, + DC0BCAB31D8B85BC00070CB0 /* StreamSource.h */, + DC0BCAB41D8B85BC00070CB0 /* Transform.cpp */, + DC0BCAB51D8B85BC00070CB0 /* Transform.h */, + DC0BCAB61D8B85BC00070CB0 /* TransformFactory.cpp */, + DC0BCAB71D8B85BC00070CB0 /* TransformFactory.h */, + DC0BCAB81D8B85BC00070CB0 /* Utilities.cpp */, + DC0BCAB91D8B85BC00070CB0 /* Utilities.h */, + DC0BCABA1D8B85BC00070CB0 /* SecExternalSourceTransform.h */, + DC0BCABB1D8B85BC00070CB0 /* SecExternalSourceTransform.cpp */, + DC0BCABC1D8B85BC00070CB0 /* SecTransformReadTransform.h */, + DC0BCABD1D8B85BC00070CB0 /* SecTransformReadTransform.cpp */, + DC0BCABE1D8B85BC00070CB0 /* SecTransformValidator.h */, + DC0BCABF1D8B85BC00070CB0 /* SecReadTransform.h */, + ); + name = lib; + path = OSX/libsecurity_transform/lib; + sourceTree = ""; + }; + DC0BCB091D8B896500070CB0 /* translocate */ = { + isa = PBXGroup; + children = ( + DC0BCB1C1D8B898100070CB0 /* lib */, + DC1786F31D778EF800B50D50 /* SecTranslocate.h */, + ); + name = translocate; + path = OSX/libsecurity_translocate; + sourceTree = ""; + }; + DC0BCB1C1D8B898100070CB0 /* lib */ = { + isa = PBXGroup; + children = ( + DC0BCB0A1D8B898100070CB0 /* SecTranslocateClient.cpp */, + DC0BCB0B1D8B898100070CB0 /* SecTranslocateClient.hpp */, + DC0BCB0C1D8B898100070CB0 /* SecTranslocateXPCServer.cpp */, + DC0BCB0D1D8B898100070CB0 /* SecTranslocateXPCServer.hpp */, + DC0BCB0E1D8B898100070CB0 /* SecTranslocateInterface.hpp */, + DC0BCB0F1D8B898100070CB0 /* SecTranslocateDANotification.cpp */, + DC0BCB101D8B898100070CB0 /* SecTranslocateDANotification.hpp */, + DC0BCB111D8B898100070CB0 /* SecTranslocateLSNotification.cpp */, + DC0BCB121D8B898100070CB0 /* SecTranslocateLSNotification.hpp */, + DC0BCB131D8B898100070CB0 /* SecTranslocateShared.hpp */, + DC0BCB141D8B898100070CB0 /* SecTranslocateShared.cpp */, + DC0BCB151D8B898100070CB0 /* SecTranslocateServer.cpp */, + DC0BCB161D8B898100070CB0 /* SecTranslocateServer.hpp */, + DC0BCB171D8B898100070CB0 /* SecTranslocate.h */, + DC0BCB181D8B898100070CB0 /* SecTranslocate.cpp */, + DC0BCB191D8B898100070CB0 /* SecTranslocateUtilities.cpp */, + DC0BCB1A1D8B898100070CB0 /* SecTranslocateUtilities.hpp */, + DC0BCB1B1D8B898100070CB0 /* SecTranslocateInterface.cpp */, + ); + path = lib; + sourceTree = ""; + }; + DC0BCBD81D8C646700070CB0 /* regressionBase */ = { + isa = PBXGroup; + children = ( + DC0BCBFE1D8C64B500070CB0 /* test-00-test.c */, + DC0BCBFF1D8C64B500070CB0 /* test_regressions.h */, + DC0BCC001D8C64B500070CB0 /* testlist_begin.h */, + DC0BCC011D8C64B500070CB0 /* testlist_end.h */, + DC0BCC021D8C64B500070CB0 /* testcpp.h */, + DC0BCC031D8C64B500070CB0 /* testenv.m */, + DC0BCC041D8C64B500070CB0 /* testenv.h */, + DC0BCC051D8C64B500070CB0 /* testmore.c */, + DC0BCC061D8C64B500070CB0 /* testmore.h */, + DC0BCC071D8C64B500070CB0 /* testcert.c */, + DC0BCC081D8C64B500070CB0 /* testcert.h */, + DC0BCC091D8C64B500070CB0 /* testpolicy.h */, + DC0BCC0A1D8C64B500070CB0 /* testpolicy.m */, + ); + name = regressionBase; + sourceTree = ""; + }; + DC0BCC371D8C689C00070CB0 /* utilities */ = { + isa = PBXGroup; + children = ( + DC0BCDB31D8C6A4A00070CB0 /* SecurityTool */, + DC0BCC391D8C68CF00070CB0 /* SecMeta.h */, + DC0BCC3A1D8C68CF00070CB0 /* iCloudKeychainTrace.c */, + DC0BCC3B1D8C68CF00070CB0 /* iCloudKeychainTrace.h */, + DC0BCC3C1D8C68CF00070CB0 /* SecAKSWrappers.c */, + DC0BCC3D1D8C68CF00070CB0 /* SecAKSWrappers.h */, + DC0BCC3E1D8C68CF00070CB0 /* SecBuffer.c */, + DC0BCC3F1D8C68CF00070CB0 /* SecBuffer.h */, + DC0BCC401D8C68CF00070CB0 /* SecCoreCrypto.c */, + DC0BCC411D8C68CF00070CB0 /* SecCoreCrypto.h */, + DC0BCC421D8C68CF00070CB0 /* SecCertificateTrace.c */, + DC0BCC431D8C68CF00070CB0 /* SecCertificateTrace.h */, + DC0BCC441D8C68CF00070CB0 /* SecCFCCWrappers.c */, + DC0BCC451D8C68CF00070CB0 /* SecCFCCWrappers.h */, + DC0BCC461D8C68CF00070CB0 /* SecCFRelease.h */, + DC0BCC471D8C68CF00070CB0 /* SecCFWrappers.c */, + DC0BCC481D8C68CF00070CB0 /* SecCFWrappers.h */, + DC0BCC491D8C68CF00070CB0 /* SecCFError.c */, + DC0BCC4A1D8C68CF00070CB0 /* SecCFError.h */, + DC0BCC4B1D8C68CF00070CB0 /* SecDispatchRelease.h */, + DC0BCC4C1D8C68CF00070CB0 /* SecIOFormat.h */, + DC0BCC4D1D8C68CF00070CB0 /* SecTrace.c */, + DC0BCC4E1D8C68CF00070CB0 /* SecTrace.h */, + DC0BCC4F1D8C68CF00070CB0 /* array_size.h */, + DC0BCC521D8C68CF00070CB0 /* debugging.c */, + DC0BCC531D8C68CF00070CB0 /* debugging.h */, + DC0BCC541D8C68CF00070CB0 /* debugging_test.h */, + DC0BCC551D8C68CF00070CB0 /* der_array.c */, + DC0BCC561D8C68CF00070CB0 /* der_boolean.c */, + DC0BCC571D8C68CF00070CB0 /* der_null.c */, + DC0BCC581D8C68CF00070CB0 /* der_data.c */, + DC0BCC591D8C68CF00070CB0 /* der_date.c */, + DC0BCC5A1D8C68CF00070CB0 /* der_date.h */, + DC0BCC5B1D8C68CF00070CB0 /* der_dictionary.c */, + DC0BCC5C1D8C68CF00070CB0 /* der_number.c */, + DC0BCC5D1D8C68CF00070CB0 /* der_plist.c */, + 524492931AFD6D480043695A /* der_plist.h */, + DC0BCC5F1D8C68CF00070CB0 /* der_plist_internal.c */, + DC0BCC601D8C68CF00070CB0 /* der_plist_internal.h */, + DC0BCC611D8C68CF00070CB0 /* der_set.c */, + DC0BCC621D8C68CF00070CB0 /* der_set.h */, + DC0BCC631D8C68CF00070CB0 /* der_string.c */, + DC0BCC641D8C68CF00070CB0 /* fileIo.c */, + DC0BCC651D8C68CF00070CB0 /* fileIo.h */, + DC0BCC661D8C68CF00070CB0 /* sqlutils.h */, + DC0BCC671D8C68CF00070CB0 /* iOSforOSX.h */, + DC0BCC681D8C68CF00070CB0 /* iOSforOSX.c */, + DC0BCC691D8C68CF00070CB0 /* iOSforOSX-SecAttr.c */, + DC0BCC6A1D8C68CF00070CB0 /* iOSforOSX-SecRandom.c */, + E7C787301DD0FED50087FC34 /* NSURL+SOSPlistStore.h */, + E7C787311DD0FED50087FC34 /* NSURL+SOSPlistStore.m */, + DC0BCC6B1D8C68CF00070CB0 /* SecDb.c */, + DC0BCC6C1D8C68CF00070CB0 /* SecDb.h */, + DC0BCC6D1D8C68CF00070CB0 /* SecFileLocations.c */, + DC0BCC6E1D8C68CF00070CB0 /* SecFileLocations.h */, + DC0BCC6F1D8C68CF00070CB0 /* SecXPCError.h */, + DC0BCC701D8C68CF00070CB0 /* SecXPCError.c */, + DC0BCC711D8C68CF00070CB0 /* simulate_crash.c */, + DC0BCC721D8C68CF00070CB0 /* SecSCTUtils.h */, + DC0BCC731D8C68CF00070CB0 /* SecSCTUtils.c */, + DC0BCC741D8C68CF00070CB0 /* SecAppleAnchor.c */, + DC0BCC751D8C68CF00070CB0 /* SecAppleAnchorPriv.h */, + DC0BCC761D8C68CF00070CB0 /* SecInternalRelease.c */, + DC0BCC771D8C68CF00070CB0 /* SecInternalReleasePriv.h */, + EBF3749A1DC064200065D840 /* SecADWrapper.c */, + EBF3749B1DC064200065D840 /* SecADWrapper.h */, + ); + name = utilities; + path = OSX/utilities; + sourceTree = ""; + }; + DC0BCC381D8C68A600070CB0 /* src */ = { + isa = PBXGroup; + children = ( + DCC78E281D8085FC00865A7C /* AppleBaselineEscrowCertificates.h */, + DCC78E301D8085FC00865A7C /* SecAccessControl.c */, + 443381D918A3D81400215606 /* SecAccessControl.h */, + 443381DA18A3D81400215606 /* SecAccessControlPriv.h */, + DCC78E351D8085FC00865A7C /* SecBase64.c */, + 18351B8F14CB65870097860E /* SecBase64.h */, + DCC78E401D8085FC00865A7C /* SecCFAllocator.c */, + D47F514B1C3B812500A7CEFE /* SecCFAllocator.h */, + DCC78E421D8085FC00865A7C /* SecCMS.c */, + 79BDD3C00D60DB84000D84D3 /* SecCMS.h */, + DCC78E441D8085FC00865A7C /* SecCTKKey.c */, + DCC78E451D8085FC00865A7C /* SecCTKKeyPriv.h */, + DCC78E381D8085FC00865A7C /* SecCertificate.c */, + 4CEF4CA70C5551FE00062475 /* SecCertificateInternal.h */, + DCC78E3B1D8085FC00865A7C /* SecCertificatePath.c */, + 4CF41D0A0BBB4022005F3248 /* SecCertificatePath.h */, + DCC78E3E1D8085FC00865A7C /* SecCertificateRequest.c */, + DCC78E461D8085FC00865A7C /* SecDH.c */, + 7940D4110C3ACF9000FDB5D8 /* SecDH.h */, + DCC78E481D8085FC00865A7C /* SecDigest.c */, + DCC78E491D8085FC00865A7C /* SecECKey.c */, + 4CD3BA601106FF4D00BE8B75 /* SecECKey.h */, + 78F92F10195128D70023B54B /* SecECKeyPriv.h */, + DCC78E4C1D8085FC00865A7C /* SecEMCS.m */, + EB69AB091BF4347700913AF1 /* SecEMCSPriv.h */, + DCC78E4F1D8085FC00865A7C /* SecFramework.c */, + 4C0B906C0ACCBD240077CD03 /* SecFramework.h */, + 4C8E99C20FC601D50072EB4C /* SecFrameworkStrings.h */, + DCC78E521D8085FC00865A7C /* SecIdentity.c */, + DCC78E551D8085FC00865A7C /* SecImportExport.c */, + DCC78E581D8085FC00865A7C /* SecItem.c */, + DCC78E5A1D8085FC00865A7C /* SecItemBackup.c */, + 4CE7EA561AEAE8D60067F5BD /* SecItemBackup.h */, + DCC78E5C1D8085FC00865A7C /* SecItemConstants.c */, + 4CEDF7370F3A6CFB0027C4FE /* SecItemInternal.h */, + DCC78E5F1D8085FC00865A7C /* SecItemShim.h */, + DCC78E601D8085FC00865A7C /* SecKey.c */, + DCC78E621D8085FC00865A7C /* SecKeyAdaptors.c */, + 4C04A90811924BBC0020550C /* SecKeyInternal.h */, + DCC78E651D8085FC00865A7C /* SecLogging.c */, + DCC78E661D8085FC00865A7C /* SecLogging.h */, + 4AF7FFF315AFB73800B9D400 /* SecOTR.h */, + DCC78E691D8085FC00865A7C /* SecOTRDHKey.c */, + 4AF7FFF415AFB73800B9D400 /* SecOTRDHKey.h */, + 4AF7FFF515AFB73800B9D400 /* SecOTRErrors.h */, + DCC78E6C1D8085FC00865A7C /* SecOTRFullIdentity.c */, + 4AF7FFF615AFB73800B9D400 /* SecOTRIdentityPriv.h */, + DCC78E6E1D8085FC00865A7C /* SecOTRMath.c */, + 4AF7FFF715AFB73800B9D400 /* SecOTRMath.h */, + DCC78E701D8085FC00865A7C /* SecOTRPacketData.c */, + 4AF7FFF915AFB73800B9D400 /* SecOTRPacketData.h */, + DCC78E721D8085FC00865A7C /* SecOTRPackets.c */, + 4AF7FFFA15AFB73800B9D400 /* SecOTRPackets.h */, + DCC78E741D8085FC00865A7C /* SecOTRPublicIdentity.c */, + DCC78E751D8085FC00865A7C /* SecOTRSession.c */, + 4AF7FFFB15AFB73800B9D400 /* SecOTRSession.h */, + DCC78E771D8085FC00865A7C /* SecOTRSessionAKE.c */, + 4AF7FFFC15AFB73800B9D400 /* SecOTRSessionPriv.h */, + DCC78E791D8085FC00865A7C /* SecOTRUtils.c */, + DCC78E671D8085FC00865A7C /* SecOnOSX.h */, + DCC78E7C1D8085FC00865A7C /* SecPBKDF.c */, + 8ED6F6C8110904E300D2B368 /* SecPBKDF.h */, + DCC78E7A1D8085FC00865A7C /* SecPasswordGenerate.c */, + CDDE9BC31729AB910013B0E8 /* SecPasswordGenerate.h */, + DCC78E7E1D8085FC00865A7C /* SecPolicy.c */, + DCC78E811D8085FC00865A7C /* SecPolicyCerts.h */, + 4CFBF5F10D5A92E100969BBE /* SecPolicyInternal.h */, + DCC78E7F1D8085FC00865A7C /* SecPolicyLeafCallbacks.c */, + DCC78E851D8085FC00865A7C /* SecRSAKey.c */, + 4C7073C80ACB2BAD007CC205 /* SecRSAKey.h */, + 4C9A19890B95118F000A1399 /* SecRSAKeyPriv.h */, + DCC78E881D8085FC00865A7C /* SecSCEP.c */, + 4C7416020F1D71A2008E0E4D /* SecSCEP.h */, + DCC78E8A1D8085FC00865A7C /* SecServerEncryptionSupport.c */, + E7676DB519411DF300498DD4 /* SecServerEncryptionSupport.h */, + DCC78E8C1D8085FC00865A7C /* SecSharedCredential.c */, + BE061FE01899ECEE00C739F6 /* SecSharedCredential.h */, + DCC78E8E1D8085FC00865A7C /* SecSignatureVerificationSupport.c */, + DCC78E8F1D8085FC00865A7C /* SecSignatureVerificationSupport.h */, + DCC78E901D8085FC00865A7C /* SecTrust.c */, + DCC78E921D8085FC00865A7C /* SecTrustInternal.h */, + DCC78E971D8085FC00865A7C /* SecTrustStore.c */, + 4C1B442C0BB9CAF900461B82 /* SecTrustStore.h */, + EB6928BE1D9C9C5900062A18 /* SecRecoveryKey.h */, + EB6928BF1D9C9C5900062A18 /* SecRecoveryKey.m */, + DCC78E9A1D8085FC00865A7C /* SecuritydXPC.c */, + DCC78E9B1D8085FC00865A7C /* SecuritydXPC.h */, + DCC78E2A1D8085FC00865A7C /* p12import.c */, + 79EF5B720D3D6AFE009F5270 /* p12import.h */, + DCC78E2C1D8085FC00865A7C /* p12pbegen.c */, + 795CA9CC0D38435E00BAE6A2 /* p12pbegen.h */, + DCC78E2E1D8085FC00865A7C /* pbkdf2.c */, + 8E02FA691107BE460043545E /* pbkdf2.h */, + DCC78E9C1D8085FC00865A7C /* vmdh.c */, + 4C7391770B01745000C4CBFA /* vmdh.h */, + ); + name = src; + sourceTree = ""; + }; + DC0BCCB81D8C68F000070CB0 /* utilitiesRegressions */ = { + isa = PBXGroup; + children = ( + DC0BCD571D8C697100070CB0 /* Regressions */, + ); + name = utilitiesRegressions; + sourceTree = ""; + }; + DC0BCD571D8C697100070CB0 /* Regressions */ = { + isa = PBXGroup; + children = ( + DC0BCD491D8C697100070CB0 /* utilities_regressions.h */, + DC0BCD4A1D8C697100070CB0 /* su-05-cfwrappers.c */, + DC0BCD4B1D8C697100070CB0 /* su-07-debugging.c */, + DC0BCD4C1D8C697100070CB0 /* su-08-secbuffer.c */, + DC0BCD4D1D8C697100070CB0 /* su-10-cfstring-der.c */, + DC0BCD4E1D8C697100070CB0 /* su-11-cfdata-der.c */, + DC0BCD4F1D8C697100070CB0 /* su-12-cfboolean-der.c */, + DC0BCD501D8C697100070CB0 /* su-13-cfnumber-der.c */, + DC0BCD511D8C697100070CB0 /* su-14-cfarray-der.c */, + DC0BCD521D8C697100070CB0 /* su-15-cfdictionary-der.c */, + DC0BCD531D8C697100070CB0 /* su-17-cfset-der.c */, + DC0BCD541D8C697100070CB0 /* su-16-cfdate-der.c */, + DC0BCD551D8C697100070CB0 /* su-40-secdb.c */, + DC0BCD561D8C697100070CB0 /* su-41-secdb-stress.c */, + ); + name = Regressions; + path = OSX/utilities/Regressions; + sourceTree = ""; + }; + DC0BCDB31D8C6A4A00070CB0 /* SecurityTool */ = { + isa = PBXGroup; + children = ( + DC65E7BE1D8CBB1500152EF0 /* readline.c */, + DC65E7BF1D8CBB1500152EF0 /* readline.h */, + DC0BCDB41D8C6A5B00070CB0 /* not_on_this_platorm.c */, + ); + name = SecurityTool; + path = ../sec/Security; + sourceTree = ""; + }; + DC1002C41D8E19D70025549C /* Products */ = { + isa = PBXGroup; + children = ( + DC1002C91D8E19D70025549C /* libsecurity_cms.a */, + DC1002CB1D8E19D70025549C /* libsecurity_cms_regressions.a */, + ); + name = Products; + sourceTree = ""; + }; + DC1002CC1D8E19F20025549C /* Products */ = { + isa = PBXGroup; + children = ( + DC1002D31D8E19F20025549C /* security_smime */, + DC1002D51D8E19F20025549C /* security_smime.framework */, + DC1002D71D8E19F20025549C /* libCMS.a */, + ); + name = Products; + sourceTree = ""; + }; + DC1784431D77869A00B50D50 /* Products */ = { + isa = PBXGroup; + children = ( + DC1784491D77869A00B50D50 /* libsecurity_smime.a */, + DC17844B1D77869A00B50D50 /* libsecurity_smime_regressions.a */, + ); + name = Products; + sourceTree = ""; + }; + DC1785101D77892600B50D50 /* headers */ = { + isa = PBXGroup; + children = ( + DC1787611D77911D00B50D50 /* asn1Templates.h */, + DC1787621D77911D00B50D50 /* certExtensionTemplates.h */, + DC1787631D77911D00B50D50 /* csrTemplates.h */, + DC1787641D77911D00B50D50 /* keyTemplates.h */, + DC1787651D77911D00B50D50 /* nameTemplates.h */, + DC1787661D77911D00B50D50 /* ocspTemplates.h */, + DC1787671D77911D00B50D50 /* osKeyTemplates.h */, + DC1787681D77911D00B50D50 /* secasn1t.h */, + DC1787691D77911D00B50D50 /* X509Templates.h */, + DC1785111D77895A00B50D50 /* oidsalg.h */, + DC1785121D77895A00B50D50 /* oidsattr.h */, + DC1785131D77895A00B50D50 /* SecAsn1Coder.h */, + DC1785141D77895A00B50D50 /* SecAsn1Templates.h */, + DC1785151D77895A00B50D50 /* SecAsn1Types.h */, + ); + name = headers; + sourceTree = ""; + }; + DC17858D1D778B8E00B50D50 /* libsecurity_cms_headers */ = { + isa = PBXGroup; + children = ( + DC1787581D7790B600B50D50 /* CMSPrivate.h */, + DC17858E1D778B9D00B50D50 /* CMSDecoder.h */, + DC17858F1D778B9D00B50D50 /* CMSEncoder.h */, + ); + name = libsecurity_cms_headers; + sourceTree = ""; + }; + DC1786FF1D778F7800B50D50 /* libsecurity_smime_headers */ = { + isa = PBXGroup; + children = ( + E7C4D03512F9EB210022E067 /* iOS */, + DC3C7ABB1D838D1100F6A832 /* macOS */, + ); + name = libsecurity_smime_headers; + sourceTree = ""; + }; + DC17899F1D779DD600B50D50 /* SecBreadcrumb */ = { + isa = PBXGroup; + children = ( + DC1787731D77915500B50D50 /* SecBreadcrumb.h */, + DC1789A01D779DEE00B50D50 /* SecBreadcrumb.c */, + DC24B5701DA3274000330B48 /* breadcrumb_regressions.h */, + DCE4E6D41D7A41E400AFB96E /* bc-10-knife-on-bread.m */, + ); + name = SecBreadcrumb; + sourceTree = ""; + }; + DC1789A31D779E2400B50D50 /* Security.framework macOS */ = { + isa = PBXGroup; + children = ( + DC17899F1D779DD600B50D50 /* SecBreadcrumb */, + DCF783091D88B4B500E694BB /* apple_csp */, + DCF785E61D88B96800E694BB /* apple_cspdl */, + DCF787341D88C84300E694BB /* apple_file_dl */, + DCF7884F1D88CA8D00E694BB /* apple_x509_cl */, + DCF788AA1D88CD0C00E694BB /* apple_x509_tp */, + DCB340651D8A24CC0054D16E /* authorization */, + DCB3408D1D8A262D0054D16E /* cdsa_client */, + DCB3412F1D8A29F70054D16E /* cdsa_plugin */, + DCB3417A1D8A2B7A0054D16E /* cdsa_utilities */, + DC0BC5841D8B70D100070CB0 /* cdsa_utils */, + DC0BC5B81D8B721900070CB0 /* checkpw */, + DCD067621D8CDE9B007602F1 /* codesigning */, + DC0BC5EA1D8B743F00070CB0 /* comcryption */, + DC0BC6001D8B754000070CB0 /* cryptkit */, + DC0BC7441D8B76E500070CB0 /* cssm */, + DC0BC8A01D8B7CEE00070CB0 /* filedb */, + DCB342391D8A32740054D16E /* keychain */, + DC0BC8CB1D8B7D9600070CB0 /* manifest */, + DC0BC9011D8B7E9300070CB0 /* mds */, + DC0BC9361D8B7F7E00070CB0 /* ocspd */, + DC0BC96E1D8B811E00070CB0 /* pkcs12 */, + DC0BC9A21D8B81D400070CB0 /* sd_cspdl */, + DC0BC9D01D8B825900070CB0 /* ssl */, + DC0BCA811D8B859D00070CB0 /* transform */, + DC0BCB091D8B896500070CB0 /* translocate */, + DCD06AA81D8E0D3D007602F1 /* utilities */, + DC1784421D77869A00B50D50 /* libsecurity_smime.xcodeproj */, + DC1786FF1D778F7800B50D50 /* libsecurity_smime_headers */, + DC1784AE1D7786C700B50D50 /* libsecurity_cms.xcodeproj */, + DC17858D1D778B8E00B50D50 /* libsecurity_cms_headers */, + DC58C4401D77BF6D003C25A4 /* config */, + DC1789A81D77A06800B50D50 /* Resources */, + DC1789A41D779E3B00B50D50 /* dummy.cpp */, + DC24B5801DA3286D00330B48 /* Security.order */, + ); + name = "Security.framework macOS"; + sourceTree = ""; + }; + DC1789A81D77A06800B50D50 /* Resources */ = { + isa = PBXGroup; + children = ( + DC178A301D77A1F500B50D50 /* iToolsTrustedApps.plist */, + DC178A311D77A1F500B50D50 /* FDEPrefs.plist */, + DC178A321D77A1F500B50D50 /* SecDebugErrorMessages.strings */, + DC178A331D77A1F500B50D50 /* SecErrorMessages.strings */, + DC178A351D77A1F500B50D50 /* framework.sb */, + DC178A381D77A1F500B50D50 /* InfoPlist.strings */, + DC178A3A1D77A1F500B50D50 /* TimeStampingPrefs.plist */, + DC178A3B1D77A1F500B50D50 /* authorization.dfr.prompts-BBBAA77A32-C4EBFEA440.strings */, + DC178A3D1D77A1F500B50D50 /* authorization.buttons.strings */, + DC178A3F1D77A1F500B50D50 /* authorization.prompts.strings */, + DC1789A91D77A06C00B50D50 /* mds */, + ); + name = Resources; + sourceTree = ""; + }; + DC1789A91D77A06C00B50D50 /* mds */ = { + isa = PBXGroup; + children = ( + DC178A0E1D77A1E700B50D50 /* cssm.mdsinfo */, + DC178A0F1D77A1E700B50D50 /* csp_capabilities.mdsinfo */, + DC178A101D77A1E700B50D50 /* csp_capabilities_common.mds */, + DC178A111D77A1E700B50D50 /* csp_common.mdsinfo */, + DC178A121D77A1E700B50D50 /* csp_primary.mdsinfo */, + DC178A131D77A1E700B50D50 /* cspdl_common.mdsinfo */, + DC178A141D77A1E700B50D50 /* cspdl_csp_capabilities.mdsinfo */, + DC178A151D77A1E700B50D50 /* cspdl_csp_primary.mdsinfo */, + DC178A161D77A1E700B50D50 /* cspdl_dl_primary.mdsinfo */, + DC178A171D77A1E700B50D50 /* dl_common.mdsinfo */, + DC178A181D77A1E700B50D50 /* dl_primary.mdsinfo */, + DC178A191D77A1E700B50D50 /* cl_common.mdsinfo */, + DC178A1A1D77A1E700B50D50 /* cl_primary.mdsinfo */, + DC178A1B1D77A1E700B50D50 /* tp_common.mdsinfo */, + DC178A1C1D77A1E700B50D50 /* tp_policyOids.mdsinfo */, + DC178A1D1D77A1E700B50D50 /* tp_primary.mdsinfo */, + DC178A1E1D77A1E700B50D50 /* sd_cspdl_common.mdsinfo */, + ); + name = mds; + sourceTree = ""; + }; + DC3A4B5E1D91EAA500E46D4A /* CodeSigningHelper */ = { + isa = PBXGroup; + children = ( + DC3A4B5F1D91EAC500E46D4A /* CodeSigningHelper-Info.plist */, + DC3A4B601D91EAC500E46D4A /* com.apple.CodeSigningHelper.sb */, + DC3A4B621D91EAC500E46D4A /* main.cpp */, + ); + path = CodeSigningHelper; + sourceTree = ""; + }; + DC3C7ABB1D838D1100F6A832 /* macOS */ = { + isa = PBXGroup; + children = ( + DC1787001D778FA900B50D50 /* SecCMS.h */, + DC1787011D778FA900B50D50 /* SecCmsBase.h */, + DC1787021D778FA900B50D50 /* SecCmsContentInfo.h */, + DC1787031D778FA900B50D50 /* SecCmsDecoder.h */, + DC1787041D778FA900B50D50 /* SecCmsDigestContext.h */, + DC1787051D778FA900B50D50 /* SecCmsDigestedData.h */, + DC1787061D778FA900B50D50 /* SecCmsEncoder.h */, + DC1787071D778FA900B50D50 /* SecCmsEncryptedData.h */, + DC1787081D778FA900B50D50 /* SecCmsEnvelopedData.h */, + DC1787091D778FA900B50D50 /* SecCmsMessage.h */, + DC17870A1D778FA900B50D50 /* SecCmsRecipientInfo.h */, + DC17870B1D778FA900B50D50 /* SecCmsSignedData.h */, + DC17870C1D778FA900B50D50 /* SecCmsSignerInfo.h */, + DC17870D1D778FA900B50D50 /* SecSMIME.h */, + DC17870E1D778FA900B50D50 /* tsaSupport.h */, + DC17870F1D778FA900B50D50 /* tsaSupportPriv.h */, + DC1787101D778FA900B50D50 /* tsaTemplates.h */, + ); + name = macOS; + path = OSX/libsecurity_smime/lib; + sourceTree = ""; + }; + DC52EA9B1D80CC2A00B0A59C /* SecurityTool iOS */ = { + isa = PBXGroup; + children = ( + DCC78E211D8085FC00865A7C /* keychain_backup.c */, + DC52EA8E1D80CC2A00B0A59C /* builtin_commands.h */, + DC52EA8F1D80CC2A00B0A59C /* digest_calc.c */, + DC52EA901D80CC2A00B0A59C /* entitlements.plist */, + DC52EA911D80CC2A00B0A59C /* whoami.m */, + DC52EA921D80CC2A00B0A59C /* syncbubble.m */, + DC52EA931D80CC2A00B0A59C /* leaks.c */, + DC52EA941D80CC2A00B0A59C /* leaks.h */, + DC52EA951D80CC2A00B0A59C /* print_cert.c */, + DC52EA961D80CC2A00B0A59C /* print_cert.h */, + DC52EA971D80CC2A00B0A59C /* security.1 */, + DC52EA981D80CC2A00B0A59C /* SecurityTool.c */, + DC52EA991D80CC2A00B0A59C /* SecurityTool.h */, + DC52EA9A1D80CC2A00B0A59C /* tool_errors.h */, + ); + name = "SecurityTool iOS"; + path = OSX/sec/SecurityTool; + sourceTree = ""; + }; + DC58C4391D77BEA1003C25A4 /* csparser */ = { + isa = PBXGroup; + children = ( + DC58C43A1D77BED0003C25A4 /* csparser-Info.plist */, + DC58C43B1D77BED0003C25A4 /* csparser.cpp */, + DC58C43C1D77BED0003C25A4 /* csparser.exp */, + ); + name = csparser; + sourceTree = ""; + }; + DC58C4401D77BF6D003C25A4 /* config */ = { + isa = PBXGroup; + children = ( + DC24B5831DA422BE00330B48 /* base.xcconfig */, + DC178BB11D77A5F500B50D50 /* security_framework_macos.xcconfig */, + DC58C4411D77BFA4003C25A4 /* security_macos.xcconfig */, + ); + name = config; + sourceTree = ""; + }; + DC59E9AA1D91C9BE001BDDF5 /* Security.framework (Shared) */ = { + isa = PBXGroup; + children = ( + E7450BB216D42BD4009C07B8 /* Headers */, + DC59E9AB1D91C9CE001BDDF5 /* DER */, + DC8834001D8A217200CE0ACA /* ASN1 */, + DC0BCC371D8C689C00070CB0 /* utilities */, + DCC0800D1CFF7903005C35C8 /* CSSMOID.exp-in */, + 4CB7405F0A47498100D641BB /* Security.exp-in */, + ); + name = "Security.framework (Shared)"; + sourceTree = ""; + }; + DC59E9AB1D91C9CE001BDDF5 /* DER */ = { + isa = PBXGroup; + children = ( + DC59E9FD1D91CA0A001BDDF5 /* libDER */, + DC59EA2C1D91CA2C001BDDF5 /* libDERUtils */, + ); + name = DER; + sourceTree = ""; + }; + DC59E9FD1D91CA0A001BDDF5 /* libDER */ = { + isa = PBXGroup; + children = ( + DC59E9ED1D91CA0A001BDDF5 /* DER_Keys.c */, + DC59E9EE1D91CA0A001BDDF5 /* DER_Keys.h */, + DC59E9EF1D91CA0A001BDDF5 /* asn1Types.h */, + DC59E9F01D91CA0A001BDDF5 /* DER_CertCrl.c */, + DC59E9F11D91CA0A001BDDF5 /* DER_CertCrl.h */, + DC59E9F21D91CA0A001BDDF5 /* DER_Decode.c */, + DC59E9F31D91CA0A001BDDF5 /* DER_Decode.h */, + DC59E9F41D91CA0A001BDDF5 /* DER_Encode.c */, + DC59E9F51D91CA0A001BDDF5 /* DER_Encode.h */, + DC59E9F61D91CA0A001BDDF5 /* libDER_config.h */, + DC59E9F71D91CA0A001BDDF5 /* libDER.h */, + DC59E9F81D91CA0A001BDDF5 /* DER_Digest.h */, + DC59E9F91D91CA0A001BDDF5 /* DER_Digest.c */, + DC59E9FA1D91CA0A001BDDF5 /* oids.c */, + DC1785421D778A7400B50D50 /* oids.h */, + DC59E9FC1D91CA0A001BDDF5 /* oidsPriv.h */, + ); + name = libDER; + path = OSX/libsecurity_keychain/libDER/libDER; + sourceTree = ""; + }; + DC59EA2C1D91CA2C001BDDF5 /* libDERUtils */ = { + isa = PBXGroup; + children = ( + DC59EA261D91CA2C001BDDF5 /* libDERUtils.h */, + DC59EA271D91CA2C001BDDF5 /* libDERUtils.c */, + DC59EA281D91CA2C001BDDF5 /* fileIo.c */, + DC59EA291D91CA2C001BDDF5 /* fileIo.h */, + DC59EA2A1D91CA2C001BDDF5 /* printFields.h */, + DC59EA2B1D91CA2C001BDDF5 /* printFields.c */, + ); + name = libDERUtils; + path = OSX/libsecurity_keychain/libDER/libDERUtils; + sourceTree = ""; + }; + DC59EA4B1D91CACE001BDDF5 /* libDER */ = { + isa = PBXGroup; + children = ( + DC59EA451D91CACE001BDDF5 /* AppleMobilePersonalizedTicket.h */, + DC59EA461D91CACE001BDDF5 /* DER_Ticket.c */, + DC59EA471D91CACE001BDDF5 /* DER_Ticket.h */, + DC59EA481D91CACE001BDDF5 /* parseTicket.c */, + DC59EA491D91CACE001BDDF5 /* parseCert.c */, + DC59EA4A1D91CACE001BDDF5 /* parseCrl.c */, + ); + name = libDER; + path = OSX/libsecurity_keychain/libDER/Tests; + sourceTree = ""; + }; + DC5ABD281D832D4C00CF422C /* SecurityTool macOS */ = { + isa = PBXGroup; + children = ( + DC5ABDC01D832D5D00CF422C /* Documentation */, + DC5ABDBE1D832D5800CF422C /* Source */, + ); + name = "SecurityTool macOS"; + sourceTree = ""; + }; + DC5ABDBE1D832D5800CF422C /* Source */ = { + isa = PBXGroup; + children = ( + DC5ABD781D832D5800CF422C /* srCdsaUtils.cpp */, + DC5ABD791D832D5800CF422C /* srCdsaUtils.h */, + DC5ABD7A1D832D5800CF422C /* createFVMaster.c */, + DC5ABD7B1D832D5800CF422C /* createFVMaster.h */, + DC5ABD7C1D832D5800CF422C /* mds_install.h */, + DC5ABD7D1D832D5800CF422C /* mds_install.cpp */, + DC5ABD7E1D832D5800CF422C /* cmsutil.c */, + DC5ABD7F1D832D5800CF422C /* cmsutil.h */, + DC5ABD801D832D5800CF422C /* db_commands.cpp */, + DC5ABD811D832D5800CF422C /* db_commands.h */, + DC5ABD821D832D5800CF422C /* display_error_code.c */, + DC5ABD831D832D5800CF422C /* display_error_code.h */, + DC5ABD841D832D5800CF422C /* trusted_cert_dump.c */, + DC5ABD851D832D5800CF422C /* trusted_cert_dump.h */, + DC5ABD861D832D5800CF422C /* identity_find.c */, + DC5ABD871D832D5800CF422C /* identity_find.h */, + DC5ABD881D832D5800CF422C /* identity_prefs.c */, + DC5ABD891D832D5800CF422C /* identity_prefs.h */, + DC5ABD8A1D832D5800CF422C /* key_create.c */, + DC5ABD8B1D832D5800CF422C /* key_create.h */, + DC5ABD8C1D832D5800CF422C /* keychain_add.c */, + DC5ABD8D1D832D5800CF422C /* keychain_add.h */, + DC5ABD8E1D832D5800CF422C /* keychain_create.c */, + DC5ABD8F1D832D5800CF422C /* keychain_create.h */, + DC5ABD901D832D5800CF422C /* keychain_delete.c */, + DC5ABD911D832D5800CF422C /* keychain_delete.h */, + DC5ABD921D832D5800CF422C /* keychain_export.c */, + DC5ABD931D832D5800CF422C /* keychain_export.h */, + DC5ABD941D832D5800CF422C /* keychain_find.c */, + DC5ABD951D832D5800CF422C /* keychain_find.h */, + DC5ABD961D832D5800CF422C /* keychain_import.c */, + DC5ABD971D832D5800CF422C /* keychain_import.h */, + DC5ABD981D832D5800CF422C /* keychain_list.c */, + DC5ABD991D832D5800CF422C /* keychain_list.h */, + DC5ABD9A1D832D5800CF422C /* keychain_lock.c */, + DC5ABD9B1D832D5800CF422C /* keychain_lock.h */, + DC5ABD9C1D832D5800CF422C /* keychain_recode.c */, + DC5ABD9D1D832D5800CF422C /* keychain_recode.h */, + DC5ABD9E1D832D5800CF422C /* keychain_set_settings.c */, + DC5ABD9F1D832D5800CF422C /* keychain_set_settings.h */, + DC5ABDA01D832D5800CF422C /* keychain_show_info.c */, + DC5ABDA11D832D5800CF422C /* keychain_show_info.h */, + DC5ABDA21D832D5800CF422C /* keychain_unlock.c */, + DC5ABDA31D832D5800CF422C /* keychain_unlock.h */, + DC5ABDA41D832D5800CF422C /* keychain_utilities.c */, + DC5ABDA51D832D5800CF422C /* keychain_utilities.h */, + DC5ABDA61D832D5800CF422C /* leaks.c */, + DC5ABDA71D832D5800CF422C /* leaks.h */, + DC5ABDA81D832D5800CF422C /* readline.c */, + DC5ABDA91D832D5800CF422C /* readline_cssm.h */, + DC5ABDAA1D832D5800CF422C /* security.c */, + DC5ABDAB1D832D5800CF422C /* security_tool.h */, + DC5ABDAC1D832D5800CF422C /* trusted_cert_add.c */, + DC5ABDAD1D832D5800CF422C /* trusted_cert_add.h */, + DC5ABDAE1D832D5800CF422C /* trusted_cert_utils.c */, + DC5ABDAF1D832D5800CF422C /* trusted_cert_utils.h */, + DC5ABDB01D832D5800CF422C /* trust_settings_impexp.h */, + DC5ABDB11D832D5800CF422C /* trust_settings_impexp.c */, + DC5ABDB21D832D5800CF422C /* user_trust_enable.h */, + DC5ABDB31D832D5800CF422C /* user_trust_enable.cpp */, + DC5ABDB41D832D5800CF422C /* authz.h */, + DC5ABDB51D832D5800CF422C /* authz.c */, + DC5ABDB61D832D5800CF422C /* verify_cert.c */, + DC5ABDB71D832D5800CF422C /* verify_cert.h */, + DC5ABDB81D832D5800CF422C /* access_utils.c */, + DC5ABDB91D832D5800CF422C /* access_utils.h */, + DC5ABDBA1D832D5800CF422C /* smartcards.h */, + DC5ABDBB1D832D5800CF422C /* smartcards.m */, + DC5ABDBC1D832D5800CF422C /* translocate.c */, + DC5ABDBD1D832D5800CF422C /* translocate.h */, + ); + name = Source; + path = SecurityTool; + sourceTree = ""; + }; + DC5ABDC01D832D5D00CF422C /* Documentation */ = { + isa = PBXGroup; + children = ( + DC5ABDBF1D832D5D00CF422C /* security.1 */, + ); + name = Documentation; + path = SecurityTool; + sourceTree = ""; + }; + DC5ABF791D83510300CF422C /* securityd macOS */ = { + isa = PBXGroup; + children = ( + DC6A82061D87731C00418608 /* libsecurityd */, + DC5AC0AD1D83533400CF422C /* securityd_service.xcodeproj */, + DC5ABFD51D83511A00CF422C /* src */, + DC5AC1021D83550300CF422C /* derived_src */, + DC5ABFD81D83512200CF422C /* mig */, + DC5ABFDE1D83512A00CF422C /* DTrace */, + DC5ABFE11D83513400CF422C /* doc */, + DC5ABFE31D83513C00CF422C /* resources */, + ); + name = "securityd macOS"; + sourceTree = ""; + }; + DC5ABF891D83511A00CF422C /* Core Structure */ = { + isa = PBXGroup; + children = ( + DC5ABF7B1D83511A00CF422C /* connection.h */, + DC5ABF7C1D83511A00CF422C /* connection.cpp */, + DC5ABF7D1D83511A00CF422C /* database.h */, + DC5ABF7E1D83511A00CF422C /* database.cpp */, + DC5ABF7F1D83511A00CF422C /* key.h */, + DC5ABF801D83511A00CF422C /* key.cpp */, + DC5ABF811D83511A00CF422C /* process.h */, + DC5ABF821D83511A00CF422C /* process.cpp */, + DC5ABF831D83511A00CF422C /* server.h */, + DC5ABF841D83511A00CF422C /* server.cpp */, + DC5ABF851D83511A00CF422C /* session.h */, + DC5ABF861D83511A00CF422C /* session.cpp */, + DC5ABF871D83511A00CF422C /* structure.h */, + DC5ABF881D83511A00CF422C /* structure.cpp */, + ); + name = "Core Structure"; + sourceTree = ""; + }; + DC5ABF8C1D83511A00CF422C /* Crypto */ = { + isa = PBXGroup; + children = ( + DC5ABF8A1D83511A00CF422C /* dbcrypto.h */, + DC5ABF8B1D83511A00CF422C /* dbcrypto.cpp */, + ); + name = Crypto; + sourceTree = ""; + }; + DC5ABF911D83511A00CF422C /* Local */ = { + isa = PBXGroup; + children = ( + DC5ABF8D1D83511A00CF422C /* localdatabase.h */, + DC5ABF8E1D83511A00CF422C /* localdatabase.cpp */, + DC5ABF8F1D83511A00CF422C /* localkey.h */, + DC5ABF901D83511A00CF422C /* localkey.cpp */, + ); + name = Local; + sourceTree = ""; + }; + DC5ABF961D83511A00CF422C /* Keychain */ = { + isa = PBXGroup; + children = ( + DC5ABF921D83511A00CF422C /* kcdatabase.h */, + DC5ABF931D83511A00CF422C /* kcdatabase.cpp */, + DC5ABF941D83511A00CF422C /* kckey.h */, + DC5ABF951D83511A00CF422C /* kckey.cpp */, + ); + name = Keychain; + sourceTree = ""; + }; + DC5ABF991D83511A00CF422C /* Temporary */ = { + isa = PBXGroup; + children = ( + DC5ABF971D83511A00CF422C /* tempdatabase.h */, + DC5ABF981D83511A00CF422C /* tempdatabase.cpp */, + ); + name = Temporary; + sourceTree = ""; + }; + DC5ABFA01D83511A00CF422C /* Token */ = { + isa = PBXGroup; + children = ( + DC5ABF9A1D83511A00CF422C /* tokendatabase.h */, + DC5ABF9B1D83511A00CF422C /* tokendatabase.cpp */, + DC5ABF9C1D83511A00CF422C /* tokenkey.h */, + DC5ABF9D1D83511A00CF422C /* tokenkey.cpp */, + DC5ABF9E1D83511A00CF422C /* tokenaccess.h */, + DC5ABF9F1D83511A00CF422C /* tokenaccess.cpp */, + ); + name = Token; + sourceTree = ""; + }; + DC5ABFA11D83511A00CF422C /* Database Types */ = { + isa = PBXGroup; + children = ( + DC5ABF911D83511A00CF422C /* Local */, + DC5ABF961D83511A00CF422C /* Keychain */, + DC5ABF991D83511A00CF422C /* Temporary */, + DC5ABFA01D83511A00CF422C /* Token */, + ); + name = "Database Types"; + sourceTree = ""; + }; + DC5ABFAC1D83511A00CF422C /* Smartcards */ = { + isa = PBXGroup; + children = ( + DC5ABFA21D83511A00CF422C /* pcscmonitor.h */, + DC5ABFA31D83511A00CF422C /* pcscmonitor.cpp */, + DC5ABFA41D83511A00CF422C /* reader.h */, + DC5ABFA51D83511A00CF422C /* reader.cpp */, + DC5ABFA61D83511A00CF422C /* token.h */, + DC5ABFA71D83511A00CF422C /* token.cpp */, + DC5ABFA81D83511A00CF422C /* tokend.h */, + DC5ABFA91D83511A00CF422C /* tokend.cpp */, + DC5ABFAA1D83511A00CF422C /* tokencache.h */, + DC5ABFAB1D83511A00CF422C /* tokencache.cpp */, + ); + name = Smartcards; + sourceTree = ""; + }; + DC5ABFAE1D83511A00CF422C /* Transit */ = { + isa = PBXGroup; + children = ( + DC5ABFAD1D83511A00CF422C /* transition.cpp */, + ); + name = Transit; + sourceTree = ""; + }; + DC5ABFB71D83511A00CF422C /* ACLs */ = { + isa = PBXGroup; + children = ( + DC5ABFAF1D83511A00CF422C /* acls.h */, + DC5ABFB01D83511A00CF422C /* acls.cpp */, + DC5ABFB11D83511A00CF422C /* tokenacl.h */, + DC5ABFB21D83511A00CF422C /* tokenacl.cpp */, + DC5ABFB31D83511A00CF422C /* acl_keychain.h */, + DC5ABFB41D83511A00CF422C /* acl_keychain.cpp */, + DC5ABFB51D83511A00CF422C /* acl_partition.h */, + DC5ABFB61D83511A00CF422C /* acl_partition.cpp */, + ); + name = ACLs; + sourceTree = ""; + }; + DC5ABFBC1D83511A00CF422C /* Authorization */ = { + isa = PBXGroup; + children = ( + DC5ABFB81D83511A00CF422C /* authhost.h */, + DC5ABFB91D83511A00CF422C /* authhost.cpp */, + DC5ABFBA1D83511A00CF422C /* credential.h */, + DC5ABFBB1D83511A00CF422C /* credential.cpp */, + ); + name = Authorization; + sourceTree = ""; + }; + DC5ABFC11D83511A00CF422C /* Client Identification */ = { + isa = PBXGroup; + children = ( + DC5ABFBD1D83511A00CF422C /* clientid.h */, + DC5ABFBE1D83511A00CF422C /* clientid.cpp */, + DC5ABFBF1D83511A00CF422C /* codesigdb.h */, + DC5ABFC01D83511A00CF422C /* codesigdb.cpp */, + ); + name = "Client Identification"; + sourceTree = ""; + }; + DC5ABFC41D83511A00CF422C /* Code Signing */ = { + isa = PBXGroup; + children = ( + DC5ABFC21D83511A00CF422C /* csproxy.h */, + DC5ABFC31D83511A00CF422C /* csproxy.cpp */, + ); + name = "Code Signing"; + sourceTree = ""; + }; + DC5ABFD41D83511A00CF422C /* Support */ = { + isa = PBXGroup; + children = ( + DC5ABFC51D83511A00CF422C /* agentclient.h */, + DC5ABFC61D83511A00CF422C /* agentquery.h */, + DC5ABFC71D83511A00CF422C /* agentquery.cpp */, + DC5ABFC81D83511A00CF422C /* auditevents.h */, + DC5ABFC91D83511A00CF422C /* auditevents.cpp */, + DC5ABFCA1D83511A00CF422C /* ccaudit_extensions.h */, + DC5ABFCB1D83511A00CF422C /* ccaudit_extensions.cpp */, + DC5ABFCC1D83511A00CF422C /* child.h */, + DC5ABFCD1D83511A00CF422C /* child.cpp */, + DC5ABFD01D83511A00CF422C /* notifications.h */, + DC5ABFD11D83511A00CF422C /* notifications.cpp */, + DC5ABFD21D83511A00CF422C /* SharedMemoryServer.h */, + DC5ABFD31D83511A00CF422C /* SharedMemoryServer.cpp */, + ); + name = Support; + sourceTree = ""; + }; + DC5ABFD51D83511A00CF422C /* src */ = { + isa = PBXGroup; + children = ( + DC5ABF7A1D83511A00CF422C /* main.cpp */, + DC5ABF891D83511A00CF422C /* Core Structure */, + DC5ABF8C1D83511A00CF422C /* Crypto */, + DC5ABFA11D83511A00CF422C /* Database Types */, + DC5ABFAC1D83511A00CF422C /* Smartcards */, + DC5ABFAE1D83511A00CF422C /* Transit */, + DC5ABFB71D83511A00CF422C /* ACLs */, + DC5ABFBC1D83511A00CF422C /* Authorization */, + DC5ABFC11D83511A00CF422C /* Client Identification */, + DC5ABFC41D83511A00CF422C /* Code Signing */, + DC5ABFD41D83511A00CF422C /* Support */, + ); + name = src; + path = securityd/src; + sourceTree = ""; + }; + DC5ABFD81D83512200CF422C /* mig */ = { + isa = PBXGroup; + children = ( + DC5ABFD71D83512200CF422C /* self.defs */, + ); + name = mig; + path = securityd/mig; + sourceTree = ""; + }; + DC5ABFDE1D83512A00CF422C /* DTrace */ = { + isa = PBXGroup; + children = ( + DC5ABFD91D83512A00CF422C /* securityd_dtrace.h */, + DC5ABFDA1D83512A00CF422C /* securityd.d */, + DC5ABFDB1D83512A00CF422C /* dtrace.h */, + DC5ABFDC1D83512A00CF422C /* securityd-watch.d */, + ); + name = DTrace; + path = securityd; + sourceTree = ""; + }; + DC5ABFE11D83513400CF422C /* doc */ = { + isa = PBXGroup; + children = ( + DC5ABFDF1D83513400CF422C /* BLOBFORMAT */, + DC5ABFE01D83513400CF422C /* securityd.1 */, + ); + name = doc; + path = securityd/doc; + sourceTree = ""; + }; + DC5ABFE31D83513C00CF422C /* resources */ = { + isa = PBXGroup; + children = ( + DC5ABFE21D83513C00CF422C /* securityd.order */, + DC5ABFE41D83514700CF422C /* com.apple.securityd.plist */, + ); + name = resources; + path = securityd/src; + sourceTree = ""; + }; + DC5AC0AE1D83533400CF422C /* Products */ = { + isa = PBXGroup; + children = ( + DC5AC0B51D83533400CF422C /* securityd_service */, + DC5AC0B71D83533400CF422C /* securitydservicectrl */, + DC5AC0B91D83533400CF422C /* libsecuritydservice_client.a */, + DC5AC0BB1D83533400CF422C /* com.apple.KeyStore.plugin */, + ); + name = Products; + sourceTree = ""; + }; + DC5AC1021D83550300CF422C /* derived_src */ = { + isa = PBXGroup; + children = ( + DC5AC0FF1D83550300CF422C /* self.h */, + DC5AC1001D83550300CF422C /* selfServer.cpp */, + DC5AC1011D83550300CF422C /* selfUser.cpp */, + ); + path = derived_src; + sourceTree = BUILT_PRODUCTS_DIR; + }; + DC5AC1FD1D83647300CF422C /* SecureObjectSync */ = { + isa = PBXGroup; + children = ( + DCC78DA11D8085F200865A7C /* SOSCircle */, + F93C49391AB8FF530047E01A /* ckcdiagnose */, + 4C52D0B616EFC61E0079966E /* CircleJoinRequested */, + 5346480317331E1200FE9172 /* KeychainSyncAccountNotification */, + E7D847C61C6BE9710025BB44 /* KeychainCircle.framework */, + DCE4E9121D7F3D5400AFB96E /* Keychain Circle Notification */, + DCE4E8DE1D7F39DB00AFB96E /* Cloud Keychain Utility */, + CD6130CC1DA06F5700E1E42F /* KeychainSyncingOverIDSProxy */, + E7A5F4D11C0CFF4E00F3BEBB /* KVSKeychainSyncingProxy */, + 4381690E1B4EDCBD00C54D58 /* SOSCCAuthPlugin */, + ); + name = SecureObjectSync; + sourceTree = ""; + }; + DC5AC1FE1D8364BA00CF422C /* SecurityTool */ = { + isa = PBXGroup; + children = ( + DC5ABD281D832D4C00CF422C /* SecurityTool macOS */, + 4CB740FA0A47580400D641BB /* Security2Tool macOS */, + DC52EA9B1D80CC2A00B0A59C /* SecurityTool iOS */, + DCC78E271D8085FC00865A7C /* Security/Tool */, + ); + name = SecurityTool; + sourceTree = ""; + }; + DC5AC1FF1D83650C00CF422C /* securityd */ = { + isa = PBXGroup; + children = ( + DC5ABF791D83510300CF422C /* securityd macOS */, + DCC78CB61D8085D800865A7C /* securityd iOS */, + ); + name = securityd; + sourceTree = ""; + }; + DC5AC2001D83653E00CF422C /* resources */ = { + isa = PBXGroup; + children = ( + DCEE1E851D93424D00DC0EB7 /* com.apple.securityd.plist */, + DCE4E8091D7A4E1C00AFB96E /* com.apple.secd.plist */, + ); + name = resources; + sourceTree = ""; + }; + DC5AC2011D83663C00CF422C /* tests */ = { + isa = PBXGroup; + children = ( + DC0BCBD81D8C646700070CB0 /* regressionBase */, + DC59EA4B1D91CACE001BDDF5 /* libDER */, + DC0BCCB81D8C68F000070CB0 /* utilitiesRegressions */, + DC0BC5CD1D8B72FE00070CB0 /* test-checkpw */, + DC610AB81D7910E5002223DE /* gk_reset_check */, + DC610A4E1D78F702002223DE /* codesign_tests */, + 5EBE247B1B00CCAE0007DB0E /* secacltests */, + DCE4E7E01D7A4B6D00AFB96E /* sectests */, + 0C0BDB30175685B000BC1A7E /* secdtests */, + E710C74A1331946500F85568 /* SecurityTests */, + EB9C1DAA1BDFD0FE00F89272 /* RegressionTests */, + 4CE5A55609C7970A00D27A3F /* sslViewer */, + 0C2BCBA41D063F7D00ED7A2F /* dtlsEcho */, + ); + name = tests; + sourceTree = ""; + }; + DC5AC2021D83668700CF422C /* Security.framework */ = { + isa = PBXGroup; + children = ( + EB80211C1D3D9044008540C4 /* Modules */, + DC59E9AA1D91C9BE001BDDF5 /* Security.framework (Shared) */, + DCC78E9E1D8085FC00865A7C /* Security.framework iOS */, + DC1789A31D779E2400B50D50 /* Security.framework macOS */, + 4C35DC37094F9120002917C4 /* Security-Info.plist */, + ); + name = Security.framework; + sourceTree = ""; + }; + DC610A4E1D78F702002223DE /* codesign_tests */ = { + isa = PBXGroup; + children = ( + DC610A621D78FA3B002223DE /* resources */, + DC610A4F1D78F715002223DE /* main.c */, + DC610A601D78F9F2002223DE /* FatDynamicValidation.c */, + ); + name = codesign_tests; + sourceTree = ""; + }; + DC610A621D78FA3B002223DE /* resources */ = { + isa = PBXGroup; + children = ( + DC610A671D78FA76002223DE /* teamid.sh */, + DC610A631D78FA54002223DE /* CaspianTests */, + DC610A641D78FA54002223DE /* LocalCaspianTestRun.sh */, + DC610A681D78FA87002223DE /* validation.sh */, + ); + name = resources; + sourceTree = ""; + }; + DC610AB81D7910E5002223DE /* gk_reset_check */ = { + isa = PBXGroup; + children = ( + DC610AB91D7910F8002223DE /* gk_reset_check.c */, + ); + name = gk_reset_check; + sourceTree = ""; + }; + DC6A82061D87731C00418608 /* libsecurityd */ = { + isa = PBXGroup; + children = ( + DC6A82761D87732E00418608 /* lib */, + DC6A827C1D87733C00418608 /* mig */, + DC6A82871D87734600418608 /* derived_src */, + ); + name = libsecurityd; + sourceTree = ""; + }; + DC6A82661D87732E00418608 /* secxdr */ = { + isa = PBXGroup; + children = ( + DC6A825A1D87732E00418608 /* sec_xdr.h */, + DC6A825B1D87732E00418608 /* sec_xdr.c */, + DC6A825C1D87732E00418608 /* sec_xdr_array.c */, + DC6A825D1D87732E00418608 /* sec_xdr_reference.c */, + DC6A825E1D87732E00418608 /* sec_xdrmem.c */, + DC6A825F1D87732E00418608 /* sec_xdr_sizeof.c */, + DC6A82601D87732E00418608 /* xdr_auth.h */, + DC6A82611D87732E00418608 /* xdr_auth.c */, + DC6A82621D87732E00418608 /* xdr_cssm.h */, + DC6A82631D87732E00418608 /* xdr_cssm.c */, + DC6A82641D87732E00418608 /* xdr_dldb.h */, + DC6A82651D87732E00418608 /* xdr_dldb.cpp */, + ); + name = secxdr; + sourceTree = ""; + }; + DC6A82671D87732E00418608 /* Common */ = { + isa = PBXGroup; + children = ( + DC6A82531D87732E00418608 /* SharedMemoryCommon.h */, + DC6A82541D87732E00418608 /* handletypes.h */, + DC6A82551D87732E00418608 /* sscommon.h */, + DC6A82561D87732E00418608 /* ssblob.h */, + DC6A82571D87732E00418608 /* ssblob.cpp */, + DC6A82581D87732E00418608 /* dictionary.h */, + DC6A82591D87732E00418608 /* dictionary.cpp */, + DC6A82661D87732E00418608 /* secxdr */, + ); + name = Common; + sourceTree = ""; + }; + DC6A82721D87732E00418608 /* Client */ = { + isa = PBXGroup; + children = ( + DC6A82681D87732E00418608 /* SharedMemoryClient.cpp */, + DC6A82691D87732E00418608 /* SharedMemoryClient.h */, + DC6A826A1D87732E00418608 /* eventlistener.cpp */, + DC6A826B1D87732E00418608 /* eventlistener.h */, + DC6A826C1D87732E00418608 /* ssclient.h */, + DC6A826D1D87732E00418608 /* ssnotify.h */, + DC6A826E1D87732E00418608 /* ssclient.cpp */, + DC6A826F1D87732E00418608 /* sstransit.h */, + DC6A82701D87732E00418608 /* sstransit.cpp */, + DC6A82711D87732E00418608 /* transition.cpp */, + ); + name = Client; + sourceTree = ""; + }; + DC6A82751D87732E00418608 /* MIG Support */ = { + isa = PBXGroup; + children = ( + DC6A82731D87732E00418608 /* ss_types.h */, + DC6A82741D87732E00418608 /* ucsp_types.h */, + ); + name = "MIG Support"; + sourceTree = ""; + }; + DC6A82761D87732E00418608 /* lib */ = { + isa = PBXGroup; + children = ( + DC6A82671D87732E00418608 /* Common */, + DC6A82721D87732E00418608 /* Client */, + DC6A82751D87732E00418608 /* MIG Support */, + ); + name = lib; + path = OSX/libsecurityd; + sourceTree = ""; + }; + DC6A827C1D87733C00418608 /* mig */ = { + isa = PBXGroup; + children = ( + DC6A82771D87733C00418608 /* ss_types.defs */, + DC6A82781D87733C00418608 /* ucsp.defs */, + DC6A82791D87733C00418608 /* ucspNotify.defs */, + DC6A827A1D87733C00418608 /* cshosting.defs */, + ); + name = mig; + path = OSX/libsecurityd/mig; + sourceTree = ""; + }; + DC6A82871D87734600418608 /* derived_src */ = { + isa = PBXGroup; + children = ( + DC6A827D1D87734600418608 /* ucsp.h */, + DC6A827E1D87734600418608 /* ucspNotify.h */, + DC6A827F1D87734600418608 /* ucspClient.cpp */, + DC6A82801D87734600418608 /* ucspClientC.c */, + DC6A82811D87734600418608 /* ucspServer.cpp */, + DC6A82821D87734600418608 /* ucspNotifySender.cpp */, + DC6A82831D87734600418608 /* ucspNotifyReceiver.cpp */, + DC6A82841D87734600418608 /* cshosting.h */, + DC6A82851D87734600418608 /* cshostingClient.cpp */, + DC6A82861D87734600418608 /* cshostingServer.cpp */, + ); + path = derived_src; + sourceTree = BUILT_PRODUCTS_DIR; + }; + DC8834001D8A217200CE0ACA /* ASN1 */ = { + isa = PBXGroup; + children = ( + DC1785101D77892600B50D50 /* headers */, + DC8834501D8A21AA00CE0ACA /* lib */, + ); + name = ASN1; + sourceTree = ""; + }; + DC8834501D8A21AA00CE0ACA /* lib */ = { + isa = PBXGroup; + children = ( + DC88340A1D8A21AA00CE0ACA /* SecAsn1Coder.c */, + DC88340C1D8A21AA00CE0ACA /* SecAsn1Templates.c */, + DC88340F1D8A21AA00CE0ACA /* certExtensionTemplates.c */, + DC8834111D8A21AA00CE0ACA /* csrTemplates.c */, + DC8834131D8A21AA00CE0ACA /* keyTemplates.c */, + DC8834151D8A21AA00CE0ACA /* nameTemplates.c */, + DC8834171D8A21AA00CE0ACA /* pkcs7Templates.c */, + DC8834181D8A21AA00CE0ACA /* pkcs7Templates.h */, + DC8834191D8A21AA00CE0ACA /* pkcs12Templates.c */, + DC88341A1D8A21AA00CE0ACA /* pkcs12Templates.h */, + DC88341B1D8A21AA00CE0ACA /* nsprPortX.c */, + DC88341C1D8A21AA00CE0ACA /* nssilckt.h */, + DC88341D1D8A21AA00CE0ACA /* nssilock.h */, + DC88341E1D8A21AA00CE0ACA /* nsslocks.h */, + DC88341F1D8A21AA00CE0ACA /* nssUtils.c */, + DC8834201D8A21AA00CE0ACA /* nssUtils.h */, + DC8834211D8A21AA00CE0ACA /* ocspTemplates.c */, + DC8834231D8A21AA00CE0ACA /* plarena.c */, + DC8834241D8A21AA00CE0ACA /* plarena.h */, + DC8834251D8A21AA00CE0ACA /* plarenas.h */, + DC8834261D8A21AA00CE0ACA /* plstr.h */, + DC8834271D8A21AA00CE0ACA /* prbit.h */, + DC8834281D8A21AA00CE0ACA /* prcpucfg.h */, + DC8834291D8A21AA00CE0ACA /* prcvar.h */, + DC88342A1D8A21AA00CE0ACA /* prenv.h */, + DC88342B1D8A21AA00CE0ACA /* prerr.h */, + DC88342C1D8A21AA00CE0ACA /* prerror.h */, + DC88342D1D8A21AA00CE0ACA /* prinit.h */, + DC88342E1D8A21AA00CE0ACA /* prinrval.h */, + DC88342F1D8A21AA00CE0ACA /* prlock.h */, + DC8834301D8A21AA00CE0ACA /* prlog.h */, + DC8834311D8A21AA00CE0ACA /* prlong.h */, + DC8834321D8A21AA00CE0ACA /* prmem.h */, + DC8834331D8A21AA00CE0ACA /* prmon.h */, + DC8834341D8A21AA00CE0ACA /* protypes.h */, + DC8834351D8A21AA00CE0ACA /* prthread.h */, + DC8834361D8A21AA00CE0ACA /* prtime.h */, + DC8834371D8A21AA00CE0ACA /* prtypes.h */, + DC8834381D8A21AA00CE0ACA /* prvrsion.h */, + DC8834391D8A21AA00CE0ACA /* secasn1.h */, + DC88343A1D8A21AA00CE0ACA /* secasn1d.c */, + DC88343B1D8A21AA00CE0ACA /* secasn1e.c */, + DC88343D1D8A21AA00CE0ACA /* secasn1u.c */, + DC88343E1D8A21AA00CE0ACA /* seccomon.h */, + DC88343F1D8A21AA00CE0ACA /* secerr.h */, + DC8834401D8A21AA00CE0ACA /* secErrorStr.c */, + DC8834411D8A21AA00CE0ACA /* SecNssCoder.cpp */, + DC8834421D8A21AA00CE0ACA /* SecNssCoder.h */, + DC8834431D8A21AA00CE0ACA /* secport.c */, + DC8834441D8A21AA00CE0ACA /* secport.h */, + DC8834451D8A21AA00CE0ACA /* X509Templates.c */, + DC8834471D8A21AA00CE0ACA /* osKeyTemplates.c */, + DC8834491D8A21AA00CE0ACA /* oidsalg.c */, + DC88344B1D8A21AA00CE0ACA /* oidsattr.c */, + DC88344E1D8A21AA00CE0ACA /* oidsocsp.c */, + DC88344F1D8A21AA00CE0ACA /* oidsocsp.h */, + ); + name = lib; + path = OSX/libsecurity_asn1/lib; + sourceTree = ""; + }; + DCB340651D8A24CC0054D16E /* authorization */ = { + isa = PBXGroup; + children = ( + DC17875D1D7790E500B50D50 /* AuthorizationPriv.h */, + DC17875E1D7790E500B50D50 /* AuthorizationTagsPriv.h */, + DC17851C1D7789AF00B50D50 /* Authorization.h */, + DC17851D1D7789AF00B50D50 /* AuthorizationDB.h */, + DC17851E1D7789AF00B50D50 /* AuthorizationPlugin.h */, + DC17851F1D7789AF00B50D50 /* AuthorizationTags.h */, + DC1785201D7789AF00B50D50 /* AuthSession.h */, + DCB3407B1D8A24F70054D16E /* lib */, + ); + name = authorization; + sourceTree = ""; + }; + DCB3407B1D8A24F70054D16E /* lib */ = { + isa = PBXGroup; + children = ( + DCB3406F1D8A24F70054D16E /* Authorization.c */, + DCB340761D8A24F70054D16E /* Authorization.cpp */, + DCB340781D8A24F70054D16E /* privPort.h */, + DCB340791D8A24F70054D16E /* trampolineClient.cpp */, + DCB3407A1D8A24F70054D16E /* trampolineServer.cpp */, + ); + name = lib; + path = OSX/libsecurity_authorization; + sourceTree = ""; + }; + DCB3408D1D8A262D0054D16E /* cdsa_client */ = { + isa = PBXGroup; + children = ( + DCB340C11D8A26AE0054D16E /* lib */, + ); + name = cdsa_client; + sourceTree = ""; + }; + DCB340C11D8A26AE0054D16E /* lib */ = { + isa = PBXGroup; + children = ( + DCB340961D8A26AE0054D16E /* aclclient.cpp */, + DCB340971D8A26AE0054D16E /* aclclient.h */, + DCB340981D8A26AE0054D16E /* clclient.cpp */, + DCB340991D8A26AE0054D16E /* clclient.h */, + DCB3409A1D8A26AE0054D16E /* cryptoclient.cpp */, + DCB3409B1D8A26AE0054D16E /* cryptoclient.h */, + DCB3409C1D8A26AE0054D16E /* cspclient.cpp */, + DCB3409D1D8A26AE0054D16E /* cspclient.h */, + DCB3409E1D8A26AE0054D16E /* cssmclient.cpp */, + DCB3409F1D8A26AE0054D16E /* cssmclient.h */, + DCB340A01D8A26AE0054D16E /* dlclient.cpp */, + DCB340A11D8A26AE0054D16E /* dlclientpriv.cpp */, + DCB340A21D8A26AE0054D16E /* dlclient.h */, + DCB340A31D8A26AE0054D16E /* dliterators.cpp */, + DCB340A41D8A26AE0054D16E /* dliterators.h */, + DCB340A51D8A26AE0054D16E /* dlquery.cpp */, + DCB340A61D8A26AE0054D16E /* dlquery.h */, + DCB340A71D8A26AE0054D16E /* dl_standard.cpp */, + DCB340A81D8A26AE0054D16E /* dl_standard.h */, + DCB340A91D8A26AE0054D16E /* DLDBList.cpp */, + DCB340AA1D8A26AE0054D16E /* DLDBList.h */, + DCB340AB1D8A26AE0054D16E /* genkey.cpp */, + DCB340AC1D8A26AE0054D16E /* genkey.h */, + DCB340AD1D8A26AE0054D16E /* keychainacl.cpp */, + DCB340AE1D8A26AE0054D16E /* keychainacl.h */, + DCB340AF1D8A26AE0054D16E /* keyclient.cpp */, + DCB340B01D8A26AE0054D16E /* keyclient.h */, + DCB340B11D8A26AE0054D16E /* macclient.cpp */, + DCB340B21D8A26AE0054D16E /* macclient.h */, + DCB340B31D8A26AE0054D16E /* mdsclient.cpp */, + DCB340B41D8A26AE0054D16E /* mdsclient.h */, + DCB340B51D8A26AE0054D16E /* mds_standard.cpp */, + DCB340B61D8A26AE0054D16E /* mds_standard.h */, + DCB340B71D8A26AE0054D16E /* multidldb.cpp */, + DCB340B81D8A26AE0054D16E /* multidldb.h */, + DCB340B91D8A26AE0054D16E /* securestorage.cpp */, + DCB340BA1D8A26AE0054D16E /* securestorage.h */, + DCB340BB1D8A26AE0054D16E /* signclient.cpp */, + DCB340BC1D8A26AE0054D16E /* signclient.h */, + DCB340BD1D8A26AE0054D16E /* tpclient.cpp */, + DCB340BE1D8A26AE0054D16E /* tpclient.h */, + DCB340BF1D8A26AE0054D16E /* wrapkey.cpp */, + DCB340C01D8A26AE0054D16E /* wrapkey.h */, + ); + name = lib; + path = OSX/libsecurity_cdsa_client/lib; + sourceTree = ""; + }; + DCB3412F1D8A29F70054D16E /* cdsa_plugin */ = { + isa = PBXGroup; + children = ( + DCB341591D8A2A340054D16E /* lib */, + ); + name = cdsa_plugin; + sourceTree = ""; + }; + DCB341591D8A2A340054D16E /* lib */ = { + isa = PBXGroup; + children = ( + DCB341381D8A2A340054D16E /* ACsession.h */, + DCB341391D8A2A340054D16E /* c++plugin.h */, + DCB3413A1D8A2A340054D16E /* CLsession.h */, + DCB3413B1D8A2A340054D16E /* CSPsession.cpp */, + DCB3413C1D8A2A340054D16E /* CSPsession.h */, + DCB3413D1D8A2A340054D16E /* csputilities.cpp */, + DCB3413E1D8A2A340054D16E /* cssmplugin.cpp */, + DCB3413F1D8A2A340054D16E /* cssmplugin.h */, + DCB341401D8A2A340054D16E /* Database.cpp */, + DCB341411D8A2A340054D16E /* Database.h */, + DCB341421D8A2A340054D16E /* DatabaseSession.cpp */, + DCB341431D8A2A340054D16E /* DatabaseSession.h */, + DCB341441D8A2A340054D16E /* DbContext.cpp */, + DCB341451D8A2A340054D16E /* DbContext.h */, + DCB341461D8A2A340054D16E /* DLsession.cpp */, + DCB341471D8A2A340054D16E /* DLsession.h */, + DCB341481D8A2A340054D16E /* generator.cfg */, + DCB341491D8A2A340054D16E /* generator.mk */, + DCB3414A1D8A2A340054D16E /* generator.pl */, + DCB3414B1D8A2A340054D16E /* pluginsession.cpp */, + DCB3414C1D8A2A340054D16E /* pluginsession.h */, + DCB3414D1D8A2A340054D16E /* pluginspi.h */, + DCB3414E1D8A2A340054D16E /* TPsession.h */, + DCB3414F1D8A2A340054D16E /* ACabstractsession.cpp */, + DCB341501D8A2A340054D16E /* CLabstractsession.cpp */, + DCB341511D8A2A340054D16E /* CSPabstractsession.cpp */, + DCB341521D8A2A340054D16E /* DLabstractsession.cpp */, + DCB341531D8A2A340054D16E /* TPabstractsession.cpp */, + DCB341541D8A2A340054D16E /* ACabstractsession.h */, + DCB341551D8A2A340054D16E /* CLabstractsession.h */, + DCB341561D8A2A340054D16E /* CSPabstractsession.h */, + DCB341571D8A2A340054D16E /* DLabstractsession.h */, + DCB341581D8A2A340054D16E /* TPabstractsession.h */, + ); + name = lib; + path = OSX/libsecurity_cdsa_plugin/lib; + sourceTree = ""; + }; + DCB3417A1D8A2B7A0054D16E /* cdsa_utilities */ = { + isa = PBXGroup; + children = ( + DCB341DB1D8A2BAC0054D16E /* lib */, + DCB342331D8A2C6B0054D16E /* derived_src */, + ); + name = cdsa_utilities; + sourceTree = ""; + }; + DCB3419D1D8A2BAC0054D16E /* Subjects */ = { + isa = PBXGroup; + children = ( + DCB341891D8A2BAC0054D16E /* acl_any.cpp */, + DCB3418A1D8A2BAC0054D16E /* acl_any.h */, + DCB3418B1D8A2BAC0054D16E /* acl_codesigning.cpp */, + DCB3418C1D8A2BAC0054D16E /* acl_codesigning.h */, + DCB3418D1D8A2BAC0054D16E /* acl_comment.cpp */, + DCB3418E1D8A2BAC0054D16E /* acl_comment.h */, + DCB3418F1D8A2BAC0054D16E /* acl_password.cpp */, + DCB341901D8A2BAC0054D16E /* acl_password.h */, + DCB341911D8A2BAC0054D16E /* acl_preauth.cpp */, + DCB341921D8A2BAC0054D16E /* acl_preauth.h */, + DCB341931D8A2BAC0054D16E /* acl_process.cpp */, + DCB341941D8A2BAC0054D16E /* acl_process.h */, + DCB341951D8A2BAC0054D16E /* acl_prompted.cpp */, + DCB341961D8A2BAC0054D16E /* acl_prompted.h */, + DCB341971D8A2BAC0054D16E /* acl_protectedpw.cpp */, + DCB341981D8A2BAC0054D16E /* acl_protectedpw.h */, + DCB341991D8A2BAC0054D16E /* acl_secret.cpp */, + DCB3419A1D8A2BAC0054D16E /* acl_secret.h */, + DCB3419B1D8A2BAC0054D16E /* acl_threshold.cpp */, + DCB3419C1D8A2BAC0054D16E /* acl_threshold.h */, + ); + name = Subjects; + sourceTree = ""; + }; + DCB3419E1D8A2BAC0054D16E /* ACLs */ = { + isa = PBXGroup; + children = ( + DCB341831D8A2BAC0054D16E /* objectacl.h */, + DCB341841D8A2BAC0054D16E /* objectacl.cpp */, + DCB341851D8A2BAC0054D16E /* aclsubject.h */, + DCB341861D8A2BAC0054D16E /* aclsubject.cpp */, + DCB341871D8A2BAC0054D16E /* cssmacl.h */, + DCB341881D8A2BAC0054D16E /* cssmacl.cpp */, + DCB3419D1D8A2BAC0054D16E /* Subjects */, + ); + name = ACLs; + sourceTree = ""; + }; + DCB341DB1D8A2BAC0054D16E /* lib */ = { + isa = PBXGroup; + children = ( + DCB3419E1D8A2BAC0054D16E /* ACLs */, + DCB3419F1D8A2BAC0054D16E /* AuthorizationData.cpp */, + DCB341A01D8A2BAC0054D16E /* AuthorizationData.h */, + DCB341A11D8A2BAC0054D16E /* AuthorizationWalkers.h */, + DCB341A21D8A2BAC0054D16E /* callback.cpp */, + DCB341A31D8A2BAC0054D16E /* callback.h */, + DCB341A41D8A2BAC0054D16E /* constdata.cpp */, + DCB341A51D8A2BAC0054D16E /* constdata.h */, + DCB341A61D8A2BAC0054D16E /* context.cpp */, + DCB341A71D8A2BAC0054D16E /* context.h */, + DCB341A81D8A2BAC0054D16E /* cssmaclpod.cpp */, + DCB341A91D8A2BAC0054D16E /* cssmaclpod.h */, + DCB341AA1D8A2BAC0054D16E /* cssmalloc.cpp */, + DCB341AB1D8A2BAC0054D16E /* cssmalloc.h */, + DCB341AC1D8A2BAC0054D16E /* cssmbridge.h */, + DCB341AD1D8A2BAC0054D16E /* cssmcert.cpp */, + DCB341AE1D8A2BAC0054D16E /* cssmcert.h */, + DCB341AF1D8A2BAC0054D16E /* cssmcred.cpp */, + DCB341B01D8A2BAC0054D16E /* cssmcred.h */, + DCB341B11D8A2BAC0054D16E /* cssmdata.cpp */, + DCB341B21D8A2BAC0054D16E /* cssmdata.h */, + DCB341B31D8A2BAC0054D16E /* cssmdates.cpp */, + DCB341B41D8A2BAC0054D16E /* cssmdates.h */, + DCB341B51D8A2BAC0054D16E /* cssmdb.cpp */, + DCB341B61D8A2BAC0054D16E /* cssmdb.h */, + DCB341B71D8A2BAC0054D16E /* cssmdbname.cpp */, + DCB341B81D8A2BAC0054D16E /* cssmdbname.h */, + DCB341B91D8A2BAC0054D16E /* cssmendian.cpp */, + DCB341BA1D8A2BAC0054D16E /* cssmendian.h */, + DCB341BB1D8A2BAC0054D16E /* cssmerrors.cpp */, + DCB341BC1D8A2BAC0054D16E /* cssmerrors.h */, + DCB341BD1D8A2BAC0054D16E /* cssmkey.cpp */, + DCB341BE1D8A2BAC0054D16E /* cssmkey.h */, + DCB341BF1D8A2BAC0054D16E /* cssmlist.cpp */, + DCB341C01D8A2BAC0054D16E /* cssmlist.h */, + DCB341C11D8A2BAC0054D16E /* cssmpods.cpp */, + DCB341C21D8A2BAC0054D16E /* cssmpods.h */, + DCB341C31D8A2BAC0054D16E /* cssmtrust.cpp */, + DCB341C41D8A2BAC0054D16E /* cssmtrust.h */, + DCB341C51D8A2BAC0054D16E /* cssmwalkers.cpp */, + DCB341C61D8A2BAC0054D16E /* cssmwalkers.h */, + DCB341C71D8A2BAC0054D16E /* db++.cpp */, + DCB341C81D8A2BAC0054D16E /* db++.h */, + DCB341C91D8A2BAC0054D16E /* digestobject.h */, + DCB341CA1D8A2BAC0054D16E /* handleobject.cpp */, + DCB341CB1D8A2BAC0054D16E /* handleobject.h */, + DCB341CC1D8A2BAC0054D16E /* handletemplates.cpp */, + DCB341CD1D8A2BAC0054D16E /* handletemplates.h */, + DCB341CE1D8A2BAC0054D16E /* handletemplates_defs.h */, + DCB341CF1D8A2BAC0054D16E /* KeySchema.h */, + DCB341D01D8A2BAC0054D16E /* KeySchema.m4 */, + DCB341D11D8A2BAC0054D16E /* Schema.h */, + DCB341D21D8A2BAC0054D16E /* Schema.m4 */, + DCB341D31D8A2BAC0054D16E /* osxverifier.cpp */, + DCB341D41D8A2BAC0054D16E /* osxverifier.h */, + DCB341D51D8A2BAC0054D16E /* u32handleobject.cpp */, + DCB341D61D8A2BAC0054D16E /* u32handleobject.h */, + DCB341D71D8A2BAC0054D16E /* uniformrandom.cpp */, + DCB341D81D8A2BAC0054D16E /* uniformrandom.h */, + DCB341D91D8A2BAC0054D16E /* walkers.cpp */, + DCB341DA1D8A2BAC0054D16E /* walkers.h */, + ); + name = lib; + path = OSX/libsecurity_cdsa_utilities/lib; + sourceTree = ""; + }; + DCB342331D8A2C6B0054D16E /* derived_src */ = { + isa = PBXGroup; + children = ( + DCB342311D8A2C6B0054D16E /* KeySchema.cpp */, + DCB342321D8A2C6B0054D16E /* Schema.cpp */, + ); + path = derived_src; + sourceTree = BUILT_PRODUCTS_DIR; + }; + DCB342391D8A32740054D16E /* keychain */ = { + isa = PBXGroup; + children = ( + DCB344731D8A35270054D16E /* regressions */, + DCB342F81D8A32A20054D16E /* lib */, + DC1787281D77903700B50D50 /* SecAccessPriv.h */, + DC1787291D77903700B50D50 /* SecCertificateBundle.h */, + DC17872A1D77903700B50D50 /* SecFDERecoveryAsymmetricCrypto.h */, + DC17872B1D77903700B50D50 /* SecIdentitySearchPriv.h */, + DC17872C1D77903700B50D50 /* SecKeychainItemExtendedAttributes.h */, + DC17872D1D77903700B50D50 /* SecKeychainItemPriv.h */, + DC17872E1D77903700B50D50 /* SecKeychainPriv.h */, + DC17872F1D77903700B50D50 /* SecKeychainSearchPriv.h */, + DC1787301D77903700B50D50 /* SecPassword.h */, + DC1787311D77903700B50D50 /* SecRandomP.h */, + DC1787321D77903700B50D50 /* SecRecoveryPassword.h */, + DC1787331D77903700B50D50 /* SecTrustedApplicationPriv.h */, + DC1787341D77903700B50D50 /* TrustSettingsSchema.h */, + DC1785451D778ACD00B50D50 /* SecAccess.h */, + DC1785461D778ACD00B50D50 /* SecACL.h */, + DC1785471D778ACD00B50D50 /* SecCertificateOIDs.h */, + DC1785481D778ACD00B50D50 /* SecIdentitySearch.h */, + DC1785491D778ACD00B50D50 /* SecKeychain.h */, + DC17854A1D778ACD00B50D50 /* SecKeychainItem.h */, + DC17854B1D778ACD00B50D50 /* SecKeychainSearch.h */, + DC17854C1D778ACD00B50D50 /* SecPolicySearch.h */, + DC17854D1D778ACD00B50D50 /* SecTrustedApplication.h */, + ); + name = keychain; + sourceTree = ""; + }; + DCB342581D8A32A20054D16E /* API Bridge */ = { + isa = PBXGroup; + children = ( + DCB342421D8A32A20054D16E /* SecAccess.cpp */, + DCB342431D8A32A20054D16E /* SecACL.cpp */, + DCB342441D8A32A20054D16E /* SecBase.cpp */, + DCB342451D8A32A20054D16E /* SecBridge.h */, + DCB342461D8A32A20054D16E /* SecCertificate.cpp */, + DCB342471D8A32A20054D16E /* SecCertificateBundle.cpp */, + DCB342481D8A32A20054D16E /* SecCertificateRequest.cpp */, + DCB342491D8A32A20054D16E /* SecIdentity.cpp */, + DCB3424A1D8A32A20054D16E /* SecIdentitySearch.cpp */, + DCB3424B1D8A32A20054D16E /* SecItemConstants.c */, + DCB3424C1D8A32A20054D16E /* SecItem.cpp */, + DCB3424D1D8A32A20054D16E /* SecKey.cpp */, + DCB3424E1D8A32A20054D16E /* SecKeychain.cpp */, + DCB3424F1D8A32A20054D16E /* SecKeychainItem.cpp */, + DCB342501D8A32A20054D16E /* SecKeychainItemExtendedAttributes.cpp */, + DCB342511D8A32A20054D16E /* SecKeychainSearch.cpp */, + DCB342521D8A32A20054D16E /* SecPassword.cpp */, + DCB342531D8A32A20054D16E /* SecPolicy.cpp */, + DCB342541D8A32A20054D16E /* SecPolicySearch.cpp */, + DCB342551D8A32A20054D16E /* SecTrust.cpp */, + DCB342561D8A32A20054D16E /* SecTrustedApplication.cpp */, + DCB342571D8A32A20054D16E /* SecTrustSettings.cpp */, + ); + name = "API Bridge"; + sourceTree = ""; + }; + DCB342B51D8A32A20054D16E /* API Classes */ = { + isa = PBXGroup; + children = ( + DCB342811D8A32A20054D16E /* SecRandom.c */, + DCB342821D8A32A20054D16E /* SecFDERecoveryAsymmetricCrypto.cpp */, + DCB342841D8A32A20054D16E /* SecRecoveryPassword.c */, + DCB342861D8A32A20054D16E /* Access.cpp */, + DCB342871D8A32A20054D16E /* Access.h */, + DCB342881D8A32A20054D16E /* ACL.cpp */, + DCB342891D8A32A20054D16E /* ACL.h */, + DCB3428A1D8A32A20054D16E /* Certificate.cpp */, + DCB3428B1D8A32A20054D16E /* Certificate.h */, + DCB3428C1D8A32A20054D16E /* CertificateRequest.cpp */, + DCB3428D1D8A32A20054D16E /* CertificateRequest.h */, + DCB3428E1D8A32A20054D16E /* CertificateValues.cpp */, + DCB3428F1D8A32A20054D16E /* CertificateValues.h */, + DCB342901D8A32A20054D16E /* ExtendedAttribute.cpp */, + DCB342911D8A32A20054D16E /* ExtendedAttribute.h */, + DCB342921D8A32A20054D16E /* Globals.cpp */, + DCB342931D8A32A20054D16E /* Globals.h */, + DCB342941D8A32A20054D16E /* Identity.cpp */, + DCB342951D8A32A20054D16E /* Identity.h */, + DCB342961D8A32A20054D16E /* IdentityCursor.cpp */, + DCB342971D8A32A20054D16E /* IdentityCursor.h */, + DCB342981D8A32A20054D16E /* Item.cpp */, + DCB342991D8A32A20054D16E /* Item.h */, + DCB3429A1D8A32A20054D16E /* KCCursor.cpp */, + DCB3429B1D8A32A20054D16E /* KCCursor.h */, + DCB3429C1D8A32A20054D16E /* Keychains.cpp */, + DCB3429D1D8A32A20054D16E /* Keychains.h */, + DCB3429E1D8A32A20054D16E /* KeyItem.cpp */, + DCB3429F1D8A32A20054D16E /* KeyItem.h */, + DCB342A01D8A32A20054D16E /* Password.cpp */, + DCB342A11D8A32A20054D16E /* Password.h */, + DCB342A21D8A32A20054D16E /* Policies.cpp */, + DCB342A31D8A32A20054D16E /* Policies.h */, + DCB342A41D8A32A20054D16E /* PolicyCursor.cpp */, + DCB342A51D8A32A20054D16E /* PolicyCursor.h */, + DCB342A61D8A32A20054D16E /* SecCFTypes.cpp */, + DCB342A71D8A32A20054D16E /* SecCFTypes.h */, + DCB342A81D8A32A20054D16E /* SecKeychainAddIToolsPassword.cpp */, + DCB342AA1D8A32A20054D16E /* StorageManager.cpp */, + DCB342AB1D8A32A20054D16E /* Trust.cpp */, + DCB342AC1D8A32A20054D16E /* Trust.h */, + DCB342AD1D8A32A20054D16E /* TrustRevocation.cpp */, + DCB342AE1D8A32A20054D16E /* TrustedApplication.cpp */, + DCB342AF1D8A32A20054D16E /* TrustedApplication.h */, + DCB342B01D8A32A20054D16E /* TrustSettings.cpp */, + DCB342B11D8A32A20054D16E /* TrustSettings.h */, + DCB342B21D8A32A20054D16E /* TrustKeychains.h */, + DCB342B31D8A32A20054D16E /* SecTrustOSXEntryPoints.cpp */, + DCB342B41D8A32A20054D16E /* SecTrustOSXEntryPoints.h */, + ); + name = "API Classes"; + sourceTree = ""; + }; + DCB342E01D8A32A20054D16E /* Internal */ = { + isa = PBXGroup; + children = ( + DCB342B71D8A32A20054D16E /* CCallbackMgr.cp */, + DCB342B81D8A32A20054D16E /* CCallbackMgr.h */, + DCB342B91D8A32A20054D16E /* cssmdatetime.cpp */, + DCB342BA1D8A32A20054D16E /* cssmdatetime.h */, + DCB342BB1D8A32A20054D16E /* defaultcreds.cpp */, + DCB342BC1D8A32A20054D16E /* defaultcreds.h */, + DCB342BD1D8A32A20054D16E /* DLDBListCFPref.cpp */, + DCB342BE1D8A32A20054D16E /* DLDBListCFPref.h */, + DCB342BF1D8A32A20054D16E /* DynamicDLDBList.cpp */, + DCB342C01D8A32A20054D16E /* DynamicDLDBList.h */, + DCB342C11D8A32A20054D16E /* KCEventNotifier.cpp */, + DCB342C21D8A32A20054D16E /* KCEventNotifier.h */, + DCB342C31D8A32A20054D16E /* KCExceptions.h */, + DCB342C41D8A32A20054D16E /* KCUtilities.cpp */, + DCB342C51D8A32A20054D16E /* KCUtilities.h */, + DCB342C61D8A32A20054D16E /* MacOSErrorStrings.h */, + DCB342C71D8A32A20054D16E /* PrimaryKey.cpp */, + DCB342C81D8A32A20054D16E /* PrimaryKey.h */, + DCB342CA1D8A32A20054D16E /* StorageManager.h */, + DCB342CB1D8A32A20054D16E /* TrustAdditions.cpp */, + DCB342CC1D8A32A20054D16E /* TrustAdditions.h */, + DCB342CD1D8A32A20054D16E /* TrustItem.cpp */, + DCB342CE1D8A32A20054D16E /* TrustItem.h */, + DCB342CF1D8A32A20054D16E /* TrustStore.cpp */, + DCB342D01D8A32A20054D16E /* TrustStore.h */, + DCB342D11D8A32A20054D16E /* UnlockReferralItem.cpp */, + DCB342D21D8A32A20054D16E /* UnlockReferralItem.h */, + DCB342D31D8A32A20054D16E /* TrustSettingsUtils.cpp */, + DCB342D41D8A32A20054D16E /* TrustSettingsUtils.h */, + DCB342D51D8A32A20054D16E /* SecCertificatePrivP.h */, + DCB342D61D8A32A20054D16E /* SecBase64P.c */, + DCB342D71D8A32A20054D16E /* SecFrameworkP.c */, + DCB342D81D8A32A20054D16E /* SecCertificateP.c */, + DCB342D91D8A32A20054D16E /* SecCertificateP.h */, + DCB342DA1D8A32A20054D16E /* SecCertificateInternalP.h */, + DCB342DB1D8A32A20054D16E /* generateErrStrings.pl */, + DCB342DC1D8A32A20054D16E /* tsaDERUtilities.c */, + DCB342DD1D8A32A20054D16E /* tsaDERUtilities.h */, + DCB342DE1D8A32A20054D16E /* TokenLogin.cpp */, + DCB342DF1D8A32A20054D16E /* TokenLogin.h */, + ); + name = Internal; + sourceTree = ""; + }; + DCB342F71D8A32A20054D16E /* Import/Export */ = { + isa = PBXGroup; + children = ( + DCB342E11D8A32A20054D16E /* SecExport.cpp */, + DCB342E21D8A32A20054D16E /* SecExternalRep.cpp */, + DCB342E31D8A32A20054D16E /* SecExternalRep.h */, + DCB342E41D8A32A20054D16E /* SecImport.cpp */, + DCB342E51D8A32A20054D16E /* SecImportExport.c */, + DCB342E61D8A32A20054D16E /* SecImportExportAgg.cpp */, + DCB342E71D8A32A20054D16E /* SecImportExportAgg.h */, + DCB342E81D8A32A20054D16E /* SecImportExportCrypto.cpp */, + DCB342E91D8A32A20054D16E /* SecImportExportCrypto.h */, + DCB342EA1D8A32A20054D16E /* SecImportExportOpenSSH.cpp */, + DCB342EB1D8A32A20054D16E /* SecImportExportOpenSSH.h */, + DCB342EC1D8A32A20054D16E /* SecImportExportPem.cpp */, + DCB342ED1D8A32A20054D16E /* SecImportExportPem.h */, + DCB342EE1D8A32A20054D16E /* SecImportExportPkcs8.cpp */, + DCB342EF1D8A32A20054D16E /* SecImportExportPkcs8.h */, + DCB342F01D8A32A20054D16E /* SecImportExportUtils.cpp */, + DCB342F11D8A32A20054D16E /* SecImportExportUtils.h */, + DCB342F21D8A32A20054D16E /* SecNetscapeTemplates.cpp */, + DCB342F31D8A32A20054D16E /* SecNetscapeTemplates.h */, + DCB342F41D8A32A20054D16E /* SecPkcs8Templates.cpp */, + DCB342F51D8A32A20054D16E /* SecPkcs8Templates.h */, + DCB342F61D8A32A20054D16E /* SecWrappedKeys.cpp */, + ); + name = Import/Export; + sourceTree = ""; + }; + DCB342F81D8A32A20054D16E /* lib */ = { + isa = PBXGroup; + children = ( + DCB342581D8A32A20054D16E /* API Bridge */, + DCB342B51D8A32A20054D16E /* API Classes */, + DCB342E01D8A32A20054D16E /* Internal */, + DCB342F71D8A32A20054D16E /* Import/Export */, + ); + name = lib; + path = OSX/libsecurity_keychain/lib; + sourceTree = ""; + }; + DCB344731D8A35270054D16E /* regressions */ = { + isa = PBXGroup; + children = ( + DCB3443F1D8A35270054D16E /* keychain_regressions.h */, + DCB344401D8A35270054D16E /* kc-helpers.h */, + DCB344411D8A35270054D16E /* kc-item-helpers.h */, + DCB344421D8A35270054D16E /* kc-key-helpers.h */, + DCB344431D8A35270054D16E /* kc-identity-helpers.h */, + DCB344441D8A35270054D16E /* kc-keychain-file-helpers.h */, + DCB344451D8A35270054D16E /* kc-01-keychain-creation.c */, + DCB344461D8A35270054D16E /* kc-02-unlock-noui.c */, + DCB344471D8A35270054D16E /* kc-03-status.c */, + DCB344481D8A35270054D16E /* kc-03-keychain-list.c */, + DCB344491D8A35270054D16E /* kc-04-is-valid.c */, + DCB3444A1D8A35270054D16E /* kc-05-find-existing-items.c */, + DCB3444B1D8A35270054D16E /* kc-05-find-existing-items-locked.c */, + DCB3444C1D8A35270054D16E /* kc-06-cert-search-email.m */, + DCB3444D1D8A35270054D16E /* kc-10-item-add-generic.c */, + DCB3444E1D8A35270054D16E /* kc-10-item-add-internet.c */, + DCB3444F1D8A35270054D16E /* kc-10-item-add-certificate.c */, + DCB344501D8A35270054D16E /* kc-12-key-create-symmetric.c */, + DCB344511D8A35270054D16E /* kc-12-key-create-symmetric-and-use.m */, + DCB344521D8A35270054D16E /* kc-12-item-create-keypair.c */, + DCB344531D8A35270054D16E /* kc-15-key-update-valueref.c */, + DCB344541D8A35270054D16E /* kc-15-item-update-label-skimaad.m */, + DCB344551D8A35270054D16E /* kc-16-item-update-password.c */, + DCB344561D8A35270054D16E /* kc-18-find-combined.c */, + DCB344571D8A35270054D16E /* kc-19-item-copy-internet.c */, + DCB344581D8A35270054D16E /* kc-20-identity-persistent-refs.c */, + DCB344591D8A35270054D16E /* kc-20-identity-key-attributes.c */, + DCB3445A1D8A35270054D16E /* kc-20-item-find-stress.c */, + DCB3445B1D8A35270054D16E /* kc-20-item-add-stress.c */, + DCB3445C1D8A35270054D16E /* kc-20-key-find-stress.c */, + DCB3445D1D8A35270054D16E /* kc-20-identity-find-stress.c */, + DCB3445E1D8A35270054D16E /* kc-21-item-use-callback.c */, + DCB3445F1D8A35270054D16E /* kc-21-item-xattrs.c */, + DCB344601D8A35270054D16E /* kc-23-key-export-symmetric.m */, + DCB344611D8A35270054D16E /* kc-24-key-copy-keychains.c */, + DCB344621D8A35270054D16E /* kc-26-key-import-public.m */, + DCB344631D8A35270054D16E /* kc-27-key-non-extractable.c */, + DCB344641D8A35270054D16E /* kc-28-p12-import.m */, + DCB344651D8A35270054D16E /* kc-28-cert-sign.c */, + DCB344661D8A35270054D16E /* kc-30-xara.c */, + DCB344671D8A35270054D16E /* kc-30-xara-helpers.h */, + DCB344681D8A35270054D16E /* kc-30-xara-upgrade-helpers.h */, + DCB344691D8A35270054D16E /* kc-30-xara-item-helpers.h */, + DCB3446A1D8A35270054D16E /* kc-30-xara-key-helpers.h */, + DCB3446B1D8A35270054D16E /* kc-40-seckey.m */, + DCB3446C1D8A35270054D16E /* kc-41-sececkey.m */, + DCB3446D1D8A35270054D16E /* kc-43-seckey-interop.m */, + DCB3446E1D8A35270054D16E /* kc-42-trust-revocation.c */, + DCB3446F1D8A35270054D16E /* si-20-sectrust-provisioning.c */, + DCB344701D8A35270054D16E /* si-20-sectrust-provisioning.h */, + DCB344711D8A35270054D16E /* si-33-keychain-backup.c */, + DCB344721D8A35270054D16E /* si-34-one-true-keychain.c */, + DCCBFA1D1DBA95CD001DD54D /* kc-20-item-delete-stress.c */, + ); + name = regressions; + path = OSX/libsecurity_keychain; + sourceTree = ""; + }; + DCC78C7E1D8085D800865A7C /* Regressions */ = { + isa = PBXGroup; + children = ( + DCC78C371D8085D800865A7C /* ios6_1_keychain_2_db.h */, + DCC78C381D8085D800865A7C /* ios8-inet-keychain-2.h */, + DCC78C391D8085D800865A7C /* secd-03-corrupted-items.c */, + DCC78C3A1D8085D800865A7C /* secd-04-corrupted-items.c */, + DCC78C3B1D8085D800865A7C /* secd-05-corrupted-items.m */, + DCC78C3C1D8085D800865A7C /* securityd_regressions.h */, + DCC78C3D1D8085D800865A7C /* sd-10-policytree.c */, + DCC78C3E1D8085D800865A7C /* secd_regressions.h */, + DCC78C3F1D8085D800865A7C /* secd-01-items.c */, + DCC78C401D8085D800865A7C /* secd-02-upgrade-while-locked.c */, + DCC78C411D8085D800865A7C /* secd-20-keychain_upgrade.m */, + DCC78C421D8085D800865A7C /* secd-21-transmogrify.m */, + DCC78C431D8085D800865A7C /* secd-30-keychain-upgrade.c */, + DCC78C441D8085D800865A7C /* secd-31-keychain-bad.c */, + DCC78C451D8085D800865A7C /* secd-31-keychain-unreadable.c */, + DCC78C461D8085D800865A7C /* secd-32-restore-bad-backup.c */, + DCC78C471D8085D800865A7C /* secd-33-keychain-ctk.m */, + DCC78C481D8085D800865A7C /* secd-34-backup-der-parse.c */, + DCC78C491D8085D800865A7C /* secd-35-keychain-migrate-inet.c */, + DCFAEDD51D99A464005187E4 /* secd-36-ks-encrypt.m */, + DCC78C4A1D8085D800865A7C /* secd-40-cc-gestalt.c */, + DCC78C4B1D8085D800865A7C /* secd-50-account.c */, + DCC78C4C1D8085D800865A7C /* secd-49-manifests.c */, + DCC78C4D1D8085D800865A7C /* secd-50-message.c */, + DCC78C4E1D8085D800865A7C /* secd-51-account-inflate.c */, + DCC78C4F1D8085D800865A7C /* secd-52-offering-gencount-reset.c */, + DCC78C501D8085D800865A7C /* secd-52-account-changed.c */, + DCC78C511D8085D800865A7C /* secd-55-account-circle.c */, + DCC78C521D8085D800865A7C /* secd-55-account-incompatibility.c */, + DCC78C531D8085D800865A7C /* secd-56-account-apply.c */, + DCC78C541D8085D800865A7C /* secd-57-account-leave.c */, + DCC78C551D8085D800865A7C /* secd-57-1-account-last-standing.c */, + DCC78C561D8085D800865A7C /* secd-58-password-change.c */, + DCC78C571D8085D800865A7C /* secd-59-account-cleanup.c */, + DCC78C581D8085D800865A7C /* secd-60-account-cloud-identity.c */, + DCC78C591D8085D800865A7C /* secd60-account-cloud-exposure.c */, + DCC78C5A1D8085D800865A7C /* secd-61-account-leave-not-in-kansas-anymore.c */, + DCC78C5B1D8085D800865A7C /* secd-62-account-backup.c */, + DCC78C5C1D8085D800865A7C /* secd-62-account-hsa-join.c */, + DCC78C5D1D8085D800865A7C /* secd-63-account-resurrection.c */, + DCC78C5E1D8085D800865A7C /* secd-65-account-retirement-reset.c */, + DCC78C5F1D8085D800865A7C /* secd-64-circlereset.c */, + 48CC58971DA5FF0B00EBD9DB /* secd-66-account-recovery.c */, + 483E79891DC875F2005C0008 /* secd-67-prefixedKeyIDs.c */, + DCC78C601D8085D800865A7C /* secd-70-engine.c */, + DCC78C611D8085D800865A7C /* secd-70-engine-corrupt.c */, + DCC78C621D8085D800865A7C /* secd-70-engine-smash.c */, + DCC78C631D8085D800865A7C /* secd-70-otr-remote.c */, + DCC78C641D8085D800865A7C /* secd-71-engine-save.c */, + DCC78C651D8085D800865A7C /* secd-71-engine-save-sample1.h */, + DCC78C661D8085D800865A7C /* secd-74-engine-beer-servers.c */, + DCC78C671D8085D800865A7C /* secd-75-engine-views.c */, + DCC78C681D8085D800865A7C /* secd-76-idstransport.c */, + DCC78C691D8085D800865A7C /* secd_77_ids_messaging.c */, + DCC78C6A1D8085D800865A7C /* secd-80-views-basic.c */, + 48AFBA751DEF8D3100436D08 /* secd-80-views-alwayson.c */, + DCC78C6B1D8085D800865A7C /* secd-82-secproperties-basic.c */, + DCC78C6C1D8085D800865A7C /* secd-81-item-acl-stress.c */, + DCC78C6D1D8085D800865A7C /* secd-81-item-acl.c */, + DCC78C6E1D8085D800865A7C /* secd-82-persistent-ref.c */, + DCC78C6F1D8085D800865A7C /* secd-83-item-match-policy.m */, + DCC78C701D8085D800865A7C /* secd-83-item-match-valid-on-date.m */, + DCC78C711D8085D800865A7C /* secd-83-item-match-trusted.m */, + DCC78C721D8085D800865A7C /* secd-83-item-match.h */, + DCC78C731D8085D800865A7C /* secd-90-hsa2.c */, + DCC78C741D8085D800865A7C /* secd-95-escrow-persistence.c */, + DCC78C751D8085D800865A7C /* secd-100-initialsync.c */, + DCC78C761D8085D800865A7C /* secd-130-other-peer-views.c */, + DCC78C771D8085D800865A7C /* secd-154-engine-backoff.c */, + DCC78C781D8085D800865A7C /* secd-200-logstate.c */, + DC0B622B1D90982100D43BCB /* secd-201-coders.c */, + DCDCC7DD1D9B54DF006487E8 /* secd-202-recoverykey.m */, + E7FE40BD1DC803FD00F0F5B6 /* secd-210-keyinterest.m */, + DCFAEDD11D9998DD005187E4 /* secd-668-ghosts.c */, + DCC78C791D8085D800865A7C /* SOSAccountTesting.h */, + DCC78C7A1D8085D800865A7C /* SecdTestKeychainUtilities.c */, + DCC78C7B1D8085D800865A7C /* SecdTestKeychainUtilities.h */, + DCC78C7C1D8085D800865A7C /* SOSTransportTestTransports.c */, + DCC78C7D1D8085D800865A7C /* SOSTransportTestTransports.h */, + E7FE40C61DC804FA00F0F5B6 /* CKDSimulatedStore.h */, + E7FE40C41DC804E400F0F5B6 /* CKDSimulatedStore.m */, + E7FE40C71DC8084600F0F5B6 /* CKDSimulatedAccount.h */, + E7FE40C81DC8084600F0F5B6 /* CKDSimulatedAccount.m */, + ); + path = Regressions; + sourceTree = ""; + }; + DCC78CB61D8085D800865A7C /* securityd iOS */ = { + isa = PBXGroup; + children = ( + 4814D86C1CAA064F002FFC36 /* os_log */, + DC5AC2001D83653E00CF422C /* resources */, + DCC78C7E1D8085D800865A7C /* Regressions */, + DCC78C7F1D8085D800865A7C /* asynchttp.c */, + DCC78C801D8085D800865A7C /* asynchttp.h */, + DCC78C811D8085D800865A7C /* entitlements.plist */, + DCC78C821D8085D800865A7C /* OTATrustUtilities.c */, + DCC78C831D8085D800865A7C /* OTATrustUtilities.h */, + DCC78C841D8085D800865A7C /* policytree.c */, + DCC78C851D8085D800865A7C /* policytree.h */, + DCC78C861D8085D800865A7C /* nameconstraints.c */, + DCC78C871D8085D800865A7C /* nameconstraints.h */, + DCC78C881D8085D800865A7C /* personalization.c */, + DCC78C891D8085D800865A7C /* personalization.h */, + DCC78C8A1D8085D800865A7C /* SecCAIssuerCache.c */, + DCC78C8B1D8085D800865A7C /* SecCAIssuerCache.h */, + DCC78C8C1D8085D800865A7C /* SecCAIssuerRequest.c */, + DCC78C8D1D8085D800865A7C /* SecCAIssuerRequest.h */, + DCC78C8E1D8085D800865A7C /* SecDbItem.c */, + DCC78C8F1D8085D800865A7C /* SecDbItem.h */, + DCC78C901D8085D800865A7C /* SecDbKeychainItem.c */, + DCC78C911D8085D800865A7C /* SecDbKeychainItem.h */, + DCC78C921D8085D800865A7C /* SecDbQuery.c */, + DCC78C931D8085D800865A7C /* SecDbQuery.h */, + DCC78C941D8085D800865A7C /* SecItemDataSource.c */, + DCC78C951D8085D800865A7C /* SecItemDataSource.h */, + DCC78C961D8085D800865A7C /* SecItemDb.c */, + DCC78C971D8085D800865A7C /* SecItemDb.h */, + DCC78C981D8085D800865A7C /* SecItemSchema.c */, + DCC78C991D8085D800865A7C /* SecItemSchema.h */, + DCC78C9A1D8085D800865A7C /* SecItemServer.c */, + DCC78C9B1D8085D800865A7C /* SecItemServer.h */, + DCC78C9C1D8085D800865A7C /* SecItemBackupServer.c */, + DCC78C9D1D8085D800865A7C /* SecItemBackupServer.h */, + DCC78C9E1D8085D800865A7C /* SecKeybagSupport.c */, + DCC78C9F1D8085D800865A7C /* SecKeybagSupport.h */, + DCC78CA01D8085D800865A7C /* SecOCSPCache.c */, + DCC78CA11D8085D800865A7C /* SecOCSPCache.h */, + DCC78CA21D8085D800865A7C /* SecOCSPRequest.c */, + DCC78CA31D8085D800865A7C /* SecOCSPRequest.h */, + DCC78CA41D8085D800865A7C /* SecOCSPResponse.c */, + DCC78CA51D8085D800865A7C /* SecOCSPResponse.h */, + DCC78CA61D8085D800865A7C /* SecPolicyServer.c */, + DCC78CA71D8085D800865A7C /* SecPolicyServer.h */, + BEE523CF1DA610D800DD0AA3 /* SecRevocationDb.c */, + BEE523D01DA610D800DD0AA3 /* SecRevocationDb.h */, + DCC78CA81D8085D800865A7C /* SecTrustServer.c */, + DCC78CA91D8085D800865A7C /* SecTrustServer.h */, + DCC78CAA1D8085D800865A7C /* SOSCloudCircleServer.c */, + DCC78CAB1D8085D800865A7C /* SOSCloudCircleServer.h */, + DCC78CAC1D8085D800865A7C /* SecTrustStoreServer.c */, + DCC78CAD1D8085D800865A7C /* SecTrustStoreServer.h */, + DCC78CAE1D8085D800865A7C /* SecLogSettingsServer.c */, + DCC78CAF1D8085D800865A7C /* SecLogSettingsServer.h */, + DCC78CB01D8085D800865A7C /* spi.c */, + DCC78CB11D8085D800865A7C /* spi.h */, + DCC78CB21D8085D800865A7C /* iCloudTrace.h */, + DCC78CB31D8085D800865A7C /* iCloudTrace.c */, + DCC78CB41D8085D800865A7C /* SecOTRRemote.c */, + DCC78CB51D8085D800865A7C /* SecOTRRemote.h */, + D46F31581E00A27D0065B550 /* SecTrustLoggingServer.c */, + D46F31591E00A27D0065B550 /* SecTrustLoggingServer.h */, + D46F31611E00CCD20065B550 /* SecCertificateSource.c */, + D46F31621E00CCD20065B550 /* SecCertificateSource.h */, + ); + name = "securityd iOS"; + path = OSX/sec/securityd; + sourceTree = ""; + }; + DCC78CFC1D8085F200865A7C /* CKBridge */ = { + isa = PBXGroup; + children = ( + DCC78CF61D8085F200865A7C /* SOSCloudKeychainClient.c */, + DCC78CF71D8085F200865A7C /* SOSCloudKeychainClient.h */, + E7A5F4D71C0D01B000F3BEBB /* SOSCloudKeychainConstants.c */, + DCC78CF91D8085F200865A7C /* SOSCloudKeychainConstants.h */, + ); + path = CKBridge; + sourceTree = ""; + }; + DCC78D101D8085F200865A7C /* Regressions */ = { + isa = PBXGroup; + children = ( + DCC78CFD1D8085F200865A7C /* sc-20-keynames.c */, + DCC78CFE1D8085F200865A7C /* sc-25-soskeygen.c */, + DCC78CFF1D8085F200865A7C /* sc-30-peerinfo.c */, + DCC78D001D8085F200865A7C /* sc-31-peerinfo-simplefuzz.c */, + DCC78D011D8085F200865A7C /* sc-40-circle.c */, + DCC78D021D8085F200865A7C /* sc-42-circlegencount.c */, + DCC78D031D8085F200865A7C /* sc-45-digestvector.c */, + DCC78D041D8085F200865A7C /* sc-130-resignationticket.c */, + DCC78D051D8085F200865A7C /* sc-140-hsa2.c */, + DCC78D061D8085F200865A7C /* sc-150-ring.c */, + DCC78D071D8085F200865A7C /* sc-150-backupkeyderivation.c */, + DCC78D081D8085F200865A7C /* sc-153-backupslicekeybag.c */, + DCC78D091D8085F200865A7C /* SOSCircle_regressions.h */, + DCC78D0A1D8085F200865A7C /* SOSRegressionUtilities.c */, + DCC78D0B1D8085F200865A7C /* SOSRegressionUtilities.h */, + DCC78D0C1D8085F200865A7C /* SOSTestDataSource.c */, + DCC78D0D1D8085F200865A7C /* SOSTestDataSource.h */, + DCC78D0E1D8085F200865A7C /* SOSTestDevice.c */, + DCC78D0F1D8085F200865A7C /* SOSTestDevice.h */, + ); + path = Regressions; + sourceTree = ""; + }; + DCC78D2D1D8085F200865A7C /* Account */ = { + isa = PBXGroup; + children = ( + DCFAEDC81D999851005187E4 /* SOSAccountGhost.c */, + DCFAEDC91D999851005187E4 /* SOSAccountGhost.h */, + DCC78D121D8085F200865A7C /* SOSAccount.c */, + DCC78D131D8085F200865A7C /* SOSAccount.h */, + DCDCC7E41D9B551C006487E8 /* SOSAccountSync.c */, + DCC78D141D8085F200865A7C /* SOSAccountTransaction.c */, + DCC78D151D8085F200865A7C /* SOSAccountTransaction.h */, + DCC78D161D8085F200865A7C /* SOSAccountBackup.c */, + 48776C801DA5BC0E00CC09B9 /* SOSAccountRecovery.c */, + DCC78D171D8085F200865A7C /* SOSAccountCircles.c */, + DCC78D181D8085F200865A7C /* SOSAccountHSAJoin.c */, + DCC78D191D8085F200865A7C /* SOSAccountHSAJoin.h */, + DCC78D1A1D8085F200865A7C /* SOSAccountCloudParameters.c */, + DCC78D1B1D8085F200865A7C /* SOSAccountCredentials.c */, + DCC78D1C1D8085F200865A7C /* SOSAccountDer.c */, + DCC78D1D1D8085F200865A7C /* SOSAccountFullPeerInfo.c */, + E7E5B55E1DC7ACAE00C03FFB /* SOSAccountGetSet.c */, + DCC78D1E1D8085F200865A7C /* SOSAccountPeers.c */, + DCC78D1F1D8085F200865A7C /* SOSAccountPersistence.c */, + DCC78D201D8085F200865A7C /* SOSAccountLog.c */, + DCC78D211D8085F200865A7C /* SOSAccountLog.h */, + DCC78D221D8085F200865A7C /* SOSAccountPriv.h */, + DCC78D231D8085F200865A7C /* SOSAccountUpdate.c */, + DCC78D241D8085F200865A7C /* SOSAccountRings.c */, + DCC78D251D8085F200865A7C /* SOSAccountRingUpdate.c */, + DCC78D261D8085F200865A7C /* SOSAccountViewSync.c */, + DCC78D271D8085F200865A7C /* SOSBackupEvent.c */, + DCC78D281D8085F200865A7C /* SOSBackupEvent.h */, + DCC78D291D8085F200865A7C /* SOSBackupSliceKeyBag.c */, + DCC78D2A1D8085F200865A7C /* SOSBackupSliceKeyBag.h */, + 48776C731DA5BB4200CC09B9 /* SOSRecoveryKeyBag.c */, + 48776C741DA5BB4200CC09B9 /* SOSRecoveryKeyBag.h */, + 48E6171A1DBEC40D0098EAAD /* SOSBackupInformation.c */, + 48E6171B1DBEC40D0098EAAD /* SOSBackupInformation.h */, + DCC78D2B1D8085F200865A7C /* SOSUserKeygen.c */, + DCC78D2C1D8085F200865A7C /* SOSUserKeygen.h */, + 485B64081DC16E8300B771B9 /* SOSKeyedPubKeyIdentifier.c */, + 485B64091DC16E8300B771B9 /* SOSKeyedPubKeyIdentifier.h */, + ); + name = Account; + sourceTree = ""; + }; + DCC78D4E1D8085F200865A7C /* Circle */ = { + isa = PBXGroup; + children = ( + DCC78D2E1D8085F200865A7C /* SOSCircle.c */, + DCC78D2F1D8085F200865A7C /* SOSCircleV2.c */, + DCC78D301D8085F200865A7C /* SOSCircleV2.h */, + DCC78D311D8085F200865A7C /* SOSCirclePriv.h */, + DCC78D321D8085F200865A7C /* SOSCircle.h */, + DCC78D331D8085F200865A7C /* SOSCircleRings.h */, + DCC78D341D8085F200865A7C /* SOSCircleDer.h */, + DCC78D351D8085F200865A7C /* SOSCircleDer.c */, + DCC78D361D8085F200865A7C /* SOSConcordanceTrust.h */, + DCC78D371D8085F200865A7C /* SOSGenCount.c */, + DCC78D381D8085F200865A7C /* SOSGenCount.h */, + DCC78D391D8085F200865A7C /* SOSRing.h */, + DCC78D3A1D8085F200865A7C /* SOSRingBackup.c */, + DCC78D3B1D8085F200865A7C /* SOSRingBackup.h */, + DCC78D3C1D8085F200865A7C /* SOSRingBasic.c */, + DCC78D3D1D8085F200865A7C /* SOSRingBasic.h */, + 48776C7C1DA5BB5F00CC09B9 /* SOSRingRecovery.c */, + 48776C7D1DA5BB5F00CC09B9 /* SOSRingRecovery.h */, + DCC78D3E1D8085F200865A7C /* SOSRingConcordanceTrust.c */, + DCC78D3F1D8085F200865A7C /* SOSRingConcordanceTrust.h */, + DCC78D401D8085F200865A7C /* SOSRingDER.c */, + DCC78D411D8085F200865A7C /* SOSRingDER.h */, + DCC78D421D8085F200865A7C /* SOSRingPeerInfoUtils.c */, + DCC78D431D8085F200865A7C /* SOSRingPeerInfoUtils.h */, + DCC78D441D8085F200865A7C /* SOSRingTypes.c */, + DCC78D451D8085F200865A7C /* SOSRingTypes.h */, + DCC78D461D8085F200865A7C /* SOSRingUtils.c */, + DCC78D471D8085F200865A7C /* SOSRingUtils.h */, + DCC78D481D8085F200865A7C /* SOSRingV0.c */, + DCC78D491D8085F200865A7C /* SOSRingV0.h */, + DCC78D4A1D8085F200865A7C /* SOSViews.c */, + DCC78D4B1D8085F200865A7C /* SOSViews.h */, + DCC78D4C1D8085F200865A7C /* ViewList.list */, + DCC78D4D1D8085F200865A7C /* SOSViews.exp-in */, + ); + name = Circle; + sourceTree = ""; + }; + DCC78D601D8085F200865A7C /* Engine */ = { + isa = PBXGroup; + children = ( + DCC78D4F1D8085F200865A7C /* SOSChangeTracker.c */, + DCC78D501D8085F200865A7C /* SOSChangeTracker.h */, + DCC78D511D8085F200865A7C /* SOSCoder.c */, + DCC78D521D8085F200865A7C /* SOSCoder.h */, + DCC78D531D8085F200865A7C /* SOSDataSource.h */, + DCC78D541D8085F200865A7C /* SOSDigestVector.c */, + DCC78D551D8085F200865A7C /* SOSDigestVector.h */, + DCC78D561D8085F200865A7C /* SOSEngine.c */, + DCC78D571D8085F200865A7C /* SOSEngine.h */, + DC24B5811DA420D700330B48 /* SOSEnginePriv.h */, + DCC78D581D8085F200865A7C /* SOSManifest.c */, + DCC78D591D8085F200865A7C /* SOSManifest.h */, + DCC78D5A1D8085F200865A7C /* SOSMessage.c */, + DCC78D5B1D8085F200865A7C /* SOSMessage.h */, + DCC78D5C1D8085F200865A7C /* SOSPeer.c */, + DCC78D5D1D8085F200865A7C /* SOSPeer.h */, + DCC78D5E1D8085F200865A7C /* SOSPeerCoder.c */, + DCC78D5F1D8085F200865A7C /* SOSPeerCoder.h */, + DC24B5821DA420D700330B48 /* SOSPersist.h */, + ); + name = Engine; + sourceTree = ""; + }; + DCC78D711D8085F200865A7C /* PeerInfo */ = { + isa = PBXGroup; + children = ( + DCC78D611D8085F200865A7C /* SOSFullPeerInfo.c */, + DCC78D621D8085F200865A7C /* SOSFullPeerInfo.h */, + DCC78D631D8085F200865A7C /* SOSPeerInfo.c */, + DCC78D641D8085F200865A7C /* SOSPeerInfo.h */, + DCC78D651D8085F200865A7C /* SOSPeerInfoDER.c */, + DCC78D661D8085F200865A7C /* SOSPeerInfoDER.h */, + DCC78D671D8085F200865A7C /* SOSPeerInfoV2.c */, + DCC78D681D8085F200865A7C /* SOSPeerInfoV2.h */, + DCC78D691D8085F200865A7C /* SOSPeerInfoPriv.h */, + DCC78D6A1D8085F200865A7C /* SOSPeerInfoCollections.c */, + DCC78D6B1D8085F200865A7C /* SOSPeerInfoCollections.h */, + DCC78D6C1D8085F200865A7C /* SOSPeerInfoInternal.h */, + DCC78D6D1D8085F200865A7C /* SOSPeerInfoRingState.c */, + DCC78D6E1D8085F200865A7C /* SOSPeerInfoRingState.h */, + DCC78D6F1D8085F200865A7C /* SOSPeerInfoSecurityProperties.c */, + DCC78D701D8085F200865A7C /* SOSPeerInfoSecurityProperties.h */, + ); + name = PeerInfo; + sourceTree = ""; + }; + DCC78D861D8085F200865A7C /* Transport */ = { + isa = PBXGroup; + children = ( + DCC78D721D8085F200865A7C /* SOSKVSKeys.c */, + DCC78D731D8085F200865A7C /* SOSKVSKeys.h */, + DCC78D741D8085F200865A7C /* SOSTransport.c */, + DCC78D751D8085F200865A7C /* SOSTransport.h */, + DCC78D761D8085F200865A7C /* SOSTransportBackupPeer.c */, + DCC78D771D8085F200865A7C /* SOSTransportBackupPeer.h */, + DCC78D781D8085F200865A7C /* SOSTransportCircle.c */, + DCC78D791D8085F200865A7C /* SOSTransportCircle.h */, + DCC78D7A1D8085F200865A7C /* SOSTransportCircleKVS.c */, + DCC78D7B1D8085F200865A7C /* SOSTransportCircleKVS.h */, + DCC78D7C1D8085F200865A7C /* SOSTransportKeyParameter.c */, + DCC78D7D1D8085F200865A7C /* SOSTransportKeyParameter.h */, + DCC78D7E1D8085F200865A7C /* SOSTransportKeyParameterKVS.c */, + DCC78D7F1D8085F200865A7C /* SOSTransportKeyParameterKVS.h */, + DCC78D801D8085F200865A7C /* SOSTransportMessage.c */, + DCC78D811D8085F200865A7C /* SOSTransportMessage.h */, + DCC78D821D8085F200865A7C /* SOSTransportMessageIDS.c */, + DCC78D831D8085F200865A7C /* SOSTransportMessageIDS.h */, + DCC78D841D8085F200865A7C /* SOSTransportMessageKVS.c */, + DCC78D851D8085F200865A7C /* SOSTransportMessageKVS.h */, + ); + name = Transport; + sourceTree = ""; + }; + DCC78D911D8085F200865A7C /* SecureObjectSync */ = { + isa = PBXGroup; + children = ( + DCC78D111D8085F200865A7C /* SOSExports.exp-in */, + DCC78D2D1D8085F200865A7C /* Account */, + DCC78D4E1D8085F200865A7C /* Circle */, + DCC78D601D8085F200865A7C /* Engine */, + DCC78D711D8085F200865A7C /* PeerInfo */, + DCC78D861D8085F200865A7C /* Transport */, + DCC78D871D8085F200865A7C /* SOSARCDefines.h */, + DCC78D881D8085F200865A7C /* SOSECWrapUnwrap.c */, + DCC78D891D8085F200865A7C /* SOSCloudCircle.c */, + DCC78D8A1D8085F200865A7C /* SOSCloudCircle.h */, + DCC78D8B1D8085F200865A7C /* SOSCloudCircleInternal.h */, + DCC78D8C1D8085F200865A7C /* SOSSysdiagnose.c */, + DCC78D8D1D8085F200865A7C /* SOSInternal.c */, + DCC78D8E1D8085F200865A7C /* SOSInternal.h */, + DCC78D8F1D8085F200865A7C /* SOSTypes.h */, + DCC78D901D8085F200865A7C /* SOSPlatform.h */, + ); + path = SecureObjectSync; + sourceTree = ""; + }; + DCC78DA01D8085F200865A7C /* Tool */ = { + isa = PBXGroup; + children = ( + DCC78D921D8085F200865A7C /* secToolFileIO.h */, + DCC78D931D8085F200865A7C /* secToolFileIO.c */, + 48BC0F5C1DFA2B4500DDDFF9 /* accountCirclesViewsPrint.c */, + 48BC0F5D1DFA2B4500DDDFF9 /* accountCirclesViewsPrint.h */, + DCC78D961D8085F200865A7C /* keychain_sync.h */, + DCC78D971D8085F200865A7C /* keychain_sync.c */, + DCC78D981D8085F200865A7C /* keychain_sync_test.h */, + DCC78D991D8085F200865A7C /* keychain_sync_test.m */, + DCC78D9A1D8085F200865A7C /* keychain_log.h */, + DCC78D9B1D8085F200865A7C /* keychain_log.c */, + 0C0CEC9D1DA45EA200C22FBC /* recovery_key.h */, + 0C0CEC9E1DA45EA200C22FBC /* recovery_key.m */, + DCC78D9D1D8085F200865A7C /* syncbackup.c */, + DCC78D9C1D8085F200865A7C /* syncbackup.h */, + DCC78D9E1D8085F200865A7C /* secViewDisplay.c */, + DCC78D9F1D8085F200865A7C /* secViewDisplay.h */, + ); + path = Tool; + sourceTree = ""; + }; + DCC78DA11D8085F200865A7C /* SOSCircle */ = { + isa = PBXGroup; + children = ( + DCC78CFC1D8085F200865A7C /* CKBridge */, + DCC78D101D8085F200865A7C /* Regressions */, + DCC78D911D8085F200865A7C /* SecureObjectSync */, + DCC78DA01D8085F200865A7C /* Tool */, + ); + name = SOSCircle; + path = OSX/sec/SOSCircle; + sourceTree = ""; + }; + DCC78DA61D8085FC00865A7C /* crypto */ = { + isa = PBXGroup; + children = ( + DCC78DA41D8085FC00865A7C /* pbkdf2-00-hmac-sha1.c */, + DCC78DA51D8085FC00865A7C /* spbkdf-00-hmac-sha1.c */, + D4D718341E04A721000AE7A6 /* spbkdf-01-hmac-sha256.c */, + ); + name = crypto; + path = Regressions/crypto; + sourceTree = ""; + }; + DCC78DAE1D8085FC00865A7C /* otr */ = { + isa = PBXGroup; + children = ( + DCC78DA71D8085FC00865A7C /* otr-00-identity.c */, + DCC78DA81D8085FC00865A7C /* otr-30-negotiation.c */, + DCC78DA91D8085FC00865A7C /* otr-40-edgecases.c */, + DCC78DAA1D8085FC00865A7C /* otr-50-roll.c */, + DCC78DAB1D8085FC00865A7C /* otr-60-slowroll.c */, + DCC78DAC1D8085FC00865A7C /* otr-otrdh.c */, + DCC78DAD1D8085FC00865A7C /* otr-packetdata.c */, + ); + name = otr; + path = Regressions/otr; + sourceTree = ""; + }; + DCC78DDD1D8085FC00865A7C /* si-63-scep */ = { + isa = PBXGroup; + children = ( + DCC78DDB1D8085FC00865A7C /* getcacert-mdes.h */, + DCC78DDC1D8085FC00865A7C /* getcacert-mdesqa.h */, + ); + path = "si-63-scep"; + sourceTree = ""; + }; + DCC78DE61D8085FC00865A7C /* si-64-ossl-cms */ = { + isa = PBXGroup; + children = ( + DCC78DE01D8085FC00865A7C /* attached_no_data_signed_data.h */, + DCC78DE11D8085FC00865A7C /* attached_signed_data.h */, + DCC78DE21D8085FC00865A7C /* detached_content.h */, + DCC78DE31D8085FC00865A7C /* detached_signed_data.h */, + DCC78DE41D8085FC00865A7C /* privkey.h */, + DCC78DE51D8085FC00865A7C /* signer.h */, + ); + path = "si-64-ossl-cms"; + sourceTree = ""; + }; + DCC78DEA1D8085FC00865A7C /* si-66-smime */ = { + isa = PBXGroup; + children = ( + DCC78DE91D8085FC00865A7C /* signed-receipt.h */, + ); + path = "si-66-smime"; + sourceTree = ""; + }; + DCC78DF61D8085FC00865A7C /* si-67-sectrust-blacklist */ = { + isa = PBXGroup; + children = ( + DCC78DEC1D8085FC00865A7C /* Global Trustee.cer.h */, + DCC78DED1D8085FC00865A7C /* UTN-USERFirst-Hardware.cer.h */, + DCC78DEE1D8085FC00865A7C /* addons.mozilla.org.cer.h */, + DCC78DEF1D8085FC00865A7C /* login.live.com.cer.h */, + DCC78DF01D8085FC00865A7C /* login.skype.com.cer.h */, + DCC78DF11D8085FC00865A7C /* login.yahoo.com.1.cer.h */, + DCC78DF21D8085FC00865A7C /* login.yahoo.com.2.cer.h */, + DCC78DF31D8085FC00865A7C /* login.yahoo.com.cer.h */, + DCC78DF41D8085FC00865A7C /* mail.google.com.cer.h */, + DCC78DF51D8085FC00865A7C /* www.google.com.cer.h */, + ); + path = "si-67-sectrust-blacklist"; + sourceTree = ""; + }; + DCC78E121D8085FC00865A7C /* secitem */ = { + isa = PBXGroup; + children = ( + DCC78DAF1D8085FC00865A7C /* si-00-find-nothing.c */, + DCC78DB01D8085FC00865A7C /* si-05-add.c */, + DCC78DB11D8085FC00865A7C /* si-10-find-internet.c */, + DCC78DB21D8085FC00865A7C /* si-11-update-data.c */, + DCC78DB31D8085FC00865A7C /* si-12-item-stress.c */, + DCC78DB41D8085FC00865A7C /* si-13-item-system.m */, + DCC78DB51D8085FC00865A7C /* si-14-dateparse.c */, + DCC78DB61D8085FC00865A7C /* si-15-delete-access-group.m */, + DCC78DB71D8085FC00865A7C /* si-15-certificate.c */, + DCC78DB81D8085FC00865A7C /* si-16-ec-certificate.c */, + DCC78DB91D8085FC00865A7C /* si-17-item-system-bluetooth.m */, + DCC78DBA1D8085FC00865A7C /* si-20-sectrust-policies.m */, + DCC78DBB1D8085FC00865A7C /* si-20-sectrust.c */, + DCC78DBC1D8085FC00865A7C /* si-20-sectrust.h */, + DCC78DBD1D8085FC00865A7C /* si-21-sectrust-asr.c */, + DCC78DBE1D8085FC00865A7C /* si-22-sectrust-iap.c */, + DCC78DBF1D8085FC00865A7C /* si-22-sectrust-iap.h */, + DCC78DC01D8085FC00865A7C /* si-23-sectrust-ocsp.c */, + DCC78DC11D8085FC00865A7C /* si-24-sectrust-digicert-malaysia.c */, + DCC78DC21D8085FC00865A7C /* si-24-sectrust-diginotar.c */, + DCC78DC31D8085FC00865A7C /* si-24-sectrust-itms.c */, + DCC78DC41D8085FC00865A7C /* si-24-sectrust-nist.c */, + DCC78DC51D8085FC00865A7C /* si-24-sectrust-passbook.c */, + DC0B62261D90973900D43BCB /* si-25-cms-skid.h */, + DC0B62271D90973900D43BCB /* si-25-cms-skid.m */, + DCC78DC61D8085FC00865A7C /* si-26-sectrust-copyproperties.c */, + DCC78DC71D8085FC00865A7C /* si-27-sectrust-exceptions.c */, + DCC78DC81D8085FC00865A7C /* si-28-sectrustsettings.m */, + DCC78DC91D8085FC00865A7C /* si-28-sectrustsettings.h */, + D487FBB71DB8357300D4BB0B /* si-29-sectrust-sha1-deprecation.m */, + D487FBB91DB835B500D4BB0B /* si-29-sectrust-sha1-deprecation.h */, + DCC78DCA1D8085FC00865A7C /* si-30-keychain-upgrade.c */, + DCC78DCB1D8085FC00865A7C /* si-31-keychain-bad.c */, + DCC78DCC1D8085FC00865A7C /* si-31-keychain-unreadable.c */, + DCC78DCD1D8085FC00865A7C /* si-33-keychain-backup.c */, + DCC78DCE1D8085FC00865A7C /* si-40-seckey-custom.c */, + DCC78DCF1D8085FC00865A7C /* si-40-seckey.c */, + DCC78DD01D8085FC00865A7C /* si-41-sececkey.c */, + DCC78DD11D8085FC00865A7C /* si-42-identity.c */, + DCC78DD21D8085FC00865A7C /* si-43-persistent.c */, + DCC78DD31D8085FC00865A7C /* si-44-seckey-gen.m */, + DCC78DD41D8085FC00865A7C /* si-44-seckey-rsa.m */, + DCC78DD51D8085FC00865A7C /* si-44-seckey-ec.m */, + DCC78DD61D8085FC00865A7C /* si-44-seckey-ies.m */, + DCC78DD71D8085FC00865A7C /* si-50-secrandom.c */, + DCC78DD81D8085FC00865A7C /* si-60-cms.c */, + DCC78DD91D8085FC00865A7C /* si-61-pkcs12.c */, + DCC78DDA1D8085FC00865A7C /* si-62-csr.c */, + DCC78DDD1D8085FC00865A7C /* si-63-scep */, + DCC78DDE1D8085FC00865A7C /* si-63-scep.c */, + DCC78DDF1D8085FC00865A7C /* si-63-scep.h */, + DCC78DE61D8085FC00865A7C /* si-64-ossl-cms */, + DCC78DE71D8085FC00865A7C /* si-64-ossl-cms.c */, + DCC78DE81D8085FC00865A7C /* si-65-cms-cert-policy.c */, + DCC78DEA1D8085FC00865A7C /* si-66-smime */, + DCC78DEB1D8085FC00865A7C /* si-66-smime.c */, + DCC78DF61D8085FC00865A7C /* si-67-sectrust-blacklist */, + DCC78DF71D8085FC00865A7C /* si-67-sectrust-blacklist.c */, + DCC78DF81D8085FC00865A7C /* si-68-secmatchissuer.c */, + DCC78DF91D8085FC00865A7C /* si-69-keydesc.c */, + DCC78DFA1D8085FC00865A7C /* si-70-sectrust-unified.c */, + DCC78DFB1D8085FC00865A7C /* si-71-mobile-store-policy.c */, + DCC78DFC1D8085FC00865A7C /* si-72-syncableitems.c */, + DCC78DFD1D8085FC00865A7C /* si-73-secpasswordgenerate.c */, + DCC78DFE1D8085FC00865A7C /* si-74-OTAPKISigner.c */, + DCC78DFF1D8085FC00865A7C /* si-76-shared-credentials.c */, + DCC78E001D8085FC00865A7C /* si_77_SecAccessControl.c */, + DCC78E011D8085FC00865A7C /* si-78-query-attrs.c */, + DCC78E021D8085FC00865A7C /* si-80-empty-data.c */, + DCC78E031D8085FC00865A7C /* si-82-seccertificate-ct.c */, + DCC78E041D8085FC00865A7C /* si-82-sectrust-ct.m */, + DCC78E051D8085FC00865A7C /* si-82-token-ag.c */, + DCC78E061D8085FC00865A7C /* si-83-seccertificate-sighashalg.c */, + BE6D96B31DB14B65001B76D4 /* si-84-sectrust-allowlist */, + BE6D96BA1DB14B9F001B76D4 /* si-84-sectrust-allowlist.m */, + DCC78E071D8085FC00865A7C /* si-85-sectrust-ssl-policy.c */, + DCC78E081D8085FC00865A7C /* si-85-sectrust-ssl-policy.h */, + DCC78E091D8085FC00865A7C /* si-87-sectrust-name-constraints.c */, + DCC78E0A1D8085FC00865A7C /* si-87-sectrust-name-constraints.h */, + DCC78E0B1D8085FC00865A7C /* si-89-cms-hash-agility.c */, + DCC78E0C1D8085FC00865A7C /* si-89-cms-hash-agility.h */, + DCC78E0D1D8085FC00865A7C /* si-90-emcs.m */, + DCC78E0E1D8085FC00865A7C /* si-95-cms-basic.c */, + DCC78E0F1D8085FC00865A7C /* si-95-cms-basic.h */, + DCC78E101D8085FC00865A7C /* si-97-sectrust-path-scoring.m */, + DCC78E111D8085FC00865A7C /* si-97-sectrust-path-scoring.h */, + ); + name = secitem; + path = Regressions/secitem; + sourceTree = ""; + }; + DCC78E161D8085FC00865A7C /* vmdh */ = { + isa = PBXGroup; + children = ( + DCC78E131D8085FC00865A7C /* vmdh-40.c */, + DCC78E141D8085FC00865A7C /* vmdh-41-example.c */, + DCC78E151D8085FC00865A7C /* vmdh-42-example2.c */, + ); + name = vmdh; + path = Regressions/vmdh; + sourceTree = ""; + }; + DCC78E181D8085FC00865A7C /* Regressions */ = { + isa = PBXGroup; + children = ( + DCC78DA21D8085FC00865A7C /* Security_regressions.h */, + DCC78DA31D8085FC00865A7C /* shared_regressions.h */, + DCC78DA61D8085FC00865A7C /* crypto */, + DCC78DAE1D8085FC00865A7C /* otr */, + DCC78E121D8085FC00865A7C /* secitem */, + DCC78E161D8085FC00865A7C /* vmdh */, + DCC78E171D8085FC00865A7C /* so_01_serverencryption.c */, + EB6928C91D9C9D9D00062A18 /* rk_01_recoverykey.m */, + ); + name = Regressions; + sourceTree = ""; + }; + DCC78E271D8085FC00865A7C /* Security/Tool */ = { + isa = PBXGroup; + children = ( + DCC78E191D8085FC00865A7C /* verify_cert.c */, + DCC78E1A1D8085FC00865A7C /* keychain_util.c */, + DCC78E1B1D8085FC00865A7C /* keychain_util.h */, + DCC78E1C1D8085FC00865A7C /* add_internet_password.c */, + DCC78E1D1D8085FC00865A7C /* log_control.c */, + DCC78E1E1D8085FC00865A7C /* codesign.c */, + DCC78E1F1D8085FC00865A7C /* keychain_add.c */, + DCC78E201D8085FC00865A7C /* keychain_find.c */, + DCC78E221D8085FC00865A7C /* pkcs12_util.c */, + DCC78E231D8085FC00865A7C /* scep.c */, + DCC78E241D8085FC00865A7C /* SecurityCommands.h */, + DCC78E251D8085FC00865A7C /* show_certificates.c */, + DCC78E261D8085FC00865A7C /* spc.c */, + ); + name = Security/Tool; + path = OSX/sec/Security/Tool; + sourceTree = ""; + }; + DCC78E9E1D8085FC00865A7C /* Security.framework iOS */ = { + isa = PBXGroup; + children = ( + 4C999BA00AB5F0BB0010451D /* ntlm */, + 107226CF0D91DB32003CF14F /* sectask */, + DC0BCC381D8C68A600070CB0 /* src */, + 7908507E0CA87CF00083CC4D /* ipc */, + DCC78E181D8085FC00865A7C /* Regressions */, + 4C198F1A0ACDB4BF00AAB142 /* strings */, + 79BDD3940D60D5F9000D84D3 /* libCMS.xcodeproj */, + DCC78E321D8085FC00865A7C /* SecAccessControlExports.exp-in */, + DCC78E4E1D8085FC00865A7C /* SecExports.exp-in */, + ); + name = "Security.framework iOS"; + path = OSX/sec/Security; + sourceTree = ""; + }; + DCC78EA21D80860C00865A7C /* SharedWebCredentialAgent */ = { + isa = PBXGroup; + children = ( + DCC78E9F1D80860C00865A7C /* swcagent_client.h */, + DCC78EA01D80860C00865A7C /* swcagent_client.c */, + DCC78EA11D80860C00865A7C /* swcagent.m */, + BE4AC9A118B7FFAD00B84964 /* swcagent.m */, + BE4AC9AD18B7FFC800B84964 /* com.apple.security.swcagent.plist */, + EBCF01001DF501310055AF97 /* swcagent-entitlements.plist */, + ); + name = SharedWebCredentialAgent; + path = OSX/sec/SharedWebCredential; + sourceTree = ""; + }; + DCD067621D8CDE9B007602F1 /* codesigning */ = { + isa = PBXGroup; + children = ( + DC1787441D7790A500B50D50 /* CSCommonPriv.h */, + DC1787451D7790A500B50D50 /* SecAssessment.h */, + DC1787461D7790A500B50D50 /* SecCodeHostLib.h */, + DC1787471D7790A500B50D50 /* SecCodePriv.h */, + DC1787481D7790A500B50D50 /* SecCodeSigner.h */, + DC1787491D7790A500B50D50 /* SecIntegrity.h */, + DC17874A1D7790A500B50D50 /* SecIntegrityLib.h */, + DC17874B1D7790A500B50D50 /* SecRequirementPriv.h */, + DC17874C1D7790A500B50D50 /* SecStaticCodePriv.h */, + DC17874D1D7790A500B50D50 /* SecTaskPriv.h */, + DC1785811D778B7F00B50D50 /* CodeSigning.h */, + DC1785821D778B7F00B50D50 /* CSCommon.h */, + DC1785831D778B7F00B50D50 /* SecCode.h */, + DC1785841D778B8000B50D50 /* SecCodeHost.h */, + DC1785851D778B8000B50D50 /* SecRequirement.h */, + DC1785861D778B8000B50D50 /* SecStaticCode.h */, + DCD068141D8CDF7E007602F1 /* lib */, + DCD068F41D8CDFFE007602F1 /* antlr2 */, + DCD0676C1D8CDEB2007602F1 /* gke */, + DC3A4B5E1D91EAA500E46D4A /* CodeSigningHelper */, + ); + name = codesigning; + path = OSX/libsecurity_codesigning; + sourceTree = ""; + }; + DCD0676C1D8CDEB2007602F1 /* gke */ = { + isa = PBXGroup; + children = ( + DCD067631D8CDEB2007602F1 /* gkmerge */, + DCD067641D8CDEB2007602F1 /* gkhandmake */, + DCD067651D8CDEB2007602F1 /* gklist */, + DCD067661D8CDEB2007602F1 /* gkclear */, + DCD067671D8CDEB2007602F1 /* gkgenerate */, + DCD067681D8CDEB2007602F1 /* gkrecord */, + DCD067691D8CDEB2007602F1 /* gkreport */, + DCD0676A1D8CDEB2007602F1 /* com.apple.gkreport.plist */, + DCD0676B1D8CDEB2007602F1 /* gkunpack.cpp */, + ); + path = gke; + sourceTree = ""; + }; + DCD0679C1D8CDF7E007602F1 /* API */ = { + isa = PBXGroup; + children = ( + DCD0678A1D8CDF7E007602F1 /* CodeSigning.h */, + DCD0678B1D8CDF7E007602F1 /* CSCommon.h */, + DCD0678C1D8CDF7E007602F1 /* CSCommonPriv.h */, + DCD0678D1D8CDF7E007602F1 /* SecCode.h */, + DCD0678E1D8CDF7E007602F1 /* SecCodePriv.h */, + DCD0678F1D8CDF7E007602F1 /* SecCode.cpp */, + DCD067901D8CDF7E007602F1 /* SecStaticCode.h */, + DCD067911D8CDF7E007602F1 /* SecStaticCodePriv.h */, + DCD067921D8CDF7E007602F1 /* SecStaticCode.cpp */, + DCD067931D8CDF7E007602F1 /* SecRequirement.h */, + DCD067941D8CDF7E007602F1 /* SecRequirementPriv.h */, + DCD067951D8CDF7E007602F1 /* SecRequirement.cpp */, + DCD067961D8CDF7E007602F1 /* SecCodeSigner.h */, + DCD067971D8CDF7E007602F1 /* SecCodeSigner.cpp */, + DCD067981D8CDF7E007602F1 /* SecCodeHost.h */, + DCD067991D8CDF7E007602F1 /* SecCodeHost.cpp */, + DCD0679A1D8CDF7E007602F1 /* SecIntegrity.h */, + DCD0679B1D8CDF7E007602F1 /* SecIntegrity.cpp */, + ); + name = API; + sourceTree = ""; + }; + DCD067A71D8CDF7E007602F1 /* API Objects */ = { + isa = PBXGroup; + children = ( + DCD0679D1D8CDF7E007602F1 /* cs.h */, + DCD0679E1D8CDF7E007602F1 /* cs.cpp */, + DCD0679F1D8CDF7E007602F1 /* Code.h */, + DCD067A01D8CDF7E007602F1 /* Code.cpp */, + DCD067A11D8CDF7E007602F1 /* StaticCode.h */, + DCD067A21D8CDF7E007602F1 /* StaticCode.cpp */, + DCD067A31D8CDF7E007602F1 /* Requirements.h */, + DCD067A41D8CDF7E007602F1 /* Requirements.cpp */, + DCD067A51D8CDF7E007602F1 /* CodeSigner.h */, + DCD067A61D8CDF7E007602F1 /* CodeSigner.cpp */, + ); + name = "API Objects"; + sourceTree = ""; + }; + DCD067AC1D8CDF7E007602F1 /* Signing Operations */ = { + isa = PBXGroup; + children = ( + DCD067A81D8CDF7E007602F1 /* signer.h */, + DCD067A91D8CDF7E007602F1 /* signer.cpp */, + DCD067AA1D8CDF7E007602F1 /* signerutils.h */, + DCD067AB1D8CDF7E007602F1 /* signerutils.cpp */, + ); + name = "Signing Operations"; + sourceTree = ""; + }; + DCD067B11D8CDF7E007602F1 /* Code Directory */ = { + isa = PBXGroup; + children = ( + DCD067AD1D8CDF7E007602F1 /* codedirectory.h */, + DCD067AE1D8CDF7E007602F1 /* codedirectory.cpp */, + DCD067AF1D8CDF7E007602F1 /* cdbuilder.h */, + DCD067B01D8CDF7E007602F1 /* cdbuilder.cpp */, + ); + name = "Code Directory"; + sourceTree = ""; + }; + DCD067C81D8CDF7E007602F1 /* Requirements */ = { + isa = PBXGroup; + children = ( + DCD067B21D8CDF7E007602F1 /* requirements.grammar */, + DCD067B31D8CDF7E007602F1 /* RequirementKeywords.h */, + DCD067B41D8CDF7E007602F1 /* RequirementLexer.cpp */, + DCD067B51D8CDF7E007602F1 /* RequirementLexer.hpp */, + DCD067B61D8CDF7E007602F1 /* RequirementParser.cpp */, + DCD067B71D8CDF7E007602F1 /* RequirementParser.hpp */, + DCD067B81D8CDF7E007602F1 /* RequirementParserTokenTypes.hpp */, + DCD067B91D8CDF7E007602F1 /* RequirementParserTokenTypes.txt */, + DCD067BA1D8CDF7E007602F1 /* requirement.h */, + DCD067BB1D8CDF7E007602F1 /* requirement.cpp */, + DCD067BC1D8CDF7E007602F1 /* reqmaker.h */, + DCD067BD1D8CDF7E007602F1 /* reqmaker.cpp */, + DCD067BE1D8CDF7E007602F1 /* reqreader.h */, + DCD067BF1D8CDF7E007602F1 /* reqreader.cpp */, + DCD067C01D8CDF7E007602F1 /* reqinterp.h */, + DCD067C11D8CDF7E007602F1 /* reqinterp.cpp */, + DCD067C21D8CDF7E007602F1 /* reqparser.h */, + DCD067C31D8CDF7E007602F1 /* reqparser.cpp */, + DCD067C41D8CDF7E007602F1 /* reqdumper.h */, + DCD067C51D8CDF7E007602F1 /* reqdumper.cpp */, + DCD067C61D8CDF7E007602F1 /* drmaker.h */, + DCD067C71D8CDF7E007602F1 /* drmaker.cpp */, + ); + name = Requirements; + sourceTree = ""; + }; + DCD067CF1D8CDF7E007602F1 /* Code Classes */ = { + isa = PBXGroup; + children = ( + DCD067C91D8CDF7E007602F1 /* cskernel.h */, + DCD067CA1D8CDF7E007602F1 /* cskernel.cpp */, + DCD067CB1D8CDF7E007602F1 /* csprocess.h */, + DCD067CC1D8CDF7E007602F1 /* csprocess.cpp */, + DCD067CD1D8CDF7E007602F1 /* csgeneric.h */, + DCD067CE1D8CDF7E007602F1 /* csgeneric.cpp */, + ); + name = "Code Classes"; + sourceTree = ""; + }; + DCD067E41D8CDF7E007602F1 /* Disk Representations */ = { + isa = PBXGroup; + children = ( + DCD067D01D8CDF7E007602F1 /* diskrep.h */, + DCD067D11D8CDF7E007602F1 /* diskrep.cpp */, + DCD067D21D8CDF7E007602F1 /* filediskrep.h */, + DCD067D31D8CDF7E007602F1 /* filediskrep.cpp */, + DCD067D41D8CDF7E007602F1 /* bundlediskrep.h */, + DCD067D51D8CDF7E007602F1 /* bundlediskrep.cpp */, + DCD067D61D8CDF7E007602F1 /* kerneldiskrep.h */, + DCD067D71D8CDF7E007602F1 /* kerneldiskrep.cpp */, + DCD067D81D8CDF7E007602F1 /* machorep.h */, + DCD067D91D8CDF7E007602F1 /* machorep.cpp */, + DCD067DA1D8CDF7E007602F1 /* slcrep.h */, + DCD067DB1D8CDF7E007602F1 /* slcrep.cpp */, + DCD067DC1D8CDF7E007602F1 /* diskimagerep.h */, + DCD067DD1D8CDF7E007602F1 /* diskimagerep.cpp */, + DCD067DE1D8CDF7E007602F1 /* singlediskrep.h */, + DCD067DF1D8CDF7E007602F1 /* singlediskrep.cpp */, + DCD067E01D8CDF7E007602F1 /* detachedrep.h */, + DCD067E11D8CDF7E007602F1 /* detachedrep.cpp */, + DCD067E21D8CDF7E007602F1 /* piddiskrep.h */, + DCD067E31D8CDF7E007602F1 /* piddiskrep.cpp */, + ); + name = "Disk Representations"; + sourceTree = ""; + }; + DCD067E91D8CDF7E007602F1 /* Static Support */ = { + isa = PBXGroup; + children = ( + DCD067E51D8CDF7E007602F1 /* SecIntegrityLib.h */, + DCD067E61D8CDF7E007602F1 /* SecIntegrityLib.c */, + DCD067E71D8CDF7E007602F1 /* SecCodeHostLib.h */, + DCD067E81D8CDF7E007602F1 /* SecCodeHostLib.c */, + ); + name = "Static Support"; + sourceTree = ""; + }; + DCD067ED1D8CDF7E007602F1 /* DTrace */ = { + isa = PBXGroup; + children = ( + DCD067EA1D8CDF7E007602F1 /* sp-watch.d */, + DCD067EB1D8CDF7E007602F1 /* security_codesigning.d */, + DCD067EC1D8CDF7E007602F1 /* codesign-watch.d */, + ); + name = DTrace; + sourceTree = ""; + }; + DCD067FE1D8CDF7E007602F1 /* Local Utilities */ = { + isa = PBXGroup; + children = ( + DCD067EE1D8CDF7E007602F1 /* csdatabase.h */, + DCD067EF1D8CDF7E007602F1 /* csdatabase.cpp */, + DCD067F01D8CDF7E007602F1 /* cserror.h */, + DCD067F11D8CDF7E007602F1 /* cserror.cpp */, + DCD067F21D8CDF7E007602F1 /* resources.h */, + DCD067F31D8CDF7E007602F1 /* resources.cpp */, + DCD067F41D8CDF7E007602F1 /* sigblob.h */, + DCD067F51D8CDF7E007602F1 /* sigblob.cpp */, + DCD067F61D8CDF7E007602F1 /* csutilities.h */, + DCD067F71D8CDF7E007602F1 /* csutilities.cpp */, + DCD067F81D8CDF7E007602F1 /* xar++.h */, + DCD067F91D8CDF7E007602F1 /* xar++.cpp */, + DCD067FA1D8CDF7E007602F1 /* quarantine++.h */, + DCD067FB1D8CDF7E007602F1 /* quarantine++.cpp */, + DCD067FC1D8CDF7E007602F1 /* dirscanner.h */, + DCD067FD1D8CDF7E007602F1 /* dirscanner.cpp */, + ); + name = "Local Utilities"; + sourceTree = ""; + }; + DCD068011D8CDF7E007602F1 /* Security Plugins */ = { + isa = PBXGroup; + children = ( + DCD067FF1D8CDF7E007602F1 /* antlrplugin.h */, + DCD068001D8CDF7E007602F1 /* antlrplugin.cpp */, + ); + name = "Security Plugins"; + path = ..; + sourceTree = ""; + }; + DCD068051D8CDF7E007602F1 /* Entitlements */ = { + isa = PBXGroup; + children = ( + DCD068031D8CDF7E007602F1 /* SecTaskPriv.h */, + DCD068041D8CDF7E007602F1 /* SecTask.c */, + ); + name = Entitlements; + sourceTree = ""; + }; + DCD068131D8CDF7E007602F1 /* System Policy */ = { + isa = PBXGroup; + children = ( + DCD068061D8CDF7E007602F1 /* SecAssessment.h */, + DCD068071D8CDF7E007602F1 /* SecAssessment.cpp */, + DCD068081D8CDF7E007602F1 /* evaluationmanager.h */, + DCD068091D8CDF7E007602F1 /* evaluationmanager.cpp */, + DCD0680A1D8CDF7E007602F1 /* opaquewhitelist.h */, + DCD0680B1D8CDF7E007602F1 /* opaquewhitelist.cpp */, + DCD0680C1D8CDF7E007602F1 /* policydb.h */, + DCD0680D1D8CDF7E007602F1 /* policydb.cpp */, + DCD0680E1D8CDF7E007602F1 /* policyengine.h */, + DCD0680F1D8CDF7E007602F1 /* policyengine.cpp */, + DCD068101D8CDF7E007602F1 /* xpcengine.h */, + DCD068111D8CDF7E007602F1 /* xpcengine.cpp */, + DCD068121D8CDF7E007602F1 /* syspolicy.sql */, + ); + name = "System Policy"; + sourceTree = ""; + }; + DCD068141D8CDF7E007602F1 /* lib */ = { + isa = PBXGroup; + children = ( + DCD0679C1D8CDF7E007602F1 /* API */, + DCD067A71D8CDF7E007602F1 /* API Objects */, + DCD067AC1D8CDF7E007602F1 /* Signing Operations */, + DCD067B11D8CDF7E007602F1 /* Code Directory */, + DCD067C81D8CDF7E007602F1 /* Requirements */, + DCD067CF1D8CDF7E007602F1 /* Code Classes */, + DCD067E41D8CDF7E007602F1 /* Disk Representations */, + DCD067E91D8CDF7E007602F1 /* Static Support */, + DCD067ED1D8CDF7E007602F1 /* DTrace */, + DCD067FE1D8CDF7E007602F1 /* Local Utilities */, + DCD068011D8CDF7E007602F1 /* Security Plugins */, + DCD068051D8CDF7E007602F1 /* Entitlements */, + DCD068131D8CDF7E007602F1 /* System Policy */, + ); + path = lib; + sourceTree = ""; + }; + DCD068C21D8CDFFE007602F1 /* antlr */ = { + isa = PBXGroup; + children = ( + DCD0688F1D8CDFFE007602F1 /* ANTLRException.hpp */, + DCD068901D8CDFFE007602F1 /* ANTLRUtil.hpp */, + DCD068911D8CDFFE007602F1 /* AST.hpp */, + DCD068921D8CDFFE007602F1 /* ASTArray.hpp */, + DCD068931D8CDFFE007602F1 /* ASTFactory.hpp */, + DCD068941D8CDFFE007602F1 /* ASTNULLType.hpp */, + DCD068951D8CDFFE007602F1 /* ASTPair.hpp */, + DCD068961D8CDFFE007602F1 /* ASTRefCount.hpp */, + DCD068971D8CDFFE007602F1 /* BaseAST.hpp */, + DCD068981D8CDFFE007602F1 /* BitSet.hpp */, + DCD068991D8CDFFE007602F1 /* CharBuffer.hpp */, + DCD0689A1D8CDFFE007602F1 /* CharInputBuffer.hpp */, + DCD0689B1D8CDFFE007602F1 /* CharScanner.hpp */, + DCD0689C1D8CDFFE007602F1 /* CharStreamException.hpp */, + DCD0689D1D8CDFFE007602F1 /* CharStreamIOException.hpp */, + DCD0689E1D8CDFFE007602F1 /* CircularQueue.hpp */, + DCD0689F1D8CDFFE007602F1 /* CommonAST.hpp */, + DCD068A01D8CDFFE007602F1 /* CommonASTWithHiddenTokens.hpp */, + DCD068A11D8CDFFE007602F1 /* CommonHiddenStreamToken.hpp */, + DCD068A21D8CDFFE007602F1 /* CommonToken.hpp */, + DCD068A31D8CDFFE007602F1 /* config.hpp */, + DCD068A41D8CDFFE007602F1 /* InputBuffer.hpp */, + DCD068A51D8CDFFE007602F1 /* IOException.hpp */, + DCD068A61D8CDFFE007602F1 /* LexerSharedInputState.hpp */, + DCD068A71D8CDFFE007602F1 /* LLkParser.hpp */, + DCD068A81D8CDFFE007602F1 /* Makefile.in */, + DCD068A91D8CDFFE007602F1 /* MismatchedCharException.hpp */, + DCD068AA1D8CDFFE007602F1 /* MismatchedTokenException.hpp */, + DCD068AB1D8CDFFE007602F1 /* NoViableAltException.hpp */, + DCD068AC1D8CDFFE007602F1 /* NoViableAltForCharException.hpp */, + DCD068AD1D8CDFFE007602F1 /* Parser.hpp */, + DCD068AE1D8CDFFE007602F1 /* ParserSharedInputState.hpp */, + DCD068AF1D8CDFFE007602F1 /* RecognitionException.hpp */, + DCD068B01D8CDFFE007602F1 /* RefCount.hpp */, + DCD068B11D8CDFFE007602F1 /* SemanticException.hpp */, + DCD068B21D8CDFFE007602F1 /* String.hpp */, + DCD068B31D8CDFFE007602F1 /* Token.hpp */, + DCD068B41D8CDFFE007602F1 /* TokenBuffer.hpp */, + DCD068B51D8CDFFE007602F1 /* TokenRefCount.hpp */, + DCD068B61D8CDFFE007602F1 /* TokenStream.hpp */, + DCD068B71D8CDFFE007602F1 /* TokenStreamBasicFilter.hpp */, + DCD068B81D8CDFFE007602F1 /* TokenStreamException.hpp */, + DCD068B91D8CDFFE007602F1 /* TokenStreamHiddenTokenFilter.hpp */, + DCD068BA1D8CDFFE007602F1 /* TokenStreamIOException.hpp */, + DCD068BB1D8CDFFE007602F1 /* TokenStreamRecognitionException.hpp */, + DCD068BC1D8CDFFE007602F1 /* TokenStreamRetryException.hpp */, + DCD068BD1D8CDFFE007602F1 /* TokenStreamRewriteEngine.hpp */, + DCD068BE1D8CDFFE007602F1 /* TokenStreamSelector.hpp */, + DCD068BF1D8CDFFE007602F1 /* TokenWithIndex.hpp */, + DCD068C01D8CDFFE007602F1 /* TreeParser.hpp */, + DCD068C11D8CDFFE007602F1 /* TreeParserSharedInputState.hpp */, + ); + path = antlr; + sourceTree = ""; + }; + DCD068C81D8CDFFE007602F1 /* bcb4 */ = { + isa = PBXGroup; + children = ( + DCD068C51D8CDFFE007602F1 /* antlr.bpr */, + DCD068C61D8CDFFE007602F1 /* antlr.cpp */, + DCD068C71D8CDFFE007602F1 /* README */, + ); + path = bcb4; + sourceTree = ""; + }; + DCD068C91D8CDFFE007602F1 /* contrib */ = { + isa = PBXGroup; + children = ( + DCD068C81D8CDFFE007602F1 /* bcb4 */, + ); + path = contrib; + sourceTree = ""; + }; + DCD068D21D8CDFFE007602F1 /* scripts */ = { + isa = PBXGroup; + children = ( + DCD068D01D8CDFFE007602F1 /* cr_stripper.sh */, + DCD068D11D8CDFFE007602F1 /* make_change_log.tcl */, + ); + path = scripts; + sourceTree = ""; + }; + DCD068F21D8CDFFE007602F1 /* src */ = { + isa = PBXGroup; + children = ( + DCD068D31D8CDFFE007602F1 /* ANTLRUtil.cpp */, + DCD068D41D8CDFFE007602F1 /* ASTFactory.cpp */, + DCD068D51D8CDFFE007602F1 /* ASTNULLType.cpp */, + DCD068D61D8CDFFE007602F1 /* ASTRefCount.cpp */, + DCD068D71D8CDFFE007602F1 /* BaseAST.cpp */, + DCD068D81D8CDFFE007602F1 /* BitSet.cpp */, + DCD068D91D8CDFFE007602F1 /* CharBuffer.cpp */, + DCD068DA1D8CDFFE007602F1 /* CharScanner.cpp */, + DCD068DB1D8CDFFE007602F1 /* CommonAST.cpp */, + DCD068DC1D8CDFFE007602F1 /* CommonASTWithHiddenTokens.cpp */, + DCD068DD1D8CDFFE007602F1 /* CommonHiddenStreamToken.cpp */, + DCD068DE1D8CDFFE007602F1 /* CommonToken.cpp */, + DCD068DF1D8CDFFE007602F1 /* dll.cpp */, + DCD068E01D8CDFFE007602F1 /* InputBuffer.cpp */, + DCD068E11D8CDFFE007602F1 /* LLkParser.cpp */, + DCD068E21D8CDFFE007602F1 /* Makefile.in */, + DCD068E31D8CDFFE007602F1 /* MismatchedCharException.cpp */, + DCD068E41D8CDFFE007602F1 /* MismatchedTokenException.cpp */, + DCD068E51D8CDFFE007602F1 /* NoViableAltException.cpp */, + DCD068E61D8CDFFE007602F1 /* NoViableAltForCharException.cpp */, + DCD068E71D8CDFFE007602F1 /* Parser.cpp */, + DCD068E81D8CDFFE007602F1 /* RecognitionException.cpp */, + DCD068E91D8CDFFE007602F1 /* String.cpp */, + DCD068EA1D8CDFFE007602F1 /* Token.cpp */, + DCD068EB1D8CDFFE007602F1 /* TokenBuffer.cpp */, + DCD068EC1D8CDFFE007602F1 /* TokenRefCount.cpp */, + DCD068ED1D8CDFFE007602F1 /* TokenStreamBasicFilter.cpp */, + DCD068EE1D8CDFFE007602F1 /* TokenStreamHiddenTokenFilter.cpp */, + DCD068EF1D8CDFFE007602F1 /* TokenStreamRewriteEngine.cpp */, + DCD068F01D8CDFFE007602F1 /* TokenStreamSelector.cpp */, + DCD068F11D8CDFFE007602F1 /* TreeParser.cpp */, + ); + path = src; + sourceTree = ""; + }; + DCD068F41D8CDFFE007602F1 /* antlr2 */ = { + isa = PBXGroup; + children = ( + DCD068C21D8CDFFE007602F1 /* antlr */, + DCD068C31D8CDFFE007602F1 /* AUTHORS */, + DCD068C41D8CDFFE007602F1 /* ChangeLog */, + DCD068C91D8CDFFE007602F1 /* contrib */, + DCD068CA1D8CDFFE007602F1 /* doxygen.cfg */, + DCD068CB1D8CDFFE007602F1 /* libsecurity_codesigning.plist */, + DCD068CC1D8CDFFE007602F1 /* libsecurity_codesigning.txt */, + DCD068CD1D8CDFFE007602F1 /* LICENSE.txt */, + DCD068CE1D8CDFFE007602F1 /* Makefile.in */, + DCD068CF1D8CDFFE007602F1 /* README */, + DCD068D21D8CDFFE007602F1 /* scripts */, + DCD068F21D8CDFFE007602F1 /* src */, + DCD068F31D8CDFFE007602F1 /* TODO */, + ); + path = antlr2; + sourceTree = ""; + }; + DCD06AA81D8E0D3D007602F1 /* utilities */ = { + isa = PBXGroup; + children = ( + DCD06B3C1D8E0D7D007602F1 /* lib */, + DCD06BC31D8E0DC2007602F1 /* derived_src */, + DCD06BC71D8E0DD3007602F1 /* DTrace */, + ); + name = utilities; + sourceTree = ""; + }; + DCD06B0B1D8E0D7D007602F1 /* Unix */ = { + isa = PBXGroup; + children = ( + DCD06AF91D8E0D7D007602F1 /* fdmover.h */, + DCD06AFA1D8E0D7D007602F1 /* fdmover.cpp */, + DCD06AFB1D8E0D7D007602F1 /* fdsel.h */, + DCD06AFC1D8E0D7D007602F1 /* fdsel.cpp */, + DCD06AFD1D8E0D7D007602F1 /* kq++.h */, + DCD06AFE1D8E0D7D007602F1 /* kq++.cpp */, + DCD06AFF1D8E0D7D007602F1 /* muscle++.h */, + DCD06B001D8E0D7D007602F1 /* muscle++.cpp */, + DCD06B011D8E0D7D007602F1 /* pcsc++.h */, + DCD06B021D8E0D7D007602F1 /* pcsc++.cpp */, + DCD06B031D8E0D7D007602F1 /* selector.h */, + DCD06B041D8E0D7D007602F1 /* selector.cpp */, + DCD06B051D8E0D7D007602F1 /* unix++.h */, + DCD06B061D8E0D7D007602F1 /* unix++.cpp */, + DCD06B071D8E0D7D007602F1 /* unixchild.h */, + DCD06B081D8E0D7D007602F1 /* unixchild.cpp */, + DCD06B091D8E0D7D007602F1 /* vproc++.h */, + DCD06B0A1D8E0D7D007602F1 /* vproc++.cpp */, + ); + name = Unix; + sourceTree = ""; + }; + DCD06B1B1D8E0D7D007602F1 /* Mach */ = { + isa = PBXGroup; + children = ( + DCD06B0C1D8E0D7D007602F1 /* mach++.h */, + DCD06B0D1D8E0D7D007602F1 /* mach++.cpp */, + DCD06B0E1D8E0D7D007602F1 /* mach_notify.h */, + DCD06B0F1D8E0D7D007602F1 /* mach_notify.c */, + DCD06B101D8E0D7D007602F1 /* cfmach++.h */, + DCD06B111D8E0D7D007602F1 /* cfmach++.cpp */, + DCD06B121D8E0D7D007602F1 /* macho++.h */, + DCD06B131D8E0D7D007602F1 /* macho++.cpp */, + DCD06B141D8E0D7D007602F1 /* dyldcache.h */, + DCD06B151D8E0D7D007602F1 /* dyldcache.cpp */, + DCD06B161D8E0D7D007602F1 /* dyld_cache_format.h */, + DCD06B171D8E0D7D007602F1 /* machserver.h */, + DCD06B181D8E0D7D007602F1 /* machserver.cpp */, + DCD06B191D8E0D7D007602F1 /* machrunloopserver.h */, + DCD06B1A1D8E0D7D007602F1 /* machrunloopserver.cpp */, + ); + name = Mach; + sourceTree = ""; + }; + DCD06B241D8E0D7D007602F1 /* CoreFoundation */ = { + isa = PBXGroup; + children = ( + DCD06B1C1D8E0D7D007602F1 /* coderepository.h */, + DCD06B1D1D8E0D7D007602F1 /* coderepository.cpp */, + DCD06B1E1D8E0D7D007602F1 /* cfclass.h */, + DCD06B1F1D8E0D7D007602F1 /* cfclass.cpp */, + DCD06B201D8E0D7D007602F1 /* cfmunge.h */, + DCD06B211D8E0D7D007602F1 /* cfmunge.cpp */, + DCD06B221D8E0D7D007602F1 /* cfutilities.h */, + DCD06B231D8E0D7D007602F1 /* cfutilities.cpp */, + ); + name = CoreFoundation; + sourceTree = ""; + }; + DCD06B391D8E0D7D007602F1 /* Socks */ = { + isa = PBXGroup; + children = ( + DCD06B331D8E0D7D007602F1 /* socks++.h */, + DCD06B341D8E0D7D007602F1 /* socks++.cpp */, + DCD06B351D8E0D7D007602F1 /* socks++4.h */, + DCD06B361D8E0D7D007602F1 /* socks++4.cpp */, + DCD06B371D8E0D7D007602F1 /* socks++5.h */, + DCD06B381D8E0D7D007602F1 /* socks++5.cpp */, + ); + name = Socks; + sourceTree = ""; + }; + DCD06B3A1D8E0D7D007602F1 /* Network */ = { + isa = PBXGroup; + children = ( + DCD06B251D8E0D7D007602F1 /* bufferfifo.h */, + DCD06B261D8E0D7D007602F1 /* bufferfifo.cpp */, + DCD06B271D8E0D7D007602F1 /* buffers.h */, + DCD06B281D8E0D7D007602F1 /* buffers.cpp */, + DCD06B291D8E0D7D007602F1 /* headermap.h */, + DCD06B2A1D8E0D7D007602F1 /* headermap.cpp */, + DCD06B2B1D8E0D7D007602F1 /* hosts.h */, + DCD06B2C1D8E0D7D007602F1 /* hosts.cpp */, + DCD06B2D1D8E0D7D007602F1 /* inetreply.h */, + DCD06B2E1D8E0D7D007602F1 /* inetreply.cpp */, + DCD06B2F1D8E0D7D007602F1 /* ip++.h */, + DCD06B301D8E0D7D007602F1 /* ip++.cpp */, + DCD06B311D8E0D7D007602F1 /* url.h */, + DCD06B321D8E0D7D007602F1 /* url.cpp */, + DCD06B391D8E0D7D007602F1 /* Socks */, + ); + name = Network; + sourceTree = ""; + }; + DCD06B3C1D8E0D7D007602F1 /* lib */ = { + isa = PBXGroup; + children = ( + DCD06AB11D8E0D7D007602F1 /* debugging.h */, + DCD06AB21D8E0D7D007602F1 /* FileLockTransaction.cpp */, + DCD06AB31D8E0D7D007602F1 /* FileLockTransaction.h */, + DCD06AB41D8E0D7D007602F1 /* CSPDLTransaction.cpp */, + DCD06AB51D8E0D7D007602F1 /* CSPDLTransaction.h */, + DCD06AB61D8E0D7D007602F1 /* casts.h */, + DCD06AB71D8E0D7D007602F1 /* crc.c */, + DCD06AB81D8E0D7D007602F1 /* crc.h */, + DCD06AB91D8E0D7D007602F1 /* adornments.h */, + DCD06ABA1D8E0D7D007602F1 /* adornments.cpp */, + DCD06ABB1D8E0D7D007602F1 /* alloc.h */, + DCD06ABC1D8E0D7D007602F1 /* alloc.cpp */, + DCD06ABD1D8E0D7D007602F1 /* blob.h */, + DCD06ABE1D8E0D7D007602F1 /* blob.cpp */, + DCD06ABF1D8E0D7D007602F1 /* ccaudit.cpp */, + DCD06AC01D8E0D7D007602F1 /* ccaudit.h */, + DCD06AC11D8E0D7D007602F1 /* daemon.h */, + DCD06AC21D8E0D7D007602F1 /* daemon.cpp */, + DCD06AC31D8E0D7D007602F1 /* debugging_internal.h */, + DCD06AC41D8E0D7D007602F1 /* debugsupport.h */, + DCD06AC51D8E0D7D007602F1 /* debugging_internal.cpp */, + DCD06AC61D8E0D7D007602F1 /* devrandom.h */, + DCD06AC71D8E0D7D007602F1 /* devrandom.cpp */, + DCD06AC81D8E0D7D007602F1 /* dispatch.cpp */, + DCD06AC91D8E0D7D007602F1 /* dispatch.h */, + DCD06ACA1D8E0D7D007602F1 /* endian.h */, + DCD06ACB1D8E0D7D007602F1 /* endian.cpp */, + DCD06ACC1D8E0D7D007602F1 /* errors.h */, + DCD06ACD1D8E0D7D007602F1 /* errors.cpp */, + DCD06ACE1D8E0D7D007602F1 /* globalizer.h */, + DCD06ACF1D8E0D7D007602F1 /* globalizer.cpp */, + DCD06AD01D8E0D7D007602F1 /* hashing.h */, + DCD06AD11D8E0D7D007602F1 /* hashing.cpp */, + DCD06AD21D8E0D7D007602F1 /* iodevices.h */, + DCD06AD31D8E0D7D007602F1 /* iodevices.cpp */, + DCD06AD41D8E0D7D007602F1 /* ktracecodes.h */, + DCD06AD51D8E0D7D007602F1 /* logging.h */, + DCD06AD61D8E0D7D007602F1 /* logging.cpp */, + DCD06AD71D8E0D7D007602F1 /* memstreams.h */, + DCD06AD81D8E0D7D007602F1 /* memutils.h */, + DCD06AD91D8E0D7D007602F1 /* osxcode.h */, + DCD06ADA1D8E0D7D007602F1 /* osxcode.cpp */, + DCD06ADB1D8E0D7D007602F1 /* powerwatch.h */, + DCD06ADC1D8E0D7D007602F1 /* powerwatch.cpp */, + DCD06ADD1D8E0D7D007602F1 /* refcount.h */, + DCD06ADE1D8E0D7D007602F1 /* seccfobject.h */, + DCD06ADF1D8E0D7D007602F1 /* seccfobject.cpp */, + DCD06AE01D8E0D7D007602F1 /* security_utilities.h */, + DCD06AE11D8E0D7D007602F1 /* simpleprefs.h */, + DCD06AE21D8E0D7D007602F1 /* simpleprefs.cpp */, + DCD06AE31D8E0D7D007602F1 /* sqlite++.h */, + DCD06AE41D8E0D7D007602F1 /* sqlite++.cpp */, + DCD06AE51D8E0D7D007602F1 /* streams.h */, + DCD06AE61D8E0D7D007602F1 /* streams.cpp */, + DCD06AE71D8E0D7D007602F1 /* superblob.h */, + DCD06AE81D8E0D7D007602F1 /* superblob.cpp */, + DCD06AE91D8E0D7D007602F1 /* threading.h */, + DCD06AEA1D8E0D7D007602F1 /* threading_internal.h */, + DCD06AEB1D8E0D7D007602F1 /* threading.cpp */, + DCD06AEC1D8E0D7D007602F1 /* timeflow.h */, + DCD06AED1D8E0D7D007602F1 /* timeflow.cpp */, + DCD06AEE1D8E0D7D007602F1 /* tqueue.h */, + DCD06AEF1D8E0D7D007602F1 /* tqueue.cpp */, + DCD06AF01D8E0D7D007602F1 /* trackingallocator.h */, + DCD06AF11D8E0D7D007602F1 /* trackingallocator.cpp */, + DCD06AF21D8E0D7D007602F1 /* transactions.cpp */, + DCD06AF31D8E0D7D007602F1 /* transactions.h */, + DCD06AF41D8E0D7D007602F1 /* typedvalue.cpp */, + DCD06AF51D8E0D7D007602F1 /* typedvalue.h */, + DCD06AF61D8E0D7D007602F1 /* utilities.h */, + DCD06AF71D8E0D7D007602F1 /* utilities.cpp */, + DCD06AF81D8E0D7D007602F1 /* utility_config.h */, + DCD06B0B1D8E0D7D007602F1 /* Unix */, + DCD06B1B1D8E0D7D007602F1 /* Mach */, + DCD06B241D8E0D7D007602F1 /* CoreFoundation */, + DCD06B3A1D8E0D7D007602F1 /* Network */, + ); + name = lib; + path = OSX/libsecurity_utilities/lib; + sourceTree = ""; + }; + DCD06BC31D8E0DC2007602F1 /* derived_src */ = { + isa = PBXGroup; + children = ( + DCD06BC21D8E0DC2007602F1 /* utilities_dtrace.h */, + ); + path = derived_src; + sourceTree = BUILT_PRODUCTS_DIR; + }; + DCD06BC71D8E0DD3007602F1 /* DTrace */ = { + isa = PBXGroup; + children = ( + DCD06BC51D8E0DD3007602F1 /* security_utilities.d */, + ); + name = DTrace; + path = OSX/libsecurity_utilities; + sourceTree = ""; + }; + DCE4E6D61D7A420100AFB96E /* SecurityTestsOSX */ = { + isa = PBXGroup; + children = ( + DCE4E6D71D7A420D00AFB96E /* main.m */, + ); + name = SecurityTestsOSX; + path = ..; + sourceTree = ""; + }; + DCE4E7E01D7A4B6D00AFB96E /* sectests */ = { + isa = PBXGroup; + children = ( + DCE4E7E11D7A4B7F00AFB96E /* main.c */, + ); + name = sectests; + path = secacltests; + sourceTree = ""; + }; + DCE4E85A1D7A583100AFB96E /* trustd */ = { + isa = PBXGroup; + children = ( + DCE4E85E1D7A585300AFB96E /* launchdaemon */, + DCE4E85D1D7A584D00AFB96E /* launchagent */, + ); + name = trustd; + sourceTree = ""; + }; + DCE4E85D1D7A584D00AFB96E /* launchagent */ = { + isa = PBXGroup; + children = ( + DCE4E85B1D7A583A00AFB96E /* com.apple.trustd.agent.plist */, + ); + name = launchagent; + sourceTree = ""; + }; + DCE4E85E1D7A585300AFB96E /* launchdaemon */ = { + isa = PBXGroup; + children = ( + DCE4E85C1D7A584000AFB96E /* com.apple.trustd.plist */, + ); + name = launchdaemon; + sourceTree = ""; + }; + DCE4E8A01D7F352600AFB96E /* authd */ = { + isa = PBXGroup; + children = ( + DC24B5581DA326B900330B48 /* agent.h */, + DC24B5591DA326B900330B48 /* authdb.h */, + DC24B55A1DA326B900330B48 /* authitems.h */, + DC24B55B1DA326B900330B48 /* authtoken.h */, + DC24B55C1DA326B900330B48 /* authtypes.h */, + DC24B55D1DA326B900330B48 /* authutilities.h */, + DC24B55E1DA326B900330B48 /* ccaudit.h */, + DC24B55F1DA326B900330B48 /* connection.h */, + DC24B5601DA326B900330B48 /* crc.h */, + DC24B5611DA326B900330B48 /* credential.h */, + DC24B5621DA326B900330B48 /* debugging.h */, + DC24B5631DA326B900330B48 /* engine.h */, + DC24B5641DA326B900330B48 /* Info.plist */, + DC24B5651DA326B900330B48 /* mechanism.h */, + DC24B5661DA326B900330B48 /* object.h */, + DC24B5671DA326B900330B48 /* process.h */, + DC24B5681DA326B900330B48 /* rule.h */, + DC24B5691DA326B900330B48 /* server.h */, + DC24B56A1DA326B900330B48 /* session.h */, + DCE4E8D51D7F361D00AFB96E /* authd_private.h */, + DCE4E8CA1D7F356F00AFB96E /* resources */, + DCE4E8A11D7F353900AFB96E /* agent.c */, + DCE4E8A21D7F353900AFB96E /* authdb.c */, + DCE4E8A31D7F353900AFB96E /* authitems.c */, + DCE4E8A41D7F353900AFB96E /* authtoken.c */, + DCE4E8A51D7F353900AFB96E /* authutilities.c */, + DCE4E8A61D7F353900AFB96E /* ccaudit.c */, + DCE4E8A71D7F353900AFB96E /* crc.c */, + DCE4E8A81D7F353900AFB96E /* credential.c */, + DCE4E8A91D7F353900AFB96E /* debugging.c */, + DCE4E8AA1D7F353900AFB96E /* engine.c */, + DCE4E8AB1D7F353900AFB96E /* main.c */, + DCE4E8AC1D7F353900AFB96E /* mechanism.c */, + DCE4E8AD1D7F353900AFB96E /* object.c */, + DCE4E8AE1D7F353900AFB96E /* process.c */, + DCE4E8AF1D7F353900AFB96E /* rule.c */, + DCE4E8B01D7F353900AFB96E /* server.c */, + DCE4E8B11D7F353900AFB96E /* session.c */, + DCE4E8B21D7F353900AFB96E /* connection.c */, + ); + name = authd; + sourceTree = ""; + }; + DCE4E8CA1D7F356F00AFB96E /* resources */ = { + isa = PBXGroup; + children = ( + DCE4E8CF1D7F35B800AFB96E /* com.apple.authd.sb */, + DCE4E8D21D7F35D200AFB96E /* com.apple.authd */, + DCE4E8CB1D7F357C00AFB96E /* authorization.plist */, + ); + name = resources; + sourceTree = ""; + }; + DCE4E8DE1D7F39DB00AFB96E /* Cloud Keychain Utility */ = { + isa = PBXGroup; + children = ( + DCE4E9021D7F3A4000AFB96E /* resources */, + DC24B5731DA327A800330B48 /* KDSecCircle.h */, + DCE4E8F01D7F3A1100AFB96E /* KDSecCircle.m */, + DC24B5721DA327A800330B48 /* KDCirclePeer.h */, + DCE4E8F11D7F3A1100AFB96E /* KDCirclePeer.m */, + DCE4E8F21D7F3A1100AFB96E /* main.m */, + DC24B5711DA327A800330B48 /* KDAppDelegate.h */, + DCE4E8F31D7F3A1100AFB96E /* KDAppDelegate.m */, + DC24B5741DA327A800330B48 /* KDSecItems.h */, + DCE4E8F41D7F3A1100AFB96E /* KDSecItems.m */, + DCE4E8F51D7F3A1100AFB96E /* NSArray+mapWithBlock.m */, + DC24B5751DA327A800330B48 /* Keychain-Info.plist */, + DC24B5761DA327A800330B48 /* Keychain-Prefix.pch */, + ); + path = "Cloud Keychain Utility"; + sourceTree = ""; + }; + DCE4E9021D7F3A4000AFB96E /* resources */ = { + isa = PBXGroup; + children = ( + DCE4E9031D7F3A4800AFB96E /* Icon.icns */, + DCE4E9041D7F3A4800AFB96E /* InfoPlist.strings */, + DCE4E9061D7F3A4800AFB96E /* Credits.rtf */, + ); + name = resources; + sourceTree = ""; + }; + DCE4E9121D7F3D5400AFB96E /* Keychain Circle Notification */ = { + isa = PBXGroup; + children = ( + DCE4E9431D7F3E7500AFB96E /* resources */, + DC0B622D1D909C4600D43BCB /* MainMenu.xib */, + DCE4E9221D7F3D7B00AFB96E /* KDSecCircle.m */, + DC24B57A1DA3280D00330B48 /* KNPersistentState.h */, + DCE4E9231D7F3D7C00AFB96E /* KNPersistentState.m */, + DC24B57B1DA3280D00330B48 /* NSArray+mapWithBlock.h */, + DCE4E9241D7F3D7C00AFB96E /* NSArray+mapWithBlock.m */, + DC24B57C1DA3280D00330B48 /* NSDictionary+compactDescription.h */, + DCE4E9251D7F3D7C00AFB96E /* NSDictionary+compactDescription.m */, + DCE4E9261D7F3D7C00AFB96E /* NSString+compactDescription.m */, + DCE4E9271D7F3D7C00AFB96E /* main.m */, + DCE4E9281D7F3D7C00AFB96E /* KDCirclePeer.m */, + DC24B5791DA3280D00330B48 /* KNAppDelegate.h */, + DCE4E9291D7F3D7C00AFB96E /* KNAppDelegate.m */, + DC24B57E1DA3280D00330B48 /* NSString+compactDescription.h */, + DC24B57D1DA3280D00330B48 /* NSSet+compactDescription.h */, + DCE4E92A1D7F3D7C00AFB96E /* NSSet+compactDescription.m */, + ); + name = "Keychain Circle Notification"; + path = "OSX/Keychain Circle Notification"; + sourceTree = SOURCE_ROOT; + }; + DCE4E9431D7F3E7500AFB96E /* resources */ = { + isa = PBXGroup; + children = ( + DC24B5781DA3280D00330B48 /* Keychain Circle Notification-Prefix.pch */, + DC24B57F1DA3283800330B48 /* Keychain Circle Notification-Info.plist */, + DC24B5771DA3280D00330B48 /* entitlments.plist */, + DCE4E9441D7F3E8700AFB96E /* Localizable.strings */, + DCE4E9461D7F3E8700AFB96E /* com.apple.security.keychain-circle-notification.plist */, + DCE4E9471D7F3E8700AFB96E /* InfoPlist.strings */, + ); + name = resources; + sourceTree = ""; + }; + DCF783091D88B4B500E694BB /* apple_csp */ = { + isa = PBXGroup; + children = ( + DCF7839C1D88B60D00E694BB /* lib */, + DCF7841B1D88B62300E694BB /* mds */, + DCF784911D88B62D00E694BB /* open_ssl */, + DCF784FA1D88B63800E694BB /* docs */, + ); + name = apple_csp; + sourceTree = ""; + }; + DCF783211D88B60D00E694BB /* AES */ = { + isa = PBXGroup; + children = ( + DCF783151D88B60D00E694BB /* aesCommon.h */, + DCF783161D88B60D00E694BB /* aescsp.cpp */, + DCF783171D88B60D00E694BB /* aescspi.h */, + DCF783181D88B60D00E694BB /* boxes-ref.c */, + DCF783191D88B60D00E694BB /* boxes-ref.h */, + DCF7831A1D88B60D00E694BB /* gladmanContext.cpp */, + DCF7831B1D88B60D00E694BB /* gladmanContext.h */, + DCF7831C1D88B60D00E694BB /* rijndael-alg-ref.c */, + DCF7831D1D88B60D00E694BB /* rijndael-alg-ref.h */, + DCF7831E1D88B60D00E694BB /* rijndaelApi.c */, + DCF7831F1D88B60D00E694BB /* rijndaelApi.h */, + DCF783201D88B60D00E694BB /* vRijndael-alg-ref.c */, + ); + name = AES; + sourceTree = ""; + }; + DCF7833E1D88B60D00E694BB /* AppleCSP */ = { + isa = PBXGroup; + children = ( + DCF783221D88B60D00E694BB /* AppleCSP.cpp */, + DCF783231D88B60D00E694BB /* AppleCSP.h */, + DCF783241D88B60D00E694BB /* AppleCSPBuiltin.cpp */, + DCF783251D88B60D00E694BB /* AppleCSPContext.cpp */, + DCF783261D88B60D00E694BB /* AppleCSPContext.h */, + DCF783271D88B60D00E694BB /* AppleCSPKeys.cpp */, + DCF783281D88B60D00E694BB /* AppleCSPKeys.h */, + DCF783291D88B60D00E694BB /* AppleCSPPlugin.cpp */, + DCF7832A1D88B60D00E694BB /* AppleCSPSession.h */, + DCF7832B1D88B60D00E694BB /* AppleCSPUtils.cpp */, + DCF7832C1D88B60D00E694BB /* AppleCSPUtils.h */, + DCF7832D1D88B60D00E694BB /* BinaryKey.h */, + DCF7832E1D88B60D00E694BB /* BlockCryptor.cpp */, + DCF7832F1D88B60D00E694BB /* BlockCryptor.h */, + DCF783301D88B60D00E694BB /* cspdebugging.c */, + DCF783311D88B60D00E694BB /* cspdebugging.h */, + DCF783321D88B60D00E694BB /* deriveKey.cpp */, + DCF783331D88B60D00E694BB /* DigestContext.cpp */, + DCF783341D88B60D00E694BB /* DigestContext.h */, + DCF783351D88B60D00E694BB /* MacContext.cpp */, + DCF783361D88B60D00E694BB /* MacContext.h */, + DCF783371D88B60D00E694BB /* RawSigner.h */, + DCF783381D88B60D00E694BB /* SignatureContext.cpp */, + DCF783391D88B60D00E694BB /* SignatureContext.h */, + DCF7833A1D88B60D00E694BB /* wrapKey.cpp */, + DCF7833B1D88B60D00E694BB /* wrapKeyCms.cpp */, + DCF7833C1D88B60D00E694BB /* YarrowConnection.cpp */, + DCF7833D1D88B60D00E694BB /* YarrowConnection.h */, + ); + name = AppleCSP; + sourceTree = ""; + }; + DCF7834B1D88B60D00E694BB /* BSafeCSP */ = { + isa = PBXGroup; + children = ( + DCF7833F1D88B60D00E694BB /* algmaker.cpp */, + DCF783401D88B60D00E694BB /* bsafeAsymmetric.cpp */, + DCF783411D88B60D00E694BB /* bsafeContext.cpp */, + DCF783421D88B60D00E694BB /* bsafecsp.h */, + DCF783431D88B60D00E694BB /* bsafecspi.h */, + DCF783441D88B60D00E694BB /* bsafeKeyGen.cpp */, + DCF783451D88B60D00E694BB /* bsafePKCS1.cpp */, + DCF783461D88B60D00E694BB /* bsafePKCS1.h */, + DCF783471D88B60D00E694BB /* bsafeSymmetric.cpp */, + DCF783481D88B60D00E694BB /* bsobjects.h */, + DCF783491D88B60D00E694BB /* memory.cpp */, + DCF7834A1D88B60D00E694BB /* miscalgorithms.cpp */, + ); + name = BSafeCSP; + sourceTree = ""; + }; + DCF7834F1D88B60D00E694BB /* ComCryption */ = { + isa = PBXGroup; + children = ( + DCF7834C1D88B60D00E694BB /* ascContext.cpp */, + DCF7834D1D88B60D00E694BB /* ascContext.h */, + DCF7834E1D88B60D00E694BB /* ascFactory.h */, + ); + name = ComCryption; + sourceTree = ""; + }; + DCF7835B1D88B60D00E694BB /* CryptKitCSP */ = { + isa = PBXGroup; + children = ( + DCF783501D88B60D00E694BB /* cryptkitcsp.cpp */, + DCF783511D88B60D00E694BB /* cryptkitcsp.h */, + DCF783521D88B60D00E694BB /* CryptKitSpace.h */, + DCF783531D88B60D00E694BB /* FEEAsymmetricContext.cpp */, + DCF783541D88B60D00E694BB /* FEEAsymmetricContext.h */, + DCF783551D88B60D00E694BB /* FEECSPUtils.cpp */, + DCF783561D88B60D00E694BB /* FEECSPUtils.h */, + DCF783571D88B60D00E694BB /* FEEKeys.cpp */, + DCF783581D88B60D00E694BB /* FEEKeys.h */, + DCF783591D88B60D00E694BB /* FEESignatureObject.cpp */, + DCF7835A1D88B60D00E694BB /* FEESignatureObject.h */, + ); + name = CryptKitCSP; + sourceTree = ""; + }; + DCF783641D88B60D00E694BB /* DiffieHellman */ = { + isa = PBXGroup; + children = ( + DCF7835C1D88B60D00E694BB /* DH_csp.cpp */, + DCF7835D1D88B60D00E694BB /* DH_csp.h */, + DCF7835E1D88B60D00E694BB /* DH_exchange.cpp */, + DCF7835F1D88B60D00E694BB /* DH_exchange.h */, + DCF783601D88B60D00E694BB /* DH_keys.cpp */, + DCF783611D88B60D00E694BB /* DH_keys.h */, + DCF783621D88B60D00E694BB /* DH_utils.cpp */, + DCF783631D88B60D00E694BB /* DH_utils.h */, + ); + name = DiffieHellman; + sourceTree = ""; + }; + DCF7836B1D88B60D00E694BB /* PBKDF2 */ = { + isa = PBXGroup; + children = ( + DCF783651D88B60D00E694BB /* HMACSHA1.c */, + DCF783661D88B60D00E694BB /* HMACSHA1.h */, + DCF783671D88B60D00E694BB /* pbkdDigest.cpp */, + DCF783681D88B60D00E694BB /* pbkdDigest.h */, + DCF783691D88B60D00E694BB /* pbkdf2.c */, + DCF7836A1D88B60D00E694BB /* pbkdf2.h */, + ); + name = PBKDF2; + sourceTree = ""; + }; + DCF783721D88B60D00E694BB /* Digest */ = { + isa = PBXGroup; + children = ( + DCF7836C1D88B60D00E694BB /* MD2Object.cpp */, + DCF7836D1D88B60D00E694BB /* MD2Object.h */, + DCF7836E1D88B60D00E694BB /* SHA1_MD5_Object.cpp */, + DCF7836F1D88B60D00E694BB /* SHA1_MD5_Object.h */, + DCF783701D88B60D00E694BB /* SHA2_Object.cpp */, + DCF783711D88B60D00E694BB /* SHA2_Object.h */, + ); + name = Digest; + sourceTree = ""; + }; + DCF783771D88B60D00E694BB /* PKCS */ = { + isa = PBXGroup; + children = ( + DCF783731D88B60D00E694BB /* pkcs12Derive.cpp */, + DCF783741D88B60D00E694BB /* pkcs12Derive.h */, + DCF783751D88B60D00E694BB /* pkcs8.cpp */, + DCF783761D88B60D00E694BB /* pkcs8.h */, + ); + name = PKCS; + sourceTree = ""; + }; + DCF783851D88B60D00E694BB /* Symmetric */ = { + isa = PBXGroup; + children = ( + DCF783781D88B60D00E694BB /* bfContext.cpp */, + DCF783791D88B60D00E694BB /* bfContext.h */, + DCF7837A1D88B60D00E694BB /* castContext.cpp */, + DCF7837B1D88B60D00E694BB /* castContext.h */, + DCF7837C1D88B60D00E694BB /* desContext.cpp */, + DCF7837D1D88B60D00E694BB /* desContext.h */, + DCF7837E1D88B60D00E694BB /* NullCryptor.h */, + DCF7837F1D88B60D00E694BB /* rc2Context.cpp */, + DCF783801D88B60D00E694BB /* rc2Context.h */, + DCF783811D88B60D00E694BB /* rc4Context.cpp */, + DCF783821D88B60D00E694BB /* rc4Context.h */, + DCF783831D88B60D00E694BB /* rc5Context.cpp */, + DCF783841D88B60D00E694BB /* rc5Context.h */, + ); + name = Symmetric; + sourceTree = ""; + }; + DCF783881D88B60D00E694BB /* MiscCSPAlgs */ = { + isa = PBXGroup; + children = ( + DCF783721D88B60D00E694BB /* Digest */, + DCF783771D88B60D00E694BB /* PKCS */, + DCF783851D88B60D00E694BB /* Symmetric */, + DCF783861D88B60D00E694BB /* miscAlgFactory.cpp */, + DCF783871D88B60D00E694BB /* miscAlgFactory.h */, + ); + name = MiscCSPAlgs; + sourceTree = ""; + }; + DCF783961D88B60D00E694BB /* RSA_DSA */ = { + isa = PBXGroup; + children = ( + DCF783891D88B60D00E694BB /* RSA_asymmetric.cpp */, + DCF7838A1D88B60D00E694BB /* RSA_DSA_signature.cpp */, + DCF7838B1D88B60D00E694BB /* RSA_DSA_signature.h */, + DCF7838C1D88B60D00E694BB /* RSA_DSA_utils.cpp */, + DCF7838D1D88B60D00E694BB /* RSA_DSA_utils.h */, + DCF7838E1D88B60D00E694BB /* RSA_DSA_csp.cpp */, + DCF7838F1D88B60D00E694BB /* RSA_DSA_csp.h */, + DCF783901D88B60D00E694BB /* RSA_DSA_keys.cpp */, + DCF783911D88B60D00E694BB /* RSA_DSA_keys.h */, + DCF783921D88B60D00E694BB /* RSA_asymmetric.h */, + DCF783931D88B60D00E694BB /* opensshCoding.h */, + DCF783941D88B60D00E694BB /* opensshCoding.cpp */, + DCF783951D88B60D00E694BB /* opensshWrap.cpp */, + ); + name = RSA_DSA; + sourceTree = ""; + }; + DCF7839B1D88B60D00E694BB /* opensslUtils */ = { + isa = PBXGroup; + children = ( + DCF783971D88B60D00E694BB /* opensslAsn1.cpp */, + DCF783981D88B60D00E694BB /* opensslAsn1.h */, + DCF783991D88B60D00E694BB /* opensslUtils.cpp */, + DCF7839A1D88B60D00E694BB /* opensslUtils.h */, + ); + name = opensslUtils; + path = ../open_ssl/opensslUtils; + sourceTree = ""; + }; + DCF7839C1D88B60D00E694BB /* lib */ = { + isa = PBXGroup; + children = ( + DCF783211D88B60D00E694BB /* AES */, + DCF7833E1D88B60D00E694BB /* AppleCSP */, + DCF7834B1D88B60D00E694BB /* BSafeCSP */, + DCF7834F1D88B60D00E694BB /* ComCryption */, + DCF7835B1D88B60D00E694BB /* CryptKitCSP */, + DCF783641D88B60D00E694BB /* DiffieHellman */, + DCF7836B1D88B60D00E694BB /* PBKDF2 */, + DCF783881D88B60D00E694BB /* MiscCSPAlgs */, + DCF783961D88B60D00E694BB /* RSA_DSA */, + DCF7839B1D88B60D00E694BB /* opensslUtils */, + ); + name = lib; + path = OSX/libsecurity_apple_csp/lib; + sourceTree = ""; + }; + DCF7841B1D88B62300E694BB /* mds */ = { + isa = PBXGroup; + children = ( + ); + name = mds; + path = OSX/libsecurity_apple_csp/mds; + sourceTree = ""; + }; + DCF784231D88B62D00E694BB /* bf */ = { + isa = PBXGroup; + children = ( + DCF7841C1D88B62D00E694BB /* bf_ecb.c */, + DCF7841D1D88B62D00E694BB /* bf_enc.c */, + DCF7841E1D88B62D00E694BB /* bf_locl.h */, + DCF7841F1D88B62D00E694BB /* bf_pi.h */, + DCF784201D88B62D00E694BB /* bf_skey.c */, + DCF784211D88B62D00E694BB /* COPYRIGHT */, + DCF784221D88B62D00E694BB /* README */, + ); + path = bf; + sourceTree = ""; + }; + DCF784261D88B62D00E694BB /* bio */ = { + isa = PBXGroup; + children = ( + DCF784241D88B62D00E694BB /* bio_lib.c */, + DCF784251D88B62D00E694BB /* bss_file.c */, + ); + path = bio; + sourceTree = ""; + }; + DCF784441D88B62D00E694BB /* bn */ = { + isa = PBXGroup; + children = ( + DCF784271D88B62D00E694BB /* bn_add.c */, + DCF784281D88B62D00E694BB /* bn_asm.c */, + DCF784291D88B62D00E694BB /* bn_blind.c */, + DCF7842A1D88B62D00E694BB /* bn_ctx.c */, + DCF7842B1D88B62D00E694BB /* bn_div.c */, + DCF7842C1D88B62D00E694BB /* bn_err.c */, + DCF7842D1D88B62D00E694BB /* bn_exp.c */, + DCF7842E1D88B62D00E694BB /* bn_exp2.c */, + DCF7842F1D88B62D00E694BB /* bn_gcd.c */, + DCF784301D88B62D00E694BB /* bn_lcl.h */, + DCF784311D88B62D00E694BB /* bn_lib.c */, + DCF784321D88B62D00E694BB /* bn_mont.c */, + DCF784331D88B62D00E694BB /* bn_mpi.c */, + DCF784341D88B62D00E694BB /* bn_mul.c */, + DCF784351D88B62D00E694BB /* bn_prime.c */, + DCF784361D88B62D00E694BB /* bn_prime.h */, + DCF784371D88B62D00E694BB /* bn_print.c */, + DCF784381D88B62D00E694BB /* bn_rand.c */, + DCF784391D88B62D00E694BB /* bn_recp.c */, + DCF7843A1D88B62D00E694BB /* bn_shift.c */, + DCF7843B1D88B62D00E694BB /* bn_sqr.c */, + DCF7843C1D88B62D00E694BB /* bn_word.c */, + DCF7843D1D88B62D00E694BB /* bnspeed.c */, + DCF7843E1D88B62D00E694BB /* bntest.c */, + DCF7843F1D88B62D00E694BB /* divtest.c */, + DCF784401D88B62D00E694BB /* exp.c */, + DCF784411D88B62D00E694BB /* expspeed.c */, + DCF784421D88B62D00E694BB /* exptest.c */, + DCF784431D88B62D00E694BB /* vms-helper.c */, + ); + path = bn; + sourceTree = ""; + }; + DCF784471D88B62D00E694BB /* buffer */ = { + isa = PBXGroup; + children = ( + DCF784451D88B62D00E694BB /* buf_err.c */, + DCF784461D88B62D00E694BB /* buffer.c */, + ); + path = buffer; + sourceTree = ""; + }; + DCF7844F1D88B62D00E694BB /* dh */ = { + isa = PBXGroup; + children = ( + DCF7844A1D88B62D00E694BB /* dh_check.c */, + DCF7844B1D88B62D00E694BB /* dh_err.c */, + DCF7844C1D88B62D00E694BB /* dh_gen.c */, + DCF7844D1D88B62D00E694BB /* dh_key.c */, + DCF7844E1D88B62D00E694BB /* dh_lib.c */, + ); + path = dh; + sourceTree = ""; + }; + DCF784581D88B62D00E694BB /* dsa */ = { + isa = PBXGroup; + children = ( + DCF784501D88B62D00E694BB /* dsa_asn1.c */, + DCF784511D88B62D00E694BB /* dsa_err.c */, + DCF784521D88B62D00E694BB /* dsa_gen.c */, + DCF784531D88B62D00E694BB /* dsa_key.c */, + DCF784541D88B62D00E694BB /* dsa_lib.c */, + DCF784551D88B62D00E694BB /* dsa_ossl.c */, + DCF784561D88B62D00E694BB /* dsa_sign.c */, + DCF784571D88B62D00E694BB /* dsa_vrf.c */, + ); + path = dsa; + sourceTree = ""; + }; + DCF7845B1D88B62D00E694BB /* err */ = { + isa = PBXGroup; + children = ( + DCF784591D88B62D00E694BB /* err.c */, + DCF7845A1D88B62D00E694BB /* err_prn.c */, + ); + path = err; + sourceTree = ""; + }; + DCF7845E1D88B62D00E694BB /* lhash */ = { + isa = PBXGroup; + children = ( + DCF7845D1D88B62D00E694BB /* lhash.c */, + ); + path = lhash; + sourceTree = ""; + }; + DCF784671D88B62D00E694BB /* misc */ = { + isa = PBXGroup; + children = ( + DCF784611D88B62D00E694BB /* rc2_cbc.c */, + DCF784621D88B62D00E694BB /* rc2_locl.h */, + DCF784631D88B62D00E694BB /* rc2_skey.c */, + DCF784641D88B62D00E694BB /* rc5_enc.c */, + DCF784651D88B62D00E694BB /* rc5_locl.h */, + DCF784661D88B62D00E694BB /* rc5_skey.c */, + ); + path = misc; + sourceTree = ""; + }; + DCF784821D88B62D00E694BB /* openssl */ = { + isa = PBXGroup; + children = ( + DCF784681D88B62D00E694BB /* asn1_legacy.h */, + DCF784691D88B62D00E694BB /* bio_legacy.h */, + DCF7846A1D88B62D00E694BB /* blowfish_legacy.h */, + DCF7846B1D88B62D00E694BB /* bn_legacy.h */, + DCF7846C1D88B62D00E694BB /* buffer_legacy.h */, + DCF7846D1D88B62D00E694BB /* cast_legacy.h */, + DCF7846E1D88B62D00E694BB /* crypto_legacy.h */, + DCF7846F1D88B62D00E694BB /* dh_legacy.h */, + DCF784701D88B62D00E694BB /* dsa_legacy.h */, + DCF784711D88B62D00E694BB /* e_os.h */, + DCF784721D88B62D00E694BB /* e_os2_legacy.h */, + DCF784731D88B62D00E694BB /* opensslerr.h */, + DCF784741D88B62D00E694BB /* evp_legacy.h */, + DCF784751D88B62D00E694BB /* lhash_legacy.h */, + DCF784761D88B62D00E694BB /* objects_legacy.h */, + DCF784771D88B62D00E694BB /* openssl_pkcs7_legacy.h */, + DCF784781D88B62D00E694BB /* opensslconf_legacy.h */, + DCF784791D88B62D00E694BB /* opensslv_legacy.h */, + DCF7847A1D88B62D00E694BB /* rand.h */, + DCF7847B1D88B62D00E694BB /* rc2_legacy.h */, + DCF7847C1D88B62D00E694BB /* rc5_legacy.h */, + DCF7847D1D88B62D00E694BB /* rsa_legacy.h */, + DCF7847E1D88B62D00E694BB /* safestack_legacy.h */, + DCF7847F1D88B62D00E694BB /* stack_legacy.h */, + DCF784801D88B62D00E694BB /* x509_legacy.h */, + DCF784811D88B62D00E694BB /* x509_vfy_legacy.h */, + ); + path = openssl; + sourceTree = ""; + }; + DCF7848E1D88B62D00E694BB /* rsa */ = { + isa = PBXGroup; + children = ( + DCF784831D88B62D00E694BB /* rsa_chk.c */, + DCF784841D88B62D00E694BB /* rsa_eay.c */, + DCF784851D88B62D00E694BB /* rsa_err.c */, + DCF784861D88B62D00E694BB /* rsa_gen.c */, + DCF784871D88B62D00E694BB /* rsa_lib.c */, + DCF784881D88B62D00E694BB /* rsa_none.c */, + DCF784891D88B62D00E694BB /* rsa_null.c */, + DCF7848A1D88B62D00E694BB /* rsa_pk1.c */, + DCF7848B1D88B62D00E694BB /* rsa_saos.c */, + DCF7848C1D88B62D00E694BB /* rsa_sign.c */, + DCF7848D1D88B62D00E694BB /* rsa_ssl.c */, + ); + path = rsa; + sourceTree = ""; + }; + DCF784901D88B62D00E694BB /* stack */ = { + isa = PBXGroup; + children = ( + DCF7848F1D88B62D00E694BB /* stack.c */, + ); + path = stack; + sourceTree = ""; + }; + DCF784911D88B62D00E694BB /* open_ssl */ = { + isa = PBXGroup; + children = ( + DCF784231D88B62D00E694BB /* bf */, + DCF784261D88B62D00E694BB /* bio */, + DCF784441D88B62D00E694BB /* bn */, + DCF784471D88B62D00E694BB /* buffer */, + DCF784481D88B62D00E694BB /* cryptlib.c */, + DCF784491D88B62D00E694BB /* cryptlib.h */, + DCF7844F1D88B62D00E694BB /* dh */, + DCF784581D88B62D00E694BB /* dsa */, + DCF7845B1D88B62D00E694BB /* err */, + DCF7845C1D88B62D00E694BB /* ex_data.c */, + DCF7845E1D88B62D00E694BB /* lhash */, + DCF7845F1D88B62D00E694BB /* LICENSE */, + DCF784601D88B62D00E694BB /* mem.c */, + DCF784671D88B62D00E694BB /* misc */, + DCF784821D88B62D00E694BB /* openssl */, + DCF7848E1D88B62D00E694BB /* rsa */, + DCF784901D88B62D00E694BB /* stack */, + ); + name = open_ssl; + path = OSX/libsecurity_apple_csp/open_ssl; + sourceTree = ""; + }; + DCF784FA1D88B63800E694BB /* docs */ = { + isa = PBXGroup; + children = ( + DCF784F81D88B63800E694BB /* libsecurity_apple_csp.plist */, + DCF784F91D88B63800E694BB /* libsecurity_apple_csp.txt */, + ); + name = docs; + path = OSX/libsecurity_apple_csp/docs; + sourceTree = ""; + }; + DCF785E61D88B96800E694BB /* apple_cspdl */ = { + isa = PBXGroup; + children = ( + DCF7872F1D88C18A00E694BB /* AppleCSPDLBuiltin.cpp */, + DCF787181D88BA0100E694BB /* lib */, + ); + name = apple_cspdl; + sourceTree = ""; + }; + DCF787181D88BA0100E694BB /* lib */ = { + isa = PBXGroup; + children = ( + DCF787051D88BA0100E694BB /* AppleCSPDLPlugin.cpp */, + DCF787061D88BA0100E694BB /* CSPDLDatabase.cpp */, + DCF787071D88BA0100E694BB /* CSPDLDatabase.h */, + DCF787081D88BA0100E694BB /* CSPDLPlugin.cpp */, + DCF787091D88BA0100E694BB /* CSPDLPlugin.h */, + DCF7870A1D88BA0100E694BB /* SSContext.cpp */, + DCF7870B1D88BA0100E694BB /* SSContext.h */, + DCF7870C1D88BA0100E694BB /* SSCSPDLSession.cpp */, + DCF7870D1D88BA0100E694BB /* SSCSPDLSession.h */, + DCF7870E1D88BA0100E694BB /* SSCSPSession.cpp */, + DCF7870F1D88BA0100E694BB /* SSCSPSession.h */, + DCF787101D88BA0100E694BB /* SSDatabase.cpp */, + DCF787111D88BA0100E694BB /* SSDatabase.h */, + DCF787121D88BA0100E694BB /* SSDLSession.cpp */, + DCF787131D88BA0100E694BB /* SSDLSession.h */, + DCF787141D88BA0100E694BB /* SSFactory.cpp */, + DCF787151D88BA0100E694BB /* SSFactory.h */, + DCF787161D88BA0100E694BB /* SSKey.cpp */, + DCF787171D88BA0100E694BB /* SSKey.h */, + ); + name = lib; + path = OSX/libsecurity_apple_cspdl/lib; + sourceTree = ""; + }; + DCF787341D88C84300E694BB /* apple_file_dl */ = { + isa = PBXGroup; + children = ( + DCF7883F1D88C8DE00E694BB /* lib */, + DCF788431D88C8FF00E694BB /* AppleDLBuiltin.cpp */, + ); + name = apple_file_dl; + sourceTree = ""; + }; + DCF7883F1D88C8DE00E694BB /* lib */ = { + isa = PBXGroup; + children = ( + DCF7883C1D88C8DE00E694BB /* AppleDLPlugin.cpp */, + DCF7883D1D88C8DE00E694BB /* AppleFileDL.cpp */, + DCF7883E1D88C8DE00E694BB /* AppleFileDL.h */, + ); + name = lib; + path = OSX/libsecurity_apple_file_dl/lib; + sourceTree = ""; + }; + DCF7884F1D88CA8D00E694BB /* apple_x509_cl */ = { + isa = PBXGroup; + children = ( + DCF788741D88CABC00E694BB /* lib */, + ); + name = apple_x509_cl; + sourceTree = ""; + }; + DCF788741D88CABC00E694BB /* lib */ = { + isa = PBXGroup; + children = ( + DCF788501D88CABC00E694BB /* AppleX509CL.cpp */, + DCF788511D88CABC00E694BB /* AppleX509CL.h */, + DCF788521D88CABC00E694BB /* AppleX509CLBuiltin.cpp */, + DCF788531D88CABC00E694BB /* AppleX509CLPlugin.cpp */, + DCF788541D88CABC00E694BB /* AppleX509CLSession.cpp */, + DCF788551D88CABC00E694BB /* AppleX509CLSession.h */, + DCF788561D88CABC00E694BB /* CertFields.cpp */, + DCF788571D88CABC00E694BB /* CLCachedEntry.cpp */, + DCF788581D88CABC00E694BB /* CLCachedEntry.h */, + DCF788591D88CABC00E694BB /* CLCertExtensions.cpp */, + DCF7885A1D88CABC00E694BB /* CLCertExtensions.h */, + DCF7885B1D88CABC00E694BB /* CLCrlExtensions.cpp */, + DCF7885C1D88CABC00E694BB /* CLCrlExtensions.h */, + DCF7885D1D88CABC00E694BB /* cldebugging.h */, + DCF7885E1D88CABC00E694BB /* CLFieldsCommon.cpp */, + DCF7885F1D88CABC00E694BB /* CLFieldsCommon.h */, + DCF788601D88CABC00E694BB /* clNameUtils.cpp */, + DCF788611D88CABC00E694BB /* clNameUtils.h */, + DCF788621D88CABC00E694BB /* clNssUtils.cpp */, + DCF788631D88CABC00E694BB /* clNssUtils.h */, + DCF788641D88CABC00E694BB /* CrlFields.cpp */, + DCF788651D88CABC00E694BB /* CSPAttacher.cpp */, + DCF788661D88CABC00E694BB /* CSPAttacher.h */, + DCF788671D88CABC00E694BB /* DecodedCert.cpp */, + DCF788681D88CABC00E694BB /* DecodedCert.h */, + DCF788691D88CABC00E694BB /* DecodedCrl.cpp */, + DCF7886A1D88CABC00E694BB /* DecodedCrl.h */, + DCF7886B1D88CABC00E694BB /* DecodedExtensions.cpp */, + DCF7886C1D88CABC00E694BB /* DecodedExtensions.h */, + DCF7886D1D88CABC00E694BB /* DecodedItem.cpp */, + DCF7886E1D88CABC00E694BB /* DecodedItem.h */, + DCF7886F1D88CABC00E694BB /* LockedMap.h */, + DCF788701D88CABC00E694BB /* Session_Cert.cpp */, + DCF788711D88CABC00E694BB /* Session_CRL.cpp */, + DCF788721D88CABC00E694BB /* Session_Crypto.cpp */, + DCF788731D88CABC00E694BB /* Session_CSR.cpp */, + ); + name = lib; + path = OSX/libsecurity_apple_x509_cl/lib; + sourceTree = ""; + }; + DCF788AA1D88CD0C00E694BB /* apple_x509_tp */ = { + isa = PBXGroup; + children = ( + DCF788FB1D88CD4200E694BB /* lib */, + DCF789471D88D17C00E694BB /* AppleX509TPBuiltin.cpp */, + ); + name = apple_x509_tp; + sourceTree = ""; + }; + DCF788FB1D88CD4200E694BB /* lib */ = { + isa = PBXGroup; + children = ( + DCF788D71D88CD4200E694BB /* AppleTP.cpp */, + DCF788D81D88CD4200E694BB /* AppleTP.h */, + DCF788D91D88CD4200E694BB /* AppleTPSession.cpp */, + DCF788DA1D88CD4200E694BB /* AppleTPSession.h */, + DCF788DB1D88CD4200E694BB /* AppleX509TPPlugin.cpp */, + DCF788DC1D88CD4200E694BB /* certGroupUtils.cpp */, + DCF788DD1D88CD4200E694BB /* certGroupUtils.h */, + DCF788DE1D88CD4200E694BB /* cuEnc64.c */, + DCF788DF1D88CD4200E694BB /* cuEnc64.h */, + DCF788E01D88CD4200E694BB /* tpCertGroup.cpp */, + DCF788E11D88CD4200E694BB /* TPCertInfo.cpp */, + DCF788E41D88CD4200E694BB /* TPCertInfo.h */, + DCF788E51D88CD4200E694BB /* tpCredRequest.cpp */, + DCF788E61D88CD4200E694BB /* TPCrlInfo.cpp */, + DCF788E71D88CD4200E694BB /* TPCrlInfo.h */, + DCF788E81D88CD4200E694BB /* tpCrlVerify.cpp */, + DCF788E91D88CD4200E694BB /* tpCrlVerify.h */, + DCF788EA1D88CD4200E694BB /* TPDatabase.cpp */, + DCF788EB1D88CD4200E694BB /* TPDatabase.h */, + DCF788EC1D88CD4200E694BB /* tpdebugging.h */, + DCF788ED1D88CD4200E694BB /* TPNetwork.cpp */, + DCF788EE1D88CD4200E694BB /* TPNetwork.h */, + DCF788EF1D88CD4200E694BB /* ocspRequest.cpp */, + DCF788F01D88CD4200E694BB /* ocspRequest.h */, + DCF788F11D88CD4200E694BB /* tpOcspCache.cpp */, + DCF788F21D88CD4200E694BB /* tpOcspCache.h */, + DCF788F31D88CD4200E694BB /* tpOcspCertVfy.cpp */, + DCF788F41D88CD4200E694BB /* tpOcspCertVfy.h */, + DCF788F51D88CD4200E694BB /* tpOcspVerify.cpp */, + DCF788F61D88CD4200E694BB /* tpOcspVerify.h */, + DCF788F71D88CD4200E694BB /* tpPolicies.cpp */, + DCF788F81D88CD4200E694BB /* tpPolicies.h */, + DCF788F91D88CD4200E694BB /* tpTime.c */, + DCF788FA1D88CD4200E694BB /* tpTime.h */, + ); + name = lib; + path = OSX/libsecurity_apple_x509_tp/lib; + sourceTree = ""; + }; + E710C74A1331946500F85568 /* SecurityTests */ = { + isa = PBXGroup; + children = ( + DCE4E6D61D7A420100AFB96E /* SecurityTestsOSX */, + 4CC92ABA15A3B3D900C6D578 /* testlist.h */, + 4CC92B1B15A3BF2F00C6D578 /* testmain.c */, + D4D886E81CEBDD2A00DC7583 /* nist-certs */, + D4D886BE1CEB9F3B00DC7583 /* ssl-policy-certs */, + D4EC94FA1CEA482D0083E753 /* si-20-sectrust-policies-data */, + 0C0C88771CCEC5BD00617D1B /* si-82-sectrust-ct-data */, + DCE4E72E1D7A436300AFB96E /* si-82-sectrust-ct-logs.plist */, + 4C50ACFB1410671D00EE92DE /* DigiNotar */, + 79679E241462028800CF997F /* DigicertMalaysia */, + E710C74B1331946500F85568 /* Supporting Files */, + 0CB321F01464A95F00587CD3 /* CreateCerts.sh */, + ); + path = SecurityTests; + sourceTree = ""; + }; + E710C74B1331946500F85568 /* Supporting Files */ = { + isa = PBXGroup; + children = ( + 52A23EDB161DEC3700E271E0 /* Default-568h@2x.png */, + 4C465C7D13AFD82300E841AC /* SecurityDevTests-Info.plist */, + E710C74C1331946500F85568 /* SecurityTests-Info.plist */, + E7E4318813319C0700AF0CFD /* SecurityTests-Entitlements.plist */, + ); + name = "Supporting Files"; + sourceTree = ""; + }; + E7450BB216D42BD4009C07B8 /* Headers */ = { + isa = PBXGroup; + children = ( + 4C922CB2097F1984004CEEBD /* Security */, + ); + name = Headers; + sourceTree = ""; + }; + E7A5F4D11C0CFF4E00F3BEBB /* KVSKeychainSyncingProxy */ = { + isa = PBXGroup; + children = ( + E7C787321DD0FED50087FC34 /* XPCNotificationDispatcher.h */, + E7C787331DD0FED50087FC34 /* XPCNotificationDispatcher.m */, + E7A5F4C61C0CFF3200F3BEBB /* CKDKVSProxy.h */, + E7A5F4C71C0CFF3200F3BEBB /* CKDKVSProxy.m */, + E7C787181DCA4C5A0087FC34 /* CKDLockMonitor.h */, + E7C7871D1DCA4CF70087FC34 /* CKDAKSLockMonitor.h */, + E7C7871F1DCA4D430087FC34 /* CKDAKSLockMonitor.m */, + E73AC9421D0250D900FFFEE0 /* CKDStore.h */, + E722E9381CE92EE0005AD94B /* CKDKVSStore.h */, + E722E9111CE92DFC005AD94B /* CKDKVSStore.m */, + E7B945B01CFE5D440027F31D /* CKDAccount.h */, + E7B945B11CFE5EBD0027F31D /* CKDSecuritydAccount.h */, + E7B945B21CFE5EBD0027F31D /* CKDSecuritydAccount.m */, + E7A5F4CE1C0CFF3300F3BEBB /* cloudkeychainproxy.m */, + E7A5F4D91C0D01EE00F3BEBB /* Supporting Files */, + ); + name = KVSKeychainSyncingProxy; + sourceTree = ""; + }; + E7A5F4D91C0D01EE00F3BEBB /* Supporting Files */ = { + isa = PBXGroup; + children = ( + E7A5F4CC1C0CFF3300F3BEBB /* CloudKeychainProxy-Info.plist */, + E7A5F4CB1C0CFF3300F3BEBB /* cloudkeychain.entitlements.plist */, + 8E64DB4C1C17CD3F0076C9DF /* com.apple.security.cloudkeychainproxy3.ios.plist */, + 8E64DB4D1C17CD400076C9DF /* com.apple.security.cloudkeychainproxy3.osx.plist */, + DC24B5851DA432E900330B48 /* CloudKeychainProxy.1 */, + ); + name = "Supporting Files"; + sourceTree = ""; + }; + E7C4D03512F9EB210022E067 /* iOS */ = { + isa = PBXGroup; + children = ( + 7901790E12D51F7200CA4D44 /* SecCmsBase.h */, + 7901790F12D51F7200CA4D44 /* SecCmsContentInfo.h */, + 7901791012D51F7200CA4D44 /* SecCmsDecoder.h */, + 7901791112D51F7200CA4D44 /* SecCmsDigestContext.h */, + 7901791212D51F7200CA4D44 /* SecCmsEncoder.h */, + 7901791312D51F7200CA4D44 /* SecCmsEnvelopedData.h */, + 7901791412D51F7200CA4D44 /* SecCmsMessage.h */, + 7901791512D51F7200CA4D44 /* SecCmsRecipientInfo.h */, + 7901791612D51F7200CA4D44 /* SecCmsSignedData.h */, + 7901791712D51F7200CA4D44 /* SecCmsSignerInfo.h */, + ); + name = iOS; + path = libsecurity_smime/lib; + sourceTree = ""; + }; + E7D847C61C6BE9710025BB44 /* KeychainCircle.framework */ = { + isa = PBXGroup; + children = ( + E7D848031C6BEFAB0025BB44 /* Tests */, + E7D848011C6BEE360025BB44 /* Supporting Files */, + E7E3EFE21CBC195700E79A5D /* KCAccountKCCircleDelegate.h */, + E7E3EFB91CBC192A00E79A5D /* KCAccountKCCircleDelegate.m */, + E7F480131C7397CE00390FDB /* KCJoiningSession.h */, + E7F480141C73980D00390FDB /* KCJoiningRequestSession.m */, + E7F482AB1C7558F700390FDB /* KCJoiningAcceptSession.m */, + E794BAD91C7598E400339A0F /* KCJoiningMessages.h */, + E794BAFF1C7598F900339A0F /* KCJoiningMessages.m */, + E71454C71C741DCD00B5B20B /* KCDer.h */, + E794BA6E1C7424D800339A0F /* KCDer.m */, + E71454ED1C741E0800B5B20B /* KCError.h */, + E71454EE1C741E0800B5B20B /* KCError.m */, + E75C0E801C6FC31D00E6953B /* KCSRPContext.h */, + E75C0E811C6FC31D00E6953B /* KCSRPContext.m */, + E7F480111C729C7B00390FDB /* NSError+KCCreationHelpers.h */, + E7F482A91C7554F500390FDB /* NSError+KCCreationHelpers.m */, + E772FD6F1CC15F1F00D63E41 /* NSData+SecRandom.h */, + E772FD461CC15EFA00D63E41 /* NSData+SecRandom.m */, + E75C0E841C71325000E6953B /* KeychainCircle.h */, + E7F480301C73FC4C00390FDB /* KCAESGCMDuplexSession.h */, + E7F480311C73FC4C00390FDB /* KCAESGCMDuplexSession.m */, + ); + name = KeychainCircle.framework; + path = KeychainCircle; + sourceTree = ""; + }; + E7D848011C6BEE360025BB44 /* Supporting Files */ = { + isa = PBXGroup; + children = ( + E7D847C91C6BE9710025BB44 /* Info.plist */, + ); + name = "Supporting Files"; + sourceTree = ""; + }; + E7D848031C6BEFAB0025BB44 /* Tests */ = { + isa = PBXGroup; + children = ( + E7CFF7221C8660A000E3484E /* KeychainCircle.plist */, + E7D848061C6BEFFA0025BB44 /* Info.plist */, + E7D848041C6BEFC10025BB44 /* KCSRPTests.m */, + E7F4809B1C74E85200390FDB /* KCDerTest.m */, + E7F4809D1C74E86D00390FDB /* KCAESGCMTest.m */, + E7F4826F1C74FDD100390FDB /* KCJoiningSessionTest.m */, + ); + name = Tests; + sourceTree = ""; + }; + E7FCBE401314471B000DE34E /* Frameworks */ = { + isa = PBXGroup; + children = ( + BE8ABDD71DC2DD9100EC2D58 /* libz.dylib */, + EB3EBF0F1DBD413600620B2C /* libobjc.dylib */, + DC59EA731D91CBD0001BDDF5 /* libcrypto.dylib */, + DC5AC0C61D8353C800CF422C /* PCSC.framework */, + DC52EC6A1D80D0E300B0A59C /* IDSFoundation.framework */, + DCE4E93E1D7F3E4000AFB96E /* AOSAccounts.framework */, + DCE4E93B1D7F3E0900AFB96E /* AOSUI.framework */, + 4CF4C19C171E0EA600877419 /* Accounts.framework */, + 72B368BD179891FC004C37CE /* AggregateDictionary.framework */, + 433E519D1B66D5F600482618 /* AppSupport.framework */, + 4C84DA541720698900AEE225 /* AppleAccount.framework */, + DC610A3F1D78F2FF002223DE /* AppleSystemInfo.framework */, + 2281820D17B4686C0067C9C9 /* BackgroundTaskAgent.framework */, + 4CF730310EF9CDE300E17471 /* CFNetwork.framework */, + DCE4E8141D7A4E6F00AFB96E /* CFNetwork.framework */, + 4C8A38C817B93DF10001B4C0 /* CloudServices.framework */, + DCE4E8FE1D7F3A2300AFB96E /* Cocoa.framework */, + DCE4E9411D7F3E6E00AFB96E /* CoreCDP.framework */, + 5E43C48C1B00D07000E5ECB2 /* CoreFoundation.framework */, + DC1789241D7799CD00B50D50 /* CoreFoundation.framework */, + E7FCBE451314471B000DE34E /* CoreGraphics.framework */, + DCE4E9391D7F3DF200AFB96E /* CrashReporterSupport.framework */, + E7D848541C6C1D9C0025BB44 /* Foundation.framework */, + E7FCBE431314471B000DE34E /* Foundation.framework */, + CD744683195A00BB00FB01C0 /* IDS.framework */, + 4CBCE5A90BE7F69100FF81F5 /* IOKit.framework */, + DC1789261D7799D300B50D50 /* IOKit.framework */, + 72C3EC2D1705F24E0040C87C /* ManagedConfiguration.framework */, + 7273402816CAFB3C0096622A /* MobileAsset.framework */, + 4C7913241799A5CB00A9633E /* MobileCoreServices.framework */, + D4B858661D370D9A003B2D95 /* MobileCoreServices.framework */, + E7FC30AB1332DE9000802946 /* MobileKeyBag.framework */, + 5E1D7E0319A5EBB700D322DA /* Preferences.framework */, + 43DB542E1BB1F85B0083C3F1 /* ProtectedCloudStorage.framework */, + 52D82BD316A5EADA0078DFE5 /* Security.framework */, + DCE4E6E71D7A427200AFB96E /* SecurityFoundation.framework */, + DCE4E7C01D7A463E00AFB96E /* SecurityFoundation.framework */, + 4C079EBC1794A96200D73970 /* ServiceManagement.framework */, + 52222CC0167BDAE100EDD09C /* SpringBoardServices.framework */, + BE197F5A1911723E00BA91D1 /* SpringBoardUIServices.framework */, + DC5AC0C31D8353B900CF422C /* System.framework */, + E71F3E3016EA69A900FAF9B4 /* SystemConfiguration.framework */, + E7FCBE411314471B000DE34E /* UIKit.framework */, + E75E498C1C8F76680001A34F /* libASN1.a */, + E75E498A1C8F76360001A34F /* libDER.a */, + DC1789121D7798B300B50D50 /* libDiagnosticMessagesClient.dylib */, + DC610A3C1D78F25C002223DE /* libDiagnosticMessagesClient.dylib */, + DC1789141D77997F00B50D50 /* libOpenScriptingUtil.dylib */, + EB2CA4D81D2C28C800AB770F /* libaks.a */, + 4432AF8C1A01472C000958DC /* libaks_acl.a */, + DC1789161D77998700B50D50 /* libauto.dylib */, + DC1789181D77998C00B50D50 /* libbsm.dylib */, + E7F482A51C75453900390FDB /* libcoreauthd_test_client.a */, + 0CFC029B1D41650700E6283B /* libcoretls.dylib */, + DCE4E6D91D7A421D00AFB96E /* libcoretls.dylib */, + E7F482A21C7544E600390FDB /* libctkclient_test.a */, + EBE54D771BE33227000C4856 /* libmis.dylib */, + DC17891A1D77999200B50D50 /* libobjc.dylib */, + DC17891C1D77999700B50D50 /* libpam.dylib */, + DCE4E81B1D7A4E8F00AFB96E /* libsqlite3.0.dylib */, + DC17891E1D77999D00B50D50 /* libsqlite3.dylib */, + DC1789201D7799A100B50D50 /* libxar.dylib */, + DC1789221D7799A600B50D50 /* libz.dylib */, + DCE4E8271D7A4F0E00AFB96E /* login.framework */, + ); + name = Frameworks; + sourceTree = ""; + }; + EB0BC9641C3C792E00785842 /* secedumodetest */ = { + isa = PBXGroup; + children = ( + EB0BC9651C3C794700785842 /* secedumodetest.entitlements */, + EB0BC9661C3C794700785842 /* secedumodetest.m */, + ); + name = secedumodetest; + sourceTree = ""; + }; + EB2CA5311D2C30CD00AB770F /* xcconfig */ = { + isa = PBXGroup; + children = ( + EB2CA5561D2C30F700AB770F /* Security.xcconfig */, + D47C56FB1DCA8F4900E18518 /* all_arches.xcconfig */, + DCE4E82B1D7A54D300AFB96E /* ios_on_macos.xcconfig */, + DC8E04901D7F6780006D80EB /* lib_ios.xcconfig */, + DCC78EA31D80870D00865A7C /* lib_ios_debug.xcconfig */, + DC71D8DD1D94CF3C0065FB93 /* lib_ios_debug_shim.xcconfig */, + DCC78EA41D80870D00865A7C /* lib_ios_release.xcconfig */, + DC71D8DE1D94CF6A0065FB93 /* lib_ios_release_shim.xcconfig */, + D47C56AB1DCA831C00E18518 /* lib_ios_x64.xcconfig */, + D47C56AC1DCA835200E18518 /* lib_ios_x64_debug.xcconfig */, + D47C56AE1DCA839400E18518 /* lib_ios_x64_release.xcconfig */, + D47C56AF1DCA841D00E18518 /* lib_ios_x64_debug_shim.xcconfig */, + D47C56B01DCA843800E18518 /* lib_ios_x64_release_shim.xcconfig */, + DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */, + ); + name = xcconfig; + sourceTree = ""; + }; + EB425CCC1C6584A9000ECE53 /* secbackuptest */ = { + isa = PBXGroup; + children = ( + EB425CCD1C65854F000ECE53 /* secbackuptest.entitlements */, + EB425CCE1C65854F000ECE53 /* secbackuptest.m */, + ); + name = secbackuptest; + sourceTree = ""; + }; + EB4339F61CC323F000A7EACE /* secitemstresstest */ = { + isa = PBXGroup; + children = ( + EB433A2D1CC325E900A7EACE /* secitemstresstest.entitlements */, + EB433A1E1CC3242C00A7EACE /* secitemstresstest.m */, + ); + name = secitemstresstest; + sourceTree = ""; + }; + EB80211C1D3D9044008540C4 /* Modules */ = { + isa = PBXGroup; + children = ( + EB8021411D3D90BB008540C4 /* Security.iOS.modulemap */, + EB8021421D3D90BB008540C4 /* Security.macOS.modulemap */, + ); + name = Modules; + sourceTree = ""; + }; + EB9C1D7C1BDFD0E100F89272 /* secbackupntest */ = { + isa = PBXGroup; + children = ( + EB9C1D7D1BDFD0E100F89272 /* secbackupntest.m */, + ); + path = secbackupntest; + sourceTree = ""; + }; + EB9C1DAA1BDFD0FE00F89272 /* RegressionTests */ = { + isa = PBXGroup; + children = ( + EB9C1DAD1BDFD49400F89272 /* Security.plist */, + EB3A8DD71BEEC4D6001A89AA /* Security_edumode.plist */, + EB9C1D7C1BDFD0E100F89272 /* secbackupntest */, + EB425CCC1C6584A9000ECE53 /* secbackuptest */, + EB0BC9641C3C792E00785842 /* secedumodetest */, + EBCF73CC1CE45F3F00BED7CA /* secitemfunctionality */, + EBA9AA561CE30C91004E2B68 /* secitemnotifications */, + EB4339F61CC323F000A7EACE /* secitemstresstest */, + ); + path = RegressionTests; + sourceTree = ""; + }; + EBA9AA561CE30C91004E2B68 /* secitemnotifications */ = { + isa = PBXGroup; + children = ( + EBA9AA7B1CE30CE7004E2B68 /* secitemnotifications.entitlements */, + EBA9AA7C1CE30CE7004E2B68 /* secitemnotifications.m */, + ); + name = secitemnotifications; + sourceTree = ""; + }; + EBCF73CC1CE45F3F00BED7CA /* secitemfunctionality */ = { + isa = PBXGroup; + children = ( + EBCF73F11CE45F8600BED7CA /* secitemfunctionality.entitlements */, + EBCF73F21CE45F8600BED7CA /* secitemfunctionality.m */, + ); + name = secitemfunctionality; + sourceTree = ""; + }; + EBF374731DC055590065D840 /* security-sysdiagnose */ = { + isa = PBXGroup; + children = ( + E76638AE1DD67B7100B769D3 /* security-sysdiagnose.entitlements.plist */, + EBF374741DC055590065D840 /* security-sysdiagnose.m */, + EBF3747F1DC057FE0065D840 /* security-sysdiagnose.1 */, + ); + path = "security-sysdiagnose"; + sourceTree = ""; + }; + F93C49391AB8FF530047E01A /* ckcdiagnose */ = { + isa = PBXGroup; + children = ( + F93C493A1AB8FF530047E01A /* ckcdiagnose.sh */, + ); + path = ckcdiagnose; + sourceTree = ""; + }; +/* End PBXGroup section */ + +/* Begin PBXHeadersBuildPhase section */ + 4C32C0AA0A4975F6002891BD /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + 4C32C1030A4976BF002891BD /* certextensions.h in Headers */, + 4C32C1240A4976BF002891BD /* SecBase.h in Headers */, + 4C32C1250A4976BF002891BD /* SecCertificate.h in Headers */, + 4C32C1260A4976BF002891BD /* SecTrust.h in Headers */, + 4CF0484C0A5D988F00268236 /* SecItem.h in Headers */, + 4CF048800A5F016300268236 /* SecItemPriv.h in Headers */, + 4C999BA60AB5F0BB0010451D /* NtlmGenerator.h in Headers */, + 4C999BA80AB5F0BB0010451D /* ntlmBlobPriv.h in Headers */, + 4C7608B30AC34A8100980096 /* SecCertificatePriv.h in Headers */, + 4CEF4CA80C5551FE00062475 /* SecCertificateInternal.h in Headers */, + BE061FE11899ECEE00C739F6 /* SecSharedCredential.h in Headers */, + 443381EE18A3D83A00215606 /* SecAccessControlPriv.h in Headers */, + DC3C73541D837B1900F6A832 /* SOSCloudCircle.h in Headers */, + 524492941AFD6D480043695A /* der_plist.h in Headers */, + DC3C73531D837AF800F6A832 /* SOSPeerInfo.h in Headers */, + 4C12828D0BB4957D00985BB0 /* SecTrustSettingsPriv.h in Headers */, + CDDE9BD11729ABFA0013B0E8 /* SecPasswordGenerate.h in Headers */, + 4C7072860AC9EA4F007CC205 /* SecKey.h in Headers */, + 4C7072D40AC9ED5A007CC205 /* SecKeyPriv.h in Headers */, + 4C7073CA0ACB2BAD007CC205 /* SecRSAKey.h in Headers */, + EB6928C51D9C9C6E00062A18 /* SecRecoveryKey.h in Headers */, + 4C0B906E0ACCBD240077CD03 /* SecFramework.h in Headers */, + 4C7391790B01745000C4CBFA /* vmdh.h in Headers */, + 4C64E01C0B8FBC71009B306C /* SecIdentity.h in Headers */, + 4C64E01D0B8FBC7E009B306C /* Security.h in Headers */, + E7676DB619411DF300498DD4 /* SecServerEncryptionSupport.h in Headers */, + 4C4296320BB0A68200491999 /* SecTrustSettings.h in Headers */, + 4CBA0E880BB33C0000E72B55 /* SecPolicy.h in Headers */, + 4C6416D50BB34F00001C83FD /* SecPolicyPriv.h in Headers */, + 78F92F11195128D70023B54B /* SecECKeyPriv.h in Headers */, + 4CD3BA621106FF4D00BE8B75 /* SecECKey.h in Headers */, + 4C6416F10BB357D5001C83FD /* SecInternal.h in Headers */, + 443381ED18A3D83100215606 /* SecAccessControl.h in Headers */, + 4C1B442D0BB9CAF900461B82 /* SecTrustStore.h in Headers */, + DC3C7AB81D838C6F00F6A832 /* oidsalg.h in Headers */, + 4CF41D0C0BBB4022005F3248 /* SecCertificatePath.h in Headers */, + 4C2F81D50BF121D2003C4F77 /* SecRandom.h in Headers */, + 7940D4130C3ACF9000FDB5D8 /* SecDH.h in Headers */, + 790850F70CA88AE10083CC4D /* securityd_client.h in Headers */, + 795CA9CE0D38435E00BAE6A2 /* p12pbegen.h in Headers */, + 79EF5B730D3D6AFE009F5270 /* p12import.h in Headers */, + 4CE7EA791AEAF39C0067F5BD /* SecItemBackup.h in Headers */, + DC3C7AB51D838C1300F6A832 /* SecAsn1Templates.h in Headers */, + 79EF5B6E0D3D6A31009F5270 /* SecImportExport.h in Headers */, + 4CCE0ADA0D41797400DDBB21 /* SecIdentityPriv.h in Headers */, + 4CCE0ADE0D4179E500DDBB21 /* SecBasePriv.h in Headers */, + 4CFBF6100D5A951100969BBE /* SecPolicyInternal.h in Headers */, + DC3C7AB91D838C8D00F6A832 /* oids.h in Headers */, + 4C87F3A80D611C26000E7104 /* SecTrustPriv.h in Headers */, + 79BDD3C20D60DB84000D84D3 /* SecCMS.h in Headers */, + 107226D30D91DB32003CF14F /* SecTask.h in Headers */, + 4C7CE5700DC7DC6600AE53FC /* SecEntitlements.h in Headers */, + 791766DE0DD0162C00F3B974 /* SecCertificateRequest.h in Headers */, + 4C7416040F1D71A2008E0E4D /* SecSCEP.h in Headers */, + DC3C72E21D8374D600F6A832 /* SecureTransportPriv.h in Headers */, + 4AF7FFFD15AFB73800B9D400 /* SecOTR.h in Headers */, + DC3C7AB21D838B6D00F6A832 /* SecureTransport.h in Headers */, + 4AF7FFFE15AFB73800B9D400 /* SecOTRDHKey.h in Headers */, + 4AF7FFFF15AFB73800B9D400 /* SecOTRErrors.h in Headers */, + 4AF7000015AFB73800B9D400 /* SecOTRIdentityPriv.h in Headers */, + 4AF7000115AFB73800B9D400 /* SecOTRMath.h in Headers */, + 4AF7000315AFB73800B9D400 /* SecOTRPacketData.h in Headers */, + DC3C7AB31D838BC300F6A832 /* CipherSuite.h in Headers */, + 4AF7000415AFB73800B9D400 /* SecOTRPackets.h in Headers */, + DC3C7ABA1D838C9F00F6A832 /* sslTypes.h in Headers */, + 4AF7000515AFB73800B9D400 /* SecOTRSession.h in Headers */, + D487B9821DFA28DB000410A1 /* SecInternalReleasePriv.h in Headers */, + 4AF7000615AFB73800B9D400 /* SecOTRSessionPriv.h in Headers */, + EB69AB301BF4348000913AF1 /* SecEMCSPriv.h in Headers */, + D47F514C1C3B812500A7CEFE /* SecCFAllocator.h in Headers */, + 8E02FA6B1107BE460043545E /* pbkdf2.h in Headers */, + 8ED6F6CA110904E300D2B368 /* SecPBKDF.h in Headers */, + 7901791812D51F7200CA4D44 /* SecCmsBase.h in Headers */, + DC3C7AB61D838C2D00F6A832 /* SecAsn1Types.h in Headers */, + DC3C73551D837B2C00F6A832 /* SOSPeerInfoPriv.h in Headers */, + 7901791912D51F7200CA4D44 /* SecCmsContentInfo.h in Headers */, + 7901791A12D51F7200CA4D44 /* SecCmsDecoder.h in Headers */, + 7901791B12D51F7200CA4D44 /* SecCmsDigestContext.h in Headers */, + 7901791C12D51F7200CA4D44 /* SecCmsEncoder.h in Headers */, + 7901791D12D51F7200CA4D44 /* SecCmsEnvelopedData.h in Headers */, + 7901791E12D51F7200CA4D44 /* SecCmsMessage.h in Headers */, + 7901791F12D51F7200CA4D44 /* SecCmsRecipientInfo.h in Headers */, + 7901792012D51F7200CA4D44 /* SecCmsSignedData.h in Headers */, + 7901792112D51F7200CA4D44 /* SecCmsSignerInfo.h in Headers */, + DC3C7AB71D838C5C00F6A832 /* secasn1t.h in Headers */, + DC3C7AB41D838BEB00F6A832 /* SecAsn1Coder.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0067951D87876F005AF8DB /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0067C81D878898005AF8DB /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC5861D8B70E700070CB0 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC5A51D8B711000070CB0 /* cuFileIo.h in Headers */, + DC0BC5AD1D8B711000070CB0 /* cuTimeStr.h in Headers */, + DC0BC5A71D8B711000070CB0 /* cuOidParser.h in Headers */, + DC0BC5A31D8B711000070CB0 /* cuEnc64.h in Headers */, + DC0BC5A91D8B711000070CB0 /* cuPem.h in Headers */, + DC0BC5A11D8B711000070CB0 /* cuDbUtils.h in Headers */, + DC0BC59F1D8B711000070CB0 /* cuCdsaUtils.h in Headers */, + DC0BC5AB1D8B711000070CB0 /* cuPrintCert.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC5B11D8B71FD00070CB0 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC5BD1D8B723500070CB0 /* checkpw.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC5E31D8B742200070CB0 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC5F51D8B745700070CB0 /* comDebug.h in Headers */, + DC0BC5F41D8B745700070CB0 /* comcryptPriv.h in Headers */, + DC0BC5F21D8B745700070CB0 /* comcryption.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC5F91D8B752B00070CB0 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC6901D8B755200070CB0 /* giantIntegers.h in Headers */, + DC0BC6541D8B755200070CB0 /* CipherFileDES.h in Headers */, + DC0BC6621D8B755200070CB0 /* ckutilities.h in Headers */, + DC0BC65E1D8B755200070CB0 /* ckSHA1.h in Headers */, + DC0BC6921D8B755200070CB0 /* giantPort_i486.h in Headers */, + DC0BC6721D8B755200070CB0 /* ellipticMeasure.h in Headers */, + DC0BC6711D8B755200070CB0 /* elliptic.h in Headers */, + DC0BC66E1D8B755200070CB0 /* ECDSA_Profile.h in Headers */, + DC0BC6651D8B755200070CB0 /* CryptKit.h in Headers */, + DC0BC69B1D8B755200070CB0 /* platform.h in Headers */, + DC0BC6581D8B755200070CB0 /* ckconfig.h in Headers */, + DC0BC6831D8B755200070CB0 /* feeFEED.h in Headers */, + DC0BC6811D8B755200070CB0 /* feeECDSA.h in Headers */, + DC0BC6631D8B755200070CB0 /* Crypt.h in Headers */, + DC0BC67F1D8B755200070CB0 /* feeDigitalSignature.h in Headers */, + DC0BC66D1D8B755200070CB0 /* curveParams.h in Headers */, + DC0BC66A1D8B755200070CB0 /* curveParamData.h in Headers */, + DC0BC67B1D8B755200070CB0 /* feeDebug.h in Headers */, + DC0BC6561D8B755200070CB0 /* CipherFileFEED.h in Headers */, + DC0BC65A1D8B755200070CB0 /* ckDES.h in Headers */, + DC0BC6741D8B755200070CB0 /* ellipticProj.h in Headers */, + DC0BC6521D8B755200070CB0 /* byteRep.h in Headers */, + DC0BC6851D8B755200070CB0 /* feeFEEDExp.h in Headers */, + DC0BC6641D8B755200070CB0 /* CryptKitSA.h in Headers */, + DC0BC6571D8B755200070CB0 /* CipherFileTypes.h in Headers */, + DC0BC6691D8B755200070CB0 /* CryptKitDER.h in Headers */, + DC0BC65C1D8B755200070CB0 /* ckMD5.h in Headers */, + DC0BC66F1D8B755200070CB0 /* ECDSA_Verify_Prefix.h in Headers */, + DC0BC6941D8B755200070CB0 /* giantPort_PPC.h in Headers */, + DC0BC6861D8B755200070CB0 /* feeFunctions.h in Headers */, + DC0BC68B1D8B755200070CB0 /* feePublicKeyPrivate.h in Headers */, + DC0BC68A1D8B755200070CB0 /* feePublicKey.h in Headers */, + DC0BC66B1D8B755200070CB0 /* curveParamDataOld.h in Headers */, + DC0BC68D1D8B755200070CB0 /* feeRandom.h in Headers */, + DC0BC6761D8B755200070CB0 /* enc64.h in Headers */, + DC0BC6601D8B755200070CB0 /* ckSHA1_priv.h in Headers */, + DC0BC6791D8B755200070CB0 /* falloc.h in Headers */, + DC0BC6971D8B755200070CB0 /* giantPortCommon.h in Headers */, + DC0BC67A1D8B755200070CB0 /* feeCipherFile.h in Headers */, + DC0BC6881D8B755200070CB0 /* feeHash.h in Headers */, + DC0BC67D1D8B755200070CB0 /* feeDES.h in Headers */, + DC0BC6911D8B755200070CB0 /* giantPort_Generic.h in Headers */, + DC0BC6671D8B755200070CB0 /* CryptKitAsn1.h in Headers */, + DC0BC68E1D8B755200070CB0 /* feeTypes.h in Headers */, + DC0BC6991D8B755200070CB0 /* HmacSha1Legacy.h in Headers */, + DC0BC6951D8B755200070CB0 /* giantPort_PPC_Gnu.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC7461D8B771600070CB0 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC7DF1D8B7BBA00070CB0 /* cssmapple.h in Headers */, + DC0BC7A41D8B773000070CB0 /* cssmint.h in Headers */, + DC0BC7C91D8B7AFD00070CB0 /* certextensions.h in Headers */, + DC0BC7D31D8B7B7F00070CB0 /* cssmkrapi.h in Headers */, + DC0BC7A91D8B773000070CB0 /* manager.h in Headers */, + DC0BC7CC1D8B7B7F00070CB0 /* cssmaci.h in Headers */, + DC0BC7D41D8B7B7F00070CB0 /* cssmkrspi.h in Headers */, + DC0BC7CE1D8B7B7F00070CB0 /* cssmcli.h in Headers */, + DC0BC7D61D8B7B7F00070CB0 /* cssmtpi.h in Headers */, + DC0BC7A61D8B773000070CB0 /* cssmmds.h in Headers */, + DC0BC7CF1D8B7B7F00070CB0 /* cssmconfig.h in Headers */, + DC0BC7DB1D8B7B7F00070CB0 /* oidsbase.h in Headers */, + DC0BC7D51D8B7B7F00070CB0 /* cssmspi.h in Headers */, + DC0BC7D01D8B7B7F00070CB0 /* cssmcspi.h in Headers */, + DC0BC7AD1D8B773000070CB0 /* modload_static.h in Headers */, + DC0BC7D21D8B7B7F00070CB0 /* cssmerr.h in Headers */, + DC0BC7DD1D8B7B7F00070CB0 /* oidscrl.h in Headers */, + DC0BC7A01D8B773000070CB0 /* cspattachment.h in Headers */, + DC0BC7CA1D8B7B2D00070CB0 /* cssm.h in Headers */, + DC0BC79C1D8B773000070CB0 /* attachfactory.h in Headers */, + DC0BC7D91D8B7B7F00070CB0 /* emmspi.h in Headers */, + DC0BC7AF1D8B773000070CB0 /* modloader.h in Headers */, + DC0BC7AB1D8B773000070CB0 /* modload_plugin.h in Headers */, + DC0BC7CB1D8B7B7F00070CB0 /* cssmapplePriv.h in Headers */, + DC0BC7D71D8B7B7F00070CB0 /* cssmtype.h in Headers */, + DC0BC7A31D8B773000070CB0 /* cssmcontext.h in Headers */, + DC0BC7B11D8B773000070CB0 /* module.h in Headers */, + DC0BC7DE1D8B7B7F00070CB0 /* x509defs.h in Headers */, + DC0BC79E1D8B773000070CB0 /* attachment.h in Headers */, + DC0BC7DC1D8B7B7F00070CB0 /* oidscert.h in Headers */, + DC0BC7DA1D8B7B7F00070CB0 /* emmtype.h in Headers */, + DC0BC7D11D8B7B7F00070CB0 /* cssmdli.h in Headers */, + DC0BC7CD1D8B7B7F00070CB0 /* cssmapi.h in Headers */, + DC0BC7D81D8B7B7F00070CB0 /* eisl.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC8991D8B7CBD00070CB0 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC8C31D8B7CFF00070CB0 /* MetaRecord.h in Headers */, + DC0BC8C61D8B7CFF00070CB0 /* SelectionPredicate.h in Headers */, + DC0BC8C11D8B7CFF00070CB0 /* MetaAttribute.h in Headers */, + DC0BC8B71D8B7CFF00070CB0 /* AppleDatabase.h in Headers */, + DC0BC8BD1D8B7CFF00070CB0 /* DbQuery.h in Headers */, + DC0BC8BF1D8B7CFF00070CB0 /* DbValue.h in Headers */, + DC0BC8BB1D8B7CFF00070CB0 /* DbIndex.h in Headers */, + DC0BC8B91D8B7CFF00070CB0 /* AtomicFile.h in Headers */, + DC0BC8C41D8B7CFF00070CB0 /* ReadWriteSection.h in Headers */, + DC0BC8B51D8B7CFF00070CB0 /* OverUnderflowCheck.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC8CD1D8B7DA200070CB0 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC8E61D8B7DCF00070CB0 /* Download.h in Headers */, + DC0BC8F01D8B7DD000070CB0 /* ManifestSigner.h in Headers */, + DC0BC8F21D8B7DD000070CB0 /* Manifest.h in Headers */, + DC0BC8EA1D8B7DD000070CB0 /* SecureDownloadInternal.h in Headers */, + DC0BC8EC1D8B7DD000070CB0 /* AppleManifest.h in Headers */, + DC0BC8F31D8B7DD000070CB0 /* SecManifest.h in Headers */, + DC0BC8EE1D8B7DD000070CB0 /* ManifestInternal.h in Headers */, + DC0BC8E81D8B7DCF00070CB0 /* SecureDownload.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC8FA1D8B7E8000070CB0 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC91F1D8B7EA700070CB0 /* MDSDatabase.h in Headers */, + DC0BC9191D8B7EA700070CB0 /* MDSAttrParser.h in Headers */, + DC0BC9271D8B7EA700070CB0 /* MDSSession.h in Headers */, + DC0BC91B1D8B7EA700070CB0 /* MDSAttrStrings.h in Headers */, + DC0BC9281D8B7EA700070CB0 /* mds_schema.h in Headers */, + DC0BC9291D8B7EA700070CB0 /* mds.h in Headers */, + DC0BC9211D8B7EA700070CB0 /* MDSDictionary.h in Headers */, + DC0BC9251D8B7EA700070CB0 /* MDSSchema.h in Headers */, + DC0BC91D1D8B7EA700070CB0 /* MDSAttrUtils.h in Headers */, + DC0BC92A1D8B7EA700070CB0 /* mdspriv.h in Headers */, + DC0BC9231D8B7EA700070CB0 /* MDSModule.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC92F1D8B7F6A00070CB0 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC94B1D8B7FA700070CB0 /* ocspResponse.h in Headers */, + DC0BC9441D8B7FA700070CB0 /* ocspdTypes.h in Headers */, + DC0BC9471D8B7FA700070CB0 /* ocspdDbSchema.h in Headers */, + DC0BC9431D8B7FA700070CB0 /* ocspdUtils.h in Headers */, + DC0BC9491D8B7FA700070CB0 /* ocspExtensions.h in Headers */, + DC0BC9501D8B7FE000070CB0 /* ocspdClient.h in Headers */, + DC0BC9591D8B7FFE00070CB0 /* ocspd.h in Headers */, + DC0BC9451D8B7FA700070CB0 /* ocspdDebug.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC9671D8B810A00070CB0 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC9911D8B813800070CB0 /* pkcs12Templates.h in Headers */, + DC0BC9871D8B813800070CB0 /* pkcs12Coder.h in Headers */, + DC0BC9891D8B813800070CB0 /* pkcs12Crypto.h in Headers */, + DC0BC98F1D8B813800070CB0 /* pkcs12SafeBag.h in Headers */, + DC0BC98A1D8B813800070CB0 /* pkcs12Debug.h in Headers */, + DC0BC9951D8B813800070CB0 /* pkcs7Templates.h in Headers */, + DC0BC9851D8B813800070CB0 /* pkcs12BagAttrs.h in Headers */, + DC0BC9971D8B813800070CB0 /* SecPkcs12.h in Headers */, + DC0BC9931D8B813800070CB0 /* pkcs12Utils.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC99B1D8B81BE00070CB0 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC9BF1D8B81EF00070CB0 /* SDCSPSession.h in Headers */, + DC0BC9C31D8B81EF00070CB0 /* SDFactory.h in Headers */, + DC0BC9B61D8B81EF00070CB0 /* SDContext.h in Headers */, + DC0BC9BB1D8B81EF00070CB0 /* SDCSPDLPlugin.h in Headers */, + DC0BC9B91D8B81EF00070CB0 /* SDCSPDLDatabase.h in Headers */, + DC0BC9C51D8B81EF00070CB0 /* SDKey.h in Headers */, + DC0BC9C11D8B81EF00070CB0 /* SDDLSession.h in Headers */, + DC0BC9BD1D8B81EF00070CB0 /* SDCSPDLSession.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC9C91D8B824700070CB0 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BCA041D8B827200070CB0 /* tls_record_internal.h in Headers */, + DC0BCA081D8B827200070CB0 /* sslContext.h in Headers */, + DC0BCA011D8B827200070CB0 /* SecureTransportPriv.h in Headers */, + DC0BC9FE1D8B827200070CB0 /* CipherSuite.h in Headers */, + DC0BC9FF1D8B827200070CB0 /* SecureTransport.h in Headers */, + DC0BCA0F1D8B827200070CB0 /* sslUtils.h in Headers */, + DC0BCA0A1D8B827200070CB0 /* sslDebug.h in Headers */, + DC0BCA021D8B827200070CB0 /* sslCipherSpecs.h in Headers */, + DC0BC9FD1D8B827200070CB0 /* tlsCallbacks.h in Headers */, + DC0BCA031D8B827200070CB0 /* SSLRecordInternal.h in Headers */, + DC0BCA051D8B827200070CB0 /* cipherSpecs.h in Headers */, + DC0BCA071D8B827200070CB0 /* sslBuildFlags.h in Headers */, + DC0BCA001D8B827200070CB0 /* sslTypes.h in Headers */, + DC0BCA0C1D8B827200070CB0 /* sslMemory.h in Headers */, + DC0BCA091D8B827200070CB0 /* sslCrypto.h in Headers */, + DC0BCA0D1D8B827200070CB0 /* sslPriv.h in Headers */, + DC0BCA0B1D8B827200070CB0 /* sslKeychain.h in Headers */, + DC0BCA0E1D8B827200070CB0 /* sslRecord.h in Headers */, + DC0BCA061D8B827200070CB0 /* ssl.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BCA141D8B82B000070CB0 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BCA5F1D8B82CD00070CB0 /* privkey-1.h in Headers */, + DC0BCA4E1D8B82CD00070CB0 /* ClientECC_Cert_CA-RSA.h in Headers */, + DC0BCA511D8B82CD00070CB0 /* ClientRSA_Cert_CA-RSA.h in Headers */, + DC0BCA4A1D8B82CD00070CB0 /* CA-ECC_Key.h in Headers */, + DC0BCA501D8B82CD00070CB0 /* ClientRSA_Cert_CA-ECC.h in Headers */, + DC0BCA4F1D8B82CD00070CB0 /* ClientECC_Key.h in Headers */, + DC0BCA4D1D8B82CD00070CB0 /* ClientECC_Cert_CA-ECC.h in Headers */, + DC0BCA5A1D8B82CD00070CB0 /* Untrusted-CA-RSA_Key.h in Headers */, + DC0BCA521D8B82CD00070CB0 /* ClientRSA_Key.h in Headers */, + DC0BCA4C1D8B82CD00070CB0 /* CA-RSA_Key.h in Headers */, + DC0BCA551D8B82CD00070CB0 /* ServerECC_Key.h in Headers */, + DC0BCA571D8B82CD00070CB0 /* ServerRSA_Cert_CA-RSA.h in Headers */, + DC0BCA581D8B82CD00070CB0 /* ServerRSA_Key.h in Headers */, + DC0BCA531D8B82CD00070CB0 /* ServerECC_Cert_CA-ECC.h in Headers */, + DC0BCA5C1D8B82CD00070CB0 /* UntrustedClientRSA_Key.h in Headers */, + DC0BCA5D1D8B82CD00070CB0 /* cert-1.h in Headers */, + DC0BCA561D8B82CD00070CB0 /* ServerRSA_Cert_CA-ECC.h in Headers */, + DC0BCA731D8B82CD00070CB0 /* ssl-utils.h in Headers */, + DC0BCA5E1D8B82CD00070CB0 /* identity-1.h in Headers */, + DC0BCA5B1D8B82CD00070CB0 /* UntrustedClientRSA_Cert_Untrusted-CA-RSA.h in Headers */, + DC0BCA491D8B82CD00070CB0 /* CA-ECC_Cert.h in Headers */, + DC0BCA541D8B82CD00070CB0 /* ServerECC_Cert_CA-RSA.h in Headers */, + DC0BCA591D8B82CD00070CB0 /* Untrusted-CA-RSA_Cert.h in Headers */, + DC0BCA4B1D8B82CD00070CB0 /* CA-RSA_Cert.h in Headers */, + DC0BCA741D8B82CD00070CB0 /* ssl_regressions.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BCA7A1D8B858600070CB0 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BCADC1D8B85BC00070CB0 /* SecCustomTransform.h in Headers */, + DC0BCAF91D8B85BC00070CB0 /* SecExternalSourceTransform.h in Headers */, + DC0BCAE01D8B85BC00070CB0 /* SecDigestTransform.h in Headers */, + DC0BCAD31D8B85BC00070CB0 /* GroupTransform.h in Headers */, + DC0BCAE11D8B85BC00070CB0 /* SecEncryptTransform.h in Headers */, + DC0BCACB1D8B85BC00070CB0 /* Digest.h in Headers */, + DC0BCAEB1D8B85BC00070CB0 /* SecTransform.h in Headers */, + DC0BCADB1D8B85BC00070CB0 /* NullTransform.h in Headers */, + DC0BCACD1D8B85BC00070CB0 /* EncryptTransform.h in Headers */, + DC0BCAE71D8B85BC00070CB0 /* SecSignVerifyTransform.h in Headers */, + DC0BCAFD1D8B85BC00070CB0 /* SecTransformValidator.h in Headers */, + DC0BCAFE1D8B85BC00070CB0 /* SecReadTransform.h in Headers */, + DC0BCAEE1D8B85BC00070CB0 /* SingleShotSource.h in Headers */, + DC0BCAD91D8B85BC00070CB0 /* Monitor.h in Headers */, + DC0BCAD51D8B85BC00070CB0 /* LinkedList.h in Headers */, + DC0BCAFB1D8B85BC00070CB0 /* SecTransformReadTransform.h in Headers */, + DC0BCAC91D8B85BC00070CB0 /* CoreFoundationBasics.h in Headers */, + DC0BCAC21D8B85BC00070CB0 /* SecMaskGenerationFunctionTransform.h in Headers */, + DC0BCAE51D8B85BC00070CB0 /* SecGroupTransform.h in Headers */, + DC0BCAC51D8B85BC00070CB0 /* SecCollectTransform.h in Headers */, + DC0BCAEC1D8B85BC00070CB0 /* SecTransformInternal.h in Headers */, + DC0BCAC61D8B85BC00070CB0 /* c++utils.h in Headers */, + DC0BCAF01D8B85BC00070CB0 /* Source.h in Headers */, + DC0BCADE1D8B85BC00070CB0 /* SecDecodeTransform.h in Headers */, + DC0BCAF61D8B85BC00070CB0 /* TransformFactory.h in Headers */, + DC0BCAF81D8B85BC00070CB0 /* Utilities.h in Headers */, + DC0BCAD01D8B85BC00070CB0 /* EncryptTransformUtilities.h in Headers */, + DC0BCAE91D8B85BC00070CB0 /* SecNullTransform.h in Headers */, + DC0BCAF21D8B85BC00070CB0 /* StreamSource.h in Headers */, + DC0BCAF41D8B85BC00070CB0 /* Transform.h in Headers */, + DC0BCAD71D8B85BC00070CB0 /* misc.h in Headers */, + DC0BCAE21D8B85BC00070CB0 /* SecEncodeTransform.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BCB021D8B894F00070CB0 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BCB211D8B898100070CB0 /* SecTranslocateInterface.hpp in Headers */, + DC0BCB2A1D8B898100070CB0 /* SecTranslocate.h in Headers */, + DC0BCB201D8B898100070CB0 /* SecTranslocateXPCServer.hpp in Headers */, + DC0BCB2D1D8B898100070CB0 /* SecTranslocateUtilities.hpp in Headers */, + DC0BCB261D8B898100070CB0 /* SecTranslocateShared.hpp in Headers */, + DC0BCB231D8B898100070CB0 /* SecTranslocateDANotification.hpp in Headers */, + DC0BCB251D8B898100070CB0 /* SecTranslocateLSNotification.hpp in Headers */, + DC0BCB1E1D8B898100070CB0 /* SecTranslocateClient.hpp in Headers */, + DC0BCB291D8B898100070CB0 /* SecTranslocateServer.hpp in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BCBF91D8C648C00070CB0 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BCC0F1D8C64B600070CB0 /* testlist_begin.h in Headers */, + DC0BCC131D8C64B600070CB0 /* testenv.h in Headers */, + DC0BCC181D8C64B600070CB0 /* testpolicy.h in Headers */, + DC0BCC101D8C64B600070CB0 /* testlist_end.h in Headers */, + DC0BCC111D8C64B600070CB0 /* testcpp.h in Headers */, + DC0BCC0E1D8C64B500070CB0 /* test_regressions.h in Headers */, + DC0BCC151D8C64B600070CB0 /* testmore.h in Headers */, + DC0BCC171D8C64B600070CB0 /* testcert.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BCC2A1D8C684F00070CB0 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BCD761D8C6A1E00070CB0 /* iCloudKeychainTrace.h in Headers */, + DC0BCD9D1D8C6A1F00070CB0 /* der_set.h in Headers */, + DC0BCD811D8C6A1E00070CB0 /* SecCFRelease.h in Headers */, + DC0BCD851D8C6A1E00070CB0 /* SecCFError.h in Headers */, + DC0BCD891D8C6A1E00070CB0 /* SecTrace.h in Headers */, + DC0BCDA21D8C6A1F00070CB0 /* iOSforOSX.h in Headers */, + DC0BCD801D8C6A1E00070CB0 /* SecCFCCWrappers.h in Headers */, + DC0BCDA91D8C6A1F00070CB0 /* SecFileLocations.h in Headers */, + DC0BCD741D8C6A1E00070CB0 /* SecMeta.h in Headers */, + DC0BCD951D8C6A1E00070CB0 /* der_date.h in Headers */, + DC0BCD861D8C6A1E00070CB0 /* SecDispatchRelease.h in Headers */, + DC0BCD7C1D8C6A1E00070CB0 /* SecCoreCrypto.h in Headers */, + DC0BCDA01D8C6A1F00070CB0 /* fileIo.h in Headers */, + DC0BCD7A1D8C6A1E00070CB0 /* SecBuffer.h in Headers */, + DC0BCD7E1D8C6A1E00070CB0 /* SecCertificateTrace.h in Headers */, + DC0BCD9B1D8C6A1F00070CB0 /* der_plist_internal.h in Headers */, + DC0BCDAD1D8C6A1F00070CB0 /* SecSCTUtils.h in Headers */, + DC0BCDB21D8C6A1F00070CB0 /* SecInternalReleasePriv.h in Headers */, + DC0BCD831D8C6A1E00070CB0 /* SecCFWrappers.h in Headers */, + DC0BCDB01D8C6A1F00070CB0 /* SecAppleAnchorPriv.h in Headers */, + DC65E7C11D8CBB1500152EF0 /* readline.h in Headers */, + EB4B6E261DC0683600AFC494 /* SecADWrapper.h in Headers */, + DC0BCDAA1D8C6A1F00070CB0 /* SecXPCError.h in Headers */, + DC0BCD8F1D8C6A1E00070CB0 /* debugging_test.h in Headers */, + DC0BCD781D8C6A1E00070CB0 /* SecAKSWrappers.h in Headers */, + DC0BCDA71D8C6A1F00070CB0 /* SecDb.h in Headers */, + DC0BCDA11D8C6A1F00070CB0 /* sqlutils.h in Headers */, + DC963EC61D95F646008A153E /* der_plist.h in Headers */, + DC0BCD8E1D8C6A1E00070CB0 /* debugging.h in Headers */, + DC0BCD871D8C6A1E00070CB0 /* SecIOFormat.h in Headers */, + DC0BCD8A1D8C6A1E00070CB0 /* array_size.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BCD1E1D8C694700070CB0 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BCD661D8C69A000070CB0 /* utilities_regressions.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC1785021D77873100B50D50 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC1785251D7789AF00B50D50 /* AuthSession.h in Headers */, + DC1785211D7789AF00B50D50 /* Authorization.h in Headers */, + DC1785221D7789AF00B50D50 /* AuthorizationDB.h in Headers */, + DC1785231D7789AF00B50D50 /* AuthorizationPlugin.h in Headers */, + DC17875F1D7790E500B50D50 /* AuthorizationPriv.h in Headers */, + DC1785241D7789AF00B50D50 /* AuthorizationTags.h in Headers */, + DC1787601D7790E500B50D50 /* AuthorizationTagsPriv.h in Headers */, + DC1785901D778B9D00B50D50 /* CMSDecoder.h in Headers */, + DC1785911D778B9D00B50D50 /* CMSEncoder.h in Headers */, + DC1787591D7790B600B50D50 /* CMSPrivate.h in Headers */, + DC1785881D778B8000B50D50 /* CSCommon.h in Headers */, + DC17874E1D7790A500B50D50 /* CSCommonPriv.h in Headers */, + DC1785A51D778D0D00B50D50 /* CipherSuite.h in Headers */, + DC1785871D778B8000B50D50 /* CodeSigning.h in Headers */, + DC17854F1D778ACD00B50D50 /* SecACL.h in Headers */, + DC17854E1D778ACD00B50D50 /* SecAccess.h in Headers */, + DC1785921D778BE400B50D50 /* SecAccessControl.h in Headers */, + DC1787751D77916000B50D50 /* SecAccessControlPriv.h in Headers */, + DC1787351D77903700B50D50 /* SecAccessPriv.h in Headers */, + DC1785181D77895A00B50D50 /* SecAsn1Coder.h in Headers */, + DC1785191D77895A00B50D50 /* SecAsn1Templates.h in Headers */, + DC17851A1D77895A00B50D50 /* SecAsn1Types.h in Headers */, + DC17874F1D7790A500B50D50 /* SecAssessment.h in Headers */, + DC1785931D778BEE00B50D50 /* SecBase.h in Headers */, + DC17877C1D77919500B50D50 /* SecBasePriv.h in Headers */, + DC1787741D77915500B50D50 /* SecBreadcrumb.h in Headers */, + DC1787761D77916600B50D50 /* SecCFAllocator.h in Headers */, + DC1787111D778FA900B50D50 /* SecCMS.h in Headers */, + DC17859F1D778C8D00B50D50 /* SecCertificate.h in Headers */, + DC1787361D77903700B50D50 /* SecCertificateBundle.h in Headers */, + DC1785501D778ACD00B50D50 /* SecCertificateOIDs.h in Headers */, + DC1787821D7791BE00B50D50 /* SecCertificatePriv.h in Headers */, + DC1787831D7791C400B50D50 /* SecCertificateRequest.h in Headers */, + DC1787121D778FAA00B50D50 /* SecCmsBase.h in Headers */, + DC1787131D778FAA00B50D50 /* SecCmsContentInfo.h in Headers */, + DC1787141D778FAA00B50D50 /* SecCmsDecoder.h in Headers */, + DC1787151D778FAA00B50D50 /* SecCmsDigestContext.h in Headers */, + DC1787161D778FAA00B50D50 /* SecCmsDigestedData.h in Headers */, + DC1787171D778FAA00B50D50 /* SecCmsEncoder.h in Headers */, + DC1787181D778FAA00B50D50 /* SecCmsEncryptedData.h in Headers */, + DC1787191D778FAA00B50D50 /* SecCmsEnvelopedData.h in Headers */, + DC17871A1D778FAA00B50D50 /* SecCmsMessage.h in Headers */, + DC17871B1D778FAA00B50D50 /* SecCmsRecipientInfo.h in Headers */, + DC17871C1D778FAA00B50D50 /* SecCmsSignedData.h in Headers */, + DC17871D1D778FAA00B50D50 /* SecCmsSignerInfo.h in Headers */, + DC1785891D778B8000B50D50 /* SecCode.h in Headers */, + DC17858A1D778B8000B50D50 /* SecCodeHost.h in Headers */, + DC1787501D7790A500B50D50 /* SecCodeHostLib.h in Headers */, + DC1787511D7790A500B50D50 /* SecCodePriv.h in Headers */, + DC1787521D7790A500B50D50 /* SecCodeSigner.h in Headers */, + DC1785301D778A0100B50D50 /* SecCustomTransform.h in Headers */, + DC1787771D77916A00B50D50 /* SecDH.h in Headers */, + DC1785311D778A0100B50D50 /* SecDecodeTransform.h in Headers */, + DC1785321D778A0100B50D50 /* SecDigestTransform.h in Headers */, + DC1785331D778A0100B50D50 /* SecEncodeTransform.h in Headers */, + DC1785341D778A0100B50D50 /* SecEncryptTransform.h in Headers */, + DC1787811D7791B200B50D50 /* SecEntitlements.h in Headers */, + DC1786F81D778F2500B50D50 /* SecExternalSourceTransform.h in Headers */, + DC1787371D77903700B50D50 /* SecFDERecoveryAsymmetricCrypto.h in Headers */, + DC17859A1D778C6E00B50D50 /* SecIdentity.h in Headers */, + DC17877E1D7791A100B50D50 /* SecIdentityPriv.h in Headers */, + DC1785511D778ACD00B50D50 /* SecIdentitySearch.h in Headers */, + DC1787381D77903700B50D50 /* SecIdentitySearchPriv.h in Headers */, + DC17859B1D778C7400B50D50 /* SecImportExport.h in Headers */, + DC1787531D7790A500B50D50 /* SecIntegrity.h in Headers */, + DC1787541D7790A500B50D50 /* SecIntegrityLib.h in Headers */, + DC17859C1D778C7900B50D50 /* SecItem.h in Headers */, + DC1787781D77917100B50D50 /* SecItemBackup.h in Headers */, + DC17877F1D7791A800B50D50 /* SecItemPriv.h in Headers */, + DC17859D1D778C8000B50D50 /* SecKey.h in Headers */, + DC1787801D7791AD00B50D50 /* SecKeyPriv.h in Headers */, + DC1785521D778ACD00B50D50 /* SecKeychain.h in Headers */, + DC1785531D778ACD00B50D50 /* SecKeychainItem.h in Headers */, + DC1787391D77903700B50D50 /* SecKeychainItemExtendedAttributes.h in Headers */, + DC17873A1D77903700B50D50 /* SecKeychainItemPriv.h in Headers */, + DC17873B1D77903700B50D50 /* SecKeychainPriv.h in Headers */, + DC1785541D778ACD00B50D50 /* SecKeychainSearch.h in Headers */, + DC17873C1D77903700B50D50 /* SecKeychainSearchPriv.h in Headers */, + DC1787261D778FDE00B50D50 /* SecManifest.h in Headers */, + DC1786F91D778F2500B50D50 /* SecNullTransform.h in Headers */, + DC17873D1D77903700B50D50 /* SecPassword.h in Headers */, + DC1787791D77917700B50D50 /* SecPasswordGenerate.h in Headers */, + DC1785941D778BF400B50D50 /* SecPolicy.h in Headers */, + DC17877D1D77919B00B50D50 /* SecPolicyPriv.h in Headers */, + DC1785551D778ACD00B50D50 /* SecPolicySearch.h in Headers */, + DC1785951D778BFA00B50D50 /* SecRandom.h in Headers */, + DC17873E1D77903700B50D50 /* SecRandomP.h in Headers */, + DC1785351D778A0100B50D50 /* SecReadTransform.h in Headers */, + DC17873F1D77903700B50D50 /* SecRecoveryPassword.h in Headers */, + DC17858B1D778B8000B50D50 /* SecRequirement.h in Headers */, + DC1787551D7790A500B50D50 /* SecRequirementPriv.h in Headers */, + DC17871E1D778FAA00B50D50 /* SecSMIME.h in Headers */, + DC17877A1D77917D00B50D50 /* SecServerEncryptionSupport.h in Headers */, + DC1785361D778A0100B50D50 /* SecSignVerifyTransform.h in Headers */, + DC17858C1D778B8000B50D50 /* SecStaticCode.h in Headers */, + DC1787561D7790A500B50D50 /* SecStaticCodePriv.h in Headers */, + DC17859E1D778C8800B50D50 /* SecTask.h in Headers */, + DC1787571D7790A500B50D50 /* SecTaskPriv.h in Headers */, + DC1785371D778A0100B50D50 /* SecTransform.h in Headers */, + DC1786FA1D778F2500B50D50 /* SecTransformInternal.h in Headers */, + DC1785381D778A0100B50D50 /* SecTransformReadTransform.h in Headers */, + DC1786F41D778EF800B50D50 /* SecTranslocate.h in Headers */, + DC1785A01D778C9400B50D50 /* SecTrust.h in Headers */, + DC1787841D7791C900B50D50 /* SecTrustPriv.h in Headers */, + DC1785A11D778C9A00B50D50 /* SecTrustSettings.h in Headers */, + DC1787851D7791CE00B50D50 /* SecTrustSettingsPriv.h in Headers */, + DC1785561D778ACD00B50D50 /* SecTrustedApplication.h in Headers */, + DC1787401D77903700B50D50 /* SecTrustedApplicationPriv.h in Headers */, + DC1785401D778A4E00B50D50 /* SecureDownload.h in Headers */, + DC1787271D778FDE00B50D50 /* SecureDownloadInternal.h in Headers */, + DC1785A61D778D0D00B50D50 /* SecureTransport.h in Headers */, + DC1786FE1D778F5000B50D50 /* SecureTransportPriv.h in Headers */, + DC1785961D778C0200B50D50 /* Security.h in Headers */, + DC1787411D77903700B50D50 /* TrustSettingsSchema.h in Headers */, + D487B9881DFA2902000410A1 /* SecInternalReleasePriv.h in Headers */, + DC1787721D77911D00B50D50 /* X509Templates.h in Headers */, + DC17876A1D77911D00B50D50 /* asn1Templates.h in Headers */, + DC17876B1D77911D00B50D50 /* certExtensionTemplates.h in Headers */, + DC1785971D778C0800B50D50 /* certextensions.h in Headers */, + DC17875C1D7790CE00B50D50 /* checkpw.h in Headers */, + DC17876C1D77911D00B50D50 /* csrTemplates.h in Headers */, + DC17856C1D778B4A00B50D50 /* cssm.h in Headers */, + DC17856D1D778B4A00B50D50 /* cssmaci.h in Headers */, + DC17856E1D778B4A00B50D50 /* cssmapi.h in Headers */, + DC1785991D778C5300B50D50 /* cssmapple.h in Headers */, + DC1787431D77906C00B50D50 /* cssmapplePriv.h in Headers */, + DC17856F1D778B4A00B50D50 /* cssmcli.h in Headers */, + DC1785701D778B4A00B50D50 /* cssmconfig.h in Headers */, + DC1785711D778B4A00B50D50 /* cssmcspi.h in Headers */, + DC1785721D778B4A00B50D50 /* cssmdli.h in Headers */, + DC1785731D778B4A00B50D50 /* cssmerr.h in Headers */, + DC1785741D778B4A00B50D50 /* cssmkrapi.h in Headers */, + DC1785751D778B4A00B50D50 /* cssmkrspi.h in Headers */, + DC1785761D778B4A00B50D50 /* cssmspi.h in Headers */, + DC1785771D778B4A00B50D50 /* cssmtpi.h in Headers */, + DC1785781D778B4A00B50D50 /* cssmtype.h in Headers */, + DC17877B1D77918C00B50D50 /* der_plist.h in Headers */, + DC1785791D778B4A00B50D50 /* eisl.h in Headers */, + DC17857A1D778B4A00B50D50 /* emmspi.h in Headers */, + DC17857B1D778B4A00B50D50 /* emmtype.h in Headers */, + DC17876D1D77911D00B50D50 /* keyTemplates.h in Headers */, + DC17853D1D778A3100B50D50 /* mds.h in Headers */, + DC17853C1D778A3100B50D50 /* mds_schema.h in Headers */, + DC1787231D778FC900B50D50 /* mdspriv.h in Headers */, + DC17876E1D77911D00B50D50 /* nameTemplates.h in Headers */, + DC17876F1D77911D00B50D50 /* ocspTemplates.h in Headers */, + DC1785431D778A7400B50D50 /* oids.h in Headers */, + DC1785161D77895A00B50D50 /* oidsalg.h in Headers */, + DC1785171D77895A00B50D50 /* oidsattr.h in Headers */, + DC17857C1D778B4A00B50D50 /* oidsbase.h in Headers */, + DC17857D1D778B4A00B50D50 /* oidscert.h in Headers */, + DC17857E1D778B4A00B50D50 /* oidscrl.h in Headers */, + DC1787701D77911D00B50D50 /* osKeyTemplates.h in Headers */, + DC1787711D77911D00B50D50 /* secasn1t.h in Headers */, + DC1786FC1D778F3D00B50D50 /* sslTypes.h in Headers */, + DC17871F1D778FAA00B50D50 /* tsaSupport.h in Headers */, + DC1787201D778FAA00B50D50 /* tsaSupportPriv.h in Headers */, + DC1787211D778FAA00B50D50 /* tsaTemplates.h in Headers */, + DC17857F1D778B4A00B50D50 /* x509defs.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC1789011D77980500B50D50 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC3C73561D837B9B00F6A832 /* SOSPeerInfoPriv.h in Headers */, + EB6928C61D9C9C6F00062A18 /* SecRecoveryKey.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52E7AE1D80BC8000B0A59C /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC52E7E81D80BE8700B0A59C /* SOSChangeTracker.h in Headers */, + DC52E7E51D80BE7400B0A59C /* SOSEngine.h in Headers */, + DC52E7E41D80BE6E00B0A59C /* SecDbKeychainItem.h in Headers */, + D46F315B1E00A27D0065B550 /* SecTrustLoggingServer.h in Headers */, + DC52E7E31D80BDA600B0A59C /* SecDbQuery.h in Headers */, + DC52E7E71D80BE8100B0A59C /* SecItemDataSource.h in Headers */, + DC52E7E61D80BE7B00B0A59C /* SecItemDb.h in Headers */, + DC52E7EA1D80BE9500B0A59C /* SecItemSchema.h in Headers */, + DC52E7E91D80BE8D00B0A59C /* SecKeybagSupport.h in Headers */, + DC52E7EB1D80BE9B00B0A59C /* iCloudTrace.h in Headers */, + DC52E7E21D80BDA000B0A59C /* personalization.h in Headers */, + D46F31641E00CCD20065B550 /* SecCertificateSource.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52E8AC1D80C1EB00B0A59C /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52E8C21D80C25800B0A59C /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC52E9071D80C3B300B0A59C /* SOSARCDefines.h in Headers */, + DC52E9111D80C3F800B0A59C /* SOSAccount.h in Headers */, + DC52E9181D80C42600B0A59C /* SOSAccountHSAJoin.h in Headers */, + DC52E9101D80C3EF00B0A59C /* SOSAccountLog.h in Headers */, + DC52E91F1D80C45100B0A59C /* SOSAccountPriv.h in Headers */, + DC52E90A1D80C3CC00B0A59C /* SOSAccountTransaction.h in Headers */, + DC52E90C1D80C3D900B0A59C /* SOSBackupEvent.h in Headers */, + DC52E9131D80C40300B0A59C /* SOSBackupSliceKeyBag.h in Headers */, + DC52E9391D80C50E00B0A59C /* SOSCircle.h in Headers */, + DC52E91E1D80C44A00B0A59C /* SOSCircleDer.h in Headers */, + DC52E93E1D80C54300B0A59C /* SOSCirclePriv.h in Headers */, + DC52E90F1D80C3EA00B0A59C /* SOSCircleRings.h in Headers */, + DC52E9271D80C48D00B0A59C /* SOSCircleV2.h in Headers */, + DC3C73571D837BCE00F6A832 /* SOSCloudCircle.h in Headers */, + DC3C73581D837BDC00F6A832 /* SOSCloudCircleInternal.h in Headers */, + DC52E9141D80C40B00B0A59C /* SOSCloudKeychainClient.h in Headers */, + DC52E9151D80C41200B0A59C /* SOSCloudKeychainConstants.h in Headers */, + 48776C7F1DA5BB7600CC09B9 /* SOSRingRecovery.h in Headers */, + DC52E91D1D80C44400B0A59C /* SOSCoder.h in Headers */, + DC52E92B1D80C4A800B0A59C /* SOSConcordanceTrust.h in Headers */, + DC52E9331D80C4E500B0A59C /* SOSDataSource.h in Headers */, + DC52E9061D80C3AD00B0A59C /* SOSDigestVector.h in Headers */, + DC52E9091D80C3C600B0A59C /* SOSFullPeerInfo.h in Headers */, + DC52E90E1D80C3E400B0A59C /* SOSGenCount.h in Headers */, + DC52E9341D80C4EC00B0A59C /* SOSInternal.h in Headers */, + DC52E9351D80C4F300B0A59C /* SOSKVSKeys.h in Headers */, + DC52E9281D80C49300B0A59C /* SOSManifest.h in Headers */, + DC52E90B1D80C3D400B0A59C /* SOSMessage.h in Headers */, + DC52E9381D80C50800B0A59C /* SOSPeer.h in Headers */, + DC52E91C1D80C43F00B0A59C /* SOSPeerCoder.h in Headers */, + DC3C73591D837BEC00F6A832 /* SOSPeerInfo.h in Headers */, + DC52E92D1D80C4BC00B0A59C /* SOSPeerInfoCollections.h in Headers */, + DC52E92E1D80C4C300B0A59C /* SOSPeerInfoDER.h in Headers */, + DC52E9161D80C41A00B0A59C /* SOSPeerInfoInternal.h in Headers */, + DC3C735A1D837C0000F6A832 /* SOSPeerInfoPriv.h in Headers */, + DC52E9171D80C41F00B0A59C /* SOSPeerInfoRingState.h in Headers */, + DC52E9201D80C45800B0A59C /* SOSPeerInfoSecurityProperties.h in Headers */, + DC52E90D1D80C3DF00B0A59C /* SOSPeerInfoV2.h in Headers */, + DC52E9251D80C48000B0A59C /* SOSPlatform.h in Headers */, + DC52E91A1D80C43500B0A59C /* SOSRing.h in Headers */, + DC52E9221D80C46800B0A59C /* SOSRingBackup.h in Headers */, + 485B64121DC16EDA00B771B9 /* SOSKeyedPubKeyIdentifier.h in Headers */, + DC52E9371D80C50300B0A59C /* SOSRingBasic.h in Headers */, + 48E617221DBEC6C60098EAAD /* SOSBackupInformation.h in Headers */, + DCFAEDD01D999863005187E4 /* SOSAccountGhost.h in Headers */, + DC52E9361D80C4FD00B0A59C /* SOSRingConcordanceTrust.h in Headers */, + 48776C7B1DA5BB4C00CC09B9 /* SOSRecoveryKeyBag.h in Headers */, + DC52E9401D80C55200B0A59C /* SOSRingDER.h in Headers */, + DC52E9301D80C4D000B0A59C /* SOSRingPeerInfoUtils.h in Headers */, + DC52E9291D80C49A00B0A59C /* SOSRingTypes.h in Headers */, + DC52E9121D80C3FE00B0A59C /* SOSRingUtils.h in Headers */, + DC52E92F1D80C4C900B0A59C /* SOSRingV0.h in Headers */, + DC52E92A1D80C4A200B0A59C /* SOSTransport.h in Headers */, + DC52E93D1D80C53C00B0A59C /* SOSTransportCircle.h in Headers */, + DC52E9231D80C47100B0A59C /* SOSTransportCircleKVS.h in Headers */, + DC52E92C1D80C4AF00B0A59C /* SOSTransportKeyParameter.h in Headers */, + DC52E9431D80C5AA00B0A59C /* SOSTransportKeyParameterKVS.h in Headers */, + DC52E9241D80C47900B0A59C /* SOSTransportMessage.h in Headers */, + DC52E9191D80C42F00B0A59C /* SOSTransportMessageIDS.h in Headers */, + DC52E9321D80C4DF00B0A59C /* SOSTransportMessageKVS.h in Headers */, + DC3C735B1D837C0F00F6A832 /* SOSTypes.h in Headers */, + DC52E9261D80C48700B0A59C /* SOSUserKeygen.h in Headers */, + DC52E91B1D80C43A00B0A59C /* SOSViews.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EA481D80CB7000B0A59C /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EBD11D80CEF100B0A59C /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EC301D80CFB200B0A59C /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EC491D80D00800B0A59C /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EC581D80D05200B0A59C /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EC641D80D0C400B0A59C /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EC931D80D1A800B0A59C /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + E7C7871A1DCA4C5A0087FC34 /* CKDLockMonitor.h in Headers */, + E7C7871E1DCA4CF70087FC34 /* CKDAKSLockMonitor.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52ED991D80D4CD00B0A59C /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EDAD1D80D58400B0A59C /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EE3D1D80D6DD00B0A59C /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + BE6D96B71DB14B65001B76D4 /* cnnic_certs.h in Headers */, + DC0B62281D90974300D43BCB /* si-25-cms-skid.h in Headers */, + BE6D96B81DB14B65001B76D4 /* date_testing_certs.h in Headers */, + BE6D96B91DB14B65001B76D4 /* wosign_certs.h in Headers */, + D487FBBA1DB835B500D4BB0B /* si-29-sectrust-sha1-deprecation.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EE6A1D80D82600B0A59C /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC59E9AD1D91C9DC001BDDF5 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC59EA0F1D91CA15001BDDF5 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC59EA311D91CA2C001BDDF5 /* printFields.h in Headers */, + DC59EA2D1D91CA2C001BDDF5 /* libDERUtils.h in Headers */, + DC59EA301D91CA2C001BDDF5 /* fileIo.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC5ABDEF1D832E5C00CF422C /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC5ABDF01D832E8300CF422C /* srCdsaUtils.h in Headers */, + DC5ABDF11D832E8300CF422C /* createFVMaster.h in Headers */, + DC5ABDF21D832E8300CF422C /* mds_install.h in Headers */, + DC5ABDF31D832E8300CF422C /* cmsutil.h in Headers */, + DC5ABDF41D832E8300CF422C /* db_commands.h in Headers */, + DC5ABDF51D832E8300CF422C /* display_error_code.h in Headers */, + DC5ABDF61D832E8300CF422C /* trusted_cert_dump.h in Headers */, + DC5ABDF71D832E8300CF422C /* identity_find.h in Headers */, + DC5ABDF81D832E8300CF422C /* identity_prefs.h in Headers */, + DC5ABDF91D832E8300CF422C /* key_create.h in Headers */, + DC5ABDFA1D832E8300CF422C /* keychain_add.h in Headers */, + DC5ABDFB1D832E8300CF422C /* keychain_create.h in Headers */, + DC5ABDFC1D832E8300CF422C /* keychain_delete.h in Headers */, + DC5ABDFD1D832E8300CF422C /* keychain_export.h in Headers */, + DC5ABDFE1D832E8300CF422C /* keychain_find.h in Headers */, + DC5ABDFF1D832E8300CF422C /* keychain_import.h in Headers */, + DC5ABE001D832E8300CF422C /* keychain_list.h in Headers */, + DC5ABE011D832E8300CF422C /* keychain_lock.h in Headers */, + DC5ABE021D832E8300CF422C /* keychain_recode.h in Headers */, + DC5ABE031D832E8300CF422C /* keychain_set_settings.h in Headers */, + DC5ABE041D832E8300CF422C /* keychain_show_info.h in Headers */, + DC5ABE051D832E8300CF422C /* keychain_unlock.h in Headers */, + DC5ABE061D832E8300CF422C /* keychain_utilities.h in Headers */, + DC5ABE071D832E8300CF422C /* leaks.h in Headers */, + DC5ABE081D832E8300CF422C /* readline_cssm.h in Headers */, + DC5ABE091D832E8300CF422C /* security_tool.h in Headers */, + DC5ABE0A1D832E8300CF422C /* trusted_cert_add.h in Headers */, + DC5ABE0B1D832E8300CF422C /* trusted_cert_utils.h in Headers */, + DC5ABE0C1D832E8300CF422C /* trust_settings_impexp.h in Headers */, + DC5ABE0D1D832E8300CF422C /* user_trust_enable.h in Headers */, + DC5ABE0E1D832E8300CF422C /* authz.h in Headers */, + DC5ABE0F1D832E8300CF422C /* verify_cert.h in Headers */, + DC5ABE101D832E8300CF422C /* access_utils.h in Headers */, + DC5ABE121D832E8300CF422C /* translocate.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC5AC0D71D83548B00CF422C /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC5AC12D1D83560100CF422C /* securityd_dtrace.h in Headers */, + DC5AC1051D83555A00CF422C /* connection.h in Headers */, + DC5AC1061D83555A00CF422C /* database.h in Headers */, + DC5AC1071D83555A00CF422C /* key.h in Headers */, + DC5AC1081D83555A00CF422C /* process.h in Headers */, + DC5AC1091D83555A00CF422C /* server.h in Headers */, + DC5AC10A1D83555A00CF422C /* session.h in Headers */, + DC5AC10B1D83555A00CF422C /* structure.h in Headers */, + DC5AC10C1D83555A00CF422C /* dbcrypto.h in Headers */, + DC5AC10D1D83555A00CF422C /* localdatabase.h in Headers */, + DC5AC10E1D83555A00CF422C /* localkey.h in Headers */, + DC5AC10F1D83555A00CF422C /* kcdatabase.h in Headers */, + DC5AC1101D83555A00CF422C /* kckey.h in Headers */, + DC5AC1111D83555A00CF422C /* tempdatabase.h in Headers */, + DC5AC1121D83555A00CF422C /* tokendatabase.h in Headers */, + DC5AC1131D83555A00CF422C /* tokenkey.h in Headers */, + DC5AC1141D83555A00CF422C /* tokenaccess.h in Headers */, + DC5AC1151D83555A00CF422C /* pcscmonitor.h in Headers */, + DC5AC1161D83555A00CF422C /* reader.h in Headers */, + DC5AC1171D83555A00CF422C /* token.h in Headers */, + DC5AC1181D83555A00CF422C /* tokend.h in Headers */, + DC5AC1191D83555A00CF422C /* tokencache.h in Headers */, + DC5AC11A1D83555A00CF422C /* acls.h in Headers */, + DC5AC11B1D83555A00CF422C /* tokenacl.h in Headers */, + DC5AC11C1D83555A00CF422C /* acl_keychain.h in Headers */, + DC5AC11D1D83555A00CF422C /* acl_partition.h in Headers */, + DC5AC11E1D83555A00CF422C /* authhost.h in Headers */, + DC5AC11F1D83555A00CF422C /* credential.h in Headers */, + DC5AC1201D83555A00CF422C /* clientid.h in Headers */, + DC5AC1211D83555A00CF422C /* codesigdb.h in Headers */, + DC5AC1221D83555A00CF422C /* csproxy.h in Headers */, + DC5AC1231D83555A00CF422C /* agentclient.h in Headers */, + DC5AC1241D83555A00CF422C /* agentquery.h in Headers */, + DC5AC1251D83555A00CF422C /* auditevents.h in Headers */, + DC5AC1261D83555A00CF422C /* ccaudit_extensions.h in Headers */, + DC5AC1271D83555A00CF422C /* child.h in Headers */, + DC5AC1291D83555A00CF422C /* notifications.h in Headers */, + DC5AC12A1D83555A00CF422C /* SharedMemoryServer.h in Headers */, + DC5AC12B1D83555A00CF422C /* self.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC6A82901D87749900418608 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC6A82B01D87767700418608 /* ssclient.h in Headers */, + DC3A4B4B1D91E30400E46D4A /* sec_xdr.h in Headers */, + DC6A82AF1D87767200418608 /* SharedMemoryCommon.h in Headers */, + DC6A82AE1D87766C00418608 /* handletypes.h in Headers */, + DC6A82AD1D87766500418608 /* sscommon.h in Headers */, + DC6A82AC1D87765F00418608 /* ssblob.h in Headers */, + DC6A82AB1D87765B00418608 /* dictionary.h in Headers */, + DC6A82AA1D87765600418608 /* xdr_auth.h in Headers */, + DC6A82A91D87764F00418608 /* xdr_cssm.h in Headers */, + DC6A82A81D87764A00418608 /* xdr_dldb.h in Headers */, + DC6A82A71D87764300418608 /* eventlistener.h in Headers */, + DC6A82A61D87763C00418608 /* ssnotify.h in Headers */, + DC6A82A51D87763300418608 /* sstransit.h in Headers */, + DC6A82A41D87762F00418608 /* ss_types.h in Headers */, + DC6A82A31D87762900418608 /* ucsp_types.h in Headers */, + DC6A82A21D87762400418608 /* ucsp.h in Headers */, + DC6A82A11D87761F00418608 /* ucspNotify.h in Headers */, + DC6A82A01D87761700418608 /* cshosting.h in Headers */, + DC9036B31D9DFED600B6C234 /* ss_types.defs in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC71D9A01D95BA6C0065FB93 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC71D9A11D95BA6C0065FB93 /* SecAsn1Coder.h in Headers */, + DC71D9A21D95BA6C0065FB93 /* SecAsn1Templates.h in Headers */, + DC71D9A31D95BA6C0065FB93 /* SecAsn1Types.h in Headers */, + DC71D9A41D95BA6C0065FB93 /* SecNssCoder.h in Headers */, + DC71D9A51D95BA6C0065FB93 /* X509Templates.h in Headers */, + DC71D9A61D95BA6C0065FB93 /* oidsbase.h in Headers */, + DC71D9A71D95BA6C0065FB93 /* certExtensionTemplates.h in Headers */, + DC71D9A81D95BA6C0065FB93 /* csrTemplates.h in Headers */, + DC71D9A91D95BA6C0065FB93 /* keyTemplates.h in Headers */, + DC71D9AA1D95BA6C0065FB93 /* nameTemplates.h in Headers */, + DC71D9AB1D95BA6C0065FB93 /* nssUtils.h in Headers */, + DC71D9AC1D95BA6C0065FB93 /* ocspTemplates.h in Headers */, + DC71D9AD1D95BA6C0065FB93 /* oidsalg.h in Headers */, + DC71D9AE1D95BA6C0065FB93 /* oidsattr.h in Headers */, + DC71D9AF1D95BA6C0065FB93 /* oidsocsp.h in Headers */, + DC71D9B01D95BA6C0065FB93 /* osKeyTemplates.h in Headers */, + DC71D9B11D95BA6C0065FB93 /* pkcs12Templates.h in Headers */, + DC71D9B21D95BA6C0065FB93 /* pkcs7Templates.h in Headers */, + DC71D9B31D95BA6C0065FB93 /* plarena.h in Headers */, + DC71D9B41D95BA6C0065FB93 /* plarenas.h in Headers */, + DC71D9B51D95BA6C0065FB93 /* plstr.h in Headers */, + DC71D9B61D95BA6C0065FB93 /* prbit.h in Headers */, + DC71D9B71D95BA6C0065FB93 /* prcpucfg.h in Headers */, + DC71D9B81D95BA6C0065FB93 /* prerr.h in Headers */, + DC71D9B91D95BA6C0065FB93 /* prerror.h in Headers */, + DC71D9BA1D95BA6C0065FB93 /* prlog.h in Headers */, + DC71D9BB1D95BA6C0065FB93 /* prmem.h in Headers */, + DC71D9BC1D95BA6C0065FB93 /* protypes.h in Headers */, + DC71D9BD1D95BA6C0065FB93 /* prtypes.h in Headers */, + DC71D9BE1D95BA6C0065FB93 /* secasn1.h in Headers */, + DC71D9BF1D95BA6C0065FB93 /* secasn1t.h in Headers */, + DC71D9C01D95BA6C0065FB93 /* seccomon.h in Headers */, + DC71D9C11D95BA6C0065FB93 /* secerr.h in Headers */, + DC71D9C21D95BA6C0065FB93 /* secport.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC71D9E51D95BB0A0065FB93 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC71D9E61D95BB0A0065FB93 /* oidsPriv.h in Headers */, + DC71D9E71D95BB0A0065FB93 /* libDER.h in Headers */, + DC71D9E81D95BB0A0065FB93 /* DER_Decode.h in Headers */, + DC71D9E91D95BB0A0065FB93 /* DER_Keys.h in Headers */, + DC71D9EA1D95BB0A0065FB93 /* DER_Encode.h in Headers */, + DC963EC51D95F52C008A153E /* oids.h in Headers */, + DC71D9EB1D95BB0A0065FB93 /* DER_Digest.h in Headers */, + DC71D9ED1D95BB0A0065FB93 /* asn1Types.h in Headers */, + DC71D9EE1D95BB0A0065FB93 /* libDER_config.h in Headers */, + DC71D9EF1D95BB0A0065FB93 /* DER_CertCrl.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC8834021D8A218F00CE0ACA /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCB340671D8A24DF0054D16E /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC57D1D8B701B00070CB0 /* Authorization.h in Headers */, + DC0BC57F1D8B703100070CB0 /* AuthorizationPlugin.h in Headers */, + DC0BC5801D8B703C00070CB0 /* AuthorizationPriv.h in Headers */, + DC0BC5821D8B705600070CB0 /* AuthorizationTagsPriv.h in Headers */, + DC0BC57E1D8B702600070CB0 /* AuthorizationDB.h in Headers */, + DC0BC5811D8B704700070CB0 /* AuthorizationTags.h in Headers */, + DC0BC57C1D8B700A00070CB0 /* AuthSession.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCB3408F1D8A267C0054D16E /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DCB340C51D8A26AE0054D16E /* clclient.h in Headers */, + DCB340D01D8A26AE0054D16E /* dliterators.h in Headers */, + DCB340D41D8A26AE0054D16E /* dl_standard.h in Headers */, + DCB340E61D8A26AE0054D16E /* securestorage.h in Headers */, + DCB340C31D8A26AE0054D16E /* aclclient.h in Headers */, + DCB340C91D8A26AE0054D16E /* cspclient.h in Headers */, + DCB340CB1D8A26AE0054D16E /* cssmclient.h in Headers */, + DCB340DC1D8A26AE0054D16E /* keyclient.h in Headers */, + DCB340E81D8A26AE0054D16E /* signclient.h in Headers */, + DCB340D21D8A26AE0054D16E /* dlquery.h in Headers */, + DCB340E21D8A26AE0054D16E /* mds_standard.h in Headers */, + DCB340DA1D8A26AE0054D16E /* keychainacl.h in Headers */, + DCB340E41D8A26AE0054D16E /* multidldb.h in Headers */, + DCB340D81D8A26AE0054D16E /* genkey.h in Headers */, + DCB340C71D8A26AE0054D16E /* cryptoclient.h in Headers */, + DCB340DE1D8A26AE0054D16E /* macclient.h in Headers */, + DCB340D61D8A26AE0054D16E /* DLDBList.h in Headers */, + DCB340E01D8A26AE0054D16E /* mdsclient.h in Headers */, + DCB340CE1D8A26AE0054D16E /* dlclient.h in Headers */, + DCB340EC1D8A26AE0054D16E /* wrapkey.h in Headers */, + DCB340EA1D8A26AE0054D16E /* tpclient.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCB341311D8A2A010054D16E /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DCB341651D8A2A340054D16E /* DatabaseSession.h in Headers */, + DCB341761D8A2A340054D16E /* DLabstractsession.h in Headers */, + DCB3415E1D8A2A340054D16E /* CSPsession.h in Headers */, + DCB341751D8A2A340054D16E /* CSPabstractsession.h in Headers */, + DCB3416C1D8A2A340054D16E /* pluginspi.h in Headers */, + DCB341771D8A2A340054D16E /* TPabstractsession.h in Headers */, + DCB3415C1D8A2A340054D16E /* CLsession.h in Headers */, + DCB341611D8A2A340054D16E /* cssmplugin.h in Headers */, + DCB3416B1D8A2A340054D16E /* pluginsession.h in Headers */, + DCB341741D8A2A340054D16E /* CLabstractsession.h in Headers */, + DCB341671D8A2A340054D16E /* DbContext.h in Headers */, + DCB341631D8A2A340054D16E /* Database.h in Headers */, + DCB341691D8A2A340054D16E /* DLsession.h in Headers */, + DCB341731D8A2A340054D16E /* ACabstractsession.h in Headers */, + DCB3416D1D8A2A340054D16E /* TPsession.h in Headers */, + DCB3415A1D8A2A340054D16E /* ACsession.h in Headers */, + DCB3415B1D8A2A340054D16E /* c++plugin.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCB3417C1D8A2B860054D16E /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DCB342091D8A2BAD0054D16E /* cssmdata.h in Headers */, + DCB342071D8A2BAD0054D16E /* cssmcred.h in Headers */, + DCB3422F1D8A2BAD0054D16E /* walkers.h in Headers */, + DCB3422D1D8A2BAD0054D16E /* uniformrandom.h in Headers */, + DCB342051D8A2BAD0054D16E /* cssmcert.h in Headers */, + DCB3421B1D8A2BAD0054D16E /* cssmtrust.h in Headers */, + DCB341FE1D8A2BAD0054D16E /* context.h in Headers */, + DCB341EF1D8A2BAC0054D16E /* acl_prompted.h in Headers */, + DCB342171D8A2BAD0054D16E /* cssmlist.h in Headers */, + DCB342251D8A2BAD0054D16E /* handletemplates_defs.h in Headers */, + DCB342201D8A2BAD0054D16E /* digestobject.h in Headers */, + DCB342271D8A2BAD0054D16E /* Schema.h in Headers */, + DCB3420B1D8A2BAD0054D16E /* cssmdates.h in Headers */, + DCB342021D8A2BAD0054D16E /* cssmalloc.h in Headers */, + DCB341F51D8A2BAD0054D16E /* acl_threshold.h in Headers */, + DCB341E01D8A2BAC0054D16E /* cssmacl.h in Headers */, + DCB341E51D8A2BAC0054D16E /* acl_codesigning.h in Headers */, + DCB342031D8A2BAD0054D16E /* cssmbridge.h in Headers */, + DCB342191D8A2BAD0054D16E /* cssmpods.h in Headers */, + DCB342291D8A2BAD0054D16E /* osxverifier.h in Headers */, + DCB341F31D8A2BAC0054D16E /* acl_secret.h in Headers */, + DCB341ED1D8A2BAC0054D16E /* acl_process.h in Headers */, + DCB341DE1D8A2BAC0054D16E /* aclsubject.h in Headers */, + DCB341F81D8A2BAD0054D16E /* AuthorizationWalkers.h in Headers */, + DCB342111D8A2BAD0054D16E /* cssmendian.h in Headers */, + DCB3422B1D8A2BAD0054D16E /* u32handleobject.h in Headers */, + DCB3420F1D8A2BAD0054D16E /* cssmdbname.h in Headers */, + DCB341F11D8A2BAC0054D16E /* acl_protectedpw.h in Headers */, + DCB342151D8A2BAD0054D16E /* cssmkey.h in Headers */, + DCB342001D8A2BAD0054D16E /* cssmaclpod.h in Headers */, + DCB341EB1D8A2BAC0054D16E /* acl_preauth.h in Headers */, + DCB3421D1D8A2BAD0054D16E /* cssmwalkers.h in Headers */, + DCB341E91D8A2BAC0054D16E /* acl_password.h in Headers */, + DCB341E71D8A2BAC0054D16E /* acl_comment.h in Headers */, + DCB341E31D8A2BAC0054D16E /* acl_any.h in Headers */, + DCB341FA1D8A2BAD0054D16E /* callback.h in Headers */, + DCB342131D8A2BAD0054D16E /* cssmerrors.h in Headers */, + DCB342221D8A2BAD0054D16E /* handleobject.h in Headers */, + DCB3421F1D8A2BAD0054D16E /* db++.h in Headers */, + DCB3420D1D8A2BAD0054D16E /* cssmdb.h in Headers */, + DCB342261D8A2BAD0054D16E /* KeySchema.h in Headers */, + DCB342241D8A2BAD0054D16E /* handletemplates.h in Headers */, + DCB341FC1D8A2BAD0054D16E /* constdata.h in Headers */, + DCB341F71D8A2BAD0054D16E /* AuthorizationData.h in Headers */, + DCB341DC1D8A2BAC0054D16E /* objectacl.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCB3423B1D8A32820054D16E /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DCB3438F1D8A32A20054D16E /* tsaDERUtilities.h in Headers */, + DCB3438C1D8A32A20054D16E /* SecCertificateP.h in Headers */, + DCB343881D8A32A20054D16E /* SecCertificatePrivP.h in Headers */, + DCB343651D8A32A20054D16E /* TrustSettings.h in Headers */, + DCB343831D8A32A20054D16E /* TrustStore.h in Headers */, + DCB343941D8A32A20054D16E /* SecExternalRep.h in Headers */, + DCB343561D8A32A20054D16E /* Password.h in Headers */, + DCB342FC1D8A32A20054D16E /* SecBridge.h in Headers */, + DCB343581D8A32A20054D16E /* Policies.h in Headers */, + DCB343791D8A32A20054D16E /* MacOSErrorStrings.h in Headers */, + DCB343401D8A32A20054D16E /* Certificate.h in Headers */, + DCB343AC1D8A33E10054D16E /* SecRecoveryPassword.h in Headers */, + DCB343441D8A32A20054D16E /* CertificateValues.h in Headers */, + DCB3433E1D8A32A20054D16E /* ACL.h in Headers */, + DCB3437D1D8A32A20054D16E /* StorageManager.h in Headers */, + DCB343A01D8A32A20054D16E /* SecImportExportPkcs8.h in Headers */, + DCB3439A1D8A32A20054D16E /* SecImportExportCrypto.h in Headers */, + DCB3435C1D8A32A20054D16E /* SecCFTypes.h in Headers */, + DCB3439E1D8A32A20054D16E /* SecImportExportPem.h in Headers */, + DCB3435A1D8A32A20054D16E /* PolicyCursor.h in Headers */, + DCB343501D8A32A20054D16E /* KCCursor.h in Headers */, + DCB3433C1D8A32A20054D16E /* Access.h in Headers */, + DCB3434A1D8A32A20054D16E /* Identity.h in Headers */, + DCB343661D8A32A20054D16E /* TrustKeychains.h in Headers */, + DCB3434C1D8A32A20054D16E /* IdentityCursor.h in Headers */, + DCB3436B1D8A32A20054D16E /* CCallbackMgr.h in Headers */, + DCB343751D8A32A20054D16E /* KCEventNotifier.h in Headers */, + DCB343A21D8A32A20054D16E /* SecImportExportUtils.h in Headers */, + DC0BC57B1D8B6FF100070CB0 /* SecFDERecoveryAsymmetricCrypto.h in Headers */, + DCB343521D8A32A20054D16E /* Keychains.h in Headers */, + DCB343871D8A32A20054D16E /* TrustSettingsUtils.h in Headers */, + DCB343631D8A32A20054D16E /* TrustedApplication.h in Headers */, + DCB343AB1D8A33C10054D16E /* SecRandomP.h in Headers */, + DCB343731D8A32A20054D16E /* DynamicDLDBList.h in Headers */, + DCB343811D8A32A20054D16E /* TrustItem.h in Headers */, + DCB343981D8A32A20054D16E /* SecImportExportAgg.h in Headers */, + DCB3439C1D8A32A20054D16E /* SecImportExportOpenSSH.h in Headers */, + DCB343A61D8A32A20054D16E /* SecPkcs8Templates.h in Headers */, + DCB343461D8A32A20054D16E /* ExtendedAttribute.h in Headers */, + DCB343601D8A32A20054D16E /* Trust.h in Headers */, + DCB3437B1D8A32A20054D16E /* PrimaryKey.h in Headers */, + DCB343421D8A32A20054D16E /* CertificateRequest.h in Headers */, + DCB343911D8A32A20054D16E /* TokenLogin.h in Headers */, + DCB3434E1D8A32A20054D16E /* Item.h in Headers */, + DCB343851D8A32A20054D16E /* UnlockReferralItem.h in Headers */, + DCB343681D8A32A20054D16E /* SecTrustOSXEntryPoints.h in Headers */, + DCB343A41D8A32A20054D16E /* SecNetscapeTemplates.h in Headers */, + DCB343481D8A32A20054D16E /* Globals.h in Headers */, + DCB3438D1D8A32A20054D16E /* SecCertificateInternalP.h in Headers */, + DCB3437F1D8A32A20054D16E /* TrustAdditions.h in Headers */, + DCB3436D1D8A32A20054D16E /* cssmdatetime.h in Headers */, + DCB343711D8A32A20054D16E /* DLDBListCFPref.h in Headers */, + DCB343761D8A32A20054D16E /* KCExceptions.h in Headers */, + DCB343541D8A32A20054D16E /* KeyItem.h in Headers */, + DCB3436F1D8A32A20054D16E /* defaultcreds.h in Headers */, + DCB343781D8A32A20054D16E /* KCUtilities.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCB343B01D8A34FD0054D16E /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DCB3449C1D8A35270054D16E /* kc-30-xara-helpers.h in Headers */, + DCB344751D8A35270054D16E /* kc-helpers.h in Headers */, + DCB344781D8A35270054D16E /* kc-identity-helpers.h in Headers */, + DCB344791D8A35270054D16E /* kc-keychain-file-helpers.h in Headers */, + DCB344741D8A35270054D16E /* keychain_regressions.h in Headers */, + DCB344A51D8A35270054D16E /* si-20-sectrust-provisioning.h in Headers */, + DCB344771D8A35270054D16E /* kc-key-helpers.h in Headers */, + DCB3449D1D8A35270054D16E /* kc-30-xara-upgrade-helpers.h in Headers */, + DCB3449F1D8A35270054D16E /* kc-30-xara-key-helpers.h in Headers */, + DCB344761D8A35270054D16E /* kc-item-helpers.h in Headers */, + DCB3449E1D8A35270054D16E /* kc-30-xara-item-helpers.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCC78EA71D8088E200865A7C /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DCEDE3961D80B12600C3826E /* SecTrustInternal.h in Headers */, + DCEDE3951D80B12000C3826E /* secToolFileIO.h in Headers */, + DCEDE3941D80B11800C3826E /* SecPasswordGenerate.h in Headers */, + DCEDE3931D80B11200C3826E /* SecOTR.h in Headers */, + DCEDE3921D80B10E00C3826E /* SecOTRDHKey.h in Headers */, + DCEDE3911D80B10800C3826E /* SecCTKKeyPriv.h in Headers */, + DCEDE3901D80B10100C3826E /* SecOTRIdentityPriv.h in Headers */, + DCEDE3511D80B0FA00C3826E /* secd-71-engine-save-sample1.h in Headers */, + DCC093801D80B0B700F984E4 /* SecCFAllocator.h in Headers */, + DCC0937F1D80B0B100F984E4 /* SecOTRMath.h in Headers */, + DCC0937E1D80B0A700F984E4 /* SecOTRPacketData.h in Headers */, + DCC0937D1D80B09E00F984E4 /* SecOTRPackets.h in Headers */, + DCC0937C1D80B09200F984E4 /* SecSignatureVerificationSupport.h in Headers */, + 48BC0F661DFA2B5B00DDDFF9 /* accountCirclesViewsPrint.h in Headers */, + DCC0937B1D80B07B00F984E4 /* SecOTRSession.h in Headers */, + DCC0937A1D80B07200F984E4 /* SecOTRSessionPriv.h in Headers */, + DCC093791D80B02100F984E4 /* SecOnOSX.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCD067791D8CDF19007602F1 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DCD068371D8CDF7E007602F1 /* cdbuilder.h in Headers */, + DCD068351D8CDF7E007602F1 /* codedirectory.h in Headers */, + DCD068F51D8CDFFE007602F1 /* ANTLRException.hpp in Headers */, + DCD068471D8CDF7E007602F1 /* reqparser.h in Headers */, + DCD069061D8CDFFE007602F1 /* CommonASTWithHiddenTokens.hpp in Headers */, + DCD068451D8CDF7E007602F1 /* reqinterp.h in Headers */, + DCD069151D8CDFFF007602F1 /* RefCount.hpp in Headers */, + DCD068431D8CDF7E007602F1 /* reqreader.h in Headers */, + DCD069191D8CDFFF007602F1 /* TokenBuffer.hpp in Headers */, + DCD068411D8CDF7E007602F1 /* reqmaker.h in Headers */, + DCD0683F1D8CDF7E007602F1 /* requirement.h in Headers */, + DCD068491D8CDF7E007602F1 /* reqdumper.h in Headers */, + DCD068871D8CDF7E007602F1 /* opaquewhitelist.h in Headers */, + DCD0691C1D8CDFFF007602F1 /* TokenStreamBasicFilter.hpp in Headers */, + DCD069251D8CDFFF007602F1 /* TreeParser.hpp in Headers */, + DCD0691E1D8CDFFF007602F1 /* TokenStreamHiddenTokenFilter.hpp in Headers */, + DCD068391D8CDF7E007602F1 /* RequirementKeywords.h in Headers */, + DCD068FC1D8CDFFE007602F1 /* ASTRefCount.hpp in Headers */, + DCD068811D8CDF7E007602F1 /* SecTaskPriv.h in Headers */, + DCD068FE1D8CDFFE007602F1 /* BitSet.hpp in Headers */, + DCD0690C1D8CDFFE007602F1 /* LexerSharedInputState.hpp in Headers */, + DCD069231D8CDFFF007602F1 /* TokenStreamSelector.hpp in Headers */, + DCD0682B1D8CDF7E007602F1 /* StaticCode.h in Headers */, + DCD0681F1D8CDF7E007602F1 /* SecRequirementPriv.h in Headers */, + DCD068671D8CDF7E007602F1 /* SecIntegrityLib.h in Headers */, + DCD069131D8CDFFE007602F1 /* ParserSharedInputState.hpp in Headers */, + DCD069041D8CDFFE007602F1 /* CircularQueue.hpp in Headers */, + DCD068551D8CDF7E007602F1 /* filediskrep.h in Headers */, + DCD068311D8CDF7E007602F1 /* signer.h in Headers */, + DCD0684D1D8CDF7E007602F1 /* cskernel.h in Headers */, + DCD0685B1D8CDF7E007602F1 /* machorep.h in Headers */, + DCD069171D8CDFFF007602F1 /* String.hpp in Headers */, + DCD068631D8CDF7E007602F1 /* detachedrep.h in Headers */, + DCD068FA1D8CDFFE007602F1 /* ASTNULLType.hpp in Headers */, + DCD068891D8CDF7E007602F1 /* policydb.h in Headers */, + DCD0691B1D8CDFFF007602F1 /* TokenStream.hpp in Headers */, + DCD068F91D8CDFFE007602F1 /* ASTFactory.hpp in Headers */, + DCD0685D1D8CDF7E007602F1 /* slcrep.h in Headers */, + DCD0691F1D8CDFFF007602F1 /* TokenStreamIOException.hpp in Headers */, + DCD0691D1D8CDFFF007602F1 /* TokenStreamException.hpp in Headers */, + DCD069141D8CDFFF007602F1 /* RecognitionException.hpp in Headers */, + DCD0684B1D8CDF7E007602F1 /* drmaker.h in Headers */, + DCD068231D8CDF7E007602F1 /* SecCodeHost.h in Headers */, + DCD0684F1D8CDF7E007602F1 /* csprocess.h in Headers */, + DCD068FB1D8CDFFE007602F1 /* ASTPair.hpp in Headers */, + DCD0688B1D8CDF7E007602F1 /* policyengine.h in Headers */, + DCD068271D8CDF7E007602F1 /* cs.h in Headers */, + DCD068611D8CDF7E007602F1 /* singlediskrep.h in Headers */, + DCD068291D8CDF7E007602F1 /* Code.h in Headers */, + DCD068251D8CDF7E007602F1 /* SecIntegrity.h in Headers */, + DCD0690E1D8CDFFE007602F1 /* MismatchedCharException.hpp in Headers */, + DCD0687E1D8CDF7E007602F1 /* antlrplugin.h in Headers */, + DCD0690D1D8CDFFE007602F1 /* LLkParser.hpp in Headers */, + DCD068171D8CDF7E007602F1 /* CSCommonPriv.h in Headers */, + DCD068181D8CDF7E007602F1 /* SecCode.h in Headers */, + DCD0682D1D8CDF7E007602F1 /* Requirements.h in Headers */, + DCD068781D8CDF7E007602F1 /* xar++.h in Headers */, + DCD0681E1D8CDF7E007602F1 /* SecRequirement.h in Headers */, + DCD069121D8CDFFE007602F1 /* Parser.hpp in Headers */, + DCD069021D8CDFFE007602F1 /* CharStreamException.hpp in Headers */, + DCD0682F1D8CDF7E007602F1 /* CodeSigner.h in Headers */, + DCD068F71D8CDFFE007602F1 /* AST.hpp in Headers */, + DCD0681C1D8CDF7E007602F1 /* SecStaticCodePriv.h in Headers */, + DCD0688D1D8CDF7E007602F1 /* xpcengine.h in Headers */, + DCD0687A1D8CDF7E007602F1 /* quarantine++.h in Headers */, + DCD068591D8CDF7E007602F1 /* kerneldiskrep.h in Headers */, + DCD0685F1D8CDF7E007602F1 /* diskimagerep.h in Headers */, + DCD069001D8CDFFE007602F1 /* CharInputBuffer.hpp in Headers */, + DCD068691D8CDF7E007602F1 /* SecCodeHostLib.h in Headers */, + DCD068F61D8CDFFE007602F1 /* ANTLRUtil.hpp in Headers */, + DCD069161D8CDFFF007602F1 /* SemanticException.hpp in Headers */, + DC1002D81D8E1A670025549C /* SecTask.h in Headers */, + DCD068741D8CDF7E007602F1 /* sigblob.h in Headers */, + DCD069211D8CDFFF007602F1 /* TokenStreamRetryException.hpp in Headers */, + DCD068FF1D8CDFFE007602F1 /* CharBuffer.hpp in Headers */, + DCD069261D8CDFFF007602F1 /* TreeParserSharedInputState.hpp in Headers */, + DCD068331D8CDF7E007602F1 /* signerutils.h in Headers */, + DCD068191D8CDF7E007602F1 /* SecCodePriv.h in Headers */, + DCD0690A1D8CDFFE007602F1 /* InputBuffer.hpp in Headers */, + DCD069011D8CDFFE007602F1 /* CharScanner.hpp in Headers */, + DCD068511D8CDF7E007602F1 /* csgeneric.h in Headers */, + DCD0687C1D8CDF7E007602F1 /* dirscanner.h in Headers */, + DCD068831D8CDF7E007602F1 /* SecAssessment.h in Headers */, + DCD068531D8CDF7E007602F1 /* diskrep.h in Headers */, + DCD068F81D8CDFFE007602F1 /* ASTArray.hpp in Headers */, + DCD0681B1D8CDF7E007602F1 /* SecStaticCode.h in Headers */, + DCD069201D8CDFFF007602F1 /* TokenStreamRecognitionException.hpp in Headers */, + DCD069181D8CDFFF007602F1 /* Token.hpp in Headers */, + DCD068761D8CDF7E007602F1 /* csutilities.h in Headers */, + DCD0683E1D8CDF7E007602F1 /* RequirementParserTokenTypes.hpp in Headers */, + DCD0690F1D8CDFFE007602F1 /* MismatchedTokenException.hpp in Headers */, + DCD069051D8CDFFE007602F1 /* CommonAST.hpp in Headers */, + DCD0683D1D8CDF7E007602F1 /* RequirementParser.hpp in Headers */, + DCD068151D8CDF7E007602F1 /* CodeSigning.h in Headers */, + DCD0690B1D8CDFFE007602F1 /* IOException.hpp in Headers */, + DCD069241D8CDFFF007602F1 /* TokenWithIndex.hpp in Headers */, + DCD069071D8CDFFE007602F1 /* CommonHiddenStreamToken.hpp in Headers */, + DCD069101D8CDFFE007602F1 /* NoViableAltException.hpp in Headers */, + DCD068FD1D8CDFFE007602F1 /* BaseAST.hpp in Headers */, + DCD068851D8CDF7E007602F1 /* evaluationmanager.h in Headers */, + DCD069111D8CDFFE007602F1 /* NoViableAltForCharException.hpp in Headers */, + DCD069221D8CDFFF007602F1 /* TokenStreamRewriteEngine.hpp in Headers */, + DCD068161D8CDF7E007602F1 /* CSCommon.h in Headers */, + DCD068571D8CDF7E007602F1 /* bundlediskrep.h in Headers */, + DCD0691A1D8CDFFF007602F1 /* TokenRefCount.hpp in Headers */, + DCD068701D8CDF7E007602F1 /* cserror.h in Headers */, + DCD0683B1D8CDF7E007602F1 /* RequirementLexer.hpp in Headers */, + DCD068721D8CDF7E007602F1 /* resources.h in Headers */, + DCD069091D8CDFFE007602F1 /* config.hpp in Headers */, + DCD069081D8CDFFE007602F1 /* CommonToken.hpp in Headers */, + DCD0686E1D8CDF7E007602F1 /* csdatabase.h in Headers */, + DCD068211D8CDF7E007602F1 /* SecCodeSigner.h in Headers */, + DCD069031D8CDFFE007602F1 /* CharStreamIOException.hpp in Headers */, + DCD068651D8CDF7E007602F1 /* piddiskrep.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCD069761D8CE21C007602F1 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DCD06A411D8CE251007602F1 /* SecIntegrity.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCD06A491D8CE281007602F1 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DCD06A521D8CE29C007602F1 /* SecCodeHostLib.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCD06AAA1D8E0D53007602F1 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DCD06BA41D8E0D7D007602F1 /* machrunloopserver.h in Headers */, + DCD06B871D8E0D7D007602F1 /* fdsel.h in Headers */, + DCD06B501D8E0D7D007602F1 /* debugsupport.h in Headers */, + DCD06B4C1D8E0D7D007602F1 /* ccaudit.h in Headers */, + DCD06B671D8E0D7D007602F1 /* powerwatch.h in Headers */, + DCD06B561D8E0D7D007602F1 /* endian.h in Headers */, + DCD06BC41D8E0DC2007602F1 /* utilities_dtrace.h in Headers */, + DCD06B711D8E0D7D007602F1 /* streams.h in Headers */, + DCD06B7C1D8E0D7D007602F1 /* trackingallocator.h in Headers */, + DCD06B851D8E0D7D007602F1 /* fdmover.h in Headers */, + DCD06B691D8E0D7D007602F1 /* refcount.h in Headers */, + DCD06BA11D8E0D7D007602F1 /* dyld_cache_format.h in Headers */, + DCD06BB81D8E0D7D007602F1 /* ip++.h in Headers */, + DCD06B601D8E0D7D007602F1 /* ktracecodes.h in Headers */, + DCD06BB01D8E0D7D007602F1 /* buffers.h in Headers */, + DCD06B7A1D8E0D7D007602F1 /* tqueue.h in Headers */, + DCD06B651D8E0D7D007602F1 /* osxcode.h in Headers */, + DCD06B631D8E0D7D007602F1 /* memstreams.h in Headers */, + DCD06B6F1D8E0D7D007602F1 /* sqlite++.h in Headers */, + DCD06B891D8E0D7D007602F1 /* kq++.h in Headers */, + DCD06B971D8E0D7D007602F1 /* mach++.h in Headers */, + DCD06BB61D8E0D7D007602F1 /* inetreply.h in Headers */, + DCD06B3F1D8E0D7D007602F1 /* FileLockTransaction.h in Headers */, + DCD06B9F1D8E0D7D007602F1 /* dyldcache.h in Headers */, + DCD06B821D8E0D7D007602F1 /* utilities.h in Headers */, + DCD06BBA1D8E0D7D007602F1 /* url.h in Headers */, + DCD06B521D8E0D7D007602F1 /* devrandom.h in Headers */, + DCD06B751D8E0D7D007602F1 /* threading.h in Headers */, + DCD06B3D1D8E0D7D007602F1 /* debugging.h in Headers */, + DCD06B611D8E0D7D007602F1 /* logging.h in Headers */, + DCD06B471D8E0D7D007602F1 /* alloc.h in Headers */, + DCD06B731D8E0D7D007602F1 /* superblob.h in Headers */, + DCD06B991D8E0D7D007602F1 /* mach_notify.h in Headers */, + DCD06B491D8E0D7D007602F1 /* blob.h in Headers */, + DCD06B911D8E0D7D007602F1 /* unix++.h in Headers */, + DCD06B9D1D8E0D7D007602F1 /* macho++.h in Headers */, + DCD06B951D8E0D7D007602F1 /* vproc++.h in Headers */, + DCD06BAA1D8E0D7D007602F1 /* cfmunge.h in Headers */, + DCD06B6A1D8E0D7D007602F1 /* seccfobject.h in Headers */, + DCD06BBE1D8E0D7D007602F1 /* socks++4.h in Headers */, + DCD06B411D8E0D7D007602F1 /* CSPDLTransaction.h in Headers */, + DCD06BB41D8E0D7D007602F1 /* hosts.h in Headers */, + DCD06B4D1D8E0D7D007602F1 /* daemon.h in Headers */, + DCD06BAC1D8E0D7D007602F1 /* cfutilities.h in Headers */, + DCD06B4F1D8E0D7D007602F1 /* debugging_internal.h in Headers */, + DCD06B931D8E0D7D007602F1 /* unixchild.h in Headers */, + DCD06B581D8E0D7D007602F1 /* errors.h in Headers */, + DCD06BC01D8E0D7D007602F1 /* socks++5.h in Headers */, + DCD06B551D8E0D7D007602F1 /* dispatch.h in Headers */, + DCD06B761D8E0D7D007602F1 /* threading_internal.h in Headers */, + DCD06B5E1D8E0D7D007602F1 /* iodevices.h in Headers */, + DCD06B8F1D8E0D7D007602F1 /* selector.h in Headers */, + DCD06BB21D8E0D7D007602F1 /* headermap.h in Headers */, + DCD06BA81D8E0D7D007602F1 /* cfclass.h in Headers */, + DCD06BA21D8E0D7D007602F1 /* machserver.h in Headers */, + DCD06B6C1D8E0D7D007602F1 /* security_utilities.h in Headers */, + DCD06B7F1D8E0D7D007602F1 /* transactions.h in Headers */, + DCD06B451D8E0D7D007602F1 /* adornments.h in Headers */, + DCD06B781D8E0D7D007602F1 /* timeflow.h in Headers */, + DCD06B641D8E0D7D007602F1 /* memutils.h in Headers */, + DCD06BA61D8E0D7D007602F1 /* coderepository.h in Headers */, + DCD06B5A1D8E0D7D007602F1 /* globalizer.h in Headers */, + DCD06B811D8E0D7D007602F1 /* typedvalue.h in Headers */, + DCD06B421D8E0D7D007602F1 /* casts.h in Headers */, + DCD06B841D8E0D7D007602F1 /* utility_config.h in Headers */, + DCD06B8D1D8E0D7D007602F1 /* pcsc++.h in Headers */, + DCD06B9B1D8E0D7D007602F1 /* cfmach++.h in Headers */, + DCD06B441D8E0D7D007602F1 /* crc.h in Headers */, + DCD06BAE1D8E0D7D007602F1 /* bufferfifo.h in Headers */, + DCD06B6D1D8E0D7D007602F1 /* simpleprefs.h in Headers */, + DCD06B8B1D8E0D7D007602F1 /* muscle++.h in Headers */, + DCD06BBC1D8E0D7D007602F1 /* socks++.h in Headers */, + DCD06B5C1D8E0D7D007602F1 /* hashing.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCD66D6F1D8204A700DB1393 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DCD66DC11D82055400DB1393 /* SecTrustInternal.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCD66DD61D8205C400DB1393 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF7830D1D88B4DE00E694BB /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DCF784941D88B62D00E694BB /* bf_locl.h in Headers */, + DCF784011D88B60D00E694BB /* rc4Context.h in Headers */, + DCF784E31D88B62E00E694BB /* opensslv_legacy.h in Headers */, + DCF783F61D88B60D00E694BB /* pkcs8.h in Headers */, + DCF783CE1D88B60D00E694BB /* bsobjects.h in Headers */, + DCF783A71D88B60D00E694BB /* rijndaelApi.h in Headers */, + DCF7839D1D88B60D00E694BB /* aesCommon.h in Headers */, + DCF783EA1D88B60D00E694BB /* pbkdDigest.h in Headers */, + DCF783F21D88B60D00E694BB /* SHA2_Object.h in Headers */, + DCF784E61D88B62E00E694BB /* rc5_legacy.h in Headers */, + DCF783A11D88B60D00E694BB /* boxes-ref.h in Headers */, + DCF784B91D88B62E00E694BB /* cryptlib.h in Headers */, + DCF783B31D88B60D00E694BB /* AppleCSPUtils.h in Headers */, + DCF784CD1D88B62E00E694BB /* rc2_locl.h in Headers */, + DCF783D51D88B60D00E694BB /* cryptkitcsp.h in Headers */, + DCF783D61D88B60D00E694BB /* CryptKitSpace.h in Headers */, + DCF783B11D88B60D00E694BB /* AppleCSPSession.h in Headers */, + DCF783E21D88B60D00E694BB /* DH_exchange.h in Headers */, + DCF783D21D88B60D00E694BB /* ascContext.h in Headers */, + DCF783E81D88B60D00E694BB /* HMACSHA1.h in Headers */, + DCF784DE1D88B62E00E694BB /* evp_legacy.h in Headers */, + DCF784DD1D88B62E00E694BB /* opensslerr.h in Headers */, + DCF783FF1D88B60D00E694BB /* rc2Context.h in Headers */, + DCF783F81D88B60D00E694BB /* bfContext.h in Headers */, + DCF783AA1D88B60D00E694BB /* AppleCSP.h in Headers */, + DCF783AD1D88B60D00E694BB /* AppleCSPContext.h in Headers */, + DCF783CC1D88B60D00E694BB /* bsafePKCS1.h in Headers */, + DCF783B41D88B60D00E694BB /* BinaryKey.h in Headers */, + DCF783BD1D88B60D00E694BB /* MacContext.h in Headers */, + DCF7839F1D88B60D00E694BB /* aescspi.h in Headers */, + DCF783E01D88B60D00E694BB /* DH_csp.h in Headers */, + DCF783DE1D88B60D00E694BB /* FEESignatureObject.h in Headers */, + DCF784E81D88B62E00E694BB /* safestack_legacy.h in Headers */, + DCF784A21D88B62D00E694BB /* bn_lcl.h in Headers */, + DCF784E71D88B62E00E694BB /* rsa_legacy.h in Headers */, + DCF784D01D88B62E00E694BB /* rc5_locl.h in Headers */, + DCF784D51D88B62E00E694BB /* bn_legacy.h in Headers */, + DCF783FC1D88B60D00E694BB /* desContext.h in Headers */, + DCF784E01D88B62E00E694BB /* objects_legacy.h in Headers */, + DCF783DA1D88B60D00E694BB /* FEECSPUtils.h in Headers */, + DCF7840C1D88B60D00E694BB /* RSA_DSA_csp.h in Headers */, + DCF784951D88B62D00E694BB /* bf_pi.h in Headers */, + DCF784101D88B60D00E694BB /* opensshCoding.h in Headers */, + DCF784E41D88B62E00E694BB /* rand.h in Headers */, + DCF784DC1D88B62E00E694BB /* e_os2_legacy.h in Headers */, + DCF784E91D88B62E00E694BB /* stack_legacy.h in Headers */, + DCF783BB1D88B60D00E694BB /* DigestContext.h in Headers */, + DCF783DC1D88B60D00E694BB /* FEEKeys.h in Headers */, + DCF784DB1D88B62E00E694BB /* e_os.h in Headers */, + DCF783C91D88B60D00E694BB /* bsafecspi.h in Headers */, + DCF784D71D88B62E00E694BB /* cast_legacy.h in Headers */, + DCF783C01D88B60D00E694BB /* SignatureContext.h in Headers */, + DCF783D31D88B60D00E694BB /* ascFactory.h in Headers */, + DCF784DA1D88B62E00E694BB /* dsa_legacy.h in Headers */, + DCF784E21D88B62E00E694BB /* opensslconf_legacy.h in Headers */, + DCF783E41D88B60D00E694BB /* DH_keys.h in Headers */, + DCF783FA1D88B60D00E694BB /* castContext.h in Headers */, + DCF7840E1D88B60D00E694BB /* RSA_DSA_keys.h in Headers */, + DCF784D41D88B62E00E694BB /* blowfish_legacy.h in Headers */, + DCF783C41D88B60D00E694BB /* YarrowConnection.h in Headers */, + DCF784A81D88B62D00E694BB /* bn_prime.h in Headers */, + DCF784141D88B60D00E694BB /* opensslAsn1.h in Headers */, + DCF784D61D88B62E00E694BB /* buffer_legacy.h in Headers */, + DCF783A51D88B60D00E694BB /* rijndael-alg-ref.h in Headers */, + DCF783E61D88B60D00E694BB /* DH_utils.h in Headers */, + DCF784EA1D88B62E00E694BB /* x509_legacy.h in Headers */, + DCF783B81D88B60D00E694BB /* cspdebugging.h in Headers */, + DCF784D31D88B62E00E694BB /* bio_legacy.h in Headers */, + DCF783C81D88B60D00E694BB /* bsafecsp.h in Headers */, + DCF784D21D88B62E00E694BB /* asn1_legacy.h in Headers */, + DCF784DF1D88B62E00E694BB /* lhash_legacy.h in Headers */, + DCF7840F1D88B60D00E694BB /* RSA_asymmetric.h in Headers */, + DCF784081D88B60D00E694BB /* RSA_DSA_signature.h in Headers */, + DCF784051D88B60D00E694BB /* miscAlgFactory.h in Headers */, + DCF784D81D88B62E00E694BB /* crypto_legacy.h in Headers */, + DCF784D91D88B62E00E694BB /* dh_legacy.h in Headers */, + DCF783D81D88B60D00E694BB /* FEEAsymmetricContext.h in Headers */, + DCF783B61D88B60D00E694BB /* BlockCryptor.h in Headers */, + DCF784EB1D88B62E00E694BB /* x509_vfy_legacy.h in Headers */, + DCF784031D88B60D00E694BB /* rc5Context.h in Headers */, + DCF783A31D88B60D00E694BB /* gladmanContext.h in Headers */, + DCF783FD1D88B60D00E694BB /* NullCryptor.h in Headers */, + DCF783EC1D88B60D00E694BB /* pbkdf2.h in Headers */, + DCF7840A1D88B60D00E694BB /* RSA_DSA_utils.h in Headers */, + DCF783BE1D88B60D00E694BB /* RawSigner.h in Headers */, + DCF784E11D88B62E00E694BB /* openssl_pkcs7_legacy.h in Headers */, + DCF783EE1D88B60D00E694BB /* MD2Object.h in Headers */, + DCF784161D88B60D00E694BB /* opensslUtils.h in Headers */, + DCF783F41D88B60D00E694BB /* pkcs12Derive.h in Headers */, + DCF783AF1D88B60D00E694BB /* AppleCSPKeys.h in Headers */, + DCF784E51D88B62E00E694BB /* rc2_legacy.h in Headers */, + DCF783F01D88B60D00E694BB /* SHA1_MD5_Object.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF785031D88B95500E694BB /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DCF7872B1D88BA0100E694BB /* SSKey.h in Headers */, + DCF7871D1D88BA0100E694BB /* CSPDLPlugin.h in Headers */, + DCF787251D88BA0100E694BB /* SSDatabase.h in Headers */, + DCF7871F1D88BA0100E694BB /* SSContext.h in Headers */, + DCF787271D88BA0100E694BB /* SSDLSession.h in Headers */, + DCF787211D88BA0100E694BB /* SSCSPDLSession.h in Headers */, + DCF787231D88BA0100E694BB /* SSCSPSession.h in Headers */, + DCF7871B1D88BA0100E694BB /* CSPDLDatabase.h in Headers */, + DCF787291D88BA0100E694BB /* SSFactory.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF787511D88C86900E694BB /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF788351D88C8C400E694BB /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DCF788421D88C8DE00E694BB /* AppleFileDL.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF788481D88CA7200E694BB /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DCF788821D88CABC00E694BB /* cldebugging.h in Headers */, + DCF7888B1D88CABC00E694BB /* CSPAttacher.h in Headers */, + DCF788841D88CABC00E694BB /* CLFieldsCommon.h in Headers */, + DCF7888F1D88CABC00E694BB /* DecodedCrl.h in Headers */, + DCF788761D88CABC00E694BB /* AppleX509CL.h in Headers */, + DCF788941D88CABC00E694BB /* LockedMap.h in Headers */, + DCF788881D88CABC00E694BB /* clNssUtils.h in Headers */, + DCF788911D88CABC00E694BB /* DecodedExtensions.h in Headers */, + DCF7887F1D88CABC00E694BB /* CLCertExtensions.h in Headers */, + DCF788931D88CABC00E694BB /* DecodedItem.h in Headers */, + DCF788861D88CABC00E694BB /* clNameUtils.h in Headers */, + DCF7887D1D88CABC00E694BB /* CLCachedEntry.h in Headers */, + DCF7887A1D88CABC00E694BB /* AppleX509CLSession.h in Headers */, + DCF788811D88CABC00E694BB /* CLCrlExtensions.h in Headers */, + DCF7888D1D88CABC00E694BB /* DecodedCert.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF788AC1D88CD2400E694BB /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + DCF789271D88CD6700E694BB /* certGroupUtils.h in Headers */, + DCF7893A1D88CD6700E694BB /* ocspRequest.h in Headers */, + DCF789381D88CD6700E694BB /* TPNetwork.h in Headers */, + DCF789311D88CD6700E694BB /* TPCrlInfo.h in Headers */, + DCF789241D88CD6700E694BB /* AppleTPSession.h in Headers */, + DCF789221D88CD6700E694BB /* AppleTP.h in Headers */, + DCF789291D88CD6700E694BB /* cuEnc64.h in Headers */, + DCF789351D88CD6700E694BB /* TPDatabase.h in Headers */, + DCF789331D88CD6700E694BB /* tpCrlVerify.h in Headers */, + DCF7893C1D88CD6700E694BB /* tpOcspCache.h in Headers */, + DCF789361D88CD6700E694BB /* tpdebugging.h in Headers */, + DCF7892E1D88CD6700E694BB /* TPCertInfo.h in Headers */, + DCF7893E1D88CD6700E694BB /* tpOcspCertVfy.h in Headers */, + DCF789441D88CD6700E694BB /* tpTime.h in Headers */, + DCF789421D88CD6700E694BB /* tpPolicies.h in Headers */, + DCF789401D88CD6700E694BB /* tpOcspVerify.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + E7D847C21C6BE9710025BB44 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + E75C0E851C71329900E6953B /* KeychainCircle.h in Headers */, + E71454F11C741E1500B5B20B /* KCDer.h in Headers */, + E772FD701CC15F1F00D63E41 /* NSData+SecRandom.h in Headers */, + E7F480321C73FC4C00390FDB /* KCAESGCMDuplexSession.h in Headers */, + E7F480121C729C7B00390FDB /* NSError+KCCreationHelpers.h in Headers */, + E7E3EFE31CBC195700E79A5D /* KCAccountKCCircleDelegate.h in Headers */, + E794BB011C759B1200339A0F /* KCJoiningMessages.h in Headers */, + E71454EF1C741E0800B5B20B /* KCError.h in Headers */, + E7F482961C74FDF800390FDB /* KCJoiningSession.h in Headers */, + E75C0E821C6FC31D00E6953B /* KCSRPContext.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXHeadersBuildPhase section */ + +/* Begin PBXLegacyTarget section */ + DC5AC1351D835D9700CF422C /* ===== Source Gen ===== */ = { + isa = PBXLegacyTarget; + buildArgumentsString = "$(ACTION)"; + buildConfigurationList = DC5AC1361D835D9700CF422C /* Build configuration list for PBXLegacyTarget "===== Source Gen =====" */; + buildPhases = ( + ); + buildToolPath = /usr/bin/make; + dependencies = ( + ); + name = "===== Source Gen ====="; + passBuildSettingsInEnvironment = 1; + productName = "--- Daemons ---"; + }; + DC8E04911D7F6CED006D80EB /* ======= Daemons ========= */ = { + isa = PBXLegacyTarget; + buildArgumentsString = "$(ACTION)"; + buildConfigurationList = DC8E04921D7F6CED006D80EB /* Build configuration list for PBXLegacyTarget "======= Daemons =========" */; + buildPhases = ( + ); + buildToolPath = /usr/bin/make; + dependencies = ( + ); + name = "======= Daemons ========="; + passBuildSettingsInEnvironment = 1; + productName = "--- Daemons ---"; + }; + DC8E04951D7F6D80006D80EB /* ========= CLI =========== */ = { + isa = PBXLegacyTarget; + buildArgumentsString = "$(ACTION)"; + buildConfigurationList = DC8E04961D7F6D80006D80EB /* Build configuration list for PBXLegacyTarget "========= CLI ===========" */; + buildPhases = ( + ); + buildToolPath = /usr/bin/make; + dependencies = ( + ); + name = "========= CLI ==========="; + passBuildSettingsInEnvironment = 1; + productName = "--- Daemons ---"; + }; + DC8E04991D7F6D9C006D80EB /* ====== Frameworks ======== */ = { + isa = PBXLegacyTarget; + buildArgumentsString = "$(ACTION)"; + buildConfigurationList = DC8E049A1D7F6D9C006D80EB /* Build configuration list for PBXLegacyTarget "====== Frameworks ========" */; + buildPhases = ( + ); + buildToolPath = /usr/bin/make; + dependencies = ( + ); + name = "====== Frameworks ========"; + passBuildSettingsInEnvironment = 1; + productName = "--- Daemons ---"; + }; + DC8E049D1D7F6DBC006D80EB /* ==== Test Binaries ======= */ = { + isa = PBXLegacyTarget; + buildArgumentsString = "$(ACTION)"; + buildConfigurationList = DC8E049E1D7F6DBC006D80EB /* Build configuration list for PBXLegacyTarget "==== Test Binaries =======" */; + buildPhases = ( + ); + buildToolPath = /usr/bin/make; + dependencies = ( + ); + name = "==== Test Binaries ======="; + passBuildSettingsInEnvironment = 1; + productName = "--- Daemons ---"; + }; + DC8E04A11D7F6DFC006D80EB /* ======= Apps ========== */ = { + isa = PBXLegacyTarget; + buildArgumentsString = "$(ACTION)"; + buildConfigurationList = DC8E04A21D7F6DFC006D80EB /* Build configuration list for PBXLegacyTarget "======= Apps ==========" */; + buildPhases = ( + ); + buildToolPath = /usr/bin/make; + dependencies = ( + ); + name = "======= Apps =========="; + passBuildSettingsInEnvironment = 1; + productName = "--- Daemons ---"; + }; + DC8E04A51D7F6E50006D80EB /* ===== Top-Level Targets ===== */ = { + isa = PBXLegacyTarget; + buildArgumentsString = "$(ACTION)"; + buildConfigurationList = DC8E04A61D7F6E50006D80EB /* Build configuration list for PBXLegacyTarget "===== Top-Level Targets =====" */; + buildPhases = ( + ); + buildToolPath = /usr/bin/make; + dependencies = ( + ); + name = "===== Top-Level Targets ====="; + passBuildSettingsInEnvironment = 1; + productName = "--- Daemons ---"; + }; + DC8E04A91D7F6E63006D80EB /* === Legacy Targets ===== */ = { + isa = PBXLegacyTarget; + buildArgumentsString = "$(ACTION)"; + buildConfigurationList = DC8E04AA1D7F6E63006D80EB /* Build configuration list for PBXLegacyTarget "=== Legacy Targets =====" */; + buildPhases = ( + ); + buildToolPath = /usr/bin/make; + dependencies = ( + ); + name = "=== Legacy Targets ====="; + passBuildSettingsInEnvironment = 1; + productName = "--- Daemons ---"; + }; + DC8E04AD1D7F6E76006D80EB /* ======= misc ========= */ = { + isa = PBXLegacyTarget; + buildArgumentsString = "$(ACTION)"; + buildConfigurationList = DC8E04AE1D7F6E76006D80EB /* Build configuration list for PBXLegacyTarget "======= misc =========" */; + buildPhases = ( + ); + buildToolPath = /usr/bin/make; + dependencies = ( + ); + name = "======= misc ========="; + passBuildSettingsInEnvironment = 1; + productName = "--- Daemons ---"; + }; + DC8E04B11D7F6EC9006D80EB /* ======= Libraries ========= */ = { + isa = PBXLegacyTarget; + buildArgumentsString = "$(ACTION)"; + buildConfigurationList = DC8E04B21D7F6EC9006D80EB /* Build configuration list for PBXLegacyTarget "======= Libraries =========" */; + buildPhases = ( + ); + buildToolPath = /usr/bin/make; + dependencies = ( + ); + name = "======= Libraries ========="; + passBuildSettingsInEnvironment = 1; + productName = "--- Daemons ---"; + }; + DCD0696B1D8CE1F9007602F1 /* ==== Code Signing ===== */ = { + isa = PBXLegacyTarget; + buildArgumentsString = "$(ACTION)"; + buildConfigurationList = DCD0696C1D8CE1F9007602F1 /* Build configuration list for PBXLegacyTarget "==== Code Signing =====" */; + buildPhases = ( + ); + buildToolPath = /usr/bin/make; + dependencies = ( + ); + name = "==== Code Signing ====="; + passBuildSettingsInEnvironment = 1; + productName = "--- Daemons ---"; + }; + DCF782BA1D88B44300E694BB /* ==== macOS Libraries ====== */ = { + isa = PBXLegacyTarget; + buildArgumentsString = "$(ACTION)"; + buildConfigurationList = DCF782BB1D88B44300E694BB /* Build configuration list for PBXLegacyTarget "==== macOS Libraries ======" */; + buildPhases = ( + ); + buildToolPath = /usr/bin/make; + dependencies = ( + ); + name = "==== macOS Libraries ======"; + passBuildSettingsInEnvironment = 1; + productName = "--- Daemons ---"; + }; + EBBE20571C21380100B7A639 /* SecurityFeatures */ = { + isa = PBXLegacyTarget; + buildArgumentsString = "$(PROJECT_DIR)/SecurityFeatures/ExternalProject.sh $(ACTION)"; + buildConfigurationList = EBBE20581C21380200B7A639 /* Build configuration list for PBXLegacyTarget "SecurityFeatures" */; + buildPhases = ( + ); + buildToolPath = /bin/bash; + buildWorkingDirectory = "$(PROJECT_DIR)/SecurityFeatures"; + dependencies = ( + ); + name = SecurityFeatures; + passBuildSettingsInEnvironment = 1; + productName = SecurityFeatures; + }; +/* End PBXLegacyTarget section */ + +/* Begin PBXNativeTarget section */ + 0C0BDB2E175685B000BC1A7E /* secdtests_ios */ = { + isa = PBXNativeTarget; + buildConfigurationList = 0C0BDB43175685B000BC1A7E /* Build configuration list for PBXNativeTarget "secdtests_ios" */; + buildPhases = ( + 0C0BDB2B175685B000BC1A7E /* Sources */, + 0C0BDB2C175685B000BC1A7E /* Frameworks */, + 0C0BDB2D175685B000BC1A7E /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + DC00ABCF1D821F1700513D74 /* PBXTargetDependency */, + DC00ABD11D821F1A00513D74 /* PBXTargetDependency */, + DC00ABD31D821F1D00513D74 /* PBXTargetDependency */, + DC59EA901D91CDC6001BDDF5 /* PBXTargetDependency */, + DC65E75A1D8CB48900152EF0 /* PBXTargetDependency */, + DC59E9A91D91C7CC001BDDF5 /* PBXTargetDependency */, + DC65E75C1D8CB49200152EF0 /* PBXTargetDependency */, + DC52EDFC1D80D67C00B0A59C /* PBXTargetDependency */, + DC00ABD51D821F2700513D74 /* PBXTargetDependency */, + DC65E75E1D8CB49A00152EF0 /* PBXTargetDependency */, + ); + name = secdtests_ios; + productName = secdtest; + productReference = 0C0BDB2F175685B000BC1A7E /* secdtests */; + productType = "com.apple.product-type.tool"; + }; + 0C2BCBA81D06401F00ED7A2F /* dtlsEchoClient */ = { + isa = PBXNativeTarget; + buildConfigurationList = 0C2BCBB61D06401F00ED7A2F /* Build configuration list for PBXNativeTarget "dtlsEchoClient" */; + buildPhases = ( + 0C2BCBAD1D06401F00ED7A2F /* Sources */, + 0C2BCBB21D06401F00ED7A2F /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + DC65E76C1D8CB4DF00152EF0 /* PBXTargetDependency */, + ); + name = dtlsEchoClient; + productName = sslViewer; + productReference = 0C2BCBB91D06401F00ED7A2F /* dtlsEchoClient */; + productType = "com.apple.product-type.tool"; + }; + 0C2BCBBD1D0648D100ED7A2F /* dtlsEchoServer */ = { + isa = PBXNativeTarget; + buildConfigurationList = 0C2BCBCB1D0648D100ED7A2F /* Build configuration list for PBXNativeTarget "dtlsEchoServer" */; + buildPhases = ( + 0C2BCBC21D0648D100ED7A2F /* Sources */, + 0C2BCBC71D0648D100ED7A2F /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + DC65E76E1D8CB4E600152EF0 /* PBXTargetDependency */, + ); + name = dtlsEchoServer; + productName = sslViewer; + productReference = 0C2BCBCE1D0648D100ED7A2F /* dtlsEchoServer */; + productType = "com.apple.product-type.tool"; + }; + 4381690B1B4EDCBD00C54D58 /* SOSCCAuthPlugin */ = { + isa = PBXNativeTarget; + buildConfigurationList = 438169381B4EDCBD00C54D58 /* Build configuration list for PBXNativeTarget "SOSCCAuthPlugin" */; + buildPhases = ( + 438169081B4EDCBD00C54D58 /* Sources */, + 438169091B4EDCBD00C54D58 /* Frameworks */, + 4381690A1B4EDCBD00C54D58 /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = SOSCCAuthPlugin; + productName = SOSCCAuthPlugin; + productReference = 4381690C1B4EDCBD00C54D58 /* SOSCCAuthPlugin.bundle */; + productType = "com.apple.product-type.bundle"; + }; + 4C32C0AE0A4975F6002891BD /* Security_ios */ = { + isa = PBXNativeTarget; + buildConfigurationList = 4C32C0B10A4975F7002891BD /* Build configuration list for PBXNativeTarget "Security_ios" */; + buildPhases = ( + 4C32C0AA0A4975F6002891BD /* Headers */, + E73288DD1AED7215008CE839 /* Copy SecureObjectSync Headers */, + 4C32C0AB0A4975F6002891BD /* Resources */, + 4C32C0AC0A4975F6002891BD /* Sources */, + 4C32C0AD0A4975F6002891BD /* Frameworks */, + EB5D72ED1B0CB082009CAA47 /* Old SOS header location */, + 5EE098DE1CD21661009FCA27 /* Unifdef RC_HIDE_J79/J80 */, + ); + buildRules = ( + E7B006FF170B56E700B27966 /* PBXBuildRule */, + ); + dependencies = ( + DC59E9A61D91C710001BDDF5 /* PBXTargetDependency */, + DC59EA761D91CC5E001BDDF5 /* PBXTargetDependency */, + DCD22D7D1D8CCA18001C9B81 /* PBXTargetDependency */, + DCD22D7B1D8CCA07001C9B81 /* PBXTargetDependency */, + DC52E9A31D80C5EE00B0A59C /* PBXTargetDependency */, + DC52E8BD1D80C23300B0A59C /* PBXTargetDependency */, + DCC093781D80ABC300F984E4 /* PBXTargetDependency */, + DC52EC5F1D80D08100B0A59C /* PBXTargetDependency */, + DCD22D7F1D8CCA2C001C9B81 /* PBXTargetDependency */, + ); + name = Security_ios; + productName = Security2; + productReference = 4C32C0AF0A4975F6002891BD /* Security.framework */; + productType = "com.apple.product-type.framework"; + }; + 4C52D0B316EFC61E0079966E /* CircleJoinRequested */ = { + isa = PBXNativeTarget; + buildConfigurationList = 4C52D0CC16EFC61E0079966E /* Build configuration list for PBXNativeTarget "CircleJoinRequested" */; + buildPhases = ( + 4C52D0B016EFC61E0079966E /* Sources */, + 4C52D0B116EFC61E0079966E /* Frameworks */, + 4C52D0B216EFC61E0079966E /* CopyFiles */, + CDB9FCAA179CD054000AAD66 /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = CircleJoinRequested; + productName = CircleJoinRequested; + productReference = 4C52D0B416EFC61E0079966E /* CircleJoinRequested */; + productType = "com.apple.product-type.tool"; + }; + 4C711D5813AFCD0900FE865D /* SecurityDevTests */ = { + isa = PBXNativeTarget; + buildConfigurationList = 4C711D7313AFCD0900FE865D /* Build configuration list for PBXNativeTarget "SecurityDevTests" */; + buildPhases = ( + 4C711D6313AFCD0900FE865D /* Sources */, + 4C711D6513AFCD0900FE865D /* Frameworks */, + 4C711D7213AFCD0900FE865D /* Resources */, + 4C50AD3414106A2900EE92DE /* Copy DigiNotar Resources */, + 4C50AD3514106A2B00EE92DE /* Copy DigiNotar-Entrust Resources */, + 4C50AD3614106A2C00EE92DE /* Copy DigiNotar-ok Resources */, + 79679E2B146202BC00CF997F /* Copy DigicertMalaysia Resources */, + ); + buildRules = ( + ); + dependencies = ( + DC59EA841D91CD2C001BDDF5 /* PBXTargetDependency */, + DC00ABAA1D821DE600513D74 /* PBXTargetDependency */, + DC00ABAC1D821DE700513D74 /* PBXTargetDependency */, + DC65E7441D8CB3E000152EF0 /* PBXTargetDependency */, + DC65E7461D8CB3E700152EF0 /* PBXTargetDependency */, + DC65E7481D8CB3F000152EF0 /* PBXTargetDependency */, + DC65E74A1D8CB3FE00152EF0 /* PBXTargetDependency */, + DC65E74C1D8CB40C00152EF0 /* PBXTargetDependency */, + DC00ABAE1D821DEB00513D74 /* PBXTargetDependency */, + DC52EDA31D80D55300B0A59C /* PBXTargetDependency */, + DC00ABB01D821DF300513D74 /* PBXTargetDependency */, + DC00ABB21D821DF600513D74 /* PBXTargetDependency */, + ); + name = SecurityDevTests; + productName = SecurityTests; + productReference = 4C711D7613AFCD0900FE865D /* SecurityDevTests.app */; + productType = "com.apple.product-type.application"; + }; + 4C9DE9D11181AC4800CF5C27 /* sslEcdsa */ = { + isa = PBXNativeTarget; + buildConfigurationList = 4C9DE9E11181AC4900CF5C27 /* Build configuration list for PBXNativeTarget "sslEcdsa" */; + buildPhases = ( + 4C9DE9CF1181AC4800CF5C27 /* Sources */, + 4C9DE9D01181AC4800CF5C27 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + DC65E7721D8CB4F400152EF0 /* PBXTargetDependency */, + ); + name = sslEcdsa; + productName = sslEcdsa; + productReference = 4C9DE9D21181AC4800CF5C27 /* sslEcdsa */; + productType = "com.apple.product-type.tool"; + }; + 4CB740A20A47567C00D641BB /* securitytool_ios */ = { + isa = PBXNativeTarget; + buildConfigurationList = 4CB740A90A4756B300D641BB /* Build configuration list for PBXNativeTarget "securitytool_ios" */; + buildPhases = ( + 4CB740A00A47567C00D641BB /* Sources */, + 4CB740A10A47567C00D641BB /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + DCD22D821D8CCB5A001C9B81 /* PBXTargetDependency */, + DCD22D841D8CCB72001C9B81 /* PBXTargetDependency */, + DC52EC3D1D80CFF000B0A59C /* PBXTargetDependency */, + DC52EC201D80CF7400B0A59C /* PBXTargetDependency */, + DC52EAA51D80CCF600B0A59C /* PBXTargetDependency */, + ); + name = securitytool_ios; + productName = security; + productReference = 4CB740A30A47567C00D641BB /* security */; + productType = "com.apple.product-type.tool"; + }; + 4CE5A54C09C796E100D27A3F /* sslViewer */ = { + isa = PBXNativeTarget; + buildConfigurationList = 4CE5A55C09C7970A00D27A3F /* Build configuration list for PBXNativeTarget "sslViewer" */; + buildPhases = ( + 4CE5A54A09C796E100D27A3F /* Sources */, + 4CE5A54B09C796E100D27A3F /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + DC65E7741D8CB4FB00152EF0 /* PBXTargetDependency */, + ); + name = sslViewer; + productName = sslViewer; + productReference = 4CE5A54D09C796E200D27A3F /* sslViewer */; + productType = "com.apple.product-type.tool"; + }; + 52D82BDD16A621F70078DFE5 /* CloudKeychainProxy */ = { + isa = PBXNativeTarget; + buildConfigurationList = 52D82BE816A621F80078DFE5 /* Build configuration list for PBXNativeTarget "CloudKeychainProxy" */; + buildPhases = ( + 52D82BDA16A621F70078DFE5 /* Sources */, + 52D82BDB16A621F70078DFE5 /* Frameworks */, + 8E64DB4E1C18A5B80076C9DF /* Install launchd plist */, + ); + buildRules = ( + ); + dependencies = ( + DC65E72F1D8CB32400152EF0 /* PBXTargetDependency */, + ); + name = CloudKeychainProxy; + productName = CloudKeychainProxy; + productReference = 52D82BDE16A621F70078DFE5 /* CloudKeychainProxy.bundle */; + productType = "com.apple.product-type.bundle"; + }; + 5346480017331E1100FE9172 /* KeychainSyncAccountNotification */ = { + isa = PBXNativeTarget; + buildConfigurationList = 5346481917331E1200FE9172 /* Build configuration list for PBXNativeTarget "KeychainSyncAccountNotification" */; + buildPhases = ( + 534647FD17331E1100FE9172 /* Sources */, + 534647FE17331E1100FE9172 /* Frameworks */, + 534647FF17331E1100FE9172 /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = KeychainSyncAccountNotification; + productName = KeychainSyncAccountNotification; + productReference = 5346480117331E1200FE9172 /* KeychainSyncAccountNotification.bundle */; + productType = "com.apple.product-type.bundle"; + }; + 5E10992419A5E55800A60E2B /* ISACLProtectedItems */ = { + isa = PBXNativeTarget; + buildConfigurationList = 5E10994D19A5E55800A60E2B /* Build configuration list for PBXNativeTarget "ISACLProtectedItems" */; + buildPhases = ( + 5E10992119A5E55800A60E2B /* Sources */, + 5E10992219A5E55800A60E2B /* Frameworks */, + 5E10992319A5E55800A60E2B /* Resources */, + 5E11CAD919A759E2008A3664 /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = ISACLProtectedItems; + productName = ISACLProtectedItems; + productReference = 5E10992519A5E55800A60E2B /* ISACLProtectedItems.bundle */; + productType = "com.apple.product-type.bundle"; + }; + 5EBE24791B00CCAE0007DB0E /* secacltests */ = { + isa = PBXNativeTarget; + buildConfigurationList = 5EBE24A21B00CCAE0007DB0E /* Build configuration list for PBXNativeTarget "secacltests" */; + buildPhases = ( + 5EBE24761B00CCAE0007DB0E /* Sources */, + 5EBE24771B00CCAE0007DB0E /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + DC59EA8D1D91CDB9001BDDF5 /* PBXTargetDependency */, + DC65E7561D8CB47600152EF0 /* PBXTargetDependency */, + DC00ABC91D821F0200513D74 /* PBXTargetDependency */, + DC00ABCB1D821F0500513D74 /* PBXTargetDependency */, + DC65E7581D8CB47D00152EF0 /* PBXTargetDependency */, + ); + name = secacltests; + productName = secacltests; + productReference = 5EBE247A1B00CCAE0007DB0E /* secacltests */; + productType = "com.apple.product-type.tool"; + }; + 728B56A016D59979008FA3AB /* OTAPKIAssetTool */ = { + isa = PBXNativeTarget; + buildConfigurationList = 728B56AB16D59979008FA3AB /* Build configuration list for PBXNativeTarget "OTAPKIAssetTool" */; + buildPhases = ( + 728B569D16D59979008FA3AB /* Sources */, + 728B569E16D59979008FA3AB /* Frameworks */, + 22C002A21AC9D2D100B3469E /* ShellScript */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = OTAPKIAssetTool; + productName = OTAPKIAssetTool; + productReference = 728B56A116D59979008FA3AB /* OTAPKIAssetTool */; + productType = "com.apple.product-type.tool"; + }; + 790851B50CA9859F0083CC4D /* securityd_ios */ = { + isa = PBXNativeTarget; + buildConfigurationList = 790851C90CA985C10083CC4D /* Build configuration list for PBXNativeTarget "securityd_ios" */; + buildPhases = ( + 790851B30CA9859F0083CC4D /* Sources */, + 790851B40CA9859F0083CC4D /* Frameworks */, + 79863B6C0CADCE4300818B0D /* CopyFiles */, + 4814D8691CAA059E002FFC36 /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + DC59EA7D1D91CCAA001BDDF5 /* PBXTargetDependency */, + DC65E7291D8CB2F400152EF0 /* PBXTargetDependency */, + DC52E84B1D80BF1100B0A59C /* PBXTargetDependency */, + DC00AB7E1D821C7F00513D74 /* PBXTargetDependency */, + DC00AB801D821C8300513D74 /* PBXTargetDependency */, + ); + name = securityd_ios; + productName = securityd; + productReference = 790851B60CA9859F0083CC4D /* securityd */; + productType = "com.apple.product-type.tool"; + }; + 7913B1FF0D172B3900601FE9 /* sslServer */ = { + isa = PBXNativeTarget; + buildConfigurationList = 7913B20A0D172B3900601FE9 /* Build configuration list for PBXNativeTarget "sslServer" */; + buildPhases = ( + 7913B2000D172B3900601FE9 /* Sources */, + 7913B2060D172B3900601FE9 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + DC65E7701D8CB4ED00152EF0 /* PBXTargetDependency */, + ); + name = sslServer; + productName = sslViewer; + productReference = 7913B2110D172B3900601FE9 /* sslServer */; + productType = "com.apple.product-type.tool"; + }; + BE197F2519116FD100BA91D1 /* SharedWebCredentialViewService */ = { + isa = PBXNativeTarget; + buildConfigurationList = BE197F5819116FD100BA91D1 /* Build configuration list for PBXNativeTarget "SharedWebCredentialViewService" */; + buildPhases = ( + BE197F2219116FD100BA91D1 /* Sources */, + BE197F2319116FD100BA91D1 /* Frameworks */, + BE197F2419116FD100BA91D1 /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = SharedWebCredentialViewService; + productName = KeychainViewService; + productReference = BE197F2619116FD100BA91D1 /* SharedWebCredentialViewService.app */; + productType = "com.apple.product-type.application"; + }; + BE442BA018B7FDB800F24DAE /* swcagent */ = { + isa = PBXNativeTarget; + buildConfigurationList = BE442BBE18B7FDB800F24DAE /* Build configuration list for PBXNativeTarget "swcagent" */; + buildPhases = ( + BE442BAB18B7FDB800F24DAE /* Sources */, + BE442BAD18B7FDB800F24DAE /* Frameworks */, + BE442BBA18B7FDB800F24DAE /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + DC52EC511D80D03100B0A59C /* PBXTargetDependency */, + ); + name = swcagent; + productName = securityd; + productReference = BE442BC118B7FDB800F24DAE /* swcagent */; + productType = "com.apple.product-type.tool"; + }; + CD276C261A83F60C003226BC /* KeychainSyncingOverIDSProxy */ = { + isa = PBXNativeTarget; + buildConfigurationList = CD276C2C1A83F60C003226BC /* Build configuration list for PBXNativeTarget "KeychainSyncingOverIDSProxy" */; + buildPhases = ( + CD276C231A83F60C003226BC /* Sources */, + CD276C241A83F60C003226BC /* Frameworks */, + CDF91EA61AAE019800E88CF7 /* CopyFiles */, + 8E64DAF81C17BA620076C9DF /* Install launchd plist */, + ); + buildRules = ( + ); + dependencies = ( + DC65E7331D8CB34000152EF0 /* PBXTargetDependency */, + ); + name = KeychainSyncingOverIDSProxy; + productName = KeychainSyncingOverIDSProxy; + productReference = CD276C271A83F60C003226BC /* KeychainSyncingOverIDSProxy.bundle */; + productType = "com.apple.product-type.bundle"; + }; + DC0067921D87876F005AF8DB /* securityd_server_macos */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0067BD1D87876F005AF8DB /* Build configuration list for PBXNativeTarget "securityd_server_macos" */; + buildPhases = ( + DC0067951D87876F005AF8DB /* Headers */, + DC0067A81D87876F005AF8DB /* Sources */, + DC0067BC1D87876F005AF8DB /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + DC63CAF51D90DF6700C03317 /* PBXTargetDependency */, + ); + name = securityd_server_macos; + productName = libsecurityd_client_macos; + productReference = DC0067C01D87876F005AF8DB /* libsecurityd_server.a */; + productType = "com.apple.product-type.library.static"; + }; + DC0067C51D878898005AF8DB /* securityd_ucspc */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0067CD1D878898005AF8DB /* Build configuration list for PBXNativeTarget "securityd_ucspc" */; + buildPhases = ( + DC0067C81D878898005AF8DB /* Headers */, + DC0067C91D878898005AF8DB /* Sources */, + DC0067CC1D878898005AF8DB /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + DC63CAF71D90DF7000C03317 /* PBXTargetDependency */, + ); + name = securityd_ucspc; + productName = libsecurityd_client_macos; + productReference = DC0067D01D878898005AF8DB /* libsecurityd_ucspc.a */; + productType = "com.apple.product-type.library.static"; + }; + DC0BC5501D8B6D2D00070CB0 /* XPCKeychainSandboxCheck */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BC55D1D8B6D2E00070CB0 /* Build configuration list for PBXNativeTarget "XPCKeychainSandboxCheck" */; + buildPhases = ( + DC0BC54D1D8B6D2D00070CB0 /* Sources */, + DC0BC54E1D8B6D2D00070CB0 /* Frameworks */, + DC0BC54F1D8B6D2D00070CB0 /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = XPCKeychainSandboxCheck; + productName = XPCKeychainSandboxCheck; + productReference = DC0BC5511D8B6D2D00070CB0 /* XPCKeychainSandboxCheck.xpc */; + productType = "com.apple.product-type.xpc-service"; + }; + DC0BC5631D8B6E3D00070CB0 /* XPCTimeStampingService */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BC5691D8B6E3D00070CB0 /* Build configuration list for PBXNativeTarget "XPCTimeStampingService" */; + buildPhases = ( + DC0BC5641D8B6E3D00070CB0 /* Sources */, + DC0BC5661D8B6E3D00070CB0 /* Frameworks */, + DC0BC5681D8B6E3D00070CB0 /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = XPCTimeStampingService; + productName = XPCKeychainSandboxCheck; + productReference = DC0BC56C1D8B6E3D00070CB0 /* XPCTimeStampingService.xpc */; + productType = "com.apple.product-type.xpc-service"; + }; + DC0BC5851D8B70E700070CB0 /* security_cdsa_utils */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BC5891D8B70E700070CB0 /* Build configuration list for PBXNativeTarget "security_cdsa_utils" */; + buildPhases = ( + DC0BC5861D8B70E700070CB0 /* Headers */, + DC0BC5871D8B70E700070CB0 /* Sources */, + DC0BC5881D8B70E700070CB0 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_cdsa_utils; + productName = libsecurityd_client_macos; + productReference = DC0BC58C1D8B70E700070CB0 /* libsecurity_cdsa_utils.a */; + productType = "com.apple.product-type.library.static"; + }; + DC0BC5B01D8B71FD00070CB0 /* security_checkpw */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BC5B41D8B71FD00070CB0 /* Build configuration list for PBXNativeTarget "security_checkpw" */; + buildPhases = ( + DC0BC5B11D8B71FD00070CB0 /* Headers */, + DC0BC5B21D8B71FD00070CB0 /* Sources */, + DC0BC5B31D8B71FD00070CB0 /* Frameworks */, + DC0BC5BF1D8B725C00070CB0 /* Install PAM Config */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_checkpw; + productName = libsecurityd_client_macos; + productReference = DC0BC5B71D8B71FD00070CB0 /* libsecurity_checkpw.a */; + productType = "com.apple.product-type.library.static"; + }; + DC0BC5C51D8B72E700070CB0 /* test-checkpw */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BC5CA1D8B72E700070CB0 /* Build configuration list for PBXNativeTarget "test-checkpw" */; + buildPhases = ( + DC0BC5C21D8B72E700070CB0 /* Sources */, + DC0BC5C31D8B72E700070CB0 /* Frameworks */, + DC0BC5C41D8B72E700070CB0 /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + DC0BC5D21D8B732300070CB0 /* PBXTargetDependency */, + ); + name = "test-checkpw"; + productName = "test-checkpw"; + productReference = DC0BC5C61D8B72E700070CB0 /* test-checkpw */; + productType = "com.apple.product-type.tool"; + }; + DC0BC5D51D8B73B000070CB0 /* perf-checkpw */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BC5DE1D8B73B000070CB0 /* Build configuration list for PBXNativeTarget "perf-checkpw" */; + buildPhases = ( + DC0BC5D81D8B73B000070CB0 /* Sources */, + DC0BC5DA1D8B73B000070CB0 /* Frameworks */, + DC0BC5DD1D8B73B000070CB0 /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + DC0BC5D61D8B73B000070CB0 /* PBXTargetDependency */, + ); + name = "perf-checkpw"; + productName = "test-checkpw"; + productReference = DC0BC5E11D8B73B000070CB0 /* perf-checkpw */; + productType = "com.apple.product-type.tool"; + }; + DC0BC5E21D8B742200070CB0 /* security_comcryption */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BC5E61D8B742200070CB0 /* Build configuration list for PBXNativeTarget "security_comcryption" */; + buildPhases = ( + DC0BC5E31D8B742200070CB0 /* Headers */, + DC0BC5E41D8B742200070CB0 /* Sources */, + DC0BC5E51D8B742200070CB0 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_comcryption; + productName = libsecurityd_client_macos; + productReference = DC0BC5E91D8B742200070CB0 /* libsecurity_comcryption.a */; + productType = "com.apple.product-type.library.static"; + }; + DC0BC5F81D8B752B00070CB0 /* security_cryptkit */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BC5FC1D8B752B00070CB0 /* Build configuration list for PBXNativeTarget "security_cryptkit" */; + buildPhases = ( + DC0BC5F91D8B752B00070CB0 /* Headers */, + DC0BC5FA1D8B752B00070CB0 /* Sources */, + DC0BC5FB1D8B752B00070CB0 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_cryptkit; + productName = libsecurityd_client_macos; + productReference = DC0BC5FF1D8B752B00070CB0 /* libsecurity_cryptkit.a */; + productType = "com.apple.product-type.library.static"; + }; + DC0BC7451D8B771600070CB0 /* security_cssm */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BC7491D8B771600070CB0 /* Build configuration list for PBXNativeTarget "security_cssm" */; + buildPhases = ( + DC0BC7461D8B771600070CB0 /* Headers */, + DC0BC7471D8B771600070CB0 /* Sources */, + DC0BC7481D8B771600070CB0 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + DC6BC2821D90D30F00DD57B3 /* PBXTargetDependency */, + ); + name = security_cssm; + productName = libsecurityd_client_macos; + productReference = DC0BC74C1D8B771600070CB0 /* libsecurity_cssm.a */; + productType = "com.apple.product-type.library.static"; + }; + DC0BC8981D8B7CBD00070CB0 /* security_filedb */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BC89C1D8B7CBD00070CB0 /* Build configuration list for PBXNativeTarget "security_filedb" */; + buildPhases = ( + DC0BC8991D8B7CBD00070CB0 /* Headers */, + DC0BC89A1D8B7CBD00070CB0 /* Sources */, + DC0BC89B1D8B7CBD00070CB0 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_filedb; + productName = libsecurityd_client_macos; + productReference = DC0BC89F1D8B7CBD00070CB0 /* libsecurity_filedb.a */; + productType = "com.apple.product-type.library.static"; + }; + DC0BC8CC1D8B7DA200070CB0 /* security_manifest */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BC8D01D8B7DA200070CB0 /* Build configuration list for PBXNativeTarget "security_manifest" */; + buildPhases = ( + DC0BC8CD1D8B7DA200070CB0 /* Headers */, + DC0BC8CE1D8B7DA200070CB0 /* Sources */, + DC0BC8CF1D8B7DA200070CB0 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_manifest; + productName = libsecurityd_client_macos; + productReference = DC0BC8D31D8B7DA200070CB0 /* libsecurity_manifest.a */; + productType = "com.apple.product-type.library.static"; + }; + DC0BC8F91D8B7E8000070CB0 /* security_mds */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BC8FD1D8B7E8000070CB0 /* Build configuration list for PBXNativeTarget "security_mds" */; + buildPhases = ( + DC0BC8FA1D8B7E8000070CB0 /* Headers */, + DC0BC8FB1D8B7E8000070CB0 /* Sources */, + DC0BC8FC1D8B7E8000070CB0 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_mds; + productName = libsecurityd_client_macos; + productReference = DC0BC9001D8B7E8000070CB0 /* libsecurity_mds.a */; + productType = "com.apple.product-type.library.static"; + }; + DC0BC92E1D8B7F6A00070CB0 /* security_ocspd */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BC9321D8B7F6A00070CB0 /* Build configuration list for PBXNativeTarget "security_ocspd" */; + buildPhases = ( + DC0BC92F1D8B7F6A00070CB0 /* Headers */, + DC0BC9301D8B7F6A00070CB0 /* Sources */, + DC0BC9311D8B7F6A00070CB0 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + DC82FFF21D90D54F0085674B /* PBXTargetDependency */, + ); + name = security_ocspd; + productName = libsecurityd_client_macos; + productReference = DC0BC9351D8B7F6A00070CB0 /* libsecurity_ocspd.a */; + productType = "com.apple.product-type.library.static"; + }; + DC0BC9661D8B810A00070CB0 /* security_pkcs12 */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BC96A1D8B810A00070CB0 /* Build configuration list for PBXNativeTarget "security_pkcs12" */; + buildPhases = ( + DC0BC9671D8B810A00070CB0 /* Headers */, + DC0BC9681D8B810A00070CB0 /* Sources */, + DC0BC9691D8B810A00070CB0 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_pkcs12; + productName = libsecurityd_client_macos; + productReference = DC0BC96D1D8B810A00070CB0 /* libsecurity_pkcs12.a */; + productType = "com.apple.product-type.library.static"; + }; + DC0BC99A1D8B81BE00070CB0 /* security_sd_cspdl */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BC99E1D8B81BE00070CB0 /* Build configuration list for PBXNativeTarget "security_sd_cspdl" */; + buildPhases = ( + DC0BC99B1D8B81BE00070CB0 /* Headers */, + DC0BC99C1D8B81BE00070CB0 /* Sources */, + DC0BC99D1D8B81BE00070CB0 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_sd_cspdl; + productName = libsecurityd_client_macos; + productReference = DC0BC9A11D8B81BE00070CB0 /* libsecurity_sd_cspdl.a */; + productType = "com.apple.product-type.library.static"; + }; + DC0BC9C81D8B824700070CB0 /* security_ssl */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BC9CC1D8B824700070CB0 /* Build configuration list for PBXNativeTarget "security_ssl" */; + buildPhases = ( + DC0BC9C91D8B824700070CB0 /* Headers */, + DC0BC9CA1D8B824700070CB0 /* Sources */, + DC0BC9CB1D8B824700070CB0 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_ssl; + productName = libsecurityd_client_macos; + productReference = DC0BC9CF1D8B824700070CB0 /* libsecurity_ssl.a */; + productType = "com.apple.product-type.library.static"; + }; + DC0BCA131D8B82B000070CB0 /* security_ssl_regressions */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BCA171D8B82B000070CB0 /* Build configuration list for PBXNativeTarget "security_ssl_regressions" */; + buildPhases = ( + DC0BCA141D8B82B000070CB0 /* Headers */, + DC0BCA151D8B82B000070CB0 /* Sources */, + DC0BCA161D8B82B000070CB0 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_ssl_regressions; + productName = libsecurityd_client_macos; + productReference = DC0BCA1A1D8B82B000070CB0 /* libsecurity_ssl_regressions.a */; + productType = "com.apple.product-type.library.static"; + }; + DC0BCA791D8B858600070CB0 /* security_transform */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BCA7D1D8B858600070CB0 /* Build configuration list for PBXNativeTarget "security_transform" */; + buildPhases = ( + DC0BCA7A1D8B858600070CB0 /* Headers */, + DC0BCA7B1D8B858600070CB0 /* Sources */, + DC0BCA7C1D8B858600070CB0 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_transform; + productName = libsecurityd_client_macos; + productReference = DC0BCA801D8B858600070CB0 /* libsecurity_transform.a */; + productType = "com.apple.product-type.library.static"; + }; + DC0BCB011D8B894F00070CB0 /* security_translocate */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BCB051D8B894F00070CB0 /* Build configuration list for PBXNativeTarget "security_translocate" */; + buildPhases = ( + DC0BCB021D8B894F00070CB0 /* Headers */, + DC0BCB031D8B894F00070CB0 /* Sources */, + DC0BCB041D8B894F00070CB0 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_translocate; + productName = libsecurityd_client_macos; + productReference = DC0BCB081D8B894F00070CB0 /* libsecurity_translocate.a */; + productType = "com.apple.product-type.library.static"; + }; + DC0BCBD91D8C648C00070CB0 /* regressionBase */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BCBFA1D8C648C00070CB0 /* Build configuration list for PBXNativeTarget "regressionBase" */; + buildPhases = ( + DC0BCBDA1D8C648C00070CB0 /* Sources */, + DC0BCBF81D8C648C00070CB0 /* Frameworks */, + DC0BCBF91D8C648C00070CB0 /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = regressionBase; + productName = libsecurity; + productReference = DC0BCBFD1D8C648C00070CB0 /* libregressionBase.a */; + productType = "com.apple.product-type.library.static"; + }; + DC0BCC211D8C684F00070CB0 /* utilities */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BCC331D8C684F00070CB0 /* Build configuration list for PBXNativeTarget "utilities" */; + buildPhases = ( + DC0BCC221D8C684F00070CB0 /* Sources */, + DC0BCC281D8C684F00070CB0 /* Frameworks */, + DC0BCC2A1D8C684F00070CB0 /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = utilities; + productName = libsecurity; + productReference = DC0BCC361D8C684F00070CB0 /* libutilities.a */; + productType = "com.apple.product-type.library.static"; + }; + DC0BCCF41D8C694700070CB0 /* utilitiesRegressions */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC0BCD451D8C694700070CB0 /* Build configuration list for PBXNativeTarget "utilitiesRegressions" */; + buildPhases = ( + DC0BCCF51D8C694700070CB0 /* Sources */, + DC0BCD1C1D8C694700070CB0 /* Frameworks */, + DC0BCD1E1D8C694700070CB0 /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = utilitiesRegressions; + productName = libsecurity; + productReference = DC0BCD481D8C694700070CB0 /* libutilitiesRegressions.a */; + productType = "com.apple.product-type.library.static"; + }; + DC1785041D77873100B50D50 /* copyHeadersToSystem */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC17850A1D77873200B50D50 /* Build configuration list for PBXNativeTarget "copyHeadersToSystem" */; + buildPhases = ( + DC1785021D77873100B50D50 /* Headers */, + DC1785031D77873100B50D50 /* Resources */, + DC17886F1D77934100B50D50 /* Copy SecurityObjectSync Headers */, + DC1788D81D7793C000B50D50 /* Unifdef RC_HIDE_J79/J80 */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = copyHeadersToSystem; + productName = copyHeadersToSystem; + productReference = DC1785051D77873100B50D50 /* Security.framework */; + productType = "com.apple.product-type.framework"; + }; + DC1789031D77980500B50D50 /* Security_osx */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC17890D1D77980500B50D50 /* Build configuration list for PBXNativeTarget "Security_osx" */; + buildPhases = ( + DC1788FF1D77980500B50D50 /* Sources */, + DC1789001D77980500B50D50 /* Frameworks */, + DC1789011D77980500B50D50 /* Headers */, + DC1789A71D779E7E00B50D50 /* Run Script Generate Strings */, + DC1789021D77980500B50D50 /* Resources */, + DC1789E81D77A0E700B50D50 /* CopyFiles */, + DC178B481D77A51600B50D50 /* Run Script Copy XPC Service */, + DC178B8A1D77A54000B50D50 /* Old SOS header location */, + DC0BC5601D8B6D2E00070CB0 /* Embed XPC Services */, + ); + buildRules = ( + DC58C36E1D77B4AD003C25A4 /* PBXBuildRule */, + ); + dependencies = ( + DC0B62961D90B6DB00D43BCB /* PBXTargetDependency */, + DCC5BF381D937329008D1E84 /* PBXTargetDependency */, + DC1789791D779C6700B50D50 /* PBXTargetDependency */, + DC59EA791D91CC78001BDDF5 /* PBXTargetDependency */, + DC0BCDB71D8C6AD100070CB0 /* PBXTargetDependency */, + DCB340191D8A248C0054D16E /* PBXTargetDependency */, + DCD66DC31D82056C00DB1393 /* PBXTargetDependency */, + DCD66DE61D82061F00DB1393 /* PBXTargetDependency */, + DC00AB661D821BFD00513D74 /* PBXTargetDependency */, + DC52EE7E1D80D8B100B0A59C /* PBXTargetDependency */, + DCD06A8A1D8CE356007602F1 /* PBXTargetDependency */, + DCB342371D8A2CD70054D16E /* PBXTargetDependency */, + DC0BC5AF1D8B714000070CB0 /* PBXTargetDependency */, + DC0067901D878132005AF8DB /* PBXTargetDependency */, + DC0067C41D8787AE005AF8DB /* PBXTargetDependency */, + DC0067D31D8788C4005AF8DB /* PBXTargetDependency */, + DC0BC9991D8B814A00070CB0 /* PBXTargetDependency */, + DC0BCB001D8B85E500070CB0 /* PBXTargetDependency */, + DC0BC9651D8B80D200070CB0 /* PBXTargetDependency */, + DC0BC5F71D8B749000070CB0 /* PBXTargetDependency */, + DC0BC5C11D8B72BB00070CB0 /* PBXTargetDependency */, + DC0BCA761D8B82E900070CB0 /* PBXTargetDependency */, + DCF787321D88C1B000E694BB /* PBXTargetDependency */, + DC0BC9C71D8B820000070CB0 /* PBXTargetDependency */, + DC0BCB301D8B89AB00070CB0 /* PBXTargetDependency */, + DC0BC8F61D8B7DE700070CB0 /* PBXTargetDependency */, + DCD06BCF1D8E0F01007602F1 /* PBXTargetDependency */, + DCF785011D88B80600E694BB /* PBXTargetDependency */, + DCF788A91D88CC3500E694BB /* PBXTargetDependency */, + DCB345661D8A36060054D16E /* PBXTargetDependency */, + DCF788461D88C98100E694BB /* PBXTargetDependency */, + DCB3408A1D8A25230054D16E /* PBXTargetDependency */, + DC0BC7431D8B762F00070CB0 /* PBXTargetDependency */, + DCB3412E1D8A29830054D16E /* PBXTargetDependency */, + DC0BC8C91D8B7D1C00070CB0 /* PBXTargetDependency */, + DC0BC92C1D8B7EBB00070CB0 /* PBXTargetDependency */, + DCF789461D88CD7C00E694BB /* PBXTargetDependency */, + DCB341791D8A2AF10054D16E /* PBXTargetDependency */, + DC0BC7BF1D8B784F00070CB0 /* PBXTargetDependency */, + DC00AB681D821C0500513D74 /* PBXTargetDependency */, + DC00AB6A1D821C0700513D74 /* PBXTargetDependency */, + DC0BC55B1D8B6D2E00070CB0 /* PBXTargetDependency */, + DC0BC5791D8B6EE200070CB0 /* PBXTargetDependency */, + ); + name = Security_osx; + productName = Security_osx; + productReference = DC1789041D77980500B50D50 /* Security.framework */; + productType = "com.apple.product-type.framework"; + }; + DC3A4B571D91E9FB00E46D4A /* CodeSigningHelper */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC3A4B5B1D91E9FB00E46D4A /* Build configuration list for PBXNativeTarget "CodeSigningHelper" */; + buildPhases = ( + DC3A4B541D91E9FB00E46D4A /* Sources */, + DC3A4B551D91E9FB00E46D4A /* Frameworks */, + DC3A4B561D91E9FB00E46D4A /* Resources */, + DC3A4B681D91EB1700E46D4A /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = CodeSigningHelper; + productName = CodeSigningHelper; + productReference = DC3A4B581D91E9FB00E46D4A /* com.apple.CodeSigningHelper.xpc */; + productType = "com.apple.product-type.bundle"; + }; + DC52E7731D80BC8000B0A59C /* libsecurityd_ios */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC52E7BF1D80BC8000B0A59C /* Build configuration list for PBXNativeTarget "libsecurityd_ios" */; + buildPhases = ( + DC52E7741D80BC8000B0A59C /* Sources */, + DC52E7AD1D80BC8000B0A59C /* Frameworks */, + DC52E7AE1D80BC8000B0A59C /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = libsecurityd_ios; + productName = libsecurity; + productReference = DC52E7C21D80BC8000B0A59C /* libsecurityd_ios.a */; + productType = "com.apple.product-type.library.static"; + }; + DC52E88A1D80C1EB00B0A59C /* secipc_client */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC52E8B71D80C1EB00B0A59C /* Build configuration list for PBXNativeTarget "secipc_client" */; + buildPhases = ( + DC52E88B1D80C1EB00B0A59C /* Sources */, + DC52E8AB1D80C1EB00B0A59C /* Frameworks */, + DC52E8AC1D80C1EB00B0A59C /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = secipc_client; + productName = libsecurity; + productReference = DC52E8BA1D80C1EB00B0A59C /* libsecipc_client.a */; + productType = "com.apple.product-type.library.static"; + }; + DC52E8BE1D80C25800B0A59C /* SecureObjectSync */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC52E8C31D80C25800B0A59C /* Build configuration list for PBXNativeTarget "SecureObjectSync" */; + buildPhases = ( + DC52E8BF1D80C25800B0A59C /* Sources */, + DC52E8C11D80C25800B0A59C /* Frameworks */, + DC52E8C21D80C25800B0A59C /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = SecureObjectSync; + productName = libsecurity; + productReference = DC52E8C61D80C25800B0A59C /* libSecureObjectSync.a */; + productType = "com.apple.product-type.library.static"; + }; + DC52EA441D80CB7000B0A59C /* SecurityTool */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC52EA491D80CB7000B0A59C /* Build configuration list for PBXNativeTarget "SecurityTool" */; + buildPhases = ( + DC52EA451D80CB7000B0A59C /* Sources */, + DC52EA471D80CB7000B0A59C /* Frameworks */, + DC52EA481D80CB7000B0A59C /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = SecurityTool; + productName = libsecurity; + productReference = DC52EA4C1D80CB7000B0A59C /* libSecurityTool.a */; + productType = "com.apple.product-type.library.static"; + }; + DC52EBC61D80CEF100B0A59C /* SecurityCommands */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC52EBD21D80CEF100B0A59C /* Build configuration list for PBXNativeTarget "SecurityCommands" */; + buildPhases = ( + DC52EBC71D80CEF100B0A59C /* Sources */, + DC52EBCF1D80CEF100B0A59C /* Frameworks */, + DC52EBD11D80CEF100B0A59C /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = SecurityCommands; + productName = libsecurity; + productReference = DC52EBD51D80CEF100B0A59C /* libSecurityCommands.a */; + productType = "com.apple.product-type.library.static"; + }; + DC52EC211D80CFB200B0A59C /* SOSCommands */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC52EC311D80CFB200B0A59C /* Build configuration list for PBXNativeTarget "SOSCommands" */; + buildPhases = ( + DC52EC221D80CFB200B0A59C /* Sources */, + DC52EC2E1D80CFB200B0A59C /* Frameworks */, + DC52EC301D80CFB200B0A59C /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = SOSCommands; + productName = libsecurity; + productReference = DC52EC341D80CFB200B0A59C /* libSOSCommands.a */; + productType = "com.apple.product-type.library.static"; + }; + DC52EC3E1D80D00800B0A59C /* libSWCAgent */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC52EC4A1D80D00800B0A59C /* Build configuration list for PBXNativeTarget "libSWCAgent" */; + buildPhases = ( + DC52EC3F1D80D00800B0A59C /* Sources */, + DC52EC471D80D00800B0A59C /* Frameworks */, + DC52EC491D80D00800B0A59C /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = libSWCAgent; + productName = libsecurity; + productReference = DC52EC4D1D80D00800B0A59C /* libSWCAgent.a */; + productType = "com.apple.product-type.library.static"; + }; + DC52EC521D80D05200B0A59C /* logging */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC52EC591D80D05200B0A59C /* Build configuration list for PBXNativeTarget "logging" */; + buildPhases = ( + DC52EC531D80D05200B0A59C /* Sources */, + DC52EC561D80D05200B0A59C /* Frameworks */, + DC52EC581D80D05200B0A59C /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = logging; + productName = libsecurity; + productReference = DC52EC5C1D80D05200B0A59C /* liblogging.a */; + productType = "com.apple.product-type.library.static"; + }; + DC52EC601D80D0C400B0A59C /* SOSRegressions */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC52EC651D80D0C400B0A59C /* Build configuration list for PBXNativeTarget "SOSRegressions" */; + buildPhases = ( + DC52EC611D80D0C400B0A59C /* Sources */, + DC52EC631D80D0C400B0A59C /* Frameworks */, + DC52EC641D80D0C400B0A59C /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = SOSRegressions; + productName = libsecurity; + productReference = DC52EC681D80D0C400B0A59C /* libSOSRegressions.a */; + productType = "com.apple.product-type.library.static"; + }; + DC52EC7E1D80D1A800B0A59C /* iOSSecurityRegressions */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC52EC941D80D1A800B0A59C /* Build configuration list for PBXNativeTarget "iOSSecurityRegressions" */; + buildPhases = ( + DC52EC7F1D80D1A800B0A59C /* Sources */, + DC52EC8F1D80D1A800B0A59C /* Frameworks */, + DC52EC931D80D1A800B0A59C /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = iOSSecurityRegressions; + productName = libsecurity; + productReference = DC52EC971D80D1A800B0A59C /* libiOSSecurityRegressions.a */; + productType = "com.apple.product-type.library.static"; + }; + DC52ED631D80D4CD00B0A59C /* iOSsecuritydRegressions */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC52ED9A1D80D4CD00B0A59C /* Build configuration list for PBXNativeTarget "iOSsecuritydRegressions" */; + buildPhases = ( + DC52ED641D80D4CD00B0A59C /* Sources */, + DC52ED981D80D4CD00B0A59C /* Frameworks */, + DC52ED991D80D4CD00B0A59C /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = iOSsecuritydRegressions; + productName = libsecurity; + productReference = DC52ED9D1D80D4CD00B0A59C /* libiOSsecuritydRegressions.a */; + productType = "com.apple.product-type.library.static"; + }; + DC52EDA61D80D58400B0A59C /* secdRegressions */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC52EDAE1D80D58400B0A59C /* Build configuration list for PBXNativeTarget "secdRegressions" */; + buildPhases = ( + DC52EDA71D80D58400B0A59C /* Sources */, + DC52EDAB1D80D58400B0A59C /* Frameworks */, + DC52EDAD1D80D58400B0A59C /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = secdRegressions; + productName = libsecurity; + productReference = DC52EDB11D80D58400B0A59C /* libsecdRegressions.a */; + productType = "com.apple.product-type.library.static"; + }; + DC52EDFD1D80D6DD00B0A59C /* SharedRegressions */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC52EE3E1D80D6DD00B0A59C /* Build configuration list for PBXNativeTarget "SharedRegressions" */; + buildPhases = ( + DC52EDFE1D80D6DD00B0A59C /* Sources */, + DC52EE3A1D80D6DD00B0A59C /* Frameworks */, + DC52EE3D1D80D6DD00B0A59C /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = SharedRegressions; + productName = libsecurity; + productReference = DC52EE411D80D6DD00B0A59C /* libSharedRegressions.a */; + productType = "com.apple.product-type.library.static"; + }; + DC52EE661D80D82600B0A59C /* SecItemShimOSX */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC52EE6B1D80D82600B0A59C /* Build configuration list for PBXNativeTarget "SecItemShimOSX" */; + buildPhases = ( + DC52EE671D80D82600B0A59C /* Sources */, + DC52EE691D80D82600B0A59C /* Frameworks */, + DC52EE6A1D80D82600B0A59C /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = SecItemShimOSX; + productName = libsecurity; + productReference = DC52EE6E1D80D82600B0A59C /* libSecItemShimOSX.a */; + productType = "com.apple.product-type.library.static"; + }; + DC58C4221D77BDEA003C25A4 /* csparser_osx */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC58C4261D77BDEA003C25A4 /* Build configuration list for PBXNativeTarget "csparser_osx" */; + buildPhases = ( + DC58C41F1D77BDEA003C25A4 /* Sources */, + DC58C4201D77BDEA003C25A4 /* Frameworks */, + DC58C4211D77BDEA003C25A4 /* Resources */, + DC58C4381D77BE5E003C25A4 /* ShellScript */, + ); + buildRules = ( + ); + dependencies = ( + DC65E7391D8CB38300152EF0 /* PBXTargetDependency */, + DC65E73B1D8CB39300152EF0 /* PBXTargetDependency */, + DC58C42A1D77BE03003C25A4 /* PBXTargetDependency */, + ); + name = csparser_osx; + productName = csparser; + productReference = DC58C4231D77BDEA003C25A4 /* csparser.bundle */; + productType = "com.apple.product-type.bundle"; + }; + DC59E9AC1D91C9DC001BDDF5 /* DER_not_installed */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC59E9E91D91C9DC001BDDF5 /* Build configuration list for PBXNativeTarget "DER_not_installed" */; + buildPhases = ( + DC71DA011D95BD670065FB93 /* Why is this here? */, + DC59E9AD1D91C9DC001BDDF5 /* Headers */, + DC59E9D01D91C9DC001BDDF5 /* Sources */, + DC59E9E81D91C9DC001BDDF5 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = DER_not_installed; + productName = libsecurityd_client_macos; + productReference = DC59E9EC1D91C9DC001BDDF5 /* libDER_not_installed.a */; + productType = "com.apple.product-type.library.static"; + }; + DC59EA0E1D91CA15001BDDF5 /* DERUtils */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC59EA221D91CA15001BDDF5 /* Build configuration list for PBXNativeTarget "DERUtils" */; + buildPhases = ( + DC59EA0F1D91CA15001BDDF5 /* Headers */, + DC59EA1A1D91CA15001BDDF5 /* Sources */, + DC59EA211D91CA15001BDDF5 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = DERUtils; + productName = libsecurityd_client_macos; + productReference = DC59EA251D91CA15001BDDF5 /* libDERUtils.a */; + productType = "com.apple.product-type.library.static"; + }; + DC59EA361D91CA82001BDDF5 /* parseCert */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC59EA3B1D91CA82001BDDF5 /* Build configuration list for PBXNativeTarget "parseCert" */; + buildPhases = ( + DC59EA331D91CA82001BDDF5 /* Sources */, + DC59EA341D91CA82001BDDF5 /* Frameworks */, + DC59EA351D91CA82001BDDF5 /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + DC59EA431D91CAAE001BDDF5 /* PBXTargetDependency */, + DC59EA411D91CAAA001BDDF5 /* PBXTargetDependency */, + ); + name = parseCert; + productName = parseCert; + productReference = DC59EA371D91CA82001BDDF5 /* parseCert */; + productType = "com.apple.product-type.tool"; + }; + DC59EA521D91CAF0001BDDF5 /* parseCrl */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC59EA5D1D91CAF0001BDDF5 /* Build configuration list for PBXNativeTarget "parseCrl" */; + buildPhases = ( + DC59EA571D91CAF0001BDDF5 /* Sources */, + DC59EA591D91CAF0001BDDF5 /* Frameworks */, + DC59EA5C1D91CAF0001BDDF5 /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + DC59EA531D91CAF0001BDDF5 /* PBXTargetDependency */, + DC59EA551D91CAF0001BDDF5 /* PBXTargetDependency */, + ); + name = parseCrl; + productName = parseCert; + productReference = DC59EA601D91CAF0001BDDF5 /* parseCrl */; + productType = "com.apple.product-type.tool"; + }; + DC59EA621D91CB9F001BDDF5 /* parseTicket */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC59EA6D1D91CB9F001BDDF5 /* Build configuration list for PBXNativeTarget "parseTicket" */; + buildPhases = ( + DC59EA671D91CB9F001BDDF5 /* Sources */, + DC59EA691D91CB9F001BDDF5 /* Frameworks */, + DC59EA6C1D91CB9F001BDDF5 /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + DC59EA651D91CB9F001BDDF5 /* PBXTargetDependency */, + ); + name = parseTicket; + productName = parseCert; + productReference = DC59EA701D91CB9F001BDDF5 /* parseTicket */; + productType = "com.apple.product-type.tool"; + }; + DC5ABDC41D832DAB00CF422C /* securitytool_macos */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC5ABDC91D832DAB00CF422C /* Build configuration list for PBXNativeTarget "securitytool_macos" */; + buildPhases = ( + DC5ABDC11D832DAB00CF422C /* Sources */, + DC5ABDC21D832DAB00CF422C /* Frameworks */, + DC5ABDC31D832DAB00CF422C /* CopyFiles */, + DC5ABDEF1D832E5C00CF422C /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + DC71DA071D95BE2F0065FB93 /* PBXTargetDependency */, + ); + name = securitytool_macos; + productName = securitytool_macos; + productReference = DC5ABDC51D832DAB00CF422C /* security */; + productType = "com.apple.product-type.tool"; + }; + DC5AC04F1D8352D900CF422C /* securityd_macos */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC5AC0A61D8352DA00CF422C /* Build configuration list for PBXNativeTarget "securityd_macos" */; + buildPhases = ( + DC5AC0D71D83548B00CF422C /* Headers */, + DC5AC04C1D8352D900CF422C /* Sources */, + DC5AC04D1D8352D900CF422C /* Frameworks */, + DC5AC04E1D8352D900CF422C /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + DC5AC0BF1D83534300CF422C /* PBXTargetDependency */, + DC5AC0BD1D83533E00CF422C /* PBXTargetDependency */, + DC6BC27B1D90D11C00DD57B3 /* PBXTargetDependency */, + DC008B5A1D90CEC7004002A3 /* PBXTargetDependency */, + DC6BC2741D90D07800DD57B3 /* PBXTargetDependency */, + ); + name = securityd_macos; + productName = securityd; + productReference = DC5AC0501D8352D900CF422C /* securityd */; + productType = "com.apple.product-type.tool"; + }; + DC610A021D78F129002223DE /* secdtests_macos */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC610A311D78F129002223DE /* Build configuration list for PBXNativeTarget "secdtests_macos" */; + buildPhases = ( + DC610A171D78F129002223DE /* Sources */, + DC610A191D78F129002223DE /* Frameworks */, + DC610A301D78F129002223DE /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + DC65E7601D8CB4A300152EF0 /* PBXTargetDependency */, + DC59EA931D91CDD6001BDDF5 /* PBXTargetDependency */, + DC65E7621D8CB4AA00152EF0 /* PBXTargetDependency */, + DC00ABE21D821F6000513D74 /* PBXTargetDependency */, + DC00ABDC1D821F5300513D74 /* PBXTargetDependency */, + DC71DA0F1D95E1210065FB93 /* PBXTargetDependency */, + DC00ABE01D821F5C00513D74 /* PBXTargetDependency */, + DC00ABDE1D821F5600513D74 /* PBXTargetDependency */, + DC00ABE41D821F6200513D74 /* PBXTargetDependency */, + DCD22D671D8CC387001C9B81 /* PBXTargetDependency */, + DC65E7641D8CB4B100152EF0 /* PBXTargetDependency */, + DCD22D691D8CC3A6001C9B81 /* PBXTargetDependency */, + ); + name = secdtests_macos; + productName = secdtest; + productReference = DC610A341D78F129002223DE /* secdtests */; + productType = "com.apple.product-type.tool"; + }; + DC610A461D78F48F002223DE /* SecTaskTest_macos */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC610A4B1D78F48F002223DE /* Build configuration list for PBXNativeTarget "SecTaskTest_macos" */; + buildPhases = ( + DC610A431D78F48F002223DE /* Sources */, + DC610A441D78F48F002223DE /* Frameworks */, + DC610A451D78F48F002223DE /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = SecTaskTest_macos; + productName = SecTaskTest; + productReference = DC610A471D78F48F002223DE /* SecTaskTest */; + productType = "com.apple.product-type.tool"; + }; + DC610A551D78F9D2002223DE /* codesign_tests_macos */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC610A5C1D78F9D2002223DE /* Build configuration list for PBXNativeTarget "codesign_tests_macos" */; + buildPhases = ( + DC610A561D78F9D2002223DE /* Sources */, + DC610A581D78F9D2002223DE /* Frameworks */, + DC610A5B1D78F9D2002223DE /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = codesign_tests_macos; + productName = SecTaskTest; + productReference = DC610A5F1D78F9D2002223DE /* codesign_tests */; + productType = "com.apple.product-type.tool"; + }; + DC610AAD1D7910C3002223DE /* gk_reset_check_macos */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC610AB41D7910C3002223DE /* Build configuration list for PBXNativeTarget "gk_reset_check_macos" */; + buildPhases = ( + DC610AAE1D7910C3002223DE /* Sources */, + DC610AB01D7910C3002223DE /* Frameworks */, + DC610AB31D7910C3002223DE /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = gk_reset_check_macos; + productName = SecTaskTest; + productReference = DC610AB71D7910C3002223DE /* gk_reset_check */; + productType = "com.apple.product-type.tool"; + }; + DC6A82911D87749900418608 /* securityd_client_macos */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC6A82981D87749A00418608 /* Build configuration list for PBXNativeTarget "securityd_client_macos" */; + buildPhases = ( + DC6A82901D87749900418608 /* Headers */, + DC6A828E1D87749900418608 /* Sources */, + DC6A828F1D87749900418608 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + DC63CAF31D90DF6000C03317 /* PBXTargetDependency */, + ); + name = securityd_client_macos; + productName = libsecurityd_client_macos; + productReference = DC6A82921D87749900418608 /* libsecurityd_client.a */; + productType = "com.apple.product-type.library.static"; + }; + DC71D99F1D95BA6C0065FB93 /* ASN1 */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC71D9DC1D95BA6C0065FB93 /* Build configuration list for PBXNativeTarget "ASN1" */; + buildPhases = ( + DC71D9FE1D95BB5B0065FB93 /* Why is this here? */, + DC71D9A01D95BA6C0065FB93 /* Headers */, + DC71D9C31D95BA6C0065FB93 /* Sources */, + DC71D9DB1D95BA6C0065FB93 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = ASN1; + productName = libsecurityd_client_macos; + productReference = DC71D9DF1D95BA6C0065FB93 /* libASN1.a */; + productType = "com.apple.product-type.library.static"; + }; + DC71D9E41D95BB0A0065FB93 /* DER */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC71D9F81D95BB0A0065FB93 /* Build configuration list for PBXNativeTarget "DER" */; + buildPhases = ( + DC71DA001D95BD320065FB93 /* Why is this here? */, + DC71D9E51D95BB0A0065FB93 /* Headers */, + DC71D9F01D95BB0A0065FB93 /* Sources */, + DC71D9F71D95BB0A0065FB93 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = DER; + productName = libsecurityd_client_macos; + productReference = DC71D9FB1D95BB0A0065FB93 /* libDER.a */; + productType = "com.apple.product-type.library.static"; + }; + DC8834011D8A218F00CE0ACA /* ASN1_not_installed */ = { + isa = PBXNativeTarget; + buildConfigurationList = DC8834051D8A218F00CE0ACA /* Build configuration list for PBXNativeTarget "ASN1_not_installed" */; + buildPhases = ( + DC71D9FF1D95BCDF0065FB93 /* Why is this here? */, + DC8834021D8A218F00CE0ACA /* Headers */, + DC8834031D8A218F00CE0ACA /* Sources */, + DC8834041D8A218F00CE0ACA /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = ASN1_not_installed; + productName = libsecurityd_client_macos; + productReference = DC8834081D8A218F00CE0ACA /* libASN1_not_installed.a */; + productType = "com.apple.product-type.library.static"; + }; + DCB340661D8A24DF0054D16E /* security_authorization */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCB3406A1D8A24DF0054D16E /* Build configuration list for PBXNativeTarget "security_authorization" */; + buildPhases = ( + DCB340671D8A24DF0054D16E /* Headers */, + DCB340681D8A24DF0054D16E /* Sources */, + DCB340691D8A24DF0054D16E /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_authorization; + productName = libsecurityd_client_macos; + productReference = DCB3406D1D8A24DF0054D16E /* libsecurity_authorization.a */; + productType = "com.apple.product-type.library.static"; + }; + DCB3408E1D8A267C0054D16E /* security_cdsa_client */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCB340921D8A267C0054D16E /* Build configuration list for PBXNativeTarget "security_cdsa_client" */; + buildPhases = ( + DCB3408F1D8A267C0054D16E /* Headers */, + DCB340901D8A267C0054D16E /* Sources */, + DCB340911D8A267C0054D16E /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_cdsa_client; + productName = libsecurityd_client_macos; + productReference = DCB340951D8A267C0054D16E /* libsecurity_cdsa_client.a */; + productType = "com.apple.product-type.library.static"; + }; + DCB341301D8A2A010054D16E /* security_cdsa_plugin */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCB341341D8A2A010054D16E /* Build configuration list for PBXNativeTarget "security_cdsa_plugin" */; + buildPhases = ( + DCB341311D8A2A010054D16E /* Headers */, + DCB341321D8A2A010054D16E /* Sources */, + DCB341331D8A2A010054D16E /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_cdsa_plugin; + productName = libsecurityd_client_macos; + productReference = DCB341371D8A2A010054D16E /* libsecurity_cdsa_plugin.a */; + productType = "com.apple.product-type.library.static"; + }; + DCB3417B1D8A2B860054D16E /* security_cdsa_utilities */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCB3417F1D8A2B860054D16E /* Build configuration list for PBXNativeTarget "security_cdsa_utilities" */; + buildPhases = ( + DCB342301D8A2C0E0054D16E /* Produce Schemas */, + DCB3417C1D8A2B860054D16E /* Headers */, + DCB3417D1D8A2B860054D16E /* Sources */, + DCB3417E1D8A2B860054D16E /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_cdsa_utilities; + productName = libsecurityd_client_macos; + productReference = DCB341821D8A2B860054D16E /* libsecurity_cdsa_utilities.a */; + productType = "com.apple.product-type.library.static"; + }; + DCB3423A1D8A32820054D16E /* security_keychain */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCB3423E1D8A32820054D16E /* Build configuration list for PBXNativeTarget "security_keychain" */; + buildPhases = ( + DCB3423B1D8A32820054D16E /* Headers */, + DCB3423C1D8A32820054D16E /* Sources */, + DCB3423D1D8A32820054D16E /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + DC59EA991D91CE8C001BDDF5 /* PBXTargetDependency */, + ); + name = security_keychain; + productName = libsecurityd_client_macos; + productReference = DCB342411D8A32820054D16E /* libsecurity_keychain.a */; + productType = "com.apple.product-type.library.static"; + }; + DCB343AD1D8A34FD0054D16E /* security_keychain_regressions */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCB3443B1D8A34FD0054D16E /* Build configuration list for PBXNativeTarget "security_keychain_regressions" */; + buildPhases = ( + DCB343B01D8A34FD0054D16E /* Headers */, + DCB343E91D8A34FD0054D16E /* Sources */, + DCB344391D8A34FD0054D16E /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_keychain_regressions; + productName = libsecurityd_client_macos; + productReference = DCB3443E1D8A34FD0054D16E /* libsecurity_keychain_regressions.a */; + productType = "com.apple.product-type.library.static"; + }; + DCC78EA81D8088E200865A7C /* security */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCC78EAF1D8088E200865A7C /* Build configuration list for PBXNativeTarget "security" */; + buildPhases = ( + DCC78EA51D8088E200865A7C /* Sources */, + DCC78EA61D8088E200865A7C /* Frameworks */, + DCC78EA71D8088E200865A7C /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security; + productName = libsecurity; + productReference = DCC78EA91D8088E200865A7C /* libsecurity.a */; + productType = "com.apple.product-type.library.dynamic"; + }; + DCD067781D8CDF19007602F1 /* security_codesigning */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCD0677C1D8CDF19007602F1 /* Build configuration list for PBXNativeTarget "security_codesigning" */; + buildPhases = ( + DCD067791D8CDF19007602F1 /* Headers */, + DCD0677A1D8CDF19007602F1 /* Sources */, + DCD0677B1D8CDF19007602F1 /* Frameworks */, + DC963E811D95EC04008A153E /* CopyFiles */, + DC963E831D95EC20008A153E /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + DC008B5C1D90CEE9004002A3 /* PBXTargetDependency */, + DCD067851D8CDF5C007602F1 /* PBXTargetDependency */, + DCD067831D8CDF58007602F1 /* PBXTargetDependency */, + ); + name = security_codesigning; + productName = libsecurityd_client_macos; + productReference = DCD0677F1D8CDF19007602F1 /* libsecurity_codesigning.a */; + productType = "com.apple.product-type.library.static"; + }; + DCD0696F1D8CE21C007602F1 /* integrity */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCD06A3C1D8CE21C007602F1 /* Build configuration list for PBXNativeTarget "integrity" */; + buildPhases = ( + DCD069761D8CE21C007602F1 /* Headers */, + DCD069E91D8CE21C007602F1 /* Sources */, + DCD06A3B1D8CE21C007602F1 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + DCD069701D8CE21C007602F1 /* PBXTargetDependency */, + DCD069721D8CE21C007602F1 /* PBXTargetDependency */, + DC008B641D90CF37004002A3 /* PBXTargetDependency */, + ); + name = integrity; + productName = libsecurityd_client_macos; + productReference = DCD06A3F1D8CE21D007602F1 /* libintegrity.a */; + productType = "com.apple.product-type.library.static"; + }; + DCD06A421D8CE281007602F1 /* codehost */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCD06A4E1D8CE281007602F1 /* Build configuration list for PBXNativeTarget "codehost" */; + buildPhases = ( + DCD06A491D8CE281007602F1 /* Headers */, + DCD06A4B1D8CE281007602F1 /* Sources */, + DCD06A4D1D8CE281007602F1 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + DCD06A431D8CE281007602F1 /* PBXTargetDependency */, + DCD06A451D8CE281007602F1 /* PBXTargetDependency */, + DC008B661D90CF40004002A3 /* PBXTargetDependency */, + ); + name = codehost; + productName = libsecurityd_client_macos; + productReference = DCD06A511D8CE281007602F1 /* libcodehost.a */; + productType = "com.apple.product-type.library.static"; + }; + DCD06A541D8CE2D5007602F1 /* gkunpack */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCD06A711D8CE2D5007602F1 /* Build configuration list for PBXNativeTarget "gkunpack" */; + buildPhases = ( + DCD06A5F1D8CE2D5007602F1 /* Sources */, + DCD06A621D8CE2D5007602F1 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = gkunpack; + productName = security; + productReference = DCD06A741D8CE2D5007602F1 /* gkunpack */; + productType = "com.apple.product-type.tool"; + }; + DCD06AA91D8E0D53007602F1 /* security_utilities */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCD06AAD1D8E0D53007602F1 /* Build configuration list for PBXNativeTarget "security_utilities" */; + buildPhases = ( + DCD06AAA1D8E0D53007602F1 /* Headers */, + DCD06AAB1D8E0D53007602F1 /* Sources */, + DCD06AAC1D8E0D53007602F1 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + DC82FFEB1D90D4640085674B /* PBXTargetDependency */, + ); + name = security_utilities; + productName = libsecurityd_client_macos; + productReference = DCD06AB01D8E0D53007602F1 /* libsecurity_utilities.a */; + productType = "com.apple.product-type.library.static"; + }; + DCD66D5E1D8204A700DB1393 /* SecTrustOSX */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCD66D701D8204A700DB1393 /* Build configuration list for PBXNativeTarget "SecTrustOSX" */; + buildPhases = ( + DCD66D5F1D8204A700DB1393 /* Sources */, + DCD66D6E1D8204A700DB1393 /* Frameworks */, + DCD66D6F1D8204A700DB1393 /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = SecTrustOSX; + productName = libsecurity; + productReference = DCD66D731D8204A700DB1393 /* libSecTrustOSX.a */; + productType = "com.apple.product-type.library.static"; + }; + DCD66DC41D8205C400DB1393 /* SecOtrOSX */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCD66DD81D8205C400DB1393 /* Build configuration list for PBXNativeTarget "SecOtrOSX" */; + buildPhases = ( + DCD66DC51D8205C400DB1393 /* Sources */, + DCD66DD51D8205C400DB1393 /* Frameworks */, + DCD66DD61D8205C400DB1393 /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = SecOtrOSX; + productName = libsecurity; + productReference = DCD66DDB1D8205C400DB1393 /* libSecOtrOSX.a */; + productType = "com.apple.product-type.library.static"; + }; + DCE4E68A1D7A37FA00AFB96E /* security2tool_macos */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCE4E6A11D7A37FA00AFB96E /* Build configuration list for PBXNativeTarget "security2tool_macos" */; + buildPhases = ( + DCE4E6911D7A37FA00AFB96E /* Sources */, + DCE4E6941D7A37FA00AFB96E /* Frameworks */, + DCE4E6A51D7A388C00AFB96E /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + DC71D8EB1D959C130065FB93 /* PBXTargetDependency */, + DC71D8E41D959C000065FB93 /* PBXTargetDependency */, + DC00AB921D821D6000513D74 /* PBXTargetDependency */, + DC71DA0D1D95DD670065FB93 /* PBXTargetDependency */, + DC00AB941D821D6500513D74 /* PBXTargetDependency */, + DC00AB961D821D6800513D74 /* PBXTargetDependency */, + ); + name = security2tool_macos; + productName = security; + productReference = DCE4E6A41D7A37FA00AFB96E /* security2 */; + productType = "com.apple.product-type.tool"; + }; + DCE4E7311D7A43B500AFB96E /* SecurityTestsOSX */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCE4E7AF1D7A43B500AFB96E /* Build configuration list for PBXNativeTarget "SecurityTestsOSX" */; + buildPhases = ( + DCE4E74C1D7A43B500AFB96E /* Sources */, + DCE4E7501D7A43B500AFB96E /* Frameworks */, + DCE4E76B1D7A43B500AFB96E /* Resources */, + DCE4E7711D7A43B500AFB96E /* Copy DigiNotar Resources */, + DCE4E7841D7A43B500AFB96E /* Copy DigiNotar-Entrust Resources */, + DCE4E7981D7A43B500AFB96E /* Copy DigiNotar-ok Resources */, + DCE4E7A81D7A43B500AFB96E /* Copy DigiCertMalaysia Resources */, + ); + buildRules = ( + ); + dependencies = ( + DC65E7541D8CB46100152EF0 /* PBXTargetDependency */, + DC59EA8A1D91CD89001BDDF5 /* PBXTargetDependency */, + DC52EE631D80D7D900B0A59C /* PBXTargetDependency */, + DCB345B31D8A361F0054D16E /* PBXTargetDependency */, + DC63CAFA1D91A16700C03317 /* PBXTargetDependency */, + DCE4E7BC1D7A45ED00AFB96E /* PBXTargetDependency */, + DC0BCA781D8B830900070CB0 /* PBXTargetDependency */, + DC65E7521D8CB45300152EF0 /* PBXTargetDependency */, + ); + name = SecurityTestsOSX; + productName = SecurityTests; + productReference = DCE4E7B21D7A43B500AFB96E /* SecurityTestsOSX.app */; + productType = "com.apple.product-type.application"; + }; + DCE4E7CB1D7A4AED00AFB96E /* sectests_macos */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCE4E7D01D7A4AEE00AFB96E /* Build configuration list for PBXNativeTarget "sectests_macos" */; + buildPhases = ( + DCE4E7C81D7A4AED00AFB96E /* Sources */, + DCE4E7C91D7A4AED00AFB96E /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + DC59EA961D91CDEE001BDDF5 /* PBXTargetDependency */, + DC65E7661D8CB4C200152EF0 /* PBXTargetDependency */, + DC65E7681D8CB4CB00152EF0 /* PBXTargetDependency */, + DCE4E7D81D7A4B3500AFB96E /* PBXTargetDependency */, + DC65E76A1D8CB4D300152EF0 /* PBXTargetDependency */, + ); + name = sectests_macos; + productName = sectests_macos; + productReference = DCE4E7CC1D7A4AED00AFB96E /* sectests */; + productType = "com.apple.product-type.tool"; + }; + DCE4E7F51D7A4DA800AFB96E /* secd */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCE4E7FA1D7A4DA900AFB96E /* Build configuration list for PBXNativeTarget "secd" */; + buildPhases = ( + DCE4E7F21D7A4DA800AFB96E /* Sources */, + DCE4E7F31D7A4DA800AFB96E /* Frameworks */, + DCE4E7F41D7A4DA800AFB96E /* CopyFiles */, + DCE4E80B1D7A4E2900AFB96E /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + DC71DA091D95BEE00065FB93 /* PBXTargetDependency */, + DC71DA031D95BDEA0065FB93 /* PBXTargetDependency */, + DC00AB721D821C4600513D74 /* PBXTargetDependency */, + DC00AB741D821C4800513D74 /* PBXTargetDependency */, + DC65E7261D8CB2E100152EF0 /* PBXTargetDependency */, + DC00AB761D821C4C00513D74 /* PBXTargetDependency */, + DC00AB781D821C5000513D74 /* PBXTargetDependency */, + ); + name = secd; + productName = secd; + productReference = DCE4E7F61D7A4DA800AFB96E /* secd */; + productType = "com.apple.product-type.tool"; + }; + DCE4E82D1D7A57AE00AFB96E /* trustd */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCE4E8561D7A57AE00AFB96E /* Build configuration list for PBXNativeTarget "trustd" */; + buildPhases = ( + DCE4E8381D7A57AE00AFB96E /* Sources */, + DCE4E83A1D7A57AE00AFB96E /* Frameworks */, + DCE4E8521D7A57AE00AFB96E /* CopyFiles */, + DCE4E8541D7A57AE00AFB96E /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + DC71DA0B1D95BEF60065FB93 /* PBXTargetDependency */, + DC71DA051D95BDF90065FB93 /* PBXTargetDependency */, + DC00AB851D821CA300513D74 /* PBXTargetDependency */, + DC00AB871D821CA900513D74 /* PBXTargetDependency */, + DC00AB891D821CAD00513D74 /* PBXTargetDependency */, + DC65E72C1D8CB31200152EF0 /* PBXTargetDependency */, + ); + name = trustd; + productName = secd; + productReference = DCE4E8591D7A57AE00AFB96E /* trustd */; + productType = "com.apple.product-type.tool"; + }; + DCE4E8931D7F34F600AFB96E /* authd */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCE4E89D1D7F34F700AFB96E /* Build configuration list for PBXNativeTarget "authd" */; + buildPhases = ( + DCE4E8901D7F34F600AFB96E /* Sources */, + DCE4E8911D7F34F600AFB96E /* Frameworks */, + DCE4E8921D7F34F600AFB96E /* Resources */, + DCE4E8CC1D7F358C00AFB96E /* Copy authorization.plist */, + DCE4E8D41D7F360C00AFB96E /* CopyFiles */, + DCE4E8CE1D7F35A300AFB96E /* Copy sandbox profile */, + DCE4E8D11D7F35C400AFB96E /* Copy asl module */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = authd; + productName = authd; + productReference = DCE4E8941D7F34F600AFB96E /* authd.xpc */; + productType = "com.apple.product-type.xpc-service"; + }; + DCE4E8DC1D7F39DB00AFB96E /* Cloud Keychain Utility */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCE4E8EB1D7F39DC00AFB96E /* Build configuration list for PBXNativeTarget "Cloud Keychain Utility" */; + buildPhases = ( + DCE4E8D91D7F39DB00AFB96E /* Sources */, + DCE4E8DA1D7F39DB00AFB96E /* Frameworks */, + DCE4E8DB1D7F39DB00AFB96E /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + DC65E73E1D8CB3C100152EF0 /* PBXTargetDependency */, + ); + name = "Cloud Keychain Utility"; + productName = "Cloud Keychain Utility"; + productReference = DCE4E8DD1D7F39DB00AFB96E /* Cloud Keychain Utility.app */; + productType = "com.apple.product-type.application"; + }; + DCE4E9101D7F3D5300AFB96E /* Keychain Circle Notification */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCE4E91F1D7F3D5400AFB96E /* Build configuration list for PBXNativeTarget "Keychain Circle Notification" */; + buildPhases = ( + DCE4E90D1D7F3D5300AFB96E /* Sources */, + DCE4E90E1D7F3D5300AFB96E /* Frameworks */, + DCE4E90F1D7F3D5300AFB96E /* Resources */, + DCE4E9701D7F3EA700AFB96E /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = "Keychain Circle Notification"; + productName = "Keychain Circle Notification"; + productReference = DCE4E9111D7F3D5300AFB96E /* Keychain Circle Notification.app */; + productType = "com.apple.product-type.application"; + }; + DCF7830A1D88B4DE00E694BB /* security_apple_csp */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCF783111D88B4DE00E694BB /* Build configuration list for PBXNativeTarget "security_apple_csp" */; + buildPhases = ( + DCF7830D1D88B4DE00E694BB /* Headers */, + DCF7830E1D88B4DE00E694BB /* Sources */, + DCF783101D88B4DE00E694BB /* Frameworks */, + DC963E7D1D95EBA8008A153E /* CopyFiles */, + DC963E7F1D95EBC2008A153E /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_apple_csp; + productName = libsecurityd_client_macos; + productReference = DCF783141D88B4DE00E694BB /* libsecurity_apple_csp.a */; + productType = "com.apple.product-type.library.static"; + }; + DCF785021D88B95500E694BB /* security_apple_cspdl */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCF785E21D88B95500E694BB /* Build configuration list for PBXNativeTarget "security_apple_cspdl" */; + buildPhases = ( + DCF785031D88B95500E694BB /* Headers */, + DCF785601D88B95500E694BB /* Sources */, + DCF785DD1D88B95500E694BB /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_apple_cspdl; + productName = libsecurityd_client_macos; + productReference = DCF785E51D88B95500E694BB /* libsecurity_apple_cspdl.a */; + productType = "com.apple.product-type.library.static"; + }; + DCF787501D88C86900E694BB /* security_apple_empty */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCF788301D88C86900E694BB /* Build configuration list for PBXNativeTarget "security_apple_empty" */; + buildPhases = ( + DCF787511D88C86900E694BB /* Headers */, + DCF787AE1D88C86900E694BB /* Sources */, + DCF7882B1D88C86900E694BB /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_apple_empty; + productName = libsecurityd_client_macos; + productReference = DCF788331D88C86900E694BB /* libsecurity_apple_empty.a */; + productType = "com.apple.product-type.library.static"; + }; + DCF788341D88C8C400E694BB /* security_apple_file_dl */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCF788381D88C8C400E694BB /* Build configuration list for PBXNativeTarget "security_apple_file_dl" */; + buildPhases = ( + DCF788351D88C8C400E694BB /* Headers */, + DCF788361D88C8C400E694BB /* Sources */, + DCF788371D88C8C400E694BB /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_apple_file_dl; + productName = libsecurityd_client_macos; + productReference = DCF7883B1D88C8C400E694BB /* libsecurity_apple_file_dl.a */; + productType = "com.apple.product-type.library.static"; + }; + DCF788471D88CA7200E694BB /* security_apple_x509_cl */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCF7884B1D88CA7200E694BB /* Build configuration list for PBXNativeTarget "security_apple_x509_cl" */; + buildPhases = ( + DCF788481D88CA7200E694BB /* Headers */, + DCF788491D88CA7200E694BB /* Sources */, + DCF7884A1D88CA7200E694BB /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_apple_x509_cl; + productName = libsecurityd_client_macos; + productReference = DCF7884E1D88CA7200E694BB /* libsecurity_apple_x509_cl.a */; + productType = "com.apple.product-type.library.static"; + }; + DCF7889C1D88CB5200E694BB /* plugin_apple_x509_cl */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCF788A01D88CB5200E694BB /* Build configuration list for PBXNativeTarget "plugin_apple_x509_cl" */; + buildPhases = ( + DCF788991D88CB5200E694BB /* Sources */, + DCF7889A1D88CB5200E694BB /* Frameworks */, + DCF7889B1D88CB5200E694BB /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + DCF788A41D88CB6000E694BB /* PBXTargetDependency */, + ); + name = plugin_apple_x509_cl; + productName = plugin_apple_x509_cl; + productReference = DCF7889D1D88CB5200E694BB /* apple_x509_cl.bundle */; + productType = "com.apple.product-type.bundle"; + }; + DCF788AB1D88CD2400E694BB /* security_apple_x509_tp */ = { + isa = PBXNativeTarget; + buildConfigurationList = DCF788D31D88CD2400E694BB /* Build configuration list for PBXNativeTarget "security_apple_x509_tp" */; + buildPhases = ( + DCF788AC1D88CD2400E694BB /* Headers */, + DCF788BC1D88CD2400E694BB /* Sources */, + DCF788D21D88CD2400E694BB /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_apple_x509_tp; + productName = libsecurityd_client_macos; + productReference = DCF788D61D88CD2400E694BB /* libsecurity_apple_x509_tp.a */; + productType = "com.apple.product-type.library.static"; + }; + E710C7411331946400F85568 /* SecurityTests */ = { + isa = PBXNativeTarget; + buildConfigurationList = E710C75C1331946500F85568 /* Build configuration list for PBXNativeTarget "SecurityTests" */; + buildPhases = ( + E710C73E1331946400F85568 /* Sources */, + E710C73F1331946400F85568 /* Frameworks */, + E710C7401331946400F85568 /* Resources */, + 4C50AD081410673800EE92DE /* Copy DigiNotar Resources */, + 4C50AD091410675400EE92DE /* Copy DigiNotar-Entrust Resources */, + 4C50AD0A1410676300EE92DE /* Copy DigiNotar-ok Resources */, + 79679E231462023800CF997F /* Copy DigiCertMalaysia Resources */, + ); + buildRules = ( + ); + dependencies = ( + DC59EA871D91CD76001BDDF5 /* PBXTargetDependency */, + DC00ABBB1D821E9B00513D74 /* PBXTargetDependency */, + DC00ABBD1D821E9F00513D74 /* PBXTargetDependency */, + DC65E74E1D8CB41E00152EF0 /* PBXTargetDependency */, + DC0BCDB91D8C6AE000070CB0 /* PBXTargetDependency */, + DC65E7501D8CB42700152EF0 /* PBXTargetDependency */, + DC0BCC1C1D8C655900070CB0 /* PBXTargetDependency */, + DC0BCDBB1D8C6AF000070CB0 /* PBXTargetDependency */, + DC52ECEC1D80D34C00B0A59C /* PBXTargetDependency */, + DC00ABBF1D821EA700513D74 /* PBXTargetDependency */, + DC52EC7D1D80D18800B0A59C /* PBXTargetDependency */, + DC52EE651D80D7F000B0A59C /* PBXTargetDependency */, + ); + name = SecurityTests; + productName = SecurityTests; + productReference = E710C7421331946400F85568 /* SecurityTests.app */; + productType = "com.apple.product-type.application"; + }; + E7B01BBD166594AB000485F1 /* SyncDevTest2 */ = { + isa = PBXNativeTarget; + buildConfigurationList = E7B01BEF166594AB000485F1 /* Build configuration list for PBXNativeTarget "SyncDevTest2" */; + buildPhases = ( + E7B01BC2166594AB000485F1 /* Sources */, + E7B01BD1166594AB000485F1 /* Frameworks */, + E7B01BE3166594AB000485F1 /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + DC00ABEE1D821FB700513D74 /* PBXTargetDependency */, + DC00ABF01D821FBA00513D74 /* PBXTargetDependency */, + ); + name = SyncDevTest2; + productName = Keychain; + productReference = E7B01BF2166594AB000485F1 /* SyncDevTest2.app */; + productType = "com.apple.product-type.application"; + }; + E7D847C41C6BE9710025BB44 /* KeychainCircle */ = { + isa = PBXNativeTarget; + buildConfigurationList = E7D847FF1C6BE9720025BB44 /* Build configuration list for PBXNativeTarget "KeychainCircle" */; + buildPhases = ( + E7D847C01C6BE9710025BB44 /* Sources */, + E7D847C11C6BE9710025BB44 /* Frameworks */, + E7D847C21C6BE9710025BB44 /* Headers */, + E7D847C31C6BE9710025BB44 /* Resources */, + ); + buildRules = ( + ); + dependencies = ( + DC65E7221D8CB27900152EF0 /* PBXTargetDependency */, + ); + name = KeychainCircle; + productName = KeychainCircle; + productReference = E7D847C51C6BE9710025BB44 /* KeychainCircle.framework */; + productType = "com.apple.product-type.framework"; + }; + E7D847CD1C6BE9720025BB44 /* KeychainCircleTests */ = { + isa = PBXNativeTarget; + buildConfigurationList = E7D848001C6BE9720025BB44 /* Build configuration list for PBXNativeTarget "KeychainCircleTests" */; + buildPhases = ( + E7D847CA1C6BE9720025BB44 /* Sources */, + E7D847CB1C6BE9720025BB44 /* Frameworks */, + E7D847CC1C6BE9720025BB44 /* Resources */, + E7CFF7211C86602B00E3484E /* Install BATS Tests */, + E7E0C6D11C90E87D00E69A21 /* chmod BATS Tests */, + ); + buildRules = ( + ); + dependencies = ( + E7D847D11C6BE9720025BB44 /* PBXTargetDependency */, + DC00AB9E1D821DBB00513D74 /* PBXTargetDependency */, + DC00ABA01D821DBC00513D74 /* PBXTargetDependency */, + DC00ABA21D821DBF00513D74 /* PBXTargetDependency */, + DC65E7401D8CB3CD00152EF0 /* PBXTargetDependency */, + DC00ABA41D821DC400513D74 /* PBXTargetDependency */, + DC59EA811D91CD16001BDDF5 /* PBXTargetDependency */, + DC65E7421D8CB3D400152EF0 /* PBXTargetDependency */, + ); + name = KeychainCircleTests; + productName = KeychainCircleTests; + productReference = E7D847CE1C6BE9720025BB44 /* KeychainCircleTests.xctest */; + productType = "com.apple.product-type.bundle.unit-test"; + }; + EB0BC9361C3C791500785842 /* secedumodetest */ = { + isa = PBXNativeTarget; + buildConfigurationList = EB0BC93B1C3C791500785842 /* Build configuration list for PBXNativeTarget "secedumodetest" */; + buildPhases = ( + EB0BC9371C3C791500785842 /* Sources */, + EB0BC9391C3C791500785842 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = secedumodetest; + productName = secbackupntest; + productReference = EB0BC93E1C3C791500785842 /* secedumodetest */; + productType = "com.apple.product-type.tool"; + }; + EB425C9E1C65846D000ECE53 /* secbackuptest */ = { + isa = PBXNativeTarget; + buildConfigurationList = EB425CA31C65846D000ECE53 /* Build configuration list for PBXNativeTarget "secbackuptest" */; + buildPhases = ( + EB425C9F1C65846D000ECE53 /* Sources */, + EB425CA11C65846D000ECE53 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = secbackuptest; + productName = secbackupntest; + productReference = EB425CA61C65846D000ECE53 /* secbackuptest */; + productType = "com.apple.product-type.tool"; + }; + EB433A201CC3243600A7EACE /* secitemstresstest */ = { + isa = PBXNativeTarget; + buildConfigurationList = EB433A251CC3243600A7EACE /* Build configuration list for PBXNativeTarget "secitemstresstest" */; + buildPhases = ( + EB433A211CC3243600A7EACE /* Sources */, + EB433A231CC3243600A7EACE /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = secitemstresstest; + productName = secbackupntest; + productReference = EB433A281CC3243600A7EACE /* secitemstresstest */; + productType = "com.apple.product-type.tool"; + }; + EB9C1D791BDFD0E000F89272 /* secbackupntest */ = { + isa = PBXNativeTarget; + buildConfigurationList = EB9C1DA91BDFD0E100F89272 /* Build configuration list for PBXNativeTarget "secbackupntest" */; + buildPhases = ( + EB9C1D761BDFD0E000F89272 /* Sources */, + EB9C1D771BDFD0E000F89272 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = secbackupntest; + productName = secbackupntest; + productReference = EB9C1D7A1BDFD0E000F89272 /* secbackupntest */; + productType = "com.apple.product-type.tool"; + }; + EBA9AA7D1CE30E58004E2B68 /* secitemnotifications */ = { + isa = PBXNativeTarget; + buildConfigurationList = EBA9AA831CE30E58004E2B68 /* Build configuration list for PBXNativeTarget "secitemnotifications" */; + buildPhases = ( + EBA9AA7E1CE30E58004E2B68 /* Sources */, + EBA9AA801CE30E58004E2B68 /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = secitemnotifications; + productName = secbackupntest; + productReference = EBA9AA861CE30E58004E2B68 /* secitemnotifications */; + productType = "com.apple.product-type.tool"; + }; + EBCF73F31CE45F9C00BED7CA /* secitemfunctionality */ = { + isa = PBXNativeTarget; + buildConfigurationList = EBCF73F91CE45F9C00BED7CA /* Build configuration list for PBXNativeTarget "secitemfunctionality" */; + buildPhases = ( + EBCF73F41CE45F9C00BED7CA /* Sources */, + EBCF73F61CE45F9C00BED7CA /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = secitemfunctionality; + productName = secbackupntest; + productReference = EBCF73FC1CE45F9C00BED7CA /* secitemfunctionality */; + productType = "com.apple.product-type.tool"; + }; + EBF374711DC055580065D840 /* security-sysdiagnose */ = { + isa = PBXNativeTarget; + buildConfigurationList = EBF3747D1DC055590065D840 /* Build configuration list for PBXNativeTarget "security-sysdiagnose" */; + buildPhases = ( + EBF3746E1DC055580065D840 /* Sources */, + EBF3746F1DC055580065D840 /* Frameworks */, + EBF374701DC055580065D840 /* CopyFiles */, + ); + buildRules = ( + ); + dependencies = ( + 0C10C93C1DD548BD000602A8 /* PBXTargetDependency */, + 0C10C93A1DD548B6000602A8 /* PBXTargetDependency */, + ); + name = "security-sysdiagnose"; + productName = "security-sysdiagnose"; + productReference = EBF374721DC055580065D840 /* security-sysdiagnose */; + productType = "com.apple.product-type.tool"; + }; +/* End PBXNativeTarget section */ + +/* Begin PBXProject section */ + 4C35DB69094F906D002917C4 /* Project object */ = { + isa = PBXProject; + attributes = { + LastUpgradeCheck = 0810; + TargetAttributes = { + 4381690B1B4EDCBD00C54D58 = { + CreatedOnToolsVersion = 7.0; + }; + 5EBE24791B00CCAE0007DB0E = { + CreatedOnToolsVersion = 7.0; + }; + CD276C261A83F60C003226BC = { + CreatedOnToolsVersion = 7.0; + }; + D41AD42D1B967169008C7270 = { + CreatedOnToolsVersion = 7.0; + }; + D41AD4311B967179008C7270 = { + CreatedOnToolsVersion = 7.0; + }; + DC008B451D90CE53004002A3 = { + CreatedOnToolsVersion = 8.0; + ProvisioningStyle = Automatic; + }; + DC0BC5501D8B6D2D00070CB0 = { + CreatedOnToolsVersion = 8.0; + ProvisioningStyle = Automatic; + }; + DC0BC5C51D8B72E700070CB0 = { + CreatedOnToolsVersion = 8.0; + ProvisioningStyle = Automatic; + }; + DC1785041D77873100B50D50 = { + CreatedOnToolsVersion = 8.0; + ProvisioningStyle = Automatic; + }; + DC1789031D77980500B50D50 = { + CreatedOnToolsVersion = 8.0; + ProvisioningStyle = Automatic; + }; + DC3A4B571D91E9FB00E46D4A = { + CreatedOnToolsVersion = 8.0; + ProvisioningStyle = Automatic; + }; + DC58C4221D77BDEA003C25A4 = { + CreatedOnToolsVersion = 8.0; + ProvisioningStyle = Automatic; + }; + DC59EA361D91CA82001BDDF5 = { + CreatedOnToolsVersion = 8.0; + ProvisioningStyle = Automatic; + }; + DC5ABDC41D832DAB00CF422C = { + CreatedOnToolsVersion = 8.0; + DevelopmentTeam = XPSUQMMH5W; + DevelopmentTeamName = "Apple Inc. - Core OS Plus Others"; + ProvisioningStyle = Automatic; + }; + DC5AC04F1D8352D900CF422C = { + CreatedOnToolsVersion = 8.0; + DevelopmentTeam = XPSUQMMH5W; + DevelopmentTeamName = "Apple Inc. - Core OS Plus Others"; + ProvisioningStyle = Automatic; + }; + DC610A461D78F48F002223DE = { + CreatedOnToolsVersion = 8.0; + ProvisioningStyle = Automatic; + }; + DC6A82911D87749900418608 = { + CreatedOnToolsVersion = 8.0; + ProvisioningStyle = Automatic; + }; + DC8E04911D7F6CED006D80EB = { + CreatedOnToolsVersion = 8.0; + ProvisioningStyle = Automatic; + }; + DCC78EA81D8088E200865A7C = { + CreatedOnToolsVersion = 8.0; + DevelopmentTeam = XPSUQMMH5W; + DevelopmentTeamName = "Apple Inc. - Core OS Plus Others"; + ProvisioningStyle = Automatic; + }; + DCD067561D8CDCF3007602F1 = { + CreatedOnToolsVersion = 8.0; + DevelopmentTeam = XPSUQMMH5W; + ProvisioningStyle = Automatic; + }; + DCD0675B1D8CDD6D007602F1 = { + DevelopmentTeam = XPSUQMMH5W; + }; + DCD069661D8CE105007602F1 = { + DevelopmentTeam = XPSUQMMH5W; + }; + DCD06A7B1D8CE32F007602F1 = { + CreatedOnToolsVersion = 8.0; + DevelopmentTeam = XPSUQMMH5W; + ProvisioningStyle = Automatic; + }; + DCE4E7CB1D7A4AED00AFB96E = { + CreatedOnToolsVersion = 8.0; + ProvisioningStyle = Automatic; + }; + DCE4E7F51D7A4DA800AFB96E = { + CreatedOnToolsVersion = 8.0; + ProvisioningStyle = Automatic; + }; + DCE4E8931D7F34F600AFB96E = { + CreatedOnToolsVersion = 8.0; + ProvisioningStyle = Automatic; + }; + DCE4E8DC1D7F39DB00AFB96E = { + CreatedOnToolsVersion = 8.0; + ProvisioningStyle = Automatic; + }; + DCE4E9101D7F3D5300AFB96E = { + CreatedOnToolsVersion = 8.0; + ProvisioningStyle = Automatic; + }; + DCF7889C1D88CB5200E694BB = { + CreatedOnToolsVersion = 8.0; + ProvisioningStyle = Automatic; + }; + E74584661BF68EBA001B54A4 = { + CreatedOnToolsVersion = 7.1; + }; + E79EEDA71CD3F87B00C2FBFC = { + CreatedOnToolsVersion = 8.0; + }; + E79EEDD21CD3F8AB00C2FBFC = { + CreatedOnToolsVersion = 8.0; + }; + E79EEDD81CD3FFC800C2FBFC = { + CreatedOnToolsVersion = 8.0; + }; + E79EEDE01CD4000C00C2FBFC = { + CreatedOnToolsVersion = 8.0; + }; + E7CFF6471C84F61200E3484E = { + CreatedOnToolsVersion = 7.3; + }; + E7D847C41C6BE9710025BB44 = { + CreatedOnToolsVersion = 7.3; + }; + E7D847CD1C6BE9720025BB44 = { + CreatedOnToolsVersion = 7.3; + }; + EB6A6FA81B90F83A0045DC68 = { + CreatedOnToolsVersion = 7.0; + }; + EB6A6FAE1B90F8810045DC68 = { + CreatedOnToolsVersion = 7.0; + }; + EB6A6FB41B90F8C90045DC68 = { + CreatedOnToolsVersion = 7.0; + }; + EB9C1D791BDFD0E000F89272 = { + CreatedOnToolsVersion = 7.1; + }; + EB9C1DAE1BDFD4DE00F89272 = { + CreatedOnToolsVersion = 7.1; + }; + EBBE20571C21380100B7A639 = { + CreatedOnToolsVersion = 7.2; + }; + EBF374711DC055580065D840 = { + CreatedOnToolsVersion = 8.1; + ProvisioningStyle = Automatic; + }; + F93C49021AB8FCE00047E01A = { + CreatedOnToolsVersion = 6.3; + }; + }; + }; + buildConfigurationList = 4C35DB6A094F906D002917C4 /* Build configuration list for PBXProject "Security" */; + compatibilityVersion = "Xcode 3.2"; + developmentRegion = English; + hasScannedForEncodings = 0; + knownRegions = ( + English, + Japanese, + French, + German, + en, + Base, + ); + mainGroup = 4C35DB67094F906D002917C4; + productRefGroup = 4C35DC36094F9120002917C4 /* Products */; + projectDirPath = ""; + projectReferences = ( + { + ProductGroup = DC1002CC1D8E19F20025549C /* Products */; + ProjectRef = 79BDD3940D60D5F9000D84D3 /* libCMS.xcodeproj */; + }, + { + ProductGroup = DC1002C41D8E19D70025549C /* Products */; + ProjectRef = DC1784AE1D7786C700B50D50 /* libsecurity_cms.xcodeproj */; + }, + { + ProductGroup = DC1784431D77869A00B50D50 /* Products */; + ProjectRef = DC1784421D77869A00B50D50 /* libsecurity_smime.xcodeproj */; + }, + { + ProductGroup = DC5AC0AE1D83533400CF422C /* Products */; + ProjectRef = DC5AC0AD1D83533400CF422C /* securityd_service.xcodeproj */; + }, + ); + projectRoot = ""; + targets = ( + DC8E04A51D7F6E50006D80EB /* ===== Top-Level Targets ===== */, + E79EEDD81CD3FFC800C2FBFC /* Security_frameworks_osx */, + 0C7CFA2E14E1BA4800DF9D95 /* Security_frameworks_ios */, + E7CFF6471C84F61200E3484E /* Security_KeychainCircle */, + 05EF68BB194915A5007958C3 /* Security_executables_osx */, + 4C541F840F250BF500E508AE /* Security_executables_ios */, + D41AD4311B967179008C7270 /* Security_executables_tvos */, + D41AD42D1B967169008C7270 /* Security_executables_watchos */, + EB6A6FAE1B90F8810045DC68 /* Security_executables_bridge */, + E79EEDA71CD3F87B00C2FBFC /* Security_tests_osx */, + E79EEDD21CD3F8AB00C2FBFC /* Security_tests_ios */, + 05EF68C1194915FB007958C3 /* Security_kexts */, + 05EF68AF1949149C007958C3 /* Security_temporary_UI */, + 4C91273D0ADBF46200AF202E /* ios */, + E74584661BF68EBA001B54A4 /* osx */, + DC8E04991D7F6D9C006D80EB /* ====== Frameworks ======== */, + 4C32C0AE0A4975F6002891BD /* Security_ios */, + DC1789031D77980500B50D50 /* Security_osx */, + DC1785041D77873100B50D50 /* copyHeadersToSystem */, + E7D847C41C6BE9710025BB44 /* KeychainCircle */, + DC8E04911D7F6CED006D80EB /* ======= Daemons ========= */, + DCE4E8931D7F34F600AFB96E /* authd */, + DCE4E7F51D7A4DA800AFB96E /* secd */, + 790851B50CA9859F0083CC4D /* securityd_ios */, + DC5AC04F1D8352D900CF422C /* securityd_macos */, + DCE4E82D1D7A57AE00AFB96E /* trustd */, + 52D82BDD16A621F70078DFE5 /* CloudKeychainProxy */, + CD276C261A83F60C003226BC /* KeychainSyncingOverIDSProxy */, + DC0BC5501D8B6D2D00070CB0 /* XPCKeychainSandboxCheck */, + DC0BC5631D8B6E3D00070CB0 /* XPCTimeStampingService */, + DC8E04B11D7F6EC9006D80EB /* ======= Libraries ========= */, + DCC78EA81D8088E200865A7C /* security */, + DC52E7731D80BC8000B0A59C /* libsecurityd_ios */, + DC52E88A1D80C1EB00B0A59C /* secipc_client */, + DC52E8BE1D80C25800B0A59C /* SecureObjectSync */, + DC52EA441D80CB7000B0A59C /* SecurityTool */, + DC52EBC61D80CEF100B0A59C /* SecurityCommands */, + DC52EC211D80CFB200B0A59C /* SOSCommands */, + DC52EC3E1D80D00800B0A59C /* libSWCAgent */, + DC52EC521D80D05200B0A59C /* logging */, + DC52EE661D80D82600B0A59C /* SecItemShimOSX */, + DCD66D5E1D8204A700DB1393 /* SecTrustOSX */, + DCD66DC41D8205C400DB1393 /* SecOtrOSX */, + DC52EC601D80D0C400B0A59C /* SOSRegressions */, + DC52EC7E1D80D1A800B0A59C /* iOSSecurityRegressions */, + DC52ED631D80D4CD00B0A59C /* iOSsecuritydRegressions */, + DC52EDA61D80D58400B0A59C /* secdRegressions */, + DC52EDFD1D80D6DD00B0A59C /* SharedRegressions */, + DC0BCBD91D8C648C00070CB0 /* regressionBase */, + DC0BCC211D8C684F00070CB0 /* utilities */, + DC0BCCF41D8C694700070CB0 /* utilitiesRegressions */, + DC0BC9C81D8B824700070CB0 /* security_ssl */, + DC0BCA131D8B82B000070CB0 /* security_ssl_regressions */, + DC8834011D8A218F00CE0ACA /* ASN1_not_installed */, + DC71D99F1D95BA6C0065FB93 /* ASN1 */, + DC59E9AC1D91C9DC001BDDF5 /* DER_not_installed */, + DC71D9E41D95BB0A0065FB93 /* DER */, + DC59EA0E1D91CA15001BDDF5 /* DERUtils */, + DCF782BA1D88B44300E694BB /* ==== macOS Libraries ====== */, + DCF7830A1D88B4DE00E694BB /* security_apple_csp */, + DCF785021D88B95500E694BB /* security_apple_cspdl */, + DCF788341D88C8C400E694BB /* security_apple_file_dl */, + DCF788471D88CA7200E694BB /* security_apple_x509_cl */, + DCF788AB1D88CD2400E694BB /* security_apple_x509_tp */, + DCB340661D8A24DF0054D16E /* security_authorization */, + DCB3408E1D8A267C0054D16E /* security_cdsa_client */, + DCB341301D8A2A010054D16E /* security_cdsa_plugin */, + DCB3417B1D8A2B860054D16E /* security_cdsa_utilities */, + DC0BC5851D8B70E700070CB0 /* security_cdsa_utils */, + DC0BC5B01D8B71FD00070CB0 /* security_checkpw */, + DCD067781D8CDF19007602F1 /* security_codesigning */, + DC0BC5E21D8B742200070CB0 /* security_comcryption */, + DC0BC5F81D8B752B00070CB0 /* security_cryptkit */, + DC0BC7451D8B771600070CB0 /* security_cssm */, + DC0BC8981D8B7CBD00070CB0 /* security_filedb */, + DCB3423A1D8A32820054D16E /* security_keychain */, + DCB343AD1D8A34FD0054D16E /* security_keychain_regressions */, + DC0BC8CC1D8B7DA200070CB0 /* security_manifest */, + DC0BC8F91D8B7E8000070CB0 /* security_mds */, + DC0BC92E1D8B7F6A00070CB0 /* security_ocspd */, + DC0BC9661D8B810A00070CB0 /* security_pkcs12 */, + DC0BC99A1D8B81BE00070CB0 /* security_sd_cspdl */, + DC0BCA791D8B858600070CB0 /* security_transform */, + DC0BCB011D8B894F00070CB0 /* security_translocate */, + DCD06AA91D8E0D53007602F1 /* security_utilities */, + DCF787501D88C86900E694BB /* security_apple_empty */, + DC6A82911D87749900418608 /* securityd_client_macos */, + DC0067921D87876F005AF8DB /* securityd_server_macos */, + DC0067C51D878898005AF8DB /* securityd_ucspc */, + DC8E04951D7F6D80006D80EB /* ========= CLI =========== */, + 4CB740A20A47567C00D641BB /* securitytool_ios */, + DC5ABDC41D832DAB00CF422C /* securitytool_macos */, + DCE4E68A1D7A37FA00AFB96E /* security2tool_macos */, + DC58C4221D77BDEA003C25A4 /* csparser_osx */, + BE442BA018B7FDB800F24DAE /* swcagent */, + 4C52D0B316EFC61E0079966E /* CircleJoinRequested */, + F93C49021AB8FCE00047E01A /* ckcdiagnose.sh */, + EBF374711DC055580065D840 /* security-sysdiagnose */, + DC8E04A11D7F6DFC006D80EB /* ======= Apps ========== */, + DCE4E9101D7F3D5300AFB96E /* Keychain Circle Notification */, + DCE4E8DC1D7F39DB00AFB96E /* Cloud Keychain Utility */, + BE197F2519116FD100BA91D1 /* SharedWebCredentialViewService */, + DC8E049D1D7F6DBC006D80EB /* ==== Test Binaries ======= */, + E7D847CD1C6BE9720025BB44 /* KeychainCircleTests */, + 4C711D5813AFCD0900FE865D /* SecurityDevTests */, + E710C7411331946400F85568 /* SecurityTests */, + DCE4E7311D7A43B500AFB96E /* SecurityTestsOSX */, + DC610AAD1D7910C3002223DE /* gk_reset_check_macos */, + DC610A551D78F9D2002223DE /* codesign_tests_macos */, + DC610A461D78F48F002223DE /* SecTaskTest_macos */, + 5EBE24791B00CCAE0007DB0E /* secacltests */, + 0C0BDB2E175685B000BC1A7E /* secdtests_ios */, + DC610A021D78F129002223DE /* secdtests_macos */, + EB9C1D791BDFD0E000F89272 /* secbackupntest */, + EB425C9E1C65846D000ECE53 /* secbackuptest */, + EB0BC9361C3C791500785842 /* secedumodetest */, + EBCF73F31CE45F9C00BED7CA /* secitemfunctionality */, + EB433A201CC3243600A7EACE /* secitemstresstest */, + EBA9AA7D1CE30E58004E2B68 /* secitemnotifications */, + DCE4E7CB1D7A4AED00AFB96E /* sectests_macos */, + 0C6799F912F7C37C00712919 /* dtlsTests */, + 0C2BCBA81D06401F00ED7A2F /* dtlsEchoClient */, + 0C2BCBBD1D0648D100ED7A2F /* dtlsEchoServer */, + 7913B1FF0D172B3900601FE9 /* sslServer */, + 4C9DE9D11181AC4800CF5C27 /* sslEcdsa */, + 4CE5A54C09C796E100D27A3F /* sslViewer */, + DC59EA361D91CA82001BDDF5 /* parseCert */, + DC59EA521D91CAF0001BDDF5 /* parseCrl */, + DC59EA621D91CB9F001BDDF5 /* parseTicket */, + DC0BC5C51D8B72E700070CB0 /* test-checkpw */, + DC0BC5D51D8B73B000070CB0 /* perf-checkpw */, + DC5AC1351D835D9700CF422C /* ===== Source Gen ===== */, + DC008B451D90CE53004002A3 /* securityd_macos_mig */, + DC6BC26C1D90CFEF00DD57B3 /* securityd_macos_startup */, + DC6BC2751D90D0BE00DD57B3 /* securityd_macos_DTrace */, + DC6BC27C1D90D1EE00DD57B3 /* security_cssm_generator */, + DC82FFE51D90D3F60085674B /* security_utilities_DTrace */, + DC82FFEC1D90D4D20085674B /* security_ocspd_macos_mig */, + DC63CAE81D90D63500C03317 /* libsecurityd_macos_mig */, + DCD067561D8CDCF3007602F1 /* codesigning_DTrace */, + DCD0675B1D8CDD6D007602F1 /* codesigning_SystemPolicy */, + DC8E04AD1D7F6E76006D80EB /* ======= misc ========= */, + E7B01BBD166594AB000485F1 /* SyncDevTest2 */, + 728B56A016D59979008FA3AB /* OTAPKIAssetTool */, + 5E10992419A5E55800A60E2B /* ISACLProtectedItems */, + 5346480017331E1100FE9172 /* KeychainSyncAccountNotification */, + 4381690B1B4EDCBD00C54D58 /* SOSCCAuthPlugin */, + DCD0696B1D8CE1F9007602F1 /* ==== Code Signing ===== */, + DCD06A7B1D8CE32F007602F1 /* All Codesigning */, + DCD0696F1D8CE21C007602F1 /* integrity */, + DCD06A421D8CE281007602F1 /* codehost */, + DCD069661D8CE105007602F1 /* codesigning_RequirementsLanguage */, + DCD06A541D8CE2D5007602F1 /* gkunpack */, + DC3A4B571D91E9FB00E46D4A /* CodeSigningHelper */, + DC8E04A91D7F6E63006D80EB /* === Legacy Targets ===== */, + DCF7889C1D88CB5200E694BB /* plugin_apple_x509_cl */, + EB9C1DAE1BDFD4DE00F89272 /* SecurityBatsTests */, + EBBE20571C21380100B7A639 /* SecurityFeatures */, + 4C541F950F250C3000E508AE /* phase1 */, + EB6A6FA81B90F83A0045DC68 /* phase1_ios */, + EB6A6FB41B90F8C90045DC68 /* phase2 */, + E79EEDE01CD4000C00C2FBFC /* Security_executables */, + 05EF68B519491512007958C3 /* Security_frameworks */, + ); + }; +/* End PBXProject section */ + +/* Begin PBXReferenceProxy section */ + DC1002C91D8E19D70025549C /* libsecurity_cms.a */ = { + isa = PBXReferenceProxy; + fileType = archive.ar; + path = libsecurity_cms.a; + remoteRef = DC1002C81D8E19D70025549C /* PBXContainerItemProxy */; + sourceTree = BUILT_PRODUCTS_DIR; + }; + DC1002CB1D8E19D70025549C /* libsecurity_cms_regressions.a */ = { + isa = PBXReferenceProxy; + fileType = archive.ar; + path = libsecurity_cms_regressions.a; + remoteRef = DC1002CA1D8E19D70025549C /* PBXContainerItemProxy */; + sourceTree = BUILT_PRODUCTS_DIR; + }; + DC1002D31D8E19F20025549C /* security_smime */ = { + isa = PBXReferenceProxy; + fileType = "compiled.mach-o.dylib"; + path = security_smime; + remoteRef = DC1002D21D8E19F20025549C /* PBXContainerItemProxy */; + sourceTree = BUILT_PRODUCTS_DIR; + }; + DC1002D51D8E19F20025549C /* security_smime.framework */ = { + isa = PBXReferenceProxy; + fileType = wrapper.framework; + path = security_smime.framework; + remoteRef = DC1002D41D8E19F20025549C /* PBXContainerItemProxy */; + sourceTree = BUILT_PRODUCTS_DIR; + }; + DC1002D71D8E19F20025549C /* libCMS.a */ = { + isa = PBXReferenceProxy; + fileType = archive.ar; + path = libCMS.a; + remoteRef = DC1002D61D8E19F20025549C /* PBXContainerItemProxy */; + sourceTree = BUILT_PRODUCTS_DIR; + }; + DC1784491D77869A00B50D50 /* libsecurity_smime.a */ = { + isa = PBXReferenceProxy; + fileType = archive.ar; + path = libsecurity_smime.a; + remoteRef = DC1784481D77869A00B50D50 /* PBXContainerItemProxy */; + sourceTree = BUILT_PRODUCTS_DIR; + }; + DC17844B1D77869A00B50D50 /* libsecurity_smime_regressions.a */ = { + isa = PBXReferenceProxy; + fileType = archive.ar; + path = libsecurity_smime_regressions.a; + remoteRef = DC17844A1D77869A00B50D50 /* PBXContainerItemProxy */; + sourceTree = BUILT_PRODUCTS_DIR; + }; + DC5AC0B51D83533400CF422C /* securityd_service */ = { + isa = PBXReferenceProxy; + fileType = "compiled.mach-o.executable"; + path = securityd_service; + remoteRef = DC5AC0B41D83533400CF422C /* PBXContainerItemProxy */; + sourceTree = BUILT_PRODUCTS_DIR; + }; + DC5AC0B71D83533400CF422C /* securitydservicectrl */ = { + isa = PBXReferenceProxy; + fileType = "compiled.mach-o.executable"; + path = securitydservicectrl; + remoteRef = DC5AC0B61D83533400CF422C /* PBXContainerItemProxy */; + sourceTree = BUILT_PRODUCTS_DIR; + }; + DC5AC0B91D83533400CF422C /* libsecuritydservice_client.a */ = { + isa = PBXReferenceProxy; + fileType = archive.ar; + path = libsecuritydservice_client.a; + remoteRef = DC5AC0B81D83533400CF422C /* PBXContainerItemProxy */; + sourceTree = BUILT_PRODUCTS_DIR; + }; + DC5AC0BB1D83533400CF422C /* com.apple.KeyStore.plugin */ = { + isa = PBXReferenceProxy; + fileType = wrapper.cfbundle; + path = com.apple.KeyStore.plugin; + remoteRef = DC5AC0BA1D83533400CF422C /* PBXContainerItemProxy */; + sourceTree = BUILT_PRODUCTS_DIR; + }; +/* End PBXReferenceProxy section */ + +/* Begin PBXResourcesBuildPhase section */ + 4381690A1B4EDCBD00C54D58 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 4C32C0AB0A4975F6002891BD /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 53C0E1FF177FB48A00F8A018 /* CloudKeychain.strings in Resources */, + BE4AC9BA18B8273600B84964 /* SharedWebCredentials.strings in Resources */, + DCEE1E861D93427400DC0EB7 /* com.apple.securityd.plist in Resources */, + EB433A2E1CC325E900A7EACE /* secitemstresstest.entitlements in Resources */, + 4C198F220ACDB4BF00AAB142 /* Certificate.strings in Resources */, + 4C198F230ACDB4BF00AAB142 /* OID.strings in Resources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 4C711D7213AFCD0900FE865D /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 52A23EDD161DEC3F00E271E0 /* Default-568h@2x.png in Resources */, + D4D886E91CEBDD2A00DC7583 /* nist-certs in Resources */, + D4D886BF1CEB9F3B00DC7583 /* ssl-policy-certs in Resources */, + D4EC94FB1CEA482D0083E753 /* si-20-sectrust-policies-data in Resources */, + 0C0C88781CCEC5C400617D1B /* si-82-sectrust-ct-data in Resources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 534647FF17331E1100FE9172 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 5346480817331E1200FE9172 /* InfoPlist.strings in Resources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 5E10992319A5E55800A60E2B /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 5E10995119A5E5CE00A60E2B /* ISProtectedItems.plist in Resources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + BE197F2419116FD100BA91D1 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + BE197F61191173F200BA91D1 /* entitlements.plist in Resources */, + BE197F2C19116FD100BA91D1 /* InfoPlist.strings in Resources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC54F1D8B6D2D00070CB0 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC5681D8B6E3D00070CB0 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC1785031D77873100B50D50 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC1789021D77980500B50D50 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC178A421D77A1F600B50D50 /* FDEPrefs.plist in Resources */, + DC178A471D77A1F600B50D50 /* InfoPlist.strings in Resources */, + DC178A241D77A1E700B50D50 /* cspdl_common.mdsinfo in Resources */, + DC178A2B1D77A1E700B50D50 /* cl_primary.mdsinfo in Resources */, + DC178A451D77A1F600B50D50 /* framework.sb in Resources */, + DC178A2D1D77A1E700B50D50 /* tp_policyOids.mdsinfo in Resources */, + DC178A231D77A1E700B50D50 /* csp_primary.mdsinfo in Resources */, + DC178A411D77A1F500B50D50 /* iToolsTrustedApps.plist in Resources */, + DC178A251D77A1E700B50D50 /* cspdl_csp_capabilities.mdsinfo in Resources */, + DC178A281D77A1E700B50D50 /* dl_common.mdsinfo in Resources */, + DC178A441D77A1F600B50D50 /* SecErrorMessages.strings in Resources */, + DC178A1F1D77A1E700B50D50 /* cssm.mdsinfo in Resources */, + DC178A4B1D77A1F600B50D50 /* authorization.prompts.strings in Resources */, + DC178A2E1D77A1E700B50D50 /* tp_primary.mdsinfo in Resources */, + DC178A211D77A1E700B50D50 /* csp_capabilities_common.mds in Resources */, + DC178A2A1D77A1E700B50D50 /* cl_common.mdsinfo in Resources */, + DC178A271D77A1E700B50D50 /* cspdl_dl_primary.mdsinfo in Resources */, + DC178A4A1D77A1F600B50D50 /* authorization.buttons.strings in Resources */, + DC178A2F1D77A1E700B50D50 /* sd_cspdl_common.mdsinfo in Resources */, + DC178A291D77A1E700B50D50 /* dl_primary.mdsinfo in Resources */, + DC178A261D77A1E700B50D50 /* cspdl_csp_primary.mdsinfo in Resources */, + DC178A221D77A1E700B50D50 /* csp_common.mdsinfo in Resources */, + DC178A431D77A1F600B50D50 /* SecDebugErrorMessages.strings in Resources */, + DC178A481D77A1F600B50D50 /* TimeStampingPrefs.plist in Resources */, + DC178A201D77A1E700B50D50 /* csp_capabilities.mdsinfo in Resources */, + DC178A2C1D77A1E700B50D50 /* tp_common.mdsinfo in Resources */, + DC178A491D77A1F600B50D50 /* authorization.dfr.prompts-BBBAA77A32-C4EBFEA440.strings in Resources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC3A4B561D91E9FB00E46D4A /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC58C4211D77BDEA003C25A4 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E76B1D7A43B500AFB96E /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCE4E76D1D7A43B500AFB96E /* nist-certs in Resources */, + DCE4E76E1D7A43B500AFB96E /* ssl-policy-certs in Resources */, + DCE4E76F1D7A43B500AFB96E /* si-20-sectrust-policies-data in Resources */, + DCE4E7701D7A43B500AFB96E /* si-82-sectrust-ct-data in Resources */, + DCE4E7B41D7A43DC00AFB96E /* si-82-sectrust-ct-logs.plist in Resources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E8921D7F34F600AFB96E /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E8DB1D7F39DB00AFB96E /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCE4E9081D7F3A4800AFB96E /* Icon.icns in Resources */, + DCE4E90A1D7F3A4800AFB96E /* Credits.rtf in Resources */, + DCE4E9091D7F3A4800AFB96E /* InfoPlist.strings in Resources */, + DC0B62301D909C4600D43BCB /* MainMenu.xib in Resources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E90F1D7F3D5300AFB96E /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCE4E9491D7F3E8E00AFB96E /* Localizable.strings in Resources */, + DCE4E94A1D7F3E8E00AFB96E /* com.apple.security.keychain-circle-notification.plist in Resources */, + DCE4E94B1D7F3E8E00AFB96E /* InfoPlist.strings in Resources */, + DC0B622F1D909C4600D43BCB /* MainMenu.xib in Resources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF7889B1D88CB5200E694BB /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCF788A71D88CB7400E694BB /* cl_primary.mdsinfo in Resources */, + DCF788A61D88CB7000E694BB /* cl_common.mdsinfo in Resources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + E710C7401331946400F85568 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 52A23EDC161DEC3800E271E0 /* Default-568h@2x.png in Resources */, + D4D886EA1CEBDE0800DC7583 /* nist-certs in Resources */, + D4D886C01CEB9F7200DC7583 /* ssl-policy-certs in Resources */, + D4EC94FE1CEA48760083E753 /* si-20-sectrust-policies-data in Resources */, + 0C0C88791CCEC5C500617D1B /* si-82-sectrust-ct-data in Resources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + E7B01BE3166594AB000485F1 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + E7D847C31C6BE9710025BB44 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + E7D847CC1C6BE9720025BB44 /* Resources */ = { + isa = PBXResourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXResourcesBuildPhase section */ + +/* Begin PBXShellScriptBuildPhase section */ + 22C002A21AC9D2D100B3469E /* ShellScript */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 8; + files = ( + ); + inputPaths = ( + ); + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 1; + shellPath = /bin/sh; + shellScript = "if [ -n \"${OTAPKIASSETTOOL_LAUNCHD_PLIST}\" ]; then\n mkdir -p \"$LAUNCHD_PLIST_INSTALL_DIR\"\n plutil -convert binary1 -o \"$LAUNCHD_PLIST_INSTALL_DIR/com.apple.OTAPKIAssetTool.plist\" \"$OTAPKIASSETTOOL_LAUNCHD_PLIST\"\nfi"; + showEnvVarsInLog = 0; + }; + 5EE098DE1CD21661009FCA27 /* Unifdef RC_HIDE_J79/J80 */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputPaths = ( + ); + name = "Unifdef RC_HIDE_J79/J80"; + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "if [ -d $DSTROOT ]; then\n RC_HIDE_J79_VAL=0\n RC_HIDE_J80_VAL=0\n SEC_HDRS_PATH=\"System/Library/Frameworks/Security.framework/Headers\"\n\n if [ ! -z $RC_HIDE_J79 ]; then\n RC_HIDE_J79_VAL=1\n fi\n\n if [ ! -z $RC_HIDE_J80 ]; then\n RC_HIDE_J80_VAL=1\n fi\n\n if [ -a $DSTROOT/$SEC_HDRS_PATH/SecAccessControl.h ]; then\n unifdef -B -DRC_HIDE_J79=$RC_HIDE_J79_VAL -DRC_HIDE_J80=$RC_HIDE_J80_VAL -o $DSTROOT/$SEC_HDRS_PATH/SecAccessControl.h $DSTROOT/$SEC_HDRS_PATH/SecAccessControl.h\n if [$? eq 2]; then\n exit 2\n fi\n fi\n\n if [ -a $DSTROOT/$SEC_HDRS_PATH/SecItem.h ]; then\n unifdef -B -DRC_HIDE_J79=$RC_HIDE_J79_VAL -DRC_HIDE_J80=$RC_HIDE_J80_VAL -o $DSTROOT/$SEC_HDRS_PATH/SecItem.h $DSTROOT/$SEC_HDRS_PATH/SecItem.h\n if [$? eq 2]; then\n exit 2\n fi\n fi\n\n exit 0\nfi"; + showEnvVarsInLog = 0; + }; + 8E64DAF81C17BA620076C9DF /* Install launchd plist */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 8; + files = ( + ); + inputPaths = ( + "$(PROJECT_DIR)/KeychainSyncingOverIDSProxy/com.apple.security.keychainsyncingoveridsproxy.ios.plist", + "$(PROJECT_DIR)/KeychainSyncingOverIDSProxy/com.apple.security.keychainsyncingoveridsproxy.osx.plist", + ); + name = "Install launchd plist"; + outputPaths = ( + "$(INSTALL_ROOT)/$(INSTALL_DAEMON_AGENT_DIR)/com.apple.security.keychainsyncingoveridsproxy.plist", + ); + runOnlyForDeploymentPostprocessing = 1; + shellPath = /bin/sh; + shellScript = "PLIST_FILE_NAME=com.apple.security.keychainsyncingoveridsproxy\nFILE_TO_COPY=${PROJECT_DIR}/KeychainSyncingOverIDSProxy/${PLIST_FILE_NAME}.ios.plist\n\nif [ ${PLATFORM_NAME} = \"macosx\" ]\nthen\n FILE_TO_COPY=${PROJECT_DIR}/KeychainSyncingOverIDSProxy/${PLIST_FILE_NAME}.osx.plist\nfi\n\ncp ${FILE_TO_COPY} ${INSTALL_ROOT}/${INSTALL_DAEMON_AGENT_DIR}/${PLIST_FILE_NAME}.plist"; + }; + 8E64DB4E1C18A5B80076C9DF /* Install launchd plist */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 8; + files = ( + ); + inputPaths = ( + "$(PROJECT_DIR)/KVSKeychainSyncingProxy/com.apple.security.cloudkeychainproxy3.ios.plist", + "$(PROJECT_DIR)/KVSKeychainSyncingProxy/com.apple.security.cloudkeychainproxy3.osx.plist", + ); + name = "Install launchd plist"; + outputPaths = ( + "$(INSTALL_ROOT)/$(INSTALL_DAEMON_AGENT_DIR)/com.apple.security.cloudkeychainproxy3.plist", + ); + runOnlyForDeploymentPostprocessing = 1; + shellPath = /bin/sh; + shellScript = "PLIST_FILE_NAME=com.apple.security.cloudkeychainproxy3\nFILE_TO_COPY=${PROJECT_DIR}/KVSKeychainSyncingProxy/${PLIST_FILE_NAME}.ios.plist\n\nif [ ${PLATFORM_NAME} = \"macosx\" ]\nthen\nFILE_TO_COPY=${PROJECT_DIR}/KVSKeychainSyncingProxy/${PLIST_FILE_NAME}.osx.plist\nfi\n\ncp ${FILE_TO_COPY} ${INSTALL_ROOT}/${INSTALL_DAEMON_AGENT_DIR}/${PLIST_FILE_NAME}.plist"; + }; + DC008B581D90CE70004002A3 /* securityd mig */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputPaths = ( + "${SRCROOT}/securityd/mig/self.defs", + ); + name = "securityd mig"; + outputPaths = ( + "${BUILT_PRODUCTS_DIR}/derived_src/self.h", + "${BUILT_PRODUCTS_DIR}/derived_src/selfUser.cpp", + "${BUILT_PRODUCTS_DIR}/derived_src/selfServer.cpp", + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "mkdir -p ${BUILT_PRODUCTS_DIR}/derived_src\n\nxcrun mig -isysroot \"${SDKROOT}\" \\\n-server ${BUILT_PRODUCTS_DIR}/derived_src/selfServer.cpp \\\n-user ${BUILT_PRODUCTS_DIR}/derived_src/selfUser.cpp \\\n-header ${BUILT_PRODUCTS_DIR}/derived_src/self.h \\\n${SRCROOT}/securityd/mig/self.defs\n"; + }; + DC0BC5BF1D8B725C00070CB0 /* Install PAM Config */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 8; + files = ( + ); + inputPaths = ( + "${PROJECT_DIR}/OSX/libsecurity_checkpw/checkpw.pam", + ); + name = "Install PAM Config"; + outputPaths = ( + "${DSTROOT}/private/etc/pam.d/checkpw.pam", + ); + runOnlyForDeploymentPostprocessing = 1; + shellPath = /bin/sh; + shellScript = "name=checkpw\n\nmkdir -p \"${DSTROOT}/private/etc/pam.d/\"\ncp \"${PROJECT_DIR}/OSX/libsecurity_checkpw/checkpw.pam\" \"${DSTROOT}/private/etc/pam.d/${name}\""; + }; + DC1788D81D7793C000B50D50 /* Unifdef RC_HIDE_J79/J80 */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputPaths = ( + ); + name = "Unifdef RC_HIDE_J79/J80"; + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "if [ -d $DSTROOT ]; then\nRC_HIDE_J79_VAL=0\nRC_HIDE_J80_VAL=0\nSEC_HDRS_PATH=\"System/Library/Frameworks/Security.framework/Headers\"\n\nif [ ! -z $RC_HIDE_J79 ]; then\nRC_HIDE_J79_VAL=1\nfi\n\nif [ ! -z $RC_HIDE_J80 ]; then\nRC_HIDE_J80_VAL=1\nfi\n\nif [ -a $DSTROOT/$SEC_HDRS_PATH/SecAccessControl.h ]; then\nunifdef -B -DRC_HIDE_J79=$RC_HIDE_J79_VAL -DRC_HIDE_J80=$RC_HIDE_J80_VAL -o $DSTROOT/$SEC_HDRS_PATH/SecAccessControl.h $DSTROOT/$SEC_HDRS_PATH/SecAccessControl.h\nif [$? eq 2]; then\nexit 2\nfi\nfi\n\nif [ -a $DSTROOT/$SEC_HDRS_PATH/SecItem.h ]; then\nunifdef -B -DRC_HIDE_J79=$RC_HIDE_J79_VAL -DRC_HIDE_J80=$RC_HIDE_J80_VAL -o $DSTROOT/$SEC_HDRS_PATH/SecItem.h $DSTROOT/$SEC_HDRS_PATH/SecItem.h\nif [$? eq 2]; then\nexit 2\nfi\nfi\n\nexit 0\nfi"; + showEnvVarsInLog = 0; + }; + DC1789A71D779E7E00B50D50 /* Run Script Generate Strings */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputPaths = ( + "${BUILT_PRODUCTS_DIR}/Security.framework/Headers/Authorization.h", + "${BUILT_PRODUCTS_DIR}/Security.framework/Headers/AuthSession.h", + "${BUILT_PRODUCTS_DIR}/Security.framework/Headers/SecureTransport.h", + "${BUILT_PRODUCTS_DIR}/Security.framework/Headers/SecBase.h", + "${BUILT_PRODUCTS_DIR}/Security.framework/Headers/cssmerr.h", + "${BUILT_PRODUCTS_DIR}/Security.framework/Headers/cssmapple.h", + "${BUILT_PRODUCTS_DIR}/Security.framework/Headers/CSCommon.h", + "${BUILT_PRODUCTS_DIR}/Security.framework/PrivateHeaders/AuthorizationPriv.h", + "${PROJECT_DIR}/libsecurity_keychain/lib/MacOSErrorStrings.h", + "${BUILT_PRODUCTS_DIR}/Security.framework/PrivateHeaders/SecureTransportPriv.h", + ); + name = "Run Script Generate Strings"; + outputPaths = ( + "${BUILT_PRODUCTS_DIR}/derived_src/SecDebugErrorMessages.strings", + "${BUILT_PRODUCTS_DIR}/derived_src/en.lproj/SecErrorMessages.strings", + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "set -x\n\nDERIVED_SRC=${BUILT_PRODUCTS_DIR}/derived_src\nmkdir -p ${DERIVED_SRC}\n\n# make error message string files\n\nGENDEBUGSTRS[0]=YES; ERRORSTRINGS[0]=${DERIVED_SRC}/SecDebugErrorMessages.strings\nGENDEBUGSTRS[1]=NO ; ERRORSTRINGS[1]=${DERIVED_SRC}/en.lproj/SecErrorMessages.strings\n\nmkdir -p ${DERIVED_SRC}/en.lproj\n\nfor ((ix=0;ix<2;ix++)) ; do\nperl OSX/lib/generateErrStrings.pl \\\n${GENDEBUGSTRS[ix]} \\\n${DERIVED_SRC} \\\n${ERRORSTRINGS[ix]} \\\n${BUILT_PRODUCTS_DIR}/Security.framework/Headers/Authorization.h \\\n${BUILT_PRODUCTS_DIR}/Security.framework/Headers/AuthSession.h \\\n${BUILT_PRODUCTS_DIR}/Security.framework/Headers/SecureTransport.h \\\n${BUILT_PRODUCTS_DIR}/Security.framework/Headers/SecBase.h \\\n${BUILT_PRODUCTS_DIR}/Security.framework/Headers/cssmerr.h \\\n${BUILT_PRODUCTS_DIR}/Security.framework/Headers/cssmapple.h \\\n${BUILT_PRODUCTS_DIR}/Security.framework/Headers/CSCommon.h \\\n${BUILT_PRODUCTS_DIR}/Security.framework/PrivateHeaders/AuthorizationPriv.h \\\n${PROJECT_DIR}/OSX/libsecurity_keychain/lib/MacOSErrorStrings.h \\\n${BUILT_PRODUCTS_DIR}/Security.framework/PrivateHeaders/SecureTransportPriv.h\ndone\n"; + }; + DC178B481D77A51600B50D50 /* Run Script Copy XPC Service */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputPaths = ( + ); + name = "Run Script Copy XPC Service"; + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "if [ ! -h ${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}/XPCServices ]; then\nln -s Versions/Current/XPCServices ${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}/XPCServices\nfi\n\nexit 0"; + }; + DC58C4381D77BE5E003C25A4 /* ShellScript */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputPaths = ( + ); + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "cd ${BUILT_PRODUCTS_DIR}/Security.framework\n/bin/ln -sF Versions/Current/PlugIns PlugIns\nexit 0"; + showEnvVarsInLog = 0; + }; + DC63CAE91D90D63500C03317 /* libsecurityd mig */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputPaths = ( + "${PROJECT_DIR}/mig/ss_types.defs", + "${PROJECT_DIR}/mig/ucsp.defs", + "${PROJECT_DIR}/mig/ucspNotify.defs", + "${PROJECT_DIR}/mig/cshosting.defs", + ); + name = "libsecurityd mig"; + outputPaths = ( + "${BUILT_PRODUCTS_DIR}/derived_src/securityd_client/ucsp.h", + "${BUILT_PRODUCTS_DIR}/derived_src/securityd_client/ucspServer.cpp", + "${BUILT_PRODUCTS_DIR}/derived_src/securityd_client/ucspClient.cpp", + "${BUILT_PRODUCTS_DIR}/derived_src/securityd_client/ucspNotify.h", + "${BUILT_PRODUCTS_DIR}/derived_src/securityd_client/ucspNotifyReceiver.cpp", + "${BUILT_PRODUCTS_DIR}/derived_src/securityd_client/ucspNotifySender.cpp", + "${BUILT_PRODUCTS_DIR}/derived_src/securityd_client/cshosting.h", + "${BUILT_PRODUCTS_DIR}/derived_src/securityd_client/cshostingServer.cpp", + "${BUILT_PRODUCTS_DIR}/derived_src/securityd_client/cshostingClient.cpp", + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "\nmkdir -p ${BUILT_PRODUCTS_DIR}/derived_src/securityd_client\n\nxcrun mig -isysroot \"${SDKROOT}\" \\\n-server ${BUILT_PRODUCTS_DIR}/derived_src/securityd_client/ucspServer.cpp \\\n-user ${BUILT_PRODUCTS_DIR}/derived_src/securityd_client/ucspClient.cpp \\\n-header ${BUILT_PRODUCTS_DIR}/derived_src/securityd_client/ucsp.h \\\n${PROJECT_DIR}/OSX/libsecurityd/mig/ucsp.defs\n\ncp ${BUILT_PRODUCTS_DIR}/derived_src/securityd_client/ucspClient.cpp ${BUILT_PRODUCTS_DIR}/derived_src/securityd_client/ucspClientC.c\n\nxcrun mig -isysroot \"${SDKROOT}\" \\\n-server ${BUILT_PRODUCTS_DIR}/derived_src/securityd_client/ucspNotifyReceiver.cpp \\\n-user ${BUILT_PRODUCTS_DIR}/derived_src/securityd_client/ucspNotifySender.cpp \\\n-header ${BUILT_PRODUCTS_DIR}/derived_src/securityd_client/ucspNotify.h \\\n${PROJECT_DIR}/OSX/libsecurityd/mig/ucspNotify.defs\n\nxcrun mig -isysroot \"${SDKROOT}\" \\\n-server ${BUILT_PRODUCTS_DIR}/derived_src/securityd_client/cshostingServer.cpp \\\n-user ${BUILT_PRODUCTS_DIR}/derived_src/securityd_client/cshostingClient.cpp \\\n-header ${BUILT_PRODUCTS_DIR}/derived_src/securityd_client/cshosting.h \\\n${PROJECT_DIR}/OSX/libsecurityd/mig/cshosting.defs"; + }; + DC6BC2761D90D0BE00DD57B3 /* securityd DTrace */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputPaths = ( + "${SRCROOT}/securityd/src/securityd.d", + ); + name = "securityd DTrace"; + outputPaths = ( + $BUILT_PRODUCTS_DIR/derived_src/securityd_dtrace.h, + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "mkdir -p $BUILT_PRODUCTS_DIR/derived_src\n/usr/sbin/dtrace -h -C -s ${SRCROOT}/securityd/src/securityd.d -o $BUILT_PRODUCTS_DIR/derived_src/securityd_dtrace.h"; + }; + DC6BC27D1D90D1EE00DD57B3 /* cssm generator */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputPaths = ( + "$(PROJECT_DIR)/OSX/libsecurity_cssm/lib/generator.cfg", + "$(PROJECT_DIR)/OSX/libsecurity_cssm/lib/generator.pl", + "$(SRCROOT)/OSX/libsecurity_cssm/lib/cssmapi.h", + "$(SRCROOT)/OSX/libsecurity_cssm/lib/cssmaci.h", + "$(SRCROOT)/OSX/libsecurity_cssm/lib/cssmcspi.h", + "$(SRCROOT)/OSX/libsecurity_cssm/lib/cssmdli.h", + "$(SRCROOT)/OSX/libsecurity_cssm/lib/cssmcli.h", + "$(SRCROOT)/OSX/libsecurity_cssm/lib/cssmtpi.h", + ); + name = "cssm generator"; + outputPaths = ( + "${BUILT_PRODUCTS_DIR}/derived_src/cssmexports.gen", + "${BUILT_PRODUCTS_DIR}/derived_src/funcnames.gen", + "$(DERIVED_FILE_DIR)/${BUILT_PRODUCTS_DIR}/derived_src/generator.rpt", + "${BUILT_PRODUCTS_DIR}/derived_src/transition.gen", + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "TARGET=${BUILT_PRODUCTS_DIR}/derived_src\nCONFIG=${PROJECT_DIR}/OSX/libsecurity_cssm/lib/generator.cfg\n\nmkdir -p ${TARGET}\n/usr/bin/perl ${PROJECT_DIR}/OSX/libsecurity_cssm/lib/generator.pl ${SRCROOT}/OSX/libsecurity_cssm/lib/ ${CONFIG} ${TARGET}"; + }; + DC71D9FE1D95BB5B0065FB93 /* Why is this here? */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 8; + files = ( + ); + inputPaths = ( + "$(SRCROOT)/OSX/libsecurity_asn1/lib/SecAsn1Coder.h", + ); + name = "Why is this here?"; + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 1; + shellPath = /bin/sh; + shellScript = "# The build system requires that we don't install these headers and .as in multiple phases.\n# This target will install libASN1 (as needed per platform).\n\n# If you make changes to this target, please make them to ASN1_not_installed as well."; + showEnvVarsInLog = 0; + }; + DC71D9FF1D95BCDF0065FB93 /* Why is this here? */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 8; + files = ( + ); + inputPaths = ( + "$(SRCROOT)/OSX/libsecurity_asn1/lib/SecAsn1Coder.h", + ); + name = "Why is this here?"; + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 1; + shellPath = /bin/sh; + shellScript = "# The build system requires that we don't install these headers and .as in multiple phases.\n# This target will not install anything, so feel free to depend on it whenever you use it.\n\n# If you make changes to this target, please make them to ASN1 as well."; + showEnvVarsInLog = 0; + }; + DC71DA001D95BD320065FB93 /* Why is this here? */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 8; + files = ( + ); + inputPaths = ( + "$(SRCROOT)/OSX/libsecurity_keychain/libDER/libDER/libDER.h", + ); + name = "Why is this here?"; + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 1; + shellPath = /bin/sh; + shellScript = "# The build system requires that we don't install these headers and .as in multiple phases. This target will install libDER (as needed per platform).\n\n# If you make changes to this target, please make them to DER_not_installed as well."; + showEnvVarsInLog = 0; + }; + DC71DA011D95BD670065FB93 /* Why is this here? */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 8; + files = ( + ); + inputPaths = ( + "$(SRCROOT)/OSX/libsecurity_keychain/libDER/libDER/libDER.h", + ); + name = "Why is this here?"; + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 1; + shellPath = /bin/sh; + shellScript = "# The build system requires that we don't install these headers and .as in multiple phases.\n# This target will not install anything, so feel free to depend on it whenever you use it.\n\n# If you make changes to this target, please make them to DER as well."; + showEnvVarsInLog = 0; + }; + DC82FFE61D90D3F60085674B /* security_utilities DTrace */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputPaths = ( + "${PROJECT_DIR}/OSX/libsecurity_utilities/lib/security_utilities.d", + ); + name = "security_utilities DTrace"; + outputPaths = ( + "${BUILT_PRODUCTS_DIR}/derived_src/security_utilities/utilities_dtrace.h", + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "mkdir -p ${BUILT_PRODUCTS_DIR}/derived_src/security_utilities/\n\n/usr/sbin/dtrace -h -C -s ${PROJECT_DIR}/OSX/libsecurity_utilities/lib/security_utilities.d -o ${BUILT_PRODUCTS_DIR}/derived_src/security_utilities/utilities_dtrace.h"; + }; + DC82FFED1D90D4D20085674B /* ocspd mig */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputPaths = ( + "${PROJECT_DIR}/OSX/libsecurity_ocspd/mig/ocspd.defs", + ); + name = "ocspd mig"; + outputPaths = ( + $BUILT_PRODUCTS_DIR/derived_src/security_ocspd/ocspd_server.cpp, + $BUILT_PRODUCTS_DIR/derived_src/security_ocspd/ocspd_server.cpp, + $BUILT_PRODUCTS_DIR/derived_src/security_ocspd/ocspd.h, + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "mkdir -p ${DERIVED_SRC}\n\nxcrun mig -isysroot \"${SDKROOT}\" \\\n-server $BUILT_PRODUCTS_DIR/derived_src/security_ocspd/ocspd_server.cpp \\\n-user $BUILT_PRODUCTS_DIR/derived_src/security_ocspd/ocspd_client.cpp \\\n-header $BUILT_PRODUCTS_DIR/derived_src/security_ocspd/ocspd.h \\\n${PROJECT_DIR}/OSX/libsecurity_ocspd/mig/ocspd.defs"; + }; + DCB342301D8A2C0E0054D16E /* Produce Schemas */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputPaths = ( + "$(SRCROOT)/OSX/libsecurity_cdsa_utilities/lib/KeySchema.m4", + "$(SRCROOT)/OSX/libsecurity_cdsa_utilities/lib/Schema.m4", + ); + name = "Produce Schemas"; + outputPaths = ( + $BUILT_PRODUCTS_DIR/derived_src/KeySchema.cpp, + $BUILT_PRODUCTS_DIR/derived_src/Schema.cpp, + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "TARGET=$BUILT_PRODUCTS_DIR/derived_src/KeySchema.cpp\nmkdir -p $BUILT_PRODUCTS_DIR/derived_src\n/usr/bin/m4 ${PROJECT_DIR}/OSX/libsecurity_cdsa_utilities/lib/KeySchema.m4 > $TARGET.new\ncmp -s $TARGET.new $TARGET || mv $TARGET.new $TARGET\nTARGET=$BUILT_PRODUCTS_DIR/derived_src/Schema.cpp\n/usr/bin/m4 ${PROJECT_DIR}/OSX/libsecurity_cdsa_utilities/lib/Schema.m4 > $TARGET.new\ncmp -s $TARGET.new $TARGET || mv $TARGET.new $TARGET"; + }; + DCD0675A1D8CDCFD007602F1 /* ShellScript */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputPaths = ( + $PROJECT_DIR/OSX/libsecurity_codesigning/lib/security_codesigning.d, + ); + outputPaths = ( + "$(BUILT_PRODUCTS_DIR)/cstemp/codesigning_dtrace.h", + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "mkdir -p ${BUILT_PRODUCTS_DIR}/cstemp\n/usr/sbin/dtrace -h -C -s $PROJECT_DIR/OSX/libsecurity_codesigning/lib/security_codesigning.d -o ${BUILT_PRODUCTS_DIR}/cstemp/codesigning_dtrace.h\n"; + }; + DCD0675C1D8CDD6D007602F1 /* Make SystemPolicy */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputPaths = ( + "$(PROJECT_DIR)/OSX/libsecurity_codesigning/lib/syspolicy.sql", + ); + name = "Make SystemPolicy"; + outputPaths = ( + "$(BUILT_PRODUCTS_DIR)/cstemp/SystemPolicy", + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "mkdir -p \"$(dirname \"$SCRIPT_OUTPUT_FILE_0\")\"\nrm -f \"$SCRIPT_OUTPUT_FILE_0\"\nsqlite3 \"$SCRIPT_OUTPUT_FILE_0\" <$SRCROOT/OSX/libsecurity_codesigning/lib/RequirementKeywords.h\n"; + }; + E7E0C6D11C90E87D00E69A21 /* chmod BATS Tests */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 8; + files = ( + ); + inputPaths = ( + "", + ); + name = "chmod BATS Tests"; + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 1; + shellPath = /bin/sh; + shellScript = "chown root:wheel ${DSTROOT}/AppleInternal/CoreOS/BATS/unit_tests/*.plist"; + showEnvVarsInLog = 0; + }; + EBC15E801BE29A8C001C0C5B /* Chown BATS plist */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 8; + files = ( + ); + inputPaths = ( + ); + name = "Chown BATS plist"; + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 1; + shellPath = /bin/sh; + shellScript = "chown root:wheel ${DSTROOT}/AppleInternal/CoreOS/BATS/unit_tests/*.plist"; + showEnvVarsInLog = 0; + }; +/* End PBXShellScriptBuildPhase section */ + +/* Begin PBXSourcesBuildPhase section */ + 0C0BDB2B175685B000BC1A7E /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 0C0BDB32175685B000BC1A7E /* main.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 0C2BCBAD1D06401F00ED7A2F /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 0C2BCBBA1D06403B00ED7A2F /* dtlsEchoClient.c in Sources */, + 0C2BCBAF1D06401F00ED7A2F /* ioSock.c in Sources */, + 0C2BCBB01D06401F00ED7A2F /* sslAppUtils.cpp in Sources */, + DC52EBC51D80CEBA00B0A59C /* print_cert.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 0C2BCBC21D0648D100ED7A2F /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 0C2BCBCF1D0648EF00ED7A2F /* dtlsEchoServer.c in Sources */, + 0C2BCBC41D0648D100ED7A2F /* ioSock.c in Sources */, + 0C2BCBC51D0648D100ED7A2F /* sslAppUtils.cpp in Sources */, + DC52EBC41D80CEBA00B0A59C /* print_cert.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 438169081B4EDCBD00C54D58 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 438169E31B4EDEE200C54D58 /* SOSCCAuthPlugin.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 4C32C0AC0A4975F6002891BD /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 18F7F67914D77F4400F88A12 /* NtlmGenerator.c in Sources */, + 18F7F67A14D77F4400F88A12 /* ntlmBlobPriv.c in Sources */, + 18F7F67C14D77F5000F88A12 /* SecTask.c in Sources */, + E7B00700170B581D00B27966 /* Security.exp-in in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 4C52D0B016EFC61E0079966E /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 4C3DD6B0179755560093F9D8 /* NSDate+TimeIntervalDescription.m in Sources */, + 4C52D0E816EFCCA30079966E /* NSArray+map.m in Sources */, + 4C52D0E716EFCCA20079966E /* Applicant.m in Sources */, + 4CC3D29D178F698D0070FCC4 /* PersistentState.m in Sources */, + 4C52D0BA16EFC61E0079966E /* CircleJoinRequested.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 4C711D6313AFCD0900FE865D /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 4CC92B1D15A3BF2F00C6D578 /* testmain.c in Sources */, + 0C78F1CD16A5E1BF00654E08 /* sectask-10-sectask.c in Sources */, + 0C78F1CF16A5E1BF00654E08 /* sectask_ipc.defs in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 4C9DE9CF1181AC4800CF5C27 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 4C9DE9E31181AC8300CF5C27 /* sslEcdsa.cpp in Sources */, + 4C9DEAAD1181B39300CF5C27 /* ioSock.c in Sources */, + 4C9DEAB11181B39800CF5C27 /* sslAppUtils.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 4CB740A00A47567C00D641BB /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + E7104A0C169E171900DB0045 /* security_tool_commands.c in Sources */, + E78A9ADA1D34959200006B5B /* NSFileHandle+Formatting.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 4CE5A54A09C796E100D27A3F /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 4CE5A55B09C7970A00D27A3F /* SSLViewer.c in Sources */, + 4CE5A66009C79E0600D27A3F /* ioSock.c in Sources */, + 4CE5A66109C79E0600D27A3F /* sslAppUtils.cpp in Sources */, + DC52EA9C1D80CC8300B0A59C /* print_cert.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 52D82BDA16A621F70078DFE5 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + E7C787201DCA4D430087FC34 /* CKDAKSLockMonitor.m in Sources */, + DC55329B1DDAA28600B6A6A7 /* XPCNotificationDispatcher.m in Sources */, + E7A5F4D21C0CFF7900F3BEBB /* CKDKVSProxy.m in Sources */, + E7B945B31CFE5EBD0027F31D /* CKDSecuritydAccount.m in Sources */, + E7A5F4D51C0CFF7900F3BEBB /* cloudkeychainproxy.m in Sources */, + E7A5F4D81C0D01B000F3BEBB /* SOSCloudKeychainConstants.c in Sources */, + E722E9121CE92DFC005AD94B /* CKDKVSStore.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 534647FD17331E1100FE9172 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 5346481E173322BD00FE9172 /* KeychainSyncAccountNotification.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 5E10992119A5E55800A60E2B /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 5E10995219A5E5CE00A60E2B /* ISProtectedItemsController.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 5EBE24761B00CCAE0007DB0E /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 5EBE247D1B00CCAE0007DB0E /* main.c in Sources */, + 5E4E05A41B0CA0FD001C4A31 /* sec_acl_stress.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 728B569D16D59979008FA3AB /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 72CD2BBE16D59AE30064EEE1 /* OTAServiceApp.m in Sources */, + 72CD2BBF16D59AE30064EEE1 /* OTAServicemain.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 790851B30CA9859F0083CC4D /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 790851D40CA9B19D0083CC4D /* server.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 7913B2000D172B3900601FE9 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 7913B2020D172B3900601FE9 /* ioSock.c in Sources */, + 7913B2030D172B3900601FE9 /* sslAppUtils.cpp in Sources */, + 7913B2050D172B3900601FE9 /* sslServer.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + BE197F2219116FD100BA91D1 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + BE197F5E191173A800BA91D1 /* SWCViewController.m in Sources */, + BE197F3219116FD100BA91D1 /* SWCAppDelegate.m in Sources */, + BE197F2E19116FD100BA91D1 /* main.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + BE442BAB18B7FDB800F24DAE /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + BE4AC9A218B7FFAD00B84964 /* swcagent.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + CD276C231A83F60C003226BC /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + CD23B49E1DA06EB40047EDE9 /* IDSPersistentState.m in Sources */, + CD23B4A01DA06EB40047EDE9 /* IDSProxy.m in Sources */, + CD23B4A11DA06EB40047EDE9 /* keychainsyncingoveridsproxy.m in Sources */, + CD23B4A31DA06EB40047EDE9 /* KeychainSyncingOverIDSProxy+ReceiveMessage.m in Sources */, + CD23B4A51DA06EB40047EDE9 /* KeychainSyncingOverIDSProxy+SendMessage.m in Sources */, + CD23B4A71DA06EB40047EDE9 /* KeychainSyncingOverIDSProxy+Throttle.m in Sources */, + E7A5F5591C0D052600F3BEBB /* SOSCloudKeychainConstants.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0067A81D87876F005AF8DB /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0067C21D8787A4005AF8DB /* ucspNotifyReceiver.cpp in Sources */, + DC0067C11D87879D005AF8DB /* ucspServer.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0067C91D878898005AF8DB /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0067D11D8788B7005AF8DB /* ucspClientC.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC54D1D8B6D2D00070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC5611D8B6D6000070CB0 /* main.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC5641D8B6E3D00070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC5741D8B6E7700070CB0 /* main-tsa.m in Sources */, + DC0BC5751D8B6E7700070CB0 /* timestampclient.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC5871D8B70E700070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC5A81D8B711000070CB0 /* cuPem.cpp in Sources */, + DC0BC5A21D8B711000070CB0 /* cuEnc64.c in Sources */, + DC0BC59E1D8B711000070CB0 /* cuCdsaUtils.cpp in Sources */, + DC0BC5A01D8B711000070CB0 /* cuDbUtils.cpp in Sources */, + DC0BC5A61D8B711000070CB0 /* cuOidParser.cpp in Sources */, + DC0BC5AA1D8B711000070CB0 /* cuPrintCert.cpp in Sources */, + DC0BC5AC1D8B711000070CB0 /* cuTimeStr.cpp in Sources */, + DC0BC5A41D8B711000070CB0 /* cuFileIo.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC5B21D8B71FD00070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC5BC1D8B723500070CB0 /* checkpw.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC5C21D8B72E700070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC5CF1D8B730D00070CB0 /* test-checkpw.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC5D81D8B73B000070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC5D91D8B73B000070CB0 /* test-checkpw.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC5E41D8B742200070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC5F11D8B745700070CB0 /* comcryption.c in Sources */, + DC0BC5F31D8B745700070CB0 /* comcryptPriv.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC5FA1D8B752B00070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC6661D8B755200070CB0 /* CryptKitAsn1.cpp in Sources */, + DC0BC6681D8B755200070CB0 /* CryptKitDER.cpp in Sources */, + DC0BC6981D8B755200070CB0 /* HmacSha1Legacy.c in Sources */, + DC0BC6511D8B755200070CB0 /* byteRep.c in Sources */, + DC0BC65D1D8B755200070CB0 /* ckSHA1.c in Sources */, + DC0BC6611D8B755200070CB0 /* ckutilities.c in Sources */, + DC0BC66C1D8B755200070CB0 /* curveParams.c in Sources */, + DC0BC6701D8B755200070CB0 /* elliptic.c in Sources */, + DC0BC6731D8B755200070CB0 /* ellipticProj.c in Sources */, + DC0BC6751D8B755200070CB0 /* enc64.c in Sources */, + DC0BC6771D8B755200070CB0 /* engineNSA127.c in Sources */, + DC0BC6781D8B755200070CB0 /* falloc.c in Sources */, + DC0BC67C1D8B755200070CB0 /* feeDES.c in Sources */, + DC0BC67E1D8B755200070CB0 /* feeDigitalSignature.c in Sources */, + DC0BC6801D8B755200070CB0 /* feeECDSA.c in Sources */, + DC0BC6821D8B755200070CB0 /* feeFEED.c in Sources */, + DC0BC6841D8B755200070CB0 /* feeFEEDExp.c in Sources */, + DC0BC6871D8B755200070CB0 /* feeHash.c in Sources */, + DC0BC6891D8B755200070CB0 /* feePublicKey.c in Sources */, + DC0BC68C1D8B755200070CB0 /* feeRandom.c in Sources */, + DC0BC68F1D8B755200070CB0 /* giantIntegers.c in Sources */, + DC0BC6931D8B755200070CB0 /* giantPort_PPC.c in Sources */, + DC0BC6961D8B755200070CB0 /* giantPort_PPC_Gnu.s in Sources */, + DC0BC69A1D8B755200070CB0 /* platform.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC7471D8B771600070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC79D1D8B773000070CB0 /* attachment.cpp in Sources */, + DC0BC7AE1D8B773000070CB0 /* modloader.cpp in Sources */, + DC0BC79F1D8B773000070CB0 /* cspattachment.cpp in Sources */, + DC0BC7A21D8B773000070CB0 /* cssmcontext.cpp in Sources */, + DC0BC7B21D8B773000070CB0 /* oidsalg.c in Sources */, + DC0BC7AA1D8B773000070CB0 /* modload_plugin.cpp in Sources */, + DC0BC7B41D8B773000070CB0 /* oidscrl.cpp in Sources */, + DC0BC79B1D8B773000070CB0 /* attachfactory.cpp in Sources */, + DC0BC7A51D8B773000070CB0 /* cssmmds.cpp in Sources */, + DC0BC7AC1D8B773000070CB0 /* modload_static.cpp in Sources */, + DC0BC7B51D8B773000070CB0 /* transition.cpp in Sources */, + DC0BC7A11D8B773000070CB0 /* cssm.cpp in Sources */, + DC0BC7B31D8B773000070CB0 /* oidscert.cpp in Sources */, + DC0BC7B01D8B773000070CB0 /* module.cpp in Sources */, + DC0BC7A71D8B773000070CB0 /* guids.cpp in Sources */, + DC0BC7A81D8B773000070CB0 /* manager.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC89A1D8B7CBD00070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC8BC1D8B7CFF00070CB0 /* DbQuery.cpp in Sources */, + DC0BC8B81D8B7CFF00070CB0 /* AtomicFile.cpp in Sources */, + DC0BC8B61D8B7CFF00070CB0 /* AppleDatabase.cpp in Sources */, + DC0BC8C21D8B7CFF00070CB0 /* MetaRecord.cpp in Sources */, + DC0BC8BA1D8B7CFF00070CB0 /* DbIndex.cpp in Sources */, + DC0BC8BE1D8B7CFF00070CB0 /* DbValue.cpp in Sources */, + DC0BC8C51D8B7CFF00070CB0 /* SelectionPredicate.cpp in Sources */, + DC0BC8C01D8B7CFF00070CB0 /* MetaAttribute.cpp in Sources */, + DC0BC8C71D8B7CFF00070CB0 /* ReadWriteSection.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC8CE1D8B7DA200070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC8EF1D8B7DD000070CB0 /* ManifestSigner.cpp in Sources */, + DC0BC8F11D8B7DD000070CB0 /* Manifest.cpp in Sources */, + DC0BC8F41D8B7DD000070CB0 /* SecManifest.cpp in Sources */, + DC0BC8E91D8B7DD000070CB0 /* SecureDownloadInternal.c in Sources */, + DC0BC8E71D8B7DCF00070CB0 /* SecureDownload.cpp in Sources */, + DC0BC8ED1D8B7DD000070CB0 /* ManifestInternal.cpp in Sources */, + DC0BC8E51D8B7DCF00070CB0 /* Download.cpp in Sources */, + DC0BC8EB1D8B7DD000070CB0 /* AppleManifest.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC8FB1D8B7E8000070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC9201D8B7EA700070CB0 /* MDSDictionary.cpp in Sources */, + DC0BC91E1D8B7EA700070CB0 /* MDSDatabase.cpp in Sources */, + DC0BC9181D8B7EA700070CB0 /* MDSAttrParser.cpp in Sources */, + DC0BC9241D8B7EA700070CB0 /* MDSSchema.cpp in Sources */, + DC0BC9221D8B7EA700070CB0 /* MDSModule.cpp in Sources */, + DC0BC91C1D8B7EA700070CB0 /* MDSAttrUtils.cpp in Sources */, + DC0BC91A1D8B7EA700070CB0 /* MDSAttrStrings.cpp in Sources */, + DC0BC9261D8B7EA700070CB0 /* MDSSession.cpp in Sources */, + DC0BC9171D8B7EA700070CB0 /* mdsapi.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC9301D8B7F6A00070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC95B1D8B7FFE00070CB0 /* ocspd_client.cpp in Sources */, + DC0BC9461D8B7FA700070CB0 /* ocspdDbSchema.cpp in Sources */, + DC0BC9581D8B7FFE00070CB0 /* ocspd.defs in Sources */, + DC0BC94A1D8B7FA700070CB0 /* ocspResponse.cpp in Sources */, + DC0BC95A1D8B7FFE00070CB0 /* ocspd_server.cpp in Sources */, + DC0BC94F1D8B7FE000070CB0 /* ocspdClient.cpp in Sources */, + DC0BC9481D8B7FA700070CB0 /* ocspExtensions.cpp in Sources */, + DC0BC9421D8B7FA700070CB0 /* ocspdUtils.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC9681D8B810A00070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC9881D8B813800070CB0 /* pkcs12Crypto.cpp in Sources */, + DC0BC9921D8B813800070CB0 /* pkcs12Utils.cpp in Sources */, + DC0BC98B1D8B813800070CB0 /* pkcs12Decode.cpp in Sources */, + DC0BC9841D8B813800070CB0 /* pkcs12BagAttrs.cpp in Sources */, + DC0BC9861D8B813800070CB0 /* pkcs12Coder.cpp in Sources */, + DC0BC98C1D8B813800070CB0 /* pkcs12Encode.cpp in Sources */, + DC0BC9961D8B813800070CB0 /* SecPkcs12.cpp in Sources */, + DC0BC98E1D8B813800070CB0 /* pkcs12SafeBag.cpp in Sources */, + DC0BC98D1D8B813800070CB0 /* pkcs12Keychain.cpp in Sources */, + DC0BC9941D8B813800070CB0 /* pkcs7Templates.cpp in Sources */, + DC0BC9901D8B813800070CB0 /* pkcs12Templates.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC99C1D8B81BE00070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC9BE1D8B81EF00070CB0 /* SDCSPSession.cpp in Sources */, + DC0BC9B81D8B81EF00070CB0 /* SDCSPDLDatabase.cpp in Sources */, + DC0BC9C01D8B81EF00070CB0 /* SDDLSession.cpp in Sources */, + DC0BC9B51D8B81EF00070CB0 /* SDContext.cpp in Sources */, + DC0BC9BC1D8B81EF00070CB0 /* SDCSPDLSession.cpp in Sources */, + DC0BC9C21D8B81EF00070CB0 /* SDFactory.cpp in Sources */, + DC0BC9C41D8B81EF00070CB0 /* SDKey.cpp in Sources */, + DC0BC9BA1D8B81EF00070CB0 /* SDCSPDLPlugin.cpp in Sources */, + DC0BC9B71D8B81EF00070CB0 /* SDCSPDLBuiltin.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BC9CA1D8B824700070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BC9FA1D8B827200070CB0 /* sslRecord.c in Sources */, + DC0BC9F91D8B827200070CB0 /* sslContext.c in Sources */, + DC0BC9FC1D8B827200070CB0 /* tlsCallbacks.c in Sources */, + DC0BC9F71D8B827200070CB0 /* SSLRecordInternal.c in Sources */, + DC0BC9F61D8B827200070CB0 /* sslKeychain.c in Sources */, + DC0BCA111D8B827200070CB0 /* sslMemory.c in Sources */, + DC0BC9FB1D8B827200070CB0 /* sslTransport.c in Sources */, + DC0BC9F81D8B827200070CB0 /* sslCipherSpecs.c in Sources */, + DC0BCA101D8B827200070CB0 /* sslCrypto.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BCA151D8B82B000070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BCA721D8B82CD00070CB0 /* ssl-utils.c in Sources */, + DC0BCA6D1D8B82CD00070CB0 /* ssl-52-noconn.c in Sources */, + DC0BCA661D8B82CD00070CB0 /* ssl-45-tls12.c in Sources */, + DC0BCA691D8B82CD00070CB0 /* ssl-48-split.c in Sources */, + DC0BCA6F1D8B82CD00070CB0 /* ssl-54-dhe.c in Sources */, + DC0BCA651D8B82CD00070CB0 /* ssl-44-crashes.c in Sources */, + DC0BCA621D8B82CD00070CB0 /* ssl-41-clientauth.c in Sources */, + DC0BCA631D8B82CD00070CB0 /* ssl-42-ciphers.c in Sources */, + DC0BCA701D8B82CD00070CB0 /* ssl-55-sessioncache.c in Sources */, + DC0BCA671D8B82CD00070CB0 /* ssl-46-SSLGetSupportedCiphers.c in Sources */, + DC0BCA641D8B82CD00070CB0 /* ssl-43-ciphers.c in Sources */, + DC0BCA6C1D8B82CD00070CB0 /* ssl-51-state.c in Sources */, + DC0BCA6A1D8B82CD00070CB0 /* ssl-49-sni.c in Sources */, + DC0BCA6B1D8B82CD00070CB0 /* ssl-50-server.c in Sources */, + DC0BCA711D8B82CD00070CB0 /* ssl-56-renegotiate.c in Sources */, + DC0BCA6E1D8B82CD00070CB0 /* ssl-53-clientauth.c in Sources */, + DC0BCA601D8B82CD00070CB0 /* ssl-39-echo.c in Sources */, + DC0BCA681D8B82CD00070CB0 /* ssl-47-falsestart.c in Sources */, + DC0BCA611D8B82CD00070CB0 /* ssl-40-clientauth.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BCA7B1D8B858600070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BCAC71D8B85BC00070CB0 /* c++utils.cpp in Sources */, + DC0BCAEF1D8B85BC00070CB0 /* Source.cpp in Sources */, + DC0BCACE1D8B85BC00070CB0 /* EncryptTransform.cpp in Sources */, + DC0BCAE81D8B85BC00070CB0 /* SecSignVerifyTransform.c in Sources */, + DC0BCAD21D8B85BC00070CB0 /* GroupTransform.cpp in Sources */, + DC0BCADD1D8B85BC00070CB0 /* SecCustomTransform.cpp in Sources */, + DC0BCAFA1D8B85BC00070CB0 /* SecExternalSourceTransform.cpp in Sources */, + DC0BCAF11D8B85BC00070CB0 /* StreamSource.cpp in Sources */, + DC0BCAE41D8B85BC00070CB0 /* SecGroupTransform.cpp in Sources */, + DC0BCAD61D8B85BC00070CB0 /* misc.c in Sources */, + DC0BCAE31D8B85BC00070CB0 /* SecEncryptTransform.cpp in Sources */, + DC0BCACA1D8B85BC00070CB0 /* Digest.cpp in Sources */, + DC0BCAC11D8B85BC00070CB0 /* SecMaskGenerationFunctionTransform.c in Sources */, + DC0BCAD41D8B85BC00070CB0 /* LinkedList.cpp in Sources */, + DC0BCAC81D8B85BC00070CB0 /* CoreFoundationBasics.cpp in Sources */, + DC0BCAED1D8B85BC00070CB0 /* SingleShotSource.cpp in Sources */, + DC0BCACF1D8B85BC00070CB0 /* CEncryptDecrypt.c in Sources */, + DC0BCAE61D8B85BC00070CB0 /* SecNullTransform.cpp in Sources */, + DC0BCADA1D8B85BC00070CB0 /* NullTransform.cpp in Sources */, + DC0BCACC1D8B85BC00070CB0 /* EncodeDecodeTransforms.c in Sources */, + DC0BCAEA1D8B85BC00070CB0 /* SecTransform.cpp in Sources */, + DC0BCAF31D8B85BC00070CB0 /* Transform.cpp in Sources */, + DC0BCAF51D8B85BC00070CB0 /* TransformFactory.cpp in Sources */, + DC0BCAD11D8B85BC00070CB0 /* EncryptTransformUtilities.cpp in Sources */, + DC0BCAFC1D8B85BC00070CB0 /* SecTransformReadTransform.cpp in Sources */, + DC0BCAD81D8B85BC00070CB0 /* Monitor.cpp in Sources */, + DC0BCADF1D8B85BC00070CB0 /* SecDigestTransform.cpp in Sources */, + DC0BCAC41D8B85BC00070CB0 /* SecCollectTransform.cpp in Sources */, + DC0BCAF71D8B85BC00070CB0 /* Utilities.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BCB031D8B894F00070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BCB2B1D8B898100070CB0 /* SecTranslocate.cpp in Sources */, + DC0BCB271D8B898100070CB0 /* SecTranslocateShared.cpp in Sources */, + DC0BCB241D8B898100070CB0 /* SecTranslocateLSNotification.cpp in Sources */, + DC0BCB2C1D8B898100070CB0 /* SecTranslocateUtilities.cpp in Sources */, + DC0BCB221D8B898100070CB0 /* SecTranslocateDANotification.cpp in Sources */, + DC0BCB281D8B898100070CB0 /* SecTranslocateServer.cpp in Sources */, + DC0BCB2E1D8B898100070CB0 /* SecTranslocateInterface.cpp in Sources */, + DC0BCB1D1D8B898100070CB0 /* SecTranslocateClient.cpp in Sources */, + DC0BCB1F1D8B898100070CB0 /* SecTranslocateXPCServer.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BCBDA1D8C648C00070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BCC0D1D8C64B500070CB0 /* test-00-test.c in Sources */, + DC0BCC161D8C64B600070CB0 /* testcert.c in Sources */, + DC0BCC141D8C64B600070CB0 /* testmore.c in Sources */, + DC0BCC121D8C64B600070CB0 /* testenv.m in Sources */, + DC0BCC191D8C64B600070CB0 /* testpolicy.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BCC221D8C684F00070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BCD8D1D8C6A1E00070CB0 /* debugging.c in Sources */, + DC0BCD961D8C6A1E00070CB0 /* der_dictionary.c in Sources */, + DC0BCD751D8C6A1E00070CB0 /* iCloudKeychainTrace.c in Sources */, + DC0BCD821D8C6A1E00070CB0 /* SecCFWrappers.c in Sources */, + EB4B6E201DC0682A00AFC494 /* SecADWrapper.c in Sources */, + DC0BCD941D8C6A1E00070CB0 /* der_date.c in Sources */, + DC0BCD9F1D8C6A1F00070CB0 /* fileIo.c in Sources */, + DC0BCDA81D8C6A1F00070CB0 /* SecFileLocations.c in Sources */, + DC0BCDA61D8C6A1F00070CB0 /* SecDb.c in Sources */, + DC0BCD7B1D8C6A1E00070CB0 /* SecCoreCrypto.c in Sources */, + DC0BCDAF1D8C6A1F00070CB0 /* SecAppleAnchor.c in Sources */, + DC0BCDA41D8C6A1F00070CB0 /* iOSforOSX-SecAttr.c in Sources */, + DC0BCD881D8C6A1E00070CB0 /* SecTrace.c in Sources */, + DC0BCD9A1D8C6A1F00070CB0 /* der_plist_internal.c in Sources */, + DC0BCDAE1D8C6A1F00070CB0 /* SecSCTUtils.c in Sources */, + DC0BCD971D8C6A1E00070CB0 /* der_number.c in Sources */, + DC0BCDA51D8C6A1F00070CB0 /* iOSforOSX-SecRandom.c in Sources */, + DC0BCD841D8C6A1E00070CB0 /* SecCFError.c in Sources */, + DC0BCD981D8C6A1F00070CB0 /* der_plist.c in Sources */, + DC0BCD7D1D8C6A1E00070CB0 /* SecCertificateTrace.c in Sources */, + DC0BCD771D8C6A1E00070CB0 /* SecAKSWrappers.c in Sources */, + DC0BCD901D8C6A1E00070CB0 /* der_array.c in Sources */, + DC0BCD7F1D8C6A1E00070CB0 /* SecCFCCWrappers.c in Sources */, + E7C787351DD0FEF90087FC34 /* NSURL+SOSPlistStore.m in Sources */, + DC0BCD9E1D8C6A1F00070CB0 /* der_string.c in Sources */, + DC0BCD911D8C6A1E00070CB0 /* der_boolean.c in Sources */, + DC0BCD931D8C6A1E00070CB0 /* der_data.c in Sources */, + DC0BCD921D8C6A1E00070CB0 /* der_null.c in Sources */, + DC0BCD9C1D8C6A1F00070CB0 /* der_set.c in Sources */, + DC0BCDAC1D8C6A1F00070CB0 /* simulate_crash.c in Sources */, + DC0BCD791D8C6A1E00070CB0 /* SecBuffer.c in Sources */, + DC0BCDAB1D8C6A1F00070CB0 /* SecXPCError.c in Sources */, + DC0BCDB51D8C6A5B00070CB0 /* not_on_this_platorm.c in Sources */, + DC65E7C01D8CBB1500152EF0 /* readline.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC0BCCF51D8C694700070CB0 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC0BCD6C1D8C69A000070CB0 /* su-12-cfboolean-der.c in Sources */, + DC0BCD701D8C69A000070CB0 /* su-17-cfset-der.c in Sources */, + DC0BCD731D8C69A000070CB0 /* su-41-secdb-stress.c in Sources */, + DC0BCD6A1D8C69A000070CB0 /* su-10-cfstring-der.c in Sources */, + DC0BCD6D1D8C69A000070CB0 /* su-13-cfnumber-der.c in Sources */, + DC0BCD6E1D8C69A000070CB0 /* su-14-cfarray-der.c in Sources */, + DC0BCD721D8C69A000070CB0 /* su-40-secdb.c in Sources */, + DC0BCD6B1D8C69A000070CB0 /* su-11-cfdata-der.c in Sources */, + DC0BCD691D8C69A000070CB0 /* su-08-secbuffer.c in Sources */, + DC0BCD6F1D8C69A000070CB0 /* su-15-cfdictionary-der.c in Sources */, + DC0BCD671D8C69A000070CB0 /* su-05-cfwrappers.c in Sources */, + DC0BCD711D8C69A000070CB0 /* su-16-cfdate-der.c in Sources */, + DC0BCD681D8C69A000070CB0 /* su-07-debugging.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC1788FF1D77980500B50D50 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCDF0A4F1D81D76F007AF174 /* Security.exp-in in Sources */, + DC1789A51D779E3B00B50D50 /* dummy.cpp in Sources */, + DC1789A21D779DF400B50D50 /* SecBreadcrumb.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC3A4B541D91E9FB00E46D4A /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC3A4B641D91EADC00E46D4A /* main.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52E7741D80BC8000B0A59C /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + D46F31631E00CCD20065B550 /* SecCertificateSource.c in Sources */, + DC52E7DD1D80BD5500B0A59C /* OTATrustUtilities.c in Sources */, + DC52E7DF1D80BD8700B0A59C /* SOSChangeTracker.c in Sources */, + D46F315A1E00A27D0065B550 /* SecTrustLoggingServer.c in Sources */, + DC52E7C61D80BCBA00B0A59C /* SOSCloudCircleServer.c in Sources */, + DC52E7CF1D80BCFD00B0A59C /* SOSEngine.c in Sources */, + DC52E7D91D80BD3C00B0A59C /* SecCAIssuerCache.c in Sources */, + DC52E7D81D80BD3800B0A59C /* SecCAIssuerRequest.c in Sources */, + DC52E7C41D80BCAD00B0A59C /* SecDbItem.c in Sources */, + DC52E7D31D80BD1800B0A59C /* SecDbKeychainItem.c in Sources */, + DC52E7CC1D80BCDF00B0A59C /* SecDbQuery.c in Sources */, + DC52E7CB1D80BCD800B0A59C /* SecItemBackupServer.c in Sources */, + DC52E7CD1D80BCE700B0A59C /* SecItemDataSource.c in Sources */, + DC52E7DE1D80BD7F00B0A59C /* SecItemDb.c in Sources */, + DC52E7E01D80BD8D00B0A59C /* SecItemSchema.c in Sources */, + DC52E7D71D80BD2D00B0A59C /* SecItemServer.c in Sources */, + DC52E7CE1D80BCF800B0A59C /* SecKeybagSupport.c in Sources */, + DC52E7E11D80BD9300B0A59C /* SecLogSettingsServer.c in Sources */, + DC52E7D51D80BD2300B0A59C /* SecOCSPCache.c in Sources */, + DC52E7D21D80BD1200B0A59C /* SecOCSPRequest.c in Sources */, + DC52E7D11D80BD0C00B0A59C /* SecOCSPResponse.c in Sources */, + DC52E7DC1D80BD4F00B0A59C /* SecOTRRemote.c in Sources */, + DC52E7D01D80BD0200B0A59C /* SecPolicyServer.c in Sources */, + DC52E7CA1D80BCD300B0A59C /* SecTrustServer.c in Sources */, + DC52E7C81D80BCC600B0A59C /* SecTrustStoreServer.c in Sources */, + DC52E7D61D80BD2800B0A59C /* SecuritydXPC.c in Sources */, + DC52E7DB1D80BD4A00B0A59C /* asynchttp.c in Sources */, + DC52E7D41D80BD1D00B0A59C /* iCloudTrace.c in Sources */, + DC52E7C91D80BCCB00B0A59C /* nameconstraints.c in Sources */, + DC52E7C31D80BCA600B0A59C /* personalization.c in Sources */, + DC52E7DA1D80BD4400B0A59C /* policytree.c in Sources */, + BEE523D61DA610F500DD0AA3 /* SecRevocationDb.c in Sources */, + DC52E7C71D80BCBE00B0A59C /* spi.c in Sources */, + DC52E7C51D80BCB300B0A59C /* swcagent_client.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52E88B1D80C1EB00B0A59C /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC52E8BB1D80C21700B0A59C /* client.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52E8BF1D80C25800B0A59C /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 48BC0F6A1DFA357000DDDFF9 /* accountCirclesViewsPrint.c in Sources */, + 48E617211DBEC6BA0098EAAD /* SOSBackupInformation.c in Sources */, + DC52E8F11D80C34000B0A59C /* SOSAccount.c in Sources */, + DC52E8F31D80C34000B0A59C /* SOSAccountBackup.c in Sources */, + DC52E8F41D80C34000B0A59C /* SOSAccountCircles.c in Sources */, + DCDCC7E51D9B5526006487E8 /* SOSAccountSync.c in Sources */, + DC52E8F61D80C34000B0A59C /* SOSAccountCloudParameters.c in Sources */, + DC52E8F71D80C34000B0A59C /* SOSAccountCredentials.c in Sources */, + DC52E8F81D80C34000B0A59C /* SOSAccountDer.c in Sources */, + 485B64111DC16ED600B771B9 /* SOSKeyedPubKeyIdentifier.c in Sources */, + DC52E8F91D80C34000B0A59C /* SOSAccountFullPeerInfo.c in Sources */, + DC52E8F51D80C34000B0A59C /* SOSAccountHSAJoin.c in Sources */, + DC52E8FC1D80C34000B0A59C /* SOSAccountLog.c in Sources */, + DC52E8FA1D80C34000B0A59C /* SOSAccountPeers.c in Sources */, + DC52E8FB1D80C34000B0A59C /* SOSAccountPersistence.c in Sources */, + DC52E8FF1D80C34000B0A59C /* SOSAccountRingUpdate.c in Sources */, + DC52E8FE1D80C34000B0A59C /* SOSAccountRings.c in Sources */, + 48776C7E1DA5BB7600CC09B9 /* SOSRingRecovery.c in Sources */, + DC52E8F21D80C34000B0A59C /* SOSAccountTransaction.c in Sources */, + DC52E8FD1D80C34000B0A59C /* SOSAccountUpdate.c in Sources */, + DC52E9001D80C34000B0A59C /* SOSAccountViewSync.c in Sources */, + DC52E9011D80C34000B0A59C /* SOSBackupEvent.c in Sources */, + DC52E9021D80C34000B0A59C /* SOSBackupSliceKeyBag.c in Sources */, + DC52E8E41D80C33000B0A59C /* SOSCircle.c in Sources */, + DC52E8E61D80C33000B0A59C /* SOSCircleDer.c in Sources */, + DC52E8E51D80C33000B0A59C /* SOSCircleV2.c in Sources */, + DC3C789B1D83854700F6A832 /* SOSCloudKeychainConstants.c in Sources */, + DC52E9E31D80CAFE00B0A59C /* SOSCloudKeychainClient.c in Sources */, + DC52E8DD1D80C31F00B0A59C /* SOSCoder.c in Sources */, + DC52E8DE1D80C31F00B0A59C /* SOSDigestVector.c in Sources */, + DC52E8D11D80C30500B0A59C /* SOSECWrapUnwrap.c in Sources */, + DC52E8D51D80C31500B0A59C /* SOSFullPeerInfo.c in Sources */, + DC52E8E71D80C33000B0A59C /* SOSGenCount.c in Sources */, + DC52E8D41D80C30500B0A59C /* SOSInternal.c in Sources */, + DC52E8C71D80C2FD00B0A59C /* SOSKVSKeys.c in Sources */, + DC52E8E01D80C31F00B0A59C /* SOSManifest.c in Sources */, + DC52E8E11D80C31F00B0A59C /* SOSMessage.c in Sources */, + DC52E8E21D80C31F00B0A59C /* SOSPeer.c in Sources */, + DC52E8E31D80C31F00B0A59C /* SOSPeerCoder.c in Sources */, + DC52E8D61D80C31500B0A59C /* SOSPeerInfo.c in Sources */, + DC52E8D91D80C31500B0A59C /* SOSPeerInfoCollections.c in Sources */, + DC52E8D71D80C31500B0A59C /* SOSPeerInfoDER.c in Sources */, + 48776C7A1DA5BB4C00CC09B9 /* SOSRecoveryKeyBag.c in Sources */, + DC52E8DA1D80C31500B0A59C /* SOSPeerInfoRingState.c in Sources */, + DC52E8DB1D80C31500B0A59C /* SOSPeerInfoSecurityProperties.c in Sources */, + DC52E8D81D80C31500B0A59C /* SOSPeerInfoV2.c in Sources */, + DCFAEDCF1D999859005187E4 /* SOSAccountGhost.c in Sources */, + DC52E8E81D80C33000B0A59C /* SOSRingBackup.c in Sources */, + E7E5B55F1DC7ACAE00C03FFB /* SOSAccountGetSet.c in Sources */, + DC52E8E91D80C33000B0A59C /* SOSRingBasic.c in Sources */, + DC52E8EA1D80C33000B0A59C /* SOSRingConcordanceTrust.c in Sources */, + EB6928F91D9ED5BA00062A18 /* SecRecoveryKey.m in Sources */, + DC52E8EB1D80C33000B0A59C /* SOSRingDER.c in Sources */, + 48776C811DA5BC0E00CC09B9 /* SOSAccountRecovery.c in Sources */, + DC52E8EC1D80C33000B0A59C /* SOSRingPeerInfoUtils.c in Sources */, + DC52E8ED1D80C33000B0A59C /* SOSRingTypes.c in Sources */, + DC52E8EE1D80C33000B0A59C /* SOSRingUtils.c in Sources */, + DC52E8EF1D80C33000B0A59C /* SOSRingV0.c in Sources */, + DC52E8D31D80C30500B0A59C /* SOSSysdiagnose.c in Sources */, + DC52E8C81D80C2FD00B0A59C /* SOSTransport.c in Sources */, + DC52E8C91D80C2FD00B0A59C /* SOSTransportBackupPeer.c in Sources */, + DC52E8CA1D80C2FD00B0A59C /* SOSTransportCircle.c in Sources */, + DC52E8CB1D80C2FD00B0A59C /* SOSTransportCircleKVS.c in Sources */, + DC52E8CC1D80C2FD00B0A59C /* SOSTransportKeyParameter.c in Sources */, + DC52E8CD1D80C2FD00B0A59C /* SOSTransportKeyParameterKVS.c in Sources */, + DC52E8CE1D80C2FD00B0A59C /* SOSTransportMessage.c in Sources */, + DC52E8CF1D80C2FD00B0A59C /* SOSTransportMessageIDS.c in Sources */, + DC52E8D01D80C2FD00B0A59C /* SOSTransportMessageKVS.c in Sources */, + DC52E9031D80C34000B0A59C /* SOSUserKeygen.c in Sources */, + DC52E8F01D80C33000B0A59C /* SOSViews.c in Sources */, + DC52E9E21D80C62D00B0A59C /* secToolFileIO.c in Sources */, + DC52E9051D80C36A00B0A59C /* secViewDisplay.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EA451D80CB7000B0A59C /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC52EAA21D80CCB200B0A59C /* keychain_backup.c in Sources */, + DC52EAA11D80CCAC00B0A59C /* SecurityTool.c in Sources */, + DC52EAA01D80CCA700B0A59C /* whoami.m in Sources */, + DC52EA9F1D80CCA100B0A59C /* digest_calc.c in Sources */, + DC52EA9E1D80CC9B00B0A59C /* leaks.c in Sources */, + DC52EA9D1D80CC9700B0A59C /* syncbubble.m in Sources */, + DC52EBC31D80CEBA00B0A59C /* print_cert.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EBC71D80CEF100B0A59C /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 48BC0F6B1DFA357200DDDFF9 /* accountCirclesViewsPrint.c in Sources */, + DC52EC1E1D80CF6700B0A59C /* verify_cert.c in Sources */, + DC52EC1D1D80CF6200B0A59C /* keychain_util.c in Sources */, + DC52EC1C1D80CF5D00B0A59C /* add_internet_password.c in Sources */, + DC52EC1B1D80CF5600B0A59C /* codesign.c in Sources */, + DC52EC1A1D80CF5100B0A59C /* keychain_add.c in Sources */, + DC52EC191D80CF4C00B0A59C /* keychain_find.c in Sources */, + DC52EC181D80CF4700B0A59C /* log_control.c in Sources */, + DC52EC171D80CF4200B0A59C /* pkcs12_util.c in Sources */, + DC52EC161D80CF3B00B0A59C /* scep.c in Sources */, + DC52EC151D80CF0B00B0A59C /* show_certificates.c in Sources */, + DC52EC141D80CF0500B0A59C /* spc.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EC221D80CFB200B0A59C /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 0C0CECA41DA45ED700C22FBC /* recovery_key.m in Sources */, + DC52EC3B1D80CFE900B0A59C /* syncbackup.c in Sources */, + DC52EC3A1D80CFE400B0A59C /* keychain_log.c in Sources */, + DC52EC391D80CFDF00B0A59C /* secViewDisplay.c in Sources */, + DC52EC381D80CFDB00B0A59C /* secToolFileIO.c in Sources */, + DC52EC371D80CFD400B0A59C /* keychain_sync_test.m in Sources */, + DC52EC361D80CFD000B0A59C /* keychain_sync.c in Sources */, + DC3C7C901D83957F00F6A832 /* NSFileHandle+Formatting.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EC3F1D80D00800B0A59C /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC52EC4F1D80D02400B0A59C /* SecuritydXPC.c in Sources */, + DC52EC4E1D80D01F00B0A59C /* swcagent_client.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EC531D80D05200B0A59C /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC52EC5D1D80D06300B0A59C /* SecLogging.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EC611D80D0C400B0A59C /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC52EC7B1D80D15600B0A59C /* sc-30-peerinfo.c in Sources */, + DC52EC7A1D80D15200B0A59C /* sc-40-circle.c in Sources */, + DC52EC791D80D14D00B0A59C /* sc-45-digestvector.c in Sources */, + DC52EC781D80D14800B0A59C /* SOSRegressionUtilities.c in Sources */, + DC52EC771D80D14400B0A59C /* sc-130-resignationticket.c in Sources */, + DC52EC761D80D13F00B0A59C /* sc-150-ring.c in Sources */, + DC52EC751D80D13B00B0A59C /* sc-42-circlegencount.c in Sources */, + DC52EC741D80D13500B0A59C /* SOSTestDataSource.c in Sources */, + DC52EC731D80D12E00B0A59C /* sc-20-keynames.c in Sources */, + DC52EC721D80D12900B0A59C /* sc-150-backupkeyderivation.c in Sources */, + DC52EC711D80D12200B0A59C /* sc-153-backupslicekeybag.c in Sources */, + DC52EC701D80D11C00B0A59C /* sc-140-hsa2.c in Sources */, + DC52EC6F1D80D11800B0A59C /* sc-25-soskeygen.c in Sources */, + DC52EC6E1D80D0F700B0A59C /* SOSTestDevice.c in Sources */, + DC52EC6D1D80D0F100B0A59C /* sc-31-peerinfo-simplefuzz.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EC7F1D80D1A800B0A59C /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC52ECE81D80D2FA00B0A59C /* pbkdf2-00-hmac-sha1.c in Sources */, + DC52ECE91D80D2FA00B0A59C /* spbkdf-00-hmac-sha1.c in Sources */, + DC52ECE11D80D2F000B0A59C /* otr-00-identity.c in Sources */, + DC52ECE21D80D2F000B0A59C /* otr-30-negotiation.c in Sources */, + DC52ECE31D80D2F000B0A59C /* otr-40-edgecases.c in Sources */, + DC52ECE41D80D2F000B0A59C /* otr-50-roll.c in Sources */, + DC52ECE51D80D2F000B0A59C /* otr-60-slowroll.c in Sources */, + DC52ECE61D80D2F000B0A59C /* otr-otrdh.c in Sources */, + DC52ECE71D80D2F000B0A59C /* otr-packetdata.c in Sources */, + DC52EC9B1D80D22600B0A59C /* si-00-find-nothing.c in Sources */, + DC52EC9C1D80D22600B0A59C /* si-05-add.c in Sources */, + DC52EC9D1D80D22600B0A59C /* si-10-find-internet.c in Sources */, + DC52EC9E1D80D22600B0A59C /* si-11-update-data.c in Sources */, + DC52EC9F1D80D22600B0A59C /* si-12-item-stress.c in Sources */, + DC52ECA01D80D22600B0A59C /* si-13-item-system.m in Sources */, + DC52ECA11D80D22600B0A59C /* si-14-dateparse.c in Sources */, + DC52ECA21D80D22600B0A59C /* si-15-delete-access-group.m in Sources */, + DC52ECA51D80D22600B0A59C /* si-17-item-system-bluetooth.m in Sources */, + DC52ECB61D80D22600B0A59C /* si-30-keychain-upgrade.c in Sources */, + DC52ECB71D80D22600B0A59C /* si-31-keychain-bad.c in Sources */, + DC52ECB81D80D22600B0A59C /* si-31-keychain-unreadable.c in Sources */, + DC52ECB91D80D22600B0A59C /* si-33-keychain-backup.c in Sources */, + DC52ECBA1D80D22600B0A59C /* si-40-seckey-custom.c in Sources */, + DC52ECBB1D80D22600B0A59C /* si-40-seckey.c in Sources */, + DC52ECBC1D80D22600B0A59C /* si-41-sececkey.c in Sources */, + DC52ECBD1D80D22600B0A59C /* si-42-identity.c in Sources */, + DC52ECBE1D80D22600B0A59C /* si-43-persistent.c in Sources */, + DC52ECC31D80D22600B0A59C /* si-50-secrandom.c in Sources */, + DC52ECC41D80D22600B0A59C /* si-60-cms.c in Sources */, + DC52ECC51D80D22600B0A59C /* si-61-pkcs12.c in Sources */, + DC52ECC71D80D22600B0A59C /* si-63-scep.c in Sources */, + DC52ECC81D80D22600B0A59C /* si-64-ossl-cms.c in Sources */, + DC52ECC91D80D22600B0A59C /* si-65-cms-cert-policy.c in Sources */, + DC52ECCC1D80D22600B0A59C /* si-68-secmatchissuer.c in Sources */, + DC52ECCD1D80D22600B0A59C /* si-69-keydesc.c in Sources */, + DC52ECD01D80D22600B0A59C /* si-72-syncableitems.c in Sources */, + DC52ECD11D80D22600B0A59C /* si-73-secpasswordgenerate.c in Sources */, + DC52ECD31D80D22600B0A59C /* si-76-shared-credentials.c in Sources */, + DC52ECD41D80D22600B0A59C /* si_77_SecAccessControl.c in Sources */, + DC52ECD51D80D22600B0A59C /* si-78-query-attrs.c in Sources */, + DC52ECD61D80D22600B0A59C /* si-80-empty-data.c in Sources */, + DC52ECD91D80D22600B0A59C /* si-82-token-ag.c in Sources */, + DC52ECDD1D80D22600B0A59C /* si-89-cms-hash-agility.c in Sources */, + DC52ECDE1D80D22600B0A59C /* si-90-emcs.m in Sources */, + DC52ECDF1D80D22600B0A59C /* si-95-cms-basic.c in Sources */, + DC52EC981D80D1D100B0A59C /* vmdh-40.c in Sources */, + D4D718351E04A721000AE7A6 /* spbkdf-01-hmac-sha256.c in Sources */, + DC52EC991D80D1D100B0A59C /* vmdh-41-example.c in Sources */, + DC52EC9A1D80D1D100B0A59C /* vmdh-42-example2.c in Sources */, + DC52ECEA1D80D30900B0A59C /* so_01_serverencryption.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52ED641D80D4CD00B0A59C /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC52EDA01D80D4F700B0A59C /* sd-10-policytree.c in Sources */, + DC52ED9F1D80D4F200B0A59C /* SOSTransportTestTransports.c in Sources */, + DC52ED9E1D80D4ED00B0A59C /* secd-95-escrow-persistence.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EDA71D80D58400B0A59C /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + E7C787211DCA4D430087FC34 /* CKDAKSLockMonitor.m in Sources */, + DC52EDFA1D80D66600B0A59C /* SOSRegressionUtilities.c in Sources */, + DCFAEDD61D99A47A005187E4 /* secd-36-ks-encrypt.m in Sources */, + DC52EDF91D80D66000B0A59C /* SOSTestDataSource.c in Sources */, + E73A7E911DC81E0300A5B2D1 /* CKDSimulatedAccount.m in Sources */, + DC52EDF81D80D65C00B0A59C /* SOSTestDevice.c in Sources */, + DC52EDF71D80D65700B0A59C /* si-90-emcs.m in Sources */, + 483E798F1DC87605005C0008 /* secd-67-prefixedKeyIDs.c in Sources */, + 48CC589F1DA5FF2700EBD9DB /* secd-66-account-recovery.c in Sources */, + E73A7E921DC81E0F00A5B2D1 /* CKDKVSProxy.m in Sources */, + DC52EDF51D80D62E00B0A59C /* SecdTestKeychainUtilities.c in Sources */, + DC52EDF61D80D62E00B0A59C /* SOSTransportTestTransports.c in Sources */, + DC52EDB51D80D5C500B0A59C /* secd-03-corrupted-items.c in Sources */, + DC52EDB61D80D5C500B0A59C /* secd-04-corrupted-items.c in Sources */, + DC52EDB71D80D5C500B0A59C /* secd-05-corrupted-items.m in Sources */, + DC55329C1DDAA28800B6A6A7 /* XPCNotificationDispatcher.m in Sources */, + DC52EDBB1D80D5C500B0A59C /* secd-01-items.c in Sources */, + DC52EDBC1D80D5C500B0A59C /* secd-02-upgrade-while-locked.c in Sources */, + DC52EDBD1D80D5C500B0A59C /* secd-20-keychain_upgrade.m in Sources */, + DC52EDBE1D80D5C500B0A59C /* secd-21-transmogrify.m in Sources */, + DCFAEDD21D99991F005187E4 /* secd-668-ghosts.c in Sources */, + DC52EDBF1D80D5C500B0A59C /* secd-30-keychain-upgrade.c in Sources */, + DC52EDC01D80D5C500B0A59C /* secd-31-keychain-bad.c in Sources */, + DC52EDC11D80D5C500B0A59C /* secd-31-keychain-unreadable.c in Sources */, + DC52EDC21D80D5C500B0A59C /* secd-32-restore-bad-backup.c in Sources */, + DC52EDC31D80D5C500B0A59C /* secd-33-keychain-ctk.m in Sources */, + DC0B622C1D90982C00D43BCB /* secd-201-coders.c in Sources */, + DC52EDC41D80D5C500B0A59C /* secd-34-backup-der-parse.c in Sources */, + DC52EDC51D80D5C500B0A59C /* secd-35-keychain-migrate-inet.c in Sources */, + DC52EDC61D80D5C500B0A59C /* secd-40-cc-gestalt.c in Sources */, + DC52EDC71D80D5C500B0A59C /* secd-50-account.c in Sources */, + E73A7E8B1DC81DF700A5B2D1 /* secd-210-keyinterest.m in Sources */, + DC52EDC81D80D5C500B0A59C /* secd-49-manifests.c in Sources */, + DC52EDC91D80D5C500B0A59C /* secd-50-message.c in Sources */, + DC52EDCA1D80D5C500B0A59C /* secd-51-account-inflate.c in Sources */, + DC52EDCC1D80D5C500B0A59C /* secd-52-account-changed.c in Sources */, + DC52EDCD1D80D5C500B0A59C /* secd-55-account-circle.c in Sources */, + DCFAEDD71D99A4AB005187E4 /* secd-154-engine-backoff.c in Sources */, + DC52EDCE1D80D5C500B0A59C /* secd-55-account-incompatibility.c in Sources */, + DC52EDCF1D80D5C500B0A59C /* secd-56-account-apply.c in Sources */, + DC52EDD01D80D5C500B0A59C /* secd-57-account-leave.c in Sources */, + DC52EDD11D80D5C500B0A59C /* secd-57-1-account-last-standing.c in Sources */, + DC52EDD21D80D5C500B0A59C /* secd-58-password-change.c in Sources */, + DC52EDD31D80D5C500B0A59C /* secd-59-account-cleanup.c in Sources */, + DC52EDD41D80D5C500B0A59C /* secd-60-account-cloud-identity.c in Sources */, + DC52EDD51D80D5C500B0A59C /* secd60-account-cloud-exposure.c in Sources */, + DC52EDD61D80D5C500B0A59C /* secd-61-account-leave-not-in-kansas-anymore.c in Sources */, + DC52EDD71D80D5C500B0A59C /* secd-62-account-backup.c in Sources */, + DC52EDD81D80D5C500B0A59C /* secd-62-account-hsa-join.c in Sources */, + DC52EDD91D80D5C500B0A59C /* secd-63-account-resurrection.c in Sources */, + DC52EDDA1D80D5C500B0A59C /* secd-65-account-retirement-reset.c in Sources */, + E73A7E8F1DC81E0300A5B2D1 /* CKDSimulatedStore.m in Sources */, + DCDCC7E31D9B54EE006487E8 /* secd-202-recoverykey.m in Sources */, + DC52EDDB1D80D5C500B0A59C /* secd-64-circlereset.c in Sources */, + 48AFBA7C1DEF8D4800436D08 /* secd-80-views-alwayson.c in Sources */, + DC52EDDC1D80D5C500B0A59C /* secd-70-engine.c in Sources */, + DC52EDDD1D80D5C500B0A59C /* secd-70-engine-corrupt.c in Sources */, + DC52EDDE1D80D5C500B0A59C /* secd-70-engine-smash.c in Sources */, + DC52EDDF1D80D5C500B0A59C /* secd-70-otr-remote.c in Sources */, + DC52EDE21D80D5C500B0A59C /* secd-74-engine-beer-servers.c in Sources */, + DC52EDE31D80D5C500B0A59C /* secd-75-engine-views.c in Sources */, + DC52EDE61D80D5C500B0A59C /* secd-80-views-basic.c in Sources */, + DC52EDE71D80D5C500B0A59C /* secd-82-secproperties-basic.c in Sources */, + DC52EDE81D80D5C500B0A59C /* secd-81-item-acl-stress.c in Sources */, + DC52EDE91D80D5C500B0A59C /* secd-81-item-acl.c in Sources */, + DC52EDEA1D80D5C500B0A59C /* secd-82-persistent-ref.c in Sources */, + DC52EDEB1D80D5C500B0A59C /* secd-83-item-match-policy.m in Sources */, + DC52EDEC1D80D5C500B0A59C /* secd-83-item-match-valid-on-date.m in Sources */, + DC52EDED1D80D5C600B0A59C /* secd-83-item-match-trusted.m in Sources */, + DC52EDEF1D80D5C600B0A59C /* secd-90-hsa2.c in Sources */, + DC52EDF11D80D5C600B0A59C /* secd-100-initialsync.c in Sources */, + DC52EDF21D80D5C600B0A59C /* secd-130-other-peer-views.c in Sources */, + DC52EDF41D80D5C600B0A59C /* secd-200-logstate.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EDFE1D80D6DD00B0A59C /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC52EE611D80D79E00B0A59C /* si-71-mobile-store-policy.c in Sources */, + DC52EE601D80D79900B0A59C /* si-74-OTAPKISigner.c in Sources */, + EB6928CA1D9C9E1800062A18 /* rk_01_recoverykey.m in Sources */, + D42CDC351DC12FE90090E2C9 /* si-66-smime.c in Sources */, + DC52EE5F1D80D79400B0A59C /* si-85-sectrust-ssl-policy.c in Sources */, + DC0B62291D90974600D43BCB /* si-25-cms-skid.m in Sources */, + DC52EE5E1D80D78C00B0A59C /* si-82-sectrust-ct.m in Sources */, + DC52EE5D1D80D76B00B0A59C /* si-87-sectrust-name-constraints.c in Sources */, + DC52EE5C1D80D76300B0A59C /* si-20-sectrust-policies.m in Sources */, + DC52EE511D80D73800B0A59C /* si-15-certificate.c in Sources */, + DC52EE521D80D73800B0A59C /* si-16-ec-certificate.c in Sources */, + DC52EE421D80D71900B0A59C /* si-20-sectrust.c in Sources */, + DC52EE441D80D71900B0A59C /* si-21-sectrust-asr.c in Sources */, + DC52EE451D80D71900B0A59C /* si-22-sectrust-iap.c in Sources */, + DC52EE471D80D71900B0A59C /* si-23-sectrust-ocsp.c in Sources */, + D48E4E241E42F0620011B4BA /* si-62-csr.c in Sources */, + DC52EE481D80D71900B0A59C /* si-24-sectrust-digicert-malaysia.c in Sources */, + DC52EE491D80D71900B0A59C /* si-24-sectrust-diginotar.c in Sources */, + DC52EE4A1D80D71900B0A59C /* si-24-sectrust-itms.c in Sources */, + DC52EE4B1D80D71900B0A59C /* si-24-sectrust-nist.c in Sources */, + DC52EE4C1D80D71900B0A59C /* si-24-sectrust-passbook.c in Sources */, + DC52EE4D1D80D71900B0A59C /* si-26-sectrust-copyproperties.c in Sources */, + DC52EE4E1D80D71900B0A59C /* si-27-sectrust-exceptions.c in Sources */, + DC52EE4F1D80D71900B0A59C /* si-28-sectrustsettings.m in Sources */, + DC52EE531D80D73800B0A59C /* si-44-seckey-gen.m in Sources */, + DC52EE541D80D73800B0A59C /* si-44-seckey-rsa.m in Sources */, + DC52EE551D80D73800B0A59C /* si-44-seckey-ec.m in Sources */, + D487FBB81DB8357300D4BB0B /* si-29-sectrust-sha1-deprecation.m in Sources */, + DC52EE561D80D73800B0A59C /* si-44-seckey-ies.m in Sources */, + DC52EE571D80D73800B0A59C /* si-67-sectrust-blacklist.c in Sources */, + DC52EE581D80D73800B0A59C /* si-70-sectrust-unified.c in Sources */, + BE6D96BB1DB14B9F001B76D4 /* si-84-sectrust-allowlist.m in Sources */, + DC52EE591D80D73800B0A59C /* si-82-seccertificate-ct.c in Sources */, + DC52EE5A1D80D73800B0A59C /* si-83-seccertificate-sighashalg.c in Sources */, + DC52EE5B1D80D73800B0A59C /* si-97-sectrust-path-scoring.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC52EE671D80D82600B0A59C /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC52EE7C1D80D89E00B0A59C /* SecItemBackup.c in Sources */, + DC52EE7B1D80D89900B0A59C /* SecKeyAdaptors.c in Sources */, + DC52EE7A1D80D89400B0A59C /* SecCFAllocator.c in Sources */, + DC52EE791D80D88D00B0A59C /* SecItem.c in Sources */, + DC52EE781D80D88800B0A59C /* SecRSAKey.c in Sources */, + DC52EE771D80D88300B0A59C /* SecDH.c in Sources */, + DC52EE761D80D87F00B0A59C /* SecCTKKey.c in Sources */, + DC52EE751D80D87900B0A59C /* SOSCloudCircle.c in Sources */, + DC52EE741D80D86F00B0A59C /* SecAccessControl.c in Sources */, + DC52EE731D80D86800B0A59C /* SecKey.c in Sources */, + DC52EE721D80D86400B0A59C /* SecuritydXPC.c in Sources */, + DC52EE711D80D85F00B0A59C /* SecECKey.c in Sources */, + DC52EE701D80D84700B0A59C /* SecItemConstants.c in Sources */, + DC52EE6F1D80D83F00B0A59C /* SecPasswordGenerate.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC58C41F1D77BDEA003C25A4 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC58C43E1D77BED0003C25A4 /* csparser.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC59E9D01D91C9DC001BDDF5 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC59EA031D91CA0A001BDDF5 /* DER_Decode.c in Sources */, + DC59EA051D91CA0A001BDDF5 /* DER_Encode.c in Sources */, + DC59E9FE1D91CA0A001BDDF5 /* DER_Keys.c in Sources */, + DC59EA0A1D91CA0A001BDDF5 /* DER_Digest.c in Sources */, + DC59EA0B1D91CA0A001BDDF5 /* oids.c in Sources */, + DC59EA011D91CA0A001BDDF5 /* DER_CertCrl.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC59EA1A1D91CA15001BDDF5 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC59EA2F1D91CA2C001BDDF5 /* fileIo.c in Sources */, + DC59EA321D91CA2C001BDDF5 /* printFields.c in Sources */, + DC59EA2E1D91CA2C001BDDF5 /* libDERUtils.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC59EA331D91CA82001BDDF5 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC59EA4E1D91CACE001BDDF5 /* parseCert.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC59EA571D91CAF0001BDDF5 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC59EA611D91CAFD001BDDF5 /* parseCrl.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC59EA671D91CB9F001BDDF5 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC59EA721D91CBBD001BDDF5 /* parseTicket.c in Sources */, + DC59EA711D91CBB9001BDDF5 /* DER_Ticket.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC5ABDC11D832DAB00CF422C /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC5ABDCC1D832E4000CF422C /* srCdsaUtils.cpp in Sources */, + DC5ABDCD1D832E4000CF422C /* createFVMaster.c in Sources */, + DC5ABDCE1D832E4000CF422C /* mds_install.cpp in Sources */, + DC5ABDCF1D832E4000CF422C /* cmsutil.c in Sources */, + DC5ABDD01D832E4000CF422C /* db_commands.cpp in Sources */, + DC5ABDD11D832E4000CF422C /* display_error_code.c in Sources */, + DC5ABDD21D832E4000CF422C /* trusted_cert_dump.c in Sources */, + DC5ABDD31D832E4000CF422C /* identity_find.c in Sources */, + DC5ABDD41D832E4000CF422C /* identity_prefs.c in Sources */, + DC5ABDD51D832E4000CF422C /* key_create.c in Sources */, + DC5ABDD61D832E4000CF422C /* keychain_add.c in Sources */, + DC5ABDD71D832E4000CF422C /* keychain_create.c in Sources */, + DC5ABDD81D832E4000CF422C /* keychain_delete.c in Sources */, + DC5ABDD91D832E4000CF422C /* keychain_export.c in Sources */, + DC5ABDDA1D832E4000CF422C /* keychain_find.c in Sources */, + DC5ABDDB1D832E4000CF422C /* keychain_import.c in Sources */, + DC5ABDDC1D832E4000CF422C /* keychain_list.c in Sources */, + DC5ABDDD1D832E4000CF422C /* keychain_lock.c in Sources */, + DC5ABDDE1D832E4000CF422C /* keychain_recode.c in Sources */, + DC5ABDDF1D832E4000CF422C /* keychain_set_settings.c in Sources */, + DC5ABDE01D832E4000CF422C /* keychain_show_info.c in Sources */, + DC5ABDE11D832E4000CF422C /* keychain_unlock.c in Sources */, + DC5ABDE21D832E4000CF422C /* keychain_utilities.c in Sources */, + DC5ABDE31D832E4000CF422C /* leaks.c in Sources */, + DC5ABDE41D832E4000CF422C /* readline.c in Sources */, + DC5ABDE51D832E4000CF422C /* security.c in Sources */, + DC5ABDEE1D832E4E00CF422C /* smartcards.m in Sources */, + DC5ABDE61D832E4000CF422C /* trusted_cert_add.c in Sources */, + DC5ABDE71D832E4000CF422C /* trusted_cert_utils.c in Sources */, + DC5ABDE81D832E4000CF422C /* trust_settings_impexp.c in Sources */, + DC5ABDE91D832E4000CF422C /* user_trust_enable.cpp in Sources */, + DC5ABDEA1D832E4000CF422C /* authz.c in Sources */, + DC5ABDEB1D832E4000CF422C /* verify_cert.c in Sources */, + DC5ABDEC1D832E4000CF422C /* access_utils.c in Sources */, + DC5ABDED1D832E4000CF422C /* translocate.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC5AC04C1D8352D900CF422C /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC5AC1031D83552000CF422C /* selfServer.cpp in Sources */, + DC5AC1041D83552000CF422C /* selfUser.cpp in Sources */, + DC5AC0D81D8354CA00CF422C /* main.cpp in Sources */, + DC5AC0D91D8354CA00CF422C /* connection.cpp in Sources */, + DC5AC0DA1D8354CA00CF422C /* database.cpp in Sources */, + DC5AC0DB1D8354CA00CF422C /* key.cpp in Sources */, + DC5AC0DC1D8354CA00CF422C /* process.cpp in Sources */, + DC5AC0DD1D8354CA00CF422C /* server.cpp in Sources */, + DC5AC0DE1D8354CA00CF422C /* session.cpp in Sources */, + DC5AC0DF1D8354CA00CF422C /* structure.cpp in Sources */, + DC5AC0E01D8354CA00CF422C /* dbcrypto.cpp in Sources */, + DC5AC0E11D8354CA00CF422C /* localdatabase.cpp in Sources */, + DC5AC0E21D8354CA00CF422C /* localkey.cpp in Sources */, + DC5AC0E31D8354CA00CF422C /* kcdatabase.cpp in Sources */, + DC5AC0E41D8354CA00CF422C /* kckey.cpp in Sources */, + DC5AC0E51D8354CA00CF422C /* tempdatabase.cpp in Sources */, + DC5AC0E61D8354CA00CF422C /* tokendatabase.cpp in Sources */, + DC5AC0E71D8354CA00CF422C /* tokenkey.cpp in Sources */, + DC5AC0E81D8354CA00CF422C /* tokenaccess.cpp in Sources */, + DC5AC0E91D8354CA00CF422C /* pcscmonitor.cpp in Sources */, + DC5AC0EA1D8354CA00CF422C /* reader.cpp in Sources */, + DC5AC0EB1D8354CA00CF422C /* token.cpp in Sources */, + DC5AC0EC1D8354CA00CF422C /* tokend.cpp in Sources */, + DC5AC0ED1D8354CA00CF422C /* tokencache.cpp in Sources */, + DC5AC0EE1D8354CA00CF422C /* transition.cpp in Sources */, + DC5AC0EF1D8354CA00CF422C /* acls.cpp in Sources */, + DC5AC0F01D8354CA00CF422C /* tokenacl.cpp in Sources */, + DC5AC0F11D8354CA00CF422C /* acl_keychain.cpp in Sources */, + DC5AC0F21D8354CA00CF422C /* acl_partition.cpp in Sources */, + DC5AC0F31D8354CA00CF422C /* authhost.cpp in Sources */, + DC5AC0F41D8354CA00CF422C /* credential.cpp in Sources */, + DC5AC0F51D8354CA00CF422C /* clientid.cpp in Sources */, + DC5AC0F61D8354CA00CF422C /* codesigdb.cpp in Sources */, + DC5AC0F71D8354CA00CF422C /* csproxy.cpp in Sources */, + DC5AC0F81D8354CA00CF422C /* agentquery.cpp in Sources */, + DC5AC0F91D8354CA00CF422C /* auditevents.cpp in Sources */, + DC5AC0FA1D8354CA00CF422C /* ccaudit_extensions.cpp in Sources */, + DC5AC0FB1D8354CA00CF422C /* child.cpp in Sources */, + DC5AC0FD1D8354CA00CF422C /* notifications.cpp in Sources */, + DC5AC0FE1D8354CA00CF422C /* SharedMemoryServer.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC610A171D78F129002223DE /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC610A181D78F129002223DE /* main.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC610A431D78F48F002223DE /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC610A501D78F715002223DE /* main.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC610A561D78F9D2002223DE /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC610A611D78F9F2002223DE /* FatDynamicValidation.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC610AAE1D7910C3002223DE /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC610ABA1D7910F8002223DE /* gk_reset_check.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC6A828E1D87749900418608 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC6A82B11D87769800418608 /* dictionary.cpp in Sources */, + DC6A82B21D87769800418608 /* sec_xdr.c in Sources */, + DC6A82B31D87769800418608 /* sec_xdr_array.c in Sources */, + DC6A82B41D87769800418608 /* sec_xdr_reference.c in Sources */, + DC6A82B51D87769800418608 /* sec_xdrmem.c in Sources */, + DC6A82B61D87769800418608 /* sec_xdr_sizeof.c in Sources */, + DC6A82B71D87769800418608 /* xdr_auth.c in Sources */, + DC6A82B81D87769800418608 /* xdr_cssm.c in Sources */, + DC6A82B91D87769800418608 /* xdr_dldb.cpp in Sources */, + DC6A82BA1D87769800418608 /* SharedMemoryClient.cpp in Sources */, + DC6A82BB1D87769800418608 /* eventlistener.cpp in Sources */, + DC6A82C41D8776D800418608 /* ssblob.cpp in Sources */, + DC6A82BC1D87769800418608 /* ssclient.cpp in Sources */, + DC6A82BD1D87769800418608 /* sstransit.cpp in Sources */, + DC6A82BE1D87769800418608 /* transition.cpp in Sources */, + DC6A82BF1D8776B300418608 /* ucspClient.cpp in Sources */, + DC6A82C01D8776B300418608 /* ucspNotifySender.cpp in Sources */, + DC6A82C11D8776B900418608 /* cshostingClient.cpp in Sources */, + DC6A82C21D8776B900418608 /* cshostingServer.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC71D9C31D95BA6C0065FB93 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC71D9C41D95BA6C0065FB93 /* X509Templates.c in Sources */, + DC71D9C51D95BA6C0065FB93 /* keyTemplates.c in Sources */, + DC71D9C61D95BA6C0065FB93 /* SecAsn1Templates.c in Sources */, + DC71D9C71D95BA6C0065FB93 /* osKeyTemplates.c in Sources */, + DC71D9C81D95BA6C0065FB93 /* nsprPortX.c in Sources */, + DC71D9C91D95BA6C0065FB93 /* nameTemplates.c in Sources */, + DC71D9CA1D95BA6C0065FB93 /* pkcs7Templates.c in Sources */, + DC71D9CB1D95BA6C0065FB93 /* plarena.c in Sources */, + DC71D9CC1D95BA6C0065FB93 /* secasn1e.c in Sources */, + DC71D9CD1D95BA6C0065FB93 /* SecNssCoder.cpp in Sources */, + DC71D9CE1D95BA6C0065FB93 /* oidsalg.c in Sources */, + DC71D9CF1D95BA6C0065FB93 /* ocspTemplates.c in Sources */, + DC71D9D01D95BA6C0065FB93 /* certExtensionTemplates.c in Sources */, + DC71D9D11D95BA6C0065FB93 /* secport.c in Sources */, + DC71D9D21D95BA6C0065FB93 /* nssUtils.c in Sources */, + DC71D9D31D95BA6C0065FB93 /* pkcs12Templates.c in Sources */, + DC71D9D41D95BA6C0065FB93 /* csrTemplates.c in Sources */, + DC71D9D51D95BA6C0065FB93 /* oidsattr.c in Sources */, + DC71D9D61D95BA6C0065FB93 /* secErrorStr.c in Sources */, + DC71D9D71D95BA6C0065FB93 /* oidsocsp.c in Sources */, + DC71D9D81D95BA6C0065FB93 /* secasn1d.c in Sources */, + DC71D9D91D95BA6C0065FB93 /* SecAsn1Coder.c in Sources */, + DC71D9DA1D95BA6C0065FB93 /* secasn1u.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC71D9F01D95BB0A0065FB93 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC71D9F11D95BB0A0065FB93 /* DER_Decode.c in Sources */, + DC71D9F21D95BB0A0065FB93 /* DER_Encode.c in Sources */, + DC71D9F31D95BB0A0065FB93 /* DER_Keys.c in Sources */, + DC71D9F41D95BB0A0065FB93 /* DER_Digest.c in Sources */, + DC71D9F51D95BB0A0065FB93 /* oids.c in Sources */, + DC71D9F61D95BB0A0065FB93 /* DER_CertCrl.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DC8834031D8A218F00CE0ACA /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DC88348D1D8A21AB00CE0ACA /* X509Templates.c in Sources */, + DC88345B1D8A21AA00CE0ACA /* keyTemplates.c in Sources */, + DC8834541D8A21AA00CE0ACA /* SecAsn1Templates.c in Sources */, + DC88348F1D8A21AB00CE0ACA /* osKeyTemplates.c in Sources */, + DC8834631D8A21AA00CE0ACA /* nsprPortX.c in Sources */, + DC88345D1D8A21AA00CE0ACA /* nameTemplates.c in Sources */, + DC88345F1D8A21AA00CE0ACA /* pkcs7Templates.c in Sources */, + DC88346B1D8A21AA00CE0ACA /* plarena.c in Sources */, + DC8834831D8A21AB00CE0ACA /* secasn1e.c in Sources */, + DC8834891D8A21AB00CE0ACA /* SecNssCoder.cpp in Sources */, + DC8834911D8A21AB00CE0ACA /* oidsalg.c in Sources */, + DC8834691D8A21AA00CE0ACA /* ocspTemplates.c in Sources */, + DC8834571D8A21AA00CE0ACA /* certExtensionTemplates.c in Sources */, + DC88348B1D8A21AB00CE0ACA /* secport.c in Sources */, + DC8834671D8A21AA00CE0ACA /* nssUtils.c in Sources */, + DC8834611D8A21AA00CE0ACA /* pkcs12Templates.c in Sources */, + DC8834591D8A21AA00CE0ACA /* csrTemplates.c in Sources */, + DC8834931D8A21AB00CE0ACA /* oidsattr.c in Sources */, + DC8834881D8A21AB00CE0ACA /* secErrorStr.c in Sources */, + DC8834961D8A21AB00CE0ACA /* oidsocsp.c in Sources */, + DC8834821D8A21AB00CE0ACA /* secasn1d.c in Sources */, + DC8834521D8A21AA00CE0ACA /* SecAsn1Coder.c in Sources */, + DC8834851D8A21AB00CE0ACA /* secasn1u.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCB340681D8A24DF0054D16E /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCB340881D8A24F70054D16E /* trampolineServer.cpp in Sources */, + DCB340841D8A24F70054D16E /* Authorization.cpp in Sources */, + DCB3407D1D8A24F70054D16E /* Authorization.c in Sources */, + DC0BC5831D8B709F00070CB0 /* authutilities.c in Sources */, + DCB340871D8A24F70054D16E /* trampolineClient.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCB340901D8A267C0054D16E /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCB340CC1D8A26AE0054D16E /* dlclient.cpp in Sources */, + DCB340DF1D8A26AE0054D16E /* mdsclient.cpp in Sources */, + DCB340E91D8A26AE0054D16E /* tpclient.cpp in Sources */, + DCB340CA1D8A26AE0054D16E /* cssmclient.cpp in Sources */, + DCB340C61D8A26AE0054D16E /* cryptoclient.cpp in Sources */, + DCB340C21D8A26AE0054D16E /* aclclient.cpp in Sources */, + DCB340D51D8A26AE0054D16E /* DLDBList.cpp in Sources */, + DCB340C41D8A26AE0054D16E /* clclient.cpp in Sources */, + DCB340E71D8A26AE0054D16E /* signclient.cpp in Sources */, + DCB340D71D8A26AE0054D16E /* genkey.cpp in Sources */, + DCB340DD1D8A26AE0054D16E /* macclient.cpp in Sources */, + DCB340EB1D8A26AE0054D16E /* wrapkey.cpp in Sources */, + DCB340D91D8A26AE0054D16E /* keychainacl.cpp in Sources */, + DCB340CF1D8A26AE0054D16E /* dliterators.cpp in Sources */, + DCB340E11D8A26AE0054D16E /* mds_standard.cpp in Sources */, + DCB340D31D8A26AE0054D16E /* dl_standard.cpp in Sources */, + DCB340E51D8A26AE0054D16E /* securestorage.cpp in Sources */, + DCB340DB1D8A26AE0054D16E /* keyclient.cpp in Sources */, + DCB340D11D8A26AE0054D16E /* dlquery.cpp in Sources */, + DCB340C81D8A26AE0054D16E /* cspclient.cpp in Sources */, + DCB340CD1D8A26AE0054D16E /* dlclientpriv.cpp in Sources */, + DCB340E31D8A26AE0054D16E /* multidldb.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCB341321D8A2A010054D16E /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCB3416E1D8A2A340054D16E /* ACabstractsession.cpp in Sources */, + DCB341701D8A2A340054D16E /* CSPabstractsession.cpp in Sources */, + DCB341711D8A2A340054D16E /* DLabstractsession.cpp in Sources */, + DCB341641D8A2A340054D16E /* DatabaseSession.cpp in Sources */, + DCB3415D1D8A2A340054D16E /* CSPsession.cpp in Sources */, + DCB3415F1D8A2A340054D16E /* csputilities.cpp in Sources */, + DCB341661D8A2A340054D16E /* DbContext.cpp in Sources */, + DCB341621D8A2A340054D16E /* Database.cpp in Sources */, + DCB3416A1D8A2A340054D16E /* pluginsession.cpp in Sources */, + DCB341601D8A2A340054D16E /* cssmplugin.cpp in Sources */, + DCB341721D8A2A340054D16E /* TPabstractsession.cpp in Sources */, + DCB341681D8A2A340054D16E /* DLsession.cpp in Sources */, + DCB3416F1D8A2A340054D16E /* CLabstractsession.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCB3417D1D8A2B860054D16E /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCB342341D8A2C6B0054D16E /* KeySchema.cpp in Sources */, + DCB342351D8A2C6B0054D16E /* Schema.cpp in Sources */, + DCB341F91D8A2BAD0054D16E /* callback.cpp in Sources */, + DCB341F21D8A2BAC0054D16E /* acl_secret.cpp in Sources */, + DCB342281D8A2BAD0054D16E /* osxverifier.cpp in Sources */, + DCB342231D8A2BAD0054D16E /* handletemplates.cpp in Sources */, + DCB3420A1D8A2BAD0054D16E /* cssmdates.cpp in Sources */, + DCB341EA1D8A2BAC0054D16E /* acl_preauth.cpp in Sources */, + DCB342061D8A2BAD0054D16E /* cssmcred.cpp in Sources */, + DCB341E81D8A2BAC0054D16E /* acl_password.cpp in Sources */, + DCB3421A1D8A2BAD0054D16E /* cssmtrust.cpp in Sources */, + DCB342161D8A2BAD0054D16E /* cssmlist.cpp in Sources */, + DCB341DD1D8A2BAC0054D16E /* objectacl.cpp in Sources */, + DCB342011D8A2BAD0054D16E /* cssmalloc.cpp in Sources */, + DCB3420E1D8A2BAD0054D16E /* cssmdbname.cpp in Sources */, + DCB341F01D8A2BAC0054D16E /* acl_protectedpw.cpp in Sources */, + DCB342211D8A2BAD0054D16E /* handleobject.cpp in Sources */, + DCB3422C1D8A2BAD0054D16E /* uniformrandom.cpp in Sources */, + DCB341EE1D8A2BAC0054D16E /* acl_prompted.cpp in Sources */, + DCB341E41D8A2BAC0054D16E /* acl_codesigning.cpp in Sources */, + DCB342121D8A2BAD0054D16E /* cssmerrors.cpp in Sources */, + DCB3421C1D8A2BAD0054D16E /* cssmwalkers.cpp in Sources */, + DCB341F61D8A2BAD0054D16E /* AuthorizationData.cpp in Sources */, + DCB3421E1D8A2BAD0054D16E /* db++.cpp in Sources */, + DCB3422E1D8A2BAD0054D16E /* walkers.cpp in Sources */, + DCB342181D8A2BAD0054D16E /* cssmpods.cpp in Sources */, + DCB342081D8A2BAD0054D16E /* cssmdata.cpp in Sources */, + DCB341F41D8A2BAC0054D16E /* acl_threshold.cpp in Sources */, + DCB341E11D8A2BAC0054D16E /* cssmacl.cpp in Sources */, + DCB3420C1D8A2BAD0054D16E /* cssmdb.cpp in Sources */, + DCB341DF1D8A2BAC0054D16E /* aclsubject.cpp in Sources */, + DCB342141D8A2BAD0054D16E /* cssmkey.cpp in Sources */, + DCB342101D8A2BAD0054D16E /* cssmendian.cpp in Sources */, + DCB342041D8A2BAD0054D16E /* cssmcert.cpp in Sources */, + DCB341EC1D8A2BAC0054D16E /* acl_process.cpp in Sources */, + DCB341FD1D8A2BAD0054D16E /* context.cpp in Sources */, + DCB341E61D8A2BAC0054D16E /* acl_comment.cpp in Sources */, + DCB341E21D8A2BAC0054D16E /* acl_any.cpp in Sources */, + DCB341FF1D8A2BAD0054D16E /* cssmaclpod.cpp in Sources */, + DCB3422A1D8A2BAD0054D16E /* u32handleobject.cpp in Sources */, + DCB341FB1D8A2BAD0054D16E /* constdata.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCB3423C1D8A32820054D16E /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCB3433D1D8A32A20054D16E /* ACL.cpp in Sources */, + DCB3433B1D8A32A20054D16E /* Access.cpp in Sources */, + DCB3436A1D8A32A20054D16E /* CCallbackMgr.cp in Sources */, + DCB3433F1D8A32A20054D16E /* Certificate.cpp in Sources */, + DCB343411D8A32A20054D16E /* CertificateRequest.cpp in Sources */, + DCB343431D8A32A20054D16E /* CertificateValues.cpp in Sources */, + DCB343701D8A32A20054D16E /* DLDBListCFPref.cpp in Sources */, + DCB343721D8A32A20054D16E /* DynamicDLDBList.cpp in Sources */, + DCB343451D8A32A20054D16E /* ExtendedAttribute.cpp in Sources */, + DCB343471D8A32A20054D16E /* Globals.cpp in Sources */, + DCB343491D8A32A20054D16E /* Identity.cpp in Sources */, + DCB3434B1D8A32A20054D16E /* IdentityCursor.cpp in Sources */, + DCB3434D1D8A32A20054D16E /* Item.cpp in Sources */, + DCB3434F1D8A32A20054D16E /* KCCursor.cpp in Sources */, + DCB343741D8A32A20054D16E /* KCEventNotifier.cpp in Sources */, + DCB343771D8A32A20054D16E /* KCUtilities.cpp in Sources */, + DCB343531D8A32A20054D16E /* KeyItem.cpp in Sources */, + DCB343511D8A32A20054D16E /* Keychains.cpp in Sources */, + DCB343551D8A32A20054D16E /* Password.cpp in Sources */, + DCB343571D8A32A20054D16E /* Policies.cpp in Sources */, + DCB343591D8A32A20054D16E /* PolicyCursor.cpp in Sources */, + DCB3437A1D8A32A20054D16E /* PrimaryKey.cpp in Sources */, + DCB342FA1D8A32A20054D16E /* SecACL.cpp in Sources */, + DCB342F91D8A32A20054D16E /* SecAccess.cpp in Sources */, + DCB342FB1D8A32A20054D16E /* SecBase.cpp in Sources */, + DCB343891D8A32A20054D16E /* SecBase64P.c in Sources */, + DCB3435B1D8A32A20054D16E /* SecCFTypes.cpp in Sources */, + DCB342FD1D8A32A20054D16E /* SecCertificate.cpp in Sources */, + DCB342FE1D8A32A20054D16E /* SecCertificateBundle.cpp in Sources */, + DCB3438B1D8A32A20054D16E /* SecCertificateP.c in Sources */, + DCB342FF1D8A32A20054D16E /* SecCertificateRequest.cpp in Sources */, + DCB343921D8A32A20054D16E /* SecExport.cpp in Sources */, + DCB343931D8A32A20054D16E /* SecExternalRep.cpp in Sources */, + DCB343371D8A32A20054D16E /* SecFDERecoveryAsymmetricCrypto.cpp in Sources */, + DCB3438A1D8A32A20054D16E /* SecFrameworkP.c in Sources */, + DCB343001D8A32A20054D16E /* SecIdentity.cpp in Sources */, + DCB343011D8A32A20054D16E /* SecIdentitySearch.cpp in Sources */, + DCB343951D8A32A20054D16E /* SecImport.cpp in Sources */, + DCB343961D8A32A20054D16E /* SecImportExport.c in Sources */, + DCB343971D8A32A20054D16E /* SecImportExportAgg.cpp in Sources */, + DCB343991D8A32A20054D16E /* SecImportExportCrypto.cpp in Sources */, + DCB3439B1D8A32A20054D16E /* SecImportExportOpenSSH.cpp in Sources */, + DCB3439D1D8A32A20054D16E /* SecImportExportPem.cpp in Sources */, + DCB3439F1D8A32A20054D16E /* SecImportExportPkcs8.cpp in Sources */, + DCB343A11D8A32A20054D16E /* SecImportExportUtils.cpp in Sources */, + DCB343031D8A32A20054D16E /* SecItem.cpp in Sources */, + DCB343021D8A32A20054D16E /* SecItemConstants.c in Sources */, + DCB343041D8A32A20054D16E /* SecKey.cpp in Sources */, + DCB343051D8A32A20054D16E /* SecKeychain.cpp in Sources */, + DCB3435D1D8A32A20054D16E /* SecKeychainAddIToolsPassword.cpp in Sources */, + DCB343061D8A32A20054D16E /* SecKeychainItem.cpp in Sources */, + DCB343071D8A32A20054D16E /* SecKeychainItemExtendedAttributes.cpp in Sources */, + DCB343081D8A32A20054D16E /* SecKeychainSearch.cpp in Sources */, + DCB343A31D8A32A20054D16E /* SecNetscapeTemplates.cpp in Sources */, + DCB343091D8A32A20054D16E /* SecPassword.cpp in Sources */, + DCB343A51D8A32A20054D16E /* SecPkcs8Templates.cpp in Sources */, + DCB3430A1D8A32A20054D16E /* SecPolicy.cpp in Sources */, + DCB3430B1D8A32A20054D16E /* SecPolicySearch.cpp in Sources */, + DCB343361D8A32A20054D16E /* SecRandom.c in Sources */, + DCB343391D8A32A20054D16E /* SecRecoveryPassword.c in Sources */, + DCB3430C1D8A32A20054D16E /* SecTrust.cpp in Sources */, + DCB343671D8A32A20054D16E /* SecTrustOSXEntryPoints.cpp in Sources */, + DCB3430E1D8A32A20054D16E /* SecTrustSettings.cpp in Sources */, + DCB3430D1D8A32A20054D16E /* SecTrustedApplication.cpp in Sources */, + DCB343A71D8A32A20054D16E /* SecWrappedKeys.cpp in Sources */, + DCB3435E1D8A32A20054D16E /* StorageManager.cpp in Sources */, + DCB343901D8A32A20054D16E /* TokenLogin.cpp in Sources */, + DCB3435F1D8A32A20054D16E /* Trust.cpp in Sources */, + DCB3437E1D8A32A20054D16E /* TrustAdditions.cpp in Sources */, + DCB343801D8A32A20054D16E /* TrustItem.cpp in Sources */, + DCB343611D8A32A20054D16E /* TrustRevocation.cpp in Sources */, + DCB343641D8A32A20054D16E /* TrustSettings.cpp in Sources */, + DCB343861D8A32A20054D16E /* TrustSettingsUtils.cpp in Sources */, + DCB343821D8A32A20054D16E /* TrustStore.cpp in Sources */, + DCB343621D8A32A20054D16E /* TrustedApplication.cpp in Sources */, + DCB343841D8A32A20054D16E /* UnlockReferralItem.cpp in Sources */, + DCB3436C1D8A32A20054D16E /* cssmdatetime.cpp in Sources */, + DCB3436E1D8A32A20054D16E /* defaultcreds.cpp in Sources */, + DCB3438E1D8A32A20054D16E /* tsaDERUtilities.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCB343E91D8A34FD0054D16E /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCB3447A1D8A35270054D16E /* kc-01-keychain-creation.c in Sources */, + DCB3447B1D8A35270054D16E /* kc-02-unlock-noui.c in Sources */, + DCB3447D1D8A35270054D16E /* kc-03-keychain-list.c in Sources */, + DCB3447C1D8A35270054D16E /* kc-03-status.c in Sources */, + DCB3447E1D8A35270054D16E /* kc-04-is-valid.c in Sources */, + DCB344801D8A35270054D16E /* kc-05-find-existing-items-locked.c in Sources */, + DCB3447F1D8A35270054D16E /* kc-05-find-existing-items.c in Sources */, + DCB344811D8A35270054D16E /* kc-06-cert-search-email.m in Sources */, + DCB344841D8A35270054D16E /* kc-10-item-add-certificate.c in Sources */, + DCB344821D8A35270054D16E /* kc-10-item-add-generic.c in Sources */, + DCB344831D8A35270054D16E /* kc-10-item-add-internet.c in Sources */, + DCB344871D8A35270054D16E /* kc-12-item-create-keypair.c in Sources */, + DCB344861D8A35270054D16E /* kc-12-key-create-symmetric-and-use.m in Sources */, + DCB344851D8A35270054D16E /* kc-12-key-create-symmetric.c in Sources */, + DCB344891D8A35270054D16E /* kc-15-item-update-label-skimaad.m in Sources */, + DCB344881D8A35270054D16E /* kc-15-key-update-valueref.c in Sources */, + DCB3448A1D8A35270054D16E /* kc-16-item-update-password.c in Sources */, + DCB3448B1D8A35270054D16E /* kc-18-find-combined.c in Sources */, + DCB3448C1D8A35270054D16E /* kc-19-item-copy-internet.c in Sources */, + DCB344921D8A35270054D16E /* kc-20-identity-find-stress.c in Sources */, + DCB3448E1D8A35270054D16E /* kc-20-identity-key-attributes.c in Sources */, + DCB3448D1D8A35270054D16E /* kc-20-identity-persistent-refs.c in Sources */, + DCB344901D8A35270054D16E /* kc-20-item-add-stress.c in Sources */, + DCB3448F1D8A35270054D16E /* kc-20-item-find-stress.c in Sources */, + DCB344911D8A35270054D16E /* kc-20-key-find-stress.c in Sources */, + DCCBFA1E1DBA95CD001DD54D /* kc-20-item-delete-stress.c in Sources */, + DCB344931D8A35270054D16E /* kc-21-item-use-callback.c in Sources */, + DCB344941D8A35270054D16E /* kc-21-item-xattrs.c in Sources */, + DCB344951D8A35270054D16E /* kc-23-key-export-symmetric.m in Sources */, + DCB344961D8A35270054D16E /* kc-24-key-copy-keychains.c in Sources */, + DCB344971D8A35270054D16E /* kc-26-key-import-public.m in Sources */, + DCB344981D8A35270054D16E /* kc-27-key-non-extractable.c in Sources */, + DCB3449A1D8A35270054D16E /* kc-28-cert-sign.c in Sources */, + DCB344991D8A35270054D16E /* kc-28-p12-import.m in Sources */, + DCB3449B1D8A35270054D16E /* kc-30-xara.c in Sources */, + DCB344A01D8A35270054D16E /* kc-40-seckey.m in Sources */, + DCB344A11D8A35270054D16E /* kc-41-sececkey.m in Sources */, + DCB344A31D8A35270054D16E /* kc-42-trust-revocation.c in Sources */, + DCB344A21D8A35270054D16E /* kc-43-seckey-interop.m in Sources */, + DCB344A41D8A35270054D16E /* si-20-sectrust-provisioning.c in Sources */, + DCB344A61D8A35270054D16E /* si-33-keychain-backup.c in Sources */, + DCB344A71D8A35270054D16E /* si-34-one-true-keychain.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCC78EA51D8088E200865A7C /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 48BC0F651DFA2B5B00DDDFF9 /* accountCirclesViewsPrint.c in Sources */, + DCC78EE91D808B4100865A7C /* SOSCloudCircle.c in Sources */, + DCC78EE81D808B3500865A7C /* secToolFileIO.c in Sources */, + DCC78EE71D808B2F00865A7C /* secViewDisplay.c in Sources */, + DCC78EE61D808B2A00865A7C /* SecAccessControl.c in Sources */, + DCC78EE51D808B2100865A7C /* SecBase64.c in Sources */, + DCC78EE41D808B1B00865A7C /* SecCFAllocator.c in Sources */, + DCC78EE31D808B1300865A7C /* SecCMS.c in Sources */, + DCC78EE21D808B0E00865A7C /* SecCTKKey.c in Sources */, + DCC78EE11D808B0900865A7C /* SecCertificate.c in Sources */, + DCC78EE01D808B0000865A7C /* SecCertificatePath.c in Sources */, + DCC78EDF1D808AF800865A7C /* SecCertificateRequest.c in Sources */, + DCC78EDE1D808AF100865A7C /* SecDH.c in Sources */, + DCC78EDD1D808AEC00865A7C /* SecDigest.c in Sources */, + DCC78EDC1D808AE500865A7C /* SecECKey.c in Sources */, + DCC78EDB1D808ADF00865A7C /* SecEMCS.m in Sources */, + DCC78EDA1D808AD100865A7C /* SecFramework.c in Sources */, + DCC78ED91D808ACB00865A7C /* SecIdentity.c in Sources */, + DCC78ED81D808AC600865A7C /* SecImportExport.c in Sources */, + DCC78ED71D808AC000865A7C /* SecItem.c in Sources */, + DCC78ED61D808ABA00865A7C /* SecItemBackup.c in Sources */, + DCC78ED51D808AAE00865A7C /* SecItemConstants.c in Sources */, + DCC78ED41D808AA800865A7C /* SecKey.c in Sources */, + DCC78ED31D808AA000865A7C /* SecKeyAdaptors.c in Sources */, + DCC78ED21D808A9500865A7C /* SecOTRDHKey.c in Sources */, + DCC78ED11D808A8E00865A7C /* SecOTRFullIdentity.c in Sources */, + DCC78ED01D808A8800865A7C /* SecOTRMath.c in Sources */, + DCC78ECF1D808A8200865A7C /* SecOTRPacketData.c in Sources */, + DCC78ECE1D808A7B00865A7C /* SecOTRPackets.c in Sources */, + DCC78ECD1D808A7300865A7C /* SecOTRPublicIdentity.c in Sources */, + DCC78ECC1D808A6B00865A7C /* SecOTRSession.c in Sources */, + DCC78ECB1D808A6600865A7C /* SecOTRSessionAKE.c in Sources */, + DCC78ECA1D808A6000865A7C /* SecOTRUtils.c in Sources */, + DCC78EC91D808A5700865A7C /* SecPBKDF.c in Sources */, + DCC78EC81D808A5200865A7C /* SecPasswordGenerate.c in Sources */, + DCC78EC71D808A4D00865A7C /* SecPolicy.c in Sources */, + DCC78EC61D808A4700865A7C /* SecPolicyLeafCallbacks.c in Sources */, + DCC78EC51D808A4100865A7C /* SecRSAKey.c in Sources */, + DCC78EC41D808A3B00865A7C /* SecSCEP.c in Sources */, + DCC78EC31D808A2E00865A7C /* SecServerEncryptionSupport.c in Sources */, + DCC78EC21D808A2800865A7C /* SecSharedCredential.c in Sources */, + DCC78EC11D808A2200865A7C /* SecSignatureVerificationSupport.c in Sources */, + DCC78EC01D808A1C00865A7C /* SecTrust.c in Sources */, + DCC78EBE1D808A0E00865A7C /* SecTrustStore.c in Sources */, + DCC78EBD1D808A0400865A7C /* SecuritydXPC.c in Sources */, + DCC78EBC1D8089CD00865A7C /* verify_cert.c in Sources */, + DCC78EBB1D8089C200865A7C /* p12import.c in Sources */, + D425EC1D1DD3C3CF00DE5DEC /* SecInternalRelease.c in Sources */, + DCC78EBA1D8089BD00865A7C /* p12pbegen.c in Sources */, + DCC78EB91D8089A700865A7C /* pbkdf2.c in Sources */, + DCC78EB81D80899C00865A7C /* vmdh.c in Sources */, + DCC78EB61D80898E00865A7C /* secd-52-offering-gencount-reset.c in Sources */, + DCC78EB51D80898500865A7C /* secd-71-engine-save.c in Sources */, + DCC78EB41D80897E00865A7C /* secd-76-idstransport.c in Sources */, + DCC78EB31D80890E00865A7C /* secd-95-escrow-persistence.c in Sources */, + DCC78EB21D80890800865A7C /* secd_77_ids_messaging.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCD0677A1D8CDF19007602F1 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCD069281D8CDFFF007602F1 /* ANTLRUtil.cpp in Sources */, + DCD069291D8CDFFF007602F1 /* ASTFactory.cpp in Sources */, + DCD0692A1D8CDFFF007602F1 /* ASTNULLType.cpp in Sources */, + DCD0692B1D8CDFFF007602F1 /* ASTRefCount.cpp in Sources */, + DCD0692C1D8CDFFF007602F1 /* BaseAST.cpp in Sources */, + DCD0692D1D8CDFFF007602F1 /* BitSet.cpp in Sources */, + DCD0692E1D8CDFFF007602F1 /* CharBuffer.cpp in Sources */, + DCD0692F1D8CDFFF007602F1 /* CharScanner.cpp in Sources */, + DCD0682A1D8CDF7E007602F1 /* Code.cpp in Sources */, + DCD068301D8CDF7E007602F1 /* CodeSigner.cpp in Sources */, + DCD069301D8CDFFF007602F1 /* CommonAST.cpp in Sources */, + DCD069311D8CDFFF007602F1 /* CommonASTWithHiddenTokens.cpp in Sources */, + DCD069321D8CDFFF007602F1 /* CommonHiddenStreamToken.cpp in Sources */, + DCD069331D8CDFFF007602F1 /* CommonToken.cpp in Sources */, + DCD069351D8CDFFF007602F1 /* InputBuffer.cpp in Sources */, + DCD069361D8CDFFF007602F1 /* LLkParser.cpp in Sources */, + DCD069371D8CDFFF007602F1 /* MismatchedCharException.cpp in Sources */, + DCD069381D8CDFFF007602F1 /* MismatchedTokenException.cpp in Sources */, + DCD069391D8CDFFF007602F1 /* NoViableAltException.cpp in Sources */, + DCD0693A1D8CDFFF007602F1 /* NoViableAltForCharException.cpp in Sources */, + DCD0693B1D8CDFFF007602F1 /* Parser.cpp in Sources */, + DCD0693C1D8CDFFF007602F1 /* RecognitionException.cpp in Sources */, + DCD0683A1D8CDF7E007602F1 /* RequirementLexer.cpp in Sources */, + DCD0683C1D8CDF7E007602F1 /* RequirementParser.cpp in Sources */, + DCD0682E1D8CDF7E007602F1 /* Requirements.cpp in Sources */, + DCD068841D8CDF7E007602F1 /* SecAssessment.cpp in Sources */, + DCD0681A1D8CDF7E007602F1 /* SecCode.cpp in Sources */, + DCD068241D8CDF7E007602F1 /* SecCodeHost.cpp in Sources */, + DCD068221D8CDF7E007602F1 /* SecCodeSigner.cpp in Sources */, + DCD068201D8CDF7E007602F1 /* SecRequirement.cpp in Sources */, + DCD0681D1D8CDF7E007602F1 /* SecStaticCode.cpp in Sources */, + DCD068821D8CDF7E007602F1 /* SecTask.c in Sources */, + DCD0682C1D8CDF7E007602F1 /* StaticCode.cpp in Sources */, + DCD0693D1D8CDFFF007602F1 /* String.cpp in Sources */, + DCD0693E1D8CDFFF007602F1 /* Token.cpp in Sources */, + DCD0693F1D8CDFFF007602F1 /* TokenBuffer.cpp in Sources */, + DCD069401D8CDFFF007602F1 /* TokenRefCount.cpp in Sources */, + DCD069411D8CDFFF007602F1 /* TokenStreamBasicFilter.cpp in Sources */, + DCD069421D8CDFFF007602F1 /* TokenStreamHiddenTokenFilter.cpp in Sources */, + DCD069431D8CDFFF007602F1 /* TokenStreamRewriteEngine.cpp in Sources */, + DCD069441D8CDFFF007602F1 /* TokenStreamSelector.cpp in Sources */, + DCD069451D8CDFFF007602F1 /* TreeParser.cpp in Sources */, + DCD0687F1D8CDF7E007602F1 /* antlrplugin.cpp in Sources */, + DCD068581D8CDF7E007602F1 /* bundlediskrep.cpp in Sources */, + DCD068381D8CDF7E007602F1 /* cdbuilder.cpp in Sources */, + DCD068361D8CDF7E007602F1 /* codedirectory.cpp in Sources */, + DCD068281D8CDF7E007602F1 /* cs.cpp in Sources */, + DCD0686F1D8CDF7E007602F1 /* csdatabase.cpp in Sources */, + DCD068711D8CDF7E007602F1 /* cserror.cpp in Sources */, + DCD068521D8CDF7E007602F1 /* csgeneric.cpp in Sources */, + DCD0684E1D8CDF7E007602F1 /* cskernel.cpp in Sources */, + DCD068501D8CDF7E007602F1 /* csprocess.cpp in Sources */, + DCD068771D8CDF7E007602F1 /* csutilities.cpp in Sources */, + DCD068641D8CDF7E007602F1 /* detachedrep.cpp in Sources */, + DCD0687D1D8CDF7E007602F1 /* dirscanner.cpp in Sources */, + DCD068601D8CDF7E007602F1 /* diskimagerep.cpp in Sources */, + DCD068541D8CDF7E007602F1 /* diskrep.cpp in Sources */, + DCD0684C1D8CDF7E007602F1 /* drmaker.cpp in Sources */, + DCD068861D8CDF7E007602F1 /* evaluationmanager.cpp in Sources */, + DCD068561D8CDF7E007602F1 /* filediskrep.cpp in Sources */, + DCD0685A1D8CDF7E007602F1 /* kerneldiskrep.cpp in Sources */, + DCD0685C1D8CDF7E007602F1 /* machorep.cpp in Sources */, + DCD068881D8CDF7E007602F1 /* opaquewhitelist.cpp in Sources */, + DCD068661D8CDF7E007602F1 /* piddiskrep.cpp in Sources */, + DCD0688A1D8CDF7E007602F1 /* policydb.cpp in Sources */, + DCD0688C1D8CDF7E007602F1 /* policyengine.cpp in Sources */, + DCD0687B1D8CDF7E007602F1 /* quarantine++.cpp in Sources */, + DCD0684A1D8CDF7E007602F1 /* reqdumper.cpp in Sources */, + DCD068461D8CDF7E007602F1 /* reqinterp.cpp in Sources */, + DCD068421D8CDF7E007602F1 /* reqmaker.cpp in Sources */, + DCD068481D8CDF7E007602F1 /* reqparser.cpp in Sources */, + DCD068441D8CDF7E007602F1 /* reqreader.cpp in Sources */, + DCD068401D8CDF7E007602F1 /* requirement.cpp in Sources */, + DCD068731D8CDF7E007602F1 /* resources.cpp in Sources */, + DCD068751D8CDF7E007602F1 /* sigblob.cpp in Sources */, + DCD068321D8CDF7E007602F1 /* signer.cpp in Sources */, + DCD068341D8CDF7E007602F1 /* signerutils.cpp in Sources */, + DCD068621D8CDF7E007602F1 /* singlediskrep.cpp in Sources */, + DCD0685E1D8CDF7E007602F1 /* slcrep.cpp in Sources */, + DCD068791D8CDF7E007602F1 /* xar++.cpp in Sources */, + DCD0688E1D8CDF7E007602F1 /* xpcengine.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCD069E91D8CE21C007602F1 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCD06A401D8CE245007602F1 /* SecIntegrityLib.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCD06A4B1D8CE281007602F1 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCD06A531D8CE2A4007602F1 /* SecCodeHostLib.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCD06A5F1D8CE2D5007602F1 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCD06A751D8CE2F0007602F1 /* gkunpack.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCD06AAB1D8E0D53007602F1 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCD06B9C1D8E0D7D007602F1 /* cfmach++.cpp in Sources */, + DCD06B5D1D8E0D7D007602F1 /* hashing.cpp in Sources */, + DCD06B531D8E0D7D007602F1 /* devrandom.cpp in Sources */, + DCD06BB31D8E0D7D007602F1 /* headermap.cpp in Sources */, + DCD06B8E1D8E0D7D007602F1 /* pcsc++.cpp in Sources */, + DCD06B4B1D8E0D7D007602F1 /* ccaudit.cpp in Sources */, + DCD06BAB1D8E0D7D007602F1 /* cfmunge.cpp in Sources */, + DCD06BBB1D8E0D7D007602F1 /* url.cpp in Sources */, + DCD06B6B1D8E0D7D007602F1 /* seccfobject.cpp in Sources */, + DCD06B741D8E0D7D007602F1 /* superblob.cpp in Sources */, + DCD06BA01D8E0D7D007602F1 /* dyldcache.cpp in Sources */, + DCD06BB11D8E0D7D007602F1 /* buffers.cpp in Sources */, + DCD06B6E1D8E0D7D007602F1 /* simpleprefs.cpp in Sources */, + DCD06B621D8E0D7D007602F1 /* logging.cpp in Sources */, + DCD06B771D8E0D7D007602F1 /* threading.cpp in Sources */, + DCD06B7B1D8E0D7D007602F1 /* tqueue.cpp in Sources */, + DCD06B791D8E0D7D007602F1 /* timeflow.cpp in Sources */, + DCD06B7D1D8E0D7D007602F1 /* trackingallocator.cpp in Sources */, + DCD06B831D8E0D7D007602F1 /* utilities.cpp in Sources */, + DCD06BA31D8E0D7D007602F1 /* machserver.cpp in Sources */, + DCD06BAD1D8E0D7D007602F1 /* cfutilities.cpp in Sources */, + DCD06B9A1D8E0D7D007602F1 /* mach_notify.c in Sources */, + DCD06B431D8E0D7D007602F1 /* crc.c in Sources */, + DCD06BB51D8E0D7D007602F1 /* hosts.cpp in Sources */, + DCD06B701D8E0D7D007602F1 /* sqlite++.cpp in Sources */, + DCD06B541D8E0D7D007602F1 /* dispatch.cpp in Sources */, + DCD06B901D8E0D7D007602F1 /* selector.cpp in Sources */, + DCD06BB71D8E0D7D007602F1 /* inetreply.cpp in Sources */, + DCD06B881D8E0D7D007602F1 /* fdsel.cpp in Sources */, + DCD06B861D8E0D7D007602F1 /* fdmover.cpp in Sources */, + DCD06BBF1D8E0D7D007602F1 /* socks++4.cpp in Sources */, + DCD06B3E1D8E0D7D007602F1 /* FileLockTransaction.cpp in Sources */, + DCD06BC11D8E0D7D007602F1 /* socks++5.cpp in Sources */, + DCD06B4A1D8E0D7D007602F1 /* blob.cpp in Sources */, + DCD06B801D8E0D7D007602F1 /* typedvalue.cpp in Sources */, + DCD06BB91D8E0D7D007602F1 /* ip++.cpp in Sources */, + DCD06B591D8E0D7D007602F1 /* errors.cpp in Sources */, + DCD06B571D8E0D7D007602F1 /* endian.cpp in Sources */, + DCD06B7E1D8E0D7D007602F1 /* transactions.cpp in Sources */, + DCD06B921D8E0D7D007602F1 /* unix++.cpp in Sources */, + DCD06BA71D8E0D7D007602F1 /* coderepository.cpp in Sources */, + DCD06B5F1D8E0D7D007602F1 /* iodevices.cpp in Sources */, + DCD06B481D8E0D7D007602F1 /* alloc.cpp in Sources */, + DCD06B961D8E0D7D007602F1 /* vproc++.cpp in Sources */, + DCD06B8C1D8E0D7D007602F1 /* muscle++.cpp in Sources */, + DCD06B461D8E0D7D007602F1 /* adornments.cpp in Sources */, + DCD06B511D8E0D7D007602F1 /* debugging_internal.cpp in Sources */, + DCD06B721D8E0D7D007602F1 /* streams.cpp in Sources */, + DCD06BA91D8E0D7D007602F1 /* cfclass.cpp in Sources */, + DCD06B981D8E0D7D007602F1 /* mach++.cpp in Sources */, + DCD06B941D8E0D7D007602F1 /* unixchild.cpp in Sources */, + DCD06B401D8E0D7D007602F1 /* CSPDLTransaction.cpp in Sources */, + DCD06B9E1D8E0D7D007602F1 /* macho++.cpp in Sources */, + DCD06BAF1D8E0D7D007602F1 /* bufferfifo.cpp in Sources */, + DCD06BBD1D8E0D7D007602F1 /* socks++.cpp in Sources */, + DCD06B661D8E0D7D007602F1 /* osxcode.cpp in Sources */, + DCD06B5B1D8E0D7D007602F1 /* globalizer.cpp in Sources */, + DCD06B681D8E0D7D007602F1 /* powerwatch.cpp in Sources */, + DCD06B4E1D8E0D7D007602F1 /* daemon.cpp in Sources */, + DCD06BA51D8E0D7D007602F1 /* machrunloopserver.cpp in Sources */, + DCD06B8A1D8E0D7D007602F1 /* kq++.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCD66D5F1D8204A700DB1393 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + D45917E41DC13E6700752D25 /* SecCertificateRequest.c in Sources */, + DCD66DC01D82054500DB1393 /* SecCertificate.c in Sources */, + DCD66DBF1D82053E00DB1393 /* SecDigest.c in Sources */, + DCD66DBE1D82053700DB1393 /* SecBase64.c in Sources */, + DCD66DBD1D82053100DB1393 /* SecCertificatePath.c in Sources */, + DCD66DB61D82050900DB1393 /* SecKey.c in Sources */, + DCD66DBC1D82052B00DB1393 /* SecKeyAdaptors.c in Sources */, + DCD66DBB1D82052700DB1393 /* SecPolicy.c in Sources */, + DCD66DBA1D82052000DB1393 /* SecPolicyLeafCallbacks.c in Sources */, + DCD66DB91D82051900DB1393 /* SecTrust.c in Sources */, + DCD66DB71D82050E00DB1393 /* SecTrustStore.c in Sources */, + DCD66DB51D82050500DB1393 /* SecECKey.c in Sources */, + DCD66DB41D82050000DB1393 /* SecRSAKey.c in Sources */, + DCD66DB31D8204FB00DB1393 /* SecServerEncryptionSupport.c in Sources */, + D425EC231DD3FFF200DE5DEC /* SecInternalRelease.c in Sources */, + DCD66DB21D8204F500DB1393 /* SecSignatureVerificationSupport.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCD66DC51D8205C400DB1393 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCD66DDD1D8205FB00DB1393 /* SecOTRDHKey.c in Sources */, + DCD66DDE1D8205FB00DB1393 /* SecOTRFullIdentity.c in Sources */, + DCD66DDF1D8205FB00DB1393 /* SecOTRMath.c in Sources */, + DCD66DE01D8205FB00DB1393 /* SecOTRPacketData.c in Sources */, + DCD66DE11D8205FB00DB1393 /* SecOTRPackets.c in Sources */, + DCD66DE21D8205FB00DB1393 /* SecOTRPublicIdentity.c in Sources */, + DCD66DE31D8205FB00DB1393 /* SecOTRSession.c in Sources */, + DCD66DE41D8205FB00DB1393 /* SecOTRSessionAKE.c in Sources */, + DCD66DDC1D8205E500DB1393 /* SecOTRUtils.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E6911D7A37FA00AFB96E /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCE4E6921D7A37FA00AFB96E /* security_tool_commands.c in Sources */, + DCE4E6931D7A37FA00AFB96E /* NSFileHandle+Formatting.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E74C1D7A43B500AFB96E /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCE4E7B51D7A43FF00AFB96E /* main.m in Sources */, + DCE4E7B61D7A440A00AFB96E /* bc-10-knife-on-bread.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E7C81D7A4AED00AFB96E /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCE4E7E21D7A4B7F00AFB96E /* main.c in Sources */, + DCE4E7DF1D7A4B4C00AFB96E /* bc-10-knife-on-bread.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E7F21D7A4DA800AFB96E /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCE4E8071D7A4DE200AFB96E /* server.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E8381D7A57AE00AFB96E /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCE4E8391D7A57AE00AFB96E /* server.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E8901D7F34F600AFB96E /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCE4E8C21D7F353900AFB96E /* server.c in Sources */, + DCE4E8BA1D7F353900AFB96E /* credential.c in Sources */, + DCE4E8BF1D7F353900AFB96E /* object.c in Sources */, + DCE4E8B51D7F353900AFB96E /* authitems.c in Sources */, + DCE4E8B91D7F353900AFB96E /* crc.c in Sources */, + DCE4E8C31D7F353900AFB96E /* session.c in Sources */, + DCE4E8BC1D7F353900AFB96E /* engine.c in Sources */, + DCE4E8C41D7F353900AFB96E /* connection.c in Sources */, + DCE4E8C11D7F353900AFB96E /* rule.c in Sources */, + DCE4E8C01D7F353900AFB96E /* process.c in Sources */, + DCE4E8B31D7F353900AFB96E /* agent.c in Sources */, + DCE4E8BE1D7F353900AFB96E /* mechanism.c in Sources */, + DCE4E8BB1D7F353900AFB96E /* debugging.c in Sources */, + DCE4E8B41D7F353900AFB96E /* authdb.c in Sources */, + DCE4E8B81D7F353900AFB96E /* ccaudit.c in Sources */, + DCE4E8BD1D7F353900AFB96E /* main.c in Sources */, + DCE4E8B71D7F353900AFB96E /* authutilities.c in Sources */, + DCE4E8B61D7F353900AFB96E /* authtoken.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E8D91D7F39DB00AFB96E /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCE4E8F71D7F3A1100AFB96E /* KDCirclePeer.m in Sources */, + DCE4E8F91D7F3A1100AFB96E /* KDAppDelegate.m in Sources */, + DCE4E8F81D7F3A1100AFB96E /* main.m in Sources */, + DCE4E8F61D7F3A1100AFB96E /* KDSecCircle.m in Sources */, + DCE4E8FA1D7F3A1100AFB96E /* KDSecItems.m in Sources */, + DCE4E8FB1D7F3A1100AFB96E /* NSArray+mapWithBlock.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCE4E90D1D7F3D5300AFB96E /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCE4E92B1D7F3D7C00AFB96E /* KDSecCircle.m in Sources */, + DCE4E92C1D7F3D7C00AFB96E /* KNPersistentState.m in Sources */, + DCE4E9311D7F3D7C00AFB96E /* KDCirclePeer.m in Sources */, + DCE4E92D1D7F3D7C00AFB96E /* NSArray+mapWithBlock.m in Sources */, + DCE4E92F1D7F3D7C00AFB96E /* NSString+compactDescription.m in Sources */, + DCE4E9301D7F3D7C00AFB96E /* main.m in Sources */, + DCE4E92E1D7F3D7C00AFB96E /* NSDictionary+compactDescription.m in Sources */, + DCE4E9321D7F3D7C00AFB96E /* KNAppDelegate.m in Sources */, + DCE4E9331D7F3D7C00AFB96E /* NSSet+compactDescription.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF7830E1D88B4DE00E694BB /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCF783F31D88B60D00E694BB /* pkcs12Derive.cpp in Sources */, + DCF784CE1D88B62E00E694BB /* rc2_skey.c in Sources */, + DCF7849F1D88B62D00E694BB /* bn_exp.c in Sources */, + DCF784F31D88B62E00E694BB /* rsa_pk1.c in Sources */, + DCF783EF1D88B60D00E694BB /* SHA1_MD5_Object.cpp in Sources */, + DCF784BE1D88B62E00E694BB /* dh_lib.c in Sources */, + DCF783D41D88B60D00E694BB /* cryptkitcsp.cpp in Sources */, + DCF784A11D88B62D00E694BB /* bn_gcd.c in Sources */, + DCF784BB1D88B62E00E694BB /* dh_err.c in Sources */, + DCF7849B1D88B62D00E694BB /* bn_blind.c in Sources */, + DCF784B61D88B62D00E694BB /* buf_err.c in Sources */, + DCF784B71D88B62D00E694BB /* buffer.c in Sources */, + DCF783E51D88B60D00E694BB /* DH_utils.cpp in Sources */, + DCF784041D88B60D00E694BB /* miscAlgFactory.cpp in Sources */, + DCF7849A1D88B62D00E694BB /* bn_asm.c in Sources */, + DCF783DB1D88B60D00E694BB /* FEEKeys.cpp in Sources */, + DCF784C51D88B62E00E694BB /* dsa_sign.c in Sources */, + DCF783A21D88B60D00E694BB /* gladmanContext.cpp in Sources */, + DCF783B51D88B60D00E694BB /* BlockCryptor.cpp in Sources */, + DCF784071D88B60D00E694BB /* RSA_DSA_signature.cpp in Sources */, + DCF784AB1D88B62D00E694BB /* bn_recp.c in Sources */, + DCF784AD1D88B62D00E694BB /* bn_sqr.c in Sources */, + DCF784091D88B60D00E694BB /* RSA_DSA_utils.cpp in Sources */, + DCF783D91D88B60D00E694BB /* FEECSPUtils.cpp in Sources */, + DCF784C01D88B62E00E694BB /* dsa_err.c in Sources */, + DCF784CF1D88B62E00E694BB /* rc5_enc.c in Sources */, + DCF784A71D88B62D00E694BB /* bn_prime.c in Sources */, + DCF7839E1D88B60D00E694BB /* aescsp.cpp in Sources */, + DCF783C61D88B60D00E694BB /* bsafeAsymmetric.cpp in Sources */, + DCF784921D88B62D00E694BB /* bf_ecb.c in Sources */, + DCF783E71D88B60D00E694BB /* HMACSHA1.c in Sources */, + DCF784F61D88B62E00E694BB /* rsa_ssl.c in Sources */, + DCF783CA1D88B60D00E694BB /* bsafeKeyGen.cpp in Sources */, + DCF783E31D88B60D00E694BB /* DH_keys.cpp in Sources */, + DCF784AC1D88B62D00E694BB /* bn_shift.c in Sources */, + DCF784A51D88B62D00E694BB /* bn_mpi.c in Sources */, + DCF784A61D88B62D00E694BB /* bn_mul.c in Sources */, + DCF784BC1D88B62E00E694BB /* dh_gen.c in Sources */, + DCF784061D88B60D00E694BB /* RSA_asymmetric.cpp in Sources */, + DCF784EC1D88B62E00E694BB /* rsa_chk.c in Sources */, + DCF783BC1D88B60D00E694BB /* MacContext.cpp in Sources */, + DCF783ED1D88B60D00E694BB /* MD2Object.cpp in Sources */, + DCF783A81D88B60D00E694BB /* vRijndael-alg-ref.c in Sources */, + DCF783AC1D88B60D00E694BB /* AppleCSPContext.cpp in Sources */, + DCF784BF1D88B62E00E694BB /* dsa_asn1.c in Sources */, + DCF783A01D88B60D00E694BB /* boxes-ref.c in Sources */, + DCF784151D88B60D00E694BB /* opensslUtils.cpp in Sources */, + DCF783B91D88B60D00E694BB /* deriveKey.cpp in Sources */, + DCF783FE1D88B60D00E694BB /* rc2Context.cpp in Sources */, + DCF784121D88B60D00E694BB /* opensshWrap.cpp in Sources */, + DCF783F11D88B60D00E694BB /* SHA2_Object.cpp in Sources */, + DCF784A91D88B62D00E694BB /* bn_print.c in Sources */, + DCF783A61D88B60D00E694BB /* rijndaelApi.c in Sources */, + DCF783BA1D88B60D00E694BB /* DigestContext.cpp in Sources */, + DCF784D11D88B62E00E694BB /* rc5_skey.c in Sources */, + DCF784CA1D88B62E00E694BB /* lhash.c in Sources */, + DCF784BD1D88B62E00E694BB /* dh_key.c in Sources */, + DCF784C71D88B62E00E694BB /* err.c in Sources */, + DCF783AE1D88B60D00E694BB /* AppleCSPKeys.cpp in Sources */, + DCF784CB1D88B62E00E694BB /* mem.c in Sources */, + DCF783D71D88B60D00E694BB /* FEEAsymmetricContext.cpp in Sources */, + DCF783D01D88B60D00E694BB /* miscalgorithms.cpp in Sources */, + DCF783E11D88B60D00E694BB /* DH_exchange.cpp in Sources */, + DCF783C31D88B60D00E694BB /* YarrowConnection.cpp in Sources */, + DCF784A41D88B62D00E694BB /* bn_mont.c in Sources */, + DCF783C11D88B60D00E694BB /* wrapKey.cpp in Sources */, + DCF783BF1D88B60D00E694BB /* SignatureContext.cpp in Sources */, + DCF784111D88B60D00E694BB /* opensshCoding.cpp in Sources */, + DCF784C11D88B62E00E694BB /* dsa_gen.c in Sources */, + DCF7840B1D88B60D00E694BB /* RSA_DSA_csp.cpp in Sources */, + DCF783F71D88B60D00E694BB /* bfContext.cpp in Sources */, + DCF783FB1D88B60D00E694BB /* desContext.cpp in Sources */, + DCF784CC1D88B62E00E694BB /* rc2_cbc.c in Sources */, + DCF784AA1D88B62D00E694BB /* bn_rand.c in Sources */, + DCF784BA1D88B62E00E694BB /* dh_check.c in Sources */, + DCF783A91D88B60D00E694BB /* AppleCSP.cpp in Sources */, + DCF784C31D88B62E00E694BB /* dsa_lib.c in Sources */, + DCF784971D88B62D00E694BB /* bio_lib.c in Sources */, + DCF784C91D88B62E00E694BB /* ex_data.c in Sources */, + DCF784C21D88B62E00E694BB /* dsa_key.c in Sources */, + DCF784A31D88B62D00E694BB /* bn_lib.c in Sources */, + DCF784961D88B62D00E694BB /* bf_skey.c in Sources */, + DCF784F01D88B62E00E694BB /* rsa_lib.c in Sources */, + DCF783AB1D88B60D00E694BB /* AppleCSPBuiltin.cpp in Sources */, + DCF783D11D88B60D00E694BB /* ascContext.cpp in Sources */, + DCF784981D88B62D00E694BB /* bss_file.c in Sources */, + DCF784C81D88B62E00E694BB /* err_prn.c in Sources */, + DCF784F11D88B62E00E694BB /* rsa_none.c in Sources */, + DCF784B81D88B62D00E694BB /* cryptlib.c in Sources */, + DCF783DF1D88B60D00E694BB /* DH_csp.cpp in Sources */, + DCF784A01D88B62D00E694BB /* bn_exp2.c in Sources */, + DCF7840D1D88B60D00E694BB /* RSA_DSA_keys.cpp in Sources */, + DCF783CB1D88B60D00E694BB /* bsafePKCS1.cpp in Sources */, + DCF783B21D88B60D00E694BB /* AppleCSPUtils.cpp in Sources */, + DCF784EE1D88B62E00E694BB /* rsa_err.c in Sources */, + DCF783F91D88B60D00E694BB /* castContext.cpp in Sources */, + DCF783F51D88B60D00E694BB /* pkcs8.cpp in Sources */, + DCF783C21D88B60D00E694BB /* wrapKeyCms.cpp in Sources */, + DCF7849E1D88B62D00E694BB /* bn_err.c in Sources */, + DCF784131D88B60D00E694BB /* opensslAsn1.cpp in Sources */, + DCF784991D88B62D00E694BB /* bn_add.c in Sources */, + DCF784001D88B60D00E694BB /* rc4Context.cpp in Sources */, + DCF783C71D88B60D00E694BB /* bsafeContext.cpp in Sources */, + DCF783DD1D88B60D00E694BB /* FEESignatureObject.cpp in Sources */, + DCF784C61D88B62E00E694BB /* dsa_vrf.c in Sources */, + DCF784AE1D88B62D00E694BB /* bn_word.c in Sources */, + DCF783A41D88B60D00E694BB /* rijndael-alg-ref.c in Sources */, + DCF783CF1D88B60D00E694BB /* memory.cpp in Sources */, + DCF783E91D88B60D00E694BB /* pbkdDigest.cpp in Sources */, + DCF784021D88B60D00E694BB /* rc5Context.cpp in Sources */, + DCF783EB1D88B60D00E694BB /* pbkdf2.c in Sources */, + DCF783B71D88B60D00E694BB /* cspdebugging.c in Sources */, + DCF784ED1D88B62E00E694BB /* rsa_eay.c in Sources */, + DCF784EF1D88B62E00E694BB /* rsa_gen.c in Sources */, + DCF783CD1D88B60D00E694BB /* bsafeSymmetric.cpp in Sources */, + DCF784F71D88B62E00E694BB /* stack.c in Sources */, + DCF7849C1D88B62D00E694BB /* bn_ctx.c in Sources */, + DCF784F51D88B62E00E694BB /* rsa_sign.c in Sources */, + DCF784F21D88B62E00E694BB /* rsa_null.c in Sources */, + DCF784931D88B62D00E694BB /* bf_enc.c in Sources */, + DCF784F41D88B62E00E694BB /* rsa_saos.c in Sources */, + DCF783C51D88B60D00E694BB /* algmaker.cpp in Sources */, + DCF7849D1D88B62D00E694BB /* bn_div.c in Sources */, + DCF784C41D88B62E00E694BB /* dsa_ossl.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF785601D88B95500E694BB /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCF787221D88BA0100E694BB /* SSCSPSession.cpp in Sources */, + DCF787261D88BA0100E694BB /* SSDLSession.cpp in Sources */, + DCF7872A1D88BA0100E694BB /* SSKey.cpp in Sources */, + DCF7871E1D88BA0100E694BB /* SSContext.cpp in Sources */, + DCF787201D88BA0100E694BB /* SSCSPDLSession.cpp in Sources */, + DCF7871C1D88BA0100E694BB /* CSPDLPlugin.cpp in Sources */, + DCF787241D88BA0100E694BB /* SSDatabase.cpp in Sources */, + DCF7871A1D88BA0100E694BB /* CSPDLDatabase.cpp in Sources */, + DCF787281D88BA0100E694BB /* SSFactory.cpp in Sources */, + DCF787301D88C18A00E694BB /* AppleCSPDLBuiltin.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF787AE1D88C86900E694BB /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF788361D88C8C400E694BB /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCF788441D88C8FF00E694BB /* AppleDLBuiltin.cpp in Sources */, + DCF788411D88C8DE00E694BB /* AppleFileDL.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF788491D88CA7200E694BB /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCF788751D88CABC00E694BB /* AppleX509CL.cpp in Sources */, + DCF788871D88CABC00E694BB /* clNssUtils.cpp in Sources */, + DCF788921D88CABC00E694BB /* DecodedItem.cpp in Sources */, + DCF788851D88CABC00E694BB /* clNameUtils.cpp in Sources */, + DCF788951D88CABC00E694BB /* Session_Cert.cpp in Sources */, + DCF788831D88CABC00E694BB /* CLFieldsCommon.cpp in Sources */, + DCF7888C1D88CABC00E694BB /* DecodedCert.cpp in Sources */, + DCF788771D88CABC00E694BB /* AppleX509CLBuiltin.cpp in Sources */, + DCF7887B1D88CABC00E694BB /* CertFields.cpp in Sources */, + DCF788791D88CABC00E694BB /* AppleX509CLSession.cpp in Sources */, + DCF7888A1D88CABC00E694BB /* CSPAttacher.cpp in Sources */, + DCF788801D88CABC00E694BB /* CLCrlExtensions.cpp in Sources */, + DCF788781D88CABC00E694BB /* AppleX509CLPlugin.cpp in Sources */, + DCF7887C1D88CABC00E694BB /* CLCachedEntry.cpp in Sources */, + DCF7888E1D88CABC00E694BB /* DecodedCrl.cpp in Sources */, + DCF788891D88CABC00E694BB /* CrlFields.cpp in Sources */, + DCF788981D88CABC00E694BB /* Session_CSR.cpp in Sources */, + DCF788961D88CABC00E694BB /* Session_CRL.cpp in Sources */, + DCF788901D88CABC00E694BB /* DecodedExtensions.cpp in Sources */, + DCF7887E1D88CABC00E694BB /* CLCertExtensions.cpp in Sources */, + DCF788971D88CABC00E694BB /* Session_Crypto.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF788991D88CB5200E694BB /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCF788A51D88CB6800E694BB /* AppleX509CLPlugin.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + DCF788BC1D88CD2400E694BB /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + DCF789341D88CD6700E694BB /* TPDatabase.cpp in Sources */, + DCF7892B1D88CD6700E694BB /* TPCertInfo.cpp in Sources */, + DCF789211D88CD6700E694BB /* AppleTP.cpp in Sources */, + DCF789391D88CD6700E694BB /* ocspRequest.cpp in Sources */, + DCF789371D88CD6700E694BB /* TPNetwork.cpp in Sources */, + DCF789321D88CD6700E694BB /* tpCrlVerify.cpp in Sources */, + DCF789231D88CD6700E694BB /* AppleTPSession.cpp in Sources */, + DCF789281D88CD6700E694BB /* cuEnc64.c in Sources */, + DCF789411D88CD6700E694BB /* tpPolicies.cpp in Sources */, + DCF789481D88D17C00E694BB /* AppleX509TPBuiltin.cpp in Sources */, + DCF7893F1D88CD6700E694BB /* tpOcspVerify.cpp in Sources */, + DCF789301D88CD6700E694BB /* TPCrlInfo.cpp in Sources */, + DCF789431D88CD6700E694BB /* tpTime.c in Sources */, + DCF789261D88CD6700E694BB /* certGroupUtils.cpp in Sources */, + DCF7893B1D88CD6700E694BB /* tpOcspCache.cpp in Sources */, + DCF7892A1D88CD6700E694BB /* tpCertGroup.cpp in Sources */, + DCF7893D1D88CD6700E694BB /* tpOcspCertVfy.cpp in Sources */, + DCF7892F1D88CD6700E694BB /* tpCredRequest.cpp in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + E710C73E1331946400F85568 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 4CC92B1C15A3BF2F00C6D578 /* testmain.c in Sources */, + 0C78F1CC16A5E1BF00654E08 /* sectask-10-sectask.c in Sources */, + 0C78F1CE16A5E1BF00654E08 /* sectask_ipc.defs in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + E7B01BC2166594AB000485F1 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + E7D847C01C6BE9710025BB44 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + E7F480151C73980D00390FDB /* KCJoiningRequestSession.m in Sources */, + E7F480331C73FC4C00390FDB /* KCAESGCMDuplexSession.m in Sources */, + E794BB001C7598F900339A0F /* KCJoiningMessages.m in Sources */, + E794BA6F1C7424D800339A0F /* KCDer.m in Sources */, + E7E3EFBA1CBC192A00E79A5D /* KCAccountKCCircleDelegate.m in Sources */, + E7F482AC1C7558F700390FDB /* KCJoiningAcceptSession.m in Sources */, + E71454F01C741E0800B5B20B /* KCError.m in Sources */, + E772FD471CC15EFA00D63E41 /* NSData+SecRandom.m in Sources */, + E7F482AA1C7554FB00390FDB /* NSError+KCCreationHelpers.m in Sources */, + E75C0E831C6FC31D00E6953B /* KCSRPContext.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + E7D847CA1C6BE9720025BB44 /* Sources */ = { + isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( - EBE901721C2283F7007308C6 /* AggregateDictionary.framework in Frameworks */, - 0C0BDB901756A80100BC1A7E /* libsecipc_client.a in Frameworks */, - 0C0BDB8C1756A5F500BC1A7E /* libregressions.a in Frameworks */, - 438168C51B4ED43B00C54D58 /* CoreFoundation.framework in Frameworks */, - EB3409B01C1D627400D77661 /* Foundation.framework in Frameworks */, - 0C0BDB8B1756A5D900BC1A7E /* libASN1.a in Frameworks */, - 0C0BDB8A1756A5D500BC1A7E /* libDER.a in Frameworks */, - D447C4E81D31CA720082FC1D /* libCMS.a in Frameworks */, - D447C4DA1D31C8280082FC1D /* libsecurity.a in Frameworks */, - 0C0BDB851756A4B900BC1A7E /* libsecdRegressions.a in Frameworks */, - 0C0BDB861756A4C100BC1A7E /* libsecurityd.a in Frameworks */, - 0C0BDB8E1756A69A00BC1A7E /* libSecureObjectSync.a in Frameworks */, - 0C0BDB871756A4FA00BC1A7E /* libutilities.a in Frameworks */, - D447C4101D3094740082FC1D /* Security.framework in Frameworks */, - 0C0BDB8D1756A66100BC1A7E /* CFNetwork.framework in Frameworks */, - 0C0BDB911756A8A400BC1A7E /* IOKit.framework in Frameworks */, - 0C0BDB931756A8C900BC1A7E /* SystemConfiguration.framework in Frameworks */, - 5E8B53A51AA0B8A600345E7B /* libcoreauthd_test_client.a in Frameworks */, - 4432B15F1A014D55000958DC /* libaks_acl.a in Frameworks */, - 0C0BDB8F1756A6D500BC1A7E /* libMobileGestalt.dylib in Frameworks */, - 0C0BDB881756A51000BC1A7E /* libsqlite3.dylib in Frameworks */, - 4469FBFF1AA0A4820021AA26 /* libctkclient_test.a in Frameworks */, + E7F4809C1C74E85200390FDB /* KCDerTest.m in Sources */, + E7F482701C74FDD100390FDB /* KCJoiningSessionTest.m in Sources */, + E7D848051C6BEFCD0025BB44 /* KCSRPTests.m in Sources */, + E7F4809E1C74E86D00390FDB /* KCAESGCMTest.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + EB0BC9371C3C791500785842 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + EB0BC9671C3C798600785842 /* secedumodetest.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + EB425C9F1C65846D000ECE53 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + EB425CCF1C658554000ECE53 /* secbackuptest.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + EB433A211CC3243600A7EACE /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + EB433A291CC3244C00A7EACE /* secitemstresstest.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + EB9C1D761BDFD0E000F89272 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + EB9C1D7E1BDFD0E100F89272 /* secbackupntest.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + EBA9AA7E1CE30E58004E2B68 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + EBA9AA871CE30E6F004E2B68 /* secitemnotifications.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + EBCF73F41CE45F9C00BED7CA /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + EBCF73FD1CE45FAC00BED7CA /* secitemfunctionality.m in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + EBF3746E1DC055580065D840 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + EBF374751DC055590065D840 /* security-sysdiagnose.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; - 0C2BCBB21D06401F00ED7A2F /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 0C2BCBB31D06401F00ED7A2F /* libutilities.a in Frameworks */, - 0C2BCBB41D06401F00ED7A2F /* Security.framework in Frameworks */, - 0C2BCBB51D06401F00ED7A2F /* CoreFoundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; +/* End PBXSourcesBuildPhase section */ + +/* Begin PBXTargetDependency section */ + 0C10C93A1DD548B6000602A8 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E8BE1D80C25800B0A59C /* SecureObjectSync */; + targetProxy = 0C10C9391DD548B6000602A8 /* PBXContainerItemProxy */; + }; + 0C10C93C1DD548BD000602A8 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = 0C10C93B1DD548BD000602A8 /* PBXContainerItemProxy */; + }; + 0C2BCBBC1D0640B200ED7A2F /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 0C2BCBA81D06401F00ED7A2F /* dtlsEchoClient */; + targetProxy = 0C2BCBBB1D0640B200ED7A2F /* PBXContainerItemProxy */; + }; + 0C2BCBD11D0648FA00ED7A2F /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 0C2BCBBD1D0648D100ED7A2F /* dtlsEchoServer */; + targetProxy = 0C2BCBD01D0648FA00ED7A2F /* PBXContainerItemProxy */; + }; + 0C664AB41759270C0092D3D9 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 0C0BDB2E175685B000BC1A7E /* secdtests_ios */; + targetProxy = 0C664AB31759270C0092D3D9 /* PBXContainerItemProxy */; + }; + 0C99B740131C984900584CF4 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 0C6799F912F7C37C00712919 /* dtlsTests */; + targetProxy = 0C99B73F131C984900584CF4 /* PBXContainerItemProxy */; + }; + 0CC827F2138712B100BD99B7 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = E710C7411331946400F85568 /* SecurityTests */; + targetProxy = 0CC827F1138712B100BD99B7 /* PBXContainerItemProxy */; + }; + 438169E71B4EE4B300C54D58 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 4381690B1B4EDCBD00C54D58 /* SOSCCAuthPlugin */; + targetProxy = 438169E61B4EE4B300C54D58 /* PBXContainerItemProxy */; + }; + 4C52D0EE16EFCD720079966E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 4C52D0B316EFC61E0079966E /* CircleJoinRequested */; + targetProxy = 4C52D0ED16EFCD720079966E /* PBXContainerItemProxy */; + }; + 4C541F8C0F250C0400E508AE /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 790851B50CA9859F0083CC4D /* securityd_ios */; + targetProxy = 4C541F8B0F250C0400E508AE /* PBXContainerItemProxy */; + }; + 4C541F8E0F250C0900E508AE /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 4CB740A20A47567C00D641BB /* securitytool_ios */; + targetProxy = 4C541F8D0F250C0900E508AE /* PBXContainerItemProxy */; + }; + 4C541F900F250C0E00E508AE /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 4CE5A54C09C796E100D27A3F /* sslViewer */; + targetProxy = 4C541F8F0F250C0E00E508AE /* PBXContainerItemProxy */; + }; + 4C541F920F250C1300E508AE /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 7913B1FF0D172B3900601FE9 /* sslServer */; + targetProxy = 4C541F910F250C1300E508AE /* PBXContainerItemProxy */; + }; + 4C541FA10F250C5200E508AE /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 4C541F840F250BF500E508AE /* Security_executables_ios */; + targetProxy = 4C541FA00F250C5200E508AE /* PBXContainerItemProxy */; + }; + 4C9DE9EF1181ACA000CF5C27 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 4C9DE9D11181AC4800CF5C27 /* sslEcdsa */; + targetProxy = 4C9DE9EE1181ACA000CF5C27 /* PBXContainerItemProxy */; + }; + 52D82BF616A627100078DFE5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 52D82BDD16A621F70078DFE5 /* CloudKeychainProxy */; + targetProxy = 52D82BF516A627100078DFE5 /* PBXContainerItemProxy */; + }; + 5346481B17331ED800FE9172 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 5346480017331E1100FE9172 /* KeychainSyncAccountNotification */; + targetProxy = 5346481A17331ED800FE9172 /* PBXContainerItemProxy */; + }; + 5DDD0BEE16D6748900D6C0D6 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 728B56A016D59979008FA3AB /* OTAPKIAssetTool */; + targetProxy = 5DDD0BED16D6748900D6C0D6 /* PBXContainerItemProxy */; + }; + 5E10995419A5E80B00A60E2B /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 5E10992419A5E55800A60E2B /* ISACLProtectedItems */; + targetProxy = 5E10995319A5E80B00A60E2B /* PBXContainerItemProxy */; + }; + 5EF7C2561B00EEF900E5E99C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 5EBE24791B00CCAE0007DB0E /* secacltests */; + targetProxy = 5EF7C2551B00EEF900E5E99C /* PBXContainerItemProxy */; + }; + BE197F631911742900BA91D1 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = BE197F2519116FD100BA91D1 /* SharedWebCredentialViewService */; + targetProxy = BE197F621911742900BA91D1 /* PBXContainerItemProxy */; + }; + BE4AC9B418B8020400B84964 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = BE442BA018B7FDB800F24DAE /* swcagent */; + targetProxy = BE4AC9B318B8020400B84964 /* PBXContainerItemProxy */; + }; + CD0637811A840C6400C81E74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = CD276C261A83F60C003226BC /* KeychainSyncingOverIDSProxy */; + targetProxy = CD6130ED1DA1C0CC00E1E42F /* PBXContainerItemProxy */; + }; + D41AD43A1B96721E008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 790851B50CA9859F0083CC4D /* securityd_ios */; + targetProxy = D41AD4391B96721E008C7270 /* PBXContainerItemProxy */; + }; + D41AD43C1B96723B008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = E710C7411331946400F85568 /* SecurityTests */; + targetProxy = D41AD43B1B96723B008C7270 /* PBXContainerItemProxy */; + }; + D41AD43E1B967242008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 0C0BDB2E175685B000BC1A7E /* secdtests_ios */; + targetProxy = D41AD43D1B967242008C7270 /* PBXContainerItemProxy */; + }; + D41AD4401B96724C008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 0C6799F912F7C37C00712919 /* dtlsTests */; + targetProxy = D41AD43F1B96724C008C7270 /* PBXContainerItemProxy */; + }; + D41AD4421B97866C008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 7913B1FF0D172B3900601FE9 /* sslServer */; + targetProxy = D41AD4411B97866C008C7270 /* PBXContainerItemProxy */; + }; + D41AD4441B978681008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 4C9DE9D11181AC4800CF5C27 /* sslEcdsa */; + targetProxy = D41AD4431B978681008C7270 /* PBXContainerItemProxy */; + }; + D41AD4461B9786A3008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 4CB740A20A47567C00D641BB /* securitytool_ios */; + targetProxy = D41AD4451B9786A3008C7270 /* PBXContainerItemProxy */; + }; + D41AD44A1B9786D8008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = F93C49021AB8FCE00047E01A /* ckcdiagnose.sh */; + targetProxy = D41AD4491B9786D8008C7270 /* PBXContainerItemProxy */; + }; + D41AD44C1B9786E2008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 5EBE24791B00CCAE0007DB0E /* secacltests */; + targetProxy = D41AD44B1B9786E2008C7270 /* PBXContainerItemProxy */; + }; + D41AD44E1B978791008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 5E10992419A5E55800A60E2B /* ISACLProtectedItems */; + targetProxy = D41AD44D1B978791008C7270 /* PBXContainerItemProxy */; + }; + D41AD4521B9788B2008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 52D82BDD16A621F70078DFE5 /* CloudKeychainProxy */; + targetProxy = D41AD4511B9788B2008C7270 /* PBXContainerItemProxy */; + }; + D41AD45A1B978944008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 728B56A016D59979008FA3AB /* OTAPKIAssetTool */; + targetProxy = D41AD4591B978944008C7270 /* PBXContainerItemProxy */; + }; + D41AD45C1B978A7A008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 790851B50CA9859F0083CC4D /* securityd_ios */; + targetProxy = D41AD45B1B978A7A008C7270 /* PBXContainerItemProxy */; + }; + D41AD45E1B978A7C008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 4CB740A20A47567C00D641BB /* securitytool_ios */; + targetProxy = D41AD45D1B978A7C008C7270 /* PBXContainerItemProxy */; + }; + D41AD4601B978E18008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = E710C7411331946400F85568 /* SecurityTests */; + targetProxy = D41AD45F1B978E18008C7270 /* PBXContainerItemProxy */; + }; + D41AD4621B978E24008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 0C0BDB2E175685B000BC1A7E /* secdtests_ios */; + targetProxy = D41AD4611B978E24008C7270 /* PBXContainerItemProxy */; + }; + D41AD4661B978F19008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 0C6799F912F7C37C00712919 /* dtlsTests */; + targetProxy = D41AD4651B978F19008C7270 /* PBXContainerItemProxy */; }; - 0C2BCBC71D0648D100ED7A2F /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 0C2BCBC81D0648D100ED7A2F /* libutilities.a in Frameworks */, - 0C2BCBC91D0648D100ED7A2F /* Security.framework in Frameworks */, - 0C2BCBCA1D0648D100ED7A2F /* CoreFoundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + D41AD4681B978F20008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 7913B1FF0D172B3900601FE9 /* sslServer */; + targetProxy = D41AD4671B978F20008C7270 /* PBXContainerItemProxy */; + }; + D41AD46A1B978F24008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 4CE5A54C09C796E100D27A3F /* sslViewer */; + targetProxy = D41AD4691B978F24008C7270 /* PBXContainerItemProxy */; + }; + D41AD46C1B978F28008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 4C9DE9D11181AC4800CF5C27 /* sslEcdsa */; + targetProxy = D41AD46B1B978F28008C7270 /* PBXContainerItemProxy */; + }; + D41AD46E1B978F4C008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 5EBE24791B00CCAE0007DB0E /* secacltests */; + targetProxy = D41AD46D1B978F4C008C7270 /* PBXContainerItemProxy */; + }; + D41AD4721B978F76008C7270 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 728B56A016D59979008FA3AB /* OTAPKIAssetTool */; + targetProxy = D41AD4711B978F76008C7270 /* PBXContainerItemProxy */; + }; + DC0067901D878132005AF8DB /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC6A82911D87749900418608 /* securityd_client_macos */; + targetProxy = DC00678F1D878132005AF8DB /* PBXContainerItemProxy */; + }; + DC0067C41D8787AE005AF8DB /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0067921D87876F005AF8DB /* securityd_server_macos */; + targetProxy = DC0067C31D8787AE005AF8DB /* PBXContainerItemProxy */; + }; + DC0067D31D8788C4005AF8DB /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0067C51D878898005AF8DB /* securityd_ucspc */; + targetProxy = DC0067D21D8788C4005AF8DB /* PBXContainerItemProxy */; + }; + DC008B5A1D90CEC7004002A3 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC008B451D90CE53004002A3 /* securityd_macos_mig */; + targetProxy = DC008B591D90CEC7004002A3 /* PBXContainerItemProxy */; + }; + DC008B5C1D90CEE9004002A3 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC008B451D90CE53004002A3 /* securityd_macos_mig */; + targetProxy = DC008B5B1D90CEE9004002A3 /* PBXContainerItemProxy */; + }; + DC008B641D90CF37004002A3 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC008B451D90CE53004002A3 /* securityd_macos_mig */; + targetProxy = DC008B631D90CF37004002A3 /* PBXContainerItemProxy */; + }; + DC008B661D90CF40004002A3 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC008B451D90CE53004002A3 /* securityd_macos_mig */; + targetProxy = DC008B651D90CF40004002A3 /* PBXContainerItemProxy */; + }; + DC00AB661D821BFD00513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E88A1D80C1EB00B0A59C /* secipc_client */; + targetProxy = DC00AB651D821BFD00513D74 /* PBXContainerItemProxy */; + }; + DC00AB681D821C0500513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E8BE1D80C25800B0A59C /* SecureObjectSync */; + targetProxy = DC00AB671D821C0500513D74 /* PBXContainerItemProxy */; + }; + DC00AB6A1D821C0700513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EC521D80D05200B0A59C /* logging */; + targetProxy = DC00AB691D821C0700513D74 /* PBXContainerItemProxy */; + }; + DC00AB721D821C4600513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCC78EA81D8088E200865A7C /* security */; + targetProxy = DC00AB711D821C4600513D74 /* PBXContainerItemProxy */; + }; + DC00AB741D821C4800513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E7731D80BC8000B0A59C /* libsecurityd_ios */; + targetProxy = DC00AB731D821C4800513D74 /* PBXContainerItemProxy */; + }; + DC00AB761D821C4C00513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E8BE1D80C25800B0A59C /* SecureObjectSync */; + targetProxy = DC00AB751D821C4C00513D74 /* PBXContainerItemProxy */; + }; + DC00AB781D821C5000513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E88A1D80C1EB00B0A59C /* secipc_client */; + targetProxy = DC00AB771D821C5000513D74 /* PBXContainerItemProxy */; + }; + DC00AB7E1D821C7F00513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E8BE1D80C25800B0A59C /* SecureObjectSync */; + targetProxy = DC00AB7D1D821C7F00513D74 /* PBXContainerItemProxy */; + }; + DC00AB801D821C8300513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EC3E1D80D00800B0A59C /* libSWCAgent */; + targetProxy = DC00AB7F1D821C8300513D74 /* PBXContainerItemProxy */; + }; + DC00AB851D821CA300513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E8BE1D80C25800B0A59C /* SecureObjectSync */; + targetProxy = DC00AB841D821CA300513D74 /* PBXContainerItemProxy */; + }; + DC00AB871D821CA900513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E7731D80BC8000B0A59C /* libsecurityd_ios */; + targetProxy = DC00AB861D821CA900513D74 /* PBXContainerItemProxy */; + }; + DC00AB891D821CAD00513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E88A1D80C1EB00B0A59C /* secipc_client */; + targetProxy = DC00AB881D821CAD00513D74 /* PBXContainerItemProxy */; + }; + DC00AB921D821D6000513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EC211D80CFB200B0A59C /* SOSCommands */; + targetProxy = DC00AB911D821D6000513D74 /* PBXContainerItemProxy */; + }; + DC00AB941D821D6500513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EBC61D80CEF100B0A59C /* SecurityCommands */; + targetProxy = DC00AB931D821D6500513D74 /* PBXContainerItemProxy */; + }; + DC00AB961D821D6800513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EA441D80CB7000B0A59C /* SecurityTool */; + targetProxy = DC00AB951D821D6800513D74 /* PBXContainerItemProxy */; + }; + DC00AB9E1D821DBB00513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCC78EA81D8088E200865A7C /* security */; + targetProxy = DC00AB9D1D821DBB00513D74 /* PBXContainerItemProxy */; + }; + DC00ABA01D821DBC00513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E7731D80BC8000B0A59C /* libsecurityd_ios */; + targetProxy = DC00AB9F1D821DBC00513D74 /* PBXContainerItemProxy */; + }; + DC00ABA21D821DBF00513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E8BE1D80C25800B0A59C /* SecureObjectSync */; + targetProxy = DC00ABA11D821DBF00513D74 /* PBXContainerItemProxy */; + }; + DC00ABA41D821DC400513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E88A1D80C1EB00B0A59C /* secipc_client */; + targetProxy = DC00ABA31D821DC400513D74 /* PBXContainerItemProxy */; + }; + DC00ABAA1D821DE600513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E7731D80BC8000B0A59C /* libsecurityd_ios */; + targetProxy = DC00ABA91D821DE600513D74 /* PBXContainerItemProxy */; + }; + DC00ABAC1D821DE700513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E8BE1D80C25800B0A59C /* SecureObjectSync */; + targetProxy = DC00ABAB1D821DE700513D74 /* PBXContainerItemProxy */; + }; + DC00ABAE1D821DEB00513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EC7E1D80D1A800B0A59C /* iOSSecurityRegressions */; + targetProxy = DC00ABAD1D821DEB00513D74 /* PBXContainerItemProxy */; + }; + DC00ABB01D821DF300513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EC601D80D0C400B0A59C /* SOSRegressions */; + targetProxy = DC00ABAF1D821DF300513D74 /* PBXContainerItemProxy */; + }; + DC00ABB21D821DF600513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EDFD1D80D6DD00B0A59C /* SharedRegressions */; + targetProxy = DC00ABB11D821DF600513D74 /* PBXContainerItemProxy */; + }; + DC00ABBB1D821E9B00513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E7731D80BC8000B0A59C /* libsecurityd_ios */; + targetProxy = DC00ABBA1D821E9B00513D74 /* PBXContainerItemProxy */; + }; + DC00ABBD1D821E9F00513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E8BE1D80C25800B0A59C /* SecureObjectSync */; + targetProxy = DC00ABBC1D821E9F00513D74 /* PBXContainerItemProxy */; + }; + DC00ABBF1D821EA700513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52ED631D80D4CD00B0A59C /* iOSsecuritydRegressions */; + targetProxy = DC00ABBE1D821EA700513D74 /* PBXContainerItemProxy */; + }; + DC00ABC91D821F0200513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E7731D80BC8000B0A59C /* libsecurityd_ios */; + targetProxy = DC00ABC81D821F0200513D74 /* PBXContainerItemProxy */; + }; + DC00ABCB1D821F0500513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E8BE1D80C25800B0A59C /* SecureObjectSync */; + targetProxy = DC00ABCA1D821F0500513D74 /* PBXContainerItemProxy */; + }; + DC00ABCF1D821F1700513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E88A1D80C1EB00B0A59C /* secipc_client */; + targetProxy = DC00ABCE1D821F1700513D74 /* PBXContainerItemProxy */; + }; + DC00ABD11D821F1A00513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCC78EA81D8088E200865A7C /* security */; + targetProxy = DC00ABD01D821F1A00513D74 /* PBXContainerItemProxy */; + }; + DC00ABD31D821F1D00513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E8BE1D80C25800B0A59C /* SecureObjectSync */; + targetProxy = DC00ABD21D821F1D00513D74 /* PBXContainerItemProxy */; + }; + DC00ABD51D821F2700513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E7731D80BC8000B0A59C /* libsecurityd_ios */; + targetProxy = DC00ABD41D821F2700513D74 /* PBXContainerItemProxy */; + }; + DC00ABDC1D821F5300513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E88A1D80C1EB00B0A59C /* secipc_client */; + targetProxy = DC00ABDB1D821F5300513D74 /* PBXContainerItemProxy */; + }; + DC00ABDE1D821F5600513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCC78EA81D8088E200865A7C /* security */; + targetProxy = DC00ABDD1D821F5600513D74 /* PBXContainerItemProxy */; + }; + DC00ABE01D821F5C00513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E8BE1D80C25800B0A59C /* SecureObjectSync */; + targetProxy = DC00ABDF1D821F5C00513D74 /* PBXContainerItemProxy */; + }; + DC00ABE21D821F6000513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EDA61D80D58400B0A59C /* secdRegressions */; + targetProxy = DC00ABE11D821F6000513D74 /* PBXContainerItemProxy */; + }; + DC00ABE41D821F6200513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E7731D80BC8000B0A59C /* libsecurityd_ios */; + targetProxy = DC00ABE31D821F6200513D74 /* PBXContainerItemProxy */; + }; + DC00ABEE1D821FB700513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E8BE1D80C25800B0A59C /* SecureObjectSync */; + targetProxy = DC00ABED1D821FB700513D74 /* PBXContainerItemProxy */; + }; + DC00ABF01D821FBA00513D74 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EC601D80D0C400B0A59C /* SOSRegressions */; + targetProxy = DC00ABEF1D821FBA00513D74 /* PBXContainerItemProxy */; + }; + DC0B62961D90B6DB00D43BCB /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC1785041D77873100B50D50 /* copyHeadersToSystem */; + targetProxy = DC0B62951D90B6DB00D43BCB /* PBXContainerItemProxy */; + }; + DC0BC55B1D8B6D2E00070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BC5501D8B6D2D00070CB0 /* XPCKeychainSandboxCheck */; + targetProxy = DC0BC55A1D8B6D2E00070CB0 /* PBXContainerItemProxy */; + }; + DC0BC5791D8B6EE200070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BC5631D8B6E3D00070CB0 /* XPCTimeStampingService */; + targetProxy = DC0BC5781D8B6EE200070CB0 /* PBXContainerItemProxy */; + }; + DC0BC5AF1D8B714000070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BC5851D8B70E700070CB0 /* security_cdsa_utils */; + targetProxy = DC0BC5AE1D8B714000070CB0 /* PBXContainerItemProxy */; + }; + DC0BC5C11D8B72BB00070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BC5B01D8B71FD00070CB0 /* security_checkpw */; + targetProxy = DC0BC5C01D8B72BB00070CB0 /* PBXContainerItemProxy */; + }; + DC0BC5D21D8B732300070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BC5B01D8B71FD00070CB0 /* security_checkpw */; + targetProxy = DC0BC5D11D8B732300070CB0 /* PBXContainerItemProxy */; + }; + DC0BC5D61D8B73B000070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BC5B01D8B71FD00070CB0 /* security_checkpw */; + targetProxy = DC0BC5D71D8B73B000070CB0 /* PBXContainerItemProxy */; + }; + DC0BC5F71D8B749000070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BC5E21D8B742200070CB0 /* security_comcryption */; + targetProxy = DC0BC5F61D8B749000070CB0 /* PBXContainerItemProxy */; + }; + DC0BC7431D8B762F00070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BC5F81D8B752B00070CB0 /* security_cryptkit */; + targetProxy = DC0BC7421D8B762F00070CB0 /* PBXContainerItemProxy */; + }; + DC0BC7BF1D8B784F00070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BC7451D8B771600070CB0 /* security_cssm */; + targetProxy = DC0BC7BE1D8B784F00070CB0 /* PBXContainerItemProxy */; + }; + DC0BC8C91D8B7D1C00070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BC8981D8B7CBD00070CB0 /* security_filedb */; + targetProxy = DC0BC8C81D8B7D1C00070CB0 /* PBXContainerItemProxy */; + }; + DC0BC8F61D8B7DE700070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BC8CC1D8B7DA200070CB0 /* security_manifest */; + targetProxy = DC0BC8F51D8B7DE700070CB0 /* PBXContainerItemProxy */; + }; + DC0BC92C1D8B7EBB00070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BC8F91D8B7E8000070CB0 /* security_mds */; + targetProxy = DC0BC92B1D8B7EBB00070CB0 /* PBXContainerItemProxy */; + }; + DC0BC9651D8B80D200070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BC92E1D8B7F6A00070CB0 /* security_ocspd */; + targetProxy = DC0BC9641D8B80D200070CB0 /* PBXContainerItemProxy */; + }; + DC0BC9991D8B814A00070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BC9661D8B810A00070CB0 /* security_pkcs12 */; + targetProxy = DC0BC9981D8B814A00070CB0 /* PBXContainerItemProxy */; + }; + DC0BC9C71D8B820000070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BC99A1D8B81BE00070CB0 /* security_sd_cspdl */; + targetProxy = DC0BC9C61D8B820000070CB0 /* PBXContainerItemProxy */; + }; + DC0BCA761D8B82E900070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BC9C81D8B824700070CB0 /* security_ssl */; + targetProxy = DC0BCA751D8B82E900070CB0 /* PBXContainerItemProxy */; + }; + DC0BCA781D8B830900070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCA131D8B82B000070CB0 /* security_ssl_regressions */; + targetProxy = DC0BCA771D8B830900070CB0 /* PBXContainerItemProxy */; + }; + DC0BCB001D8B85E500070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCA791D8B858600070CB0 /* security_transform */; + targetProxy = DC0BCAFF1D8B85E500070CB0 /* PBXContainerItemProxy */; + }; + DC0BCB301D8B89AB00070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCB011D8B894F00070CB0 /* security_translocate */; + targetProxy = DC0BCB2F1D8B89AB00070CB0 /* PBXContainerItemProxy */; + }; + DC0BCC1C1D8C655900070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCBD91D8C648C00070CB0 /* regressionBase */; + targetProxy = DC0BCC1B1D8C655900070CB0 /* PBXContainerItemProxy */; + }; + DC0BCDB71D8C6AD100070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC0BCDB61D8C6AD100070CB0 /* PBXContainerItemProxy */; + }; + DC0BCDB91D8C6AE000070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC0BCDB81D8C6AE000070CB0 /* PBXContainerItemProxy */; + }; + DC0BCDBB1D8C6AF000070CB0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCCF41D8C694700070CB0 /* utilitiesRegressions */; + targetProxy = DC0BCDBA1D8C6AF000070CB0 /* PBXContainerItemProxy */; + }; + DC1789791D779C6700B50D50 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + name = libsecurity_smime; + targetProxy = DC1789781D779C6700B50D50 /* PBXContainerItemProxy */; + }; + DC178BF31D77ABE300B50D50 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC1789031D77980500B50D50 /* Security_osx */; + targetProxy = DC178BF21D77ABE300B50D50 /* PBXContainerItemProxy */; + }; + DC3A4B6B1D91EBEE00E46D4A /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC3A4B571D91E9FB00E46D4A /* CodeSigningHelper */; + targetProxy = DC3A4B6A1D91EBEE00E46D4A /* PBXContainerItemProxy */; + }; + DC52E84B1D80BF1100B0A59C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E7731D80BC8000B0A59C /* libsecurityd_ios */; + targetProxy = DC52E84A1D80BF1100B0A59C /* PBXContainerItemProxy */; + }; + DC52E8BD1D80C23300B0A59C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E88A1D80C1EB00B0A59C /* secipc_client */; + targetProxy = DC52E8BC1D80C23300B0A59C /* PBXContainerItemProxy */; + }; + DC52E9A31D80C5EE00B0A59C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E8BE1D80C25800B0A59C /* SecureObjectSync */; + targetProxy = DC52E9A21D80C5EE00B0A59C /* PBXContainerItemProxy */; + }; + DC52EAA51D80CCF600B0A59C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EA441D80CB7000B0A59C /* SecurityTool */; + targetProxy = DC52EAA41D80CCF600B0A59C /* PBXContainerItemProxy */; + }; + DC52EC201D80CF7400B0A59C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EBC61D80CEF100B0A59C /* SecurityCommands */; + targetProxy = DC52EC1F1D80CF7400B0A59C /* PBXContainerItemProxy */; + }; + DC52EC3D1D80CFF000B0A59C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EC211D80CFB200B0A59C /* SOSCommands */; + targetProxy = DC52EC3C1D80CFF000B0A59C /* PBXContainerItemProxy */; + }; + DC52EC511D80D03100B0A59C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EC3E1D80D00800B0A59C /* libSWCAgent */; + targetProxy = DC52EC501D80D03100B0A59C /* PBXContainerItemProxy */; + }; + DC52EC5F1D80D08100B0A59C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EC521D80D05200B0A59C /* logging */; + targetProxy = DC52EC5E1D80D08100B0A59C /* PBXContainerItemProxy */; + }; + DC52EC7D1D80D18800B0A59C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EC601D80D0C400B0A59C /* SOSRegressions */; + targetProxy = DC52EC7C1D80D18800B0A59C /* PBXContainerItemProxy */; + }; + DC52ECEC1D80D34C00B0A59C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EC7E1D80D1A800B0A59C /* iOSSecurityRegressions */; + targetProxy = DC52ECEB1D80D34C00B0A59C /* PBXContainerItemProxy */; + }; + DC52EDA31D80D55300B0A59C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52ED631D80D4CD00B0A59C /* iOSsecuritydRegressions */; + targetProxy = DC52EDA21D80D55300B0A59C /* PBXContainerItemProxy */; + }; + DC52EDFC1D80D67C00B0A59C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EDA61D80D58400B0A59C /* secdRegressions */; + targetProxy = DC52EDFB1D80D67C00B0A59C /* PBXContainerItemProxy */; + }; + DC52EE631D80D7D900B0A59C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EDFD1D80D6DD00B0A59C /* SharedRegressions */; + targetProxy = DC52EE621D80D7D900B0A59C /* PBXContainerItemProxy */; + }; + DC52EE651D80D7F000B0A59C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EDFD1D80D6DD00B0A59C /* SharedRegressions */; + targetProxy = DC52EE641D80D7F000B0A59C /* PBXContainerItemProxy */; + }; + DC52EE7E1D80D8B100B0A59C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EE661D80D82600B0A59C /* SecItemShimOSX */; + targetProxy = DC52EE7D1D80D8B100B0A59C /* PBXContainerItemProxy */; + }; + DC58C42A1D77BE03003C25A4 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC1789031D77980500B50D50 /* Security_osx */; + targetProxy = DC58C4291D77BE03003C25A4 /* PBXContainerItemProxy */; + }; + DC58C4431D77C1F8003C25A4 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC58C4221D77BDEA003C25A4 /* csparser_osx */; + targetProxy = DC58C4421D77C1F8003C25A4 /* PBXContainerItemProxy */; + }; + DC59E9A61D91C710001BDDF5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + name = libCMSInstall; + targetProxy = DC59E9A51D91C710001BDDF5 /* PBXContainerItemProxy */; + }; + DC59E9A91D91C7CC001BDDF5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + name = libCMS; + targetProxy = DC59E9A81D91C7CC001BDDF5 /* PBXContainerItemProxy */; + }; + DC59EA411D91CAAA001BDDF5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC59E9AC1D91C9DC001BDDF5 /* DER_not_installed */; + targetProxy = DC59EA401D91CAAA001BDDF5 /* PBXContainerItemProxy */; + }; + DC59EA431D91CAAE001BDDF5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC59EA0E1D91CA15001BDDF5 /* DERUtils */; + targetProxy = DC59EA421D91CAAE001BDDF5 /* PBXContainerItemProxy */; + }; + DC59EA531D91CAF0001BDDF5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC59EA0E1D91CA15001BDDF5 /* DERUtils */; + targetProxy = DC59EA541D91CAF0001BDDF5 /* PBXContainerItemProxy */; + }; + DC59EA551D91CAF0001BDDF5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC59E9AC1D91C9DC001BDDF5 /* DER_not_installed */; + targetProxy = DC59EA561D91CAF0001BDDF5 /* PBXContainerItemProxy */; + }; + DC59EA651D91CB9F001BDDF5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC59E9AC1D91C9DC001BDDF5 /* DER_not_installed */; + targetProxy = DC59EA661D91CB9F001BDDF5 /* PBXContainerItemProxy */; + }; + DC59EA761D91CC5E001BDDF5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC59E9AC1D91C9DC001BDDF5 /* DER_not_installed */; + targetProxy = DC59EA751D91CC5E001BDDF5 /* PBXContainerItemProxy */; + }; + DC59EA791D91CC78001BDDF5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC59E9AC1D91C9DC001BDDF5 /* DER_not_installed */; + targetProxy = DC59EA781D91CC78001BDDF5 /* PBXContainerItemProxy */; + }; + DC59EA7D1D91CCAA001BDDF5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC59E9AC1D91C9DC001BDDF5 /* DER_not_installed */; + targetProxy = DC59EA7C1D91CCAA001BDDF5 /* PBXContainerItemProxy */; + }; + DC59EA811D91CD16001BDDF5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC59E9AC1D91C9DC001BDDF5 /* DER_not_installed */; + targetProxy = DC59EA801D91CD16001BDDF5 /* PBXContainerItemProxy */; + }; + DC59EA841D91CD2C001BDDF5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC59E9AC1D91C9DC001BDDF5 /* DER_not_installed */; + targetProxy = DC59EA831D91CD2C001BDDF5 /* PBXContainerItemProxy */; + }; + DC59EA871D91CD76001BDDF5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC59E9AC1D91C9DC001BDDF5 /* DER_not_installed */; + targetProxy = DC59EA861D91CD76001BDDF5 /* PBXContainerItemProxy */; + }; + DC59EA8A1D91CD89001BDDF5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC59E9AC1D91C9DC001BDDF5 /* DER_not_installed */; + targetProxy = DC59EA891D91CD89001BDDF5 /* PBXContainerItemProxy */; }; - 438169091B4EDCBD00C54D58 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 438169E41B4EE13B00C54D58 /* Accounts.framework in Frameworks */, - 438169E51B4EE14D00C54D58 /* Security.framework in Frameworks */, - 4381690D1B4EDCBD00C54D58 /* Foundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC59EA8D1D91CDB9001BDDF5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC59E9AC1D91C9DC001BDDF5 /* DER_not_installed */; + targetProxy = DC59EA8C1D91CDB9001BDDF5 /* PBXContainerItemProxy */; }; - 4C32C0AD0A4975F6002891BD /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - E7B01B7716572123000485F1 /* libSecureObjectSync.a in Frameworks */, - 5296CB4E1655B8F5009912AF /* libMobileGestalt.dylib in Frameworks */, - 0C78F1D016A5E3EB00654E08 /* libbsm.dylib in Frameworks */, - 0C15009B161D020000181E9D /* libASN1.a in Frameworks */, - 0C15009A161D01F400181E9D /* libCMS.a in Frameworks */, - 44A655831AA4B4BB0059D185 /* libctkclient.a in Frameworks */, - 0C150099161D01D700181E9D /* libDER.a in Frameworks */, - 0CCA408015C745B9002AEC4C /* libsecurity_ssl.a in Frameworks */, - 18F7F66F14D77EA400F88A12 /* libsecipc_client.a in Frameworks */, - 18F7F66E14D77E9700F88A12 /* libsecurity.a in Frameworks */, - E76079DC1951FDBF00F69731 /* liblogging.a in Frameworks */, - 4C2FEC5215755D8C0008BE39 /* libutilities.a in Frameworks */, - 4432AF8B1A014664000958DC /* libcoreauthd_client.a in Frameworks */, - 4432AF8D1A01472C000958DC /* libaks_acl.a in Frameworks */, - 438166ED1B4ECF9400C54D58 /* CoreFoundation.framework in Frameworks */, - 4CAF67AC0F3A70220064A534 /* IOKit.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC59EA901D91CDC6001BDDF5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC59E9AC1D91C9DC001BDDF5 /* DER_not_installed */; + targetProxy = DC59EA8F1D91CDC6001BDDF5 /* PBXContainerItemProxy */; }; - 4C52D0B116EFC61E0079966E /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 0C869B431C865E4D006A2873 /* CoreCDP.framework in Frameworks */, - 43DB54551BB1F8920083C3F1 /* ProtectedCloudStorage.framework in Frameworks */, - 4C8A38C917B93DF10001B4C0 /* CloudServices.framework in Frameworks */, - 4C7913251799A5CC00A9633E /* MobileCoreServices.framework in Frameworks */, - 4381603B1B4DCEFF00C54D58 /* AggregateDictionary.framework in Frameworks */, - 4C3DD6BD179760280093F9D8 /* libMobileGestalt.dylib in Frameworks */, - 533B5D4F177CD63100995334 /* SpringBoardServices.framework in Frameworks */, - 7200D76F177B9999009BB396 /* ManagedConfiguration.framework in Frameworks */, - 433E519E1B66D5F600482618 /* AppSupport.framework in Frameworks */, - 4C84DA551720698900AEE225 /* AppleAccount.framework in Frameworks */, - 4CF4C19D171E0EA600877419 /* Accounts.framework in Frameworks */, - 438168C41B4ED43800C54D58 /* CoreFoundation.framework in Frameworks */, - 4C52D0EC16EFCD300079966E /* Security.framework in Frameworks */, - 4C52D0B516EFC61E0079966E /* Foundation.framework in Frameworks */, - 4364A1D81B2116CD00B6AFAC /* libutilities.a in Frameworks */, - EB2CA5571D2C36D400AB770F /* IOKit.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC59EA931D91CDD6001BDDF5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC59E9AC1D91C9DC001BDDF5 /* DER_not_installed */; + targetProxy = DC59EA921D91CDD6001BDDF5 /* PBXContainerItemProxy */; }; - 4C711D6513AFCD0900FE865D /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - D40771EE1C9B51ED0016AA66 /* libSharedRegressions.a in Frameworks */, - EBE9019C1C2285DB007308C6 /* AggregateDictionary.framework in Frameworks */, - E7D690A11652E07B0079537A /* libMobileGestalt.dylib in Frameworks */, - 0CCA418715C89FBB002AEC4C /* libsecurity_ssl_regressions.a in Frameworks */, - 18F7F67814D77F0600F88A12 /* libsecurityd.a in Frameworks */, - 4C2FEC671575887D0008BE39 /* libSecureObjectSync.a in Frameworks */, - 4C2FEC5B15755E2F0008BE39 /* libutilities.a in Frameworks */, - E75C27741C98D42A00F7E12A /* libDER.a in Frameworks */, - E75C27751C98D43700F7E12A /* libASN1.a in Frameworks */, - 4C711D7113AFCD0900FE865D /* libregressions.a in Frameworks */, - 438168C01B4ED42C00C54D58 /* CoreFoundation.framework in Frameworks */, - E7E0D902158FAFED002CA176 /* libutilitiesRegressions.a in Frameworks */, - 4ACED92D15A10A320060775A /* libSecurityRegressions.a in Frameworks */, - 4CC92B3115A3C99600C6D578 /* libsecuritydRegressions.a in Frameworks */, - 44A655A61AA4B4C80059D185 /* libctkclient.a in Frameworks */, - 4C2FEC5D157571DD0008BE39 /* libSOSRegressions.a in Frameworks */, - 4C711D6C13AFCD0900FE865D /* libsqlite3.dylib in Frameworks */, - 4432B1621A014D8F000958DC /* libcoreauthd_client.a in Frameworks */, - 4432B1631A014D8F000958DC /* libaks_acl.a in Frameworks */, - 4C711D6F13AFCD0900FE865D /* CFNetwork.framework in Frameworks */, - 4C711D7013AFCD0900FE865D /* IOKit.framework in Frameworks */, - E7A011AF14E1B78C00765C29 /* Foundation.framework in Frameworks */, - 4C711D6D13AFCD0900FE865D /* Security.framework in Frameworks */, - E71F3E4216EA6A6300FAF9B4 /* SystemConfiguration.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC59EA961D91CDEE001BDDF5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC59E9AC1D91C9DC001BDDF5 /* DER_not_installed */; + targetProxy = DC59EA951D91CDEE001BDDF5 /* PBXContainerItemProxy */; }; - 4C9DE9D01181AC4800CF5C27 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 5296CB521655B9B5009912AF /* libMobileGestalt.dylib in Frameworks */, - 4C2FEC5715755E040008BE39 /* libutilities.a in Frameworks */, - 4432B1C91A024273000958DC /* libaks_acl.a in Frameworks */, - 438168BE1B4ED42700C54D58 /* CoreFoundation.framework in Frameworks */, - 4C9DEA451181B34C00CF5C27 /* Security.framework in Frameworks */, - E71F3E4016EA6A1800FAF9B4 /* SystemConfiguration.framework in Frameworks */, - 4C9DEAA71181B37500CF5C27 /* CFNetwork.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC59EA991D91CE8C001BDDF5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC59E9AC1D91C9DC001BDDF5 /* DER_not_installed */; + targetProxy = DC59EA981D91CE8C001BDDF5 /* PBXContainerItemProxy */; }; - 4CB740A10A47567C00D641BB /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - EBE9019A1C22852C007308C6 /* AggregateDictionary.framework in Frameworks */, - 438168BB1B4ED42300C54D58 /* CoreFoundation.framework in Frameworks */, - E7FEFB94169E378500E18152 /* libSOSCommands.a in Frameworks */, - E7104A07169E03CE00DB0045 /* libSecurityTool.a in Frameworks */, - E7104A24169E222F00DB0045 /* libSecurityCommands.a in Frameworks */, - 5296CB4F1655B92F009912AF /* libMobileGestalt.dylib in Frameworks */, - 4432B0B71A014987000958DC /* libaks_acl.a in Frameworks */, - 4C2FEC5415755DCD0008BE39 /* libutilities.a in Frameworks */, - 4C32C1A60A497A21002891BD /* Security.framework in Frameworks */, - 4CAE95DC0F3D6E020075278E /* CFNetwork.framework in Frameworks */, - 4C0CC642174C580200CC799A /* SystemConfiguration.framework in Frameworks */, - E745836E1BF3CA13001B54A4 /* Foundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC5ABE1C1D832F5E00CF422C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC5ABDC41D832DAB00CF422C /* securitytool_macos */; + targetProxy = DC5ABE1B1D832F5E00CF422C /* PBXContainerItemProxy */; }; - 4CE5A54B09C796E100D27A3F /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 4C2FEC5615755DF40008BE39 /* libutilities.a in Frameworks */, - 4C32C1990A497A0C002891BD /* Security.framework in Frameworks */, - 438168BD1B4ED42700C54D58 /* CoreFoundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC5AC0BD1D83533E00CF422C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + name = securitydservice_client; + targetProxy = DC5AC0BC1D83533E00CF422C /* PBXContainerItemProxy */; }; - 52D82BDB16A621F70078DFE5 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 52D82BF016A622570078DFE5 /* libutilities.a in Frameworks */, - 52D82BEE16A622370078DFE5 /* Security.framework in Frameworks */, - 52D82BDF16A621F70078DFE5 /* Foundation.framework in Frameworks */, - E72D462B175FBF3E00F70B9B /* IOKit.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC5AC0BF1D83534300CF422C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + name = securityd_service; + targetProxy = DC5AC0BE1D83534300CF422C /* PBXContainerItemProxy */; }; - 52DE81661636347500F49F0C /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - EBE9019D1C228603007308C6 /* AggregateDictionary.framework in Frameworks */, - 5233636418CA9B8900333A5C /* SystemConfiguration.framework in Frameworks */, - 5233636318CA9B3C00333A5C /* libSecureObjectSync.a in Frameworks */, - 5233635818CA9B2600333A5C /* libsecurityd.a in Frameworks */, - 4432B0B81A014A93000958DC /* libaks_acl.a in Frameworks */, - 438168C21B4ED43100C54D58 /* CoreFoundation.framework in Frameworks */, - 52222CC1167BDAE100EDD09C /* SpringBoardServices.framework in Frameworks */, - 5296CBAC1656A7E9009912AF /* CFNetwork.framework in Frameworks */, - 5296CBAB1656A7E2009912AF /* IOKit.framework in Frameworks */, - 5296CBAA1656A7AC009912AF /* libsqlite3.dylib in Frameworks */, - 5223A7E316560CE400804179 /* libMobileGestalt.dylib in Frameworks */, - 5264FB52163675310005D258 /* libutilities.a in Frameworks */, - 52DE816B1636347500F49F0C /* UIKit.framework in Frameworks */, - 52DE816C1636347500F49F0C /* Foundation.framework in Frameworks */, - 52DE816D1636347500F49F0C /* CoreGraphics.framework in Frameworks */, - 5264FB4F163674C00005D258 /* QuartzCore.framework in Frameworks */, - 5264FB50163674CF0005D258 /* Security.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC5AC12F1D8356DA00CF422C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC5AC04F1D8352D900CF422C /* securityd_macos */; + targetProxy = DC5AC12E1D8356DA00CF422C /* PBXContainerItemProxy */; }; - 534647FE17331E1100FE9172 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 5328C0521738903F00708984 /* Security.framework in Frameworks */, - 5346481F17332F9C00FE9172 /* Accounts.framework in Frameworks */, - 5346480217331E1200FE9172 /* Foundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC5AC1341D835C2300CF422C /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC1785041D77873100B50D50 /* copyHeadersToSystem */; + targetProxy = DC5AC1331D835C2300CF422C /* PBXContainerItemProxy */; }; - 5E10992219A5E55800A60E2B /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 5E1D7E0419A5EBB700D322DA /* Preferences.framework in Frameworks */, - 5E10992619A5E55800A60E2B /* Foundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC61096B1D78E60C002223DE /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 5EBE24791B00CCAE0007DB0E /* secacltests */; + targetProxy = DC61096A1D78E60C002223DE /* PBXContainerItemProxy */; }; - 5EBE24771B00CCAE0007DB0E /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - D453BA341C8E797A00E4D91F /* libDER.a in Frameworks */, - EBE901991C2284EE007308C6 /* AggregateDictionary.framework in Frameworks */, - EBF2D73C1C1E2B47006AB6FF /* Foundation.framework in Frameworks */, - 5E43C49F1B00D63100E5ECB2 /* libutilities.a in Frameworks */, - 5E43C49D1B00D55C00E5ECB2 /* libsecurityd.a in Frameworks */, - 5E43C49B1B00D50F00E5ECB2 /* libSecureObjectSync.a in Frameworks */, - 5E43C4951B00D10A00E5ECB2 /* libregressions.a in Frameworks */, - 5E43C4A01B00D63F00E5ECB2 /* libMobileGestalt.dylib in Frameworks */, - 4381603C1B4DCF9E00C54D58 /* CFNetwork.framework in Frameworks */, - 4381603A1B4DCE8F00C54D58 /* SystemConfiguration.framework in Frameworks */, - 5E43C4981B00D49700E5ECB2 /* libsqlite3.dylib in Frameworks */, - 5E43C4931B00D0DB00E5ECB2 /* libcoreauthd_client.a in Frameworks */, - 5E43C4921B00D0CD00E5ECB2 /* libaks_acl.a in Frameworks */, - 5E43C48D1B00D07000E5ECB2 /* CoreFoundation.framework in Frameworks */, - 5E43C4961B00D3B500E5ECB2 /* IOKit.framework in Frameworks */, - 5E43C49A1B00D4D800E5ECB2 /* Security.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC61096D1D78E72C002223DE /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = EB9C1D791BDFD0E000F89272 /* secbackupntest */; + targetProxy = DC61096C1D78E72C002223DE /* PBXContainerItemProxy */; }; - 728B569E16D59979008FA3AB /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 72DF9EFE178360230054641E /* libMobileGestalt.dylib in Frameworks */, - 72C3EC2E1705F24E0040C87C /* ManagedConfiguration.framework in Frameworks */, - 72CD2BCE16D59B010064EEE1 /* MobileAsset.framework in Frameworks */, - 72CD2BCD16D59AF30064EEE1 /* Security.framework in Frameworks */, - 728B56A216D59979008FA3AB /* Foundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC610A381D78F15C002223DE /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC610A021D78F129002223DE /* secdtests_macos */; + targetProxy = DC610A371D78F15C002223DE /* PBXContainerItemProxy */; }; - 790851B40CA9859F0083CC4D /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - D453BA551C8E799100E4D91F /* libDER.a in Frameworks */, - EBE54D761BE32F6F000C4856 /* AggregateDictionary.framework in Frameworks */, - 438168941B4ED42300C54D58 /* CoreFoundation.framework in Frameworks */, - E7D690A21652E0870079537A /* libMobileGestalt.dylib in Frameworks */, - 18F7F67214D77ED000F88A12 /* libsecurityd.a in Frameworks */, - 4C1ADEAA1615175500E4A8AF /* libSecureObjectSync.a in Frameworks */, - BE5EC1E318C7F66D005E7682 /* libSWCAgent.a in Frameworks */, - 4C2FEC5315755DAB0008BE39 /* libutilities.a in Frameworks */, - 790851EE0CA9B3410083CC4D /* Security.framework in Frameworks */, - E71F3E3116EA69A900FAF9B4 /* SystemConfiguration.framework in Frameworks */, - 4CF730320EF9CDE300E17471 /* CFNetwork.framework in Frameworks */, - 4CAF66190F3A6FCD0064A534 /* IOKit.framework in Frameworks */, - 4432B15E1A014D37000958DC /* libaks_acl.a in Frameworks */, - 4C2215220F3A612C00835155 /* libsqlite3.dylib in Frameworks */, - 4C70664C0DDDFED9004DA56B /* libbsm.dylib in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC610A421D78F3A5002223DE /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = F93C49021AB8FCE00047E01A /* ckcdiagnose.sh */; + targetProxy = DC610A411D78F3A5002223DE /* PBXContainerItemProxy */; }; - 7913B2060D172B3900601FE9 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 4CE39035169F87BB00026468 /* libSecurityTool.a in Frameworks */, - 5296CB501655B990009912AF /* libMobileGestalt.dylib in Frameworks */, - 4C2FEC5515755DE50008BE39 /* libutilities.a in Frameworks */, - 4432B1A61A024231000958DC /* libaks_acl.a in Frameworks */, - 438168BC1B4ED42600C54D58 /* CoreFoundation.framework in Frameworks */, - 7913B2080D172B3900601FE9 /* Security.framework in Frameworks */, - E71F3E3E16EA69CF00FAF9B4 /* SystemConfiguration.framework in Frameworks */, - 4CAE95D80F3D6DFC0075278E /* CFNetwork.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC610A541D78F759002223DE /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC610A461D78F48F002223DE /* SecTaskTest_macos */; + targetProxy = DC610A531D78F759002223DE /* PBXContainerItemProxy */; }; - BE197F2319116FD100BA91D1 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - D4AA9D121C3B1B1900A5640C /* Security.framework in Frameworks */, - BE2D511D1917739F0093C265 /* libutilities.a in Frameworks */, - BEF8AFF819176B1400F80109 /* libSWCAgent.a in Frameworks */, - BEF8AFF719176B0C00F80109 /* libsecurityd.a in Frameworks */, - BE197F5B1911723E00BA91D1 /* SpringBoardUIServices.framework in Frameworks */, - BE197F5C1911724900BA91D1 /* UIKit.framework in Frameworks */, - BE759DCB1917E38D00801E02 /* CoreGraphics.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC610A6C1D78FAA2002223DE /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC610A551D78F9D2002223DE /* codesign_tests_macos */; + targetProxy = DC610A6B1D78FAA2002223DE /* PBXContainerItemProxy */; }; - BE442BAD18B7FDB800F24DAE /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - BE442BAE18B7FDB800F24DAE /* libMobileGestalt.dylib in Frameworks */, - BE4AC9B718B80CFF00B84964 /* libSWCAgent.a in Frameworks */, - BE442BB218B7FDB800F24DAE /* libutilities.a in Frameworks */, - BE442BB318B7FDB800F24DAE /* Security.framework in Frameworks */, - BE442BB418B7FDB800F24DAE /* SystemConfiguration.framework in Frameworks */, - BE442BB618B7FDB800F24DAE /* CFNetwork.framework in Frameworks */, - BE25C41618B83491003320E0 /* Foundation.framework in Frameworks */, - BE442BB718B7FDB800F24DAE /* IOKit.framework in Frameworks */, - 438168C61B4ED43F00C54D58 /* CoreFoundation.framework in Frameworks */, - D4B858671D370D9A003B2D95 /* MobileCoreServices.framework in Frameworks */, - BE442BB818B7FDB800F24DAE /* libsqlite3.dylib in Frameworks */, - BE442BB918B7FDB800F24DAE /* libbsm.dylib in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC610ABC1D791139002223DE /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC610AAD1D7910C3002223DE /* gk_reset_check_macos */; + targetProxy = DC610ABB1D791139002223DE /* PBXContainerItemProxy */; }; - CD276C241A83F60C003226BC /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - CD0637551A84060600C81E74 /* Security.framework in Frameworks */, - CD0637571A84068F00C81E74 /* IDS.framework in Frameworks */, - CD045E471A83F8C7005FA0AC /* libutilities.a in Frameworks */, - CD0637561A84065F00C81E74 /* IOKit.framework in Frameworks */, - CD276C281A83F60C003226BC /* Foundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC63CAF31D90DF6000C03317 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC63CAE81D90D63500C03317 /* libsecurityd_macos_mig */; + targetProxy = DC63CAF21D90DF6000C03317 /* PBXContainerItemProxy */; }; - E710C73F1331946400F85568 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - D40771E91C9B518F0016AA66 /* libSharedRegressions.a in Frameworks */, - EBE9019B1C2285D4007308C6 /* AggregateDictionary.framework in Frameworks */, - E7A011AE14E1B78800765C29 /* Foundation.framework in Frameworks */, - E7D690921652E06A0079537A /* libMobileGestalt.dylib in Frameworks */, - 0CCA418815C89FC4002AEC4C /* libsecurity_ssl_regressions.a in Frameworks */, - 18F7F67514D77EF400F88A12 /* libsecurityd.a in Frameworks */, - 4C2FEC66157588770008BE39 /* libSecureObjectSync.a in Frameworks */, - E75C27721C98D41400F7E12A /* libDER.a in Frameworks */, - E75C27731C98D41C00F7E12A /* libASN1.a in Frameworks */, - 4C2FEC5A15755E2A0008BE39 /* libutilities.a in Frameworks */, - 0CC82948138716F400BD99B7 /* libregressions.a in Frameworks */, - 438168BF1B4ED42C00C54D58 /* CoreFoundation.framework in Frameworks */, - E7E0D903158FAFF7002CA176 /* libutilitiesRegressions.a in Frameworks */, - 4CC92B2615A3C6FE00C6D578 /* libSecurityRegressions.a in Frameworks */, - 4CC92B2715A3C73E00C6D578 /* libsecuritydRegressions.a in Frameworks */, - 44A655A51AA4B4C70059D185 /* libctkclient.a in Frameworks */, - 4C2FEC5E157571E30008BE39 /* libSOSRegressions.a in Frameworks */, - 4432B1601A014D85000958DC /* libcoreauthd_client.a in Frameworks */, - 4432B1611A014D85000958DC /* libaks_acl.a in Frameworks */, - E7FEEEF81332B7F70025EB06 /* libsqlite3.dylib in Frameworks */, - E7FEEEFA1332B8210025EB06 /* CFNetwork.framework in Frameworks */, - E7FEEEFB1332B8300025EB06 /* IOKit.framework in Frameworks */, - 7930B06A134A4864007062F8 /* Security.framework in Frameworks */, - E71F3E4116EA6A5100FAF9B4 /* SystemConfiguration.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC63CAF51D90DF6700C03317 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC63CAE81D90D63500C03317 /* libsecurityd_macos_mig */; + targetProxy = DC63CAF41D90DF6700C03317 /* PBXContainerItemProxy */; + }; + DC63CAF71D90DF7000C03317 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC63CAE81D90D63500C03317 /* libsecurityd_macos_mig */; + targetProxy = DC63CAF61D90DF7000C03317 /* PBXContainerItemProxy */; }; - E7B01BD1166594AB000485F1 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - EBE9019E1C228610007308C6 /* AggregateDictionary.framework in Frameworks */, - 52222CD0167BDAEC00EDD09C /* SpringBoardServices.framework in Frameworks */, - E7B01BD2166594AB000485F1 /* CFNetwork.framework in Frameworks */, - E7B01BD3166594AB000485F1 /* IOKit.framework in Frameworks */, - E7B01BD4166594AB000485F1 /* libsqlite3.dylib in Frameworks */, - E7B01BD6166594AB000485F1 /* libMobileGestalt.dylib in Frameworks */, - E7B01BD7166594AB000485F1 /* libsecurityd.a in Frameworks */, - E7B01BD9166594AB000485F1 /* libSOSRegressions.a in Frameworks */, - E7B01BDA166594AB000485F1 /* libutilitiesRegressions.a in Frameworks */, - E7B01BDB166594AB000485F1 /* libSecureObjectSync.a in Frameworks */, - E7B01BDC166594AB000485F1 /* libregressions.a in Frameworks */, - 438168C31B4ED43200C54D58 /* CoreFoundation.framework in Frameworks */, - E7B01BDD166594AB000485F1 /* libutilities.a in Frameworks */, - E7B01BDE166594AB000485F1 /* UIKit.framework in Frameworks */, - E7B01BDF166594AB000485F1 /* Foundation.framework in Frameworks */, - E7B01BE0166594AB000485F1 /* CoreGraphics.framework in Frameworks */, - E7B01BE1166594AB000485F1 /* QuartzCore.framework in Frameworks */, - E7B01BE2166594AB000485F1 /* Security.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC63CAFA1D91A16700C03317 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + name = libsecurity_cms_regressions; + targetProxy = DC63CAF91D91A16700C03317 /* PBXContainerItemProxy */; }; - E7D847C11C6BE9710025BB44 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - E7D8489F1C6C244B0025BB44 /* Foundation.framework in Frameworks */, - E7650E6F1C7699DA00378669 /* Security.framework in Frameworks */, - E7531F7B1D0887E300DAB140 /* libutilities.a in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC65E7221D8CB27900152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC65E7211D8CB27900152EF0 /* PBXContainerItemProxy */; }; - E7D847CB1C6BE9720025BB44 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - EB2CA4DA1D2C28F100AB770F /* libaks_acl.a in Frameworks */, - E7DC73B71C890F0E0008BF73 /* KeychainCircle.framework in Frameworks */, - E7D848561C6C1E830025BB44 /* Foundation.framework in Frameworks */, - E7F482E61C7640D300390FDB /* IOKit.framework in Frameworks */, - E7F4829D1C75413C00390FDB /* libsecurity.a in Frameworks */, - E7F482E71C7641AA00390FDB /* libsecurityd.a in Frameworks */, - E7F4829A1C75406900390FDB /* libSecureObjectSync.a in Frameworks */, - E7F4829C1C7540B200390FDB /* libutilities.a in Frameworks */, - E7E0C73A1C90EDED00E69A21 /* libDER.a in Frameworks */, - E7E0C73B1C90EDF500E69A21 /* libASN1.a in Frameworks */, - E7F482A11C7543E500390FDB /* libsqlite3.dylib in Frameworks */, - E7F482A41C75450600390FDB /* libsecipc_client.a in Frameworks */, - E7F482A31C7544E600390FDB /* libctkclient_test.a in Frameworks */, - E7F482A61C75453900390FDB /* libcoreauthd_test_client.a in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC65E7261D8CB2E100152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC65E7251D8CB2E100152EF0 /* PBXContainerItemProxy */; }; - EB0BC9391C3C791500785842 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - EB0BC93A1C3C791500785842 /* Foundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC65E7291D8CB2F400152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC65E7281D8CB2F400152EF0 /* PBXContainerItemProxy */; }; - EB425CA11C65846D000ECE53 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - EB425CDE1C658668000ECE53 /* Security.framework in Frameworks */, - EB425CA21C65846D000ECE53 /* Foundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC65E72C1D8CB31200152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC65E72B1D8CB31200152EF0 /* PBXContainerItemProxy */; }; - EB433A231CC3243600A7EACE /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - EB433A2A1CC3246800A7EACE /* Security.framework in Frameworks */, - EB433A241CC3243600A7EACE /* Foundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC65E72F1D8CB32400152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC65E72E1D8CB32400152EF0 /* PBXContainerItemProxy */; }; - EB9C1D771BDFD0E000F89272 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - EB9C1D7B1BDFD0E000F89272 /* Foundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC65E7331D8CB34000152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC65E7321D8CB34000152EF0 /* PBXContainerItemProxy */; }; - EBA9AA801CE30E58004E2B68 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - EBA9AA811CE30E58004E2B68 /* Security.framework in Frameworks */, - EBA9AA821CE30E58004E2B68 /* Foundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC65E7391D8CB38300152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCB3417B1D8A2B860054D16E /* security_cdsa_utilities */; + targetProxy = DC65E7381D8CB38300152EF0 /* PBXContainerItemProxy */; }; - EBCF73F61CE45F9C00BED7CA /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - EBCF73F71CE45F9C00BED7CA /* Security.framework in Frameworks */, - EBCF73F81CE45F9C00BED7CA /* Foundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC65E73B1D8CB39300152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC65E73A1D8CB39300152EF0 /* PBXContainerItemProxy */; }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 051D8F83194913E500AEF66A /* Products */ = { - isa = PBXGroup; - children = ( - 051D8FD7194913E700AEF66A /* Security.framework */, - 051D8FD9194913E700AEF66A /* csparser.bundle */, - 051D8FDB194913E700AEF66A /* Security.framework */, - 051D8FDD194913E700AEF66A /* secd */, - 051D8FDF194913E700AEF66A /* secdtests */, - D42FA8701C9B9081003E46A7 /* SecurityTestsOSX.app */, - 051D8FE1194913E700AEF66A /* sectests */, - 051D8FE3194913E700AEF66A /* authd.xpc */, - CD8B5AE71B618F1B004D4AEF /* trustd */, - 051D8FE7194913E700AEF66A /* security2 */, - 051D8FE9194913E700AEF66A /* Cloud Keychain Utility.app */, - 051D8FEB194913E700AEF66A /* Keychain Circle Notification.app */, - E7098DB31A3A53E000CBD4B3 /* codesign_tests */, - E717A1481A7880440021E134 /* gk_reset_check */, - 3792618F1A8987DB008ADD3C /* SecTaskTest */, - 5EF7C2731B00EEF900E5E99C /* secacltests */, - EBB697131BE20C7600715F16 /* secbackupntest */, - ); - name = Products; - sourceTree = ""; + DC65E73E1D8CB3C100152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC65E73D1D8CB3C100152EF0 /* PBXContainerItemProxy */; }; - 05EF68801949143A007958C3 /* Products */ = { - isa = PBXGroup; - children = ( - 05EF68A51949143A007958C3 /* securityd */, - ); - name = Products; - sourceTree = ""; + DC65E7401D8CB3CD00152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC65E73F1D8CB3CD00152EF0 /* PBXContainerItemProxy */; }; - 05EF68AA19491453007958C3 /* Products */ = { - isa = PBXGroup; - children = ( - 05EF68AE19491453007958C3 /* security */, - ); - name = Products; - sourceTree = ""; + DC65E7421D8CB3D400152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC8834011D8A218F00CE0ACA /* ASN1_not_installed */; + targetProxy = DC65E7411D8CB3D400152EF0 /* PBXContainerItemProxy */; }; - 0C0BDB30175685B000BC1A7E /* secdtests */ = { - isa = PBXGroup; - children = ( - 0C664AB2175926B20092D3D9 /* secdtests-entitlements.plist */, - 0C0BDB31175685B000BC1A7E /* main.c */, - 0C0BDB441756868B00BC1A7E /* testlist.h */, - ); - path = secdtests; - sourceTree = ""; + DC65E7441D8CB3E000152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC8834011D8A218F00CE0ACA /* ASN1_not_installed */; + targetProxy = DC65E7431D8CB3E000152EF0 /* PBXContainerItemProxy */; }; - 0C25A872122726540050C2BD /* Products */ = { - isa = PBXGroup; - children = ( - E710C708133192EA00F85568 /* libregressions.a */, - ); - name = Products; - sourceTree = ""; + DC65E7461D8CB3E700152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC65E7451D8CB3E700152EF0 /* PBXContainerItemProxy */; }; - 0C2BCBA41D063F7D00ED7A2F /* dtlsEcho */ = { - isa = PBXGroup; - children = ( - 0C2BCBA51D063F7D00ED7A2F /* dtlsEchoClient.c */, - 0C2BCBA61D063F7D00ED7A2F /* dtlsEchoServer.c */, - 0C2BCBA71D063F7D00ED7A2F /* README */, - ); - path = dtlsEcho; - sourceTree = ""; + DC65E7481D8CB3F000152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCA131D8B82B000070CB0 /* security_ssl_regressions */; + targetProxy = DC65E7471D8CB3F000152EF0 /* PBXContainerItemProxy */; }; - 0C3145531496B02100427C0B /* security_ssl */ = { - isa = PBXGroup; - children = ( - 0CA31A4614BB5C9100BD348C /* CipherSuite.h */, - 0C3145551496B8FB00427C0B /* SecureTransport.h */, - 0C3145561496B8FB00427C0B /* SecureTransportPriv.h */, - 0CA31A7314BB6C2500BD348C /* sslTypes.h */, - ); - name = security_ssl; - sourceTree = ""; + DC65E74A1D8CB3FE00152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCBD91D8C648C00070CB0 /* regressionBase */; + targetProxy = DC65E7491D8CB3FE00152EF0 /* PBXContainerItemProxy */; }; - 0C5D2EDC167FEA880077501D /* security_asn1 */ = { - isa = PBXGroup; - children = ( - 7901792812D51FFC00CA4D44 /* SecAsn1Types.h */, - 0C5D2EEA167FEAAC0077501D /* SecAsn1Coder.h */, - 0C5D2EEE167FF0560077501D /* SecAsn1Templates.h */, - 0C5D2EF0167FF1FC0077501D /* oidsalg.h */, - 0C5D2EEC167FEEC90077501D /* secasn1t.h */, - ); - name = security_asn1; - sourceTree = ""; + DC65E74C1D8CB40C00152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCCF41D8C694700070CB0 /* utilitiesRegressions */; + targetProxy = DC65E74B1D8CB40C00152EF0 /* PBXContainerItemProxy */; }; - 0C78F1C816A5E13400654E08 /* regressions */ = { - isa = PBXGroup; - children = ( - 0C78F1CA16A5E1BF00654E08 /* sectask-10-sectask.c */, - 0C78F1CB16A5E1BF00654E08 /* sectask_ipc.defs */, - 0C78F1C916A5E13400654E08 /* sectask_regressions.h */, - ); - path = regressions; - sourceTree = ""; + DC65E74E1D8CB41E00152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC8834011D8A218F00CE0ACA /* ASN1_not_installed */; + targetProxy = DC65E74D1D8CB41E00152EF0 /* PBXContainerItemProxy */; }; - 0C95404014E473AA00077526 /* Products */ = { - isa = PBXGroup; - children = ( - 0CCA406A15C73CA1002AEC4C /* libsecurity_ssl.a */, - 0CCA418415C89ECD002AEC4C /* libsecurity_ssl_regressions.a */, - 0CCA42F115C8A806002AEC4C /* dtlsEchoClient */, - 0CCA42F315C8A806002AEC4C /* dtlsEchoServer */, - ); - name = Products; - sourceTree = ""; + DC65E7501D8CB42700152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCA131D8B82B000070CB0 /* security_ssl_regressions */; + targetProxy = DC65E74F1D8CB42700152EF0 /* PBXContainerItemProxy */; }; - 107226CF0D91DB32003CF14F /* sectask */ = { - isa = PBXGroup; - children = ( - 0C78F1C816A5E13400654E08 /* regressions */, - 107226D00D91DB32003CF14F /* SecTask.c */, - 107226D10D91DB32003CF14F /* SecTask.h */, - 4C7CE56E0DC7DB0A00AE53FC /* SecEntitlements.h */, - ); - path = sectask; - sourceTree = ""; + DC65E7521D8CB45300152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC65E7511D8CB45300152EF0 /* PBXContainerItemProxy */; }; - 18F7F65914D77DF700F88A12 /* Products */ = { - isa = PBXGroup; - children = ( - 18F7F66314D77DF700F88A12 /* libsecurity.a */, - 18F7F66514D77DF700F88A12 /* libsecurityd.a */, - 18F7F66714D77DF700F88A12 /* libSecItemShimOSX.a */, - CD8B5AEC1B618F1B004D4AEF /* libSecTrustOSX.a */, - 18F7F66914D77DF700F88A12 /* libsecipc_client.a */, - 4C60888B155C943D00A0904F /* libSecureObjectSync.a */, - E777C71515B63C0B004044A8 /* libSecOtrOSX.a */, - E7104A06169E038F00DB0045 /* libSecurityTool.a */, - E7104A23169E21C000DB0045 /* libSecurityCommands.a */, - E7FEFB8F169E36B000E18152 /* libSOSCommands.a */, - BE442B9B18B7FD6700F24DAE /* libSWCAgent.a */, - E76079DB1951FDBF00F69731 /* liblogging.a */, - 4C60888D155C943D00A0904F /* libSOSRegressions.a */, - E79D9CD5159BEA78000834EC /* libSecurityRegressions.a */, - 4CC92B1A15A3BF1E00C6D578 /* libsecuritydRegressions.a */, - 0C0BDB821756A1D700BC1A7E /* libsecdRegressions.a */, - D40771E21C9B51830016AA66 /* libSharedRegressions.a */, - ); - name = Products; - sourceTree = ""; + DC65E7541D8CB46100152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCBD91D8C648C00070CB0 /* regressionBase */; + targetProxy = DC65E7531D8CB46100152EF0 /* PBXContainerItemProxy */; }; - 4381690E1B4EDCBD00C54D58 /* SOSCCAuthPlugin */ = { - isa = PBXGroup; - children = ( - 438169E11B4EDEE200C54D58 /* SOSCCAuthPlugin.h */, - 438169E21B4EDEE200C54D58 /* SOSCCAuthPlugin.m */, - 4381690F1B4EDCBD00C54D58 /* Info.plist */, - ); - path = SOSCCAuthPlugin; - sourceTree = ""; + DC65E7561D8CB47600152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC65E7551D8CB47600152EF0 /* PBXContainerItemProxy */; }; - 4814D86C1CAA064F002FFC36 /* os_log */ = { - isa = PBXGroup; - children = ( - 4863262F1CAA0BE900A466D9 /* com.apple.securityd.plist */, - 48284A041D1DB06E00C76CB7 /* README_os_log_prefs.txt */, - ); - name = os_log; - sourceTree = ""; + DC65E7581D8CB47D00152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCBD91D8C648C00070CB0 /* regressionBase */; + targetProxy = DC65E7571D8CB47D00152EF0 /* PBXContainerItemProxy */; }; - 4C198F1A0ACDB4BF00AAB142 /* resources */ = { - isa = PBXGroup; - children = ( - 53C0E1F1177FAC2C00F8A018 /* CloudKeychain.strings */, - BE4AC9B818B8273600B84964 /* SharedWebCredentials.strings */, - 4C198F1D0ACDB4BF00AAB142 /* Certificate.strings */, - 4C198F1F0ACDB4BF00AAB142 /* OID.strings */, - ); - path = resources; - sourceTree = ""; + DC65E75A1D8CB48900152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC8834011D8A218F00CE0ACA /* ASN1_not_installed */; + targetProxy = DC65E7591D8CB48900152EF0 /* PBXContainerItemProxy */; }; - 4C2FEC4A15755D700008BE39 /* Products */ = { - isa = PBXGroup; - children = ( - 4C2FEC5115755D710008BE39 /* libutilities.a */, - E7E0D8FE158FAB3B002CA176 /* libutilitiesRegressions.a */, - ); - name = Products; - sourceTree = ""; + DC65E75C1D8CB49200152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCBD91D8C648C00070CB0 /* regressionBase */; + targetProxy = DC65E75B1D8CB49200152EF0 /* PBXContainerItemProxy */; }; - 4C35DB67094F906D002917C4 = { - isa = PBXGroup; - children = ( - 05EF68A919491453007958C3 /* SecurityTool.xcodeproj */, - 05EF687F1949143A007958C3 /* securityd.xcodeproj */, - 051D8F82194913E500AEF66A /* OSX.xcodeproj */, - 0C25A871122726540050C2BD /* regressions.xcodeproj */, - 4C8786A10B03E05D00BB77D4 /* libDER.xcodeproj */, - 795CA97A0D38269B00BAE6A2 /* libsecurity_asn1.xcodeproj */, - 79BDD3940D60D5F9000D84D3 /* libsecurity_smime.xcodeproj */, - 18F7F65814D77DF700F88A12 /* sec.xcodeproj */, - 0C95403F14E473AA00077526 /* libsecurity_ssl.xcodeproj */, - 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */, - 4814D86C1CAA064F002FFC36 /* os_log */, - 4C999BA00AB5F0BB0010451D /* ntlm */, - 107226CF0D91DB32003CF14F /* sectask */, - 7908507E0CA87CF00083CC4D /* ipc */, - 4C198F1A0ACDB4BF00AAB142 /* resources */, - 4CE5A55609C7970A00D27A3F /* sslViewer */, - 0C2BCBA41D063F7D00ED7A2F /* dtlsEcho */, - 4CB740FA0A47580400D641BB /* SecurityTool */, - BE4AC9AF18B7FFFA00B84964 /* SharedWebCredentialAgent */, - F93C49391AB8FF530047E01A /* ckcdiagnose */, - E710C74A1331946500F85568 /* SecurityTests */, - 52DE816E1636347500F49F0C /* Keychain */, - E7A5F4D71C0D01B000F3BEBB /* SOSCloudKeychainConstants.c */, - CD3F91411A802E1100E07119 /* IDSKeychainSyncingProxy */, - E7A5F4D11C0CFF4E00F3BEBB /* KVSKeychainSyncingProxy */, - E7450BB216D42BD4009C07B8 /* Security.framework headers */, - E7D847C61C6BE9710025BB44 /* KeychainCircle.framework */, - 728B56A316D59979008FA3AB /* OTAPKIAssetTool */, - 4C52D0B616EFC61E0079966E /* CircleJoinRequested */, - 5346480317331E1200FE9172 /* KeychainSyncAccountNotification */, - 0C0BDB30175685B000BC1A7E /* secdtests */, - BE197F2719116FD100BA91D1 /* SharedWebCredentialViewService */, - 5E10992719A5E55800A60E2B /* ISACLProtectedItems */, - 5EBE247B1B00CCAE0007DB0E /* secacltests */, - 4381690E1B4EDCBD00C54D58 /* SOSCCAuthPlugin */, - EBDED8891C21074500E5ECDB /* SecurityFeatures */, - EB9C1DAA1BDFD0FE00F89272 /* RegressionTests */, - EB2CA5311D2C30CD00AB770F /* xcconfig */, - EB80211C1D3D9044008540C4 /* Modules */, - E7FCBE401314471B000DE34E /* Frameworks */, - 4C35DC36094F9120002917C4 /* Products */, - 4C8BC620097DBC1B00C781D5 /* Libraries */, - 4CB7405F0A47498100D641BB /* Security.exp-in */, - 4C35DC37094F9120002917C4 /* Security-Info.plist */, - 4C4CE9120AF81F0E0056B01D /* README */, - 4CAB97FD1114CC5300EFB38D /* README.keychain */, - 4C4CE9070AF81ED80056B01D /* TODO */, - ); - sourceTree = ""; + DC65E75E1D8CB49A00152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC65E75D1D8CB49A00152EF0 /* PBXContainerItemProxy */; + }; + DC65E7601D8CB4A300152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC8834011D8A218F00CE0ACA /* ASN1_not_installed */; + targetProxy = DC65E75F1D8CB4A300152EF0 /* PBXContainerItemProxy */; + }; + DC65E7621D8CB4AA00152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCBD91D8C648C00070CB0 /* regressionBase */; + targetProxy = DC65E7611D8CB4AA00152EF0 /* PBXContainerItemProxy */; + }; + DC65E7641D8CB4B100152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC65E7631D8CB4B100152EF0 /* PBXContainerItemProxy */; + }; + DC65E7661D8CB4C200152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCBD91D8C648C00070CB0 /* regressionBase */; + targetProxy = DC65E7651D8CB4C200152EF0 /* PBXContainerItemProxy */; }; - 4C35DC36094F9120002917C4 /* Products */ = { - isa = PBXGroup; - children = ( - 4C32C0AF0A4975F6002891BD /* Security.framework */, - 790851B60CA9859F0083CC4D /* securityd */, - 4CB740A30A47567C00D641BB /* security */, - 7913B2110D172B3900601FE9 /* sslServer */, - 4CE5A54D09C796E200D27A3F /* sslViewer */, - 4C9DE9D21181AC4800CF5C27 /* sslEcdsa */, - E710C7421331946400F85568 /* SecurityTests.app */, - 4C711D7613AFCD0900FE865D /* SecurityDevTests.app */, - 52DE81691636347500F49F0C /* Keychain.app */, - E7B01BF2166594AB000485F1 /* SyncDevTest2.app */, - 52D82BDE16A621F70078DFE5 /* CloudKeychainProxy.bundle */, - 728B56A116D59979008FA3AB /* OTAPKIAssetTool */, - 4C52D0B416EFC61E0079966E /* CircleJoinRequested */, - 5346480117331E1200FE9172 /* KeychainSyncAccountNotification.bundle */, - 0C0BDB2F175685B000BC1A7E /* secdtests */, - BE442BC118B7FDB800F24DAE /* swcagent */, - BE197F2619116FD100BA91D1 /* SharedWebCredentialViewService.app */, - 5E10992519A5E55800A60E2B /* ISACLProtectedItems.bundle */, - CD276C271A83F60C003226BC /* IDSKeychainSyncingProxy.bundle */, - 5EBE247A1B00CCAE0007DB0E /* secacltests */, - 4381690C1B4EDCBD00C54D58 /* SOSCCAuthPlugin.bundle */, - EB9C1D7A1BDFD0E000F89272 /* secbackupntest */, - EB0BC93E1C3C791500785842 /* secedumodetest */, - EB425CA61C65846D000ECE53 /* secbackuptest */, - E7D847C51C6BE9710025BB44 /* KeychainCircle.framework */, - E7D847CE1C6BE9720025BB44 /* KeychainCircleTests.xctest */, - EB433A281CC3243600A7EACE /* secitemstresstest */, - EBA9AA861CE30E58004E2B68 /* secitemnotifications */, - EBCF73FC1CE45F9C00BED7CA /* secitemfunctionality */, - 0C2BCBB91D06401F00ED7A2F /* dtlsEchoClient */, - 0C2BCBCE1D0648D100ED7A2F /* dtlsEchoServer */, - ); - name = Products; - sourceTree = ""; + DC65E7681D8CB4CB00152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCB343AD1D8A34FD0054D16E /* security_keychain_regressions */; + targetProxy = DC65E7671D8CB4CB00152EF0 /* PBXContainerItemProxy */; }; - 4C50ACFB1410671D00EE92DE /* DigiNotar */ = { - isa = PBXGroup; - children = ( - 4C3CECF21416E20400947741 /* DigiNotar_Root_CA_G2-RootCertificate.crt */, - 4C3CECEA1416DB2200947741 /* Invalid-CertiID_Enterprise_Certificate_Authority.crt */, - 4C3CECEB1416DB2200947741 /* Invalid-DigiNotar_PKIoverheid_CA_Organisatie_-_G2-Cert.crt */, - 4C3CECEC1416DB2200947741 /* Invalid-diginotarpkioverheidcaoverheid.crt */, - 4C3CECED1416DB2200947741 /* Invalid-diginotarpkioverheidcaoverheidenbedrijven-Cert.crt */, - 4C3CECEE1416DB2200947741 /* Ministerie_van_Defensie_Certificatie_Autoriteit_G2.crt */, - 4C3CECEF1416DB2200947741 /* Ministerie_van_Defensie_Certificatie_Autoriteit.crt */, - 4C3CECF01416DB2200947741 /* staatdernederlandenorganisatieca-g2-Cert.crt */, - 4C3CECF11416DB2200947741 /* staatdernederlandenoverheidca-Cert.crt */, - 4C8B91C51416EB6A00A254E2 /* Invalid-webmail.portofamsterdam.nl.crt */, - 4C50AD2F1410689300EE92DE /* Expectations.plist */, - 4C50ACFC1410671D00EE92DE /* DigiNotarCA2007RootCertificate.crt */, - 4C50ACFD1410671D00EE92DE /* Invalid-asterisk.google.com.crt */, - 4C50ACFE1410671D00EE92DE /* Invalid-muisonline.omnyacc-denhelder.nl-diginotar.cyberca.crt */, - 4C50ACFF1410671D00EE92DE /* Invalid-webmail.terneuzen.nl-diginotar-services.crt */, - 4C50AD001410671D00EE92DE /* Invalid-www.maestre.com-diginotal.extended.validation.crt */, - 4C50AD011410671D00EE92DE /* Invalid-www.mobilehostingservices.nl-diginotar-services-1024.crt */, - 4C50AD021410671D00EE92DE /* diginotar-public-ca-2025-Cert.crt */, - 4C50AD031410671D00EE92DE /* diginotar-services-1024-entrust-secure-server-Cert.crt */, - 4C50AD041410671D00EE92DE /* diginotar-services-diginotar-root-Cert.crt */, - 4C50AD051410671D00EE92DE /* diginotar.cyberca-gte.global.root-Cert.crt */, - 4C50AD061410671D00EE92DE /* diginotar.extended.validation-diginotar.root.ca-Cert.crt */, - 4C50AD071410671D00EE92DE /* diginotar.root.ca-entrust-secure-server-Cert.crt */, - ); - path = DigiNotar; - sourceTree = ""; + DC65E76A1D8CB4D300152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCA131D8B82B000070CB0 /* security_ssl_regressions */; + targetProxy = DC65E7691D8CB4D300152EF0 /* PBXContainerItemProxy */; }; - 4C52D0B616EFC61E0079966E /* CircleJoinRequested */ = { - isa = PBXGroup; - children = ( - 4C52D0B916EFC61E0079966E /* CircleJoinRequested.m */, - 4CC3D28F178F310B0070FCC4 /* PersistentState.h */, - 4CC3D290178F310C0070FCC4 /* PersistentState.m */, - 4C52D0E216EFCCA20079966E /* Applicant.h */, - 4C52D0E316EFCCA20079966E /* Applicant.m */, - 4C52D0E416EFCCA20079966E /* com.apple.security.CircleJoinRequested.plist */, - 4C52D0E516EFCCA20079966E /* NSArray+map.h */, - 4C52D0E616EFCCA20079966E /* NSArray+map.m */, - 4C52D0BD16EFC61E0079966E /* Readme.txt */, - 4C3DD6AE179755560093F9D8 /* NSDate+TimeIntervalDescription.h */, - 4C3DD6AF179755560093F9D8 /* NSDate+TimeIntervalDescription.m */, - 4C52D0B716EFC61E0079966E /* Supporting Files */, - 4C84DA6217207E8D00AEE225 /* entitlements.plist */, - ); - path = CircleJoinRequested; - sourceTree = ""; + DC65E76C1D8CB4DF00152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC65E76B1D8CB4DF00152EF0 /* PBXContainerItemProxy */; }; - 4C52D0B716EFC61E0079966E /* Supporting Files */ = { - isa = PBXGroup; - children = ( - CDB9FCA9179CC757000AAD66 /* Info.plist */, - ); - name = "Supporting Files"; - sourceTree = ""; + DC65E76E1D8CB4E600152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC65E76D1D8CB4E600152EF0 /* PBXContainerItemProxy */; }; - 4C8786A20B03E05D00BB77D4 /* Products */ = { - isa = PBXGroup; - children = ( - 4C8786AD0B03E05E00BB77D4 /* libDER.a */, - 4C8786AF0B03E05E00BB77D4 /* parseCert */, - 4C8786B10B03E05E00BB77D4 /* libDERUtils.a */, - 4C8786B30B03E05E00BB77D4 /* parseCrl */, - 4C0789C2113F4C7400422E2D /* parseTicket */, - ); - name = Products; - sourceTree = ""; + DC65E7701D8CB4ED00152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC65E76F1D8CB4ED00152EF0 /* PBXContainerItemProxy */; }; - 4C8BC620097DBC1B00C781D5 /* Libraries */ = { - isa = PBXGroup; - children = ( - 5E8B53A41AA0B8A600345E7B /* libcoreauthd_test_client.a */, - 4432AF6A1A01458F000958DC /* libcoreauthd_client.a */, - E7D690911652E06A0079537A /* libMobileGestalt.dylib */, - E7AAB5F415929493005C8BCC /* libcorecrypto.dylib */, - 4469FBDD1AA0A45C0021AA26 /* libctkclient.a */, - 4469FBDC1AA0A45C0021AA26 /* libctkclient_test.a */, - 0CC82947138716F400BD99B7 /* libregressions.a */, - 4CA692640DA4027F001094C2 /* libCMS.a */, - 798B7FD40D3D7B5400AC1D04 /* libASN1.a */, - 4C8786D90B03E1BC00BB77D4 /* libDER.a */, - 4CB740680A4749C800D641BB /* libsqlite3.dylib */, - 107227350D91FE89003CF14F /* libbsm.dylib */, - ); - name = Libraries; - sourceTree = ""; + DC65E7721D8CB4F400152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC65E7711D8CB4F400152EF0 /* PBXContainerItemProxy */; }; - 4C922CB2097F1984004CEEBD /* Security */ = { - isa = PBXGroup; - children = ( - 1FDA9AB91C44844D0083929D /* SecTranslocate.h */, - D45D1A461B3A293E00C63E16 /* oids.h */, - 4C28BCD60986EBCB0020C665 /* certextensions.h */, - 524492931AFD6D480043695A /* der_plist.h */, - 79EF5B720D3D6AFE009F5270 /* p12import.h */, - 795CA9CC0D38435E00BAE6A2 /* p12pbegen.h */, - 8E02FA691107BE460043545E /* pbkdf2.h */, - 443381D918A3D81400215606 /* SecAccessControl.h */, - 443381DA18A3D81400215606 /* SecAccessControlPriv.h */, - 4C696B3709BFA94F000CBC75 /* SecBase.h */, - 18351B8F14CB65870097860E /* SecBase64.h */, - 4C0208F80D3C154200BFE54E /* SecBasePriv.h */, - 4C8FD03D099D5C91006867B6 /* SecCertificate.h */, - 4CEF4CA70C5551FE00062475 /* SecCertificateInternal.h */, - 4CF41D0A0BBB4022005F3248 /* SecCertificatePath.h */, - 4C7608B10AC34A8100980096 /* SecCertificatePriv.h */, - 791766DD0DD0162C00F3B974 /* SecCertificateRequest.h */, - D47F514B1C3B812500A7CEFE /* SecCFAllocator.h */, - 79BDD3C00D60DB84000D84D3 /* SecCMS.h */, - 7940D4110C3ACF9000FDB5D8 /* SecDH.h */, - 4CD3BA601106FF4D00BE8B75 /* SecECKey.h */, - 78F92F10195128D70023B54B /* SecECKeyPriv.h */, - 4C0B906C0ACCBD240077CD03 /* SecFramework.h */, - 4C8E99C20FC601D50072EB4C /* SecFrameworkStrings.h */, - 4CAC87D60B8F82720009C9FC /* SecIdentity.h */, - 4CCE0AD90D41797400DDBB21 /* SecIdentityPriv.h */, - 79EF5B6C0D3D6A31009F5270 /* SecImportExport.h */, - 4C6416F00BB357D5001C83FD /* SecInternal.h */, - 4CF0484A0A5D988F00268236 /* SecItem.h */, - 4CE7EA561AEAE8D60067F5BD /* SecItemBackup.h */, - 4C97DD160AA65A94003FC05C /* SecItemConstants.c */, - 4CEDF7370F3A6CFB0027C4FE /* SecItemInternal.h */, - 4CF0487F0A5F016300268236 /* SecItemPriv.h */, - 4C7072840AC9EA4E007CC205 /* SecKey.h */, - 4C04A90811924BBC0020550C /* SecKeyInternal.h */, - 4C7072D30AC9ED5A007CC205 /* SecKeyPriv.h */, - 4AF7FFF315AFB73800B9D400 /* SecOTR.h */, - 4AF7FFF415AFB73800B9D400 /* SecOTRDHKey.h */, - 4AF7FFF515AFB73800B9D400 /* SecOTRErrors.h */, - 4AF7FFF615AFB73800B9D400 /* SecOTRIdentityPriv.h */, - 4AF7FFF715AFB73800B9D400 /* SecOTRMath.h */, - 4AF7FFF915AFB73800B9D400 /* SecOTRPacketData.h */, - 4AF7FFFA15AFB73800B9D400 /* SecOTRPackets.h */, - EB69AB091BF4347700913AF1 /* SecEMCSPriv.h */, - 4AF7FFFB15AFB73800B9D400 /* SecOTRSession.h */, - 4AF7FFFC15AFB73800B9D400 /* SecOTRSessionPriv.h */, - CDDE9BC31729AB910013B0E8 /* SecPasswordGenerate.h */, - 8ED6F6C8110904E300D2B368 /* SecPBKDF.h */, - 4CBA0E860BB33C0000E72B55 /* SecPolicy.h */, - 4CFBF5F10D5A92E100969BBE /* SecPolicyInternal.h */, - 4C6416D40BB34F00001C83FD /* SecPolicyPriv.h */, - 4C2F81D40BF121D2003C4F77 /* SecRandom.h */, - 4C7073C80ACB2BAD007CC205 /* SecRSAKey.h */, - 4C9A19890B95118F000A1399 /* SecRSAKeyPriv.h */, - 4C7416020F1D71A2008E0E4D /* SecSCEP.h */, - E7676DB519411DF300498DD4 /* SecServerEncryptionSupport.h */, - BE061FE01899ECEE00C739F6 /* SecSharedCredential.h */, - 4C8FD03E099D5C91006867B6 /* SecTrust.h */, - 4C87F3A70D611C26000E7104 /* SecTrustPriv.h */, - 4C4296300BB0A68200491999 /* SecTrustSettings.h */, - 4C12828C0BB4957D00985BB0 /* SecTrustSettingsPriv.h */, - 4C1B442C0BB9CAF900461B82 /* SecTrustStore.h */, - 4C64E00B0B8FBBF3009B306C /* Security.h */, - 4C7391770B01745000C4CBFA /* vmdh.h */, - ); - name = Security; - path = OSX/sec/Security; - sourceTree = ""; + DC65E7741D8CB4FB00152EF0 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC65E7731D8CB4FB00152EF0 /* PBXContainerItemProxy */; }; - 4C999BA00AB5F0BB0010451D /* ntlm */ = { - isa = PBXGroup; - children = ( - 4C999BA10AB5F0BB0010451D /* NtlmGenerator.c */, - 4C999BA20AB5F0BB0010451D /* NtlmGenerator.h */, - 4C999BA30AB5F0BB0010451D /* ntlmBlobPriv.c */, - 4C999BA40AB5F0BB0010451D /* ntlmBlobPriv.h */, - ); - path = ntlm; - sourceTree = ""; + DC6BC2741D90D07800DD57B3 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC6BC26C1D90CFEF00DD57B3 /* securityd_macos_startup */; + targetProxy = DC6BC2731D90D07800DD57B3 /* PBXContainerItemProxy */; }; - 4CB740FA0A47580400D641BB /* SecurityTool */ = { - isa = PBXGroup; - children = ( - E78A9AD81D34959200006B5B /* NSFileHandle+Formatting.h */, - E78A9AD91D34959200006B5B /* NSFileHandle+Formatting.m */, - 4C4CB7100DDA44900026B660 /* entitlements.plist */, - E7104A0B169E171900DB0045 /* security_tool_commands.c */, - E7FEFB80169E26E200E18152 /* sub_commands.h */, - ); - path = SecurityTool; - sourceTree = ""; + DC6BC27B1D90D11C00DD57B3 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC6BC2751D90D0BE00DD57B3 /* securityd_macos_DTrace */; + targetProxy = DC6BC27A1D90D11C00DD57B3 /* PBXContainerItemProxy */; }; - 4CE5A55609C7970A00D27A3F /* sslViewer */ = { - isa = PBXGroup; - children = ( - 4C9DE9E21181AC8300CF5C27 /* sslEcdsa.cpp */, - 4CA880C20DDBC87200D9A0F2 /* sslServer-entitlements.plist */, - 4CA880C30DDBC87200D9A0F2 /* sslViewer-entitlements.plist */, - 4CCE0AE10D417A2700DDBB21 /* sslAppUtils.h */, - 7913B1DF0D17280500601FE9 /* sslServer.cpp */, - 4CE5A65809C79E0600D27A3F /* ioSock.c */, - 4CE5A65909C79E0600D27A3F /* ioSock.h */, - 4CE5A65A09C79E0600D27A3F /* sslAppUtils.cpp */, - 4CE5A65B09C79E0600D27A3F /* sslClient.cpp */, - 4CE5A65C09C79E0600D27A3F /* sslServe.cpp */, - 4CE5A65D09C79E0600D27A3F /* sslThreading.h */, - 4CE5A55709C7970A00D27A3F /* SSLViewer.c */, - 4CE5A55809C7970A00D27A3F /* SSL_Sites */, - EBD8495A1B24BEA000C5FD1E /* print_cert.c */, - 4CE5A55909C7970A00D27A3F /* pingSslSites */, - 4CE5A55A09C7970A00D27A3F /* verifyPing */, - ); - path = sslViewer; - sourceTree = ""; + DC6BC2821D90D30F00DD57B3 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC6BC27C1D90D1EE00DD57B3 /* security_cssm_generator */; + targetProxy = DC6BC2811D90D30F00DD57B3 /* PBXContainerItemProxy */; }; - 52DE816E1636347500F49F0C /* Keychain */ = { - isa = PBXGroup; - children = ( - 0CD72A5B16D5769A00A4B8A3 /* utilities.c */, - 0CD72A5C16D5769A00A4B8A3 /* utilities.h */, - 5208F4CD16702D8800A49DDA /* CircleStatusView.h */, - 5208F4CE16702D8800A49DDA /* CircleStatusView.m */, - 5208F4BB1670027400A49DDA /* SyncViewController.h */, - 5208F4BC1670027400A49DDA /* SyncViewController.m */, - 520C98E7162485CA00A7C80B /* QuartzCore.framework */, - 52B35B051623753000B97D06 /* Security.framework */, - 52DE816F1636347500F49F0C /* Supporting Files */, - 52704B7D1638F4EB007FEBB0 /* KeychainKeys.png */, - 5264FB4C163674B50005D258 /* MyKeychain.h */, - 5264FB4D163674B50005D258 /* MyKeychain.m */, - 52DE819D16363C1A00F49F0C /* KeychainItemCell.h */, - 52DE819E16363C1A00F49F0C /* KeychainItemCell.m */, - E75112E9166EFBF0008C578B /* PeerListCell.h */, - E75112EA166EFBF0008C578B /* PeerListCell.m */, - 52DE819A163636B900F49F0C /* KCATableViewController.h */, - 52DE819B163636B900F49F0C /* KCATableViewController.m */, - 52CD69F916384C1F00961848 /* KCAItemDetailViewController.h */, - 52CD69FA16384C2000961848 /* KCAItemDetailViewController.m */, - 52DE81771636347600F49F0C /* AppDelegate.h */, - 52DE81781636347600F49F0C /* AppDelegate.m */, - 52DE81861636347600F49F0C /* FirstViewController.h */, - 52DE81871636347600F49F0C /* FirstViewController.m */, - 52DE81891636347600F49F0C /* first.png */, - 52DE818B1636347600F49F0C /* first@2x.png */, - 52DE818D1636347600F49F0C /* ToolsViewController.h */, - 52DE818E1636347600F49F0C /* ToolsViewController.m */, - 52DE81901636347600F49F0C /* second.png */, - 52DE81921636347600F49F0C /* second@2x.png */, - 52704B7F1638F610007FEBB0 /* NewPasswordViewController.h */, - 52704B801638F610007FEBB0 /* NewPasswordViewController.m */, - 52704B82163905EE007FEBB0 /* EditItemViewController.h */, - 52704B83163905EE007FEBB0 /* EditItemViewController.m */, - 529990551661BADF00C297A2 /* DeviceItemCell.h */, - 529990561661BADF00C297A2 /* DeviceItemCell.m */, - 529990521661BA2600C297A2 /* DeviceTableViewController.h */, - 529990531661BA2600C297A2 /* DeviceTableViewController.m */, - 52F63A1E1659F04E0076D2DE /* DeviceViewController.h */, - 52F63A1F1659F04E0076D2DE /* DeviceViewController.m */, - ); - path = Keychain; - sourceTree = ""; - }; - 52DE816F1636347500F49F0C /* Supporting Files */ = { - isa = PBXGroup; - children = ( - 527435A916A9E6D1001A96FF /* Keychain_57x57.png */, - 527435AB16A9E6DB001A96FF /* Keychain_114x114.png */, - 527435AD16A9E6E5001A96FF /* Keychain_72x72.png */, - 527435AF16A9E6E9001A96FF /* Keychain_144x144.png */, - 52DE81701636347500F49F0C /* Keychain-Info.plist */, - 52704B871639193F007FEBB0 /* Keychain-Entitlements.plist */, - 52DE81741636347500F49F0C /* main.m */, - 52DE817A1636347600F49F0C /* Default.png */, - 52DE817C1636347600F49F0C /* Default@2x.png */, - 52DE817E1636347600F49F0C /* Default-568h@2x.png */, - ); - name = "Supporting Files"; - sourceTree = ""; + DC71D8E41D959C000065FB93 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E7731D80BC8000B0A59C /* libsecurityd_ios */; + targetProxy = DC71D8E31D959C000065FB93 /* PBXContainerItemProxy */; }; - 5346480317331E1200FE9172 /* KeychainSyncAccountNotification */ = { - isa = PBXGroup; - children = ( - 5346481C173322BD00FE9172 /* KeychainSyncAccountNotification.h */, - 5346481D173322BD00FE9172 /* KeychainSyncAccountNotification.m */, - 5346480417331E1200FE9172 /* Supporting Files */, - ); - path = KeychainSyncAccountNotification; - sourceTree = ""; + DC71D8EB1D959C130065FB93 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DC71D8EA1D959C130065FB93 /* PBXContainerItemProxy */; }; - 5346480417331E1200FE9172 /* Supporting Files */ = { - isa = PBXGroup; - children = ( - 5346480517331E1200FE9172 /* KeychainSyncAccountNotification-Info.plist */, - 5346480617331E1200FE9172 /* InfoPlist.strings */, - 5346480A17331E1200FE9172 /* KeychainSyncAccountNotification-Prefix.pch */, - ); - name = "Supporting Files"; - sourceTree = ""; + DC71D9E11D95BAC40065FB93 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC71D99F1D95BA6C0065FB93 /* ASN1 */; + targetProxy = DC71D9E01D95BAC40065FB93 /* PBXContainerItemProxy */; + }; + DC71D9E31D95BAD50065FB93 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC71D99F1D95BA6C0065FB93 /* ASN1 */; + targetProxy = DC71D9E21D95BAD50065FB93 /* PBXContainerItemProxy */; + }; + DC71D9FD1D95BB440065FB93 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC71D9E41D95BB0A0065FB93 /* DER */; + targetProxy = DC71D9FC1D95BB440065FB93 /* PBXContainerItemProxy */; }; - 5E10992719A5E55800A60E2B /* ISACLProtectedItems */ = { - isa = PBXGroup; - children = ( - 5E10994E19A5E5CE00A60E2B /* ISProtectedItems.plist */, - 5E10994F19A5E5CE00A60E2B /* ISProtectedItemsController.h */, - 5E10995019A5E5CE00A60E2B /* ISProtectedItemsController.m */, - 5E10992819A5E55800A60E2B /* Supporting Files */, - ); - path = ISACLProtectedItems; - sourceTree = ""; + DC71DA031D95BDEA0065FB93 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC8834011D8A218F00CE0ACA /* ASN1_not_installed */; + targetProxy = DC71DA021D95BDEA0065FB93 /* PBXContainerItemProxy */; }; - 5E10992819A5E55800A60E2B /* Supporting Files */ = { - isa = PBXGroup; - children = ( - 5E10992919A5E55800A60E2B /* Info.plist */, - 5E11CAB919A759BD008A3664 /* KeychainItemsAclTest.sh */, - ); - name = "Supporting Files"; - sourceTree = ""; + DC71DA051D95BDF90065FB93 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC8834011D8A218F00CE0ACA /* ASN1_not_installed */; + targetProxy = DC71DA041D95BDF90065FB93 /* PBXContainerItemProxy */; }; - 5EBE247B1B00CCAE0007DB0E /* secacltests */ = { - isa = PBXGroup; - children = ( - 5E43C4881B00CF4600E5ECB2 /* secacltests-entitlements.plist */, - 5E43C4891B00CF4600E5ECB2 /* testlist.h */, - 5EBE247C1B00CCAE0007DB0E /* main.c */, - 5E4E05A31B0CA0FD001C4A31 /* sec_acl_stress.c */, - ); - path = secacltests; - sourceTree = ""; + DC71DA071D95BE2F0065FB93 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC8834011D8A218F00CE0ACA /* ASN1_not_installed */; + targetProxy = DC71DA061D95BE2F0065FB93 /* PBXContainerItemProxy */; }; - 728B56A316D59979008FA3AB /* OTAPKIAssetTool */ = { - isa = PBXGroup; - children = ( - 72CD2BBB16D59AE30064EEE1 /* OTAServiceApp.m */, - 72CD2BBC16D59AE30064EEE1 /* OTAServiceApp.h */, - 72CD2BBD16D59AE30064EEE1 /* OTAServicemain.m */, - 728B56A416D59979008FA3AB /* Supporting Files */, - ); - path = OTAPKIAssetTool; - sourceTree = ""; + DC71DA091D95BEE00065FB93 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC59E9AC1D91C9DC001BDDF5 /* DER_not_installed */; + targetProxy = DC71DA081D95BEE00065FB93 /* PBXContainerItemProxy */; }; - 728B56A416D59979008FA3AB /* Supporting Files */ = { - isa = PBXGroup; - children = ( - 5DDD0BDD16D6740E00D6C0D6 /* com.apple.OTAPKIAssetTool.plist */, - 5DDD0BDE16D6740E00D6C0D6 /* OTAPKIAssetTool-entitlements.plist */, - 22C002A31AC9D33100B3469E /* OTAPKIAssetTool.xcconfig */, - ); - name = "Supporting Files"; - sourceTree = ""; + DC71DA0B1D95BEF60065FB93 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC59E9AC1D91C9DC001BDDF5 /* DER_not_installed */; + targetProxy = DC71DA0A1D95BEF60065FB93 /* PBXContainerItemProxy */; }; - 7908507E0CA87CF00083CC4D /* ipc */ = { - isa = PBXGroup; - children = ( - 79863B700CADCEAB00818B0D /* com.apple.securityd.plist */, - 790850820CA87CF00083CC4D /* securityd_client.h */, - 79863B940CADD21700818B0D /* securityd_server.h */, - 790850830CA87CF00083CC4D /* securityd_ipc_types.h */, - 7908507F0CA87CF00083CC4D /* client.c */, - 790850840CA87CF00083CC4D /* server.c */, - ); - name = ipc; - path = OSX/sec/ipc; - sourceTree = ""; + DC71DA0D1D95DD670065FB93 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E8BE1D80C25800B0A59C /* SecureObjectSync */; + targetProxy = DC71DA0C1D95DD670065FB93 /* PBXContainerItemProxy */; }; - 795CA97B0D38269B00BAE6A2 /* Products */ = { - isa = PBXGroup; - children = ( - 795CA9860D38269B00BAE6A2 /* libASN1.a */, - ); - name = Products; - sourceTree = ""; + DC71DA0F1D95E1210065FB93 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EE661D80D82600B0A59C /* SecItemShimOSX */; + targetProxy = DC71DA0E1D95E1210065FB93 /* PBXContainerItemProxy */; }; - 79679E241462028800CF997F /* DigicertMalaysia */ = { - isa = PBXGroup; - children = ( - 7947431C146214E500D638A3 /* Digisign-Server-ID-Enrich-GTETrust-Cert.crt */, - 794743191462137C00D638A3 /* Invalid-www.cybersecurity.my.crt */, - 79679E251462028800CF997F /* Digisign-Server-ID-Enrich-Entrust-Cert.crt */, - 79679E261462028800CF997F /* Invalid-webmail.jaring.my.crt */, - ); - path = DigicertMalaysia; - sourceTree = ""; + DC82FFEB1D90D4640085674B /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC82FFE51D90D3F60085674B /* security_utilities_DTrace */; + targetProxy = DC82FFEA1D90D4640085674B /* PBXContainerItemProxy */; }; - 79BDD3950D60D5F9000D84D3 /* Products */ = { - isa = PBXGroup; - children = ( - 79BDD39B0D60D5F9000D84D3 /* security_smime */, - 79BDD39D0D60D5F9000D84D3 /* security_smime.framework */, - 79BDD39F0D60D5F9000D84D3 /* libCMS.a */, - ); - name = Products; - sourceTree = ""; + DC82FFF21D90D54F0085674B /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC82FFEC1D90D4D20085674B /* security_ocspd_macos_mig */; + targetProxy = DC82FFF11D90D54F0085674B /* PBXContainerItemProxy */; }; - BE197F2719116FD100BA91D1 /* SharedWebCredentialViewService */ = { - isa = PBXGroup; - children = ( - BE197F3019116FD100BA91D1 /* SWCAppDelegate.h */, - BE197F3119116FD100BA91D1 /* SWCAppDelegate.m */, - BE197F5F191173C100BA91D1 /* SWCViewController.h */, - BE197F5D191173A800BA91D1 /* SWCViewController.m */, - BE197F2819116FD100BA91D1 /* Supporting Files */, - ); - path = SharedWebCredentialViewService; - sourceTree = ""; + DCB340191D8A248C0054D16E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC8834011D8A218F00CE0ACA /* ASN1_not_installed */; + targetProxy = DCB340181D8A248C0054D16E /* PBXContainerItemProxy */; }; - BE197F2819116FD100BA91D1 /* Supporting Files */ = { - isa = PBXGroup; - children = ( - BE197F2919116FD100BA91D1 /* SharedWebCredentialViewService-Info.plist */, - BE197F60191173F200BA91D1 /* entitlements.plist */, - BE197F2A19116FD100BA91D1 /* InfoPlist.strings */, - BE197F2D19116FD100BA91D1 /* main.m */, - BE197F2F19116FD100BA91D1 /* SharedWebCredentialViewService-Prefix.pch */, - ); - name = "Supporting Files"; - sourceTree = ""; + DCB3408A1D8A25230054D16E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCB340661D8A24DF0054D16E /* security_authorization */; + targetProxy = DCB340891D8A25230054D16E /* PBXContainerItemProxy */; }; - BE4AC9AF18B7FFFA00B84964 /* SharedWebCredentialAgent */ = { - isa = PBXGroup; - children = ( - BE4AC9AD18B7FFC800B84964 /* com.apple.security.swcagent.plist */, - BE4AC9A118B7FFAD00B84964 /* swcagent.m */, - ); - name = SharedWebCredentialAgent; - sourceTree = ""; + DCB3412E1D8A29830054D16E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCB3408E1D8A267C0054D16E /* security_cdsa_client */; + targetProxy = DCB3412D1D8A29830054D16E /* PBXContainerItemProxy */; }; - CD3F91411A802E1100E07119 /* IDSKeychainSyncingProxy */ = { - isa = PBXGroup; - children = ( - 0C6E38F41C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxyReceiveMessage.h */, - 0C6E38F51C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxyReceiveMessage.m */, - 0C6E38F61C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxySendMessage.h */, - 0C6E38F71C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxySendMessage.m */, - 0C6E38F81C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxyThrottle.h */, - 0C6E38F91C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxyThrottle.m */, - E7A5F5551C0D03DB00F3BEBB /* idskeychainsyncingproxy.m */, - E7A5F5561C0D03DB00F3BEBB /* IDSPersistentState.h */, - E7A5F5511C0D03B400F3BEBB /* IDSPersistentState.m */, - E7A5F5571C0D03DB00F3BEBB /* IDSProxy.h */, - E7A5F5521C0D03B400F3BEBB /* IDSProxy.m */, - CD3F91421A802E1100E07119 /* Supporting Files */, - ); - path = IDSKeychainSyncingProxy; - sourceTree = ""; + DCB341791D8A2AF10054D16E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCB341301D8A2A010054D16E /* security_cdsa_plugin */; + targetProxy = DCB341781D8A2AF10054D16E /* PBXContainerItemProxy */; }; - CD3F91421A802E1100E07119 /* Supporting Files */ = { - isa = PBXGroup; - children = ( - CD3F91181A802B4900E07119 /* IDSKeychainSyncingProxy-Info.plist */, - CDB22D0B1A9D37440043E348 /* idskeychainsyncingproxy.entitlements.plist */, - 8E64DB451C17BCF40076C9DF /* com.apple.security.idskeychainsyncingproxy.ios.plist */, - 8E64DB461C17BCF40076C9DF /* com.apple.security.idskeychainsyncingproxy.osx.plist */, - CDF91EF11AAE023800E88CF7 /* com.apple.private.alloy.keychainsync.plist */, - ); - name = "Supporting Files"; - sourceTree = ""; + DCB342371D8A2CD70054D16E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCB3417B1D8A2B860054D16E /* security_cdsa_utilities */; + targetProxy = DCB342361D8A2CD70054D16E /* PBXContainerItemProxy */; }; - E710C74A1331946500F85568 /* SecurityTests */ = { - isa = PBXGroup; - children = ( - 4CC92ABA15A3B3D900C6D578 /* testlist.h */, - 4CC92B1B15A3BF2F00C6D578 /* testmain.c */, - D4D886E81CEBDD2A00DC7583 /* nist-certs */, - D4D886BE1CEB9F3B00DC7583 /* ssl-policy-certs */, - D4EC94FA1CEA482D0083E753 /* si-20-sectrust-policies-data */, - 0C0C88771CCEC5BD00617D1B /* si-82-sectrust-ct-data */, - 4C50ACFB1410671D00EE92DE /* DigiNotar */, - 79679E241462028800CF997F /* DigicertMalaysia */, - E710C74B1331946500F85568 /* Supporting Files */, - 0CB321F01464A95F00587CD3 /* CreateCerts.sh */, - 0C550308139F0B970019E5EB /* PreSecurityTests.sh */, - 0C1EF18813A1946C000A4CE5 /* PostSecurityTests.sh */, - ); - path = SecurityTests; - sourceTree = ""; + DCB345661D8A36060054D16E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCB3423A1D8A32820054D16E /* security_keychain */; + targetProxy = DCB345651D8A36060054D16E /* PBXContainerItemProxy */; }; - E710C74B1331946500F85568 /* Supporting Files */ = { - isa = PBXGroup; - children = ( - 52A23EDB161DEC3700E271E0 /* Default-568h@2x.png */, - 4C465C7D13AFD82300E841AC /* SecurityDevTests-Info.plist */, - E710C74C1331946500F85568 /* SecurityTests-Info.plist */, - E7E4318813319C0700AF0CFD /* SecurityTests-Entitlements.plist */, - ); - name = "Supporting Files"; - sourceTree = ""; + DCB345B31D8A361F0054D16E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCB343AD1D8A34FD0054D16E /* security_keychain_regressions */; + targetProxy = DCB345B21D8A361F0054D16E /* PBXContainerItemProxy */; }; - E7450BB216D42BD4009C07B8 /* Security.framework headers */ = { - isa = PBXGroup; - children = ( - 0C5D2EDC167FEA880077501D /* security_asn1 */, - 0C3145531496B02100427C0B /* security_ssl */, - E7C4D03512F9EB210022E067 /* security_smime */, - 4C922CB2097F1984004CEEBD /* Security */, - E7450BB316D42D37009C07B8 /* SOSCircle */, - ); - name = "Security.framework headers"; - sourceTree = ""; + DCBE6E4A1D91E23D00A3E5E5 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCD06A541D8CE2D5007602F1 /* gkunpack */; + targetProxy = DCBE6E491D91E23D00A3E5E5 /* PBXContainerItemProxy */; }; - E7450BB316D42D37009C07B8 /* SOSCircle */ = { - isa = PBXGroup; - children = ( - 52F8DE4D1AF2EB8F00A2C271 /* SOSTypes.h */, - 9468B96D1AF2B93300042383 /* SOSViews.h */, - 9468B9691AF2B8FC00042383 /* SOSCloudCircleInternal.h */, - 9468B9471AF2B60800042383 /* SOSBackupSliceKeyBag.h */, - E7450BAC16D42B17009C07B8 /* SOSCloudCircle.h */, - E7450BAD16D42B17009C07B8 /* SOSPeerInfo.h */, - CD4F44201B546A7E00FE3569 /* SOSPeerInfoV2.h */, - CD8B5AC51B618F1B004D4AEF /* SOSPeerInfoPriv.h */, - E732892A1AED7551008CE839 /* SOSCloudCircle.h */, - E732892C1AED7631008CE839 /* SOSPeerInfo.h */, - ); - name = SOSCircle; - path = OSX/sec/SOSCircle; - sourceTree = ""; + DCC093781D80ABC300F984E4 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCC78EA81D8088E200865A7C /* security */; + targetProxy = DCC093771D80ABC300F984E4 /* PBXContainerItemProxy */; }; - E7A5F4D11C0CFF4E00F3BEBB /* KVSKeychainSyncingProxy */ = { - isa = PBXGroup; - children = ( - E7A5F4C61C0CFF3200F3BEBB /* CKDKVSProxy.h */, - E7A5F4C71C0CFF3200F3BEBB /* CKDKVSProxy.m */, - E73AC9421D0250D900FFFEE0 /* CKDStore.h */, - E722E9381CE92EE0005AD94B /* CKDKVSStore.h */, - E722E9111CE92DFC005AD94B /* CKDKVSStore.m */, - E7A5F4C91C0CFF3200F3BEBB /* CKDPersistentState.h */, - E7B945B01CFE5D440027F31D /* CKDAccount.h */, - E7B945B11CFE5EBD0027F31D /* CKDSecuritydAccount.h */, - E7B945B21CFE5EBD0027F31D /* CKDSecuritydAccount.m */, - E7A5F4CA1C0CFF3200F3BEBB /* CKDPersistentState.m */, - E7A5F4CE1C0CFF3300F3BEBB /* cloudkeychainproxy.m */, - E7A5F4D91C0D01EE00F3BEBB /* Supporting Files */, - ); - name = KVSKeychainSyncingProxy; - sourceTree = ""; + DCC5BF381D937329008D1E84 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + name = libsecurity_cms; + targetProxy = DCC5BF371D937329008D1E84 /* PBXContainerItemProxy */; }; - E7A5F4D91C0D01EE00F3BEBB /* Supporting Files */ = { - isa = PBXGroup; - children = ( - E7A5F4CC1C0CFF3300F3BEBB /* CloudKeychainProxy-Info.plist */, - E7A5F4CB1C0CFF3300F3BEBB /* cloudkeychain.entitlements.plist */, - 8E64DB4C1C17CD3F0076C9DF /* com.apple.security.cloudkeychainproxy.ios.plist */, - 8E64DB4D1C17CD400076C9DF /* com.apple.security.cloudkeychainproxy.osx.plist */, - ); - name = "Supporting Files"; - sourceTree = ""; + DCD067831D8CDF58007602F1 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCD067561D8CDCF3007602F1 /* codesigning_DTrace */; + targetProxy = DCD067821D8CDF58007602F1 /* PBXContainerItemProxy */; }; - E7C4D03512F9EB210022E067 /* security_smime */ = { - isa = PBXGroup; - children = ( - 7901790E12D51F7200CA4D44 /* SecCmsBase.h */, - 7901790F12D51F7200CA4D44 /* SecCmsContentInfo.h */, - 7901791012D51F7200CA4D44 /* SecCmsDecoder.h */, - 7901791112D51F7200CA4D44 /* SecCmsDigestContext.h */, - 7901791212D51F7200CA4D44 /* SecCmsEncoder.h */, - 7901791312D51F7200CA4D44 /* SecCmsEnvelopedData.h */, - 7901791412D51F7200CA4D44 /* SecCmsMessage.h */, - 7901791512D51F7200CA4D44 /* SecCmsRecipientInfo.h */, - 7901791612D51F7200CA4D44 /* SecCmsSignedData.h */, - 7901791712D51F7200CA4D44 /* SecCmsSignerInfo.h */, - ); - name = security_smime; - sourceTree = ""; + DCD067851D8CDF5C007602F1 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCD0675B1D8CDD6D007602F1 /* codesigning_SystemPolicy */; + targetProxy = DCD067841D8CDF5C007602F1 /* PBXContainerItemProxy */; }; - E7D847C61C6BE9710025BB44 /* KeychainCircle.framework */ = { - isa = PBXGroup; - children = ( - E7D848031C6BEFAB0025BB44 /* Tests */, - E7D848011C6BEE360025BB44 /* Supporting Files */, - E7E3EFE21CBC195700E79A5D /* KCAccountKCCircleDelegate.h */, - E7E3EFB91CBC192A00E79A5D /* KCAccountKCCircleDelegate.m */, - E7F480131C7397CE00390FDB /* KCJoiningSession.h */, - E7F480141C73980D00390FDB /* KCJoiningRequestSession.m */, - E7F482AB1C7558F700390FDB /* KCJoiningAcceptSession.m */, - E794BAD91C7598E400339A0F /* KCJoiningMessages.h */, - E794BAFF1C7598F900339A0F /* KCJoiningMessages.m */, - E71454C71C741DCD00B5B20B /* KCDer.h */, - E794BA6E1C7424D800339A0F /* KCDer.m */, - E71454ED1C741E0800B5B20B /* KCError.h */, - E71454EE1C741E0800B5B20B /* KCError.m */, - E75C0E801C6FC31D00E6953B /* KCSRPContext.h */, - E75C0E811C6FC31D00E6953B /* KCSRPContext.m */, - E7F480111C729C7B00390FDB /* NSError+KCCreationHelpers.h */, - E7F482A91C7554F500390FDB /* NSError+KCCreationHelpers.m */, - E772FD6F1CC15F1F00D63E41 /* NSData+SecRandom.h */, - E772FD461CC15EFA00D63E41 /* NSData+SecRandom.m */, - E75C0E841C71325000E6953B /* KeychainCircle.h */, - E7F480301C73FC4C00390FDB /* KCAESGCMDuplexSession.h */, - E7F480311C73FC4C00390FDB /* KCAESGCMDuplexSession.m */, - ); - name = KeychainCircle.framework; - path = KeychainCircle; - sourceTree = ""; + DCD069701D8CE21C007602F1 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCD0675B1D8CDD6D007602F1 /* codesigning_SystemPolicy */; + targetProxy = DCD069711D8CE21C007602F1 /* PBXContainerItemProxy */; }; - E7D848011C6BEE360025BB44 /* Supporting Files */ = { - isa = PBXGroup; - children = ( - E7D847C91C6BE9710025BB44 /* Info.plist */, - ); - name = "Supporting Files"; - sourceTree = ""; + DCD069721D8CE21C007602F1 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCD067561D8CDCF3007602F1 /* codesigning_DTrace */; + targetProxy = DCD069731D8CE21C007602F1 /* PBXContainerItemProxy */; + }; + DCD06A431D8CE281007602F1 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCD0675B1D8CDD6D007602F1 /* codesigning_SystemPolicy */; + targetProxy = DCD06A441D8CE281007602F1 /* PBXContainerItemProxy */; + }; + DCD06A451D8CE281007602F1 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCD067561D8CDCF3007602F1 /* codesigning_DTrace */; + targetProxy = DCD06A461D8CE281007602F1 /* PBXContainerItemProxy */; + }; + DCD06A801D8CE33B007602F1 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCD067781D8CDF19007602F1 /* security_codesigning */; + targetProxy = DCD06A7F1D8CE33B007602F1 /* PBXContainerItemProxy */; + }; + DCD06A821D8CE33F007602F1 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCD0696F1D8CE21C007602F1 /* integrity */; + targetProxy = DCD06A811D8CE33F007602F1 /* PBXContainerItemProxy */; }; - E7D848031C6BEFAB0025BB44 /* Tests */ = { - isa = PBXGroup; - children = ( - E7CFF7221C8660A000E3484E /* KeychainCircle.plist */, - E7D848061C6BEFFA0025BB44 /* Info.plist */, - E7D848041C6BEFC10025BB44 /* KCSRPTests.m */, - E7F4809B1C74E85200390FDB /* KCDerTest.m */, - E7F4809D1C74E86D00390FDB /* KCAESGCMTest.m */, - E7F4826F1C74FDD100390FDB /* KCJoiningSessionTest.m */, - ); - name = Tests; - sourceTree = ""; + DCD06A841D8CE343007602F1 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCD06A421D8CE281007602F1 /* codehost */; + targetProxy = DCD06A831D8CE343007602F1 /* PBXContainerItemProxy */; }; - E7FCBE401314471B000DE34E /* Frameworks */ = { - isa = PBXGroup; - children = ( - D4B858661D370D9A003B2D95 /* MobileCoreServices.framework */, - EB2CA4D81D2C28C800AB770F /* libaks.a */, - 4432AF8C1A01472C000958DC /* libaks_acl.a */, - E75E498C1C8F76680001A34F /* libASN1.a */, - E75E498A1C8F76360001A34F /* libDER.a */, - E7F482A51C75453900390FDB /* libcoreauthd_test_client.a */, - E7F482A21C7544E600390FDB /* libctkclient_test.a */, - E7D848541C6C1D9C0025BB44 /* Foundation.framework */, - EBE54D771BE33227000C4856 /* libmis.dylib */, - 4CF4C19C171E0EA600877419 /* Accounts.framework */, - 72B368BD179891FC004C37CE /* AggregateDictionary.framework */, - 4C84DA541720698900AEE225 /* AppleAccount.framework */, - 433E519D1B66D5F600482618 /* AppSupport.framework */, - 2281820D17B4686C0067C9C9 /* BackgroundTaskAgent.framework */, - 4CF730310EF9CDE300E17471 /* CFNetwork.framework */, - 4C8A38C817B93DF10001B4C0 /* CloudServices.framework */, - 5E43C48C1B00D07000E5ECB2 /* CoreFoundation.framework */, - E7FCBE451314471B000DE34E /* CoreGraphics.framework */, - E7FCBE431314471B000DE34E /* Foundation.framework */, - CD744683195A00BB00FB01C0 /* IDS.framework */, - 4CBCE5A90BE7F69100FF81F5 /* IOKit.framework */, - 72C3EC2D1705F24E0040C87C /* ManagedConfiguration.framework */, - 7273402816CAFB3C0096622A /* MobileAsset.framework */, - 4C7913241799A5CB00A9633E /* MobileCoreServices.framework */, - E7FC30AB1332DE9000802946 /* MobileKeyBag.framework */, - 5E1D7E0319A5EBB700D322DA /* Preferences.framework */, - 43DB542E1BB1F85B0083C3F1 /* ProtectedCloudStorage.framework */, - 52D82BD316A5EADA0078DFE5 /* Security.framework */, - 4C079EBC1794A96200D73970 /* ServiceManagement.framework */, - 52222CC0167BDAE100EDD09C /* SpringBoardServices.framework */, - BE197F5A1911723E00BA91D1 /* SpringBoardUIServices.framework */, - E71F3E3016EA69A900FAF9B4 /* SystemConfiguration.framework */, - E7FCBE411314471B000DE34E /* UIKit.framework */, - ); - name = Frameworks; - sourceTree = ""; + DCD06A861D8CE348007602F1 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCD069661D8CE105007602F1 /* codesigning_RequirementsLanguage */; + targetProxy = DCD06A851D8CE348007602F1 /* PBXContainerItemProxy */; }; - EB0BC9641C3C792E00785842 /* secedumodetest */ = { - isa = PBXGroup; - children = ( - EB0BC9651C3C794700785842 /* secedumodetest.entitlements */, - EB0BC9661C3C794700785842 /* secedumodetest.m */, - ); - name = secedumodetest; - sourceTree = ""; + DCD06A881D8CE34D007602F1 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCD06A541D8CE2D5007602F1 /* gkunpack */; + targetProxy = DCD06A871D8CE34D007602F1 /* PBXContainerItemProxy */; }; - EB2CA5311D2C30CD00AB770F /* xcconfig */ = { - isa = PBXGroup; - children = ( - EB2CA5561D2C30F700AB770F /* Security.xcconfig */, - ); - name = xcconfig; - sourceTree = ""; + DCD06A8A1D8CE356007602F1 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCD067781D8CDF19007602F1 /* security_codesigning */; + targetProxy = DCD06A891D8CE356007602F1 /* PBXContainerItemProxy */; }; - EB425CCC1C6584A9000ECE53 /* secbackuptest */ = { - isa = PBXGroup; - children = ( - EB425CCD1C65854F000ECE53 /* secbackuptest.entitlements */, - EB425CCE1C65854F000ECE53 /* secbackuptest.m */, - ); - name = secbackuptest; - sourceTree = ""; + DCD06BCF1D8E0F01007602F1 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCD06AA91D8E0D53007602F1 /* security_utilities */; + targetProxy = DCD06BCE1D8E0F01007602F1 /* PBXContainerItemProxy */; }; - EB4339F61CC323F000A7EACE /* secitemstresstest */ = { - isa = PBXGroup; - children = ( - EB433A2D1CC325E900A7EACE /* secitemstresstest.entitlements */, - EB433A1E1CC3242C00A7EACE /* secitemstresstest.m */, - ); - name = secitemstresstest; - sourceTree = ""; + DCD22D671D8CC387001C9B81 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52EC601D80D0C400B0A59C /* SOSRegressions */; + targetProxy = DCD22D661D8CC387001C9B81 /* PBXContainerItemProxy */; }; - EB80211C1D3D9044008540C4 /* Modules */ = { - isa = PBXGroup; - children = ( - EB8021411D3D90BB008540C4 /* Security.iOS.modulemap */, - EB8021421D3D90BB008540C4 /* Security.macOS.modulemap */, - ); - name = Modules; - sourceTree = ""; + DCD22D691D8CC3A6001C9B81 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCCF41D8C694700070CB0 /* utilitiesRegressions */; + targetProxy = DCD22D681D8CC3A6001C9B81 /* PBXContainerItemProxy */; }; - EB9C1D7C1BDFD0E100F89272 /* secbackupntest */ = { - isa = PBXGroup; - children = ( - EB9C1D7D1BDFD0E100F89272 /* secbackupntest.m */, - ); - path = secbackupntest; - sourceTree = ""; + DCD22D7B1D8CCA07001C9B81 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BC9C81D8B824700070CB0 /* security_ssl */; + targetProxy = DCD22D7A1D8CCA07001C9B81 /* PBXContainerItemProxy */; }; - EB9C1DAA1BDFD0FE00F89272 /* RegressionTests */ = { - isa = PBXGroup; - children = ( - EB9C1DAD1BDFD49400F89272 /* Security.plist */, - EB3A8DD71BEEC4D6001A89AA /* Security_edumode.plist */, - EB9C1D7C1BDFD0E100F89272 /* secbackupntest */, - EB425CCC1C6584A9000ECE53 /* secbackuptest */, - EB0BC9641C3C792E00785842 /* secedumodetest */, - EBCF73CC1CE45F3F00BED7CA /* secitemfunctionality */, - EBA9AA561CE30C91004E2B68 /* secitemnotifications */, - EB4339F61CC323F000A7EACE /* secitemstresstest */, - ); - path = RegressionTests; - sourceTree = ""; + DCD22D7D1D8CCA18001C9B81 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC8834011D8A218F00CE0ACA /* ASN1_not_installed */; + targetProxy = DCD22D7C1D8CCA18001C9B81 /* PBXContainerItemProxy */; }; - EBA9AA561CE30C91004E2B68 /* secitemnotifications */ = { - isa = PBXGroup; - children = ( - EBA9AA7B1CE30CE7004E2B68 /* secitemnotifications.entitlements */, - EBA9AA7C1CE30CE7004E2B68 /* secitemnotifications.m */, - ); - name = secitemnotifications; - sourceTree = ""; + DCD22D7F1D8CCA2C001C9B81 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC0BCC211D8C684F00070CB0 /* utilities */; + targetProxy = DCD22D7E1D8CCA2C001C9B81 /* PBXContainerItemProxy */; }; - EBCF73CC1CE45F3F00BED7CA /* secitemfunctionality */ = { - isa = PBXGroup; - children = ( - EBCF73F11CE45F8600BED7CA /* secitemfunctionality.entitlements */, - EBCF73F21CE45F8600BED7CA /* secitemfunctionality.m */, - ); - name = secitemfunctionality; - sourceTree = ""; + DCD22D821D8CCB5A001C9B81 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E7731D80BC8000B0A59C /* libsecurityd_ios */; + targetProxy = DCD22D811D8CCB5A001C9B81 /* PBXContainerItemProxy */; }; - EBDED8891C21074500E5ECDB /* SecurityFeatures */ = { - isa = PBXGroup; - children = ( - EBDED8B41C2107BD00E5ECDB /* BUILT_PRODUCTS_DIR */, - EBDED8B01C21077100E5ECDB /* iOS */, - EBDED8B11C21077600E5ECDB /* OSX */, - EBDED8AE1C21076C00E5ECDB /* CopyHeaders.sh */, - EBBE20311C2137E900B7A639 /* ExternalProject.sh */, - EBDED8AF1C21076C00E5ECDB /* README.txt */, - ); - name = SecurityFeatures; - sourceTree = ""; + DCD22D841D8CCB72001C9B81 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DC52E8BE1D80C25800B0A59C /* SecureObjectSync */; + targetProxy = DCD22D831D8CCB72001C9B81 /* PBXContainerItemProxy */; }; - EBDED8B01C21077100E5ECDB /* iOS */ = { - isa = PBXGroup; - children = ( - EBDED8B31C2107A200E5ECDB /* SecurityFeatures.h */, - ); - name = iOS; - sourceTree = ""; + DCD66DC31D82056C00DB1393 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCD66D5E1D8204A700DB1393 /* SecTrustOSX */; + targetProxy = DCD66DC21D82056C00DB1393 /* PBXContainerItemProxy */; }; - EBDED8B11C21077600E5ECDB /* OSX */ = { - isa = PBXGroup; - children = ( - EBDED8B21C21078D00E5ECDB /* SecurityFeatures.h */, - ); - name = OSX; - sourceTree = ""; + DCD66DE61D82061F00DB1393 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCD66DC41D8205C400DB1393 /* SecOtrOSX */; + targetProxy = DCD66DE51D82061F00DB1393 /* PBXContainerItemProxy */; }; - EBDED8B41C2107BD00E5ECDB /* BUILT_PRODUCTS_DIR */ = { - isa = PBXGroup; - children = ( - EBDED8B51C2107DF00E5ECDB /* SecurityFeatures.h */, - ); - name = BUILT_PRODUCTS_DIR; - sourceTree = BUILT_PRODUCTS_DIR; + DCE4E6AA1D7A38E700AFB96E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCE4E68A1D7A37FA00AFB96E /* security2tool_macos */; + targetProxy = DCE4E6A91D7A38E700AFB96E /* PBXContainerItemProxy */; }; - F93C49391AB8FF530047E01A /* ckcdiagnose */ = { - isa = PBXGroup; - children = ( - F93C493A1AB8FF530047E01A /* ckcdiagnose.sh */, - ); - path = ckcdiagnose; - sourceTree = ""; + DCE4E7B81D7A456500AFB96E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCE4E7311D7A43B500AFB96E /* SecurityTestsOSX */; + targetProxy = DCE4E7B71D7A456500AFB96E /* PBXContainerItemProxy */; }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - 4C32C0AA0A4975F6002891BD /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - 4C32C1030A4976BF002891BD /* certextensions.h in Headers */, - 4C32C1240A4976BF002891BD /* SecBase.h in Headers */, - 4C32C1250A4976BF002891BD /* SecCertificate.h in Headers */, - 4C32C1260A4976BF002891BD /* SecTrust.h in Headers */, - 4CF0484C0A5D988F00268236 /* SecItem.h in Headers */, - 4CF048800A5F016300268236 /* SecItemPriv.h in Headers */, - 4C999BA60AB5F0BB0010451D /* NtlmGenerator.h in Headers */, - 4C999BA80AB5F0BB0010451D /* ntlmBlobPriv.h in Headers */, - 4C7608B30AC34A8100980096 /* SecCertificatePriv.h in Headers */, - 4CEF4CA80C5551FE00062475 /* SecCertificateInternal.h in Headers */, - 0C3145571496B8FB00427C0B /* SecureTransport.h in Headers */, - BE061FE11899ECEE00C739F6 /* SecSharedCredential.h in Headers */, - 443381EE18A3D83A00215606 /* SecAccessControlPriv.h in Headers */, - 0CA31A4814BB5CDB00BD348C /* CipherSuite.h in Headers */, - EB73F0111C210C11008191E3 /* SecurityFeatures.h in Headers */, - 524492941AFD6D480043695A /* der_plist.h in Headers */, - CDDE9BD11729ABFA0013B0E8 /* SecPasswordGenerate.h in Headers */, - 0CA31A7514BB6C2500BD348C /* sslTypes.h in Headers */, - 0C5D2EEB167FEAAC0077501D /* SecAsn1Coder.h in Headers */, - E732892D1AED764A008CE839 /* SOSPeerInfo.h in Headers */, - 4C7072860AC9EA4F007CC205 /* SecKey.h in Headers */, - 4C7072D40AC9ED5A007CC205 /* SecKeyPriv.h in Headers */, - 4C7073CA0ACB2BAD007CC205 /* SecRSAKey.h in Headers */, - 4C0B906E0ACCBD240077CD03 /* SecFramework.h in Headers */, - 4C7391790B01745000C4CBFA /* vmdh.h in Headers */, - 4C64E01C0B8FBC71009B306C /* SecIdentity.h in Headers */, - 4C64E01D0B8FBC7E009B306C /* Security.h in Headers */, - E7676DB619411DF300498DD4 /* SecServerEncryptionSupport.h in Headers */, - 4C4296320BB0A68200491999 /* SecTrustSettings.h in Headers */, - 4CBA0E880BB33C0000E72B55 /* SecPolicy.h in Headers */, - 4C6416D50BB34F00001C83FD /* SecPolicyPriv.h in Headers */, - 78F92F11195128D70023B54B /* SecECKeyPriv.h in Headers */, - 4CD3BA621106FF4D00BE8B75 /* SecECKey.h in Headers */, - 4C6416F10BB357D5001C83FD /* SecInternal.h in Headers */, - 4C12828D0BB4957D00985BB0 /* SecTrustSettingsPriv.h in Headers */, - E732892B1AED7551008CE839 /* SOSCloudCircle.h in Headers */, - 443381ED18A3D83100215606 /* SecAccessControl.h in Headers */, - 4C1B442D0BB9CAF900461B82 /* SecTrustStore.h in Headers */, - 4CF41D0C0BBB4022005F3248 /* SecCertificatePath.h in Headers */, - 4C2F81D50BF121D2003C4F77 /* SecRandom.h in Headers */, - 7940D4130C3ACF9000FDB5D8 /* SecDH.h in Headers */, - 790850F70CA88AE10083CC4D /* securityd_client.h in Headers */, - 790850F80CA88AE10083CC4D /* securityd_ipc_types.h in Headers */, - 79863B960CADD21700818B0D /* securityd_server.h in Headers */, - 795CA9CE0D38435E00BAE6A2 /* p12pbegen.h in Headers */, - 79EF5B730D3D6AFE009F5270 /* p12import.h in Headers */, - 4CE7EA791AEAF39C0067F5BD /* SecItemBackup.h in Headers */, - 79EF5B6E0D3D6A31009F5270 /* SecImportExport.h in Headers */, - 4CCE0ADA0D41797400DDBB21 /* SecIdentityPriv.h in Headers */, - 4CCE0ADE0D4179E500DDBB21 /* SecBasePriv.h in Headers */, - 4CFBF6100D5A951100969BBE /* SecPolicyInternal.h in Headers */, - 4C87F3A80D611C26000E7104 /* SecTrustPriv.h in Headers */, - 79BDD3C20D60DB84000D84D3 /* SecCMS.h in Headers */, - 107226D30D91DB32003CF14F /* SecTask.h in Headers */, - 4C7CE5700DC7DC6600AE53FC /* SecEntitlements.h in Headers */, - 791766DE0DD0162C00F3B974 /* SecCertificateRequest.h in Headers */, - 4C7416040F1D71A2008E0E4D /* SecSCEP.h in Headers */, - 0C3145581496B8FB00427C0B /* SecureTransportPriv.h in Headers */, - 4AF7FFFD15AFB73800B9D400 /* SecOTR.h in Headers */, - 4AF7FFFE15AFB73800B9D400 /* SecOTRDHKey.h in Headers */, - 4AF7FFFF15AFB73800B9D400 /* SecOTRErrors.h in Headers */, - 4AF7000015AFB73800B9D400 /* SecOTRIdentityPriv.h in Headers */, - 4AF7000115AFB73800B9D400 /* SecOTRMath.h in Headers */, - 4AF7000315AFB73800B9D400 /* SecOTRPacketData.h in Headers */, - 4AF7000415AFB73800B9D400 /* SecOTRPackets.h in Headers */, - 4AF7000515AFB73800B9D400 /* SecOTRSession.h in Headers */, - CD8B5AC61B618F1B004D4AEF /* SOSPeerInfoPriv.h in Headers */, - 4AF7000615AFB73800B9D400 /* SecOTRSessionPriv.h in Headers */, - 0C5D2EED167FEEC90077501D /* secasn1t.h in Headers */, - 0C5D2EEF167FF0560077501D /* SecAsn1Templates.h in Headers */, - D45D1A471B3A293E00C63E16 /* oids.h in Headers */, - EB69AB301BF4348000913AF1 /* SecEMCSPriv.h in Headers */, - D47F514C1C3B812500A7CEFE /* SecCFAllocator.h in Headers */, - 8E02FA6B1107BE460043545E /* pbkdf2.h in Headers */, - 8ED6F6CA110904E300D2B368 /* SecPBKDF.h in Headers */, - 7901791812D51F7200CA4D44 /* SecCmsBase.h in Headers */, - 7901791912D51F7200CA4D44 /* SecCmsContentInfo.h in Headers */, - 7901791A12D51F7200CA4D44 /* SecCmsDecoder.h in Headers */, - 7901791B12D51F7200CA4D44 /* SecCmsDigestContext.h in Headers */, - 7901791C12D51F7200CA4D44 /* SecCmsEncoder.h in Headers */, - 7901791D12D51F7200CA4D44 /* SecCmsEnvelopedData.h in Headers */, - 7901791E12D51F7200CA4D44 /* SecCmsMessage.h in Headers */, - 7901791F12D51F7200CA4D44 /* SecCmsRecipientInfo.h in Headers */, - 7901792012D51F7200CA4D44 /* SecCmsSignedData.h in Headers */, - 7901792112D51F7200CA4D44 /* SecCmsSignerInfo.h in Headers */, - 7901792912D51FFC00CA4D44 /* SecAsn1Types.h in Headers */, - 0C5D2EF1167FF1FC0077501D /* oidsalg.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; + DCE4E7BC1D7A45ED00AFB96E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + name = libsecurity_smime_regressions; + targetProxy = DCE4E7BB1D7A45ED00AFB96E /* PBXContainerItemProxy */; + }; + DCE4E7D81D7A4B3500AFB96E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + name = libsecurity_smime_regressions; + targetProxy = DCE4E7D71D7A4B3500AFB96E /* PBXContainerItemProxy */; + }; + DCE4E7F11D7A4BEC00AFB96E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCE4E7CB1D7A4AED00AFB96E /* sectests_macos */; + targetProxy = DCE4E7F01D7A4BEC00AFB96E /* PBXContainerItemProxy */; + }; + DCE4E82A1D7A4F2500AFB96E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCE4E7F51D7A4DA800AFB96E /* secd */; + targetProxy = DCE4E8291D7A4F2500AFB96E /* PBXContainerItemProxy */; }; - E7D847C21C6BE9710025BB44 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - E75C0E851C71329900E6953B /* KeychainCircle.h in Headers */, - E71454F11C741E1500B5B20B /* KCDer.h in Headers */, - E772FD701CC15F1F00D63E41 /* NSData+SecRandom.h in Headers */, - E7F480321C73FC4C00390FDB /* KCAESGCMDuplexSession.h in Headers */, - E7F480121C729C7B00390FDB /* NSError+KCCreationHelpers.h in Headers */, - E7E3EFE31CBC195700E79A5D /* KCAccountKCCircleDelegate.h in Headers */, - E794BB011C759B1200339A0F /* KCJoiningMessages.h in Headers */, - E71454EF1C741E0800B5B20B /* KCError.h in Headers */, - E7F482961C74FDF800390FDB /* KCJoiningSession.h in Headers */, - E75C0E821C6FC31D00E6953B /* KCSRPContext.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; + DCE4E8621D7A58BA00AFB96E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCE4E82D1D7A57AE00AFB96E /* trustd */; + targetProxy = DCE4E8611D7A58BA00AFB96E /* PBXContainerItemProxy */; }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXLegacyTarget section */ - EBBE20571C21380100B7A639 /* SecurityFeatures */ = { - isa = PBXLegacyTarget; - buildArgumentsString = "$(PROJECT_DIR)/SecurityFeatures/ExternalProject.sh $(ACTION)"; - buildConfigurationList = EBBE20581C21380200B7A639 /* Build configuration list for PBXLegacyTarget "SecurityFeatures" */; - buildPhases = ( - ); - buildToolPath = /bin/bash; - buildWorkingDirectory = "$(PROJECT_DIR)/SecurityFeatures"; - dependencies = ( - ); - name = SecurityFeatures; - passBuildSettingsInEnvironment = 1; - productName = SecurityFeatures; + DCE4E8D81D7F37F200AFB96E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCE4E8931D7F34F600AFB96E /* authd */; + targetProxy = DCE4E8D71D7F37F200AFB96E /* PBXContainerItemProxy */; }; -/* End PBXLegacyTarget section */ - -/* Begin PBXNativeTarget section */ - 0C0BDB2E175685B000BC1A7E /* secdtests */ = { - isa = PBXNativeTarget; - buildConfigurationList = 0C0BDB43175685B000BC1A7E /* Build configuration list for PBXNativeTarget "secdtests" */; - buildPhases = ( - 0C0BDB2B175685B000BC1A7E /* Sources */, - 0C0BDB2C175685B000BC1A7E /* Frameworks */, - 0C0BDB2D175685B000BC1A7E /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - 0C664AE617593BED0092D3D9 /* PBXTargetDependency */, - 0C664AE21759398A0092D3D9 /* PBXTargetDependency */, - 0C664AE41759398A0092D3D9 /* PBXTargetDependency */, - 0C664AE0175939740092D3D9 /* PBXTargetDependency */, - 0C664ADE1759396C0092D3D9 /* PBXTargetDependency */, - D447C4E71D31CA650082FC1D /* PBXTargetDependency */, - 0C664ADC1759395E0092D3D9 /* PBXTargetDependency */, - 0C664AD8175938F90092D3D9 /* PBXTargetDependency */, - 0C664AD6175938F20092D3D9 /* PBXTargetDependency */, - 0C664ADA175939490092D3D9 /* PBXTargetDependency */, - ); - name = secdtests; - productName = secdtest; - productReference = 0C0BDB2F175685B000BC1A7E /* secdtests */; - productType = "com.apple.product-type.tool"; + DCE4E90C1D7F3B4A00AFB96E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCE4E8DC1D7F39DB00AFB96E /* Cloud Keychain Utility */; + targetProxy = DCE4E90B1D7F3B4A00AFB96E /* PBXContainerItemProxy */; }; - 0C2BCBA81D06401F00ED7A2F /* dtlsEchoClient */ = { - isa = PBXNativeTarget; - buildConfigurationList = 0C2BCBB61D06401F00ED7A2F /* Build configuration list for PBXNativeTarget "dtlsEchoClient" */; - buildPhases = ( - 0C2BCBAD1D06401F00ED7A2F /* Sources */, - 0C2BCBB21D06401F00ED7A2F /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - 0C2BCBA91D06401F00ED7A2F /* PBXTargetDependency */, - 0C2BCBAB1D06401F00ED7A2F /* PBXTargetDependency */, - ); - name = dtlsEchoClient; - productName = sslViewer; - productReference = 0C2BCBB91D06401F00ED7A2F /* dtlsEchoClient */; - productType = "com.apple.product-type.tool"; + DCE4E9731D7F3FC200AFB96E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCE4E9101D7F3D5300AFB96E /* Keychain Circle Notification */; + targetProxy = DCE4E9721D7F3FC200AFB96E /* PBXContainerItemProxy */; }; - 0C2BCBBD1D0648D100ED7A2F /* dtlsEchoServer */ = { - isa = PBXNativeTarget; - buildConfigurationList = 0C2BCBCB1D0648D100ED7A2F /* Build configuration list for PBXNativeTarget "dtlsEchoServer" */; - buildPhases = ( - 0C2BCBC21D0648D100ED7A2F /* Sources */, - 0C2BCBC71D0648D100ED7A2F /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - 0C2BCBBE1D0648D100ED7A2F /* PBXTargetDependency */, - 0C2BCBC01D0648D100ED7A2F /* PBXTargetDependency */, - ); - name = dtlsEchoServer; - productName = sslViewer; - productReference = 0C2BCBCE1D0648D100ED7A2F /* dtlsEchoServer */; - productType = "com.apple.product-type.tool"; + DCF785011D88B80600E694BB /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCF7830A1D88B4DE00E694BB /* security_apple_csp */; + targetProxy = DCF785001D88B80600E694BB /* PBXContainerItemProxy */; }; - 4381690B1B4EDCBD00C54D58 /* SOSCCAuthPlugin */ = { - isa = PBXNativeTarget; - buildConfigurationList = 438169381B4EDCBD00C54D58 /* Build configuration list for PBXNativeTarget "SOSCCAuthPlugin" */; - buildPhases = ( - 438169081B4EDCBD00C54D58 /* Sources */, - 438169091B4EDCBD00C54D58 /* Frameworks */, - 4381690A1B4EDCBD00C54D58 /* Resources */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = SOSCCAuthPlugin; - productName = SOSCCAuthPlugin; - productReference = 4381690C1B4EDCBD00C54D58 /* SOSCCAuthPlugin.bundle */; - productType = "com.apple.product-type.bundle"; + DCF787321D88C1B000E694BB /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCF785021D88B95500E694BB /* security_apple_cspdl */; + targetProxy = DCF787311D88C1B000E694BB /* PBXContainerItemProxy */; }; - 4C32C0AE0A4975F6002891BD /* Security */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4C32C0B10A4975F7002891BD /* Build configuration list for PBXNativeTarget "Security" */; - buildPhases = ( - EBDED8FB1C2108BE00E5ECDB /* Copy Security features header */, - 4C32C0AA0A4975F6002891BD /* Headers */, - E73288DD1AED7215008CE839 /* Copy SecureObjectSync Headers */, - 4C32C0AB0A4975F6002891BD /* Resources */, - 4C32C0AC0A4975F6002891BD /* Sources */, - 4C32C0AD0A4975F6002891BD /* Frameworks */, - EB5D72ED1B0CB082009CAA47 /* Old SOS header location */, - 5EE098DE1CD21661009FCA27 /* Unifdef RC_HIDE_J79/J80 */, - ); - buildRules = ( - E7B006FF170B56E700B27966 /* PBXBuildRule */, - ); - dependencies = ( - D46B08A61C8FD8CF00B5939A /* PBXTargetDependency */, - D46B08001C8FBE3300B5939A /* PBXTargetDependency */, - D447C4E51D31CA540082FC1D /* PBXTargetDependency */, - EBBE205C1C21382F00B7A639 /* PBXTargetDependency */, - E7B01B8416572132000485F1 /* PBXTargetDependency */, - 0CCA408215C745C6002AEC4C /* PBXTargetDependency */, - 18F7F66D14D77E8D00F88A12 /* PBXTargetDependency */, - 18F7F66B14D77E8500F88A12 /* PBXTargetDependency */, - E76079FC1951FE1F00F69731 /* PBXTargetDependency */, - 4CEC097115758EC5008EB037 /* PBXTargetDependency */, - ); - name = Security; - productName = Security2; - productReference = 4C32C0AF0A4975F6002891BD /* Security.framework */; - productType = "com.apple.product-type.framework"; + DCF788461D88C98100E694BB /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCF788341D88C8C400E694BB /* security_apple_file_dl */; + targetProxy = DCF788451D88C98100E694BB /* PBXContainerItemProxy */; }; - 4C52D0B316EFC61E0079966E /* CircleJoinRequested */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4C52D0CC16EFC61E0079966E /* Build configuration list for PBXNativeTarget "CircleJoinRequested" */; - buildPhases = ( - 4C52D0B016EFC61E0079966E /* Sources */, - 4C52D0B116EFC61E0079966E /* Frameworks */, - 4C52D0B216EFC61E0079966E /* CopyFiles */, - CDB9FCAA179CD054000AAD66 /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = CircleJoinRequested; - productName = CircleJoinRequested; - productReference = 4C52D0B416EFC61E0079966E /* CircleJoinRequested */; - productType = "com.apple.product-type.tool"; + DCF788A41D88CB6000E694BB /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCF788471D88CA7200E694BB /* security_apple_x509_cl */; + targetProxy = DCF788A31D88CB6000E694BB /* PBXContainerItemProxy */; }; - 4C711D5813AFCD0900FE865D /* SecurityDevTests */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4C711D7313AFCD0900FE865D /* Build configuration list for PBXNativeTarget "SecurityDevTests" */; - buildPhases = ( - 4C711D6313AFCD0900FE865D /* Sources */, - 4C711D6513AFCD0900FE865D /* Frameworks */, - 4C711D7213AFCD0900FE865D /* Resources */, - 4C50AD3414106A2900EE92DE /* Copy DigiNotar Resources */, - 4C50AD3514106A2B00EE92DE /* Copy DigiNotar-Entrust Resources */, - 4C50AD3614106A2C00EE92DE /* Copy DigiNotar-ok Resources */, - 79679E2B146202BC00CF997F /* Copy DigicertMalaysia Resources */, - ); - buildRules = ( - ); - dependencies = ( - 18F7F67714D77EFF00F88A12 /* PBXTargetDependency */, - 4C3AD8201575894C0047A498 /* PBXTargetDependency */, - 4C711D5913AFCD0900FE865D /* PBXTargetDependency */, - E75C27771C98D44300F7E12A /* PBXTargetDependency */, - 4CEC098715758F60008EB037 /* PBXTargetDependency */, - 0CCA418615C89EDD002AEC4C /* PBXTargetDependency */, - 4C711D5F13AFCD0900FE865D /* PBXTargetDependency */, - E7E0D900158FAB52002CA176 /* PBXTargetDependency */, - 4ACED92F15A10A3E0060775A /* PBXTargetDependency */, - 4CC92B2D15A3C94500C6D578 /* PBXTargetDependency */, - 4C2FEC62157572130008BE39 /* PBXTargetDependency */, - D40771ED1C9B51E30016AA66 /* PBXTargetDependency */, - ); - name = SecurityDevTests; - productName = SecurityTests; - productReference = 4C711D7613AFCD0900FE865D /* SecurityDevTests.app */; - productType = "com.apple.product-type.application"; + DCF788A91D88CC3500E694BB /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCF788471D88CA7200E694BB /* security_apple_x509_cl */; + targetProxy = DCF788A81D88CC3500E694BB /* PBXContainerItemProxy */; }; - 4C9DE9D11181AC4800CF5C27 /* sslEcdsa */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4C9DE9E11181AC4900CF5C27 /* Build configuration list for PBXNativeTarget "sslEcdsa" */; - buildPhases = ( - 4C9DE9CF1181AC4800CF5C27 /* Sources */, - 4C9DE9D01181AC4800CF5C27 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - 4CEC097D15758F23008EB037 /* PBXTargetDependency */, - ); - name = sslEcdsa; - productName = sslEcdsa; - productReference = 4C9DE9D21181AC4800CF5C27 /* sslEcdsa */; - productType = "com.apple.product-type.tool"; + DCF789461D88CD7C00E694BB /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = DCF788AB1D88CD2400E694BB /* security_apple_x509_tp */; + targetProxy = DCF789451D88CD7C00E694BB /* PBXContainerItemProxy */; }; - 4CB740A20A47567C00D641BB /* securitytool */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4CB740A90A4756B300D641BB /* Build configuration list for PBXNativeTarget "securitytool" */; - buildPhases = ( - 4CB740A00A47567C00D641BB /* Sources */, - 4CB740A10A47567C00D641BB /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - E7FEFB93169E377900E18152 /* PBXTargetDependency */, - E7104A20169E21C000DB0045 /* PBXTargetDependency */, - E7104A03169E038F00DB0045 /* PBXTargetDependency */, - ); - name = securitytool; - productName = security; - productReference = 4CB740A30A47567C00D641BB /* security */; - productType = "com.apple.product-type.tool"; + E74583BE1BF66489001B54A4 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 52D82BDD16A621F70078DFE5 /* CloudKeychainProxy */; + targetProxy = E74583BD1BF66489001B54A4 /* PBXContainerItemProxy */; + }; + E745846D1BF68ECB001B54A4 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 05EF68BB194915A5007958C3 /* Security_executables_osx */; + targetProxy = E745846C1BF68ECB001B54A4 /* PBXContainerItemProxy */; + }; + E745846F1BF68ECB001B54A4 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 05EF68C1194915FB007958C3 /* Security_kexts */; + targetProxy = E745846E1BF68ECB001B54A4 /* PBXContainerItemProxy */; + }; + E74584711BF68ECB001B54A4 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 05EF68AF1949149C007958C3 /* Security_temporary_UI */; + targetProxy = E74584701BF68ECB001B54A4 /* PBXContainerItemProxy */; + }; + E79EEDD71CD3F9F800C2FBFC /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 0C7CFA2E14E1BA4800DF9D95 /* Security_frameworks_ios */; + targetProxy = E79EEDD61CD3F9F800C2FBFC /* PBXContainerItemProxy */; + }; + E79EEDDF1CD3FFEA00C2FBFC /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = E79EEDD81CD3FFC800C2FBFC /* Security_frameworks_osx */; + targetProxy = E79EEDDE1CD3FFEA00C2FBFC /* PBXContainerItemProxy */; + }; + E79EEDE51CD4001300C2FBFC /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 05EF68BB194915A5007958C3 /* Security_executables_osx */; + targetProxy = E79EEDE41CD4001300C2FBFC /* PBXContainerItemProxy */; + }; + E79EEDE71CD4003900C2FBFC /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = E79EEDD81CD3FFC800C2FBFC /* Security_frameworks_osx */; + targetProxy = E79EEDE61CD4003900C2FBFC /* PBXContainerItemProxy */; + }; + E7CFF6711C84F62900E3484E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = E7D847C41C6BE9710025BB44 /* KeychainCircle */; + targetProxy = E7CFF6701C84F62900E3484E /* PBXContainerItemProxy */; + }; + E7CFF6731C84F62900E3484E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = E7D847CD1C6BE9720025BB44 /* KeychainCircleTests */; + targetProxy = E7CFF6721C84F62900E3484E /* PBXContainerItemProxy */; + }; + E7CFF6751C84F65D00E3484E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = E7CFF6471C84F61200E3484E /* Security_KeychainCircle */; + targetProxy = E7CFF6741C84F65D00E3484E /* PBXContainerItemProxy */; + }; + E7CFF6771C84F66A00E3484E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = E7CFF6471C84F61200E3484E /* Security_KeychainCircle */; + targetProxy = E7CFF6761C84F66A00E3484E /* PBXContainerItemProxy */; + }; + E7D847D11C6BE9720025BB44 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = E7D847C41C6BE9710025BB44 /* KeychainCircle */; + targetProxy = E7D847D01C6BE9720025BB44 /* PBXContainerItemProxy */; + }; + E7E7B24B1BFC0CD900B1E66B /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = CD276C261A83F60C003226BC /* KeychainSyncingOverIDSProxy */; + targetProxy = CD6130EC1DA1C0CC00E1E42F /* PBXContainerItemProxy */; + }; + EB31EA831D3EF2FB008F952A /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 5346480017331E1100FE9172 /* KeychainSyncAccountNotification */; + targetProxy = EB31EA821D3EF2FB008F952A /* PBXContainerItemProxy */; }; - 4CE5A54C09C796E100D27A3F /* sslViewer */ = { - isa = PBXNativeTarget; - buildConfigurationList = 4CE5A55C09C7970A00D27A3F /* Build configuration list for PBXNativeTarget "sslViewer" */; - buildPhases = ( - 4CE5A54A09C796E100D27A3F /* Sources */, - 4CE5A54B09C796E100D27A3F /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - 4CE39044169F87DB00026468 /* PBXTargetDependency */, - 4CEC097915758F17008EB037 /* PBXTargetDependency */, - ); - name = sslViewer; - productName = sslViewer; - productReference = 4CE5A54D09C796E200D27A3F /* sslViewer */; - productType = "com.apple.product-type.tool"; + EB3A8E011BEEC6F3001A89AA /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = EB9C1D791BDFD0E000F89272 /* secbackupntest */; + targetProxy = EB3A8E001BEEC6F3001A89AA /* PBXContainerItemProxy */; }; - 52D82BDD16A621F70078DFE5 /* CloudKeychainProxy */ = { - isa = PBXNativeTarget; - buildConfigurationList = 52D82BE816A621F80078DFE5 /* Build configuration list for PBXNativeTarget "CloudKeychainProxy" */; - buildPhases = ( - 52D82BDA16A621F70078DFE5 /* Sources */, - 52D82BDB16A621F70078DFE5 /* Frameworks */, - 8E64DB4E1C18A5B80076C9DF /* Install launchd plist */, - ); - buildRules = ( - ); - dependencies = ( - 52D82BF216A622600078DFE5 /* PBXTargetDependency */, - ); - name = CloudKeychainProxy; - productName = CloudKeychainProxy; - productReference = 52D82BDE16A621F70078DFE5 /* CloudKeychainProxy.bundle */; - productType = "com.apple.product-type.bundle"; + EB425CD11C6585F1000ECE53 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = EB425C9E1C65846D000ECE53 /* secbackuptest */; + targetProxy = EB425CD01C6585F1000ECE53 /* PBXContainerItemProxy */; }; - 52DE81681636347500F49F0C /* Keychain */ = { - isa = PBXNativeTarget; - buildConfigurationList = 52DE81941636347600F49F0C /* Build configuration list for PBXNativeTarget "Keychain" */; - buildPhases = ( - 52DE81651636347500F49F0C /* Sources */, - 52DE81661636347500F49F0C /* Frameworks */, - 52DE81671636347500F49F0C /* Resources */, - ); - buildRules = ( - ); - dependencies = ( - 0CD72A4C16D54BD300A4B8A3 /* PBXTargetDependency */, - ); - name = Keychain; - productName = Keychain; - productReference = 52DE81691636347500F49F0C /* Keychain.app */; - productType = "com.apple.product-type.application"; + EB433A2C1CC3252A00A7EACE /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = EB433A201CC3243600A7EACE /* secitemstresstest */; + targetProxy = EB433A2B1CC3252A00A7EACE /* PBXContainerItemProxy */; }; - 5346480017331E1100FE9172 /* KeychainSyncAccountNotification */ = { - isa = PBXNativeTarget; - buildConfigurationList = 5346481917331E1200FE9172 /* Build configuration list for PBXNativeTarget "KeychainSyncAccountNotification" */; - buildPhases = ( - 534647FD17331E1100FE9172 /* Sources */, - 534647FE17331E1100FE9172 /* Frameworks */, - 534647FF17331E1100FE9172 /* Resources */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = KeychainSyncAccountNotification; - productName = KeychainSyncAccountNotification; - productReference = 5346480117331E1200FE9172 /* KeychainSyncAccountNotification.bundle */; - productType = "com.apple.product-type.bundle"; + EB63ADE11C3E74F900C45A69 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = EB0BC9361C3C791500785842 /* secedumodetest */; + targetProxy = EB63ADE01C3E74F900C45A69 /* PBXContainerItemProxy */; }; - 5E10992419A5E55800A60E2B /* ISACLProtectedItems */ = { - isa = PBXNativeTarget; - buildConfigurationList = 5E10994D19A5E55800A60E2B /* Build configuration list for PBXNativeTarget "ISACLProtectedItems" */; - buildPhases = ( - 5E10992119A5E55800A60E2B /* Sources */, - 5E10992219A5E55800A60E2B /* Frameworks */, - 5E10992319A5E55800A60E2B /* Resources */, - 5E11CAD919A759E2008A3664 /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = ISACLProtectedItems; - productName = ISACLProtectedItems; - productReference = 5E10992519A5E55800A60E2B /* ISACLProtectedItems.bundle */; - productType = "com.apple.product-type.bundle"; + EB6A6FAD1B90F84D0045DC68 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 0C7CFA2E14E1BA4800DF9D95 /* Security_frameworks_ios */; + targetProxy = EB6A6FAC1B90F84D0045DC68 /* PBXContainerItemProxy */; }; - 5EBE24791B00CCAE0007DB0E /* secacltests */ = { - isa = PBXNativeTarget; - buildConfigurationList = 5EBE24A21B00CCAE0007DB0E /* Build configuration list for PBXNativeTarget "secacltests" */; - buildPhases = ( - 5EBE24761B00CCAE0007DB0E /* Sources */, - 5EBE24771B00CCAE0007DB0E /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - D4DC138A1C8F738A00175415 /* PBXTargetDependency */, - 5EE556C21B01DFE2006F78F2 /* PBXTargetDependency */, - 5EE556C01B01DFD9006F78F2 /* PBXTargetDependency */, - 5EE556BE1B01DFC6006F78F2 /* PBXTargetDependency */, - 5EE556BC1B01DFB5006F78F2 /* PBXTargetDependency */, - ); - name = secacltests; - productName = secacltests; - productReference = 5EBE247A1B00CCAE0007DB0E /* secacltests */; - productType = "com.apple.product-type.tool"; + EB6A6FB31B90F89F0045DC68 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 790851B50CA9859F0083CC4D /* securityd_ios */; + targetProxy = EB6A6FB21B90F89F0045DC68 /* PBXContainerItemProxy */; }; - 728B56A016D59979008FA3AB /* OTAPKIAssetTool */ = { - isa = PBXNativeTarget; - buildConfigurationList = 728B56AB16D59979008FA3AB /* Build configuration list for PBXNativeTarget "OTAPKIAssetTool" */; - buildPhases = ( - 728B569D16D59979008FA3AB /* Sources */, - 728B569E16D59979008FA3AB /* Frameworks */, - 22C002A21AC9D2D100B3469E /* ShellScript */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = OTAPKIAssetTool; - productName = OTAPKIAssetTool; - productReference = 728B56A116D59979008FA3AB /* OTAPKIAssetTool */; - productType = "com.apple.product-type.tool"; + EB6A6FB91B90F8D70045DC68 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 4C541F840F250BF500E508AE /* Security_executables_ios */; + targetProxy = EB6A6FB81B90F8D70045DC68 /* PBXContainerItemProxy */; }; - 790851B50CA9859F0083CC4D /* securityd */ = { - isa = PBXNativeTarget; - buildConfigurationList = 790851C90CA985C10083CC4D /* Build configuration list for PBXNativeTarget "securityd" */; - buildPhases = ( - 790851B30CA9859F0083CC4D /* Sources */, - 790851B40CA9859F0083CC4D /* Frameworks */, - 79863B6C0CADCE4300818B0D /* CopyFiles */, - 4814D8691CAA059E002FFC36 /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - D46B07731C8FAFA900B5939A /* PBXTargetDependency */, - 5D403D3215C6FE9E0030D492 /* PBXTargetDependency */, - 18F7F67114D77EC500F88A12 /* PBXTargetDependency */, - 4C1ADEB71615176500E4A8AF /* PBXTargetDependency */, - BE442B9F18B7FD7D00F24DAE /* PBXTargetDependency */, - ); - name = securityd; - productName = securityd; - productReference = 790851B60CA9859F0083CC4D /* securityd */; - productType = "com.apple.product-type.tool"; + EB6A6FBB1B90F8EC0045DC68 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 0C7CFA2E14E1BA4800DF9D95 /* Security_frameworks_ios */; + targetProxy = EB6A6FBA1B90F8EC0045DC68 /* PBXContainerItemProxy */; }; - 7913B1FF0D172B3900601FE9 /* sslServer */ = { - isa = PBXNativeTarget; - buildConfigurationList = 7913B20A0D172B3900601FE9 /* Build configuration list for PBXNativeTarget "sslServer" */; - buildPhases = ( - 7913B2000D172B3900601FE9 /* Sources */, - 7913B2060D172B3900601FE9 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - 4CE39042169F87C400026468 /* PBXTargetDependency */, - 4CEC097515758F0A008EB037 /* PBXTargetDependency */, - ); - name = sslServer; - productName = sslViewer; - productReference = 7913B2110D172B3900601FE9 /* sslServer */; - productType = "com.apple.product-type.tool"; + EB6A6FBD1B90F9170045DC68 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 4C32C0AE0A4975F6002891BD /* Security_ios */; + targetProxy = EB6A6FBC1B90F9170045DC68 /* PBXContainerItemProxy */; }; - BE197F2519116FD100BA91D1 /* SharedWebCredentialViewService */ = { - isa = PBXNativeTarget; - buildConfigurationList = BE197F5819116FD100BA91D1 /* Build configuration list for PBXNativeTarget "SharedWebCredentialViewService" */; - buildPhases = ( - BE197F2219116FD100BA91D1 /* Sources */, - BE197F2319116FD100BA91D1 /* Frameworks */, - BE197F2419116FD100BA91D1 /* Resources */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = SharedWebCredentialViewService; - productName = KeychainViewService; - productReference = BE197F2619116FD100BA91D1 /* SharedWebCredentialViewService.app */; - productType = "com.apple.product-type.application"; + EB9C1DB71BDFD51800F89272 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = EB9C1DAE1BDFD4DE00F89272 /* SecurityBatsTests */; + targetProxy = EB9C1DB61BDFD51800F89272 /* PBXContainerItemProxy */; }; - BE442BA018B7FDB800F24DAE /* swcagent */ = { - isa = PBXNativeTarget; - buildConfigurationList = BE442BBE18B7FDB800F24DAE /* Build configuration list for PBXNativeTarget "swcagent" */; - buildPhases = ( - BE442BAB18B7FDB800F24DAE /* Sources */, - BE442BAD18B7FDB800F24DAE /* Frameworks */, - BE442BBA18B7FDB800F24DAE /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - BE442BA918B7FDB800F24DAE /* PBXTargetDependency */, - ); - name = swcagent; - productName = securityd; - productReference = BE442BC118B7FDB800F24DAE /* swcagent */; - productType = "com.apple.product-type.tool"; + EB9FE08D1BFBC48F004FEAAF /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = EB9C1DAE1BDFD4DE00F89272 /* SecurityBatsTests */; + targetProxy = EB9FE08C1BFBC48F004FEAAF /* PBXContainerItemProxy */; }; - CD276C261A83F60C003226BC /* IDSKeychainSyncingProxy */ = { - isa = PBXNativeTarget; - buildConfigurationList = CD276C2C1A83F60C003226BC /* Build configuration list for PBXNativeTarget "IDSKeychainSyncingProxy" */; - buildPhases = ( - CD276C231A83F60C003226BC /* Sources */, - CD276C241A83F60C003226BC /* Frameworks */, - CDF91EA61AAE019800E88CF7 /* CopyFiles */, - 8E64DAF81C17BA620076C9DF /* Install launchd plist */, - ); - buildRules = ( - ); - dependencies = ( - CD045E3E1A83F855005FA0AC /* PBXTargetDependency */, - ); - name = IDSKeychainSyncingProxy; - productName = IDSKeychainSyncingProxy; - productReference = CD276C271A83F60C003226BC /* IDSKeychainSyncingProxy.bundle */; - productType = "com.apple.product-type.bundle"; + EB9FE0B61BFBC499004FEAAF /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = EB9C1DAE1BDFD4DE00F89272 /* SecurityBatsTests */; + targetProxy = EB9FE0B51BFBC499004FEAAF /* PBXContainerItemProxy */; }; - E710C7411331946400F85568 /* SecurityTests */ = { - isa = PBXNativeTarget; - buildConfigurationList = E710C75C1331946500F85568 /* Build configuration list for PBXNativeTarget "SecurityTests" */; - buildPhases = ( - E710C73E1331946400F85568 /* Sources */, - E710C73F1331946400F85568 /* Frameworks */, - E710C7401331946400F85568 /* Resources */, - 4C50AD081410673800EE92DE /* Copy DigiNotar Resources */, - 4C50AD091410675400EE92DE /* Copy DigiNotar-Entrust Resources */, - 4C50AD0A1410676300EE92DE /* Copy DigiNotar-ok Resources */, - 79679E231462023800CF997F /* Copy DigiCertMalaysia Resources */, - ); - buildRules = ( - ); - dependencies = ( - 18F7F67414D77EE900F88A12 /* PBXTargetDependency */, - 4C3AD81E157589380047A498 /* PBXTargetDependency */, - E7EE5A34139DC042005C78BE /* PBXTargetDependency */, - E75C27711C98D40500F7E12A /* PBXTargetDependency */, - 4CEC096F15758EAF008EB037 /* PBXTargetDependency */, - 0CCA418115C89ECD002AEC4C /* PBXTargetDependency */, - E79D3389135CBEB1005777CF /* PBXTargetDependency */, - E7E0D8FB158FAB3B002CA176 /* PBXTargetDependency */, - 4ACED92B15A1095B0060775A /* PBXTargetDependency */, - 4CC92B2515A3C6DE00C6D578 /* PBXTargetDependency */, - 4C2FEC60157571F80008BE39 /* PBXTargetDependency */, - D40771EB1C9B51D80016AA66 /* PBXTargetDependency */, - ); - name = SecurityTests; - productName = SecurityTests; - productReference = E710C7421331946400F85568 /* SecurityTests.app */; - productType = "com.apple.product-type.application"; + EBA9AA891CE3E76C004E2B68 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = EBA9AA7D1CE30E58004E2B68 /* secitemnotifications */; + targetProxy = EBA9AA881CE3E76C004E2B68 /* PBXContainerItemProxy */; + }; + EBB696D41BE2085700715F16 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = EB9C1D791BDFD0E000F89272 /* secbackupntest */; + targetProxy = EBB696D31BE2085700715F16 /* PBXContainerItemProxy */; }; - E7B01BBD166594AB000485F1 /* SyncDevTest2 */ = { - isa = PBXNativeTarget; - buildConfigurationList = E7B01BEF166594AB000485F1 /* Build configuration list for PBXNativeTarget "SyncDevTest2" */; - buildPhases = ( - E7B01BC2166594AB000485F1 /* Sources */, - E7B01BD1166594AB000485F1 /* Frameworks */, - E7B01BE3166594AB000485F1 /* Resources */, - ); - buildRules = ( - ); - dependencies = ( - E7B01BBE166594AB000485F1 /* PBXTargetDependency */, - E7B01BC0166594AB000485F1 /* PBXTargetDependency */, - ); - name = SyncDevTest2; - productName = Keychain; - productReference = E7B01BF2166594AB000485F1 /* SyncDevTest2.app */; - productType = "com.apple.product-type.application"; + EBC15EA91BE29AC3001C0C5B /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = EB9C1DAE1BDFD4DE00F89272 /* SecurityBatsTests */; + targetProxy = EBC15EA81BE29AC3001C0C5B /* PBXContainerItemProxy */; }; - E7D847C41C6BE9710025BB44 /* KeychainCircle */ = { - isa = PBXNativeTarget; - buildConfigurationList = E7D847FF1C6BE9720025BB44 /* Build configuration list for PBXNativeTarget "KeychainCircle" */; - buildPhases = ( - E7D847C01C6BE9710025BB44 /* Sources */, - E7D847C11C6BE9710025BB44 /* Frameworks */, - E7D847C21C6BE9710025BB44 /* Headers */, - E7D847C31C6BE9710025BB44 /* Resources */, - ); - buildRules = ( - ); - dependencies = ( - E749F2701D18C284006C2B27 /* PBXTargetDependency */, - ); - name = KeychainCircle; - productName = KeychainCircle; - productReference = E7D847C51C6BE9710025BB44 /* KeychainCircle.framework */; - productType = "com.apple.product-type.framework"; + EBCF743F1CE593A700BED7CA /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = EBCF73F31CE45F9C00BED7CA /* secitemfunctionality */; + targetProxy = EBCF743E1CE593A700BED7CA /* PBXContainerItemProxy */; }; - E7D847CD1C6BE9720025BB44 /* KeychainCircleTests */ = { - isa = PBXNativeTarget; - buildConfigurationList = E7D848001C6BE9720025BB44 /* Build configuration list for PBXNativeTarget "KeychainCircleTests" */; - buildPhases = ( - E7D847CA1C6BE9720025BB44 /* Sources */, - E7D847CB1C6BE9720025BB44 /* Frameworks */, - E7D847CC1C6BE9720025BB44 /* Resources */, - E7CFF7211C86602B00E3484E /* Install BATS Tests */, - E7E0C6D11C90E87D00E69A21 /* chmod BATS Tests */, - ); - buildRules = ( - ); - dependencies = ( - E7D847D11C6BE9720025BB44 /* PBXTargetDependency */, - 5250AC301C866F9D00169095 /* PBXTargetDependency */, - 5250AC321C866F9D00169095 /* PBXTargetDependency */, - 5250AC341C866F9D00169095 /* PBXTargetDependency */, - 5250AC361C866FA500169095 /* PBXTargetDependency */, - E75E498F1C8F79BB0001A34F /* PBXTargetDependency */, - E7E0C73D1C90EE0000E69A21 /* PBXTargetDependency */, - E7E0C73F1C90EE0500E69A21 /* PBXTargetDependency */, - ); - name = KeychainCircleTests; - productName = KeychainCircleTests; - productReference = E7D847CE1C6BE9720025BB44 /* KeychainCircleTests.xctest */; - productType = "com.apple.product-type.bundle.unit-test"; + EBD849361B242C8900C5FD1E /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 4CE5A54C09C796E100D27A3F /* sslViewer */; + targetProxy = EBD849351B242C8900C5FD1E /* PBXContainerItemProxy */; }; - EB0BC9361C3C791500785842 /* secedumodetest */ = { - isa = PBXNativeTarget; - buildConfigurationList = EB0BC93B1C3C791500785842 /* Build configuration list for PBXNativeTarget "secedumodetest" */; - buildPhases = ( - EB0BC9371C3C791500785842 /* Sources */, - EB0BC9391C3C791500785842 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = secedumodetest; - productName = secbackupntest; - productReference = EB0BC93E1C3C791500785842 /* secedumodetest */; - productType = "com.apple.product-type.tool"; + EBF374821DC058B60065D840 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = EBF374711DC055580065D840 /* security-sysdiagnose */; + targetProxy = EBF374811DC058B60065D840 /* PBXContainerItemProxy */; }; - EB425C9E1C65846D000ECE53 /* secbackuptest */ = { - isa = PBXNativeTarget; - buildConfigurationList = EB425CA31C65846D000ECE53 /* Build configuration list for PBXNativeTarget "secbackuptest" */; - buildPhases = ( - EB425C9F1C65846D000ECE53 /* Sources */, - EB425CA11C65846D000ECE53 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = secbackuptest; - productName = secbackupntest; - productReference = EB425CA61C65846D000ECE53 /* secbackuptest */; - productType = "com.apple.product-type.tool"; + EBF374841DC058C00065D840 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = EBF374711DC055580065D840 /* security-sysdiagnose */; + targetProxy = EBF374831DC058C00065D840 /* PBXContainerItemProxy */; }; - EB433A201CC3243600A7EACE /* secitemstresstest */ = { - isa = PBXNativeTarget; - buildConfigurationList = EB433A251CC3243600A7EACE /* Build configuration list for PBXNativeTarget "secitemstresstest" */; - buildPhases = ( - EB433A211CC3243600A7EACE /* Sources */, - EB433A231CC3243600A7EACE /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = secitemstresstest; - productName = secbackupntest; - productReference = EB433A281CC3243600A7EACE /* secitemstresstest */; - productType = "com.apple.product-type.tool"; + EBF374861DC058C50065D840 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = EBF374711DC055580065D840 /* security-sysdiagnose */; + targetProxy = EBF374851DC058C50065D840 /* PBXContainerItemProxy */; }; - EB9C1D791BDFD0E000F89272 /* secbackupntest */ = { - isa = PBXNativeTarget; - buildConfigurationList = EB9C1DA91BDFD0E100F89272 /* Build configuration list for PBXNativeTarget "secbackupntest" */; - buildPhases = ( - EB9C1D761BDFD0E000F89272 /* Sources */, - EB9C1D771BDFD0E000F89272 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = secbackupntest; - productName = secbackupntest; - productReference = EB9C1D7A1BDFD0E000F89272 /* secbackupntest */; - productType = "com.apple.product-type.tool"; + EBF374881DC058CC0065D840 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = EBF374711DC055580065D840 /* security-sysdiagnose */; + targetProxy = EBF374871DC058CC0065D840 /* PBXContainerItemProxy */; }; - EBA9AA7D1CE30E58004E2B68 /* secitemnotifications */ = { - isa = PBXNativeTarget; - buildConfigurationList = EBA9AA831CE30E58004E2B68 /* Build configuration list for PBXNativeTarget "secitemnotifications" */; - buildPhases = ( - EBA9AA7E1CE30E58004E2B68 /* Sources */, - EBA9AA801CE30E58004E2B68 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = secitemnotifications; - productName = secbackupntest; - productReference = EBA9AA861CE30E58004E2B68 /* secitemnotifications */; - productType = "com.apple.product-type.tool"; + F94E7AE21ACC8E7700F23132 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = F93C49021AB8FCE00047E01A /* ckcdiagnose.sh */; + targetProxy = F94E7AE11ACC8E7700F23132 /* PBXContainerItemProxy */; }; - EBCF73F31CE45F9C00BED7CA /* secitemfunctionality */ = { - isa = PBXNativeTarget; - buildConfigurationList = EBCF73F91CE45F9C00BED7CA /* Build configuration list for PBXNativeTarget "secitemfunctionality" */; - buildPhases = ( - EBCF73F41CE45F9C00BED7CA /* Sources */, - EBCF73F61CE45F9C00BED7CA /* Frameworks */, - ); - buildRules = ( +/* End PBXTargetDependency section */ + +/* Begin PBXVariantGroup section */ + 4C198F1D0ACDB4BF00AAB142 /* Certificate.strings */ = { + isa = PBXVariantGroup; + children = ( + 4C198F1E0ACDB4BF00AAB142 /* English */, ); - dependencies = ( + name = Certificate.strings; + sourceTree = ""; + }; + 4C198F1F0ACDB4BF00AAB142 /* OID.strings */ = { + isa = PBXVariantGroup; + children = ( + 4C198F200ACDB4BF00AAB142 /* English */, ); - name = secitemfunctionality; - productName = secbackupntest; - productReference = EBCF73FC1CE45F9C00BED7CA /* secitemfunctionality */; - productType = "com.apple.product-type.tool"; + name = OID.strings; + sourceTree = ""; }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4C35DB69094F906D002917C4 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - TargetAttributes = { - 4381690B1B4EDCBD00C54D58 = { - CreatedOnToolsVersion = 7.0; - }; - 5EBE24791B00CCAE0007DB0E = { - CreatedOnToolsVersion = 7.0; - }; - CD276C261A83F60C003226BC = { - CreatedOnToolsVersion = 7.0; - }; - D41AD42D1B967169008C7270 = { - CreatedOnToolsVersion = 7.0; - }; - D41AD4311B967179008C7270 = { - CreatedOnToolsVersion = 7.0; - }; - E74584661BF68EBA001B54A4 = { - CreatedOnToolsVersion = 7.1; - }; - E79EEDA71CD3F87B00C2FBFC = { - CreatedOnToolsVersion = 8.0; - }; - E79EEDD21CD3F8AB00C2FBFC = { - CreatedOnToolsVersion = 8.0; - }; - E79EEDD81CD3FFC800C2FBFC = { - CreatedOnToolsVersion = 8.0; - }; - E79EEDE01CD4000C00C2FBFC = { - CreatedOnToolsVersion = 8.0; - }; - E7CFF6471C84F61200E3484E = { - CreatedOnToolsVersion = 7.3; - }; - E7D847C41C6BE9710025BB44 = { - CreatedOnToolsVersion = 7.3; - }; - E7D847CD1C6BE9720025BB44 = { - CreatedOnToolsVersion = 7.3; - }; - EB6A6FA81B90F83A0045DC68 = { - CreatedOnToolsVersion = 7.0; - }; - EB6A6FAE1B90F8810045DC68 = { - CreatedOnToolsVersion = 7.0; - }; - EB6A6FB41B90F8C90045DC68 = { - CreatedOnToolsVersion = 7.0; - }; - EB9C1D791BDFD0E000F89272 = { - CreatedOnToolsVersion = 7.1; - }; - EB9C1DAE1BDFD4DE00F89272 = { - CreatedOnToolsVersion = 7.1; - }; - EBBE20571C21380100B7A639 = { - CreatedOnToolsVersion = 7.2; - }; - F93C49021AB8FCE00047E01A = { - CreatedOnToolsVersion = 6.3; - }; - }; - }; - buildConfigurationList = 4C35DB6A094F906D002917C4 /* Build configuration list for PBXProject "Security" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 0; - knownRegions = ( - English, - Japanese, - French, - German, - en, + 5346480617331E1200FE9172 /* InfoPlist.strings */ = { + isa = PBXVariantGroup; + children = ( + 5346480717331E1200FE9172 /* en */, ); - mainGroup = 4C35DB67094F906D002917C4; - productRefGroup = 4C35DC36094F9120002917C4 /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 4C8786A20B03E05D00BB77D4 /* Products */; - ProjectRef = 4C8786A10B03E05D00BB77D4 /* libDER.xcodeproj */; - }, - { - ProductGroup = 795CA97B0D38269B00BAE6A2 /* Products */; - ProjectRef = 795CA97A0D38269B00BAE6A2 /* libsecurity_asn1.xcodeproj */; - }, - { - ProductGroup = 79BDD3950D60D5F9000D84D3 /* Products */; - ProjectRef = 79BDD3940D60D5F9000D84D3 /* libsecurity_smime.xcodeproj */; - }, - { - ProductGroup = 0C95404014E473AA00077526 /* Products */; - ProjectRef = 0C95403F14E473AA00077526 /* libsecurity_ssl.xcodeproj */; - }, - { - ProductGroup = 051D8F83194913E500AEF66A /* Products */; - ProjectRef = 051D8F82194913E500AEF66A /* OSX.xcodeproj */; - }, - { - ProductGroup = 0C25A872122726540050C2BD /* Products */; - ProjectRef = 0C25A871122726540050C2BD /* regressions.xcodeproj */; - }, - { - ProductGroup = 18F7F65914D77DF700F88A12 /* Products */; - ProjectRef = 18F7F65814D77DF700F88A12 /* sec.xcodeproj */; - }, - { - ProductGroup = 05EF68801949143A007958C3 /* Products */; - ProjectRef = 05EF687F1949143A007958C3 /* securityd.xcodeproj */; - }, - { - ProductGroup = 05EF68AA19491453007958C3 /* Products */; - ProjectRef = 05EF68A919491453007958C3 /* SecurityTool.xcodeproj */; - }, - { - ProductGroup = 4C2FEC4A15755D700008BE39 /* Products */; - ProjectRef = 4C2FEC4915755D700008BE39 /* utilities.xcodeproj */; - }, + name = InfoPlist.strings; + sourceTree = ""; + }; + 53C0E1F1177FAC2C00F8A018 /* CloudKeychain.strings */ = { + isa = PBXVariantGroup; + children = ( + 53C0E1F2177FAC2C00F8A018 /* English */, ); - projectRoot = ""; - targets = ( - E79EEDD81CD3FFC800C2FBFC /* Security_frameworks_osx */, - 0C7CFA2E14E1BA4800DF9D95 /* Security_frameworks_ios */, - E7CFF6471C84F61200E3484E /* Security_KeychainCircle */, - 05EF68BB194915A5007958C3 /* Security_executables_osx */, - 4C541F840F250BF500E508AE /* Security_executables_ios */, - D41AD4311B967179008C7270 /* Security_executables_tvos */, - D41AD42D1B967169008C7270 /* Security_executables_watchos */, - EB6A6FAE1B90F8810045DC68 /* Security_executables_bridge */, - E79EEDA71CD3F87B00C2FBFC /* Security_tests_osx */, - E79EEDD21CD3F8AB00C2FBFC /* Security_tests_ios */, - 05EF68C1194915FB007958C3 /* Security_kexts */, - 05EF68AF1949149C007958C3 /* Security_temporary_UI */, - 4C91273D0ADBF46200AF202E /* ios */, - E74584661BF68EBA001B54A4 /* osx */, - 4C32C0AE0A4975F6002891BD /* Security */, - E7D847C41C6BE9710025BB44 /* KeychainCircle */, - E7D847CD1C6BE9720025BB44 /* KeychainCircleTests */, - 52D82BDD16A621F70078DFE5 /* CloudKeychainProxy */, - CD276C261A83F60C003226BC /* IDSKeychainSyncingProxy */, - 790851B50CA9859F0083CC4D /* securityd */, - 4CB740A20A47567C00D641BB /* securitytool */, - 7913B1FF0D172B3900601FE9 /* sslServer */, - 4CE5A54C09C796E100D27A3F /* sslViewer */, - 4C9DE9D11181AC4800CF5C27 /* sslEcdsa */, - 0C2BCBA81D06401F00ED7A2F /* dtlsEchoClient */, - 0C2BCBBD1D0648D100ED7A2F /* dtlsEchoServer */, - 0C6799F912F7C37C00712919 /* dtlsTests */, - E710C7411331946400F85568 /* SecurityTests */, - 4C711D5813AFCD0900FE865D /* SecurityDevTests */, - 52DE81681636347500F49F0C /* Keychain */, - E7B01BBD166594AB000485F1 /* SyncDevTest2 */, - 728B56A016D59979008FA3AB /* OTAPKIAssetTool */, - 4C52D0B316EFC61E0079966E /* CircleJoinRequested */, - 0C0BDB2E175685B000BC1A7E /* secdtests */, - BE197F2519116FD100BA91D1 /* SharedWebCredentialViewService */, - BE442BA018B7FDB800F24DAE /* swcagent */, - 5E10992419A5E55800A60E2B /* ISACLProtectedItems */, - F93C49021AB8FCE00047E01A /* ckcdiagnose.sh */, - 5EBE24791B00CCAE0007DB0E /* secacltests */, - 5346480017331E1100FE9172 /* KeychainSyncAccountNotification */, - 4381690B1B4EDCBD00C54D58 /* SOSCCAuthPlugin */, - EB9C1DAE1BDFD4DE00F89272 /* SecurityBatsTests */, - EBBE20571C21380100B7A639 /* SecurityFeatures */, - EB9C1D791BDFD0E000F89272 /* secbackupntest */, - EB425C9E1C65846D000ECE53 /* secbackuptest */, - EB0BC9361C3C791500785842 /* secedumodetest */, - EBCF73F31CE45F9C00BED7CA /* secitemfunctionality */, - EB433A201CC3243600A7EACE /* secitemstresstest */, - EBA9AA7D1CE30E58004E2B68 /* secitemnotifications */, - 4C541F950F250C3000E508AE /* phase1 */, - EB6A6FA81B90F83A0045DC68 /* phase1_ios */, - EB6A6FB41B90F8C90045DC68 /* phase2 */, - E79EEDE01CD4000C00C2FBFC /* Security_executables */, - 05EF68B519491512007958C3 /* Security_frameworks */, + name = CloudKeychain.strings; + sourceTree = ""; + }; + BE197F2A19116FD100BA91D1 /* InfoPlist.strings */ = { + isa = PBXVariantGroup; + children = ( + BE197F2B19116FD100BA91D1 /* en */, ); + name = InfoPlist.strings; + sourceTree = ""; }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 051D8FD7194913E700AEF66A /* Security.framework */ = { - isa = PBXReferenceProxy; - fileType = wrapper.framework; - path = Security.framework; - remoteRef = 051D8FD6194913E700AEF66A /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + BE4AC9B818B8273600B84964 /* SharedWebCredentials.strings */ = { + isa = PBXVariantGroup; + children = ( + BE4AC9B918B8273600B84964 /* English */, + ); + name = SharedWebCredentials.strings; + sourceTree = ""; }; - 051D8FD9194913E700AEF66A /* csparser.bundle */ = { - isa = PBXReferenceProxy; - fileType = wrapper.cfbundle; - path = csparser.bundle; - remoteRef = 051D8FD8194913E700AEF66A /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + CD6130D61DA06FC600E1E42F /* InfoPlist.strings */ = { + isa = PBXVariantGroup; + children = ( + CD6130D71DA06FC600E1E42F /* en */, + ); + name = InfoPlist.strings; + sourceTree = ""; }; - 051D8FDB194913E700AEF66A /* Security.framework */ = { - isa = PBXReferenceProxy; - fileType = wrapper.framework; - path = Security.framework; - remoteRef = 051D8FDA194913E700AEF66A /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + DC0B622D1D909C4600D43BCB /* MainMenu.xib */ = { + isa = PBXVariantGroup; + children = ( + DC0B622E1D909C4600D43BCB /* Base */, + ); + name = MainMenu.xib; + sourceTree = ""; }; - 051D8FDD194913E700AEF66A /* secd */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = secd; - remoteRef = 051D8FDC194913E700AEF66A /* PBXContainerItemProxy */; + DC178A331D77A1F500B50D50 /* SecErrorMessages.strings */ = { + isa = PBXVariantGroup; + children = ( + DC178A341D77A1F500B50D50 /* SecErrorMessages.strings */, + ); + name = SecErrorMessages.strings; + path = derived_src/en.lproj/; sourceTree = BUILT_PRODUCTS_DIR; }; - 051D8FDF194913E700AEF66A /* secdtests */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = secdtests; - remoteRef = 051D8FDE194913E700AEF66A /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + DC178A381D77A1F500B50D50 /* InfoPlist.strings */ = { + isa = PBXVariantGroup; + children = ( + DC178A391D77A1F500B50D50 /* en */, + ); + name = InfoPlist.strings; + sourceTree = ""; }; - 051D8FE1194913E700AEF66A /* sectests */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = sectests; - remoteRef = 051D8FE0194913E700AEF66A /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + DC178A3B1D77A1F500B50D50 /* authorization.dfr.prompts-BBBAA77A32-C4EBFEA440.strings */ = { + isa = PBXVariantGroup; + children = ( + DC178A3C1D77A1F500B50D50 /* en */, + ); + name = "authorization.dfr.prompts-BBBAA77A32-C4EBFEA440.strings"; + sourceTree = ""; }; - 051D8FE3194913E700AEF66A /* authd.xpc */ = { - isa = PBXReferenceProxy; - fileType = wrapper.cfbundle; - path = authd.xpc; - remoteRef = 051D8FE2194913E700AEF66A /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + DC178A3D1D77A1F500B50D50 /* authorization.buttons.strings */ = { + isa = PBXVariantGroup; + children = ( + DC178A3E1D77A1F500B50D50 /* en */, + ); + name = authorization.buttons.strings; + sourceTree = ""; + }; + DC178A3F1D77A1F500B50D50 /* authorization.prompts.strings */ = { + isa = PBXVariantGroup; + children = ( + DC178A401D77A1F500B50D50 /* en */, + ); + name = authorization.prompts.strings; + sourceTree = ""; + }; + DCE4E9041D7F3A4800AFB96E /* InfoPlist.strings */ = { + isa = PBXVariantGroup; + children = ( + DCE4E9051D7F3A4800AFB96E /* en */, + ); + name = InfoPlist.strings; + sourceTree = ""; + }; + DCE4E9061D7F3A4800AFB96E /* Credits.rtf */ = { + isa = PBXVariantGroup; + children = ( + DCE4E9071D7F3A4800AFB96E /* en */, + ); + name = Credits.rtf; + sourceTree = ""; + }; + DCE4E9441D7F3E8700AFB96E /* Localizable.strings */ = { + isa = PBXVariantGroup; + children = ( + DCE4E9451D7F3E8700AFB96E /* en */, + ); + name = Localizable.strings; + sourceTree = ""; + }; + DCE4E9471D7F3E8700AFB96E /* InfoPlist.strings */ = { + isa = PBXVariantGroup; + children = ( + DCE4E9481D7F3E8700AFB96E /* en */, + ); + name = InfoPlist.strings; + sourceTree = ""; + }; +/* End PBXVariantGroup section */ + +/* Begin XCBuildConfiguration section */ + 05EF68B11949149C007958C3 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; + }; + 05EF68B21949149C007958C3 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; + }; + 05EF68B719491512007958C3 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; + }; + 05EF68B819491512007958C3 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; + }; + 05EF68BD194915A5007958C3 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; + }; + 05EF68BE194915A5007958C3 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; + }; + 05EF68C3194915FB007958C3 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; + }; + 05EF68C4194915FB007958C3 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; + }; + 0C0BDB35175685B000BC1A7E /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ENABLE_OBJC_ARC = YES; + CODE_SIGN_ENTITLEMENTS = "secdtests/secdtests-entitlements.plist"; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + INSTALL_PATH = /usr/local/bin; + LIBRARY_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)/usr/lib/system", + ); + OTHER_LDFLAGS = "-ObjC"; + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-framework", + MobileKeyBag, + "-laks", + "-lACM", + "-lImg4Decode", + "-lz", + "-ObjC", + "-lSystem", + ); + PRODUCT_NAME = secdtests; + STRIP_STYLE = debugging; + }; + name = Debug; }; - 051D8FE7194913E700AEF66A /* security2 */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = security2; - remoteRef = 051D8FE6194913E700AEF66A /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 0C0BDB36175685B000BC1A7E /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ENABLE_OBJC_ARC = YES; + CODE_SIGN_ENTITLEMENTS = "secdtests/secdtests-entitlements.plist"; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + INSTALL_PATH = /usr/local/bin; + LIBRARY_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)/usr/lib/system", + ); + OTHER_LDFLAGS = "-ObjC"; + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-framework", + MobileKeyBag, + "-laks", + "-lACM", + "-lImg4Decode", + "-lz", + "-ObjC", + "-lSystem", + ); + PRODUCT_NAME = secdtests; + STRIP_STYLE = debugging; + }; + name = Release; }; - 051D8FE9194913E700AEF66A /* Cloud Keychain Utility.app */ = { - isa = PBXReferenceProxy; - fileType = wrapper.application; - path = "Cloud Keychain Utility.app"; - remoteRef = 051D8FE8194913E700AEF66A /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 0C2BCBB71D06401F00ED7A2F /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CODE_SIGN_ENTITLEMENTS = "sslViewer/sslViewer-entitlements.plist"; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + INSTALL_PATH = /usr/local/bin; + PRODUCT_NAME = "$(TARGET_NAME)"; + SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; + }; + name = Debug; }; - 051D8FEB194913E700AEF66A /* Keychain Circle Notification.app */ = { - isa = PBXReferenceProxy; - fileType = wrapper.application; - path = "Keychain Circle Notification.app"; - remoteRef = 051D8FEA194913E700AEF66A /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 0C2BCBB81D06401F00ED7A2F /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CODE_SIGN_ENTITLEMENTS = "sslViewer/sslViewer-entitlements.plist"; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + INSTALL_PATH = /usr/local/bin; + PRODUCT_NAME = "$(TARGET_NAME)"; + SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; + }; + name = Release; }; - 05EF68A51949143A007958C3 /* securityd */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = securityd; - remoteRef = 05EF68A41949143A007958C3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 0C2BCBCC1D0648D100ED7A2F /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CODE_SIGN_ENTITLEMENTS = "sslViewer/sslViewer-entitlements.plist"; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + INSTALL_PATH = /usr/local/bin; + PRODUCT_NAME = "$(TARGET_NAME)"; + SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; + }; + name = Debug; }; - 05EF68AE19491453007958C3 /* security */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = security; - remoteRef = 05EF68AD19491453007958C3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 0C2BCBCD1D0648D100ED7A2F /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CODE_SIGN_ENTITLEMENTS = "sslViewer/sslViewer-entitlements.plist"; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + INSTALL_PATH = /usr/local/bin; + PRODUCT_NAME = "$(TARGET_NAME)"; + SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; + }; + name = Release; }; - 0C0BDB821756A1D700BC1A7E /* libsecdRegressions.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecdRegressions.a; - remoteRef = 0C0BDB811756A1D700BC1A7E /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 0C6799FA12F7C37C00712919 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + COPY_PHASE_STRIP = NO; + GCC_DYNAMIC_NO_PIC = NO; + GCC_OPTIMIZATION_LEVEL = 0; + PRODUCT_NAME = dtlsTests; + }; + name = Debug; }; - 0CCA406A15C73CA1002AEC4C /* libsecurity_ssl.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_ssl.a; - remoteRef = 0CCA406915C73CA1002AEC4C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 0C6799FB12F7C37C00712919 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + COPY_PHASE_STRIP = YES; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + PRODUCT_NAME = dtlsTests; + ZERO_LINK = NO; + }; + name = Release; }; - 0CCA418415C89ECD002AEC4C /* libsecurity_ssl_regressions.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity_ssl_regressions.a; - remoteRef = 0CCA418315C89ECD002AEC4C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 0C7CFA3014E1BA4800DF9D95 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - 0CCA42F115C8A806002AEC4C /* dtlsEchoClient */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = dtlsEchoClient; - remoteRef = 0CCA42F015C8A806002AEC4C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 0C7CFA3114E1BA4800DF9D95 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - 0CCA42F315C8A806002AEC4C /* dtlsEchoServer */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = dtlsEchoServer; - remoteRef = 0CCA42F215C8A806002AEC4C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 438169101B4EDCBD00C54D58 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + COMBINE_HIDPI_IMAGES = YES; + INFOPLIST_FILE = SOSCCAuthPlugin/Info.plist; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Accounts/Authentication/AppleIDAuthenticationDelegates"; + PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.SOSCCAuthPlugin; + PRODUCT_NAME = "$(TARGET_NAME)"; + WRAPPER_EXTENSION = bundle; + }; + name = Debug; }; - 18F7F66314D77DF700F88A12 /* libsecurity.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurity.a; - remoteRef = 18F7F66214D77DF700F88A12 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 438169111B4EDCBD00C54D58 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + COMBINE_HIDPI_IMAGES = YES; + INFOPLIST_FILE = SOSCCAuthPlugin/Info.plist; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Accounts/Authentication/AppleIDAuthenticationDelegates"; + PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.SOSCCAuthPlugin; + PRODUCT_NAME = "$(TARGET_NAME)"; + WRAPPER_EXTENSION = bundle; + }; + name = Release; }; - 18F7F66514D77DF700F88A12 /* libsecurityd.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecurityd.a; - remoteRef = 18F7F66414D77DF700F88A12 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 4C52D0BE16EFC61E0079966E /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = CircleJoinRequested/entitlements.plist; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_SYMBOLS_PRIVATE_EXTERN = NO; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES; + HEADER_SEARCH_PATHS = ( + "$(inherited)", + "$(PROJECT_DIR)", + "$(PROJECT_DIR)/OSX/libsecurity_keychain/libDER", + "$(PROJECT_DIR)/OSX/libsecurity_asn1", + "$(PROJECT_DIR)/libsecurity_smime", + "$(PROJECT_DIR)/OSX/sec/ProjectHeaders", + "$(PROJECT_DIR)/OSX/sec", + "$(PROJECT_DIR)/OSX/sec/SOSCircle", + "$(PROJECT_DIR)/OSX/utilities", + "$(PROJECT_DIR)/OSX/regressions", + "$(PROJECT_DIR)/OSX/", + "$(SDKROOT)/System/Library/PrivateFrameworks", + "$(SDKROOT)/System/Library/PrivateFrameworks/CloudServices/Headers", + ); + INSTALL_PATH = /System/Library/Frameworks/Security.framework/CircleJoinRequested/; + ONLY_ACTIVE_ARCH = YES; + OTHER_CFLAGS = ( + "-fconstant-cfstrings", + "-fno-inline", + "-DDEBUG", + ); + OTHER_LDFLAGS = "$(APPLE_AKS_LIBRARY)"; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - 18F7F66714D77DF700F88A12 /* libSecItemShimOSX.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSecItemShimOSX.a; - remoteRef = 18F7F66614D77DF700F88A12 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 4C52D0BF16EFC61E0079966E /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = CircleJoinRequested/entitlements.plist; + ENABLE_NS_ASSERTIONS = NO; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_WARN_UNDECLARED_SELECTOR = YES; + HEADER_SEARCH_PATHS = ( + "$(inherited)", + "$(PROJECT_DIR)", + "$(PROJECT_DIR)/OSX/libsecurity_keychain/libDER", + "$(PROJECT_DIR)/OSX/libsecurity_asn1", + "$(PROJECT_DIR)/libsecurity_smime", + "$(PROJECT_DIR)/OSX/sec/ProjectHeaders", + "$(PROJECT_DIR)/OSX/sec", + "$(PROJECT_DIR)/OSX/sec/SOSCircle", + "$(PROJECT_DIR)/OSX/utilities", + "$(PROJECT_DIR)/OSX/regressions", + "$(PROJECT_DIR)/OSX/", + "$(SDKROOT)/System/Library/PrivateFrameworks", + "$(SDKROOT)/System/Library/PrivateFrameworks/CloudServices/Headers", + ); + INSTALL_PATH = /System/Library/Frameworks/Security.framework/CircleJoinRequested/; + OTHER_LDFLAGS = "$(APPLE_AKS_LIBRARY)"; + PRODUCT_NAME = "$(TARGET_NAME)"; + VALIDATE_PRODUCT = YES; + }; + name = Release; }; - 18F7F66914D77DF700F88A12 /* libsecipc_client.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecipc_client.a; - remoteRef = 18F7F66814D77DF700F88A12 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 4C541F870F250BF500E508AE /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = phase2; + }; + name = Debug; }; - 3792618F1A8987DB008ADD3C /* SecTaskTest */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = SecTaskTest; - remoteRef = 3792618E1A8987DB008ADD3C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 4C541F8A0F250BF500E508AE /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = phase2; + }; + name = Release; }; - 4C0789C2113F4C7400422E2D /* parseTicket */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = parseTicket; - remoteRef = 4C0789C1113F4C7400422E2D /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 4C541F980F250C3000E508AE /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = phase1; + }; + name = Debug; }; - 4C2FEC5115755D710008BE39 /* libutilities.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libutilities.a; - remoteRef = 4C2FEC5015755D710008BE39 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 4C541F9B0F250C3000E508AE /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = phase1; + }; + name = Release; }; - 4C60888B155C943D00A0904F /* libSecureObjectSync.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSecureObjectSync.a; - remoteRef = 4C60888A155C943D00A0904F /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 4C711D7413AFCD0900FE865D /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ENABLE_OBJC_ARC = YES; + CODE_SIGN_ENTITLEMENTS = "SecurityTests/SecurityTests-Entitlements.plist"; + COMBINE_HIDPI_IMAGES = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + HEADER_SEARCH_PATHS = ( + "$(inherited)", + "$(PROJECT_DIR)/OSX/regressions", + ); + INFOPLIST_FILE = "SecurityTests/SecurityDevTests-Info.plist"; + LIBRARY_SEARCH_PATHS = ( + "$(inherited)", + "\"$(SDKROOT)/usr/lib/system\"", + ); + OTHER_LDFLAGS = "$(inherited)"; + "OTHER_LDFLAGS[sdk=embedded][arch=*]" = ( + "$(inherited)", + "-framework", + MobileKeyBag, + "-laks", + "-lACM", + "-lImg4Decode", + "-lSystem", + ); + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:identifier}"; + PRODUCT_NAME = SecurityDevTests; + STRIP_STYLE = debugging; + }; + name = Debug; }; - 4C60888D155C943D00A0904F /* libSOSRegressions.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSOSRegressions.a; - remoteRef = 4C60888C155C943D00A0904F /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 4C711D7513AFCD0900FE865D /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ENABLE_OBJC_ARC = YES; + CODE_SIGN_ENTITLEMENTS = "SecurityTests/SecurityTests-Entitlements.plist"; + COMBINE_HIDPI_IMAGES = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + HEADER_SEARCH_PATHS = ( + "$(inherited)", + "$(PROJECT_DIR)/OSX/regressions", + ); + INFOPLIST_FILE = "SecurityTests/SecurityDevTests-Info.plist"; + LIBRARY_SEARCH_PATHS = ( + "$(inherited)", + "\"$(SDKROOT)/usr/lib/system\"", + ); + OTHER_LDFLAGS = "$(inherited)"; + "OTHER_LDFLAGS[sdk=embedded]" = ( + "$(inherited)", + "-framework", + MobileKeyBag, + "-laks", + "-lACM", + "-lImg4Decode", + "-lSystem", + ); + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:identifier}"; + PRODUCT_NAME = SecurityDevTests; + STRIP_STYLE = debugging; + }; + name = Release; }; - 4C8786AD0B03E05E00BB77D4 /* libDER.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libDER.a; - remoteRef = 4C8786AC0B03E05E00BB77D4 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 4C9DE9D41181AC4900CF5C27 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + INSTALL_PATH = /usr/local/bin; + OTHER_LDFLAGS = ( + "-lsqlite3", + "-framework", + CFNetwork, + ); + "OTHER_LDFLAGS[sdk=embedded][arch=*]" = ( + "-lsqlite3", + "-framework", + CFNetwork, + "-framework", + IOKit, + "-framework", + MobileKeyBag, + "-laks", + "-lACM", + ); + "OTHER_LDFLAGS[sdk=embeddedsimulator*]" = ( + "-lsqlite3", + "-framework", + CFNetwork, + "-framework", + IOKit, + ); + PRODUCT_NAME = sslEcdsa; + }; + name = Debug; }; - 4C8786AF0B03E05E00BB77D4 /* parseCert */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = parseCert; - remoteRef = 4C8786AE0B03E05E00BB77D4 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 4C9DE9D51181AC4900CF5C27 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + INSTALL_PATH = /usr/local/bin; + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-lsqlite3", + "-framework", + CFNetwork, + "-framework", + IOKit, + "-framework", + MobileKeyBag, + "-laks", + "-lACM", + ); + "OTHER_LDFLAGS[sdk=embeddedsimulator*]" = ( + "-lsqlite3", + "-framework", + CFNetwork, + ); + PRODUCT_NAME = sslEcdsa; + }; + name = Release; }; - 4C8786B10B03E05E00BB77D4 /* libDERUtils.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libDERUtils.a; - remoteRef = 4C8786B00B03E05E00BB77D4 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 52D82BE916A621F80078DFE5 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DCE4E82B1D7A54D300AFB96E /* ios_on_macos.xcconfig */; + buildSettings = { + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = KVSKeychainSyncingProxy/cloudkeychain.entitlements.plist; + COMBINE_HIDPI_IMAGES = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_SYMBOLS_PRIVATE_EXTERN = NO; + GCC_WARN_UNINITIALIZED_AUTOS = YES; + HEADERMAP_INCLUDES_FRAMEWORK_ENTRIES_FOR_ALL_PRODUCT_TYPES = ""; + HEADER_SEARCH_PATHS = ( + "$(inherited)", + "$(PROJECT_DIR)/OSX/sec/SOSCircle/CKBridge", + ); + INFOPLIST_FILE = "KVSKeychainSyncingProxy/CloudKeychainProxy-Info.plist"; + INSTALL_PATH = "$(SECURITY_FRAMEWORK_RESOURCES_DIR)"; + MACH_O_TYPE = mh_execute; + ONLY_ACTIVE_ARCH = YES; + OTHER_LDFLAGS = ( + "-laks", + "-ObjC", + ); + "OTHER_LDFLAGS[sdk=embeddedsimulator*]" = "-ObjC"; + PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.cloudkeychainproxy3; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = NO; + STRIP_INSTALLED_PRODUCT = NO; + STRIP_STYLE = all; + WRAPPER_EXTENSION = bundle; + }; + name = Debug; }; - 4C8786B30B03E05E00BB77D4 /* parseCrl */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = parseCrl; - remoteRef = 4C8786B20B03E05E00BB77D4 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 52D82BEA16A621F80078DFE5 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DCE4E82B1D7A54D300AFB96E /* ios_on_macos.xcconfig */; + buildSettings = { + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = KVSKeychainSyncingProxy/cloudkeychain.entitlements.plist; + COMBINE_HIDPI_IMAGES = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + GCC_C_LANGUAGE_STANDARD = gnu99; + HEADERMAP_INCLUDES_FRAMEWORK_ENTRIES_FOR_ALL_PRODUCT_TYPES = ""; + HEADER_SEARCH_PATHS = ( + "$(inherited)", + "$(PROJECT_DIR)/OSX/sec/SOSCircle/CKBridge", + ); + INFOPLIST_FILE = "KVSKeychainSyncingProxy/CloudKeychainProxy-Info.plist"; + INSTALL_PATH = "$(SECURITY_FRAMEWORK_RESOURCES_DIR)"; + MACH_O_TYPE = mh_execute; + OTHER_LDFLAGS = ( + "-laks", + "-ObjC", + ); + "OTHER_LDFLAGS[sdk=embeddedsimulator*]" = "-ObjC"; + PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.cloudkeychainproxy3; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = NO; + STRIP_STYLE = all; + VALIDATE_PRODUCT = YES; + WRAPPER_EXTENSION = bundle; + }; + name = Release; }; - 4CC92B1A15A3BF1E00C6D578 /* libsecuritydRegressions.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecuritydRegressions.a; - remoteRef = 4CC92B1915A3BF1E00C6D578 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 5346480B17331E1200FE9172 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_MODULES = NO; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COMBINE_HIDPI_IMAGES = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_PRECOMPILE_PREFIX_HEADER = YES; + GCC_PREFIX_HEADER = "KeychainSyncAccountNotification/KeychainSyncAccountNotification-Prefix.pch"; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_SYMBOLS_PRIVATE_EXTERN = NO; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES; + INFOPLIST_FILE = "KeychainSyncAccountNotification/KeychainSyncAccountNotification-Info.plist"; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Accounts/Notification"; + OTHER_LDFLAGS = "$(AOSKIT_FRAMEWORK)"; + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; + PRODUCT_NAME = "$(TARGET_NAME)"; + WRAPPER_EXTENSION = bundle; + }; + name = Debug; }; - 5EF7C2731B00EEF900E5E99C /* secacltests */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = secacltests; - remoteRef = 5EF7C2721B00EEF900E5E99C /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 5346480C17331E1200FE9172 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_MODULES = NO; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COMBINE_HIDPI_IMAGES = YES; + ENABLE_NS_ASSERTIONS = NO; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_PRECOMPILE_PREFIX_HEADER = YES; + GCC_PREFIX_HEADER = "KeychainSyncAccountNotification/KeychainSyncAccountNotification-Prefix.pch"; + GCC_WARN_UNDECLARED_SELECTOR = YES; + INFOPLIST_FILE = "KeychainSyncAccountNotification/KeychainSyncAccountNotification-Info.plist"; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Accounts/Notification"; + OTHER_LDFLAGS = "$(AOSKIT_FRAMEWORK)"; + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; + PRODUCT_NAME = "$(TARGET_NAME)"; + VALIDATE_PRODUCT = YES; + WRAPPER_EXTENSION = bundle; + }; + name = Release; }; - 795CA9860D38269B00BAE6A2 /* libASN1.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libASN1.a; - remoteRef = 795CA9850D38269B00BAE6A2 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 5E10992A19A5E55800A60E2B /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COMBINE_HIDPI_IMAGES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_SYMBOLS_PRIVATE_EXTERN = NO; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INFOPLIST_FILE = ISACLProtectedItems/Info.plist; + INSTALL_PATH = /AppleInternal/Library/PreferenceBundles/; + MTL_ENABLE_DEBUG_INFO = YES; + ONLY_ACTIVE_ARCH = YES; + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.securityservices.${PRODUCT_NAME:rfc1034identifier}"; + PRODUCT_NAME = "$(TARGET_NAME)"; + WRAPPER_EXTENSION = bundle; + }; + name = Debug; }; - 79BDD39B0D60D5F9000D84D3 /* security_smime */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.dylib"; - path = security_smime; - remoteRef = 79BDD39A0D60D5F9000D84D3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 5E10992B19A5E55800A60E2B /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COMBINE_HIDPI_IMAGES = YES; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INFOPLIST_FILE = ISACLProtectedItems/Info.plist; + INSTALL_PATH = /AppleInternal/Library/PreferenceBundles/; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.securityservices.${PRODUCT_NAME:rfc1034identifier}"; + PRODUCT_NAME = "$(TARGET_NAME)"; + VALIDATE_PRODUCT = YES; + WRAPPER_EXTENSION = bundle; + }; + name = Release; }; - 79BDD39D0D60D5F9000D84D3 /* security_smime.framework */ = { - isa = PBXReferenceProxy; - fileType = wrapper.framework; - path = security_smime.framework; - remoteRef = 79BDD39C0D60D5F9000D84D3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 5EBE247E1B00CCAE0007DB0E /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DCE4E82B1D7A54D300AFB96E /* ios_on_macos.xcconfig */; + buildSettings = { + CLANG_ENABLE_OBJC_ARC = YES; + CODE_SIGN_ENTITLEMENTS = "secacltests/secacltests-entitlements.plist"; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + INSTALL_PATH = /usr/local/bin; + LIBRARY_SEARCH_PATHS = "$(SDKROOT)/usr/local/lib"; + "OTHER_LDFLAGS[sdk=embedded*]" = ( + "-lMobileGestalt", + "-framework", + AggregateDictionary, + "-lz", + ); + "OTHER_LDFLAGS[sdk=embedded]" = ( + "$(inherited)", + "-framework", + MobileKeyBag, + "-laks", + "-lACM", + "-lImg4Decode", + "-lSystem", + ); + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - 79BDD39F0D60D5F9000D84D3 /* libCMS.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libCMS.a; - remoteRef = 79BDD39E0D60D5F9000D84D3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 5EBE247F1B00CCAE0007DB0E /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DCE4E82B1D7A54D300AFB96E /* ios_on_macos.xcconfig */; + buildSettings = { + CLANG_ENABLE_OBJC_ARC = YES; + CODE_SIGN_ENTITLEMENTS = "secacltests/secacltests-entitlements.plist"; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + INSTALL_PATH = /usr/local/bin; + LIBRARY_SEARCH_PATHS = "$(SDKROOT)/usr/local/lib"; + "OTHER_LDFLAGS[sdk=embedded*]" = ( + "-lMobileGestalt", + "-framework", + AggregateDictionary, + "-lz", + ); + "OTHER_LDFLAGS[sdk=embedded]" = ( + "$(inherited)", + "-framework", + MobileKeyBag, + "-laks", + "-lACM", + "-lImg4Decode", + "-lSystem", + ); + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - BE442B9B18B7FD6700F24DAE /* libSWCAgent.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSWCAgent.a; - remoteRef = BE442B9A18B7FD6700F24DAE /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 728B56AC16D59979008FA3AB /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = 22C002A31AC9D33100B3469E /* OTAPKIAssetTool.xcconfig */; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = "$(PROJECT_DIR)/OTAPKIAssetTool/OTAPKIAssetTool-entitlements.plist"; + CODE_SIGN_IDENTITY = "-"; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_SYMBOLS_PRIVATE_EXTERN = NO; + GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; + GCC_WARN_UNINITIALIZED_AUTOS = YES; + INSTALL_PATH = /usr/libexec; + ONLY_ACTIVE_ARCH = YES; + OTHER_LDFLAGS = ""; + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-framework", + BackgroundTaskAgent, + ); + PRODUCT_NAME = "$(TARGET_NAME)"; + SDKROOT = iphoneos.internal; + "SKIP_INSTALL[sdk=embeddedsimulator*]" = YES; + }; + name = Debug; }; - CD8B5AE71B618F1B004D4AEF /* trustd */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = trustd; - remoteRef = CD8B5AE61B618F1B004D4AEF /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 728B56AD16D59979008FA3AB /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = 22C002A31AC9D33100B3469E /* OTAPKIAssetTool.xcconfig */; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = "$(PROJECT_DIR)/OTAPKIAssetTool/OTAPKIAssetTool-entitlements.plist"; + CODE_SIGN_IDENTITY = "-"; + ENABLE_NS_ASSERTIONS = NO; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; + INSTALL_PATH = /usr/libexec; + OTHER_LDFLAGS = ""; + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-framework", + BackgroundTaskAgent, + ); + PRODUCT_NAME = "$(TARGET_NAME)"; + SDKROOT = iphoneos.internal; + "SKIP_INSTALL[sdk=embeddedsimulator*]" = YES; + VALIDATE_PRODUCT = YES; + }; + name = Release; }; - CD8B5AEC1B618F1B004D4AEF /* libSecTrustOSX.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSecTrustOSX.a; - remoteRef = CD8B5AEB1B618F1B004D4AEF /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 7913B20D0D172B3900601FE9 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CODE_SIGN_ENTITLEMENTS = "sslViewer/sslServer-entitlements.plist"; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + INSTALL_PATH = /usr/local/bin; + OTHER_LDFLAGS = ( + "-lsqlite3", + "-framework", + CFNetwork, + ); + "OTHER_LDFLAGS[sdk=embedded][arch=*]" = ( + "-lsqlite3", + "-framework", + CFNetwork, + "-framework", + IOKit, + "-framework", + MobileKeyBag, + "-lcorecrypto$(Sim_Name)", + "-laks", + "-lACM", + ); + PRODUCT_NAME = sslServer; + }; + name = Debug; }; - D40771E21C9B51830016AA66 /* libSharedRegressions.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSharedRegressions.a; - remoteRef = D40771E11C9B51830016AA66 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 7913B2100D172B3900601FE9 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CODE_SIGN_ENTITLEMENTS = "sslViewer/sslServer-entitlements.plist"; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + INSTALL_PATH = /usr/local/bin; + OTHER_LDFLAGS = ""; + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-lsqlite3", + "-framework", + CFNetwork, + "-framework", + IOKit, + "-framework", + MobileKeyBag, + "-lcorecrypto$(Sim_Name)", + "-laks", + "-lACM", + ); + "OTHER_LDFLAGS[sdk=embeddedsimulator*][arch=*]" = ( + "-lsqlite3", + "-framework", + CFNetwork, + ); + PRODUCT_NAME = sslServer; + }; + name = Release; }; - D42FA8701C9B9081003E46A7 /* SecurityTestsOSX.app */ = { - isa = PBXReferenceProxy; - fileType = wrapper.application; - path = SecurityTestsOSX.app; - remoteRef = D42FA86F1C9B9081003E46A7 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 792EFFDC0CBBF878007C00A0 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + COMBINE_HIDPI_IMAGES = YES; + DEAD_CODE_STRIPPING = YES; + DEFINES_MODULE = YES; + DYLIB_COMPATIBILITY_VERSION = 1; + DYLIB_CURRENT_VERSION = "$(CURRENT_PROJECT_VERSION)"; + EXPORTED_SYMBOLS_FILE = "$(BUILT_PRODUCTS_DIR)/$(PRODUCT_NAME).$(CURRENT_ARCH).exp"; + FRAMEWORK_VERSION = B; + INFOPLIST_FILE = "Security-Info.plist"; + INSTALLHDRS_SCRIPT_PHASE = YES; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks"; + MODULEMAP_FILE = Modules/Security.iOS.modulemap; + OTHER_LDFLAGS = ( + "-laks", + "-Wl,-upward-lcoretls", + "-Wl,-upward-lcoretls_cfhelpers", + ); + "OTHER_LDFLAGS[sdk=*simulator*]" = ( + "-Wl,-upward-lcoretls", + "-Wl,-upward-lcoretls_cfhelpers", + ); + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.${EXECUTABLE_NAME}"; + PRODUCT_NAME = Security; + STRIP_STYLE = debugging; + Sim_Name = ""; + "Sim_Name[sdk=embeddedsimulator*][arch=*]" = _sim; + }; + name = Debug; }; - E7098DB31A3A53E000CBD4B3 /* codesign_tests */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = codesign_tests; - remoteRef = E7098DB21A3A53E000CBD4B3 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 792EFFDD0CBBF878007C00A0 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + COMBINE_HIDPI_IMAGES = YES; + DEAD_CODE_STRIPPING = YES; + DEFINES_MODULE = YES; + DYLIB_COMPATIBILITY_VERSION = 1; + DYLIB_CURRENT_VERSION = "$(CURRENT_PROJECT_VERSION)"; + EXPORTED_SYMBOLS_FILE = "$(BUILT_PRODUCTS_DIR)/$(PRODUCT_NAME).$(CURRENT_ARCH).exp"; + FRAMEWORK_VERSION = B; + INFOPLIST_FILE = "Security-Info.plist"; + INSTALLHDRS_SCRIPT_PHASE = YES; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks"; + MODULEMAP_FILE = Modules/Security.iOS.modulemap; + OTHER_LDFLAGS = ( + "-laks", + "-Wl,-upward-lcoretls", + "-Wl,-upward-lcoretls_cfhelpers", + ); + "OTHER_LDFLAGS[sdk=*simulator*]" = ( + "-Wl,-upward-lcoretls", + "-Wl,-upward-lcoretls_cfhelpers", + ); + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.${EXECUTABLE_NAME}"; + PRODUCT_NAME = Security; + STRIP_STYLE = debugging; + Sim_Name = ""; + "Sim_Name[sdk=embeddedsimulator*][arch=*]" = _sim; + }; + name = Release; }; - E7104A06169E038F00DB0045 /* libSecurityTool.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSecurityTool.a; - remoteRef = E7104A05169E038F00DB0045 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 792EFFDE0CBBF878007C00A0 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ENABLE_OBJC_ARC = YES; + CODE_SIGN_ENTITLEMENTS = SecurityTool/entitlements.plist; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + INSTALL_PATH = /usr/local/bin; + "INSTALL_PATH[sdk=macosx*]" = /usr/bin; + OTHER_LDFLAGS = ( + "-lsqlite3", + "-framework", + CFNetwork, + ); + "OTHER_LDFLAGS[sdk=embedded][arch=*]" = ( + "-lsqlite3", + "-framework", + CFNetwork, + "-framework", + IOKit, + "-framework", + MobileKeyBag, + "-laks", + "-lACM", + ); + PRODUCT_NAME = security; + STRIP_STYLE = debugging; + }; + name = Debug; }; - E7104A23169E21C000DB0045 /* libSecurityCommands.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSecurityCommands.a; - remoteRef = E7104A22169E21C000DB0045 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 792EFFDF0CBBF878007C00A0 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ENABLE_OBJC_ARC = YES; + CODE_SIGN_ENTITLEMENTS = SecurityTool/entitlements.plist; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + INSTALL_PATH = /usr/local/bin; + "INSTALL_PATH[sdk=macosx*]" = /usr/bin; + OTHER_LDFLAGS = ""; + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-lsqlite3", + "-framework", + CFNetwork, + "-framework", + IOKit, + "-framework", + MobileKeyBag, + "-laks", + "-lACM", + ); + "OTHER_LDFLAGS[sdk=embeddedsimulator*][arch=*]" = ( + "-lsqlite3", + "-framework", + CFNetwork, + ); + PRODUCT_NAME = security; + STRIP_STYLE = debugging; + }; + name = Release; }; - E710C708133192EA00F85568 /* libregressions.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libregressions.a; - remoteRef = E710C707133192EA00F85568 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 792EFFE00CBBF878007C00A0 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CODE_SIGN_ENTITLEMENTS = "sslViewer/sslViewer-entitlements.plist"; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_PREPROCESSOR_DEFINITIONS = ( + "$(inherited)", + "SEC_IOS_ON_OSX=1", + ); + INSTALL_PATH = /usr/local/bin; + PRODUCT_NAME = sslViewer; + SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; + }; + name = Debug; }; - E717A1481A7880440021E134 /* gk_reset_check */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = gk_reset_check; - remoteRef = E717A1471A7880440021E134 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 792EFFE10CBBF878007C00A0 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CODE_SIGN_ENTITLEMENTS = "sslViewer/sslViewer-entitlements.plist"; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_PREPROCESSOR_DEFINITIONS = ( + "$(inherited)", + "SEC_IOS_ON_OSX=1", + ); + INSTALL_PATH = /usr/local/bin; + PRODUCT_NAME = sslViewer; + SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; + }; + name = Release; }; - E76079DB1951FDBF00F69731 /* liblogging.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = liblogging.a; - remoteRef = E76079DA1951FDBF00F69731 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 792EFFE20CBBF878007C00A0 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CODE_SIGN_ENTITLEMENTS = OSX/sec/securityd/entitlements.plist; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = YES; + INSTALL_PATH = /usr/libexec; + LIBRARY_SEARCH_PATHS = "$(SDKROOT)/usr/local/lib"; + OTHER_LDFLAGS = ""; + "OTHER_LDFLAGS[sdk=embedded][arch=*]" = ( + "$(OTHER_LDFLAGS)", + "-framework", + MobileKeyBag, + "-laks", + "-lACM", + "-lImg4Decode", + "-lSystem", + ); + PRODUCT_NAME = securityd; + STRIP_STYLE = debugging; + }; + name = Debug; }; - E777C71515B63C0B004044A8 /* libSecOtrOSX.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSecOtrOSX.a; - remoteRef = E777C71415B63C0B004044A8 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 792EFFE30CBBF878007C00A0 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CODE_SIGN_ENTITLEMENTS = OSX/sec/securityd/entitlements.plist; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = YES; + INSTALL_PATH = /usr/libexec; + LIBRARY_SEARCH_PATHS = "$(SDKROOT)/usr/local/lib"; + OTHER_LDFLAGS = ""; + "OTHER_LDFLAGS[sdk=embedded][arch=*]" = ( + "$(OTHER_LDFLAGS)", + "-framework", + MobileKeyBag, + "-laks", + "-lACM", + "-lImg4Decode", + "-lSystem", + ); + PRODUCT_NAME = securityd; + STRIP_STYLE = debugging; + }; + name = Release; }; - E79D9CD5159BEA78000834EC /* libSecurityRegressions.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSecurityRegressions.a; - remoteRef = E79D9CD4159BEA78000834EC /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 792EFFE60CBBF878007C00A0 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = world; + }; + name = Debug; }; - E7E0D8FE158FAB3B002CA176 /* libutilitiesRegressions.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libutilitiesRegressions.a; - remoteRef = E7E0D8FD158FAB3B002CA176 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 792EFFE70CBBF878007C00A0 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = world; + }; + name = Release; }; - E7FEFB8F169E36B000E18152 /* libSOSCommands.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libSOSCommands.a; - remoteRef = E7FEFB8E169E36B000E18152 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 792EFFE80CBBF878007C00A0 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = EB2CA5561D2C30F700AB770F /* Security.xcconfig */; + buildSettings = { + APPLY_RULES_IN_COPY_FILES = YES; + CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED = YES; + CLANG_CXX_LANGUAGE_STANDARD = "c++14"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_STATIC_ANALYZER_MODE = shallow; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNREACHABLE_CODE = YES_AGGRESSIVE; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_IDENTITY = "-"; + COPY_PHASE_STRIP = NO; + DEAD_CODE_STRIPPING = YES; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_TREAT_IMPLICIT_FUNCTION_DECLARATIONS_AS_ERRORS = YES; + GCC_TREAT_WARNINGS_AS_ERRORS = YES; + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_MISSING_FIELD_INITIALIZERS = YES; + GCC_WARN_ABOUT_MISSING_NEWLINE = YES; + GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES; + GCC_WARN_CHECK_SWITCH_STATEMENTS = YES; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = YES; + GCC_WARN_HIDDEN_VIRTUAL_FUNCTIONS = YES; + GCC_WARN_INITIALIZER_NOT_FULLY_BRACKETED = YES; + GCC_WARN_MISSING_PARENTHESES = YES; + GCC_WARN_SHADOW = YES; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNKNOWN_PRAGMAS = YES; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_LABEL = YES; + GCC_WARN_UNUSED_VALUE = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + HEADERMAP_INCLUDES_FRAMEWORK_ENTRIES_FOR_ALL_PRODUCT_TYPES = NO; + INSTALL_DAEMON_AGENT_DIR = "$(SYSTEM_LIBRARY_DIR)/LaunchDaemons"; + "INSTALL_DAEMON_AGENT_DIR[sdk=macosx*]" = "$(SYSTEM_LIBRARY_DIR)/LaunchAgents"; + ONLY_ACTIVE_ARCH = YES; + OTHER_CFLAGS = ( + "-fconstant-cfstrings", + "-fno-inline", + ); + RUN_CLANG_STATIC_ANALYZER = YES; + SDKROOT = macosx.internal; + SECURITY_FRAMEWORK_RESOURCES_DIR = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/"; + "SECURITY_FRAMEWORK_RESOURCES_DIR[sdk=macosx*]" = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/A/Resources"; + STRIP_INSTALLED_PRODUCT = NO; + SUPPORTED_PLATFORMS = "iphonesimulator iphoneos watchos macosx appletvos appletvsimulator watchsimulator"; + Sim_Name = ""; + "Sim_Name[sdk=embeddedsimulator*][arch=*]" = _sim; + TARGETED_DEVICE_FAMILY = "1,2"; + WARNING_CFLAGS = ( + "-Wall", + "-Wextra", + "-Wno-unused-parameter", + "-Wno-missing-field-initializers", + "-Wno-error=deprecated-declarations", + "-Wno-error=implicit-retain-self", + "-Wno-error=#warnings", + ); + }; + name = Debug; }; - EBB697131BE20C7600715F16 /* secbackupntest */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = secbackupntest; - remoteRef = EBB697121BE20C7600715F16 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; + 792EFFE90CBBF878007C00A0 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = EB2CA5561D2C30F700AB770F /* Security.xcconfig */; + buildSettings = { + APPLY_RULES_IN_COPY_FILES = YES; + CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED = YES; + CLANG_CXX_LANGUAGE_STANDARD = "c++14"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_STATIC_ANALYZER_MODE = shallow; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNREACHABLE_CODE = YES_AGGRESSIVE; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_IDENTITY = "-"; + COPY_PHASE_STRIP = YES; + DEAD_CODE_STRIPPING = YES; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = s; + GCC_PREPROCESSOR_DEFINITIONS = ( + "NDEBUG=1", + "$(inherited)", + ); + GCC_TREAT_IMPLICIT_FUNCTION_DECLARATIONS_AS_ERRORS = YES; + GCC_TREAT_WARNINGS_AS_ERRORS = NO; + GCC_WARN_64_TO_32_BIT_CONVERSION = YES; + GCC_WARN_ABOUT_MISSING_FIELD_INITIALIZERS = YES; + GCC_WARN_ABOUT_MISSING_NEWLINE = YES; + GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES; + GCC_WARN_CHECK_SWITCH_STATEMENTS = YES; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = YES; + GCC_WARN_HIDDEN_VIRTUAL_FUNCTIONS = YES; + GCC_WARN_INITIALIZER_NOT_FULLY_BRACKETED = YES; + GCC_WARN_MISSING_PARENTHESES = YES; + GCC_WARN_SHADOW = YES; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNKNOWN_PRAGMAS = YES; + GCC_WARN_UNUSED_FUNCTION = YES; + GCC_WARN_UNUSED_LABEL = YES; + GCC_WARN_UNUSED_VALUE = YES; + GCC_WARN_UNUSED_VARIABLE = YES; + HEADERMAP_INCLUDES_FRAMEWORK_ENTRIES_FOR_ALL_PRODUCT_TYPES = NO; + INSTALL_DAEMON_AGENT_DIR = "$(SYSTEM_LIBRARY_DIR)/LaunchDaemons"; + "INSTALL_DAEMON_AGENT_DIR[sdk=macosx*]" = "$(SYSTEM_LIBRARY_DIR)/LaunchAgents"; + OTHER_CFLAGS = "-fconstant-cfstrings"; + RUN_CLANG_STATIC_ANALYZER = YES; + SDKROOT = macosx.internal; + SECURITY_FRAMEWORK_RESOURCES_DIR = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/"; + "SECURITY_FRAMEWORK_RESOURCES_DIR[sdk=macosx*]" = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/A/Resources"; + SUPPORTED_PLATFORMS = "iphonesimulator iphoneos watchos macosx appletvos appletvsimulator watchsimulator"; + Sim_Name = ""; + "Sim_Name[sdk=embeddedsimulator*][arch=*]" = _sim; + TARGETED_DEVICE_FAMILY = "1,2"; + WARNING_CFLAGS = ( + "-Wall", + "-Wextra", + "-Wno-unused-parameter", + "-Wno-missing-field-initializers", + "-Wno-error=deprecated-declarations", + "-Wno-error=implicit-retain-self", + "-Wno-error=#warnings", + ); + }; + name = Release; }; -/* End PBXReferenceProxy section */ - -/* Begin PBXResourcesBuildPhase section */ - 4381690A1B4EDCBD00C54D58 /* Resources */ = { - isa = PBXResourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; + BE197F4619116FD100BA91D1 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + ASSETCATALOG_COMPILER_LAUNCHIMAGE_NAME = LaunchImage; + AXLE_ENABLE_DEBUG_INFO = YES; + CLANG_ALLOW_NON_MODULAR_INCLUDES_IN_FRAMEWORK_MODULES = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_ASSIGN_ENUM = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = "$(TARGET_NAME)/entitlements.plist"; + "CODE_SIGN_IDENTITY[sdk=embedded*]" = "-"; + COMBINE_HIDPI_IMAGES = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_PRECOMPILE_PREFIX_HEADER = YES; + GCC_PREFIX_HEADER = "$(TARGET_NAME)/$(TARGET_NAME)-Prefix.pch"; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_SYMBOLS_PRIVATE_EXTERN = NO; + GCC_WARN_ABOUT_MISSING_NEWLINE = NO; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INFOPLIST_FILE = "$(TARGET_NAME)/$(TARGET_NAME)-Info.plist"; + "INSTALL_PATH[sdk=embedded*]" = "$(LOCAL_APPS_DIR)"; + LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks"; + ONLY_ACTIVE_ARCH = YES; + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.${PRODUCT_NAME:rfc1034identifier}"; + PRODUCT_NAME = "$(TARGET_NAME)"; + VALIDATE_PRODUCT = NO; + }; + name = Debug; }; - 4C32C0AB0A4975F6002891BD /* Resources */ = { - isa = PBXResourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 53C0E1FF177FB48A00F8A018 /* CloudKeychain.strings in Resources */, - 486326301CAA0BF400A466D9 /* com.apple.securityd.plist in Resources */, - BE4AC9BA18B8273600B84964 /* SharedWebCredentials.strings in Resources */, - EB433A2E1CC325E900A7EACE /* secitemstresstest.entitlements in Resources */, - 4C198F220ACDB4BF00AAB142 /* Certificate.strings in Resources */, - 4C198F230ACDB4BF00AAB142 /* OID.strings in Resources */, - ); - runOnlyForDeploymentPostprocessing = 0; + BE197F4719116FD100BA91D1 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + ASSETCATALOG_COMPILER_LAUNCHIMAGE_NAME = LaunchImage; + AXLE_ENABLE_DEBUG_INFO = NO; + CLANG_ALLOW_NON_MODULAR_INCLUDES_IN_FRAMEWORK_MODULES = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_ASSIGN_ENUM = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = "$(TARGET_NAME)/entitlements.plist"; + "CODE_SIGN_IDENTITY[sdk=embedded*]" = "-"; + COMBINE_HIDPI_IMAGES = YES; + ENABLE_NS_ASSERTIONS = NO; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_PRECOMPILE_PREFIX_HEADER = YES; + GCC_PREFIX_HEADER = "$(TARGET_NAME)/$(TARGET_NAME)-Prefix.pch"; + GCC_WARN_ABOUT_MISSING_NEWLINE = NO; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INFOPLIST_FILE = "$(TARGET_NAME)/$(TARGET_NAME)-Info.plist"; + "INSTALL_PATH[sdk=embedded*]" = "$(LOCAL_APPS_DIR)"; + LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks"; + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.${PRODUCT_NAME:rfc1034identifier}"; + PRODUCT_NAME = "$(TARGET_NAME)"; + VALIDATE_PRODUCT = NO; + }; + name = Release; }; - 4C711D7213AFCD0900FE865D /* Resources */ = { - isa = PBXResourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 52A23EDD161DEC3F00E271E0 /* Default-568h@2x.png in Resources */, - D4D886E91CEBDD2A00DC7583 /* nist-certs in Resources */, - D4D886BF1CEB9F3B00DC7583 /* ssl-policy-certs in Resources */, - D4EC94FB1CEA482D0083E753 /* si-20-sectrust-policies-data in Resources */, - 0C0C88781CCEC5C400617D1B /* si-82-sectrust-ct-data in Resources */, - ); - runOnlyForDeploymentPostprocessing = 0; + BE442BBF18B7FDB800F24DAE /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CODE_SIGN_ENTITLEMENTS = "OSX/sec/SharedWebCredential/swcagent-entitlements.plist"; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = YES; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/"; + OTHER_LDFLAGS = ""; + "OTHER_LDFLAGS[sdk=embedded*][arch=*]" = ( + "$(OTHER_LDFLAGS)", + "-framework", + SpringBoardServices, + ); + PRODUCT_NAME = swcagent; + }; + name = Debug; }; - 52DE81671636347500F49F0C /* Resources */ = { - isa = PBXResourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 52DE817B1636347600F49F0C /* Default.png in Resources */, - 52DE817D1636347600F49F0C /* Default@2x.png in Resources */, - 52DE817F1636347600F49F0C /* Default-568h@2x.png in Resources */, - 52DE818A1636347600F49F0C /* first.png in Resources */, - 52DE818C1636347600F49F0C /* first@2x.png in Resources */, - 52DE81911636347600F49F0C /* second.png in Resources */, - 52DE81931636347600F49F0C /* second@2x.png in Resources */, - 52704B7E1638F4EB007FEBB0 /* KeychainKeys.png in Resources */, - 52704B881639193F007FEBB0 /* Keychain-Entitlements.plist in Resources */, - 527435AC16A9E6DB001A96FF /* Keychain_114x114.png in Resources */, - 527435AE16A9E6E5001A96FF /* Keychain_72x72.png in Resources */, - 527435B016A9E6EA001A96FF /* Keychain_144x144.png in Resources */, - 5262A64216AA01910038AFC1 /* Keychain_57x57.png in Resources */, - ); - runOnlyForDeploymentPostprocessing = 0; + BE442BC018B7FDB800F24DAE /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CODE_SIGN_ENTITLEMENTS = "OSX/sec/SharedWebCredential/swcagent-entitlements.plist"; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = YES; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/"; + OTHER_LDFLAGS = ""; + "OTHER_LDFLAGS[sdk=embedded*][arch=*]" = ( + "$(OTHER_LDFLAGS)", + "-framework", + SpringBoardServices, + ); + PRODUCT_NAME = swcagent; + }; + name = Release; }; - 534647FF17331E1100FE9172 /* Resources */ = { - isa = PBXResourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 5346480817331E1200FE9172 /* InfoPlist.strings in Resources */, - ); - runOnlyForDeploymentPostprocessing = 0; + CD276C2D1A83F60C003226BC /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DCE4E82B1D7A54D300AFB96E /* ios_on_macos.xcconfig */; + buildSettings = { + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = KeychainSyncingOverIDSProxy/keychainsyncingoveridsproxy.entitlements.plist; + COMBINE_HIDPI_IMAGES = YES; + COPY_PHASE_STRIP = NO; + "DEBUG_INFORMATION_FORMAT[sdk=macosx*]" = "dwarf-with-dsym"; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_SYMBOLS_PRIVATE_EXTERN = NO; + GCC_WARN_UNINITIALIZED_AUTOS = YES; + HEADER_SEARCH_PATHS = ( + "$(inherited)", + "$(PROJECT_DIR)/OSX/sec/SOSCircle/CKBridge", + ); + INFOPLIST_FILE = "KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy-Info.plist"; + INSTALL_PATH = "$(SECURITY_FRAMEWORK_RESOURCES_DIR)"; + MACH_O_TYPE = mh_execute; + ONLY_ACTIVE_ARCH = YES; + OTHER_LDFLAGS = ( + "-laks", + "-ObjC", + ); + "OTHER_LDFLAGS[sdk=embeddedsimulator*]" = "-ObjC"; + PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.keychainsyncingoveridsproxy; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = NO; + STRIP_INSTALLED_PRODUCT = NO; + STRIP_STYLE = all; + WRAPPER_EXTENSION = bundle; + }; + name = Debug; }; - 5E10992319A5E55800A60E2B /* Resources */ = { - isa = PBXResourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 5E10995119A5E5CE00A60E2B /* ISProtectedItems.plist in Resources */, - ); - runOnlyForDeploymentPostprocessing = 0; + CD276C2E1A83F60C003226BC /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DCE4E82B1D7A54D300AFB96E /* ios_on_macos.xcconfig */; + buildSettings = { + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = KeychainSyncingOverIDSProxy/keychainsyncingoveridsproxy.entitlements.plist; + COMBINE_HIDPI_IMAGES = YES; + COPY_PHASE_STRIP = NO; + "DEBUG_INFORMATION_FORMAT[sdk=macosx*]" = "dwarf-with-dsym"; + GCC_C_LANGUAGE_STANDARD = gnu99; + HEADER_SEARCH_PATHS = ( + "$(inherited)", + "$(PROJECT_DIR)/OSX/sec/SOSCircle/CKBridge", + ); + INFOPLIST_FILE = "KeychainSyncingOverIDSProxy/KeychainSyncingOverIDSProxy-Info.plist"; + INSTALL_PATH = "$(SECURITY_FRAMEWORK_RESOURCES_DIR)"; + MACH_O_TYPE = mh_execute; + OTHER_LDFLAGS = ( + "-laks", + "-ObjC", + ); + "OTHER_LDFLAGS[sdk=embeddedsimulator*]" = "-ObjC"; + PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.keychainsyncingoveridsproxy; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = NO; + STRIP_STYLE = all; + VALIDATE_PRODUCT = YES; + WRAPPER_EXTENSION = bundle; + }; + name = Release; }; - BE197F2419116FD100BA91D1 /* Resources */ = { - isa = PBXResourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - BE197F61191173F200BA91D1 /* entitlements.plist in Resources */, - BE197F2C19116FD100BA91D1 /* InfoPlist.strings in Resources */, - ); - runOnlyForDeploymentPostprocessing = 0; + D41AD42F1B967169008C7270 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - E710C7401331946400F85568 /* Resources */ = { - isa = PBXResourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 52A23EDC161DEC3800E271E0 /* Default-568h@2x.png in Resources */, - D4D886EA1CEBDE0800DC7583 /* nist-certs in Resources */, - D4D886C01CEB9F7200DC7583 /* ssl-policy-certs in Resources */, - D4EC94FE1CEA48760083E753 /* si-20-sectrust-policies-data in Resources */, - 0C0C88791CCEC5C500617D1B /* si-82-sectrust-ct-data in Resources */, - ); - runOnlyForDeploymentPostprocessing = 0; + D41AD4301B967169008C7270 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - E7B01BE3166594AB000485F1 /* Resources */ = { - isa = PBXResourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - E7B01BE4166594AB000485F1 /* Default.png in Resources */, - E7B01BE5166594AB000485F1 /* Default@2x.png in Resources */, - E7B01BE6166594AB000485F1 /* Default-568h@2x.png in Resources */, - E7B01BE9166594AB000485F1 /* first.png in Resources */, - E7B01BEA166594AB000485F1 /* first@2x.png in Resources */, - E7B01BEB166594AB000485F1 /* second.png in Resources */, - E7B01BEC166594AB000485F1 /* second@2x.png in Resources */, - E7B01BED166594AB000485F1 /* KeychainKeys.png in Resources */, - E7B01BEE166594AB000485F1 /* Keychain-Entitlements.plist in Resources */, - ); - runOnlyForDeploymentPostprocessing = 0; + D41AD4331B96717A008C7270 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - E7D847C31C6BE9710025BB44 /* Resources */ = { - isa = PBXResourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; + D41AD4341B96717A008C7270 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - E7D847CC1C6BE9720025BB44 /* Resources */ = { - isa = PBXResourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - runOnlyForDeploymentPostprocessing = 0; + DC0067BE1D87876F005AF8DB /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_SYMBOLS_PRIVATE_EXTERN = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = securityd_server; + SKIP_INSTALL = NO; + }; + name = Debug; }; -/* End PBXResourcesBuildPhase section */ - -/* Begin PBXShellScriptBuildPhase section */ - 22C002A21AC9D2D100B3469E /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 8; - files = ( - ); - inputPaths = ( - ); - outputPaths = ( - ); - runOnlyForDeploymentPostprocessing = 1; - shellPath = /bin/sh; - shellScript = "if [ -n \"${OTAPKIASSETTOOL_LAUNCHD_PLIST}\" ]; then\n mkdir -p \"$LAUNCHD_PLIST_INSTALL_DIR\"\n plutil -convert binary1 -o \"$LAUNCHD_PLIST_INSTALL_DIR/com.apple.OTAPKIAssetTool.plist\" \"$OTAPKIASSETTOOL_LAUNCHD_PLIST\"\nfi"; - showEnvVarsInLog = 0; + DC0067BF1D87876F005AF8DB /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_SYMBOLS_PRIVATE_EXTERN = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = securityd_server; + SKIP_INSTALL = NO; + }; + name = Release; }; - 5EE098DE1CD21661009FCA27 /* Unifdef RC_HIDE_J79/J80 */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - ); - name = "Unifdef RC_HIDE_J79/J80"; - outputPaths = ( - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "if [ -d $DSTROOT ]; then\n RC_HIDE_J79_VAL=0\n RC_HIDE_J80_VAL=0\n SEC_HDRS_PATH=\"System/Library/Frameworks/Security.framework/Headers\"\n\n if [ ! -z $RC_HIDE_J79 ]; then\n RC_HIDE_J79_VAL=1\n fi\n\n if [ ! -z $RC_HIDE_J80 ]; then\n RC_HIDE_J80_VAL=1\n fi\n\n if [ -a $DSTROOT/$SEC_HDRS_PATH/SecAccessControl.h ]; then\n unifdef -B -DRC_HIDE_J79=$RC_HIDE_J79_VAL -DRC_HIDE_J80=$RC_HIDE_J80_VAL -o $DSTROOT/$SEC_HDRS_PATH/SecAccessControl.h $DSTROOT/$SEC_HDRS_PATH/SecAccessControl.h\n if [$? eq 2]; then\n exit 2\n fi\n fi\n\n if [ -a $DSTROOT/$SEC_HDRS_PATH/SecItem.h ]; then\n unifdef -B -DRC_HIDE_J79=$RC_HIDE_J79_VAL -DRC_HIDE_J80=$RC_HIDE_J80_VAL -o $DSTROOT/$SEC_HDRS_PATH/SecItem.h $DSTROOT/$SEC_HDRS_PATH/SecItem.h\n if [$? eq 2]; then\n exit 2\n fi\n fi\n\n exit 0\nfi"; - showEnvVarsInLog = 0; + DC0067CE1D878898005AF8DB /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_SYMBOLS_PRIVATE_EXTERN = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = YES; + }; + name = Debug; }; - 8E64DAF81C17BA620076C9DF /* Install launchd plist */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 8; - files = ( - ); - inputPaths = ( - "$(PROJECT_DIR)/IDSKeychainSyncingProxy/com.apple.security.idskeychainsyncingproxy.ios.plist", - "$(PROJECT_DIR)/IDSKeychainSyncingProxy/com.apple.security.idskeychainsyncingproxy.osx.plist", - ); - name = "Install launchd plist"; - outputPaths = ( - "$(INSTALL_ROOT)/$(INSTALL_DAEMON_AGENT_DIR)/com.apple.security.idskeychainsyncingproxy.plist", - ); - runOnlyForDeploymentPostprocessing = 1; - shellPath = /bin/sh; - shellScript = "PLIST_FILE_NAME=com.apple.security.idskeychainsyncingproxy\nFILE_TO_COPY=${PROJECT_DIR}/IDSKeychainSyncingProxy/${PLIST_FILE_NAME}.ios.plist\n\nif [ ${PLATFORM_NAME} = \"macosx\" ]\nthen\n FILE_TO_COPY=${PROJECT_DIR}/IDSKeychainSyncingProxy/${PLIST_FILE_NAME}.osx.plist\nfi\n\ncp ${FILE_TO_COPY} ${INSTALL_ROOT}/${INSTALL_DAEMON_AGENT_DIR}/${PLIST_FILE_NAME}.plist"; + DC0067CF1D878898005AF8DB /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_SYMBOLS_PRIVATE_EXTERN = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = YES; + }; + name = Release; }; - 8E64DB4E1C18A5B80076C9DF /* Install launchd plist */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 8; - files = ( - ); - inputPaths = ( - "$(PROJECT_DIR)/KVSKeychainSyncingProxy/com.apple.security.cloudkeychainproxy.ios.plist", - "$(PROJECT_DIR)/KVSKeychainSyncingProxy/com.apple.security.cloudkeychainproxy.osx.plist", - ); - name = "Install launchd plist"; - outputPaths = ( - "$(INSTALL_ROOT)/$(INSTALL_DAEMON_AGENT_DIR)/com.apple.security.cloudkeychainproxy3.plist", - ); - runOnlyForDeploymentPostprocessing = 1; - shellPath = /bin/sh; - shellScript = "PLIST_FILE_NAME=com.apple.security.cloudkeychainproxy3\nFILE_TO_COPY=${PROJECT_DIR}/KVSKeychainSyncingProxy/${PLIST_FILE_NAME}.ios.plist\n\nif [ ${PLATFORM_NAME} = \"macosx\" ]\nthen\nFILE_TO_COPY=${PROJECT_DIR}/KVSKeychainSyncingProxy/${PLIST_FILE_NAME}.osx.plist\nfi\n\ncp ${FILE_TO_COPY} ${INSTALL_ROOT}/${INSTALL_DAEMON_AGENT_DIR}/${PLIST_FILE_NAME}.plist"; + DC008B461D90CE53004002A3 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - E7E0C6D11C90E87D00E69A21 /* chmod BATS Tests */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 8; - files = ( - ); - inputPaths = ( - "", - ); - name = "chmod BATS Tests"; - outputPaths = ( - ); - runOnlyForDeploymentPostprocessing = 1; - shellPath = /bin/sh; - shellScript = "chown root:wheel ${DSTROOT}/AppleInternal/CoreOS/BATS/unit_tests/*.plist"; - showEnvVarsInLog = 0; + DC008B471D90CE53004002A3 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - EBC15E801BE29A8C001C0C5B /* Chown BATS plist */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 8; - files = ( - ); - inputPaths = ( - ); - name = "Chown BATS plist"; - outputPaths = ( - ); - runOnlyForDeploymentPostprocessing = 1; - shellPath = /bin/sh; - shellScript = "chown root:wheel ${DSTROOT}/AppleInternal/CoreOS/BATS/unit_tests/*.plist"; - showEnvVarsInLog = 0; + DC0BC55E1D8B6D2E00070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO; + GCC_WARN_SHADOW = NO; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GENERATE_PKGINFO_FILE = YES; + INFOPLIST_FILE = "OSX/libsecurity_keychain/xpc/XPCKeychainSandboxCheck-Info.plist"; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/${FRAMEWORK_VERSION}/XPCServices"; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.XPCKeychainSandboxCheck; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = NO; + SUPPORTED_PLATFORMS = macosx; + }; + name = Debug; }; - EBDED8FB1C2108BE00E5ECDB /* Copy Security features header */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - ); - name = "Copy Security features header"; - outputPaths = ( - "$(BUILT_PRODUCTS_DIR)/include/Security/SecurityFeatures.h", - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "sh ${PROJECT_DIR}/SecurityFeatures/CopyHeaders.sh iOS"; + DC0BC55F1D8B6D2E00070CB0 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO; + GCC_WARN_SHADOW = NO; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GENERATE_PKGINFO_FILE = YES; + INFOPLIST_FILE = "OSX/libsecurity_keychain/xpc/XPCKeychainSandboxCheck-Info.plist"; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/${FRAMEWORK_VERSION}/XPCServices"; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.XPCKeychainSandboxCheck; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = NO; + SUPPORTED_PLATFORMS = macosx; + }; + name = Release; }; -/* End PBXShellScriptBuildPhase section */ - -/* Begin PBXSourcesBuildPhase section */ - 0C0BDB2B175685B000BC1A7E /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 0C0BDB32175685B000BC1A7E /* main.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC56A1D8B6E3D00070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = NO; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO; + GCC_WARN_SHADOW = NO; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GENERATE_PKGINFO_FILE = YES; + INFOPLIST_FILE = "OSX/libsecurity_keychain/xpc-tsa/XPCTimeStampingService-Info.plist"; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/${FRAMEWORK_VERSION}/XPCServices"; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.XPCTimeStampingService; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - 0C2BCBAD1D06401F00ED7A2F /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 0C2BCBBA1D06403B00ED7A2F /* dtlsEchoClient.c in Sources */, - 0C2BCBAF1D06401F00ED7A2F /* ioSock.c in Sources */, - 0C2BCBB01D06401F00ED7A2F /* sslAppUtils.cpp in Sources */, - 0C2BCBB11D06401F00ED7A2F /* print_cert.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC56B1D8B6E3D00070CB0 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = NO; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO; + GCC_WARN_SHADOW = NO; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GENERATE_PKGINFO_FILE = YES; + INFOPLIST_FILE = "OSX/libsecurity_keychain/xpc-tsa/XPCTimeStampingService-Info.plist"; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/${FRAMEWORK_VERSION}/XPCServices"; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.XPCTimeStampingService; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; + }; + DC0BC58A1D8B70E700070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + GCC_SYMBOLS_PRIVATE_EXTERN = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = NO; + }; + name = Debug; }; - 0C2BCBC21D0648D100ED7A2F /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 0C2BCBCF1D0648EF00ED7A2F /* dtlsEchoServer.c in Sources */, - 0C2BCBC41D0648D100ED7A2F /* ioSock.c in Sources */, - 0C2BCBC51D0648D100ED7A2F /* sslAppUtils.cpp in Sources */, - 0C2BCBC61D0648D100ED7A2F /* print_cert.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC58B1D8B70E700070CB0 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + GCC_SYMBOLS_PRIVATE_EXTERN = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = NO; + }; + name = Release; }; - 438169081B4EDCBD00C54D58 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 438169E31B4EDEE200C54D58 /* SOSCCAuthPlugin.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC5B51D8B71FD00070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - 4C32C0AC0A4975F6002891BD /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 18F7F67914D77F4400F88A12 /* NtlmGenerator.c in Sources */, - 18F7F67A14D77F4400F88A12 /* ntlmBlobPriv.c in Sources */, - 18F7F67C14D77F5000F88A12 /* SecTask.c in Sources */, - E7B00700170B581D00B27966 /* Security.exp-in in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC5B61D8B71FD00070CB0 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - 4C52D0B016EFC61E0079966E /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4C3DD6B0179755560093F9D8 /* NSDate+TimeIntervalDescription.m in Sources */, - 4C52D0E816EFCCA30079966E /* NSArray+map.m in Sources */, - 4C52D0E716EFCCA20079966E /* Applicant.m in Sources */, - 4CC3D29D178F698D0070FCC4 /* PersistentState.m in Sources */, - 4C52D0BA16EFC61E0079966E /* CircleJoinRequested.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC5CB1D8B72E700070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - 4C711D6313AFCD0900FE865D /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4CC92B1D15A3BF2F00C6D578 /* testmain.c in Sources */, - 0C78F1CD16A5E1BF00654E08 /* sectask-10-sectask.c in Sources */, - 0C78F1CF16A5E1BF00654E08 /* sectask_ipc.defs in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC5CC1D8B72E700070CB0 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - 4C9DE9CF1181AC4800CF5C27 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4C9DE9E31181AC8300CF5C27 /* sslEcdsa.cpp in Sources */, - 4C9DEAAD1181B39300CF5C27 /* ioSock.c in Sources */, - 4C9DEAB11181B39800CF5C27 /* sslAppUtils.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC5DF1D8B73B000070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - 4CB740A00A47567C00D641BB /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - E7104A0C169E171900DB0045 /* security_tool_commands.c in Sources */, - E78A9ADA1D34959200006B5B /* NSFileHandle+Formatting.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC5E01D8B73B000070CB0 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - 4CE5A54A09C796E100D27A3F /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4CE5A55B09C7970A00D27A3F /* SSLViewer.c in Sources */, - 4CE5A66009C79E0600D27A3F /* ioSock.c in Sources */, - 4CE5A66109C79E0600D27A3F /* sslAppUtils.cpp in Sources */, - EBD8495B1B24BEA000C5FD1E /* print_cert.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC5E71D8B742200070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - 52D82BDA16A621F70078DFE5 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - E7A5F4D21C0CFF7900F3BEBB /* CKDKVSProxy.m in Sources */, - E7B945B31CFE5EBD0027F31D /* CKDSecuritydAccount.m in Sources */, - E7A5F4D41C0CFF7900F3BEBB /* CKDPersistentState.m in Sources */, - E7A5F4D51C0CFF7900F3BEBB /* cloudkeychainproxy.m in Sources */, - E7A5F4D81C0D01B000F3BEBB /* SOSCloudKeychainConstants.c in Sources */, - E722E9121CE92DFC005AD94B /* CKDKVSStore.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC5E81D8B742200070CB0 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - 52DE81651636347500F49F0C /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 52DE81751636347500F49F0C /* main.m in Sources */, - 52DE81791636347600F49F0C /* AppDelegate.m in Sources */, - 52DE81881636347600F49F0C /* FirstViewController.m in Sources */, - 52DE818F1636347600F49F0C /* ToolsViewController.m in Sources */, - 52DE819C163636B900F49F0C /* KCATableViewController.m in Sources */, - 0CD72A5D16D5769A00A4B8A3 /* utilities.c in Sources */, - 52DE819F16363C1A00F49F0C /* KeychainItemCell.m in Sources */, - 5264FB4E163674B50005D258 /* MyKeychain.m in Sources */, - 52CD69FB16384C2000961848 /* KCAItemDetailViewController.m in Sources */, - 52704B811638F610007FEBB0 /* NewPasswordViewController.m in Sources */, - 52704B84163905EE007FEBB0 /* EditItemViewController.m in Sources */, - 52F63A201659F04E0076D2DE /* DeviceViewController.m in Sources */, - 529990541661BA2600C297A2 /* DeviceTableViewController.m in Sources */, - 529990571661BADF00C297A2 /* DeviceItemCell.m in Sources */, - E75112EB166EFBF0008C578B /* PeerListCell.m in Sources */, - 5208F4BD1670027400A49DDA /* SyncViewController.m in Sources */, - 5208F4CF16702D8800A49DDA /* CircleStatusView.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC5FD1D8B752B00070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_PREPROCESSOR_DEFINITIONS = ( + CK_SECURITY_BUILD, + "$(inherited)", + ); + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - 534647FD17331E1100FE9172 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 5346481E173322BD00FE9172 /* KeychainSyncAccountNotification.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC5FE1D8B752B00070CB0 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_PREPROCESSOR_DEFINITIONS = ( + CK_SECURITY_BUILD, + "$(inherited)", + ); + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - 5E10992119A5E55800A60E2B /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 5E10995219A5E5CE00A60E2B /* ISProtectedItemsController.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC74A1D8B771600070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + HEADER_SEARCH_PATHS = ( + "$(inherited)", + "$(BUILT_PRODUCTS_DIR)", + ); + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - 5EBE24761B00CCAE0007DB0E /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 5EBE247D1B00CCAE0007DB0E /* main.c in Sources */, - 5E4E05A41B0CA0FD001C4A31 /* sec_acl_stress.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC74B1D8B771600070CB0 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + HEADER_SEARCH_PATHS = ( + "$(inherited)", + "$(BUILT_PRODUCTS_DIR)", + ); + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - 728B569D16D59979008FA3AB /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 72CD2BBE16D59AE30064EEE1 /* OTAServiceApp.m in Sources */, - 72CD2BBF16D59AE30064EEE1 /* OTAServicemain.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC89D1D8B7CBD00070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - 790851B30CA9859F0083CC4D /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 790851D40CA9B19D0083CC4D /* server.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC89E1D8B7CBD00070CB0 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - 7913B2000D172B3900601FE9 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 7913B2020D172B3900601FE9 /* ioSock.c in Sources */, - 7913B2030D172B3900601FE9 /* sslAppUtils.cpp in Sources */, - 7913B2050D172B3900601FE9 /* sslServer.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC8D11D8B7DA200070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_WARN_64_TO_32_BIT_CONVERSION = NO; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - BE197F2219116FD100BA91D1 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - BE197F5E191173A800BA91D1 /* SWCViewController.m in Sources */, - BE197F3219116FD100BA91D1 /* SWCAppDelegate.m in Sources */, - BE197F2E19116FD100BA91D1 /* main.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC8D21D8B7DA200070CB0 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_WARN_64_TO_32_BIT_CONVERSION = NO; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - BE442BAB18B7FDB800F24DAE /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - BE4AC9A218B7FFAD00B84964 /* swcagent.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC8FE1D8B7E8000070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - CD276C231A83F60C003226BC /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - E7A5F5541C0D03B400F3BEBB /* IDSProxy.m in Sources */, - E7A5F5531C0D03B400F3BEBB /* IDSPersistentState.m in Sources */, - E7A5F5581C0D03DB00F3BEBB /* idskeychainsyncingproxy.m in Sources */, - 0C6E38FB1C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxySendMessage.m in Sources */, - E7A5F5591C0D052600F3BEBB /* SOSCloudKeychainConstants.c in Sources */, - 0C6E38FA1C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxyReceiveMessage.m in Sources */, - 0C6E38FC1C741BD1005D8827 /* IDSKeychainSyncingProxy+IDSProxyThrottle.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC8FF1D8B7E8000070CB0 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - E710C73E1331946400F85568 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 4CC92B1C15A3BF2F00C6D578 /* testmain.c in Sources */, - 0C78F1CC16A5E1BF00654E08 /* sectask-10-sectask.c in Sources */, - 0C78F1CE16A5E1BF00654E08 /* sectask_ipc.defs in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC9331D8B7F6A00070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_SYMBOLS_PRIVATE_EXTERN = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = NO; + }; + name = Debug; }; - E7B01BC2166594AB000485F1 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - E7B01BC3166594AB000485F1 /* main.m in Sources */, - E7B01BC4166594AB000485F1 /* AppDelegate.m in Sources */, - E7B01BC5166594AB000485F1 /* FirstViewController.m in Sources */, - E7B01BC6166594AB000485F1 /* ToolsViewController.m in Sources */, - E7B01BC8166594AB000485F1 /* KCATableViewController.m in Sources */, - E7B01BC9166594AB000485F1 /* KeychainItemCell.m in Sources */, - E7B01BCA166594AB000485F1 /* MyKeychain.m in Sources */, - E7B01BCB166594AB000485F1 /* KCAItemDetailViewController.m in Sources */, - E7B01BCC166594AB000485F1 /* NewPasswordViewController.m in Sources */, - E7B01BCD166594AB000485F1 /* EditItemViewController.m in Sources */, - E7B01BCE166594AB000485F1 /* DeviceViewController.m in Sources */, - E7B01BCF166594AB000485F1 /* DeviceTableViewController.m in Sources */, - E7B01BD0166594AB000485F1 /* DeviceItemCell.m in Sources */, - E75112FA166F020E008C578B /* PeerListCell.m in Sources */, - 5208F4BE1670027400A49DDA /* SyncViewController.m in Sources */, - 5208F4D016702D8800A49DDA /* CircleStatusView.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC9341D8B7F6A00070CB0 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_SYMBOLS_PRIVATE_EXTERN = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = NO; + }; + name = Release; }; - E7D847C01C6BE9710025BB44 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - E7F480151C73980D00390FDB /* KCJoiningRequestSession.m in Sources */, - E7F480331C73FC4C00390FDB /* KCAESGCMDuplexSession.m in Sources */, - E794BB001C7598F900339A0F /* KCJoiningMessages.m in Sources */, - E794BA6F1C7424D800339A0F /* KCDer.m in Sources */, - E7E3EFBA1CBC192A00E79A5D /* KCAccountKCCircleDelegate.m in Sources */, - E7F482AC1C7558F700390FDB /* KCJoiningAcceptSession.m in Sources */, - E71454F01C741E0800B5B20B /* KCError.m in Sources */, - E772FD471CC15EFA00D63E41 /* NSData+SecRandom.m in Sources */, - E7F482AA1C7554FB00390FDB /* NSError+KCCreationHelpers.m in Sources */, - E75C0E831C6FC31D00E6953B /* KCSRPContext.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC96B1D8B810A00070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - E7D847CA1C6BE9720025BB44 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - E7F4809C1C74E85200390FDB /* KCDerTest.m in Sources */, - E7F482701C74FDD100390FDB /* KCJoiningSessionTest.m in Sources */, - E7D848051C6BEFCD0025BB44 /* KCSRPTests.m in Sources */, - E7F4809E1C74E86D00390FDB /* KCAESGCMTest.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC96C1D8B810A00070CB0 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - EB0BC9371C3C791500785842 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - EB0BC9671C3C798600785842 /* secedumodetest.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC99F1D8B81BE00070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - EB425C9F1C65846D000ECE53 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - EB425CCF1C658554000ECE53 /* secbackuptest.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC9A01D8B81BE00070CB0 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - EB433A211CC3243600A7EACE /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - EB433A291CC3244C00A7EACE /* secitemstresstest.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC9CD1D8B824700070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56FB1DCA8F4900E18518 /* all_arches.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_ENUM_CONVERSION = NO; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = YES; + WARNING_CFLAGS = ( + "$(inherited)", + "-Wno-sign-compare", + "-Wno-four-char-constants", + ); + }; + name = Debug; }; - EB9C1D761BDFD0E000F89272 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - EB9C1D7E1BDFD0E100F89272 /* secbackupntest.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BC9CE1D8B824700070CB0 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56FB1DCA8F4900E18518 /* all_arches.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_ENUM_CONVERSION = NO; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = YES; + WARNING_CFLAGS = ( + "$(inherited)", + "-Wno-sign-compare", + "-Wno-four-char-constants", + ); + }; + name = Release; }; - EBA9AA7E1CE30E58004E2B68 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - EBA9AA871CE30E6F004E2B68 /* secitemnotifications.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BCA181D8B82B000070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = YES; + WARNING_CFLAGS = ( + "$(inherited)", + "-Wno-int-to-void-pointer-cast", + "-Wno-sign-compare", + ); + }; + name = Debug; }; - EBCF73F41CE45F9C00BED7CA /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - EBCF73FD1CE45FAC00BED7CA /* secitemfunctionality.m in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; + DC0BCA191D8B82B000070CB0 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = YES; + WARNING_CFLAGS = ( + "$(inherited)", + "-Wno-int-to-void-pointer-cast", + "-Wno-sign-compare", + ); + }; + name = Release; }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - 05EF68B4194914C2007958C3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = Security_temporary_UI; - targetProxy = 05EF68B3194914C2007958C3 /* PBXContainerItemProxy */; + DC0BCA7E1D8B858600070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++14"; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_PREPROCESSOR_DEFINITIONS = ( + COM_APPLE_SECURITY_SANE_INCLUDES, + "$(inherited)", + ); + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - 05EF68CA1949167B007958C3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = security; - targetProxy = 05EF68C91949167B007958C3 /* PBXContainerItemProxy */; + DC0BCA7F1D8B858600070CB0 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++14"; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + GCC_C_LANGUAGE_STANDARD = gnu11; + GCC_PREPROCESSOR_DEFINITIONS = ( + COM_APPLE_SECURITY_SANE_INCLUDES, + "$(inherited)", + ); + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - 0C2BCBA91D06401F00ED7A2F /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecurityTool; - targetProxy = 0C2BCBAA1D06401F00ED7A2F /* PBXContainerItemProxy */; + DC0BCB061D8B894F00070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - 0C2BCBAB1D06401F00ED7A2F /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libutilities; - targetProxy = 0C2BCBAC1D06401F00ED7A2F /* PBXContainerItemProxy */; + DC0BCB071D8B894F00070CB0 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - 0C2BCBBC1D0640B200ED7A2F /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 0C2BCBA81D06401F00ED7A2F /* dtlsEchoClient */; - targetProxy = 0C2BCBBB1D0640B200ED7A2F /* PBXContainerItemProxy */; + DC0BCBFB1D8C648C00070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56AC1DCA835200E18518 /* lib_ios_x64_debug.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = NO; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = YES; + }; + name = Debug; }; - 0C2BCBBE1D0648D100ED7A2F /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecurityTool; - targetProxy = 0C2BCBBF1D0648D100ED7A2F /* PBXContainerItemProxy */; + DC0BCBFC1D8C648C00070CB0 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56AE1DCA839400E18518 /* lib_ios_x64_release.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = NO; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = YES; + }; + name = Release; }; - 0C2BCBC01D0648D100ED7A2F /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libutilities; - targetProxy = 0C2BCBC11D0648D100ED7A2F /* PBXContainerItemProxy */; + DC0BCC341D8C684F00070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56FB1DCA8F4900E18518 /* all_arches.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = NO; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO; + GCC_WARN_SHADOW = NO; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = NO; + HEADER_SEARCH_PATHS = ( + "$(inherited)", + "$(SYSTEM_LIBRARY_DIR)/Frameworks/System.framework/PrivateHeaders", + ); + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = YES; + WARNING_CFLAGS = ( + "$(inherited)", + "-Wno-unused-function", + ); + }; + name = Debug; }; - 0C2BCBD11D0648FA00ED7A2F /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 0C2BCBBD1D0648D100ED7A2F /* dtlsEchoServer */; - targetProxy = 0C2BCBD01D0648FA00ED7A2F /* PBXContainerItemProxy */; + DC0BCC351D8C684F00070CB0 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56FB1DCA8F4900E18518 /* all_arches.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = NO; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO; + GCC_WARN_SHADOW = NO; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = NO; + HEADER_SEARCH_PATHS = ( + "$(inherited)", + "$(SYSTEM_LIBRARY_DIR)/Frameworks/System.framework/PrivateHeaders", + ); + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = YES; + WARNING_CFLAGS = ( + "$(inherited)", + "-Wno-unused-function", + ); + }; + name = Release; }; - 0C664AB41759270C0092D3D9 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 0C0BDB2E175685B000BC1A7E /* secdtests */; - targetProxy = 0C664AB31759270C0092D3D9 /* PBXContainerItemProxy */; + DC0BCD461D8C694700070CB0 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = NO; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = NO; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = YES; + WARNING_CFLAGS = ( + "$(inherited)", + "-Wno-sign-compare", + "-Wno-unused-function", + ); + }; + name = Debug; }; - 0C664AD6175938F20092D3D9 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurityd; - targetProxy = 0C664AD5175938F20092D3D9 /* PBXContainerItemProxy */; + DC0BCD471D8C694700070CB0 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = NO; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = NO; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = YES; + WARNING_CFLAGS = ( + "$(inherited)", + "-Wno-sign-compare", + "-Wno-unused-function", + ); + }; + name = Release; }; - 0C664AD8175938F90092D3D9 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecdRegressions; - targetProxy = 0C664AD7175938F90092D3D9 /* PBXContainerItemProxy */; + DC17850B1D77873200B50D50 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_IDENTITY = ""; + COMBINE_HIDPI_IMAGES = YES; + CURRENT_PROJECT_VERSION = 1; + DEBUG_INFORMATION_FORMAT = dwarf; + DYLIB_COMPATIBILITY_VERSION = 1; + DYLIB_CURRENT_VERSION = 1; + DYLIB_INSTALL_NAME_BASE = "@rpath"; + ENABLE_STRICT_OBJC_MSGSEND = YES; + FRAMEWORK_VERSION = A; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks"; + LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks @loader_path/Frameworks"; + MACOSX_DEPLOYMENT_TARGET = 10.12; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = Security; + SDKROOT = macosx; + VERSIONING_SYSTEM = "apple-generic"; + VERSION_INFO_PREFIX = ""; + }; + name = Debug; }; - 0C664ADA175939490092D3D9 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = utilities; - targetProxy = 0C664AD9175939490092D3D9 /* PBXContainerItemProxy */; + DC17850C1D77873200B50D50 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_IDENTITY = ""; + COMBINE_HIDPI_IMAGES = YES; + COPY_PHASE_STRIP = NO; + CURRENT_PROJECT_VERSION = 1; + DYLIB_COMPATIBILITY_VERSION = 1; + DYLIB_CURRENT_VERSION = 1; + DYLIB_INSTALL_NAME_BASE = "@rpath"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + FRAMEWORK_VERSION = A; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks"; + LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks @loader_path/Frameworks"; + MACOSX_DEPLOYMENT_TARGET = 10.12; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = Security; + SDKROOT = macosx; + VERSIONING_SYSTEM = "apple-generic"; + VERSION_INFO_PREFIX = ""; + }; + name = Release; }; - 0C664ADC1759395E0092D3D9 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = regressions; - targetProxy = 0C664ADB1759395E0092D3D9 /* PBXContainerItemProxy */; + DC17890E1D77980500B50D50 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC178BB11D77A5F500B50D50 /* security_framework_macos.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COMBINE_HIDPI_IMAGES = YES; + GCC_DYNAMIC_NO_PIC = NO; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + VERSIONING_SYSTEM = "apple-generic"; + }; + name = Debug; }; - 0C664ADE1759396C0092D3D9 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libASN1; - targetProxy = 0C664ADD1759396C0092D3D9 /* PBXContainerItemProxy */; + DC17890F1D77980500B50D50 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC178BB11D77A5F500B50D50 /* security_framework_macos.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COMBINE_HIDPI_IMAGES = YES; + COPY_PHASE_STRIP = NO; + GCC_PREPROCESSOR_DEFINITIONS = ( + "NDEBUG=1", + "$(inherited)", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + VERSIONING_SYSTEM = "apple-generic"; + }; + name = Release; }; - 0C664AE0175939740092D3D9 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libDER; - targetProxy = 0C664ADF175939740092D3D9 /* PBXContainerItemProxy */; + DC3A4B5C1D91E9FB00E46D4A /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_IDENTITY = ""; + COMBINE_HIDPI_IMAGES = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO; + GCC_WARN_UNDECLARED_SELECTOR = YES; + INFOPLIST_FILE = "OSX/libsecurity_codesigning/CodeSigningHelper/CodeSigningHelper-Info.plist"; + INSTALL_PATH = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices; + MACH_O_TYPE = mh_execute; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_BUNDLE_IDENTIFIER = com.apple.CodeSigningHelper; + PRODUCT_NAME = "com.apple.$(TARGET_NAME:rfc1034identifier)"; + SKIP_INSTALL = NO; + WRAPPER_EXTENSION = xpc; + }; + name = Debug; }; - 0C664AE21759398A0092D3D9 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity; - targetProxy = 0C664AE11759398A0092D3D9 /* PBXContainerItemProxy */; + DC3A4B5D1D91E9FB00E46D4A /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_IDENTITY = ""; + COMBINE_HIDPI_IMAGES = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO; + GCC_WARN_UNDECLARED_SELECTOR = YES; + INFOPLIST_FILE = "OSX/libsecurity_codesigning/CodeSigningHelper/CodeSigningHelper-Info.plist"; + INSTALL_PATH = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices; + MACH_O_TYPE = mh_execute; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_BUNDLE_IDENTIFIER = com.apple.CodeSigningHelper; + PRODUCT_NAME = "com.apple.$(TARGET_NAME:rfc1034identifier)"; + SKIP_INSTALL = NO; + WRAPPER_EXTENSION = xpc; + }; + name = Release; }; - 0C664AE41759398A0092D3D9 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecureObjectSync; - targetProxy = 0C664AE31759398A0092D3D9 /* PBXContainerItemProxy */; + DC52E7C01D80BC8000B0A59C /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56AF1DCA841D00E18518 /* lib_ios_x64_debug_shim.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + EXECUTABLE_PREFIX = ""; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + }; + name = Debug; }; - 0C664AE617593BED0092D3D9 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecipc_client; - targetProxy = 0C664AE517593BED0092D3D9 /* PBXContainerItemProxy */; + DC52E7C11D80BC8000B0A59C /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56B01DCA843800E18518 /* lib_ios_x64_release_shim.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + EXECUTABLE_PREFIX = ""; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + }; + name = Release; }; - 0C99B740131C984900584CF4 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 0C6799F912F7C37C00712919 /* dtlsTests */; - targetProxy = 0C99B73F131C984900584CF4 /* PBXContainerItemProxy */; + DC52E8B81D80C1EB00B0A59C /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC71D8DD1D94CF3C0065FB93 /* lib_ios_debug_shim.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + }; + name = Debug; }; - 0CC827F2138712B100BD99B7 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = E710C7411331946400F85568 /* SecurityTests */; - targetProxy = 0CC827F1138712B100BD99B7 /* PBXContainerItemProxy */; + DC52E8B91D80C1EB00B0A59C /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC71D8DE1D94CF6A0065FB93 /* lib_ios_release_shim.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + }; + name = Release; }; - 0CCA408215C745C6002AEC4C /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_ssl; - targetProxy = 0CCA408115C745C6002AEC4C /* PBXContainerItemProxy */; + DC52E8C41D80C25800B0A59C /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DCC78EA31D80870D00865A7C /* lib_ios_debug.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + }; + name = Debug; }; - 0CCA418115C89ECD002AEC4C /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_ssl_regressions; - targetProxy = 0CCA418015C89ECD002AEC4C /* PBXContainerItemProxy */; + DC52E8C51D80C25800B0A59C /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DCC78EA41D80870D00865A7C /* lib_ios_release.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + }; + name = Release; }; - 0CCA418615C89EDD002AEC4C /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity_ssl_regressions; - targetProxy = 0CCA418515C89EDD002AEC4C /* PBXContainerItemProxy */; + DC52EA4A1D80CB7000B0A59C /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56AC1DCA835200E18518 /* lib_ios_x64_debug.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + }; + name = Debug; }; - 0CD72A4C16D54BD300A4B8A3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = utilities; - targetProxy = 0CD72A4B16D54BD300A4B8A3 /* PBXContainerItemProxy */; + DC52EA4B1D80CB7000B0A59C /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56AE1DCA839400E18518 /* lib_ios_x64_release.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + }; + name = Release; }; - 0CD72A5A16D55BF100A4B8A3 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 52DE81681636347500F49F0C /* Keychain */; - targetProxy = 0CD72A5916D55BF100A4B8A3 /* PBXContainerItemProxy */; + DC52EBD31D80CEF100B0A59C /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56AC1DCA835200E18518 /* lib_ios_x64_debug.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + }; + name = Debug; }; - 18F7F66B14D77E8500F88A12 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity; - targetProxy = 18F7F66A14D77E8500F88A12 /* PBXContainerItemProxy */; + DC52EBD41D80CEF100B0A59C /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56AE1DCA839400E18518 /* lib_ios_x64_release.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + }; + name = Release; }; - 18F7F66D14D77E8D00F88A12 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecipc_client; - targetProxy = 18F7F66C14D77E8D00F88A12 /* PBXContainerItemProxy */; + DC52EC321D80CFB200B0A59C /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56AC1DCA835200E18518 /* lib_ios_x64_debug.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + }; + name = Debug; }; - 18F7F67114D77EC500F88A12 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurityd; - targetProxy = 18F7F67014D77EC500F88A12 /* PBXContainerItemProxy */; + DC52EC331D80CFB200B0A59C /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56AE1DCA839400E18518 /* lib_ios_x64_release.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + }; + name = Release; }; - 18F7F67414D77EE900F88A12 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurityd; - targetProxy = 18F7F67314D77EE900F88A12 /* PBXContainerItemProxy */; + DC52EC4B1D80D00800B0A59C /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56AF1DCA841D00E18518 /* lib_ios_x64_debug_shim.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + EXECUTABLE_PREFIX = ""; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + }; + name = Debug; }; - 18F7F67714D77EFF00F88A12 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurityd; - targetProxy = 18F7F67614D77EFF00F88A12 /* PBXContainerItemProxy */; + DC52EC4C1D80D00800B0A59C /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56B01DCA843800E18518 /* lib_ios_x64_release_shim.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + EXECUTABLE_PREFIX = ""; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + }; + name = Release; }; - 438169E71B4EE4B300C54D58 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4381690B1B4EDCBD00C54D58 /* SOSCCAuthPlugin */; - targetProxy = 438169E61B4EE4B300C54D58 /* PBXContainerItemProxy */; + DC52EC5A1D80D05200B0A59C /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DCC78EA31D80870D00865A7C /* lib_ios_debug.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + }; + name = Debug; }; - 4ACED92B15A1095B0060775A /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecOTRRegressions; - targetProxy = 4ACED92A15A1095B0060775A /* PBXContainerItemProxy */; + DC52EC5B1D80D05200B0A59C /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DCC78EA41D80870D00865A7C /* lib_ios_release.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + }; + name = Release; }; - 4ACED92F15A10A3E0060775A /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecOTRRegressions; - targetProxy = 4ACED92E15A10A3E0060775A /* PBXContainerItemProxy */; + DC52EC661D80D0C400B0A59C /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56AC1DCA835200E18518 /* lib_ios_x64_debug.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + }; + name = Debug; }; - 4C1ADEB71615176500E4A8AF /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecureObjectSync; - targetProxy = 4C1ADEB61615176500E4A8AF /* PBXContainerItemProxy */; + DC52EC671D80D0C400B0A59C /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56AE1DCA839400E18518 /* lib_ios_x64_release.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + }; + name = Release; }; - 4C2FEC60157571F80008BE39 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSOSRegressions; - targetProxy = 4C2FEC5F157571F80008BE39 /* PBXContainerItemProxy */; + DC52EC951D80D1A800B0A59C /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56AC1DCA835200E18518 /* lib_ios_x64_debug.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = NO; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + }; + name = Debug; }; - 4C2FEC62157572130008BE39 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSOSRegressions; - targetProxy = 4C2FEC61157572130008BE39 /* PBXContainerItemProxy */; + DC52EC961D80D1A800B0A59C /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56AE1DCA839400E18518 /* lib_ios_x64_release.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = NO; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + }; + name = Release; }; - 4C3AD81E157589380047A498 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecureObjectSync; - targetProxy = 4C3AD81D157589380047A498 /* PBXContainerItemProxy */; + DC52ED9B1D80D4CD00B0A59C /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56AC1DCA835200E18518 /* lib_ios_x64_debug.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = NO; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + }; + name = Debug; }; - 4C3AD8201575894C0047A498 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecureObjectSync; - targetProxy = 4C3AD81F1575894C0047A498 /* PBXContainerItemProxy */; + DC52ED9C1D80D4CD00B0A59C /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56AE1DCA839400E18518 /* lib_ios_x64_release.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = NO; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + }; + name = Release; }; - 4C52D0EE16EFCD720079966E /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4C52D0B316EFC61E0079966E /* CircleJoinRequested */; - targetProxy = 4C52D0ED16EFCD720079966E /* PBXContainerItemProxy */; + DC52EDAF1D80D58400B0A59C /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56AC1DCA835200E18518 /* lib_ios_x64_debug.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = NO; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + }; + name = Debug; }; - 4C541F8C0F250C0400E508AE /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 790851B50CA9859F0083CC4D /* securityd */; - targetProxy = 4C541F8B0F250C0400E508AE /* PBXContainerItemProxy */; + DC52EDB01D80D58400B0A59C /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56AE1DCA839400E18518 /* lib_ios_x64_release.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = NO; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + }; + name = Release; }; - 4C541F8E0F250C0900E508AE /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4CB740A20A47567C00D641BB /* securitytool */; - targetProxy = 4C541F8D0F250C0900E508AE /* PBXContainerItemProxy */; + DC52EE3F1D80D6DD00B0A59C /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56AC1DCA835200E18518 /* lib_ios_x64_debug.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = NO; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + }; + name = Debug; }; - 4C541F900F250C0E00E508AE /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4CE5A54C09C796E100D27A3F /* sslViewer */; - targetProxy = 4C541F8F0F250C0E00E508AE /* PBXContainerItemProxy */; + DC52EE401D80D6DD00B0A59C /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56AE1DCA839400E18518 /* lib_ios_x64_release.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = NO; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + }; + name = Release; }; - 4C541F920F250C1300E508AE /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 7913B1FF0D172B3900601FE9 /* sslServer */; - targetProxy = 4C541F910F250C1300E508AE /* PBXContainerItemProxy */; + DC52EE6C1D80D82600B0A59C /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC71D8DD1D94CF3C0065FB93 /* lib_ios_debug_shim.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + }; + name = Debug; }; - 4C541FA10F250C5200E508AE /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4C541F840F250BF500E508AE /* Security_executables_ios */; - targetProxy = 4C541FA00F250C5200E508AE /* PBXContainerItemProxy */; + DC52EE6D1D80D82600B0A59C /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC71D8DE1D94CF6A0065FB93 /* lib_ios_release_shim.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + }; + name = Release; }; - 4C711D5913AFCD0900FE865D /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libDER; - targetProxy = 4C711D5A13AFCD0900FE865D /* PBXContainerItemProxy */; + DC58C4271D77BDEA003C25A4 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC58C4411D77BFA4003C25A4 /* security_macos.xcconfig */; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COMBINE_HIDPI_IMAGES = YES; + DYLIB_COMPATIBILITY_VERSION = 1; + ENABLE_STRICT_OBJC_MSGSEND = YES; + EXPORTED_SYMBOLS_FILE = OSX/lib/plugins/csparser.exp; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INFOPLIST_FILE = "OSX/lib/plugins/csparser-Info.plist"; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/A/PlugIns"; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.csparser; + PRODUCT_NAME = csparser; + WRAPPER_EXTENSION = bundle; + }; + name = Debug; }; - 4C711D5F13AFCD0900FE865D /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = regressions; - targetProxy = 4C711D6013AFCD0900FE865D /* PBXContainerItemProxy */; + DC58C4281D77BDEA003C25A4 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC58C4411D77BFA4003C25A4 /* security_macos.xcconfig */; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COMBINE_HIDPI_IMAGES = YES; + COPY_PHASE_STRIP = NO; + DYLIB_COMPATIBILITY_VERSION = 1; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + EXPORTED_SYMBOLS_FILE = OSX/lib/plugins/csparser.exp; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INFOPLIST_FILE = "OSX/lib/plugins/csparser-Info.plist"; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/A/PlugIns"; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.csparser; + PRODUCT_NAME = csparser; + WRAPPER_EXTENSION = bundle; + }; + name = Release; }; - 4C9DE9EF1181ACA000CF5C27 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4C9DE9D11181AC4800CF5C27 /* sslEcdsa */; - targetProxy = 4C9DE9EE1181ACA000CF5C27 /* PBXContainerItemProxy */; + DC59E9EA1D91C9DC001BDDF5 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56FB1DCA8F4900E18518 /* all_arches.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GENERATE_TEXT_BASED_STUBS = NO; + INLINE_PRIVATE_FRAMEWORKS = NO; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_libDER/libDER; + SKIP_INSTALL = YES; + SUPPORTS_TEXT_BASED_API = NO; + }; + name = Debug; }; - 4CC92B2515A3C6DE00C6D578 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecuritydRegressions; - targetProxy = 4CC92B2415A3C6DE00C6D578 /* PBXContainerItemProxy */; + DC59E9EB1D91C9DC001BDDF5 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56FB1DCA8F4900E18518 /* all_arches.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GENERATE_TEXT_BASED_STUBS = NO; + INLINE_PRIVATE_FRAMEWORKS = NO; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_libDER/libDER; + SKIP_INSTALL = YES; + SUPPORTS_TEXT_BASED_API = NO; + }; + name = Release; }; - 4CC92B2D15A3C94500C6D578 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecuritydRegressions; - targetProxy = 4CC92B2C15A3C94500C6D578 /* PBXContainerItemProxy */; + DC59EA231D91CA15001BDDF5 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_asn1; + SKIP_INSTALL = NO; + }; + name = Debug; }; - 4CE39042169F87C400026468 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecurityTool; - targetProxy = 4CE39041169F87C400026468 /* PBXContainerItemProxy */; + DC59EA241D91CA15001BDDF5 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_asn1; + SKIP_INSTALL = NO; + }; + name = Release; }; - 4CE39044169F87DB00026468 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecurityTool; - targetProxy = 4CE39043169F87DB00026468 /* PBXContainerItemProxy */; + DC59EA3C1D91CA82001BDDF5 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - 4CEC096F15758EAF008EB037 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libutilities; - targetProxy = 4CEC096E15758EAF008EB037 /* PBXContainerItemProxy */; + DC59EA3D1D91CA82001BDDF5 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - 4CEC097115758EC5008EB037 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libutilities; - targetProxy = 4CEC097015758EC5008EB037 /* PBXContainerItemProxy */; + DC59EA5E1D91CAF0001BDDF5 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - 4CEC097515758F0A008EB037 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libutilities; - targetProxy = 4CEC097415758F0A008EB037 /* PBXContainerItemProxy */; + DC59EA5F1D91CAF0001BDDF5 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - 4CEC097915758F17008EB037 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libutilities; - targetProxy = 4CEC097815758F17008EB037 /* PBXContainerItemProxy */; + DC59EA6E1D91CB9F001BDDF5 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - 4CEC097D15758F23008EB037 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libutilities; - targetProxy = 4CEC097C15758F23008EB037 /* PBXContainerItemProxy */; + DC59EA6F1D91CB9F001BDDF5 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - 4CEC098715758F60008EB037 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libutilities; - targetProxy = 4CEC098615758F60008EB037 /* PBXContainerItemProxy */; + DC5ABDCA1D832DAB00CF422C /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "c++98"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO; + GCC_WARN_SHADOW = NO; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + HEADER_SEARCH_PATHS = ( + "$(PROJECT_DIR)/header_symlinks/macOS/", + "$(inherited)", + ); + INSTALL_PATH = /usr/bin; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = security; + SUPPORTED_PLATFORMS = macosx; + USE_HEADERMAP = NO; + }; + name = Debug; }; - 5250AC301C866F9D00169095 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurity; - targetProxy = 5250AC2F1C866F9D00169095 /* PBXContainerItemProxy */; + DC5ABDCB1D832DAB00CF422C /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "c++98"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO; + GCC_WARN_SHADOW = NO; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + HEADER_SEARCH_PATHS = ( + "$(PROJECT_DIR)/header_symlinks/macOS/", + "$(inherited)", + ); + INSTALL_PATH = /usr/bin; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = security; + SUPPORTED_PLATFORMS = macosx; + USE_HEADERMAP = NO; + }; + name = Release; }; - 5250AC321C866F9D00169095 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurityd; - targetProxy = 5250AC311C866F9D00169095 /* PBXContainerItemProxy */; + DC5AC0541D8352DA00CF422C /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_INLINES_ARE_PRIVATE_EXTERN = NO; + GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO; + GCC_WARN_SHADOW = NO; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + HEADER_SEARCH_PATHS = ( + "$(PROJECT_DIR)/header_symlinks/macOS/", + "$(PROJECT_DIR)/securityd/", + "$(inherited)", + "$(SYSTEM_LIBRARY_DIR)/Frameworks/System.framework/PrivateHeaders", + ); + INSTALL_PATH = /usr/sbin; + MTL_ENABLE_DEBUG_INFO = YES; + ORDER_FILE = securityd/src/securityd.order; + OTHER_CPLUSPLUSFLAGS = ( + "$(OTHER_CFLAGS)", + "-Wno-deprecated-register", + ); + PRODUCT_NAME = securityd; + SUPPORTED_PLATFORMS = macosx; + }; + name = Debug; }; - 5250AC341C866F9D00169095 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecureObjectSync; - targetProxy = 5250AC331C866F9D00169095 /* PBXContainerItemProxy */; + DC5AC0551D8352DA00CF422C /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_INLINES_ARE_PRIVATE_EXTERN = NO; + GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO; + GCC_WARN_SHADOW = NO; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + HEADER_SEARCH_PATHS = ( + "$(PROJECT_DIR)/header_symlinks/macOS/", + "$(PROJECT_DIR)/securityd/", + "$(inherited)", + "$(SYSTEM_LIBRARY_DIR)/Frameworks/System.framework/PrivateHeaders", + ); + INSTALL_PATH = /usr/sbin; + MTL_ENABLE_DEBUG_INFO = NO; + ORDER_FILE = securityd/src/securityd.order; + OTHER_CPLUSPLUSFLAGS = ( + "$(OTHER_CFLAGS)", + "-Wno-deprecated-register", + ); + PRODUCT_NAME = securityd; + SUPPORTED_PLATFORMS = macosx; + }; + name = Release; }; - 5250AC361C866FA500169095 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = utilities; - targetProxy = 5250AC351C866FA500169095 /* PBXContainerItemProxy */; + DC5AC1371D835D9700CF422C /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + DEBUGGING_SYMBOLS = YES; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_GENERATE_DEBUGGING_SYMBOLS = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - 52D82BF216A622600078DFE5 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = utilities; - targetProxy = 52D82BF116A622600078DFE5 /* PBXContainerItemProxy */; + DC5AC1381D835D9700CF422C /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - 52D82BF616A627100078DFE5 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 52D82BDD16A621F70078DFE5 /* CloudKeychainProxy */; - targetProxy = 52D82BF516A627100078DFE5 /* PBXContainerItemProxy */; + DC610A321D78F129002223DE /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ENABLE_OBJC_ARC = YES; + CODE_SIGN_ENTITLEMENTS = OSX/sec/securityd/entitlements.plist; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + INSTALL_PATH = /usr/local/bin; + LIBRARY_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)/usr/lib/system", + ); + OTHER_LDFLAGS = ( + "$(APPLE_AKS_LIBRARY)", + "-ObjC", + ); + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-lACM", + "-lImg4Decode", + "-ObjC", + ); + PRODUCT_NAME = secdtests; + STRIP_STYLE = debugging; + }; + name = Debug; }; - 5346481B17331ED800FE9172 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 5346480017331E1100FE9172 /* KeychainSyncAccountNotification */; - targetProxy = 5346481A17331ED800FE9172 /* PBXContainerItemProxy */; + DC610A331D78F129002223DE /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ENABLE_OBJC_ARC = YES; + CODE_SIGN_ENTITLEMENTS = OSX/sec/securityd/entitlements.plist; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + INSTALL_PATH = /usr/local/bin; + LIBRARY_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)/usr/lib/system", + ); + OTHER_LDFLAGS = ( + "$(APPLE_AKS_LIBRARY)", + "-ObjC", + ); + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-lACM", + "-lImg4Decode", + "-ObjC", + ); + PRODUCT_NAME = secdtests; + STRIP_STYLE = debugging; + }; + name = Release; }; - 5D403D3215C6FE9E0030D492 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = utilities; - targetProxy = 5D403D3115C6FE9E0030D492 /* PBXContainerItemProxy */; + DC610A4C1D78F48F002223DE /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DCE4E82B1D7A54D300AFB96E /* ios_on_macos.xcconfig */; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = "OSX/codesign_tests/SecTask-Entitlements.plist"; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = /AppleInternal/CoreOS/codesign_tests/; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = SecTaskTest; + }; + name = Debug; }; - 5DDD0BEE16D6748900D6C0D6 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 728B56A016D59979008FA3AB /* OTAPKIAssetTool */; - targetProxy = 5DDD0BED16D6748900D6C0D6 /* PBXContainerItemProxy */; + DC610A4D1D78F48F002223DE /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DCE4E82B1D7A54D300AFB96E /* ios_on_macos.xcconfig */; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = "OSX/codesign_tests/SecTask-Entitlements.plist"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = /AppleInternal/CoreOS/codesign_tests/; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = SecTaskTest; + }; + name = Release; }; - 5E10995419A5E80B00A60E2B /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 5E10992419A5E55800A60E2B /* ISACLProtectedItems */; - targetProxy = 5E10995319A5E80B00A60E2B /* PBXContainerItemProxy */; + DC610A5D1D78F9D2002223DE /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = /AppleInternal/CoreOS/codesign_tests; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = codesign_tests; + SUPPORTED_PLATFORMS = macosx; + }; + name = Debug; }; - 5EE556BC1B01DFB5006F78F2 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = regressions; - targetProxy = 5EE556BB1B01DFB5006F78F2 /* PBXContainerItemProxy */; + DC610A5E1D78F9D2002223DE /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = /AppleInternal/CoreOS/codesign_tests; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = codesign_tests; + SUPPORTED_PLATFORMS = macosx; + }; + name = Release; }; - 5EE556BE1B01DFC6006F78F2 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecureObjectSync; - targetProxy = 5EE556BD1B01DFC6006F78F2 /* PBXContainerItemProxy */; + DC610AB51D7910C3002223DE /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = /AppleInternal/PackageDataTools; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = gk_reset_check; + SUPPORTED_PLATFORMS = macosx; + }; + name = Debug; }; - 5EE556C01B01DFD9006F78F2 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecurityd; - targetProxy = 5EE556BF1B01DFD9006F78F2 /* PBXContainerItemProxy */; + DC610AB61D7910C3002223DE /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = /AppleInternal/PackageDataTools; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = gk_reset_check; + SUPPORTED_PLATFORMS = macosx; + }; + name = Release; }; - 5EE556C21B01DFE2006F78F2 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = utilities; - targetProxy = 5EE556C11B01DFE2006F78F2 /* PBXContainerItemProxy */; + DC63CAEB1D90D63500C03317 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + INSTALLHDRS_SCRIPT_PHASE = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - 5EF7C2561B00EEF900E5E99C /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 5EBE24791B00CCAE0007DB0E /* secacltests */; - targetProxy = 5EF7C2551B00EEF900E5E99C /* PBXContainerItemProxy */; + DC63CAEC1D90D63500C03317 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + INSTALLHDRS_SCRIPT_PHASE = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - BE197F631911742900BA91D1 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = BE197F2519116FD100BA91D1 /* SharedWebCredentialViewService */; - targetProxy = BE197F621911742900BA91D1 /* PBXContainerItemProxy */; + DC6A82991D87749A00418608 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_SYMBOLS_PRIVATE_EXTERN = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = securityd_client; + PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/securityd_client; + SKIP_INSTALL = NO; + }; + name = Debug; }; - BE442B9F18B7FD7D00F24DAE /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSWCAgent; - targetProxy = BE442B9E18B7FD7D00F24DAE /* PBXContainerItemProxy */; + DC6A829A1D87749A00418608 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_SYMBOLS_PRIVATE_EXTERN = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = securityd_client; + PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/securityd_client; + SKIP_INSTALL = NO; + }; + name = Release; }; - BE442BA918B7FDB800F24DAE /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSWCAgent; - targetProxy = BE442BAA18B7FDB800F24DAE /* PBXContainerItemProxy */; + DC6BC26F1D90CFEF00DD57B3 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - BE4AC9B418B8020400B84964 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = BE442BA018B7FDB800F24DAE /* swcagent */; - targetProxy = BE4AC9B318B8020400B84964 /* PBXContainerItemProxy */; + DC6BC2701D90CFEF00DD57B3 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - CD045E3E1A83F855005FA0AC /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = utilities; - targetProxy = CD045E3D1A83F855005FA0AC /* PBXContainerItemProxy */; + DC6BC2781D90D0BE00DD57B3 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - CD0637811A840C6400C81E74 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = CD276C261A83F60C003226BC /* IDSKeychainSyncingProxy */; - targetProxy = CD0637801A840C6400C81E74 /* PBXContainerItemProxy */; + DC6BC2791D90D0BE00DD57B3 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - D40771EB1C9B51D80016AA66 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSharedRegressions; - targetProxy = D40771EA1C9B51D80016AA66 /* PBXContainerItemProxy */; + DC6BC27F1D90D1EE00DD57B3 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - D40771ED1C9B51E30016AA66 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSharedRegressions; - targetProxy = D40771EC1C9B51E30016AA66 /* PBXContainerItemProxy */; + DC6BC2801D90D1EE00DD57B3 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - D41AD43A1B96721E008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 790851B50CA9859F0083CC4D /* securityd */; - targetProxy = D41AD4391B96721E008C7270 /* PBXContainerItemProxy */; + DC71D9DD1D95BA6C0065FB93 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56FB1DCA8F4900E18518 /* all_arches.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; + GCC_WARN_SHADOW = NO; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_asn1; + }; + name = Debug; }; - D41AD43C1B96723B008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = E710C7411331946400F85568 /* SecurityTests */; - targetProxy = D41AD43B1B96723B008C7270 /* PBXContainerItemProxy */; + DC71D9DE1D95BA6C0065FB93 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56FB1DCA8F4900E18518 /* all_arches.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; + GCC_WARN_SHADOW = NO; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_asn1; + }; + name = Release; }; - D41AD43E1B967242008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 0C0BDB2E175685B000BC1A7E /* secdtests */; - targetProxy = D41AD43D1B967242008C7270 /* PBXContainerItemProxy */; + DC71D9F91D95BB0A0065FB93 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56FB1DCA8F4900E18518 /* all_arches.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GENERATE_TEXT_BASED_STUBS = NO; + INLINE_PRIVATE_FRAMEWORKS = NO; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_libDER/libDER; + SKIP_INSTALL = YES; + "SKIP_INSTALL[sdk=macosx*]" = NO; + SUPPORTS_TEXT_BASED_API = NO; + }; + name = Debug; }; - D41AD4401B96724C008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 0C6799F912F7C37C00712919 /* dtlsTests */; - targetProxy = D41AD43F1B96724C008C7270 /* PBXContainerItemProxy */; + DC71D9FA1D95BB0A0065FB93 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56FB1DCA8F4900E18518 /* all_arches.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GENERATE_TEXT_BASED_STUBS = NO; + INLINE_PRIVATE_FRAMEWORKS = NO; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_libDER/libDER; + SKIP_INSTALL = YES; + "SKIP_INSTALL[sdk=macosx*]" = NO; + SUPPORTS_TEXT_BASED_API = NO; + }; + name = Release; }; - D41AD4421B97866C008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 7913B1FF0D172B3900601FE9 /* sslServer */; - targetProxy = D41AD4411B97866C008C7270 /* PBXContainerItemProxy */; + DC82FFE81D90D3F60085674B /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + INSTALLHDRS_SCRIPT_PHASE = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - D41AD4441B978681008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4C9DE9D11181AC4800CF5C27 /* sslEcdsa */; - targetProxy = D41AD4431B978681008C7270 /* PBXContainerItemProxy */; + DC82FFE91D90D3F60085674B /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + INSTALLHDRS_SCRIPT_PHASE = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - D41AD4461B9786A3008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4CB740A20A47567C00D641BB /* securitytool */; - targetProxy = D41AD4451B9786A3008C7270 /* PBXContainerItemProxy */; + DC82FFEF1D90D4D20085674B /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + INSTALLHDRS_SCRIPT_PHASE = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - D41AD44A1B9786D8008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = F93C49021AB8FCE00047E01A /* ckcdiagnose.sh */; - targetProxy = D41AD4491B9786D8008C7270 /* PBXContainerItemProxy */; + DC82FFF01D90D4D20085674B /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + INSTALLHDRS_SCRIPT_PHASE = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - D41AD44C1B9786E2008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 5EBE24791B00CCAE0007DB0E /* secacltests */; - targetProxy = D41AD44B1B9786E2008C7270 /* PBXContainerItemProxy */; + DC8834061D8A218F00CE0ACA /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56FB1DCA8F4900E18518 /* all_arches.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; + GCC_WARN_SHADOW = NO; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_asn1; + SKIP_INSTALL = YES; + }; + name = Debug; }; - D41AD44E1B978791008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 5E10992419A5E55800A60E2B /* ISACLProtectedItems */; - targetProxy = D41AD44D1B978791008C7270 /* PBXContainerItemProxy */; + DC8834071D8A218F00CE0ACA /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = D47C56FB1DCA8F4900E18518 /* all_arches.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; + GCC_WARN_SHADOW = NO; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/security_asn1; + SKIP_INSTALL = YES; + }; + name = Release; }; - D41AD4521B9788B2008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 52D82BDD16A621F70078DFE5 /* CloudKeychainProxy */; - targetProxy = D41AD4511B9788B2008C7270 /* PBXContainerItemProxy */; + DC8E04931D7F6CED006D80EB /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + DEBUGGING_SYMBOLS = YES; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_GENERATE_DEBUGGING_SYMBOLS = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - D41AD45A1B978944008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 728B56A016D59979008FA3AB /* OTAPKIAssetTool */; - targetProxy = D41AD4591B978944008C7270 /* PBXContainerItemProxy */; + DC8E04941D7F6CED006D80EB /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - D41AD45C1B978A7A008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 790851B50CA9859F0083CC4D /* securityd */; - targetProxy = D41AD45B1B978A7A008C7270 /* PBXContainerItemProxy */; + DC8E04971D7F6D80006D80EB /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + DEBUGGING_SYMBOLS = YES; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_GENERATE_DEBUGGING_SYMBOLS = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - D41AD45E1B978A7C008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4CB740A20A47567C00D641BB /* securitytool */; - targetProxy = D41AD45D1B978A7C008C7270 /* PBXContainerItemProxy */; + DC8E04981D7F6D80006D80EB /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - D41AD4601B978E18008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = E710C7411331946400F85568 /* SecurityTests */; - targetProxy = D41AD45F1B978E18008C7270 /* PBXContainerItemProxy */; + DC8E049B1D7F6D9C006D80EB /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + DEBUGGING_SYMBOLS = YES; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_GENERATE_DEBUGGING_SYMBOLS = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - D41AD4621B978E24008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 0C0BDB2E175685B000BC1A7E /* secdtests */; - targetProxy = D41AD4611B978E24008C7270 /* PBXContainerItemProxy */; + DC8E049C1D7F6D9C006D80EB /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - D41AD4661B978F19008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 0C6799F912F7C37C00712919 /* dtlsTests */; - targetProxy = D41AD4651B978F19008C7270 /* PBXContainerItemProxy */; + DC8E049F1D7F6DBC006D80EB /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + DEBUGGING_SYMBOLS = YES; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_GENERATE_DEBUGGING_SYMBOLS = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - D41AD4681B978F20008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 7913B1FF0D172B3900601FE9 /* sslServer */; - targetProxy = D41AD4671B978F20008C7270 /* PBXContainerItemProxy */; + DC8E04A01D7F6DBC006D80EB /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - D41AD46A1B978F24008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4CE5A54C09C796E100D27A3F /* sslViewer */; - targetProxy = D41AD4691B978F24008C7270 /* PBXContainerItemProxy */; + DC8E04A31D7F6DFC006D80EB /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + DEBUGGING_SYMBOLS = YES; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_GENERATE_DEBUGGING_SYMBOLS = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - D41AD46C1B978F28008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4C9DE9D11181AC4800CF5C27 /* sslEcdsa */; - targetProxy = D41AD46B1B978F28008C7270 /* PBXContainerItemProxy */; + DC8E04A41D7F6DFC006D80EB /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - D41AD46E1B978F4C008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 5EBE24791B00CCAE0007DB0E /* secacltests */; - targetProxy = D41AD46D1B978F4C008C7270 /* PBXContainerItemProxy */; + DC8E04A71D7F6E50006D80EB /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + DEBUGGING_SYMBOLS = YES; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_GENERATE_DEBUGGING_SYMBOLS = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - D41AD4721B978F76008C7270 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 728B56A016D59979008FA3AB /* OTAPKIAssetTool */; - targetProxy = D41AD4711B978F76008C7270 /* PBXContainerItemProxy */; + DC8E04A81D7F6E50006D80EB /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - D447C4E51D31CA540082FC1D /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libCMSInstall; - targetProxy = D447C4E41D31CA540082FC1D /* PBXContainerItemProxy */; + DC8E04AB1D7F6E63006D80EB /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + DEBUGGING_SYMBOLS = YES; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_GENERATE_DEBUGGING_SYMBOLS = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - D447C4E71D31CA650082FC1D /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libCMS; - targetProxy = D447C4E61D31CA650082FC1D /* PBXContainerItemProxy */; + DC8E04AC1D7F6E63006D80EB /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - D46B07731C8FAFA900B5939A /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libDER; - targetProxy = D46B07721C8FAFA900B5939A /* PBXContainerItemProxy */; + DC8E04AF1D7F6E76006D80EB /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + DEBUGGING_SYMBOLS = YES; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_GENERATE_DEBUGGING_SYMBOLS = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - D46B08001C8FBE3300B5939A /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libDERHeaders; - targetProxy = D46B07FF1C8FBE3300B5939A /* PBXContainerItemProxy */; + DC8E04B01D7F6E76006D80EB /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - D46B08A61C8FD8CF00B5939A /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libASN1Install; - targetProxy = D46B08A51C8FD8CF00B5939A /* PBXContainerItemProxy */; + DC8E04B31D7F6EC9006D80EB /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + DEBUGGING_SYMBOLS = YES; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_GENERATE_DEBUGGING_SYMBOLS = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - D4DC138A1C8F738A00175415 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libDER; - targetProxy = D4DC13891C8F738A00175415 /* PBXContainerItemProxy */; + DC8E04B41D7F6EC9006D80EB /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - E7104A03169E038F00DB0045 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecurityTool; - targetProxy = E7104A02169E038F00DB0045 /* PBXContainerItemProxy */; + DCB3406B1D8A24DF0054D16E /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - E7104A20169E21C000DB0045 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecurityCommands; - targetProxy = E7104A1F169E21C000DB0045 /* PBXContainerItemProxy */; + DCB3406C1D8A24DF0054D16E /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - E74583BE1BF66489001B54A4 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 52D82BDD16A621F70078DFE5 /* CloudKeychainProxy */; - targetProxy = E74583BD1BF66489001B54A4 /* PBXContainerItemProxy */; + DCB340931D8A267C0054D16E /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + GCC_SYMBOLS_PRIVATE_EXTERN = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = NO; + }; + name = Debug; }; - E745841F1BF66525001B54A4 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = Security_executables; - targetProxy = E745841E1BF66525001B54A4 /* PBXContainerItemProxy */; + DCB340941D8A267C0054D16E /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + GCC_SYMBOLS_PRIVATE_EXTERN = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = NO; + }; + name = Release; }; - E745846D1BF68ECB001B54A4 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 05EF68BB194915A5007958C3 /* Security_executables_osx */; - targetProxy = E745846C1BF68ECB001B54A4 /* PBXContainerItemProxy */; + DCB341351D8A2A010054D16E /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + GCC_SYMBOLS_PRIVATE_EXTERN = YES; + MTL_ENABLE_DEBUG_INFO = YES; + SKIP_INSTALL = NO; + }; + name = Debug; }; - E745846F1BF68ECB001B54A4 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 05EF68C1194915FB007958C3 /* Security_kexts */; - targetProxy = E745846E1BF68ECB001B54A4 /* PBXContainerItemProxy */; + DCB341361D8A2A010054D16E /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + GCC_SYMBOLS_PRIVATE_EXTERN = YES; + MTL_ENABLE_DEBUG_INFO = NO; + SKIP_INSTALL = NO; + }; + name = Release; }; - E74584711BF68ECB001B54A4 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 05EF68AF1949149C007958C3 /* Security_temporary_UI */; - targetProxy = E74584701BF68ECB001B54A4 /* PBXContainerItemProxy */; + DCB341801D8A2B860054D16E /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = YES; + SKIP_INSTALL = NO; + }; + name = Debug; }; - E749F2701D18C284006C2B27 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = utilities; - targetProxy = E749F26F1D18C284006C2B27 /* PBXContainerItemProxy */; + DCB341811D8A2B860054D16E /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = NO; + SKIP_INSTALL = NO; + }; + name = Release; }; - E75C27711C98D40500F7E12A /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libASN1; - targetProxy = E75C27701C98D40500F7E12A /* PBXContainerItemProxy */; + DCB3423F1D8A32820054D16E /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_PREPROCESSOR_DEFINITIONS = "$(inherited)"; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + WARNING_CFLAGS = ( + "$(inherited)", + "-Wno-switch", + ); + }; + name = Debug; }; - E75C27771C98D44300F7E12A /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libASN1; - targetProxy = E75C27761C98D44300F7E12A /* PBXContainerItemProxy */; + DCB342401D8A32820054D16E /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_PREPROCESSOR_DEFINITIONS = "$(inherited)"; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + WARNING_CFLAGS = ( + "$(inherited)", + "-Wno-switch", + ); + }; + name = Release; }; - E75E498F1C8F79BB0001A34F /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libsecipc_client; - targetProxy = E75E498E1C8F79BB0001A34F /* PBXContainerItemProxy */; + DCB3443C1D8A34FD0054D16E /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_PREPROCESSOR_DEFINITIONS = "$(inherited)"; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - E76079FC1951FE1F00F69731 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = liblogging; - targetProxy = E76079FB1951FE1F00F69731 /* PBXContainerItemProxy */; + DCB3443D1D8A34FD0054D16E /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_PREPROCESSOR_DEFINITIONS = "$(inherited)"; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - E79D3389135CBEB1005777CF /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = regressions; - targetProxy = E79D3388135CBEB1005777CF /* PBXContainerItemProxy */; + DCC78EB01D8088E200865A7C /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DCC78EA31D80870D00865A7C /* lib_ios_debug.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + }; + name = Debug; }; - E79EEDD71CD3F9F800C2FBFC /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 0C7CFA2E14E1BA4800DF9D95 /* Security_frameworks_ios */; - targetProxy = E79EEDD61CD3F9F800C2FBFC /* PBXContainerItemProxy */; + DCC78EB11D8088E200865A7C /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DCC78EA41D80870D00865A7C /* lib_ios_release.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + }; + name = Release; }; - E79EEDDD1CD3FFE300C2FBFC /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = Security_frameworks; - targetProxy = E79EEDDC1CD3FFE300C2FBFC /* PBXContainerItemProxy */; + DCD067581D8CDCF4007602F1 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + DEVELOPMENT_TEAM = XPSUQMMH5W; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - E79EEDDF1CD3FFEA00C2FBFC /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = E79EEDD81CD3FFC800C2FBFC /* Security_frameworks_osx */; - targetProxy = E79EEDDE1CD3FFEA00C2FBFC /* PBXContainerItemProxy */; + DCD067591D8CDCF4007602F1 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + DEVELOPMENT_TEAM = XPSUQMMH5W; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - E79EEDE51CD4001300C2FBFC /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 05EF68BB194915A5007958C3 /* Security_executables_osx */; - targetProxy = E79EEDE41CD4001300C2FBFC /* PBXContainerItemProxy */; + DCD0675E1D8CDD6D007602F1 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + DEVELOPMENT_TEAM = XPSUQMMH5W; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - E79EEDE71CD4003900C2FBFC /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = E79EEDD81CD3FFC800C2FBFC /* Security_frameworks_osx */; - targetProxy = E79EEDE61CD4003900C2FBFC /* PBXContainerItemProxy */; + DCD0675F1D8CDD6D007602F1 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + DEVELOPMENT_TEAM = XPSUQMMH5W; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - E7B01B8416572132000485F1 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecureObjectSync; - targetProxy = E7B01B8316572132000485F1 /* PBXContainerItemProxy */; + DCD0677D1D8CDF19007602F1 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + APPLY_RULES_IN_COPY_FILES = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = NO; + CLANG_WARN_ENUM_CONVERSION = NO; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + HEADER_SEARCH_PATHS = ( + "$(inherited)", + OSX/libsecurity_codesigning/antlr2/, + "$(BUILT_PRODUCTS_DIR)/derived_src", + "$(BUILT_PRODUCTS_DIR)/cstemp/", + "$(SYSTEM_LIBRARY_DIR)/Frameworks/System.framework/PrivateHeaders", + ); + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = NO; + WARNING_CFLAGS = ( + "$(inherited)", + "-Wno-error=c++11-narrowing", + ); + }; + name = Debug; }; - E7B01BBE166594AB000485F1 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSecureObjectSync; - targetProxy = E7B01BBF166594AB000485F1 /* PBXContainerItemProxy */; + DCD0677E1D8CDF19007602F1 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + APPLY_RULES_IN_COPY_FILES = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = NO; + CLANG_WARN_ENUM_CONVERSION = NO; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + HEADER_SEARCH_PATHS = ( + "$(inherited)", + OSX/libsecurity_codesigning/antlr2/, + "$(BUILT_PRODUCTS_DIR)/derived_src", + "$(BUILT_PRODUCTS_DIR)/cstemp/", + "$(SYSTEM_LIBRARY_DIR)/Frameworks/System.framework/PrivateHeaders", + ); + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = NO; + WARNING_CFLAGS = ( + "$(inherited)", + "-Wno-error=c++11-narrowing", + ); + }; + name = Release; }; - E7B01BC0166594AB000485F1 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSOSRegressions; - targetProxy = E7B01BC1166594AB000485F1 /* PBXContainerItemProxy */; + DCD069691D8CE105007602F1 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + DEVELOPMENT_TEAM = XPSUQMMH5W; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - E7CFF6711C84F62900E3484E /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = E7D847C41C6BE9710025BB44 /* KeychainCircle */; - targetProxy = E7CFF6701C84F62900E3484E /* PBXContainerItemProxy */; + DCD0696A1D8CE105007602F1 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + DEVELOPMENT_TEAM = XPSUQMMH5W; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - E7CFF6731C84F62900E3484E /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = E7D847CD1C6BE9720025BB44 /* KeychainCircleTests */; - targetProxy = E7CFF6721C84F62900E3484E /* PBXContainerItemProxy */; + DCD0696D1D8CE1F9007602F1 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + DEBUGGING_SYMBOLS = YES; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_GENERATE_DEBUGGING_SYMBOLS = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - E7CFF6751C84F65D00E3484E /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = E7CFF6471C84F61200E3484E /* Security_KeychainCircle */; - targetProxy = E7CFF6741C84F65D00E3484E /* PBXContainerItemProxy */; + DCD0696E1D8CE1F9007602F1 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - E7CFF6771C84F66A00E3484E /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = E7CFF6471C84F61200E3484E /* Security_KeychainCircle */; - targetProxy = E7CFF6761C84F66A00E3484E /* PBXContainerItemProxy */; + DCD06A3D1D8CE21C007602F1 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = NO; + }; + name = Debug; }; - E7D847D11C6BE9720025BB44 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = E7D847C41C6BE9710025BB44 /* KeychainCircle */; - targetProxy = E7D847D01C6BE9720025BB44 /* PBXContainerItemProxy */; + DCD06A3E1D8CE21C007602F1 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = NO; + }; + name = Release; }; - E7E0C73D1C90EE0000E69A21 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libDER; - targetProxy = E7E0C73C1C90EE0000E69A21 /* PBXContainerItemProxy */; + DCD06A4F1D8CE281007602F1 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = NO; + }; + name = Debug; }; - E7E0C73F1C90EE0500E69A21 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libASN1; - targetProxy = E7E0C73E1C90EE0500E69A21 /* PBXContainerItemProxy */; + DCD06A501D8CE281007602F1 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = NO; + }; + name = Release; }; - E7E0D8FB158FAB3B002CA176 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libutilitiesRegressions; - targetProxy = E7E0D8FA158FAB3B002CA176 /* PBXContainerItemProxy */; + DCD06A721D8CE2D5007602F1 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ENABLE_OBJC_ARC = YES; + CODE_SIGN_IDENTITY = ""; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + HEADER_SEARCH_PATHS = ( + "$(PROJECT_DIR)/OSX/include/", + "$(inherited)", + ); + INSTALL_PATH = /usr/local/bin; + OTHER_LDFLAGS = ( + "-lsqlite3", + "-framework", + CFNetwork, + ); + "OTHER_LDFLAGS[sdk=embedded][arch=*]" = ( + "-lsqlite3", + "-framework", + CFNetwork, + "-framework", + IOKit, + "-framework", + MobileKeyBag, + "-laks", + "-lACM", + ); + PRODUCT_NAME = "$(TARGET_NAME)"; + STRIP_STYLE = debugging; + }; + name = Debug; }; - E7E0D900158FAB52002CA176 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libutilitiesRegressions; - targetProxy = E7E0D8FF158FAB52002CA176 /* PBXContainerItemProxy */; + DCD06A731D8CE2D5007602F1 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ENABLE_OBJC_ARC = YES; + CODE_SIGN_IDENTITY = ""; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + HEADER_SEARCH_PATHS = ( + "$(PROJECT_DIR)/OSX/include/", + "$(inherited)", + ); + INSTALL_PATH = /usr/local/bin; + OTHER_LDFLAGS = ""; + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-lsqlite3", + "-framework", + CFNetwork, + "-framework", + IOKit, + "-framework", + MobileKeyBag, + "-laks", + "-lACM", + ); + "OTHER_LDFLAGS[sdk=embeddedsimulator*][arch=*]" = ( + "-lsqlite3", + "-framework", + CFNetwork, + ); + PRODUCT_NAME = "$(TARGET_NAME)"; + STRIP_STYLE = debugging; + }; + name = Release; }; - E7E7B2201BFA865300B1E66B /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = securityd; - targetProxy = E7E7B21F1BFA865300B1E66B /* PBXContainerItemProxy */; + DCD06A7D1D8CE330007602F1 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + DEVELOPMENT_TEAM = XPSUQMMH5W; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - E7E7B24B1BFC0CD900B1E66B /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = CD276C261A83F60C003226BC /* IDSKeychainSyncingProxy */; - targetProxy = E7E7B24A1BFC0CD900B1E66B /* PBXContainerItemProxy */; + DCD06A7E1D8CE330007602F1 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + DEVELOPMENT_TEAM = XPSUQMMH5W; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - E7EE5A34139DC042005C78BE /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libDER; - targetProxy = E7EE5A33139DC042005C78BE /* PBXContainerItemProxy */; + DCD06AAE1D8E0D53007602F1 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_SYMBOLS_PRIVATE_EXTERN = YES; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = NO; + }; + name = Debug; }; - E7FEFB93169E377900E18152 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = libSOSCommands; - targetProxy = E7FEFB92169E377900E18152 /* PBXContainerItemProxy */; + DCD06AAF1D8E0D53007602F1 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_SYMBOLS_PRIVATE_EXTERN = YES; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + SKIP_INSTALL = NO; + }; + name = Release; }; - EB31EA831D3EF2FB008F952A /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 5346480017331E1100FE9172 /* KeychainSyncAccountNotification */; - targetProxy = EB31EA821D3EF2FB008F952A /* PBXContainerItemProxy */; + DCD66D711D8204A700DB1393 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC71D8DD1D94CF3C0065FB93 /* lib_ios_debug_shim.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + }; + name = Debug; }; - EB3A8E011BEEC6F3001A89AA /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = EB9C1D791BDFD0E000F89272 /* secbackupntest */; - targetProxy = EB3A8E001BEEC6F3001A89AA /* PBXContainerItemProxy */; + DCD66D721D8204A700DB1393 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC71D8DE1D94CF6A0065FB93 /* lib_ios_release_shim.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + }; + name = Release; }; - EB425CD11C6585F1000ECE53 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = EB425C9E1C65846D000ECE53 /* secbackuptest */; - targetProxy = EB425CD01C6585F1000ECE53 /* PBXContainerItemProxy */; + DCD66DD91D8205C400DB1393 /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DCC78EA31D80870D00865A7C /* lib_ios_debug.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + }; + name = Debug; }; - EB433A2C1CC3252A00A7EACE /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = EB433A201CC3243600A7EACE /* secitemstresstest */; - targetProxy = EB433A2B1CC3252A00A7EACE /* PBXContainerItemProxy */; + DCD66DDA1D8205C400DB1393 /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DCC78EA41D80870D00865A7C /* lib_ios_release.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + }; + name = Release; }; - EB63ADE11C3E74F900C45A69 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = EB0BC9361C3C791500785842 /* secedumodetest */; - targetProxy = EB63ADE01C3E74F900C45A69 /* PBXContainerItemProxy */; + DCE4E6A21D7A37FA00AFB96E /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ENABLE_OBJC_ARC = YES; + CODE_SIGN_ENTITLEMENTS = OSX/sec/SecurityTool/entitlements.plist; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + PRODUCT_NAME = security2; + SUPPORTED_PLATFORMS = macosx; + }; + name = Debug; }; - EB6A6FAD1B90F84D0045DC68 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 0C7CFA2E14E1BA4800DF9D95 /* Security_frameworks_ios */; - targetProxy = EB6A6FAC1B90F84D0045DC68 /* PBXContainerItemProxy */; + DCE4E6A31D7A37FA00AFB96E /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ENABLE_OBJC_ARC = YES; + CODE_SIGN_ENTITLEMENTS = OSX/sec/SecurityTool/entitlements.plist; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + PRODUCT_NAME = security2; + SUPPORTED_PLATFORMS = macosx; + }; + name = Release; }; - EB6A6FB31B90F89F0045DC68 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 790851B50CA9859F0083CC4D /* securityd */; - targetProxy = EB6A6FB21B90F89F0045DC68 /* PBXContainerItemProxy */; + DCE4E7B01D7A43B500AFB96E /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ENABLE_OBJC_ARC = YES; + CODE_SIGN_ENTITLEMENTS = "OSX/SecurityTestsOSX/SecurityTests-Entitlements.plist"; + COMBINE_HIDPI_IMAGES = YES; + COPY_PHASE_STRIP = NO; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + HEADER_SEARCH_PATHS = "$(inherited)"; + INFOPLIST_FILE = OSX/SecurityTestsOSX/Info.plist; + INSTALL_PATH = /AppleInternal/CoreOS/tests/Security/; + LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks"; + LIBRARY_SEARCH_PATHS = ( + "$(inherited)", + "\"$(SDKROOT)/usr/lib/system\"", + ); + OTHER_LDFLAGS = ""; + "OTHER_LDFLAGS[sdk=embedded]" = ( + "$(inherited)", + "-framework", + MobileKeyBag, + "-laks", + "-lACM", + "-lImg4Decode", + "-lSystem", + ); + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:identifier}"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SUPPORTED_PLATFORMS = macosx; + }; + name = Debug; }; - EB6A6FB91B90F8D70045DC68 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4C541F840F250BF500E508AE /* Security_executables_ios */; - targetProxy = EB6A6FB81B90F8D70045DC68 /* PBXContainerItemProxy */; + DCE4E7B11D7A43B500AFB96E /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + CLANG_ENABLE_OBJC_ARC = YES; + CODE_SIGN_ENTITLEMENTS = "OSX/SecurityTestsOSX/SecurityTests-Entitlements.plist"; + COMBINE_HIDPI_IMAGES = YES; + COPY_PHASE_STRIP = NO; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + HEADER_SEARCH_PATHS = "$(inherited)"; + INFOPLIST_FILE = OSX/SecurityTestsOSX/Info.plist; + INSTALL_PATH = /AppleInternal/CoreOS/tests/Security/; + LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks"; + LIBRARY_SEARCH_PATHS = ( + "$(inherited)", + "\"$(SDKROOT)/usr/lib/system\"", + ); + OTHER_LDFLAGS = ""; + "OTHER_LDFLAGS[sdk=embedded]" = ( + "$(inherited)", + "-framework", + MobileKeyBag, + "-laks", + "-lACM", + "-lImg4Decode", + "-lSystem", + ); + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:identifier}"; + PRODUCT_NAME = "$(TARGET_NAME)"; + SUPPORTED_PLATFORMS = macosx; + }; + name = Release; }; - EB6A6FBB1B90F8EC0045DC68 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 0C7CFA2E14E1BA4800DF9D95 /* Security_frameworks_ios */; - targetProxy = EB6A6FBA1B90F8EC0045DC68 /* PBXContainerItemProxy */; + DCE4E7D11D7A4AEE00AFB96E /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = "OSX/sectests/SecurityTests-Entitlements.plist"; + ENABLE_STRICT_OBJC_MSGSEND = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + "$(DEVELOPER_LIBRARY_DIR)", + /usr/lib/system, + ); + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = sectests; + SUPPORTED_PLATFORMS = macosx; + }; + name = Debug; }; - EB6A6FBD1B90F9170045DC68 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4C32C0AE0A4975F6002891BD /* Security */; - targetProxy = EB6A6FBC1B90F9170045DC68 /* PBXContainerItemProxy */; + DCE4E7D21D7A4AEE00AFB96E /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = "OSX/sectests/SecurityTests-Entitlements.plist"; + COPY_PHASE_STRIP = NO; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + "$(DEVELOPER_LIBRARY_DIR)", + /usr/lib/system, + ); + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = sectests; + SUPPORTED_PLATFORMS = macosx; + }; + name = Release; }; - EB9C1DB71BDFD51800F89272 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = EB9C1DAE1BDFD4DE00F89272 /* SecurityBatsTests */; - targetProxy = EB9C1DB61BDFD51800F89272 /* PBXContainerItemProxy */; + DCE4E7FB1D7A4DA900AFB96E /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DCE4E82B1D7A54D300AFB96E /* ios_on_macos.xcconfig */; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = OSX/sec/securityd/entitlements.plist; + ENABLE_STRICT_OBJC_MSGSEND = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = /usr/libexec; + MACOSX_DEPLOYMENT_TARGET = 10.12; + MTL_ENABLE_DEBUG_INFO = YES; + OTHER_LDFLAGS = "$(APPLE_AKS_LIBRARY)"; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - EB9FE08D1BFBC48F004FEAAF /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = EB9C1DAE1BDFD4DE00F89272 /* SecurityBatsTests */; - targetProxy = EB9FE08C1BFBC48F004FEAAF /* PBXContainerItemProxy */; + DCE4E7FC1D7A4DA900AFB96E /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DCE4E82B1D7A54D300AFB96E /* ios_on_macos.xcconfig */; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = OSX/sec/securityd/entitlements.plist; + COPY_PHASE_STRIP = NO; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = /usr/libexec; + MACOSX_DEPLOYMENT_TARGET = 10.12; + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_LDFLAGS = "$(APPLE_AKS_LIBRARY)"; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - EB9FE0B61BFBC499004FEAAF /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = EB9C1DAE1BDFD4DE00F89272 /* SecurityBatsTests */; - targetProxy = EB9FE0B51BFBC499004FEAAF /* PBXContainerItemProxy */; + DCE4E8571D7A57AE00AFB96E /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DCE4E82B1D7A54D300AFB96E /* ios_on_macos.xcconfig */; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = OSX/trustd/entitlements.plist; + ENABLE_STRICT_OBJC_MSGSEND = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_PREPROCESSOR_DEFINITIONS = ( + "TRUSTD_SERVER=1", + "$(inherited)", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = NO; + INSTALL_PATH = /usr/libexec; + MACOSX_DEPLOYMENT_TARGET = 10.12; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + WARNING_CFLAGS = ( + "-Wextra", + "-Wno-unused-parameter", + "-Wno-missing-field-initializers", + "-Wno-error=deprecated-declarations", + ); + }; + name = Debug; }; - EBA9AA891CE3E76C004E2B68 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = EBA9AA7D1CE30E58004E2B68 /* secitemnotifications */; - targetProxy = EBA9AA881CE3E76C004E2B68 /* PBXContainerItemProxy */; + DCE4E8581D7A57AE00AFB96E /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DCE4E82B1D7A54D300AFB96E /* ios_on_macos.xcconfig */; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = OSX/trustd/entitlements.plist; + COPY_PHASE_STRIP = NO; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_NO_COMMON_BLOCKS = YES; + GCC_PREPROCESSOR_DEFINITIONS = ( + "TRUSTD_SERVER=1", + "$(inherited)", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + GCC_WARN_UNUSED_FUNCTION = NO; + INSTALL_PATH = /usr/libexec; + MACOSX_DEPLOYMENT_TARGET = 10.12; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + WARNING_CFLAGS = ( + "-Wextra", + "-Wno-unused-parameter", + "-Wno-missing-field-initializers", + "-Wno-error=deprecated-declarations", + ); + }; + name = Release; }; - EBB696D41BE2085700715F16 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = EB9C1D791BDFD0E000F89272 /* secbackupntest */; - targetProxy = EBB696D31BE2085700715F16 /* PBXContainerItemProxy */; + DCE4E89E1D7F34F700AFB96E /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COMBINE_HIDPI_IMAGES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_PRECOMPILE_PREFIX_HEADER = YES; + GCC_PREFIX_HEADER = "OSX/authd/security.auth-Prefix.pch"; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO; + GCC_WARN_UNINITIALIZED_AUTOS = NO; + INFOPLIST_FILE = OSX/authd/Info.plist; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/${FRAMEWORK_VERSION}/XPCServices"; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.${PRODUCT_NAME:rfc1034identifier}"; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - EBBE205C1C21382F00B7A639 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = EBBE20571C21380100B7A639 /* SecurityFeatures */; - targetProxy = EBBE205B1C21382F00B7A639 /* PBXContainerItemProxy */; + DCE4E89F1D7F34F700AFB96E /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COMBINE_HIDPI_IMAGES = YES; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_PRECOMPILE_PREFIX_HEADER = YES; + GCC_PREFIX_HEADER = "OSX/authd/security.auth-Prefix.pch"; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO; + GCC_WARN_UNINITIALIZED_AUTOS = NO; + INFOPLIST_FILE = OSX/authd/Info.plist; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/${FRAMEWORK_VERSION}/XPCServices"; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.${PRODUCT_NAME:rfc1034identifier}"; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - EBC15EA91BE29AC3001C0C5B /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = EB9C1DAE1BDFD4DE00F89272 /* SecurityBatsTests */; - targetProxy = EBC15EA81BE29AC3001C0C5B /* PBXContainerItemProxy */; + DCE4E8EC1D7F39DC00AFB96E /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = OSX/sec/SecurityTool/entitlements.plist; + COMBINE_HIDPI_IMAGES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_PREFIX_HEADER = "OSX/Keychain/Keychain-Prefix.pch"; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + HEADER_SEARCH_PATHS = ( + "$(inherited)", + "$(PROJECT_DIR)/OSX/Keychain\\ Circle\\ Notification", + ); + INFOPLIST_FILE = "OSX/Keychain/Keychain-Info.plist"; + INSTALL_PATH = /AppleInternal/Applications; + LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks"; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - EBCF743F1CE593A700BED7CA /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = EBCF73F31CE45F9C00BED7CA /* secitemfunctionality */; - targetProxy = EBCF743E1CE593A700BED7CA /* PBXContainerItemProxy */; + DCE4E8ED1D7F39DC00AFB96E /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = OSX/sec/SecurityTool/entitlements.plist; + COMBINE_HIDPI_IMAGES = YES; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_NO_COMMON_BLOCKS = YES; + GCC_PREFIX_HEADER = "OSX/Keychain/Keychain-Prefix.pch"; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + HEADER_SEARCH_PATHS = ( + "$(inherited)", + "$(PROJECT_DIR)/OSX/Keychain\\ Circle\\ Notification", + ); + INFOPLIST_FILE = "OSX/Keychain/Keychain-Info.plist"; + INSTALL_PATH = /AppleInternal/Applications; + LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks"; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - EBD849361B242C8900C5FD1E /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 4CE5A54C09C796E100D27A3F /* sslViewer */; - targetProxy = EBD849351B242C8900C5FD1E /* PBXContainerItemProxy */; + DCE4E9201D7F3D5400AFB96E /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = "OSX/Keychain Circle Notification/entitlments.plist"; + COMBINE_HIDPI_IMAGES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_PREFIX_HEADER = "OSX/Keychain Circle Notification/Keychain Circle Notification-Prefix.pch"; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + HEADER_SEARCH_PATHS = ( + "$(inherited)", + "$(PROJECT_DIR)/OSX/Keychain/", + ); + INFOPLIST_FILE = "OSX/Keychain Circle Notification/Keychain Circle Notification-Info.plist"; + INSTALL_PATH = /System/Library/CoreServices; + LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks"; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - F94E7AE21ACC8E7700F23132 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = F93C49021AB8FCE00047E01A /* ckcdiagnose.sh */; - targetProxy = F94E7AE11ACC8E7700F23132 /* PBXContainerItemProxy */; + DCE4E9211D7F3D5400AFB96E /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + CLANG_ANALYZER_NONNULL = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = "OSX/Keychain Circle Notification/entitlments.plist"; + COMBINE_HIDPI_IMAGES = YES; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + FRAMEWORK_SEARCH_PATHS = ( + "$(inherited)", + "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + ); + GCC_NO_COMMON_BLOCKS = YES; + GCC_PREFIX_HEADER = "OSX/Keychain Circle Notification/Keychain Circle Notification-Prefix.pch"; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + HEADER_SEARCH_PATHS = ( + "$(inherited)", + "$(PROJECT_DIR)/OSX/Keychain/", + ); + INFOPLIST_FILE = "OSX/Keychain Circle Notification/Keychain Circle Notification-Info.plist"; + INSTALL_PATH = /System/Library/CoreServices; + LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks"; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; -/* End PBXTargetDependency section */ - -/* Begin PBXVariantGroup section */ - 4C198F1D0ACDB4BF00AAB142 /* Certificate.strings */ = { - isa = PBXVariantGroup; - children = ( - 4C198F1E0ACDB4BF00AAB142 /* English */, - ); - name = Certificate.strings; - sourceTree = ""; + DCF782BC1D88B44300E694BB /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + DEBUGGING_SYMBOLS = YES; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_GENERATE_DEBUGGING_SYMBOLS = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - 4C198F1F0ACDB4BF00AAB142 /* OID.strings */ = { - isa = PBXVariantGroup; - children = ( - 4C198F200ACDB4BF00AAB142 /* English */, - ); - name = OID.strings; - sourceTree = ""; + DCF782BD1D88B44300E694BB /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - 5346480617331E1200FE9172 /* InfoPlist.strings */ = { - isa = PBXVariantGroup; - children = ( - 5346480717331E1200FE9172 /* en */, - ); - name = InfoPlist.strings; - sourceTree = ""; + DCF783121D88B4DE00E694BB /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + APPLY_RULES_IN_COPY_FILES = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_PREPROCESSOR_DEFINITIONS = ( + "$(inherited)", + ALLOW_ZERO_PASSWORD, + CRYPTKIT_CSP_ENABLE, + CK_SECURITY_BUILD, + ASC_CSP_ENABLE, + ); + HEADER_SEARCH_PATHS = ( + "$(PROJECT_DIR)/OSX/libsecurity_apple_csp/open_ssl/", + "$(inherited)", + ); + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - 53C0E1F1177FAC2C00F8A018 /* CloudKeychain.strings */ = { - isa = PBXVariantGroup; - children = ( - 53C0E1F2177FAC2C00F8A018 /* English */, - ); - name = CloudKeychain.strings; - sourceTree = ""; + DCF783131D88B4DE00E694BB /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + APPLY_RULES_IN_COPY_FILES = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_PREPROCESSOR_DEFINITIONS = ( + "$(inherited)", + ALLOW_ZERO_PASSWORD, + CRYPTKIT_CSP_ENABLE, + CK_SECURITY_BUILD, + ASC_CSP_ENABLE, + ); + HEADER_SEARCH_PATHS = ( + "$(PROJECT_DIR)/OSX/libsecurity_apple_csp/open_ssl/", + "$(inherited)", + ); + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; - BE197F2A19116FD100BA91D1 /* InfoPlist.strings */ = { - isa = PBXVariantGroup; - children = ( - BE197F2B19116FD100BA91D1 /* en */, - ); - name = InfoPlist.strings; - sourceTree = ""; + DCF785E31D88B95500E694BB /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_PREPROCESSOR_DEFINITIONS = ( + "$(inherited)", + ALLOW_ZERO_PASSWORD, + CK_SECURITY_BUILD, + ASC_CSP_ENABLE, + CRYPTKIT_CSP_ENABLE, + ); + HEADER_SEARCH_PATHS = ( + "$(PROJECT_DIR)/OSX/libsecurity_apple_csp/open_ssl", + "$(inherited)", + ); + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; }; - BE4AC9B818B8273600B84964 /* SharedWebCredentials.strings */ = { - isa = PBXVariantGroup; - children = ( - BE4AC9B918B8273600B84964 /* English */, - ); - name = SharedWebCredentials.strings; - sourceTree = ""; + DCF785E41D88B95500E694BB /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_PREPROCESSOR_DEFINITIONS = ( + "$(inherited)", + ALLOW_ZERO_PASSWORD, + CK_SECURITY_BUILD, + ASC_CSP_ENABLE, + CRYPTKIT_CSP_ENABLE, + ); + HEADER_SEARCH_PATHS = ( + "$(PROJECT_DIR)/OSX/libsecurity_apple_csp/open_ssl", + "$(inherited)", + ); + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; }; -/* End PBXVariantGroup section */ - -/* Begin XCBuildConfiguration section */ - 05EF68B11949149C007958C3 /* Debug */ = { + DCF788311D88C86900E694BB /* Debug */ = { isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = YES; PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Debug; }; - 05EF68B21949149C007958C3 /* Release */ = { + DCF788321D88C86900E694BB /* Release */ = { isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = NO; PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Release; }; - 05EF68B719491512007958C3 /* Debug */ = { + DCF788391D88C8C400E694BB /* Debug */ = { isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = YES; PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Debug; }; - 05EF68B819491512007958C3 /* Release */ = { + DCF7883A1D88C8C400E694BB /* Release */ = { isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = NO; PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Release; }; - 05EF68BD194915A5007958C3 /* Debug */ = { + DCF7884C1D88CA7200E694BB /* Debug */ = { isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = YES; PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Debug; }; - 05EF68BE194915A5007958C3 /* Release */ = { + DCF7884D1D88CA7200E694BB /* Release */ = { isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = NO; PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Release; }; - 05EF68C3194915FB007958C3 /* Debug */ = { + DCF788A11D88CB5200E694BB /* Debug */ = { isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COMBINE_HIDPI_IMAGES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + INFOPLIST_FILE = "OSX/libsecurity_apple_x509_cl/Info-plugin_apple_x509_cl.plist"; + MACOSX_DEPLOYMENT_TARGET = 10.12; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = apple_x509_cl; + SKIP_INSTALL = YES; + WRAPPER_EXTENSION = bundle; + }; + name = Debug; + }; + DCF788A21D88CB5200E694BB /* Release */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COMBINE_HIDPI_IMAGES = YES; + COPY_PHASE_STRIP = NO; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + INFOPLIST_FILE = "OSX/libsecurity_apple_x509_cl/Info-plugin_apple_x509_cl.plist"; + MACOSX_DEPLOYMENT_TARGET = 10.12; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = apple_x509_cl; + SKIP_INSTALL = YES; + WRAPPER_EXTENSION = bundle; + }; + name = Release; + }; + DCF788D41D88CD2400E694BB /* Debug */ = { + isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; + buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = YES; PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Debug; }; - 05EF68C4194915FB007958C3 /* Release */ = { + DCF788D51D88CD2400E694BB /* Release */ = { isa = XCBuildConfiguration; + baseConfigurationReference = DC0067911D87816C005AF8DB /* macos_legacy_lib.xcconfig */; buildSettings = { + CLANG_ANALYZER_NONNULL = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + ENABLE_STRICT_OBJC_MSGSEND = YES; + MTL_ENABLE_DEBUG_INFO = NO; PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Release; }; - 0C0BDB35175685B000BC1A7E /* Debug */ = { + E710C75D1331946500F85568 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_ENABLE_OBJC_ARC = YES; - CODE_SIGN_ENTITLEMENTS = "secdtests/secdtests-entitlements.plist"; + CODE_SIGN_ENTITLEMENTS = "SecurityTests/SecurityTests-Entitlements.plist"; + COMBINE_HIDPI_IMAGES = YES; FRAMEWORK_SEARCH_PATHS = ( "$(inherited)", "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", ); - INSTALL_PATH = /usr/local/bin; + HEADER_SEARCH_PATHS = "$(inherited)"; + INFOPLIST_FILE = "SecurityTests/SecurityTests-Info.plist"; + INSTALL_PATH = /AppleInternal/Applications; + LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks"; LIBRARY_SEARCH_PATHS = ( "$(inherited)", - "$(SDKROOT)/usr/lib/system", + "\"$(SDKROOT)/usr/lib/system\"", ); OTHER_LDFLAGS = ""; "OTHER_LDFLAGS[sdk=embedded]" = ( + "$(inherited)", "-framework", MobileKeyBag, "-laks", "-lACM", "-lImg4Decode", + "-lSystem", ); + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:identifier}"; PRODUCT_NAME = "$(TARGET_NAME)"; STRIP_STYLE = debugging; }; name = Debug; }; - 0C0BDB36175685B000BC1A7E /* Release */ = { + E710C75E1331946500F85568 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { CLANG_ENABLE_OBJC_ARC = YES; - CODE_SIGN_ENTITLEMENTS = "secdtests/secdtests-entitlements.plist"; + CODE_SIGN_ENTITLEMENTS = "SecurityTests/SecurityTests-Entitlements.plist"; + COMBINE_HIDPI_IMAGES = YES; FRAMEWORK_SEARCH_PATHS = ( "$(inherited)", "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", ); - INSTALL_PATH = /usr/local/bin; + HEADER_SEARCH_PATHS = "$(inherited)"; + INFOPLIST_FILE = "SecurityTests/SecurityTests-Info.plist"; + INSTALL_PATH = /AppleInternal/Applications; + LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks"; LIBRARY_SEARCH_PATHS = ( "$(inherited)", - "$(SDKROOT)/usr/lib/system", + "\"$(SDKROOT)/usr/lib/system\"", ); OTHER_LDFLAGS = ""; "OTHER_LDFLAGS[sdk=embedded]" = ( + "$(inherited)", "-framework", MobileKeyBag, "-laks", "-lACM", "-lImg4Decode", + "-lSystem", ); + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:identifier}"; PRODUCT_NAME = "$(TARGET_NAME)"; STRIP_STYLE = debugging; }; name = Release; }; - 0C2BCBB71D06401F00ED7A2F /* Debug */ = { + E74584681BF68EBA001B54A4 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { - CODE_SIGN_ENTITLEMENTS = "sslViewer/sslViewer-entitlements.plist"; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - INSTALL_PATH = /usr/local/bin; PRODUCT_NAME = "$(TARGET_NAME)"; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; }; name = Debug; }; - 0C2BCBB81D06401F00ED7A2F /* Release */ = { + E74584691BF68EBA001B54A4 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { - CODE_SIGN_ENTITLEMENTS = "sslViewer/sslViewer-entitlements.plist"; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - INSTALL_PATH = /usr/local/bin; PRODUCT_NAME = "$(TARGET_NAME)"; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; }; name = Release; }; - 0C2BCBCC1D0648D100ED7A2F /* Debug */ = { + E79EEDA81CD3F87B00C2FBFC /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { - CODE_SIGN_ENTITLEMENTS = "sslViewer/sslViewer-entitlements.plist"; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - INSTALL_PATH = /usr/local/bin; PRODUCT_NAME = "$(TARGET_NAME)"; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; }; name = Debug; }; - 0C2BCBCD1D0648D100ED7A2F /* Release */ = { + E79EEDA91CD3F87B00C2FBFC /* Release */ = { isa = XCBuildConfiguration; buildSettings = { - CODE_SIGN_ENTITLEMENTS = "sslViewer/sslViewer-entitlements.plist"; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - INSTALL_PATH = /usr/local/bin; PRODUCT_NAME = "$(TARGET_NAME)"; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; }; name = Release; }; - 0C6799FA12F7C37C00712919 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - COPY_PHASE_STRIP = NO; - GCC_DYNAMIC_NO_PIC = NO; - GCC_OPTIMIZATION_LEVEL = 0; - PRODUCT_NAME = dtlsTests; + E79EEDD41CD3F8AB00C2FBFC /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Debug; }; - 0C6799FB12F7C37C00712919 /* Release */ = { + E79EEDD51CD3F8AB00C2FBFC /* Release */ = { isa = XCBuildConfiguration; buildSettings = { - COPY_PHASE_STRIP = YES; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - PRODUCT_NAME = dtlsTests; - ZERO_LINK = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Release; }; - 0C7CFA3014E1BA4800DF9D95 /* Debug */ = { + E79EEDDA1CD3FFC800C2FBFC /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Debug; }; - 0C7CFA3114E1BA4800DF9D95 /* Release */ = { + E79EEDDB1CD3FFC800C2FBFC /* Release */ = { isa = XCBuildConfiguration; buildSettings = { PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Release; }; - 438169101B4EDCBD00C54D58 /* Debug */ = { + E79EEDE21CD4000C00C2FBFC /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - INFOPLIST_FILE = SOSCCAuthPlugin/Info.plist; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Accounts/Authentication/AppleIDAuthenticationDelegates"; - PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.SOSCCAuthPlugin; PRODUCT_NAME = "$(TARGET_NAME)"; - WRAPPER_EXTENSION = bundle; }; name = Debug; }; - 438169111B4EDCBD00C54D58 /* Release */ = { + E79EEDE31CD4000C00C2FBFC /* Release */ = { isa = XCBuildConfiguration; buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - INFOPLIST_FILE = SOSCCAuthPlugin/Info.plist; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Accounts/Authentication/AppleIDAuthenticationDelegates"; - PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.SOSCCAuthPlugin; PRODUCT_NAME = "$(TARGET_NAME)"; - WRAPPER_EXTENSION = bundle; }; name = Release; }; - 4C52D0BE16EFC61E0079966E /* Debug */ = { + E7B01BF0166594AB000485F1 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; + ALWAYS_SEARCH_USER_PATHS = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; CLANG_CXX_LIBRARY = "libc++"; CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = CircleJoinRequested/entitlements.plist; + CODE_SIGN_ENTITLEMENTS = "Keychain/Keychain-Entitlements.plist"; + COMBINE_HIDPI_IMAGES = YES; FRAMEWORK_SEARCH_PATHS = ( "$(inherited)", "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", ); GCC_C_LANGUAGE_STANDARD = gnu99; GCC_DYNAMIC_NO_PIC = NO; + GCC_PRECOMPILE_PREFIX_HEADER = NO; GCC_PREPROCESSOR_DEFINITIONS = ( "DEBUG=1", "$(inherited)", ); GCC_SYMBOLS_PRIVATE_EXTERN = NO; - GCC_WARN_UNDECLARED_SELECTOR = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES; HEADER_SEARCH_PATHS = ( "$(inherited)", @@ -7845,445 +33000,439 @@ "$(PROJECT_DIR)/OSX/libsecurity_keychain/libDER", "$(PROJECT_DIR)/OSX/libsecurity_asn1", "$(PROJECT_DIR)/libsecurity_smime", - "$(PROJECT_DIR)/OSX/sec/ProjectHeaders", "$(PROJECT_DIR)/OSX/sec", - "$(PROJECT_DIR)/OSX/sec/SOSCircle", "$(PROJECT_DIR)/OSX/utilities", + "$(BUILT_PRODUCTS_DIR)/usr/local/include", "$(PROJECT_DIR)/OSX/regressions", - "$(PROJECT_DIR)/OSX/", - "$(SDKROOT)/System/Library/PrivateFrameworks", - "$(SDKROOT)/System/Library/PrivateFrameworks/CloudServices/Headers", + "$(PROJECT_DIR)/OSX/sec/SOSCircle", + ); + "HEADER_SEARCH_PATHS[sdk=macosx*][arch=*]" = ( + "$(inherited)", + "$(HEADER_SEARCH_PATHS)", + "$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks/CarbonCore.framework/Headers", + ); + INFOPLIST_FILE = "Keychain/Keychain-Info.plist"; + INSTALL_PATH = /AppleInternal/Applications; + LIBRARY_SEARCH_PATHS = ( + "$(inherited)", + "\"$(SDKROOT)/usr/lib/system\"", ); - INSTALL_PATH = /System/Library/Frameworks/Security.framework/CircleJoinRequested/; ONLY_ACTIVE_ARCH = YES; - OTHER_CFLAGS = ( - "-fconstant-cfstrings", - "-fno-inline", - "-DDEBUG", + OTHER_LDFLAGS = "$(inherited)"; + "OTHER_LDFLAGS[sdk=embedded][arch=*]" = ( + "$(inherited)", + "-framework", + MobileKeyBag, ); - OTHER_LDFLAGS = "$(APPLE_AKS_LIBRARY)"; - PRODUCT_NAME = "$(TARGET_NAME)"; + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; + PRODUCT_NAME = SyncDevTest2; + SDKROOT = iphoneos.internal; + WRAPPER_EXTENSION = app; }; name = Debug; }; - 4C52D0BF16EFC61E0079966E /* Release */ = { + E7B01BF1166594AB000485F1 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; + ALWAYS_SEARCH_USER_PATHS = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; CLANG_CXX_LIBRARY = "libc++"; CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = CircleJoinRequested/entitlements.plist; - ENABLE_NS_ASSERTIONS = NO; + CODE_SIGN_ENTITLEMENTS = "Keychain/Keychain-Entitlements.plist"; + COMBINE_HIDPI_IMAGES = YES; FRAMEWORK_SEARCH_PATHS = ( "$(inherited)", "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", ); GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_PRECOMPILE_PREFIX_HEADER = NO; HEADER_SEARCH_PATHS = ( "$(inherited)", "$(PROJECT_DIR)", "$(PROJECT_DIR)/OSX/libsecurity_keychain/libDER", "$(PROJECT_DIR)/OSX/libsecurity_asn1", "$(PROJECT_DIR)/libsecurity_smime", - "$(PROJECT_DIR)/OSX/sec/ProjectHeaders", "$(PROJECT_DIR)/OSX/sec", - "$(PROJECT_DIR)/OSX/sec/SOSCircle", "$(PROJECT_DIR)/OSX/utilities", + "$(BUILT_PRODUCTS_DIR)/usr/local/include", "$(PROJECT_DIR)/OSX/regressions", - "$(PROJECT_DIR)/OSX/", - "$(SDKROOT)/System/Library/PrivateFrameworks", - "$(SDKROOT)/System/Library/PrivateFrameworks/CloudServices/Headers", - ); - INSTALL_PATH = /System/Library/Frameworks/Security.framework/CircleJoinRequested/; - OTHER_LDFLAGS = "$(APPLE_AKS_LIBRARY)"; - PRODUCT_NAME = "$(TARGET_NAME)"; - VALIDATE_PRODUCT = YES; - }; - name = Release; - }; - 4C541F870F250BF500E508AE /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = phase2; - }; - name = Debug; - }; - 4C541F8A0F250BF500E508AE /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = phase2; - }; - name = Release; - }; - 4C541F980F250C3000E508AE /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = phase1; - }; - name = Debug; - }; - 4C541F9B0F250C3000E508AE /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = phase1; - }; - name = Release; - }; - 4C711D7413AFCD0900FE865D /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - CODE_SIGN_ENTITLEMENTS = "SecurityTests/SecurityTests-Entitlements.plist"; - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + "$(PROJECT_DIR)/OSX/sec/SOSCircle", ); - HEADER_SEARCH_PATHS = ( + "HEADER_SEARCH_PATHS[sdk=macosx*][arch=*]" = ( "$(inherited)", - "$(PROJECT_DIR)/OSX/regressions", + "$(HEADER_SEARCH_PATHS)", + "$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks/CarbonCore.framework/Headers", ); - INFOPLIST_FILE = "SecurityTests/SecurityDevTests-Info.plist"; + INFOPLIST_FILE = "Keychain/Keychain-Info.plist"; + INSTALL_PATH = /AppleInternal/Applications; LIBRARY_SEARCH_PATHS = ( "$(inherited)", "\"$(SDKROOT)/usr/lib/system\"", ); + OTHER_CFLAGS = "-DNS_BLOCK_ASSERTIONS=1"; OTHER_LDFLAGS = "$(inherited)"; - "OTHER_LDFLAGS[sdk=embedded][arch=*]" = ( + "OTHER_LDFLAGS[sdk=embedded]" = ( "$(inherited)", "-framework", MobileKeyBag, - "-laks", - "-lACM", - "-lImg4Decode", ); - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:identifier}"; - PRODUCT_NAME = SecurityDevTests; - STRIP_STYLE = debugging; + PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; + PRODUCT_NAME = SyncDevTest2; + SDKROOT = iphoneos.internal; + VALIDATE_PRODUCT = YES; + WRAPPER_EXTENSION = app; + }; + name = Release; + }; + E7CFF6481C84F61200E3484E /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Debug; }; - 4C711D7513AFCD0900FE865D /* Release */ = { + E7CFF6491C84F61200E3484E /* Release */ = { isa = XCBuildConfiguration; buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - CODE_SIGN_ENTITLEMENTS = "SecurityTests/SecurityTests-Entitlements.plist"; - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(PROJECT_DIR)/OSX/regressions", - ); - INFOPLIST_FILE = "SecurityTests/SecurityDevTests-Info.plist"; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - "\"$(SDKROOT)/usr/lib/system\"", - ); - OTHER_LDFLAGS = "$(inherited)"; - "OTHER_LDFLAGS[sdk=embedded]" = ( - "$(inherited)", - "-framework", - MobileKeyBag, - "-laks", - "-lACM", - "-lImg4Decode", - ); - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:identifier}"; - PRODUCT_NAME = SecurityDevTests; - STRIP_STYLE = debugging; + PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Release; }; - 4C9DE9D41181AC4900CF5C27 /* Debug */ = { + E7D847D61C6BE9720025BB44 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { - FRAMEWORK_SEARCH_PATHS = ( + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COMBINE_HIDPI_IMAGES = YES; + CURRENT_PROJECT_VERSION = 1; + DEFINES_MODULE = YES; + DYLIB_COMPATIBILITY_VERSION = 1; + DYLIB_CURRENT_VERSION = 1; + ENABLE_STRICT_OBJC_MSGSEND = YES; + FRAMEWORK_VERSION = A; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_NO_COMMON_BLOCKS = YES; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - INSTALL_PATH = /usr/local/bin; - OTHER_LDFLAGS = ( - "-lsecurityd", - "-lSecureObjectSync", - "-lsqlite3", - "-framework", - CFNetwork, - ); - "OTHER_LDFLAGS[sdk=embedded][arch=*]" = ( - "-lsecurityd", - "-lSecureObjectSync", - "-lsqlite3", - "-framework", - CFNetwork, - "-framework", - IOKit, - "-framework", - MobileKeyBag, - "-laks", - "-lACM", ); - "OTHER_LDFLAGS[sdk=embeddedsimulator*]" = ( - "-lsecurityd", - "-lSecureObjectSync", - "-lsqlite3", - "-framework", - CFNetwork, - "-framework", - IOKit, - ); - PRODUCT_NAME = sslEcdsa; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INFOPLIST_FILE = KeychainCircle/Info.plist; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks"; + MTL_ENABLE_DEBUG_INFO = YES; + ONLY_ACTIVE_ARCH = YES; + PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.KeychainCircle.KeychainCircle; + PRODUCT_NAME = "$(TARGET_NAME)"; + SUPPORTS_TEXT_BASED_API = YES; + VERSIONING_SYSTEM = "apple-generic"; + VERSION_INFO_PREFIX = ""; }; name = Debug; }; - 4C9DE9D51181AC4900CF5C27 /* Release */ = { + E7D847D71C6BE9720025BB44 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - INSTALL_PATH = /usr/local/bin; - "OTHER_LDFLAGS[sdk=embedded]" = ( - "-lsecurityd", - "-lSecureObjectSync", - "-lsqlite3", - "-framework", - CFNetwork, - "-framework", - IOKit, - "-framework", - MobileKeyBag, - "-laks", - "-lACM", - ); - "OTHER_LDFLAGS[sdk=embeddedsimulator*]" = ( - "-lsecurityd", - "-lSecureObjectSync", - "-lsqlite3", - "-framework", - CFNetwork, - ); - PRODUCT_NAME = sslEcdsa; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COMBINE_HIDPI_IMAGES = YES; + CURRENT_PROJECT_VERSION = 1; + DEFINES_MODULE = YES; + DYLIB_COMPATIBILITY_VERSION = 1; + DYLIB_CURRENT_VERSION = 1; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + FRAMEWORK_VERSION = A; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INFOPLIST_FILE = KeychainCircle/Info.plist; + INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks"; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.KeychainCircle.KeychainCircle; + PRODUCT_NAME = "$(TARGET_NAME)"; + SUPPORTS_TEXT_BASED_API = YES; + VERSIONING_SYSTEM = "apple-generic"; + VERSION_INFO_PREFIX = ""; }; name = Release; }; - 52D82BE916A621F80078DFE5 /* Debug */ = { + E7D847D81C6BE9720025BB44 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; CLANG_CXX_LIBRARY = "libc++"; CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_EMPTY_BODY = YES; CLANG_WARN_ENUM_CONVERSION = YES; CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = KVSKeychainSyncingProxy/cloudkeychain.entitlements.plist; COMBINE_HIDPI_IMAGES = YES; - COPY_PHASE_STRIP = NO; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; GCC_C_LANGUAGE_STANDARD = gnu99; GCC_DYNAMIC_NO_PIC = NO; - GCC_SYMBOLS_PRIVATE_EXTERN = NO; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - HEADERMAP_INCLUDES_FRAMEWORK_ENTRIES_FOR_ALL_PRODUCT_TYPES = ""; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(PROJECT_DIR)/OSX/sec/SOSCircle/CKBridge", - ); - INFOPLIST_FILE = "KVSKeychainSyncingProxy/CloudKeychainProxy-Info.plist"; - INSTALL_PATH = "$(SECURITY_FRAMEWORK_RESOURCES_DIR)"; - MACH_O_TYPE = mh_execute; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INFOPLIST_FILE = KeychainCircle/Tests/Info.plist; + INSTALL_PATH = /AppleInternal/Tests/Security/; + MTL_ENABLE_DEBUG_INFO = YES; ONLY_ACTIVE_ARCH = YES; - OTHER_LDFLAGS = "-laks"; - "OTHER_LDFLAGS[sdk=embeddedsimulator*]" = ""; - PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.cloudkeychainproxy3; + OTHER_LDFLAGS = ( + "$(APPLE_AKS_LIBRARY)", + "-lACM", + "-framework", + SystemConfiguration, + "-F$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + "-framework", + AppleSystemInfo, + ); + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-laks", + "-lACM", + "-framework", + SystemConfiguration, + "-F$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + "-lMobileGestalt", + "-framework", + AggregateDictionary, + "-framework", + MobileKeyBag, + ); + "OTHER_LDFLAGS[sdk=embeddedsimulator*]" = ( + "-lACM", + "-framework", + SystemConfiguration, + "-F$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + "-lMobileGestalt", + "-framework", + AggregateDictionary, + ); + PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.KeychainCircle.KeychainCircleTests; PRODUCT_NAME = "$(TARGET_NAME)"; - SKIP_INSTALL = NO; - STRIP_INSTALLED_PRODUCT = NO; - STRIP_STYLE = all; - WRAPPER_EXTENSION = bundle; + SUPPORTS_TEXT_BASED_API = YES; }; name = Debug; }; - 52D82BEA16A621F80078DFE5 /* Release */ = { + E7D847D91C6BE9720025BB44 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; CLANG_CXX_LIBRARY = "libc++"; CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_EMPTY_BODY = YES; CLANG_WARN_ENUM_CONVERSION = YES; CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = KVSKeychainSyncingProxy/cloudkeychain.entitlements.plist; COMBINE_HIDPI_IMAGES = YES; COPY_PHASE_STRIP = NO; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; GCC_C_LANGUAGE_STANDARD = gnu99; - HEADERMAP_INCLUDES_FRAMEWORK_ENTRIES_FOR_ALL_PRODUCT_TYPES = ""; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(PROJECT_DIR)/OSX/sec/SOSCircle/CKBridge", + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INFOPLIST_FILE = KeychainCircle/Tests/Info.plist; + INSTALL_PATH = /AppleInternal/Tests/Security/; + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_LDFLAGS = ( + "$(APPLE_AKS_LIBRARY)", + "-lACM", + "-framework", + SystemConfiguration, + "-F$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + "-framework", + AppleSystemInfo, ); - INFOPLIST_FILE = "KVSKeychainSyncingProxy/CloudKeychainProxy-Info.plist"; - INSTALL_PATH = "$(SECURITY_FRAMEWORK_RESOURCES_DIR)"; - MACH_O_TYPE = mh_execute; - OTHER_LDFLAGS = "-laks"; - "OTHER_LDFLAGS[sdk=embeddedsimulator*]" = ""; - PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.cloudkeychainproxy3; + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-laks", + "-lACM", + "-framework", + SystemConfiguration, + "-F$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + "-lMobileGestalt", + "-framework", + AggregateDictionary, + "-framework", + MobileKeyBag, + ); + "OTHER_LDFLAGS[sdk=embeddedsimulator*]" = ( + "-lACM", + "-framework", + SystemConfiguration, + "-F$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + "-lMobileGestalt", + "-framework", + AggregateDictionary, + ); + PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.KeychainCircle.KeychainCircleTests; PRODUCT_NAME = "$(TARGET_NAME)"; - SKIP_INSTALL = NO; - STRIP_STYLE = all; - VALIDATE_PRODUCT = YES; - WRAPPER_EXTENSION = bundle; + SUPPORTS_TEXT_BASED_API = YES; }; name = Release; }; - 52DE81951636347600F49F0C /* Debug */ = { + EB0BC93C1C3C791500785842 /* Debug */ = { isa = XCBuildConfiguration; + baseConfigurationReference = DCE4E82B1D7A54D300AFB96E /* ios_on_macos.xcconfig */; buildSettings = { - ALWAYS_SEARCH_USER_PATHS = YES; + ALWAYS_SEARCH_USER_PATHS = NO; CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; CLANG_CXX_LIBRARY = "libc++"; CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = "Keychain/Keychain-Entitlements.plist"; - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); + CODE_SIGN_ENTITLEMENTS = RegressionTests/secedumodetest/secedumodetest.entitlements; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; GCC_C_LANGUAGE_STANDARD = gnu99; GCC_DYNAMIC_NO_PIC = NO; - GCC_PRECOMPILE_PREFIX_HEADER = NO; + GCC_NO_COMMON_BLOCKS = YES; GCC_PREPROCESSOR_DEFINITIONS = ( "DEBUG=1", "$(inherited)", ); - GCC_SYMBOLS_PRIVATE_EXTERN = NO; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(PROJECT_DIR)", - "$(PROJECT_DIR)/OSX/libsecurity_keychain/libDER", - "$(PROJECT_DIR)/OSX/libsecurity_asn1", - "$(PROJECT_DIR)/libsecurity_smime", - "$(PROJECT_DIR)/OSX/sec", - "$(PROJECT_DIR)/OSX/utilities", - "$(BUILT_PRODUCTS_DIR)/usr/local/include", - "$(PROJECT_DIR)/OSX/regressions", - "$(PROJECT_DIR)/OSX/sec/SOSCircle", - ); - "HEADER_SEARCH_PATHS[sdk=macosx*][arch=*]" = ( - "$(inherited)", - "$(HEADER_SEARCH_PATHS)", - "$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks/CarbonCore.framework/Headers", - ); - INFOPLIST_FILE = "Keychain/Keychain-Info.plist"; - INSTALL_PATH = /AppleInternal/Applications; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - "\"$(SDKROOT)/usr/lib/system\"", + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; + MTL_ENABLE_DEBUG_INFO = YES; + ONLY_ACTIVE_ARCH = YES; + OTHER_LDFLAGS = ( + "-framework", + Security, ); - ONLY_ACTIVE_ARCH = YES; - OTHER_LDFLAGS = "$(inherited)"; - "OTHER_LDFLAGS[sdk=embedded][arch=*]" = ( - "$(inherited)", + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-laks", "-framework", - MobileKeyBag, + Security, + "-framework", + IOKit, + ); + "OTHER_LDFLAGS[sdk=macosx*]" = ( "-laks", - "-lACM", + "-framework", + Security, + "-framework", + IOKit, ); - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = iphoneos.internal; - WRAPPER_EXTENSION = app; + SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; }; name = Debug; }; - 52DE81961636347600F49F0C /* Release */ = { + EB0BC93D1C3C791500785842 /* Release */ = { isa = XCBuildConfiguration; + baseConfigurationReference = DCE4E82B1D7A54D300AFB96E /* ios_on_macos.xcconfig */; buildSettings = { - ALWAYS_SEARCH_USER_PATHS = YES; + ALWAYS_SEARCH_USER_PATHS = NO; CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; CLANG_CXX_LIBRARY = "libc++"; CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = "Keychain/Keychain-Entitlements.plist"; - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); + CODE_SIGN_ENTITLEMENTS = RegressionTests/secedumodetest/secedumodetest.entitlements; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_PRECOMPILE_PREFIX_HEADER = NO; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(PROJECT_DIR)", - "$(PROJECT_DIR)/OSX/libsecurity_keychain/libDER", - "$(PROJECT_DIR)/OSX/libsecurity_asn1", - "$(PROJECT_DIR)/OSX/libsecurity_smime", - "$(PROJECT_DIR)/OSX/sec", - "$(PROJECT_DIR)/OSX/utilities", - "$(BUILT_PRODUCTS_DIR)/usr/local/include", - "$(PROJECT_DIR)/OSX/regressions", - "$(PROJECT_DIR)/OSX/sec/SOSCircle", - ); - "HEADER_SEARCH_PATHS[sdk=macosx*][arch=*]" = ( - "$(inherited)", - "$(HEADER_SEARCH_PATHS)", - "$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks/CarbonCore.framework/Headers", - ); - INFOPLIST_FILE = "Keychain/Keychain-Info.plist"; - INSTALL_PATH = /AppleInternal/Applications; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - "\"$(SDKROOT)/usr/lib/system\"", + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_LDFLAGS = ( + "-framework", + Security, ); - OTHER_CFLAGS = "-DNS_BLOCK_ASSERTIONS=1"; - OTHER_LDFLAGS = "$(inherited)"; "OTHER_LDFLAGS[sdk=embedded]" = ( - "$(inherited)", + "-laks", "-framework", - MobileKeyBag, + Security, + "-framework", + IOKit, + ); + "OTHER_LDFLAGS[sdk=macosx*]" = ( "-laks", - "-lACM", + "-framework", + Security, + "-framework", + IOKit, ); - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = iphoneos.internal; + SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; VALIDATE_PRODUCT = YES; - WRAPPER_EXTENSION = app; }; name = Release; }; - 5346480B17331E1200FE9172 /* Debug */ = { + EB425CA41C65846D000ECE53 /* Debug */ = { isa = XCBuildConfiguration; + baseConfigurationReference = DCE4E82B1D7A54D300AFB96E /* ios_on_macos.xcconfig */; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_MODULES = NO; CLANG_ENABLE_OBJC_ARC = YES; CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; @@ -8292,35 +33441,55 @@ CLANG_WARN_ENUM_CONVERSION = YES; CLANG_WARN_INT_CONVERSION = YES; CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COMBINE_HIDPI_IMAGES = YES; + CODE_SIGN_ENTITLEMENTS = RegressionTests/secbackuptest/secbackuptest.entitlements; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; GCC_C_LANGUAGE_STANDARD = gnu99; GCC_DYNAMIC_NO_PIC = NO; - GCC_PRECOMPILE_PREFIX_HEADER = YES; - GCC_PREFIX_HEADER = "KeychainSyncAccountNotification/KeychainSyncAccountNotification-Prefix.pch"; + GCC_NO_COMMON_BLOCKS = YES; GCC_PREPROCESSOR_DEFINITIONS = ( "DEBUG=1", "$(inherited)", ); - GCC_SYMBOLS_PRIVATE_EXTERN = NO; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - INFOPLIST_FILE = "KeychainSyncAccountNotification/KeychainSyncAccountNotification-Info.plist"; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Accounts/Notification"; - OTHER_LDFLAGS = "$(AOSKIT_FRAMEWORK)"; - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; + MTL_ENABLE_DEBUG_INFO = YES; + ONLY_ACTIVE_ARCH = YES; + OTHER_LDFLAGS = ( + "-framework", + Security, + ); + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-laks", + "-framework", + Security, + "-framework", + IOKit, + ); + "OTHER_LDFLAGS[sdk=macosx*]" = ( + "-laks", + "-framework", + Security, + "-framework", + IOKit, + ); PRODUCT_NAME = "$(TARGET_NAME)"; - WRAPPER_EXTENSION = bundle; + SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; }; name = Debug; }; - 5346480C17331E1200FE9172 /* Release */ = { + EB425CA51C65846D000ECE53 /* Release */ = { isa = XCBuildConfiguration; + baseConfigurationReference = DCE4E82B1D7A54D300AFB96E /* ios_on_macos.xcconfig */; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_MODULES = NO; CLANG_ENABLE_OBJC_ARC = YES; CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; @@ -8329,24 +33498,45 @@ CLANG_WARN_ENUM_CONVERSION = YES; CLANG_WARN_INT_CONVERSION = YES; CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COMBINE_HIDPI_IMAGES = YES; + CODE_SIGN_ENTITLEMENTS = RegressionTests/secbackuptest/secbackuptest.entitlements; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_PRECOMPILE_PREFIX_HEADER = YES; - GCC_PREFIX_HEADER = "KeychainSyncAccountNotification/KeychainSyncAccountNotification-Prefix.pch"; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; GCC_WARN_UNDECLARED_SELECTOR = YES; - INFOPLIST_FILE = "KeychainSyncAccountNotification/KeychainSyncAccountNotification-Info.plist"; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Accounts/Notification"; - OTHER_LDFLAGS = "$(AOSKIT_FRAMEWORK)"; - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_LDFLAGS = ( + "-framework", + Security, + ); + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-laks", + "-framework", + Security, + "-framework", + IOKit, + ); + "OTHER_LDFLAGS[sdk=macosx*]" = ( + "-laks", + "-framework", + Security, + "-framework", + IOKit, + ); PRODUCT_NAME = "$(TARGET_NAME)"; + SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; VALIDATE_PRODUCT = YES; - WRAPPER_EXTENSION = bundle; }; name = Release; }; - 5E10992A19A5E55800A60E2B /* Debug */ = { + EB433A261CC3243600A7EACE /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; @@ -8362,34 +33552,105 @@ CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COMBINE_HIDPI_IMAGES = YES; + CODE_SIGN_ENTITLEMENTS = RegressionTests/secitemstresstest/secitemstresstest.entitlements; + DEBUG_INFORMATION_FORMAT = dwarf; ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; GCC_C_LANGUAGE_STANDARD = gnu99; GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; GCC_PREPROCESSOR_DEFINITIONS = ( "DEBUG=1", "$(inherited)", ); - GCC_SYMBOLS_PRIVATE_EXTERN = NO; GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; GCC_WARN_UNDECLARED_SELECTOR = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INFOPLIST_FILE = ISACLProtectedItems/Info.plist; - INSTALL_PATH = /AppleInternal/Library/PreferenceBundles/; + INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; MTL_ENABLE_DEBUG_INFO = YES; ONLY_ACTIVE_ARCH = YES; - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.securityservices.${PRODUCT_NAME:rfc1034identifier}"; + OTHER_LDFLAGS = ( + "-framework", + Security, + ); + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-laks", + "-framework", + Security, + "-framework", + IOKit, + ); + "OTHER_LDFLAGS[sdk=macosx*]" = ( + "-laks", + "-framework", + Security, + "-framework", + IOKit, + ); + PRODUCT_NAME = "$(TARGET_NAME)"; + SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; + }; + name = Debug; + }; + EB433A271CC3243600A7EACE /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = RegressionTests/secitemstresstest/secitemstresstest.entitlements; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_LDFLAGS = ( + "-framework", + Security, + ); + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-laks", + "-framework", + Security, + "-framework", + IOKit, + ); + "OTHER_LDFLAGS[sdk=macosx*]" = ( + "-laks", + "-framework", + Security, + "-framework", + IOKit, + ); PRODUCT_NAME = "$(TARGET_NAME)"; - WRAPPER_EXTENSION = bundle; + SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; + VALIDATE_PRODUCT = YES; }; - name = Debug; + name = Release; }; - 5E10992B19A5E55800A60E2B /* Release */ = { + EB6A6FAA1B90F83A0045DC68 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; @@ -8400,2469 +33661,1826 @@ CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COMBINE_HIDPI_IMAGES = YES; - ENABLE_NS_ASSERTIONS = NO; + "CODE_SIGN_IDENTITY[sdk=embedded*]" = "iPhone Developer"; + DEBUG_INFORMATION_FORMAT = dwarf; ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", + "$(inherited)", + ); GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; GCC_WARN_UNDECLARED_SELECTOR = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INFOPLIST_FILE = ISACLProtectedItems/Info.plist; - INSTALL_PATH = /AppleInternal/Library/PreferenceBundles/; - MTL_ENABLE_DEBUG_INFO = NO; - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.securityservices.${PRODUCT_NAME:rfc1034identifier}"; + INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; + IPHONEOS_DEPLOYMENT_TARGET = 9.3; + MTL_ENABLE_DEBUG_INFO = YES; + ONLY_ACTIVE_ARCH = YES; + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-laks", + "-framework", + IOKit, + ); + PRODUCT_NAME = phase1_ios; + }; + name = Release; + }; + EB6A6FAB1B90F83A0045DC68 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { PRODUCT_NAME = "$(TARGET_NAME)"; - VALIDATE_PRODUCT = YES; - WRAPPER_EXTENSION = bundle; }; name = Release; }; - 5EBE247E1B00CCAE0007DB0E /* Debug */ = { + EB6A6FB01B90F8810045DC68 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; + }; + EB6A6FB11B90F8810045DC68 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; + }; + EB6A6FB61B90F8C90045DC68 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - CODE_SIGN_ENTITLEMENTS = "secacltests/secacltests-entitlements.plist"; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - INSTALL_PATH = /usr/local/bin; - LIBRARY_SEARCH_PATHS = "$(SDKROOT)/usr/local/lib"; - "OTHER_LDFLAGS[sdk=embedded]" = ( - "$(inherited)", - "-framework", - MobileKeyBag, - "-laks", - "-lACM", - "-lImg4Decode", - ); PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Debug; }; - 5EBE247F1B00CCAE0007DB0E /* Release */ = { + EB6A6FB71B90F8C90045DC68 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - CODE_SIGN_ENTITLEMENTS = "secacltests/secacltests-entitlements.plist"; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - INSTALL_PATH = /usr/local/bin; - LIBRARY_SEARCH_PATHS = "$(SDKROOT)/usr/local/lib"; - "OTHER_LDFLAGS[sdk=embedded]" = ( - "$(inherited)", - "-framework", - MobileKeyBag, - "-laks", - "-lACM", - "-lImg4Decode", - ); PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Release; }; - 728B56AC16D59979008FA3AB /* Debug */ = { + EB9C1D811BDFD0E100F89272 /* Debug */ = { isa = XCBuildConfiguration; - baseConfigurationReference = 22C002A31AC9D33100B3469E /* OTAPKIAssetTool.xcconfig */; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; CLANG_CXX_LIBRARY = "libc++"; CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_EMPTY_BODY = YES; CLANG_WARN_ENUM_CONVERSION = YES; CLANG_WARN_INT_CONVERSION = YES; CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = "$(PROJECT_DIR)/OTAPKIAssetTool/OTAPKIAssetTool-entitlements.plist"; - CODE_SIGN_IDENTITY = "-"; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; GCC_C_LANGUAGE_STANDARD = gnu99; GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; GCC_PREPROCESSOR_DEFINITIONS = ( "DEBUG=1", "$(inherited)", ); - GCC_SYMBOLS_PRIVATE_EXTERN = NO; - GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - INSTALL_PATH = /usr/libexec; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; + MTL_ENABLE_DEBUG_INFO = YES; ONLY_ACTIVE_ARCH = YES; - OTHER_LDFLAGS = ""; + OTHER_LDFLAGS = ( + "-framework", + Security, + ); "OTHER_LDFLAGS[sdk=embedded]" = ( + "-laks", "-framework", - BackgroundTaskAgent, + Security, + "-framework", + IOKit, + ); + "OTHER_LDFLAGS[sdk=macosx*]" = ( + "-laks", + "-framework", + Security, + "-framework", + IOKit, ); PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = iphoneos.internal; - "SKIP_INSTALL[sdk=embeddedsimulator*]" = YES; + SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; }; name = Debug; }; - 728B56AD16D59979008FA3AB /* Release */ = { + EB9C1D821BDFD0E100F89272 /* Release */ = { isa = XCBuildConfiguration; - baseConfigurationReference = 22C002A31AC9D33100B3469E /* OTAPKIAssetTool.xcconfig */; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; CLANG_CXX_LIBRARY = "libc++"; CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_EMPTY_BODY = YES; CLANG_WARN_ENUM_CONVERSION = YES; CLANG_WARN_INT_CONVERSION = YES; CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = "$(PROJECT_DIR)/OTAPKIAssetTool/OTAPKIAssetTool-entitlements.plist"; - CODE_SIGN_IDENTITY = "-"; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; ENABLE_NS_ASSERTIONS = NO; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); + ENABLE_STRICT_OBJC_MSGSEND = YES; GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; - INSTALL_PATH = /usr/libexec; - OTHER_LDFLAGS = ""; - "OTHER_LDFLAGS[sdk=embedded]" = ( - "-framework", - BackgroundTaskAgent, - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = iphoneos.internal; - "SKIP_INSTALL[sdk=embeddedsimulator*]" = YES; - VALIDATE_PRODUCT = YES; - }; - name = Release; - }; - 7913B20D0D172B3900601FE9 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - CODE_SIGN_ENTITLEMENTS = "sslViewer/sslServer-entitlements.plist"; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - INSTALL_PATH = /usr/local/bin; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; + MTL_ENABLE_DEBUG_INFO = NO; OTHER_LDFLAGS = ( - "-lsecurityd", - "-lSecureObjectSync", - "-lsqlite3", "-framework", - CFNetwork, + Security, ); - "OTHER_LDFLAGS[sdk=embedded][arch=*]" = ( - "-lsecurityd", - "-lSecureObjectSync", - "-lsqlite3", + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-laks", "-framework", - CFNetwork, + Security, "-framework", IOKit, - "-framework", - MobileKeyBag, - "-lcorecrypto$(Sim_Name)", - "-laks", - "-lACM", - ); - PRODUCT_NAME = sslServer; - }; - name = Debug; - }; - 7913B2100D172B3900601FE9 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - CODE_SIGN_ENTITLEMENTS = "sslViewer/sslServer-entitlements.plist"; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", ); - INSTALL_PATH = /usr/local/bin; - OTHER_LDFLAGS = ""; - "OTHER_LDFLAGS[sdk=embedded]" = ( - "-lsecurityd", - "-lSecureObjectSync", - "-lsqlite3", + "OTHER_LDFLAGS[sdk=macosx*]" = ( + "-laks", "-framework", - CFNetwork, + Security, "-framework", IOKit, - "-framework", - MobileKeyBag, - "-lcorecrypto$(Sim_Name)", - "-laks", - "-lACM", - ); - "OTHER_LDFLAGS[sdk=embeddedsimulator*][arch=*]" = ( - "-lsecurityd", - "-lSecureObjectSync", - "-lsqlite3", - "-framework", - CFNetwork, - ); - PRODUCT_NAME = sslServer; - }; - name = Release; - }; - 792EFFDC0CBBF878007C00A0 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - DEAD_CODE_STRIPPING = YES; - DEFINES_MODULE = YES; - DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = "$(CURRENT_PROJECT_VERSION)"; - EXPORTED_SYMBOLS_FILE = "$(BUILT_PRODUCTS_DIR)/$(TARGETNAME).$(CURRENT_ARCH).exp"; - FRAMEWORK_VERSION = B; - INFOPLIST_FILE = "Security-Info.plist"; - INSTALLHDRS_SCRIPT_PHASE = YES; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks"; - MODULEMAP_FILE = Modules/Security.iOS.modulemap; - OTHER_LDFLAGS = ( - "-laks", - "-Wl,-upward-lcoretls", - "-Wl,-upward-lcoretls_cfhelpers", - ); - "OTHER_LDFLAGS[sdk=*simulator*]" = ( - "-Wl,-upward-lcoretls", - "-Wl,-upward-lcoretls_cfhelpers", ); - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.${EXECUTABLE_NAME}"; - PRODUCT_NAME = Security; - STRIP_STYLE = debugging; - Sim_Name = ""; - "Sim_Name[sdk=embeddedsimulator*][arch=*]" = _sim; + PRODUCT_NAME = "$(TARGET_NAME)"; + SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; + VALIDATE_PRODUCT = YES; + }; + name = Release; + }; + EB9C1DB01BDFD4DF00F89272 /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Debug; }; - 792EFFDD0CBBF878007C00A0 /* Release */ = { + EB9C1DB11BDFD4DF00F89272 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { - COMBINE_HIDPI_IMAGES = YES; - DEAD_CODE_STRIPPING = YES; - DEFINES_MODULE = YES; - DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = "$(CURRENT_PROJECT_VERSION)"; - EXPORTED_SYMBOLS_FILE = "$(BUILT_PRODUCTS_DIR)/$(TARGETNAME).$(CURRENT_ARCH).exp"; - FRAMEWORK_VERSION = B; - INFOPLIST_FILE = "Security-Info.plist"; - INSTALLHDRS_SCRIPT_PHASE = YES; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks"; - MODULEMAP_FILE = Modules/Security.iOS.modulemap; - OTHER_LDFLAGS = ( - "-laks", - "-Wl,-upward-lcoretls", - "-Wl,-upward-lcoretls_cfhelpers", - ); - "OTHER_LDFLAGS[sdk=*simulator*]" = ( - "-Wl,-upward-lcoretls", - "-Wl,-upward-lcoretls_cfhelpers", - ); - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.${EXECUTABLE_NAME}"; - PRODUCT_NAME = Security; - STRIP_STYLE = debugging; - Sim_Name = ""; - "Sim_Name[sdk=embeddedsimulator*][arch=*]" = _sim; + PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Release; }; - 792EFFDE0CBBF878007C00A0 /* Debug */ = { + EBA9AA841CE30E58004E2B68 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; CLANG_ENABLE_OBJC_ARC = YES; - CODE_SIGN_ENTITLEMENTS = SecurityTool/entitlements.plist; - FRAMEWORK_SEARCH_PATHS = ( + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = RegressionTests/secitemnotifications/secitemnotifications.entitlements; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + ENABLE_TESTABILITY = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", ); - INSTALL_PATH = /usr/local/bin; - "INSTALL_PATH[sdk=macosx*]" = /usr/bin; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; + MTL_ENABLE_DEBUG_INFO = YES; + ONLY_ACTIVE_ARCH = YES; OTHER_LDFLAGS = ( - "-lsecurityd", - "-lSecureObjectSync", - "-lsqlite3", "-framework", - CFNetwork, + Security, ); - "OTHER_LDFLAGS[sdk=embedded][arch=*]" = ( - "-lsecurityd", - "-lSecureObjectSync", - "-lsqlite3", + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-laks", "-framework", - CFNetwork, + Security, "-framework", IOKit, - "-framework", - MobileKeyBag, + ); + "OTHER_LDFLAGS[sdk=macosx*]" = ( "-laks", - "-lACM", + "-framework", + Security, + "-framework", + IOKit, ); - PRODUCT_NAME = security; - STRIP_STYLE = debugging; + PRODUCT_NAME = "$(TARGET_NAME)"; + SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; }; name = Debug; }; - 792EFFDF0CBBF878007C00A0 /* Release */ = { + EBA9AA851CE30E58004E2B68 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; CLANG_ENABLE_OBJC_ARC = YES; - CODE_SIGN_ENTITLEMENTS = SecurityTool/entitlements.plist; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = RegressionTests/secitemnotifications/secitemnotifications.entitlements; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_LDFLAGS = ( + "-framework", + Security, ); - INSTALL_PATH = /usr/local/bin; - "INSTALL_PATH[sdk=macosx*]" = /usr/bin; - OTHER_LDFLAGS = ""; "OTHER_LDFLAGS[sdk=embedded]" = ( - "-lsecurityd", - "-lSecureObjectSync", - "-lsqlite3", + "-laks", "-framework", - CFNetwork, + Security, "-framework", IOKit, - "-framework", - MobileKeyBag, - "-laks", - "-lACM", ); - "OTHER_LDFLAGS[sdk=embeddedsimulator*][arch=*]" = ( - "-lsecurityd", - "-lSecureObjectSync", - "-lsqlite3", + "OTHER_LDFLAGS[sdk=macosx*]" = ( + "-laks", "-framework", - CFNetwork, + Security, + "-framework", + IOKit, ); - PRODUCT_NAME = security; - STRIP_STYLE = debugging; + PRODUCT_NAME = "$(TARGET_NAME)"; + SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; + VALIDATE_PRODUCT = YES; }; name = Release; }; - 792EFFE00CBBF878007C00A0 /* Debug */ = { + EBB696031BE1F9DE00715F16 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { - CODE_SIGN_ENTITLEMENTS = "sslViewer/sslViewer-entitlements.plist"; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - INSTALL_PATH = /usr/local/bin; - PRODUCT_NAME = sslViewer; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; + COPY_PHASE_STRIP = NO; + GCC_DYNAMIC_NO_PIC = NO; + GCC_OPTIMIZATION_LEVEL = 0; + PRODUCT_NAME = Security_executables_Bridge; }; name = Debug; }; - 792EFFE10CBBF878007C00A0 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - CODE_SIGN_ENTITLEMENTS = "sslViewer/sslViewer-entitlements.plist"; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - INSTALL_PATH = /usr/local/bin; - PRODUCT_NAME = sslViewer; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; - }; - name = Release; - }; - 792EFFE20CBBF878007C00A0 /* Debug */ = { + EBB696041BE1F9DE00715F16 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { - CODE_SIGN_ENTITLEMENTS = OSX/sec/securityd/entitlements.plist; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = YES; - INSTALL_PATH = /usr/libexec; - LIBRARY_SEARCH_PATHS = "$(SDKROOT)/usr/local/lib"; - OTHER_LDFLAGS = ""; - "OTHER_LDFLAGS[sdk=embedded][arch=*]" = ( - "$(OTHER_LDFLAGS)", - "-framework", - MobileKeyBag, - "-laks", - "-lACM", - "-lImg4Decode", - ); - PRODUCT_NAME = securityd; - STRIP_STYLE = debugging; + COPY_PHASE_STRIP = NO; + GCC_DYNAMIC_NO_PIC = NO; + GCC_OPTIMIZATION_LEVEL = 0; + PRODUCT_NAME = phase1_ios; }; name = Debug; }; - 792EFFE30CBBF878007C00A0 /* Release */ = { + EBBE20591C21380200B7A639 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { - CODE_SIGN_ENTITLEMENTS = OSX/sec/securityd/entitlements.plist; - FRAMEWORK_SEARCH_PATHS = ( + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + DEBUGGING_SYMBOLS = YES; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_GENERATE_DEBUGGING_SYMBOLS = YES; + GCC_NO_COMMON_BLOCKS = YES; + GCC_OPTIMIZATION_LEVEL = 0; + GCC_PREPROCESSOR_DEFINITIONS = ( + "DEBUG=1", "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = YES; - INSTALL_PATH = /usr/libexec; - LIBRARY_SEARCH_PATHS = "$(SDKROOT)/usr/local/lib"; - OTHER_LDFLAGS = ""; - "OTHER_LDFLAGS[sdk=embedded][arch=*]" = ( - "$(OTHER_LDFLAGS)", - "-framework", - MobileKeyBag, - "-laks", - "-lACM", - "-lImg4Decode", ); - PRODUCT_NAME = securityd; - STRIP_STYLE = debugging; - }; - name = Release; - }; - 792EFFE60CBBF878007C00A0 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = world; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = YES; + ONLY_ACTIVE_ARCH = YES; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Debug; }; - 792EFFE70CBBF878007C00A0 /* Release */ = { + EBBE205A1C21380200B7A639 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { - PRODUCT_NAME = world; + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_MODULES = YES; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + COPY_PHASE_STRIP = NO; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Release; }; - 792EFFE80CBBF878007C00A0 /* Debug */ = { + EBCF73FA1CE45F9C00BED7CA /* Debug */ = { isa = XCBuildConfiguration; - baseConfigurationReference = EB2CA5561D2C30F700AB770F /* Security.xcconfig */; + baseConfigurationReference = DCE4E82B1D7A54D300AFB96E /* ios_on_macos.xcconfig */; buildSettings = { - APPLY_RULES_IN_COPY_FILES = YES; - CLANG_STATIC_ANALYZER_MODE = deep; - CODE_SIGN_IDENTITY = "-"; - COPY_PHASE_STRIP = NO; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = RegressionTests/secitemfunctionality/secitemfunctionality.entitlements; + DEBUG_INFORMATION_FORMAT = dwarf; + ENABLE_STRICT_OBJC_MSGSEND = YES; ENABLE_TESTABILITY = YES; - GCC_OPTIMIZATION_LEVEL = 0; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_NO_COMMON_BLOCKS = YES; GCC_PREPROCESSOR_DEFINITIONS = ( - "__KEYCHAINCORE__=1", "DEBUG=1", - "$(GCC_PREPROCESSOR_DEFINITIONS)", - ); - "GCC_PREPROCESSOR_DEFINITIONS[sdk=embeddedsimulator*]" = ( - "INDIGO=1", - "$(INDIGO_MISSING_FRAMEWORKS)", - "$(GCC_PREPROCESSOR_DEFINITIONS)", - ); - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_MISSING_NEWLINE = YES; - GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES; - GCC_WARN_CHECK_SWITCH_STATEMENTS = YES; - GCC_WARN_FOUR_CHARACTER_CONSTANTS = YES; - GCC_WARN_INITIALIZER_NOT_FULLY_BRACKETED = YES; - GCC_WARN_MISSING_PARENTHESES = YES; - GCC_WARN_SHADOW = YES; - GCC_WARN_SIGN_COMPARE = YES; - GCC_WARN_UNINITIALIZED_AUTOS = NO; - GCC_WARN_UNKNOWN_PRAGMAS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - GCC_WARN_UNUSED_LABEL = YES; - GCC_WARN_UNUSED_VALUE = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - HEADERMAP_INCLUDES_FRAMEWORK_ENTRIES_FOR_ALL_PRODUCT_TYPES = NO; - HEADER_SEARCH_PATHS = ( "$(inherited)", - "$(PROJECT_DIR)", - "$(PROJECT_DIR)/OSX/libsecurity_keychain/libDER", - "$(PROJECT_DIR)/OSX/libsecurity_asn1", - "$(PROJECT_DIR)/libsecurity_smime", - "$(PROJECT_DIR)/OSX/sec/ProjectHeaders", - "$(PROJECT_DIR)/OSX/sec", - "$(PROJECT_DIR)/OSX/sec/SOSCircle", - "$(PROJECT_DIR)/OSX/utilities", - "$(PROJECT_DIR)/OSX/regressions", - "$(PROJECT_DIR)/OSX/", ); - INSTALL_DAEMON_AGENT_DIR = "$(SYSTEM_LIBRARY_DIR)/LaunchDaemons"; - "INSTALL_DAEMON_AGENT_DIR[sdk=macosx*]" = "$(SYSTEM_LIBRARY_DIR)/LaunchAgents"; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; + MTL_ENABLE_DEBUG_INFO = YES; ONLY_ACTIVE_ARCH = YES; - OTHER_CFLAGS = ( - "-fconstant-cfstrings", - "-fno-inline", + OTHER_LDFLAGS = ( + "-framework", + Security, ); - RUN_CLANG_STATIC_ANALYZER = YES; - SDKROOT = macosx.internal; - SECURITY_FRAMEWORK_RESOURCES_DIR = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/"; - "SECURITY_FRAMEWORK_RESOURCES_DIR[sdk=macosx*]" = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/A/Resources"; - STRIP_INSTALLED_PRODUCT = NO; - SUPPORTED_PLATFORMS = "iphonesimulator iphoneos watchos macosx appletvos appletvsimulator watchsimulator"; - Sim_Name = ""; - "Sim_Name[sdk=embeddedsimulator*][arch=*]" = _sim; - TARGETED_DEVICE_FAMILY = "1,2"; - WARNING_CFLAGS = ( - "-Wall", - "-Wextra", - "-Wno-unused-parameter", - "-Wno-missing-field-initializers", - "-Wno-error=deprecated-declarations", + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-laks", + "-framework", + Security, + "-framework", + IOKit, + ); + "OTHER_LDFLAGS[sdk=macosx*]" = ( + "-laks", + "-framework", + Security, + "-framework", + IOKit, ); + PRODUCT_NAME = "$(TARGET_NAME)"; + SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; }; name = Debug; }; - 792EFFE90CBBF878007C00A0 /* Release */ = { + EBCF73FB1CE45F9C00BED7CA /* Release */ = { isa = XCBuildConfiguration; - baseConfigurationReference = EB2CA5561D2C30F700AB770F /* Security.xcconfig */; + baseConfigurationReference = DCE4E82B1D7A54D300AFB96E /* ios_on_macos.xcconfig */; buildSettings = { - APPLY_RULES_IN_COPY_FILES = YES; - CLANG_STATIC_ANALYZER_MODE = deep; - CODE_SIGN_IDENTITY = "-"; - COPY_PHASE_STRIP = YES; + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_CXX_LIBRARY = "libc++"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; + CLANG_WARN_CONSTANT_CONVERSION = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_UNREACHABLE_CODE = YES; + CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; + CODE_SIGN_ENTITLEMENTS = RegressionTests/secitemfunctionality/secitemfunctionality.entitlements; + COPY_PHASE_STRIP = NO; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - GCC_OPTIMIZATION_LEVEL = s; - GCC_PREPROCESSOR_DEFINITIONS = ( - "__KEYCHAINCORE__=1", - "NDEBUG=1", - "$(GCC_PREPROCESSOR_DEFINITIONS)", - ); - "GCC_PREPROCESSOR_DEFINITIONS[sdk=embeddedsimulator*]" = ( - "INDIGO=1", - "$(INDIGO_MISSING_FRAMEWORKS)", - "$(GCC_PREPROCESSOR_DEFINITIONS)", + ENABLE_NS_ASSERTIONS = NO; + ENABLE_STRICT_OBJC_MSGSEND = YES; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_NO_COMMON_BLOCKS = YES; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + GCC_WARN_UNDECLARED_SELECTOR = YES; + GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; + INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; + MTL_ENABLE_DEBUG_INFO = NO; + OTHER_LDFLAGS = ( + "-framework", + Security, ); - GCC_TREAT_WARNINGS_AS_ERRORS = NO; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_MISSING_NEWLINE = YES; - GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES; - GCC_WARN_CHECK_SWITCH_STATEMENTS = YES; - GCC_WARN_FOUR_CHARACTER_CONSTANTS = YES; - GCC_WARN_INITIALIZER_NOT_FULLY_BRACKETED = YES; - GCC_WARN_MISSING_PARENTHESES = YES; - GCC_WARN_SHADOW = YES; - GCC_WARN_SIGN_COMPARE = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNKNOWN_PRAGMAS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - GCC_WARN_UNUSED_LABEL = YES; - GCC_WARN_UNUSED_VALUE = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - HEADERMAP_INCLUDES_FRAMEWORK_ENTRIES_FOR_ALL_PRODUCT_TYPES = NO; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(PROJECT_DIR)", - "$(PROJECT_DIR)/OSX/libsecurity_keychain/libDER", - "$(PROJECT_DIR)/OSX/libsecurity_asn1", - "$(PROJECT_DIR)/libsecurity_smime", - "$(PROJECT_DIR)/OSX/sec/ProjectHeaders", - "$(PROJECT_DIR)/OSX/sec", - "$(PROJECT_DIR)/OSX/sec/SOSCircle", - "$(PROJECT_DIR)/OSX/utilities", - "$(PROJECT_DIR)/OSX/regressions", - "$(PROJECT_DIR)/OSX/", + "OTHER_LDFLAGS[sdk=embedded]" = ( + "-laks", + "-framework", + Security, + "-framework", + IOKit, ); - INSTALL_DAEMON_AGENT_DIR = "$(SYSTEM_LIBRARY_DIR)/LaunchDaemons"; - "INSTALL_DAEMON_AGENT_DIR[sdk=macosx*]" = "$(SYSTEM_LIBRARY_DIR)/LaunchAgents"; - OTHER_CFLAGS = "-fconstant-cfstrings"; - RUN_CLANG_STATIC_ANALYZER = YES; - SDKROOT = macosx.internal; - SECURITY_FRAMEWORK_RESOURCES_DIR = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/"; - "SECURITY_FRAMEWORK_RESOURCES_DIR[sdk=macosx*]" = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/A/Resources"; - SUPPORTED_PLATFORMS = "iphonesimulator iphoneos watchos macosx appletvos appletvsimulator watchsimulator"; - Sim_Name = ""; - "Sim_Name[sdk=embeddedsimulator*][arch=*]" = _sim; - TARGETED_DEVICE_FAMILY = "1,2"; - WARNING_CFLAGS = ( - "-Wall", - "-Wextra", - "-Wno-unused-parameter", - "-Wno-missing-field-initializers", - "-Wno-error=deprecated-declarations", + "OTHER_LDFLAGS[sdk=macosx*]" = ( + "-laks", + "-framework", + Security, + "-framework", + IOKit, ); + PRODUCT_NAME = "$(TARGET_NAME)"; + SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; + VALIDATE_PRODUCT = YES; }; name = Release; }; - BE197F4619116FD100BA91D1 /* Debug */ = { + EBF374761DC055590065D840 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; - ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; - ASSETCATALOG_COMPILER_LAUNCHIMAGE_NAME = LaunchImage; - AXLE_ENABLE_DEBUG_INFO = YES; - CLANG_ALLOW_NON_MODULAR_INCLUDES_IN_FRAMEWORK_MODULES = YES; + CLANG_ANALYZER_NONNULL = YES; + CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; + CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; + CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CODE_SIGN_ENTITLEMENTS = "security-sysdiagnose/security-sysdiagnose.entitlements.plist"; + GCC_C_LANGUAGE_STANDARD = gnu99; + GCC_DYNAMIC_NO_PIC = NO; + GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; + INSTALL_PATH = /usr/libexec; + MTL_ENABLE_DEBUG_INFO = YES; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Debug; + }; + EBF374771DC055590065D840 /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + ALWAYS_SEARCH_USER_PATHS = NO; + CLANG_ANALYZER_NONNULL = YES; CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_ASSIGN_ENUM = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_DOCUMENTATION_COMMENTS = YES; CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = "$(TARGET_NAME)/entitlements.plist"; - "CODE_SIGN_IDENTITY[sdk=embedded*]" = "-"; - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); + CLANG_WARN_SUSPICIOUS_MOVES = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; + CODE_SIGN_ENTITLEMENTS = "security-sysdiagnose/security-sysdiagnose.entitlements.plist"; + COPY_PHASE_STRIP = NO; + ENABLE_NS_ASSERTIONS = NO; GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_PRECOMPILE_PREFIX_HEADER = YES; - GCC_PREFIX_HEADER = "$(TARGET_NAME)/$(TARGET_NAME)-Prefix.pch"; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_SYMBOLS_PRIVATE_EXTERN = NO; - GCC_WARN_ABOUT_MISSING_NEWLINE = NO; GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INFOPLIST_FILE = "$(TARGET_NAME)/$(TARGET_NAME)-Info.plist"; - "INSTALL_PATH[sdk=embedded*]" = "$(LOCAL_APPS_DIR)"; - LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks"; - ONLY_ACTIVE_ARCH = YES; - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.${PRODUCT_NAME:rfc1034identifier}"; + INSTALL_PATH = /usr/libexec; + MTL_ENABLE_DEBUG_INFO = NO; + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; + }; + F93C49041AB8FCE00047E01A /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { PRODUCT_NAME = "$(TARGET_NAME)"; - VALIDATE_PRODUCT = NO; }; name = Debug; }; - BE197F4719116FD100BA91D1 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; - ASSETCATALOG_COMPILER_LAUNCHIMAGE_NAME = LaunchImage; - AXLE_ENABLE_DEBUG_INFO = NO; - CLANG_ALLOW_NON_MODULAR_INCLUDES_IN_FRAMEWORK_MODULES = YES; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_MODULES = YES; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_ASSIGN_ENUM = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = "$(TARGET_NAME)/entitlements.plist"; - "CODE_SIGN_IDENTITY[sdk=embedded*]" = "-"; - COMBINE_HIDPI_IMAGES = YES; - ENABLE_NS_ASSERTIONS = NO; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_PRECOMPILE_PREFIX_HEADER = YES; - GCC_PREFIX_HEADER = "$(TARGET_NAME)/$(TARGET_NAME)-Prefix.pch"; - GCC_WARN_ABOUT_MISSING_NEWLINE = NO; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INFOPLIST_FILE = "$(TARGET_NAME)/$(TARGET_NAME)-Info.plist"; - "INSTALL_PATH[sdk=embedded*]" = "$(LOCAL_APPS_DIR)"; - LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks"; - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.${PRODUCT_NAME:rfc1034identifier}"; - PRODUCT_NAME = "$(TARGET_NAME)"; - VALIDATE_PRODUCT = NO; - }; - name = Release; + F93C49051AB8FCE00047E01A /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "$(TARGET_NAME)"; + }; + name = Release; + }; +/* End XCBuildConfiguration section */ + +/* Begin XCConfigurationList section */ + 05EF68B01949149C007958C3 /* Build configuration list for PBXAggregateTarget "Security_temporary_UI" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 05EF68B11949149C007958C3 /* Debug */, + 05EF68B21949149C007958C3 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 05EF68B619491512007958C3 /* Build configuration list for PBXAggregateTarget "Security_frameworks" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 05EF68B719491512007958C3 /* Debug */, + 05EF68B819491512007958C3 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 05EF68BC194915A5007958C3 /* Build configuration list for PBXAggregateTarget "Security_executables_osx" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 05EF68BD194915A5007958C3 /* Debug */, + 05EF68BE194915A5007958C3 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 05EF68C2194915FB007958C3 /* Build configuration list for PBXAggregateTarget "Security_kexts" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 05EF68C3194915FB007958C3 /* Debug */, + 05EF68C4194915FB007958C3 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 0C0BDB43175685B000BC1A7E /* Build configuration list for PBXNativeTarget "secdtests_ios" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 0C0BDB35175685B000BC1A7E /* Debug */, + 0C0BDB36175685B000BC1A7E /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 0C2BCBB61D06401F00ED7A2F /* Build configuration list for PBXNativeTarget "dtlsEchoClient" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 0C2BCBB71D06401F00ED7A2F /* Debug */, + 0C2BCBB81D06401F00ED7A2F /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 0C2BCBCB1D0648D100ED7A2F /* Build configuration list for PBXNativeTarget "dtlsEchoServer" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 0C2BCBCC1D0648D100ED7A2F /* Debug */, + 0C2BCBCD1D0648D100ED7A2F /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 0C679A0412F7C3AE00712919 /* Build configuration list for PBXAggregateTarget "dtlsTests" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 0C6799FA12F7C37C00712919 /* Debug */, + 0C6799FB12F7C37C00712919 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 0C7CFA2F14E1BA4800DF9D95 /* Build configuration list for PBXAggregateTarget "Security_frameworks_ios" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 0C7CFA3014E1BA4800DF9D95 /* Debug */, + 0C7CFA3114E1BA4800DF9D95 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 438169381B4EDCBD00C54D58 /* Build configuration list for PBXNativeTarget "SOSCCAuthPlugin" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 438169101B4EDCBD00C54D58 /* Debug */, + 438169111B4EDCBD00C54D58 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 4C32C0B10A4975F7002891BD /* Build configuration list for PBXNativeTarget "Security_ios" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 792EFFDC0CBBF878007C00A0 /* Debug */, + 792EFFDD0CBBF878007C00A0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 4C35DB6A094F906D002917C4 /* Build configuration list for PBXProject "Security" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 792EFFE80CBBF878007C00A0 /* Debug */, + 792EFFE90CBBF878007C00A0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 4C52D0CC16EFC61E0079966E /* Build configuration list for PBXNativeTarget "CircleJoinRequested" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 4C52D0BE16EFC61E0079966E /* Debug */, + 4C52D0BF16EFC61E0079966E /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 4C541FA20F250C8C00E508AE /* Build configuration list for PBXAggregateTarget "phase1" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 4C541F980F250C3000E508AE /* Debug */, + 4C541F9B0F250C3000E508AE /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 4C541FA30F250C8C00E508AE /* Build configuration list for PBXAggregateTarget "Security_executables_ios" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 4C541F870F250BF500E508AE /* Debug */, + 4C541F8A0F250BF500E508AE /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 4C711D7313AFCD0900FE865D /* Build configuration list for PBXNativeTarget "SecurityDevTests" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 4C711D7413AFCD0900FE865D /* Debug */, + 4C711D7513AFCD0900FE865D /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 4C91274A0ADBF4A100AF202E /* Build configuration list for PBXAggregateTarget "ios" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 792EFFE60CBBF878007C00A0 /* Debug */, + 792EFFE70CBBF878007C00A0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 4C9DE9E11181AC4900CF5C27 /* Build configuration list for PBXNativeTarget "sslEcdsa" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 4C9DE9D41181AC4900CF5C27 /* Debug */, + 4C9DE9D51181AC4900CF5C27 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 4CB740A90A4756B300D641BB /* Build configuration list for PBXNativeTarget "securitytool_ios" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 792EFFDE0CBBF878007C00A0 /* Debug */, + 792EFFDF0CBBF878007C00A0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 4CE5A55C09C7970A00D27A3F /* Build configuration list for PBXNativeTarget "sslViewer" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 792EFFE00CBBF878007C00A0 /* Debug */, + 792EFFE10CBBF878007C00A0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 52D82BE816A621F80078DFE5 /* Build configuration list for PBXNativeTarget "CloudKeychainProxy" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 52D82BE916A621F80078DFE5 /* Debug */, + 52D82BEA16A621F80078DFE5 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 5346481917331E1200FE9172 /* Build configuration list for PBXNativeTarget "KeychainSyncAccountNotification" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 5346480B17331E1200FE9172 /* Debug */, + 5346480C17331E1200FE9172 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 5E10994D19A5E55800A60E2B /* Build configuration list for PBXNativeTarget "ISACLProtectedItems" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 5E10992A19A5E55800A60E2B /* Debug */, + 5E10992B19A5E55800A60E2B /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + 5EBE24A21B00CCAE0007DB0E /* Build configuration list for PBXNativeTarget "secacltests" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 5EBE247E1B00CCAE0007DB0E /* Debug */, + 5EBE247F1B00CCAE0007DB0E /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - BE442BBF18B7FDB800F24DAE /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - CODE_SIGN_ENTITLEMENTS = OSX/sec/securityd/entitlements.plist; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = YES; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/"; - OTHER_LDFLAGS = ""; - "OTHER_LDFLAGS[sdk=embedded*][arch=*]" = ( - "$(OTHER_LDFLAGS)", - "-framework", - SpringBoardServices, - ); - PRODUCT_NAME = swcagent; - }; - name = Debug; + 728B56AB16D59979008FA3AB /* Build configuration list for PBXNativeTarget "OTAPKIAssetTool" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 728B56AC16D59979008FA3AB /* Debug */, + 728B56AD16D59979008FA3AB /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - BE442BC018B7FDB800F24DAE /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - CODE_SIGN_ENTITLEMENTS = OSX/sec/securityd/entitlements.plist; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = YES; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/"; - OTHER_LDFLAGS = ""; - "OTHER_LDFLAGS[sdk=embedded*][arch=*]" = ( - "$(OTHER_LDFLAGS)", - "-framework", - SpringBoardServices, - ); - PRODUCT_NAME = swcagent; - }; - name = Release; + 790851C90CA985C10083CC4D /* Build configuration list for PBXNativeTarget "securityd_ios" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 792EFFE20CBBF878007C00A0 /* Debug */, + 792EFFE30CBBF878007C00A0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - CD276C2D1A83F60C003226BC /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = IDSKeychainSyncingProxy/idskeychainsyncingproxy.entitlements.plist; - COMBINE_HIDPI_IMAGES = YES; - COPY_PHASE_STRIP = NO; - "DEBUG_INFORMATION_FORMAT[sdk=macosx*]" = "dwarf-with-dsym"; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_SYMBOLS_PRIVATE_EXTERN = NO; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(PROJECT_DIR)/OSX/sec/SOSCircle/CKBridge", - ); - INFOPLIST_FILE = "IDSKeychainSyncingProxy/IDSKeychainSyncingProxy-Info.plist"; - INSTALL_PATH = "$(SECURITY_FRAMEWORK_RESOURCES_DIR)"; - MACH_O_TYPE = mh_execute; - ONLY_ACTIVE_ARCH = YES; - OTHER_LDFLAGS = "-laks"; - "OTHER_LDFLAGS[sdk=embeddedsimulator*]" = ""; - PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.idskeychainsyncingproxy; - PRODUCT_NAME = "$(TARGET_NAME)"; - SKIP_INSTALL = NO; - STRIP_INSTALLED_PRODUCT = NO; - STRIP_STYLE = all; - WRAPPER_EXTENSION = bundle; - }; - name = Debug; + 7913B20A0D172B3900601FE9 /* Build configuration list for PBXNativeTarget "sslServer" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 7913B20D0D172B3900601FE9 /* Debug */, + 7913B2100D172B3900601FE9 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - CD276C2E1A83F60C003226BC /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = IDSKeychainSyncingProxy/idskeychainsyncingproxy.entitlements.plist; - COMBINE_HIDPI_IMAGES = YES; - COPY_PHASE_STRIP = NO; - "DEBUG_INFORMATION_FORMAT[sdk=macosx*]" = "dwarf-with-dsym"; - GCC_C_LANGUAGE_STANDARD = gnu99; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(PROJECT_DIR)/OSX/sec/SOSCircle/CKBridge", - ); - INFOPLIST_FILE = "IDSKeychainSyncingProxy/IDSKeychainSyncingProxy-Info.plist"; - INSTALL_PATH = "$(SECURITY_FRAMEWORK_RESOURCES_DIR)"; - MACH_O_TYPE = mh_execute; - OTHER_LDFLAGS = "-laks"; - "OTHER_LDFLAGS[sdk=embeddedsimulator*]" = ""; - PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.idskeychainsyncingproxy; - PRODUCT_NAME = "$(TARGET_NAME)"; - SKIP_INSTALL = NO; - STRIP_STYLE = all; - VALIDATE_PRODUCT = YES; - WRAPPER_EXTENSION = bundle; - }; - name = Release; + BE197F5819116FD100BA91D1 /* Build configuration list for PBXNativeTarget "SharedWebCredentialViewService" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + BE197F4619116FD100BA91D1 /* Debug */, + BE197F4719116FD100BA91D1 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - D41AD42F1B967169008C7270 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; + BE442BBE18B7FDB800F24DAE /* Build configuration list for PBXNativeTarget "swcagent" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + BE442BBF18B7FDB800F24DAE /* Debug */, + BE442BC018B7FDB800F24DAE /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - D41AD4301B967169008C7270 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; + CD276C2C1A83F60C003226BC /* Build configuration list for PBXNativeTarget "KeychainSyncingOverIDSProxy" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + CD276C2D1A83F60C003226BC /* Debug */, + CD276C2E1A83F60C003226BC /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - D41AD4331B96717A008C7270 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; + D41AD42E1B967169008C7270 /* Build configuration list for PBXAggregateTarget "Security_executables_watchos" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + D41AD42F1B967169008C7270 /* Debug */, + D41AD4301B967169008C7270 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - D41AD4341B96717A008C7270 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; + D41AD4321B96717A008C7270 /* Build configuration list for PBXAggregateTarget "Security_executables_tvos" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + D41AD4331B96717A008C7270 /* Debug */, + D41AD4341B96717A008C7270 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC0067BD1D87876F005AF8DB /* Build configuration list for PBXNativeTarget "securityd_server_macos" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0067BE1D87876F005AF8DB /* Debug */, + DC0067BF1D87876F005AF8DB /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC0067CD1D878898005AF8DB /* Build configuration list for PBXNativeTarget "securityd_ucspc" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0067CE1D878898005AF8DB /* Debug */, + DC0067CF1D878898005AF8DB /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC008B561D90CE53004002A3 /* Build configuration list for PBXAggregateTarget "securityd_macos_mig" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC008B461D90CE53004002A3 /* Debug */, + DC008B471D90CE53004002A3 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - E710C75D1331946500F85568 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - CODE_SIGN_ENTITLEMENTS = "SecurityTests/SecurityTests-Entitlements.plist"; - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - HEADER_SEARCH_PATHS = "$(inherited)"; - INFOPLIST_FILE = "SecurityTests/SecurityTests-Info.plist"; - INSTALL_PATH = /AppleInternal/Applications; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - "\"$(SDKROOT)/usr/lib/system\"", - ); - OTHER_LDFLAGS = ""; - "OTHER_LDFLAGS[sdk=embedded]" = ( - "$(inherited)", - "-framework", - MobileKeyBag, - "-laks", - "-lACM", - "-lImg4Decode", - ); - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:identifier}"; - PRODUCT_NAME = "$(TARGET_NAME)"; - STRIP_STYLE = debugging; - }; - name = Debug; + DC0BC55D1D8B6D2E00070CB0 /* Build configuration list for PBXNativeTarget "XPCKeychainSandboxCheck" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BC55E1D8B6D2E00070CB0 /* Debug */, + DC0BC55F1D8B6D2E00070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - E710C75E1331946500F85568 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - CODE_SIGN_ENTITLEMENTS = "SecurityTests/SecurityTests-Entitlements.plist"; - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - HEADER_SEARCH_PATHS = "$(inherited)"; - INFOPLIST_FILE = "SecurityTests/SecurityTests-Info.plist"; - INSTALL_PATH = /AppleInternal/Applications; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - "\"$(SDKROOT)/usr/lib/system\"", - ); - OTHER_LDFLAGS = ""; - "OTHER_LDFLAGS[sdk=embedded]" = ( - "$(inherited)", - "-framework", - MobileKeyBag, - "-laks", - "-lACM", - "-lImg4Decode", - ); - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:identifier}"; - PRODUCT_NAME = "$(TARGET_NAME)"; - STRIP_STYLE = debugging; - }; - name = Release; + DC0BC5691D8B6E3D00070CB0 /* Build configuration list for PBXNativeTarget "XPCTimeStampingService" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BC56A1D8B6E3D00070CB0 /* Debug */, + DC0BC56B1D8B6E3D00070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - E74584681BF68EBA001B54A4 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; + DC0BC5891D8B70E700070CB0 /* Build configuration list for PBXNativeTarget "security_cdsa_utils" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BC58A1D8B70E700070CB0 /* Debug */, + DC0BC58B1D8B70E700070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - E74584691BF68EBA001B54A4 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; + DC0BC5B41D8B71FD00070CB0 /* Build configuration list for PBXNativeTarget "security_checkpw" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BC5B51D8B71FD00070CB0 /* Debug */, + DC0BC5B61D8B71FD00070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - E79EEDA81CD3F87B00C2FBFC /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; + DC0BC5CA1D8B72E700070CB0 /* Build configuration list for PBXNativeTarget "test-checkpw" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BC5CB1D8B72E700070CB0 /* Debug */, + DC0BC5CC1D8B72E700070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - E79EEDA91CD3F87B00C2FBFC /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; + DC0BC5DE1D8B73B000070CB0 /* Build configuration list for PBXNativeTarget "perf-checkpw" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BC5DF1D8B73B000070CB0 /* Debug */, + DC0BC5E01D8B73B000070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - E79EEDD41CD3F8AB00C2FBFC /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; + DC0BC5E61D8B742200070CB0 /* Build configuration list for PBXNativeTarget "security_comcryption" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BC5E71D8B742200070CB0 /* Debug */, + DC0BC5E81D8B742200070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - E79EEDD51CD3F8AB00C2FBFC /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; + DC0BC5FC1D8B752B00070CB0 /* Build configuration list for PBXNativeTarget "security_cryptkit" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BC5FD1D8B752B00070CB0 /* Debug */, + DC0BC5FE1D8B752B00070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - E79EEDDA1CD3FFC800C2FBFC /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; + DC0BC7491D8B771600070CB0 /* Build configuration list for PBXNativeTarget "security_cssm" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BC74A1D8B771600070CB0 /* Debug */, + DC0BC74B1D8B771600070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - E79EEDDB1CD3FFC800C2FBFC /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; + DC0BC89C1D8B7CBD00070CB0 /* Build configuration list for PBXNativeTarget "security_filedb" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BC89D1D8B7CBD00070CB0 /* Debug */, + DC0BC89E1D8B7CBD00070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - E79EEDE21CD4000C00C2FBFC /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; + DC0BC8D01D8B7DA200070CB0 /* Build configuration list for PBXNativeTarget "security_manifest" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BC8D11D8B7DA200070CB0 /* Debug */, + DC0BC8D21D8B7DA200070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - E79EEDE31CD4000C00C2FBFC /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; + DC0BC8FD1D8B7E8000070CB0 /* Build configuration list for PBXNativeTarget "security_mds" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BC8FE1D8B7E8000070CB0 /* Debug */, + DC0BC8FF1D8B7E8000070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - E7B01BF0166594AB000485F1 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = YES; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = "Keychain/Keychain-Entitlements.plist"; - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_PRECOMPILE_PREFIX_HEADER = NO; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_SYMBOLS_PRIVATE_EXTERN = NO; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(PROJECT_DIR)", - "$(PROJECT_DIR)/OSX/libsecurity_keychain/libDER", - "$(PROJECT_DIR)/OSX/libsecurity_asn1", - "$(PROJECT_DIR)/libsecurity_smime", - "$(PROJECT_DIR)/OSX/sec", - "$(PROJECT_DIR)/OSX/utilities", - "$(BUILT_PRODUCTS_DIR)/usr/local/include", - "$(PROJECT_DIR)/OSX/regressions", - "$(PROJECT_DIR)/OSX/sec/SOSCircle", - ); - "HEADER_SEARCH_PATHS[sdk=macosx*][arch=*]" = ( - "$(inherited)", - "$(HEADER_SEARCH_PATHS)", - "$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks/CarbonCore.framework/Headers", - ); - INFOPLIST_FILE = "Keychain/Keychain-Info.plist"; - INSTALL_PATH = /AppleInternal/Applications; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - "\"$(SDKROOT)/usr/lib/system\"", - ); - ONLY_ACTIVE_ARCH = YES; - OTHER_LDFLAGS = "$(inherited)"; - "OTHER_LDFLAGS[sdk=embedded][arch=*]" = ( - "$(inherited)", - "-framework", - MobileKeyBag, - ); - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; - PRODUCT_NAME = SyncDevTest2; - SDKROOT = iphoneos.internal; - WRAPPER_EXTENSION = app; - }; - name = Debug; + DC0BC9321D8B7F6A00070CB0 /* Build configuration list for PBXNativeTarget "security_ocspd" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BC9331D8B7F6A00070CB0 /* Debug */, + DC0BC9341D8B7F6A00070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC0BC96A1D8B810A00070CB0 /* Build configuration list for PBXNativeTarget "security_pkcs12" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BC96B1D8B810A00070CB0 /* Debug */, + DC0BC96C1D8B810A00070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - E7B01BF1166594AB000485F1 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = YES; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = "Keychain/Keychain-Entitlements.plist"; - COMBINE_HIDPI_IMAGES = YES; - FRAMEWORK_SEARCH_PATHS = ( - "$(inherited)", - "$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - ); - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_PRECOMPILE_PREFIX_HEADER = NO; - HEADER_SEARCH_PATHS = ( - "$(inherited)", - "$(PROJECT_DIR)", - "$(PROJECT_DIR)/OSX/libsecurity_keychain/libDER", - "$(PROJECT_DIR)/OSX/libsecurity_asn1", - "$(PROJECT_DIR)/libsecurity_smime", - "$(PROJECT_DIR)/OSX/sec", - "$(PROJECT_DIR)/OSX/utilities", - "$(BUILT_PRODUCTS_DIR)/usr/local/include", - "$(PROJECT_DIR)/OSX/regressions", - "$(PROJECT_DIR)/OSX/sec/SOSCircle", - ); - "HEADER_SEARCH_PATHS[sdk=macosx*][arch=*]" = ( - "$(inherited)", - "$(HEADER_SEARCH_PATHS)", - "$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks/CarbonCore.framework/Headers", - ); - INFOPLIST_FILE = "Keychain/Keychain-Info.plist"; - INSTALL_PATH = /AppleInternal/Applications; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - "\"$(SDKROOT)/usr/lib/system\"", - ); - OTHER_CFLAGS = "-DNS_BLOCK_ASSERTIONS=1"; - OTHER_LDFLAGS = "$(inherited)"; - "OTHER_LDFLAGS[sdk=embedded]" = ( - "$(inherited)", - "-framework", - MobileKeyBag, - ); - PRODUCT_BUNDLE_IDENTIFIER = "com.apple.security.${PRODUCT_NAME:rfc1034identifier}"; - PRODUCT_NAME = SyncDevTest2; - SDKROOT = iphoneos.internal; - VALIDATE_PRODUCT = YES; - WRAPPER_EXTENSION = app; - }; - name = Release; + DC0BC99E1D8B81BE00070CB0 /* Build configuration list for PBXNativeTarget "security_sd_cspdl" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BC99F1D8B81BE00070CB0 /* Debug */, + DC0BC9A01D8B81BE00070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - E7CFF6481C84F61200E3484E /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; + DC0BC9CC1D8B824700070CB0 /* Build configuration list for PBXNativeTarget "security_ssl" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BC9CD1D8B824700070CB0 /* Debug */, + DC0BC9CE1D8B824700070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - E7CFF6491C84F61200E3484E /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; + DC0BCA171D8B82B000070CB0 /* Build configuration list for PBXNativeTarget "security_ssl_regressions" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BCA181D8B82B000070CB0 /* Debug */, + DC0BCA191D8B82B000070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - E7D847D61C6BE9720025BB44 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - CLANG_ANALYZER_NONNULL = YES; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COMBINE_HIDPI_IMAGES = YES; - CURRENT_PROJECT_VERSION = 1; - DEFINES_MODULE = YES; - DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 1; - ENABLE_STRICT_OBJC_MSGSEND = YES; - FRAMEWORK_VERSION = A; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_NO_COMMON_BLOCKS = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INFOPLIST_FILE = KeychainCircle/Info.plist; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks"; - MTL_ENABLE_DEBUG_INFO = YES; - ONLY_ACTIVE_ARCH = YES; - PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.KeychainCircle.KeychainCircle; - PRODUCT_NAME = "$(TARGET_NAME)"; - SUPPORTS_TEXT_BASED_API = YES; - VERSIONING_SYSTEM = "apple-generic"; - VERSION_INFO_PREFIX = ""; - }; - name = Debug; + DC0BCA7D1D8B858600070CB0 /* Build configuration list for PBXNativeTarget "security_transform" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BCA7E1D8B858600070CB0 /* Debug */, + DC0BCA7F1D8B858600070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - E7D847D71C6BE9720025BB44 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - CLANG_ANALYZER_NONNULL = YES; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COMBINE_HIDPI_IMAGES = YES; - CURRENT_PROJECT_VERSION = 1; - DEFINES_MODULE = YES; - DYLIB_COMPATIBILITY_VERSION = 1; - DYLIB_CURRENT_VERSION = 1; - ENABLE_NS_ASSERTIONS = NO; - ENABLE_STRICT_OBJC_MSGSEND = YES; - FRAMEWORK_VERSION = A; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INFOPLIST_FILE = KeychainCircle/Info.plist; - INSTALL_PATH = "$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks"; - MTL_ENABLE_DEBUG_INFO = NO; - PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.KeychainCircle.KeychainCircle; - PRODUCT_NAME = "$(TARGET_NAME)"; - SUPPORTS_TEXT_BASED_API = YES; - VERSIONING_SYSTEM = "apple-generic"; - VERSION_INFO_PREFIX = ""; - }; - name = Release; + DC0BCB051D8B894F00070CB0 /* Build configuration list for PBXNativeTarget "security_translocate" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BCB061D8B894F00070CB0 /* Debug */, + DC0BCB071D8B894F00070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - E7D847D81C6BE9720025BB44 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_ANALYZER_NONNULL = YES; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COMBINE_HIDPI_IMAGES = YES; - DEBUG_INFORMATION_FORMAT = dwarf; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_NO_COMMON_BLOCKS = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INFOPLIST_FILE = KeychainCircle/Tests/Info.plist; - INSTALL_PATH = /AppleInternal/Tests/Security/; - MTL_ENABLE_DEBUG_INFO = YES; - ONLY_ACTIVE_ARCH = YES; - OTHER_LDFLAGS = ( - "$(APPLE_AKS_LIBRARY)", - "-lACM", - "-framework", - SystemConfiguration, - "-F$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "-framework", - AppleSystemInfo, - ); - "OTHER_LDFLAGS[sdk=embedded]" = ( - "-laks", - "-lACM", - "-framework", - SystemConfiguration, - "-F$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "-lMobileGestalt", - "-framework", - AggregateDictionary, - "-framework", - MobileKeyBag, - ); - "OTHER_LDFLAGS[sdk=embeddedsimulator*]" = ( - "-lACM", - "-framework", - SystemConfiguration, - "-F$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "-lMobileGestalt", - "-framework", - AggregateDictionary, - ); - PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.KeychainCircle.KeychainCircleTests; - PRODUCT_NAME = "$(TARGET_NAME)"; - SUPPORTS_TEXT_BASED_API = YES; - }; - name = Debug; + DC0BCBFA1D8C648C00070CB0 /* Build configuration list for PBXNativeTarget "regressionBase" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BCBFB1D8C648C00070CB0 /* Debug */, + DC0BCBFC1D8C648C00070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC0BCC331D8C684F00070CB0 /* Build configuration list for PBXNativeTarget "utilities" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BCC341D8C684F00070CB0 /* Debug */, + DC0BCC351D8C684F00070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC0BCD451D8C694700070CB0 /* Build configuration list for PBXNativeTarget "utilitiesRegressions" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC0BCD461D8C694700070CB0 /* Debug */, + DC0BCD471D8C694700070CB0 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - E7D847D91C6BE9720025BB44 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_ANALYZER_NONNULL = YES; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COMBINE_HIDPI_IMAGES = YES; - COPY_PHASE_STRIP = NO; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - ENABLE_NS_ASSERTIONS = NO; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INFOPLIST_FILE = KeychainCircle/Tests/Info.plist; - INSTALL_PATH = /AppleInternal/Tests/Security/; - MTL_ENABLE_DEBUG_INFO = NO; - OTHER_LDFLAGS = ( - "$(APPLE_AKS_LIBRARY)", - "-lACM", - "-framework", - SystemConfiguration, - "-F$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "-framework", - AppleSystemInfo, - ); - "OTHER_LDFLAGS[sdk=embedded]" = ( - "-laks", - "-lACM", - "-framework", - SystemConfiguration, - "-F$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "-lMobileGestalt", - "-framework", - AggregateDictionary, - "-framework", - MobileKeyBag, - ); - "OTHER_LDFLAGS[sdk=embeddedsimulator*]" = ( - "-lACM", - "-framework", - SystemConfiguration, - "-F$(SDKROOT)$(SYSTEM_LIBRARY_DIR)/PrivateFrameworks", - "-lMobileGestalt", - "-framework", - AggregateDictionary, - ); - PRODUCT_BUNDLE_IDENTIFIER = com.apple.security.KeychainCircle.KeychainCircleTests; - PRODUCT_NAME = "$(TARGET_NAME)"; - SUPPORTS_TEXT_BASED_API = YES; - }; - name = Release; + DC17850A1D77873200B50D50 /* Build configuration list for PBXNativeTarget "copyHeadersToSystem" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC17850B1D77873200B50D50 /* Debug */, + DC17850C1D77873200B50D50 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EB0BC93C1C3C791500785842 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = RegressionTests/secedumodetest/secedumodetest.entitlements; - DEBUG_INFORMATION_FORMAT = dwarf; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_NO_COMMON_BLOCKS = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; - MTL_ENABLE_DEBUG_INFO = YES; - ONLY_ACTIVE_ARCH = YES; - OTHER_LDFLAGS = ( - "-framework", - Security, - ); - "OTHER_LDFLAGS[sdk=embedded]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - "OTHER_LDFLAGS[sdk=macosx*]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = macosx.internal; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; - }; - name = Debug; + DC17890D1D77980500B50D50 /* Build configuration list for PBXNativeTarget "Security_osx" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC17890E1D77980500B50D50 /* Debug */, + DC17890F1D77980500B50D50 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EB0BC93D1C3C791500785842 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = RegressionTests/secedumodetest/secedumodetest.entitlements; - COPY_PHASE_STRIP = NO; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - ENABLE_NS_ASSERTIONS = NO; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; - MTL_ENABLE_DEBUG_INFO = NO; - OTHER_LDFLAGS = ( - "-framework", - Security, - ); - "OTHER_LDFLAGS[sdk=embedded]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - "OTHER_LDFLAGS[sdk=macosx*]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = macosx.internal; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; - VALIDATE_PRODUCT = YES; - }; - name = Release; + DC3A4B5B1D91E9FB00E46D4A /* Build configuration list for PBXNativeTarget "CodeSigningHelper" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC3A4B5C1D91E9FB00E46D4A /* Debug */, + DC3A4B5D1D91E9FB00E46D4A /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC52E7BF1D80BC8000B0A59C /* Build configuration list for PBXNativeTarget "libsecurityd_ios" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC52E7C01D80BC8000B0A59C /* Debug */, + DC52E7C11D80BC8000B0A59C /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC52E8B71D80C1EB00B0A59C /* Build configuration list for PBXNativeTarget "secipc_client" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC52E8B81D80C1EB00B0A59C /* Debug */, + DC52E8B91D80C1EB00B0A59C /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC52E8C31D80C25800B0A59C /* Build configuration list for PBXNativeTarget "SecureObjectSync" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC52E8C41D80C25800B0A59C /* Debug */, + DC52E8C51D80C25800B0A59C /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC52EA491D80CB7000B0A59C /* Build configuration list for PBXNativeTarget "SecurityTool" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC52EA4A1D80CB7000B0A59C /* Debug */, + DC52EA4B1D80CB7000B0A59C /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC52EBD21D80CEF100B0A59C /* Build configuration list for PBXNativeTarget "SecurityCommands" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC52EBD31D80CEF100B0A59C /* Debug */, + DC52EBD41D80CEF100B0A59C /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC52EC311D80CFB200B0A59C /* Build configuration list for PBXNativeTarget "SOSCommands" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC52EC321D80CFB200B0A59C /* Debug */, + DC52EC331D80CFB200B0A59C /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC52EC4A1D80D00800B0A59C /* Build configuration list for PBXNativeTarget "libSWCAgent" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC52EC4B1D80D00800B0A59C /* Debug */, + DC52EC4C1D80D00800B0A59C /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC52EC591D80D05200B0A59C /* Build configuration list for PBXNativeTarget "logging" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC52EC5A1D80D05200B0A59C /* Debug */, + DC52EC5B1D80D05200B0A59C /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC52EC651D80D0C400B0A59C /* Build configuration list for PBXNativeTarget "SOSRegressions" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC52EC661D80D0C400B0A59C /* Debug */, + DC52EC671D80D0C400B0A59C /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC52EC941D80D1A800B0A59C /* Build configuration list for PBXNativeTarget "iOSSecurityRegressions" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC52EC951D80D1A800B0A59C /* Debug */, + DC52EC961D80D1A800B0A59C /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC52ED9A1D80D4CD00B0A59C /* Build configuration list for PBXNativeTarget "iOSsecuritydRegressions" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC52ED9B1D80D4CD00B0A59C /* Debug */, + DC52ED9C1D80D4CD00B0A59C /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EB425CA41C65846D000ECE53 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = RegressionTests/secbackuptest/secbackuptest.entitlements; - DEBUG_INFORMATION_FORMAT = dwarf; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_NO_COMMON_BLOCKS = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; - MTL_ENABLE_DEBUG_INFO = YES; - ONLY_ACTIVE_ARCH = YES; - OTHER_LDFLAGS = ( - "-framework", - Security, - ); - "OTHER_LDFLAGS[sdk=embedded]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - "OTHER_LDFLAGS[sdk=macosx*]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = macosx.internal; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; - }; - name = Debug; + DC52EDAE1D80D58400B0A59C /* Build configuration list for PBXNativeTarget "secdRegressions" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC52EDAF1D80D58400B0A59C /* Debug */, + DC52EDB01D80D58400B0A59C /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EB425CA51C65846D000ECE53 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = RegressionTests/secbackuptest/secbackuptest.entitlements; - COPY_PHASE_STRIP = NO; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - ENABLE_NS_ASSERTIONS = NO; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; - MTL_ENABLE_DEBUG_INFO = NO; - OTHER_LDFLAGS = ( - "-framework", - Security, - ); - "OTHER_LDFLAGS[sdk=embedded]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - "OTHER_LDFLAGS[sdk=macosx*]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = macosx.internal; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; - VALIDATE_PRODUCT = YES; - }; - name = Release; + DC52EE3E1D80D6DD00B0A59C /* Build configuration list for PBXNativeTarget "SharedRegressions" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC52EE3F1D80D6DD00B0A59C /* Debug */, + DC52EE401D80D6DD00B0A59C /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EB433A261CC3243600A7EACE /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = RegressionTests/secitemstresstest/secitemstresstest.entitlements; - DEBUG_INFORMATION_FORMAT = dwarf; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_NO_COMMON_BLOCKS = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; - MTL_ENABLE_DEBUG_INFO = YES; - ONLY_ACTIVE_ARCH = YES; - OTHER_LDFLAGS = ( - "-framework", - Security, - ); - "OTHER_LDFLAGS[sdk=embedded]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - "OTHER_LDFLAGS[sdk=macosx*]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = macosx.internal; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; - }; - name = Debug; + DC52EE6B1D80D82600B0A59C /* Build configuration list for PBXNativeTarget "SecItemShimOSX" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC52EE6C1D80D82600B0A59C /* Debug */, + DC52EE6D1D80D82600B0A59C /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EB433A271CC3243600A7EACE /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = RegressionTests/secitemstresstest/secitemstresstest.entitlements; - COPY_PHASE_STRIP = NO; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - ENABLE_NS_ASSERTIONS = NO; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; - MTL_ENABLE_DEBUG_INFO = NO; - OTHER_LDFLAGS = ( - "-framework", - Security, - ); - "OTHER_LDFLAGS[sdk=embedded]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - "OTHER_LDFLAGS[sdk=macosx*]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = macosx.internal; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; - VALIDATE_PRODUCT = YES; - }; - name = Release; + DC58C4261D77BDEA003C25A4 /* Build configuration list for PBXNativeTarget "csparser_osx" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC58C4271D77BDEA003C25A4 /* Debug */, + DC58C4281D77BDEA003C25A4 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC59E9E91D91C9DC001BDDF5 /* Build configuration list for PBXNativeTarget "DER_not_installed" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC59E9EA1D91C9DC001BDDF5 /* Debug */, + DC59E9EB1D91C9DC001BDDF5 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC59EA221D91CA15001BDDF5 /* Build configuration list for PBXNativeTarget "DERUtils" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC59EA231D91CA15001BDDF5 /* Debug */, + DC59EA241D91CA15001BDDF5 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC59EA3B1D91CA82001BDDF5 /* Build configuration list for PBXNativeTarget "parseCert" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC59EA3C1D91CA82001BDDF5 /* Debug */, + DC59EA3D1D91CA82001BDDF5 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EB6A6FAA1B90F83A0045DC68 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_MODULES = YES; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - "CODE_SIGN_IDENTITY[sdk=embedded*]" = "iPhone Developer"; - DEBUG_INFORMATION_FORMAT = dwarf; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_NO_COMMON_BLOCKS = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; - IPHONEOS_DEPLOYMENT_TARGET = 9.3; - MTL_ENABLE_DEBUG_INFO = YES; - ONLY_ACTIVE_ARCH = YES; - "OTHER_LDFLAGS[sdk=embedded]" = ( - "-laks", - "-framework", - IOKit, - ); - PRODUCT_NAME = phase1_ios; - }; - name = Release; + DC59EA5D1D91CAF0001BDDF5 /* Build configuration list for PBXNativeTarget "parseCrl" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC59EA5E1D91CAF0001BDDF5 /* Debug */, + DC59EA5F1D91CAF0001BDDF5 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EB6A6FAB1B90F83A0045DC68 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; + DC59EA6D1D91CB9F001BDDF5 /* Build configuration list for PBXNativeTarget "parseTicket" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC59EA6E1D91CB9F001BDDF5 /* Debug */, + DC59EA6F1D91CB9F001BDDF5 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EB6A6FB01B90F8810045DC68 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; + DC5ABDC91D832DAB00CF422C /* Build configuration list for PBXNativeTarget "securitytool_macos" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC5ABDCA1D832DAB00CF422C /* Debug */, + DC5ABDCB1D832DAB00CF422C /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EB6A6FB11B90F8810045DC68 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; + DC5AC0A61D8352DA00CF422C /* Build configuration list for PBXNativeTarget "securityd_macos" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC5AC0541D8352DA00CF422C /* Debug */, + DC5AC0551D8352DA00CF422C /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EB6A6FB61B90F8C90045DC68 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; + DC5AC1361D835D9700CF422C /* Build configuration list for PBXLegacyTarget "===== Source Gen =====" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC5AC1371D835D9700CF422C /* Debug */, + DC5AC1381D835D9700CF422C /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EB6A6FB71B90F8C90045DC68 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; + DC610A311D78F129002223DE /* Build configuration list for PBXNativeTarget "secdtests_macos" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC610A321D78F129002223DE /* Debug */, + DC610A331D78F129002223DE /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EB9C1D811BDFD0E100F89272 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - DEBUG_INFORMATION_FORMAT = dwarf; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_NO_COMMON_BLOCKS = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; - MTL_ENABLE_DEBUG_INFO = YES; - ONLY_ACTIVE_ARCH = YES; - OTHER_LDFLAGS = ( - "-framework", - Security, - ); - "OTHER_LDFLAGS[sdk=embedded]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - "OTHER_LDFLAGS[sdk=macosx*]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = macosx.internal; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; - }; - name = Debug; + DC610A4B1D78F48F002223DE /* Build configuration list for PBXNativeTarget "SecTaskTest_macos" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC610A4C1D78F48F002223DE /* Debug */, + DC610A4D1D78F48F002223DE /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EB9C1D821BDFD0E100F89272 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COPY_PHASE_STRIP = NO; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - ENABLE_NS_ASSERTIONS = NO; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; - MTL_ENABLE_DEBUG_INFO = NO; - OTHER_LDFLAGS = ( - "-framework", - Security, - ); - "OTHER_LDFLAGS[sdk=embedded]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - "OTHER_LDFLAGS[sdk=macosx*]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = macosx.internal; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; - VALIDATE_PRODUCT = YES; - }; - name = Release; + DC610A5C1D78F9D2002223DE /* Build configuration list for PBXNativeTarget "codesign_tests_macos" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC610A5D1D78F9D2002223DE /* Debug */, + DC610A5E1D78F9D2002223DE /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC610AB41D7910C3002223DE /* Build configuration list for PBXNativeTarget "gk_reset_check_macos" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC610AB51D7910C3002223DE /* Debug */, + DC610AB61D7910C3002223DE /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC63CAEA1D90D63500C03317 /* Build configuration list for PBXAggregateTarget "libsecurityd_macos_mig" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC63CAEB1D90D63500C03317 /* Debug */, + DC63CAEC1D90D63500C03317 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC6A82981D87749A00418608 /* Build configuration list for PBXNativeTarget "securityd_client_macos" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC6A82991D87749A00418608 /* Debug */, + DC6A829A1D87749A00418608 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC6BC26E1D90CFEF00DD57B3 /* Build configuration list for PBXAggregateTarget "securityd_macos_startup" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC6BC26F1D90CFEF00DD57B3 /* Debug */, + DC6BC2701D90CFEF00DD57B3 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC6BC2771D90D0BE00DD57B3 /* Build configuration list for PBXAggregateTarget "securityd_macos_DTrace" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC6BC2781D90D0BE00DD57B3 /* Debug */, + DC6BC2791D90D0BE00DD57B3 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC6BC27E1D90D1EE00DD57B3 /* Build configuration list for PBXAggregateTarget "security_cssm_generator" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC6BC27F1D90D1EE00DD57B3 /* Debug */, + DC6BC2801D90D1EE00DD57B3 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC71D9DC1D95BA6C0065FB93 /* Build configuration list for PBXNativeTarget "ASN1" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC71D9DD1D95BA6C0065FB93 /* Debug */, + DC71D9DE1D95BA6C0065FB93 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EB9C1DB01BDFD4DF00F89272 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; + DC71D9F81D95BB0A0065FB93 /* Build configuration list for PBXNativeTarget "DER" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC71D9F91D95BB0A0065FB93 /* Debug */, + DC71D9FA1D95BB0A0065FB93 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EB9C1DB11BDFD4DF00F89272 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; + DC82FFE71D90D3F60085674B /* Build configuration list for PBXAggregateTarget "security_utilities_DTrace" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC82FFE81D90D3F60085674B /* Debug */, + DC82FFE91D90D3F60085674B /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EBA9AA841CE30E58004E2B68 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = RegressionTests/secitemnotifications/secitemnotifications.entitlements; - DEBUG_INFORMATION_FORMAT = dwarf; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_NO_COMMON_BLOCKS = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; - MTL_ENABLE_DEBUG_INFO = YES; - ONLY_ACTIVE_ARCH = YES; - OTHER_LDFLAGS = ( - "-framework", - Security, - ); - "OTHER_LDFLAGS[sdk=embedded]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - "OTHER_LDFLAGS[sdk=macosx*]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = macosx.internal; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; - }; - name = Debug; + DC82FFEE1D90D4D20085674B /* Build configuration list for PBXAggregateTarget "security_ocspd_macos_mig" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC82FFEF1D90D4D20085674B /* Debug */, + DC82FFF01D90D4D20085674B /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EBA9AA851CE30E58004E2B68 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = RegressionTests/secitemnotifications/secitemnotifications.entitlements; - COPY_PHASE_STRIP = NO; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - ENABLE_NS_ASSERTIONS = NO; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; - MTL_ENABLE_DEBUG_INFO = NO; - OTHER_LDFLAGS = ( - "-framework", - Security, - ); - "OTHER_LDFLAGS[sdk=embedded]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - "OTHER_LDFLAGS[sdk=macosx*]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = macosx.internal; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; - VALIDATE_PRODUCT = YES; - }; - name = Release; + DC8834051D8A218F00CE0ACA /* Build configuration list for PBXNativeTarget "ASN1_not_installed" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC8834061D8A218F00CE0ACA /* Debug */, + DC8834071D8A218F00CE0ACA /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EBB696031BE1F9DE00715F16 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - COPY_PHASE_STRIP = NO; - GCC_DYNAMIC_NO_PIC = NO; - GCC_OPTIMIZATION_LEVEL = 0; - PRODUCT_NAME = Security_executables_Bridge; - }; - name = Debug; + DC8E04921D7F6CED006D80EB /* Build configuration list for PBXLegacyTarget "======= Daemons =========" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC8E04931D7F6CED006D80EB /* Debug */, + DC8E04941D7F6CED006D80EB /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EBB696041BE1F9DE00715F16 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - COPY_PHASE_STRIP = NO; - GCC_DYNAMIC_NO_PIC = NO; - GCC_OPTIMIZATION_LEVEL = 0; - PRODUCT_NAME = phase1_ios; - }; - name = Debug; + DC8E04961D7F6D80006D80EB /* Build configuration list for PBXLegacyTarget "========= CLI ===========" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC8E04971D7F6D80006D80EB /* Debug */, + DC8E04981D7F6D80006D80EB /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EBBE20591C21380200B7A639 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_MODULES = YES; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - DEBUGGING_SYMBOLS = YES; - DEBUG_INFORMATION_FORMAT = dwarf; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_GENERATE_DEBUGGING_SYMBOLS = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_OPTIMIZATION_LEVEL = 0; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - MTL_ENABLE_DEBUG_INFO = YES; - ONLY_ACTIVE_ARCH = YES; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; + DC8E049A1D7F6D9C006D80EB /* Build configuration list for PBXLegacyTarget "====== Frameworks ========" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC8E049B1D7F6D9C006D80EB /* Debug */, + DC8E049C1D7F6D9C006D80EB /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EBBE205A1C21380200B7A639 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_MODULES = YES; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COPY_PHASE_STRIP = NO; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - ENABLE_NS_ASSERTIONS = NO; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - MTL_ENABLE_DEBUG_INFO = NO; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; + DC8E049E1D7F6DBC006D80EB /* Build configuration list for PBXLegacyTarget "==== Test Binaries =======" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC8E049F1D7F6DBC006D80EB /* Debug */, + DC8E04A01D7F6DBC006D80EB /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DC8E04A21D7F6DFC006D80EB /* Build configuration list for PBXLegacyTarget "======= Apps ==========" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC8E04A31D7F6DFC006D80EB /* Debug */, + DC8E04A41D7F6DFC006D80EB /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EBCF73FA1CE45F9C00BED7CA /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = RegressionTests/secitemfunctionality/secitemfunctionality.entitlements; - DEBUG_INFORMATION_FORMAT = dwarf; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_NO_COMMON_BLOCKS = YES; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; - MTL_ENABLE_DEBUG_INFO = YES; - ONLY_ACTIVE_ARCH = YES; - OTHER_LDFLAGS = ( - "-framework", - Security, - ); - "OTHER_LDFLAGS[sdk=embedded]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - "OTHER_LDFLAGS[sdk=macosx*]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = macosx.internal; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; - }; - name = Debug; + DC8E04A61D7F6E50006D80EB /* Build configuration list for PBXLegacyTarget "===== Top-Level Targets =====" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC8E04A71D7F6E50006D80EB /* Debug */, + DC8E04A81D7F6E50006D80EB /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - EBCF73FB1CE45F9C00BED7CA /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - CODE_SIGN_ENTITLEMENTS = RegressionTests/secitemfunctionality/secitemfunctionality.entitlements; - COPY_PHASE_STRIP = NO; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - ENABLE_NS_ASSERTIONS = NO; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_NO_COMMON_BLOCKS = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; - INSTALL_PATH = /AppleInternal/CoreOS/tests/Security; - MTL_ENABLE_DEBUG_INFO = NO; - OTHER_LDFLAGS = ( - "-framework", - Security, - ); - "OTHER_LDFLAGS[sdk=embedded]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - "OTHER_LDFLAGS[sdk=macosx*]" = ( - "-laks", - "-framework", - Security, - "-framework", - IOKit, - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = macosx.internal; - SUPPORTED_PLATFORMS = "macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator"; - VALIDATE_PRODUCT = YES; - }; - name = Release; + DC8E04AA1D7F6E63006D80EB /* Build configuration list for PBXLegacyTarget "=== Legacy Targets =====" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC8E04AB1D7F6E63006D80EB /* Debug */, + DC8E04AC1D7F6E63006D80EB /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - F93C49041AB8FCE00047E01A /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; + DC8E04AE1D7F6E76006D80EB /* Build configuration list for PBXLegacyTarget "======= misc =========" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC8E04AF1D7F6E76006D80EB /* Debug */, + DC8E04B01D7F6E76006D80EB /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; - F93C49051AB8FCE00047E01A /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; + DC8E04B21D7F6EC9006D80EB /* Build configuration list for PBXLegacyTarget "======= Libraries =========" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DC8E04B31D7F6EC9006D80EB /* Debug */, + DC8E04B41D7F6EC9006D80EB /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - 05EF68B01949149C007958C3 /* Build configuration list for PBXAggregateTarget "Security_temporary_UI" */ = { + DCB3406A1D8A24DF0054D16E /* Build configuration list for PBXNativeTarget "security_authorization" */ = { isa = XCConfigurationList; buildConfigurations = ( - 05EF68B11949149C007958C3 /* Debug */, - 05EF68B21949149C007958C3 /* Release */, + DCB3406B1D8A24DF0054D16E /* Debug */, + DCB3406C1D8A24DF0054D16E /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 05EF68B619491512007958C3 /* Build configuration list for PBXAggregateTarget "Security_frameworks" */ = { + DCB340921D8A267C0054D16E /* Build configuration list for PBXNativeTarget "security_cdsa_client" */ = { isa = XCConfigurationList; buildConfigurations = ( - 05EF68B719491512007958C3 /* Debug */, - 05EF68B819491512007958C3 /* Release */, + DCB340931D8A267C0054D16E /* Debug */, + DCB340941D8A267C0054D16E /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 05EF68BC194915A5007958C3 /* Build configuration list for PBXAggregateTarget "Security_executables_osx" */ = { + DCB341341D8A2A010054D16E /* Build configuration list for PBXNativeTarget "security_cdsa_plugin" */ = { isa = XCConfigurationList; buildConfigurations = ( - 05EF68BD194915A5007958C3 /* Debug */, - 05EF68BE194915A5007958C3 /* Release */, + DCB341351D8A2A010054D16E /* Debug */, + DCB341361D8A2A010054D16E /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 05EF68C2194915FB007958C3 /* Build configuration list for PBXAggregateTarget "Security_kexts" */ = { + DCB3417F1D8A2B860054D16E /* Build configuration list for PBXNativeTarget "security_cdsa_utilities" */ = { isa = XCConfigurationList; buildConfigurations = ( - 05EF68C3194915FB007958C3 /* Debug */, - 05EF68C4194915FB007958C3 /* Release */, + DCB341801D8A2B860054D16E /* Debug */, + DCB341811D8A2B860054D16E /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 0C0BDB43175685B000BC1A7E /* Build configuration list for PBXNativeTarget "secdtests" */ = { + DCB3423E1D8A32820054D16E /* Build configuration list for PBXNativeTarget "security_keychain" */ = { isa = XCConfigurationList; buildConfigurations = ( - 0C0BDB35175685B000BC1A7E /* Debug */, - 0C0BDB36175685B000BC1A7E /* Release */, + DCB3423F1D8A32820054D16E /* Debug */, + DCB342401D8A32820054D16E /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 0C2BCBB61D06401F00ED7A2F /* Build configuration list for PBXNativeTarget "dtlsEchoClient" */ = { + DCB3443B1D8A34FD0054D16E /* Build configuration list for PBXNativeTarget "security_keychain_regressions" */ = { isa = XCConfigurationList; buildConfigurations = ( - 0C2BCBB71D06401F00ED7A2F /* Debug */, - 0C2BCBB81D06401F00ED7A2F /* Release */, + DCB3443C1D8A34FD0054D16E /* Debug */, + DCB3443D1D8A34FD0054D16E /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 0C2BCBCB1D0648D100ED7A2F /* Build configuration list for PBXNativeTarget "dtlsEchoServer" */ = { + DCC78EAF1D8088E200865A7C /* Build configuration list for PBXNativeTarget "security" */ = { isa = XCConfigurationList; buildConfigurations = ( - 0C2BCBCC1D0648D100ED7A2F /* Debug */, - 0C2BCBCD1D0648D100ED7A2F /* Release */, + DCC78EB01D8088E200865A7C /* Debug */, + DCC78EB11D8088E200865A7C /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 0C679A0412F7C3AE00712919 /* Build configuration list for PBXAggregateTarget "dtlsTests" */ = { + DCD067571D8CDCF4007602F1 /* Build configuration list for PBXAggregateTarget "codesigning_DTrace" */ = { isa = XCConfigurationList; buildConfigurations = ( - 0C6799FA12F7C37C00712919 /* Debug */, - 0C6799FB12F7C37C00712919 /* Release */, + DCD067581D8CDCF4007602F1 /* Debug */, + DCD067591D8CDCF4007602F1 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 0C7CFA2F14E1BA4800DF9D95 /* Build configuration list for PBXAggregateTarget "Security_frameworks_ios" */ = { + DCD0675D1D8CDD6D007602F1 /* Build configuration list for PBXAggregateTarget "codesigning_SystemPolicy" */ = { isa = XCConfigurationList; buildConfigurations = ( - 0C7CFA3014E1BA4800DF9D95 /* Debug */, - 0C7CFA3114E1BA4800DF9D95 /* Release */, + DCD0675E1D8CDD6D007602F1 /* Debug */, + DCD0675F1D8CDD6D007602F1 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 438169381B4EDCBD00C54D58 /* Build configuration list for PBXNativeTarget "SOSCCAuthPlugin" */ = { + DCD0677C1D8CDF19007602F1 /* Build configuration list for PBXNativeTarget "security_codesigning" */ = { isa = XCConfigurationList; buildConfigurations = ( - 438169101B4EDCBD00C54D58 /* Debug */, - 438169111B4EDCBD00C54D58 /* Release */, + DCD0677D1D8CDF19007602F1 /* Debug */, + DCD0677E1D8CDF19007602F1 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 4C32C0B10A4975F7002891BD /* Build configuration list for PBXNativeTarget "Security" */ = { + DCD069681D8CE105007602F1 /* Build configuration list for PBXAggregateTarget "codesigning_RequirementsLanguage" */ = { isa = XCConfigurationList; buildConfigurations = ( - 792EFFDC0CBBF878007C00A0 /* Debug */, - 792EFFDD0CBBF878007C00A0 /* Release */, + DCD069691D8CE105007602F1 /* Debug */, + DCD0696A1D8CE105007602F1 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 4C35DB6A094F906D002917C4 /* Build configuration list for PBXProject "Security" */ = { + DCD0696C1D8CE1F9007602F1 /* Build configuration list for PBXLegacyTarget "==== Code Signing =====" */ = { isa = XCConfigurationList; buildConfigurations = ( - 792EFFE80CBBF878007C00A0 /* Debug */, - 792EFFE90CBBF878007C00A0 /* Release */, + DCD0696D1D8CE1F9007602F1 /* Debug */, + DCD0696E1D8CE1F9007602F1 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 4C52D0CC16EFC61E0079966E /* Build configuration list for PBXNativeTarget "CircleJoinRequested" */ = { + DCD06A3C1D8CE21C007602F1 /* Build configuration list for PBXNativeTarget "integrity" */ = { isa = XCConfigurationList; buildConfigurations = ( - 4C52D0BE16EFC61E0079966E /* Debug */, - 4C52D0BF16EFC61E0079966E /* Release */, + DCD06A3D1D8CE21C007602F1 /* Debug */, + DCD06A3E1D8CE21C007602F1 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 4C541FA20F250C8C00E508AE /* Build configuration list for PBXAggregateTarget "phase1" */ = { + DCD06A4E1D8CE281007602F1 /* Build configuration list for PBXNativeTarget "codehost" */ = { isa = XCConfigurationList; buildConfigurations = ( - 4C541F980F250C3000E508AE /* Debug */, - 4C541F9B0F250C3000E508AE /* Release */, + DCD06A4F1D8CE281007602F1 /* Debug */, + DCD06A501D8CE281007602F1 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 4C541FA30F250C8C00E508AE /* Build configuration list for PBXAggregateTarget "Security_executables_ios" */ = { + DCD06A711D8CE2D5007602F1 /* Build configuration list for PBXNativeTarget "gkunpack" */ = { isa = XCConfigurationList; buildConfigurations = ( - 4C541F870F250BF500E508AE /* Debug */, - 4C541F8A0F250BF500E508AE /* Release */, + DCD06A721D8CE2D5007602F1 /* Debug */, + DCD06A731D8CE2D5007602F1 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 4C711D7313AFCD0900FE865D /* Build configuration list for PBXNativeTarget "SecurityDevTests" */ = { + DCD06A7C1D8CE330007602F1 /* Build configuration list for PBXAggregateTarget "All Codesigning" */ = { isa = XCConfigurationList; buildConfigurations = ( - 4C711D7413AFCD0900FE865D /* Debug */, - 4C711D7513AFCD0900FE865D /* Release */, + DCD06A7D1D8CE330007602F1 /* Debug */, + DCD06A7E1D8CE330007602F1 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 4C91274A0ADBF4A100AF202E /* Build configuration list for PBXAggregateTarget "ios" */ = { + DCD06AAD1D8E0D53007602F1 /* Build configuration list for PBXNativeTarget "security_utilities" */ = { isa = XCConfigurationList; buildConfigurations = ( - 792EFFE60CBBF878007C00A0 /* Debug */, - 792EFFE70CBBF878007C00A0 /* Release */, + DCD06AAE1D8E0D53007602F1 /* Debug */, + DCD06AAF1D8E0D53007602F1 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 4C9DE9E11181AC4900CF5C27 /* Build configuration list for PBXNativeTarget "sslEcdsa" */ = { + DCD66D701D8204A700DB1393 /* Build configuration list for PBXNativeTarget "SecTrustOSX" */ = { isa = XCConfigurationList; buildConfigurations = ( - 4C9DE9D41181AC4900CF5C27 /* Debug */, - 4C9DE9D51181AC4900CF5C27 /* Release */, + DCD66D711D8204A700DB1393 /* Debug */, + DCD66D721D8204A700DB1393 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 4CB740A90A4756B300D641BB /* Build configuration list for PBXNativeTarget "securitytool" */ = { + DCD66DD81D8205C400DB1393 /* Build configuration list for PBXNativeTarget "SecOtrOSX" */ = { isa = XCConfigurationList; buildConfigurations = ( - 792EFFDE0CBBF878007C00A0 /* Debug */, - 792EFFDF0CBBF878007C00A0 /* Release */, + DCD66DD91D8205C400DB1393 /* Debug */, + DCD66DDA1D8205C400DB1393 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 4CE5A55C09C7970A00D27A3F /* Build configuration list for PBXNativeTarget "sslViewer" */ = { + DCE4E6A11D7A37FA00AFB96E /* Build configuration list for PBXNativeTarget "security2tool_macos" */ = { isa = XCConfigurationList; buildConfigurations = ( - 792EFFE00CBBF878007C00A0 /* Debug */, - 792EFFE10CBBF878007C00A0 /* Release */, + DCE4E6A21D7A37FA00AFB96E /* Debug */, + DCE4E6A31D7A37FA00AFB96E /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 52D82BE816A621F80078DFE5 /* Build configuration list for PBXNativeTarget "CloudKeychainProxy" */ = { + DCE4E7AF1D7A43B500AFB96E /* Build configuration list for PBXNativeTarget "SecurityTestsOSX" */ = { isa = XCConfigurationList; buildConfigurations = ( - 52D82BE916A621F80078DFE5 /* Debug */, - 52D82BEA16A621F80078DFE5 /* Release */, + DCE4E7B01D7A43B500AFB96E /* Debug */, + DCE4E7B11D7A43B500AFB96E /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 52DE81941636347600F49F0C /* Build configuration list for PBXNativeTarget "Keychain" */ = { + DCE4E7D01D7A4AEE00AFB96E /* Build configuration list for PBXNativeTarget "sectests_macos" */ = { isa = XCConfigurationList; buildConfigurations = ( - 52DE81951636347600F49F0C /* Debug */, - 52DE81961636347600F49F0C /* Release */, + DCE4E7D11D7A4AEE00AFB96E /* Debug */, + DCE4E7D21D7A4AEE00AFB96E /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 5346481917331E1200FE9172 /* Build configuration list for PBXNativeTarget "KeychainSyncAccountNotification" */ = { + DCE4E7FA1D7A4DA900AFB96E /* Build configuration list for PBXNativeTarget "secd" */ = { isa = XCConfigurationList; buildConfigurations = ( - 5346480B17331E1200FE9172 /* Debug */, - 5346480C17331E1200FE9172 /* Release */, + DCE4E7FB1D7A4DA900AFB96E /* Debug */, + DCE4E7FC1D7A4DA900AFB96E /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 5E10994D19A5E55800A60E2B /* Build configuration list for PBXNativeTarget "ISACLProtectedItems" */ = { + DCE4E8561D7A57AE00AFB96E /* Build configuration list for PBXNativeTarget "trustd" */ = { isa = XCConfigurationList; buildConfigurations = ( - 5E10992A19A5E55800A60E2B /* Debug */, - 5E10992B19A5E55800A60E2B /* Release */, + DCE4E8571D7A57AE00AFB96E /* Debug */, + DCE4E8581D7A57AE00AFB96E /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 5EBE24A21B00CCAE0007DB0E /* Build configuration list for PBXNativeTarget "secacltests" */ = { + DCE4E89D1D7F34F700AFB96E /* Build configuration list for PBXNativeTarget "authd" */ = { isa = XCConfigurationList; buildConfigurations = ( - 5EBE247E1B00CCAE0007DB0E /* Debug */, - 5EBE247F1B00CCAE0007DB0E /* Release */, + DCE4E89E1D7F34F700AFB96E /* Debug */, + DCE4E89F1D7F34F700AFB96E /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 728B56AB16D59979008FA3AB /* Build configuration list for PBXNativeTarget "OTAPKIAssetTool" */ = { + DCE4E8EB1D7F39DC00AFB96E /* Build configuration list for PBXNativeTarget "Cloud Keychain Utility" */ = { isa = XCConfigurationList; buildConfigurations = ( - 728B56AC16D59979008FA3AB /* Debug */, - 728B56AD16D59979008FA3AB /* Release */, + DCE4E8EC1D7F39DC00AFB96E /* Debug */, + DCE4E8ED1D7F39DC00AFB96E /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 790851C90CA985C10083CC4D /* Build configuration list for PBXNativeTarget "securityd" */ = { + DCE4E91F1D7F3D5400AFB96E /* Build configuration list for PBXNativeTarget "Keychain Circle Notification" */ = { isa = XCConfigurationList; buildConfigurations = ( - 792EFFE20CBBF878007C00A0 /* Debug */, - 792EFFE30CBBF878007C00A0 /* Release */, + DCE4E9201D7F3D5400AFB96E /* Debug */, + DCE4E9211D7F3D5400AFB96E /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - 7913B20A0D172B3900601FE9 /* Build configuration list for PBXNativeTarget "sslServer" */ = { + DCF782BB1D88B44300E694BB /* Build configuration list for PBXLegacyTarget "==== macOS Libraries ======" */ = { isa = XCConfigurationList; buildConfigurations = ( - 7913B20D0D172B3900601FE9 /* Debug */, - 7913B2100D172B3900601FE9 /* Release */, + DCF782BC1D88B44300E694BB /* Debug */, + DCF782BD1D88B44300E694BB /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - BE197F5819116FD100BA91D1 /* Build configuration list for PBXNativeTarget "SharedWebCredentialViewService" */ = { + DCF783111D88B4DE00E694BB /* Build configuration list for PBXNativeTarget "security_apple_csp" */ = { isa = XCConfigurationList; buildConfigurations = ( - BE197F4619116FD100BA91D1 /* Debug */, - BE197F4719116FD100BA91D1 /* Release */, + DCF783121D88B4DE00E694BB /* Debug */, + DCF783131D88B4DE00E694BB /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - BE442BBE18B7FDB800F24DAE /* Build configuration list for PBXNativeTarget "swcagent" */ = { + DCF785E21D88B95500E694BB /* Build configuration list for PBXNativeTarget "security_apple_cspdl" */ = { isa = XCConfigurationList; buildConfigurations = ( - BE442BBF18B7FDB800F24DAE /* Debug */, - BE442BC018B7FDB800F24DAE /* Release */, + DCF785E31D88B95500E694BB /* Debug */, + DCF785E41D88B95500E694BB /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - CD276C2C1A83F60C003226BC /* Build configuration list for PBXNativeTarget "IDSKeychainSyncingProxy" */ = { + DCF788301D88C86900E694BB /* Build configuration list for PBXNativeTarget "security_apple_empty" */ = { isa = XCConfigurationList; buildConfigurations = ( - CD276C2D1A83F60C003226BC /* Debug */, - CD276C2E1A83F60C003226BC /* Release */, + DCF788311D88C86900E694BB /* Debug */, + DCF788321D88C86900E694BB /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - D41AD42E1B967169008C7270 /* Build configuration list for PBXAggregateTarget "Security_executables_watchos" */ = { + DCF788381D88C8C400E694BB /* Build configuration list for PBXNativeTarget "security_apple_file_dl" */ = { isa = XCConfigurationList; buildConfigurations = ( - D41AD42F1B967169008C7270 /* Debug */, - D41AD4301B967169008C7270 /* Release */, + DCF788391D88C8C400E694BB /* Debug */, + DCF7883A1D88C8C400E694BB /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; - D41AD4321B96717A008C7270 /* Build configuration list for PBXAggregateTarget "Security_executables_tvos" */ = { + DCF7884B1D88CA7200E694BB /* Build configuration list for PBXNativeTarget "security_apple_x509_cl" */ = { isa = XCConfigurationList; buildConfigurations = ( - D41AD4331B96717A008C7270 /* Debug */, - D41AD4341B96717A008C7270 /* Release */, + DCF7884C1D88CA7200E694BB /* Debug */, + DCF7884D1D88CA7200E694BB /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DCF788A01D88CB5200E694BB /* Build configuration list for PBXNativeTarget "plugin_apple_x509_cl" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DCF788A11D88CB5200E694BB /* Debug */, + DCF788A21D88CB5200E694BB /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; + DCF788D31D88CD2400E694BB /* Build configuration list for PBXNativeTarget "security_apple_x509_tp" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + DCF788D41D88CD2400E694BB /* Debug */, + DCF788D51D88CD2400E694BB /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; @@ -11058,6 +35676,15 @@ defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; + EBF3747D1DC055590065D840 /* Build configuration list for PBXNativeTarget "security-sysdiagnose" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + EBF374761DC055590065D840 /* Debug */, + EBF374771DC055590065D840 /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; F93C49031AB8FCE00047E01A /* Build configuration list for PBXAggregateTarget "ckcdiagnose.sh" */ = { isa = XCConfigurationList; buildConfigurations = ( diff --git a/Security.xcodeproj/xcshareddata/xcschemes/ios - Debug.xcscheme b/Security.xcodeproj/xcshareddata/xcschemes/ios - Debug.xcscheme index 9d93c518..2ff5f627 100644 --- a/Security.xcodeproj/xcshareddata/xcschemes/ios - Debug.xcscheme +++ b/Security.xcodeproj/xcshareddata/xcschemes/ios - Debug.xcscheme @@ -1,6 +1,6 @@ + + @@ -272,6 +276,10 @@ argument = "si_28_sectrustsettings" isEnabled = "NO"> + + @@ -556,6 +564,10 @@ argument = "sc_153_backupslicekeybag" isEnabled = "NO"> + + @@ -708,6 +720,10 @@ argument = "otr_packetdata" isEnabled = "NO"> + + + + @@ -250,6 +254,10 @@ argument = "si_28_sectrustsettings" isEnabled = "NO"> + + @@ -559,7 +567,7 @@ isEnabled = "NO"> diff --git a/Security.xcodeproj/xcshareddata/xcschemes/ios - secdtests.xcscheme b/Security.xcodeproj/xcshareddata/xcschemes/ios - secdtests.xcscheme index 3ac265f6..592a3310 100644 --- a/Security.xcodeproj/xcshareddata/xcschemes/ios - secdtests.xcscheme +++ b/Security.xcodeproj/xcshareddata/xcschemes/ios - secdtests.xcscheme @@ -1,6 +1,6 @@ @@ -34,7 +34,7 @@ BuildableIdentifier = "primary" BlueprintIdentifier = "0C0BDB2E175685B000BC1A7E" BuildableName = "secdtests" - BlueprintName = "secdtests" + BlueprintName = "secdtests_ios" ReferencedContainer = "container:Security.xcodeproj"> @@ -58,7 +58,7 @@ BuildableIdentifier = "primary" BlueprintIdentifier = "0C0BDB2E175685B000BC1A7E" BuildableName = "secdtests" - BlueprintName = "secdtests" + BlueprintName = "secdtests_ios" ReferencedContainer = "container:Security.xcodeproj"> @@ -267,6 +267,10 @@ argument = "secd_201_coders" isEnabled = "NO"> + + @@ -304,7 +308,7 @@ BuildableIdentifier = "primary" BlueprintIdentifier = "0C0BDB2E175685B000BC1A7E" BuildableName = "secdtests" - BlueprintName = "secdtests" + BlueprintName = "secdtests_ios" ReferencedContainer = "container:Security.xcodeproj"> diff --git a/OSX/OSX.xcodeproj/xcshareddata/xcschemes/osx - World.xcscheme b/Security.xcodeproj/xcshareddata/xcschemes/osx - World.xcscheme similarity index 92% rename from OSX/OSX.xcodeproj/xcshareddata/xcschemes/osx - World.xcscheme rename to Security.xcodeproj/xcshareddata/xcschemes/osx - World.xcscheme index 0264d450..e83dd374 100644 --- a/OSX/OSX.xcodeproj/xcshareddata/xcschemes/osx - World.xcscheme +++ b/Security.xcodeproj/xcshareddata/xcschemes/osx - World.xcscheme @@ -1,6 +1,6 @@ + ReferencedContainer = "container:Security.xcodeproj"> @@ -35,17 +35,17 @@ BlueprintIdentifier = "E7D847CD1C6BE9720025BB44" BuildableName = "KeychainCircleTests.xctest" BlueprintName = "KeychainCircleTests" - ReferencedContainer = "container:../Security.xcodeproj"> + ReferencedContainer = "container:Security.xcodeproj"> + ReferencedContainer = "container:Security.xcodeproj"> @@ -66,10 +66,10 @@ runnableDebuggingMode = "0"> + ReferencedContainer = "container:Security.xcodeproj"> @@ -241,6 +241,10 @@ argument = "si_28_sectrustsettings" isEnabled = "NO"> + + @@ -257,6 +261,14 @@ argument = "si_44_seckey_ies" isEnabled = "NO"> + + + + @@ -313,7 +325,7 @@ BlueprintIdentifier = "E74584661BF68EBA001B54A4" BuildableName = "osx" BlueprintName = "osx" - ReferencedContainer = "container:../Security.xcodeproj"> + ReferencedContainer = "container:Security.xcodeproj"> diff --git a/OSX/OSX.xcodeproj/xcshareddata/xcschemes/osx - secdtests.xcscheme b/Security.xcodeproj/xcshareddata/xcschemes/osx - secdtests.xcscheme similarity index 82% rename from OSX/OSX.xcodeproj/xcshareddata/xcschemes/osx - secdtests.xcscheme rename to Security.xcodeproj/xcshareddata/xcschemes/osx - secdtests.xcscheme index 3173d32d..40687c0c 100644 --- a/OSX/OSX.xcodeproj/xcshareddata/xcschemes/osx - secdtests.xcscheme +++ b/Security.xcodeproj/xcshareddata/xcschemes/osx - secdtests.xcscheme @@ -1,6 +1,6 @@ + ReferencedContainer = "container:Security.xcodeproj"> + BlueprintName = "secdtests_macos" + ReferencedContainer = "container:Security.xcodeproj"> @@ -46,10 +46,10 @@ + BlueprintName = "secdtests_macos" + ReferencedContainer = "container:Security.xcodeproj"> @@ -69,10 +69,10 @@ runnableDebuggingMode = "0"> + BlueprintName = "secdtests_macos" + ReferencedContainer = "container:Security.xcodeproj"> @@ -80,6 +80,18 @@ argument = "-s" isEnabled = "NO"> + + + + + + @@ -92,6 +104,14 @@ argument = "secd_77_ids_messaging" isEnabled = "NO"> + + + + @@ -148,6 +168,10 @@ argument = "sc_153_backupslicekeybag" isEnabled = "NO"> + + @@ -216,6 +240,10 @@ argument = "secd_70_engine_corrupt" isEnabled = "NO"> + + @@ -246,16 +274,15 @@ savedToolIdentifier = "" useCustomWorkingDirectory = "NO" debugDocumentVersioning = "YES"> - + + BlueprintIdentifier = "E74584661BF68EBA001B54A4" + BuildableName = "osx" + BlueprintName = "osx" + ReferencedContainer = "container:Security.xcodeproj"> - + diff --git a/OSX/OSX.xcodeproj/xcshareddata/xcschemes/osx - sectests.xcscheme b/Security.xcodeproj/xcshareddata/xcschemes/osx - sectests.xcscheme similarity index 74% rename from OSX/OSX.xcodeproj/xcshareddata/xcschemes/osx - sectests.xcscheme rename to Security.xcodeproj/xcshareddata/xcschemes/osx - sectests.xcscheme index 1b9c7b70..0384941f 100644 --- a/OSX/OSX.xcodeproj/xcshareddata/xcschemes/osx - sectests.xcscheme +++ b/Security.xcodeproj/xcshareddata/xcschemes/osx - sectests.xcscheme @@ -1,6 +1,6 @@ + BlueprintName = "Security_osx" + ReferencedContainer = "container:Security.xcodeproj"> + BlueprintName = "sectests_macos" + ReferencedContainer = "container:Security.xcodeproj"> @@ -46,10 +46,10 @@ + BlueprintName = "sectests_macos" + ReferencedContainer = "container:Security.xcodeproj"> @@ -69,10 +69,10 @@ runnableDebuggingMode = "0"> + BlueprintName = "sectests_macos" + ReferencedContainer = "container:Security.xcodeproj"> @@ -84,16 +84,15 @@ savedToolIdentifier = "" useCustomWorkingDirectory = "NO" debugDocumentVersioning = "YES"> - + + BlueprintIdentifier = "DC1789031D77980500B50D50" + BuildableName = "Security.framework" + BlueprintName = "Security_osx" + ReferencedContainer = "container:Security.xcodeproj"> - + diff --git a/Security/sec/securityd/SecItemSchema.c b/Security/sec/securityd/SecItemSchema.c deleted file mode 100644 index 6807fdf6..00000000 --- a/Security/sec/securityd/SecItemSchema.c +++ /dev/null @@ -1,299 +0,0 @@ -/* - * Copyright (c) 2006-2014 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/* - * SecItemSchema.c - CoreFoundation-based constants and functions for - access to Security items (certificates, keys, identities, and - passwords.) - */ - -#include "SecItemSchema.h" - -// MARK - -// MARK Keychain version 6 schema - -#define __FLAGS(ARG, ...) SECDBFLAGS(__VA_ARGS__) -#define SECDBFLAGS(ARG, ...) __FLAGS_##ARG | __FLAGS(__VA_ARGS__) - -#define SecDbFlags(P,L,I,S,A,D,R,C,H,B,Z,E,N,U) (__FLAGS_##P|__FLAGS_##L|__FLAGS_##I|__FLAGS_##S|__FLAGS_##A|__FLAGS_##D|__FLAGS_##R|__FLAGS_##C|__FLAGS_##H|__FLAGS_##B|__FLAGS_##Z|__FLAGS_##E|__FLAGS_##N|__FLAGS_##U) - -#define __FLAGS_ 0 -#define __FLAGS_P kSecDbPrimaryKeyFlag -#define __FLAGS_L kSecDbInFlag -#define __FLAGS_I kSecDbIndexFlag -#define __FLAGS_S kSecDbSHA1ValueInFlag -#define __FLAGS_A kSecDbReturnAttrFlag -#define __FLAGS_D kSecDbReturnDataFlag -#define __FLAGS_R kSecDbReturnRefFlag -#define __FLAGS_C kSecDbInCryptoDataFlag -#define __FLAGS_H kSecDbInHashFlag -#define __FLAGS_B kSecDbInBackupFlag -#define __FLAGS_Z kSecDbDefault0Flag -#define __FLAGS_E kSecDbDefaultEmptyFlag -#define __FLAGS_N kSecDbNotNullFlag -#define __FLAGS_U kSecDbInAuthenticatedDataFlag - -// ,-------------- P : Part of primary key -// / ,------------- L : Stored in local database -// / / ,------------ I : Attribute wants an index in the database -// / / / ,----------- S : SHA1 hashed attribute value in database (implies L) -// / / / / ,---------- A : Returned to client as attribute in queries -// / / / / / ,--------- D : Returned to client as data in queries -// / / / / / / ,-------- R : Returned to client as ref/persistent ref in queries -// / / / / / / / ,------- C : Part of encrypted blob -// / / / / / / / / ,------ H : Attribute is part of item SHA1 hash (Implied by C) -// / / / / / / / / / ,----- B : Attribute is part of iTunes/iCloud backup bag -// / / / / / / / / / / ,---- Z : Attribute has a default value of 0 -// / / / / / / / / / / / ,--- E : Attribute has a default value of "" or empty data -// / / / / / / / / / / / / ,-- N : Attribute must have a value -// / / / / / / / / / / / / / ,- U : Attribute is stored in authenticated, but not necessarily encrypted data -// / / / / / / / / / / / / / / -// / / / / / / / / / / / / / / -// | | | | | | | | | | | | | | -// common to all | | | | | | | | | | | | | | -SECDB_ATTR(v6rowid, "rowid", RowId, SecDbFlags( ,L, , , , ,R, , ,B, , , , )); -SECDB_ATTR(v6cdat, "cdat", CreationDate, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6mdat, "mdat",ModificationDate,SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6labl, "labl", Blob, SecDbFlags( ,L, ,S,A, , ,C,H, , , , , )); -SECDB_ATTR(v6data, "data", EncryptedData, SecDbFlags( ,L, , , , , , , ,B, , , , )); -SECDB_ATTR(v6agrp, "agrp", String, SecDbFlags(P,L, , ,A, , , ,H, , , , ,U)); -SECDB_ATTR(v6pdmn, "pdmn", Access, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6sync, "sync", Sync, SecDbFlags(P,L,I, ,A, , , ,H, ,Z, ,N,U)); -SECDB_ATTR(v6tomb, "tomb", Tomb, SecDbFlags( ,L, , , , , , ,H, ,Z, ,N,U)); -SECDB_ATTR(v6sha1, "sha1", SHA1, SecDbFlags( ,L,I, ,A, ,R, , , , , , , )); -SECDB_ATTR(v6accc, "accc", AccessControl, SecDbFlags( , , , ,A, , , , , , , , , )); -SECDB_ATTR(v6v_Data, "v_Data", Data, SecDbFlags( , , , , ,D, ,C,H, , , , , )); -SECDB_ATTR(v6v_pk, "v_pk", PrimaryKey, SecDbFlags( , , , , , , , , , , , , , )); -// genp and inet and keys | | | | | | | | | | | | | -SECDB_ATTR(v6crtr, "crtr", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6alis, "alis", Blob, SecDbFlags( ,L, ,S,A, , ,C,H, , , , , )); -// genp and inet | | | | | | | | | | | | | -SECDB_ATTR(v6desc, "desc", Blob, SecDbFlags( ,L, ,S,A, , ,C,H, , , , , )); -SECDB_ATTR(v6icmt, "icmt", Blob, SecDbFlags( ,L, ,S,A, , ,C,H, , , , , )); -SECDB_ATTR(v6type, "type", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6invi, "invi", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6nega, "nega", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6cusi, "cusi", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6prot, "prot", Blob, SecDbFlags( ,L, ,S,A, , ,C,H, , , , , )); -SECDB_ATTR(v6scrp, "scrp", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6acct, "acct", Blob, SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, )); -// genp only | | | | | | | | | | | | | -SECDB_ATTR(v6svce, "svce", Blob, SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, )); -SECDB_ATTR(v6gena, "gena", Blob, SecDbFlags( ,L, ,S,A, , ,C,H, , , , , )); -// inet only | | | | | | | | | | | | | -SECDB_ATTR(v6sdmn, "sdmn", Blob, SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, )); -SECDB_ATTR(v6srvr, "srvr", Blob, SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, )); -SECDB_ATTR(v6ptcl, "ptcl", Number, SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, )); -SECDB_ATTR(v6atyp, "atyp", Blob, SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, )); -SECDB_ATTR(v6port, "port", Number, SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, )); -SECDB_ATTR(v6path, "path", Blob, SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, )); -// cert only | | | | | | | | | | | | | -SECDB_ATTR(v6ctyp, "ctyp", Number, SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, )); -SECDB_ATTR(v6cenc, "cenc", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6subj, "subj", Data, SecDbFlags( ,L,I,S,A, , ,C,H, , , , , )); -SECDB_ATTR(v6issr, "issr", Data, SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, )); -SECDB_ATTR(v6slnr, "slnr", Data, SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, )); -SECDB_ATTR(v6skid, "skid", Data, SecDbFlags( ,L,I,S,A, , ,C,H, , , , , )); -SECDB_ATTR(v6pkhh, "pkhh", Data, SecDbFlags( ,L,I, ,A, , ,C,H, , , , , )); -// cert attributes that share names with common ones but have different flags -SECDB_ATTR(v6certalis, "alis", Blob, SecDbFlags( ,L,I,S,A, , ,C,H, , , , , )); -// keys only | | | | | | | | | | | | | -SECDB_ATTR(v6kcls, "kcls", Number, SecDbFlags(P,L,I,S,A, , ,C,H, ,Z, ,N, )); -SECDB_ATTR(v6perm, "perm", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6priv, "priv", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6modi, "modi", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6klbl, "klbl", Data, SecDbFlags(P,L,I, ,A, , ,C,H, , ,E,N, )); -SECDB_ATTR(v6atag, "atag", Blob, SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, )); -SECDB_ATTR(v6bsiz, "bsiz", Number, SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, )); -SECDB_ATTR(v6esiz, "esiz", Number, SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, )); -SECDB_ATTR(v6sdat, "sdat", Date, SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, )); -SECDB_ATTR(v6edat, "edat", Date, SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, )); -SECDB_ATTR(v6sens, "sens", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6asen, "asen", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6extr, "extr", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6next, "next", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6encr, "encr", Number, SecDbFlags( ,L,I, ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6decr, "decr", Number, SecDbFlags( ,L,I, ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6drve, "drve", Number, SecDbFlags( ,L,I, ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6sign, "sign", Number, SecDbFlags( ,L,I, ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6vrfy, "vrfy", Number, SecDbFlags( ,L,I, ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6snrc, "snrc", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6vyrc, "vyrc", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6wrap, "wrap", Number, SecDbFlags( ,L,I, ,A, , ,C,H, , , , , )); -SECDB_ATTR(v6unwp, "unwp", Number, SecDbFlags( ,L,I, ,A, , ,C,H, , , , , )); -// keys attributes that share names with common ones but have different flags -SECDB_ATTR(v6keytype, "type", Number, SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, )); -SECDB_ATTR(v6keycrtr, "crtr", Number, SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, )); - -const SecDbClass genp_class = { - .name = CFSTR("genp"), - .attrs = { - &v6rowid, - &v6cdat, - &v6mdat, - &v6desc, - &v6icmt, - &v6crtr, - &v6type, - &v6scrp, - &v6labl, - &v6alis, - &v6invi, - &v6nega, - &v6cusi, - &v6prot, - &v6acct, - &v6svce, - &v6gena, - &v6data, - &v6agrp, - &v6pdmn, - &v6sync, - &v6tomb, - &v6sha1, - &v6v_Data, - &v6v_pk, - &v6accc, - NULL - }, -}; - -const SecDbClass inet_class = { - .name = CFSTR("inet"), - .attrs = { - &v6rowid, - &v6cdat, - &v6mdat, - &v6desc, - &v6icmt, - &v6crtr, - &v6type, - &v6scrp, - &v6labl, - &v6alis, - &v6invi, - &v6nega, - &v6cusi, - &v6prot, - &v6acct, - &v6sdmn, - &v6srvr, - &v6ptcl, - &v6atyp, - &v6port, - &v6path, - &v6data, - &v6agrp, - &v6pdmn, - &v6sync, - &v6tomb, - &v6sha1, - &v6v_Data, - &v6v_pk, - &v6accc, - 0 - }, -}; - -const SecDbClass cert_class = { - .name = CFSTR("cert"), - .attrs = { - &v6rowid, - &v6cdat, - &v6mdat, - &v6ctyp, - &v6cenc, - &v6labl, - &v6certalis, - &v6subj, - &v6issr, - &v6slnr, - &v6skid, - &v6pkhh, - &v6data, - &v6agrp, - &v6pdmn, - &v6sync, - &v6tomb, - &v6sha1, - &v6v_Data, - &v6v_pk, - &v6accc, - 0 - }, -}; - -const SecDbClass keys_class = { - .name = CFSTR("keys"), - .attrs = { - &v6rowid, - &v6cdat, - &v6mdat, - &v6kcls, - &v6labl, - &v6alis, - &v6perm, - &v6priv, - &v6modi, - &v6klbl, - &v6atag, - &v6keycrtr, - &v6keytype, - &v6bsiz, - &v6esiz, - &v6sdat, - &v6edat, - &v6sens, - &v6asen, - &v6extr, - &v6next, - &v6encr, - &v6decr, - &v6drve, - &v6sign, - &v6vrfy, - &v6snrc, - &v6vyrc, - &v6wrap, - &v6unwp, - &v6data, - &v6agrp, - &v6pdmn, - &v6sync, - &v6tomb, - &v6sha1, - &v6v_Data, - &v6v_pk, - &v6accc, - 0 - } -}; - -/* An identity which is really a cert + a key, so all cert and keys attrs are - allowed. */ -const SecDbClass identity_class = { - .name = CFSTR("idnt"), - .attrs = { - 0 - }, -}; diff --git a/SecurityFeatures/CopyHeaders.sh b/SecurityFeatures/CopyHeaders.sh deleted file mode 100755 index 57c553de..00000000 --- a/SecurityFeatures/CopyHeaders.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh - -set -x - -BASEDIR=$(dirname $0) - -source=${1} - -TARGET_DIR="${BUILT_PRODUCTS_DIR}/include/Security" - -test -d "${TARGET_DIR}" || mkdir -p "${TARGET_DIR}" - -cp "${BASEDIR}/${source}/SecurityFeatures.h" "${TARGET_DIR}" diff --git a/SecurityFeatures/ExternalProject.sh b/SecurityFeatures/ExternalProject.sh deleted file mode 100755 index 717833f8..00000000 --- a/SecurityFeatures/ExternalProject.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -# -# ExternalProject.sh -# - -case $1 in - clean) - rm -f "${BUILT_PRODUCTS_DIR}"/include/Security/SecurityFeatures.h - ;; - *) - ;; -esac - -exit 0 diff --git a/SecurityFeatures/README.txt b/SecurityFeatures/README.txt deleted file mode 100644 index dee8987b..00000000 --- a/SecurityFeatures/README.txt +++ /dev/null @@ -1,18 +0,0 @@ - -On our targets we have different features enabled, some of our header -files are shared between the targets and installed on both targets. - -This means that since they are shared there is no good way to -provide conditionals based on TARGET_OS_ macros since some of the -targets are built on both platforms, and you don't know if -you are considering building for OSX or iOS at that point -(the simulator for example). - -Really, the headers needs to be unifdef'ed instead of provided -prototypes that are never defined. But that is more invasive. - -Right now the switch between the headers are done in the two -Security.framework targets, which is somewhat of a cheat. - -Once the two Security frameworks targets are merged into one, this -switch needs to happen on a Configuration bases. diff --git a/SecurityTests/CreateCerts.sh b/SecurityTests/CreateCerts.sh deleted file mode 100644 index 6269bd74..00000000 --- a/SecurityTests/CreateCerts.sh +++ /dev/null @@ -1,86 +0,0 @@ -#!/bin/sh - -# CreateCerts.sh -# Security -# -# Created by Fabrice Gautier on 6/7/11. -# Copyright 2011 Apple, Inc. All rights reserved. - -echo "Create Certs" - - -#Overrride which openssl to use: -# System openssl -#OPENSSL=/usr/bin/openssl -# Macport openssl -#OPENSSL=/opt/local/bin/openssl -# your own openssl -OPENSSL=/usr/local/ssl/bin/openssl - -#Override which gnutls-certtool to use: -# Macport gnutls -#GNUTLS_CERTTOOL=/opt/local/gnutls-certtool -# your own gnutls -GNUTLS_CERTTOOL=/usr/local/bin/certtool - - -DIR=test-certs - -mkdir -p $DIR -cd $DIR - -#generate EC params -${OPENSSL} ecparam -name secp256k1 -out ecparam.pem - -echo "**** Generating CA keys and certs..." -# generate CA certs -${OPENSSL} req -x509 -nodes -days 365 -subj '/CN=SecurityTest CA Cert (RSA)' -newkey rsa:1024 -keyout CAKey.rsa.pem -out CACert.rsa.pem -${OPENSSL} req -x509 -nodes -days 365 -subj '/CN=SecurityTest CA Cert (ECC)' -newkey ec:ecparam.pem -keyout CAKey.ecc.pem -out CACert.ecc.pem - -echo "**** Generating Server keys and csr..." -# generate Server EC key -${GNUTLS_CERTTOOL} -p --ecc --sec-param high --outfile ServerKey.ecc.pem - -# generate Server certs -${OPENSSL} req -new -nodes -days 365 -subj '/CN=SecurityTests Server Cert (RSA)' -newkey rsa:1024 -keyout ServerKey.rsa.pem -out ServerReq.rsa.pem -${OPENSSL} req -new -nodes -days 365 -subj '/CN=SecurityTests Server Cert (ECC)' -key ServerKey.ecc.pem -out ServerReq.ecc.pem - -echo "**** Generating Client keys and csr..." -# generate Client EC key -${GNUTLS_CERTTOOL} -p --ecc --sec-param high --outfile ClientKey.ecc.pem - -# generate client certs -${OPENSSL} req -new -nodes -days 365 -subj '/CN=SecurityTests Client Cert (RSA)' -newkey rsa:1024 -keyout ClientKey.rsa.pem -out ClientReq.rsa.pem -${OPENSSL} req -new -nodes -days 365 -subj '/CN=SecurityTests Client Cert (ECC)' -key ClientKey.ecc.pem -out ClientReq.ecc.pem - -echo "**** Signing Servers certs..." -# sign certs -${OPENSSL} x509 -req -in ServerReq.rsa.pem -CA CACert.rsa.pem -CAkey CAKey.rsa.pem -set_serial 1 -out ServerCert.rsa.rsa.pem -${OPENSSL} x509 -req -in ServerReq.rsa.pem -CA CACert.ecc.pem -CAkey CAKey.ecc.pem -set_serial 2 -out ServerCert.rsa.ecc.pem -${OPENSSL} x509 -req -in ServerReq.ecc.pem -CA CACert.rsa.pem -CAkey CAKey.rsa.pem -set_serial 3 -out ServerCert.ecc.rsa.pem -${OPENSSL} x509 -req -in ServerReq.ecc.pem -CA CACert.ecc.pem -CAkey CAKey.ecc.pem -set_serial 4 -out ServerCert.ecc.ecc.pem - -echo "**** Signing Clients certs..." -${OPENSSL} x509 -req -in ClientReq.rsa.pem -CA CACert.rsa.pem -CAkey CAKey.rsa.pem -set_serial 1001 -out ClientCert.rsa.rsa.pem -${OPENSSL} x509 -req -in ClientReq.rsa.pem -CA CACert.ecc.pem -CAkey CAKey.ecc.pem -set_serial 1002 -out ClientCert.rsa.ecc.pem -${OPENSSL} x509 -req -in ClientReq.ecc.pem -CA CACert.rsa.pem -CAkey CAKey.rsa.pem -set_serial 1003 -out ClientCert.ecc.rsa.pem -${OPENSSL} x509 -req -in ClientReq.ecc.pem -CA CACert.ecc.pem -CAkey CAKey.ecc.pem -set_serial 1004 -out ClientCert.ecc.ecc.pem - - -#export client keys and cert into .h - -${OPENSSL} ec -outform DER -in ClientKey.ecc.pem -out ClientKey.ecc.der -${OPENSSL} rsa -outform DER -in ClientKey.rsa.pem -out ClientKey.rsa.der - -xxd -i ClientKey.ecc.der > ClientKey_ecc.h -xxd -i ClientKey.rsa.der > ClientKey_rsa.h - -${OPENSSL} x509 -outform DER -in ClientCert.rsa.rsa.pem -out ClientCert.rsa.rsa.der -${OPENSSL} x509 -outform DER -in ClientCert.rsa.ecc.pem -out ClientCert.rsa.ecc.der -${OPENSSL} x509 -outform DER -in ClientCert.ecc.rsa.pem -out ClientCert.ecc.rsa.der -${OPENSSL} x509 -outform DER -in ClientCert.ecc.ecc.pem -out ClientCert.ecc.ecc.der - -xxd -i ClientCert.rsa.rsa.der > ClientCert_rsa_rsa.h -xxd -i ClientCert.rsa.ecc.der > ClientCert_rsa_ecc.h -xxd -i ClientCert.ecc.rsa.der > ClientCert_ecc_rsa.h -xxd -i ClientCert.ecc.ecc.der > ClientCert_ecc_ecc.h diff --git a/SecurityTests/NOTE.txt b/SecurityTests/NOTE.txt new file mode 100644 index 00000000..85c74696 --- /dev/null +++ b/SecurityTests/NOTE.txt @@ -0,0 +1,4 @@ +Much of the historical content of these SecurityTests has been archived to: + +https://stash.sd.apple.com/projects/COREOSINT/repos/securitytech/browse/Archive/SecurityTests + diff --git a/SecurityTests/PKITS.pdf b/SecurityTests/PKITS.pdf index 82db50339bce026eebbbffaa1eccffd2e674d4a0..c27f6b025008e688adeb9ec1087b192b4c85ec24 100644 GIT binary patch literal 5027216 zcma&NQ;=v&yQW*VZQHhO+cnF^EZeqi+qP}nwq0kfeNK0uh<``yzRSpQm+?i8=S7k# zh=|cL(y>614i*h|4YmyCLNO6A5ZL{(gyP|$moc$5b22Aj{%1#tUd+PU$;6Rf%-Yb& zM8w3%&e(*H59+Uzqluvnlv~!cige@_15D4U`db%64T-o5OrRlitdN~H5O31Xh7F}n zzUTRF?U8tbWcs?ac8UPectVdnJUC5;{Gq6d&y%6YVs^<*z8W~Q71GR1N9xSG=`CczH7s{a zS2=Kboj__=37kfrc|V_84xpxFVb0Nl7^GkV0Oac`mIQ;uBFZ9zj?oodoLWDLI z;r-TEROY=y8IMbaL-%q*&S0Mjq&FJc5RxpPnt>LH92J$|$Q;wqBD z)^5+uNgD(iLfS2rLC^fI3<%~xZ~+~a+P*aVj;V@uqgX_EX?HY@T`E8t_Gt<9c z|7(x+KgNyi|6<&(v!(40*%170-%n1Ukia;QMvN$-OS_J&?B6dCiJSgV6pKeoy zm5@+-kXEs&H2?T(W(JTtvgV#h(sK9j?{@ma$^6FqfwS)IU*5X%|JuK8MmG$u^55R% z-p0L_-sEYx9)zCm!twKk1CI?p;`c_ukTEhDdvP6%4Hb!w9yx)qF`0~bVErW?96H@^ zjDLLr-$@NUUp>ve!OOkv=}H^ydvY?NZ)Q>60|(#+T_RsS4SomCEy{tqG&fzy(v$_3 zHO|9?ak63E7C&EG{Dr-K0g+RtLr#+?YU)+UxkdId7c!3qE@}4{J|R zKpm1up|KwsTjSWW;;L8a zZEt_blJK;Nh{6l<$EwU{G4l(itsA__|Dzf>N3KLm9u<^4W9SIPudn zwTGE3?Q1B0PTy;3ldv~JuYb8}d4H3{pon8K&U5w&#<7>gWH_Me03myU5wZ*lJK43zlhSl!G5v zg7vvnQDG&V$ZceSuV`OZMO;y}oXmp>!e2viuyB5_g}^?oXN5bFvDI8AB3k~gz`u@^ zXg3~>yOZN0S@wP^tJ1(^@5Fj$;Xt5m;hz)& zv$4ZX>J>@%ttcW8?$Hw z#%Z|Ub(HuME=%D_S9J;|ojb&rn~pUEd8k}fL-5bhmyC+xZ3&Eu^PKjJrqdkGfW0(; zvRl$MYdSa8SRBc2qSnx=+_BuJs;!N*bwAo|bB3VH>QMfj9AA#DDf-B^cAR}MRYRum zgF%VgKqZXD50ja*IDw3fr#mK9Yy!z*mqF_f=PIa3Z-#{YFKtHG1) zfmc(nLpzH!txifZ(TE^LwEJ^Gl#UA?*ojkBthyTArS?aMYK?OQOw%h(AMy{g9HGu{*8re>6?t$m3n?sf&8%rj$DY8$As`dWKyX#EW` zGdo+Ed9WpRm(0iX_JJbBWw6TuDO*q5DR>#RdOS90ds!l6qBMR8C_ySYfNKlHIaV50 zf%puwft;DoOh8g9kaUt2F#PSgvQi>Z)+aGkB4^hxI9?a3+e^r$xC~*Iub0tRUSz9V zmeeTIk8ypuPFTRkwZZJehr}O0)9rb4<0y2fqGcb}Ni$HJA}}l_RY+#$%V{RVV!y6w zUGvvz2d(wQgyUi^?k^n?FVCNw)#;Z{jL#ezEf*1cYtUuZvT=FZM;tJ$a!o1~)*wG6 znF&AF9!S|Wej7%1RS7zDGmS=yw+;VGOO$pY5~iFCoonqmW6*YRY&U8vOp50)i1(nX zz8($FpzF^RomKAPyl)vib^6z;B%3{~Lk|J$9CikB=$NH>{A?fRY|96uaqNBcvw{)% z&J4{jnMnb_UfI=|%{wFMb01JSo#XTdLe}kz*4lCSfLXaIOuP&K0}u9($3G=#$D>ZW` z$l97b*&D1|o2XhWw zBG1gnU>RhkkrF*!@QkmvhwX4!mNf+J2r5o#(PS*mPK;j5@lXprl7g1;s-+HBl-liz z`ZaOSvF}%uy*16?%V)oG@x0ZytINB`TG@+5X5X35`{(*;G?X9H_v7nRpKj5S zH*?ad7Yp3?_xVwt9zU0!U$r*VBF4^T_qUBM_1q=eu2=Wl#6xG=DP8ERH+^rkFLro- zzsKRutuNHJa9v@IbgI@WV~Whs41q1e`fGV1cQI#gq?>NLehO!oeR5fB+;pk`&?ALf zQ6|kiW+0=E{=`}j7xr3iWN*%;V}l|yx{ynwL{k8hVHl_~S5Uqziu((F+2xQF6eZ*~ zFlS{F1s%(t#n<7-LvNoG17?J=QYH|1r$+FkxW8))ZZ*18|4?5sOW-%!7qjaO&3&<> z5=+5!0a&!ZS{)k3qOYvK|3iq7jmK7jnW$!Js3EasW~As|fEtfXUj!fQ9<*YFQv(0P z6lX-PiVN}a-9~`%+G`w(uQ5V%Et*C0V{);>0M-_#chqsek**RpIXEH=>NWK(CRYPO%lOC0D*8ZZ6zu>9ZII0!~z|e^H6gKHoVxQly63K1pGJ|oYZ$+?q z3p97Rb(_7I4rUc=HsM7K;?c{$vtk`o!pU}e5MX#OZl$D`zP>9v$0E=6X z5-{YJ4EdB>EVfu-3<>8T!FUvu5HC5`$B1RzD)y45N9HT`afTWv3`g&iMjs?@obajj zlC$C-kbd1&L%S_aas8^*cAzM;SenTtqKHOQw6el;Wx#hfN!{vyZZ$|JlaU_*-&N}haDV~z_ zRi19{)XazmX_57>gPmeV$@KIah&=1#oht_4T?b~z_}_N;E*PXj92h9Cao#Zm2p>rN znK;04EhUjLyigSM1hrvE$cn6FeZl1s?E=_%<4ELOO#&QYNl@gS=w^0y@ucWF6IhON zFe>r2h@R?ww=0QR)7%#nhXVVe4Q^*#JTBTLT}P$?KB4AMInmI7op6C5^m|0-p?<$) z!IUfCSV4Y18#PWkhQu`3_QGqU!44 zWh(r0hd?9AuL)qX{ReOoDhli7!52Nu zuO8Noe8~xvxlkpU51cy_Qp^$HaEG@`{_BWzsqM2@O!WMj1JJN8UghjwEBQBFjys-5 z>@klodd7B-Rs@4|R*df8#^#iyXi_2u>rT@nmLMP_8a_j8ntds>?Eb8KI}b$1mVkqL zq*AB>Q4}LHX)0biybfb&8YG@i2_1y8c}}IQ+!<=*tP_qM;}n;};i)#SHmQ&;b6f)l zS6F0k+(ni13xuR=mbK+>nwm%ig~tx&`#4A58{Z9drfY2GZZlkf1v=7qNfen-Qk~B& z^^X<_y^kJ8o($t*D)ZgCdC86$|v&C}v4do728f#T)PDg{}}8brgRm zgB|kG#;MbE)@UzwT^;Obc6WdxxAGl!B}H<)S^?O{?q%Q(Uv-@Oq)bKiD=w6iBpyi= zhvPo089Q3ixPbC?v2WC`r6nR`wItp1K2iOD^)(PMuxKn zqD%V%0ex4hqq;u~$Ip#wPDvME#&xfk0bL_sHB`c{C^DioNqnQx3ERNr1j4KkWRd6) zC1+bb@R3o72LzMwpWDGkgH!u!KI=qxcWpoY*WXPdXo?D22x$-Et%52{HP9w61OPI| zD>y$R3$96%Hyt}j=~k;1F0@Hc=!zpx*jbMW_VL!8|K7%Fnn+$dQrnI;O5+L=7VY8N zu-0R6r4p)WoITS|8&VX7YRD|7Z>xYQ6xr)js6J_|m;DW9%YteEbS>PPiP8Db0uPG^UCz zHvNpfJ4kuM>R~873(21+B6oEVTcXUZ)EILgx}>i5OMs_j7)ySo#uf1o1$z*SoA2K;nlRdld7E>9)48Wp=Lp${kIX<0~>#j zMZs=pN<^%-=4RPNKN(4*hT(WcXiU*gN8bZB+aVUf##`GLJ*U7(H%rHoui~UjvaB3F z;Eu@gS@hw2D6jdv67{cIPNnwY$0(w6PKt}g`s6v8R84E^jcKey+%s!u$$%jdL=k_) zzx*Czob^WkjZ!>v%zgmvTB#g*1Av z6Z{@EsVAGl>+2o*#`!(P{GEES@P+8OALf0x^D10?=*d{j#ULN zR;fYwI4bUl4plh6@J@$lQ}Z6D(55BUjt9W&Mb>f+Si4-}qTs>=M@9Ou=tp(Y2S4|R zzM=RW)3pumRBvdXiPiZMflIYx1cB!_6MpSOh!dE7l0=d$2OI)J5+C3~7P3;K*RAAe zHVPa=;7z^6e#g9PVjy2IlfarbGV&x@p<^OhY@7W`&CYW>w^GxyHafv6xl6_d_b7KS z?e->TjWIwh?O4p$0S?xTIBVa9j99Odjg2U7)$LUP!)O5{D;&v%u{xqe(N#>X1c4;E zUu92l670nab2DsU6YBEfn)sy6@B+%kT$`CbB?e6gy03yD72MwmK>20My*cyD6A}M0 zC_#OKXs!oRXzZ2IZ#L(=zd_AuYAaE8Qcsd9B`T5IK*>E#9;9vVpk;-Qg2Cn3S>ze3!P zZbqNjO4!>JI&B&M-nz22aA7WozxjyFU6_JQsZOCP&uYgCadho zEQ;P)8p8pCh1#ICjqz)7yKlQtfvFJH`RDS5!3v0(%3CjcNizm5Z`N`z zRJnJ^QFsy&EPaA2#u)U-Av5WDvo%o4{PUR3zJsZp;rlE$-=miGdH%BLiqnzIY$!S^ z<(!;QC->@C)$m7Le^}`f`qyQ!4MLx99WEqBfPJ&&gO)oHTJb$?QpwvS|D$D4CaTk| zj!S03nh$i3en)mh!yARVm3A4in+g80eY_lM=lr&K0#!m4`37KPe9ZHtp<5!1^^`L!u1SMC?A zT?737ztL#_im!h)8Z!$6!~gbs85#dWq%r;*Is8un!?KoiLT|3eQ(@7{U?Vp)HW*7o6`ixU>hrQN8#%|<=fiCOo<95w zLIJPW&-d{uKAdl9<;mUqZ0hBvG>e-R!~PQPjt}?O+a35_Xe+-DXQmI&0A>gxPWJD| z%i`qs_3@%LXBwP3U3IG|&P)mRXCtOqtl0@;fTTKIA$MRg^UqrcS&r*!=nV_XdCOHz z;r2Y7Lwo0gYRfI0}LS)J-@DP>xpI^}g8_osaMKrYSf%dBHZIfWVm; z$L6QolUXG9%`Dpi=e^X=xgt&TcrB2|8VVqiF z-z{bi7PE-=Q;)P5>5a>IY5T7^a&sgqK$(IH!6TjY1RNzOts+Yv;Pu8GgBUw@p;~(M zM^cQtzMBnU(eF8$L$JjtwEt`Yjl#+xB9>ubEYTy(ycK)mc6K??$DkoX0`{lW!f*)t zdftHZdAh9Q4fx|7*am@PuAxur_uY8x1_*?t1P)j%rW1M_&@&mYStA@%Y2w!(&QVBx z1_kAjjy7!6SH!OiDl#M`n_vC;l8dUfMeh~GbdrB@aWPpJBzPZBwl}(R^1{rPxk`Om zjTPLa$EB2;b3M$kSTrqY;~+vNooX^~U|csI9l^!>G_#RGYe92&Se%e1LS$qC7_H3P z57YUSjDr;D`#`}FbrSBIV*68z$b?soFF#%+e zhHA}g(SpE9@3cI>3Hkx{Cd}Cep5={7=DrR@oJbMl_b`EKO!X3u@yNw@KYkqAKt+3k z8N(cYkDwrlO7ah$7?hhC%dhF`z<^0ge=8Vj48p)&kj;05m0(m7PP8+Opp>KV$E65b zg$Xx3N1tl28tbt`g3v*xRuvD(QsK-WQ|}fMc<}GOb_fnVeFPLu?Ox-p(Li|TbqqdZ z+K+H01&m0Oz#Dc>Y_9n$rmC9tM*+F(K&i|G{pc=n<5({@XsKQ+QbeR_*m*VCTIbKT zR<2^46xK7V>M{aY4eQfznk~B#?OIzKVRzh(my-6Jm%%*%D#A&q&Jrqc<-}Zfg>kAC zE*1u@B`kFz#mw#zvL*cF~J>NgsgYfo*Hw9dHv$GaPlu2IyvltVXJck8e@D^ZRd{ zSmY(1g~DN@z%ITtR+P7#7D?TSYrTqMd(w-~#d~6pP$SGJ(Ps#DQzt}IIa&pL{Eq4t z1Ue@w9iKY+`-tVB8SwCDh@bYO9r#E91SCv2B;{ls+U5IzlG~AEY!{)^{_zLwYVcLE2Cq_+i-wPWS_lTw*I_%P=v3%51i?zUNcGkb`r8dl97OTbAjA2? z(_k%}FP9O8G1ic)@W?tDc^dbpeEIa#kI7SCc0f!{7Q78!y$si)kOZZrhw2D9v4?6O znQiGaGK!VvS>^Y6`Ox82Hf5+n12E-dn zn)FS>G?y)goP!@djpB?_PXhDyJq6I>r3M(DoE_2K(Tc$r7pe*|s?!IBLvhB?f!NyA2HVD_71GUS2E%SMI|GN> z#4yzwBxCEbd-ZrokWs1v$k2|vON>dCZzn%U_|b&q5T2DAX%(DrF?Xts^o2aRX5sV9 z%EXwGYrEczWYz7bxu0(siY4gGB*wq4&BeXZag=puu~!q?+eaYeByD5? zkl=Yy0-){1M|-YK6+$P~qmSFkCdh9KCsZABM$GeU?v~#T>KCOvB>OoYceeMSA~~Zr z0gLZsVYI!xQ+T7q(YW>%ap#f6uQM%%X+$qGOm;S1u!)p47iy^?b5y*AzSe(EKT?Qn z57t%s@}l>;?h~ZyDut*NQQ$+_N>=r(PV!zb>G`5z!)dy_JU+75NHlAc`!Bv1A8F^v zW*C}Ok`gh3@9~D5zpKEZc4SId6Z@k8GAA-NVplfk8eI_Uwdy1AMw&!Gf_T4s1e8wk zVAF&D_OT$FkfLuI)g7nn^YLys} zls}5M5D)C-qF$HilU}5E(6#I*xnwUkQ0ZCXsU&VaNttjx6rpd|n~qyi>aFCIP<}Dm zeQdg8o%*c@F)apWjC;?Qpqb&^zNJsA3h`Pyl~yv(lYUmuPG&hspc?XR8qkNI7Hdnn#co7;oT z>G*%&Z{YcLev)S@CTD%SJwF^vyZx;K)$ZPpreTqiYucb!w z?LlXev~$>O?$hl9H>*mm?qL||tUZPwJ-JV*rh+><$J9? zC?_8sscUw1!jlFeukSr_$N!3e-B!9UK2q1JgZ1xpSBe=NyCL0i5*%??xiGc!jn_Zf`0gcRz?4A!p`3yqYJw z%F(R`ezSRCt5%*rAdB8+3dOVV{OZ(82=gN=Y&AiI3MiU`7f7KGa1eE*qr|d;t=Aea zW?kstf~OJIo9}Rhv_e%rL#b7$#u}GcVmTld?Z!&>W$j~&{^UzdW_vXxsoWF|)Kach zuxsl+osMTkEVq}WVR|xe7$vGAi58XEB4A@X33r;Rs?7+Mm$M-05U^enbs`KeLzQ!Z zQLnyqw6MC0ZsPS1T~tbU~A3MO}}h@mf6x~G@oTLn|N3CBPyyqy++al1|J z#fOk9pW%=F)^iB6$gFQ@iAWE=Y-k$itluw2O-PI8c4>G6-VyTxtqhemxV4RsPzF8e z6IL*H9G{cqk?x>obCjlYn63ytm2|6$s`qT2n0mqCPn>V4 zA=u20>PcTAHAq-HI|1t4hHq)P5vi+Di>k4t1e?}Ikfs^8P@!b|s@+LnPkc776*GQO zHjGa9rK+iO+Mnu}dC!|%9Wo26Yw1Wtfi-|X#t8ybE?m>uki|Gm#5HAt_OGo%C7FQC zI#3`**jVsujwgvWYNokolaRI40USi(8V$$^>lcN8Szvxvf!T3UL}C;ETHzEZ@q_HR zZ_}LIeO?SvOlPAeG9f8GxPzEaA;7stwwvu=S~j2TKzFeM8JbPZ-f(VjO}MeV9)**c zfVqlEG9QsWG*I=}9l|m2U%B122LCi@t^M0xL$Ug9n>brNKH#s<3e{Aof2ksl zwrxf}ULaMJh;VSZH-R`|Cn(zTRwqs^{__otwi|5p5Krp5_ZHfbT%@bM+yi#T3zTV= z6A85^>)DbEH8H{mQqoN_HNPP|b!6sg{wJp|RD|o6%PjOyKFxp^ELM26;sP!4Vis1e zE-RM)_N41kT8WzF&3D@OER&uIn}XsY3`n(bc+Q32y{^u8Z~cyORVf%Ft9szc2IG&4 z%Eq(a_fU$psViGCF!ushas!_T7^AWghL&`FBz*Cxa%Wv-{~7CsSzrit!?af0=}(VH z-Kzq!&ZH#b<3*~!(+5Y_gNJgac}=A$fK_?6%7b;)pAnHKF@3SG%R99Q1NAz|a zl+O6bgEy?REHymlReHz-ySthsS;;4bPI{?L6agosm#oG+u0$LsNfp%n$p4*O}U16_U=IiS?i(y2`&9cU8bqF z>DdhCwJoo_z5aM)Je=Esjl0(lza9yl8nVzw=F;bH7$Rw!rByr7^9;Zu#Vd;1bb)Oh zGMf*Fq;AAS078Pgi^{Ls0~bik2SKLEJCMS~z_3Wqffs3VES|FRDLUYjBrH|&uQDw< z9J#+ygoL&SkFPZGNO`kWhIeba4w4sXJ2*UJ=!*VqA3A)Uc8yqAnnBppoq zISd!gp2mEzW`F_go!<$)Wg;Z`h)Ho%;-K)#L)Qwu$8itYwY75479a^Cn2W??{U*SX zxG~M_nkCs~UBf{Pd`=KtxSCuW{kv-H5t`PtAjcBXy{-TL`tI#5P6Z?E8 z&!AU}Pq>Q{i6 zjr8-?{e&Yi&T4p~K}T6gQ3P*=-gz{e0_Dc`Q-kg%Mr=jsW^!SAQIN@=!q@0hjjH~E zxteFO9b)2eIx}x^VJ$ffl*>!#;bo~~GAlc-RjA1mqeRQ1r>tq0s>MJFpqmutwgFK= z3)>@D)O-6S!<{SHi5S&Lt*Jv~li>;iJuW#su7fm+#?H*TQ=by@?EhUd}>bbRKy@lU#?H1Bl zrf7fuVLH)DsnZBKhBC5Y|0q>_G^`l6BqUJsdL!nie!V(A0shh$B3^xs8E`8v5@_@o z=V6g-++CXvB3q4!Lr+pi>yO`HzIP6TK60z#JJh6o+`dYg3qWEHymM*@{MV9L2lZQ6!1olQ*f$dN9HgyAiqw+*?IHJq&Gql&9JsR6LKf&pDeHsZ5qFty@k3c~|wsO+=-Qq3`I-LDK zMz6__n$xW%Av%3w-*f8K5Gw_rKDKoNXttd5qnkb2ihl)mg$|$++WqJA0-c`k)BY%G z7w9y{S)kLHHRv;5q0FE@FU3-ZbQUGZOBU)$MVP+!`_zu^37;S}Mv6|JiIC0dPjg?X zZCHEzjx9Uxv=OslrsI_4LCW(?maaO*gbe9VjFqJA(8vlf!u+JD_FDRINEumlSbmNZh#o0_%g?Sp!Tkl zj>71|?diNfB*3|$x@Y^a#yax?IGk&wIRgP(ZuTcBK}M){i!@sxB&WYOH|aDHgkcSk zEM^ZY1P4k67~P7bnu4GL6Nwh_6+iB?WR4Ck!Go^$)3#J#Asyq$ejXT@3Rf3FO>zw< z=O4_)6o)o4f78i5sn+f~R8*-q^$Q)S4?gSKY%Y6fAm?W01a9tEWIC*O0y~A0tm*78 zW-w>CVn`Oi>;}NB_d#|tW(Lj(bZ(*?JN{1a7=3!3S##ducJVJrf5^BFF8Ghermlr% z2S%iMlu8YfQG%lAl5jqbPmg_>;_ytuMGOMpvH0x_w6YLbYncq7RqoBLzE(FDM7|45 z505mHwp#7_j$yRt2X(Nn{`~-#0tnWG-0omXH6pB)TJ|{PhrVq z_7<+b2u7{HY}uOow>DCKvAs08os!ZIic%k#0K~rS?cN18_{it=X=i~#AoAmyhx^{K z-~y-vryO{`2?bc@>}jX&Kgdggpk67#1+kY~!d2{X=rO(hVZ=8+F ztn}&G*K@TW7>xu6IAqwQoijMLPz zEr$@jtOG(7sHW-U4MB?AOcmRrvOv6R`v69>k}yS=98-eG?+0}m+=x>) zDGJdaLmUKjKe$kD9&fFF(-85^!DT#INz?c&6wCPg>M)hmR8Q`M&A{j<1GNbKz`=IA zTsrIcXPXiH8~VSJvSH3DWkAeIeU2F#Oye;cKJ&I&m#O8 z!wyYdc#2dA_GaIpCDB@-90n80LNl9+S2NpG8q@1mg~qvn6CW|n*fSo{c9jbY7M57D zgJk?9yh`Uh3HH79_{{_v$K5ft?sroA?LzB?(d+%z*Hir_@}dAXM(P{6ZYm?@*I|5= z8mClxh*0mowX+oe#;5BGz5j2N{C}rL|5wkNnT?t8|EN*+|5T&@mZ<(GH9C#6X-U(5 zzpc+W3+>`$(`BhA z+S8rI?Av4hr)uh0akJ6oytmOYl|p{$`C#V5rT)ZvzrNnSmd?Y!RPK@0`(Qu26QpB6 zUbXEERd16t&?`jpLFFz(pCC>kZZ9X^Lk?k)1&EE;**@Lp87jBb6)g2G)y~(=?epdC zFa&6%TE2zMf0o2eSR>`vcUZpzPU{c`8i|rZ`1Q*LGzq50sJ$q;8^8ro{fSF>5bN7` zBx~>4Gb3G+3E1d65xbU*BxMAv7ITMruF?le80H$r1iq@N04pw%~Kq%eYpk!KiwJamON-+{Cb2w2+S-Om{Z zB23RZa#TP72iYbU5jfd@c7L+yc0~0MfLKArDsn+PR2W%#2#6#bl(u&O*syNeAk5R8 zGRH)&1^RLrq#q5C(|xYs-OHR+&p+&3wZO3jBmC%&8iYVtCCs5RhaTNZTeMT%4_YxU zS&(t1i3h>Ji!k@RxR@?OR+9vA9uPf2lhK0=N-xy7!9$TFVSkyQR(pMaxS^jEn|Y4( zRxEJilemwLH`jy6vVm1C|$z5j|#S4IbHZq>g1bno(9#!>aBC;;qB+NG`*x6hv3 z_%ShAc*{?f{#qfHv7g$VmzbcQC zt|DS;{xE7z-$czVhBo&cPhM{4Elsi!;rCd|SfoI?wAkFSDQS>l=BBHOM<(NZu^9S1 z8#Fr-2bf@I_?nl-M}us09h1*sd6jf7S-*{`#Svw@*k$9~m~_m%=v0Pzdtg3X5sg-J z8FIgZ4~hCpLkH-NoVz_#1ffG5A{GEv0pJht5!Ok!uBcXCLmNB`Xkw;B<6d80U zx+H{abGDR{Os0Y{B{l;dD1VP&N&+I4ZZW2Q_ePLTo!5?G zbC9{o1t}(hv;)Obld#L3;!hlI7BUz>YO^B}Ng;;>SKEvOSzx+5g8yExdZ3_q8P|-Z zYDrznNd3Yh(QNR-70!hqh;K6y$WByd6?3?dv7Ex7N^}7_~4r@S^(W%Q`iZ`H`kO|9SI77P5R9EX{YQ6 z5r8zzEZ_|H*kqiG-)I80RE}TvCWL~708aD|C;^xeW!!z=0*qlOuAKapS9@C=A`|*x zr9Xq}B-Wb^ffFcBbVmK$XyPkXy#sMq2u~piyrs>oRAbdyXfbtZk=GUt42+Yf80m%1aTMts!hSzW`;ew6 z%ZNeDCQT)fqiZh0xCJr;J%J;S6*~zE`k;k(BHl^%TCe!>H2w2d5}J(&-Ja@G<_;lu=3U<3sW*cg&%O_w=;^VOL7@sQy-{Xu;OD6QB)wk%5| zxcF5bfe?37FZ2i>{F-Z$@u6lw)7**H><5Z_o2WT62iq99zjU1Yba|hAA8fLxX@7yI z_|y+w9;La3&la6*^@fRND7Tl_dlP4-2Z0W@02*hP+bM;n+8Kp%Oa3Z5h5b$P^aeeh z@^8j5d@0Y$Bo@iaBzV%y$}Akrk~U2F#hM8Qo`Gff)R~b*{4*1c_`xzGJKtY4@BUAK zl<3m_mYve1Q;tk_*#h{T@&E>}t@L_^AL&N6#TJ^RiS!%#$A4+@u)9TI|O8ssxB|nMC zY$uo6gpf+5y+nC{>vH16Y;kQ)RcV3bB}1`VJ)~1n>CLenO6fvx@C9Hak%UbWH@Q;J z$vZOzPFTi4fu0TA8M{*!cQW=1-^L zmI~`FqHS4r)55jo`OeCoHOaC_t#vmjT~Kr#fLsGy=%&*+N>9PCj=5R1%CRc;qjk4i zWQFOjN*Co%dF8^mMswXSL9eD)rQl$6Iw{4juyQrorjfH?L_M1d#-n+SMwRGDbzQB zZg-0*qfaEuGoiMncR1;b_bYxpI^U{fUZPiJxLb4h#iHxlRruHMco0@;LyC`TTsz2g zSb*O-5!gFN_|itJH8L@Sn;$CHxWof*5`#kIAF8vw=xLc~e-CK{0bmPo@(np_A4u-G4}w!}1q`B@JcZZ+GoT9_bq>MIyEQtMoUs-DdNk9G?A zJyU44+9JBPogXkx9%t+F5NntgpJY(`x%bq;2k7Bi-?q=&A}Y@dXEdag4MH&`VshbjW|HiVq-(n_00yVBwSJI#|8pGLELyy(;j>C}9 zBDtbI0~@+aM|!?yJ%e|0k~vU{vvO9gH&z=G z7>T#24*ydPFN-#^wx|xoD3Sc3syq?3O~`xOpaNo+vI2Pq!jV%E3FuP76+uyc1+Bsd z&!=RV(mWF!9Po<})wUw)fMB8 z^`eU&)`{k}Y}h#Z$<;XLg1|HkBsgJ^A7llOrdI29m_Q8}xp{BFu zk`N?lOZXehbR2=Z^$}t0hDM|qW-j23$2eD1V`~fO@>Rbe!{Z~!3f8@fBg10fv3rt3 zlDenDkzQQWqGLIB(R(N=c6_0mO@FFa(eG?^6k}*Nkv#bD&^d6BCOwsjq_(X2UIX-4 zW>+8n1;knwI$^9)23nuoy~)&sQ2fsil1+EGc`;`slul@68+tmvn5Dio36vCxpzF0+ z9Aj;P43Hy9qPChk zm6m#a#k{)TwzV^0M6)o;>GymQXy>@J(LIx*L0zF3yPjz?t6OIgo) zYBK2JWu;NJjUICve{sE&>$r-#)FdXHqK<$jJ9-BzTdE|GCHh5|eYt+`7he-C`s7Dml4V z(tLHTh=UH&_!m``uc5*DR4axgNoL168k|1Tv6RKm8z;Gzo zTUB1at>1tAJI!k*P)9v!$Uu3|mQw^}+Z5BexFLe#v3?5aCUtI@&0)VPMO_@c1{Us! zMHL$x#q~Lp8Zxl$Sl0%b8*B&0&27vXo6C0q@tlohyTS0UR^w0%S!hgb@XY2+o$ED3 z>;2A`9fHcnI*t_@SU6%Ig5`&+G?2!EP^x1CC=v`ie>kH58*uKH>$T(}F) zc$dt?gjHs@jAf-P1Rp!1unzq2@Dn*7XNx*B|0kRp{B_k=jHc#7nInf9bbg8NGZ|02 z2W{}MI!D*hyRp(i3+T@sa9|}25yNxKwu&HF2*x)*-?j5EAjW@KF%jmk}LDX*}mM zGe}!RKCiN{9RbQ2ls-X2lu7!?7&G!XzapFkbrEvNLAfP_TCH?hZWLRiXfS> zw)IyfZnzmL0ZLppu`HQ{(_c65KDz%r1_u$;iJ}nlgW7 z3oRMY5(;6!ZkaHk!J8gNx3`I)55-5wh)fmSQUx*h{`|CcHexG;k7CBHfJUuI^yceEqNm-kv(;K($SbxbqNk$O$a(HYbhj zr!U}AD4TC?TL3;Ep7*Z4At(KJ&cOeAHO0cf#QwjX0Van3a0ZzEZSMU~&cO9QkEw{+ z|KFP4T#S@btCj)CVfsB`Yp_3#knK2_BZM*i`)4^-_wx45%O6iOWM%_v%~%f~)sHRW zm%7i>^V{scUcjRnjrPxn&&65(s~@PsKd;BJrH7x$VTh+#2yY)hn>VA#R{*=-KgR$g z=Ye%II76A2djxvh_6Xg;&VKWP^0y8Hdj=c;92k?B2S-+q%fRgnIP8slKvvh9&T<9~w8l2FBAAeYApb`kacKnq=c zVobdkRw)Q2YqMD#=!+vI8Agy}Y6fFxiyYl4Z2cOtvJ%?jP>yDKrYD)XlGX20YvnFj z79LxOB^51>j!n;tgaq$~?F5kfB_)yO!%pJ+&wIE;=OfXI0u0hMHPpg)EHs$-o{*yX zH5yxY-Ui`zy~xOWemOf0FzhYs^B&M}uXO|P#kjUITZm!1x|Hg;ta)D$wF8^;5GKjo z9hhJqp}85Y8TZtie>;}}_TDdskAd07DkXL7UY#8P3%ZmI^>x^Bmf8+N>UZJM+X?9v zoY}xTwr$&X zmu=gA%C>FWt}ffyJ+tGDnS+V=ztcR(gUratEAL$Ex)~Qgq_9pZ4QiFJ1zgqwE4Xl) zRxti#VUT1WiNi0S;!o$qQ7a9VT2@2I$SQ{Wo%94Hjq!8y#YewfRP|YT{FsXvmYdeXEVIuOE1Uucpy6p{hUhbLb;=Zp zfHk9m6$g_-IjjIpA&v|8+GhiCn%RID;}GWye*C~0E5{m(MberW<75BOAg3oZT9hA5 z4AcU)+BT)-8fO+0@2cOvVJFo!Z$UOyz*Dm7@s z6Pe8DJcg%mnKV({0b!0gjy){itYJHp^TZ@xcC{g#>W1I}8Goj=EiR18Cvc)+ zV`5d-Rk9Z?wILWLiU$Lw?EFD8yUYR02n42m3rPna_y&?zp#GtRhAgB~aTgT&AKsrN z1C+Vs55*-4uItz!##n4DP;fzLk0WltxXXQ(HYixX3ff~%L0DAt$%Nw`O&&dvx%=GK ztoT$It?zwisC%Ub-@2GY=3)83+|P`aluAZ-E_!z1Z48F7DzJ7U5p)eAMeU@tj8+;% z$0Q6s5J{woRs)0D*r65zyP|?9(RswvD&iTs7?Aqd+KK2#ZS$}(ALzIf?`6bdN;M=! za!M_noh&=UZLOX63vLR%FkZ#~=m2-zqs z9gO_V6*Z#kw7k#N#Erq0Aku?M;}ufg)~J#_s4OUc)K_8&P|Z-J-CMSvQpb06YBudJ z(yo#YTR9G++k#&n%Shi=(o3uwTXEB9DK#6#h6Q3i$h=o$e<*qRR$x`1=#c}6M!#h$ zu?E8;0FLRDqiN1@VcUS{1pTvb=dnWzqqHkq+{!9YQV0vL=XDITixj%P(nw_fUaO)u zc8S8q&clMt5`M^x3M3Y)?~sl;C?`22Z#}s&3I-&7_OmPuZ@7VZmganq>de}w`W5uj zV%JKWoEZhE`SGsyFnyvzTSE0?_LSk*F#KZ;G!DjCrh5)p-^@`o&WS2#Z34eGR8w_z z=dd|pA<_wA43(P_MrhE3zWU8flk_6l&aNq5R#%*DzX@$;X}}%nDo}+fXcX;}=Y!P@ zON{E@lk_&OZH$5ydpV1I3tx-^8%27_nJ*KLs0Gt65 zYi4-d!gtgi(QTsi)S66)T%W;W8dVNOjm@}`AgCcfG1lGj77+$YpDqXV4Rje7Bcy1G z6m{a!E92gwbli*SnMXcVD@MuuW5AQ|ejnG$#uV4Oz;@GxG>X8g7Jz zr8rB*yV#6Fu`F+vOIjr*Dqr$LeLPc=$33jf%eHusSl`aUvl@MGJOo?^tk0Q!xQve+lE!F@h?Fwor>Kr|UD*K~_gXh^-!Qb{-SJ=&m%VLt z22Stfr~Ellw)p8pEKw1@>z^Z&z1Z)cN9sS~bX-+ja!DqG5h0hB z=(JLd|16YRI>eWL^L@G^f6a)y)XQf7{ytgI`*wa~-9{_j`Tl&k`#KCFung`fTX^S} z_3iGH7?0%c`aZW)Gf27jRxyoNgL0?*eJJ(VnUy?DxA@h>i*pXyZn6Nx8Xc~MX; zNNeVVM#wr%KIE7}M@MOA`SdeMvq(Zw`XQ_{V#6`#R8iu4Rz=#N0E1q>{Yi)fntU6b z{_&nk=Sb^A6Z%6_r+ApWC@OK^wK_rg&PhD%96G&ZNUO$z^gC;%SN~j~c=)@e(dp6+ z|A}_Xv006i9{#zapH5yLu7A(*w<_G1l)=%xp#$vIPVB9emiOp6KYtJtu*@;(o!X2A zix1RG=g>yc&(WQsxn^u!^f0R}@n4Z#3=SU%zDJK$_sH7_A3zkj(-b~&dVd(;_{jT3 z3D+pMnj#e*+$*-T%Jsro|J7v;$rQGuUPj_OiXaGWcSgMH6XC^iz%Ff6%-!!y|DO7xmsy&z2Ae&yB;ti6I% z4S=Dw2VcU?4&6k}nU0>H26obF&Pf=@|`a)iP3SJ#+>AmY`eE3JB$n85SY2CCa}mkYlS@Y@P}$a|Amq<|RDWC$Oovm1J*6xLQpbsoEM?ZaM?Lik1!Dgu);K4> zQG_?%u?u4%v)_<*%rs#G^Jtv*P5_@g3xA=AStCU%GSPx0F5)$Spim?!6q;F0H| zTzM-=##qQu+Xo?Ku*|GSM5`;MR4siDC!LG3*PqGo-p4t|hsG$TwoZ#*_ zP>qiUV-JBB2%91(mAzCyH_-8I*vOCx`@DMddNMG0$3)J7rZRr6&I`XCn36F8oiJrE zoWY}hvwjXv^jUsMJ1;=)5Y>^m6rhpv@<+5BRDj&y)aFYhY-wXu9`0kipG-<0?6G}b zp@VM4Hj|e{1XQzCtQe4z4kOw*!v@&`@+xP`kUoQ$a1#FBdDMc1dOv?LmM zJ=rK;kra9{lzradkF-6EY>u*@w!Jfi(8Rx|{~*`=g6}d^Ec0eAtu>UT6Gr0WV4_qdU=i}r@6e@HYN~L^f0h8k5|@uXs+30G}?C~BG~yMG|=kLh^w1C zg$HrF3~Oe;Qlwcj>N8t(x26^BkL4#h6qY!qZ>hnOOV z04*v&K<|1jAv&LQ6`n;X0Mu%|z1&)JQ?YjZV?+9vI@dG;xNgf_Ie{-gC?0x3&4M@gz(uz7+dQQn7C?;P3IenmR~CN&U3=9!b2vel`Dva z+#+l8f{{*|yH#2%;K@CX4b}zl6FmwUV|gAey~HP}7JC?8>wQIF9ZdfYV4kGUnp6gT zQ5LOH+w}v48&zGyXwom=U@F3t5PGs17V}M|r1yt_rt9AKw&wo1+1L!90PDU{_7%W) zMPIYVVR&o05u;RiqRX50GMV(ndLBkHU0c>H+_R(Z4iU!G5;;myDUi*P*)%qQbF;#f z(|d{>?@}GkLbs)UuK7G8(bZID7TY1JV_VDF%~CfJGi(i^AFh_CXWhlY>VN?|Swq3@C_ma;4HBdG%%n`_6kC{!cAKJBz71jR^uWd) zEaFtLfoChJQR%1}SHnSL8ybxBb+;MuGx75jd_RQmL}Tr2Fvmh z&)M?lO4iuPuhYpF1Ot}jM3tq5rsnpRa8d}URD&!}N@l1Vi* zLnX?--0nvKZTg%~Q=oQALreAWkx`0Z{YrmGOz7uL6Tu}Xeru#Ho?RjUlR2$wFGL(A zQlj}rwfTvRDJ%eBjR&;KVIp-RkJgp#P!q`~7(GulxQ=VEg?}>zoaNLU7FmGlDby0DH$q^_Zq(O*#`qVr|WtTRQJla>Z&H@?A?Q&TlIgN%Sp* zjj~`89H609>eBQ((Oo6~&jbtY zsJWgBymcHlMDn1Fs>bIBS(n7xhqPHDSYV+C$1@|K*C8*H(k#<(`^1HLjW~C4ibla= ztFZd_;g9^<)V99R-Q{|&wm;-*NLN7bM8*TZliZ5C-OuwFSy~;XM0bSKi5Ynf1$pTyz4nhPC3<82>VBx@11lk#^A+dR4J`4>^6(Qb#NB zjFQ?ErkDkzC`P+O67B;95`p<(jSqejt2yJW_)1;)2D*0!9{yh_{ZAu=iJkMmQ2HOi z(SM=zzrs5I7nHtWL;Z`=lkL08VhN-$;6hAeH0{(s+9|f0T4qJ^w;ryac^>YBjN~#T z>?RNyVk$@GJiJd%8^n0~_i94<;i12APXiI&ZcgYC_`RK8c$)zOxjlS5J-mL{wKWjI zD=oPQJ2`tm?$1XfKVRnXRWLslx?=EfmnKeQ00e!w2AKJ!UKhKf_F{fWA?=}Dv3q5* zg+p`rVn#5oP>YP>{E&sJVxLT34^LYI=Nkjh%zZ4q2l6nc_4)=EJY#+f`erw_F;<{FWOIM0WMM~V{`lJ6fBsGG@ zt5I*mTgBQ8uJ7u^MWQ8ViQ;9x_KQX-ad@*d`L_H4+T6(+uJ48Spbe+?+(E}69P2=R zVsX7P4}oKb{VePlhc)@d7?}TPyhCjDfWoan>H?|&eHQhE)H0Z3UH{UnS^US6S9EK3 zxiP}4X^pPY*#uLW3kH!q>dv7yNV2_hnF9Zp^D!!}#KFSo*xl41%F+ReMlW^r-c(`N zIHt)jwh$%~E~^~-gqA5_`~eSf@kZt2d0lQ)LkR*MC8ESec#y4apj zL9^5Fv6`+H4yi$ZyZ>T)LT|^#5b%kP8x}%3ns3X;b1h`Q@gSgioXLcFZ%sGTL|mK$ ztx1cPKq=$s?s}pMiUv<5n18I-{%mqXu6#J>hK3$`H zBy3>uk#H^nwYA@31^^|)3ak3a_VRiR)@2|`?o)Y5F*k_w>6>8#8WmbnKg8Xz&v2h& zl&QtvY33zCY>L0O`JS3QKY&pyM!E{px3K896AG$I6nh_AOPm%7XT-%trlP^3=4n4i zKH-p4k}nvKHkyckdG0SKQjwXnw;cQsCnbeAgO2k@&$OOKcgI7I_p%Iu!*GTd8k&aY z0`w|V9Z!Rx=u+_nLC_3Sg!yp|E?4bWYLZaPBY<==|3Wd2-B%;kI=VVxk%Xq@uF61$ z?1Mv5qoFwg25YAj3j0*wR1UJ}F}YtQPTMN(#HdAUp*PSn8OF3~Gp2P&S3NXrFaYR+ zf}GAPvwV7PBOg2wk?hjW?P=t<4YII-z`R;9smd}VX;V>fPjq*!7VnDmp-ai*p^f7x zSwPt*3$fTF)BLR(47iiBMz&j$FY0C&WEYc+v1>XFmqlGR91EG8!ThQSsU+UET$E{K zMX<)42Jf&8kr{xq)dAqv zH!PSOWAmiza@)9iMSC^HZFe><(Ynd6qe6J$@*@T~Ak? z_fszbE~gy@)thLhww(W_*I5{F-_pZ=DR2~t@A!TzU0U4`(W^)Q1hW8Di4GDuzyJ8 z;h9aYwub6QNmGTy_gmVQEOmVZ<9ctLjs6&v_}P0{A-Le7-KvY8jqDP^+qe zB~D7YBeE>Nb4yQbG0PQ+^&G{DKVqT-oZBhFI5Or3G<{UrcH5cdX#4~9HL9XE);&D~ z*Ax%M_~pqp)s?sGu~WUH?Z9#6>6ef8^kJDYnurg0-zrdREt^kx&vBcZN%A<|d`?^w z-{q4Fk-1dxT;&+;a-9_KGjE7mtgL%u2+L$kOsxKuiBKEwvfF@Q8!8%{@R8>%Hpo8C zg4`1Eby03@i}GUedzNcGG9q%axy_qY;f&Ef5ec^s-=dW)nxGDy8l}Wj}qA@|t zyYgT_i#lY*Qo&6(+%?$3xVvP#BbwEHeQ>d)tK6Js|C=^PRYq~Y1i6^gez~cz3Prrt zJKTVb2VfGiXn;^>3*-n!X~;CUUNz0q%y=mv-8v_={7XaAdSMvz+|>4fI;^(sQYqz~ zp?MtE3I3yD4M5XZwFVH0w_HKi^B`yq%}Nlgs8zCYq*BgfGV9dpE%0>CsmzU~gQmd; z>yLPQMgw~S`J>z=l~yY>wTrF#p&uE=gpb~KsYjBX21!xJ?a`9pb9Qe*E3~)1^1IFZ3bcA|rR3ls zQVOl4WOW}!T7}Y(5p~PVBkI+Reih}Hb+^8n3=6CKmG*{OKnGq>DtsJY$cBV_Ji05Q z?m3DblCHAqm;m{$syFp!lK0@?Rumc9@Q4NYUa_&N^ebMb=xQA+a#Ypi0tP;8Uaigg zA`d1>f|X#rNH;Cpl6IQynb^bC)c(X4H%`i0tt4;D-hk@kx2`CxSBa7{4;_gMA|iu$ z6|Rq4ysBv)!pHKW0WY(1r_b^4Be13w_!p7KaDw}_Nqz-}L5$Tw+ecgxZce&$@Tl$L z{$_Q$`ok%WYRmY{I_(71iUa9<{y~{>jv!J>grQY|m*`WFlezv2rBXR>lsiu=x=J&2C+U<>E%S2=IKOt=c;mz^7fVH*HGc+V(` z9+-^6-wRI3mstYjdo<$-0CvmRA25fuKjvyK!@kigrpgNq8sL7`2EQnxA~PXv)zC>l z%f@plrZp+1RlXf@Kw07}y?y;YN3#Y!<@53GO0{ucA7W!6+y3UJKx@P|I;HJNCxTci zGyqL0c>$Z$aPAJJQvbFVW%tb{lvL_|MQPJg0>j!DVvTf%H_N(+Cm9{|8El%^h<)yI zr7Y?z7OHps@tK^no&`Lcx(N%ms(+W>CW9{D)nVy>RwW(pcIWW42%VTJj2lFK((WQe zvNS41oK0Bpdr#%=wLYqF!xYXG^%H1elf>}a-&Rw%Cz|Ha)dqoF=?Xbw z_O+G3%lUat$2EN|sPFUp3b)|S$1{4s+UwIx5N)6GGqfGVfA71(GTtm3s+-t zc;*j*>!Jujk{Y~j28$@im1KPZgFdvs2l%PI-2m?h*~EOkWfsBp^Hpe^btl=>jG}|p z1l80z=YX;e^R&zA;!g@fz0s3}_WVo|MRsf@cqe|4hk7*pdE2hdg(1EdBB zJ3SFXiaF@-ARH72D28Baa~2h&z^@nq*60{&$^``c5bCqEC6x?8O@|Un(l1f=F!no4 zT0O?bMu9A=i>Q8Zp@rUvy~c$GQ*~DD70*BfxR$x#58G*02TX-1|1Nx@h@DV`aeXcQ zS$+9@2Aa5`dR4IM^HJi6Km-CyYf?M)AGk{6aqOd4v(Yvc&d@IPauF2Tol>(%lYLJK z%|I9r+d*`F%c)bN=-LZV^Op|$Nqv;{-1ax`?z0~7**xkr{gP9$B<=`QNv3Xu;ugn4 znG@O{LvO5;0)gyBjPB<+i+wLDi+#&xYz$UWhi{-&zrf*DGw4`(H|60bIuTr%rRYL~ zo-r@UD5<=BB~i_(evq|3V1vjr{?0b!lJbd!W{g|V#lBb2*sh5(BrZNW7>IZh#5pI#tscz9+E3YyK)SszN5=#FV zjy4?yt;b@>4D~^XXn7RO1g>3O$Xm1(En}}bI=L)pMUQm)4RGIvJXEtvG55IyUr{f> zjAK^jKyQ=hkc)`X{w->t6kcBhm+joCf{|>fH4YiDr>r~|KF}a$)ebqkevNqT5DR`V z94R-3BvdBVG9Or`yjomhRsPh>b}O}`z?KB*c0uk=cKfy9d;v#SeI@VVzSrY{YWg!^ zYIvlWAB1Y&-Bu6{vk}&V04@lIK7rdW#z~MftbkM2M^jacy5v#CK^I>QbU>4s7duln z`@q6t?*iGIFzevK+G{%c&|Lnw24|k8@FKj}1fsI|Q}ud7kr!t|)A!M(N`u0x_-9Lo zl6RAHfID6G*hivcOx=z(?WuLy3D7)4<;ggT1UnIn>RGGmSXU=IvoejNn<<4L;wCN8 z;;&g%(pC(ExGYe|pr&*duHp!zWbFAgPcl`_zg=ScZ!b&naJkZulE2SXRxSS8l`z~N zSsyM|<+GwaZ$9>)jjVz6&^K;zDj7-sdQLujgg8HD8wbRA{8){#dYOAM! zrOZ)i;0bItDOW?UZ(`C2*Qjc$T2Va5;5HBD5NHXR7CBA__$cw?YF_%=0T>@1p!F5U zN;Q3aCCk(gzmnqUwtYR#t!~LpbEI-9@FoR;8~G8Qb1^iEz~|$$&bcf~%^U1F3Tk{y z+Vu`#l5&h^YZ1}wXNorexJij{)(+C%h;CBw2=y(F3c#SvLH(%@r_T2p+f*7OdzF9~ zF*{5Y4N91(tDN}z%5SJe%1x5JjF;=LNbhwwO@j0fxk!K@mzE6Y%wYAI8dlU_J*TFn z*(&;@NDEmg;>>QCuzWj0cwx5YQ!brm`oJtJuhc~mo4huFK8@k|$@tNB=)jQ~v} z7y0T?bQ8WKex13ieM#y!F|rO|cL1B-ef9CHETNGS_s)zp_iMV76Fj<;3|hW*4$Yw3 zLV*s=2Se*?qFeo&$Igs1PJT7yFW5Q15`*ASS{f`|kN0(tdwM>P_8u?yQiJuU*GJ00 z?nP=@a>9f&{a(N1uOSNCoWSwLlfgdB7nTJQ%ntT}?nNjSlnl zFL;OKswrzAK;!w*w5)NzAfgrREJhuLH`M6OPNc2{-x=rG{*;_EA9PG~o(?3m--EBs z&(0PKzmdozKfnz!MU73>mj@GKN~|qH-UjP1@#f}W_)04o85|~%v%kmTy1mq^Ac*?O zqC&v3-Jickdh>IC*Lt1VviFWl=q&DWRLmG|9)w6$=8lKkLmI=ez?reXV)^?-2uR-R zn`Z_1Dvmv`)%w}Up=#>xsh@A=U0)3O}7%(?RtY znONLw>g|Fz6deLnZXGRHE{m4`iVeJRmAo@+zCXoA9{`c+0M%)Y9K9LXbja8>B$+Y_ zvy+$uD|TA|rqvpg)c_SQ(97Anz&=0(SSBa~{tz=VkeQ^a??mgX4!^f)IaSCn7V~Y+ z9sk5)FbwT*1g*nY5b~yM8@U?S`=Ig{P0v6$M3tUd(ono}6M~#vafeRy!BM{9xc1PENzoEmIN~t{ zE-7i@WTm{I{Jg_9yay9Ftu3AeaB?mNrX01E_Hy#!f|Q94Fsb~_A<;|9Be=3?pcWdz zI0*V3Riw`0qjZzdS|xV084*N@gH^IwgY3JiNp2(c=RJA>IM4!iQEkoR=pZJG5J8%# z=HT*$3UcD`!$pCmk4agh`g88x*>+kR2?p*dm%ekk*i~sz*5E0X>C7on8^^Q%3Lgs| z%P#}{;3ycJR6on1NM6gYA_yVLdZ~W5sT9TD&CS<5gZ><4c3A2Rds07!Bg_ zzO4U)uU%5Or6By$(U%+dvC#SGB~P`4z>cB^g_L)21m8)FFuJ4ymk&4ditUL#C}@@| zr8G=}+O~kW@{x84w>eMmPMY;PB%!hbg44AObK;;fg^Ef_4ND?iz@u+F>M$>}R2rTv zSVtCGR$Qh3cF)s={~izyRY62*&CEn!Y(zQS0(3@mSi`#=1H?7#R+5k}jx!WbgyBsu zuCG5&iwmT!SLvk2e;B1(9L<+>2sPQH)X?#_qzV_PG7(6`37TX=LGyZ-1*oM#*QSk$ z3W`41nUS~Y`xdY?5VIjdc7zlAF`Hf&78kGsYABLHHk>VySq zRxlGgymnF@=izW_Lf^t;{b#-0)}GgY4Tu#)nzt4Fr-6D<@RJh0oF^m+YuG`AM0X_N z{96VX)hA`c-R@>!mjnV2QC9itLZ;d9nErK}BZ6vaHeAA0?uk%_ zb!LrfH>j*}=C`7XVTwifseQ>y`pdLub2L9 zvOjkb}U}?M>q&#Hxd5=`jx06wAKVC8KysEr`^e%_Myp80$<$#|4bJC zt5Ux?>RXlF8l49z^$h-JXj#3iNp1iYHkGSW(shl_%W=z6vqVaCImj^J$P^f)Hq=iA z%-`k1X4pWITQIBs4tO4ZQX{A-a&RtzFy7p>jWrGGl^0~jAf$Wl_8fN%JEk#D`-hU) zxdrMNmbtUtA3P?v1bc7~(AjA5EylLc$?S);Z{Gx4+!7K@T_PApS`bs?)@buzDvpq2Xai{05N*n) z;NBE0@!Qpsv?9%#F*WG09)FjdWiS!+6~2_dS!NP^q#)PZ%b^+!oZSP69YQi_KiuoI z+|1p@XC29}iqN$2k{}IwcN>5Tw!!5e7uYzRcYE>ew^eijcb?~dg^IsrF~9&ew&%YS z%u;2cApwd2Up@K02Sih-5j!?*h4iVZImsMA7y6lmN=94kEcz#mStmi_g6^Hn#%?^Gu+woSoP>dEl5Y5l#IxMt$EL9_Q!<*!s{0{E0{SR|P-w5~ei(QJGZB+``c?2l#dPU;BzJn@_BXY8x3;zswaW&Rp(F(1R56+e8oitX#KWaXn}O znJ@~`b$jHu^BnB-Hb*O~n(G+0hB-rA1KhJm!|F7QMhBL`#5r%aToDz?6YF=6AvJ=+ z^t80Trtpn@gB$b zf4`KaA{gnSUpWhY?#6m9PQ1sdMR2=R6F7tUCj2nHpH=JCe%K@}q*@@fb3tm7Actqp zG9hap(Q{ASmbfL1c7Ygbn7b`i3#C$m=o7Fu05@VOwf9<_w8=8t;hT=k`U ztgfZ-I&u#`m5FHAHOcf`mNr}S)M`}L6LQ-=3(VZ)CLK8TR5b@~qN5G-AF6A2!zEuI zJq$;dhXA-z`pbY&{DR&Py6^*XRJxen0w5;L_?W(5JHc%}dF3dKw!x6|m)kbiA^})zW|>EFYo8N0m<}hal5shnpS5~#_niy< zYW-ZzDKXbKJIBJ?P<=8gMu-@|j;2ycZJ3l{BIIpHv&QpBS{^r{vauv7%F1f($`Vc1 ziebQQMSzCFFno6VxszR{82Hf_Mm1Z9J3|TaoguVy{u=1gA-!BWk3-q?yE}2${`ZS& zz(A8q^s3wnXa02eRnZMsX|e2+nqnk^kh0t5g67D_&+FAF5s9W5;y6o>syuVraX`D5 zIElcdXPJ5Qs513O_K5hcweEGUP%PI@jV)aD-Hx=ewgY^zWf<=_bHc>!Q(&)=(ivvd zOi61JtRCvhjHp8&1pkR13sqk?MfKmK)>{i*u~xOzp)lR%)v@#1u9!Q|7|~~e86a0B zmYk2+6WGP`H+(M8!2{55&q&nGWP#k$-_y2UlU^FkIO7@}+%lMgdI%qw%dmylDNfMF zYG1o`QjzR5hta@|()sV)SQXX}6MuXoi^2o`7s>w<+GOHn`p;~W`5#}zf6X@k^-KEy zJ=+|M`Ma2}>sjpuw--M0-?PmJLjp&fJb&DP&3YitAEVlL@8yOLXd+TMIafJ3n4sp? z;Zk*Hb!WF4wD7g>&sVwGy}saw(_C%uAMacLYJkAI4PD*mx*^QC$?7XnZwg%H_-=f< zFLV0^Zt#BJPAH^V@Z%S!??Ptq^&7o9(4(=wKE9TAEZlFEuC)>_^|^wlxF(1Zm3DDL z!;Qz1m+-bS6oYs}ib1(wQ-F7#-3YfrZRFTr%@QQFmfHRKhOmZnzzx5*xAMl%f#s-o zFY3OFzrOipJ&l+ulIWjHK6%{{Bw+uTZQ|vI-KnYD)UVROyd+$at^a@$P~iWFG(0v} z_VVX<{o_x6_8Z$9e?EX%yCMqSmA>6gccRc4_He&0Pr(3Gr<;Y!aT$JpA@5*5O9-kN zmz*S<(VU80eWSI(w!XFcHU}kh$7SbEpbHPUC_78x`!h<~y!17&?!jbCe&k6^jhavgA8X8z2<)Fa*)^(t^A3Gi1rnR$<)k=l9ORw0!H55Hxcb{J2-#qeO#A$4Y|uw>%P9z#KP% zHmj@F!~#(=QNIa(O_jO`>cc?b3NQv~()eXQHCOTMQx@c&)%OVBaLC4wku?6io}z0#pv7_J zu8EXHdpA2Z<*!Zp%m{m!!!#@lDIpQ7E%wPwP}L4EWD8zPnL}L_>m2BaJSdJ#bG4f1 ztjb|`9`)p)K_9{u`BQ>uZ6`?q>)>>{l=q5Bk%*4vhG}Ndj?KoS;$RVcf+-v_Z1k=H zR7Y8xTA+ve$n~-1S;C;uc&iajfjn7~7fp$LAs6D&yTo@DBn|v_dxCvYAf|RVyNf&{ z;{jDK;7E|4QkwRCJ^^Ix@K3ofhk zCcIJTtsb>(ut9~wOf`apb$any#N<)+r{TA;Q^7ZW3U+%LCJEnaoHpNx>1SX;3hH}^z8|wQOwRFWBc*s9*OXO zM8fNo_Tf@I{Fs)Y19Ru`5{M}RDy){dOy8rerty~5t=n$EbTw}@2@1(lRY_TDFf=GH zpA%9{lM8v>kM8Q?lXMe|!R^)lXrYF~y)Dnz66kIvY>6~b2Xnx(yPTKUcIC7$30jNT z%pR-);CB4mj~1Bh&~$J*dd=wygA74$4^KiVM!hmC(|L6glBl5kg@a+3(sL?|)5B6j zng!EUAI~IHFf3=2>FURXbRZ=sFK7#v3C*W){q#WZuP;hOMG@D;VlCmZHPH$m` z1n>Crrwx{bR0t0(e!R!6U^972peQ;Dhw6~lZrLHPra=6r4u?B0CkQQWtgKgImU65h zfS-Ri`0}Uc>Kz9{1>l@Jvj`TqyX^GpBLs4kWuCbzZRyInSP?Z7dx*3D4$a7CGX27Zia$X1c<4f8croJP zLAb*XMB%*bl4gVcv5w1b#efq!fNQP*D}HL2f*qfdoK1U|!osFFypq@wA;A~ciB_h# z4fzhkO=M8RHQ$=9+#trMtuo%yW!OoI9X8gHP>R<&?oB*hmDfuEhev>-xwv|Xg;knqEq zrr_;XFX<(a@Sp`_Srog&%wjMP>D+hQ^FMH^I@oseyHE}i+-U(;Qim1jpfF#}B5)u3 z94>mXh)sblP*{Z4iFA6X-;viUQwUENk-C<34oMTUtPRTC+(YAATOpgp)|IL5-1&Zn%9`wI}=%45v6BE;a z0(s2;)MWn)i2iTe1^C9*Ad5jl;|)8>~9^G?)BXxGQ~`b zs>8FLJ5ic>*FmHH;bB=Wcj>GQ!FT7=MgC^S$_cWN)BEf3YUCQ;cewQI=JmN_;yzmy z^Z`z@@9{Nt;92f1@9$VMS5{I^Gkfu1@lT>>#&F`D5=S`_-5V2@IaA{DDiI$m!oti9 z|0XZrj*q6aVIv>BBXTAgCu4%9tT}?0ImESyK4M1Bb;$v|WzI;&irjTDyOHYa-au zZZT0a+|y}=;Rx2^C}`p=d}B>lT-M1#ZGXOb820>6hIvrQt5vR_XF$3{+4Vszd^P^L zPZ|;q-AM0Yb)eh=W~Op9kET;?%bs4m_(CRK9P{@CHo3P(95FC(bwlFfy0!_&;b2e{ zMJL5^$Wb}ky1@bq4mj0_AqK(uFM+2JWLJWVhn!U9PUTB)7R#75Wj3l=ED=y=IV`sG z--qPR2nyiOh+JFtQx9aq6i8?JvhyP%kEBmUm!QyVwG`y=a=&@xa2c}u zP7P{yH+$Paj}o9rYCTb>`4T{AM=;sAyd{r2GSoVg@?Rje?9?;*+sjhRhH;@eIG;?( zV>OMMG8mp~RYbAmJmlkR?^-RDi^lKAO-7Y5W!EIV=TOhI0N3w@T4lNrswUzdnJn8% z#6P}I3yXO@JC;$oiy_Eg-^YTDv1ovQy5hDGn4{4&B%cK9XFgF#hKG}q6FC|#Gdxma zABXxEx%G4PH;*-P43KIT7`w7TU}r4wnJ|3GY^mdGP`2J0FxfJLHf)mU)Keh%;XN8l zL$P@8i;V9%M_`n$CdwZ>(FMDoI4@9p29EzV0jv9BQVyJnhAeFh*`m=;Rt77*pJv5n zO2V^nehTgGBh2Hkg*7MzrF{>w^Ez2?|VL%5+K>kn-##)&C5kApYA~vf){?kJ7BQnwzKS4?0dX$fB>szs!JuiW)1+(fW- z#kUh6on5zDT+D9-jIsm)PBC^YAP=Tehl2@-wvaU0BWnLM3J*0MWm|p|VIE)_GFSpt zQaIoi5-Ki7=S?uG^J_UrQ3ZQPI>o7Uj5l|7NE~&@Nr($&Do^Qh|2#s|oX06Qv%JJb zb%rY$JU0YnN{3a%zCxZTZJM%)#2iEF4Y@0ogm|lOo7|gRUe!Y@DHe9p(8L5bIt@j8 z;g2@Ie43Qw#ipC;N9%gg3eFNe(FDn}bdrYT!6}x7sXqj1L@DO{Unwy9Y;dw9JVcfF z7;rMKJ|1~2{^1Nu0))<5VretkSBt#KTl>+zByQjd>V~U|1*yH)>s_SQBw0G#wv$|L zCyw_|pfD|~Ty7?9sSQF=*D4#t(`A*#*=_K;5iihm!~B+DtBEZf(8w?&soW^l6fZpR zPs+A>2$;!A3tU_JUJPwit7Fo37XVKi9XFDW;sE1AMyBLB2Rg{XTzWXCc9x9?Tpvi+ z`pMx7l?X|HJqv72+?+n*hPbZ$7>q|GVyUxXq3V-4^54z6^jNj%D6Kz2tWnN7^kYg4 zzyCIqm!Jaz1t~>5(AP;<7^>lG#IBgt%srA>>IN4s>>YHnBe8>k7&o-Ww)Yix(gKka zJJ}$XFg*hUBkb>hsY(6m9(y1BIJIE2>N{@h;8CxHuxX7|QjsxqO@1&+oKH zeIFw49=`KB_q$Z5)Gt|?Ag!ov)>VRCvMafgH2nI|2<3%LSAaRr^+~6w}p?wF!(T=NUkuLEvL(qHrz7u zJLM;DGR$Gpp=l`r?0#C|8BTX@+jA^oe8-pg4E*xGB6_KfjAkEtG>f-fORy_5&HV-; zyZ2l=bWT`@iF#uyY*rnh4VBRg)t7Twre(`TT1zddE6(esSse>I<1p-hEr+31l4K|K z{YI0N(Phe8A8((v@8|573YTSe`%3W}n|-CrAwGC)Dus-&NEzvmiz(1v#Oe#UoF2%D zXV4p(#for@<#p*o8DyQq1zc#{lR2i)OKb4BCtT>BL<_#sB*OSgAj0%=pQ!OZYt%KPg8^T9(v*5c zjAlgL0*25`#eYm&!F0W*QZm~Nu(CQ?Etv|rpNf~GplG`An5oD-Y)l&&AFLP)YegRp zGqx69_9vcnc&g(mNEq1Y8VSm)$tX6+v&1M-O$z*lz4l8w5uy9y;6PkMRcQ3TY4rd&hmK* zci!|xkU8|Ep|QHQMi(Q~Z%#*`7cJ5D|0JzQpR?7^dFrJp3U)TQzf0UWopl3ANZMjA zlV|6G3~v%?E|WL19NF55fMi|Y7VV70*baf*`nz3R&6oPC!4uq&e77{Z06!!N{`oHV zlkTg5?}iNYOVp`#vQ?gW4w^lp*HWsDwu@PE0nuV30ulg6HB}K`ie$ zhVqwSU;2Z!ea5FtH29-z)G+|HC+sx=v&JcEYW}02z$jhsDhzwo+n?hlgE2~G%vFMH zYPo(>rYp`R{c?7kvsVPSI|z%0O)I-|qY3NpF0{K8I9;*lJ&ww@&1t%^&Hf`pt;ESC zaJkknh1ATiAjveSfz6y|sHUFr4G1jKmH&^icWTl#Y_l!Xwr$(CZQHiB(zb2ewr$(C zGgq=#SI5`2BX%9sKX{McxSn~>IfnMEpcegAHXK)L?^a%jx)8CPT%NzO_B8q zE1KQ@l+W`BpE^tV$__K?=BnL`!za#l{; zonS5A@9Yqv6#?W;g}57VqkI^i%nxkD1){Tx#jmJS`8qtc!_K}Mzg1`~{~HzBjkcuq^E6`br}{K! zzT{m^sNnvC)A$Xr@IMh6O}sF{9;qL{u4+$m@oj?1+|}9vYiNVmWl862r8x2I+a!oPX+&;37H^-s=it3HOz!=e0I|-tKPRuhw-DNl(1LWL)-zqZ2yC z0UKO;5mzKHqR}4W8Xjb1riN9!i)y*5_80A|HaG8#a+?EA!ak*XhCvLlKZSYZo{Di$ zeZw)}z+<>5(}C8=bM!kT;@Q@8T)F>#pE$wFQ4t~^@yOypOM__rW07kp- zZ~_b2BH`7aeNLqUQLk9;OFI1M2lK6C;Y|8K5vc^|3yu`j=8S3Zb6cj+Q?mNWt-g;$ z_kp~j#A-wf0lf+HeU=HH;Vwm;e&?vp_;%oCWOoJHbK)FO3%7c#GjkNlaV8V@X3DM6 zj1<6TZYUIpDP=umVIGsGxf&PF#e%U#*8|uaBvxUOL<>`^h$yMKWJgUV1Qwte7#2FmR>{+9CPu-w zlSNFVoN0xTkDT5RSjwC-?37{{WVmEoG+OHinIr?*novxHBk<2g&$wZTygaQ7LuZm1 zu~Bv8M4btpG>TdPV3U#+IH^q)s(xa0sC>}`vOt;m()Xd%#9dm3s0{j1*P+{#`RIwb z^dvb^!W+RE%?8$K$;@8ESfZ+sfC~->(h*z3F*sBvrW4985H8sK3gMO!=i6wH_-v>E zV^?Jn;DNGUu<_D9dt~T?@C#jJY@s0T3rC?C$LW7Qtz!-8DQ{;ruK(PBJ@UsZ&%Ya$u$!xQH%OMGc~4?7t+Tma)-G9}bIDTz;beo{eaB zU)P$aM4vo*@!p@?^2C8B@88 zIc#o>i=>+!Ut~4JtNkbwg>tPw5*}jzFjPwhyN(mqT_<}J)8&%3&!=l?W4dDt5pB~w zq2YGLiFl(-VjY2`m>*Kr%*8>467k-KSff>~FogZqNur~PwCI#i*s}bRw(SC=)@t0k zoX;{)7o8IusVZc=JRN=`5T_Y1Pz2I$xB~M_xUYHjrP%ovh4X~iwlwz!-_POfT(XmM z@q&l;32Rw$RuUoaKInE;7RlOVxO5dZM`jD;+V$f+uWmSy9*m&adU+) z=g)Eg05eY2Dl$J5ni6WC#*G7*5X3={{mRu7$b8fGx;tVSc1CzK8M`g+ZfN8LXulZu z_=W42y$0UioU#Y96KALOy1Xh~g;Jw>22^V`a>7HJ7rxQ!rwO zJ;#pXJjIr*we5N%TK@4y>qvTHsPZS74WUX{Na@P1CGxY|R^*oSyk_ zzq!;v=haZbSt3Weugs7Aj+Ob7f5a~VePNTI>U!-<;WKatq0v6w91!MAxGRp-mX8Xh zwZsDFdOcfc=P1iTr?H;~P zNekuD)f(pF-=@7D${Ht`56g3kq62jy@f4OSi)Ye#MX_~uu8)oLa->TLD#cJg;-ZXg zc;X@_m@xn=wgbFA&rcxDwX$D{+p+A9PqrHC@oN0rq~sp`kcymcouQE~*M*HI!mxg_ z>tIUnPjFmgXXg&@{nm<}F=b3DCduXP1pG<{MIz~dfUx(KYrf#7;F@vukRh z`s}n#lx9U#ilxF^;)zJQ5!z#=LKQXY0G34ivRtBKBM5-fm+`j59itNH?P13Is{RDn zGS$Ok>R4RMRwP$831s4TD=>nj)LeiqT`oftn@s9(t^i+y?gV1QF_HBg%+uOAza|A8jVU@mdDxS9x(s8ymqd77urYtrqYgo{4#af|S z@T^gCIj@>OLs!ElR4qHKv))elp9`u*Gi!8-O1>J%!(w+h--t?cam%)@L-r3c!ZRNY z0?>%C^I0q2Y)ZY!lzllr;8pwM|I^s#zi#mVsgPDD#6<-!uEW>U(fh?zNm3g;rqUiww~hbv+m2dAo=~iZVuw? zKLkJaety!r8b4=tPo`>by>{#ucS9b3FS;~dvpS&LrdaV8?e=b!t}jUb;a6|>lW*u? zd{BOTcE7=?eP;45e_OkB9@|!TXu#RW*Mf*020S8JJT#N!U;Fw(j--Yj&TxBsZYK{) zuI-ipcK4+o3gv&ATzW`-=l0)SJ)c+d4&{fp_KK(TCe;0Q-ck9Tq2Qa62Az+~!jkUI z9%IuxpVOSTw;`KW%+nm(tWmC`c}yDCf6^{2MOEh@IJ5N`2T$V9Bt8~ zs!dbj$%50|&*1-F{~^wwvb%Mxnok)Ou|X#zj6uP>v1Na>GvSC=c;%JJc+R_Q+kxu` zm-lx_V#{POss+n*lS0}SDKhh~WZFBBLL@wx)b1vn&Za$rXniwFW)|*21~CzUojgwx zLH>x!`cn6KY_?-+KVbhQwXIrE3O<7_4uTXgY<;Zma`Mbk_Z$6EBNJ$6(Q9vGx{u)i z-p2d14H1OBZ;!3BoeRe6D)BaMCF&q0?U~~Ad`b+0E0Wb1msslm}1O`G3z_|w& zu?uK0n|~JJvZZ`AKWqW5V#=7_>pzJN$K<$|A&*7rAd{mL+u-7lSRHRD8JaXTF-*Hr zPq@0A*8VQb_FmGEQfQB5ksegYpzYTlTWnYp`PT;%lQzr0ypKrYdh275U5`y7-u}C+ql@6gl1oW*-YIU)r6cGO%txZ)2yB z^a;z^LdeI+O1AWoi5Agv6?>rHWOERUn9Uhp2_$RduB%(ykMfUum7kco06OiDe-}4k z9%yL`Q}%%;oE#n{9;pHETfAUJ0#8w!uS&L8_cn*VYA3BlPnHs@CTa|GvUwD`SuOKA z=3k7J@g|!HIMI&-DvTO@=7bE2_`;?z{QgW1?2++2Y-%5>gmok@5F)^+8e+uMTOH2m zMm9J!6+fssYFW+m8VM$$qkc7O6?h8vCuM@JI-QRlm>!x42$*jcc!zL-qi+r9a!jBW z3y@7kmY~9rh+SmH!(c0k`eTF$X-5zBFW8kJv*O<7!%NzUx_1!Mddat9<)A`J2|H`a?07QO;Ev}XdF*o27ckcz|*$45V8zyHk}C>Imh35rw6(Gy7NEWN zF<=gv9T!~Q>{5=wA&HHgjQ7YGP|7_H$0STbxW)syS;m}2Kk;02sQf(9^H}E1Ecae< z?2DT`R8~Rs4`NvVh=@0xfxrCv#XJ|PlA?^!5a}i1&)SiCUXsmEXnAB z9%M*Q6(3I7l)p(l)<3P}gQkhWQ9;fL)3{_};ZP*E@#95@whqr@Aq5^3^n+elyJtKS z79pC;i9!W`RX$Y<&O@?OY34G(8Uf{=p5Qcf_-b+UXW~1?)i`|snUrya`q?S!LJrgE z9vlcZnId&~sFPS`_z`C7H^_~=;=Bo6L1q$RXrcrscftuhA{J?tr%|7 z0vRHJ;?OX{T${_4J3+t6wPIybqp1}ZnU37Qfc&XzAJY^(v54FroZ8ssnLAZpg)SVE zTunLt%wJLYm&8!!T*pI@R2Y*42viSET5p>x!VIR{7Th>u(WcW#!7QU$3W`Kb0-qWl z%jVjS@C6i7aw#sfN8i9xGKL%}5Vzz8VcGOIb#zOEDCUlI>iH(CgJQH8WERjD8_%Vo z_K|s$2L%u30!tcMVMSG{S1?eS16l$xMlH-eYeieEs5%D?V|6%zg6-^^$pHruH2{@i zy)z(JfzKm0Q9%TFk#U@9n`q-^EmFz!i+0n*EJ1xlpPVkh76rs_iw*B(Bw~VnyG9C zvTD1e=uuv)O5w`n+3RpKL!`n1&QPQ_fxj3SYVbZ_#E>hms|)L0Z-+f6x`OTHB3I=Yyv^_TDkV1X75kCFWy z&e7hCr?-4w6kqNnMs(t=ySYT5pcwZe9{}=t-riARHOWPPnOrRULgJ}VeP8e8PBXtx z{-`UAl9;46vOd4eHoxChmgS*>RK4CV=#1GrnO5e^SCXyDh~eXunPCrc93u9~e1y`3 zMhnsY_`7h3#VN7Eer$tEyCuKyr#8zsFtVvHp4jzRhV3g7S9{ndmW_q|ys|Zf3!lSE zTVi$L)JV<>`%-;6A~E;a-7Luld7{wRdMWE$P4qU(RGax|cEd_jF-21F$xFOZ02uh8k8{M!^#5pS47( z6u5dLGCAjK8MGSwE%HxIiF`MUEqYLDicTvo#`K1+jhS85ewgW`0mu+Q<0blRX^;q7 zZPmGmU1<8H%9C1~{!DWCsmn->7hdjc;Y%xz=CxK}^EATa70Py{8&;!u0ZDhL<>Jgy zh3E=Q=%H5OrPuGL|6e3BrhN4Q7U@iLHMuLoBd(*LZl|?oC{~(8n?%|fPp-}SzTKQ` zvaS=RB)Fhy*uzsW9^~eWnk0TJ6YXnVcH9lNyY%09=3A7G2w##M3)xpw0iXRTY5f@C z){c_f_5B>FI$6n;#~VZ2$ropLrBE!GgDQ@Z9-mb~#kjGH^SMu1ys#MTeM#-&>HHJp zWwNj(yV{BA6tM>tL!z!JsyeqFXj}8w7+~GhO-QK~Tx`kTHP#Tiygv3n%qqLpIbFpZQbLt8Cn_5$)!>IQ=ebU+tdv!Q zx^S8&FMxRLi}uKl?ih+Iynj#;!@NjZ2t`^CRrAqB6! zrVlmasn(Yf%6#p$y|~noaV#KsCW<(gmhB|-h2)$^vT8#olI7{}{SpCs+OL{xy|bg< zGjs4}SQ798Wu91AxsQ2w1eaj~ootV{&AVc+oUFPNiQ(tF52VTxh^(6DB1a^{xnf@S zbg+of2162`h#q=iV@o`}?V&1-O8@R=Cnl2!y+r9TEx#F%zfMI1zPGy|um zk`fjj*BwN~bG1#?4OV#Lho;vq^#zvrF|L4{BGVsuCK1XIno{+pRX-uI2Am8C$LQx9h*(-kELzqN z{57_R#TFfHafC2_A&Lw+HJw0{NwhgRS$^v1>(snaxxC}h^zF%YEFJ4MarBnz+RGCh zbG(;oY675)dJ4%AT&o%#ZKMPs$T!gKIv6*qJ6g3|KjH`S4y8x z_RFB^u}Z&IC|kwSKh8Sh#vF50CD`XKbRF&1$vs%G=UdQ|r1p~?Kb_hF? z<)NJGJ>ww(IuK+JzEXN%*q8F;gfFu(d=(KVa750 zF`ONXOA_g5i&C;XD@QZO>LdH~OT4G6PQJ_8ZTXrLF3&S(2`6VDMz$t)B#7tO9aW~fXdFaN zl6q7^B=j;IokR%PA0_cHczi4lEC9!G`qbD0p8fo%O39P*e+2UnCh}$G9GHIpaSh(O zVAJ4AlguL6Phh(hJd;riY`v0K|D48i$`pB>)d=)9$xRzB-@7<~NXr`+7+rhK9n0HK zhuyoJ1kjE_QeMOkC_83t>BZBM7;DMSb~YWi@w$cIGM#}$yge|!hyq7WVz0Zjo%ZhK z{S_~ao9R?&kawkhF^w~J$2&o!m z79t+G0@Oy&l|?j;br-GIW+L>$Vx!l-9L>CyD=xX{wSEW34Y^S4R@9J()}WaW`({rW zfv^B;ZqX8|>zAn^KS26=LDB!Afc9Ux!v7mUurM++{C5EH9|p<)5kUNJT#Yx{vT@sN zFgCOQgk%=^#{rv)Fjn3z^{Xo1ZJuQ^;!U3m?efp6orW36;a|Y~LAW;B8nsKBF zamPntxGxZ4zj!~q6klfo_&)Pt^nQF_A4>;$E~>b_UoQ^6zW#Fjui)@d>O8-W?|(1h z4(`AH78`i{d>&l!HaE>d`F@W>mwO0tZL8i27>zKpwuaquf+EC`!Q7nN!$R93*07fZXlSdp7s~oAk1DylO3#BU}?yqVxgq@{wyKUDvE{$jTUuw$@Oc7_;Q5a<1~3A!>o^KVoegGb=Yq5_ZT zcJ@+aE=og%loDCFpTK*7u~Oa#G?_2kT>@Ic)^2KiR0c@Sv{`}x|!`E`+9x~q%m_WEd! z(7%6Qzf7%RopCx7uin6_faeumLo?i(=)qO9+z!cbJft~+G_0Lr4OIDaJkLBRN11VJ|9w*11H88DCBaje#yl7EwdgTj>et zI1Z_*n4U|T5M%837hP|*L$m2CVkZ1$OURS`rd#1AOeP=?Iqkqj%X4F*kP5OywY3WH zRAO={=<0-JzwDnCCCv$Ul>tsS>|ncGCV4YKyPAi{HIevlSbV!1B)RqfT0Fi4MkLy- zP1nf*MGL`pu+pzCzVf-XB0iDm9sE|Uj|fAWT2@ znhb_JBIvs_YdB>HWSGcsif#Zx79GP)17RSw%C(Dn$#-cei}wUi9&_Eo@1(}XW=ZEb zDl0A)V&9*4I$PIpGi&j2&wEffcwIB_1TJ<}lcuaH@g9~pa%}9ufPXoG4 zdVrIkPZ{)psLJdS?qa<2!9c)N*5K$uv|>uVr3;|KmeB%LK}bhPy$Zw477CD_kuOi6 z#-ya5Y@LF3dGzcmP9|=Xc@%FH1*Ul({{wFURx=i!e@XSvO{0pIGQ&j zy!5`dYba<^yIN#Qw9qRVEek-Ojq-~DU5J}Gg9ZF&@H;C97BkLKD_agnBC@!jl}tJ=62^C&0^n^P+tG6m#Xv5I%qQz+}C zV?%4oaY2TD`TYmftjb{3YG8>iRC_ge%U~)Yl*`OD9 z4CJ+o5{YxrsdBj4GIhuC)3yN@1=4A|u}m`?apQX6jBO*UYrPel;r9W#Ncv)DTONXJ z!d_!Cq@CVm&$16h6}Mp#dloz@Q}+FIHfj`G*jJ#s?Mn2pZr>`ruFzvH)3kM8W5#%luZZGY&Dxk@?|6_Hx7f!lWz=BI56fIxtHF5uLJo0qA*RO#_$=$hU>hH_%YMDAV3M5NternQwss?)BSQB;l zTIj7|w-=RjTnn_EGj`^!>HnIOKOY5liBY7a3_=`FtwUtm*UM{XfKiE2PEY!NFcB0M z{uw=4I`BKE8bJM@PK*Dv*qInu{`+l%_5YSVvHmY*Pxk-De!c%6$V{I|v>yS1{Gp%? z6zEyudDS)m56Xr9`}4%%9V4-jgxk>#egG(xSn=2aZ_nqe+Em>4{qA57*!hcZi#sQL&^oktAmo0Kb9!pb{hKM8Veqjp)`6W?JLma3#hB;)V$v_qr?g#IPK{@p z<(s90`Qi=C8>#tQI}|rod$8w9gnUzo=1$w#Msizv*M2RWMIhG%`Fk)Sm5!sl^BoFf zsrZo2EoJsXCusMUfjSqgGM$>;#}p0dc4}pMKPHuowFTq6=(cAtKd1QQgs!CXQRglk zY?tzY1P0>_RR&eeljr@|M{M^%6RGcmx8&;4G((EMDrjB+ttA;KSX7d9!m;q3H!|9D zFIkmQIZQ1S`rxU~VR$!)4Dgm{SJMz$YoX6;us~RQ=ze;N5oQM8WJq!#r~dElS$;-r z_`g{1DlC&l#fT`)1EHYnXl0`;|Mv;j}R4aZj{qVAwFggG!HES|S`RS(k)kLq@}& zjxtg^Fg7mK*CZU`bcYCe(mUCvX;RX&WEYmDPS*1>IR*ixnnAz>=+g4i`fAvBtN{>W zDju$n=>&kBTjTKzW9RSBXa|CL_QkqK$~8g}d|fax?mPk>7ibZju@H-AXp&)h%yUlB zuX;933Oi9HCc6eSc^GsM6Y%EF ze%R6*0zxw`+e8CJ380uz^Z9?|P25;P{dYLOhpoZAm~xi}o1-R7Mb6eg?otT?esm;g zf^RMFK{JGauLkkVlByUa`Ozb!8o>-f499?R1_=WWpJt|i3`iD%+bi~|cpBgoGyh5I zag>dz4qRu}<#ud! z7np=2B^h9>SC8isLm#lx6fl1opX+wh$v%5dfco&r3{ZKW=jJ0s00Rzt3@MopvZHIV zPd|Vy&4VSyBVBwUSu<>)CNSBdTyr#pvsV~&3;?ktaPSbz15T0O`Sf+Z-Uphn#r0=< zW~M~Ez~BrI3Pc_0&~|$55@8M3&rtP_a7TG65eb2SkdV867|aNz8X!rb9t4WVnorgr z&75hL-z*QX1YI@UIs##g2Sk?v0|7NtWi`#|jW9s>pN<9d-^)JOsYL^2*Ojd+KM#B) zp5!E+XmxQUfJa(5;tCsmAF#HVCX@#SdA}1IuO$nre%e6O0rrNaLHCOaQB=Oee@+hN z&_RFHo7Mq2BbVBxLl0x!*v7noTaW3j4KZ9o$N+B$B2XJ#^MfjCZkxbG{UF%-wIe}(jlx#{ik8OI|2 z!H09@OdN~H8m3~;Jj7UzIU|Kl0I}u2bBc;R8;VuW*;IOnx z$lX04Y~HsCRbt~hjCc-f)F4wb?|hItTK32tm)i*uA^=+tIo?#5T4rITaG|Ee6N#2G z5Q%L2H?!>!dx;)rxw2G*$UY}3=SkJJNu<^V8PyPrppw+h6!2oMU0UQ!lG9YMCCdSu zf{nS5NM3?rM~tB(*$x~)1#gXok)+xUBgXZt?i;bn&6pV937*jtdR%yjXX|T4T0FhP8(~c47DWhsBm2wkw zqB-hS)>pQ&@or6^vQCq{Qn6Mdw*}!0a*k8P<}%kSqIVW*b}1qfJt$4&BqU9oorn)v zqMuW|j|DpO8b@dB4R4RVm2^_m-vhgjhwj~rPEEFz-%69@76@8Vnh>|nnh2CPefp%% za%E_Bk+pQKTK2olbicS;ltJY5rO{2oc&)JZZLXzk>6I%dg!j43T-av6%5>_MT9Fx2 zhHy*RF{Lfyr9Dg$V$?w(+v~4GPusqs9;r(@oB(dKh>|KXes8J0fed~TG?FDu(h>LA zrbg6rlMJ3hhGsSfJU2D{2Qxb3C=VPz0C<5CRLK7#UNar|*Qg80;Zs2w1}M50t=Bw( z5}2p#&jv5PCH3L3TCYMCnjG0HghztxJI0u>4E{xIpzoPFl#ps|Ic5^Bcu$!}xH1tO zd)T72z(LInCy9_{--l*petAJ5Nt#WQw4{PLw_-{PO5$2!L&0Q>86#s?Z$)hfPK-P6 zkP$(Y8E>^muUgZmmf`GKFl&bF)bD5zH$4$9V;2$wD+B^2jq)rA50CS% z$^21yNY5;WCC@o=H|w&p#Z3L$(h7H&29nV^-YiXys6AWT`?gTKa-7j*ZG5RuloAO( z_715jN$nw~RVNYXi8s*3toWl!r+usN;3bBONjtGDzWQRJ?R@_3 zWAJ7x`MiYP{;zb6IC`-Va(2g|>s1vo-qw)siUz}ugd%QDx)G=IN&M)|F@Q0TF;f(vQ>+HWO zDl82D-6v=L56R)b6C&3CoqlU7_P7&v=S_W?OF*?cj1-yz(NgwfX(ra0UP6(X~yVS$Q8(XP-8|av0y+ z`+0nRxw$AC=^pKrzLx!R&8;0`o_1hmAoXcuc-W5_s(_WTO{}gB@(@Vz^=XoVnuQu94iU&d_b=+RmUElg<|~pP%+`Q=5A~VooP>0E(kn6_qStt zJ!De|gYW(Bf?wj${Q@e@2SP}?VWV*Y*OreB43c=)8F)xkyntpf$_3L+xL$@P8E6?C zPQsK(_ZN#{>po=h6>$l!Yxf0N?vF`7Z7RY>AUzBY;u3E>|DGGe{T!0C)d zrjOm|;nKrFFBAuHwb^fj0dG7AN27C`fQM{z$jVWj&0X`oF)~QsKZh6qKoWV02ILQ@ zz!h_d?!U0A!PeyypwWE~%p1D8A1O-VOz+o~SMbLG*%T4Yso^m^htqR%ia6{PZ4i_h z_863PWO4e-ben@O?L(oF5%D`-CSUyN#d~J>Ngxcu>r4_f9DD?02tJ(hN(kM^#Q=1ng}o&U?Lx3;?&8Of+Pxs;Af(Oa++Vt5z`3^s2vX8n zZAyya!qmy1p^fR8km#lvL`;6%J~HBVA0&(hZcSWLMluJ+@|*euwk;zNW}S#oOTV$F z;qZe>-Bz7*b$)|DI{A89&N(UE!I$5)5=l3F=eQzKKvpT%0M2hJ1juaQDEqiV0)1L$ zKVD@DIg!#wTf}KXgrL&#VX8u_*4bccpQZ!jnP-?&HE!P_30XRCt$GA$lVOJJ%$O(E zx$mE*$yDiG%XzxEv=}uo(@`g^?oG^h@(+0}PVCs<<|A~+c%U2^M`GohOwR3+|iXrcceN3lQ}eEp<$K#!a{ zu@6V1_Uf1Tz6KikXa|0KFSjlqdqn(Oz0adwT$7U%yBwJ*2gf>C;H zyy84JpW3;yoKzoFW~neHFEzYQO`2UKBS}5epYe4);QJ-*66J6b$;&CHq9&~ZZ&4Nw z!ts5}zpKuWFz&P1bycF#QtZh%0f1D+Er#VTv4DzeF9Sxk$igL&6v0T*mdU7w4QKmF z%4JwL71>o)0x>c5?T8F77TI3;_cn07b6ygBDeC5G4!ed~7d4`-4NFS8?L!GA&O4W2 zUIH@J_!EC>kCVRE@XPuViQJ#|5~pfXr=)h8N{?L5c{#u9+A4A$9i}w6L5VWf%1p(( zXw}>Xf@wS6A<~zDsXwS4v-QmhkR<=GCOGilF)6P8#($a((*3Clc$91`KD~BkCJiW( z_CWX>xKsAPDCX83m2e~TrHi={SE@bsN42ves1@Jj3cm5hd3=@h^aC-S&}wW7sW?xv z1ub-*v&3`21p6R0ro^Zb`02IL;Vd6T347J$c7rjGn{pMc&M@ySyyax7M^$-ny{+Js zjM0}elH$aPtC;jV-+7rIhIWGXo)C(VGYvZfqjFgFq$SvnrJzwr1}XzsZT!TtktfE% zy-}#arZv7yTFfHL6uC!6br6s8n7EW@ycRlNMarBKeaeT?P{^)J}Bpc)n?F0OD2aQna7&Sfz#V z2|YzaPunTYi<0D$kyy9l-kwBKYlm8nBV4|oSSE%aS-Eb#P&R?_yM&{ouVq8yP&MSSnT0I& z(_T74x7WwItQHHJN>>s;^uWtjjRYMg0jkEc}U0t=} zk+S`%^Y9*}zf=EZ#XoL}3zJ^7 ziky3_`ZQ%FSShRhwA!cot0lzjik6jBDtc5P>^wV6wr1)Mvc;0_QQ#k{8x~_xGsVoy z2B&Nh9BI^lG_z0o8CiwavsbH?7H)`ySbHMz(NSuVmLl75$-JY4TnCBQv{L7CZQ`+K zwcp_5(l51?H=K_gv-?Nbbaoc@?jiL@b%rYSpBdrE`@HHRd}GPC+ZqXjqyP@31ap(T zQvfStlR*++tL46nK5#|s*xC3-@5xLHa7i3&@HsYD+yu)wH7hF#&IlxJ8tuLs1?bY= zrjAA@+9wo;t%%K+yf`R&TffXKPjgCxw)~e6e+o6z{?eACk2m?|wn zAXBnWG$PPSPlkw*_WHp`q5qsPhbXb%F&It*+x~#M1r|{Rf1$cfnyWC(RDd+zF?=A- zbT1#W_E&cwRs4%m zTD>#dZ=ndN$yqX+!hk+f?Dqo!waejJD-1jU%Nz8v+>uHp1A$`g}9#zOz| ziG%6NSxsDYi#z(taPb_X3IG8WXzTlApx|RJ1lqOh0eh7*vz!yoZJU1$k?Om1vg5^m zyAPn`do~99iQmJ#wt=FukmeBSn=*p&spIytbn*KTYHa>LeboG?Vb9FS`QOjptpB00 z{2w1R|0@xij&{`5IHK=c-ThM_*&pRLtY`xsWAMjTLjriiy~LSDl7MUJAK%K(&JUsr z(hYMTGhnlR@uf>?*PSZ9IYj!$_q`#%SRmhO74fr`hqgZapU0txJx3KBzt6FQFUNQz z{|-5*_pkS@2Y7YQtjhBaX%zC7xIGx;aqXhx@8Jdx$vUPKVKI| z@?leB2V)b2Qj=)~JR(noRv0sqSUNQalG)-F@VK_i9sNxCzWo#n6;NM4pnbi>Y}MtI@1&Iws{4{YNii5aqK z#h;;=B3L^NkYFg25p4uasKLGWFsq9bpTm2J<@5Abf_zy>xF6`;2^94qq=H{M3N$1% zkG8Tu63!|BKEJC(c{~X%k0UZXh}q@yg%LzfY{$_GC(?1p65BxXuYwF-Fg&AaVB(G= zokfkLu$m*1tf5k~=L9k;vlK)~e#@}gvXyw4;%HTk>l@U6$D8W8K3iquFfuMh=W{7S zi?iyk(cXQKOVl;TM4mj*i`IJLC~Zi#C@`bp>wHYN1;UxK;Al1ZA5AT)yx@^Crz~|> z1RF=^gcRJa6wBs{2O?xYa55s^qK^B(rU+u-bIC1v9=NXu;E15Z2u4`sYlgHT< zR&CR5%8HeM>|T%O6x>#@snVu;R*QIX*Qc@f1NexcX|V92h%&5SA__so$K^>K4W|ka z_@uACra3|YY8IRoKLSm`O5k+`Brl0$k?2mU1PxLHt_U*TW3g%$9>F%W3)6O%x7{PC zDKi=VHFcoMWRJIjS`3aPls~$vb!tFoZlbq7L$Q&WR-D6us8mm(neoAtnfK%%k59%- z{u{35isV#UndeqIQK`?sDbb^o59MZwghLJJeJr*$!6kdHv8aT==xlDYvsJ{ySe zJOS%~Xnud)D=zA;5wV^hpcaa`&+6cGgi^zMxtC}F)rw@CuJ1MZL^VdYt`|v{VtuVh zs*b8CFlj51$ei0RHt?6XuN#0^CQn-5kYG!`tYAO0BN*_mbvVdvRc^Byyxf|+BN(U+ zs8&?}q1ClnA|sxDC1$8c`&>>X#Vu+fhKS;Q9tHpLumXvTE;~pvJTL&*p*o)cilrrv zXTm&_+sk%Xp^V-{Kg35^prmCjJLOu&2b#_4^@2Kx&Qs+E@$oy`4=GCtI#iidDk7@5 zXL&Rg3>IzZQiiaVMdGDtvp~WBExxov*Il~7t&NkFcU1{ia3-)Gc^E273M8tJC}m@6 z#(J_a6URtW(k?Z##ZanUk8n~7h;Nw&qgZM7+JXQ_H&2`MTCCUgV9{ft_|;8vy`?K1 zFlD>MHce(qmNv@TA}tH1<`w84xJuBvby?;Ton5_YHW^m9)tpJKe7e^3yRGd1VeB1a zL}{}&+_vrAwr$(oZQHhcw{6?DZQHhO8)wg(%$bvXlblKFPo;iW<*v2v=enq3G2Wq zbfcqc40umivF;GKwh0?|cDO|TVrgoX=EKpw7G`mF=1*Z)?4r>|eZW28u}&!KM{yTO zvnbXXHBhbSXJTKUY8drw*O1Jx+rV|`bldoi^b^V9RDc2-uT}@l&vN8^F z#bRfo_r7k?mml(*_P#EtzTD@9=Yj6J6dd9Q=G%}z+4s<)H`8}fRuAkCCEDSvw-j!s zvIPmU%^>MDj0xSagL#0qNl>RK`WfrJf;Zol<}!F?L?34~A=gkW`X;dDAG+jAI?d%? zbn8VN0JPL8TmVb^hp$^@t1E3Wg)Y0w!P$kieZ>L~!qOlqX6L6A->OhaKTPfWV;ZXn z)}%AnjzG(?;$uY1q-o<%tSoleVD1aRDZvqJ6~>LO8>C9L3qf@1Kh%{++e>eIRuYP?UrH4El_lz@#T+XT=IkiW&Xek4nBoda)xsdyn7^;mXdtm z%x0o4^3N=q4JelNO=B6yP_S@C?;2;AYJ#HyfP#gyv#9gSVf~J)p>fvD;slLQ5F<~L zqv;&2yc|zIHT9LpoQZ_}E_j#hE7{|0A$Nf8cZIrNZlkn5%Vv6jIcVr3v;ZvI=EZ%Z zfOBWR2PWVNvHCoQ`R1;?v{sQ^xgCd>NZ+2;+b zBs+iTlE*WjvM!aY+YNiCZ`+A{-!=6~z_|A(4vxZp-CG?8yB<*YIF}|@+Tl0))&*WZ z?fmG_*m(q(oe$lJ&HdZA5sxJuG>Vhs3Vfr{HPig$!!gjPxZfG5G89rs_4>laX#M69 zegKk2%KvR*u`48thrtgZw1|I>QsztSPMCas4QVKF)6WV6=@KgGb`>k=%vw##4{n9p z!+Pz`)8$}jrQ=qZTaZW+2#}@9wcYx5Wl?mCRU!2f{t}CRM@p9|+VmIiS_j>%#QZ0R zuMW&#k#G`ehcn|<)RncCzWPFt){i?O*qw;UasP|6Ctk@ccM^B&6N?k691o41=Jf#& z-nlw$vFW$nj- zuH48A8Q*S|&FzfE%lFLI&Ws88?WOBY&yNGfWoHiD__Q5B!z+8|l&7cfihB+7*6YOw zU$*Rx93PD+I1hKm^zHc6IXyY1DSfWF62>vlD?7t3$}xQ;`^l~U!(hybJKwzFD?=qn zWB(2U-2{Yh&nK@^g~-9;KP(*Vjbh)h8SuyjL7-QB{(<+&7ac5j2{?!l6w zTflUQISe*mC|JzE0y(VKrTemek1up;KTy9HY4jvpg}f+XmoKp7680kl9f9`YS4BYf zZDbO3XFk2j6F)m@G$)c`f;+BMTpJFIfYEc{t9t+8F6m|{6Z1eY|tMLf9bH+M*ZOwnY_^WMXAFxYXLli!2(50WR6F zR{5D)e+}(jRulZ()!a=|t|lU4B+7@y1$2nISm4=EN0IpLCbwl()5EK$Za1X|Ce#A8 z4YI?zQD%XsDr#u6k13NRlrdDyO(-kP0xpX-AX~F}G(}h}#`I0|b?Hj?;rR|#w-)u# zrj=q%*5^_Kk}jz8`0bp90$R&I>+V&e#$lqc^ivOGpn-A_QlgKtu6yKS=R>~wgcKL@ zg2==a1%kV1a{7f2*hnH`fB(l~8lXDJjyT8EpO&Wx=wY+QC6E#=kbt4yv1M$_rOUll{^qzsw;5Q}v zaKAZ6GG~(9;e^l{=AjfiY*rB&?FXY~H31}rh9h$*bpb|50zv}2*?n%2z(~QYT4|6# z&YB;!md;4oXltq}xO}lMVu`1It{~X-Lt3JQSqF^=SJgg9yB0F&bRD61X2C6rfdRle z7%eCREGJDo3_VR1J5d&QcYxlsKYd&LBkV<;!Y7*t{pem$7 z#+;rs?1cvDaB9lV@$}uiX+487SaMDmS5tuN)2LH^&$pUWfUwdpV$s^hiu zh|jQz9(kEu2~7QQh3)zNJ1m&MGOQQKsl2M}<*5dt9pkK%5s#T>yW>p}=ba&^`;zZ` z!ry<@BDWbMnFDwy^|A9|B{UzH1_))7_U4kRbsg&rfLhAIGTlXuB{IYG3S+crcr08l zb!v>;c{J24#sL|ODm7Xf0Zz!7Ma0yn=c!24lD?oN1QCZ|*&MNLbKV_Ni364KWj zP@?Qp$$8SgcIcoNuH5f_iMpn9a|@+ZoH}&2FE9BEupLZL81)^~a0`Wezt@rqmObLY zzesS7Zi&AxQ;KQ)E)!gVm7QtNlhu4LQR$R3q)@j{wKsr_vS(7Dx0=&6QCrZ>*(RkR zeXC~;<1B`1MQoKOno&%3AT*c3vUj zR2W0W*FD^F z2KPaikGeLFnjy_!NT>WrUq;v7u@hQ{+iClXQ@K^O@ZMGV&YX%d(2qGDX|eG(I~q#S z5(`9w=T66~--Ku5V{Y9@#~T9Xn0lW!m%p>HbtaXWH8(4C1}7vm4XQWm$?ZPKU$|V# zuh1Xh0!MXJSVoyW>($y2o*l4GW}?0_>F~1)F+;n*o|RmIDA_>rU4W$lJmMZdk52BL zP^R&lzAaJTUNB{4b9m8R#ECr~&}s%d-tFa(kGcX}_SrCpXYPgp2tKrv??j^?^I?XF zzvsmS*#hg+P-R_(G)~rD5ewj7{F=jWEfc6!Dx#TMP}zJh;JH0$0w+|bdZw1HDuhA# z>q=7a_>*~8I;L@Kmu_V35w_JyTAWP-XwnclCrb4{XU=87H)j$vv<74Lcd1H)mNi4?G?Mi zmayXVhlL)v+dPEfDA@ffUnx7J+TpbF_u zwE8l(xGyvD9-)l2^IOvg^=n#h^~v~g{1vl(Vm(GL!(Mx<=AKLO^{vSBy%PcETyBlm z*BSh4j{B8$3K)Q>`;8N-(TyJlpzoY}&*>pd7s>Xg4_7Fq(NjuJ^v>`v;JRoAnX664%Cv0+4$Q*zNxuw^VNovxC4X$x_o+{)$|4RAos9T$PEFS zD)Q;UhRew}8tb^&B1Q#b*9o6Vvo+!M9uLORd$}3l<2wE(-{rD?yS_O2+d*Fc!qHf} zzQ}ILAqs}YWKB0B~QFY^403r-sjK&?4E zk7DaMq^Uiyc7P_3DLl^?3|dMLOy-N=!HNOCGccRJSuj!6^|4{^mLW11OS`l`K&3&JJ7Y4M52u6Kf&4FY=w zUj!^P^vfBi*^j#u{N{SeJ_j3nx1***^Kq9Z<>b+ODLXifjY=;CyW0aKpEgF&vwpZ= z4tCYaFwgr8GRu&n4oh}GJhmUiC-wei@}65{AfSuOHb;219YR~`?t#83VM7C#vflLcyo6z z(K?`FZh~Pj0$#Du%Y%0ruR(~%uGGjl0tcg0O8V6z3?oB$wm)@zR7Tt9+c&87a;>NP ziax=Hwd#?sm@TxPokK^Ee%o^&)d3{>j@8Eg3dCgD&?5!P%ozyEzVxt%sxX%B!fg0!&hOmJyBgjad>KWb80NFlryN4tFx9FU3(}WI@yjzH`?p5 zD<{MggG!RsP3(2lo3E$R-V~M}=WEM(*wjfG!XL>OF0YYlQHVik4QI_}BwLwWK*`mV zeaOm+YYyl>{=<-xV@g$Mmu>#la4KK0j$|HBHkys%38)%4YEC)-nzKJ88bN!QDSMa7 zpO>35otIKeBuSO%!VO5}5JT$96t3tLnQIBjo46WIR9!->eErv!lB-Y2XNWyfKkhFP zgpAG>CJ8d2?CJDKCk}gGRV;t5;JdKddrGVC(D+%e#+Z$j$_Nc&mhRd9$Fp_vf zBO5gM3UsJl#r?ZC#N=AwY0o~E(*vv`WGFiMouh(thB_(Kz%b(54N|jYI5`!qJE}S> zZ%~+=2~rX}zFlTsFM^AbcB^4=_C_;g!;FwY_!Hn_HZ*ITbLyRvMBPLy&2NtlvZ3_W zLz&ENlI-HK+<^b6D%aJ`EZ0_|G$2wm6jm!c^R}a$3Qi+8+^1 z^9$lP`_3n@Bo$2WQ=R;I9hI`ig#{lz%B!RHyT#%;8%*nhxoG{mT!B%zb?yd=#tgv^ zS}5y?Zjx3gEXDWYSsSRUsK58wB(3&aT5`u(*EDFh4xAy#fCf3rMX73MZVWethf3iM z^{gi5*RB2iGFxpA+x1o&`(o(EGdtPjT+LtczGRgaPvtW4UFz|mFgaY}^;JG-Jb$SV z$b6FVsNqAAZ~F08bs;|q#8ii?w>yFO8O=>&bvHC4;h+BQS?9#0+v2tkmzGCrfSjbK zNj9UvtQ^m{4wZH-Ga1{8D8Sux9M4_>*b}gxei&4%lngEo_a%L9>VYGgaU}~a<@HH~ z9XA>hD!x+9+5|)KmmUFVR3_?J>aqgJwHcTlWp&8CYQM2t8^P<&>i80IHS@NkwHF|O z;#`W8N@xUARv0CSFVODXpHLbM(p)gC;#xtp=ROUGQT5Z62McM?rfTA|#n>Vg8X+j{ z1G^`H(;Da#3fmxcbQ&U$pc%jqAV#u4TMgpSCGCvQTN8;7!6>e)D7GtMTqonO-KV~d z6(*H&Y^YNw&+T5zyPf;uZ3faTBnFBHw<-ts=t8!H!YscU4&`g>DYo&72mMU&DhG;i zHZ_AXyn@sbdoRXplc-B9lxgkL=N*4J+oMrbn`X1^Dma>t?aH`b23#Px@Lo76N^JY) zyAQ~1lQ_vL2EB^7!uK4KaG zZC+Ox%ll>s&n^B*5WXP@13F;1t9cZ|y^a5|*hM>u2IJ z4nbpmZ~TBSHzvUNZ_(r54OvEdw*RO-SpToY1d$IF4oeIW;4!Qxa$eovvJszlaH`@H=2in!f`DTX zG7{Ca(I#j*-nxQY zT;WD6(>M9Zq;TcHf0OMv*taU(40RoJMIYPabeZF|EN@BOj|*&6|F9A5m>uy239Q!8 z6k-+#(Q3q;87WR(Y~9x)KxBNpAUh8c?(N+*!_@@fhT0t*LX2Hjzzfgee$Q8iEBY7i0iZ5h<}_O(rZQ?DJF@nl>RcO^YB;WMH7z@f&2Th%y=L zRSX+m8ZhQJH!Y7NgyNf!Il-ea_WFz-H^mtG!eS$V?YZoriD(CtcaD%rRzIE6O=xm6 z66DZj;Bt9Ic;HIk!-O(Era9LzLxNkWnv(xFoGQ7pjv`nICYI67&eqS zZl*i>U^CqIig~=i2fWQzrRl^?EbhPb{`0avGtaINxo792 z1#0EsQGQAsrBPAF4!Uv+WsH7`%kX<++P!(p$9CI6|GR}%4jQK z3yH10xrfe*s|{K$Aly@C0WzxlsEF}mc1e0&hXd^J{J4<5Adqfoc zyFx)#(Kr!%GAEXyE>=rXyzC-BV-b6mp%1}C6DG?(dFR$hpjTe^p(4%Bkfg@>mD5Cx z{a)ifR+2bhz2%F2uxaywk9WdNT*}#Mshp)vL{P5PX&%3;-xw*8WBa6y>I#ay^_2Nd zXts=?HHQw;AEl#;IU9{u!OY60@rmm>SNi<;70U>e0kT6JV<;N1c)T!!#Oek*bJJjjrJuOGT zo-7+`oK81BO1v+h7ZJ|GQg4`Qu zX#m5caaZHEYSX!elPe#!c?xqs#L-SOX)YzPghc)^Wo-gwfXuT>WlNAD4mB6#stxzZ zeJsi->o|I^aMuh<0e;d^ksx&cv)lnve^fhs6|_duRqOIN$@qpdki_8e#LnT#?H3?i zs`{z#aJHM1p-UMaw$ZTea{6#j&z9l zm@!8#3)PQxodBjP`tAI^JFBIFJWz#&O;w!ya*NLmBAOty_6f0KU_~0txqE()r^Ed& z3>6xaBHjpTf_!T138%Df8ft{sYLVB8*iv^UqgqB#N8D)9As7`~g5>Q>a^pUVDwKwM z*E7;~_^=PM{>401)jqbvQQGDq86p}~msiFCT{aq}lh>^_K@5*l1 zP35W><)&DmiE@>wdCcnh^LF-Eqw-|t{fr8YHOy+ICbdMCViyhc4ka`+)qpe7G^rFy z)kzy=_XO?P07&EExU|(=QgfDV0-KrgDNT*e+j4oeW4_(uwTzTuA#HT7w9rXxSpap4 zPth=JH`LCbZsK7p{f@!cIivy(M9ce8T;122fb!0EngzQcL((M;)boW^VZdkY=ggDl~x z1{Q<*vn!q1s)(oQl8l$-D%%+G8$wN0m(l5EnZ0yLop9|4*Tmk3*qv=Tn@Q3&P%-bO z-O<-WC5MPzHN$!@7I^aWcU*@QY(5PKqp1tycx=l=75gh0Z5l7eu{f!>DA18se{CD9 zaJn_RFQe}@Q$%XiEc8>3Bf1wBDf1H?2g|N~dDO~rEj)E^RI-TI-^N32l1LKM8NVw` zfD1#lbR|pYm)OEG;~8pWy6YT-u*^S;>xdD7yO`Ta>DH}CWDWUIxyefX|H^9vD5Q)bab#WL5Hd@IX=-3xe!L* zl5LvXCr74o1S#LzUs1B8o90*AK=^L+Ed#@0EttDqX%X#cK423srM1_b z{gqQwYusI$)4OorW^n}G4>qu~$69Er?u?7*?WLO}p;}CT1*C++CD;z^Ea@ru2`&r3 zHm*#O3sIeFH&ksxsWNw~4`L+%k`7#_FLgULiuiC;$o){2K?j#+EB8H7gFk5da}8I! zyfY4lGVfm`Py8JNiYB(4tq(3D+3@O`2U z3h{E$!a`@~s{?#UxbrfW#5li!^wFGsrA)_VpjI5wB?aToj}+igQ8<-vA+>JsNyJdF zf2?kUNA}Z^V<3w>J4YWk<|i_m#ay@J6kD+K#(_ujglHwDrXa!2F!;(my-?=QTCuMo zazv1KB80{s08BlLIgJEo8Kb-l1?eMo(J7jBm+faZ#jX9Q7>_B1xL15}R;0_6S@Y^!<#OU6U%Z8M z+YGC0?9{tx4$+eWTjDWleZ)Ibo9%7eO5LzwJvu~0HZZ0RK@I|d9D%LRBk9PtV`PK1 zJYV-r;zYO!S{QreWs&i>qRX&5syOR-aJblvn+*MT62LpCKghyNL4UrqU~wGiaMJGF z{b26w%mexW4F4`{?IiEATMXP7-`>^{-k8>cYWsgmW$p^JTH*IBNBa*e7!+>va?Z%t zS62&6X!BVL&7k}ob!hCE99e|`{~jJVz?o5+Pfa5n-M}&=Ljg~eDM282NM@ZJ1S3!IvYg%qztWMLna@D{6et=qnCp=>O1 zbP0bI823|x2%{^PZ z+D+3R$+&bRPS5?s@H^^MRN8##VUvRDK9|c<>pqx`LV+cIHIftyRyP=PZgWN+Tswh5 z*n@=Q7nmrcI3#iia`m?0v<)*2?x23FZSOS;W@CxNFf;jW9J6V&kf_5-GDvJ846mQNz>OLdy0kbQ~2ycVk-6~lP3 zmNSS@T=UL03rWP@Sst?PDwkIY8{T$zLzf%y=4r2s*$&k4ZdV|tQth*1M zC4(4cHQFihiTE!5xnZX*&7Kp7BKPL^et<`EEWtlZY%J@wu{)WkCiI7NCdaQ0dj!p) z?KIlusQAj8pIZ5SE{B3}>O+L$<}*RYv5F9dC{1_Vo)O4)Ox zU9+{t4LkX?s28nc$JV4&8Fk#=cJ{J&9sHD8(Fe{h+;0ZO42ymwdz<^+z{68^(8V>k z!@_5d;n7GD6yAGjNtlO*w{TpF3+XVMhw?ioCQCJ7f`m$u%N%k}WhZldNk5u9-@$iz zV%bR!I{8e2#ocvjvjiB-eRAA1=Xy-)h<=!HhSc}YytDpWN>3K%rbhRRnlSR&a%tvr1)f z8z^=oY*LYy*)_NzG>XGT;tA5$!>wj)PNtYmY2UJnHlucKf!ws&)=ukS%WS<=!3Fy< z;Fhz4%cxO%pcWfT!$M6n9dKQOwz9E$Bfuaf&aJl90Yi&q z^yFtR=?j);&`QXMO~(cw3E&2s9)L)ebTWtw1}ztJq=PxNaZkj0X61W&vQM5V1%Aee zJ}bC5-;+0saDgdggL{5uZm5*q{~q=<+qpD8H(QDhTBw%MbmlY-);0)f#=wMELaW7G z)M9%;=KB7u?mTeGf^TAIKEh|=%Hl{$laf!;oTvnttpPFI4p8npVQSgwDP{!;e6DwT zw2_lPVa~T!|>FyjqD9RriG)Qe~wbUe*b3 zb=zSC{8F(5ObiI)Y(dLyolsV8EU9=-Fec#$2zTEq$wCeqeFJ}h&cfxDKwIk3Oe#w7 z=9H&S3+^ZZ8b+z9sn;*ZF-%=YgA*M?J-fdA-D{;enHbasWH{D+;=V149&Tqd_Y!H# z&ciXFw`A$I3N|P7#MCP(ptCBptM9;Tu)@<;UoXPwq)Yg>HcDxhRonCw(;7QUJz1JmrRnGWQ2v-vdPs*+=~mKvBNr?_0B*^ zb-|!?X01!O1LGE+W$3lnu$>_+Zw!6Do!f_kom--mj_tfyo1ZtA9P#S~+n2b8DAA8x zgnM7=U_8L=cK%T(9c~6`?3*4#V`RwW8ke;-S*-Ubwt!}uf%cDPN44=~;Tp%^Iq#UwU+p79E>( zQbY&0MzkF1$YMe~q<9)BF@cfaH@zJ?h3PkxNFL+SD3Bcs!4}(=vkFol2{9|sB&c7x zMx_ozwTiUDo`uQsO|?}h!C>Sx6O8(5R%(=qLJz)P&j?qhWw(DXu4E`pR4lOsjo#3; zMI1cd#y@gG-W*?emez>v|81oH@8&BL3p3;Y`_stwf7OO;|C8EKLn?y!Zy)xrE&D+* z=}D3TR78*uzMF>mwf53_1q=^nJL0Ds6)FftQX)-VyMd>R9%fO=^bGOW-4NHHNcQ*3 z?M?#3Po)ys$5G+Vnl;r9sWTH3JfEYegzL$AO0VuB}Ezam8=_kZ#Hjad%}x>Nz?6Ft14P zy_h@yTCHHkBLi-p6;ZdVL@-Q3f|yHTjy+OWWqmof&(2I4UWTeWDSZ3sk_E%h0pao! zkruwemm^cp_=ch5@4~T zXniFE-|h5ky}oynH$Y3mUqk{)n+6_T+(C2$=h9*9hTXf_D&;hi-Q%F+gLa!ecKQv% zRX*FX%b|BP`@NL2OK?o6vV$P@fecZX(9Cs2B8;B90(yMZA}HJ zkm0z*CWn~qJpTm&A8Z)fcb3nUyDpTsfZiauXCE><*X_^Etbb>ZR;tdWC%;Bua=XoH zMS*lMs%T2( zLgNdQBFt2?bqIJN2MrY!H$PImap3|gKRj6OC^Y?rQgvCOunw@g zzv4HRF^-0VOiH-WyFq3nN=5TVPg-tN7D#!wGl1Pn85-(_5(! zJ(t5~U3$2_T_A&PNFp_u^}XbJpg&&X!#HPP!T`8v9$M&jI8KH$Q%wCXEc-+TLm{+B zOd@=#E^!WbdTQ(E3WpxjkPOYPYkN-qABimF4KZ)xu4O^QBEz-Pw310Ms8OuYNBMjK z@IO7o!4`4E4og^dN3 zo>%%7`|;v7EV*&u)d4f?9qV|e=p;~Thl~cP0iIch{Rt)( zgO`$(fLTwV;3N;O&kNN@c~Dri!{4XztjMf0Q)lyq73)b>;9I}#2cg_om2=2XEGktj zdG$Fds|9 zJ-Sw(hcT0={k{pTHl$oc+DsIfDX>Wq+^dq%rh#jEoek~DMRAO|I0l)LY8z_=$BuKs zZt`sOEwhW2i_C7?7wm5%TpU;v^F~z~9PS(*2a?p?+SfNuV-_ty?{{{h^znQqd6ox( zm{4?EkEuY`32l~&&P-FQ%I`MtT2JISE)wEfvj+q_y2*ax4tUShbUD1jNf1W)?-?Md2WyRbyRU6XW zZeKE=Ma#P|Mxt#4o$D!rM-I}6uu-;~ZVqShuC4J^oq&*`Q^F_Je7<0zNx4nki&03- z&8EE+_~Njvj7F}ObpYm8u3Rruh!Q(|5`Sm&TXe=D-xL z^v^q^u6-$9Xy4J*0_tNhR?_daky+eR=EDs!=scgQvM3Fc+HdzcPq)D{xGE`;g7621 zac3pbN+}<_>@_|8yRE9`NHmwzZ(q=+7e_k%B;vxulhefnm|TmzrVx>(Wc((opuf(j z(}2W9ALSI97+WjPZH~!h+eNQ@Ya60y6D?r>7ll#D&2k`!ze<|=_KS7Ht9E1kZO+95 z(H=IQ{?WDNC4x`p*Bvk!&s%7ljxeB}HRe52uoyfnMTUj*Di3|nG{A9My>hATtkOvr zq}F89rCAwY{^n&@_%&D)B4}Z*V~@;wSb0-gM{r@T(uM6N`JEA%8E;j2E;-V-nT#O4 z6fZk8!pdr(XDkzZ-aLg?7GQ=_3s{dcI(d0{^9zbl&4IlrKdueLQH%tMz-F51Zw!BO zf2q2k794-yEms(U#=qaQdn1jIm!x3)Ml>U=o(%+$g1s4B|5e!bwzNs)iVY_CRnW)E z+qeqRjmnhrI~3h~&>4u2Iscv-PqUz3`s)-TSPqQ-QHrJNLrOQz}JQSg| z+qS7?0q(?%s%mqA8&|0e?{4w)YJa&(b;oGN`tTji z=)yx3t73~xp8)0rQ2?e|8QmjQ=5-vHcqb@SmLn+y5ln)0DEL?m*oB zYsTiJ|7&TNqQSttbiDj)+k;ULymUYwC5-JD+li4ZdMRKroVmN}Vg~mb=AkK5dOE8J z8NWo7{qcOg30w1ldX>QPe!p4?`4`6w?bcnW{UG8}mOL zv;IXF9Xc&*JHRtu-lCXiF526qp1+%fy`!tW6bqf*eR+7&V~+#$;g*JWdPtxX;O4Bp zSCYO}y1oAHJuH0RkS4o5)Dc?dV;>8J;M#F~oCsL9`o41%AfS^Z zbTzhshIKi)4B8%pXTLulq=<(iUXFqeFAF?%1$~f{DfB3n;f))p;WnFY$2ueKXE@WW zpCbG7%k$$>d2FWWp^gNE06WR{E?$U!fC7wkwL5@3Ef-i`@N9ZCBTeX-;Q0if7#itq z<|r26t};x2c2NEpFqaIbbt+uuYJsa<3YPq7S{>U@E^yc?zipQYt>0IY_4g7XV2ZlU z?RF4R2uG)|`3-*e*?&Ucuz|%JX<}=|$-fG8DesIQoY48@87a}lJC2zk55-MJ*fP|u za;m)z9PTDt`eebcWxwZ?>?a^@64*Rr-00L;$rFvsi_N+Rr(16n?bvVV=K~bFvDiL# z{SeCZ5|)fGLsCkTcH`n^k`GW;nZDxVf=mGqSI-WWI&m3e+lbs<(>f%b3O&&9d8OP8jULJwPSgWtSm{3KrZ5~{#k6qdYY|^k zam5fnR1)u)l{u)~AtzgK;jhqz(ZmS_YK2OR-UF(q9s?aGbf;WiZz~50BI2WKfvRc!Vp~ek!qGt39@X3qpD~idzfg$2cG|zf+8> z96@4oCGaRl+WOGx%!f(z1G;T=OSzvax@)eE>wdT)klAoRXIW@Jz!}CmtK-g7zF$## zYm-pt)}QGN$s4&m2KZ$D`sC*FdIVmGR1_sniKH@>1J}^!Qsj2@_9ybhM`N$GsacAqrvKJC=tIqOBNK4ZczDo{f&byTRO&M)if(`OU!C zZZabp66&Hl(1O6DY&Y(etuI|E42~Mr-`2uqE@Or7&hlW(M2W(XoU)AQQd~Mlc>1iz z{0>-rFX7Pp^_S*w_P04r5u+}O`@v#g#HVqAuh$jbUD%IMD>4Ejo14LZ>xdLPeq(lW z8V@e}jcLG%`xoAWqy?J$s5L0gAUo5*mv^yfWDz#rCrmgQg+~oX8kh?)BbnT0E7yXD$5ix`ObqsiuXFzn)&0O~*&{cCwH1M~9^qhJ7+7dWn3J&vT z)T}l)FpazfyC6|*iIP~dh*V+m4}Nh1Cr%sH2?y_yl$ICDDWWENDY+gGA;(4A%7f%B z@$8V9>fQ;lv$!ba(7G*PhMZ--$_#u64S+@~+sCNmU&@!Ie+F4n((U5RctGad`JjAu z^o9|FI^j&qW`(#~u{PB+%b3wmcPn5V!6}Zs@0pmaJd>vD%$$YO^(hLs@4MZh$| zU>j{xODPX9p1o_$PtSX)RH-s9-X?)$Z4y(ElwS6XRyx6iV^Ix^A|}VTw*Ed+o%ttAB_)_{eL_L`f&Y!8(K&U&MY(!KwF2tREU4 zq5~oQOR2KvyuormelF^+ zs`bcCY)fS|TKh6pd(XeAnoa;KZt@z5V1WRCmx7`0&S}AzrHveJ>%P_h&GtJ5!AsKE8Mxk23&f3WE%44uFpmp&)2j3PMX1)>`TE89GH0gVwvOs(^McMxV}*^r zT1F1um9v=V*4O%lMySkqyI_r&|ay#Cl#tM*iury@Od`7$%I`;p=*gFM>(r#V2NmgvzwwS!R*gB|F~?Ko5iOUPEv@LYRvViufs`~U7Rvibs$382{}s#jb^>p z&^h2%C_T_^j-Cmy?&jW9np^D5e!`xZ8H5`^3O4J)5VV1VZSYL>Ev8!z z0lv3AltJQ-2pj#_$W_YfI+#k;qC>=hPd<@F7LJm9EZ%RU@Pm!ms)MG zv6X{#DC_-BGZJv9DoSfYOK?(1!bcOPC{u4V=-jk5KFFlC1^y%`HcTPk&rn%xU;UP0 zU{TlFcRYAhd)kXwgq|*#E|72*lq1azx#wAr|?~W+UY5Kc2M?9 z8r8=w!>4OnG=E<#o=&%itDDygqecpp8)H;ZP})FR*lFpsq#eY$9V<@TqlW!?*MZ3s zFj4CP;ROg*482Qko26sJi<)}+2V)d{*gV*=bvhnqiitA4s<8Pt!1BFG>rSA^%fZ~Y zS1*pK4aeWb7qt-zZoSN|;`<#pj7eJ{b5T%|>dg{@UQsgi_?FC_B2u1w+txs*#k81& zAf-*2m;{P${VP8Y_d=r522Xz(^!yJbwu}PTLHH7F(ig>AOU=Q~7^Hcpcp&fND}462 zCnaw%HkztJ0L;CM0}N-!`5^EDJ^hvaP>a-yJTB%7gl!OETkhn3VNWrhm;QDTkeuKb zNco`09U&HT$blYNAbwy3^c9^~Aw%wCCh)Zx?(Y)@+;j_1J0W>8u^+CdyjWmv7(N?+ z+FgU4m8T3gl3+?=($>097*|x$8X7ZL4H5vKPAbYfR;&GzazAvk`)5^@1XK0`bc&ef z>B0KIp)Zi|%fSv|)~N6Vsa7v{cO%F;$b<)Wym!xlQ*5)4LsYAb1v`Boohv#rZy1W+ z&Quy6cwB}RS3K)SIq`Kwh%k4p)G($)CS|@~drut3$xd(k05HUe;n?Wd2xkoUTK(P^ zdJsj%SiBhiANAhk`RLn7m`n;P>3tweclLQs_TT{@QJXEpUu=^jhGA^xT%$#d`zoFXDe6$e;jggtkRoF=tX33D4B{kuM z2p+lS0Wo~g5y2H`RHdfZwLKkWL6MoFr-rrz7Knp^qIWR$OY5gTJADs%0<8OB^%pUP zey>nyi#R=(`xMkTCGIQ&?{yyK$`z?XMHQ}4t{yO8`Z4R3>hK-*#!9iuqa$`w@-sCQ z-HdwH@6e1x0(6)Q|nL7?|^4A(yrXWcVElp#frQ6D^zt z(>%w<+Gk8_bl)+)Z%iv`5^K>bt^!#Z`wmSk;otkp7elvO=4x$4xN&FDCFV(#lH|q& z+XchS#OhgwB?TbfuQb|A+Y1#YW-LuTlOq7hIGyioG(pShT@a?Gnwiqt!cmq~cNYOS z<-aYx;mYhZL?%fuCz^Ik#5PXtN|>LjW`e)2j7pF?FIAPtDk@eIfMfBU;kp_2OwKK( z!KiF6mPR!KL>=gGN3*MRm;#6~LoCoWIiT6AlQCVix^Xf8C2Iod;W z5M6JiBYWW%hw15teo<-bN->HD=}KV8;RWL>I7<75mT<>S?X^O^+G%O=uGGS1xx-0R zjY@sl|7kJO9L>q5;OzZ_#S~$L@h$~`5}v1cS5Qt+ZzKsLCM{N;a)O+$f%^PmVt+!fNFq#ax5|v*qeyui&0_m{}H?Ice zZ~TO&nO9EvV}}Z&jF|RGn2NY&Ksd3%+`c3RjREch}1qEUgpMZY+Xq{c-sxq13>R+KY z`Tm#IyH2HJ{Kd1z)rD58MWy2y|6H?#vup`rUHf|LeDnPA3X}DBCIbTZz`xG3++CuQ zVLJ+qoVW(HuVFLmmfLO0U6#qudZ!{in%ZsgJ(@hK)_xC5z-ha?);L2}qQJ1F>Yz)B zi5)aOum|EcB9Y{gzqHMJ!ck5zcLU}X8gD#d?)Rpu6-t&U^u>(<(>>TNep@E6DSzJ+ z-(eaHfov{-(6?8pc8{j-Zz(>jLaC&0dQcNKU#OcIVD;Qz;08{=l#}PMGLeI7=gx_) zOLoEaI6t9>0*D# zAM-tB9eJVa!8WvfH3T29CGQd5|12G8yV1_Y5E#D>>AM>Et?Kor#l^r=l&Z|daK>id zP7jANdcJUmcRm2WVSPR@Lh6Z&a+QTnm4)6U+zxN7)X*RDpl4grJZsCES8lu>B)vhX zs`C4{u$oUH>9yskESru{$e$Ln9q)fgfK$kH4R3V zpqGcl5Vm2Kh7axVd`D$ti{Zu3)#S*3K7QB`%=A`#U5lY24F-$4`;GmEidOE=Lw-z8 z$&nfAjONIXy2Gg78cCfbL~3(e@o`Ot6Ss50DL=PXA40 z{o7g0$i(oUz)$x73!`HH-(XZ?KU>ErKU>Em4FvP<@%)f{h_Y(qy)AyAc%a)IzHp$^ zgFf5t8OfothRRNl575vcYH0}S*;{v=Lh)@qr#?Dg9*nPazP|?zWx7B1$929P-(t8~ zN_4&+51$?-7~9N%KR(``=X16< z&>!g;yma%6D<3nbyrNK=dfJH1zJFqxnsju#(%tONharXs7)*;HbktNo9G%!Q;j>NE z(~b=W*7(T*qz7%<;|{@KP(l?6RhJluev1nLW%?cS-#K_-8Ocfd7y~|6A+2wmKu(Wy zXl`ca1RC$D9!ZUrVA%zVfx}Fb9$5*Z?#>?{+UR`W9X_6?lOJ` z);?05suNY|lbFov69goEiEXt{_qvKq)Yc1i4uEfLAQY|o*`0Y@;ptO!{S%cc$zNt|=%`Xop#7m< zUdDpGxK{pQndQGb#m1}76WVJ=D_5Q+vSC?+5CUVUl`ZChYT;bMonnqfW>azC{J<{1N+ z$U~?pA2Qq}Pth-`L)R%qh;Pu)$(wHOywV_ul{4HWD*6IHfQ}{(sJ_eVxl*`(AKY-K zug_1_Gn|W`gEfR&*n~AY{1q80Rpz1v^A~|o6_0MC^Rbk@oY2BsVbc0jkVaQ}B7aQO z7c{tG+jm zDuPiL;(&81WK*A^t43zk-Y)&*vTOpzOVvIM|f+!_yr^65q zCd&Z$TZa|PIGmJobLbIP-3E%GGQh3gEpRX}#t(<2Hgl6j{{$U=?H(yahMP0wCK#6` zR;P$`)_@(2=4s4P9?lc)Z3sr|kA0eNaAdj6p!wcno3P$OD6%L;d|YAv&|Lwz@w7Qu zW7`Rxb&e3*!MGr``0F`yUVHce!I5U@Kt98e`pGbEWxJ{O#Y{Z14BDol%$w*YoTdL? z+En?;Bg1QSO8m=M51H=bgT*MtBZQ1%Y!Xec=E3tsp8%nvv?Qw<0jIPJBXbcNM{c;2 z9d?uOc~Yf-5j%+m$IBp^Oi5cmvC7}@pa2Zb%{v=cZntv%_!A$9tdbkF2I8;*S4BVg z4VQqNn1kca;sx1Kh(hLQ^G~4=zr8+;JS{&rS;t5()KNMeax(6_vk{a0jM91AGE=*w z!lv_&8ihwkrOIdC;;sSs&(c9sa@yssro zP!(Mk@gY2xgAA%SusK#eG3nw%JG7GIiME9A*E;ifi*m7;ne(`fz0&L02r;htb`s_J z4+93t+}gWbbn_6(V7W{F2oX3%TJvp10Y9Zn!kQ4lhwL?>GbInKq;v8CY>83*+@ymWe0zEWmmF#|V%QZ0P5Uwl$EINrR3 zo}%+$1=swVi_iU(hc-r^{os)9D6Wb@y*8OsagZi=t;F}AxkUX;cr#pX_= ztcsTIuSM%^-#y0cZCrY;L9pMcpW)Cl!7@v#i0}yZS#D=@dKmGT7LjJ9SB;*aRq^Ow zJc$K+P7H0RBdR%a|HK-NI58Pik`Rtyx2Vo@fu*4=6URZJ$ngmpB>_calgq|kZA@&q z!d|6w={dN2VWkkJf$(VV75Lds9`OTN`&yiTMTOdY)GL+5 zc9n>;tk{g8aDj!&M0~xP78C2Kn#!vQkw-k9i1V|`I1(X2Y4jCOW5G9+OArPlM|}Z5 zkz%bswcswU+_3_^rDzGaJxh79TzCUw(U(=K(kX!n3?i{tJ|V;zDv;yS#GWOLzW2z_ zAw4;y@0(eQ-_&y`=Z5l|=9_H?LD9c?9NdON#PKa~xL6Rx>3D(@1C~(FqIPO-24l3Y zj=xseFf=^6(4wBlby#Oh7U={<9IIQ^3_HH-4$P^l@~?9auNb-U8O~X68ZyC|IXAZ+ zY4lC{p+mD+`n`ZFqIK+G)~^^KnFqM_652;%G|7Uw3^#6E%1EO5<~cC7bE&U`yyJYA zMCAIGoqRymxbPV%n|pL_P45VTOsXs*q%DQsuAtYudgeg(LSG8KFX;Z%(E;tXzQ+Lg zh{u({jhYk%;aSmxS8SVDWn5|u(@E)-;6yGe3p<8(am`glY=ddHu~MZ-ReRz25d6FR z;3b8XdK7^tF1M4&{)Bqi62L}S{&U&E!$OZzQewr9k#NqousA(5P2T9laCJm8cuXaK zvPu?AWCQbeprBvKJtZtbQJ-_ZV5SDU2k}}Gi`|ihXC+xry!(^}Ac+JGTj59gnf;bX zZ3x|Vfdvoim@cQ_x-)!^7=!bu@N~{*TTDud(gfO3&tj}eD&eeluhNoGW9e!!3L$xK z?o`+ruv_C1WKl7TqK5fR@nNVc@I?2yo1LhCAgA>Z=Ur5m7#7)qptq)=! zh0@nx+5d(N6gZIK!9_7y;y>aYi`Z_-MqTHR()=a;u7^hmw(DKn`KmULNa1G0XusziK4oDHiH|8*nEds z<|POwr`8#)?*K$mhe&>@?O|S!9XDtN9E6d(IA>pXoMUz{1Ub~`rr1@2sk{Fk+rj*e z1~XtquEn>D3B9?im1(YPUMh~n86IW6AxFY%_Kv6fxfGo2&wo2xZOMwpWl>gM+TBUe zty8y_m}w=2!wlg$t649GV8J>|$S*}>X*aW-Xm7P&y-zI3n8T@=@M=kaYrUkPV45Fb zTsA6JH=bXq`+Q#qiJ*bjkdReb@YC>8fsJmQA^lbsigsw*__Zfo#zXc=pvH~zXAZm6 zzgO#IYdWA@$D#e2hbRK;G!t4bKOW`ftdVMl*nIwXzZYq=7 zc%A060O7h8cJ5)XMLW{z4AD(*;w5l`?v45oAj3-*L61U9F6TL(zg<61dL>BX<4hAjRJmAf4S;U66FuL)0@`#F}pz+y=+yZYOkak#Z) zR#ALfE^kKC`W&Cnd>@TG_TM+X%}HOcT5_zcMU_>tNVw^bOier$#o z#O?aB>x~bjCqMIMm33(Y{=RSdUE|e^$Gh#c(0qC`yy{KzoH6|rz!p9P7oO)#uFoDl zp>jL*3^gG#Y@v5es^nvww%4uick7N_%_cFUZ3H1i*v0V{iWE@X*OIU zj5|IzbnJ zSTIsXFg^ZD8TPO0>YrXW6BFxyEEw$nj>`B?ubcgUg2`!$MNt304&DZW@ilpIzPOq5 ze-&YoHrhR40mpmY*Wh9VLGtp(O5LZ2Zs~s6XOc8^o^>j`cF85*Tc5|oJG@kjqi#-b zkJm0fU;U@s{}_1RrrSf7x#)DukiIIVYkasqZwE6Ax!>o{dB5xtoU@W6>MJ@#k$89x zV(it(itI*pe#*D!5BKNsBh9jh)hJkR?Uabt5F}be>5yqiSXALN+eTHg)A>vJs)SB* zSDW3iU=aB^drvyt+s@Q5Oi$ulT~EW)M}ZYkX1Guo{@R;)A$67+Op3*d!3@Hvgay~? z-URM!$eb$`m2SivfNW{TSY6sT1fM;`gzO$`j1@&D9y|zJXBN3DVj=u7!gpmLBiMsH zx}|+9R!`QOd94d5$UdI_zpVopi2(|=6_(&N`%u60`A-i!9)yt6U_Z=ZGH2=VX=4y$ zS;IwJ@p&53IV8-fIIaG;u$J?5`Nqr*HSDd5`R@ugP%cvfH=8PG^)?R|?9CjZ@?2J5HJ)u(N)OzcJ)b_;y4&W zEkpNmN%*khpzPMwd}H=+($rcN%)i^a98lelu`6=!a*m4zWDzwdq`#?S>}@!xLyi$; zAKK;!xXc|AQcV%Oa6>9n^`JxM^q|wk@rZL7tIsAPH-cfUSh_CX_>{`NjIf z@RQ2xYT%Q7P9Lx|_eqX09~gEx3nTBhPcH`w>8jQOn9`a{YNkcf?uf#&;Jl z3)(8r}u@Z7=5&rw8{=WH-?hDm`az zw71&@552ldOBnAxPr41l70jcZXT(g2sUa+1o}JN?g+G$1NN6-{D1M?`3c`q?<1rUh z^~*}CdNNpa)457}3{fk8pp`WdDMoJb!DsAa=iWh7k_jA?Qzn^nqz9A|Zj0qCvkcpf zYKaGp9eG)i&#IX(2R56dR_CEy+Zm7II9_x_~$sgrhF94yGsOLW{*q z^1LiPVpEHyQXUMPjQy@RGwC1!H*uLzoiZTsZZe^$bhu9S6Fu^seqy@~eWIgEBkE)m z&Glblz|>^Dqf)%%3r6w{vDQ{%(e&JsuDBsS>(Eti zw()hw$m>&Jm*Bu}E&~erX#d1y0oY_Mi1Bfvo$`SV!@VrsnK-XjA-()+lzRoF;2PA6gDmZp~7L@wCF2B5ubDja-RnzTVQrE3)(= zLdhr$VqTh21wBC&mBT?i)d9J`{LaZ`i~@0jD_TNJo$WxxsUPGH&X>ar{w8>mCkau* z!O-O>JMD<+6PP18A@49={D~Jw0mC|%I4ZbJ*5wvXL=}4C2SnjIe5#av8H$~+Bg6Bh z0_#aa<(pzvT!Xyq$VJ3k^W+esCgCfG6OYvvf71Q67B7lRkUBK1Wb7yM=cr}&+c7KZ zru+-j9VR~G*E(REYKoA%hQ2_*JY2?aF&OpuUv2U*MgqzK&SfJdk*4{+VKh2~v$g6_ zB={8BL*RTfX@-Ns)&z%&x$}Z!5V|#(nVK!whDv~234z)c?TxkezgVB)0KZFl6tJId zMxG5@BCl^I$8>38Fz}4M3AmZhaKI9Q!A~=M=aR^8kfAT&-uDa6^F z043;fzY4=f>BU0%Yv0bLB+=z^*cnd4 zk3976l1NFb!eQSgjEDYO6wG@^#e-2aqd}#n?3tPbBz_9ovLmDspwd&mQV(7oIzu^c zv|r#9HD-uG@*5cQv;|jDI3Vw3H_7n9*8}c*+i5>!HuBc$x30SG z-d9z!XufeJ$q3}GNO8sv`P zS5)3m##t~WIw3UG01_s1*O3aQJRRfzY`nzHM|%O-FCvVM6~b#Zb=G9AoDb?|$`w$b z3#e}m>0_1tN~Rpu*D@Z9Dm~lZB5kjt&&1-If#r^wpNwTlYHGa)Byrw}I9lW;I`ou-IEpVBmU%Gi_%?s|^ z{J0_bbe;D^2Hm6~gk3Iu+T3hthN!%YbG_-`G``pxedQhOiQ z+^V02urJP%2y@LdBi-pA+_b$P+s<5WZl=lchRX_xMqjR6vJW0FtDE8t+}8B*l{edx zeknCmbeO~Qgev1Gd`5EtPU~>xYx(U|zWr^`!Y;kIdt#UgHJJ9U#vwM>( z@hP|(LwA3y0d~tQ;{NNw`jb*13;=AKo&9ZI%0ZQck53Zz^^^1NBA(6pK#yfNodw+$ z&6nxjfT(BvexsSU z>xu6}Ce<0@hDDbo-ixB$!kWd^ykwJQ;guLHBAjQN!lfK;xe?@!XTdxQU`fVS?e029 z0~auGntzFb4f@ijp<;k7was9Hr^S|d469Jd*k;S z649co2Ew1oF}U?p&!qpRJO6F+Wn^Jz`RD#W8WfWK|MI@r|0mv;#t%t>?H`ZDi)K%m zHc=FSf$vHfTqg~DZb*KMGt`gA!sB$Cjw0MW@<@+tigOhm%JmZCH@WwLNcaZIv;F<{ zW;Yg~Po*N(@#4{Xj!XAf<0}~tN`{Tk=4H;cVae5dR05DO_jldvt0|lJ{f86T!Oh3> z=KTF;$}Op4!Y8|ckoAaKVSLPMo3P$gdCyKH!(ckC=Nq}aiH?PbBNDG1Syfp8J7S0AU-wJ0Ab za^M&cN*=ivyVXh?obsd&AAXVD2)3ele>@WuFN_yEB0g*dm>9{K{Qlf7bG8dFuv2Mn zx>xFLU{1Ot%y3d6_RDyHxSj2XTaSvzn>V&ALYdkA4X6v?dKlF%D%ckI1PkhWfA_(gz}uGCqFUk_?|6*bJY=E^ zhk9^X0pH@6dQ`2BpO*5WO^_1^0&6e?G|P?4!;0C>Ix~{_*&hwq8S|rOvQ0)B_6ajG zkdko5C4uW-TE>hqo=7$KmlXb%JzmP=F;XUzu_LeS5n=?DD{`>h<*pY(HL0BFN!D#; z#L^np0U|J@B*TJom-;&}y_3|#R%~E=!6+g8>uQwIEAKlnA!cVVDv>fWbLlxqB4FN6 z4-c#g{Z;qo!1sd2kR%*LKc(o!`dBlWDJYybK4D2)g8@Er(fFY8;&E*SuH(0Ducu^4WUm!i0#!97a5&-S+{Dzl*;|m4>sQn%nX zDF8bI+i=H`!7(+7t}^~*WHQR2Nh=+EF* zLf8?{9>7i#tHMVetw>9bCM3%|DC22%V@4k;)Kymm{p!o1Olv$s@wId0Hzja!OYv8U zZB|rl@h2D=xk=n|){r}>Eo6w6=$D~`Z;TZ^)srC|S1vqyrXm>%Rasp&5`RR%RcK zdp2a)4R2xe2M}#%yj}11Z@4z9N3tCp+Y-B(+XGPF6L!N>^kv^v;h~FWjwecj?vr{uf`WH}#qyW?QKrpEjA?FK zq8t&+rAJ-uijizuKHA^bjlR_@o#X>;PITV6S3(iz=~`oTGFrth2oU1Jf>7O%f9$%fM2b>VBabAH2aUb} z6pdfp9M^^*Rr)HL1W#J%|k)mpF;lU8F8t?_tI2PCZUyCC_#ooJ1QPC+x2)1mwY;&tpBWVZ%^2-JC}C z`>F)`_PYKGd)R4nm8aUCM|TLh2(D%e^n`^TK;V^eF?Jo&qP!>d z4jfi~jocP~jXd;?6$KBzTSQ=|uoTrExL8DJme9zXey3Z-i4nCbYZRgw7kyL~n!8J= zSVkc4ZLAUU%4!r2I!)3F_+7wY5g|pYBde54Byqp;3eIF*NZvHtH!+gE-|{kaxaRR% z-S#o^MkfEo<d8LC`i@yEfMPq(GcW=SN(J`g}RztX-mv`Cyf0+Fj#s zC6?c(y;X0oUgbIRUN|2c;Ex7*t4x&)n{M8ZkN%^Y7e&ji z&)b`aH+-(9b2e$n)Z4f9qv3+hm&xB{>ZfpDT!VO#n^E})UvGAfji?snljIGi~lRYnd0}k6fRyK99 zAo|1)=NilRBt|SZL@tqt78caaUpGEn3Og$w&oGOWO7lxYF$Lt4aitW%u)xx zX2hdv)F9ne(Rk(nO>+i?$rP)N`Y;v)&8fr{R(A@KV`>6E;Qr_nt*ka~)XRvJQ!W+U z@X{(~g35R|ii& zF&s9!EJdJu#y4|pT9T}kYdqh}W!|Kpax002pfJW{Fy#x4}hojWDkP0mr zxOlU9cQjtvJ)oI0&O(ANNv4jF3aAcX5MW}sRy$0Mfz?H=hc*yijme<5fb?FF;BgfD z6>9nb;YxRxG4f;mwJ%_L=eB+91*xV1?K;9^1Utp~jKSot4$8?K3+N=iDI7Nlm~SIC z*05PQtSpi}@O79#&@KcP&(sw&R8+A|;Aj3mnN_aVbDGVJL>1*zsFwcc?FMJ4_brda z4lgl9-<{bdCX7~!@^#tGwOjZ$?f``kp-|MBOE;DfbGW{(v!MkpO|6Wq7cv9e?-<6bJJ2do#>5qp;_F= z??n~Rh7lDO5sc51LTDE&_AJ_w9@dW0-)mP~138K1x2fh@n(&lKwVQUJ%Z)`3V`JS; zjW}T!&QrdI%-h1V=Eb90TNT*ro8^3(k7oDU-U?JAXdQs6#TvbKc@AN28J+9jQtL@q z`)95-Ra2FzL@v<$(@snH1a0FmvsKWS@h{*!oen5i3FP{6f#?sC;M)-lPJv*H{El*% zWKkS{Fkj9J`F0}P^?`!I3-*=?#dc*7zc_&5_ltl)VVJBAEH|6gG^eIrldp~vnnpbt zvXHWkGrUxRi84sF;RgY!ESyI!u#ZkA@RFOMsJ67p&`}* z@xZgW#(v>aw=A~u;0{(R9fKRb^9tH~wSjZjQS%-VXkDmVjxh;(IRI{z6s<3$qrl}S zb1N~`51}E^K^<)+Gl4U_ylW`c(ppcDiW@Nr4&I3(Jaw#qG#vfH zhA*qmKF+V$#jk;jl5<$ zP89d+_AXVF6wjRybD1?-Bk$Re<8iMewU<<~%jUwQOG#D0IMyo<{3npTHPOfoD6Om#Rz7WV^YW%1P z1xzV)+O%`7eSdgMuI}m>{BnkDv4vRF89)Y{*s&A^xb``1qMlS~tfkCVQeUIuU-6fM zYNCKg^X={x?Kv)%IBA9SB^d*yA_cX@0%+#n5%mHF3T?vN>=EM|DwwNCAR)G>chnHpVV89|BEBy_@8h@ z8spaItni!1R2{UsDFX6^;NZZBWZI4{e*gc}+s`TJ?PNo>DXEJ_VSwTM7xbx2w^%X+ zu9c7bn`hyj7{InVY3r`fubX?gjBfpk70>tm-P1=v&bD(lRN!dWPpkX=UdxT6$8-Fi z?yuLIySJM|S6>D$6*yU}9vdAWj6~4O7Jz`04%}RoPA~@F8)x{nc0NoQIvVdo6W2nv ztnD*C^zNizaCieq(MPbmS&jU6Hv5P8Af43H>|8LryLs(v1`&HaFH~cWd7>|{A?w75 zGKd4cW&JDEvZj1twq8s-{QpR@GG66YJJhCD{@q327OX2h`!@&~_W;c8kGtAo*mV0XI9_5${^(bp=N1RQi~YUQ2(H)*(U@BHt;XhN(T$=GER6QW%u$6;IlKlQBPw`~W_Dcfe^U|uwa}DJ zKxaCc%j_Dy$@iPrquN2R3|Dvl<$r4m^4Fg)v!d6$26R5b!pt6iUarDz7gWfd4b1!q zwBin4q8*hv3?tGYRu3;X#R0G<{ve5+By?(Th}G#&u)3@!NTC0@2pnmGj^{}PF7I4wzFhOY_2 zF}7Asj52EHHp?I~vvV6hf6J4>{Hm!6y^?KS3unjSSe~M7ohk=Lv3Q}z1L5MiauU%v zCL{2Xd?R(N-mL3ty)3lEq-B$#Dz-leCs9CEIy7&LScQxES~(hVx?#`>5tD^8qPlL* zF+^5E!T##{?hUepX=wm{(eA?lz8D~X3XRHT5%kVHl_J6;KOjw+&lG}?%vvqyA;-uX z0A)&@>IOe~i=C7N``~F#2eKwBkW*-teY0Z1AHObj;tI_tZJC8zheN)~?@v|mK$)g)DZaMUBEYNGr{SFDC%UHGh~EZ5h~@Qzj3NW5;naq^ ztrU>vd^($zR8Q8+Ql*|-H2HCn*hRdhV}EG@8y3`C5nPa8EW`dPMa;RevEP)+riy2T zXf_57pvOhe=W8He$4!Y$)|1P1>SYa$8(*NpMv~evUa&2eJ(#7V50)JM{v~mjX8E8c z&PnEHHDRNXrDVOC4Cde`O%82m@J_AXh_r9Ju|wJadyf*?heR){(dUo7b6(LOqIP6w zhumJ2+1wCvxlj^Jj#wKV5lOfVQ$s8s^*0;>9 zg1vOE(Aa&5$>wOhzmQrHfOMO^fdyvKUv^&J(VXFc1gbT+(crrxw6n>ObDqw?3RrAC zfaUK=VQ-f9Q==KF3L&&ydO7p(A`$+WM#-`D{_a-tG6lx##%E#h+#c3>hvh;wUeh8& zvOh(bX?$KQCKo)6D~P6j=m+xoO%m4;Ggt3gi6DoopBS~@w`<&p*4;=Xa;3Wtm$D|c;Si-?)*uOoslP7N0Ai{>14)mkf#jYM zhf3Nx4hI5T3v(KNRoPPgszRSn$?-eD)pE?*Gd=bH+wOZXgn57+?_vBlEoeWT6B+w#UH{Zbb}$hQrr!pQ=I=Mwm&+*-c}9e4DIEYGzxh zEw=mulJa`cl*;${sNo**TaFd$KrYV5iuGM}S7M^Xao?hnE2T4gJh}0J%Xal&KQG(< zhzAX=24))n(naF*4BqXE282|6+0$<7;pEoDv&A8ICUdxUAKb64vX^1Mt=C)^ z9dD19)AmiB)3P4|qlFGr*eZ?yIiu7o5_~`)gjjj>INPnawoZ)UI1Fm)_xro(%56^De-kh}Hn8+w38Lu8+glkdXWP{vXItPe^CYAOjZw zqR6iLQLZN*?9GAzl}sZWnKz2hdVu*Yq!!#JpkmEEyX(boo?EcTm4N-E#6i3A^QiHC zY6wgpnvqhRi}rW9G&4P$mNMw6UrDoQ1(ZPMK#y^xv}KH4xyN=NagJB{jYgDJt@u?< z=EBOEPanq{u8cBhA3PfY)vMf8c1uoGe_$q<2;gO@<#%U9b7T{=K^Cgcv3>*aB~vF; z3s4j4%{zANGeA@4vGl~`-a{;(K+Uq1wd$|C9RBiF1lf-3=fuab6dX1FP`38=`5^3>OwROp$m zu(|UuUu~+6sAT-&V6au3xEVaG{2(NX1JD~MQ<=Umb}Y#YFQr4CDR@i4mUAkFIW{;U zvih?G`Y>Cvn5O)<7R#-1zV)MS88V2!pL<;4vl0CS@RwJUm~z{d`#7gQo$m69ss+;L z&}_auhII(Xu<9*ZGv@rRNG+^v`&!%tg#pNv5jKWuk(fiHt)GEzZL4bLFyv5JZnoij zDPkA6K0%ZuRK82Q_PZGnI(w(M41GQ~NuB68Aa7=Z0|a?|EXdthprOdy90{DiHENa- zoVaWAC9{INv>xI>loVjpLyqm=cyhXrO&+5@%e6t6e2G9FibNjCRYdOyniZi&MEPpG z4oMY7rV0yP7ukzMA(1RAq2 zv&5K*SV9ReIB&T~9X)^nzaWLGDa&1zEB6XRb5paCL+NOENCH|hEj4KbUVDN96a0m% z;p0DRg&a9T$k@?qAQj$9#Uvr`)%cf`{D7RoPFA74>|cR+byj{YDdJt~VUP4SP<8^} zCo0WGb5YiUn~EHP9Yh%ci+m~Abm9lN5$yEz?B^>JF;?_;gExl{OUz;O7K&42it&~7 zDd%R%EI@-PWu-#>ru;OSriH`HrrnZ5h1A*ylBE7g4p6esHfz|3J6ocn4$%s zRjkCz9t~&W-A?u8D>ZUbc3*Oa!C9k`bNBGO0vzk>mXbox^i^pwPN6@FYYx)Q?6tlS zskD^sJZb(>6e&@F2LD)zx%+|oxd-|O6^_F{+$2U!>Fg?H>zW3# zQfy_42ewvpO}qJj7<;D}UE*(ByN%WEUTxd%e%oGc+qP}nwr$(CZQELHe`}vF|Ll{T zeX*}9zoe47sHAGlImeif{I66ey|S1xUi2AaSGABngC@ZbAMjtR$46Am&>B`j#w66? zc5#xm27=ltv}sAu__5<)*?;%#ST&|O$GXQnnN`TF{{7nqR)->PmX=idgD#-@ux-Pv zr}@1&>rD6CZ=ePXL#RdBY;Kni=mGK?tV&-N;<-+>+gjp$wOL7stB;P3dElLlb1Bf4 z|DxpvH*kNY%29`qFU0Tl=tH^wd2V4M@@f*U1BR%u`C#t*gz6LLWLj`+W8ctR?T!*R z_WDR!v1xKoQ)5epmSM4sxM^5%eI??eWsNqu_r%EDM=I?PQv8|`wjpW$I)A$#Bm%Z| z|I*2)iDEfRb^fValz_vPUl0L0eyFjSt}H)JX#__1v1%TWTElF5)uub7Mkzxx8?}`7 zd~e@>k1>rG+4zn$g3U%8YI&3MyDWwf|t;T)nA={!Y)6T)A)d-*T&tlDGfMRs69(oX}`a_ot<*~Z- z;dTi-WahtC1PJ`Pm{8h@Y;KI(6uKSVP|p0ERqNc+dqZe+QFK~K!>^oTVfFE>+Fo2W zy)F@}(l;GwLVY%=%C^@jxKK5`ro!wYU71<4K_0seXs!hNFuLZ=Xl5P}_iC#ySCM`- zy8g4J+UO#(X&ofYx}VtW89pE&iQFc?Z#+P5`NCV34X=;wto>j2@uoB{X78r3RY2!f zZC9#wmXocjab0h=CwvS2yH2(6Yf877uE5W1s&QF&q}sW}ve~;hM%FU9XxF09k7BzF zt%Bn@m}tP$*Z;C!5Yyrx&4)kdwGkB%eimWiVh7cId)FF4-|w* zNRx1}?VDNfiJXQ};R^ERy7`l~0}aQxs4biPu(#Z%tS5tt?bhAI_q@Jc+8xsRx(mdL z;3AwsJ)|ccGQ37=eInN}br`}*H|*V0ti$XaLv?+s)3_Kc%zz5V-)$7x?YE_Ga?=OL zIVIPeCa{w>99FKxeLssOU_&_C=pSz=vMi6L!j?M%p-olx(OWcw99bjBxHALQxDdWV z^+J8)A5lJ}UTPpk&32k~CvixW>tI=9Xg3j^vy#G|3EO5k37h=QEQ7qeC~|z4{@KkC z#~5U;DW630ue>;y7CvjF4BGO$qH@J<36u;(rt1#o#%tx3fKQA+Y1Z$Heg92euNU7p z;(Ny!>^w|E7^Q8YFr!VfaVp2L?^yD4V-WHoMvHu24`(fUxv+2DxNH{>BUCFzSgG#M z)0^r*k%U`ulJn>TSm3VPIM46%BAi`Vu+7iKi!|Zs<*c@}(w8o<)wW@v7tKz3i6$T!DQv6S%HSZs+>? zzF*UK`j%E2yqxmo%G}Bl;KVc&+&z5RcIwX5fqp*6?#66)p@OjG|JhrDC!Nw8Z2;qGOJ-pIgKTccbT6>X-ab!`C8c(R)MNg zV@mjj{6=Zo&V9WTjhqeTWSzDED|QXI>r0Z)iW_hFZcDW^l!UKw9Hfv8=g) z&<1F1%ic9fBAmt=%io|l-y0M0r!&y2yyBn=mr`DrE<*A_DpEf*!DibsQf<4iOc7L& zYt>|SxvMdaXUmXeiIQH*7m~^_A`Y37xjO!3d zlzG3bL5O|}1+xWh9teYkxo5z>6prMS&d34;2I%0u1LTLigi+1kJ`0hvIS{snX0)~t}6J0Jlg z-;?pzZxbTPVe1Nw3*#sUQg7^vdD7DYasfvdu=K;s37r%NZr`{Jb0_?V9Zz_HX&t79 z&GsXmSvv%UkWO=j2p&M7f>QsMz1RUU8i4C67!tar12rL7J;3zA06H6Q{oX{f=dB)E>hc>Ae~`5V{4k)Yks%-e5(o(M&HyE{26h>1H+S zuBafKO*b9W1ynRf*o{Z@9l0R0Uko8pJK)Jo-g>`%4Z?eIt~o-0=rwS4JvcKPVHAsV z6brT;2%uj;yRlJJ6g;EGf!3e|o;Ej+PpMfC9j(Q~9}MPg*=B~R47yu578F<3K#J{t1eMGHiFzGK z%l^+P`!T7s|6Es;55{1nM4_w|I+4QBtCs8YV_UEF?$h(^tW+aw8WWag1a1;3+~_r1 zNni_pw$V5nyFvf8Q4pBaI%!ZTWTgTN!!wc4WOKOhI`6h(4d2rEML>Ev|+sUL+)5)>y*6#`XqWIyt z_SihJh6C$^Mm`GWY3HCjJzg%LD+*B$jUYo8>B&Z3+B9`@Bgne+?|g&S2O4M(x92?Y zgHA4L?c|QC;5?v8n9L~FF3buW*I0UkZTS$LjgXvZd^fSO_}duvG#rD%!6$QtI)u90 zCA)4f&+9OILHztLW6G=k?KIo2^Tprd=U+WaoblNg&R*wlL_JO2T}{E>pK=LG2Xc<6 z0$3{aB;`h0r6efp2=>`y@q)#&rX-Zk$)_~teP*a0#HrO0kmB#cB$PrwT;dBQNM7jT z9luQq+vy?i9Vr%wrT_v|dpZG0Gv9#(-F@Igrb%1o+Cwq$TU~TbBF$I+JZq9{JiadRc3f)e zrQte_EpJ8ZTNv7|T6&|KjhVQ8>^^9Ruc%TxGRSG1TZgax0g@4CqF-w^#Z?yHGl{A% zl!G})GOko*sf91@CGH6`?HVpPD!y~w0~Zm2wrBQ=4;J?s3#Z*_Zl|;JkuYuX7QKE$ z;23DPk6%#8snE{^_PrTH;Q0+g-BIv*D0n0`XfN={s=?32%aJb+I`>eP(uBhi$MJp#c09~udWa%Czh3*<@?+-}w0BvUJW1p}jZX>=du3%^X2y@V?(J zFSWin-=nI_`?Eh=JY75I{aGVIbH7BozCZ3}(S5^0S9i&aPgj3-czSofx^VWsC?|lQ z^Y#~Sd!<&)+3=flmKZw4V_mYEGnz66i?(pc4^6u;_YB`_ZtrIp@VARTy;u~nc*`L% zvhnsjH84N%Lo&xHy3~6Iuh>c8N=L7Wwd&6?Ut^6u3dQUYLPBX2GJ=Nu%gwEj!fO2f z)b-@*e2jC?K;+b!KmLP!_fj2vTCDge z99jt$BG1V;ivcvtRJdx(?b+WdS(G8Yl1dujtP*?@f)$24}erREplu8f1U|BFF z`&XD{-Q7VUg7|Q~MWpz4hN8l6fYjle11%B8Gf`YXU%UE5gI7IE=F#p9Ea}#mAS*?L zFPfOs?m4u5q#QDv<_5iHUP-F3R0R4gFvdYl#x4kxsR0Tq)ZRzrYSqg+R%A*nJJbjd zqD)#V&i2@V+$ZA<&lQ|Zj!fbzqbP$NdrBzjDfB)^5g)rgWoBfMovx`BBXu0UlV4;O zJlKklfp`;{G!Jh_OP?&z+P(cERgH9^;gy*v8g|$cbuot=YND2nT@0uJkvm>!rj%5a zgb)g+FdHzqxWgixKFk!JOxQ7jjaG#sf13yo>R1SHnj~^g@J|Y}KY=`=uak**_%2vGz^ux{}oCu*2-qp5|i)XP_m7#&q#Sjpd6Pk}QP{S^~J~j_c z8iy}manD1WG>3|YSP3n+cRr3|9Th2%$w&wBf`d-LYV|sia~NZxd{~i626UNXiI{Rg zw*7FVrw&J9N>YX7HnBN5L*XTx?2wyR(T~Mr1YW06!y;-%gSeLO$VPloYd9VmYnnL0 z0GoG~)y!fM>qvk~LrEbr<^NXrkKK0N?qrs5-9qk@GulL-_!Om%m1J#yQ4~8?NxVgh zTQUXBp;+7l#dgW4>tNj9kf(Ts6z=-o5Dz?;n`JTMyku(9r_vpK#%blyse1c0^y zM!ZT85rih4qcA~&Zb@>b7z0g?Z31cU`uFjj{Na>h6+&=JUT*4jwGF2Dz;aYi?4ZOCRWr^1;9+D!ih(I2CU zEk_Vv^Ge(haRV@&8BN@dvqEs1u2ZFEkJK<|P6t|d#9~OAIwIZ(q6$5wD`-QyE39f% z!U##VoFx7lg8Q=-iLM^pDCJmPsh$tg_O#wDIIkSmooXg7jJP?e7U*28(@*dDNTk&s zvWJlH0ElSBlqQcz(vn4fTkj4wEp|U@f08gKGVL92DSOOIohR~GlP|1RG$3r z$d?J^wi8H2OD;&NM&YWj46fvoys)2D(aESIKsFIZ7d=@1lu>&{(G zty-sqXYzwxg-R{%NMSx#(6uq4{5U)mxM71~Uv~FeZ&IY%ee@0TNM87J7NnsNtO!|s zW{EaKNis~k|F1R@=rcm{h6D(wJVe;`67K@%bs@-Pp&Jg!FbL?_XOW?Xc>Yr z=4I>$oY=_6Aj`Lz-ON0?Bn0$ScXEYHKikZ^*x)_C?9SWmNKyC{ zzojOipNbiX>8RE}d31$U?`Az?J3OhBE(oAocunsWLRSH}V{0D2Mgqe7M`}ddR8r}x+K^<9=P_NB19NdLAF98qt+b}z2zgDRH4FHEjZyD) zRw#7pJmTpol_o%C2U53w2GS0edqX~Ea|m`XEX#ict0E?<*ez451|}S=bF>5B>p+e? zD&%BQ&VmSWIrfaT*)zNkZJ9f7O}{)29DxToGV>oh<$nZ2=>PtB#{F1=UdeZi(CMOn zHy!yRJ#Cl&z>$9Pq5Mo<-@J$6sg~bIKG(*5shjy0D$Tg%Mn0nlc+Y?1OMh6Jfz%Rx z5Bt$y@I`tuKh+K@^NCT%?*92$)un0@^u>kf(q<;{X@%9yw256^-Kkl$tev+RJQxxA zDA6snpvVrX)arnLEgSULto{s-fu%F%Lk=vBo<;OI&+k7J4u#l6$z)J9_?lAhXJiG{ z(Dv5wL(%q8unQUG`&L+AU=D0=ALRj_)WU9uQ-uO1yw6w9jg%csOKcCWYFzVIMF z%mfH4^?M=O!iNH}a{>ivXieNCRlp4KkVx2HNyCwU zPkqn~vjbm{a3+COxtkl`lGV&|96>PbLjm=CWDh4|*TO}l!<8VEwH)n_MhPM+@e z@$oyMT~KhnUJ-Rni8cy6Vhs}Y2kg-8&$e6@h|Ch-b9`ceigrWuwH1=Q7>BbD*nxSF z%tbO7VcH0AaUn!$bjO?*mz1&`Iyf;E!>$jlv!whobuh+_V&)&ZgWSxUx4ICp=PgL~ zxkgw9V|0~>yqKs8fX}`gL2k;Cn*X_;kN7yh1Kvq{R;pD-dFyYWvX1)JImGj18s*@( z?#lObo#qZu9Clv@5DA43&GU~Q%2kF<>9kOQZ4MJtlLn<4MciQ!gT;AgWLrRz%g5 zTryOi3Bk0GB)svGD!rHJo1r$698)75hI6pv%jhA>^kLv=NR`b6BnjaT_v7dpOMslU zJ%+C4jD`hzi=o9SJB;}C#d3{n*xcp1!1cwdo;FK>dH%IPPJQa3r&AWCv8BFBpMYt; z>I0I5T~Hl}BR9h6sUsPnECYj|K2D4S{Hj9?D<7kEyo17Nj^8-B>U72$r<=F%Bz{;z z<-EN)1de&(s(u3=00I63!!5;8&{)~ z>R;1Z%O+}@HT|9=eE<*|#5!qCYSyZcpg-gYFL}=bbJru^!yP-Bkd%}6#-ii(K;nCM^-P^oZoNCt zz@0AM6e$awgn=C&c-f((%jq&9$AG_+v*?eL2Qok);3hZ$merSwzA(b|$u|AVR(a+R z{9`^&F?Cl{S~sBkt`~av3Rae2W8D^H7q6Hs+5uh%C5%WtNSd9igf5voue~JUv~aWj zMQKX2CyUj1W=^IWM}9cxJ6N6@@0JxXiuABkf_?CHoarOX^PwMnzO(f)5HtT_os`LZtqx#~kzZ zh$#D24?+iDN2ktz@pV*JNx!7MkR#z3tIvgDP;9>AQ&}zdnTofh1w*$M;pn#X+}GK{ zM9-7b{}JDyam2|Q^pkavR6;1s*F4ZurF8Q7nvNyg&u}-L^YW3Sp)3*9K=7_8ygd}@ z0)+$Z&xDe(R&IoWRNwrED}JdGe(CS5qWHCdd46J#0hz>c15 z5UgsfO0@{|>~S_g#zqjpNBW|WlnH=#Pc_bk6SFoO{P1-F~LaAr5*)YSNKa?_I}w1 z%G}#>zw~rC-P2ruTfU^vcA-ugz@smwQH}xpQiJo@<6Q(3d+;{7B$b?H+iA62vm&$P zo8hd*YdU&Qx+OBFDnKOk$G;T&6~EZl$oHn!z_(-4hv22KkK8NlQ8E;XXhM@+ z7LqjMj0c182g)FBEkSUwBd4B!d77_iPE$Nz38sGIXdRvBMZI7}7u&;mO+<}h?l*h4 zVWeQ>TiH9{t^`eZ$y69^zL+abu0lUlUY&j@t~nuk5h#<{iIc-NFL};$lC|}syjvjF zy@1+=Y@s~1BzysFH<83+ah9DolRe?D%7NJ!0{bTNIqB|43e`Hc(~@{^!(|ph{;@l( z0If({E!etY=ig~Nya274C#!$jTIIXu50csku6Y5;3WE6KItdbnH#V2N)GJ|lL7OdE z_?cr5bO`sp=I3FWZVKl+H@Ma-W%bQo`zV}0n)Cr?A}(U0-w`mA;elA7evXBV%6PUye==#`@O3+_I*%#Vh|yh2`q*JNJ=i zXk0)T-lc=AciRz0#%YrYB9Cnz-HIv~=d(0#oW8?zv(L6xt4Ol?u$Iy09H0Bj{_sHm zl7UN-YiD0?ku`Fv7WruU11obPjT_uC2S*+YkJ z;wKs1yyl`H_=jTeJ-7Gs`}}Kik$zc8;lgw?*RnHbS(rxE6AAzIUf6=KSgrQ-DFDAX z01{ew*6rSK)*(2wJW?Ylupa_#2;w958ziPHY<0fEF3^Q_HU_O&R^gzaNH?i-?5RV$ zsI4LxuSQ=GRCN!!wQ>+L?T#_Z?VkA4A&L6dzx=L~h2871@y&PFE}vlmAs`bcicQt} zkR@k^VF)DrEQjIC<7udmnuT?To>uD#WzKbBpe^`zkZ+d{3?f((-yH7;5gY9TB3ALQ zMT!M3#LDPDlzj9;6EF(k_Xyp&#oDsVJbjan`n7DQ7&!o)ZiQY@c)&TO7A`&nFCL28 zHeK~f1v4Cg2-`Sz+DweeFrMlgBRpPiD#X^7_?tpvMY5nrEzY(y>-22crjG0~)$-63 zi`br=#l)XF(vNl>VGisgg80qtJ&HIR&mu=tkJ{Z>e2jSCUq-`oV91vs6vPo^Q!I^p zSEp8jSv|CuOd(6HWq*(0_K|09g9)=DEidJk2FwR1>aLMIdYCXc&k{P(%11n=deAZ` znlr^I_>x62Ho0=uZjx;QkBQanSJ({;Ca)(+@#cG%vl>^T0(AkZOv7Ap7-#?(%n^Op zpmOvxBxG6s80J43ld^z^#`;TTSDQ86j?a|YxAUbH$kpdgP4weX1q(kYGn^sHcqAcj zTVHLRFF~AXZ&p}6rYE%CBlY$Mvxqvy6xUf12zgO6K%PM>W5eIc_!Lp~$0NDH?XQSb zbR-i#aR!xXci;_jxsz40!)}<4(FqE0=yOWDf)Y-Tl0w5uA;9ScEL@gbbQLRGEx+ar zFFZ3EVPa_UmVu3ScybP;#UfBvk8*F98TGlwQL@7$hKxbMfd5XIZl}EoESIu&1FLBv zSt@Zaa%WljTo2QIg>*WiX>l(Xx$eLP9BrieHr6lR2`yqX5jlZ0| z!_Ths?WwYg4>5Q=`6<8m(AU4H_jOt_k^zuT-`A1Q@6I9pXWu%fvQt(B0Ht?3cB?!aOl- z>Ma|*05vp)y)!jRhC|8enu}3XJXHOre{va+4GZT&#A|W=7tzwbTO+;j*Axs9QD1@z z?dFMpe|2fqjcTE!S_r8)QF!{6Ok7c-jJn0^5CqTL!|k_v ztaxjb#|0G3$GI9==w?83=0$#QA(ax`-|jCN2MuW&(o76kFZZz3dlB@cId4_ z2oFo)IPQk)=J)~&km?w{C0n`x@*pIxz-uG-Wo19rntW5d$Nz@1ApDicQcyJi{gwUX zH@&h1jn!6(EbZc@-Wzp5l-|0_^kf*-QbbBGkP{n1^Qout8>EW(1IW)ft#I_FC17t;Zb#zk?_ zq5vbHBY2fIfmJ(*BLTF&WMNn#S(vw`WN8u%`Bu7Vib}-wH@^CTD^Y)t)TNRqA3>Sp zg8sVLd|EU#=IsE53NVd25B)&FP@5#}cY&TrKl#06(A<6p@g?%>8>-m%p zD|}F&bkcUo42^+bJCTE~F&06M7jp^D`}w)c>5mmz;&%&HSM9{%Q7&NQ+BzZqh?Cjy?@}vlgZps|YaLbkubb@YxN&>R%WKfIlAqtm z70i%MG@@)$!fWvNqb8EnW+R5KN!`EO_4W6=N%X>Eo)oTNvL&raAUTPn)+dTxa3-NT zQICgz(^$JfCS8sePYVCKb-X2{r1V3vc4-#|E7ak(4a$q==Bf^5F%N3vEw-7sP!;95 zorq^JTCOzNMVbi4;AV5e`5R5yFx}nadd&FzaXnq2!7pT8ESf>hmw9JYz!b%&kY4SN zgfQb+A)K1@+8rF{cyXXdAxD6%Ed{s z{>7tj4x3x4WlYMTk`M(5wY}Rz`l9E7|slutIpL+w5Y-o-0 z(vn{=Y77;+5gBO);u?$x;*^#M#yUrg`YTxk*Nb-qh~$jW-!i^f#0?Oyad6* z60gP7{CiEG3yT@3eNH0C2u+`_VyR}@#4OSv8QUA*E9DkRrN+~yfL33TJgz#%!!fEU zu@O_8_EKFhq%d(a(?lX+lP1cbl`#^@+-oinX_fSNnj=ZZP%JzUOODgZbq)`+se#!Z zWut|IGQN|}t&@NLdHA5x9hf?#m8kPB4IedHEP2$?>Lia62w1Tu>W{)zx=?*14R&`R z$em+-F4rb=FzjedvX`_eK_w9&)O%A}n%R~a&N!M#h%o3tjareJkmd5OX%-EnDB4u@ z#ugw2*`+opi75rUpp#2Yi1xPpA>myEea6hmmY!%9X`NJ=Hb!!@RJ*}HVndqAHTo$1 zB;mKDzQh79ZuR1vu5!9&pvs=rg0|?GbC+h&lim%!_i5IejeE2hMYawq{PcajdiJ&KA$B@ zLL=9y70|YfOX+of1OwAv@}z1oqjs8iM5SD0o+kFitFOr)1)b zIT_a||C3X?Tn`Jq5Rg@z0PZqgV_i7;4mWG1nv$oavZXv+ex;rl^U~=Nr!qzqM@mhC zN%)N6tK|WMkU&UJyfg>v%Di2nZr)OW#zjI6U;2jIv;W59>$kH-;@_DxmhjOwZG@lM z89)_cA}e)PSi?pO8a%?}%Dn0^q8O@$TJ{PhD-)X*`K@AZ!8LB}>0VZFr@+RFPBQNz zFHbqIKmA{wXJ!(MYa;_r=NG!~&u`=Pp-j(-3n;C1kz19X(5_P9YJz@k4+Lw&WdS~V zl@^Y8z;}!|lE>7Y8g*Ajy(9~{Qx(HbtPWhx@r8Uo4J$f!xv|$8IMZDr9I|sT;_cp_ z;to!xMoyP)o>zy_djraR|0roUU$MV&Hw@vTejeDD8K8~mp;ATMn&WI1k|kg-HS(>e4b%HQ1^F)wqb}H(fDU+)Kb>gwI+u;#$=r;gqY6t};piWl;2TC!qrdnf zv=0Fem9>k$0s#D($v!bmPm@dNp*`Cx)z?^QV$bJO(knN>1x8qkn>!~p7Vh1jw>121 z6lfFh!zp8o0X%Y$2xN#mXV%xAJtNm=npa?5HZ`Jswul@z3Xm7l>Zld-BTFn zOpzRSYo<4&uQccyFAH-u&~}!qc9%>qI7s^iCHr z?5?K>v^V63D38>1#CZk_nsBU5RAwquY=?upIoEf5o#-F8!JmA^3E0|^0I@Z8h#vV@ zDjBU)Pp?sC7rEZx?P$s4jeg6sPS_*tUg2Lm0S3g|sOD>EqX)WWgw}1VK(NmS{D;>` z*9x#&tP0XJWmigq(XxMiH0HRx(ErZXNjuE}@YvH5ZQU$@j5h*stJ^SCSf1w`{I8ER zsVzJpqpyN<yP4Jf4zhFs*+{N6#d}~`F&bNWvePhw@15A>916TuTzOaZ}%Qc z?TmIIse(l!ubNo!uO>Qqm@OdwHFj7w$)0OOud`Dyv&Z|-mDR?mBu1}Yt4f*nyB~xV z5p=6#dwpEQFYw=zl8Gx#u%7rvYggoPeW18CcAkh9HSYmVBGk@**~$ow*z0ViSO ztI|L%I!S6RpF(|QTuF4J5fowT)R~OV-z+4l5N}KgA$ENAe`&k?Jh{k|>CihP=#hA-|XiIxLe3WX4~)kx_8DV{|&VsL>zXEufiA2}hvu0N-q zF`)V07Exn25)feUI`wZn21jd%Wt8U)VAt0n^inQB9w z2Zd|2kG$6^X}9ATbQ}u6Xu-+K9&;;E4Yz^#=3XD;+}MI00Gay(WQ$5ELX*6%Cf|gbZ0nB5 z{b~@q8*M9AC*$IJ^x6sgW{H}q1F(#2{9M_LnxVpqm@6H|7cr}Rdbh6Ky-{Q#)^XfO zSFzK|ZUv#7PX?Ite8j{Hn}Cp$?PQX}9cZ5TO|d9{Wra+`y^Oi8zSMN zf)0vWJtze85=owKI{k<^I-ugTS&$0`H+0<4h^@Xs<&E}(Nv$Q0$YDa0J;c>_g&x&c(#6VQpNb+#uN(Q;f<2QN_c8Z8*J2#Dt|U5c z%71DRjE*h0wq<}!WoKB%=h%)Hbk0KfK5rwA_ylG3;I{j)|40HE)h{>rANg)gIr=ZQcv1jqiJMksass? zkI&nz@V|k95_)gNWUcSd-%~!VZ`@wgRNbGqpp0T@geBbtQ z=g#*`t(GUU;gT!qvTLd*=^m>avK)XT3Peu&^lsA5K;q+o;VW5}9V=V)AojhbzEI*^ zVkmkI(|0EC2wP4adL!j5R74fTd}%N;Zoqq%D5fKJhi7|JK^fSlF%1=EfPO7EC=*@9k?%sifw~%0z`G(0w~;t>??~ zkr!mW`di=HA9iDv(~OiJ93(X_=+{eL#T_lhRlGhAtthxyV)VeMOocJ$2nSse7=Igk z?&}wIUt9`D!SDh;>_*S?bAE>m>-!4AAXzAm$!e#x1aAJwgpQ zT1^swArDYgrm_v@S849ovLb~huiV`mi(3B+W%R}T2rXolThD~)OvEidJdxtj{t`Mh zZ%;qJ31lPz*DxH8OS)hcLx7v%Q@F~ZA4U-l?6e!>L>L38?g2_kEs!YNX$z#?i(P$x z-Qc*MtV|}0%h-A7DQW045ZCV%%32394q!&Cp2Ff=kJd~N`k{}!Q9J#ZIEMO$8wmbaE%zvR$eGH-+MwALSorn49f!ap?>G6SyZ zU*0$9b8lVA>BB$fumCD|e(u zVo-cA5b%PFsrSYfH-^O0(?`Ut@j7L7E=%S9czgLE(uAn;qSTi*SbpY*_@8$2YG&p|a#D6Oz(Ww#@HHVz6w2o*aL-H#&?-^ z(@_K@dp2|Z@kkVl!?ndggWUj)cWMpesb=URkz6sPk#BA$2d(i0_GE@@8zO`GKEXEk z>$c?M>iH#U)6}gOIX~$^rdf>e9_D#gXG z1#B3vj4aUkj>D`}kd5gm`ZOkD_VyJSkQuz0|dhoQH2Fk2Fi`BopZt5#iK zYtWxl1udT}E_kOnfJa!H=M;`ym$Rho{qRg;hG^ss$3C25NPj~E@*F&q1x04nDyMX= z$mxqe|Gm{YB-D)8SclM{ztdE;gOzgl7~-dy3!Un5o2Pc-s#S!ky<{0_$S<#9xY8nr zkWOKc8%_+|{h5xTeeT7Fq_4)QnWbd;S*B9h0tEpafB%CzWUf67jLMoz!WBW_H z+?MeutZB;*jf90HpjdGl>Jq{-TSo?TDST?eli`!;C&8e^s7#ic=U6bo;fMfvq(cuh ztREnMz;kt)w8$+Brh`T0UeN6#yDH^6SEziVp|)(Oy2}nKW;5?_{H2)PjaU@>5nPY*{G zW#+9+B$KY<&0~mNJ2N-Re&Uml@h~dsvnT4ogw+e|@R6O{AggB>>5$?rGl->w%Acy? znFWJk#;i$x*x3{zvxHf%ReWAK#)8p#!F9@p+{~)wtY3SrKLCd=UyY0J)80K-4ev;} zmg$W$efp1$T;5LvXz#*vRqWDT6J^!5JsgxV(nj{-6u%V2@MJSmeBEZz>1SINFf?)f>$kxU!|bk^ z%SQe>h_xB>3HUOZ0y1t@3VwmX>7n{E=dxz0FapZocAX%OPhzRh4US;-d#;NG=jXVT zs4OdI*ipr1s7tI@-!1i_*@zgpgWYT*bN!IT%o>#4-1y&zK#8sAliyCwv^y$oi}wlv zpqewpfvsfq3IMmZ6nn*5d-L&<@e{+dWVqc#GVn1WQ*sv6>izt6*ygoU(9zR6&wJyQ z@DLu@mGSXKrn<5xdrV!K$xo9~;l~BBMeskRGm5CGsoCF}xcBYVvRt&anofq@e?Fe^ z_4Ji)zi&9K*ajo(`OAx60#aE=fCb=sU<@+VR-;!sd5KW{iSXYZfCvImfE*w|Dnk!m z()nHPHJTC4WYczg3puwguMmKy2JkLTJa|#uZWTk&#xuJ8Jq$%yTPsLf1>_RT@gb?#ow%`6g#?C1?mj{dX;fZbAwr$(CZJyY+ZQHhO z+jer2lbe~U|E;-o=V4y@rMs)Ts=K~#uf5k^zdAQzfXlyL2=LXoI_<3UAxbCTzswq~ z(l#Q(9cMl=5^4X8u}te5>6>zG9H)AdXB?RgEtKQxHCQom7AUKcy9MmI(5Di)<)`pI z{_e$3d-nb9@YVwb!~{KFoFmpMDz&9B=4Ma{Ja_mNVzjG{eSZ275sC&~{Uo5$Jpk)} z^kF&SmhF$BjW9d<8BGq_P{yj;(g&qnadu?0KdYa6tW(j3*NYLHjE1t-SluNq$NyZu z^&uz*XFv0}dYnw&mf*0V1BzB6~`Vj2z(4)YaEk^p7 znV^TjytA`~ghnifXOC)kh{6s|Zi(<)p5-yxUW0v1`0zw%lyGGp=P1kQXaI?I25gyT*sS}&;SK_Z=DW&B`b2n`J6Neo& zZadyUu#U)Rd80eN`mE$M4HMm4%X_YaRN=DC!+FHFnRE2KGIlY^wmt6k`Cc{_c?@cr zdUBRZ-%UtN`c6VFCd#v7d$)&Munysljw#J^Hib-e*gMA>08w1^<5mggz!to zE&G$pwpaZ4w&!c1^}VdnVKG~8O$$@@@cU7`8QDt8ICPcugOzU;P>l6^)~nB<>?r<4 zz4)vVZzFp?9TSSXl!?X?+y`PyJzt4|*;sw?fES2kSF z^#p4(7gd*8dFZz67Ls7X9(PL1C8DgquXnqN1K-$ZiMdbbt-rZHpXExwgGw)+HhXb% zdU*VtVi(5)2M~7u`hGlSascjpJ+4A&pE7AL71cEM-hm?PyfNI}roLC*M|yOaGX>^f zuIn;Sjp!^rezw~E_Hh4txtsKqU^y_f1=3DS{fPw&z*rLLei*Q0uXb#D5w_x)#?(8< z@Z$xSdzP|8fVpE&i7fItcW6PYW8T=y_9UEG9+O+*zg?;V)2v{728iw8VToB{q|uEk zk(e1m6Ei;SYN8vJ#tKtvYayZKY)2y1`b!Ca5WL6?H#3g+jxoY~PY=wKzM$)lYHy(B z@M|4T7I4v97hDk>5Qmg`Ouzl<)vlk-t(N;{T4W)KErtBJImtvE9O8#sc7PMvUDtPP zg~l<^CBXemp1yTBmls^}`Em>M)Bc;UHes7D@lX&e5;+J@4ND_P_*sQI%B_3~stKaW zVKs;>K2?wi`m?|L&aHc->(#MJ*J;TN9qU>w8U`wCpidT75=P3f1nKf17)rP%EnSY# zG%qD3rvZ?uc_N9~@C?ryeVpT!i0;mOOe`dd%uN6ajaeK%U-fBL63IZsm*#wg%#_|_ zbp)n~VMwZN97DeoDnNSmCQ1B2e+S7nM0cDRZ@Tn}BJ`kf6*INA9*v>aIsSnFur$b5 z>8-D>_8dam`^T@9J|TiREwT#bL>h1y^!3x=WIxWvS{;c;O1J%lX}UNV=;V=OparhG zA2Ijw2_@Gb=8uxSv~>avvBmFTirG=rs7F!8`hSo|G`2asN4kZeihMV zPTGf6zY~UBLEkM`5wsOH4&wv+K-q+d0JsszU9fa&fl;VQE9fMCLvbrEQCy7xqk|O( zzo6>*+4S;eK0fhm8&X7jQ=AT%;W}S%@nG!jAiaSx<+?Xf2*DY9*hiya4T9!Oot5R> zQhQ-Z$z|l4_DMQsTPp#(Jhegm7NsLnJK5E!14Rl_`Y#5^+3Clv!~sTM&VUi8JK|P+ z#ijTcl&5<6*v))Nr7;_b)u45mHd`=mNfkgi!_i;A?=iJgpt$gPVFbuyV7TvaAJG!b zxo1~K-NP2(M-GU04X6X}=WJ`@AvU7|W+3PYR+63d*|6kAp6sCVo1^6?*BC$4rvnlr z-Q#A1au^7sjodxo8Lc|4AcJj7Xd{$K^Wgj!3XT}g!l|aIst5kAQTijzd&}GvaBWTl z>d%dR8ekWC*_VcQ13PyG8g~u*1viiO=M|hHVFk-^oyaBD^si!C`nK;0z2j90PVFeYs&?rM7_O z(rfTe{_$^ZZjxGs6YnHji3%9~p&1&sW+9XXin11d zTEtdq(N~BR<82I!nrvo9O|mK-F9d@=r%S}TgvSYyQLe$9Qv(aMa`+QO^spF%WXAR= zdbd*MEQP-k!g~%OsI<13gT6!0!P~eQOHm>me-G#x>sTq>vxli@yZr|$)WY&305;DO84LB&9h^R4Cdkx13o#VEy`HR)`9CzgSr`) z4Gq~a?+CvnHRkaU5w%Jgf9ZaxDqI>NYQw^_5z4iJ%3$zBgBi?w6 zaep2TLde1dsn3Q{ao{xPP2sMj==(5I?2_`#mj%2v{9@PGG14p8>Wv$mPLh>Dag%1v z*~i^$(1!`b-dyK+i0|f8eMuyCnP6-(r$gDu*X$zU{5yQPc=*W11tBH0G039ws0!Td z)@(3)=8ZZR&(3qwLk^D5q|mlCz(?M~*((p^&Cuz#DjVmhITF71ZA{36_bC=*oqrEtkYjnIQX~DWKIfI6cAb_KnvVrwR;>w(-{oSANp_%v1Ml%_JAd8t#nu>TjO`2V} z&FFbIuYtYggd2B>z}ET-ZLQ&arA#4Rdmp`%o1H@BuJ#97X*-{QwO4t7Gm3;u*vm7n z)`MRos(w-v8s&|U>}bcWg2C;aq+sqiMVGL8SteT;WC=K1xZ2{kGhY170(F+WU;dgJ z-n<%~0;)<>XKG@FVTyem$-Z&xNhz)ju-;cx0w9D@Vaa0*zbx-AgcC#Q_gRO#W7 zYluMwTT_US97K1{4H(+o{&NbDr;IO%VTto-4G z&TOWo#M^A9f4$RFXup<1&i%ICpVMEbIZRuAc1CJRrrvm5RB@P(dc9p0UTQ)@9v9S{%SJ%o%-2rDg6AN^$3SsyVloG&xT089I%+Nyj;978a!?J>U= z7dvXyMmAYj9T6C*f%VW-ze-Ne3PzOBk=Rb;oI|l5jTg4Dbkt?AjmGvxr-tR6n?v#_ za=Q`|A0HMJV@{iaKTtxt55)F^&jSY2Py-WJF)RY-RFyblkY=m9?F&bpFiibwJ$~c zH+a1{&6#-5>jN%Bm(HxNu4d0ssZc!!pq6QP#|~-F?y9z|`&H09v}gwypJ{L^zAtrP zE9SpfEMd*2C+V1OS5f8M%y`uXdBGy-;%tSs9f1l!eIoWfo$7au=s9dcQAf~O!=aWACR!k}6o{;8LamL% z6~vG#E;Ts|C8D;?Os}BP;hoc51+1EuiD#>eNO8);d3r*^l-(D#{%&@yyL+SHmXX>w zkR`11gU}{L#Sd~ue(%GJnJXd@hW7Xii62Vr*c6>Z4+|kcjOP=<+jmeR?<<^>Anzk& zkSQFs4>ZJ(LGDhXz~VR@+iw-<^;9ROPe^ky?!y^CHaQXJVjRf4;(q|({8=*8yoA#V z(l+^ou-0w5PrEn@Sd&|AZu)@V07`u;-*j$W+gLBwY-5p<#-f0E@P|4-KOYKKC7<0% z?#OF|w5&8=AW#SP*Po*d%Suwj$`WgT*}N+g7hQ8jF!Ac2e<%U#NZDNIu-l+rul(4= z0>)m^1wLUsVchH>Qr%;e3zTz@Y#sguL==PZASg23($e*^#`l$E{JddxpcD&+{3^)A z#_n|#0 zLYzojAlc|*yZ~qy>*(=f4dNTAyb!&H_Xo&Q6a(H8iji)zZpDW5;@)OMZ*Pmj36)$4 zmEEDm!yyq`Zx(pNNZC6g)^vt_cbFn)ZN{9V*2X>t*DPrPZ|sC+9iK@+ss|icUbDwnhIJj--xiP5TP97U_1h=n>iL>1Zc8(0D$E&Rs6x^ z{Mf_X1!TNT&Lh@>HH4$-inEYH;$_bv@}#i0hB3NwJ0VWH_R(hy6>Q9bEL-B;T5)L| zrf8Vub**;=Fppr;f6XQ%9F0-rkGvx8Ks)8f3L$P$Iz!GM)d>J{%an5vGIC;K79j;A zF`Tf}4Y)D|LjZ3XC>si4t+5!oXt<0`HQP*270N!L8J8Ao>yA zdnAzy6he7nA6y6P20X8p?eb#{+QKA~?bISPyD#}skL)Gq4~S_NiF0`#zB5Pn*(nZY zCaViUUy*?8i1JLGtK_5@1yhd`#!~~-&cB1q{54#|Z#NtxJoNHq37)7F_ES@ie>P1^ z!8QcUYgUoB*`{PTF9zhG6tCe#wEN`8#;`A_m)zA}iyialDb+h7!&XwRC71-~Fp<*q zpq|0X3jA!1d8DUTLOkql0EWVT^S}2)hvAJ1_)94FYS?l>Bw;$u-uak6Rqytcw?DTs z|G}XkD4j(|%s~PH1H4*im*pcan{b_(Sm#tOIRb9f5}gTS?yCtN#xH%pRz`z8e|-@( zkq&Qkqqs61h9V%A4<$4uynW!Mgs@ZaJMsbRw?^u8(4|>TK5Da&2i#cn^5t25nS6Bd zu$M^{Q6kf;0GuPd^&HVXSMCxoIVa-FvdIXU!2+L}GvEQvQtPN>geK2Y2IhI`*BepmR^9D@$=AB0KH@h}jG zM~ZT9Vl#=b1F2BCaG%VU;Z%C-lfZ5v{vm6RvA87qGc!NG3(<+VQqoLudxYtCFn`!2 z!X2q006k?@9itR%j?fhn+XjR~s6{L)bpb%Zr-alf_kw&C;yJaJ7H`AZq9`b9RgsjO zm!y&+ElQk>ryHyKKzMI+L^N@)XvB#L6?r;r(wv)L?$lVen8d0Rdb*1kvy9MyVitrg zKJ!@EbM5TDB4#)`@TofF3U1?zN~pNivXs90?J=N%XJU%ujbRp&qfWv-)mr=+$C=^c zhNy@lLHHUAIEyB!w()EqialUC3}6cWo{pd~Ti5W3P*}8R4OJS5jS;Debt<4i^JGt5 z$YbYgenz#Nr=p!Nd)w-?EtW+f*%8w!Cv8D=&bcew#@;dGPj86U=W-sPd zHc0O=1N9Ys*9#JPL*?n${u%LR#s9d@DInZrw@gw-9sQBxWvPQ$C zZy*RTRacV5_nJt?+HVw1Aj)0@V&JjLhVnGh#kbvqas45e$k4#hikP^^_0a-f`xkB0HM`_4N_Ip->BCu$IfeeWR<) z8kJ8?b=mlcUY^YxkHgGVgWugQm6a+LAx0W+-|WwtC-PFDgNQ-nn5v;$p~_c&AuK`G zVx!7u%CEiBO16#3d7~yo`-5h}i)6f>g3dnl0Lj)`Id(1ez363~YnknzZGvj-+Gh<< zU`8<96HDweCMCT7R&I+CE2YYYX_(7xt;W!0{gZ$b!yv~=NU1fN`CsaUb=!=<;ov=N z>#w6zCW^@2)o6Q3A#%8W)cR|;B{ow6hQAxwFZZyEv|y(cloI2Rkg0ORRGDX}GqeFk(a9C5 zdt&>Ep86%po7Ea{TywKG8#Y@QA+INYr<9cyjMSstUuXdbVV{rmHk*fwuFCEQnFLT( zt^~)jBk!}Fj@;5`%xFEe@er!Gbl(_5cU=DB70>`Q+l=?Gt2r6+T63X6mCZsUs}3ZA zwOgniE2n&;untKBR>K0qK%C9Aw%KSJ(Hxgxv!ON-kT&&IUlZ`$$rP8CuJhYU^OYZ_5qC9T`S_l$7y6 zEtx5wMoN$T9~}UE8`9MOUvy(Tf?2P}R1OCZU`wtz!_&;(fV~^Tk{uP?$x;~rO7{2H<<0%IEYQ|wBCx+)*Vp0GWF-e+&e!9s1oR^Y zDM2uzoc9ZN?lUoTF4z4)ZW8)A6Zh01h%4_TL{=ZedqJ;B+BQhSZ9`+WJw4ldsr?Y& z&R^fx2iMn2NlMUyBngsqb8MFVH+SS%=OoJ&Z$Ebx4n)x@{l%|OKwUEuvSJI!H}I*5 z;(V+DpC>$-h|_!SKnb)r1awn$bNX>K&IT)kTNSMN_&j}ee-rHi;jp(yv#bRH=0MCn zz}W?I+B3<5Eu0^2R!LH#d)n^bZO;Lw;g}m=ZL8z>c@J`g-}oG$Qbs3H^yUjaBjbf- zMu2pMla@-Jz}n{^Jw5P*fmje21XF1ovG@d#bwSL6A#oi;a)_R>Kcl8&btPqbwIHY{ zhoG=2?}hz~vs2u#SMgG4SflYJQHc?H%$P!?gakX&iV24ijJzS+gr99exH9mPbD-b% z1tNbJ-JeYPxUmp=;Os;a=SFr(_<3B)iKe=3r?QDRi)Qri+61jE)Tdxfh;V5tji6S? zh~%oB@MTYMrai)(jGycabcq(KeT4H7?d*sHQ5)SbWBeTa`}+&$=E9< zQO+FJT059)aAqzF9n#=joHGfI2kA+f-(FiBn+k??>eqaje)kVlItR`r zpuAUus({DlAf0ePanM-q0ABxs8y15#0G*!pkhM3=Oo2_;k{&NBJ35*cI5c zS`{9Q_?rx~a`ySNVJ|ubN`LJRWYQF8twoS0fu!aKXgpGgNRKk9*cUX{DgFi+U5;dY zP8`u1aye)}N5I@AfSm??IG`DJ4H7`EfhI8>N80sqIo8eC?B-~Xf;gN5Y>CsuQRsHa zX#_d1rVc{NsCf6~hA4AbhJnxO2?Yg==3+#`=L6x}F13q^-2A@%p2ZNg+E~QJ4Cn;S zLSbKLRcg$ym2_XqBxO*tE*PgaS9SN|F6Te84VFQXGt?xNNjec}Wj!C{TfqmrhgZQM zHP69zuZXh;BpxtWpBMEi5adhmX;cVVcMk;co1%kIQRm|URZKD(J@1^)-qzWQ+R$5Z z;!y@`{H@JQXX#&YkYl*yIFbPlrYiHIMVMOgqN>9e- zH`O@n?$uf4B9#;pvChj-IE;ToscB^OmQe(|ECBgH#&++?><3&p3YD{tjc05XDN8~E z)590G1Bvcv##{Y?#B-gln#6P+O!n*SQs_XsCD*H-yF6Q>^35cy#3B-LMrUp$zNtsn zGWZg297QCdpdUkemrl`NqsYwD9ZWo~v49AZ2aYU90Lqr6*`yUAR<`mgy>YY` zVnv}u&4%U8qD5lHL5vh_=^bx4;K`dHpf~0`ytPTa+*Te=tk;N z`Wk{`GE`e^lYS2FYU&KZaIVQ%RcVVT2osCNzk4Kn1ChsRhJG0VV4CE}$OtkA_LZHS zO|c5+Szw`{Y?Ld)+TR_CUkAyVe-onwVFoX$mzSo^cVDGAr)Vl z-_MU7O5NrJyjYtoQK}99Q>Q2^2yGiu$p*rE-5{V_{%+`q?bD&*^Ygr~;16x1X;g_C zBy|zJZMW@$R`%{(2ibHg1xBB~_Jm&8!`n2l2W(B&9n*M0e2d_SIjqpD zO6henk#=RE`UCFBHIOd~)c589C7$bamK96h{>xE8$L=qydu<}XJBPC3)ip>T{$=sQ z=@~J3$;)^)h)i7V8iB0~qV~2R{#mGEvvFsTLjls%r#=nHurP0Ta31KzG01#LxJaQ_ zp1}^n#W1fDA7Tm4sOE*vLt1`}BkW&dpLQYLw&B?AR_@X&*ZA?)>$+r^?KySMYE&<+ zuem}|xj%@Q8C%QUExEQfj!i>aI$uE7kY?T{ow6$0?G2SD7kp0qtev9zYHk&>Wpeml)>tA$s&pVR%rNP4(vj9NPjRbL&${tU(O0l-j)BRnv;2$$cWbV^(>@M!# zkJ8EB0Tq|`Lp-?ITR8f&(fb2|{fO6Iy}zF)w2Q}IubBbwU%7C#w{X2xXzZ`-$xu_E zcbm7pJ5Th3GVdN87EGI&o+YuR7}!3bPQWaGu(+o^+bDSSXlU9zy^;3xi1Y?an=+qe zs5Iqu_lGB@)qIqIX;|sJnRuOg-SoC$bniMaPJ6q*i^ma9@-w*^Pe9-zL35{sy!RqD zrAHP;xPbw1CPS_be2lk}bL^Z}b4Vz|52+RQ4x!}ieXw!2DQZqZ-3~ui6g;v&E@1Q21lM*|01*XO~Y(-j_Y z!W+ksjMGE3ImKs>@0;z$%kb|QR=H5Vjonv_7Rh(VDmmI+(L-BD&jpF1%q1fu4 zmdid-b_-#67K}<+V|yAIy8I1*#6)3y7wR>9?H*mg^>W`%n0AC&IgX-9SMCZ`SAcP7 ztXblmm!*m#Xa$Cd)q4(&+3*k8+VjbXeMlC<4Oj}y<2FIRCHfQ$i3L+Ka{^rXQP=9o(fZ8L@BSQjfMbg85Pzby#=!(DC(`I_T|W~p zs#E`SfI-JK(Xx3p&K)*VV59IFyuz47eUTSs!}fxyV;kgxxMv z`w#_l048DyxdjHZbHoL%e;-m<6hgk#xq*O6Apc&7p3L>Rr<|X4y(tfMpN=RNRBT0v zYXB9K?7EN#-^^Jh3qy8r0QY?Re#y@9!Y>>ebt%ZYnfYC!{j{MT{xfRW31?okzr(`; zsX+lLBzbQ+CkwVme)M~t>fTKm=RvPlgnC5qH8^>OaCU`PK3lI~gg69lQu}i;$@u1V zI&^W~m*mmEc2Jxe9C%1D4AkIJBMpJ>DnAc~PH#QrLV%21td~{!=8t zMhLT?keP!Q?`Z8nNSa_+!m6-~gAhs1f%#vch}e_ys!p~KeHDi&qEImgHoo~%77#g) zAf3$A%oInuTAVpOgLNuiWZN`a{wND3j`NsajKqfYKJ>79t^SelC5hT535=HBNM+OU za$0>+AX|}jTK%Uv2&*XKWmlY_h@sZ{dQW=8!4MfH?!Icn)M~#5Fu20;@6$kU5^nmA zC7BXm5PVa>xCDX(BXqYBGg!&|+e(YgVDPkwU^hz8I4Yp5?~^n;>TsFz=LKTNJk=8e z)+0F9%-Lp#>EN*7`fzn1V;v zQ#UB6TQ%klVG%FoctC0151?SS$5H}FkHJbvI;?CGkSqIU1-j4EL8s4chLd=}*XwCf zy?X_1Pux=~ktea?x{j=QQ^I>Bnqz0U8~!>jaRa3@$R1nuk^J#?GWZ zN{eoy>H>A!K5B?vF>XZgDyoQFF;zg`C|n((y+Uv_N(CEih*%S{p|sj=XH}`+WAY5U z*v$X?nyuNS9jf6>P@Lx6f)r^W+*AS9o`&YliT0W?ts;e_pE-c3nX_Di6xu)qv9rSM@jk~i)@~S zJJ?N17kLp&hwt73nCmNmP({)vQ18o6p53}cROn7Nivtpg3HEf#qJD2QJ)8bw>nh0M zV(AFPKfM!+>k%nrBEEXMIR|DKV=RygM>GVd#L@R4o$11Gq#!LdFR@r6jGNUUtk*Lu zJ)fUrz$K#fn0c4MZ$IS`?W*@$G>@Kr(n3T1w4@ zoigMq{f(n$$KFdNf&NQzsiLC42<=GIZsQO#-)vHjV$DLwLIZ7A4wV|Q4uWd?tn)QY z#B0%bIzjpT4!6uIxO;*U&c+;(&hR2Wo!Tx+Bf#b)b3ttCkc;5C37*f$0(4}HK4s>W zzRG?*hs;v{!e{~^@zO#=(WdaXlt+xYmugLgO3{vMh&;Q{EhzRY=*%WLmi4d9KL6T_*tjS+bO|plg0=i7t9^J=FOUYnAtK$A_$PSZi&-I1N*>dO3 z&!qs{1cj3Vk(}KMLKo}D(q!ms!Rncn=K<$UTNSw?_KIXBl*?v{Vaw_6BJt)gbvJ^> zF$Ea|^~ex=Wte>@xz8QGjD){iAhAfGBAr~`a6Ar}QuwP{Exl|dzaFLp(V|T0&FM9_ zn&kHV0uAj}UagC*bksZcG%{_q^ANf&@D(%)aft5i=btW+r#orrwm~L!DSzzr`(Ia% zpJpxfEzef+m4m-G7i*Rya-~}dpI=w1YGlh3B3xq6ACawa8fsJ`8I`hKtT3Q)6>ESy zRQ#>P8l!5hZu#;}9rz>%kzppkL{lPDz4eXTxtM<$ziMeYg%W+-ac?YDlHg*C$&v8- zyEC2s5f`Xr!-gsg2AtUhMY0;>Xku4rDSOCsu+&_CAr_q5FBz{t<^?qao39aM56`NJXbg3Iu`d$!MtU=ID=iK%s(JT&zH%kHbpi z;Q_I;#HBQU;Ybs#T#w9wXQsw|JHBmGv!v1VnTa)X%{DplvAZg;2;68gp9ABZ4hKD{ z!@mJTL#O#6clYdYW_>5_=&PtqxE_B)r$%(?^g$aPWBr~$m_NYR<0afMv`qR?n}*+% zU>oj+g1 z+hyIBn|psXLihw6I~0B#8?Q*tbOdk;bx8VQ<6mn|Vrrua3gc4Ji(%+;GN2Z(hHUz( zHsbL~bF)bwc3hbPv*y$*?f;O)*MwYMXzL?IS$eQrb6XcXx8}3zR>pb1lW3F!^Aj}%_hUy8P=-W>ha9?{0a;WL-~O^P9CiO=*n{d zTRY4?N0<5yv~6)@_g`hjKW=g+de;AN*f9PRYxtj?_5TgzD-n4$hVZY>dSm_uM!O_F zNcVDot3Mbo`Yt!?8$G?#{jM8zyTnA2^7a>MrdVKyq@t;)sCT_t`M*WQYvceQ+y|oQ z54v|XwD<4%gH~51?eEXa{rAbhU+zz-0FYwd@1w`FY)*imPqV!;mT99B!5ASBOW36D z8O@nVIkm2esyX|^)B10;UtT$jjinf$MKC^i=YQZ&>)%a218T?ML($M56engkN?w_J z4NfX^p4bOL4!vO#efvY<#V9|epFlrij`oG@6YHf35aT7h3eZ@lR_3|dIEg1b=yFgg zCKtY%XldW;gMq89x~iZyy2d&NWO22b`euH%no~nt>3$^6(QzN&MM#%<3Ej7CG(5x~ z2JRRu2)fkh1(AvHGZ9GbF&?iqIzfsDYx*SqYVO>1YQi!_u_dw6Od%N&p$^@=7?bJ)=((hjUzd zb~eU%L^k+jBIkv?|bhn4uL?2lr5Oibo<4FJ@Hw+p?By(7^vw2Q3RiLUfV|bSYlDdstoZ2_I1~^Irt-Z z6kFhvV#CL1B9rl8g~zI5Exhl)A-)O%k+VJ;>8rV|quO285WB!5C|^Bf{w_i`86Y%J zCzA$qRNz#qj-61ftxl*G;;vyUpin7rJ1$^3Y;tg_>D*=NrxZY;$y0N}jnRLHutS{@ zP8}iJ^zVYRO79$f z{JZ{Bq3CRh@=om5gLrs4t(HW@5rtxaY;#ON*hGb?Ps&C7Z42o)cx*|@uF1!4nmE#T z?}G|2n0D~c-Z0p&;^SYurv35A%-5kbOOfDIC)MXm_p)S_(omg4 zC`E^ui9le`IjI}is|w}_)?i=Tgh>lBbx&V%L8%z5yw8u$QrMTA_#Cx52?E-)D`wbH z@`_!h(~tPUzEyDia>(=8yTp=U2oy~d_OKSzVE^P$f zEs9IHRPMBfpFPtRT{YCNP2(jq7LX^phqzb3$BN81;6<-ZF!> z0xeh^fE_cI2?w0O+>w>QmCRgc=f_%FJKlo7J(t^JT8k3cc2G)46h*zcOu znT6fYd6k~}v}vqZ`Qrzsu_2IOTV()K4Qy4Q!%}{&l;3w?B3(zbxbA<~%v}UkA?^%& zxs*c&3eNY&S?yJZm0H+#iaQ29z%0gSMz6q(7ang&;|rbHIa{b0-dVz6PE?Ap6|;f0wasY5x;Y$c3Lr8J|BZRjQE6(fQ3A(N^YYw&V?6`nJ}*N^&2 zmU>(!%+<-TlYyB%9=f#Rbg-um@0|5;u^~EhYMBR#9cpd4t9Naq94$1t-DEXpgzc0W zV?c|3W-PhHGUkerQqHbg!a8mNE!DR!r!8%eZDqd1m2t|@{*o}eM6+p-!5XL?2*7L5 zx%=366#yn$Xq5R`tCI=MA3rBTFyic$A)ocTZEMb()Cjp<(VUBZM0RUMt&sQ&rwK)q zLTxDoQ(Q$Qvz-%Q_0S2&4+XqYi0af%s}4)mmf^L}{1_wow()KZH=BBgq+<{|yP*J8 zknxv@Cd=yPwU{wLJr-M{DnjQ4*Bh&|pvg96to~OPg|%$*5=oD4>RF;D-iiW`Yi@e( z#>d%8a5-d8@nM;1Y4!HUoUI0#n~J1*UA4?n=jMenPU1!ar@c`yq-Z3Nf%++RX=LBX zLT!CTwa=(%I7`X&kz13*(!r|MLFK#kB4;$`yszUKh)rOFP+yvB74h&zP?YOrbtrV_ zO?z=oth8od{6#`#idN_59B^p<9%Lr%AV#p4UP(yNl)+ zl=((nAS%PZ$ADBB`j0lCF#LBfJu^xyduG7&@qhMz;p=Sc7?K0?elqQJY(4Mf?5#IX-lJj&u%y&=zFDAZ zCR^W1pr!!2ICO?6*)omoI8EkjY};OcrtiT-6n-2(=!q&l zeg0P|@QZw=(qrm0XQ;$)>-Nz^WxJ<(wgDfJ$jOMoxZUsL8G5Y5Zw>lB@C56Msriq{}`eN z^xucHp~OZjSL-}Yt9A8}8^_XD2v}g@h^8Y)`}eO59G+1GU~*cM1tS3N8)brRVnWbyH1+>p?KjAR5V65uxEMk?5=f0m6kR zIN;6045WLj!XTI15Oaz1aWuOxCf68xC=>ct!oy_oDL`0Hcw*~7rB3Upd zoJ>0;L)%|0l?1H%poIbCi4}R&W8fxN3hRuFd}%yt3iV`v1waj~QvzrJf;hofA2A`` zll488L7oo;6={(6Mk$5VEMiiJtLla$IEg+6lReT)l1Y==X5Bu>L)PIV?3BcN!ia$c z1ezO1L^P&;7T2}QuRKhQf0bnv-S|O{dVH;-2d{`S<-+Jh##&QiW5K1T0Fh2T1`ruT zH*Dx3+R32upZMMN)Bhq0-fH<%62XxTION3XsY5Gig8JZR8c_%F=pIz8=gq2rV|X-& zCVSz_t8qB@t)iWr2jtTusb7BE^=PFJrPV~0pJspH!D21Y$eB#)CMl^Ap7XPNA$}HTD&VT=iYZIp8_*UB8(s=>RVd<7 zIP$@{E9Pu2vFv=z`zSa))SeN7(Rnn=c|Sf>)Xv6@#9mDnTk(lHml%tyR;BQ+a_A-g z0CE|0O5Fu`=xGUrqJM41K?Fft{8GDOwPvNkMVHF~U{$E83zP|?GU(h;^p{JRMaT~Q zS(>xeB*}7449l%I1J2~r@0ytBw>Jn*(q*wrb*Kg&93-Vfyxyu9nMNDwDHpNP4Y!_@ z7?h{q6)`UFZy3H;AN`yw!0RnBGBe&#e59t}Wu@byNJNQQ#{m)#Ofpd*LLdAeKu$cg z5f5fbS593OA^Je<1%#&(h@(qgX&FdEm9jSa%umGqOD>_PWgg7bKS)T85|M_@3jR!_ zb`{pWi6~mXE-l7TTFbtKtMb>O5aYxuYJZJzpu!kR?v0c&_B3e7%B0~+Elnw_ z1XFYUQ(F}B(*PSy=#u3)1W4#1ug~aEF3+&}V~cyhIuwb+YsR)6BieLqA(24^!C=W$ z@&X23}A`su9U>uthSPEE$D-o!sIM<=X z+Nyo7^+XIuyQqj zy@0|S1JPvAKv(9|%^c2~50UddM8_`N%LH+0%W6dQ4p`0J$+s1R5xt@jXwNN#XG1-4 z4$l+DCNTU&4y(o5=Ax;Tpv+rWoA~(GZBX1LgPLIO!IxmKOC0Qs3t&*r*xW_9u`0?l zV2wn2rVm&Fm3d37hTp&j)v;2*FkI5tKW)FdIa~=}GV3gzQufhIi8aHNwn9b|84^)- z$zf|*5ZBYw5e3t>)#1F?+Q_w&Dew<%CCt_em%WpP0UUH_ zs-MHIj4QKU;bS6R&xId>{_zRIXrbPbHo>@n6Dz=lcCt!=h)CAi!FTNGALQ6so2ZVK z^$16d!mu#i9uBu~GFl;;*wwgFQeip2L1*hJ&;)anj>Z{v^*ulx>IKbcInqJ%egMu( z_rr)V{X4pZ{TQcD6GY$o=N?!VYkv`Vkk-4|f``BF zU<9B2!m-?~gAgf+33c<1&g8JVE{FlD#hNEE_Y1C>l-`HSu}2py2`wUyGRk+MGp#{c z&{Un46FbDjj-n_a@@SAep0z}n9W+EYb|oy%St?f3lQXP+^q};wN@D6>Smi#QK41Nv z)Egx?OUeQ%u_;@_IjK~y=AbFLf-QZCX354056E3KkIfk9(A8}gLeJQ7Olg8FX^x(yWr4`sU1+KH+8*%R8umP* z6x@BXUaA}X{XvLQ7Z_64W?>)A%`#eXFGuY%R!*l4?gfdd%?c#BnlX#DVG~|@&17gk z(a>Ar6dG{FM~g^OGX1|MVL&@3e}03q%uJNMgLQ+B7YJZa?~=^GyUL|I`knANWYaSZHu$vCYsP(wd~}l-5kscaHbAgX z&6k_2z&kSZ%HM1?nj9O23Wb65oT+qIQ*4pHn0_xXyLKl2;h|;i-mU~`vL3|RYNrwI zX!4TssnP7n>WSqC#C_u|PPdW73OUSlM9-s{J~Ra5!6fAvc&yRm1Oa&%h0w~Q{8wd8V&AxDMmZT) z$+^79GZ&QQrN|QUQK-mAEjFFMrjr1R4chwBekuA|xJ$5eXEMj1&{6FszJuczy@nUZ z(+ZEwtHt!CKH8BC(R zKJg`lR6MV1e_yfSX;JL2Q5l7;`3S9*1RzCFGY4pi76;6Vt(K#xMT<9YuBw$07jfEh zXPiy=3?N+STh)k3UXX5+iZq637*w-qcgJ-HTey$vb!({1Noz12nPe;Eqa&a5P0-1X zd6&mByZi*mOKlGFB^XCc`|H!iKkM%~daTrBq(e*L+?p&!nimKpZ1 z&*9E4p>3(AznDW&mT&IgCwhu7U5eO-T~g}`DRspx`em~IGW&JKMH6uD4)&wqzQR%& zmr3H9flQY&9ff(30v847*gxVKR6knX12Q5uurUQS11np?t6Z&+y9?w-4GN}X#g%Pr zSOW$c%}sdVp15P{FUFFs*Re&*urz3yV}`}7dxr?uVH?;}*x0^&jqR@6eod=E9jqEc z`~=XQMCY#gwoVP>?c%>#{eOc7_W%6h|FhXJ{V%=eO#jE;^Z&swc`E^70dm1~HMOB9#PbdB52#Q=VK5-N<;^LaMb;GP)t!~bE2csniT zd{e;v`MTb}_2c-$>qQOY`~9}}@R3*K?FdQ(x^e$L-LIp2A=uyU_2r2$;G9U37mTud zyRqQROsap|i8A{t9>(CEd}Pio&WgPt>Go&27wa%i|B|5Wnvl5xiF!xg2BrEre71w1 zt%L8SE?!Wy&u~tqs4kML=k1D=a#!(Wd?Q+{+WrfDDuNe(`+Z;G>d)X7^9HK;zA8Bf!tuL_dswl zz9Z@=XSGr7Q_<}^%s>F$5*`CF=$}Fk1XQ3njVB!gP|SPB4BjCspLgO&ML``y-6uBk z<`+ig&3L;M_lg_p4E_rNXBe>rCNa{6Rc*wW2t_AaS?Lgn>p%2U+_R4dDUT?#DE2cD z2ls}*0xeg1JRiR2VNa1B+~AxN|Dlz}Il!AavJ+%nwS-CCMLU;?jpiuS87ww=F*g8v z7hdiXJw(w3?S;31hsd)=ZXx_$5~oi|=mpJ)!H}?c2Z(`>iNhnQj#aNPY++183ier# z!5(*2n&@Eciof`(@wskFIiFC-sg>$3fPFB5Jyuyb<7GR384AYga>8=vS<5t_9vv*h z?3|ZBIx7b#70T1)n6`MhGj8!USi8&`n91ACqYOZw*b&oXn z#fpjVF9NfVp!&v-uYW;3zjFzezY7aYQD~2n2Oncp+)|vM0#BoqsYk!`0;gOw$ajr^Yp`n^T5IbCNmfJ&pK*qA*_mC9u&hw7u7?A6TML>JNM{5fKOZ*?n zACB|Sv;xawp1?gO%aV*8iDf<+`V{~~3>uIq6jd**mjDVfo{}DcBgpXw1IB=7^3<>u z&? zLVewheFaripr~P_bFuYoNy{Uz z>i+%7JY5q8u5_kjhlyy`KyTh}v$7(A?F?`)-z`NgzK75(m0T->>RZX7*-k$K7hIXXs)7COfB`KR~{g+>Hy9JEO%FT9jRTq;1JNIawQfyze@sX_bbgU1n(1bn7? zTX0emfalZ|DMtPDRF(bfPPaGyuZvi{aS)|p9m|;3zwQPuHAWM;WERAl6Cs{z6bL1S z9;qcHuakjFg#nWU$U78{@`F|tyvLv;)A7hKWly}U&r2FwUzrTWP?i&RZQcw=Hu4&q z`Qmj)c%l3op*^h3)T5NcYva7V=b+Q(O6=ph2&{#HcKINUlkwu(Tt)(HzBPY;4Md=~Ye<6f2JG9UCKUxTBpmtij*VZ*jN z8`rHsN$^mW6o`;(t(?J=(#C#4bFNgbR6u^0xHc?VQ~6Y{xt7CQAl-$;bE##N88 z+%3?6V0tVe9#ojm>vOMNZd0B2B^A9zxOFwQw!QNHSk$G=OU;^!{55%M^*`kAO4dlv z4@Xp)k0Tv;GhUgGm$bmxzkH%z+f87P=I=pO*+s%gh*I6!)%C5q(!k_G-3QGTULgCY z2dLUJTdOwN;ag)-n5Z*JEBy!G6FZC>(`g2^xbax++C1%@^Xk(c$`Wn4b(rD;TCaAV zEL=;lz75h^I_$C<_fm*|$6bAzx-kZ6-+k&ZnbJ zso?g#T)uW6ScjEUhKtW+?O%}z{BDMKSXMtUk_mNoL$CPTAW1Cg1iSm!b4%^8 zdB}6&OKKjB4L#_q)y7C`r~JeVnT>jRh4M_j3=K7MZ(!Ki!{iU^3;jFazid_|^x^a@ zET#T>KDj_O94>{=!dn*{P?d?T@QBXL?u}zS?`v@EKTxSEa5^+Y!_vBV_-|qqVw_6d zS%xwF1eRky`JNF;+zV8( zUYU~?co;?9m)6V~zHyi+2wBWg>{1=3Q)F39vN!_C`pHqJ2Vo4+gxun)sW*>Yct(0> zkK5^J3|%28A2_OLm~bjQ+3X@MC=Sv@-uf>+8xUiu!@%-B#-R}H?c+yP{ZRGa&@lJ% z>4=@ojV~TjT92NIMXB9#;(n=-${D|jEtS?eevEc%PB*Rwrj@Cb=xk+qyT3Z7d9H1P zJ0*xswA$RPh?n=4(GY#MKj(c}3-zX+IaLC@EFba}mE8&h@qBD1U40&?zSaXQ9YGGQ zoslcBDAljht);-aIT#&s7O7@En!NDZ`psxxJiumZNoUX&wRwtCgf5X;hJzT_@`C8q zuap&cFC#m$Q$q;bWqDH>+^RRq%?QsC8MyJMiBjdIO^5{(FX5hNF%*9SolaFo^9ee30${e~#8JT4LIvlz@r7mr-{&OOQYvPYq-M;Z*jv_z6 zjofQ~Y|Pc;Ts9PI#T<^$``*#(rtWatHp2`E&qQ_qd-$KH@V3s4ED1o$p?G zK0AeNsq1vPB*W;n3UHG9#|xeHe7@<>Oq%A)yEym`KK-r!DL8bi(V5Yt*E@83yzj)S zmm!Miu)1UMb&ET6YbpKcSSD)IFPA`T(tgn3J=OB%_<}DHL#z1TGWLH3=l|LfU}yNB z8T-F2I{)JZpXvWp39l_>MZ$sfZ%1IsqoB)^3ON#F(+2;ARX<&b>F+jf`e5Ib$?uOS z`4dD*@l>SsMdnt)vyo2U-?V)-aAcsM2f^oxj|#U% z`1akjr>iYOWME|_iV+LyA-ESwl@QwIM6-mOBZ}#N%$JB$yvN0HYbD@`BLc2P-n(1~ zD5wSN%#+*;Wc<;y=ME44uKI2B^zM8&E~KZt?6@(9Ms@wndj&aPnfme7xo}UCyBw|3 zn5Bp_WH3z{17A=PMN^NFz-UXn<%=4oYe>vNqDLo3DLQPI=RU}X7{nZvdjyo69>bJA zqqs^zpU?y??G-c=Z1X!Q3oDR|ud8PRLnR+XC>K5aN^cRai#I&KLYn7uFiqz-sls<= zW>I^uWD@U#jYs_r-^o8}viD3J4U>2xPl6xc86CtDrc>eI>2Y$0Ss0I{L3dC{e~C#P zki3t6_a2(LiVk=wBH;f7eimma@XYRIBeBj1xlU-s-1UPCge^x2A6T?3f^Ez9<(xAK zbr-nEMGK-N@-&!;MmEa?CsI8q?1_dDqDp5s7={ux&1zuYux?cVTB^>0TOfQ6%@_i> z!4LB0C`@_>z3!scOu#$4b*BH49Ngbe6Tt*q_9+u`2ERxo%LlbL96(~k!f_~f=#i?& zA|CTjI0?JTyvs@us;Y+yv9k%(a?2ddNC{%1$_aX$)-7)i(Mposi=*%m*wd`=1{2XA zjW>Hzz;Z^=u5TqzEE5^t4-|5M1dp@)HyDB?m;$fUWM${C6L5Sq*d|0r3_i1o0QCpV zq zsh1FT0J+b%E;CWz0q1frz7vx|C0nrlApFpXL?gk2OU?u<%15`a{1gkLV&7T~ZSgBP7z}MibJb5GGL4l1H4( zk&754ZKuM%*k#P-5Z{ zjr$j^82B_OHw{gsv1ZGKh6g;k4zS1CPeV!WW_GZnQQyOSh(9!{+8k|GN6XcPeYTcu zryT7}!gV_0m$VDITv^T{Kxqn6tA2y^EMSTTHoRfSnqjB98*lxTi2GK;18SRCXJ{$&Jdm~O?8wjx9% z9h~YYCP6Pl$KS#5KB(rm)S~WA;6o8D0PLeW9bx?SsD^r4t?o5w3+D1^Gnq_d_;p8^ z^QIy@Z=D3(cIL`sU_Ur8;gjMK`GT68#@!u$g=m;O%^Dg1_FRL#(R=0;qLt-9dW)UD zVZ z1*Myk&At444NyYzp+Chocw54YLLg(&&p!nyb-7l;{pvcK% zwj%n(5<|l+P8=si0d{h}9&zH(o%Vj}e|LtlZ2mp>p?@Ij_#VcSM`^%l{fs(1>pT_e z=uCZW=mJwtZMwN5`2+5*4*qQb_=An_Dg!M)$o*1-h9KwDHB>8Ebo;MY3S3Ex0bxc# z&uPx&w!JiA9V5n+DV4T2jbi!hsKLi^P32K~lUx4O5L@7GtH5McC!AHI*APKl)vxHL zo^z(9!2zIk5tn1xnVD14?V+7s2~|b9y@9SJ1GuMwePQ+(b$W*n zL?)MLSKzNZ7YJnZzLw1Og=?b?#C;PuYn*Qn-kPdWC+CX|*BseZ0B(QR2qnPb{)b!k zh8!;8J_C+3PRK`D>wE5t)3Y?=fbWa6?`5t;UouGlDAwv4G@lnKay$M_hVYWSonnx! zU4mbIt^|!!+_ylk$>(7>{)-{o6HvLvpEEC|*&*EHxahvI=okTp{}2p)@wTutV?W@vj=c8OAR35s*cfXltDOM3oL=wYF1| z3t6*su1%i~(gfbWG6$uMCs?{H3NTiLfVqhTb_hgTQ*>G~&zb*RZekKm))A%5-!m$) zsqpU&#A@^fw(6VW-;~f;x^wKb(?P1%oX4%iI%T`S^LL;Z5=EM4Q?10;%GX)dDRg2^ zK`@PK8kfiMfU0hLwA0YUc+&Z(Dmq!t?F3Z^61-(8>%-F;!-Uk8OdJ$rCc~wz z_DfQ>jucioCr5Dh=aGbbKCIc09d&5Mon0&0-(H%%NNl1hx(xol%%@ zE3LGu?p?`d)GP;wbvS98V8;15;X{NtRXHJOgB*BG7;Pxy86nGV9ei7O%e5 zpPT77a*$YcBy0y$RNtupn3$%x7g%bqTHB*aMHf7a@sDq#N_H>@J?rpOnJ0g{KMQAg zR#SYN@$2x}5G~4W^&;ND zZ|1_R4nAK3nkL4JJt=o%F5JG7hgURR)Q+!@?Cl&A)ut!lGrwhhchYL=ho!Jx`U1RH zM^gK7eB%pzQ)2zEng72@eMSz}|DncV`fp>-|IGaVA$b((L@lhHO&sY&tqq(_giVa> zj7@lXp`4r@O$=rJ_jM{{!%!H5E*FQh|yHJ{Q6D(7?Razn!%7g9p7H^xBC8 z;}s+)YiutrZtA86WM5G82qNlnqd=vwPmccbew``|`N>v_;V&K5_5Mc_ANMP3H+)$4 z>+SyWLNJW9=}B?$xVek}>zx$G==(7`i%zIUL3`lBGal7evrn{jK}R$c=B=snC0U~= z81$stUG4Yzk`}gV2hV3is-T#Q&Koh4RBpn8Zc&Px!m;TfhRYRMrg9ObegKdF1}zk! zqLFXSnxA6Ef_DdIG)_e=*Jp3*LO(~*qrx0FN^wwp@1Ro>6uNOFs@ngFU=aZ`c_b34 ztB-?25JzQmLp(^i?{bA`1}3`sjKU@9B17YB%*ai8Io~h6lJp@~xGor+2Wwo+k+sji zA-pbzb?6zQkwVveC{Rqg95 zaCWHBpPiV5&`Za(T0(j3PeYOHK)r>MkkW|%h&UQhk|K8sltX=-DU>{YYB4MYlvC}(H_;V__>NF)Io$a2{zL*7T!UGjp!I7cBP;@>_O z#fy=3!69oho`~qddWuP)qRMMfEf*P6v@z^WaFeDiT9*iB027E1=8b!VQBZG{@8cto z%0`S~SbWHK_Z9j9jTnZds$e}%AR@x3Y`bgW(!i}qigE#_A^5fCdcVZf+0iF9M)wLX z50pplh$Jc1j&|xH(Y0X5ztU&&$9#`y{FW{D2UIwa^x;r?{)UWOQ1r0V|O%|JV5u|it%-++EpBgsTf$nPTji9Jk^ z0K++t0b_Jnbw?0^=LaIMunW<<7O_$DbeB_DMDe#wus?q1Quh7carm^Eg>jh9%|PQz zA#Y+7_JnxS4W0eKHi<&??d4D(2f*AhV8Mz>Y6R1ZX$jJ9_Y)FtR4!gIF$?IPc)D*G zWzp%GC2&>CnIy71Bg$?ocZ~kB6)}e+gZ?g93GV(P$07k*(Y5O0MppTc z*ducFn|HvL0S29|0+ln^H({EELntw`o5K1U`E2(2D4_^1^3HwuC5`e6ZNN=qWs$k3 z9Bh6?Br!*qUki@R^WR|w$~!3Fay;Q2ll^C5c*0Lv*TnCw2}i#fK{ThH^!y=hs-+t?JZI6MoZ~xc^A($&A^ng)QLJDUt#KF2*z2uJS7?HMO@mp z&$HvUf9yJ4ZgwxNiFd+ctvl1cbbmcwhhlbZam>xs=lx`lFAa;gCNIY_)$KlYeyCGW zV%&Br`(9m6MI`e?@GpqcIzrADfriwy(-EmFoJ}k=BpE^P*r;9UY{{+kW#iGJtQYX| z$6Hk8@1<7(kCU@tk_U~n{)X)2R8B=<70*%3NlO02Tu+cUWSlacCtN=(j}U!C>KcYI zx^}$kcLTrSgjinL-sj3hzS-OdM_{|O4zL!Mr_MhtW%hCvuI&zYje}sDX(?Lq`xQTJ zz<$p#{{(MI^34;-I^ca!L?hgtXz z#M|OJv85IO=IPJf>S^X68Ylow1eVd|T(KSh{BEMM3I>G8hG;p{y@?L~{L9y6eaFS!&2n2~o64$0NUu`oE-a-M;cZbnW53Q20G#F?x*o6- zgxz3cH0^`Hj{W_}-8>Dm_R_^=XfzT1lh*S$C_>lra&Fg@n@Ss3e(DTxavno)3X{Ro zE!fc)%`ZHqe|w(5XK>fU!r6}sVAn@>#|Jk8R)rg`+19_VS(_g3de+&BE6IgbI&W(c zwwFXQEKFv$O%wnhj6{WOP-@49Py-4B$z1uRj!1F_XwhjV#31&GxB*|&m(m^72VZ=+ zyF5|D9Rd*AN}j?~*}KI0xaVb|;8x2Cr%UVFoHGK+r&NGenL~Z%05dx{%~8yuO65?X zJGfmnMrpl@c|LhF_8iw5VC6nw{rm=;I}W)G4s9N8>YV7_zg8bJY$Wb&v!R>#o0V)1 zVr)`S-c!UARjd!(uCL2C%0PyeOMR0^ZE=mUY4eP+z06*+jp=$xuXeUg{$w#v6IHyQ zAJFa%5g0iBLXtc19N#)^3n#_D{K1zocqDItg(==pQ4Jsc)7a~?jw67d3Uus>bhss8 zL%!Ea0aub(;C0`;?#Che%Uv;emZn~R0dJn@T9sRZG)P*?x*RRdr=$ZuWLj#Z#1mEL zfVfC?#ma}(h$QLdsXYCc4?+mnxOG#fu!~|3lMK@wbeund=Uk2j2A`oQ^{%WL6kG}B z-&dHTvVlyZ2Bk3Ey=Z!bYvR=U-&R?I1%opiXQPwpjc5YT{HAavak-S!ji?m za{pH{Bb+Uz4~0Ifh&-G46fS`ID&7JksD;mA_AZz%MK%nuj1l02-T#)NSx-FLwlG`H zAN~Szkeokk2A?LD3RqSqM#CEGp-*_E<-*N3?YE5(l@yjp2n&B_&=AObEXBg#@I!OH zjo$5`IBejpoJ=#VRiZMZNgqgi06AnO-{Wbt#r=B7#VyP zjm*6-cf~;}Ir%t1V&r#zg?RYPJOpqvp3=?P09yh#5S6oOH3Kr3ckL8_P6f#~fekha zdC{tY1SqkKDL-9&u*6WfQrN51zrz4kI6(+Wjv$@+Yb0VZu)anMnFC`gZ6;dwLZVS> z&7*?;PX=%o)_JJ{5Gso?lrx(93WGQ|red?2`+yG!%;Vw0@gjE!wIRZ4)Efed>PxbVZ3hJON_Mn_ILr#NiJYObh9Of(T9q>PWxf5N zXxp7eFx&t*?kY<@})$Mx@$ueaqW)T_;Cg$RE9P{hB?oEv7gC5Bz&^G5r zvddS=xWWC2FHYl#29mkgrD1t5cK~0tqqASJ6DN`L1V_CMl7OSZ+c?YpsU}X{<=NKM z)Qom^`tPhSlWzVK27FXIv<|yxX!70PLJg?i9w~L3RQ%gB&aX$6B>fhc${zIoV^b>B z_L}sGs{z3x;olvLBVKcE-X`KSFKj*Z%H;09E(MH3w|kB9v$56WdXJUyIi*iFLp8T6 zPR^{Ne-etk@CO(AJ14c08|Hf&=X>=lN|pzY)d0HA@n*l`!?YB*g)&Rp24Y#VH8?I! zy?e@}opzPk9d4MvgNoT|=0c$7tPc#{tvJZxxc?5weXBno?(uGP(#@J5YCTZu)o#t; zE{*sqXZ&5z?|01@j$SIvwOY zpO}v8Hi>W(>8*-1(WC)#IgPf<(}pj8g0BXn4Ep_Le=j&L)X>?utf)uPxh}nxMThPY zU*WK1s2#@I{6m}UTk6j|7~<0Zp;d9t^nKtzjFqtv=3A&=`Z-S;tE%Fo!C66jNhv4U zsbjU{(bL`y7`Z?va;C@{WLE*UH^OZ>jYK7MP+PL>V<6?^oQ*3cJKUKJ8$3&0F+C}? za0__-)dt0HJee<)K15@AdRKZS!B@~<=>{%BcWk3qHt}9%{305HDT0|5xD>Ot@Q>$r zc3bskAl~c<<|X{>iNw>3;@-i*^8v>%6UFnT_-BGBILpZtfnI%*o-#*i3&t0lwjOepU50l}l0MZ7AphY6q_yTq^q}=JNjXI+?dSEixhI_x>`gXE$KG`doTNYPZlQNAn=pZmZ^{RJW;O zVgB}C)oGtEcT$U;O9%5)9j}(_OEMw3smy3w2(-?g(0082zXu+jk{-xX7@A#arJUR> zY!nSKfnlPS?gXlyxPE1Si(~5`Jq;lLPRVrj5gkByh$NK|6j--$YDU0O6}X(yI2*FI z4+z_rn=sAgh4l>9l}#_l3AZ8M=sM^aV19ts&J7K5?O)I7nU|+NRkHGXYGA!>QNZo( zg+iiZ)kRBRzmw!wcyAlua6RGVWORUh! zprT76V9G3~w1{>DcT;Hvd+ja!FbNAs%GI|(F!-Z&eO>Q5QFpN1sm2WV!PlQOG8s%5 zR1Lt|SZxq~f%FsI${WKD&T;k`_Eq(RQs|IJcB(5VBStbmRerg`9`31hlf>F`^!G7w z-E0e-8Xy*c_NfBh4j85UWW}r2d^q4PMxKCp4*|@~gC_!Vh^-7Ic|@R@fQe(O6P~IV zjzSVktRNr?O|qPa;q6Wo8Zy&1#8y-fR`OBY8yp=8!iQ^gHZfrTh`@OHj;E zLjYnrqr@cNTzrM-S|Lq|XA|DHhop0aN$Wx}G#Ho!gl$mqm)=nU_CiwYBz7puj#?On zxiw=DcuR?%zd@q_++^~hR3*rD$QKH5XS6Eldp{uEsV{R&&j`uocK+?62$1~us^ace zd#)@$PlaE6H7D8Ukg?E28@RJNNIRri*DCKdA?;3epR_-~4P86V+^h~X5xSUPiw=q# zyEYN~PY4yiW$x0Z>?tt?^%9;NNpek7Kjp1zAh_h9O}n?ictiank{&|4z_|k$01q7= z{F1?d;OBq{nk97vxEOt!al}NxS!%3XT&Lhc4oo!kv{1p#<}=ujv5nn}^hw4tE1W(a z$(JD+%3dV?*|?5+82A*iB*qDm1gSL%n5{<2RJq5fY{ze9GwF^ z9Bb|#0xwF>Yx%Vq)d=S#&W~K+hkvwfHsKtYODC6? zg}Qe4mF8u*l0>j+7*CywopYWb!Z0q{wV5~L_+|_OK`StCiCM(moK?u~3i~N_*5Cj* ziG`8n+=L!boy-qrCWFw>Ms<-;(3S%!^-n>zx&9pq$VbiVDEG{J{iHSuG<;%>)_e~= zT)nz*8JL;D--0sk!6=PDa)WO4uDRHQ)^=GNwvFxBm#pT_s88GgqP(~NbmAsuYPERI z4<5gQp$r!es8pc=RjwZD-~?p-Py}v(aWo|Swuv%D<;=fF5C0?RnlGP^$gX!{19ji} zcI~oS5(cW)TLxTd3~{r!Or+DuXfNTWw&W5GN!3q2{MEOrGF*ymwqcR40~B*-typg> z4$CcZT$rMtpm#g_OqC9y<}EE^2s60gCZI2O|q^mvST^vpt- zcKdPTutwRmz}W8r)ID=|@Ms!wQ&fydmc$gvkU1ME6zfS*rG_o`r9vy#ldTcPYvUV* zhhSS|Sb?6gNZlls?XQ0bh|`4;M*nMSwAYZ0RDju7b?D)m#z#5}X`atGKanAzlvsYH zlna+L6TvGc;He=Dlhy(@h>gU}^rHpWj24gupLV#Uy79D+Eg*if7 zwC}-Mf^GZ$DrLmq*ed|uQcKOIVy71YjB`XKqp6W~zrw=)*R9>dNy%Li1tELgzcd+Q zO`0``Pn_P0AG%^Fz5F-b%6KDL;aZtx#9I6`Ojy`!8PzF8wJ8q#+6(vFNod7ec92}$ zMDb_Mu`1aIFVl1y?}n6T^Xit{5pF;!)`I>af|A2G#fBrz!sts$0lr6&@1mewt#*}u z-qnC{QGPq1YAM@@<1%|@ReQgT+ZpAw9fdRtC@A=8p%lq4-aS_t+gs3P>phdrG5I)` zkUs(g87G((kr;QqhBig6Td|_DSaRaeMi-h7Z$vWAlHIo!d*{)kE)bya9b*FdCJ?O9P4y>D=_rq2oYR;lDKtD6 z0NA8}Ox%P%TxuGaqI?=g`miDyt5OYQ%;r(g`JF$whIDxCIFB{91Ay(6dP<|f*KkB{TA{Xvnx_vlKI_>2b52x%FCn&yf|&`Nw1Sp`J~OK zQQf?{NV(7kTP30Rdc>NH?mRtRo6MtJS{$OGNSd;HPL*%v$LO4Cv>Ypqp-Kxz743Y` z2=8`hKP~&G+re@AIK(LL;AcUiWXQN41@s%UBuSkMM_ASVe8B-JWww%999+5?w1ckv z#5J~59CzuZobJy9W~Nj_`&7?eM#)Cyxir+iM+^38_(sgV2#Mm+q3P?%tT zGfmGPZGQ+rKD)^v=hHOk;L!;`k-9VQnQwXwV1SFd-O4JQpE7Y$=8~%^F-Hd;B z!B?0Mcuc?MNa&0lhwXEHKI0%QN>U2C#XXL*c{9)MQk;lU0lT3%k@mA!x3hYD$TLBV zztUmmu750+9e8ALl%RvYiFs~#s7<`K?ZldgO#`{%gGs{DZ6T#-+YE(5dUbyW zlt8{lC`|%wI1t-07{LcKJ=>vOl8O^*BcJp|doili{f+@+{F2n8>iAxqeC|j+Z*p!E zY(`(bWV=~z`OEyDQ?k&yqmBXIn#Y66$C3)DB+nw$*hBA^Q?Q$6f0gH9|vgAq(U#4V@URP}}`Y-}4WYv8f~*stNp z@??knAJO29VR_Ss<{%iZD~XAyVck*<#|?7GQQo*-=%%B*gS#ktsLJ6HTq>AoiZ61h zuT1FL*)l>uo`a1U}z zmtlh0e^fzt<}mwYnY*-lDuOY6F(wtu0Kf-mK)Ww zs5rAlw|*57M}RTel4PVngkoLo&KtjHg09bQk*?4BQgQMZsl`H)vPZRb{O8(Ye!H)g zI^M5Lnr`Ty4VJsC;GfwaA<=Dw{TCparj4_Uiv=n4zkgkieM1Ke$X)_K00=PoXJER93GC$nRtMrhO7Vjx~Rt$^2>duWBz*V5c`JaUGBl4|>{hu9S4IVUqhDY(bff{y=um7C zQ*Q9u0&n-4Wf~zCY^*<(w=Lt=+q-}QY6K(dHqt>B_w8-j#mj3cHVCm86&5dR|4M!e z(gvKF5e!xKfaFCLL2uFdN#TAakRw>bE=j5;dLk)ld`~LOgR!rV*+>6f#4~uUC-G91 z-^A?Y%4oWA`BB_sxn^}gYhfmM7HNL32u!+8^jM(p$w+B{9k|$XN6-jNKTOv6+GZbQa4tQ z-bDH_c9I70{8ePqgP8VWUqdX|kA^t&Y8GdgVvkYmA!#MBr^;+M(U%@&C{0VvRg5#~ zc`SkTiIlQr2F|wF-b~L%Bnsd=0c%NBw)66|;KYptu{BGt|<}H~#y#q=}FQjuV$2qo#RqXk@s- z6@(l{O9#nES2T3ix=%~Fw--%<79Lp3E(%nUx~{o{kU&?mby}ms+_A=n)|ZUWUlL z*D7PaVBl_1P^po2!H{{u7uH8yH$LguVd?`%^qPxj zz^^wGz|qv}9L(!JvpaPvrL8V2OV*?9hiv2^_bRSbBS7F?*b&>{jO*#E;r=X=Y}J_n z3rAOow=*`b_Wd7Q6`2e_k`g;&PqQD4arMdiYC;=0oH%b& z`!n33tRY`qP~4~k+0##@pd`w7#qaP0yqx^SNO~OA5wu-z?i<#l!4H_Ut)LgCvU#~os_GK5}k@mN7zO-j}q~(_`u@( zr80E|ws&DWuloj9ENJ|0Gt3{j2b`KlXDzPKQ0xkWc%|ffG31~V6qZqWqhz!F@_TU3 z#bh*DK~8c7w9cX=^OK`RP1qS-;0^&_z6w#c!%nZ*(Kct!JC9h zWu%TD>TSn3YKG%qW3|O!2#oZ6PF~)P(p2|d@ESQSHGJ(G*qnJSTPu?EGpwruz1r(E zq<<|9+87_@h^_*8#nyBFJhu+sEElq1%wuwK#Bm4jKn3eC|KSSW`RCJkk&(Dw6Rfjz z+O;ziyfYXYR^KJDPDAKQWU$6;OG)FWxK1EgtpK`*TBmSiP5x!5X`lZb`%W z9lUE&M;@wc%u2*D>)^awdxCww%k62&!~T=(=G3Zf=tTLS$DG2U8iUNrLJK)vG=RD~ zl-RQFW6=(#mzv%o9>c#XoR?2u`-0mI zE_TZR$D1RFnHc7)$QnDD6E|+659gq>MfZh6bCh+qHKYz1np}C|c2(VPjS{*w&>yQT zSCOT_wafaDA&*RwRk&2;Q-)R>(UAzevR(MCs&zVu5==d}e8a0&5j7%@cC@Xtrh_OW zKOZwH&6L%f{Toed8tQI!>yWmv^*5*R8l~nnMD*$A`bT)JTX}1m_)ew<7uv91A?uJ; zpSI=9vUYy+6KC>Rn%k9%Zm#r<3gZ*FPv?@ED^OD$z@ZLH9^RP#Twk4 z3qqntXujl8@58C;c53lj^NICL76;f&3z&O?HeLKS#TUDHt+Ll@Ld@kyerKuE{aE$=au~AIuSqXFXmXNgt+^@~&8YvfhXXHjlBw zN^Hp*51k?(S&yQd%#K>I8oeG(_bI}f@!BR#;iNuE2_5Jv0GR8ArvDi_>r^aspoG$R z9BXYae91LBPz|)6iQ&1?cRUcP02c&N4dtP(X?T)K8pbC>rUvxIaV@bja?0|+f>(@u zzs#5K5iRo7&(jg;V*`R^|Fbwkc8Y?91L4YehXC0k7x|8f!uf8%>pmDD2fV+$`M&o~ zp!%=6?cV_#MkWsW|5z~myHM*tb=&_6Q>`sg^^XUyPfx*2C(xyPY7o4I{D|`R0FYFul*B1jm-0H-T-nZ}T z*&eK4Xx-u6njdcNF0Ouj*}cBNet4T7&exYE?9JWtyGH-x^VrbI^+DPt;Apls2R{zL zp6~Y)^|W)c8GI5CRr-$XYOzvxl z3Ki23O=4gPCNmbZ&z)W@}ao_A> z7=ZU4Pt=xa83m($xq}f(UGctjYF))=_Y?9#dc_>-TkWIS2&e&j^k|E{*UFzYzGJ*D zniu1p(ySacO=Mg-(Q07f-w#ynACtPK1dm53Q0smpBuGD~!R%tfkLlOvdBy^lkE#!f z4_CtjJ3M83#w}7Opxx_NV*I{|yYB%HObi*{@($4-S!lA21x)m$g+yh8Xv~2|$}DlN zKns$rxZ13~ee=8MM2$DPBne8MB z22z|%WOKzx#P-Psp7Hj-T-{K3Mc~1mE{z96Hb!qlF2Ja-DDUtAKZU8TSwL__oarQZ z8eKqI$P01s7QMqEmOneHnhc2xqoV_0iE}_A$A(AZ{7mjO1^J5)EDW=WZk;0ZPNeJ* zB5a+h(Iy%e#s&K#|vDO->CdZ^2A(Qal7B8k3Cq}Ot_HMQbM<%vjB=zW9F#m0le)r2~ z5fV>LA)P&U%k6KuIq5s?{YyPe5HJT(o=QYzhE@rKMBrbJBJ~Xv+Q~d~Sjc*iWqgna zh-G^bkWqWZ;P7CBqV_1!XLtY7Y9Nx!M7hsK5>`w%5 z4Bn+Wd&u(s7IqS0uQd+zUBA0T-|z?h>z%5$diUvB1Nj5{1_V&%jtsBjLeIYM_WgY zqF0U3CB`zAMPw@}g2p8?1on)8;b9=isu+lM`F*W~orS?)`Wh+L&{lfvk+7{SzwC@Y zGWUyuwu6lJ&m^|avB?EpmlquPl)0Q?tqkl1)+?pl=VZivnCD;%?dcY}>alAL!gzop z2p@PNL%SGwj4+g6N7Dc#q7+QIlMi3cmE8lKDP_z=pD{aQACY;Q^^-_5@s=b4cA2U5 z>Mgm+)_KsXNBku(q+9509+FLPv zs%xBJH1cJutRg;>Bt-(g5cS|uR&{56)kFx;Y|HkgfNd91`*l|{+MO{qPS%*OHcn1% zJfAvuJ(N4FgB^|dw`6TTfF61gIQ=c8Sz)%GAfY09Hc7-|Gf6Zn>ya+n3oYJHy~R6l zQk;C?RO!xEq3v1_$%dGsHBP}x>nJ~9{+OoRBd^l7|31|?(U5r^t#<7Cl2nwHSSvlg zrL5AHf4!-0^wyZ5Tq8}nCea43SJ%!te}!&3bTZ3w(q*iEgFWIA1*vx)p@wGbcrl8toRx{%$K{nMo|kDbt7`?+F_tN*7EgG? z35-Fv=34p^71dRfT1@duc*bWZy}}~TOj;Wvj&Vq3bfJ+@BL9-PW~ER4SfP+>$HrNY z42;(7okFI?Oj?10v4kylGn|dASdRL)c_W|pMd?wQn09JfmfAH^EQePA-AHXH31uWr zw$(uC*+yZ3kQbi;bJ50ILBJ#ns8TKf?F$Y;(yYRniVGX`yr#6K;*>m-pPYZ3 z9-)^ooY?(|4T;1P{xxvSa1XDKx=6;|%v($NyrK9C82noGPsHMQ9c{dnRCg11Ew^=_ zYZ@c+SF=<@qiPEgR-G&FQ>o39q1dDi8kc6IqGgkaqgXp7O`@6`0wAYjiePNRDft}sw1_V4-7m8?83s8G>@zFR z%EY{)-paoksd@gg5V+i_Ne0u?En#dM6S0cO@+EKqU* zHk)?EhNLtDeA@NBg^*Ku8m%b?41_vrh74piVyxmN>aHz_QdyRCOwu_NT;66gDAA1- z?LASMRe|++ENXi?P9c`qKD(`tMhyFAGb+R{Lo90a(eI7@KQB@W{CHaT%zIsjW~pma z`eW@k1ffe`OZe%9b~|UlD&)Ppje*a?@2%Uz%8$xj$YFG2F%(epmb&0FbbG!*9Ym%M zC5+~6rwc{guABPOGCWpuuGzajzfLH`B%58Yp3@5D8j>3uRptX%pq}&zn!UI}n}e*E zx)4m=8*JORHsNF$3y{S%ZjxWPL)E=sYQ**m99$n$2j9To8vm6|$NcZG2_xHo=FXY_ zUHSAM`j_Q@g=f~1h#Kxh=$)%Ock0JUA(mog4&8W*-wF!A7POs!I))$bI=(GKt!Z6x zom-vp8uGs{EK#0PBk|$601x}eV3U707r^_ffam*u_9K9uU*+7ZVEaBV4}M<*W^=`Y z!9jZcpqcN^nm7PGWl{dA)H;`}#gl4xWD0atD78FDw|FCvp^sBUty}r(%82_ZLerU4aFH8vcxl zoaCI*B+es{t7Ey%{PqhAL5F2}iv*ax_6ng5?{$&9;ncdA3hTw5#$-sW8n01Z!ZcxH00336=x%?%lx*vK;ennbP;h?K}WA{ zBJonb%;Q%FZ1(8k0hsf;LilbM|FCcyeqauiar-xH7_j@ zTb5v+vh=Rd)krYI@+Bt~kLcT&s!i@s8Vr+Y3cdJilrlI+|1G4a#nB0~bOU)PH$<$j zBAA|9py~Cr~~Mv1lvOFITRe_jDzeH zPo>zcuRw%G9XChvPCGf~08HQ4_vgoMX2kB$lBbp`w9XK1V>MXlq^)TfA5XluU-m$V z)*VRU8b_tw4uc#f-!$c~ELM}*Yiv+8uPK>ft>JDrfmoqDKq~fvm_@l9>$YEbHe&4A z3m)7p;V}&q%!aY?fIUTQMq)k|R^u;3tD%~ZG)5xQqIxs`O%pUNQtVs;-BCP_ayVim zt0;z+*!%jLZcqYLKf(|UBhaR*RnqC43>>OlPE!6jaDU{@s!a({)onc;65P=~WPO0) z?pRgbz}tbcWuiYJ4%Y0{mObwtgERb&79k#p_G>|dX|4enO^{%{S`Fc@@fTxwz?h|K z9FwE)5oeZ#jFS5a0~))|^;Qw7Pc5~TxHNg=$*1U;zwB<@WYfS|3A%fNVO*#f(i6cd zwiZJB={QZXqkC?3+<<@!2$oT@>-jo5w$_Lc!MdqbzK_xE-1NmQ~nO;%OC6aA-6VDqk|CoSJKmQ}*sxq%XGKdz#;kP9kp zj@Jvlj_aM8Q+X8#O=b|RwZnIT0+7hnQb+lf{@BLf$PS9K09e;U#|B}s!q(*5b_uXp z)hoA>(@IKL>adjOHnhE=bLdqMyz3G?lePSdlIa*0gRl2V8^bE5S(>w3d1a7bm7^p_ znin?#(krbUudbefo=&Q3P1^N}$nus+Y2o116f;P{)QiyZn8%CIYZ6)dp1bM6s8<%aPB82f0td^R zRv`&=o!H8MdiN&>+$a*%-#$eRwduV+-yn&+G&uP?j z1*tcoL1VVh;nAi=Z&Al>WE~mti=Opmbbb25hRQx$_IvE%mlhja?O_BxTz1rE!%4)5 zCyo;TERMOU@0B^y1WGRDAO(U%*J~-9J%`Pxg^Q6cqZE^-HQCYQfO0aM85Kqmr=SIn z7m&d5_ExLDB2C;MSL5c)vBY`vfSiRVZnq&L3*KCO`k_&L+?q*kCRhCKhAk>w8a*OrwS7FQ_wm$@((@dq0<&QA> z=tJLh`sJX`SbA#C?d*uRBlyrw7=$vnObWO5jtpBl^ov~`F?3WM+nU~wIBT!v`qQiH zy}Uw*Ufrv4jNZM!*DBf`mS4Hw6m4ICjV8K@Y*m`Y8*lPl4I(j^S`_JF0*D7 zIa;WBokP9qNLgxr$<#zCtu0S@+hev9y(;^=5?{!OidEycKn?JuG+|R+)G$lE?8kQ8 z3L=?b6?I&_xe8n!ohvV?nQ>}egD1wd&WkQYG0E^=>7Gv zHH2sPAQ0O3b)QxhpM|V;->7q}vfcVbxqVt^2!r?Fp>#mjA_0LmY_}43UB~zRcztr# zwwEcAoE!(GCtN17+?Y|tY~Kd!7jY(YQKf!|WpKdOKmjGCvk%tOQAMAn?O(WIILmu+ zV0chrKxa{K*I+$aW>$sbij*2vJdS5T^W>A1nwlbK&*T$&UF&S&5e)dHjqFoHatBpg z7=q0W;0Mm#Wr^cEPwGvtnY(ZCie{~)aa?1z*8k<;Lc*4$K?uBYXI==Cfhw+WFi4Up zB2|ge6`dC6I$k^csDirbZ~mM0`k}5pSDT+SAbNsO_2Pi=E;;WzvnpEa^Jp`%1^!P7 zFb3clj0JwuO^#8?{e52r-uUje=yf_j65(HO~=x{fTT5BpmTQ;X^l*KGPqOJYX#K zD{gi|Y^mQ!oo4(2bwmVQ92`Q~A^maK1@N+#9I1!E??4QAk8t^_ugR&~rA*1H`6%fJG0eMSM1R}M zL=aM`$>%@&F!3J120Kt`w=cQ?G6CISk61?63pG=q;`W$^YB2u6-Zhq&B)>}V9I6i^ zPy?!En1j#)C_>yrs$MXm;9P3agF~ihf+8T7FUG2ndKHHAhdL=$7VJNUhq6_u2EY@A zrv;jk!yx-XESG5_Omouf(N5rXhN0k;XS2)y){aN&Do8}7mLb#_SP|2P?Na4vg|LPA zQlNLG*uRzEB9!U{a}(23iv`3zU|kvib}R=#hVk2T4|Wo-19XhI9Xl?4<-ivev-U@E zTbT+#50?5mEJmM%0b$`~p#V3~-ZgDcHiZ3>c?6J_%{=Ta?j@T*3E0h5|IOHvmb!hM zWG@#S`@WoulB6Ruc;RGd$mZRVzMJh#Sj2cH%_>TJ;`23I-y1SL~js0UOY@U<(vFm!f3LThIE7l-KKWQK_ z?WV7=LHmP?6p4dk=T8Dmt@0u@5N%PwQ*-E0a+cuR_8m40qKs3bA)+5=d&E;-7Jw8e zJP9gf0yJEJP$n$>qB2*GA3Tqk44u(;FT%f6Wx(wDNE5bBUHogVOHn_|Qe7&Y(hz_1dx~Nq@xT&|$muP{ zd3KZ2KK9_<2ZS!y?!nG^e1U3a8l{?2FC2yOQ~Ghz)DPYLsO3t70*@+WGxsAOG#EY? z1*kGG4$cPy%5NJ?| zf*cqvIEot`KOnaYD= z0iLKSUp6?V#4yxcGSB%EC`b+W`pr^PX<`CDj54m%+JOC%E}?-=x~9pc9C;;f(i#|E z^8{pILp~>*Cbd;V-6s0T^eo{{za)7S$cJ+=Mp46E33F>{G7kM=W^STUM#TX)NTbC$ z3#eU9d@VzF;%#bE z{fbt`2(1k^zyC%@+Eo|Qn~_9E<-KZ68Tyu_*1>>*a{HzjSNxv@FxEo54+f@gBydM$ zX*Z?%8xe}kv-C6{g*~N|^UK$$$_E8Hr!S4cs_oxK84#$;CciI)pKQI0pS zX>WPuL3CL^^(u%mo77-cu=AZ8vXsIh^|BO3UcOvf#8 zXUDZ&2!7#@)G>8-VA=k8x7aKM8jp59^GUQQHR@WoEx}m?9NZGn=~?GB#<-hM#<=RI zVT~{t;lB}u4l6@EpOZFI$R2icgqEZk5Q=HteT4l>3OXTI)!|`HERz&0ms3Wc*(nss zwsJ(d#vq7!`DmUPWrf9aqf}+zNTFIkYwFOB4t5L7MYoXcv*Tg4Wn{{A2Dw# zukU47^QUGX_V17Wtg;+{_y?FEMHl|%EuMNZ{97kdH2#n-< z^vt!&8!xqqzWDt`+Inyedzw1hSA(#uI$#>umw=P&@R7w=x4+W``LFsNC7&I%JjJmt zNpq!nlQu?z&aln=8fQdnPBo*~i;M!)SpN32LelZ(a@Ao=mttngXg610#G2B87M#*A z7gffv`}Z+)%3GaUCObT-^|?}tehhFE%NN)g-NGHS7Ll&iSC@EXaO)t39Q}9N%TJ6g zwkW@5V9!`*O=@JBOU?2)84+(p<)$GpAL8vir}=2AW*MfTA0a7R# zG6OOiR7S^h`n(wQ&}b4aY&kO(2*?J?*c)Jeb=FC=AsDV18#olDKQ!N)kriW$9RxZZ zK9=Z@Ll(J=#{&?0a7irAx_H5B%|o&b~Maa@a_Q`o~MJ!C1sFZt0>0dQaRuTumisuAFjjAz^PY@FkJZ&)sN^sB^J8z0G>tB|S#mJwqfc4gB56{UR`HtKJs zh301Pck^;~4=|{ujhIrsEnF#pAK^xv+*~=*ZCH@R7%bYmYiC@`^3qS^;NM@e*%z(b zTo1Ozib)syyU5oq^{&X09RYp??etB`Ei0%woqLK7Qd%MUO6=9=+ok`p$lRapblcHZ z;}T#`clEk8otFJo0-D9sNO1Y45%hBPQ2(dC;tNWyxo(pEq%lw!YNpR#pH4*P0{MR5YbhF5r9<0Dg(VyAdW_Oh&o^e&=QO09S{8*3&nt5x53^XQvr-~pee9{rF#kI@tGXiu? zunHcqzRH1Hv4diU$YN%U_W*jyGwmN}zRpXlha@&aHokJE^pBGTNTe)BTp1YVo+P!l;mZQp!0YJYx8jihCVxFS7+m_^Z3;8M`9O z4Wdr$Y?CStcxkvOj9?#7A8Ag(eL(*oU_c{bI-a_(kKwcIYp*FR*T^i2 z03p!FBDYKNt+hWU_5M9dU!Od9PpE@XT=3wjAxPZVi#J#1RJV96W#3Vx@GU4TI5yF? zi(SCwOkbe=Ry-pB55dihDIZ+>S?)2XBg$S0PvQor=O`-E&bM})@2$Nhu#sa8#H zSZk*sE-z57#yg9z1A~^HS$_BR9QvdylZWtK9tskhJjhP#BrO3IlGtr})+%1ju=MeK zz_I$NAN@Bk)W62`e|gwBSpK7rjOE`oW&gPg`duBP<-U3tWcBbt4hp2HfsU++Kl!~XvtMR2W;@8d6AnO|7d z;o~JAUal_Qarx}hgaja!?zijPQ53Jl>vLSxD?#m_%Rby(Jv?8Hx`yW~EUPa^grzGw z#py-e<2Vm_Gz(KV1l(Fm9=KD&QH_fz`9A=D$3)w~Wnd9&GOzA~a7P1&VJK(c% zI0`I2FTg^ef|_A1{shyeP{yknmQ^M(A#6t7Ca7I>Q46CD(Dp#=4105`1bfwVAk$(2 zE=8?bLKf0|Qke-%qD10;C=tz3q?|oa8f$KF7G~Buagai;u%zp}P53^w!V25aTC&3q zTY#>bD{G}7C?u+QJ0MGfI4bL4seVk81LR~qNF3#Rb_lsU67^MwcPXWxP>ysZu@OSq zpUQximYP`}8T{Ja&!PzGNF4t4LjAUo-I_jl_}+o~IPwy^N{C>V2a1jJt=jk?{|Wyk z4PTShko93-BC&+)w7CC|`(aCN1eyENbf}s&7l77cJ?i6N$_wiPBB5A=M69zcuY-3G zdog*guH&*$!2@5o^FDF~1SX;gr+R?`j&XECH!m0$p7V5=Nt8QByplt)D&wzdsxIN( z2D7`R3uYDUWB*?J!)! zHGVk=j>+E7_a>`s^Q|udn&$FAqAHI^Jw`3FDFClGLs94+kC$pXY6Zlss(87GH1S** z4>~}_UjlI_KJxggWGiDxp35^wYwGa9gP!>-njn^R!+|sDihO9jy0IWkGK@SnKWRL{ z9YX3-eDzn>v4#Qwg%hXJC_o6<6|lV(WDb=B1R%z(MkD8DSm>xCgY<$8pR3+CR>|L9{5j{_ci(2OMR;8-a0kup7m-tAocZN}%Te+NgOqln{kr zyB(g%>ACAyqqSv3fxi%iFp5B!iMlKG-pGxE<+r_8TKe}C){jlzC|8nt9jE>ncX?Cy zJjotD$oje?L%KA~>FDE)UE0d#V@~Bg08N8AJ40NJNh{=E5YABEbsD%9qz)BS0@fTN@BJ ztI?*~!-Qwc){)~Q3p|7Y1e|OSm5%-eR5ZWMOO}TVxKt(MM`dEayLC)zhZKBpFCM!aB$nlQ>DDjsQoM zrnMMO9GHBVp(x4g&QW69omeFiu}it!7|Gk#)yPn&i;1j}!%87+EAc9ndE^3P3=`K* zzaUMXqh*g>ViyKRkhyFP4ptSvhH8Q8;b`Q4BY46jX88}nb|{K^S{c@%13I^b;tk^~ zJ6nT|#G@S#Mwd8>!ETB#Cl|tJr&IfTF@=J&gSA zA$Y~|y@uZpRMxuXndCfDvb#gSj0Ex0X$Uk}@3efXMcnMnKRthQtZMrF!@aPe!V71}U14FRjEZN0zL5;p z=+zzdlp1hX|MNygv9C4!@=*EJ%Ma9dRIv_kj1@o8zX7|!&9l3Lbee3DY(bx-qrVg# z&Iqf%ttll{ru$d4j?%+k?`kkT2uM;sL|lo3eAK0;t2Ml*A7Zni17$A$!jLD9{lY_|y2 zH6K#cKG8Mmh=4X&H^+tMFrJXBswwi^tpJ^kooukcH8AG&%u= z07Vt``hK4wX^b)xMaIoN59x9l9TJ>R7&@;EAh~O<=1jQ#;^msu=~6hKVXJ<;Z;y}S z2W*X$K8AmFOxWGkKgr70a~~;}o0$a#{M+=Iwrg4eQ6>`hg82i8;(~p{(52ysQ|jwnI!} z+XkUmE;lXp4AIAIw=%$@o!g+d$m->^ZQuQ*AEiv3)Q~)e!Zr-YQ_@P9RIV9sUw@K$ zX$tW``~%cw$GMjFkk9py5r@Nl;jz|5ASh`kS! zwk>qd9CK-H?<|5(_Wdn%0W8}ywyo1!^NfYo0irjzZmo*mKcrHJccw+2vU+T-ax>+L zIWTe@y$&e$Y{=@s9BrSmvjEvIU>`TD%yr&}(Uk7d`D@NCu*2}ao)d(^uOhQm8>z0> z_QmUDT(m!7=hztNhwuVIMg=+On^*n1k%S^CxA1~@DTN00a~*!%>(MAkf%SPQz;F!G zcRvA1GGik|F%nogcC%6SWJW!$(+4Y?Uj9vVpek`<9uS#n=J>D>v&(Aiz{703u&djV zF*CBus}W#zmCyhgvTkQoT!{6WPA9uue?b_~N$(!l`1Viig}p z8LQq}DSC%B^CZcJxU3VD5JSp-aZm}t``EQ#gK?P$)HclsLM=_AUf67!FnJCYdd(rb%5l;-x0vpq=H2)6fup>5?_$vS$CH_)1F-8DnG(kzQ` zlW9&K`-dg7+1mM$kGb8Zwm|pKOf>D%_k!q{OaF|kP*m2fnG=>c@qU4|{i&%J7A(4U zjlNFMl3@1rM2%8rlp-VD-;+l^?a)-;|2i@JJ0`(I&&d3L(-SQJZf*L{iQykd+5fx2 zSfcK@^`G>_!WqEM0jc5-8gSQhe5N0O1HEGeB3{V<^qG-K=Hw8B71uUtH!l)^+i(iJ_Or{FZKs!W@LD_w)1djLmED?h=nr z@9D^URgGtMNd=@^+MdC6^|^9%Be;r@9^lJ8=zVhr5U;b!b8u?>MIVr5AG*ersTiZX zF>{$nx)6#R_IJqR%ak|kLySF7SJgt(liCya_w|+@uI|s2)od&p(;u40TrWI*J{-N+ zq^kBLNhcbZGUg`tT3fb3PAp@E4S$=Nwks9Anx@c8EHxe7?@0oYh_VC7&`ub#yBO4) zzPm`?o|3G9O|1;6kiva2(0TVUSW54+MrdLQm{dnWl zzHCswSOac^5oC;IX=u8{LD1QM?4fhw3dGLi{*KJ)Yn-%l*eX-8e190fp9pxBN$t-{Zg2z zk+>zRo>A&P4UP!}S>p3@{D6@w6hWByeZr?>k|#fcJRW)A7mP(QmZ(N>Q11h#gKv0} z_3>*$1Hh8Ad_O$TF#%DnxjC}N3R9P`?vE-z3d|}Q7{ZEwC_A6R(Q#%Ckf%<(g^rv~ z=P57Qqt@!gG?q8Zqnw^RV49P!&L*f83R-8GCx`iJwfkNoVP@ZK_45yDx)h%bpns#& zsctgy=jm<-r&;LJOjWFMFMIB3mjnG zpo6Cm?GcRqy-H0`|18K6CQhUmQnwZaUpiH4wlg@wUtTq62pc%q1`-QHa;1Ev9cRN9 zqRAwdV7NlbEy!=GMXITpu@HKBLolZGx7L0!au;P@=8dg8zV9xW$WEZsfba{aQyCrb zezEUQA=+T9&WM#^>Yc-;gS1} z7XQ}hqYn8c0|^gdbO0O!2dByvMBUO%@I?7!=OuKaQ}2h`vPud9WLi>pM3W#g1BGJp zWW8T{W0L9d0C$4VLNao!GZ&`GKMFkzfV}=v-c@b{Ol4pkRhf36O*$NFwl-`oLGeB` z5Pxc)+aS_6Ub!Xb4|$)gS})@@fEua!+b1#3`Jt7K8QHPX>~t>$-Gn(%xHU+(Z7}0G zIM!qrF!0dvD#bXO5&!&S4|=%jcW4EK`n7xt4l1NmPQC*>vruzba|gx3Tr?)^bG4~d zI3;Sprfvg}1zWBDx?Z0lT_dznQE2^bdsN!DdYX=+;&Mo}qO!&p7+L9wj@xP6&U!%0 zKntX6%Bd5KG2a%qmLwa+)~}hnc(rK`V7}wvMgCF4PX zh(@3o?d5Kik!B~sX%+b9Xp8^R>}1&N_w08@qSvYwAO=|?mFLQWsu*waSN@6!bg0Q# zUlBFM%W*{0XykKQaMx97iIGaY08-|u^0*1{q2<+ zmZRFSqf$flgyA}E?!{n1gKWGUvVNK4`Oahc?NCId%A12f&~kXdK6T4+(lohfLRW3q zckBSej2>gMHxJnbf?^t1&B37}&F?cEfODS|an!g=91OWQTf9wfYNE)@PJYUGz%-l<Jnp>$2*Gzcr&ix`LP2!gI6Z=2nM5$p_9X%Ng89S`dqaJEHdwTC1Eu?rz;mn@`S z)t9tKKeht%$I7yXEpF+R;d%wz#Z>G8FWdxI4cQIjQ#`j?vF_toC!UT_EWo8} z84Nyc>pv#ZlNa%GIX9pBl6#R|bhQtv?4!=q$lbUl9C{cbfYN5Jr z=bSN7P~^eK82)&J?|qgE^)X&BdNfNE^pmYpTQ3QYAmn&zE(ums6vb)bJH9gf+q}a? zb1fbY(bJA3OAM(_|L%J#G+FA}6SADEgJq_UY2Tt|jTvzr0RM7BnNM@6w5@9i z<7%^Rm8}>aCW(UXS+4%6gR=XhRnN5e!;cTng*_L-670e8UiM*j!?wA=byC`|SZ%%* z6o!c*O4D0UKwWOckvNR%gh&EThUOEItWrd< zB+Zg#99&re=uyo8Ge^YBe(LEs!6Gswvx;s=OI^ud45RgfW>fp7BJW?u)cE`)5n?Ex zs^_il-7adWPjHKw>c*{=P4i)78-ap7SzCq(QIRp~x_rRkLQ_*y3a${ATK2Vw1R4hs zxU6};;o~NNB@FkO_ra-bCPVxt4B@ILN&F=0e`GF`^MJh$zU!oRIQPxUKHT%1or`+b z{8BAw+^r0sw+mW1O?RU=*WDiiwMZ{?PY9kgys_yKYFC%|j>#L+*Z%Eo+J5C`%@zf! zveZEB(=qmXw9|)P^+D)mU&6+VesucT&KwiMVCzS_38XPMClb!_1ok>+xIP%I%jsch zW7pW1`G>2iUhrE?3w>>lZOfU)qBk$VrWl8LFxXJ%#`K62ufCS0|G8R9ri%Hn-bV#& zCAh1-XMc)>^rPdVih$zf$AqSc<_BrJvB3bEpD6sW^xF^16=v_h%Km?+Lw>*||50|s z`d@(Htp7V8xJ1;|_&?y1@*i+X2Zd6g;QZx4TL2g@bgzf?-N1gw>n&HRw&0|6N~NdI zktx3t%?TpLC0fG$vIO3j*Gpc|KcYX3K4a*%Z|Cz#F3fMN?c(m8?-tj0+k$0qJs*YJ z@8k3C49#c$NAvgPrsTG8R-OI*$u*ng&Q8u9RFk@&hi&weF-gL#*gIpeSOl#2T}@t7Lgf@(EnlwC7+ z5_>lT%`}ggcH_wAI`%Kj^P+MGJB+3pA;l@|=Ja=P4HY%7Ll5(-^Dw(%$ zZ|u2`Ey@p@o8L0V3&jc`nu@LokUXNasWRrUe_XA^b=yZbNjhySi4LH!@b-YH1ZHtpK(vTfV8ZQHhOcd^UvvXNyQUAAr8HoCrg z=8cJe{)pL_-OPxLD>v>t)_JbuT1%%D;pspF9bOy3IUu6IjKrLT0y(4@;;5+aUUtBS z2Swqgu)l@VWF5#;s$YAiFj?CHsX{@Wp4k)y>J5leu$kLT5%?fARulv3_ZQ(@ph^+B zr6kE8#<2qK6P6mJ<6oSkLnzw~^gXP2sJP+$ckxIXtgMlhX9;@5H7hJHPHq`Zz5Vc# zTvWiX6uu|6!1|ugA~pY9 zl;Ho<^rr6*0cPwb9C|_3YnVCAKy3)?1BM8F9>`{cR{94K27MJxf*;192BKFsRc^Zd zcT}Ka3uF`*B=j~qCwp>j1Lm>!u=~O7d9c9(D#!or*_mgZ4ZymgxKu~J8WJSZ}>+GZ|ntC1PR0z zrw=kF{)#qlz&GRzGS3ytEDmES{<75dpfvJ>*vkHK=rlT4 z`Pv9>IJ)zF;vz-1fPzv6JN2Rdvuww?$JFTmJspC#GX^RrfN&y+(Vgt>F3fLi{v_um zwM4F%Q1x>;MiCs(NW`<{t`h=Rp#LRO#(Gn^yXcI32k(3s79tOCBi zBXkJ?X6shQ>;YCm?60 z++?D>{I2zbg0b3NqD_SQG%h2`)a7T2jNPwaKZZmdzW~cV8RioE6|a2J81hR&=9Pef z`p3Isp!D<1dHe<}E`5B3TR{u?6B5bK%cYw_%u1$c=>E_|Cve^CFCM@eBzEX{2c%;4d=N zE(xRJ#hSHAqh@^_%v`U2I2p$*>l^NpD4ydP>*?el@tA+L=XBQ|poc_$IBPI<$+o&W zQOO4uSm`mC3+mpBTN@k64wP4WP&GeCIteSDiNi#|WDoXg%~&G^d$vQ|v!DnEs+p9E z=FGuJLdS;9sKm9X10}6}>zW1}k%1CAFV2O0Dm&iVD8592p&CsH9_5@M7hXoOVK7Dn zCMujjxofI8!Ly&%3V@#I-G`(s#;za`+q*%YpItPjVa1_h^@@bnK;}^jHmfVcstlX0 zyr}tKX(`vgzQBK?+}INfk>VYw))z|ir%Xk>Xr>aZSrHD*Ddn875cJ{a7~_d*mDVS1pqi7VDw=iA_FPQX zdZiFCZ#KOYhIQkDh*y7BqvF|td)N~Z<4S~+y%F^+a+5)3f#N}dkeje1#*SL%NMoOE z7AmwNpO~EXNh%bE=kFg+s`d{X@V=L#l0UL@oV{EyD#2MK^|>nYz)@D9y&tm-NOW4W z9#zjcV9xbSi}u*(q}pmGnfi@b8E%Y%S!ENTC;-fvK3=+z6f~#Z^`hZU#V(J?&Jne$ zKi|!kgy>E+HB>e}ebi<#{1fQ1F#RzQEbyovv{Q{h}2jdf$I zi5mSC#I>qfQ~77e-wZg?OudT72ztFkt^KV!8@0;6Y#r)4!!>mW1hqCz{4Zj1vjFJ0 z>%}JOr#EE1imC>Rz&}pQ)-Dw-SK4TqzJb+?a93BS+Epb6%4RHb*K8m_j%E@MI@mw&*q7+)#grTS*+53$wrVw@d4-jxwS$vkk1Bh{+p2c;b2@r) z^zBk2Uymw((`9SApeSLSh164Rw8rmG?A@xCqT4CWd6p8Mzv^ukF(1Fr31+mdS3$7Z zWG%=s!3Jk$+~=`uP5iv5SK*Ca{rzWAx;oT7*cHy0wuP@u?=-i^{5`4way5p&Gs|vO zkx&NpHg3mgBuxWW#}4P(eyfX3Yg&K3@Tcp#S+gZta5Pl{%H^RTJj$GXsI}jMab=~T zMgK0`ThAbu`ut|k!($35o5QRa9BP!ajV@L>FPb|~S+*ZcPPfJe`;B1jHF@iaT)`N0 z;6E5*kq{4|z9y~{H*OdvxBlEC+iqEPy9c+}J2$aLqel5*p&!(}Y${RIl?4jczIVt) zMbL-s7p^rwM7Ftteoa^WyrJE(i1k(*eIF53Kg+7Bdy!IC%Toa8&Mm3sKi_4oR9ZCW zsCC?m@SnxbM+qTlz|JR+9zSsKfRhwSyd+J~q7rQ8f;yrYk`S0t*w>Xx%{}tOAYn0` z0i(AZ!pV}*q}yB|9XumLCpv}MeU!`SP@;YCk=)P;{ zH#va#3lD3KydTI&vlu$~C+XGPCAVQ-J~gRmo1_}k_zKje&>z)@jZR{oxa_=UC1 z6-{Qk02u5}Cus48v49M>ca(WTp<@y}Pzv!C>7Fr0`%BZJs8^3unAjVE>=$&2^+4XgFZIjx}C%4Rw{~Bw2nk{WPKYwFM1& zl7CVKGb0k%CG+LqW|c11-0+0P;P-QXLUMyYk$7<7!svN=bDJml3wT8j_ws7o!9&2W zV>4CY>MHjtujT!_U(IoNzNX`vU=x1g>hw7m!9Q&SNM41rmBoLB(e29cVj%{? z1>7dCI+q*sF(Kw?phnQYFPNZYDy%VBV6%TA6vUJC0^g~jbCNYWleV6Bp4cl$W}bTE zQZB0pw^F1J!eu&FqR7nXj{K6aUERxb(|vjx_6xd5Vh=Jbh0AI}&@ic*D@J!k5~L2dq^zgh zHz=yBNpQ9b(b^$CE9-E5Y2uiQn2HYrKREH@;mq0Ocur^nA53sLwO}8(&V=8>MuSRs ztQE9sqb{I9`v=N~wEd`95g`fhAR!>J^&{}4pi4FT!(}*sjuI4#a%$C$f6Vkf%+73e zI1w~AV!WNS$u_GOJ7U(eVQP=rS0cpCUd(HyW63 z1E+0G3;Pu0w-%$+wazc(w6w5Lz?6X|eF__Uh(xo)M(%1nWjc=?2&yfbA8{5RyPy@K zV30z+Wj$n3JxAQ5FQ$BH&}jX}DpPVE?OXt_WibY&O?In~Yz zWVp6TBmu!}4Zy(dj72(tQxfE(yi$>H5B^cbC5}vH|Es0izbnJK(YYJu-(+pm(xI4$a=~j_EV2X->6&cF@lLXWKxk^ z5c5KN1|1?DM$!HC6S>}Q#Otv~eJ55^ySyy%H#Ur(oFu6@FT~wREZdYI-|My*MPP)3 zOiAPD2h%3ONW$8h9(P%ilbC8-%B19z)W7akk|YhAb$7Nm6R$}0P$nXWZ0@{~H7@-1 zbh%+gx0-4xtcf=r!NL%8z=XAPh<515RVAVuH8;y?$%X|K;(chHPQ8Q&3Sl&Cf`3y- znrasb)GSEJG%b?FpX2~4U&juLGa>HUD>xtNi#Kr+sBzT)+*4Ay>OrQU8=C>D^r*j z_@Qqvn2=hyl~5s-hLXR|I?Y$SMF({1JDY6yR8im39-yUuod_SNlGUxq*XDz5Hdgsiyqjq~mlrLQ#WXUu=5F7jnT1;O5CU%oY3%7u zCk7^wO7EW{D{f}}8N1z=WGS#zaSXXo?+hy}&1Sb#Xo1W;@>W|*7FC`AEkm?Vk{cRxS{fB2!9%X+7GaXS~iONUmSTB+uJcIK}PAESweS>5dj zGqG5Q;O6kcwfpyoe8UF9@|f2xo&V~x&y3$<<7*jzwNu{nR7FRc16; zu&Z3IW@x=wPGD;Z;4@CPmNNFW=(*l1hgcmW{3j-N|B?gSVV-VqJ+37cQcn!Ebl_b& zY~9}E8x-lcYr#&`#j&sP@P%&?aBlq*xFS|EjOV0TvNwJEgcH|7L({$d(`RyTEquKS zoST4aXKJGxkV*d?5qQ|gxD42s8g_N`)l<2WuAQcOmQZNRK3Addva{8&d&zR9a5CUK z1i-Mo(_)T=VaT<&iFm8UE#}y#`YaxLzCYDnN_Sa&_%%$|zuvu9x!6M7(Bc}h<$1qj zJ)K9-W@v4%z}~}k;=Q?=eRZb016 zzqae7_VbKkUu|UY3%U>4)}8Z}&`_=?V>Opy(s`=fU#2PscJcGf>x_NAR4QYYx$8?& z;g973_V(}7<{v4-&i1_cN30UF;On_3Ong&gzENL?B&Wlh-OPMyEB{q7{+l{yW@Gvf z7@hs!c}4%J82`s|YzGn!_smz`{>}li6!a|b zp6KrSe7L!Ly1BPTfpf$hmy_KPjcecwDqaN-P*z|`E5v?{!2YgcdldX<%e<54BeSm^ z)pTo;6;pWl^dgVIGIyQOWZXj%^UFBdi4;f|LLi1sJxnVL%zlXjM7ra=E0FQqHRECd~zt5KqD4}_U4}~fdsGiq6;Wp|8vgygpofttC<33tNbA)vX z-^*`TFb7_W(&*b7LbdU!i-eZ}NegzU6`kMyyWE1p@!H>r9>l@U6m$SOWj6zZLRl%k zHezhnDAJq`hc38O#b-U2-bs9EvCGybowR0M_*B4(MpkGNvWxK-fyFGt}$$*E`%i6 zofoA8IlvAY^8ka{h$M|Q{-FLHEr6KjDc)MwsX?52BaqU9(!#J9LGo%Z$uEo|n0T#G zuzNRGtofrXLP)YV&rwL`8rPV)%|2qU5gtLl320rW+f5y+c!wEn<7>K_=`JK$%rA9Ta3{K9X==2K0m z`{nUr=^-!7^LLtHNCXAbVk!HwZK>OVdw+O)i+qX^hG4!o)UeXa3KQLAl7mQ?0UI!} z_hAG+$+NRb;R~}s@W<(hLwSw3F&9`7WNte=2hW*C`JEQLkXD=@Tg04Z z0xIobpTsalU}veg=~ieIOEUW!R1V!}#5)fhPh0XTk`b7f%tj(Cjpc|U<2~~LGee*R z0MI!i1L`E5Nfl$xAa_>joH71LhS|KC8WBcmoaNpT(+XXj+}0lACWBzTX?_WAkw(-I zt*`?ql^!AW#nUVZ*X-&ImdhV%a}Uo_+>m>zYx0B#2a?FORCHMKvD5cu|7@N~3sUZ? z>wt>SP!G1)^V%g2Wb6n%KWU1|Pn!1nop~!!&3T0OFJ_`=bLNgxM7zxvYW=xSRD=)i z3kNp9sp+E|aWptDG<0mmQjBb~-dh5B3P0Y3-Q}g`^V@$PcDop7Jhw9kTnxcWgIc56 zQcspNe7QHbab(#$H%DY75HTdXczaPn6%Wax1i;Ksjj}!-+<W2rx~%hIAX&#LN^BE@`v=adKM1N+OV>3Qukt#jYY9Cz`7o8+B$p3^Bjx0_dpJ z?S};Bqb~q5vdc)W-6GP`OvRTCYkv!ZM!7QYFE@-0c!{w^IBMqr<;$}cb1Dgcje0Nq z{B`eEhTEB!7_vzKlpHfkJ$3NR6HAEC^)ug4*0Li0O z1f92+GzKYx{3F6tnXEHVVUMg09&5ta?C|sk$i9xMf-`KR)ESHXAz7Y~p?hL2C%U!L z1&~=5^__Y-Y?^@FQxtEVYG(V?5@rHM(!9Bc1e+1!;0h|=lDU$fx39Q^X>}hG+H7f~ zG%DJfc0S4dTcOd|-8RTCLNFgQw*kd7$HevKHXJY2@x{9A>k|M38HTQP%Jra4%s~c^ za{w&*O@ilA0jD{Mz-fya@~FUh3EShsU9b}E5mV@jV&G~DPq&OHt`BFdr?UU@`Nj)ILb^{Vn>GkrG*PNLJ4ptw&5k;d{ z;76k;#?W5q0-$lEsKBt)INog3w1%{UDrZD)QHHs_tms2j)7x_8HJ3_Qck3#yPF^Wg zioa+4hEA#xuW2u|1Wa^AFXD~-VwrL#7`<8rMp;`CQ+4B-OY-CQ;_26_FTD(EPR{Mk z@N=A8V&Mt>Xu=W|AG0!YgeByOye|vsdPm?2T$QAE1&uLNr;bEd3;HLy!KD~QIDjRE z_(Aqx;$~-&q&8HM#n{hPoQSA%q1cWj;H^QOuF^2SX!-T!BoWjG1T~JE_jZ=#1Rzk= zRe&Snd^K~3L%NjFQ9!0AC!F+BY_Lr)>Lq?5Xk9L=B2Cdj9r=H);TSq~p<;ywpY=W6 z?}xMYnbR6%x5gM@Yp*feRv7C}#=Z75u~rmO!O}TnNvdH$-8>sgzNI?uUXLjY3Ojd@MT_!<-~eb7 zYYp@_tU>V+hTJl;f-TvqjMt1Eeg$~@j_eqZjRjrv{cxbG4PCd5EoD9lz zbd}U=#QJEzaCA>y(X{SCtK6(BGmo)?c^ym9ZXp|dbFgdVr+UoPzI=_sLARl}GB<6n zTLCa(Yd}00y5!5MTTErTTP$yGdwQmbHJlD!jh4UqVA*5Ijf$8b+Wy=wXv-`K3>ugNh9XN|h#IO0zu zDa1G+zCGLcu-5luI6y(B#Zo;`6ormY^kAPBBx(_+Cbn*Nn zbvX}3s?2Vk`9FEPZvdaV5sw*Hhlqo*p<9So7BV&ozYdPbuFajxc9ncKe3t#>T#o=C zZ+yf5F022IW;1g#{s+3j@m~scIsTVI-OKOPCek*vuH~AM2BPsbVQ8U5#edKZa02k{ z&YuY2)8C;@4zt*a#-rsIXIL458Rd|nDJ{O&^FGQ^5?*iH{Q(NVe;bsuvouP!|K8p# z3uOOA$%&kI`11Dr`;=GY+ekqH=6id2T_VtZo)ohE_w`&X<6KKWr0p##t;V?v5)9!% zOm?}UP12imP)+V-&td!T-ObZ?zNgu>x%Y$FwaSH_=LMd(6UJ%L0R7yagLF-w81XW#{zZN zB79L&h~QIn<@{_m?xE14d z8&c5N;}I2|D;^)WL7O`DBo#vKQ}b^zUDUQtISfy5Yg}@1cq1o!ilTeQWUM6&W|kmx z^()S%q~_pUk4yMyVK7VB%L>?`TG~%|`d=*RK_nb~C2xM5$+`G)0i_sA4CBm{I)yvK z+v7jcBY3=FCg{qy2c4 zQEs%KjHIfUDJNiqhOTB{Xa6calfCg3hB^IJs)ACQunqH5t&DcX)S$fJ5U~|U&x4Vp zTnE33zIzV6kd;!x0Pi@d``|&D=Us~VaKhxF1>Y41%aopH7tge7_F59%6vq=Q`O^3yDw7v!V;ama5F^+`dFaE`n?8M66{Ow?S$=0OHH zP0T8tgb*#DC5acbEr{2xC#e-qt^UZ!thXyOE<8O&P$K$9?O?vVdquh)yS1?x~rMk-B16IX; z1OAxQOTrtz3=r3*7RGnG;nHB%C5Tj{p+W}SaRZm|c{x*ZIZ|37Sw$gG+wIO&BFD9+ zc^+#OKSUrm;wBm9k|4gu(yc`Jwhf)^?4k3x8||u9ecc0q7{kyjU8jBFU3sljQcD2ihTJe z@2C605NaWrF-rVa}o z8C8QoFT1F;>=6%%{HGx z$sNc;;xftDbOu7(=tae8ayv3*r)OOCO`{`2k-1+(!r~r# zn@od{XZYyERHV60x>`^&GLo88LE^^vMQf|3{MlNjkJe=@4-O3}^a3TFKZf%cU|7@( zNFoIGMRQj1RrrXXO_9Bf*o*OY4(3{;0BhiawFEsoe5en@Lj2bwF28`6q6RZNdSsjISwtY63XcwUk< ziQ|N{ikW{uLC5^|`j(ZB?e%*^QfKiFV4OF+d&7!=KW`+XU)Xw{PHDV@p#g2Ak&x29xCMB1)|l>kHZU2 zd4IKbQ`gH&`5y*5iA`(D{%r}XGm~mg+SpBQ2p@}icPH7OPJ=KBmpnCo@zY+SQzoU8 zuH9tx!*PaXE)g@{!(~AsPY`O_LG?Kmm%nB!!DLra9e)Um3yVLs`mOfyp(=4CXc*7G znBnQBBL#0_i{e4H@)vvEq5JhWA3rLFz6(2F(LVQU@1AWql^Q+<<|j27#msjMd4cK` z#W9(UB(~XNmWbxmy?|z|5I7%YNQY|e=wqwXtPS!bZwk{8Zv@XGYpN|=5}OT~oD@^Z zNTLTz$TwN?C3JsK!cb2=-1W(^Kt)PIMp9p^p7J)AS&DSH9p7C z+CQRIs|<<85D%zfa3FV-()J23%{#oTu*O<3860pTqhUl%1InBUik|70v@nPj$w$>X zq>yaRzgJu#GXzV|#)#04&CNBl}5 zTnjHNjwXg3|hd4mwGK8o|Fy5Z79)%5sqo5HN(a*&MLL&PikW1%kda z^Y#<+jp5CJ`vD(=T-Edg%<1UK|&q282LUMPkQu8w;8ty zI<-6%Rn&JfP7Rnplqrf;MQai0uh_z72^0Kk(#luvg~|ndIUJ`|q}BmWeHxj*fPo93 zKOSLmX>n5SDnjJN125T!rb6jWnC8c%?UF3dOs=3wj4nE6c*$9b>?!$#b2R1@#T`_` zw@IZapSk6%xGH4%A4LlQ7fKW)Cazz7nLnr@Rl`i^4hVKj+=3V; z7jH1myG+KpDsyzOf=Ev(Je0GfQ>S;Cqw_mxkMAO3wc);YL2P1%m%ATA&O0?HuMe{B zUj|l5bv?w+|ALtJx=mfDZOIQbCbd7)*qRkd%fS*e><@Pgnnj>nT=)kLL53&U$$^QWeHaWD+1Jg^ zIiS)vpl2waZ^5F>9G7v!H@k;j9Dzl>a*u3UFyE<1 zBPIR_{aC{U%iI3_VfUfE<^IdoR9f25)EdxYC9Ps%<9D#tN^CIo$9M9Ol@4?u_R4sy zfw+UdWR%&mC{=;VY_B31hU?n1Wr71uA%eV~sx|&ZnS+2!2SKoXQUI4ThNJ7KIR)e+ z(#QS|aAGzPEf^pAF!-e&bSs*Z@oMO8ws^1RL%+j_CE&SQrQ>)&r+7_0qetIa+}-cT zQQTkvXK5xB=M?}@>E!XIu{%UAJ}Wgv=`!;P+6{ZRzaV(AIVBrav+uqq|6Dkj2?*zL z7##55@_OI$*gB|;)8nP)fAKn|lYj2_*ea4yo6NR$v}?*d7h~Q);X2;YQ43c-vQ?xk zzp}b5LrbD>5vz^y=B(MAg}%2sc7Dh~`8j&L;gYCAop^ahGr2IfejR1d?8-&t0fOl-sj0im{2ZMG$nZp^C-O4|dHkn~ z1n;lJP!6CLg&eY+M9 zT!K9R7ooE(Vh@5jLNr1L!}tq`IrZanp|43w+PS-V)4>=v&q_wu`qi4`Ji^E8<$5y! z{-5azFH7S)2-oX*Spd%;#$j;xIbfTwYtsuzBzxd^T>w77e-Q$z`|o2*Qd&wO*Qi&* zy;P)_97TRg;R1yndH^y!zBI!TDL#fL6+SwKf1jb1LZUt|9q;78=p2K@uZlNsr5BJe zoDJEDD61`>B8X?N0lElQvM8rU0fgpprCr4S;KO_4epYM~L*9UDsJv%EH-BhstW*)B znRiB^*+lGa>h6)Abnl=zFF*YWvB+F>uE39i8)Sh-`g;%)K~HGX=jWF0jX#~6pUwbA zD)X7&k9S)QL#A_Sx<#B37{qsIV&+aZak>KZ(u9YS>oUF-ITD$aRM*GONuV%nBo^Qn z7;Cwwa&(Kcb4i^Vg~eJ(UUtEjGwh?djEW)*mT0D_5>_(K6rt82djO+wA}fqTXv(ol z5^ykJwaDXE#1R+*5c$TI=jL%K&|(A_2;iASX=qLTUUb)bB&4l8G$KzBQ$OR(TD-K8 zR*N%~t9gHX2q~P)86awKSh>0Fb9fQX$IE53EKYY0eLp&(Rjd-afmk8Z% z=4I2~=Gx6lo&J=e+;}FW7Qv?@V}vK>R?XtIkhn7wPvR?0-C_epc-iml&m_`_VFKYZ zskTE-1GUW^`IVHQcC8YSP^_Acy=~Prx91~SBP6L=9(Bn(D9M9`Wxb?XrZm!J(CD9; zu-GXVek(i)9`w4&CS@=i%SrkV!pH-0;M>UL>U^nm-!6%}@U$fo-7MlAu}WBzFDNwR zurN{ONIrf9{T%t1P*HFZq%x+UIXs>)inn~Hc-nOzDITZ4p%)2i){n3g5`=UoF|ooC z=^RYz&b<+ZNsEoFcdC^@5hQ7RK3IO`ym|UvmdMCZEuIh7%@=!B*D9CRX&TxUn+Eu+^P&F`Lm0#?+>{`2U3oATx z3Osg$aXa2|4=bF^FNpN2(*H;%xS-4tCK-O;s>RPB+%pdMLvXI7e|CnTvSj#WKi9Pv z{1Hlqs|7dbmh-~#FBYHR9e6(runceN>P$)ORFC}4;$sbc8;Y^Gfdla%*EjlreQg(R z`vMI{D%M&m9%d5X3WMR%c~GL#4mHRcv(+AbbJ((kr{5K?qwcSY-ZpyJ#xHo4kCFbK z$k271DfHoS712ii0G@e{d|KOoED;cb0%h0o6`IZ|#!!mFv2*rl&Z*rw10fA60#bui zJ^2T6af|}Uh+laJzdwT&(c|6?_oY%WZXGEUqr+oEBSZ$s6{c8p;tx)R)%mGy29V{{> zQL zzmMi1C!vX}#7-vFs#qv^#vq&yS542WILC$NVn#-te>&fpn|6770*uY$cJq0`p$dgHb#E z{nE&z5?N>>LfL4@9%=Waz7iIh+Dq1sc|fj#zmeTUFx*)!Qj%R;WClMVreJ3x_VVDo zFcfD24aF|=t{IBx@Mafdw30d^jjioSy>acH1ZGq8zPezu$pLAiI!AUE<*OkjkDzi9 zTW!KP6MNa>c;i8M>2IoSAQyKh%{$o>pJ*%XKi1 z?9zM@*@ukIzxXC_#S&Mqz9CX0_Nv>Ji21j!6)rJay=WFfMD zat8mti_?i7hpW7%7I2 zwh+BD_$oznfurCIYCNmAv%6ajN&AY0aJlZ2IqVcmsatZj12rq`#I4^S0H_t7BC0YjEt#ifmW6Jm4mhH#NgsXI#=njRKGGT59udPD!t`fi}Pe# zENy`rkSxWq&wy2`S6`6q#HxRs{dDrvR_&6ar2;OH_Y3*aps;ZsvM8~?Ke7|~60$5v z?v^sp)p^KtVw>sF8?$f>{Qk&~8b7XIBwy6!65T*tegEvXXk=PO{F734;-EgqEY<4% zAKBrW6{^+Ev+uJEl5@;ZwGnUfWhY)f&{5JzB5y#rN~53qdr1G4EHPCO!f+j>(yWxy z=xUXz{@2T}t3ai`q*I2`&@VH{mks=)R`4$rH(3Yr=ZE|#8j*g5O8urWOTBD%`&Wm` z9n1I8{xNTh*1o>a4Wr$~L$=IKrXyrmuGIo3u$`UQvPrdiW~(wT4GYiu{bfLrinD37 zdLff}zQL!ycVfX-z6wdk@B8lu=Dmz107bIE&aJ(2c^AB$@i6O3z@Y-Bf$*XO=DwkW zu~;T`H*nm6Z5ajCvKrd;OKb7 z%cmmEM+)`vO=n-nc})IS)%tG?o0*;UKVn=s{+;gfAFK_>|5$?i|EX4w0kI-bR%}Os z^1dJFjYVbS)qPRcbZtkt1zqpDO z{1;0M{=WXp78qA3nP>R&Z|&xN;~&(=c;* zH6s)urVL9PQcZ_401}nj*2$51F@+dflV?qJurrV#JQ%+NW-4iV4c#h3VihG-w69 zZ`EQkd42ORE=Tte0vLM!9b94r{3geR$uaI1^4L$z7*6n~$g7VyHo`CHu(5r$t)L&+ z?=GTl2s}dbsD~t2%yt~0SEb=X;jPvruuqaZpet!hC@eALHi7^txHN+tQFq2PF5Ov9 zJP+Pe+t5ynXWBzr^Mxfcdj7-Hw>NhoMA4Z>aR+#0|1#0Rty4{dAjB^lNc-(ff9I70 zR~Q6jVREs?u}R^FL&?o3sJ5_1TRcJefi;8pTsk4a;EibgFP#Coc#!<){1Ii?{e=x- zUaN6KKRZ0e=KhjesHO%d5NRoq9H;GvLNI?%Ib0;&9fFB)bdv?M%>yvPk+j;57YO52 zqw$~QY%~wS!*Vi9NOM5b2(*^#Yf9`8jMLoHzH-)}4CJl-rnIoYMt_tI#f$GphLf)SO<3Ujx0P9cIS+uLVlxej-IHm*)_Y`%CqXF2*|fR-zu!uH+~SEJ*`e$yi2#h9FY~tjXG&B7Qq1 zGMP>!+Xb3e;D^sp-)R$+OKr>QMhR)`HgR=2eas9H24X#y!l^6ilw^o%_BCW^e0ANb z@VG|QBgBrA4;;p;{N)KI?Uz7#xmPaA?7YKwPBt)eqBSB^WFX^{BRJ1Ye2K3HJ!78Fc)3PLQ(^hbKHNtT$9T z5k1|k<4Av35i=fMIdC?v`7G&J;DZHVR^eS{&TBvLE8lp$5i>+(wdy#$RX2E`-Num%v)uLB*J0r&fA5-+ev8Xobr5ZQ(u zj~YyU=_v@9yJ*6QcF5P>TDE9;SRzjpU@*KMwD1?ih0!1-?pW0tj%Ubzu6W{z&S6VH zVC*&R5wEaCgPrVR0y5Bw0u;8Cte3iF8ItB(c{aTVI?#S&WGa~SA%E1WPI2_6NSUo{ z0VB+V7BmceBP!zH)>27@aHdj~2XJ;z5KXC+PKu-1iNYAqmG2re6BFAwNS zJnSa=fRo(sauJ$+`im(DC19#)!J{A@uOSEpNz^xVfm7Bq++S31HHC>YDuwum*S(Vb zv*i7M!@zKAgM$XvlA|LdQS&X-TjY!3rodRcB-YSimlZ?$QaTlzFSzy#YX9IWE3!nM zZ0I^u!z8sa3=Tch>Yz0phtKTa#Ln=I_-d+%y2g@y7md*HEL1v*!3_X_L}n(E&gq*< zAnmR8=(V_sYzQZFe=aL_a>0`PylGAhrLWxg7=40Snf59) znNkyKRaSZLXtbsjM%iB_wOLAR4`Mz^I0YSY+0gkhGDV)lzL`Q(ie09rSFd2B(F6}2 zrZYRm28f0-6?7g{2lvcef~Z>vq+g{iZ<;*o4{>JbEVkd(r1{|$TVSD@d2~tFnng5c zKure7a&HTk6o=3n70zr*+#dio8mNM_5ZgI@|$K`pQ|z-;Oz7fXnQ1w9ID10|cUf{8okxx)`sZ79Z@8SW<27 z9qj^YB^_sepcfcaymXL7(m@|b}o-3>KqcEby8 z!8U+G7ylH`K?hVVcXm~5aDl&D3zg^K>aF)vK2!hNHgIV$BXYxIfA0w$l~iEAj4{Z@yRm33zXNaMUs*FLwP;?|1oxsv7x+s*RE~bw%zX9wr$((u5H`4ZQHip zUAwz|`af?@a^B>8ILV#NOfs3wmr2&WX8qPx;9)d*h;7Byo!<&2bxVSlIzGUPPuuKp z+8-Nz|As(fqRxdIj&W?Ky-`&4^P{@Jq?=HGR_OyH;p%u}M{Z&&O^k2kjEkr*HL8+N zb%VQ;NzNXxF=ehsSf|upXOF67Yoev|R#gka9PZXyi>6_;NXWvkq2fgV5pY!wRPm!KY-5MZd~dH67HpC>{9*tI2BQwJhdJmkVKL1A2! zm^Ym7Z&O-`@GF_v{8iEp`sC(R9>3VTTVzsFsNTxJjuq);{yDOX)DuJ$p5L7s__$C( zD{JtY7TO5X_7q-sjRe-;nYXiVEfrT(Y}FYR0*OwA`>lyvV&i|OvkRyd(M2i_Ak&M= zAq_=BlM4jeoHwGhQCkLMm6xmh-y$P-hO$+af3eE{I?ih*)TJmAf&Im|)*dz{@7=?` z@466=_9YlysC`F>{W%EqxHihAlm+w!7@+v|Qz#}cqrgT4KWF8?rF^kL$Zjg%&&NJw zc()4^i9iEpSBS|&5%MWmTc7C#JW{HO^U+VVe|fZG(u3~Q-6*XzMdRcRj;zQ)ncI{M zsl>H=lanLqN$t2QV+kKQ-Yp~kCo+tJ3;occ(c*=Taw(^%fUHb=opWfR)iIkQ$e$GNWR01f;k2l{;()VUM;k~6XEB<;GA^5$sOzcM;o zbw57K*4HD}cRptH^!%*Vc0i|Um-KeKh%=S-W{HZwOUG(E?r%Rinyf8+pUqvP-DfAM zGfB5g;LOuItFmhrnk7p*7sh*^=`-f!(a?@R0X31!zWSLOR%Hp!ZeLn#8L6ym9e83r z(v=>;G~SVN;G5Hl@4nY3`{beaXl2DN@Ly7;WG|t-pWh9kL`+*(UcG@0w52s$p5?O! z-pgojk4?K#f13uOB&?59eqq*Jco;i(EEg`ZXjR6fxaUxdijTeSzG@N{+1%BeMV;)v zUGfn$1TXdfm z)QT0Ox%&S6jCHvF>`3Rh@gM&@+_?SvuKVEjRq34ly|dlB<$qCM3m!b1y6gIjZxHVG zI#w?R3QS(?iREg)EGN`n+4fcp^%n3YaD=>9UqKg8iQ{+k@N*B|=YhrWbI5^@ zo9=)5WN@Dra2wC-fn|k`95%yCg8SPF9Y~0@!E;BjGD~2^>;s>}-64PxxR+i?uJ*6| zqQmh5fr`Zf#h`5~DyEFI1whl=wDHfSsvGbge#KWv=E~Q{1|o;&i>B}LM&^qsl+6o0 z^n5P20HgC(V&ZlIy{|r~-3faWK(u?6-?T=LyWFyJby{ zCs2T9p(R_1O%fkV5XU1$i>{nU`j#Da$2RbY*op@g=%uEk_{tUTLxgJ3n!D=qqJTBH ztLbySnN;Y z>Dfznvae(28AMempN%K-r}1ZDdPiFAD$|~y@J}`ZLnC69l*K+@>%kW9p z@RMf&BlLG+) z)tchlh%`@HK4~PgX$ZCERDIN#XNO%i6r=NDwWr#g_Z!M`-qcB(QC`QF;kR19Jutts zc-#UJMQ0d}Oo>#i=s5`#S1QQ>)eyehBZ3}dm;6?nRCK&pv49Ri2XI#Rj zow3XFmCk~d$)0R-=D)Smgba0`var3>*b3yOudPA5`8Vcvc zub+9krY-XKnBkJ-j+S%4K?G8WBxVUJoGt$adf4>g20+}VJ$NDVSP^mjdKi%V$v*==9t8j6MbD!Xx=m7 zE^5oJU3A<(nk#$%VlF7$k_o&#M2>psxNrLnXo;YIhhl#P1J;JG^nyLNV6c_ zZX(#WHY?loil6XCQRsS&@B)Rnqg`#VdCnVShs_3JRw#AFg+el{w76pbbtCh%eH6f%_UQ)p=amK8uJF2>sXG%5n%-%aJV#RTbmk#X07|3=E`) z0%UrOoD6$fVXRxFKkq|w#E4Cgq*lu$^FE^r$R9$OWEddUZxI1e-H9%SeYoF|4`Wa) z*kAS_21wvH$G1Z@ah>dgf{3LRM=WRN6kaZfzhgrqB^I@dPYkB8ZG-q;kPML68u=LuPZIy@5&zsk?Q9+V` zQ`)M+%%UGBFJtcWVK$Zm!P+H#CQ&(sSSY`wC)@ZkzXEPukG z)Smn}x;f|ll#rv8kfDmKV)$nku;D5lJn^bsEcahe8-RZ!26O6^tQn?-;zNYgPI(*$ z_p8Q5{}3-s#G5#-Q8IlPSrXWo_8+66^6u-)5P?$H;5P_6`=Wx84u%^FgtLf@zS1Dw zdm|DYz*!eG1lg4w0v#K#9cQ9w}$0@E~D90se!$Ei)*A=kM!4G)9CGkjie2H9jNs`BZeSg?%@#?_+?YwhprlsoaH+T9>|=#o(%UOI za1e65Ne`Q{%xw6aIf0U+ohv`>o&d16I}EWoj9v|5helo-z~=F!3Fyb(S-Ly98@xL? zuecql2qxwOw!`}cWY^R)c3AoW;c#cVjsT^FrkN)V_FFGxc0jA!qK@m7Y_}GtQvE3T zSpAssrM*4v^5+LT4Vh%R_Ma{%-QY_T>zsqFN68%{El^F(#s0zpOO2eyPz{C1XDM>l z_TtQx`8E(W!p3gJJQ2<&QW33To|H&zTT)Fs+WCYuO{iu`>{ldGO(|R(i{&5_(WgPl zrYQFDZ6Eb;Re`}vsip{tol zN-hN?7#6KGA`*QpgC65v2G@f*Lg+JU>JUl^u2jPwnxP$FY!Q9NgY6jiRKpU-e4Gel z6t+!*IfnhLs>bo} zQMHTeRNgGekck9Uyodg3y{NJ3F>K$^3|YRYX)m|YW)te20_)PVQLEnwU3FFAoDFZR zRoPTY9CKNAtsXz$u}|lc!^-o+1#U6@ zQ&&Gl`umsNK2?0em91Mlc`(>k%h2&1?XK3VWY*DsuiQ5$#H(2`7e_5z@AvcLPdw)f zHz#87=G)uz%RRv`s9qN8_4D;(fA;2{V1M(MFE2Ewgaex0qC(E_$I>nB)@3B*f zeri^UaNq%@C$7KOhxBrG_;S5dYzm4wBaX

G>F5`D5JqKdW(J^VEQ26oGLU`vKI!#tYrhwN+&| za+*cZ`uT3lquCrZey6x9(jn3RCAs6^cpexHTqeC`Unum?f1T$njBi0x;WAniaMx|y z!as|&^Z3Q}dsqb#-(O#kd=dvZe8D4jC zBV3TTvwv!;J(e-y!HGI8rddW@;tPWR&QnOY|XgsMRaDr;hzy>AA|6OHSL6=@b@^D z(K;UN`;qgAr?H=1ukOT49)Fc=#SPtKUgqd5RUQg954Yy)l4T9hI_Q%7ypw`p(~GwO zT;;2t8(+VH6)3NUYnp~8*}AJ8XPxD0%0h9Ij!p!rH+;jTrU@-6+Z}8pPS9nUF%NQk zmy}zNv&yrFRak&|1Jp}8*@LzIQau69 z`Y_=r96n4NduNlR0&~eA@^#TtE`p#`M*we2kSr(rg=V|ww;kf!gLj&UZ>w#Ax?<_zEUQI zR}omVEOIc$KTQ}QrdNy`mQQia96BEJoQaes%+KRh@MuWK8TW2zH1$XD>m@ESyO|tJ z%c);d^L*o?Y`lP$xcDbw0SvAS050k^Le3b*;({a)GYrupQuLPKDEDdFf#`>W!tnc+ zEFhQHy#aE)9@1joHv%%b$=(Wk37P0Ui?8emn2=-`A22|BPgFYC*mN8^sN*w@Pdv;3 zQXInc{+BHkKs0z$`9c=$5BzA-dzXyebPX_-+7R%VK>yNE2>}=+?Td=>2y$IztCXOR z8h27#b&P0g5Og1Mc!^P?u+RxA;diKhDZyt_yF}xyfTgW_KEinD?_d{qaBWy$b?4|TJzP%8QiMoTmqts|Qmdi{ zbw_;;%_A31i)!6zkqSLWUQgm8-;*g&Ic92;)p2|2Aq+d3kyp`@G`VK}Xe1`o=EM=XogwCYv)HSaOKCQS z3VQ|)hrvoku~x2{*v^8L<81h80QM;c3);$=vqiAd5Ba6`4Klsl5mLij3M~~y`<0;4 zdE6@J??%-g0HX(rangs~rw{%dvZb82Zl-)3f{2VnyNrY|;+3UAx z=*Y4{NcrVfZUE3rIHUEnky2e7#p|=9!k>bI6UgWu$XE7vK{who<7+gbpTGPc%$G)j9fe@tCD&QDBfQZ5AV zW>`~QWvm+?f%@NT79tg(5V~EK+$r!=s~!=0ar?mYFR*uXr&@nZXyKO zM+^{syqiIHHqg{{M!Z{F`ii62iZ4=B*5$0AmrSE{&lfjZOQCO+n*o-YqP5|Kc z7Bd;y%sw-+hYJ#EJQD909K~u=$Fm7VeD;0Z)G=yb+U|q(CZB7Mlz@vqjNv;odz&x{ z@V%-|ej;hLC$;$7pT%7YQ=o)ju6YMR^p zA6OhGN21`)Mh%(^+{CN3ik({0D`IL5O41$!W|5RHu{`!>x}gWnC5=7-*jFyo$-_aT zh}v>NI{KegU|pGKyPLg5QSA#R=_At*hqni(mmx}jwOuf*Ag`@`lsrAKJ4UDrt~Q&* z!>RMNS^uC3(XO(8trSimRAlIp=HkDVZb%+`CGf&JEWo!m4f5VthFZ~mA+rzi);2Dz zFWxT0yogzcbbfTJRmQd5pGFx8t+UmP7VD&l+g{#r-)C#C-q&v_T|I|)dr2CMia#8w zV9#WGy@=)!R$Dt{_PU8AP>4?kimzNk5(iXkHytX$5ph~2Qy&QKB9)@2CZvw_@zjFU*D zd;03OEHkseqEBiI0`IU$TQjqjt*;En0vx9Rmq|7-9*Y%W^0lGpMf!4L9ERNHj{T-+ zpYwp3P9SpAQ0ct1PzY~dAhM56Y;7d?21__97OqmXd^CUD(s&}&WbnCf#rikeU6^sW zMCKz`SNtTdJxztkaGuVK=@G# z-imc>MF1yYtjZuTFd!;yXX$lk1sQhw=NHf5K8Vxf+Ion&Xx{wj|#}`O>6L&_0 zdWFX)IhJ>HmlgHQ4-y3#N3KOY>12=qkC}zRTf)Skpgbpr$8-=u<+t((t-YOLFnS#)mc7X-~neDNX}Q*k%;0hcE5V zySl$mzB)?E!dkcX9(zsR(qvFE;K?0Zm7r!w>xUh0Z+4bI|MFBh6Zln8!XLl@DM%+l z21Qo5R_D!jjP6V_d+aucYo%DtK~K#VT!E5_k3cS^T3IaLD3qa9TjSs|t%C?*bI9fA zr813ab%HThcD>*icy~UHk;&{kK0`DLy%AK1)dl&HvNr)idz2m+eF{(rA;^(eNNBvX z&fNV64m$Af=rJb>vcMnP6Qw|jmvbKDFuQg*q>(Kb@zI*TVTAM)^4(x0EFk)nm}C;T z2Z)$b`b3BMM*XI1hrCmVJd9f!EkYN8wTfSyj!74a%7Gzt?TRTdoGMtzE||R4#1}I8 z4TAd$yVf@9*Xvbt0Yw|;nnYOc7>mqkt|7npn+cG2_s%pOu>Ozm#ZD}zbu{7w1?wO} zCCeiif1 zaKHz+CLue*w4Idu{N(gS3P!e5TU7hQ92PvvcI7s7I3gv3?anNu!_YmGW!xPYVw~EJ zNTHHiMlUBW9)qeVM`(&Gh)(jC#t1X$4#b9Uu~Ldljrv(s>5BC-7jFs*qnhJX17J$L zkMV}+CBL(L(R6wzEd3HSg~VZB4pb9BTT?1H5oe9SxTFjmJm#Ilp+f<)U@_E|kFc=$ ztdK6jRB1xwP}(Dg=m8K^i00ZW%zUzUenW&P%l`SI`|bQ1EY9ryO%rE)zy^Z5rg5H( zj{68{6@O8d#d>Lg=HptzAZrb){E--QC#g$9Hzu!fwoO~JB{PmjPN_(}hX&Yksy57a z*kdk7zF-WR%hCYuds>hPu&4?wu~G%%9d4oo9`|G-2V?jmcQ{fZ-)W(vf;yarnF0_+ z6r~T!_z@p!O3)&^CzuW!h}muCu%yhl@c=|rlL?>Uc7SFIF5@iPV5vbqhw{pXLAft# zv43*UlZk!1vbjAtC4@GdRKqhWzA{pyGI;|5sgEOGu4rMB`xtb?`D>woGPeoo*N>v^ z%exhDtMW=bFS05Dt-n7E=v)HQoZ6J4KI64 z#Kf6v%Twnk(wUEUF^2TdQ*b4sLvFR-*37|FEl#3_72yqqucS60ALc2c&=Kh&D^oLZ z=yX13q9-^SBf-zYb?vLt_S2W%H1vR8UJ?GCVDcElG_}RItb&F`WhF4rSz^+UMv*A( z=s1uQ+(pyBC2iPr$Oj(|#TLKO{XC!N!LrUZF~Cvba)>cWkiC~Esslcd?!}$4N030v z>csvS*vEcADjHo(dn=%AJrWQ!Pw*M%dmG^9O3Q1p;c^j#WpixTCofGOkUL zl1WFgd366zNu_-|s0NKrs#9w0P`$Dm=At|9%t~XbBxRJp6@kqUFo8;OYKBRGo$sfVY}cNg^rIF#f@AJODUTmi|&r*+8zkCvu#)|Hqh5aE%p{q z72OxBwOzK*;nSNhYdl+$=%m4N!D5Xl+kXoZ=8{abxn_3=3 zp!KNlspXz>XG_Y=@%nPH=DWgc>Q2{BzxJ3#`SB9uQL)-HHY) z07_IEm6(B`zqcunIwd1rsAX}uUmn%wR;HfN5u(nRmSxUSkEdg0w9wToNIz5JBKEfg;qE)l;^N@@8Qz3FM9ej zc6*IAmu3Spa+KT3r=&01)oW(ky3H4uS2j8onRT+Gl<+&jE~>m5s#;C#v}8?gK*@AX zezuBQN0fY0o6as%(Qr*l{>(kSl4Vc*zCH>p&#wY63ffx-Tw!NZ<88j7P^AoykGMZ4 zGgaX06ofvl@IQ-nBh<3WdW(aK@TSOvLg7BRTBw=jPq{-Gef}?t&AEhqSenUt1*i{O ztan>1Pq9V$e?A3H=*6DQke}7k3CjY~$*S7|U@D_?eJS_1scW= zMW53~A1MhwkPAn9_yuC^`G+oL6$yMSF%|4w6#7;>aL4)b52Ny-d%yC{w;`+zNtdoO zIf!uX3{59!a^gDKr}OJCEFY+p|Ein+9ld8_XaA4%1INGHd;U{5|4(35O^HZqF{B^D z(wql>#ugPi0;r|SOFz5NAWoFsA!gd3pU>T{8%?{4ifQuFX5ua~{6%@CWB4l(Qwxkk zT<0%*-(AQbr+TA3&-M4`^KI?#t1tZBh;96DA9rt`xPd`+a!?+<@9vM&$SsN2r(C@l z!5BrH;fJgQL1*k_6<3SPyf%_%tW?JXEpP~8R5+uK4%3meop z>@~UsqFjA?7rf)X%?V`L6Y@H2cXJJ*YKz-Ma-=)E>wCF9aM5yqc_#*#XMvKlO~{wz z!WJevCdNPK(-*;0n>(pYjLH6W2%J!}gF0 zHCl4p$Oti-)n!fc*QfoM){t!Vn#N-T_V|P0qqR}`=wyP->A&?;{)WlnUY89F@Qzz zRbepu@-R%O@ZA2lj$0Y=lg6=Y99)I`y(JwHjidS>l%}{Sd=OQHE<8R{Cc2unB1lT? z?qnJ2+VGj<(Gmq++)dVbj(u_ll9sxuI3#;&K8pl_h6U_oIUt9uTGaqs_wv2+Z*WMa z40kk7u0o)U7O)&hP)@4hl@K2up5}}}O_+xzb(g=**VkCIZ57|Zmvha>P)Xh8a0>jq zW^iUA>|{0EfOC2_=rh{bim2%;~=WEDqD4L0b`U^ZFnMdU`xGWN4Wl?(^ zpFCKpIMAZ!fZ$+w;D+F%4X6=nLDe0|8-#;MMuk@rl)`lTR-&8&v-!2<+FnWT(q{}< z@Yf`0#Qt*v;Ui=cS)s*yT5^T#dE)64CrgNyq%H-SWm2NC=zad@XAKz+Me+lTF%WkK zAZFy^50qxquajdnsxVOf=xm(WozTv{#;2d+k>sTr4Do2THie#o{OHM;ZK~@l{9FFN z5j^kA^Q8@osG&*B!pvS>cvLY(LF?D0zdmF@e`GYzio+FIH`w^}s8`@tlCXcjE&}v3 z!aYSVT?k>C@hBa#5Nm$g4pjk3&Nd}onBBAQfP0V~75h*dQWo9J zftBJ4-Z|6pbhxw97ua3AsOP9tn zgX)^50TV%mV)aefXoj51U+r_A{@L0|mhCmFsOddt!jsC;(fckE^osp#!6TQ;8-A!u z0vuz}knF&1gdt&BG9!Kv`9c1XKx{p87)BO2Yl($uWgOSXxngoWl>_i4uZl_tp=OjM zSfAqL5mW%;VWS#cw{d3T+GQamj1xPf@rj^*F~~zv_vx;S6tYb-Sk-_T9sY&N6WGXr zP;bJWL<~}U2cYM`(;TI!vY&_b8!{wR&kOQMGW|3X4VT0ca3i6C7iV^rC;k2R7Fo$0 zryY5-Z<$69XcEP7{;QF_P?}Cw+wJEza9aaLDvCh_Shqj%X$LCUpN}HW1OK?K)DTbW_`v64MDGz zrG}iTY5#Gk?V>f>wQEw^vQdh(;UcG=LGhJe8kM0M{Sx>({NxG|N%8KZthv6-`&umh~4(neyTo49jX$#g-7YkZP?*V-~m8qj3Jv5j|I2G1jCwjh+N z*ZWR|m3{u`X%H%;KA^<;mElSJB{*5oSAH6lKpA=Pv?;Ak8yP=?AEI_;G&0wV4faVD5l(q% z@q#SlZ@Sg8Wsgm8PjpC$xV05=q~9@1x|aB`8DdIRg;i07n(Q&<4U6GM=1VS;91eC~ z$hblDh_gemK5_RRu@kLx#k9xROH3{vwZ>*OHoFrC*FAV{wH$SnhUN5HP^Lpf1W_uch*W_Um z##frVd&O!u|1=X4uLc+&{H{HVw<2`n=5^e7HRju$CswO={NQzzNwKRGs|h}BKzW_# zb)44OT_9dn4wdpeNU-Ipw+Woo(ay^8NiB{L}iXdj0h}yZH75xfEu^OX1z~)$nl#>gw0~^>?-~0CGuz zSI�B9#&+IrCEi)Vt4P;Z;HofQ6uES+C@G_t)Y1+tYa|DB@2~yA=@`;{2g;tiDA{ zzupCpKW9b!Zkc~ixdgnhr5yg$QOtxa1Cki8p)E%m8KX9;iA2yXqwGd$vkQSmoVGD& z4*{)Dx;{dKeZly>utOjWtyB>!tq)eZ$ouB&C-QN>f~Wox51bGe3CeG7M4hxKZmiLu zG&Q5>>J%5$UcXNy_<^L@N@|AJ?=&z>Wkg;sc@2EH7DyE!9$|lCc#4TANQHR{bLTJ^ ztPElE=+*D%>0!{{5K=8fl=elr-DryjE(B>_BWY_92#9n*h|E;6=@kB8`<4=T^sX_~ zt9DV-#ttRpgTY)r#v=Xykg~$SMk$l@7QvVz8Ywg<)P) zD}j|z#KVD2YUmlT8Pz0TCEwu=@^fy6*aQ8nO^zzDhkg%eo?W9g(rC{{OLDvPyyc{P zTw-iIv9aQasP9Oe2?!K~2}EMJdBW4( zA~5>uRcM$EOgvffzzrakEE?!yPrMJqb(8pnM8}Yv_i^!h<|b>tF%6qI7qDN0|(^1c8G1-pH6k#fGL7G`>Mcn-i^s z!LtReQd1(qfl6+u*Wx1$l8l655@FIwNcg-2q3C*siXf_6HzrJ2hlW!Y4Db=uN8Ehd zN;NA^rjcVnl!qtGNoeMQZ} z*b)z~ES`{7kW&x(%hRhhVyvR}I^Uu5`Ph@JSYC@bH6%`tsEcWB*&uVi(ORTVM(fH1 z8Y3`}Go@M4M$Tr}DAdRw2Y@b9r-Cl3avN!^)V`H+%#>>5#R1b4$VC5{FDQ%e$t! z-GpKrs*GlKMx1=BTo2P*#d+k=bA3l0hNg;?NsiJ~f}ZN6*eC~YN$fO_lY*;MU^08u zsR_}WpwIYcukalAS(XFRTEZJ54?_WTSj>{uPF4LKfnWNM1y=F0hQ-jJ3D7Id_goz+ zAqqw|Epy*r6@a(yPU#n1&s4oBYtw&xg14Ju2mHDX(GCf1i$`o&VfsrrTr;sMAW0up zQAx$BU)G<;B|jRTps&t2vljv$ORS&OZy|QI?SdSNIg}EHTi2VP)kB+HWUDss*(+jc z?!jWJaYwp$3Lpg#r|ls%p53d-g3fT#r_@i_p_$i4mV%S8ZHJnq-Fc*u zwZ*aZcEV=2WSI1r9TW*uhcqM;KQyNNuKrRxSbCrx1hGpvIlW?k`e>A8+`3!(c3z^G zW8ayhinr!B4`!zqOH<5^xSE+KH7~%9caLHR>ABDs&nmO(^uz~?k!~p4rZ{#!GT2?} zfn89-At>^+hT;4ryV7=qHw~6DUnlFl2l~CJgpIYcSb7J(O?=N2P4Xc>bdXK2!WJ?m za>!jeDj^6(nb?{}fxIk8NN1nUkJqFoBecFDm;@Y!KqSNWuqfP(g?2nOEt184Tf%Qf z_9~$rze-t=|027#glGM0qM!Dr%mH;RczEQv9R5=GtiPIZbekxYBE1m)u_;78fpC_jBsKO5 z4dcoGD`GLnLH<*}qrV@1Ok{Yn0(K~qAhDVZ4}B>5k9DLr>!;KWg-59H`A*0VR#lH? zm~ugz!$jEGrxFMbg)$;dm^eC@tA_xDKiQSCCRzOLc1#W~n*!C}V1tYg*C6r?+{btA zxK6ZWwPY1gTl!F%rkyGqdpho!D-QM{z|MK{#(o@4BE3e-UfV<;nFkZR+?DR+C3h{L zW-2^G@fk5Wmwn@t>J0Y!v;+6$GHR`*vFqx)c}4doQZ7MMoF`X%>FHQmi^0M_%mW&p zo119_BZ?r?3v=9Rv`#V!=$&S=5AUgP*@A}+yqdh*{e{z5@SgM=5wVCS#YBSRo!c_7b z=rNdq?CxSNwq9`s&$?J_z~_`9r-{#YTAp(%w^zA`sK>^w{C zPr!SbLV&^A+o-Hg%~hxn-ba(zF0tTaYxI<9)V8u5XpQoe^Cbg~*X*1&wp7$A>6yQI zkwVABW}11ap32^jZf8`6d4E>7qt)LWtZY>!x-b5mD?{G8b+WdSHTcZMoD>Xngne|e zzRb6tbZ|=APFFWO%EXefXkLGtwVp(=Q_g>xw4PAm^?a@T=+fQ26>aE*=m_hFpJV!H zJF8iiq&(Q-uH^O($Q!K>*|2h_M7*OmXl0{o|9FL1zhV^hL+rxERcDxt2XJw z&wFGsTDt7M6WUIzMEUGwe5|ydz(i55Z@HG~%Di^5rmp!sRC5;ol;~-zAmiO`jJbJO z$$}>`P1-SkY$$-H+m zCP%~6-cv;>x3t_ld06N1a+o)MU4MaNuNi&*H~sZ5QT4A>EAxL&N^$p{Pmc=*O1s1x%Ol-~Ypq^U>|bhkzaIZp*1{##@T`;<@++?nHI59oiTKayM0he-|V+wB_- zkf{{x>U?bY`INPZl+^f8L+Zs$h&F_|rVhXd0F}HyR<$#-pon7N+Y(VIWL5^>*}|TN zYi&|k&vg`Al1fU8GIC)86-9ij)^uvAz!h6=&bHTh!a|lCdNruLP3Np~`qqpvbmsHx{?Hr(&em z7%@ng6LCD8K)~=A<>5B5-34dUZ(&kol z2&*C)LM%h_RF@3cTtc4AZ2x?Z-(l~Prvi_7hAVBs-aV92mHB13<0ZOWxldzXh;oCf z%A{73Ma27s@ofg)EdFxALbG>ACCug|dE71fPu{bbz}WzEc5%G~y00u)*+e+^U=_z_ zWS-KpB1VchRqjR?_uwo!^R@TU1B{FK{<5p|qZe z^y{u@$XMS5r^n512$ge7N3YOuCH~-x3|H1zjC5P#zWzDWv%uvXEkGf@ZA12J}$rUGyoG|b79o>E z_bJ@n>CQyuj7`Xgg;K}R?@2`IaU7U#*Uq@N)MLwC#0iB_i+s$ym%TDb2=;MgFG~vNC^#Au zGyvSK8G(6`h1M~qyH&9>()nHNXUAWXY<;e^DS8cM4h+au-uh26ZHx;jx0|o0cHBfz zm0}{*FRwK@b;aa)Mj%W_JC&ia}C7 z5DYc&cD2nyAcI!$j%!Ln7DSFC1}50yx>w;Hyh}Llnw+kE1phnLo+}tYV{%vuld#a3 z6cVKDL+>t@K(*y&90MmHPY4F)=j0|Dz9WQ}XWanYXT?|@gBSjMjgUlcTFrJEmZlfT7{>Q_MpnfDXR(kLaOfaJ*g;~w4f}q5e9tgeNqW#pu{muL>r?()*f)H<& z(BO1E4X)RfaMSOPnSw1vYr1Uvw`w<+ubF{Q;T`3%(%7_;b zzH#;x5TVwEX9_`MeWGWutmQ&EDu_Q;xlOyhs%LGvrjXK;@q4R{NU{p$J}_Z9!<-`S zN1gYUP+L-H&wgpluo(`tF5#TALEpFVZ*%h{Rp=HoZWMqEU!XhQLJinlmhQOnbOi5N z^ezFVnFlXn_H6^RnxOP+*yI%UR8wV=#BZHySr(dZF&*Rkb1n}Og7TowEWq2)QkUP?45#RZP&KlI3u=g+qP}n#)xg(wliX9 z#I|kQcK*!yt#|!%)tVb$)m^>Qz1dyQb=`fQ$MHR+AgKC|sp`#mm@}fmR)B%H3hW0zx_V!*!6d&j*H zjOPw#PlY9TVu#XiSOax*uVhIXd#9ok7T%2Y5y<&-b^$wXdmd3kyrMdMtez_xA5YQCr38T7pr0}?yk)Ss&2KMDJ0*h-Dl7qbun_NP_@mk7o z5U0dX6YHuEN9}9-T-zkXF90nB#pp&~W~}-TgMqbiJ zn}n}C&RZ}DLgJQ-%A-F*&oR(cgNd@k+}k~`tL}VPYmkMCkEVPbR^+BAj<|c_+i=*#mK7YL z7>9rkU=J5c=Yh0Y=apuM#a-?=Cg5V1`myiqm^m}!2bZmQbK&BNDUeN#(HMVAMXP#& z^}$~!w#*?1za0&@HiNWK#zv&b1uHJ{@nf%a-%y>&hB%J>{p-0N7& zC_MA_QW}drU`Efe_3NMQKyk^Anf9@2>M*svkY4MHW8x|@f4*IM6zK)HXNva6d+tj3|kBzX1tNP2CX>lR0HC0z#wmInVi8D8v#$#ZIe-x#`K{b}7 zIKY!Agq;~Fz$rv@-XTbQX{0>9bC^{Ud5^i2ECRehEqU<;LYejMq~g^Sy)in5FcMvS z0A7*?$-6{Hv6L6m>dJ^f_Z3J*l7np{5td6X=qGC$TPy3qwrk4%M3<_)C<&<_z13as*H+kMlSsS>>)qTocB0Mi=#fD?o=;ea!~*HILu~^9{6>U&=#u z;B#o^!=a8}_imhQUbewjk2b^dfdAx#u^aV5%yygb)YPP7bUlb`D2yDaADfEtn1V7b zf=etYa=EA?odBobiEtKU4(8lLy8RV%l|5b;6mxGq_&!%jlWRD^tvDrL~+k>9BNfWMo`KS_)?La5@{rCM^qKA)aan#-U zZ6D9o_jCS~Z?}T|^S0)1=rR|{VJ8m z-ow&-sqV$#u9`Q)56ykRy=%qHZOWqkVgd+{KNJ~_YS#giqMyl>L(9vNKbnK7M5v9n%Yv5jbH`#y|FcP!ql+Ta3hWt2=d zbDZlwsANg%L@RV1i2!Jz4KQj^i;v4&*DSE=KK3UR>;m&JQJ*C6`Q$tpSB2Q3Zga2E z>yiDPlB^l2S-xGA)4_v0Nm|oBGe4wqJSrnU?X z&1Cg1`Nv1ap({)i81UCJh9Si#5sYP3ai$^Mp>*+{SOOqKG}G8lqlrjmjkl!<$B)_{ z{#VZ~Xs@E^j}Y{lv*F64WB%Dx2K+dSL(<=iBJHDtJeA!`zyn5{ek^?9nrRSwpX7IDpYhyQHw%jlE6~xu-0}q-8&9WKNpm zBhA$&bPf2+#w4>F_7JC-*)e6<)r%oyuL!?tsY|^q3;82px>ir7iT99;)UJwt_c86; z!jdCnJ35}Fyzm3pVOu_C6>k*92>;HzgFOgJDKu?!2QbVwdujEV!x150#9E&%ws#ks zPE5EIafk+wIUFS?X*XbBd%J&RIXz0XEOcUoSDe>Ma1|$M9E*PhJ{EF<4#wv1kBTtyxRGG7Br7E`@Z1>Z zt~OwWu?tOMAIWi+Us+K<+vpHGF;Kc|7d@S`PZAl|n%G9vO#%oII2FWQA@LPr4}QxM zyIzjFp9mN4;RCw|>&Ih-y)HoXTSDDMGeqp3)6J|dXwNC4{ty7CV=WoI_V3FT$d<T1jI&IU8rh$Qu)4&NEi&3JgA#Wx0 zujCZQfhjhj0Fhf9f+(PJCj@6VVM?W=L;Ti$Y>jk{l#va2&7-B{pz;hMj7J{u%rWWS z>cHYO`g>mw_SfKUC0?Y&m35q=4Rh$BvwI5#=_Vqi5sV61cJL7rG9cu{V2K2rEavnF zcT9nLkWkF$^dgMk?eoZjH`Ba}euIYNu4d&LfAvt|8ixwuYM%ltpA}ud-r4 zX5TUrT3EWAt(}uf@eb3L?PAV80%F`WYV`yik+l~?I=kK5fiO(!) znRF-_1A~Jf(#P}EYyV;qYO94BG7WTA1^RZhc;>N~7&cPB!zoXlU<(nUr&M+*?kqW% zk{K7xeS0}kP=+ab>Dy4C)l7^xUOB67rr6pr*Q=3TIS;EoMM;U*jwbv2N~5^PwB}85 zSO&vsp6G*tAttR+lZB~Br0TeOBOs1=sZ%wnu;h2j9T>Snq!itw=8)2 z7v9?I1C9HJb-%-!3@17NNHvuvn@)gRikMZIgA1lrJS3|@6rj~-iB(Y?wB0gI8J zjNBzgO}SeM&Bp32=!w?J{TkGVqjN?gPWDGIP77pPs;f5=YQys&SZ=Zh!Y*U*Cd?+a zjszxi9J)}VF(^o0IsqvFZWY_qagy_b^2iS4wN)Eyekk^iml$%2+0vR!b6-$0cA6Ce zSBnyF;r^}79-vM1C6k2E7^QZP2D9I>inZT)4SML)aCt{H`_MR*e18y@Ap)-rR)37=ViaNTx%6KTOp7S8bWL#Qs?jKlvFU6$PV{qy&NlGR_pqGM zg~_L5c5IsEvd{a0%X-yZLJsJF=9lvC>G^aWLT(vWigr+HSo9jsrrS-RtE?Pbh~Tj~ zE;pWLV4ynxCVStlo1l>^_V~6~W^SE1GthP~m=X-exVl2_< zdqEr~gY4^ymHW8ZN0KZZJTZD7js)BuCL?UKnfSZXCH~_IOLd_;r8s^c=&EUJ~W%sG#Dko zftB`jsSzy4v7#t{=Usbfg=>9^IsW%wuf6NA&5cS|Z6KHXufcH5&`@&Gh*KNMoCB~D z@&z_H9G6^c3I+8*yV68GgB=V}HWrJH_<_3u<}O`W{~2 z)|;}U>y~Am1^COlJuo2Sw7$-xo?&y7%K4=KRB^~wk#ASA3}e$&3|HdnY2s-fU%(!@ zg=b;AjwME9CEVy@79l+1q>HL)nDoV()3Pfk940Er95XkwZd#LxtMSavUb@4NEP!tm zIpF%agaq}%P9Fo)%?s`WO(-4~qBKk-3jXUtjC z(|M1C3g5f&A;sBnHnlA)#9u%mf;H9N z1_AgavR))ZV01SOxfYj7#&VF>W!$Nb`4Em2C*CkwFufq|G*~sH$&Bs?IKwN==)WJh zBU7=1!Z?6uA}&Q`i94w3h^P{eLbZ|R(l@yvmn>a>cK~+E~ut;Hf88&Q?ED($jf~2V6IQZaqpytJR@avEIqm|vmmb!yrAXg>6o&yTY zt|bqti@pZF$%a?JoTxu>aT8%F&1G9SjA4m`yQ2 z>-U-$RjBMGBSbChX5EvKEM$ew+EG*R6HwQ*j7pXdB#s& zg{3S9N+u)e;`et5qfVYRI5T<%YZ&0ca3vL#JFe}&&h!<0?4rVWj!?1FdSq$`O5Lk$ z4=$=H?2rro;(iLH)0hzna3_#A6MUB0%(W4+RZ13La&!Ai7Gt8jcPOIpcj}h6cXB+g zAp-)YlCVeI5j$bad|kvH(h|bQbQ1W6BZl^hL^%iW`J6XRQscWOrZ1%1me3w4)C0go zt@@RvXBAj8tp)!Esw@H!V8&Av2=LJ;vlJi$Wi=qCSz7~r z6c%H_W_6a-Gc*X8fhrMUyj85js7L1SM$`pwkfgWd7Lh&Z)=>d)uq^di*#Yusi%FR9 z4A%A&zs_1gYBQd%4(oNEjnyIl`SHnA3en#LNRJsX`yx3`OQV}+v0x*G0e15%rAl4xdf9_o0JeBV2^PUIa$_c3M4|<`H{Azo8#MyJC90P zRp6))Vx1JUG>zbVl749mXKZ4NnecAg>bT{{V~$N$JOa`~KDO3>wArQO$=r&@>?M%~ z8pugNJNtuqC5Pm^TEKgKrJiy+Y8JCBgTdZ~=3DXvwA!%S?S%D6DaiCY$nN*uk-z6H z>A$k?%_S^m1n-nUlH~j$<(t$X37EKhw^&`sGQ4$ixk(p&C?u8z8SJ>?H2Qu(<(}5} zr&+x_mCT=(V$agk6b9ntuD%p4!=G_-!I%yUh#6VBT(mQgBqQle6wd8Zr_{y@wR5y* zmLaDEV7^P^YobAc?tRt+@0#o6)}Og$OxV$E+2FZ2=HJBZ_pPK1FV)eIa0^V^S>s4; zO}z=;f|ZPY`@1aAEO7NSrKOt^^GvWdJ{n10*Tu=0lhoJlKDy zu8Op+*w^$ZRBgreXGEG#?sNXVpO17eVaCKxy0pm(01b=;pO6d~FI<`|^Ge3BGGnft z{N1Ol1XY2QFfr>KCKGcmd5Vmasu^`2nJg7(Zk7g@LLEG;UtnvSZv>U31d9fr-|p!;*#V48DxX+ z1paoz8rMdzI#>#&G8tb!lLOkMYw!1s+9x1zh8ojH3p5A7qU~WSpJ{Gh8#> z>iX@BCEh%C-{Oy~;ZyzdMh-%-nFVnAe5*^hWk)(_pPai)KiRI;qQQ;cP|p3xlAqfy80EWg#s7Evi+ zaEO>J>6~TOoR>wytox45C)ygvCfO9$)}9*=vFR+wDQLeiG8|*Z(@w!+)AVFGeoiXe z;e@m4VT5{rhxL70Nmf(>nH~3w-FPJs!8wMxkAy)??;ab4RtG2KU3ZJHw;gnoez*s+}{R&BBr-4d|&+2xI5;F3U@!V zaaRfX_)Eng5`vYj>*foCChna){LTuP-eY8At&@+hAIR%Jw6k$ZxQQUA=S~?)>#oG2 z71@E2CM2xFo=&p%lJwZV!Rz6=SO3e%_&;;t|8NT#nEu}jYDW5h;41(3f|`;3e`^&z z{I^xK#^~*)MId{abBB(J@I7AKo zZ6D>*pcjl7;0!%Z$l=pb`prOl!3Lh*%wc@}lDMqgqw7y}Sh*YiVxb1@@hWtub}c zfEa0EgSf7AXk$z~rM@-wJJWf96iu&B=>sk8e7|GzYmjV01N5T~9Pc#b{-|eN1Gvd6 z$Z*)K06AeAbJF8FGRi7Z!MuAms;F~fBROT6#%(0KDHoced=WT8_(pI>kjaQ?qBNn6 zMGwPV_aOo#m@MP098`HGuX6-ZObn^M`a3cppCJAe1ym?Rk$Ut3>p>DwvYmz`E?R(P zNKHM8pHw#=QV&{YeaPdzA%9lPN4Ab|G{o174WO1f|0yX{71O3P4zLI^6`gznfN*?I z)K=>t>>_Olt||hQp{q1?gK+nss{%s+#4mc`)C*dq_1LSGSeF=S7P+!U5v{)fa!$&C z6C*4R_zwYwF6th=jpAh1oH4Vg!T~-c9k8a!1HWMT7T>yYf%vo5_7m9H1!_nf6W#IR zq^gBZHWA;&X;-7bEoDb#=_VRje zg37302=iN6^8<_OK@kFftt=iJ|01a5Z&6nqgcWo--K-zDd2#0h@MYQ>b0{$LNP`J+ z9!(Lt9w3MDp^;3-#7*1CK*uG$f^rk_Lc?50V8z>VjR)!tNF~5G8GuV_OaE{<3@#k( zW&Xy3h%$}FkwIfVOu%vPR{xAu0LWhZL(eCbk4WBqe9)n$FZ=$!0Mw%P;M6(^tl}UA zOf1q^!D0tT2>1l;e;u=&4g&+w&PzlHwe9S>fN|!&IUkY(%@auv=xNsrZI0#6dv*l& z=n{nM_?r&^CXr<$4!I(f|H#Hm3{dWOAb6B0lgVBWs3b7G4yeY&AGFdKEk>j5#Zq#d zhVG1tM1gcOYgJ+qosJ;dF-+o#-z?bEep(??)HU)nBB!*L_jIAYIwt3lce$ z+miC+RarC4%SnJ3!xs2TmK(&+w>e0Z6BOkpoEkWZy%LoAWYNPCJCi4j5mq`emzZ7H zR#2Q0hcIAEacm*)e8m+mWxcLKLaMkB(?1mpIyG$J)7FnrRXTe^P8lg??AyP)yw`G6 z`dTe1tS_(84R|$3Gphs;)I`XGWzNSN|58F7R5xa_E2>M?2_z)9yRip36d0T*1SV&1 zt)RT8$QFh3y_9ZrdQ-#NI2!9O`XE4f0^HG(cwLKt5A0~q4_QohY{*T3RJP~0J@*~> zL{_QV0_$Jtm)q+jgNl7@|Jud)Og!2t40W6&m@=IwO3D;%qFfvc$c4%`pq(CQFZAu_ zSXVAtYfA4kwr)n>WKC1~pg={szm{#BE?hBp8J7*r*>gx6lT{{DtUGw1er-(UO!CP~ zK$w$V;2CTYBPlXWEJBD9upz3o8)<5J$QuQ3PK^os6XDqg076jvtQ9)-c;AO!DD+I_ z`_*6HsCpL9&E&ZyKiTSAc~{zEAbOyg;5$KPPxK=yJ+$S9*y<{sSpE2gTY^A2h- z5M!ByS6Mrl;ylnZrW_hlN9pu)lZT~Hh`R+NnTzzihZ|sqzfY4qe3K9>ELp}gke8=; zw^$=PkmQb@nnt}BxudV`yyYM}CILmFy5I3x)%XDlFLVtH=BVp^wr9>ywui;ZIaiS# zaw(BeC?0PCtUcJ<9STS>D63Eb&O76Q0vB}v>>!r+phONS;^q?Q1&`b%Z+WiBx2uk; zq>W1WuN}B^ygJf}1m>^G(-xsk;YaD zQ*x($@|WTU@HK?oG)}WnO9mhLou^hzOm#o`m8R!SwW}q^C9dv;UlMYqSx1eO&^9v;h!|}b%Ujn+3;-g#z;_RQpv8}&7(bPcRj(OCT_~@;%c`XPsNDXb zJ)ZAkBcoru+B$T|9>v!B8J2t7SEiC{^$oJalkeP$Cub042>e_L<%h@Sm0PWhnR=dG z))mTRHr5$)z0?LN_@U+4!wwWnHL3^Q{X|~43Ou}=w%MB0lhvljma^#`_{^59Kx(lkCJVn@4Mkrr+n3?97+*gtsNbPU%BGk6%ddaCJlmC zNwj@3#cY7{x3GqWjv#{m1TRV~AJ$=$(?=RTw|%)moG9)NsHl*yv1gl2R9BMNa~>RP zIrKis%_vTI6liQ$;5_+chmz(_c2*KVH%N-Z6jph^g*~w;yNf3P=PU^**_Q1gaB!r< zKS}9Z-&kT7$5B%u68$EhL*BDi^_l^az-hceif_|7gTL%|T1-MTRvGHOk8k z*ix#@+3y1wQy#8?=8XIiW(}5Lucb=8J2FO*X+_53TgfR2HOSjJ>FXj!(P-ECQ)4iw zCT33j>Mxh%Y^W%oiy};k!}Hss0_Jv>jU4k@clA#N=jQhTFDM1uHK|hJs!xlAl5p+P zW>?+f#`v^-zy;D2`2N>{_n+4|B9qIE(UP{pYTTk&bwM)```cKUjbQk`T5Id#L z3q&`}RIHL`&N7~e?kS2YRW3?qeQ$yqU^QEp(ZFHM3O=l~IO~G^K(!rdJfTH6oYDou z)ft=R0x`C)I*mw+xtcQQAQ4EHr(y0!j=B3L`-`Nn3GBw3M;2{)W~>@_81R_pfjt;l ziGm1^lVeX{m6YL~_pJ1Jnx`5RJbNDPZ;!ynPqh@29I*_EoH&U5b|&%!<&wM3aAM-m zoRpLth7zm6Tr#uqLEoVlVp3UKOW5o$-$6nl#gJt=aX^g#75=5c6K~UY^^3b4=(;Rvy5!((x1{x&f*Tn=t z(YBMI$BOYyM~J(?kAJ$QN0c+St%ggds=M{^I zY%!;CvI;E?VgutYN@4zVEJr9GU*%t{&P2bgpDZxZfs88*Cu87Zj=dnSHAT=fgfUcw zT|fg@uYDcZ%X^^ps6eyLJc31I5T+mW^>s zR+WYzr+%q>8W4cEUADE|c>mFo$JKgZepjwRWTi~A<)z6M(wAd-!g>TIyc!-mr zF4&$N@Y}x#0Ekzr4H)o%$cBOZXLUl#Q8~q-3i7rK(<>Nq4hdT$eK}0Uuyz2FOrvg` za$<63h)Do7*N*}lm>_-~!N?&_e=ta1U=2GORzAWI(NH8z^1A*WAP`3BP&)mE3Bb`cO#KsI+IINK2ijb5M@iYj%imvMc^+F)0fdOMkU6FYOAW^X!j^UEB zj)CiNwF}aO1hNhVK~q==!2M(Eeq3@dQ;?^XC6Omoiyr{SxI@VDY=-VRaV$tzq$Q&G z6eN>L)?;+t=02j={J5A)oj3$VQkz(OEyu+p1 zrvxSvA>y=~Gd($TQGLPdq%~r~s0T4*OzJ5)V*RqjB}W&R|6Hf}rWK01@?16KVwrZL-S^*2rPQx!k_P{4iT*7&=asL#?^@k;7nRQ1uil}G2t+z%6fIl{gm`qXG!A6bxDcCx zotgXRRCr8WT6h+{nV%}ePdxGs;5{OiX!$Dy3yj!VhOV04E17t!4Nw_-_ zUI0hg5gh)e;()n3(>ptrY{Mumn!^Mbsk#;0DJ|P_@gy6{`82Lt;VB*{KtLg(dTP%< z&66=&=3#1a;#{NXhuev?YD7T$b%qrUWj3h#GYSf&a%PY2PWxnS^?F&C`52;l?BI-Sw7(cbz1BxJP+qEW^<)h`{hXjsPT$MB0JhE)j zcS=YHP{BSCouJi&j5C~umd<+1@BLBf^Sd)sp{1m^y1Xv5wsM@BY>v&DIJM{f;zrBW zxaEp~pv>dTkPbw7n^GJ)-_jUvS~;)qSA$`&JMWi#tq(wf0XC<`%0&nD_t;p=F(z3N z{O{V5j)0K&%)1DYFSv|5O~UZ8?z-iu0vtCfSm%jV*v-mCe+RqCSzWt;x_!uAwzs{d zyv+tQE_{-~Gd^9jEDY(yPir8&O*AtDV)FGoh6fUibsO=q$zSsY0wq^sXRPBdnz3S+ zW38goQa5qDn|5rR*__VnS9T=QZOcA|NU3LGzES{DL^C=PONK9XVi-C+_FmB((NY%U z@up-6iMDq>YE^axxSS!41*a4rN{<6Hmlh3NQJjLM2_s(2L?@`B^j>ge$@FQq&|^ZY z?1|3Zc4+l^B}OQMA;zACU9~x#R%!Z1`tq&x190Lw|6Ve7h!U1{Zg)x2qv(nax?|;y=|{d^m!uSaZEETyuH9dkr)?z~@y14PGvHPepX3Wn z(7L@i2e|z%rx7%=+ft_r3_%=V|*$#pp+F2#gl78f`y+1Mw z$MKSu8TOfZekTmr&1}_({l>CKL-N5L=b@}0BeEW!JYSD%PODw6vfuH&zF#VNXR8!* zYz#`R9=M%y#@+a-uRryhphX0LUa#33<_MjE!-+oEIGj%vAR(bL~y!oFP20DHyev38G z0X)9v=yt5QB;jMd_U3#i1Xx*lbv;dlollXayE5GO>(g~8$;WR=z84+7kEipNpW^hc z-tGM1Zi}y%=hv-`USF|p?|E!D&&TZ~ciGL=wQpO+;ZaRw=jF0VC&h1_96Qu4-3yh< zOowHW{`W%)ZPe<{vhzJ#*y>uRDvw~k+iJ2GO$|4EFC5xssx7%`m{sQ$P^xVDJMI&OQPVl%?A}a{$aTS^z=MdVx}(=id5o5XIjop za6MZ4em&oh)AeV(ZJ%;t!yk0|Eu5u*KRZgSgy_dgb3<0Fs|1aEiYgh2jbw`>*LHJnE>qW zQn|!e%}-XwJaiEiG! z7gmn0g^l+*gBXBV;a9DMYoKLntDTCEm{-wzDW=t?cRC4=JehawAsOA*@5&N=sye3g ztG6H0Fb;_MBI(GunG^6U(!HUQYYb4XYtK9sJGjR-ZXS&6EQ$!OXg9){!U@io5#REB zzy(niKhDc*xWtK3C6{Ao`!+UVKbx}z)34l(OcmD3Y+W3O;dS|9Tyk;>StYzrOws>A z2YExKAoLacf-j7)kH}GvMS$RGW@Ou-^s?Aha-t6Hnv=j>@eUq-oghcNKOqqH$G8(( zqK2-?0S3*3aGA~1Iq9PlN2|~NS|KXswuhxQ?uUCYl=rQEh;r+WWlL|}Cv(KbXX*}u z+5K_7~oXFqhZw#STEXIPNNt(H_9~O*pphn&AM_Ry%2_Jqz_E5yw=@JCTx(6 zUy^{~mgt*zXmYI(@dc}h58?w;LMp)OI?|eQzZZ?DGj_LR&i2wRz3%$m183qwsGTRM zZ!y*(zaBAB*&vFmYDzht(PP^#7xmG4TP`Gi@QTN^LNwFQVRQyso!>Ay2pGuwl7=AK zMOUwm#k4u8UJOjQA_y$3nHQ^v%0kP$Fqm+t z5)0i4V(k}4!xf94qD2j%bD8A$wt!*4=w`AdBwE6CaURT6PTgT85f zhJWTpy(b$u{{FqPEs<<$C53wVR;Jt z)a*%SW&4S8ZrUJyM9atn*%a7Urxh3lberj{A8c87@q6e~J4Jdd3<)z^kU6y89HOTo zxT!N{5GVjm=px}D1x2 zsCGdpncYLDhv0RF+9`M@&Zd}pNA3ZjomLO1$VAE8+E+-3qD#0N;9x=5ww^g>E)qbB^(Ti7;Q=8~Nbm%zUB60dsIGEnL^jyNRttwF zLg`TjVU5fTp)Z9Md+N*#0#v6b%z>Gm1$7M!1AOM7L)hNE&#C3xFG9i(7l)P(K z3O$)!pBwm963YDhd0Ckhfjg#_yx?9oHvb|!Ceu#eUl`r%x`+xS%fXYlFC1^SKjuS8 zh0Ewx9vrggUhzO0+NLzjH_FN=cHEYfL-jq6xsHN-GQt+r3QXn~8YCnpmJmGY2n%=R zvv8pza{x~(2+%Gkd>s9k#Y&N^-{d`vCkliS7&E=j4foWix!k!6Z+`?rLr`?&9GPTY z=-(1mtvO8FF&YVCjW%xoWgwtFr%;3&%mJAn6cKF?O^npWAA76CfXKFOZ+cG^tRuN7 z78iAU$9fD0_j~CFRT-)L`#lW^U?2sF2&r_ zvO1bPzd34?hY39Mc*6Bvu{zXMtiEWh6L89SB+fv$!sWCL zVeC7u3iQfN^FbL`iDPL`w?a4$o7e^ZVIODpS&k7^AziOtY1-}_5?L)Qpv}J{^XG_; z#{^`+pl|J9u#_^_NDL!=z!6WE4nwtHJv{#w+ddxgik8`o#q(t z2#O%6DuK%-9=IOxgC_dPXayFYP&Z{XgRA>JKU%XbTM{00u>y|KbnA!#gwT-mp>}zB z_gM(>O@i51GMCaUkQH9>Jui?BZYnduEHj(D1#uwRtM|q;Y3a&06 z(Bpp<2!HZS=4*FCReItLhIZDfI+M1Wx@;SFF`g$l+0+lsdRJjs?V@*HMKO-4`iNsj z=J;YZOEfqJVIwcb?FI0ff^zsbs;~^b$v*WU(8FaGd&yv^_BL76M(ugnGe);9i)W4ge4qEIQr^tir6u=7E{W?zph=R9Jb z)~r_k-GyVAndvPc_vehcUYJJ{Up3}Zw6>Lki|V{4+sWdR&*1AV=nt^FCZavN(OkuX zGjF+QjK$^BRKtBu%JnR*4Jxgmd%lXYY&YBUw?MOD(oX1eT`}X)93H(-YSH$+Zb8rbg1V1x-w5VK#(R42^%9CS!6O} zh76dHBWY~|`ZL~Ny=`LiW@<`Fkz>4=GC;1eJDka2S%U)-;Uq7Fp{TzqndfadQ@rWC z=v#6y`N@0x!P*aj4AEy~%Ca;~r;|94wP6xCgE`^6l>+m(hr`lbDj>Vagg>Bn@)t>4 z7JG2eMBKmyA=D2w6+oZ!Vl)7|d-=6u6Gc(04j100_^Wzs8?w!~>pV9gDzHOrnC{0l zQe=-W>HYCo>^PaaNM*ztiMoQ1?Ftem972L;F+Uu}C({Wtr*6{lb=D|sgho+kb0#Wx zHM;pFVK>J6YRI=KdfS1~YEUWRz3JK|?y$iL@D3Wp>o^}j%PkC(9i|0#H-0+|&#x^2 z&}xEhzLKfJ4R*$WvTLe zZ|3|MH(RC0_+kvpS1DjY!4re5`S{FxMk=q$kS?lfd|g5jE~|lD6jL2CX0)6N9wb>f zjCa8L+SQfQVd!5+o8L06uN`i2CH$Ko9eBRe}aWUN>;s>s7WFxFK0 zOd$`SSgoa7X$VpcoAXDEyu(pcJKb&Z;G%rst)kK*1_tk4aego@F<)vPnOY^b-q7Qj zf4{Z(D4%M~;PBJM@uB`eQm8W%eXf+34KU(H>5cc@E&&dBD!jkJ=M@$vpsZFdyACX* zqkp@M^Iz{y~GK0X6Qy092#GLJ23GJA}EaxUwYP9Anwd7tt*;o!L9fts~tg zfEu5I&D}!@qJ`T?=|R~tbS*3F1eQ`2!S4!bVi6q1FZlM}MRvNPkLe)Cy8!lec1l6k zCz{{=S4?!f%!AUU71#VTQb=lqMl4MZja(EtWcF^WC@sqh!&{P7X@UmsZrS}v$=FnS z?#x<6^OXKZ?Iz>}qV)S11^)j3VeFh@WNp{2-L`GpcK2-Cwr$(CZO*oB+s16$HfI0* zt(}#vy>gahZsjJ34?lD?wx+X49%%%al?KUlWwmjs~*JoNxJtxJm#C(^R zkOc5$1h9A1$f}+^O#Kd87 z2(NzW9v~{f%0ch5rHAn^tse}W(;iN=G3$ftM!J(a$PMf9`R`o!1r?)nSw?O^-R#^l zP;DZIyAxUY%BoRfqiZbD7C6an)-LtW)*((#ZCh0<6YTmJ92kmtcrSq?hRgd#&TSS- zMP0c1HHBEk(BoC|;QeLd(4l<&D6w@6!dOGSF6Eebfs=}b{`P?{=-TR=BDMT(d(KK1 z!6kB}!280>^+N_Q@`F3TCB7r^6T__V2shMrI-zC#s_hyAWa@EEw)`DpX%l&c%*EtPVt+Z!ZifC;slkle z%kzmIhcX-a-&Bl$NfZA#16de3|F_YYiShq$G-hJ_zcm_5*&VPU^qi=@YV*_S{nKcS zz+U}GRkoXgRWbx=pv)W7+x>Ze`|~m(5|(Jkl_cbXQW!LMUD&mR%^UJf_9O?x zLgej1E;?6Gwz|-@Rk5;KtK7iG8!V%>UESlxQTV85W&x5DT0C-Cf+8K1lrnR6_XdW4 z8;jgC=5~d85&M|i4rTQ%P9PYFLvjmDa4g5^Bph4P7x8A9F)OysrWZ%ZWjBSD7tz8= zIFeu(j+c?3-$%fCv1qa;_n$ASmmlsapJ%vB&quueym!O)z1Uijo8hl$^cZvfq=*wF zqhE5p4A*~i6kfDul#GIg4#vdwo&=ALiamR*%P>jM2VYYipC@sE+B--~)$va&$Sz0+ zXK2M7ItKc01 zZ1ta~su1dJR+_~@!m?fjJrS%9x{`eZILFBb*umF4cfx2?wVfu34iE--!eH4KA5MVT z>VYwfB}AuKN9OP(A>Nk?Dr(zzPHrrLn-AW_rA3B|qV6$mYl?7PAai%>OPYtB2}V2V zM68-pe7P<^-W`AO~D5X@)C$eC6Mg-7&8F2Gl(}E5L&p>8XP~>=tzjYx;C63 zbRScg!|=Ix$v77*LW0?GmU13@df22N639gH-WT}*L%x5Ey4G7F%4P8Zh?+? z1Z!W2lM?yHxh?=M5Pe|mJGIC?BRi|S%R(yB@+5>%Z$ zh*vq|+n1RaYq6V-0X%m^ql>4U=v?|q5H$M$u$d`qk-f&m4T7?`@z(?A_I{7jhJv)d zDVV4Ldrgq@?gU)A}7HYle#Afy_-Mj&0~Mn^3xp^4TaxFV>LM`(2(zVLH_)FGzhOWa7pdzP(0N z-?*bfMp%JSvj#8~h#q}?k&nsTP>}^R!<*Ur97*s>lMSy7`lSo@!7?Dk-axN4 zA@I^F4^R&}{4B?(f%or@`A_L>xcY)sslytk@IpC5Mx?y&G`+LZtG~+!QJa9z1UJ|E zLdnnErkIK{k*iZc!}T~5H`H(y6>10y5KT!V0l@Y&jIb8~gbz5dX&-D`?g6g8&pXq?q_ zew81$qLgXEw{#goY66gXRP#ZYcc_^0X-LV}u|ej%B<|_zNxfZgj9Q(OOC{k~tc*d+ zD0B}&G+=qhLQ?a1r<(0=m1J=jT?NBkW!F1v(qGKbl9q|eL91x&Mf(cYJmTkVa`w*K z)*qlTD{I-hZ5m+hPR?mg&hnl_Vyk*VMOj8op%r&uG*a8qMa*<6tLz7-P`ERPr^nPa z{qq@{%cI-4xucE54$>UiQ+GxZo20dHqSIYEZgdW2`Sdxa#W#U%)F_?EZul~rn8b#{ zTydooXqyq8W!G5|+(n_2r-g?7Ic;8Y`!nL$jl&t@hoH=wBlO;GN+xj3Uql}|6kW$J z>vrYI z#Uvb>$)!WAf#BXeI(^y|N9Z^G_@3!R)IYAOPL1!Cev!}^5`U4@C^gWd=cvk~BRE5s zbJcQqsa?d1B`3vRiFkc@X*It7iM{zkVs?U2T?jRNQuWk{%2^qDHha&PnJI&nEiol~ z@*Uq)HL;WBr`J@a`6@Dylln!VsVY#it~Vfv3Vq#Vt^6|m^MPI%4&=~~JfuyFb+>$z zl#WxkYK!;MV&mEBxN=xkpsa;S2@RINn8la(&l98rP2EBZN7$9PR2!zPWkxHG3&xBc<>#2U&ep8v>qC5g<;LoOyfDw#KLA%D7%W6^V|tMr z?IcC#bS!0pKihg?GquEf19Q2aZLX3UGa9R`3gOn}0Ol#G=!ACnR;(uI!GJ>D?EvSJ zptBtMbvl^7Cuu$@C+q96eFKArdtv-n^7!}i0TToJ|2DfaG5$MC=RfBs|EFeGO{pki zc7&h#$t|b87-@M48b-f658q)6L%h%!E&Lc^eD~o^sbq z#i&^nuJvD^S2N<AJ>~85V z-*xC)g6I8pI|F*z?W>SGS9%=2-Cfe2L_B}8Aq9`e-k#6Lf4IYfNEqmHL^E7c@bL5r zkEL4mRRV{ntQ%u69OE?S){#J=yBd6Le0!x$t&yEiv=+vuwZx5u2;R4H5Q5Jo9ge(~ zL}Da`EPH<8j+JjW0kvp+#E$ez?lriZ)#?*Nv=HJXz;z(u$FN#vlw6J=;^{n7D&R7M zP6{!K-3V4(SRRXUM2KP(z|-yQvsvdO@Wi{aAfu6F6aQdGkgY*-=>hP-l~!Yt zYNIo7szWQ~5y%6G7$HOGDLR=uYH+8vslBh~{RSDc;m{2fmdV5S4Dh)N`?((M*r zR+Jv&-opbQAT$;9lL?l~JBwWoQ1t}xfHV;b2!7Uyomc#s|>%GdN5=z4H2 zbnxi@^5wu0O_B}alVbS{;)W>=U^~t)#5riT{Y!*KXcX~W2G3i2cM#$cT80tX%U&H9 ze+E6?H?kk_sFctd@zL4Ru32kuNEevWjiEM$5IDnPP6j0f^)?|LR<|o%R;F1K#HxZr z+v7AtAM(~Z_O9|Y58hR)Ohq6g4TYvvK&w(&Q@Jf)l07}_@`pH6?lTSN@N92cVkDh+ z64~-MR-+_DsF{eg=DN#T1_B6t z2FqC!D+qF%MOZa;;Q%q~ipE4--<7qga3m9bM9O@sE`{T5)r!<@*;rm$;c?!A6^7Jx zPgig`^AdMqp?KK0jisO@BSTanIseo61l6XkE%z~67BQoMVsam2-_9M*YPDq_Pq%sD zx~mchwF{-!35a;hI%_Tygr?->!~*4GD9Y|ZE$syef zYOsnoL~}|Cn^am?G~Ab*6@BU6t|qBcTX=|>4^b(i@^@n?d^}s;xm8p;9C<*dH=P#o zVl_yPVi@Wj45z1GC~9Azy-Lee=8!bjnTE638D6Fwd+R8^S_Me>qPpdJs@ZZx0Zw|^ zfH>zYXe&^znzH~)X{KyEhSe-Ev%D^&%pUS@^Dgk9zajM==c_u@bt+O^L9ro6i9HI_ zo(=@9dXf@2UeDYZ1x4i7^xiMEht8U>C7DWYDEkcWnXAXJ1TA@vSl|#}Hl2(RAFAM6Tjd%G`4)<~< z`uUwCpKCRx;zEh#^A$&%wJaEFvEB1VG#!hr>vjn%QlSm%C6vF8?J9JvmN6%sLz%)_V!z$AnuQ6*~=^( zVJPmj1lZ-kpQGhv7R`>ko_T0V?byyw%=&1S>CQ~08|4Stk;*Tn>BU~w<7wUgE(t={ zgEV`)(x|r9nde#G=qAjcAZUUDxgn93Dxo1%B)B#wIT9?g`k^~UX!3_FO6XBt86j9` zH!f)0XvflPn$4_w`=9%r9iYW}(K6gS{<+v+eUaSYFTaj zdhtTZ8XPlXSC;;oOctZi^xpUchb+V4|F87$ZzuQ9ZsUK_!@sjJ{*xa5PyLo!|EpW{ z{f}-DKlK0U7G@lSX~LSaY_d32_5P~ADID?ePwv(cx!d1vu6JVm{ZuPr9xNZO;yU&G zHa-W73?Ht3BKJc#>lmr`4U(r=ok{Oa*;z;iQu4m9gZe#NADq7Pc?F=DqV}X3 z$S9Dkb$9y_Y5E_J!r3IS-4*^E8ZJ<|o5B$6r^WWmo}#EvEu`v$tE-NW7hfgktu+Xs zu+d*JqdjoRl7X0KC6o9J!XU-4NQZ-KbKGI*1LyH?{%HF9{&^@ds2KLmdl-OZf{w=X z+`6~~RBfSgs@+_0{F1of?yR!MaO)u3IA)PlqsL z6gWl5DdP-)3x-kSzAypwV)l?ps4y|V1336gSBpxSAS+6j5OeXoL6$@_ntdW(9_a}b zi^6E6ke#4SfsRu}O#t!I7f4-qGh=krAi)DGMB>D)SA=-u z6BY?81Is(XBihYO?R`eaV}@!)s(_+6d>DbvdRD`UA1NaaLD9U8ORfzBWIN-#wGsg0 z;psrRB#G4nHd4w}51k#A(Uy{?7`1ctAQD@!*fRqA9-5QB%g0A0%^^&Yk!_Z;*MGXz zV`elGTo$5D^C`HFQ7ii_;#2S$ByBl2@Q?}e@Sbp@mv+L~6Lj#)fhjS`jR|d-QBO^f zZ57bC8UqMQ%15u{vYr4}v|XvV3ebcRDZhg)S(-pUp4%95e5@1@mWm<<*=r=M&d_u6 zmyD5kB-8=EN`|_N;8z{)I9IMoycq3S>~UB|Jidh1RBd_%O39l1Er@%_$AK_8zVXWE zvru+(N~jwE3qy|sMcLS*bL%Vdq6R3cJ~p|?QT7HTl;z7})na<5+^=KFwk%^ssJmgR z0w%fA1W8+z!vHLCwv3tyGX<2SRH^{g*OK?nb^GH+97pmTs5~qPI;+WC5R-!AHX~iy zI#IgI3pPcNj}7wMTF|(&Zr(M(Z+0xX0Nz6SL8E_UjK^Xn9?qrG$8@~Y>to{7N12m` zSHh1|W2rRR+NQ>hV(}}Gpa!Dq^P#nP&Y71IaPzE*NJy;2s3_euAe~ZMip3j6h>ak1 z)wN<*>0Fy%t1@_MeH$T*C7AhzR6!yMBNuHgWvEKM=Vl)$2km@A+;qiydX}#6Iu<~W zPwDRmpi3p%SVQ43cryuKU7GO-IPjVb6EQ|K+!y9amU2p?B#Pw>N?G6GY=xV~PGjc{ zcyL7DNa9vwi$>BIq-PFDVpcH=1U^;v^kQ46S=zZBRyMA~OIu%3Wu2+E_)=T6q?*JY zV0&om2clcunH^4P`PZp@nhzCsgAI(Y6z4N-${KzcE^1@;WG=1V2Vuq6FwVapqMcEf zbO_gCI=t-8XD|?n7d)gz?gnByqV|2+UCfqVnFh+-_qNKo-<+41wk+;uO0J`u{^tue za8i6dQ%g8ZvdN16P12;(noa&Mc_F5y6UF97Uih-;{O$CM+NM?6G=yhf zm8S9n+vY`R(RJNZn{zaov|}9o!)OO!5$k>Gbz~?7wvb`5@~Y+vG(yIR{HPTI7TgWf+=$f-dr7D>-Lk2P^L^bYyjkec~FH zg1bcbv2v8$8Jstx+T$%w@%icFFH%Z>Dt<|*&%UjjYRI_=RlR9k*bBj={g3`(`u`Omu-B( zA+DVIs`jkxJK3m9DL=Cs)b=yCx(?m_$wP}{;d++>oD~$fVV9@hIP#vrsAqJU7LQpL zIP9jvEz$t42^;oms;w+W{D}JAb&}V%EhVuoQ{8!%i zx2=?T5&t!)X-`!=$8(w9+2v9Cl8Y1p0!Yoks?$NU9IPko|WbnCK2 z&p$5)_%#T0r)iE_|zAT>*ljo9T{DYN-$^ ztO7PITi>kIq=o8ibmX1ef6{~vDBfK*thJ}7 zf&oqT$vk>l0!0pRMF%;AHSeU!obs~UhP?pyqw@~YJ5)#g#X9hW@-3I2^~tT9%$Hj@ z(;1omn8U7|fwak6)^>8jud)^_{pBT=D*3E8Z{fHOZ z?ZgLVxyj+|th&RP54y95OdzOS&P&Q`vNNxo8B!wO#Z6+3t)*@ZFl0*{d9bx6eEZ{D z9`u&$QlRFMla_jywEl7EpDTZ+;pDGUHtv|$H?PI_6116eRYjzMCP(TB>E;h0dCLk$ zZiW$-{9V&U?Ge1Ln_*jq5mxv5Vn;a#IsVWM*GtzKp}drOqGryd$x zX(MaODroBCvJFt?_|gr-P!_`BkeAsyu!!vBw~;Q-L9yudEH6AmNf#pKdV90sH z64HfWW5_&pw@Z>qg7}3nf^R;lWDls052@OI@S8H4XQM3!WF|^@eH&2pc#HGucE>PE zi^V{xbc@an8+0E)+co)xLt&C}N?HF=->%*5gGyzNE>jSbt%FkZgqG4q2~6@_jgZWQ z>vb?XD09?AVBj+RGehDV6eH?T%JIFFMBG5M?%vxZ1<-Fn zn^nir&Xl_>@(oKFMTmkYDA}*OD{H>zoFxNKj)%$K8s1PP$9Ei#GckeLZK02zNCkCDzM7kyQ6SL1&uleJBr=yq~988tO zoY-LhR-)noI|&3W*i_y&ESn2bf9Xrgzp?GeFAr-?osq{}442*(71G)8^yrI@OQ8M1 z1oM#O5=RjdG4<)2rR|%9X%YvkPU+J*f%PO7USTE9D^I7k6q2R1TF$RR>xYf5B{fE4Al*y|cbE-!0Z8mW zLrt1je?coYv|bp2?byyD$~bn>F+P3qB#y5F27OG{#LBt$$g|>oi9tZsfuUEL^NxV& zUE&U&>urD9EMCKyO0PSius~6X=LqIu2_!BxmL#KboUJ5_W!bDy9xmdz;0_==x761y zmsbwc6dmnf$=*-p)#G9zpHx)YQa)y<(PAOqEfjioSGGJx;LZ8)3x6-(EF)HQ4Pk;W z)@K&2J<%s^SyGsd_BRSLH4I)2^TN|eh_L%gUA(>Dg}56(le48C=U%3Y@07QACqOeH zqotsGxUWUK9b;KOJ~;BmT88t$!V>CUNi#|TE7o!f&9b8rZ^ z-0n~D2H+(P*D|2!W^-W=d%K|qGrGhCX34CuVu{@#W~c}Q3o+p?T6cH2OdKrsdv=XA zUf3_YvZ)NY$Q@m*2lgq_l`(q@II32G{-LZQ2UF+t2ijKtTR;2rfA?s?}fEnB=M`Y;il!Yr2HLea+0V zt$bEK$&T&{?N_Z2ign3H1>}uRG5i$PI5y9S>8oz8+$aj(10E6f@-0#ZsUz9G;*ab! ztx-!9v{RoPl@6nWy4I$^S*Zc(-}HIso*DF6krW8Pk}ENg;AS`i4ag}9 z7&3WoW83jYDhUy^&q(G{V;~es8FqBHU21XGgK3}>%*Z|VjLTpv_063v(B3X1e$xqW z5F9PYYnlK>mm|%uWknbtm^wt`=dgnx?6+Qr#mpu-crJA{yLxI*!X{b`i#OZI(`aw6 zdL%NmuCu-3f&6*Z?;;CJ*QQuT?5`q}+BIk#Ni2!cI+1^Mxu| zkfxuFnMI1@a<(y|kg9B=qX*w+WLAo&_hBmL)`yUTSR`L}7p zB$>d8W3F26yD)s#OiNkzu)l`aHZ(&ifaP^=7giseh4kEeYIQUYwa%^7oXA!RY5oR9 zim844*10kdm_4(Q1K5S@6lui0xxfsT zmqG&>lxEU!b~DJ2l5*>&byhgtdc08+6N@93YRK^*X=i~69%?Cm@bxir-R=DD`7|5d z%sVzTt6KZ|`)5+`yXnKNZNjzp`{C&7V3_HpZ148%?qw^F-f?uR)$h~u(0l)WY@5u* zIOt>dU}*GKOU9CeiScSL!eC=ir)G2ZmU?r)_HSYenfA(}E)Hi_Tc}*Zv%MAUrDdFT zaGbNtEa&I@pHV&C?O(dS8S``)+~Sg5>kh{et2fBMEcwog_&R0Q6u5y76~-lSo=i64 zZi7Eq7I+OeIj@!4PWIGo0xWxl+K4+rqWAN&7NTevM$?n~lF|yywwTY2jrcPO1P(|m z$;!XDn(36zTK%Ur)<$`Kb6*i!9$Pny6qg5r^&EIFYjPl7O%jPHy=tKxM{6Hj8$xdMPS~|z0aqk&&|>9o^acNs z5X(%6UDYgi;Fi*updp7c1d#|0I4l|D0Two-DCvubyMH+`8iNSyKPZhb^9*#adNANC zbZ#S)jnIWyLUEkE&VYa30lC30cO}ekX=f$I1#h)BEe`NN2H7&$Ha;uQSPj{=-eVk% z_$f#GW2jyNrzWh6gx0V}nK}T0rLxC1A@%Ewt6alY5OFMgyI7KfPLsK2HhgF7#o|l)ig#7PuUHlC~)jrK};he9Cj$i ztOwWBGS=nT_LnR|%vJ^%&8p2e8zk6cP)g5e<^HD3cs9PMr}(~jbP^F51_}dOK=3P) zG8mz#c1PG*KPo}>pgh$bfk+}n8GH?dU;CAOtnd})GbVK!Gz)hATH`1@$*&^R4z7`6 zNrFH4W+&zgvK6=Ud$JLG1eu#64YYDILCWU~GT7SzqyV~1=2B&V5K0&*n*%j2jSGRQ zSKR4ANGcM25*0scrT%bg0a8l941dj#cwj~l39@p$u?f(`S?~oU zU6{(8gWj+c2}$Tgo67d6sx)G}G8W-P&MWiCdu!TvR;p^U)r#}cGh&$%Z|Ra31SZZ7 ziDZnCnaZjKHri~X`|0cTbpf@MoC=k2g3V2R_H>|h?S)+iIF;E$uvCLXUCtw(D5sb{ z4p$!Y+e>XH48H;-E?Fp%U7#sv27=J?oFW}MbS900>#FdbU+ZsmIrfk-vFS(tGFL`Z z@SI~?rFu+A$JmT@#-*fuV%#6?hkkqqdZ90`q{q z9FHCk*w?D2ZbCRpX(YfS<>|mgo^$Rq?j(8Z+FTJ4Flt?|fb7wK#hUOTu+#P?fp zqNp$>;hgSZt28iy$5)ZOEa=`)65xwP8|A4RP*@Ez5z*FenjR^pe-W@m)?M*-?SuP|f1sc~VXzT>URwK2 zHX|RmrHT3%THb~e>dVpmf{#Jd>RI{NX5wKou4Nio_r14p(A$X%(@}N%-$P1vTI#31 zKTSNU<9uOBNK8H=%q)%dk>j&y%P6VzYOzET7LTgOV;nJq)KXbK26j>mDwhPq=Qx-yEgYryvDRIZ*_LoyU2j^ZwT*o;~bpX`j4^P3GHsWCS z-4x}u%1rj_M@vT1etfXzr^tj&Wde<)zp6alyezH^je))oiH-*TBvs@JgW9mM$^dV| z<1EqH9#(z84gZ1_ZncHV#z^*GUGa`3ve2te!n5Ge7;(?;ee(E6OSsy=Tum13 zqI?gg1E;<>nhZm0;OP>q%Bly1d``kk$jluqmNdoD-9}gsBIw+F50aP3{C1RcuCi1b z_rT*F$V@3ZL&LSQh_2nAk0P<4ujsyf^BMPRN;Q4%^y=AYJv${}Vr697zpbnc$1wye zFpBzt(fMtGq`AR)=k8PfqI+^pgs+_NZ%RSl@+VYU;4O zrz5Go8^H%2_9HTf{5AJemVhJHip$8SKSou0vxCj@4&dpALM}ON!=iz%7e=OTj75eL zBn!>g+W2<*(to1XK7kD0%MMp_Imb}R%5D6_@$lw*Pu!b_6VeHVm2zDe(Fy|TTm4f# zE#$7!!d8jOeb^Ei`s>M%iQNL>&544F^YBDZ+7|bDjGiotqiOxo&@rkLl;R4Eo@^DR z8qiL=l4|SM-jZBzy7ym5j^>s53e~U?kQZHhD)fV#{w3jlQ3{v8pWo}$Oyf**mCI|MB-^aPbdtINYcvg1gU$&&va%tH0Y$4_@E%JAt+x{C>0DE`hG6 z6M_x=Ie-p4?bZRnVh|_5<6H{yP`w-Y-KJHxjRPBBKVd8w*DpA2`eA{d$KLL*``h>D zTN8qGkTtgweJaS~_mM=HSI&7U6ybMNJOx#6Ly0m`u(#Y>AR3IVH^$5-iCP80MBSH# z5j#p9m_WLk+a>nbhXiFh^kMjXno(VeY;mZ2JG|qgGtU&W+sQQD^T*<&SyvK~l7zIZ zk|Ze5{-|#N*kE1B#PD2mUqjC=)k=yEa{(%d)Qk|5lvCNk?7M;#bMJ%8ZI6R2+-+}S z@}4hN&VCFWP3f{O5h<^<-MCn^m)|zx!1T2!Rd8ByK0_<|v=D~tB(vQxac={%FnJ8G z70-T+5CC|!xgTA9P#&xi7gs$rbo|L~G?z|0=|Sgcn{&-xPN~@U!G~Z1{w;vTRV9=9{cOMbsV=T?te33e9bmMkD-H*wnl!K86Ie9A zQkYwSPWIwmI@K8(xMXC{H{=9d<{Y^)IWuO|aMVcB2He>;=*TVx=6l`~uq(<5OsaGm zz&oZe#uP+YD`GM)-Q^-BMFvl@^DlL0Xzw@Nl3BE<)cbP5 zf0i;eMMM){r}`8C>BornZbOym^(O%YtRT)ZuwXF5>Z+7WNja-6zD@+@t^8k)ImhVx ze%W}aW+=09o)j@2h>p9Y_wAMpgGhf*M{~K-!1~GLwENp<;g1r5;jwF{xz3` zaZVx}pN1TtD73&I^|fBscvB^l&9kV+63-K-6+Vjr+ldtDB?KcJ#mG@2TN=C>|v?YAl04LKK?l472OVmD_}FKgugmmAc;Pb ztxyOmc4k)$GMz1(j`vp@*8E)5=;H}DPFHEQ3!7ZY_9TqK!D(rd3$QI5DsE%zoQ4{`w%x0@|IeDowf*5Wx zQrfH8zfAxAnqvwf-jFPr8W{%6<$~W}&1I??xm?h&k|X3-Y_6F|b~1YG9F!F3lw6!L zg@mHP^%z?*<3}iyx4x6D;M%|omh#(sFEZp!b|!bud{ws35;E*Jb}Q9QwY*5dVIc!< zDl_K&^RN|>vNo8igLRs&DriqEraYkU05)sUoAOY)L0=Q`fn+DmXnuJF_LKntTq}r~ z$dol@YtpUefRUA`%wdRo6H0_rrvl%BtqNDRwArRJ1?~RZ^F02xhTmxnwmtf4R^s@ zqUHeQRpA<(;-@>M3~u@2Q?>P4df?o4HQix|l8fFFgyxW&Kd>be&8PfQCYx!FB&wR( zqS&uWy@({OpDF_a^N=%RhV@TdGQ<73}@%fQnW)pMfd9~^06oxz*<=Ior za8k{0LtBId)!PVgalRSMEogvi&#xyCumy)r0H8+QBR=oLB9YpGp>kWg7m@k$eidhk zQU(O}nf?lB3mG@MMsXBzo*C)Jczn+l}-*c*FCKTf0VN& zmBEWT8bBLpKuV#qwA>aHY z?mwwEZEByb#fHPGmIUa3`fV+QD$OMA9jNX!zfJs%IcGD{}bf zkuLR>lldZpQ|NM(eQ_YQXzuSwE|(15WClizDpW`=lU>On+Nk5}j3QD`xz;nv1$z_f z&=cwueL*0(pXUqJu7(hAs>RjUBe9k0Bmz@FF6}?R6Ma*lM3+zLPFDr%Vtl*VzNq?# zwVPrGDafoJtx#UJ9xG9vc@}EZ>*i~JCHjK8sd5zWxe0d%PFeZ^oj0Sn*>v%f&wf-U z{G|Jo=&D_txTir^$7s9*ovTEsEL}VjEj;In=*+gRI9vVJ?8lEH?RY%xm0qY|_@Ion z%(o7FGQPrie|Yanqv{!;3Y^w zo>^4kziSJ<`}uff-x@yPF~q_DJ4pT8|HZ__&iM~%{i}(UiTR%Zo`2r{2S_phpSqE> zB;qbO;CfbT$2|Ovr6p3W2^i!jCk<@jDfHoD+GXT`ea!QBO1^!Q3ehGStV>(Euuz~N zsAAC~Kif`?7IJoPSGV%Q;J#_fg0PqOMr+-^|Bmj(-8ON5zFuALz1d#cmjQeF{Jq)B zL-zsryz%SJ?hG5x=4OsLx%LI}QqA0sd-P4$=MWN;+w)cYYFAoBe8ik`R?hJ=J53_q z1-XKWU1HguSA1Pql=PK1vybH-G+BrgJ#79Yz%ZA{XBSIy^%&5Z`3yjx==Dcuf&<)0 zkn6knF}4Yd+B!z(9dAu*EY{xv+Srg|9}d2a))Ca6%dtpv-DJ(+khJJ3uO#!}!bkrR z?vD3%=Q=&pQ^m}&h)4Q>zeSj^!38pxsqY|O#H|iJA_>@+3f+463b_O2+b)NP$afoY5))<#pxY} zN6*_EI?~QUAu;8f!G1mnKk$Ik)6#}8U^ZC0gkTZYe!%+WWt0%1-wHsi?bRH7_+trf zBhI4{`r-j^XCW^8D)}wF0KI z5(hru!ExGLdP%;}5a11nvKAN%sUGy4WPcG1C|SAfQLc+Dq!=uda#G8%Vt=3uSyS60 zge1eR@jg=)=d`6J++fLKw9HsKrQMdb404GjD6;^zOAU!&ghG}k*00LSWieK`~Jg#(_ylR z%Q#tG2QNduJ;6XI7-F}UBAheB9 zQ4IEb0PN5a2aYYXq~vBZ%3Q%$pI&wwIE=5LT`xB4kjg18ef8TqQ#^9nrx1iewFjQE zEx}Z`J=tRRnV#9vQKrQtYzut}qXn>Y(ODT((5W*0J-jHf6B=*lo{{(?&WY8;*4Q$W zphFI-F(>y)7v}h{uRb(LrYY1tiYxr|rR-!YxqGU} z4ba9ZJcf_EqjW1z4v^9H%pdsdfPJJl2g=5=v>vb#*ip%}4(+;x9##g7L2He+D~i^k zz8HqWJ7!>vgr)xLCQC<(meMK7S?G#|(TJ;13Nj%bF@p6x>hiOhIzJnSJjX5j1&BN~ zY_xmt=@_n>L~^h0Qiq)xwQ`?id>MfgV&G#h>2ZxQl!vGxN~xS!6)0}4v+B4HBeGIQ zkXmX)31mZ*+vgjO*_Bh{V@=A7*F7EXWQD6j(eq&NlD8!C8{vrb-Lpps&N+DT+msOR zTE0?W8#&5G$TSH)pO5GOk(HTEMfNsP6{ffIK7cCT!Y&q(L&PfhJu6_o{atR+Lfwv| z1U%X-?gF%1U4x?Pf9nbfh8!zImpG$uM~QQ&snlb6X92HjuMvI`nlTt8(Ot>LEqMD^ z<*6JEs*eKmu8-+V+l6O$fq*&ABqGeky*WOVLn0}t@g_sEIVw!u4tE+3&jrTO!y=oT z$Z2l$;pRWE)$Pn(qscQxnFe25E6~1MpH>*s8@pf7d&F8F!DwIsqrBQw_h!DL4v=?v zDBYZT)jb|Gl3eIZNN}O=;0d%0bX&3y{t#tl!Yg{ zYX~O1E90_pUbwrK*RWaeo{;CjQ)2!V$*#Ue2R(st&2Y{YXf4cXo-l->hZ2zNNRU9! zq|OnScy{*H8<$nYi}--~%lCC!O9mgoX>=L`DG-#;q)SG~3@#NJR{TP?F7gv8xCr(> zwMOrtb44cG`8j?}*?xwq`NgJ*#sOh1jLT-!=0D@+RzC) z?3;*Ee?47^OHo%cg2pAEg=PaL9EEBYQ%5Tfhech2NfPATPNglqaP>3RUqWp8fWO#uf4kl8sApw1&P*?|U%)6*6D9SYBPr z{BMrK1jJBgX>R^3zVXFkmt$Dn0428(cvpeB0Ox*pr2v$bETf;1=Sz3~W% zLJr>ye{!1B82;{y32+YBrzmoiCz!uU_-#FD9(PM5Q+7G85d0A|vAd93@M3(Iguj_S zDW%nYoy6C8*3Q&g&vjI4PT}_b@BA(3~dN+Lgm3b8A+ZLOTjNGICm*Too!!C|6U=$LIHtMs_9gwG30;~3U*UJmAO*+9<$0DP6luUqzADZrWkCbj(w z`~GLN`=5aa%>Uj-{7*vsXWXkuFKS`!Y~n~SYHi?bB5Y!0XKcd92j%4KXkuUk<(_?| zCGoR%i1M%YOntFVNqwkI*N^x={6cU-wi*Os{KtvCd9CKuX-g_w$gQ10n77L1#igyi zrFJZa{$@d zpr51}g&&U1NpjbJ<+cMoAQzO0KWm@fE;1U|9PX!maTAC(3MA;31x}B&3(w&)A#b*e z`u{O@PSKUN>$Z(;+qP}nwr#s&r()Z-ZC7mDs@TcNTKoK`t&7##+4u8qeiyyH&lr6m z%{x9CXEZ01%_Tn!CnS-$XC;H)NXTfp{=LvNfCXxldpuQ8;+%a_B6baW0Gbai9Xu_~ z1%Vk8PO`FodJFI67#>2@fPFA1Xz)Bc2=4_OH=`mz8S}<#9&m?@o)y|&A?ZGgOb|Ts z#OaG|%PPB#TsVD+K#4~2*|r&oh=|5t2j9j0zCY-OEe3l{T-Q3= z^-R-8a=(#_=WHu_M6XSdO_+sIiQvkLNN{LO*b4eD8!~NzAU9ANf?Ee60G-cQ(T=JcV*P-p{J^PS?~Jmdv0^^M zAFVVkqs@rKe)U<#nWvMTSCEaesz@PEV83e?3RK_75)X=#!ch+j^dSTV+7AyZE%`0q z09d2AK^89L^f(O?*Gx=2<1o!Z6#@gYeHPaeA0xouv%o(>5ag$&{Fo)FOu^=3j0LMo zB-N2J7q3W8Nl?&Yn1kbd7mlg)Dn*T=f}2yta=Oc$lY+C^u96oSMErctK@~(-sj`W+ z26REmT92%Ss9WhYCoH+07`zqfOj9V6iv#S}LS`DnAv&MZtR!?>F`PS45l+3tJLs^C^-vGZrr_1!&3lJ8Nt%EO)-_d|4LMw_m|N0X83uPKnY=<1}B< z#jB_qP;iBGPYkh!7XzqR7_<)X zm}DoR6{GDG$9b5A3#)&=$p!Xb7WKiblk_Y;g^hur0Im{wy7|CTa4ijh)gNfvbn334A`C+Y?QZ zPvqx=TiT0%E)|_uU)9{DCaP1g{i?-Wh1AUC=uoRuw8)N8N=3qV0(?;qiIpqi@LJpq zCFihV%}%BBVR$2kIcLR(YQ?>cQ-3mUOksQeXe^kx=F+NYM}dr3I~h25A87( zVx_Du${|7&EjO|%a%4o93me#$bmzV4kMt)bo!&q{gASqFcT%L6MeL77Rc8~U7 zdq(4qmL;B=2eF97syv5KvGTLkPhA64Dm~arcaE6??c#1g;zGUX=b*^ed&@Nf@TA14 zCGZ6}`cC{a>k><%>lMBVj;klkVkCf^PXk{YtYJ{G41GmTG`H4qTjRF}pl;mu1&XC|pMB8Evn<|u2A9no`IN~!)A0wD z8HX9{qU{YT!3ScgwsA(DZ92kk1(QADq2+9I$H!udIa%u{j4V}i!!4{dncp%;l5gKY zII3%MP-9&`ssSg=ZD?<*+^teDN|%;b#vJ--^w${qmbC9B^V#9C|rR-^+ap9!l! zG^n;;+C%wwYF0Vqb2qDyG;0cjyRz5);oATsJuf*M#D06L^hN=?QPniqNNt7@BRVv5*6$Fnys9n zMB?E(uHtM*F3w8VUG_wx8fDuDFd3I5%_a?T4 zE#^IacCj4*+8_~X5Lfy$PQ$9@k8IpxyZ$DYc=w^jcs+P$X8TjvfTI1cM-|T8X|$C= zg-Y44i^@{m`SC)&jirSJty7fm;VRPisXpZnFRl{{NHgW->4_^`9$#t?t!wR%)ZMd9 zu_(14Bi6avEagD_;7UXhXwm@7_HGSqUKrW`f^Z!aF|D?;97#aTK2*~_T)A2va4N_k&|+2A4y@)()5-R;gmPe))awogF=%O`5=#WzoA#4&L^j+tbO>2mkq)jR;Z zRb0^`*X7#oDY|Op!a3W5Daq_3NGD9gF#my+j6gEt;3TwNQ!y=)AT~CGuAQ@V*xkMr z{&fep&uJMq90yF9=;bB?va~eObCpdI6#jv5#WCPcf0IPT@+*($-4D2TN!(Cqv0~xY zBuQ1rXz{2-`ItP66830b=8c?PS$PE628ubC@qpT2nN67XN{5?izJ^QwcGsTgVs09wZOId4E4qg1Ca$g`xI#zES-ii zZKAvLAw(2cm;f+ck#LDDu;0cBL1PgJlc}48Wv zRxmx2APwLEN!nDXv!n1HO&9u@K{cdR+|ULVBDj-buA`|)rVIV86QJORHLT7S z0{due6>%0RtQsHVp-!es?>NgDVqcRWq~>o)7;-36IP3Q@&jh9f$}%mH)n8JKKPa`) zG)~l0XVEoS;HNCd!z>0txYQU&1=xyj*cXFZx=9iYI;X7`qOfQ7Q&>?gzK~%WP=iT8 z)TU92|D-o0NTCp{gpRMdKif?p!VUfG<^qr4NOPB|-cb)X#~5qh z2m)W(Q?-DLVkwoAQN>hxvmBz%=yAvO1L&r8AN)oL6Hr?$8_X z$!I}Sly~teovMO911i2_Vs%{2_;^I|zKSoN49#)E=4GQ_)}!sT=hQ%4^KTa2Mgr4v z!)&2T>S{BYKQz?UDc~w7X(#?#|qpTBI1u>lf!XT*_|qz1h0FRYvM3 zDGGK9vO=iXaVjzS0>-$`@oKn@73qq}DnjF9k%7FNDXRkI6%Sz9eM6q655GOt9vw6b zg)Te5E4`T2nrCm`8!H-rxTVUfI{--j%NSjCh| z&a~h(5HYQ1als6K@>u3h?rgE^6jd&68UMA9Dbq^L0{{in*D@hNrdgS;nLye0SZR)$ zVSP9SG2JUdT-E=Zlf?)6OIdKsKr#J~#eA8^SCy!iP*Wp3lIyLD6&HFeYAdl~l<2lV zK}*Rs2|xj(E6Is?mt}u$HMO$68fmK)7i!d==rzjV`{wq|NX`V@v}m)4G*2d@Zn7o* z<(c-Ha@nqZU(Pa{R#U~Y>sK4Px7ARRpSS%ri)38_XZBMssJ&LUr)=HqX6y*1pJ$D{ zbR-Ml3(9Y&bYflU_;VldU1P-}uVc62AR=G#NR>{$&}>&4dB$DAcrnM`bfTqKt^q0L zKb!h57%1f&zEY7%!#(p>TdGZN=RGR9?DY6u#FQCn{%=5mQvCRts$FGjyc8Exe@-1y znb$QA?{~O)^_HtqxIYaf>__6z-h6+Bx-7TlMi5rB*Y%N8?(o0N#SX=i1$D7=YZ32F zZ=R~;k&--b)ePK)?TeYa>^sZQ*R>t~7dCVEbZ|KuyYhNns(y3l| zOcpz1_h9o%rAk{zq=d69xvFOP&KBDD=)5^Wdo{KE#Q9}axwfKkLJkX5 z#Xsn4Qz|~Fzeo3Fm;QW4fZM;xb(LSfW5h1U^AG!j+hYxXnr*9$yn|E6DCnwtIF#J{ zNtdcLR{LQco?U+DY80z-RaCZYlHw7Y53{$2u1LOY{lkGJCC}xAl;-@+#DH%SmI;a- zpvLtMH!o|YX3uEj80wEM_;RgaW3ja&EBwanc#w!DMJNcnfzFOdw@t9Dz zG$s=RV5qlNQT(cAcdDk>sC>F5`DxzC>hZN=dGvn*^9rzPUztyasm)-&P?e7v>vd;Y z(RXZtS`zVs%$p-X*QKD;(Lde42ERYJ1u5W7$1Rk<@}+td^xuUt?<_XDCSmA;cJG8^ z)5^ab@ODA_6oa`=AYG}?WN5X#P!F2?;`OE3Oker2E^A209M zGv>{}-y8hDcn2)k2NgL?o6`hv1!bNndu_zfRw z9kc(^P6f1D-hlr+laR&Wb3CvFj0+ni+)?z%8WQT5JH4=8a+LGXb=%k`oQ;lhEXt7O z1SY1NS?Ty?8T?uJbf)~fvBURuclULBHyP+C6+Sq|Y3@z{bn@pNL>zcQ4|ggP^Ka=B zd6T$v&Xci^Eh=A&AF^{36Rewrln<_c+4XVZd3em&s52F+D5_|fxC{@RP4ixp*ZiQG zSw)>lKOo(Ksbzw}2X=28{zUo)r@z}90}Gr#GXK|B2BN=J7H`{dLNuG&S zgy(kqOELk^4{mhJn9HsSazEzF2AFuS7yqrY3gL@Q8hdjSi``z~!@LULd5seN39A69=e> znOPj4m7DOW+0u4T^lkcc-LCVn9JB^=Rlz^IZ$|-8hvnG33=4vEqBuQiY@nYHm?As* zC(+4P+8KUwhg#Q(cV95=iW57~9ULFc;1CGJ6YdyeCqhpMIpBQDp78fG621MRxH)ed zD1!tn^*0YHJ+4~_{_s(&WSAmOB)TzTykO1;(O(0A{BMDU&QrK%QPyZPmOP>AY4$qV z86BTLLnYn$&Piqo;+_L>uq3-h1x0`sf*xxm`Dz(`#eu)mU71CF%>^j)B}fRpj*W2V z5h!;c8uc(<<`%rIxseFYaZMh>O)@-1rd-=jHv3rF&#+TLU}!I1NY1c{dfHZZAB@cy z?l+5~Q26Q`M8Gp-Bb+q>Quh&`f~!QMtrtlPW0j{P2qg<8(LW2e15vOEbo&H6qLLt5 zCTa5S4(1sNM9D!jCk~lM4iZWZO3SM%n=tkX#Sp3=~pREs?!0EuTjjhJwoh#Wa110v3GU^fS{I@~t(oXSt} z8e2{FWKn3ZQUg`6vDEl--bgoRE zg(&dLh$BWo9SD-`3mT)n%15*Tv zs+}!K(1B7~AC7o{o>fQ0)GM&VNgFXl;`EC#CP5B6(=<403sI&LQ+lfsgp5iv=Hdf> z7)0=<9u`QA7b((s(0J-W0IF9eVEE$RlLW~L2$pBo z6wQfZwWO=_RSn@no4N8C{b|i-js(IpfSdgxdO(L z2aK1AmU@7Y(Jc-G{VI$DT&0W-pj$9|K?Eg^X}^#MKhNPT0ip@psxhef27^LnT<9TQ zHNqyHpi*5b&oAT7_;+pseyI`1HP5k2lQPWB7LKH|f)3bHb22AZtt!Fq*K?_qOzLk- zMYWG(sG5$Bd7#ELG6*wubrk;kOmHggLx#q~t5oP`?aH8l^vKLU=p*poAAS-KVP2w+C8Ysg4bSo{5Wh;~G~)Jy+rxu`v7E3}-pbbeN&N6t7<3 z*iG0mLhycvaKgYoRqw4vawU5`LED_78)SL=^a@DZI2XPLJwq>oYXF}!;9aU;p&JbC zRO{yr=b88Rkv~B%0%-=d*)0a;ege(-1#G;5T5(kG$)9mOH7J6H;po;wuX%DT_8@n- zS9yp0x|@WDX(oIReXUjl?$9SHYpPVI$8wtb@S6g%NyN?s^?2Rg-1-9(elubwBMwn2 z+EYEC!3~s^Jkk}EQtClC=>=|A76ZtD?5Jvc+0@NeBCfKJW*Cu2(b9t_9+^sNtoLxVuKEe|m^_1H~sZ00W{(UJZn5Eg7XqchV4E2W_ z)Tyt*2GznfIL<`Ybwdh{3a@I5Qo$W&NU1ex{^=<4@wb+gwUcU%KGgu}=Kw+byDE3%X8=<{ky6QZwsQav75lJKL5PmDTKsaVP6lyB0oM=`0~g z5iME2y_AwbLuF+_^F)3bWx>`sTv3L!btK+QD7?k@#7&(XD$)BY}LkL}3nZenzI z20^g#Vu!)V(9iAW7+_=rPyM$iv7J1KB|=ko0@CD@*4l% z98f2Fy#qGCetBX8+~2F&Q3G2vjJ^N&(U#!R%2!uP00XNPYKARNyfwgOiM1tQQAsPg z5>3Ag669n2ikv-w0gH_-V3GODK$bv*mXW)&i}fi*6E@xXr_%s$8@MC)-$?i0`10%UD<}MI`nM`sWwit{Vj?;Dq-~g>jfB98Z4s*v%tN_-HJS;3(W0!dMTF%w+Ocm2g7R&z7enm=rX&^J5+zq zeY>w5~`lW0T^zlBfV%gfWtG>nTH{CpEJw~25ja*i zfM+_4CN9LvH1Qmc-xoNid|K$q|H>*QF@GV~!IC%>klr$yNmq?gA<=>%&FtCHev zHn4?2!wfB@RYV@^I0;^?;I7(T8$ZdO{pD}AfX}P9lYjGSGuEtdR0>?&ZfXh|e1)wA zxS$@T2X__kNO*I9Cjl}wmFKyM%`rR}qnzQbD*m_G96(#I*ZBkx_2CkU-Ryfq8-V0? zeVx3nv3rHCe?F_WHyVtoK&W7xV5db%NR*Z=}?`^;42@{&qzDlG5hC+fe@~6>I%)AUVx`*Mqk;ZV$l!lPFP*Tm#bw*?n zg%0IN0uH}^o*!gU$@DzLMG6icB7 zMr`t;}@Bgq`+&VEKeysuk20i<1BMUDa*4dV%}3gkp$ zvfmaM$i)gD@dTQqGPieK=+{alPd^@{qTdw?E4Qq_Q4>^lxkq^IAT(>IhjjBiNt>ci zjf~22@uVJ%n?kFasXjvxjBw$5eDdT1!y4aBH7_|UX4KLNwQRa*YUY!nAEuA2D-5%*q`Gh z>3SERDyG3AC!hM7s==lS8wE+bgBlg-b4r5zh`nhkc|&GZ`gxUi3mr=xa4QPZKpnJXFi9Kp;zgz! zC=|OXCoLO6m^8~`Qsj6-gmS4@=NbXVcMf~Fy6R!udiIO3MdB&m zY<6ua4`Ud#M3%xGk5AXsp5iUE1&gRQa(_zI2_n^W!z}6YM4Tmikr3yMQYfCPaMoE5 zm8)o{^A2}MPDm=@s}D-|o^6fLgfq)bB&Y?hf6D8!ac-OYRC!vA#4<%gCRcVz-^wf`XW-5+q}BTFTZMaW}J3di4fgps*)RYAMVanBB0HjIGNqp3)h0@#SMKuUcTR-r=%@JFbtfpr)nHVqM z*}CpJsq~O1t?Bpv&G_>#MaB+zQJIR_tXFH!NQEX>op=nfYRKz)Bn*Y_o;bSl$XSx3 z@IPoM=dYC%DnTQ!R}~APwkhhpA*fi8u4Y4Zv!Yf^$nRcg;IX>4AIOFD#6u!iu(P4Tj3m-$7pc z4O9hy9+h(%w=?J2n+r6$+0Xov19(qgoymWJmWfZo3Ob@*n~4Ok^z7yP_&nIn(6&?_ zB0nr(T0nvf6kx6}Y?ME;BQy?cGS_^7xuG8@D%CT5A5l7{id$?d#cjwzy|RS9 zki-)Nq-lPzm{E=<*EP**2yNB)MHf6{%5$YA57B5cNzf|X^8!?5&U!U7>J_-6?P|N+ zsC77>%41#(~Fu zGwe-R1jkUO)B_d3HdB_Wz82qt8Z#K(dn1-qgbWHCyk1t&o%HwaP4D@=kcpN4D@6Sh zOZ(|F{Ks=4%Rhb5|9md|UrF-+Q*&D$S|owU076pldukg1z>Ct|to{G?c~bF`4lmco zTSkEN()W$cdOXh>=XnOMbHjSwVZR#l+@>qHQg`tEz6_t$F>KxRzdStreErpU-MGPF zYdk(}pAXiqKdv9|^8>yfXTlaP21{>&tnq!@1#SRp`M#YLbnW2`yxbMAYBNso9`et; zj^JX>pI<<89CdEPZk{dM7`vdRyVbxgEPywFaj;gryCU%a1_#M*+&F4)+@Rt%f^!Xw zfwYG$Sg_z6d*^LA6zTYZbZy;|IL|_z?2gvf@=u+eOG<8Fs-&s1mQm>zHjs#oIyKO= z?ZwmSzjea`?_u#Lmz*Ut3v`OBavv@pjL7?X1Mq~0fX%16trTSpFhZNdTD<#W2M>T+ z5av|+!_Ln$#U2+qHX!=>o~`-$_+ESRMN|%+pKw^ilU+mmloor!Qlp!Z%A!w&`x%Sj zEu3yA@D*Tn3Q6-VA{GQ!1E_Bk-9Ruf=e&g|nz95TyENg;sn}{!)nMR|UIt37T{;_# zt4hY1-|ic*>t33SdCp2>1M1%U|rr@0wiSZxQg8^co~#uX+n$A z0F;ab5XT%*{Ax^suO{J#1f6_d?S*wvQD})GCdV7ES9Zp)9{V=$+Oz(^&r_!&?BlF1 zD^S(9!@k=uXRz+EAwbK`;+o|jgE*fx3IrfsnZx6l$2k|v&p4j29Tk&IUq4a7{!H1T zNcMPw`;utxi}Qp6p8^$5@VPtnkYbIg8d8?+EFmtWjNxiv)9oBde)Tmu{pU;_%dhZN+Bx; zXkXE)&|F#*BaKtRkr2x%6$lJA*DwnbH1#S`f)Fwgp{2WNubUjEwv`|Sa2qXJOxA4D zO^~T(lEHR5*XRsrA|1WU1sf&h+X#_xt{RBEsBn9z_TcQbd=0h&om=x(ANc01!$i!y zBtmzjm3X^-;2c&3?GxdTtKu*1cm&;RO1O&3J1KtnmPFmTl#{it7mnmOth|WAj3Cjt ze!@=MIlAODZAvmqHo(?iL@ z#)GBXws8+abgs9WL@y(r&SJld#ozEdVA|RP)WHkiQ~;gvTfp$#gbyY_z!-H zUD|&!6xvY-qijdlHH6l_hbr;VGBy%h7rRA)2D6x(1Bx&wA}Y2_mVylB z^OdCS(I8I286)!~-0v@ri@FujHrU7A>(zG!IBV8_6XeuPT#0Loz|%lvZ)UWkqG=@P z&<+61MPC$UI0S8{(+Ojs-r(Fdf~15E)Pd~xz467bO`peu1j)jp9hv}!?@%`hu;f=cEnj< zQr(#7VIQp-D?vML_5}wnN~LVHhL%tnDgSU^n2ZHEfBdsPMnx#NVdnx7ah)FdmzXn# z+=tPGH~QaWr>89L{e;oX{P&jnd_SUz4DnWk3%M4Yjp)YkA`oe}fy)3eC8Jp5%2f#) z+4?3EbiF7{(NL0Cj~3ed%Ki`X9H|jG^5991VbxnTgD|IW@N%`nM`Lf>ie`>OSQTqq z>mkvl7PJ#rVK>%Nbk`E#!}uWYVE5PhkEYjAr^4{&^aa-d9qI<8|T*DTqOJ;X@PkIj(*MEZZJ6XGb4yN&X*)?ro z-CUj~Y=EWhWK^b%^t=w^MP%fBV0WYFsCL+i71h}&Iq>~OXn|Yli`vZPT;DxCF(mWO zH<6p^i?t?7&FwHC&e&+E${qtj8*CaxWQ14K9__FU~+=&%R2dX?$W=@#i?7RNY#q=QnBA^mvW^&uf9tMtfz~NLY3h{?A3}lqNRcC$QjqmE>?tt zVn0t|`@ddWs5rPOW$^=zX+b)jt6GmW`t=@asAP6T+V3m%$7_Y48Hepb20UQ2TlKLk` z$Hc_(@9OCPG(%bbDUALnN&W8z1AcP<q*iu8wYgt$pT* zEnUz2>h0?36$yz2LxuNx{+ij+uXO`=2=9FU_35S3v*Rv)<;@XTEbUq{+3I(*;IDJB z;#UjH`xX1#+pV*$?}vE>NVa=-pLsfaQ8?dLmp}?jp##T$|5lLP@t}(&lI@^_w={d> z7+9#O2#Pn_>94u5(wuwV8`;DQi*a1LJvbvi$gZ-^Y+y<+EtqqT_OgH^)eWA42 zbdstJmCENTrsT#y@UO_)irHYg8L9L#G>ZVcC08vO^K^GAbqhl^!h{*Hqz%%ch_{vS z4zcfy(E$aOMrj<4)?6#-J=PIiPqY1MfYJLKwAWhU&Y!v5?!xctv**3j+C#-2To_nz zX*gIeUK~l#c3Sp7`^UO{5ZSJFNVzt)GWDhij{!^Q&LAzFSJl`df{wyYjMaV1tX&}V zBZ%`}0xg&t@wgp%{xP=(W+-_PH{Y6YC$qSh5(g-$#qc{ruFu3hWfwTBss->mCK!nl+08Swhy7O|20#CegcF;JeA;#{;Ld31E zX+mP>P`;Vx{?gvU&syv9^re*u14BR$a2zQ{|6or2rEd+#l7kKN2s|LLyqe&q0B}48 zRP{c~MtBS*15w+6GorMKgaLWvo~?e>uRU>F`*XN6CVnI|+?sy)BRuWyq(F^&9&)fz zN>liq-M*5~KpW@(|Nr9YON zZG!|o5C?MRRC)m}Bc_=9kS+x{)Bl zb%toJ%~)km)2A7vv9d39c|F7P!@r9Kg@9D+{gRxBs;7;3@4?xL=a|5X6d3H32J$W4 zbw&yTs2o=-!})!z1STcuR{FN|RQX@WQYKQ#b)%k?43!-FP3uuq(-!OH>C6w@Tfu@P6=8zG6(+R`phmPrOKat(fG9tPc@p+l`=&8F%a2SYze7sn6ARO6^WfS6W%ii z>ncPG=zdm;FcKwS<_WC3G&l^}u@UbSPV+^`Rl1zR9d0R3OD5Y+d2H6JkvTae*1HI4 z-R%x6YK)C8ovanG+_2U(tP^PAxcc>?^)al62?IuZXLAzF>ohX50n3EXfIBqPSh6Bp zb#{p+6Pd%1i3n5N`5}0wtae`lnmkbRHJ-B_#cO-{?(yWZ+|G~e&82D(;@F_eepQ}( zd8Xb_8Y7K2l`}0mm|9<|Y`AR1`H~yQO{?_F{5Waa&&=XogIYo|wQG{fu_LaEeWrFf z#OH4t{*Q0`4)Q#Sc75??_`J4T*gt!t%2B8U8gG{Ddeqm|V%I5OmB-#1wK}KOYO+9< zDj3g|1G0vip4p_+2kv|ziiWvdj*&x_MC)L)$~DpH%S4HPvdGF8p3L>UP_-6|nN~@E zxJZlj_yljN5Dk*8q3qz~raymuqQk@vl)p9;kW(G+topQpR85+PJV;H?wKrLV^^rCR zKT3m@`Np0nVhJ3vlFS7&s)bQ}Dww=J<0t%Ow6xd?$<|?b{TM`E|JEI$dcY^*o;pg- zqnY)ZY^xw_rXs<5Sa=MiaiV&n&&$ESHH~JqbP8wtpy{+!CVO~3K$dx`+J@EVJh$yj z+iQh}EyPGn!DGhzy5xOZ8RLsTQ#;M|Y`(8v`ZG76#O0Q2s^0jQGn@nro2${3WFypi z5Zc}u<-#UbQ?AX?<-=ygTL0{ga{O%%&6Sa~wXW(F1diQu*`scWnRZ-?kk3SudR%J& ze?x+ngc{95N|z*my$dD89iYiWW#KJNM!VSJmv59#n=6rFt^y*3gnyV9r#U- zeKe#fE$J*YRc*A_n)%ngkEp*x*c@iC9R@vk5J4~?<@mpKL2|J|H| zq%|og($8_Q>%Q;aLYfjZ7G%Q||9IITO_;e=(*O>3EA{ogP=TUoHsv+vs={ebG-z^K z6ch7y7(KILxSQwm=K47i;#;#^Zn|;-|GVS;U0<%ZxN!er^w%|>{!JG|D%al4(%EBf zX>U)Oa@)t_POo0@*7T%kNbVicR0-Wa^amC^1jl>qO79kL@Al_B4MlPr`ylGkq?;Og zxnVWAhBS}eh3M?uUlzcVqF`ve1w`;)JT~UiK(x0AHFpTLFj2B55%lKj&Nm7uz6nU8 zw;OA^haIm`D49?*ih=~bh?8c!5MB3!$GbO;lD#F=c!Q`!r-Mt+eM+}FJsh7{YR#ytH7%JTJ5A#=8tm=+k~;i!M6@`tmAjmldmSOYG6+OGkaSXE zdUss6gcP^vb^ZyNypL0w?MhvH3hVwOJ8iQ81Vori^IOCO^A1zq!Ol^jZF+SE|k z!3ss)0Wa$S5Gr0G%QZd}V8*RdO6wrFX1Bl&eMq(6*@fff05={%+>(fMCcr9>riy?u z$Cioc#sIp@K`L}P&R__aD0q#6V~_hO4wN|(VL^^`PngrRKzhjVeeE7uHE`0?J~JEd zAyH|7@=x^PBBExMpa`ors-rPloDyB?)(XG4z(+uhnRUoARZrO**!C@D^UnVS%cpl` zsCD=?7x?09kd$NoqAO}ClD)8Fi=6ht#{f+!IyzWl_Q$NZ|1D6`f0Qc#(;Z5j5)Ryq z^B_z`jw+p*4WoKV@BF4+gv0j@v9E^UE)S8|<<*y+0J!_)4k^A62sQwUP!M58F$BP} zs}MavJ%GGI1es!uxB|CEhZ_kEjgKbyB`JrHQx1zKq8MW~bkKi!%6dz+cN#y$OUA?@ z$#TFzQdtK=XKopCN?=W>BZvjYA3Y!I%epi95nlk`!9eVSGCHb!BzfAT_+3UDM-=(g zV5z#JjcEh!egPmR-o|{r-P$G%NUSkS4!K^Y4L;F|sDoUB0Ar!QSU?}HO-%x3z_dZ6 z5#+F`X=NcKWELQza)^+i0j_3fq2pvA7aNfg)#mxi#YK~! z%|xlpqOqO2*mqZs0Y7m+0N=hCfjFF1cZw1y-KP{=MhtOYJc&9Ag(kB(6p=x0bo=~4 zb*k^Mdlw155LaQ8>=xF-&*gi~8l^U(<`|7FI8QC)T&zWj^f4#u1+4tGe&ad}uYJt9!>eFAbqbv|^rK4&5uTnB8=lJwf@4S} zCgzmYVIz%ydxMzRFDlW7$_oi8XyEFxTEy3j69xk8YaHuA5wbL;h`6 z@o^iOHq(f7NJDN5k<4B zl@xGYXs_~W`Qz~RF8EkJb&X3I)MZTZ6GU-eJB_0N=&*EQ9v254QP4q*H&o?X&AsUu z!4zLUCJ@I%h|>s{1?*KftJxr5rI(tF_m6ufHix*ay5Qyu(nb{{^0T-z^mjaidIKGC zy0+(g0`FYpBfK`ek_OlzLd^a{}43{qn4g;hZ8h z^{b+kUkQPVunca%Y>h8o>Ssc$7?Lr@`2Dh=y*j_RO^T8K3bAYDOMV_O?y3 z>YaEn1&qUuSI9*#!~Eg6#J5Y|dz5NnV1!i*(!b_3Dw?`4u_!Rp%$fI#vH@02htiZX z=&sq19C=sUBV_-q9NyBM_{u}E1vnYyp4+||q`leLHoOxKPs{B{!XmhXC@wu`hbK0q zj`j-s+nYJL60KY0vZmGRn92^PQ*mH2t^TDu(kAe_`fDc!r&<@ay&PJi6r?9x(P+8Q z0JMNo`ByV{s<7u?Yeb48C;_Wf+_C~?RLY6tJcw}KVL25Jf9fq-m#lA3Hc?yL73|YA z)QhMsh_q__U78I z57xp7lo$6Y(ny`$AhM-UBK>MMN2IRoxpcu5Sp|g2YUGoz#Rgnaut-2S#%hZHK*^nETTv9Ieo%k3d<=dcOGI(S24E4AwhS zEUL0iUUJx13ao{$ST0jOHaXCZvzl={+6*k$bM4L$mp*>Z_^*ve&fp~8K3cYE)E;xT z*O>aea??l+l;m+b8p5y<}roq z&fC^!zduOB&U4uCEW7K3zDnmM93X2BW1C}1P;-r*Lu(T39Tk*ds}fmkLMyn= z8v>xF8V@6M+1X2+xO*3aNOx?O`HLfn8?9EWKUbx0;1=@xzF-q24X}bYGN#gkb0s1x zps$g6J1p*#SKH~p9QfyHRaN+TEOYgMYz#N8dp65FvhDhJcssN6O`Jf3nQ9-z4AgVz zdt{AvGYYN2f2>jIaUuFe#vAx$O;U|O_l)}@-N$Tb+6CV)IV)~Kql((%3Civqg>8Ye zc^4E}r?yl!Ek^N_yw0fA*rya+cMThh(J9i&q?M7Ak_(n7@(Xu$OiK_&Y*132SZ#x$ zU#p9BWoalY-2!*{7TM-d60BtYa`N6>1b5kdsC5NiFeM(qYK6QxnnQC*Hb&KER?tu~ zUK6X7f5UMx%?C=m(zCcz4MjhFeu%bp1x+nA;*OM9f3gOc=NCC}mHx^)A5ucpgg8%w2zS|J>PoCx~N_+-IssHibLzwm zCno)PXLVyPi&AOQ#6o|Xhvjq>KS6GuJK=%(p>=inrv*?`Qz%18u|1dbl_#?k7-2Sp3pHHSw13HUur63 zK9_nme^wcQPJseCu9{IcnB!%Hz&;^P1p?(FXiRNBMs%kb+TTz721Xmo>rhE#%_*6! z!vf^BZZ@rWRU6k7*xK;@`Wql^wV~kx!yU%@yh~&=%e75MZQZ8J7HswqMkH_I;u8-y zorzziX|7bIX>94X*HJ#@DlgYfdBS!7J}oPN`zmu(*Tjx>%HYU5T&pTU@BvqRGtcQr zH3D#@JbTM7i9)tV?1he7iM{&LbaJJnsa{M$1`&8?@eUTpUV6l{;e*ku2eWhbOj0TC zL9waVdh0Vq5i9>GCAa$~_S)Mt+h=bIKdnV#pWo2kXe0jHi&lCOA=ogaVKpTo!Kp1fm6DyiV3L&pt~ z`T-X*xAWs1&r<--7*}35o2T2+_S_8EXRTEoI1t`y%`UhpNWbbUO{FFj2A_CvC5QS@ zv`fF?w{9}=Jne$$8Zlm_FVY5tM0V?qR+6~zl%bDl3VBL$ zDZk)`TS>ve_}A_9_dtH@n0%^6O^vL{`OKehEWr@k9p}-yFk`bQ!TWZ8!so(aXoq+t z-kyy#|DSPKT7K_=WfXeIPC;}}MD{GzI}Ptu=naoB5PyQg#OdCq51+0hLUn&n-L4w7 zVJw9r&2>vA*^Jx5T7AAtJ?8c77Aw!q*Cxi2wzrC0fu{@u4^Q1h+sqfDj7ORtFDdtq z$2{;4aOupY5z|M;Lu}Jk%EL+Q>~bvq=>YfPcK|A#To{J*kJ2wDH>p1x(*6D2M$Mo9~Ce~sJd=Yz#>H3DV_X-NI}R4RYC zOxe70zjRyG@3Wk+C|8QDm3VX?{4vJ2J~|O!X8bnQNnLlox?Uekw|MoHE_*(m9iN?m z1G%C&p@4GT-VC4b$1XRo&o1QuJUl#49V|?xz5)+pX}$Wb1NOYXZOBI@az=EDj}$9*m$=GMK}=@ekPTB0`VNGb0OQudsjn zJWDOX>E4fSESrKt(&dUnu03Vb=|Jr96S`%lhq5eU$1WRYxcVxuG^FmPh|!#G~K1LvX*h z?6RC3xkP!p6Y0nkT}a43rpdDgwA}P=7WHFb1I|3Y5jbrWLD+n+$*Or(@Ec4DowOA= zyy=Qnu3&>!D)akHGB;k%Q4Yf1!~E<0(tb$HNzs%Rr((T$2RCic5gO z?||%dHo^(wf`%zKpJREcceM;#O}+Hjwi+*MAhQh0-uhq@Kb=gWW-b4G7h!f|Y z6^C)#K_Dp#wHVfDv=D`rDdxZTg)&pSd$lOS_JoO(h~&aCVpjeF zW0!D${Ip0qpJOpD!FbAI1mb3K95yvc?H?!pWyQxy7s23=a`ZVXV==Bv-Mna@44Kkh z(>G<(Rxys?BA*FNaC#-QtDeM5;FrURILh6N4Pv}&DOad6dspLTgF7!ldONm_e87{M zZYXk$c0FGMpdBsA{Yw;3b6F?Qj-E=QQQEImQP>NAbME1q8judY&jw9eN+>QVTAuur z;H zi`<@2doysSg7LRae|g;PFj*!(+?T^ib*BURvH%`eYYZ~nu7ma(8KGxu6T?D0YW+F3 zD$KjzXnBk57pqWR&C|~jj7BwEFUFB3_ zsN`vg+#d$_E+?Im%?f2!{OQ&V;F(h#TlLy+#Y$gOlSmB)iaG+t99DvFbLy?Ri_)Jj zp@AxmTQI4kmhh6HXvbI70>mR@)?zqb!Pgm?rnJ@)t}LlNR^S9x?1C5`HCUNpmT9vQ z>yB_PzjxxPFD$)CQJ?YP$WVrzNV+dc@8-LEAwJLsbiSIOJ83wlU?LHtvT#iRt&}2m z^eh13Z^g;$7wHlMgiHaR9^T*gmzC;_`C2}ewdInqH{_n#l{oa7XBnnlB99^A$O-KW zz3bG7GU{unM;jkur{OI{RNrxSP($IzHtgt97u@=aQgvkVlL!fNyJ{9D=%D-EwaLOn z=QIe{<2#rl)zV6?N!k?Yic9_1nZw!0tI3j0*1?Q*@MpvKkPN4+N?5Z|JnLqNbaFHp zwV%^_be7RXi%B@PpVi8(t$$KzN9k#&mIGiXC^BXq<)?vPleu~(ER&6)6UhZ}rAQPR z-=+}#FK{l=4wM*=^^h@%BfkrVNk6!;nOIq5iK~uVwzDxg_a_%*5 zmh_N4iLh>>G38kg$?h)1@)hNYk)j8SWgFea zJwRYYB=AL?281<4&z~fgj-vCKjc!Cn6e@kG3LJagrIii zSG{s=ov?&t-5unPyjjiF_6s)r;2`tdx|ks^n6`a~8XD=`iQC|ZeOy#wxrcM|gWrv* z6k3jUoHUj~3@LyNUG8*(WN7754>wcYtz<+aVPZxftz0{vajpQ>r*mrd^L%G&#FMY2 z*0`*F26J-1Hbq8&o{?fLq)wCX)OcCZJj5q zt#>R#)gh}k)+?Wp9kyd=GsNo|0ykb&KgA&E+{$9%7HCbp1U<{SfM#TJ`&&Je;cce~ zN~v@D@Sjm|{Pgmg=`j13i|qZqYPUWrejOa!mg2THD<>^XF?N&qni1rYzLi=D2~0x@ zk|dZedE2;Kk~nw5id)yc+Ap_>7N<&o;RaHv>}!u1Tq!AjR)Q%G6lAzFH>d%2ajI+m z>~c`)@Z6yo-4z64q4%i_rC?yiAZ}juTU&qln~Ou2R@e{8%$HjlK_{x^dhI#RKt?qS~1f9`` zuw|_esvfG%A-w$BOn3x!K=;eV+Jj>6|2aux@GL(k32X1?B=KY+?dR155mOnpL*~>K zXSy0d&XgU89z&*jsNcDwjmXy6QL3gTJ?f|Rhq&`1$g-jOPNh?Sa`!3M1qGAUjv?p_ zL8KE~<&Wu@lmOm%-9z=7$saXtn?jCu`gaPW>K2;(|3+Gvu zIZf?FTRgJphSIJ74Q&8s#)Be9*(@dx%U7Gk_yUd^)Xf-YG<_guCw{dkpuJ13+zTq1 z)Xk`VAoi%WFsqpnB$ui%F@5}q{Xrm2F8|bXzKNhe^wzx!ESrazz;omV6_UMRpFu`loAZe?bX#`@g! z=yo4aH$rBthmZ0QMmg~1*YoX8cE2y|!?di&^N1}R@3-}HE?tF-@5ja7*%jbom?Jlt zSI?*8^E2Wl0PpA5gnS?Ld6~`$H`bDQPR#h!R~d=dpM|Qs`u7ANVlCG;G80cA{?S*y5oq>0#t4@Q#>j zclj2b z;M;j1R&tUq0*1rAVchF;j`3tnq=pE?y6f2rt5?fZSZQ@aNZ0bhC^Z6t z!$;sCA0qp_M=~ogr!+n&$~2wU<Ux>)c5(U<>^5`k)RBU4f!D^k*-ry`4P+cZ#hY2qNrs&340l~^QxF!1P&Ql#f7>} zrsPzW_d~eFcgEreFEP@I6w-z0A;&}`uX^4?hx5)fKFUWUWs_vEjd3jkR@hU5AO{&M zhl$2oK2Hij;Nz=P8-|Ldoftuk@bNEh2yh156k41GmF7X%MGC6V*=0lz2g~0vNS~^M z(EGeHSZewKV#?LkO~%hoEec1EgE7Igc?{W+02qc2k%!=@gcHM0#ga=bkV0u!qA@}2 zl>H*HVWm&u8?pZ*-$sT))g&z1sh1TNj~?pyAxv9JOU1n$KL|`~4s8_AMd&eFmx`A2 zQ;Vdh`nF?>0WiZlb1z2%r1_vhz*-ECc~~+zurg@yU?<9GQ|8ZqhQWLY$_}=};aor` zmMerc7!Bb3g##p(4~1A@4CzAD$fp=HiGR4@1vo1ZKc|eSZXXJ&&Ys98V5d`XDbYuX zdhjPWUp!3bX$mp^98N2tbr7KgBmgaF6IU!Y7lUMV! z-jw5{;Z^!Cf;L{kIU{o0Q#{s|`ka1|9$0 zRH!}2+Rn?k#c=~;AjXu+A{4A!#Ka+!hx}|4tBs)X^TmU66^E3MNXLM4mMdS9c%We_ z-a&)Zp7RKfiMjJOA2lvXB(jHKrOONdY#6`|uyunI<>(dW6<72M=8z~vA58!`TANps zHEX^oNS3>->w4l#fVWhYjz5|u?=ns9~eK1#oqJjf!FMoU${}g!V4s+nH=YYpO=ipDndgHsbf9 zgwNq7DJzim9ce1Ni`^{?L4nA?nj+PqYHiAVOCWca0w=}&;I(2e=}A-{##^(&!P~$aSp?f^^!LYI2*Jr z;zx$OmOtb}8JKt*bgncC_Cz5+TD!qU$B5r(GYVKI`oSSx91fl7xPSOm6G4&J$i{-O zcKxqGU6n*xi;7Zs_WiHZtzi%dz%X5y=%r5HBCVG&Bm(TYd59@x!X!v$+9+NoC_mNt zSf$61zs#YYt+wZ#AF*j#Rmjy}Uf|&$G9$Cb0m`bL(9=*L6jowFOYB-N)s|G3#*Dqh zM2WnyQQXm@GE@71emugf7st?kl=T5^jVwapZIOF2-c2(!{4a{@ZLT--fg$0T&DOM< zFn;5Z%3A2(iS6ieg(JwMiFK|f>=o-Ww?{ku+Oo`AK1EthZOV&_OcNVZ6y}ZCS*Ie- za#<@5SPL@>Lq+d_Rmk2}a}Etd-tIHCSv&oOdYwD&j2M5Ng&{r6&Nv0?YyGuw zDKPAy49s{02kZ7&U6q`!NM>oxDd}0^qM2(Kmf7dJh0d0O>2;c#*$!{O+ZrSRke*Q& z1IRtcbDhncO^Q)UMDOPwj$TlG-Rzy%>yHcw0v_GvR|*s_XCK1$o9hpZsPd1d^x1PN$D_Cu^q4|~;U#oI#`6sj=yfhnL zi*jzz=RRh+cQj})pK40aYtAYUHZERB^gqpi5+ILX=^fpce_Ny6otziW96h>0$y+ZU zw?RYaFRUF_&mMJl2((S2>8rN#0?7@xghCTSG8(Bn?^|TH1sW6IQfSNP#9uLeWum9c zYJb5_$e0fLEuI}J#eqq9r;au*oq@#0cj2`Gh3LTLgMD1j?1r=m@vO^4=kI)H?L9hh zb_ezwstYlH-~+i%;9I4i17=xkz6P5AvYr6d@^Q)BHYeYPbLJOn!eII-4+FVfY)lkWs4n1jPIC zTw>|c@)owfxH8Qva)A1P{juJJ@?FxeSFt}ih0#j~vxHma<#f=Rx7R;x+x^1?wp6_R z!r_bwud4Mq5Pin%Tf2CR9tx=SG5o2Z`V{eiRV~M-eK}|CDclh|dr|%zHt5^>o`0AR zQjr(mujCz>i(MyG|7d#WrEF2I_^)2$zqf4}m{=J8|Jn!3f5Ee`{7-lmtqGe8HiWGc z$}XHg=qTdIw6q>fW@%mL=Z-~u&+3m z>p91P{qB7K%)8|Uf7=b@`M9g??EOBv)$FQ(_5C=x9+}XVV_U4WtA(TeDe8W-f&+No zyZw8kD?2Vda#yqkLR$Br%)O`j@qW4wT3AxZ!gPyE>)Yw+)Bb*B;6iu4{Z!(cV>b?- zwFlA$=Ci`q-JoY?@uwVL2>lceYlwA`F#65k_0IQ%T$hCl@ zY^c;NDmq~8^^Gln#~mA^6own#ZAV;VTZOm*x$rbc!MX0aX1Rjb&!C!vsev5^1IBy| zhDzp0mL|?B=f+*qLb5rt$XSJxsW}GHwvt@5c%`}v zSy?66zmzh}MsVIv#dSusx&t?}!(N4jxu!yd#WP#fMTj0lE)03eiX%mcka8a=7t#rd zci^;U#7K@{r3PPYak35YWJ~}$Xrw$Ui~wYuuE`-QSo-(aM8ZD~oeTkW5QBmX(Q@JYpoGb(3dit!w(CWpI zu)GWaq@xbLS#`h+hNAica@@U|kTeDPm<2mP#1E&{z3bHN&V?;%stdmPeBg#qPX|FN z$a18^o9lRFm^B>;L#&l=(eFXB6{gttmaNdBm&3VY|PmoN^; zr_}V&*3p}rvQvEc3p*D+yq_T4lU=w!@LPdz6~5ID3lP{a9q|BI0}P1`NI-0q<}H(8 zjN!NTeKH${eF%DqmjxcjhorFcKAs#$Uk3~; z9`%wIaM9Gpz0}R_s53L@9GgmnqS~t$bVDRM>lB<9h2t3h0*-yKL&;H@Can2RKm|4G z{JX_cK+@l&rQ*6sr=*WbUc~60{0yhnI-PXY^+KzN5U5pZ`2Ku@kD~G)Y`_mYQfB^6LCuab{ba@ z(udTBmz$ZQoaukn^TDmT8ElOMn<#sbP|S4pv2dux4L|%+CO~};$CEGTKSrYMr)zlR z^4UK8OSR18tqfP{ky}rh&WxkT$k!iqSA6V>HrqK8l5V zvrR7ncvBn|Cvj-sz%%q?HTr{rq5sQjRE|;#KsJO(icM|%$bfX27EY?G3g8%OY71`T znw&7Xvu5!d3rW%^m|4{me+B`Xn3^xHONKDhGmwnv)|SScr?})%2}ezsOpiV^Yn^?J z;7|OEUzD{A>n{l9@mTI?R(kHA-fU)0FTU$o7KL7XE8tej3;7TQimGjpBu*Ub@PR}_ z$H;pA4-g2OFRda%dW*1@*xnSJg>qkFO#ClRuyj>_2YQn1@74wABY%YmYBKZkjM#X4 z#vI9G1bBXzRLf&J&LV>)b9|Oy<7Ilm)Luq86V0@d3^k8bg`6RZHi?lMIigOPI~Hhi z#Y;u6$3OeO7zZ6(;#Vq{ds^l;T3EJ#)Od*oHE%520$X&tkKH_1ox8TOJ}$6qTqzyq zHUXXoz_D$fA*9r8RGPI-nlrN(S98Y?SlKJ+{mnARlXQ2>LLB%dP5K9sYbG;hX%ckp z%M{Z)cox^}xuB=xZiQ1~IdPVk3w~2KmnAG(X$xtklx_V)mveU&FXy034By;`x1D#B z*2=E!7oeYO{An~H?RB4fkxkNY9V$J;_A@xQ^x~>@>K;_Y2x>kT#<-YbW;3uSLKUBi zEv)qnN=diwYZB@`1vddg+ibcD4^2YF&#;NZ!Q3WNjhA=i=PQh#*VtWYxFfd^vJ>8$ zGj6H2>(`StKOSzRpH(Bfc(-;mF7M|)A9#+HoqR1dbtA5IZS*2(OH}z#K(BJ+u0u~` z`JQQ`>&<)SXf8Ti3*Ms@aiyM2AzTzbQxAH>zhp%pXr(&%?=de@%a3Jc?lG|uWV~oH zdJ!%&k9(P?Z2#zrI;y~VEqsV?=9auhW7IGNXe8!Iq6_rHbNuPDn9IYhAp}^UHVe}D#l*g z6r<&U;feENBjp(@i2w<*s~9=^;76|evHE91Tnx$*1EA07*REoi|4}nT2`K|oj)9C9|6l9%m-Ryb%~BY z<}FUueF47op+TkGw6=MiMK4KOBQUSa}h#K+VqyoQtO; z-^OE%_Z09J$alzTCyy;+`{4@6M({&(8{KYUP@{|!PT`2(T(_sqREMMDq6gzG@i1`3!x zX!Gw+2k1ZDNay(pi*W6p+_l+yC{mi#$r6t*6%Xzz*bmn`oxU!RU+&f}_!(O(J2(HN z`du-UJ8ONnxw&?PK@|fdz#Bck{t5M8HSr8?-Q)IRCF4GQ&b{#CHV=qC{))ZzzL@~v zIw-AY`&>E6z0UbT|4BW~viQ9WlgI*(w&QjbhD7hq{lSSSvaCcF3!$$C;@V~Ua2kfy zz*Z(gK4*m+(6L0xr;gccMWpx?a=epwF1mN8Bgh|^yRW+u^XoG|<9cDiFy0dvMW1B~ zEzUY+w5A+3Q}d^~+GDJPr$Y0W)&q|fJzltJ7CyT!d&e)Za_hkDe@PAij6NY0-ki(1 zMJ#P&0;=T4kz&%;!7zgYH|PtvHhb9pD`{8BZov_Ir9XJ0EDpRH`50E0gCzHjQ9H9Ol^ zL>~)}NeBB1I`L?la0@bkO%ecoJ3*SWHQTPZRWNN`qGl#JW@_wXG^^6}q7*B(V$dqJ>9$DR3qPHQ1KTl=^1d+H@I?ZsE z%(_~VJ@t=%00aKmfVhZqJ1lJQthGod=PD@W-kapyb+=NH!SbPC01?<5v0#uPPYB*> zIr>J$$duNfgwV{huJjUtC!vIC;AAubwcp=#x3BdLTw`VCDyYE7&9$s!qzv7DWWf8t zuidz>@q)#~9SdQ^Pz4v`&NYP*RZ6MgF+Ld(icd;jyVRU2IwIka3e`cB8JK^I#_8^0 zYjHa*X^$+jkQNfknLZ@x!*4gH`AxBpcjsRh_6!iRl!i49RuuV*;U~GGs*&X7&l#yK zhdqPDaxE8Qo{?}`GM#Y^XC0LPG~RK0>Me>0)w?hoX!F2OQRUQ1TIoKsohT(L-lbv* z*2Z8YvJp)rP>gkT$?B?Rg=9j=RLz7Q-a{tsmE!gh2bst%%9tl+439O=$Azq3%30SM z;zhxjf=rQQ%PmxLyP0196XfBng)LkK%5;z^UNuOD{Lqa8j5#J#(e`hrIi}$q$g0;m zRU;H(5a9?|guDjo)UrPanXcDDxGf%#*Rn?k^{x&~`(03I-0x#QL_4IN8mVd%Q?6aQ zDW-CaRIBIb&meY?X>ia5k(rnYg4c$UYM?CY%uwO<3e;MI+5V#`6Ol|&0Vz*}#VZq* zvkaqr?SsJcLhO_O9C3<+K{rYHmS;Lk+H|L(?=El8(7$&8>F((UV;^W{PQc5Nrot?^ zNF^|0U6gce`khZA<}G}BoWJVC5tin_W=ZgOM2Xs5+o}FuFFx=Df|Tw|Lf=ft0z)NY ztk(}`qyNh#Mmaj!TvMb_Wu#iD+&#>FASou^Mxi}YO#<%dJW?El$D0jq*_LwWY92Kp zz}rYaD1H;CflE5d2dpPl&XR!kQrB zDV1u`H>%mj+!z=Wovss0czDh|x%O?qDylv`rMqKJ&gXpP_)+Zm zG>GcVg=niHWMh6`zpPGsGQ~APQhd8O$@3Lm$1j(1 zq$DF5>q(LVwa|6g*8nGrCF%}_Hk!#A=vo;GmCP;{@^+%PEwQogn$9R{X{E%7MH50~ z^Zh=W+zx3$WpJDQPUv7MVVSi8sKxgL++{J!liSc}OypMyrNaYFx%i)=4v(dE_t?Mk zN=1qbJDS^>VUrkEMfj!nwnT@nq5{)e9RmF8rzdKky~TLer=avbw2%!7mm>TAJG9`WJDoQfmTb@ zGLpfor)dqlf}_KeAhsVDk-{GI&h?o#+=H}gSD<~hd#JLRFGEMtQfQMWM99qpiMkAx z;h)ipA3<3LPaCEBNTnFHx8Wr>unV(Zq9XO{U!D6%sgr+~tM>PE4m>miz1wd}DK#Hg zN)^&12A=*-#5L7emVZ%Su}NnxJ)=;f-l5*NC$GB-#@ybaHv6YEmGm$;SxsFC*(Vd-Wa&^)V)Kgh0igGzCAfp8j=l@w+QR5LOtC2?~6 z%}at)NY@ciV(BwKTPGtqV+e0-J%TPAj|#v8*CfXuEKBn}x^dp#b8iMqes4B&zTezTXu`Y46+`g*>c zg$~^4D`9Z^*fMo_` z3m=Gv#G{G?UXQu3i;dtF4$yo&NwAlSoHOi7)>6-Yby_48*b9ySZ60zqfd1Agq55Xe zK~)_$V6a9u72cpi3x>YgU1*eMS`DHuAPq&)GsG$uIXfl_H5XdDePDWhOZEc{A0ZZ= z6#oI)$k6M9s04DQm04+=n?nH`^yM8F9U9F`&SGBjpUeSAwKY+g0eIHq5LS_b4$_@5 zNqa_MvzIF@#SnxLCt$qN>1l@5PZ${`M0d<@gY|}{uPZ@P((j1`mry;M2LR9Fi)+I> z`^mEju|SA4Lt8E;96ZqRVWH;SgOiUs+6*4ye1hYOdjCbK1{k=#lZZ7!G2~Otz%s>T zYEspo)CU;QK-a0$a>a+JrL&@^-3RFPI$DF`(A4kbC>+}UYQ)O%abs${CGs_c!Ql&x zcbwHpu$p9v^-msvV4!p-0$~InRv4;#noHg=#ndga(|DFz#+jQ1o4i`!tdpS2%F<$D z(hS=)Aes&#=TOHf3EL$TzOarfkex>1oNZLqPuH2(g;BfnIF1DC+wA)*Laqr?Z44Y^ zz9053KqBBI$dmQppoOvFjGj{56I+aC7mQd>Gf`Ar1o#AmA!;a6Nzyqu3(X>CsyQVBbsGq5Vt3Rv3}V})uYNSRl2B#w(hf;wxf>1Q*o#rGqpD_7n-NNR#+R|F{*v_SUU+d;`3LKg@n&sC0dW6Si+QzVaiOO#g<@N z!?2@qbc+zRfX4gJPxfnG1P#p&qqdJe@yV)>z8EDNb;24uEkNDbGhy@xE04ZeAnZc) ztUbxV!Zw3$jt+%TGxxA4;t9AdWZo02DU~G>zKpo(s5SvSc`ZkO1Ik8BNL72lNB9iT zE|)ds#=y)N20a=dXrFs!A@D*GER2b|`s7YZE>VT3YcOSj6m$ers}YD{dJdIjfJHfz z{4ZqDh+-gW#;QH)1;+~uf%ZV`kro}&%wnj4qJBht)G2y$T#G#2#psS&I&z@#!ve|5 z6gr|f-9J51a}$%1!ZNU#<)+~9P%;wSXY9#dLby&M+sHxdc3z^v0`oNPV1mgfV=rmx zzl=n(*#1wUP&X-%r8GwRug17DZxJIJ&VXdAXLnC} zx#Y%|@puOam#Tth0!UG!DDkFh9#-j;`#|f{598o1-uILB>p_+86*%a`*P*zkQbOxSo7c}BhoG!gIXc&`GZM8-Ylq~(6WFjWW0 zU)o!GFvD|E`gEyve7MDD3ubv}zj*=1oxesqH>!rQ=?PuEa0zQAh`qr^J)q~^iBG!q z48FzzlIVy|g7wovs>{ITjhWW$tukKH2I|-Hh9|L*?jcBeQxvR`liNh=l79s z!+kw6Uj*E$uZehKaI2a^qYNe+fW^aEC8h2=vq`_Rnevm!wwLo*4UY? zaD+<5!e?y~zz(qSyTY0)rMC*~xgM%o)M$rQLms%U%K5~Ba@_wyJN6~kxkm4Pf%!As zn5w0yC;wdPk9E}+@t(eUrOo1WC+0FW^cop9tU;#TxHJmwIN>YK-WBVcwxPF`5>Ko- zElWGg!Zu=ethw$-`XJYN&+5~NI7on4s>u7u4p{rz-U!Q)3Dqq^bB$8oaw;D-JR`Ss ztD9T-kIfl|ySqmzL81&pz@pLNBwpBekUekKB>aS7h#A*BJ`fWgqRh;HOM}wWPO&pF zu)^e}jzode1NG4UQgwgJe6nh~ch4BKj_9+{@E{ag}I9HHhNi!3nj~aEmM~IWbv+VKENIVw$QzWJy z^rwUV^Di-ima$Q-WP5(2fZTZgU{6CnmBjfTnJUZbd!)aLVbuj^AqQ>SF)f&OeeSWp z@U?DvGK>6rO@?QhFLfRI7u~b(_RuG-)!(VL@B50qML*uQ&9(1d{CC~9FR)AB&JD2l z+AbUTJI}Rmfzhee@0@+tr|<8SPus2bzAsAB1LnJ{S6}OwV^jO~+RM*mSAr#ms|2)E z`^I|}5nmS1+?F;L*B!_nAjche56kWCo4qSdZrA#!>;rFdQ{ENR$PHx;ra!0CtG-F~ zqH!MH!#)4Jd1J{&Z*)W2kwsZAbW`2ay2NH%)lK(z%-bhyQER$qhqf=>0av%Z6vde9 zXsc@)FTCuS_K)tgSAlv?Mqf)49iT4{RBsikHpY8Z!{cHc!@IS!kgnb7>79&h+vwh* z89~b1R-=<*ruvqfsEe-Mj7u-oOVql1pX}_L^7c7s3w(eGH^y(@*Tux?%bnQJZ@`Y( zhq?bM2mig;$H2t;pK|cu>Hq(bgRK86?dFgTw&z53(cOPMB7tg+ua8g1d36H-@R%-b zW16Zi6x4<0{W%rsG0$qOhA3O2gVQW;-FN~)*vBhO*SS)Y?c?US7d+S(>ohR;VXv0g z#^-ZmkN2*Ityf7)DxgB8+OL`%SFM4Cx-OOgw4NL@-Zy+ z<@0nLrfd1+wG0O4`|}l-Rd$B8mueZ{!2WHTK$daZkrj^gPw=h60S3h+EEv*s)N|Hf zH~xXs1q;SNjx&26SW=$?eV%_8T?9~!9w9^O82I?O;qm))vqS}mVT1UCK^Wzk zQ$4InN;+0?8*=#gt0hrY-KX}I$2+ht`!m}gQ)~-{Kk*9aSQ&)uU{=zs$o`IH3!Rb5 zu8z+Ez-{xj>1hXuLF7V-7YZ*hzj>DgHhRP1DMlwMIOZB#IIqkOkyqOfsV01vQS!2H zEC)R&XvuE?3)`cnfW zg*{Vo>;7)J!?9WfZHP%3rLjTLC>W%9`vQll);A4;b_N4LyqD;^R3(GJ z2`=JR>ZnPVQANLVgbGX5dK1cUfeGs->nddVlRO0-QY|PIvys-Q@D0W|hf~N5jm6B9 z;P#50A))62C!Q4|==J&qNh>*H0FANw_fJ=v8ADMI{*nm8VALP0-D&|?)(Z5&Z~$01 zN6U3Wfg@l8t_=81&sB%;)tU_aI>2OEZ?0gu2+}a%xo85Ui6?2H<6{v0jr9zCNOxqY z4I7sMsqP(vU=MwWhMo}oD=A01#_TB0r_U}TFEr(P9&_VvK^#2+5+0iyIcAF0hw_+$ z7-w0ng%3)k#Rg;{jZtlpp|eeF8_U2k9j)HJhpa-Bu{aTtbj3;O9=W1WL2(u4xJJvu ze~~GYnZPKSg5_Pj zqh5q<9ODEtDy9AAw-xgH!Kd^w;P=$LJ-Q~{X88)`lUW`{LMOZ z^%2yx61S9yg#DEM@Ysr3|#cP_|`j%zw=-)&HSblY5$%42n;KZDT5mFqC5v&rL?{u0LF7W67< z{A&TmBvhll?DHb555prEgx>Op<@T%=@xg0@Y7&&wx0>8oGuL*D`kmh7D!J# z7fXbpB4-d&iUT5}GH#=xQ`P7prpb6*JdQNkkus)}GqdF1XsvnZV|IdZgV_ z)oEFVLex)JRnDa{;2R_eFQ8x0YqNm2rRt^48p&Qc+wWduWaJ$#Z zc*i;{S4W!3SM(~g<`C@QO+ZU-MaFf`Z?j@M297bpR9@d=yZ9wxLqZ?M;~M@Vy%KML zCdW;F?pm~5@IDOWxq;I+jo;*{Y zdm80ZXf1&yuer2{w*iwrJN8f0#&nQ@N!+)i?SnYfrRO@DV>52eaglEJg_AL5{yfer z-?rq$ZWb5`A@e+n(pdtbKH0p)(rCWM@^QRYr1}ea%~-T-Q#U&hR$8;KYn$amOXam;KOz$$qTEkg@>ah8aKg;&mw`r2HD`4Wt{>AM! zrHo1!ud00GJw__Bu^-&6IL(p{hWN;4-8!V4WW3ad$=_Mmlt;yQhak(7p)r;1Qn<76E(hF4BqGeeMS{ywf_bMVH zE#<&0Qce7VTKLq>Xkl4-Z3m{YQAuxMP<<03Z+U*wo$($FFW#F(T@J`Q3oo=^{w0qn zdZrV)bmtWZ)u>Ko2YGB{@K0O+`)IA0Pz5) zr13^sUjbji($oy8Olj>r(<}&=2dKQSmAha?aoBN2#5QIz&P^&`IZX9DO0uSoO}eI-JL^m(e1&*Al`5-gjkl?|Epay0uOez+bb~ z##iJEHirk$x0Pl1C*ZdeF|`xY3v9@f);ocqHM&DR@_qV&?Wav#F59;Q(bx0RX?gFO z_b~CodDoBXn>y$X>>DZ!2}Wp}`h6B5Z!#M4a&+sP6zN9w-{kMVH0}S5dFlT{{<8iT z1P<%}hQJZGrDXl50L6|7wS{CpocmYK1jNz8aMlCxW~ zmfNQ!@Q&YCEfEb}lD;xghSz$!VOX*C6Uxx<%bt<^{5NxwGM9=5p=**gv;#2_iVszHPbzEuD$_4mcB-S46M#w;zY!tno_N7{oL}l3L=QkH z$8-;h!^j9h7H>v_Z6PmLp)0(G#exr=4iDV32OGwpwu^;b0THa{*MBv2g9#}F^8@Ot zG`)py@Rf~T$5pb8U*O8SSQF<^AdjGQbBT_Sn?2^!JPi@`z?f}AGMnqpet{~(%{LLp z>iaGb*?Sd|Jq@PmL*x>6x0huA%UOJme=F&(rkEaGCue>E1iP8Zmf)L*^(;g!3)e2~PDTMZ61 z5ILx^aml`k8Q|Veiwt@si6>+H`G1U^Q;=-UqOIFnZQHhO+qP|MHCEfUZQHhO+gfei z-sjvu&VJYr`=uhPV$P_DtgM(LGshTTbUf=p1Y9Q0C^0-i|K%TN;5m;p9CfyJ>6AR} z%nAJ?$s)k*$gWt!vLoG(WyHNqnHx97*t0Dn>OFl*o>v6jsA1{dX$a=$%dwEI@Sd$u z&pXVHf!t|J)kyS!@+ErCmH>Prr6_P;|49G{Y@`@j0)x?B;V-S4!|L1aFdo7ewGXJ@et@%*tFRKn+31*+F%#bHbJfsH2vNMK$VH zDE2GXF3!uj5XwMM5;SIPes@mnlw+@7Tkg=l8qo2ImbAqC+iF=2A$lCR&I9G2o*{Qs zzb8>Kz%*bInK%++Ag60l3V!_}t9>@8c1SX;f_{ipf0DNwvl0_myB4m&%^CJ1EOolH zk*C-_+B~Mu=~Ktxz3n6b$;@3djE;c$xEt)^Vx+Q4X4Gqk)KI=aKK;y}#>W{xCjsY& z=%rL{X=+kPkrX~X77jiG#NCAux!;4wn@1Eo*PYu36)Y(F9Z**g8j}l)lN8Q5#J?_I z4&B_QQ8o-kjr}f(5^Qy>Ef>%suJk5Fxf7gu7B6C44%xm`t%7#m`qPsWd9 zN9?Msk~fY19Qk3~2I6`j)sz`B0-ANcg$(e-E8++A2ndP|AicEhs@zaXZy0+7EH$C@ zoAzFdrJYXF*?fUlm5G8stsZ`DL|lvoCdbOg)oL|#>Y;)0AxXkK`qMyVHMUB!*j*$K zW+SiL;*Mgoda+#Jz|Js;Ac0Sko4g+Z>Dk+KjeD3Z^}*qoJP>r6qWLMt3re<9sBLt4 zN|4SFwPe7_jlm4?uxeW24PDWq!y$kndUu{ig3XpbQklN6Z7BCX z4pgGeQiI)%>MozVSa5`1a@c-_v>hCS$$eD6N%#{TW%fu}#b=aIWFr*|RSP5KwdqN~ zGH+w@@Yv(MiirTGe1-wp>ZP6}1QHDTx3kI1@ryhNCv0R28xA&ilT-$^Ei};bCSfv= ze3!eSI6`i@8^KZ>ZM8ChHXJZPy;?}!wSYH&rV8tNBV}T;N?xp#@UjK4wunkwFd#2P zv_gfJg5p{#xKd&uN?+*-J_5KPY$EbPg!$Rp;h%^fv)pk7^@n*aidZGMg4$0q9OCq} z%-%fug(QP2XQ4@AE#?vfwho$R~CbtMz0*pM&fQaY>+z z;S%-vDPtI^Thd{^fx%naX-0cQX}p9AYCVGJe>v!?h}p*UjK;K6_!w#7r# z>dkT`h@LVe4V7sP|I1;AX=0lwR93@6fC(GF3k@cunH@RNNShKykis)HkRC*3DJ<{q zY+{(umoZ62fF?_PP2CN$6Rln#GHqla)Deq821flK?mCf9PYHdMA|>F;2;N@rNdT+i z_!yeu;D!A|e-70A3>|yVm0~h_lL+Tp{0a!r#m{Qk0F|~Qo#eY60}N;2Bgu3Wxcg!GIUzU4*jUX6+3l`+^NE7RC1;Y8p*@|I&$6O6fU(e~v zjBL-c>Q*b=%57!-IoDjxkY-M>kIngs(tM4~l`r&Xd;a3jrA^RU+4~{iLO)O6rDutr z=EX0ZpZh<5!+)-WoVLu>JSJ+%?$dr#KSp@}mbzzI`O42?zV{wdz*m5oP_%NmXv++q zimzbfrKPQCQYWN&NQo2{n^$ioJra@(x0~Y|i1WUX)XsR5{Fu_%F^qdQ`>hqx75!*4 zaX(u&bp}upB%9r?9MY6sR-qftJ^f2_+o&NZE)AzRgGXu*lH?Mt>FDiy( zj=d8=)EK){K7GZz)nNAD550c<$ewMlhpurL22>rf5#*oo-6p?g`}v@K<7L~h7j4JO zuDeC`3w5VL`q3BY1Kzr3{+_kD1^qVJ+RkbHy`f96x}l4Pp~k=~$$qEzY5xJLxupvt zakO0QE}P#U-){()IAV|!khz>;qQ8giUJkq`W>3;UPH$!q_~0r@Ij%PyGaa#X$L&8ohHG%!FKrO)1|GmOn;!ajlIdV6n!)S2!2wrF9AAwSem zC()b$fMi?yYmK|{q<_C;>l?s5K?40hipPJ#n&{^! zeMRlmnjaHvg&3b$UWW$f*fbXa4|?bF=PVuUa^mA_u%8BvvZ1;9+Fu`^h9S+EexG6g zPNjSa688J|%f(Mr2JQ_$|A*N$GC;?N^Cew%e*4^m*Uio6hgoX}5VUf#1NYt94|u!K z@B<=Cn_hUkGsE76qEa6$3VYJ=+m z!=bC6!o^~a4Z5g~tz-j^L2jSn+qIazF_o*=WU&?B{;8ZhgAkWzA>Ae#?phl=n{2*7 z2`(6pRLXRG6>CXt`=Pa=G_aadUyGD@M7VKKT@gorT*8HUY-rU!|4I`%ELo2s zLe$4c4lkiMbP2l_aP0Ril!J6Qzpg}KknlNCu6{#+K9bN{GrE>)0NiqJiOQUgHoXV~ zkFyD%0|ZZXc8M_GZY`#$R`G&^bhe37yq8IK-q{Ky(^iw&!33d6*QStk0*dLXkr~cn z0=_YKep|#0)L)|C1D|f#r05VzBP1ZJk*x%2+hOGci}0$3jTlRP1em6ynfei~SxJq3 ztB47s=Z76y=gEs_f1h8yi1Fb4em;;vN#&&QCQIbr^C57I~_7jjQ+>^h{Ly8z`ADhEukv6b3 z%XkqXZxbXqX6y|%DlWEE=p~b5Y_|b)regiTsZO>0bC|c;x+HP8y7mQ zPYsjs!>nnS;sA~EBA`mfUPX@%58&dQ;G9`u-D7kzz)9!w%YFlqk&dOuxs+kHPMrPn ziZLQyB2YmqrOgYco$}tpFD7W+m)rN<1Oa$vlRGGMv|h6s)4qFeZX28*+%Bq97vR22 z*f7{F{2Ncd2yO}KPU0XbE;kh)kyj0fmO?3V;OKl(mz)4Jr+B}x=o36{l+t+A#u2s1 z`d8=LYr}v1#JhXJ|IweOdehWdNJ{gdA*faM)q0{*_c&d5I`Z6DwW?+}IQdoiK4VnM zOuyjsycSEF1Chi9I1Ay0BVtD34}Ji50x2KV-TpoxN9m@YPdor#Q{HtKe1_kE8);i4 z@awFCEpq+XVS*^zAy|}+t`5Bm95Qp(BoL*>sf`dM-nXxTwb#ej=nje=3~C!uih#c8 zC`K_cOdyqR)Jy^ZEQLhigu^+E{EEjym@W}k=1}5oa`WF0a{`SUhs-R_WA9aN71hlu z!7DJ@0toT8LzK5HK<#-dg6g7qmLP~C48#-Eh;$^~0n5}G>I!lmiV}T{)-lkLV$KfN zY)>$As21g~)Q)uun;Bf{h|S(=Q-)rG}@ zJjiH&a_%aRGhL}TssZa$K!Gx~tyC}G53%hc7J#R!r?(a8I|BoGEYIxsnTzZ;w&FCE ze(O94Ol-7D(`O%+rfYoswSHU_te2U898J!6u+Wrj)z}WDDRD{qKL`w&?&Z9}bz;&<``&ptW|sQQlO_>qQy9#F$z|B~vWx_8i+7DHH0|6s({xSx9%`!I zzP{0{dTXpxXuXj&O<3QN-xqkt3y*R0z`h(Mw^>-4yYy@c#Wy+hEHNYBvSjl}SslKh zBlOi0;o*)*c+w=YIp4BCYk7GFk->)CEJ6;60Sn7DJavMMS8%XVOj|IfwQYrX(y!me@a?_qttOC=Du|IE=FkZ2-%nS_2|jHJEFO+2Yqj=X4UV2+ER0Yy&Gb zP2289CCzUBmT?-;ZTlw0uFmk!uJ8qjFeMLLn+pzCWRkpH+u&@JcT;l)cPCnaN!w3B zSDfefMmlJ^x9NbYDy1Q!4vdGj3N*Fa$uRDa;VzB04^uiRnYa0Je6Vt}n42T|rP}DV z3jB&2&*Wq#E+!3Tc2}@?uRqLSS7J-+dVc&>2dKrWv-xqznc&kUw`Yh}uH_O1 zEIk|>M|ebWytDMI=(Y8@$BFm2@JrwChIEChM>Fj+jqOdc&_3 z_p_oSW_oI~EbOQ)dS&scv7MA!NXd2Sow~MKtIQid4%Iomr3H7>xnmfGyHRO1~K2?w*U<*bp5vM@WE_g@vKYj-myVZ8^CTkkze7lH6@6|pnUPu)<(E`niW zStaK{*jR0pwp7?oA2nJSXHfee1(7%9ObA6Z?6OGt%7agoG2-dTPH(n#Arhn1-c*coXmZo5; zNIBz02If$aq{&+)>P|;M^LX1C@RbAlVlR{BE&XZEcYnFak^K()S95+3u1`0wI76Q{ z9VoZnx6j){1h>S?- zz1PRRmLUSk@d;(T`~?Eb^eGig?W(*EoaHZWc+UIRwy zO#@fc?$OyZP;^GsGjn}vUNALQNj>l9@vuR7Hrhf-HN7887Cy@Q;T}8TmJ06_ ztVT!%2)YT_I)R8mdn>F+>%&FQ2g-;(NGK{b6Cq!VHj3@m`KfWZ`DBEf9re zqV>a#-hRTr?o{5t&_pSQMd${}5c2{y7UFurS5?Q>4iA)5iOj+hM|FA4%8y|NBkiVC zI=m&i>8AAOUxFpB4C?Rq<5-M&f!iu(1TFn{8jI>A!M!J1O94qOHjyRp#Fze9-Qr+e zNxIbM!u*=DcK%g0UAuw5Wf&iOKH5Qpqi+KnRuMyVzt+G(MrXRWwkr&OE>#$sg~r9E z{JuWmf!fxa01PQMGbrqBVUMh4&Bd#>5UUQc&S1E=sB`CqpjM}Dlg}#VQSV&980SQ| z5vpy9RI>@-pnrrnz+z{K$rA|;ce$4zT7Nz7hG=t#{t;{Z+sl#B6UD#Ktot1~NSwQn zd=wh%u|G~#qW*|6Kxp~E+8dDwtkDk%cm^255B)h`RYV;DbmM6eoiaN%4e?W9S z(jZ-leKH`slr71ba*cG(@vnh|_zJePd&g8_(T;zABFF-3Hu5KRLVM!kqb?@fx>n>gTsxaqz{O93Jp z?sbtP5Hbz!`f&x|O6(r^XK_(%97E^0AQJRBk5pXZ!B$X_57Dm^9njp@HwRn75!^1Y zF_Z3_ga{4Hg$`0w!q9;aV=d^zL|X(Q4SB&{ETodsGlx{~I^`o+`!;k6#EF&~LhbuX z@ES!_?_rg|&333_s2FRRwXcRnjomx*7W&!;`fq8o1Tku(Tri7kQeYeUF+5x&{U&|7 ztD1m>VX8;Phs=PMGLJ0c?cwyecewrhjzu)CBo{=r`y%U3}6FHg(R6|?Zu_;@YH zq8a%g)&pQ0dZE?SD*Q73B3ffrnAnMHOWKcQ6rmNcj$Xf;V(Ii?2J+e9L}z$+?eY3Vo|DVR&NpM z&X(D5+xt~mEjwOk$%;%M)6g_^C1t|0`**YfaznR-m8Ye#)BmguWqy=N^wDE6DMO6b0U|A zKvkIqT0sY_)!JlplSV^S-S;m$i)7M}zM;k79wweTTTQUgrB;{3b?I!$VEME`7z*Qr zKvT2@)Umd;%~kxS-%^N{^^ot2Ju}tu8Ot(g9IpelcDa_Cd0aa{ETs?~1z7vPQn{aRoi=hZvB8LYCUAwvncOseSlVmu9}sa7V1xF_WUmWIIyh) zfS|DIR6jqo z?d|ozm9|i2v(DM3{z;KvC{8=*+pHBFb{Hq;(DbGYIz>?(O-?jL5fqg;S>0TdHgs&0 zeWOF64t$exI4gGttR`}kF`Ic7S+p#N`Q7yiVq-9UVhx3lSnIl7S*e6KZ>JK@{oFTl zZi`C*Xc3WPKVK6h3TNu6k8wFs{6<-RkexvQYg&!((zi2o>Kv|Di_SS8Rw_eMh16ML zltSqSC*9ss3>6^Np@jm)&@FG8bcfHXo9wV{!An)aySM5bYV=EPNRo&=*W60Qn zddUwryAv(Ida8t5{c~7gQLQKO5qA{72eAScA{MM=7{3(bG?O-^Hu19Ih^jn z)uqA!c}cj19vBfshga+%?VpB!R^UgoFdQ^${qq0L^V9fphab+lkKd8~1_zQfh5nCn z?H|7*BNIEr|83>5{|DL;`+r3{(v+|}U`771LB44B(z3-N{Wc>RtC*Ynl*KGG7t z_1uHo-O1|=)Xo_;v$EsH*VCGX+_A#fgHv_={I*)Ei!-G}7gK!ke1BTH#Fyc-gKHy{ zqw>9RK?gTe1E&Z6OMDA=-5azkAzl?8%5+i84qt{Oo zvGG>B5eU}(vS^CX2+?TI5|^L7J$XOqvk*oXg#+ZS1n~17N`PlQ8^F{ZlI>)K; zA^9QuFaN{u(U0|@?710FkTQ~w*+xdE%!r7BqzfOX5eP3OO)%p>tDw$BC{X$q4YGG# zP~oxhB>=-?w~RjK_L7al=A?mQJ9F43@Y{ANJqQSsnP0^5kn8^`(~ z5;s-ZT2biPYcyv5p6y!D*9vTExk##_a6K;kB|IUjF6o-W5|9}p&EkvVP2_~4oXD`GiBL8O?-d@C`E#WV#*D~CFmVkyB{*@j!*gYeM*K9ZV0cLTK&5cyl(v2*BLo~8C^Cs4Hqh#V zAR7ot0KYDOtL(enszb43s2SiqjUBs2`gc)kHcB{Hkt)?%!?ow%I77RSqO;JVp>Jq# zoE3Rc5b*|sf|x?-FXa`S;aH9m;4a9bp1PocKd*PYQ!GRe1yjji;D12i?(rQ=G|=8W+WZx^_wl1Y;A6*Il1eL-=p|pi__Ht72JCGG-Uhs^BzA;D z$iZX(mdl-V1V2KG*vgotPNkQ2ewFa41FbY%vvbZz>jFbRt*B3(+si181A(C?+KvhY?2Z_L%cuID*dQE%y zij-ok{A+=B?Ij&+cW}f0yf33)$xhpz$QA>~^|BT31z@wam5#VCc?JaS(rBz$w!{t_$|+$5=F@i-Nt<*~N6B&VOF2&C{&Y}fRpHjFC!a`G0vCEd|R4SgbmTZ@~E zXA*1nJa$G6lOCqE91vWjSY69xd*kUM!iX*2vuObngYjFkqzF(-EYur|cLh{wBgq!7 zno?+-s!xv*11AQwyFDX)6(hBt^{$`ek8F5Uy?tu#k43{klRu6+Ytlx}JAs&jWw7li)Ks$ z)yiOuBh~YYBFjiA(RmrV-`@?)XRZqdkf$3GO`5}{j*xUSTW8t)>SE2^>AM9pc*}ZIX5V(WSH0h|VgQxiOE!Z$XujMc9>g7KpSK9^x5QI#?rsXN zmvq?tURXo%jGyN{`P*t*&*l(1;-2cXM0SOH=_NR`_GGI76Oh+s^FY+d5VP?B4Z=pM2Yn)B;-k722ElWCI}qLF z712rXP$aCjwzv#8e72EMtv{9v(G|r%wNIl{5u;NK>B+lhmsg`Q1?#aRHDb1=5!zv! zl~wjij!F@J>nw++GMkw@Z`Oy$>N_Nk3!`@^*CoVkM-OmPw&$|Jldf!zObG@gZ5+6F zYhyB5J~R(?qcS?L7&D@_+o79_s==9^(R!m`)`zC>&r^rRtXCd~rmXrzY;%6=!QS2T zeipqy7lv&vj%WUSGw`*j?Xt1BN0FqhWnJ)QrA%k=rm~J3Mw>*MM3!n?#-oU>h%K0e z+0<-!)TXzaBU8gqsT5mK)0rj$B!0T%F7Nv*@Y&kEI7V9w>&UuYv}*4=fUzNofr0K}3*9{kNDN8H2_Q#}Eu9dH~w z?Ykor;`g7F(f`Pu|8dAMGW}a2Ap1Wt;(y!7V*fAUBR|Rr{{Jf@JwlRR z_*nKIWdsWJxAwFOE;j^dOX}OljNKcWL^1w=eatWlv=fTPF_>wGdz20VyzTwwdMC^8 zU*ZUB@p=Q#?O)=EEHZqnrRN$~_ZkeahLZt%@%rd_Yi7oj?8soX>*Mv2{Ic~XW<2_y z9ELYs%snvYnH72ziFe>u*TVa=B}MN#TlczK+F1Nb|1~(a1Oc@hucH7&;I@=MICrTD zxt1}q4^_UtR{`c8MH-3tJ#bxuZ*gz(#DPu$4bVt&AHORo2hN9_VrzC;Yp}nB$b^Ml zs{DK|-?Fd>Z6WHI{N16qY46PE2hjrrrtd5lo?5`WN7ilF4>1}1xGS&6^))WWXi2@H}Y^OmjeJ`zdn46b1n&{g3>W z_2(Rvy%sd1EgALtts#isigCqa%alW1w+2F^{GWHpVh`d?-{E@*w854AfTG`}xk8&V z0mN;bO#Rwl{>b4lD4VcJKpQxCdvF*)^q@#5Bcjz;#qLO%p5$7u_ds%$5TiEB{W3)4 zV5#GTR?)9CSXx(yL5x52%fpLOBql~evXg8!W?LmP$%YTTS17=6o3VAfVpx-Y!gga6I8jW3z_z62x*qot&lsZ zI$0D@j6k2IrGk3B6GeifQEwt z(P3btvHIwgR_l>kG6uCJs;5z2PVu|nPy;OK>CA(?eJOeX5* z|4u-hCeg^=1IdlZN9HoDck6J$l&!GhSkDFBdwQKf)u_YaPay%|SQTk;bxR#o;UEZ> z{}Zvhy5e=-=3xV=lzen0ZK+_s9`lj($NX;T$e`hNy>^H>Vz2N7@o$&mmCX-RGmC*4 zkb1dKNXzpMk)12hlQ=gFAac0kXzswnhhyvUcubNW?HF~6xV};XJ^1i&Mp7k`DR4XW zp;Jm#6>h4;C8m%K!#nG2PMa--h}9qrd(Et)4JkT;{yVZ%Hr#GQLCGuD3*b&{#MjJB z$__%jy<5#%XVzg`DAY5E4_eiGF-~I-p3lCjUu1|8Vm@mRY^9euq6dc521@k15x`yG z{s482s;_B=7i7h1sXdpkt8pv#c#jK6PFL0_m_A4aa>KyoM&was2D9Q-c*hcUH9F7) zngDu{Ez}gb1Z<4PxyUg%ME8Bqyg^L7X{O4fvUzt=VXte~V0g&&2*~q>0CkW-E%MB5 z#7P&JVlsZVc617wLdxXA46*2wa?@>B;7L!1%r&jV?`|b7uI+xB8 zJ8kuM*`{kSn!|^Ub1)wLm$xmhS^Dv&<(>TZ1Ks$PNzeF3@8dGnLT2^ufWccTVdJ05 z%~X*hq$mArRfF|_NAOOMqQJ+HY7DtrjJx-$ff29v2dejhYgu3L?OPgaGtX=Z4O8cH z#YvMg;9+^?6T<=WR(rb4tZj~#_btT5YH0HO@DEz#xxuk;`F_Sss-uLeJLI`+C4Q+Y zd}N@?F7ILr{7xpSv|KV|2J0*o_@sNHfLr9b(tuO`b-^k;o8-Azpo`tUhhXNqv6SX+ z$Ksj++3CgZHZP!p4!T9uDtubHe}czsW;CN%E|3%Ffq)fMpekj~ekb{bA1x!P29KMS zqq-W^&3-YO*q+oU7Qaj^hoc#sIqPYw(A~)y>x%NnHH3$1TC{{)H8#9eshQ~EDJR-% zy(FLKnwe?~wNz@4>Wtf-^$q{^;c<oZFt(*N<~~}TK)a|7PS(7t~+T}CXgjIQ47hY`wM0@VnBo36p0t3rpVeC zcWIK;o4rP5$>adRJZ`0&rZZ?oQM4y}iPOfg$&xS;Yv~<9W2#<`RNfT!5i8DxAa1Dg zjU%kGe1k81G@Yu!F{J2YXoV$=`e&$(w?ZqWjsIt;32d2{V*NF>#N$ZfW^3D zylbNfIr&ms`f{b9HZ@jFQN7$_Sw$ztuR@$0l`Zm&{oA`G1`VG^^#I|^hPd)}<s(kOn7w5pYE zcqc*XROX5=Np{GscjX&M{Z(n)M_!~PwjieovC5FiLgwoRUOUnEZ1T*vZ7W^%A9dM3 zE;B|ZmVe`Ov;ULl{dZmVUx7NbrR@F*?)sH4X|c-F&z=#7biu&u!v%Cr0jCZCFr|FH zOND#NCmVNAZe?X}<@yT_nP?&7;qk@0MnrIbp6tye`1#6~C*&-h)#%}VJr113xGQIV zyueQD&z!bcUA<=>+K%c8^=cq4o?w z+QwZ|9uboH1iNb-SG;thx2_K?*@MWY-3_KqCp_f;R5{Xo`+S}ZJX{RKQ1vAyriA?} zZqR>ld?E+ll%<9OQE2QZi$#fcM?SC2_l~(G2+)6tnr1NIdo_!NFJgBVq$tOU+Z5m|5`cfn z#o7&XRDdGsCnCjmh^Skl#N>~4fgyfO7nlX$%b(en`@>i*j9 z>g8Zh(vjErl|q`(i-$xjTh4O;E3Qk@@A~KIPt+gQe%jfga7kV|N?cgHzR){VSfBDM z-)$E^`|hvKL{QjKD|zkt_wH6jQV%TyJ~}hErG;n=QZEO#v^?$DDgF#NA3}P^(;Ixs zGU^V|cZbj6xOgh+h zsS{hO*^7ua3IC%%HTnEKMZH&5>}j{RyQ<@$9#ocsBW(C~{7L4yVSPCexH(VwLn`Kp z(Le;j1JW;2`7!+3a%ekAdBR$Xe$=-3+4v&-yL}P`SYE)W=UeJjtp&Kc>_)r}>!g{C z_BcLbaoE*itdIZ*_i55TsIc;#`v^sBt~5HbvB$$P`T zI`3Mmo=04{V{Mni869T#3kp{OZAGL}6gkSRhO+|Sp}T2e@fsM;(^&X@l1^4hREevZ zd6SA7daPka_Niz=;Z{$sTg2CdV_TcdA*lJ}qyo>l6XO|m#I)pd@5ft-Nzor*-a8ns zWm^>1os2#QcAQ32UA<&ysR&srZ8LLNnS^I8l#T%westktE{$wjKkyc2D*ryjB-2I8 zS}?m{kYXa_O(fCQ~Y-Bfe8ZYewu@;9#s2IZ@{}?62Ydz~rOp=lnbmnMaTMsrtv#*3lgK z!*N0T=A+_Te@k^bA#M^$RY{5au*LeJ9ae4b<--fPYgy5Cd2G#C?Aihhfil8z`3~Wj zjNs1kM_#wu-a8S7h#Tesp^2|ji30EF3H*sl*z$KLJiFI<$mmEAHwxs66KDI%xPHVX z!=2>>wGETt6QlN|27lYOAqXjG`}Xk9{KIr`f5qnT#+TY?)P9Ey=pb^5w~H1`WQ1lP zrL7Nl2g#yw&XV4Sr1%3^NG&lX`ev+pF*SKd?>EBYhf;49>;NxHSC?8nJM4uZf z3k1C|AeDvdq@IKx=q}taCr69al{q+$If%bJ$(y!BvlLSwNL^N8*p^KmuKb4+bA|Xzw$WBwFGIs^smF?b>&$~e)+i;3Y-%m;gO?sq=ZQ-HPZa-l6l!vv z5LPV(02wg3WhYoLxnO!idMoXh`K|eFn9Qc5c5or$ZCIRS@ihux61HOGkZ0w|qVbf= zO5(3r^Uh)s1IZB@PzLXAY*8gJOAw!+#d>AJ0>zU}f1VI!)g$YkVosEXGVi9uK!(%` z5KDBW&>^A8oS$lDx2_8;%LTVRD1b6ByB$qgDMfc>JK7{AkMtKnE0vUUBtI$)m363? z+gsV%REd(+&+cG!>Dm~A;TBv&bUIrs!`ffG!RQj3Y;X*bS%~a7%tCFuMxp*t%-78X zU>&&@XVYaI!U<&FH=JqXJFV;B@Cj!OY}|WWVZ*bMtGps@w!rJQE(p-E4F=Z zO-QT;YVT$hcF$wnS>M~M_MZj&*fIsX_-PJ~#Rh~psl4aPv9;k9K)PlC6 zV3e%*9qyYr4Dy-ra5+xm##H*Eyrj zT;1&LMo2`{qfiWsvfSSDgdwW~KRg?B?J~*I1}Wmj6G^UlbS20A3H5y$Nv_B?%l)bF zOG}P>1Lg{5w$ZZV;QJj(t_*c13I;?o{)1Rtg0An((({`7kA@mIa`npOVHc8rUb>^e%P1!KybF9toC z{cex$^2Sb^?s3|e)S7&tqs-Z_T%ZZi8(zJupXsf-mRa*;>uuakSppgE&-|wB(QX+a zA!w=uaig9+*TH}_piF}A`+N-{ZW*QsA`eCrA`?*&eaA6yL#cd=*=3ZuC2k%P_@WO> z(Zs4`^?*9Jd-m<=Zs|@ioV_7uQ=XQ@AH-c(QtU|4yG~v1Quh6rC)b{KBSI0WRRb6=ILnhErmhi-xB1CPXuY~AM{hH4ivvuS_W%r|B zR&{2hBfS~4jbjKtT1Pfxr)}BJvb)E;xa@`>nlRJ3mF~H77 zOyX3`)`*I2$)r~YK^DbZMWsl8AjWD=|KuvyHsnCvlae48V)DQE5&2WcC3x?;TxhOvQ?Thfvtf0MVkO>hLfuKwC7(#-oMP_JW% zr$v=$y?ukaqF{B2Cu}qF=J2sRs80(|xz(bf;r5!UbVI0jzz(w})fuc%`2{P@E}PwT z$*+`HwjFzl7~KtfT)GV> zrh+iR+HP%Y8x0THBU>DkOD{cMwNtEPt4Z3CV~w)IACSrHH7>z0_74@k?ZifHNf851 zojhARpvqc0sx%;eaxXJ7lr6J@ub1e2*$TW8UFcGev^Jw&=E@}o4F4Uo=JuY)zrYn@Oa8oJKdj0XP+Aj za#2WWB6^p-5&Fq?-7=IP*L7`AW3wHBRv6cV$g3$%7%3MV6g`}shO4j)3ml4J2$k_i~ zZ#>OQEUr&u1~qPdY)_+BSImeBBgFtj<94FD>hra@uDREvI5dvSx!<7-Fz6Mv%6>S~ zX1d+mpO|@3kMu=PB=Mu1ILcIbHBP8F!zGb-*iaU?N?#%|h&XE;w~N$)E)HAE+9%Y5 zt)`o6wBV3{pi~rSPSfLb(*S2>zn3og6T>VzkVLvBDPFRVs)B8@LehbH6_78bumqnp13PChLgn5pjVjUoz?+MlIQ5z#+O*ACp5@p@>_+Rg6a=oi0Z2_`5vZA zKfjwLb1O%yQDiXh2^m{&8h5HwJ)v_$Z6z!PFWD}z?o)hM0VvNY8wU&CFqJ_C$cZp` z^10@n0rD|>yX0Dih_D2p8@@1OWJyu;V{2-F%wdR0z~2IG@)8je3Y0E?Z2VN}@ZU&^ zyi~xsbb%7l@NYTVlAMC>C=CHcrz<+QaDH9)x1T7yl3@*HA~HB5)VPM#519p##Vfd? zQ~E&Va%Y*7Glzba#3>bPJ89sI74|v}lP$H?L{j?1X`v$|V9qM8Zya8S^8B*HZX99< z1#PLhk<|TG-YVhhpsnhB%>04$VUEz+3}(9~8QjS!O1w&csSM5yM>L}?Sh5Z_1(56R zMR0&8iXL=Dpa7JzoNzphP6;^W7ccHw_s$=x6yb_zF{GXSFj8{^)=kSAK{-6?Dx|bt zI)IUuJQa+hl$&5=^2^FVOSyR-EDgZGIPNXV#8Tq|59WNq z2_6VaQ-jrAr32GVvz#ia8O61$?)2PyOs|*)3;}z{S$$oVMv15Q2AY`o`E*d!I zoQ9WHc}dCvhdApb{>rrgl&>PxLg#285uT@+^Cz8B+_Em`k4#qt)!!%Hl(lIA7UR6{ zTs2?LW(&|2i(X;G@gfFtk`yJB&Z=(>M>E-OFLf)<2=ARU74XC!m>Ib*3Nj^+2g$#a zG<+nfx%T%sPzkARv>k6Nri~44Ms`mX!t2{mDOajYKcNgea~Z`p*FCrU;fXn5+*CGI z3Np79Q4FEyO_Fy1>`fVf!HkNj>L%sy10$QEN8ye;CctCNOud3>xgm0`>p)OpMAK>n zW#aoHe-A4HB9f>tVV~nxd}4q7LQ@pJu>z;)uQUW|?WX#WJ7v9?NqXCCNMV7mtY3~Q z&87DCXp1ffIl_P!xR}yv0Bqy3jgdku$gAKlC4|>0V0Y(nrfs%X3@7P=hw`n4LNxgB zX$irCJmCAAcB3rl7OD+?X?{a1_GR)L&S$(k*`0P@E7Cl6L_yQI%#`2k_Hfgf_b)f9 z;mxW^v8lqc57?oLy(P zzAgJEdnO1q{gH&xVRVDhh@_~TJguRZbN1jjB?dcBNz_wAI5#1vde`XJ0!`rG9#cG5 zxNn)wBaqI20H&sQ=(#Q@`&z8o<8tIzxsqsU!>z+u^@#$}zj&(Z}_- z>9^g}uB@J*6=<#VuB{9&7{SvOw79Os{C6}i3tbST$z|6wGTlWSlKenX#kQwv_j&Y^78*%GUx+dSo9R|M^`{xC0|KBL@}eLDqJxhq9$3LIuu)t(I{ilC zl_dU_(OU|LL^j)E!Kirz8)qpv5;QSbE3nGW%k+d9v&T`gA1X1d{84qy2L)Y{n9^J1 z9lVzREy2c{VCw0-UNn8zAkm2~%P5C5W}v#}bSr!t+5$4GeU?>wDG$4sy0AECTCLW7 zw*UVB7<;EEOS)}qG;LPewryA1R%KS&wr#7@wr$(CZQHn6-@f~t-P*q&&P%j50)1k| zT5H6NK6;3eJCh|m02^C^*Nc`nBj0Ld?v%(JEzBGunVH)=?>F^N=Q|4eXZG#f0QN%T0*JLrs^zcfRIE5uT!t zqOuVic|{g;yw>C64;(Qq0V%dYx1sGzX8TpseIXIAVy(|9uo;-iKYrJ0nzV<85E~56 z!;9ue_g%7iPS7)~=FdcgcVTIi{{#9ob^bi+I5LWO;a9vlz#On|OtoEeW}nLbMpJE# z@MGgQfAA72n9q#>s!k4*VfCS24U$OUC497CDANOmh5?dB*RmSP{aYSPDw32Sj=3^* zxgch z>*<_@u?$UgymWEFlJR@+6C<%E5855SV`Fg@_=Mj%RB86*PuLE1KeV}dnezMR#Gnn1 z^V-78uaL`ns*Y(Evx!cq9jpSRop0X0up! zc@b|P4_IGM_!myhU#+mp`gnVqJ&t~6-B#MP-A#$AKBzQRHY!R|p0G=m;{)$9c?|UuzpTfrmv}#DMGJ+XH#@mL@>n-dgfKBf{8>$LgJSQKPzu0Lbje23* zvn=jObU)AqEV=;UB8MM6?U79Hd!t^`vsb{vRn*xu2-}(nZN#kaW*dkanwWYE`F5db zn-V9f-pMvbxbP~5q=x&|Q~hoP6P_>q%oRz`iF3`~zjN=qyl{gHdz(^XHm~tT zYUXv{NTOM4N}P27xTw1&D0rY}TNHR4Nc287HUOT;-9zEdt_+5_AlL660#nm#&Cbhj z*uE)jC>8Ye&QS|l#lUw;@;EgIc}8bR`z~Pij?WS$7WqBzVz9curZPXg<1mH7L-puM z`8$HkUa^9~QTSZtx;{XGSO7>?!;RL+PnCw?Iya!;5DU$;V1olU=mIY}&-L}_7T(rk z{mtSPo!;mm=3`!by{UAoE|j3JsVmC*8xQEUUwfX+cuATI_%_c7U$eae8_eD$*Iq;RCAM0P9Ly zidMpVkT6u3hWshW_Ai=wkAvE)=kB)Vcnd2ymJ3&a1{{0Feq@%X-GX{hHDI+zWMx|_VY7tMpZ{Q{o&B=9Y9ZY+9K!8m(tGEbS_FV& zdAL9j=gA~OVeqQ`$;fN*qe3_EvUL-zB0EK~l1&l-j4J0rLDiaK8@{my4RV?!Wmi<88Gk(_|vN%_J?OV=|4r?aaDfPyeldKzSAx_mtpuwUWoA{b ze>Q^WDBpo?3{=R}v6jneKu*GprO-qnfNai-KxDkZjrO?cin~0DZ&tO)!8_|b6(x5m zTk2~5du*M$JbtFXsCJ#aE88$``)@c@lCsfpSk5l-1&(0^W@y|M;Ts1C3tSlrs_KN_ z>5LSK+0&Y8Cbk*yAb66J3+ePKyMXpOd@?3<@_f9^zV5<;0U&B&bob;iOqJllxr$o$qMX3f7N@I2I7&x-jj%)Y+K5cOylnC z34Hp|2);2_e|bs2r{uLa3j}KIssgqZKN&jZxC?uk8+q0&OrKAr5hw*|j>|zvSWzlB zD{bhmg_fVg>dxFnvBXTBE}zjo|5Cp0x+U+TZtCli=-0KA6^}|e&Y$2v*+*{ZrsDA4 z6qG8`tDY4M%vK|h!eMQUP-c)hIRUE-Kc+(`48Ry^bc(2+mUZUggUDCRgu4ZTC?Ux1 zUiaOSW8$7G>aGvFdL&e8r19|YRW>td6S7@wYtThE>hsTfZ|z{Z(eC1W+O5)Dg6S8}B~ z_duiyF6jiR4}n@H5NtH zX%OID!>u2*%$z&D-L~+A+z41*+(yT&ut6@v3 zDgW36r_5gB1l|+!-jG6Ou?IAWw{gmI`j_JE1WjUk2qK+?Ki+{{s)-mQA?Xq}Njqft zjRk!#zgY=*9*C!|X%@uRJ2`>rQ!tOV!s*Ycl)`J|zuEx$&!7Xb*?aPsnpS&V$>Co4oaf(8B_ z55LI4o0x5UAXLwqUxd97h+hPa%92mS>}?W%M3FLrzPY__dIii7~rt@2-% zBW%iBsnLTSb_l$sWM*dD!v4bnFyyWYBA7-!`r=15A^hcnjNpl*BlQO3^Fpb*nWP3d z(#gOfh3pHKOzxP#Oq61M+$KySw~kO8ZZHi}dp~2Ps^z3GQ*5205_$^(w;vF+?S`Qd zwHZ=^g_qu(avghh?1kw&3!KVVuJx?+@-qo#2oCABz;u^&EFl*bO2r>PdfWzDqy-#y zl9XD8Cv#e2a?He&rhkn{FI0GnF{_3+haW;wDL%L|F(+MD|Cp$t&<38UC>%(L)gafu zWS~~rQ#{Zo{R0)Yeu!%_B2)N=tJ^=m2u8Sx^%MD^wx84DC$rUo1^(`mUr4Tg$#4a; z5WzBkzq?OJ?s|`!Y0h9lWGHX5Bk&GbEZJ*9i9|RnSCT!1orYfW5x&uCCb?&U0;5&cGD^FRAz@WmQhi0A%o26ID)g z*Cc*^+6#Cfpj2mQAiK?i(;Fjv{2g5q2sK3uRn9A$f;!#e736ISwFS_wKIn|No~+Oa z%q`IjkF_$p~l%5!15&q^SIhBrI|L!s$sW0+745|DdMyx%64X$i4IJ z=`st)-#aKg!%^?)BD(Fj_v#1ERqaL--xY4=6+2c=#Q_X&miN|&$37RF>hCV>=7-bn z^d|7f5%~A+%ytg?ix%$d8T-hk>24P*xO8{kMVjTAHemOAC^yYxSm*4}z98EAy-8>% z1liA~qu-ajJX@ZbfJo_ALzv0q-RXGLdOkbJXaGM0FfIY9)@vZl5D>S3J#2u2RC6M8 zANGfQ5N4?8EHEWYOA+zrVBo!cs-Bwn-4xIPs5<-ftfcviDjO#CrKxWqT#+`sLrUM z5&F|>|95lkHaU9(46VBY6GrbXzWC!NcNjB{ugxxdt1M5+W76U*7S6dAa z2!v*Y#8Mlq%+Xfw{f8ea7JkOwW&Yz2m;f**KXFAzK-olE)tTb$(?cz6Z(4`FgAn=?^jbWTa2raiwe#5cYwIi1L}z z16+Vz&@&uk?#oDwUIE%g(ui|LV%9mve!2U)Dex{l)sf*OLWw8r*2}$x#Hq_bR@{EN zh2#Ar3n(j6tn!+!>1=Lf776zJYnI=9kTHWFK#^;Sk|F6r*W9|CxmpN9I+*%GmEJNa zL}*WHP=qSNGufrP#3*{KoN-B~w1I~a$DFu(E4nB?*Cglt;xUEbm6h-}64$Lkk_}pn zW<`tGE)g}6o{$TrsZ5r-72zU}HN<^#L9KuumeWvVnB7~pA=cS4 z6au4y+?Y!Wr$mLg$7&p?xr0)dg6aspuYLDp-T4aI%!k^|;(p-esX{AH8}Okth0<0) z@$@cBGD(4{Dpyx1tA(>zWMirn49V&8JP-+(fyGvXSQhlgiO@JnGMp0vX{c~wSH=se zGuNoChtSIZ^z!Am>8LXn2S=Q=DI1_729P;aPoZX5eqoIT8h%MoR1kJ5-5^Dz_2Y8=sXfg z<~lTwu3+E`>>kTP`}nL-D^_D#fCnqiKPr5itk^NeqQtRz5M!}CG7%8|D^1wHEoS2? z4Ly&Nei(z6O1vds{VpDv!q9`-vKq)~4y>vI*6ea}4y+80&62*yvw^iZMLN_f@B6Eo z#_9rVDaYZN$*Sh4Ru*`caN|ev#N2~~QU(xWhq#L>EvNoSC@ohjow|K{y)+ME__U3^ zSoI=})Nbl$Z0={dUVcm?(c00OPRib(xpd6&SSrY(E}<)*3s(h!f*LIWX+ID^ktk_p znNyrL*dn}lj?2R1|K9cLw}>hWHgU8 zdY3u<8Yf41lD}bix6LD8Nqv&&^sryFoCfXf8pam)v3gTQ^tw?M>P1rx8~1zdWRHR` z3E}{t9-KGPRc%hhMwpSOGz3g`B;byeME@}~wKFNYRcvj>KQPN-$+%eKaKvOnyi zeZv#h3cvl{%t~Yv(S%qzbx&aPRZpyAQY%Rw78E-&=FyB=66VQTq(}7fzJHdS<6dRv zO9W0e{hEbOk!1L<(8N65;^&tzKI8FD8nAp}(9L+g5EtN4_$JXv_&itPR0IvyiM!JF zoiq2B1}DPi31Pa#z1T*sX5)TishHaq|I#~T`}5A)_0Hx^Wi9v6=`$x@y4;+Jefv=F zLu(AA^INl2hPP5=CGeoTvbM%;vnz&{eE+>k4{Ztb4w-Hq^bC2;Q}#DHY|g3-N~B`e z09t8P(0+U@rr`$Q>0oNC{bENAT<<; z;r9AZ(ngL(FN{Bb}mrR4;<$RlY zAWBfAhVI%PO?~e`mqX2-k&)D{ZVdHxEh>Wjy>K4thmG7^ahAL|X2E`yxERU>?{nImneRZo5B7^S+EBx3K-!-U?U^^6xp z3u|9%Xu}e!dCMWifaP3HDI8l5>-SBpGd8yN18bxDesNN|+LNm%5jyQhj|lu9xU09e z3q{f3>$VG$V)G&JAZt=JmM`%D135|3I*-i{@M@j%s{fj<{F_H>Db( zjt3))#a^m2X*{9L)MXln6!cE*R>*}?l> zpDbhs-v>|n!rI3kUDqLz4ADuMEHr(rAPGp+#}xdVn7iqqz{O8>853k0u=A}9LSmch zLQnt4Z!t6Do!FKzV~Z%Q8&6a(e3pv{e_6c1MSKTj^(nZ5klD_f;fBaq!R!e zr($5r#g)};t|A-*iQ>78Y2vcE?|_GqiZXRhEf|kVgyAxyvPoR>j`lq)3Ref3AaEjb>ApYzGmbBiJ%CQx$Mm!DjdlIruS2dU z-We)$45+k;AC&cGoL?O<9i~Yz>%?n_n0@;mY`eZ>8E==Sii#OpGQRF(p_BR1G_$q} zXT5$rd|5;jo6IfNly&1S2DQ&X!48HK{P={S9-Q;2R2UFKD==h*|KkZwCOFK7455X z5#FC_E@e2a#-;lOQdXpcqaZYjp_2A8gXR(P6Y{-J&qLO>@Rbjifc+(`qe0q{=uT-I z#YquX$CM=K9oNvkx*l_-=SQM(3d2&rHY3XK3zDjabLG|c?r~>5{t$HX>23MQK~`jT zAs{)is(9s}7V?rty>VEymem>ve)-~BN;%SuY?v3QCH;a(ky+?HQ~QI^s_ZtZLwS4P zt(#Ha2=yYJma}MWexW=F7%4>6eBuK5c3V0NaM|TmUO?`5U?laZs^_4cL{=xn4fJ(` zgG37E)LD5ze@Zwwo1_-&)pfFie$DyRgkGe8P*nDsY0ssxJZn zpo&e{qW9*8>*D&{FpIthpYLjVaT?7)C4cslQD7Ama=0UFMN-)M@|M!idSb~Oo(osW zB(@ubvR8nk|KK~1k0=DJ88NCQeiSr=h6TGdEkYQjx;2$@zi-ZSF59>T%C#QLq}HJ= zaPAdvvkJSgJrk-wtJ|sJe4E6+p=!VL09+%-we1s;FzIzr*PLB0MvB?4)2G%>!)%k* zZYh}|+^41(aia2AFq9C&0stvABegkUGbx5Rmrw#{`V{XDTK=+NI`D_| z+onShb5067cAS~}M)*4FksRHY*~@h*EZP-L2g^$$WzotyWH_t|l#FgUQop*FWR{VR zc>RoDq!&Vdq9i6uuG{=zT9%->4#%|)QjLHC@8xNrM(ZP!mRc; zVqWbn$&&y=i3p!6R)=kNe$Q*oEO`|cHIdZxgQ4TK@-Pxl!~DpKPWVawQHg{dvy|OD zVCLK}41{}d5x7wzPs+mYba|y9bRjpgBqE)QcradOgzp~FMwjMZp5J?UK)8qtp9S|Jq#}=kgg>YO@lOWD!q3ErgdZ=CeuU@Ph)A)8pyrLS zrTK8Xp{)Q-xtV6PerN@z2tQhux+Hewp_0%1t3`PbLwbfY7nE?SVO{ zPN!2Fk>GHxR^m)JWMd?W%*{h^0;9l26&((FhOs)NiWT3I?_w9tN|N=H3Pk9o{}7R9r`F*vLr@Ea=)llhJYfuceuxxV(#%4H6w7l1ig?A|u&r zWIqaYM$AZ4+M6kN5OguuZQzr60w}iZU01SB`hn-iXPeU`kD{#~0miFlWCnm|IxD#giOtUTC6qd)cJu+E?(@{ImTH#Obm2UVNmeSnY{zd;jpO~i>7ZW7?1(qUKCdnp0(YDd!0^Amr z?lQn-4LmJrP*3Ag@5$9dn;i->rubF8wn_NcD3VS!@!HwU!q&$nRv`k9*>nIY4>&a&lTrM>zBgev^kBa_J1zrMaP!naXzoVR-{^$#o;ch0cM!{09L@ed5((7+euxX$Ip!CW1wFxi!q6&reIE6>go^R4~w{s?7* zo^j=KI5k{K*IR!WHMXKNzK+kOA0GS{qM-0?r_xWr z)Fl;-!YF(hpYT>zrT&-$a~|{Xg8indtvt|C(>A=l|hV<$|Vk^nD|2=Ty}- zN4J!)=W2I%_vN{a@1_Fvv{0;OD(b)+stN7O8=|m8ASXwqfve8T6^%{CGao%OxlDB`=1a2ctzJGX~%iB)h7X-y|&vMe`72fRVlQc-a_% z+jG*P7w#-2&PYyfX@R z&oC+wH1rx@$f2nkI3mca%y#WPvl)Ju<}y`A9d;0eg!oH|+q&WTa8;g{?fsbWuPmt=U6qtMQNg)^=uR zSJ`Nb%}{sNsHq1%k9Q-I8=T^gu}6owi}P$cGkU~?&d>8Ymg8zBs!AE+&qE!g7Epy$tFA60d%YPD2K){}e z!f%p&u57}Q`?5UKf|Ydd!!~ARcv!0HhV+UT{jniXD_jjsW)RInCIcy`@k<;q>v77y z$he?yvc|Y%Nd3MA(F@h{dcu%Jy86_Bvua*EKI25s7`RZ#1hhIe2fb-9(i9k|fFVan z-t!hymnHiwS-4d@>l{whJ-r-_Py|&XHMoLEDOrueL$>nfc!fo4SV_x3$XsVl?EZ9i zK}RNsQbS6;mc?Mne1@3xD{rPFq}$Y(06mW&kReCk1| z4WdsKk!A_}Sf~Kr!wr%>4%ecb>N9(o>|4ck=>lOvky*^}T-C8*2N+f)?Th zQ(2mxdGOUOq0Bd-mQm7hTltV~Ncg)@Xu)&-LI+bQ4lcm$hSM|yrTGDNH6CqQ z?T$sAx8^V_g2mjZJ>6G4ZkX+@d7;p1rVa%_BlydR#S_aC&9K9ax8Nx zAAxd_KCm!13Awg><_NPU>uGi|aIm@PcV<39$BtQPu2x|w>qY*sU{IOds!1~CWDFRv z{Lh~at6XUbA%@9jn6!GrIGj!3mMynAzTgTVpy6jG@y&}K(7{bsxB2d6sm#{%`WRE1 z<^i23=b;3oUV{Czl=gOf<9waNi_$4Ri>(ZqR3T!J)!|Wi0Pa-tN&)WL#iqh-dMiLz zvm#qnv=y}z3kU6;?=*l_5K90q?%g%Ql0(&~zK3qL!qU}0+?+^&U%k#5I;^F@kjKZC zWlc<}aEc+DGT;)L5m9yfRC7g&L17K1LaN->A4vnaCV*?%MQ+$46piJ*)Bj&^6J*zLFJmFN69P!_(BQ*sKA~5V|+i z)CfunK1J4-vhQDvZYd0_um*`qwMmT@-bcOpRBR#0SeM}_od@N}ID=X1CErzGnW$_X zJE=Z{EY!JWh-}bDz&asZ!?(oPWZS0{u*TUa`}UmsbE)*3CGLRWQ==JDIDqY&ImEF$) zjT|q&saewXb+_ep40(782{t_Bg#e~Z!s(gBHd>(T6~m+-jkM$uCqw!z3b$$k*}Bc4 z;+nyo@K!`8(=aN+%^$+P&BT8cq&p4vR4$`7tZo;8Pec-{P?&?{r{S%THh@}{^%nx( zCIBk_lwSlxPOlBpL%0nE$)r0{Umfe=1221(<&kRkRjygApvkEuc0isN2il7f|F)tg z8~%adO5kw2WrcamR0&*V)dbpaa~AaPYM0!^`-GQHYz5V2TL`j@ zKr!ZUMAJU~De(-@9%HtCS0?A&6t3AQ^~3x>>!>ok_GGCoL^#QYGHxRk(&_O3ggo?P z>E|R(ltg8WmA9Z*7!=PITWIYeq}ury`JfaxwE`&ZAx4*COk&UqyM`IGE{GHBu|_ed z`%-rL(Aqzlod5sR5E$tK#vuv(naM!2FoOKhX8OaK{p;~bvFFjE1E_6Rmm zy4;ktG?-bx1eX+tysQ?af5GMVkCC@;POXO;SqbOaAPI2xRJc2jx*$ofi#_$%;*%V% z2Jd725dFT^I4Cr`DsXP6iER@E4V zpcIJyJ!t(Qq*nQ^wa^NLU^#Rl-(&DypbGH{LU$qm4$^TMrT!jSME-k?`M-iyl)u5n zKS3f9gx9W5>?ecaV~oG3Dc{l5nZF5UN3VhgQ`4Lr(44B*XkQ^D1m_chE6BHyp-}ZP z!I_&3YQy(?St#0tIDr4Ma{I5$@1G=*nSO7R+ylx zJ1P%t{1P$oL|7P@eSL-OCK{l7x%)*rvBP$Xst4ojo^;&UdHh6QR2%kJ3~+Z|ut~c%AtQt8_aD&(DUJOGqrA!r%Y0nxx5A58%`xB; zb~!wl1^y&1zPQ>RD&mT0pJ(=aQQ*FNdHQK~pWCcA_Xit)QHv3bhi$%TRGB_$G;b)( z#a}|xO|)lNPX6B61Y2_M@RuJ2SPopA{ye%6ct}2<#V}gOpQe}{X2FZHQ%tRSzJ==D z=lY$V3*v`IKHL@i&P~C1dMsTL*333%DF7*ak?13VN!TYOxoOGZadnR&vc8_l3iKr1 z9?+{|-!AoTSEgcoNSW^FUbXwnIbSF|MaF9P$Zp(`0Nr@Q?79I-x&!DOAH&w2PfEcI zp6@0QCU-pXXe{?x5LKgB zwM}^VPzf_{D%$ZTO{)4i*0U!_`r12lDktNB0XC9XSiyZ%ZZZLyPhna1)*dX2Z%=?% zPA2WIp-pSz+MBpkXVFDRkBs+iK7N8nD*A*mN~zQmUmyIXPwm4@24?0 zl$nhdO?2bOUmhnc;~H81I6~4?Dl!0=^idglZhCIB4bNt(wMZVO3u!lPrj@0sJx;F!6zCYI`r5o>?e2PC`>3!U=Jan;CwrY3ZvNqBD zDDb2`S~nLZT;GqAHUZ@g0Q}fD1X-b+!0Z&s z`K`0n5w{eQG^oC+3s5@u6lCukdG%msO2BSE*+DZY$YS88mBGMNCxm|PR$S`L?Qkqj33JqU8Q)dcs1Eg>q?f_Q@F6- z*{@Z5A%hQ!xv@;j&}Mb|)ha+^S)gvRrM~U~sV)Haw#BQ>K=su8CpvluQY;C1tA?w$E zdKvp4w~*lDI`s8+4TQ%=)Kx)8z4et6!_6;2^H}>!o{q1hH3T;g#~&Lj3mrdyn+bh` zj6HQtx0_TilsFsHi5dMVVLMu9b9V{uD4Xo(S{qJ^B{$qnw^zjoea$1o2QuE9Eg5Bw zY_3C^D31|Lo#c30wUyU}he|{B*7q`!M&}}n>G`dJN~1z*(w~uGZlsR;gMt-%?UpN>eLoqe3c`A_U}jUW^cU}+^I z(j3&vJd(eMJTIN!Y+dFZ!w7q02l)c&$C%LZFv_jvdNg~`t)coe(||)NL9wm_2f9p` ziT2B0q2K`|kJ8bC<%PAcUCH7Ihtoj9R92q<+`@^yrnjbB67(O*$r?LrcgR+@Z;w@M z3n&ta9TS}Lipiq2)#X|DU*s}&QCbu`cSRT3T8^3Pi+QLJNu__%^_SWdk>Pd#Ur)=M zD!!=YX_W{$hANY8TfE}hOpL82EI50DYG?1ht>sDiyu3piJIvArMeb?{1`KE|%`7=@<;(q1&1W-`#|tDY8nRNRa}M%Ly2(*t^b8$lKBg@T7ozy_$@XuAQsV} zrbz=9-;KeL_uZfd^}ld2Z2sbs(j=oYk`%u2{?MOT)c&Wz6F5SKMLlT^dKv=>sV2@J z`ZS9b>}e1@M1|5=|FrIBN}#BR+4dJV9v6>2iAgV;R8JtBNXj(Fct=Cl7m&Etsvd*~Pp1!VsVm0kDU#l|2R+$0Dt zA}~v||7{)N(>VX{wC02U9V5T~KhqU`IcX>n!PM~;Nc^~o_hZUyyPx)nG%;sBj*!TN zg7L6vh-+Y$P;BQ~{r;p6cyM^X;kM|Sh0JV)lDA=Z_qXt+$%xxd z=DP&8;+Wm$8}ymg)Ydl<_$Nstkd^*VvzY;@x14kzZhKytaB= zg=@ALCoQKC(ve)Z&DryYtA;q5aneozR z60Ltn)&RFxN8W_#bty;e=ws=l+xd8JM)5f@1W{SRN2B}GIju+OhkYNP8iHQWtDS-m zNGRQ$QJ&A%-^g}&BJ!8jvtjG|ly@=Q%)z_hOce|z~Deh{XNdQvqka zHDKUgv)pUqG?8fxNSbUAJ$mkBc+zP2WF}^BrCSdL>4(jiI;l6tJN|N@6sGuOVgpm*1Z)HCDO{SWD}#I7|9-tUHct{So(P zmiBD5mE?~e2A(5OyR#QZIxXg)wnGrR={tcP2b7QuVsxu)gRLbD*mZOPa{SKq?GfcsG74p1&B{ z;5le{7#7zRD3_r*m<|%`>z7d*>O5ife}F)1BW5kydUwL1>btQBb@0e@EeCro0jnUp z7r?1Z=CVWL{rGT#hm!9zwFkU4eL{Q}k=K25LHM{fL$!VLkniF1=2lZY58V@(;$fCE zAU7;4S>a}x=p0z2dV|F6Ak?%A>5A&Iz>^?sPMQmyQYB@F_heM6Ab%7r#vFAsMWdLb zcf;^rL=Zb2F&DwtjT{&OY-5KYWl%UK4?c@qUMhNSSLC)`-3&DZ{QA8y!T0+T;_{^7 zdlmv4PR8J(v`o6dTFviTIp!K4-W0I^RBlSki)+3kG`_TV#=?7$PR=McP5*frBKn!) zJ(L=%?m**Y1IeNKf(U}yl_z|{?h=7%erb@eO?%rqilDG0(2Qgc@YF185ejkSsBqm9 z+6-1}3RK{Uygw57$z86AQ?yU5FntTvpm)3}X;C`WQRYSAb{P1npgq4pBlQGA=+Bb{l?q1vAg20O{X@rCDE&R!BT7Dd(R|BWC>J zx?_nslV7CJuK$KT8gkML*3&43g)w$*mXhw7cNF$X&N+h`APDTd2AJ#a!QE#1Y-SW5 zAaHqd+KwI`(Z{EucPx2o=hxtpJ65ThyD?y#rfILHFZpEjqe6>I@ypa;-JamMj-iF$ zjU^?1^`m`iLR-B}iR`I7XnG|H)IDt{(MCo7O=U15?lR4mzLO!=_3#v^${6-uIxcT@CV zOIat3Er`HoMbp-p6uzFH#bI?#A-8mXZ?b;1iyc1vc?r-0pfe6GjU#cUs!Ddwx&5Wt zeL+&47O8TIS2)kG4^H+18BsGR3O)|WPGVfpZzwn>v#*4MX3eOyB2@_|hHoVOuz&8! zGFvcCYz6kVvcTAC7#r+|_*_wveVe7l1$!no9` z*~r*UpG(im%bB;C+%07&6YO5@4h2U&6WNF-ND<1qxEfLwyZsqLbK8-ewAW3BphGZI zk(%IgI(m4A7gTs47l&X3TyYQOB0|*-a40g`5 z>f3bT{9mf5?(u>ub0JYNt=MBb#i*NYGoJf<266a2%cw~cCSZ2*?yN-swAbK38{D9d zvuV%+7UWJHjq4*tBfnOi{p&2w_}cA8BLxuPU8=TUgKv! z*r#*pbTLQMhqKA$2nqA>bK~dMcvc_QxwOfke%)wYXV2nB&mU7))>u1I|B{|MnCCmeh`GzX_a&>^} zo#(W;mp1U0Cax>tKSkm3f=Dbbultmbk}B+L6P(6GabFZxVT9wvI!-ttbB&3g_#2qr zVZxiZvDFLJm}TG!Fl*YI@z%(%Y51<)V6zKoWC1r7lT+H06M#QhU()el%HiR~S!^5E zue=5xM0fEaZ_a!RJm+Y=JBV#kee5yJ;hJ9PiJjg=_XT#A=4yyv;nYIofW3O13=uU9 z3WvW!@{msm%9*fDzlK8zhC}@n#c&n?8;iuUA6=KCVw=sVoj0gmx9vtzuqyn6bt0f{ zR@=1hYgG7s&>6rm8L~x_od9_`P(>ymTs90K$|mC7Rz%ZuuXueewOF|G zd7EF;^yr2&#y+U&O_V9Q3v|W07}YTJ>@H3o)nBw3!(`NNFt^_bNE$7kazQEAEPCi| zP>+r^ZxU9q0qcY`l0&7wA8?pD&vg^Nj8|E9W1yGP6<#a5 znX{uF>IohPDZ=7ZOk|V_)EepuJBsqJ(#2u3iHwS4befc-w-S<>lI{n0d@>RR1TO49S!i~FE5z=@0`p}*F>aW&jVrX{UlVWAo4t4qYi zg)B|bBWEOqE=I1Y3+|bo*D1HFYA|V8fKS)a9P0}xi?dq`;;6r?uGia&@9|9+^;XC! zJ-y%QTxaCW{_Cpczlo(xjQ_zmWn%b$EqRz2{x6n13!0MA`;C7^ijM1i9i9t8U@(s} zGvQ*={6X#LJtWidmq9}4Ufu}K28!};&fSpoYnV!No>9)U@`)X1j=s`AJylMAPak5d z+JC-O74dmHe=dn<-F0PsIcY40^NBWSC)TkNOiZ7~S#y2eZ;Y6DLoy%#dbQ^{y!&mM zyMU$%zp6||jH{HS1`jk8Q+P%b#m;^thIEAOYBM@RyT-V?4JMl2+!G6CjO`i1BD!JI zFK}3l6~!FOaT-Jf|Kody1H;GqE`&c8w(TyMC}z5?0|SKUoH+`(Z{A6R1k&H_sDDb{ zN&TtdaCrI}BKVP0eyBay?e=)oWN-xA5+&T^_i0BO2R$V!TFVL3fiy3-`LHKCCX{Ip zNsfxF=<6}CWLCo>{)#IRQ{EdfaA0iveW6%CX1A3@4xBxZ!Pq>I$*i8qVJAK2E4|i4 zZEa|Yq|?WS{h2T<@8e{_G5%+VB8Gn%Pto3YR~dKvVKGc?DDxZ}a4g3V!PG_8?D|8g z^DH@L@kdOsq6W3rRUEdrxj9XCxj9{IP;pdRT4|lIb#45KWY)LE{F$N#lP_R={OzNd zZ6{;Fjj`oU)YgF&2k>bCF`sAA*TAVH z1?-n9$-eBCaP7b^J7T%3v6;$6v9qryY}MqO&j{{a6toK)zDSpmFhSJ=9<4pa(k8Yr zkGBYgst3qmFV)nJpW(i>0`wW=5RQ=ua;Dij8`)(#FY>mK#EN_2YPfsF#y|)p9=Q@n zMW2UD+KboK1#!%e@7c)}lO{Tq**zwaOb>>5wG}3i=hsI$C25&W9LmRzS)CLvlA5O0 z;?ham*;Sgs@*yRW;R06TAUR3o~#)N!*pbxrIuv2aP{}_A6C|#DO zZLn?I*lpXkZQHhO+qP|Mx6R$VZQJhYbLM;2JhSFqYuHm&vUXZSM2zC^39wa;>APNQOIrdq%Sb*8n80 z`r&pSl5|ooXkwxF+klCpPryvP)($fbsXjNPiR&vMUd@v75uj!M#u%k(aXKuBRkq8U06l-+pPDUyHk-q&JX znX8n1{x;;#DO=)rz2+=5d6vtt6*&Tz)W*0h=s%@av&#}mtbMwR$HZOV%|Wq5T!aSN z7O5wpCr{YoFU$RA5U3kR&s|42@F5CbSaC{S_zdY#NJ#anetzo57sXp~+WXb_kPOit zSglRv*jjPddx~zXgvFdNS|b<1dOB+%e?+tig7PJ+4N0o#u_A^WIze+AI?lj8e)3hn zk~rw~`_eM1c2CV^UhjgEx3+@kHWxW!$P$Xt&(0L5_2SGETL}AtmA*BHnxLp;Fi;Tb(@J)3ih@2HE$~Lzj{f>O8Du%Znpt!r$j^!pG=*5`TRPw}e~nrknh+BV+F{ zyaQ4ae3Dq!$!Iqd(!C7^{4%VbSNS`HlM<)1;1^p*Tb)|e$)=$ZNk}~v+n8?$AE9V! zGhuMm!E9F9shmVI$uaSS7KS%Q<8zcQlE<=Anvi}-JMO3V&C?k1+8?lZA={L!MQ282 zhWj_)2$oe&el94BuCg>0`6x-TY3qWUf+l0kLPFA)H{ElNSAb_3yGvw^V$cJ*UFIt1 zissoF7+*{0^#a~jRL3Uw7Y1-9B^4qScVtQ~XDwxsK-oo(>xHLD|;b6Hum2(H|=p^Va}lu7uKNjB&cWbfv2H_{Be5!HS!|CD{@HqG_u3lo(zh z$&5C?jOMfdcI8Jm<8E+U#S}q=b!ZOrs-+Rln;u$MW+mrT)~C^OgEt?zL7I0bfIRHs za@jZr9~&hse$kmHNgc#njNDWd9SJcg*IY;$jnO)g^Y2XUD^$A5I;6QyvZ-ypHvjUa_ZP&N&|GUyI}1rDGOFaQ2z1czw%GhFjLf5o6OmIY(W2Fe|qMg$TPYy5HM`KN4Ikp3NBk;WI*KDC0r8@IhV05LP8lij$@74_WHVLuVRXe!h|&B6J1Gd|9^jt)9biEFw@nK*+sC!BXL zzfb?WGX~>bBEDs6ZRRsXXs%Ua_`_KxzYNFSR+ zvC?N(z05d_T4&#uzUJJ;`Gu*ou&G65Ma~!g%aXbMy}?dTR)eov06cd*TE|pTm@3;4hvHLcim%C&_|3drIv{Uh}G}9c2SQLY}Jv z9qT?Tb$Up@zl@qoIU?l1bkrTaJqatJOwUx$jPSmRccMJKzK1TG9_V_mJDGUQ7u=20 z$6%sezH~Op0r!1(l@jl%5-yF?3ObSXM{HJGe-^B8cVOAsf~nP_H_>&UY#0i^_v%OFo0z1{BH8i<5>gavYT!{W!$yX6M>|Yu_grR8JMMnA)E|W*yLE-<9!Y8{0kx zjPS{AnZKUx-FL`a6&{R)ia+Ok`F2i@;)s%@zo|^l9!n3$PCW0rNt5 z13<#gusxvUHQ2&V$cK!IlMg~hP`R;+&^jD&tquZCK5+ZWKp}Stxw+TglHcB<&n|qB zg;lsrpFIQ(CLd^+wr2(0&`ibf%8>QXP+$s&Bcb6mu`}>d|MZ=QUe&X;hS=UKFKK0$ z4=hTZ7~`4O+^BoCfZQh-X3uEkb|H|CYNAdVPC&{wp%BFjU)ke5VkTnehm=JbW=(UK z3jx%_fc#N}XvlES-^}{Vt2!T%yz`iSC8b!uvqwEdf<6Y3O_Cq@>+NM zPTJ7Z2-Tq*mSlYZ67tsa!rq6Tl%03d0RTz*=sK819Et&l)_)=&;0D-S-B=P zuBQAurD9iPJ;tU905_Rr^Nd(fWT_l2j<>Riru>L>*bojK*R$WCtX*c2|5JeUZ`AWo zTE`De(f@-Vz{Kz$Sb_iA8)Eq1Fmo+qPsS3p-SX-cGzDbbOp_8o#G9%DIy%+!!v)wy zAcIKwza(zU^{C4<{t7iMVc{H8-^?sL^6u>v$sYHAAu&Af^^|1M~ z(me(H`M#}71$3Bi?~QZ5Ybijboa(X=2r^B4 z7r4!R>j+GjNuX;x6qOL3wtkZ+ad7CV8~Y;nB!bNKZdjb-Gk##KH$pHNj4pF=V_1x< z%h+*oo5rY@-LWWAS9gX5IJ%6DyF0>JpIovdUOI87yt*WBfU^vu=WA#tv3W5>bC;*Pre-?3L17GiFU9m_dX7P(Fy zhBH#}N8M)!!D^CDc{>rfy3x%;QlwN>Rlm?iaQXt2@zeZ7r^4-dCMtI^kR&?l|5QV^d#u?QF!GP*Pm&}N}e3lrlI0v?> zH_5Q$FGMMqkPX``jh8jv4qK(_56omlCT5Lkz3PIfEP&lj9%92-A@GJg#7M|LaFd}- zRhK=TJ&9ifIB&h2p%Y{<1O-)pfdfr=3tp<0HKIgP1v?mPh`kh5Z@B$Jo@*!yo7!?< z#2-PXJ&2H^=Im zED&NtoI~X;W{cF@CLv}1#$m9XOV(jDuE2ZssMwTd4%dopM3W}h0@-;4ZpZ=`n@-}j z;$9W;xK1e4Sk#_|p8MPv+Xa>dV}bAb;T&Bf@nJ6vYG^t{6*@?YW@7*mOJ~J^e+;o# zWYW%h8y?TwwFrI(u&(7m^-d7ZX}^u~8sR7xSIqvl40e-o*rSe5eQu(D6)Uc_UInHE zdrDv@kg$_jM;x!2lP3U{g_YVAmd~ry_2PN}S3ML)$g8x|S=LiquLr>J-093Y&D-j? z+DGh6FolqhrZyP`h|qNI2o|p@Crl_*#upEDb?v5^aPaB zb3je2iod<*7>@9ZFtgfV49--$Tck7i_aOpnm#^C}=5>GW%l$I(41}*sy%>v(bIyi( zA%RD*<%9n9vcNl(^7&D~Ufa^<^rnJtpT7HRP&G;sHkAhI?>`R*V+s}Me%Xra9L%n%zY{>HlG@E zBearmkGSQ^E@@|2SRQqXCcJA{^j)m`{%BtzzMFKmLx|1pk{`h4&QoS&x)tDDj})}? zBH%;`#9Lz#CjRcDZ@UT$B!)3!8}HD@Vq=FO?`|6}lfNKk*vNomjt9lL_C-lTMj9yu zcYQPpJ z-17^liXUI-Tn)OSqHZmnt=a5|L7W^VTR(#x{!BOagZ%58(uS~TY-!i|h*o+}B5XpY zRd|MtU|Q?isdvrCB--=6ij4|!MJB5D%5I;sEJOQCb)Phj8zf0O+|+4%&&ut3v#Y&H z+aZ0^o8}8`%Dv*&J0XYQ8*TE!7`yLFunY06dQgSr7c4N6Reg)#+>IR6k|)WK&%JSp6Dce0$Di4xY}@TzBf~Rd_HoSJ^uW zIF4Ay$QRb^ssQfp_y5Av>(Rq_aHa7U*mRy*+zClv%` z8HG7@nu)7xaM&DSVZ_)tB*kg}l(`C_uJa8vjT9)Tk2G^ai(GeyWpvx}UhwUqb6Hz- zQTJ3jwP5g=f70|cG)03$cBJh;RL6o@LD|M4C^EUC&9p5(`-pH8ED;v z1RjY7OIw$qHnrt)QK$2c^K?o$!{x29CRWeda+LN9^uN`*KeGdOn*7x+5_Z+H@H2&n zp}lNbkmtqEbRV4Y9?U|k%((hxc5)OTlIALqyWh;UzOY6SXt%|2m3cBpM#lzK{$#(B z3%G*RvK6zq?aarEQ-ZGL)V+BL`io@)J0Q-nd2;gT=SvLs;BhTBLt)$Wh^*JgPQK85 zV(KN6emEK&*R!rp58p{O1Ci@rFj;ImJ~~g;abMSm-wjcpBt~Y&PnSeyO*wjQ8xMPU zqB3JyTCZh=M_Errv%%4`Sx83(ofajD&)$r^sK5in1veGEsOWO%Kqh_VyIKjohky0r z1*=^7V1U!u{=7X<58`UK$RPCjS50RGV zlqR?}XZq-~GIJP%#Jor^d_$2+GKPPu%u*0yo6(ZC5#9ZuMO?yfyCIaiZ%nXplJBWn z?aLb?%g0WD51KiccG#oDu4*gRq4a+6h3L7`bM&cF$rIJ^o}RrixI9CH9w@v%=XQM$ zT}$K2*9i>|Py+A0EA4UaVRZcLsp#IBd)+>w2^+;@ujhS#x!Dbywn%zAyHC^KuBoV1 zJyTh(;j7q*nG~_b#)oEgph52wXjCOtobpXY#$5AzFOkF-M(wc-Q`nY|ji;U9SG4cNX)T5jC@HD_J@XJ*# z2OyrzB&>aXpOoocrUHbRQ^OruM2SAVk476*VNOLXx(D}>_UHR57jM9a?yN-zx|_#G zjE5Hnfh;ib$8Z=%{MB9&d~H~c1)<17yj4$a71~k4k8ei_8kj8j`wtUF4gN?fkWXR- z3WOpQ-u8rkv+s!()I&juB7ryszyU}N{#t6F&5ccvjR!8BMJNrek7vay2n8?yvftb8 zf_!)s;Gr@Uj0zNli70kxMM?ZEqYMQ?F-jw$&t#+Ns;8iIX#;4$T67y!p@mp2>f#de}+YR>x#Fe+RQh7Ls@lh(X%_*fsXT7h54Tjb z00~6O;iLWBX&2S}c_38(*d9nuYV(cTxJEDrep*fnk*=*^7u0YAU}ZW ze{7~uS%x24fuj9g%1HmC4%Hj?cP-|)oxn;Z5>Egu8ND3y;lm_6JX)al?xqrEFC-=(0`YOK<97+w6GaOhAje5>af`KY zWR}%3o$Ja^=-P5HX+eXw9v}XP4jurrj1-{w=5V%byJw&xyZ7U6u_>Z7{m(tos@Z+u zce)w!4ZeHmMx1oD62Oa4h6V<_`vkV%i5Lp*t+xGfUf;*=?&IW89CFx7XW5+7NwCnf z;WQ>iyLao2bySlVvGzFm7Z{`$%c*q&dX)5UvtyaY8SUxe!N2cM49cX_Oz!9Dr&QhP zR8>Ru%n4@NGjX-^NfaZnp^Q3j}i0{USl^$F^%{#{IsILV_-i3q$psD-q^bS@3X zzq)g%W-HB;QOhoB!dQbzl>l6LEHg6XWbR@@m?Rsin+h^}M0z~#%F+S9V+BV-sf;x) zGC+^RLEpNn#IZkTu+&6bKqX1sm;_WqqG~;>uvykYeWkto8+vT2E5H&g80HZ(q#wyN zrnKd=9Og)U4~ETxhu|5(N-2o|8`<2s*iH5(`fEI#TTDQ7mz6?f;-I`2>w?$O^~D;} zbl~P7DMS_JvD$`qez-YCEEUcB$WujeSWQ}3UGVro3hf%YupSKQ$0qtgIDW{@;flLZ zi4O?TM@3sn&HFbj$pNVRd-|!ab>ijhXApR5mN7-2_C7FjU1Im5i@I9dO{dZPNF)?) z*%qkOe>SiC65mXtSY|9ym=bVjdzk9$Yv&h_Z!YIQNi03x7iFN2r^`L7UszncTI>>W z#FO3~RzMWvn9?c9;^r{yS*&jXGPkNpM}Eyz&Fn2}OyGv5J#IAWve?0iCh{}04#e~| zyNnWS{=Hyvne>g29bCE8;!jvA%@pnFN_}CUNmSZtMThL8DZnYIGo0%K{z|zxlv}>; zsAuOpq8w*pNEp9BEnYR;OgPq*R9X)%Kv+-62CBqmAknO@Kiw0v)*#T+r-U=Bl^2Aa zX+bEUy8{X;p^(<}*&oXuq#!Qajgh1~g6n8hkrv~?8c@r>(V$<-#-D6@G=nuYRyPxS z&312ZBydUe5Sm;BybEb2*IDv&lYxue-U$!)etmbPh|k@i5bjDXxP!&m+%*?~hP$*= zf>gKRNxB!_%E!7hOyVrGuE!py7XH;WkcMbO+PG$Iy!LY`Y!d4@(xOmB~#zG4sY2t_T>l%)TbG zAotR6b$1@K6{dtmJFp@86tfHb^3I2{)yBHfYE5QVMwlwZSfnC+JljyyY3a49)Y20u z6Z&Wa@^L!@xzTBH<9Vx;1X1+Q=hA5yI4M(x<%|Y>Vzz~^Kejl~=H;RX9n#85@_bIy zEwseIcH@e2&R1vq`W(GX9Ip_taJu&RC8ze8+4wq5C-r(5O`p}upO}g`Sc!BsXx}4G z=X2)XtW`}wDI%Vf4u4#<7FpCRA*EdEO1*omh^rT1MYWggoiN+PX33i|ddzL*lQ?am zy5>rc0d(}(Uq3h0skI5_H@`@3a;F(LqojCis6HmMb-n$-R+e{&pA4|y+Svz)b)*7ShA$Z zypNdjYOzhNPNT0z5S!&$W^EW+exoX^?V0+7*)Z4%(mOr*7i0o=+n+xDpj5uTpBPYVWMdGwLoU7O*b9@r)G2&6KRg|###k0m;{6np8aJbu}A)BtthD;ja9X7)Ipw)V6hdc|jLO^>_DXrqN5pVSDs9 z?Vxx4XN{_Y?9B0UfE!y2SKjnq(-DpHO^_XQSs z){r62$F)8V_2|GZBq;Ln-C6pGMZxt0Uipd0sqHNFlj^kxU%D1seBb*;C*k6Aww~JF z#$-L*T_uuSd(dNSdXnL&s93#k==U*2CUvHXop*WkS@4QjIR z$Enl-`=p|6on9LVVR>&+X&>MR+NVF-8aC^Ie|sjInU}xbxsS1bcLQ zPQJh+w84o+;Rt&OO$@L9L!C^VB@gg@qM7lhDS`6EGYT2RmH$inYt6(p1`u!Rk(fNlP=|X3eO6 z7;i}8x6&r_9^v9#d0B6!7xyUim{Ieb5B~K=xWJpQSuJz_jvnz132bHoKYZo6p9!a8 zN0X1zd8gS2+$H@7(Dow!;7i;p1h2zpvIoohCjkaNg?9Aimet;!Q7qRmtq_6Aro7HD zbyi#RZpe3NdM#9idn1x!hEoi_Qv8bK9q-())EYSl+Y;(8-G&v9v5a<4=fM!OZ`Z<= z;3Ht<7Sc&q)%uqUJvy8GUgdoLz6oh`&8OD0EA+h#T340Jhl@5YnYHfr7S~r3g1izg z+4h%j5)=4AJLiSEATA%McAqFWzBVAv)#ZreQObeW3HoixSXktaIL<3b5h-!|gKBL%;0YvPG+9uP$>zIg9B@lDU`Y)4UP z@J|_0O{p*zte4U|URL6;f^pZ%)&ke~sJ7|u#Sks>9_8!@n~rJEMp@@nDD!s5Qp{LKuRMbe<}4W5Y__)@wE8+Jtl=m2;S6`=JU&wM@%B4Q^eo!Y zS>$V1s^QQFscI}9&_Ts<(AILw;}_vc7(TZ>${=nw9rp|9ch1l_tnhPVa@$918r5A_ zLOt)4w%hPog>)6FFY5~D%|aeM%{9u}ET^$uT!?yIH?ILn(mcjTZjh|j2{qv>i64-1 z5kFVM;5%9mMue>a$V!sEduqYb-0+G++_KVc&Q7)^y~UiieFN4wE)m$T~crE z*bm*zd^HsG?~}(cDZ%`AL}XbQBI*;HUW6TdHim$&Fj+l0=845{M06ZNLB4iMP(CG= z8}ViSqNzqX{WFTC^)}IhSga6jN_55=U?Dj|1^hYkC557R_gd+5{%xglHK77 zCOp>k2glhnN7n<~(P$MCMhLd5c;f{)s4Ox&E{2=kiQo3}(o^JlDY`7h`&>yZD-bR3 zLQ$_6q9HjIKTWa=#K+ z4Z{ebpo=1~ILPeP&<^v?A)sAfnL!Go_H)esbt$^&o$oBBZD zwdV>I|Cr}9w`K(N&iK1??kU1xz*T_F3@FT}Q9u%bs$PFRpJf!}=@1+>JrLSbN8A7I z0r28B+U_>YU_eAYa0cY*7Ch3hxMq6N0M=3>2bt13~nezb}tLtjui?d^cu2kju z5j=Frzsf6vD!t&zH+rhRP~3+j8pC1W)Ka->+$TnaXx9@c%upPPGg0QOZQ_xBPP29z z|E2|Fq6S4%E-gdm<4uW1BU7wXf7u6|Dg>`=y@ylD)vl0Wz#1s4?9=@XUg?}D|9=cb z|5IJZ#LD@`}UwTX?#{UgH<}&tpBz4E_mY%|Kz@Jn>MN_EEz_aO{tZ88UXuBcwrUpwyA`+PFx3WyLxcnT)&k;y*%FBixcyGZ*CDsA7l`=M*U_K$l) z-L<~FuQ&N2lC%eQJwwU3MG`RKx6|3QzKII8~<1tYyOoRiIDHhj_IhUl!5D<$S$qbJK4GwIC9_ z^BDZAOPRT+=hg+BXSA}j$Cc~<*Dp$sp4h5Cx~dq~1}sILv}#+QjExExH+l3mi9l>?jByMb zcbM*yo8L465ExQuLEN%+5i= zJE!1EqO?ZB%uLD$-(+e?c++up#K7g*Se;+rZf@?AUtinHIzEp(xT?(q5^dMT39u3Q zprx(i-ugXDZ~vPsI@)G#x|z84v(i*ztK|ie z1DShxjIYMYX5t;=^jG$?p((7uyBmBN)n&RPk=s61$4 z)hYY%17!h~KT+H}MVV28eumZx#|ydCQoBN5Vm|6sp5VL@`ZbPrL3n_X!2^eu!{~(E z33q5wmY-6LQ{v%SKKcU5%c}m)0$jdh$sheqhMI>NHL+&@TF-v1!eIx8pop(!5LYyQ zY5^@j#d!O+^gR_Ehk(VyAf(XLO+^%9+EM?7LtPY-`BT4y>v^7#6g7Iul@1MXYzxs{ zY1VhX{joY>M@Ht5rID@wGCfE&F;#Ii92U@RNtkgSZEp3Cq@6*R+Wu0v-QUMWQ%Qlw zgU*U*dJL(=UtsBu^NRbQu`;%hhJ^lmlyVBe;=uY;(RLN>dO;A{hj95#fzy@_WO&is zAx=@7jgTx!_x1p$RFVGQ(;5@XWl`ufetq8kQzPdT9ajFwDq<7s8NC|E;Ti8^9gpE zRz&f9#^GA-z00-L zT`39%;|H~h+g@ed}-v=tY8U1Q*c^TuykBz*zw`yTiB$x$C zlSXo858+yWU=v1HL-t1d7$Poo!;RNp9H!NfGi7oo+&dADRg-;%c%T#`p(Gc|%H|2u z7>{_IJx7KOC9rNan~=Z649CE|k`<)e!&FgjV8|1*d9n2r4k0 z^-3=J#XNqb-E0-Uz!Kcrl}^vxNA%6V6sg#h+iFQ;}8;r@`uZ67ZzHC zC|2#$btt-Ij+3eAUTxa`RV1ck{BRixjL6aqh;3XzuOBPWeN`1@O8kCnX4m_;!uswM zMX&v`r;3=|sO)I~#wAmgiB-d>a%UsAxqq)HG6!o^Mbq`dNMuFU&iM*XOEfXLd%4oV z4#_GisKW9#^8E&^w|aBifX^xIQ}ESn=u5{4q6itnPZ6bp&Pq6b!^d47QoyNsc{uPa zYJUZz`l>$*$8b7=5NI3Ya5`h5O?3!Gz!k!gMVgl!VB;5lP_ZGZ&50q8|BU+Nj-xgx zRftm2hJj6u|NEI+(>Z#%_Cum}{mpXWvk?!+q~~}R&aD$l౧xz#%4$WQQj-j1- zII;z6lk~%JBo;YK7)y^kX0Q?pyS+W9^^M05h+MV?5!&4|L%>W^Vi6NnekTg_13Pkg z&L2j-t&k*ckGS7A_S!ya&4#V4rn(IBC+gq$hRgy^Qd@W&}d zFRGHxxQ?y23lko>tEgK1{wWO(nWBD_;8sOl=aQO05?fY{n_Xv+D8fBe|em(gK>O3vs3e5H0E3Qh2Mpsj5Fj@s;~iUp(ytwX(A+ z=b-rmJ!@?5`ng|5ryh%Ko-jW#qFGd;Q5jgP?lw>xxvxL6)MQ>m3abQ0{LUYv8Q}u+eBYYKA!Ykpdl74$CX$Xj+7o-rzbE*)14J z;{iZcG3+G2#rz(-AeFPrYItPqjl@V3pRmBV{Z*m|MWMCb7h93Xh&p|?6uJgc8i#Hq z64k7gUMV9KUV6v4<0{(%@&`a$!qbp11MpEzCzL)NE9x`YiX=7Lv8R2UQBvmC{dl!o zoaVmAHN^WF#}uu&)WBRX4ZM;)cu9l911{^dY)aXz=ihJWZmzRcwO@uWYxoe^&^}$- z?pA=A)S25Ag|#M^Ri7owPJvBQ6i{_uTAFfy==pk-V0W+<9(Um1=T_ZzhgtG!8P+>; zaU_RIJh+RVqNeY_h9#&p+p^mKL>i{ADp$SB9D;K#B{yVe*L`X8Lt}3iij+28H4kH< z3}bZq?Y@7il32&)`JKLhLaetP^qvblh3$M#L>$3c^({q^PIB7n0)Al1F}s!fy$C1q z{0f#~e5LCF?}rJy#Ev)>x(1MM?nHO|M=H2$=8XwpNyTOA7Ku(|=1Lu`N8`&laqau5 z-_D|4FDIJvwO;@L@v$$m8(A;ypr3Wy7Iut}C;xV-;{p*rV;}I;`x=+VDmhd>ZG-`0 z`pZKj0>RpxU2;e~93vJ%;@(;qL$&!w9FC}lLm0T8Wm(0fjsep|kJVid0%rfTDm8pS zvI+wIw4mE)n2bk_=Vc41RS$`Fk#RhZ0&W_|!_oo8IuOXi@|Q^xK5&%wG6ZdaRJ|U0 zHi-f*8V`F}0X0j1V8)OIZl^3X1C5C{6qJd^(gC>L-P#;q8RDlWEcB^JDZBmMs`_ST zD+Jm_dwQg2{i3S*5&4f+)0|Z$iV2E;SKD9hv6pv6$a`8q(ztVfEMb{ctH($WKs67wB;S=rJ<1+5M3f$^RqEfjP;N z_(xm3!2UMCn|ylWkQ^LWKx7X%53O(=AQmRCc&!uv1q;8PJ{D^XOcrmuQ8V5JGeY4X zfS72(aMCBd2dw_em4ZXJ&+Y@IWtm z%%{WGcYH}2$}Oa<1?RDaq(!qr=TV%f2qBQ74!nnUPcet@ z_GfPs3&R5Rpu=Ex*&K4=ki3d#7A0hQ_yujtX zA4~gf)T>I1&-dJxKmEICe*)DIAZj9}YI5Z|j`W0;*V?rr4aG~?)n7G$4}pt&t?27b*_ije+`6rWmcCE&lIe(Pw+o?bzg~aV;xmE)KEuNQmp#1Wtk5x?jKm z@E}*_x}Ux28sd3 zm@!_^2Kq0kn@s>7lr!BAGK^4S&P&P^>84>lhW^DWl8A3HZ(`$Lp~u;)>xnr%VD*sj z<+RzZJiqcUNjaIv!??{!4|G^qSkkKo&TrLEcSqEIUe)7mzf`>JkC2WE8VGD z+z%|8cz5ToWt;0B&!>{K`I})R1M}{Q#trt?|!VYd723qQn@a?s4#UG5%e$qVQm6>3%el{nFEUd4M80zU-Ag-Z)!x7GF?}gIYXs|;C-8Zl2 z0^sQ3M-z!fya?q$VYnc{t9xnT35#auKl*EQJ;^Cx9C()S(CLia@4t;3i)8Wh*FU!a z2B6U`BS^Gh9>N_H=bmRamKi%zF|QfNVRmiYu?S*K z*j#n~V!kcaANU-C|h z${avdWKHuD#UuDUoC)%p3^HNbs~?bW>l76MvDV&}(&i9LtL9j^NRz%uXj>-K>;HJu zS^yqG2=E~@&@D{beA==HsHI@2x!uq0-%IWw;woygzuid0yS(B>9T8$ zS`%A{Pmp3Gt*aa&QkUof#=?x`5<5q9dboqd%~ly-i|Kt(K*%iGAX83*DQS#HX=f^l znCf9t7QX>8)G{YH+0qxql)*mgreCMvLMtIFq$fp{)_QRx9;CCgMt-B6E+fa1Os#BB zt2KqH+c3C;C9MXdg%QouEp9NZQfZ~tEqeYYjK7%pTy_6R`70(bm_Yz%DXb!R9IDtW zW(3J-w-Tl=K|BuF2KFH}EYzVowY(5yxJTQuEmDhRMu7F|igMRoD21Lb52mh$*!yrjs9*gliRvMVBIqe~5^ljdivU^&GwSQy>8x^^emY9da!kKx zzs(^NtPhNGx=ij3d6}6> zv3WJ#-U*3d?|2sIJnKWM*9|tUuVmWDw_lebiVn51uzphr9B(W^(d10&C=9kJb+7d}GaNoj*KH9#7BmS${+IRbHm? zv4;JLQCeC8;?wh6|8i&5%9rc=UZ@b#GXQ_zx+@Bl?bve3Kk2f3D-}8!aF$%Gdcenf zZ&lh5A!HfhQQr>FrQy>lTiar8=&<$lm#xC%a+(^wm8obu4=^hp@4@}4sT9(~-Adp{ zfunf$nJZPz*Jtjz4)xNE=2c?5T$TN)p{nDv(bZ+kEA?Jw z?{Xr-7ahfnio_+{l9D1sxAd6~u@*k(x@T;TsOr8corV@o77fu zt1jZ3h&oqa#PIrComD_-2kfUVxyvHlO7unl2E`uz(uQCyN^4?KvoUGvqM0pSS|x|G zB+e6`cf!k(gNfT*ibyVQw&7X-t|6afGMGlme^(!WDVIp&xGv?o*v0Qwr{7)`+(}cH zJo6X*h^Kt;$8&kQBo?Ct_{;Cmc)@&_BA9WQaefEyMZgkQewvWzAiRy!CZ#pF@f&wR zn%ckpa8mSZ8#DaB3E!Cxis3SNFu8}V=FN>wX+0x0izl_uH}U+nB1Qvlohv`FTUV*pT^RgDa{flX$_$PgnL)hzv+`_keO7Ut4SaY9 zLhg2?4YRQm6M-ZpxpiximE9d3dz4Gdjdk3rCs!F(zBH7mu>A{jaetc>GhiPdEo$G# z&_MI^!_Xk~a$wC6(DQF%r;Zpk@0^VPz){w@KsQ491vg)e+eS*SbU?@b_o7nXH@1>$ z+V%xV5W)imb%`cZhl*0rG`R@<;GB?6y5|C4EvfcC6AY3jjx2YZL zQ~R*Al}LjRCx9uRFfP#!vBSh4>fD@Ekt9JQQ_~FIJwlEL_Fo-Iu&L~2CN9cPg1FX zfo?6BMY<@WALks|SO$o2kzGW+J1t|L#yX{}E;hFGc$1c{#@*o&?XKCzBCUllG#b;x z&<9zUFrqhxD1X+87JCl1EPFGmjnukNJE2u`==Rhq3_VY z?KNQWZz=*y&)!|J^w*>b=w|^DTzg@Hz}DWYfjgNck?29JVw9ITvvGFb2_Hp4MK$Ye zbn|Y{K%6xaYwzY$TkBm%4}e;XHjN{mn7V3a_@SrSO`P3$wVNz_!6VbeD)!u~M4ah; zC(GuwegoZ)BmTRWvddQZ{x38IK;-z|Hj+@=iodECpywQ=l=}ZDn zOTc4amETI_mt=oSmBZ)b^YScT^*5Z{^4ob{)ux9EmE{?~&D7h+`rBxd#$t<3-uFw1 zf(bP2mFA+qg#gRhoX#Gr_MOlitg^G*r613CGiR=vo@kQ)3N{bRWP;e=R*_}?@gf4h zo4Nc~p%zf(Ei{!ym!Q>=_ZmmbKWHw%cQK7N2G}YTqeT@;?Z>6|iC~ORKm4t-fSdC} zJ>N%jkNurBr$YFp*+>TySVeN4umpG(Vq+-$Nw!*}aP1@fQDckfAgV87R|Z5hU7_+L zbS#a2q0;gyQMA0Gjnw*ss%YfAO^4lhVXY5pk|Ruj$V0fMIpr_+3laYpW8V~=+1@@G z+qT`YZQHi(q?2@P+qP||gN|+6wlVp>nKN_#v(Cl2-0yzZ+BbXsYS&XwRhh@tr(mL>B3{>V?f;{C)z5-P(w0B@MzVQWak8Zrtu6x{6vJA zNVX;3j3%rq-~nRDxbT|=)YF87FYy#9)$$H!bq)v}1lXA&%F7?};Je>QqXDIQ9_&Rw z6XLz^pRB=7UUawjHz}q0!)y-*V|wJXK5Tt6U{AOvKrulZ+?2rx3#|co5g9*#?quT8 zOoo2c)+C?)kw?6 z@F%fuCww0*@GX7$sXo$yK9Dncp8k}qQqW~w98;^(sF@kEsc7E6juyXldLUgXn1V$5 zfnC>&^r1;Fvsjd@7dJYS75s7V*FMjjs#ZlxL~T>qAr9tMMCQ;USa!5R`hMEYZx>Z2 zPXfQxL1>(&e2Kwg=q7Ee?ve6|meFwWm!Mya2h=|zI-Wfh)TS9dy%i0qKJk&!>v9)f zJXi_Af_=wVE1Vmjcv*Z8P%R1gpg9>i18wL4h`z3ZmiD@F;6DS*xSui0CKTQi$CJF8 zPM_v)t-*K79@>=XLzj+&>a>@i1c9s+V4yvEm080AV&X4mK;$BV|GN5+KljoZt{GM}{RQObSD|)#VefN=A)@#^j$jY=e2a zgsi@!*$clPUdo?^jDysNK0D0QUEW`Pm%Xq4&g4BM_x~g(aW!g%T zjy+wnOFME=;b}fgc_Yo9nqnNgQ`mA+fA%SHuwq6M=2b4WKL*H7z7|CO`RrI7n~4$` zhHv~Nm38qXIZzR`MX2kq2Kd26uj=h8};o_U+1KJ_XN zm2DazrMLI;e?r4)jgpr3AJ4Qx9(^Y`WKWV{)5q#~uLpW*e1W6OnDPA+|M)MC{0Ds) zSpHT#&&2c(rBO`(rZnn8Q>x+{a{d!4taDvvN}_>=A%sUBaS8SRVUFG{aZEz&?*n@r z@?@5)7v2$7{Mrw@yDQZhJ;+uUyq2xc<@ekE$DHSiRqr>e20pva{5-h%kdb zEzXv;yPTfIa_ihdFC$BO*iud0HKp}GN}q_%Rj6JiH$7QCtDf0xd@+H(i})V0qvTWd zR^jEr@n!XVxe>R{y2Pv}Z?YUsc2HA2eibTzjx1}em6kQL%p0MI{igQj zPwK}3?t{F!hC%D7)Gub(x)+ByA_i=VhKyr3fkHV}vK6qkW@1R9IQv}i;a2HG$RYJ(V|M9*_nyT zP(VgHg9g?XN;4**Oi(()IxFI+kCa%|F9|Dt0V|*cnaD^!?TDodkK|9u-rtNV9`}DI z>pi30~bbD08dX8#`x;1FnhEpb6RA7z7&>JQK(nT6)Ev6sS&~ z{|-^Mt*VV`syUsl!LtKb|q_-$Rw6E zwJCP=q=J)d;8EUi_BbU^OjT!TkM#IC=_y`WIB+cA+TE#uP;B@c)GB@_&wB=Y?lAg4124BT!m0n&gcQShV%m}%OqD%NtBg$S9L7c~8+usj; z?LO`9EPrMDYC!lGAlamN8xAsP$uu7r{FB;lp8wO3kk*UY4q>~AjP?r#Hwbxvwwk@o z9`52~t4mPF9q&?2eMWm}gwjD(1-WWFez61&IEA&Ijvzw z8nQngDPhPlWV!aNM^OQ`w=CRImUSLnGNEmh4mc*Taq`ESash@V#bCdw#MEhaVIry7; z&PzhKpyG7#!tb}$JZYz?CKRV4=k0a$s4&^wjQuW=pF^ZrL7XRCn&5@7*pY>V5_4P@ z$l?5&;%^gPCNZ=5&?$Mgj_4`#l1(2yfwjy;p75!0RqyG6{qa+-oVM>9JiU-tyTJRM zeSs!t)X4h4t@`rx4JN>Tkk?OR%f5q|kzR<{{3kY)0TZd9jb0p!2B$}m7Gi9Q1^)GC zPrR+x7mgIPe_Ho-K4JLO9r7Rr!5UT?kmIrUo}==;|l?B$-L}{LF->? zMWIX!wYyjH^8Q%d!Wl7;5;fN1H?wXlfelYsqVpL)dU4HRtc=v3#o|_t0KK~oM}w8% zrSJl+JcN^Rl1omBJfdU*e<7VwKfB#azkd+m8^r(Sc`9?e$}<~I1MCCIQR&5hBjaI- zF(b$_FwpyQc)Qd9*tFfkUD$Ws9}`40>CKXNZUqQ0E^2%h)SssPLEJshf0RC_UG!k2 z5;JXb=|Z9G-q>rygv0`dEU-#3Y@5Kqbb-QfgFs!y-6?k~%@dx2u)I%=W$rJAI zdNamhZ39p7h66%HuBD&n^=^MCgpVJ-nWta&R<;Y7R(C*WNc`;X(Z!cu{z2qF!qi_% z1_LYo|0^74V*1M__IGCVZ)$5UG{>sH1&)oan(KC7C53z%OnMmhwvqe}KpdeZ$lW}k7R4J+tfBnFhCr!ILdg={XCKgT;;Fs4<*RgMuHz3Bd2#)c6?v*9~W98 z4=+jfuQ!3H8*B?NF?t>|aMNQSzC7Ci`RG?Ss?nd#;7q=!CQ?0R zUo}TLo6$!tat#9fWm%dSBE9lLbo=sbU4a4*`FUW@1;86hV~`+Cifdt75(&}mv1pF; zA0`p{2IVSOQswHu)?~qCltH)er;X)cnGe~I@j!GCz$mLMjq|^NScW$rBXRR!ed4iC zn?rzI6iju1`0Zrra3Fn`&J z?OrO9@+Om85$=pWPs$iN(nkdyHv364@7J`2SIxyHNvO;x1V0oK{qPk5eG&7_#*_S{ zK5p^#1G6WGCeT+n>Pc3ZJJn$mgB`yZMC6RdWdI!U;LB31_1n#(*MPf1gf=?GjGQH_ zP3Xr4v~{}zdBfoGBhHKW6oE69fheq~n`Z8CHBDMtJDqP|*{+CTWzx_5SroEre;Avd zfyRWO2u2m9oX%oLvWZG>^{MLuUe3*t2b;m3!2$-l(FI%y&Off_(E7vdX`7{pTuwC? zR%J^C-6(Yy=UF{;vX$51AdhfME2A>94AM*FffwZusAT0 zXyx~eYb|`ljE~028-+w7Wn}*12d8>UyhZl4F*%2o%}t7L$#qJ+&~WtN(3}^g(M0H= zGbSil(mKCQu5eCB0!c_Tw#{#z>{GowHn`uOi`LaK<;44 zR^SBTD3j||Vp?GhXpyYmNvW}w7 zQxWHeB+}&Ckn>alN+TJiNa{8QT|0q}-q*MqcF3E&-6vKX(H5{|HOwZqDT<~bZAQY- z)$0rfXJEpwbWpI>b^Zu^W{lG92=gNd=w`b;K7qoc ziMci8#(JErIZ#+I01HalQ!p{Mn7ZQNhKgA8mqn+k$N56QE6Ra|s|G3wF8T!}5*asq z9DX@uBKk3!#&D{|ysOxvb(>*%yL-(w#T#a}^W5vsD%KA+MKwNl`=2MLzY^b7BI!&& zv1Y66LS=tHugPuE^)VmL&)h8Isj~~y_5MjVHVc}(dZ68?&`7Giel1sLMIbmbr9h{w zW7hFdVr&UEr1_OYY@2ugT$V{spKnc}!y?GzY<7Nx>S}(ojXg<57qXkgqJ5J#G4bjc zp3RBIlpOQU$-m6?H9e7v@Au%>?oDtWO16Z=Wfio5$q9HmP5V>hwog0?`} zfx`Yw`3U#|igFW5!%~JR9rweIxO?NE;9D1L8s7SftCOhe0rgq@=tH7d4Df;O{*%V}@DUHg@>*4oLtn|eqOQ$Gv3zLVt+T61BY zyQ*zJ$SwE;ak$9;Bj)_2!F*Grzj=_E{@MutJLdeWz70wCz zhp3LW+;xAIQb^*nb~AWm-Jk;#%U)0NZA!+YjPme1&*?vsp3wtL<%n5Hi3!p38Rh+> zn&kCzX5Wt2nO_YzA2CwxW6Y-~Ejq>8@%f@v6pls3y-*CK6i_~Ibr(AHtlrxOrbF11 z|JkGG!_lb&j}Ioue}>LO47zoSL-jD|q;rasG+ZPncR>Pq<~W`2=1Y5jmdUQ6w8J1V zhv_>!8|^&lM}ljm=9do-%wkv+o9^-oq+>+NlMyXnn4&)K-a9rZnKFiz_`b5lpLM!E zpb=AVulJSy-Wm^JD)N`=2`=J(3B$qEt9~mjz(6k6Ruj&VsjMo%zz)W;vLuD*ut`af$ zV?6>NgYJ}uGp>(xEr7S+*XZhUVX&)@Y@O&2p4e$F?dz#Xwt&TfM7Fw8n4&l;ie4Z8kIs7 z;&ib;XlO_4*5)opHA)V5OrU5vlXcAwI zi8K;V=qn&=z2c{O&=qT{jT@9NO;YH3)2}h?^eSu1u2v`Z&b&d2jcT@Zt~A)*tFfgD z3EMT{vf}V}k8J$rU19*2;#wedCg z0E9MR5)_)s0&;J+9dCiNlg^ckx7W}OXdZ`}<-cw$EyX?3`-%L_?u$1%f;MLJLYMf% z+)7i@m`sySxH_J@MZ!t!f|4-0N2peJ{sathh4syw0x?VoV&6tMW&j-InXCxA=$TVf zF_!e+hV6{E)5Md*Fe1whI;F}^lFNTHx!K4h@LoM zv)O_n?Ro=#(I+ zJrJl^Z=1w*I=INuib7>_Vv0CZHCC!-T*3rHjYIKhod6x!8{N@;i7F)g`pGZ?TP6C@ z6u;RVpvr7agFl1z*Wq?0M^h{MWS{mNN*&^~bJ(vqVQF6wM7oXP;}m`}>y}FcN&0n4 zYl|r^?I|3l!vGqF(xl6JR+27LsG_)yoVgp@%tzZFLbGVMUf`K4dbnz7lVIsBlliB` z%WhP9l?2%qlzs%uEv$?&>Oks(driW)f-L-RzFLZLNUCYk7iuY#?KJV9Y$oBsyC0$8 zo5?N;9wmZ*TpTUXF?7EDl}sMXLDuQWo^WSU!%>(m*6>}{85C@cUjbsN7duN!D8G&e z!w#GK2Ab@7QIk?f<6qRZ=9gBZFub+>cIFiEqIN23bnB{2x@Q)Co=&Hb;s`{-Ii-h(b3obXs}h12MsZ%Z8 zi^Xg;ej}4|dS<@2PA-F4Bi99KF2@~d3%N%=y^f~7Qjv@N+D;!_Ft4#6(Ao^c(*Jmh z|0SLLT6CHn{DG_ldiqQS0c8oJ!Sb^Sz75IDXId%Xc z>9hB$N5^-uN!LLKOqe^Lk)CiH-4W`gwFs-+7*PmqS9MIZigcO_y}{NOdtOc>Lrfh@ z^eNFj-2_MHN$1OlCf1I#eT-Vf(kYpBm}oksEGwF&0{9#2M?`XpZ~KLol%q{SUQ)a= z-3;aqdO01oZW@{(DxY$^@?5EJsg}i_QCK=?hQyd+ybUR(EL!&J=oaLr+|NyfG0}PF z3v5J{TYtB$cp*#dveikbJkU1C$*OpBj*a-p z4Y<$Qq2@<#eY#T~b=|5sc8IrTg!96-Q7yKihmgA3n;xV(`Xzh_V8dqwg188YAd*9Q28t2$+TI zE{7QKS}J!r<&_D7qbx1BPz&I(i%# z5Rls{cF+$HgwLc8A*vjSCHHvsZdBl$XF>l)VBen|nL_%Jvsz?e)l&#Qs)1d*02VM~ zT2x$4xxd7%a#KBD;Qyo1^W zBqT8{D`)|i@aC5~p0rw4`)uL@!-re$xu*?O=v+e4iKYo-(q_2Fe{}o=_|eh1sPY>L zwPx`Rb@;3;3J$+Io03r+Z`v3E+!UL}c!wPq>P} zGo&{T7Q<$x=@w@Xw5Ffo{j<{f_6x9avTvH$Xhcm5~gzisHJAQ4(Q91RS1h4q`L;WHu^I# z>)I$5cc3}FNvzb9^?4sn+fC$+o^Zf@v|rIaN+Ev|q67Jd`(k;dnsEwRA*- zWfHEp%jbzMvr=i}1`NK5D#3?n^tRnduk%yNqWH6|rI*=3akgEFG2~;Czbc!a)&q9m zt^QeZubz5M2|mrfQTVW1>!R*uRK2KRZ&cmu?$Z$rq16}&zVXjNjXOY?1E0eZAfWXF z0VSRt!5>UYtqE2OBSf%dp2vMTWIM}pZszfE_XfW6^_GfmR0y4x*Y*b4=>_sM7sZ_~ zoQBB|_RrwW-34=elFn6tdkMlwp_%%pgE+4CZfdFoo}$ElJ8ExkaZ`fam$4}$7;Qot zguQG-8Vd+H&`MgqF;7;-rz3?vpSuCV~>>>FtLi}&FgyC;vDCWPGxc){7nEy@8 z?zdX10 zU4XpGA@HQiHu9Xxieu$-n!I_fNgNl+wD3RF1D{vnpUmo5yl*J=uw_}EL`%R2p30zL z{NYR&$$u|8xnsv{?4`e4|B==>G6w9dIGs9@)j6r_D)`i+=e^RU?TVl5OJ60yuP>B) z3;-$o_$yJZC@q$Aui0=SDPPGcD+5{O*Kl zt!SL^6uCsleO!1>zBQsddn9e^oaLe0ve77lK!H6CXIqCSzDD?>VLBwU(S;8-nfW7@ z`Gy!gCmtNpO$G|dPE>f=)xC1QqI%sZ^Zs1q`3K^F5o;D%OFOd3(Z=ezEj9@M&apL>Y^hs^| zW%pZ)Li`H<_hn2(`$}|fHVvW&`qNPXJJRWh~1W;qq;ENHkcf5&vBX<77{X# zG|Z5%z=V3#$EHEEERi>sy;$!@`QEmTS7vSn+Ymg7-Cgsjq3kyv&zo8xh^7MS{?j{& z(EhrgOf+==id9Hoj9Cvk;kGus;NP7Q;Pe?er zf32pfA*ZISfl5i&&AQt@N-vJVT100|Bwgn(393r!KMLzd;d z_Q5?`kJ2v2fJPC{=EDWs0_VXM)v+k*rV6 z1)h7=L6@h|SLtfKeY;W&o?Nb=C2!0giTVmz=?vQ)M`^i)%L=-7YfzPgRzUV0Gt&(- z_OGQCt0}0>rk0D{-nBD1=)sO-7HxGg%LN!%HpS@|D5!FAz}oTLX7erLG>9vT%%=CU zCiFYvU07a)!ZG6KeV!cnACP*{-mDPfkWUyuuMUlbI_|bE@RtTC1kIN!Xki3lGP+-< z_BLZk_rG|MlSS7>Q6;qnP*Ew_lt9zEo)Cv+B8Q5#MXd1=#`4lU3V;pE2KqPaqaHoD zRez7F{@l`}qs^=8GU&L=TgWejd`#NH{*B?0+Ucbg;Id$8F#3e6Hy1aT?l3*NrfW#) zCDK7F-%$%=m~cNC zd>>(0_x4FCX0cyUYH@Y(oV|nEjRmW0Q)O%EfI)2dljl7F^Ht4%!n1beXbYb2EA|8T zD*gN}C#0k$0MzF`4P3~s^CS7&RDn6YfZsD;Y(0u4ogf5DkwfEywH3HZ;59wfEo$!V z^>%Xo>iW!_biR#I&*=8bodP2Qj2iLS6f~IBM1x)7zcbIS#YJ-PvO;q=PhbU7XCYvs zPd8f5o~#sQ**;96!NHMB7R#-~qCP)3OI+>RJ@SKf%%i(07Xk-QM^nk1LUB5lA}TQ) z6@I5}WNcMMCi3991)zz=cyk3e$~#h|?y~8pSmv^z!F@V;vLbU^_|WC56p3=)j`rZj1BEiih>Lw z@jzHgb*Z8*hwORF?0v#s}@p;;E3@I4n&x*iO*` z$Y27LUU^&{Ms#EF<`?xcmn_35&GtAgZJXkqMh?o+Ug;KU3)(P_;2gQjl*;sITC6UI zKEhWWy;^psD}_p44g4$Nr(`5<5e<6a|ZN>V(#FNbcThdC4yJe%3X$Sxb+?ei8CVc=;u-n$y7e4v}2Li zcaJfZx zTFP9l9j4N~`~t>D#-yDu+BAbhWyP%Uq5%(d%gAD<{8pqSR6`Fn)fSL9k;8J1p)J!nu_2~uc;VnR!DKztg65XB;X>J?gOo1>#ld2714;v>cn4X@=vskWpg zIVEPLEerUpS!d8LEIPwW)|po(>S$J^pX?RwM0HQU3ca4nogP)AZ#(@8sLkC?Y^R|Z zC|Ly9HSQj*jdPhW^ccLeCNT1tkXebJT-=LVIE=rwCS5zRvBR6!RDr9W4 zM?%)CcD`nV$*Ath&t+A}(67l^ys#pToI=4T_Pe2|WRO>8+CO($EO2Gr796!o#T^T7 zn-}plJU21%DeL6RuCJsA)lH4^C_%l(Dz%F(J;`IGnMx}iUO9#gZQh;Uc@ApriMnF2 zqup>u^=KWbIxj8`ZGOsyP3s0XHzJt?6h*o0Z&s|Yi-~s$Q(vA1@VygX@@8~!28(;} zsN)33Z=zqc$8ZOkSKb3rp9_08H(%A@;UpPfWGxRcR4sn09e|Cqn!FI^4@Za4xuEjr zK$>f6_xk4nIG^1!bih^b4An!BK=cFw4?G!Pi67u8h<;B0h$(-G2MjEXe>3W_{6m}! z%fE?}`8$F5T~=BGivh;{Ur7P%IPbV>4TuNjSoifwDm?x@)|x!c*sMf{I`%;bjq(<` zM{YKhSosU*vl`^Hf#Ao|=;_!|{}i9HPf$tz>+R6a$-^|1^{KD7o==50cLmh->60F( z!JDQlfyYvq6TA$$_Li&uF;b5Ig|N`l>?1&4*2PWPi3@r5HF);PV;T5DSYAzCT(Ri= zCR+%g5A%Ib_ouU)JCCQP8<@;53T`}_r-FzKxU6alQoCWs~W^%59JWk#-WXl}R1>Xb$k7IoV z6B2+yU3th9OAE>>mBhM|X``7wJb>3($RX`0VqnF9Ve9%g>70q#lh>~$V7AO(MS7U2 zfyFLX!qb9X)Q!yogRWQZXbtBV!JsaWsjTt>r8;oTVDB(&dnKv(`8787Yr~ga6Io0k zR~dhQuKyT_JEV}qW0>}8z3xX%@Q&6np%a=0Ax{isE>z@fX87R(mcR_MwUS26-p9Cn zWPQp(lx(g8JfOuig#eyr;yv`#S9#iyP!#%GOCSABi6LtQIa8{8HpO2vG_ZYlc?rD2xoUEJu_zbG@qdX|cXEC~yF% zP5Q|C#`hRIJYWu$u_Vj|5+lGo)O?#mXOvKT7L{~#t>r9KJ}|UC3H>~%SY7D&4sjk2 z9k&#ZT}0;k;7^Q+uU~+Q5#?9^N(D86q-o zQVuk9d?99-%E_RAl{41&?9heaO{zWO zM!<>&5T?H+jZ{G%pO9tLf}y;QkW)Dwpoj!=VJ$V~4#mbhaiVZw$Xa)j_NNq?&#u{V z1IEWa!vnqkOL-0wupctl?3j+D zjDvDnAHOk!B{Kf)QdY%mms6Wzl>9h)7s5t;v177^KHYZP176}Z10!JN#n&fh_YTH@ zQNk=%i}`cu{ipio_^-u9PJLN)t8H6Il(yGSbi|(L2S3BrEXrxdm}1E@GOe5O*>IQh z$k+XD=2!ETSQ`b=Em?8m-zON>s5>Xz5%A9G&W%A}N>81C#-}#Cc3Ux_t+vF)4}k=! zwA|?gZ$FHlxI9T*?hts>$Kqt*6WzzDexSlyHk4wSlsTI$_-fO8F^K^80Zu202$g5z zy1;x$N*_OrbMboT?1?lWYYV$=FPkD&SRgs%36$Uk)0$g5B1}C)9064GM=GGhfNXoe zIcAhZlS(aoGylqVc9ysqH-* z%4|R^mB@-(B3!o(IfZ!qG=dCL*Eg4ldut=Yu%gu=15PW(4V%|wS7VzqQ zTz$;KKa+gZsuIEx#Ks7Si(-#Fd;2Y%TusOXBHihJuP#=vB0Sljc% zOxU&>St6RF7Vit8G(*vo^V|cCr)v>|+(JzaTX-Nr&E;=&``MVoj^>hwE4;lvES_%L z-{R|gDo6EuMuyRY+jfg(}Q`ph6emqivnfMjl5XP}Y6*da#0U$59>;UKs}s zjB-4?FS`)Ts~oeaNoc-0(xkUobSic2R!nNNK^+M=K?&M4lD7kLvXkIb|A*ng}1lHWCdze*C~0V zkT)cVtB^cGaiK2q24)RHwwDT65LGW1@;;FcNP4_r)#v+LJLK;QUrL;MVD?USwxA)N zu|bjsGP%|M(i6=@wF(zk&>v6BPmr=!hzz3T0vjc5`l?&c(rLt`8atzlTgfoEDq ze4Wjn1(s%cd4I&iw*Uvy2IvaL z0r%SJxSJfw!~(KsYur2sWty>aAi^Gw$iIyYFInq{*&8yAVQSEtJ9k;*~n0J2o)qVXbq+%%Zmo%ip zi}&(_l?JlXkjitydXD6!=#W@YXBX!!n`zJaO3T=-NT+iO7S~8Hh zuur9#2Z0tBIyvYQp}*J)9mt{9ET4Za*&R&NCbTwF0WCdkIxdJLo&Mn|J+Mr1VK5n> z&!Jh8(X7@SI+}|b#>1W`~ zHjaz!y12|G$};LGq_xv|wDBR7FF3cAGbicQCtADA6ROKD#AlbYok_yq@84bqr@2&=;&X{PdW}0LnDM?B3tChG%HG5@kzz!s8j); zm#+?5_4;E^9oaNiis|4wlf3RPUhbGsZu2?_KQy?Di@N>BjPQe|q?hg|*oJQume@ei zPuzW|u{9kRJ<*&u7zvIlmGrx~S@3A6u zJ$-BQ{BRZG;Yb7!wQCnbw!qA>La|zC1R(%vQr>(`@`=Whx7n_YJOOo-5ymz#58?Z% zuqZw~?31#I*>zaEvW z%HcHEU8+Hs{46GTSsbu4-tnv>z&(mT`Fg&tZy!Hz55ytVJL;enshvq12k!#80(4Ha z8i1vggh=6ac|}sv@x;?PhJT%o!&e4%E~feNo}medYS@mgA5JHkHx^j55*w<;4i`kTr&1NW$ zmunJi`A=G$!igVY#7`G@AHQkD!uT7wh3)dAgI{QXv_yvf3^b*XyFpn`9Bo&z%@S`~E0wqgRm8*ixWr-dzc*&ulrb+T}e zCq8L%QSgb(&InoB7RJN{3>E|U;c#jNm9vKsHSNkN%AR%^4-rIB7z0mU5a;~4D{CtS zXsB@{JiJ2vB3va>B6)qB&xA?ja)d-Q!jX>6Kypqp4P2S4i(HkPO-8!R2Kf+M9HQo0 z|A}`QaId1r?}Tlo;RI$iA?1#>DCkgLB^#IQ7ZQsm(p<@Y-FSPd0_(Y9jN+KmC{riQ z&DSsx#G0eEoM&{YIZA7>t?7ygb(~g|0#50KXOem|o2rG$&8opVK`(|vFF}V1o+-`1 ztIW|8ZiG}c#^W!xCjSFFS}Pp8;>*kteUUq3WFs@InvR|E5)E>Mt*)W zk45RRt-pARgj5I>p&NDv&VmwQu#GW0)*JVfNG=?H6;{-7P}j)y!|z^nt6!mt^TWL?RC%vCvMzR828A)a!4 ziQV+8Qw5oiRL7;2%oO}aaPWP;vsHcBKRE~M$jMG{x10yMzg{)L;I$mS>$UOLg5G zArD7I%cG%e6KJl$y?jF|oSftGw>~|RVpfNbM)2*DTh(Vk4@Q^9yfw2k`$flD%c*k6 z6VGlPSXZrlR)tBW{7hO}J_$=l@+>WJNNEn~iHAj=Ae33|N^p31eG*4oi2*iv4SSMd zLIT~{9Jbt^XAxu*SeMSTZpLw*POHCT@AjRv!+=|%?Le#Bky5=||2mj&oceTZ{67yFsC{L2sz?@Tp#aW};q)Cnx64Gvx%x_pVQTGJpyf zcl)BM>D^gg5ZP{F@!h~uvRW9?WLCYrC_e$!O!TAv5pDhwZobjxZ&52Oe=Ugp4Q*Ke zrMv#W;{8<3aGUS|NYDk+dOb z!Uz7#7UshWfQ@(eaO~)Nqj&W^L3848Ob`C;2%Onf%Z?iZ>*jsv@Tgz|!0YXA*%{y+SkMZHWhP*{5siz!s;T($w<9*J{d&iqZo`!}-rjRf zz+@Z>$w{;4^&Mvf#K;7fE)b36fO7ONo%rFiSSwyiHc(5&4FAL(srURvHah6?z=5h$%&-SyMtLV;hdM!zS{`jdX~3o3P1nI@Q%W zE;m3tR0)$4f#j2*%~WJ_v@DP>X5Q$Y5|~OvwFmuUKFK&)d{V5LyD|fAcb=}(H}y7? zUrZo|eN?W|7KdyAMT@dLc8MI5x^Ot&%{-nB=A*fNAVD>Weu5bB&w{ zx1tCo7|NQbpidTd`mg?K4ylPx=SH&f)V*VpxpFn5BLO6=DTGHjGAonlVoDlacD-A_7tkir1L?%07}5vjVLAh(=CI(R>xMM~5G)w6;G7qI-Wxf+9P*s% zQY6_mP`k&;kSmw8qH<3RS-F{?|TZWVf9|>Nprj%`9 zU1SuwN^5&3Z!q;Rb!0FN&w4)uY+QwH=mf&M_E2`Y)3RwG~o7Fh^THxFRwXy(I+>t{FR^-2=zC!U&?% zYHw}a(az3@om9*OAF)*+5}_w6L3do-G#ZQ;HBmT3E7`=?MEP9~m}%}ytQezj)jyIY z8v8P-4>2CCb(wFPAY9L1yDTYFP=zE)!(X45^Y&V|D*!sG`EX(mhQC8QHd8Ca7Ka)ob2;Jy*4ReGyI@$Z!H^Q|4Sa`8t>qPu<1JK&_vx5zE^zkR7 z-hJTLT>G#w)L%f`)Rk}^f)2IyPVON8?jly{Y~vMjUbfq^lXPy^AWq@eeLjW4k)<17 zCtApn5$`wrJfsX;%aMFzC+*7lz|v$gIrXeN+qaZ#t0;UdxFTgBQ7>6dRGBzfI)GL} zAR3|#rovBv}6&b8PAX<-&Q-N_;` z0(kRg+(e-#R(J)cLF2x#zQel!#`ab4enWd5m|3GO1y$??_r=oT+wuQ_B8HNr(ru7C zG)z&GUDZjrSz=^1%u*BXeBvgchmqK4`3|)6UI&YNn_V`# zY}>YN+v>8qY}+=vY~5OWpLJv1h!t`6eaei;e9eF49COTX+{J7Y=4pF9+9Y8g&TKAi z-feT8%pdvMUtL!Gn}+>InEva`G5^DvWBZqLeYU^cy8kOKOzXclDgQ^q3TUw*{?APc z*opqERtu;H#ms+hQjA`t9hiPJaIeClrHxw9CJ>bmi*s2v*S$QQ=0@-GqwWl`w!XX` zo-XII`G%_edU-vb-+d@&d@lojd3k+1I!@dK@O|CCgL|xA_cw=LNw27OIhsLh1m06= zq+Q7t{AB+WEiuo;&C-nIK0hejHFbjTy%t0P1Y6tI^>z1f_kK-kD6-gSPFF`_spR!+ zD%Du(`+c&q#7(RPbJO2={5!x}0j>v08DqToI%+#e7J3Kt4pHNfS$fzo@;%KO8s==`$_ki=k167Th6)KjhY3x~^9bBmia3)H@jx}9}>Bv$Zq|rtO=+HIQzzWy zY^m-SQQEE3uJkbVeDO0STShY#CKEbjCbW!h+rqrro$f>1*@Dcn(+v^qp~*Qz6i;z0 zg&>e$%+oi-fBMD4gWaU|wGWg0nzS-!17fUICs12f^g|Hl;5+=P4%|bPbpY3j}W9$r-P)NH-e$WNkAWD@z1cgQOU=HaV(V3 zQA8JU&C%ikVcD)&akxgOWn2`m_ueqjVsolB7*{9EEQgNa*WtZB2;RwwU`R^M=Z0ia zV9>*GE=ZF?$jxS)8L!5nm zRpTqQ$RfC4Fr3E*96Okr4!m$lJmAY*r(2DGH#0Iy+KDD%Q{JDj5uq>`;9!EhZA+4j z)GevFyVYuoQgQ1&hHjM+8;@Mr=t>A1%k?K40K-dNwL91vu#&1WefhMTC@~^PyAAh@ zMx1J$U(qms*JFe4w<=4&d&g$P4tDs-F=3t-Vi+Qv$lw}$d}KeRgmXeS4wV30*r+b& zAW^?8TNdepmI}vXlVqxqv5&Os5ONTg>7tjKko7WUDFLT)_jw+8u#s_qpnrVmOfsx3 zG!aZT5UjFj<;6auf5otj@MjLhrO3!sN(YFVNk|up+n9br?o7S5Yd$$UjIb&; zzZX`u50@vsAJa!j;+Jw4C_kj#MHfRJ+k`eZ? z{K}H!*@wUt4HL+oZ!dDSG#ic@%8VN}09s9;_yw7=Dy`n8vmXUsj04c`KQ@k_Xx<8a z&c-#C8tCKNn&Tamj+Q8kqaJ0Mug)wPkj-35C4aFwz=&Cu5KTi?jeus*qUf_oqLt zwDZWULMjud>AO@62hr~QScSvf-Z-h%TvOXDG3heZLltA+-b%O5SIxT7yJ0G)x^u>2 ziJH^G1bi?M4a6Kj%~8&|U|<4shu?`JU_|LmooEhSqUgqrBonEh9s9Fs>YS7P< zo!%x$kqr3vzH)obHZjmmT5rj9Gak6~W?gfdTe9b@zO-CEu~b*`=eh<8u__P1W3yv} zz*1#L2QT9I@jIDtAG1z;0`rh;oClw2KHXoZ&*RicDlXBS4v)GsBCCAuq{8a#nCyCwWz_nlOgR@n?fnz{KGVaXp@Q;=d zZT?mM{@y?_vT^>Sjfd@DFaT`-8wTLN`RnQ0>+cax0e&0|22hfW^S-$UfS1POyjcJq zwEa7Oolt-mL(09%)12A+oxk2!CwjOcepyXf5xBb==a26B4QFHszUuXHdwVW7xxHIu z*8Ta?;OQAJWG!PTxD(d0otYb30m$<$e-O1b$%Pmj3{r0+NP?8fTSVfA}7xs=- z6mlp`Dlu_7tKblsUf%=Ff#t=pOx63b+(8DePsXKyi$l1T@)|N3jS%|#lzo6u>3hon zq+(qM^>lj4qFPV7G1dWcVpS8{&RfNK0hC7p03P^9+3(nUoWCmIL00NRlCj=n>uB6F z5rRt{Pf_8pNuS}^pLhXTyvp3nlf70|S$YOAh2AG|vXNam6*KL)^9}~b8j?%}y)t%l zIN|9$pJ-#%-H%67`;B|GZ19=%X8t&Rc@`bPzswD z2jB>L&iQ9&5gMI#o-Leng+W2JQ=Xq9JtIlGNC49Hu^NDKm6$b;;E*7`be#dhh@u6Le53a5y|v=h^@I&b-{YBxf4U;QX}HbrDZYC|(-FbX;U_4O^-s zW;hEe{Df^W#W-BE{NPQS-O)QbbAWEf{+o>WMFHM*7B!wju z9A7TVLavACX~dcorahRf5-<5DLgO64F$xunS9r=hU3#iZVWPZ&$@57g{0PvX0EgksF}zo9)5hE^8i;GdEcGGHE?`REd`@l*s1Bf~%!U zWDUqo*ax9JMjBq@y*VeJ`=DD&RLEJTr)>AC#(U6=sowTkOxMc!UMm(6igDZ{1>)tmIJ_Z} zuoP$3*Vz^*?EMAGwcJlaGFl~vg!9|0oI6wWmALC+k&K`_yasPeu-6>t<$gPs;Ksw5 zqCzk1oSUhOQD16()FZETgPE?Ze$vOP1}1`q5-dOeDs-=dx1 zB?Lpe16W_*LB#6f1=1Ado!zfBPuJRia8$*RslA)dqvT21dy~u7(}6vBEOsfAXI*Gn z9?MA@j6>Ki^^4*B_ASbEigvBVVeJ32p{%rrFcz7PJbPp_ZVNATB#@EwBysKTiI0QM zo;~l0QyJMJ4}jFb^}6s5ZnP}9|I+;F zLW@KY5kOXcIGkAf|3~G3Px1wx=6-Ku!b$RSB%#0ROFTyxPf{TRuWRzctGf^^N1>`2SOiUUmC z8&yiN)`VtlDzIa^*>gTCz}xL$e+Od=#-ruQ>!RDLlHeH6G;KA$peJ!Xw=Rli-}EE; za`YQ(>$m5jhcA#>^xuNmd-2k!#-1T9P%me`WdsVLXx1kBP5=_P4RhSzBFazR?ToN3 zYhg5!h2oAne8R)dc&n$Q3uXE&l$ovfqo(F5RAM>ZyVd||7#1!#*3BiJOCYn z?)g4)#c`X54-P&?{Y<5zlA_T?Uc3ihl?({%-^DAoT);}z_j20ssR7Ygg?#LAxcjx*&?%C*En1+4<~m1(m*Fi2);BPoks5Vr^S<&#Q5Hfhpl5&qsyfKuA59 zGW(Ds)BE%EQJTro3Cxqi*ddM$3vi7E3T5U`B2M00KQ$%%>y|W?P#Vq>%rAZ$39pT` z>h+ZUHr4qBx@$8eIBl`0Q`4KhkcS|>qs_Vis2-YQDLlwGceJ&OGZ*qCE zBx=9(5vBkK3n;cShd|0J+ly%7;L|tUuKLb#@r!8oj2*Gm>``f!-u(1ksMWz!wma)Z z2#UXF!(&wc0nCFn_Arz(3@<5wOw z!#AwzY7XBw;U8fRtE67G3eAdAd+|ShgmTRJ zvmp|1=Tk>nB)Gi8kouHTFv+riZoeqg*8`_QK8FKayRYE;@ygw7i3<|>!nd>uFbU3O%!W5Pn>7siqySX1tB*DD zN^WA#LuF~1d!So$Gc?ZLaC}lsU{k}fs2Kc&w|&wy67cl%zoz}4UKv;I7KVM4sGh` zTuK!0W9lXp8OKI64%>@`QWre^KmC{N1T0A)RL3p_BKh5%m+l3YhHWvainhR)s_bQp zd{m0k!lJ*N6(p#JZlc)XV0TQDD`P`N?eX_+><+tvkC||<<@sjaQg}^n*cG`E0cPHIP__jE z{KS389aixezIE@1e!W;BK|5nT`~d3**1D~9ed>gf8O7B-b;nfRjbfec>%0Wl`EYYW z%_A|Szwd;}2b~C#YA~Pw^#D61{#Fql2N0mJXK7esNHG0(CHZaV;{Ts{RU60M4 zL~(C_Uz}_Yk?o83y#w)iI$)z!)u#L7=K5SN)3;Bl{^fDG|MMjuwROS&>+St7H+K!7 z`}NKeyu$}Nd*!JecwKlN^71R-q}Qe3wCOZxfV4uXW}7WLNVokNLYba>Mi*$zUUx#( z)j-_SJ>1IkdQO`>dHH5x{Rf^$_&7?p(Zeo+_4cjeLS~Z0c{0vx^`&y4oO+|l=*^Bb z2YVO1T3r{`5}v28_U_^iY|>;9FdveS+GkKI)Vi%Pxy;x49XYtwFry9r>vuB!_ zxoETAeADAyrP21As%Z9t@Hf#y%`LB@eS9~3JRGxlbX*eX1e#HUF|z0eeN@l-LiF9N zH+|x^L}x|2I+m1asHfWnTUc*D7t7*Uga?)@xOEi48XQpbFhwZFXnUH%Y4Sc!56X^gv-l=QO%BJ2cMV?~Q%Er`i*r?cdHNo>cl ztKRQ%i;{H!)Y0O>Oq?7tptIh1cnLvLvo3eUNVqjAg}vF0iu@ZH>kQ~8dW(3|0k5?;OCATi1v522o}t3He% zuZMpfl|cw@&42;6O$g~A@yRpA>It?Z{FxC6fp`qyRx|f2Cx*jJTq0ZC(VN(>{Lj0G z^Z~RM@VcC)6EZDRbd+jW44PzzADXP0`&FYvcCXoAJ@e(+b#pa$1M`khkXqd20(W# zmK8u=#C*3QszpI$5BmoRKt1iihH7C1kp-q6bw3EfLp_t=gil%gym={RJNQh(>HI`XUtNe~N|`+oO4z|b4{L-?g!Y}n4Mkey*~eD- zS<%g{4J=paNk{D|YDyXAR)h$`bV(-08ANtV6qCnYBNvd3U2^sj&*jLMPR>JV08Xqp zX~91#oa+5z)^maQ?heWhhtR+*m_w!∈rz3Knz*1}D(r(AO+K!!BFb{N)J=5T2!~;BsmzOVaa#!x)XBM!hlXgs&bW{p5o7W%o?$)IGJD}xS9X0box!`1MN+Oi_HADReTdK7eAtC;db3?YSc39pf8Ww#jM|GKiO^nu zj5?XZSIrT&GC`i{`mL@aqvWZ#B5$#!$xDic01sJH)#`x9WajuyW=_E9`OW5w&GIQ} z3=KhLmq)|U2D*IsgTYa&uKm$_*ZZg$-KPT_Z0stK@3`4=!dfsn%cHvO@>b(wT%SqZ zHn%CXkZXjWGd#q8HXg7iw~S~0#cmftvar*``sc^bQ$vkroLcLx@pkaqvrc&ayHjOj z3(cSDdIgI+6`CS7kNybZzWvb@o5o971_`XbMVPW;(m?z@TEoZ ztzSGJ+a^<4l-a3eLdn2ZDAHewTkQ=?tz)tLgsuJhcpg7`XnkQq0MfL5$U>=(`?+-& zli>pLa(0eGb*L;1@1Rwl%{9WMQINq!|Dx+QDP{pg{D9#}N(hJJCmd zLh_{$#hftBS!bD^oU~J0mEh>I66`|FlG1{LWY|0BWoVb(M1$ zWFb=5S@*^U)@J8?NQ*h?k~z~xx_`! zj$W3J_gGwAN(mkcaU@_#L;46_i2DS=E>Xa`Cd5A&(I$+)t8@MYTf&4)m7>7Zp+M7C zAi+v=(D&(GHe+xNhXMbv8a4y}nJq9s&yCwl@TaeAOYYB?OgXeVAm6>x@hpR;VU%Y5X9NP)2V7 zS@XTEO36_lv@}$SBxinwL5ZCNVxrxNAcDP3 zn+8SINZkF@IJn3F&Pmd(JyQR=Mm+5V1#fMCLo8PXmDvBiv5#r%K$!Pfk2b}1?7WET9{s#Au{0U&XU9!8&^ISiiJ+q)BX80s)vNDFTqulR*bD_byfN&9-un9+g#;PR z66yaC&>D@q&oL37ImV?(haQNvDO_}2#c6vo|KY`Rm)MHF`ytowIAkYlK6{u(TRTtk zLsGLz@&a6f+vT%HQ~YwM@pB$#p^4Jw!_o5hzy&=8BXfZ&e%VzmPMIZ*+KbX@2iyWH ziW18iFxZ*qX$zHkB=CbI=M|&8Z%PmM&_zvJ(4UDkT;7Sr@#8dJqL3lC{I2)~-nt0K7^`RUnDEztUk;05Nwmu7O9H}0@ z{JCayJIKrhc&T#QT<2gxZD0A`r5fxM{5AkSK^m^H3Qry^j*?r$y#zP6Rk^Q|Nq3xB z;J5}OZ%I+=OAbro(_j9V69ngKP(c#KOCQpY{A+PtkN^7o|9jQO$in=O5GDKH*~))D z|Nl2A#<t*?=1`PHu%)l6PhIL)bAaWg{nz#7|FjfER9k#p#x8zZAEG)p_59xU(fV>* zu*@sn_Fe6(sn)A}tX>tG4_K$_|1H=wW0hARD*Ok|#>Qb_?w^wzIWVUp0 zq#Y*~C3N!#@n5S*{X}%ViN{{edZ*&3q7;v(j}TJ86=s;RVEs}o@SDs3=s_yh`Fv=g zsdTw7C~(`VEWA&o!-0rd@8ix96UIQ$o%xmMvN-7k1N;;oR`z4@DM;@;5F-niaVk2e zQM~qNO0@R!9R$=1F(gWVzdVxxKI<+#<)X37ay&EV5ktdXf-v2YJ!4;`qk)Y*qL^(4 z=f;YlJo3C^fMZhd7zG;&j#hLOPxo|ah+4K2j3mf-hS^G5IGIAj3G&_+y>veRkvxpL z6H1N-CygNHFUw6&f*CRh2!wfd0=+u#Sf7jED4&WOT(G_du8DyB-V&FVlW<7!do+?Ht^j5)t|^{(rGGHAZ|My|UbM9EkIw>jE2DKai`CE6 zHS2`tw+#>z*4(kV3*p540E0I{<8D=j$23pWj@CUB0?LaFcMwpX&oHw^K$*{=s6(vV z=khh2CZoup;)W#G?KvN~Q>xhP&qo-dAklDVkoV|;dE9JHLl&V)qE(Wh)z zW)8f~lMRa_Rui7?rYnq;QT9v>oae4<$twDS^Q^2sQ}u=I<;)SZyDhjzI2pjx1%=A2 z`_rT3B_zw_MaFU^84M*O&jllBrSs~Wb|{Hqh8CnkECU+=7$?va8)7fEgs z$Kw4u1iKZr5zekLuit}Yid}xCQ8S?fQeBO~L^@4b&VX{--34~CkM%2QU8(klML7rl z6L#`5=Owiud36`C1Ws#)I~YBT_N9)l{9SY(h8`V(7;*^?MHF62f;vx1ZnsxLB&>`! zj?vR%*+j9l-xZIF>OM3!NRoW!U$bM`9NFdAn)La*v)j7|fCACKlM?HD*#u zeMRRDmw(v7&K!A?T*vtw$CuqLBl%DU8`zgxU~DB=BQb??;PG}UY=o4;Si8}U88a_X z$B7y9MDljIYzxa3Pq4^ZFV7LS!;d+~Wpk?w=VBRMNnUQ1vD*SX?XjtYM>8hwxljks zg>>fUWAQsciJa@Q;|5^%0denv5y^I9uLCb<#uxw-7mD1Vt3b!iy&3>XXE+Hok*=|7 zcqmrp?r%49VvrgKIHfuHcse1f7$&^~BE&0KgbV*wx6P8&+QHMvi`?jGikndHIG3cm zgPTx(`nRzcOg}g?|LgDJ?6|6|`yV6OFDI@V;!@~5N!zVaqH@~T0NGt(PLZ1;8?w-< zc=K_%Kko@V#}Dgxv|6Vo?LXZ_3)=;OVr|Tg*vP}?vnTfZOHl|Nj2Vuv$NA*|r})=4 zLVq2Q@ba4qw*9dvEv*3Qxi#;Qo}fSX1&rm$sQ*`q`FqdB$jZ$A*BAa8H=w@ht>1aZ zzux{sVmSUcM#gx|`FGdD@wde6C>I$?1Hk}Gnl$_^F~BDU0$1N%4+#l}sTW3MQ!+O8 zi~>WFB=I~vM6riuyeMCPzDtTf7X5-B)V)5uzpsx6w{MhGygnRVJ1@RliO?3dP*S%e z@TW`i&MR8qZ=?&)(6D%#O91BsEEc5O2ZTEh;01?kak^%T{zA6uej{6vrSm=-%GGqw z09b4N-uo;AZKRj|_Lg@hD81aRq_=x2Yg86fP-T_7X;+0S;h3J2#L9oko9WyB&au&?nx5(gReQhwf*~cvg4enOjN{13nTr7hs}IE;&O3}09xq2ZsMjB zo}%itU3HCN+?oU@mft>`l%qC2rT4w!+FRlhx_=CcPBtWU-r+l}OCR}+X*i)OGP?uh zm6tIwaZT?S8r(gjhiYm58PxZ&1(hz1HA_CAb0LQxb0Jo>Qgjn#*Nmu5uz(P;LCz0u z;+G9#^8Lysk_oOzkS?cLYFGIRQm^;Q6@bUbMe4|*&6e@SU#52 zLDj?H#3rYvnw%PLC>veI;44HjjwX!J5@9)skE#pojC8&8RbC4}$0rV0KyBYec9m)A z(I9BT-Co00mWz;-q{vKfe#mMXwkvrNgPYl>esy=|!fJ;?6XNCU4#%G#D~kkp0hKc?rl-o*@_7zu(#llol#MwA+F?jM?VJ}}gDnVJLEder;+-J-<2_vC6(WqY#Vu9Uk{-sE9e$~MGb zq{M&sk~;e!&g$X}>dk^bxAM!SoBgqc?U6G|4XeZd<@EMx=(A+V=h>;bitSN5mBhZvHV@_LOgC0Eb61U@ z{3^yGQ{h}-0GkI@p=O17eXCK54cIgpuF?mDYv#z}-pXUXE#VU}&C3&e_3j!5gnSpr z=~g%!YxNAfuf$WfsKnQc_UxV8?MJQml!kwHflI7;1ju^}3dR?;_7YF{)%bxcNhf&K zMGRQQOsWI5IFcCmY=@hLOJbOHj;-V!kux{pNdLY!GkWQBfeWL zT^+=#H#5IvkYIeXmyAf_Jz_mb4izj%KD9nFDZhz+Q&sb;u~(IUc~_9z6&J%lD=+mA zQDB?$mdLo@<3BptF?rEfcc-^4RM_Ott^eD0*VPp3fsFSeE$~I%RSKVR|F)aD_@@7G zIf9gz$x`epb$3A9$?mRVSPu1R-_K96d|)&@b|-e3(V6FOLC*}(zpUlJ0=}PJB6v?N zPvJPKvuUPv-r^DzQ5limwYImOv<@VH>U59A3~+-<3m6ByP-kuh8^H&|qPcvaK9%J17)`pl}b2yn?Tqj&C7MYl)w?VoMlYv1K<1WDRj z8JzDn_9Cyc%cgBQ4(9gr4&#dOn{VvRyy1sLC$5`VV3Q{U&VvL=fQVq#gbnZ4R6tJ@oa1Vo7^@5SsM-}L_2E#!%<^00FE z6W3V>q}80QwO`(@X2rIX-D&x4!7bOq{Q{7_)V~|;HzWiII6iE?EG}r00h_JbJm`Z! z_v;#cupI|HKrd#g3?Y_HV0^0xt`EZdwO$^7|(T%Z{Ks{$fmdkwP1*32C211c(`JFM9;rZSrBZlasi( zBtUWWM5dob5hEej@T;AmSw<0)KI3$wq7u1$LG6VE#F+|fi7Y(fy}x5#MhGBme_WlD zmxNsMC?8D!ij?HR24iM_NuBZibHEztB4m^F+JfmKo#yCOy>^*SL;;qPNAOy3+E_ni zVOZKjPZDvyN5K1LG2G}#SCu{iTL)j zZK;MQj#EuLoJG!}{y3s1H#ngWrWgE}T4{qS(k6=Rln^ej+-rCWC8|9`anELWn3A@p zcm@&T%tUBRl&lC~RtV0_((^?}HSymF>R>YtB)VEt$c7P4vRvAw(jD|4o|fw=Sk#)F zE7}a0vN&t7xzSaKV6K%@;jn12L}g_)i@hn3$M&u+VnhvUFNl*~yWu>d>zbe@$$<2O zO|i@dNaN&u=bhyF(M{Oa$OzlQLX`dH0|Jew5@@_af)$@> z;4^|SF!vhWCUFtyX_In@zD*CD_s@D>n4(}Z04n$={6${JcnJ+E7z5|n&zzQgG>nke zx7`QM<{90)M;yJ4HcB)C%`jYQ>}4%px^(e4uqFi=;)}w&Qxhh4PDtr54??Po&O)kL zJIN97v}Y;CAnaF~S(DZc5;`se+GG!A#4Q96yUj*hO;!v~Wd&WSx{6MV$9@&MFQ~&`1Y<_B&a0LXW z3~+J>XlWI&N!*@>!AGK1Z0NG|RKvEaZ;){aIkv+SZ&(p}xH`&}n)wN=jv2Wa%g_G% zQ`sBdRrF#1YVxzuf62z!SYRe<9)EFKTmw+&<3S6&y#+UH%L$@uE_(n^gdAlPmAjq# zvFnV)H>f#u2_98;+sW>N^w!kOjmMjuC0eDY1@w`10C`o*^V@0aWa|8p z8m8N_nP-eNxacyBoTkYe93TR=a%aGC`&LQIgrMKa6S7VgX{FycLpyRQ& zkzAgAUKs#(?K;yyZvl({v>ESf&WmkL~oGfasXEULRi; zUOlmAMglXUpFUN|CY=SK^}@XnmgTDt3@chh9XvC@rK$Rs1U6zSP9#mHsVS#3yCpcK z^!=oN`bf8po-{wbPBz6%?0@|#xfZCIKj8J+^&T0z%!xs;9c%aIuo?J)^O^y%9$A

$LPN#5_v;r z!hl~mf*2cYd6s#YkWzv|cag`y$!7H0^=ZyTyI9OVgFM28rk=hw%9)!Q2b-VOwn>*J-4{q-66G5~Wnn@H?NZ#|d+O zF3>@)Xzj5=E~jZ2z*Q!uJwQJL@RD?(id|AvgZj*?gt~KF9Dp%JhY|}>H30z9Wx-KG z*_5p9#sdmH2HI%^{bbQN!v7VAw9AtLU@dW=L11(;KWsi!^ac#6zabEatIjZA#5o=y zh2z}jT_n;2k}_V^$uzQIVK^afvf>3WTFUj!hhaRU(rr{hPe_1A`u&I*gN)$*-gxf@ z(wgC_7^5Z0VHY^5t`P1drFmTBxeiFr-YbX|SD`Q$l4z7BMec!a5J8YR=Q$;5y53Uu=7#Gjegb zRcv+E<$;d!$8%NtM5nQiv)J`S2cm&X1S30)6dpw~)Vx4b@Pp2IjnBF=R-R=@(MNh# zzDNs7XA@Xaa&%4!MR9D&@>c{?gFKve1;67Mx~=c!$B#75tKAx-4+Ng#bn%wF@IL>bi&0I%lt42q1wtt2?OxfWn@MDu zm2#GfSeX|&(TZeTxW0&r8Rd!&N%`O3PZvRj7n#XO{__NPzLrBhVr>7_6-Hd`8%->5Y!8p`446m_Vj;z{(y9+gBX z6L>Usg%1zW1&d!BnujyYt|j3+q*Asnado}azt&)aqA8T)c_>DKj!}>H??m4!xxr zL_KV?Ix|c;wj4yz+Xd`V8blEItT8DzFl)Y6&w0hf>z*Z?@MU>TBT=clKOkv(CRwDr zWBJAI^xKGa9(=NqB%UP1 zbiO;6TmQ~NH+?)VA6<9;wQ=6rzr$b8mGgjhdOWtxW*d9x4)p#V_=ELh$_eTaV@e0U zS{rb)-1~}4-bucBn~**q6`ZTb(6(Pg-LQZKIiYcuRRvt53Aat}%G$Hir7;Whr;x zrSm8`7#P0@)5DSA0O$C&gj476y$KtYrzE&s%APgkmHFPw_+oTWCQabG<@_+T2zt>7 zk?R)f`lgS35{zN>Ko+9Y>}~vbD0cghc_j{+kR9irEhac+r+udb1^WXj^)ZQ!lAQ2I zhxssnRx&Hjl^jToJj+e~!9Fc7Wh^5lvaYp;$!D7j6)RrQg@jPxTjs=dQKPW8a_BqD z3!{ue+$(3?8HU~Oi<0Rb-Dw{|KyQjj0KtnX%%PRu=Q(Uoxp8k)NIN>`A%O6j%`VK` z3ql2efH8O~)=w#v*o?9g3;S?&X-)^%S!A&$!sMtLFCSdD!Cl%g-jEqHR2*Omk3L~7Ma3d5p%j$p>4x^2tfw5+Qwa6GCiyu<$K}{sF zCaA*Y8nlKGHJt2%0G&WHsVnO3K!~Ww!4KLi2`Y$sfyy_FdKILok)oi8zsitbVEV)o zn$>ID3?y@gFMt}rlhCXY69j^-Y4uAivRPsC%itzS*u@U^l0#L17|QJ zxtMgWTte0|&)c}B{3A&c2K%cEUs8_9l~Tg=fD)B!{iGixBimG0&)oRFxTM3Xtm0xG z?8HncZBbZbg^D}kgz^k_DTW^$h;Xy=u6J*w79j!Yc_5+3aeIek9imaXAO z>TvUr4BX(lB5}3--dXN$uU>7^vvxc7@XEV zYPGvPDL$92B%yeaRa5&c5X3wj5keq+!#r>`G0rlC=>S}vPR_ zpo-&CPx;xTPMU(d3N1RNOBt3&H0J7u>@A5Umd&_>s5ATW2{gmPcT`=Lv8NH%KZMUNIXM#CFLp1e*!5Y9sbZsU~M3_3XY~LUxjjy=r;TKJPC3Gk|WH!3XqH zWSVzM_J!zolJA17jmyvGFJOks0FQqYkpHN{e{COzf8306{tGgJ^Dist|B6h|l&<{# ztG{)uW~5_R5&ykTFtpQ+{6h!QPOP}DvEa9IdU+UoIc?fCc<$i& za@V4%47=d4eS+l#T!1$0M7eG!i62n0>vv@wOz$>-mHLydbo^+&2Z@5+TnaC!DD%nA z0!ph=D(Swtn7xk`bdAw#GeTG?i9JSXz% zdK=OU)l3(+RJHfBA}cCVUJF1sfaxR_C@-X$k@fqDH6x)xJO!kK@=2(taW}$(Q1MJ! zKt<(HQk9%7u6O!?O-Bqfs6oeQ3**hAA?Z=tkm4~*t&7xMfXc+xs#vd47Z z+_0fiI7qMnD1nded%28=M2f1z)WQG_2S~Z)egrvcf@9%<{6arseV~GF61!u9UP?gs z2hYPAea3QY;q3m*Hj`LWN6Ea6Z`}jIwEp*CbKX$f4M4MKU9y}b7N#TW3%Vt5Nzh>u zgy5dlwV|;)Kj>tQMo(G)0IEoq{}p7avbV)@&hvD1!T`lDUV!*snuNJ_ap#QkiDa}p z7RzCFGLvsKQ7{)uFU_Ly9((G^B+Tlil4~g>xTVUa(NHf+;`sJ_Jo}{I6=2VhW56dxvui$ft?I(E6?)ecs%wd zag9?%g_=TMhZMf5M~Wsl5zj4pvuSswt6#kIn=r|WHFG(swjpCSaxb&&!imwtv(^2N z%%TdCl)qC7-nC!AoX923O~t)^a1+KfJeVY%)nK@h=T12$xn@(+ySB+!=}w{c_Wtbd z-vRMWWhTJryf%OuP--^(Ka{;=a3<=ug&W&e$F^Y;`LX*4rD{TgunHTeq7mz;513v3yYsnjBs5ald^EGM`4IWUjkTVSHF};!W`1<> z#EsVhDP!p`nfz@~SR%}xD)+TIV-wSC;nZ;;61@BMJh`L> zsn4PJ-=J4ZXQ!P=dvH=y($FJTG@%`SD#1CpkB{=TPvQ+7RS@Oohaj)zhuD|tXhg`N znH~%9p*)}z+~&znEVEMTXtMGd(Z3h3Dd!VnGraIP2~u(FTRviQ@b^2FVp}i8j#1xg zwi*U~q20hA#O5F;(#s*_kM*f91llLbNrM0;r_WQRw5^u732bqglYk#*OT;C+R{)>7 zdA1VU(&(>9CnP_UPY`F@9EHpy$O!RKi9DOYEvC+kuVPk=K+<#QJdtjqpUjWxi8VR$ zO&f=cIH7F`ox~IJSL#$N;8i;wPZgV2hL95i!wu}=TH5GWHDbl}|9K7g6tbpX8zyAs z-@;s~M3u^nzXy|$kGnl+M=coG@mtX2$4*pjt9glzvP+2-P^r$Pd=*XU5ctBG>1{@# zT;2%DGB`K2!U2#>7TZHeFv$=p4|Oc-A-a@@-UtUu0CM#n0xAc89QxxaMW{v9W-%Vi z`r@f#gyWgX(y8vys3T3KSDKhUW2QT3Wme-IN@WyO5uPONS60TXlvfu%xEy5Cms?K( zO}v`o&k7;XsFe*j4knte6CWXybr&Hop+p76>bR|V;zB1@^Fyk3I;iTk)Cg?rz~*sY zYW3XIBWj+`)T6wYRXk=N=BEeKPZb|-+T$5lCHo`e#iz7s%aflGoK<^4Qk6-aV{Ge3 zIDZ=Hc*T4?8Gun9k=%8+FA0Kh^eX_)BOri0qvUFg>>`laq z`!hRz3R>!4^{?)g$JL-ewW80gyDGgt^*+?v%NMsk)qm)y>deSPzrWm`y$;3e0Be7I zI)cAVUh+F)FPAo%JD*Nlj>Exhh-~<7QWTinPmyoE{K(*p@HqARCkkp9c}jMdGRbd{%zA@|$T23?KaffNQ}$^lsg=1yV8z!OJZT%#U*O8^1YdHtHu z758u>K7~APpj*i%0n&X$i{6z6I}jiaHz#MUCD-9|$bTGH&O-U#z<7SsLS`Vs;w71H z=;JKSQj1U~qpVVan)#eYbFRi6QR=C6pRTT=1twEE3Lp|qp=!>uDZ?au?3Ph*Ja7ok zECVe%l=KMSKM7qR9W8WN+{sa@oA6DQ=p~bvbwqAtWd{Y!dMRV#ce-J1iK9BB0EGp0 zIZz0?S9b7^?n26H@J)z_2y0AHP)hYvl!%HVGZSQ_ya$X=fV9)`YV=_f@=S4i(J_!{ z5FX7EM3Y;(m2*BoZ$L;YFVae#khc1&iQR!QqqSU^iipTm+?axs>!gBFxJ`#szD(*^P%r_5$k zz#H&T1H}|G0pX?u<1N|Y+&=}^HbXpL+^Ua>V=duMiJAC^*1$dT^hn8N{ErdIY3xzO z1nbZPlb8hyRYb-me%#MB_;#bW%&^ueL2WgSW*6uY<}ufpz}(d862{n$0+9D(4|f{t zim*YH2GlOEPol@Wt6Cy9UnQ02;RHjOr4W>#L+Ny(uoiQdV zoX%*eq2B2}J+>hQhh_`Z0pI29>&8^xD|j%~7$K$(%|a^gAIuincQ!4&7DMdarvlfT zy>^c;7i{D7Zk4o6sH%~8zKUZC!S#H^c@CY~DHS0BS@f5lr@Ru`KS z?W#OA8nc{!=`U4)ZP*W~kHd&oO%XjqguD!cj=d+PPSZUwy9$Y;8nje6Mm&e!@I)I= z&Xhe5G9iT3s=~2#cWi!VDhci|P{icg0NAeP%*IL*@O{>9I?LJBAV9ll$lV=gUHaZ- zr%t-FZpgf4psf}?28u`L4biRLffquQgw@!sU9^7mA!)gk6dkmR4#^OAM(qxf(GNvsb2zw6ItCr;_DO2i^yuSl zetqQI-CLQonbBd) zt&Vte2y)SlxXvu5M%fTIjs|K3(jvg~TYf_FKfU1rC;8^KHmFYub!1FyFUM{@>PGwq~M-k-`Bo{Mgw@`<7N!a$rD)XAW~?-f5q=~ zL-pc$_OXlitHI4p$1@cIxRO;{1q*0QKF#p(>w4N*f$-5Qoa@yLLH@qU(_icO_|J)( zyaG@3ToX9f_OYs$P($b-)f$@{Hp#g=4Dc@3_F7J=@NuOob2rYucEi{XoCmys21w3@ zEi>#s2_L$O0&}^afpxwjD>)r-J#&o&g6Z6MzhSj8shBa+7y{~5c#c_15Mx4@CaQkZ z(qqF`9~pC<0m6ZVYT2i1h&5I3=T;2kapPDt>9fhTE3NUdzcQaLGuRf%Ij|EwpeF=? zD-urn^v|CaOlGw$MHuErf0$95G*!bb$~h0UI>MXZ>5uz-Xk^l$_4Z6uPJl5dFN4Uy zCYNive|*X7#2^SS$i^B#9(Hh!z|h~^WWksL_|Gth==d@+CXX*C>*sBu16Po4K8Wc!Ur*kl4rLi7rrNf?Ni^_ z%wi5V7p<=~+HR}OByJ9MGGn6U6MuHo37W|O<{iqRIYWV*9!tVl-u_<8xw0uEc2yLr z!itqX$4R#ClkOv$kiRwiwYR;M#UvKYAXTubVan*q(N9u zh#&@Al%VXENd+YL7wjh`R462gOIl%)X-v>?qa!0|sAi^4wkyid8BLMD*|t!KajS$u zr1IWl2_eGdg(+W(4n}4)D?cXzm~(l8doi6td6k#D8FsY;KQ6Esu?pE3l%?US`~2>7bNn%*Ef5M8C_E_*r33NQ zbBYL_t@NJA%O@;lb|?V?#W0v_MQo}oJvc3PGSV_IKp`F8Rw&-IgfdcA#)U4i5!j!I zQuHTN50m*)VzGyWd0|F)Wy7->etCuQC-2K6VDQIAelz_10j;L~4p(zKw3WcU{rasZ z*^P`dlIi+7?$u<)ueo~xb-bQ+@rZXVylVWxR?3TBKyyRJU9cv;xSu8GvAeH9yIXgO z8d0GUTMHVrb2RY5WVu?#3)+S}2ZRr}w{Oi0nCxc`6OLq8wVX4(=ct_)*d0o8LyLmSAL)}Ydm3~r3(imDY6>9v#pyjT6WoN z2#NL>k75V-r1NjPDJAzWu+rfsFA~Xv8{)}COA8|y_qL-O@R5b7IsDcXxT7Vyl~djm z!H7xeVUiJWWSw+j3Q8B7d?zFN8iu2Erc11l4QlN-A+g@&=4k<~l(d?pAUZk7AH;)r zf;jP2p2W{HqK_yg9(bBinL$BTenY5=WL&x%fu(OXz*7_5iz(C;mQ4mXQ^5(<>ni5( zUv1HLt1r!OO_L4EY8VyHDAEi`^sW1CO1 zG(Zitrd+hs%JqH0{20&iVQnqr5rDrf{EYFYm}~Jjr|pEvC+FqA7yws9BS0hjDQ0OS z*!PBQ5fI2$IBH1E9ywYCBNH3L*}rSth9~Cl$YbBQVDbI z=o3d#3~zSS`M8~*Lgz@RyA67GgKz^E?f!_BmcL%}j3(l#_N?3@FQt2_gNB2~uLl<3 zNstiKim4Neyc3$HjfB^9crs)Q8{Y8Dj-0XDOeam;7{ED{r_l<7{j$Vi+_{x7WmbXW zgpM@-Q%IalK&wkZUFUDj$#dw&ZZtS`J)u5^H_S;bOUM5slx7xkF!{mzP^!M|KZ?rV zuFCg$x_^rbGyVUqqchY0mv!`ik!Rl2j(_q~1j8$UzyLNOd^TUf+Z=n4zc_x*h z6unf;f@9LyAE1sf{O+CoF1EqNZ?|isE3mr@%1|$py3=#x<5lTK&V@4U+w_Y{&P0AL z1HCB-AHy4%GSS}dprG~sY(iH7c6YV7$8`YKr^{N?a)oHVM^JwL3P8uXe>+It7&Ce@ zDu7H#SA7u7gOiU1kwA}wEu%Q&foQE`;Qt-a6RuqGSV&>JP7&otZq9d04)@HxoU1H194hAM*0WWwAO<66CP=Kkcb%724Afs*k`ZyE z016-`rUBy!X;EJ2vfL3QDrr|peDDbjo9OOU?}=FUTo`AVE{ZI?A&!kF)d0iZj}xUB zM@FI{yW?R+=}o4dWkuu-v4uwms72kG7M?ageSF&4PuYfAAygUqDDS^s>MotUxDfL z5LXykAAYSDVkUBYv*fN~y?hl#PgmIp?r{!`dQP9F34*pG6nJbwcg!^?yM@McMycs} zK$L{`G=9W6i_%O&+17Cr0F+#;`oloD*+E-OfkqsI1ycEoA`saGG+x%86BubdxI!B8 zKM@l>4y=Q{gBV-gA%=~9hzBYP8p`26$?Tv(-wO+ch2w7NfrR%M@YSi#yW_qIRDh|g zB-fjMfPt-%#?PyGp%9F)KN!^S<{=>uOV77{&2Lt0RBEm1ii`P=;`Mbp*i`MSF8pkV1g!Yev)T|OIiYv4#yA>plcy+J_dv! zRMyCf1{>xr{*e-WKRSW`&~Y#A$Xu~eM$f42puO?Z@nL89#jI)E2Nz%NN0q9iH5;NP zx7fhCoq3BUjZVIgVz45?EN1NyF261MT))7R%%&QpvX*uax*|WeK<| zOpOaqj7jf~0t`Q(2A%3v2%aU?F0ckOO02TMwH3a3B)+K~LX&KvL3=ntWu~k?y+C_t z#$_6|QrZpXFpgO~c+9@CAFt{5G&G90dU74F8M&-urjYuA7=q~ldU4WT5;aDt6RM=( z=r8^}CaR_6O+AEDTSJbpA366Iz(K2`mGTZ+{J5djS90z4h4!Mxu%k&|Wr# z9MITyuUp>s4yX4)%cFei`Qc*QmZ;O2VBZ`mwBm`xcs0}2A>XMA{IfU2YIfgo&BMUFA_tW3_t<2 zpZ5L%^Nl16jic6jysWgY^-(PvaP_>~9o_{E`}RuE{5~nWd)5DX|KI<5|J6|kn!8xv z?gpXU=6zfg2413fkK!qhb_#oW4yl&j22*-ubI z0G2&CtZuX&gfZMk%o)3bZg!o$p6WW&{rRH#=XC_bOOth)i7E;`~vX`jD zfA1lNTIFY^aNW6x0=z_&3|`LJHsp@%Q$o2kbV{@)S+{LzaRJl@aai%fLALvASe!-} zjAorWOyby(V}ry6f8^j{zbw16M9sh!;G8o6lW!Ni5vv}W8u0y?9)3D?)J))wu95DY zhQE)thUSPb6Wf#2c>vI4_4EN|8TQADGB=`EW=WldEV=_(gQzFbt{rMODX zp2jeu_0nQB4{_JXFqBV{kact;LJpvndgf%TEfY2IyjycXz-&`slg( zEzpRx)u)rNIPC)K({~LIi8w+{ohgzVyBx4b%9**;#L$(u$ijF|VfxlFxYw+R6lOJ1 z>u`}SJrxuTd|VZ0OsngA{aMny8M2>2Byz?85NCa8`-qJK!=~Y=G(qaK z`VsZ7>@;BU`50xi4H#vMsqP#31J{r&K_e9)qQ;5a+VDfoIR4etV92gHOInfN{WjGj zmBi*6w&LoM5S4@qF%E6-qRyN5h5~AKnU$D1+-c|>cJ)+X=fy`#>%ziaiw&-5gS`Au zMYl|8Y==3|fe@-6egzG8^Np1|3h`hGp{R3#k+AdmHua;qQKOY5pvp_MOMZ~5)lu_N z-7?6WBm=YAyF#3u#>Z_{y7Xh(V=nSc%4&@Lx}4{XS)In*(!2>=i(=UDQsskK<<1!J zV_1At+jFY?X8p>bKiy|x?Qte+isz-?`ivUi&mS^51TrL&jSn=~dK~YGVXOO6?}auj zdVeuTa7FC7eY&sqIb=qU+dW01en>v4ya4X-9IngF#!Ccn;ppwXt*-EXHG}>pGX)`a8Irld4|A_#`)Dett!Rt1MP%8hdJ0LAL3XZ@uD&h-389 z%YvWi_h%wAQ%VJ2%P+yZPIY-ez!!~fIq(e8&GUjIE2XHpy1%E)yptENiQYNC{+WAn zVFt-;zLaCC0%!gXk{=j0=VVCNw0^aCU063%yIoO%shF_$Z4Ed!aQAm9+XYNyUI0g4 z&$MQXU?j?n^5fK|CwezpH)!8%fDeVIm$z zh!1g1#CzYw?}Hn**-A4l}<_MHdM`-)TPs`Q|WRe2StNH@z{9q_l zTa33+a*(l!i>pn$8~hF>y%Nu?Vv+{AjH7&StDE;XmSHn2wN^vl^`NF@kAkt zjMH176vqxRz7CVeE@sLSe4KGW20`*O5MP>p6b^DViGXvPVmfAe35%gJNWBe3zn%!R zUV!HJCci#9t(|5>%r#!0 zB%v-2)_K~^)=n>{9gHc-Pc|Y8i8KD#s?709@uPD_jB=eMbAe19{{wCn#JntM43la1@-OogR`MX zc-p^WWT097yV2?}!#*M6wA4J4ciLG?s3NP1)HR>!tR^XE6#+jk|G-Oac1AdI5E zI#@s3J4cU-?BOtHBmZn{_3IgxLIlk{=iQc4soD=5S7x$FiyI?|)imm>8FRoOhcI>! z$L&3i2QHOLLrN8%{-rC-gk!;KBs}ws?>>Efn#swW1* z@l%5TB+nM76?;`m&pHAskfwmZ@kuvCS&SIOko)2r-1Ge?alXpDS?bkpcBW8Zg+dGpS9j!mscf=kP5M$V3%i4t!> zl|Asdf_1)H%b$5whjl}_u;q?C99;FRqd*|&hFZEIcA^Y}<$>rD5?a7>x^{#igL+fu zZ18GPkFY#Hkq)Kgv?cXA)Umdf_Z@`Jr5yZA2mVMCmOq|yuDIuyK)1-Lg}Awvf`_#- zlPnxm5evp2oUb{NC@i=}wvW_4{6@k^3}bcRmQ<#?rv9DrC&=2Gl0)>>*saP)h%wZl z6PE6vT2Jdb(C?f;W^`7vdH$M$VOq?9f}wfwd3v8@J=jdc&vE1rSBtE6pW{JcNo%FP zm;%c^GW-u!w;=b;Ya5fdo9Dy}u_o5BCwFtcxZ7mrCq7d?pyf&z4@jM5gp{x|kkzj$ z4sQa}08>F%T;`~|(XT(gy(GRZ%@dHppX)@n5Xl&1HKhwEzfbfA*)}Sai=939MP8;% zOpKL#VcZ3m_V(v4e?bawjQvM#`rGngVBz@pO&n&1|JxU5X88Zx7yq{0iO0VC;;zzY z8`}8%=pxRZ0NN-m&i3A21v*VcE0e@Gx`$5m{DZYdv79LI(dia8yZm@I zr@y@qhDxlUKWnk0T7h4!IM?#-uYB%>K1d?{T0uJrYW-Cuv9Pv^$pmMdkB8byk4c#; z{bXm>#nFsj53->Cvx+xVqZ!Cf6E(zCv)=&UgO`iP3%cJ*W(GYPmEP7SGR7nNJ~x z7o#?k4uP0Iq0APG0?|ufxZD9w{4N3cV6QS>&C|-d_%ML!ygJz>e-z_55>#M!lvlrl zMEitmT=3h;gC?ZQo`fVaTR`Os^)(kE#D*bKs8ja;L=}n}A@15mgP$a>o@q1pXJU~H z^&^9_ZsB59!BgdlmVlj6Qkg+p@-mqFP6^9H!1eTmBnPx~?WbGZjBjB(}9Fn7GEyq z#v7lONOLYnf`!2h1k!Vb4G7$q`H@+UnbX4$15<-QUc=FW+ndB@wl%eu`%4&5W|*=_ zyb&DvnE_FEZp1Bvj@EzQwm)UC%d#y+Hp|j6InXfWcVUb$*2T$|9BLCB;}zmtxutIO?!-#e4?yM{ z4ILX6o@KB-{R#P?)X6#Xst4`4gsyjSaYD+75Kzsx>VcMBgOyNJP+o0I3Dtd}Q$nFv z=nwL)YWa?Q-)Cw4F(m>}Ym1SV$&U)Nml4x3M$k&bNa&uKC<2EC{E|+svk%SshF|iE zWU3Y}Y45FmO;~=loV>Xtr06aFQW5jUqv##N4zpRA_Y}d{fHLZk_h(_%U=CtgE~raW zn6c0%NoZ!NPJ@zXx&l0oz}U)ZX*bu2IEqxe%_9%VQz3SknYC0omY7vv`H35dMW5#^ zC;hp46#&@&lmTZZC4>@mI=x4- zcac8``@j)A-ZuiBj0@*o41(p@ce>E*4fD!0-lg=U?!30oj*leJ!@NrW5=$2EE1@J{ z81%!0D1M5wZY1&4-NH~Z{%pljS$$?Uy^Ow;!0kFjeq{?^d9+CMR>%fIB@Qn_XdaIl z0n6FM!O2eVVTfe)D@dzQA*sD8k)m*1(AI#e{{A$2VKf1vkh4jV${xw$Dty>+--PPU zQ3T3TVUV{%YVhIr{1DX`^iqyK#dfN@Cd=$@bf0!z1@@JsAK)$};AE9iPQ4Xz_sSwH zxVr_Z@_jKSf4uqrQwdbfWZ=eEy-6hHlI>N8iA?D`x6Bh5k9k1xaa|v5YlX#cOYOtf zHT^#wuueM3m0O!Zr09Hdh&au6E<4_6Pz$%G;`EfMc*-UGnc*FdQTilOXPiFgTapE_7d->eP&}Vq%*5-X*cHNCswjUp7 zr%%5YzXE?vyuR_3H{X>pb1(RMWPNFVxz(9(&un=sA69P4gSM@X41rN9EgFFab)~mY zQu$$77{%ZrK#9qGsD;yD-OqzD zj^x)+0*nqnOcqr;+ZP)*l4EZFk+bpSs3OqdujoWyCqDI?5%Gu9lsU}Q^Ds6H{FY%e za5}%3C@2t%`GTNVc@E<0xR0-|i?(Q6S|axiBlVE9N#>e-@T~{e;n3+ziB}a{; z2@YdV9<92%vWYmNfp|C=5etSlXtcCB_!lBKa2RzA*mU zF4P|`GbJjc3JNKhWTMsGqmLdxXLHGE#jidl@sU;VQ5X$=z4ZkJXL!E!hag36IA7V4 z-5JBriQ;4L7-a^D+gLn|DFf-MFn}mADR7gG*X|ze%gy@rlGjh*_nYPFpi5trIay7? zq8tJisRcglr_xwZM1d_WF`;nGgnNDiIQPppN}I@i88n{N>w%-dB9=f$#ZZ^WEY9mS z=rv2&94R+%E6BfLl19;h(k`{~S+2f}wwqdoLKQh>QnyFI#W2cnV{|GofBW zCsFIJ=q7IqKn^WJ6D|R1*kZTFP-I8ut4XLx5Xe?wrB(qbuyB6Kb;RJ(hGJq9?4pBQ zaD;Q>(Z0fK)u8Kig-;PGa$w8Q7*8^rYHUpaqCo?5@ali}DTT!0C;&3@cf!{znh5!2 ze>|8g0qOqW#rOJ=_I+nQK`lZ5@Bv5!&;+%S6)Hwe{hq#@To47dy5`uH_9;!jV!9)H z!#OiXI11#J-1WM)cwb=mPmCTu{IsLW8!I;bnx{BydL1b0{PHfYVz#!x>0Dlx#OVw< z0&6zGL&A408?hkkVQoK;N~up@)1SHs7(Ta=Z3|Rnzud7W$;(m1KFe#vVQKp8sfOIoqNvzVo26< z9(Wt=bT2;hm+PszM9S$aOo34+js(K6Zu$EDPD`b)J7dPC`u0v5Oft$t4h-2GK*Ykl zG4WFFom7c-?MR$6mVV<2jA=OGqmP_drJizhiMb=1%E z*+P|i45m#HrxP@N{q|wnjkJ^#nhL343&J;dB+%)rJJ|4gi2)Ru|p+iN7Jy01|1fH@m zY1S194mqL}D=P^V1=_^dMi0VA?DzV~=KT5pO`V;D;Ui8>IFHQiheU&RF-qNsIfC8d zj#GfI`LMpbQk~(0b~|g|^m=Q3c__Z%yQy6DdNaR!Zugz!OQ{4F;mP`1{`6qh$|>ga zKC^{)yY5(phkb-}H+JuZIdzw+^p^n}}Ef@SHCZTJMH5zlp`mP%=#R>5i#MHHd|h(a+x0`6O>C{%Y~_pBW4sDxk4 zg<1y~A-FK`a?knPb$c09wuak5`UtJM^y93b7(KNn#N?uXWYn9%j& zuV?g0We=wHxoxjDb#JgkN%sNJF9!IX#m0$~IUr>P$tNWJAu!Put*JfFxs++X1WW^W z-vvBCr-R32F@`0{brDo*IG;Qgdyh_1M6X9KWw@j~8LOn5_%*q~Ks2I*ohsUeTSf&?cMhL65I7Z&eS1>q+{c-3)}OaZxvyF&}K) zeZe#i$<=bSJ&fTt;8u_?Ws**$uPT3njvL%A%Q#3UISZJPB<2U0l2d>QnLs8!t6T{5 zogN-fVU`$XjAc=g6{GyKFFGuZ%C+tN{`%^^=2p>&wm@6xm#SH_6%@H{P(8w)N0eZ1 z*ooTJLl%43&K4jdR4_i{wfMsLyzkg7r?hls%WSkYu9=_=wwNyK>?cfP(`4fCmXBtl z-Z}$HQbuS4OcXF_Hy0qc;P&gfQ=RPZP!Gg~ipdpynVOc;?AY}cI?Z`xtKRP0p&nD? zD3xAxjmA@na%&aUq+3Pjgg_OpT&NFnf#igoz~j7OKgL#=;k&J|ntaVNH56K9hGSa4 z?y4m;T>{eQvv?opjKYX+tX7SnFG5X5CpdG3k?yEed_ZPQaG~*jJee>vAmdhj z^KN=`!=P*hF+ZLgNgvfVxB9dipzfcS9hWQzWH5 zVV@AS59hdo13Wk((ryRO~ zpwK~ZK*NLw&t^PC!2 zPc*N^C-RjVt^PUOe%Bwj0&V_yYPTtIDp7<#@|@mEZLvJZOiJT%x4v@hX<<%6?n!9L zhhuGQ6G&ERwA;BQQnAKv5fNvhkiV_oy#AP6x0ZjCC@PR+;I^ z20i)dmrJyrG57pCE{D)w`%Gu6@yV*^!-<#r_xBS{<4keNBaMsknpfr$ONUFR+uTuU z=}z;t9Hi93cUD|k<_nErGs5$#2f#rd=xYQXtov1S!aJCX(R2)Ybg6}~eD%)^>I!%T z40J8yBBEMyEvNkssCtKOM?P@K3^s*^!JiaujmshW z#;Z(AtH$@(qP}>ax)kD-Zv0fT+9}raspUjy_@T?$50aK6im% zJlmV>>)!w36~1-tY1Mwc9$nrT9f8oWbZ66bU3hyWxql0j7v?s-6Me{#0_=3OE_m)U zazDfe{&~qgeoWG^Kw51*aBoP^uaDQ;xyzI9@Kg~*fm@7>Oo0V~fg0q?EUBbfOUUW3^Tx|IUzZ@uLOU~x3~;a!sOC2AcUf5YuS9RhWoSe@`1 zAb#2Yd0-WIV?{1A>Kou*!+nca%6f?e6M`u z?QONgzzk6iaqTIwZh=)t=mswvCTMaAPSnDn495hCO(agksY4X5T{cG?OKAp?@P*u1 z|Mu4jiIO_lT1rXL!Gm`+d0Yzg@c0Nep!F2H1-xKFUKzuTBU@@z_8AJLnQNWIM>jGM z1qK-MZ)it_*Dgwz%#UHR=kX*?)-;a>EGQDZ*Dp{e&9tguOcI^VfjN1F3tLDUaNPwy zB;5IS^@L{jviS^J0<+!v8{RPi29EILJxhHRnO)C_7%{Hw4*tc|q_ohSYiL>kN-i4( zH%6-mo8E#xZNIozoCJ%qR$R$Ja6Ge<8+m#i!o7p#KLmP3lFugtVB0WN9%#|n-KCY~ z_B&AB5*Tt*lo=dHqz61IwvvEnO88&{Fs>H`^qM?%Tx2V%Qx?+UN-3q8h^;HMWxJ60 zr9L}T`NBbAD(q@7W#vitrY2hySOMVX?o&GrLg$a4Y6C+u#^pq#`K`72hK-0z#W zn0`T@y`-av{d1Ty4V9<7X(idbO~LR7=Q3``FMYw3cdH-pc-A=)IwssMMwZZ|M*0NJqSl8GU_CAL&>RtA^3dZlrQNW{ZA1NMj6<2O}?kz0Tx zD${rl_zJvHr2yxH<8kX-02&PL0{k=^PVu3Y-sDzv>|evFLX_lb4$R*^b@9H{5KhFr z^*2F0xo>nEKBb@>RnCs=B}w|HAK6(5pM-Y2t0QrY&H55|L>{Ev zeC&(hUT80p5YUUS(1A%*&5?4}o-Ue^%qAbGtJ#7ogo@0I0GR`6mH2%u5}`e-x65v- zEg-m{Jh5Fq69>$+iB-G=#ejhRDUq6EbHxcIi$SttG2Vu-8`4T4xA#Dn(nU=qt;4fO z=eBuzWbo|#BJ4m~1lWF<)h-839V8}}Jt=DD@9V*BttDw&*62Qjj5AhC-kRq!|Wp_VL z&7mzlwcXOqDhp4rGZ$;nPsq_>m_JF4&2!Ak-L^7k?pwjd-m98G|BU>Avs|md`8g4|>$$WpF|TciHz{A0qoW=6 z!Zbj9v!?Gpo^M;QOX5$Pw{xlzr#%YQ!#b?W9($zLEva1;lzN(Y(_0_d>M81uCWdwi zltqi`F)Tr{^oDoO0{O~XMTt@No6{+}4{vyYkE$y(hc)C~u^c*e zSL=sKHtb$>cr%B@BEu0aVqJMdGw82t`khD7iPNZbkO7h{SI?C%@Y!>Mt^XuL|I(I! z%}6Y4|FGy8|8LKoneo5ux&Ln=BDe`TIri|F!4~beyPPYMCZw zotiMZV~r#Vcop#^-1`yByy3r;{XVg}N7XBMzr3Dbf={oesmi9jaVMAjQJLp`*vn2| zwI24u%StNC&+xh&@=kL5?5jEDc|v5l3rVvCwNLr?+3I{@WI^7KBkJQ!?ku0wZ@itDUHSOu871xf&%7Bm?H_--I`bsed;M)Gz_p8Q}p2WXx?w568Cj zR{CvLY9F~vytM$6`gfjI8+zl^3qjMqqX-8tl83jRE*Qm1cP$P6z_!j;8e6W}p?*-J zXedAqq)**xVP6AMhU>N@ySzohs&pme@owH60=6IIpJYVrm-&253l^(0Q6plf>=x~~ zdwyFjs#-BqE=veYBZXf?4S)KzD@-o2ZfJ8Y-4CmRB@Y>xo~*-hcG0>ba1t!*m!0wK z$R$?8aloWt^_&a~mXLyeJEC>)O6OIR=dCr@@3;bECy8A22G#D2<7^r7>xw!7r7_39 zF&U5HlqQT{eD%zEv!EDVWqeZAxDNym+;@?iT-|>G_s9Ji&9OX**~hO^1{2P=_dV*N z^e377h1`!=4B&I7Fx$e!4Vhu($00zXMux9^kasQ1L$VI zlIWStD+V{d+YF>;&M74GQlX%hBPu6OO|@>K-pG+4xE3cICpq_q1}c7^^jcaJ@(5GW zANIgwe99GTwdbi9UG7gtJGrnwPhbodw)*Mq#W1h>18@ua3 zJS^zyjYdrHZh6ZN&9ApIJxa(gAmyq;3?#$m;?YIdF9rh^3NkPnV!w;pT#6gP_0^q> zkwSbmTUyn0fJKTfv(ra^`f%kgxD=z7fvcS_ULV*yNkliUdEeB2p)dZ zcz0NKbs28zM5XVq(h4lH;41dN&=T}Y0Jc05=)Y)sMVJX?L0kLte}!W=JJ(#1~@b zCmb7_%U&I5>clma8h^-pH{p9LIA`}(5T9sKjZfctBV)06^2xk%$NQwXdX#+vZ)rFX z|3@|W+b{VB9R3@d#mxA3j_aR8$$!^FmkGc7-y6a7n?Zh8uoh(xkMvcL{-y=z2UKdo24Q}{V*Ok|2?lTv!%D@w! z^U&QSRoW^4g^cZI<@3z|3UkwUqW2e;O5^l)EemW4nsRAYW4 zd>2_$ZPrAxIUm$i4WksK;AtbkjII;=-)MkheoU7<`hYZ(f+5Or0C`Th)jF%=!DbSv za2ig{)g)fZp7NPdJ_0J_RLqU8l6&5V}fVex(JP7~>g=s*}S!8RZxhKQGr%?owvk z8RYuySft0IxpXw@)1P+_ibn+kaq-7V3bgZ<)y$>)T2sGGiG^} z4j#RTCHARrafETZ#sfc7=PU~JWo%Oq`fw5$z@bPP>-4q7RTyZMlCq;`NcPo{jJGky zV!?b+{7G60EEAH?1sSk2f+csAitd#7Jqg7gd-^>l06o%iXv%`0FY*9}1Y*Jgb$nRhRAgLn8%+C#o|(!|juNj5F?>AKg|$5+rMCn)-izi#|J2*QfNE$%@% z`5es%hYU+%Q0)?L$&{GNOh#$WO*Zvh>G%kmA}A)!zo(lVqnA!E&T=Rzq&K`F6AXAQ zF2uex@6lab8H;peCWAcM6^wMU!-qBkg2PpaFJ3E8DhIo!oOrZ1t=LPt;PuF#;~M9< zP{W)yz%6c8A0&K=k|8dIQZp5yZtNGspl^@z#G&bQ5KY`p!p+O>W4c5t`Ws#S9@ram zb8ynRL5GB5R});GrXS|5oSjCw|7``X8u&y4e~DpHm8vBESy`xeGr8}ufzbezLascW zlzb|rYVJ6 zKn2=+ohdUDO?@LG3*nRR+}?610hinc*l@!E{sRUbkLqBlRY*9Z8PApcb*vkbl>$de zoSn6J^=a9CnvrAmecDvxHc;l6SG<0|^Z!HHI|kRfXi=N7Z6`ZBwr$(CZF>hhwr$(V zj&0kvZFTOsed;@1eX9EQ|5dBjk9UnZ-#O+pCP#bI9aCpk&=C3+m$bE`@EA9TEJY<6 zvAqZ7u=+Vyz1QW6yAQWp+L`E#@yDOp*fglaoO58;0&T9kp`sX69jby)rkRc=*^lAG zV0xaXs#CZ`(Wp7nN-mgH*lzX*={`=9 z)<%?tBhsa%+`cC>Ry1N89)4l)G%FtsN!ixHmZx;=;$ocQx1!=D6(n3V{l?=OVNVWb z?x+_E?s%4kN>RtY2Cr5^>LYde3oQYue&&w>nZR+e8~g3^-mszebyB-WTQMthPBS7wcq;EZD97p|i67YzW$ zr8Twsp@>9P5A1upVK1J z^6J}z_cGgx?Rz@Z*~|lE4?)-()VqXU|MXSu6Rfr5$7_6hCy4gWf1AXgAlMe<;~6tW zj={%28?9O_R$BQ*n6rp_eil)<=&Mm0>FdGLXO=|SS9C`}S)5Yz98H78+Drqs4g02= z_jPMM9JJ75iHJEn)|k5M%e#Y-3?3al((*d3DY75xnc6F`%+Gz%R2A(EkX~4ebhcfz zG4r*BHPS31C%snU`n)LCBR~l0ziMuHgUB1U+j~mCU>7x~S+=83&Gl?|AH;yh{VV@u z+$|X?+4Oj>uX&d@jqp+QU+c%;)(Sl{-9PKc-@8`-tRMdyUOp1_m*Ya|1V<38Oe75X zedp=&@kcWt%s#??66o*`zQedJS!Mef5pg`ttowT=te6F)5sjDATC0B+5LmSAUt1sV zf;X;iWnojlE@hUq^UX?t8(9Y)ns^yy2 zLB08Wh~dp=tCzA}s+Ts3V~M7}UAX;H(fPU*WtoxHG}`wt9gON|i`BS>-log1YO1cT zl6ap~WZEDVSdo)f0ECs**dN3(1%_vEImZS$!bXJ>3Zz~!3~n*8<^)RS5jH2AF<9SG z=n|;h{*sp6)uqGo1&(&boCURJdlX_|{Hz^9cuHw>CxOBl{jyY>L~Z81c@xaK!7QTC zd07oMnD@8zAugD=wtXgMM4~s9%e{`n;vIfuVV!btRHq6p-i))v!)TFFdGhsC!93%s zdsB*J@@WC=K!twcGL}ZT#G7Y_IdM6+Zdd&H2rQ#hb4M(J0_^IH{WQnK;*Vw}MvXL% z0RPed-^o9YjIbu?L>Z81Gd?RISK5y?ET0yb#&=~eBA`|d{nymewbEp{DMu_2G_+?H z_o;_y?l>7%j&=;NtTngZQAkQfJ+w~N#Aaetnx5fB5k z{!WHGX2+`+yV52To6;|RVIklyIM~VXmxwS#cGA5MT>EXDX``q9eSytLoeXYf0cxb~ zk)0?!PeBETiDKcQ4$MTty(t${6SXe{K$|~;i2`OXRq+rOluVBg!xaZ?sF|Ed=N;!Z}p0kf!|qQ;ls@2PNPi}OY>+GSnQk&Ejk zHMt7scWxE@N2tT}ps!qDyo2OmDp;OC+KOrhlQNy_QgD+mgkL)D;hA1~fbOXN6WMCrP|B)mdT&oB031 zC*@$D!AxOVi=1H6kZB;Xg zY#qu&QKYhaavE!_Bn5Q4+HkP8sw(3y)~r%>no$gTnW5e)(5#{#^TfYQf-fJ<5#}nR z_z_$9G}41W^!dnk;4#HlPQLTW({{XURC11em1p?T({k8*qQaI8ssbtMaLx6-?*D!+vlStlvU#@GM5t$HQWEVlfN6ik4YX`whEjLq>rV9~!0{ zFW&a6PNLhmr~3@(L&8=^dJ(tU(=vMKEtIYeKy5o2$4)|Sb(O^{^pQAa^1C+#d6}ck`{GN}%cRg)=A+f!IA`w>ws>6@l38MXs&5^O4w87?R)H(w)Grko z%exe{cDx^+avi7G5J3+>`aXR!kaVx|KZJ#zIpR*n*Z?TAb?T$!JB9h(}FXa&7l7c zF>y6{j-iT++lw>=#|DwR&tdDc)!CXx(lq<@d~HU2Uh=o9h@WV#mhJkSe@DIyJ6zM1 zouZYM*_MNL@_NaCc`3l^uK%|52W)D%A-FjQt%!zY^n zv^NEu72aO?-U@zv6Xi|dt-1RE9SUqrozb$t2Q4v%?v&h+TXp(!>}^7klwXHr-w7C{ zF0a&RtGO)GRkrbScaxOfKMsw-}D0<{Te={b}O{u zMU9Wsn0%f5pM0}|T;cZEWtca!BmDBSX?0G#rR7=l*HW!H=a9L8tm>2a4N8DUH*%!= zCDf6K^<$E3zJ0|s1adKoWi51Rns_mfKtBL9@#n^X^THg~AxkgEhCKD4oWPP4o9X<> zCqpfFT1;TA4uaSl6u`$~Zl`m$`(gZ54zMZ;35mgIl78ToC?n|PUBQfgMzYqW8{P(P z+9ZHG;OS+OlJ(ed@m7&GvNQs2hTggadn68I?+iik5xSO}bM!1c3DH4^)0&7s>mW+TxiEL&P}u4w4FdgXV^HTeWt zuK9`*DJJOrd_CrJalQS88OyU}q`<}@hr-g`2ce6SCf;7%t;Xcf)mbonF2|9=>^M;x zS2VKIcV?h5i6P27zd(sAH~p}?X$h%DzYp6~j@L)(fW+NWn5ZW3-0*tHUV%xOk$S=6 zcK9b+P#@I8Q2IX|T(u$!rzie4V>fPuKv)GJFVzW)2F0dmya+RhgEhDJKQw~g@&+Oc|$C1*qBuZf^Vxc#K^lRKmlj*YY^#jJ0A7U!gTn8 z;cgZN+Qu|vQlU2Z5J?xDZh&3IYr}~_GBbNTCN;N~-MkZ+5v3+ZtUd3Lo~%MkS?Or} z7B2)(-H+KxT@pD-D#$Sj=_2()gOpJJNcfg?RB@-$(FG^pd*tz_gxje zp=SbzBOua2;jS=b%jCHc_@U6o3Cvw@wptr#t|PFFKV+o0bpMhx=p52fzBSjyR58@4 ztdpgZLT~LiF>l^OO1^eX^vtu&5GZc~_(+pH&LG(=B19u5HjQaIgeigI!8aaUbpCzZ zxF(I&+DzvC1}&khp1@UC^(LezOQdxV^~@81^_c!HGWRE-00F@X_1aUmV#7(7LMnJJ zWOGWLBE5|bmuABLM2j**!0WxYwDocWigb3(Si8bKc~(6kUV)yp2cX6#uOs@TWecp@$KK zwN)2sNEkn{B8Ch;4ae&`ggNnCs-*F=gr|;NNa1_Vx|D1Gr~_q{d-8~9{L}~5rnVf# zl^dQ_mk5;bippVR*z62UL4U-y4qlL3Wsq4iuqZJ&h!QhUTVteuMi}MfVT&zM9xo;MI@%21MDQk{biy+Q{)>=+vRl9c-$Rl$CLN4*#11yVQE^zv-t zBNDwNL9%0mNHV%#!^;FON|Z7$oPNz7EG|P{b-QUxyyc_2zu3+(l;tg`VD$WX_f-w1 zwE-*rTK(q;^BE7pLrWuL)UKk7apjWnA4o93im=!Svl(26p9`+%0qWMBcc;u)rLyyS z8p0+K-~n5pS-;Ko8W!hU4NV>}379y~k0{qt>%6OF!NcN^ybClG528o#JAhqAn2XoH zFHES_{MJ5*_+FtCUccA$vPE#kN5}52EAeFYovOA5h>fK7k(TS@OW7^2)l>>?=hdhu z+u7*k;xnnMfd0e!_Lvi1`I~f(1*J=9vo*R!I?SW0K;n4wp!h2;1;5t4KKhbAd_vP^ zAn_2^%6RCl-aUY&co%-9-ESoI-8-FCjvev?FpV`Pa7xK`wjFSvclH;HE&O8pfry6X zCf(N&_DA%5yZ9#)uH~SYHh?HwQKPr{CwN}0M(@AXuD=S>Uw#YAKh8-pG5!lH&-lNw z^8ZC5|C5#SUAu5j0U>~P`~P1^v6m4I8YQ|$$o92AwZkKO!J;ceIM&kqm96Fbg##)BoyHb>>H zmM$9+-&b&dh*V;ygnsa$WCay9)BS0EO8UA4a36ql-vp!;oKU?7!DuzM_*}bzpH+9l z_M#mkq;de6s46{OygH5esiLI^1&nK80X>fT3aQ$T@>t=pKtVbAI9S$nA@o*pu9sC* zVP=V5g&rZabY{S66Uas0^;sRK1iK+{>OJ5{mKm7ES3ChC~`w9&CRgkI#h}X?qXnu!${6Y zWPCV%hpjf}I$O(e1)M7CXa&QPREDp&H?Kl9v_=on7Dk=B86x}T^(YLscA{5h#X^*% zm0n8&ZXGFE+<IdOFh+d66iq`R?*~$ zFuIKRJz`>=4wNBR4@tC>Tu_PaR$+xlf_5Hw44l*9e%LnlYD=Bf07HKjR_hLiW3lQ2 z0=hby^%0)A(_bDqxP~6w@pV}hkhL8SJ`qE)W|_ve4z%T1cesbCZHTUbEDv#T5wtuM zorwxgVd_IcD5Sp=9`dr)lHeC`*gdpykslks-Y@5!=7mon4-$Cz3Xf0}mf6v-Z&XpoL1IP2SgtJ1=AQb|qe?uglYQAJT^_JeXHxa#Bi?V; zh!gVyfX8P{g9E(Z&TyObge@-`b*+b4Jv+>(T=n8Cr?DrHjWI6Kq|VnHL&f|NUo?J- zU8Od0p3xWRL{ZCnEEg1iA) z8LTLub7n{T^Bp>W%d-|&jd~)4;=|r9VIGzJBN~eNnhCFwQ$qcZI9qc$e?U#4Lz5L`+$}3!T zCQQazFV11id#84aBYT>cFU>eVoUH9!Ap0DOm!sE(lUo4|4BQQ&LD!9HD&&ii*IFEs zO0Rzd0J)NpU|Wg>C;5IV;GKHL@E>* z`kgE*qQ^26w=%4e++G%PKQZrVk~joyl4z{(l%@RIJW0`W_H<OD{nIACTk^CBfwyS|W_9^`Y?Ve`?{nxtnw*^Gc z!tjsD9^>CzZ2y?-G5&8TzxekqHA?5v_bzoe4L-X3H!f+9gztg<7ht39iwEUI^YP}5 zjUJkC&H-ssL3xJ`LHu|v0cJM=R%Q`&z!U+mlcB zA@j%~QZeyu0mCi!Wfu9%>GkCyI5>GJSQeVU(muEbyT~mC&7Z@T5XxdB^fz0!UDl8y zmj+wQ4hEHXcK00aQ1~>28xO2gpsjC@s7cOM6c5*AVDt|hcMbS*Bz~^`4Z5JdX)&Q7 z#oYF)0D%j?g4^7tZ2C5?$e)~j4-FnnS6ygg=LBA2(q=g zwB3>lEw(Hn-&le{fGQvk6AtbwLVkF|!)rHJKw~t`wNxw28$M|6lb5r!z^R~i&~MON zHXcVFS-T(92g*lc&{3G3mLyo-?Cxq*qJkBqoO@ayDBU7xi(l)Nk_ zBd@jX8EAJAA*U#dY;EK0H_4-;7Po536Ro~-`LgVB%W4KnPQZMxaaNNii^VF|ds(MK z4l`2wF*y7Hq`HShddKXgkNfMl^qxkC!uiVp`C6;a{mAjHxjpFgTB(9|0l?`*1Im!3 z{e$mbVmp`QQuL&eDGeox?Z4wC8}?;EvJogcp0F}U=wlR19c<79I>KL2(3Xke@DagH z;|enTISP*}+Z;ztOYd?Px?NG8BPXiCIv-$hOau=hpd@piuyVDs6jIO}>x@nGIO}6sW-t|Gr z{vit*8epe-J>)FIj(7%ZXa&$jk;N7}PL77ecE2JN^@3Iuad6vEhrkw1)z*gOskNX? z#57cf5Nkv7v&CRE<@sP;yQB&Y5BUr#j17veej`$@!MwSL*!msrEtnt*2cmgOfkQn0 z$SYJzmqy%Y(6N`YOz3&GY^Ug#|Ie-CU&tS#9hU6L@Ss7TNH3ZdmRcg{j#I5R}y)#a~Mi!jgYr;@C_16 zs+{1l15J^FBHdE(MHkN3_^j9hEyH1-i2rGeVB}#mS0U-C7%SNO5?pTScN`rS3FR-i z-LbHJB6gs|4_=tRLPqHn2_6AdduG1x;9*S)+e(zDDVwL!)9+aLBk!D2=c7GE_o@LG zvYE6?&;Py(d6|lv(>fO-px5&gvHs(JCIDPrYZ>O>%f{|}ZHRAq>lOSo;; zBT21Ep~Pes*1kki6Y&)D5Zc&l^+)&lpc)OXv-!5eX7C(Cm(q94EfpbB}XzJ)s-;1i&a#Y?5 zan#<);3T=uyQ1w91*`Ke<#Z8ya|6rt@F-pu=X+|`f=4&9VGPvmG6bPe=$GoURD|K2 z%vyB#Q9V(r$YlkIW{wKSy}0Wp3k4&V)7wB#OGEmRh*DVMXom^s)=Wal5f@y<)?6x` zSAda^Ts-wh2U5mzS942Urd#YV;Bl5wrg$Ybcw5?+bv56#m|HvZnA13v@86ia1)__j<-@`}+(e#N19 zUNnYlpBbg@{NL~uwhdv$Im9itlyACLM>i7#eKJ2*c6lUXo9?O z3TtZbI73}?P-Y!++Nd*`tR?6g-jc5rl)6NYzZOU9U^lE+;o0tvE0y>y&bpzjq@CB5 z+gW)p(%z~SYYs0ZIqNmER+utu&C3_Z)X6L0GM%&kd^YytwrTm-+#VLn3E{53`Hl6P z_Ke|qE3$`(x3G4XwLq%8NqVzY%$maiFmD+OD3wo=E_^Dlfz8bi_Wo+O4zNG2jfpl} ztID|KyZ>5Bu5Rq?)>}FqYhHasy=i%NhJSgduBwB6@7j<*L7`{~1u^&F<7kS-H`v@S znf|bg2|4_tnMeOH~ zK%g!dE^FX5eZC#ZA0M#^Ms2nGMAEZG>hj&r`S3nm^MVSI>V3Cc1H6)byr|o=tbg7= z-*%7ilYR}!PTam_hhL24(Q_>XaOwJJe*S5e+-~OeF`sDCl!s2A95V#1G;b{e?faEp zR<7X>XJr`^{Hl9Dzfc)V9OTAe?L<=TSJv2_eT=7XiU)-LSij6~Ne!>A9@O+RRmh&w z+wq-m3Gi%3)KRF(B6vF15>^e}SzJPMtMU|$Qavn4b)~p=v=!SrM;}!UQzwt4yqzs@ z$pFW&P!$7Qn0mR^TU=RP(!3H2ttsr4pd74X+w!J0g5{ibJv=n>c*N)Z;h=cnZfsW* zuBz=2;JtcqfwY0)2mH{eRTauSj-Uob~-p^^ZCs?u6Tp?Cg>pb|_7R*+)=xeRZ5 z;YZ$XG@gsfw2C_)D#Dq_(O<+688#s>1e?20v^j&cA$fh8)Qh0 zW>^R*JzK^4Sr8$k^h17RukZ8JA}*8tQ^9(LJu1TUu&boL7hTw{lda|zP#YEvmNLe&sr z4dDVR%dTjFY9`1amSA^je0SeBMCGv2Ble=3D`H2<2l6P<+|BzYW?V{o8NnBBslH7r7SzMawcl#2xc9r zJRepjK7f)aWGV+t6)*D4cxTY3!hs0C^s83b@FLOG=l;Gk+OLW!jz6WUc$fxmxtP37 zg88Puif2K9=?Y10E0c5JUjm!wM3Lx~_y= z^gP%^?o-Q~nt(^~*?dO9P#N8DiY3v`1-UpI?P*l}b!cQ<(~oj>)uSqB+inYX@uz+ZMW6Hm>%~$fX@`$KCOI_v@89Ek zCA)puPNuXF=q@T`1>|=*wSCX`+gL%Dy)n$%Z=3Z)bt#ED{HH@N*2+7CJa(E$A8Lrk zi|mhm#?a5(S=UJj9FGXMFk<*3Nf zv`01kt~`TI_;aeX5~N z-B|8E!F4wdM^o>5%ScB=p6E|I^kMNS0TW+kitsqFwTGOpE?JgvF1mBmn!vMf3@~mI z!}0eQ(bpTULMy#^j7vZTT|dgURKpFFtOdVT`)lcF^XS!_O<3SbqEhtdui+6V!jh4M zHtbdtnPOi=CZQPJpXe@hNRz-$F$nY3C_yr6)Lyc66Z&Uakm8Ruj7SbvyQLJ87H+Xp zAzv^08l|4sb%P_JI{7|Gnu`0N76G{Ss;UjTsK0=dOq3}8O|k!y;lIYIj4c1K0-65a zWBkW!DbxR!`|y7jPV|D6sp60bAZj-D1Z{vZQUqf(O@Q_h2pmVQio?PSYK7FfHv>h0 z>sATX$0$3G@+w*6-kV>W<=#yJp;h&7zGEN8Xa{(2w3WTSEE_q$Wlj*c1QvCOH(VE9 z>AHhFYRjiO(K=^PTaZ}}xJ2fE!Z$x5LkoCn61T=K<(buXe)4kY4{lyOU=Hl;A4l? z0EH@Ej~thYwB0gI`fhsV9%Q(gFwRW;o5067fYe^da*Ng1*dB7&_bA<;6;$pF`rMHj z43#gjN#+^aar`LBx2||(b9N#LXOW0&o1DLcV17;yM8*9Q@w}=O=FN14rr=j-G~Zj; z!+>J!V|1~P>}hZX+GI=HPZ=+yOKxp!JqNbP=kr^>A|913pgw|x?|dX8np`8|TC^@h zb|WO&q@FY)$2_v6@>PgKly^KCWhI-_}wHZNB>*!y}JpZN)|D} ztAVaQU{wU5G*}leaU=n=zP8vitbHe?1#kam^M$F2t)*%CPI!CwP*Ql?s12|`6}&5F zSxQjbHustjX|N5s?2m_o4Fel2`Je3l*^Y$GH5i(SlveWOFh>9hPb6hv6hN{)C0#0dANqn3h$92v$bM}#b|(~K!T8Z7bmpHVOg0&F3WVpbD+1ZAUsA>TCf zAQks-zdAmdk$xjMNk+NV0VhJEAE2&)Td(<ar!iPff%^9%}H= zwvr`hg!t=82uk>)cTl7GS~BiB9lRsX6dhI_Mv|qJt#jlDDTT&fYSS{>g0fGH_e_ST z=J)fgjHh0#`LLTpvPZ6rt!E(U#pI6j2R*@*OcJW5D^O##@w1vW3n7Kz^$P&X?J-T= zaPuDY+;A!>{%!kfXq*A@j767YBVK**)$hGDf78grP0je>a}v?TIDLeM|^mlz*y zzzn0)1+H4Jt)qREbEf(@Q@CpMvPOS~I#MCr9!{;f;0WcpCiou=Ow}~xrN3V<#b*b{ zuoAb9@t&IacT4zCpUMPmH*}K@K0dpq+_yaAm$uwU{HyZ)?HJM1v$Fi>1OMemnf~6u z`=|2#Z{Y@iE1wtKf0QrmTlwr<*Mir<=wiN=4^0ma*ofxkL&-kYC^X@q;{pcE&XFpt z@%pBNV#ES=>=*hM73voyKyp*>!4off*Jr~!TBq{Z)i2u3$8d=oCFt9hFTj&tt!Jy&+w&Xr54M~SeDktC2mn|!8yE$#(V;gjyJGE}Rf~?r!L2o=PC&;I6pI|SEkk^!4`~W!A?xu|=WJP2 zu*-D!FRm+>C52s#{%FUCZH3R0WT2-Yz$Kno zI0Pu=o?r}>(`rN?OsJahmTY-co`y!8$3vdoa?r9Eqhxa;E}z7D5k`iJ<9M~ zJ?a?-jS?9GTAwNaE=x~rMt1n216X=Q>Wi70_j<{uKeZL9H$7@3@l|_Rd4vY0Wvud8 zT%x9E%enK@b#0t<;tNlJk04HM%UjCTL@_FM3K^-Fg(S|&kh}1hzR8t#cJCv>fULYv z@6AT-UXkcrf{7T2ymL96AJ0X(nD8gd?e2zz)N&+E8S=q;@UmeLjW@SY{T{m?8Req3 zA(D0UlQ&Vj;6?{r633}otbIfdndWP@PU7!X7KHfcG-HyX#;nu=8cJh~6v)*B^>oAT zibPfY{1GjJel0CINi*jBq~Vm-U(|jy!L4ixq8NpubS)ydKR!|8SXJ^JW`WD})@if^ z#qmd;I*MVPGA{Zu?l|STR5ZeA_dVWY_9?BQcd10bI0+zBEw+qoLm1j6+m)vF6k;l}9w^wu z@tKR}QEcVn<|+$d32qOpF#<^`p-Rjy&^N^i+BLe?$6F=V-Rm`telR>)tqO1|oT(n$Pk$^g%@VNDFzA;nzX6Za zj(q_*S0Nz&t8)MCnb0$`{3EN3>F=$!e<(Ne|3?1*a|OVZ4M~^}L67t18@Yt}3%RTb z25n9L{FsCh7ys^ALoe85&;e0aN!Vq5wqUI5{dTt&cmsF-Z_MUbmCr}%GujsOz*CoM z+ukU4)@ip@3EQXqyH}3?kg@&yS@WP0HPau+CIQvWce-=4&H4hg7R7Vex13y>fxE*qp1axCaj2MHc{5@QWZhtO!94Ieu9z+k4)!Yi@ZU@%o|!%b2R7RzCJHl z#>UkfE}m&7BZAWABa8eGPRIuvIGaap)hxmW@)bRV;)0!>udeg+jsLYZ0; zrJ*)HPQhzK$*r8HHK>m>idsqAZmD<%RoAJ?2-F%iK+^GuUc~7#V}b+u9o0+~|HzE> z=PB?kP1qNk?*jWOvmNp(Dl|o@aZ1LiI_&6bwAl5X{1gy|BAmhmasu&`4FAftlN5hy zMPb7uaYCluG&Bx&?6f)+r8YAKu1$ckVjK@llCwL-`F4?oS=a0nY(49M9$V1x4m4DTYg={!JRb^N12t zz)@#^N zGC3IZ&&|G{ncY;D{q88jerz_cR3^OJy_*j3PhHIDm72yh872XN&;%ez7bI8-_uW~n$P~duDBLHx+U*2(2 zGTvH&wN#pY2!}I5vPaXcV2P$@E;27&+wfL5OW9$}*}zy6rWU2R9p7vU!KQ4#zGH(E z`NB_*pRABm<(P1r0;^N)#Uk@$*^B(`(n5l(N^dl-`#u&EaT8q#hA!z1Ish`72yMh; zqCa9I-Dx81-TDB(!d=A2^u^(a&GvmPB1BAS1M6V>kq~Ww`qlYmA0H&oM9HKi zNs{hkIB#uzr{x0!`soh+TV41|?Eji&FtPl@VrTvr6rcG&^Ns)SxU&C8hNXNQ==bz_ zeE*+uWiGUDPm-tlo(5w#QW>dIH5lEC{dLdJCD8>)je!r*3(bwYywHDK@Rqi^s(ikT zKXhNeZ!>kd1 zTPjn<3(53*R>t-A4JLxpbkV4RSbc=^zGVxFoc-EZi`{un@AwDoT}m+^tI5K+=@c4y zPXIaY`pz(4`Aaf3;HU*7$b5)+hvze7u8$zj)5oPNDQ5m0!`~z#E)#ar;Q)O|54V1r zE$&p^)2sQaaTC^H0Q9yW8@HeIG(i(Rf^7u_Ny?p2%>@qi4BvNEQ4;6W?5oYi0aJzu z0FesuWkZ+N0kwuod-jNEp2+Y`Z&*pG5|0bup+Ej;K3|1 zlGZ*Lq%f6hkK(@s0i&;b$Q}ztber=-(K0@Ouynj?XFK9KHxAbRxNTqt&MO`$cVlh7 z4|ht<1nrdOl^P1rsL~fvPuOFYF?0qlT0b}x@4Q<)gUQMqgMLIof!t2pA;XNZ$?y`f z$Oa|DCn|AWYnpj4vDuSX-l+X`%?XCqy_xvUr80_{!3g+|8{x&WI}9dhKaC)m51-Y@ zVonn5zMzA2zjA1B+%QUKgnmeo0Yy$FUSfiuv*DjrIF*4vaQvWad9Cch%I`A=>~J;_*k}R!^IXdJk%kr>0V*G%pzkt!^MLw>HCUIqzJCzkU%j$ICcpIwob5n~;iE{6KD;BfHUn^rA4= zY9~!ka?)b~B~UN4$~`XD1}g8G;&Q|ytmU~ubTMfg=Cq{4V|SX$Zy0~X4ou;B;Vu(B zn#4UZgBpdqvgtcENVEZ)+-Og+(i2&`3eY58&A~i;0Y67(UbphcvJ<9`5yMjp1#BVE z*7Lrc&>K&;XFnEnOesq&!`kn-ImYNwAS!fI9w-St+r&I_fes5z?}X0>P+&9RxQf=9 zH1gPE5&qJpA+JzDhWr_Wj**7cq$K;qJoaA6ju-PJBIpvmU*-#K4~RQKVTBUAjF9xi znwg>q7Mh;MPHPhc^Gbq24(;AXy*jy6km#1}NzgX1bqO-s#};(Tbu$IMn|ahBmI35R zVVeC*=4i|?4zJNiz%Yr7-i1*j!oTDoz1MIF<*=w4i`yd6ie6hT$Ay)g?DC}nwe9d@ z@d2F6F_66!`go10LnF`M(7qxwXb> z8u|JpFq~JI-Q}eLpe$As(*O9he-yrD;k68PWyKAc2X-R%~#0dzX%W`Xb3x#;2 z4k5`*cfbubRB~QL*+;gWiq1Ir7s@Lf>J&zylYgtp6(Fe@~w2 z8UJY^GXK3k_0Q)1eCKySt z*)%8e12-8dR2-n{D$7$h$$hlF6eHc60#KgSyuKbCE@hX|o~X)ue|XmOT4&^xqCMZ; zi$2_ySNK+azE%ciR_CI6R%_7VrKym8g6#A(Efbx$&^5?O?ak37;&Y$y_ z=xLDAs)LN$gqa6RR8h3&z*+8n-nUeXF+ME)KBAZ417 zGf)#^z|>#c*00@am8)MJ?CJFY*gN8DHTic*!wEOp>T=RgIJV-SJGdr2rOz0Mth(WsuOMxO zu|eDDLUaqLNeb?SqRyB^9r(x;0!$AP3M2VHCt|06i-|4&CJ1q?T`NS{rnd<~)S(S+ zQBO}?Pm5zemz(;N9H3(^OVXyad}5LpsgPkH~vtLP<920^=+rr!Qj!JR5}(rpC;mBt#{jz-2_U z)51~$I%&!l;3wFL`LmwB;AJI>v9)hve=8nE^T=vI#|x zw2_L7V76oDh<{IBfva1DX@4ynE#N$M;!+J}!1ozQoB`0A&1QQTTv5MuJsjwgqZ(n^GaK zVh7R~=7lYC8)n2%_qOsI2yTty<16EqzS1k4T+TsPj$+G!KfqB!e+N$@T?5C9+h}*v zrkasS?s3M>hZF?I%nMlcOy;qiDakKxmYee@I)95Yn+EOnF{J!e-^`1D0MQM7pvbP} zre>pIfYKB2-9h@QqHzvPa$<9_L`&`NG2lgM+@t8N$K-yYoHTK@sjc==+H%@^sFUD= zI>;Syz{*o%a&3P-Og)Zx`fno~Q2}xTalX0=Vlf~Y{6*Wc3UqMU~el za`Yjh$_A|j5o5(IHTfGVE}D`O5+QC$;Y5#vaOzs6B8aRf>rirlF&k52<$?96V~1HQ z|1@qY+PL{Ayd?OzdF$v=;-tXW%w=1l*?^U5KJR_AOwk}^iEeMO33b!(IzcsQ6Mrz$5nkM1n>ooMhF9OqGO?cK^Bxsso_w^CP``{i8jZOV3@FYj zi^qHvT|6IIM<6CRJ92U2?|I8jyGyYP-eZVq3*RB-Ws`1`Sv>V70=9k$Y$;c>U2wAt zcV2{GGPTdW&CrYE2NAX*9EO?f#NMNl8b}#hdijOz{EDyS*rTKN07;28?$QT_sq zY`-!2SN;5ZeofE7^pCMN^WU2p|J2X_jUbo)PaajrUwfwi$)kb+`PU{`A?~8TX;*w# z%7h-Hd+)mmeh}jkm$xMIspv!v`_D1K1vRg)*4K~Z-LB_Kiq7vI7+1CN`#$;nD#}n- zm@a%#j;AKh*Qa5A85qkS%W*KNZx>5vRdaoC4fYw#38%3by5s)n+tEAw9*#&M9eZfZ zQ%V;$$=$#Vqo-=J7H;|OmXqbfjm`>o0Oy!qm{v6I{d&7c(~eny3UDz?}!%z|Kr}BkH;HLyH8#))5P6%>A6uCoE3My6el_o^u%f_6GI22atXb zF2i;b2?^an@cnenfI#`Ro&)s~#1HPzL@M#F6_>2@kd-sDGm%O?4-3+<_nU=i%{nJ; zg<~4XLh=Q~boYh3-dgM}VE;_X42C}k4-!`N?)i$zq(WO&@Lr@Elem#@n$S;wVQ7{f z7_)N8M@b4AlR?JZ1qBtWmHYlq$mmwzPTzSI$Qifm)I6UpL(L9+^e+*a86D@JIS8|iW7NH41&dN22@u0p&lND z$&4w7ZYv1UAB-#Z+N0mj$Es5V)lIaH&1Ne|s0$^nusm(GLQ$z-p<9D#phqlDfRr!M z3EwX_LeSJWQov}*O+lW{qnykg#>F^}Te7-OK2={lq2dBcE=G=RQ9qJo!XnzHZ+^JX z_bR7SE7vvq>_s`{q200{j_rn}!sxd8y97A7RI z3H(lK{M7>>(UY!LZAm;n#xoQFagV;X5UCyWnjS(St5>aI42kuu3@}nXBxMmax>~XvKyTzxI$cT<>NXCXu#NB(kpqvnkl~EaWzJNm?wy;#y;Ue zXPBe;`e>3?Us9SR1NLOf6ixH+aK(;T^6rD8{o*EiMfut@G}L^N&z_x<1W_|@8fa#1BnaK*$HMZ<@oP7?BZqKbDwd$9BgV;Jzh04v};{OV*X#0z2kG{ z>Gy>j+qP}n=-9Sx+v?c1laAA|Z6_Vuwt4cM-5B_gdFNnlw@6 z|9%X&y+Q)AbUw?7k)AQ}?w8kz<~Z|5!G_n!t}m|%wV5*Fj#;|j%{cUNEIefDt;JGu z6S7sSwpKd$kG5!8p4iIL;-WVi(~9Q0q8k_8W<-{!%6OqRPrd-nl;ljS?66lJJKKbo zy^N|kukK+;c!X8CUo4oRdv4MdRpp)viXTWkOWI!HKZ3#bkLJkA_V@&adQjM<*%V&zMg@n?kj@x2 zFEW7-sg*bkXOvDw>CjJ^PNDJURDmDa&B$ecP~iwdNlj$E7vRz<9DYLWGTBbr(_S;< zQy1b@bJ(ut`QYO%>^{DF%N;Z~$MT4HFDCzL>$iJt$Pg?c6QOPE#x74up#^2_9JUVt z3wVlrcfU$!$LLXkf2-O8y;2iKdL7Nk31tnyEndQR3(8mWWs;S9WMV}Lsmr^myMB5nJm&u@GJmhy8CjYC;qznrmjF52 ze+!WR6LS@BJPKqap7p(GfeyfvwDZyW8*?=qmObLyp+Rn(YC>2sP;YveK08rZH;DFE zV=d4Z%t#-X#`|;EHx_<3_qu|@_q}l?mtA&S8QQQS^6tB_oLpzSg=)(0a}i=*i1?|> zR-l;x%RyYY6}lhn6fG&YnCiVJ)0h9No->DitC}RhalSy-W&@&4?*dR@r*C&)t5_-J z(*(Bs^!yKMxj6AcMP&zMLE#HQlD&<@m=w~G+Hu$qs8{75xFyPFaZ!m1 zPAUMkn`1-}qV@@EsyE7r4kZS-%TIGS;9cO=MBrfnkEbShb{i=yH4NN$lxg{m_Y#<4Z|sTvuwbQ!Y{IoyW*NM0jdHlfy0LfxCo4OyrjMPTp;vCSiz^ z>Atu?+i^BqMp*?xB;WGgDfO`P;=Lwp7}B+l3pQUv0f zX_JxXvE?iBSX13qJjIocRlXtnmcEjd@`2&)@KKU7=a$>M3x;+jWL+B~Ln;L$&r#vf zqMWas7{9r^B^ z-jZH0=!(xQE1CELrF!=jrmPH|EMEtUbz`M0n8&)dCX01@WMEuw<9v}|Pml*KodwU{ zwQtit$J2_`sv7Oiy3IAJ+gD|OzM{}Vk!~&*%=GaULGd?==4bh;YM|cP|I+kL z{sS+snv4ohS)oT8;i84ozGR`WPv}%An*ZzF|2Ni=JQu%&_aPc+sNLq(i#=@wYt#Gb z0yO+BH4ko}E#LzdddM}{RET<H>@c!gJudFK`{vw!9izf6VY;wD_w@ykC56O zB#~!a?gAU*oIR!Js;fOZocW~W!qds)W{3M^741~)rs^ooDrdPJE8z*9PbEAg4L-IX zYGH3i8gNT0FMso5wg^vyBrTQ(?^@4pE*PwytVP8Aj2}Q-nigLjUqsPQ~xv6p(&$ ziJLG{&C)+J^zi4+Y1R^aaEspWdlp*q53#9xemxtH-9q(yZU6QB`Zm7vI!C2xDR?36 z@KOByX$aL;9dTyI@AB(1zhBsni-EUHHhY)!^1}pN2EMHy`h%AJBtN%?zay)LUeA^! zz}8GO|6)y+ke@!&@-rXDUvgzuMmH$KWUO@cnt3@@B}|NGE~EZr0T0e6Tr~y3Rvxv6 z>oykHLNIb;kyc_*HTRGp(%}>h*iZ)mLf1y(1qouht2sEy7vmTa6w1h{8v@R?o{27) z%eyR|AkMVNeV$p}4I2`ZdKw;aEa9>8H6i}@sGQG5b<#PxR;25FPXQ9_R~8i_0jFTS z9i?t#Z=Wt^;j+B_32VZk_bAjjbJ2r2A(XuO55+Ydub=@bG#;Oe3WKVvKp`2{D;m8li+C7Z<`){AHOcT*L=bh1O^-KDh( zmu04G-T?Sg(V@HMJ(r9JqkO^?orQ`#-xSbJ%<(HZA_oWyQ3Fx(*;S;4Vt`nofL-fF zjIf{*YU!-5WK^O6DAXnO1Um>f(2S-XpJ5GHHOeoGIVxl25s?fdq|A}jl(!$h z8A(=bWzvOiYw&`?W(HgUbS=-n7ryy3zR8xFJZZ&>MIOZa`K%-AsGu**_Zf5wl4fheC+ zXT2~mS4{A8ALn0p61+3zghc8|?hJ9|w}6=321@B^g!FPB?NcS2;R91)OCw$}GF4)! z`TD(4=t~9A^NG_=84j{@VQfal__I;;H5Nk}3Q6QuTip(sadDZ4RM8qz^C?nPtJ|3k zJmql8q_O$!RCK%EB7*0cH@Nt9=q~CO9VO*CbM8J5_LXi6UuC_Rxtb{Il^N`v7rU#3 zM!EB)(SNoo<#HdOQn2v;lxNC!2?x>ay_6;UB&plEhdPF5Q<~HP8XV_*nEW%PZ$KDgM zEX;_)C5a#l9*eo2h+!f+!x|HT!RTBkgq@gqnbwF@pw#;G*N6-R)ub12NvyA?g$rqr zDQ$^NHjL+LO616ZCMs`>-&91f$Z9$p9*C%(k0(V08~DlBlmZW#msij21W#^z;=Hhk z!~sLv%?X^)P1KjzZT}Y4%N*Ad!F?j>uYBTsw*j7PkTx}S(8eMau1$$3IdD+EBPAEE z&moCtD(Nb50+=A0DR9!sa$xqF;|{y-Z`SGLb*GJ88KT9LHHyL&7|M`QKKfVgdn z2-rlq<^kcMmzPGJmp6qQcqyz763edW#makzIgAqS%>-P z7-awJmql}$*O?Gb#}tOO2_2k`D@Dto#Vml-tHz?%PDe)_yGiZpZvH5Y2)`MEcXcoq zX$LmPZ7x#KT{Au_HAF)1ObOXpD!5T(I93pJF)5Jpxr=J3ncR{ z^$*Uxu0PyISw+#fYqcgn7uS6$gF8gNh(uo$-+{k^`TrFS`IkQZpOmpM{!i=vUn%?B z4E0Yb`)>hqsfu$pn9b>$k+!&UQf>zzLWXHkH*~Nzij9Y+8PR;V`EEUlrn~yYiPl8U z*hhPU;l$-dGl>*FY6Y*6&y|mC%2#SYW-X(~i?hok{QB;9on)UkBe#wVOHrNgG{>lI zw+X+l%#RDA_K#1g!Z9=~o~9DO`9RBsR;%4!cI-0EnP}B}>=#bh*N4aXOUE^zba5b^ z>4?69s*m^N%-~@2ei`e#f?njD)ecL6L~)n6!@9|QM*@=~E-Gm9%ZtzoWI1q2Cp#6T zE3o()+n??E&%dO6a)fDLDXn1gT)+t88jBx}1h6<7ngB)7foTf}$daG^f-$g9R$PLa zcn0bx$3q2-3M))NQ1yl(P%L_$HQ?)OGa4ww&BICiPaK~84i{7_1x^jiesjhhS`Yxd z!nL84*;=fcUluQe7xBlPQl&@Q`cv(9qppQKc#^En?Z%;6WBDZb;{9X=FI#a^hVL++ z6d)&n&n|Yf?!a&uV6GbPjW@}(bxx~Nqsya%Ag*<`L&N+*JQ2{~ulA_%Lr79%!N=n1 zLF5UqS>KV1(feVM6rTx*- zxeWx^6O69}VdA4LgCFVP6By!ndzU&7o+8>(C4nTA0VrT8{A?8T0|OQ|dPPmuj~IkV zgG}KIqJ)B9&603Vx)G=^#)>iHq`BcmIrF$4c0x{-=WDrlWQ_;fQ-skN2R`ebAI#Sa zhn^B`MMEcevMT5v%EjHj!(^+U+!hQ(57EX#hmZotub$jh{ zpfC28hW3er_AN!nkEt|A0K_pzV7kd7ju$b zV65L3!6F|u!`2H(qf~qqKA&+TJd-&`O3`*sazGHI)c#?QA?fJ|M$*j{Y_?^82h+=p zutg&BV9B7!HOQG`k0K%Axg>^YbOvjQ5nxVV|Ikp@Yfxw?FqH1rl2^^-}K%rcrW-Y;m68BbN6 z3|GCt{~aeKJ>i~FolI3!;B$of`4*0djrf#kSdn4_%abo9QpM3vdLtw0CjUmX2u2D! z{kcD$iAI`Ai7zOr_dLZxTzbMGS8y!BkxybJQbMD0IQc!CYxJv`%!HCrSn+UcKjNTT zxYRc)YvX_Be0(C>4r1&_IX}^!Pv5 zPo4Ph0)Sub@V?7@HOdmgP>18{45q!A9fA(1;57}JhYAIqzA!cxTinBWxW z?egw_R|Ke4T!{cAtb13;*%?08W9 zOcOw~V-RDW#|#!$@Z$22KTof#&AudlgN>ixi;0W3h7YGxo2lLSs?8~LZeuu`d;Jt5 zQ~vmmRBJdGy~h0f+nkTk1o|~!!CjUrgfWIZy%?+f-7sg;T-G0UL1*O^TCFVoI3I^Q5JT&#vK z)HWZ`}f6zzs@}?iWzro_fxq92Blj)Bm9K z7>%%)>fG)Cr)630i&<2DQSg12<-F}>Fb>^;RFZey*ABH|eXS&+Xj=&L5KvA(WFq$u zl;caVrQF%3*s(u$#%4Ff8QDMSYo=RKv36!X3#gJwaHMGH*fCa}R;B|SK&AwI&D!`% zkU9Fz|9i@s^Wm-pk_YcVe@GoFOo8f>QdaNI+Q@JYj;F_AK*|{F_+zFEhE;17C%%c# zEtWI-C~1n3%k*r-9K8gph1d!ma%j23d(s*bgojbk^3h2U%R0m&$FqV(`Vvf7G3Pf5 z5Q(>3;68Qn9fTlj1OoU7^%sQz#(^2uqlU7!W@6|ooxhP$oq0wKIq*`O4KwzE(}trU z%m=$1Q~urS37GfKLH!HC{0&gRqN&!E!E`3NOI|4VHUYr965BlgcSHe;c)n!w{IH86 zS7=T1I>|j>P+H}TLfa8oJWLODM@l2Z7HUX02!D~)SW&OFVDsL?2w?Vm<}wEkei)Kr zcMZN91Ce%*kQ7I=MdadKk8N3xo&|B6?d6*Ky->y~K8>d+>OvYzF4v zvBOxKKJ!d8e|T+gerG}qsp=)vK+V#SZ5t6{vlF(0*)WNYGdXD|g)~q|=8ZA@V&+0r z-F)_{3sRtT))2x%$*6$hkkoVB+A&zX2+P+52Z~}VDJrf-1(dRtD}jVgfWh#M(8ju7 z`rk}e_4Lg9@?!4?zmhVrIj2lhXs!uVFgNoi{qpMKCnb^o2=nB|z4?A-_JMVVfV}wV zbfS^GZtrZkDv9<*DMcQh_rvy|yD!jlp%95$bfG!aXe7g@@w zIvvutY2zhJZFbEvC8s7tg2awL^Ry@!5Xrnc)aV$TQurhSAd@4jyX(Lb{kXWb<%14n ze2ih6yi8!hOtK&0`L$rd77yn3Xe}Ai*2y=K6H^+R%X;fwb6A(DEo)JFL!2SGw2t-K z!N${Ha{uUG&M)d)T&IYKAe)t&!GcloMy(fuWxgm8j`2rxJNc#&Psg2xU_8+e`f2u1 zg8iF<{3Q#2%{QzJEdSqp!~VA)>>u+D`+rIzYmCP1e;XH;)D}4XsfkFn*z_^V9=?rV zu>T|9OZeje{V$Fex3DXEJGY@SFBJ%Axv==-CO#IW7_Roq?CD8&wj0Xc4tw42t?lh4 z>_hLfV%6_^zVTdTjR@7;-YVUCmQIEI1l3!=BY!qNNf6&G^O6zt|#Z~5f!T~n;WYiXMQa8*!LQ4@6jU22p>#3NJe zA}UpcFN!okhUfELhPI~^p0_TSXxg|iVJm8ha3T|F#yOAKKyd*<&Lw(bJgd2(EKnq{ z*EPoCA~G4MUtWpS%JMZ5(FRS7tr;0S40paQb++KGMDC-Zs-!{=VRcqVB2RO+-V{0k zO8gU#X(L~l7tUDg&d6EJM%eIr1VHOgUlsHAB1wfYtviD?_OM~=PfvsQB4|58SF*KC zciW6w_rrP~mh!LV{HzAsodZXTU?BkM7I%E;=U zJ4K1E(8k|p{0`Uu$inYBA3_*|u~AgTyCj*{jVpFXv`ZO z9Z;#^I3p|9Yua)8w~=H3tae~L1VTuhhdD8lG)pgG4#{&V@hdKSJ|;>+v|=A1S1i;@pcA=h9PK@i(`hQqmXEWMlyXBp4z@ZkUaH4Mogvv zJ-V;Wde4_HS1#{tm>WM1LXylt-w>&K7?!HNoUG%T$cA%>`Fd2FqZ}KmE%_IcCzBaE z!*q`FzF(lQgowkT{SKRWF0|ex7KDir(k-FUqvt-bXmTRyspZOLW_;jL!+3A^w48W5 z)^L&sK4}VT$&{bb72KTIlW)Fh(9G2IIl(C65I}blP=oIcv9^V6H;we#uFhsNT^C|= zw2u9t(R)*9tqgLDXmAKs;0rtNH2RS6t`9xX)$4i-*U%rvUW4(|pWP@(%e3#@0otRAjV7iK#j+mo&itt1eeE)CeYKjN+!LAt9j0oCW0akd0yWXb;`|BpQ)~9H4NiVPG;#R!@XAeR5DZ z!qq+9(ilmft<1OT7&TAnb$@k2bJQtS8BR?$HT4k3KRss?9`K1*gm_|OahlcPg`l%T zn2YL;%cFVGTz<>2?2->ol~6c>g|P=4SH!HZMv>Ar7#*_KJlL>Z1~74rX6>(@D|%-P zSFJl#p1ykcqVF8?&!v}mw& z1brXwnD43V4yRdOW=VSgl68t5r&_e&`taGZ5YgN3%H@yN0`D(b3Y5Dg@mIP#phNA;NV;{0`}_sT|_T=ndP>bK17Ef2BuKH=1N9YVy13X?;&xXqe=^eOj= zCs2K}vk8oFl_utU{RCisnSg`GP7?M~wMoOd{)z(dV3g2*AqOa5T)yh&3nd=-{QGkC zioriD@b(UfBgvxRH4WR`w)6rL{dc@en_nb0d73or)9<8LO8ge#a(p>04Cd}XACe!$ znm!KUdKFy*^rD}vKUALcrQW@DY#tY-$Lo_Oi2`t`)b$>}faq&u`u|mk{yq*dva9&=NNXEZMne++c*$q&zU)ciT6!mWn1lzpaiAJ55m~-0Pz^ z`n9WAPiW_dH96dKucd%f>SN`NrEJd=>iK~D_A;-TY$2>dzaNc0YrS<#%NE0_5r-qp zV7K8T&=kjhzF!7+k6kZ{b49ir)x5JL;%GjP1#;~)-=4JoEQ}sgvvEiDKqk{I_Uvj6 zgo_lu#@SG3f(_X5DlcaRmhd_T3IY(_&YHlMJS2WxwID8w*i|a|o;k!scVF2ke=$#( zHBKq4KPbFILw;XIn}g9Cf9Ca(yDiO7xaYam-g|!~hB1Gr@>V`nQ$~#PR?<)gxGAm`9QN|!#Bcc?N92RyL zX(V+T%HvaI1kv)qyFiQ?biw}!caS6mCZ|Lx*m@DIe|w|Z6w%5YteggwNafUGyO6cB znwKV6!~xLA=)o=cl2gd%AbMwi7+WGR%0fyxoIYxE3#>ju5Utc5XEXWTD=TBC=qvyI zH%$r?rix|OEl8$qPk1IA;?KC}8!m>SG5II}1SkZYNU>~va1bANra;TfRI7l11+5Jxi+M z?TTq9(4a~`7GHAWU==QH>?G1>!6dtP4IY7*4=UhM*i$ho*8Ol}RLxt8&Q$UMda-9_mGXCIlx{RFwfG_NqI)gO za*9et8Dq5BGnaq)kzA?x*dlzVAVUrahV0EvCUZ)MyJv>9uYtx9$B;B6W&Egq_W)1W zD*^UT(hl5s_U^(wxB6oIyE`C$3^o^3c7{U#jucFF9eqn*vC48VwAB&@L;w}yDPloq zMP+awQx9dRNkA#Zmg55?tDD5*$yO!ah~sou$$K;<^EwwRF|eH9)jbNkvBo;ldxmb< z#2G`<6?gFtoR+!%oWCo9oO_3II64uvLDK@Adl6hMpN`|tec8Y_-#r}$aCTE{?0)c8 zFF^K`b5%-uIH-zuk;3Zri$aC63`7+5G6M}5oQN(SWcT!ta~POGhDVXLX z3KRQ^YsjrXlaUzCqLqXd!oJN)8(VS{z04Y1_Em6w^%ql5*Mwa-mYyCO*DM*>D z2ebd(oZC!dM$``iY_^wJNsVTC)*2{n!S%rPR5b#K zwkriZo`Fp)VOF;}2534UGYE*_j3}u#*pEX5!52^kme5MmTL20l)Q-IcWRY8M3ktMD zexd!0(GS9K!x4_Vv!iB|oP|jf+1B#N8t4=4jw5*nuT8gb-c-wbr(4Xd=rNe{?7?c$5|u-i2%ak>UeAu0KkjV>7tbv2DBmd<$DyQheSClab9!+2JMa- zP84=$`d#&{4Bq*6ba|EC=T{Y)eP-}v8)kgpPM(T?A>V2f} z$z2P3kRud+tk=fq@~KFnxruTtyMr>u2eSE)ue`t>Zf`9pY}X_h=4-y#v;LO77b}L8 zO@M6=r0iZ-V(95e>eEUdPo!5vkyOnz?6n)1y!TeaVF!zitNogATH}hvq!Sw)Zp)JS zxq~zC)Eca6EPyrH)W}zuXrZ#?ud>b)!fa-r)wgdg{-sCwJ12(WPXP=2|53*lgMEo+eykRl&RGpd3xC(P6uSat?&n4(a4C+-wSxsK1Be|-4V?2b92^2%UL;vG5TKI*EaCaAT~$2 z2l{5}QomWVLa>Me&41i_!Op9svQOq`lUE~HV$Y(!WqHoxTNuLBoT@^ zNT|em{HVRU6(>BW2lKnGjPH?Ke%mz&LBBTh1C{jW@Fg|mP?Hgc@B&xtDc*K0&qC=v z$gvPd(`Fk&V{}E-8z~ZtqQ$b}Y3_fDfgm1xXr8a6^`@%xpXqYv3m<39PJZ*x)^06G+C4IWvuOjHK6uWH8e;Pz^8 z{0-_|@L{A_o>xvwpB1FTPp=v8V}b7+D9^apzsVDAMz@da#Q2icjz?=vI*4)LT9NA~ z{hFhKgM{5UeZ%Uq!0#q)DBshr z)MGwqnd^OOXZ!~A9S&EB< zOwIn^=y!?Q%14mq(oh<#Zxj`FLHk>(I86%T(G}IC)m5{W{oZz1G7Dc}f6PgPwetVa z(5&*YX4D-d9N@BKaM2&pQV4@sQ{`${`x9Pvk|`|ILLCR8AGRW|1Y0FjoXkCHqd*Ky}F*Jt5;rin>c1;AFXiL}l{mVbuAipXXlVnegZ zZ9yi?Ko*f6?qVVzbFW;IsK|c74V@KjMPAN1m&NH!697=u1&xz zGGeAw!J4g!^g70>Fo6VgQ7+Yl*Hp7DcoSg2K>>pQnhVF~O(g7f_Fk+e=V*>QmV>fT zd}+&T_wJr6%BA`P*?>7eRmWQH=Gz_VFf;5tZ6XxcBvC*O_j`iC6xw(G4shBE3=4Kd z0k2Tmas$6TR^iU@SMP9ZKC`XXAdlv1(b3-izsrkj@fwRJXt z$o4qh_*;sboqml!_RZp1?OLrav)*M_DVu&}Wh&*XLdm+?0VT)I*2a1%ETQniY$dJ^ z`)KXLSuWEk$D3zmQI~TCFQ#rd=;5}R<56M5&f3AsDbwge*L{ReyyUG`Tb(x_4n7>) za4ku%c?EHJy~anlZ7_zz-&eg^H2L(3E9^C0r*q!(QmpQ&zC#h_7p#gZgsgky7Bflm zUf15C?;~`+qtfH#6Yji5)0n{^*kBiOBfn<3xS&RctIIfW&Y{6he|Z16py_4C3Cn)$vv2w48d%?W~+ zASsUSl+9p+tW^++z?ouy@7fVR1PSZD`sBiRT?58@{}~qBz4`IHu`_MIgv0mg`*iKd zj&*t(;HT%y>HTF5FQC@_;T-yQ0%69ic{Ks@2xEF{<}}T}u|EYzHt<{U)Oe5ok_k3H zGIQv6`><^RAwbr;kmo?|Lr$q{151p@Hhy~Kst)>aJ@1Fn)ICL`x|xT-sh2Ys+dYqJ z7Ty5K9$;(g=728{*1UXB=R{Rf>jrO>F*t2RXjsFqcbZT(VOM=~W2GI3)1x0}t1TKh zMZzZ({!PU5`mCKihnJ%&&(g6wBd!T&zP>LzmnR38!mxS1_oWV?aW1owJeIX1ztL@K zsN-B+QUh1Qzl=ps)qSMBsclxLiCTwNJAQG59)TA?pOC@efWxUeE7pBWhU&kmItd8&~<5&#)>41uVE>RLBP=QNWyH>H=V9NCJd#R`zpWPts!FGIhNP}Ozz&e7ZiIpm7jf-!>!y=#fQ z+>3O_m^nk8E9=M1F;~*rZHh(jm~CO@xl60DDD(DP1kZ8qSf1PTH$N}uzPEjDz+EQ% z@{7{tsGgCD8bh=^M{)4T%7aD$m5J=hea~<9sY6a8V-IB48f-r2I;2vCwT#e7?DWjd z#@)Vg5hG@+#wM73c&wjA%?$sUM5|{*nHA#JynNY)$cAGb&_lLUIY4&P6c@#MnpO;z z@UiDygc(|-<|H9+HjGVIf7zoI71c-L2Qr&MFz1RxZ3UFinL0x#@PZi-&)xs+oDfK0 zWLabMPv4QoSq2@H?zWWPM%JB-sHF&Gs75ESLp@<=Ah0LS3WWmUnHk5onQ3#Nd9;84 zp%(m}7wDOMdK5bgPZk!h#A%*Ja9EatOkhMbV0Dn{)A_LLTYDA{XAfQo2Yb_+-g;a` z2S8j+-Wj@rS0?f*g9G4=b*N`p(u6SLJ7qf3q9w1cc3GbT2kp~X<_>pS)wPMkqh=~iI#M4 zqEdDyEsFkiN42n$53}Z`kPr7J=`4!ML?oK+X?B?6VXQ|i>P?Jr+hUxVNjZy{h;l%3 zXGs}IcS}y{6{w^VTUIlT>7y0#Eb-@(x}l6&TvHjSZro;j%;@2dnZaS*xU_P0?|qee zIX1L~!p%r^_KtMCV%qpKeSI^RE|W4W=MUge97{anT5xhxLi!;s72bKTjbunwEAeeOo= zv9`l+&JIbYnTz~wkkY*%*f;A&?fm&SfYqGZN||$->fx4_=9#lQ)O*cbs30iltazDdEcs&f$Kx!caL${067_|k z5DBf<0ukzp7Ln@W#;6hL2H{_e$u6T>aleeMe>F#vJnI-Qtk&IIh58!g-ia3A7zE+&B~ZQQ~9`Aw5xkCCu{$x(&EV-&oq<2d$#kV-h`s%6ih+53`UDFiGN(< zR=**IJ8;;B#_0fbyH#W=$U9}vcC$;hye)Ka@@tAh*1`X{2`!q)piZcNRnFz6+`Bs{ zB{lh(-2AAgr5GyTb?jGKRQa(gOv`8z^M)s(;gVw~u_BXDKiAAX25IylZGTo&$u{{# zOG#|-k&#%B)Ymz4d$4o%Re3z)(ky>}2_;%1M`|e}^j?I{MsX)x5!H$0C;{gJ(dxau zbhh1OxrkLgy?>y?2(I-4@d##!*X1=c;aO7tTHyIP#iYMIU2eCza8>x>e{fWNRrDe5 z*JKkgW>(ouv3m3*+j6rSF6dHT&$*8r&tvuyZCNlmkscY_wh5DLN6j>ZzTBAcraPKF z5@cG3WIk%L|ht<}c508~|LqXOYvuR2mIKXojD$K}rca3a?JB>;-dDl~@$G5A+NP zc3V+~J~=Vhbem|gw&LU~>P+%hveC@!h%s#$k}mf1Rj?^{DD#e@786rrwo8FlL$!Np z)TTfOTAhe0=J`}Kz_7W&OPe)_ohCu7s&z(#yLmI}UVogd;D&7wN5r3U6Ix=fN5H@z zC@83p9c8Pc1rZ>wG(0$+*(+z@Rj)6i{pPK}|}YXBp{L zVT${R*X2GUc2@W-R>2PDjB>`rvuT_BdYc>mOKBMYS^1_+e(4G}%ZS0I9B|@|Q>v}z zL&7L{^dO=uX$~oqSRz$FUd%5YRO!NBg9@ux;9#dzUmT%JWGZS$opgxshGAXMj8sId zOCb3;FrLAh?06${jM#bH`e#zCb7rz1jI@7p@z;Uj+jQG@VSg2k_*qL4T{CcB+NAo zS=Dry=DbQPxYhAtAiymp`n);=#c9W9g9~XZD~yo7sbaZKVw+mIh40OU0>!k&`BCYK zhG@FwS@w)6$r+>V{*`;3Fa3t$Dt$XRY>8-k0W+4r-F=#ir_)pw9R}RTM}e2~jQowh zBgNGxYuurKeDq=qqS|a-t z`wGZOH*0T*oXm20H8ylb7sQB@vY?M%&z7y)hK$P9pKR!|JGhU%&bK@&MtAlD&fb6u zh+u=Yd(6#1f#j!!+z(+s3i6Dhr%yus=Z@_5b$g!+_!rejkRF+HmM`esC*)2}SQq+d3w4=vp4!RCMsBd3P8Xb)7D9 z55K#i`jMv*iD4%OUCfjjVla0&qt`d@nOt`-HL{^L$kX+&x-%h88!)2?|wB>WS6Ueh;Xe(`vb;^R9_7eHI++91xi8OyQWhXi&sHB!zO?q< zCN|^9z9IC7P+yiat+4d-Q|*#hIABdg7%uiM$U@M(+nzQZ1YkokAlN7&YaE>()6YeB zgklBzTGVN-3dai5{YrmLMiom4J9~UM7cmo*;ZQROYei-A#Is0MHtKK_2=m4_Y&W(} z_Tj0b=Y&Ax*(lS^Oqp8k>*8wBh2*T3I~jNkR#E3a8d50-zp&_e6qkK4XedL&?b-#? z(tT|ncj;iFYy`&a@SKGjzgNy+$S>fA=(>Ff*6Tss6$D#3PJ(z-k+07@9m!kz z9XPpxj37Z}t68d#z1D{bOv@~6n}n3iT(-#laq*0*oHF=a5rht!YK&O#>NL}#uc8_! zl~Z5|LMW_1IfOM3v;pVfqe6|IajX>#lh?Nh$`TPsj1&+cbM z1H+4(YpH7#CKylLGci?GTyV5|C8u+4(Y94OSoa(3NAzIMLZW%$R zT&2JmMJox>)aV-MjuMP&fxIBmnj$8eySP0bmfDwzj1w$jQC!z>U#ETQEJ4saamely>XtNTQLzCm)tA(V(fGMePgs1HKK9mHU}JAPlNJT z)t2<|_ubz?gQJIY`|;(#Pd=0MLY9~-Y3XXOa$j!|&|q=#;5>GW)G1MCS%YEFou9;= z;g3;k&G4|o9FJsfE`uVUNO+bK=Z%+}?PyV}75o^O?F?>j!@Zc9%P+B|lv3S}Xt(1+ zxW)VTSs@-CgL=~KMDA|_6Pu8KLk73jmn+bFKeV^Bjfuw~NF5GNg`Sk{yaDqn&3oNX z|F7?GoNW;Y@sTaL?`c|ALF)PWzvwpk= zM;^@G6%1p`n>3Bsn60hub0SLx>5A741TA0NbnLfAQn1f56w3~$F}9_>1Ew6k0PClTG*_%oiT z5xbuO1nJ>#JXeG8n0K$pA_l(2$If$(jkGr1|U*}W5*{|Qj;hX&m{1+44Cg8hYmG0w>gks#)dVNNEZ|cI3o?p~g+}j)ZRibfy z@TqsYS8LFZWOv15%lEDG8%c7>cU!ye`(}0j(0CiF=Yro$=V$H5yGdhzKKsk^e(9n- zRA~Re47}wwrmp{{g(9nw)Vyy6>{a0{E>=bb>(nq@uQW)TmxVY@ep!CJZl}K1CQ}f^ zU>;!7ehaoHwtCi>I(Q_tg+>Gt|Fy-KB4&~^<=u!M9L94@-y8g3q9kh^>bw&*6?Vm3 zxWMQa!g3JYt_L=&21u1k$XGOEv6cJC=bC{xxn@7p8`&vda;(p?k3o4k^2UIFK!E#Y z>D3^Un-JZM!S(0o-Q>|j<7*;t!-MTLIKHTqN`)d0vOhg+eW;3%2;#W^1*HQ^r7com z-@=Y5Ndt_6_HDcWdK)>sKETd3 zxkwPZIqGIDT0G{c#g+7EWK`<2;UPILG|wz&z9)0fnI~`v_#VaNXPmBGN)}7)H!IGD z0|^;WJ~j>01tAtgDeJg3B5Y0hu^K@3H-}qhG&Ud28L>Prx`B&|6W=JAZZ|hEtf~m;{nTJhKK)bbA?^iQ|YxgkfR+L=%b*oiAW0;Lk47V$+!V`Z5PF zhn#%I6wrw7^s*ubw!2K3So=?eUe_NGk#UNwQtNU>`6KaGxpACkjVdCR;}t5%V# zAYjVMZ zOw+A&9=@+dx!n<_P5-*WyU%Vpq9+A&*2E?E^{C zZn;<7o2LHUI6$RH-5?-+p_7}CCo>(dv#j?1jS8kMpYiSrECD0!5I}q+QUG1*b|K$5 zRTM$cb?Gwn-TcB3-F6*|F4;Myyu}huAYIE7L~1(Kw2B}4Ek{E)1w;1H{em8(c{;sY zS?EVY4@SULD9C1llqFS21K!i<_X9ay3DJ+{>ZxZACV0U*Xihv}5^cxSY|~Igl@FMT z=9S%(`CZ5^wuZ2;5>OS`bOk#B$O9Gu$chX{k9o!R8OVt&ZfhLD`zXcqbd|I3_y~Lr zSs8k2*9{ zBgjz;x(;a06fR+I4edPVGaJ@ZMXd-w9Cp51F~3PJ*_I(6@h8l6`{<9lt6^p-{*srb zKFfz1m!m9|FZG~~x7FjF7lFI5(o}A`?NCi{9!{%r+1zbj7oC%#csVR|d7vANPS^rW zJBrYqM8#1yye;G-Dq0?d%Zty1KTfMXX&@zxi4H@d8xssYBdpg5g(icp3X_&8PdD!> zFc!7v$YB$4P2#|`b!xi~=0!tusPh#pvUpBTa?;4qe zraY21T}(!bK5E)cOP49Y;muABeY@hta9%+JOQN&Q=Tp}e@VhI-mGhI=89O!Uc`y_y zBJTiyOt@@Q%noy$;He70N~*iQNJ=&EIJ-QZb9C_RWlB4|3pPn5slBO?lwC05RS~#Q zH9^bEJNS{|f@bm*@0VOBhj0o94(;hg5pg6^lPPRs0j*zcD#z5FsXb9vs(pz3n~092 ze^U&HliE852*rCPF-}t||G{nJ;fr2sz9K0bSMj>dApUIpJ6V=*uS9YYrV|eoBXRRq zdzpHdjpKCWVy+>(@GLwj-|O$n{7pHzhhc9i6VYq^0_F+iI{r^{=U>C*e^Lu9|1jBb z{OuwA$7_Y-zXOc?uh+`I%%UFBsM|XD{AeO>KHurLlkJCRDMffM>sN-P16k5;bbN(( zggEzdp#|KQpuJzyd?AIsi1qd?sNW9J_jjRNH}=ZNIzL;uG?|(cMQ}^A$Vt25I5VZW zHPp24&P(NW!Jx1eW_?Zh7|s%ctHJsJBk0b6NZ-j4=f%3TJXX52>9hcnxyNFPIp&m& z!6-cQKO3qsocSuU5g5F1W2($P=7Xj6+Z$kU?gvqW$c)?wJv8XOKrY7B`OTH5_y(h` zP-ZXuL6Lke6>>^r!(t{eKiX*lKw4c7f@lyLea9Qw;cZT4h>|mQY4E(`wgF>#4&vX7hjF!QZ z>(MgCKIYRzonos7uMSlXsziZ%ll$br?=>pw)Q^TN3}oX-m60=}Nr(lbiTxQl$~n(& zJU^5LLYzU$JjuK=@1#WR`rvOrswNU>`eAlii+#mJq>uEfg%mUxr$bk%yb(FRHDS*V zR_uJNL5f@#BBf(T=oi>6z=axUhSa`3Y!M#SC2BrP70haPwh3W_J+`H5%mBi#taClx z#7R9)d*Z;p#qSD<9Ru6HOJ(Gqh>&DwgzSt(4(8vBdTH%kmzcNCLWN$E*&Z0q1i`lt zC5gRa;tj^$hWXKxCjk}=W16s5`I+m8%X_G87S)o8+t)uThfABO3BJt|&NFu?D zXQPI&95Zw&)cP_BxiO}`b@jph1LNFo5!(p2NGkfZgL65&I0m8!dRUKedTO1~q67nS z)8{NWyJS|6Oufi9Ub00qLGr#7mo!BZxG0qiJ<2^zxw9vzLFfM2_|#a&@JEH_6!mpA z*;cbWD65QWS*r2G(sDUadz|zkwNJiu4Epf-!-TSHa&ca19RtbGuny6PYY6(WjE@#W zDd4ty5!@&`4_q|awY~Iewy%AdQT}IcBCm#|qAeu}k5U&?ia)PQRizbE3g|DCw?M@t zDy$kJS2zx&+2Nto?<)~#3~Cw%EDk9-WjjkH-B;PTDje<_^6|S;+)oOp|$02H2GC6A`cIYsLrh9~~v zoVbIRUibn+2El3IJ1LFGKfJKC`zXU61C5I+uJ7!XETs%mp2$1boxNSOqBnTPqWFZp zs@|DU;*yPQc4Fn!+-$}^={hV2UPm&c&ogQ!^%fZb-HTSElMqYXR92>{;%{bKg6p09 z@WPKNO}Q}N!6NFDKz@ZpYHN$RAmCvtJvj%>=7e?Ov0%YD;#loCG(0G_&%?Nabw^Zs00hJ z-Bjew7)^gkUrc=$6#vQJMo+r`ex@ALo0t5@aq;(Mg@Kv*p;c1*VeF2wFh|0s9wD|6y{|50z3A6w|B zWnYY)!~M4-vyRW^6H;yZXj9KEY_w}-P9FaK?Pc`nIB6RI=i^li{LL3S$D+oq6nrz_ z)W_`UUFosbX^zMh%pyMKYpcO-0AaN)XY>9vfNYY3nP&`iRU;41qNV1%{w%=to*AZQ zD&FfSs-WHZ%nCIe`)A9{ohNg!>DdBHUJ!L<<4vG5=*!fk2%BQXFIJqDpCp(&qfc5( z6rJ#eJPRcP0(5`)rHIB5s3qz_r0}B_9nr5cGSiTlA~5ZLtx6Cq6RI=RfVyl!&8dRH z)B^-rxD=`*%Q64ZLd}KweA}mUgO795leDeT>a`-XZL#eiD-7CFtE%i)mYA2gtXmuc zUDj8NvgXBlyt9DC3&N+CmMuJSppU>+NqDL#GD`v!5#G)M$y30{bTwmhQMx>fm{HK( zNH?tS)`X}uB(T(u6xMc4Y~x}>QGY;{ypR5 zL+a)%zl`QRJ^+r?MGdOzqag$)btO(A(}goU;IA8JKT81%pUg#IhmT{=d%I14?8|QI zEWRpcv@5V0<#u#W4RMx9J+CVu-^apV?~;m5Fiz4=94u65&d%IjRj34Ptr!fQKcg|k z*(z>OwyroAYiP_G$nhLdl2Q8GU$g(xSZ!&|9A3f?D$2#uhZyW%FN`qERT^dd8hGR_~l8S4*)# zs^!+Rn{cs)2wH+L@K{!RfuKkk@%gCW^S3qyo`ed4fZU&DM&V zt7t2CZx}7IL#EU@JFs z*gbP=t7E4Bx=s@xX0LWAhrqT@V^8Zh*FJ0;(8N)tV~tn4`@kN16i7ZlfG&(mc6haz^G3P7p1714Vu_Q{M(0p&Shkv3Eu*_=u^@^{pYG@ z4tVu~EZ#ZbB&&TuXp*+J7Z`=zBWa$%%q8!)XfRaVa zK3PlUbcYUv-4$r%@5+@^EpiO(D_ZtYTJhmNqx2r|0l|kKTLLl^b#idU(%#4ZF!5`( z`8=#wlsII+TmR_(gv9XbMn&}enShG8a->*dMT^@|a6)xelyX&h88OSqwvW2n9;mby z7w0!C7G*`dl$Qxg*JTyC$qk8m2^U2rw-57Uk_8*wVGvJV2)uso*a$E&t%I`<5eEtB zDd`inEFjO7)9xCn3|?e zi}hfk|F5tfT2gVF|FR7J&%BBx#D}=qI2W=5L_H}usj>K8s}ZNYe_IBVjiVB~8@l1I z3H{R=i!fak)TA3f}fV4xyC$II;dcPXq>3pnGe|>3ibJOIlkT6y8ydjJ#K*YtZ4P(lw+^KJS|y|P%DA!=$cwOXjm z`) z6kJa4bm2uJqflk}zSZ{zuGO9d_9MoSH%E_+=|5mF6Xu848x&TerRL}c$8uY9<)rfy za~9O^VS$7@AW}(7Do=H_Vw%gbklHOmH+4d=o)6HB$Lmgu{lr8bC0Vsx4&?h)JsUhmp(wt$>#LS-mDPm-I3a+6zt$c0e>VL6Y(U*4BO)h6Jg>i?D>! zP8?uHbG6}YL1+cqPy=5pQqhE4F*li8+eV;jgFyAB&A19V}dpE*nSm;h?1o&`Y>;!fNA#T*o0v2frq*7RchL z&)84gVTJ`zBLtlMQo2x;&OlHgBJUxCfn>q<{SNzguKo-)B zSYAjM@%103JKKz9=p&tE$z!EZ0=>3u_lWhPv9Z80aQ@c*%G}8{NlUp2((YL^8@z$F zu-f>R7!!EM;NZL|UKx*UMq$?+-iOB3lcp0ptp%S$$x9jZJ!zL9hZ5o314m8%ry7xI zbf%V}9LwgPqqC8Zyp*YKrj>>wSlJRiScw?uG8E>d)GD-Mt2;2#8dbREA2k}2C5dm+ zRt7whR&A$rlG#_qy*DE|s(}$i2Aerbfl<}Ej^{~dRVh%GrBY`Ro@ZxggUd>**IITu zat4f;C=#G~j}JaeO2>O2tBbn$6y!dVrjM{cX(1l0`?3LIVZukBs50aL!-Vcb5+A`X zph2ISKdcS*cYSxRK}$sz{97=%yK*L;TMA>6OorxHjK6rdMXTw?={0h zKKgTg=!&khH_I^JK|9I%w!oSm#M5!* zxAxFZ6JD3|bhPi*90BcR2bMKYz)psc%yv51`DMwNL@a8pDL)-`v-_>z=Ki)dT}>{h zNwcLN;t09ywW=9GU)DD4HyhOSFCbw8**GlUxVh zGhx%Zm|;k9@&PKyqI#f(ayj|UP-aH+peW?BRI3ACX_>TnwyRBjju-3V^p{23jc+9o zuhSxL#?nP6Z6k&!=*qy@;geR2YEwboN8~X)ty7>uT776`+>{ASj6!{kpe*1nmA<>}DDzTr&Cwzx~0?B`P9{tY@`JZhX z^S`z2B!A+73bx#?2zxaLgV|2)8M1Y9NG!C zJ6pz=%7=G}SpIlySK~tJEEClVyqRfptl4xb7&W(E*`m@Gh>Go}DW-GSUGyn`3;x`^ zHZNtx-3_!TfWmddb&1DW{z~A(nTe_u#9WZVM;L3$Mht1>mrG$$xCeax{I*CJHMqDp zxjvC^yW*h7N*4%v)H|BmvJpR^|hmt~|EM$gEuL`6!gwnwKL@h_#FM-mWV%9kIVgh??~*0z}VzS?ZXfRwghVo#Psp+D~9^wxP=5rF1DaK3$IK#T$J%hy|;#QBA zNQ25KOz37;kP6K?m|!G0r!})4{TATmy1ka*&6==2WA!&XWK}|OVO9)=iByryZomQK zXXfy1YNs-2jLKXXE0QK(iPjm6M;U`|MFiy#jxswuLOr&Uj`EV(+tE&FClkhDc2GO} zhP>C5+PNy?q*PcCK+)^()|ywq`klEekR0xt_c1%GW4>f8gKN=-Gy4{E+q1WyD0$*9 z1G+i9fRR%avM13L?Fl!pYYu{npd3j@OoudIQ>huAgIVaImjeV^FFVC4TJBLH3I1d`!8x-$)M1$U>l0 z`wf%YNaW4+F6+LngkvT8bB6JF4x(o(b98K%1=hYyL13<+&z{KvFt*Bykwd0oxKb|2R^+;^qOxs>H+{!gZ-f%uC@%n7fbfp@V{o`dHc)k^*%dsD?3 zJf86^SBNe&8cu!*B8F?4et(4kmV6(b-1=7>qor@8sycAbQC zJw7HK@B|~J#*fdOz`1R_DX1?1@Kv=Ym8C+-t$XxstKo>N3~hxYtlR z6M_7MT}AZMJ8wRB{E))b5w}L|_Hy5{*n{x`e0!hR9OQomI%_$Bp5`JvX3S&^%eKpf zO&iyU&ScTqJCt7y4*z;+#(2+4uwtLG+QU8g!$rEPe=Sy9$91G4a&13W6>>QIXgGG@ z)hwLf?mg1gDNvk;eHU902KBrv{Ln4yK{b&@qDz~7huA`%(VtTGGi~0A)K~kS$c{$- zGfm8X*n&Gjm=JkfO)vEeSpMj%=0DD^zfV34tc?Hmt+CMmZD;%E?D{XUA-3nN2-|Pp z1jOBBCSs8v^dM`pjVD(?fSu%>=QaVfP!G0$-g3Z2c*?`<2)Sf_fXEwbWFKc_5KSBb zK7Cz$?qL0?0(d6a``ldpD{TEGsW$z&iPv>M33v9Q{|pFIo7*HxCb zot99LKvQk#9!|s+0Ma*~jg_d%!rzFE*Uv1EBeTu!$4m~k(N~Fp33ExJIU*(&D@YTi z0k@6*IOWcnZ|Bc^Bhu`xfEJ;fC<>^)tx1l1|-NOH(&AHN-)Q)KKKx@4JAZGFx2_IEzSg4FRW+m7nWh2^p$FM&5CfMdB zB);x|jFd#BaMqqR`{X4>iK1Mby@fK~a3Ya-lqqvS%zb69cru4T39UG}L@NpaCS(q} zQW8<7$gVr~-n=O9nI}U?tTCoIr<8Q)* zp5j9?b|r0+pV$~GWR=qzdqX6@7gx~}n#}Ril6HLp+_69`fI{;jT|g|S@>l$fkx8Xn z*&IcRHThkY`8A)<1Ox_u1i}%6r%gots7OckAnb%aEkv5(RW?}@l8+>3LDGuJjBqhQ3#helmnCZXp>6~8wBW}7(1kQqD$@pnZ=xlXu_1y7r6ewI zBqSO*ah4A@<`hsmI0v9X9x!M|OJdz~RfiveA^E%w&oI*fo1xAZYN%??CSABmt>*1eKNsP|({**uT1oOKqR2NTY9!$pe zcNB|iCvQ}2yex`qBHDD1iF5IzJV~_ka}@b7@p5#K!gTQh1f{X|==e+Ywu2o$(lLZT zg1ny5eA=%7f1uhD`efnPB>$aoe^0fReqR#6!`T;iP{173<+8B+i}*no(!~DzCt?FZ zyP<7~+VG4UhcR}YwWW_)O`6%Gp98==E1);6y8#v#781`V=(jZB9D_8pn;dn|u0gx3 z&GSOzK6av5mytB3#r0VTVwllk+VBbo=n=YYp_1WAl%O;dXSFDkoSD)bC~7d9YNeD@ zi=DPha`l}p4JU@<<86d4PTMVF<2tc*t%@Z}&<|Vigd9gJY^7Ws%cUn$Rd`5Nq@>87 zON(mzc#?`Taya)t5WqD%5xC&tX+4rJW(LK27vB)kPP09c;2nUsx>G{hD~)`oR~Z?#FYe-pz(7n{(G3|jNmjxar0YR=#u zpkfXNRjD2(R@w^Gk~@Tke-{$y&}kt^HagAbR0s&|lJd35Eb}-~!w(G0lp3P@UXv=> zq1$#13(IG0RC()!rPDx(#n?$MqQnIahBBs9kAn;Uf_F!x&kG!eculM$>7maD+DLum zet4qR>pm>_P*CG_qsHIH{IgG%gjC5X-Y_{r!x>iKas?}s;Mlf{QG!^hp(@Is^eb&8nI_0_fKYge<82H z8e9ARx=MVd3G>*r8y1FRWwYqpU$&aYcM+HSq zXYzD|NlWc_sA7}*1Izv$pr%?6y{t{876v4FQOfZ%z5*ONL+rXS&HJ zV^O|=oQD+D1}y(fW3=_C59m3js{aODAV?kSV3XCSL00{I%oRWR5`FWAr2&(1pe7%6sy{uhpkg1{^|Jn zkwRU#dvg@J9-XPWasGj#O#%muq8@U_XJOa=ID3%sJG)^Ylqqc^cSyP3^*R=NMpf2p}*u zcN|06qC42-x;Xa)ErQJ2k%)QJUIliS#%*(~bTliP0g_GWfOoKUkw8@gzU^sY`XGVM znI)uNa46KyY$FHg7P>qQ_WM@jt9>Z39H|38nv|M5z$Uo|)h8{K#0m8ML-Ax9Od-!8 zU1M#3-bK2mIUpblesCUP7WEW`Ci3Ho1!jxL7P2Sy^q0p2`zy#lVbu&F-wt0fNr9kimE<7}q+*y!55??*Cd=ajB zH$N4zA!1`Pj4G(mjZ5-;=p>0@pk-t_Inc1dwO#BVrr{Yv8`wD+j;4~vumx+)ni6s}XXmFRFlfZ+yB!K)__xmdVDG8{w>K0=9wSs(@} zjSKLQOPidH)Ah-9Em#p;k!TP_`yhBLc)+JLgi{RBc&HuOejeJg$Up)J$pKhQmDl_G zRA9BM=kUQlUNrgP3Wh05OvwpTU24D5>d%6A!&R!O>*Y+OzV^~W08>cX5Pq31de1tB z=%NHf2-^4J9rcf#-#n!0U9oLYp@rlE5wgrmio~_nS>!&7%W!kKouZogn@h)AqX>)R z*{G{tYNSo9Tbo?Xef4KOS>j6UO{*u;HK z#W)gQnV)sWyyaEm@?P_;rdnsb>9wB0WF+4*Uav^+1pu>5dhF|K*YMsHN=Q|82+w`1 z8%h^Fv#2kcRh*2kz;IF9e)77KuQ`N#d1O|UW%%#+7-TI<`#b2}@KGuigFa6do z*mqwHHST9{Um1Hc@K-mGBybnQQB0meR{F7hDMx-`_DyhB_k8xezJ{G$yQ`__eQjO9 zVU@L4fj$Z^|86@QRjX{bsT{=Xb*?-u7}Sx&k%zBTn(c_#T)WW!6$IBUpL?IL2hV4t z3ztPlmdM|wp^)!E*%FdAH|JfkDSL_FRsRmqGG&+i*w(Fm3PIl1vZ}wiN?Km6t@kbU zZTnv-KQ48bW%*_;P8!UyNkLsecb6AaZE6BQZM`-F_V5C68h4nlx^Vul6uz;x=d#1Mge-5It9*UWN@A+2n!0j+{SHg{rMwR z-#8mtRAL^F9nLcp1Uc6q`{zS2F)+!@-877$0+=qs82~kbCOVjJ2eQr)joqSJbqQLj zgJ>I3UnUTvQRn8+*kG&yNAKJdMQqUmhdGoV|0DJ2WzRmYA&tH>e@Q)jqm<5}85SY9 zJQgUFx;u{14E+9&W)q@Y71aRq0aiLet0^TWm!?rAEk%Y6>tLB?ijY^3^&RkSG7s3Z)cb>^TWP2li6ZV%5TX#@Ag7F{;Z2F-ED0uzY#I`-VqWIt*`dRT# z?P4Sw4BvznFuw&Q%K{RRA%6s4+;w9Enfb!;TKDKrd2TIl903ALC|$lt;!63Da~`Z$KjJ-|S0Oa*523^z5s=ctQ& zfWgW}yu*5UQfL+;C3nM_(HR=lDd<+P9I9w6;Y?5|@8ETEDCuH2W!**csIdW|k)66~ z0B53dsZr4Xc?yPC{Y&eKYB3oEk1ClW=oMb$VUPq%jM-x^6!pniDToJ?G!K&VVxtn8 z*5`Jc=e*d2rf8uI_oyT?Y1Fk{mlz6?vsEOijm!)(^>;v{Ao`niqaFtoC=kp!nuW?^ zppunHzoq^n4Eu&t8L*)Wrz}r9`=;_+>Q!yW*&XAfyZn*Y-Hs(1sLwi!+tEz;EoMW{ zw!7pSJHx!1SF8=MS13&S$&Kp6mSD?!aMv(mi%HgTiBe;PLTJe+USM_n2clVLwhD z-B~SEUFAa7kUl4ofKOjhU|AjW-ek$BBR|tJ?PcIrO3+ zn^KVlMN5QZ{v&%#O(OA3oCEo>+sA9NO1)>gd!O3_utAmGvug|5Fca_G(Miex!qmS<$1xQC zW|V3D4n7VS&_u?0dM^pvk7gUzL-;5p~8lfVkd2Y@p z?WW_vw*g{&ze<8^uDRqtFgXuBS1ZbVZ8+(jQC#3VmBfF|XDJlG<6wKn*l&rasXwiU^XU1YyEAltxklP4gho%N^6@@~@(FGV zOx8IDXwL|loPw&viJL-nyW(u%nhWZxYPO(9Vi_A)hozTJ^;q~}7n~>Li7#G^T#W-y zqYA=Pj5KmP`U?>UBx;4d)G>IHEe`VTCE)y!KRExbv3sZN|4p5>-}B!hH|PhhA&}z4e!Pvu{im z8L}z>VX{l~C7bc`9yluzABP!pZkr$M2^;6bVr{d7gJxvn;Lo;3&5gPR3NawxCT-lK zA8^fxOllbcf-IsMXDEslUKwX3+!$tWIJA1@#pRjn!f(6aQhFX+oX<{Iv0K$=^CWneN$_{In8T{^oByUBeEY2#uSvGK_oRh}V za*qX;v4gopQtV+Qkkp@})Tl}HSdU*AFjg%Dsh>BQ0Ca>)E|qLEHB;dCOcftTr*V9j zZiE->`7U7*Dto^FtynvT9T@yf0+aGfZ9Qviq&cYRcf%SnW}F8jB78BN^d75=bhUO{ z;bj6NUDtGk={>DxwaXDn2`sU%epjyD_d zV)ue{wFaXtWG<-Sd**W=3YyO1di^XRF!#&4`LzqV3N1uqpluD+%!<^)wFF21dQbTObFSvEt4YkU2>E&RTDY zSzrdC=p9)>@~H4AIP}ymMqu^QA(V7BTnmQSX6U%>Pn!+uB4wGVcW|@uP8+_-F`u*_ zmzT;IuiOg0=Mjy5C$VwP76QI`WD^TgmRgi|o7v=6I+WLM+zOxkC8hmG`P$^B!SK&! z;TeCF)h=-wrZZ?$E0?#hTMN^b6=^HFr@j=d^;{CxdjD`|bJB%l!SsmNTz`yVXem+I zvCRuY&p($mdn3?1=-_Y^RaNeH@j2E8-MCW%%d8`99c>k|E)r!Y6J}B=bGgX2RLMO8 zl9eF8SA6BrsxTaWx~aefewI^$&EDrW-)Ib9OYOsyF8yk=$QDTZ^JfOj47*XAnuNiAwa9q}`H8b66?|;4 zuC>&4RCr6?_w0NcGATZ&oh)4UGn&oE;uCbkqFDVuYWUyFeg-DCf2ToM82)xq{ZqsL zyX^Yk_v>%FRE79>;`gt0_G&>JDA3;_#0%Z0>ojB%u80eECJEEToPK~IIquY=3y=T41uRSFd?=Q244Z5F&1#n9X$Zx%odTyopZh4GQ9ME`RXj*Mh&3>-DE38?DXNeAdoBxB}Cw zMj)2Usid_V4FDTSXvEDTllEZPw}aJM3%GIwD1Szr-&0;qVpggN!r`0G?No+2RSlfL z3YJsD%`MJ_L**vmfq`K#4Z^|2F~irIi!KT4gz^>YywsUzGvK(JDnh60=LF=|?5c%* zN1Fn5Y|YCg+M_bzoE9}{p$IZi0)SfcfKT81gQUe!ry9}0D^97gR%kvTv3|Jp83%pi zW(VAGlnM8o=?xYT!OWA)hN&ORi4*(tGkT4ByyeiYg&vDW$eAoM?vp`_Q^`bkz(n!q zhW8Q4%v4lWq`W+XrTG`{bux|N9qCZr`{o-Uwao#~!;?*~1_A{X9Ll-W#dYfkPUr=d zP2sODj+l$5b@sVe(b#7l6wvdHxJT!iC;{c8c!JT4!$@pq?^SGu74EuDXp0us`Zt=T zoyXs$CxcLCQR607l*HiqpN6YCx7eO_HHbkh4%Xak9)?d6cviEKz;d+aV6*E*Lr0pE zTo1%$HD5$@k1t4(jT49k5CvFYU07#MwDwJ-*Hl#g(zM?(EPrf!~a+EqK|p4Z1Eh~aPnHgoZRgpDLdmn!ig=OABK$x(|L|ZaFfxcDz;9)|iVbX2~ql$)0^+Stc_}#m;Q)brr^+7j%$8zAi~Q@uS(*jrV1O4AWIfgVj1uPJ$&Dc# z0s_d`0-Ufod61cLrLi|Pl=J%z)xyXTXoVhHcW`L&F%#$k^yByWDCV(c<@7wjnrOf% zGB>TX634n9!in{a<4t59?|&$7jADgm$q_+?s7A^@GSlcSgYz)3Z}Kt$&^`5A3<#U=v>CX%#DedT(A7|l3LhP?qET-r!M z0&*Nq5nwiFXgF%a)~SG)Nkdj}BI!9VQ=P2B*N?IDrRhptWTuf66qy4I4ZrC(Db!MJ zQmYDP!qv#U$>$j+VIM@KUl4B;_PgcU+))8>st)l1`d<1EpjVmqm2b9yA0BJQ55#B!>p-PWy?DsI5qhlo3I!T(QeB zM-Oh9;eJqB01TT8An!2nb%TRMj9ud=!ZE`E4NATE8kcVgbTW*U$L3B2n&5ng9@*U+ zthFzc6n&0&R(GC(B^raeZDqg#Wh;3})bJ+HHvkZ%0GLc(*8x%#b?TUk29T&RymBYk zFBH57f)(rU3{*KR{v~?FR%qX#To9crwP6_WAUw%cS;7!i2W9!5EqZsv)dwOi7J|Q` z9ifO~u+s6?DzRJTAL$A?-B6@=_+~0b?y@6lzDW*aL)Ej%B&C%#-cfd zWrUdroLb5!49cuhCyC~zKxb+56B~5Hg=pxA*GjM!`h@``vOW?MyeBE%Bq%)e+kv!% zY)4+IC17Ij>2!epL z&Cx542E+=9Y_jQvd1C03IWLFkkx-dt(*a#COA1&51C&iRgsBJi z4q0g_1$rxxZ7fg`GJV3<1_#s}zhQ2VSnTQID-b3q4JE~2&atQ|t7rvq!`0VPZjZF4 zEe_Rak*ex)!ODi4m1lLGJ@(%pvEbSBB52C5hAIVdp^M>QY&^jezEZN6cl`efCAV7e3)Rv%3vBvM8IF zUe?S0rJGMn8NbM9!?N?LHV{g0u`-tvT7+|(u2a75DAwEN1{X!8?1dzPX8`Ci!{d_q zlAzrkh|Y%EkQmdJTKX4;xnX-ldPvw~a3xKTj?UKG>uS%>n-O#Yg=x)r_}%InSF4nY zq#KHb{2#UDgvU#7J*jZAPA{c)L`R5#tlPnZNasYmNG`e=e*gk8%6k4yq5mVh|1mY# znE#Q!V)#3h^^cPm!++Vs|KIdg6OCRfW04Rd0?2Pf+Kx^?|8H!Vhvxr|Hia@05oZ<{ zjk?$@fB|BE(@z*pbwZt%z$$!Id{rZS{>Rkt*8cnud{S+ztg!X1aw$z#e5?R%re8k$ zHZ=;%PdjR4djBkxmxRK(cAxb<=5aWSrMAJQeh)d#WvhJMaC^_?>B{m}>&R5nqEq_2 z92M)Beft_CvwmNJCo7*FSA4IsV8Ek3u-PF#(Gu5X)V(oImDfsFq8uKfIU3DJ_AnN! zwc4dIA2ieFqj!Ti+|R)76mfS902{yks+>h<(`NLi8Ub1cADI5!a4J*2T=_0vPrIt_?9T;ec(ka?lM1^QO@>&qQH}EWK z6tQvPwR~CF?h|t$I?I+l4}?8)9LHW$_Z9*N0B32vzFJ&^n9zBM62Ms822lZ`>9>L! zR%u++O91QW`>IIvG}BlUiYZd<{BG_LbKV%k2x%+N?IAnJj~F*2R`C_Cg~Tko1ZP5C zo!^ENIJjZqATaDwt4fKN!JX{DU8X^~K%X1uKz}Ak(;TFJ&Q>+|)}w+&7l9!{SO+aE zz}{HjW%zQG1nnY{zWJ4hni;DO`$ZE+jG*DKN+7RcH{{+vnzD~X%}ktFhPMJ5=71I6 z$DQz(+qatlWyc<~J2FY3D%e5}+6uVEY#Sn-9pYNZE-i<6`1&^0N}CZnR}>&ON51d3 zA=m?EQc5=_3$BX|;!FT#QYH!Om%o%!J-1Rsb~vk3d9xYIZ<1V`$SR;&_|J?SE?`^eKFqgpSL$PM zk_+hr<avp~Cal`98*F z+mVIa4>|j9u#g;cu^9Cp^NjTdWEZr@ZrMxKi=z{?hi)sL;Eg3`{tIy!+!UMP2sOSQ zh|ealRab!Yixle@PRr#$G*2*L+0 zT@L3&%iBNs6-z|Fum9|0xvG{;3@F4RM+8C@U%1T0GTq^rV-ABoU!4w_u4U!~hKVH{addF-nQLIkMCS;nS%Vf?UExZr}D8_sNna7;SPwmi! zI81Ub4^^{;35Ect#CA82u&mz4a&YxDW9xW+II6$_rV@FdSuvTHuS#I0TYhhH6@aB| z8;}+q8Nx3FSd0@#Mvr>v>&R1q(P+`QM4$KdZIJnt(@a_5SUH5NbJ590M!`>^CpEg2 zQMJpNp9`9id?_Bci&nAv2*%yt_U|G@SuPp|d)w10yaUWa(B23KL_P*l^w75=T#l%O zArH_h;5uh%g=`A461tvG?w3XaQC5K?kEV*^p&?N>IO`R>UcWlD7sc_rAmGxsnli#_ zWd{Ft9b+=fZ2e+57*8Mh6Y%K6NKNWRzSx)1_1ZK@gQ~gtR{>wgpJUYC1oftN*jH*O`+ z(r-`qi<7C7ldIuGaV|PbI{38!-rG(Eznraf8>I-Jy|-QV$6nyPtvT&o4EYltZ*Tcx z-G5TTm}abf(@>kvT-4y}!5KRi^X*=WQ%c!~vm={^%UY`dvQ`%2pe^v(-*=qwPYd!y zFU9&Zx{$u&OV--s&GAovBRK0?KL2!S&|b+qx@ZQwL_}5DZUkVM@Q@x8nLhvK*ZQ8X zwO+De6`0j+Jg5r4VLoRA<;=to;LUrKgs#BD0AZzwMXt_}3{uRw9tEI{2 z2|u@;AI?)FqcB>)w}98WB@~MA1eB$uVmH}E=8nnK1~~>wG#*$4HUb(G@&QP~>pOg} z$2ta1>KRFoiAUDYnV6E+LwImzJKbVw3pQ=)Fw4W5vssd_&)-(Bd&qODCmjy{Lbj+3 zYwy77+zqxS$B+E7$jHu7iT$ZeD)Hv`dv+%#j-b3Rq3y?@FHFY5RHJ5`@kqW&Q=D&~ zO(6%!50%&nYAjL$ELU)kj!7(!6ybbD9Bn0c`7;UgfDkgEOKv!e@}w;p4l^8*B;}gqE9t?FR0lpQC0tubC7`kc5P=~0oiG!#1)UmQUi0vXw zDvO1t=SKdnM6h`b?p6FMCW*RLZ_D9{!g2eFbc9cx$N1)7nUfE-~bB+ zp6JMEnr6sr2l}j`0u(3}68>A|&k?!N{bvD0c8VQV#+ph}?F?gt|Pg(C zue<}nT>!@&Nz0&DY|*Jx<_;F!3Y4cdZ;!S}5gdn_ zzA=hQ5mX2^(r{gJ(j2dtY;~FZ^E!D4&&HLA(_l2(1kTXofiE+61>r$h5odY9c9tKdqt1;m@ZZj zXFLb7E2!ZrBr-2t)~q_+g9OM?@M32u+cC3!nX!8cWMfbJ%&kLF3AOchUhX`4RoKZQ zv5{8>1K1IL=nf!>7);}8kcDT7fy(ue9Bfx1z(s7cLOzJK)QWPTpitKBwJ<4X67?^1 zJ)$!2(h7(U0)E*{@!=k0(m{!Pi-ngm>ap%B=(r`CP`3~Vrh8D^Ztb8Xny6Ewd2`QN zcsm(s>NVF=eP2s5CNqJ~pqtwj*?k$daWgSQ6lLw_WF4vS=cKrM2hmu_!c z+OucgCQkLS8>rLzhg;!GUU!CF&#`DT%sfpW%BB+UO^_?W!eka6_~{?hySJZ0Z{YW9 zTdiJA$ggnioaIIk(sY}BBG`GUX^f8*LHKr<##q1uh{ZSYAQZ}Z zoj9XQ?6SUm*%5@6cU~PMMmoK4xF-vC#{KtxHG>C`4U_OTxSjjs3ux{m+S=iV6}(y@ z+!XQqP3y*Z<3jAX;+xrUAyB=3apOT8ztvzv2xRsKd+~w?w7XD(2jn?gd;-Q`<4(u( zF~hF~@p}SCry)KKH@n}rc982_bk&-h;z?lu0; zLHbSsjQQ{Mh-%S4EQ(a&+ z_0Z+k+Du*FiZ4i4<)^FK>0b@@5g8h{zO=qdyt&SxPTvJcoXdA=rwMaQCHM~DN-WyxV;1|Jg^9lVVru8llJ|ixkakZ09OIG?n{yt&(s#((GZXFumh1N< zTLoTFM;xZzHLM%*DOM)#7~Q0x19E-SagB8EaLh?OCXD8fjIlN>&p6&+V9{avc4xER zZM<1suUts*1cVQ9K@)nN7p*D?8CZd&-ci3ld|r(ooYuYC{dG09`*N|JKzIYk2raK{ zFG2YmMqhKQMG4ZrKiZvO;Do1nvjqmMiNg3ymVqZy1chmY{0KnW^&F}nYsS+q!Mi@P zFZ$V6*g73qd3w;?epsQv12|Xvb!QM2IvM`Hy;Ph`#s*q7s(M)GI+4*thFVY1f5?o> zS-edHbb^{qxh%kHxG?VQ)eouDB|x!=#LD^@GTd2QEAw#lJ|X!Dx&{&g_7kS0AgPSl z)f^)|)(ZH@G&;2nJ{1R>8{Q1=tlrdA0&t;*YdJ@X6?eiKXCX9Ve%9O@EUs2myqp@) z@wg?=`)qO$nEM&0yB~zJy_%p8*EaMn4q{N|I%s_6JWuuk0W;euq6Pa*&N6GBU4U4U z{#eKigKe}G(S(>WD4W=5I*prUE)dFp?=8MXZC1o9lTzRZRk$$QMPo>|c;%qXRZ>(o z4P-q++Qt}cG|ofX@BMcKvBZ$6ZnOHa8UyIIBrSNs@F8a#pPa38k}5ntN3Ixy#}OVS zO`b9m239e?w5;}BX5?5VE_Jcv$OrZO{rQopbR?58_QV6pTb@~g%8a1J)dg7E;z7tC zB1k56iX65`asx|K!q(tGz9?Fp)7D=ibwHU# znd-Cfn;w_FD@pW6bTimIH6F5-IM$#WBLS#A{rV}z1*_h9SN)6ym1%>nR~s{2U$=pI zK34z6Ahe0b_BX>XUNFh>6L&8}gp7?dT(h-gc^m;P-vax_nfQ(1*2a@B%uDsO^YC&6 ztZ;-Ioc_g`l*L)m`wUEZP$;cfm-4E%UZ*(<9(-Gz28PTN)#^o65zE_3Yz_?h@0nfi zTxTW2=c6g^o&NFy7j#Md2cCV$dbiwR0b`wXFWe{U?(eaf^G)7|GTP8Tfp|~FB(&I1 z`I5V#+%xjJ7TW{zcpFOAzJ7&0&Bn+p9?{7P+Sn$Rd|I zK#c)ewlO~aCV(uO2SkOi^N5Y*)6QjVy#%4APHfCePR90cf zbhS4&fq50y-3Au>vUDr{08T#_+y2|Z;y*9<{|V_b{o_81@$Zn>KMod*|5X!SV?5@s z@z!@rCpi326Dp9YHG~))>JUHT3^3vsCOC1Q#t`6?=LxVDufN5U;#d=*TO1 zmVFm86v^LKfmB*X&nIs>bA8Lco>i5fj%K&d+*c_(mVtbE{-}Jq&7;n>^7^p%*_Zvw z^RSM_;=|*Eea?&dn1?ym)8peJE6Q~GJ))z9lq=|!Ds(HFhJ$e-vN%)>oA*#ZC$XNm*RF><|Bt)PM`;YZjf?dHVk)||uwZm7P`|raH9CX4uEYj?TC_OyAh*cax$kDJz!K(yiB>5Eupa*$n zr9$4~(tx~`K;-@VTc!l0PBS`y$;)!bGvqNrv0P={Q=Z=gN43C{yL7rr-fW0yj#TThdXCRec4?DD0yxx2u+=8}CaAxh^hOwzt zVqz1GRx(=`Zy70yNW10ekf6hjqJv1^zr6H`)Y9x%^;RkAp2(uGYa&rVdcKf19J981 znFNEPVM6jDtE1>~{}XzHPjlq>95)sj{}+P5pY=V^nKl*B1Do=kY3K@5{v}fK;3VgL zfpkUxNg3+1(fBM?5v3lGo!U#Jszdh|Ka5CIQ$)I=w0!F%HA6b-1kNNi%mwY)E0WJQ z`s$_AOP#pvm=X#*+g~$@K-MHuq9H-a5;kdzH5NeWSFtyr``&NC60T;~&4Oj?xaQ2~ z4AbQF^#|&+XE-06cL#xQVVkJPOWQ5fK=Q7?Rvzr2ft(oO_<{kv$GR z6h9(OHWqeZrFpeQa__0g$&22nt~cJ{CdXS+yTNQ&hSmb3H61j?ILpqDL>i})$KH{cw%064`BI9t8{u($lLrrl^XF>G-St0rgImi~ z@6otpn($Iv&8!wbw?=Q#$WkmyA=8=^d{3xv1~i)_$X~PFpj`qtJE5mtW>igLyaN}o z*d%c_=A*NQts#zeQfFAKBeOuEcYNh0Nu_EW(WcBA`_<}XMe}c>jK|d!Xszkcn$EOd zc#WvmPWM87U_^RA8j^>3Oyw|}qqIZP0^}JHj@qhreqKCy>25~$mMwxQ=LbnUoZu=A z!{^_jz8?~I`9m1W5aD5Q_QZ@H*H3}TpP1Z;(*4jfWr2uWd4TV?Dx2^&oC14GYVs{( z)TAdWTv1pjO?J*S)r(b^?RwUmc1t+z0k=GVg7JXFtDFR%lAwK8&XkUW?Eu#1;5TMy zTr$rauc_w;>oW=YZZJjtXi857w)Gu>&44NWoHN~mfR`lm0qvvB8LUr7u*x0)%w{;Q zy+MJ~JI3h;mi+}#^kc%-2P)L-1+i6kd&)IcAM7ZpLAwW!6w$3Dp7`+TNkXbkOuL#28p3uW1nSA`3cs z{Qjo`PyAGuE#^a%IAz3v4s68GLZuKIdRWh70KMFs`F$bA3s%+_ZW#;Jq4 z+{(-PzBmGjWx;Qy?EF^!c2`F6R#Un7J>D|lG`HWQNL>aeM5*&u+ZL&-S;XHU>|2=+ z?{WIwBg~{NonD2O#NTcz&*t;M$ggy!WSTwb$gtL^zc?>J1@CFOu~>~L#Dh+#8qM_V zn1*i{v?~JFg!~Z4EuHiM0wDMV=5mi*^XLA7OapDJj`hmWi~^rwpQiGY5}+5(95M-O zEK=K46X7vGPta=oD8nwIcg)r5bIb=n%_$L~S{fQ0>u07rJk}T2iyys${Yv&|pEHe{ zfF;xA%%12+F`V|G+ya7d;Bw3#rNdlfCe+&lX9(tLQ% zgSa-Uo?no}_}URX5|j3jXk-9f0=NmW$QXKtEiEts#5X|?(D4*ixzlt2O+UluNB7!a z7=`lk>rXqvGMY>+9|VCCF0-!Xn{b)-P67zveZ5-XDf;%nq|w!`8!v*lpy1q@fWqc0 z={Eb|_{t%>or}&3tvVD!$f1UGo@_ihS}3J9YvaVGN23N zk#I4Q+eLD{gOuRCh+v7+vhyLunv;bk{f7u(@rE6BZD`tM(CFr~Y%5lD+w(@P&MDK; z@s85nj;TdL9!%Bb4y|-^P1el_xx%AUE)?(?xZNL--?SnHugnVU0`CeLz-VT2vNE-? z+dP{J2P0gV^v@%2sD*gp^Y2j(E3`dv9mHleVI$V~uUALIFuz`J{V-V7_Jj@vnwRoH zxQYbDjsCDTB*hTCkXUMUhp0G4&P7k2dpeLWKdwEd`I3!(N(Wz`NcJ>6M9-OCRFSS6 zqTV+)Z~lbX-L!_A6zE(QIr==EaLJslpR;M6A->>)Bu=XYywe^iQo@b^Nr|esS=wit z5rTJG6h}^^s&{}`Dcq=|Rm@j;sv66<#8Tk9;Y5A-PAz5u7K|&riEYZ&Ng(F!>~Ter zyDBL1%;GSg4|pF3jXk9e1%<1B6BjYY0XU7KwJ(RT{M@r&JBKWjC+{@vTj?7cm9Xva zBC_mD_O=y9^lBn((aK&3JgW_Emc1|BIk(G$rQEs%GV;|4rb(o_cVz&_Yag-$^uEZR zp*f_OISA*uoz$w@55F0Pg*laZv?x<$7+AR)`c&tm6D-EYXVce+4X{^Tq$H~Scv3B} z?wm`GwLuY}-a4Sw5mnhr{LV#X6v{e!aVCcO5e8p0K!+Ox91$WECnwHNEX3UcP``3L76{SlG%n7o8|5CJ+8IkrhyKYNCnVkDMi>sDO)kH7 zV7w6e^r#4@Oqh2dPg2fDi3_5H>efKSEs2duDOOR6GsY)(=##|sFr6pF=;|TifY|tdS9)S0juaE zksgLtlao1#s_8Zc*FkgitYw&lRf2U8>OPBMOFG>YtB!H%46XCWqh9mQgI@nUT!(fA zS4bjWGQ5>LOvv@SwqKs6FNjF70r}mjf&J~5y;T2oVfn5=+FtBj@|i7{eS>VbONTu!(z$n(Y`5Z8JSaIp=2o}DuRfv40>Qn%!DC+@+ zDXYAi!~c^B-dx7k11$XKZl7l^qnO=m%LXBb_593>%zITf3;e1;X>ds$xrcG-^oiPO zlOAsC`%8H&-tgqa!KeaA&g*ab7uWDr4qrjHoP*J=&f+NfcKk21O`w;gtVgYZ1Llg$ zHi6`1>HHgdL-rAbo=7Cg&@#(pjHksYNj&lJ`~w`3%7#Cp0ABG0vjw%wzTn$9(f=wk zf14}x%#8o&FEaj}(ffzUF#VTh_5WD?e~Ao!>NjZRucMKD*WaKO;L`%Wo08t$^k0H4 zViGb|q%v3_b|B#kT{GCY3JR8LpYOM`67#yyZ4TTuJ%7G#AK)u{2i2S3zD@?OU-MO& zmH_|o{Aqc+%TwhO_5En@zuIHT3jt%Pz}bl2fQ?@F%Wo_LpZgK)6#a#{4F3rR7dR5_ z;#FoAwPm>HhCcyp_xtI41hDiZ)RtIwW2gE(oV35;cO$Crn>*#>EZ52ufQzMO%OF}3 z{bqiluhl>ubHo(i7)T3noHr{U_C8L-B?0?l-Yi196&s@qoqgB~^lzXE<*-r#sie*l zXf(OI=rX)mLxn7@d;%qh3=c4ARpC1JTTT93W*y* zJ4mC#=`-B6In$>UmwvTlV_b4;M9G%P8aRpOjPL}n$!ki0oLaP3DO}XZ(fABJ=sIIN zyKEmn5z7*JyX`SNDo6QI^91TMn=YL-k8hGGt&)Y5%eLW1D+V|uU{NSZf_fL>OJquBEL7e4)b08&8&^0!&shLX%x*d_mpLqe`dX0LBZ3fOM zV0{`$!dDcK<-jjt@dSJM(WIqx^X?CK(R2i8(h=4CZ4=vY8sN8l=_#m!2jl~_#dpyb zv-9Y4F%XKQm&L%EI*F>#F=UGdWTnqdSn$3nMDG>T^lzDRuS+gY}Kq`BQ zH$pop!oGIYW^N=Lgg9=j0RRA@ZaQhb#Z*$|nUM*CV?u-6NVl~WPI?h?O1+lWF^f@; zEZzeE6d#4?R0y^?VJl-T#^!OAW$(6a zI*KYLLNY@3$0H`Q(L@V-zAiDKH(p7z;B1NQmAzhW!Zot*Cj*s6Mg)fsMy60U814+e z*9+y_s^_M?pukG|m61zd*9n!bpc>z7d1;?VIFRdzRf#T#Ir&UfHWHUxh~*ZChhSfz z{BTz&jS8C0S<@;PQ$%&pC_Z9X4^UxMj89V7ES>5gpQ%iTg`!MVUBDFgq^+!c77CQT z?JBCN8W*la_bd2p$w`kY1)nW8&$wYN9Fy%2?lYcJBY?`=2cwWi&RlMfLWSnZX>!5n z955A)npY~*6ftF_{F*Xx~d_5{1Owudw7SjFxcP`C3$RDwEV*-*=pk zCP-&mdpU=>NJt`Or{Ea+9mHq$@#r1Ih&j`}39&EBEt0>3*_@YJd8Ig}Vz49+5*L`3 zb7$AT%xOT*l?pl0ju^_14PNBrIA9THXirD<$U*$KSNH^FNls8Iq)&oC`m`TrEh4sq zxU4yrvfl2+G++=+`|j=@;l^8--;em^eV|U{&lCK1pw7vS0omK_c$>Cqko1XkAd z(=r;uF4BOsO<84OPF=-i=h6zUacITl5wFBM4NXd)-1(by^c{>-mL3ZjRE~{;4n(w( zRZ#Tne7^hcXB(hc9Viuv5^Yf-l?s463%teO4bj2t#?S3H@RhZ{-oLuky zq2vcMz48>A9*8Y#C@t@aXycfsdx~GebQ_Kh)DLEon2Vvd#8$H2pY>E$4!>x|u!6im zU3nWwUTpFW^JY^`|Cp)+&y09!;alc$3a%)9f6omdlCwNu zZ>54tgeXB-*DdU@EHDi{ZwoWNlJtp2{Uhfmh;?mrkZTk&^0w^GFhr`s+}w&rx#Cet z8XfWd+Vt9}p#jLKk+ax9HS^TUL+QU-kj6U}W+z2}QwuUtcSF5=0}%`LmaSnP*y0Q; zUv_#7mh0!A8o(+f{IAwRrNih?09QSV2%Sa9<_%Y}X6sAjI|Dzqul zh=#p$WIelIJm5XHAt6FjT;;%S-ER-0CY!3qpV{FNYC6nB)HhqTvRm`-&csNtks(ep z#od{{=d+O5u00^yWxYUVS#$WTOBjv1{6@C1yTJn)j~1t-0Gl}7T!q280rV5SVpS3&54 z7bxY@tFpk8*Hb2nM09{nlAl3;$YWM%`o>{i+$0T1X*+r=#WI=L(mrmDnZC9GT+Zat zvl)J3denPid3>pR^6ZPiJ&|5r0IC9EJDGq}0+wD_!N2qx19dQH()k}?O6iF#InPwA z>-}O`X{vfbspB*!xH4)-_f43d9dLIM8uf4rsveksK9$?Na90>bt;v&iMy)~EVCtkkEj^Px&vEk@J0(3FSPs^=L{S^8<66m8~9T>)^Qql%QJ??9%+i%=vT zgG$wn@YIvX{qWr5hMM7~cQMvSxN`qFkrBB2<~lw5HAufBFgWSdqoN>W6+VO4{vATAiE| z?V)`)?lE)e-4=`vbVu0zJEZdu+>})BeB&Uce{k(1jSqpGg0}3kjyr)L#g!4yEVRE; zXR;MwsAMinxk|>O>pU(Q0pxgRA@^nJROOlF9By|3d8@ubt4ANIPI_@o8qAw8OrHhl}z5s!M;n zNc7C?|G1`O`a8__&lA*thZ>Ol&kD`E>ZumrUn?}3{ZA{~F88#^e#oEVvwU zNq`Lih@pzlT4iO-HLIXz`eXfNjq>^A7wx>}^{3@~EAu$lPL+B0&&Fjgi_E+nw1s6x zDQ`wDp0wbq_QT_eZQ(g7hCOdO;uMI568ssG>n{f(tfEiC?RjwNx6iZh#j@{fI%M%Y zZS5r)0%?)74I8C~m`sfn^JN>0P6GBv31 zc>AGIP?Ll*X6o;3o3poATov6uW$J`J7dRq@PQdsjW|BVUfFf(sE+E2qU?fBFO*ZSw zUwGxQg;7$#`Lc$OLaQN5d+`Pc=Bu%{Y?!x}75YFeTciCk=2R~BsBo}Ti<*c0)sTs} zY9PAgh_(saO!~{m{=Bi)F=#^E>~j3HON&-a>4zkvCT2vUcg1T1j$`8Me21WO`>WW#;x9 z2z#pGA+4#qNoNQTxcJ#>QJEo%3WUoQmhSV($Jm`@iJ6OW<2G(|7Y4c96~KM4%6kq| zD2zo5jCk?SEzr!P>-x5a&Np$F>wd&#%l0MMwxtaNgE)9^^Mcv1^6?@p+0Q5mSa}R7 zXA>Jjpe_wO@vp~tT(7dCSiV%{mZX7a7H0Eh^lb$1I|d0dEoeNNydYHhn@FS(<~PQu zI!0p74p2g(+!pUso52n+H%1wyNGv#%LSgov`QEC@lkTw*mBW0Eo7+Q_?`h)kQZ(BL zxLk=VP#oMu)11xS!pF63^=hfNtzYHcjZ~_R_5D7aRBdU6_m8gJ&vM^wU|PN9Eas)? zRHAMAeH0TY_9eocbG@)v4Qs7wT;&CF>!Neq^5}eR=z^gJs-Dr?b_DLwyz(Qk>>Z*3 zxlG5Bq5U!>zRL*tcIJa9=hg1xcLR5EXbZ7)Og z%LPN-rx!=j+ty+nJ}uBLR&U_%Jzh5QZ3z>LLH2edTtX*eR%v+GbxH)6>$AZ)`Plb5 zAj2)o?vF|e#FvcIFXfG`f~;8<*GU%Dj^9$5jNi5stN-AkE*?l%{XSgcbt=K;7F@a1t5xW{l6 zA_uiykULL$54F9oRoeinL1Di%zg_2m-&U4^YPx^teR9vme#go%bRV% zcFLp{vXrsY5j&_TA5Du@9mRpCDU@s$Mp2d6%|Fj0Z>8>g*-I*_K?2SWIrl0X!}?Tb zFD1>Yp_@MKE)@;M^KXWD@;C0gNGcBdU-WV#9eCDHzCUBm_8FzIv|mN+Ds@LbZhCrx z4>5R5@=a<+Yi9(cf97AoHhhK!(>(h`IJ|{dp@|NQLZuAcqw$_Bn~?$dS1aAazz*yC zYw;$Aq*!JNwo$j=coyZar8>RFFeL?KEy_`u>!tSHC*bhKCo_tpw*bx3i8B%Z_+yj+ zTM%Q@9wLrQqnCgxZ~F#~w(YZ?Pf~<_tjOm5C@8%r;o;RQDBbC-9g=Y5gKN<-o=9<3A!2On)cn{;6XB9cBQn(D4r<}$QT zG|D*2G!K45lmu2VJD*If;KSBeKW%r|AaXq3eH)z_K1z>)Mod2^n@W;0^+8RKh2-+ zJKjM*@hiejUfyJP6UNc^Ou3nH_H3-g4j?DIvs;0TxZ#x6D8= zPMG?>Xyi^k=>A~p1)Lqemkii*+J@Mx1^h~?$r1$#yVbV36&Kj>%rKMvG6%u0eP7x zz^6GwDdQ}h0KV?^g%`{8Q{#)K#O9Tg_6f#dN{e*ftP20^-c-;CsOeGVnIXC4b`+#> zcdn%%$Swv1wptP6{Byu>6DjJ##-d2$qGo*_70FIf>nlCFvo77N1eiIc-de9N4Ijl8 zoGt*jhLytBzj!Z#*#&4oF8 z((f1$CE+6D_Qix9E*A2B%sv7cvW6XoKN}*?T8jm%VG7W{-Y!~GUubXbKI<1(tF37% zgwX*o$dwURY6;PEJk~hUG2OA0Ld`PP@Ob?D22ma0L{*ez-^io-9#GwrzFa*;ub?JR zf6o30MOgqkAw>SUxPa`_meCdHxxu0I7@a%l9lroMi{mg*6qvbx6dLiX7RHAljCT-OU#3$PukUAA3gr znQpy%J5aBDBRxD%r#KOO1clu*Z-=)&yDWv|*Pnvn?k~`5FLQGTs7y`*%cDK98@b)F3eYhouKuPPmdI?>{fvU9M2t<(LojCq z$CznR)jhY5hM^=67#bGzM=S6J#iv)Gno<(+yJAwZ>*KdJn5H_^j&j<6e&*xqP>pd- zK9Qfl`mJD_4Q(80kZDyUtr@k}qW|)4U77mP@>#R#fL+#Qv(;`Iw#av68=;s@5HN}K zi_b^_jqp>ltHdFBh>dN~Z@^XwL!@>SOjJHUt(f{`~K02&KL^XvF+%!k>e==Dp%ze+@d$2WG$ zRy`lD4sPD|K%p9W2N$-Pc(WG3ZqK8%z?Y(&ei*HEVK$dw_86@m0MV+&Sp2X8``jP% z1JO2q4`qjWRM}A2gR^F1;1U^peZMa*WNCACba_^p&a$@Kp``5V?;+;aUU_jcA^Fw7E6vebZRqX`+=&$90T($S`q0<0MhKz`3vAdU9 z^2zqG*6F8HO@dRv1Uw~EqD++GWfHqNN{6A*o*dF}>FhBuxSzPtwcdR(SxqK03Z<+B zg?zF!)E0Mk>P{-Yct4eVMCep}{;&hEtqVI9U0%isT-o)kHS*D~d%(uMtdbN6lJu)f zb<0C_URw!EEb1$Xi8z1S!-92k+EizW7mEHqjeO(2NiAE zg6u%gSVbu{b#^+y_Am1C%d-fnM>Hv=kXV3`#AviAooo}e=8~aXLHC2zt8lCW>=#SpdKmMiFT&(k~RjW2O7g&r~&gH%LN$iEd9U? z>~ySWCxWP5TfM7Rc~!!Isx@=VKVeMrvrKW$;B%;oa6UqP!rhj5L&pR+lbD-|KkX?` zJ6eGQ>ZwfI9BmqiAw$?U&N>Z(Mr;nuzp+$ts`o3YxUm8PydxIAS*}V;bBR=<*0YJ% zl!66vL*dQ>6sMcPN^3YZ-eiuQ`p28wp1gsq3f&>uunDt%o!*~cSA@EpVT_aa2DkVA zHhfv2T)43?5;@t{zfcKc2yxy_#;ZoofUGANH1H!cHPVH$4a$c7=cXwVz@>Bb@2;H9 z?Gd}F9PR_xNSP#aR)=P}=<#8MZExQC*Y+0Mg7qgo0)65U8;& z%0I%kgis}Z@fN|dFcMG26BoRS3Yka%%K%AHx9KEqK9X8Mj3?rxViYHoVEM`xw{fa1 zRNv_*8fKPiAh4Ltf|Hg+iPh)Zf;ZOaKjT2?u$PR9`G60xdq8L-Adj-a4}rA0QS6vP z1_+A^mJlj6rW~cW2{=~AR&gu1?f{Z}*$dBa$j9Pw73xU2HHJ(EsY+s7SSuIf3Q@68 zbT|lQW?qIea~8MX6{C`LiC^o(3EwB^j^e{D!EQgt*yJu+Q~iE!tX9s|CIcEe%M}}! zJ<#)=%!4~~L{)7@3mJ~yIhv}PUJK(D#9rPGUD(Ck_>E;FcDEWCT^IY2u@A?l7?hmA znGn$!oOQs{K{?4G2GIPgP4*vFto7{k%76_6$4pAB$TkL!N7$5BaD^>JaWCHV5JNRa z&ROgQ??~l~c8EWBz|;$}u~UaRNp^%e%Cy8aGsmO^9E^~tyt9gu!I@0VOQt1?<<#Dk z{~)MjO#E6k%tXpJWv!^3n>Je+!~HaG<5CvWO7ED8y^6p%OqVERy7=>k4yD7On;l7M z9^pG?GQAIQQmm2JWYdkrO)xq`0l+wzph#;pCCn&>IDHEzgY#Y(nbkpX9?r(x>NlL% zfhtoiG=6s7U;g=?XuJFri6!G8&6>Fy26Ms)+Qa@t2qd-mfyhV3HH@g^(WU#8b z)jXhER#b4n!2DG5{%r(;P5DZv-l;{x}I_Wky#r$1_gc3Tj`jb~+T#A>x zdJzO@;OG_QduVd^ppx;m>V*Yo*vVZ9ju7N+9K~}!XV~6WqE|1N_qv&00 zGg0cb2Kl(&171`Es0SvD@P_n*gKw2sjEeygdvg~s&94v z#1fWIR?H($h|wYFgH7&?0RGckP1tyNxEC@WJQ*>iibmuQ=Z8{YU1LL3qhJVLyKi=A z){jbnY42Oxk~7Crbg1!Nv&~5oj0pi0FNw52U9a$aRi-ijCX@fszW-QhtpB8=GXEVo z{KsLB`M={k{7)YKMfDV$4=ys23@`v-9T(5xN1i`+z*YkQJII*U{X4meeLS&3gJE+g zBPLT`igAQ+&xQ^vHJse%=e;WNZ7rbs`u|7SJ4HvjXkWas)v?WvZ5tJLY}>YN+qRu_ zY}>Z2PN#47Isbj{e%KG^zEzF!J=DWDYL2z$oWCWjqU+=RcGr0>_eWV-*Tn1?AqUbf)_F{N6iS zxR^LeCzaP$U!=&AiV|R!aJ6>~#6E9<+^cEAY=dKcgbC4r@#zm78N;M9i$ccxjbW2d zt7~zfi+#ol{W#c$wW*gi9}!RPu<>mq|JuVozrGFi1>f6!u=YT?_vQhXG)&}Pu_J#V zk}H*v=r&UpLPQx{z>P9;ciE2{AMygJt~*3fs&xnZ?)i`1kA~8CdqS2yX|k<%7COPE zz^1)=B}}BUT@`idPyxWkkabRI$PL((xY7c`UGNg1>Dr?^yp9xIYQ;c z$zdldexZ~>1huaJibd68Uh872K%2o-7uGf(0&Ii|Od+gJE;&!)1p3No*i;x=9cLn~ z@+JFVAj%5bVqwCW3aOcUPq7VnSdL~X??cH*UibTpvuM^}GA;?cKQ;rGKsHHt+ZWjaj%EYW-NMR=b0&e^A!g@C zQk*H#($rT`miaBT2a0u2scBwZiYm7zYytRwUbSy;ke~6A%)oTsP+!ASI^~Mf?kAimxQ?fB+8C5<&4lPiKhaMkjZq zS~G!hQ)CAF!4F203h@sNm6UDEEE3iG`mTFN2k>28gy)v~N5_0RHj}Eo6VX1{^cXmH z<0rTGRav%OABFe##T{&AiT)$*Zw@i=2Ks|KUASE)UUaeKLph<#dpZ_lFjUYK-Z6Ut zzi6&%Eb)rkhg@Q4bg8q=Ggh;4SoBGu_i1IL2PJb8Kr197c;s8bKbV{5Rk<~bWeeaM zH7Jm(k+O-5pX9IPi+VN1r`xuvQXpD*M<>VGFEw4$=k@*&eGj z1DVK9%})RXrsNErr>Ip7OqbLzt|(>&kpnlU_=F*ruiPck(9LwM=uPEwy`bmN;wV`X zXg=cA&xAeeIa1b+@R^PT7o7V_jyKN%$BIk5-9aeoAT<*JWC!suR`xSUe92Sjj%H=~ z8|xxDY~)R=GlIu11+%^NMvU!xvR|7+R*~(WQ7T_K*n-Pi_187d!Rg&eN@!;+21NAL zJ3gdqytl*;Pp<_p%DsQrcXcDo!Zo1D-Elz`~(Sy;~0xVJyuDb2- zVzhGiiAy<7?($Vrg$yiEdKzsMb8qpt%Gi|NucWiRDD2iCn*1N%-P>Wy^h;dX+9eqz zl=VPRAwriv^BX3x%~m?%pOkD2rHq-x$DHZij}L?K)2ZiCSdn3(!`7`A z&pw5O14LblCKD9INI_lqH2-jb+iWIf{Bq}%_jLa*TtkO|3lW_;-K6c|L2HxF`$m@O zU{$yK<7fPY%cC$HeK9msgJMpYTSLOeDz#17Ph9HS(;AoD*T#t8IN(U})vY547geMu zo6BievrKpgiVd>4wZKh#?dV$~QL`0QJ=a3^%Id+YtkM?blQFIgZ<&?y-|x8`%L_n| z>A)_95Xpde=PiQ#2-$MR=3`P`(V6CMI`z`4{baw^a|(~K(4-Q1k7ngFP9Z!wMhdQO zwsaiY<3m-8-|YmUw)~5-l5$1*rw>Sq+G?BU$3^S;aEScN8t{wm3iJ22MDzJ+8xG{R zibXLenwWue$l*6_c9YJmSd>0f^}o{gx%f-+5V$;>M9+?SHl3Tug549}Kgz{5XUk2| zHVY(z+{tKp$Ow#&ye7nBPYTKEaNeLYuB$tMFzE%fb30DQZW{Uv< zBz7Zo5(Rs_B=W2xEvC*a8m)6}VRy9LOQg)^H_}{zZO+#WlUEPfy7j-3(tf|g_=7;Y ztH@lg344WI4%ldbM^Pj5yKjJa|@1E;_dAKQXUv1{qzuV0J z7;d@aFG&-Pm^#0PTS;7XFK<$QNfpboPwl^2Y?i>(8~RU2FH1B0%D$nU74P>a7M@zp z5g{7#mP&ZOl|DRa5q#`Rcd@!2O9-<1=1%bz+nSY5lcOY0hv#&6yo##E0pmnMwiF-U4j1IS5?nSJgvp{uwMDB9Osa+rY}Mkrod znMjCtafktTJukvSlW&lc3;`IRao0KE7-$sBHv7!RQxI-#t63r$V~%Mb_MoIyt`=}n zHk1T@4@Sh7jx{ZfYl89>Tx3vbRWLiW;kaW%Jo-OD=1nHvdty`peI9t zwr31L#UK!w8peTM){oG-3&nB5u|`xVC!=Y`tEZK7w~9oD2GWlB$&1Ked3`Wbm;toy z2YkSsN%sVrfSn0e*y%RDhKds-FaX$>X?=F{ls?N`DvLUw6MxwJ)gS-44xn|aI2 za)FZM5oV6~b9V?zHLNB^G^!>^-Z7-zraD}%txKaL5jV`^HQ)@*-zA}|997AFRoA)hP?y@WJn$;$9;R%v9 zgHy+%kXnrR1~RaW@O)dDj^1&|MMRB^fb)Jr61< zGVQ+{};ePHn32Wp%zEp`%852K5!^uoBl>i9hLHJ@5SVQ?)C|e3aZyUMyz`_d zPSUk<{;Pjov+`Q|T|r^`#mC8)e;m&gwS= zACjw?7c?a6RG#NV&Z#Vu6?}$1>ulCw8rASAf;rntdN*SrHAE%cdh8VT)#=UVQk=(2 zFte6S$Np8(i|LBD$i@K_#D?FtujRF%f5m>=L00>Q+g5N(Om%bM%0<<#6H9^M0X)ZS zu9*k1&p7V=+zr2?WYJRh76j3W)7l4OhI;&M`r-P-z1@)hQNeDAb@&Ct4gV2j#^((@ zXY+Te&Mp=BjEs#8*Xad&SuxJJ9H>mqT`nBfy8*IAcii}Ywn!T zrJLq*POj27$$t2Cu!ET;-w=>{nSa%-zdgjS9vjnN5B#^s#`Z514z~Y|!tq~gaYofm z`!A0BUlfikqyP7o>;F{@bQS5TAe7LmLLaV1l}z=v_8rrt51QM%2pTc|8!cUD_$Ke#BL77Qe$$ozV<9nzA>lPC4m;KRXC zcQmxy5dD)_MDT%L{3aTjJPfCe?i@A4#i--eb3#AM@iuZhp+uvXpbjCp{7f!6`oB{C zM7{=v4xXWT%uv)v?_*m?0HP+mg^lS6q+n zIh!6`r2(y87e8KoLQ0u1d`7BcqJx$_km${3vF))T6B&w{_6;<+C}>eAbqLFn)`10I zn{GH+JBdc~H=`)c`w#mmOZ>L8d}C%cP24J46JAI`Tc@Q6Hr*9qL7W12O3w=dxo?@u zNhh#cY!eTxV#YO6h5EOAR9jx-{Jhz8a+x)WISH1xo5fG_PHN-oeQ(gh7>=jdA13mQ zZb}8jQi3vIrOmhxfzCDUVBhYVbi}aw2f={t-EM@R+k4~`)dmaBK+szmI`2SC*qN6+ znYcGp9vigvU82X;r+L%x{8d}&_{VJ2LAr2S)0vT7j1u;F==6WmYL=dfhF_R*E{2~YjTbDT5IyJZHsYL$kHKv z*v3#*&Q7qRVd7gJlQl&}c2VK(6BDJ;%G6gAP>VpaXjLzid%z0Xj#F`(V=MXL(8Cq- z&x5^+u|@!*nW0cDu9eS1@0B)Xd@2%#Eq0s6+>J?`^<@ddb!mRuh4~Z8m6JOeQl>f{U_WyhmJT-u?3UwyIqrll)BVbY+f|At|{p; z&BwQ#l6J?cDaIOwa`UJxwFFWgX*gLTEE=EcB{J-blWpZ z>025HzuAX#xHRoLo??U5S3HgXH}B0K8imr>&Yh@tYbow@YKQMH?SNCa1P;zq%4S_ zCZT=q9VrqEXRS0_{BYW9G^iT`O#<&c=zDMy1~64)hIU*H zh1cMPc3cbvj|2#veI9?aT?nkYW#(Iz78JjW!pMt$ahul}&)3d^MK8v7raPNfvEaf| zRz(A%uA$M$he%>VXo2*Hgb(~`QK%K_fAA}-Jo7Li1d(rw94rA4DR2wco#8dO=vWC0 z&G;`yBdyj0B(fzD|H$P=$R^NskWz<|LRE`1<&b}~;Y<|-4X@Ou`EoS{F!xcJ ziio}|HNw-BN1bH+z6^Df){;4Nz;)DRUJm9io;a0ow(=Az38OQP;1|O8KKZLH{BM|a5LRD1Yhg} zoL$oy@tPnl>>!+e0G$%huZ@xSCT^j71WE}XK%7>So{4`BE;_m&e}mn1K3(<=2M4k3@N1lwtVOC3%mDQgXCTgH)bbZE3J+D>SK~D(j~B^mj2O>!lbKQwvpc zfvh_1s?OyFBW12MIqEzFV#AokUJAi85sqI2p0bjIc+}Z1x7@^a)z@iHcwdrJ z_b_!z#}pMbB?0wxR-UQ!m!t;r3rhXc)hzS89Yoa@+$`pu1xHVV1wX#g%?Ngb#yRLV z+rg5)GZ~)C|eBc?e8AwTHMU9>28_YNUvJ>kXrXnz*|={)t}e&FkEW|{9{%rvHv zG{$$=If$qApknA3<&q$D3qRpNRMtp)G~EWtu*TW4uhZS`=>a9Y z#AH1G3+sDltBCBAAykPbODZuBWT`|9sUt#t15S~m@c8~uUd8hD=WP1u*RCzW?+*n~ zI8YjR*#mz2%;3A*(C!GQx`dJ>mxC~Gyz}k{-EpuHUu#r5A>$$KZP+)D5DN|~s70EP zFnCTBf1;Rdm|<_qA|@)t9+coDQ#YLz(Nd>pDdhIAuGJ>4}G30`Tn?a4I8I8(kgo6ZD;~9)Pl$^35TCqP(aAsr0rB% zY8A_WZ3EYIX0)NS`pTMLYiRxwtc&a2kC0+-wF&FkBT!o>PITH!yE`2u^HMG9Qa;@a zU}LCY-G=n5T^2>Wr8WGRRdaNDyWl*_MLD~x%u_YHTbD#)gZI@EY;9Gu8zf^^e~9Ee zwL&Z`X+5mRplUte4!)>L<`bCY_IlL@c(A8!WzG8WtVvYsT!Td6LI;J+@^0BZ*yCb*RvLwS=sNp4vjjAjqo4>?3lg)k%*?Sj?jH8j0jiTHdI|Hh7HeKPkU zLL?q-FJS968t~8-*Oi>O3BFjPrr#3+JkmNl3h&g+biWy+ikhnDSkl1D&&D^fr&ni< z**LSusSY{-PJ8{^ppp_ik zVzL)$s{Bg7vgX7cH^Ks`LKT{aUyM(@MFamG=Kdrl;&SLm*nO zBq~-^i{GsxS(SHGb*cS*;YY_k)V+T>K3&Ky{k*Fw>-pWij;E@#D-UZ>U3oyTGy|!< z*Ipju`@7{E02Zg+@(IET)_~-Bt9)~KA$m~oyVgN@iR4cLU-fPRRo!V)|NFv%BJ1B` z5*c!l0R@42-~zYFZiNJ{`$#p)nw{`|tIf@b1Hr|b2GsCd$ZVUN_W)dQx>XVZObsf! zR>bdxcsd@7f>$GprsAwRL&%Lc;K8*eZQc6 zWfSEbTM2Bx#|0(>n$^laZfNaS{N|;IC7AB?J*V`HmP-zw(qBBgRIAYi{3QM)_D|Hv zN}6*bNpxUE6*}tJ*M9d>@jU4E9%%}JBp6RF1_?b?__^(ZQXhM#HF-5EL6xEO#Z+^tBw#o?_wQUk2PXgZ79YMfzP@>ml~DR zSE!=?7Sqv_uRb2X)j6G`v>0R{@4A#18ija!DlpI-6lwe&(#jKhT|W%|V49cF?_5A9 zmH_Nit=>`V64fZ!N58ytkb_s_uvosWkA1fxBT|hhTzQ?-dw}Q}o9&ujKQc=VA9J)| z%sT2d&17&-KJ!9{I&ZBwy{a ztKUEbM;WpfdkFY9C<-OsWc!B2t$3s5a%iGbLn}e;N^VrD>jFmVck;(TzoG3LYQ1$+ ztD9xX%4lg7-2uH8Sj@?=GS?EESum?dkrEUBm3W`c3IqqQG3&b%N*8VE9A0s` zZCnFIR!J{8L&!nWaIXgXCa<7*6h8Fqfc37ScA{$1Z2Qzg+G5Y_K0kfo99tjY-B11Hw2Q5v(nF^d8Jh?#@y3}c3(AHEG}t`Q4(rYS=?4DIIw6E<0-Ej?ex9OdZ73(nU!nCx3| zhKzz;3Zq%`X7)dqWFS`A3tZ0_+>fZ2$oHTkY#tQuB z)Qyk&n~Lax3=_L|XKGPNL#0Qq?(`3Q)zGLJWt|Oa34<7s>Z1k@CsR&QyRbW{T|G>l zuhh(LxxdC~ULL{x_i87l>felX)6xEVd8wNoXD0M|(RWn5SOWb^X3s8^N(`t#h`jAo z52Nr8C1#J1I_YrC_%0kiw}s+~i0p#5Kz(s`_@>XLwc2d(@1jR#Fks*RylUYe(&kK1 z*XKpjMq-=)AQCXez@H^?JuXqkzE)^Ajkd0`v_$Dto_V9yWbZ=Y;||-BNrlckASoMkRbXTJ0P0w875=q@OU|I0FEq+JTSH(K~*Fo%W^NW#% z^&jOsw!d?r|Ih;V{|R5B`QP&0mlk}L??Mq3K)`@qy7(Sj1pM$LwmWENh5fIKeSba> zQjHanj?_0uBGKqc!-yjMboXXHuHe1=^n7(Kz14;HIMM9>^?9|olI!v(sMO-+cWvmw zf^el>8RWayyWz{j+9go!=SOv*@YkhZZ}9AjUmZ##Jq>tjUKIeu5+&?EA-XEf-Wz@G z>>bQGbZ9Yqt~61Q78wG$P1nA@??-zR3j-?&G|m?m>?3rGg zbi=kq^QX*XvLb~i#!2ZCNf9*1Qtz-nO>sr{CnSO#U}W+E1D+Px)wqHxwHxu(`@n*o zLL6}`h@dIguPdW|%uB51QHABBL3W;1opN)2FA#k8lgewZnG0a|)LaIcP==*>3|EZ9 zV(A8`gmM%>VK40`dXo;2+!YpVO@i(cDmWV6 zd7zPf9R3YrbDT>1T)551KWY;vr7=enT86t5wH-~i1m8TQkZU3vSfz<;pVr&+o=s$n ziXaDfv_ey;-hr6@9mEDZP?Nb`wF*utbAbs7f~k-p$3F-)!g~%+ff$c47BqC#pYjK* zIhvtrBMoqqIzk)c_4Jt_dzgnk-X92J=+MVBs)BOih#-tPqe}=f`aD-_FIQ{;ozOdJ zlGgAe79~LGCKDtn=yPG`flI|XM-y>ChoPQ?6zYem3~H8DxE|`=h}{B(MsHS2ri-mh zO|$wqmF5p+%;4^fW$p&+tretEKL4=sMUxTC(buBI`0wAc)4MH~rjTwu0{$Y#QUeQsQ*PmE+)C>cR$snywsgX7rMp8|&>I8Ne%yhiBq zyVQKc$WhbbuS6c1qmkm-3Yyr+&#?^HvYQG?VSV-!PSv@(e*za_;;oO$Nn(zrP`huo zgD4m?k_zOYxPq}u9=l~Xm_rr0BT1^LM-W%)m_~}&`p;;NwZ@NMIDel}u)-pAG%X-m zwa&pQ_&j+#*sozVx;Cv^?Nc+ehi-o+0aliJj(jWbRUv@P#I~YG$bNOchjwV2u;QM# z)zYWrPRUL+D`O}ve}M2Y_q9sDg~2r(X2^0lOinkBGlM-_FDH*=nBy~c6_)pM9V)ZF zpb_(C;r~WG4!E{ar;gRU*`e!-aj`d)lqh^Wi%6*JN_rN82#R*m`W9dSY*HZ_;RcjX zd?>CHA)>4!8r;OgBLN7H8$|vlg2sgRwQ60nfcZg9R_M&x+#^0V`k`A@g+;bwjSaMX zoaJ6PU6?@zAP%RRJ%&Hu+2_iAx}kltML3fBZAnym$<8hyP8tSg<1q&2FAIwRuuagl z?$?1_E3z`(@h%@Y&&M0B9x}hqBbLlmr)FPHuwW`WX^*K_Zb@-swv7$P>Vo%df@f8M z$<(PAPhK$>TvkRHV7xN5VC~1P*eDy&Cubf-%IzRag-4sC3Q;GFQwdZu>2vue=#Gx7MxWj-#RHZ|t8%d)8@0fjC1=Vq%E3a2dC5uskc` z5Gih)BiL~7wScRX{|0Gxu3G_b!ziO&J~amaJvuCNnWH^q72lXXpQCCukFokOV%*X} zhxE2$+Om!Y^-R&Y6}M)Qxq?iPyEczFb!%V(JB2pc(zS?qF_)7&Vv;|F*xAL+1`CiK zYdxQ<={>9E1>7^SX=VD+!^t{c5O@Mmap6ZFzf9h~y z=D+^{)s1YoxLN3ju}wegeP9d9-)-wx=n3 z(NXSMJrzQuCu*AkLpwe#slQY)vPXNpubDDX?-E^amSg1pb`BwK8EOH%V$tswqGf(A_e2 z!sj;Lttb>4E-Aobb5n)>Oy)xgSV7r*g*?&OI&1U`e{GCVM+*;U^2xl^WPP1+T=CR! zLZsx4zNCV2Alz*)$)!ezl@ zUt6*?B@G0>L9jUK4-I0m55w9lQFoV|Ou`^nL-SssMlnd$sX*&T4{b>3 z1FiPs)(+}usT+!FcOUBVZDIw7q+%zYj}~LDU6EJ8LD@k~LdkvTl4daP+CI;khD`&@ zExNsyqHgG%U+FFfKL=Wgyo33KRp(6u>E&AuP3uRw0bJ-{1Cdng!%cY}-Ve z-;?x-J@c&KoNy~A)SqqXn(R=ds*h8~Vyu4wNC<|erio`}G}qskJ|v)9PM7~~ngZGC zjI*H^agY-Ze$<;&id_LxzYAwzk3g^@X~v9HPO};oCM*^ zL1+78+{$+F=$omlfmevwrr(6=k(d3OWt*49IQX`a)_7)5+efmNP9+&#ZiZ+0#0li;X!u=b%vR8Kn>_HZrs;l~jMk%d0VDcY0&&tLX_VUK6<$rW! z`B$^O5LWq+iPCESKuiJ7eJ73faM`H_jDS%B?O^KD4hL2lO*cd6FniexVPj8^UkVmA zg7%s+CJc@{5gEVGP`h&~hOJ;p!VtxP}PHP}KxGV8tq^fQ7@ z0Vb!Sk`qO`7Yr>_n_Mng&EN`oXx}$K17K1yoPVMrB)2K7z@o{Y(u~v^ye<$!AigFs{Mu`N;!`{C#ZPwz$5xStCRAP?Db{j?W=Fo^nwZgAhjK$9`%BV6doV81| zwO$EWy?$8bOQGCbkbdNq-zYi^EIsY>mVWYg2c{U9KpI3~LP(g7m|*3NA+4veu|lke z7ZdN>962ZaHaj@wA6;{TDrh%&1G0JQcbJ~gLt~O31stsf9Ocazln52?DgXzo4tZkj zHcEcWn9xCXT8|gtz@AD3YW5{+R|vvz6>HP?^KGRNIbLPD46!?S*Xh!u2wwT>C0I*A zT3C+@ouU*%G%pXnt`7w0UXv9yC`2_k*47 zq-oIEoaQ~DW0y1Eq9)R15 zoYU@H*jh7?TdG;xEJ>e8aE))k=lb{75B$$UNmu`>Xnz}KjBG6bV0y9topk)?`1U`s zQ`G;z*7Xm!eG?&252$I4L--K+cN#Zv%XPl0Ma;NX9&z!yW6u#o6QXQr?I0 zkPgAJ{IU5o2m5>?#5pi}czT(d;b-v;Z7q0vKQVFLgvJCp;3T@+aUp`wBE>wjLZ$tjXqSc~g_L1f(i8h2UuR zx*A$Sdi})FWQUUEuDG>`)jhHC#m=IHn$V1~8b98D=r5zUHFTYpCLczj%rNY$>C~plP(htVAF2(<=-@ zA;iy;I+DEEJ|q(fLt_k8BI;h2?qrs-CH;A7YeBhy)|InO4*k2y6h65bTsfp8(hIQm zS(kH33Q3QB`-rKi%&3rVT;e>IJmYhbb?8z8-Qwc~oKS z?5DJZa5Bmn2hL!YwizVgILX7F@E(D)`5!#Z1c_8Zd#r(10a|bko`9iBz$kDz7chw3 z1Djq<=^kA7knlLDHgW>kOjp@@jpvyob0c5!9C6+hSaUoJS(<4Ep1ODu)%!HNW`Egx z9!M>}ibX2J;fyT(T9q5bI*&GeZ5=b(v%S9_H)0t+eKu*V$om{YA6FCaROdXGhH(tV z=oHhF;J_;uZX}+wP@w@ugheX3WD1a+SQ&B7O`SLoT|}HK^j%y^=x-y*2TWeNbC6Av zedShS*&i()tsG?FKUIGhbCB&)*~2`oJR8|Qy0|C=On1;&Y+jXDwlth}NO7NAKhnD~ z&T3fCy}8YvIc37+g!b|W+Jm%k_BnGb;eL$0P0E@WjE1{{CP-%=k3V=Sb+EChj{v?^GMj5ju&bclIG}?Q*sE>m~Z7y%h195D=_oI zlxEbds9$~$q+L(_Fp~Rqh3QbWiV2~?OTjv+5tPYULz#XF5<*NLsUM{WJLo2x&$HrB zkQ>FtOlDE)phAVpl~*%Cb&4Iw&(Tk}DgqsdjDE!P#DW{Jn$Cdq4LK5D6vO@Wil|OX z`p}uHbBcWwQ%BDB!)m^O$w)RR*`!|1?(!_p_jx2+A#UMHWj^z_Q^$aa-+(;xh|@e# z2#lR+s@0txl#{EfpXtx%4&q+b7LS4AL3E;GZ^{$1n*+}Db;zSpPz{_!e1hgP*4Q;| z0O*I;F^Kjm=!YDS;fN{vo}NGrPW=U49I$mKE_E)C`I1<2L%Jzxb-_7QH>tPmkPWF2 zE2(s38|`&t2zxTQ&k5k=p+u_|!!2={)4!V*w02#ydv%`;n37NPWhI0DTHl9T%{4{d z&KSrWM1se=DAwac>qvxL9QAZmQq-@O9W;N~dA2o$Mm#bFP;E5?b|arywzs0N>^YUs zrM8^~NZUSII#uj=k)Y!g@GV{f7-e?9`DHN|0x2kHMtJ@T1}NBvl8pE}+8X}A zxi>^%es4;(oSH-(-x1vw$57QWM(i}E-J=z0;lsCf>>asE0UhdzfQYQ%U!M4jB3^uc zYHtD=5(1U5xQrf1sB*%BJWRqg6FPB#wJg+J!#*6Ziv0%62!M_7xgK(~g2OmKa(dUH zaq`-O^?RbKW-#ETC7O;oB6H$gR`e-~x@68+^2sCkeoOH;Xk^S%T9G7PaP~GkZzQVG z*e|+s*)7c?p2@OL0|ceD^AO@AWf#)SV5<`Oyr`v7wVbYo$dW_HibMiVB838p>zqZ= z4Z3k+Z6bN!n*!c~NOEic7_T5Y4cLbQC4fCOGGq7fcXow4b>xyn(NS(=cTDG*E?-?^ zltjl$+h$ktW^Vzt{zfeX>E!CqKXrqE#tB~L@ZRyBr$D%E}er6Z2`~WCMv3~ZbByo;91z-<2LY4afTHVU zS_$Vg&CU-XKq?9g?F_BDRESCP8_rIXLF2Ou&qF`NTCVBCVV0~0xB@%U}NB6mIi z=ow?>$?B34FXkUj^-N6Y5LQ{&B*R{qG3mKLzc7!>Igo zA88tbEGmGcM{)Nz3=H!B_K^cviV31pD#+YpHi6(>F+(FfJ?U>8NoxbwJDt8RA%9r? zxKHd~o?gCg&8+^$^JVR<_1(tHz3$q}N9aFUuwLL=` z&K=1E89!2c)Bk7fSFttFhPU=M#id>q@1wP;7UGAwJIV603luLa9viQK+woI;c_AP` zUL2qNXG9SXDmROMg^bj`N}5Ue_wO|^@q14EOTy0$khi=drlaRwLD`c-a|#_jKkRn} z@k|44^lJc)qPW^ps=!6-e*SCEOaPjI(!5Arrb^Z(TNo4g9JhDNwH@oJ1*XIB#4&Xg zp2`xOMH5$&<7=D5uZeq44rW~Q?!Y`kvtAtM1B;0B^?_CkFj|uooBn6|JON^b0s!~u%;0*bT z4$yC*PCJxe*gf^oCwBX_Vqm57|LL!|4uA?IKPLP%QUarH>c;DuZf~&w)tCb`h;mx$ zLyukKj&@ya z%mc8e3S39&ZGsKZm6_{$ND0w_qnIH-8CTUFAjH*?hQYP!l4F^oO@sImj`^zcg^`9R z?7Ig0zI;Y^wI7uMQHJiMD6tg>-QWAy-Qh%I@Rz3``9P64!wE5A+Ne!rQg95biv11K zh8D-}&EEl-yTrCiK9=AXbCL-e&X;K^I`~hOT$$vRo9z4F{VEd{vn(29+(2s-H%}5P zyHY9-O}gW1ENgrpur!(=Cpd1r z6Xpa5xb?wXX!$Czji=w>!k*hDzs4a$gimaY%5L={K`GH(tWh5eb_8HCo=lYB?ORgX zN^WYY_|jD*V4*G1OIWnxC>u^Rk@?&+DgIQWv|FrmMdLTkqqEG0QIOqJ>zuS#EVeSjn>wNt{B|sM7!CLIU|ELMZspI~74?zpS~J{4Id&X}5TD42Yu8sU%(YBfbw~S< z27s$^llyKcU4*NGS(lL#v2|Mc2$t)r?64*&sg#W^!7n}=Z+OhGddvxr$}1UtX?915 zHqw=4aG_ybT8&@4+ps}sYFK-2G6mJINGV}wNqJkKc&J3#yGqgCrEY1Y!h-U-_*h7RM0KaAtR7HFuIHy@*hwcSY&*X|b?vy6BRj5~D3XkzsVbvP zP}M@i>NR_{5imuMn^+zaEDiiajHhr5G2@v5f+8uVzw#?0)|IarqU+!~TH?UKkKn3l z>MF2sk6Q8;4w+!2Cay-Nk=l#qr^V6U{rngcA_S#3t%uT-51@E*{XRPp17on!a2tG3 zeTXYaQO%wR9kKbGeI3wp61z9q)^6UFf}=uf`^n5tROu!m zi6KS@h;}pP4z5Adr%~k`d(#xUKP}to`i2ge+Wv;8$vsQUTbLoOd#Pp{i1+;n7{~1H z`lW3%6#5-h`s3C<{tQINRnM88nI~|NYyq54hNHZQkhX5@5V6#@LztR&)Av(p$A8g|0jMczzn@jT?^)?YAYQXpedjxwVcXwfYC+=Hdi~H_GMZ%i9jfCJ zjNEyZ7wZ$_k?564<4`D!N?n%*cc@?HB4xl@xV@UPnWw`s@7&dT!F1OHuba{LRth2wvNw@B7*e1$6i3(^e5 zP529>`TJ7X78veP{&5-nG+)5+Z0BauF5b$*{(e98m51cVj@t*RYSGB%|!7e@FmzMU=JL%d@pl&{dRZxUH zk0(W&C!($A41{zY-P7iJr~FW#?$0J}T~~r@7Jul8iY_k7Z>Azz>`ngLxa&153~4%R z`OV!b!mwU)7A(55A2mGEu7u-j(*pFPV!UQEVh>m@;D=apAnMEE!IjbqLO1^LFS1^f z=>7^iiZ)s9>JIXGPJ*U?WIzeGvE<~N1<-LJb^;4v`}0^m=Mp;4zFM^1Su~J+M~KiT z%TIO%Bqf@yU*MT)@N0KWC1O9FZGn7FTvU7p3Ktrj>pLKQKhg&V zV`&eh26TtcC1evLC#Wope!=U(a7;*dE@>QEAnU4tGH+xtA6czbCqg-lTjs%d&JWD{ z3*8BSXCDHK-bm(vhPlI^jB9o+oWQ4vuADSZ#dY+-ZLppT9F{NFMBhc{h*5DbxMA|a zR&hhoN!AL$Nc!Ltp^PS)0H}Mak~Vt4GE#ceo5;=)f;{w$a`}@{#7^j5OXGGNv&!L_ z&=MiD2UnGxm#RoByDvTV5EVrr)O8IpMY$+?1>1TKK3>!$a(AVWD?fzT#i?hgR1(M| zmnAbZm5x=NL?NhEA0%aBi%*G(F#6U^$?YhBN5?XymN5^r+Jj*NJ^|-7zy#$spelPa zbfPZC`zCDqm(leJVn!b(U+8ZWCy$!4WlmXZ1Zmkj$lk4Mx?k<+CzGk~ZklrJjQ05^ zVhE~(oG%rm9dW@2tD-Ct3M^`u`{!8jI1}$O>OyUhvKD^y!Ml7fj!rfX{Hb@Am z!@v#%x)-yR+ZI0*l6D^y)>d7e_Qf>Q*v{5CjSD*cyl)9XAFPqFHzfi0ig? zw&KmsO*!>Zz@0XF^dO!hBA&AP;DB)RbMM2cJF)WC8z*;MRe@4ddlKH36JLl5S;<>h9T@)KS;d^$gnk%EydEx zRX_;a*3i-Z#dQFL&`>DFWk4SLr2J>S%RPE$9zx4C%Z)w8Vw1n``us1mi&-7-Y$lSo z5^MGs@Dc7USk{h+ni~`P#SR(o+Ev&k63@MW3TDVRfvhoVf{7UZT)ViAhPAu*RTpF5 ztj~2~iK6N&6ZgR;gJD*B+i;|r(Gl@_?XCzN$E_uO!-s_m8*5#IheRP9OGWmv*cn}u z)~Tm$mg>xQ!SpMLVCtP8V$xn)WV!Xj)8}tJ!+c%C%dgf|^}FZog*2e}ORKGj z?Ris2a8zdwc~I+^)XZ&*MvKN$@_mH|y=2$Pab9a_!}(#?-ioAxJzqZ;-VM2EFlc_+ zpi0oPan$NyQfCHeis^*JFiR6^sofR| zKe5X`A5F^$^1i-zSIsUzd`0hzmV3H9&U^oi_3rq_kI~BawUeHQ9`jpgtdIShI{fD^ z|3Bsz3)??dg&hCFEaCY7!z}sl4bPz;U|_&4o!+C?eh>~&4ilsT2*4(E55LNTlguoc zO{#QCaNx`SAI8opI?_dp*6Fb0bZm5N+fF*RZQHhO+o;&KZQFK7eRIyadz^j8-4Exv z{5ZUutV-5!2Lj+Vi zc<%AM&LY4>;ak(^XMxgibrUsq8($2jI!gPBf8X?&OIPEJpIOq7$_KB<*{A2L)$>ck zn3lR7d2!K8vT<9_NhUfje!stF#A4Dzq4UlL5p2Ql+Av};yH^2r5{m|l_E$YofbpE zFA~ee9VIXXI?**ITz9QsMv5+GFNveyn&!J#&YvZ3W>sJT2pQ}@d2?W{0_7<4@*q)3 znP|nhoSX&siH7JsP8~+@G*CU{fwh`J_?pavIZOZ6AAM&0{9(auXkiruy$m_PCRMSj z$)wnLmS=M&XkJIflzLFGl?*<4sDyMZ4CW-ug+nX3>F7ihF&GhSFdUa8oVdF$w0);) z`3;(so6wsNhq)CG^GdMz=Gp8;4QH~yPNot=*cTE;Od#+_`WU~isT2H+7S%>#q%5qs zsec?T2#`UTKCxT&a?``&)o{vk{v`O5^H)di0wc=$&j^zCN<}T{I1(x}-N-)y{zh8( zTNN`psGt+-P9xG0Trv9Bum*H9-xbejagq64!S2{3MXs0^4mF8r7zn6hvFxhuGLqJ+ z%;H{l70+&;fNW>Cn%iLLrM$CY&9#dW7ud)}oGt<|Ur&qPN1k_iyfq($WnD_SS2O|K zjQQDsryHVj=Ilu|a=xikDJX=t@~4g$^?51_-NjOD%i87i#QP2p>QQnVM*#EFHdMRQ z$y3;*l?{xC8VhythC2~Nu%Q}93@;YHKxos$o{L9LQXSDujnEnzX0$mmpeD0a z#p~L38H&wK@B@*ETh@WS3gaVtB)~5xmFvV6?asEtk82{-ohTN5$3vUX!Qi8c-Svk2 zP=`%q^MR;<6ny|;1St$llMW`sH8eI-l9=!H=A3YSNJ*fw7`c2Os&PgS%eSv-`xJbD&?m= z-|HL3d1O&3)V=)pRfYW>*<~R^ab_>Y10IlpQsuE7$qIUX=iXBP9q=$$b+i zv-n4pk@@T&|E2$OZs-~RZs@T671R6M{)_E@WK{echJXBT7(V-d-r*BoX4Zkfxs$n{ zH}S!PwWWN1Oa(0TCmIso7Drgs_)?88bm(jwPWH0=;d)pL1AJ z{QGXW|MZXmg9EdQUHAS@<9;6ltL=Gm{JQ&r1g0ru-nVnGH+_pMs@Zm;nR|v{nNx84 zP=NO1^=`iZe!RZ~T6(F-N_iGLD%L>~t}RdM!Pc}L_hQF=KV<1yH+boeyY^cb*PVh} z%2g$u2|JP(0fwIMiUxOoxvCo}B7gDY$iSqVp}=%yf=P_$L=0$>w(*s}$C|vXBnBe# zho(W5>G99B@~k*UFj@v-54gJ}mNcrPud;wK|E6`uJBL;EweZzCaMX!aE0c!Ka@uw&gT_rA)) z_*IszSqmi!O$xxTII0kJAT_ijtTI=2i77Y{qT>rmQ+Bu%tG;yR8~(27t8|7bqzrx= zY5QaW9U7)6SE!k+ORCWc7%rbXg06w}12$_6SrS)3l*I-X-S4fJ^9b;#b4%sz=)tki9BeQ_9#j+y+SG2FA~li0 zNPbIHqQM?mq0(FUa*{w`!Pi1gDMJ?Jr413qOVEr~ZY2tFE`(Xe zW1GQz2!k~`7daw-E54&w#_u+gw`oaPBr)vfSm4oKnX=VI`ItHkgKSq+{qh#xd0cel$i60>k( zv0sTKP!tn9LS0H7#Lx@w%J8&l_>Qk(6puYxx7_6v{q((5|*L*#!z`9!OP~&P3 zUDdLhT{iepu6a+ASEYHal%s}B+x{Gd!BA#CB_P`{A!^XA+}|ox6amMAH4haMZ|GXI z(P*cAeX}Jvw`s1$Ofi|&ZhRTP5#ipTM(=lD0Tpl=US_wisReQ+dz{#!c+1+4>jQGJ zs{4pr69Si=TJ5EbXu@91o5c>wsMoYx@br$-M-kKt=S#P!F!2VAA4!=or2@oP;mHFu zLk(2QvWWr|n1`F$MFS+z%>d$60`$E$yWtZAC{R{L=NW|0^xW?p1gH}dXpy87+;?Wd zVTbj*Z_BU6_Nr%azG_CNfVl90wXWhk*Lp(ZUwIY1!9(=xE(~=CDQSJ4al3>avLQ|! z?_nHzehN=Uw|P*0@=`ccZ46+20{!dk_)A-qFMvdAjj{crRjhb`+<;3&V_pEo08h=+A2^F;JzFpfK_;h!7PKXB zY={>XeJf?`Z0nx2^Gd!B2scHO%26Kj?`e9j>rrf;pDO&dt|Hyg2+t`6h ze-phXc1NhQAcN_&`R9H+GxmZ9rM?mK&|s}F0^og}=+#tc@zAVg_LW7-8k;2yV`-fX zdF4vSTSd!JgsG*0clB}TCQT1>>?Aw!S+!A~17)0%n`aUbrgODT#BE5CMNz7=n(l|y z>!l(N1$nUiL6P|)ZnOk-vNP&oYb(3Q6vAL{8gtzTZdI+gw)?Qns->b`7h!q`S@2psqWMy^dWSeC>lSnqUuP;#WR7u>D=kD~OK z`$Esm_BT_8{T~1n?Ef2pLL%be-`Bb~>@zq@;>lEW!B^R7g4WO=?13A1zSzL45})2@ z1f$mDG1Kizsrge<#0-JkbeCUZ`!%(_0kUA)^O zf|J4NM3=cf<~;wLV7gmplx%ySMd9TR-|x8Ff~0P3q=<4AeQ}fGF0CYZ$FI%ir)79I zxVbjH(#(LdmX*L97=BLGv0VfU7N+#)o&Nw|&v0gI;7;EKdY3eh<)wL7ewsrHwQpja zgEu6ELto+1?ynwsYxtPWy!=QnLPWx&$1=wPqMrx9`wcYHZ}y!V{neHZzm6TEj`IV; zxkp<$IcR4blXIq?kkPfs{ooXZ3l2`P_!RuaJ>e(bYaQx3RZu_N{u9WrP|Y>RX^NN8 zP@!I(Yh>pXlZ)Su8j39Dh<@WX8N z#HXkc()w~6OM-t|$7js2zw6ezkm92UVmFZ4M+(_&2=eV0-nmERk_2YWc|9>CDyHHy zC|t#BK^6cclEkp$Kuk42z{P$O=t(!t!nyn;jYC)<)DYmY32w5A>5{G=m%9r zT}e@8n0+J}!NK2KCIkz%!ORj&%1xMlO zHObHAROKQhrGIVRdfvY&Lh0F6Z%})j$T_iDn0q%EQ}LIqbwjwb7xrd}k~^@$s~Xl) zC2*3ovmjXC-mSyA%u;p*{JvqnS0$gKx2lRJbXL?;D0JSwDep&Z_WaH{jVES=uh7a* zHybOK%vwfpnGR?Jse(v=QA%XJ)VbDTX0lviext1Wk_#%8xUK^#ob{M`B};`kc%9Ko zaa&4QO7brPZNu6uyfiZy$4*18A_fh3|l&UunDa&%_IOmdRiW z?iS@>8egSDJmmWPd`dampvhJ@$`2K%04hQk`0d!v%7J*JiR0J3L>&Hm`(XO*sw;k@;Xz= zwfFeC8qt=_XD26=`9~n03+LK}+sLgw2`6P~p7S8h5PLkTL*q*LcKTjbLc$V>eJ(v}sy5%C z`xP@Lu{caB=cMt?LP=^SGm7i_01^ks_lg!x$A_bP%QZ~p zYp3kPNcu(f)clTje^!D*TH^*vD@gq3qAHKA;^wR}{9n7!<(7tesWoCeiB%m;4-!OS?0lJW1L9^Qm_xT?EIB(C&lZqDlsM;Uk@}LG7Xk=(sTE=w2&1<& zjN`ZRGsj7qMpd;)^Ruu8!TlVZa_=wIxFVg4m4j{eX|9u=yY~H_dcun#FijvTTO%Q= zA?qAK@jBcLa9=CGUE$G3f8EBu3mHtRCG0%|Qdm^;@*CWQU}5e*GMLtBObdDIX-ujP zgxBu%;vmk@2WPw-W<51M03Po-UvIz2&eg(i>*=muUms=__`DV7MIUb!e$$cy=iM#* zR(phv$7{xS0L<_1Fh8Tguxnk4yF*Jb)amJNkjend-YU~0jlmH2;3rj_+m1df>sOZYRmr!> z>OODEtf^`v!Ny=cFxSpBw##B0T54UHZ)85dUcO&7Ha7r>#VTI=_y7PSU$9F&N6hh& zKSSCeNb$Bl#8w%%<5+oE4cGu+nfo#4IF*9Ucn!!}eAtl3V+{EO=b?(=YK4Sj$V;)h z>Tryw9N|SJTsQucR{dLm{=Md6q5s=K6Z>C5xxWoi?Ef2CLi|gskh`7%H|#s%*+drK z3~XtgMyzrPLSi*Y{IG%3zNBjF=P1p%vyzL-qGT|gtk&hB)%N^zGOm;FQBFuVR?r{p zlOfSf&)@G~bU}0yyFb?}>|=ti4%Y^A`JByH2r?R!umD!ZvV|gap_VA(|VjzXKlSC#fNJnw190ul!@fYL?V~nBZlr3nw zV*5a3sGw8qm+?G8Xk*gF`aHhVxWXvJXy5=gyYO4}nR;UOlb;rZSR5#D?!-7^$LBfg zzYPS1A<-A4{rrVZ(;&!dUd2j$v4uRH6BO2|Hdw^!w2ZMMweo=uBpx-p&gi`kzwet7 zP2W}&rLZvhg=Lg8^_QG_AwmW7>wzSy5Ncbpvwxqb+glsL2tq6pJc8hnkCMUl| zbB{IhoOJqE{G0UU+(+z^k0oQi#R2u!`=HM|{iybPY(OI=3 zb(V3`BJ+MTtg_cCHZKyS_9Pzn2`$iOc5W_IpChl-moZ7hSkk37qRk|5uAjKj*#kyxiPOaH-J7+< zN!rV5GEL^yB}TKo`A&03ONqa6wE759p+$rV4C?*pa@ zow%lNLl=w3PHo~uZ6!M=S*CO~6zCNVe=yujO5{vxsmCL0PKvo~pA&0zY+n7jv`j4c zKE>Uk84%FeC2h)dOc{y9W-(Ey?V7wZ(t!{_Ek$WjZRGo8RbM;Aw62`qA(3H9nRyy? zeRAG9gRVm?Pz_djnChl^Al`F)qdtxV#Y^>ei?0zz)&yO_w|D1d;HYBapOkMT1AWjg zfy(*{?%0X*X6-V{5ol3)J_NnwgjKFh21nRZXDgx6p1dz%(Y#)LMMr$QdE8ue)c|mN z=WTAA*V1CJZfFDPvLI0Rq}3aIqYuQB}-)dqi|0v(4>6zk9zZ$e?rgv_XAq?zjADU*PH(hrXck%sBGuI z4rqJIghpS1U_hoM?N6-y{-1?ie4-(FGH+eN#08Z)RqQQWyciD;w_GNQ=<2(}OZ$(P zX))8vkfZVAfA8!DzcSc&!@CdmKxQ#bwemZWDck9IwB>Ox4{x-cwgHZvY_L^VK^TV1 z67(zDkq@)5FLQh6sP3@=4BVMFNehCM9&Q-OfwSsxK%GFIRdetkOf4;uxSjw}IuJOY zKKLLO56Cmf<;i)fXhiK8rl=fdH}G(-h@lUBqnA25X^CI%L^({Ix&?M$x$IvFl{HBC zWTA|!%c~u@MRMN(+mV(N*tszJg8ayUoXZO%@F^;JvJ z&6@-@{Ambih}CZe0UtTZ$fJ~~0uOZF24C#GX`|0X}aL3(U}h>b)R zXmBFo7zDI+FWgR16(^v5tB)T3_Z4hv3r2#8I|LdNH4g@g&>8V#^|lknrz(U z;M?Q{qIJyl8&%8-%BPwv>&ddXfd^I`md@d!1tKai{QED60?R{zJW&$acNo_+?J9_q zy`AU~w)8%{21!|z(WwjFSvMULasRezP~^_o-l;iSXN zQGw9pXd4*Vu?rDI;a8yFCH*9$$nGEFO&EdYF_8yzg*2Mofl;VJgy2XrC|eq1sP-mg zXZrXx1)R15UI#+s1~i!OO-ZttRdNW}h}N^whe3d`0#0Z1wXez3qc2Vi>=8R{b^;s+O)|@ z^ps_-ei7Fik^pUlwgUBVw~VMY+GMvt=PtIa;>@C({>`eOQW2;|{j$#h>-Hsb=bX06YTPszrkg`C0}yZ9PKw; z0|6+m=eh!}B`Je?L~d>BJv+D8kv;!3F5I+SG@$504+)n;a4lu#_dq3^DO)R_N=HupkWkJsBk8 zyJVf2;qo*UKF3+_THDu2A*qp;Zr-X06X(6)e8e+WT#a+ZLBU{GhOJ|C73fn6wy^-Q zM^xCDeP=bw6I_*{dcYg7Wfx0k*Uw*Pc?Js?&*XiK9aq=2&$EZkuc^*>nIi=+9FLw=+K0i%}daz+61v3SNJcQRdcnd!G+f1M-lH z0kwjw71H|fS&0Jk?4h`lq>9_lHRo2OPmXdcxR@?+(NM43+uo}kT~=L^zykBuMn>xG zRwX~4y{bGtb^@9gx@^+1!1nhpJz_u2TO`_tOAAOE@T)v3VV8%w1vfzke1e=cmVp|@ zxRX~P3rUP#Edu?zw_&$(Ze?;y>jS4IROLphswE4WN$@PNlT7Exq~O=|EVS;ILA|W#)k5b-Xwd$6}0*P@k*S{Q3!kVa4tBb&XmmG=bDR%EzhSTPylth~X|qAbJY# zTLn~@9y#Wh#wE`<5gr&dS8ErpgCsjsAf?AmB{^xFTYj!>iXU5$T~i<}bz_A5RYwUR zHpDJ?ylW{OO(ja2esJ9*!24*;Q8T++39N)?74L$2E}c=I_|Vgx?5TFGz>yL7?EQ9l zB*Iw+RRA;eomu~+hT}mBXpS4;?B#G-nCYj5EBz}>i8I|T_5>${i|Y)6TUy48M3>W8 z*sx+D(E%<;J$oAg!hD9KwCw3466`Z^r=(6`HHC&oq;upI~ z-sYYrA4ORK16kPI)*Bbug}Kh$CM!i4xIaN#_aVAqF`vbdUUp_IPVse6Z|7l;7)R`{ z@F7vgv8A&h9+3r;_oD>;SHpz8_&hlMP$BdjY+9)52*)Z)8|<~r%1r9ruRZdoA0x-z zd8XZaf>Tu@_bG*`kX&X=exbxkqXhbo%T*%B0VVv3BX=X8WNa#zB`HpRE|i||C5|HY zi48cs@p?1iiJ)LDrFWX6pvg`!*GR`NdX190j_|s1#|G!Kbd^ zS~=GsFOFO-)1N8F>j7=F&Riwu>S%7v_6s>7M({iLC&f_yT=%;O3 zPX%hW&Q6k*PhtV{pFGDyMfk<8EJHym`seri;S0AM4^I-s2B zAyha|rb@HxJpi2<>LU@HmC}n}@7v(G{|u}CIx<5o{zKHpn*P<6;E73ak-FDxE*G9s z7Zj%tBG8FGmPG;|s*04%HEtrEohEAwgk7`;SxB4oSwH*`URBq+*Whl(^I< zbR2osDYiO4Xccc|YPoO+(E=7+i|8&vyROAu~#R zZeDrNTV3!NI@;bc3`Lm^s!E;7jnhhHn6Xx*m2RqDStx4ff+s-P9b);!XBn(cIVMDh@@I+}Gec z5PtI5=P!Iins4;@i2x#1cC*9p}m@Srt`zrqdaoE)k{ts&QABp6HRBqm1dZ_NWzGM)gbT5xE-F}g z4;#@$X;X)5;MFc**xPJAz2-=lI~|JYgGTA?{9Y!cL(?TnT;~zc$BnIi?3lY`wsv)1ABmcJHpO0|ZUDr^OQc zL|*tPx)j(5U&SP#Z&qro0gK#Z2tuT8gb>85exD{kr)^o4aUO|odd-_gZC#nPW})u7 zt({O(6p|%lzpJmS#YR+xAw8sGLM%t?2lftX#3r=3jlA_xzZPjdNT9V8QNoiumc(74 zw-I65U0NTKZ_MFPyFRX(tUG9kwZ6;CfUY8;=Xgx=Tk^^EjKr*A_4n@#X*BMU`qB%- z^~5EDxc24rss1?$3_H%q7zUsA8mf|wN5dvCdQCwfh3STd4@mC_Hzf_+X>vMi!0fmRM=vhdaRg!s)e(S<3OMgNZOC_W6$D(H2$k{+{C{qa&V3j9(C~f_p~J{ zWr+z2WwEr{<*J3Iggh3JS~fEKbS9;>Ad@}Unere7GR05sp|$lAuy+BjOatW@NcG{> zc7Z?fYs2fPv zWaCbYo^TR^@rb~XL68>md~j_Yk&aQ~N+Z(`A8>!tBMVN`f>Z_TOG5O(%j1f#$6QLx z8!#1>AN9TPr^{y-YBdQ@K3+;Iv6B!JCD#$c4c~u{*8T&h|1~_U$DrLq>V57#$I`Yb zTH;q^mF=y%AHY;JM2?XzK32~r#XAsmYMj~0ZtMi|Z%g?{oO`6~oI}7s)z!J{n4RoO z0OLn&S9{X==U$!B;yn$t(sYK`JojG6QxR!j%Su~gjfuOLK_n)yc^9RNQR2x<(a9B^ zI?v{ViA)SWfwVmwa6C<7?6q@}@T#OoJ%1hTK7rnwRy|0{FQ*x}U&AgPtiV;6a-iec z;zi7eIW{C*qj|3Tds}mDVR%LhXge&l57PL|bqHhRc|M}YN;Fhj*y@5}C<~a@raM^& zpg-u07mrRfn|86r+ta*iHw*V4O`swoazyry;{7Hc{6ti(56tt_Ox5~UjHoG~HrT0Z z+y$|N`t$;Pwmk$*nPvh=d&jggHx;ojK1bdRrEvD%+K@nL6@=S>CHc|uJ}Uj)g05$L@}HvUvCv?fUnD$)YzU?QY^R-&_F-sXX07Bre5Pz%K2= zAKy+?&*mc~{eUAWS|^ps_EU$==zdfL2c`SCt`YH1K(kmLQmmV&GvAy1JM;#4k@Y_c z&|fwWJu}OHlL{+>%GI;QNP(M@426#GF3$~O9#-wq9Wl7CVS zpBn+(nepju!d560R*1ZAXR84E4SThi?V8bqtODfX)9b~gJrlb^NMl|RF z=Yw$!{`31W|Gpe&mtq6Sh5^1#XosKw?s7^FZdV7FXO)?LC+ABLiJbk+G4jLhx%^3v zn|au`3wSN9XlSgA`I&mjxy2ccMfljQdZu{j1K1@Ir%Lp-Z!tGQv~74#G-iBwAlP!Z zUemASD$=d^;O{`Q{d88O*6~sa&(9+|n6tpy#F)WJJ04LR7R8;a{6D}-Il-V%p#rf2 z@?49tW}7>TtbArrY-$5^KFvdFui=^`OA$CPBlmp8fn>zp!hh;x3~F~cHIGbi#V`4D zP)us0WgV-r1`Dw|z+@d`Q)c#HE_4QS<4P`Cxk#d-HM?gh(tj`X96X6qv`eSbS>cKq z`hhFzL4>T|v4T0nuW%`?EHP#qtvg(s{2cR*MBvC#5HwMJX%vz4JUM%$hAsiEX7uJc zFp7HTlshFp2-uuF?!z=&L)|6Gt{Aeul!Ok*tu0JU@}G~y~!am z#m0<)(ZCv&UC)X@&0#WGHXAV3flbqJOvFyq(i%Xoz^_dVss#Yl{mbDKwL@eS;YozILY3%z2gkL8zAJ6SkFH7c1{s`^3e1+SfgDbl1SR%oERu7=@v(uuV!uNJ={#^MJ)P5|sM$VM4g1ST5K#YdG4jg3 z1F`Rfwlrdc6kHk7-FGiP39|+4K-VZ3r7>9>W|krci6@8Hfs9*GUFEADH^u@C1L?ri z6%V{f(t5mLU-Msx*v|tZCy>BJ9?UMQ{RGU!M2s{&O87-;3byW&^@p{&hlefYe*oCT z%WCts7(P>Lvxas{l)AZg~xsH*1&2-FlK5R9v*=VwjrPPm>kK`&`+Y@HiEn4Pz_hNRg5{e8QOpU9$UwX`=KG zBhfjb+WTl<%|z&i{UGNt_(42%g6Kk>?A85gZQ_S_svPviZ?8lIG}7ksICP1X)@le_ zjT~W}tchA&g7y}X7!(YeGe`|F->m|SUMM6}Gy;sYkb^-7Qy&>j{M|oN(Mbfgr2)6~ zH77sZ!8MbDrRO#XA#4nS7s?M(ZRiET=W@coZC+y38iPKe1iR;yRMc$E%_yy0;DGOy zXHJ(?M3qz&HM1P4HxSczU7eaE{bZsqPfuOJA8hfCRX#K9Lj*i>-EZ_1-$NxaWYwd% z=o#&ajiv&%2{V3Y4k&@o;2%miFKl8ct%!gBb1taDl(f3@f!Fp^nIyc~<0M@6?tZ#H zJYt%nazC8Hv-J@sSy1!ia_HD>FoR1V84(yhqZ@TK8!0)nn7GaX6t`%Er6u2}OI_)X z5k=e0c9B34q*LBE9&?IS`b}qEj2>axJ|;>8YN@Go#l=a?@l*{SUDA1zF06c6GT%wg zC0nRnf>f?29>%9d969%u?~|tc-l`3$KSq4>4o%`4hAzb|p#2Zf%6+NTKkD9Jb`w1d z+kdMKS?K->?)_c&{x@vGe_W_(z(}jFf?PZ?1|1Ah!sr(^0sJKIq-q_Q8~H^0^;tq5 zuZeIpI^oN}(68lNN?Z9UEFTj?`@>`9ksHp??8-bXx=wr>A&F>l#u41?TjAEc+F6iy zMm}0FZWsA!h2uaY#u-??@!e=$&FHJJh&vP0#<+*PC+!}{&YMqLCcZb5#}-uf6DdE% zDxhy@a5n)Ra&AKqMk*1>4Auas*?gexPc3)v2^(< zDmS5upv+MgqlyCHJz{?=ZQum5u2rZx5j4g|W&Y~T46ep`!$(_5&U7Kli)4Pm-8kIm zNx6MNY7LIe&yTp-fEag9&`ffag6_fBHyXm;nH?+Xi>TJ2y9%Yc^P517ilS)i~1e#qDR^0#CDpt~U$AW-}R2j()9>+v+Y`E3c}v91YQL{vC+ zE?yK(m)lU88V)Oa@THk4eq%}U*SXXm4Wx@xqW!Oq;Ny8HGkxTQL5nFIevwhWp4I;9 zBYw`rvKdOBPdkf}P08i7jB31Dh!O*dSqI_g#vcwAGXf+JRHiPvkD!ewp^>rd{HokG zt7xfiD1qy?LPoylp{Yrw&4}S)#b6Y2&qaBXV8{S|{m}_h9Rt{~qN!Z+f#`jGwo#5u z*I&6c@_=-X)_ILVec~p)ItXg8uWbwtLR*ZV$O4 z%+9}3?ht5B!>Q*zj=cbPiPh#%$XN#EyvUi9MNa#RPwl6TI?)**dD)r0UvV2Qew zS?}D6_iEUSW_H(A32M?whv{&N{t;~p;Im&_e%>v%KGJNlj-@XCVoh{&Tn_AZ@iD^d zo9AezlP8Ck7LyEx&z1l;h?qdTwKwiMTX;ohxA&fM?vbRIX0Sc?^;AZikZk_oT&Irc zos+0(T`4*F-!HZFISAm_p=snO@WB%dlQ7IB5-Z@)AM+u~#{;)bvxMM>^nwH(ni8i@ z-M+TVvajMUYXT>F+)ETDRWn27!ZX7>z7=t^vy_(TyWp7FLI6d7U)iBNI^YVaO|bbw zc_Yo(>ya>%15R~K!tI4<#wAWdtWPUse;7e^Nfj*`KXS& zR8b2f_1W@~J09J)ZkzI|N!O+V%yIu3I<-48S*Uf8h(i$(`2=)gal{}gKq3_K;{LUg z{y-TO8hlsRKxrGW3Dvx0IoAU|LZgf=Ug|9x9=Sz>zN}82}RKE$G~9a%h%>U;0!n&V8_= zrB$Q8SSWktWH8K>+rkM8{zBKDK96ThY?veVLR)#_H05I&O(jvF@~ zZE1q2UxQtgovpNu{H|T$>2$vZB;{NbdwFnS+#lHEGat}c&+GcfNLQg20XpP(9=XCS zri*O23r@03B~IM@@ROJdGz83rwLNJXb4lt_PwcO3SY1^5PpnmLmAA=kN0pZxS7UCN z<;|Hjx29# zAMHsbpq7DnM!9r;aw&uMssXr}Pr$hc60K;?`D~9rjpyg{<1V`ocse_` zJ-$ZQyv-l)dVhHix`MJt(Z7z@G3d<+j1)Rf6J6HxqUbY^V&mO_aI<#{MZX2pX#{dz zq|x8!!K{8X){BRD{|gol((HOq^^X$ym!(F}%JARHDHi(wpN_yn|G&`@{zB!|(Znhi z5{-kyfQwtkTS!U$xy7mnza{-^CpUJbo3u8_w3?$g_K z#ur!U^YS|U@|l-)xEa=eHKXdAUXJUV)!V+Bb+7ivSK(AN$cT1n-nlR*p9HHSZF=4* zKg`U--WU4dM6bl%68vI!&|9os@d4_jx<^k`qlI?{mUAClKaTB_vi@67;vNM!#&oO~74PME4^AZ`Gh zpe;iCihE@Q9LQzkEnNRXal5f2Hv6K)0b!kc89Z(jO+UU+72UISQb=EcUmEt-U zVzXpVs=iQGcTXxf8X{MVT%Q2&r}u|5U4tz`(tJLtX+~(@&7fE=m@peT^RG54&w+&b zY^mv0aB(E)y20-XS~dP_Ymuc{IF;Glb@Ji%8Ek_RTrU!B`GoT-p7T74aiDb-;R4`f z?hDWOtL~LRGg^iQqaq#gyxOKXUO;T^*_X}!kBvE>xU?L=AHDN6^Pd(Mv6-YYrFV-Eb$!u#7VaWp9VmERhn-%u9aoyV^~D z;#(8h5So}vi?eM}B0Uy`E$4`_c~~KJMaj)9ig;ifU6wQD(b&kqO8oCn8+jPhh=he4 zRQ_@~VVNp|(!oW0=r0KUg8EfMCQ~8osr+?Ny8rwK@2Snh&b=gLq;;6x`BAc%yx~uq zhsGcs*ikDJLdlFi#~)a23$443tTS|p6XsrILp`CVSyqc_#f1DQ(W4&re#G$J(^c(IY-A--3d>=bQr%# zDOo0Zjh2ce=7o+~s@dpvJ{si(7$rKYOd_I{`G|T;F+{mLM_B4>#50fR;dZp}KM@4R ziry_c^a&7|m5P)1Y_~p(YfXCbROe}+kA0T^c$KjN`*@Vyl zC!IfuwHOgWYhRynT`TXYw7js^3@=QjH4aZ6u&enj2^fYhUaljwg(eD6=Y9`7yYlGB9<(!(RpPi#!lN%;)3q`EzR*p4NK%#_gk=C%KeQf>?2I9O4)eYK5#SDE{LQn#wyY^pu z&8T|x=Mp_YirpQ3Oz%ZJwIOs28R;?fn7G;k(wMkvx4hJae~DtkX-i|N-&EML#l2b5 zPsOG@Do8Pffjd4o1%m|AQ269fcXw<6QAgQ6Vu>k&&<6SxanPJobhW~?;#lAG6B&MiPxei0>i5P& z7nId^j;>de-ijv-ytIlDzyVuAY0dBZ^Pz=y0`SRpPZ|(G(}-09_>@db0Qe*RKn@h= ze*8e}CXe3ybRSMCw7y4~&wflaeCh_hG!?O^XPsL}p3Y)|A$XUfe!6WP6!ld{yfPr% zX>*rO4S<{!`#QbCH)zX#^=H^9aytlUM@@VUZlsWNN$d|b1;KMlwcd<{(m!*96?q3n z^D(v$<`)Y%UJMx#WJp12WU>-^vg+Pnecr%ga_*D1>i~i@MD5JJ{`C}5SS}j$ybmIq z6k4n0KhqPc9x=q2SX`}T%i263yedE|hZre7mzGD3VNSuzWbf-wyo6f^F8?HY|5md9 z7;-=vDaA7vHyD(3A;rVqQgU15{dl&`|OoN3I zJHpG*Zu8l2XZcsV$4gOw)HMf!7i?Bd=jA{XzzG7gJE?p*Yhy3O^sOnti`J+FTMMdV zGRESB-$`KaZ9hlr&-rf2;+x(haYeAzW?N@B=1o_wh{4j+r@2^bZm@y{w}POhKX~JV zebNQLqX4wvYarH)#IOrT(M>R1xak(Cxim+tw?IOC2CizaKZAT}V_9X;fS^#%09Y&4 zF9d{|dxX=QNaHF|DderE(ASR!hZ?4ULPGrnt2d(pG9L>%Av5@$rRusi@eK(kZl>P! z7M|2x2*N=DO;9B@8{=-AhWhwVGevYMZ%eI@C00EQ0X3UfW8dsgyhGH1U+epOHZOUY zn$zH1FBaq{ep&7jcVbeVeyG$_=b)-mcs~ZvzKK9QEtO9*rnq3Cg8ZvqQP%mJIU$w1 z6%;eI?aO(fU80nKbfezEL3Wem+r027fq9{H{t<5PIqCw?@9!c>(2?eAPd_3lSfS0C zXiPSy^BDFeqg8am$0C);ak{CJT1|@Ukk5!I7)1)*j-V(Q%iV-<@(27e=Xm_(W)Y3~ zf6TOE9wev=@okOJ4*bN_lQR9?Mb$^vjD$K1${}ufGG#=BINCEGnmIF~I~(^)tltjl z){5OEK64P9k5NeAV*o>PZ^l8PB_&meGet%TjUlY*h~NXqUsk@b2u=YjjZ#z$Y-pp7 zw1zjAsLp=g0x4|l(Fw`lEmrlHptCA|YDac^Ea%-fNBpZ1>6gJ#FS9t%__+&TdY?u5 zz>h`)Cj++sL)kk;SE6ofyRlKRRk3Z`wryJ#+qP||V%xTDtKyu@wfAiQ{Lh&e>)hvJ zw3gAHKEB>x=!#;u;6Q{aT)6YY)!vk5%n2N@Zg2<6MT|+O@AC`b{8UT1`%;hNoC7e> zSl5DhqptVxzIUas%196#6G(xga0|4d4zk%pJk^(0 zu^D-DjY!a>-yZ^0WXr`xyXUPPVGZBOWj$TtfBZa#ru^GlwL20s?8H?+#rPG$$D7C( zd&1Ug1w#eVMw7fK*MR!$zg`9AAdDciFh|EZqa z(_tUNF>ublE|ODcchcVNon_mQasZZ+jRxgOzV!&bn=J|f_%kix*j|&l(a_O|kS0`u z+lKIaBP#dJdMp682D)%kEY_doy{C{}z4gKV7S65ZykSacYa zZMPM{=Lu(Ljm3>-;LuBYx7!tOzlyZ3_LUGZjGZtJS*Y_($lyc9>rhrmoAK3I3@1|~ zIC5{>y&&Wi7{3q>zTG&g-}QY4^?BMxjIAX?1(BcH2(xS+@=DYQGrJTnk8CrGx^nLH zI!gf@S@x)tgn{w3li40wJ9-Mh0rBzZ?v&gmWe|}WBQ~+Pqz<&z#p7&wtR#z&Bl9>5 zNMx*yN(AI43`!&1>D5a+o?=a=Dx)%0&nai-SL=|3uOei*T-jy@Y zQ`;<2g4pA(hh=0malS0t@MwJU3UTp!p!mCTb|Frs@{j>^Hi)&06fd(1_2o}$2*MAYAT4N z{Df+49o1`fx&!5?vhLsA70tvxGqQ0LN4x3e{OJp3JnaG3y2PP&r zB@r+;Z%NYLtww5IrZPQA0p$o-Qb3G9wR=ySQrSE-t%&!5zc}JOF$_E$!P71G0RZ}} z%l+4R^Y@|c|5C%V(EqJ+{O7#+@8T<@WA474!uOO8)gX_N-3H|0AQxA8&8h-td1qC4 z3h+s<-)l%tL(bS8NI;eu(7dF2KLLtvF{AKmwN!ADnb zRpsq3Ei0FZT(eT}-wcaa-{S^eakjI{#pivFY*`>6V~I&mLoUi={kwx^`wr&>%)%q; zot^vP{HkQ|&F1!U1o4E<<}9mN!P1Tk_%7%eY?J033|Y5;u?LT!GgzekVImp)9+XeL z>nm4Q8Cz!gT?f0-kFC-sg~cZlP!J3AgXPEpWEk{uCz^fyEEzlb0F7mQ)@1>NxS~*;zRR%E-U zp=T7|q6;qIL`x!guVXw_c{|qzUY@J~o#fe!S>fQZ2UHG@Gm##5?rP2v!G}ZzXT#uOOSehdPO71z_b}~&lZv&M`L&sZ%Tby} zDtzl%v|4S>TclXoTk2;iatuUvoYygq1Wu^NUofpe2^KBz zVy3FiT)J&%f9At&FK*N?>+d7pk>9S~3}y`L&AmVApQCHaFCKs}+Zg~$Sn{i?(~1_|H2qa_!ybw> z-rJX&#K0Ed}qZZ7Layqf9Ig?Vr_&}HB9kw(;Vx&#Bt}o#X z(<>~sA3o|9zqfjQC=@Q9FSpJy^E~_MC@--0b6?ZPpoDj@sj5y}D@V@d4BMDAqi@CK zH9lI>jD@+mQ)yD2YOtrjj2-&tOIJ{OKO|cc-0WJj*mUXc!g{|-ti8y@f)eP9f-F~EIHSx0>mL>Sp=2Q+5fsx% zJ`P=qD+&}<1NNdlnB>fdqP+uW0G-!#I};RAjaIS2Fvbq0jnHt)+4Qx*MC$cjq*6BR zewbrN@iFPr76e6C&Yb;EueAL6YGe@jl9NUh$Y*L~oSO0ZE;GL|?UK_W30O-Cs@bUu z45;*Kk|Fhc=2;l#WaLM%bQy;G3sR?RcrO7}6RYxgJ~kOQ9qW>$Qje>u%UaZ~_-xtr zJhal2&Bo1KeI&jg>;u|~Yjq1R@4<{B27qLK#8ZlG@YAet9sW{)d> zqICUB_mhNh=$-7nf=g|u@y`g0uS6G?QxKg46jPjjfpsSQ6KdmZDBYC9D>FV+AKAW`cO zfxiAK7anP-3S+G5>6WL+;GK^4){WmT{{lE8rZf0g&i{Q_qGzK2htQAV|C`)${hao zJcaxfH5#5%el(5;A43bTGphjp{`yx;kvc1%YWEjIkG++?TucE*E><31;;yP3p;N$_ zs3CYzqY(UBlr=AY90kB$~ja8iN^LOWa$Z<-DEOUEXm!wNtuvMc0hIJ6&ARU7^>{%l1EjsN>I0(?{ zsDkhx6!F}Tax%HXJcQ*q=n<&4r%IlB1dEw050m3ELQUbV#l{~-X&qb?B~wPFP!g6u z<_EX$07vxoFOj-eaw&-D*`DtI?7lGy_rt$7Uba`$ItXyyNkjLH?y~)`p+k0=(1-sT zfx%*6A~I;@h*2cPJPAF0 zx9$xjE)k;^*INnVWIZefUWN!H@*0?yFDl`=cAY<+&p4$ENEkt2!r1MMH2At7FpHzxwT#T z)%K;&!!u&ar6a##QP`_-io`(tOh&a~YO|<9KC!G4DPnaYmr*zd^6*E!pd4YM`vqys zwrn7gb;NJC9G7}{560mIzM6>-^#XUsi`_sE6TF8#%zKj=XwyZ{MNa)`Ol7BvTm~cf za2zM1eXXZU;&eXM$+KE={5*8o2r1^H+^Qxrm)WlZj$2Rbsx8|VR7o23gAS1)K<;_f zIif%_R3AXMIS1HA51*N+p!iYHl8r9rTT`$B ziil@>NL=x}@~(={L;%e0u~eOH57qXlyq-m(#hW7SV4J=a)N#&fApPW<_#J{CzQIwO z=pX*n=b?3{5~}s+)Xodcw-9A1x4_>K}J$B`InK6b}e1@>eMkg|?8=es0tox#t z=91DgONSsFk6DtP36fQ8Te&qH*@lmI#~vc3@vfT|5#nrpK z89<^*Aa1(|0EwW1?>n$@#DD8>*0h+mRS_kE3Z}^)f#=l5$+hVk_SSR|&Qx<0cK~Bm zh`$!Eq&CIE{DRkK*X36`%YQm1L&_LQfRDyT0HceerwV@KoZz?A26@!Xxv&hplR48# z_`oU8OQN;4?~;A8rC$}*jo+)`S+zwgWbc^|F*Cc)64uu}JpUR;;Bq+ws}iiB)DYEP zfYlV;s+;GS+0oV*e%yClI0K%jtKd~6lYHj|&zVWdI<0opP|}86A-xrTuM?X}LB?hk z9h2-TQ`@@0Wq!Oa8(y^!^PRnqA>WWx+RT{sr(I2K!=4zfmGN&>>|(JInz>w*%+IO0)L}`OE7T2O#5n<~%sSH~}+L?#FEYgcQ z7rR}$!lGz+y?LW_**W4k&knR@izy2xD)tPEnov zNkYoDlJGEp0qsnWmH*p-`p?w)&*F=j{U6sJhQIZJ|9FTn{5LTWhw73s>mo4!$-?fr zip>lGfdJ}o`E^3=>xb*Vl@9Wqh3zo9O*@Ja^@uK>v9LwOqE@NWM07{^a!XLn&i82j zr-Mb6B^BPYqZzf6kM`F}XZzKbEHM&x`WUNUjN#}GN2#!r83M;0^($O~UW-#8 zwYo|do|kbp2PGyyJ#}ed8@t@0rR$Ail0P$MflFOWCrUdyP@NI-ZE@IHEJCRXe`#|= z5?>X+H_w-!D;6CP&c#B>aG-CLVrL)@x=V?@KdH7aT!4;w*t5ShUnOSm2xvbY)Xs9B z-pLNdbsnLDI31J3DF&tJkg@(ATPLrDy8$*GflySofKd%KM!D2eQ}*qpj1&oPLDDH?TAb;G-PJD^YK5BifVsw)U@|by!`-$g*a%dIvsU(XHbi!yH;sK zyk}f};<IUL(j~^Vlj;&{Z(}>2IPK#qI1|SUfj_+uoL18}JK<%>)k& zZaxrYl&?g76z&N^I)&k9!+MitSf`IkISx2KFwyX#z+#ErA5f*szKB49*xJR4DcGPZ ztcYZ$1|G=(u|%LUZt?XE2py{`#=XIi6~YT{=ZuF|1GNFv<*&Wj%+b-90@KtTDDHM9 zKA0hpTcazpBAX75dNob6?B*?9{CHGvlZ1t?CApM^jD!7+C2(Ozp$B4;uWJN8Qyj^A z5$#gs`6*DZ@R<8{aHWCvlWBB5DyKQ`6HMmh_iQvQ)|}%=D9Hff-exbJDp*GHIXc@) z_|&*bgVPwg(z0gCYstwGr8jqO?+8W)(6?M1Fn7089I(|R<_o&ezVlW6AKx$!;eU_* zNW}reXn4lO@JKEnkt}9~Z=3lxN41JbnTM7`_DTl1=c&)C);YlKT3j0l+a#qjmLqI($O2YxOYy2sW4>>t`()qF?;$`lx2SU2 zCoK3hU8-3KyX2hrHt)}(kBF1y+rPr^@AW=CJ?lT=_qRywpYZ$tpGhDluj{LipB5u% z`z?b0UoqH9=fyTH`DirKC_Tge#088$AcKx5>ZmBsnLW1!^kmFrv&d}>sFhaF(cALm zbvM)3VSD+@=d_8>3do=&&dBj@&C#;yCV=k8hbVaamUHeaDu=P>dYRX@0{DQd{GVLT zpm&_FpD3?0y^b|?^D;CjHDS{~q|oxMa&y1#Z`O}aYhM)Z2f&(PO|y;0XLGb4NVS^! zx=-|{U~;$9+i>b~LtQ$r6R&$CU~3U+-mG8Ixidu9o0|ecviBdo&cQN%eQO|RF=pTu zT@wp%0&(M)*`Zc%pUHXRCP`7LQx@Q~gUxuj%>eC}*6jJ6=;us}z-_I%wN(f0dH zy`qT#yOGU&4PxoM$#(Y>Usm$AV7TIjjtaIIbEC zv2l99v?iCk#8XxlN)R6V^WNc%oy*+T^iFS!>ViF!jvPOXg<}`F`SH3F^njKZZg6xK z#gikN1Si!z5vmCa8Bo9AtyW|~iHapPhNT)ZA=Lrm4!<*vfh= z59=h<(jst->J6!~sSL_TaR>^c=lb@UNB9@4vV=-V`ux;=AeHG>OFTk5=kmIE+elIb zmtl6-_q5YoRsNpXIP~bUXw*5WL7Kvq*1d#GWUqjSe&D#=il!&$9a$KJKc8QKD?m{qhLHxnR>Iche|y{+b&Uoy%ZI=@w0%9!QQNsal$ssfrm?Ve}Xe*NV=(){AE0 zmPt2?wPjMNctvvd-QJ_!l}I^y9QBgK%$3Ta~5daY@h3* z<7T9fTvHbJqD4}Z5S`+mD@PH86%|aUc{Pfp%Z_hLhpBS8A==M`nY=?48GJzDVU#s1 zXAa3@9(Qd1m=ztGxX|wmi3KLaHo7woE)@S#>uf5Hx{bSifi3O12)(B@kcI0WVTzj; zZt~V4_*1?NcAGyxo`(4#95JajKjaG0nLA7asDnrzk|O-tBdk0iC&QX&B(}7(DoWON zl8>kNsQ8i@y_9+a;++#%RbLPC1`(J!sQ$6r*KaMU>WxIuU~1)8;>oK-M!pFGjF~ij@~`y! zd)Z7+&-Q;3z*rdm*8lv2evJQ>rC#Hoi7aCB@qe{Er~Rdc1^TN7#o7-S>O$w~I%Pq0 zPskxsD)U7R1eh&a6!DvWr}kVHu#+*1|3km;<;2_a;$QSDD*20k7VWz3gMv7v%*=1y z>AJ29H=X8BK3}txoP06sejd4iN;TQ=%`M{14&ZGeq%SmR*$>B`&5PsSkB1Y8X1wN5 zn>(IC47#YG)MzN!JMalP71r4MAu5@2@3WTU%QPGn_|dS@R;$043dy)?VsvgTiqq)3lhgU-4Lj3gZX_>=qi3nVP+uqSv8N*~r z>Qbm{%!5_9(CBi&v96WWXsK}W_aV^&P7XXUgU>#B^H)@t&C17uN0rm9HT{hnq1v0db&-O+bW5 zLJs+o9q0a5XvMZ=ZQS3;MNV}Cd^Nv_c4!2|qqs*GCTrK6$5i1=hRtQsn(h5X(L(p# z%++EyJl|4J+A}*;*$&0#fBd<9T6xR#&0n!^{^EzdKz;La7II?h0!$x zn(D~H(9Fwko62AV$^)qTkedy6ry8i}{d7Cvq~s6CHUpo%hloKtD)FpgNe)ZxH9tdX z9W~sIHD;An|JpcFNDdl7M;Y})g9(VfE-N)C0?q2<3X$`)59fhZLvc}?8!*YF4`wQ@ z;~i@lSMxG|6(oQJ(%>c#HI-7^JbL2bV`aCa>cWcCZ}=L1!&hX7PsWdPwRUKyL2oax zNeNMo!Z_V84V@HbqGyVJMokxY()Js%TJFWv!+e6@^bPPE|BJrKei|v7UzF&fU>TZu zDvMr0Du+vuwQqs+KzvrP}X%Ggw1Q zHGjr=Ohn~}5r(R~ImBNJKilmevzkJY7r#+C4*N6H=;jgjr?}5bTLY2gY&$Eb=)T6I zKO35TiRjivnyA{W6|ZfAn4CqwYiwzu1Z-=r&|+792ri;C`!_1NNadYX<$ohk$Ag$d z^LA3cko_AT|HHihyo?#>{~-xs{1=Zl$mM!|mqc-ijUkegw>Kp;k)dKyGO%C291#}C%zQXMHz+<&2V4m(Y#!^v@&20s zh}$Z^y0;BEUKUhpVFLL0_0jtFWWdo=qU(dbW6sr=n=Q)ei}$^_Ey~Fix%pn)o`V(H zhha#e$9&}KFZk(vJiLDFwlDXW1pTCYGD=UEQ$whPJyW#d%2)Ze4fCD>PCfTOJhz(` zspwb=M-Zg>)c}aWq+Jddkg!t@)h>7aSw&sX)0U~^rw=e`p4DeAO}Q)0nIq)R6JZ)3 zQ`l%cbJ0=;g`#f6R)b+`^P7&#A|YMSn}LSnQcvufK{m=2t5v9v>Hfiw_GqQk`+(V}(RXp_~ji*P3l$qE;R}`?6ijYH{&QIwG_YROU>pzmnRDrxom-xF) zNr5pa)q3?ofP!tUatpQFzQ1^SD$787b9YT9(NoGrA5uo9K+-<)Ab3{kg#JaqlTJ(( zx|J%*e-Z45W+nTJ@kfMBlUO>9&3P}pC$480u!=191(F^{Aa>)31G1>?T7a^!c+n#w zzc>Ut@!NzuRhgWhaq$Lmd&`K8G>T*f1$d+VO26+|Oxcke)>W{>il&m zn#Js2$m}WBC)+#JFmX&iA$j8#FlGta1uCrI_`-?TYR9(J>3a#=7GuRKWDd%D@)Wj+s!l3r9du zY7*;=kp(YF+*$hktdyt{#Q+Dmf zYRtf8$|*3@VRp+|J#a*NQ!}S!W${F&AKX;}7!mi#JeG7J=*8c>zKKY5*h+`p1oaqY zRgI^7Bw6W5T>EC&B z0%`bbr|X3|r}a*xlbTLfhOQb3lzwy~Spf^EwPMq<76s9~#w(6b7W55w|02k)yE(c> z656^DbEAkB>0_(i6V}YgNRR%}(yB8W(gJ1ziNXuKwny1 zZJQj4);FjbUrqWqIG)nB&6d%pm=&l<(GE~^{-q)pR&paYn>Cxx|f)ArkPBRChDwHHZ398`R81YKUm95FH z^v1uU|L^T5Jrm5x1fM z8<(IFUxSp=ZFpBX6#j+By5@x(L%KL&0U86NCO%QfK zNTa0gDKpMdreP)bv%llY_oq$S3YD)2;0(mFb;)CZ8ziRJnH{X;0Hr=r+KOEML8j97gQ9>O^&##`PlNT*XY}KN>uj#o=imidM<=fGz$?a< z3qcQ%0#VZz-Z>hXg|RiMTBfssBSJ0x1aH>F#Ee&`p{alzETePY9N_{9!o6*9|xRhs++2}E> zZyK@nd5|k5CSifN{(22F%faD$4FImXc*58N6&-(0275_ul!TPQO!vz1?T5}faOjYz z)hVkXoPZ;zUdaWD2zte2r7^sr4{UE#2CKjTH{|P+ywcms(-Ke=lhW=>Ye%cbYmNa92XFh)BHoM1iH8jC6vGa{u6Ts70%+*pGgVgs0g}~xv@DtnOK@$zPB7z<67mM@ zw@yIkdV>j6)!=^Gjpx_I;(m&1B&2wbZiL+-8^^aUOH#e*30E79I!!Q$Pf$d38f{KC zi1OB(RM5s0LZx9XPy(&O#H%qI+;n=MSRU5)kn);J^CCeMPx79rlg`XJ5%DUdSw^_P zAf@kQ4;;KX>f$C3mS}{-t3;}fJ|Zy)hi?dr0c}oQq^{)|ZEi6V$D)o*$w!xBoO03; zf`vvno3z8;6Tj9L;G)5nO9xk@F!DjD3)Yj+*TL}dD;*d9>B?O^Vp_>;F zgfzUXP3hP)^fJ}+f_hbU0-KN)^Ks2f_Y)|_^%zOS*`tPCS9E!Vdklwu1Qcm~+*fq@ zW-NI}@S3R7QfQ>@4?>E$1*U%MEl6>u-jtJhOTw9Fk7#RKKR%0CM&M6yAXa|8s~u*L zbj-UsA6_8X;0~v52yrU$R~@3+lTWG_!1&UxAfja9$vR#FAB(Zi13wc|;F7u>=_2s@ z*(A5`{1he%+d0kJ9;OcoYn(WG0d^9G*%YXYx}TQ6t&;_w>C6`haMWX20%9!AXxt_t%11iO+|u$9(j!E7pVNdJmCOTY==$0GEv5SD81L$5<tW1j_<%sZ1lndSW3zGc%nB(RwN5CB=%Q=k zKgZWx(iBx+2(BvdF)VU68Z|0gXsP}HP#WwPHL!q?h zk@$-@Wk|>l)G-y|C;Gfd^x4F74>bq9iKc;vS5~H}Rv%?vHn)QN{e&7B`O03|BqhWC zNCE)#w!d&P8w z!jch$tbcXGK4Y7S7MZf9f_ZZB95m6z3XV``@WJ_A5c}{x#=a7ltusDJ)n72o*sMF0 z>F6%1p2>r+d^Nmz*4#`7Y=y{NcmLY@c<=wLc`jS?c`2xtEe*Geg&L zmlm|aG`}L-p2AhlXK(SwA$Bz(rB=70kkJPal{2=%TyrXDQFfFU@aM#x7RtX1{7KK6 z2e1u~unUFJp?If!%|pF@3p054#*-8~)lewd<`K(NnJqCh zJM3lHR#Rf*9=wXKLWVZ8s}vFm+&nVV(gxQg7333$HXZ`KQFGS2(hkEjmH#bjX%-1T z@OMQaXrmWQb5xyP`$Lide|qlsm514`R`R%BX6A`d0$6;&3)Wp`meujG2MtNqI}n%u zx^CSrjyf1Ll2Hb{9!gjCL`~FZYC{jm34^Y_kqHwNgK;(`!B<-HF^taYG+bk8OlTcv zVv8~dI4=o=iZuSnV5jv7C+T$miQ-jFg09z*DxJTP7KlXsnD7UQv5ORrQh`B`3YcWZ zxm9q5Kv61suJ9McEqhmj0I?T;4cN?Yj`7}592s6-5t88Q%PPq}c|R~D+|s@BGZ8&1 zuT21TL z`b9?lQxF{qiHoY#Uf7U^FdX;xTbVZ25sf1#(bsZpb6+vrm)uw*r$z4a)S=5aut9aQz-Fcf4JwZ4miVHgL|H zJZiR(_m?|UW{akAbz!I^$YkxGw;V;@sz5?u^?b; zME((EiT-rw8-!NYg*^B8j&p>qFFvFLB$xGhBJCo@0LQ)Bis!;UB6X1El(1oIah-QM z&j=|zDd~#j+D78B&M}6PeJ_1sT$!oki4#uAJ#)3v^t9DC|n5F7ndYbcM6?i6Fu6i>ZGvrY6pF^wB*0#ZVb&7iY$_)T>D1|tVgVm~ zXn+eNQ*_CezV}I1+r88m6Yy|Z%SM*yk?QHW-Mo|L`Fs~=V^HbxTVr9^^viC4nXn5K zuk7KamJ7QllZ!-DjilTlKHUDb2KM1@P>}FhHx|8X`cGrWu`!mHdU4oh@3pS>s&@sA z>IRr9$M7c;n?;!E$`M8;Ql;@LI(EC=1W}W^i#~jv=>5a{n^cANGic)k+ADpnV=Q!4 zz+ofJ@J9~a;1nxY!rFuuAsbZNP(p$nU>ti>6k8#KF~b7*9VqA{|o!<7+d0Ge+#S7yF+msJCsL{+^ z2pA&jgc7+Y|dEb^~OlV(Vuxk0PjIq$b~yqx$dLh_QPl_x_%Wy z^Eh2z&dJu%$>GTo2b!M_pR=&iqZ4_2hn(i}6h$j=+v;Cw%#Xr^sfVG4cggMB)M>3d z1#?~?fx~IU{axS_B|Qxst!ESp7(3l*A&&f72X!LMvY(bc*Ko`fL00I-V3$A|faj{@ z>6qG}%4O+^Gs*njP_@K%rv+?uY~ut>)`lOc5usfu{EQ#;h)+1rS8E=Laf&Mri%Y&m zczFSU41D8QZUe%yAUXzXUTL#Wh0Nmn?or?_7qD9d9I?Ymyhpz(O-r@5ar?M%WX8Xc zu#fm~R~_R*@X~C`7)c^}TeZ@69h*P`%q**y=rZ1>)_ghb1X(X!kY%<&JDvys3zzd6 zJctS1m5Ea}D5$7Ak2XIZjZ{ z7KIFdSGp&&L&SC`Ix>-JsSF(?z*r6(%e+ zmH%c$1&Gu$TkYMK^BRj9akcWG5$ep2qYAkhg3SwzElmSwN7ypkDL$2+jR?YZNa7@5 zx{9bNcvcOSp#Q@M1Z-1$gfk}c4HGII zFvA{KADjTTDc`LB>e;ucsBgLZNI$T+G!|LTEBX<0p+ck`bB+{J+wYZQ33fpO^PE&- z6+pKwm_hm?3CKDy3j&$rJb4VfN8lqi{3Jjm!GC~u0bXn#N&AlIZez2=gz8nG^(2DU z3^j0dIX$SYw5D49N02y9`y5rHwr=hP?j#U<@%`89$R9K` zC$8O*Lz2Cyu@@`n&aTWFyB1F3X0qub1DZiU=vkcb)-wt{HS)u%!F)nD*P;&V@#yy> z1s=^#JIk|pB1m|x_d!M_5_6szC5+Q~yEJhTXygD@t_?&obkM1{1SkC>O3>7CXhw*Xm|SC$f(OD*C!GXQEEqZ{P>dk3>cj- z%&6mwrbWQIzxLQ?xL;$9avuP+R z!@U0dSYq;!a`v8UB~-a9v!Qh^!>i9)&ll!gt1*= zNaWWx$C&BUtob~WTU!rzfjK93ti9N=-9k#cV5w`{Jjr9a%q7nyNq8yh1ck$>x9l7& zyy4Dojs1B}X-!e{3Ui5uvfNR2I+$&O@JA$skw`1T)~R+e38IEzBT=&4bs4#UhV#!b z)1b2Wwy|QQgs|+!3hNaK?1sU%8k+Mh4^-^7QMV!9lW^wRpmzhLCe9x#@Q>oKBTO}R zd;NTkD+uWl=t!^g5E_ufwfZOi5E{x)+wcF~{>&jw2n|@pdEh$cx29g2ECv^ehgpqW z*8=4Y`iVfeA99>X-wGepbqs#5YL)rvJvf)!^2+)olK8RjkSe^_8y}^|L)NLxY z#xmdtG`>(I@2A$Ws?|pC{wf4$v9)+$6SGqOv%t$ z!&K`P@zrWg6=*}4ONjMaF(4|Iq$T|BF9uw%wmMDcY#-)gwA#Nd6{{P%(h8`mE^yp5 zQ(cmpEAp=#6P*Rl=ALdi)0W%YKTq}#Zo-*Hj}1Gq^{Q$)oHhm3K76>lfJ`mlwruTw z38Q@IbnB^eb(N2eW=CqndNVO!*Ork7G|w&YLE}N6zA-T~`t5RSRzABQ_C$>unJj)( z!)-Wx%^w^jX|Yp=!gJK5a+|h4K~RJat{OIN77bgKZEci?=U6^1kF+eJxK$Fj(Wtg0 zO|D0tTe8>!Qb-nrG@gHd_te{`I0Zk3cG&^=D1B2v{ADw~0E~(4pZ@Jp`JY+)pHmVW z6Z2nx@IUTiroZJ!|9Dg~{g>|I|8)U;cc0LFy8saX-31U(Xp|72xw2(bzp00#zGs-d z{Y!B0LhpXMe;Z4X7j}olspaMFW%n45#b>bHcYGww&AZKZqZHyJ0mB6 z^F|FX_?DxIcH=|}ElyCe!NJ>#&B2=loup3g)gH`Ih_duDyM%EYo$crRns+D(*V`*O zq}3K$52qEg62Qb|G+eO`1vn!m5+rcclNM^lg7+k6gN|e4NPy$eYJ&wV%fWuiIh+k77$2t^i#ms7#z{kQH`g9|5)udWdO2MabU80Op7BStm>f#@$ix!U3R{;{*9LiQ^}|kv<1S z&4z_#!iP6SX;_JqDKeqD7|*#cwrd)3a5+&zX==6T#f%jQDFqE16eve6jNt;7nik1A z3DX*O_ghLhw!qM_-BV<-8!S85`7I}@^HeURK}dh`%m}2w*@8W&5=6inf^Ew#4}i)b z?4ZjSgj%F@>QKz5lPv*G`}0q~b-m#%DhZLMmi)C?)1!y#_8C^0E1AphNr|d^Yt_Ih zY6~0;yY<>@Ncc5lNC8K@M%QG?4-AsQj)+v`237-wiThCT^co~7MC7{^gLpzaa%Ih4 zqU{!->}_%qcis3>R>L_f%(kqmDC!iIOQNq3uC-JwC3xv6j#h0XJ zI=-!nXgL9``zs_u(|T8gE`n|SB)@sMcPRWeJ_L~=rTT=&;f7Z6eB-dlud?=r*k#9-hIKp-Whuv~KibGduF!GFg($2rVBTTO4u{z;F16}`=rf9s z9Ck#78t^pf2xtZat|u%um2-hVnHM$+XZTscuVB+5O*%S?fxsQ8t%(pfTZo&33oGix zZb+P;ci?K9UpS>S-EzezZprDzCt=Yqt+u`oT3OYV#L`LvVLA^VL}9+2#EtWKA+Vxs z8BNk^Z>gQH!ozwjbRO8Du028Pz}@!Us`75>wl_xb2sPR8$-{K5$&=S~RZ%AZbdI8a zG3mDZMY>>GJQ&ZhwHN5&08^I7pVKPHBZ7=FZ)lM(?!ywAPHgthHd1_#q-s2(a$i)dIoW4C|J}L)>(StV7!=`%hhgz=tlsmb;oNI5bb!&#bS}y>v+%4CvRFD zN5A?>4Z4x8?)|ZuQK7ifnIUe?s8Iwoc zL%pn}e|S=RA)Wjx)d!e}3SYz?d6{jY{gnCo9E4e$7jZ;BisJfeY#zz^%1iW`3;KII;u z&S}$XTcL*CEQfjV+h1GZ6+uG9Gv~9iZ61=}uHxPIo*f~O4)%?&rN-RU>%!jd%Q}bW%UeHkE6?PyQ8UVk}*ie8ks;Jz8pBq znq2(W=a4w43Hexy+vs;f+=}U&n26}PeQ1PLjVo#nbcwBJ?jJF&z*dG7BkhivVuUe|Yr+c^Pr zKD_UiKOd)4*3ZXF4nce#f*`vyCtBf2_di-~Ww%<_SUS1W0I|K*EdyY|ZW>N2j*J2r zy%zUaH+tq!qMLmSo;^->iBhD9wC^VD2k?m=>XNp7jY3l^Uat6rvS!VbOM0V>PnHz=)kA=8Y?*;GGnOO%y0*zUwbhE`^gV+Uzb+pAhL!@z(f8@sICSZ-xPrKZR^x zqZAXEeLrn(F=C{qLxZ>&0{|IAe{VQTLofHuqAsvuv>%aHx@zKO6y*d4MF6}8DSHJ# zlt{WF6)iCECx%ZC855)BT4srQvrHrj4^mi)uRvkDTY!=#_icIl)NhurbqT&WQnU00 zEW*JB7}ae|ENI2zF>&XLWb^bs%w$Tfzj1^g3)!7m=W0^s``wGG9ywhCvIli>s*9e@ zf`1ZayB>xm&OY(fgEVFqX+}*1cwWc1T1DA}Oq+p(*>>>T@-uUpA0XlpMRd=m4rGZ= zkRYszIOm%(2n;BQG@{QuD$fA$YJS$?t3)k0RWEbtd+>fx1D$qwaPrybEk=L(j#ijmzwX@+jw zi??lpoZ#OpqOAn@3J``WdN{q(OD(dN`G(dE`XSSE48@Jd3(k$SY{9bEf;&GXZwjf# zb&3zIA={r&14z0Oug!T$(oes)%-<$Rr^OI6JB3WtJ5!IQAJBl#Op?3j9fDKsounPzPs)OKOp zKRv3Df4rI)@;v(60#q`$R5b}irAcv3rciY8Q>M+_PYEJ_P?124qCwE#*aV2*VT4~< zwfy1P3b12nIBxET>AqOiXcY!g*%c>JwBDc1`@jGdQ%>j}?XU zih2D$nz)Qz40@{p#&BKaX^6QnHxVo5d2S&tB>R{h46kp$KS~YL0T<}4*f_m5a^|n? z@pGVHFUr#0XUVVtfPRak9V@al;4p);6NMvRA#ZVI+HM=$wr$(CZQDl0 zs@S$sv2D9z+fFLx&HtaX$JveD*thj{)>z}~toc6gGexzWf~Yk)$vKrBeAR)&=p%nJ z#+C11)r|DIpwyq}mYt9<8km+}=#RV^`u(#=B250~6gur*D-R64eUNr({P@jHQ<#m< zwc{HHl6Xwcy@1)*XImSw^us(waDuc#6C^Si0Rhd@QKIW|e2v)tlFz@win&XxOAILH zlX3Q2L# zd{fzZ@9YkUGb%u5>_yrd+S9L6n-!=EY}N91X{Ig<7drAlc*L(WzfGM1|UEDO!SeYjnn7Ngmtc z5}ckaQgvOvj?>sJPC)pe`^4~Totn`&aiHd>Oj-BH9G7E!WwDLzn$@ahuJ6_xn&bqp z^J<`|u(Y=)oceGTuC%!_yidbPjl~u2VUW&4wjA@F?m0_O(?eY1hO>9eppmy-uB-+> zuMvH{qrMEeM5HmHR{AL=_(!6Ff`lg?yeox(%K$FQJ5h5yL^>V|#9cJ@)$J-o8hPw| z6^AyFaa6)>FqE2N8phlafel!)IRDWKZ|o%qC%6~<4VGof8oG-b%1jj7bVPe~-gpkO zAY5a2S7L!qWY;sR=lYc~f^Yb|doVmW_8PgouZPMT0EC_)DFiC)`LRZ;QIJXmCnAO7 z6G&?!(PfTU9&MqD3lKUsOJFFeJi?kOg7uXQPrrGmqpXKJphZA8hLay?UXyGLXb-1= zwGSLIKh*41+B|CB?s|;1+Ap6-JdFe9@*$*#dbV4cXr9{NzSNDBl_MO74{^3uTnuvF zO1jR~mZ>Wc`RzdY2upvuA3lG_>0UJB^J7GS&);g40We#}@k=jl_&W()OC5x6Qi3j_ z8C=sPO$1V&BhJZ74&8zEE;z5^*oWGZFoXm>8}kfYbWm7D=1thg;XWw7-^uCesm3EmYZ^p`fG~p-;hi z`hMdy1>14->}nN`E!17;fddA(Ad1D^4X=A!_G9Ad&_rU(w%nLb)2qBS4f*L0HN|(L zhPAQ%f*V9Z9xYBmO9RGFCy9O(!Mya~v*)>~Y&*qWy95vDu<#Yi#heixQpJ2@R}i$@ z!HaH9CxS{mz6e}+C*`UrC2K^fumNHSU7d+ffCBIr;{kAm^I)KQ?=%3KIQrp&b7}0X20cA`jh;{zFCptYsf#GfIb4Qy1-@MG(BlvL zo&PxO{KZZ)F>?H^&4KkFQU+N6|566N_Y0I^MIuNDAS=_a{}*4DFYq+iv+Ws|WRg&C z%q>_Ci{{YC#yMke#uu&>Tl?~~n;YHl$9obD?e*vK={sg%yBA-(*^#tX}fL#aAbihfhT*#;195z->P7sPj& zn`ZnS|GnrD``7n@)Ds-Ld4>!=&YY+GY^``LhOoAl@w!-lzTuC!Lgzwmx(Fo7JlWDb zg_-pWIN|EpR#~HH%IAld(lGiNczx^es~~Tf((tQUc(sVn^_ZggxiPAfd7wgZg&;-? zb1{$*EOg~_4MI`WoqCSW0xa4JCH?yvV@$p2TUR)`VXvVY$WPxu`fuoO+Z{> zGeEWbqrJvcz0kjhmB|8Ci_Bu#s)fv1m10g9lXAYiQi>xAzsEfu%>p4eaKFuD#Y zKSlyAAryC;j@FQ#RmIkKou5a~m{O|mIhj(8y$&&O(p{aRQ%?pc1$Vp^dC-9j1*ZJr zymgq_BDK|K{Q?0}`$iqIwQh@7(PV?eS?F@M2~_+os+W40atK!Yqp}ei)s5b%KzP}8 z7|a(E;uX&OO2>P=Cl5CHjid~?WPXcSi|D+}R@;)LN1Scdkna-I(6kPeU7~^0A$EAQe8`3m3UlTa#D5ah%G1ZYkM1g#|xWg1EI7UvyK44;dnrDMhve( z2{-hs4g$ew&?#Q!)Y+AE^GPd8(SgqiS?*0h=rsOT!PtPL0QFP`HgkqCo)Nb~*Y1|d zT0zDLE!SU!IA$eWR0y0o7R%05U}|e*r~lq{t&Qoi|J+kmJqoav_&^^UjeEssd?28hMfg!ppoQ3MEj^VEksx+*)2;lMGL1|tCkld^ zX_UI!X{o*_w2~1UL~`OP_fGYi2nmBOt>-!Y4k_87klC=SDTNsJEsXg^wBh|z9~=El zq1Lr?U<`@FsW8OG>q7;{Qm88vyv@;|+&-iNsgRv~Sh9ZN8M9eYXy3NYByGCrU(jAx zvM_?~)VA!~4Y*}5Y_HYUjhkW})tjM%b4DWf4H9abTCzIJ=!>Be4nR#f?H=%C%XV)1 zm3NhTwol36h+*Xoa=09{yls|0^^6S&OjIITRga_OrZ)=&{OL8At05F z{PmIAelMqK3LfpC(UHf}s<-N-02TZp*rOC6W0sL^5D#O9nGqPP;oAU~DWre$oAZyAS zyc=9CX?-ex8f>QJ?O7dGC$H(ANPoTsLTW3J^4WDZ{m#3_AuORIWK>9|urLd7#*%7c z_Rhl?%kz2@k4QWMg$I?7%qhurHK6kf4YzuRi4)BVRomGc1o^CqDG*G-u`6!nKV*u9@=N9-8p%Ib^ED{8MVstwWz>eMpW>L z5|Uj(v5+pWz*Y77697wh3BJGgYu7S!jI6zz&laS&7j2Lm( z&A+t2f7=kS{+r~3%fH#*2+Apbr@(yM-zNW)`3d}&{mq5`&1{gchCMRwD@QXUb=NMt~v?eWcSx^4jZ+y))q>M6Wupzu|Z~Cq_|D&#u zOEvb`V$u3?WJ1P)Hx5xRCD%O0C;MHa4w5ehL4DJhY3UvSIP{_k4F-+{EQhBI1II7} zw@MHhHh^r_KaV>B5jP&iueDV43|V#_2eQf&QA_5jxvbRjpS@COc>_&m#f zNjNnAal~9~)T3jk*4Ss9B^+hG^Rbf+LvpF-L3iBoM0m4V*l~FEeoFp>@zm1FDFP~s zqyKMSTUcX?X%$2m*D@*1Xw-#x{&F!HstLyhKp4zi1k7Cl8Kwp(hs$XdSzt`YkW%8A4cz4060H>M$O1A;k%Wf{7D~Bsqt42MEwJjLnnzN9_^+bHb_cP>u^t zJS4jZ9ucwdpKF7{ag)d}HX>K+uC3;X(9wv{m1UL-e8dO8=8Z7g?0#hF^t!6}bFS}?G@~xNH z(Kv0EI62^PaK++aAWsxD(z3LbjX+0Mhamckm_f9L&1GAJ3?)+ zanYlWf_K23&j@4|fhoqz_a)WdA7!14o-g$$SG)oYXKYJ$Xe2}M`m{(SJCvDA8o&3u zJSa08m62ni0a}hvyAVUFZkJ!*55WhbBP3hcMefV3NW?Uqu}UH&^CB1l_SF}~iJdN` zP{O{Gt(H`a$ID=ull2z*;dLtNCGKJvA;IyDahrxr%=8=R93{@1=GFqdD^hL|ozJ`K7F=f;CCvM0>B=p~Fd=e%%|7~= zO)!@w(dF*Na*3?ut)=XgmU7Ttl$wCo%I%8*?eqQ+4z|trj`^&L*W-~FUAUuZSW;G3 zjNnWY@e)H-bLPiZTHF;o1^C-3{N8ukPX{4#;cAyUgxXm}Ha>6|n-5DKaJReP z!z|(_m+4<+3GuB3nN!kVTB>pw-bGykZPRoUeGRl6x7_qLEEN-nPUKeak)9tg9Iu$8 zb@}O%hKs7gmC!JtdE$U_Hgfj*$)%^m+}`qviZG9gyyV1FqId2t5b0HOLVnf-|5acI zh847->1;vQ2vYS&JSTY&6{mm%#=HwyAIj%e=+@hx6A!-g%BL)J&v}W*sq?x0$?vFC zF%b^V1dSCBmpj}qSCQlw#91S_j9v(hD6H*gv~=$9LXeJhaICgJ2)UujrCAdpG}h zSp7v6GkzB_{O5uHVUSt>QY-)cu=;mN72l-{qp<%ij1`dM)u4i809mw^=x-ou3qQMWT)TLXxPzB42M2aW2|; zlEVt|Fyl3)hE+4n69(NerY7o4k!>r5ThGd|$2U)d!1@q%qaLxe#aqlao{|d_oB6&r zo5P(sY(wDKf**Qc;~VNKNxWdMTE`GvqaKY}3v=fV04nkjK{{o9<6saM@KDF)MFMy^ zA#aETYYHveSir2~vZ3fVk>AH!NsJhN+#72O`q9`l!p4J>?k+kV{A9?#geHa%kvL9; zxNJ`Rx!G4Ow65Aw*f=bE$GTQjOEJTQ4+6!R{~Nj0OQjN9r{ml0NF1o48)>R57Kz6Z z0>iiiMin z@8L0HR#j3I^fn>j2#SY3kefpB;Whzahm7x_br7#VjVaL_Ey8e6HQHl~VqE2*z*<3R zktwOVJ@HNj)l|lHPbjL2yB8+4!}#!KcR!RIdu`yW+IA2s#?XvyPal+l1NA;n5URp9 zfblYB*vh#8h<$D{=CPqiOdZj(qJReng!!=Z6eJI23a|4?#Ps(EM%< ziEe_+JpOaWO1zK`FOK~j#Zq0npQ8^|SJp}GEYD2gfw=jLcqETbFh}&1-BN?LgI1RH zcunCuc-fV(3&B>a7x*8sYS$%5ywf=#IK|GnP7o_2_ z+mzLNz?bS=G&yyNpE>#n<6Oh?cd8&4sJaoP)&Wk!R_kk5d$LoagSO826yJSQ*tNcF z-|~RBF%3P?o zyTdNN8ijA&c1xOME1dn20oW5*uln@j(>S**zHJ~ktP1(ToTe;jSldWd%WAG5@OaXF zXZB-PgLT}Qeri^-8EpTyg(*kngP$s*Qq_EgIcY;)4yMvN^IA}@TFN%l+4+c%}L~@c2kPa0}>!K@5(5z3NPjwk}B|VrEi>LLX#euS)arLfc%%K6Dq4RdF)ti&ULmogHpkYzGNthQpNDlEDmZ?@%j8elo zX`u5a6^ZcND~YVeus5(><-1k6jY;1Y?EB*h2o}jH54N_U+OLD?zJC^O&p&rTf%SC9 z!F*UxSJ`Fy(~;l(%e5)SW|;J*IwFHM?SU+G9i{=E2^i%Q-6SNCc&};ysmi0;lel5` z{Y5?Dj*CPc;kPd!vI4B|T@X1|LZyDR5SSX5?$I1d7zG{L&NI+gB;qJKpu`9P9&s2o zPZ6TO1EtDQ@@#vA5LuGMW0JAu%@Cn8yq#L*o+uQE=r5IGUsI2&dMNTayf6VmZCzgB zL7V7mT8{pe=W-V>ak7etKD?uM%j%rTqzNZ3@EEBhuV-8R(^~d0+;hbsLa1Id1cpCW zt!QFD?z=@ZtxzQbbuL;RC?zd5RZKyqewwH$fhl8>N%7qB;nYQ93g*uVM3xQYHy?IR zZCE`DgR*E-H1Lrb_smBqE*bMQfZKb)$br-Q-JsHx7r0ya%GZ|%jR51l#>X!`-SSn= zTIWECfH@*7$b}!-6Z$K?>T1nAasty5YO>6N7gTtUG8mRv-E*Q$-N-wgh?{@t8A* zGQK6%GMcBv=JA42tfFD^oxsElq?WKswpdQxeK}`VlxtgE-p&SvOD_9r_{47tCCT%T zL)~9u1SS^7ziAX${}S>4ZKz}WHvv408L|`mYzW_+1u7?cg4Mlc5F*LyRDMf{0DN(a z9W*aWd+O)MbQlSDa~8b)7Rdy(FRm#ImSqlR^kEro<(KwHhuZV8V2$vvT5 z*s{mkong~&KXO?-cBzoY89qb7rfZKr1W8o&(RP@-+Q znqsln`{)8^WQT{F=R?|HU!3TngxP371vhgWN3*l9haVU z5wdA&fPBs^<*>lU=lo4z#%(V|$h2ogEX3xR7#k0jLBw0Sy2-Rs+cOc^r(W`ykW7-- zP_5lMk*Wx-tB5uSEESeXB=)V?Xv&N5#t`aWe?(!=`GDc;+zG#jgv ze}yy#*I!ur{Lm6jL3Hn6>JX-Zj@#`G&yygKby5Bif?MaUg*civX;j`aHM?ZE@*Jr+ zAeh`Q*gptgKpqyAD*^)}RMLjP$i?y?N^>i;O!xp0h5p7|Lz)l@JFHGDT$X{kjnU(} zSlp)?f2xddm>dT}H1F2H6;JAIsn(o+y=G8aQR;yUP6venHb!SpSzk$(8^GYgTpBub1ClIa4Ei?l2TvK^k-duys@4YhAql0t)x^@V`ih- zhOa)r04c|Y-&CLRSOnF{szbTnV0TM6oF$KM9HWUhf7@LIl^(Kos_Fnii-;d0piS32 z#<5n_q=pd>=8o;|pz<^U47_>iDZAdeD30KEAZynM%qV%X7J}zUnhj)=+S>mt&ibKz zBSpVn=FOoFGR9K>mq-S^H`;6rfA}P#En`DoM}2ve3E z-44(I4~)`fxyo!sn35J0qEdto3-X%f?l>-~P%LD-&Z>YIU0j`5Y~|sL#3HzlY|`Fi z0&cbIYK(WlKyNFYj_#K`kT`~f%!@^2uizDXO!0zoUx!dOwBg<~=>qLjVaq&{1*bf| zOiu%qwl}+Ln0DE(Gw|DPxiJpKk~TL}kVh+W0NC!&EgA?PtfK6FNe(OCd_%|>l>xFk zGW*km>y)S!X@KTIbA4(UYQO^_WQq@Aw3ZEEC@y;?gDwKuwPADaD^RsJZ2zkBFAW1_ zwBoH~7OU&Nlwsf5Pg@`6+h=9wa#vq1NILPWLqd~iJuRiPP1+N+hvna*Iza>w>4a<5 zjIQ;gb=%#ilI+w52~KaZn#o$V@a0nG7D&~?z7@ob2qg0jT3q4x$0Mn=GleRs;u5GH$cO5;#a51r&r0?Yyz0`_Fdn2i0O|0ZC`IN^ca!^YQF*)Y|tVq zEZXNGR0g~Zl?#H!>dh&z$z?$ba_ju$<7WO@VXiA{cx_4=SB>&M;}aLc##3;x%!`wT z62%uL?1Khgd^Mnsbjl7h*m&)yann@{@^P_;JMMK;+gLdwrnO96BOSGxk*)}}Cc)aJ zgIy>qzRtTYA=RI0-u49uXSMKP1Gm)KoCaQqr!m4RZR@{-X-HR~q${X(3#t*MJkIfTc}6;4a(K`@3A2HDMd+mVj`ZH-rhL&1tf7bZr!qvZs>p8w*tmZ7do|DB7_aiAtM^*IGjU)t~8ob?W5#eIz41)gFfPVV;B#x-I}Vo zV_k$|TV{3M@^Nkac&~k8NaT53t2{JTrWddoyi3yX*kJe&^9=0fs29G;2HK%W4@LS_ zU0QY+@P=G(CqK>&C(n3q>&e*t`jA97mPfe&3A9Y(L%5q&G#lpo(-|8{zIcx`w{2BD zuSgz0MFMKhg8^>&5iUizQ1|;!=p@MQIBiUDJ7Bs=(M?aKgECF-GrN@7PRI3SF zZ7K^j5~KC{wORFai-W@Y7@_$hnyZ1xa{ZAI-8E~KuV9NPYame1;#U`d*2p+1!9o0H6u;xA616yaeaFW1)Llsd@70NYWRwcJOc z=*BMSczKcKh#xc}bj9!Kj8}&_rIVuKL85X^Ag|5G!1o--FFT6nbXxA0fW*^jMLl1` zT@*+KT05pNhQ!2U*<|kbev=p1BjS1|oloT$O}YCB`47Gxy7XcmJDW)MfQoI}x$vXl zIaz#bE}kxN0KYbCo@b>W;X@>T?f)YP{KYqMGXHI{$M%Eq=-DPi zZV265J`*>5-Up0CsC$0#eAvz1^Io=&$kkV0-=xCI!RoEFt$V9^ZfOF=?=X5gG`9T_ zh}AN-WPqHu#seEBY!9mnl(01ZF5lt)A0YUMMa%w4)csynwg4V5nb)i+_lUWgg92xo8w=P8gmfEr-Z zB-L|gW82IHn4NRTNy{q>DpGhw{CJxOBv1$_Kjw_Gf~gODKoIH5$*vmF6k=09Sv9C< z9w!FJM!8_n%9ujlApdnPKzf-EY*RjH7tZFG^vCdOljNo?Xp?~FeqhazXnQz~cSmD_ zcak{{{N31+?K$Zvm>#`gJ*7YDBk`|%3%Fh#ye5%d7@LGaZ0i7 zY+x0hEf|H6c-9$m%*E#*FNEPtquATvcIes>weY&}vWaWg)!2j)>rpw|`YVJAF@+89 zG3~KG1`5*U7)f_?VZ4E^aEiVjFlXQWqDjoxj)NN%i-u$i2y*qc+MUogMdwZqy!_XcUcT#{ZD~YMvReDIm4hvaaZ$P%f)qPNp<5D>K^| z|EM@pWu4AkI6U~Ug~oMq>k~Sz8=3&Cp-vf{LYyi?jZsS{9>K%^HE=O8@DpcHp%kHy zTN)0#>#GD!*h!V*+!8W&uW1 zploi>D8GAUwVrX;YzcCOaC8~pN|V?SVZ;g^^}b;w0*hNXQSb%cwEw|@^A&xax)Ub} zH*bpD*E_0$P;f^XXKz@fb&T1g{@lLWl|0Uqy0w3FOBJhse_+#ap#@4I0QSXi>P+1f z`8A&j^e%c|V0JpW>VL$Pzi0tQhQG4~Y=6nb{thbtCdA}W>#qvuPP!eHqOI>(>zr`( zO5rFtWI9^~bHZpkAf0Pz&cgo5dK3GW5G3P1P%Z5Ja})A!r{ z_)ojomFnU$zx$>oI%>F=g12(E?=RmASy5ZsPDG#pT~G}J%daYK087kL zjbDSMYOfIEMw9xGtb43%us&beQ6$OL2xf_>vlByYHvEzMAwDKdcg#hi+B^GYk z2y7@UyeYMoGWAraIcY{N$yA9*G|6u{m$?XKXCu-#9pYF|W~+dj`Lf~wNpXHSz$d)B zEZz~h{m7m0Oc0jg#Q>8~j^SUv8tl(?F+nWX=Qvp{cPBU~=Cs~GNWnC>Dr+&okNG+a zyFjYet*v-+7Eg}c8h+;9fq{e`)NLLb{X?46SksATD?S-&KxBs8&QoUkK$|xtZy-`h z*pEVZ@(zshV{cD)SP_n^J%3@{ymHWAk#%0S0LD7-Kt!woXr)K{&k z!!MJ81sZ1fm=7rQM2=YkwFJl}9W3)XMmt{Lgg>teZefliF?OOEjF> zX)t^9>l=pr)rsP?2JpkslRr*gO#1Xmew_=xL2B3(`0B%omF~MfPHO*_8$+r9b}{At z>W)R$SA@gF-ByRQYzl^J zP`e6-d-AZu2wq=e6$^nq&j>3lg*);|4sV9GV6+ECs&w#Qg^;i3MGu4^2Ljd<5BL+$ zJ@^9)LU_t;YkdR~r!Np)N&{8OohwCD1E6{uM=6zrDk70MQhyGXuli7-;1U(h^0>K7 zcNEWzG0+p1bJ>tjHZdz}{wL%QtKXwr!JaC3*vMwet9;)CMH3NFU*2n4M>_OE59Mf8 zTV$Y^byIWRF6aDYZfczE(s)opmAuq8PYoYU*t~xWty7~CHX3Jc^3}=a+Bo@d8QT2S z&SZNj=Gr^0%>${1TKiBl;*@|MH8NVxSvF}XbX*II0kYg2KA_!3C*d9PUVgNl9+2lZ zJ+eYacSS|Qy|oCc-!T118BolN+IKZ5 zf7H4uC%}$I+orc&XRbv#?u;sw!=j$YG8326pEbS=0Ll2|R*#+&sRAHJwpAyzVHqiF z#*wc(q9Q4#fT^U;<`URU7z;dhjQCgQFHyaSyOdYNX`T=WgTCN zpSxK>H`n*>*5#9(SXJ7~WkE~8RLhn9)?3svg5&-JUES}s-1=_0c2NL(c-I;M8mS7D zQ&2ILsFKtczeh>}>urSUSW(ZI)V@^@(;E&lK9&S=1RoT0=ywJ~zSS4pPqC$G0n zvW8hso6-54J6eV4_r%s%g%iP}wUGRsVemp0+Ubg*J-yTV)-9OMvW zm6_ARc42SO8R%*CF`aSUd_sMOH~eYul{Y8^2}*v1t!~&S;^t>#ikYaTW)A_D1p5kA zx7od59awe5p3{O&pp$}T<3nREOd8G>CDSsOCF^*xyH|}9N~XeVm;iSRPWEKV^_w55JCU1lyG|%XFLEBdwPQIUtxZ z+(*W(ne3D`71wVzxKy#9fLzbWIBJ^obb_FkW1L&rEJg8|2RU?mF|&X0ktaajr`w0a zkLX!NxHangzQBiSrK>^-C+1T*Kx545bskTl8XTVYVKhAP;pORq+aMSslVWjvO(WS( z^Y_STds3aWxR*eZ@wEg3-CL_EWRm8^M2XqkF)>dOd}NyAaRL4lI{g=N z{=2bZ;9&XB1OFq#VE;><@wdT>{ofe*H#H|J))^2skEuK9NERo*Yrzo*CBN@#2qy(D z%iu1G|Cy_}=bqy?IM}QAN#rQYB50-8Th z#`Sz@#y|S0x6TBrT$;Z!x@ug8of9v6{OFQk6$~(40J;3B7Mio0e}Ps5E8w_pe3^b3 z)~(a?bvprxP;(udj;Jkg(fk3jX$*AySrV|9*N=3^l@iTEV~F08s7m%JW1f8M6XImq zt(IBK(y6F=3Zk8GSkGJ{AZMR2sv0htW605inc5R4wn52TPEajiyFlcp@uZ1=2}Lhn11-a-(?=0Z$ZQD@P(J zSHKJ;zPcAGBRLnQ;R`z-m1PW5vd9V|-m9xfz<4^Q)!F+j&MSq;#EC253gXIuZhe}7 zRY+7HSlKtFa+x97WTEk4iv0Elq52E3V7PC5I`0VMGJ|7SvAAzDQ|0uDiMe93W*p<5 zoS@A*nQ=$%b?BDD$8Ok4e)$xK2{>);x|me>J!60_p3ulQd#98LFBl`!O?@P^q-Ouo zDpQWMaU>fcf{TwZG?Z>6PwwbQOSX|&St0|=Q~8O-?#~lth5C4$_&S2{HLkvbbozwuDG+Dq`>L0g$*8(tM}5dmDjNKa}xg`!(h zT#yW~L#maqpRPYP3Rt(KYXGpxB?{5L*a|Z1FHmjT6_-fXa4Ue7sGN`p0;NJ#5g^_J zVS(-Q!~8t_yW1Xnei8rJMVO+6;0(hf5D|0nNFcyZGk}}7t_^_aE?9)bomxq(rw?^; z+gVMbUI9EE0>F$P!v%SO+pE*UT8Tkh#tb-3*&%cSgVe48xI&S7^vs2#?CH(vCXRv7b0ikuLr$vrJ4)>*|CT)`w596 z0zQqLW)w7soCTLuFL3qy49I7&cD|;9vqx*E#&6{-Nf^JO$KJ$a^&i3EubmAi>)%2? z*#9E={*Dd*#&LX@@!h2MA2#n3l?%O=8$JSF0KvdpJ!}gI@W7>h@ z(#y66b+zsg40;rW^8hC7Px!Y5HDvK=Xc_8YhFFzQ@!|4%D7Q!TD@CiU+eh=e(;0*a z3qh@V?L+lrt4(U$wdw7>4shE@ICF{hL@O99Cv;EY7pX}H`ip!AKiW*kP#C*ZoaYdE z<1Cs4xBZ%_)lE9@!ezak0c^Q$#S*}|8z%M&oYHrI&S*goi`^j5Wigq#q{xoaD3DGl zu@xmtk#hV5lJ03?RdksfSG(odgDy6914I`aTKJ{H;~6~3FSw;R`ZwZ?I>xWG#wjjn zg%2wsT>k7kV?CPOGIwJ2pR3`|3tkUNsrcy*df1EAPYCM^94yJw9peekXLSZactW@vG!0GH#GYaOY2cl~=7vDG%W5fR%agpHhq zCtlz-P@>JJg(69!#yC|PEwABolEwe}_dT*uIA0~{v2R5vH2NjBf zBIpzu1}Ppl3Swl`^LBN$%{0sya6;|?Oat2q!6i!yu5c71Z#qlo1@p)UgVfYvSmbss zlhjr;byPEH18riszDbgt_=yhRe6Qr{&^yprl-{ivOA^K?!qe82)kGFEcqIWAkeQnz zwJdO`X=GJ#zMol{S3<76$vs*ppVy<+x+j~=@nv2hiX%<$gT$NAmQHa4dB_+ha=5!k zjfjg$a0PBaZ0y`D$%P3pDKk=clWY8x>DkAzQmmmt!sonfSg9UPCG&^G>+=vaG1lpr zXwDm|I%U_H>l`z&Y3n-B$|IIeVu`o@iXJ$NPO0dCX4h%xfaGrR91czmyn~2(#OZC` zd$fwLY;xjcTX1_cb7(PkPHPE{eH=ik`&wo(6YpD@bx%)I8m(^XlNxv!`etcanHX&A zj4R*oW475cmgqRU@K^^14kLkm2?r^Vir(~fLGM0DGrPzMf;`Q?OJgS;9s1BXx*umy zeg`He2TKzT6zk~I;`&nu~BnZ41Nl}1#aB0StN5ZU`jb(=EusBZ~90wb(@XT?y}tp$@y-i z?=_qtD>=Z^${q%$=|}=~d4+#|pZ^NaY})^iWjpMD?Or%p+5T^E;P?lJ9>>3N=xu6_ z#jG>HbRARwpo>c?auYy^dzf7Z0Q92pI{$9l$#XuvR!6Zl|0BaAN9Gs-5JRI#MA=0i z!8BR>%Kf4&_^DYm4qB1ZBhTko=DXaa!26X&)BG*^Tp*luY5Gv}**Kv}m2LXCB@L9t zu#9&R$wnZmTr<+fwoFvGRc?4+zAPQ{;`ZcH3Y3~!fY!2r9Lz?y#3HIr22Cs>>&Fqw zs8<93!}5TbQiWn8g|4FMx7j+1=19-hCP5TPMav^aB6UKvnk`d4UBMDdR+!?I`(Qg; zOsR-6zy_hYl z4szxff+?y7cTbQ!p%qH9vggr|V*BUt2hf=4Y@2uvnw?9V#+KtWZAny|c@!3E z=aHzu+GuzR&2*I@XO2B)ls{{gHLw%z5L4uXzo)21 zIBybvz!-p+jz2t8g9B?8AD%2A_7nKrzqekls4{BW}9K#-U-jlg1(*u`NWL-P& zdnOb)0q6M@quK1N4?Kcqo!oA&vi!F2S+LjH677j8i$7Rlt<)WPDX@k+Ns_j{2?3)@ zJ_GPGGo&LdyH}V@mgaa=v7A(blz2v(A-n@3x7c!WYZZzl99kjykTDL>KKOR7R-Phu zwjiE0-=7e)V#ZDPX)M^+&(oQX25nDX7WxX!ri;D`JK7=Ltp!gOz*W0_d&)5DYU-qU z*hG*LP_Xo%38Cnr7)PZpW8ul$jYbT86#Ii-brw*)I)-j)R?|z?Il?=l6m~??b>x}0 zW8Fi9Y2e?J{`M&xz!mmhA>!qOn?gY1PZ_+tGXy)=`&7Mhxe;5jl!gnkwoNW7LfaQTI zvlc^?PgpR4lyT>qf|ji%CKky!j0ohjodgOT!*A-zpHbkNYD(7C{m0$94T;yl6~d>C z(or(1l@(SY4ACz!K2od8-LvEA6Rnog{Td_)i1_zuVOrKQJmq!6y8hg0`78JZYy5xb z0B08`Q$yRoee{3rGC2Rv`f~im1O07I;P_X*qYUZD?>ofE^$QB$x9UesK8SH}?Axm= zlovLqjXx`#?|r&_9Yw+&vv1Sb{AcB=e#iAbBmV9y`oM7zs=gbZvG*Aeh<)d(`fPwLVxVwb5ls*D;zu4=+`7e!o7PI5GPQ@bM-f ze<}mvHjwMca=S~&MvfNgmuebLrf34Dzdq4QO6YRmEWdy4-36c@TJwbbH~`b`WH!QP}V>Ux`EB@Ci^ku9TTA z%p%besR`d(^J{8q0oH-A^7<{T>o&MR)Uz1S2)D;i=4d>%u=d={O13EzaVULq2)~ta z(BK(bKoNu@bxOgVX@;HmDpb}uErdcZYdukSYKS84xg7`yIvPH!=_b!S8ki-k_(^u7 z#&9i>u5oim$G8Smi7D^cytu}NrrAN?3ggzS`9LURqc&_SpdJAakKU$9= z>Ax4o*_`pif+YlvR-j}_q2P;4&->(U=T9Ijx~K|)&hsiNYIq*W%UamYD|Q zG~?@;B@jOHHye?caj)30{t%nS3Q9M~X(~&&w)bWnBPL07(S{*!3%HrKvP6SW^QXWC z$i8TxanGeLG|f4PnH7ca+0F2fCHQ+{-rksxS{uo zEM!xVn%+=7u%==6x$XE0REAxK559@L7F_#&OwFe@F$VzrX&+g-q!-aqSbDhd(l`5) z?l+w1sN5h&+p4fpCkHx>2%mH<24H#V?@)(3w%O#iY-WZSxY@aJOF|G?AqdRoJ2xQ+ z`^8<&kNZ;r9aOjS2OQ2K$bMxGbG~EVlOhn@wXBlE>Ltorc&#?F3*?r^>B7ec4-}&m zkR@17j7efwK@NHa7rSAawdb8+G1&==5K&&>@!I4Lki$TZ&iFd@0_hL>iY`D^BIE9tcXq}d#2{rG2nTgkC6J1hg5auq69;sn6 zH2V{lL3^p`>_&r|JW+=nUJKH0gaA!H5(YkzzTl@Pu9qleZJnGu*kU(7kzefwU5OniJg-5w8BxO6bfV0S+G8!I zSY;Qq5xK`piO>pO_23EHk=&#Ue5|)VO=LX?R;Uhey#=-{66nT}LoG9$KUV?@Gy^4l z&8!HIUX+)v26hQlS2djSFs|l^qLH~(P=;D_454AYtzbT#^wL4;agwGaj z@k;4R2-QpLam?)S@jlBZ?Jc}Ng>ehcgP6sII%zy3@0A{Yb6FUt5$4?gc}?0i4&;{L zBMdiGj>AXo>QF4EIixc2o!jjQ`EadPIw$l8U4=veOLGSV%u6o*9RS7`M1;JwmsbR6Ep+*iPlMa7^~@-8Xg^EC z0tMZbH08?d@i0q*GQAKt$US)j5AT$~_XcBi9Cb>UlcYoML}^;9+z5qrS}iVRBCw}4K8+vxZWXxg`)(7bTOmPAx>~prsRx-Z(_F!DH9j44 z2jK#L*R0S6=4;c^L*8jiUEPCTxxJfYI&uxL%ES|!^U;e`Z&Yhcw!03QjomrWKIyxG zlGM~LG&^2*ac_6|@D{pOD1jH@9Zm0PCXGt+1vImviU_f0rBI6))%$e5_Vy;kQlLmN zM!4*rsRN=^``V{sAKC-}rLhsG^U$l_zKN5kjb6R)5BJ=+ZYAD0)7d4s=@9CHrnWXw zI7E~S1XLNo?3tHb0eB2tcI@%S3hcHmjQIZ)DBV1IQzVDLhA0yG}NusFtKN16@7evSj8S z#B9$@B@SR`>mL@>2%;9FZCAf)qJVVSQ80B7$nFw_w3A4e1XBr8Te2|)8S!2O>7H#{ zcO-P}0ku}lgZh(zxwTYL0EzzuFk0XQ`cX5!p3zg&JZp ztwCRj0v3S_0a*)M&U8IsM`wiRFsPeu7U2nQ{A&=FtdTz9LYNagLIS$3e|#jG{A2bEoL+0aR}b+k_3^Ys=HS zP^Gaz{wl&U4qcf!PLvSrfdWJIxc-9Y9Inw#OVV&huT&%xCL!#B?=vD=afA!`)cMIL zd_p4}K~Qb&vREFlAT|`-a=7DZ!7kE#&U<(xu;RqnP(3wE4Bup-(PuLcFF(Twju&Vw zC5fcYZONe}ligy_x*(1_#a;Qk*@L$7DKIfKZr-G0hZf1NvTl>u(Ov1LG{w_(vS1cR z!RQ?f*H>XW5FJog%S_LGmaWogX2nFE5@u4dP7&-hU=GC$s@>6bb3M7Xs=D#wPhU)#x`aEne^5{@XN2avio$+!~Ngx zk3a4qUt`}7@BWO8%8l|{fsu#)TM+n1+P}&OPUb&?0OwzbRnC7ytZr+{{_0(Negy%C zN=zS30+0#2k9W}s=Y&sd{?ohcUQbKJCdIfP#B2|112xjbu@v2SuOt<&D7JT>)7w5u2!Qntn`5oA z0nB%)DDI4KK~|cXHxiQ9RmPnpX>Ws34Mi1p6ML%Jh%9JkM^T67TMkz&-~khDmA!%P zh^Zz)ql_J!T(me$tSMQG1RR-@Z&`ktJ(Al=gkCF=QwK=oXqTr;bQed@Z0SaM{QOiY zNr*L0cdny!MgecKcZz8h5ga88G^Q$7BgHpJRzUmC;mAh?P#o;2cgJBem>c-$6N6tQ zjiESkv4;F`E=IuI2Oo3`u9!ISWo4Yw+wlc9ZESHCm(*yP%!|4sQ`=N-K|pfOBReF! z42MzkWnoc4>jQfI;7vgqO-8c`r|PRl5=&%Z*;m;D55h+F?eyI5}D2lR>r*#A} zAPoe&;FKh4KYsP=CpOxU@&K*i0@1Os(L8=Hy>B>Fmo^Mb^d~$$YRQu; zdsF$e?E^oEM)r?BI{AU;h%8XSaSUIWu9vT286+oYe#P))Z}{RbS*y7CfsbuFTm}Xz zUUw!1v2W_w5sllkTc-st(1|Pmc@6ykZ(IB$=zpZo^r!TH4?X_O|Njb9{X_Z^mGf== z5EsQCTn55P!Tk#SNx?5H!`+O;8+UBI-THcz5>PZj-0MU6^U<_!3UBLgbRfPov9Rm62NPFbam@-g#z!W zSO@Sa)t@L;43kFO_cjc&0WOB}N68g#CN0!{1Cl5pcX^@Zu@e^#+$v2q8bq5Msi7~3 ztOW^x{a8L(oaNf9;B^H^Xl0_G7wJZ?$P%l9V1v!amV$dL=Y%_CwgtjwFv;GMe<$xN zw)rZF3@D4UO}$J0a&~^u zHxO;KKn{ZrDN8F98CE+o$q?wCSKu}V7ofl??5Qrj{-h>)LD8j+(0-6vSo>x$e%;0* zi6O@V05jzZN%z>|H9E`Vrx=yukLY501;_@QV3YCcSkqc@rkMa?Ge8L#y<^mM)o7Gt z@3VPR%OaYRy=_FK&(hQYGtN2KspC5pK%%a)MGF^$PFOzAej)xVahOI4Zjl;d1!~l( z54bd=Rm`8ePX~-}E-s8dj{lxwU2afJC&;i0G94(?k!Co)`%9l^TY(d2pt61)&nU;g zwMg_=Xk29>8Nv)vce`ljWm3M19--Ncow)1-7MtpYsk_14((Lt$Dv|(i5r7>ET6JNC zbNzT~%){n!qB*~@nYoSDyIB=FmG@`TAZwCuYhxzmBvzP_o+^f9?8P3S|7Sv9BA&^i zT}9d=QX0i66KEY;s!b#Z1@1Cy@(O6>uO$=FXuhbf;kRA^Tp|&WC_MlzJff@Wf)v*F z+JY2C=+y*vgcv2mK%Hdp45Ad2$Lh};h3vAczb;-H`-KLW}{L^WBaR^o8ttCx& zjkdnW#PG--Ja7+ZJbL<(G%{N(Xq7s0g#CsQKe1zGfC)?8V;#7mDa}8Xv{= zWDtQ?P10#COsFXq>zdPP|pn&}4A%BLAe}kfKYe`#g z3Lt#Er+1=L&mHG8NL0W7GN;}Dt6=yQHgsN|xVxyQ+-TONir17Fs?}fT*qJlwoAQh_ z3~%gj+5nz0iU+-@a(!ufKT-TxDpKHi*HY;U0oSxbRI6O`q35$xCG^p~@b!f?kb+T3 zp~|O11hUDrW5xnc0M77uCy23mX?^Yf-mJ~TCoJ^1t+2TOI@g#-Epq5_VB1MH%jU}~ zAR^5yfk;zRAra)mCX7QXHM&5iO+sB{8{U7U za4VTC)AA6Skw51mH-hhbK0^_mGd3;Tz5;@{jX^T1Q4@XSTBX;7 zmYFksmqKCwdJ!w4VGa=OI2S-;Z2%*z@TW#3)Ct^mDFwFBqXZ1Y>KK&hC_u*sUfA&j zcO+%c+>R{qRniqWDUEcwgGA!An4uH19nAMWvoJPqZm@3@tg9YNfULTBrp$8}%wk}8 znZ1@4jv=BPcoAzkN7K|2ECiYob#E4uud(AW?Qv5GNHwqV<+x{NB$eC|(%Ff)u_rE{ z$@Js8tRGHNMHXUbZ#{CC%f+b{rI|Ffbuu86Noy{4VhN)wy%;Kit!|^OU~H%rq;=67 z6f<07)DCA8zm`5o7V&bMe(vOpk+nba1X&i@#A`nD??kQ{t8k3G{SQGQmuPN#8p|5#xt2Qqai`TFA zuCD>Ma%qh~tB!LBQ%AFtLyC&Y$Qvf&k{mFUtXL*VMq!3gQ93W;e@mN~hhv3wl98un zT<}>&0-jc*jhRqsG|Q)uqQ81!C0#azHy$~;)3hMv$>fwyGmUtTo%`lZ;}Yf_P3 z?W%a1BpDVFR)sBr=Hw;51lP*QBqP^_P~jWm;Rv=oY7{P+Jc7x`w{i~96?;919^ z&YC6RlB*KGK4WeW4GH#b5DA1tN3zyk4<7ihoc%~mA7m5e_!xodisIvK_xCr#*JTYt z@8^bcH)!yMB_bNt|I8%FTys7Od&&V1nu^;>kt0N@wdUm&tmtvln#0U!l!eptt3{(O zZJr(>A-8RX7J8|laKNpbXn@tXhOoGSQv!&yrCKo1-zK!ddmj8b235b%5>XK#Hd9?#xH2#>V#;jndPBF z-9RMvokWFyz2#ZK1rx6|BYE{w|?o=YjDnf=ebcRyeNCQ!j zl+ba0mH~@W$m1duXJ-;x#fd7*uB3=3!R&)AR^W^CVgk2Ai>3^2x)?_|PSCJ(d?$yl z$s`-NQIRgVr)X*ww*?xcqH7lsm}AED-3;-Sma(%gbr<{+LhLdx z#|j`T-`I43u{Rv*^=2`gcd}O!9|xZIcn<0Hp*zJ^Zt-4yv55EMoOc|o1SgLHk` zIQSCD_&k@RWt62@kfY=+m~is)ld9GN;(7oSN0AEVx zWSLpzD~@`F!cj8&0rVBCnyfG&l3cIuwf>Z8$#(soqRt0mNjSXV92c}`NOGKn#SJE7 z>8m{yuEL$c+P&UuzSEPc{P<(S(xPg+9Nl5JYF#e9$%A2#cHe6T7q6)wU|Z}8*k82x zABFuYwK@J+-(Y9>zmy?6!@r^owf<|hIdH-A(l7*a)WY}Bf_PE%JOKXZEI=#?_qxqR zZJQgCx2D4V53z%144=nAv?l(n4=LsePF5FP+-x2%c3r4%La!gh$-1s_#8;phRy7W- zUicI-Rh(aZdv}H$HI__KC#8y05b~+U^A;v|vRagb(!4+V=6Ls|-qRyA_#(6bOFuc^ zlvh1`-0*;`^+SpL-Vhd!Ae8=NoT!%dvtr>zqAjzoTtFOoQ-Tx%*&B}TfEAyvHhu^_ zTFt#=mxDwOLGan98J;C@zA8kFJj+d#?wd$$6ib26J2Z0Rq@5GWkC+?bxW?|oFm^&( z+e zI}uDL^a7{F;lg>nt#`FFjpL$PC!Qc4L*76pV1>2<8TE+7qOLSj@^|;f4qE5rWok6q zvT)qUZ5QssvMp~)H&}Y1k#dY3We${DbCtL+3j9lnoGiw0Q0>e;KnlT6s2os{5761x z^_kGDiZ>z+%%QR$U;9tExk}11GeN<=BO6xGr~O_*U#nksq**08PGXi$kpwhUk1vh;zKSl-%^(rAKK+sWR_GDj9(FPu>CXhjAthKU*qXk%JR!|uT7aK zn;-^6M4TbWm_u>i6`}~nZuwpj%3mvqT-vo%S;&>=*Dyuq%70>E_<#Hx((Rfg!NNts zlCw`a)6u>$BT%*R9XUs@@Ey@Tebh7i8SyoMvK*7s^5sqi|t6 zM4D#>XEl~3cvP&vj(6}yUt$;;LF`c=>7@o_;2v+T;}WgJziYqGfc&)VpXQj(%~R9o zH}zAh8_)HtseGS=L}MjbVcPsT&bP{R&^r0Z--jxcreL5t31k9Uh|pEKe*Yqu4`j^; zpYv()={;?E$oJv95OVyvnrd1rLgaNB6u>xtJKWck@$Y#x-!=wO1?qUlRmy`s9YHBI zldCvD8Xj&5B-)vtMvWs%1rX(N){2VJ!`RZwM0Kag0r8mQJffZIMT+Ci2!sRqNNv}pqSU6&mEI9Wq zm3=C0c|Z{oBcT%b>L#ZIu{Yugdpw(Wa39(^XHeXy#B-Eqcp7Utp}gfD(nrObZ42ii ze@?0XfmlG8#FHU|u1an*hvDq6GiM=0Roy~GjV_2m_$|X6WrZW=gBj}8!#)Vvs z98-G11FPjpl_Q#0Y?@138e-fLKJV9p-{DqX_l6!BB$A+yuj4*RLBW^{_R{5Jle@19- zqZ6E{jH+D6u}olrp>7A`5F+aU6A!Bt?Vrb(Pu*Hr94>wiBbm`wBMt1Lt%{YZWEh$( zOHR~=7urzmp(aerBe9bqsUYE^CAHXoPZ7yFv7z=9>DuWW6)Zwm{3;SMbe8RyR^r{i zP+(!-?K zbo)~}si{Azu???87$t!rfv~|d;nX<5VytX{mH*W;8fN);6pbz2mt3koS|9%+_O|)0=>?e`5SI#soHb;J2)@o74u)i!tchGla=Au zpa06@Q0$EVm-Az1{5PE6^8XsMlYNZY5#q(2*J=d(aYMHs0o*X^^&TI@m0A}`><*Tt z_6z-~rxGO;`}#<^tRR;^resndQ?lw$!)K?zretUC+EtZhc~K9(h^VX&`KhHFepP%| zGNPv1mwultlcneOxH7oT)h@hwvm_L z3E_prn!ga0Zm_iv$W{siXUf(Vx682xUliY~SRWY<)i}GORseQHQu5SUCLfJ*yPn9) z3sp`4*17E|$BdhGAX2cAvH^G&F3ncK@+VE*_#fi7!R?b8JnG>bpjjNz$s3BxonA^8 zB#JsBc1fH<3G9Px9cKzBJBP;vu$ete;VD~G07{H2yiGl9IL>b65y`@z zNHOlEsOkWv&AHd0&f$0{&_k!t60}$-JfI!r3X|b2k0*G#h6dD)F;C-KBFqXFf=-U; zbV=sxK}?d6zGoug=dXH)gDw9teIm=h)u}4gF*ke&|sU&DX8a>T|#yS2{4SN36<4VMY9!D6Tpv^v)^WV zNm`~YG3?Iq9CQ%4g^}YiO|p28GmdujLaPWy^e?L{27Yr*fyvA)k=n2g2K&T2f{|d5 zwg5HggA7wN_$t9rTc(LSJ-j5`+=y9_VyFyW6Fx6T8k{Hr!hQ*!vs^DEWR9!LF5=e+ zmGl_1X(h<5&aw!=ADzc$+zzaw?ZIJWg=M-jO;j_dl_EjCg|PuHyPfbDc>OaFUxRhe zM;WqaiB&1W^Ax^^I-Y&c3gl_1w6@>J50C44)a&TUNAPhzw6H@+@EC3^`YL>2CeC?f z{u?HHR5Jh~bTO!sry@vDsTpA)V;|F&2H4~lJFGv%ssykZmAFH1e}v!C_4H8bsH6N> zav_CWWts+HJr3;xIV4M>;CC(u3HaQ+C=tZH-Su7ovea?VV6F$4u56bT;gbY$UOqfG z+$Bx5Y9cKVtDJQ+9_RcJW5c9eZ13Phf@0!6=fKCO&*%(HT|3zqbA{4drSElHrwuRQ zfbvrPe+vZv$ooH&vi}0V>>sB<83=y;^pE<0@!wE>M_T{zHowN@JpGuGJ%B?3*-K&D zP#|lDYqszPVSwkRetyL!u6-AmU_8$Fce$YnH-gnN($3k ztv@v0z2~dpO}#D;UsEtuHcLq}3@M$3Zd$Ii%55+zn`;E$b0JFeo)Py7=_yIfkb$Ta z4k0kyFg@O^=u-JvuepKl1<&#cSR&N0x7tjp5V?I3Obv@m&AIM2*|Lq?nL!$m9y2+KHj>(`(OnSBOSJ#m39MoDt@@7^f0g|xPF+Faidmg zBCi~;ijJtxa;?x_U>Z&MfuC!?wC4$cHdTf4{7SccMP_jomMu~}b|l=p0^617*I2dr z05Z3Dsydzy-Cfz393_Xf$IbQ#Ww{el1aU~xN65aqAcPwn3nF`l0H=R zWd6W2RGkixA`GJMKOpI(vms=drs87?=)WrgJo@TLA>1Q=oRf=c0>NZur4N*eAbp|X zWx(c+Ru^aRT$V7xp}UkNn!wSpYCbpr3FOv~;uf8?pAi~0x3d@l+AJ3>WuQHB7O#{A zB0ZMdn_*!@fiv&`)%&e6t@hd-^Mq)4agK2K2_o%5x;4IxLViA?IgA3Hq}$d~#!xOn>qudScb@rA7gY>CmA$b8uc!Il?&$7o$waPre(Kvs6bs zocBOpFYEQjKO9|jxWa^cjHOt{GD`qxBL6O-`p!g7P6-W;_)-<5A}{krD!b z*B4Emv}}tZ&GAQZtb2_&K$g+5#=l05-#tDj$A7QEurvPl(Ep4Y|Ax~0-)=ecYpCf! z-1q;VTi!%X?N+@cRji=|G5-3)%)F1jNE2I4<6ZZy!v80Y(h-m<{4RPPze?Y^S~;FC z9b1?v0NxpbS|``1kK(~~#8esA_fv!cve*U*t|ECbL|5rrv)DbPD#@u*C_c~W`Ip80 ztB<=~fx%Qf&>@j&fvh_zf%|bKarGb3fhoF~m=S<7U;#+f(vry5k~-*|)X8z^kw!5M zw_nXhQ~{wq!M5!19M3X5er9Kgj8=I23ez=?jy3{Bv=h<8CIfr~A$R|Fc0hV}CXqwt4 zLqX2Q2qHma^;+|~$ZcsP=pX0c^s~coC&T{FS($^UX&&|X;i5X8+Ui^ zT@??(?m=3b3fc))bSQT|=GQs4HzGsuh;u9fDlH=&kSSt;p~o=nuRg21X4 zyzqINny^#qWK5m*26-`q5ZiYuJ9Dp=xUVKtq_nsR#LHZ&HR`igfmv}A-HmlSbr>8G zF%Em!!k&4C@V3^)wU#@ACijvDQ57`i)!|@a>SmNO9e?Cpa?3T%t{2I7(B)Ig z#q~_|?sm!|@`MOVP+$|Ij+@G3t%BpSj+fMW-r)w#wmx-riGyQvs6C%!bNeTF|7=_W z=OQ2QFD=5bzE8b;9p3!C^u4#66^{GpnEZ7%GImLCoWQS+N}G}<+9E6httI(UY+40m z1u>^1m_WRCWFdg&8IrKHD$REOG8Kz)I2#2!Dg<{w5`fPb>S#`)vxj_CBPU~Wz9=AE zalMmN-T@B977cw-&v4Oy2WC%Rmieowf13gve=H5NGyXQ*{}46Pzai(2{;<|Taxnd* z6-f*x3ffZQy~@4L!~VxvXKpo28=;|W2Ps#BianUdj@!LkyBUPZ+D+1j{gx+crIUYr zdVYA&b!=W6a(wz~(vSvC090^4vy%aQxtMcMP zV(J1%R`>|$4gJ{?utsDZ1Qd{Zn+TN_gHctOC_8LNZyK6dbx}%K$B2`5>jd@{ zr+U{tfu0*JS>9XI9RhvSn*S@AdxdNr9^43RY&>i;WR?|z@*E!5=7+5Dhgk>$>7Mqw z=B%a_rPMLY)`U7RN<6=6f%G~A2XVZY0_)Xw!7(f(H%9ad=S5Yx?G(tOUW69v@(X+? z20jnrBHV7$KDi?%j+t;7e|OyS7x#J1{4Q&=*g7fY?o`&iFtMOghIg|DifPN3*~K3R z2sN2-Sx&k(O1{(7M(KO;v%vwQ3vvuIGJr6WQdn1vF-xc!w?j7B_&)R#PuCoAQZxl~ zZ`{W_BoN}yygRuB+4GRz;hkF+L%QtoohD`lnTfOMiU91s*@OkfMaD=}Lb@LXmKnhS zZZSzH4-whHGM+14W=Ql6n^ht#@RAh7!tOJwM%)r9>v9Ft- z5sE1r)d_c?@7+^gDhYlIVQ3OvOEdc%L@?XeHu_0$%QuoPky%8Hl|L%+(G&@5?}Mj-E-ljW+#)di&sL^eWRQ{O#nDfIsRJi zi{fFZ>*s~BlIQag6SBLjTPF(hhO;j}PVW$MeJbg;Fz@{+Ov|m8r zNUO%%_8aA|9RGy})qR&ej~}H^n;ONPpMA#hAV3#)Pz`;|eq=0&uH82BAdVi;W>`RW z3D8vpqW(HFht&X85p>IuzvruK|>IQ|^M#kunsE8;Yk6%g@syEn;APk1@0Ay)= ztm`0jTCRSx)Nv=j8Znx%=^=^n36~n@TXGrWc~rmD)0(A{7XrZ#>cmK%aUe9 zeI~u}`6Sl#L>>gG^AF42VaaZ0r7u#@$|fV3mKCznP39KXpXp?ZY85srRZ%3l935G{ zWDy2mhiHXsV_i4YK^)kJb0iCdp0OKH> zkJc0AEI^S_kfXp5`mR@Q3eop@)+?mh#xx(`xCSOQnShgfphqv`*M~DxU($9T6QSXw z&a1wYhRC!mWciBsyq?_(nnu`H(MoQr>O4nSY^Ct~6o?4>T3>`|MWL-cK|=)SwE_sl zoznsQh+>-WbW9QW5$PIE^in`Z5qN%H3!?Cvq6Q?gs4J|{Q9=!PDX zG!UZ@Q>?LfF8Q_PEdZLvd(L}>KR;T9Q$S_fb<-?<u5F(x zKDMsouF599zEwSTIb`oG(sIpE*ILQzdp~h&(L_FazCve#beBA&TR1S$#Q#~}oS`ph)@6;lt-FH;gdmGD=4tPQI<4x!D2N)KhV- z+gX-j6j4v}w-Ck?>xM3AaMl-B^}^*pmx5ll3r0(N_XI#vFra)y_A=C9Z?8mXZL^a3 z_)*_e_ziba@B2tE)4w6{QjEdpnV@I%kQ4Mo`I(>@vNXUV@b1Bl0pJ!N7s7D~%hm*u z#iXb}M5~i8wObQ1z@a}9LJg!xvTR(+@rpoB;Yppqxe}8e%4sKmiO= zD@vMYq*qE|K#?!ev`S?+-n~4b23;LqIz)OE1Yr#@6%R;Lox-VROTC~V_$U%{WQsI1 zFTOz7E(d)N-;_`#|2PpVu_#WIQxGa0JdopALbPK-Z0(#EO#$`b8agCTj5H{;4Ys%L zjy+<4#J$KT9{Zh_1XMrxr-EMG9zV)Gg0y=%)5yXPk!4-=4GV@^3pxrhP3{_MMX|I? zsjFh05(ALDLK*xKm(b22BaD+}P}84gZtAWCsAtlj>k|7 zI&0hUz&{NuxTZQ*zw)W3`n#s;n0+44iGQw}pjR^Bz|fa_k4CR%z>qSs-fPc2*}OP> zHu$lb185QyJB&)e{h8nbH9VF310h^SSeAlTyu@qW@|-ZX8qtB1?ZeozgHa5I*6w-e zXkziLEN(v$z?qB^U~BHx2|LVYQDiHky!`L59yON$6lT-fGH_PA;;*adV`xK-lwvY; z3-!{}5;>%EVCN%-C({d;7UJ&-5m1b{7sck6TvFyHRCYZfxw3yLjlq+=txRAL>$qHBU%0V_4nBK(>iI5|&{dxFbAuiwGfLm-=rQUU zf+{CnP+x&N5Cd2N8qwGf{#^*G1h>jsq`Rg! z-e9$u-i)}s-U-Zya0$W)Mu1irhA))+1YPJ{^&~26eNu6P=spC2K~cYWh%>ri#I-!p zLQ$^|L85IL9mqiT#fU91aUS_W^h%#NoDrY}fictj1iknI>mGE5%w6(~=pGbNb_xA- zJNEy5lpy}&qbClcFGhTUg=`-m^}@gF@dmJZhWDNaBsvU~RozNB92x5y;ev=goWLd# zJYC6Wlfz%_^h|qB7lin%ZlcXKmvBTiUGo6mp)o4fYjOCg?Tz{hA(sEPbnFaXyUM2U zuk!lcva+-N;b}Afg%M-^cZ}Ho^0awjF@SE%;k!^F>WAt#@%rI_SEhdakeIMrB(uw2 zi%2Q(KT}BNi#$d@qlS{E`9b#s<>R(tg##+8{4am%pW5|fas7O|5Xj9HLR$Bt_hSW2 z_gfRC8-MST0q{yQT&EZ=g4G%yKcBYsJ)r7~Oe(nEz3Y?ZO}#cxub`0XgK&+%2{=qi z#lSe9Dh24`09A5tXw2G5LA8}dAw89tJ^3mREi|ctjfY{4f>>-j^BC;M!Xap*r!2}` z&uzpp$ZoU2{0<1c+2fGM=!)^(8%}^E(|}nT8QV6cp4)KnmGK2dS-AL@?;}CeI|Cp} zwy#c@yO}lR(j`;~#zc8mpoJ9at0t=c#~j{#Vd_Tlrb6Fq(v}-Xu%RFz%P9Q*$2)h ziT}!gb@&Ong>-lL;>Ec<2spzzl5G-S>>qJ3!2jiTg>k}#2e0LO>d|7yvo#u(AYYX$^W$uki?*(pklE&B;-b?{Ah=5q( z8S#AYMefXRboZYpoO<3eiwDdL+>=*{A7ZzbEV%vIcojSs$!2?ts&mw@DT=NouXPf} zr3NH=kV`%j0O5vZ#tNXs)jWnH(I?}Wb9Xy{1`D%<90sJqwOR5)Q5sJ)L6R)dAGneD z`JkF1O*U8QOC>+rOLJ*{uF&+S5rOCAR=Q{LPI;zt_sVbl`Z@UBoCqx8=FSRlfz5Bm znV1ZDUSb&;vl(+R|3IOM$)fvPhwT&L942%gvo+gx#^*ZCY6j@jpcPp{pU}4`L3owN zt%R(gPc+q|WY{vB%{!NensO(oS$-(#s zgTnmVL;fS(G5;G*Z26Cs%#U>E6@)M>`RRX_v3{>)kgR*!?CZK;l0X5D;Ki`O&!pXa z?MJHmI3t1jO`KSDRPo`>=jK`Xp({z~;mvve0u4@MnSjQ$ger~=v>Gv^h&XL;F5(L-6q3OlmYrkN z&g?_DI~6&y&WKyo4Zi#mt>!IHhB<#&^Gqw4PpolnM4ZkdQ{m<*~sZW{*5B@}U7a&B1X z?=7F>!&yCvK_I==c&-KJf-4DIT$)s`gNQNfXGc&#T8t4~)|Wm(>=TEh22g&V0mO0y z7U2*=8v_4o!P^EJ+qhqCH)Y8?^CJz#TQS!ivuJ%>vElf|bloqxim81Glm(Ae_IeCt ztr-7%n*p;yrOn#(nrq>M;)!9BJz)5j=7+rRC|Jzl<3?O_vj8-?7=h0btw8+2WOTs= zOyUTaibnYm1`@Iw44?2i-63l50}6^0d5jjAlZz8YzabGC zV9|4SJ9{Dj&o_9533So}BLct=3mk(}Ve-bfoA_6Y1DNzLMcYTWL4tFBx8*RszH5%# zEDTDfP4i;-aes6gWJmFyq-%p$xPv_uiwS)@W7dRGy^5r|z}NnjXpoQ>u*+w2NSdq0b}P1i2bIP$}=|g2SW{ zf$Yu^tM&~B;Yb30f-pG4e)9nbRH-KD1WcET2_y5W6W|_7s07UA#&sJcpf1>|KomoT zWsshY^N+4fBg39Ri^r{hG6r0Ga6-RGD$NCWbp8CQYHNpZBmDJ!@*rx8{kksGH|617 zBdxzT6Y$ki8QSnC@9F2vTxqEi$m%j&IktVdP^rlj zKy~2?;kDBemmQeq4nqrFqYGn|ulr2H`fcZ{OhKiu9jM64QMErGopA((u&2l-r%VQ$ z>ryh6QPM(Wb~t0^G;)DdOnva%*|ftGL*D-D!GTEsS~432Tv2CS5g{cotMequxOADf z4p7!nz6jhLkqmc0Nj{659%D%b@bixt!aKweZi7CK;Vu#HVwLN)L&WWe1bnuFRZMbA z2uF0ucjoSIQ%61JhCx;3d2`P&4~x|Y-`Qn+M1Gi77cn&;*xqenLB-5^+THbKz?LJb zd3dM9G2ncY;LH9IN$*4X0~mg_0Pe5B>36ft_~(gRc9y>oY%KqVVEb6{{;xruAu*8% ziUDR+#&@Ac&<{6c_xc}%?MXbLF^R+RjLU8x22>@ZROIxOH_B!iE3vPNKcWyHI-MhK zV(QncL=)E*suNSQsx8`{qP1{K8zf!!6Jw(!OS6d|uM&kclA>s&lmaLRe%!b{cUu9v zMRF-%_8JYv!unO`KQwFeJ`n{x4i#i?lr!L-F@(`86KH1~gRWOGJ%kJ*D2gj@d(A7= zi>&gM*TXHBNAf5!G=gTtzTFOe{hVTM?kzWE;XgUk*$HJFgV0V4=dq8VF4SrqX>D}60-(thq+J)>x4e#jn{qlxjb zBO3}61BHM;19-B6noAN>F5n&oFjJFKCHsWfOLY#76wsk6?b{LWN)6In5&f7hC9x{9 z8mAN+$&z|<($PzBJ92W6CuRnPeraS|0<#-#*$^49=z2*J3m$W4l-uM)AiBJnPFF0ub=7g4fXB#;^#&LI8DaA>gimcx(yay8&Yv#Li@2qdl!~ZQG@?_@9vv&OUi5)wFuN2Y@Ck(v53vY+@wun?B?3|6C zQ~w#$id&z=P_x-rVsz+%l0iltPBp07c^rBMnB8M65l5_VJ@InZp4vB}^;cIY<=D@K znk3{ygF{E2#r>nkPN;GG%@%(KN*x){CN8_*n^M))a6-y42upmW!1Cgh2&`f$RVdfj*(Hhz!r!9vXF;?jofT77?IX{|iMNo| z7HxwqXA3q~&9zO85tCw;&7;RhqW3;u3Az0cN+n@ zw(_Ud!jSkoF&=&t{DJ00IR8YMrAtTua|C{XM|QIFeX;ZN^y?frF2_QL@!7*}*lOoH zNkDdjPlTD*--P%7wF}Prcjf;*#A5kd1^d@aC|0I_X!3t`Fiii8xb0iz`u|(lWll$K z>w>tw{$CDur*W1Iw=CKkPL0%Tcc-^_;yr0FYQGHbJsv9n|15|_*)4K;Yk7IDd`zmC z;`Y=uk0b%(nj7tE6Qe(O~3 zZwJn8HMzMI1@^R)8EXA%e}uJWK2{kN*jS043WJZgloQ?11hY)YxnB4)PamO)-0qef zpg+ZNrS0lqAU7jjy1Bz|kRx7pwWt9)olX)tpEzR#p>P>Ah~wPawGoEz{`~bP@<7(w z`T#=Vmd05`yw2yWbic?{v?KuuR-cP((*uX4@)ekVi~k0{GvKj0AysMP!7ye40&xb3 zHCqbB!F_^St8vEzi{Q?rLSp6Xw%xH9v(1re zh%f1@kfN(`udFm3H9OFe{4^a*&EG9auVkY6@yCrTn1}!dgu1^d_3HRXJ%tQ^9whih zZy>%=5b4BD?=v!T8TJ`5bP~D*tt7(W(GuFBiWa(TM~z#G*yp>%L6TM=XX-HU-bKRC z^pm+G=mf#1S5RK!hG}xp*96LHIfD!jC`{;T{?tSFSHp7JVbC&{ua~MJC^bB^WSQ)s z{|PTK6_Q4DCVgZm{;TkuHUxg&(6d)XUK5&15@p5x|GipA22FjZ#TQK?nL5`3f|4MY zFH0)puWM0#-3D#^n2!wolr*wBb0XpSP@NbswQ^;OFCijBijwqQJ*Pt^du z%n+hh=kMSCK0fH!H@OPhzkN6M*;eWm{A+-GLO1j-g1*Tz^tw@kW!anl#J^GsEC4%F zz4o~53Q;;wX7tjRz>~vkDRVM404-fwuBx1;FJCJt76m4R52^l!uW^|AQj*ql~dMOV@hO~!yl^F=?p4W4`s5e+}PL6M~8jQ)ro(upM6bw zXoPKZ9re(#K+9qT6@x4p{O6Ub6L#cEN&>7hI>06q8MY%j>NJP_-C^#0QhT+G%uhU# z-pv{)f;d7XOsI2!a0p;V7_v2rJ?^VjP|-}QHF+@+s>te*Dd|8`tg?az1J;VX-4YVV zouFRNvrH>Y2%yW!?|oax26PzYGH12<#^mOCC~Inwuv83OOvSXGggh<+BCMvA#qgNK z8(N4B_VYxsD5&+^34E7Tkwmfp%Oy%mXB@SjcKsFupmNnE91tZQb;s+mc=+OtW$|>| zHG7?aoQBP>o&0Yr*?}d$n*0Izr5ba#a_vO*wt4*oiN&4=L@73mT*ZynMth9A<<@7lVtq(B9il;t*r>3MG|KfyM&m2F_J z*5_%yC(5?NP$}e@CQ-PJ*1_k_i@a3t%F@M8wk>C9PEG#jPi%-7N6FRJWk|7^-gd^f z!@FVkC$FOE4{{%Xh`IA>|5?EQJn6Hs{OkFj=^t|aUj@wkzv#g()g}LW{{P!at+z~U ztRCi@N59K!0sS_Depm*t4FUZt_xX-sEIV?+5ZNU@ivrA+Sd9?#{GB`;vmyBWdPyfK zj~D(|6V7)$m(E}DTqIHH=f86*F71{u)7SmgI?i7-9uIaY%~_XjV|3gPh#p#_s=?9w z9*lL;jlR9AKqh2Yh#y+fI5coI(tM*H z9H$WkZJtjy@!_6vjOkXP_`GUky2*gKyZ}ml)&QePdEnRDTANc{q5hEoeh-Zca@SUrwQtb(ayTw+7{HZVmEd-Zm5vUF|D?qe~y%0mA-UC4C|8ZOp~ z@$;78#1?8}rm7P&jUN~3!x)71lt|ofM*~9@{W+F8V>$c@AYUf7`gwAiEq0aqR@;ql z7wrU_G+vg~F8u)?H;Hs$nHs8+# zO*@V|nwO9#<^IpmgE=SXu#Ds$|B(CgZVy}r&S~73f=9`_TOdrW4X!7KlTNK0hG#o} zf8^{<>ES76!%XEM@H*5=<+mX5VDSTNzy8KpKb)d+{{Xv*K81~qogcF@`f+vo+5JA2~gw4{S!*= zm}=>!Q^?RwGu2(!nw$qzC$?MDZ{bBayg57K5R883(qYz?Q0$1e0uR zT-(5Y_H4hHsAIbd5{E*1*v=XSj+dRk2s6E-(n;)C8bK zx9{~}82Un8qFCLfJ_7_^hy&Y!@a5ZYTl6Lx;lJSaZxH>fU!rGV{}^Fpt-`cAdf$oBkM{7A?yKi<%h?Kn`BV_NiEPd$DSy}$2ca@=7a z;r02Qgp)h6rR)9^xKx`vW#g_fRC4EtTl($uWny9C_G}`JbXHFV^^M@6yx_G} zbyOej)_@Ft2njV9Z6Dvg1DLz9TQ!?!3<^`zxKS&eP_{YO@RS?`Ri~-Q!oAuHF*;qf z@QL*_>1Ys;QvuJ!Qjhgq(s_5cLL!(&^S1EJw&2A7I7t!QRxl!!nsfH;gcx*HR~e~- z_m5TvQD|MC%|(#CSf0b2hke@(?j&0b*UnfA+i`BrNo6#eYZA>YEZ^c6*J^g-cUE^O zg3;xNmYo!gP*RnqiC_6x7xOE|swH!)HZ~$ny~f2ox^_^f2@XA7EMB9Vu4ABK%xXKb z@0|zIUN}JQ*mxtrz}X(Sh%Dl!x(rX`Y}3&YbOCF*5C#)0((M74uS3Lox;X7`8B#q} zLy%-dlV2=Sl^f#AH#FQ#TV(-fx0}VoiZCaXMx;=v%FOCy`62MVxq6~V~ zyfl-XGZXM964OYLW|cW3+khqgb^79+lyj)njKoQyaS7u2o%5OW@vcusXTa?(rDb)p6XS61K#fHH^6moLYbPQ9<$@7M%y4&6vegV{V=jOfksE;XBniIB;@x%ubF|ujL3$ z>qb?tmex{LYsOBQl;75;I`l;D!n7vHlNKwol^27-D!c%9+q)_S=}b0yCdVKLWOtC1K1G`95QLY#&eZU zVOCz10A=FSsU>pIgWFjsy^!=ry-ee=+~;l?p7rm#7g;Y(e|3!>SXlV#mW@uhA0fo5 z?75-RqiAzwSchS%FRq{krVA~D3hDw68H%S9hb6f=Cm&w{4=c!l4f?~dr!|Q?+&y${ zhI5&z_bT-EzFr*GB`XVVvS0!#YzzfQ02CLZtp&a#x|H=E;4Bl5`f&%L`>hlbvdj3_ zbtbLHYM;epwh0NPKx-oqeY^w&9#)-5u=Ht%F95yPfhCDk1msVf4gEMHO4Q+OCh`h{ zrLB@kQBV(pG_CEs=(u1VtzCEiJ50wezT*@lN+We!n7u*l&_{{`d>ILjGpo!^ zX#X_P0=E5rI;Eq&M|YQUJgos3Br6;N6$QA5=?hp7#~SKCPl12PDSD=V8KAQ=|1*pG zch~*Dh&V6Rr7M23d`Gvbx@vt}mx?FD4##F}Qn!2jo!th1nm^le_Lq05{f~*e5v#l2 zt|Ni!+M~Hl#scj9mh{2r)UTUaz5AMTGAty`1U^6;7-ylv|c5qZ^;bRx7C zo$%|LVgNRlq05#Wb!8``t$ht}8VqXzZp-A-wuzY*Jhs>l-d1qS2m@)mispen9P|U@xdYWd%{a zesBVA_{b+(gPL-76{d_vv6mkX*1H7TKMLo4`1P@-icXeUNeT z!ddIi*r)|8h9F=Yc0CX(Se_P?e*nq!DNvZ5d^k8-p!qTg)Tu;dEp{=h!E< zDmG8HCGaV2iw?1YCK_`s>f>@zhHGz0fK-y`vjsgOq`^;zz1w^CWjv||6-%nVCbv7_ zw}gmHXTb(?U|x@tqt9>e&P4`XR57n(F1?@4-G(aep;3~jwXt>tuX{{$n?iA(nGoNI zZ%X6)9?T1I7;FzZnzzqKK^*+41*rc~bT7M*(4 zw(Bl9pFBv418*SjB}s^jw2k9LM$=;C6`*5xak1dTQ?e@*8F!X7fGE}je?=76PHSkw zN0d9X;iWMX%I?OkG^rL1@=WQRr$$Im$MS!?gn_l3QYf%wU#o#Ue!4P?l1cq-3%3 z;U8M${K_OpD9Tb`47DFl8!HdqqV&sHW+_!Q&8TurXY`n7u^=ehU|e5bInA0#T9Q_n zmPTX7~Zch2hqid0Dk)%aXoxD<6e3NZz?#srC zt%GX3k_ecw);X-1nVzq!?-=!jr7HR(qv^R*z@y}nSJI=d@Ax3yLp!gnSiy|&QrrPn zd9d!q6KINgy%_1nekzKwdb8U_Gj-*>9t2}yXz!16B-lLael*iv5~s+Pp=w-)b0oHs zdE#_}Fcqnc)G-p?gr;?X>sl@U;xt^e9%~rNZ3nf&!jn!5Ke2_(MW!HNtFKqi zG4#*|d@Tf%M)w^$+PU6j^pr1DI}yw5C)zt5OQs$z`CnWg!eS|D?;BzH5-aJP$cw6% zLV07=qCHzOOi~F^m|wL}8acNc(@J^eyl*^;S9BD6jh|{HlWP^!+*x(3ub45Sc5plA zp$FtUN4rC;(g1I?AiyU)<@n)+m3x}aVGe%%3gBHh*^AYSOUz`gx=YHgKc2O5gK z=Vmt2DZF=cq?3t%1aXPcn~r)gt}M`5E43lAHNqqs?shFfonos=o=bXj=RuFYpdw*? z6ptoLiRHQp6{ffU+`xYiB>^=jB)9()y#FCL=^0u7rNC$YXIA-d@cv(fy_e||))y== z!Ow2tYUs9<3h`Ee!M?YeXj?dcN1Aif%nJKuOY8IyJJp#OdKkyQpji6@L>o+?JVqRn zX~@sizMq_3XXWQ$*{-l{dcD6r+{1VD>?=3DKaD7U-5sJZTlvP&^;~*${l=MHyY6wU zeMWUGe=ZJK7u=v25S8mbQ@Z>;?JIhL@-{w-=omuN!m@$&I!()ur@3GEt6A2C z02}rbgz7ynii6Z;4j9kd>-FsH;qJjmqO-j!!PQt)Ks_#o%MZ@rB$vZH2WCFs$MIro3sY4b^hxJioYGx_6eB$0rDuO~IxFpjQ3~ zV(Yh9RO&PWhDpE8gni7lcI7RcOe!nDVIF0gu>N5_rkV<3=Eot}6sLucW^$MHL~2oP zXoB|>uxru4tk*+sBih*n!U6Btd{9lOGpaPy#nk@@%KBN=s{`J#N}&DtX!&b5YF?Wl0<~(& zhQ|oA94$TT@LbcjT~xYOaP?46g>BAD^SxN_K&$wyIqfDMK(6&U@k9ZDlBhFo%ml{b zo7&8S|7EJ*@%a!VpPYX!95Rn>tvOw{INqT~ZJb;r?p~0?;xRFhAJ-uRG#w@-YX+b6 zK6y8?=u8WHxs`^x?J6MnVCp_fO;#`U}UR*X*@pi6H>oDq*K` zmaZSt%bcqDzR@6*p+rX#j-4cU$rB@&@~Rc~u&?4;abQ~)91hIq=@7wTTf3@c$*YZZ^kbea>8%SbQZ9OIb#QF%;=r3LRvX^v)Rl2q@gFJ$A@+cKi zrd8yXrFXPLUu*fzQ#LXUc74B=*d#2HreZJGCTg76KAp0XZ@tud-M)O(b z^+96%wn;{YX15`&`)dm5mqjWjp5pt_jN2ZKrAH4&<9q1)P^aA;-UT{*5I*pW{y`M` z!mz~L`@>oLOi{Lj=^w%8&98ud8v0yKH|v=8-0`CmGN;$A)k`b~)XRtN@Y3Mxq#eJ~*fPG0UEIoS!vi)jYnct1#ibIuE#e&}=B1!l^!^8`UYpMKfp z1P82R#E>8pt<9=)%vx^BVxI^6Q6(&iBnGo%4YYg&@ijW=}@Xg-JNe)ZM$y5pjgy#V=NHsniC7|CAP!?rs zP(ie#k}Nm<6Wy8SS9TKJ%jId)J}~MrzwL`r`;qKKm{t?+<6g>9np?G86&Mcp(nR0H z_T~os>3g8U1qoY#5>{y{IlRN>Q^t-L*};c^X*f!_1H{N*2GMU^r(|{w=+~DE429ie z4deEj%;y~l0nX#ZGDx4SbqF7^I99%j*3IcZ>_9PD4C5a6sOk3O5+t$szE~g4AX0|`)jow+O|=x2qVc=F_!p~$lMwS zV~m~mg~f10Er5$zg9RbVIp*QDe^ug9a9R(F=*yM29mL5R84JP#S)TGqATREGdkxNbk9t+#NHTh=&Mfx4bY&iHvK$ zRuDKHcJcznALGrEmXZo~H4K5T6|sjo$ajA@2voO^!dztoHI-B87l0A$kEDj#=|~JM z4IjVra8DW&NpPd6m>e2G(8}84fJ;UP!j4AbuVLaqXY#-UpejKP{l%y&NK&BM^{IY*{1ny{W zmk#ZU)pDU)byA=B^4BtIZ|$$17R*k59;}{j!kpp)=-|+p@p^sKy?_cqHPz!0+{WwR z7zH1@z9^qfUDLa_TUB;7qUl&)CmYlrt^S1i-XgoZTvJXd&+Mu``_}H0qG(P+yU8b! zG_BTQV|wtncKi;ss34tL^dQvy?K#W^&)1rK=XU&FD=X6)N0=F3fjCyDH`-+ApO6^h z`Uq0?WWjo_!T1So2O60=lkq$O;+dLUmP%+%dUad?mEwO|{ zekGVPyD91m{n*b-Lfj6~_42czYun&WojV|-ervlXpMwReo+65#f+Z~Ne-3`&reUQo>%LqlnT*Z=LI~Nf;sp2C;Gqy9HyBT+(LlX&a-3jh(z3BuRgTlx8N9F#B1KeQ;H?7jWq)ZJcNA0L9Zs_y0C zHa?b5C(_^CxnO6u50y998PMsW+@_7(BtwA zs$&rocZpq|0$ICnUR|jfSUPDpt;NF`^kw^*8j@Dm<~<0pVu!JIVPCbsU{n(AnfN=9 zK-Xiw;`~ZIN9?vmC4sg#_gAAEuT3`$=C#BMh7A-@fBmZ=q0;Di+*Y|i!+|it?DN^YXIF zI5KYVUhStJ<)B}vlLP!m97k=!Xuau-9TuJHabNxzGl=+s=#v;a{@nAJ-fQo428Q{m z0Bs>(EMj1r)v)}9CL6bwLF28PiN?D`8s6cJE*SGkbN_;@L%EH>I1@MeEwM52hN$hfJ!1HE z?4@&xW#O;`xk4e6IqCEf`bw7_)yzhQ%dim9?@^`#VRln<%4zSMr8_1ZB)OP-TmisI zhS#Gs$Tbya;^g#84AadXO=%{TON&VK=Wt<6|6oDmuBH8LDb#8O4=J#JxJ}D z+t1^dTq($&reC6l`7@2Krqn(qHJA!DLPof|7dKKuMp8r6PtedwQ{HA1M_Iz(KdK9P zrY{iep6dJeFB=Mdo1+eX*S991G@P<8z#DaE6-+I zVP|s=wF*SA$2xAWwg55LF5PtcCf7T_Qex;CcV_7CYZI>rCK>4Iu+m%!;%>rr%*7lK zMTr*E=|LGsS8SkP)HfJnI!yL0tTaV5>3Ubv_ni%8&*EOvi;KhQ`r;aqQ=Bh|luc%m z_yx|CER4w;z5Za}+YN&9>21gI0L1J-q^40LVXJ=sf4)}xV{u-~s0${M4F!I9gxj!Qsw|r2e z%WcKP;F>Y=FnRe=<#lzS$@CIF(pI|U!ZyuZENQy)wy1SQ68%Rf%5NL@GczmpIiscI zKz7wB;L=FRP4Z1M(_9Mu{rBzrPkI3iEAwmN$edco$gK}3XJB+5H<5F++Kt*oac2W6 z;{MdxUHvntT@tjzTHf*aCpHtTL$4*AYT&Y^CPT+({ZB%6_+?8E%X>={^5T*}Yxif}=PP*&pNr3*<=$!4 z+0ZUkSPXb4BBfUUn`Xq}3=uz3OOQ8-TU5gUr_-uZaEbPUz6ZHQT&pX z0hGfXuGx73}>F^VKh63ndCRB`Js>2xH26h;o_0 zGb~bA_25)sa`q}I*}?ndu*y%9+ywBKXuA}9!dZKmO*7V2H)|h8^b1kOQL=bn#$l zPVl^~3r>b5(+V{p-JT3sIoV68%2nOT`(z>29^v|9Zf5{C)m9)B563hxgk;cYi_6St zZ^!B~Cs9>x(Xb$Zo?i#!RZ>q9d$9gwRF(MQ8r$|Kj99sJ~)1*i#4{|%10t^}IzvA|hWPZh8%gS(64+IqhO=F!ujHP)sVDOJ!=cFod#nPM7 zw+;OQHE4w=h~0-0$gP}+-4cU{hKA^CO-w=tvb)(EGzFxR0~>GEM5dA(M?JcQ{N)$# zd=7J;_R9~TjE*3PTqrcNJBAv0#$lNS(#_B0j{nr;BeK$p*_4+h#o z4Qeu)2Zh9NXSF^r?9*&$M&H%wuVMAa9`s}<$ApKEg7LQkzBIK+)kNFIJ1-q_v98>} z7|FJc<8IUuHhwPaQ`Rj{4?Pnf^#!k^c|E{pc`3@@c?9^CWY4dVF|Xs%>NW2RAWAQh zIi$HLJ9`TtW%}MR;{}U**L#qlH%M%9^Gok3Pa*#F3ij2MSL6~voz?p?H%g!Nu+{?U zy7cGPXb-;x@BMkmRF3G!`KH(x`=sx#VPGqU{)%vt|qwTAV7S*^KLAB#R< zLFjs?a)i?jQQj2d!`JP&6to6riWQ92K*J9KU`%=aRI-aRl#jS<=DakU0WjAftoRi( zN^lhovv66(mxCo@9^Hu82GY)mSpwq)# z`)FZ0I9&l28PbjzUW4Ch6?j`Lzl(_N=UvtRjpfWODvLlQUis6Gir-jn4VY{bhxijX zz=G?t3`=Q~vZ<=eqW6_6zd*G&CehL>0n)tdd37}XD)l4xL`0&VkZFVGj;(P2+UW+{ zn#_cN^sc$NPN!cWM2^3ccmm0c%klN|F=c7b>Cp&AT`>cusvN=?r?<#8uTM(|S_s(b zHO^pfujePO@i?SdTO6`>E!dc|vwlW_#=Q{MQ$TXQ*bP%14tKOHHYA1aP#66qL{r{K zA~YpFAf>RpiPTWsR48e)NdvbAz$W%tIX1x>z$f>7Wdsv$KQqP}xCw!|q0XHVu8v|# z8I_k9sdLAp*>~1k5Q~Wjma|(xqSY3V?T@(M_3~$%GFU$Gq-W#osBd!xYXFVgt^5EK z3)GLe*v;$j9MyfTuCAwgne;g>10-m^OX>PWvbSnmYvvyK6^DCtK=a` z31!Un&m4M&0X;zOyr4yE(}!`Dom|S)7!yXPywM^i#=Nj)kQ(QQbdJ=2^Gch zNW9>)b8tX*?M>&?Ny!gh5#iUWZVl_&11s-_b4gTk`XTWXpCsS568jE-#`CSD_O;6( z1ztuyd|5+i^gUs#FW)5MWoec1x(bx7+6c6JJ~{s~?x)D}Z3RJ3=6In%8TR#8u;C5r_kaYYAvO9E79glGO=0^2Y~t0| zUAT7&sHZh>DY9P8$-^G*>eQp^lQS2UuCsXGR7SZ-7WQM1E8Zgt11i$&i_YOgAvY^w zp}elOK#;JhoUS8G`x7zx-l>+$4U9@na&_7Eg~W6v#E?SY<*&fTi?+~X02FLjXgbWY zXyS*Kpzt|t^92)XifCu4o}IXjJmpHrY}1TOr)y~@4R*{i49B@E8OeS19l`b9I=QN_ zVie7dWFTn-b^ZntNkbt_<_zYeH0;g({Z)@A33XHy63Xv}7o0y?+Qo4`59psrMjlO% zHllwIBtIY-#CWu=ZGUjywdjl(A^Q~L3$oDuWHMqjGJCT5jN-PurLfW?# z<#)OzAAdLd)c->Jzaji@-h_$aUrv9l|L9Qu)w;9(FH2IF8j>*^EPoN%FPgoyCNJ>- z{Jxi4+z)8IeDK0H(%-E+e%s--OEA0|k~sIKqd`p;Xs34gVP`j{w*jL*{Dw^iod!QI zn5~7yruS#(>*M#FT~Eof=T8%RHfvLE8QRO^$H>zOYa6Kh^N9^?y0ZxuThr=j`PLfP zZ!|2>OBrUM4V=*zX!AECEPm)(#0Sx(UcX?hJTs6jrlnj{w=nbHB0tnO_?85gASS*Y zdmLLf%0M9wlATWr;{--!#iGuHu2zDUn8QliELE2FjS`5k_gDZ;0~~REE{EfWr}$2E-B{-xeqW#Hu+*GPm1xRI zSv^0JlXGwMvVBo_JNb`A1RpH8eItr%bGS3KNq=v7-aWPK8vBV~+CA=w^!!HVy`?Oa z)$_NZFPPVwgqvTvT^(F0hFiu1Mr#J5i690?;T#-7wxprwZlgz4T;8rg?+T)me+%czNdJs6c_m>anY7qjl34H1uOMr<2 z^*W3C zcJ(L+H=SzlHs0n8CO3cK6sXa^ZIPC!fa9r=T}PqvN@vjM)!aRnC#!_X$lBmYQg`@U zNc?=HS*Fc)cz8TOsz~dv`KWuuoA7RP_6u9G|J9{*Tk4xDt7?hE0C3U??Q|77EE((4 zN;yvJ<3071jc>zrdQlcr>WU`iUGSz@grm2jv+%(!2 zo-q9!I-C~2d}M<%j;#Oy4Ysz1!F2EOq-Wv=iIk$9-Bp@jX@#=PLl*5dK&`O4Rw+rf zZuD22g%4Wd>tTnRotJ#KzXDKoZlb#C+{%i)1O=MhcxR%xL|AfVDA(+a2Rf1(e$awc zd}>M9V8e#lAdxJzYoQ9E@E`75u_$HxLtcQG#n`iOpm3UxZAZj#((BM& zHd^YVmq{|%)tr9E5#BlzLkJ%g}B6TowyO&N9?JR?2uf-;~KU6#jDcpZKNpICe4N@$djb@|M{(|5_*F$iAE z)BeUL>kC^$+Y_99|NAe{D0;q!`>=k%CAcKEj^7r{dWAa>+#GTXksYv|lKxT4;r_;v zO_zN0(V3X>v8&x$6{n0i>2TmGtM*LVh(D4&p84db{ibX5(p6Bo@PONx^$B!ce8yec z$m<5+4$p93HL>O6&daqVg6;yfrz+;+q^%FaT5)}@(BBZs)L?LoRzVY&3$um~N`-Jl{WOrfPVtdWJhJ z-#@RX_B!ieLa=gsPI#Mna|Y3F&TDpltUStavMq0hm2YE?Si#B&bR|UJx`PvX`3}Kf zV#w@9@1>0M2ekZ9bPajeo3~S0KvB~eNnd9xH81_a_@K3tyS^07%-3mS8>E6oIe124 z9t7ow>`H-O4d;(55szhrXG#hwu|QJ=4RdYlH?v!`99`hXCKY?Er=4jf&lOG5P@bNV z4d*3yYS-c(3z^Q8vdvZ#&@6#M*k-<3;_|V#8rPIO zrxWXkg#R37x0xx95~8b`|N29r)X>7?9M&D~ z{-K_3O$E7L9((yo1kuvn0sKqd|^2#lY6*(mK8+q_@*!3!b*{-AcG*d8he zpfYdma0;f4_)!q!h&E*2@CpNtxg0jx0y^hJ(;6NPf2@EXgIDrm}>}Uk8UV`k9O>CQ5`VvUWjX& zb1aIR2#o&9h*k<{*KjO+rub8{y5nAmu_)rF@AKHv$=>&=0CI6us}yuDPE%ai%(bj6 zb{Q*A&x=@5jVmlHxQ|dQvD8gnlD_ENo4924x_o;@aO6liI#!7SdPz8=^tZgn_Q%Xci#InYR3g+2&THU!<-afw^(`HD~UpqKYwzoAZe&hh~Yu zFJ-QZWGX@+qGCHe#JYH^9HKO|j&8}~$ub->3_y9TXghaF1Tx^c!^nqdgq~DA@+8I* zNeq$mF_sIk;kM!S-^P+rq8oRdqrn0Ux;2E@BcO%_)JJ<`!5CY`lDi&?fl;GlN<<(@ zC-dp8VfyTC?f}+=Rx)GRn}<-=^VGeYhn_cM(%GAa=^2Oej04hzv z;$zJ-aZ+DItZgKr34Y`baE_v(I+N0cqwFgQ8Jg45=`Oa&V~+iQ7_9prfvgq22LRUo z8nb+2``KTs-d66GfLkiXbbf0XJ(|dB0VcF$ygb!|aFJLxaR#+>I}CxzO88L6Gqy1D z%5E~1VFnNh35DRh7y{_tEpN8b{FUsljb>Zf=V5evT4iX(N-xd`=B}$6FXCP4NbN?c zD>T^ILw1TiQw*sA(npIIPfUB>y7}v8GhBxooWKrb1jxe1P03ai^l8wW^qy7(F9oQy z@BAeLu4^<{0*1?o+(~5Iy$5Kk97LiYP61~y+l+a4Gw0}ngDN$^2cW<6>I!H5 z!Tf#-5d5q?sY-l>djwX03Q6+HR)VnzZUg=lKs}Z>g`?9`?M-hq#eG2x14S7v-SsEtt7|j zKU@BPXnA@j#(xt$|43T?1^;aS+h*rP^luiJtrMzF+Fhl5;t3!aU^gkWEv>&*ie3O( zD5qNw&l4d=BguH;SA{NIkYJ;$Xf*L5C~njmR!&dX$2n4aI(Y>5fb}&!Hr{^--aFdL z>uY?h{~DH(pEs?qUwmjh9gG>fUew>?^(d8>I)T2gtE?}pE4NF*Q}Gcf_Ce0b|5>@0 z&1ktlp5O~(F}5IW~u9;G)sl1Ci`w^}b_5*IhvVi>Rl+#f~xTA7cVxO1JoABisJd`*LsqcVAd$T^jIiNE zIK2~`*ANkA#4yw*XZ(?6oY@hjhj-yZ7ld$&zI{`|5Azk>L$#eS7~aVatrshdVQFLN zVU4AAitV^zaq?V4GX~hmUouEWu-Qil7&3biVv6=6Ii_1?{2FRor4#HK4meuI5S6a9 z#w=?6z@9Y;p2rog7JbNkN=pLnfQ7#{4)slw4I5*vW^E+dI9h1H*z%oE`_l%bZx55^ z0XDHrxD1{FZp0Gs_`n4Z?=Vj*Hv!9icx-*p1T5l_2mu$tGshC0uG+8=7;s3nHtn~D zIc&3sijr7g&BwUPy7-Z>DtKs6f?*LYBOuK!_oVdtM7E#)VQ&Tmn)zNQdiP)vhx9h#!luj5bY+c4=u| z0TKy*!k6D6F209`%c~+J+0irz33t(#?MBkNqX62BPe`r^UDf?RjJ;EEZEL%Q8{4*RJDIU<%xK0=W^CKGZQHgpW7{@Q*4k&){?FO# z;=dagy+-xXt490YYP~(})jGthf-%#n3U%kuC6RfCYzd~eoMXN^z#ChrEH75q5)Zn# z92{f&Ugktm8c{9^ufIgih|=zr7&hP-Sv}^h5QN!f)i`(fo2L@&}V^ZJ`vi zh0Ok-TfD;!IRSms%t_GF5efY#6pN)~ukQXqe+;_C9C!q}t1H^=Fa2B2v-((cZ(!G2 zNfC8xGJ0+=5r+=HjtGm^FVtD$lQFZ@suZNTpPIoXV zKLvY>4BwRI5;PE`C6{##w?&y4pc$n3usWXH#x|hU4+~Nx34~d{MX9ciaMh# zUScj1br)zF)UNe6vK9Du;`#1CE>JT*e*DOPmc4Ln4)Bv1-I;GxW1#HyXk2o(tj-}X zJs(>;y9|0P^Y46X2ehvC=vvSjZmiHd%haWzVbQt>cl2h@fxe5_f;BD9-fssih!{6b zNnolfIvESv2wrjf-nKH_vIWPcNH7UfcksUC zaLO;a$UPkodyE$BN@5(ZQq1!r5(SpNgugE${4+hCo@m0bB2$q#S7%I=_4R&cI#OYJ z%Q2D^Rd2{!IOk>gP7_S(4VCcDsYRaEXLyB(N4M?^;Qr5f>%S@R-?I8YVHHNEzb^Re zGZZ_=zp$Ph{~hc39}1jMK=K1Xh(B(Wrmdadhc4{$6`+k`rv2n9xq#+~u$$?rC_b3c zXSmiVmW!vrMXw*L-dpX}uvvn0umGycC>A>Zg_U&fF zaKyy>eQtZ`Xt`%`4GcP31z0r-qRTSpTEt)$nU$Zf*-d!fXXlKk%6dB!-qe)_Gt0L) zb}g~E&a+QFTa8IDf`d^pb&R+H%n!_}?Tb4m z>BTBx8!S_8)_n!IZago|3;1$+&l(gJMEzP!p?wsLrbt*yI#t}Nx%nWrI=yw*2ge== zta>(J)e^z}yKOW!Ks>!>YF0Sd^A|Krl-|CxI8-1!n|q=WMvgXU_U4vki=vs8zIu6T zhQcfxy(9Z!;2rI32sBrR+Ved}v#1ZC#oi()618X{+`-m63RU(}SvK zvxL$#_{#h=HK+>v4plzrC)t#8#D1b00%`23)3L4nqb693_6qSd>$ps3TG7JQcn~9U zv1F^swqtteMoL--uRbzOoS-~fSaU8kFwA_f?7=bfhHeXuW2yyy4FDEvFg&oOM(wVx%qX3kj&rqKaI6peKG=gr=Yj&&(>+z^)F8n2Gvu1Ok;HH%_ zyT%1g*^5`&?3loIL_f2}C9U;pa$yB%vJGff-F@H0er&~w^R%&6B%N|hW|=vbce1H! z`obx`kG>u|zavYMbpmIPC&uys*<5`&W0h*|S19B?1D9!WE*_i}}$gE27q&{eD%Fn9+U z&a$AyX=EHSC8F+;Rl|@#)op@`Cawkn4UFRZl2fxhg@E>8!HtAcz^E)xhhI{D_RjjmU(t^W*E3oLV6(`!rnEqlWB`@~ezlFMzv z9v$!Q;McnQlxja7hl@CEBz=W&XO3Q)FQUmCK|5YQk|kH&OsF{)>J&vf?GtG%N>~=S zwIMaG_y>Q;@8WAgW)M*OvWtMadniNt%aOp(C!(;*%sOg>dR|abm{U;g9B(e_t^R>y z<#)OK+t466q5U>A1PZSe1=O|8(8~SQBgf|n6nyzLXi$%uq33yH&w$gzSmvNCZCSkB+AXapqt_-Pkf5<-vXa9p%s6zzHQQjS*q@=cNL!px zK}-pMw*P=+NC1vW*@^3kpRcMx(9UhfI1b7bI4F#ZY>r}~n;VzB9Q`@CVl^D#qiAC; z97e+*iyFD?{uRRs3XRT(=kd}{NTsd?@&^i^eYG166ck9tv$%AZpZ*v)N1J1cXS)t0 z(K(^cE0GtT0+VVAP8pIIQp%E8mIqknIyzld!l5~P@)pakpkZwDMG%^0i8^&Uo6o82=jdOPqjx3#u`FE7mcs){LGvcvR))5%5IMK zzI^&Nv979I!L$CVB}F`MH?^W>gIkzq0>>#-gdP^JCU*lld{>skmRFaJ){0|eo35XeH2};K0VVpg;_^BkCAYZqEtNEkT1scmRe65T9WWiTiV1#DaP2nh%(-KDxT;9LdVh+ z)pA6O1*mGMt9c@a+uo;OyrJ8T!DY`x=+-Zvrr2+_aAPhUN=E|pE5E-PRDr=!Finsb zeVc9VJM{x(C(>U;HrWPY(J6p)9bh!Uv~72)m;btY+o6zg|4Ivw{zF5znAgTNLxRLONyh+hMPvz^ZzL zqc?|o29dzBl7Cmvn{FG}>Ga|6jz00%^|2)ArN}Z{J@UK_)WwF@L){7rdi`ODCFBSV zY9trIA_EmbFI+YHMU4=3#vG8zkVbY^=U~=T9a=FiNG^Sb9OHPxB(vBbUDhkCO6rSe zz`cCgiyl%cZ~=>*XR=!9?8bLvRF{Z!MjfW$)DpV(3|(G_2cllhgxBg~XSuuT6~E09 zZ`{;FYuhcOHSl)#7JYCj-qn8G{s^La+90Hj&hCzqw|T*CpCt+<8umI6U3Em zRf_hTwp6s+%6*~qXxRSC6t>+jPr?UczzQYu>WD&9XY5O87Uf#X*>1Hpqv?cm5p1s@ zQaLQmSR6azFye5LVxTYlmd_byDfJQnK?E# z4-(qz5R&X7Im`dK5;owf*gt1}@oI0rcg;?RSOSD~^@tBy;wLdhzKSiTW5RoOUk2W} z0*5ZwaTn}M-3K}eEH3Q79v%NU-i$1q|KWsi{F8wB&!gkN0XF~Id06lrb$P1Z#t98A zw={@BP@HG}cESsj{-Suu6yaj)lHWgC#_(sBXL{~0ovuttf`*3Zx~Z1j+0f|a-<_YE z5gx07Xr%oIlc$4qy{SHLwwgY#l6B#1lKYD#$O#U@GfqG)Vw!M|2Ng`sRUAkc)>}d&f76DvDUb+0*0x!FRsF~ zrLQ{30;kqJ0viueg$=451M(3wPZtBKG@OTp9c+N&5Rc%fCgRsnJ!&_Q_2Ih_`RDVi&d3d?7Nh!s-L+#)=jeP*b9%P zwI_EcTUA>FQJhqfeZMe7MR-JKg9lQ7@%d%Hf1>^A0Zmx5TNydT@{7ZzY(S=JS7LiI zjQF)_1_XXk?Homj(US>tn@C)e>~2frS3P)B-KAu|QtA+2gxj?=o%)F7VG$a2xZ;XVWn~%gHwuC zXXL?RPWse8QxMi2$Mm(l^PaJ3vzx{Ii0_#xl1zC7hJev74d8u(f+1|@Sg;pYRt~j8jD>d4zH()GcdoC5?$+}4wD z>O|$QfD=H#>C6;UY(Tf+DhTy5ZIigxlWfo%|26^IOrUrIv_l<&i#%UxzxjOEhubA2 zky?e6CCzUsYI?XXqON6!c;>KR}mM04W`WMrvO zG}(-UmF|X68Tfv^FR@_CmUx>sLYeCAayn93?Fe$Y*xZe4^?hr+l3G^HuQcoJ8d&+37|#m;)|vYq zz;nIK#C>D17$Kc$qw+VlhEQ7zvdAV6DI`;(cXX>qL4^ZWe>?F_>mSIC;mYA-)iG%M zvxYy|J3gfto^)tlOI+Vw&guCaTomR$j&PdwF<>bw6X_IqujMOx^wwDIdYP$nPbB6y zZD}QDlxrxWGKVdJ7?Buom!4Fg;E%-x690O1{NtAYe~%8%e*r)_{~G}Gn>YHasAco7 zqLz_T8iUNVrlWraiDS3X!Y8~Jzp z=XQj9CZE8{n&-!d>pS>C-3x66kGDPBE_^BhDcTTrmGy7lsH4=c>umS)jlPiqcEQD3 z8MX{iK?u|PU`t?8ah|pE>)~^L=fmrnNfAh~Ycv9lMj#G{BRpP@k|2#ZL6-BRbyh?M zI?AEAAbH;Y4xillX`QxO0h)T5B1zm^6m7WAj2DxVZd1GsjJ|h+BR?13brSQ6$dC%A zX&k6WLpCqgzXvS~YdmR9Q@~#xx}crOg9ObF^2e_~05#Z#Hc6HACg7mTmP)b)kKvU91UyI*W8gn(@_q zoA5(H0lqgc55GRNk6se#r>#`Angux>1nDBJ4Gc58u(7>Toz|9{%`@2PE8|o{r(~~i zEhd71GKM=lKPNv@!z7z^wJjYGa!V*$w>gF={M-4Ev_UfcmyNKf==5h3!{v}Wrd!J% z(lJ{l3nM)TqFbo;t5Vi5N~Sp08c65KaxG_^8ZBFr6j;n%Obh`f;*-CBXmN3(X07}R zt9UluTR_lDkcb>9+KwCS$vIxD!w~;K605TU^+~5fa#IhK~p-O zg(J7PDcRjjfagIbc%hU{*OA96^T+V!8Qp+CT!TNYr2;rtj~$!DKF4muULV-7TK;Jy zZT}gNvW&$GNQqmTn2NTlo!L30N+T;`M+ZQec|K9e3V9jPRBM^RZZop-M$JuY4Ul&; zAl~m|Xb%45gX?mY31MAyuO;-~$@#yN2qS-^NT*D|8Gpa9n!&Qe)wCe=-&>o}q!Bo4 zNHS|6a|YnNErS!E)C2`))Vbd6UEX2i0c@VWYpImPMIX(w)zZKOT!!9mVnUE(WZP|W zaaM7->$PSFTB_q~Rt)SZsnJatw)(A<=+km?A%F^-ly773EC7igK*87^ZRFbmX9uBn5kWuC$fTHW4>rEvgA1;FWRODi}CG zxc|e}RcrLeB`~y!pyYsw4=qhRf5?k`I~{=;ULY0PMl@RTkbK!NpVTk;ZBpozqJ~2Q zdqQX4VU~GKzTTh5Y}53GbWgnKaa3d@^gZ;25oQmvM}kY7YK%p5*%1m+qvGM8u5L{G zmiQp|e^R(uoOe7dHZFOGu5mIKdaz9sb}$o?h!`hzqACd;8R0d1iE6_rFQ98jPKcEU z=GYiUJQ!(Hh8>fPCFYIWe+R^eEt8b}DoUu8#t}t(=00$3r#Bk&*l|I!+U1PUjv}u< z8;UO(n~XkonRC(L$C}st^q!*_;IG5=6b*lM}&0 zR}g&zk!7oNhtz-P<8i_qgDuT)hOB#Q#RnQ}WbhxAr{lJhM$3_y>ecnfn?ilUfnDS3 z^fKf^7J4Wt`GMhU`EX)LIH8g)i$lXS+^k$ovVr@<8sR{{E=lE)Fd!y{d-Uq6v(F2I8IUL4>Ez9a1<{0K8n&G4o2n6<{SH)rB zXiDW;d+Ll>^5X@{;|8d@u?ZZ4kJCF>(lgnB6PBSX&DFu#-Xot-l|fx2E|WNtWko1Q+ta#-gflqSPm_Y%f}Rg zD&p!c5elNtyhyNqQvwSLm{WTWv!)2scBuPFxeyp7rt6Z< z8DE@`VEi{aMrl(==z6Pd zsM{mh9R7Svc7{HQLHRfs`e^na_B(kQEx3cdvh^@z*JW$0jhDpb zO+m(nSf~zvE22UYS3-X-*e4fCG<}Kz*E=RT?Yc7Y7D^n`V{9K!wMhRCl-#$R-+3Jp z;dsD^qsvRF%u_DjG8k=!lY-4Ey9 z9xDGRo5Ov6WTCH-SR~kq|J#5u12ROV;dgjdm#+K;ND1{U?6eIToKc*vaX@deC>$J6aT>5_K5mn2wVX@XXc=!6U1hvn#*26g`VvH%v0C*k?Ar0SL*#Str(-k03-4e@j+ zDmin~6WCopESVFnB^LWvCQ*S7ZD-9^T6wYGQm$Tw=^|g}Ez?+}zTBG>5+u)NJr%Cl zN@#yBQgLby^P!Hv$_@pT7!+{iI+y4=raI8@s?L-kkr6qNN9v%>9M>dCU=^AZJChu_ z#C-xe2DK(>$xZHMYmRV58)GPM^0ayD zbIqcyl{YiI2&J9j&HPVbTx1x{30ppea(T-O7 zbMy^JFUo&tew2WGVDyY}Rd{{YzdjeeW{HYC+?|=*t8)q{(S|gZ!ReMYyQ|DLR>6IF znFrp?><*QqC4kQgD(N&Sy2Q|49%mhT^L6NUa#!%dWcValxb{M`5sboF3X`*Fp>_q4 zaiG(7<)^D!u5kT8c|%ADV6gO*L1wq(9pY@1l`=ZASOE&T_7Q@;6LxSmm*MY#)?xEg z>W$*tzf|M{WZ7dVCZ_g@fmsn93e5AL(vlr&g5volWw#KZ{L0FNDD4$81ssSP!@g;E zPd81l?U+R_<0QbANBXJEqqiG33WD{?Bjj`H1uE#ARi$WUbz8 zIw?^ujBhd##j6tl^rZjjiZ+7|0Zh<`SAU9}L?t(uD}ej-dj!!4QXpd3jK_ks z)1qHw^X6qquEoUlc(VBbmyRTKhcVAB$!{b#lQ2l=HI_(Ak?x{MON%@#p=+237_6eZ zE)%&!>5_7KS6_iT}mGvYVN|AKWACQJJ8XC5*#G|X$ zU?4?2v9xlF2~^QW-bS>7#PoO@Xml3s*oHEI#wa=z7HgPwY?lXgMlxY%b!3@TS|$>8 zWY{!+e}|^s3FxHIh$cHQkapI{XGcZuW9UgV<>339C}cQeJSJ^U2FQ%gVWel@frPf~ z3NPVr?T-Q~Ih%3CZfxK4+-$&oNT_&>v2d~8z;Q!oe`(1bCMf#%>4a3m_&uFVC9(&{ zRAF$VGa3o9*)~D?EPk@tWhr_OJOMH@A)R3UWbzJfwWv`CW!Fu22&Cj)FeEWk9f{oy zm~Z@%Nn#fUd@!drwAWOh7~DCw8yS6`qNyYS^-BYsQjtL2{z}@8nn9wcpDGL zM(gXluFVC1l2{!&rG^hP3)9o%^;Pj#Q}b{`M7n!cQtlo-oCa%;FHMff8T{669{e90 z&qc3)eM|Var2MTu46Oefx!_>a!!+%9JrpwrTQ;k7apQv2uG2@tC5 zZQr2FuGSMBwby$i=TA0PW+B#^N(wq}lpon5`cX!9FL%wjO0ehGGakLk9$2rse zDX$QGfO9jaCU1jD)(>-VeBre9D9#*1HwUoR`ko9hZcvMpgPtgs54$O*Gd`7k_6T%< zMH*)2xZnuEW%e|OvrHc_I}>TDQL-nCUj!81NM~T;3=(QGGF~Mg5Xe9$!*&PB4E8Ol z$0{?}W1b}D{36xOU>M{HLx8IuZjw!=*w|nPNk$|ar~4$cII(83C3X%6eI$joe{fpu zbt>$ivWEPiDP_(!8=@fD$Y&g4i!h;dO#o>aZLuAP)yUJfJZAbvj=*@am>W*?EBni>~R zG$$m*F!n(gHj+-_%Au(WaEK37BXRu4MxAdcZ)5=LO1E64?=S1;JyOJcq`J#TPz)zo z12#E48z+zVFBm4|;@xE=s60ifmRHHab^(WS?QTu{XbgD~4brY|pF9*H@RVCYpGo?; z1vWQ_RB6UxyoC>KFYH-sOk&DrD<=pkE{wwzTipiAixwW4gt#4Q*xz0i6d|3dH6%PI z>DmP;-c{=Yw{-fbw0uWF9Yi`+^P8L_TR+EYWoS#8{CdEG`|JIgHOQ=S#RS2Z{L8a) zXMR^CV3y{}%6IhJ6ZZs5ZTWxV99K%n@wts4_FE+cDqm4voJ@ky>aRJU3$4xfP%)-D}=(PTi{uocTNs ziF^QLGZ`Ebg5Nr{ZHyk_=f=1|1bb(xi7w0QD{sV~-!9))EZnXNM3}`9AxC9suv;Vi zQ7%JM=v2rVLR2jlVNI8P;4_At6I-0a#vO0?F;Jym+3%69?KXUtoN0EuQ zGu+UEWbk%;?!-4TJo{Q1tE_6ZR~|o}RSh~uYkTyJ4q_0&cRC%(F-KvT(sYb=o&w|x zH6Scd$=1@;A<7XBb$kNl<<`gD1KkCS6AY9gLM=>kc7#~RO>#oP8Sw`A^(~P%5W)~b z{<(l%rMX#8SwoRb@+qjL+R>O4AHrb2H`OVDJL?GynGgg+ zYO8JKMu3gsUib?;qc^4bnxY2{z+R-Q>&n~(TjcB!O1Pw3SnUu-5cYL^{Q0H7ZzI=T zFvU$2&gJjN!c+CvV^NCiJ`b4ycuNkn}-@U*IE8u;aV6&I>1V z!VPd-9gX;71NRBe_hp}P^>B^|O?wfEt-1B@~iV%u5HB9g-H&Q8!k4g60OvQ%-Mb!!~VL z=>iuVWjUFaA_|S<51=xFBo=AGnmvi*pjcJ-CMS8U{9)Ri1GuG<0Zwb>pUh_pd_zNn&JXS$Rt+g`nX?)5EhaHYUadco031L$86cspVd$BAsyB7RyPLz-?wMKdk`;>lB-1F8s_xO6w~wK%C{Qx|5N#ro$XH6E#I{QH%i9d= z;y6*JI3*IHlpR~KDy+19L>kN>0MfL%2SJ6&(Fn?14Lc^1M%XPAloK2n<5zNsVf}>5$+>15E zUtygK4RFrm;KejixWf8P|L1(KsIlZ(<|wsuEKP1-FrBCn1zfUAM-*L_S#a9B!9slC zSX|A?UPDZ%9*93x-~ZTex81-p-4oXhah9`7SlHoypd_I9ctJBxWrgLC8-g$vm@d%A z5<5F=pZ=XSP>oo15Bh@aZIukyHFwxfR(dL|a$P!?x$Hp63Og*mjDY@dg*g;dDWVvX z2vxC*B_osL;GTwDqPUUy)qXrY?>wQH%+|_U6Fwf9|G5=rhz3k+{T4Dpy&kjhEdc)n74N)L7WhD#s+>4GWO-$j zr&cDw$UA}d3yqdc_WjSs41CgZ1)j&c3S*^1&oSgUPbYCS(kwo5EW7YPC89mC)xkA& z&vP7l!d?j#lD%osuyO8wa^+4S<<1BFmykUi-0w=#Ku|GIs;96*{@Q%r>(H5vln&k3 z?fz*wC(+rAw`{*{*nn|3Iel*+Km6ib3<#ZaBM_T}wyS()+*`DLK!lD**S%Ze>m$PF z3rKS(*Zh0oYxwAG`(||jvem=P?GM6dt=-{qrD<2cX=BjLCxdD0gW2}Pb?T%zAUf90 zdRYk9>brB*sT0-j(kyCmHD`%tzsmq?ql_`oYPb7zP}Xxa@y^nALgKpgD+B-hrWy-M z7&jfvyR+0zBzO|WokL%aX0A{vTL3|E7yn_bjG)e0*=-Bbwsz(296y#B`lAp z=r;&r`Yg|h=r>MPMlpHP=;$sX$5kH&T~GYsKTSu09AH-SpzKqQrChlTZ854fUzVw`S5^kBqtD z-S|$H(I9B2#ADrFF3j&n_%W-wR_-v@h0pjVt`#2ts_p;Svy3bZ|2eY%6WaJsZU3(@ z#WcC-ayEpXs~40E>e#6Ws|eD7gqX?PW^$3!+|$bHM7NR!=aZ$Yh)Bp#-%)2I(+ZSrr^Jpcp@%xalglYbSz=w zr=MRR*`T7Zsy0+Q2DXWo)O=GaM&`=;DA8XZ*W;%LHLp%&Ac>mgh?L5CyRNp-*bGe6 z3!F(h9Lk2ihF%B?`Z!-do60b2HsC9eZ~hec5mlrl5qnp~N|o&B|2_e0&J2K>fesYq zYohpCu%3XqD(_Qh5Ht$e1j|Ytz~wxvE3Kq3qmE>aHH`@e+}Y~kr`e6(H#dyz=nr2F zou!M?^G@fGMO6TqMl_C-qa_cs9W4MX^vJ^MksVn9Osd9H)M9UZQbQc@E4h47&LhGP zH4{*X64P+a#_DhKGxH7~19P@9tcZ31cnix-Q1RDdY zMcVe+okyraa$M8o^kyV^4l_v3IKQs|=mv)~IUvYHv2edtSxBPJ!0jQ)S2>Mf^u_Wl zNvK_?u>}1!2>L9FI|&6UTj}R>`>!#iTJ6$vB_;g$73@DDsuc*Y3{*UHHmY_M5rknM z40!n=MnCDz!oWj4^pBPhaidUAqQ+@Moy(TZ8Wv1H7{%A$=3{in#AxDwf6#%+6}lmP zhxUVsN?R}Xt-_N%u0NRWam@mTlk5|g>lVeU&5-p=)@mrM*~zyVm<7bNWHLfYu+8SY zloT7jL`&AEea7@DpnF<`HjA2&3)5w- zB$bMpz({kDOJU%i%7n63cWgx?@*J_I4z-?cWx$JOv^+i(FE#rd&V=X7R3e@F70$#* zY7~RpIjuosv`kIm@8Ej&re1RwJ>@hv>5MMl9~t&*xV20UyY=Kw_zfg-a%%EqkC~@1 zE(DDyB8?y2OaAS?G8kR57f-NsyP^P1rf)s{`gkwk*A(F)jND^ZW6?_h3eB4gUEeL{ z);^E_i->GTRjJ1MQdvB1Mh@q&>pjG4#!^;o7}H)Sy#u9RH}9lJhQ+V& zlUZqt%uH}p^`ek&niBDhA9J-^y*JG5+-Uhv=ud8@H;l4a+AV510OrV<4^SvRoD>W+ zrymMFTCKcO-o$_uDFOiEY?A||hyZ!Anmfn{06;Pw;@1!$K2vHT+$hnL1@0rGsvX~( z%KKtRZsS7W`@4<4fXB8vPXASh|8Zy;nHf3$y5O&Q8;XPBp9I8z=rH4d#|z3tuW`V1 z9;rQd@EePqj)TDfV;0*lYxx4WQ@E`)_28kI(to^3DJESAI}wqm5@k^WVKk9S?IVvq z(TMR1+}PiB%HP}j1XkBP-x%FJ;SYLmXsf(GH@WgzQi*8uUf*2H-5iC}`Al_rmCdrM z`-I;%fnm)w_8D93i=(Fn0SL*%N4MAZnbRif1r0Yj{ED9gp>72xr4#I$0I-&v&V^9*RL7ScKr3U0ux62r(8 zX=#wV1lfTj31ueN!{C!NL?nsoz1#_pv49f?yb1K&vke8ax5xDSP>H$TedEJ!6CpQr zVnmHehMM-@Bk(hTl9Z>uwpCuBI7Xlg1196F{FAjY#H)Mvz0KE{Z066ovN{t*+K|6V zqXB$Hf!qovVQ&Z^?=jcoWSBhBa}e4k212~**k_GL(-4}L1pMW2s&uh3T28u{K**Eo z%wm%E{M+3OX68`hp>V8Y0uX69^S~U1-F(#ct3x>neEV@lTMs1fn8HIY1GlC(22>%B zn2ZVT%(bB`4g?_ysot37Je!etObnG}+cM@EO*@5%a8^Ig&VQ`M1mhC5vIv+!^$olTU$|n zld&P?U5mt>j^9cS_9jSV#Vb9zSqIFg5TT6T@C?^f!L52I6+XZ!v;Mpa_s(eYb(PX_ z%V&A}S~t@RaUG%dm(5_V8`#?Kf_qnX^kF75q6BscD`!NyFR~=ni)+wPgr7&D6 z4yWNvL2m;Yry&5cjtBVfkrGJEH?$@yikO|cw>D{!Ya7=4WpnX2<=!t zP$iqsiJ&r67iX^k*i~C~x8B!2<43MOKK+}F z{;iFFTNO;K|GSQ!gYo}De;kbe74)a|ztCTdasi3dU)c3zUOP0%ao%wid`>vfcVx^< zVze$(+{@7AR><$DYC-xpTId6 z+x+5=*u1*f+1}N^++NJ=yDYm7*6A`=TCtncXERtN8~*-73sB6wE?Q!Z>2WsKuwre= zs)&1m^B4f5f{B(GVS>jS?Gbq*C1|Yym0?H>^RWrtdQ@$uVbgG$0~}#qYIRcEtcziF zhWDXeLHX;uVEt5PVQhgtm$;Us_?_|-qsL!!#=fu`0FjmmG13YS4zTwp@JJ;V@EDe< zv_knAH@i+0k zwfe4JVlp!jL(<(K>IHAfK{RzNHr$@2^MP zg9+Oy>r73*!A4KRD+z1%HE>Q%`_ys3K(Z9Dp&tZ{{9C4U0`HPnIg|1_L7E*M-+tsV zf|bve1c%u;k7Oahts5w^!6xDLn{p6HHy!hGt^ZvPMLy*HL{>HQ%KI)YrnyaC{w>O1%}j_dQk z%JV;#F(Wg}|1R(1VEn%rAqV4shY|jh5&NqY>95*Tgzdt&m^A>f-w?mYN%-Lajp^>* z^ifL($&4hdo0Ds2d{&!U7H-X5^Jo`q-fN$mP(G&t=qmdUo~pyQyfr@2f1r+EebF=p z2O@iwfVSa%YJR@bC2#9~e29e>^&ts2`YEQE2NupGQVlNZ>glFlOIjZDm5c?gd3Dh0 z@6kh1#T53K7d}hcxCE8uP~?{UbfKs1gl}en71j3LntKJLC^yEc43(Eql0<&GS1T=m zqONo?Q}fFW9SIMz>Ll_KKuP5K+!to=_E`tzbRT@kmei7(g2I<7-_6lOqpzCNwrju5 z3OPH~_AQ1Yr{(Sm-;hkOmq2)%?zahV?%y2`wND&!jJ=_wb$MoI_utXW&~8WOSRZw* z?8Xepnuh!?#YOQ^ZC7|+vmz0n3mNyxN~K;rtE zUf||LqJ%o8^}`V2*o}E0wQ#|Xi^GA@(b=eIvVftm9Kq1WzYwRQN2qZoS%A!o49>e5 z8P1FkT2W9H&p%r>B>Ba{zg*GOQyYU`>@R?coD;ya=nooMql(D@1KOVGwF=;7tp}xe zWBFToMeh_k7sOI*_lF$S@v$8nIEFZt%g+qzCVc_FDMke>NpKmTrKVWrRgGllIX^1* zB~OvS#~=Z0c4)IQ*|2rpfj_b5X#26^SwnZmaZPOTny+;wLRNQ+l(854v?Su$`$m+H zG#^=;SK`9+&B)?Q?WjoG{Bd+zwS=TB7Ahcw1K8SZI(MkW3qJE4z6tPq!p{Tn9(VMn zbujprovmsaZfj-@k_^0{sZis)QGm_i^X%KP;cQTVgm(2wS}<1ApB>u0h1c;QI)7Xu z?3M(plziuWm1BNEa16%}j=paO(9hUYfS0{Ueu?8>TT=d=i z!}-wyRLUH&*V5P}V3H7@nf|8;e@WPAlSQf2xcu>=XTLbo5-$tMfLl*Q!bs^RUd4jW@0 zpz4q1**J0c^BFM4U~SBWihb`4F~_bMUN61jaVrM%sXfvI?yoaD`tH}CrnMHSfCKU! z{F1(6Jr4W1K1h^mZ3TA2%O#H}b4Ao`UX-2F2ECpe{gKD7Mu3fxKjt26L>)d}Dytmx zu1PMsQHWQ)%?zR5P0YUvWnadj8@?2cqhk3!IDQFt8_6jq%P=iHWcwV!4@AeQB|-c@ zjJ;!UrHi^X8r!yQ+qP|YjE-&Fwr#UxbZpz{*y@{J`>Z7t zEw+NGoWbhopAMb14@7AO=J8chyz7M_p)&}2`HcEQhnnlm(7weTN8X`mG{0Hpe4Oo*2qQ)W*t*!Jm%XHTVso3746VZfle^dqsY2gpz!qO zXk#0L#&6xsR-UR$DL_UPuxUw8(^a(JC^n_-zJBB9T2Wfx8o(r~Pj}$eUw;bS*ye}M z8{z`2$W2r4Z^6&zM)^4M*k%9+c$YX6Uo_&>P+7lUVE|0je0zi~kh z#{VWR_@^uNKS}eiuGDgguW?=sFr;rs|0imm@SbGKEy0v169w26gYV^4B=JQmF9=`k zp6rND=z(Qq{KsOiI`w^}K5x`TZ})3AZ@Q>KcrE>6kNFdFw@rbZ9*^ycXH+Ys3@Zv$ z6bMs*Dp5@CVk;`UP&AX138<7KfbnCJsfr8OPoi@2x#NsR4sK0bK5;jf`G@q zw@LtLXnOe%byU(I%Dvy5;1#UrX`pXkLYGtP3JrHeFFs9$EH8fbox0c^Z?;mlHuhgc z#;@yX5k@0bXHRi2VT1~)Raagu2_?PvG;-G_+2V~90FkHUTyGib<{M#BHh@+ugL3ZD zj8d~y>qXWWCF7E3$d`DctOLu2El~9zvV{;jYp7xN+FH>TM z!X}51=mt8~xoSk5lbGxDD|J&Ggca`(6?m{$7SxA^Wikaf_$(>^&cDdLV!7C-@yO5J-k zJ(_Jq_T#vLBvU3q5%&CAqgBJKQW{L~jR=zxQ;02@>3G~!wxnQ|8eP|LAI2pE>al^^ zzGtO!SRgWqcE&bb>wwb9#+f`C_PM_;V#&3_ta6l~&OiBDL3$fp$T>F@p<%51@~ONX zgBHh(o*c=j+^NjV3@NN;MNi<{owAwW)7_j+>x8uiPC}2ES+``NvI}vlU2DsR%T?JIPAnP7?~b)q6O4ZnP8H zJV--Wg%B7t3HS~L+(lr^B8{t97&{-%=*@x}Y-qi&e`JoQTpSKN)%rS0dJ~1|4{`GR zmM6;=+>F&S&(#QGT05uyjN(rFBDdle7H6(i5OsMsD3vKPDYU8AwO$_pOIPzQaJk$? z+88vt&@7%wF)?&19q%)E?j`7MJo~Jck(xCGFq>Sje8_f!_{Ps zaIXm&Y6J*|fLtk?j}+UsVhdA)4{0J8BzSsPpPBZcDlcP2eD=cqYtTc|>BqDNKQn#k^^GiyDRVa8o;nZNp&N!g}1-WszYVJJ%6tiR1DnPXn`5Fr+k z4l#e2jzwAVj_TVRrnG(e6p0M&-W7?eJvN)ds4Ly0e(z+NuPWqTue`^x(6wbx02V+L@ul;Wh%X ze-aUzc(AGBc!l=(T`!AWAd|r`$6^bhIAHh<=nhOG>errk{^oZ#?Et_52X|}s`@6?zNQLhIVfe=&GH>omr{1xLa%J$kC{Sep$Uj~V8ArG z$2$-`rCeeB>|OKiQcbfXFM$?Ds9HC;1uS87p1X;nmK<4BF2m588Y~D)L%~B%%S|uR zCCHn(Dn8`&_I$T==(FxQr7?_J*9uWN&bewO=)RPQWtYo%oRIFMPn3^hC5u*8cB7>(9rFkf2rmHVw#GQ&SKisopH`Upzt~}L56vem7 zoj@x|MrJzsiZ-N6*r~u8W)G7z!^VEn?sT(_RyVysdU^E7QkSHTizp&{{h28nq6T-6 zAk3Tr3yWt6(-aKl}Z3?zo5QKpUVFhe*XF#}4Nw37q} zOMsL{xMDS_?kQbNbHA8pt-I}D6U~?N;)wgx4F*(EI^-?V+G>4;Vi;qD9Fnu5WtKX1 z8cNW!kc)G%W7A;;Mb<2?dcA8V*nV5x#%M=JSxh^c49p`DS(uLgnTjkX&4GfN<|Ezk zlyNT!lcnlsI_3-`m9`zt4UsFv%vTHnyCQleBz&JCKecmnFOeBk0;BtvXU*7}MFL#5 zOjpX8+2O5I>bs|VN8$wp`IzAHgu5*_+$-nzm~}e{bTR@#B2X}Br)Mh+NraFX%?1G@ zXr7FI6GZk1t;2*YQ7al;d?}67gh2m0^1yoVflCnG@3s-#plBx;%$w!gjb&-ofZ;3I zIIcXgt+)gy=Jn*4qIjg`5(EgXmTjcM7_s5gNJl5HQS0)$CE$t4q_OK!+vEZkfszgH zw26vv*QHwIJs1P+w2Wg@@Z!4M`;+-KODWZ&TY|b{!1D{Ny^Glj%abr?meEqP&hiV3 zM&sSNejQp8m~X&J>ini)$xP3kc{L~%`bixw39!oQ!_qpM3m3{UkrY{wtNr_{lp7pu ze9~!2Kbwk#K&;~!es02K|YGFN@N4_-c z^XEt`$F-8h3DyfF>kb7D1syqtO1UXq^aZbOBCHR0Ac~@?Xo33SWj>a* zZgo~aLzUeRT|dklSob6KwmG{)>h0bDnSFAhWIr@n50aLcwU@#I`6WA5CtiIzWzV6h zU?B2YFFdKDS}{?@d@4tNd0BB6*7+eR8Eh*X0@77S<>b`?WG*S!PPryTmbK-u6-!z* zsSDn?fr_3TLoNYv-4(AnqN5akI<4~9A5F(vU(I{g;#cq(d@!ClCcl*CsC)i)+nFTZ z-iU<_W{>8GHnf^B?!ol>n8{{A7MyCHJtoKW6 zBH~=^KRFS%In~W-a0q|e^~ei4j0T9+LqJWC@9Zxh3x(P#iwUHj7chA6=w7@^m6c}; z`#6$pc5xq_ujI`4^x!`upc=1wYyZ@fa^tYBKJlxs?^iH2H38fmHSB){_P|qTU2}1N zKNqvP1GCy1e+=^8d&hJWJKRg zt}Pp6IG4+%@%ma59Pfjz!mKYrn`54E3BS!WAH-&{nKsr~YTuMz&WyLGc!O)5Owp(O z8XeE+sWYtvZ}H+a3IxqQKsI;BzHhLby#rb047fsM~VHMr%EYeyfNjc&KdVAr8-3jK|XpOveH z12)*ELjis-UoHD}a~kznr8Rjx@ubdX<_6CSMipUWW&^bgIMuPP6P8xl0l!fcut#A> zR{%q{6)L};lN|sZnSMTF*=7)_n!_Dp!GDNASO?nR14yCUcLF@mXo?ljv2(aGf!YRn z#)TI`#}9iPqm`D6!312$FY%Ct1Fko+XFcFa-L33RIN#9m zOEoU_A+~t4JRiN)_EW&+g(^#NTP3up;|lAcu-Mu_jt zwC#o@+$xpbRJ;$!@IuWhjHKDGR8h#w^e~X*3vo&ChbIf!HtO^uW}h^Pqu<7;ze5yp z(GK=NO2At=LY)>dcq+uA9BF8JCo#{5%fEM|IZ~9a5MDEORyI?64_7(wg(@S0n3W|Z z60ti)Z#9={&u!zjkASID+Ka&rq!{_vnLx?5ED~9UDS>dVyCG`nw?q8$JgC$s&>xYV z992hYQd(VuoCXfHEnl1kIcRd=3=3%0Kh#WgwdS4 zaw23579fu%%9l0^83dBh@gTnicsOZdfsYD`N`wwJwH;5RN_R?FR09v4Q9la3BvBwxA&l5I>~kO`}i2J zVQ+-Q%@Mfsy(so@@R?B4>Sk7<EC<+ts#!Rx^L6> z`2do{MeL}n@tZ3-zZd&lR`}#$xv#ugeEsMXY7^MqIrItowa-ZGDJs*0XtObWnRjQm zU7y;%Lhrg6XeUhXql+iH4FE|3_4@AS{-t(mYhYePMBfh0cF;Yiw0=)t6UCOn%UpkB z_f))k`>Tu3J*X<|U$OgdwVaWe{eRbFIGFx+ko*(7|Er8&#@Ct*2h7NqWseX2y6Vpi zFGAeNL0#)#Wqeky{=76ZdanEr+w3eO_wTmvxA8zJa`Oi@O z>uMNwTA+CKs3%saH3Zt$D_ZfOUo()y_X;d{HZ1^`@Gl8?3biqrar7J>pcj6Z@j3~v znK+$1IJjMy`o{OdbkBg=gRUm7E=OKA`(baBi1VJ|c+a<|_s2&MUwgbH(H1f(VyYyG zaCr6VeB8?)pOrrsDGGsRKot!d$OG&Qy@;W1Itjqn4#f2Njl@Pu83Eb|ZkbLT}U&euX zp*%XN^DL$%lChkiZjb#z*^QBjB$MAPAW9~9(V55&E2TA&Y0agaS`vqU$047NkD;v1 zR#pOv4%x)3OfU4W(;(%DHfw8Y=f18IQZ91YPa&f~3;qVn2fQwJzHdn^nX;A4z$zNF z9S>kdD?C7sAKIGG8~u!t9@`pucr&*W+WvO}>EdC;Df`es5}t-F4}SU**0}dY;!@*yZpoecA8t8%{|s3!POHw_80Smpl|N4Zsb=J~?$!HqYpd^TxeM)t_9x$z z!DC$|E0eZ7v-VkuOcyJoHkESUIba%XG0vORC0;u1(ARTa^5UnjDkW*Jk~gB8vUSYb z+-)*xM_{K#tI^qq;PSc4F?y~nLZ!?4-?d`S?}$||dly7Q;opd07i(OIc!KVr5j-Rj zDcA}whhAPT^V*5AM|>B56M5pv{#Jm!adP=$J3E=|2Hf?d4HT|rKzxSM?d#o5!_NRU z4#AjxjUnP&-g)uvi z$rMnrxRo(OJK!%k@>~bMFf=%7@b#^{uge~d$^Mm-uU#h9F4lL0H8npC-!Fo_=QP!tQVVTmJaq6A#;MN&_n77 zQws%7rqz9fOF)}yFVv%0)V9@Se?V#KUO@#;))J5h@0OG=Pm$J@P}BZ9lm@^iaX85- z8B~iT?yurx+eksU@E!0CqOL-hZie#~GIOt4+!J&y38%i)?de|Yn6IrW#^WT_^sGXt z?@5oBgt!D4LLPo)`Qvt0vkkzbXbtVodN+`g1iy+XZmCx3EqFM>c-Ql~Q!DaVxtWx0+Q$ z@@0Rgpb#}4z&MB9d);n%Yu6z^e7+*nL@yrP90#s9%F%i_s-10S^+63zEruEvDHm^` zGmXO<>YQ^)j?%*po8FaSmC{2PYA7==$X9p~%w2c4PIr?bumNyp5%v;S2l4*WQmjI7 zpay{B7!i`&`4CYF?5)rGre^dxE4BtJX@VP84w(dtrz#P+@U0??s!$y__}n--im{uP zCB{1B=AGf;RcBucB`B^X6%0U!`?ndu53}Mhu+_N*%hB(eH%9%c!TU^M61_{;QLqU# zR*SWqn_QTlhg6vInJLOI}-b zcEMj?NKd)A6IyzHh}^UG!-@A#7iRxXpF&qOOa48F+S(wi&8jMJB~+urV?(h%e_dQt zdE6Of)({pGh`xinQyeWp=K<^%PP)TNXW6{7_%kqdDeZVWqfeSTzPeQ&Ko3jY?59vrR`Wv9yP(b=LokL)^!`)m!dQ)*%E$AQ8={R@z_+28N z;BJ)F+q;7k{8_-Y4vNe>!9H4teGlDk(B#ocQpzE*m}6cp)FZ{3Pwim$1`~usGxq3$cO)9R<282u|I|`~8qQ zxc}|Tn06bb{d)xzC+1ErUbTnaE&e(}LL=iVnHd?B8yIwVJsnp^bL=9=-Y9#F^D(OL zz3T=JEX^{;X=k`&1_&G*sdc_fe0dCyUtH&YR2^BvJkuovA}=3OFZTMAey-U z1QlP|-Q3{gdtlip`movaYLsqAqBq)1!{`HWV7dLg$PWJ-=6gQYrZKGuT@vRG|L5*k zss185U_#{9?UlpI^go|4G?m-%J{`r^=bQgy;-|aFF~}!SEvi3y z*3gf0N`UUVKNw{+8;p%Kg$hBK_-@C~htUS%JuPhe=NY2$yR zZGXYuf2?VY|2qi9!Th%+;vck)`M*lhef3~|9k%{BeE)OU0{wH?ay+r|2jE5NcGk`d z1=^JU?IS7G@P&}f%ws0Zm@qpxp(F{hC@&A_bVPs01FSg~e2ZnFwe}jAiuRHq0~pjp`YME`gw9;5N33C-A!=|ZCB*tI%MwK8EwT+%cUj~p3V=kx*GvGu zx*(@62@;JcwpY1}u6pu)$uFaJ1gtI+0#v-abb(Emnyx%RW2hoBCquP}n~j!2DyAyX zxQbN!l+H_f9PB6ihMEp;2&~=E?N@D*aG^(Y$W{*O)l{Z#do%xoHpZmY zHT=s)z(8u{3iv=q%fu zl2q2|i{YK_mmFYXlejNcb3vl+UW5{~(lB7M0*TRW$}EutlsXAs`0e!QkC(u zV}GHEXH}w|ObUR~c<=U9TFZpYq{{UQxAE}vw+&2Yj{w8%sB*)Nnh4lIsv;e8H^b3W z;{(o!o%q~ov&u|`i1cjM>J)^btXqD9$w2(fqaPI9KgCp7F%>R3a>N#{n+InEdNy82 zLQ;e0f~`l(yl(E}SL4*^4TRTJA+y-)2v_4YjfCe5YMhUrD4Ha$2R4~#=US!)9^=j9 z+1U2MT957PHj$=|OZ2wlJm?~MT(_DIx$yq(;Hz(rXCBpp%(zw?xom7snT zqo|Juz$9izQ4a2*PMl)K&s!hpus%`JQ3q#FrUN)opt?co31kq`FyMOY@_-(tI9o-s z9I<}`&_C4SiBJ$Kg+Yn4)CU8J1l1MtdRKuo$)4F_n=`8K807sld=~MM1ce=jdtf`z zj_HD#ce-Cs-gdqHY({4=v#*0aN62Q5uOG=S1I@YFJJl1JqKuwE zA!<-Kml3d|i$l*}0C5u^nc^q4dl4|OcSbD(-DDmz87moZ16aX{CWR9K=e{=(oQTB} zT&6fLdcez>eeR~UfL93fTSs9m#rs4quM5o1j2WicZVxK>yi+l2%IC7jeOv&TdMSWcZpPF^T8# zItfcuq%Ql^eAlIXb?{4u*YJMpczy{ztG!oI-Tu_Dj`^R^6D?cb z8Y#WS1oL4L4Dup1})I1oyrbV4CfPbiW4r(Y$EwExa;hPWd zXVVHkx_$`5_aC)F;j?q3u$Hp~O?@R#QF2;fuZImq1XNa;vcxMbVKJqxtKv#ja$6fMc5GMzmBQ>{+mQ^G+3A3UH!>_(N z`a%&`C9A|9srA4o1;Hj&lGfD>_7N-<6o|V}#MK?v%Www-(Xe|^hr~(z;R*}t%o0~F*AUgPG7 zB?yWEre{&U#d+xB&eZTiqj4k~yT^vqVC5N_(!s7s21htYY@+OUGW=jMgC=}|ea)AP z@0bvTif*ROxq@XZldZ6){5JB0p4)ijBvTY!45 zpfiaUwyWQwmsuJ{9^x3`2 zIgJAfl$3SOhxwxNFEWOPA1LkbnwSb3Qb)`L+Qy1>dNAgAz-KKt>zH5WLQY?3;QpqO zSd+_1f2UFcyiIA72{d8be7>c&s3lhge0L5}?+{U01^ho3&aRdwVH5~H7;vLnx$gv# z&X`%TgZ?xt-yOZc;XvM);Rb^b`f8t)1m_T5X-10&#!mOu5>5hM2Y(Yu)OlC!EY=;6&-l#$*a}5R2%lqUqDnS2kQ- ztqzpVe!!N!B-r#)EP{&F6dln^IlD@kT8};EHk3Ez&Z;nJbqgy)wy-l)8Y;$asSv%D zLM8)xU6dp!p3%vY4$4cEIqA+FlM|?{!N*-5pGgqP86HU0d}y8~u60NAS!g5Op?hb% zu(xkozZN-@CDopSlRejH2zy8Wn^Yz`SXH5gdB>4`EPf^KS(&se;2cxsQDt{|1-;1 z^cNZ%H=Nk|eGT$$J^(r?8kjNn>L)ZaRR98H|K3RI|fc{C@Jv@JvSqP#FxcYvm4U|yktE~?&>|m8ynm$8S z+%$iWu7qU?Ywj=k<3lhW>V|y~kacBA!%|($ljrq27VaqmyOdQ1zeMj?(hY3hVkezE zI6)i3(8Bh|cTJ=uF5I0lj|x%zMo`E*J?NN#ys#b-{xwLPDy=spdZ>AB)#+mH_pLDH zhrPf?BkZhx^g<|IFTSs)H&+c`tp6ERssJk}pf#u(6EG2g2~-(Y#e0jICs<6DoJM2+?sG%_juQ9RR;B>A-)8Iw%D%LQIl;RMw~B`ySYrN8 zaWmAdc0IXj*YyRHIq?8O(a@q zZm1*pq!jnOO zZgss<3Q%!n^c;ncTF$%V9C&XsMqoCN9x%2!TUo0n-F)EIuoqX$*(`=ED4gcoJtQ0s z`HY_8swmZ4Up9*vTE?&{1Y78E?f7;;WLn#HMJ6HNSaik77@0zcNyuC{xtG#r0(pO~ zAvN9dSiK3((S2xEX<6z6(g)GdORSz2=Ksw4?8y_75>sMSod@UR-1pRP z3;Pvv;FjUe>yS?5fOv3G{n*_OaJ-`rllNUyFG?m#r~rxZ$5`y%ml!gQyY=Z%OfdM1 zV?i_jr6b2-PX8sMD6&sq94}!w_Llt(;?ht~z8eUV9e}q=Kc-OC@Wx4 z4EA=I*!7~XhonkwCBDkkNJeyT-)DUUQDpYC1jjSc7>E0>U z`k9$yPQ-|F<0s6^A?VR zSAGE&t7e2*YeIh3EvIhjSmGLAfjS*&Jt39L(b>zZJl6N+p(>!JhVn!!*tB=N zf2VQ$5eO8QI??yh=O{C)5$E=voylo5l-l67UC%q!t$*l{=~;IVUuADrCgO@b>&`b1 z=t>VmSNRliGW$1nOLXbVixhv)!k*lPg0A9@VtbaCG}Sf2J+)7TKNR1E@}!d7g`ZS^+(`vkV;sQTBi$X@{bACCg-Kd_qRU$T5G z|5cXnOHw9gM;N*KMDd1mE1>G`$VYs3AGI+g2#wQb^Tz?|O#OH*rz*#9c{Q9~NxxsA zaa;39KC4aeDYmIZr|_xjL5=w2?CV$8@cP~H`Xwpns#HW=eN|J`R!S)bb2lmz-Jd77n^#xavyrbVAEZ{9|1(RX!S%~&HI|OL3vB}W%==+T9bfl2K!qMs`T^RQ^8>7sMBWblr4c5VNxliCpv5R z_n56TxrCdxzZT@*nj*+W8kJ?a8q7kn0~!-!KDB`@P_iL2R~?}PS$L#yidKj$GFIF{-=7Uq?C1>IK{G>l5;Sa+r}7>FXxLFrE;@b(eY zbM0lZ@lDI;>X7T|4}-CLqQ~4nCK>R2r0X=a)c@Zq6N_AYaW>reMu4 z^OO%s`jeAdfi|)2KhJ9S*Ruxe&%~nF=~Pm|{~)c$q0SZj1*j2I{Nl%c_B$5()kh9H z_qbHPCXtR#-ZNLH7kGI#ifk?SDWIqKHXz2__8Lr=@92cj`YapWNg;kHzRk&goSpU! zh^WyxK9vu~F)qTU>j%mZqghwmrh7I~_d{oR*|6OsO%4?M zvnuuqkE1R|%oTzb5n~eXo82cVcG@h?%kZ+5YKzZ?S7J0XdQBefAuIdW`nKjUj!mfS z<{6#0`h}1?po`?=P|v*B3t;qB6IlB7qo}^g(+h3-!L|rO)cB|C90{^Z-64C8IJ$w@0CO48 zPMi*>34Bi-)(K?RqlUc!!dOm#(`0)Xk7!Fe;*s4mTp*GTaYfezna@LAr5o3d+>5++ zzcXxDlgWWkx9Rr0^)x$P?D~$y#hd6%RF4mZ%B8%lD6DkrHP;EZ<|MxeNkH466WIu> zJPyEht-Zew=4T)kg?;1_#Qu2uvs&n6VBweGL?kh6UjduE3p{i~m+oeY%xM*`Lx3un zw9k8&l1S`l*|MXa zMWWqu-u?jRCrq$uTSKkuzft5J+f^L|bKjUp z3;Zq#Qq*u(f;G6fUwCST+hcbM){7!^lsCfn*5lTRasnqy8SDmRTc;Gk zzyC&vm&@LAoA97YfGyZhqgXa7pq?5aGu00%$S-3X0Nf)RvH_N^XPZ)T;J3~tQRz`f zffO1YtN6kBa}WqQutZL(Pl}FtE7QVh3Ig~DoTO!rX9?N}pWNt2e4>GMIR-d|#y3is zvMOF>?@G?o}Q*@Vw z)F$MUl9baclfTA8dfx$C#~ArWgvDV2v=QbY+*aIl?WcKf8Ai@6Xe_w~1q=5K_s75A z{}@m|Ff{gn-uB!x)X4cUAXbi+DDAcav$H!;Aa~8sj-vne{-%GTp7o351B<0teG};e zO92!<+RvwXB;dQAbnnF=(_1ttkWO|$Uvl#PiiY}n!?Rc2C90-+<`&Zv%~G)p4=-T~ zRyD3Vd_&Xn%ck9Oyn{2?x+N$rTCK@CYpVsPpACGZ$GkN+c3%rt`F)ADkv6Qt%oN0m z+M@F|dmXo-c7ZZNTZ2LuWJ@&uTWX>>HXVxoP=QWlQ`eQQU1 zi#*RaJYR=pE@AMF#-IBe^>%kx+#^E&Jd|DcIpDptf!$jedNry8V zs6Q?BNPRtB#{axqbZ5JCPjtKP~Pv)Zko9u#$+t6$%<6Y#^WM^;I=6DJM)qN>Rs!VjKSQ`Y)k*Uu)j zW^;jc-k_HC`D=ZCn||n1sh-#Vu4)NYEiNku|Kxpd{&cQg7Et&7tw@axrA&=qu_ho; zg&G3n^fuiU)SyP!hNW`dZ29~RTc#TJA&=Tpn03d}6ex)&tGpU^RK0#`d1gkVJ^~B? zGZNZuMPr<}KgO=L9#J)Lx4q4SV^q41l_O_;!poEGo%G%P+2&8{BbN3TcPru2{111V znrh?9alnGY?I^w+5?a{cU;E;2oqDDqqt`k;L#x3+$bNdNAA6?2D8>;%*hQZH>Qd#V zb_go@*W@#EJ1aDO1x?tl0iaxKHMY`FUFPyU#>oOquG-wNL0+VZVclf`m|M9k{E`04 z*onppar!+oU%bqz9;#0oo2CLhcawKYg#FL}c@7Vgt(G~L&`(K6OzjBBNl%E`h58XO zK?4!}q5rF6LBXnHVWyvF@C%7BllP6>{<%Q1w025-JE)ChAnnxh$j zYvxFXL`>3U^!GAeu3YmScnm7nsWSdtw`Z<)OalDCMLhkP9@T16Dz-(CH6rqchTK@f zV{QCMN@0o82njc2o1nX7IZ`>~ji8>YD*F?pBO?n6lQ7RjbwG`^3y4}!S&Vpr`Zr4x zdoV|7A3!q$F-y2Y@K&j9`GndhCE!gX5UsXcXJd8%xmH^L=|Q z3E``w{2(e<`pGE^5^>3{^0f2@8os%>Le6$K(wev|7SiGcqqOyAXz@<~@9#-IDy*FV zhfG2qKzJ?5V{OOZ4h*Z&3>5b;zas(hHAp{(48b3GhO{H0UT~l@Qj|5_|hYzWs;uKZfwhj z`|P)aW~fOWZ)nbR@YyfPPqwm6HO%I@JXe3|A%BN`g>&%58cj z;xD~j;PEL8D89LtR2NjH)SgT)+h}c4k;~~y^ zsO1!o{9ttwFH+HF2L(@!l7s~YfKhzvJFafK*Clnj4{So6I=lQSI~Wu!WJ}C5tzEnU z9}ZEue)#b;TnXKutidgb@R+WivNs_LvXGDwdyzpwV%z;L(QzyE2uSSR{1!Ae~1$ojf}p8VW3&`?H)(y zDMsPM*dO!D`1ObKV*7t@%3+ytNT>y@SM2_LY5K%pU~;kgSBU>xGW{x!{0GTo{g*%& z>wgvK`f{OuDXIT)p^mD2NvQ-7_IiIHzAjYM&IWyD;OqOj&qqSS1xNfZj>J#X6WK{FM6(TWzTVA!Rw22{Th8%UOw8h<8SqcH#s!{ z@!wuILZQXC{b0waAR_b(G=eR^7q}Mm(hPXQ47$yqjZu?QBQEoZv4qw8-131Ic(QM` zzz+(YCOyo}Yn;N#{5a5acP!>La}e3yos+?4O%=M(^e^Qb;MM|nn{9OLMnY-_a^LvT z)<5><h-sch$)a=7Z zjx<-`rr{Wl9z54DsHyE-nIH;(m(|TosjihuZrXS&n%qEZ0bXT6r0FOz18TtP!G%LK zj7?oFqJO4$@ZFs_=%P11n%_59b|(EFD0d3SJvng?0=jSOL$( zJy{e#9wDMo{8H1TmSjcM1$n14qNbjaGUBf@9%Q62J=;YL3e6Cih@F@k(5YBzf5u^c z!MPzR)}x^K$hk?-%B{HYuFmj6tcOsK|AXW{h+RMk9qqZ!kNT3dYxXeLhNjW|U_186 zy-Vc6@krMDVDMp4!szf+^?>XFGOo^aG-RFh#DrF3nb0&4Mg!pwa{~hP$S!)FpAA{7 zoQt<%KB)<0IENrOXU<)*bh2CoGP7E_eiTj0qTF8m1@^jv{5}bGmtDK61jxONzP=k#}kzp4KCq3rJ!L+6$ z0H&-%J-}kpm?j9^EuM-K^m4-{2+#)sQTho0RHd4(@&p26UVjoL4*+5=G7GE^4U#m> z^ICEyz$^@;+Hlcr)Th=32dt37@$L^uj#20R^9j%NV!G=|fCirk%)}%22@isFp*O^q z;psVE>+zA%((1sRHgONA#DA@YN$1WJjXBWb>wP(t%rd8eMNuoC=A?l&(Q>ULGr*Ps zqIu(#^B@ysXH^AE5Ph~WWkrCTt3j&4^d+X2-3+Z@l9 zp7D>hBzylGF8&2}|M~LG@DJ+C`nL_>AJmuize-kV{%_E=Pgyb21~A00>i-S89um=q zcOA;!a>;=Ko8zP>jDC5%B-Q@ps$R&IpVj@Qq-q;$d+q+pRXtW*oabh4y6>Y#qzL?a zX}uUp90SPxd@c^L8O>MgG_axoQfY2j2!JxJj!;-Y3s`ENBW&FWD0dc}LnCeaL5>rZ zT>;f$O`?KXdP`J5m{zdF2he@XniT-53GxV-AuipKCuZsk^fGxK2=9(*Drz@k>96Qu zSm*$0?Zf-Ki8F^?Kg58dqQL)$8AP}-!Hh=PgB%U8s&F#j(wRUBmMEFc*u9Z8DT9v_ z@D?;ay)R*a7fux5(IjHUsX+=;kLLx@A6@7M@I1<_3M{<9(_ zu|Eiq%5tm@WDx0$h+0r`c;NJ9v352xdzlDAP({z;)?DzZR&g3+IRqr-g{j6}!Xj?X zj7+kHwQnT19)MQnKor8POtnr;C*bcL$%Udd-#hrn_}aqatuv7+dve*bAV~8HA*R}6g{@!3xPOvLb$XJeX*N3W8yq3Ta%=EzuL zt_aM%k5A?)PMw0a`9MI`^o66AVMbxLMj^{*lPMyT@LfHqnJVM82!=8&84(AD{YlHA z&U!3&vIbET?MXBhzBJZ@zTTNkqL$HZ^D3rOAf-maeLh9%H244)nSguEYvJ%|#iOAT zPcjLZHt4!{7^3K;ht@~8IAz!m&AU)SwCc{CvSwSrDXVptpfCbCy)R@(RJkeOrc;h3 zuqEu~0uAv6TGWI*mXNy+a;3A)Wc~Y9QW2Zb2zaI7VQ0)pc%aaIeo6N|Si25XrhU0V z$E*^!BQLEqfUG5ZTwpOa3SctRl% zg~A@KaL$d{le%m)a40A0O~vZ1pr!ESkV3lpViJ(y%#1`f@^M-E{Myn91(uS|dv5C2 zdiJ7Yg8}zmqd_3{GmA=*f_8PpT@)Z%*#`)e8@w6SA8Vpr9i&xQQe%5LgY_(y7DUS_ z7=y&b*lEws2Vly#zpJB zzwK>LgQs(D@eKX0#=AMWsG}!^9cErKEF`3mqLYh_z84>QgF{E!X`p>!9EYgpodhoS zmSD?mWV)a%F3Bx^OPQ~lkWcye({MXd(0*<=Ag;b~4wnlSr72esnyPUjj@iYancgIS z@uifP?=d6`s)6eIq4cLa@!lQ`_m*Pk@9YtV;=T}jNyB9KP4j8KYs#PFhe2gXO&QQU z3H3WN)Yf1qK6;5ix$j9nomWY4%gn#Mi9vU@-PHI1LsB(pKv$;~0cMS{0xb&w0BFmD z>G%MDZ$xd~a`S@DBBvfXVZ5lD*A`@mSUbN!K1n{~|J4Ks`LELYp8+O4!@tom%>VK9 z|1GWmtKieWHfRYH7bkv$J)ijxKc;%KG_ z-No;FHj8%g-5EYr%iYcVoWJNsd@EE^c7HdlU#s#D)!?1BepkLamqLe`{!A6} zE9-!iYx5OqbPS8FtSOtK!ObkmOf3Xo`WAI;M!vcOq`5H4_*J1Un)ZmbZy^)~)ywPQ z&eoUojI-9A7Q(Jb@tiP2+nL~53yC<>j-#XjN++VUory_3C!Cm!8jU{28VmE8d>OiU znyxAX37e%KdhIvDuXta2s&!r}=>&gw?CJ`@J*?wy49EfJy9Q3`ZH!15_!vd07?+SWeEe}yaMF)v03ZYG)2vXg{xN<;{wY!wc5&qLi zcMZ}90z_7FAZ#BYE-^Pxl*Y}KJ(S>~xL%M_MLIi<_2En@Ei+eS7MlW}uzblv=EZ9Q zY3FA^2MHQF?H7h(T~`nv5OAXJFxzJo(b_@-EPPjMN0k#;&}3SgY%#_^1vxkVE=v8g zPgN54%xZRTQps`%c4O}lfR?Xw_9uK#!%;v&T?}~C`>eEx_!0sEN>FTSm;IovXT9H& zmx$S#Z){8^U=Xdj(R5$W$g7DHCL(L6VJHt!DtahZ9z1y;Wo}sw1fR7 z?Hs4rbayIUfkRB87|-7MlQc%=wflHnN}K)I{%%~pfb8m1l_)cQxp>g4dS?QwORU}ezhsz58|$8z1HU(%(Xi#d9Sy+ zsBrHW-gV%Jx#T1S7ry8!^DTW;LwKO5kBnbftYt zIV8VnkPPQdsBvIiV?*{@;XwZ$-^wB3(~e+(R4``~7Q8duM|!C6TF1r)WaQ!Xi-%3D z)^Tjzvw#yB91k3-YV|>LRF*(G^c`m-S$_OZib z-KfhN`1bRsRL-E5^j1y-O3-s5hu2xlv#qP?h%`Fbrh_<@pbWv*HHX5>M^!Kb>OPU57Q*CX6y&C7|8tD!)PrmkIr zAg!hCCO5woR}}cJyUcKKa>u!^!F_#d0N&8CzGxnfP0qxH<=l}&y-T2-ReMhVu^)eD zgw^FMUEs{`tFEUGcr|Jx$8Vm05Bzl)58r&Zs&@3d{c1`)=KiCPJmTehJdbYZJ0_lS z@4u?ze}<~`48Q+nle7GnRDtYz)&su-TDvI$Qz#;xzCjSvd9zQ&&%OAf-@(0zX z;bJv2c^#9f2Ow)8N%VGC$g>{f5pbTnbt3UIYpwDcJfFDf$n`Dznl@E_I-1$KtB;Hb z@z^~$YB?W4*9P={KS;&W4rDGffp2n{!m~8SR;(n(-Q8?`6vut#NE%M0`e zbE^KchRuGDp01At(F7$uxuXrtGNl;ml5X@N1deM~F>x_!uEYiKkl_TScS;JoRBBY; zFey4961X~3f-8IU)NuAW+gw{4GRWfl_~{6|(WB$D&aLZ`JFMq2$2){{+;y=runJJP zGC=bgn3gA&aw@4;w8ruly=qWYlkXrGxBv84JI_Xyliu#EQ?~pH+}WUZln~(;b7T4> zg%@&+QHz+t%%L<$ptl1s2qT1m6qyX<5K{3fGf+cdX|NJwAV~~52ZX;ona{(~Y@V&@ zuZR;qzfz>HF*6oi_i!FqBchWDSJe0ip^I!(BRVFAZZ}Q?aO=U60){3e#?pEb$n*f^ ztfPHm^?kKQltsz$g&>ky`*{?H@_>@3-7+|wz$B_V*(|vkFE)gG&pnljTP}Zk@qyZNaZarlv2@W?8?d~+F&LoH$vp#H$BnFvS!Ml>*!tY{BI^`E z$(WL@)cB_6cvvd!3wtGU`0H`A7K@7=NdxQQ(MawZdWUzo&l%F(dXE@8_JRSQdo0hQb66;@jlU}Tq>qXTrS zfK4^5^`LE>W;NRARckqBo3OqdMZ-;5eJLoVWi(}Y9Z7N%22@)caB`C#^pSh@ctNA# zPOCG|3~1T-^9^D34Q(}PiuAdl#)??wUE=38rTI`5FS4-ObE}0pW{FT!QV=$8B}%~usgG#Vr*%%GxA3#fr@go zAGXT6X8ySxOC)@gW}(Zv>~l7Dd%Ty9J#jfrBVuiG=VKP~49t_e|6z3IJ70pU8iBjU zMFOE_0#~%$<)`bt=mmB!?l!8SrT}`wO;ODw$X?AxtE|V#O|%fYZMu` z>#E7zV~Uc$Y&RD>#B(I56F+7Qu`q@AHE@%d7aRm^lF|AGrN^dpRwc&6DCsKs^PaMc zmB`#fxLlOq&|J$3fySc(3RE_H9>Ni>@21EoU%0ouLTE$HS?kKt#xCtNudev=1)U*) z?7M0k6mBsCL18l8W6CaB)H5wU{^0UXo=)Ds}avv4MUBh|;TJo**r4sgq z`*ROiiNB-T^QH8ecvEpcqFed=2Pz`tM;iBH&riB){HA}Z%lOgj08v+F$n_sULEFJvTvKzy#KuKgAFMOC$5`$- z=YR0YqPBz_a7%@F^!!gq%Y(bBJ6hkduO|ozTb;-=ZAw3^mli%tnit{pr^WuXz{Cv) zS<>}4@GtPTNJ6iOK0(}ko1_y<0lkm8W*D-q7m6G~DO?{jrfiGTepdz?TYs352_4w| z=Vlu0F$4vdQPXfL^*!vA=$d)`Rtqt7`fy8~T<4;uy_@HbG2H7~Oh;Nu^##e3NMg|% zSu0)`^9>^x@@MNp+ixN=Ho|rWw6ZhkTe$FhGNEIw{ATYsgQ3f+>(Xp^i1M_jf|afo6yEd6Wg*JfwF!!rmvQH1At>D0=!y?&hnrhH0A^Vd3!iYrGIH|5#TD>7GPD^(Mp5kF-+LrZ8JLAi62&oEOstW9~TGcGz@ zP0J*NHsV~&0{KMn1UVYP<+b9hkN4p|V5A`q)~<9w5zcLwo=~U#peUb*1`yZf~1YfIW$Ygr`A2bnGyRLr!SWwJ{9jL0 zmj7Ma=l=q(^WY*Q$pHfZ=&l59fSKY1<22C-LIKhxeR!MVlBg}}wp?1a;J|K)xI#cz>8by*IzJplPaqq;kZ<(&TgF zPM)=cI<%csb@E5s8aD>%QbNW4ws#W_1(@Ua7&P#T2nekRu8_~^HUy!aYA&=pY)9w% zpdWh8r+=N}3$jIPIpBML2v_yqj2TIYM+h(i_cqa*gVMG$`pd?9PYy_A56;+iS!C|9 z9V5$_**M;n6j%hhneIn&V3{})<{3X}}rZKY{1|3Q5z?91sCj>2Ql9S1nK z8uTHe2=(L@L^23*g_W9nfDuj;y&bWT7bdnQYJwipJaQAlt|X%lq$ry)KS?S0V7(MV zWY@V#WiQY*KLHj`o7SDO2L~^w9A|%;ibS-a-9!SSWr&cMkqS+>4HTMQ{}Kh{ZZg8Y zM=SSdbj1ZDrY*5WKtR3Lit897yq+#E|n?3Jt!<~xO(GLb4+<0bAFeH=3?c? zaj#iMM8RM|A*CD>KADOjr@CQv_DPrLN}E?Ruin-s#CMQUY1||$c_#cnx+8B2QSPW5 z^~gY|{Hv&{L{fmm=G-T!G17=%I$N2Y6Hi<^yM{sC9f;X^mm%Gqi&k%PVs{5WA$T2QNzxZyuz7w_#IAIxs?38wH#D|vMPR0%fXQ3GQQnerFr0(z>`p=Y0c>E38dbVS1Qvno#H%2 zWmi*kDmV{jr@e;c%75I{m1U7mm>QbLuQ?rSWDXGHHmiILz1VS(mqfb&NJ|(L)DYP} zIsG)|;U*xXv`w_rCNUFiSkbB9J>^e1FNxvA(ba#CC!~@j7&3)G-DCnBfoh2JkUuR< zY3>RglbzpM(x@t@)!kaudQei+6w0mcL6@qornF`r&V9ctrVBa@>doBjW#!F0%vIQp z1*^KSvd}UmZd!iLE`DxB$fd5xnYvwG;gY|*22pQ4)n9`5sDPyOnGB-5LfrLi%^GCN zY6HJjR1AEl2%_Za2n)ECO^|m`vfW{9JQ;08q<+7O{ybmS%$W;T(INlr)&L<96Cr(81%XvY%N*<=5@kk40n02H^85{zwP~H*!X(&0M;m`IK%Ud&ThQ{GP6ao441lkuHYp8X~{+&qRn_riC`T!7f? z#c4!{oFi%sSmV@_o{E{&4{*rV&?WlmDWO43avpr;?ukq#YZN*t;i)0%w`tw&HuiK% z!XuMKvz>*hBZKZjU>jZg66-=Rc3(x|;->>ym;HpDB6|@yPmaI5IqB!&);R5a9YtzV z7eKk!?jvjFYYDtF0GyKjV|u6bMtXGd%#%C)4y}nd^$py&!B4+OAkVw~l@Qup{SCau zSN8N@50w85H|d$_|9yr1kNf_w1BLZ}6IeRZkhJ}&RR4#Y%103jFAoF*n1YP&p-I38 zFKp}mgAVwgbxuzBgaR6cl;v%kPJRH<6f=k8Oz<8|3GRXGol;*HsBeu~&Yg>`lbu|j zFZ~zS)=HP$Z!fH!9FJf@?%9(K+YWqL6L7bu5jsyc7}(1twpH#%U?)%GGvvkHmkQkV zu3-L)u6aSjH{?kjSEluS2j#q9MuPRJQVE@ON7rxO@9) z)vSKCqgUv${LWEC)x0tHGL^^0G4N=cP>~7SC{=D={=R%^gGXw>IHO@WZf;@g!09)P zW!BA;wkJX^Ru6#p*Qcw}(v_A{SrWaCn&{qj+<;3A4HWoi50omttNcvedDOEPhS>z* z3ng_(DP3(Snt*Z43|l4e`QEx3ZG`>9o77`0suo9eLjhm zV5x);)8H~+`5%C!CpVDUJTZLGZEVwx1L=`LviGuIxI7w4y=^C70{**wMrjGF&umUe zzDVJ}+Sxe5$q~^(j@*o;vJ2%L_tcMPQb_$+T6txuT-6`Y-#Nzf%2XOHGY;8W{o;jA z!a;axE3Ky-HDy@4?o>$Fg*i3qpn{Kom!IG~HY1Bq_C2 zTt`yl&}oYWnQrS*6kua(pEF@(+qFw^H53KJJL56~&pZP$Pv?)hMQr~-0Q-n2+5&^6y>N47(JBz$$iuwgn3sF>7~eEu@b_y1;)4p83GY7 zp+*u>Id?CW5RvrMjiWn*t*Uc_DmbXGj&*?Ac`+!}DkT;V2GTDXlmxz+^Nf5R?bTum zwlHnGzOaJ{q88TZjglHMAzd~5D}-PZP`y7w*eP^vF>1SuShIlGsp&S@8X%gK+MX;b z7IFUh^^GL;|ZLAV!C3@<>N^V%2aMR5j{2jvhz<%K~RToeeIu zr}sR1cjz(43XQd`o_G{#tZKv3%kE_kQuleV115x)?Fkdb*~@l+7KL}IE06w7KC?W{2AqFd$FLnqCeV4xTV?0q_KVF)D@@hI4b=w2oi zoy1enj8S}5wE}B>Jhs>$?&FoI(;4s|Axp1n$FFG(_4=jw#KUWpq2EEV!C`su$YOWA zCASFS20l%sj(Gge<6;4hEg_fs1iIiFGZSU5OP^4gMNX?F}SPf*@iF9-q3??YA~_@xu`@H>S(_!1aViM=ZU+rlQENGdi7o&SxA>ngi^^ zL@@~WLf2NC>o{!fYh0gA1~K4~f1N0vi=i-E>9c%y=UW>scE-3-L)BwC`W;&3-~7S4 z(WsL^`yeNUC9yEC)BzD0_)r*e6}SBT{Fw&uC9 zY(UMVDv%)~GZ%ID!fIbVf!Od}mW?;$v`Lsv&z34Iofi9o?sgmW3JHh*)A+&xH^^z3Bb}nrRsvtDY>DXtWvdHt{fTL$IDoC18EE%K9 z+=rA<6qu8ByhZU?kGG-@TQuIvMe;$$SyaeW`dy$Vh_qAV(I@X;{$5yzr)>|1ng91$ zbt~!j$^8onCo}R!%pncU4t%~K@+A0M4bYkcdUaCuJ*g!~=K3Rpc-^3F{bRjVx96)O zeITeSytC(X$wa##zl92}A&APQ0m)-`u{LD_yY$DQ7K4V(*uYZf>W4$%$L98VXP??D zW@7(lNaOOF`(ipG>z)1S$YUK)zp^dWFacEQ`q|&U@f($PK1WETf-S7Yg74?=uCR**BuBJ0KLvA-6{cbZ1kiSq`gpv+n8=wyH(UW~+TN z<1vzSTL!%$*bE1Eo^*09hABncq+Yv1lwU^b!nYy4g4UNO0q#u?hPct2WZpCOlSUbx zRUhQ}6DYI!M|MjpC}c=T|85xXd*cVZE2#Z{bwvL;^8a~mva|i`xykxpB66(%n~2{+A#AceeBzdjvI#KKu9#=G z*C;Bvt-iPaHYxwup*G&VS1Y=#ygn_TjMWuaD?6+ssnT-xmEiAQZ^j>=>b8VFA6KP# zlYatr(g`0cu=6fZhe5Xrv0Z9H7yP=e_am@vx!~`9?h2kk{3G0Tc99@l*D{ zx!LxO)6lgiR$48r`f$QQ#nB)QYAx+3i}YxdIpUS%2~M5=R`_2}mxXX# zYHPA81WV_^V*fr!q6?$h(FIui<;Vp~iy4p{^Xsn|!P?B`9_d|OzwEjm^?GvyVlY)H zs=`>N7}g!(@~W_RLAvOGv7zOBA}ZSqeNfmdjHm#pGnjRM@1|8$QD@r<1_%`$nPJe< ztR@TSueb0m{?+(CdCiERMsZ^I%c{zVVjQE*NtP04#-?E&$+mq$~6n_cr(@q&QS&(w}o5?@bzi@~C zOmY?l^}EJO2{;Qtl86?8yAZ^dHM;06IJrlkY%; zFVu5K*BtP{kJSySuiliJQ6*S(-PL1gDF?>6Itk;3L6M^E*Zl?s&Mdk?FO1Zx)d!(&2@bcfg+6lLrw?NT<>G2t6)PkYD2?HM z>`K}vJ7FPMHqj{uy^hU1UJjRjz=c9#33budO0S)Hc0eKx>PTR2N#3UP8*!S>cM@B% zO~vwol)7^iD>}Q%3avfXY;m-8?2FL}zgIm;TBSx?yv;KFtbt2hs?k`-Q#&!UeOxl@ zZ!o|j*?117B<97-JFVmtBAiPsZ2zx`fQfaziuOBstvoXcSE?t8h(0s5t9KGv4T;s} zfeIP#l)K{c4O3|X))=N`*5g}OT=NVZ{Ga34rl@Y%c=H;=yy!>=(|o;3MFi_HAlY1o zR6dK57^M!HTg2O&zD`OhzHE4mZL4cb_C^4<6ug^f$b3+shhkCUlg{OB{PuXzS z^I+F+|I0WgA9u@-=j6~(hM6L9dYz3*>@_qgY}lr`EZ_@D*x<~YZ#NMDb~9P%M_r}=o^4}np~OW<2!$N4e-670c`Zzj#P(;Z_bF3Eg@q#NB90V zsTYKXQ%i;ubN?)^U<-%12B5T~z5FAj;&6z6Ou-_DKPP{MSenCHu?}#fy*;)L=uAI(2phR7E{-Wx#S0ersJ_M?Xn8v3;%P zgZErz8x3hn&rG11@yN~BQ)GOgy{-Id&THGr_F~}SO57HK>eQ*CAX}_ zPIoU9;dM40Wo_@5%@?VdbSVaQFfoF}AU-D8AUh#iegeH;1gdiWd0Kb~sO-vm%6vnh z+MvR!Kzk76mQLEW-rhsXh}zm~+9=Lb%+u z6{R^HIXRkWG ives!y1omK!H;w|#IGN8L4O|JNm_!w-+F5u0C|Gr*z}(J*;%vi zs=Yx8*?|dt9<#7hXKJ|YgOLd@q9K;5vpFr_r6!I=ts$0j13i;wf4udkG~lHh+wr6{*}BfLNp`Fh)pSYGK2Sk=Dbt;`sK^wu6YlG6bFsk zo0c)F+6og(Br8wjZhUXZgo?{=+v~Mf8YolT@m4P4d|!7+H5v$K2-*{-d;D?t;<}aY z#r4J|X9V*E8Wk0CGRfy!m^znvihr7GWb8nK6*D}L=o`vtk1+ypKqlr_ML^a1B8Q)5 z4IJe{zwWQ0FC0^VK1<&_g+E8}$nJ80fEWI=wDX!PM9etGxmmagcX*ACa-)ZLts5}1@9qY;9f3bkDn|7d;w4Ms!TK5Qaz}rVbf@UxbkBJx%I}2Q zj#>?}`32RK4}9A5gR;my)jj2EKKOE@^}%V`SA4}LO2lCZq5h>gs(84vX=cOt!a!3P zcn14u{Z8MLu|pt(9v#^c1slPG9V zx)HA7l||p@l;`h>{!wirm2+T?RDdK~P-(9u9zdsG09AdOeskX;h`9nMdZ+;PGq;mKH4EN~2!3i~!}E<6o@dIBWlcnvfPSmzmzpD6=Q;aDf{#Sa6;d`W?`F2p=>83nt+)YEH;k{5zvc>=_IWm{w30cxOs@z|W8e zoRS^PS)~JwO&d^s9=_FsIwQcOfRpdsTBez_h3rO#R+g5pC)Cn+u)gtzCw1RCh#Xy#-`#U)ova9Jg2y!mRzRQ`;jIs;{K-=fw{DP^a$qjm!0iq_(3@fFSq9`H7sPk$$&HAQM9p1yj!koD zv1&Ms1+r7^jZIjV7?6rO?y*CdYo3y0^HVqm~ z%JC%fyA-0o&zYGtHZW|WnVaX;oL+CYtMIbnU>E4j&8%Pr6|auGH3p(hT5gZHoln_6 zc0A6@b39~at>9JjE4I7(1q=6Duk^pS8oK{a!=hRz>5C z{P~-}3Yi5pf#{{N&OKi&h6HP3r_F@t`l_2-*Fa(E@fRpz z%u%OCf-+aFWgne`*95zH%$=98coL zENQv1_m|A11=N8UYJ!L=msEwEQs`U`JBe=SGD4=jvwKP773 zao>*q&VPF||Cm&?+qHb-@*PsP8dCqPsVB!k4q`eiWJ}H8N z3kWiY)y)G#oQ@OB{$v`e{yF!4@gd0iS~+5;d?BS4U!vkJcHr>=usmI3d-QNQcl&;W zAjjAEkU61QQmPrm_2C-kA0^`<20QIKP<`iSDUV2uXb(|E5p^fgptIbulHj6%r)>r= z2zV-J2-vc40geLvPK?;xi@om51WZ{?b3j^puFpi=h<`S8_pUNOI_>0?d#5!p-RP8i z*49Z6mE_gy1j1FVP<66n^3onMjXN9B^*wQ>UjE>GQ0RP6A_WJpy^}Uj9Ap%pGdPbbf9{kw7D!m{IU9V}vJ*#53CLoqPoh1kFLA8!>k6?4yy%7yI}a?HKY zk#?t=NcKWF?smO-t#l!6F_9dxJ_7pdeO&yv>}QC#wnB|!v1k({jY0TSbV-_r()Hwe zIfwp1Xz{;3y!hJ_M!Yz$tEmDYNEyhH1JsuK)JFoWHw0J^C4dxG9KYD23i53>550wM zbak1}wSc35;RH>WvO@gp@|F8q?SNq_sQ1I!ZcT^DJ#y(Yx*hiVWmWsFMSt~xP(4cg znf}-_@vgy0VtAFZwKFnv8xHH_UFUTiJ@Q}gEn2p_?Up+&ho>f~9HZUKyUob!N_riYVQ~C-a(=8oJip@!*WxY(fb*Xm4A_ip`_;nI zz`d5As%9Nd#XvvaXxeP@6(`Qf=((p*Bv=V+JTO}meu^1$9)?#x(1$N2v_3`yUS6i2 zq+{ofoy920W}Pxyi2gY1+>)`xN{TuTn(}UC9V$}KoVEC;M6(N$hK>mVs85B}V9(=}*F^oFJb0qp^3d1x-WIQ8s)SI4EY>6!{Uk&Vom*mI+#4M==G zWDA>KSV7W@b1VI3h7Hb*ouoe2#ljFbia%I+Kh_Wk#KcSMCQq-NJCw1d-EPfiEr!TS zeEElyslniVNQdfFdQ%4Py7M#tLDXHK{qn1u#ixtH<6>GcXAbw{t6>x`zTbf3Z&$cz z-T=3}8G%rR>IXyj`TmvwaL26gl#_-x5g(EsWGuHd$}osDM3JbBBQYBwP&4Ob_FOj& zCZ*C8k9hWNa63QVcSD*=VGf|bne@Cc6h^(%~ci+ zjqiECUd}S6&T%ZQ8<8q^!uJOA`N;hxv#nOG)AxeZk5Nj--ENf5W`0XR<4UEm*!U6)KC^c&^`+dtJN{9WiiuO@-N3wXBbC{wf_`~0;QYVMEv~OUW))y zAdwr8s=H`R}5I`g41*lK8jPIi&w z)%M3IkaA@Dum6Vk!kmsxUXwTH9Te`2TGpb^W0t>-$FJ-8TiG?db8X&#{lZbFcsk$K zQ39WnFhi5+X041mtcuQi|JpZ|8vu;Vs>2$yRj1F^eYcz}7_te&0ig}scndKb0P2-l z{eDY#hk53?@`Cry@s>a~4S*jf-sN3jSsnH#*QSb*J|_t%w!_^sLj`;sdB~D`WsvZ!`9~k`rzY3^90-rH*^b{ zmW?oNb;_`qA&Cs-A9T(V_OL=+#VrHpp)gOZ^|Py6B)S7YbxAkiZevj~WQjTQFoKdH zIu<`5*enqrz3q_W3ffndf&BVh*spnq4dwA)PUgJ1qjI}3^1`8}{f~tQNSxK*IKbxJTAB_pEj_$O>%Z z-7EFP!KQByZ&2!_C($H@;3o4uHw37LOOyAFy*8cUP!7)6s4!;%KtPJ-X8|S!3iUw} z*pZ&yy}1mL`}9qj1S{>I^$xCVqhzC+URAPsQ%X&r8NV>REXIE5Cd1Pto?>R_Yqhr` zT%a=}@K>!hO)hg4wbA&|wLNS7zgsY=%RF{b=+^T;gi~jjg)^w;Tq2Ma`gMqxR=evT zfQZASLd}{WGAaxZX4#H~J=j?5(D#0A{yH@^n95AdTs_=5BZK}l{XEpc7YO}d%WITYk3V3yI=tFr_ex@vGlEPtP6(WiWVz=%C z4nn*Gs5U}`uV$S-jH$%2m)v9ve1pAV=3*etG~#Bh{9aZ5h_=Go@X;IHRBowDHzDi! zmH9TpN7Px39wLt+nk=vZa3N;dB@N>im;2xmH*@A-n48#ImzyXoy!iJD%4#6w3)J?Ghx^u{Seh2Du9 z7HLI3<2V}(CTicLzoCER66d$uIL=)Cd_5OIk*HlQSB*ifMA%!8&4=*`&8Rh7xQ;Mk-F1L zd-wzB1meX-{7fM_^@(GUzyx!OdP?YG_4F3ID3iUM(oA*u)L1&E=7H9MPPU_KjTRy{ z^}kjEzr~099ntQIhb4gE0RduEU`1*ouRLLxF)!%=U$eb-HJpsrcT0 zK~s*haI701B}beifrWV=_78UqpVp(KtSNOj((Or%X>W2Hv_F$hzDg*=k7p{!1@k>iSyA#OKFW(&%Igk>!ib-?X9E*u@<0nPywYG8(0<+~O z1OQewJ9ioDX_kpV_S)mlTw);yCg@^*me@eO;5-GB*v2;x)q}=xEAwplf+UP#R?4-gV4q+gNFfr~(CDE2;^sD~@+!0S)gL`d*w+Yiuu@wQwoIN}rP+ zMsnVPT%j4yRY#$wj2mzq!OK3-0^W!jtX=`oVK^>#HM-SNoz>96+uC1)94Z%? z=IJI{Ck5eV^EIrsG7@Hm>gc(!Wto)o-~tGa5aIv@KcfyUAUN*iK&oucETas^V#nHt z)qDj5QsQ#WDAsnHf82jxlET4{;KE;tIOCHA9c zawV@&)hQSz3-xPqcEk@iM0)qKHSL3qQtr;=%(-}15NIXE;${jNSroA{W@WKL<7p?* zB7w*zhhe*tTkITLujaGe6rs_%QL4{7!NA(n`x%<0wc5<4#~D|O7xp}>ODZ^SKhzxB zO~<9br8!)GU*Rxzy?^iAF@Y`jyKJ$J(T~&xpBNDmD8*BX;+8vR5f(&CkMb+iDR9~R z#_jWoa_0)08arpU4oQlC>sf`VUo@l^d#ws8o`?>XqzRVKR(}5egNmhq9P3XMRitF- z&JNr*2OPt^_2+~VXSBQBf+gokQ4U1Tpf6XnkSmm=RNIimihOLMcx*` zdjpS6ef75bO}3?_1B?63EgifSiDuKvW$hbpWA3dli5H3Y(fha~zulAT(@T_7%;WO= zMH8ts&TiGM%4=KkUxf`UpC)VVUGo#08^jaBS}SJnKDmHo@a*fLrp0~@Aa%%wMs}o> z!nA;7=g4cPGO^Gau~45fC*BA6UK(I=m%kG0Ch^*|1=;e>XRDF?|QN zr&W2#b{?^L^&fH!H%e*Azow|zz$yd>-8<56o*HK83W`PJCV#;_ydTvun8#}#!M(Nq zt)4WUh`yI_Cu6$JA|T3f=ml)2FlAfh>%H3rji(d}@^l>mGUI!XRpVIJQgR-6OW+XdhbD!0EYjb{Rz$c&NL1>ho6eTn<>JHv>Kp{Ey>_nTHvK(a4vmwO`5 zD|1To--?*3#q)}0+_hYlgW%5BZAjjsv|eadFAox~G(!G-`!c>)C~aM=n{3FaNnAFs ztbSozXz<_RwD!o?Uh`T z4IZ>LjYlZQTeMSqQe`>7{EBB7Y(L3nP}S?*v)Xb~n~TTe718NyvC;o|2RQ6?fOtS} z2-u3?==(ci>~IL0mmW{P&oK?Co^Ob7YXBW25}Ak-;*y{acqNBx4Xn7$Yj4+YkQfCz zi&8wI#N$sWTU#EEl7pP>le04L#ZlGu6bu>4V5JR;+=E>Jys^L^fInJeZW1r1D8G~>n~MhvG|Prgpx2Wv zjHAL&k+h486hK|@1=&54lKdnW3N{)Uf(G<{*|X(!L9uxF5wc(7FRcN16chgTIIYT{ zn`{>ka(QK=qKD~Y(%FZl?$*a*M8vUwQ`?<2cIEp0Gm2A-Uhqru9$s z25Fjuu)t+u zJB5Zw>ixu_@wkFDtcK*ut>sbEIMx;MBjTsuH{X}o8{Y?(x3ug-=}~R+!aDpZxJOP8 zK~Ac#+_Ys^U%i`bsvs~D6Bu|K_gkI1qMGytPpF#o@8B%}5j@<`d?jbLqEw8em?17Y z(aDE)Z~$dfW@P|IWe})@wF2Pj%CxCbY97ZU_|5_ap3NMbB~o&RB-OJ|wxZxYN*O^A z#pnZ6wt~ zw7%Z5n!KJ$DvZOQqnolo2T~+awFXEh(4zwN*8dhha>elh(r z6gwX5Eqo;W#%re%L<-PXB2WSeT_F4-^e5z}Sjoj6g>~4*$QE09ZwYNSwVK&XtRqu& zsP_)FGufFWNv~vJHO?7Lnv{mD-AEk$^s4y(qw5=>ENPZ? zr#)>=+dXX?)3$Bfwr$(CZQHhO+j>3!x#zy~-n(zFT`MCZBcr0$%BZ!gcINkKj5l4q zA2Qzn)SVJfC4^H0DZ5_eLG}qIpdSUf&|1CU<0gJJSGmqIE={C5sSPGsd3?M-SkQxJ zU|{IA8L7eT8hK+o08F~(#JN7q;uh9?kiL$$K^zYdS z+1;j7k)BWX1^eHkKu`k0pF-R|nJUw-h=LdbZy=DK2{5~w{IDb~WheBzR; zKDLP021$nFp#A}fbEqIwUT2!yg?VBIUq;f=!R$^>+JS}}64D0fanNI#h!S8GBG3pC zXo`-R;%YM-^))GDW@PWw&%bHW=>e&FZ#^y*aro`l(FVrmGzb>8l+-nVGtvIIV`7&X zcGT5udst%_#(!)!Smoj}Tb*jA-+2~XBff|(2;12hJhJZ44L$c`itKd>zMqiGqK>6h zV#Q7<+lhDoJY8%!$q3RdAt|1De~TQ4eAKxz<~Q;T^%6u}J|Uo&@MpN=Y}h@U4-REy zq9LTywA)FZJ=<6Cb?|d=zP?-$T#-$uFbP6fzOEQn#U4^}Y58z$FF75tbV3o}+8+f4 z5#WaW;`)sBe6SbY5<0d1T?$AUy=IUdb5v{YvQEm1`;}f`Z`k*YqdzIfC$#=$+)R}* zm(^Wl3JzBpHY3cBez*dKUK`!!ege>>Sb&XF%{gDk7Ym*&WOGq2$VDQ0vba&;8vZL71hNr5);{4EITqN1!=uy}mU zC5^659-IBWAvdqP80ILLDC(0wiLzJSzO$MRiRe}uJQ7uPs!38UILC4e6s9qTBTcRz znVZPa?Dk$%l0yvEC8U()Fm`u25(}~hJThcdkeL-Kj}rMz%KB2n>(S|h^u*+AiBk|| zvuQ0vr9$^${<+_zi`YL|2yJoUpe)bB-h9^8CFu)C0y(vjE2%eK^pP4_c}T+ zKZfb5d*(2HchXtwloOywCJ?G8ox@WM`Q?xMhTM_gswX005nm?z+=z9V_3S1L!Eve9Z~#(`5fsbvpc^X!}GT#ql{- zkAD-a#nH0%;OOXSe>x1YjEI+o4~)=3Iuq8r6^^((3JJ z77iR%!V)F0Y26!5?E@@dFK(SKlkYY|D+W=#oHw4~w-8g#Qi&qc+3RYS zIM@m+TWv1Jn1eLij|}$CkGz-Awy80Jyzrpt+8ezTH5U18LhAY3gj5SQ_SBGKL9*a% zU(<5{g?zejm7@uvm5OG;Z+|&pcSLNSb`d%cyAFT09x%QIJ$~c1CgJ%@pijXl(&t)AN@%K@EcGl=?Iy-F%7&etvqy2Af27K0Eglyljg=C6=O-M z;+bRng^lb=Qbn>?IuZ)1H`GHN&N1bH*>VND>?7uehGWFFb~}2c)wz7#3y1L9S>`d? znsk%?#5qJ?6!H9C5sGoe@+GxLyjKJtl1DS8RqX*0J*!!-6}4u~RH?5!$cYN;_zwQ% zZ4mQx+oE5qSLrvD+`JA`6lRBLF8G^{6|Nz4Ezg;!n~YY3sSl1$a#Z;(14+ z7Y^GUnLY7~6>4TLg6?Du9P^4k4k5o(z8IWMHVr9qtdZur&MZn|i<4-M1rggx;No3& z56Y|l><+6BrE+7rA?1F9qoCYyKZ<>OLW8(I5M;so1^IFXac7QRV~{$nBFajL4Z+<6C~4Dn1J)X-IT%A2|A! zrY^B#;Z5I{Qp8r?r5qkmVXcQ|72>jhc9yZIj+RJrBxuA3?g;z3vyq$LRp?6IW#*0k zl3Vlk+!}eHR9R`O&3gjaOCDN{QaJsW$Mt2#(h`!voDx-{N(Q1=lhIVpiX?d&X`P#< ze~PO#u*URNX?;Ys1j13tT|LLG<=Nyh-kFFBJOR&*h-SgMs#!&Yk9h)*aI1x-TT8<_ z(|F@@>-uMAt}i{JaxA!|xVA$fuG>bfVO?YsRbyo>r}0NZLQ^1R>YDD1dFs&a-C@hQ z<@)jF36Ui;gphYt@PO$9?#ODS*8E+}0F3U%hxDgpj>0iqq@PEVq0XFSL+Csm#U{@r88-gTto$i`-F0k6mcR>AB^Y#+Y$qO`zff&q5wxgps3A zYY$EzK*tG-ctE1SRfdnzx>Hs@W7=rlEpv5{cTt3pPhWRlhA_U`u9Snn3}PC*3l zHbP26KOo-`Pzx5Lj^C%g9qRV4D;4H$>s?14^R=%tU8 zQsFQ(HQ59XGI7!Gq?!?lw>287DRHDcj&UmVF`Lu=Eb*`xty)!pb8PHC}( zz_tet8HsCEmq~$x*v3s&l;Tn0o!{>LteM|3Cd55{A0L8apC;6ZK&t=!R>e1PQEW~uCtx1x^5`BWi%O!sb=LzYj%J!VRcphS$S7@y|aaQ^^HG(njR$>Z1O+Hk0KxAM)$e!fb{-m;pS>K*>PDV;lq+;V_y~{TFR_)ie0a{zX zmc2aguP_x?+j7mzJ(WrY5c89R30icb={N2++W-hfIPl#DimS3Zt{-=A*P<eSNsv6DcU6B&%$zNj75}D)#BIU_S2psc8mlGP*1fQqW2s)b5MB{>@|Hl4 zd=Qy-#N@&yFK|>-9j}(1(tGP?YNIqKuQ_QtlGKY_J+6|7>_`LB%^CK5?dn+gRQ$(!g7!vx38ihL$1&UsuhODQz}$o(A>@o z_fi`S7IshoF9p--C1|r%Gx*1{lh$f)7i#@c=>4!)7bdPsli8Jn%yX*#j!!#CgT|?y z*SI8;_*!UP=zX0Adum7Oy8mPts33&bv5?b3`1UjCU}s{ILPV(HMV$MX(3O7Ab}w(} zQTS{;>jG9fQb)_F85bQoI_qJV?>TDO^&ymlzA-ZM>2OTyT!U`Eb;p41C2w=M$Ze^f znU!4wXI3eEkdq!XBEw8(yN5Pe3fh?iqBeW#UX;?jB)-8Ld1=s$+1P8wUlJ0zIO%W( zaLjs4e#~-AXUq&4jh|>1IBb}_RDeI#u%>?R=mA$~15=1KR|e7uPo5{&@}wFwXcV&f zM{(3PP!L>!HGt_*9PBj)QaKIthzW{QFm*^eYP~{Sf`7F414$v;5wK9JyA;q37*jPCrP6{Am{|MzmAi@MJDzEBL>4G# zF(ZN>Fg)z3cuL6Bc&1CN>_4}{kG26czILNN@6}ufq8h|?Bg8#4spH9}g)r>I+(y^e9jFI^yCQmz^)iJDw6WIN(dg*d!dO>OyO zC&q6lI3XW>4ov=_;-jsrKG}Rc#!4+@Vkc>LKbg*!=Qa6aCm&2Mkhq?{Zd^bJUmGbN5yN3)9a?l`oPnVAcm-=h^%(llaDhAV(fMolD#lxk|l8j z)(kR~0jaunxH(yR5EYp1-|;Sl+k4Kf?`NJUV_z&FAoH8R5CN+;f((h(b+WWwOpBnS zqJB(b1-nLCN(S$Eafnx~E@@qc?EpJge4ax6gm+%P6+2Tr8d6+2v1a`pS$v0097WPdf~%1MV-4ka zs#!K*(V&_h%4SYPW25JTFmk|C&}S%4sz0+j@@pfu;ukr;&JM9b(i(&I#wM^>$J|DG z8x~ht8&;&bTTRBVwXzGn^YjddhB~7bb0+eJmG4KhsJChud#rI#A(~t^O0k=;p%uvo zn0gc&lIVv`cy_3Veu>EpL$*t(Vmb%rwK(rUXDRz4jAu@q@bc(4R3zh z1biq{Dq<(HM>8=&iB5-?`-6xg<`{YnuPcX*a1_A}y&#=nI{LnlGS7x+aW~F{Pg*LkyhXGPGLVe2uf&$>8#VRlk4Q@H%&O zA84MjLy<&nijJI0rExS`x)^ME`Z7-+cyPw@{4wRev#WH5-RjUc=(b$OgAtB#qDb#X z3dE87baI7$i9ZRfWKv>J$ji9?bL^**#Bosc_~!QUDL74#QnQ(`Uvfu z`xh4>8d@ssly;kN8&J2aERMa(g{3JKF}<~+Nrq2-d$gm7DATHw*HE_E$8$Z4wyb4< z->EZW@N4^U?s;h_ma;tFw)~F6=Fqm)Tx@n zaew>g*j5-cy}R8OUYEX?9{j!)+VObt2d`PFv$k}q8f>{Aa8`n$b(*^>Nm>7 z1X3kP-s3C*#s3mSIfurJLzhi9?*4Gs4AKxMER~Oc^Tt)Csy|VUXFIP!J$dS>jYv!M zwC;U|k1WvZNC}}WDDk~ocI-|zWWZka724K#P6}#tXEg4W0DbQ$hfTHqJ?8D^0yhRP zlDT8YGYC5E+R;T4QfvGqqUn;%AdXBtf_R~Ju7Pp#-?Zva#MPAoKurC2-ie2kAS};En;j`{F|RI*AE5 z61oOXr_Gd}Sfn@xeWT6lu}wrz!9yJKhAfv6^3mCy^IjaWBs;5{kjxf})mz7m{o6=E z)t(JvWg3&tc>Q1{xn;{)B%$49bC%2^(=|qJH!Izz)wMJ$4}>*m$REO9ABBk3^wO5L zRi*~KgdG_MPhQ_MVo^((c$N^jn7E$Lq#Ry{V?GBKsWJ!_9 zRtYZRAH|ATcN8wMPV_<`?FM9hF-Rg}JbNyp9c|qT6fX%yBtY&(#}N3b8G&4j?8R)l zfWhnhj;Z_-D_Sv6;&2hSwI3@dAo!qR5a0#4cHDKTW2s>X3U-Zi!NlLG;J$(%DozW5O#_UFBl8p)%(8C-u) z;W%CZ;mxJFT@9&T4umn9KM45uLs!3|OP(6W$|_STkg~*-Vl&uzsjm7OUP?)|a7lxj zISMAJnA83Mt7r>Ujxe&T0-KTOvxYNJfv?BC9S$IoLhh2CG~OEHBH1!~KYLFbJzE_* z_IUYy;Qz?@s-Bot(6yVTkU6WFZSf8{%5wot_LRfwUW2fRT>yI>MFwj!+eM76G8ZCL zn?Q)&1EAW}B!axys`2zAds4sQ(w+d{Ps_{X&#ad|K|(%#?CZ%=ZFs&|yOzNAi)ZPs zqJjW2KP|Nr9yK2N3f)^E%Gt7>Huz_DZi$fl z*!vXzFdv^_f}Hp;pgEMX09ru!%EKQL1j(@=NpH-fUlUy>#jmW@`j&(5L0`2AXXog` zhK?3Sonvw+txQE*i3otpV5&Q~ z!?CwYFBk!`Dl+N>eya!Ogrcr9)#~Nd(jycunYHm0c~YZp@qV{52kq~9yBj>rBW&?Y z`^*WjBOC;5^4qgLe=aec7Y{s-!6#!Yj_>D6PYcK7DO`hq&ry@u)yeoeM-fdyl7lLhcj6(I8v5j<+qHVJ_XazT#Fww_DhCV# zlc+{Oa|hW(ZjMX{$@g@-P4A0Q|C~5Whw-(Wv#jd(Mm}sv z8Y_R7gKT5kc}=XQ^xBQ?HOY10jb=KVPy0-KUy0{oI&SQzqB$p+R;r z;>{7GwxzDYc2yv$LwHV6Ap9Zbwa{TI_b;4liu=WpG7Rl*PBu44ngKlv*@Uay*v$IH0kRXKwWE9)0aRo$4D-=yj&T{|^ zyy;Y1cvd7}=a>`j~~C>`-8u5fzY`Ic7?9EM|%pWIfm&+Sg^lOZ+IWyd&}tl}mHC))q&$x;(7=HJ`zD zP$nKy=qIWinT#l2Q0-7O$Mn6QxA$B+bb?)ZyjGjBeResVxZ@ce+r+%@EPR8Qi%6yy zEo)ny@6r_|iUy`m!2{LsNex+`FYO_lK)XmzM!OR8Vq`pyPz9jFRXHjQFuABiyJ7dx z1x^x^m?V8%gzVlB0u7PgNhih94$ zGXJ8Jq84IVVbmB9=S?%yYhyiVZGMh=}ZU3#cQ4%7m@`<3opf0Qe0?qox4X=rP+e2WJhV(U zcZ>-iu;tI8Ow}Mk{4L5^|ge+=nWA1|(g%$&E?y*`Mu5 zxJ4XAu-QOj`(TLhpIm*xP40ZOGg-n!0m+|2MxKAy{{F zZN)V4{d@M1X|E_uLy+zS4b`O(M=hmfFv1?R1A$eV$W^?`S~13-aHnzP2EjfO1&*!45EdA-F8a%>=N&ZmW_QzYfW^p+9C&oP2<`b&>{m-yEWHP3d^I?&T7He+Elp(2ud70;yS^7s5#q4!Rb^*qZySlg&;wE>}h zu!W+VxOB{Z?3y1#{jTgX?Llf&RY?cH*d(#u2!#Wp&>f;FrRBL#WN9Zb2E-m&pCUE# z)1RY2_c8|#(u_kT#c(Rp0+I;wqay5pV`|(e<6()Y!=ONyK>bHRdr) zq{cguyD0D?j+p+6vPHF+2#g(!`Lx6X^2p+tgKPloS-zhVD(~hoE3S>~JUlFS5+E~) zWLtkI*bqcnF{L{L}_f9=Ay zy*jDfNP$ijUr8u?cX=aqZZRuZ{o>t1fKSqe*}BfGVeR(1%VQHDPk($oWZ%s&EPIuN5I(Hp=e$`e&D8pm za75edR`Qy1zxwI)6;AYgrG%b06P@Lye7EIkT&wC$^r|!;wizzS-4ZCD3-$vWn9!^% z^_<7^(}4kNd*X*tUkk!BC&1Cw0o@F`an_Hmx9kgaN6I&dgktPdvUs}q0_zWClBE<6 zE5W>M576!|??&$6-ujHu^PrTAzaq>iM+MfrZeR{~Vo*Lwie*HF}$+$%Odmf(OeMy0oehN|q1mv!rj z_F<-mUzjB0GiRm+y6peOi3ZpPo2w4i9GEK50UsFdWuVA=&=*5jJSJCXfi5!+d`@C0 z&smX`KyUmBmd|0b99r3+vBYOYZXq;BBiP%rDAhv+ z9r=f5LZARcUneQF*s#Hu5qjc`G+0(365R$Z9duc7)!9m>78L*$l4G|~e-~pVcj^M2(DqK|?^)~E^Q3}asJ-i9*^94+vh`$wy4ah< zpaZ_j*hLO4xBq06Rz1GBq!kmW;{jw~f_jNqEZJAx>7(;4qAmYpwfG*weEr4%b%yb5 zh939;efig;r)iF++{#$?uK{fKTYPT(>+xy#ZJ6*H_E#B<&1*C44MgR>YOk&w`)5s3p@aZK1ybW~{Qd6?e`_6Ys zVtHav?pg*t@a9)KtqyE`8>G#59Q9*b9qKbJ<;1`ouN^ovg^Ikkbpn$YF znrZHxJfifGLAhpX=ssr%*fi_Lm9Ghg@z*Y+-j;Ash%V7SZlHjz6l?fCsTe|NAkR?Q zz4HkI9vL0k_J^-}r|;K! z>O&tFmnlLsg~B7Xvyb~7t?eoQ01-z!M zba4GL8IpXWX!o%4q`xyfoVeT+9SUX%-}D@=)>ea|hgpTv$6A&j6&fkNbzE3x z)TI9;a!Y(q^bTh*mP{W)HF?|cprSSHRYNwnU17S7>1VxZ_L;W}4*HcBo|K#MkkNYs zWj|GY1$~V;=`Vll=o3Rw;f9#@&ayTw#$?dL_7$T}bcAw)v|PFps!2Y)NflX3SqM}n zbtfL%Vcea{hqPwLu4hvixsz;E_7VK7;sD%YpH6ABGG@?qpdALB1izn~C4>CN*@Gs? znxv!AU=sya3)L7AZIUSLNSwnpf#7i^*0`$eaf6Hg38iuYd_&_L!D-ov;6*T#iFDjACmVqB;jZHol2a5Arl61u*=+NjC%m`;V*jW>cDe2+J?dDw_ZJ)3g zVZ(}r0$rHnCq0k;tU2_-p?Y=Gduv?ja?D|!>0@h?MojwJA_}a%c%47H+n*XLW{Df5 z@FWhg7Objr>p(j-TNw7fP6w8&by1F+Jjuqlw+-mhz^=4(+_BPyxhx4geyH#F2p(l3 zmgz=iDTiiK)lIeSVu$2qBxjS>6ZtNF95Img)7ZBi$8??MHY%=(b|e!Hb>?c!T5sy( z9HC~Wu=}%FmWQPk)f?&=v)jVAnxZ*Lg4BKRbT8xZQg$%U@K=@ApIfFR)`QROh7pN# z#rJ#7ms#9wk>h!vXyLO++rW`odpA1a;XA@DF9emqeb08GLPG+-zuay>D+v{=xh%Wh zNTc4~`k#!Mu3Z>~xK=h-u#6OK{|r6!K|kJ!M@OZ- zl(j>S=ov=DpHgiWQ^TtRkOCF8(7h^3fyImf$1;aWgH@S!6upPG(~>ipQY|r+>Vj^C zp--nmv|j)-eiPruJx%H4s~R0K_xD0w(wSbhyq{WB3#dGnBdwpf$0m>AqR=xoRFo%? ziTH9@ET{|EGCqw4k*&9+wpVDjac#=!Yos0|-HmDzS9RZTP0f^dz)~&^krhE}e!(zK zVH3ZMjJmqFnbxsk$;)qjeO8WwzQ|OxpV=MnDaubo#kD_1#E@^f%`gr@T~5C*JU_YF zM4BEpqV8MXIVsfkIhDC|o;_9Z*|}TE!!l?XpY~5eE_gWK+~MUv&Uc^2+neCG+a7$(IpHP{83t)Qhy4743Y@1S=Dlmz*Y(6S{I!3$-M|5$Rn zH_nF)>a;`?E7(^tV>q!6<%8d%Lq0AbO5>M-2gw$pJqo{u$8+rSXqtfxccwwwccrl`Vs zRuXLzFE+DoHxX|r+?~iLpj$!cHF6DYNj%P?#pML`8XwbOV%Yygxh{ooR?7`jJuqOT zK7-zXE{lndMr$xma57jAjiqK6W>H6<;PBAo19?4j0C1xDgoSB-#usXMYA9|Nf`4ZB z4owc3f_cPJc+JswdOm1{3M!+kDfNoYXbmI&ZV+8zuz$cl>V3S9*hIyiDe`MJ`{hiv#oB|D@ zhGeOLy=T^rX!jDI5snCqYVW?^WHp&Fvw;rIqVTO%uRj+soxI~xqo z-~b@>0WxuTMN{Ef>^8T~=I{F{bGPH*FD-FHK~hoBW6Nwv9H0JXP^oS%l!V%)6kLBUaK)WQiQd zM7m=^XS*{CEr9deCQ(Nx0Sn?nx>NQ~($SpYkI@#bZ3IBXSBQ?ngKmQ+-DR?wRuA826Av zCkGS6oN4=31eJfsRFe=#C$LtI1{t#qbslVZq{)zyTg>=o`@cXqUbgQMlOFwsT?P3y z|875O8=DVS>+Vz(Q(TRcGdd~8J%cocu51sk((kFb@M7gr<@EbOq45DX57dwtE$Z^w-x zOTj;9;NyE9!9xo4%_6yK8LLq$i&M?`RSdg}+bCzwrFrzaA4BVOsI2hr$1-e);U?6k zSEgLEn|(Glj-DIOi)MZmOQ331(2bfH<{eDSt`^k~tJ-G`J^y3J_ScP>-{=uo;&ZVS z@_WjZ&+Cfmov2V13*^Q9kvG@tdH{XhbJwY=whgaGF!*H;@DerJH%&4d-DRGClS-jiyCd^M~SiQ@se<*v6rmr<^qbwY^R)QYa2DX+2W^g zcy38C2>_(f& zJ9B#>R=C?_*!^3Etex1Fv3b&CxHN;@Sg>M_845Sfj|jg@kc>ry;$Qkk_4D)VPT;Sg zJ)FfGesuX}v=&XrKv=Vvh;GT0R~AnX`yC%(Z@SQ{HWdLXsr7>MzctF1dNs4Cs!U{* z(HAr+EZXAE-Db=>i>@>-Kqx63ea;Y?FBj4_7tr}((JS=Z>nm!mY|p7IFvl>1)a)ZZ zYd+1~!%fj(eY35U+qBLH*Ig{Cn!)b?q3$WiACX&ud%cZ6?_{hS;7Iq~;fy=x#7G~DH% zlGHty$3b4J%A+pm2K@oYzq!}rH@5C#?6p<SS?+;jU!YkH&yB*jC`C_Ihr%%A+}&BRhr-sNZ4X)Z_5es{7g2HX&>(ptNwEM!7jpRKJ;Om_CXP%T*MR6ISaR^n(7r#BFW0&Zb z&{zGd)h^?`{6nfM&^H_4hmu1`xwKa$RT$578jF-Sl^-Y6Yh=?E@oQ|WJfP3T)&siJ zobCdKrjgY2%$o0Hhnw%@>Ho!9OJOue3!I_RaGbbVz#GLiu5O>IOHyoOpV-!ot3x0`eUV-he}7eW@IB2 z|5~ob47qAP&l2f{nkFze3(Ykoqv=r0Gs7UKY-la_!4$u1x%GX90b>mK6B~|Ze$s;U|ALd_7N^yP2qwiX^iI|VUSa#T{TB2= z1=0N#EF%~WNDI+V0+$#5Upl`}Fd#e#{%9}>oD6O*H$U390>K{-508t_&F>vdgAd3L z9Q+dwUhrG_0k7i^%nOL;6CEDSEsRS57YmQ@6Wm{)pB`?4n*nHMJlGI7)yEh#HwAtI zGm9M^Z_!&BNEbSoQLr4K2DBd?&Mf?2dP8+_#h@qDFd1%{cR8ItQnUiMB7lm)zjRPB zrxi4^*+alpfqF4xe+>XfkYyxoCDgXwlLVpP=J3Jza00lY;Us`Ez_~y9W8l9P?q6s% zKl%aTAh{`MbOC}vaFM;0wfg~yEwLluvN%b(9E|6y$Ppi!n@f}8fyAjpVN*2Wm{U9@ zDCj;)n|tqBZ`kLI27b)>8XG~lh->65k!NyF|5}Scum-&_VZgXxtS>XZ$_Z$B;#}>@ z+mMA7!hvE8nDWD)7QrYvV#$S85ExHR2xb8u3xP%D!&FppXtcKB5w;2su* zV)KrKPKD0`V{0XS5wz(!ztZ8y5Kk31VdJ1aT+HYOpbMV zuYg)9&VOa<#oHCaG`)EPOg2|$<>g#;*}#=cO}gY^i@OT`inoftid26z13LXW-8#KG zZI8|N^E2ew&u93|7|Zx=nxF)(&1vt_@F?>2xOTNzo%EwwX4-4v;m;$G)5KY@H-!t9 z5x3{IgZNpE#pqhDpQT@X6I=^3ca`faSn_A5)aUA4l~4QS$p^01cVZThz z_~tVKFc8fWL=E$AtQGzS1gO`AS~_^yT&L5n`K}7DpU+;sHNsI@V+C--Zx;7$L+JNs z8eX7>$(IA@!8l7n1K!9XodsGZZX#b)`lJ?CXInFE4@zx`r?l@9%O413*Y`&Uv9E&n zmLIX$GaHq#_CjCfmd8d9)J;0;b6xpb#PkFCbUB?jjhqlZ#5JKzQeL$dArkC4Q)ePnT1B%N;~ap5IYIo$9gWLfM4+ho5V9VSvy^2mXQmWCkQ zIF?hs%HW`5#tjov2Drg=YGqnW6^85%7pv9MGY}EM} zD0m1-+TY|X2LnqfI>K(jyRM&^W|12Rh6Z##t?R~S*C1-(+Z-RFI1-4Z&C?2#NR^>- zy|tD$2skVz({)@|F|Yn$v~BAOudqP)5am)XNBVF`y^hMH7F47f zBvD_oOKvxkxLaUCibB0_!i(JSSaRYVTdae8S8*tP!+RF3e%?_tau1z)X@RBsi#c$J z7}<({0ysedo+r(3$eM091(GSM7uDmH-z?JUx74Zj(l zMMiU(%_vEV#W2151!8fr(+ue0of3{WqNoeYNlqT{j`!uxL`b(yaPR{M8>1uro61GK z0YQe;(@=*2V~Dr#!bZJj(qz+?>*Y?4E0QWOxe3(G8Q1b#Hf#{unX6)K(o2lDUf=>z zT2pgu`XEo|RskqAzUMHzB#h5_TL_~$9H+W0ch0M6yseO;{g~aJnwZ_+_it~#I>o8z zsr|}MF5+{}<~D1MI|XXw$>;v?p<<`SOC{4y&O#X1^GJ#)r^vlz9AwP}Z;y{FSGy3N z@X%8>rafmnM+ObjuGJBlTI;e?I$66f@x@MCot&?WaRA&QjV}zXd5{@n7D;VXuoU%_ z_LNZ5POlvvAbzh%t?{lLN(?)We+-1O&m!*kYgt)x)<-2(U%-$CgFd;z^pMnV2hVA%g4T>k~brlY52 zW&Z2&SAk$*`8TKWH@%U(i?so@pp~UPzk!{et%hCFwE)lG4>^ymiH1bxsJU7zk!~WzQKPYcx%K- zM6J@m1zx=%aazKb^<%TGB)}m+hV|#*kgegsA@Kc9Ab{BE?y}l+*-$(MxL?jhx9s2ZixxsQ$0#HtDV;i6no z`~GI@m{t_zvRdCq>N$E_C5KT|*_B*`v$j{uxjA&B)IR9RB+#gt#*~@#C+qA+%p;=3 zkOOD+pg9d^N^G>tJ8B3uVy>Y;l)nCkX;C8m^b?^@L8g4dv`fpV#_EfW97|5}=+KCR zGRF~|GIVvDH{iTGvmFG?_D9la-zgDGMW#8E78x+7NEJUy^F|Cq<5^3GU((_01l^nlnRkA?zGvmVsHKw3z>%i0l1xBY9Ur>Dnd zrlb3B`LEyK<8MDb3oFE5pMQ`4Yx{dJe;L`=f-MB$6U z6_$|q*gI*zU{yRg14s}&7)&y}9smVt21jZR>+K&13Bl3Q2Ee%pO`69A2q^prohsBK z@&{bn^_d?Zo_8FF7*n2Q0gQ;II}pvdspF_GKk&TwgnrB>t7{eLJ}5))a!I@C;AM@j zpHXo9fK$CODxAfD6ns$y^M0dL|1zCnIP`LfKLv#QJuF3?dwuv=rnw(ByoO9)mQ)#c zwK2TKrXE) zV;UCk*k>slE7PAR7$9H_E+8!z$J=K#n{-lA!qnVe!zer5LMJoZQLw2&B4bl8pL88T zm%pH^W>q^F+>|}1qx{%5xMjWoc{DdJbv)NKxJBWTjQsX&)x$(AXeieO5SHvR z5vjzcnKo|zwJ872>)%ghWa+rA;jo}Z>qO-$?DuP<(bo$w{3#!YeqY+moJr9&(=IfJ zjR($^aN=B?*)iL!7FM@fm#$T!7a$*xIm-$IkEKczsX>-yZWA32>lK+A{Rx-YYR$v! z6FxKr*ZM5Mn#4rZ7|_pFqZ{yvAly9bGV#XFU4kffbSBT=38#u2F(LCGg_Qnd>A+WW z&s{+6+U846u^&yv%=cy`Lc7oJLyb*~EOR$(m4wf#`!ngTW?p{KzK3>@uGW_gInc!w zt3L+2PZD$!l(f42`KR>^Ie?I=9V}GI%~|`%W&G0m%Q9cAZRa%o>$<^^0PRcx_sz^w zIp_OhQuqbqt}Y;D3!S0kMwB0K^fE@WJ`B+qetSyaf?f9&4L}B!NZ|7KJkIi6@#RTi z-j8kXDd8b=h&Ioh)%4KR+2v)+i^12_gfE+r*U}Ts*tp<1+GSs4u+Pw`aN>K$|CQR~ zV9(Q1GlU<(whHd?VaCo-!04}+BTA^CvC=EL1hVEvVJ<9A4i<=8 z&*2|~fDab81OBT46(8c@Y1&{b5E!HUEC^I*f>S!Veh4!oglv7B>|AJSEm5=lV`Gd6 zYu0i!BXHQ+eVAFykq{Ws-GUXZ8h#H|ty|(lgmpl6;tTOiB}Fp{@#@n7(k;(a1U!3! zkdt@-Oy^*AX`>L*p5dpe=g@!IbpGG4C}w7Mw*Q0|?*Anu{eSkN|J2R@L@>$!2f-Ab z%pFv{?M)o*{!0L3=H&hdV9fu)UR?jAo0;SP#$TM=-2W?oG5u>||H)tf?)$&s*MHaN z|3k9>BhvkUmuwam=Kn&j|5t_9PY_ldB0>tg{fy$iA>e4r$)>QFrr*`d~u=M(ztbsNHYX8W?HJoX+|bjdu3HO9)|Y#zb1hbFZQ;pgCZie4b0|pjkf@1zBqH?qU=QH}BRsR1V zj{mCI|0Qqy!{+~i8>}4cM6B%W|5fY#@9)_E-g>$JqiFv}9si4H9Pa<$XdDh!Ca(Xj z_x?vT4&HDkr@`{};-D+`wO84ox~}CLFXoVGGB&CCCo>029N8d^dv#afw7ysv7&6?VO z2Ix1nmHrprJ+rEc)6Ijc`cZIJVD(b^o=;i*dH$C>wn!p^qENc4_B|Tj7nj?JWq6Up-5}dz zS=-v4rjOAR&b@aik@ZUmPJP#FAGA#2v-qR8iM_j$5Jka_zP_j7ISAY%W3I70;3U3w z3oV5~*g}mmPAqwgag%>*JPPSo&t8CUAth+_Fw%J~zQk&U64rISp3;_DrGK+JbnMgC z0*(&R8$5M2-9@h7!C}!DjORSPAHlHc47xoaUxJTi?T9nvR8VE{03dJVtT+4|%Dqn~ zpZO{4=~OB{!0?oFTFee24W)?kBhf}I$r)L#a9uuh6BK`>jxwST(6ppup=BcU_OD$b zJeVSnN4BT~A`>M_7i0L1upM#CBI8F$H$3t=lSf^m^Db1Ik-r09ZY4+WOtvB@?V*n$}52KmbYOy{AVV(1ncX6s* zi0*svcIdwJn0vL$OA6aC{Ce>{L2(6!LcIR4hu@r!*tOw@o>S?WHLSFjzkk1hHi?S~ zFa2T=s+yx{!q$)P0XKX?cLV!^{LYydndWTQWY=Y*w7iL^k1g#3PDePmApj61_8Hfp?WGQA@7P~=3yzDXfLDfO>@w&ZYOYvX;=8i}fnU%ct_~T# z|1zd53M^tzu#Kl5(@O)G8@)~t#M;0RucM0CX!0TQ^CkncYD1sl2bg0VBw7pc&jj+* zKjsM@;T}K8A9>!Ztfy8EkFMM~EZ{!n%ddqnvd?!M?JJuV@;ho!++ZFNR7$$3W{+Q`zcXUYjacAjLfr&XA!bjX!X2#3=HJVx!_d zc?@vR3YO^*Jkfhx1Mw$Dl_;P%mTQE|3DGr4d*(Yqa0G)Hg5jRg3f97zz{>L35eEQm z(FZDr=cNPblx%pQLsk?KxSN;tO}xLB<;nH}l*>O;Iv++A|DMUIggO-~*f$@2Bhq~4 zo!{T7{M#FAn~ybk6?FF&xp&mM-aTW7whNW z7mc2wjY`#@nB?1zuqOxF7jPS7%6}12<(U8R7LsLH=x`DCdW- zFYth56XNK(KXuLelE2IvKdTqRkzc~92>P?l*NC`WWS{jf9G+qrJ#e%qE|Q`GjV#OHfP^3TKa>lq%mF#0s$)6|dam4%>AX}MO)(g#f8Oe0n!ZBkv`yj^MUimbViZW-z7|B0n`E1- z5Oy?tjC1{6FgUggz5ytW(Kas3llg*ao4vl*H5SY)E^C<;`jUhp>qu)X^dtMkaWUr^fw`lP$!PZ> ziVklAOEqGhp{w&P)<1FW8cYg)X^C%d$w}yK3ysj-^l8o2zcBZ78%w7>av6=YpIG}1 z>ody$pZKQ^@i+5`7%!xU+d%Yf7_nZLT97BR=krtCKJR`Q%sJ$_YP)B8IIq-9ANoWF z2OndX^C&v#oiQKp$Xpm___H_P#eU}D*kZwz)(S2{Y_r!Oz;*-Rdu=ru#(Cpe74@-| zB7_3vw#~ez@D_XAkk#1 zPpTHuD*)#iTN82X{Fc#TZxpcv_J-0PAcvYdFcH^F{QA8=t~fKTtvbG6w6KdLjY7jM zYNaHQO(0t`QdtEZ^e>oRydc)~+?_djhi@h(43Zq21WRBE)U>m-jv6wA5GHZfceX8R zWng%147~f;7QE)^M%0F3nR5g#At`blWzV z4rg%YNA|wt`0udnU^JuFa+TW^R(Z_zf%&Ok>Ll)Lin>ah9uTO&h`4bvMtIO8gWj?% z%bp?XHJqoOz#pJeoF?a~m6b`K%pRAh`-Vqlp}DYy9(ZAS0W)arLL{SvtTJ?ugQiO1JkY`n zAQx_E#v^uIV12>j4Rvp!9a6${Zn7$tM(iPcQ=4XB5&JODE8y|Lg(j$TCZpil1Z=~& zoP>}&Lv>V+Y~XLxSPeENIx5qEhznTts&O+7`r$6`D(|JP(W%Vs+S5!Z0pRPf(&w_Q z&f;-Y6l+J>#$la-G?e$vBkRvrwMvLPV1kQQ@k=_7vc+R4^ivjbSz?0du&U5xFXgcn zzk4>;xw9o`WkolFm%~xPU5+g*qeA5o!^W_;R>;a!p#-8w9w7}*q-pf-Y6qB#q#-)Q z3JFqZRB=zMSaU!()+0*+4fk1dc;%KbBSKiSa2+{Xiw+hvQOLAbfWII z`i8Kx7#~9eE6GeW|3TnbEe7R~DG9Ahan>2}^3Z+eEJA`WF>}rPc-1ibgpn1Q8{g20 zD1Si^5-&0jhRMn&Zj9v5+#fd@@PIE-(ZM@(Vs!$nB+X<>W3=#sT8v^2>|b7Vcnslq zOn6;`CZ62-Gdw5Z6_|e~O&XLj$MXX{YeTZ-*IkQ3J~w!I-0p!(fkTdn3A)7hmh2Lhyoq@`S7nHQ7bRblS-k&^X*no}sQVz2 zDJ+x;9V~(tbC7+@E+_IPjg5-^J-oVAw~wtPzpi2b{`JM5v{xO>DkDR3B2}{|%?e_Z zX*YgcJU*@{khmi&4>FzV#325&6XIH!Bmh(9CdMNI%JaO_&4-^Q>!Kiia6Wf8X=|0m zkze}h=PJgA75nLuNK8)R$RT=WCY6?K!7ZM2?1lk5rfBB3Fo~E%-Ttbx|;?V7x@>og{FKxSATBxIs77aS`{q9#^#-)Tu7l*-)jZnqL z529%*?qBUyJr;w04`e2Xrrmoc2QhU>H?>}A#)71+Mos}*DsCLWf<#~`Z^NO7TIVng zX|n;K($kgn#e<0$ewxr0Qj|iQJY{piqdo=Q4 zx;HWquG}?@91c>`_3O1iX>19C{qzZht5);~=oxClx`rqqTjJ*mJ-I<3OSpJYjFWiZ zTj3jgzJ5j5spL=qrn}C$Ihqwln?3YB1fmTU*C1Z9kQQac)xa}%)WiPt|Gw+T+NV9G65%o85TF@N5iVA-WX3+8u_k* z$1*;kYz!Kpl>64dS@sZKEBy4W?>fQhm9vb{} z#$?6>wx(Am77yHW_Q9rCPi>EOLzk{2JkNkL43Cd{55yY|H(X6z4cs3JP!t_!(T})ZF0IiLkK5S+>x}ER*jD)0-|Gre%_0>?XM)Ru)bhbxpuxF3z-+LZ zN^T&!dgNeb=oI8QAl4jP@!`vt^kX?RarhAg+?Xp{6CDfN?1ln)SztBj;TA7>OQLnJBsSHxKVx=P!7K+MC!DLv55 z!ux#%$EyWY!c*k@{l@9@Ftc1W@07^31yC+R_hC6d0<2BCC$w5aYHb9H7AxYuL zI+M+tdr|Fj$u{zb5^L2M^5beYU?(kZ)pIR5U5-%?1rh?yS;klv(V+E|kI+~o5S!OR z;ZH=6!PM9+77f~ABd*uqWq63csqhdYun^L95p#pcG{j+K1shTnl2y*N<>l#xzb2NX z-)rI*5D`8to?&gJxhqbIIeo_?9-TbigRUVW{S-pP7~t@Xt$mV?+5-EL;1U>ZgW_qC zkty-z=hGA7H;nO}_sVi2a{m4BHcNiq+IU|Qx_bq+47M*gQ}$?fZhzKlLRB`4Gps=j zIC>)Wo_K8!mJ4?&<=Drjk`_{$FSojd2p!!qqdYr-ZV_=##5(i6L<)zAEdSZ;!`c9` zk3KKMS8$hq9(<9fCy=Gnhnx7R><;f6=oWS$wi0C|8Jq$;*n^vqW8>g>Zhrbk@?O&s z+V*I9COs#;)lTmtdZ)n$QPzn6S}CU<5d$#mr^IVdd4RvwOZF?!7n=dAa1<3AF~SCk z-l`<%f&yb-urwA2v>q7mF;$?A32d!Y>C~Fm9=4vfWVC2GIvG$Jo}zwyyekV@DOavg zYRedK;WM52K9T<|79bkZ!6X*VAM~o$DzEcYzwa7!AWuS`qX>xuyiH6yIsjZJ!*%^z zn!Jv?wp(l7{vJQ9TM}+QU&)tA{%$*kH2fZYs-chH{!BjKy?HxTeL+CdvCZS|w`O|* zex6~9rftHQRJKk(G8ZxD6JO>-x8PIxRKOpO^9h@a4!a`?JCF)n3E!Gklktm^yHWC+ z1*QEvD~CtYH%r)rfxSs6sD3*RjoO|}Euox%;^Tk9wJ?jP z$(xnxaEx-yvaLRWVa~Zxd-61#vP7JGG~@&J>PX{oJ&yQ`EG9IE7C4#Xm*{5d10dArz9!TPF_NYxC})`=M8sm~dNtCtP^lFkE4s>pa%B>8 z;PXg-ru;>!lxf(b!HE#v{XE{Bx(btn% zOk_v!TzpvH&y%%#y!C5a4-4z77&hj-cTVeiqE0;lFWInsDqeRFF9dnFjiC_+qqj|n zX&s#3M`gVb){{UlIVOZc$`pnLmXyX#=w)*QvoUIu}G#GFx?u)lTuiwUAb)9T~qSW3}i&=E`Q5KBDb<6Io7 zs7BDD9?*K^?wGBv4XGCzQQ(B5q=HHKtJn#u68Mde$P&s8#Dk$(V0D20DjUN;1j&Im z|2h;iRz3i|?|;?Gp*_P5mY)dT0}($&w%;ad9W1yJVk5vfY*UB&bsZ&efjR0NVY3Ll z-Lc&yNRew$wi-dTo;8OxV!`*z^N^D{B2ogSxr0By?0HSXehLcAlp{@uuLR^T(7~|5 zx=$?~Bp_6Ym0e9L*}O)qaN-c#8exde8(m*Hedm7o+i6q$7-_z16t6J zgi2y2u4O+aDDbcXoQ;ol@j9i5h)naeibRnmgD?HmidXULom6Z>cQDjgUp1FHpDD40 z;ZO$tu#x^S%_i;dWT=5-o#I;ldNsB%X#wbtCNK@YWWbyi?wwzkh{266K0yMcU-q%_ zF2W_CMR~IPlk6Me!Olz2AN%Lu6ypc!edw*?1U22m6v?H`C4awfO5)x4A0y>E#GpZH zCkV^9TTy?u8IMYD>QG1#Qeud(;slXt+K__zx!-eIzqGXDA{4@73MM~qv+LhR6^vZw zx;>xQWyw@lY^M%=>M&`hH;+n`pgm*hfTstGq@AtL| zuCPae&=vk--J{gqc^e$F`{}B08lO~|%TdSYZWzcJeT;H~>CaRy+8@&GpLAW&z9oosT)5)Xv= zO!390_GAq&_d^&DT@vBQTtSYL=gh{)v8odH2k6wRPTa+3~E)a_%8ZFDJMhU(L#u1 z02%uWHP2y*U94P>B7jjy>^&1S98DX!vf?7*&dGK+ss6YALhMvWH|ksw1T2R5`xQtYj0>$JkuPPn8ESv2Ehv#PslSgFqO zF_1^X-fBCfc`59Fd+vH1HB%1NY?7Fyfk2bZ*~`scusS@_-bJ0UZXk!fG6H9#V8F%} zC9uhr11~OTGyH^qq%~$URrR;|PA6}&R?b^msx@iB_S^?kE>WI?dwCY?jjwZ0L7t02q(6yzrWK#5HBH zl3+QKvo`1w+|BIS_V$3V@bw&-rrQ!$!UkG4TxEI#7p(I@Ol%n)7J=z-m8ure)e1ws z;qHpzaWhjDdN{NlIy}Ztead_ghh+zN$8mo~7p}j4&req$`!7X5SzoHllFEZ3%-nIe z+j&w_Ryo}DKUxH*qw5308l>Fyu6VZsXPT<*!2x)!*Xc3iL$F??4W#rBx0OAT*vc8o z=7?6^hj!cF%yY)0_f$ug5-d|z7K-8HLf`$%0~$fdBbkEbJk5bGXcRDVz_EwzvlT7r zb}`fXFMJ4lh_o2*wWumTb7f!2U!rAFP9i+Za$Z=%ZePhl73lC3*|0-y7IAejVWNpj zY(w`rb5XpfNia(2SEMg6vgnNVNgU{cXeMp+{IsrEdEeXD=LzrGT^1IvpU2V7)ngHd_+tpo zruT*jAzlT3ubzc&-~JlVc!whl`=598?J5GV>XSKn(^i3Pf|oLJdDyyutIC_<*l#gg zABn?%*51Xf{B{)V1k7u7TY?4wdOyt<{m4#&T`IdlPguQdD>@Ao3${19#x&FC_`}afdx8ibb8Yjh@cgW_mw)@_&cXnvvjtU_Y|_8 zIcVGZRlMaLAncrUTgXfz+*CoA#?+ec#wL3oxf-M2kuE&q1=dGo? z89Tpj2dCSvEqyT^e0|;{79pQ^W2>BLdtNg;p^tTe%;i8(G&0gBRrV4zqWLs-6k={M zxX`(~D5x28GkCM}JnnPU;*C1@na#v_=n$?Nh6dlV--8y4i)l>)LQ!T9!LcGH$ z(EjEWRWN?nEEOjC-j<8GQ>okPS6-$vx->eFtUe9Xu)N#iiFa<^K-*Ti5l5TEjz#I- zvsue_P}oW{bY$~I4~1=b=tper8=ST4eTKKme#p;~?rf{?iYrDdTJ;`(r=42g#t(&T zh<1qnb-g*|XY``1^d}Ff{80PeN?xxSR!@0BK(orJq#g}2@%Rw;qWf?>I zF{j{H6RObE;cJPg3OYdrO+3UB$vtsn4HC(SN^6P?Jbc~-rQ3OClAsgl@?;rbG8sV{ z<)j2lRC(mEn=XfWhd57zd~&Ka2{|cM0>uo1u+QVm3*s~iFZdcY9~{wnzJfE3u8{cq z9rv$hWPW7L(U)}@o?mLYHDoj`Ntgof}B9Mc8OECyJx zKXFUbf>3IMG@4WMLR4?e?y%UFq33!)vSa`+5uwJ)p`~Qwd879qO%DR3NNyAZg`o&2 zp_fhSg<#IRm7@c}BLBEhQFy|l^^5Wck*-A*6WuSKLIt1NJo>;0!~>DoWEMMth9?XZ zzNnzK7oi%;$@Q9oT?3Cz(x3r19!sR`QYEFABeM{b3nPz!VL*cp{Q4ug7y8le=={Nz z)+G~Iiwvs}qw{{%5A>K!R?rFrka8qu;g(JtSL1k2t!XoV{AarT9{>1KW@D{eP~sNV zSyOfF{{n>br+3UrV9u79$#xw}O+r%J!- zD4Gw%qPZ&{9Uf;?#GludvG<=FVaMW+{R#G4{x$uH{)1z&>Qq1j$7LW84eO&r=d<}f z|*G~ zN@3(eAk>jkRmLJJ6~;=}ADcce_AYzhJ!sk(+~QZoX7mk&>>NqW@hv-`d;@T-OOnX+ zxqfCn1QH-!@`Mc7OLF5-l=Ti*vMHf1VoEOpj&BpX3{`sP6Pg`=Q_~D8DD20H+hrYw zRage3<)x_HR|qpN`NWanYopT4$aPfM#P-F|e{j3}zgpBiErR3n1U`pGf1J+}S4&&= z%h;2A^}iN2Gr0vjpEuk&*IIuN4m|}&25@(6FJjp$Ta(l?GEuWYiQpHn=A+nR!ay)k zlPM;mpsh_C#>fkWccxI8R~C{c+hrD(m|wHGWGM(F>N63SJu1;(&sbRCh0{r*$B&ib zthrP25qp_q7tcDV;x6iB_dTBWDZq$l;0y1auQuJ|a1_pv)V`pPu|%dC%ZwwG}WQ zMi=T;?AkA>S5^P2GAk3>|6&{JoJZLrr$alHZ?BSFBI#Q2N2G_TUB6eg zLwDz9hoFbo$J37Na-+0+vYCDary20-bM6BR$%5GC&Q>`HBE>&$4lO0ag{Gv$f-hu| zOKpVE0Sasc<9UsV>a3LGsI1P7qx^67118aI;I|w_AVT4NS9x=Ep@zqpgQOT{^QGIo z6IoLFwuiO{rKxf270FEk&np7so}!Qx#2w{F$eJCoCJM{GqFU}copgVGAyK%QNlG{k zQRp$|9XeH%*k`egLiya96j_0$LN?>_zH`@0A6N$)Ho<7&g;IAr0q4%)2xG^tTQ6ey z$+r~3Q0oi#Fy8RLA>x6<$8eEHaJm94mq0Mi@{X+wEDcjqW(tltLGJu+^53X=kjxAw zb(N}0An{}h6d7R1Xil~!@j_s|t(1|HNg37Sw9@R{X*p5^vM}R8Q<|Cc=&{M0_t!&Ndx*ZXG>OrKSV%!Kjyw& zp`x_Oi-L;Z#_x{v=ew`C*}#lWz=llxPlT_Kn_2o49609sDr+|x@3h}t2KC5{6oKfy7rsN;=5acB zjV$Bk7x;_ci^r;hc)~W^;omlRhn=wwYPn3_0OCHTa~F#>H6A z&OCS4o6~ikp@X`s(HLT;xZXk>_>bI9_Q3xD7r z(7kZvs!9NRW90h8m6?Ibj@gdo_rR|h-d8>3!q6$LDe z0EaS+-eQ32BvQ1_1y})(thPB7vr79!knWbDv#57og?Dyw`|+P4 zefLNp?o)GUn=&iJz`k4t#wWMHNgu3U4+mYfA4)gXPHwe+y;7{c+?@iIAw7AVB9J(` zh#8NRq@qHq$eRpjeRn~JDE(uT$GUohIAGj{a0UFYz({M3EI95Wd$G_3m5#at;wTYR z9H?5!pLr{4A_Q76+kM0Gc{WA3U)DC{imF1tYm=rZg8xjzw6h6n*t`>egToZCYeBfk z5JOqWOoP*=2P8WrwKPiTZ&Y9f!ph&UvnP~?Pi=$B0B zh}hO5DU1Qrd38B34nEXNr9`d_qqtNfoQ7uc;2{iMtbx>4m>%w!;m_DMxKmx!Rf-1b zv}i#tirFZz=h-9YV_+QMu=DZ7gh$L|z#wtOxE;5KBi6sZ z%=f3rI{#ybw(wystnm_ye#y5n?7fYvON4_4B`=ifOGVkNyy!QW*lC4p5{-LfT!gzA zv2#M5j^yP^Di{tdHjE=0{T4_F)?U)NUw^($gVTdqq(@^?>7!3_dvj{ch3Uf#}_p3-sN?&=9nfYon4e^lpfLZa-D_Z7Q2^dp5*-e z$}q2bhXQ|NXJ=8}#eoNn3(m9KrJaIKQAdN5uI+I!U5!>IP!oI_Hp}Ep5akQ_A#I3CI>U@k%99@RO}q=UxhqH{Yq4QeR-uVw;h;w5NN{6e4LFB* z50}hjvPcv{^Fxa*f=0`R7%!KWBK@shpx7{2#OX^KjQKUwKtHrVA*h8)P1oI_DE2-N z@C>y~ZLO*u&Ae*LQLzQoO4OMBlnqr9h8-V>tETbT-ksFF;!2N1V@-tnhl6)6lKs}y zz=ctFuSgfGGj+I$iEbj7m(55}4B^?p8X%DWEnmR+pc-LRBIB0_{kDMSOSEzuQ?pT$ zGs`?31VEtRYd*avRRaM9E=rbf7crjisdA7>RflLn)?=91pW|Ie2;rPrq7lJ0TXO~? z(JI>P>}NH*qLR|Or@N)CM&XeOIt2OBOrAgVqErYvKFJ3i;pSEAZJ@+5w`;L+w)jrI zx%z43PSRoHO^2i}v+YMLY+uvjq;EMl4+A#Q?b)w6tAE+`R#(z&r_|7!X~a;3Jg9go z^!k6`bsE_@`2G2^ZR=gnC7`0$lCOy-!iUfLPy+o>G2bcUb9-8l7Y&=ygN0{?Cyr>V z;g-fCC5RzQCR;*lC&s9Zw+!JD(<~ENf@Kiv-V@QjI81X#iA&6N51pLp7%{ihPiPzp z(=F6SX#s1`m^qH5IEyA?6xKU1DTkW)-E6QtfO>(eG^KxE41#}`uwqnftABO-a^Yno zqIm2wL=6t*VG?{{e%dzKO@Z$n8@QL{_lCNFo;aYR%+d z6nJo~jBLdsUv=jU-ARUxbRL?IH~J7kKhndO&MW21lZx?ROR-K}5} znZumq2Q5J$!v*xUdb+H|lvXuI_7Q>)$c-HfQoQClmc0#(rB6Hk(`myIHy|rxc9hpHSHXDGYHJ?v&I9)Ah)!`sz~3Xvu~mZ3^BwEu2x# zD@0^W5g^n+q46Fl=)3E?GBWQdEZ$i!QOD0JxJUx({o_&?j*^&dsz5X@+U zFZy2Ym!pJrH4~Csu4S7hJ426z+v~OGc9v@eoY`pcMH|87(||I_fMo}EtSf&B<&3Kw z&$0l3DwXAeILVr^>+(MQ;^;e$IbNjJW9=OHRoC`IciJ7%-rYkf?|J}u3^OFX7~o3u z!d}C2RJ@1&YOLAWar-N~0$w}Ytt}u5?Vfwn3_b7K5-_`MU zt^Kw3rmnMx;r4>y6u}mu4PmSf)4-6=dA>e6&d}{INu8wglC-!l;ErTk^`P(_gVCko zsX*M|$l=4pvt-4h(N-KOWQ9tYPJ=fe8^lI9c6&H zyb?!R|MF(8u^?TMBIAdUmsno&(*@Q%NFZW4-Ew; zAjNpow{Nr0sZoZ%5%0*seQA>v%JWTp!yF=|-wewtkQ#-(fxQDiZ)(4kv?DlH1{y%Q zFnO>+DxEI?yrkBzy)oq0s(|$r?v$B8- zgPG|euolTnU3*rooU?X?=hky>mV3w=K>xwb3qO=&@XrGX<(6o(7Gp~#+0s|5G-B9{ zJKmT!8pm$UlIBZwR8LqO zvKj(Tno`IfC|4+}Izy#QfGB(!!#e2-^x`(+*HXkpATmN1wvXV@<4Z}nqI^;qS`sQi z5Qcj&lv=H6lNINNE^58O%Uo5m`0Sz6tU6NM*7m{%hMjH~=Q7T`Xt^GJ-dx}+8}+VW zc$fivdXOH5M{)5$ls}V!u!E^tuK(Jl43ROu?r|TT_DkNN{3bUfZHZ3h?m&FlC)HY2 zNN4sq3-J261uoFU<{cEwqh~K5<_!eSZwO}jQ3Zk~vn}((WVJQK|9gN?Jv}v0B04EG zKQGz0#{5MMugWO-uLZ)~z?)Os!L~?HWHdoj@l~Hpn>1)Q>|#moy1D689sqoG*t{z4 zrX8@Cni6@;Ud`Cvmn9z>%Z+b5ys&8&g4}4P zpSR7>9me^h#E{84NK|NELS8r`K^_agz%Lj5E%%ipaJ^)0pMJOZ(WssE@wtG!ygl~s z!>>DqyV8G;^zjJ7g7P{3scwMiu2pK=6F<~y%)2-FeRBY@+P}ZI;Igww2+Ua zp;rJ0U3%dVQr`zs{3Dk?VRBv{r-R+tyg5NsWwvdTTkoO~=R>D6YN?=>gOxd})?M39 z89rT4R4*~GReDBEp={Lhr_En-Si32p&GuqZE$-$k@vOEL)eRqSNVoBEoH{`pY&CuP zAUFwyj5+HU<>9h(8fT!69fJ0W5jmB1XbM9}j4>41FdL-xp&!I$5k&`6oT@nr9V$M- zMVW2*P_qrx=D-lI46z0OWi_F}RdlYqkkteozw!a8dRx2@zk$bLd}&z=JpXGRY4olA zKR2{7tnJf}>s7p60l?R+M@^gE?&_|V+hM6h_VlDpZH__9Y4By-_a0-NoT48;#;~X1 z3QE*4%zRbZ>Xbdt*TL>fz-b<%AvGobe#hT9gl9qEj}=y4+O^ePDS#Y#uDB#{wL&TG zwVC3u_(h{OX2s#Ly)esglS|CiDs0-mV*%Fe9+D)nBQ}`j89@=;Jui8CruJ2K=5cMp zs~CIoChMa&cD2)q20oF#t+ye*Odqx+xKQ^AiFo(04_fQ%BHlWxQc$be`Oj82kr}NN zz0s!2%=}V&wulex5@?l_sF!IM5F&Ye(~vtF?!{Rt55B(Q(m0!JsdhubmBR8GQ#6US z$1jTrmPP_C?1Kgw7$WB^lX1Dy`u%{;=9#J!oaKwc+C;9(tfG@OsY5GL&K0hCuj)kk z`?fOYeCGtSidZe=W3xV$9ffq@z4mgMbU3N#0Wj~h)sj1xQn|CglzYaj_nRk_nbJMItwJAaida7)&%S+C(_J$IM%fOKy?<>OjB$I);Xme znbn`(T^Y-lS2hyDrx8D#Rz%oB$-7yH(xPPZjHy)Oj`SIopP$a`xQ&n*F9-IeJow`d zj_nnn@BCGZh2!P(c7$e)QHae4c1=2$6rQr|8Q4v8*SW*7%s=X`yGtAN__Pcfy_{cz zsZnw-OVX!@&ybAc=pAK%bhD7eU-GMM!TfbsCGu{=?fJBE^Y}eK1spX4RT=8v>Or*k zsZ*)nw4f#oODGoz{MFuLA5ACHb$vzweb|pO1vK_^wg_S1+%ds1W*DM}Q=vAXwGnFR z6~i{+qfhyk$Ppu%p%=)_OEl#r)k?C&k{$_cJ3L88MSz69rCzSKTWDK?6Iy}kP!Pxq9MebP5%lYKuFFy2ky&O3} zLQG+uCfD0Qx3F~gR-qfbJZ~k8eF8_Zsg8NrZl<<6n`7h;-qsdQtJbE}6}PcklALJ^v{5$Z8^!sHI`^(ns_E_VGo!6l?HxA%oXdB?ZdP=rO2?gLym&EnBtNGBn-^7hwm12w%^FLs9veAWGq2_PqMpZt&ZZS;YXT3 z1Jf5t$1BIJ#;rJz54u`_w+k>Q$QyJ%u{ zz%cr(hT4>*n`&FXwc{rI2>!fNPB9{{<|E;&&r&Li9r%$1wNE$)G}Z&J?70B5@o=q3 zr}8-PL)@_s_0ed&sBbJ$>+@;` z4_oWRQX{4Yto%FdjJR5V88PcV(0h*0#$x)g%>W$ia0WtnRq8g*^x#ks#WK}PU}h)} zlD-pz))#X&>!E`pLQ(mKU7XI0m3WR!mb)+F!-9zn+DO1TN^8C%{XFt-B?)`};MBbM z!2T~~M^2old<<3dHbn_A*}zKKIWg{k+f%9e)rIUBN|o^}VumExYGkmCVD!Xw#0B^Je|u6Im~*EVX2TRq6zTIQxs==^ghMDYZ??TS8?(1-0*1IQu%2RkBmte3 z1TeQVSnnV2s$l0RV09O+`+7&eABz$t7qh+vK>X>UhxHdIw#ch5WZ-gk8j?dId`I#KXay&A{L`?}z?Wg_{-iBL zrEa;ZuxA%!wGYWic*Q63?G@Xw5BSC?K`N|^%>Fp2@Vy|W+s6>m45*PI{WDOUelGyk zh0(ppNhJ@J@>|)HDu!akiP8^nK7}D~d;jJ%=yF(BCytoJf_Wp*-K=++espBblyt1T zt!$Li0R6anRP6B>E|fDR`ELMCK(fD?oxko|x9ke&Jb3=S_gzrxxMZ}cv~uWSm)RsE zhWt*2=0=bVPSDI)wNLNW`|pyzF8xZ-pK6t%|!X5R|zaX{d=1Xp0M&Aphq!k7=O|v}4Pu^40lx@mi7P&m9s}>ob4?BpQuR_s;7l}cy zDHI0r?+b-hCLN7Lsu*l%7##UNqcB2s@(JqR<|54%B%wzb5Ln`-#R$mzeP3Z5e^oWt zCj5RMV>X#EMxvFNS@!i7Nu+jk7g6Zh5Yrvn6JkOKrFyJ_7Iv(jtuKi5`-^lOMEd>3 zDyM^fe+SKU(C_bfthnYdcBB7B0#g6*DFVOj&Sd(zz= zX_DFlf$?FO@N%kR0HmwjHF=rPO{OLg4n{NKTpg|nK#;9U*P(DEuhiB7kE`hFL^&Vo z2Q8_e+6AN3!5tGmV=pDh;)K1#NN$omc~C0lC36X-Di%PpppgoNaC!OQTy!$Kyhv9U z1?+UXaBYPr01aw3PCqzZtW%5u$roEvoO+>dMbtrP694&~qdUL-43-CWY&w0O&8L0k z)!nx@tz)(@7*B5=38tgb#^AN=RV3B&-Ro`{k4@inSFeG206%@(*4;LOYPvzU+M>A^ zr5JJcHyAQ>KWc{VAIZ?QMK2&M6OTnxva+eqY9gAHmFP<*D|OMNAI-#*9eP?&e{^Cb z8gL(8W2@}Cf*~OkMtTj&iPG|!^lkULF9)D{7F6nPZE=r zeRx!b!Bm~0&3LE0OWH*9;rcgpFTBZ=NzZOEr78^F3qQMMdhR{SF2}AI+s?Kd7P#+Z z?=)y0;czaqH8jeP3cJPK+Q+2FEMpn1#7hFRx_Whr@rkAb0rCDSd>|l>bA!?%$cgnQ`XReYiR`jwRKYNMftmBHeE`;|Oso z+&?f-pm9@EIc{kw$B`Nut4?32FlxfY6>+s`&@^E>X5vlm^z$sw3Kh4Hvh!dUNc~fk z_M0L4p#Ma9i%E0y)Npgll%>?4oBfrLXx#3MMIEuIGvPyVdxR)9=g>9Xmv@FZiPjP> z){*Vc<^2bApB|B0JnwMSIq;Ld=-j1K?^} znN`iW+JGGbW_ZkMH9Y1FdL!ZtMvm;(8^=D?Du{ML5Ji>)=^>(^5gT8?-#|RlpVDuL@Xjo6hpD z8EU4!HO*b8h`;9t644-AO1X+B7Ywtd?65%GwK>9OAZa$6Yw~EAD2v0`5w?Uap(3t> z2(yO|Ju&qPbKRGon2z96_f0>7FB@TRJAE(n_|)ubAD;(ZVYS}ba?}v1)!90~mDX#ei-4_k5wLX$ z{ke-Jv-d5TwS_F1eZUg(dqZwgcZrTXW=V?Po}#y>8mP|!$!MVFtp?&NK()UHy34nL z8e&M*28Nc?UzBP%=hryM0&iu9W-5c+8=W06^ z5KmKO{<7sNsgqldyO(cTzI8dfd<8$hMvkWSLUUSE{;h@_G0pV%r;bWf6Xb8!HbX2P z|1(LzvofjP2Af+Oj#tmp={HliNDg)hKAlHWG$9tE}1puK;ko6x@1XT@7a5e zX-GC2(-XRYXrGU^v=D1MsLo@?#mjnMLY*@oq7FE7aOP(|Jm`_#vMe{2|N6YDuOJ-j z`-_tu0WQ%;EIuhC9__=5s3ZgOICJ_yRYNjR0|`}MwImsszli>>$T({{5Kbin`Ek~G zAl#Y^bV5R%8(tpoYF!ps-YzB^y3|rKAtE6*EsrAskgXQ0F`eeO1R=s}p4T~2qZ@PJU^9scoj6_`YcT;u@X4T>X zeQJ6!wLC>4mJ1=TM)ju~rX8#5y^)A_&T@RoL+KFRXUHH4@b8%BO5{U9My~KOD-MF- z^dldrkp3VJ_!zoJ$_1wYr;coA1*95a%_8XZC^(2mKu5=-nIR~GY=1a<>}W1Wz5`&1 zKYxOAtr;KuPm)gVe{*5Py#pF!U^{x4N)hI^PNOsZv^$?xwD;J`TZ ziE2{F-iMPW*7THe zE&b1Rly`GGUanQvqW@T@w0VL*?rUBJ{lpX-Z+a7-PZ=offRp`jEkz$3{hu{~n)UfB zu5e|h!QThrTe;?CqaQ5EMZ4eo2)_DeL&TR-hC)VX`W9x*g*$Ir!iGXj(qFO`>Z#(< z-w~gF`PuY&`c_a*1>{j^RjU(m8e9{Bks`CgN~CvIteIjWpb3K%0VxcY6R>=wV8E9+ zoA?O*)umoH&06+FAaE+Yj-rqi{--O6{AT%#J&47s+s2l#7B_GtFF?gV$L?{MFq zcov+hcvlfrt5u0aNj$EB#5&G}P3lU@Ws|zFN^rT|>A1#<9w|} zg03!&TBQogW_1xF0Y;^bq=LC3V+C5cU3g!e-=~3ZYtCt?b(&tyUo^C4N1eJsy;e=D zcc@07K`ctVX%wJQxF0R<`_`7gR7qV4RpQE29K?$?UZ@evf2MiMnbGsj*q&xoUZ59^ zo=Hdpvmo-?t(v4wFB4<`bYM;>%)>2s7cBA5%-@Lpn_`ky7#7k@fnlNuuY-@-yq(^i>`ukb zqOUSvD^g~utRGP}!V3Q;&sKKGvzyxM-s^dQepHR+Ek+Q8BtnPH?oe6v6is8&*(CU_ z0?i11H}9d9PKHIP_a7AmzvU$S3^-|vh-hs12SEM7?*|Mx38w)b&N((r*#8muv8WM) zPzax&O}rTB6om8jBwy2ybXRpDCjfIScRtC+P|f9dy_*Q=CwcBh>#eN-Z)WLPSUfq7(0o^$rt9!~m$%%rr zbyrtA;WhzHTf)N9c~uedia?9^%qi@g z#Skajg|LJT9u!k%72{;?XYSYEZ#c+|Fv|NKQ12MjmsK``mBvOJ%`*;z#dsC7)c7`Y z%BYkZKMHAwoi(>PGvTo5@Mivn7fu zyr>4Ba9q93i`_65i{&i)w8pDt5HV9sGgg{rXf4GUq0ZpYcV zoj%a%VpR+{f~TDA9qw1mby#fXpy< zN>qEzb#xk?h;@M;0Y(wu72C1K-0zOtb4=8V!MBcEb4;%pgZq!0bBxo5!S|2b5NIUe z5o7KWjTwM7VQ9ov`vZ7&4o>mgpdZu9Q|L9?i*Hfu^1o=QweU<-L4(n|;o{B(4o(YQ z`9BuZaaXW>em->Z7r_!?BbGv7`;!FOH7$YHJOh%bthZEWQ^`T+06*ZlF4~*C&7&N0 zo+v&U{Vo4n&u@wqt_YWmhI64@q$Zk9u8wp@dXvLR?W+K~Ju%M$&#zp+<=IE0@IQ)w z?f6acuOn|oKP*;w#9&cWW$^JTe*pS;r9Wu&@iu=D6bU8qqG(;P0WGLOr7a${+ijFe zsWJmM=T5stcdwgu&r8bkbdZE%@^F&6pQujK$r4B;s*uRxBn@B~Fd8IR#gcH2NK_5? zl_p2vwxfP5S0{!Vm&w(e7h$PtSdyxSWvObxHUqo3$eD8mhR0JJb9kJgXgKBwXJD}h zog%Jy28Q@xW|FLZUel1sc>{i5u!aeEg&N=&d;k*t6Oi~aab(s9$)+zrM|LtpKef8O;MICp{y`d@7NL`yByi^dn;Hm8opEAtR zXudtX@{R=-G(F~zy~7$2k5UXNak|=@f+;FRr+l{?@A5uie87C%c*3kzd7<3_chJ|` zuCafO-fRCBeY^V*{Vc84(FTSpnoF;u*^~+~s6>zG7||mFBlLpf!rg4tL&Fj3?PI3I zVGeR5bp5e?`up{ieuPemDXW?~1R#Xv+@U8;&}XVMQ6{$-hGBKB;Dkn}&q+B+cRJ^V zWEUA^>jO_y>`UqV7DSehZb2l`dv#|E+Cg|X9QBW2;}tq($Q{;(?I8uPE(JOpI;mW2 zDbzUhr3IgIvR(s`|KSaE%zRP>?H`ANkraN+#S+njW*75@&o}M8Z}0xij;&|!yx~8F zd>iuTp3Oh`%--X$?t8cFi<^0?Tgz_BXMTEoPyQEgkL3Thf6JrRV~_sh_h(Up_8nEl^{k)#K{Y^8E9p} zo(^venox6BW}u|WSJ(+q(6`_4$OD^-_kZK&pKQGDCpWh||4nH8bkpch%yVXE=B?Os z(~j^8wj-o(_|6aaw4Ofv*jFE0a}*XGhja5QM`!L{w(gzjsR!?T{2y3D(Tv9YckyaR znV;4e6+TL$WuCS}FNX%^A5Iv2lwE0{l!W81!=~AiVYa9$kdkTAtgiDk}Y zC6>7)MXuskgkZ)0m@oLw`RS96XPnQv5Bon;vIkv<+|RMc70)Qy$Jj>{2bGW697A&TR(Hg8Pqgo8W)t`9nHOB=N*Qf*YG94Ixcusi@6x7$(xR*uQXx!h4UfIUuxQn- zqE?75^KB&%YjtR8U}T~o#wHqI1En@qkHFdDsmiKKHzK#zI@h|^y4UgwR?iwh{KaZ! zKs%rxFl;sUdV77nsowM+)s5QS`rU>bjJp$$GLL3Bvp%D*&}WM>MHNL^ys(!tf>-dx zVx^gBa2i#|q+Mxm+L!iEt(cmftDhTh(k|Dp;FiahCyIQ~NAVe7malAbHo2PItIF48 z)>N#?uBlu-#XxJdF^iUu1+_wTO)OpAXYRA?DZW#AXX>u>qp268FU4O?yjXp%+PYX( z#e*J-e-i!_QgA1f@q(z&-d*P5i+X&#*L$)Er&PG^w#E@6))}liogtx%8B_zC+#whb@uO1HSu{ z@P*`Gl4FQa5a(pY$HeSWYWf5CT)~; zq)kEW_Eb{2@KOcWf5dp%l<`sprm#3XnWLv451E?}t?9TaG3|rrZ(i`1=V~f^KXAK> zl%bG&<*}|E-Bd=&)(f&$rR{{-G=qa~4V%Iy|A$`cO0DcvI zMZe2%5EyDeHCzA|z>!ZXZ|5L1`h`x|iTzi)`s9 zsmt&AcJogTKKNSK>6?Fh7H5nvdU$RU)$VueRvM__zee^-|)gy zeGBi~bkpJuTlW2UsHK1PkvF?`G<0s;+ECGv%KvfpL+ieL&-N8_b5{d6_U_o95JFrC zBJd?~!Co^o?}LaMZOHDUpt*>G5vtTuWx2+3C-pWpMky_UfSL308b2bcdEOtOvE6vk z>f_!1pxJDK6csQBtY&i{Fap0L8Y73GMy-Yv?^c=BG=(vi&b-WI61X%cax{k(6tUR{ zSJ>~v08!xK?ju1dxVo$ugF*}*h@Fm6F^d&vVe|Xb0r+A71_+lCAnNP^$!G<=8gNBh zzEe=#Xx>6LSPHs3C;`Fmkxf(y+nqhTTbBGFCNt;6J*DJoanPGSH0h&iv&$TVbs%SM z0Q1dj!D@34xZ1qkd=ESbpM}TFKZgH+=D$!7GZCx6mIRdSwy3d3k0MqRn`s@j>+8%I z0iuB`JDklct!rEYFyE#X3Hlog9Ar92Awbv=>^64>ajuIzSzY53` z5M?jg4-1TotTP|HoUb8!=sfJDr+Pw-DfkvvLoL2|Js)mJ=cB0=#rB%1HAOY-!i!4U zP*6s_u!os>@q2|k`pH=(7B%*`2#2Yalmo3Rb)rDA!$obCJ6S}_Qs6L61B!!OG*7 zX>$&X4axFw9(%V)aAy;Bgi6|N*zt0~!Tta{ptym(LBYs^LL6fPbq}f=qG$Yg_bl?C z)UWcjz3{gD&0Eqfjz=M7XBfIGn;b**7* zdMLZS@&(OFy=pUnW@c8>)K*zZT|u=|!_*#eKXsRQRR6T$Wai|IU+RBVt~YBTZJ-ns zTYfXxU49=p1P>VAC|79#?jBa>Q+xGs5P~T+7KDElyjt;V@V5%1TI)5XSF z55otjhs5L5an0fBuY=!#Q}7qmoAig^LwF8;tU0Iqo8D>9*efc^(-lqdE^w><_VU{* z)N*V1Q^tU|);nva4cO9@Ar0t=)9&J(3a2U-<|8!`O#LF-mz?k#yM@rdsnJ?q%qjFr zUV&|7{DG8@kNN|(^;7v;)TKOYBsMcXA0P1tYbvVw8VEqZptl+f`g#EH;?R_?u%^=$ z0O~91*;#2&U%^!CA%zY5luARd;ROR_2rC(-(r$Mha@N+=M5B?Z)zz_B_)x^@a3~aP zgkn{-w=jluI>ijLu$P7G2vsHOM17;48rH+ZdZ-_vJ`+n)Mk4w!5-Ep~@XE%3&r231 z*;I#!KD_tMob?>6C2lHQ;4;3|f|CWBJiqZsJe6!E8bbwG~E5G9ff+ zuR*5KWeu}SZisNKc?;Nrmo#-MQ(B*zUOEHQF$rSmRp~@)lt!@T%CROHmlHVy)-8Mg zDMJom`*%aZ#W9%V;#kr!l`tBV_st}_2FgLOGXEq<7Fw4orvPG#O41Osr%+OD@cgyk zT`_uXb;gp-mylpt$dNj@NXq^I~LlHQRni;YgZ{kp@`EN zu7E$yFPMm}MR#osI5F(t#I}5kr3-RbM!k+;CVzW?U2&N)ILU8JFDaaWq>CCz;mxjIR1L?!*(`hE{6Ug`!q&N+d zaelyT-f4k77HE;e78yu9BjOp~;!2&Lz?&FPk^zb(60#j75!T7!&}8T9k`BUxB|}H1 zs1S)1_D3})?0c3{7(@ zV&>Y&ui0M(ejQ;tm?3tDYP))y?i&4&Wt(ub>MItFTD31m)u`Br(;soNv^T^6C3_OK z0w)xoj$nrvBX9|7^ZfZ7{n4KKYC2myr7{puIMHHfX_+}fk&nNtU6g##GRL%XUI`*2;Cazi&Z9F zm-y7g#J;t2-%mDN`|2axzWHCTe*1YUW1c>=Xw{9Y>enW}H zZJ5~FdhuoMWo&qY#ZE8salA#v$MOCYPkiFKjc)I9j)tW~5lL`H8cQj$bhz}v=z&ru z?N0ma;#G+TPIQa@hWOmXN@JsYmABEqI=(j1!>xC(_xHrFeWdbjv@CU&{Mmblk= zyZc`6?fyIC_az>+KkR)}+1|&|rw)9mcu&G62Vxuf0S*FR`+JI;!O`%PNA%#a2y~&xGpD(vm6rssvoB){S@U>@JbKIQ!t3u(xMD_D3QcQ zfK=%S^>fi*Qj$RY|3gLm`yNk`N_|MBQXHzoe!sEn(FP@r@_J8fBzbL39x6%rN>k|7 zF83jU7x}k&nqStK?L`bModq0O%{j7~b7V?zflx77#*0Z}F_{F#_f?#J2JQxufm@1ceEBS8q$VZLf%+Q$PqxBp~;UW@EMb2 z=jJCJNsJDsWa#n!l-Um~%SRAA1mgpd3WS^u2J_M@@^5m{s`vUk($ngrgBLzbrxSw1 zUEGvrY{rN!Qyy(+snPd?$$@;d)f0^7>sLn{LTcKM{2`3LTj?!d_C`bbUu|l%k^OKU z0Q!>)Pnjo4iu!!Ww5qm?;GwUrB0&{=?Iy7LKaIN;IIGv7-nRbVFSG=ix)A5_gZ!&6QGOP({i*6ptxVn-_*0FV5ovA8Z z7tK|qtLJGOxCYZ~@4WEB=zM}#K-wezLJSC8Mi2D(P*0?ixEs8{Y%*arog`BVOG~}p zB8_eY&N|j(hxTM>1R9PCF6hEjOUGqJ*J0Ob*Etu16R_87*Rxb5$N(kW_*6C-8G)*! zXeMW#rCtI#P)#j5Ds3d=L5}_SG$*#8(JrfvH5a^E<1k1Zi5^3w?Ib9mOh;ozju6rq zfKGF6N6PsTcLr~er_PXu#*z2~a#Qp9f0x^~!ApK1noU~r2y2ZmMWB#DlUcX>&APg(Zip#Fpai(c*F5g({vWPd{GPATa z|I1=Ny!yrO&R;T>zBS}=ILo;}M@OsMRul@+&OqNI`H`VAy13YCa5$P@e)&q1GeQ*? zv(}<*V;8%o0BY>B{CxT(qGBQ-H?H*;t06YK<(fFYVAFZ*J;34u0v)pua>gPMH+e!K z{uI_LC%gd(!KNn)=yWt;W(*22fARhRRh6WrRfD1tjt=fJ%UE{_D=B&XORz z6JD);pLp>_?o~qHOpdtr3@9JFcnp&`_fBy5^SQ&WvfM>KdWM1#j7NDBE1T&O>z z!HSj21@u%@VTb_eGN8g}acOV?FlAN8NhbSn+_U&8*|j(!uD+zH!EVBH+&u0|ZjXt% zu>{tX)YU8~xw7PH)72&Ysv*-*$qlN9lpm-*Q|r?;D>JJqx+)m42BuVWG-kF4F|X^! zfCWdA41$QiA>suyDRUx9GfA!z;*wBGTqc*(P+sQK?8i!g!`W@lzb*@l$96_9}dEYl{1%eK9Vw-q#&=}^Wt9%h3Gf+OQpl6{i>J}aqfOGBF|WK+-` zp0lrE@0u+)^*%PgGFtA)EyxS5DG`f}3woU)SfMs-Ue-2k$r^EGI#o>P`raIB>AK+; zXYbi*GnVE*xGLkttgyDMjb6Vh?KJGnKh_hhUb%R~Ge6t1*lET)<@3khr%xchhy%so zacfq!h}KhcDv2Jgu;Var_O0$y}7e&zRN&p8_#2Rs(|UI?TpE z0dX)`>~7|4>w!ySTR$OnkCP)F|FWgREHN)8D@B@k3McKlRLa5$+?w;hIZZVQ}fA#+WhAq?P8WaB6Cmvj=uKH>ZZ2 zcfh+-KX(4c`9Ay*%{eF3I27sGX}Z!`nV#dM?dga!oTe2{HtlfG2@pefHK5voLuO>t zb>$7^9bh}y>Kt+nr1ye7&Ryxdz#Zv>;NkRv^26mnas0^nV)^eJzjmG~KkN9D^G~kR z<)46mIR2gv&4u$Evs0_#D#!BF)sAaiuR32zzv+B4{jT%fv_bL)D`2U9AW0-}6jmDw zO8#N}MEZsu)BtD&P8XW?PA8UHOiQP%X{RHdaw3uimEGZXxg3;Qr2-(Gjzm@IE75>* zrIGt)$+2*_SwB)>2^Y)3>iJQ3a?mXbPMICN>aiPz=t$xZ`# zafl1U2NlN^$CQ8aF>DxP3L!j5Z)I+zcQX&ukE@h(l(1S=Q0{a(bb#UQfb+xgl9c(_ z{VcVP9cG_oY4$^%9RO#sPRHpR^}YK2dS)1%4(n;4=k$U;jldW6r}Roarm$+W`gNi2 z%W)UREp-Z*;4F3&hVZ~d2+gQVptZ`dKzjw~);K-D<<#mtDs<;#`~q}oc@HR3@PaI4 zk)>x}{xaAC37Oa@he(%@0Kx$i@ia~L38P#Etl4$<*M9b$n;&m{Xt_~vdg2CXDa~xo zUHPqVwPmwW>XT>w`o{U&hO4XTWA_r*EThrU-<4-xd*Sf+c&nsq%A7#!lK>7Q1P(at zRuPJU71Ty*8?{%sOE@SzBj{jY1b$u27}_eYpw@UPwU4L$0s9o*G&P{XUR#2KuMm~w zj~)|8d4d$J0*7E1n#V7TDf<^0+N;$X!mesas)n$un*01M%@bzUl6dhv@n4TcjAxp2 zlGY#WOCTQ9L0_hzXA3J7vKbSW3o^I+2QIu70(a zTj5sWrr^U>VR`@Nl~?2oZiIpk(}JXsf~9^T#RW`Uz+4Alsku(UDS3rkK)FOpqkJS+ zSIy^G$ndPo?BreH0M0cvg|8|Na9jYES|Kb=)tSu%uLvnC4(aPR0fwAlAXiltiG(SH zU=#{g)lmoQ5&(x66<`{!f$Lx|JPcoir{OuMfg{vEMB_|hnb0QCLOBQ=2vC6$>IcWg zdRYVNljifyqs?2+G*6fr$)5b+7jTFFRxpIgXCwNz3d>Ni{}j|R*jxbpgIi{-Jf4EF zKx!J@yozX;bo$#8J*jo|WM>8qctEyij2j}IRa6}B(F8d?-UUWnp)MD6YI8|+1n1gw z;k2E&1U+ug1)_GWS#|m;d(MhkKrKOUl;n#$SE@4S0*DQ)!n-@hTtvEWD&k5`fJ>xGbZQ4cXGv*tCv!L$uE9-EsN%{ zRvof99Hu#NP5##Eh)syop%BZtS6&Hkg}d)>#W5X{p3t29k6>A4)Mn#sCWw-Zj>Vl= zibRi{p{5~>N`s|{dt!g=+gOQ4(g+<9^%QNTD4Iri7iz%>^odp+P;MRFOCO+5(+c`o z_yqN1W(4*ec^h*Ivcy5!8Qwu$sX-Wo)U>><5q`*i{U6KO$M6@I&_U=XvFw(Jyv8u> z-B_u0#*HlJDTE-U|7_vcx4gZHx4NL6ope_EUz#STGs31!~S5RB&t#A z7?z@75TPnZDF}u^l*92^sGo}=ywcbmsz@Sw2;k@}>6jSnjWMzP3WZMz8_bVFoXzoO2&HTGwBb21eMo-FHtq9lBf7J)w zv)Zp_snHJ?^yIS*^F#UNm+Yz%IREC_RZ-kuP5JrMb!ZM*K(!dW-Smiwx>2{sL}~6+ zo4}pW0s+vdA2kFT6;Ls3ZMsTQsF1@r6aJ6Lmu;woRF(r%&{{#E#llNb*WJ;+|6W-B z$+h<__Pgir$oGU6Zukb=`wLhJ$GYP)Kg!?!%9~H_edKOzYJ$qJoRlFa7RQ*lYA#Eo zkDE{-ENDWjHK+hmSYTQ)Y+L!@=L-RwEm_oPW*Y~Tc+U%s;3Sp2vwh#a`Jev%+WQyz zT??*b+u{p0d^5l8m-+w5!|u?m58EgB>*%Tgb0)Izon zEIu5W_WaX$uZjS2;N8=Oz`JirG0D|()Lsov)+4GRPhLU5N8}X*{Eoch!>_3ED?Xrz z5!sI}N@PFLn4SMm4y4Y$p2A)q-+a9gj66{Yxtn+uktoOSbwh;pXwiX$LO?ge37SJGrxLUq2WqO1c%w62xJrsEEN*q&#S1Z=(vFQN^&9{? zCHk`QehVammD;!zz*d}-rIQJ?jOlc8JYHf3hHHw>#XjGDY{MZnSs7=UpxU?~iSHDH)6KDIlv&|%oxkSDkR=mzXO(N-@?OTNn=VcEW z=7elIF9iwrcn!v)kjLorK(B$vesW>K9|^*8TbeHqg*(Xr)1J93B5pKMTbqd2)(*dR z;L4R{em8Gw@jH|DiMY7?$j|XaZC<#z;lnf2gTZpWaz$vxH>j`Pkto=#A09gc_tS^b z2y%ewM`+gw42ebhjg|Xd2V9gw1WKJ~)*3|{EvhT_+YZ<$+j9`{S>R`AhLQ1nUh-fp zjpoE9<)0it*N?;IqN5~LKOJA`!%`&OWc{dRx&%!}^Lp$r`Pqy)e>cL7!ZU!vC=nQG zP{~qoBQs|%`r^m6QW#qFIe*sAm@oXE3Fc=vVYyKVajL&XSdIric$K(D#VXBC)?sGM z28Y6ARB{G~SMOAqbV|;t_i1>ANvq^|4XXwUlS&PgoJ;SdY!=$;FxVXi%2q^Moq9KA z<24>$Lt7zGQ#OXS0=0(cF|t+zwG{w0!j||BL^6V&_)VUYXoUo*+Rq<=g*$u&V15*X7s$|Amg^0cg2$*_Cif z%d)kPJu`bOf3A7SmH8*ucEe?J^N)Mr50}Cfjqr#096lQJ2bW3^<$^2lUfb9^${h$J z=V)&s#w@Igg{|0F9d9jA5z3=Z^NiL^X;pYf3cHG|n;ch9bg313rB0<$D>a(5BBwMP zoR*wU_J(&0zv~&3;#Y*K$)hf+O-Aeb$bW>TUqD|SQ?QnPSn=)IOt%|M6t(t4J*Xpiy zU&HV4Tq6vob}?U7?e*N0x+%SEFw6|Dpao**=lfN~3Tk6*IqpHW$k7*xsKgu8U zJXZ8b>ZtOl>V#&*{dD?=>CaT3X)hLiCd}_hwWmAE_NbXEzRTO=>n>&5mF=nyHN8N+ z&^I@_AjPcWSEQDt=|*LvYPFVTlt4pkwH|va?uq%zlsRodVXg?6YpVIQ+QVo~Qp@sY zl~N0}s$9g3nXTHoW{K01crBULDp7kpD#TWMJbaPYs{#th1B=_rTcW8LA2sVxE)j1S zv0G(Td~Rf{_b9K`ptZF}w5C-`0gd+nkDlh;9*lMmLnL zEn8RCOKwh=ohwt7y|4PCda0H_=GLC11mK4M5Vbhu%_$wNd!)K%gu41@fi*jO#>Jg+ za%dKjFtelYjnAV=^Mf#GtjwTEfNIAi`;~t;f}Nojo8&7wvU^vsX#vedY>$uw=Ekhi zC}PCC_#~v!$%nV)fUFFMaE2`)o3O}MERyOHF=MerB9hJiCq@R;N{>YM<(U)srgr1=ZWCF%_*M4wzKfEt8e# zSP&&2l{@q{2f5S5p%JR=sQ>hLF!n#w%t?OxCn=#}H~qB|b}wk8aBg0sbL%`cP^;m! zt{Ome&E)--X2hFZs$nK6HOaPaGMW4nYF62@uye+P16Osq{3Svr;wa`*L?sa`lpzv$ zwDYd#zt&t^=JLg_teoCN-$y87j5GfXUtvs?0pZLd31?~maI*!3`R-!w6OdX|K$s?s zFySln5Wf66;>bqmBMA2gL9597Lob;&R=#R{IY8<3yv4?;b;q4LOaq|SUM%{&qEkzY zQV8=(o~t(ceg0uT?SGAT6<@ubuojp#;|NbWiZ=qeGZO&`;Fe2>1NxuvYtStd3Rhju zxY0*MiB1sz@sH25a1cD2znWTyu)h*~S#*k+rBu@l8>T5vsR#pTRwHr{M{z)F1}&`_ zG+y$3}GX+j-n`+N<9M6i1^uR$!wg+WY0@6qzZ16 z7L5|`%(DI)Vl4b7zYQJKy8K)?lK(Fl$X|`vw$Jch&4PR(-Bl5fLgJpIt#!spc(-VAAJg(1}so0Sj66P5T1fC z4MlhW(g1Q$fHYjAM*KcagEgv^gf%M!>mvLpAzaYPi%R)Pb1jxLU}b&$7h}9-uYU@o$tfL zgTwLKFL4|%Ih-M4fr3a*qV};nqt9zvUoHsn|F6o~@F8j|S?ki&OroMC>0ggNmtGcj zjqW8sm5n|-Ni%yEYDAxt`W3vPLlP1=xcat>w@pY4;J5OvljH}RCOw9EgGdC8R{apu@I){$Z zcy<{!R_d|j?5L7<8_@MBD~*L`ho9JTgp+rP53QqZ~)?- zIF^jOR8Y&2O0bAg^I!LTX8p$sqay%0l2SC*-N{lW z$SS`9_l&u`4uzw&Y8aV^i>Go}3aqePOgc&z&l<@eR~E!n=WDv+H_>I97a<>@_ZJcX zl>xMC*|1?1%d+>_h&pol*0$RiSqlDjb;7i{A(dajj=uPxMM=rR3)09BqpsNv8Ci*g zOgwSoor`-W_ZGZfyb@u4l9nwi6BVMbBL&5DhUy{@o!;dRCNcw69kTA-b?BC)`=;x8 z6kLp`*^+_MVKS%6bN(&RNF_)77uF{iIDqb4@So<)jSC-W znd6{D0O*k?TCJvT{qlBA>}Rpv8j`j;-JH3zXGec9ZoQ-Fa`oHztn-`yxaR|g4vbbFlg(JQ}+Xc+MVi+~-NFUn7sbTNHL)!Rj??&4TwCX;H>~{!GVv8{m%#Eu82qs`%q-D!4 zlwzQ_L})O!4ll+2Ktd#!t9bH!Eq%~b#J*JGc&AI>+2v(LBr1fKZz zcf(x3*L@p1+qBHKSDx6@PTedgW8ZP zIAw(lF*QWXp2iDb>A-ps`Ae!Yxo)SS|S-w|M2I&*PmwWIO#l{C}UQZ=AB&Jjx4)ta;lj#O}A6=~q07$R_z#PQhD zz_wNue-T9`z`prH71)>1xgsIgv*BKBH+O42aU4B1`)+OTdE1|QH*}?kS7UHy6S3;q`}!r ze2BzCp2xe3?9gIqt_{<57n*%-CGk`L?ZMh)$*V(gy(mZS%j^lXq06?6$J>a8+(R~l3AA!vkF}}Zd4zlw=xjmPQjF! z7LTZz&sv}<^DA!1XX211`5_cYDn((4`7di_(PAB6SRo$+5gq_vRo?-pX{Wh{7OS5r z5ty`w2<%Fy6(*J*t;#~12V+yM7mUN?{8I!I6WB!A8nC?Q;(j(uA{t} zbDG7WlUSKDq_QN*O{ejCT~)R<<`=g&rz`&nUi^-iepamLz=b;(W+tD-35F?~rVfct zT?|_)-2^dn)ezOwThOC3-uqaZWIX5UZm*|;aOx9~lW6SY?V0Ev z!tagw;vGt*F9>3>;(qrH&u_}@ZTIJMUr0`$*tXBkUUo?2L<>K=ll;@u)n&Ki5Y5!b zJ5*#d+tLJe86l`#kv-OzzxxotJ}5lOxw}z97#85gKc(&s)B_c#f7?#rE8hFKE*HH=MI|gogqcokT`JAuv8p zqM|C%?u^-Yrob8_KdwgxPdA*vTTY0R84`Cm>V3Z;uJ$`b>{mqH8 zN?U9j;K{jnZUt{|R5=vRWMvx~w7^Ry&qv0S&bT`(^Eu4jzeAv?x$c;34|D>A)Ea+O z1_3^_3*~^ihSE&dp;&#PY!C*Q@Y(BjPjq+DU--scimERP{**gxXLhn*GgPgWLBa$} zI(dAR?^##FK-EyE4U5RpyR=KwVY%vSj|DOKYo9I;&@hBeZ%L#8++|c|xY&LNTBNk4 zwA1L=!ABu-$%ocfR$K92bHue-iJC9Z;jcx6w%Bq%Zg!^2VxI05#qJ`|UX+4a^5jL% z%e$uAG;s4GpL_mjgX_4rjdOatT~I@@V``|YgYJ|dSTmGqo1LqCf<<# z!ivCvebU?>h?0*Pe; zJnIw_M-43T)E7rBkYU~sN9{}GDrvtZQ-5ZHA<{!@n?h(4u^DZGA;HK>@_22wp3ORG zKXjZkh?54+*uLUihXTBzRYFG$QY{Xk3{ETM8Ph`pK22JS`xI}Lgjm4uSQBTsAaNyx zBkpqmiufn+qw6n?b&vcc_t03PfWP(0KKUQt|0!q^|0C^2n9d3WMMIT{pso@=jRTlJ z+t7KX4UnqUHzW<{t7S4NYhwy!OqfvJ;RCpJQl1gPwNb5O7{Avh{g{_Fz#Av2u! zO6*~{yPAYN8f8^pjTm8tfx95RVFt%aJk}?%&+HK(x2F#9i#1GA0inRr`J7*4FU12O zIgENBj<>C=Q-2DVk4Y&fLMorUG zbteA!p8JOZ;QLL8RmyYxV>nZJpB$}+1t5ckjqg`XR5U4~e(GgH90r=pRS6xFvgGqD zK+sLecjL%sL5yoj&VK{W&cZb3JK+JvDOY6YAZxL8TjI?;6}1q?hy*&n`m`WyKKN8a zFMf=#_nBO)7hoXywfX%m#!;DL8zG^JaJ&|MI2Gvz6c|AOr7!$OKXMK^Zj%9119;J; zunN`t{^ zD1G$>y=g#OB+j;i+gpM_j1<)Fi3*mfzI z$ATZ)l3hN96nF|E%R{>rFG- zI9NEuPZv%wmxNWTZ1Z%QwO>jh+6k?Lb7tef9?)@T3ikYcD< z5N?Iy$T#BkfR6n$Y6V4j{tX#B&hNC%7|Dio-|8kokM3YYcnOd#)z%dMcuwxa;yjvY zQy2o2T*m~mOWnMId3NE>qEIhDKQl_HMURrQP}lHK-@Tds@q*8S8IkrM54i^RY9+L= zofkgT+2Ko23~#@EJVmZcDxfb7gxAoCHx$B60#{E`1I+OdIdfHhc$p?HLX=DkQ;*N! z{1k9P70(F)Va6{|*?=+gznxSpEn|U64yEa@6?>hVArHQK@vS{}^ zYPpZoA-Y9AAD*J7KIBgF-r}ANe@WOhh^@Z;a6?;?dJRrKNgSK-xZ}R~+zEIbBf;PFphEQ)=9GtYV~l{y6XlCc^pikks~|l?0xJ1ssvgO1Is& z97Pt8^LC*FuTaX{dGZ-ah4`_F6;RX{%6nB|Xd6;hQRAK>`$A}18XZ7v;gIP!?Cw+O zC`Y)Naj2?n>1Uz#Ft%^>i@nns@x209E-Kce@G9rJ4V>W*RR>6_DV|A=_H^-T9GH7u z|Cl|3v;3J@+R=uEq1QQVAP;>hz^~*9;q%;9z3xy+%HE)`Z_c$uSyLe{;z;XTWInsxEQI`4Pv|pZT@%GZVTcXSYgHhj?U@v%X15g>EWTrH_N&q|))NMRCPfA{g z@&J)qE-6y&!U24(pf5|bFTF^&%E%4+fQamOJ5>^27766c*AIf~SHIz?kZt9ZrY$ah zYuq!N?U}hX27L5%p0yA$zD+&|Dyh`j`Q`QbWtN%Md3u0r6GccGJp}#7xCnJ-T5V;C z6>13p;l6#=%cM=G9X)F-QP@X4rMA(@Xjrhjwz0Fj)6U9E`{(h|<7cXgR}Mpq>7(SU zqDwrO4lN)&QEAtOnGmSc)5A+&0Ax;)HU&Q`mR04$_s)k0{VRn};Dz}P4H)t^(`v0W zZ!*nK!}ieB*kosWx=seLeolEn2d;6tKB6=}HMPKHZT5kA0wPR=jmG^^G1D>OknlLj zLXxjI@;WQJeY9ab>A17eEc3FXeds$0L=qF%LehNb*LgZP_uP1u%>KZSLu<8ntc5A! z0C`@$+GT*RTKA^zTcXnRV zJL25#KSxxMtKu&@7%I5ol`FZuHiNd3w;sE`8A1U2nq#Jxkn@}bSC-}&8=IcoY%gr> zWZ?V$e#wI<0-#i1+ikP_9-Cn&tF*JbT-{&*IJfM-*^5}8pPpNuV{ts?f&);Ro134W z?65CL#L%=}*QD?s3pVV96c;&MU0a;tY?LowLu^Xxf+tJyf_tx;AG^l2zX!rEtS)a! z^Za_BIkXAnG5G7N9H8|1$9M52_Srek#!3KC%)Hw)x3i<$$%?n!nD$YIa?S4|<>D(%hbJD9b@NcN!l`zRcRZe4i^lv65gl0NVsek~UVA zxG0vB__h{Rbcg*|T3X#+Ut}R8Z?>_y#yc5sk#j{v1gMoLuQ%Js*e2t#gonzP8yPsM zTiy%0jUPQO9D$l3TF+X zFk9W$YYM+-7B!gCr#H1q)y!IrY~bWDVP6p!fVmJ@GP9+28;m7rx#ZInEcNxWMM2h8+0uN29(-F%E{88D)G@G&vd!trTB|LsK8~aal!ou*ZFbj&%+XvO$ zqxe0kl1s9AYG)v0BJ|vW!a9*d0!Nnd+?<{IG6#jc8PEGXQNnvxgV)q5-z!&#`W#U2 z{)_fiRQ}2p7X|HVT8vRJvllCFzgxXTt$kLw?bm>|xM8x(fm+!Xgn}&jE9ry4KhqZ~ z+_J*$EqLDp%V%YcT(;1A#0zSri$i~vGtD_1gPymdR+RV3R7iZBP7kN5G~zX=VJN%; z_;Gl@2QppBK9IGyeH476c7mt2>8BI*L*0l?p;E+KLp~xl?ak=RN1VI= znEPk0DLWw$-BzpY8AbQodi?8NOqOxMg`6u6*EB=z{7X>MTdy?8fZVTE_zs5l|F8)H z8lyy&2PkU)M|}8kXJ9haLNtHcTAL&H)Jt#jjkODFwDUf@bE=c1&u%OuIaMu{q!_8V zLuh&GrsrwLuH2+SgVpN@kA!-x69XH)tc6$TMi#5q=u3b&{pP#eI8I#4{IbD zZ~r35n(G1~DnOkcOQ)t3kaZ02vrDp_aRG74R*eo1xeS0Z5x(!*nlT`|(n^#uzOH=K zMZm0k8Xfi@*fLv2wa8a#{?%qjLM0-&YBV5Etu#XXN;(S`4!P2?dRNpHFn-Z8)7`%% zuI*9R;^I+_f&mJB&-{ZLl4WFuG`VVht3w1=yz(V=M(}M@U=(u zA{Sl}g3SpI&$QqC81=)*bq1Fh4gf(>AJU2ZB9d9Zyh6AqzDiV&X3YPbc+t936UYeZ zhjT~1!}xvr#XsJUF!Nji_wG1O9}HC4n-lOC@y+6Z`y)JldzvL*XKg2lu82_yzn6T5 zH$cn(y9;<38g@IHcZ3kNSKuW^ws^14&Z{GSzl)?>*{>L66T9wy&fnkpg7XA|<9R<{ zqOytvnT_134P~Y9{Fg^#G5F_$o*;kDrr5-MXKSc_|M)uz)mqrywfG?uCk zI0bE)YP3BjILzm*_nRx4!6$#%c3F1WW;0`rDA>7j^{9cgkEyZWw!v z)AJpukyS&puq*;)-a=PNII87FFap8YJaz>OigEi_xau#-LfVMb-99@!Cy)wXGU5{B zKc9v!sz7*pXMdgmOnIXXpy9kAt z>JRA<7UMHJT#NP%=b}+`D`}1g_BtM4(jq<8bF_`i-M32LVPX9&zE(Y4A-7+-5IyYv zU!fYIOJNfHrEtHf7P7|ONt9%LpAz?@bLh*u?ad2&ykn;Vz>P`a1JX&BocysQXxS}ocSdtJ<)26(RXz~$)<da)IC&azZ9Tvk2Ysy==jBhWwz(vBf>#bvCt*ePeb}onf>3pE=H)o5U;*oB(gUbk= zk`bY_F3H_2HrRI285a4|61x=?7l5_m_*D_7AaI zMwbtV!*B0_5i+>%I*cEZa8o6I1$c5lKGJ#x^6*BPo*|zZZhj6Z@a@!`fri`OX{r3a zy`+S%k6r4M(C2S}ZBiXDVjudJd-3i*cx-xs=_!1xxdBF9y~ED!w?9#>#JXJT)%tGs zKG>^18SklrSLCfDo^Nq-8o8^J(6*VCgJAc&e3*VX;f9My97O;sw= zzT~9*n3RT445;Z$l$YDbJ_YK4*}u2oEs@*OOVBvsg84o37ug zpHsGR(8AQl)I8FZsYJG_bBSphv204OqNp$?U-H=Vd%xp7K1w6VOq0t@7hU`AKyzrz zoK&jXw>E2Q^p$#UO|U5eHr(1`=B%8=C>ig`%Bq|sz3Fh>rr-~VDk78O-5@G~-Ue2Y zfk(MGiLE({^3M{!$LCr3Ac^bp=NMIM`<@eM-g*c=HM94-7oZ+@QSxF7_h^yu!E0@_T) zeuB>|l+NY~SKGSf1fRE5NVxqS#*mMuzdX5EoAmgR*I7a#yoStvfFJEPnSZr+){2Wu zuDeTbQ=l6lDj5s2XUI+%VXE-JE^hkF!*f_sXO}z%bT^6KSS}l(JA+lv+3O`jZbb?qP6(V!5_D;IjZ)#D2vij1P7fxV1pEM*i-$~$OKCkGKF4SRVAZ< z!>JrF2e*>jxAc9i_F`!=XSi|R5qd;7QfIxv!h&A z)ku3ruKmU~WiQKvy$wk*AW4u`QP39-2(u%y!`dU74aSH37u>ilSheBI-oov-SCrbV zT*;r8`lbpWtD&BKUZ=lJe8c@2P8&pkq`>nB+Q>lHzqiE);3vF29XaV ziwLZ7dw!c|yO85M7kCp}V<%@v6GNMSl-(~&cz7;uPGTnFetWAiS;2DLS zj7)5uiMhC$;Tiwo{bT4^m^t7XMGWmFO)SjJo&UoSp7E!%iH#aD*Qd=t0C5Xz6P8ai zj?aE8!}Ih1pP_L7?@(k-Y|Wg_iP^bW89xo2O+E)=ZRl(wYGPz(Z1QRJUz^80Q}@q! zOokw;*poNZ_~z8+Yp=tbmmit)_;2Q^A(?}w}u!>-4|BRGwA%vnw|s{wS~ym z>&5E6Z7@zRr`|E{>~n`Kj5rA;xnA`7SgtW~_Op|n|EQUN*j1!7JORBn-^p_8ujNeQ zi$r3lA2*kh;u$6eRn>Yy@a{UIJoY6)q!>d~V>^M>jC{Kv!baJ;>4fS|ECMATOTQEN zkeMpLlzA9ru{g%FVzDCt)iF{*nEW9?gbD#qx)c4bpi_NmhWD&mU`-F;>7*#v52_^) zB)>JkJ+290983hM{W{UVBEbXlK4U)&<3|At7)3rD5sLkqzRYj$bFu*3ZkPcrT+1`t z2o>D}Gu!!$1)$Wn*_X(SDIzB(9>0mPneG0`x$VByaskgefZI2b4|p@php>jCZVWZQ zOsfZwL1;1vxl{Wgg$KadijoY1&Q^OT&;BO@;*Az{2QJq;Ypx!a# z^&(MsNJ)2CiMrpy?OD#a;|#q&djQ{~*?ZxoQTF~>ya^>Q%z80V-?k4|G+O<^H7D*6 zOUM7mgyUvn`ro7ReVNWo82@}TbN%Ny|M~yt=d-~7$Cy6b{@a%O z6aQad|MCCY{!5RTo#Q{p$;QO>FSPvU2KnqPJR2uB@xSs9t~qPYq^bR%R}C zj{h5+E;~JRbQV{+e5X1a>?XSUCI~`tOtG<>aSZ%>Ok{*%O#=o{gGM1k1%>@<$-YI0 zyC9VfSuVD-Yn>|>gvJd@ZOm~rHTk?YT(2*7y=%Ps6f8EYtd~F7guL(_ZyG_$}tWJT)-W(|)P_Rrn(mmBaOt@KDdalpk+r z88tzFmbKC5xR)r$2vyluP;#xc%J1)S)wWuVprjj-Fx2!D1=?ncmF*&lN+;YJ)pXR*BgSr z%<2Km=lZ+vV8Tj=Gdm-tAEh3cdAj;!ha&x>d9&m(4L2Z2;c`0>!q7->Hn6b~-hSyq zmNwxsWvj+^#LixG7VS!oj{Z~OkM3tly8tipyPmAkD`D5*x$b~hImhX0Nk6L10Plv* z(~tfousec1dhfRrW@iMo0-qCvQn;ktnu6;B0(00ZpP2!{r}KQ*@;k`GAiP< zf7y%&DUhXz&i0>Ro$42v%{l_u0SG$L>njj*xX#pTk=4Tb100!Qp9?!vff==e^My?@ zdmd8nxY4#lHWeV5tU{kyK=1?`J?jAB26{`uOTiX*Stv63BR8l} z#FQ|~#g+>g3u1O<8s zH>S|*wF|dXeb7#4h@(t^iD;D(W?rNt`nMWNC$C3xU(R0 z5_Y0~Vs~P<60-kn=}ns5)3U>Rll8p(>~jQtWOAhXDF29eLH5cAm;6VvSq4Q)Kd~yF z()2pBlX4ThfmLW-DJ}yy*YKOM1EldDf9^iICvGR0(JL*GcV-Z>VX{}%oxTfPKcuEN z>=xn~!<4%r3&%KAW5TqKpChGHYA+r?>8;}+Wv+8hq#W=c`bh}C6MaN_HGQ+0OBvIU>b8G97G1uVu=Yl zY0XGGb4U5XtU9L&HNOO0fa!*BjaIy z9mG537|z|QRv47sP5=-b1mA_X9Z7kM@Qe@Q2Qh=VK~TO()lawjw=hxh%*-LO-18%J zMrzDfX$%yjh|I5PHB3(|u}liAW@*=8DSkt5nI2hbCaeKyau<%xiJkaVEK_>@{3HC6 zpx}4vSA<8-3m8E>xSJ8$TdB7M=~0f+riA4}q1>M>&K&?)o$Z7&lXa6}V@hLzxK8Sn z(V)A-yTv<+gP(V7=3~sxc;=^pD3TjSTmw4L1;)26X^GFSZz87BER!epFk9m!#exYa zEL#y<2FUfkI{kV9y1B!g1*V};xM!)aX(m)*98H*wt>_1}xWL_JqFf9U!p?{HV%e;o97ODOcNbWOjda{pG4GJY2N3qKS$N+ZbM73rAzs+2&` z|Lq9u9&40whE_Inb>wJYKqf*HvkIDDHBg-t32xuB8FrGTyI0$gjr$~48BdMrFjs;lu7Wdlc$Ltb5m*P%zNjIq zy09SYo!)mm5=l0~b)eOb&ldMxg{gFXEIEZ<7%7}@ky>E2gK%-pQ=dCt1(y=8-@7gW zfmn?CTk3d=@aFuoHz_-l%Y^vmS`K7pxaPqy_e^fYh7}2YGaSG-`Qm=U{i&C-eSh6f zW2cJrfawma?gWjs5Vj)Vj2xJp3AIuhjO3?PS-&>bgU%R2Oy_`i)i7+xb8668l z9R9A~BhSFLCue{B(UH(it$6&jcD)j_Vbpxa?4%L5NxCdO6P@Nm4gQJ5ub4UIGM=@?{l zh%**Ykv2uL@UlLcXd_mi;K#rswU5lFVR5JAVTC}H$0 zL3*p>(eTmV-jl>oi8@#?q^mnY;VN+w_26>Os$jU@JWLDe7tkC4IU2lX*%MkR{xSjT zhjX8e0Wa8HYb(2qak_Go!vDKa4_Xf1-znD8m6#k0iDcl20tg!L>ZI z9{}l;Thia#`~kXjNl6oy?a32P9i_;<5krpxrE-<{uakL&75r_;Zj6*E0yQ_M`Y%lh zY2=Bd3H9wgh+94>b>w6zF$0i(=$57BSykr1lAm%W`k3~bH@y{y?M^yH^Y2C*3w;2^ zAN7fp@R`CgLx}TVqQ4#L8qvud=6|qwtmdZudEU*5l6G{Ht_D*oBm^zxXBsZLH>fjBu%2pYNwnIB4^1Da}#^p%x_K zj*jJlq!&a)xPw0%hVOMHq6g26Pst5anI-ul4kXsN)^Sdq9-ZYZ#RFs*uP+poZ=Ug8 z;Q`#vq)L623w#Ei^W)=93@AdhJ&H(dQ)fI26~==YZs5iCopvQdZNWNqnw%0S2yzm8u!ij7y^AG}w z(v~Y-<6Zo0hBhk%qT!nVUJ`fnM#B4GSXVuH^^)6Tj-X)@VljpD(00>pch%1K_(@&Y z>0(!e$oEwB?ZFLx@<{l%e)+teu(2nq#rHAygqojB(rU%Ox@|qjK>k)^TqZtS3>_0& zyRBOQu~&lP*Gm+VvoNiZ3yV)w;TaVSm`DKd%RiUqeLq1*V$&3Wl(Fr>g(zpwI(rp-J*h z>Yg^PW;V;%ix8%DWUdw-#eLB_)Oy0T#n;!gpLv(OS`IQxYxwd&@t67;+?11svz^n? zI;T>hZIiDW-%TGUu4-Bv?Hr}n>MMsC?=Om0X4AVqLt~Z{b_{F8p@=c9uaAdDD)s|m zK7-%j62{qaVT4;xdoodMDJ$zMbPt85RO4zm6;hR3cZ0>RU~;lpi*7pv zpNlyLb*PVG%2s5cruXpCLp3;v9BppB^WrFy*tp}dqURP;MCQw6(JQg-4$BkpE_Q3Xc<9Eed(uu3u(rraD*gO$$8uHtkQbNKwyC0nFiN|+`Mfk6^vvdtsyKCtrs-kP zqj%S}?k14EddE?!W%wr$uj@5CziA@(HAtAI)H6!i2_dx}BmSDN$zIV=99IUfMpzzm z*UqZqk0BeP;Kz;tN_NffLiC17ph^0o*@dhlx5yLO1n%vxtvKM!&vXSWyOSpri(l;L z5$MBT?>umGOR9MeCuD*bcK0V0OysHsVI#lGwx-WC--I#nUrbI-KGe#JbPlAD-ZCMz zJ=Esj9i;DuS_;2IRi#T-6tXKAF@63Ts))kEDoS0Y)~@3ito_?HGLV5ipBPP;QKF=J zmlKHS4>=(_{h1|LEJgvr$iMf55p24jXNQ|(V4tb@Ir@0|d}^C&F=tuTO;H?y$X>-P z4)O#F!ti%Q8(5sNdWRKG*P2d7mTqm`k_@5TUuuS>FX3QHajzQU@*X(|6Ig@bg@J1W zEU1WyH9BBp!NNk)f>e$WfnrIlxFR)JyET=pW9o;FH_T2Q3wS%d-9>tjGiqIJ z9}i#E)rhdVT-_pir)3#{xswU7;-lm?3UpmrNk$GRzTIc5jSm2PI-y7p#1!>%O+US z9bw9^BK^YT-SH#fx0VLg{f3D-?8(!0h${(rsmG&Yn?;)I_QO@f$Tidt(Dj#495uo5 zv?YAjq|o+XZGSJt$T)fNvlZjH(P@-b)jZ2BCsbA0&ABbLuPkht zIXPP(7beG3)Kyi>g)e*a73EZA8u-2XWHti&FBrkydaUq4s5Ox`aPK?=!OF4#fB`wb zS~zXErFOZyer1H4i8xG!{h}p?+KW|oB~RpZ-XWq_{o!a6BYR2dd~P_SI2wwaydXL7 z3{~&`?v&P!HcA{OW82m=o#67jc2dN51O>_VT;oo3He-SE?>}CSHRQsdr*>5r8lH+lV2UvT6 zf+SzRkr_9`g(I;j1YJ*0WpfHIpayU?EcC(V)8$}Uspm=Mc0ibc&^un*=je?D4XDqD2=JmNc*ifxvLv$YT_c z_|v`d?d_LTe9ehWtF59D3y*XA4QTlq2r=Kbc<#97G;dz%{b)8JcS%vSSaK_3tpTYt z%PHgpP8F)Zdnqly8@+peP%7--(PE;X5AF8qY&20-F@*UW(DV*Hh>d?&XjnoPRr&qV`BcSmJ@;uxNk+_ zN`ihmhGdgynY98@s%4~Rw$YW~%LV($?|Q*>(phuN zq$5FFwsS%43(2K*O<6Umv_VtqpGn@@ai&ViWq71XYA{w(MQG&6-~Tff4?xH zrl$u#?KgY0otgWbZ!*=@<-)RFPrs_gUEgFXU`$*zg21`dEzQNWBftM4IgB{Na{=BT zhwqU7E)5NDxfG>O^gvZp71nqFk0|mB%(sV`w@a{Z0p};4Fs$E;V?@Xw?$HqE$@7J%HD_c`F*i)5yoV+eZ`{gixj~Ons z;foaK3BGZi#7lQFr+wcg3BUe{?Qe@WKq~J|noHkE-@!@~*$QftNUJ%{yvrP!^@>Y$ zkj7UwtEQyt;P-zzl0V?zGpSO}lt5ocEeKDdAV#Yr?KKjj_^qgT&Qw@?V5}A+eFam- zw>!5i45Z~>CwMxpw*(}3jKo(!)?vn=+Ko9%W$4z<{f%ey!lT?RY@-NVv92G=k_Mj1xlh zQ_cFkZK$bWv&u~uH11=Bvf<8&oZVL0MIpd@!r=gA+9YO{z2Y~`$LFP$nEUbL#sKT4 zC;ZJknQ?rk;@!1#lTir1GmyENdWkA6mt|T%uhNk*g_AZtXd6%|gY7z&`Y}ojld2VM zV~CN%eHxiwuwLhzt+EJ% zm%8u6(BZPaRT}8UMql3W{BqsvjPZSF=7rHs&%>m$_1NWy-rnVkdeQ{Y$MObQ=k@?t z-khW>BP=gc`gT?P_k>pT3Wb!6KE7I15C6!A4kc*8^nAahapi!`EG^1XBw1-}Yrvk< z1BWl!@a^*kB$@*#k_se;8bY->k)Ag6ik%0BPU$LFUR~3Y`JxGxHsxpjttjkkCv0Y# zM5Wyc2NO@YDowPw1#S#%86#PtZA|gswX3KrH$n$Or}`=MeP15!(?;$F)%B@b z+PIU$W3@}c-JkMXm1QpQO2ISP@m>5jY>QkTOi8~q1PCx~2!j6*3FB+(>dMJx|4IGZ z33TJB>tvG6T?Q+K%^5ZTH`{~77f{Jp_;qVwv18&BSn^;vR;Jw6lBrQ%?}+IAWjXSm zyuR1JjQI74py4|C&Wa>Gjk@VR;csQ%j|&Y}S9g(O{dUJk+6v3`_cS8gOhl-Nci*tQ zeYMB+#eN^yl9G8lmTo9rDq)3tZgTAP`d&e*g#^TowFIR!TBLFx9JdDR@7049H>PyG z2D0v|2VyE@DM!HvG3fk*67-B~HfNRiLFs9NjKBIe7P0qJoRb9h^!B%QSKc=afA>v0 ze7pK0X0n5P9K0{atE(h#w zqPzBP^gLPriXC(1P3EnBw>pUcIDuBgiQ*`~$sxjpuopwLRohZGqOI#XUgdoqw3-fU z`!=?CZW*|`D6mQ>vq5a)gdo(+2!;D7SuJEs#~W0LigOW&9X0*iPZ!8>??%uu#U8LV zY%Q-w-Yz?AYOjgkK$J`xg?GwQD@v16Q2BXvEiY@shHIHfAjZg8Q z!Z@E=*s7(A2A@!v>NJ~KZ7s2UL+a)6470~j@D<&VB=Yy#A@jrWy;-LvB264Cc=cPF z*l#0yN|%~#g6UE>sfLF^M_ROXJZj%$73-iFtGWg0fKa`f)1!2v#e(-ZxZQy-b#U?2 zbRprf$!h9B9hmv^x>?3b!K=y|^S*Okp|QUij5-c{`+XFQ&lY3iIww0UY{Y(a2YLY* z7JF>)$d@O&e)6(5anBn7(ptD}sZjoejYAvGUT-<^4)B{p%O3!tqu?RACg9D^m6|XWA^|gNf)jOxTo!&wr$(C zZQHhO+qN-n+tapf+t~iE@9vG=ji`!>ljl@LW#-9<%*y(ncgU^05P2!j_GAbds0lmh z#Zgjz=Wl>8fPLB^#;O~*Y!g#K>^fc^=?;0=E&r1cCvc})oxa|isi!pk$7kpG&$(1Z z{fBUac&2{1>Kg_t^HNYj46PkbYLmD{^#qi%a_}96si+A?%ISlNH-Bcet2(sQxQCYw z-h4*+lyI1I4^xK{;9qa0u#~)HwV@GPOShSq*3+`b{1DPqX$)OE-hKAjJO-O(TU+$y z*p`j?JE6#lxcJ?2b^V%h^?3a?g7uv%A6S|J4D#@Uoe0fosv%6t-CuIr#w4pWRDm16S1vl$!sw_7 ze@C4OzKG&uam>F3CL2{|3zggQr%4bjwmdNAfeen#X^NG7d!sIyFwXCI?l-?^0ZY07 zg41f$H!W$@-*M2Vnw(fZI6;)u!asY|ZIE)PVoa}CsW_NP5aRaZ=s`&X?$N|W+k8P% zRsNEsYas^y7>5z-SC7pIaq%|woXDF0s0J%6-nZTKTI{h73)NN?UDD#ToAmA3s4vcI zGJLIBr?m}pW(GCwvRtcJ=5=@hqyAL3lC)LdbzW~SZ}aNvyI@8FF8EW@#M-3dJkp{_lInD)>^Nc4*F@&G_F zjQGJ5temcy-GWs;p$Weg)?7$Ai!<%kmtF4(i8IY<=!t(F9JUL;D$Y&_#LuqQTi-S` zgb*#BSu8K9q;65V8h;3F^xgnCgb==N#F8mxV(Ze3sn0kFr-MZi#U=<(=O{yxH(RzS z7B3yccPCBE-yojro3aV_>#z;650GD(aZ|veUNFMCG*rUg{8pC8R6S}U>NF{wjU16G zMF!Z4=`fk!vpRg*ZXr#KxhcK~EQiK#j>9wSAe&`ay3;?P2sLp9iaJ0CHm#04SX3sJ zOqxY89I|)+n76w}iZ|`#jreWq`BdI7?0{VbNEp_}4nMB^3)jB1mYV2x#m1Z)duY9dt zh*XyC+E%?%;B>dgSFzzTvh`|y&T4Ne*KL>gd#l%xOI7Zrx^|8!E5(P8is2~5#z0C9 zb=b|y_e!6o?pOwPn|0vC^hfDkuqLQ0rPxCYWR;762h?~!zEAK^-0Gbk+;vn_;nPG5 z_qTOo8Jlx_hH9;fv?T$6v8Ywn0mgJ&>_=h#uup=2xn?^I)xd zI!1v`@}vO|)w1FS{u-5D9^+U{_w)X2B#cjOw`aI)T;}~9K@h~4hwKH_kYH`Bri_O| z0yyZSy;fQp45$x?VT@^XOA`9`)`23RWkgq79c^T&BnP$uOz<_x;+79@!%+4CEAZ;) zjo(m04UQozBcjkQu^Vu=TPdr>7chF6ly%`f7h48eR<%*&*fOG{e+F;C9TV8kxzMGO zJ4d_8Uc2|-Wvm-22NsVFh=+uOgXgO1*3~bV#70&5`un6(`!%_qi9;QvW?_bqKgEN$aPRyg{Go!a6 zq6j?Lds6}@9MT3+ivbOau1T>fW$E!~^^*RhQBpZhJw8@@n)})E-Fe}Sbm!Isc+1gTh(4fn4vsay;LL95Cv5^u}&H1TfvyC>L-g3~!NhQ61&%`w$ z4u$lFKb=Ta$CM>W=ztmg3ZApAm-YLk9H@NB9(H+sn-RqKNNXS1%%#LC)k&{36XXPx z(zLp@xA5WNmW>8KE?-gg`}wa4o5-Z7@oP>%SX&<69%afX)ZKB60wGAQU6M!21r)=D z(rPRe_$~I7nSWgx^=}yosKLN_K>7`0a@(q?E^R-k(LVD&UN$!CESA|T&>_Ol^x3wvD+uE@T_etL_j)3ndaQ{Qu{ zJ;vuXXp3rmo!v2<9;S8O6HNbLm6V=813rp5kv)j4@BKK1+XP*Q186KcRkXD|Ud@ih z0;UT`x&{%Kv@{RLy8gD-5Sf=to%++hG}iC=2N9K7{OC~jbTYhf?Hb_i7=sesO6K)o z==&V!yS@1vf_=4xrL*R#T&!WpQYb8I{IAdwGn^d*yDDUpkil~!Ac|_ko^9YP7-&`C zM{jXNvha`;$Q}f7WF5S^sdUgOc&LRr%+vC1DZ6+>EsLwZXvC}I4i z9r5d2<%Iwx)UJ{fFT2_tL1$}HQtL%|nNC$Y?j~@y*RSr9L6buu$T?{3F$8;D+n^Vh zacpYCO=uk7KBLysklO;HpOHZB>b7$c9X3C9Wmykbs?phN7@l(g3w({;XcGs`!$=uq z^DNP`3}8x&qXg^kQR?Si@{zrScA+N#t$rm!PkvAb%`fZ1EiG|(1bpJSN#auUS$qBE z@M<{nnM}+uZJKK>2BBW0ZlapjB$YfHcG{mJ4KPKT4w*XWI#^&fsuekRwt|l^xeps! z%i2T8hE;iNCa4rPrKx|(&?5gJtA#Q_ebtbMrGeHvppg2*dcS%giNIeZ$dfI)vI}`o zwjf725T0GkpPDGtzKq9CW=TXs%7KZHpp|ihLPK)Q{YP1^>!9*b@DA+Y_(0)Ry&2M= z{6;)=I<=rfnV6pRw$ce~A`ODJrs`x}=E5O~!+J_VIii}Y+viI!%g*LH^GV?IA<9jU zLSs)mtfJLsH~jQrLzUo2rW!@Kd=Nu*UQGF;CQ^%QR^;F$$)YaV%04++TPp=2Q)>Vc zGv47NyChqblcOf5>o}IUT6j`Lvr(BHQ^9%ZaAJi^OT{U#gm$gR+FIMu{yR2uHP9C8 zq|JS~)?|NaVs$l{rE+BFS(4(Z;nUhARWpavP(z;GYvj2@rS^RXzMytGAh{d1wF`;z zg@#%ke>9#8j=GQ8#3xF4Bi-oo0Xq?bV3m)-Y2+whj6YY3L^9-gu zVZ5J4!g1NH4Az(rd*+yr_+KqEj>uGe9IKXlD1HaNoWoYR0o5iU%a09b+{uw}9+c}3_ zY3MITPiIH@P1@07@~M%iXgNkT{kTXn4uq^D`RScX8xGd>Y?pg|h*+06%b>ORS3Nl7;gYmg`0)WxORVo8y8-HE-Gc*`|>uub@vJwTs$U zeb(*hAFs+!^$=l}I6Ugx3SoKb*%iGgl3y8dS4~d5811~JpYc!F)Rn=>6XZQhC6AQ~ zQOB)rQmieQ-oG0EILaW(Up_ch+f|TM6r30ze^4!QRk(JXnD^0{2u~8~viu!#9BHFZ z5#ke(Ur$rsUUhg$@TV;?@pawT7PX6)wWX{J65OO@<#Ii#&zLIrdq_!NxR!nAt_Xuc;j%@iURoiUTTJBzP( zp|+pGdDjXr_`4r0AikhqCAW=92gy!3<#nPe{3csCxM~E6E>p^X4oe0{w%C{bFlJ;- zy?V`NxmZlZ`}LMgeAO|lz9S+*=}kvcG*)r%Q&s?A^Z4=Us}A4yj@ zJ%ng82|`A)|HX+G9w!Z2QRMV^cssB>K7?(UP@!!{uY_u*Rf&c2SYagbUbX8$2hBt$ z92DN&W{U7gb!1hen-7y|=`r9R845y33L*hHQ5Hw|q5(HI8|z3ETFLLe{Ih^-ut7Bf zi7*xZgs0UJ1{jHIdQaz{4A0jKFW0Norz&gpw)5Bbnhg~falJ~7nz1@JYx?Dgm&FF# zWl;}%Vk*;)mR4nvYVXM6_lkm#my}8!OCk-diHeZvV9wV2( z_tcd)Ek`mM(}B#j!>+f>UERjpkf9nKr|%Wpx4oF}#@hwWmXi!Q|L2Iiue z)K=&f&2(FOWK&qmdv19wtrV^7FFA+a=brX$Z58cnMM@wJlzYi4nT-ny){qD7DMAvG zLvmbHwIU3I0dY!!KM%21DM`HFwJfK~h~v~$uMrWIZ{mpCzZq{`L>C4%4RGcu=1u1H z=iw6t>6y$qxOJ|jF8vnmis4#1z;+=Xr#K|Mv(ILXq;(?DE>q1x9p&4A3C4&<;q7vZ$jgT$d*FCNOaJ`bRO%~KVCpdk z)z;;R=vmc8O*(1KGdfI;&w6(SUpH-s!4O!3?Pn0JO&jV6s5VBRXQXo@m(~d_C)4|e zGf!gmS5No*xWro`Wj$i?EB@E&Z22Vm;x#!I4^{x1uO^j?np1 zqVfi;R6H`m3td`S#pK?I$9#*wv3Ha&CQqdSdZ3*J65=23C-%#r$2a4013DR!A}jL4 z$v6Tl(;qKjAsztycU_T}$!g@ADYjL(tF{VP^SSdZ$8XN#zpg_ZLv+!7tvF1(*BqAK zEaO4b%do5PUg^Z(p1iQ5PBj)=@MEEE8;oc-{}dkl_MH|zYdgi1v^2LX0dFt^2NPBc zxVu#qQj55F=>-2P2mh4}{&$uZEgGCs&aVxxU&0Bf5<09DXT3Oc0i^ z4?(~=n~^uWSf5)~&Fv!0reduT5q*NH)4J##0fA4nH z?Vql03V6`3w;ZIOp)uk=ZTIcsx`-K~3q<`qakUdwnAf8l6Zn)oGq<3A41(QV z(Vq<%(J!m02KE|pWBbzx*li)NBE39b7eZT`epXx&x?dMcJAiUzLex0KMbXcb{pvz$ zmixGlpzHf453VNa@k7=hrKOWw;a?*!L)JGd%?s|QiRcjxg7|twnksl96-wLb;nRnk z{O$rz{OD0&3vEQa4X0~Fgg;3Uy=RT28`~D&1vG#lc#fzuf>n`wn;roE#zZQ)kND6E z66ZOr4cSA@5JJ0y>Ov~|lfFWm72%M0Q-L`ywnex0%iU=3+mXjHE)y8`k-xUk2`7jas}nIx{?DQ_oer#s z^qC_W-@9e-F~vzo=v`)1+=8S)C85(rmw{!xELtL-X5b7h`uy*mm~X)tc-R3am7+zjQFYl{QFES96@@o=3D_BS_*H6Y;rg^U+)>|>2w&)oebffy(+E%A|c>N_((1qa|YsTr5h zQz?%@_KSSO%K%by*Q6sNGtJFL=>m5kCoK3kRfr67nc6T$K#Z>BI}21kK}9{SC#twG?jL7ohQ-{HbTRv9b!jBh;afd+s(pVgvQ?OlfjF=c#8}4=04_Jn za}b+tUI};N=6gdW49R~vDVjwoP>Y}5O&jB@7RljS7h3v@SQW2)Ysmn^ys&+vD5&Ml z`mxRVzj7Jq50^0?2vH^osmfJj=54G=uU{ZO%H_q!u?n3}$t%YdY%Wk-=PW}Aoa_I& z-gSq)OiOKxJxk>aoh~u#zc?#D0C(VK_C4|97kqpQ?+SyT7eV%)4*JCEy(!VJy%1Sfk7PY34U(DTDl-kS! zo~p;#A+&W7!~s}M3({$`Hqa_o82n^JS=}LsRmq1h;BRerUCbt=fU*Wja2^1MhAat+ zx;kS+p=%h~%C_tfu=dagQthnx1|y#nMcaQ-f`n1hn7wZq^!6>^TN~6`@Y{^92D}La zikN{wBU>P%2T_AI=$Nbt*huTZ8rZtT8cKt7Wn|YK7d^f9)wgAYI|rNBi^fY+&ri(0x~sF>=v*p<)pQ!Mp41DaL>Ix9AoNsM=uI= zxDrlo%S7(vU!4Qx+)-ox=A)`@w&dkDp0Oxb+Av5Ijn%eW@V7=se>h1w>)%9{d{*52 zqVYvM%5iiA$Jhq8LY%IVPrj5*Tiyl72yd^VN$HWxPhmKzCkoqun5{G8P#Ft^5`Rf& zE#WdW1p9)H4^kIUJdV23@b;|gS+n&sc#Ge{H-i5Fa{Tv`L za&@B=5Ef*K%C+APx*;By!+8{L$oFyggL_Md==1d;5S@eslj^+-kYA~|j)l~-8ur&w z9wex~mCUA$>5Iw`xbg_;#!NNkv2%s#}v2ii6WuaYSV(o;ybr5J78Zh0G ziv<_a*I3v2Mjb@iO#;c)vf;rYhx;GR3i;|TYrQAqk{<@`jX#d7iU{ULb^p#Z005-c z-BiJQTK;7efB)8mTUx`?#}u~W6$=d)K(9(d>t%`d}mDr5$JQw z9&NyGdvu47r=`2r(#bAOGacpk2p#nz(@y+O|B;M9MB=wIT~o53D?!d~r>Rcm;;OxwgE`$^nZV3-bsxm(x9~W3#@4Cq@!wY;G9|^*tz}G0Q!1*~E z`jK=vc;aevYaEQlYmoLK!nc;(o@v+3H1t#*te_M?s)V_zMms* zM86;&Uf~6u@=E*(QM^c*MtyOsv#~9|rptYic%!0tWBe$jL~<>owcXe-^Ch^j3)J>5P>X=i>@4O)WKeh?{c=! zTAW`D!u0t37ote$JD*UVIa*0sHWaWL){g?sMSesHl(pkR`ZiJ~E*=#{B#OEeV|UI+ z$genjZ1T$yff^rNKL8V5!sXFF%**QtOD=x&g++sPc5_qo0d2uI?Jd+Rfm_O4(t1o3 zbaA_-K{m-LLiEAGNU3g2=+5kD2ZwIPQ1ks=#6z5SCWY@R8!v&*M{jY4jWn!WEPn`F z-h=5`D+_B@fX;=m5mPRs=HSMUEl}Tn1IfL})ebtznXRn@4hu5gKUOw(=ND;WUTFah zLgy=ce_dXn{LEb>7YU+dSmD*{fyrsyF{P8g_j*Q_CHR|olnO$Sv$gY%QULPo-EUPL zEqOU4Y6=C4%$mzQ|hnh|*l-QxB3g0~EZzc3G&3rblicqIQ1GNnXNv|`N zPlF5W2W#4lFDYkK!)vvfInzq=o#qdyN0gm4p=YHH>zQrJeL-@&lrJR z6<7MFZ;|USRIX3m=l7mj#oZR>(-z!slQk%kXG9)TdCxbj_lfY55(FL)b2fqba=o$x zXlgr93D|}771J5`*4VyJh7AO>XY>RAO#NK_82+TAUk8keDyY@T85Omt{`HW**y2^? z?#?-oGX-o1ChN$bpw-+p&V}d{?qsqt80eVZnfmP-Ab}@yO={CC9*h=NR}jUfW$$YT>p+IAL0V(N{-GzNY!7?=RpxfwqC7y+Af=dOL?3bnA7;FHD~r zCXP(g#DnIK>#WCT6$O0!Qk|Z9>EL$Y6K=6Qv76(+=8w}16^DwwAQQl)WdPL8Fh-FT zYIVgJ*)wEbfvrSOfu;e~Np^jr*>wy*_@uVHq$aI>{`o8M@Wt0C zbTm!5$oF0TK$W{sOZHPhn3A$_>AT^(^qrtf@R-VPE-oBi$e^SyKeqPCVs>LRqr02R z^;bub=0Fus=X&fWuFtdPhR#A(o_yj=mXynB4Qw=+%g^XG$uUBMW|BrH;Lk`b5$W!^WOn=$~0DyY_0Lilk$<-`>!DrD~#x> z*kGI>Ht4`mNvaCqi}P;xF^-2BdGx;MCQ-m4sZre&|63ljJQ!ER<|6dr{DjQ=8-t?c zG|<4~JE<18VpBAMgSZ>@Rg83opZwD3SqTqt=u>fMAcq5J>z8-Jg-(*-YzCi@mwg8nLCPSd?tSFiILt0BhcfgVopzT36k6R{Wd%K(Mi(rBp>9!`njCTbkeZ^edn#k zv@f#m%}4HDV9qyq5t`T9ePJ&gH}69!k>86Gy|5PrAEtXhOuFCq;@)3wSCHoU@omoiiB*M=8iq7g*9 z(AO}p91IC3IL5r3p3r8j0CDIZ*m zlv8nn#JJL+eh<*uZ@0uRrIbEM&}zO!lICD@^U7Q*xR#=W)22k^-4yY|v%f4@BQGhi z8w~C>P)$~cB-^(4#dQ{w!{X(&II2WJg6VR9G-5sBRS0OrjqL+V4BU-BqZXs9JH->-B~3)QwAL4CqCo!bkTZN`wFom$gsl8Pr(3eK zG^jINa+ot8MEGX0_;AAaJ0sv2Vd#CFJ`3{;ZX5ggYzg>INqbny&=71s5%@`-SZPi z1_`*0F!K=O_Qfzq4`WKkI;rDcFgWA7%4^}j!pFe9hKGkmL_|hL!6<;&G)Pk8dd`u- znWQ3DMKjv;V*y42=IB6Z+}<|K)@j82@KZ=wHE(|IP4V`p=d6H^YOG>HoABP1Y34uKH)Rn`cG_Y_Bf90;v$_wHdbr*a1PVC8Gb>yDN3 zSl;}J(A_T2S{GK+GTg_tl?7_=Z)ppJ4mE#%$WzdRvqlc?ZQU>h1>JNx%mvra+QUL? zgPd82PJ8n^h<3{F{8HJ9XM8v|bDhb%55NWf=X|lB@A%o>qV(9sFRr4w>Gtnuy^Z&n z?v8gh-yl;;Re>nb{ep#Eb(cV#s675%1qEQ;(Y8ia>%rXV^wMkD!z`JEOYm_TTV)01Xv1Io)i4JRb zXf6w+x8qbx91hGQY{!!3i?`}Ln?ADlww_gm*8eyang4U|{Ku60zwkQ$@0s^MDmx6U z|4rHXN51)YW#(UGnST>;{#o{qdh^foUv!;+bef;O|02^s{yQx5&zS#^ZvIWN`SwXu3$O?DrXw5gLMiZe)>j9InOP1FtKl|dt*8^QA%n<)J*1A!NwLD}FN z>Mn3zZi(_^E2G}8sjhBpUZkm=OVO~zZnB-FVHmq+XGI5Izkc@i^+ja++jX3i^?ot! zn3Gr;Qlk?CZN_L2*ZFWq4CGyXiYIU)9aLw0x>gzR_S|aA_s%AOF&W`6N%KwWc#9v@ zh)Xay)pbz+NXg@EW{E4{1ts7JSEbc$wECBms_ zc~Y^NH%7o0<3YE_YI2Uay2k_P=n6HjXYY=98G1pZfUf%+;{>c$&EfSf1IT}y|C=TV z;|f>J@lcsIUkoCjbM5rgKmQP@*b(Q#?~5R4V!#e&AoL48Z)}!FUx})8$;{a!aCQ*N zBy!Qjl}+0wcKH}CtWWMIV%+eyLddzEBzbCKDgQh7^Ut;j0jK2a^-ukbPLKq^^c=*? zx4yl|DN+Z9_>gk(eiX7FGWmDyhw!Wl5;{6c?s zrFZ*-!zmhq-p421`3O<@8M$|W(L+9DstO>hnmmwK4IfUG>1vj|ud{jz-^a)!xXl%mocba!~bD;X(cVqox&Y8dykOzb} zsEMV(W5!g}`(k#!T8t#2%^PXW+2|8bfHu_Kdxj%>aM{pw-QMfnZF*HY+}?@UJo*Qa zH?W%i)IHk-uGRjfSY1^QjG-ME<1|B#b^z^=oI!f3eW=}4&oPcW>H2W?i4PU!;3c_X`BJ^@=I*8trfH&!2#chX0Ao`&XxRjh$3{hC(7aQTEMjuQsdEP9x* zd!QT8w$1Rdd)x55Kb4C|1}40olIGs0nq;PwYzn7yFC(S0Mn#kCGl9KhUTIt8`}M$mW_ zC#CeS47Zemm3maX%XJv8XmO~0H0DwhibLjV=DLcvlZKI~Ui|j%%b?0EnMVhz%~0DB zy}|T+z(3JG0Z*>H4;=x$LD^mq9QmYe)a215*kE!;O-fZbSoaMxV>`pa!q*mWy%UOSYf2rw&fbKE|EfqKe6v6=9dipy&6#|{GKX8a$x9r?w zK4=-efK{DdHF{8 zhHMXC@AK|V?`HoNj~6$h=#-~zi$mIJNTVWNj?Wy!fB6XdNcaf($oYtbM`I*purJAM z3u+5r?Sp0vP0MBMksDG);01S&C!$GxZD8R z0DsQcD78^|t~jo2sl-*}E&Zx)FA4|Zo(x$eo%-$AvJa(x}lJBs}h z-axbqtJcTRm=;C1O}hO$Omp-+k!S=ZP(eO^2^(i%TW~y^d9hBx`Ht@q?KVS-2Y0QP z5{Dbt5e~&lZ(V_@WE-%c4tM@RKvknuf;%?bHH+Er?sVuUoB>jGilXmlauc zsPRis^rmypl1Tmy%I@>}2IhoyqQ~!Pdc@HVlsoDRKp}zohTJ0`O4&dh3E|;C;0M&OpF$l&z`lC zI;L+_us5`afBt6jM9&@_1Eg!OUtSAtfoZtL*!53rL+A=_9q-ZE40CUj=dZ{fQBrg-zVk$XPYXX^l0J$Of7p(w2l{PM?Ug`KK2R0^jT~q?HSn}f1e4VOn_oU2 z;7+5mGp1_2kuz{J9lh)_JNLympBQPTBph&cKExhqMf;C0cv|WqfMpmv542YO)CUwV zJQSv`fmztW%%3RU011UfRh6JEyX1ad#V6NEsk@jNak4dmV#1s6AX{@uj^1zMf zMmw`$yKO#sFo<`BSnps`a?GT*M}a2Sy@7R*I9rBTtG8MUYFQBu zd4{ZoI#2lSb6)J*tFv268J6ZY6D$kMizajB8Adw7c7-S zR5v7r{I&BI3s{u~;3CYM3bMX-Y)iaV5#sYD#b&x1fT$^1_W8bS;He%{IE+{qsv#iL zIOGGP$hw&1siNbhq6YXYF>8vfVC=9u}| zkbOXXHp}DWefk@?7dThy9S)+d-$-d!IRZL+G z9gpMzOd@Ivb)p$_+!rY&Gsw`4vsc7_Lp+bEPjdEPg5MOF2U;!5oo?w8NZ{_pjls_p zx=qr~F;pmZ5j&H*VcOYWlqOGNG(~`&?0x6zq%@k1W&`w1#Bo1i9TB=+$LkyiAeL3N z(>CUs^w!f|yC!06mW%n%+}Y!9r>AxH^S_ZiRF7Y`Xq}a)zNvzQHq9BCAI2zu`e97R=sQil&HRcL;o9uO zzDE_y-|bXA(_|QWPJ+2)GyUXm!E(y=CRM&q(xU--B1hCUM~gCLNy+UlZA{v2WWLXu zj~j9lo^!$r+ufPNt1|KjzFrWBJft=onL|MX_4P)}!O#IkYjaXtU+fVyD_%amAFxu2 z3*h7t<@+_aGGeN$uF%#m96Swgt-!%9ZDHqIz?~%ptE#GqAn*E1Mn5`RqK96&!6j&e z6b78X48W@lRj;F{mKkUVE|@I97AJmoXa;?Y%a*?lR|wS;4v#(Y0+ZzPVd`WM``!Iv z>L{GE6!$vSF9D8RCfZvKk@GVa6>I4#xq4vb*0-&z)64g$ZEnIH3Kh7+^+8pS)A38a z>+UmU{+Xg$-*OpnSdxNz&p4@rFDX(6t|S{IL|+-{%N|mm7E|8Rk0P0pZH1BQL6$Pr zyIt<&dtZ>Sc=|+9;&IV1*%-EkWcsQldy&`DJp>z?N)4Hi@tAhwkD%*P7fu`>r^|y_ zUk>&sXG&BOi!K!ii1`RSo$4MZX!|=U9fyL)lgYK+G`05)0;N5r93_9EBKQZcg<>z* z1tW8YSJ+M}+aq{ke07*|*C1ZD#v_7=4a`WlP}=b=Q4vV7GmistFzwpN`Y|}^x@l}n zAy;FtqTIq_$OOJ45@eLpiBcRoH*v#>B$85ezpMX|Kt*V8=)Irw#}Yge)#tt+J}MUZ zr=U*J^knodcMWZpF7P+Hin65_IA(y4Gh0-k4-FN1ppT^5T?sYW<-NTMl)NJbevshx zBPR>zl_OmYb~;*&yE|1tfFyc6KV6)TV2?jqP4sXMm@y*YP(g?@>2VenbYB6~WkYa3 zYVfKdh?;lzX2Rbn2*WX>1o#yfx9FNj2fidLoYeVCqAVjQZJUu=iN74z~8d_JE?T@E=)Kk)!$IuVEXj zXz1k8I6>k`7)SDF8I20KWi;C%>B$%+MNJpYYYm0)R3agSM2P5NabePphMvr}1%-MB z#WpsR6wW0w<@yX7V=BHx@97YxQiUakB*OTC_E zR=BiL@(iduiMF=5f1xhzn&`ryoSXPS%zm5ciQ)eul>-b zh?-l(y^~9%w+;2NFJ#XpdqmBRae$Ns+_7;Kc7oNHJE}w8oGcG!;L&9sb_~*mh>ssN zP`_p7WCu-skGDMA**C;R2ZMOynp{&1`|r8u)+@O9p(yvAwvkek(dT$ z1ji81PauOY>yC)7I3Ux=nZbS2SsTjeRKtaj^Y;eQYPEZix7vM_M1!znV2YK3^_(>V ztFUW>Cjl1Sjb1)nW+uiNc9Jpq*Pg{#R`dvfsh_TC>-YKFTFGHW=#jd&4g$7s-Aa$RMdsGq z!L6%@COIuBKamJPCLl(#cgm!RY4>(OC^Z^evLN6M1u1wI4*}r4mjjs;dI}4Xpb!#S z1vUZ~1Xm=5l*P1u){`6yi!o&Z-g4N3>HA?pa$T>UXLE6cWQR zO&1Lj>JjRy;F#LKCg$F3$x|7}QGiqA<-YQ1dMLd$0gRAV65n>-0e6`hnd3&Wa3viP zXH$OE-09hmhik=?6=Fd_*^=qYv^FZj0tU2#9tVOw@z}rKzB<7AnjQ2IvL z2@8bX9Swz;C~dDI!n%)dNW}!OI-}XwlQyUIWk98O_o+;>Q@RV`Y6zUy0BIo(}u|bjakNpu)_$7sdf!Hg)=OH1_Cl|d+a^B-l&SJhBT;FN8o2l!6&Ttq& zrK@Iz`J4la1wmWvH((}n3fz$94&isB`g%9bjy1c-b2;FzI!Za$@k03FS+Hbo2UFgx zjaM_HLr}9=vj_w7q?X&rV~&YGy#@=GldJ>LiOfuB)j}|QzzNEO&OdTvFQv2s8iZ88 zrfsuqYGU;jNm-&AT2lVd36YtQ7ErmBUD|Z9n9;yB{C-2nwY!S@$s|$GDfe>3ZEx?^zP1|ExM z7W*!Ygn?2&ER0BY60^8rbGm~Cdetr3p*XWC*o*>+v61~9rDYChx50i#3(xH49E;{( z_G|-dHcnrU`-yfCUuSPa?x#+Vho#RJ>Iv!e2C8cp)`@Q0bKUg>^YKJEyRP0uYqv4@ zg`S>C{ALjAz53RUNYGy-q`U^ zT4)mn^LQ~*UPv~Q%pX|0Qu@*#D6QGFhgw$kP%P>p{2G$R%ox+7$|l9|w+Ii{k!EEu z)0tYk(9Ai4=A}h{O0gucTXVtu$b@^R z!T9DcmCl=hSdfy45;LqD=Enj~HFk{`n;R=PC|cv_LW1S_suWT^lV$j48ZFlr1Hv&> z_2^;x$)d=I$vEZuA{G%rlM1LQS&-1=UHEA7mZOkwp)eMw>@AMCK6w9@vNlJ%x(uNr zZ2`b5ne5vd%G|%*Qq4fsK4(Q+*{~3_hr2pK`4Tt*eYuK*DE5o zb&{h+3SAUengU*j$E~<9n$iWXBqN}1bM7$=V7U>a>%*G>j@x?eL3Y?UA@@Ywf0?G6 zQ?4wnsH~-SEUhodZxS9T--W!E9+XaW47*+H>PMGi5!dt-R}>ynkd6g>1pKGu=3va;;yH^dtG6FB(0G0Y>qhi%$)9Ng(72H!01O6C zpcV7b0s{=v+5wOuCXB&+23r=&4@@w5vtM7zrle}iQ%J*-Yr&h6YqT~H(-`W$R*$dy zvA*x6xnlAiNia>j)45$28#Pc^p0(?)o3pWXpVM#~zR_mpC+n2I$R>txOrWXupmp9F z2`*s>i}&xItDa;ircCnChs|?%rUkA89w??MuE!r-uEU<4Ys<$qj4k=8b8r?6JA*oe zyu){ECJImFr#Wp1M}HX(n~kQi1!^2z*o2y)nl-8u*Rv!lH!831E5{d+C!XH6TI0m7 z>-~hZ#B|;g1X=5);YA6e$F3VO;WcsR@WZbSQk{o;C2b(@5aNPdu+Y(~O$9!DI**+5 zR2rURpdqyIRoBl1?Y-Ay`n zlL)|6F#}qhx}JSie}GHoyhX8$bTA=(tC2A^SeY}$3n9rK2a3Rq}1Pqexz!talEC!&|%I(6- z#9sN+>rYC&>6o_O+FPZoqIxy})E;6xWthuodECau-}3+;1X$0qTC^w7Pd2L4Kp#i7 z`ZS0>47h9LuEF*4WpXPZhr3qTZ|GbVPf&u-w48W5WIvvcqFK zqgn4zt(7&HC1Pgg0mx2^dO-^UA~X ziWkm>qtG>CJa9*cEH-sU%Rl~K0Chl$zcfMN=ArNkd7c`oAzOapi~2xk4pBJ@E)@c6 z+ul@WGW*%~Bo(IrW?{ZGZR@NHudxa7&SJdLDOi%8^Jl~xi}5zMnR=b;=S*EbGxtF8 zj?2LLjHsjTrFh?!?V*iD{iQ8%feSh=BZA_70v*Omelyu!cDYGUm=SD}{jC15!Q;g$72;VDBw4l9VP9{vS!IJQ zZ>5kB{NZfII%+*;Wvp(`obx6W6CmNF0%rj19N~-EW6(wU@e>6acT#jyJ66oZK?F8q zgI%il+|IIn*l3o(#AwDN@4d&zgh{P|d58Npnspn#`P5|9c=7S2<45OZ{7W69OFP25 z@js=$m)FyGorw^01@K$~$7P*9rqAhZ20?MJ4g%pq{ilOoF`KOTOHgkiwr7=?u}3IDp9LR^^eX~3m9d9pAzCY&hyG(g(PB#n@% zsgJHW=_rXS{!cPVb$*#FC(QDS)U!LO_v|d2c@rM>8--gYwRBBNH_lP(jDAnT9>i)x zrlqLvNNRMkTIP|T-@3Rv-!)^3igSeXORj#WB`0{@OeDhQHW0Sg;q$OG9x?+gvu6ND zMij#HW!GyS95-Og1sYQfEMB!Urq*ioep#jPKUhL4IhM@wDy;HIWw;oemEAbF@+3B)4!;0Fk z#Iu^He2L-WhM!%&e8W3$pZN1z4bz<_{j_u{5I5RlQ4jOdH$U9*+Kmt3s+Zot$*Hsd z@Wa)GsWaT+j>S0i_$I%dMgii*87dfv!eGB$CA%#d4bLGpGK-v`7R;PA116p!BC07T z=xGdudqt|m17xq1+UiuBE#Uie(U_>`fHD&}A$vWRx-x!gb+D}?tJqhypcQ)Sj@6Oc zI=Qa5ZlF$8XQ_lvj278|YYnoY*Dz{0W?&8O+OuL^hH?PQPzhiez8346qlCK3v97xE z(7MXdx-(;4m0eWN5kxfYa71Ra9_iJH+;Y0Ck_A8FxH?SXuu6^Hcd#gTywQX zMKo=iS(*)+?V9^E4{Ki6{7R$MYrL8P4P&!t7?&|7CSk_JicH%yQojckG8y8M6Cjpc zqHD2hjq5(we%Dc#`hC~Ou2U|?<&sT8)DL8%4qZ2 zP1>VcRS+stj(kx&N{~A@cM`d?zms%6YR7gjeY>jOs(i_dy-Cz8G?V6fkZ95D8ul}m z)Uq<$%l5M>*4@!^o@)fx-B5{-&mJ2*IhcH*AW++5(nK!6>D3Q0Wl6i2$|FF0gy`CSAR`pR+MmR6sn6BrdA z^~XX{eJmFW3n`h5 zR-BP&W7#fJ1lQ?6+*jsP*-lV2mYFM$YN#jEpSY=a)d+5M%2ku9J-*oVw)}ZRZ(ec3 zUZ+WCGkUy%`qfi<7wXox#Y65?{f<4C&RzY)w=Y`NobX#*b}?C1*FCFY+VwqyldJa> z@03BTyJmFFyc6f9&TDE;OI~VU%s_}WfcFwaPaZ*GDlI%^z1${Pvca$%?hTKIRkhF{ z_R^ui>r}~eD7fBiUm~40h;OV2Nh)}EAGrVSX5&lBVil>U2ahG ziUw`WQj9A1vW<0SxJJ?Ul9@F`f^(+C7B6>pwWh{f%l^&9+dD6C#@JcKTQ{u!I{s#{u(71t5{Oy!6>T9~>{)!F z1%-qVQJh7+p3jzhVP&%^4JLtT!X^)&#hL8f?BeX2?56DgESI(L8c{C*VK67(oXxX2xRxa0asiB?+>#|m@4eSX(KKp%31gmCIRJ+&R}EALKC zzVlnNrh3g5hl_ck_`SwdooF6R&`2mDKUACize3RHjnjWk3`vVJuelaLwaRgr@_XHLqkKiGm$LxtDuZi(` zp7-f}ylO4KHnEp~NdL6{Wu8kWc)dzu8|xUU(XO3~7vnW}6W)ngd;y9HF%lcWf^4#Q z+UTZpTbaz^(jl=f?QR{xxu+H=giWb>j*z4_5!EJR`Lga%R7MWaUI6q?kN~umW?6g4 zK}OH;B$|jNSLrY1H|W>%HzsaK-pN0ye@_2H{SSE~HC}0y8T{olF zpFBOeGqcU>2^iVc#rDVFx_oL%%A`Z{uU@(G#>YSRL~KvTR%&j72O$s| z(Ra|*xmVV8#mkGsbBj+ESERcqExctIx8f>1RasooSbV^>WxaX5WxM$i?os1I&exnj z^6EGTigh_A`8GRlaNg+M>U&1@TtJtJtrXXBYmIBYH(HdY37RwBQZnvTva5 zdV^O^iC=LA&1L$hmW@RrY&#WV5$euGCS(?SLA>U(yEgs2F2CsIdpG}L?a<#J`c-lN zGe5$8FYdf=kvo`C18G-}ynNf*Jx2}~e{uJ~_N&*e{vPfbc@Zxf?Tlm^C`KkD#7qW^ zq;OJRBxf*Z6(fW?bJUenRVRTe5@rF2*@BFwq`*_J?v;v1M+38YFS8#^)B4yJJ5HId zuYn=3YF$Q&jAg{k`xz$Vbb7E$@#Wm!tSgWR%TR}RB{IK$KZR4jL@1G%*bG0$WB!-N zKnwrUXtX30&kZIrC|kXW`fL!~JOU=Bq1Le3u*nvfY+|gkaXsU zp=a?j%+XD;!8uCM7c_FaaANSpAeh2R>jUA7`r@w9lvi2o_>-r8AY`^DXvU89RyQj?oPTA!J>>-gHn{p&79 zm3VRs*q$}`eHu^x?0`O(RvoXETd^Griarc zlO9NuwA|U4u0)K}l}K^A5+P1kBE;!RaebyfUypg4{*@zMCPI1{e~ zisO|)al8`$itju@X2Fa~n@S|-s%`h=26G?u5E-TxLV4wYlYp@~?r zNiLgj3uC$JbQEZf@>31 z9mQC^+hR$2t7g^k*0y3y2^O=n#{V#{YuUDa#oJda!Qzl-Illj@wor3-QNPR`)+piP z)y!cfT#S(bGWq~eS%}JL30B|giDZvSxIwkYP6P?JIC0K-sq-=Ch*RZoI_)mEn;ygR zBexM7?Iyp`pwascA$QOpl1ECn$W2Z)7t~ONL)7Y&6I8m>&T?Fp(+w@RU84q8VBJo) z)2?Azb;xKyM9pbwH1C(+88B`t+m})!dtgRu^|{4VsF<0bn@e^$76hF_8i%l< z))5qwQ`uQjLs$KgFHfqPUYeqfMjgE0Qnz}%K>9A9;R&P-W+mfhZs~-o8}JbT8NET4 z?lL}VJYsytp|V(-H7Fnih*L~yHLeH507zsoHVBQn9l{TAH2ikqGn(X917HM9#l^DQ zxjq!LsbMNax3P%^{7Jz@T-A6Y*2?3#m<)rn<;j#|ahXaiE~CVr!O7{(9Ltb_%)SiC zh@dZJWnbD(ADzfMJ0_?Ece>?ts$MyQN}1`4a&N5ct%AY?h8hz-A3KFVFMKVkRu!%` zS|d>@N;pfbDxQcF&J+z>V{ue%gd%DV#c`ZZo{p|n)0|Gw*qH(2fOQ}|P(7R(&2R&z zO_sIJP0~POW9mldj?`VoJ&wIK4?CWydA7#1ncr?EiqFue@NcFZ1I$!nfSF1R5G(FQ zS>yxbv5ga(;pK3I5*wEqtxB|FBAum~`5C84wG^+Ox~Avg%K0mwUfH#>O>3x~yluwn zs4JSurkqs^=CHHAeDiW!D5wg}zT^DPeOtc2=hF?@N!YX6;rCUK-}r5tc<=pBJsz{} z04fj=Vu#t4^n@C&m2VFV;Owms)(Y#SZNiPxDe>V*73d<2PXMlY20)_IX*Ik9JD$Z`kc88+6x6wEV*|0xv3;>)vEwl= zD#U^@Io1nTcEyHcYT(-BoI#;*((Rc&4)&#MB0?i?TR&J8*^;#>8@V|dHf$;q5o&_tv9rF&JaUq1R@36TZH6#^EkcJklw z+r<<}P(Mh}J&FV!JYcba2KdJTV~$qxIzvwI`FO$S_w&Y9zed^bc80^G)vpdq=Ahp( ztAZ6jh)==i#Ju0%NfQ(h_Jd9~^Cpb_&X7i+S^puzKr0aYa%l!ncOC{ zU;FYl;blzs%e#PEP-$3BS{o5B@Xcr_I1t(#+#I?U?c#R@cZCk2Lm{II2)kMp*N3gu z9uCCBg$JySP(3VLEsZMBGd3&;yYN2WurTb?AQ}}I1OZE<0)ocorHL=cWv#`PM;eng zk48$LReHRQ?zH~tAdG?f*EB|fCpNSCFs2Nt27zoMcC$n?92+XhO6Kw=R*`&1svX3m z=eLEzr&h1-4i?3M1^(n@P?V>hAyYRbTM3|7n%n>79@V9%9=Q6PXcRBJjQM_~DNLw- zTv+-OegtQc9)%B~>71S!!B$xx)YfW=)@@j`odWw*f$kE4*K}qYAsBE=F7EDLvIJ+9 zs=HgU>b8Lez7#myiLQShnecz(Mx?$A3q5xZ)s0 zHt`z7YSe~GF6jsZ4yMV}%dg@0^NawdwA*F+0RdT0UPUhA#P2I708UV`TqtjmQ#owO zDH1q|3p5qti~wQN>Fw!wle zHc1L^l5PeOhN^ub@891%siN@>#m$h>~vy{;{&bt@z3y z%7pO=8&RODZJeG@XdeTKR?gNL94h3faLW}alPTGEE+zkj?jpr&Y#w{m9jl7g*s3!) z?tvodNM&%s70V!xmxj%8C2mfoTG{5T0->Tek1V+6oJlLDMWaFcrDY6Eo>v@sYv*6Tv)E%$mA-s$eoV&?-GirK z_TCLOVmbFr^)J9j9iAhPIaF>f2{zO=3^eR&c+~lh?H%U_&c8dg>vdPzzmeX~+-769 z>+WLi(%o){RbpzomX(&GA$tsOuZ{CyypcCYevpO)gHZNp4E+Ox~B&B(E17 z1CCt|#^I40a04pm(07J{?)nOOOr!?W&{bj3tnBw?+Lb*)dW=dK8*8svUb%u!TfCURLHdR_BdPPN~+!{FnB(+@mUvzx%*{jkjKPM?-PTKz(rdP;uS_+byz7 zKy<}5w{H$u%6Z_bhm{CPNS>`$X>~PBSU*G0axA99J8o4uwg zLaK0;!Dx)wO#U3b5Jgqd2(fEY>9fwhQA3U5r~M?=B%o204puNKP_0t{ze&L>^gj?j zPzF_S^?BiIwUX~x7_6X7!CCA-?F&{oa{^rr@r6Tk4U%MiY<1iT%y?!xr0SZ4>B`I7 z9{@zX-L(1g@e5wqSX}azKrFLnapU%_ULM}R7p&vY*wx600{98JVWqIrdYA4U%RBCO zJ@5M7@&C!9RlC#yCvh2^9;YuZ#I12#l}8t#!qQ0#dnHiJpAj&owT1?cm(fTv9ffIO z*@JhJySckHyA6Ac50i%tud%ObU-iF(-!U4AO0D6v9QgH4;xsso4!?GVdxh^BcAa6Z zd#!&Df7o@{|Bm-FjsAR-sSz=bMzz+WcZ*k4c0xeLy36LrY?;A~ClkyENwAz|1d^8G zV~|Q*nLlfQW%gM478SorWSvUhc~tVYh|w$k{vh zyk5M$c-!m$h4n#Z&)y85?mL-#+UH_ZEL! zeCXk;>SgTyJzUdYL9GT-`W?vweK4p=_JgOHCyb2{1~C{DJ+mKqSiGOqsGjep+Z1C; zVxbc5*~X@mU{L{eV+oUdv1>Cv%C7#`T6RYz>sY-KBtsLPD-Q*z_pA?KZD3=7)V6dt z^|m~MUPo-y*M!%hb-s1}8__o3HvirJNBtl9|K&Ffv>b0CqD8cdHX$NJS>D21c^itL zsJ4kaGkrPT>W_sh_Kes{kAq}_{zjTtc9YzN{JtPYsLJQH`M`8-YC`b^H8f~O8%bB08kDs1A-Y{b(^~P_snTZ(5iC_s;n8c3rZWW#a|{oVs+#tQo7X$0 zD7tYkL{;b15x)rA&@)h~uVm&n7W!zR+8QPV{Au&5~d z>R=j7wTPMe@{-Hx#4x8}RYVKEcyN=57mFp4h}YKE%C)_<1GW2V*;-9GQrDSC^j72Q zYcmxez2cQAKKfwUM?WJoS#cD?p(-t}i^Za*s6ML6pm>#05;8a((#8!L#D}4v`|ItM zJR53r4Gw|8AF@(3aTO$0oB|r9R4yyXD+jie6RE2`&;z2PY55N%xvl{hZ;j<{rC|w6|Z@VJ~a#6 zw5yqyP!E|Si&F`Zl#o4siUd4QjDD1nIfq_BfeQ|Ce788C()Tb{&2Q`((y@T-=yJ5qm!5n z6vrkpliX9MjgWH>hUivBa?V#r7nHMi?c)S0Wgv`Am~-@0W3p^| zS9UBET8d=qynelrMGR`R zK}{geirP>d1w$G&R>%~UlN=-c(~eIgoFQV!8sure)U$KhxtclJx%$y*Yzvvo%{Bas zQ&DeVaHt%7oksIm{0g8C3idoVQu@b1Ft3%`qNh86pPjCO2$kzlD}7#H?(>!VLghKA zY5ytxR~k)mM`$#+l8gWUzRf~+_$s+*|DL7)#_a3oEZh+4y}ftIm8p1V(Vz2LY)OA| zLCWl$RP@DDye;Fc3S}DMUZ9e?zj1!o{PP#~_HEx?yza8BCK6%e-X-|9Yo~|zh|8{mst)PZK4Ib=+@ z1jMweBeu?jF=J42H$4GMzEig3I^|eA+e!EHI%T^nTic20?SmFqwsVA0$#$EK9-6cH zoA($D{tRK{OkI{4VSF-pM9I268FhEe&nuV(wX3j_4ptkShNn$)wT_gIDcc9eR@_?e z8d4KHB&ubZ%Ar`YhJK$2S8L>|M7D;ePVzNtYIfEzy*0;bNX@$0E#>@qntphqo$maCO|6`U zRLb$f;Hh@u#F%oKau_{Y*FK(9Oz|&9o9r7)mXDg0uO302@Y+!TAKgvx zi&>yPnk!R@2<0mO&AH0)N|dD9RLOTyq%lo_aWpj7JIg;wq5MEWwyC*XloOcLuxole^LicEIIPd0AUEKw>>FI8HsC!Fo z-M&k=ztMU1$enAhxbNVk+AsfV78@JRozdks2OJ2jxYvq3cpU6FJ*q?hLw|VSGdbXJ zWl;lOQM;nDo&pf7fuuhX;3#=pnF$im2=`?1bzLi zxSIRwL>&#cm6KB|`wZr0MQ|*W`xfT&3;W(QyYJkv@#>C5tOgT7a63bs4l_8}&93gt z)AQu{zGC~SmYXJBG_-7L&7@SyAlNmM*<2O1b*yoYk;&P7MorID>@WQZpJHAFXgg8; z5#**nyu4m~PSY%yezdQ9HJ~UGKhCHZ^9S9G}QM`r2{#Gh^20D}m}IOQuv} z*UXDc%CYMu<3ndgvFj0H?qydZANo*^+(f=do@AJ~;ZBC=^g2C8tk<&7amYa&K0=&W zr`PyKaQ|UT#yJem*9Z;*&Uf*`(@l#DSm2>0OuJe2;N-r2moWH*7yreA<%i zrf|#v9N%XiL9OIvd1l;yw@5rbp_N!33E)=aHMK`t8H>p##>91Gx9Og`H}L!I8bK{+ z1gGFqxttm`eOpo8tNu*QsMVZ1+Zc-q5gdsqNwR!C(j-w9k~dr3`Fon4Z6fIu&iDhO zG2=Ih##SDsa4WAiYDBf$?-AXRR8)*KwKj`Q&jRmZR^(i~Q*=pUSd%Z{k(n=EFWxRbDyqI~{H^f| zBXcvp8$XAcUjaE>WE5>iqu452q&$y#BcI`0RU#IRVn%FLwPsSHpEqI+ce>?nYK%yn z+ok4o``Sm_NjnuSygAzrmK}xB;Q*h13*P!!OwR@f4rF%uzmEebMb@D<)J}R1hW?kH zp9jD}mM`)cY*S4y1%?FhFfT5BZ z(nn9|gF;dEK4A)_ixjgC{{M#zhH{Au|4(;#_$ySDlWg<5bfzp%3ll8@v`}oNKDrYG z%I(@r!PVaW9#wYV$P|(;XoBkpjvr+(Ph+w>Nmijt^_K)zr60jhicbcQh(9v^*{H+x zAQIh$usSBTT|xfE6)*AhzC?2~Q_h`GSGH%J&1alUCRaQ#zs{Q(|9gi&IIlayX{@1| z;%!p~FPnY;+&Q&`^JXBBaxZ+ z4dLqBCab_hw5SDMP-kvxx}wJJXQNRvbp_=*Yv}~@32>bcZ0(AXHD3>5Q;*}P+}<9v=$n}A(ZPVDr$L}&STlPIS+1iR=MDQ%Zm z@yHkS`g}dS0HiN~J9H6mf|ki=!oWO25M+=*Q@v^W1QEPW-Yf7X%=*A_2FP$er1$<^ zSYOM_d@s-N1=B~E3N|GN!Qrvqv#diAqTghxviW)vyH7BK~Mgt-S>$~`FSN} zi%PZ!=wbtOu|zQY@|YGTO5?ViQrT(sj{_i_CZbJ!ERL0bGNOC{^sl6%y^}7oq4nITi#oZyZPP1W1a)X zL;SnKhk}jpjG*;+EL9e^!bc$-s7}}twHX}n^Qx#OC8m*HBWgLDGYkUM5z*0|mho3! zc_lyoO8&H0mdlK{d*v%p1f_+DkgkLa7YLXzCQynxlU~$0d`{7kh=>s>tR*n3 zU9gFEF(OKmR2>o1lEknt5KQnWJk=90+2BEe=P&a6Y%mvZ4ETLOP6TUeMU+N5EoU0y zM?jwWF9b5El3kIALcw{;Newr>P~I_ z#iUlRH=>C~nTE~Fia&VS6$Z!6WpZ|6zU@&Z)9#G4I)s$pNn{K^-W$uwi~07?HExaa zTe}bZp|NM;cXz4HtX|1p24l6A-;!6JQ-_M(=z`Nf&x_I7fAw4r`&9p@y{ivzt2*!J z-mCaC@>jlW9HSfC7)P>YNBMAK7DxUH1V@gOIB5cuSeCAA5m{1nCA+4KIPF7eA4woI#Pzl4Z&|dL-H7p>xV{bJy8so7zQuN;@8B}POVID&J)jD@Z-U(2!0RAehrSa1 zYWU)W%|7@b=ibX!gWe1suAIl&cJO=T$1i>h*G~a=0h$0ypqGCZ@&@+2^h5ci@+Zm} z%iWf{7yVhzK<)=~zn8x}|C0r`;`P1T`fO2m@%KxfD_vZAb6IWK+e;glzOn4Tm;dvM zlPi8!-dnM&;`>)USb5LN4_1v-efH{4+xFRX^?BIYc=08bmB1~`S>Ygj5$FXK`vq=c_6i^2IiTlM+$(SktE;%5@LZmkil+sRTvYrW;d!7h zu6RY@7S>Sl2I2WUzgMjiIPzO*6FBr#ZWcK5TiGpe=&YO+IPzQhg20jA%3lc_`CVBh zaO8Jo+7|L#RVi@fx9W2OM}Di{5;*c(6BIb|TXRa_$glmQgctBw+0O|av9kY?@Iuhb z9F+pMFqfl|@Wp&CjspUR|BfNTi+JTb?i09$H9HoG5PXP})Gp}L0sOlJH0FnmAR8f?%6id{5l;j( zFZ6eiUH@gix6UJ{W+YqLUb3cVX15mJHM8}=>Y+D?Im9rc0|L;$`ieEblinG5Q+h_W z4{>bFnp6Kgww|Qy@!a?^#%VEj5H#-TAD>qhR1Fyk!fKr6!1JKun)Aek);;i5g~wc8 zWp!lFgLVgO2PnVXLoTO5t4_WT3vJFhd@^e(0=wL&D0s);kxQc*=6qx1)lkN6P^^$f zs>wL{5CUaf#34qr;#wO(*-QL!qN{8>#g9iaOmpJ3x)!y{;~1n2#ImC7WrL(y&3HGn zKDi$;ik?by;iKM5;+WQ+zD{Q=JL6^^x0Anqk)tq0Qio12>5b7$0%8thOR;6cjOAz)@4LKM3}T=}T(H1aDf`ao7ijFAr^`pyCs zoDmTLuGL48(eWF=RVXWJDy=Uqs}6PHTRI|U)`lofUXu0C%Dqmu&B{_KKYqdz6g7?F z^6s^8t%y*NbojDX#2|6Md!3jo;PU)sN7#%}Sa=%F(D=@hpxsXuyNAX;M5``L*%~FC zL9q_a7@4#v$)=-fR?#T!9HW^v!DAg0wquzL9n93+rR&R#!=M#if1Z)u2*Un)%@K_R(G!%49es_R&E= zh`bvYGfvQ6Yib&!kzvvn!LPYz`b2Iez1?EPerWDg2o%?R-b3;}K@ z9$qQgdj+p`^9+cKk;tq))KB%5n3ct}W-smOkt}U~ieHp+GCqsbPZ5eyY}0vl(s>^T ze=F`Inh*p2>!e*HyCR)p*J&dD5om8h8>gLs`^B$xc7Sx7tIpgXW0^D3nUVb8wKztZ zNbiX=R(i2Y`myS_0y=Sz!|@%U^3}7Ib`MVP24y!|eiw8-PV{d4dWhQ3tgL`w=G?jb zgh|tfv-X0hi1K)5XTGvib|zOrk!7>C(!1X{)oa=&pYdqcT|xFPoA$?CPa|1pn3q%bP1H zAgX1qctym#c*L|>J862&UT)7Xc9Iya{6uEQ7!;YwK0D{$foDg`JWDRGipwnr#Tr!+ zIWOIh&)lVW>73ALUz*!CkNzHUMw(~J_+_~;^ECUO(A){VF%wV2+= zhqCPQy~9tDHqT@8^p9n|UTDa0$Fk~n=Dy_JBNd`uBY4T4KBF&vUg}hTGj|2)J#U6H z0$%eDIzbWV`iC>~G5yM}?h&y|n(;SRRaDf+%x*fnhTd&PGxf2J=6-qR(r2N0XQyY) z#yn|!l-2MhIfz{n?-|W}ei6Et^NX{D-*=d=P}2Lrm1IAy&s>w5I8SGvi)nqA=h2Lo zIfJ-3%ja6h>5O?ViFM#Tc{>y3%PsiC{oA0p%JxVTCt)0CPg(vBU{H> z@Y+&Ey9QT{c%`@w(9HNdM0;3|;B3a|8jP$Hcne-bw2;&Wyt3Rxz_q`(v+j>S8Pj7; zmqagf9`=t%wSd>Bsb5n2hc(p`2}j}}shyEnG!pa1gORWr4f&jEmpAU6hpCAxQ+G!~ z2~N?~ZDGi**|e#-5sk~KwueIMuHevcTvvB#x)vMN{QbcZO;>xhF?CmD#2fC2g#2mk zt(T0ce6V$|7Sp-8wa(`CYP~1ui$(NEAijDo=4@UX$1sid?QSGX{g+5RruN6Yer?1X zJE%qi?>bjCrVR!4xE9m=YA~$E!MbO++UJd{b!xvy-4O^lRd3j@Y9U=48wQ&*qX|)p z48^?B;qh#ergp`=W5MtcmklBzjq2{WHyqN&;X^E_N5T#2-k>iYiK*MYF~1g$BeZK> z{lh^WzHpblgCR|gr}G&I#`L)AjYc)E@R76go=?l1IOe!L682+8VQoy0dZSvbK@Gsd z*l^G{tOn!im{(W*njRbqYksGyZi}nKpy-J~T|1P3520~&Q1eAbG&K^|xIP|;u}CcB z*VT~-9MBU!pQh`9M2K8deKCz9=aPL| zEULv5UaFP8kT)C;BF{lH%&5q56?LlW@o}WqH|&jhAq#Espifr^6J~zAes7d(j7QWV zJ`e3fJ}ngD6Aqz92ZNztd>n=o(GZx%g7IN>C=x+s!k5U%IK2Kq(61qp3Eixd!ARtw zP7aNDhrG83!Ewe~C^)8tcqNiZ?~eX$ zTeo$#_ix+LtM1sUZr|3~-MhP6ZNGk3cekgzx8GV|EugiNSuh+QrYb<{5HS?<97~pF z6~vSgEna@(kp!3YMMh~WFiV!}L7qlvg?ZHwf)xh4cPOT5JYY_BKg5Q;NLFMp?nQ)= zy;;uiJ#7pNSJi@4fo91gNdbgq#xF!W9vRZiBITLQ$RP>wSP&%w)o@d+&a46!PGOZ~ zLXi;$?o~&bS^Y-a*Se2d&wnEg@PkNQR&3T*QFje_hepqM2w7KgH8;Fg8DGG16^jg zM^KXRAE}Ctt7e&s2+cM`@z@ranH*n**z9yNgGJ-hVqr0ZnDCpJ_2EbYi#4W=263S9 z8n}G=oDZ4QuujEV!rN zd@`5tE<7MwctEu9fN0?X(ZU0wg$G0n4~P~X5G_0)T6jRT@PKIH0nx$(qJ;-U3lE4E z9uWOMen6CYPbSFT%R4wG_jdGV1xJXIm{1(dU&+^KE6X!0UtTP3U+9wE5rN zna!WpWA3$lN4ZkVGZK3Vn@`T2mewo?aed10aL3gO;4m+QQxn#1lHvfEQ zaa(MbHp_LEPRj<%MvL3B+0tX#G@pidkh#)#`(`+|UQx_Ut{xsaX$>gz@y~Gfh{NABL2-S@gKGk=@IF0NwVU~~LD!}>2yTa;9Hx63_+ z-r=O)s9)`RnhzLPt#qBVDDnfi%d&wW8Otkagc%(j0@<+9L{j!f*SYor3u6}mvV~bB z?9wEas&~3x|2nQEl&4Y!MXnO?UtlU=Lg9ZKa~!Qi*KPpkzmQt8oU8x2QCv!L=ZxlcCXy;C zclEU|RelVAzN37P)i9g#Q}kD({}%cx^xsszjZ=a9`Gr(*iE9G(9s&C!$~cZ3oANix z?aYP#G38EHNo+3|MW&q>jC#APy+CCCr)td?r(=e5>nd`(kAZ)0{$BZ17QH4^!(_zGpxY z?0rd@V9POfN;$%op?_TYh_TEzeL{JQ*xuw?VDIxr-df(JtVOQr_I%~@7)>g_M#O(j z*8VG1x6#Gg>y%HjW`K;Kz69(g{%0`CYrtMZnqEU{UPEeLgBP!{9Mst_G4f0BG%06U zRC$pd1w0Jg0+r(iBKR~Rwe_y2l|NPPKqN{|Aa)X{cc$`-xMz15WlMJy-HJ?y=X~MmRt;Qr9ODYK2 zYUG>6)0rwL<>tDG(P88j5!oTuonlWdUE#8!7+YydYx$puDY%;fGy^6;;SqPGO3F~; ze#J#@yVwBWI3NkIAdxPxyO2m1J5Q8iWdr84fn5YBNZfz0w^fSDexJvfjUARBaJNc_*GvG_xfuZT<+U=# zVW*@LT$SLe#C^ANs_k6cg*N4s=bYz)M>%!&+}R6fl~ax98ZR^|Zck;at0nynQ5Kuj zByEv)NR|UiL^-V7r&w%Cld=W1U>PWk7ETl@{7ZxT3YC&VwNO4K|PK(36R+Y+M|S((8x5} z({z25t_RRY>DrC9kFXlF%^U;NK-Z7JH-Yvjfb;R|8nn&)8c>5R`~{4iW0)nuwx+vm z+f`k*?W!)@wr$(&vTfV8ZQJUyIn`(8+;i`J&fJ+F`NYbM6%m=aBXaNDE8=@+@=T)v z4PQW>#?Fq^T`D!@%a_I~l-)a(IkY^wl%b932JBg9bnXXfx7zv znD6|#8+hV+&LZtP?j5deH3c%w4{V)%L{JWBN;SB>6PA*&dxL!8H|6qu)azmQ?Ms`n z2KaR{HpG4aHrsY+P-=mtiKK8#pAU;g&}LrWzILH3pIp{5=9JT^$^)7>oO6qwa7~G& z3)S7mM$N11XtxCxIcdDy_NeIr6(xQ-26RF0JMj&jO{pPi&;a)ccMWG;7Hc?$h{)s4 zisj@>fw59oj*Z@Z0?-}2{gbnGNt3X8d&o92E`B#wbYK#xn`$Ng87`;ePh;c^dbO53 z0;zA4sGa{PW{y|%I9>YjqjB)E5A)o{yy8pNz^h?sO&foE#GKzdb4{hBb5cvu;^RsE zoYkT-dO@96$AX)nbD)gAX3R^e@xf$q$)~)@yK?Q-wejK8{G57mDRXh@&!VOh_oZZo zJ&H}CMyb}RcCNZlvAR#5`j=Rvw??D4bmOH;WhKQ*q0atHgSd~-ACnTTuSO^3bqTz~gdw2G|qMDMAy1JW58j4bM%&oncwS4fNaDu7j8>&u|~ z=3tyDv1p7(cgJYVM|DRXrgjnNc9_lMNMEE)LE#;5M;|L-ZDE&*5;!|AxElAlJ2hpI zPHR^Rde4z-TNt_i`9KfNIFipGiE^NPbo6}pLm83 zOrB60GHKPUTwFvNt#Quf3)CcY#7?(ZoTY+kMAX*(ThL7`{n{bc^%$+Z^nkFASiju| zRL$wn@B|K6z=6u$yt5L`cR^JY4OX&$#7}}(G~Gn&gFEJzAH><3ht;SLt&Nn*_fNHo zL${lINK+UB%&GRA6&UC=e&D+Mtg{gRVYaksFTN$}e^lmft6tN7fL{CTXAD|bU#G1J z%ziHWgRMH<1mJ|W=56V-`lz3?_89GK+d^rzUCU{;U4qptwU}K~$fdGQva8BKXX-)0 zhnZCokfP^N;Vqto@5NQK`KZ?3|CriFe%W8#>&e;-Amp+-Y=u|KsV|X(yq6`j;^>h` zt?pC)r^(&gG>F=C+X!puS1^7)NU){$+eee%!@*7Ed{4-*ei4ymUoN5;p;N9zwp-Ke5RC0?4P*q(L9X(!2dwW5NWQTrqeUv<^* z0)U>6XX>%k?8D{=pDr#%o7mio>}fB>tsU=)9Nw(ASjok**JvMzioGgKWTm=V+l|F3 zR@@Zq<)lIqzF98ZA2^4)(qnkpajIWk&1n&zZ5+K)^@f30sOJ}4<2!VXuImmTOlUTh_Mc9{Fj4aP<&y?MlyyOcLyc&NjU zHaod+Q{x?MetOAB^xKzspcPB>YrXY49&ORNrjUUo11uk<(OZ0R~A7%J8-{d`-Jmph~gCx z6}Q5LxjJ7mZv!)LWA5R*&6?f4Js8L-lMWVn@l8`a0|oW!?|3pFoyDxA#Hc!zCuO}# zH*m$n+tQq89({Crx=P&-DawO{2(15c^k&Ly#xN`Ns%4hfZyOLSVj-~$uE?ByQGvCJ2pw}B2JDcDR-{T z!(N(Cp>1;S?LRBkj3NC@C$@Ae0~M#jKJ1$(Xh&2!Z`E1ZZd=!6^Nt}tn6_D$*Tr@& z-v+MBvkK+BRq^^%Gx>bheAe9#x5w+nOZ}MR{^`)&Z}Et0zG53FzYxZ5h>)zA)ATm8 zCMFxrA)K}V8Fm~XO?I|K5fEOI%meJ1y^#?PWB5&M$(T^FMH9$ppC7KqWm5l^p70k3 z@D~xlz{LDtKpt%WLI?Z@RpH-(JOutd$V0%!((qpx52pW2@nB|V``;7~20BKDzZ4JV z|4Q-r|7UnG|KAuMf4K+$4TZq|uj~0gC& z+3&Zl65VlMpEas=O{*F%4#H`NVuFeS8HzOSC zQyF{5=7k3HQyBe|eHi^2&65_$XS|X5y1Ap+ulukK<5`1exo6uRNAeym>Qm#p);K61 z!n_RjFHNpp9Xp&`RiDREgOBAo%i8jmKhIj8jrC{NTOrCx!-U)u zo1AQ~-a7Mac1fPuU0_>S|E`PE)BWqC|BtTxKLA4hUp@NY;z5|$|0^EkyHVzEq{rXw zpXiT&B0*SLS^t3t`HS}Wiw61Y!^rr*ks;s5ApcSBJMS-I@Tp2iAWbYxMO0y5axCj?n)F2K|rN5e7CE2B!Z!`u=!9I3f=>nkqR>cS+>0 zip=NFiVEa=ZSw(%`oaUI;zaTVFvSg-8W;nkZe1hd>ykbXN@N^h48O$z6ZAlXVqw$P zA|Y`SL}cq=8-S78S*}X^kLu67Yb;U|bdY{^-%Y=4o41`gFIH+aUn)1Zfehpe>JgyAxIydR|PK7PMP0Y~W}G{3?* z0T)`DD4zavtvQF*=4o4b#*Uk1<7bk~yMX3h_7aude+Ljq(HHI;SNst$ zd%aW5%5%@g1>{rqlmpW*8mX;5< zMQek4Buw_!sYRy$WBBG})S(V$gw9)_?Af50n&-mJ*#4tCsgW4ehCD3VEVPVtSj{zsDWn* zu2Mc`1N;Z|=D2Y6@XTuyg%`>#iaF+YoFDu4ve+y@j-@-Bv# z{)6#R#*-*R#8x?;SK5m{J8#&Th@UBHPVhvpuNuNlvB|i}l0YVy0K_j<(FZrHwfqA4mHZBf+o02qC3T_KL z<&)N6eg#V$JCnBaa}1WiJmiba+T9~^KyX(+lZC}oj#TSOp_t-Un8IN4vF6z1Xy{!8 zoOqZ5;|P5FP3%KzhGE@MZ{#0W<5Y`48ip`0=SlEKP3J7nZr6gC>~m=bAN$|0UCUWV zMvsddGRBd)amxP$lD!lRz^|>&(>ejTC*puIDB7hSHMI{ZXvZ)`*|7v})r4A>n;EmI z#V7_y-tO)GsdC44C9drUJTrv7(*RN_%w2+3)0}rc%Y9OOVsZk*6pXSGP;blK1)aUO zWdCFfXG=Sxoz%(uX@7fr02fzH`t>8j#6K`8H<51H34a^Ml(pgx{FT5R^MC=g>Dnb_ z5!CVaTHTZQlcWo)+t(-ROAN3ex&wUKLX+Hu@rm;j;S-yeW}Vt z1d?$9AY@!`anqDh)E@ZY9@!n0J7i11CLc~0lzGX2U~IPx)H>Z3std>X6~Q}MlC;v0 zc!G(~n&6FnfW1YNW?*y3E1C8%;GOOZ@=N4Xa22Hv%P5*mVE@m)i*KYte9&m?D7_&N z&T@bwi|>O@R28t+mcMn#Djo=TSEM!oM5eF}AlOyj6Ccpmfc;J%a5Bd79!8GN*l=MB z65I~f^`t8=Poz(<&alniQ)uLf7-%VeqakRj*xD$`Ep^LhJeSngp?s?)P0wHpR_kyJ zo;~j|%)5%AS-w)Rw=owE&^~j~ZML2DH5Ytae)9=TS zPmYa$!c!lI&JPJ!gb(ZwfDeoh5arNXL@UTy~Wq${$a5xVd;{DLbj764x)jU1gtR{qud8S+~VHh zsrHp_Iov`zrZHMEt76xCH+#LZJu==vo+K_^HnLl~Z`Euc?s)fQM&*qr>!j*D3_}cg z6F#)GDZ3T3V!q@ERM?PH!<7dG!*$5w#w;CCO?o-B(=qW{u|~9SRWk4yI)b_}syJ_O zx2DBgMo}FhK5-%JoU4*rTGZcZw)kmC&EILbt^nF6hzLAMS002HeA7o@PGC%a0M~m&Op4AWfKT0xuaJ4Afe|KZNjJn@ac!$yMFVLxQJQ4X6 zUqo+UqT6ZRa%&HNB$V_tO~ny!Y#uP*BFg9M_%-)tg(>aGc-$EG#Zx~^-?E6lgL{@F4@~&))isiye^V zW^)eE{&0)QEM9B&9{Q7qCLhDI27&Mk-y_7#(wnY{L<`U}|7yEEmN%+akaSMAor?b^ zPn0$r>(d60Baqw9hRpY6qF){Xn!>B_p_B7-XQ0vwPTlw&)E7XY#q&nPMdPtOB_B{- zz8&8m3w)2Z`1Dy9f;K8X;A#+=ZBXsG;533dqM4=x#vM4hP^)rXkv5>@erqP2y;;;y zu5N$RYTwXz(1FtYX9gzWy%Twk?`gyOX5|+=4V-KaW;NbJ_ibxwXJuozb#rlhd42xx z9ekG!85dMOMYR2tu5+6-#r@Xx>T};B8~+FYLGexD-e>oh)6Tb%Zl{Y|kc%i-IpjgHT>=8hSNutCEVHLvbhV3; z_ZE28=B@^>zh}KLG(fPwalM)FLA?mFB_@G@N`N!O+ilcU2ff~}^L3y#X&n>O$uR_) zhVUsp$es=u!X@frD>Pg`*RhMl_2Ng4*392cp?r8Qmm4&Z8&0ERrJdU9Rq7y2x>PsQ zX4~vwMP0Fwv&!I+vX7_o142PwzZ(ia81#M}rXQZKx~XxV^w&B7Q{z5HabWlMk1CAJ zl3i%F%^l;Ey1Xg}VQRijm>%!#emv&rcDIo7+GNiXi92L(;RC2|D&ljk4&w()=N=8l z?+qjn>L981hRzWDAf@!GiJ?#rET5T*qTmb2Rzes4?dXsBldx>{59e>@8S8?55kv2M znUxm+z{aVNuRM>^!saO_7h5 znJ1~(TbDq0+&$6=W`tuEqr9N`#ErGZ#=sgp`J7abth6`GI(6=aGcEO6aaMP85m^JD zWurV0m|~foaSn(OKc%A{{E4ele-*(|HWGH=eU79OyO1D@(+Ms42eA_lJ-X?)ivM}= z?&S|VcymN9r-6=N!7hc+eAo1ty%V}HbFuHC%N9yYuG(r<@RHlc2Iu5-nYw{+aBjMS zCXUlsegn?8Io7)*b8$S@HFygYMj9P_$xX2ITxQRnvyKwnL?U!^}G4ef^!4FbXDYx2FZ+BkEj{%LXR`tBv3Y)d1;Kqe zWpFduN_7k2w{;a4;?+L|t9ERI?h{BtHlX%(aaDL!B+QwlChh%F+9Ga^Pi~6x?mL)| z8*sb21(nrE?%q@`xp*@jt+eCyrj_45)XQD^Ll8tgW$kX6o|LTN4$9e2WO~~;rVF!B z*t^GenK^>g2yN}zQpr5Uv&$6K%F=8Skcj09$rKbj#7mt_;Gbv-24VUT0tMB5{IS`P zC6&k$;TpyfTPRYB7RhAF{4ups&#bIKr%I$(&3lu6-MY$xSS5|yi)8_1J$g(&G{9oo zPdp4mKPLcSdCq$#)3;h%_WSXTuL$g~{)k`HGX#+2hOPzX*G$3>jflezs+ClxHo%$& z9+Le?F&Niq>T@4f6?f9uMNj1MZ*Ku_Y_uBSQ_3=KN=Q;vR6n%W5mt6n6E`-4C;)+E z2WR#G1w(u^B0Kn&9?CPDlCnCjRk3!}J*VGr{F*y#WhV5JnoZ1Y0*$ULslv0#N?q@0 z(@S+&E^7bzwC6V6ByD4^i6y~$e0IxeoqdRCY?Et3h1a5pGO`+B;s2YQ-JHrb+>^2u z(BA zPuH(j_=w#Mo~zH=4++@tZVZ{Fano3GHGkkdVK||hJYHP;g`-cUe5QoiPb9!NJx1dI z!aelZ>dlMABY1L+eG?TNeL90@-g(XS({YE1B?}ZouAhlA;AP3(h)&5@K!%{%1Qf}k zM^&T}=a>2li!nBqMS1l$4do9ldWB}?^fI{z=a2b?0oHJL!BO7J>AIzS;04`pvh|iO znnkBl1+zRSRnk&)kuqlhC}Dc+WO!@B7^Ij?4s+R0?&53ur;%Hw*PHZa-lisdcWX7h zHeS-<5_t5{0U`8|2F)PG{I|zO+QGo=GgtEm74E%P6dOlY7*aYkx@U6_o(j<9 zOW4{~c}j|kmsYUo5KKtVCS?6m!3qsQMvTfBPgY;b41prp?4{vW_Bo)94lrs_RrMDDe(58RiA&>!lH+{4R5q z#d`W#hGttWmRJ#myQ9%;R%*OLH~^*@+C|2Oib8YMS;|1H#-&+k|67d+uI)6&iVrhX zv70SNDZR`o>|j;5b(SfhzDV6`>2;$uYck8izPr>*)g$?k=6q{Ig!@Z!SwjIDwLR@^ z(i%m%6q@FIbdw3vu2;8~fRmMy@{-xK5ukefqLAn4q3xiXpI`7nJI&iLbE1o57*KAg zZrwgPsF_FLEb)a$xL}_4FHHjKWe_55Cth{iFl}NAhQw!C0GO)qmS88 z-QoOs5^eilAi0ng!{M^Y#^?0}>O74@(sE2uzl0%Hl1z42#@4>kad~mExjf8gjN3b& zl+vg9`?_#8G0?H%+=&k0>{p2H6(~`TAis^8d1XX{iREMq<-Y5X1O|fvwfu^CV%mKg zGLNdf_7Gz+a~($tEWan5Pb8_QjIg>?IEkvdc9V#Mq#zRyZ6bJM=Z}Yv08Gq6X895m zrzq8E0sNRemS4{-zUVwMH*OHw$=5FtH>ofRy^Ve=eAa;`@@f1P@J(Sv?cvDq7%!K3 zS`Khg-Ja`F8eq6DfBNjVGh)jsF77)jBP3e5rIxANJl;=Y+e4f`9(IQ8WjKWKwyoQb;L-h+8XBGK6OiP?VsRue~)2ovWOu8kmVK z#M={_$*)G*bzW?@2tG<7acmgZM;bOXfx%|^{I}%E4y`SE&S+FzaF5brOjD=?*&U9UObw~{7?F*OCPaHx&wFHZ z?JOC5ZI;niNFlh!C2<;^SB&9LsV)C@yr{0p?y(mf5jdzt#?D)R?kE1LU~TbX$y+uqh!=w^=u5B3s1NDH_Xo_}y+Y zQL9xbF>9=J(cx@&8#OQFn8wTWV1GPiJ;=Uu#UO~9-Xl1ad)2gHH!4g z1^lNsF?T_{)+Y^$5aw>p({4aZ?ib@*CK_Ka!GJn{a?>Ks{!E6FYu__W6uH$#r;wXw z(kA31pFyEgg`Z0*SnGl?Fn|8ARc9*O3VN=B-+&kk87G8f!C*Q7C$>>VpspIpt{{#o zyyZHJHxkBr5~u?56>%*eG#jneXSk`&*Ns~ZJ|c>=*7KCpcy#5{do)@IO&K2_vX@$$ zD8pu-i%IMtvSk|bp)8m=;-2y2VhV6UY(TLKdoRhw`PsKPCQu%swlWp)`Ow@)-$wZZ z(`-MXYOSs&-RVA=NGrJH!b35n;QlOWjSve(whr|tj#{v%l&7e`V6r*b$zrlJ?mtM* z&74o(sB3%8GK#3m>@K(&5VSgVD^znxo}MdAGLdmecth1uQlmLvb#In(tI<_u*kEnVMDr z6{3XJf2(j;R>#*q`*%VHk;z-6C4)d|jtPJ@x?@UFP%6-~8hB35IVVeNsdIMmYsG4y z>}E|&A5#RJ-GMPvI#vOuj?s7F;9Z2h%vUO}GfiEov^rGnRX<WCq%@z-v~Y(V+HFb&K6Ro|0XhN2s`v_0)r)p;Q1_wx$$N#$DD~ zWrW}Fsn^=LX0e@G3U9kb2y}^UpFkWg3qUvEX?mWs!P6Z z$qCs{Sbh_8u}ZvIz&vj)txY8vN>!o!T7Q%C{KtCi@*GrOeXjt8TdbaYfh9 z-JrR}VeMF?D`T;kNEa6XE6AG|oMv>ZRKOaKUUS@=Uuhmf(^Tdq?P-q3oH+KCVRL<% z2Q3RR>(v!9NVQbjH^EEwA_Hj^cy(tA3XWBOZvdSwAw%O+SCXHi)r|xJ>`P#kw$ZE= zm1gk}#0P@1UHYSes79`dI{DuO9mrM1JgPvKjZFDp#9mLm}P~yRta-p!#L9r zx(1_;vv*g8QXWwnGT&l^i(AE7!=_GC$I!}7%vbF+n>C+W6L=i(#`x&iNqS4(q&&)P zMvpMI>BQ-rdCPcDcM|%D+<0h#_CYo(7sZ#mu2?B`2$QNbF(I}a3CR9c zuAqjKYVwXV?yn%G6;fNa61j21q0}>{QVYCXJEzBSi|MS^$2uXEkD#L&@sV0>ka97RD`1JN!|aB5Dk}t? zGU{a%wTO$mXSX^~s{rdPqb#Q`4{dkWHk8dG<{S0;CClB0wtK>7e$i>{XVaOp&zYD@ zG15~G>S1zl>P6W0#k8KyUgWG4H@3)?u*C}e6>}BNldxXdKWzSBz7WhVeY!u0nKRlYfk-F5vm1f$KMpEH%bcZm7JP0lourT~1sz>vqWjIZaAMXXXlx4GvNV z=2T2|$i2!lERV1Z-oC%5BSveNHKHgeNp9;PPbWdX*ZX|GnkL01PowF*#k={(S#0Hfby&kQdr4t2OtS!aHin}X$R zff>E-0ic4HjIwVgq#h+Iy@$C>ZECA!G`MIyLid_<@D@PyIPf@BM06@%P4|Z&2xTXK zEZViaD7*r_4menKDApL2+7GGj&SR2j!vD&iKDfIZH|d3aLl$5#1+Yj7RtUhEUr;yb z?1O%*m_IIKSTt6YN{>j_yklrX;Wq0xV=eL$dB|+ID(}j6R((KPEH6_$NM(Vce4uES z_dB!}O7rXLT5L}YHe1cYK5!z8*25ga?d-M8(NnEvHRPRg%4Is}J=aaXfJ}1j3}?zy zBztIO2koSyGXU0nl>L%*hgkvde8iW)d(oDY34%Q z2I9j!%oAf3^`;PN1=;MPc}c5?(!UvRhr1ykRL*>U}ucA8d|nX%?>s%o*6 zhJmiDa#2H8^xga7Mvc|ZYW(9`c{r39#h2^ldy2%MC6iLQc`xC&u6yynA@`keh zeY`$N<+jxob2KP~PZ^&!Mn@H%jJ9H=GJ~L8Ub%!~&fHQdk$KUnQ7XK(tktX>x!jUc ztGr%WMKh^;wQjR+*eU&O{RJ-e?cN0omx24BZP`oa_2UI@5tk9i0ml|k^sDw%B*|o> zn?4C0aa8AmwIJa%7k27LkJyB@14nT$W?mgTeKg9z@84!5&9j-Qm(FO)$gNOvN|jg` zitf$5Ms{slAZjm{fT9qm8t?W#Nvk?)htp*hWfdj2WC_MW0;MBmB^7Z}A#n~$k?;ch4Z+hzr%K3l>BI>gLaSa^-7&RTsuZ%3uExgRfcxLe-Oj!I8@ zc95Via8s+qYHh&zj6@XOP{1MH8Xu0{3wA1XR&mEIkuG9xN}%?!*L-VUV$<%?xU6CSA^L|XxBWiUeEnK0p)EOLqqb#}$uq4^?*YwnvBj*bfvx1jDOFmQa@Ej|F zY)qnA$uCIsl~RJ{Q|0RM_xAb3)l!~rX(a9R2N{b*s`V?I&Z7;NC0B+?*idllWxLGE z`S;eE@(rNRZYV>O;lkcC6%S^&C~(Rc=4de;eEWI&zDl zahotZVro;ZXaBu|R6xN7^?m>WOq0*VX+Jk1Y)$jRFV4*qrPC)i0Tshk*{^X!Pt^{3 z)qAA}n~%40v=)$9_3F&IWxj0%#xS}MhJDGvX{qiuA~}ZZR5GDl5A?`9+$E;N88HkA zgq6=m=Uh|+WBxkY=PSe*Y#K!_WIkd-li_)`dOQME`|^`q#xsU9GGVlPCK|!`wN}7H z--*tuPa^?k=!~gFFC_Jyr54hI9nS%nYnLhqlB(Eam&@DPg=E$K?s@tT<5KBV^}KWS zf&~e+xqCi`8%O)IJsaq_!Rm4k_m!T z63Ke%;NguwF)t;riTZ9wpIf0tJ&U0bWb_YkhrX)kd)SS=qNz36P?wDT?`gC`di zBCSRlU{&d?b|6uDs4H)LrdyV8PJ6>4`iDIJie_|v;Sk&e6K{|ExLo7T%72o6$HnsE z#IOF5X={t$BTu*hdF4u|PXBUl%~H^EvK(M_Ykm<&E#h-%E%1_o^}^=DAXYZZgqw@V z6O7;b3w-CNf1Hg#r(6@48zEdhfHVh}iNIUEEamPe<5&BE!ps-&jOcZ@;L~;Off%}W z#Aj5uNY$=-OZN?@VRAn+&2-Y2X01}IwvlXS;gr&sra}dKwMH>#wa<`kVuLnTnPA|J zXbb{Mo>7lT{u#F_o|V?Hjb8VxsLxR0_IDs@ZWU=*Sgl6FpS=MjS(GlCVkeNGkHN6t zMzjW7Y1c=*2C!3-*NgmUgGIjeY08duzH9^DSZfm069Gxd%o)gwhvTym>dq@b- zk0QK8-5DF>@NaiUo0xC&D4PiV9;+q3*PNofhnE=LFww-ICb+9`M1!W6%Y0Z z6cHzoJeoN&UXTw&=y&9IumI|WFMk~|x@#TV;9h4A8@({#{*E9CjEe$K)Gdj2)(lsp|44#WSXXGiyMp5Rg@bNtA_{A;zQ=s zAPeBgLY)w_BT1G9) z1=5T_2`gg;fGHHfhnnS#h7w2Y4b-0#Lnd z2HE|<&ZWQI{O6<_k5v-X!Y_3+vPS=bJJM3Ej>p36{z15usZwFi+~_8uSy0n_3wYnT zZW9>5hG70^gcRnfB_!kXNV*J&vTAYe4fI?sGiq4@izW!t#&5d2p6NQH8GAlRJScLmPq^kNOPW2<+k{Ifa;6yS+dB0s zTp^c2Ox*P;T+or+un-`~S!_y56R6Sc%L zG$1XYP@g416=IQk1x|EQOylGz&4r0)d6N4=Jp9)Bkks6yGG@=yf|I^ zQQga%bYl1uvBW(x-xA}62-xM^#n z$F?9}Gz4jWzK08+><&s3p8Fki2&S3a13rY0I0aHDabkFZVaSBm30xf|LN=<)oUs5H zN8Iz(0a_Iy81dBxp)!|j904RhLuPpA$Ot5*e&wk#Rgv#2DLamE^2> zCJ{?cZ)=`_#$75=mn0Ln?At&?QF|>E>)2<)%cE0_ES5KM7eYcf zz9GS5je?iW{_~~eM;ufw)u%ubqW;^jl)*xotaNdo)CQ4okFo1vM}o7{y$spNK!TxJ z{CLY>;XieL9s3(bAlY?zjCC+MJ2Hqxyw$e6i4+GhD_lGZXy2~Jof*jy-o~bQ z`)v()V;DTT5KyLsx}nj5{ZN_62}v0s|HvAB2=$a|yyPJl55Gn0G?%T5hMK+C$9kB#x^&h9N&ndQ9m1l%gsml;Og4FbD}y_YhMFNz=0syTQdpp%>W%WN=0gkD$TW%Pdz( zRqUvs{Pey|2|};klp4AYHC3(|w6kpHnRRleLBY=0s4y{e9{-<`y`^fnQ9~yOg&;zQ z0@4x%gdFf#C*d-0k@N~7bWA<^qLmW2E#k&u3?{E6&VoblzZxlaV>0P;ez7k#jf!AWYuuZA>f5VLJ7=H+4^7?Xsg#XkRk$U zla1#-bm|fCsx(a6$pcRLuZU*XBOdUJnuM_Vhk;f6js z4+VAs=;E_1%pyb$wgtOmSO|zPO&FpBnI|Bqs=E~ME>Jp#mq$aS^Q#KrmGGmVT|tZR zQUqD*k|Dyl&nO;KD7Mw@NA&%DICvGjE)6-9C3SE?r@{O|qBlC(OzMg@z#;1pkJ4fc= z+YrRDiMBca?LQq z3awck>KM!)D@Z>py#xns8A>1gDzKSL9s6l3*${4u&V>&P_q`0>8P*XxOrl^UcWdQ` z;CbW#sE1&`zQJ*k?e{NX3+j`wVK56wC{~*-%^6aNx*w9oHKbe18Y^hUUy8DNI+j`) zWw00Y;@ow<&fdL#>HVDxh^sL{5lJkQW@+3GX7hPLeR=GC{za?5p^}*(8INhKEiKJ7 zTNI0zN>i^SIiQ0)Qc!%)`1ExrvUln%l@L@JL?hC+uY2HeR_SZPf&ga?$#G^B@a}42 ze&m8iQd0%C`vmn<2sZ%@}lpr=sc5*m~sONAOGgQJB{ z1r!bZy^2v4q(Uq_P&bf(fCc?B)Hlr2^AJ!pcFmO)3+wD6QkEC=DY}lDFq%aq)l!Y> z1ze#swky=|6gv9Vh>B*&(A=%UPL~n*uM=@+$@O`x1_wALS3DiW?n)R4*^v!ykfyjl~1Y@6LpaYux4rUe770hM1zByFjnlVIwSG*Mp zXKfYMg(3+JNYzBW{9Mw`VDh`NeXK5RN8UJquWa!{!~ef4BH(_W84n!LBZztM*@QF8}a z36PE*W}|tcUyGwN0=E2%VNR$fZjw&!o)JyMeEgo2vRUl)S?H%CW+l1KWhxFMZr@Ik zlO#MwK%{0ipYBe)Z%f=Hf2OarclbP1ZkqhIN@U0&NOFtd91da)>ZkJd#QmTZFer0^ z73J{Ox(%F8elUqT;(mwjO3I#8xmNOw$(~}pTNK^FnL#`-5zrVtp8XO)9$>Aj&i8rH z`o3!!cQz-t@k2}sAA9<1(GetGCjG~AuMKvSb8aR;@yrK3Yy*!KpR_rp)0peik3-6FWJ_B zp0rzZ0@G!1kE5<^EU6$!a$u2b+?h<&NA=d|&qgTRGB~BP0*JPNU}PfIGb)a6X4UG6 za`ME1ACHfcJ3#O8M6P#T_{I(50q~=Ozq6*__Nlp zD5&YD9Q&aE*uwQq5&$K5?2?!Qk10T_gB@x?Qv}xGUJ4zw?gU^9heBnQlu<)8@!3@$ z`yRI(6Hl8(S1it-hIv?DUv~^&jNT`>VRF^YXEEa5h8~9=lj2?uB7J%JUvS*~LGqBn z=IqU8v&%c|))=WuvT640KDO01DAL(B9wLkHh|QvW9C;<{Y|- zXmQ&3;Q}*!Mc^??fBSQHFba)b`{J2n*rP?DDobPFW_d#LxD8$ys6umiOsJy5#E5{B zyMn2PVRY=tbkym$J0%Pw<7l}fRf5NkH;gr`;SI&eo)S|})?>_Z?uT1UEPy!N#)EBj zKssr4-vgKCwBN!6x?ZGW3O;e&+}9V$U;*?LQ>@jqv|_ZQD+eWY0};@PJ6UDJz>VPY z`KNoQ_54FyDu;X&LvH_&cvKQRuW2e~gYntr^ulIZX*-PqYfNc7lL9NL!gpX7j5*hl zZ+RY(cXZ4{)y-`tvx+ml>dm3;^0(t=`Dxp?8c^_@Q^0APZJV`S+a)-?AV*2R3kY*! z8yuz6OCpC$Ar1c=EIKB%s8e7;E-1bx>)PHUk?5pp1X$VFY?9`*oV>p}_(&3RqdMnNR--u?)1WDPi+S?5 z;0w$p3EV2tNl5^VDEV7}DV@k}7>#kWYa%&C_oiuEi0N{jy};nV!MT5~ zJM`T_3VJQv>7eL5ypN^#jEiu0R~RjZp(=OI*azN*dq)Q3ySQiZN-naWy~vpXlFYbz ztE!*7)isRW0Yg7TyGJeH%E=#mw7|vSiSF#=YEN@-A!W6XBRy;I2OPK8G;s3WvnFK+ z>&ETq9eq!|%d$AR7U5P&pt*)tm=NK{(x~J9=m8Jr*P_1T#@VWNUz0%dP+rE(rQoB~ z3obDMsmUJz;~v-j9Wk(qsP(mhEDmzXjJ@C)+tPcPu04GJ8^r6QHe zglqzNIPyHQ8f3SCY)T@zc)on~0>z?up?uXr;;*m-#uZUh zv4QRcshYT)7t`r|LoDEPs}uB%4N;0^$+YAN%u;A3QsmJ=LM6W=1flan$|t?|Mx_?F z16MF}ZQ95Ttvw0d2jX%O!!9*fqCyO2+Ds#$1B5!D3jNbDVCgvo9lND%R?akU%f!b(Uq#i^UUkO4DY~fq7aKKxp2Uei7c508b-UlM>2NTo>BR@&bMZ z9{-EFcLBC8xyr*59w8ay;$c&`FyJX-NNmvj_w3iXCxAdBX=DlzVkCu!z~w=V$pj&Z znUO49#<&XE#z5J|PF&c8hrteI9-}{X}^u~|>(*N)ezV>f_)mwh(g+K8PU;Mlmzx(sP;!Pj$l^^^qU-d(OkxE8qP3zxv4^^hqE0&pzU39{)RE{Fb-; zxyL{A6F>Dg|L#w}+xP#kKl}UN_St{tZ~xp!zVW-i{9k?hw|(z#Kl-Qs(cAykN4)X7 zU+|}X;axxSDQ|k)2R`-%U-?mg^Ur_Ht3K`Dzx*3N<6Hma-+#Z)|B5es{eSWufB2_< z=cm5!|M)ZS{n7vEU61~)fBY@)_mRVP$A9+D@9H1>pkH{OZ~vVC@cZ7U z8-C!IUig#m^Nlb5;IDi2Km7P_dfvNz?C1RO-MjtAZ~mY^_(8w&5B~4>eds+t=dJJm zHNXD{UiKgT&VzsRs$ct_$pfW$mJ!cPAG+>%z*pcu9y%S`@!VrLXgYOf`i1jnra$4? zCtmZ^tH+bm!@W5=-5vSp^r5-y;plYR*rU_WYZo7$Zkw6I({y?>InddS9g_o{ZF^Tb zJpI=``E_4<_uhZuSO32+|KRU^;d}n#H+}Ypzxk(s^25IH?SJtHfAifRK77be{->Y% z4e#~4zw({*E-M`|O-|L$`KZO@4n`b|NI{v zUh=VT_z&;<<_9nR(m(j4uYAq(f8+=M`H%hB&p!AA|Ky`S?4d7z^uPJ#FaG*(e%tfE z`#*p4E8g<$Z~3?n{TpxiH=p>s@A0eO`kwFi@{fAQm;bHqN5AWpzwnvQ{P~Cf$~Qjx zuV4Af_xKaP@qOQM|BHX^fBLkq|Mp*h{8#?&r~Y^U?xBBi__aq~_|h-?t;5ql@;^NM zdEa(=_*cLBBmecs{`!0VKVNnKm;dVf{J>v&(et1Fy6(UD@xT5*{^6H?!ZYvu-v9DT ze(~!*{ON!8+dussU->=n^Ue?de?R4|-~74n`r!}#o4@mUZ-2@E{I1`4^N;@S%YWm+ zJHF(xkA26N{EfH1_22*0Kl!y^{Ig&3wh#O1A3J^D`~T_p_|D(+^WXm`e&M&i_U%9X zIUn%F|NCb>_=dMnGO!;9Brq*=qzU;>UWdi|4!2ai7S z%#)A3?zPW8_+wAL=8aE2`_!wScplzS@X&)7zZQ=DKlR$rd+=#bz4isKeda0s_d{?N zc{FXkCISA!V~2-N@WgbSxq%;XEZ}5w`|t_+ML%{A-=E~i9$MuE1GLJIa1i_8?RLl8g#dfc!NBAJbos$=i3@fLk>HBrpR4a5AQ~tXzZhBYHvRmz@0vJ?AqJU z25mYWw6~uR+H^wb&=7CS@s2!o#3xXCH-9G5d+{@!)BA6;I|#!p$Gda7`fbnDr+&P@ zy&vyWKi;3ykB2Gop1KZNm;T)LsSsiqJFIY1*{$i{r!IcDy^9}G7eCzI#Sf{AA8zmB zht$O%Z|~xdsf$0}-o+nN7k|9Hi)Wb~O*^EsZ#zA+pNpR9{`M}OeQx|r=XCMgro#Kw zkKfceY<#3n! z^26OZo%yKw=N+JSGUjGlR_VF$jQa(ecucHrA7t7o5T2fm&1diJSy;M*y)XP)Y~1K&=$J^NHU z@a>e{vrn}H-_GmkaWp~u7H%AQQHIZ8b-x4O&YOx1Ry*+Rl;ty6(JrhTk09mw>{IQ) zw^OFiKGhC?)JXDq0F9n zs<=kYtv2saX3sv=?R|U0`&nbQ(=OE8deMeAt;SD9`_^v!RFv5>BS<^fZv9lqBKuUg z_w5a3_Uu#bz_(Lo&pZ|FU%T-LQfALS)ed}no91L1+QW8htdK$$Zek$kNY4h5xpUU}m+P-$!)(Qowl;w_^J4OWjunkneEn3<$ODBXS?-NIp0nj+HU<+ zsc&y-L)&eis-?_c?Au$~(01#mN_~4vyVq|0RH<)ocW|b)b%$D8cQ3>B4>Y#!3~Nif z*KRz5e7-#LqAl%SyYW-G6RGVEj-f2k|y>{!Ta=v{J2UGpY)IA(c z^=DJ}a5&YSPHlH^JhgS_Q`;RJP;I+Zx3{!=?Z!6f&ZxFKIHcOTQ>yI_j;XfpoN9a4 zgR0whv9|6wYP*B;sI5DY+V0>)YU_@qwmUeJ+PXuj?G8?*w(eMJyMuG7tvi_7?%-r< z>yD?sQ-nnzBU3|0SjdmM$?p$iOgLA2!JD1w+;9P3w&ZTxcIG5VFbE(}9 z&ZTzlTxz$2bE%y>m)gm)h;%Tx#derFOJ??ZzYM&ZTz!?e{=-?p$iOgLA2!JD1wg?zJ0_pgWh^!A0XY z_oD7xYB%h_x4Uzx-44#BcJ5qicf9@n_RgJ4?dXo>8?)V=OYL@WF12&#Qo9|TOYPjb z)b4%~Gm)cWi&#-+5=Tduj zF14rKYd0Q2cP_Q3-D|ggs&s#Qzk_qBy*roM)9$q!W981JVnMfC=VW@y>=_%R-D@|- z%AHH?cW^GXcjr?39h^(;DYIura0lm7d&=yYr`o}})ZU#-?RRi4wWrLU#p?DsnVzes zMJHeS9h^(;-MQ3$2j^0I%IujD+`+ljo-%v(sdk{--MQ3$2j^0I%Iq1ec5p7Wr_7#x zs@vZc)>CFLeyU*y=TZlEE_K+!xzvG6+eTh=*ulBffiin$1b1*Qb#UiWhaH?t9o)Ip zVF%|@2X`)Y*ulBf!JSJTc5p6raOYBo9h^%YT(#6;2j@};%Iq1>u!D1{gFBZx?BHDL z;LfEEJ2;m*xO1t)4$h?x?p*4ygLA2aJC{1_;9Tn9&ZQ1JIF~xObE(4)&ZQ3STac@zse?P0I_%(F>fp|$4m&uPI=FMG z!w$}+4(?p)u!D1{gFBZx?BHDL;LfEEJ2;m*xO1t)4$h?x?p*4ygLA2aJC{1_;9Tn9 z&ZQ1JIF~xObE(H2oJ&2rbE(H2oJ&2rbE(H2oJ&2rbE(H2oJ&2rbE(H2oJ&2rbE(H2 zoJ&2rbE(H2oJ&2rbE(H2oJ&2rbE(H2oJ&2rbE(H2oJ&2rbE(H2oJ&2rbE(H2oJ&2r zbE(H2oJ&2rbE(H2oJ&2rbE(H2oJ&2rbE(H2oJ&2rda1`9oJ&2rbE(H2oJ&2rbE(I( zo=XiS>N!S#_?~ybz;`-3yuD=o(H&hq?%?R^(H&hq?%?R^(H&hq?%?R^(H&hq?%?R^ z(H&hq?%?R^(H&hq?%?R^(H&hq?%?R^(H&hq?%?R^(H&hq?%?R^(H&hq?%?R^(H&hq z?%?R^(H&hq?%?R^(H&hq?%?R^(H&hq?%?R^(H&hq?%?R^y*s*kzk{Qz_wMNG{SJ<< z-n*l#_d7Vcdhd>|-tXY(>b*OirImuHL(&tM@xNx_a-9uHNt9=<2;Y zx_ZBZqpSDs=<59rj;`LjqpSBjIJ$c8j;`MC;OOeTJGy$mgQKhW?&#|M4vwzgyQ8c3 zJ2<*}?~bnC@8Ia_y(_7Dzk{Qz_wMNG{SJ<<-n*l#_d7Vcdhd>|-tXY(>b*OirImuHL(&tM@xNx_a-9uHNt9=<2;Yx_XKae7x{=Z+Pvq4P{;RdFm<@NzzgY7SV{zDI5^yD+o zzKY6bKKS&{_{@h7cl{&X!|=|B?>_s%%bs}pN$3ps@9_sOeezA%owS0`DP9BT=f9hN zMtCmstndtwf4_qb&GfAFGd>&s`#AAzhxU>FVc7Qd2t4ojbb_xuU6b51b&Aiu6rT&X6WXg60U55XZ26{vZtSXBVfqGDvz9A9?Ju52$2C4 z9xpsHJR*UI0}fv_(D<0pj<2CM$YP0HWiHQ>wheyMwqo;=d;ZqM0b?D#NQyeVnkv=(Zx+!v7#)WPvQ=+F=YMkQ3 zO0!hLCryctn4-ZU&iLdn;-?IT+D<*~4BN^4^bu*5&iIn(CX3=D;-dSE}HP4DIh7=PtS2$yu3vG!2;_r~^f%5wN<8zaV zF$o0L(<3mvkrOe`?O}}$`!cMD;NI~hcW}}4j|u+9k3aRu2>%P=3%l_G_^uX+ua)lL zPyu;@6H>0Ldne~)xgT|#{5lj(c?8J5gRiyyrE!agdFX9_-S(eTy#0rJ)pU0{w!AM#r*7W! zKQXw#M|?>9f@|)Vb!=i_L#M$-Q>PJ-h!{A~;Wg>|#U|91M>ZRQLL}&LVRw!KMHcq}L{++lGmm_enD4 zoA#06;pTW}J+g3^ov_O+o#KsVi@OKUgpY+^L2%A=6Ac0<7wX1>F4ODM?lxgG+1Zj( zrS8&Es%R`(Sg}9jv#L6<`$0Ff}BD3k3JDCN4W%lhvz+>JKJ8ZgEs<4&LD~7 z#1)8j#Ny0tsyxL9s28II$S6a!R}|DGlNj|nMQf{X7-oA9m#%_CoV5^73@7sL!{io= zJl?;UncSd%3d5B5*TF@7jjw}oH3LsV2jCg!@OWT(5^D|+rpI05$VG-W4lmsq=2N_1 zwm7udmt;mO4sGNBh`b*V2C1T7zvq^ z+nmcSOZ}fhfZyR!>2XnK04%fYhAyb@KPv=bCgkn)k*%jQAp;>;@u!T@j~$Tm$UvD<&W>G}c^!7`U6aGkI3AK9 zvFeB~nplh-^jWdn?067Iz}?NffTczo3uafIFh><~Xp>AN2M-cWGj)_lPJPDffs3(N zGrt0ElOCuBi*c@Hiy5)#k4ZwsViBuRw+eZR4<#(dLUNkOjS?@``XR*a?AV2bHs>HB z&kZF2)NibZ^AJuT~KIprYa}7-WQH@j;s+TdM;`# zwk(x>+I_H+#S_rh?yDNc2}#IA#;N~?XTiy<4f4-H0s6|OwFC+=215%XOpHss;bJi@ zQX@bTYkC%*6`y}S>G^#AMo3Vgk(`r#8yQoDP>^>HA*d%|ry_$9Upyt&zWHAwz7!a zE3k!FqfClenq6o~EiWWl9A<5MvS|j3SuBa&9a*P%Q_*6~A{lsY%rGQFIfe1~Y+^3R zK!?SlJK6BSV!=xUGC4U(9G`4lj0FsCi9b;0<_=0!(%MW5o`XVB@GkHpdnuffkr!x- zIPS<9{4QQu^E8;o#&-IG&!j0EzSBYlzFxSD6BxdSc!%B`{t!N+o7l!Fp4LVqPX#yT z+J!5NV=SlLLCaHo@7iJ<7f8Y)j))iZldyyS>%t{r3o`>^aCQuXJmeH+grSqw7Q&SvC*+`T8buLt5?-S@LF5>6l(0|)x_vj7LL*jQCMSPA< zJTLtY-y>dV63vkPb!fK7B++kK>^7dnyHlCCO$Y>e*Qf-7d>dOP5EM(KzQF$i9_am` zKh!Q*AZrx^%7Dvj!fXRYi@O3?Bi#5EC_ZOG@FFvOxOEVQC^&8CYFH0XhHnh-IL{MJ zW^e_c-Eb$}Qj7! z!s0$7br+5^EoOmP#^Y)ztTczooTx4)>~^)J90)Yl<;EOOLIB1WwM4d&g!LAcSSq`#WKZ$l`^Bh$ zjuu>kLH(o=jT}0T zI=we#dI*19AKT_=WvT6BEKA*eAgB0x;KhB6!k?mtM{kadMbD1kQJRXCr+ue?%j;=^ zhK3MMq6NU;rHNf%qh13ie)#N3+(O91DVU{}5X(w;eeo$i@39y)uxWfk>ZMHSb1UK) z_^d^36FMQ-ap-hImQ@^s%N*)b$MG#Qi}3-U1_Qc3jOe*kQpGq?aMIxV(-@ps+lv#) z?$(=Ad zDyPLJP9gifv+>!bRoDP9OR>Rz(tHDbp4xG7cC5mJgu|-s8=FctSTS`(rTY_A@$E^g zu#&k3@tT{fI`q}*jgTAgVp1Q-DO4%A{~mu2+#nT#o-I-)XU8xoU|x5O_?A;POfW@| zWKNtWh%bI$g`ikf7D1f#5FtboEJj1qIJCzk3%-WXMFin>Xtnscn9wH;h^Qj^@;dsP zQx+LCu|uebE$z_v8E?hJQjA=}IW9T53L|)4d{*j9Vcw&~i)&&Pbh5(=;|H@J(pqG! zlwBdrQ+#vSDy$;4JZq6?d7^k!A)l2$K}~Z$AhIyHf;{J?Vm0mVEjz_!3|3(RcBA~c z874t}J50J$o3p7{eY+wGCu&)moy9gEQfRNz4ankA;~7FFtpDtL!#VOESayel|zii-=c z!WBkZS^AvDHRykbYcmXXzmc6mUCDT)AVy4ibeLe# z0Mnd0ykv9$m}U?IrBnsHo*aNUU8OmNRXAaTFvB5C6Lzs9P|;R$B;%R{r)t>vc_Uks z9Fmu#c%0N0Y&jrzwTe%1U7R9K5kHw|l%jKvR1=xlcfwR18~z(UXE8=em`Xc#65LfB z;+WubdFL5SJl!GC4xJS)ylNwJk1N=7ii>kEh6|oa;VN15u3!sMX-qlVF?eW?His^- zG3CT4Wf{!H3-R5ni!l`X(C~t3X&gk<(s>nrNpp2A<#4V>*PwL5_$;MdO3O6f3el*9 z=;Klwe6rPr7P~lpa5u!B;(}3&u@iirGuVYVm2X~VS4X@{bdE(Xjxtca&2rDdz7V}S1iM4B&CX&NM$xl!EI-a+(u53_OBoi# z6@SL>V%f3sChJJ8I7GY>l8jcIWn#QW;O9(%5sNhXQR$Xpx2n^Q6y$$52y7-8^bz4sRoE+@Tg3)0##Z3nnB} z;1fM4xHV!audv(5s}<2(X*&<)bP@4L&n$<8XRdiE979EOYlFoNN2oYd5Fza99-gRW zEjYjfbYS>Za$>k&OE>u7&OsG?1cpq@u5&@KiUOT=*U~wbt3q&zklYeLe9?T-T`LXX z=`Y&TATM1{G3^M%bpt7VjkmYB>+4T(HOs|)T_7*dL1l{az#E{&6N3O_^(-NJMpHrW zAWI~UAwgO?+?wuS)B2Vpu`GA>Hc!;D)*4obOPKvRw1K|k?oLYG!uwIoEOiNpnZqLp zMGiG0sqMDPSv+E~O+^okP>jnUEanl~&O+~SF+76cb9i*az0DL@JYwPO3NW1FdaR4_ zh$P=!mgQnN1gYk5X!ntSAV_zEyPTVmqwOy6 zIkX)&+JPWVTabab-kdLpOjrmIp+%~UkV!6Ei5UZL(Z=Yhf3KFsNJyVbf() zo$`o-VE7k_8w(*eZGmuw*xePBK_IipjoFCz63u$7NFM``q>e0**t7-61uA)000w34 z0BlZq4>!R+R8BzHH5O;Ef>tunQhu%n83_~!76z{{qMEO0H%3KGh947GgX8>$Fe;oY)KLt> zES&J!bhbn0(VM~>6qkp$?GI*2JHShcGx(R$=~Vg7ayKr9SB&u$>;-!3QXsorP|#i; z99-`Qf#ta;;7EA@HEgfdsY>5kCPvDum@ba?(9JS&iDAQQbOo`>kb`PFusn}42lmu@ z$}?t`N)Gnh)~Hd|t%WjDY-fRTi&38o+GzS=g*&GC)6)_T+zDo4s9@l1^y2!%9hY&` zwJ*M>B{PXenW}VF(Dg6+4oJ{O6(BfnG{G4HzVYU5+?0!JW%wHWjx$SSnIrS<5#L#&$OR9dC_^dS%0QN4OZ{csyPAln?Rv!2y7ip$!-kTQ`ce9lykNompX%9dQCu0YeyadxCZ6Jl9cZ_7Iesscw8_II!@}zQXZSuc3kG=i;s9% zdpbxzMq9TF38`whyy<-Iw!lyE6}s)f|P-a z62}nhXI&#RBe+J=1ePZob)(rHbq2t2hY+a-;NTQc^P17D&}@U^Np^(M_yKo9JPq%s!|@0TatOs1iZT2ieTK_| z(ccZ@Ea~fUoZ(8*O!y?1(rds?*>U4I>GRf3u=q%kuDmJ~qrP-d6nSCvC115|!NAQ9 zTfm4k=2gKMH78eqi;QGA*d6St2N3j>8D4X)Dv%e?7?JM0Dj1^U7Ce3>D+;H3%*V!+yG(p`(wm{sOz*aiotjslO~y3o0z1k zHg*nORc;UaiZMC#5Bq~(v->nMSd?&>#z6j_QVMWOvb0n8_^R$y?dS_2SQ zRu2Y$jl5JipsTxqW6aS?g(I>OUg$m8^W4x|R@;)Q6ymG*q%@Ybnl)ll!4cPh0F_pV zaDi;je$L97F`w%|Y9Plm$r%O7h*GAU1!;{aRgfaJeRG2v6+74Hi4tG~)bX>EPQoCQ z`s7QF4LH=abkb39z#XW0?S?^Pe%OKJlOPF5M!vdoe+M|8v|?sfkYXK=;Rv|sFvaN9 zf>RBEN$vRh!Zi{)bsZnx zMPz8P<{8*1FflmFoP-M3`orsi>72U2ln4AH+7iH3mc;v0RRk1AA>c@argT;ekuQg_ zoNn%yO$#;U=ZeujD z)c?fYhG$zm>z%XvqkyD>KPKWl+S~X-_eC2CWz`vzQnFyIQP(jTk%*ktN9P1#6o?K4 z7?eaH3I`MflaggOVL@15R6lzk^VobqwcmyI$4vq&#^Sb(d zhr3k;{9*`JNVU>TfSajF^Wsbb+8Et0>1fPkfr`n^scse-<(Gr%(5E4$^&oK_KS0K( zbg5~}oU%fKmB6A715i~UjdF@BghZaDhq8S+M#w`iq|9X%0~n-IEIYO; zReZ2WtzHd`QK`z+@*^`kIEFJBx~Zv5aKUNQP>}p^C$qYQ=X@DsW|asLfiJZe^`}}z zneMTHi6_4b#P6SJn%7$Gs$M5b4eWwJW9mR|1{^`^@6z2p2}l&z=oIY=CzK138)l#1vBVt>zw73Mb5^M7OSco;F5JM53imZsF}B=((q|G8jwRtrPn&Cqs{tNhksSq#g<)+ZpfKQfF{L?)lA9ejcYll> zV?t2(@y1)5x|i-tswFP_2VjtTvtX=M{t8AEJ6@#IV=Ty5)5f!vI~$sG+9-LBw{54_ zDtYa66bq`UZ%MLjX2KW)I#3SxY0@nL#VB{aZQg>iR=F!EXNmzggEGc^d`WA}6gN90 zpcn=2O89}rtX1F&%9&!m&7h1io&yDM|Fu(Q0*X=4oQbhaLBX;n8K66lOhc7^(YPiu9uLU*HxZZm`-g7XkIP&(S`;RHmZhh0^^!`-T~e5ipH z#3+KBo50T*xork7L~4+Zp?u58KcB@)z$3k@;VBsvVT9$$7#l?l}$Jj>nm})|^~5b>J&13c*7pqv*~c3=pE51L!g)+#>@rTrW$a zeKYtvptGL*8uyYma-$$ohJprI#5WQ-S&|a|aM&RC3|Pjj)yvqYBy5;7H@r#+`;Cmk zzR(^Z>HqS+^ZVzQpbRFYn-4?kgQS>*Mo(TTuPS+m#8Vj1`-tI`MB_!_2w_Ac_tQmQ z#ng=f56cS%5=02C6&i9$mLY5Pv_ccJU)c=GY3fA9MWG47hKHuRORpeGz%jbo)vN<7 z*Xn8oCki%hVm=|*@Ss3TvfUv8#pr5RgbqMitE&~1DA>3OC?VKr&;bp|XnxE){%G*O6fQ{IdrfPmWO~ZLr%b*I?8*e|miAzRs!lFqdcjfU+h2W&O z7u(638KWU2ms_yVtj!t6{Mm~dMu>z6I(<6onNG8YZs>y+oZPmp1U^)Wre2o4h>GO{L3vnJpejqK{p0XSPVGCo+O zlW#hY(X-5h)ZF*kKth%|)J>Bjvc71mYQ_hPl=IC&8dWr3MJQSb-SyC=X{v-tMn$_y zb-<*pDjGrBi;|{i8JWc4)M#$q-7(LkSWUxcrOU$Hv_&%FgGGw^W)uFXrX7P0uu2ZT zINE}eFeuj3aP64~XRDq@a3W1T2hQ5G`$fYNdghU7jLpcj-d#g(z+@un9!ab{mj`ij%iIXTs@V57k!v9(5UhEH44Ui>?aUsOKGIJzNr1MP%KTi@D94<*T*9*0C}Xt``v5#-Th%^77ODN+@N3MJJE)4r$l^{tm{a}W@hXgQ zh3daLzs4xQfmSriI0^vG?-{l=3P6TMQNSF-j3$E_m1adT=Booa=G`5T2heXBG0fx& z`puW*JFF_nhhh@lKQ4$PkWr*i@@~5Vbc`-qj-*D<*XJ`G!bP21ec8RksYSrI1S$WR|)tSZ$P1B&7{iZDv1ju8fs`utlr=sAJ_=8GGbXGEA#BS1b{ zpqhMJ)Eqt-0EV5$uceH;C{Saj-vQOZ4yT-wlTuSM)AACfk-gNk6(~SRfx0P^#<;)% z)Iden++@JT8-wriaRHTV+6s`E&u*AB#sqRv!RX`%C}*Dwpk#SlndD=FRb}~7pA^Le zb42ewlXP-07^dTDnO0u-vQMg()$i< z{)|gH29xvZpNfTT1u9biH)YbO^g9;rqp9W7JF?WRhURrX)&JWHPo(pA!J|>fJD5sQ zq|}rXpm_1p%x%=P6{rn5{-Ppa)aMSUQsn3hM)Edb15F#s(jTN28=sLp@YP0zZO)PZ z#;69jE}QMl@Nc}A2dn*1Aq)JsY)7tj*73 z?-p)&9#-~#s^^3Veh#7qvy!dN(8Or)8Oi%({ZOmPscCq9Ox5Ge_!qVaDFpCr_;~nL z@*fw2Vw8Ihisrtva!;Y)t^grxXz4MgYX?-BslSQSYh=fmPoOkWscdK=7zB zh>dYkAO*zeTVGD_u&SJ33`iu|Zst=)xh7Znji!_Arb}TVW(1yiHM^>8U<^wn)vj(h zqbzf9V3i~jD5ijzJhd-1c%Y^&o@9k2yO>8AWtd#YF!Cgk^(idG4CM)znlm%cs6APsI~^?DeR6|G3JgU!0T{nGg(}f);R}K!GY^6@XGC-^Pp@BA;fk^g9JQXo z!+H*Dh3#@_htC<3p$0(O>U>N#_ap$CvV{j;?6u6Q(7S7rp{nTdswuqW+Z^yiJqrV( zfTFHVtN+pKQS-uRq2|Tc5UcUE@IwcmO9P3Yg|EXwf}imjqwUaqgJP6T&KssFba?Ou z?zm|y|KNG?k@2fIw@E;>6h4FtPtI1sHfm`HTYpG)+@-uT`%rvY!~->L1y07E#v25} z)RDopd^-zZqsDfCwaqabd`JyW2|jq;(i$pCtgV27AzX}Uz%nvOG)nj*WW?}2g!5pG zb1d|ycEMOjUC#F~E;m-A%DKv(g%IV~RtTXRTOp*qcxb?KxEcKw-DQZ-0hg7l>eD7+ z8P&Oi#U;a1V>IgAS7SV^s>X;875OAdk2M>qwWI3A&H~J+&K)qAZ3fLS8@8BAj0awd zwTwYwwv{oFMqlgR&jQS-)9Knny`2(eLt)l4D&5y!JW$hCSR$o9r@Ah}lTn>JIB@v} zavbwKG5XxsTRg0)x0o7Gq|vVm$f(O5AWcbD8ePr{tHyAsX$wQZHG)UHovWq4AN01| zkHK*q9mhB(H*F=Z*3?Nn_*!(_v=ta&&duf^1ZLc9;DG6%2tv+;Wbs|}jjwfhpr)u01&u7X5*#+ns2Z3PJ)UO_6&M^^)DRLp!oVI=nQsWoPhW(K$-o`q_wUdAy* zeIq=%IiE&7>>zTd!BcN!6tS4Rm^C1YZP0-8rY3Igg@C>Neb~w$9Zwpj65}M z?f4Q6T+{JU>+-#BG38CU-9zdfjMDWL6%VT`D&pLNu`_fB{wvNi!`5!o=Le#@ZbM=; zJKnN7B36H);uZ#5UIwC0x&8<2SC>*g@jW8CdS-p zz_D(?fs4lL)t_9;rLZS1Mgb^6K_;$@;m_zBAyXU&o6&x^xHq)l4fSoD1X&Ky#`+^csjKg z`G20s$0hl`hhdIFaj7@0cJGxPExxXCcnXv}JU;ZSvzq`YB>}x(UKf@(BM+Z;upN?1 zXrLf6%vp~=ko|5#TV;m76@zLoZs{B!DrmA|#)k%vz^o?65q?KrB*QY-$ z!MT>C2CKd<;9+%LK<)5~sGeLJypPtr5QGW$PQVF3!Lr9F-F3WaQVElE+-Nsn^Y1`S zTP!<@(9iD5#`P+`QcWZa?NCMEJ5Ox0Kb2Pj%@jvXTe`a>9^XprF&1~-?Vz4VJf)`& zj7KyO+wVVJU5QVL9mU}n^W0-B?mFJyr9nwTY*J>S<20Swk#;(*uy1UpO_yG5u({wLqH5S!QjvN~x6E<|{>`i(M zA;XznbQfwfY6tEN=>73K{!aCqz8=0G!Jzar@QfZhJ9@orZ;Eto3=Lmpe~$}rqZdeY zE+b{hfc;-%_SpMG+0J=6+@D6L3?G&6s8VrB3EofWh*HJgDq4tCSaOO`!l^-Dqq)m- zA&Q@yQN=OJd|u@4&Yon1>%)jeA{&@R2Ikcz>J(;pHhetlI>Ld3Kmq}A5E3GWz*mGD zh_oAcM@{bFZMx$lR-*~Ls?o?~Exf2tODq-}qtS-{X*?Nh5aA6r20w!x5)%b}Vw=QO z@KFpU+N;_#vK#*mFw@^i#0s_H5Ws5!!-H~b`BFJ{bFkH-dl(NC$I;h`kD+m7qK2)E z^Foy>n;A&J*@ZfO2d?|Z@pvOw6ivkANJHs=Y9ZK8TYA-p!S~Q6IG~RUltauA6N9t5 z`IfKziTd9j?J9%mKO6@3Aqn-#botbdo?aHc*wY``70&cH^=~L~unl?z9SRrrt?};4 z3Nl>udy&u6(C3gmz&11z zBzx3_WiEMgutBE}Py;kQ6d?pvg8Ot6)vYt5Jt1S#?!n_DNAYW_dqK~s?P7OjM`Fmk zDBpn%^f>}gd5#a=mrD~UD5dVhd!tz!$jxe99G);&q3{BSs@1K90vqy9>o^wO^d1YrGz>?F>BUlA8bAFAn4?aMdsf7GS zHTq&&2Wm2`S>WQ36$piNiMn-0D0H&Qb`?U@$*!tHWBU?^=8LdFtMhSMMC)*K|4w1rA zr^ai9#!{(iYlkA|H5WgoqeIFOMxDN+^(HeheB{`Mnr*_7>3OUUUW{M45r?f`$wr?9 zAR6NUkl%{9s3h7Pjjh6+R+})Q$k;25yF00oD&UNxEqa^5-sg=+}av@L|8?ctOMB-VHbU$%^!Y5)NM0$VN!NWq^F7!BSaK5sNe3)d9o?q~ zpMxIe>`=;QE`hSAL|O(+qj!DDvja8NfGKX5K$+tlN;-7mn0kTl7@5Z0Jib7F4}g*x zqRC5!>g?dEq=e@{fO9-;F^xaZQ=^o9$+QDC)j*3L61aw6n%JA1A#vt}*HR){;HCFK zR}p4yr#9f$5+$9QY;)gaXGdn1h7G*FYmFA?+Zr%3YTEd*3NWT-#uNz1Yh{%-^B@30 zD#`*;qqL!Ot1c6dMtdtrZe9e25tFSu*^Nk0<|* zix6#|7gzAfK_vz};m93Sg*nlvab8`ttU{h{H7^)WAj;@#3W{s(+^F40)|`!n;tuq) zBRB4#?VIElW6oTM{gBMOV6vpvEV$TI11@j~JC9#;f}=a<99hFz3FemoTbLi&b+UOw z*8#)FV_3PV23Gh4gcQGu=8e(=VToh~MTeLy$9Ca-_%8f%CM`p`1fJrY8OH^UFTlo4 zH2{f_B!H#>&~O@sf(VBcfQ8|-Gdc)ra)JRK3HcyK*Z6{I+*H$f5qfJnPp^&UOzixG zDBx?2WcL>44zlr|jBMyCb z9_2xH&J#`q*jy%>auijtMf!TyEl-&Zu!0uZa()BdIrqtd}Ez<-OoG&OH= z3VU?Gg?TH^csIVd7&mPlA?yy&E{qU3V{(jXzH-6=WAaT$Q}>`bs%B!Z6ovtAInGkm zC|O?|40ftjOyCFvprAm+H;=~pV-0Q74)%D(**tBH4)vwFnnk6$5N{YO8dLm^t^&Vf z_uwmZ4_yqj&u#eaP@uzWXtIR&P3cjkHh!iXcj45Oi%MbX@KT3aSa_Uu>g1wHX6js2 za4QE(q)@R-B*D=P&;#T4a)40teFO*o8(z26d8OTLaTC^jcjHWP!@K!xcWYECvH%&O z{1%KAS9`#+s4+lj)7-K#JXGr#Dy#qGYm`tSBE(OJe=WsCOr%F?% zs^MZo7KR#yha)5oa*2_g3nphkDw4fdad35gUgev@RgEt?#7$dygMdXEvIGdaV$~Jt zeNl6Hkp+uo4wQDd&%0WqCw-BsW>JxLqS?sE)O2>r z99&25(hEAww$w&WAIQo{<1?SsR5Pk;^y$J;cQlv3F(t!NKsqQNlN0PznJnard?Bi4 zQ6Z|F!;G{kc7#s!0?ku;Yqnvj$Vxlf4*69P9_v7HpJ`lFU@F(qNO7+2D1bC|@L&n$ zn`3snDG%T{!d_o4DkPQbc%&~^cN}OiH-*O2UOL*i29`^_&|r?8CRJb^T8)|nX9kX# zC`=9wz?n+0Edc{xLvaLrAjJ{t`6s3@&Vi00){tD`k+?dJ+||{Q4zLhl(^gl95JdWL z$zgIOGg&^opOgZ61ZcqeHQHXf(STmJa3V}0>+x*(Z1#d`hXvO7qEXGFqEU0Ef{?+p zr4UY0MXNpkfAP2XLQlDfrb|Y$j)h; zE&F4ejg(EfsK%Fz;-(t2i zHg21tm3HxFX;v4VJ1Hx84=OA4bT9(6?t^NLR^`Rmmj)dv9PN-j@+mCRpu?AmY8I7= z${A&(y)OyKl!r>eXy68xtn21!P}zY3+%AJqwWzJ^0Fac(G`#~b*;LdS+2gzt8kLCS zB}R3CD%x4#jFR`oqnbsWB;E(zYG z8Op#-n4tr*&mU-RWHCbgmoG%sP*V-dB3)j)Y5fYbp#u;$t!EXMDOlC`f>qp91E5Uj z$i_VZxWtU%4zE0TM&EZnb4^V(;Gv0&kDJ{o3HD2SXH;9k8{*7Y>9}DHD<{ocT+b5o zhFu1EfH}vg=8c5_o*M)m6 zai15yANO?OAjs?R^B0O)ysOK zLjfC1uM`JZ)Ij@Dxf}sn{x*#A+yj0-;weTT;;Uj@Xg|~8GM3KO(pE@H* zlYU8L%#hV`!TOVm_jPLblj8DJtymH-9?Ub2}AQ{oG%LOBgZ zO*Mdtvm}REa^#n0+Wd--)PWh9*15tl3DbnPMSuU3kGv&k@*0I(sQGnF2 zOgeN+u%;Y->c8+9bQUN+WF;XDUlePBs>#RW>=$eHYq2WI+~U4DI?@7u6wib@Ms8%_ z0WR*(=`4wz6j-nL>Avt91};(j=K?$e6d9j_N>(7ESWSIu=B3wp5i2EwMqilUw!$n8 zB84b#Ig3qOp#_crB}TP>ISy7-WY&K3K z$H&qZNmJCV;gVm5k&BAD<-n4WrO~|-SgYrHFdI!W;mRpJE3{2aQx4$L)=cJ~nmoVV z0*s+bjmg7<;sak3;CL!ZJ?hj-?E<0XfTe4kW@BGdoUWltbk@ih6{pMbHi};KfCy^E zDovS8MkOPk;$M2SJU`(Gsxp`Rl6K9al6E z0xW~6Y1@*Qjc5KS(eKK)Fh00a`ONDcquDxeZzC$~hwOifm)1AvNFdB*adOwqEw=3PTg zH7)=;uRxdfdhKO0bAXGgnE;%r8C^eEIyftDP{1jRZ(M}0tGJ>j6EZuFvEbj?J*_Y@ zXUXfIo8h8xmH^(L^5<2V(>lpMpz)TXyF6~ zkaqCE>r{4O0tJ7Emb7rUj$>wbpT8a=uJ?FoxF(f470R9(NvvmsKlg=lQvbIL}LU)!t2K4 zIO!Z+i_mHOP!#gYSoS{9OFZNHjTaW(&ax8-t(o zvC^j6mNA^rU7gAI4Cj=Y^G?mBaS?MdKmYnC=uHA@vd zoOOjsxAKK4cx59zblIYP!n6RLU)iauW~$IdF~(e8=T?xq8Cq;)%Ao1AgrpTo5-kv_3AWs-3FPMzIO}$cY2!0&Szhos+;?6fwvg-Q}H&XHf)^uY@0hWXAWx=S<0A z3rV5MYGbObHonR#H`QvmXeH*7kW3k$g`e*V7FQ@zFt5ZB=DR6d{}w4q_3q z3+R&irDbeshhsM1%=`%Oc*S2`VO1bfw|*^n%FKbtI}eRn)9|%c8)~XCB!mXO6q=HD zItO(4x12kcS-0$t54l=|4cF&YF8PYAO?5?91Ppp`bHHS-odS%P6*%BN6>9P@rvhMJ zombanMZjQYQNZSe!Nr&bAB=yy3{+q6Q>Gqk`&Z+WqQKWitPkQ>7zfug`To}R}3LePoY$~T(0~y$v zKK3O|ZV6;%hLz5(nQExbiQJntKy0do3!FAWgY#xLLExelo)ok@nCs_3<7tz#e=adDLhA51t zOcVe!kxi0(hz2ObFJOc zssVEzis>_gMdXayI1>-nKmr)-ZXQBnSTIqi z<=d*dsc0hL-QyiMm-1jSZ1K-I2+RCCz|QV0eC!Z)j&%8R*z9x$B^GJ@n<=r_+f4`y zlI&q(DC~A+QjLb|^nOc)S!)az3uuZL8|Y zqK`m$;0vL-Bs`NY9@w-*ky*&-I@a0w(NvgieT7+Wsx`SQDEuXWP4G+7giY+m@PYA-uBwUkYKFe}xT`t*MaP`U<(+ zR104e5nO#COnfZ*)(Jt8u&smqMJ|9c)pJ{}oN5B7s_MBq9YmS@o4}n1^cfO2%9E*b+>RV_&1u0Eri%qW1uJkq|0a| zbBtRH$2o?Ao(G4$e2@826A;)!$4}Pg-9Oz+7M06pq$}RcnUXq31NRH}CWQRaK0k z8|3CA<$o=BrcBR5Q@9yGxDueDH(TSYRrxpro?GQ_G`@PK^@r>w%dM%P+;U}H3umq3 z2dAzQ5{=|Jq4>pdObH3g)~?B3&D>Ja?Q!1pYXS{6)%ZDtSJ;K{Qe9kV!^^p;6e3Ch z_&r?-Ci5%0blhEmhm~iK#7DQTrs|%i5Y&YL6KX^9eK1{B9GjOtQ|cc<=Vn8FQ^6VJ zs+)nUDmbHmL|CC;*fspxJFI2Dn!SerZgxTl)vNj%&uvwWX9W~^r+}80{PqU8J9i>B z=UoI$AB3fHIiHj_RiIm61)7^`9YhpsECP1RG5o7Kj1=Sns(!&lHM>w`>Pff0o-{Yr z!YuxEvBTIA%-(^d5M$lMoTO*&1{dO^qN>W&>O!KZ=qxVehC|?73h)N0Q+6q+I&upK zrp9&aYg}_vE!#yTU6Sp~g3pwxs2;LRebf>NNrfo)4Zi z2&hE>EfMU4T&EZkQ(2HJOu0%!n4f67lhauylCOF!58i)YE8xMma85cldr0{t!xEo z6zWALzeUho)dfH(nPsr4zuo%!+uT&kU}3>xCvZbp%T57m9%o`7Q;)m#^|-mI7SJg6 zIg3lUBH+$NXr2tdqnnub#-#;+W^eGuJ|?QF=B+Lwj)?>|>3J=^HxV76;CdPtJvp9X1 zpLb2&?3ODX+b-kh)pj|GDRA=-Rd9sS)sc)xk474p5k?+fPs!eR^jEUQ84CPi`rGiC zsi9c-3WYISQ(L>``oiAjy7P##M-6O6`35L7U`hCyI3 zVD>a(OATcy1Z4w)qfWUwikDR+B=;4qTWYH9JeUA>oG1$dAeac637Q4`0>9IK7ZC^u z0Nsn0aiY#F)Vac&^JZ~?n`3gB3a*i^obYw6VVR=Rs~{(!+W{8%H+2`UHWvuCP@k6* z)OnT;>hgGpZu(tKRTZmon#69(sL<%I?B*1`Z5K-$w@i)c*4LQkrdonWsYR(XE9gQk9FD zfvf^7(Wz?fl7+DZpVAs*iNYlgrUr9M1()q+yQ&(@Y8+dX;Q|OI3?u1&cgo)WMVCU4 z3-er~)-nKvVhsae^f#%(iSAD+1!NR%P*Jwf^b3Db1sCnIf5Gz~dhntrpLzCGT?)^k z&#qT6AA*69-?i{yQ!PC3`06)m3}g*FW#&Nbh&(hV6YT35!-B#YpaERY4b2jmVpgqV zRJL|uYibn3ybTChZ$nMBe2SFlx%jjdv?-qP8ekCb`D?71Mq$y$*B@@H>JOvmKo1ow zTPzR}hin*{!Rugl=L0X8>%z>2O!tc*MzsttBpBgmy$^9>3g=^sODFzKW#E=8i5dr8RT)^>u|?bBd!gSN7N+W@Y#4NB@a&Ew zQ?<7pd=8YFYR5fNw2NpyF&URUhjL?X!nWR`xy$dpFm-lYUuTz_YGJ8VwAkgPuuSoU zXWrmIPx*NNpVhDl7w7s z)cTTIEes&lYT;U-%6#f^&;C3}CX?!`*|yYFV_*mpI8W>-eqA(@7XLOi4O=7Yx_l

p|GrV#{?yiZ^;yFyAG9hvkU6X0rfAwT5MZYEf%LyWJHCgo$C68 z8PL(zaS<}VA4}@+iLc-)nZ{RCRczHxN2+woc;}p`f-*DhCSa5M8Wjr- zDFd?r4UjW|uyIzyn%bo;*MYPU)ns)QqDaG@n@dZ1Mf{TI$V5qe#Xv|o^-VsYG<8WK zd*&wls=A~KAAE=ZE@FyX;VUz*w5Qk99BsL7q+woF%~6Fe(#jWg?&2+{oVzv1{ETO6 zkG6bEy#)oYNZBd}6qHCypJQ(uon-*i8nECx*cozlk(sBNV4RVK=Vc(Xbx4IzI!F3C zq-|9lQUy{viyfvD*^mmS)8P1T+}0EAWWsiQoz8vw^IXuuxrJr(oK!QA2#hN`TGk*3 zYgrTN?5&-h@*1|IaFJwYwlZ}*TfX7jb`(>jwH=Mr@;S_7DOhfA8=8a8Sim$iiD>7G z+;^Z1DV-TL^*&o)?~|Kqp^LQiA`butp<;2HVE_rTOS7h~XG=vqZN|5%uBZBeEm~P- zrnK8-6KT3amyPP>YKzuLYE^IKr^$_>9|s5qTq(pa82Ynq@Wj6be}w){(FkCZXU==D zt5G-UcQ8~{>O?L?7E2Ed|E}FQe%8rVIp=|t%MsL@l(vzY8lDg;I^A1U!&9Mz?+9an za>4XE=|n~EOlXRv+dWdXUrUnv5`v$B>lJdTE>n@SM+e`1QVD#nDTR398;;Y^_4ogsn+NsU3^ue)5r-JoM_+#rUS+Y^PY(V zaWy%gO{U_DwID?b7^NLN^Bqp%#4Y%l!a{V%IG1Vs3%{h_Z*|}BX8034PfmcudQeTS zKel<3<6R~S6KN)Ea@bT0lZ+{LTczSryAQw9HXQFGKnm0|(KOCz2p_^b6={?AQ%C@t z1xvkrIZ4R;b(oZ&=aSLbTvgG6RI9P0F}(#y6JbaK5Y!aQ`y`{beQnN`nre825CLZp zo@+ofl`6%*i)OB~DsnQ4(G$p;CVzF7sm=+Xl&WfOs)Y=mc@L148Fpy%fi81Oa(tby z%gIf(aEbH2Hp8~CjUw9M!3r^)@GHRQ?%wXIYIXu%wC5B4%q`fKgKvs?7COj6=H^J@ zT7V9vy2&c>RWh~AgURjI(B)v9^LYuBaF<<1x-!XhPkZOlpJ5kofj z^Ma(GTzR9a4FpUcM&e*#Bx$%8Kem9xP1sZiW9 z5O2ZBWGsYp0Xi2K@a+P%424wyPB*qMM+8w7ILgj0C!lZBpsKE5lk>b}SJyXoA_~&gbE9|T6 zr~qt`6~4Y_S5@B=y%n+yzV-xNnQ?`}ZcL~VHXjqvq2XHNymU-3VVp7J;-9y%uLV(? zlN8LiV7NX$sH*>|?2~TZ%5ZZqmYLXqpv^)^+zSv=?$%5bRrNm=!YD47yB_xvJ`sn^ z30i2x_6b3oOdAKh|9dVq*_q0pa)#6bhhnbQgri8{5&-ET~czOtkG7BYo?pOq^ukP7VQ!PA~R{I){!W>O&;$T}TRC9vX z!c{nTE&K_d3dO$F|8(-Q1}^9d^y0EoV*y-cW)-eqV&aVQ!fSsj)L9GFrM3SARJplu z8Oxgc?EOTYsn*%~YMtCv3!ThCI1gRYt;cZ1Kc@y-X58UaP-2|u5MRazZOm*)O|`IH zIu0l>E(hTp`^Zg&wE`IIjHEDCI-w$l^KeyFI)Q9B-RqQpEAHh$oZ_JcFnilRttE%6 zr8=(2XjzCMLM;oUc%XDI^d*cN2hNFFv5YBEYXL0fLQEyl&Q}8ErdkN2c;FHc=`5c5 zxn)KQ2k&!6YE}Rm(lC}|*i;M9rFFl^oD`t40T%AM7sjYc<64Xs9!&h#!gFcOFYx4i z)iN$MeO_)be*#>zm&3wUoAF1Nf9V)t0bFHfVS!!nRkH!Nsq0CbV-x*PB@}Cz1&&=k z$HivH38*%(Os<&?fq4Etp3cTm*TRM_;=k%0~n{2k45#K6TrFPKvk9(GvI zZr1O~*$D})d_B#Mnrc}np%1d~<{4UfmI*PN00)PBvl%v1BeUaO%+`Qw;{o)0Q9N)F zF)Lay<<*P;Ng#sbyLpIA{+|k3+N@etjY~DpOY8j^h{{vIp*v+ohwOY;SDt z-=)>QeEyV|B8ZU1FjQ##$g(+R@y7ljI`X%u!o38TzX*=s@As*yNvX`bbR@76x+%t4 z*m}ITZQj`v!vbhN9;m8Tsi0jt9+&{F#J#{nb^eQa*xhIE=j>#2xSBAfL+m7gO*JMA z-VL7ivMTOOke2xgSE=PaB5^V>)UPd6RkTEgBAl0wB?@p}j;#%z8k;wNVyA-ZYhA+K zDrev-fDHd#F51bmHqA3Hk@Dy%F z5zYkPMykj%2%Bo*xpbr<@X&P;Fch>cAO9xY$%H0P69>2fN)q7jBRR9+aHJIfP?Ll; z!0di;Q+=c|gQ?S7EibXD7OYE0F$=(&@QPfPX5orI^C$r2 zW0R^1na}|$6BxxNC0VjtLl!4AVaN&KrE?Kni8Vm(fzF<3Esa@ z1SRkmZtCnzeNPxIHzifo_f&YL`|yosUApA~X5p!Wa;qVN52YythLC1)oYkcb*|+7I z1bj}nWkY;@nbCzCK08xuwB!7*@wU`d<88tC;xiZ>UO}BT-lPmt z;YMnvNQhQ_ebSDaYB?kxfgB(_HhPBO5eob;UPLl0OXn=hm;R8gbT1qU=Hyo@s%nx# z-${i<+8!+H>`+X36$?Y#=JOY(E@|iMl5$fmBO=v)4j49sGE&D(y-9;5NM{p=H1wmH zc!f>{Olv>^UI4p8;_%X-O!0&mzc6Gm^+`LfE@|Cs?Oq}TMCO8X`Hh$*@y|>Bi3O+> zVsK4c^(QQ83`Epa%Nf81;khEn~Dnp2IB$^oZXKh0$5fneeKb%s`jYD6DwM9$l3VmoG{7Xol-B>#2P3f zopZ~k25IMOkaAP4iNQ!BgNQ}&UA@xUAb`%WYuAA(OX464M=2mMHAy>Pla!lk;fOS^ z&Qb`?IpLV{F6=OLx*pnWr4`{qaK1h#UR9-34QN8w)k_k*_B(H#} z5M>QK0F6<=*MLWSSs9*eb@h&G+Xn6sveu-qsTQ0_4VRp42OXnyC1zzH!ba1hwCI9M z-5081DK{7#a^diSsZ-kdI;GrH3la1aySl{FoD-r6?~}k&x&^@0GKK4QTne+QmMP$Y zr+-ZLwjlT}$uO7mlX-N)3=E2VN%Ei{oAjDmT@_m+0)phEy<4lUs(dq2XB;nMqa9F#F{zD=>*d{*Vf(+ATU& zwN>G{$-O6<`qR=cWttH2&4e0-u+6TN$I^VZ-FxKuLh=1r~E&ev+?rdlpV>i!l$O}K9%$f&*Y z*MFKyubr>-%1yN}#VQ^kBQ9y(JTXU-5@*~=q#2J1lS?3KF*7jFBRZ!L49@4wsl;n7 zK(T(m7C-`g8K4GE*@I-Ahsfm5eeKt-s`jh;q)5Mq{e}P={S5B4RH-VLlR%$`v*yD5 zXTqNYoUqTrV-&ov6WdW!4TB<`g59_lJX79>twp`hfZIdnd1I6~SN$|`Usau0k@kN>O0|Bp@cV+Xk?k+OHD;WYyDKDzRwMh1|q7&!bVdV zvISc%61ei)0!>}n&exUYrdqI|C(5;3fi-28?6=i-~M57EoK9 zz6Gw7F)-C;J6~;8=C?63$HFw=6?;|vS)B$JDE4#1IqCkP5!V^R)EZD{+?C zTFyU)E&h2u1L1z=`IwXGHG=1qeow_kYr)%_(ihH71niRU(Y#u7JmxhSu}#g_SFP=< zs@5X!WJX2aU4(lJLU!dGrrH5HI%^h7-DPH6C@sN63rzG?Z2PJzwhASD-!qg`!iA>M zAY6w0URNgE2%}p;=&P#QDvXzm5*9FW$|J62r-ileve#2E`9@f2k~gxss>-dxDt_r! zhQ0>YGE)mj{+Ng(q&^ar|sZ&rK~Bs_gN=-c-QteFa=@s+BmGj7k;&HD!*x6t7Zd$d?Kb1_deOBax~~ zxN44U(CrmIh2V2>QVF584kC@82@NtlCv56~cs_}KmG{6es z!mqiNhqZ=xZs_UR;8|$`fuW|0h-EUHntLrX@yf%@5@S!q3)00`+U=_Hy-3gH#w6dbA;w)p21LT~7rmk+b`F?(MI z6KrIlk4LERZmpq5@kmKL@6zB!lzD?s;qFh_Jq1k05pEx=P?6qRxL3p~yM$ZBT^VlN zMVg!WxoUK94nDS_lC8CHUpcl}J7hTrG94GCtZuPT)vUbYy3zq;3aLy0NyT1kL5||0 z=cEe(2?vu2O~hqh=L1nwXSnBjuoiF(x@rNBBCO{u;G&zS04HBCWt*KYsQ*q)% z4`VP^1365Q$`4ckIiZI8pJ|hmc;7_6Ef_Ff%9&bjXdIln-YH*0DZBtg_T-rGAb1)d zJ5*KoRpW_bhjRfjB|u}4=H{dXoV$D^YpVP9RLa**(N)!b6`qA!e~rHuK5zNT1PgGUqRWMel=Zk

+We+cQ&G0} z6=k`p7OpEPVjK!o)qqO4(+c@D=eCI)VPY>78t6?$*xpx!<)&Jw&Zv-8CQO;z98^>0 zXJMiR=~?B>3<~Dwl{1y&tOe=T%2~{RLOII@Fimxp&e@rIuszq(G}^hU9xO@$Fg^Ho zJ}Ds5bL|3C>gJc3WZUG|?o4ghp6g;-_)vh?unplmr`nd!nlee<>ayHpmCoOp+N^Lo z2(Yl}j;h+M$}Ug|XA_zW;hFMM9C)eW<)buHLACc4RJo~^Hvo_VGnZptYeuzd44=m( zO=NbS@@5v)(wRI{owfJXS-Ghe)^jTO3BGMLO$$}uLi{^BOETkhmh|;p`>J}bYMAF# z@f(0D8)*mUOJF5!9ws_b5@7OLo{GKJ@@a*Z--Wr(Z#0rktm*?>IA@Y&As-)=6pgP4 z3oE>5m_09`{nrk|c}%*2I}@^OWu2^W`aLdHRb|zvqxfLglZr_6iAjZb3Wu;OKU13; zwY{%V%T2W|U`0H!mU|bOvB4VyA4px40Ui$7`?Gpe@wVq$rba|pRlG&s0%!GcQGnpS z6uJ@^i*{fJ1Aa;SQ?O(e{EYjjfff837#iBgf^G0Sd_M$LcOAS|h55qRBH0FK3=kci!ZVm4c6q!}80m{T|oB+}sv-jExGjulgRc^r@RZbTO31ES6;Mbgg)A2tC zY)%Zzkd)2pa4MLU*~jAR-u6{>Z^0DOy0@i7!ez^P*T;x6)E+z8I`)>g+^szDJ}M! zYPvnwMzyfi?v4RS;K_q(x-=|hvufMCGBP!Ed#;CSA*s#UBP5ZwzR7GgzeXen1$1)H zUOX<0QMc@?>GsrAV^#>3xKQ|3+&g|zZ#18ZPCz^K`IRA4Ww-ZLcDbn*Ht`$?+u6)c zRn9_h#8HNFsc>5?lO;H5Up2R{s+tRrOw}nPeSK+Iro54br0eowt*MsV`)aw|RLhh| zJKr?q5V>va2(uN^b9~ z56|zW?pUwQ_GbdO06do9_ne9diOhxBSTvBHF>bJBbeshScFhyGY+AvLd zElLChua!@kn3}ge*Ud9LqNc4rO96uMM1QplpCyAeAq?aUQBdZ1+x*S}*9_22ZU;~jLc<^~6H2YzEZQP!kYN3m?`OSobID#@{h2lNJuP`He-Ck8K zR}JzKx?Lubt-^toKydDDwo)Y%C!}3`#oWHCVy?mzY5BAHt%Wd6`7H}kUb7QTMu6z8 zRybf&jp?DM5Yey;;h=FNd`B~kE`q?FqYsZaAC#^(W;O*Aq%4kwu2#DvbfTqq0o{CN zJ%O&lO3U-^o^cj2!Bv0^aMV=GInh7}+*OQH{$Az~K?2g@KA%bFI?c*2UuCzis!yX#Hx|1Wi@l z-dEM-rdkt>^!&{f*L>bR0jzXgp{cLi`}(@vR0~<8@6YD7WC~fkfp+2U&IHExnBV(u zYVG#E)-E^I!ng;mKfiR5K!&wWbMvLCv)gm!Q#)Ux{I7*9()u^`a^PlFFHVF>33P{J z{tjnTZMWx&rxv=Jy)imLoKgSNoCr<;jgR)3A{_8VlMl4v<}=lV8L1&hrga|8Cl5_6 z-Ja{3T98n%)$l7CQ|w5sXIl%>l+fTkW(rV09P=h<^7LH8)IwCN^${X*)Ckese3|Qd zHLSpA%GU$W=qmN-nWjw9LfD~RofjOj<_CUbq!k0mO|=|@2S)JltK`G34x~I=8OV0X z-=$_M=nlSuE;rRe2^>%;t9b<<)Rlai!UKPIX3Z$^X?O-Zld=|$N%%DQO1j)s3sV#u zTpOk-uf}dlz1ncf=3Rw50V2x6TBF3KT8I`z0arIhVfU0VCJ^G$&N;6ptO@|Sy*L9E zORWVEsH~>AJFh1EF9QkFLvAC=K*gIi5jps3yxdd^WfT`&#axwV8LwvfhR#3h)p*k7 zjK@Hwc9VIuHWmP?q3~43T^pvdS8MJHOyZ?Yg^2LAUJaXSnG|XM-DoxOv}I$&)uk-U zXgw+THPUVt!rF)c3FQ;kX}?NJ-#f<&2@xw5HcaBZ}K4346W=M>2E+2RD` z?Crly)X|Unh@`6Ct};1_NX|9g;Oc}K3L!Cel znyG1pcT=fA!4kvJGVl9LMByvv!V&m0%)C)VQJPq=yEM5}9#eKVOd!L+_mckwH-XwN z+WnERsgzz~{)8#RM;TR>bk)$JC}XKNyC{63GpA%RhYZTP?1}?ZYV=Y*zNo5|i{Rmx zjP*IVWK0o0kT?W?V8LAga?6hbgGC6l=E(T~oh5y|P*o3Cp}9c3KwfGFnkg@3`2qmv ze3V%|;OldYbfBgh*Nwo)!{gZA)JG|Z6F$ma}W$@Ll1n)lzWN>>ZgJOdD&p6o;4UrSk5ZnWS?cUv^^6 zu~x|=IMA7E0yE{KEGUIVVx~iw)wuGeg$1Qnt+_?od(KP6JU|Gmc?H8^7KXvZaE2w5 zpYT!^w(P?2V5-0lTs_l*hUwf|&>~e{@=;d-Pq;nhqbzv1ohld9nEI{*-_>B@t5xr4 zijjJ+=2GmVfI!5dg-XgoQ*_@*oY5S;LZ{-awakhX`Zb`L@KStP+rlJ_sg*kTTB+Pr z0}6~U3}t|BN#sWPN&6djSE0g zFy?&HIY7d{;WAIkB%oQ6b&|{5mg#O&ZFTU~R=KGbD0oN(s^o<(1{gd5KEs4QN&qWq za=B*1^|m<)&JeMT-3D<|wY93>Dr> zkxSN@+O31H-O5e1P{ryS9=&>AQ{!4Vud$3)4|Qk@>@ljF%C*`JN>vqH)!<^)eL+a3 zW;RYmDjWk|M?O2vGb4iT@p*1K5?I3z@H{Y#!C_zBlw`7)G9?RC2Zvm;reyNoT&dGK z>RN@3P_0nd7n|EML5YQ|g{u~`j+$RCa~oIjG>}nKExW{9;BIB8VN)$sk>0+U44B`nA@?l?&sEqQ&U{ke<*ULD)Km+ZOvNPjH1+}mp^Zf^ zt!$tnS|%A1*t$MjZHkE$;y*s-VU4pkZ;r5u+of*Y7`6#nkw8}325zdy z4!(LUH`N;F0*#L4V6Mr)snA*lP}zW+V}9SWsWdzIO0(Ql3u~Y2)Ie(o6l{@-LlHA!X0zMr~sqS zu~YHTS{S1UKucdOH9p;zcwVE+76%zjC0Vd~Cn>0@78D>A@@k9Gtp%lQY}sr12U9_I z@D*gasTL4%qn9wY5@3@?CId7z!&y&NxHnE1q(Xlt$=gV=ZO=U@_828>}_)c(JVxlyc^f@uy%(GsZj@sRjZhGZ7K&O0k5FV3d@U5PR2-m$KgG-X z2p>WVe^)~z^r8scgjvdk&uW(WkjGSL9ejmWZmMznz#DkZS+`#e7=S}@B>Ww9{Rj^2 zhbVBc3|@aXWbCc{0rdsC6J6>5+>CIa1TtZn3chI4qQz%;S`a`zl)?jM24!%|^H`Txg&_PcF-j z&f=kj=Tjca!qoIb-a~QRt1R<+nu>4M!W8N0vrY3N9daIudb8Brj8gWsS%<3HtT?kF zU%)Y)-9HHs=kQM!u>2C0smcnqO5HL7HPtdle92iIx&n4)|75|#omMdW&xRVzFr5#5 z_12-PdaLqHx{B~!)j!F!GU1=(&T~zc4Ebs+!m9w2&yrIS&RUj5+WYE)6UIiTkuqG( z={}ntF_l~gUM)2$tE!T#vg(%l9O07bWC||3vl#0A=8e$kb6>%Apr%@O#rhl!gU<8; zl$2eB?oi?uD1cfCXEP02(P;7C3-9Nad&$+Xn)aCQIxq6c#Lsm$EmLasIL>#m9zR3Z z6`Cl3O}c%6Rky6$HG9c@CDwtOYDZk$ACBOh+eJTvd+5ORkR&()ONbH341tYS+;BJ4 zLbkYI7L5hIh)M8=&|qTdSn?=i=svvp`HFR=@`c`N`GQSbfx`y_An*$xmL6F6as+QP zwRiJs0K!8p1F*--G3Eg@O54|E9jK`mz*uQ-H8|)kbr?FX34ZiV^UT5HKQQ|9U1y>R zcYLi?;QJZ4Bae-besiM(xCp|c(E-MJf5oa&q4O%cstT)`oltxi(7`h;gYIz5?*W#j z5{1rZu&KOet-;Ai(&lmL_Hx}WxL_XR&~4H|M)_3LMb&PfLn+IMFEx|p z%)k?xxe1=R5Fqlo>Z+Qk3K3X5vf>=fSOd`%gX|7T%thyd4pR|zz(SVEAs%X~@fo4VHu>B1O_kGuYf@T+LeWzTN2G)=0*A2CCm~We4u!Ky z%m+0dU%M2%;2GcmT2vd4s#>6$PPaBN(5vZ#zQ9|sXTt(hjdbwUNV%z&2jUc~yoPjq zsrlp_D@TC}P-(}jsYW_*?$nq{RW(v{tmrwUd)J0&%CTB_nl|rPP0i84*Bs@hS_T13 zYC324B*0E}+!LNeE|FKZg4|T`9DEf|ZmR9}Ih3hJr1LX}T&1p5Z*lv>?93raUkUAf4bFj@ zYC9h3&El#MbWF!{Rb-0xFG^*~{&{^uL1}RHW*!uiq4hO42WqMT1-zg-D|Cn#1qJ>9 z{S7b}o3_@Qz7>@GE*j=W5Lc8kZEz@Md#lACHd zB4bC73`UeaR|;L*Y&fb%iyQ$*nlqd@$9nYDFS)4}6dA*dgQ7D`5fl_xnV??S5xC;= zr$;J)Sqn?7J>h4JE9men{tRY?8X@LKym*RooKC#pYjHD&@GibUpo2Dg4Zc>PfuGBV z)AXuy^)rRam%^I>7kTd3(;TTBVJ%$J1!NJe3f=%N9gZlYCbz-|sP4Kvv*KOEM=EG( zb`f(^EmVtGE@^fNnIzQ$F zzwK_}vJ&A;FgBNyJyIFV+U~~6cVl zAdfJRwOAOisTPJv$JV+`?6!jgaGrxB*|=3=1?AAyC^&33a8Oe%95Q#& z!7K<~!rd2ftg2k7oQQO0X&NNnfFaSAPWXrZduBC7F6Y)UFGV1x8sX7bBjl#qG2f~I zqwY?KqO_}p2!aM~q_@|9RTTzxWVh-+>1v4$ktj;KU$~}K#x@Y!Yr?8Zf!h5@6Q0%M z&o3k=FdXpq%X#aL^PNX3@0WP|T4e~{K30YokwgOWgsYRAz}5QuE}yQUAs!zRx*3yQiXsEhkyuZWN%e-$!bpN)Tgr#gefrTe~~u>}*$? zE_+nyXlm{qea$^?s`2aCRT-hJT`j>AJ3G6`TbkBP&Ag+pna54F-3JJ;>-cpMI|sv2 zUovIu77|S31HWfopQ)C2^wsjXsTLBjd4*)o|KsJMl#+c^zGE5|6auyplya9VZWEz@ z0|uC;#hrcFMmzk_CjdN{_SM(KK7w8YA}f9^y;q(O;XJ~eqHVO?fS-vW8$6Fbi;G6Z zmz9U3?Xnlm3nz6t_Eq|h)Kohhk{)9Ey2I(Hydu*NYv5VQ{+u zj#LV;b{Hc4ORgP;1@oE|BSSyv{vdTEc!v}+ThH*o&%{z$tibDesq4~?zf2$?*vF#k=6ExhK^Jaa~=niT$aBFCjdi0a4ETx{wj9(|oeZmNY5pbId<4`gEK`|u0rUW699 zg0dQ42lpDX#Kyo7Ob*-N*Q4wP)1|o@O%gv3KL>{)W8(CB_&oY7eC<-#u*t;R`+RP| z)LK0HT8rFN3%htX>N3KFa6U(2FFTCpl;3<~YBnBy%|>pjg*=Xx<{ZXzY$%-b0jmR} zAWNDG2CN@HoDR9maD@9|y7Q|fRdpl5&}q68f4Rl@QK;d3j}8XkAJRI~7H6_FfKZ1< zub2D+{SM!wf(m|Kq8)evMg4j9bcwJ!faxQvs=AX1CU6>_n}FCem{ab;0$Hf(cH|1C z0ZPA8L!||4+yz1j+(H-$$~kwja&|&R3`8f5H`WkqH`b89Wb1MWC5Cdo-=7RUD z8ROsVaPceP@~k^gYbNB_Mm{zgI74u z%yb-mvEPwJ5-ahhbxX0cRXC`<;i{Ga~4$1%(N=S+SFAQF8UQ42}9uHODbDgGX&tK z)VxF2b}$2=g`^gvLl8~037j3?A3g7Wcsr5GLLXsP)jdU7h+u-5Bary@oc8(Bj|rcj zfL^$d;bedrkRfbO?A|xua3%1wT20uSlX$w zaTJQy$;ha$;XyVco|gYLF+fd<{?ShXJ~W;Jl~a!L_oirU4_Cn_ zWqb#ZZ~%u=t`?ly2nT%!bZBn8;a4W|*R+Uc01yaGeW>5T%%_qa=PP|}9PuwP3=33g zp-|j|xLK|WX`#XZrEy1?56VQ(N`YjrdlYYxI()=dkc3m11<4jlMo5Z z%Mi7P{7Km}5|s`NoG2hojfe)J+4z-Lg(b2r;7!p$=*E}ra0Co9X! z{I>6F*>-bt1~{56_mZJbIR_7XF1+#>BWEcbJ`|5L{c<$uk1^61_rIe8bm)FfE ziO?X^?Xh0ymbv!D7e)8s3y@_HXZd`o;P8+X0Dn-jzglo66g*v8^)mrNSSixnRdD{D zyd=6{bIFflHq>v8;u#tQ8C}W*iT@a-AFWSf4g{7gE1@epE(*?s7>`|&Wuj}pT+j9b z4x~mBu7BCh&`DYq~Rlk+k+jBW;EN;B`&7ueKEAp^UuU;C7^L$N_ zvTlnue@pQ%$^JKoeOX<41r+-->DOKN7k%9|*?(4`r(L;DDu9Z?F$uy^faWuA-1aw{ z&17^B-xVIL-yl{|hg|fn*d+YCq@S|>D++%}mf!6iXz-RF-pEa<)f!An;dAKH(327W zzTMj_J66W@21a!g97%V!EJUw)OLa`g_w3F``9K~dQEOM;Mc=heb`JYRJ{)UqijX!P zyX&td?uFPkLP`e&>pp7lZ9B9}C4nn4w2$LnYTFbzekfS}@Xb?l2CP&}*vqX>;%D8% z0u==brB2yxv8EEfep-fz7Mw^iLSC1O@qzXzV%+UqgSxlJfXJgg>X&vw5H!SE3KBM# z1X=6_it)r|zBSw2tzECP7ixhG^=rKQi@wI2N7d-iCOAe_B&{UG*9dhoD7>bu8?lJ_d@E(a)qsS9E%&`WTMYzDO;xXb z%(sNx7k%G1w_E<6lG7DMyd*pB{nkLert47k%wHw{%GM+5&07V7mSDX?PS0DMQQ8@)_@@)*BnE#ox@hGPe7ib z5oy6O+KaXZ(1W!O!qs)gi@rIX+ir#>uOZwe*=-G|7hk2`hp!12G}1+1rOt&L>t~C+ ztS$)F&u!1=YIAnqaK6>!IKi+%8OG;qvA5(1?!BM}{)?|)@Ad1~VW=fVQfVngE=*BN z@~CM7q4*y6Ucbj3hFa8=VcR+TDi#&ZZ_saQWJB$+9 z55@P(_u*UAWyWb)+hnbjV_(+z+z2M7cn`WP8)aTW1;W8>{u}CS3B3_<+bymg)d+~< z3+emt1?*A@(xdu{_DrPl0{Pxi2}|;XY4V}?3j1Ea!XAb$%@kBYhIwhzNiEd2DaG2NQ~AqmfPXOdlv#vK=~wuZ|Bj4eFIHfzXy?GW@|x?nl3@aYG?x$wo|CGs z@LlvGzt~WVA7z+*$truKpLvzlh?d}4gVJ}u$78F8t2)+!3P)GgKXVo@3Ts+M$iP`8I+=3$o8@M z7Numk-H%sg(b;_tyTrim6a`%wjo z>yI32Q9*|5`#Y*&Nq$fxSAyja!O1#1OFwAA@~q4d^#?z|FP14V&Pt3goAKY0FBr~e zFhfQ-wWd9A05S7$4aNK`+iuPN{)VzgjchR|7`?J>(I3G0_WVJX2Ey;swM9k5A zX7C_g`95;!(lAB^Wh_8yLEtK3lLvW1=M8(%G)Z#|HFRtaK3Z36=|3%9)>IE74ug&b z9{lGj0j^O!OY)x@VPo!*0vs~7=LW)1i~qzdb5#Z5oH<7zJ&4S1%u>IB3{@j{f=|T& zczBl8{V>#`z?><#mWSO~fe-Y+*knGF=!qUTs82Y9!!w6k)EBt`^FLyJ_(tkhv>cZC ziSYo)cX@szvz^eB9S3tT@sdl3erEjz(a#s$Ga#y|5IWJD2IUBMa9}TdlX7zIU;)Zm zlHXK_o!}T_=CXc}ytFtxw{Qq7Eiw+_TApD7rU&Buse;T|IbyPbc_Wh-89VdH=*e%% z!zx5jaG+6%!a^Ku|DKlcm$49UNr_AH#7QD4xY?*e;V=%*EgS~@5dOmK#h5OrDj~o zqdfI3WycD+6`X8Tn6M{@=N9&a3Pb#RbZD(9Y)KwANp=PI8Pv5_F2#l}EoP{$h_R?L z6sLjgVkLfTK4i_I7A3^8;oeGE zk{?t^sY9^+1f18(YS>VV5@6{maMkuSy@sdoTCxpn1n+5&Q_gv$rx-nvbwF3G&6nywH3G^UWb`2AF4ip_6jV;eT`WO4OY)o=v1E=hDo0rf?zh}j24t+nH9REM zV#cvU`NU64uFHHVn6OdJs_?UzrrH&=}M~&by^B)zWT)?`83!p+W zF5oH(iRHvw@`)NDV@5wJLGk^%1>aK%a0hzC)x2V+5|-o%HIl^)eNX~x=JM@`gAHAZ zRj35SrdufCRHjH_&=>$@5h^0_+)KhH(?p7y{iqVf@Ldarr%JAk;iF%?RwYaFlNzxS zJR@O|PBFa=wfG6__11oJPC;+QZ)(JgImYNYit4)-R8P-|mVWJwk}D?vJ*9gpXi7Rk$ zwIF_kxD;M)nTdw%Goh3vdCD{iV{S02L@|HYg88YE8)5$3Px9Y$^`vVr-EV5djJd_A zB;^FU7EXXlg2SZp0Do;?L_QJBE>Y5w{HR9Un4=6z+9+pWLziM9Dhbi;o=Tch*fy=x z;GWW3;!EHZd`7AfJ?1#0(v(%$w6F?P+8tPhTv7S&J`_$VZAqRsO#}tcN?2*5oP!Ou z_*up|JhTLlL3t@_q29M@&|$Z8jlft}*(K@(i06o`EXKcn19SCKcZtl|0f{1kGa99 z6pM$&+eI4=wPc<eS%)cwO_kk`t7X-{5(d z?iV#8#|(c=_sSadEvx~RfS*Sw;ennIKRz;d?;bPrQ3c8o^er3#Rd8*NAo{_na(ID0 zA?m1+HfHjpLX;2aTlfGdt}fSE=!my?Fi({j)~?nEQ>2Rc>M1(%V4A zX57N8K)YbYF3Ddvhi>Z2zK7tW32SYYldz!{kIguVTPb$IxJxqOraMf13HV@+G-kMzl0mB&?$_A-YXRjDk?wuNO$s?3-c`^*(~ zP^Fimd<=Wd#qaxZ2V>jXiA)TB=bRMfo<=YU_~W5LU>E^D{U6iRyTp_FU__F@qf~TJid>1+OQI&M>=u zO|?O^%dy&8zf7>x!DWjR6W>nJuMM?|K10B>MbA(KBjyTBBJ1By-CgT; zF@qj0UeT(37q~_2F_NbQc}uZB(%KCiMv~yT!ktWP5ge?0i0_IkcdfXRLdVZFgnp`e zp%Qui7(jLK1rzHi0oR1SWYq?`x(j#EyJLNV7E)N{~vWgBX#ny8)( zulE3i))7H`kz))PJTXP8f@b*`&xMKROZYwYCNAWic&~~|H-$OEs0zj7hgLjJRb+Vl z-l|xRSJbGH;0LMB3SH3!i)BNtUIEL!G-&a-#8Rc-7gS3*%b%t<%&bSdS1f&K#nQC< z3`@@nEiwJ3%u*Bfa%{UsUBn*$$R-^WC)-e~Z8zX#+VfO(w0wK7Q59y;qs1$3w)O8; z6*S=HOI5HOFQ`!$!S06$uSojPiliBI8j!SC!IVcZpyh#TxtU;^-iU1DQ7sw1zG-0^!{RbALXGM$2N+eMX!_8Krl|^; zIW3((_g2Lty&}BIlbX(OCllQuktvU%>ZrKchFX0B%1DZMZPA)Acb+%$-%~+rxr3}P zF0|x4QYxoLYnU4heiGnF0pM(?RXrJ&UV?g-<2$u3k>D?>`a0^0whgta2RgZx_ssRA zgYW1-U z=i9D7WN?9cPK85`CqG!|`nQSX{jjo8qf*S|$1I~b{@A+yO`phc{Ix{992>4tB~c?O z>?lq@w&HY(_!69sKyqF#u{~p)kPAQ3zoaax?J57nKkcv#Mb zS=bBjd=@+>=a~86@0`Q)Y`*&P>D@OkzkL2-=aOxW`Y@+Rs=?X(e$-*8rJkW`@M!l^ z&8dQv*Y@HyHBdcN0sgXwt6DcMeot?!-cn7L2!@&ncQ8SVn0t&$k~Qq(bL$#5m4qJ( zg+FGSFtS_u&uf%4+{*)esZ>&h9*N!)vBB|K@OKz$^`#g>?yaWRsO*97xW-hI=*9|V z5*%mrEWzK$=T`hp&&u%kV9htmOu3r!-)qIha9F!We9u_ z&7D>D8ucy5<0k2o;7+5z3AR5zw_z)J$-#QGLQ29G_cx1F8>+ z^rnSK%%HW9xE!CV&^f_rMzsjXaC~m%7$7p#@QYB(a=fKN{RC$i)gp|<@wt_epjwcX z?%^$OGaF4(M!_vc1qm;4d~W3>s32%(X$o474^^n6;39*H*2+)VPz$D_if+wM;2Jc6 z+=uet-%ci~&`H5zMs+Duv2JB5s4f%<_x7mQsOxdw1=KWPX*F;hk-+GPW9#`>s#nq@LbEDDEl($&7@)q>7Tk{rIRNZoXu0}ZpKO4MG z`HOWce?isVn!ku4c)6L&dsK~9GKU#GN|}juD>Fg0+?tt~sg~t<%QRhNt}rS^`G$2X z-$13@ns10od7GK2MhTf)j4D#@Vcp6-APe1`d$>SF%kiNaJ!DQYsz`Z=bt?}+72TSL zIH97q=}|S>$Q))=m$DM;R#t-QLMeVz4ArQv<#^XLg=DTXD2uE3<@dagHq?TlsH|J_ z6BT8>O+TwqOXfzS>XfVKTDc0UE{gVM@b`+UTaM4wXr|z22}5n*F|`GGu6cf zl_g^+BNk@TN#-u2KPe~CwQ>^lC;Z$rZ_QN7BYmY*N{uQC-ZA)!@(o=p-$1q8ns10| zc`KR7sc3qSnxi?!=sC(gbgkS2Rdj3a;Q|#c$BSz8kU7byB4r}FRwjZfx-}DVLPc-W zqo!#ibC*$B%1LysoCLz%%{hriWi7|IY7~;W&ZsWsC%RUCg6g_8KT%QF+w`*QM0Aqvp$1bnf?BvA!IytI&Zp}ADwdA2K`Hg)i zoNHk*)N(w38I3-+93QIDL*^u-7nuX*`;;6v9BNh9t(k~Mbv@F%3?9v-je<7~zNP%c zrj?&y$cw_H9S?%JW*5>4W!3y_@VOX{m*#V&5^FS*xzy-$%3*9;ISi`t)*Qx-)Hs+N zV#W|wV~DlTir;O{)!zr++Z!2UM_{cx$((Ieqw*Y^R-S`uyfx2JQR8pRGi%h9Io_yJ zWkWWtYzVv(27FtLb_bO%$4mR;`U{jOe|q=bkDp#Xd|s{h@uTqHeR}!V)%s{oII2_` zlT9mQLY3Z{G0AGpW$s+$gJ<7ur`2MShHP5d5UM4L?PjISOtmb>TQ>Y|*m++u z??_7NmFKXb7BE1iApTJyw^quj%*AUiyLQ~HcV9pY=T&5$GN?#dkG_@lpo(tIdPKi@ zjf$4zL*1_X0tNb66$QT;RHO_@&!JW?${3LT8n%8h^R{i)JlM7}5Pd5H!SEC9 zmbM8qx9V!J+t=87%rr~3^$^a}9xO0}DdC%K55ia8pl{_3D17`-@b?n_BQ3uaevP&< z(;fqj;{CoA?^FC4-oJ+Jzb3^#lC^fKsB{6Dp^vIioZh$Mbf_W6>GxK}a=fBOnV8X! zs!)90x8iH6BE#3$R>j-&km;@-GyhR3=3K?9PS2s1nutn4inwN`$Q6qFBL4u z3-I)lfGya4Dr2{bk8P;c3m|tNoLar$H9=`P9x>fTW9B~kgQDjxhgy}9q33J)!)uhW z9N(yQ&jfE6d_(ay(Rs5vGJIXj3O!V3;sbZI1NNp5UF#zN%khy~my9{V=p~B0x2?#V zStCQ*0R~VI|czoN6$Eg(jq&!kn$`)y#du0Dce8efEMvs^ajOtKK zZtJp_W)jGhcs$4Ck5I>Qe52N#V#YtJLvi`G1(zpvI9xtEGrWey#kJ^B3&tSMQ)-k+ zY)}ZFlsRq{o!d~Wr$n()bga1^shZ_@%`|OdE;0DbPVu=7wJIjV=RGPhW(@m@pz&N` z`)DOTuv&BeRijygN2MZqrx@RcTGg0g{I{gW<@jQastNu#s8M->UCTN;;-VE4CwPKK zhRWr5S&haCel@5^nS)&mbCA??f;o7kdY0oo)3lDc#+b>JN7%LS2uV2^k1+I{0L0qw zm}8$@LYTD7#VnV7-HTuFnkwK^q5pQOz8bY-?l7uEIfPvchmcf~aR`r6$#Q(8M(dap zj4DwEVb{VSB$Z?g!mU(tu4bh73@=f{g5{AJ#*BXE%TDGFqjHo_*tM+jQ#k;yDa_!n zW82)7L)dGS^GM$*l~bd8%r!>!D8I04|6NBQs@5%JPBWPwG;_d)h&656Cp46s{HpQS9Ya`)#xL0piyng zNE})j399XujKmeywj6JprjdeoC4_WPUc!c2eJu)>q45#mHu+eODipV3YrUIzPyDwf ztxAEIqMCHJPK0o~X>mp_SR7DsRbb+*p;%@yc%BPregqPB*Gj8IeOP zBSKZ)k`ZyLq=zQYOTRBS=XI0&j+h&b%27V#(8`CPAh;xD<47+yColTB2(q6%73qw z7t8Us8jThFD`B#uG9otA>TNR_5$>S(r8uXi)oW?a3upA$#(MrMU2Om&g;@HYdPz5u2iCHR$q3Z4UK#dwQBOkp$ z`GjLDpFkDN*xzM_>Fyyj z`B5Q?{g18KAJr7(Gpi83r9zhDBem`!bAeGMiuaGLc%LeniT7uzBwP34d}5wu`$Vln z$c%nefg<^1E0U)QAg4L-@R}-kq!(DpGqVfGOgt)pG6KQ%KI6RNPzz$90uYz3t$t;ikGiui4)CBslXIpXIR)F5K+dQJA$ted-7acvOu_(e4nALk%5**M4I zIePrwV{Y=uFJqIrs zRG~QEHqLDI38>@hs=x_(&bQ+eHOj?|e#jnc#q~DSs)`)fU&||Is$w}_QKMMmZm|)I ztQE=IP^&6(B!4Ycq|AXom%2_;2B>LDC3wLQo)ojMTQNH`MUL6;tcd0KM2$WPUNERa z@%g%SU7f1P@%gn>5etF0lPPLci5dNvDa@e?qH)ckmhglufe3Q_q&-s=%khdDMPf!j zszMR@x)qUA6%nSf-XTV~3Z{rP+1v4oX==nwepG~F?{zEorXpgc^9V&O$0uquh?)GL z3ceTQR@QB(H9W;i=c=kWL5C#&NIuBFFR2r&tfp!dh&jQi8b#jL+109=8zS$Mk6%P&;Ta(t#nnFK#cm?W$R7lp75wW{WZIQ_NZY&l+2qfmmM460G&-nAlk)?+tB z?yptNa=d1mQi)v?DV!;e?^|$5A1l6-ig^>6rbe-tON`Z-;`*)?*CUkO1lM1v zn&tRRjdC%k7*(SGd5wYjnO!U95~I&3 z53u1-t75Lm1GFmUkv>x@rbf{OFG*l?qwDoH)T$bUG-jD=WE$VubrRFO37@G^H0Bhe z*C-FLY2^W!X>P#-OtEJZs#%WL)F_(ZCxh206R>Gz0;rlBFacYLKgTW$?R1HzpB4b7 zX&G~a(N7fnZ(6ZGLEsJ6^k1Wl<@iR8iZRn4)uDKQ(~9@0jw|B*lu=9_St0y3e4|Fc znDLM5P>jE6#rTmTxpsnojXIX&9W~0ujDJu^uPgjE)KYIz9WlvXqu$yA?^rpEY?Qn% zv0yy^vT?~Y&0?lMDnqe+--_j_jB8@~3zV@O->6Y5!5dOl)hm9tp;q6xCVtP=@#Zo| zjZQJ+AH73Sd*6!M=^fWZ?H8!yk=|jjVJ3wVykYPS#pykVT74tO=?GhVv&!%_em6nk z?>pG}9)ji@SoY>sd@Bn>VYf!kL8m4E{Vn8+QVBJ>#7utl3B}}nD<-E;;D@P|Kf61s zVL84~qejfwM>Qz^?pyIU)c{Mrsv2-Io^Q$3Q|S#g8pMo!RD&Y#z7=^x1qJfHhBwSq z!*aY~n*K0TAC;hZyKlwYR6>Tg`Ccve<)tkT83I~jR!HyS?vP1{tA~Hb@0Vndx8*N2 zYQ)@ORFz`!z7>m8RnfjpbPH3}a(t>ro0!uKs@f_}x1pALi>k_TdaR>%*zKCTUmLDY zZ@kl!;DO1zSd$T#^Uu^#?{PT)?QMBajXE*s7*(QZecOuGsS=2qV&ji(K28t1vr3lZ zCDZgt@QQ>iah`|Iihs9r#OvcSLmc3FHeY@D^zNINUq1h^ zkF0xIF{x24<|?BvDYoCXVte{hhV7TGI#UZ(OwsdCs*vJOs-?OxX6ohd__>YhYP3x7 zv%%|>3D~wW0aRVi1iUgcQ7l|L@#3M#AVC{n>e`BxWHTulbCJ=9lndClasgCC&IR0A z5s&nVQV}&;#!P-xh4KO0Rz85Lzz^-0KU;k)@(DK7s-|e$RF(H7wo}+x+)PR8^3EMnJKjP*~`G{M>j;VahPwP1aO1^mCj`d14*6T)AP?boOl zGwm_*D_-BV;PoW_3A}!BW7QUoG^+RKBpd?}T5YMa;BE@$35hu4R3m;s*f3AJx{+iHC1h&4N{*?M`wTBXQN44uxgY-_L4 z6=uw%xD^TST9GhC6>AcTFD=JjQ{2n3?rGY=Om`6WUh%9AwN&&JHtdyxZW4A>*s^WA zMjx2zj^bAQx^G$ghL|mq$EbTNaWBWVYji=d=LDJdidSu@)w*-MdTHd29^)({Ku}S0$>W6WWe3}9<6CG{X9H8hKJ8-BqOyrpKN&;Sv4cB15 zndm5D#i55*97-F`ap-GA9IK#Z*XK2;Z$>(bSkdR96@5ZX`2Sd+UrEG|v|Z0CWqY=IIMo;c|SiMnjmB4Jte; zF1DeTWKA_i%b%q}Vqd7+JP+P8^xV)hQ)fZ+OwKV;a~@7U>>Lv@#M}448m(atHmXli z^RX2*Q+*IKRrglZw;b=AraXeTB_wiGJZ(d*zL()?+iefZWC&&EWAk9)L+tK}$c68I zSti6B^FbVEbV)P@x{moSp3+E#pzoa7GHvTmg74$ zswDW!;5~}tkF7YK>dA1tz0<;%WcgMmf0(JDzJ$|h@mx7J5po_p!$Kyr8GcC(U6$GC zIUM78;AvByX!CJCI~V89^`9|EtTAPK$rwqb;crXa%d5*0-4-EoBrxN&M zg8e%*hzCXpXAryT2oaD}*cJee#!WZ!C7v+Uf?R13(JPl`5cKF|tRCT7jn8acY=X=h7VDGo{vYtESoEN0|)gVY=r`FG{ z>=Z*VLRs>%*9x-L8f!(~{BYGjufLcGSi$5H=3GAulN5$pZ8Bq$yeQM7n8@HF1E&fV z4EC97)Kp^vH>Q81j5;diVX$pa1gmyKn#SZDcwv z^Z-kxN{cqjINssk$)T`+*8YsK-gp)K&UFa>82%$Jv$0_((>%tmH?X^oUxOQ?>^i={ zWc$gj*Wvw|vb22-dx5*|_z-YvJ^+7CHStPWh?^c9Ia^>UAME5qb(=4C*a&Zr|BjCZ zq34)>{cJ)nAB#gpjO)67)LE$Mg3dPKvz`^5dEKR0M*YMXblGE5zvH7@v<@vN_ULe& zQx6{Y2aL8?KKN^}Ytm=>Gt=wT!<^eCP>#X*C>&eJ#x;WR2D>@AS>w1xZ``EP0DZ@R zx;ysX22AUzWLPU|v!TKUo~QjX={WrvOCASfZW_w&0Ar0;kM3bzfKrm}XFgA3lpcuriAt(qnZP0nKpl~l!g6a>4FYxq3 zc=Un_HZ)k2R`cuERP&IE1yORX$ENVD*8o@8ZL6&`MEN_gF2eL8wY7d68gio&(l z>^5|%@G{slWqIeqI(h75P1a?Izr)jpMT=pfKZb&<3bx|X>wUR;BUWj4IJmS{+w0d< z+t701(isT4M6i7<=uBX+OcQdJMD||=7iKascV%LU^%Fhes)EKfatjVsZJvL()9xR# zQshwAR-YAxi49$9!5N&H5_EbCZB8~Wgh!#nOBhEJvZR1##Z4$~N^sj_SKvXhP_xOw zLQU?a;4Z1qlcmC9_#pgg65P4C*&;Xyd`fWr;W$~=1REO!rx;)@7~mE4AG2W;T&wV2 z8$X$#P9~`qVdEyw2z#^nqFZg)zka?j3eg}rx7CxSjW(i=98pf$>A4hj)kxYRW(2A! zF?WY;jlPPXWt#Cb9u14 z6j`|d;;pa+2hj@g0CTMHth--meOne>v`|>*kn5pTMrgBI{GKqA2o?V}CDdA;5B4|+ zRq;{Bp%&{z+IVw9Evrtk)LIP?Y;zE*;--#6EkbR?P8Yj6EfJn#mYJ-TaW(Qw1`YV{ z3oHwsTtQOBVc;mt)x%+s_Z2-s+M3Yh|q!e{!)`^iKQjM^hT zD}t!y=3qC2qbkbjT2Kye4i7XZ`qdz!^-9As3_{YWVq;yh!h+DH^KmYP%1DMA$b}TR zhgalXvyVYYifFnPM8lhlm0!)(nuSEy!jE0Y3kf$dC8TN|EwD(ZSj2`dbtwu7*2Eic z6;fIm%PpsHF$kiFbupaht0gA|NK4CH(OX$HXBHS^qZq@6S_Fu@zJ~y5r751-_mt_1 z@!F^IuEaFVpAuvxFBWKHqiDm1TEqzZxP};6^cu4mON7}W-{n4UXSLiHEGtE`u*h1F z1~$|pAUMJt0i7!xXb<+~Q3!_T$#Wp>ieq9k5ayK4)be1klR+pZ(^4oLY7t5dyLR(F z!r-W({|?+=~RtsuLk%N~pD5Y(_W=Rq=s+s<=g{bMZkX9Q1TmV$T?Jz582; zfF&nEGJHUvHs5e;bnla{PC@b~D{8#EPv_!bjf1l*y4bX!3p#s@X05hKkytK!x6$XsmBRW4tvy z4sDx1Q`F0w5H&ud|)YSW(h3o%1Z`j%!A;!iso#n zMew+5-niX79{yr9hZ9_-Ub(gckPULnHySr?acr$&`{{Ry`cUk|*dAU#EG*xKS`>f> z{!J^OtkmOIp~gC9+fUaq!RAvPv(?@_8){JiT=psosC1kd`GYVwECxaGWaAQKPt~@O zNSJ4yNb(5x$A2>q_2H$g%tg5Udb;s3zD}F0TQTLf1ykZ?uZ1bOMbxnE17a#e4Iz*T zGvZcRx`f20T)&p|f~^gfrx?-R*=(`AnHaHFXzLtOhWatns9a@>w!y5$M@5{^5KR&?3GToE%h9 z95)$hD!gW*xS9<@TOt4Bamgzf2?WO^1fLt_PKwV}u3mh*^=|S712eoU8b};5OVriMZL_4qX~qd25ZhW>KOpv5<(mn#Rnc2VpA~+O=RI3L8#1Clc4nsr2?6 zyZNo97g{uShqwxU#B0o9f%5Yh{eff29FaBhE4X$}JVRoUCOJ)4lKDWh>83ZW;yU)& z)V|mCBpYh6dOQsuh(G>8t&K9)y;o5LSN>l~&)rNhc;KlF&~@v{b`5iYAp`6cwb@XM zVqnR06mu@!=7Kxx85bx-SbJCWg~%~R^=ZB|Sab?BVY#)4>NeCO#w+2rS>l8!YIHN{ z=d@t${f+A8x8i067FRBMvDbLkV6lVX746wptSy3%(RZB$&8#>4jP2aKrw=gH zV%*#Q@$123WS-`AgC!24R6MzF!IQ9~xp

U)ZD4_V~j`hD`V;sdGN+#Ug^JrkuCN z-Nps{2H0sO^m zh2=ks8`?;;kDJ;Nt}`W~YBmmmF4>Xdt$hpLqL2_+X9(A6fFL7 zvD4A{C+w-3F$+v|P)uY)Ef$3*nLvuX22(bO)Mgl4YddfuJ&*t zl`EGLnK~{`o?W>NmXk8vLD!6Is6|9E@|dGMDl#E~Oxe+TGrcMvdFU9K4vG_Os6|K! zowMwSWhJB09m>;cWyLZT(J&XRNhYU|yKb`GAlTbreOmV$Y1blHgxPxu*2-PhVz4&o z^L6z;g_%VdF`00nZX6S^ATJ7KN8 z)Qo2of>!zbgyF^3#WatoGAEi1R42j^Q6i5?Kzd*?n2TfD*+OXcx<7@N7z!4^5PCwI zJjY3<0_VsrCm@}ZuODsw_;J*qPl z24^iTLW$^{N5uv<)FQN**x;^~25X-Z+GaidjzO@kRMH+Thm`Kgp%$UVpj~rMuHa&- zEoju6;FLXM+@z4H1QUGrZ!@`n`^NeE3{XwejKSIlF)9u?w%`CplbJZ+ z;bNpsW|7b8icE}K(jMpIp4s0ZM$0v&3v;N&8X-!$q`76Zlv5eD)^Bh(tHeD{iL>8M z!+bNlG5abyIJT@1&@SPQa|HTuyL1S{+a)_;CNpxVds0SLgmG*^7|eXpD&LG{BDhXj z=K47Orj;4qXql#u($zV1sjE|nX=ETD4{3>oNvyJUPD)DqTPLal!yN1j z>UpBt@kOEY5jMv#ur+fAQ7}{Y+=7`X zs+pLnTI^rby6BbzK04SV=GmLuio&VR+gFZ|y6~O%GJdrnBnoXNLb^-*Dr!s>R==Ap z+Jga&7AEMYlUn#BHc{9a2MC)J;CtL+t`Mm)i^J(0x7H&DcDe}jV%c+P+$%*ls4Ak zJH{9}FEX>LRHCdcca-6uL#-m4i5l)^V-7KtB4Y#Pq+1qvA$$|Q6j=*iNNzb3Gt^SR zz-Qom_B-5*e@?CC)hfZ0oik%vh+%8UsQn~s-36N)EKm`}x&=`raWtsjEhd3mFCLMjBd=miZa;4+AL0pbdEUB#l^db zv5b{Yj2*iG&nK4M7nCHvxpx!z54$7XVaO@^<#m*Q;2 z9(3_5VUN4mX35Wlf-jP#fO3_@6YMcX%#>6}QqFiT2KB_1$dm!$-&-IMBC`vkPWq3-%KR-5bG;}tP|h#!kU@ZXnVR!v}r|D zw7r>#>RdXwW+8KN`Y2(m6LM`aE?DJYql%n19BQ@E1tO=5#a#kbC+_KmJTuwRrWGe` zT34lL(=&0>qHVf_qfW?`cf30@*-^}jg*L5Nh+@neV!%(&B#VEDiYeXA|Z-#CK7t67 ziJ2Z60UahP#mF}&raGa_$i^6`n5b{XL=@wdFwsr(vBNs082dxTnS<{~W-@%szF3m5 zq1IS96YV_I8XcM`#kk>?ROch2S>NE&c4#R?4z&vLN?7Kmws-=gl!ELI-DGYK7C4Af zQHp(xzEzY5>P2jW{r`4-R$MahJiS!F3o>;yAiHJTkJ#}40hFJhz(wTcqjUTo1#5jxybijeO= zPT>|awxQ$+UvDo(*t*ig+k=+pi14Agnxb?VrWEBg#T%?|uth~M_VM>tTbzkt9xh0S zW=cU;zFgD=D;z|rXvRJj-zv(tfM#fuC8CMTHYwRm)3auBqjM{sv5&#G3UVf%c?hbe z081?61X!bJ&D2H_>dK9M4!%`{GqKD$5x#ac^5*4wiF=&L0UsxDkD25saH~7Zgv6m% zfnN#tEK2aKN>M>)<&+bA<%REAY{bnCd^-ndyn_>O%k+E$dsFaYh(5$)M30ta(bl)FXN5^Xt=qDGm-{=q&6 zYgN2uAG&X~)+^zyyIX6Czno|*pY-j5eGZ~k{IzRcO`_)U(_*bf4U0H!xj(Aw?&5YB zt&F?1t|c?nA(ibErP)xcCC@}@wYa+|u{&fJ*uWH%Yip)v#G}|1+3h&gD)yPk?oEl^ zp}SJ-)6KoXx`)uB=x*1F?igBTqPug6FxfauK8C2P!wQyZIB#C6l|rm0zYt;K8UhPt zw?(fFwc74Xq&C-fZz@iQ(n@hoGq+}PV<50Y%i@efEy83rjxd7ubP1HWi%sI@&f8>d z=bd1MgKH}yvk%g@ig6|)TZB#0%`-Gs+GK54o?Vz8T|9h+zOYIgY859mPK&(MD*5df zE4E^&xJjfekymVW8nS$4Qv@@*!MVdX0O z&fmcb2Vp9HvJb_#3KROCPr!}A`yx(T35~b9wtI0wcH9rNK471wqanf zyFrACLJqC#JQN|EbdD9C%e(2**gVHjK*O@_lh`bv+I= zyyi_j7w1ux_}y?!N#fdD8DkY$%jagSLlqgmd0z&E*7Y1(Gk)e+^R>lH@$n`9Ch_9N z&s*_yt~V1Mg{vrs?=m%&=oIculyfdr*f-G_4rbc!RfGz~oEK`X4hU8{ga$=EhgRf6 zvBF&+VzaPU3jyb%G2H*0J)hi?onay?xyoc$trrTU#BHA4l9>&)L}8XQGm+A3!-K6D z#qSg`YBG}YPex-#&}8}iovJ=5KFrU=7vEQyT`L4>$K?oi@Otras8xJ;oLgAxRm4{! zB`3bxZuY_6lA|AWcLf`26(3}`Sn)9sjn3=DSKGZl*xMjJf}`@2w8vJwMCXmpV-7^8 zVwr>6o((l!>2wvVD>0H2+h#r8eH`p;5S#YM9a}LHZx3O4j@8Z0+E)=9RCnImra#YV zrZki~M@2<8)at4T#&d*r_e6o4g6S8+GYO1c#Ff1d&7?;0DcU)5s8xJ7LOad2NAV$v z<+fLful7o7u(!cwbw%dbiel)ph-!1J@0`ohDv7sY#CD!Nqa?;`5ew(%xf4hn2sjK{ z$pZ7@JXU^_fRLi(PnI-FQPy59M1j$mR8x|gft+j>b%)2+gUk`qxmegF9HzG{`<6CT$-covMjI0Bv3YLA9(2oA?9pO7y#877R5EF_m%(~0 z;N@)f=9xpS)-w}jT-|ygR{VcLJeBMijAOJOK@pqhRun<)T?<8AYDE;2Lkp#oO=iAe zBBPK5D{P)yu>yrO6D!;-OjAe<)tRe>)$fV$|xq2aOr9sYIU`lIN&C(MiHGA z&tw)0CNc^~D*DZHYei2R!q1#6c2gU2)p}_|)od30GSJ_fXQ|f1(4{s+^Jci5S*_nx zOs*0y#Z=8|c`d$qmRdXvwTkIVwYV`8cwAd9gmrK+C1)j)m=lA+TFMq&I2T-RDlGF3 zg&wLL7G+}gmBQ17{8Gf#%xJck3Wx9&`XZXyP^*aX7;_xpq z4F=CgvPw1#a*Qq-K1Eszre%$QH%1r5f941#+0Gs%2JL}1W{emF!{blc-Yfy(`k8>@ ztHX0MVX&6LcC;p6x76fGMDY>%m@SOh#UjG>&x>d}8^#aVCL7YKeBDx&CjrH{P!rJA zoeS4JFPK^eG}9Ogh47KW(!E+L@+6vTRpgh(pOQ9l?p4cvW*no4v>vxl!?%X!nf3V9 ztq0dVZ#}iF6+dd397}6(``ml0Xj*IVORc6PN}Sb9XDu^{(Pp&%whyLY2IN{$zFA_A_i$cJmCRLC-r>vYWq4+J z)M7`xLHx`S(z)2fW>M>=_&WZ{Dw=DD@#{RPlIHp#ufu9Q_3_%;BJ3zt;jF0A9G04? z;nb=uR$bX#J2qzBo^#=_X^hvl7Anq<9UNu^(bkPl#_x`(aW-7do<-FjK5JE|$A((f zgZt*K+wDViCW0tltHzU9`KWyCGsS6DO-oV>9`?M?Z1$U}-H$iHPf|e~zU5x3r4=*K zYap&UYB}pQIC$8X3+FO6j43Coy8j01#C6QGXtns=tUF>>uX1{b0b%1Ah*$ zpGFTMDC04(oS{XV#|v0<6@k?|L!U@xQ+_-ISCt0QD;BX&ySI8ow0OIH$m^U(Tr7Hu z7@{$8X8|NZK3@0gVt3U>DfY@n{+nRqgV+_}*msXw#U3r`VzJ|RS{tpN4Hkrvh1Igj z8*(@CVy;;})yw#efUKvxo;GHzqc!V#g?*;IRjd#P zANgXj;y@D-$q4??dYJ<#7W^B}yTjit|C5XQ?(Lsa7|ohLQRzq{A}V!y&?<=-)%4Beangop3ka;Xqoo7v`UH%V`imzd|Ige z8%0ksQiPn7#$O>K>z~Ittb)ODJnvAV^4h!}RTl3f1*)WWn;-Ls{Tt`OiGiqRi8w*leHqT}1qq<@sG11dY zqIfAj^AgUXA>wDKpUa}X{R`m z{TXeG=QTlc4*rttlVQk&$m4ljHs5>(LQnp}<8xBEC%WMIaPMb@k8^TW>b&r)^-HlL z6uviKhLToP3UT1cW{JOM%f`blQ4R4K&#M8uKu@*NZOq8W#H%Y#_9^=oFW@c0TJT5J z3*NLE=n-RNk2@3%_0RO)(VJlZDHv_EW6XwH)c_sLQNy`lWG%~ZDOTh>k9h?nbxO_{ zw%Gx4VR`;!}L|KJJ$W>S@ zSp{-;6^NKsfKjVZ+N?rQS%uqMg^#yHxRd31oDSXUo6+U~j3ZJuB zg>CI|XS9n|*noBwHmh8P?d(=z8?2S>)bt+rZ!^Pd`>XJZ?kc>%hsU;m3$GSDS-1Op zJdxQP{xmp^Kkat#XE@V3tevgaf$YbhRyMEJ0gU6%AfI(eW)Mw0-zJ_fd?y^^@qFPs zrBCbdVZ+thKE8+h2p>+upYeR*BMFdkJYU%I7=MrV7dA&+t-}s#_|v!q{2A{rY!I

ef1RyuU|!&Y@Mn15 z&R_t?!}E5*i&tIP#~gp!{XNCc-mbc^bqM|p_t%BjSPvkhu6W zJZ~40-l_|Gdg0G_zOdH_>@l9tUUq-~)P>g)S6z7L34g}t4gJ%r*yM>n!}Eq-s`oJH zppQ-TflYLRNJp+Bn}9#V`C@imMMuS-cD^TjWgj+;Xk=EoiQcdY?tt;|yqo9{o9Gdn z=n`1Z497*M*hH^D%U>9eezA#;v5B6s39j*k@5zLD(K$BJJ2t^RR-5P_NR>9PkN(j| z|LCKC^wB@?7HF6k{iBcm(MSL2qko{_=e(yr`bQuAqmTa42me_0(Leg=AAR(XKKe%= z{R1>pxNh{1KKe%={iBcm(MSL2gMU2r(Leg=AAR%>ME!8S=pTLbk3RaxHu}dl`o}i< z$2R)MHu}dl`Uk*`oo^fcV;lVAX&e1x8~tM&{bL*aW3>&t0pibKf7|FE;P=D%qJM0o ze{7?FY@>f{qkq`S6YOjo{bL*a<7pfH1Mjqj^F{yI2LC|h4fY3CCj5K!k8SjiU1*wL z;Tv4`?>p-?M2wF9v5Wq(i~g~TSz;H`#M3VN$1Wy{UCb1_m@0NLR{$u6^GE-{zBuvk z;r@2fKX%bSb}40~oRN}7^bgdFJpO4H{bLvXV;B8n7gNVB`o}K%$1eKEF8aqV`UlES zyPtjZkA3uyee{og^pAb?kA2L&`{*D0=pXy&AE;5o`J#X9qkrt9f9#`w?4y6|qkrt9 zf9#`w?4y66dI{%?{;?1K@wAWrv5)?-kN&Zb`C}jbV;}uvAN>QsJe)83$3FVUKKjQY z`o|&q$07R1A^OK5_{Y;B`o|&q$07R1A?A-m^p8XIk3;m2L-dbB^p8XIk3;m2L-dbB z^p8XIk3;m2L-3EML-dbB%pZs7A1Ho)|MAxkpOFyOS?PJm_aU{a>Z=bQK7M}p$6x>H zGi$7W`1!;CdH40lPk(;-^aBNiSDxO#{Pg(;lm}m|S15{+s5<_Jx4t)jdiTxCFQ0#i zs!rmMaF z(kN;8q`2G`>7M25cC-89aN^Ru$zAwYe`#j#3ogCe;nF>96M5SNza7LK*9(b?(S1*8 zKjR<$by-bZdfjkBWNJJ(;{PD+{L0&&s^CBRD>I&5d}W+)yFxBD!5;@!v z(Oo&;>hBe%-63)x50E2DH(VSA^B3Ew;}EmMa^jksQm^|SHdY$81(?@AFqefplye8j zakJm!X;7-g>&7N7BR-)24%PWHuI{dzVaQiJE(!o#5#=&YyT!>jD3K4t6URQ6?8+2} zzcNeE*FP~gBHF;HkMO2FT@{*4F(hQYAnEYLr>@Hs{rc{qEg2KmYRAzx?=b-+cV(`=3Am9P`T2ukU8@tG-u=UmAO7V(zI^!4|JNV?6KA}9_%kK)gnP`T!?XPE z+dq7ZwE+a}@E#&5khIJbX_=g+CZ->_g2XiO7@WhXbDStq=eFub)+(OQ7%Tk!6fa<7 zxL(>UFHkjjwy%Eu{J%ebig!sC!ib$jy5sM5Mj{g0pmmfb5hi`F*c5{j2 zv75!T?>>F}^RGX>43|j)z`1Qc=Jh;1FPko%@j})&0iJ)eNtc9fzxna=%YXdlzjV** zHF&)K8M%4e|L5oaKRiGGhyRr6*tQ83IDhH z5XSgBBOd>kjakW=kKtH@A^8}7-?6kR$ABhbq4^k&-LhoN#~^VltIDw*ytSN%WA`k7 z{XCYeI_!;d0sB?He}55e7Npjd=>Lp{+H)N zbP+js2f{f&kC34pI~u){kL^Lw5sKww2;UpRl41DPd@Njl+i2Loo(Xv5L&caI8^~`54mh zf$+Q>12g5G1IKQN^ZYzQ=5lOzBy7*eaO_re36M>?BAR=FPx9Ll45zyWjx~C$JQgX+-}CXf_HhWu?jO2tN-qdvd-^i z&3x{B5Jmu`FV{7CwLBKgt&_`o4R*?n;hv2OERWqII+fQzRkHW_4aZ76;5<@P#re98 z_y>+f5|DXFQ+{l>_d4IN5n$xlol$GWbvJ0c6Ity$xi033tgt{p$~HeAuDg-zZiooV zdC;!WUG7-yd#Uq8znkOEUjx^bF|2Rxz5g;4lNNN>mHG`13JbSK}3kcV9Qb-3&dK#~w9aVV=kefJUDe zHMQ3ffscRQ{RX4ubD)^ic!hanAoBZz>DrP)K89m8USXckc`!c^s^$4`ti~(M^SK)) zbfVrkYP`ZcpW|UdwoKvfS>qMvd4Gc{#fAvrMb3wVE#>6bSRWxRCqEpk@e1>NeF~9E zErnw>USS@WQp)SX(_K!+u^O+AkiN@Dcr;r=&CiEpC0=o!&x5Gs)i%KLdH>}+FBiLn zw@DyBFK5p4Hi=6dxeQX?Gm@?I1q@)=BV)^A#dSA`?Rw7=ui%t|O-Z16 zz2UkNuQ-p(VC8kUsBX(K94qk(rPQ;p(Xr^$drk|-O1$Dckslfdr1tKxMT@%^uohB# zBfz52@%M}u2jtk^mS>CSMT3Ck6bMGIyWfic_D5Sj&CiFbPU2OEc@nSC7{DbukaJ#Ey~Zmv1#o>LzXp=(PB_&LW-9lL#P4!^2cALWRj=_1^SqyfLAI8#{9dr; zuki}=xMZEr1FI}@*`q;9TYp2zHn;?|y%+Zyg!;uYt~`B1(1wGJFB@e2KUSP&@f09)-p3+D#%j)Y`4kp z4}E^Uw-@y4h+kr!wSJYyBBi){!LbsrK=TXtkG{g4+SOj-73Yav0c@~6CchV4SK`$M z^E{UehFfY(94qmP^E`gT3#wa<&!Ar2y0 zSK<}t>G`nKCN_DLc*WHUU$?WI)Hr$6c*U~Q>j;ghKEEO8YP`ZcpZ9Sq)^1qZ1~9hB z3KX|{Hg@~VdKrSY$OZE}_rK{;Ub*MMJ!`zeJh6=)FN%ncjvBAf2$q7xTQ&z)UxiLzzIlT_JOO?hA+sjJuaJ7LVmvbZ0m_02#Iy zo)8H{ue;xSo^XS*#K%quO5+vgd0z!oJDxaJ;}z!Vu_)r4Z{fNcuh7`*@haE@Ytt`v z1j5eC3iEuf#lpnVW0yTPpb$Bu3xzGF`87}wO5KEGHC|z!zXr%5K)CXJI9B5o=J|CO zgs`K>Jvdh56Mo3o|h@oAPB(nUiL_E`n>2?cbE=WkToh=t>w=dRFq70~NN`@~2*lQEo?ip>ki7GKrSD<}7_eE6Z>j~)e-zbH%Oc|nB8*zwut zC|p)z)&}3MS;T;W$SDfc-Q7}PAHtgo- z!?6;tIM4ULpa8K~YuvFCuQ<=!0Xo6J+{$$&UU8o1A`u~!`$A&%{>ynjHeo|$=~KXx zoWv{4lXW#L9V-uvWk0zt=K1w_EGOG*Bc-emWu4wQ&+DTHsp@kw?pfj$=lQi5G*zKU z@^S__C)Xt!FXw>)JyGX?qm^TiQs~d|t z!CQHHti~(M^Slb)`vXfR*VTAM-*VSL6k2=vp%X&m6<&7qH4RrAHSa6m#CbmN0|kIU zkbBm61t*kv1ws3Kj(gU4g?YY4LKZxFt`zTsX}rSzh<<&VnbC6(I9B5omrk7RB1u>(V?XE z6_T<%FZw%uebsMweC>$0JoKKU%+`2?77_6y^nOUKg0fDpdl23S-5c6#ibO5`i+LU! zprZrEA@{8DYKI0VX9uXl?3Gvdyc(}C&-c@SdeFXHBx-qHQqnG8V&xr8uKu0@vAs=V zp2tyi1z!tb*+t_O=6OB`D~6J1xU?hJ#XQeZpcx4OSngTl73N7UL#hxC8GMso7sJ>uS8hJkLd< zt9AXc_}?^`%l;uYt4Ib*RKDwgM!c!hbkHA8Mg0D~uN5~Z!P4bJm6xy4pU(l>%E za?$uP_f0zmzFgG<~gy zV)Q4(#dWz~qtk~$I*ILo zjsCiTetsPXT}xQ7E#-piN{$Ce!5hHkJT!45^p<0I`9u1fI8WjgcrMSi;8@AYTg>yl zJpjKFJ8|qrpI31TUL2NwJsc~Tlk+4W@uh5ub!hYOa=|>0HP{*8d(UxQ;fxUJp8b1r zSXeyuywYF7dEWlm$>imSH|EhaTk4JT#5M@(yj`I%(dPwc>Fv4K_n2{AATxhm&>+tK zxY8yy1Bwf|F6Qa6C$J=}RIY0Y$=wS&{REdGBkOfLZ2#zw1%PwU#*SG(2GoeQUVkk5 z@Vp-(OY3z}zQ}daQR8DfOEY&bsNm3T;IE5U=G_?XS>x6AfQz_ev7GGVACA>{g?W;H zv6LVj6q2nxFXl-N3|drpQ6x-xUd;1x4HT5Vlg?IHFDtA{ik#Ut;`D~bDA76JaFV!z zHyJ&y#jzT%FwgT%0EqHlFOJoC1y06usvsUf)|Yz2u^O*1PvQos2VcM7SdCYh=k0Hc zlE!mOI9B5o=J`4dW{Ramf6r|4FUL5~_tW4Zq(2c=j>ap@^UsD&D{PCwJlEn_jaQf_ z_OeIDbTt=_)p&)r7N0-1*f7l30ytLV)gJHMx@#aBz-dak;8=}UY)5jo%h%~#jfC^# zJ)81;7&|_@+Kgi$Jd5jc4Bcun1_n^Z{JUQ~*7rtnZ10|pV+R*Yu(JblMH!no2H@?l z3w&8V8`ibKX_fP^T8o$eo&9ml^E7DCl=zG>;TZ7(ufG?r2n#QOG222iw?B4Jc^rzd zgRghlw&b}vuzZaB$z84HkxZpgDVFT;(8epYt``Y|DIOgveV{mFYR^kv@ zTQ5_L>3S{Nn|z&!P4A>;;Fy0ljMj)SlJT+H1&z=A}Kq)VICGX zoD3jQU$bJK?rQ*g$oVgLL*R2~e;AW~V2thk`Wpl|$Wjtl)hr}H01|WMnVNCi|F(&KSXfk^Cu>@oK z&OF1Ke_nKR`Fx3v6IqAFn2+sPNMOUadtNX+B2%Pau{FG|;bR1hKyw~C{3ZY5eQaM# z;aDu}`gC)Yp+jJGSe!ih2Mk6_=X zTo-M=I%eB|7O?~!USg*VsB$ky6gBSIV9lOK!jhNd9$Nuv6dPM z8%p4-B7Pp0j=e7VQjN?*1G#@Tw8TgbfI3dhL(_@BE=nICORy;7^A<`+!6_KiJ}4B> zk}D9%eNIM+iO}osg@HrHY^&}<=X*30%X45$B9R{y;`0J-+V^t-OoQ(8*X81(jKR@m z4277CN#8XZz=gBK7|LpYEEbEr&e8WO@6%zI9mz+yWziduxZqHfIf4;EC;A!_nFnWd z_lH&-$!}1bbi$gUj}dfp|Gc0qeeWfhSE(^Erg$2VQ(`u{WF(%Vt66FRP;Sy6 zhGke^v+}h{l?&T!ZH@^9$ zHbf!#>w;?$9UYERPXdCe4A5fjedd6;>z@~$E)ttip?hqPs$KSI#F*^=hk{?<&Bc~Z z!Wn^mkr;7AU%0n%JeuAgw#W5yMvJh=0cgTgE)rXsh<>>)?sE#d4@AF6WqMsK#Cp5J zQ%Kzey4c}M)aTf~$?F$u>JoR+;UK=5$^G%d^*T7bFaz5}^q7MWPksnHV7q5_1WgkPNef!i)AwTxZ`}3iU^|cgeILTWW zLqn2#4zLkE*J7Tm;{d=)9Kx8asbdV^sPflFj#-t|1nBX3ashwiY-*JMpAgPrxCVS9fRadw)uJnrCBW#F&fGrWb!aL-? ze*@*8^txbd@8dX{)@5CduVqO*06h1cIp*p4z?I5#;57{27lcw&)(tR*6z6ORt0WTF z*v9Dn4ez~+UqVA3Ghu5lH0JtiptsS-15`*NXP_gWk05!^4Fg|m|2W3ff3cm6#3s0w zuXnMN0N7H0&;5ye!8GrKcvD|u1UIemvGc?}9iXmH$R6B-$O?8ZG6jJkx>PRhfUXgV ziQJ#T=KzS_*Q_{JxDgaXuv9NA)XH)`#Bm>sJNSag5A}x5lbRn11qZw9Vwqi@gYRSO zJRlW+EH(@C*Tp-=zP1Gf!`7z$SjBm0G?4cQFop(gIrivrH+ON6T!CE&Mb5~0Vt-iP zk{HH!59PXOj*{m^qldRsFvEVm7F~Gq4mrkTe>02;KIdzsdVg4)6@8$YUG5L!llwbi z&sawEJQq3w1y6Iu#&dHR!y6l3M*yO7e|%}w&jY{a{Sqy+9+MD?tKRS$q(2{)4LtvX z6(#AF;pDEHw!FpCyNq zO7nJ#E>N)-^z=&Y$bMUS4qZD&g=t?^FKRu!$m08;Fb{~;%Y`rc%NPQ_jLDv7h=^z^ z_w(=)g0~l>8NnK8@)!SL|C(GEn9lnLTv~EB`>N!+0H^+ZY?StPPmy{%MWe6S0m?tm zji7tTKIK=)9#p-=Q}l00O@oS6;sJVl#O~3RCN(fBDe)t$$9qnJJJyJQVExUnlVG0k z<5>B`3b4~J8iS-}W!tsL8CWz9XE3Ush^44m;q;IwHomFEQplk>3& z*I$?2>@ubp4E;@dKC~%_Twp>zZUDVW&5uZ;az>t(`vbK1_KYPou|KSNc}@_o1}XN# zvWDIta`R%dn;{5~gQsf6_So{M!t9yPNG_}f)8#{YBv!&cW z2cm)aFIob{t`H?9{-M`O@&aB~6?*|R(C5I51R@t*-$KPNz3~{sYO0qhoL`<7@z2{I zmPqwEbbl4Ty)X4Hs8XpT(2bNWS@TyRKQZ_7~$mZ4+M<(8weBO=IEAkUDS!*&#}HGb`RjF=i{bM z{$60a@*L<3(s}Z(FJ2YIf`vaH3Po>!D9!{AVk=SqP6%Eplpb7+q2t0|W2-m{i9zBY zDt_^EzLxLp1!g7r4O`v&{)hu!4^TVcVyeGCDAUJX6PC=A9u_pJ$-7G!!-hBhSS*9d zb%AlbK2V-YeFfBmG0oFh%aS~UwJfO*u;L*60p8~nI|W@QYZ%yi zO!6Qq0a;5xWEZ@JbR_Wrt3p!WW8F&Xh$A>CZ_l6(^*PWf?fnQHK$1TIO(kvs8c4o8 zf_|3kBJO&>#1(`OLs*kK5wA`7HAw6fq5KQBP7v-NRFKr|M+n;c5mrw0c`@jo152*5 zM<~Wnk(V}(F#z2qw^MO=#bqSVwVF)r$diTksdAq_G4A38o_Io)W zcS!Q{0LJD1v=0Ew&axK6&Q)I@U`+N8!x&am{dG}V$o(Pj%X8o{Tzo-@0Hf&7$L=ye z2AW#V$L4972NWw~!kH8G=yl=z&fhRgcpr?RKycRp1@GevL!HruWQN7p)79)B!aSG~Pp8O+xa>_8LyLxt}1Ip)DU{51fl<+{k{ zB0pduc@E%nZwEkDzHUEaJxcUOQMtT@l!9G^{QbdB<+`v_nWyidViI0p@aF?(>Fp0o zED~Q3N__7d-lCVDPmIaFesCh`m%YZm(aqv+6wQdqv?WYor*Her1fI+sfaI^6ikQyxWH{*-IIv z1)3cE`EXfz4sb>?50s_IMSD)rxQ|9@e+}&I;PuP)9MKyAmp_)B88U|AN5+J2LfIsH z{h>IO{yKJ?NPOX|mfkiHKKmBtsY*?7I7Q%L29ms;hz z*e^q#1MBBHPkJl3rH<4k*q=e_7p!(my}=ekxh|H*M1Ewxy_|ul<^GVpMb20{_Wp(u zu@}4sWAbHbpEQ|AOde!Slf|$a*I_tkssD}L@q#AG7lJAtPHD$=NQ- zHNl}+jTfB4_ny2y*a9TygVTuoV1Pbu;FS>3FDgBW8+gabuV2EUv5e-Q1G!tSi;`9D z4<)dVYj`r1AC|#%9<=1Ii?)B62NlWv0ng|>^$%{1;hzKVILY%eEqHw(a!P#WYr=9q z#7X}gs8}Vxp$kCti~a9~XTa*Er6UN;~zAx*F{H{To*65 zh+NPsB=Q5(AaY^F=Iq3%0urlG-D^P97 zdc_fGM(P|iWQrYta+Cav5=rnI#H`N&YSY^(Xb`bKAPuRnz`#q~K*NtdFE+gK^#;GQ%pyna#YiGELfKc1^3C+5M(oo(Rl9>I;Mn#BH46^s93tw{19791rG;aw;_ zAB5%o99tNOzhPZS^^5oTL@prky*-2Y7FKH}PMT)WQ#ea1wg~ zQ6snlB!yp3#*%~b?QFI3e#vbdd^`Z)lKepc;^mBGV&Pel-UP>kS@->BTc8#KBH3XiAg! zLpkQxr#Xh@)WY8|2I9Na2giJU#W6_6A1nMM=ArSrj4v1iKUB((W4?cvV}AV{V%w0Abpdr9j=~58HLyM`u{>>l&*?t{*Q z7y4uInpYVoaV*+oWFD4H{qqtYm2n8i!Ug5JNbzz$#1gqKmgGb((7Cq*(D$yc!*$UZ zr1ShY7%`8X(q0D0Gu|&@xh|gKScEYDykHL;p5e!+fTY|tur}f99KIpu@eIeX5u`s> z_RzpQ*_!}kpuN34^Bde=A6RqHd2F)w*TpiJ*9X=Y#9pwCwb%<78L?-qhPpZo_l)Ip zZwFZR6FVg&(RrQ^!}*|JA78i)xafnMYWwGfd-&(Yt3hH1c>lxU87LQRk^cVhR=(H) z)&sJl#2`t@Ioq36!~2UumdK8ShJ-^nq*Zwkk-alDfs zxO!J_U>@`<*9AEBeuV7n`p0oB-xl=OK&P}^7u2S=d+_age<&LKJh0iWE&*^sx#8mh zXcdtkC~46L(xvN@ArSIB2*>1ROtJiQo5Dnfxz;U}iH_QV}_WsN7r-A7tnCtFOkh1-p8?kuwEbFnx(!1*DQ8`eYYGxg!7>%LF59ADE9|9lKTUglzD;& zaSd#VWGZp?yJ3?~0mk$jHmEVu`q5R$j>s_U12p;;yvD&5_`cir{pbk8b}>RF4D^x{pgNw0*Q`y&AnamWqofi2Q~}2c!0<$ zaf3?SW*{#VBy)VbAkcDVyegmNky&;+Sbb%&_(JO@M{tefS3eF zfp8Z)MQfheGorIT2fKirt${c5@f5`~HY+LTVGJ*c$ry@sKL)pyc_?3;AHgzwzdVZe z&hNv=ZdSiO$T824b4+j}icG&p59VR-RHqLVA(B5ZcH%kk!lXQ}^q1fo*n(J|7o4iA zhnRf49bioACIlF;6kg7txkSz&%|&m>$vO`opmyhj@O_=g2k~_xGBOsB{IMXC{PSX~ zCSR|CB9r`qG5@|ZE&(v^<%}L-j~g)$UhVG%Yddm({HThbhb9&;7i?+b)`f5{h}jO$ zAi4SecFbde<*$L)!Q}qXj_KkW2r?+nAIpU>8N&+}evAQC#)P-!&RISl;O6|g71V)p z*PjnjP3#K0zIlAkO}gE>5YETOS9gEh{>48B;FhlsU@rbUfH)sYDLEgOx8!{MScShX zULtpS3)Cx$E}7@wN5pke;LG{Im&kQdw0e61%`fqQpZ=ETKv5(2hxKG{R}i1)9Z|IV zeI;?vc;Cg}ADAVv7nDdoZ=rQxcxCPagt3692G@?fPVJEZ~-xGrtoj=R+AG z&x?jG(FbCLoDW=!%#(g8+zViUw`W8Wy)O6{A2+aK=<95}T&wmB9?q{DAe;MjcH9eE z_`IERdwG9dyu~7Zjy7|VGgj_Ao<^s$tP5dG_yaI_!cSsM@CU~HcMFit@vetFhkVzA z^8_CO^!UC_%mb|~=R-Z|;|s!z#0`GH$J-Usk@yE%N%VZ+c)VTlBQ2s2)EnMT@wS!6 zTPXNteU&>Fil1XCLE;ei#FytlFOyssC9szZxIXbW&|DHH@zD*bH_-Je^&j{@v3pd? z9_OKYk@Yu>p$W*vFf5Zu9f6)t&v!z2Xg>GHV)@eR1KCLL4}I_=7kRH2B__ybIUn{e z@^%3Dq4JY`k$h*v&up}$j}7prQ5Q@CZnzb?u;zkZITZIvG?bg5&3aO63#yPniJq-f>3 zSV;78K`V~n1-zCZ`I4NaoKL<53-}@54#5~;iuYgem}2+fF+JY|w%vdK2s|R8o&a0-kq-Q~>UsUEwt^@pJS=ial#zB<>lUo3~Re zU#fmV4*NKS3Q2GP_REmG0QjcQ3j)yF6}mD6N8zP@ssH%myN~1GUWGpZRiNhsHz(Ic zyz+X(%8BnoK`{02@j=FDnvnCMEz;M!Sn}8Np}z9*3P@LQ9+(WBhtkpO4KL709EX<+ zo}o*7`@@S4qF?Z~o^J=z^?Ub11_*$1KA5DpQ?RFk-^k_4b8u%DXXE(vh48F+LstA3 zOosO(td>bW!kB*#2n9M!*IgH+t^bw*=Hayor#Fnj63Tl<`xQEpWX$gqgY%&YNY2L> zas9Ef$1g#J@bY+D+`pfKc>shiPGSs2u)hYj?vQy{g4B6}YeCwAy7lMV`Tg*4FIcd3 z{);i`|HEtaXf*QY<5#(4%zrBi*TBM>%tIr*oDV&?G7tN!$aC-wV1HedyE;$pfaJfw zE=hP7Ptk_w_i?~(6lBQVb-}>+xQ2Ps{|6dV>Oa0U>*GDfgkQsIqkkWQJGJ}$zPMY4 zb?!SHb=a2j=QiA>Uo7E4i-vQ=-OD^o|-*>Z`B!&)@vv`1|f_ zyvOkM;oJV(Zubr7-Q6ER{_LN={PO9S&p&?p{I^dp|NKP08P5Ln@BjTD{_)!<1e?{z zfBL`w9iHU(A3uD4`SAId6~x5h_wWAer;oq>mH+a`ci+7H>(4*Ey#KFXzx!{i&!2vM zdH2V6-+%h?!!LjR@zcwPpZ@L3FW>!-mp}jfz`*i@ z1hM{K>lIcmEp$Tb&#RNJVD^y2g1>AA`mt6X5VYu#N1 zHj0P>gCvR=8tj-cG?Sji&=gfhfz6ZAeo96tYrKqDa;)AXvZB1PKRKr`GW+7yU1jE_ zlw@J@OCsxXk!@aSNyiB(v4Bfb8ei&lfus!(tjCX&%|Y}d)VTF&S{5~T4@$$?Br$+eoiX+0H~ ziIqi2B!nQ6Oh{brc#x1zl(R`jZDKi0IFwa$MS@?U|1Ff!qgadueUMnhb}~0|4wkvz zYaOhcDuapZz3mv;S=bIJfQQ+R2d5#aw{A%l+g))(^ZX=YbQiqH|vYgSK zY~$;@y3<^tWWMFfzt<)4ZYt)Gl1)O1`3mbwE??BR~VEOCRz45|EnVwrHM+X!hY&TxgZ6cTW{ zr6cfZRz-kcG)cbaFT;qz<_wu4UI!$7KRJ$Gcb_EIPjP+hA}Hm!;ySo9HY~N<$o+(L zZ)59s6E&l;tYyuJ*SLd7#z19nQ~$=|_jby5%qXM)vQ32^Cx)AZqU{tK0rDt|Jcp;&Fa6-cC7&dahNOSKRW;X@4*gEKiWP3*! z4u*Gr?kuD+?o3-!=6g**eLv-H>=6_5sx*H^R zm4fjw#=Ms4|cT*$%5y?N(*``dBK-|)7+*b=sLb5RK+_l`>UcDUn|!{PON zFD1}sRw-qiSlH`lDPbu~{0@t}uHET4#n9WA9K4fZPvSBZVFU1c!?L;NlVo9iKbgoj zY<)>V>a~482t5<5n7v`^WhRY+c=;<_etCsJCK-qKGiknFW|Mt&hV)CE%Xi_No#Ayc z8@Zp%=GxhfWHtrw>`hQ_XSPjIUMAqn688@6a}!`@O&+?8U97LSv&nd7i)PNw&`j;@ zY|EF%?;7am$}9_EPG*@jUoErsWC_8Y+`OIH>*Ix;;f>ja%Ir42IoXM2U!L(C+E{Z0TfhfloI)7i)MK?uX**mn}8*THd!m`l9@i5DpCiyZ49N%WJ?)4@+ zn_8x_Js-Wy?4`IuX7(xP2YI8&EE9%{V40(~RsNIxOxT(S2IPFxHs32{##hglA~TrQ z9CqvfXYXy7@XclO7)K9v&ViA_2a$J?nPunM@`# znSog(vu9xlKW4Ja8~H~{m-&DyneC=4xc4*HGa(^Q^h~yrew2Flu*|HCPNEAFpl_!M z_K5C97vwzI$V_YKj(!vSWgmHLdi5;v0g(XfBC_2gDB&i^WQI-sAmX&n&auSVJ;#xy-m>K9yP6CjD`2 zd3p>z+s$N%+g6z!$0A5`F3x_L&3BslVK-U9$d&l$1zs zRY#VJKE@C$vfNpS75Tw;4oipKDI@8gwt58W;YS``=QZ2A1)g$TWkE)dUZb}YLPZLa zO$nocR~JIYCOz6Kcf?r%B^g-)`SBK3&+FHAYp%hkR+JG>A$e3i zIT=vm_u{ONl06EwS&uniJG0H+OCbsU@>Y+)?f9Q-tnJ0w za@=Y`Mt}8m6`)JsSs9R%U^ZgGf!&u^&+?9$v~e$*2IFVSs*A~GOF%j`@r?(P=? z6J|*)b6^;J#N70I8RHtUOnb|?EvZhog9zN`mtcRZ#IhGA<2?G3Sf-CGjc6I@EJao& zmc7UrCm0pQ^5`?H#~(zy!LTfOwF-w?1sEN(P(RO2PIH?yj0FkngTlEnS#G#+%oM(xje+6AeN6TZn2?~4WdYo z-hB}5M!CX_yBS0uZvr`zM84?vP9(ipf!PcGdE|g;i*k_lmN8z}kMYT4Z#;Q?6TFu; zmeV9mOh>WE!Ha+0o@w5VW2CHLGpJgg3HGRB@tWY14XSxJj^WunTW!Ia(~m5cok8?r zJk##BZaE^NAQqn1^|5G6q#&7Rg22pYy|ZVUcjFkT<=YIR=Fw-=JA>#0iDfsA;o*B* zZNc%#fA!k38^;La<3?L>miAx0Sa#zW$yRQ~B6EbtTqD>SM2X3bMpRvRH}A$RvL2a> z1!taqM1v?1OJrrUz1QzJM_P8Xb#ltWRxCmw|Cri>*A409cPZqKROg*N(Jom=E1Tvv zV$p+69x=D;9Ym+omfa{&f8Eo`pkb?vMx{d5!Tq{S-ZndT7sjp|!mVDSG_QRqy*<^+RB~yFn zBFM5A$#!BtH~Ik%_m4&p@AkSl^L8gM+X?s2=5+(F#$yhLhs|Zu?~(144d(CA@7N%| zCy3&agH11IxPBxfz+T>`=Q#9r_kBx+1UT#U(W&;6o{u_P0x65CBw~=%gYV_L-BZmv z**cSJJ@&ryK=qHLvm;3y!zJI#_q#kpICi=a7&MUBW2bhKo<}1*|G`rceJ_uC+C8-| zp7Pgp2gw4S&EQ3yeVjk|-gj(v{kpLDsHW?>8{Rf&7UV~dovL|z?|TKX>(2{^_2F%G zps!18_~?w~nFw`iG+>vMrz;%9hvUGNX!|GteDv5e$3z2a1hC6|5{~)Kh5#NNcA3Ni z&_j+MucG600@$^Ah2!*~0rF{dq!T}S?Df=>383Fgm0+@P^mt|j+a;&Hga96$_wr-{ z*xiZV#mC~U0>G*26757oK#v1{#1w2I05rBSfYS>MyI!Dh1YXn5I_ZxEpa)x@$p+L2 zVE2rQu5j2L1fW~UV*#A8+V7zmzf%Ktk5&kWvE^Q1k|b(k1Si?KdA3NfMgykZA+SBN z?h4cV{6r*tr1b}98Ui(Oz%G$}S2$}9Z>#J4(GZxcN_ zT`6-aFMyZXoBYKm#;tD9xJDuYjB-lWCE9@Lu(u}A70!x7q080{j^}lQ6*genPy7^4 zg@XX{^UwIvrA~*ZUGm?qaQ<6^g1IpDi-y1;%SUG$0yP@2dunzUpY#^L?{wC=Plelu z2ivoG@eywE`<}5#v@YEN_q_MM@o8-F`(Ca^+vURT;)B)V_Z2qzvyI;>eclaY<1^CY z_tn|_nWEO3_ubE4#mAjR@7s$U&ep#*_PN_#hl@`xi{JN*+r;aF@~PWhhl>v(i{JMn zDp;}3_RYhm-P7emMZsq2t?m1>RvOqVqMqPg7htAtFZbBT2ZP1^D;v2lbNuerUxm|Q z3;lb+_IWS9>V;)!`@WrKmM+mB?ZsEUoM~5h-wU?Sdkd(2d}3BKenUR-Y~!~o-q?$; z!Vb(r|9(UTP-d*1{%Dtby^l|-iu?DBJ5ej=NBv%W6%P6-^zV6de%7V$<9~N~;(JNv zZr>McAF}v$Ci`6VzI)a3eSEr8q|fI(K&CQ&-d)@6<8zwg_w7EuQZBE(+KsO|CMH#% z*Bo}B981=*Q2uvL1+Q^X{cgY|9lIUS&7(8&;}vyNRjq>W1|acaN0EXD#_O{MAXNrz zHvowbDvIA%g?%Q2U8B##-l9|=A2Jlb?|BRIYWjEgHFxqC+1a%oFwR;nB%D68l`G&$|g8DVNyx@8j>3Ki&K81|U+RRd`=H5#}QO z(XbnD6i>Qo+A|kSSLyR^f~Rl4KL6iO?#_pgY;wJea~A!UgLkKy=tYQDJHXULgmF)&+hIT z8j6Q=G|lwrbTP^Jt?J*s_-ZJgx`Fq7bT-V>z3*OpHN?kh*lHRWQN!BdF?-oeLJxAb z*;7@A?`5}!;=vhBGd?nA(un6z;+4{FepLc0P#+Xw-?%(qkN>#n@UjAzAqeaK~eb2j# zwPyV8(uM?1+^s&(mz%HacjK!PLH=RZ)1IRapJltvWe(`Qgw_}nB#$9t? zV#3Fk?{NG~WFHX0UaA15UHe~R!ap2z`6d>C@Y9^lA=C_kdDkSCnD7q=&7Z{rkUeXc zD1c@6G>kE3!q+0IWl`GU_5Jb5rJBHH_W;x}CdOZ1Ki~O*{KTaiz-4y0$|smt8)&sYsx| zj2C-85r}wp7VdF?S0OKh(`qkQnfKQH!dBajGLIKK=|H%=*SkgbeB?aH$#s!ajA1Y7 zHWkV9mr#6knXkJyr3@x`qs+s3YxHZPs@+3%ry_MeW{?-F%)3N#lboov?cGPum?k;W zn%>>zkqf7wZeRDjw1`!&yH`*(6?yY9i@MnC$1ZUk4rwZd8NDU|&b0las&{vzs+cwZ zIK98zL#LK;H>xUfhgo-QB3FNRhu>?p{EI`+GrTks%*^mlvC<9CxFtB0>Jr zop*bGl``+;s-_}8J_sMf($oc7=3U0PDW=B{iP+!Ifz9G-4ipynuQ=f=oM9uOCI47I znK*OeC&EC+KV%UTe}tvWKisVL9xO2DWkIP?nq3~cDJI?5basQ9%X~Q#ADwkMv!a{@ z$>}|t7_;yn1+Y2Ue8fSM=bUQS2w>S4Korm&1)yt}(GY0QYe*^t&|rCbR|TTX*(w2y z0_pEa0x$y?sshbnmm~mOqZXA0?pV?~x81&YPyG(t-U9dQA9#lz`5CVhLPqFwh)!S+qeJx3vS<;hI}Q zd~~^%aN3de;9?A>TIK+N(bg$3B)HA z93`N;eWFotxy;ZcYuU2{@!17O3Frp%SOT&Xc$qq|?5&f4Vz4kT7&RdjOF-CCE>Z&R zZcGSLx`G4-C6S0EFkCE885mFY;(@tz;sHuFLU~y%0ofpUHXW#mh}zw#7{pg49nh3m zECDI_IGY4&d_mjp)jG`aAqcA_?4^u0@rM1y9;*gowq0KkAB%95fRZyrI?!vNe5RRE z)hO8A05Qi0B^)J??|=Y{`gylNRE>guuSjAp9i1@r>iS|Gkns63?Z9p|>Kvb)udc&$wu)A_RmyT1wsWJIZ;Gw(RsJPwD70;#f z6oxL}3D^wXdA9;q>A>!h8guDDg`t%UauN@;=iM+>C4pr(A}XDzfU~heC3EBp+KZ(F zA=UJrB^(NC$3wd*puk6$T0qfshuzt6=}ZNjp|bG>2(D!r=}a+U%_!)a-5gPTsKOc# z;AD7t-FOse0{s#tuuDrn$Hy!jC7|I?B!T9 zZoYW_^51X1fqttixCYyyQG<{^R|cr+-?{kEBWFUQ|G}H zdHa1S^^GWbyI9v1Fahvz)kDA8i}>OeQ|rJKACXbOq)bHYIjni&flc2-)kU4OmPvZ9 z1=Z*>qi1mz0l#%vu7?dEY@c|$D#c|q1wcyGDuAFP?G;k5c%T5%YXYd7I$T8TjK0N8 z8glFo%?1(ZCLM?vdF-eXM`W-~C=(+hzPus|*8~xcod=d?8S#|?U+k`sG%iS~_ZX-6 zq>qA>v}+Qa5J8$(!-Uc*kztTiPh&b_ z7i-^-5aifSTTK1IfvN4{4Od^>zWn}wzI*xPzkl<;+G>BWoi|DbsP{L}r5=P&Qx zTrE0Ezq-`&AS zJ-vGaWWRa-=EoPeKmX>{({G>OzqnI~M-PS9#d>rkXkXzV?dxIQnxlSnA&y*|AP(hhr$yZL z?KPz@1GmdPG;C^V{eJxO5!m zBHm*Ny+FN*7^u@i#s;VBiRMC8d4wvr^SFWRiG(3#LX7l6QyCSIX@JzibptFKmQumK za}BC7807`+{t5&p*L}bB+~BnFNI7!dzr30jU50;u$hu1~GZ^qQvBAKcV<;Gm!DZv( z-I#=|Gvm`hUJVA~GY~i(4F*DPoOruY3{=K@q@1`uK(2Kpv6Kz+$cY1vp)nhWBQ2mP z(-yL0z5-oNeBVTkqbgQNIV3PdF-(`+jvfS4KGkKJj2^b0WN>+sc;6}&Ln{nU1lc@^ z89DPL4;eY1CrO+iAcsunX(0D%mq*OYX7DPkMs9$`IBbm^)-D~ooUGnlO(B0(qZqo< zmspGr5Sj8b$Q{Bu7`}}zgFwUsnIXk$mjRgxrjtR|$a8>Qo)D6%zaC+h+kP9zf#Jo2 zIGT4tl|vy}72+`QNQ8{VhHGw8F(J1Dg5|>K!-}p4a^m~|In3+cUzOv@s;P269j<5O zhzxQ+E!VJjTfK1ExMV9dr5uEGTFBiigPRgS&_i2?=88+I5RUBt?wNO>{B2=BeW6 zjxz4+wIW!XfEcM+q++j-2S%Wb>^+kFJi`z<2n5PoV}Xh+kC0Qp2Mbgyfhg>o(3`^w5h!{$lnyk<{l<)-kk4MVs zoDb_;mG(l{%|tH<@qn}w^}_tW=DyFDQn~k4WbGXq8)~wXRU*Xl8AYsTkbe z(YFCInDL6U5mbqKq@23GwmO6>NqLPr74kz-=j@7zlA}(pCZrQ<6{9fcYi6vR!Nysj z++f|ZG)=`WMURwI--ord6GAq{fUys0WtDROKw23m>3ATglRi63tU{L~DH~+BVz~UZ z_^RXZYc$F8{*d)N+u%uTo{Dl53_e}cLG2v8_a=w~yO%@6ag7WTaoC3_E)e zqZnewogm!bLUzR$aTN_9A9R~pg^0sDCq}tPE!W6=%c{r-k(#YhUR>Tqvq-$8k8Dx@4Dl%U8ODmM!t!v)$53PMNzWvdr1 z&zDg2KrfV>=d_4fx6@9H=+2uvz)0BP*%++fRjqb@0qfarnGp2bEv(2Ge1f*L>(qjX> z$6h3}K0pp(N1y&X7o6x&H*{$bE1@MeP0UMRwuQd!JOZN z1JD)4iF-W`z_8n{PMf2IKszC>$5y=#v+EWaDC|%}n-f5+{dJp(ADpC1&dFlm$OZAb z1(HS&2@mcMbt3~3)eX{b6YLY?I@F+IT7}xmt^32munTkI{(!l5;X1)AE0Gj4R!A_v zW-0H0G2hKtBAGT>TIBRykg2{$)nMh?DaDMnkr`PnOT4hGkIV-TBwn!X*@Zco`i2}`x`kxD)m|G)dFVK z=a#c4EEkwQbIlJHYJ<6PdBKDn?FyJ{({fFMS#@JTc{wx8G<7VI8zA>Win(t*ZV=8A zay{xZHfC4LIi66VuBbst8%*&vtAMqv2pb16zuHUzaoM372uU)?)z(?dzY^6Lpc)fm zI#Z3ILCMRojW%#B?AxOaRP`sAdu2ta2$0~IIUs_mV{OZF#gq{(oq3dI!KR19W`5E) z9*+X|o=4I(F|oR2DZX>Rp$rRdHUAlw&5rf-Ds7dr@}U? zc8Q#AnbnN5%>*AZ&Nye=p&JSRB6gA~&(Mi6b0Z1&e;DQ-VLy%o-q?-S<+tP0Dv{T) zqa#j?+4R{kKcvs#H1o(gb%J2Wt<`5K@Xt%nP)mX(_f^g;Cc!rEt(;xv4{3|pZ*hGm#L6qytXKtaan(v8Fi4s&(6 zLsPEY#~ z&!{+CaGW`~CAczytUl&bWDtE|%SP|osvpt|m8vKq6bm9mJx;BMW1l=O6qr)=LEf!J^ z<2F<0q1VB#v1B$#(6v+8BIpjQK6Hf!np-)>?Uo+wefCINhzw$tt`6;rpqbL27mP<8 zha{mo6mp`y%NHiB$-HOv{?H<5?iB7Z#0@lQS5W`A2|7IVG*FMk84`4D_Nxeb;@T@R zum*a9^%%CBk#OX+OFa^AhcOR)@e8ebi|%s?_?! zB51GmaPd08Z9*&w=wM~vf5K7(?Y17SNtPrC642ESv7{bcL1}Qo)PodlZJ~ancX`B= z42FE9At8HWNxQ9wE5wUWQvW3wzLx3&?V@_Pt%obfO9^2Bx}IM}rw~by*J4E|3Gx~g zRTb7^2bZK%P8fo&orQzxaclAz5Fx;o`p z1no5*E(#u0%x3DLx#Su%9nHkoi3^H+P}s8Sbb~!A*jBR%JzQ)Lj22Tbt}N9j25lr* zHW0~zRbUS4N1uA6Q$)<`>n&bE(j9A{u|>{6cPN4$n{BSt!>tHzwRDOI(6tM*oi2AI zz6BW=Dcm;DO6Ijy4_AUWC5eIc5NA_orwfwiig$-{R|8EN+hJQ9;bMvDB~u?84<$f7 zu}YKY0mt60m`9LdP1}v!y^AQO7xJ7Kw4N+_V$g1j=L$@d;}7Uts*9mJ?W;tkS=Q*W zcrLmM>}1F+UUfNi5j1Q2nS3;rZn0>AQq|2kbP-ncQhOPzhw|iBs7FcC*bofnzsTZ& zU193B2?Q5q1#>>BZ_#q*6N83jy=I}ONg9>L*K@O-i@R8ESf-qTt`71_lJ;6W*9<_m zaVOeQy9Q8HX>W|@V!DA{%miJ%<-Z8pYwcQe9?8aL`BjhO&wDvC6n?B``A?SMRQ2@>2?E`At zP0~0%wM49kjb@%auP}KKTAfRsrFlGam% zYaC)o1t#jzfDyhy8K_CR0UJBcU)t!ji-DsTo~T&T)jMP{uYwiLB;6uKipAy?G`U*P zC0o!wNoO;}xqh{_1iB-yJv7fGO%|V_u=43*;pipFkw`jBl}@Z4=uvVluAqBFrbD3; z-Nk|fBFD@ls+>*?nnib*?wX(n1g1DKW1}4|8k{~QmBBcy&(xH(V?Qh=7fUaLd)RCMT4`>7EdREXZ0Ks`~8%evEEnv(u?WkWvEP;k~gYk$bTV%4| zPPS%Oyp&SQP}21dF)ZjMk_ML%Lyc9^-H2UfTkg7kb}d~9cYSO;s%vUk=Cd)=EQ0MZ z?>C*sIlst>70k3NUP|d@An9uUx*}*SCtqVQuAqmhxt*3E%$fNYYdNa$HQE zY@r7iiN+}Oz~S7;^KK>WA~fg`;wIDDseU=G2pXHf<3%EDhMTs*w2Mpxl)yRU>hhEl zWG*ldP(;&cWg6WWJQtlvpYqH!D3`0AYn4EQ3?MB}Ibi$EmWBae^90i}OGz}kdahLh z?VSNEu1b%TYlf1po@sNtAJ-+15%M1)u5k1I2APW6z}?S;n-U zM!5)@`GYYs9xYtUTqrTcajcFq!jy9c>QTKvs|dQ|aW3!(CTVWGz&4bv^>8KBQ`#AV zuD2cq_23ME=dc)P&H!-E))urYTuO;&2)f>S6hM2kkBci@N||Q}y54#eKzp-~iz{53 zbB|cPh20oHlfab6@h#|8Qx7ccU~BtEr$I*I8Hg$S3?wbZkX0#Dr7cZB^NcejI#$pu zjV&A(h+`mKps5Y9oz^O^idk(5G>^j|ubW9)w{7JE5i~C@&>VLO=<0b(2{aa?U_FjG zF)Z4btOqJ+U7)iWB6ik^KRdCc2dw2sIgbHL`P=jXNUmLwbAPDyW&R)7tII{f=D&Gdc$%Nv~v+) z@bQcYPh%qK>Um2^(#}Nyke<18I-egZky?dLmq0s*p(|KQIcVTmgn6XOv6LV?vv?p; zambmcS|=I}#;sa&r-AMJ4MUF$Cq-cfx;imk0^MSj6Z0XncP-do=grRW!A0r9;|em! zVa=gNpTjUt zpGQ%cPGi>&;=4_@6s$EagO}CQjP>h7CC~$cBTSDBGvmAMO3ToA9LpdFIYbT|ffoc{ z=U9TlOl*g9Zio|7TyoClhGYHmkXDK(pq=|uht}m-Qa&0SgHyjeR054vmA7Z52N!<_ zPFK$cVg2Gz333NZ!CEv^Xr4qcHrqM4i$e#S7c9#B|RXuj+Lm*jK#&GGo*|((CF&(jk*$OXI6S}(Ly1lO4S2I z9<>H9K9$M5q1WKKC|?pzwGW8Fmq7 zY=NlMjzPJlR?P6|ERJ9u2I5JOEiG3gss{_j5`&B61+ht@9L*q$iB)pejWGc;4|d>! za>$Hcb!4Svr3c6cm+gtXgNw-nQD6?bTF?pTpd8c@?mZzx%|ww~#XjNz^FzV1T7=;`d*x?dl++!t0erj#&qbpqSp z)EV%1HNrUxo6h?PEN&(Aopl`&{3S2|nx)m1( z5Qv9U-5@<~UD{wsFq1DDIuSM~;J{GCrSK})Hc9>77-$y-5KnSR^tlI((+M%N5}lQ1 z=sw9fc0G^$8)5yh>!RCQI~N5|Aa0KaAy4Q#A!zj~+@H|#_-54Mb;!)ponw(^Zpn={dI(k=>l#$Y))S`CXz9i>09L2Glq%L|W z9PM3EQpQQs1oneEIR|s8`iz(v#T;g!vDX^M|2=4+U91vtmzi!<=XD1?WGi4Mxd=e7 z3XRHno?7vcLc3Tc5SQej>m!a>&=&YRD*QpdGb!Y^kJS z?Vt^-MuYYY9I+2-w2RLQY!sQGs}tyU;(ekWq@ckzAvpsHd!DX9vsR*{8C;Y!gUB^@ zh1Ci4BIp4-S&&{sf(&sI4u3-oGSAx;Ar~V}m@6MKV^3i1@`|k~sp$x@9Y!Dc91$mh zX@pfYC`3VSY2&_Kd_`DYN|Xa5q*kGEW)5zdZGvk?;7yr=D^5FB#vnHXk-G|=hlfmo6> zGv-NIH|jh}bsa8}r6FUa0ciS~nqa9YX^;YQ8~7?|kUN3feQWYuBuj&AhDda}Hj*xb zhGfZpV+)-qHiEirLunVuQkXC&pld_vB4}7C>=`;@MuvC0fp!=@g_)>S$cCX*d7oT4 zM#zy%+#ZLiKQrMuM?kKkw->I14)Ox(1|7Ob>c2= z7i@gaC0!qw7OV%48S*%B7q`nG_9+>N^?_*tw9ko8uJmq3M+4=k4@(P>y-wW4ga;0d zTsi8)(h_K=6L&G;k#RAd)K)W67Hx;uiMyEa1}r0_psV+>FyHmwPTaM@ddTQ#4&b+! zN7fj;0%)%jcWtmnl~yk4`hi#i?R4TUmK4xYQO&GEP-~; z#9b^YpgGDVT|Yl8fc84^*%f(Yd^Cqc^}=$|dU&0MF`M{9aPof$Nqe2Ri|H(skjCnv zi+>gVuvFUZOs7MOJo(a$kLGaDWrq`kb~^FVML05Kd^7-EJrGNh_NLQagd^BSkm`*te}vsrBLs)_WApuJAq#oaN;8fOB! zejo;uDP_w8|M`5wy>Vk1hhPL1wYBP79Af)dF(~w9AQON1sd1 z`TVdxUs{6fbmF6nerw41XrR&cVQIm3IM>8czV47TCS#zDzo5^<0L7PguQ*oLyh*2@9CL?%PG|0w$zRD3^?5&)s1SxpCV?j=XTLDK!Z}u)qFo? z%)V9d(M8LE-8>oQ`Y{-7bh3Pb*K@mA8L&et!(2ZGOPHOW+r^C%7>Od!E$>h_9V}q> zdTtj7O`x2KG1o_;CCpCG?c)03o`)ntsy=75I0k*5+eN7~rUW$0a)R7wLCRjw?V^wi zjB&AMRF}?_Jc@VH?c$IN)O<1K`Z%;8XRqgWQOJ!#8gaxtOMOR`)zAYSQ_sx^i9|}e zEemJwk>w!YmIbm2&m1MCp8=(P^<1!oxy4QjbYPM zGvu0{PK46lXYCr!X!qES zlznEIrF{3~n0=nx#g~J#=u>U3&xn>Z!|S;_&teK@1sUcrW3H$zC}MWbxn1O7qip+* zwYfSDEn)V0?#|@}Q|g&z7K)TQZ4Pgpcy2Fd7rn@sQO`hEYTe)@`z&?8eFOd>oJIy$ z0!|-nK5D@$h%^-Iad9!=h>>^< zHo#mPiWV{BEKac9&4#%HEm7ZWD0V>|?6S^DMwFOq-Cz+jiC-5)j4EgHzD`@-*U`n| z0>6{VxjG?J#5{nH2!z8589N%W<#$8VF}j$P#*BCdE~YjgQ-ll>MDWCohIzzcLT$g< z;XAsRl*WvA2Ej+Y*$5dOv2{nY0Un0fY(VOTNs5ac0O4w?8f`T>z@(Yr#6FWsgtSi< zJvX3%!a2ViyWt`Sz`P&_U2iuEf^NZRz#{=yTL)b!*g6+C0Onsg=6bskVYURL^B^*8 z9rqZ!jCcl9fH2d4|0pTZ4%6taZ$bYQ8ECT2Zw<7I93ZgqtU*!(%=MO|AZRB={^%kH zfPu-hqnaF`C}{Ac!9qt~g+y{2iVpZnmvUsDu$6kKk|>8Mw9|jPi0%SOQ-ZlV<|ql;c_z>3BD&+OC-o~*9#IwB>0#pUGnIAm7+~(6 zW3Kn#!JEFM0S|1JpH8+5p6491LZ2Fs82 z4m<*Fro$O@xL6DVPeP&`_5M4;Y&O~(bhvm7#*A$SWgXQygOcfR1|2RM19RO+o>F@;|E~bbvW0`@RgOqAA9R)digANx{#F(+n0Q3j( zh0dVEMcFuJBs0MLL42V%=x|Xsa+xN{bf72)AJk357a_-(k<38Q z^+88L(7vE!a`AECc*$JQ^+893*#zwjIwlt%2aa6JKufjp$+W{X+81=-AUKakXB0Cy z>!LpBC*Tyk@3qw&>zGXI)e@zW$qeaFeXdb$V zqxDSCE%w>qP|>`)adPo-K!tM5)uy8)==NeeM>V zD24sPs?Izla+x-}^ClM?2P|Tax!P{Tm`$B~Y$YTcwH3bhJb!FkayPl?IN*D7(A6a6;MZ_Hg*gMHGQaSdO{ga0GKHm`%_P4s{;leZ7YX zzI-ca7gGeLyE*83!x4ctjduD$7gGe%3OVL_%MoEVLA(5*izi}A`DGd~Bv#M7OX}QB z*e-o6i6%294x!&h8=fj|4Afl8^>(8mWu9Zt!vV}d_f3zj$c3=ZQwKJs1TzqHHOtdf z67+C5V5iu+0c2=!YU@-8>pU}WxSmYV)m-=qW>e<@Cl1qho1k&B^!0Y5&E%qrm{Nin z%DH;tU6M2E@UL4qFtyLvuXeqRTSw@kia;cl%eg*$E+{nW`mS+m>?&u}kX%Em+fnG* zRfw2116`j=l2b0S6IG}lc|W{0`r!x z;0Rr05txGIg09!-Fb_^5jusmU7fj?-&@CplP?(K!xX2e1{o&*O{3OVF3gesE#v2Iwr(T$uDu7;z-u0oufycM%2**~QmGt}q$z^)+X z9!`aa{g{E~G^|4(9+60X=!r(?0GaNX$1N)OVTOpw@o;hL4 zGDFPuv0a4O1Px|W%mI&<16+F8MZFz{F2aZ@rI`Wf`pxPk(}5x=naEnqG0)htw>5Vz zl16q|nlPx}tsY}GK|5J4CKpTNl=93pU=Xi19a7Sg#~i*Sw2LufN||Pex!QEZm`%{$ zB(#e%0(pf*I{>=cbi|;|bT}v9F3Jd~P>#9Ubi|lV(5}h%;0ifXq8X@0{a*DLu}RsP zgdSWWM@BRQ%)z`?gh?@Gld?An-Fr5>!S`gUQNLF`25o}&C81qxB21RV_8D@nj-X@6 zCTC|7+QlX^Ar#LrSBKCsW)rh>G1f(#G-X6HkaKki9b+~*dlzF}JdIOEH3Md*u+UyJ z2*Yb9Q$kXnbRg8Qx%YCwI_EavaM89*8PyCh*Bg!qvk4lTq(Ive&AnTK-p2hd+LkHf zngQtQxwq<9B51C@a@VEJy-BOPVW^s1tSwWhNB?o4iPiRB-c412*s4OtP8&Se69L_3?9rdG&<8EVPTYWy+XlfVnL?ae~Fh-RjYXa<6=pA<%* zP0-FPw2NtG%9v(=xjwXuFq@#gS!fs2OrV8HwBv)gLT47*#WaK2K^BfyAJjXQOoulM z?P8k2JS+u0*QaJ=1B_;&O*$6gHl?3HwCTOn*chR;?8P^OzhoIp^piR(D5ALFE342Qt<*1HHW92YGdp)>|wq+9XkQj7* zszX*}0;jM)V3E#h{uiG*^`SkUz>lQC%1Xy-bzi%n$8 zsAeGO`cW7{08tJTv}+yNMI|z2L^D8KKL#VjCS_+4w~I<-5__CzM)kBX)(n%fw}{(C zB{GTQOF-8Lqy<6usJ&cJ&Y-bfKTp@#xxJ|Zb8(4G8P5!qqdp#uFq@!<1NIYQ|AWm| zhGs&|;I?$l#U+B1)v_s;EW}l9XNtAMG)we6y;i#0VYIK`u| zo`6)gk>^!lC}eCfOV&}?EO>=&5%=t(<(M*}nPIL^bi|l#6!IuVvdWrrw3vU-?MBeE zi9&E4#xKy%?qKea2QoQ# zuy*hcTg)mgg;vkk%y)~<^-VJ+A{y= zOmKzAJuBF<4$zzZAG3>q2W$r!51S;|?4sqE zBtS?6T_4;{xf zJ=RtRnAG_W)rm2 z6JmPj*rJE|K{g1hvyB!2Y&_u%-dme~!xQ4zt&OpB5p&EL)eHuAZ9JM_HbK)9Vt4wg z(G5HyPFC80c5!oH!kY`a*4ibYO{1{_3)i<&MzkY#B=_6Ezx8l)gqdrs(bd_;1hWac zMWznAVV0v^W~4c`V)o3wk-*8tTx;zT$R=iTp3K-jp!(b)odmk!EoRR)*^r1y#9V9a z63ixMoH>2nqrA`L+#{WYt+HFto^#bh$}0g~YwZ%yCTMb=@Hj{FgqX-8F}=m?a)lY! z4A!WFeSQBZDZy-l9(c;>F>N=Xnqx}^hD4snK4(lbfLy!LCV^~X=9XzLjj5PXsZ^ZC zx|kXfNo8YDw!hWPR1(Z4W}K#qx%bg-;OIVpF6gt%5oS~~Sna4c9KkK6ju1PVxS_xt zA)@}FkT2*x+c)QoY6h6=4Mzd9uMBK<5k_DVmMMo=>^kKrV8(gvvZKiibh~i2wXqv6 z!U)WDGtAW~T}z>fZkR%MI1C==POk>K!wL47mrPpGo~3}u1yyd1>M6Ub4D`*!1eKS0WdRm9T*eLJU_7F<{~efGn$zp zoYi!4#c=I6on72zb51f7j>I}SWFLbdiby;$e@-$J&ZMrwtbt)V{;1m`uW)pBae#$Nz(hBya^_hYaX73nu`N5oHhDEfs zJ|)~C(TyG{nGR;u!siDP1upKBIp>%GKl_Kk?5l&u>V?Or4PCw}4J_%bq zB7H_-SuJMenn-lRw;>3to-R3a?v`M#PHvPid*-jMebZsXQUbU-s4D?>&R<=uWpmCi zgZ$KoPz>Mv)x}vh=kzit+x`%ceJp&li?nRc*=2@mLOU#$$y=x64>d9^@;+*tF_p!s zD%&+!7gYTS}`xdinoh_%A z8LA2GikN$xA=RK#Z4EX!>E5nNxR_d4oRB({YC^jr<^ji0u1mN{pa86@Lam5`DAd%k}O#;%K!b)3&`&&!)#Thr$;E0RH-o|xB) z<)0E}-%-fe%PGck&=`ZMmTmX~LO4p)TqFy#oZ%U129nyfa+ak=!>n_Z25QaW-lAmc zAiEG)tG$i)T`UW8&M4ChT}zcZC!kfGF?q%8Z`J1(NArShZ8HR2BnxxSDAUVJoDQ>1 z26Y14;mjQr$jjugG=p`qEWp2~!A7q~zE%VqB|-b>)lg35@q#&{Okce$(&B1br3oygD#FkOusUHuHTs= zi|1zT6f^ggzI`{%a&QG4Ii*Z5ODlD94mLhSb!MTBKFch0`4HsAwY_`JDP{Wlohc3eEZ{aZb*}A^IM5YATY@Mx4 zlug~@B6Z@Cs43?95}6WaGaI%tQMMYWc=h=1oK6PD{-lbbLDIT%jAfJ_@h)iqwj2K! z7pW75X)fn_OBdcc8GvJtazHK%;=fo7VaDUIU4~s;oKADjCIiOD4j=&OTU!myYV&33E_lZZrIqV+-v#&^PaS?A| zo||E=FF4VOdolo>M#HtS8wrIRbG1h)VfGk})-&aX{mubbyOR=Nr_pfne8ExXn8Tc? zVpdhc>@^ymoG1d49CLN`VhOX?Xm|<=5cuVot5-8in7u~B6NVzd&M?6CCpBv;i8ZU$DKtPuTH2=sz15BrmIgZmN0wmhAXJc31nJHDAn1Gpk1lmz@p}iswd4Kv67=uxv{ty zk-|B)k!~O=s2+m_%q`DLk1997q*kchSX_)q;lSVobG<$nFq099lX;bM*BwZZlvkT9 zE=HtqFmr;r+7Ifc@I*JPN=-38P^7kWuDCAej{)uAhtLgAk=o*-Lt1k7m{!(QPCf$H zY^Y{%A4rC}*pL<}7mhWfzNANYh$Nc9A~lcIa7E8Kc}!bh(o@3hv>GnLn8`^>otAL18w z6XlZ>U$Eig>0w1-hPhsy!yr!N>@*uLo*teUlVPq-JC}6BYc^cLbIu>r*7ItYFgwkL zD^Vvbt?>}7FJ3G`_L>b>OeYKfG3NSRVR9gNHUzz9!zbq~A<8|>mHEXIW@ohFqJhBd zD;t9KyTVGCy=KD|)ycABq8rtT=MrY8*>KSzk=iUZbuwwGa@{4&KC|IsL*n`H8RRhe ztnl0=$WF82Vnf2oe;MZbG85U*mzxdOrrpIwUa{otF>O5)O9``Y)9&J8uUK;Sn6`eG zV+k{J8RT-e)CPzO`YpTH;$p8@Bp)A}jrv`VCCpB<;bNUyI_l|ve#_5f;yR#M3@^XHLtVIA^c8)=LXe)F|kR9oj_Y6!)5YtS1dV!4AYji z(MAEY*KGLYoOwYWXz~Ft`}X=TF7ApYCy;6C>(eyTkm!bQum9rWu2^ycnWnxzt%TXN z*B_|^Po5yBk7?@5(@Kz?DNz?y){@f4bO+gjP-QhVKbdGohf|rc;%Gh)hsLSAzWnN&C%=02;@Owq-u%P!*Kh8B z{ioa4SBD#Z{Wo`Sp1ywmzglb^&1ff^0%*ly8HI$AMb9yef8g8K7ab^ z*&V(fGEMTaJo#UqKfC|ao8M2XH5(}S644fbFbKZlD(}Ds2m3!j1 zY|Fo4{KMy;|NY&|XVi#xiTQ3;N&os`N&oi#_Qmt3Z;`i@uSD{W3P?)w)&hpIyz#!2 zALYe=d{=#sRW2qU%7)kMJN7w0qpVEs+J~teqF7*+gQ(gQQM8-?_7ckR{N?vo7(gL} zj5Tgmtu~r~^M#s7vGB_fU~Jx$NZC{T@45c*`P^?J(uKsRMLhhK-kR4|O#%;2f*0Sh z-@NU=ExyZt1MXq}xDl8O>Ore9!mx}Wf1`FG9tDB{8erGB^NWA;pM8(N<=-QIYu7jn zx4-#0??VjyuWWw7yUO4A9`O^8{g-5fuHfm@uYTL>|a*;gb&km4CQDzttmFHARunX*%)wgy-5n zd%ks0{9nE#JCrXO|Kl^`fAMefzlkgV%-U2G!3h}idBefO_lei3@+%e(vAXSesapMU=5{`KAM4}br6pZ(Xr z{CNBH-|z0P{&@HO^OwK)0>$`9M<9FXa z{f~ctx;*>jzkdFApZ(?2zx?py54hXaUw(M;^3A7z`Nb!5P&Q>5VZ zf1iB*clhhG*U!HD^y}aJgFX+f%x1)J}|&Cs?_ z@Qo*Letvm>`=@TQE%3p5Xe{=VLr=Ri(MEv6U=fC^yH{V`8flz<=@u&N{*H_=%J^ktR z^ZTE#e)If)Jb#0Ses-hZJU)#-mrv6h3$!f?V!MBS|KcviAOL>(;y(TKh>TtI>5JQ! z-~Zy1zdU(%_ucJJFYZ72{Hve-2x(mX)7{TkzkLb3uYSCHef!7fFNpZtyEpe&-~9Ca z{%#L*`bfc?qa)%sKmGClx_g?T6U@K5{r(}$CxDmUUEpO^e~WQ8jGqoYnx7sH zpWS5NJnGG7>y=lpzkT)U#pnM5O}l#?{X##_e)1(^-tT_4$F@%n!;{1GZNsO1+8yG@ zM&Hcup+?Jfm-xGSpOZ-)W4J7JT!7TORO_UZieFwDFw=zcXv<5+irT&k58K?^X>Tb$scd~@4j0O&!*d_Fe{ti?#e0X z4BQQT-OcLkY`CsA`h)y&eBlpr`*730J>;E)`!{j@O96H*dbY{qYLf@~}YlPy91f(|vXO z8X?lRukY^oS;)B@Kl|O?U+y_!Y8Ft8fBovko!%x&wtRE{`lqLIgRft`x=&K`e3-7= z{QAr0v(Ik+8A}*HW2SraE$;iv7tgABo_VTN%%-_ zO~gkySX{@3tG#dH6D1lPunMp9x223Q~DbmFTC@cxPOywnUlLTpnu#K z%|qS0r1zP|!hJf(aTUc@2g7@%`qqlJKiE_HlT7_5?6=$WgQFXo^w|xLH6`Q+pPq~( zY-r%XNcH3)u{YUhIDlV$gV>`v4F|+=c;eLe_q$CxKw9uMyI=e*2Bb*`NwbtR!_zq& zBfhR^8cgnW%$iMWknmJ%&}1X09kxP?0mYh%(~R`S!EhgqL6eT8wgXkZ6YtJV(_uA& zMtjr0G1Lb}C$-HfI*`jpH+h0&dKhDEHpZ~cWPfZ#cZm&7n~yOtRlnCOr6Z_8QRn71 zo&nUR1E|6IwEG4y)&`V8JUrf!*;`evO~+Tmvzs<>ALvNcX6*)!rnDDXxz)9nxW_+fAH zsa-mN81L^J(fHnPQPOObA*|fLbu8;1XMyM#rwSBfJw%4QVe~T^%GEaX+3@Sd;ri6) zEmG^#@yAn^^de*_Zq6~GS4*k`^6ZW(X%AV&RBI^bF!Ik;z7^jGOn!YZxjQR!f5 zv8ncL;L?Es(PY1f#iGb^{l&n2Kj*(O_gwK&V6@Db+Vl|GDpX~Mda!0;1JKfzE08)&D%6~N;Nju z2M4xPdm$x<&6=pb>q~!wBB#4we#bJICQKkhH%`>o(zh7r=~vQ#;&`JcAe6w^*Kbkx zN;i6f&6Vq|sA{Dz0TNzG@5HVseo2%;zeL3;eF>ehLZVufzJovr-5YL{-Y3e=!ZRGd z^pFS;ncCCl^iD@HMFVtx2obi98K6{`k;|YpjBP=Zh2Cf)^)?!7VmsIOSg465i8Nrw zT03B&x|O~K$FiE?<)Qw@rnn&5ME?jWiQYx}d1~XGCVZTP=5MM`PR9!fwRR*JfTXsb z=Qlkp^YDwz(7!FM5S#3`S&S@a@eXk~@BE-tQt$A#G*WoW)Hn2E7LTeC4VV4NMVp$} zw}elLQorTKsRKbmkZd=+d|vLV7n7`OpCAvH_B>lQrd6gn2Qmm}NN{ zrkUPHEa_;G+xYtDEt;4O7D?Q`559D)G|PTG@(#l}k9$*Jw;3y9qa<(P7EkUTj|q@I zAE*!Xx26wb*VFa^Nv4>L{og~peWr)+qTl-p(5L2nFR%zNlqwxzO6lEWYBg=1KO~vgd-tzQ( zbfiNwaS|cB_dtgY+cCb^V;UA`nUQx{IDA{QHKc<=lMU~q$2fbxn4jQ@GY6dA}rh3Pw?XRA2n7h?LXcfLbn9p3-2Dbm-CYfhKJKIf*K^3$KzCrnB^23)BDU_c;3^93l?#2RU>1>p$Fl#bWrtjP%V7 z%Hh+xc2>#T&!0bggF6ILdHg6a3-J$OO5q>EBga34wupbojroUEwrsgI5Hm*-kyIL z=5Uk=KQYX5h^u_rFbARreka@+MQs5y{s@@yN5G6f!kzI)z>Gh_o$*J&j6cGi@khXn zKkUxnA0YS+JBaNMyK~^|;U&9sI17oN*qs}@b7Oaw17~)Rjybo}}^ z_dmb5J2t=l=U>Oa56!#VXLqk}5KV=x6*uzfSGV8a;qd zArX;A&HU^0RRU+XxA^{te0YP{}9Dv+x^|8U?anG{{jE zIQzc_8;IOGXar<~D>{O~z>H2&`v58pHuP&mFsp>X#*2ok1!!&wGzb#>vA80PtauI) z%xZ=~dCEor3OW}4CI}KFolpxollg0qcd(&$jZ{6LTM3E*zDE8g$QzPoBPbwx6?+a5jNzo6EAj^620_grFF+AfEf+-9l(q`3Nh)|SJ0fdMnjbe4vb$5eS~p>Vn4e95g?!ozX=FJhv6M@McoKg9EZ`U+k(+T zL$SfR@z&v?&`?}aA>!L?1c5-2`L&=waCWec8Ve*=l{nI_gg-=CsrDrr_@VYCv*aJ zG+UxNDz*j=75b~N8hBOSGxTEv*NSW5)CH8L0Lut7D&hv4zkDmTPL<|+?9@(ByU|h|Z-N2W;fy>9uW3})(1hbIDqz}hB+&HfqzQwWQ?b#Cm4U?Oyr- zv{Y>31hCO72!o~_*AxzIJ6Z}yj62w(^qT@)(R1n zf<=9!oB@d6Db8T-H9SY*tK3s%hM5bWpg0j)v86a^^3hV9wE0jL45G3eXBY zG}0Bc!}?8mZFP~1(|FCkiT*;65#&zi!B*%moTMqO(9fU(mR3-$k=7k?k0KN6-st3H zq;yDUBvCz6B(9@@jb#HXWGt#=_nqr}Khc^?w zN(D>^nSf!w$H}@CzC?biuR&LU8!2$Q0yt0wPFDcOt5E3*&=m@Rt^mVafzuVBr9z}D zKucePt^h6j9f9}i+ef+rv=j?n0Rj@ei?{-8bin%{?4>KfHN7WY0a|)bx&p+8VUUe< z1!&nl1&g|uk*)w?l)j(1g2vQ>)*a!O-jmiHeoya7>yDP*lhz$AMMmomf1>xKbw^7( zJ6Ly<1Y>u2CA&r}pdAeFN9zv%rShb8M@uC^>yDPZd)nFjan{+m;dHR!k9bRdsxKw3 zpwS7@NLSEyCPcadxLSQ-x&pNHh3N{=(if&HfQ!}_7FW<1RJsBNHJ59 zR(K6ec%&6xV**HiGYD~_OK45_6WtP=c@PGsQ1XNzsEIQHT+@3pUxSw2lR{)j%8@ zXY-@1v!Q3xXfAf5uUHxldob&kmOWB{hp-0nnE+=$;R%98N4C&Hml6kKd`3LU6B>RpgQ6nyM(xKNLumBpunjan{)|Mo8b;$d;KvV7BXUoZ%T)n1)}*!ibkJD^MB~q zdkPkNBbxt%P1MnM^0p$uw6pnIX=l&y4)dCnXRAGcH(B7!^c9CrXAm=e1zG_rGQVu8 z8AtvYkF=~4Qp>!iCTXVmN1iym@J#cMR_Lag=Ks*C8J}tXaTk38&HusD=`+ngT6Rsa z=u~T_`9G{#J(_>qB`DrZ^M7b{sys6hgjN`ZvzUK9F$H--Dwm%4f>yv1Ozuqck843G zXPSSUaG_G7`A19dDTyFW++87=FV}(^&SL%#hDFT(LBlmH2*@{s;$f{oS}HR!{|9xa z%u4fliY1tT^cxf??QH%y>ueamc}?Im$A%keNXDZI*ir!ED-Ig6%;GB!8l=o({tp^Z z%wqlz>ZNB+6_$fW&djE>rJXJ2|DYk#Eau;Gle3urgT|+`nE!)@RpiUpQ|EyV)M zfR@Px&t*%oAo^!ZvA{B*WpV*twggMs+0^f>v*8`ED5*YsMvFgH;Fv0~r9y;I(9+O~ zXBMEPVq0XYaL~wd!KX+AsSp>Kf3^Z}F2S)CfG_9-v{Z--%s*Q}h%hPA3Ro~Wr4_Ki zqOzqUn`Z{G6@-WoKw3eFaNcaG*bo_VoU4i=rju)m1?C^$R3Refk(Oe?NaZ!f0`t$7 zVuATbOXY%Bla^wE`R6sog8!nWUK*m5mdXX@ABi-RL@@svjYA{knqqmxl%NnqraY|DY4b zMWTO1lJvdk5phL2o#VM|{GH;I=>MR$g9~Q7CQd8uYzimqY-l;kV{~LMXyK_9EtLz+ zKZ*kMjqoYuBEL&Jn?KGvo8IBjS_+NTP`H!EPb`T-OXIGE&H^oaiXgYaO#6>(Dh=9y zv<#gfH`_`3Kh3I`a_9=1;g!+EAVo9CA5DRyV*yRUqk{;|pkhIkXbK|jJ2VB7b{?97 zNt4fL3MifZqbaB~9>d&I1gaqznu1CV37UdREeV=}O6N&vikNhwgr=a(M52P!W#F(+r74n3wSXU`T7Yi@H0pD7 z(1$i|7PJjbzJyhppvjlu+?ZwvO^SBXP#R5n33Ui)%1fw6z|>vriH;&P#n`G_ojjq*ml#)dz`$qI1i;w_nx@m7ZXk7JvgCXNP3uw^6gI6(If+1t()wHRf9s&- zG-5*4fr=LQWOKchpjx$qGYMR^UIHFA?FGe|V4Y5HCEjGM!(gm~FR$7m{)Ee5p-aV~ zaE(lxf@)P33>p~c)$WK-v1%%aTu`mnfs+d4>I{asl~LUazAUm@l|>xOsEIOM6X6sfNRe26aM6;Zd}MX$MTL z^n><4tdv|0z7}7mXl?ZqO+lrpR5S&ZDGT%P__9V9xGJJGQv&J8)%8JCLt7DrPz9BZ zQWhWKswoR|i)83XRAx$;QN(X`>WZs^%1jC861-}t#L@6{w2eB@ zs%7fHJUpIe5h76XC3+2F(Bw<>8pWW=m*_Q&L6f5GHI6}(qV3Jag~}!RJ?TSc=W*3c z3Fk^|8ftMgw%CeWQM5c9GW-^fhD|lgIPFH7CQETNz0N+6wiQ&XvWTPUL%fW46-U!s z%+iRX=`{++RYA3C2OJGYxSA5q3jsr;P4tsSh7$)fXTf3DwntoLl zaWuV|5-vaC%d4`8qp>U!?#vGFErj7Z7Md2qFi(%>svWSfd<8LKsk7iH&eef_2-PBH z9UAdVmR*9P$V-@;;#yRLRT?!1T#RDVdPy8j2cr=BP#jISDvLN89^|K2`4XLmy-;|* zM5k$3H034CEptr@S6AH;N7HE%5nmQmtL})Sv1}EtQnZ~J8ZHU4sRo~wOKhsaZYE zSZ*8LC8$>25l7QuXa>QGqv=)^hNB@WajdC2@S|KE=!d{{x2l8qCCi%O$*Jc!*6KrQ&ETbB5oFqk)kOFvZcJCfJ%B;izu4CPix{%KiE`%$HF!~Xl)YJT7Jd#cQy@`IGVNKi#1ocY5`pn|m z+Z-O;3`E8E&gMTCw^u_;22Qxz~ zW5rc-VboSO?aSh5Y(ob6M^I@#3Qa*}aW-?u)GT#FC}HBQ%+R23r73rg)Bziq_=8*> z=!a0=V%C9KYTV3x8ta*PZ+n#ZCC)xWAIb!14W3#4&)@1eWMw~_CU|i)t1V@bFRq%$ zW8FQK#YUPq8r#DKEfG{^q-Yml*3C(A*9n{I!cg8TO}iBx4X)ZN(9w*G&C*$g!{=H* z(9vMdwtg9+9reH($cc^y&GpVeh35KYL1mtWwLiGJ_Au-qA7rAVqZus)h8_@9Yai0l z;Hur3j%Kt>7rrd0G}VQspjyQqW;8Y{Vd)Zn8(uI~2li904)jB)pjy>|ZT#AR&@YWh zuxkI)FQI9|;{*sz>wh{LRQ%h3hpodZi$$eeV!>7O4lNzcIIm-gjt0&3&U^_=U?H$1 zs(BqtoYA0ZqQy|BqzyA24JO(eq;MgaO*18&(V%Hv3Y}te{jH#~(Frm zgr+J>N5_Mvy)hjPn%XT~yGPS3UdIVgw4H#C22B$H9Sxe=X&q-YXqr6eXwbAbrlUdA zP|?w#X{hLE&@@zZG-w(sIvV5|R2>+uv1xrsM}wxJqN736P|?w#X{hLE&@@zZG-w(s zIvO+$6=yVP8Y(&(Gz}FU&A7(OTt=N)gB7F>KZAi{zl57X_SOKy%V4G3-UdzvtKjmx zR1^3HxhBvBp?cH|19bpDwwHqnpoV0HFrsDSj|wnbu_KgeW=+KUO+Y_xAwln>&cfaj z&IL6XCS3GAsx=Hcx*pXi>os6Gjt+D@#+At#{XVT0o869Vt_dBzjxn}A566phbux$% zeU1#iT|<{6le=C+l`HE9^qV-dd|uxO{f#v3`a57@af*HuSdIn(w>xHw+1E(fuJ;6% zHLuE^o>=7^!`vDtC{N z2yRjpgDHWdFYDnZ;8OGnJ-oySy$o_;r3tdSa+kEb`Gu^zd)x!bjWr5n8#&+=5TK7{ zF+ zA#sxdTBbtu0tgh=AHp{wj1Y;Y9nK%*9nRTEzi!KDxSN5$wwrNwf_<^pJ)E7OX;0?t z1WoG_aSiJnp@)gV)%Eo_J6YKe@F2J{G}qtCOPEXQIo*Kg(6PnX_Dl01JoY|l6fsO*9QqIn=y04Ca&7#i-}b>?LjaRXxfY! zeJf3QP^u0TP_7P~jUfAM=Duee5vTPMXD19mb%bzsf>7R2Lu_msYPybg4f|Oi%chBk zX)px)>#g__t7q*w-9XdsjP62nwLF||pt)WpDpu}=G0o`)O111kcp{r79!@tvpkV#L z=?0qC51ek0Yr$?MsDkmtIN@{yOb7N`PB+lB-(u*pX}{%k15JBDPB$u&{>DcZp42Cmw3Io*JdQWfSx6S7%0;JGso zX=ICg22M8+_uFq_Cg7MX3Bn~TG*{tpx`C#N4!y&sY9;!X%`h2B)q%Kkb>M7dST}z_ zGtkBdhMKbzWDHfsx$_WBnxUL)-*Qjuw(rN?6-m#|j+{<}s#ObTnw1aOh~zG>xXCL3YhFi;f0OH5LOM z4Vngnjs{KZa5@^Sftg_GXwbCxg%M#>UNBJy`F*Yq^h3kCJp_utm#`{PH2D&1Dtn+` zLe|ev(=VZEsOf0XG}Lr7Xc}rd8dT^QYC0M;4K*DNn$|6JG^p+|S<=yoyG$>Fq7<4pf8VoubG*=jcYSm~u z8sv2i6&(#Kp$rBc4eF!}1|1EW27`_UO@l#4gFwn)Ft3HC!Jwl-(_k>Kh59V(BTQA; z6d0*G@a~y9jPye&udvub+W57~5+SkNOkaZa5V*Hlhmn2>O+`J@@gNDTs7E>)G!-=~ zE!b4lBOMK<{fc^|qd`-J$0`jr4F(+zng)Z829c!7lJrq*sw`RmfkdUDz{hAA2y`V{ zh5^G5Uo;4~A6kY0I)K&+U}4Li4X%bpH(Ma!NJ6NA?JbYijDHMls~vZuqXpe0XF`<@TY`<_k*UUcnyv>_Vo4oIM@B1TA|yB!QMa z9r}lvf(Z_e1TDh?38D|}>71`%in;y}N(L9aeiurHrh%gyLDLX$zJjJbhHeB+LrXV; zrag#m1hd!mR#1I3?M3NEFvtuB-3a<^y|bWNrAaq}tM(we5j5?$bR&pQ?6-6yXc}g^ z5i~_?Y5((fdH>VPAgi(VzqDMjw(?%5C2uNlO72OD$hKg5j5@fVSwNV z*D*pjf~H-i8$r`B(~Y2MnCV84FE-3{BWN0Cx)C%B>OkDNI?&4?8Mmqf+xWG;BE1fp z_KNg6Xxb~%>mUuIugFd7Z0bvJ*E*WkOWd~3=6Y3L0wYR7GVVp^ReeQnMn}`^BzL2; zsjtY{2AkR~+>g$tVrFG1n~Iq`(%DqZ+>(x_DGSqWY#J)gR}kFW8*#pZ=6Y37S-{46 zRbDmB_!XKq!jY+zreQ`9$g75#^A$7=Gv_O48fMN{&@{|&C@9S_zl6F8Y1(t4p15kJ zkvr7cwCBP+u~|?Dew3*Lx3D9vwq_NjjbE=Y`4YA@1u-CB!nP5j$(L9c*C+8bYqE{J zUbt!@IVYcN+ADH;gIK}@j}Bqe1dr}w)0Bnt6*Nr%oUb4((ec0?>uj0;IA1~21kd>j zn)XIajG<|Q=X?cCL&f%pt(L5sL))W3sjha%5zg^!QbcVKtF`y zd9x1O^v+)!O!_4>4JQ2(ng)}82~86o9Sxc$S~?okzplTPmsrOz9SyFozm=C*$1vwB z!x{}Szrv;ofQ|-D6963znkE1`8l-Yf@N_h2+8fc)plPV+XwbAbqN73P+yu}03YzP4 z1=ZT&bTqhX&!wY5(%7C$M}ww4myQNadoCRfn)X~e8Z=EBbTnw1B&(b1r3U#6o$Qy!G61HX~01N{(EZmT-5jbGcN=$FtmT=Yu=x6K9%Prrnw zNsEpKO?zWH8Z=E>bTnw%8`IH%>r%hWR2`ct9o)&Cb#DUCRr5WLQ&K8RiBz&xL<(QX(5#@WM3+x zQrXIuA}V_e+7m^kO(97kgh&Z#p`yi>-`r(x7jH|?m;e9ud0wv`cjkTPoHKLgoH_T* znKMWcA4|l&h!i1J$U*~(kSb)MktE!RGRQ&$iV!cd(10Sui!3yt2=OA0F-dSZ2^%`( z1UyoNc#(w$6bZZtRbW38zKl=>wlMJ`ve1Ac91Ucl0iomYWn`fNMMws+(10TP^1$hU z;2ty`kf;h^XAq_&S_T=lAl1ma1d6c7$hriIkZNRI0!7$kWZ?ltf@-uAaKT5I34VpE z1Hx)hgd&Z2jFBR2i!3xC{vD1Mve1AcKI4%|gcRWbAPWsB!T~@Q8c>9zg)B6ZgeMe< zNI{CQN6110im)xR&;VBoM1(9fpa>Bm3k@hjB9Vm#xM3iX$U*~(aBvXE7;xVaMT9EE zo<=1JNq!58P==91@<ikVz62QL5m=ia6>)Tc~Hzqw>H@ zh4yIRbU=7Kcsd~K5Ku!EJ_UL&YH5p9MP;mkr88lWyAD1<7YrC<>mTH-7Pq9>6eWGTAPApS6H z@X&<@Faj14h9h1){8xnG#Ni1<10zMEElL$J@aRG#Nen!?&`1&kk1jOCc?cPFp^+r? z9r8sZNrZ^VpbHJ+9>>T)7aGL1ju%m?pb3Lya|Lao%_@T~G>F3=e;JvE$YudvM8-;j zn8N5ngS%@7Ob3*UgQo+s4uQ=rVmhGf5==1+CJNFCn5G4M%pkLt2uVQJI;04Bh%PiR zZwq)C=>*{!M%GDCgx`+HDvA^#ThN7uIEa9_CBUzQl0p|6;vfQgv>yD54*=rPKwidq z2m(0KA}(6U+75n&EJd6lND-eMNceU8X{H$@+&^U5t{-j5_pkmNE|gl z57~ocfjF1YQ}&<;Uq%-iV!ItVXOB4ViI)+oU@{885QHk?H~@Oo9=QJ@Rp>$^4uu1p z>qlOOY6zqUK#OoRkS`jru`pCSpkKs;rUS@V0H%Yq1e^{?88|p_1|yLapoFswaXEn! z92-y#O0c(}8kBJHMJzQ?fT6-Ya%1|`TyPz_3u7EldJkQPu4 zN{|*%4N8y}Pz_3u7EldJkQPu4N{|*%4N8y}Pz`qOAuXU9lprmj`tPnjVgZ8^qy;P~ zpaf|F)u04v0o9-cX#v%s1Ze@)paf|F)u04v0o5QR0n!4hK?%|Vs{e*7ASdoY3DN=< z5>SG)fND^Jw18?*g0z5YP=d68YEXi-fND^Jw18?5I0)fs0JlS3#bMqNDHV2 zB}faX1|>)fs0JmJmVx>c0fh^UmKnHFM$d9P5CIgkQ`Iw}ZIqK8310iS&s0<@##x2PaMh@gUCNK;Y|C`1p? zQ62>WGKNDDV8$2L6y>T22?6W?HoM6$QRx7}6)Nya9T);1(vL~qDDaWiRN$jiirkb; zKkNX`eRLvVR8Z*vGL5MqAdT&i4iIw)bES~Upn?FAjG+iHe;2tasRzUy!jv8Pt)U1| zS!9#9JMnLr7?@YsokqUxgq!?9@ z!yq8$(9m(Df?yai{;MO0vY60Am}7@b1{DO<^68P#0tDQL@@7%|4k9tHvA0cO{Zf`GalW1k;b zQ`C|r_W;fz%)%zWG?WFXnxryENgWshAJUIm_oKk4F2&fV6}c&CjuLYSXAU}y7!_1H zKwXNlFS+3m5IrER7sDbLMv5`*Mxu?>17Z$georzPRC+Ls7?ZU85Ef8i53ujaQ4mm< zW9)MiZHj$wQJX^~dkcSwN(ZQmG0E5*3LnyseN~f*paP$|6qC9>6h1MBNE2cB4p5h3 zk}*pK0nvlMd>S4B!ayoghVd1dLqib|bBLtRhed#jIu!(eZE7kAU=K)!@$d+!%Q5C& zz}SZwcO)r*dWd9KVxQ|&>>(8K&<Vc_F)2oJg;zeI(_)TJ1=!BGwj zp&!m6kO_124xnzRp>v3|h~RxE4G^3|cwo@TJwQEMR1hG-Jz#K22;dyTlg5sMfck2T ze~eKdB4Q3<{%7?CH_bS zK6NR^+@@sGNE{&M5azTbzeNQBbtxv9QbRj{%^~2j{A(8v-vN>kD~l-WNQ-EhfiHIG z?*u8_k#9V3xyz6d12-j;eU)hB5;D@@eq@X~;0ndv$KU~Nj?|!Qq&cIFvo-QEz(bNk zReMKIa2KwsqlKr9ij9?vHMm;W#@W`>4v--&E+^;V>271;#5i63(C78F&I_bj_EfDG zWq4IXA3Qb!V;IVIt956|>7d>voyu&K2Q}QysGS zYy)jeiaB+6U2dM+QjqGAnY*U0F4s4LX^yJO)G-?T#~=DO1ZqRkvXQnxU@X= zw$JkyAFj+&OAt@Bc(@o%HPz%b!Tghp!tA`pTzi z3Nf5iVAzn{Z9-8#IP1uRX$BJ2rx)K@VmzfhG)Rr!WCM-xj77{$siOSdb3&_Sl8PF) zTI58@c)u+TIa500i;UyFhremxai{;85uyJ! zTj9{x4JOh1=;qC35zdoR3UH5*V@d21&bhC7(UUWDo7?-1rN0Y27#@Q|lLz9KYou*d z(bTq{`l@vG6xu4KS_7@3aD@#L!mbi`*f$2>(9jNBeEQJKZkFg^_Bn^@g$nig_+{#+ zJeb}eIQ>Xm8U6RnTWrybDI(lCM`c(y`h2{!Sji@B-T^k93R;sVUQO;_>MLE2AD<~u zp(Nj{vP3yMZT1&Ce@RhSg|#f9wTpLpE*JY^{fYl|(L*!WV`=5AJnAPx{cma)tU1CI z8foaHKDB(q^}8B&fKalWXh zbztc$r>^bJbqa4jzCXUvul8+A=`|W3`6WILAI>e_c5%vO1}nQaDaMROH1R5I_h%c# zxE-DSd(-5EUDp2Vemi_zmvN!3bDlWw*E?Km_9e4*cb<*x6iMjIPGx;>a=WsHabv<$ z7pR+hiU_1o)0Z0r%iWrf+(1-N1Y0uD4Ng}1Z4yv$?q`{(DC!qcs| z>?}&uRFdPw)5>bUMo+t~lb2({(o*<%o7Z+ZZ#o(^nqQq_^Dl=S^4z@3mt|eC;fot8 z6e$t@=&(1p8}?^fz1MA}Il*?WbLmc6%hrdx+-A3wwF>ozXrGIc57?Y?`hurItz0Q3 z$uiPfj-gAVd`6pVp7VtdYx7rhco}XE{_WJfZhJ_E4Rgwsta(W{Jq>tPeO0=wt@CAL z(Uf9V0nY6GQ(mnV>f}|LURRv_bHfVVnHfBMoSzkU`tF)kUL-|#;*D^jM9t#e~Hj&JMK?7w0CNT`J@<_8WufvU@JJyo|GJR;sga3*IUrNVDhiok%a$np-ob6jvYJk*qzv zO3UoJ(n^POdlLN_c#lTBGjj&&|ei!PEpri zdLnPzy)>m|GalSJWcmEVf_Y(V%zU2?O6|MHez)VylT*ygt9%qBZb!dL+t_sO`SK7Y z`ZI}@^k@2P=KC|JFr_V)zjH6AmskF+@Y>_E3J=apRhV}8tBY0A8hUNktL7_gF79>A zDtpE$^kT_{Zy!HZNN(+Rp{q2Xeq+<^kHOw$+?mCT9H!)6+o0O4^+^B5LxwVs#yMF5 zuP+t9N|9q+A61{jdaGm7XKRgapL5S{Y88D+$-jBwsqKl4L7!f4e)P3=hAm%Vc$kYw zccW`p-&&@-_pHCoynS!A`(v$lbJWdx`JQgIzqasH*$y2gFH`&iY;-_Wf zWyYYs^@o=C<#f^;Fh=f=GuEK5k6hqC-|Jw*eXSh=E-Zdi-KN^!e4cfM#p>SW(ml^E z922e4344`kDwixO)bk;Fk;Tqu*HsrPFq|%B>|$!3!e>x=|AUpo&Ss`hYPwO8I%{$^ zH7r*2Iz`9Sw8y^Q^mnDmOv44Q^f^NFF1A|pNgVY!t@2(unB#Hj5rc~k9$$sGh5G;5 z8Md)_U9lz4!5}yG7i!%3%pI3@zB^gqQ=)vawR35_-i&F}8ZDcT9b@;Z+Ii|}Tk!|M zxeK>Yo^oF~*`yF8VXeC1QF|q0$Kv*?`OWv~bv@`8YhSo6^{k8M`_@evdh*Y>*;!uA z&0p|H`m&csbD7*%=&I8XJcK5 zgJ36@PmSpFjte#_S#CMn_E&#@TAijk-|uF}kzKQ%MLmAP{KESY7n|$UPCXx=lCYr7 zdXAe6!_Iuq(pu)g;U;SB`z)h;6|LN*@Z0-kUC&ty^v4{KJT%LtCdl_oq{VmrnK41e z4ivXF-q~523yL1ph=y#7l`6JA*&NaMZFcepS%nzG&z>#I^3>N%au)aBJ$LinOzV2q z$|)|PfhZ4%Fhc(#DW#BS z99lt6^ulN4H~2de?}60A_DCD#AIN5czC-*4?IC>RFH(=RLEs|)kQg51FA5uk z${?pj(D%V#^RurjY$w@N46z5MLi2Y zB|0adXVRU6F_+Fy-(oxIhW{&V>5ZLg$8Pu(#7;}^omOaBe^+j9Z2iv2Mc=Dc}YH5`6V6jXFf1Je6qrn0@|bljWqg-52q?lVc@1?TkOkXeB`U* zs1+7TDb`N1Yivyptz|kLrg7hLYEY>hjRJeYwaFPWq5Qsz>=_{Vv7UA#r@b1TpKy3* z_#~PP#~j+%c@G(br1tN+&lprHP){q(d2%|vYhL8ehP*7-yyVv6Uw#Y18$a5WB&Yi` zhcvHyxy!CClg6&?=M8q6wRM}B4shj`PTb5YGP**hYW7bSe#LnB*&c>OCBI4m{VP(T3 zj{PNl_n`fv$p~t zM;A^9g@To!mjJ$+~$3KM<8zG9L0P}oQv<_kfeP`3;Eg!+)t zCyX%UJpu=ew*qwp4*WwId5^#WIfY0$ONb(aKKPVkc*qZ0fV+d9f1Qz?t?l42aG@lbp#F=4i4%F9Pkhb z$OnSs08jW>fhQaXc*4gDJmEON6Fyep3C97R@OcHEa2((XpI0E+0)Ybt0fRaM2aH|^ zbp#F=Sqkb1956B))Dbw~xd@QCgusDq!-KtiBDNDe5&eKMouH2B2aM$ebwod43@4}~ z`hjhCAdq3)CU_$H0ZaolW*O8G{eW?rppNJVjL!shL_c6$CP^aI9Yf;s{Rt{eab zP|m><(GMu+ppNJVjJX7LL_eUMgD`7?=a?rK=^N%WMxTg&Ksg7$68(U34(f=0Ksg8L zU5I`_IR|w_KcJk0Isyljb5KX%fN~D%2pmw(LCzQg2b6PAN8o^R4(bRTP|iUefdk4p zs3UMdIR|m+1P&hokC1aB^D=l3_Tz7g3*v+;_!Z9GzxgnToX+6b0D*&$bL4UY92+6$e=}_m z*`h&PI97kta)7K$L|Z5ye{*;s_YL5X2|53p@B?1_3r2&GbK)E?s3ZD8$T@P401l6k zbK;mVNKHiagOGFLOfmSC;0Gb+AQ=q-kLU*>=RlU>uY{Zv=bORt41(uyJqL9J4noes z`62=efrF59aK04&O2|1lWKPr(I0!k1m$`#cBjg-rYk|Ib%;>@QrG^?k=nsEwCSbzg zM1UuZVE_<1(l{Wr5^T#2ww_RNBLIPe8Q8=G57;<>2W-lK2W%8T`UDgg4jAnyHNeOZ z1Ypnz8wc=!VE_*p2JnDk01pHPY?wg}He0|0+5rS72p>aVqlOc~f#XyJcX;A4!N^Vs zIA0I;LO>OU0z6CBf z@N6HbfskPr;3+`x6W#^n;%&S+-UWD$5M=p)knuSVYVg5<2NyvNq#0kwKn;Y9uVSDE zLdMrH8JL(2JV2W91q{?cnz30qXvP`qDGwM*WIBB5;!0dDL${dhg81EcBQU+>pkwX%Np?rXc&%jUk zu)&02;E>>$gb-;)AO~rpF$RMN3?6vE1q{h3hu{R4(qe1?4;X{N14b!$z*qRsDY5NF&%9v5r}_#0~d6Vsv8Fkmvc~q1I8EgkpW|X zaKOrDKwC(m8Uvi7)B@l9$c8DVhmg%({H9z)lEEG(vGa-1K!zcW!jM5=hz|>cyy=Qj zkAqMIjy6n0fZ76?a&Yd5<3a*zaPGjXU_cGd9e7p@)ZpAf5)Y%y702y6@Dt7*aooBC z*>~_k6vu5lP=gO5yt*9J;CzRt(?AV`j9Yb}213SdI*`Z*LdGpRPy->u#Q>g-13#fO z;|xPVfuT0GuynK;Fxm)!ze5EhT)&o2?h`f4RY%UUIQURp@Dg6KywHg3JuI)1Jd$B z$WUk~P-tKd9Pkc=jGK3$24@S*q62E+Xy959+>(Pr9(AM<@<}6&jSn&@p-~JTaBR>d z1~oV~Xb^+D5%7M%R4t$eAA4vFgBrXa&=dwW5HcJgXa|FwPB>R#3OP`Nk3F7(deojF z*zleyDYrvcpqE-w`+h zoj|3ClB0{2gNPC07*yN_-T@iW2Fz4s8sS*b=?Qy{O?{L|TuUJn9ULkn=@g{*q_$AB z@OY(>+YVIy@X8!;VZdJj8x}9ZJu+U%J4`i`4zxw}&B%BM%`4n~1Z~GKR)gjh{!Iohu^4?`q1uf!&hS$O|Lhx)W>nls zZSikQaF@pDV}^2*2WJ}(4>QpfsClviArAW=D4UC@+t}OM zd4fDgE2Jd{=v^aE3wO`IY8Tyj1-%zr0mg7ZXGv3f_`O1qpnoNKvk(b9<1Co9=gk!k zjYE&mX5?M|xJqFu%i2ZiER%DDk4!CRPO)sB6mnx8eR#)@^t-#Bm$VhPy_h}wy<&}p zo}S5$`13}oBK50R|M}8Z*Hh5;{rkI*A8YsR*kW2q+ZeC%St6tDLdchhH+$;LdwL*2;)WUJrBl0|eNRH= z4fz-Q>V9%t*Y*9m-B|ZCdGc587tA!Bs)uyv)joCZvG~zc&1jWfPqTd?*S(rQ+orq{ z=a0*kzw+?o&-P_?%a{&kF>Wx8uA|>QB|o=&1AX$``)V`8Us)a4=j&6kzk}(q%I-|l zd^Kl|sCKDuc}Aa4H}5R?V|cnzaglT^cYxdjlj!z4c|6vq&mWTioFGxOd(E^&tG+znjA~1Mr55Ljo^k!n zD&)}nHOlOdO7ya_a9LkoH;dagD~_ybI{!nX^4g8dK9_X)x$`?4RC*#TcJCLses$es z`B(=!VcRTjOIweV+~sE7o~{XWw|fo;&hxjR=PO=Ty0KEZfNfo#<|S#v;NSkj#vwj* zm-DP7*afU4dpQ`_DF4iE(^=D-)~q8WzocxDg8gA3-q(v~Dpac+c$i`AkS1z&)q8U6 zYX{Q|bLQxcyiOIg7u8un`j!=Cc7HA@=8{oJw_Qeh6lZM;%XN!0x1Z7;k z(a^NIYfeDcrRY@!>6$9~Q)fQcud+{PaXvM#*k@aGM11wm?H4vx=e&P0E$h^l15$HW zc4PmKZg)JgpQY1AX3_Dio2D-x#;ad3BREdcjK=TvJ^mi?oH!bf z&$o=%r5_LypHwg{P_ahHIRC7l=2`t`(dWOVv09qFP_~n!H(8$@u6(xq^t2+rU+k*l zZ&hh82V6@n_RCMOT~relb(L zW#(mX4QuzX?rnW6?YyS1tbd=mdHj{VTTUb$J}cPb98*pI$xi8r_73jS)Mwm|_m)go zou?Qa#}z7`JV)o74ZnY~SImiq&|6j~7=${P+&{u#-&E$Qc`4?ck>+iQ_}MY1zP`*V z^uKB;$ftDSZ14+f^TWX`j`p%sX8kVnq~t7(547GnRkQQFSXqa4{+ef}MKz?p1!;v3#8x|RiWJg8fotM_qRin;CqE!&DNFAwe&{P$fr-aT_V z>bQz&>r2IJ&zfFHDc{{$HGPglYOBFf^&R)lJdf8^+jD=xjrvzFPVIPq#dr2;ai&sX zv)kO^4;CD2)!g~h@bZ`HQ)y-$bFNe?gANKEv$Ij}P=5yDa2xq*W6i z+@-?(CY9W#`dP#dOcUFgF-J3_dg_Ux%e%W{Nw{P;5r@W96ci5Mhq8t?B z_uG+?#hI&~zxsxb)H}(Sb&(}0x8EO%CXhZYA>**^m9Si_^Q9m#lrJWO!?%*UY2APmfqnJy_Xsza>1dkYZkW1{GkJHq!3NQbMi&#i*2+FmjX!ZU*t2MdpY*!` zp@t=tL#ms&mIY6K{?%SM)iqAQkz0_DS-M)Aih7Ir+Gg8x7YAxkVXQ3$N|`>KEv3cs6{ud!p|4~8 z!5qzO$r*Whjaw95Y~JZg`L#<*a}pjGdH7`STXw$OX8+kwb3U$)UF3eTR)INGwn3Jy zWb;v(i1fN3nG!?e+2I$AZe;2TcyYJbr}KYq^y)uzl;wq?X2Oi}C5k&%UEx=0lDqXd zUBhj!%!%udVz2(>FvyJ*h`#@{+Bl#ia|7GY{`Bop=l7mGY8CY0)Dr1{{Z^g#78G91 z{CFU*pCrh$=?}b_w4viD^ag!f3EDekf3~P;5es9&?n_TR##0xvihb*HV$F%52gTg#i6 z+Wj%x_BE41!I~4CGh}Q+nP>JoUYeT0BWZe+b~0@qFy~cmSo$JoG6fY@@hnUnL$NRpU9>o&nq`EO7u5q z&b_8{ROplN7Qs$)wNIrA2bRs&&bTkO&ET_vr$9%4yXH^&cQY-2suU)C5N^M;wkD?h zSJBk@x=f#5O)c7=+Uwot5VikT?}|_tC4N!g2#bRZO|#|lvyFVNf6(uKe2ZuHI^Tym zpLoyn?wexdqbGf~LHP8y`#EjTuBNOst9>V<$ouKChx{+bSuH(Q=YtJ?s`Ixkc$u5p zT*DFHt=)8T>l1zNxoUbQekq#LXHA*p?5@z{om+T{axKNG>CpA6gzC0~Z|c5Z>h;*T zUtZHkha=`efc-K#CBycH4Bz=Pr!?+5lO$q(=ibbo4}Fa^*I&GPLBn5ElWeSKqZ=h` zH{EXOOs9*Pwg%~HI&aC_>ch63qe}mN$h?-fGc#WDGmCMjEk7!Fjm30n>(r0$ zTPA0%JH3Yx-MwimJheqD_?WHn0_an&7d$v zbCc$A`RWkg0*`%D8?UN5P8Yo#)FpEAo7_RWGS7Ke&dKln)pmDI)WTHXnNtG7zX#0n ztP;-+j!Nt~Zn^iB&FlQTTUmeZr_VV5Y>R4nOUbkRK7m~3l>Mg)(vq!D&Rh^`#2=h& zc5m6T)5c5NVjhRx{Zn@4mA}yAR|{jedbr%rIVN%9Ns#*$CZ@S!JEnXKJ9Id8RgzvRIG-!&#TT#lZ(Z1?%We_spt)n;HhDMasn;J730I&r*F1^s zku7*q@SyS2ah=Bv`eMRMLs!npO`(WBjCvd|aM|@w(oL5|-X@3nAF`~_%~2MLU$N;z z+xD}b%X*lkdJ z)iyrcCY|QG-}llQ?)F^oWBEF9TaK-Z$YZd3FCLm>UEaES(%IYMPh0Aea`rs&+p|Qs zL-2`f_m;!ucjkwhE@fj(me78X?ON)uQg&fwD!omN)6|OXSMDlsXftw^yU!&au$G5{J@Y*8)3?HI zbOy36Pun-E*msfBS^rSEPGOxX`>H*@HE+9L^J$TDl&0Rodm`Cq&z$(=wmqY2*K#$s zIrP;_j^;9V%rKq9PILZ{O4M2I(EC4wT-HBc^=eYe(+G!n>ne7J6?dCEwNE6Zbkgw) zoX`LLc&)5tg`l`N|K}sG4?Mm!>u!yKW=Cm{*j7o;bq@@c`vSAG&b?9GzM@cmuf7pQ z(e{YMpNjCkjvWD-d+Ev=*H10KKDkwJN$MZvmUA7ki7C6Qs!apfu6j+4_t#%?ZITs> zQL2Lag~z$_!pHrNuKRvbzGnB*nsYy89Cj_zxZB*PzNb(p(oQygFH6j#;+gBq7$0rR zbS_|D)~Ylw$^51G@7sZ9*Dh=B+Vp4T7PKRnrkz}*a?d;dLnvB9e zvhx_WOC2aY5O*gIBjl)+JBQ^zJhM;U3!9aI}UZ61ZRES!WnS_jZm)57XC1MB7&@ zpM5v~SjucVod@%oVnzMwf*RC6uJg~9%lz1Nbb46FQ(uMctJkbod`Ii9u4chxzQ)CwH*UgbuN-+On`z1WttK`u9NK z-0gjHMx^;B$A06g^KQ}N(Z}<9>T9>(_}$Z!d~%Q3AFtQKyCQ0JBv-xpa(tIOciV+e z)sJ`Htd*cw&YNjuh|^jgNB(9iNG$6;eD7yhXQ#$($j)cA}Wq4)w*4$lF1lLp+@a z;H}tLA&~si<0cBI#}5wFP}YJlg#YCDL-)$Zo3|udA;o0Yj)_((a*O(`Nxa4O@PX7( zWH8R4?)MRSOY**>l8^4QArMxM6#_|jj2my^AdRn27agAQW-WXU@Wr8Y;G9880gCdNjOgVpxmO z3Mn2B-jcK-B6E1!6Tlg4CkES^9+9`CeH0V|wqXMxU^_8mfI!;b7&qRMv>bdS57(Hq z95vpObks!9N{zK+qLrH5lC&Yh89bW@;0$I-{Y~o#PNM*W$8g9l8@gpml3OhD4v|~T zk{SbqiL<0owo>Eme-vAEcqT?{A(iM7LY{_WA(aYe(fx2TU!WaD!R#n32xlazMK{vP z5YSCqgtM3(H3kSI%`tA0Fi^jZn?^>1KqrQ^11TO4-jcK-BDGj>D&UM5W=COhL?iN+ zq@z%|hjx@0W=D+y0!efHf5TgG(f?#1qk}V)u}U`ET-^VUoA|>pb}WQakytcxh9qxT zI5EOi+=jwzDl`U@x-LdTZpaXz4JC%#P@_Yb2pejEY8xuBV_LhYth4C&3}x*9Ejoil z>v*oSXhb-fGicBb!du*i!Z_#prQ0k@$>hd|OA<1Df0sKKH8R|Q9nwIua4 z5u{RM?SEWn(KtI2XR)|sgtNE>g@(b6q>Ir2Ju(E$!vP@R7S!kvCeDI_BQ;cP$1+}2 zSc{I&cuOr=5krdqbsAF9$msbCGH0L-C5GEjqxz!Iz)dm)XhVtNHq_`4Cc=h-qKX=u zLs|P@H8L7+Ki<40(MpZAW1^KBZ%Nt^v4F6106=bW6KYgf6p`lG{&1GvUrvjEgsB< z8Uuidu%XBr4obwojusVdOwQXe&I|28ivN{XDiVtxz9BOP+EADYg`G|rX`w|U|H%L_ zD_V;Ov!KQRfTT0VZL}aa$5|Jn=aI%+WJ$C_=_NDvzv^Q2TnC9U_?blDX+T}SxaVmE zKDpD^85NWzOB0|!7*Lv3Wdr1clU3(q2nV`n-? zZcB10plwlA0_FyGW_0AXBugD_3&#pOaXDh!LFWO%cLFj*057)bHFDcQ^9r6A1$%I# zjx%}?mo(1sL@GF&I(l1V%8=W_vBEU=$TSa{SMY2)xc_f-yaVSI1?I!RuVfk-@4$IQ zfk&(<1J0RJmj#q3fBQ>;=S;!vhojRxa9&a15pl|ZbEd=K9XPKj@CZ6(z&TUuZ3mqP zL{ev>^9sM)XvDD^bRLj`=a~?v3^->x4BmnIiUQA>QU;te9i}Z(O&VvY+bN^#cI>b> zxh*b(lriXb!~`Sbg}R+G2HlRT2NGVW+bLtv?dU0VQd_9oDPz#>X!;IvTU-VyW6JfdPL7NNx{d;MJ7o;I9gU(R;l(p10U+pn7;#RLW7L4DN5Svj(EM*8l|c%Y7^mNV;p>zV8N_UW2X0|9aq)f=0FBy&e9*Ck2QH z`M~G<7;~2e((HllKbF}|36os0_#5Y5#{G^o%LLh%n%-Y8#p5n)~sVS zDYCgtLUQi8OI>-rywBR{()RpW%VB?f+tOeAy=m@WJRVnQ`kc=GvZ@QeZIq?t6yu_P z-&$XBO0JCPg7$(P%;9sS)|^XzI%nJLkJ)e5EsirNx*fS8>{g$Kpi^Vj$)Ln(a~hL< zLmz^C-``kHw;efL5&AQ%TXYg-f9JO;!rVWSr<@VL{JzqZeR`Ef)x|!+wBW`b<{6EX z4eyq0dFu11U}Ns`=j(W?8XMkyou{6&Fs+U5yE&8dww}YRUuM3k>7|^vHGR9Tc1~+( z#XDBIP$5+Tp3l?LDr_U)rY;vS==C{%?9Xpby4Q<7++Ek39CF(sEB%D^&2R?O|BvUh;%U3`Xk-`~v}ayfcKFdixgwsWaIQWr4NQHrv!n2-z`_B3r8QT+L0c& zsnl>~&V9p`D_PIFyX&8Ir(Du%vX+c0da`&~^f9-MLIQcWHs~5XozbKccGf-R9ry=c z;wuOLl&-}^MHew-EsbWiHWw0@W-25gDje;h7n?HkOtiYt3oct9O?tmKR)>6l)Gec& zl)myLWNt_M<~@BicYM0sztu>rm|tG+$56lNq|3>(^BzQOtI6JBU|^PgYFWs+3)dYy zszfsxK8Nxp{absYDqbEHJ)cl|b=CYj zE}dFd{mP%eryUfVW?^r`J+sfwn67tcyQ^vIlXRETPZ3uq$*%k%tG{iKmaRYi8LeJjywx zcy|4~&ooJu^eeC5SeUWw^^VROE|X2#&37GEIsMAHF5>CQtsHwI%jvLOMq-wobn3!Z z*~8z8_kK`)c_~|s?HE7Pebp~gn}e_WFm%oN{hs^FHp$bgI~oHY&nmNCwO;Se_rTRh zG@hz$;CyN-=gItZ>NV*d(KmeGz2tN~`W6 zS@P!zHzhe>RQXTvJv#_|s?_N<^~E8i zEnZbA_|psxfoV#Kl^QR@HDU$yTP*6oaTR~LvNAT%tFCyXukOu+fP!XIwm%15Uw(S_ zzEincLbPge$!r?$ILW#KCQbzv?b8>X+w>~WJ*ehSW~>rscG4{h`>00IUUbU&onFP+ z{ptMIrmyFVFtN*7ThQm7YM?3LcH{wHmSXW%&4%4m_s3l^cXW~ZP_^<^@mt-8AH3eL zp21Jcq)>2w)3M-#A+jMd#m#I@D|C9q^(Kcqf7IKt=!ahPlE}#|5+R(v0Rirby4}b0 zP6s*v)T>AZs2)sKD?Tu_h1D`gFH^ot!uP|re&ap!W4F&=rJwMasWR2(oL0e29+!r| z!r9+=i}uW3oY|r${O$IKvZ7^<0=6?ARu`RknPBYRn0jhP)%bbo z{M#*`=O16hAhu!ob(Xv@GW;RAoY^cH5+%XcE$?2dWhrpco@rIs+VrZ)c1P%S4JspAB);k9)P6L0 z{Qhf#4$qQ%_C3;<)!!|Nip|sdImho^*eaT7d|@%S(y#yC>ab^eglOWkR)&l$>ou$T z{LGxM8XsD`SgFM0h@E55^3L=9FX!5;&uQ8-jcw;X+f?-wK9v*7Ya6fIB&QejX{6E` zME&56HN6|u6TuT1sF7Ln;LNq<(aPKM&g^u%5i9K_e@B&7P_SfmyJ_C48{G@|E`6E# z&a~HekA|C=vfJGzkH4=6Fx)dvj`7`are730?8-6tA3w8(Ogq?`7sL{gNK@6{Lhdhj}&=S*r)1f z?RrCVrAT7t;c_{ZPrBV})h!op6$;s*TXgZ$l^>KaPuZ2+o)u^M+!yoC^ea)~Fl}y7 zNY**McnJ0attFuU}=qtax=88*SiE|zAQ>h`yFZ~SZiF&cD?IyXHdUC^XD0Q%g*IK z`x;dGX3|WWs--LLQ#;LqnUA=6G$E!O^qBtjrH##$8|q5KOl*?jN`%Erp*tHC%)2q7 z=}Yipul(vmi-q0E7k!7+>RO@!bI3n1B75GYsX}FQdw>Phl1m=U;+|viQsq%+>#;%w^Ltj z2SvwIi0F6;+>#m{!o*opq6X@m9TXo=A>!jDFgt1t z5GKNonjnq*KNKL3g&vW4ix>)s7gz$bqsVC%hT-iXj}&&h1p)!Hqs9PXBJ8LM(#Zcq zA@W#A8i}_=h`cyvNs-emQ0MKS7Woh)AtC zW=E0JEDXb0q?!x?`lG}#J8BFNCc=)IAdUS0LzMh~-q|Au$pep+ICc{c!duLaBBxmx zhPR}TJ;bMlU&I6;V0P3PAWVcEH8C0)8y|cokK0!`iB@b%4s=M3$(|qTZN%=u`YUzN zr3g5KTT&Q9hxbTf5z%A_n3n=Tz%8lKAxxYlHO?9t8=moIE#xQml{QXZ3vu*{Co*54 z9R(75Afc#O82$)fw&G}7xp zk~Ty%GIn1X(8yQ{Lj3-+k$6i!(1Ak0yc7TeZbyygkpjMf2^cSumV=Mv;Tn^c8|t;d z#%H|677{p&*p7)-D!fJIk|cGw-2*s-TT-L>ldy9&WC+lb!jcf;*W8UbJ0{MO8gGq^ z4$pYA7K-XHtR0JAlp1GA+7OXB?Cv{6YH>SiG;b1i+KS9sL=PZVHkN`AzsYb!&XP38 zglIV^6=bm;%Xm?dTJqtb3859T`CnA>5g%hh4I$N^kI8sB!b}ZvXMQX{%+s2u-11Tn}n6c1G zg|~xJu!H0CxXfXR2r1;e4b){0Jo(%9fc(#91Dbru%n=;j9XAa_q7_a?ve^Dt8yQUsK;jG$ zYmRN~VQDi)V(p+%b8#Zn9P>ww0l>uBQRtY#fg_LBSWFWt`glSD%^^22)q+mNe6UmW6mfnFUp8~C4J~23#}w{Mq#^pV*oG_HWW5k1BdKiM~fO`N#A+nCb48% zA;tenD>crNG$FzmBF-FhM&X-$BP_Io!pz10hMA-L3u6E<5f&5_({a|t6B1=kqLmtB z|En$@6lE?>M46+mC^3BVbp*~1%D^s81ev2ddSd}FaTe5g>*5IsF^Ak7UtK&X!d#q) zFh@7^#L%2`h9l|XK>_CCf3vTni3rC4fTS}fM883a_^aRkb0R`)c*fg&8d({Skyt9) zm>grS1QQVgw;+;;P)bbPd_XEjWgBNt8+Q>s5p4@^mmQuW`i>S>Hcp^Y1Z4^-5urFa z@*E^Wk`zU~${_9n`;fwu8DX1!gAx&nqfzSk0D`s>nBqX%k`syz)0X7TM%$vxK8P4W z17Bc5z+u{wvndVhsJws5R4!*pc4gXR_Xi2?9pA1fob9W<{b5T1bqh!WU= z>5fkjws2liMjtCQ7L=r~uo!Lx@91Mi4z)z^Vi9SeEw=qW;#iRr z1fy-C3}Rs!BexwiudpP~057&BG;-TP^9t&Ai81JQa{M8nSsW&*6vvE!k@1q|75H+H zz`xDGNjLPPP#jb7m?44=#o!aF7!s1VfQSdg&K{2i0!ep`vn4Xl7N!KcTH>7@KF1x% z94krAarb(?nahF#w!JM^Hq?gc2sOEvoLI%farI)7`rA(WNqd41-gmzw6>ur@{9%c{ zA8S17s+Z)fx?sX7%{)8i=?RaXlBQL+=ic1)#{8bQPgPuE`-&BJ`}I1qY#2q$)gP%I z+9G1LjpkOO3b+dilJ~;>Hb#s0CPfFh0 zXa41<&+M0`YXaXM5hqPd^;; zU9UF$wN(9BT-1@?DZBS9 zow3;3f}gvg=0j&;B=Zm1@*GElCk<|1xBGhz>)urTux-Y2(NhN%cQIN9D%gC=e7kV| zD+aa7=?!aTTIozLm7O+tvf6re?ept;e5;(q`a)lS*PYy_WN^IRQ1mQU_sPy_(E%R* zoc34WaV&N0-1SgEetxtBi=XIWy+e}k_Frt!Tqf*tBgI7Nc!J%f+eS1&yljO@QLN!d zR#z}WvTZgouX_W@wmGY+QrGdCq%b2t9fJ}tmTl~W_$UV#=aSm>~nJx zb`(|4G&!2ELLhAE5B+6R%xBGenj})*EX+^aw6Rjip1Ct|+QRSa&Y!*i_3{n+`uM|q z4RIGgKjEIT*YppE_L*Zg@#d@?)`90jwwbnEdztk1aVO2m^26H8zHYvzyyClYvgSzHHs9Y^wDpunj+U=siO$`G5S_x+7YvjlR~j!m$$cWB zU=1rpM`HFdZ^mZ~9MUS$3s2tU^Pfz=<}h7WvmLWcyg}B_@Lg~8jQ47YbLWF*drteqv|wAs+`?2D-vjF@iC6m&4iQ&bmxVOoD>?ZLu0 z<_#5{aV5c~&0iy*J*7Pzub8%<&w{y%OQ0bn)26RgdfCmYUWHE^Sbs6sc+TH${H&Jw zPjL{N6Gvy4oNw9NUu}E3&-CvzGmpFUXTvm}RMSSO+m$;FH(ZYnm7?Djw&K^_tK}JS zVkgrICwat8vp2h@@6V&pemH4`1^eNxGn`oRg&EJiaI_Z0BLR z=#R0VI{V=LVG&0Dx$gF&D;GVyt4%k*dW8yI^omm@xhm?rEKf`eU%qAOf$XY>t_MuC z@)&A_83mSZn6Jy?YcE6FROTx8YPH9K<8w}_@F;T?b8hYCvj6^gy~wGGwu+cHcXxaI zXxrnl_ioR}rkEJdcU>JJTHURd_iDcUQWyGJ<>|4ncEgo2DW3SA`Ef7$ras?t|65EQ z*Ik>py|>&%g3nkl?`dzVzxUKM>B^G&10Uw-mk1u#S@*V;<&9Uqpj7zo{Xe;vO6~5m zZj=&hSa37Y-21SKiPd(Fb=Vf;?acUM$jhwQmGJC(I$mSsB2dv?L%si`BTKfDf zXL#kfV^@S#rqC_FSgDy;rfTWVYv@+aXXuepe564ar()&puw1I>D^2-{U0i-&e*wYz zoGs{CFCMyeyZdp=x5uj;`U98!%J0){?yJ#KuCKF_U8?`-x$mO~GrsOVqMMOy7bLQ0 zQ;?a|neEwcbuGV%hWzX36e*EN@ zvD#*<$g>$&HV7A-cH^*in@7*GNAO1KiiA>Hqb(xou}c@e*S8Q}Qt{L{ny=bHAiX{N zo|<{9Ou{mg$j|8VPFXdb#peOG{pbgoSKf`up7@63L*Xm|7X=$t)s zVx4}*9$WjoHW zXdP{Q-7fi4aY1N`N|f0Z9y6+5}GfUmke25Swy(ai8ho?3eR$Sx zg)Jd}f(|}#O;lWWYo|K zez1ET^5XVQq0T~wHyUT;+iNzcm%b?F2<1x>_^jHH`6DXuigdaI+p7Ib*Bz)@!2S4- zbvys=>M!lzk9?tg-od~5+OC8oJJ#?MLJCoK6`Tqzb0;5ATettAv)NR2d#{_<1Ad+t zm%Y#Y_S>;LPo~^qIJhTxU5>;K^~Y_AwaRr&o<$~GO*j}TxLCSpg*wOZd9HGncu8w) zx`sK)+5Gh_rhWIepTC&Gu;toxo=gwT;0xX~yd_`kMYH%-gEQ*-1(q|auyNAVshpyJ z|IJe3-1$wF$p$BL(@r%4!h4E#ie?oeQX?^N}2IFn(-DV~?afV+r-xRSa%*?z% zRP(w(&uOo^H;nP-hWx3&ch9AxYfsFtcrvHU%}+w*Oy3_h{R>=WT)*9C$ok(>*xkzU zNGO5tOhTSf3H!TVuh;KokC)xt_&)8}wab$dqZD(iKQJ8)y|eSi>gfv8Vg%pu7;tv3 z@1nb8Aa;r`TX2eHnmZTc(J$-YdX}||^ID#)T$ejb|D|+~=lmxs8kTI&XCJ6YoqH;J z^Gy#y_DX|`58qGaZq@lLcul%6&V)DQp?Pk$wD!x5Y)e>!J(ivbxvTwqN`Hswl_1xY z)QW2v2~Es$<#QFh&d^L{VHZdY3rYzO7845!emwm^;{1Hg?d#^tGw1h&?!3CByHIy# z_vGJ?X}b$-doH%!UdX(aEvQlT*;`jy-}%*A4-z>!cWk;Wv2S4H8u)*_UzJF+ zKF6))obN*0jN;$nRdL}^m&tkUT9{TTG=#5RZhI??8|wpyM^=I~8h^?65S7v=;PGRR$hH9t77y1 z7bh@md-91rq^x_3yScV!$N43bBwcK0hkbEB!yRF^`KChDx&EUT3FoI9 zWU(hjEl-@6pjgy!AlGEZpv~!t1y*BLT z{??RHE;>`Cbj=ov2M1Ku=>+yRObKb8q44pt@lv6)jI$Ze-|@Rw5Pt0Cxu|(J6)&DQ z_AZVuh_~XrOgH;oQKqf;-s8-s37wT&w?<^;x(3QzO#W&6yw6|fd9u#R28}9)Uh7p& zOOGZiJ&Fu%4frxEert_D2CGcC?IhaB$qsKzPn*fsNR_yGT74+krvrYfxW6S&|8RbcFJS&+bdVfFQ?aKQi9(T5TBjst^`Bhm@ z%%_|5N4Kqc!|b?OCYPm$C;QP}&1TOF7h>GgoisyIx_COYHTdQ|5nLp+<%s9cuDg7# zdvY#+G+eKvQnt)Jd5NHxe4I9U zB~Zt~-_LOgJTwk`(4%{S;ww=n+Xx@@n8$$(0c!yupa=ZM0)gbr80QcAfx9t(w-&~B zAadw7FE&0C!&>tG!oU-LV~I5wy0IXEI+RG9!7fe#M+UHzQ{woPMt1|LI%_ab6bS+z z$_^l)+ks<&FcHq00YZRnw2@gmrp;3-yd@uu8n<~!q7_cYf2NfRZ^=in5Jwz#p$@`Z zbVpDeS8gNlmVCbs3ITPuA`sBP^szu7In~E)yx<@Wvxz?zQJ}_JlCO0lNQG3BSvwX| zsd1L14N<RIt;4F?n#XZkBt+?u zl1AxPkp}5hB&88a=~U@fq(cy-Q%aoU~}-QDn9VFwO>jW$w$F;1D?u-**zFX{Q(9f&+!jS z7Qv~1%p)UTjQUq-MNs??$QJpVUWI*;In{$KLuM(@qtfQ{>o~R??u5R3%`5> zZ(0S$QGbBp--x3?$s)-Y0Fll1PrhJ3iII^nM*YKDc#z`%ueAQ;YYQ)tLY6Hejsjaw z@qzD?{!+F`Klb3VMZ{5H%c(!X@bfrI(%iz{(VR=t-qFn5QOe%N-cb)0l5rbALz>PW zHs)NK_BK{#(1_L*D^qJbb0;S~Zq9?8`pegrpBMJ`1Erpt&c=?;-zz=g=Z(PA@I0{R zxsgvBk#9yJ3HP5P79;6tJ?%Y|Yo@ca75h z0^3gUL9JSUh2h_br4DlHFP6*mAD<<|`Sb65a1T=aPskR@Bf=$vh^4@`Q+(iq&%d%d zm)cfEflUF1trFzLcCBEj1eLGjdYPqvV+F8wPE`~u|0}fq zld?tfh%m{3PuRok7L2B#ruDy)?O#r&;Fpo$b_roiS?eDEgTN56%2Sw#ZlPV6uhcF8~7=P5l9e|BKV9KXPw`(!PM^#mcW)3$Oyn0igZvc^?L;W7qQfzaO+2-1-bLTAz82?39?`i zkrY@k1s!Jmz0HD+Opp;E0x7Uw>JJe7_v0vGPT+%doac;5>c0RP~_ z8zdl>*5uMOH+4o{6S;~USd$mjLOK9|@IjBr!bafuU;sQSgaL33h5>L}fB_Jtyx<7| zYy?i}@2EiXSpXH>VDCLT0Dus43qXju;h72z*qa$d67)5Ndw{00_+R_R<=#KOrzf?Nxvg z1ZF-2&G4!k_&-Kq2HUp))4`e(7y!roJBcF2jsTw^WuyZDhzfqh{`e95L$qH3{tdK0 ze#HKuB1T|3Vt-J37uX2IIex_c_`&`CjzAb4-vlWr0$Mm706;tE2AfCG32}q1A7KE* zQ*Nk%2`~cfh8zBf5x_WZ@JbR4fOyIcHb{YuATWbhTYwSxy$IMWumKAUfOf+TUXg%} zKzhK9&@gU@Wa9GkB#1 zHiDoT!ChVicX<)qB2I00jU5AYA|e3IG5=x&Qza z004k=0RSif008L%00d^RAP4B@1GUHk00d@uLs$*ipAeYAugdRs14I3NH^47%;Qs+M zKr=Z60BwQ~u@oO-DL%wfQ1e*WENBya&<6|{fi?lPAqD;o^Z^3^1ZL<128_Vj^Ba

$bf(mh|AoN0Rbb>*0~`A0)iX_X2^hmkv}33 zHticvfv#SlL;wJ!0sufZ0RTt^0Dx=)0FVlPutT5*P=pTc4*)<}0|2-`06<`d_6Lk0 zFhlzTMi7{x{qaL7VE{9A!#0}*3T7MtWAm3U68f*zc zRtvBaTmb;U6#xLF9RR=;005*N06<9s07yFkfRY3Nkahq7B?+98AuuBv+X+FY1pEns z88Rhc1c4bcC13=B88Rhc1c4bcB|z#3njupHMi7`G?E^*-m?7;0Mi7`G?E^*-n4!QJ zNK_#(L)r(7ATUGP2aF&vL)r(7z%l>MkYR|v*$Ln~AU+8ob|Zk;4d7hi-U#?NkOTlf zhZun*Ab{A70Ae=+h}{Svb|Zk;jR0ad0^n|bM=5MoBub%R4seNx#Sy*q1dw{^{Xz+0 z#6$T0@)JxCh>c)F@&K#trpnwhD+VlncC86+0N5J8VJLNY&yC^TU@!IC=r3pLjsP0w)PrQvLu67*z-q zFd+aqz6(JB@f8sOzak*@e}@W5GZlf>7cff)H+?WKsU&|{$=Jl)2AK>vdWZ}lIr6Ky zT2{_B<_G4&Jo&e|V7WcS_JgYX(}j_g5Rf32 zF`qZu5faibFVwd#?(j=u^Dv1CNBN?>q9eF(>|o35Fx`(+A@R=Jr+~|4G3n)ew1y4v z7mHl4CC`GT!FEf6oz+#lhDo=C1Tt-HvHiiv;ZnIlWlp+o65A`w;qUua?d!rH35k9E z{J`ha($G-K$mC10-XOcT^?qm6-3T68-tc%idC$Ohb2-E7^YY7fS6si^_tf=c*Kt>? zz6Oa+e!NE~y7%>7uk(1YO8&V8)eWiRokLs_%MRrD5c`%Yabsy>TsqS@(=8^bY_UMAU#ELhGg;1 z;Nh+dhM)AC(>h9^L z%d(Cl-1mtwdz&IXg6LMv_R+H9o$~RTr%c9TsB%8(a+skzw3M?=q_t2_oDGmSe3#)D zb9S{jHut41AJ#FAN`;e;qr|A6a#1t9QN1#eRj{ted8vCumg-r+$2%s3K;y`q^xNo@ z7cA&cPKT)xyg#4dT6y^Kkm)0y$7~_z6C}sWCB=lbDJhe!46?$^-jZWAP#;oZZAbBw z4!lAvdrhAm&HRw@n)uep%&>GA)?i6eiu9GV>i1q(5=7>w$I8b`J~b;%9Kkr>Q~Xkz zy+=k{sZ=-X)rVn@>iaUUWs*@yjU+?ymqsU_=e8J;8kv)1%F?~;&&+7hd7Y2dNW8j0 z*{4Qc=~1xAd%}3Bl7TSHGw*iC6+K#8t%kD~ttu!EU;Hrp_RR92*?C9BHz!D9h}Kk^ z`tO^tik(fX%!m#rwI4h0Bz@*I!QhGuW2LW#h74a7BYN__ByWWF3G}niYT~V)pKR9* zqom}grleDMGPU44J0yxO^Mvju?+50P-FWnyjmvU{y8Y-aM_-{x@b>WSDjPAZvzsM_ zU}^^*9_wCp3?3ffn6*}E?Izz*H&MFHM7mh!IuO8OpZ@ijJ7WC{j~?XHE+g zSVoAl+CF9_>j>IBLDkq{W<~Ttow=)@;1F}m?9=;+$I5An?QH8=ORH)lH$IPEeB}C= zVsf#N>@$b%Q!b5m?u3bVh4Lh1vgPL`*@neW&1&2faMLvgY`wO# zHSYI1byD70A2Y);tr>4ur|=dUiJ^#ae0>h(fZW-JCA{LSJ1x(4c0rJVHd->?bIVm%&v=;UUXB?X1luVdp|J>&HvaZ)YWO-AAv$1|nr zs6uv!$-Uvixh9b@wOe{IH}xA?ukn#8QI!RR5&8O+7Lo|5*R)PI4;36jPZ9e{Y!av6 zJ0sDP=-?Kt@H`hwoJ2U|1ior~kBx6o4^`SU8qra-M+NhAykmZ>Cn?cTRjYkiP0%#U zBv6m!e9#cU_OO`gV>=R3ftBGT$3EIplz4=snOJGTzj^SpHUEy{MKv_PT{`OmO2NKh zqL(%m513+eL_=C~JE~QgM-^VMnJzcz1{b4JWhv$Ad40LCs=7J+frbLFmDH3M=Wg!^ zZpdrz?lEbqeM#D}aBg6P#^2JK4fe$ z?g>>`DIIQ_b@~v1`~JnC5T$^;2{n5Ms?DdEt70?rDnXy>*#gF1_Tkv8Wqn4l@gq@3C(SbRov?9QtxQ@?_c=e0nmMYpTER-^f9H_p5h zQNK8-d#4a>!V1gb*QnQRBii&1A!@=O?-hOdAy1L7*fk=}wKEEDhA6tMw~MNTl16XcvFprTBK9+l zhQd$2o-8S#JhE;7;!6U4|6+b+=|Y*joAR3MB^BnKCsfz@lAOc^zc>VuCER?&DC%>q z(sndvEC`o0Wllt^8*|&w=l+L?;8-V{;}n+0Lvf3`8phAe4N}6CEf+Ic_=!;11Y;s1 zCU6#%&R43}NKE6Lr=!4V9DQ+x2+!nB9do5vP2`2tofhurvwIki@VyNVTTraL>3$t) z$nl6WHc0a`Ho0Y{Ic3qF*?dBw~dyTyO!n4G?Qv(lYK<% zzBW!Hl_Db=879XG52fwe+A9*?x|n^Yn7#PDz!4|zL6h|%-~G~f8}9ke(1zEFVT8fd zxo(PFja?bs=4-_lPCa5U3|jK%y-q{m9_w^{S~5&6nZwi7m1G=E(xJSbCcSA_VMJI( zXqY8lX)FJdz5>n2El0BZk3-n{4Co8-s-M$MB-=6z-RfHy_1b9{vbT4ABz6?T2UkL~ zBJmjcnR#b1*WSEy%qXM*bKZPMYClM_k6v&5`Z}IC;9~RLbT5Jyc}%~Y4{>PWJ|}jZ zWKqIxwEdW<7_c6ji?yL`i(mZeNp$kUU3AAyM(KrBuJG=4=gUU*F0pGbyxG*GEEm!S z1=cX|B65wy+a>YS{C(XivDDh@;$>46(fBjA=8R{yxHOb_k9nl)ibW48;_N-qN^ol~ zcgPxclfOhVarvr;jgCB5Hldf_!$ReZP<}6+W`-yPQ&6 zA%vSDgxSFj1M4YUm+oI0KBigFGIC6IN9FyAQ0?l$LiRhXxm&Z&h1jEIS&YV4q~p%9 zv==uA(Ft5|#6w%Ta&5Hw`4E3vw^Z}4{7X3pl0(y~!)!|@<*-BFPFG*T66rpvO1jMX z0>7CTM}N7R&Xc~XR(vp4K7vr`zQPc`!Gp-cHeWon&`QUaUDl9q;#QPoA-r45B@mrmR486 z$TUEZeyBD2^XO#K*WEWl!uU(2m*UU%+}gO%YFw;3L_@SupY_gZO92I|=L^5@OLXHy ztBg4FZ>8M$Sg>6&^E0&bmL;zSvnM~g8YEOkoo|fyakP5V%hKeG*$pMfN%j}J& zoor7cujNFI-M>|v&mOZS`q1%;m(Zf^A+`J@Ii}-66ok|0ygCGKK?VeQC)IK`Ch22Q zW0>|{aA}@mORyz7wTz~btn-0`AdgTP|fxB(D zQ4&NN-o|#{Rf<6u@L`s$nVAb8QSQe%6%mhnH9ZTP@Qcg#^!0t}FlCcw$-riM5>E#a zZNuK&+B>De-WZ}})GhOtYaJ<$*-88qp6}xOP2WxkDg{ON;V3_;wl|HiaIKGe?Vzot zH!z!eZ*Zl7)k$xVA*S6v={C-1d41<@Ok3Q<+H`ljmr*@ut&iV-H>@G+N1)EFTtPbG zI(l-XrgNcC4plRxu1W3uqwE-C>+|<=9KP6opthObI8#zn5`C1A z%!v4-+=;4^`joT8_#WoZ=T0Q?x1nckS5(zZw0M@fU%qM<^Crxn{dI7}d6kg?Ux(Qwp={DVdmB3^;mD=v5VGKVe}`$s($Kq z=F2{9M0sDM@7HaG$zjGzPNzI}cWSf#+)s42W+jFtQ+xoQxjE4DmQ1Vi+=C05CrD_g zJ?GNH3k!|sRz!K%w{y~Vr4z`jkCD|!U;LE39XT@3u=hA$(u>{Yy86;?$xzi{Mrr}E z=cj4oaPoAyBZAQA^UqqJ4zu&%dNLnmLN=Oqk_BD=fsm9R-HX2E>exxUnIVc{L+l$w zY6EwlbQTvJKj*G?I6sxeHS7Lz|Jlqt7bF?ZaC^SMl8h0VCl~HYa(_}3Ycg>`?L0@- zyBp2R(Vsu5=<(aVf92|=G2gD`Nh{{P=l-yx51BiSS*Th| z#nFqO{S97kxK`Koo@^s3c{fJN+*cX&EU3=%q`8cHs+FG;1?46EYMhED`u@@c{A54c zllGiX8;|)YGu3!RGcS7Z5uG}V>psn%?fp{cl8tBLqWm;zqK&JfR{tq=iREhRbBdVn zc}d<i?Gd&5K4JtMU&%7!BJJmK4jF&(!a^^Z46aoE}PSHX!Hu zj9Retta~WA#+IwbpTK9d(uNs4dTaU zZt=H|m2I?v`H`j@OS-$*DkbP!s8KhX~1P1g5pR6Li8n$yB7vkJ`cQ2?8 zI$dCyuL_uHH*uoiJLQD4w?nDk;qr1}SuN>Ur&{>5-^E)(zNZxK$5!!7nsNxMT6o~$ zzQ8r@XtKB0n7TpYoiwe6MKRgT>@n>wUaG#Xo{W7*HI3G#_HMiWZnBi?z3#4aXLuXE zv3MJ`Z=*G`kFMR0=5-MxD$OjSUXm$#|K)nh6)KNvLl)qt;6_%KR5YF>+6_(vFB)Fj zMb8udNu}A6Ggs1cE7|(n+cuxS+OA~Im)veVJ=g6}nkD7Q#?eUS^3?O;HN7`YP1l?C z@wW%`Q%FZrLzP9)Uc0l+=3?tJpYP-)h$hr45D>kHW1^{i!hZM>jj>2Z+``mb`?AqM z=}^zGrJm1OlwpYl!#*l0$7hwpT$s$8waqWPl)Y^@A3+j!T!*5^Wf`(t-O5G9A_4|k z2NuuxLr+JG^+#^;-SYB#+ku#ohF3yW{x7#}iZ{yTCqO@n~sr(9-MP3-1a;E3B zN3ZD^@0{+t%B?L^eA&0?Nr3=w6EB}X>hXK7coL3v>yMQzg`A_BV(es`@Fymhd(@hy zfhfJA4L`e{udz|>>So)_%v0T>iYvu7-RZ>L!V*?1rTzEIQe!<{t-bniq^6g8B+f!G zHG58}-qbbHuj@j0=!oLE`(JXI)>l(8_q~>_=0wR}lx(cGj@;JXS*|N;&KWd{;*ZA2 zh!Lb27g;wz>>ZQ$D=0d#%cL<|)>b9QZF3Tl-a(15uZig!Np@}-iX*9e$bxKgQ`vao`ZZ}O`J`N{M z@OVn0J^I4iy`A727w>sb71v_BlWF^WETxa6>f$bSAY5V zWb4yV?&c?g*0r^f1WoQ?x2R!GJ5vpn7ZDHn-b6L-t=&UGM-gx65d2w_V}S!NJR_PM zpEtL0HFvf$HRh1Cw=v_Au><-O!w#mkt?VT1oUFe6|F>qwKqF%wF0F5!jDeIoc>esY zmGOZST%_akU!0=~3L+n)>c{rn8sjDo+(Gj=#AT^SnnG%Jdlv@>+y*TtVIP~_j<8R@L$N#r8=a@sJMy{&9X zg=bv1j&D5YrFmK5RB=+z)pJfZ9~S1NHCG8yP>CHdRD4OA6?|FzSTKh%tT6>Ks4#K- zBz>dPwVH_BG1>hTd>NY6eZ`Lw=N-O^c|t-fo&L%`x*BFI!T+ECNtVB6f;b6ovU7M27A?(e;Wf9jQBsFwZiQ1#A8z_aUF9W^jDc#REL-S z-lbC=w$v{7w_`jdi1t?Y#QQZ2X9nZ4c(4A*w!I}APGj|cxz2^`g4LH3dYGdVT(*j6 zq+38ZzwvH@PJw*S9_ay9TRcGRCp>8hPyHUuC>%^$!t;vAh`^*J zJPifjp%VbpsRxl9$Yminnt`XGgn%>@cs=tECL?8F;E6Egj2ci}#tSqJ`n#U~{qWnPsEPwblDkRMW zlCtmub7KC*ZU|UDN(rLI5weKp+A{2{R-pIS5wi9-MqY z|Kar+h`BHsez#R7%L=ULcgbYIfEYbVj9+0dSR>^_T907#p2p}{^04hoZ{tcWtfS*CSFY${# zAlWqBFMR*X0&a!}qz}~GgI@Pw+ySQtVg(${cW*@pZ^;4`gB`?iz(c`zf{X&FM;Zp9aIns0Fc25 zAQikKxbv6T0l6K*AH@#vMG!oMaSyDRKS2Q*p#WH-`fC(O zS_^(_Kq_cR$SiVO_ZM zLdYE!Zy-4Wq)IsOYX+i2lye<)1#stwj0gxCzXk44DcsMn957_K<2-=mdrcUkB<}Y} ze$d13dqTuvzej?kf#2K#RHXI$$w;RPFn<6&6AZHg#OuQXP(d~@0yjv=9NU|0n%34V}%@CR`6eu4rX3IX3@q=%QGZ`zM2kkk^+ zLbz8FgzC-#6!5R^uc!e3Ekp&-qZ~A4kYNXP@h5%&#Q%LV_&xfY$$zyALHJEAX!745 z4Dk!|3L~Ekz0)4In|ON6XGFXIs1X5v%o0`I%bP|;TvScIWZ32CbIpe2&vkK*kCtaD zai%;_-O4T~ld$fH<)q6Qm!%J#70Z*sT^0A-dKMQuH{aa*I#j=Y|IRZ3 z|L2i0RojbZJ6#Fk3v*j9x$b>!uuePYv%ewZ^kIZyAf!WKNcchWa(Jegs9njeH2YcW z0sXJrZ_Vlg{gdA_)sOAt0VQ?;Uz6WYQL?p6-4LpMX(*)8fxjlFJKlB7CXA-a=k!=T zNz23W#()^J(^hYbU%bxyBxm1ZIpo?wkw6=lE%!e1>FvzHZFvRzwK_g_(f!K3J@s5K zKK|5q*=xHt^AFn|8=eGSJ8Q>$-YI3>`nudr@<}Vb@Jh87gD2l<=k6<>gPGKcx0}z@ zO`AQ&bIjH#$$ICb!g2O z@tpjz7NuOgh#6@rdFNf0C)t_qaT?cGju^+xi?hkc*LOG+wYQxYnC4`{Ok1T^bd*n+ zohE%uN#=mQNW^#2f#36W_+m5$gD7dWU#iw)_2!U=IZJd;+wpSyeF~h_tWpSl9kqBk zo@U-Ld^WI&jXEvKx%J@U+v4)Ht4pkpYtv=UtZILWtvgYnXX#~+DpR1{`323s#t^SH z;1SldtauHMG(2aaw)jV-UfXjIdP7_+C-@kK=W9h7bXQ65)?+eIvaG}%>!E8rCR?Pa zNnUom8=oLr*NM)l+o_#YSf_S*#8lg?k2srp2+hGJR2e@IpOp33sAqm~qAjVkhrD7Y z8Jee!+50`cI}2IuH_V^!>c%Ev4cJR0eH}VM$hO&gLc?QdSu{33d#li$&|%>A6o%@G z=B+7G)!{2_XFH$X;fW)@q?n^R$(`FQ8qt|$^*Z{nxr%cRLxY76O03TD3%JzXtePIG zFLz~Kn5nMT4)#R&wQz{sWE@}!K4ii38S8B6dFK9DCf}<`xpHe-U+?99+N>o0D4Vu_ z-Rr|10atQnj2M4zE{j;b`xfEztq+Tv32Q6c@!3?-?vuoX@g^82+<5yv7L4X~9n439 z?kX5LVz1Ul-XXB<&L=HC{@gx>)i9_}p~~@YNn8mgihf7*QZ?np?aHxP6AnElK?AHH z?*s$%8~Oz z#xYzbl85Q`?dFPEEgU>lUfMIq&MK`cU$>9R#ZeBrG1dOGDSKM?7M)z-^hkvW%H>AS zPhZ~c&M>@I8x|g{2|MQ7aL3ZSF=7^2T1&myX;{lv~&x7Pa9_@U3!JDe|8>YeD*PektG zi-$haEA(Eq5Dul`*@`hgRQ||howqja;@yEy8S1^VmG@GyU+ZWP@@G2jSl$?Y8**sA z^@52n^X~atOfnOc=-Z5eQ+|`wg5n$+v7K~+PT85!&qZWu)npwKDlfgGzAC5GB2uPl zUS68U@L2OwpKY3W340L!q(i8zLj>pYQ@wl2_@~Z)ZB$}?R)NaH!$?m}DPA5nOt*x0 z>oVFaLZkGY%k=9cti)tMk?Md>f)H_DROoh7^1NZM#sl0u^-Rb5IIbcAwc_B*1XtEc z4qK-!_zU@}@J<_#-_dhn5SnT!aJRviLL@86@bp zimXGn(EiQz)r9D&e&1DAi46fVJ4KA@1T9=HUw`<7E z2d;m9#d?U-X6jH%N_-eMiF`OUQ9(^;Q>qPb2tkdk4QHq6{Uh(*dv?3xwiMv5ynCjQ zg%`7Kq0LYCDK3w})J`t-Qi)>3Q690oQkI-q9T#P=rN2C~IVId0M7X7uxA5^=Tl*_c zSDWh$B#uXvDk&Ic#>;ojasyu5CiO*rF@4a|qvJ+3&guQ6kwWC9l0hGgBv%ptJmul*~bZ~pSn16W7qc`mx{R?wKMuP6t_g`_<8KIc7xjW_l~H}x<$M? ziEA7-wV3kQs*K0h)8E}4r*F?8%<(`WHjwK-YLl~a{t5B3OAQZ5IN1c1fWqH*&siUj zp?4Pz_?fk~1m7UgwY6tY)zv;-?67vzC!ydqPRiv+-qFF*n_cwZZ4byva&hC;e5oz@;--&)yvx!wN6 zPr|@d?G3Li_7~YB1+*y=U$U48rA?Y~k0vYR-3)~JqHvSuK~jq)xv_Mur&uk_i<&7^ zg;Zo6fiz9-O4^i0Y?z6z#9eGoI^?V$eY@702INJ%=>azs1Gu5nPWrUCrAAUrm&p{- zsId5Mn|ThLz3FF+j}x#wnW}Cyl7V7dUz0iPMPB|qYbg5kzPPz6+ukQ@2gf*3rnXlO zmal`f%;l83i|(|(2=Bw^b~tHdv>O%MmTJUZ;)nWD*!xbpVzU9Er+CCl9f{V<9l*0( z2<;lV#uicdNrcyZtyYLew@26)ea|?>+?Fi30&p)(iuTeN%hwAPib~mC)UJ0gWJ>$F z%X6y_x$x&ny3G}-rA)VQ3lS~1O`hYJ6o`LMR6gdGKYXm}@o*lyXdwP7&wQZ%%Vsl{KA6Jt47IReNS3?Id&GOHAT8 z6)WXO9%wZM?hmtfj*vI6*A&s&`v`8WeY}RIN`rwNNYC~L#k&(n$CPDq?D*?QnK~|Y zJcX^uSq?+b%$3=uYOlu?n`Vp{>gyKGY*wK@M=lyX9K?T}?EE#afHxf|PjCrmy5@mi z7oHKijhBWRK1pju=5k75^>oeWz%5Zj$(9F)0(b_T%M-X)tGLidSLSQ^UZ;1G1g+r2 zm5SPt(P=&7Y3xz5)0lHU9J7)%YY~={vLfbHqT`0C_^#Eg#wpm?(_hPz(DMeZ$;Y0P z7y3@}5b>Gdp)2-3#C{ z$D$vqTD6Z-JwMIoU~AIBoT9{0vqBe_|0XJH>Gh7g#5I@ZR0Ew*y6*GZRZW#NyI$<7 z2JvUC$(k+6sl0j_ISvhFO?Czbm|xJ1$>e<=$mjAPagmWdLeFARZB6|ot_oSGyvV*~@e@ay6 z%BNl*XAJp4<|vG5iK@)*{20Nx#Vww^$0+zp_!?fc!lD|oC{7*h=oi{vp64Ch8WnZ* zy1B@7*SaXy{ZrkgypL*2AL<7Ml4V(~8(VFh@AOQOaabF2M%mDmSz!j~rn1DhJ|s`F z3`u+5ph~W9d!6mWqeZ_$}A6nta3#_^1LZg z{c?^*7R3iXzbS@+opq)q-GSiq{&K>;3)Lt47ke^6>s7^gI&@Fd$83GnU*2&?;dnV5^Bw0vFU~hRCKRREi)n9g(IW45ic;K4 zBf@^WKqsDDaE1cC%Y&SbihyOQ{v=tP$!iys3p>&l+Vs0`1ccQ#3vXVs4mzA^lzW_q zk?4%0k;N@ynp>QQjEokV#GUg_sQCI8ylK8^qeO7bm`<1}ok-GoN;*n<^%HH1!3V{x z>+&0gys!AYjJ2{Ouh=A-XZP0?1}0Q8@mpNmL)8pYr9@c{xFFJ6pyrZYqkI%!@d>vY z)N9Cl|uwe2>ebfOh$?u0QR$**E(yj*(>w zYb>GYD%n1~^DZ`!Nx9~#MDV7Q68ltW2UDuZ{Cj#F^4qE|&cpf2RhhJ@YHDr1*lrma zY#)z~vMQ+MdAa#-1d>Lh`+drhj{0chZK^ACmB1zymnPKjO?0pLRX?x)hPV)=~9jCs9D*yEkuDfK;Dm(rLC-Q13GUnI-U3!wHMX%sF^ zHUCKApmw_N^G$*#LiBsbTF>7-L_%LHed}3}n_*+p0-@fEeFN|KZWE$QVMHc^(R?u>}?kUlV5-+M2r+YIi zV_h@Ajp?qxBL4^@eGc7ZUVgH|I9odB@DxD^r^)tl-;7URhAk8u@iS`8p3=nFna29u zcP`wMY|cul^LmHQq84g0`Ajgr8H0S=Sjxpj*b^l?mvO2%)F(QOS`Fi+oVOxrm)Z2m z41#99o}&~v5nH7`M?a;@3mj&lG-GE`CvEc2QqsNL$&h`-)54xzlFyoqVRf-FI7Wyl zbFYFZ?E1uE?ewAB-Q}EKItbSQ^lllEq>!wW;YJd zyCSrtMD!U~c!pQ1b1u+6y}rzpk*gy*&^wwDS7+wkOzUlC12djnEuv=>YNW!hck6G~ zy^)uDQjnjjtz4XQ{p6Wb1j2+LCqBt^omh?PG4tO-J6jPwnaXVtUcZBa#~+u`8?V8G%Q@grGs&_r!>~9j9Gml@Ar#H>zH*GJyU8i7 zj6__)4Gr1r)+1Og=B2mOOLu4;1 z?r4uTlKNsFJMWGmdFST1?xn^L55}(;C+Qxg=oqi!9l&bF!X@+_kaFtz^5|;OHEc2# zejG1$O+T%0E@6qfoKR2BU^5TKto3@<2{43=Un)ts$ULE*%A}0YVUcFB4+5CvOjODJu&fdZ(;o2_-cD= z&!pZ|o5V}7(Fb5Ywu<`qWIik`5>aqr3QV`4$|Mj#RB=1KQU}G&< z@*18(|1}CEy+lr+!GsCp1R@U(cJ2B#DkLpMG*y5YcTf?2c5n{I4{Zf7F8F==znlDn zeZV*TZ89(1G9lUhe&qv=h@jSqe>eGumEqF*zA`*_3#rc^tc;|Ah?=FpoBZR-NPZA5 zxbOC(CqxJJ#Q-~|9Hiu+M}Sw)AXMmJ?GKbq{27h|RtT@VK}G?*o$)Q34t9QqTDKe| zf{Z(;2tV@&@HR2u3=1p?g}DC1E+3Te_m$yAB!4&g$2}uw zKL46j|6WN5Hd6v=f$K1!L!#;?Jwn~Wpe!vL4 z2nuus5az#x2Jq<+GycdGz!yPq@4G8Nv>Ah%1A@i}mcaes3Jz3fBcVW4ogp=Pf~x3# zM1kZGf8q)dU8DrTE>gdy21z*;=|Fn~`SyFOK(5Y)s#GAJ|1kFlqd+do2BHdBR0#?0 zhq*skBXUhP@LSin>Rny8ZT`Z*&`{rC?@Ql`!O>LW+6rE0!`hWM;Y0TK>|jlL8uz|@QvS3t zKeW7B7t@#)qT;Ml(0gb|bRuo{b$y*!jc)e%eXq|iI@_;e(k@+ebFkjRozUAu-(S9X z!~emP#;;4xk38RIDRDK?ns-P99*YP=eYMloS=avXXu)N6d#Q%OOd;pRxLkCNMQ=89 z?%m{^5iM-N%eTBWZ%MqK?<<^2JvDzc;NA3X;tajLvP&Zh1KGH@3_m6pS({St5RYaJ zM*C1sw&h+S(qQC~Q53?+t;?n)*1a9<-T1{RPF4)t+LR{TzC#0BF<&7%EB$z)x zDC9!2W%N$}m{h)Oe=MIV{~@l&6K;an^^X{4m8Pdh&T2$zdQ%#tpFTZKr;H;sYvu)% zE^uoTrYEIfa7w;Aa^{)DwcElDo?7&muP$zw??enlz3P;UpIm zGbdl_gtXbfcx+8K@+jra^Hs!&ly_&_V$)6uK8&5yoQ~08(`?VfvO2-#ekFmje@b|r ziskxjTQZSL)ERPh3Z~8Mb>p)k$1~!vb|Q~A9v8vtd--A4Q#q#GHv`Aw$ZUag&Wyv! z4ITxxxiR8!y6c_e>m%nrBkLCsM}wWdF{e#gXpn=49y!4o%X=Ul+6FC8F`p(SK&%!amR>C zCWpm>rY@N+S>$sA>z6Z}Wm*G_f*%r|*Xk+niRE;D<;$+a3@~WlF?QK#y*=f|Le{v- z$;EYjcfZGaZEL=(aKvHt>IE5`V`rTMnX|}!uhd64OP!+kq8Q-vwKT!WUgaAR?+{uS z%W!$%=+77+f4!5sK6uF-gDm;zpkRoRKTzlrsI?iqOJ9x%*dU-^RuES5btkG|D=qHfp#y1InII*jh zn6$fsPH%^Lku>avf&Fv!zFX3lP1)lVEwyYf<8DMU6g>_^uX2lJJnwQ7<#~8Z2iYj$ zUFIpJ?Fw75y@3J+W|E{t|CM>6rZY-{3@Y3w8&yi1F{1IiYdF?A)ltIq*IC*>oT84@ z%wIM4h)>Phupk)rc6U<`p(ic5=b>_gue3ZV`s14sH;Q8g`l$9CW0$Mgy*NLVZ=_AS z;+-qN)T%8fzkFFpgfs9KZJR<0JNGFAYD(iP8t>jombiX-HF@q?R7GrA4{7=$RGX{~n`?V*m5WdqViR0#?L# z=aekdqe$`RZLX0$o3c4gi+Zb|tH7p9WN~EjmAGZHJoT`WY{Ed{*^hD?ho7vXAE~+f z1>07ytgf{`R*AF9@{aqehSurSAWc-&L#OeS(I-Du=J()DNU{&lR}3aO$hPwg23t7B z)+VhbjZ@;P-0K?}I%m?PRZK&Ly_tC2Q2T|5*dv+ccNC+@Fl|X6Hhyl#Y&T zN^UaV`r6QCq*^jLayI(Q-can*sRoa)A1!=#?$GDyVK3>o2Z)d27gKihTA}VRqZ~aJ zy=36fFEEXTUPzE~`;kpkB^I+@o-aQ<)%gWo&<5*X1 zq%XV?=2ah6My)v;?J>Q=blvIfS<*xWYO>wZOGmE~ck>epmpkiZt~|LZih=If7P?Q2 zSKZ1j&iv}3XK*FHEy_deH`tjtV&Ni-Yn5|$Q<@`+D*JB)s+}<&@jRbmnte$4?qTYa z;c)i~0n;OE)f+P?M?Xu6(@hwq;rOj{AB_sFwA|PyB{f%0)KpK3yxrT$)0L7J|A;w3 z%%`^I4Yw3k&VBCSDD=Sa^g~2h@87W=3T#f>@|eAp!^T1O=IzN>B8pEZZMDMCixj3W zX^t!5m?+KgJ`Cxy$@EMLX2V`%QY{@lT`8tPaOY|mI>}-A_7v3HcC~qGiM5QW&19=< zTf0k2Aw$FTw5X~_>FyM1`rk8plRVsgags3eQnk}(bY=eEhw&@wAhD0GfEi%2a zJ8omVD$j$%fPDN-KVHSL`l9ljV!s)g;WwBj?E0~t)qCw{INdS?-*tA=GewtdneU!JGMh?PwciR)d%fRxxdC# z-{PPv46CBkrKIe{s~2fv-JUw{jgE66+#o(^uBeZTIIlEx@o37Np$e>$V_aF?Ry1EX z(N!t2*ja=9u*sxJ9HI!#lZqN_DYkRdvmoi=S|WEXu@ey%{bqC!)u^ zbHYse9PevGY44SSNlr&m8~lg7#Gy1~?ZP6PI0_XMjx$zghH6z?z zyn^yXY&oL$Naq&Ye6-aSZTR)jN3KMRi^*dYx<m|D-nPbw6PapXL&xNpc z=gGI;lZ??X-I2yWPej0TWF{z_ehPXCUljU{ph!LD+(wq-Uc?vMw<}q zlgn)>jTCr9$<-DGaae4;)Gv$DNH(EY=jVAIFnQ+F-u?VZ#z?;yeYW`^m#RxAFt%DA8p6Qmgx_F~;U z8BazFG_>i(7lwvubovhWND1%n+=}mdJLaRznE(2+a{li7lu!1+m48}XEZcC2)UHH2 z^64_b>i``YLc{~kv%8~8jxz{P3h(DU~TO)xp?|4N6qXft&h*%~E8j4C`BaitmO zn&}yi5NVoy7A|FU^oXyov%e=hUaT-4mKj5Fa(zpnj1Kuio7TcyW`*O#K6AldapxP= zdv+^|S>=&h>RD1x%UWbmQjg#CbBQ8Ih9@5!T1lYj1O$hP)&NS0`VOZ}%j*hn?2=ax4!6 zb>_U6!02I(6065HOdQv$3(!i=d(|zFgsxI84&@z*;aZ3!C25a0nlq@vi~5jpzh3i2 zW?1)WL9YB$W`*hQzFQvFiD4w>yg@x$>#SO5bLY@IL&umnEb4-(qN7VKg03o&E^HQg z;cRZV<37F6S}w|!WfTy!Sf6(G%lJg&%+#Q^vi*eM(Z`>(pBm6rO*QuJ$)e>W^%djyYq?8fEj&1MRp_nvo1-!@-b4I7N&vw!8Ksbyj9C;t8h2C>yL zEwLEI(kQB|mX?2>BV!B9Jzd(gXEgL}QSk3_jXJV?O)3Z{I5BLP@smaL7iNDTly?0f zT`5aLV0Hdsr*BMiyp>@pHao-3Tv;)m!15N?%rMP31~Tg1!n#NY5<^n5P*()F{OKW_>yODKxy{d-)dVy80HV=`t$T)PVN zpVsL=oDhyCzq48|O|WrdJuOe_zL-u#l!q8|g#10P5{lzviuafcDb+6NpsE)fV{|a! zBzU?_#=aZhLk8sPrW`xHD-kw_=FKyg9K3rzXixd=5FWr16{DOErB>scF-B8P>?} z`I=q5=(FtHpC)}sFoHx_)K)TPVr@PDt1oWajA+PFjc~6-?n9@<(Ze~S1H=1fax9~y zC;8+V&oaJF@;s5N#Jwrz@l;dfy7B35{b*BRl6z8k=^DY9Mqj%3wLX7#Qx}{pd+w4O z*SpDWDmvI=$$8_1qFKKOInQjseLr7bwmMIax%qSRCD-x@MT=IfuCc1+eefVGo$0>7 zEAOoBlX`DB?Eg`A)p1olPn%X!6eI)%L>iIi0-}V3bb~Y!qEgb`NOw2V-AD;Y2uQbd z3KEhcA@yEv=;e$4^!;x?2WDo^?z40D?#w(Jiz3L$P0R5_w2i6%@-weut-Nii$bc*> zkDYg2jaBS;a|tueF1Q2UbRM1Kef!ijG>5JGd+ue9muRw4BMLKm?Y|9}m>55taO}Rk zbHf!gk_o=(p7_g(8aO$0Nd(eRv_x0wW)fYGvs2!J4KKh5q@2cWw)Krf+b3IMfx2JhdL`SR0 z(u;S1lgjn7+rNu!Nu0&X2R(pMXKTF1^+5d1J%YH2T&l(dTa1WaEv}gE zS>gayBWlxULrtN>C@igS&L1_iP1Y7F-$elKCslLv7rZ*W6fvqcwcqIaJYpRgIgCTc zlO&2D$c0UEL-osL=NrP&R(?W`IAim#gQU{nkhX9)_~=7;KWnoR7r|lDzilIBc;FY8 z*g$OA(;2cE{KM(R%lMMQ>suUE4`06y7VCU>YZj0_NHJp8@-VKHQNQH979JLP8Ex;| zU~xEs7yIaas4NrwCgfY{4J7j-Drqe_mzIM4HyMII`c*xJPs(}oyAv{ONuyI=(7BJ?v0__3hi*#ucye z+1V}WiFY?%j|VwVIMPl{y>lXd-TH8vgpf9_ddg}xT@`<3^WYl|z$bveKYNE|F}QH{4vC8YPRqH|Ygje|uo9T- z1R&Azzbk<`v4uUr2XkV8YgGTL1>d}#pRG<`HL!GPIP~B2oJpkgdKcs#{cdOOo$bD7!E#_1`phMO#Ut&2htCD z6`(NqSo#mb7mlStFZ@%O8C0bTnY(|m41>g&=qk5AwPUWg3ADk#6=d{@qg<3NSrkWO5136Mf#@Z_J@a?T}y ziuunefeFV!0_1;Jasi64A$oAi&fk^5fbeHn4j89C%lG-aFidpy%q4*N2S6?XaxD^& zTmwoQ0j^{|H_ZQW2_SLEsQgo04rBy6jK5q0YGM=(wl?#xefJB|wY**n)-U|JDi56ICEnz_}e~&p2W2teYH@%$%805SqI0pLU%4#-uTK%$_t{y{$MU_O=$ zs~EPx{+A;F-nV%s3Cu2qsZ@uM0bNu91IFJt0%)~A@OIF@_XY-<5IP6Qxcz-ifYkq7 z%HYKa9`g&b|6LN`*ZnCAUW*Xs0?>U~|HJ=)N9d<4cq#rt_M%-F@Bx<&D98@U3i`WU z81O+81O6a;(JoAI|IYz>Ablk8elT+jGd*o1Of(UnuSzdXbcL@TuWP<)=x;A=SKB)z zi$Q*eg%B>{?ceML;OEwka%t9m<*#+{UA{giXJaiU!SV>6EUno-(`0&mB}eW{eBH@H z)4b+X?ZNJ=>Z+=`+T#<=flo5x{UaY~S!|axObVTSNw9y;HbEYz5ss!e1# zaU!E+;>@Nb8QR(0ox5@`v+2Vc!xg{f*&h5)z@P%_+EhdDx+=l=G0us24GASpfBk9V zPMLjlS|`c-hfJMJLL+jWo1@bVb#>MF{6=p@kyJ@)_l$aP$dIIC6g;>=A@7JGThX8; z5qIMe(U6QM`wP9ipzd3@B}rBlhmj*Eo$omY)}l(gi0ZJdScBmtu{`RN*9^M;!lj6> zpR~;v%MGWcBE59jFzP7Wi53GO2e#nd@K`6lN$tN~SzdbmMYs{6>i6{FN*ie-dE3s& zw0AH0UUmTdvV!m*uQDntqBS+jnFXp~$*$gAmjv927kvyEK$1+w#>WzNe~D^-S?(q_ zAJfwZI!()pH0{j0uXUxHrnW=Uk-D{ysmHnAuBA1#MKt6`l;nqpz+HPKpl6}VE9P*g znNDCPGrNd3#SN|p?vdl?&061lSdT=6 zNZ!JAT4TE{N?JoGmHgJoINQ%Hbcs(-9z$7^XppPeTS?@;e%MOS5@LHgLD!RH*OQ&W zF;SbEF*HUAv2vktJ6iuW)z;3wWuVB;>&Rx>CvM5D0R-bk?luo?OmMjqqEp+9R`b?e zB$YQuPJDkzR*eJ_ zPuA5vmVaH;hr(3kq3FxT!aG8`9+K7RNPZe!!?EyoJ`~p#X}c~xB=buO<}DgxeJ>zx z)o_D_jujKD4%2f_t+6sUsLGv>2hh-jM4p#{`dL+RxS1c(##q87s)#dzaQ6x&0`5mF zN(1pLaLD7KGjAF&>CwX*2VVs8-OZ*pP4J*m^!M;yA~-@E7Ej$4_2f^@ClX<)Q1d>B zSI7L3jUtiuZl0O$J$lsxo9xR+kFJl+r-u4I*86nH45jM^u{^qN^?M9Hf@NQQF0qJh z>ZCDcdcB#&E1#QvLikJQX?l<^lV+ebzjd<0s^;y=afqWl=vpttc)_3O z8%^S!u^XxR2UFp>JUxMtURRMOAI^xEpDQbUhPB_TQ(O4y)DXtYzebIBaxmoPt~Y(! zq7y{(g5#zPy_ay`6l3J{3LygrdEX;yxFZ#-fWEX?jl|eEyb2bZM0l*$5&haLf=_)A z0zfsT{^J5AkEK{2t6$6Rgju09{?(jL7anU7)0_r6WUA2E20 z`ZbGUuh39kE2=;HR2AvYvwK1|tf9C(Hr4ubrT3E4(<-+j&l>#Ocs|21o4RH?V>)=$f(cXwhKdKwtcP|TYmep#@BD9*Ww(g zmE__R*C;QoY}K%T441+<5~WjLv=#kqE7;PWsWMnTP9)dh&qTcKW~rV~B6lM3FnuaK zWpGW@;6qC!qCuROZ0HuQDGB}7AOWeU@=j?$nbN&vt!27W8KpPz#fG*6q>qX}Hw|rC z_&kJ%o1YXF*BVEi>+*VQTXe(~?xV+skzJ74-a9XtPW*G&)d<@5QLhxq?=Eo7*aah2g?M|ac zc{3uRJq`~vf(@gz1_{8DT!|{9XJIFsTS<mgZ@*3O;GT6tD22ggt;^NdYL=uY^`F-6eI4(J_2A;R{`jnD#4mu>6mi58 zO+iMoZ9u*mFS*3jZh-=QPxfl^+ZyG<0_@XdYlm;NY+#MkhS;%wR>1 zE!$+_Eu{*b=;fS^x|I0PTe}+m`4L&s-a4IGt|7g%u;`yHwH);VPD`YYLs!qOPjuJTg7aN z(Oybt-p(V9PP(o~`$94wLnKYfU94bRQ>X&b$fx+|RMW2yZvDcwM05R**s%4Ue&^RS*KAu1Ay|rwEehxjpIC@HU(FN$O@_S_)H+KXw11Gz*`6ld}qj|%uKe=M! zn61RJBu`zI&;CAOv+hB)^RbMxvTP@@mo43$;PHNRe?yX7V(HDHXAy@P7FC7IdEs~$> zO%*Fmv~Wc=y)f&iXz{u4`bg`MF z*o*hh7Uw1Jppgo?uA4)19_h+sRRu{gCZ{8f;_j8&^L)1=)f!yJx1K*+`slc7K2Z^H zqu_DO#0E8)^U*=a!EQYrGNg3N z-#AgS^eLgppIdd`vDC4pST)VF87^s7taDVtFR^sOl9rWAtFV+D*9(^GH?)q_r{g}1 z6nn!F*sG(2*)O&b`Mh_m32tsh&+scLQD0q~6>cXUJ$}xF>3n>q*fbGp1t$ZhO2Wj( z!$BoglZi*TPG6J&zJmpbR`>D8UuIt^+jJYelzcc$T1JD46d`f_0RDuB#hk%h|EuM@ zT(=oAqmo-2o$=oiHbT9`v*(`w=oIQWwQSIdh?dsxrr_(AZ_>{cUHFdODJ1>W`D8rx zm7p-bW3AjnxiBIFGr8!x2%eJ<@N3;$r;Di%+m_zFpE~^>@MVbP_@T+9+s09;yGgv} z33l>s!@cnu^nf~d5}?nC8Kvx@IOomv8g#0)yzv+*PCY<810o zRphog#b#=xe@t#5Gz%D6ZUkZ{TbBBKuMY29-u13PDWJSTvCWlu ztL(8CQB>O7_*dCiBaIPf2Sca2cgeLLK3x?Pb^dJNCYq6mvb^>h(VaE|4uwIBJjnJTVkT!V`J|tdQN+!qm$%_}<<87Z=R$N(|l@f1?p2kQ> zlGWnH^<~iqV@2+u7rbiVlD}>7N|75w!c2}#rS*op*E)x~ETV%XzXT@LJZ|<3MU@cd zwQlEwX%}{jj)bIF^*R%J8d(trE#V6%0g4ZMWXCP(^|+sjA&RM2b5<{=;@pK7T5yx#`n<36@qV^{8!br7exYec71@KQ&dxk2K8L zJF`yUT9dmJPKiJgU|=>XfOcelT~*n|gHV^C2my0sMPs6@0>v4!ev7@OU#MiCMC<*mY8kR#mBPII^>b%PNew_TJ#4>=a_W>CV4p zP#pJwqvgwJAY=70QknYA-ZI4pF z-fCz|^=T+C7%PnqebZ~Q>|93~wGw0%Y>w?c{~g!fr2g<=?PPbIT%cDl7s(xEoPZR7 zn=|zNZBc;hJ|Z?MW)Ls+(Iqpl$)^1+hV|tBo0Mc?mI+N98+=9Z`tVx*eAUPaWY5Zt z&2Qek6YkQU_~X{w#4XqO(~=v#Ns?qw57hwB??bRm8@ba#MogE?5k#NAaN7FA4Z|E{{z2xPIT-O zE>B_Qhtc$tFfy9@5g+N2m&t=y${!Gku5nTK-P$lWNM7$E;>IfNaVcD(G>V0vW(tkg zFOi$YFK4^a(R`^#e>BZ{BHN0*1+pF15xkiZoJ)20p=|i_y6c4r+dsIf?m6cX!N?`k}?-wf=!{! zNBg}^_Igh1bc5wVAkzU>K&eGbnI(6FK5LfG8>)rAxo-X!+ui8PPnd5vYGH(#bYd_N zsWk9h>styiVYIeszkCG$!S}LIkr?ODwaL`YiN>eTJ46!qSur21F@OKE9HJ&7x_G@l zfW{?LQ95m8J5t^8p}^?zBArsM55eRBr7rxU`sT;!F1ZQZh@1%b@pV<+tF&0!DV_wu z3)vWt6k0fi;Zlbl%IqWIs*IVj7h82eA6-4e=i4&BOzCW;;L0rR znA|m%mS<^1l5oCB2~lzE6y&6zGE;4>amK=Hby0`f6ZNx-=rEI&RN~a0l`WRbJfn3^ zVPeQgj?5sWh)d{vUGICJfykt}iy-+@VVK<2-sEeKStSBpsu*NbEF`h}^9ZE$4W@f1 z6Q+GwAX93f2d=62j7CyAHk>pO9R0C6Sj)P_zjBeX#*hMty zZ=3K5gx0I{8GUzNHrcNe6z%Pz744mje010!(9TAZqzp$e`*GUcfDFTKgE$|v;oi>s z_fG@DwU1d&`%&flFvPFJU#pIzFpA4!WwyuV6cTp7+JDNyoGm;T&CwYmBWpsZBChIB zO5#O6@~C0^hhV_oL;UpR#Fq&wpQ_*bJmKBz4R~PoLv9rH`?e=8duKTtseG>Vw8dTd z#Ru{|%JP2jidV`;%G#tyA06g|XTDTTZ0uw7_c%$O!rcfm@lpDPLUPf?G`7}kO>9QJ~t=REZ;EL_PVR~SP zR`+;r$WCx>NZ;OgYDiyU>ch>;%x?xS`(ABQ&cMsCRP~Z|b!zyY{rUML!I#M&5RZZm z2#=a@1BV{lU~Kqdlx{Nw!lM%!C{7@|2t~zA-LalPzg+YZJ9)hNArayl7e?=`jUEg8 zdkzX{%K0{9_*{p+9jCS&o%fIFgz~(_&5~Z|lP7#lEj1b@n7dzdAJN?y6C)fR{}mp_ z4@<^mp2$?BRyT9B>KQ?NGd|h()=9fwHswZkY=TO;m)^yL)|$L(*4kTk(*}Hs8{@PF zrNHI(X%ol#E8M7OfY)^*x`9DOW1_sK;cwyuC|}rJ4J@*y1rvI5m8*|BweoFjxYU*+ za4V@l2f{}NdR9<&s`w7S_uJd#s^_xqSPB*YhGFGbZ?ncS z1Ha9;a$iy#4%GSy+Z5Z#WAtBZ(sr>QQldrx0$z2fhKPSWZGN-Hp;@Iu;je0jW)>G* z)P2||=R-X{Fhc0ZML`ne{{BA7gOUTJL5Kikr{;@CIdNWJ=bC3DVh?^9;Y+>gWK!Yf|K`O&yzgl5$MTyzS8ZO9Y$(G97|h)`Tpg)VI$Ac=7(tn47g#O;O5^YaDd7G zAxFuelk{KV3{_z1KNB!E0t!%`#hql&$5zfoX26#Rz$yYpXn!&iLoPOfiJJd5LIb{d z09MJlf@(0w^WT-goalpt1Hax060BqUyAqh#`>z-cm=gD|!mtz%z#t6=nDPEBNW%f< zGdOz&3Y45R&JM;QJo^yM=Yuq0amc9rOOOU^1UigAqqQ7Rb_5O>b_B?U4*!j?fV=k_ z6`+XHS+7BM15o#V zqXO!~K%50&AND5|=SUvT&;aZPbS8l#0p=(;8vsz?6YN;Pmy%rQ4J_FMFcks3CSj-s zeoo=Hl5|lHsgyu`GLjx+0>?nD+vi1RT`-~KT^$1Bhhv-=G!xl z!z-UmrZ>F&{JwqZao+FQv!MyjYIyz!;l*a)?mfK%zV zQF56|VopMVrt6lIHsAK;W5HFsCAdL9R3xkI(kHI)iOpUuGkA(G3o)LN=NS&g=JQ_x zsORWA8e&_{O{$FK$@v2&X9`9TNRW32S#=g8lYP2&6{Z<8Ul_Tg1e%MP9AeN?xhAdF?>64NxhqRN7PIdA;4VJo7i zmvEjMFD-Kz86c0*Fgo1)62|Ine1PdYe|?j+Jc2SN_TE+n6u1z@XmJd>{lScg28^PW zPXEZo7vBvwt6A!8YnJkzW~}<$7ly4|6Zm>w3OdzyyF|y&Xe2bymK|$zySujB)Ubi` z{wxrUw%+?jou2lcj=i*;TE1v+XSy58fn8^&Wk*vNu^{&g!O`mICE|kb+)6=4o&(YM z$}c~5^M0lrcI{gBU7H#G7SaL#oWlFucVhWU`vBAQpXj>aa9ZTo_T{gx!8yP^YB)@d zjn@#UWSv|ZMhWm%bTnKJR;RP@^gwd$-%<1j?24x3;ZbWNm(qN#wYtNR2$Z@K919vVT#UkRgT%l3Rlk2J?d}kl8K8sjb^tUS$yEtxY zZDG@?5yw|4N&4Ec;-irvO|z_;a0gYkVn;men^K;Ow@$*} zH}NLr+U;EQy3W$9Hp7`z-G$un>eEa%gQ_7@d#+BTfu*t8t_!!Gs(OAwcV(at)1$>< zAvg^tOarD8wmr8934-3YmT$k_z8#&+Cd)KX5TKsY@L}|>1K+Jux&iG^bx0qo(+g9U z$^4r=bSZTchh{~Qs=s#(JB@u5=WgST&%(}GyM~n?;ce%}ZibS`5}@yTM>~Gvd20RLs}YhN$rW}FCUTqb z=B*OOJwDdFQc9aFHfFa&f5EaS!ShAXu=LG!Bx7R4C&4|^qsQUyQlo0p2UNw>tcc|w zAGR!XEESea>+fN)r(EYs9q-?=(!o~^xK`A-QDVv#tQl+fuDzSiy`ZUO@yic1(aw^F zjqPV1$0h4aD`w;g1#R@RmfwBoo%|ztGK!S&8QWv1`uOckI_#w)`D>Yv4{7aRQ&J50 zUizT=zCJNxVu=G;l+XbkuFmdYacJCHiGV9eCg z5?Z#=#26W1lrFTno0A|qr@mWK_pRA9oK^-+N+tG-=+?o4i=XpTQ5*g@O+7To>N)oS zBbBLXk(GSr%h0!~19ndFW=a`CS zy~`-DOOo!&^vuz4eKUs5t?b`4Kh}M%a%za-HCcP0tk&DK91KqN(UhZgG3Wdc8X2S% zBEs^C8_^$(H|taAIBdS4M7}v14>EaJ996tmA}M0$`$5XV+xvCaC;DN}hfC@eJ zz{xfjk)uSNL5BAZReMH?vSUkkn<%L>6W)6ArwY6AvgF|;SGik)Jl!N}Hr^OOTHRiI zL5CqHL7H2~eD0x`B1Kb2gnV)%1=pU+(Hu9vc`D}2^Yr?6(x=iY<#TlPp?dH2$OY9! zG#<{~e%IwVvn|(1&>z?z+o>aHTORiG3vYHqQOKA)rQi)(-PPhji_l1S6{nhTYtg;n zN|TT`>bat~Pu*g4_9*6<)YiFa%)MLin)L>nWM1%idD7`Qlyt(|MMPC0D6dQxYi9;U znfVyL*jD#040)YP`l?$4Pee0vIhmbJ@~b7Mqhg%Sd_PG}_vTvC6<6hcGCTA1cf+4W zua3Cs(?%3s%VMJ6PI5_qeYGYt(Q6X@(a3zap}`9`of6`KF%KK-`(^}>P$KEaLjH{{-gzYJ`OEpgQt&GM91WDzC$ z!Y4u`F^BItp**NalQ_{-%Bhe3gai>2HTIKGi=o1HWyj~{XP%mT*QwCqC6WzqUj5?L z_u`2zs^XaV2){yA^?a^Z*gm0mQpkS$pe-+Y$U_9DYLibp?y5%Lg|kbtJka_O^7+F* zPPHPZ2W+Y&VN>2piIt#6rn^l%@_qQKtWPazvd53-cWwKqO=e9TdtKkk-lYt>wM96d ze_6g*vYbe@he>bqhG(JIPSA@U6Q$u*6W1qI84X|kSfz9kNqMd!mJ6px%o#qkaT3<* zpsr69*(?#hXX!d#u*ltRk$ErB+?z8%pezRARhtfdp}AE?D9Y6~iFO;kkWO@0*0H)f zjlKHR7&-$gKbEjMQ*N_}wFoYHF7Rq|mn&3%pg>o9?S0KRVOzS=hef5NGbg+(3d?$t z_2Yv_ib+_~3Z{Ci z;_}GSbqWQACwiALpYoQZ3_p1n+Ry>tT1n{|xZK6wHg_!|hrJQm|30sdcT+)MOYF`D z9jAq3=%Y~dlhM$2&02?VD{D2mL746Zt;sacJF)#MF$V6BB#V5;d1Tf|g#8+8%BE?( z>11A^reTkRUI=xKC$ZaFenk55HOAfNcb-_8&2MfKGdzCI_BFzd#*A~{ims(GFeOaH zt|TISn3QuW#9?y{Ie{~29i2VHRn95)9@5)WCQUXT<8j`dDa|*{?}xES^Y_U_5zGww z)quSHZ|(j38XsGY-<35fQgGd!wr-0d^9nWWh%@RHV1N54EIx+AWNKb3Bjo+HBFD*V zxMgC}y%vBW5)U_HLbQE<>(ydY{>RNd#3k{pK4ho(*}XR@-eO&;EwZ^mGlLLDg%L-+ z`%O6{?}|O8-78d%0q2E2)%V8RH_|)s6SL&%(D%7O6(`0)ke=$XEy?g&c`Tmp1}6tr5hit7x?n3RvL!}->x@lPmR zH8?l4U@PNSR8qZifoU*2Um)vSI;#E!6w}Dl% zdM_w#zX++(S1FcRTR)YhQiwLpjj1CLyL!6j!~280V>CW!cR~kI=1#6GnKcsu(bmRC zmoN>T{#E|Hw`R<%BwE!4&K@TYh}1RI*cE- znmCr7j2rQ`CMq32>E+2NuPD#1p8C9SWi~oZ#k{AX(NF{JX+vm6$?BR2wjB#;nTx{^ zy@(obu4_G}#vb{Hju_?+9OR_NZ^2njoU-}ZH`+n~xJ`Od1I*$TAM2Ttks_lWWm+OO zlS{U1ZE>{_o*XTZSMDaQUzygZxNEw!wEF~I+Bv_ulTq&TvoL^Ffb{#APkIObzC71C z*=}H>GYRO6Xw&8%sU?--%!TMC1A5$E`tRG{M&lm|yf%BkE(Y$&54G5&I#%rG$mAu| z3hBJDA*x~_K_>mgR2`12!t|LFpEJl4>4wsD$rHIFAM#~#$a{AyJ)PsQP3Nw3rYBU* zCrua7&e+ZytTmt-YQg4LrklXgJmk;QReOU&h7Lfq!7G|?rkE68dqniCv(+IwSehAE zykA!F&eNm<+Ep@{*U4p}3{s{Z<#>-WpL0i2pmWY`V#CD@wPA+cGN}+S9EQ`Gr~MQQ zH(#C9xPOWuzp^M4K2&0yZoQ507^&hw@i9M(WmF4s8b!1{xyxsBlZns5gM9Ou@#e}w zs@Mr7X}(|Z26sQDn>7T}+sxpWwJX*pkvq@~qlTUcbv~x>b=MW5^(QdpB0eEM_GC_B z%CoCW@fY#ZPax-u)q~sd93Ji1B>EgVXvU1ZXexKBCElpsnBPBJCZ^5fGjUcB(suOM zYl&0MN1avFaWz?XvQyRHyqN=fy?HP3*e9zTu_SX zeWXjpdoMoLao+!FDkVq0mljZqp~<7Kq9j@Of;TY({n+ z|A{WYfHBLr#8WDRJ|1($c??axlUqN^f61ocHq%alB|yHG=Vz6}j)m z=5S*CooqZ7WeN0p8d@0F_zWLs&+SgYy(u9SPmWMtSP1;unfNApvt{I4%w5;c)hE(b zkI-jDPB*xht#?bVBACC6cH8J$)tve|rRgk6U}%nUgI32y3)l;#n@f_bTV8Oe3zCe~ zM~GFYLu;GMTx-({hf+6v%oTd57Wwr;$1W0aGNVx z+(TG>n)+;3InlFq^YBaMvkD*;lktZUtwe8R*Omrxa#xBO|7wcMOHrinsl!pOG`M6( zX}k2a(GvtlVpBadZ!=YgA=8a6e$p+4Un%su1p>ZJx-my9Rt1lTVZ> zORdtaTI8>kg)-F+vs+w*R!mE49T+4cvb1ZJ|-f#0YsZ1EDV!RoJGcYTZ*GE}7 zJqHpoS3>WrMvf&t*x02p2)mR|V-Uc%n!*vWX85MMfSKUCU^w2`mB;(r^l)=+WV_8| zqMsD3gb4UqTSs5dswFS2SO!fn8{Ws^M@aytj@3TCMx4PZGgDXK5P?bhxM=GL4nLkl z&XbznlUsb=mR==BYaY85CU$B-O|o+W;ryMz8ZjRe!sCLSHSR_ z28Dvz@XI1*UBJ-g%-ESh>I}c2-k?v6)t{1%)KRE+x}6WF1ilKNe!---S({!vPTuJ- z5!fL)D!Hj$UT6y8GD4PsS|a+6Fn zpSr^~EY+{_CFRo=si)h=$2s$)-^1h^UbKZIrQH{qy&@rNX%YOw&z<$=5d~71u8cl~ z=ERi>j+!g(*5UUwr;gR%4LGWny=832t39ZyeD~waH_KNCR(q>!P8<_cYknR0O+|;B zq3fvfUUEWYhYjiCLRV3C;o~b{JcaP6mtT{slnu|z~I68sMH0L-wT&$|4zrb zpwtD5Ul9-tAMG(0=*0jQ31Fl`0pxUi?LK$S-`Baq`(F^mc+^e9s%GJ5E-oO zSp#%Tf7Sp+ZopwCh$Xpua(X%zut)VEf?a6X0B8XcqX9OcY9OT8z$c&}7*H`JsswC+ ziV**10XC`uv;c_-0~_EHMqmRRa0WI&0cW5ENEDlu1ty9O9q`}015EHuOqG=xToDLV z11UEIHqI(K&jtrl!w77E!&<-w=&kl^THq)#L9xUP#S$|VOUzI#F+;J${7+Z{jp?ry#{|U* z6BsAJJDDN3%mW*cnPvi2H3RX>1iBL(l1TE$H4U097z-ehg)?aoQ39v|0Vxv)1f)#h zg8sAr`KNg}zowbkpdAHqqMTU(bB3HXAbx}iLTdti@=sVgzowZW%;c<0AnNZk3s7Ik z1O+k^6v#|qApdQq&#!4FsOMvXdOjv7ewm>7WrE_D>7P6wELF`JmY|-G3F`Tnp!j8i z;+F}EU#5TZe4ufMnQ16UnV=wLf`XI@3Q{I8NPzU<0g}g%jfEfDQ1t0UQ6~v_apsw|w42?jQxqXd~?79fK@urolO22St< zpEdqvl+IBKsj>i|6AXY(FaSEi0O$k*z!MC-GYrfm@fR$CChONI0iY8MfKD&~I>7+w z1Op&mg9Y$UUIUhq2$;SFfKD&~I>7+w1OuQG41jEtSOEXDO@gH>Ix!6%$ojh3gjL4to4 zfwH0@I|tx1&?uh$@z?hW+O7ZOLBjGV{Zk$!$Ovrb!FiBSC&K~bWFR29ka-B|-fvVu zscT@i;D1yBv$X`x10)ZU9dzv+2h=TcfZZZ!sr^wE3`l`gF5t92@W6p{0-=!nT^=Mz zKjc+_!r)ZKKL}sQ2?V+7pTb~TJILJq-7;v9ehPyxy!(^zMawV<1VRs-%ngRmKUjuA zAW#^T`^)hM;ft1Gwp;&o2|sD=IKV%e&UfYf0n|ALrT=&YFst2fm7H5j=O~oUbijH9 zFst1^D7k<{m^ukadg||9=X_6KF!-}h0+N#ZcVU=)4bUS1z&}yWJOTjnBL&!i_-z0T zvlR5*&U*x~I0RV#;t{|`AOgRbr~uGC4*-I z=%>L?VKA#5WbXdKG7J)d-3G18KM7y741++RFsR4^0-t}d41++RFsLfwPr?^0!?OYC4 zc@XejkiBU4Y;u3v1%-0{Bzw{Bc{g}gSOEZ|{~zq0^Mat=+@EAG+J!;e|0u~|WItDu z@l|Qu_)f)D$4^RSw|TjZl2z$7;);sA%eR|Qn2U-owKcUfrj_ebo9c6 zEoX36RsNWtZ_2Pe{_*ul!hEw3akxkb(ZqkD>&N2Eh9+CCd#RqXe%FsE_ppV2^+9@* z$^LD3Rn?P4r`QEY#Lm;x(yLu&lW;ri#Hd#yzf01V@|Z-P-nXf*)D^Etz{cC$YF(H< z`rv|(*c=vc)9$5F>ZEO$)b?9M8XLR8{xo3%c{^P9z@T_{|DZgEt!?drSh4K zC{f!|r|y1_+1ryZOSGQ16$kn`VOK9FTdVXoX@yJdVX)I6qmjNe3UktuVCKywTfV0t zJ2tlSL_~!4RZHnTjLqzO-a~3Ek0aLax+k-g%0Dv>h{?HQQ^#E6?_}*;lvhgXtDBme zeCIgb%>l!VzUr=qj4W>Y8xH@T{U5bB`Gqa&iy;Y502kcG}Pillg$lcqcmb)vZO zb~6Co2`kD~-M){a1;gAH;r??vqwTFqMMn@Qn5e)2h^qY|%W#s^?l}{a<${0dRdVo}=T&pm zJ7`$6-$Oej*n_ShqgZ@~35e(wekhGW&?y*=!oKHDIH$@5X@hgW1Zu<=i%qJ0T4KSbswF27`+OM zq7~uPr?fZ{QQCxl-s&$p7)Bx-7ippWgsJyFv zm)_CBgs%RmTXl7M9f3>n`6tKHa*dj)YLdLHCX&vpmqqyA`K((PBTF2aJjD~a#%RDv z;@Q?pJW0N1dgW<9Ms567_xRW7&2KYC^;=S_Yp>lbFjG0oCOG-|Jw|1UVv-9{c>VV; z-`7VIv%vdA7&C~8Y~s^oz1Z@q!@S^1HbCeGsSkAyMXWcGJj%BvF3$$y#Un}fHu?Re zXscT&kz>(Fv5#~mZ_5h>dge^-6!GibFKxLcFBN`6&+1axQZqU-1=EBVR!5*H|9$6) z$o{XP!+|#l;2%8k>AG(Hh@SKb_PT|Vdpm=Q;LRqPIMG;iK+o1&TcsU~>k&vnY^<5N$-I7KnE?uIN+ly~H|3~2PYQ~}Ol1WRGh{D`j7Zlsy*u=@na+2T zs8S1;zd?47LgoFZkZIyzf4FNcbb9)s$wYe9>f$5G7}j;i+^u!)Eta15Dah5tuAJ69K}5YUslEc{Z|@eb00OB$l|--y&)Hj2KiZa(n=YdEFseHI^4 zU&a%baQL?AYX5F;oO&@e$qcMtnU$(3{(V4L+FSNv(*d)DS~1(ZN^SCw zg6aB1t;Li!*)1*Z0Pi^DnNahD+rEoJ9qM8-Nmjy0f0Tt?^I|>F*f+X5@=h=RkY)g% zy+nr-f+AAbr#9S3z*W3OSfs?+ zcJJ13;Il5qyqi8RX{hR+HJC9oJkLqMEKQf$rLto7n(*TsOvYIzsY>Je`1Vc?@0jwT z3)T8%LoGba$ou~8@4N1A`|eC1y`kFl`F1H)T}{hfW_9`KE*(PmWbPIHA>OC)MLbQ6 z;g1mvg3Sy4)e)nqSO^!0)3SyxmtD8I&V_?>l2st`{99HNqhN|w&HMeN>n&AUWJ&T3 z{I_l2%srk^ejVKQG=apA`dfHLB|+q)*1K9cMP>?eQZ_Y{&zHoRvyVd`FEe+UxgT7$ zXq0^?DIjZF>-F~ba>2X^GT#Tgd)pgEMWP;)#!(+8*^R6o&zEf2UUz7n*tz{GaRXP~ zW_;6TiH}Zm!fP zWvvxC-TO31V>hH2F3ex&%tEp4SMg9?O?~<(mMrV#WnY31F1+I|bH}~ZH1_N8-j`9g z7yt&errhuyHC=@qPh7H*#TSu!>*RH>qOwK@UG@t|;>b`?qo(2p_-#Kivzwb9*}M1D zS?Pha)2?IRE3tz-xDtE2aVKAEti$oS9N93$x}>|8%XK>kuT^~LvS_+RK(O230++Yc z)8I0B1@Uq7;fG4SMt$o1=ehu{Q{)YjD8?&&`SkQZ66fv#DQ@~K)BQ5vJm}iWGV7%b zq!L|9Rq!lHVrl3VosE-H>P@n|9rCB9GXT)6I$(%jC<7GQ0jzAmUVx}ot0 z{WG8A_y}DOLYkfoE18U>sscvEs6Jg^rLPa8w*lyDY|&iAQ4M9=>sOKr6hEx@A-xZs ztPO~)xkP98oR7_H#%DNa9Pq^Q4W_HdY2~$L+TrK5V({f&2&Dcv;>}*h&o^&j1`mcP z+Y){0Pe#OFqI&R%%Ivgui-dfi_wc#Yp~jUW6{>YOe}i}=OJ4b?aaYq6zcjaw8VrWJ zx0i&q^kZILO~<34U}<-AOvCq=P|ndSCLB(k6ZFH;Zk`Qk$=K<2r5CG^btbSjK3NN% zIrfY@jcrt-8DI~|m%SqO8j)3Kk$y8gn6#yLId4{RH`eah{iQJ8bPav2DKB7;XCvX$ z^3*+(cR`hSs~#*^PpO<*;lq`P)~v^6wX*Jp`ZyJ(U^z1ihf~%k z_R5lQPjl+L7e%MVk4in^?5qr`y2O;7ti&>98+Q}O>DIe7j+5uLlhVPxFHH=p%su{( zva61&YWup<-6>rnjdV9iw{(Y;bazWgNP~oQNT(>>4I&{WNJ@uvso#|gzjt})d++;? zp<}JJ&pvCMP4G;c;ts^_6w%aeF>Ri?}I5 znJf%O%(xCS6@0bU7UJ6bMQPHSGmgU$h%ZqJ0e$n|9M7ZME7&J`;^CAu7wB%pDIlPfg)@?_&49KMB1l1nq{ZvA)}bz)eI z6!~(lX#3ZG8)S*c_u!V|nOP)+FR5@D{(etIJNbzdVIZ=yv4BRIXKg3 zO_!3)RFmL|6~?Pk#n&-gMpHxQOR09I>2r3AVTns-)QwWkLEGh%>3hEu7l{L2G792`v9 zohP4oGeAcQ8`q07Y~78Z(Tnz_)FB>CTe z0r&jHM_#8vw~7+VoddnB`}DD9&S)kQlfH22kG|%>5S$k2jW_sl}=!w+$-9Z!s9V>bc}YiQL| zqH9|X4L2DNJRcHp%9B!$0yMstO-Wo(*fi46*d5i%Vv34gthCXu#|_+LM`AAp2Ji};L4MqY_5mxhFh6S%d`HXGH87?)Cgm;`I5C-oF z(_Oh&?NivD@8Lb^5@FN4`s&Q@Y==US<>S8S`ZuR+@%L%3GR7t*SPP7oNaaZ64&B!P zP8lIRk|!yce#p5B+!#B!T5JfNP5WIG&y#S)%zF2BAHI6)q9l>Ap!YKO@_YT4Il%RH z&7#P7@eaf2;exH+nfOZ&5sOIB$b|0ghz5u~w*L8}=whMY%Ds8$ivS*#<4mcCt{-*4 zc1R9xn>w?z-OOoj<`bo%cgu9mtoX%LYq|JJuSEp8%W_g5aDS4=B=R}JY62W6pqq=s zM%!^S70UW%(Dm@!%TsC_mS8XwXb2gb;g9K^U_4vW6aiPrha52Z5t;(c zYAJ4<-|&7S$l-L`B`X&@%T-Jx;cZsE7$2m?E(23mB2d0iN%qMzBz-T~i?DIQ4-xx!3}hG_lhlQhTe+X1kcU-x@`l+P&+?1GK zwb@m!@kG=We}CI+a_%Nr-=kq7S`>Swl$x}Hp?Y=P)7@R$flh4Bz=w1$b_udI+F*D zY$wTXh-sfhdp~H0?wBLJRV>|8b0&9<)`{%x!chmNGQ%`MLaZj2fmv=>|}kF-4@t4_0UxaNe#bt zcN@cXf&rUUxN!j9nt66W>uK_3rNm>?4REnOZ?u>k{}U7aUnsYiptRZ93%v ztEYi%gLMb|q@VcwNXeAs_P{bF2gV}S(q#%tLNGGD!lI+qWqr`6)O9E`1xk|rneiH( zz1@3jzJ=h2>dNBrU>P_O84UK!j(4p>%{unZc)5O>kEW+4?==ZyMwzL=nxyiGjXc?q zkbXULsf=Cz+%3{=wEYzpp^M4`Au7tU-a4q4>d~+!0`_e=%`Tb{_EBQ8c@6?4e2*vO zt2C{?4+X={wyIZss0wqH!E~~$mS#?Z9RZO^5)|-6d?^?ngV&|~_iT3jEm#f>m zVJ{PHh=LXt%H+A$jO5k&9)=E;=(Kp|>XN|U=Psc5!ELj>O8f&u{~n{xEBN1u?SZ-z z(B0#|s6j1&8iWaG0>uFojRJQke@|^(=~h4!0f{fCkKo#OZPiOvkEw16^htoaAWooq{dRBv z4%4pk|8JE6^+10LzO%}1>FWV^eqM2zz}NpDDueVR;MWznzW)$>w=zgW-Vn~f2K*0& zZ{ZNQ4xrE(IFzdo z3PAVYMzkxHG$^8h8u(so<$jmt7LuKdo5wVgKAgf{7s4*R0HZCfjIIP7E6L01O-0fZ&F-MBVYzVB-MW$ z1!$Z8^&mHbZBC$I`=3Vv0*nAz22e`^ob%g#@H;dE)ldV1fouB@!FSf!m5BWM`Ts#6 z!NkG|>RGu3@T~m&4(-Q|9%;LvHI^Xr7tt5KXomz}f-$+~qqH)J7e(|RI!BY$N)qO8 zA5FMO3`L1Z)@xj(>MAb>G@^^y&%J(S`t|f8Wu|rlr_3fLHg;)r^yH_7uKPy`>SUo; zU6M1G_6C{yDp5;suel2zDCnz9o)I?aq0$+1fw;9$<)< zgU`#q@li{YFegWR9f{AKV?LYkv8R%W?dcky*Qdu8=L~UumB!w2Msu5NIvK@+8qLK& zJ%``SAxt?|Cbn^Ga%h;Yq@@()RHIiH%FaD9`PPT4G_B5&xD%FXU%jHr&1#bJPTp~< za37l7>*Irqv30}LjT+)?EBj(g+8xKvzQvNK0VNL})b!+?dG@>`P`BCER)W*E;?mLc z>}gUHwvjOV`s~*mwHpLC=4c(2o9@kj?Egqlqhz50 zjnMV@L9=uV!6yyZz03~ezGE63O$3H(HNcM?&dEOf!%yJ~NCZaGyX?-oj+rSp?iA1S5p^ z62j#ax5@>a4@rT^nyK|idWf}BWHZ`q0NN}h+s~(27fP(AgT!JEqs|9H=B3D=OwAa~ z_H)gw3wylGkZs-Nla;eiUzn9X?wAmA&?8K2VQKd%n^j`BrXA2Q+OD$ojZ2a?#eW+e zHM{*rsfP;z>mUx34#i_(OsT9|Km?0z@p&c3d@M7ZXLg!Rb=AXdV={GtA4VE0!AGqq z0{m9Ukv>0cE6nBOB7Hp1w-8Ic_LmP46XYl6UC-e8P)4lrsL=yLI(X%Rent!E21u(h zYSy^V^^LPAcpotpcle}}Ko=G5IgVQ9QkawM=pOKVcuq7uZ~kTmmE(b?xth4uqg7^2 zv{^*GSid}|hdOWV2gKQ}9;v-LB@c2%&`oegc)BD;{cseTelePX+b084>Pvk!X|DpA zHzccoMF1Hd^3=G*VYG2B2F)8Sda>N<7yj0<%pV1-ktW9pyYl^}^b58UwvGEbn)aM~ z!W}#@l6=9JN_yc!xvQd;Gu!2Ge9N+#ZJ!3u2B%T0bUMVcfBM*pz{V5H8wk(`kdYFG zG%=~%cGqsTi58bJj+H{U>zGIbPYQUceZ%+FfPT*iJggj2 z(K>^b(_{1{_&pC1Dp(T#{xiX3(ba8aw67?X5GZJz!_PbT>9X?XrPg9y9Kz}K$9un6 z@a!$FID$Q{;4JhMT$2teay06V3U0H}Zln}e(gIV54p%7s0RDuSlh;KIUYF!E(R$O9 zZ|cWea?>$jZXS_*Cduv0I}(r1I^dE_2`(h2K{qT^`bMLILtAe|B@nZuA$jyYSTg$G6UtoO2{9a*GF zSkWMnKiw&&iKA~N=vn*#+#63(h8A|C=yYM{l1JR*r0p#5w4&g8_}}wlvo*Y*JbHuP zQ914Bm*o(bB*iy`1lFT%KxD4)o!!XJw7V)|h_R?cgo;8B((2_%Ye$HN(p!Bq4WUlJEDHur!yUk*F(fCn;4o;-P8sxv!6y@~P9q&?vx z#Y+r=&ahrG*#wy~J;r*}6OL4i30tG*7iDCl?8oVE$vrf!EG99&K$#@;fXu(ABspV> z9$K)L^Iq=0L0hfu8uC*Jse<{&+{yz)aFmon&9ASy<%|jNsF|suVwU7I`2hO*sI`0wsW9rsMMYcW#|5Fa*cj*(f?^v~N0u3>;pihox5##- zon*sL?-hy>+f_nXoN6OmI=h9pL?|)l!!djEa_szHj155UHMDiHluSI3T(uzn@k5j^ zkk0Fi;C8l_mq7R2foa)mJ#F2_epFUANVdmJWWyZx3g0IYmy+DW0;6zu{R1fJY{52b zYj;a4eKWC1OmJ)8o`^yEQGSc>EQWvX*@fkPZ|b8)Xk!dS&pO)!!?MBm=sxyda!6+c zQM0r7b+L}C@0#fqz*7kJzFSHvkOO>%_dXhOKyUHm+Cl`bzs9w_Fz^*^Nd0I~I96?< z{9HQIu-xZK8*i4Dn07d%bL_!S#eG8jCmO}__JV~Jhwn3KHOnO}+Nr#P@fO%iyB({i z3G?mJIW^MEe(>AvUv!3wdaiTI&itIT{ha#~=G#x&il%O=rM!gCNc2iu5Q##0bBp}8 z(e?rjQQ@;ji~Bt;t4Xw}%&ubT0Z@r!zHN0pvLG1Nf3kvVn=-Fy-@s)JeJxF3r5(SXL&rcHbR z!Mwc%^ZZjz{lGeUH%0JwWk+Xyb_x zk8yZp$Tl!Xhvbr8u`m|hBNypbns}^CgdIHcVw^b7%G{M_pky(?u|d12&e)17-?{=b z8_SH1rOUV>*!W?7*s>$Q@iC)`rK~wf_t_Eny(0nzTWq}ZTA}=x250Q2r<6^4&;s86 z^mgOZK}@#p3qJ6f7ebVDB{bhhfVVY@Lv}oe@g)?ser_{+ z(Lt{*$so~AXcDV;MzX5gs)n=7TlBbnJE`BUCxqA`D(UT!*Ne|Fbp@pjC!{7+%BzRT4>}vFSZeLShTq} zAa03$_c42FU_wiHvcxhHC0%aaoWSS;b!oTE7eB8IS*&usK;~4{d*9Dr9K?kv@glW< z$tzS7y9eXO+@nAn{Z3^&GRGOh#T>Q`>hpJ60-QHQ&;6aSs@8QBXguj#FU2R(YD+{& zL@d*xDH>sa77VO#o4UQ4!CM!iqFU0R_Ge&CB0OXWkeG~Lvfi?v*b#8($o9?**oph; zX|U+^F6D_N{BF6ur-zWPO7RJU&#UL$Pl*Up7(_SALz1z(;xP8DBP();Hm7#=tm?UKi1UuS#-AO&SK$d;J+~8FODw>3xd;2}Hvq9lbVQ}9ACVlh*jmy7o=k+x^{h&5- zz)yf5d?qbVJGI z;pdRkP_JlZD3A)jm^|9q8mVOyiZy36AUz{9^N2&Hq#TH;gn~$ap0{sTN#pe5+`O7+ z-%6W>mo)T3s+G>wIAU4>RXGs}d9yuL%!;<3V+={zO4ZCca4GdM{tSa>zFxrf@jQ3>}AUdUUb;gemMw7nTf^H)zfz06Y40)|u;P5bnaUG(-0Oz5(U( z`sWwJ=dVOHB5ldz*5M(m)&gc&+hj*zM~mi9vL2@f`E$!pm?{eTsS6PlqeqK-tG14R z3iN9oOvdbJV>ulG>qBdJN^6ztyhH|1{r0(Go+9dqhNEO4bkRK)`RR6C=5%qT_I`W< z--L7j^Ty9@vW2z^l+Z-pa$mc)1BT=ShElpJ8=k#1JEi+Zd#qj&AVels3k5^;=8d6u ze`C_CizGgg_$>F&vj<=ADYl%y8!9)lbWI@YdnzIq%*v2qEv_Z|$=#e&AuZ79h104~ zc`*t0y}_YREcN9Gm?om}j)ZK`k#IKQ+KP_@QJKqny%yc6r6{TSFB^=>Gb_)u%7YK9 z)Qt9Zn!dZbIe45TaZSb(utFN;=o1r!Sl9J&b{df>P=LPsq!xbZ`Pr(;;2%e@K zdwQO~>4q)v5KhBSvhzah2cIFUAh)8A3G@rP z#7(j@bTPb@!m|yU!U!l7ydV=&!Zb_|*J*l=`z9f)V)q?%gY29Ur_r{Ml)O+Mr{%FY z>C-&YPSZ=XoS*=~L&9Jg@P*T#2-D(-Y~HxNex4P|r&;ve;n}B^NnJSnMkg)r+)jCL z9b^xJMAI6kUC$j1&uJ^qE)r9oMmp$Mvvp4$Vw#`kqo|gsg-M<8xl~ngAu&1~>b)S% z!BSf1-hbA;?%lTDcWPV6c>#6I!B}-@zMl| zyzdK=EZ3|p-4{753dyzS@O0j`*3F1yG$AplyI6fnX@O!Ig|C<9k4<4S)T|eBNtjim z5_~vW(OdtmT6{4IN#ji4Om1ORk~#dtqQ^>!RIjGJY>DIxYWNqLkVY6^GAFs#=_wnL z=qe*(HGX1Ve%h)PEa-3X=g{9Io|n@za6{tK?fg(1)oo)StsN#Uzc7lP@I|P4Z=JN# zsJFgJ)$t|M@mn_8i4^o7xRLMW91u-Mu~oeeY<+#7CR&+J1fU5`!L19))s<>k_6*I$ zC7o{KcX-46EO`r4SZqN6nf!$dAO?^bsx^`E%`$zke~Q*irNOE;PZc{Fb@mvKI^IDW z->4am&~`NSL4q+UB^J!G68_%9H%(m7DIS1J;uB|^#zHHbk%MX%GQ(!~%Vi+QJPc- zl+r_H?-tfi8=V9F+xM6J_hPBzXx@K1p6Z+sF-Tv|4q6sIe$$S=#H@kzRVy+RV$ocs zM^Ch3Ocv#;BBUyhiy`kGQHZDb$P z7{EJIK?Uw_xo{SftU;mOi_rU=a75_Tq?c@;)=dzqKIOK`1b`{ql&^Ni*cisW$yie=@LmwDBAk6$&RE8f$}pRhapL%MwnTrZLf+G#rq26^AQ z@1)c46~%fiN-}RTqit~-RKjfF8CPS-K00m#osaR|6gQF2lzdJ;Z7yy>6qKcO8tR>_W6$=d+#e-UZyFusiK@Q&4<_-#O zO4AFdfwFJl+&^((M9v|XtT~?fC0;nB9h^eB#O(Y-eP?+;#S971V+;ipQY~>g1KJ>4`At=0r;BJeub|wXar)k zgr&|)=WuXupLgL{7zI#AO$9@{_0AZ<%oTkos^+8~MSjm?J+C6ZOUx7w1tUI2!c_J^7u&qqtBk zkrbA2Kk`%Bz#zy$`VMoayR>UoZ+VZp+GAc!FmqxA@xg zJ@wg0w`sq8f5MNK_H2#|6(_`o?d?!+zv6Ffl3@vvdU@G@G#IFV z`6ywbr8byx7PG0E@AxbmcU0a8F}=b=cZS!4Fuabkozd=LH!DF?DsIyY?Iz6<;vF0Q z64H^0vh*LNbDMK&bI>QoMRT47LuEhC?A6km>(7=907rgYHC0#3K5eGR`^fa8PERKN#9m{Doac@-UvLKx*7G_4p^NF4kj`0l3WEusYA2J!2-8R(Jif2@3qDPaN9&VLBLTlp4M z0z6%My|4ZsHga!qB`jAo>7Rn{RtDXL{u@~WusvY{FbsfM-~igg+#btqvINvU;fkUF zvGoA(b$?27i=hBDQ2?bmuDBB5Ip*Jv&D1_u1 z+IA2yn!l7me;my%&IITcb3OOB`{6h60?hwEY`WH#0AJjl;J+_5-~;~^4AhnYU;mxp zzbia|lk`_GaFPEZ_-x1AT0NS{KhFHI#jqAn|i|g9B5%4e9d@vXA$oAjnMh1jW1?IV)oBslB zz-l*>`4=u-`}+Z2$FIf%>S?as*#3@7z;XU2#Wjb^1@soU8ucGjfOIGbv;mLv1EvS) zDe%uJ{@$mzppEOs;(-fzRR5n-fuJNnC33aQujl@DOZ^VouJT{c#*M_}Pr-K<8>qFy zwZ!E5?f-k>t2z2#;VT;YPqBCFg0!PF$PzuYv3Kjang1DUf^IagRkd(o(M75xgD)OnG*k) zYDCP6C395m8y~|a9B{&P82z8uUXd3a8)fCPc9y98QXXUkqB&{ zhe>XP`#icI4(-E-R}bC{|G+u3V`>duoAG2jBDm<|g*lQ^v<)xgoJ1!>QcJ5mWtY(t zC&Xqj?ST__@`L^@Vugq)L08%ir9LLq^#xMVw^|&n6Tbt_UP7?}cQN0|4_?pm`JwK_!(h-&mO7?3OI*rjnuBM@)TS@98BnN^sM&y%V=o(;*}yWaw#*k^)wnA0)jPK;ZYV2Q`21Hx<4)HDH269 zT&z@Vy^j?HKYryALoSdcX>5v+?Hk0-LpxQX(i@v+5{)~XqZ(2cV2DeCe>9Rq=fHC0 zoc(F^XOz1Q5i!NIy{5E^1h#XzIms5EsFoH6?Kg&xbL7LCGarBIW&C^wt}_KzTSaP6 zDINRFu|z+m0js|xW5ohas%S+cAm3BC0E*xD&9llp@t1GJBy}9Wtf;EJknxV6S=6a~ z4W$)UY#CdD@0tB(p-}+iv)~_-SErk4P|MuxB*-kOe)3>z9k3Sf%KJ5tp9@`j>80)LR zs(8*%B4zu9{Rf8TiS{#PtEjVDzl^vtxc+z2jO#>#u%5^JIWJ+UAz%pd#ot`uE=X$z zp3qyPosGm+8y&|;?zSL9%0Qf(m2#c&C1#w)Y$=nrah%%92B&P`j7n#GeJbobq0MMj z`9RZIdB9^bzaP<4X8ft9aCGm*b5&T{24;%HvE3x*hqh;-G-cNPJD-R$wVBwo(!(hN zvr6?wgc-@PYPJa%u~0s@*>o>^Qli!9**=`=4^o}L6d74y@G@h?qvalb-cZ?Kg69xO zZAX@}rhu3s_BFFMgy7!p3#fS%$P=My0*9L>yiBR~);@@YI{3&mNITxZ>l> zOkfTWH`aYE=o0zV3`f1F*1y>8cTBsdYE0QAnA)397OP?Y!RQ{2oxG%PXrLXj)I16@ z$G6DEv}4`fSmO6I0uC#7$nF?VUK{nKj9PL_BlQhgh4Vg>UyK!4&w8o_AGjllsF)~o zN#EoM!-t+(V4V|eFI`Qlp11f68IIas3{6UW09rH+lU^E;vQMeS^*yq9{3p*&?3&d) zy#=NNETa#-L_diRD>`-~Qn~5uA15Yf@*W*A_-Gp{tV^C7CU})LiB-Lh;Hk>kq1gH`_D&ZQ$8&fv{o$F7q>JbK5MILu ze#tK$kOuQGF*o{j)oknQ34+%X?6rFe6;=Rly43HVFA$ji0OkP;v&>p|Vc$a71=h5< zl11Pxq=k#agBZ~VzlZv4g=V#7-NNZ8r zw}}#ShQV5BMFwT0u9{Z8^V5wNMp(!p@kr49n_h+wI)z&MT(*c?_cJmp_Df}ywVM(~ z<3=7t1u}UkrdC9u6=|w=h>uWfI;zi z4WV>F_6njJoejO|C+S)3s-xJy3vvlsfgi1s;Mh57es?q{$X=1|6%tt-JW zQdojLZR zOU`E)bvDJd59Qpj8C5k|RH%vx+~tK}xkE1zsLab#R0itER129^0<|{t`oguoYBXLN z%rSJ?pxBRi#>-W|EsSr)mph~nWpNYIRU1l56;||f#Y2UyTf+O-)m*^ZUn?AmWL^&OG;b4L~AJP8#X!Y`GF ztxjWk&Q)I1;mVG(e%RdRhAuvAls1q3de1c~*4-adH|u~5BKC*ZizdC!{F&KEDROZf zLVDAoBth097`a9YLGt!jyxv00;9=Ze1Pt(q&uu8`Yj7DIjHVzA;WXs<$Cc7TwD2aC zmhG+fQS7~|P$<<_>vMJ1Tb`x$n4elaO-fyBt*=6 zQ#HsMr`7IIO9O|0Ag95QY_l-Ly{)=Gv@Ol^lrT?+%RczwK|}p=t94?VlF#QMZ#rG8 zSA`yF=mRyHT==#t!jC&J!O*=A->VCo#>adlHK+LC(vxrec1O9%9=+#sCd#Ol&!V`g z_sv*6bCv;XUjSUsdp@02nprePhK(HkCbiG*z4qZ}`*SL)*j^Fq3kQRn3$(hr}AEQIH`SG3JIIrVQ6;q6W`sM()U2Lr)fA&{XSPiI zn1qj+U7o8uiaUSG8Jh$%dj{7_HK&6b1w-7zgb5dqgI0+a!zYY!Rw!4rhbEpXhSda` zL$sfj??mAZj0kHz}CQge`2ST zXo=e(QxVPMzOBprV3c=M_sQm?W5*g!)f z;vkCT7uaotJ92K5i7B-ppaJmp%N4$=SSL;6V-GeuBKOHP1(*kn_;*Yi zroDE7nQmK=8mx{su))vxjFv!b0k#$_Xtfj*)1JopYEEG3ctu|?qs_^w%)^&ag5B9< z9nSJTfm2Jmfe>dPl(3P9EipEg9WKIYWa7`fMho|)w|;Al&B8$+2d%++7lZj>mxm#n zAooaR?ZX1voVOkQ90@1kfARb#oXZL$?kgo8W_4L+(Fb1vH2-GB!uy1F+#XGg*army z&%PT}WGt^0fYY|gJElhMLb;mP++$qAjBpWO$i-Q}`f!@QXJ~qfsjEO-Mjoo?Xp$W^ zJh3d>$Nt5GM9W0-Ew{MNae?L3)2T%k06F}*8ZCGD#p*6d0di|;hcZ*(rICft+LUw$cbhI{|fEbIRJKB%or6jPebOH?Dgem=t* z1DD{^$4u01@UZzl{OxzLC7R8k{`ieQRSYuP2L=b}F5Aef2ZuJfR!A3$jo2Ml3*j=1`3WBVZUp-)*;&Gjf}+L=);vjf^!v%h z4(t}T(um14h#q*(9q&lp7u(*nF?}CA?3@H|8cfXR$}n~VvL=!{bE#C8SHBg#Wr6ksq~?61XIqw(W0*5aV;lc=FvZvEKFY6 za3j%je2Zm@9*+^ZhM07I-|n%P-JbKsgYw;0?=#gRy@H;I5?Tnc*G=z>d&;T|!ZPFB zhsygt+L=3K7+Fl2CiJ8`8<4<9WMD~HHX;cP{)GRT>MyHehxZ|tQ9Aey~7$?y1A4rvbT`7w&P8{6>rP= z2cgAc<0U#>p2|ShdzTBknx;bIBJD0TzA6-1C<~Q$X!25Zkob{xlFvTU$yksh*?R_q zL=HCP?j>dfTWvzo6LazAZQM)Rw(As1!$6vZ(G4s}Sl zUuuVqB|CV!?Hlei&KTJpEQ}NaE5Z6#ZXbT4G{ARL9Qi;wfIY?VR%FXduPOZYin&Oa zzbZE}F?%3^tR^Z9aR0o+$a0dodHo4zf$U<}Xx&1>dJtU6!WhoD2IBLl{uE1KN<(#i zQp0Cx$hm3E24+>r$%YGrmmgWGbDR~Wqj2le*yT}b2fJd;UXvugiYO2Z$fC<3$~TVe z=A$zoM#sWfWKkFmNUuk;VmW4qq>Sf{AsW6@a`hLfyZrzK=pT+a)@ZUTxT$0n~!{Hm14a$(2 zMrL4DJm^P@!U8>sV#II+`v5dNW8&@u`eqS2#GT`Mf^Fx9sl@cM zr6tdnA7CV9FCNM8rtLC3ERSn9%XpWyZA`oA-}kV!|Iz;N>ic_-s_x59Rz~DSnNG-r zgj&n6m4(B$l9!oEj#Fy1kS{drJ-1qg#Usk7J4&HGW0?EyZRg~5L2sw9LcmHIAt9tz z@c4pD^eEBrwBYGni<-HE{_>$<1vxdA7$gfd|c zNeYYW%wQ{w+**rI>hS8GZ@;G1A>D(1Q#HlJ3{8Kp-&79l_=Bb$1PnwS^EBS>%Hmc>IzMo}dBC=#by5{Xa$Qg3)8~dz&QVuq{zY`@F1}vyS}K$Kx_(ONhfTJ+DNafnJOS~biZwF z3{2{M9a;A$dEEG7QOK`yLICh=3mwzzHa-4<-4I7SFi@(=xI80UwUO9Ip3 z2DjtF>3VtaR~Z(BS|=sksC=Az*!*-a-hWap5&hm(?|%gI;SGX(pu?kdt#_m3bSS>x zAo%qlA_Xq7wcB$&epUypoS@S4T1Aua%pIu*ddN7~JX1azT3+wA9dL9nf0db9TOL=w z47Gi3Z)|L5iM1#CsmTrZt&185#G{k#nTzJI57SO!rj6rOO{dM6rs+S5|Az8tL^>Q#<@e4T#fVQz5d0v0R0F6qXwEB0Lcm9kcI>VUon2y9rzzA-(oF*+L%8D->rO$wg4VEyYEx+4ixs7aB7aQHIfM1C~kqvkhoCA2h((Np_ zAOZBs$GiF#ph)K5lYr80e@_AmkH4Pg%C+T+K>H7m0n&xPknP$$;1{x8 zUls@WJ!Ao$K&yKRpE6pChJ8m_bM=O=yY5CD^QYjum2bf!P#|`_2>wImTd)We$NVYyZe`G}`x~+W zJ~dcwzS*vR+<{}cYGpvf+(x!5thhloAh6y1B60vNLT*RjLbR(-sGHy`SOl7_Tq*Xh zKa@a50Q~cBdXzsoBmfPufM1^fngbLRZ}1GLhXH+t-`59ey@9e*N2( zoaEOZH@F7u=4&{+$$LxFa+T-*181OK2p~XmeOWT#;>W8&0D=%mDEIxPKnSulcx1an%*KKGbe5r{e;8 z9sF}D5M-1FxMuzmJX{0GEzQ>N&mtb13ZLn1Q6$ki z-sqf0Ik@j&yEHccpi<1qNvmj-+earsIo=ssgE{-QB)-2qHMp~}KYO9$;_hzmeEh9> zb~A%}cv$w43z7E8LGSU0FAR0DYP&x!PrFM!&JVXb0VMku@j~S^h}pA@`joJ2AKvxS zmqTyYD>kgX`M9U7zhzi^guZ;c`)%r2;IwS!$DH4b^q-qDwTNM?Jfp+PGq@y*N16JLm2v*p!SO zc0YWcxY+mOyv<{tl9n=&P#r3}w|S5g?K;nv7TgcLOG&WWg{o@UZBt{}?1FWfV9Xz? zxgu1)(h*X%n`fy`)`!3q`O4u97d<(O$mIQM4jGLJZ0*@+{6~SWee;54ai!h{x*?J} z#)_nD8Vg0jw@W=i1vAM`d+25XUlV~Asfka~vCq$W#tqiYk^J&O?E?LbB(pCud*DZG z7LHjfWIshCL08J>o6myb=R3n(XL*NMs^bDBdtmbH9k!hmA(4cKNX`&ODG;_gCL#SQ zvZ~W`o?nuAQmFCN({qe9RzpU4zG;d>v8NH0cJsarl?vvfqYx?~u8 zMWXzSGS#CEPLqTUz0?NJJtYV{Z>2D(5Pe&zE?<6F;mLp#6yY$BRtM(iwKyJa*@%gy zLlU+|HSutU&{dkB)!hZ#ipXUgw5V=+?a#WV-o=Lq_Ij`cOBG8qAo!8EI=9G*orp1s zL}6A73zk&tF9D(3(u_8aXZDsHgeq&o>zpkz z(|f-7HucmU6KAQ%5SwqBpZc8|;$BsJnyM|*qTHz2!2?-&ogNAd)HNDwX6U$g&y$Iv z9Ylj0xpGLdvBqc$?eLN(Vvcm74OYz)To;onnFnWsDzzqYBF+sw4%=UTsLzf~uNxhW zB~EYl^qb@Laz6%7PqU&Wd`xUpXJM$!LK6^NfRfreEP{xaK_^Pwa^fd?Z+oiKr!VO> ze(N%2PrXoHkEfpY(*&iLsD_fpEgW8=5?Z|ToL*3)-H6;DQ0#t+O2=u}Nzxv(PgTRH zMN!}eMi11aG~3cGQLZVgjv(`YUT(KK>N@rf=aPrrW0`1=vkXnp!8ss0S!WI-c5r$H zHbA9O7EY;d*B_-lawxv=W&S(9j`MC`&?kyqoeEU~31^ci!v)R{DCeU3EJu+fVK6&; zvv$Wm0%G5WESYCCb(9e$gX<3sddy<*O%M-K(xuY7?ob>13lUDG``kO|07N)Oqksc8sDs@(ZF~JC(#>W}-cSLU z1UBSqJ-^yThdjhCt_un~Wis(MGwL0DD_|?=onBOa0-T>;xp2*yZ?EXULl(hTGx86$ znn`*_GC9e0II031oKtY!64E;!HUktV^#rh^ri~QlmEUweAKsHxQb7til(70iG>uEA z^-V=M2EjxuIyEv5DbO98P4T`|TyD^}C2j&0%>yi+nDkBW=iLKpFZdpMTzZUkBcBZQ zthbYy%2MM`D?jq2CZsn0c$qVX*8RpXk=#BDTikV~26Esj_y>iyLsT=T`A%F?#G`x_ zg5DphEZLrHW?ggYjP|4m)ZhCyXY}nxjL-U%f`w|sa%BkZKR*hVD9C9+RSthS{ghU> zlM^GdcfRg?Qyxm(A0ez~cS5KNaIq zrrYFov~#%_pfFsG$;$O2)Q{6n#yyqC6cd?4LeNm+h0B5v4)GX{WtlTE!!r1cZh4Yb z3m30;ss4zRvx2N@T)y*iworf*n7~8C6Ob{aX4q>#Mt(F6%@;RB#-mH=WEX( zA45GTkM$+~il7*grs3`{4V|c!Q_uB?unjCp{NxRRZLpnhnQJ3eaQeslUBQIg5Q@It zfv=w|QcmZi$50{}wTmuLIlqfP#NS~Jlq;gYuU&tB_!^?#N0!L;_{5D_ zg569+aGeVQ<=qpURZM|Iq+{6lp(4L-K{?9A*LtgY>MQcG(~+dLRB*7e`701H!p^Ms z<2F^s6d6hxoK72H=7|OhRqyW@xF}3o$jZHZUC}o-SRyvAv62u(D`FBkLko2gYo-FQ zmdDVXo#J7_NUw`yc3|sOjL&scFn<<{+?eSn8vlIj-q=d1xxEW7b2U=bTdvNn7fDFm ztgk->tz3AHd#*5)mT`RKtl=n&?xvG=NCn^mU%d*9$FKB&VDiS9z z(E{wBUp7VRc}M)z&A?X+)w3IC;C2ydMtk=8-XUGu0h9H+E^z@dbf28|JvYzl%}SNp zZ&pfVd4XkbAjIb<^N@6GJVTLBEH(%sc4+M94N@&=;V36B+mdE8iYy$^>^zBoKG1$m z?&%Y@{j+H1`vi3Uh`uJQQlismwbl=_yHB2INx9hXGRIn}ihZ4lZjTd<&dXY~byLpO zikK(Y@T3p8cYh&z(NBFi zgY?KBo)t>fU)i25-T`jIkch{cQ(Mw39wP#}W*BWSE$%f1Nt1crQAc@{dtSs_BGj$M z`vL0gjn2!nE0v}N8!xRlQRwPu*~Eo>74k@nJyFdg#CXnNc@a@DltP)jEb?9NLAh~A zs5)HW&}!~8)jUs)HmIJ?hNISZadIq*mQRfle)Ve6W1E7tTgBPaS`Ri}OfQQ`AcLu) zH!RZvVX2IxUUxX9a;<1C=G6l5;8}lop7-G|t=gLydn^2M~$#^@PI1jkk z-Bnfslh+v#hB`i28mXnh)tZziIu^3#^pKh?lD|>((gRD_M*qCwDFcO+&2nn*hz4Pu zs~sQ|6qs1idX^0S!=)lP=QPjT@+i^&;kVV;?;(slF$B98@N`h9UkO^Ez$7Z@iZ1Qg zjrx#g3>JnUmm>|{sU-{uRT?)Apmrw-Jv8LmL^U6gMdU+JCX4I#p358J7i$|fOcU$x zaf}*c><$8gNYIea|+XM+{6-ZyMb7G zkub~VA&IUIkB(1t)HRDE@1f57P^S-Z$UdPxL3$9$g;J;#? z$uX88PbrzCB>bM0zW{*3O_v(SsfU$GJ>YrvV9^sEC3-sf;bQ@(CwwOXvS2j>A55k9 z8{N;2$LkNmP@V@U_Y1|g1Ee8)Z0s-6YF^|qWl6xhk_rP*kmCvk`;bZ-4Vbij9eQlu z2bhbnMTAsH8#WhEo3!;~Xy@!eg0;^j$gWfMg=tcplPOrDAa)g-8_#jBh7>H`4Jw<_-uWZF+D57Q8SSX z!6)-f3nxB{MNc`b@n7s*U@;?7yuKIH*{y({EQVo>K@!F~$e@fVw^7Y7Z8uLPcyaPz zH=qHNjXYwh`u`Za>aZxcuS<7GinK^~cXyYPQX(M;NOwvL2m+GQjYx-dcStt~DALj; z^$j!V9n|~X-+%MK?0wEY?_T?z=d69!K^Dp!3i?{TlI->xAt-%b>8T3wXzP;Xj-@SC zMQ@63?s##wc264eN2Ln;+CuF*IG9vC`T%b2Z#h=cioOw_mXUCqTdS8KbDJ9+)be*= z74yjG29;6@j}Up^isjs^F(KVK7xFdRT*#V00o?Lb{sap}Oq+#jRdEo~>jFX1$;h(a z(9)P!zx?Cg(`fPfw2u(IX1?C5$>LHxajyiTyNBj^(O+ff;7ml$bTwZH@GQq%;u}aR zz`+g_>{=c`DR&|*K@}PiVsdllKu>(qS6Rp7?S5`n*0h>-sNQQ|GllCnZ{yknO{N6X z6K}-|mDz?YvvwCnRMw8BI)2YL4;o3sw4{Q#O{ZIT8UN!-HgVpCQFe5<+RP+_hzH&Q zuE+~IfyoY;QK6HU`gOa}?#tb~WX_$5#W|lAkMNiqd^e6EJDDyqKEhX7U5p9NdJ-uT z6k2%`xp}VJNt{tXfAM(az_+^>y_2Pzo-KiM-*+Dk8@V#qP;Q5mO1GCRF>Rj}3c9hu zuS`Gi>N^_ABdxKI)`JHFh*&`;tXlDr5L0(Tzpf!gVrUxasT^RT1i#2ER(0;3r&d5! z3>oeVd0dJi)kCUW9fx0AHu>2djzDVP%rcffYczN=pf=u*S=Zi8hxmxazu3&CJ)1H~ z_kB9=f#?GXdBsMAXnRSTp792=zUj+jFnY)*NYWSNP{?C05xsmc}A_- zVI`)VbrZru!D;a();D8CCW@*NOM?@uwJmcG1LsUwB>&us3(j;;^H}OyZ_IttO(tcJ z%;U=RPrbR&{*>!&xmd3wrMb99ECol@?mJnMz&t{y(Q>7NbW=flqGH3bAh2M-nMyZX zKy`*5k?v^n(*IzB;4&fqz#M`1d$7G*u9+MYpZ&$eTN_C!%n6;e$JmL9?Te(N3zUyfyy zmPTwMLKi0!zne}#<$ELP}^KNoDJ)P;>q*WhjtIyhU#p%1hATNXE%kINfm@ z>|e51h(%Kx1UgboHmGwZ5>*V|A;zyr$me{ST<{>j-y??wojf|t;(XcDU+$9viRS>P ziH+w+2Y)->esmI728|$-E+RMPh)syhu2&*TM6Ya{xV&)RoFc5=vxp1B-&yk^IilFB zX!yL!W6?|8q0pB@qVMpSzh_pZTFCT)Y!qCcVNI&8`ZVOg73sx`4xyqEB##Esdq_#o1Ipn>-~wYaI*{`9P|(W`LpHunVL$~4 zq=XL%WTJD^FZRNf;!#j+U=bBIo<--(td~V++wTI@Q3T~(Fz>0|)nqPs;4h`D(Vc(?1kF|5N%H%fqFH?jvNXO}M|u^d8|LlL36+dk?C}U2*cM+=Y2GU=ua3i; zDa!R0*@|?as$wH3e21W+CFA+SzCy`Bp)TK~IKgLO?+PWm#CKXff7^wef7%)!0xKg9 z-kxeTv(XbuiodkxaS5QKEta(8=qVw-t5`Q8?kL=oA%X5v+XVvG+?b3x2Vy)0CHPN} zq;~t<9~*N92Z!~cD+?%*;d91MI9(z8!jU4e099_7vog~cqV2lM33i7iSow5{ZS?1^ zYsV0#Q^zwd@^o+Rwvl%`L}AcKrAEBbyJImRoTZsaRzM>Z$J=J@fSdSLq%UVytvriuMDE|KdLPVVwtZNLOgamMt0v)b%ZPwyl8nX7&!A(_yn!+ zGdy?0+W= zd23-s^R%bX8*b|3R-Jq7WL;=+QxVhR*NMf(+SblT>Ku%OZ1r|6Q0Z|faoO~ql+|yz zbw!w=LP7;hf?>p#@YmjB&zCaEwg!GlN8w$Hv1oa-ckdD7KpNnp6wZ|94i$IpUW!@< z4zkJxD@p-{yK}^`0Uq+tEL3$$@?4{pM zh%@1JF_|x&3!AH+oY$jnQ!szlNXedt zNl@(<=z)U|DPlcw9Xoz@>}`@)#CRJdU%Uf%op8dMD!h&;ibJzgA9KNcc%FD4rMY}F zZAkS_N5?pyobBr85f_R+*xlr#X0KPqDqA-Fr$yO?*j0>Xbla29x%VHijI6&%Ri9U! zvR^9TdWvO~$W_h5-HlkVp2ou?^dz*yeQ(pM?$r742@1>d>HbXPdneb``~h`IEfQ?6 zLdMUR`)f5d?jDCT{g>u-)pHuLpE`EeTel|~)wdZ_KEM95r7y%pPB2nAZ{k#0;Fh!laS|e5d<`Z+q;wgzxLArHHg9YzyDF7e+)S8$oi9Y2673v z*_GSe3^&;BH;6C>yDJ35?Qwxf&f8vYaWsD@GXQ9+>sA;bM+4&c{@cmFNi%>B9)qOu z|8pihe`RTISm(bi#;q`Tz&6IOX__0sf@_)vB(QM(x1Ti4Pk99%&=L6?ng%q)Z>%%W z&&|X7pZaOQWf*?ZH0;bEB?Q31a*(_Nh}8g2TJ;Z(1vt;23G$Ps0a#v#sCw<33zy*+g{{Lt3|I;)eU4!dYy{44^V>V!k`m47DOrGF|4Y;PO^#5RB zf&On+17Hl|5B|mYH~s(+=XJpU7=w<)g2@y7KO^5P(m%$a-jaVY{&Qrogai=BAZ`jw zp5Xr<`4(l(20DoQFUEh4e2c3A_0`>g;C3DObF~36-=eHR{dE6k{O8EvS@#?3%mX-b zegiZh3~x^bys!Z#@q6lltHpq{5I|iVx1E3$1b`2)oC6g{u(}4i+JWo8oq)AVfVbp; z$Y+o$!hbrsrONP=eFjjkz^2K+ti`P`0BuOW5?BO)eSqo?0BrzC1;9sO8Myu%kchkf z0Q7cim2Z`^8}pl#{vXQO%^)`hV1?vH!+@Rn9}NS*cY#Iaw{iyfGgv-?xwz3T0Q~<~ z0r__qU|9)z4q%iqzzSHpuNMGFwO=p5zq;eNA1Jma=g8mlsZ3PBE zD;RL(zZ?HKGFTM^J~;5-I$*uSV5{&miEft!pxg#{9veqt6#`&` z_Vo_~wx6$eV3RcHoy-O5QM*RvKawgp<~K|7KNW&oUEu%xD7k4?28;~`J&@YXAB6xo zy`PT(%mpy?>*@b0Ux4`m-TmnTtQ`KO5CAW}1Fi%xKS71y-&}#ErX1;Y3kP5ZpyUI# zCH%~SzhQ#y+Wk!=pcamQwfzGUzz*nNw%5On0k*&g_up6quFx-A5ETE#_Rn#_k`M4Z z3OFt(bN+{M!IBT4Eb{-^{y8q#i}?R(;b7t70B_+K)%ZseL^z&>xwWuC5!&yL%7HHw zKJyan9w`A7%^NtPU{&?!-zm))> zpv%gft}OL5$GwNbmeN^L6ZI82Nj~dyQQeIt`FzpvJei+|&ug6U;w*@xV5o`UsY_YC z;Exrj{<)#44yH1bvyGu{6JL0aL;{`Zx|WK5uO0oe(?JNkl&k0BWmB9Gm$2sxs_60r z>^*Sq+gn2+N2VRl6LNQW`7Z$)v=~jyuZEJ2e^3`#dGfJBPkxM@A^!d&uDjwB%CN9=<$+$h*4z&A@2jd+OyUjISZ|iu&Y(eUcVOWN%Y#IsOtl8%`hr&JwNT1;YXxi$Vpy!~k#5OX%nY zJM7T?%^Ed3d%w5E)>h4Fc*XSfZS4p+cI>Lz%v3z)ScQT^?gr!IZxCAd*C=yJCUHfz zZC~D#WT4VS5O8`V6Ei{o;58B_H8QfANYH&}IC8$F58=KG-|k$cd7}5e+xQ_sJ}Nz@ zstGLz(b6@X_AW$RD*g*LG73fX9rdrScZ|0+sUelQ#k>g-OGHrKxvi9|R=`mw5Ej^$ z9(eyeGt{g(FX%w_>jrX61ID6VF>goqKx86$Sl$o5y(~{3zMpKk>t}&4fWrxC+s&36I~}MHESE@VU|fL z^n18CMPRYekB$Ur+ER%Nx6^vP3JdQNH8ifsbX<)J6j6S!n%!R~J27$9LtVJL>5?(b zcCwpW%^8`ZppKS-(3dG^SkvGfTX6sUm9DL=gXU(WeyUUep?esymg$m@+t>0CkE9U8 zwKw}AOF4(qMnl@+n-~wYD&+bP7Pl~iud25qSCMF?JA``*B(jty)7y|(gksvO+)LHj%!~C4Qu6Y5qB~(B^6=3kcZ{KNfA&l_P{Ww~te5J@h5H{WqJ5ja4l^!_LtAyt2jgJS(5Y4QCxw5J(X1^o-c(ExtfP z>Jl8JyzKNVj3?*rd%v`F+8fgQeuJx;+n|Jdy=L&iQR&&nOZ=(X@AEpQ59&BeRRyL{ zDDw^%oFl?79#GDUI4z4Iy?O#=Yqz8>6Rk{v(WL>kmQ23%z@GiktoBtISuy!BL(TXe z&$>{3V_mO75Ps-#jK9MC(g(@s@0Os*!)x21P+Vt>J34Ws$j|3jI4do5hz$t+n!AJJ zBo7?8Y78AjdmY-6;4?Ek7@6okBP)qc5$IdHwx1r#Q@N8*C z;oRiid`^^=;aPxi2fewmkZSw3eqiPSoC7-B#b#=jFGY9Fj&XOU)5D7LNCvfBLdod} z=`OiZtzaq9TrxyRBfZs>F0B;2w=bzzi)+`>0aTT<@M-?Yd0Vy~*U=dLWB8yvda ztrH6q?GH5P$q+H<>tMXHw7dtG9C^#9OgE3=6vv?eLf^o|4E4O zu8lBmMaYKkhscFTIy@R^8}Dh=-e@J;1c#7+*Bg+HvKD-tU=hc@*mLe{1G|1?HO>Cx ztFYlz`-5PAYxx5ue&*!wUnt*397|@t2_mg1LSp;!!-m<}`2CAWwMR~c^Bymbp{zOR z9=3dQ3ktoE<;0g?*NA`D@Y2%>$06imV?f}1{W2+IqpCsXqb}dwW=?l0t{qr}=a+=~ z5vvww85p5!UAr9AB&-eIC|3dccT6kUyyR08gUKk(2?4=K^txs-Jt)ehiBJFZSpJ+izZTUv4t1E11>+0}h!c(&4QdXk^Cp*e_ z(!j3&@*zCWC}x#KR*cFg{Z3|{)QF87K9V8Q z$9!`Z7&@MIei(u$=!QCaqNXIvPWdt%)bHpGMPs|`eVgo~%!;iKhYrUAKXq`uLr+tY zj9f%LCmPU&7s!n;wCQk!lo_(AYWG2T^8Eb6CpDZGNmj8tHWr=_Myq_k!s#MBvK-lJ zhpCrq9UK$<(C1XnUv)~0sKZSe8a#ojvIgJr^@x8RreV}U`3XZ>Cb1l3*F?n>UA~$X zUkOQ;q1;RqrVUPf+GG0>^LLd}m+mQ-Mh1w*X-P&!C5^d+ce-XbX)6`-`U zj4vEct|R&WpiLxtZPMfarAX*==0S~EOe4$5fX79zuTdR2p!ZbJM+0XNGDi)L@ZEQ3 z3K@awKsWnN!fZamGxfowr<;6KQ-|d2BKDPx`!X*4De^OZ)zsvoe*OIUk@k(%v4SFD zcZ6aHsM=ohi4a6lyf+z%lF5kmBP$UKFh|Ih66j?MF5s1wg^yDjZ+>QXS5op=lVb?c z#g}X|{oI8W26Z-ZV7J(w_2D!E*L|_<@<_{s@OoT6Yn-%qXrT^b)7*0eu7hELa(=Yy zO#yS9mL26!E`^Gqx8f~`jmWi<_1_@cR&wmpgvq?o%qyc0L-w<9F+@Yt$3P5jd_P=u ze1O5)y`bbnr-n@N)JgLbnMgLZ>F~t`L+N;}qg4Fn+Nu3OeaH$E6Jt@~XCtKPgqLI{ zLu`YbsVB^w!}-=PP*8SH3ta|3N|+nj)w(F~OhK)z*dj`B9j=C%Ttu-vyl2ZBoejZ5X?Iv~%$zYP zdLb`q`&lfR1f&_1*o;8VLznno^Id$U6cWipTACG49%&)}9Ph$2eKc9*h)>`45&>hf23+N_Sfo&;;E4Jda@yY$%)~BeC*@ID*GJrEcXTd_r_*_WG0fr@T|B_Uu$=m%`*j~F(vD|Lmafr! zSo(LaSE2a*?-7Dtxm3vwqLx3OrsfD6g5A&|P)iCDLCu#^@y#9EISCcTaC5y%w%OZeH#+ck#kBU8@<9-l7vlosH41&c;p5vEpD8d zagPpWbWl`22BExEL@=J%5tls)J#7=BGb1Gl!x5;*>rZlXWhS+P+(Q#Y+0vXcUE#{S z|3jT%)3Io~;i8CAA%E~3AwuMXj!7EP$5tqA4|tE}*V?|WmOHId=MG3|MfKtf`H(NH zm9E6_c3!5LdXjvOxMOjN`_@D*vDwa@eG}eG&DRg=L{0OZ*?StzW=>6A8LW)3BBeGf z1j@D+n=sT1g%%G55_9v>OY4sbq-l9{L)N|Fhv6@W`kGEjR z#HdwPGF*b=pcqBesOqI-9n{GB-*NJ#Z|n~A5Rn8YrHy&;e;R)9R5G!BiDI6*&uSW3 z!Yj?eFXICZWzuwpa*ltZwYo*8;JX?m>sb!3inVh!1$S~hwN;1-+Ph}w)WHw)!iRUv zP$gLh$1GJAF=bvOer6DLBj82S&?4D8CCP_B%X+Vk;Nwck)S?^yH9aoiJ%HA%R-PUgJ0F}ByY zrt%2?C7%QD|~!%wz*P4k@TNo#2Io8FTTwXnL~v9_*u;m7nUW)8Pea=LT;$U~{m4hGYi zknC>${psq?7UW}R?g|%4+^}^6Kub{F*Bw6hHAHuq6DHpP0^BQ=(lm9(p?ZH-frEIA z7FC6QVHs0NU?MqL_RM@F(VL70RJ24`aU!#S$rKI3h z3YLcjlyq-1r_%luDUeo|1pm3gm~}1nR-u;X!8q z<)z?CqT~k5DZUd%;czYLvnNh0lKLjDSj1l6p5^AF`3TPq3Ui_R#83CYZL2lCt}#fH zf4Yu;IO+d(m_=|ZC3>;{JGDCexmPQ;YiAuopLbAH_w+a36dUZXFzF3h)%j>7^`RTu zM_MA3`&{4)DRt9z@JEtm-QRjZ`d!YtG<$;*p&_D~oztVJJJfo(4VF(OtK4zGgGOUa z$8MqqrJv01sf!_*{-YoAncy~ySe#-f##jp}|uZhCAz#@g7#k6JlR_AJp5*> z`GRX|x0_i<@5<9Hs$R&mo+w~z1wH&u4MVRnbfV~f#wpG5M-tguR^dkX<8VN`1@S(^ z#9!Ji0DG%o%*pQ*1b}^E;ke<;z!;6cQxM>)5I{%ZtmI9b!e5-+ViCZ_A%H#r9MZ3D z3m_!~5K{S1Cty3*piOXaDgt=V^Z(!kYzzAr7Xeby{~wI6H^*=Gp|8mZkirL$mAnxS z0sQS3A@D1t-#7@M)s2_`iGu+8{<-}PU_gP23D?{G9Ka_A+U^I*j{MGd0B3V!3R<&U z3?e&_O}UN)jEwxp6WA$Qz*oRFv;p)DXeS*MEodkGXZrk&IRICR02qU|(*MQykFE4u z3K9PhC>+=M09*!O=G-j9^>+X7y(Kp*^>ZBnF4&o`DX41>3J@5`1jv5;69YJF1RUw- z0{~qW@$)JCcj!QYgnx{$IkSH?{xfv2i~~Nue^UN28!7t@hJg!ldnUJO#9NvW*GwQ7 zhHu)G{^H{ngl}m=T)O~=@J$)`Paj}>${z>@o+jo3=|bF&<@P+l((o66Z@~YbNH#@6PPf?&&m9TUvNE${|UdhG#~)@y^-Pod;n%1C~-k@7Qf>cIGdk& z3#4#w;rB+71K{gsEnR*;|3-d^s%;rF&41W?-LUyc7rVqm;KgZKx( zAPs`+B?nd^(BwhS;ST~7xKdy)fcRwrVd=)?|G_VCq+g+5_ap%Z1?zqI2lc=AVcksb zmo4!Ah<`QyGjgzm`yIZltbihV17Oeut|Pb+skyC3!Or}L90VAEe|9VW#mOz?0I#e1 zxrRUlgL3Isx8i>~xyIOylWPcpbQrFS=}iszPX}Nx;A;mr4Pn=vJvVw1fDgZL0eFXk z9R7wupw-PZ{wE9qegAxn*JA-+c-H{{IcQMw-H2TLKGyYYz}F32hX&vY_`<)A1T2mJ z@pKD=!0-N?1+abMXR!YbL7@9zwxCxRxPHQ~b^1ev<|f*oApj7_33&Yh76GJMalHt@ z%6YR0AYcF%;nvi_r5~>AF2{8z%5@V7!24gJ1pWfOt^EM(U%8o-DlqV0S^u}%bNlW) zU~k^P8vlVnaP^1(hlXe8W(KF>XEiKe5O$(o7V4J-K(3586$b3rKqE+AV5ZU#mJ6e; z!qXv;KbD>2Ev3_ssA+6?cXz4U_dd2 z-{majyZ>Dxgt2>hyzrH0m-c6ib81dM&X-zeQk>>8q?D2cwiGWt$asgeB9it?YwLMW z&sx8K``XRf0JxYVoGNFAL2uNuXm{+0qG9IprB}_CTb;o9)n`SAnHe;LgI%iK<`4{C zs&nevEhQ=@&K1!~Pvssl*K^OaSghg!nKS0I2}v1&(55&_fv zBn2`Y0Xvp!u3=u0UUT_#eB8;Mqj;B>Br(L9$ zk%=6Sg&srCLT!KlF6EWn+a*=aZ-IDO6+;+pq#6-@F!(d(f~RLm-8aMGno>m!fGx|{b0tt<>qSy$il-=k|A zNyTF*K2^l?AejD&bWq?b{5p!G;zDvS^#VimPS?G)gd##X__8k!oCW1xTZhlk%Dwtt zmULEmZGO_1-|uWT?OqJ8^0ZV-#>9Ef@@Yx;=(6d#W_4A%GODx6hN~eCSL$~0IHEvW zf(+%kMGLjYOu>5@BO(om?ax-x`;`6yZfi6t+{wCkxVMDHpGMOMVPmHsnmy7)Xr%NO zz-Hl=D(^uu6Ozg7VEn$D8>fBftKbW{)!E%|J+3+qS0;<45fFp}wmFQw)tc zJfni!5L#HdkizHWAH<%w(pY&zv((Oa8MP3u{g9qpYg5lB#;(GvPkQ6KZJ+d3V*yJP z(d9{8b9OMpN-q%`Lx_-F-=i5>v(NJJ-Rt^n#?g3Tfp1@ZoS_-HM5|&mGev%v;7q6S zQSucB#1qT{EpO50PUHP;K9g^S7bTs2B<3uqu5NpWRZ6u{Bir-3v-YN@IiCeDzTNBC zSsjWpJ^9fcQ}H5nvoi6}`k>!;?Om7ZYWp`45_*}i63c-XyRE*S#pkG=ybP$GbAkoa zFBE)5&AL%jkc$PhKdwP@Wp3SnNGF+GfSk9JA}qY*#7Suru_z@bF7bKW_s7hE@6=%I z@tyLWW|#>+SLtUeh5PIwLVoVmiz^~o`)3fRk43~PpV6D@<7MJrsr%>s zSdDzGm|(cLhRo*r|C z4#`^J3rHdT?8l`-K4eqob=3Nd5Aqo=%)MQ;DusvQ=3|t&)=1}9Khlk9QREA>G=D88 zx8S~0i-*CJWHp3>hR9;E zdM>xJa*dEw;U-!`>>6R@iTY{r!UnWEb4dP-4m?; zfdSo!l%nS_s&rgDp^!m&gp1$S#E4#t_EAgg^6a>I{?oG)qI->DMTO~T&JKQ322|MO z`3|(ciYNu6i^2J@8hdwl8ZCxnr*O5T&yC)oxvCTvpuNhP@{tdq+F!X z4q|Rp^0FX>)tKhc%fRB`aA4EMcpn8g`eP6f#vza1UkHY)j>A?*YjCM>(n zZfuw(YcBra2w)SCqjUg6!9-BL7PE$i8h>UzS9s%7b*3#N2HX&%;csv4P z?b)Rj_2xh{a?YsghaW0sS;k_}la@#cX?!~06Vq54$=P!IqX|+ei~I%6N+VhgzUh&) znSW-p$`B5EjLRXHB+r1HZdSXN^OhohMZB#icvSaEm-eL9OaAE0Sd3=dxUNC_PV5d( zRQ8R7;B~|%-B2E+sT?3GwxSGpj6(X_AN1%#c(C(U;yI_9V5_W;RJbh?&CK8pQOtN(zDdu{0 z63$vOizTJZNZV^O-_q$&K2iK<#*b~}F0-?Xdx@AM({P7r(bp>Nw9(MI#2P+|Jp7DU zpgZS?y@A(LT@D4lhpX3Y76W|M%wE5j)e+WtQ^bg)ohg9{Q|0%_p6qLP@xYTZ1mD%iZk#m18wmcg z7sc=?if+82V}Zu!F1+dN$1#bdrV=8e#|Aa0Z7CdW>EyYohfCBIu;~kfv@(V7>tHA2q#; ze5~%t%*&!3rmo>ZJxj80egZ`(&7iyU^7Q>fL=^dxsvi9kBfmBq)RdXaC(9(lT@jH@ z&}vcgz5&KOrl{XyIXAjrEM=J}n!9sprf)=R=X!6xI~d7H&8-$oSu}`Wk@`Wi9BCC& z`6c`b(FyypVAYm4cj0zKlJr1n8yo^@?@JC?ZUTr#=p^(_*)j!Oc*i-TM0xk)?@QTG zFbu*kA@Dr{5J>9qE8s`Wilm|pTnD2{UqwO%!7ZbDVwRMnO~yz~!YvoSVD8n=I$}7h z%gkO@pdeiqM;&fYXy|_X!KNc!aUN8BJR*Y2m8e({X!Jb)19(#^3-BgH5!4|5e< zMGA_v5XLBl64|Ov6%?z1zpn#9KLZ!Jce{m>w@>S6O^&FI~h;v~-tiz}|YO zem7szfi*X`RWbxf2QK6*_1Au{jdIA?HA-7EJ8l%*fx>#5~CPV%{DpyQ#)xA6C! zI-*x?VOz3#-qPRE&SB?>uD~Hjt>$)4=6u-+O9ORvx5wUVM3LcGc=~k>CR#ipXs@S<9MKpg(Nqa6 zogvy?dT?3mH;CRK0^op^tkbvez?};Z30x8DN8H)`j(QXi?|N^x^KmQdsRJ}BR(DDZ zQaq>XOIXVibqZ|j$>J*dOvoFe9Y|@nF~qyMv24- zy_8KcCB03E!DGC}LqL(l~zJ!?@5CyLrsDm*KN<}~$!_>+2|=xm8wlA>qGav8Fi?$Lw9#NMkc zv)x)!16lbH9AYEs_fcfhSgEYp;g$no_TvS@J`2yx@-PZ1HcR?Z5aW~=iymHmfUI=mOvQ4aT^bgn zWmMNOrl~TCcL!Z$seQ0P3fb%@H0!rIxF*iv=|>ycE*6g|zPP=bP5f+x5EL^dy6-3za!$xnrc|Q+Ng?S1?wI_XF##sHAc&2|aYe(amG;a7 z>ZCiySyXSCS#7Ldjn@f5j&2#z*ae0elVVhbWmwRT1{IL1+lyl}mxP$K?9|C9IFFqS z##0+Ey<%NLXi@JEOJiSKia9yD6I1Pvd0svyCWJ<}2hj=elCT1}ceD)Yv~#W=DweRJ7O;5{T` zfOzuRN-f|A1Ge&O`eR;L_2T8bby$#IZbCs?sqc~vFQh_UJh4d|UwM*y8Al$xz{v=^ zKb=RoMlD5X*&x8imXGaJau>nNz#~xm+`L`rl1t>tkC0Rv?!cAQ5ZUGO>wCNJEW>uMZkY4oDyVYXk8Eq@_88FyYP*tF!_{D49m zH+f3Iq8j@oaxb9})mYp~UT1~w2ycB{w6zGMD}QRY)r&F_naG=o+U*%xE0<;n^HAb< z8RSs1BMC&gjiIm9+vs$p9r8%3$b&~1lt&zRDwb!|3jr1=_ZSzse1}3@vC-dDNKXCm zTX%dZX!lJfF5PplBNat7Yjj4z^XuFUkrUV^v_DD`s1DCJ=vNJIrmR<{Ex1m@DsOBC?{gbkAoa zhw^gNp9AT6AmRaE-4$9_?HLxMXH(^Y_o~&kES~Jb_pj5=Uq%D1!UVkXiPCc zyN(t*GJJvhazigni@EXEv{%I{MUs{g%tF>S-btdP`Z7u}FMk;4>Jv4)>)_ zfx8jm9mN+eLiiMS&6!yX*N*_w8SGj+yGP?sQlvCVzgyXk-0e&7J}j1qsj-E)+fsSeyt*I z5AC!*eY80giz{vTr_YKREBnNRrlmXnS-1GMT~N z!!ujyO%4-c`njP|#g4rH;6+ z*^W?%^cp?5Mryew4~l-&pcJXhHHbMsB=wT3rq>Kz*3%;xO~9s*>z0=JwjV_&lbj;4 zBz9NLMX!rfz{(-0XVA~5wHgzC{d7c?EstC`*k61Rr@1k_wr^^kvTDrL5WUGORYtjm zkXndjG(U^`5x08C8x-u>}cClZ#!x zZp>o)yYxamo9Uhvm2h^TozG{dtk8EL(AIj5n_3Y1lDO~aW$?Hbb08+Gwjkw-OUuWSy#MDhkXOBfWuX~ZWn^axUr#eeyHdmHOYkZygu}a?Tpy<}pZpJ;U z?}c|KW1@)UQnzlTp6;E0a0_nzX$7~}*-C8f(s}=3XX~yjH$P#>e#n!LmpetZGfQ)) z8-Y)pPtG?U6erXK-0#*ZzU(6G8VKUDgSl8Exxz4jC|@?>`)l6aQf(+N1o31t2L2?@}-0oZg0@FM@|1e|-io&)%8 z2LELYu55A5(f~y&K*ugY(hJvr`$fC|n$2&_3AnVy|HRUO%UN6#6gP?$fDgaADgd8B zlmC4zFka~|oeno@7yxS^SplLt{_%8+>HycW01#UslH*2M;}%EvH?{&?#R6aqqA35x z_z$)M81K(izJ6xcO67n#1DU1kB?q!rHd#&0ozV+lCY zjWyuBHRyOKnD)ajsu#Ee4So>d$e-E7nT(aVKs+5_O?r$yZZA^izZdT%d!7s@7&-4L|1(HSp zj0Mtf046RANDAh+P6yCzz*qei%gVwG%=~LlK=l9a2^_zm@BW+xP#*thu>VOmg53YI z1=0OCEA@x*A2|#R_h$^h;LGw;v4RDpdT=v$U`6}A(E+qjU@n001xuXcyAI;eh)0`4|L+1o9ca!ek`2lpBF#W~2s+Q+;Bg)Fn zwgj;^edfa6wsLAgWbPYoEN798FRbP-f63> z_1bfUjP7tWd(Q*LBH0fft_KZufqS`~d&Hy9MlvGt_cUBXm9X2V;5_9|gxgTA@SZU5 zE$!q#Mna9oCezNDaJd`k0{K74$lt@}KFn6fCJ zr3h}{u$T-6simq5TMSPnDnBd~QM0yLd+r0p(mLCfP9ixM0vn_>fj$D2!tNdMtk=|w zKkyZNP+R>`b`empu63lXH@kEN05^-O6>p@_qZ8g%WKBsBAK1dqLa6kdbjIB!Iy{jyyQ+R!I&F5-+0dL(bn1}??7>VX1!^h~qd3!*Z+|gFb&$U3i zl;wcvF*xLI5Gzm~Yx+p5&I%bPccpxRa$>v%&1aBJQs^O>s_7Ydv^F%F*N9mq`2{lYA}x)X z-eu_#tPiHm4}G&d870fab95 z9echnHE<6Rz7buCqicV9RV#L9;bFNhqCoDaobR^mnof;$4or+*I&&)Fst-;Ym7UCF z&G||Cu9Oe1FeIw7jNSOWYEQ&IU7a1AZ}fLhd=}hR9BA-zs@NL%^r^w)vLAVN|6r{h zS*Kx=xxJIgX-@nILlZsQF4vP)_Rvg;Stcx4OZWRuCylLd(L&M4FxI!N)`E+1cIrUN z_(eI$N-5--WNvy(bi~w%%4fRL{#P)Dxbss@O%<8p=$y_%2@Bl@0Bi)@| z+@)4xdDOY3t3rE&F?hiZ2=Cy^y!q%=k8&c2^a8h)O^2Ztpc?i%SVn;#LYw-myA3=j9Xch5Z6?XAEbwjvkGg zc9v30a(lJ*c=gmRb9CLbWeIJ=R1RHe$ct&Ps`&;wDxuG~P0L?;I#qkqNdo3@3R?&6qIJ*YdBF)l(;9`i8!&dN+@^ z3RG`r?7yIXh3+@F@3}S1DtTA5aotihs1lAaWvI}j2vhGw6-KjYEhFVithvKOG!&)U z;?oOOMNA(|y$WRs6L_8wV;q-gGF(Ouq-jJWTI>*=q{R*9yW%2mH>JDF z(vg^7VdhaG+E^nV_ICb2pup2nu9r{Zd!_GE#W*Fi2;a~14&yvEi%!8#t(Ptuc{yp% zt6teorKv1B3*TWGMly*Es~J}RNQhFNbL}*%hOW=H9vBl zqLw#qjO@?5j`G)|(VG14s&@F;JW$DsgVHH=Y12~SlOvHM>dU_Pus_Ty{w*t#mAa>V z?q_kASh*!Xv}jc=4E7SN>ZDyU$hzqf`3j%+ zd($QKvI}y>-jOtui1k1(kRfjre|k_OJF03MIbvl@fHHhGJ6O7~f|%pjD>Q_6hcGCt z;ygX4i$_xlOG3<0dbA;dyQzBZO~FbT+9|~z;Sn(o!v*tD3nFXx>X+1@slx(Ql@iD3 zJ^IH!(vRxWs5(({1?QyFGtFG3NIYIfBkHesMVgtRzeideD;SC$ehQTmm=qVI35Rh= z9zfxRIHE&CLnIGHLY7`SJ=5^*y3O8X-}4SVl}sqHk3}kl{OK=f{cAm{fIm zgRS@cv|1S&0f&AM#GZ|X?R>9cw%+%{oM`JeidW$YNb$_Ns7VtntFlB+QkqRz=A!sy z!@jz&8cbu;PdN5Ee?(MH6~~k41KWNoFIz@aqIUA84t-L@DmUq-Yp)LZ*Qp99UDVVO zVJ^kvj_xH+;WR_Jjpoid!51B_EiLB`b`nYPZP=ebMSed;#FcwQV$tuPY>G9%r6wrI zHmxGULEp``|8;M_TOz{n6>%pST)U|7*Q|nRmM!86!1YEc`@rLeW3KZk*A8QXXMcCw>c z{KSD`5j`X;K4I<&`A66yv8RhohK^xjmhL>YQhPB%p6%~WUqXBG&GB*0N;zAO*REMB z;W->^NKb!~v+}Ge`Cv)uNzqb@7mAJn{o#w6Lk#06wjde8<&&2Y{V;}a6SJ9gpL-7e zK;2GgeqrRRxb$Q*M|Xr`-)T9MHx>r=9qMzT1~(NAMU@4j+KlvRI9 z)qd(YRy5-A_InJDG=XeOn>T_CL7`(_5$$n73{+0sKIctic~S(Wvz%cX(*KFdxDSDU^4()3(@-vY)$BNuwI zyhV6?YVUpjRu-MJt)ocBDs8U~`BpV+P-w6Pbq1P?XD+$>{|Li#;!Un3himrN_Q#U-JQ}UDP5v;cXtX% zcOxJz2uL?bNJuK(-JOE)0gL`ty?*!p$FuCrshK(Z%sca*zErPRvPCys`bqd82xOO7S5qq}QSWwfXAoea2D2qASZ7dmwniAd_Rizf z*j>p4I6r|5W%*2CMiF;1r+py@&sOjmp&3fKgve)stS`{0tr5T=Y9DV=^bPOcsWCN& zPon?OH#DlYbYj(~Gc8>)Esdv0AqgTGXnkz)3OBZvh4m5yYpD=kZBi^VPkRWX6?0+a z$U^H&Kz}k}#7f-416tf#r1jEn_zf$~6j_rw5p2$9#&M`vRTJLKIpG}Q2CenZnnVY^ha)X z59FkL`J#74;*- zK;4YwXHy7DqU}w;l)|gLTA7XCeeD)gUS`J8MYvrYhtb7;Xt1(hWa7M1UL>VEkDH@e zkQS|C;r!`!1}`)RH2de~O(j`%TD`1?Wb1_zCJ|6ERys3e6Q4}QQ=CA8t)gcoZ67}0 z!~}h0MJ=z@@F}eU{DxIZ@LB2!SQC~7+oQx%o$dOOYJK%*2jZm%CoX6*bVGtnhakq`pZ zF4{IXL-*%}2OhI3YNdN}^(DKDRp)(qnDznYRo0*0sb_NId8M2Q*dQsRBor9PdK%O} z=#`wDS1;S6uJ<7o>6R8N{x^K5=eP^6eDcrfy1Cz54ROd6hhkgn1dz3->%J1afvcMh15%bU6>khGcb`9kfg`2o)dXviBRU(f)q3 zrY9F(>m*O?Q;X(idxY;MLeNY8iIWOiojan< zIwR0Wh_aVe&m*OnT~%OD*eZ`@vK=~DD*ZeB_m(?}qqeA4oiUCZ%M`~Hft58c1cB~}3Q4VyKK{Ik z%C``8bJJNYp@IcUC9GvMtTw7CqW#Z=?lIwgq|~tqwS$kx7iRV`q^HTY<96?kI zT`7K|?T`XOck0rxag3f2bOte)3ht?*w$b=y2R^K5u^%{Q=W zn%CP@Vidn$cxwHj!o&k5Vt*|D@PY4n;h^U=_6hfX#j;T1vC6xRhU+7*^aW-<9cD+q z#oZ};Hr@q~TqzROBx)VVipHmJUK$WC`n}$m@qb*Av*6a-vF_u|NIuzwrSjC|d|O>X zt~xNpLxx1(M3V^Lt;MDFy7;X>mA=~|DEk+$FtmJSGxnnXDgW_=vYx(1Bzh@G*$9Ff z5{z}Fya~jpEM?-p4PyU;PAh6^yV3E8Yi}GZD^soCkU8z>MI*K z=5f1qJufBt+L2iZqKOg8Y7@Ybd5!;fI`=5hNCrPgDG>X{4}DfK4;2Z1l@ z*iE30NSo6F67{(?rO4d|7?2oH~)zxhP|-f&9g!PU7A!{0H=Khe8cpjRU=> zjl-wuGW2wg?2*3a-2y!fM38m8Ut(9&^5H*A2_r-BkP1Q}9@80)e*a9jQ+68*4WvJ; zFYpQCmU$3~$&zuDYiqbFbw(M_M-Jt#gMnJrgyE`-A7*OcFR42b(Y_{!3G{TK8Q0m@ zs(06OvD2`^%o6K#a6@f+Ycw*chP@Fd*X*EIdx)0MqO5IIjIfml3xi%btXX6Z5-|*& z_}QFKMF{Bb>2e+hf5`2t5cClb1Tx`V zV_0r`Ery8L)g>vnkb{sOcF8fNI4Ak zt&m*}xxTZ_sU9FD%*;bNKF7vHG9}Pxy84n*H z9Iv|2ayYtZe?D4;`Tcm>+`(?>6f^yL#=WaAd}ikO`}Amd_?NG7%Q^e>(;R-gB`F}` zeK~s-mp>8z3?In+gE&`Azl_ zAaaLS{YX~-(pJR?%rAQb7XtF`_tdSwiT#|-J>xjggXcdp|G(thfth9hNZQ|H@Bgj@7%;no&4H5k zH*nHj(*7To^Xp82v5X(6+dby~?=t|(BHt$M0qnqcX>jJd{Q2!?ceZtFQa4!SPY?(g z#<`Qa-_ZY*w7=7RFL0Z3XZZmTu>6GRZ^i{cfWH9*f6zqSc)*W(g3#Q-9M+sOkV z4}f#{19!XIsozxG^Nlm!i~QmOzk2cANIz!}APc`gh5xX0AdCBfx&KZ0&!q!d-0#ra z|6p^#(f_i5Uw!ybo(R@EGXV4k18nsll>Fj3zyuL@Q~3wn{9kndLuR)wd|y5TjGO

Y>mjrKQHzZfLoRsk&f z-;EiVCIav@{f`a%L-r3_zFY23F9N{VfL;GX_K)~+w?jW=0oUkXWd9uZccc4XwUx#V zP|5V;CcKLxfT{fWDe$Wo0W(7YZZTjlx-UQZ2Q9z25incCA6Mc1^G1Nv{B+k+51StH? zlkTMM*YTe`>35=tdr!LKKDaf1_Pdh9h517?c=az;Su)9tK(Uf?%>-^GGI zobm3vKdtfphZ$hCzaH8@;n;Wj|0fK%NB<)Hhb;pWMf@GdW?^Sx{1wMGH^u2fzUg-# z3~Qd@OptFnWqF7yRf~w}rc(`nu7mr^E;7XDgN?E&%IautLE&>p0~PA?YO6U!_0LCk zjt#uWieI~uk5_h1Hb&vOd3iax>#h-9cR5i-nTSbjTg%dAN~aS7BT zj0hK|d&7NC)6^p74yMaC{gs(`)whSTu%un=1arl9hYG$-bc*dBI!59jCp5vbPMqbv z#aNHQTMt6RXc9JrwjsD=p7MHJ)(Sg9d(CK?Bt`5Pr(+RD=&tJygQH?C$j8%G9yFp^7M-WX*h;MW3Ww1=II&?<&>dCLZQ3a7 z`BhMmFfZqu)bqI|TciqQY_%uQ7bgqLNcfz6Z;FV(0|ipkOh9%mvkhmSBAxgSFXGr- zzKON$?}i&#+iRnL*2p@goWilJ@gPw*y{pOvhnnshe9v6@Ouq5!T+Fl?Y#ST2p@fK` z7Ven$X7j_54PKImptg&CkhXXaIl<2d>Al z-KjR7`pIF!8it*%yKrz@5cRE{@-D-S$n&*CmJ9v^y6h#78Cuu0wtC4x=QMB>=99<$ zxNWu`a(&yYHT6f|57sX5`^N{nZr;mP-a0y3>O91!)9Jsp;S#sXcb^btipMd)eQfI) zdacuIE8=krs98B2t!o0}N*<76R)QlJB6!o9lM@yA zUW@a@!(4ILi0RCMWN9yC@U@BHJAw_AW=wC3Wgw9+%T$|+P*?5o`4Lx!g8wJwp zg?Fv9<-a5-lxM~@ITnn49j=hIwyKqTpB2V$yK z*S_Vbuul|meq^q*X`y(}&X+$Ts2OW@PQnGg6VHKLmx2mq8cG4`5tGC$wK4+>b?tVxP*N3+ovjZ@hNyEt~h$dpT4W1f_W&CkZQYk2DA0G zKL4by7#-k}iMJG7+?>W-v9YHP1~WHUYDE2x$A^g)LlBlY&a!Zms)m!y{^i(oM~z6< zvw6Qs8sh+0rJe?xA?QQoVL@&Ry&yM{JRa4yZ>r=xl-QqW{hrw~Rnlc31l>@4SBE>n zn(>)OUB1yb#>eol4vU5z=pU_XrQ9Gw9`9d%T!5qxhCp>ze~sn)Ez_55UB8~z^H^yh z>j>j5p_q)gWLG@OC#OZ0YIm)2;Z)%d`mjRC*AE?4w-=3rmg{jSU{IVVI|&hlcTLmC z%SHUmUqU{GL(1%C_M=~^$uwvws;?Zhm98LF6*+vWJ{+pesF7{5AxoiH!-+&U`mR7U zjs@&`Rl#H2KK5g#_P8aR zqMC05Ws$KLr5Vz9X(T~Pu@OO2K;Fb-A3%6D63oq6iGk!iZE0}Dmc(z9>sUSc#_=Wj ztxG0JW-hBJpS5Chv<8ETIR#R|>tW3O_zp{_HR$?wcWhTAydjx}h9*B2UgBj^eQ;-9 zrspzqYr`=Nj5z4CxUC6gpQhwSUxiC!Pk_-g3cds*>ZM{duu8DV(sIK;XHg_iS|T$v zhj~^IOc#?6)10Q=I3RZBkcwP=xx-G=q&8FV`P9W~P{~bqZ_0r=hM5tn*jQ{b%#(YN zNY}rr!Px+zhnYK$5f1GuW$H`z5*aNlCH@F)X~Q>E$7V!%!#mk*3vAVb$PMZ92SH#q@|RmJM`Bkb{>TS}SE0;^TzQlzz)dS}GR{ zJ?Bgb>u6SmNV>bX+n>KI{8gE?9fHbSZjQp7+NGn) zccX6`pRU%wUmI@-BUD1dVDy0U_r~RjI6RZmfrU%f?P%^>Gm+MJ zbF@2cqs8@jPI<`faHwIs=D;4F_VC$r1Pd-XkyDmeZw#VTb+aIC`arb&J>P={aZ=4c zKqUFPRLfjmH|)wo(h&Pb;*fKF8&PVPgs7PWF^F&U&3UCU7a5ztIAUS$tM)z+)7=!+ z-B6BHTvUBlGPeD1>%(8E>J;`y;(5+(_6C#pZs6($hF+`WB%gS#4O>BP%#wjgm+Y$i zt8w>*cF+ZXn~2@my#fCaaaA(K`~<$T*FrCJxbr{B+B~IM@zGToYIdBs2R^7fR!(dRKfu z+^7ZfsE@M`q8u&`^22+s#|^$3_y@)8XQ*iwR_3^D{96v*rD3z6}z+tDg5-GT3+5fl=gVeI} z^_CeE^5Tl1bl2(uJUW#@&(Y|qXG37BY%ZeZX?H!RRFq<*{>1x&f+^~E{Ma-_T-GN< zj~zdlX2cRCi9(iHqOQd$GGNQ39KS@ud6e~<_U#C2`$%50VsMyAb;BbRmls1xGG?>| z!KfjWW|&5dhCWuIl!Np7P+$r-&kmGrQi+DUEa%7iX=6%`W4}>sHe2*viz=t3#A!!c z@$|Rnrg)-cbrSj-@A-x5Oq+^GJ%n5cqt|F?R+lU{vXxb}L|zffBC_bvD@K%X_;YK5 zy0^|m1VmY^P<)IEUeU1FK@AwJy5(x3l|yInh`ip})%`T+1BBO|E?wslHs28G&YW31gD=Rb! zH{X(_g?l8y^OP!yNv(nsR&Tycn$7XQL*sNX$5k*c};ACIoW z9pho74P=Q}=I`3Q=U$p)zdFVnVs%giL#4Op4qINMvvOPrta%-atm4&cirXbr;%H{a zg>vn_m-9eqQap^1u6o;d_iA|bV)<}`^<{}9qmd>yv=0VB0j9J;L9jH8kRJ@5cf>rn zbL+=icdd5R4e&nYmPvD-j~@fNe7pzC=(odMp0&=$&~-WRZRaOh&nR}|NPv8(v4^Te z>^hIcfsnPV$4GR;Oi)v!I4`dwNvhtNg^2U|Y77Q*5?4jj@tRwKb>>&@X-z7gvIk^M3j_Cv4Iy{q2K%5l3iXU}2i`x@AvaC#uk}ll;pEMdvg(j^PUXn{Zn{5Y6Q=I zr%~qBmB6><^Yv>T(X!G(Q`L4D3=IcQjMu|CbZY`GWt>I>((6maym*^FhXhSZH4^BE z?s(20U{6IW700oD&i#Da+fD>J=NQy)5(h1zQW|kaUWUwPA{_cvLIE?T zLaf#&PR5)^-_Vx7K1p9+w0%ksXDu(~M3bakrx2l}F!lFY_=9$c0=#>yC?W^(=@^{Pjz+kq;|2 zzW9xc>ETG@Ng)1(>b(bHH@^u>1ooL-`Z3s_e2Py;j@R(O=IInOUm@Sa^JBef?F~^d zOmnHs5|3FcIU)59d^sCP8U!|z{8%aOwWMfSs`cJ`r`PET8ME@A4|S_?wcI%iH3O{H zHB{|id#(+`q;DJTPhPRCNzzl94n5_dLtqPGM9Hf`kj4_mknT6FrtcQoZSra|Bl*^d zDWQa$9Yu~&RI#F1#-r+4p6tE6vmp3fZetZD*z7}%I>i9u)=-}vw;R`nV@2YU zBkSA%M57YRi~7-HAFxakK4MW;Be`^+?+Wu(!%sK$mkNsYut^wb)<_R^YxDPL3N^FR zp5v#htZhN*A$Yi&eB59`Ta{Gn*iL^QS-lxZ+NdD~9tutY?u1v&wM`!xN5m|=U=s}| zJ)a12cBMAo`35CRGg&WWpdR`tb7Kk0;!FFCSIVoPOP1sy`Spc`f>%Q6#45zLK_{CN ztt(}cHggIK@#kLCjMi@(#dw85OX{&M;|e)F8n~n~N-a2%r7S+Y3Ri7jB^gY~ZSYUm zwBRd8X|VEg2sSQ{en5K}W)K)YeF$gUhaj~Z^a@1j8GdH4eqzt-3gT=q&yUh#5%Lz` z*vNdJa!!s_xiD62=tw5QS8=Prb9uQKhyn!SmHocKhcOl{Ak&8X>4m-R9>#34|HgV& z51vg;9xLNr0E;R#su{{96FS|yZuKZWL7Z?Z;~j)7nzXbdt>KD)nPIiQLHB{lCZc!yj&GB}L7BG}fD zpXy~uV+{So3+za)F6Jtr11cjwCR;gAKA8QU`~I|N^{Z){PVCEpY9s@?Yb?MlUP(r7xP1-+kALfWn%%XpictToKX%yLt7f;}VjsFzba6URLV8n5$f z>n5+_c}+A7?IW?3^hVseit#c_3LIV$~Gq}wLC6dk5x{b+^ftdxA~tV z=#4I&XZpm`!BEY8RjP8Mp&?|GZ|C|NB>p$7RI<2zRd{(NLcUC6#xzE&1V2k z()*k+K;dsW;XA2&E&nMe{5y5&eNGraU3)v^UFsQ-69$mD{*llHCNRC*yBi%qFe!jP z^;Q)S;QBXJK&km3U9$J9{&$-OrZfGCu>!X258*#-8o0IoMi}5tfQ|n{_z!^PZjaW{c#p08tL$$m<$YiGEw%#aG{3P#K*RgJ9|08p=10KI z_W#L`?sNnB{=FXodh>6G1VSnA2?K71`~_P9Zms_ZKLRx8->L#aDgUPG)@y$nBmkuZ zEc#ay`X`9xPW?|=0K)PY**|O|3&!rmbn+c-H-eJ^c!zt z0<_KFes+gc-v05^#(!%5)vW;H_v-$OTLA_Ep8Os7&je@|zdfJ-T~AC5KW{`}w*pM> zA5`3(;H`?g0C0E1{Z$2!Y2KLvU=~06?wNr4?*FO+$U<+rcW(pXj}5ys@1OSg4=xGN zf4_tq;oC^~SK;4%g9*6t{_m(KD=Rbeuc)V%C2ke6`{?_z))Lpz=HgHDqbNurq7HbP z93lgnZxEG{#KX`ztctak$;`iPa$jQERM)B0+ThkveA7vEjPJot*(@wn!hey+fE^`&ucBEe7Y)ka(1R^N9MWa)yYo0`{`2G`G?%;u31@OaxUr& zTfExjQF2e$sco6Qs{PV63l9#?X^Z_g7OtV;mGAe)Pw>xjC$B+2_-I;vzJ6;`6T z`9o(e`WDWMQ{cW6RDh|gZyQmP3rVq#*F!{b(Z{Nkt9Zvb=bL+AX@awx=ti09Nps5C z6;lUP6k^mDk;4&mKx?vpLdG@e+wWLihA1)6Dj0McS6?MNpD~W2WA$atV1cU#ah1Dp2n9p698Qa6=karh(!R{;NFG7c3L+nkhn$mUUHp5Ce9g zN7g?w+@wZ1)TX~JNm_A)*Jou{EayxNmp%j4sWy5D_VHU(Gnh=%nAF(ga(Zhp-fcWMGK+ualNIN zuYA#RSc)6y6L4hs7%HhvSS2meY_=ms>CCOzW#$g6`i%UvH#h=OSuL4T1&`4Vs=b!g zyKJ%&3Io_0jnHDAP*FaF;0;32er`$LgAzj`OkU%Y`NdAzN;SkG)|y5nlFMX0iku;C zRQZ`6SWfr1iqA&Ki6;}qYmAD<%8hvg8%i<5&8lxYQqH%Pnn$b8sUEAxB1w{4PCiEH zoX{P8s5}gl)q>Ol_P~X#+}@U`$awjKUUWN4zCHqzlTY_lrk@G9M?6?TD9-2aFh=Nn zUnao{O3ijnj41}S=qsg-Ii|aJABKGKn)4K`9#jrzpU$Y0AeAfRDsq}c9`yGNO!c`N1el_Y5;%Fn9AR3W?Z#*Rmk2+ zn-R9u-|*4ictHzX@wJL?R$)v1gYV&m0voV=Vys5*53CDYc<}i}Srd+xPm7?&I+?yA zh&&-xvC8*He}{KAC_B7=3{rmW_H|BX{GeXtSU(}DinaG8x@_r6JMLm|nraTBs-oPc zGSlh_B}2Uao6<}_r@g#$gQBcHQr?ATeN0y?!_^=Nxuvo}YCfh6cm0v1$E3l1Pj3qP z(FL?(pMjzdqS!wW`M?5A9BjlalDQJ7RIyS}ko4{OQhPfLbMwOr|JwKhD#{nfdc7Tf zUDt6|kZDQAMeA)Li3reNKm=pZK(!g#_wWAJZs`F4rzv3KLZ%x-Rt`n7?bQ+CYO!kP^%si@h9u3sL+Jkix;!(=~O zl;>;z?!wL@w zmebH==%`(8O1_Y9`22)`j7$yQ?^)()m&qk$5MiaolR!;3UkiQ1;}x1*EoUUeD9Go2 zxI*3HjjPd69dr#bsiDg+2GzPRu$ zF~tAgl&P_#@uA0v%!oP*#VIrkMd&-aylj@w{1~;?8@W$|}M1*D} zIwzb^gpXdI#~w0c?MQePDl4J{m`B-4>g>>-st5#a>1_ynT0v7O4xiQ~I%fS^eI_X? z(odu!LV!t<9jS==^+dF{+NUJ*HTWyb(T*Fzgt}@mS?qE z8X`Od!7iNVitv(11?|xpDf0QzJb9QDM}tDJ_0Zku&hZ5IhlO)tOk;B57#0d}@h0>JWgF|7LIbm`(2+cAKp2ax|%{!fNZ%OK!LHHN@_W257 zD!l(7A^(MiNuHwE!jzzUEioa;!iV;YQ}aVRC72gG)N$YKmz*q2_Gqs{;%7$VUw^w` z&`QN)*@layc}@*&FH>RMu8Y6g3ibHN5?sme^iWNwXq`VL>B9@=L2kmD@Mwiv`mdr! zuG}9d18crd#l)~6k%Fd?o>YVA)k>J?*iY6TbS!&07<5#8rtAMY5qHA-_`wH9L41=v zMhx)iWJ#|foiUGP-tXx(37-|~ubr$@ksu!yk`UQbE?HSe>rzuzZt9wuk0YEMs`yEp zgi0&)g16`s!uX2748Cf+dD?uw4LxH}3_7&*$;K&&)V^^IETxn}Vlt9-R8oSj#c=jI z0ipuAdMW1P)N0k=u3Sqynq7k3znvA!-WQq$rFgwnjj{gRpC0jNO@O zjW^#Jo|CfjsYQx|Njz z$v!sm>-UL`I`AN7TDg@j&AeWnZK$qy`CchEP>H6<864@|7!B2t&peb%Ny11{)!*h@ zyly_&eDe8fd-G*;1ytPkvfGw!AMt2A(!rPb9Xa~^Z{Q}vbgW;H3{ckDN@2{br5S5R zfB!zm9`2$_x@1K!+OgX|lsLTa*m5uu>xJ)#xnVi1AIIK8%b_hTW~IXw0Ny(I#MTqx zY?0#$nRe8-5sBtfRXMW-jrd$IWq2OY^AhhM(pW=6UrlT<3oTVlDmluRnjF-i7cqz3 zQ}R<&?nc$tLk-+B6Ui*L9^&KPkXK-PFGJy` zsc5EYcGKi{(WBM=P(1|V1ppi1jb&uc* zxxK|ANb2in2g!S@BUp9K8TiIrHekdnh@-zDthjjNCbC@{G@7_fviYnvH2D+_ib@JN zH;J1J;v_Z4gYdmAvNV<-3yOsiUv4$@iD_$OX>Xu ztj=pn47sF20U4i0S5b>`^3s)0DE$(QIUx_t?9Lr1TD6rhnk`AsG%lyXxAs7%J}p=Z zo5MQlzryF6ONVVXeysW`%Y|l>*ZtLYGa?Hw?BUcrqR#MZcGW=cB)GK2tj6HF2{G}_ z4^aU=6Pn*qP}$0cN5(r$IlQE?jD#2utg`J)OBI||cIS~)ljQR7;2h7t zt*N%iy=u^B=xb3gLr8X_ACY|M*tOhn!JY~l!vFE=bkQi;V7Y-d%qn^-z5eD2XBThOMD5}tR2NBAVHja43SS>ZY*x%f)>ELWmw6qLlHTiLrq$+S4pZKshy9PExBzv zBRyXK`IAEdYcT1hG&gAB8}RoUtqQhZT8~{9vbCT#i0zUBIvni_cpmGPgTJV2VX&pW zgy}CPTE(=RqcnYN*(z+>bCN(qrD=8I&Lz8e24!?AvM8ZCJS-A=ML?rW!j2vqhcRuV@QpMUMg$8j&67739i%kPwm3Bg{#6z2%BOL2*j2p z=}D7~nK0GTlb)6jxl0sv@fmlmj4w-5s+?hGxVkb+9(ZrtEbw0AQ)0z;>3amQapeq1 z%Y`gt4YBqjoBH6D_CH%G7>b(|9{i4Rn4{Q72IXh02+l@jhtW`6Oa~^O3zGV{pD)PR zP$I-!*M$qbf>&1Tg$SX2jo2r(m#xzq80cNRgfEOsf({nBP%PZ3i;Q4-=tfT9NYPeh=IU!{Aw`ahPAUcrxkJ0FOTW3cas8g)yIwN5dlL zVlnKC%*`t%@Ay{9Ob^!0qmw&8zehFDcTy6v=lWAk5Uh6#P!qrZjum*RZSYofOH6PY zUXgfqQO3+2i8E^#btN}~EoFW$duv5Ya*?z8doZ`X+r`V>rd0)hEdsgFfzUXHR&pcyKPfj(PuSxo+*D|1-btWC?`|HH_A%vt2P`0mlO(h-D{Evf1U$S^D>u7W@VX z#Zm|p4|U(Xd0+~IhqdJ-HXcTS0@5#>x96=nZ!+mw|C##C#y_%u#Jujn89oPI0v0(- ztcmXgqSCuvI*c?0Rf;y;!VLLkMnsJuNL)quxb@SnZxk{CvrTU}M-ThKaEl)WI7_^FhOT`+Z1j0n1t`dBU1&)4b-4Blpghq=^&E4h&k9tbRN5JN?&YTkIy05k)19gm zCX376W$_|Rj^L(m>-220(eW&8iNcn6A{KpE+h6PYwB}-UMh>fJy_h){o(Ob@FU!EK z++;3WnYa4*HYqw-s?{sFTSXRGUXdi&T)-Dxsj_EXLQDQjF_Cl!oN{jm^{_ay6kqPu0lsH!7fG- zKItJY`kbG~)(0((E9RF=){9EoQ^vowmxAm}?}b17saJ4@V`S3t;aR`e4(S_PZ;@b4 zuTE@(C)jd0t?z;ekPUF5%NFGkFG@#d-qXBHWw&7(0V}~V)y(IJ8O3`aw(djQRp){q z-VRxMxXBoOQfaJWpbE2$!b(AA!^*Z8K>tlh<>Ub~Rh>HVw*sy4@+fT+e^%3=h$Lo^ z;*nv5t)aZJ7*_bu-3>*F6SFZ}Fpid4d~SH|YZG&DMRx8%4mJAln z_3(8DCkjLyRC1mM!t8u_*Z}o%w6=et$wd37Z9#Xf7vD?(1i9$9W6b9nN>Hz_m%Cb+uPmDHplnv>-X*ZHl_Gf%*d{$bm{{kj9;fN@cKJe^aUb3AABQ( zJKl)HZ$%n?%x7OYmEKvnK-J_z-A<^^EaLECP@kH9O9aUZFSXEw&ndSs;!xJ~K)Vqq zdiUUXH-4183Lo`B5f!Hqafr7Mo*uYXGL*Qtr*H&_V~&77;?kwc?Fjsc+dN+B+>&AB*3Es3An*4bhHOTHM%5C> zA6_Avk;gT(_6JGes6fVQlYBf>lTn?RTAH1sw(msF`e3yp6!5@V#9G{mSVpbNtXJu`DGx8;0G_|Jvi_mM*an;0`OA)P594|fsj)X3q1)7J$(y1 z0!|h>4t7?0V19Hax__oeXZnK=6$m%F*-^$DpyduG0lXjj3)=Gw`pU!zj1b)QW-|Q` zef?2C@DEyk!HgJzFaiMF1LzjNV`u$QNAPb-fVolcl-zfk-eE>}xb_V=^RG&7zW|Jx z-0`E|R*C!e}F0QlSy65OfyAJOt(RR9?$;4p!!BA5V71h*UT z6EwT|8-ObQF&m(|lAB5&fNujf?%zG^PXEuqaMvUGW7q!>{=>t5V_>-BoV`E0KZJj; zieUPUf#Htr{cpm5j10`c@S_ss-hBSU$UqkOqY~tA!heno6b$bU4k#x4uO8#h0Dhgx zuMvS6C@kKo0b+i*J;57u{|6nv!~|ZPhFdJaz_J3Cb6c+&j<$p`MDT%p@O8>3|$N+yvgL~%o ze-{Rdinrn5zR&(P902GdZa@1`Px3!z2WIwr&A)|%JMsHn`A^{hn1TT)8~|F?Z^j06 z;sYG;p4Q>_+ZdRM0a(S|-F>U#&YAyz6+l)AqykU_a;xGl_Wl1VfQ<9zS2w_u?|JU; zey9F0#eWI|z+4PB!hjzXe-Zw}Er2-~{-1gh23D3|>q#apaM)4YM{g=BtawsIs#Hmm z&A@z0BV!-X;}Cp8D7h^tsYK(j>QK{002-l|h$n zte$SHt8x2aE+Z@3*T;96>%1)tuFm3%7797+=2~{Oox8cR^mW-1-(#GuKRrFQ$tdi~ zp5)OWRz#?MSxp1qx7F3pD{E%Bc&}GZF0!JJACa4ku%8)yhe|KH4(0#+Z57Jz`g&HB zb#oGmz|HIWEuQPTsHWo4*>t$rdlgK)J2_vVJdxvz=SOY$fYwMRs4A{ zpTZ9fak|6#+AV9~`@Uv%R~cSkPF`Y}ARWz-(8Cj88sfPyV>OBB9)%@Z2P#D;7F8OL zt}AfTVu{NcyULI&*dasgh$6zyNycYb2eZGakfiYTch~*CRO|Rc<%tvNf@15V6ki^^ zH}MlA$-TZ3@Hz2d!CvdQg8JVWJ(BPUU7`j)CTe|Q*5;sJdeQbZDh1v`H-=98hM8UH z#XO&1k8N^NVhW|jR;ul19X-n)VbD}0zo%%KOufjFC@9ZlNENaT0xNDBQiGCGV2VF+ zl_YW{t5}g{DjezdzE2`shLY)%@6P@zaQu;FwTHB)R2R`iut<>%ycttSfu18;k4ao5 zz{~|)Dl8(pT98HLy{3a-NZzon_nO!G_Rgz3CdsdXnQ<8Y{F9`dxru_hs7E@lAjD-B zxFLO`sNd1HY?;-@#KIHADu==*gau_$9`|ho;b%{is?cMy5Y-LN^DG~iPQk@m2O*1i zuD zIy;Rv&OjW)Z2q;*7Zd}MU7N4z6y|x6AH=kt8D+V9~FDX}$;YjM2{C6_B~3>_FhKSg zwvo&FyB7w}J1_k%F}TW5B^c}3Z}=IC)WioMEG&(iM6-KZB*Wnfwqdw1G?t!UUAo_P zK!<%K%^N{=LC0S>1&2pA9#q0&JQsguY30}7QHaFOi!OP<^F{O`smF4=ovjGz)$3~G z(Cf4zvc)W{M-2z*{>PWuU@S#QB;F*@{OSkvT@j3zu}kGz=h@CA?~63{#%bWql~=!0 zBP$0pI6bQlMpWOMkQXw2h{ivUF^kM{Q^=)H@-hZG!sUVzVgkEeiqf3dMIwhN|0?B+ z?)flB6M~RXaa#$Io$!|k^p58VB@b3U@2*KCWtqdid1*)Veodgd8+J#Jq{VW=|MZgI zgr4r>M0BAcCObq@%vG>m0zIT1ICtmb;ba#Y_WmR~grR7?J`!=FW!xgsZ1LMkPwQv{ zO$JO=miYYlSl|t0&p9oYH%PYqL;apEkD&JTp`d&&euO{DcJOAx=zNK5qUjKS`lEUG zPHT_gBOh+6SNkLWlDY;I$kc-QNDDzU-bR5Q?S5rBh9_;|QcN(7&OzJl9hNR1gwokw zdw-a^<~4TzI?~nDV<3*OLh|9>h%R(OGDsRsmUT?l zVAum?q zqwaR;AM!8e>G#up$bngT z8ff9Z;rzB{#B>81b|Zf_XXnRLAB?e>hF(xt%EuW451%^t2yuOQggDS_6$quX^;w8j z2Voe5e*YWdCg$WAr`+kHwdtjO6qvQ5@jMH1fB=+(O^i}ecLVB-f_2h5Td9Q6Q~p@l*+|AqF*A!4-z<<8ar|hQWgoyP+4N4y_W8 z@E|6)Il~8a*qLfJ3v5Ux(6EW6sVdA&A1O%JDA-@=#=;@~3_P0E4+~;rHcf~G(5p!yS3Bc%>-5J4k$)xh_RwJe` zt!)M0dAU$sfEjJz-{R99$>(71@=nG>l9TSG8h`BLT!XBrH*he1k?0ArlC8Rk;kF3& z{3tsXLw-`LENbb)ItJk{g@s14x|N`0{pTb)4$UwTGr|NvG_FC-C{ce$vLGaE*o+#; z%DJTAN-g%Jc)Q|4OB?XyLL0d_2~jXbSLI^D$LDZV7+dWn1FMIIqxYV zPn9Oqi`QcPvW)mYk!hiAq7`y7YsGlZGgGh%of+8S@5=VzLlG3F# z(x8Mi2!fO#-3@|tBQ4S)A>G~G0s{ITcbp!^&-cImd|_ucW@h*HnSHhr=kC|5-J+?D ze5~I-ysQ?!<{%+*E&5X`f%!u{go#2vX3SYA`L-6+K^-o6w1?@d1Ew7VJlg{46 z9`w!bSfcV0_mBJ7mV}K(!>Xh5nj9S@SEmbMsrIZ53#>a=cJS`(QQv;+!geRl_eQ$1 zk|-%GbN+K(pN&j`;YNm?EeHN8O!J$*jqIndnZgrmTz&39y@&fdY_WzDZ1y>VhR%eZxg5PmdjhmjrKY_spy z?SQ^6JW~DsdMA7a@&|sJ5qAk=n5aG>hhUELrrCV~!sH&AKDQF>t_{AmiP{l=%gXKc z(gFh&_%uwa+~;l~*e%OCV%n8M8AXrmxkOumswMwvj_`-Y!oJN`DMrEw0o{+?r*0Bv zNDvXr=(T-F`!tM!ca1=dV7&9T{aCO9Px^Fag37bW29npyyW=<1JT;1L7i_T!e<*5F z81Lpr_X0SGMpftF)VgSz%fC@fxY@~>^|%$s*)qKd!)SCk=-u^*x{NT_B>Hl>_d8v_ z_m2{I5BzzY*{L+*a`D=R;5Ra5mGU79{F z>8yG!v+WTD>Ww4khWpsDLv+t+>2_EVNi?f&(u;c=Tf=1KArTprWX532-y8Y7ILj$0 z|5n=H+kDu^vhX1fRkB~~Jo96o;YGn}M;xcc9(>!b43f=3_i91Bc0u<(9kX?exA@m; zS#QP0VC zVO>YjyyN+<HEP*Jkvac((mew9?*zj-B1A_OBiwcSCd|~lR_>UTG)0K3nib%= zGsII#-s&P6W)^;iGDVTZJuM@~f0b+!rb8^5$A= zCHSL2fivXOksd3iCJB0;K@2@CdxQIls~?{9eRWr3q6y)gqy02T&X!wPWZW_wQxj{_ z*|v<|KTD5rA02MOG^mjJ_5FjFN&Di*EbloQnJW63E!{ksfv*V^9pjvY7e*d^mI!0) zj^ea>wGD%N&j+ES1-1BiCC29JGXD3CYg!*>c@*-`UPXReIcDA;d3Xdb&;9Ix>lzJf zk=Bb^nuW?dbtwl_iQNYwL3+oID14R1^QN_Y&i*S`_;&ALzU=<4%KMc2mBvxHXF0*g zb@Xt4#!ht&)|%Z0Gw;Q6FuzmX(W*)b0h`OGhsFeniC7PLVjzAp6+d5wq{w zdc`Ndk#WDwp0QQ(laA5lMz=$g4p9;+=G(}$(%uRKxYcSVkL!u$nhc+K+M|%D1b^S> zoarlXU&Vl<@GVNZp>E6d*f%?~B7d7*F?(GsBHODq=CeI{7aHJuNfoIm1-iFr2Tz(% z(aZLC>R4Jj+F@{?DkvGQ1Z*pyyudEVWHfc^ctHFiG;7^YKpM{5jkHp4+n_m}R&oZt ze2#?%evK~>V5qZcB}D`t6&Y0Xhd?QR8+L)!$LuV32m4Ag(tC5vjAWjXDE zCq%}n_n%8n9&0ix5UAgHFj$0fH&^%yzMql%Di+6U`u1{iImJZ`Ym+`WH+b}_P6W{^ zPozzoQ>P-pMsjcIp2U!dP9}GjNF-7NFE=};qf}}TudHIAashtSgfqj!lMQRbQxnw% zqtdx1S&EE(%RMSK*GVaf`yu1Q8>vZ)z||mF2$>y?GGcK5E2H{HMObq+*zDzT+G)Vp z>>joBjEg)2a5w*7_pVgzJl`$AnO6h|j*ThfD+yu`ZH-%Ogf*M#7@M6xP3#_OYKt9ciS0BguNcFl zx#y*G@a=F7v#F`=Q>*E%2O!@$F2z44*= zW5NL&)LAkRlmy)qy*RqPd=~!414yVd$xei#b2B1s+v{F`!GQu$KXWODw7&I0)*lHq-f8 z?w_SxLIj|BRDVMUFUS-A)RfCYppKD$Lj*3!6aFa#npgD)B5;xP@bAh{sRrkW0GNap z1Q4==PSVf6fnc%o!jJ2oKL+R*L;#xD;{QSfKuRFM3K*F?Mmd#K*$a{%|90f!bbjE6qJ$v0KdTl_nU?P<{lvV zKQKNZR(zfb^q0!Nxd*7jKPrPCNWYl7|3fpBCH?^X!4v;m<=-?zvseHtgD=Q}&F8nu zzx5fKzXDhpbZedYFO`4S3>5}{4GF;13uexXm;jnLa9coD{ToOK&0Ya=B32+XJLr{P zpsD|%_9ZulX0L#DV-PxcK8crQfUF7Fg3B^~GeIbD@FFHbwd2n+plt6)BmieSK=Lt_kp~pc#p&=paj}#jpd@`I+$gT3vs*0oKHp!q2*sdR1()ZI^DAM*&6c4mkf)53hiM#7OX^0*!-f6 zRgR3a$v0z82Qs_RoWVr;VSG3ls#_bVz%rST;8k_p*PNZ}j;+1^VC42(eNSzN83wod zh@CQ9?)uwp9g@4|-yF27C|#np+?#M1ygXc(uaY|#v~Uenn1ySUnaJ|-ni%)#m9*Pv z9$CGYHoVFeOZr7 z-rN;m$hC`!CFMvWy0W{V>G#sYRyEt5^tPD9Q-hu%yX5P6_eWdV@f@Wvj`Waxg!RJ3 zWO8F%NQ2dF+@iyE?l1Yo1~SgS*>&}_y!Yf=#}mFx(t8Ce($9R}scA3M>Q)lW7q1yk z!`mZaeEZCKKh|CTIo4T$u7HJo5}DdHneCvAo8Do)O;_VZY-)Y z9d)pzqHv}?cP-)LUSn1%Sy{;?7oMcwGmO*C+u{^rL!FycXS_nu6W=_K8vD2teaP1m zHFh%FSg{lj;Uy754I<*kRSB0bGB_!FaqKqAjH))avc)(-JuugnGsQJOxmc`GGQ&QO zwIi`249c9aRU=jE5#K1L>ZnYKm-9y?#zDnB7p_~dc-+wf0o(e8A6FVwnMY0nl8I>tIeG#xC8ayhpvDNL5IItPnS z^?e*06tPXxBEGr$m}EZ>$dK4&Ts&)(#Ixu2q9$;2Dr_8G*T|F;+A6BMLvG%hs&jWI zZBpUt6GKle-FJ3p{Ws={ML5^-g+?i7WrYh=^|P%qsPQWr4YexTSY=;7#zSf_k-Zw= z5xcQQUWil_Qtt;lUqbv%3cX)GYb2C%vF1$OAR>%t?Dme@Dw@r;K=~(0V{2dYl@?9I zkMAgXJ!E!5sv)X}S%@m=T&`6NN8zW9PoU>=lBl;z`vLMKwKP?r~+A1jUdYAmc@ac9S}ej_KWeY*-$L?d~Hs_9{D- z<7;YD%w#eQ9o`G5+ly9Y6yc6!pL+#H*lpQ2Rok?DXXKG)T^}T) z2Uq!TzB(nxo!?0cRB6U%pd1P&v{+P5D|+@3nVuEB>EZRe?}=_Hqyn^#lg6D!*avSD z7g2mck-kbjQ6Kn@a`PB{nj|x4+uy%9-hxEbB z)ReDIEO)pzF?4)=grY`tr(rB2IBP8vdzrX)!~oOcr*AZ09Wc1m-z6xT&qa?ci%8@` z?#Cp$b#euxC86<)mvn~kOxRma^U{n8zdMCb8tx>9bfNicKMU%>g5MQ?tKUZ2fyt{u zD5-yRAT5)=5z`aXMs^~27$#4>#Xh3RQj~RVlp$^B?&u3~O{)B87V0IbAQCtYiscl! zNt=k&Z`azFSH-j&h#1!Z`b*LUD|+@dR|%(@ry^lnrnDuU3AAdwwZ^u;dQY1lJ;!w@ zOw+hdvig;#kX_KuW9a!&DmPaOwgwFV+tnwxB%5eQ2R76+O_UOqNz7i#9hq3OIpT(j zPu8mwj5g1z8DR_(ab{;!eydYJJ;8P;?h#DoZPz1{vg=$cQcG|)3xkd6a93a#4G<@# zmJ#_3sTI6K{CKejSks&@QKe{bKXL0P_~bVfxAI zBw<_T0}6cwKhv@|=o}$mxzw;}BxwDLd`Jo0d%f#!c?;CbT1w@qeJ-XQEczIPn&Gc* z$t+OWk3~g;q0kfX>263urfeLFK(TDwgB~1qQVSw#oX-2ri^=@2(8kkT#BWE3sZ`T% z%nFx=Ken{=d8wMorhwiXQt$IVVk6^r&ci1nPc+NM`gs`N``c9Q^GWJIl4B7x|ES@c zuCY!R_Ac*+ZvfC}Gx2xtQupW2+?S^sSHe5P5Dy9S+bQ@Gn(1?cmQ3{vQMfZ6TSTi| z8s9DP-c{LUKc&EX;_c-!2;#G{jD3=&4>j^`qTfKtn489r_gPnEAzKj66h|(Uj`3Vl zY28^Lf0(ana~6r%X*6-nWJHVab-U?(ij=r`iVC)tLim2l>B(~w8HtoA6D)=77L!Uv zEx2IoM@LKZw?5P)$Oxs4*gh}LrPlBuq!2%;D{{xSlFFG?4QYpW)Nh#J)(_FlE_n47 zCVFU8>PC!_&zbnYh?$EIliY!IWJ+kMg#RYJi=CY_&eDv;aB&`ndBw0=`K`J)Pk<4<1>Ti7^%i z+|OD2oYVT*xLk5vq*+2J_zSCQRStgcq6Zwwjjf6SnQxSKm#F?aM0Ayacz2OklQ(pqKzOMpB8jc(mQraXNrmkBM(&7ZVNv z>b9Rc=lh+h0AJGRtANKnwdh){cB;hBx>63A(O2E7V-~^~vas^ezJC)9Fkm$Qv`2y3 zQl_v8Sr+apU^RRDd2qdAlK;$Jq%!fDa7r&S5YHF(p0H8SE85 zY@?4Taq7(B+Z{gI}vN9kdL5+e&NiXkAVwF3+^(Ll&$gYF!gG^D;PSIvMy!$TY!`Fh$&_k$#xDvHr zBIk3TlTbLW!YAZqmin@4)W05FWPg~tWjDThZJe$YhS$K3PiRBYUV*ms^HN#GhgS&6 zNOuh|?rQeI42#-RrkgP#kg|V@>neY!V~YL4tYH*aezW>R+QZ=m!3Y4l`57y5?3?(y zw0&KxBLuA)H%+vd*qn#2^3sZPxOO@ukw~(!^)?G)3JX@ggk5#4WW3h6y%rnCk(hQe zt2|ItnHDxNqaAdjtFp~+DAg5|#DGxA|5+rpdgYGT8H3{4Kp?*t3&o&uYvXr0E%Pc% zJc0fAd_sOK?q2_Q_qYjsk#Tl$ZVSSmUb|T$v#uSM6I@Jjan!pJLB(SAGyC{r>WnO`yd@{Q%O_`z?L51L%diso9fCI4yv~LiA2X zFXl6wxMxg67`i%yhmZOxat>W-MA|ZX73sG7Cs!XuP+NK#Ck*&^)VGl$F(lvQfhA;c zbgvWIA4lMUvG60G8tsB#`Z~Oi61N#0@cv`6b~NWum`I$gWc+sAF<*Peu&!yJy=ITN z7ZJ+#vri}hOo8pf9YlmfsZ)PUKNdx|nAp5-!TMBV>f{urk^MkMSL)`DoG6)Q8Hu1PYFrI7dPy>O?Mlcbj}vY$Mq(6D1l*M zf~m&0`+=?Qj_IlFm1!k4eoP}bg>QYIR_9Kyw-~%S?bdNY+E{m}SkZnC5E@KqirG;G3o-z{S9=lvOz`b zy6*vz`}?Pgen5x}HkP5>G3F?Ez;kelthMrKEJksHN6KiLo~hrJu--a^(B@bEU&vNp zk1Wqwb2a8!R=uktcvqWNh@?&lWN!f0c#H`hi1{;-+q!b!N19n^5B)h$Sp zT-RlI@5*H__ZD*rOxxdl+;o$+G4de`8zU?~%(}9SDryP_x8JvgIK*d1BwY`8QZu3j z-**i2-Uw>P=iRvX9yc>o=%)0C8KJCby4ctw#ubuMxkfAMSEd#otf#~>&u*++qKvx- zQh#(Oas+?np{%um0nj!Ky_hitW< z8H86T5i30M84*lKAa4t)S+~DXuK5kDh+UGX|$GGheWQsS+Lji$opBz-{*f+89rtae6Vcia{%oiB$ z>eW#cQhm6|I7dgPsCOpbB$I%PZC^-G=X-?q!Ui)LmS54xhu}l3Efx%qj8tyrG?%*H zvlLZy4$K=$F><#KgrohA3lsrQhszecN}?%^5=W8-0$yk(cx|e#j;HiH7&V$OI(CU9 zp47#6S+qIipp|hM&=ZI1*fGpmNe?5cqi2h1@~-MWz|#MEHu@mzYf)6(cYe+1-|-MR z14Gl=N%`z$Q8Ta13`vT)2crV$iPh680^qwC7&bo{gYO8Ds8`009(P^u4?tq0~>_AZFV2}e0fE5BTlCt1N*QG3-L?sX~m?zq8ASS zy9_|;G@MrR=f<8~eonHRdmEXm(=qDh9wg5rH+kNMULUr8T=4FyIqu#YOjTOmEe{ub zXRY`cB4rO^H9A~Z`&?Xs4Sg9_%(}a+x{)T4Lk?fCZ3^oQr!u78Es>o0j#NLdpbjP- zBF(9`#iSdtd-Vl{v*nt3d>rvOzF>MDh z^FK(DFLYJEZ#Pf9%T=mQ-hL=W-2C_njQ3h_VFfV*D~rX8tX|$%Re!=&85x!Kt9| zZ=ft7?*$D1(ZKL;?Sbaow7l?Dkne5UmfQgIjV&27=@1NjU1L8bNe-G6XAEnD zd$$eFP+0Q5R3Y--$KlcjnrIA*oK)X3-61JQ(;@hRG%ty(_%{^H&HXT9F=o(2NwrI! zr$~H~B@ZSqv(g@ZOwdn5d26ts?~%QllU3T64Zp=y_VNaGR&UyU_PnGgOAqMvM=_1| zT$?cgE)PXAv=OuL+lX>&W0%O5by@|CdxmumdM3UsI-Xg*-upP$QubZ(-s!N4OU}#J zj4o&D@$uhJmXw}Rb)*fAbASnP zFMy7J3OVm3z~I5c+m8aF?y=4{!lk{zX?HsQ`bg{Oh?r3p6n2-fSCsVE#p@+gudK-5tl%a+vUDo zZU>b8{eUdN?AZU*56!i39t?oDLeH;)0`mu0z*qUtzky=vc>$Efa1nFCt@i-oCKuRFfa6WqAU;v>hU;*90zwl>YrNr!Oi=F2oO4X-fB=X3pk$qO$3xd{vjAZ zs2*5;Qau30{ z@`AbI($e@x%}{m-Y&O^>|5EvP%}@pitPD!IxGo0mzyikk&tn4kM*sP@^C<_W zF|dFs5H1b#FEIgB{X*RT6%#;8Aan6ECV*qvxk}Iu2kg)+;N1>T#-?i|*?7`NXn{MXbTu=pQ! z!F~xI^WWA_FHYGjt-uxXRX3(lYF`yjorKWUsrexvi9uk5lr-THC#^ zVPL&Q-WS3nj37b0E6b_W^`NizLxUDegT|zIUighRf_RHS$*yYPt&yG6;;OT;*rBIi z8j1~<2ne>m@j8?BCn*t97kCU=94$H@_8m@PEZx)kzQ1|qYX9wYcDL!-Zayw+Mx8OC zv)jz(SZJ*a^LWDJ^RC))b<5uw3xZs_}UiD@yzD+9g29&UaqZITHz#1 zBj^_IQ{QdClX+a-~gMC$YLyq!7DRpvsy>- zI*Zx(BhEPG@Bz11Jpx7V@<(A^8)0ljE_)an^@k5ceCjHViEShC?obrc8^Ofi@m~@ z%vs<^x{acQp+uV+!3ki;sZA&NOigdTneqB4lzXFiM3ql<-)$MKO8L^D3xWgYIOrnrQ3j*fDeiLy0lKU&Kkhxi7L_hS@Jja) zHuLi{MVvs3BsF3vqf<&XDth_3A#HO;{~NhVnalL@<7Zxi^NUdqR8tD07Gk~$Pja>S zjDwZSP7E113PiMY-o5ebw&2y4t=29rr4?e=n8AWG-Ni0N zqo~G|Au04PMe2dcQBtQgYRYTzfE?D9qx?<`Mkf_>v5kHB4%4U>ta`V_Cvn7E?KhE2 z`9BI-s}mAaj8T(OjWN?Z;W(!>P;MGMM1B-Of>LykKY(Q){Z9D1zKkn`EHVQ3c(OU< z^8yImnh2Yi+F-D_gE^i%ASUBOlbiF8in9M= zgnccJU^13khZM6KV@pzUyHUU>ai5D}n(4`~OG-i8+`w`b;y}bEtM+hj#Yb1)nL=Fl z#NI;$)=~!K3Z^V!LSdV{&bhJ0y5yqy{PQYoQo#foOr(c$J>6y+g+M?yPnCgTJVa>smqOGT7+gloVkO;KJ zs(eFFu6JKn>rYCuQ@tDPBsi#E2Y59?6(#V>`zp0mtwe>{>wVLpPibdoBCWS>_(`qy zezT8wgCJ|ORx=(&v)L+MuEYK{NY<*0t>7dRdt>BYFXD6+N)S(~$GVa4=ch(b-HAo} zQo|Eg7Qe8pmPK6`d_v}>&nH^j^s2)sDPE5?x;12)b zn5oIuBWJtaV}g5Lp?kHi-@n@0e_20$P4MDFBWc3@+VaL00&dFHsF8^z%Ite+uyZjR z)A(G$IkgWh?Z%1Mksg-6)=CJ;IK=Fo@Hj#Xn3y27O!IHCnY~S&U=#Pu>k%}KquIE;xQvGHjfhwJGFD#4EnDm)F2qt!7u z_Vqrw%tg_*{7d70g2Igwg)97YEG^u3gD~q zH*+HCKBDBC6#F)wwl$O?X1HZ3?ifK{)9|!xXD570I!yqy%NeM=VacIB-at*$+xAq-1_3|C&)D1qCRNRI@9cOY&Q6t|?B_7^>?^ZuM8AdwwpCHLBtCNa<>{w|jX5@4y$)NCwcQ$9~+QNXgBL ze5>+=8i{UKBGT7MBo|laq+DP};D)d5u4o8PhztXb*dpw}dzkn6(mg>P_mhiW=00y( z6lupeHpLQCj+>wMn~PA|L}90A6%h!Iepp=0*wfYdYU=j1VVW22Q+bZ^a3g~Rqwg>3 z-V@cWhpywOs*c4Be{L!%X_@m*h><0GszQ0!S$9!npsK^d9$hOl)t4p&=e=fz<4ufA zHgU}bPZjkA%cvetn>H^Wh1mC1Ln%pVaOTJiUiy!zHilhX<)-P5P|=BtaJCBA&E-1|l7!Y9gt-j)1mWIOLVMhZAG$zVHMNy1JovuqR?m~*4PTwi zqBdBeY=*#%u9&W&?c}cn?+DSC*klC{jLO)wBu~QRUoA#bWc66?__iD;Se8E9%*Y~Y zJASYwLVc?(BAmC2`~yNG;o%L<+j`!{yQ&Smyie?gDz;*fC+r3Qf;C%op&o_fsq3v) zBJ&%@O~W^FhCCUX`6)G;9YUlXA8=-39Fw(-EijKu#5pDuXY?1^1IbIiilVR-Wv7Ya zr-&zvIm3!nzQvBou${no3-|I{^ulaXc3z}=`(EWE3>h+0l#~}eaEqvt*q`pkZo%(n zx=`L8K{t;{_JkRINJ4@0;{F6j%+bVt=hMDGf|pL&<>#EJhgTQU;}7~j9Kn*8P3g6441W=78PWT+ zCU}p^ae&mpGR=7Wkr-M&3GRTS+O@0M-Saud)u&1otvvT^(nzk%J)a2T8QOWTBQQFa zPev6b+9SMGs^?s%QuE=u!O2pd1?tuD>k8Fk8o@3;^fA;Tc}B(9k&HMaVt9$wOqkp= z70dPM=4&Gk21k7ZHp$1z4*C@=E|Qu>Cn}OGkKE9~!liZMf^o;4=wHZHVb;?=b2 z@bIa*k+OQvK>DknWrCnLottU4+O`~dR=*o}zi%l@A=0~JfvYl9Gn=7id6@dau-7~e zvc7H?wG8H$3PgF;SLISo3R-NEIGRe1N>e6tO!!5I5m*=K5_c`t>ox! zHKPr)Npq7Q)tkkZ?~UDeJRXT!-G0S<+k&xY92hUNSm=)?yR!ZK^*_SzGY`%=ztbAX ze7mbC?-9M&gNZA3#2%2w?z5$WGW@C2mappc-rm4_lCogosY7}r!uJMnLAqKGFktUD zdTGHO)r~B7V!#D3IN)>K6f$s|sGVA^v{Bh(7Safs*Lh1h(vX+O^}H(+CNXxyVvnp! z+iiNwLN?4zhy6vpA&Lf>g}FroCdN$nNs!+od!NIdYj;mHpOGq9?whL|)bzQdteEuC z9rSg?7?&GRygHiWq_IV6M)2J^Jc@eKZ@M7C)YETHmMO)yvwhe1 z+rdXx?#)Jl&|#FjtkI#Tw`Kg(?x&58loLNX5?34(1+svIlQ%pi6mL62TU5y8n2e7m zb3L|o@R<_|4a6+P5*%Q;^)ZsXJc(U;rYeGVWDZXucZP|$kND>R3u)bp9QYvG=$7FQSvwyF3>eE zAs_pWRxch>&^Zs+m<^a37KNmjTXf5z<$qK4IefrKXt&GS*>!IeG@_;C@R|rY< zGjn0VgZ9yE@NRfzkCCDwedB)4Xa>%g3P+ocQEAoI-{Ufy4_pQi zP9`;G&twTcxj^quB6Ws2NhK*ySP{cy4o6bIcG5*dHhJ9w~OP|yz+c;3X ztNX99;*^cx6Fj}bAKyKqerWnOfBtbSLQ&ilYd$sgq=ixnMCjlE-sQJH&eexWPQxMAs~@?BXe?8R(f?}&5EW| zi!kD=QvWP5O~(-_)gn)VNV%u|!d<+_t%y#!V|Z`96_LeWGvEedcGm}P3UEBXeg#=a zXRK4d`la)UFON?`*l4&_ybr$Da_wPe(#w@ALQn3}8?t48WDmMac5Qp)7UP3R@9yGU z(}#)}il#~{k5j4R-(>aNdQy&y=^2FSYlc^@{*oTWruFHE2xjYm5$nc)M}2*(n%B-B zEyu(S8~%dp{S~0MRejSv>!eM-?oE^=5;jwR>*7mZ*xp@K)gE}ckK*Ht1_=m5Xnn0C z&eVQU1-fxuFPY_UJdH^<;zN1l)g6eYhPIJ}NNjoRi2A|q{@IsJs}~2XI-lnWZ61qy zYHLL`*V`}Vq>B4eyhMBmyg=Ly&;58DO)I|_gKbL3y+4y#j6n{o(ootgZ`tYbcz$}XTcl8@P! z>FUj`wy&A@XsyFx2X~uuI@p@3n$)31$V~}``cyO>>~E{5d-iT)Ws|@3m~Nte56CUn zXV`{=x2NnNOT0c$W3o5;RvCTsH4gq1SLE#{EnjgnHcX%Cz4twKUmlaTA#1lO9P^dE z6;*OGfY3wLxS0u=65fY=Vtl_Y3a??H*yvG0qsvN$l?m?y5=_GHe6d0YD5frEF(2=R z?8eAz!iyYbNppTjh^akh=bs__xN2Sy!A_a7HS-0F+1Y#OB&g}W&XviAM`h2Rqm)f~ z7kg!sAT$XmyWHdOGoEnS$kN!dS=pi8)U)Xg5l@V6a&THD+!=h+jw_wDbDK47z=l2g z(cH(I1FBNDl82D3T7;@!0an*JB{W+TqNy-(*gMH5h$C`Cr1xM}!#%{!oum0~w7~WEnJ|pvq=$p>TU#CSsMELmf`tH@BkK#7fe8E>z z6qvmABgROYuRpz!ko+Aa{) z6_;Mq;Fr@7)4HOR!@gWA$=1n>IEa|QUtXDuE-8E<<*Y1P(q3@QpRPGjC{8;ozj}iL z=ElU$xgq9Ik?)@r@b*h}LRl>MwOKIWmMZ$u#w* zUYzB-Vc3B5lAUi-LD+64w& z+w}PHC0MQB_F8|flCFw(xci;xRkgIlo*Ln9`J3$kPb!z(PPI0CR{0)>oAJVWJ#y=} zSgE?u_ZpqW3mKo6ustml#LTqX)s{riQ^xi;_V;PF4szeKC!E2XjjWQjq$FC;vrq^U zNEYN!H;Z<2w!h|TgE^ad@_@(Z>e~Rhs{-|B!r3C@lAYv_X>Tl3VhB4a$t7Br@5ild zN;_09@lP^1^ZLuix|b#EhxGGx2Q1vFXdN?BazP6S+$*zgx*^!+C(;oTFSoyw!DSbl zV;c$>WNJ(K+`NPuzuqwS_IO!fsj@9^jrvixT3#wrUDAV+t;Ra-P5AdD1KSKIWFAb5 zroQg^JE|Be4Ot1whed>yNTXXi>en;vb#W8ZKkvOETV11(Op8ZM8g;Dfp+)&Z#y_o; z-$LXLr#z{Uz}`kl#!`45e$@v!o+Gdt`Iz=+2@Ip1hhKkNVEFY#Ao+F>);@K%KUVeW zY+%S!AX4wMB@y;ZUd9TrtueG$Cmk4k85K9uY3*Iu#~*9C5(@@QR#%)o-KqPc(Q{l+q_w{}GKffayVCDKKs5pOw%5;bI`p zF}Vw7-*Ze3OhA184TL_O7eIjBr7`{mlLJ-15chv!a?muzP=FeULgO3;grW>)VFh>Q zS4{5D#KpiI;0q)X#L9aC_5V!-6ubkThD%91VE*6p0RW+sV1)2*qAmm8V5l9MzvI6! zDv8u8Oj2ImCvzci1}Q0 z!aw11pc($zXE2I+L4N%!sQ0_(UqS7knRAbRCi1afWS^Xi11FyS$}zwKO@0Eh0C36; z7^Vj~^B;v=3J7fHesa+hC>fx5zyxyU|3e0pB}zVGWdvIp1+V}@*Ut-}1ex;!*e!tt zkXxRA`H_*r0@0*!PvME44Idx+6AS(GrU5+)+CYICz$iSh_5}tHEPye1Rz@%$4E)mt zC=D!t@+UwM;6F4#r)>Z=fJYxF<|6Y4SO9tQ`4>p9E>dBDUqHS3hX!a`mGe;or}F{j zfpZSe3y{IN$T$Rk0S(UipME&;e~c1{j09qpj{uxt$^{Bw0X#SWP6*)wC;0L|@J|p1 z0?wZd1plQ0+G&6q!0awSF%WJSP6)RPCzxgA{7>Ls0SiAP@!#hGn!g1Y&^aLio%6zS zfM39t11x|C2Uvh~4;()KH4jkkcdp^WasZqcmIEwYq)u{zEeF^KNUj9u&s>TB8YO7R zAE*J6GsbygIlwPqe*hLBg9CX$hVy5J)_-X@uLd>KkX%(xNUkd9h2;P^A<3JZ;N(qU zXF!RPpta?{G+gp&00+c!I3Sk80kIqou;owy{|D?Czyhdy|C)zOJ`LaiQ|SQ3K#Yn5 zVpJRuqXIqz1zsOHz((~i4VQcxzyaF)02gQu@PkR`1yE=>FMypJSb+2aVt5>2!~2J- zON=#-0349li8#Qo69F}V@}bU^gI=h=l7l$AbkKQ z4WEC3XaFU6{%guPE;~0nWP;ft6U+{oV0Q2XQvlc@bSmsW=~Vv1sGv!4fPG+xOfWlS zg4rPx%npef?BJ*YR0ZZ=`qwC3cJ7O(v4FK9GtCZ}X?Dm=vqNT@{r{Wk^D+JDdhC!1 zW`|5LJ7j{{K@a`_XPO;6!RLklCj@d_c5ZgaEV6@V5hwq*xA7A*1t4dc5XJ%M&?`$h>Z}4d%RXG39KKTxT}$y7ey&=XUXPlvp7VffXDPC;+US7xTahF*7!ZnX!Rx zk^CzzT_PZQ1Ym_k1Xc(m8!MQR4X6r2^TrCMc{~3CvfqF8;j&M&Lbe#JkSzu)WQ)NH z`Gv*`{)GnA0RGwcFAbM{niaCeV1;ZkSRq>sR`3=BC>WCC$@(+L^FLziCCVeH9#`US$}4h|Cff#KFtc*Vz5HC7_5*j1}kK7VudVDtl-7zU!!!{ zr-9oe@Ny5_q(KT7%QJA(2l;Zbg97d^&%gY)1_1QkC*TSMfGjh><>f*i#HfI4+r<}% zQ32P}|3|}Rp9Y%$g&2tC03enFbUDbMAl(B$T=cI#T=r=I#Bu--%K< zmHi0lTL9n-SD>)~jt#I3vc~hy|5-HjZ*OoHp(R7#p#yOR{y##Xyb^p2^s}QE4@v#8 zlb2fp<#<1iF|{kt+~Ixe~aJdOi^o&WsW3;^Q(0Lb1H0Ck}aBKh)h9Ju<0xc}!k z4y*(+j6YK3fsgk=j21M-;5h-C&aX^=;O6~7#Kn>bd|?w})4)FcJd%Psq5ya7cM*`y z8{p>_{O=;5mmwg>Bgl%t19sU!|8OJ)mVcoiNSAkh`~y_<2kQn_{`E)-@Z0kg?_e7k0%lPWtq+wOns z&3#CoJFC|Nc9jh3>Gwn#yKHHi1*}<`of|#^wwj&- z&$G*Dx(Nsb%Uv^{2d(rHrY-L-4NS?rB@qow(MtH-FksqGFPg6h zz`e8{zkBgJ&bP&4?{*p;XJVMlOFp5xzWpZeGwA}-0@_FeU5QG}f_ht`ajGAJ64jk> zqSK7ZG}4cLqHplM?xk7XDQacAai8S4RQ}ivW3)SJ%lXMSl%D>R&O=VsW|c&SCxjGF zdJK+KT+lGQPc6S_1V~8Vz&XGaaKM|R@ChfprEyC%5)+2Gy=qW>0Tf*Fn?*)1i)EAsc01DDC<}jCB`!7wgcnL ziF}HbE~}ibdt2tMc0>#oMOY`#S#k*s`7l`*2{Qfu4v*0*!u3R+qf&>@M}?$VV%te& zP7crF!YX@Tok~cz;)IgzDtJi2e*aE$Khuh;RG;Up&7;->d4Zfb2XGVJ%cYYG@x^@_ zlbm*;9HWIzs-xf>lm~?S-|6Tb;|D&Oi8uMB`H(1g!0^1p7gBUYqpu_;MU}9OQ03F* zIt@|?KQXb1BUg#dPhJ=yI}&(l9ZbvS6@bCkfiODo!68Ed_cmO)K|)5j>~jX#Hm(=r zA00^zW3>%(PW|GfIr%z97CH#@%_Z7~v^UrY5~EA))L(Y`=Ab$WPAg}VeO6;73yt~| zK)7^@b&!Xouf5SFbuzI!U$u4Jj>ho*nN`JRS9kY^7pMDI;vBZ8dvNVfjg**poGVsr zjmY5$wM$+Rp^kCwZnN`dDI(z%ln*zOptI-kNF7csiZVX+jAKn1xL1l?6aMAIrJaAD zdqsix8^W&C`fVXQ%C`;KuUUEK_YNuY?9F$^%o`~_Jih6Aji5{}rQe3;t)a+#w1J%S zYy=lMcB+(#8IOzPl)f4vhW5cz1&vmMwgKA2SnW4GQ`T;ZBuU1BjpXaoLrWN$Cq5*& z3}yN_5nk6^C_-oB=@Qc5vG}e}%~LRR&hp@^yJ8`>5n2hzNmC}v1LVZ%v8#nxM-K~a zr!zfI=tDx*1;(G5*kHeTQu0QSv7!h?l6aV8tjf78-GicMC>_uoW41;dz}bZSsJcdX zDkXq4{V19lzqpMc?y5iqR{S-7o#)K_`?EMlMmt}SUR*zvthM(pY$UKdGJ1VwxRE9Q zvxzfy;>7cgq|h)^MJ$`x143gB@4&csHvAH4*`$Z_`t?4_tPfTdpM7u3ps=Kh>tz;) z$Rb=;sbfn<&r0rs z72ZZ9;k%k*39lJzy;`svFtN9uejc_zfuBsb8Vg)7hxH)SGkCL| z;4{c+A-K$;YV9cKNAY<|MM*1rLG( zouaG0erT5{qAzPU4h;45X}i;+7iX#)Bv{`vJpDGkL;KJ&DFEs79S$d&`7^-DJHp$? zRUw*IJ}iPAGfKE?ehrKK&up4MMFk6426=SIk?IRgs>Q=FGI->Js-dTSi-UF%fZ2_XjwuX|+r|6}Yb1FBlO zC`cpSDAL`HAR*n|-6>sCQqmy}N;gs>-5?;+A|TS8N-8Y~-}PR2UgY^b|MB4MJ#%LE ztaF^TW=#jC7P)nVakZJCnq_(%OVgGnV!sVidVca})65Y+RN)}v(Tq=StdKHYqm;@0 z-{HDs1Y|#*MZidM#pNK~OMkM#pRMU-r20iGzg;!`OZWUVbf2g8Lh!M$VI_!sx0*EnRPn~S-#7}Qwjjsd{tx2;o3DKkz2v zMP`%Rw|aK{HWM60ven~8>vrR1c&mDCHx%j=Oi_Dnk4 z@D1Q77hI)>MiYlkmJ9S5$0*c_A`|8{kV!;uGx`(CMAuZZBBRdj^Qv?SJ~V?^4*q;j z&-3_UGrv&tM?#E*gf2@{5u?iTl)Mi`{5Ir@&BO7xu;=QtI?70QN|hrQPCU7t**^%U zCpu(m7){!`3x+b0w!$h^=Imk_zcPgi>oe!_-#PTf6w5 zBfVLDN(6%gm*aTrj#?G(50fs^+!EZY3wm3J`4tW6oG(92AP$TSv>@qW z?S4yqld0gCsz~*yp2pHkXnYQ}Aq&AFM_d-xO+O&*l({#>Ylk?q8;AGsKj@YU z=EFR2IYjj&3jO3JPMI~OQCx08R@VBo5qUbabBbta2ro=yseJM4(*cgzcewJ#b$W+1 zCXaY4wmAB7!uK631vI3d3BNHY*F}~b!<5wSt09E7d}KYQjx>&9HiZ-0-Leq1f)4HI zb+EM&QnM9e#X1&>&Sv^V6Cw*$SZ}fWwTx`)A(6;XBBJ0CViYj}`90a4M0`wM_xz#3 z5s_X^gr|yxGQ_M8n5DPNrluQ|%>y($I4l>vyh=lz-3`p`!%^k(`d$>Wzv7&NTGp4U zf-&SE)^SkJP8ZgB!8`YE)e!LxOA4tgA!Ow;<~Hv@h~c9TwZ%%CVp}?I!jpc&;-UU( zael20S;*`u-TEDgT&(zdqUG3!C=Qd-5M(y!bDPA`nDs6j-F_Xnwpw>K``>TV)AYt0 zWAWuyzr=q0cs7M=XJS()OS>w@CRF-WwyH8?+#2)kVSrQDGowL4X zcbh1S1*s93mY{-dl)h$oYKOxSC)MpK=cS)U&B49JCQFA&Q8R?W_$vAyHRn?!C^b&DHN|DVST$zyDhdu^A_ndFA{C|WB;O!MxZ4zi7~i<^ z`r&Q+buplEZY{SD4YQ+WeKyMqwdMVeC5~3lZoNG*5ThXMB1#TbV!2CGBGZzX|B>TU zp8_s}s(A4OJ)}BFNJ6fhZ1RXw8#TFfC{Kn$Z4>sGwD?n&O#gcfrb6Xw(Q%!-8&G!C zVp?rA>kyycs0#_TAGsuNo+??_VWvIr&W@<_e;t$Rx)RUoaOc>k?3T?}3vEf$<+abx zz0B?SQ%lP@YeS#fycfhY5J7aE4`jdZxTMwVCxQ;mi=MTMx{R{M^<#^2>%+=}2>N`h zWYwfYgUJsfWJdec2RWfeR^tSH3H}nap8V|P$8B%#htju}Kn;?{sb-tFqfvc5Vsc*| zXt^z6j82mA7}r(9`NdaR0|d8xSJ>Om9KkTYao+T|tCG8J%`TBvIVo6t=~kFFKN-lW zcD}{9Ko6I1msB~u;MBA5^(cswLCH_`TZ3>#Q$)yl(&Lv4h-w%e0s8WD3lC%0xycK+ za%hZJ6$4!BB&Y-Z1Ny6-KE!FE-gd?}?yPOk{kW)ENLfl@C4~9frxmmLu@g-u*h$u-f!S?DX_^x#LZw3t5CM6fH6~q==?_H--v%!@1&&QQ`FgyA zjCc6((a5ukv2?8Nj=1)R`^`vxFsPZx*pjt^#}Ud&I<~3fA05xt#TET}j-mAOD3?|l zI12FmdxB?0{Rs~d$`-N5vJTkG@4LD_wakgxNiI=xbZ>C?{baE7X1UPHRII6G`C}rS za=NG%ng$XPw@v_IwGz9l2Bsl*!_Zw}IjjM{g{awfNET!vFGbelo~?47Ft(lalDzeo z_s)4o+DircS@4$_(`kb^(!BF+HmS>GB1AXUEClI&T&5c;LDA z=yU7w7or0~Ur!yUCHbw^H|F}`uLtoQtM=1+6uYGEYVtQU4Ir)C_B{&lJe1=SM31K` zZ+9egM(TrynAJ;^FK+V6bEPv*&Q_s=p^W{}Linr*%OQ$Q?KxwbNUT5pJ3E7z(!4S3 z^OUE_In{3sJXEQPf9xa&SLkhqQ+%CNIV@J0ISV(u^)=(!VqrS@w9L_JB9%_mimcb; z;Nj+=Cbf0Ob=GeuO!G`l4qt->kYdk`b5Cff*BGSq0n4bAiIfA5w-_hIvR!+m9gWqJ zF8}nQl}TWSNrd`bn_Gs}07M|(L42AbB$ocnC*EZKwt=~JhPk##_H&LM|6aA?Nqy#K zTIDHQmeKfXcK3MrJ&P~RPXu0jW!sgJ2g-72!>!iH*dp51_~iGj5AVx?HCpmaVFc|j36>nucC$vkRy>B_Q#f=Wxy|tj5hH zYw`G&Y~7T1+h3^uh)-q~%-k02nk$XpDRNHFI{m5*JB4CE#2`y%Q89wTm%uX!ZJ!;7 zL7CrMoGGsQQY%VQ_jWLR`s zsD4&!uqtLJRNd)nfg#}aYbq+P_gz-4cjrZ5x-sxmB{y3OKGQqBiEF|fMPjufp z&gy)6jhh#uGbdDj+;*3ogy{AAIxO1MFYGbZyw2E@t3`D0eZJv6%Vdh1#oRY-_vT#e zai@AQSuAXoj-rbE=qroFg(UBT+o+)*n#D5`;JH_DVBFPibpY-fQ|bM_a~6f7Kt*kU z9T)s<)mz8*VV~KeE@F7MZJ35~xyNIj!%VyK$HI#BmbVCd@0EmGD|Zi^3RGqRHmgD* z!yzjCU}wB}59oPSr^1lFz>_AK_3@qF-B)U9s3z7GPCXE7y7wwC%Q^CZweF6ZOI5>C zr|(^~c?U8}`DdQ7_=C;yRHz^@b|C1nF?D+~k37IcH@+I9){}!M&^I?`87;q#_%&=> zgo?7lWC4M;49;Cijv7Grhz2 zox(#eEVyKMf_XkhoVjhvY6z;w5akcp#9z=ed{37WrCZq0JeH3kC7^>5*ApX-8-Z`^ z_-f-={P|38H=wkTXyqTWl2(-vzEPmdnjzU?3GB&qRi zsgwvtOpqtgT#YNy+x*(CY3&zRFdm!bz-rzwp#4vv#Y8&R!x{MfiuWjo)`xA#urdTolVM&C%Qs*L~N8?Y+9atXW~xa-yQZ|n{*|K+1xxd{C!_{RDMKJc$#p!d<`-2HdUz(M*I z4Ae>gDfmXqz}fmIm<2>ify(DES_Z2?fI|DH7#UD$H$da3wEiZe1ti5UTLw+sKPy?A znV97g5r8#xy(iZZ0o?fslm-kDfU<9PkV5Kul52nfWaF=O<(J?abg$K4wT>23fD@WHN9+^|7ozfyq# zq&xrJ8*qumrA^@Fz+Eq;e?tRc{>y$`on81-@QpPIRHpqC3|f+)sr!qD!OBpY7_=h) z5PP#-u=2aS3+}RZ{-Ry5^1HnI?oY8d+XdG){G7C3E9a+v+WA90Ru+xB*23oSGtjZd7SG#0V}|N z(0~mD@BjT6KS$`YhJL~U@FWTd4z6^V0FmX-Mey^FU~BU-^KWnfevsv_;NaS+m0xT5 zN=6Kj`~F&hAWhYcwS4W;Ua%BE>;m)}q)i6BC;pTItSW&+2sBn?zml5*~k8_Fi-ZZFdDqnh-f{f-2aTVD4p z7AhB@3=)=d?btHTSvTzMRfdO0U2N-l3`sKZkYzayy9%T+`209&c;M-Jve7k|vc1p| zP8HP{=aUv9=gb-L^+Rcy{Q1`cTNlUjh$zw8^R=D{$52d{zPnykUQY)TTjyJCPYUBm z&&~^!XB=lF@de%xeePTjcqiH!GWX=Zd%YV4^ga|kg7eA9w=yd4_;*2{XA>di>RBOh z6RTdw=g3zs1)`2jN-j~z+nx&2Fnx}t4#8<0D!63eWMl zHut*RcQR*GU_)5ZW2N!#t(L#5B4_1Ag@73`-f8Qx z^+oT+8&mTYekgl8inFEUg`sNfL_%*oF3a=V+Ic2jr1woyI3`z&{FT&u&7a8y)(xBM z)lMkna6WK^Y%v+e6|+i+3)6YP&MEUsJd$Ow7)eIXL{)6~G}+mT9kE8j+(6I!Ee)3y z%hqIY^k}XikE|l=`vdQ4k?d!-wOXWj5Tf@f64z?%3DG1~s?g8%MTZNUn)+i@NHxFI zq4)H^Arl$y5+NjubuDtA7q@f$dh(1EAqTEjnk=t0UlCiE;>+9FSJPJHn=gB9BHtzi zez#>;>Y1GPYHfc>nKsf`8kAYn=RS;la4%WBKKwhf;?NU|$G8Y8LQ$*HhVjE^oE`9S zKZFr3#-#2;_M>sX4CrKdA8((W!1Jy1zYWQ(!g2Fa>yVVMDfVX}J3Y51- z`q}Q%()RM^#K;(c6@6vb2q7mZT=DP|%-775E$@O#il8S^F zHi=`F5YKSJllN#S5bl7s?{Ui1MpKxz`isJXDjW_TCchMoeUhh{p0)QQlavlfTGbuo z6F1ldB)xv>oQqC&LKv@f{jbly7i&rX)cEget!;@ zeQD6$327}-?;*LmceuQGICzJ*R%zV7?yb;5!7wN^YU9U_8|PHSy=#OYdxChYL+o40 zQe^vGZNgR0Jg3&Fd;UD6(1iqA=d=)Sdk^dSi%?^sYm!1cV|T+zd`UB3HjYOVpU}1u zIyRE-FR35F%R^)MaI)Aftk7Z|Esn}&3}fyDIP;B_rQ;X(PtibDbKbkp0MyMiSB5Ym$3bdWb^z zpbg>ktY{I{*%l80_pD&-lvyNVp(Y7Q1klC>f2sXn*kdi?Z(fSLnTwmlPsKA8>)IL|wDq_f zzBO?tGK@g;2*LP!#Q1!C_>tl$>A>9lQul(m-%c$FKrO;M4N!{=+Lj`fHy`}5VXpO}Rcc3ZLR_K(1d0b;N&V@JW|NGtYzl9&KEQA^AR%m1jMH1jQIiXp3a@gB z=#2`0TmG1~*GRG!^Tc>P-05gXJQ9xMuoA9h{#>hXi_?Y88NQ|mqhRSVS9}FVU_&j;7 zH1wHn&emK+rmO^>cYaEplAmu89Scf*Z=zI#m{^<{ZuvXJ`lP;+9lAG4I{3BjNwI=d zkLy@CjcVG61=~CB&sPCNVuH+>ED(-P4|W2)qD#{Iu_PqzG!oDl?{Ad{Q3Pl8brHP3 z|0a9&Ig~I-+YmmJ7>TfhLiDDhzlje2I=JrK4o9_=d1jdAGD zUFkUrQs9%ag}&q!45h;vPcmQVk0n>o_Ul?arQ}+Bx;?~jC-Gy#M=dH7|8!(i{_+t# zEli;is!0W+5$uTy%^cq{S_H`*SDBe-KE3fIy$a71eCUsK4)mS-RJhu2v{H5Rv$_Dy7Py@G`;KVv^z>r zpeS&GsOP_Hr`gZ&Lgp}vb#WrFQ3jp=s~Q3KU?{yDS?RNdjYVzgGs(&?+pUk_y6~20 z-5d>F_UrVHMyGv^>qz+UpOq~J@jScRB(^NZ-+Vm%&Xvn8@pHh3-AGiXuDE`B6u0F= zh^JXeP%?4pxB~jG5bYaa2p`r9Wh6OXetVmec9s@f6VHcfN%Wj>gbiY%az6E>Nl3ic zJ~t25@=;j9B03jM;KP!EYU`!?_D@bQystmFLMZj8R_V`|<65j%RVKV;iPZlJS<3g+ zam=qGvSGlQ?WNU&V0sBthBNDT&g3OwBRHz%&s;uO$f8vqROShIx2bHPNWSPEt0~-m2Jr;{hI#T$vT! z?Gp*A19bT4<2yaN)SLV&_Vg>%M?_z3?;Ra2>=<^S$A+kU^xJLYA;r??ja+Zq!gMZX zCO1e}{V4-!CSr;nS%=c2s1R%VVWc0KGU@d}u!3)B8zxd)np7)?t^>V2_R(t=L7IZX zUc1%Vyf5*uw&Izcyo?Yhl&skCF{fpit%oTW7RVIm-v=QI9V~zL?N9073F^Onn45JZ zRwP>1>)u8R8B7x0{Uhm^cFJZdBzxxvVgsxZi!b?mBwX}e;nYS`p)C_YIaA^7Z9t8Hq5L-liN1!W~#?>;G(qAo|JhsE#?w>@x1J@k8%d8@gr zq@tK>kx#PwC42L!woz5K3gR=zCaH9oBv#ru%>t&(imJEXkiLJ#zxD3UI#u=RB}72-XE)mAGU zZrvlgmnA29_ag$0(FV!1LMdwxp5Vw625C{unp+L%x)QcrL#mpl!H%EUC>fr9qAtjM z8}~N%b;CeH%+R-GBdYphB0Aj%rOqz*7~XQKL{d(6%YDaGu|dtXYR@b&v4s69+l9ee z88g+&ML zaNjAd$6;1W!l1|l%2(um=+U*!NCRP+q|fw+FWmFu*3}xhzkM^3Xz8mZVjSa2IejCj zol5}lCCfEPdC|+L7TqNM#$>cE7P>6DL#ye^;&olmNFl|K)rdPI^N&=jlS=xss;EkD?~NSOhn!n{!{8B4u>0kk0yv{Zp{6XmEKs zB1Nc@r9JVuA3d*yYO0lLZ1&l?X>+9gD2*YM2tn+i;x4tais&*#WtpywmI^5w2iUwXMG$orPk4R&O3&n+4y%=6WHL$s z0bZ#h*l~bGz5mI9ZJu(QKL6+4U}qI7<(?32M(UYlx12|t)K+|BdR|5qmBr%S(>Q3G zn?)#&UCF|bVk=xIa*O<&>4HzP2i$6Qx~9)*yTc`pKW^!_I?`ksurIm4#@ zmj|f3kAkVr&Qb(e{rxqvFpg1OL(p5?!jHXr@taDC7Kav3)&4oZZ8I^N z|4Xh2L=QfkRSwO99(Y217aa;9V@lTR|JgPI4Po8w+c>g;~aqS*>c@4 z%@Sj>lxYZ%Yf5zTeAWbbgv!G>sc|r%5Axx-RElLByL8+Oj&C^x*;38~Gv?N3s-dgY zv+AIZ5R@huQDV8Q<|h?+>{H01F+AiL$Acj83oNu-vg|$h`Z=pL0g#w{nzfqv6A~-P3o!tY__{Q*7e;v3NAGi8!>Edww;oc@M&x8hcKRra|D7243HWRbc&Cw+p*B$ebzLLbq%@rIHQu*Y`a87oqPMy%D% z5tFx?f%~kxPTx|k@~(fjP%Iyd4TA$kMOgO3z9dx~A*_(%reW-`&Spd7)IryKsH5)( z9Rd^8HYp`EB(m|E8?)wp#Xhap6)Q{|0^2nk+uMdI3``BSKfVqQ6l{8&e9zh-53w6%1OKpt-vd z{QI3vph5Z-3|g3f2)@zsH46@a4;oMc04ksVZW%bkzgh-STYm_?+4Aok8yF<85`z>) zY#>96>pi&+2teb4%RYeSA51?0oWg%ia&0Yx`(J>sWuQkJ5Muu#$BjDt^*qEN%f5em znCtxjE5Lu?0EkC_(LNaY`x6a7o*+OpxN-#nn4JAw0{~l!U#=kRSDAl917P^&u>KVq z02{fQhkuqb$CcXv2gq#z#P)%VBz{K&Q1|{N1&}QM*=sNi`%?-qOuUH(03W%l0RT#< z{(o=4>JuOV0Itc)fxBLh|AGbpw>&^YmyZGn2Cm6J1^>P>0DgMcf`M!Da_;`3Ww1KD zQZD={_-4ys1t?7nQZD>k)&A=vgB9SFa^VlLH`@j0d4E$70Ca6^?7*2~yR2#8=K+X) z|LyYtWR!AMLO}fp7#e`Smi{#h_%Z~UtXxY1CLsVZ$bXUKMkRvb0mymaFOq=O;6H!> zavu1LV6YklAOgpwRRO>?g5%0Ff#b^XiUVYLb#0ihBLXP=a#a2X5kQSx4dX9FxN?o) z0NEe_o4hoyxq%44?)^)OD;xtkD*gWyU}gC)h;U`s!~wEv`v0lGs#Ka7v@Aj6_TS4A zTzw5#mOo#!mt%e-_QvV}mt9K}vtI`PT&hZ-;H$OpZ_5%mM3+Md2nN9zXxeWC-)tGI z{{D}IfsKpphJ>LD{mGhogwVrTMdps}FH`Jq;6HVuqL`5R;&wkZfsdDgWi{!|8k0yZ zlXp?oH+NMR7V?jOh`Rhfub_dkKrW5n)49^q$>poZSXxE~pZD4J+>8?w4~>dBxwG8l zc30&VQLCP-`5@!D+tKMO&*R;%BUCdz0`ekMJa<32t=lrnpPy$o^1CKIF_C;8dMV~2frC2FcQ9m(or{@rEjz%rYs z>a0&TuygNKS6KQve;c1P(22V91mzt|U2h$0To2Ll7bt|B#}$zk^prkJv5PFN9Xi}z zStnCx{m@BC0n?R^fV zm}QO@LfBYlb6XPylaw$m5WP1UAK8e5`H793Og0*HR7rLjJ(=enZHfzJG;3{NRGHUo zhn)2usvX2*pLPK|V;^86=0ZCkBaw@fS5l!U77(N$?M+WQa~Km+h?fqmAI6d0HYAmdA9Ucxo_!?ehNNe8OeIg_ei+LvwShu{B1wI)DAf|6c>2U@{vwWvV!4Wz zW*_&6E^hev`Dv1;@b@uj~kP~QFKE5A0>Tmmd-%-3b}Dg)O8bG?VG_3ZYI3Nf%@79T_LL3_N6br)>A9hlW2Hsay|&0@a1 zOZPpZkgu7l=Ekt_8?bc3 z(cfA??htlPb|;}r1+=`y!1o<&d2+J3IJzj@Qdgt9qb`qNtw_#_{X zOfzg-+71V{w@hatCXsPQ)V0Fj?cpFusQAJs+*5+-!Vgb3&EM-ok7q)Tt}OO@utN_G-1pIbG`#<0K@ z-AkBMKq##j^d${f$g(!joF?*au6yr(WHU>$@?@W7&uyVxy_r2tm2$u?f>BJ)LwPlK zCHSj%CLZbzQzs%^t|QsUDW6gCK%(NVYQXQR!j)gMSy^8MI1 z(TZG0yWZzCLX1>gY2q8UzJBMxS!G5ILVxNvE zEOsxhyp;lZ0LAT4Ew(!dk4Ld2oMOgU{U=mph%a>VLQ$}{7zdlVH$B2$u7sbUb4}0m z>FKK99qV08T#FTMc2CP+d^W7TyKQ^>@e;ZZjv#7;kkI~4h(T5T33r|FYo9c~bNHS; zhVr>r>M1+Ick20eUySPz0uF;>zQ3nxmq;v-lfu)dD7UhElu1b5T1?j_i&l}TZsG?& z?k2IfP8IRPGhz=e0%6@sH$*9X$RH%4Fv#J@s)BK{7DZ5R`X}hJXCg0F1x3V#VLK2x zyCX-|lQaUxlhvh16(hMUx>7VuL}f^t<)RqZpr0bdN>6sim&AW8 ze3OrV?gh_7OJ=7u@d%yUm!#A=x?K9A%Ah#^d$GtoFZJ^wqmK`aymS?CizqF0x(lcH zWtXytVDe!fd#Yul4_9dOxKH4vOAb0Osc#}GxSS5Whacu3xC1AVWmVGIJgxmipMw5- z!k!u`wd!E9s7)+wr7Vh()NsYJ{d7M0MKQ71NyNip+nuy%AH-Tzy=AB6SF0Z>n<*sW zM2u(*o*${afq|gyXN3sz_Z?kfj3rrHxDQk4f(3o@)*&p_JMoEpYR8!qrc{PR2*k>6 zopeVcU6vb*i2v|{?(sU#TXHW-%67PM(}r@bh9T$|?}Zs$0%OLXPop%JROuz4JcDjD zshE%{!bdaVAlJxZub|u^gzW2-w;?*;KIm;JbN0~v96&b$MWEi1fZ!PS9#dqTBxW=V zp|5vDM#+1sI`suzZ~9{5=e(cD{tm;ibcfUJnZ*EVHpWo~-0LqMoj(>2XB{Jgl9W0qJRHny5ZB-~RmQicvX*tl#&mwx7=fq|S z5)UQ1U$pPJ1atCKbZZXZ7cyHx`v#DoAfdm~eHyc;(~X<)5L*2`<`U;D;PTzH@`W*j z4unM9$8E47F5?oO1Oh|3<*mGFA@aU76G;t&$g4RBD&leZcmii04!XnSQ|y9LBkRW5 zyY0n_p5!j2vKYumr@48O5ZyXIeyU6qBE)%pu?ZzsUI!NckbEiQH-v;-5#q7Fq!|D> z$gAm3Go0%9O|-v0_oP1!r==n3ZXgFAjt#LWOTZnyJSfB&m`F^4aWJ4KGXAt;Ink5B!DImvuo@e+B=XYEG3 zP-+Z9a1Ux?QG86dW3r@p%pH;}D!#d25X-LdsW%Sa*VfwNx$o4=Gj3k?O%SQqJkv=Y zhF_{0P3QIyjiHz}E|jbtqk_g+(y`T49eq|#tK!$!d9eg=53cj zB%YeucUR9Z3;H0uUNmV#fMjp9^MeHQ%dv-ECMnXLP?$hsnHFM|lp%?_)A+5LeiObj zQ|P?{rCTS1ks;;!X~{z0%DK13l4riPExhqlH|H+0W9=i@8EAevE%8~k>1Z&}^Y)S^ zwjd$=(||Prh}PZCQ9C>&zjLRc6AFd3dk%B(Y{L&^NV(vqAE`Ai`9>MuX2o)*^E-tc z9Y>iYeeQLaX>uP%?i@w#BwYpXLfiErZi;L;+(&tA>jx#z zI7}b$L8JPvkcX*x^V(zO+m$f{2m{W%C)V_{XolyNaKuHhYfIRSzmsL;ep%Q7p_`;3 z6ofZzW3nH_F~vG~-nU}z!kAqrfhE-rQ!ibJKsvE@BJCreuZpC+z}8Yi^hKWCR9!j`OOk!%Q{)C&6t5>cj9&Z_ zMr5?$mK=n^I~CZ6rSKX$wj3zjs09dxx?&O}gCuKjwsE;#4T;Ti;OLtbFd&P93lqqb z=+NED<(;v=;^jA7_0L6xeDr- zKnk&_;CRHx?KfWuGLvWoU;2KquR)nnKG;kg9XX(7Zdt=Ppk+m6wTkXHbRFP@siy4D zjv6O?W$Mz9tbJ=z6&2v{&u4RZigSj&ALE)*Qm>!qX+cvYIN6{|4@rIEO)hbZxBkicqw`w@C`r#Ylm z2?|vv)q5qp5^oO-ja!%lt_X-hFx0yS=lUUjAL!d3PA)8cX{}9|#maYv;4#v8R5+U` z6ICAjybrOAmAB3ohF@=uv}i=4QTSNVrubb3USHA0G(zIB5hicB4Lab+dNUSo8$(-X zjbZCoQj=rT?r1*vyY6oI6(Iu~jnU4%3O^#vlU9fysZ$|+TR6MbwsEF}wf7b-n|c|$rb3yRYS?i=GPlETvZE@!*EdO~JQXuV3El4e)C;D;2?6k zOTr*Yap#qYa7)gJ(wks)^?7^Z?(ztFZ@1D8}%RiZu6;GCRx@) zeQbntV8bq;hfCq%ccb52ZE8b)M@NQMjTHJ23tch4RZoglvc=j?c}@34!{kv4T0@cR zT{z*iI!~YOCp^RHxFPV|VZ^Je8V9cqLRbS1*s7*X1oR%fsC?+dhgph`%MirgQgYAQObD{;VtZj6o?@*3V89G12BE*O< zkZKXyl0pt2ASE)+EtpybEsa0RGPT~|pM#h&LkXi8cYovgeP5>hefYYUpKvP_g&XSH z-aZi#GGoeU=wAJ}wH9xNcaeeW#z8Nvb*b>YW*Gs`P<0fXciaAYb*G&L&XJcb9_8a8 z^CF0g`WITa$@Fw-^ajYu25^)%g6b3-Q5b?D8yH#q`|0YYy1S7daq6beB=ik_(Gg*Z zqz(zV%^If^XNYO2V}o&8BI1`{W7jf7(9&T+uNUT|HgsQf3GyO1{hX$9-L#q`yxOh@ z^&W+pO~$Z3-U7}?3O)luX*i(=7F1lAOLXVUJTa-*^RmX%w4Vf+ofk!+ugM z?g9~+3g*qW&0*)FTiN}5X3Lsh9V%FiLFA8%!sC__>~Fuyj1_!#EfxuRwsy=R{s z_}!EqYfr@iCEh#67&U=jyziJy1O}FT!9|$@f>!Lwk^oMH65}7A~BrFCQ873;{%^+ z!&b#`RzZJI)|%BmEh(x|aY!Xgj2WYUMFoOW{G20$`D#!FZk_2T+xgL_^g$ScrTY1N z^%n(%l@bN^=aP2g^2Ho>5t&~cDpX#R1ywUL!20mV&<;8dLC|Tlpp36)^4h7E%SXn3 zmLXsl=*tVrF2M9OqjaNRS{V^4M6zgd%bDl;w-qfYB`3u)Xfv`svVtP|Uz z&cN0)4e4fo#Qcp1_uI%t8&t~tgw4ddVXGAhCnM3jsg&YDGPUi2lv5v7q8}gBpOpBA zkD_@OGV-6D9_hM#-5V9KJyKuV`q9!*N6=L~crpE?kYBHwcXk)FOa5#B_Hx%5 z$b{VpzPW!3Mg{>lzkhKM+JKE=R@Tc6e;_x0J>4~y6=ZRLwGsc5R{=kn31qj}E*ZIN z?YJUCSgJedh%-Txv9xOU?wGr`FO;QKF0+J6~~YmWhL z9PyJ@0ok(uBw9JHZYtrpx~YT%beR6yDE~&Q0K+dw<*#TJU?W$<_={G#@?78m^IW*R zb>IfA0&W%YOS!>u<+Z>8=C$z06kr_XztAdIz7-r`z7>B=1y-a0RT7Ba0CyqyfAj`0 z|K(_0Nt!N4{dzqExRD#n1NgxI1cMF-U(Vf);2R6`x?u$9Q1G9EZ?+6pfq>Eja{QO& z^WQE1W*7maY5x>_qh)Zzh~FWB8*ohivR40vUAm44KzERN2LB;iFYi12?;e1$=06eP@|uI6hyb!V`1w1a zk_qqw$jsr|DF22C!0^kF{VPNOHgYu;zYyW-)+G)w--XMYPHrFqxLpJoB3$_`aDe$O z{3*pX0|_AY4lcyvxbm*x0Q0W+V=6H296*+WUYMYPyIxKIMtFi-NC1`==!N-*;2Wz0 z_`v@l0?5hda_;`3Ww1&FbQ`oTFMT|&y%zrsi>{kSfLx3&%jYjz2CG0o%fL6;pMq~b z^Y0A#uk{0F-@pdC4+hv5(E9;UMAsn!Xc2N%hrdArD{wUaHOVzd0Ke-L^j-mdX#k~I zAcX$!B-eZ-uHNq;g#L?Qu;K$Q1;Dofu!z7zK_*Fn5xCZQ;B_;X1Mm|FK-bg)KMgqxI_ftUwh>gqraF!zQ(rU0u-@Dx|-jbC?!0R{o6%(~f&-)j?q$v^$VewG6OUO`q2 zKgaNwQ1p+fz`h(W9ZoKX{=e53F#Y9tUh1O$6nkTNUH6axstGUW{=eG=w~)AWboo>4 z&33`G8-On(pyK4xMdWudy76rToZNq&7pS7VEZiG?zS-_|6a=;V^LKwCRsq)KKkb6F zDwozEzxVlOyI|G!f3zx`+|1XtDzbI}yN%`z^(u8=wk;E_Gc!yDq_QnO>v>)1aY)D4 zIJbM~U{F38o0kwfcs~iFuh7`s#*ez^x%Ct!R%?cQV`J2_v(oNyEt4Ii{xtCR6r$F1 z`JcC^NR4TlK0x*H;h$>qbec)yYxFw$u3tOT5ge7l|5@(bos?&YyO4)SrM8j(Wa_D{ z=Qp=Fy>Q#3qqxceSd=fET)S3#w`Oh5ky{%ErsTqok6P2VIUg`5aK0fbd^-;{js<1y z>GI9Xg(Tq1n3PlkQC>neuLn)vt);F8-`Qug@wH+JweKEyeRtnW!psXEs#~8dGm-Vo zTMM@I_AjC;Nx0*$Fr$T{1nvFoPTD|JPA;Y{vrA>X!EEhnk7=>6`^Ox*U|LO_^~@*k zDnY4E>6^EIq(c|Qz>prG6%#_mkR3_%E;>bo_G|O-LrY7GdpK7d+lg(g$w}wX)W1)% zq5YUWx+!fZ;-achlflSc$Y;6@??Y4hY*x+3DaL<)DAy^U=5@(SHZvXgzFlZ(E(?LS zWJQnM5!y`?2bkMSLG$gm+N;ng8p{1mbEBWrNnv_vX8QU*Y?=I~7PVr-$^=VwMoMqB z-DKt`G$*}zS}o75T`bs{<`BBWbz#sy4`;YVPQ{7!+NynPS?9t14Gl>gxgZKXdAY-& zHW%)?&t0IyZ>6|Wa_UD9m5AyPgcD(lb(5xlAzX*cE|=59}4VW|6*<2@%3gmYM$ zhLFZ{rl!8ZXdG?te&iyd$c+iEierj&M-9UTN4;3`D}R*ws#7u{gBgV+;63yMJVpUD z6yc)I7y`J^F_ zLh3Os#7c`rxx?1f&8Vkb()%+JEnz+Uc1Y1S_b540X`8>9?Ph3yPH;glc`W5qu>V-< z;;U2{PG_R0Y!v;QH*E|-L-m2vQBn+)1lz<*v=?WVEC4_^pLv_2vi??wpNW%jtsTW5>ghls=os z-rk2DaXT69ET}~M-iT#HcFz&+dyTQ6hw`kLo~2QUh)WlTYhS#S7s(PqwVXJl;o_VO zAcESF^~igYA(bcM2SPgI5}y^;w*Z$c?&VXY_d%J_F~yoZyvKVVw5Ul zFxpbmGm4K#@YYE1Q(G^w799w1P9$Cy8F%_&_ZTo*$mzNsJ6X2V#=nKmzvjtj;7x6yhCWf~k~xG7sBWPRTmmPECo zG9of)MDjyyjR^<)v$x@QV{_MEMFcAd?D|SgayuTJ3HK1~lzGO#wRw+utJ|=)=7Ci; zaw*k^*>ESj|jvQ+G9A8K`8)m{s^i5q<*`_5h%ZYn`REl60ePgX}jsQs=CPa4cP6Bn@d~Q@p z8gZd#0@WAtl-QP1Nt(*SIw}4BcQed*s!R`yCr=6};8@JnJ(Ias?L|lKOqoa_VCH>3 zUW_V9IAm|)EXTYca5?ZUQ$t;hfDOk!&&|?Sp^k50#dvzLvj&;%hndqY3AM~-M!ZzH z%X5;r;w?mMTBx)^pijWEOuG~DYzAXio33}1a7Gv+LHU)GKsLWqs0^aF7A)Jx`AGw> zJJ0*?QcgK?i@xp3CT0jW>3cBZ)+T-t7)BYKThQZw@W_S%eu?nFBSSIu6z2yHyZ8I&K0J8$-t*4vS?4foy=$hU6Uo4aJr3Z-)KB}^ zl?Vk5Ka8m5O_>|Su8A(kagDvUda$Cs0r8f~p!Y`?F!wQn|#hgrz)b8q58ml@mH1n=TY;Y=} zD=X$)Sza(QvQs|edh4$YuKKbJiwY|HJ4Yaw&E7Xs_MBmsEW+${ToWnORHs+GsXYS3PH!lCD@!-YSKfu(et`+Ohi_0W^^XG&y=>yxok z?%pfa_S?K?-{VZ;RL2_cL&@9`Oeu`Nhs9+!%HZ^Ais%s-v5-OoHB#M)H|}_S{l!k= z-SJPJ@%q!89LdsXgRhNir2hT2nIT@-aVi9SvU>2rXEr532z*4gv`57x(E zvCvBpAIfce_6c|2Bkov-uFk1qaAGIURO6BZc$yJ;z7XCl4j6W>`MX~jYrswMppy-j zp4G1tD4_6gMpyES0w}Q;c8#|wkt)8 zP)TCL0y_#?3dBw+l3i}NuVG< z)Gf3-N8F8bvBRrZ^f2~lmQy1$(zcCyoL-_EAWaN5uC72JY2RQf{v{O&0Yak_swZCc z*sr)r$|>_hrdvY5)!DZ;LoE?29*14VBtJnM(uYvSl-Mj?gT}UxAzt`jGa{Bp&~bXX zrCLX1?F^;L`S`cySDw%&p-#vs6epVTAv@=~ga&`tieXu<7`31f?!(nR zLvX}$8QrOga|Ha*avb?+@B0qKG_+-N)2Q7Z2sv>6({C&SM1jac1{W+-KXJ`9)XWg~$~b9cKs! zw-FxgKhk^b+aZrm%`7&uM+K|7rIF3VDkjqXW&wM`P5xaHTZ85*MA|gp{;aCcx660< zN~ZS&$>Je2G~;K#iQ#Q>K8449zIx9;>)0tNTODeK&oZa`iOSc4c30{

    =~G;B*+ z!z^LAyb;a6VwFLKyh=I92)QR7d%5&}({+k1cKw|Pv^IF)y3XTiWOs1c!ILE-0mZDm zxyZ#9r|nN7#FzyHlOA&kDHAj5L6H<&FkO87dT(N{r$fcR@;&$#M?k*F=zRW$e`Xk~){BX1!}wA2<^3 zcI|F;mYbwjer!}_9_$}f>f4#@Q|D)|N%I!zQq(rZzrnoLaJeqB#_H4EC~c}&-V?3` z33g#;j(CwLoa0o(1@?TsDk-GYftXz?%$ALK%UI3 zn+453aiwl}x=laV`L6Aiml_V$yRvr~-`KRv8%sqGb->meyb(|2Wc4h>(@t!iKef^B zERL|d5BR#fb;IN&GS>Je`83f$#^?-MjLJW6&oBoMPReT1=)xk+H9dM*zaACsFI(e+k6v#=amI{4b}IR{>?T9=QEoF;u4!%QeBi=!W)n_rwjFL} ziNq5;y%cMxb!!U`auXo|tpZ85fAR&$j7Ypo|MU7+^SQR|TWZO}m z(CE|;DkQhTjoPOtqZACIVwAoMZUk47BN~Wy|Q+^rv;Y`Q8X8V(Ha}n*4=V!w% z>41O@b^J(b>Oub)m7!#KlC?e6$NOT^h-i#nBG?BA;m_WZh@P>Cl%o&?dhm(@^5zQIrmh{wCI1-90)#TYe z1w5(A8Sa4MWI6sNoj|BM#c7SRgoRT1cd`7No$T6n&`(%Rk)=kDRZh{xwPvSKdKX=|`b|;J<7m4` zi)zxqDrH z_fDdI^Xc;>V;dyQE4kWW4B&0H^N+1o59pf?VcZ$@J1SG7kA}g*4Un( z;Oz=RBc|`4{zPWgPTvG;zJTR|fT*SC=`4*8G5HD|(OSnRy!`Sz7^?>ugf>_B^ddj3 zmsrhvhxJp~;tO95`_MVQ8Ot_*O8n<1Z}Fd{-!bEkq()aK*>Fr@Z%7nWOW5_iEmbF zb*z~Z!xhRyL=qi7JQ8FGqojB9vlbDVm%X6WbI;e2rp3b@hn%#9!rx)ZDabID2$qjv{A7IhYj3IYdiUHj|a`!8;`^=<*{p z<`shDEe_HH`x50WrlnDb6od*m~|jNWGRc1laaH?5iQs1>O}$OnLirG37&sb>yxBfp81lyz0U;U zLi#$B$9#|u$Qx}utgzVJ1>kF~L?d4pu!^T`#+T3?e3auL;i)+|An`v&FuQ}l02?h( z<|_+TZJNSXLT{=)&gqm?91*4?<;pG|U2wla+F=CtDAqk!f5eiY977B-7=6o?+^S<> z}$pJOfyFGx~bYt?d8;M6`O_{F|>D?3aSKWdr%m5?rDAr_<$-I`m#9So^%m@+jw4{ zjWxz(WLS%GNA~F^@{qE&z9S@&ynYU&K5812^kg4Q9ck+mJE!~6M`UA;uhRlQtjIhH zX}&Y3DCHPg=(;N7)mDC(3>Ve;_}8>jZSc$w@cC!%*K>wSX1b8JVf5li98nxQIEz_n=3 zJ&1hzJ+mKn_e_qCn-CTC{QRP!*zA0@q_gog|H7DaxeP>o`MhNGgQFcdb9&NkuWTB8 zc|E>4_7>SirWKAw2;^SFH7G780)t~|kvElX8P7NEUQ9?c59=5BrMD-V^)2$cnId!f zoW}{8yngg51g3(WRoop$pee=1hxE3A*K{qx>GTMqjGO8hL4o zRFT7iExwyq*1f;D*cJY2<^HusgV+5Vt4K>CEwd3ks=48vV1f8lC8flyCvB8AGcUh> z8EU+8cKJL(F#boO&n3@#YeQs@>+)fQxxG2p~TSpz&C5tXQr}f?kjS9OoZW z0JyK~6#uvq{51s#%K^fv{V-i&1ut^nMC5rz< z)C2PWL-qifG2p`83ckhm{N`H%q>6yce=GPFz4e=K36LB6OYrT=APxCbUjX6~^K&=; z>6t;@O0I%|TBpAR->&>Cvj)@`fEc~}@5&$wm!F!7zXac|4BBn6K#A zs~6gtf&B}d{~tv5uMz=(NbtuF_*EjH$-?%-mVgcTe)=y-f1}z#{Yil61{@MVCjgk% zUq*A?rwYH*^}kq_{0?q_j{4UeYyeA@9}o0XYH({d{#2h0;KFhfdj)N5H#fOlK^q(J z4y^0n0bu_6hZ~Gz13IewHaDPh0brh+y#EE-fYm@B0&vX&8zTUYu4)6FBLF3VgT9{1 zU!V;*&Of98X!ovD05I-7&Lt_XP-mb5#R`6XAbF4F@qP}V`VpdWU0MhE}mNZ;As;k{&>i1XQT=Ex|*UB|+w zH5IP#V=9eJV%6WkJ}q5(IM!*-I4K|zHAKFLV*Jn_%#dew^mYAoQ3!5~z7h$g@q7KZ zFZX#UUQ`@clhoI^;-^SBkQr5d^0S2_azL_ht;+e9&7v`+YQpm(CbLhs&vc^z$vmsL zTimsY`y8Y7v6Xzk9?!DS^X#son8QT20yX*e7KMc7uma7N=H>Cpp=}*I(z5YSUd5rD zIoS%sHYbwGUflh0IG@shU?g%Y69 z8x|CL8Z`^kpI+o0=US3!<)fN9KogTLO_ATlj~A!7BBKqDgU7#N6}{s=lh8%(?w0omn_ZPC589$R?=Z{c9Nt?_1c)ltI^c%DUaXol1z$(ZlM&GK~}5PH~H1(uYDC6HR#AztMsA*(?U zgI{@ZLz9{XdYNa8(X!jbwMT_2PlkNCR`2KZ z@3p=f-q90-hE6@q8BWyY4!K{M%-wlO^3a^Ju-s#zS#GhJ0c&IRSqY5&a&w9gcdiFJ z<>q)ynha6PIqo4Q%z2u=z*6Vik8VRRbq^N^6EQugU%*-N);y!~rNDm?Ltwj>=l|}* zy>J+nJz@WO-w}l`i$rb2p;Mi~-ch8ru{vXTODJEB%~x2fht}aAp_ggpG0>)CPDAC` z;~~swih9DIg=vI&?x~2)UF>IZb6sp)tjIV!Ieoj<1b8=!h4rVktb9>ceiE=)m866- zPmr}!4_BIEXiIQ76v1SZ*WPaVEq&o7HKrfN!7*gfH@ACsYyqDdKN6g)%+g=ou5nVc zVaOM~Wz_G)_2O$W%Xy%hr*FNi*f5@ zC)2Dr;W%@VHUqH?O&5r+S>#0|=(%e1a;wkv_%!k@vU@n6)oL#XC&xWWWq~F?q)(O^ zHMW1(W8lnrayV^RCnvy2X%l=OJLG}hqm4Krwc5{M%b#+&lXJ7xlZ~>z_&uSB5rgjy z6)J?YiAt`(Sa8T^crW)BS@q$$PG$_A92B;)80Hcc`p}Z5lzNB}vIEW(_jgAhWN#7O zm%~s`IX)#}^-9#21oDqLRH2b%Q#RyCvsNtMDe!C32#~!KFYCzIbhwD(S>y5?oj>hR zs?i109^2Y2AdamRta>9sm2uOBMEh)Thg1b0A8JO0*GOY*qqWtL^L5s+GVF0}K_G*TKYbW@~IL-i^If!(b`%849g-@(_FN&7V5#nG@*3r!mmJ_v(icoK*RLRjh_ zJZVj(Yg)q{4r&fgXo#_7R-hIepJr^CYW1jz?dIaBIao-a)jg?hU<9}R=GgmqM(Gu5 zME+ZLGMi(|%igAj&At;C|L4-y&F>oNr)js1Q@)V6k)e@2@_>T!>1*G@lJ&ljg88%N_2Gezb|8=7gF86} z5eW4-Pz9=}J24rjIjS)Fc}maNvH2zTUMl3X3T8EHzDgLMV5@jn$VzKKS{t0r+eQC6 z!p&*Fijv$y!*XVyvk2Rn%TlvbNiCb{W5dY0AJeP@_w2`teT5L)_t?l8UaLvlQLm!t z2%AZuv>d9Mw>NZ*0{xZ}_h{Evi{FoHT-|2SUGA=Vm?KLsY~En~VIQyG5Q#z1KoW!5 z-;~%35iL%`4fkwOa69hhzDsHY6(j^Ef9tEl1RPx<=t$;a2SII8^-wXgDFocwUYIUf z6&`LzjLhLzB*9#Pixu!z+>{N;waVn9u0pqkA{Rv1{e6Zf$GlvV02X+%kG zXX>p>3Qg<-<-er!j=S3onR<<)d+;#<^>WXAZ8j?@d_erP`IxuD5?nMT<4!q8X^~c&(h2aDd|s@*BO zQ%ozzZ*xzju^0`qhkV1Iu|{+sy&mSdw>Xz(UiwUtgtPg}0o&Kq7nh3@E8jK|g$FC| zeXI?F_ezgaK{Pa(2{^+iCLMh@|2i1c9JWw3iCuNOsT!#Yt63+|=9rxuUy`C7Mva<^PM#r*wAF_BS5Q*YKj~ z?Z4lTSiEc9p#6hN01L;}Y4kU+V}<8= zq}-P{ftp9pa+_OBw+UlhI~)%R=QEGiKSXU43l$gi3F)c*wCk)jVj51F_?mRY{{LhI@(<%`)c^D8^9yYYw^P2{q8|@FltPZ|Xx$^~Dp3|)|&7Rz&w=@8^ z8euLr_;?^%_cgu8y-KPmeU)#$YLjxLPL_~hmZjTKhk8rWsgsN{`$Lw3yuNAJp;GKy zi10J67m`&QnpFIzJ9XK3S$NML%PWfZmc>=`6lAPYuux`eqie;H40ElSd{8T?(3PAV z*R!C`nlnFmW2+R2$E%V$x&5UeW+29m@XKJWnbsxD$?9?z1t+(=^NZC5#7T?oUXEeU z3oynPzSEvv?OSbT@T>F-b}jo$0mtl&)Bm&e%fA{3#CqUPo>Sk!0L}0JZ#KRrBG7 zPPQV2l1}6vE%paeh9y&Jc*&Nia7=|jk)mC1}u2um91s?= zPA?O8Q#bS>k?wJxp)|oc-EW)_6yO>z!eBCzFK=4itF9|3taJ6x61Ag4M(L_`P#xoR z+>Dk~3zGWGwx^mqs4uk|j2Dn0{`|EZzr^=K(?{?+%kx9JZ%>0P+`Xq6mZ1w3-0fp! z)!IVzw!a3M_nvFo+ZP_eAQFNm(We(KTJ@N-n<<$`XGWz|({B*~~K? z1D76rVO>9ov@rO1QA#enfGt3Yi1$qzIc~`&0zd6Hf{2eYM59KV*o$ROwVqMS{grR; z6)2#-eXQ-HmBHa6Bft7I4W=qw1IHzE^0dAszh3cTR; zvcDQLG_I6KC*by`W(MWUyv~K>zk3h-)4)>^h41!D>RD0fmv8j(R!#Apr955PpGViW z(m5G$nVx3lvn)FXsVxpr=#65Wx~Jiu)M7KI1QL@KVdcJhEln_xQAfi0`1{E*Epi@X zMT6DOhn_;t(^>b+FH<|a-{|aZ6zv8dVnuj^(}Y1cZu=w3m_51=#e4IySH=gZdgBukM3(m;yg6lZmNKB`1^4Bs!gU|0Yocj+WFz(FD9!^J5 zPVfXqoqT_4WgR>KL8S)2+|%Ep6NJRf56@ZE2Z1r}1b+vN{7ef&tvm#}zVl3}zY9`9 zBxm_OjT{}BoxBYtGAE;ppsJ}pDGB%cKv(pUW5=&m-E$q>UM@6d3k!tk%egsrM`d8<~Yr?If%3d``{~-RLS=xc+*YkzzOeX;icx`l&?<@ zzBr|ge2Ou9%4xY3jsmOet?3NDs$s$ohLW>q)Yp%D;eDU(Lwla&{#mih2WIfYI}i+3 zp5CfcnQtc^U2K)^WCxWv;%LE9ikX$U45$wFlMow9*>atd;w1-eJ=Sj#qK#*!qapFW zYswaz_AVVdL$1l{?(sJ~7>mYS{8M49mq%6A2%E&*4>R}*+zZRq1pT$i16$+KRfPR0i{D2}}qBO95m&VFXRR#7Q-)1?Yb zXc8t&)LaCZMo5X^O;cNk>WVqVrLB{kx~#^QO)j59^l}jr@QUx+hh#)i;Av(l!tH*( z|11ReRe(Kp5g(sj>&2uoYpNU_RhO+;rDDR1gtFmUn>|cI7rSvx%}b>7*k!%w$dm;Z zzRr!A=Yz($k$n6Dk1qXso4gAzUuO_?@wXT~*;jsYrhOOPHYIyxY(00#uU33)ss$H#!lufbo(!i_MF7U!C9%_NV<<;PP!I+ zcU?I()k&5vB1i5nOM}t~s4iK})?2?=Bt5icc79OchiG)CoO$e%)$5n){L7`tT)Bbo z@8E$^LdfyjR!2mxnFoLBjf7>kE546VUK}EGzt+n=N*(jwJe&UW4(e1omW|5%81RSV z1PS%h&cn6@)l0FpCl6ysC<0w91YFvz-ba>{%~;TsIPqjooHji~R@R-fWlmQSM2QRF z$XInwh`2wZ(tWTu&46Gs_;fao4>w7CqMy@`FFRxHsrLOix_BBit+C~jUim!pf`~UW z^0oAj!Z$S@(zHK(mc&krns3*ZTuT2%1nH4Rme^o!8tJ97Lnah`9H%R=Mk@A{jIR>Ag(1`M!!AP_}3!S7Hp&%LQf<`;YZtKr@1mPI4 zUM@+L3xj1@3WMG{7(NZ_6UU}xNEFBv1U%l3 zRiKrn!jx%gy({-g+KOsf24`n4cs8DRi!y=exE{0eOV|Q-?7~D{s_aQ9SFZh5PuzR+&vqmo^sS_V9m<+{pOU{+7DUyS z%1(ozawr!|kl(f?ukwwRt4~+?L|GN+lj-R!`DplpkNwmh)szeMO8Lnsi!WG9lB(ob zXg7?qI9JW{zGLufV)usu5ImISSf7map=%C6yBo7XYZ^FVVd_s3^k6;#PPzWIvx_tL zto9ndbZu*|4DQ|-(Oz>!dX;D!R#cPRWYCtry|gL;vE5`(e_+?1`HVuP_(vJAk&N67 z>8@3YY0cyWh`auoOzHf-XKG5KWDP7d)RjH>TXwg-Uxjr(w^6HgcrGZ9JdviT05t{3H-iT zS($DM<7iX_Y=5L!Dnv0Mzx6R^)cf8iJqcPbqoqzzrt9wH6o*W`QDl7oW+F4wiy@M( z7Rw01U3Zaa0E&SIuBk@f^5|=^c)4YYD2`Cayea_0=&>< zL#YGqBZ-;mFPb%Nce-lsFTjN3_5{xjo(;*VW#ACUW%yAXn{~*@O)tMNpk!IZyavdg zsJdrad_s2!hR07lGzbV?n9#x=K`$YQ97N5s8D(rb-bqFt;Zts{KukRS&|#&#@rGWR zg^Ou2d`(`jKrn%5TmpC08;i1SdhCBpF=8r{(9z*v z$(mHa_!N?m$8$V?l8l>nDbo|%jubVOvrt8klfEoNQz8)$)-|?FSSlNGx%s&DiQD{} zW+@JSJAt)YgN0>+_jjkkJ-|O&Z}n|@vYcXF62b2-d;>rI^0fY|um%0p$4=S@G0`Q+>mnYMkm)&Be*ymTtju zob_(!!S@llumF!o1FacbNEfOjvNNh7cMKKDw$nUL8^IvKn!f4z|49JA25^(UIS~H+ z<@zhTYbM||C(N7xG6Z}ySio` zaI*m$z+^-L!0i0U{44Pf48K{U|HO^~iu_pA>s0`rCno$*1^sI(|YH62O0aW{?iN3IsKg5C%`PX0o^t%Co0qZqVUEO%Z2Jj{U z{P54`)_b7yyd=ScZRgGSIl-sy5Jd0l58uraZU6;1}x@kQ6^44Co~C zzf*uTmc!XRyUa{&%9Zm9Go^va4QTRj3sZ)SK?amo-qO=9y20 ztW1Qz&@g{%VLRuGef&aiH_U9rXZIz_n<0r^=0{_7%jI~dovwJ}6Go+qEw3%HzIsQM zA(nutHf6o^w2SHvd+6`aSLlCOq1Q^BoiF=b@{sq)jPBh5ZU}?odoY#eWA2G5_3w!t_+8 zi$q{Er*f!fhxUX=QB_6J?(J1fH$(w>fH@H?_o2!uc39z%w6+xvJ$_AgcOrA!`bQT? z+LqY`7Z?W=x6^J zUbJ3rPbWM~?$mRL-zSc8i2m5BWcqs0|FTHb_xyO3TKKyc*5^Xe^9Iv{tN%i1on*5t zIu}Omxw}xw_Pc+xslC6pX2Q>N@g3W3e|;#*WdEcq=rMWxL=e1((7fo%qj1AV!pqfH z)PPUby_5EKwi&FNgQIj7rWxxy?fuWwjT=ny<;j{lEY4uHkzPoO&dTGSL_NlQScY+s z?={ulPNySzh|=IaHw`_%Kt?NMfBc~IV6uJmop0ZX9ja|*O^qyDbTfB8#HklK`;#CQ zttGO&5vAFV?9s6knNpF3?xPHyRdLd@k8YB1ml}(?SLblYIpgO%=g8U233LmCWCQqh zPlo*NYfC!UrP9!QuKOS6K$)3guGNC|_&gEM4iOJAM}m*dlS#T3C{a?TOR+-Bp-&eN zNq!|?3{o&GuuVb1+Aqv5==hA}fHQV#SKaKV$7rL9V`6#Wh?>F~itKdYBx54Qrw~7E zGRf4TNKc80Vo&53Az;aat>JvczALk6$*H`U7CcAL$LY;TNDM~=DmjKOShHo(Sb01PQdqe zav$95sN)1a9cAC#l>wcAjn`5h9KX_~MNklqs9n*^D@rIL8`b_jGucfZICT5dYe*4jkQu22wF7{2zC*i zVG*TI7@979TYT5$JoQRyT~KEvN<5T3zhj*oS`xQun_%#FFc>^*Vy>;>y8G;@UKHGE z9k!sm5IawI_)OEaIO**^{=lPMf_u8sR#!Zsn&5YrrrJ;s<)$gK=@(_((A&NIBaazqdR&m|Zq}_3mcsbirnlD1p zTS*PhqB;J~$cnA(T4eRf5I&q#nf{d?>FmN(xXdCGO;T3^l15m9PKG8xdq{Unqcy?h z7`rIFFc!PgAO+G~t!Mfkl{-Y&G=Fb|Ja1-sU>=iVzz zFSdCvzps4hIU1dU5S$YlT&5v|dL_g;gWPfop3DA7yxY0mD**Wfrf}?CwW^WNpjAn3 zT+FfOZW*)}%)7V&<(P_&isx9c&vW%g&C+2SEW;@etCmujFP|8az@hQp`LKfj65GX9 zc4ue391J>WW7)n(U0ilS|ErvLh9w6CWGf?<4MAtZKy#A|9*k))W^HsiT$_1sdc$1m zyM$EZN6U|9L+iP4A7YmtSS}Y})xT7pX7a+F3wV_UU6l@j(`)RL_$6{Ocuo+9kYr+{ zVm%R6sRlQ10N)k+2l1vltUK}pi zDH`TZjY|Y+^RKQqx0||hQ;{ck3oW^eLGT2^D1$vF5Vg~AHGlJ+47v9{0R`#v9&Q%s(1;F;7>}yLdBpQfc?4lW5q5G z;-kuNSEhRVQN(d~AMRlUwXnn{@^JcKoc&PRY%6$O<$&&4@AJo^eiTM~2=?zM&yqVkG z>6nfQjh9L5y_5x;r7p_;T-y92RUb7->AU^fw8ZtZws_@W;&rqj_A&N~7B6!np3Ziv zbzl-MWok<|vAunU-|&ilxIBz_uRP5Tk`p=8tUQ(2(&c1-zv^-E7uN}f4g3W)#fXHQ zjF#bXwbk?nsKKv1ZW@&fnwx{TOYI6rl88oXgNlj0!_{{kqeYli9t%z~PPDVQdsZh}{elr+cX6g+aTGHl1Ziy5Ut^KZuX>Sp z8hsbZpI85-SE7~BA-MpuYh@>5n4MMX z$_aDcOWR-=A(&_$>H=b-ZZY_J(IdWfC>>4|mm2^*QYuKv*-L=aLVbi&Z=d`Bg4pYmbAXzxJgz%Bm z%L~?tDWG^DWyEZ&@%;xJxKe~NB^6g@%H|U)Ot#}G1tg+SzJg71dESYi!Tq?rK&Oaf zyK4`IFf3P)SPIL!QExG3elR7HZ*Xx?CAg>}*v(Vu?U1kCG9@TmY+|(nzjgLB!^Ps^ zhiBL!?>?ehh!{y1(y*R};7DfT;n9Cq3CSfJ`AjG>v}VfTYK+^+#GK`>K;?JP*g9<= z+xJkn3$J@shbX(q5WL4drse>{*oA!()jDg+4b`WGUW8bLRRJD%_!D75m;V&Kum_wIsO<8Yy6x(}W zXvJ}WqKDFGk!7EMFKcvKoQi~hz<>Fj%jJQAW4XIHp4KWJ3%F?3Ye>Z`%$}ACsUYWT zfzti-edJ}NxZ{~tuATYM_%N?DSo>PCuLMdgLjhR$*kRuvF|t~`T9JH49K%bPsOF~G zZAK-Mk<48}Gt}@TI++m5d47X3tiH<`+>GYigz11blg}uUHAJzet){G=S5Zz0n9cBj zk(bJdTGMl_zVD5dA0d*bA={ApwzC=PUB8k&({_pp7djs! zwyg1vDmEm;>T3xh9`VT|W!hfP?_+r9pDlWpq;rEmoQ|3##+$sG4z;1RDlrI1%rIl% zAEruX9HD9VQxFyRk1$e6e&)tu|7P0YpnP@eq!ll!+UY=vac|?0)zZ-C8Mq-0RZ9ky zv@$&oJPZx5Cit3h+NbYxgfE2oziE6!et#mC0y_^sS9_fMm2keCUS!+^jxz_s#O`D1 zuxM-;oi#Hu_ikb+!~AccA&ANqlyn z8ZtC7?lT5;WJifBFtoZrW6Wtx8d07TZB-u9F~-LtKxgSX^Ym8UTh%WM9Lp)2%i3He zJQNPO+@eU`6!|>#b#{9H!FEY~;NDKULov~3^hxMYQNByWb3b$wkJHu%8`dO!0|GpR z@)ukmwE54773`bJ&8uc*U7p4=L`hEuZOlgDs4p}bpqcS{7q`;z{C$ZhyL4E{(}mt)DAKN(PqCHze$iCVPgP)gwo`c! zA=njErK7y_waYEbDo>w`KQ`*!$Sm9wE%+=d%_>O2fqOc`MU_g)>dGpUBi%l* z8qu}QbMfYp`D+rRS@8S?3*{y!6%BRm4T8?K;LmeJZ@b?=5yM}T^>M#I^lsG|Ib|{6 z6zm`3u|(hhsK9yF7T&1On_DXgfk`*J09F$ClAw!YJowRnb?e;5-(?iEm&Y%V!W} z%*hm=6gO}`bc^uK^ibYB(}NUN`xqoR5P(jV+|?CtDUIa{>xqTL@gQCbFPqhtvJ>Le-4^H#!?Mv?;2R|HheY-qqY^pRcjf1qD!ct2Q!{dYD1RbKzDvNN`I2<4 zMG5kyQlc@TgB6a0a*ThF6?`ZgVl25VR^HP4aAHyLH{x>Egs~US`Ap7gyu#XwRAScL z?${3?-lVaIIn@kc9)vEzgUeU@s3ve*WVpWfiAAoH?3hL{XqUc%!}5qLI7FL^;kkyx zwwT_}@Mo=bYO)VeN9Qi!O>NORxBmQJ+s5o~j>-hzx5t9sS71YFy240e4 z%*EQd`s?a5!eWSoDcHH|#d_uD@+^|gK`WK4!=~{%>kEs-VbA(nOxYpaIYh&#=qu;c z%dz!zszG>*C;hT)VK9L5M#uuz_ubdFT zs3uQ}LyIEgKQN)_>``5}<95_PKzK=6RPi+UllQ%;mIUPXu9e2LvGy+dLjGO$!rkw- zipj~2Gn-!rj`rF|yG{+quIwpFa_3=qBp`$7XbiYKM#Q3duHGI3JKJ);gl7O_x-dHb zqc8>34C3lA4oL3-&p`kEBoEXC;wl(O@BJnC)=3`V)br*f^C}p~B><0M|3l?pS$iPy z{+Hm}l|lG`-_O=Th& z_aq<(vY>1oK#T*l{b&C7B%tj5_1Q9r9ml^1gK(zTXX`gd=GS7JA08BJKo5$me+25B z00-SahV|RoIw1UJR{qo3I;igh$f-8)t=sF8*Wpf&CZPhu;wa$h`k42`C`2gStNedkBPV12XUbp5s;@f^cm>=KbGu zfHdGwstw4z|9dP5ZF+?U>_C%>Yo?7IXj5_hyBi9g9mI5j`6lzPXaEfVf1m-d$gQo+ z{=>L}9mKeT9q6R-JJSXn-XBr`Sn{jkgBVx*H3djV-bMrV9|jieAO;qHO$E}QKbZHM ziTl?*3C#aSOE??U^S_S-qyc}T0Z{Sy@4=vg<7+s$ zx?=F^!x#VuOaLIg{@wL@Us2fXKpF4NmjmFl{RRhs@SBh!uKh|HE9FxFc>Ho)QCPVqxt%MK#1{c8%4uKedK3i}VOGCNT33V86prT}Tqt1ry} zz4y(8{n`M3_-F>^zj=hKV1OCR--2xJaMCiw5fJ1YYx`>(gC%vs}A-*+F=E%gUG z`?OKyljZBI6S^#O?2OUbm933gLyijW>$K%DzM*r4^hLOqp_egepWS!qF z+nn^V&-H4#J*)O`etyyVzP7&J>5QJCj^on}yk}b@#?D_2a0!t6X66Rysx+BCT3BxkeT8+cy1;zF zGNp@yb$)rtQZO;g3Z@Tv0g3mVS=wQJaO8d3z^p})KlqfaX4Lxymb`QH6Y3DK)54YF zyq)MY?~#qdGIIk%|Fl;Yy{}pq=vb_J`=!}vPprhDD1nNI_xB8;C!MOyF9ol4-E-*@%!k zWKM&zE>j$>U2~B&ejLc|qk^rj1P86IqZiZ1u^vHGYDFc>7|DUP&^4GDsPEaujiPJm zaY*Vb-eR>mBs8KQ_RLR)8b!vEKV<1{#Lx;Vx@XP15~(cwPyzR5CfZVS;|cSgd;6*@ z4jrZtIn__B(ZNInbv+5S;ZqGiRH)#INk%C?ZLpnr`ngshF|@F>WQemAyu{h5Bd?4D zg^Z4pz&@F#VbGSIpZQ|h!7?m7K8sfj3J)`xwBTKt)n+HWNe3kdmX9!vlZ5wr@Rv#E zg8Z>J0{*+{cx}ZSIX*bSf=h@BFvN8etwLVJ_EwuI_I=|0-1&CVguS~h0cVkE6pCdq zj<2%Wgz#)O1(VdD&>)=lW+~#t)2YB`4MDjQ+R3cvLp;f+tWrmyLPX#FLKgLcZq~U@ zOV4l~IbK3zxEj2?<&yR==%69Ix}otd_MX;t6FC zI0ZtF(iQz^tQB#Bp(RK^I`llu*3kW69%Iyk5yMJm9p~5kIR#UsKEOYENulP=VD)qIA_n}Z$c_owwGCL+0QSsl)}Vbi~D(FsY{khh6am&bH=)-V zTEf%>XWyxR>g(?6S2fQcPpx?&D2 z`L8Q-pf7HmicT2RL(MT4$(cCWNql}8$?UmMJe1vS zBk(+^2Xt#b*p18VGlU%{%);9;)6rAQ>>K{C8Bc zzOJO8gmg+bNXJV{cXy{C-Q5k+NSD&x-O?peBAwDDDIka+@XEb-(cit_e>|`5y=Ug^ zS?4^n_FjY821cO|Z;)5+4P!*wP}Z*^Gs%YWqtsHeWbY_eq|5pY?UQJ372>KH2@Dc> zW?3=IjA2y0qo`+40B;}4=fOE44Y_C8Q7DNx3l16-(R*%DFIq&Oq6&?hRH`#GLzEnb zcy({D3JW^Humq)!k)+fi@bjEK)aoe|<`8ot@)l~r?QV$3!4EVtOY0J!v{j4D%zU!C zx$5yGmSE^%*TROvu3GP!#MG-ykMr{SCv+o|^5r$j)vWDuoWbg%Cto*QQjt^YD%>!= zwJK#PBnIAxq>DTVnu^VfGG|&fthW{-p)^rdM)YA3{Pe;NVM@)~$9pf3DaQ;#vX{nx zOZu&+^Ny}_>cwc6JUWr^LHV{NTekM)@+Pw&icjQ<7FY!F=QkX^8Y*GOX{(vSZxE|w z)m$x5jQe@kA++??8xYUO5Tri7X0?)av`pE{O>>ZO{Gc|YUb>}Xl)gE0wqUpc9bKM8 zqL_~Ucr4q1tuN~9my7K12*Uh(~W15P+kjHP>xv(u82>fpC^C0{35fp=Jh&KZi_%Dg*y(Wk`BE(Io< z5az8xg7O?{?~@53Z4C$qicK~Ino>h!JOO{&Wulg z!miQ;_N;|td2Xwu#ly|*@GEKd+hX!uS!6IU4KTv5a(e!0`p6)wC3IFWzjhnrBqULc&y zl$Q*>y5|Ob=kvF@8CF#Us$sx~`g&*a*Ry)-T71v+6831BFUO$`)U8jsSmM}UlehST zj$%HVptFDSh8LtJ4D>8;&=)idqLj;`y;tJB4f0!`WDc%}-XUTqd8(LLxz>&`;c{^3 zpZ20cT?dl?yuR+Yb= zov^B)HcLsSX3M2|B_nN?Z_i<8xMl@+csZkwj%W%2`!Tsv^YFlvr6U(Mly{U8gW1~E zM#BBO_$5qI&BtYPO~mtgmj#E*&uGqdC&Tp(aD96p*moWL0$Lb13i-TWiay_wABbEi z?>i0F(N*+2{dW8|OFww~Vc`f&Fra&Z)DISYM^&v8AExk%LKgJJ?1Iw>r)9eOt^wdM zSZSh+4)F)1Ds4*_JJNqn;MKtow)A_2eqI}vovGLIQKuA!@(S!LiJ;~z zd?+f)fN|60tetJ%$z!M0(kW<5j){itZZLf~BK{W}a>S`mHzx-MgTHfEk%fzcgaw~? zi$TObJmBC+34n!5U+t}RqnNCz86@^`=q=Q8%RHfkFNn9x0z)j`SflBi3 zjc^^mwWW7arxa09p-MX&WulFOQi{mBJb|L(g_es%t)@kio#Dxms9`UN-U7sov-7oj z%rm0Sg$U?yNj>h7m}%QqK-&-JP;|9ecFc2rdSGpC{z84B6|gfd-BPr z#uPhfg+b+bF(yvhlknsmnWi5RK~ART7+ZA^t7hadNU+q-9dic@yfc{0I>o^f8u_Rs zsO9gZ$I`WyhW%?9o3?5vC7+gRW%2e-UXo$zU19$+uPGi2M9~%cKfGL37WJ7&nv^yh zVS@ecLsQ(hQ27yjXs~-9HESNJh{YjYkmSWcU0LEX=#MDgRgOd~AN*c&(~FBld*_^! z@(r{@jKusd9IOY1s;I2UUmD>D9Q)=8Cux$fM5+=Kw`D;^h1FI?y>%~W4i!eRYGC=l zd`F>&Au4zqB_R986W(e{%oAJnBMT{%y_|)~yD~6C_??z7Foyov#ri69rasu4@(t>d z$tSA=E(a>>=8`P?^j;s`q0`2n>>Mf7PV3q{z$E3FKTy|cTYE&#zvVZ|ibv)?_3eAU zgz-D#$QRbyb0qf1{U>S^CB)4VTndnLAD2i4-oC5x`vvp z-9qJA`$i%OJB@&;k&F$$G}S1rhmX}+63dyoe=IRB`=YwpIjo+91zQMG0gnC=H|NZm*8XCl~#gMui# z@+foh$YKLgcoM{C=*zkt8TY$6h!!_=#hV>0xSQ21iY*8qo=5wH=^PrK z!^99q-uDzD&_DH>TRbpuaCz#0KJqjlp??}RlYAS$G7b8ZwVsn+88?qQSkk$5=R1V{ zR5%f>3%2pm*FP5HU>Brpy2VMlMQi(`BJPNp8SUhqu240S^|r7YLy~p-(yvTZ4fj&#^2iUg-KxR)8f_{fJ<;JfKi1TY37-&Wr0q ztUJ=2-wI@+kEG>?f<^Gt8?yH3%%jV>)P>mxS1{@Zo_qsh0zCIDbJdkwQ_lbQk7QY4<66e}n0D#!1BBQE9(-{RV;&SrU zO1WrXH#viPQeSh>m_*A2eDtX;qNH7PAsdg~>`sV)4xj65hOhy_kP=l)@5w-7rsH9_ zAIa$tpJ&tJe-rgb^4;8|5;&w%?^XB<6 zlpDwLeuQ#YrGc7Eb&X^)Axk)AI;#qSN_5R8FVHv~N^$V@(`N*JXX4S^7^vP?D~ zR>jf5e08!-;=hQlnrVQdf2g#)KFq#LheV%A(h>6BX)NQhm7690yEx;Or>d>hMsFGH zC!kUzscUM%gAHDidnoy0P%eU)g{~FAqtK%Slta>}?!zPmfrYDiEyUJdF6>Uln1hhd zn&zHrrj^MUp9&|IDw5PlBKg_OO&#oRP*;bhFtu+=#Wj@@aH`%K69T>@BRyB) zV*VO4(*_?qz9wjNgIExfcT8=sH|LRT=waR}ij>5mgtAad9^|J430V^+((F>L5Jy|b zG~^13<$M7O{cj*qIpb+^J;sKM+XNg$yzqg|WRYv~HGO1|Pte0q)fDqETiS6s`BL6` zDp=OWLrh!MffTU~FY`76bX6!5OMj$=O+e@sMsGy6n%5g{rB_oevqY&>2x%jNvB^r9 z0(v#hky8yYQd6KsatJ-^0V+5h&(6Gps}v&9B1jmtT{T9k7^AA2Rl_jJS+?!2Ffes1{$sC9@cF_*;$7!E=(tRhHY9Cz(_dL_ zK9Y87SbL*Pl>YJCv;CHFwuxCI0vCJDki3)Koo!3@EJm%xtvbN zJ*AHzTLKB^@7V)uYF`=H{mQnxaE+eb)798ZIJ{Vx#{3~EO6SAUR zNzJEr#Simip^oTi4z$$~MNtP?Ua!#~qs~M4(v8MCwQ3+*jD=c&is9{k6;qa`(czhm z9cZO`8C&-J>Y52RDWyDdGirbDPEfIg#Zegc4`9CBb7{effh~bhJBS3eiQAn#{Ohp@ zJYVeipC;FD! zSG!wUaD9yXkFoqpB;II8+#WaogFLvcEclI+U(Wp*?w&Va`?yOU+*TI+tCKq?&Oi?9 z?uYLoz`CtEWOV0tD z{C~0tz)AjtMY!?vbBX^Gi*OU|_L=<6A^={-;aDJA+L;Y z>LY$;;D3mGhm5JqR3JLIqa@wQQ)daMwj6)X!}`m@dx93o9$-8e;ETyE`U$}KLoy$j<+Qjf3UqD_ZL(I zlFN4l8vfctzx!;ut21z0a`6Y-`*DB4MBs-aF#rFh$!0UupH*e)bUF=W|uG z?ZwTKV7_=V2R@(}Pzw+Tco?7?5neC}vg@#jYg=+|dApk_D%QdxkY;;4OWWcON@IC) zIr-tKT4wWF$(NNoVd3GDl3bTHE}sP+^4bgLfAHFI=a{eT!Y_o8I_;#E#S z%a1Mjn!3#gOOO{}pWtZICFmBawcr#j{4BQy1{aBhNfTPxP{O`-wN?(Rj?D4x+JCpWB=b?2Q z0Je`_03}0Wd20nM-or0%L(8edE?0@iJ|DrBS)cOcG_9mO6)c%Pd=eD-h6PS?3xkyB z(C)LgV4V$sL@0at0Swm~BCcysx&kCFUEDrLuoW5nnT*Tgs2-qxwHC20+~)*GWED~a zE=V#){ka6Iv*upq0=Y^?Ub6IxjIn5JbulDaH%R5I*IX|z9#{uOR@z=GIb>F)PnEO3 zcwb-}S478KQAs&;$|9Cdx1F3_AKA~v=S|oUDa2`jZgs(8)bd!pj6q$?jD+51?4siM zcGv~4r^y%=u$sq-Dh#jmUXhx>GsJr{+Gc-!6`^bQ;RF9gZxm(2ge;K+NL7@e4~>bT zEQB$YDjo_Y3afUbjRH5=+>UI{ta5TmmypsDKaps%y8*djoF3!z*|GQ*O*lA+;8D+% z3|6bsp`r+OXDWq7x*m*;n4%-dvIuvQ8ohxvY1h{irY6l{rt5xiZZ|qp3chY!jgRdl=lhGHMSJ4 zwaTQmC=wM-=9PkaXo0Khj!~I+6>L7Q@h@VAJG(?#l~U z7VS24CT0j5UaY8nCd28$(ra5CFNxOs43()fnuCjf5KfMQ44hxHZ&}B=C0Lu)Vx-1YnB?AB<-A-rF}(1G*{l^|sL6D-z{l;a6UP!J?O-DXPo z`aN%~iN<+%01c$Ri8jHR_A?w!@h3(E6A7qlR6EFWl4LOqQ(@Xc@%i8nyiyMd5X}*s zn_{>5E?>hR7Ig1#MMr!uLdQ74HRM#qdHgk?n8;OyD##f5JtLy}$n;pPCzvtxLqY7p z-9C_}5HS5E3F;TVpJI&P4{@1){v@9qMjRX^l!qVF17Vgp^(DigpmbS8*)(h21oJ4 z2hV^y)v=6fpFdxmuP(*9mbkJkqARXp$Ut2Xiypx!LpDI7Cli6R)m@l@uZPNH5jqdX zyTAq7L_D?_qj<89;bB%mz?my+D)px{){}$yXeI+|^oy)asI|bDqH2dSPYivuBu8yv~oTSYoW*o5%yNAv|ow77Wsor*jBeSQCj0{P}S?*bSR=*`{E~TX# z=Beqjm6jmqbTULKZZ_K`*vxZNTm$#VVZHeKY~OkWFF4dj1EZW?Yz^;B8x0d5?o!BMJq(=<78MIQ(sYQrQ&bl{;8_Q4<`}Hj#IiQai2{}Enq_v z<${$Eo!%4$HcxB?0wJR?D4J=Q+~{HFsDD_AI65#E>gQT<0D0dHo#NuCVlEX^5xhQG}P#q z(|BK$S^b(mVt+8?Sh2;2eS8AL9fQbH@uAcoQ`U7Ngd-oX`Ngx?iuFQ-ns=NCDgn#W zjpC0QLe5x*{0lnkC6R(2*d|U0SnNF0^Ms>kP7w0g{D zzA)geeTrNowE%ZiG2RKGI~Lxd?3UJZ0F-wcmOBnx+Mhu6;UKS8unAWEv}J zVkgLR2aV0=WNHLqKQSHbNXkNRZYFP9HsEDch>|td=H5kA(wZ`YJ?`Q8YP3{FanlHeo!tB(27b z;w3;|yQevHyAO&n4!$8V(i}XP(=-Fyn~%QqzbrnG%vy3(UVCC7FqO@9Qq_>MPen)B z*%TW0TEB()gy>D7GvJH8ZyZN2dKox^m9@P8T+Gy<^#`I<^bf|Pg{ve!s#q%9I5E7M zB`R#?S}XL-PhWi{CU)X1Hud50_l=EgpA?TtwV2afZY9Q{{~`7uRsS>AMUo4+t783? zpoJmqjD$&iwujZo)@=1#t0v?;0ohC;?j9n60KivVlz9=CC^!uW&pWouV8@npj!^G=-Ih^R&axs$)1QO1UA`jwO5Kb`iBYC23}c8X#FjaH=}Dx~ zcy_Zb!oF-?;-`gCW2s;|3t`U&yDS3O9d(2!mjvIFjPsgg2vCmn$q^_ZitPjH=qEaK zLqZGd40W>8B=t-)v%h42JutD5AkSX5B6v)O3YtW|AsBTfC~d}wamks1Pf}~&n}>aN z<|^7eUNYCj#mW9dn)RhBTz+zwFi-fK6bbJCH(7ckIi)s-Om>rRZEK? z;!9^#mmSJ@Dn(MBA?PJRxaU-m`E(Jg+oo8;e64m8+&fNmP@qQCiFazG9u?#3z5L3s zLRZz?S@xFE{sOTcFV^6l^{B9=h=tN;MATYhsv-L!2ZPqy5D5Lx1Dhw<&nES;t{CH2 z5A@O8HQGZzN4+~=wYCU43Km|7i+H}ls6OKdE=xrSGFeMXlsoGAxa#V4V3Nr7czgH_ z{oyRwtN1!cqCH0fmF%<`Nlqdv{4ig}&Y2*9HHKA>AdzI<45aBuE(14&EajS#nx!30 zTIj|IQ#X^A)7J%?3-zwVeyFXF$!-pHbIiSGi=!Ja{LI$c@Sv+(4Hx!W3wT_x!J=zE zdg7LB=%NY^R+X;yWfsnywQYSFERL}c%LAC~C^-Gd*l`Dl44-9^l& zO>%q(HHc**h41_e<*R7^4|<$)LXp_zfo1~{1l;cP-NrnQFH~8!scKKEo|r|-ifC2VK6XT$G?--d+tnM^x{Zg{PPnHfX8@>314vs)?~Wjr#8da z8>)-m5NF%G7`di-nDwtR9x|fVE9#E-yuQOq1fE(PGEw0_(^9 z?v2`s9{gaqmVn&^<4(uFRU6L&6apbr?8fJD|02( z7jt{$X~q*tT6^-+YIwxr$Q%Vs03Au>wqhBhdM#_|&+vUFo>$_4m@;FAfom%6*KlAycm$CXLV6h7lAt`DZp|wbC0Ho8 zub2iobUG_8V5QrZF7osxOFaS@;!}mTKrb41ZA=EH=-tl@BT4I_2|Va|Vod6wRBxU| zT@^IY8@j~>QzLVc5+zpkJ4i@jejd;*C#8C2j+iiq9|kt=-_z!D;;w)XPq*Af^a0xe zED!^$*q_Bs@VGGK_ znofPy_`P7+)oI_94^G-WhG!}ZLPR7|d2*JH)F7~v9_1gIW}f?1UlE2rq%Wnw>l4gE zu)HVvaK3Xj-9VYSeSf_XvRaF(sZ3Jz3JCyEvM)WG$Wx5plH>YfStUBNsU)tIXNoL1 z#|*IjZS{dAH_xj=yjgJhQ<+S5@u(TPr^xxk!w+(`cWU$FU(y>X9bhWbRr2I09B99H zc~h^sm_n-u9!$UesQ5s&Sip-2aqL^f-WL=tMR@E!oHr%i3oa+4U%pf~^h-heDC!PL zV{w9;WgBbQCMZ_tf_On8%okhY+zD06Bg3bCl)597 zu4{}o6GvJ2^ciKtM+vP9<93Lc*Wjn|hDk5g!HEt>cb5C#ItPDQ%BA}}z3JTmWib|J zu@tsEP_O0*ni2cV#3GdtkU`y+Y&4ytLH%oRFTk zK!F>8Kt(rkBghBiJx6Fpd_Y7x)Hd_22jfGX0kKkL?~BjmnYHS~FWO)y2em)izc%%!t~ z?-x{GCCG_X2#>IDg)Ehg&RHKJ`-|CSpN~>dQBS3EaM_@W`Jcbpk}4iu!I%uOjqPQU+`Q#1!h*XFX4N z-$zl==7JQ0FQ%!8rM^_r`bO*PC4yvyc0z2eFj5mM>ViS)Bx|<~?9FdQe3MMk z-ye9G&xUgzZ5nKmo;@1z&$)=J!4Sao$*=~KQ)%B{9A!%TYKnvoCEQp)69wZ?Q~Hz` zx8FG=l$84DnAMWrhI4P)AP`?HH-<{5*ep#UZY5tjE0jGQ=MknE2lcurUc0iD*(ZVi zBq*kdEOx=xB<)q%1ykHiRYKeXMpIpW#%YbtCE>b?g$xXxL#Gj6S`I!Hcq#~UfTX&@ zM3!itgL-1FUtO^ytJZ#Ozz!1Jhtp*6pwGDl3D&&9N^P_8%KNECvZwCXn{4m&~McrVH+u}zfo9TJM z7N7lP{g)ctAN3c6E*_Vw^`WkPp7^ z&S?CW+5bhy^q(zq40!a6KY5#*Gxq;Q2K}OD`VW>HNCz?ie&gg99_U6n^p{r=VX&KdYM6$Dgty=jpHYPw$ib}JOi z0u+k9{^iE)FU$Q8D(J4j!+&DA?}|FyAz^Nt_*sCx+(72!Mve7833FH4;f@Pn&;0eM z@32XKa&d=zx$EMVO#=1_|L;*;ug%@W_?6`b5_{L9xna)#x2rom;a}A#ze}p$F(Y>c z9z?k?@BpbQRF~c2Dl0C8Q+V1lb(M^22wJAFuou8Zr1$+ z*jTUh&VO#S>;Lr+hUiz4`$p&CZtDF_a^nHHK!)EvhF@^)u7tyVe*0!c|AUh|Y~Vdy zqx;EH|7JSBj^r*l-ZI>`MM(c@d?yF5aSf=$af55DH!y(52)I#AxMF1iH_`_;f84nJ zWx4->Yd3y=F7bcDwVPaRYEbF#3~=>$SNZ#dVVYf@=WUn^(fMtDEYB|Ly7yMBWyo0BC>n zNPmMaK>t6-abrhc0o;gi-1Tv{Eb&&;;9s5Gc_aVz ztpya3Vz~RBx!DX?8~N7}+(pG(K)ZQU{9=2v74O;J0mCai1KcPy+(;P!ZZ3JdMz5Po z+OGcqY6)EbaWkKvcm|x?uXqOZ^K(`H3!VX^-7e$bcy=pD0035N+=K+&NKxGTP6Lkf zH!f}_em&|NVEdmgZf5u!7dO~*?c(o`t3Qq6u9^ez9d);42XHG80RX1t{~pa9X#81( z@^k6`eS_V&|2dPNH;nwr_TK)wk*xU3_NEBs=d=G0aqlGKPo0xL+1`(PCmFB4(XI>D zekR|4i2Dl;-h3PW$@YHSUttg!_vYpIAL9Okg21;1aOd2!y%+axVfX*6mSOs}T1LY{ z?dtZ2@se8qM*-rk1u5SfAOEF60eyrI2TES`2n{-=k80#-+~KR9fgueIai7T3hXX#( ztm_&WY*ybVOa>2{pIDd|H_yVy#i0$RHhn+YQ;-K+H?o|90lC;a?);jAs|k-rQ{wJ? zUh;i!xwissFrdOCHID}t=jcf~j=9#G@5iG$4qr`^;>Ik`Pbz|UP-!r$S!yf4qmEZ| zFL|_ooqa&@{rjM{|IW^X2>1nDPg-Nkm-3;GyXO@piY3t_Td;t@_{_f#``*`>}d(DeY!{1fwn(9U+L7lM2=vl-(u z)ALH#rUW=WI>|_n*1UGP1ux0T-bfErf-h!Q*U~aO(Puqld~>|s9?j{W#~0)P&2iLG zY^2=?{^|)jrdfN(2bRxr3jl=ZZ*LNYsbI%gis|O_#TQDrc{yOA{4Xg zgy6+W&JMS13{PJ90ORHZXaWg#-dUL~+K|41NA2|!RP<4h(PmwK&@9ezvwL$mblz&T zd`$>4vZ>sOJ>n_a_-NUKemtO5`n*DlAb}yNRsNF!7mX$s^)q3pZkl9JEM*V)RgT|w zqibi=HP%_?m>S{O^nqS#_p4|genvL)z$KvTJV_9uOqWtys<3}+lW|*zt0*u{hLA7=m^58K@kf*h^IFQvpfl}GkEOX&T?FNv9^J>Rf z)-hodWYTWN^N(y7<642Hy=cRUXPuwh!@43NsV071AMx=kbOmOrL|15FhxrK ze853BC*JLCog$ii(^f}ea+{m{zR~Vwdn(&&aY{wE_}KE6nOEUn0cP|Ilxt}VOeKCy zhD6zp6`^9!Kyuu7!GfDkeVDZgMMcAKiN(FEaG1C&Za*&<0=te(p(jrf+3ziKBh_$ey4QLqUw3yeprHgKeG~&N@q0^Fd2WQgO^2&AVXn#{F_a)HuDr0=<`E`-R>x*I`7AA_Am1)QJ$uyJbsVDk70ja2 zEX@i|*TO*K%(IkWSDgk(Z%@iI|0gL(IhF&DoCLpaaXDMF2;hOFy~-Unszs9w((_@M z@mqDPITTu*83U_br`BCDCbsSexh#XF!+i9yNxf^j$#y@cejGDp|22b%Qy|< z%h`0XDUq3u(#R$(lNUC0pH>hjb1-NFvc!SRvZ>-~6WZA{;cCg!XkLaQu4JR9GL?s)A%aY%#aQ*DsU#wskpFCLorM_bk@m3LKkL>rO_3Dr`m2M zW0J}log1z4R`p7}-72(^q7WwF>qy3o$zY#EeboG&3Sqdgjx1U*IDn3EUzj)jt-4PTA;Ms&e|t9z`j zY$*GvY`4lk$e%eds4UUlp(tj4n4c_r$!hTtI)XPksZm%y!SF}sB=H}qecii~^sJ+Y z6@0r*7fVTTO5-IhdXJ`3y|WGI7--=ZjsURKwR9w)sQ$~YEI2SmJeU*BlO89Du(flZ zYzws~j;u*|Bhkf*FUx3_xV}(yrR~6=HW7M1XtGGgaBhfwszAY?sE9 zBx3euSy>wGAuHg`6EPMIzjk5E{;ra2B*22yq9;p+hZdagDBw9sbAHx^PPQoB$6}+@ zT;51e?2#JwTB}~@i__#e$Mo;yjPa6bUOx1yjqtEbMvQn!xUjHOv`=J@4W{|>?4M~5 z;_P>vAVhRL6UyWfjNY(Df8UM_{*io!uIxSCm-eTb-6G5QSP2{#^%CpRI)+X#nFiGJ z)la5W+OUue)MC}THjnVvPP3Bj!V!iGh{5K!+@@cw(QvEpV47Eu`jE_YDMz-$4~H;& zV_~CjwuO%$(f7*{(mw4VaCb@m+|b_0+R716YixA!dL;L_o=eZB|6}$-an95u2~ThH z1b1fFRRlf7RIm8Aq11A&&f3HM%pPKuxevuG{fpC|vM~A855*Qtt)buTrc?iPNTJ7$uspfnh1V1cyPaCD8$Z_4dlV#LlQtT|Hpg1`71Z$;pt zQg#WB+7LCELV4_y#8)A}wRq5Aux?~K$R-&Hq>3FB;24D1%MQ`PpUsLeJEJol(VE+0 zGl{oD3Q9+61v}4u+MIqEn(DAkTjq47W-+`388rZhLVkM1$jy06*5yM=U(QH_jq_%} z<5qz)E`l8wp{X&pISzKIOnv|*7+;HN7bSfsqWz^OTSb2c6u7|7fkzIrv$cR(V%dD+6w#_1Z5|*Y=j!EAsti!U!w+dq zN_ZY6D=&~1l{Y@*+Yjmue0Lly$4{1=ulLR(dx7gSy)5;z$O>a#|M{ z?~o&iT5Y?sGlRHov!yDnNx&!`;*gZ8tt(Z~e`)HO#~I+aC#}cVbIdtO3(%YMGv*9Z zr5VgF9?%XuVWdl5v)iYh&LME3pl7t;7Q%5|Zb#}3PU0nML+d^iYYldn{xWe~ftlvN z3eu{*iq|6o9tC!8-dHp_YnNppkAxan?ct`=Ba>o$TfbPxbmc|O zi@0x_=b=+jZC@@>;7B2`oYB4%dn9KC#y)@-mX=|%Kvr;IH1b*SZc{M+asFZV{q~26 zwP1K}e%xAZmz|W9v(@wFeNUCG1VL}dICB2;VYN3?byA=iohv+f10EeP{e)0%#V#sy z9m($l^w~^%CZDxw*7*%kD79J)O$}=H{qX04sPCCShljB8So83<<@OTh_Fc4j40Sp= zJrd&~EUB$Nky7<|%a7B{o~4azH6KwmeJ9cw`RiHQ^W|zX33boCypP?dmx;mY$nhHq zmzrI!+}tfE7h|K_bG=*JM@P$JqiBQla)#l!Z#aFD4A;1XvfmKOQKPvp9U$ku& z66Z^ce8S>>^2~qX5!Mvhk)*Qd;A+`HWsKGeFXrHUFoj)kU-c7EV|UGt%mH*oF2gNO z15U$-L|Xai9chm~%sUeG8dtI`d_y0MdPI$3N4602aaDRzp6*oce(Nh|{&fkLl2nD-_Dcb-b18P=QpRhO7Y z0c>Ez4!*vKuSH)+5}|BbA}5uT@u!j%#}|W$9N12qklSJG^mk5w%;&zR>~2{E9erVQdWxbV>z z-E`sI(>=pk@h{S~USoG2zW3}xmNWV$_w~`!82U6`{3&_YU8f&kaxDkUvP^Pfid9KA zN}nlaNE}$T8*sgRE2aNzZ!Cg|0l&rhnZYW({-Dlhs6%U?@g^-l>0o5otII(4ek~-?JkHHqNQMNS zP~$u#@4TG;Aor|2pgNKQ$MQ@csyU9v-J?!b%T*X%-57?ALeEqC;cgdoY=X@|`Y{xL zpszP6p8lo(%;JUd`69v2(8g0pk`YGO1@_(6QXT}8+%nL(6M>Gg(mIJ)*Nl*cPrVTr z`4OO^9_xBfCtd^G$%H?^Co?SWk{8S@S3G!ZP_{h!q0QhCJOc+b6^KnsvL~pTB#&1S z>R4R*yF??h1YoN_?GgNRt%~DcjO3L_TrPCZ0c0Ih8lKG=^uB)Prtm zdAkM+=7IQR8yOEhSaT`Zb0HhV>*UnjGvea;7CT@&MWdJS;1@6o(+Qo&PeyDwWE#-C7@yVo#myGjN180@6RnJ4Heh`4{RoXXTc zCIRd3Rke+#K9yQSRWRIqUyaiL#i|uanKpz(_xX%(LBL|POSJ{5sYNobSjTGX7XYQ z>X0fMh^vBZ4WBT9v>dLVVje%!>l%$FdC<@ZF{l9z=2?W*>Q}6N>51+)N*X-CCGcDf z^EFqwuS|lrT7nVOtQ)-El!hsCtsJdxhD+bH(M-f#W~zuq7cKL!Prt>^Q_NLCH<=Je zY9;CEvl;y0#`E-o zMeWNYxE^lVc9D6o2R6tnH|TFv3y+a7B^x7AW~(yE%5Li(^1KPe;mj2S&vsK~Apkde z4u`GVktX^qV1z;jdaXKY<3c1hc}=#(vg3qEcqXh~6{>({UtA_+U;0e=H9V#Xb%)pWsg%y}1s*A`&f>BgEZSf6Maq-xWL{P0Hw=?4M+(5Qw6;x>e2A!Www2t^Pls4H+Nb9t zRnLRGxS1;y=1@#7df{D!WzwKQbgI!ip!}m0E6%dBm#0Wtdu+hhfpsmBT4mSn!?nvdb0h9hogI7$*}<8FtQs3~sE9ZyWcfnMGi9Xu$_y zE2vcA)354xss#Y`ZQqEwjv?blDx8p=rus^(y=DgIAM@;@qVx!gyo$_O9soRS-rI@{ zNvGeZ6+wCVc)EjVfS+OdM-1CH6dAd9BqVZds*G$X+W3viYMgI|~uqYQd|NT*y_K%)~0u>JeX^ebP9NfpR)Dm!O`Q z(ZC++NPmNcuTr|p@7a5JSej48`9WmOQqw^7o?T%(zbp{jlRfhil0kVvt6(@)vxHgu z=)%Q95J!kGcX>yG=F%NyL|sxRt}g!|*rH8*UAGY=0pHRCfsTmbo6*L^UU0T-;9^(j zTyreI$=+~D>Y~?hT_%%2u{ATjy?ik*g*Mr{HTFg+Y3%E!^Xn9jNpqzym-VNFE;iQo zO|zOFt_4=K@q_9r)R?F1=?Bky)=tV8^Ywe^EZ^{*ugrOX!aRu75HtK;sSMz*n#4bu zm%D-xe_zM`2j+$0&e8TinU`BG_BT#`;XUq&O59~$ZUrI!)yZAv<%WLzn@svk5aM5* z+&T3Ai@v!Pg!otEJEz{)6wFVRgR8D-08ks^`nOwd`BoVM091zfNx=X^{DXqI@$>T( z|36VMcNHZ5E>ZyiMI5dM0aS(nG8POsq{=-?`S+R<0HBD&wTn9x%pY9*UQ+@96mPh8 zafgEWlZ$Ig>Xya1PbmW>8LnO3&}sj3LO1{SFDe8m2=R06f#>_TjNI=i(_Hz^bhseJ$F+Vx@pXw^VaKKlO>R#l#Y7#eibXA*lRf=#UouJ0R zbXDgB+-g7T*lzsY?z&$&hl#)voqxBzlY!Te__vS*0N4zF{o5@h0_6a% zez_|o@iW9fAo2ezBmsF3Dq`woA_>=LyP5K)l2>|fv z|A)YL(($K|#Gh>M$Gww|x19D}F^JoJ_`7$&Z-gX%rtZBl-;etX90ED*yJ8UkGwv^F z2z>SY!S-IUWqy#g?m{)lI@=9PS^Z8|GEJnc`Rrd3L5d8XO2`#LCQ%oy%F&z@g$5+GdJZzx+tyZRJi`K=#v6Om zXlkK?M(8j@i^=_&ZpgN9tE)9EAq!j1uQdexJ^2GI-sR?}FTeqYo?s1ZJr`rbaV;dI zPxYVY8aANjCaUXT^Ll358}D({cnN^MejhlN(gpu$`6KN>vt&MH+&r}Cz&nS(#=nY#| z$C-rknq#A8-4!?KzH0Gp)(D@x$a1HA$}P0{UHb^|*=jlx``PhSxOhZOCRdH)j4>o@;kpV6Y4$cDpZD3M(bLsKK!$=5-IkT zQYcg+dNE1Q?j+WZqU6`lHKUZ@Wj^(-?uIOsCm4td9c$UFu+a+w4=-o*8Le>JF}3&K z^naGNuP7b|YS(479ST#WIL6DM)}mjvndoT3LfR(;q8vPEdZtUKe*(iqlj!mxJCK2+ zkFO`cbgVqABBOip6P7;eumCiJ0@XHQlxj$* zz>c0lpI1f(erJc-)OqdN+%?Ez#4Tt`H0psK$|)CnpM!UoF9v5jJI}&tG@E=)xZRx3 z5K}dZl@)nuKWX^!KMIstdjTFt8|n5c7+gGqZsR)VD~!V9(l> zDYt~<6PDD8Ya=0&6b!L*-oZz_utwMz*Q3O;!AEKR!iauNflj#VC0)_TqauMvFQLDK zCJ3)(g|0j|dK~<2USKW{|4EW=Q&qaUs!udYFeq4?t{tD$Q1Q-FKdk4EpHNj=JWk=) zx#;f*GR20&3zzslVNd=r7+(N}0CBXU5e(ZN1EwAZ0tH?G{8{?@5>WKoO%QdMC#({| zgt2aemc8x>8s)=D<&G?Db=y?xNIuwzs)BHa46LWp6S!KlI*tl#`j>GLN?WJr&@V0w zc{CA1mfk#RG$IJ~niBEy*%!4)V#CNx1B3&`zl-it)H-kTSjPQVv{Jml&2vs|j8eZ?K4**asK9PqZ&Wfxf zq_4%NV1Z4pA)L9sNJXt}?8utqIf8Aky6e(nyzdgLIeDDT0K6BHbXJ(%s$N zA<|t^(hUNFd~iVTQS`g_-+m6v%!--W`$4itiGx+^1;b}J=h8WTR`6;v zwxOZzCgHC~k7Dkwl(G|VD)WDdh?S!UD_Mj7Xh;(_viGr&!~W|bQdE68^fGFfMhGTVai?a#jr2+*4xS+>iD+FtzbDUeLt9uS z`S%^wb51|-^V{(Uy?-QE^61G@cs8m&v8)G6wEx>rjHaQcU*o!bK77iUcDz{M+SrJl z`s(3YotD@~K@P>AVLU=_D-E}*{m!K`*xhcK4};(Zc#d7{*NQe5V+6_9YHPT-*Q_0d zi9|FkVrvf}h13h9Nc6Sa)qH|c z19qZoXN*nFTL(j}THR(3a&MCe*TtukI}CiA9x>R5)$h{qdDofR$u|L6AIvt|?~?-l zey+2uD|>_YKO+&j@VbLE>&ovTgZX>icabCo3tJ-%6KB?L5%W1UBX*vV;Db~cjPsUK z^&pExoOS;QI%E?fX~a&B6fJ{o^nHKh$k|8DC?%c3M4;2kjgAkATy$ze77_OO*UXGJ z9B59er7qn54WnzXYd%U?xj1KWkL!;Tq;zKU$PkEahqV{xF!V$nqqzBno2nkiMFi`@ zA)Qd8+3FOrr@te;5GQ$L(K=<2}H$3J>(&mHTG|jHyX}iromIdIhrj03^vA; z@Wqc*%8v7FQ+Rzlg~@RIv*&_hbhW}vx}?~LOo3qzxK@4}H5CeSczCwgRtQop3z1VN zmwr)M1kb1!{et!e$iWJwO=pD)7X1!4pGR&<5{$AY4*&ee>~>kst*Pd{pGWKF~XeODW9ow`^nTM9DI|sJPzy&-`hkc5@-Y{TDS; zdr}lXv}lx;^X0E;rEM5Ygf7n%KgN8#+WLXkSRdOZlL*>P7GFcO?ZAXjYS>0;BKkSp zpm}}QQ|O7-4&+Ph11V;D*14sIt^0;qW+p4f0wWLf{7fMnKfIJOCcEfX4jSg{sZu;C zdCjkwk!R0!4@VcA_oaW-60-V!9yK>p0H-R69QIgX+Lm4_T~*WBZgz)@K=^LGp;h;r z@E1~{reo6%;a?!fS_!>wC@BI?7uiV3?!8!zx`1>kShRfqKEmCmB?EU3I}J~qV~ADK z#n4@7J`(NJZLhC&QLIS&^&#Kj^G!C0un$a8QlI>GQkgS3H@vxhWS)g-+fXD!d$hMv z!G-$lEToe_z<`OmhCwG!Kb|f^GHI_PLsMBV^C4v?Vj!U3R2`(SE-92o%e|kabc!1K z9)Sh?>jiwMPZ2avn&Ua=R@paHn-%(1e;txIk;hJXxTYp4a$COdO8vEIF^r-Yrt;f5 zr_)xAd!x0WH1LcVo#Q^vjsncUfeyg{zV zxRd^wP@?KoZ%hhFMyS)nL(D2-<{B_Tt>r%Wgo-p#jIE%zpH5sHKf&2AEFVywYBjw6 zc6PRM?7W<4&YsES@8b%pm7}}qkA3d}mN%-Hi!!mz9%x13>k5ar>NJ(3u2+;4?7`{J z+^(({>RE0TFPX5t=tuX@;W*TVrr0$1k!)h+E{H!(@sA05%`>1NP8+nKH~E$ia(lkU z1=bdFzh#@>8CA>R^#he+8^1kd^b-LU!kI+;Ue~>bX=N$PDPiQgFUtMQ^Wrq3)^?{v zV8X%UT|`g7QoSvupLS-=REsV(jwW4vjh~2~h$l1lQHpC^BO*vviko1yoUM&+2lKIN z-{Kmto?qm9eV{|Au1LE~;Mhm2$yDld$b$a;95oEgs&{t?$^_TrjJw$XK$wEp2W$ov zHY`x1l@_&d`7x}h|3|o<@%^Mm=kXbmxu-tD0afol%@n^SC3E_EqA1zNWVTTa=&m@z5*;)>9Cu5qZ4^0I!e;ShEgebF0b57sv{ zZNcSnKwlKQq}gsJNEO4jQC?X6sHvqYU7>nq#e`MfAV4$3A6tl?Tm9@@uEfCg09jQx z@M}jfmW9XyddmtwT=F`#jUeh%^cL~dfVWv@3F8zO`2qDZwoOWlg!NK5WFKO_Ed?_q z9O#wkKS4OMHF^?8Uo=amnAaO;4x7;fg2boGRuxgr-8UI`zB^G4Zm(A*(PM%32K&!4U zVF-iw8co~fdsSGKdAJMGS5#27T?Vtc8hacxF8${P=8hO4!{6c`K*+pv)A0&e1Lf#2 z60EW&#IlH&whL_772Q}WA2i|}!hNp^fi(Nscj4QxD@)&?8V<>1bQlluSMg6AgmY_f z>-bEO+y#U8Q8Mj}!W*+&$-|P3u}SzF1tiWpb6|>}_n_!^j4;YH#BYuZNfkeEyD%zt zLp`^MVTdmzIZ)q7HTEmFTI8tW2G2o<5s{Ve5A7m&^}Nv0tf)3gpjoa;;xlod98yHb z*QQ3xPK`CykY&yEql0e#^B(0S_D}_Lx(2F|MYoZO_^K6kfw4V?t_`+-Ir%Fq>kTZBL~M@k zx#gzZBDZGwJ^`n*3PvSO*$H&HLwv-S0rzSW)@|82Qt?8S?qUU{~f_G}`_DLJR$;$>Gv0dLK-2BY<(_DsEI`Ydc1yA!1{F1WhB7F7f@qAE2glk9?e zP&;ii^vpJ`D9(ebZ0Ij!f>>v{oE!YAbOutcpaR4lq`HU?YRE7}Q7|Eudxl7w4T9Losc(Ub*VAVubS0S4Eb{Ae?u`o%ISx;v&}$&N8~ctN~h zl1|YR3a0bYcX%R6?m={Gwf7ffh+LWEz5B~KhZ?0*_@;QMPy~7VpM5Oks#(7wki>|T5UuGhgsffp>uyYBOZT#`hGpvP1qB)rIL)o3^ zBS(5UMIJyW;TPAQNLX|xMhCyMqA_al-ND-i6Cv8i93=&t=yNDLvL5E3^3>dQvdJUr z>_U}AYPJ+FTyjl?d5$R_sm^XEHpXXXG$;*6h>=3FS$XteeySCexs} zHC&+tMOaI|QsuFzW4U`Sj{wW^CYa>rCPe8mwyySP?TX!HY|~dIhj?#1j28>eTc-R; z5V~afFcjm5&Ue>1nzU%(>ef*5KhVlaweli1ayArgPn_zs-kfhN1Z{5ap1iKB|9-CP7g1A8 zjcso%>mU*)KqWPYviC91R=9!tRK^7ql@~Erdtw#UqGT?Fq%7z6TleF4aoQ(l>A?i22k<+4@!W_;y;n=TbhY~ zp9WA}{2HcV1wa|s&CqN&ve&=;fN5@;)~|lK>1X_9xqpLc0D5ls>OUdZ0Bb)s_aB(% z2SWoJ5JLkSD*$-8gIoi~`3Dt0U>YEXhQFx*%iV6KVm_e>;^c`0@sN0B%GD621c;0H`Sb5x#+dfjJ9+gzq5N zztKzFz}|lmzH1rCA%9RU+v}4b5Lt(yzERFw+D;&lO|MPwe@Y<>60Seo1WXKu&j~1n7cy zhFj$LCQJM>lwXznj$i{{V{psz@b4o5&W_g;xn{4qJz4bc!a!N^IVkC1~76bld#`VAP_!gzu{K^m}FzW9_!s^XkbE# ze-87o->@NEs{nw9|6c`=TLL!o7iI?bA2b*2H#8UjPu0!;{!9tCXET7g0{%}*xY7Sp z`1U-?Uxa@TkDCeq6u#w0xMl75#RdP625%PWAK{zxD1Q;YYZ=G`uUzj2g1sfd_;<@d z9(W}TVA;9#y*v5ju4SM!_0ZcXV&nM1* zlm&VpUnK%|0AU1x9)TUe`*6jIz|L^{erIO@MB;5CxEa;2iQq>3b~^th5!@L0G5?<* zHtau$7}$Y`7}x=<7IF1$q(x{Rqcn7S`XW1?DVqs}Qb^a4_(IcS-x=`JJ(Y z`4d{bM52885J! zvlcwLbZ@6@3=K2Bd`b8|Q+JRIZq5mwZLL$IEu;L_seW5}PV4*LT0-ph>A}HRL3PSo zTpwv0biFUNn-&E@ZyZKvaN`RG4F_hvZ>`#t!QOk7^XjDZjK)d*;?enz_nG+|U^DFUE>h*kMYM zP`SbU%j44Zxrxsi?bm9^;0d{SjTG8eRao4VT>E54f{*my$p>-`w4-L6tHg(tD#7+} z-FGWxVF$Z9!0}e?f}0q|dx?>7DN+6Eo(R}TWxd=PLVx4?12;EC@GCF&x?|;vS*YaL zVZunnO)@T&J~9duS!QlxcBLxXt)3rjQVS1ub#pddyt?zF>5H$$ zXFn{diTMerU^lx$q5NXZs^?y^HCRF5QXSP6xV=%T-Os7+_lh>gfqiZg*^a&c%*7gN z{6&uJ*?DH;O2<+v-gM^1L^*r&he7vzx10JNl#{ZWvV08HToxnan9D|FuM@f6<+-mIwoUEYDhU>rAx;lhG!T_OT3 zGJNJu*%o|eYLh5bBD6~1tVENmJ4l)o%z|{9DDEBA!HfzPG=DU3B^EKw9#eeH6`!AY z!urst8@Xyx*2BDd^}aj<$?77tkZJw1&U;Kb=;9c2P7_n~ngJtrtcx`ib5WQQ`&)r7 zo2ZNA4Xrxvv2L+hOhc2ZJE~mG@v1E6l^kb#8Ok#QYueQ%B|`~Xbq;uyd*`R88@pRh zZK&k*E9E&hkPJ}WoZhVu%lVP+BSJd`wKpC`AAnX$os)#E>kCuw!FOBs#9{987z%5o zr4z5*qtQ&-Ne;3L=fHgtg3ouvz@dEleBAPd&yy4w<&lTyuaHQpDQP~SOw)F(+K5l5 z3|Q5j$Qy`HYEV;*JnPyK2XTopcqK}|9zOwg1;3HB_FHSDrI7+tyII(Hy!qM;%!Rq4DBLgf#vXCQx`QG!K^CU0tKt^XsO2J;kRCh`R6tX6* zhdfKBUJp9e4GQW?OR*@>$(|uCLpTowXfq%W=(d5h2{62dBJm#+J^}k){u-GUJ=rP_ zy@TzT8=U%^;tPQkW&OSFPCawAaVR%<7#b32NhHofmcz2#l_v}ebVh;Xj`Iu@zj1D8C z?NtbVSke^c>%n9}ii+zK54bQRhT$UdgL@T~YxrlRPBaDY3B)wZ`w^Q4{R_!RtDevY zF15DWJQ*%&4u|iHl51aj;ZjqxlsKVwanZ(7(;}+82O6+LnKC6ZDqF@@(CXfoEhcgU?n-hb zjR-LcP=F&3mJW3mD87u8ero8AjS$>`BM&+0g%sCE9(tk-^!(llUmbZ+zB=--ldiOn zm+e~G%$d~DiS~387W8zOLEqORl2Wmo@BAxq2}_l2OLW}o>C5iA3d`Asy4vdRDioP& zu-Uk6t&RQfaIhxra|Bm6z(L;=QO<_n(>!lP$mKEP(ZT?)W~N^|YMOju&%l@3E zPMVg0imLBwZbrv!koElf)B|6Eqn2b9f2;6{m^MeGXK;_>)u{*Gl?rrMg5ujw?^;$MPNzw>c9 zjjWr1AJh&S(!H&Gfd~~7DFq~26qTaHhpx<|-ZvEepbJ7{Mk3R*FtzEyR55m>2A4e! z3r2K$q@G-l+snDNRG6Mm33QgQ&+3IFQJ%Sdit@Nu0JYU*W8lt5Y$5Y{Jzc)aD;eVO zilcd}9Bu)m1^H0Tx+Dt+OFk#8zZgql0zA!=e=U^Q&DRI)M5!X3rUR07b4egL0tKgN zoMcENWOi`a7iTZVH!vA(!%UXgTHn#^=+9O5Q{%|AT`#k2fh;%V`J^m{y<_`$ zGGKT{&``Rt?Wiq>(YC8vYCVKk)-%%%9TRSVQkS1uw+UK=j#gl-@Z^HyyEEE@Bl%Xw z@4IAgCR;(K)0qj9$M(Dqw~2RZ&0olU?1QGCJz2E0);o@>_Ub*Ls$b+%n1X!o*)d^jyu zkU^N*7x8tMu2mZ|iby{C=(=OCEf}JDyh!mqMbDratPW(~c?IujE}uv_>qe~?qfgb} zzK5Eaz<-WCGSkYC8}s?3D38|+Y~ZL^v0$Iubi`cwg&mcrg19+}vByi|_fqaK^UTs9 z_g)%u=Oszz>pvQ!Ut@2@Ji>OuCK~2lCBdBGJL}w*&vm#?Ke8|KN(YCZ;?-`GhMYgS5m52 zoJ4`YN@bi}UgE`!icFX)`FQO2vIRW|aWP;v9X;iba~hdPzG#9b;kU40>WLa*vB!N> z=uK!3q+)jo=-!NV>5uXJn!!H!&)XX= z?6K=MfMvO%iq;GYC%8)=m!3$6xb0ixJeR=^!(4724$p@7wjL)e{;g}BsTV@y|JO2E3p0@&H;dffyoKDLDj5HTg z!lKWW%E$Tk>n#h$dU+Isy51UjR29Qa8P(_m`fhyQ%u9^$i^pozA{*|J&4TMqi&xiU z2uy>4;w$+d+h}R08OH25fCFyEfThci@s(4n?8V8|jw#BsnONOLd+`3eCX38zjyinD z9iK$?WlP-HsI3pj6RiXVO6a{gIPBJBQ`Wd{p9H#$CC6_o7gIes8$sc2>C1`Tx{|1e zpAD~WQW^!zxSuKtYfr|H!TSO(2PrmaY{a$hc`u|Xc!M88G6Fg?X*-nH@K$oNB>ji^ z?0}aZb$PKcPBRCt-9p62^fG6IrH{ijW=n#Qv_EC8<2gkV2F%zFz3tG9sqdDuM2T=m zcj9t~+(t(4wCYDPXtKwI>uj%StJtJa74VZy*ODNks5vS3!ZRdupGz1rhL&jM^@jeA zOzhGIwMZlwyg*MJ93be<_~AsZYz2-Zi;+NjFjag@TbRXNxW!ei6gyT!*j|DKBR;)A zFS!TYdJZ%VruRBMQR(&blfx7@8TL23DZ3r>eGI?nz9l9T@GAS;Q;2swF*a%32FsuZ zd_KX2ZCCJX`!FL}rkSw9@sp~grzoQ{WY9954vXx2B0t5FwXIW#kz^__jcC9>4;Rxqi52SWm%Dvn zQY=NFq4SYCZ%%Kpk4w`+zBH1Z%S{ZH%R)nzc=z$@ zP7Y4ak`m4yBp=2Q!h3JMHMTlxD|YHWLu(?V3qA9tDj>t8KYE5Rpu1OE)-X4r{<^fR zlum0ir4MY^|M{`)*fAuJqu4ZuKqrFEY$>@g-Xn9pQ#m4`IEoIY-1}DJ!ebyF$jr}# zx)8Kl3gJQKm-SCehgqiZpTZw4yT?Z3$UltkMysrVJG3E3q>x88Z^o*8Z!)dP^o}+k zUsj^bT4|CZDXC?dWn5-3jWmTUlk|dQWU)>~2y@)F z@_2usr$15lP-~WZxGcut7{P#d*ylpNf@yZQ<#v)KTa9iXL=@Gn_R#z%)oA_O^%=rC zZY?XG!H?^9IN+D6S+pEMFE6g}bWiK}`FQjzmY!69_r72fN-qoJo3--@Cb z-6f;Fu=Q+UCCx$y&ZYuAx2i>ji6)i^`~3^Id&Mm|^io~S=+RcouRV6KR3BMoiNxn& z!U)^bRMRt3^L@=id>Fel@5vm38cbU@RWedwD)Le$#Y;Qt?fXxP`;4uI9=Suu+png} z^s^TX^-J*_{LWvYVWbf2q`j`>L>7d7Qn^nYm7XkZpU0xV(q%qvxYtM6r zF=>T&O40)-F_ZBu>nXC-XX}+8>+DzyS} zQKaE8ts>AIMn(Zkc671NdQNz2EKdgnYSQ(@PMg^tD_9rd7wZOJ8e|*pbMJ>B7lIIC z<$+h7IZH?s&`Uq6rW^5(KmeR}66)yuc2BM4jW zlWkKEF+rJ$L*z?1{|?&6nNZn&+%BO)*JC-FMS0}atS566i=MHde_+gTeOeSOddEwT z#H(u|YRJ(WB-7%>-xtEHNUf7d2zG5Y<08q-6@U5211I`?5b46O4<#+zz#at??7kDb z7vvT$dX#>?b`O|*?{mjh4sxxk{L!HiO>*SNLol|rN66ppW82B$eR#c~g+CI3 zVUC#^Cw>`lQF?-M(w=%0$ZWBa+gVK0L>umwkVDldmksGv;^JpS>Nq3lE*VDQF)#j< z)?AAC>GzXj9(UL1N}U+Eh>Co@T^ZB;VnxMdKd||x<~lKUg_Mm)boUmBoVs_79!Ag^ zQWr>qM=DVV4(J&(=kjm7OdHAC5Pb?#Mg)C02or0JiWW2Nzm4IP;X>VZB(KE_S}1u? zi5K5HSxp|H5dMowNzKdQO*8L6r%P}TEkPN2sSwkcOg(7h2=5`@N}(QB5~>u<;Pz+9j$}P zBaYkroQG9GK3Mh6Zco-X8q)cw8$wrs_QsC3W&X2|*<4 zlB<6F48|qa%85y{J*S3n;r)@=%U8y3OvdFOR3PQDjY7S?q8`s=b)v00dVwNowV6}B z%1TmqohVSs=Zxcer&N$?Z|(beu~17g7md};^+}O?VPT>B{G{@mL!|TpZj@Q^!Iw;? z_ww7B$`YqjsiCS>A+2q4^g7FN>LU#N9G_lri060idU=>DB}E=`!qk69@L?efoD+wR zm)`VDI@+$9+8IsYi1ppx3A!W?sx}WvcMnWya#1YrC}zo+$nm#&$bGN3ycYc;G&^^AFX$RUs8UGQ{sg_V z15=UyUXBKa-fw`6Ukb{3VNl3;&?xm#Q>?!SzQu6sX^uRr9K}{R4Xc zS0zAI%$tJfKcE}o?M)AWiyY(tRlc9q^8uZ9hPRsJS?*D{a?UO7L2 zJN(vt{)1&854;k-DaYUV-W}n)mVrv@zo!Hs&>FC9ziRt6Bm6=Za2?G+8Q}+J{Rbt# z#37&||A!y`o)Lav*8i&Hjwb?TgddpozbXOp!JkOg56t>sg|GkNb{f|i;f5#S`Y;ar z5Bdf68~TOoKmHS*On_T!0Jsqk4}!jh-nEWf@mqEODI)-k{8+|+!kHO>Ghdlx229{4 z25-n5?qmeO@cy6zz%YKT;-5Um{x=msUipWNa6@5ntqK4*|Nqed`REk{3%IxAcHw?? z$v?#_CqEh z%=!<~zvKd7f&kzbJK*c!7PAJ@0l+(d$E*Qe);|USluwwhzc2vr6(+#>zu(>~zm5aQ z_kLyqz-#5-Wr5iOt`orxEdn4B{AlxMziIQo{^LJU`9t$>p9a9p0skox0F3;Y|38V~ zhAQF8B%r(e=4*ugwtN4|q!@7W0cHsR`ntHGO1K{NKk4hQDuA5v4~gK0GT~Yk&{xLa zMg!!UKQQZ?b-Ux%ccKxX{&q2LY4~r~{EqCMkoc84;3gJtHtvq>UAsVe@CRo77umaZ zft>FLW_{y1|85tUI^YLp{TJCgc7c!R{y)r`{x{lzogh?Jl#BYeLe`@6Qp0t$Q|1+E zXbZ|bFNiZj83&zRptoMuJR~lD(IZ?nt^HO%vWHgY6Cwfxo}4$TZFB_{6Tc4EN3LjJ9ct@Uh}tsiD2(I2vzW_`GR7Uuc!xFwndnwXxMCFaR)%WOZ=QO z2BavLij8X|7yNB$Dzk`KwJetWS6dp{qn92I@I*GDLn)DVaEcm_RU8ETF;O{X!lgbA zGEegBYEdY2D&)_AejKY|1#K`et76irQ+UU+jJ+)fxr{%G*Fys#zn$KGIZ77LPc1*zRIlCkT+sjY1Xza9+p*Y2d+&H7?w;fi=mCU(Awp0n}0pCRMp|H3m|q@ zR+u^|&`PKNXqHbL+dFL}>|sO6?YkB0;apP4o8w`e)_w~0fa#PG^})fkMJ@wF)R9qr z^!S(9sMXHGo$R%@4cuqny*g$F_U39rLl+6~d7WK#rW-C-VR#%%(Z0eHRj*U=CK`~= z3Zy2iz2kY6?2_A2IsdJf%fJcmvgvGO!)Y}PJ8aI=Detp>1iyxUgfhFo(zoWZ^dM+c zKb&c4f~Ld!4JGHua|uR1RD7()ZG93fb#9MPj>vgVXumy~ZjHF`-w6dNYc8-`MWrGb zPUjW2o^RTJm1yrS4jWP4TZQ#;Fi;y=aFQo)cA}T9d=3HMAVn3=TUS*bEY++ur-P~{ z6W;(7w*F1K%xbXw4koeQLqchrh^$p%Gz^E3&QDG3J5HtNhOBA+@;+L~ON&zH)D7=o zIH70=Joi$id}@6Z9tOGY*2I9~!*^ANql*lmX*~@&Xhv{w!#vET4xEP9N=!Y?%|#v4 z2`2iiANK+=v`Iw1>f3_r{0M19-5hFdB{74^N4xJODg~s%W8$PAm~|c~v1aQqFQbOB z%b3z3P9SZTC1`%JLKK$hv#uG7T@2w+N0{hS)Jv#)XxwdC9X0Wayyb90x+~J`oTmQp z{+m?(JOWwbu64V9;o{tWvm{c->R_09%}6Vn@mFgs`lMaH$fV z$EtqJ4WWi-&%o%e@K&vg5;0f|1!^*}>%-iv$7c2+O@U?Cf8W#^>_?_J(g zEut)wP^}N8CZH|*y1CY4m|^(E(icMN5nrgPBy6k2%faysj+8~x@JI64CruGWAmCL`1X9;;%+DZNjgv30r%x?FF$YOz+CK_>iddIPeq70JPOAd zWUQM52EB!Ab}^M7sZ5I6G^UBAK;~nx@6h>hRXIe9hnm%iM>0fD4S(_sQN+qkC_*c)}OMBc!?)FfT{T^C?!cyv9 zm^JKaM82?EsO(V&7Y;Lw__Gv5MY+Ugta+G^AREi_@)i7GhHdV=dieBGDm~;()&Oz_zqVdOc`68o<5ZEE+% zn6s9Lk>dJHWlywm_TxW(4;eEac!1{t_RGbmc;H0f8sRGxbC-P=1kz@_WWLekL9+p02amqteo_n$UA~Wk4nBTuBC9Li~sL zhAiwjHG~++=OH?c2}f*pqg2@9V#GeXRPMAq!S~Ax3g+U*pz{L?jkKHChwXftij%-r z_S?ksS}i~s9ze;w*t1!J+%yl6oS)J{|8)M)61|Y*{g77p(ynZbU z4l#2v_36nG88;jHcPb)xW_}Qny4DP6zMNP5^O#=u(DL_Qt|Ff>26wvWh4Q5lD-hDCueJ_ zqo-Uh1aBe(UlHbN-ADIt=2UZ?C6oDxNqUM?T&eJt*w+S&@RJ*2oq6XD$gvna3aX`` zf#)!B>svabMeny%{wGtdbR8;ISWh&q-n*H|eR(QgY;n<(~F`9*--}vcxELK5B z)=BtUTR&M$;q=7|nEN5`nV%~&BzxknQwU}tqjRnpOS8#h4;V#WGH5f`nd9&s&T8|u zJb8{z*fz851--OD8VSZ;>TPLzMLaMJ>z&rPaz#8a6Fm_fk7n#^Wttet77{T%;b1ve z+rdEFN9XjuxbfMb5npUhOvXLphZWM1A*eWX1E9WDq`XrSiYS>1(`9AT7{S;q-DtY9 z`uQf^N^YOEoy+#1KCkP-UDkW~Ik;;zBgyQJfPio<#BeJh@Xp)GsE!-LR~Ruvhpj=nVJAVG+*g&geill>2~#FlCZ*s~#f$1?}{=g}{&B zh$ha^PG~+hQKfOtJm&GRu2!C$w;Pyi8H@(SFlFz_5w1b#%i}%%NSHf=|33`q1yBsdg2tR7A9*8X4a)PnxFp%th91qVWpiJkGDZP-v!b44c zS#{xGNj@5C@o?_LlD=g#N6xe~=m`8nTomGpJxQja?Ipy4nbZTsOhubu(W=;lDB~_t zQx&9jA8~%mVJY!JWnJv=(t;D2O_uTNM0JN+xbN0N9zc|f&`6 zeA#?hk|OmQS*^LJa=uWicG$9!S+@R(uhg4t|F5xOrUIc)5Who?%hKwICuvMS{HV0f z4Eg<8=VD^0R&S3~iKxXU$M~XzWstHQdk!4sM-rD$FWth{ot&EA@u{$>nYp2k?BZ}8 z;-M%U5%YB-!)HDGc&swwgG8;;3fiSsMC$*n8riK9JiOI4ERgw8v~t#{YKkW)LbU)7 zpME+upUl+IaCN7qBVwg3){DFV>tTH0mo?q9j5Ju}w3~f)!52d||XK~yzWu^;d=*L4=b?&^M8}tH6deQ$m3db-qpUh{ zsxHo#VUbu$tm<^0FJ>2yP9@({byJb;ne11M#i@r6TtYM?w28>~Op@7?bz0)b7EziZ zQA|{%0I9??L^_99A>$J5usNsFDuUxwBhHytA?ypphn093^FTAkw6DLspjM2@RGs5K zZDh`2+O$d`AD0BG*WoT(S}-=b^(eop=bOWJ`KP(o!73#%^WBYOo8#8UucHf_#n1w`x~-vSJ4jxp zu9F{@qj=$w6eMIvpepHee@q$I8<*V*v(-kCVZ+#Vw(6k$9&C02dmgc(6FwMkft}FI zKJ#enu*T?6cdfV8uPkm^F(u&MJ(c)CdY<%)Au3WYsY(s563W5?{#iw5+XKFXKnFe! zVG4JafrJ_RH(I=i-)2^NKwK}jXZ8vtnVZz=y?=`)UxHtj-Du42NGwTAzUS-Sm&BbQ|P$-b+ z9x1SYM4a#RX#WGor~@O;06gKQsP*S!@|{L)U_#y>-QIuD@=Gxn0I>WhhyoRae}SC; zRS8fL61XxAs4D+}oc~n`5L)<8S@{-n{#RijwD7vFeA^y=4KV#^@@D_h%;IXtM(vmH{dN*z*l4^fwhi9btc{ zEC1-wW(Vrf{_AM2*X3tz_!e>oYO=m*ECZlq+II@PzjbKeK+b;=zEf%awL|+Bat3O$ z{{NPNJn<*w{1@T7mVrF*C**wNKEKA{pFlOh4*y)RTgdq@!gnnLRm1@s2b2?lAZGy9 z`0G%9g`5Fg0>IJy2gvykN`A=*cY3yO+Zq8G;RodWuS)KC;y*JY`~f-ts}dj|{FxDc zK+gXv41^Y5X9V_}Bzm0@Zn~1Me*@qv*AD=&3=msPfJ*-z$QdAhyR!c&BLIy2*oq%W z6Epp7kMq?70IItQXZ9P|?)QuU+?xFpX}XdGz{7-B4}dlJ|0;m;;vX`?k3MmBpgwW- zzl{dSN3XEL8^{@`W%&QbB|!f_(QyMg|3&z>=(wHmPvKk0`L^vHa3br+`|)mE-Y(KV z!Z(ofUxe>k2J*n4kn?R*`@dTT^1z>v^IwGTTK*j({3m|Yfg$Ic-gLlNZX)7W$oXpi zKp7F>M8Iv*e~<>s1y{mA84>u!4h%U1>G-h^zv{T-g8xkA2ju*(I)HrdXC}CXoc~o8 z2r=ZliW)%6^>v%{)gxfZu73l31zbP;6O~LiSn%~L?jQK~R{YkV{zD?THF7He6veka z&R2iG9v=X5zFKd<^KWNQuKoqc4S`kMq_3;L|4d(hR{`XVcM`#s2Ef)`FTl^QjK8Y_ za?Kma`AY02gZ*nv0M!4C#_M4GtL&YS0JL)dl)Z+WuVeum_vo=H#z6^ z;jE!AGCQo6qhq}0)qZ{lJw0D9*R;q-jCpOfrfApuFYN2jPFu|F-n_av`1aPkx+91# zfpQ1voJ#J1nadFs@)}qy-)IUobAQ~x{JoVOot8sBExWUHr!fu(O3rF~F69=9&wF<}8z1N>;ZMb^E%5Dn|n+DkSl#5O9m4s0oHfd$a_Bt?CW zXV^oXe5x%;*@VQhZZJs@$sM@R-%HO#pcF|mB|sjnTNpzLkUYba)eUmne*+tM;A2~= z=2znP>H^tmf)m0{M;{YqYqWbn$kU}^atS&`c1O%5p1cvUZ|B_{sl@JjYcRVZI5^f( zQIUfcE1P!}pSYho@9Pi2tq|s(s7Hrk=JY7!h<$;M#G`#_EEc%uDymcujFBaEG_%P- zwB=Un310P?t`$MC$ zo<&Fr441VV_tom;!!&ACK&qLQePNa==_^Geh4FVIiFS_mji?yI6-x=XR5Ym)4;YXv zA6}PrCy1&@NiOqOBG%JlF&Pb&jq8Gu1~FBj(#Lvd5z;!qdOvj2rSzV@E#Y(i4Pm31 zz_JvLu5;Ni2^`@;ljVBfaSUG-Oks?#e&Z*Q#0H_?6-nVup6_atZT67$wiRtX0(t5- zCv&d^qX43n4NTcg;|qN(NMEpWd}=LXS9kUI?0oH!Bc!Z+;VfOQ#Da7ss*Rjt+xq(T z0r=yb`tO%(IS8`!J2fL+c5_#b)OR_ksS)?~aA_hD=btOHEul@Mh+>g5n#Of0>9QaC%zNV_(4K2_}N^+ppWQe;B2Nz{$$eNfe^ zwYa|6;S9l(C@;IWe%G-2O(V8*FQXd7Bg%I>ZOXgK&aFC+`$bc0A@?2 z)K{?%ACiLp!gF?>$e93|xKkP|?uFyrc-OF#R){uhM&-u9dWWqj+QZrS`|t|ThxvUj zF5vH!kOb@(lB2kSazjNxPXzox5TUx*Xxx}goayA`7F{8Y-_@=mAoW$L3cm|UDnXHN zhH!(0K}d1gU_o=DSh3W~yRYSDGxaTuDaaBPrU!$pZkb-VY&{y=#_lC8?v`zx5Gpe$Pl1M^8E7VNt@|x|fdEtLoU&JmuW7w&aLmXQH$2E0546CMPK`mz9fXp`(hoI&{?p?J~A`XUBp5P8DO9 zdQ?)IgVtaAF(xBK)*F=yUC>N1lrwg|P|~+*aEc0hS%C@Ue!l5cDvF$<)l*pF!%c4L z3&JblWyB&maB^r|t26pO?R!KD7`rPl6D3+p$fGh>5zEDTMy8W}vEc)_; zLVHC2w%%9TQm5*kx*Uvxf_zJhIY!8>FxPT}B6?)%99A7qH^uqDYtHwOopv|chG3lB zS+m*MeJG3Sra<;lqQ-?<$oEh+%9)CaTy3^r3-OO>b&|YEKp@Ua`OsH2={OB9GX2O3 z$v5T5-8J5zlk}YX8MqsKfFvzkbpOQJ(<<6F6WSQ8uj0?dHvi?tlOO?mihIpmi2dkv z7!4usaA|8a4Q(g2Qi!q(@X&~`5B0?qJ5F@W1g}s{cg$>uRy%PGU`Cx=#q+b98rgE{B-HoP&GAQ;oOZtD9WC+ z*ol&MvD$GSC-;HT1i}|`I>S!%0(w{_b(Nkl+DZubkICRK}O zcif+ZOW@@5W7Lceck?%+mRPocCSfq_?1b1v`Z0!y73NiMzoa)bvU(uW#!5Yuj@6+U zM&?~x(yWo$M};&aND3aIrQv3(Qd{%!GGW=*IiaYR*QvLFg&p*(es3)9tM5s*-^NFr zZRIV9zA#J}kHQTqHG6s4J$O_#SF85fjR{YkD%09(9$~hPpgzpPyOA> z-W8OORK;%b3~#3yK2RDTCVrnv=s5sO>Zw(&^f`5{9L>~uvRnZYnRj&9D&Xnt3>*{z zj&6hTs`T6OdWoeB`M`CIs&w4^kDTjfv0#>qj?*$<)2vXk9)@V!fOdi-*}sptBq#8q zSP^<~)q@@(hsIlCY{Ts8&dNxjB!%{f#@66t$+OHU-L>sgW6qVzgF0FxWet?&Q@~msL zkX2}KI?OM}(#JLQ%@@a_kB5~)*cpnPb(J(_8Fm&Z(&68eT{Y18%eYpQOay4$$oYc3 zldaoTw5kw0P=_rP>4~Wz7PXKTKO2 zn`3EO3At!s^kHiTM+deAmeSg*Qm1M?#EmziUqXQ1Eqr6ss(L~E!KmTe|0uf(s4ADP zO}7XlDcvP-=u)~lLHQ5oz`e(d-uwOETCO$s zrK-f1j&k^4?Zc9RkKD z4N!auc-bdjTa&w#t)4Asxnda-*#EJf$4$(%==%v1Y<^YT9Al=&}QZecF zdzf#|g};=0RJlK$bw$do-}{W=yYLqA140_X9ixEB@tr)w2iCfamg4no4|mewJtzBu z>BY!rlO-OUB_dNLWp0ix?ZCS`UKdGMnY`wbrZsg-hqFa?o zecWa?k#SEdyf)Y`Ot)!Xr{A68x;L=smV6#oYCPIU?SellPdeMn87-Q|W6B$tBFV=v zA(MqsHT}Wied?$%X2U!=wkR3e zB20ISpa#VZRc|C#{PKfk0{+hBIh&ssj7eK(5o;I8Wr=f~QKV0X)Qd?4sRLqW+_#x< z_u3pik@fM=v(rrA;)SVMjeD~u1ow|O-yO&fJ*4f$j38u8ZR~J&9#>Ia2}krCBZGQM z;1u52jeD^D5@`#K%+1$*^bMg)VfE-*8iQP{IS;XEMsHWL0oGmVxnyiz-X?KgGiAV&aiI)F=qKFDOZr?-s?MIjoGR(~mdO>c>?EIZ+4ZTSW3RhWeRkX*YjBU@CZ4dvZg-tyFIk4lZ5LBA(B({>34-NL%q|cnsmiB zNen6|8q&_$`5#hK$(Xw}qa@*dN$-~q$wZ8Oh5h_GD?X_Iq7`Nj$$8C} zhM*&#t~Flf>|^c#seK|twS_OmQDzJ(n(Zyae)2#R+ZOwpDCXyBS~E>+d*;iHVw6du zh6i5ssA49-E*{kS-7jw)>@*K~={m!p%wk#>yiKt*_{!q#-a-WV&pCob>CJCX80YnF zi2%M<^XUt2n#alB8G&Cg@-;#E#0B)fW9lAjnKbdC~u%wp*>@o;o1*Pu1=;kp>a!C$~f7Yn=#JvCrk&s z8}D63i58*0H@ClXu$N6BO=(19OQ&nRd;C$Z*{>(a)5y2UavAST4Ccc8z4A$D4R^8d z_#=8_^_M}s@LD|4e7GMBpl2vfvV}zpOx5ho^%)6o*9yJlZ|)#@Ae7R}Nsk2xbk0?` zZtXRjrshQ?FYpij_+B3k0H9ZmjqS}qHc$T4lS-S{=3r^yky7$bZvy56)N*^z$MNWw z8YCg6HgWk=!DN=PW!t$L$iS7yq{VUaPSmG_lW$D~rph6Ezbu3b=VC)PLr&5s{%bd9HWmVXoNVO=Ez?UXdPCd)@==SOoe#Yn4_Mgv!A{ml&na}*O zC-$YC@d;6h8%PtMmjxq-Hg!M2_BJBrkjj-+k@hte@`JvxbvIeLFzR_E5Q@b ztYT}9$QB%|uzAPDfj`{Yqi4W8JAOpjcm?`Ud&m7Fac)Bz(sWAmjy+p`y6tRz(UimV z0o&F}hS28oDQ#99swZ+a#T>xW57xIF4369be0;iR-J@$dac`fz7J)iq|AgZf$-FTw zf;oXN`~~V;o(s=s6^r~nF7-QemQITgpn;d9|e9jx&*I8m7Z_= z{&Gdb_GH1E({S&5ehc!;r7vq9wUkx~2x^5$THEEf1r zcnbpZ24~@b5A%M1n9T}#5DG%8A?g5MLEgX9^2>qrjg)Ulfa@yD`oEPx9D+igj6*`+ z|E=VoXY&wQ*8eRGaW;Q>uFVQM1O}aJgOi#spMlPkfemo(D;VIq()^EeZIJlY3F-fI zt_?DBB>-_KeU%~&GzmJLzBCE!2dI7HTpKd88&U=6F!{3Api}98RRJ2eNML<*r|8HT4=y(|sz*oqF*1^>c^}uH!eCP6ye=SdTwkys5hzO83#Q#qb z0rFOOh~*5*7*+zB{5wS&XdVpQ{0ezrb?AFfY z2buzT`M;}z@X;&C`+DMjb;;kYOOXD*7xg9N{YT*&s{=IPzl1@M_toV559{*R{BBT| z^&f?ASpG+THyCESN@)KDX8zrn|B>Gf#@YTLeADtjAxemd0K~#r0hjLz=&aytA);aKXQaas_$+ zw+;y3`zsRM7{edzL&U_(KyY;*_~nKOP9p|B17}`eHvZZf|C-x>1Okxw)qMU>fdDeg z8zK;Z$9!oLV(DGo`~A;A0GZhhsp2|({hb;O93DvBjjxMea=mYU8eFBB1A7DUmGLK4 z5UzO*c|&Fn|J#?r&5Pl$=ln(txv?Zbnc#ng0q|P9N}2!9wfJjxH+U)jLH4Fy2p%*N zP$@{v*nxo!aL`vq=^}m9{BXRk@Nh$Q^G6}BbqwvY{K)AlS zt#ARK=8wAkJc*N*4QE?j<6ocoC$8LT=520wd*`!MwsvCsf&SvhkYVD=T((PtuTOPt zkrZ-5A@=SM=dU|of|SYylHn>Ic#zD*t}*Ycwu_8d1OF zaFLrW&(9!sVf!D!H9s614AjeXT*Zkw=kDGLW?yphDT*_~G#^BvH!abWpnFeiGHXQ1 z!y79zLok+cC3Udek&2F8d7yX| zzkCug@HuakbbXvq#UZE)=RIyJCmsDr#B3}JHZ>{&CJ_5x{Zj|N!eOiOobpaTvI^mV zy%Nd~WpwQYJa@a`1SjLC&0DPt0cjI*v7w6FZe;L$TyQ$7H0JGuShn9`bBK5Qv^k;U zjDHI6Py=S(MsHV=)R?+pW%~7YD{jb>-ktQV8KmO!i_vnOe;*a5J#*aoO$r|KJBjl?D6<(S|cy}Z{(8*Gm&IyAn zH;$h(3!R2Stuk@Yx=EJhI7Ym&P=!x;W+0W~W7BDmiF&pjs=k8>Q~!M`b`~|RLHiUt z)T)B1RLZdd{pBRS6Qi2tZ9Z1!mrQrc?#XQ4@*8OPSeJ?8B9PTS|qh1 z={pk`*L(Y88BB_u=p0YwG`FP+0$~cx7WAf3&BV}N*!FC~C|^i1hJy6GgI-RzdU14- z^5!Z_#+c~5-xE@QN%q=ljyH6eEOP-lM^ev4mJ%`gSSFrJN=jG~bt|HYkT!==wjLvy z#*r=&I?lxGvFM<(R${1|?7$UT7wm~*P(%yOe0v}0{LyY2gDX2iP6w*iMBJnW_WZSE z!B=fmkylR&E6Ax*T1?^IKgX(xvX$*6Mtp~;MIs)UJV$${NHSnAnMMLuMNnRejsSvQ&jSxKKvezzS}pqv7eVP&Q)-*{s=*TV#rAkinCgW!#FVIGhJWnfoWM zwR?J-${QC-d+fo5+VE~s@IA^L>DQ3@ir4WVywQ)=I-)ccuPbh^oO}2Yj|{76?6UC7 zbH_ltRa-%ke3ch5)U_@w(dp3 z!9BlC?J7%@!edP(`a-B2ha#DcDJ;Pb8BgD8x$bQPB?6y$%tLoJqFF+t_f^tW6)=dw zKP4ZeXed^`GDm=wS>}I9mXVgni+qnO$1g>;=Ow=u5(@SM;m+jU3qoN`N*4cQ2V7%` z$0eDO#IZ@~`L^%gQj{pqGCs5AsUv>sDiJev5AKUS|D0mG-=~FGn)JQ=$e1+FI_=s? zf>g9(`PEbbEa5K)V^V@cJX{VbZg9OOm^A15W>Ywtg31ZY@l!ji-lq0SAItsW^OkRa zwKBBaJ5a(vI|~R{?5X9YnnrGUpJm?@z(qdwz*n9z(we}D;#dGSF5}U?;B@oP!4~YX zNgsdiITmODxE=*z@X0H8Mn7^eoR0^vWRd3MY?rWHU zl@;qBn2v*j9vkA>JGw;CrXTvgeiGi|V0)?ADtTXH0{MR)?_hNP)Qh(uJnsrdG zvUU-)G)iaz{ez(_aCcL?AK)PJu~f^5AhI#YUbDVJUs-4_Rk7- zdh<-t#5!I-4vNh1qTfYl@^?%sM3M91V$6Br}5U&{ABMiW{sgcA?dJX)&s+O{LyWH`u(uXC&g&55elOm>l^jv-69R# zdiH%95ex1Vrh1$-b1TigVamoJXqoS@?YTJL)p-qQ*D6deG}IaT6r~qsDvgC6K!^cf z+_I~hXNfXySbq8ptyxsd?%3m)7_;t-I@}{*wdM?fdO>#Kks$DPH?W*eQ~;gasSM^;Qs(i?rMO zcJv>!LUwWH>_o&na6`oQm?}@Ttet+|J*+n4c`*3^Ze}tDdvCJ;BQ8ndgRXR&3htU{b`4)1=d!j6(rb00HAhIkVNUh&@0t?mWvI|EhU=TM`}ZSBkNan4MdCK1Hz`f#&# zl6gN9I-7qvz6oFRe%OfE=i74L47&S^>90Pg1xM@|7eCG^)f=c1wdbl5i05?X1D;ve35+J&7mZ&9c;p)=^QUgDqYduaZxF%_=LuB6#9 zbzosXH?z$|ny~~aQe+CQ&Vh$reIlkBFGRRvr<7`TV(}A<&9(`cUF{OGyQQQn6Zephzq(?7VqyYO@8aEGNc1+&;5MJ>PmbB3?g_=DZaBiMGR zI_Q=sIj{8=s+nA<;TfXdk;A6W-1<3if3K2U;ETU#(Q`@+*0pJe%I&v}J^6g^n2fSl z2t+S-Lksvbu*hQ#=*G2?5*6(qdSTNKqjv5hFvcgcy%4K*K9B!A3&)nABZYvK^-X(o zg(JBh53P-Hv^SXUTmCyEk;3O*w7!Vi`q(oprRf~EIl0iZxKpQ(U9GvB*4->^Zz-{l zj-u9@)JU!`@h!IbM@?wCn->xd3#@i|igU*B=ty+B2_0!s?sJ_~;fH^n9F?s&U9sWZ z((!i5Oqg%#k6yDUF7In}>zfvuNwg;@sBt&e9oFTr)!KM{RE6}ZrDgWssMftNktY7; zB5N@pot!42cO(a2Fg9E$Y^r+KWIk*vK1|Bz+94jdRKr@RW3!MC%A72hbSyKNRm#rY z=9D2YjixS+dVfrWYRF)rdw~B&&cY_(-Z6tr2XR0?ys>`ChzsCbho{c=bf+)MH1li+7VRlm% zI(qE|lj0nYvrE0o2=l41GGesh6RarX1ayw(dzhXz7v6GUxX)s8K~Mi}Xm{(48bi7J z@Y{jbbHnhabv>_(^R>e*5@dhxz$_aLMkLvA*YfU*J9-=gk5(lQ2FuLb0oKQzu8+RI zRvIr&n(DG&gaQCgIJH?8kvL5sVCC`jw=Bdf(V0lAj*r*+$pmc4D1Ca$yfEwB)Q0Sb zg#2TWdkTpQ5mnp!;rUOx`-`hE3GxNah|c*`NbIlayjE3*&B%%1}_~U)=BEQ4Dvc{ZGl6Q!m{!JhMX_rjIHZNTq({LL4zI@*HpP&8{rKS5tHSB}NDK9?&C`^t+~?1fF^-7`~Ar$H_spS#@cd{_}N z15aut>Y_kD9zy5%Y}>JM@%_>|0T&F%z4GG|LB?p#O`#{0lp)?sA73va?RVpJ`|SiX z3V*Zkn`R(>8#@|xcXe~zRJNy6T9?V)=R1MnQl2bc*tF*h$DTs7zNvLNt2GMK>I*o) zyN9oz_A+i3^uzTvnX$O>RzKqT+EZ`LnLo@J{MA_Qekg-Z6(?Xi4{OM@=sD8S(32Py zZqJ|(`?7Bd(D%62i+P`$pzK!e-k0pbNe@+vmqRwXZ&)0OSLL;WVZ_zCc8oz(dvUhv z!^}VbbI;?8o#)pibYii(rIaCWcOMGvv&zsuS@YLh1P=(B75M|nGI}3Wkt?VnPb@S= zIStN)kczqS(hVC(tCc%z*zndpj#|5yiWIW9nqZ!q|NfSmU*uV{W*(AG;CRmu$*7rU zie1rZw+rCfG%S3lxxY3PWHqHGLi0WkAnC6T{QB^v(=LHoK}2kml8cc!Y&v8^gx{yD32 zQE8&ItP!W*`Oz~j{nYvPmo6tHOn8>%<)69PQ+-0#NwRtTEgRSn9+L5Xa|tO%J!nLD z4Cg<;9PAzR!wY5Lw)NrM_f%e-H+bJqdt1&vv>YQBdaPVHO_Ak%OPC3a2xi#u9-{=U%l1+sU*bXR_ z*j?otieEoTK4Hy3{+9RRj=jNPClZC3uhy%#i3rF) z)wZCS4zyf;H62WaGg0kaIo})ns&3Wv_}dGyai`ITtA70FOg`NPs>xx?RcmW6GG9P{ zLc*i^j$P(UBUOq5YkaUNwCTi98&A7YQnkA44)ZLZo`#l7-f

    VID^Gi!NO=ur$=J$clgW=W`5G5yxaNB-_i|BIzJEGa`s z5f&TG?dLw7uirX^wfhg2JH2-b4zPK(H~!T35QW-fUFsps^TZww&c4CRgs>qgVoBSt z3E^S!w3jp5*lvy5IqH*&=akymG1_}{K$t|ac&g1_@ot$igU};fp;~jwCeidXs?X=T zaOlq!Vb=!%F|FzOCbpQujtG0^3*0QNK|SqbL%b8*U&2Qw$s%CMo@`g3;h~U=8{~^! z`eMf$_1~W1WNXTBYK1kK6APcB#m`ALGIM7_Law)4F!DL%b_*|i(Knsxc@ zqm)LfnN?A?9$)9z&tD%6jVI4cJHO>VvZ3MNXl2IkXG$v^?Z4Q#*xsnx+Soojak96+ z*gh>zmQjq4*WfzdwP*>kRVWOT?SL-*-~tV>ExKFj{`J{R#|zoHR0fIj!q^~fTL6cj zJ@xYw_b#$V(!uAgY}q)*$C2WG+wSrkD4e-ej)#xV9JZ@=1T-R}Jw&`sUljLDVG%jz zGtBn;+TYbZdfH**%{B1-gI7nPloQtLDo+~a2l_a&vJF+Ae{@tRm2q!6E>vRM&88GX z$M-X%u0|J~_r?Q(r|r{wYDQ(0pDnf<>>lgBtbd*Npuh82GBbp%D=1b~d%FqC1SfK` z`77=6SL*LA-x}yhkqy)X(4M|MK6NN5@;@v$bFz_R&?NO0>3|}xk}}Y&RHILf0G_$^ zNJ5#3(azyOD0_NT$2sWdfEW|98F%=&{a&>peO1Ce{kQhGTQ~|jjaF)W(puT`8`}eL z)t{{FBjUf2)Uv!GYS zNFj_~Oc@Yd1@kaX2Y}Osd1^;gzfl*4ffXby>mr$-IQTeGtp{(YS5s{32ff64UYUSY ztl(_;2`_djnvB3<&nrG%X(dA2uc=f4;{ifd3zIuVC}podGqlf#3 zz2H6b4z}6ZLy`1>8R10ot^(#KoJ6$Qsiynr-#_Cwzsypbd&m&!gpoJ?CZMg**GT7a zigNT_Jgj@YWW>HR-}JK{tw|DmYs{0?91^DMc=$njp`;(*ET<&TVzJISKRW0z@YAz7 zy9(DYR6T{eF!z^MO*I`5_iP^bG78D^c_+Y!ZoTlh<1;!rU~OxhHb$}2`(Q>2URI7SH?1p}Jg)WjbcejVBE+axX$^cCb)PR$^%1NPjX9 z9dq+|c=7yDoR?3=xa(Wz1?G|AS#%HYs#yTbAz>m**eCtLF0cDf1p^x&Y>b?!^rf)7 z=MV+dnNUAL33e345*(VQro~agq&MI9K2HsRdNddB+=EuMI~)%)r^o*+5-w)&ac0lK zkf3sSdL;S@F4lB>LKpCMwc&3Qz`Gqbo9tOppU))DW6@TPQuK+C1g^cd z>ke#LShxCNcsi_5aB{%0{NYOqp_HE^zjBhalhDYSKrVk4PO;aco*a+)x0aRZ6`y33 zt7=5`?rbfMlX^_ZuDnq`=mwID$tu4HlnflcqDw#=H?bhFLWVa`AS0!hxAvqz8iEYfbt@zn~uL*tY(xxQ0b6+VJ zH%##~V!5|pQlm4^t=b*$CM=a_S~zdg2b`T%%=;OISz45#b~@Npm@~${dhI_SX^CvW zlSRdVEezeiJ0Ygv^C>DMCLh_`yP;6q0vf|KtuChIV>Nq0SU$n>!J72sn%s1wdU$|! zo#-nnlo})@&5FI&GU_jJP7W>N)GyMCOU8N$^Cc$~x{yw=a<>M0L;Ebhq~o*%#)r_k zwr$<(k{T9O?MN=b$%I0mQx+5KhROByMaj7i>Co@_)r8oey$Frn8`UgyqImkfVh4jiIgNBwQsNCE zLfjL*J~$1V?m@~A5jC*d^w^p-NW8Qq%Jgbd~ZYeut8;p4w=|^I&bTkY{=7Y?3^s@H3w3R zYv?pz?CZC3%wvXMa1t+=t4wx8BjY#UK5QK%LE>J!_c%rTej@W+y#FWkXtU7aCnpRZ z{DSdojpFMa9H&(*xcx%puWReeE3>u6t=gR&A9qojm}sWCVkJDL+U`+Xl9=mi!=OpZ z%stb=eu4Ovo9Y&`!-1m2p4g5xG2sL+>oQxF<&^9#wkE2r{IOWfI*qMp1>}Cu61;=g z`A>TgS)9=Og+*A#pVo$%UP_YwK=8psO!|lvQ%AzL?I8E^rRDmLBkVvubmhze4uf|A zDc+lIH<7rqhpjKyI#VW>DQx%LQq=K`Y_=Wi^pcCgG!ySC_a`3|Z_UC!G=?hbJ}yDtIlw`n1} z#FFuec!HRY)eNG@ektcND++@m&se0EH*=wUuhPoDQ^2G2bN3`SP~PR8oj&ZxZHT;! zK5~nWnIXV!^F4jk2{yq*T0$^xU%T!8h(H4Efav2qgowsM&0^kW*?Ckd0cd=Z4wt2n zAFfKNY#Qpg7-6Uv(xV0{7v>#1Z;^`m-mBh4LoZN zAF4!eAxu|%dmnlfJ7f+Puau4beQ`8H4D|qP=;r0yE;g5FQA*!l@zVqC*%>@NeXY1o)#Pk8&g=%Fl+}l6RDc#Vs(_*X*rKN4NqVS z>K_Rfj!t%?$CRNQqjfwY53l5!5PNPV_8FQMbrr@0D3rtC$-UZ@gSbhHZfIgX@5B_c ztx|2sa@p6!I;?_@wb6B8&dWM}ia3p6gyzz+a z%(Qr1#4ooz6wj}i&&K_gs>r~UW%O%eEJkq=6s(XooexIHh-6DDe;u5B(5~$LuB(XW!X!7%!_B#Pmn}sEosOF4Z_|XjW1ptjIZu) zI<{r>v#!^NBD{NSqOD`A;WFDPgGS;9t0=5#l1-Xocd&7MLYKPq6>|V#RZjzT1KAg4 z!x*{?9d<=JzX5PRd?U+UjyAG-P5FNG9+!5uWfWAN`}3A?Qmy$r(Z^?XWH~sCoh~1l zl)sn&>1JUo!tT-KIh#|nlr(1X85u_$?Zg3oHh4%Yp>xBg`UVM|KQW@sBfq?1_kCzz7&)st{~^vf(ah4rd%36~eendW`w72O56C zor2{#W$XU!-q;ty?STFaQqzn>C*ZxYA+Oc*SJDQy`3)pQE}*!>=%XksaN(0AG^P7u z%#n++-rn7M@1h$s&_C1W#TixVu@n%<^={~dl%=sopK7}*EZ}8Q8}#Zd0Y=UIwFy zWsh-z4w@5Hns>OWY}uQmv_;;0XvE_%d3l={f~5Bf#5)RC$W>nERi}zbYROcLsZfFXP8!lH>AACnM7GhP6L-7%7vQ8AF6!OIm@ZMO;&cO zPkruFJvaTXe)?r!7Is`sq-)efD=KqBDWW9-fW^!hhPlf8=&=m^?lO#4N|nfil2Q(e zJeO`LH<67v;elZ8E@MAmicCKC2Scp6akjQ|atu%hPt+1WaI|lJdSOU|s@uZ;B~Ofj zPY1J?$$)bg!CxdOJF^twQWr`lD;Ymcrv2JsJbq!BzXa@*huo>*{)IU?QWdvSbOcz6F1ahbPHlh?`V zXSc?a_hqgeuPu`r?j*xu-wwNc564R^DNv^Sb)q^6{o*2i5f&F}d_O1rchn#-#CQ!B z{00@hK4=ahLwyb40zu5*QG)=GGSq)ZML9`st{VX1USK5Sx0on^_3udLUy3RuAoPd* z`UEow)4s9s6OhUFcOVn;)`9E0V184NpKU+_nO6sMf!AzYsaSy6IzX}x;96OO^@gnT zuLdFTr2mn1zzXgEp+yjY(iJp%Ek$yL2ZF^^uHIeKO8_@gDgdym!ZjETuHWCFQIMVM z82C@nD5Ss&s1+O_Q1V6}1OTBA0ssQpSNQke&TfP2dF>O@1n9r7Iu?WzgKGUp6Og#( z)v#RG0>tjQG68~F|Jeito(X1S{dF_NRj+~&(JNCRxb>e+K}0MN-UMT#5Q-N6n>WA1 zMj=I4fJiwAs=pq%pJxfM@GqDhq|^$~GZ-9&P_+1G&kz9#EDT0R|4{f>&kz9#EDWN# zTu0z9)&9GR2Y7_9BLG+!jE_PnT0mC&SI<9ToZy=ot|!5N@C*TR0zHEf(rY=QpYq9X zdmAF^ev>d+ug4A)gg;m1_X!gu$#XLi{<=WxN?bw*m<8EbuA+_|EbkAdk$`j{u4dFv z+7|$jP7tIapfJ<_autw}0>tz|gb$$d$kj7Aw87Mp-<$s_6N1EtAgu#O`!DN&D~sUF z19Sp>2GKEqmlFNC@;_Vud!D_v4wBdak=6c76(K`ehm+^#b}F80MkVkKXrUkhK3r!> z9?;b^z)M+pz$@I<1E^zus<#TWiiwdEgk%o@qzrWvyFgbrsuet7)e4{)z;){2xmF(G zey1L0pJU4<^JYY2=puHPWB_6P-($yPK7QK47Y58BN z`F}n7o902zE}+jF;tkIY@rLJyc*6rG-T*z^&`5axqLKWQ2goU?!^wTqZ`?Qi#(mRo z+&BHkebaB;;C>?kGAOT`#|_RES8qTA`)^$eF@=GPCpWlHfTeGAvbe!ISyykahmjjB zz6E>((hmYg3^!QO>+0cp&Eoz`ChVVD4zc81IlsB1hZ}rH576E<>kIe*p0B`%n_7Ur zX|9|D=kqml=$~9&75ghnxo%>d3moG>Ga$0pl|AqkMpqBl!O4Adfe|-&@c*StA@yy5 zt>U^F8Lpd=;R25g3Gh$g+yH#IZXVYS)0pdqY0P!QH0AhSrd;o5`A8^zCfE%JW08I7; zehJ-hjsZ9K+yTJ%++F?YdSC%JENQ@BEa`u$#m~tGa5Gkbo3R4?r9SjeW*{;O=u?gz zEI4;VtOqZooB&8lJSf(GSx7;CA(uMvHzCLnaNcnOuH%&r_y(xG@>`2Pt!|+DL-g~F zo(}-5=L0kW(#`?SLjYJT=<4C-Ll~?;boB<5!hdr4Yvu--hO9g28-N=qb#=q%z3xr$ zr^)X-08$1B)RmmvS8F{Fa5V>70e|H|r~-lWGO!zeYBZ!A5az-o)IMOPQa1Ue)9`CT?ODoc+PI28ZphCLq?Ps~)_m#SO0&yz2j>3CL4T zz_S71pDy4I`#HLQ_lpbi2ota{_~+Um3jgx!1M(8xKeHr(x9+h(vLvsRkO;cbFG>yU z{T?O9C*-GkHNnE9d|olXc$j$6C7+o|=-Kg) zT0Wr`w~N<&rzg@*Syd!_YbJH>p5MC58V*N0=>&l+n_;Q^Vr-&`lG20GO%y>Lppd_F zu_9s6{z;jFbFn-;8rKp$0w)5hnJV&|JzFVeoU(w(bLHOAyfR*|EdR8YqBC{bhmGCz z-HJO2%@@_D^XLU4Nb7Mdnnn$i>6O@saS<_+xPslGRw@q)ziPu;5rw$Nrz(r?e^A;o zBpkFb@pqon(1B+>5ik7mam+*Te#-q5JL}^@eAu~9(S-x#RKf`i^BJqtjFTBXugZH4 zi(Ay+)QjK}`efI!HFkb;zxA#Bc$Y^n%`2#|>pmYR4^%YYv{EM)!s7kg`drC1_(ud$ zY_^yd7EMDw>VnK_HG#RrU84h!Z)MZ=^Phgy5vuOvH;O5#kx!z`N0aQu)2!R5XQ7VRJ`J7{b%;dkK5qd@7L>dB{BOufp49c>lpz5#D|%p5sLbi(f%BC46qanv2Tw1DZj_*u(mT z$}emU3WNzLRe0zz}(lI%d4mS8kX#;x*QQW6FatM)H@9{>i{A!&ZHW23GVF+h&T0 zWPiYw!a(h674`TI zr;@!doKc@2v^E~?8MoUW-*$;vZW4{~+KTAA@^wLnE-Ygc+U$xkQ*(GO>p*7#OG-A2 ztX=|Ss#kGneOc^x4L?|ZaaTSd&6Q_xe)VCd?G@!iwJsz^tH*vr3=Uexj^@go!CnEc`R~78Qu_DD)b6A;ZAb&a%lp9FigJ_r^xGLZ@n2z z*v9sjy}o?f{=F0qO2#phmuyXgEn^;GP_cnwIvcT3JJd;^m89~ScVsu3;(%5yao+;td5(ApIld!?q~aL=nB`R=L-(w&iW zO->BMTh*4dGw(+waxwAK)IIe>SK1Qde!N-wZYMHaBpxhpxQ0i-#1K@AZ)9n_L?o#H=sQP4 zfjg!PrjwK&l95hmTmhZ_>6YyS{^G%<;Q_P5t z+M>Cu07F>&ppM;XSJlwXd7+5#*0X4`mFE+H(jtu=Rag8p4%gb$)ds)BM}>RP4fy=a zN?Y!eauiLl-fn}p!$@k-Qmc!qSh5VoOOAucE^l2fyzpNPd}hlclWvqM)V}hxHF?G` z?2cfkluk9CxG)2g{mffU=#PwSeN2MRNMhI@?=HtGUdLpuJ5f0bnvDV;BE!3CfBK=*RQidWm%066ouOlj`StW3w_U2Dyg_vd6$>pzjn7Y>RoU82pLU>Sz-S+IlVabLkG!JRnIgQTSx?~L)|S=?Od&o(}eJ@sXcvUtzE z$??^HMLAH04LK^|V&8$VdRxT}3%+a6T?H9v#YqKLeHvXK|C>kVi&>hFEWypem%oijthQS=b)U zETgLS9&e6W55E?Fv)+0wc5GDip_(D@(L|^y%;^BRPiay}}9Jf~hex?Res&{#1{TM--`c{uZyCROD7z&Djd* z0*b~d9CFtvkm*pFKH4^)tlmA`VM=0des=!p%jV7x=pqY|N%Q82gwwmB;?gxZC(7g` zs=Byd7#A-~X+^5bJ?gwJYc)seM&Mp|8V&&x030T0thG*)^jz|7%6J@1{nL$~?fs@B z1I9n+3#>Fx1|Va$*L`Q&j0+6;HXytEzSP}njl1Ivr@ z)_RJDmH^oAEceR8;$KQ}+=9w2M*h;>!vOiw=XIi(CiU(o#nhVbs@gI6g>5p5yttZxJ0$l&4vryx_8aV7(M_oA@abVT&85 zS%g|q&C=)7H>PE;3<%CDkRPcl?!RA_9zL(lpk+mgmCqYS?tve(2 zy4suq8AU5M_VF?zwu0HDlboCM?G=?GYJR&^7y8(~f!vT!9zVE_)W!+wP{jAnv1P-m z-`-NcCqyAD9LZsh$`~o;cNz!xuGEN&Nq5%Hso>Jfl>5FzL4+QUvwt;w*$%eEUDJg| zchoTCdHh-Y_Y0>2)Vrxpp@I}B=M8Z zpZRs5>}fDPdcHEq7@}kZM);1SX1YTaqw4a!4C@LAX~R9>}SNIi0cH* zPWhpyP{7@N7@RFvvxd(Pg`E}`F*9Z_46 zyQ7gR6)URR5Ioyrv@CV~f|aW|_-Bs`*0KuYC5*BndHtAppQJr}${*+M(>Crp<&H2vcU&pqbeH7Nu=7T@Nj2Z%Q^;}rw8T90aSj+!G1B_p3QM%Ub{vd zfQjtvNkV2ghIhH&4LS%Dc=4+(lViOj^b+DYkrp49L`E-%Yne~=u(q_}o3peU+-Je5 zgry#kFmXeZ_N;g(ceD}c1bvWF9h~TZ9c72}YMO!xkz%y_hgwHzvJGd_!~4cvGPE#c zrl|-$s9RKk<6caQhuyX;d`N96qf(i{U(M-dSVw6puWRv|DeHx073|zAfE`%N-v@bK?=u^)FnPRCbsM zIbPRNa8*hhRu;W4anggKVllBGLaCKzp1rCbli1fbMo?xRn1c2Bk$Cd09QeMng({oE zAVxYgKpu;ly#C?NCYu9=s z)PYL>ZZ;r@-TwLIeUnY3ki^vcOeQ((Mqf}U@Ird>pfNs`t)~kb5Jaa)=;Sg9XwEcp z>K1CJKBQtz<`RBNcDkCmQFN;oBWECuWr7d&{+a5Al|Tk!8FuJ)M?I9u`*7%rTxZ_& zyCS}BNZ&5I=bq3}j09MzkA?@#T5zM5mG4SXq`#VHOC+rx!TGA9c)L6a5sg*S=q0mn zVric&HBy(BClMC;xHJ`%ck|m5H9@8eZxBHw>7&umB5um7_$!#F1 z5Kf0V1=^@hU>nTZ!S^fIT!zi;4hLCHj@A$QyzcN0o$+aR!Rt{~!Jj-QkHm9^y2sfn z%6BWYiDbNAc#7iaq~%uP67vhHUI%&N68S1KC&DRbYxB2d7H*xIE}^SWrN?Z(6?t!ad7 zABandYq~{jj((k+KDZ!5Bh@=)=ZzG1-tvZyZC z_9Yiu_rAcpy?LulH7KqoWWnX`ia2Q^Eay5#XDQ>^tfRcn%vox@_nhT z=&$%DMU}CpY*`Y`b#^F^EPhCjYNT)@15CG8OhB32B!KPZn063=zI00g;{(E*WCRWXd z==&{Sk4D0*@sz0NP4t+XE3)o&XgcLi+DwmBt%sr98&58r8QIH_e=R%HTO=?Or;T#T zayQXRL5Z)6tfAf`rTd3`uT*q@_W`#L`oz7WoiUaS5upx}&&wiNX}h%RF`m&98FpyIVp(Cd*1FGRi?o|g^1$Yn#8Res%LpXGTxAEbC~*!_xZ}_i&Tn~Pi=44 z;daRo4BzP?SUpWVkbi`@Ugv^{lmz4)S{QZ=i~8z3hZbDk*<_VBl-Q8L^Ip%B z+#}zOp^~GBI}}t>VwrjLaM_L$Ua2gbo!r4^a`AD|%NSj3Zr)G@#F+ewBveeH7P{p{ z;tNS!%x35%3%3`Z&^db0Xvf=v1SIopKKppWn8h48FYx0WzGznW_~#}{eGoqG8W6*l z!yFIyP>#Sn`&8S)y_ojh?L3~j?2>L_a|nCrp5#mx`(DU$^xNdBPsfMfk6spAKeP8z zyWg_@V`rng3bk`~IsU!Zv-7pLxAEB3VBsBYkZZ)tlm@5I^r~VI~Aut(W zVK8#=hr+*lhCpe5L$m-3$z0{oWN=# z|DiBM_}-vU*Er2z{rGzT3sScT0zd+RP~d6s?^TBgVF(kTAqCz_!*vb6123iFx(48Z zoIzN=_#fK%H#Fu7i~>^%|3g{GAO?a_AmJiq5Fi9r$+~(68riD{5We$M@ca#o zg48|wPhb?J))5E>0?V7+FckoQv2lR-G6<>v1xW%`?w1Fn{QuO+iE}a2UYJ7Tj?^CxPFAQjn5Iz`|fe>koy0$(JBb z({(=p3xks_cJPH474m=+J4|5PO_HSx;O%?oq*nlplGIsS6^-^+vL`%7#^v8#Z>z;An z!mUYa^M1xeU(L0VA0H)zNhhS*ib|dAZL#WJSfn_8Y@akx?u#B^8}8d1V?wm|an{oe z_N1qJu}fP=P(;p$1u;|h)a~%>Nz=JbU_2o;>Q2{`!sL0*{alp;KbFaUD#kJ9Rc-}J zPSyRHQEdVLh`O@|tfiAkbY_Ni>GmsBV@Eg4%$SY) ziqUG>mP*>HQM-4^g%T5I3#&dNC7`UZUzTM4gnio<1EbXBH6G)a3P#v`LgF@|iXk?! zd<>F&MDt=3OrPD!%-5SU#i4ambpGV;-sxGke>TL*>Syo7^*?GviJ>S+D)-wv%9$JH zQHW0C2B@@61YXRu=PVCbqi2yF6ukRpqld0l1KVjZAUxsiUKQgZVUALhFoE~%n4}*r z@{(Z)@GyMWHkwMipau_TX@jaP_CrifpkOZivH7r>Vb$t5P4z6f`=c1m6_2;Z>WKe@n{V!=KrRsMh@@iDoeji*FQ3iT(J6859z#iefdgALhqR9D?6u`4y}8qlSZ zljOX$IL)=aR1`71@tH9vrmRsc@-D&8Rdt`6y|Y+^AqPYgy{j<~v#Y?-l%T@WnB-Y5UHn940(~Mf9*IzqEfl6iEhpgw*?N`lAF2h6@==)0bj_?D6yDbtS|q z*ZuW+>x3jMnSg3jvXIdUxdNjnAz|`?-470a{_=7VFa7RgUOw%)Arl<{B3vCulQpVB{ za}9O2;6CPCjl;}vu$q;1nG1^$INO;QXEM%wTFVg;I>aQ8Bl z35kKglcO)q+VW8HRF;S@>g!B*B7i5|IAtbiRIc>>3^KLWW38{<{4PEp&0!g_9gP-+ zeb?M3Uw+E|jQDUfdoB337>v)!fS9csc^aS0Oa7Hw;(7oQ%var6A}<`xqAv3pRbxc?jnCth)XX0^7BaLSDNtiqyf86Dk0tnYOPep|2dM2gJ4hZ1Qfb}rSJ-sotNcQ2u= zp_v+x+u>n`waQzP?^$GsH9h-43; zmV5;r=*q8Wq`kuE)d(;;~)&Sp7D6m zhwgspf>O+NytY<;u(kjG4$Owv>(p+9Ap(kTn{YUdFC$#ssHjjnHj&~3578FMvbQ(q z%QfU;&=UqeuVBTHH6n;Vg^uG%iw+u5rsP9nZ9cas*`Fz%Tguj@f!=-iWOmGsTrQTd zfM@m|R7>HeM4s+W36hkA2v(5V0UdufQls8OLCqxDd#nz!rQ5nsF~yx`kO=3SR6jM} znNoZE2El_uBROZkp0Zr;LdYmN2nQ8QhHBHWr0@ z5PJSZIaE|#UX#{X^v!a(Nsc*g%d^YxWz4qTZl2EVskc82-TF#4PJ}%^^G?C6DJwhl zq4bVex4$$R$Tp_Gt*Ly#Sr zsD-aN6`WgsJQgFDE4}5VTU5g(h{8b{CTlzGr4LZvq8omdeZIBt)1 zn~!e4CB$$O>KX%dRgxo?V!dPKaAA9e0qSIjP4HwNO+6;!$+9N=?!*l^y)5kNbgdtf zTgd+Opi%?QVA+_1pf%hAyZ#CVJm4S3#X*#nCty53i3h}gzB4Udq-Rn%{w-`p5|$b- zl%kDTe*uQk6NgBm-OUr*yQ{N1K|1(+5C&6AVUUUq4yq_X^FGBiT`i5s3>4*zBDjssu&?Tq?i=B%D!g!rPA9R zP3t!p(Z|%8-OLq7Qz#D}Xz)NuH|J$qLDh*w=VmDpK*u`w&Qm@pEHd*P#IDFEd14f1 zD64{!6Q|`Gq}%QEF+}}Dz&TRaPk@$OR!Ppu=#wnFwmP=(u(O9kRfM4k%Cl36-q^2) zQJ#t|=NlW7hyCe^ezmz73Rgr)-(YVb;b4L5m04B9l!0 z35j~w9{t)=V+QU`l$3AFhNKOvkK$e}VQia?qw^<(e|!hSKjnpmdS=hx(~Z?sjB&5^ z&5+3j2?Cq&cJ=J^jKnhmFF1X5D$$yfi}9=%3+mGvV9BwoeuVWfa~pd{>spgd%vI- zTSa!4D{mQ4A7q3ZnFzvb)st0hYq9yQc<0)thuX}%8hCo29WCvBw3^*#2gEO^wq-W5 z>kTM+t0PkBe%-{=v(@nIxck}UP(&=FS**9eX)4(sBNj#k@wY6yId&Xm%+YMMKNIs} zktcG>iVU%M(DmGCZ%sdu>gA&%Rc$;${#+zvmzTAOsOCLhF;vRf(b!>?vWJ^NhPrRw zQK%GT0!Z*bpsWjI;(SH^4z=7UJZlB>Xh{YxP+NmsZ8a)dV70>ki>)c6*HBzh=c368 z9sL>(U*5YH_f0t;bn1Hn_tL|5?|8ilCh!caq>oElQ#q+86E~(m*obWP4?tc-_i_3%9ixPt;e=e zD`i@zI~49FKSI^-;IgcUY;<5~eTD3PceF*(Swqd$IXWeip_3(2K$FPZSwo}AV^58E zq3@KPd{g>Bpu>-L?U5Zqy%-0J*bMHSVPv^ueH0d~OjX)qGK`3MF2#{iUXCIP_+*v* z2d0Vd_K6Z7WD!KWltGu~Gu-(^g`A>a(5Yr|jA#y?M|nA46msa++AQ?E)B$=CAwC^Tt0 zk*ueUUv2l?Z}{j=ZYLqdX^OG)^GJLQGdWiuS=|4l>?)(O+?qDhARr(}NOwp#64KqJ zG)Q-sgmibebR*r}Eu|nxNP{#e4c`L~oP$Sw&-wnaSgbX(XU{!*Hfvuq*JStY#Jowv zitjk*WvmHK%Fn34fK%_re*9`!X83J@W=BQ7j?-uJm@+c5;P4PFtzHMEIM%4+R4*!K zhJK{K;A}zavn{ZTeJl>nS)ojDj;}iO} zZ!NToA;B10Nu_o#CX}EC+a=jJnu8KoVrzC)ve6-#iSkB}B+rI5BsMbHq7NgwWVOhw z(`{>6l4*$A0Z+Zeu9E(l@Bz!&TLU0MFy{!Va45)3ocu`wC5n| z2s(ku{G|MLutz_>?!X@^Q!DU2mwYUA5NaT*eug#MTW?y$S8M;UV=hml?a4@}culyd zX+Mhkp*kx~PcHBo$D?(=f=Uq^<1%q*71 zJ}sZkP(&Q<&ST-(w`P{ux7+5HJHV;1;+9L-{Tzyy3Osw7f>t72JCBwl^CFG*N&|K= zxl>6V-Guo2Q)_u&td9y)a7B4RPt)o_g_0jk;;)_BO-R2{JBx5ROw>5#-Z}T2&R-kq zaB{*@X3{l|A^bRkF8~)ON6xgsBjSB2N)h~)MXDOgyQ?V6kw;&h6kEC$VJ#lP=5+xD zgH6$*vyF6NNSs_&j1QS7vKIp5^DT`%Hko4zPGfC0|2+Sw2X1&T^GM{3D+ABf7y?41 zk}Ss($aK0Gla{*OFJlJTni+bwtL$_w;0FY4D4t0QLepM2n(FNz!FDSV_DX$<38@T+ z@3XwrHVe)bIet+=gz&}tW$kkr*ZPW#?sdnG!9-HweOSIk7$ofWkL|GJVvqR~vqDZ< zjrF1Vax|JuPhfW;l`ias!V0VLUrj3#Mo8J!x#CE`^Py=uFIsoMM8LDOU5>2GX-9W{ z^>}D&XhF!n#h!)Ot*v(ObNw!3QKI~52O*?3;nNH%cGO2K8?5wf!i5h0Bh9P44vP2; zkDHiuUYkw!jWEPw5DM|p5|6j&gqyh*@#%2Ywk-PkP&)Lz7O7=hTv7oh-?}P)_~2VnOY|<3pQc3 zjR5PM_X+x~Wjvk4R5Eq_{1=JW?h~!FEJN{3EOpLkCEW&aYbjrKjdDP#4Fz8u`SLR? zTWE>Je;~UY31u@Sm_*Pm8R4?@CUh0|zt_GIzUH~QaKcEc>D6knh8PIhj}9M| zm*d}g^?3dm^D;W5@9Lxgs@lzAx&3t0eCr~cMgLOY;q#kvi=Bfyh;mFpmJ&^ECH8PO zRBQJawcNRwG4yL!R|iArbjRY8QSF6QVy@IXj}SNPHcUS)&$Z~pm+B^=K3UkAlI3z9 zFnrI18EZNCqq@kp?j=(>9kO+N8h&=z1qC}YTVuh)Zd6294_=N=82@A@Y?bx1G8*Z; z;4hRUj~8YKJkD*-*4sNja&srE5z}Z}(a?iAK5|Nn@^);m{N#!C1N=>ij`3!A7US>_ zX~T)~BAx;f=JLWGCHXA0aVxQkc2DWd8dGfO*%yx#Ye*t(eKm-znL~6JL%Q^=pPQJ; zkwxGP%;>^?@2uj4<73;gNk@LBX6^l&++y~7ckSbleFJ?THYy(mG4*H6?wWapiz^8a zlKI9R2a}$~TlmZ+VR)B){~;Nwjzd$fX8|Mitq!zYg6)roSzZCM$;-+{; zji-2oU6*64g;50)h#`|UizD%H)HNyv7e?g3o!^q1M)TDO%Phxqdodf!pd2+>K?)md zs9<+!u><(ak^v!a!&ZiAGp~Wb3M$8yRu#Qv&T=397umBIZV1&sN+=m~H#Qg?w&?Nf z0?o6n*6~l?zNuYtk5eZ)+ukoieMBxWBTo7ZHXcqHr@u_!({d2pZ^EU=V)Df`ko+3M>R)2quA}FvSSOs-x7S=`RhimsN(j$vUfE7R5$e*pg^`l9T;xY{Z zNC`a#sCoyzrF8k*Iux0pY&I+e2}lAIGNbREy5lN+lc8ZtXHg?2l!QBA@M^F1pY_s` zER}*B41{uNpGGRgim3O}JsfrhH87Fkf$mDA<&?5w#z0TRo#}XBm)_nU3gc%Y>yj0u zwRP#*Z3%^~h?h5rx8p_WS#{F# z+NX0ik8CrgzUv-Y(emI4;m#@DOUURsDm1x`%My%8X`G(IMO|1mtEA0WE5*zu3bIPv z3fUlmGGc%_vP?YYiZ(FaMLD0VSeCQ?BmJEpIOXrv)vj`!3P_dM9^#C8v|K84x>=vC zr#oGqZfe9T>7Vs~E7&;czqs6-@eQ0SsQ#d#wsSObb@?57Kw_d2?3w7np#7i+Mw?Y2 z*Xgp<6{;qP7}r|v?{Ie@V)|!5;1){;kU^}ZHjh!nWUedBLvPFU_*!CC%p1qUn-q@DOjzaG%MUsc@o zm$Lx-%Ws_dM-}&h^qX3M`%Eb;cg^c8z~=S;t?K8hkej(6w~qTcxG|0Mj&%J<2L0L2S8NaAhy{QJr`U-+** z0}EgNB>d~j{~Ls)2YL|LLH@HTzsE>#&fcvtzX3IY?ZLMl>HkUJJ;3}Q=RxM{V|;V1SQAd$j-MfWeX+p;sJ-)Q;i z7P%o|_(=)SoST}R+w!x2S8^{PZ%T%)FN@ofyMGt{XPN}$iN7Kf&}q&BB=5nyzR`fn z@ECt}(M|jUT=eti?xoGY?7D5nzvr0W%iask>pKj{Z*pDS!g9xO!g9xO!g9xO!UAMC z`N_P0TxR#li~ezV4Xt1Q=H&iFQUve}AQN62!FYFKZ+Jw2_vbBL#xE!KCnlnMD(+4y z<8?L4zo@uJ7;^1OKuW!_;^y)OxQFp3MuC?YkhJ4hEAFM$n}1jUJGuVQz>*=BJ5Csu zzd2z5uD&txS5?>l&HQ!rft6dgzW?{rd!zqvVPG}~ez;$Re>uI3_o5Y0djm{5z|a4S z@IU#xfKK{*W#E1I2jO2=z88>Uc);rr7=Zs_;h)NlfNAy*vcInTQ>MJB54t@8|Gw@| z95+A~!avFWvhK~XzjfAcZcU)`fQ&Ie8}j>0_$GDySsgG6{vYb@Md1G^ECQ6^-7hTK zR5CWlu12~j)+qJRv}f5<+q(d{rZd31rZb=!ek7?WT>P=l;=S6*lcIxf&zHjZtZ+vw zGtkY3AN^3w=6YHs@6T-W4Wx&vs^rlFoa&v~=*s+;XwMOgB3_Sw44+2vOM z_Tl>S8Ozm_{pu>36pp>n6^AzVH#oH9@9Fi9j)$u>bu%NK%uRYTgBqcd)hevH)9UR7 zTMr$oFIdheOy_KqyysG%e>OF5k^ch1&08zu044Yt`s~v3u<$CJj?M&}g^SxLdn{vI za#@HHr3jUt(`tLYDB8y3=mb1x^eDB;jdf~QMr5q@k$%(krFWqh>GgT)C4*hfU|&gZ#>j4A(=_Gb`yCGwwC-QpmNDWHPG9Dl7vc6KjRP-OE%!t zf=q-EEh49q@VqBz$wUH?Baj+$_Sr)Z>hIzYUh4KjbMhwZ`mi^>iyEaE0e=^>Aua!X zQ@2aS{cXh3E7$2Miy9Djm3;iXK$iTH@i&roUw9vbkc1QT`;2J%ea<42r^|E+Y~)wv zqszPmf5gQ|vb;o=%NZYLeK>&E`vjvZy~GqH^@C;c4ShGQClS?YG5%;bmff z0m!dZAClpv$zR0~9~H||KPbz|S>R(F&Jx2UsJ2S^sF@!w(j3N28)Zt-QV%XYg;!Aa zfiu%hwu`y{asKnfUY)(Dm#S9q`Om(Q5PTuqB6!m~7Dbz-rl4LiVC0dZ74QzC%pjIR zYnIcUu@PJ+ga)P|1LZt`P&i95dI9}~1?J2o=%E-w#<2$Wi;WFm{^?3ov|%>i3tk*tYp$0Gs>|k zqq9HCyYd4pKeU^(V{yhHt+r!gX8Iq@sq?)i6h61=gFYSYoL5}bd$>TiG#4ov=w~o| zv7%<2C8x;jm1QbgE;{1A=UfU~&|A2bV`9TgbtD&oll;m_pBr@;=Fo}zd&bvo!s$HC z^Q*x_2E**6C`p4V+9q;*VFjfG)CUx=o;<0s_^9ranD?sT*@Y3jjj2wk>5?nv+J-U82YASpabW3{;BX!0 zA$$WK>eXU%C}Jk(UG@bSq&x_Qt#{-*@+Ii|~^ zVHX^(hb^BaCI}`0R0f57FPE=t42U1mnIaz@AMh8Vo32drnv?~blB9sfEn`w2j%cOf zRYe~6=-M1mG-k$u6Ve}|3)hQua^jU6^Ph5){K*@AFT4d5D=Xc;WiWcg! zJ%27@JM=AkKS{NiHS(QrhvKKUAC$;XJ>QyiIB5eax%@a0OmQQ>l`JMms^+TNzF1CB zW)YJ0N=O!o!*A+s8f9n{%}oQ=lo)LM3L*#Awy@#dc$fW%1?;azz=qu zR9+LG;d&5iEEthwDDm+!rJs=vfLB5T8i>qs-QUD*Dekt#*OzQNNV6Bi>Ri5N8fg(Q zV8<&){T?7)*&DN$8N};@rG_A_L`x~EEmB8NGV$0G11TOZ+q?`*ph)c@N6&ztc;fO< zw`G%LGGc9rr1oh^u1jKFZeqD8T_2(ST$gl@8&8 zv6^d6Zrhj4t2tLfCGvp3bc5+v??i^yaF@w;nEK<>Fw=SnBJ?t7#tI=lD$J(7^Z*N|OH9Wl);(^+poGTFl)K0j<+ z`g~hNFyZoQ>#W-CP3_s(bU!vcXdO0qM@3H*RA&V(EHnhz0~CxEw-YYSZPsTJsH(&A zd$pBz+^{Q`EbMP8c$Ak%isJ#y2&w7&#JoN4gWy@8@+Ea9CDK&zG+z!s!a zEKX|12vC^PZATSZ4#IgfiZx!fowEKV_gw#DO;2pWz!EBIYGmU8|2wrQ7QzwtA_Dsu zsZRuee)gq?CNk>5)l{dN@l?&Apvr=xF3EBZVKbdLqINu(UEk39ce*=m1+28Qsy^K{ z$6@%gFWkmx`4trp5HY~!%e-Ea2%BMo9Du_#Yw!@rXr1t;AZ+f3i9{n0C-H9L`DD4o zg}Q8GDxI9idn}1ifFGVYam?zr?TZ@l4kky_m+ftj$BbOSnTiC$TXYjPLpcqQtt70j(Dl&H|&Pw=y3 z=cyPs9OBeHy0Xr@S4Nl!;a`3RjK_3+Rk-^+w_T!UH6mFYI|_xU8)vnSUQwGXYx}v^ zv+Cz6JgLv$rpfT+^T^{S_|)xPv>)3__76hs(Qm)^83B9kJ}oC?$o=dIkt%{74$L!m zlCKC_9;{w47E}z)elYvABs$MOoI>T|W$EHRYHL%0b!JAuT9u_!sD9+h$DfB0Vx_is z91tr{D(sE-(E+_=8@3MVgaf5goGrs9J+bpB>?pV5^VKKEL}w`7JQt`5?oo48L&Qc` zbic4;H$>cVd}qy&Z6@4qC>M0xGHhud95ItT76O7t`S~?0R!fr1%`>1qS=C;jg$G7V zse`{%(Dh>-tjUe<&J(LDfnWpvo1oqIi&ISKeOT=?*hvR)B3$305%&k844f{p%96?KS$*9p zw$k~Ax`WK7j2^<8AO=2*L_4H8zFcxp7T&Qk``^;)4m=)Go{I_pf}pF zl|LAxwt5GNko@r1q-K}3V3gC1tH!f?8FR`(m09VP+lLmBlV#PMl(MWU+k#c`d2)zZ z#z*WmLG`!a!l~%E3fBLSNn;}GW+oo|G(gy)8u^Xgzt%`?u(ncMo3XOeiEu3+M6A2Q zL52c(5Z7QG?et-eSNPyp%wC?R)Z$c@uEtLasx_%xa2L#Z!%g~rc&#PT9VQZJ4`1_7 zgRAh%oua&q#_o?X6!jYq{ZaJEu48<9-@9OgT_nk_dY2281x&KIchA*-ffjZmoQtMO zJH^}^RL+c22|O0QYD^LTe2MytYg#Ej63Exwb0;f_fEOX60XUK7Uo68Uovl%ly{Pjp z9!qcM^kOVOT8U5*uSJH9)~%j-rULvn+~&e0~zRl%4v>SW&k0tnE68Dg%i$!bx10y|bTv zgEX`1t{SW+MHZzG>l?^@WOhUiPRSV;5sg^sJtGG}Tb@0bnX^t1dQb*q8hN&2WW`FU4%Ye_fSGf!mD*XF zTP;R_yp=LhAys{RQB`gT6GJO}+%3y;683qJq)u5koqo&((AWPtD_#p(U@my>^Oh8iTK*)tBdO~<B%`F7H9nm`=c}B{%YJf}G%klA&K| zyqyWu64RqP-@)yvKSmbcs%~DCB2<4P2KJPyD=*mf%*BN@Q0q|z>Sob`tb=*i%jbe` zbBfgha9l4<(b|{?slWshnX;BD>HDnJF`~^kXfvyf;~CRaEk$&35?|u3JWb!FPgW<1 zO-h1EAZRpRZjAaeUmECJ6>`tS+Ea5~sTwhP&r^-0(TEtCo_3UQp6piQ0G7_my`Fu$2@dgWv{ zYLf&#j^Y$lh$MjciZreBZLG0lO>KG&1P)kf_wWV}nkNo~))@%hxB9b=XM)wx`h-H<^y#c z^88%CW00Uw9r6{Gk|sqmi}mis?t2Y4*5;b?C^~d8I6)CY9*fBu&Nc5~D48jLbO=A` zHZeRCSZ~I15?{TPh*byW~SId4$d2i)O8!q5B_Q{bW%CfgYW@n1JJ%Ba8Q zx3I$u!6C-mZg9lMwVEt(;W1w=Da7#-oBA-&Er`1sXx@q@ac0>>J3k&@OIiZXuIvVf zJoP$k`1$smP(faMEabzK0Y?&D^pJ;C-_g)LC4M9jM2uU6x9-TstxKa-J;uwd>zW^l zr+FEVXcQ8l?Iw;gjSp`h8n|Ggit;_>EF-R7E!Np>=u2|+OnLH7)dzbRD~6e4agltc zbm?s0fluc|K`S*oO9YR>8l{{se03&SgF0W%wsPrpTS73|*ft$DJnlxq)Su(67`Y%x z4x4$8aE6=Z_wk6W23K)3jSVu0&K0{B${q{-J5BnG(ko_-EMC}9sDb;h?+N8{38YJZs<@~(^HF4wCZCph4oYp`oBgm!+HS>B(2j(` zEW)c&AA9_ZvdjStIl4!ZIA8yGk|%8Csc0_Sa6mE~jC{!Z{ybZpAJAgT^2fYT`D@XS z!g4hF5tnp8!Ja+Jo?l(`D{T}DA00xHcz>v+l6#<~cYQTd`TGt=WNuGB%YxizTnzti zj<59530I-Ve=8LII8^sFg`QoY_}lFK>6gC}pglmv0C>f5L(Ej5fKBl9K(y=2Dt?5)nY z3TzDgGqI9$F>?5D@9spnsKu=PV$o%z<)^j0Ws+iMxr75+!8&G%(_Qk;RP@~Hb*NJm z%$@I%P4;lIR{Fdoq7ujjDL+wkoW!v#J*^Q^fmdGx+57lhXB&U4#^dEM8_89L|D!SW zh~Q@d_=zP?>7C+5!g!{<3Q16>j^M&2tBpny*oO$kcw+NQ0uglk=_Sl$X{K_Nryt1C z^rIDvt`Qkd&9t4#55UpZlEhw#p?Jy|1z9OO6YJtA<8vMzk{3JEhsdeMW36V^s7KOA zbDhm-_dz9EezA;uF|`PtDdKbqUU6z@C5YkqdGSePF$!v%!whr|tKIeM5v!c&!lSpmm5lB09S;od$e`Zz7 z=3;-j^DXgU@AP1B<#3QS#qD@&e{p4XtU9%O@4(HqR$ua=1ejG>pe;Y1d9!2hFa=&W z3QTi>A@}978z>ye!_V0~|s08o%IS_ldawst@^t@Gtn#eNyhf z>O+8^|39pJFCYQJKt${h!oRM3FCYQJKu8Q2f&aep&lKE1YWCak{YChfm4Bw-22L7d z0Um;1gn#k&eF|=X**7@&pM-y1`Cioh28{z2t=-Ow_}P@-!*Mr!=XVF;It1@kK>+Gy z=@e7~M-y`Hyu8RnPyc&4d#5lJEA9uVs|F*H;5bWRq3FQCPr}rs! zu6+uet8tV5?#Baayf6Dqdi`<39bwmJ*3GcXGSb&rt zz)-^K0r+uOJaIQjgatTAOe zA-9hEIkbOQbakWu)((I$Fo^)Y{)_N0N#th3e+vW47=hpJ7vW#h*L|WKz{)_t{tv>x ztbCs|2OtbA+W>~oe^~im;R-+)Sb6XV;a^w&--+|qfxkIFzt5XD=kC^pzsbWl1-iFG zfqvfDAJpBuz5zvpT8`$nHZ*b;TCa6^^lWsk0G?u?rlV)NUrBhMH0RHi4~&2TE&r%| z2$d5;zTj$JNSE=W3D`M2!$*qP4QqoX%B-xwjU&^3NkTvXMko06$Ar19t&(lE%N89N zAhinA5@OerNxn#nJZXi!<{p%oHIyGGi#pi}|dlu52nU&PPV9 zZ}t}!rynJLoozgOgbPRNmg2_)Cz;oyI=d|m7P_UvOf<(f!Iss zMz6|`Zu75SHsWRqyInnB)2j5LIR-rspB2Y%OSbZuxMX!~VnyQ(79*B_Cxor)7_|I8 zYHEzIh)s+Jz56|;*jWX<4~}P!5Mkw#@kab76(@OT57?^B3*GObky&wG(e22aknLB4 zKHm(EXYeL9sU}I@_ati?&i44%P;IUz)sIt5YGZ7Ys7;`$vHHzp|u=;>ZOO= zSr58s(WLBGcD^WUHVS-<2sh=6lsIw*hFFj&-<~{?5d;l8lx-*IqOCm^RE~GxY*|^F zBuuR#BZ?i*%->DWc14CXl}4`1xwC}C>pRFiB`N%Yg>Fvyj*4?gaerb#PJ)ecUW(FizJ~ zT%G9cd|W8#U((aR4jSQSByQxWK$A0}7aig^;_}r&rF{25&Czt@;{8Q;e(v{`o@M;%l?z?pA ze#7&A4ZIz)6xJ?8vC_7T4R=1lImw^P6J$dyKQ6Fksd75hcW2Fn)X%Z`l_JJLvB-8Z zJ$$A9s7C)G8rhg&_xdSs@D6Vtbp1$C)~??^oW4U|^C$f$E6r{$pSW~9R5j8ntu?+K zP-krFe19UAuu34{(GyYiM6MS8q1)@@x^q-=Zdn7TEk9OqemsSo!|tlUBW4k-bGjSw`SU zgWYVZ^Zhy`!_1`VOa(DHT8v5fF|Cp&Vb`tvF&sP*6{E1Y+#nBpca!^Kj~v@KBZPPF z?aazK=R$?gg@dBdv!6XgdBfQ!#b_{{f)anw&liFJrZ;RFmQnyD*&>bEj9y3@)QEm8 zYmLdFjK>~1Okg~7K&9VY%FD|8(Da4 z-s$wDc&T_|^l<~i(V2Oyk@L|auRxvoXJaG{qaa9PcX-zGMDdT0>wlaawFqS?;lm>A z^Tps{aQ%QCs1_r+l%r1};1%0xl^^Vq%3W_&0OQ@ehchr16OG=s)$#^<;E$s{S6yme7-Dp19 z03|*o2RbWeo$U<~tItXwwPW52UT9ti0fgX~0ai0W%a*oWg zeQKFtGD$^?Dwt;`F?u9Ql3HXgf@SUkC1kd%U&MJ-XGGH0IbIiS_b3y+hqXd0HQlY^ z@J?bI>2{CRaPd3}^m!<;8P~@iQ^g(Bcd=-tcmb^WDfGXz~W@00a68_8s zFmM6BXqit}olr0`{&P93bss8bpF<1nCn+8Rkwx4R{Kk4n{o@WlfkO~2X*4!@FnV3F2gq$^hF!` z(wV2cCtRr%qbB~21iqshj{?<&F>xZ!KS1lJU zN%6eROR``}&&JI-E>E^QQTZS)M17+P3bS7hd-&#(KF-1}gq0JCnkHnDc{xcuZa~DN zjAV5Q;qdE$bku9TcyP><8y~cTq>!>JNAdDvWu> z_*UWjt%){JnMBP7upt{TxXPW~Jw~2T_^Wy^vnl20S97D? zXBV$S5cI5Mj@&;i&OA9U8)4k+OOPHEcVOx;cp()lBJ2xB|26(R@Z;svS$vEd5B!dUA6CSlMOpjM-&J%GO9@U&<4KCo= zyE*Ogsdc%6+bYRnlv2%YwVj8aBv%3swq{i(05SDGZyF?YMk3Q zv(mI9YH?h?s8i%%bgW6j`YOlaRQSTye5BCtB@BBb(yaO+URoFT;ggV$pc8czpL+B@ zPboi0t{`Dg#lQ-@dba)yRBZ<_>ogoqw7u@UK3l+= zdzj@39e$zNvgt$oU2(OIHMF9mu2OsZU-F>%-Pu zbWW9YjZXa+V*<@mqh89E&k*^T9qvRF#q5h>%2BRw?xA5XfUt|wG635+jFyII%V3q(lW!dc?k!ZJn-NqxLio~K=jnjY#?lAZOTAz#C=0Xz;C z31gK>1FptYgCak;D!ErbrsCvs!$fK<`othomm?)QHOSMM#G5`NB`&vqXL>kMtUzZX zo%T-STro_Io|z@J`yzq~vf3owA4}2@LV`>^()fs#d!S>CdDd;G(&SqUi#PhE2cQ_v ztBi(wv}y_S{a3orZ7i%Ty9udZbvxPc#%kK%9VK=(vRRlm8hv*rmY>fe=Q3T{%QM#! z8Z_t^&i2uxI*eYH!!DI3&77mfM5OrkRaw!i8l1H|qmUN+{k9F=E(zl9;-O|-KU)F% z84c5gO*1;T=3&%uWvch*+E$x4UrpCc*4R=@T-K!1s&)MO&)AVF&N`E3{R#ETn5k<) zb!Jz#QY`%+M!<2?c%P6}sP&cdpS#Ri!i6^=LA+EYC#QM}?m zgqY?bg!hczp&cgH{vs#Qp^cqeYn(3IP*IJ8PpiEw!hNK?1+$M`sr~CG1fPU#PNm`~ zXN}AVX6#Xc&r}-2({x1rPzVGLrx_bVpY0zQmO&Gz+M~T5?GG|v=dz5qCO*%l!aql9mFNHK@TKqJ5QhSluVRR(3-s0LbN38 zgcst$@l@|_pCCSGPRFMKaypcSQi!Sp*a1@2kz-AYs6P4-QeArMEw|(iuwrC7izih+ z46$~q9&=45c66N7QlTFY3)w{wo!7tg+0U14*7;~lC#a)P#2Pp~MemTeca?oi`zUEc zKgme7a(_L3jzLVB3&xkip_E>neiPh;ByCjoI2P?KQORMq+==}n+lRwlETz=II?u}I zGHxY}YLv|wj-iG=RA!EZo6Zg#mWyP$CNAKf^Wr>N%v*iIFNE<)+C)$SN1G&&BX-Xb zQDAm(Wgqm~>E*MY7Mp4Y~IeIC>8EB?V<(Zn4-4#}F z0o%y%PCt@@W5$8?QCEhwqaoNy z)%DD(yyjT|1@mz_+x3 z$3Ea&GO*k39}0h>7r3F_zOM)XiCjO>-cY~aa*O{?%l-F%;BfK#N|^tCfxlyk{&yw! zTlH?9itl52Szr6bc7rFZuf4%#&-VqqE0tpOmmb@MK z{?B)Rpn1PhaZ?Kb*b|4kE9N52k z_Xp~~-3mbX=IQ=V!vA~&XT8q{0eC>a0e)`3-G5m5UL*omzInR;lkl%A--|%N$~VvB zx8d_2R=yX30O6Ywj6Vtgy7Il3^_v59f4DlJ*Ol=W;RN>H0*$!?tbXeAX1yVbxEDnL z{0R@xy?=9vuA@WtXW^d`$_=-~o$Ph^+)pS#Q1iY4ce(Os9lwO&y%upGu=(#g?#13O z=>&*y{;Q7rgb;sa6Ckqr@3QxD;&n0sQls1?lUrsKz~8PvH(;VXE0D?MHkklD{EuXE zBYx}F|CCJbQ$XC0|-6EPqR{3qF8j@8ek4>woI?T7mh z>)s1OF<>|HpJabo_h-t7n@f}x7&-sG?tR7wF}$0T`zP67*S*VrD)fwh@%aE3R)g0y z)46sdAbjqnxj$oa0PLLQJ|_1?Y1#~{8_8w$x<6vJvZ8%^-9)2ug zV^zzU(5^Y}Zyj+8hJye0(7Dppedp6v$Cb}_6%NkJ%Qw>Pr&eL~rY*R`u3qyax#*U2 zbB|J}QXW3&M-_g0JOUkw8@-o+i@lqn)FAI&^8M`H3JVtC=--R?Q|g$v6B>Ao)bF~pB#gd#p9_WEoi*I@fWKLu}B&g*o@b0 zYm^=DWrKNyolXk9P$w;jdq7x5hBJei@2JW zUsSUjomb^P67vu_S~g=Fo1oG9v0+RBiFlZBMU0;?_0mnl z7*&#^nHkolVW-+liHj1*Q|OwO-p9$vGWKp9)+K0=S$WW`#T-Hv0oL z9*`c>ckX&5s)jNF9DGuJeld~55e!a{e!4=cJ{=S!5CRDgnFdDdB#dh)pcokk=*FhA z8#+F7F?@((FtrnWtvXf-;iVb4@zw)=ed?26xvCVMkAr|3t<>gdR8@>*0kf^cxcGv6 z{9xWIL87@whm|4YYn5fs^(dUUu|GX;@J(zKGVf1{Hk}|${NQCdv2PKv5lZ}sJDN4g zs7#6kA&267`D0&~Y_4q9hFAGBRe+x%v;M4w_L-p+2xkW7udse}o=IE!)tvAzSfo3c zy~2{5Jp9q2Wph^C`ITSDEsQm4Y8%CuB9z^Ed=%YDJmqA>@D*n{r(jh_2KZ6Rg3KE^ zckrOEedY>SB#t_Qq$J?MuWLj-2yp8kW6}pMyzpWh+zMa^`Dmjr#Dcj8A&04dRY?aS z$v`0R23s^UKeMe5p~XpPftm(Bw-0@=bsFC+j8Hi@++u^s=IKY5P1R-?zTH;Ey%wwaO>(4r4i`tqttMtzFHB95e1K_S zJKrhV6;~V#cFJ1ign=m6R4`A#28FrEDjq6J96NN-zrgJ$+XlflV?JsqHBhhoMMD(x zdD>Z1>-QrE2}n2`k7nhAgqNi#HN@5lpt0aS6#@?~(qHFJH<6k87ode*?VE6uq?|?1 zt$P&7gAG!D3>ynLSQWt3b{P$?A>|v1$@Svp#)EpIVij*GsnHsNmOOH>rS5!cbWklT zRH=k*+M@Nrp@XPM)wYzx|Fd@Zss3rQoAuIX6>8>ZP0p@7Q7>g2upK&p)DlaFbNEiZ7LONF({Hji1T6EpA$4l;4ZTU;r6WEs( z7|sbr@@4aS@O`~-n=MR>#}|Cpdia#7m*yVVIM`Lisg@$+nQ9~VG~@G z7_Rg`@m?B{&U33%Wzo$pt7wzpCQVignHsP*hFphVj^(y~3a$N+4rCU*2!SJeZrJ*(F{u9VD^@m-3KZ?Eze(sxoQtkp4MI+Jt zg<0*DPJvGpofQT30BaLyAQ}}zV>Ii2qul~E)O7KT760NE^67euRrlT;aWw;Mw(+NI zY?x|oI*i4{mq&b~jo~wW;V=lch}@Z+;@$h0%qw}a-4_{TiMIH!Q^1@;fLY2pypU%{?29 z2*6`tl8L6Q<#%;z%aM4PI*3WxqHRW!M^^2rs0XooddBO!o+mIK@LFZ1M+EUAkKuBg z5yUnIzmL#t;0O#g+~XoZwrIjY2@eL$O&|x!GxAg55uGLuLnXR&4fZDTiDs~!vhI6L zY)k#ZUX(|O=jE)>_nL(~%b`_sI%vu~^x++4#|EvIJ|6?^57-mTR_oj2)gxPeRRdl8 zPa#C6O9fVkjQ2D9u}25{4yKsDL`M_te^o-+MF1a5B{>DmXiq{mW%<70413``)%8^S z%cHIu`c(QzaXQ4ttuK^~6O}ZMuP|rSCRQ=BZ5pT%r`=0>IeAcn5Oeq8jL2i3dSaPv zbjg z@o`jzRh|?hOh`k#82P7l-Xu7o8^l&gnOT8pkqib}7aJQBu^&Ae9x#szo~W77n)pdV zqbp^u=VxXrQ+Rfz4RymGK&IiBH&fB`tP?Zh)@jwj212cWVcT}9Lj4B3Zmo@EJ~E|=vl^#Enm>8Jrm2+Z1EWQp6sgR8D%LQ1be^n zhW?U(j1O-q#K}}%&hre+Ni)Qh^%CT~cWwOgL-OmhKuQ0u0-b`AOUVxb4dU$18|Yyg zkF-zdjgIpFkFx8Ir@DRrB4j2jd+)tDGP8HtLZs|Xh>*QiHX$QqD-^Q#-g_roD6)y) z89W`~`98l_|9oDjb6xlNT=#X|&ij48@6@UHL1b+TbH8&;c5*1j_x99sRl2#Iz2jx+ ziCv;;`qQEZKaFIhCzPzuJXarDSJ9d={po(saMC@>kg%l>CAAz7dUwBUnr$H3sJi)A zZl}w*=pE&*AOi}EOk};tT&Ymx@wnfhXm46QjKygd@FU_Dy6!tH*-*J-c0K5*Hk^28 zql@k~BLi)vb1a!t=->x`wXEw4Wgqvc6aX`oL3Y8@nh_0!+yC-5GG zPnEWWQhU!|G?sa--D!}r)oY>lB+E*~Hu1u?!FW;RC1RH*o@cMDgo<%;*tOcRO4xdb zA$qcS39;R&Vt#$KgR@)U)yDGFo)^aFBufr+DuJfH#MI}X?>~8<`x9Nu-qHfje9ULM z<#42<#fn>Sj+N(8yFkPoHYTk%i4JK>gQupb6+8bhV@Y;6=Jp8WKD z%}ChrijVN%)k>64cqYenGveH-7!td5rT9!IGuHR3UMJIqz;n4$w}ZBaLtz>+`Y=6l zYi}c{B0Wc7M9n@abuP3Oj7uKTm_^`5{J^AXw~Urmz9ciGj~g-i%DN7z+eL{_|9but zm+o|4TT|5J2qrZt`8S>2Yvd_#+GwJKcbzg`xzGyl=Y8a&&796MM1T1_?{?@R@Cu*T z&P_Z|Omfmi9=qS5MrR1&wnneadikD4&3qA`>&rW)HLd--6f+cWSd}%BYrirSxThUk z0r;_me#DK=-(I}=Gs%H*wx`!{4pDQJT{_6uddYbv$QkowJ!P7YsLNd2!Hu=omDpvO zdf_Kl(`!`N0;>fYQTEAPT4(awunyR%$=GN=c#2u=7d~ue!~LRW18_!fVShfZUj4 zpta)O^p^-Vj^Tc5adgu3yu0bp!;+WLF>`rryFYbiB^|BA?d!`3mm+;624lrK%u)l` zCgOm@XIX%ix?KFzS&W>wZ!CQma3hZ%3+U12=`ewMB_r6 zsHxO`D<4~a=dAzIqbm7y2B~GMzsIfc=33eN_}->tw~~jCz91lEr8K^|`H4`DwXr@U ze~RVHmm!mz`zvF;A6Xv0s5ZqykSK{Lr3=ur)yT=$k#jEJWG843Tr+iG4Zc=ylU0A) zR_d9eclTN$K|Yd2`$pzZ;tlRbx?A*nu?g#Q7LnYjar9!}tlvsYu1|?K(=Z=$v7z?S zY3Jttc;G(N!WnP-oFQwz?Fo5zDwcz9qWlw~oBk%Bc|x8ZM2%K;p;yMn`VE)AXu9jz zjyyUf@+m|*wHIkY0L!|+E5wT4CwNA3$2sVUwevvR`_9kW{Urp#h4*`9o6T2@L)&_gmZ-qKbF7j|<0xeRxpX z8EG`)()$&U&Wu>XJAN3oEzKwFJ*t*^ zH++)mFfmOR?kC+I-%F%I3AaPmDlalMjg}LT-En=?WX94TJfZ-++})E5e7SqoN^qaV zjI59cL2IRG9pw`5A5)R?w))`P-ni*6eLQa$54_vm%OU^ymyB(d zni3dG?%80xG^w@%_t!j`fy`zY)JBGp(V}iB^=k;nm5reV8{LG`eRrl8^+fEfUi$+T zTDpV@zRFX1y11dY=ewbNE%3;6bSq(qXSInm)lc0TZFQxur%-g5Gi~|B zZ`a52DNSW^uhe<0(KNCYt6w!cOMfx*%)?ani&wGT7XPZh$Y31rMZ?A)BIx){$HNqK zse6!I`)~m#jlPyqM0F^ zu-knP(2Z9a9wKb0{|SqX;Cned8(f&)cj;O_bCr@{?I*Bbt$$d(sG4wddR~PhTQg9G z*<%cpL_UrN6hhN)Q2!xrO-5q^t~%IFFAYwDxba;#T90JkHcl>5@FP- zL3g~HT2L7t{-oIcK7*p zo@`6cq&j?9!f#lxO(KOX*|OQ`reAG{5$6;GynAZ4rV$eLS0!nMpY%T+FG$+cYkoa3 zg%WZ6TRfPh0%hdA8r^fEc#l zsye{o=VwXKw*U3kR6(ISb5^bj*RvNIhTDa0ZTK~P=BefMVR!eP6W9i%i-p6Tqm2aD zlH($SQ|Thn)MiXu_=8jhyH=e_7R#R*M@)~lB<8%eMk95BtGdt4Xs8{hq{M@18on_S5?D%;?%}2Iivd%&Nd|iw>3lFO|f%nR*Z>s-0>&~=bl@5yD{E0 zT*G)5OFaVq`aHcDW|feap)Qd?5FAXevY4}BB0-~voRW#LRpf|ICMW%)mWZG0;!UY5 z#hthGcO2lC1{CoYQ9CWZNi=0}EIHhj)9zTuRBdGvPFuxn9D3#Wq*fj3PCZ1s+C$xN(Z#t8x;J<;ALH)@)f*V$~Rom>H5< zi-{kmzm|Myas4L0A|kDtui`s--NHnW6JG@-*#cMG6=BG;Ng=V$tXb^|Tbwg?x4N1G zb9k6pwjYNZn*39LU*Mr(-#XoI{=Z|SJ2lt!Di}6Dg;Ki(V%vBpP1PL^S8XGq{W2UP zCJHiq>HlhC++u>DAx%zC&>z>+72~MS2HB>|t82xzzK9X`rmoUE8HwmP%MvZK4-5jt z?DeIuI3LmxwF{!j1u4HWR%B(hN3wGmEE%HIaPXSgrHsgX=|ipYnmAsWTiQnoW_(9l z>{Hk>KthbU4u)VM7_A;A%yy9!jSz-Ytkf{=TLB!$&^6`0P|D(_2vWbuv`@b(VkzCs zi)(xFyhrPut5ix=)$?|bNA=jZtKs=s-qgL=+&vMrv~Uo!NTl)m!MwCh6yIk0 zb_$JGE92(dAO7ESe(}P!`P^o;a@VdLs?-LQbF_IqIdpe8Seaa#U)h@9R~jz=HFIE8 z!tW-8x@hfQb!5AJu+`YfHgUB1` ztJ5Q&AT0ds@6IEgeqQ3@3@rug7My~GSGj;j zkbzTq)(g<<1NQ=qJO6txps+jet3G$%JRjr~DQG}oZpFX4IxkAh1>r$J(^1Y~_{(?@ zVE?DH0fgZpJcuidFMxT_8pOb0g76@qvFm?r84BYAwhZAxTw#2%WvGAzwhZAxTo%Tc zju{Fz1{yrcpO15=oiff?}N`zbX6tnmTq5V+1M z-IY}q65@ayxaNZv4L|F(ys4ErbmfDVtN1HfTy;$Zq?(+L5wgsn&gBEMGw5Z4RxCtq z0-OuEbkSqsSI{An2y7grcxY#AzQA#VU&Awk;(ZQxty;sDPW z57Y{RO6cn$xK4R9;P(lh%YVF_+ju~$Re%Z^L;(Q&B2N_nfS-ZV z1Ec_)b?dLP1ua_v857jTw4fye+Hyct68^U- zXbw)_Ht0q1LiTZ>6~}wFzu<-JfVla_47rBu+_?XKbx;}juOxEmbrq1-&cY5j zhSORP(Io&i`Dc^E2UgqwNqU^m9N>Ol;sX4dK`x*+EmycWr(^-ui?ied(G7qkpQ~Iz zQN|!a`$td%II9q;2T*UIHZNDXf{I-rkr2XKg1!Rn-?9m`V8uTa#w(03WD{ud3ZOBB zw*-0p|2u<1%T@r5A*K5YR2R%IAA>`33=6wBizXkWJkG!yR-KLhU!e z@eAD_sQm`8>;QSDd=R}a=|fgraA`PQwSQ%bE4LfaY8K!%#toHAxdCk8v`hwk zfL>#N77O%t16+lmk_ONdDEWcaDnO|Yq6Tz2oGV0d2?rDUp|LH=qwD z0JrCmmve>j#lSfWSrE$)+&R!j5b~$YAC@2V5rcnW`Ej#zoM-u2S`(GrItJc3;`enf zejasf_$^+isf^<6w>nRsPTR?dcrXgNK?}SV7imu8a<(J`Mg#e3>FfaK5({ zWLlDj-=UG&RuXQ>KT}5NceU8E8F|ehsxle09g8Fz)$19vGFHd1Rj(gGNm2ar9>HuO zjJwa!O*)FWG^#s`Z-^LWQ;4t)^~W=Yx5e-b`^r)_l|)UCbTSYq@vOx>eX{I-xGZ+i zxmCDDk%}j*dJ`-t+m;rKmi6wudG~XxMb^Pvg4f>*KbUd;MqLz6yZVE#BM()&oK=1} ze=JPtVy|IR_2g6(`_ViIxSs8)qwL9=j)~)^Emgs4M7DaIW%LG#%ggCT z2d;OP96{sLx0dY~speninXtca@1?*OMA@gJ+$T1`$MTijB_NJ_6gS(9E|~P44yc`b zf1xpbthwWQL>uoGiC_91MM?+w)Sf4S#Bw60s-2Truo2zTQ!ocj#0gRixANK6zR!(J z5dvZo9<)@%b$c&=`jF>9EZfaRFr>-dI>B`$Ik;CC!tI2`P8Sh5`1Kedo*Vk(aj>R# zk)Biox@jk3@CdoXk(#)CP?;lKxI@v7H8wl-lXR}UfUJZ)?Rn&vuu+&Klo~Zv1C3E* zKB;)wByG0Q#N_3DAL!pirEu1_1%wYQlNID;BH=P!tL^?8Rvpm(^#;cRG9N~VwB_Ur zi4KwYZ2ad&$SeV|x5?Km6BDN%=yjHa+?|iDQl+cOK4fisg)jN$dUJCi6`O+Q0=h?f zz6zptCpX7;$(3jl$)Me>PeelRhR2Bc+`M*YAFo~eF}OD6UE)d+Rfs${zTH|fExfAO z<-P<=6;&_xCMnsRZEg2&yw%NTbgBu{)!;|)xsK|L|D2UKVCuG zQW+k@jzIYW9}c;jto>NTFL<{2)+j9w6zM$mvJD>JY~4gTLj2KxGhXAF`89{A-zp*- z-=;VU54IJ0+j(378OUVJH%5J11RAjI;vQ)5Z;|;Uy3W3XYbC5yErU`1)^}tT#ZI0y zFW#)?k{xs{BLa3oqU}L^O~Tw3n_;(VYs3bj{36wNQ+U+;-I(wd_3BqzRZ`}50h*ML zO+qmc%ok;&KFJ@7I%l$|s%JLz6N?cF zO=IR1Po{WT-*%(6#oz^tz3I<9yCsRoPdO#JW@E-*uss{F_>TRP4kI_ko&?=yf*Z4o zN(CE5ZmrS=@t&gZ&&KgS20fw5CTu#jd=V|&XSCnuV;VX?resZ2&I;*eL{{KY@HR=Tp+^$Wqa^Q|Xg8_!+m3Gvp6k9)NU zmbY3|rXNxo(#Uzd>ScO=NUj>^`I`+kbj}+0eeCX|neRHwjW>J43T!_0wB{IgnYFEZ z^A!&G@UN&mJAj$sl-MGWoN98|jc&?NW6u!A`Q-QREn!lb<}m|Dk^guB^Jm37_i=Za zT7=$zku92`h)yL`+?lDNl;I; zmAC+o<-=mGSH7&&7UdFyE<-C1sU5I5+9}k;O)4f-4VwxF9>+NcNnuT`)G$Sey2$O% zbADs?tf1zff4W$lOh1oyZ_s@2IS#Ko{)wPJm^+9O{)->E4i~pV;nj{lXSj!^PHkaK z7W_ADkx1=|HFT1+uXwPH7EFuDTnoYRbmq^ZVGW+I)^$uRuMNxP1=h{nqm_-BdNBH# z+x2F1xmO`UktN*E_-s8P9$kQbPEaJd9aH`rTi0}*AECs(;#({S5BWDegt|ffJ3Oe#*UNhO;?;$jeOw4%#?5wrea&X$d>juC0B!rKWax z%YYNvf0m3!x4;m{E-%x*_vjitkVW%|=}z5(+f6ttsX5cTc|W z#91vV>?t7KJ}e}sBGuoZA8D6QleZS*#3ZK2Nn=Wqr}*IaVUFT`-&e{0{Ueo|F*{fx zVI$=%$$cF+!x@QbTlu8#9?Z5|&J~ty+$X?u(%9f&7BUJ@O}57MYiVOZ1Mvst0t~$( z^JT~sUjIDg#>T`~?;2Q^j`Ej%qvK(8TN06y>4pFHNQ9Y%$qABo4;2pFftw(SHPVMd ziZ>(ni|L`R{C7TCZrS<)`GeAgA!()-y=4kAZ@0?C2=XQ(Kd0m~QHAkNKdwQ<2r1z? zPyz@NV_Cj)kx24WPnyHCRz^*hS4SM8O_rk~Ny_3_j>yTrg{AEvNTt5e(d1fUZrC>D zARDikV<^y(G3bd4=S2Te)0TE2zeW6}p4ZNhmtkZ94NTnP8-zmkG6kME27=GEX&kKk z@h0?6I9ArBl;~UyOPcTS`$pijILv*Mg(UqMHG7|{Vwlwe7{sI>$uF@RqyrwP6MJ+k zxW6V{}=N|A}@0DsM!?B z`1I_DTz%EZ!K{7b^b{ISUQZ6H2;yIbz;`(lYaEqoVwhuhaA9h~+VK!wgUzhFMfck8 zrh}7|CqFv;liAj9LT0HAPkTSW87!^@);A1~WOjx~{-y{UlqF`@yED<5ChxG}7yL@i zH2XytHN|@x^uTYoo)>)?O%%Y;$QKbU-(^V=%J8|nk+Qr_&D9+B+QKy(6E|+h_I(*w z*UnaPcG6&X6r~@3_QXzrT|AkM&9ef#@^@{WJVIh+wD@Wccd-QBBmIQx`fWL<=jIUy zCrMSDeh7;c_|L8=@`x1NrgOC~;?7uhPgjd5S`Z|#FpC`!a3TA}_24DKCTcvf((?_Q z^o%SZC2{ccbwL7eF8E1*A|9RVlkqU2#$>G|Vkh6KS2g79Cz@_m9ctv(75aQa!uSP) zkZCs>Z6~A5KY}ww6%))D!Opm;{Hdw-V0U@BS>WeLV?NFuev z8_Di*n?`Y;s4>GBD#^pc!QoZLN6bkk@*~k>f&mYIIMH2mKdPOLLlxhBH;9x*{z>yO zBXiiW-vHKj$}@3t6@;!y|6YXdK`LTl+s^yXcuX~2(0!H&$_(Y^lE!=;Wz z>!~YkUU-<~j(&^|Wd)f-IZpj!vB-_Sqz0e#9V4?`FYnf^odc6r$0;*de@8V$RGg#q z;YyEYxWsJcwY7TH0lF6WZwE`$*Yt$$(P9633AZ`TO;VrzTF{X71*Y}aVbqis{4Xav z8};40hZXHoeHyPGSshlHy`iBmff5=FnN93 zyG!iFzE0G^XB&tTqwLm%i`SlWDbi3n(-|rH57cdINdPR?#c|$4D8RxF~zf+=EV$9L?=n6~my=go{yys7bHau{5mm%Kbc1V>y)Af$3$Oj?O zC@Q}`an=`b+0wQ#X zG7nVaA9)3ci*)xg(R->q^fq5Qpo3=-jX7zm?+q?hn=m9`+;V}hTcJr4X$cDW{?(p* z)i=N~xvKv9CV%Ixcejd0^U_%pYfT(T{Zq)6M_|;Vz7L)Z9Iejsw7+ZXO-n7_$h5PI zg8N`9l#4B&Bh=cVtWt1~C_|Z{^COa&vQ5lN%81PQp zt~HG`IO=3l(lmaIDpXJ=#Gztvb@@`7`gRF9Cb}_=YgWK%OsD7DR`_Tl_7|PGf{H%f z`KOW5%J>Glq|Y&(Q15&WK`&OB9|+n}+ChIXDWOaWU;!;ITo zd7_V4$lC=~U5MH(Dp?MLfJ%BCF7exYkF}W64E&;My#nb}+8kGLQ&~rhyb*uxc3_lZ1n_6*#IL#(5U-4f@m>M73*2B8DJ7uyxz z_0}unjs}GZjz0R|IiY2ls@Hbi`EJyq_R(7buGp|o1wi$Shp%j6S~M*?vHk7Ik&$@_ zYK8J{tR?0Lonel!vi>eQ2i-Ul6m%7u$I9Pli|xZ5Eg!iRy{y)ci?Q9UD8-u-zh*eE zYxbk;8^PN9(iL&Vqg#!>7DH8~8w2gZh2 zH{6L3$3UBzLsZ$qK4f1~F<(><{j zHzTb3*W=U@9whyAWiCrW?1--&Z0p9;nQS-cc}Hf^jZs8atrVb@G|806&DgB7SA?b& z%PZ9!n#k1I!^&o`$$qW+`ZHV_q_n%Y`+c!=TAzP2h_YLl;G2(KYSQ4CdVE6$rRUc~ zW6E#?XW?#E2k47gM0IM#X6Ec`qlT*mf+b`(Ly=AZr}>QK8nav z;hWj9efEM>sfX4g#Y`KoZwA#9ZG-gM<76!g-DaU;E;OQ-%M|&ODDQ6(WO8sDqDNSl z@H^L%R%q!7G?%DIM;kxFtX9gEig|cD*oqvNe*X)QN{B+&ox_C{dd9L zz&Ygzl)(+j8J_u#?>&}%IU=IGw_`qNsnlhl=WiZie*P{?XMA*@I>dWyKXIXtZ@j-h z`#5V?96ki~Q}%?FLYab8+f1sR)Au%J<0GW`w@*~xBT2X%QK40S%a}D1a%`Vg+jUo% zba=jB@p=2pmv(&jhehP`TXdh%?9JkzU>Q#;RJ><=+xq60D5ZgYTCX>exi_p2E4Is< zwHNNC71J8sn_v2~NKCPq3+*lLOjh(b?WN3x2Pd^MrqJRGQ}bP`NH1 zmTAKE8~0{$Sdz!jXEfhTJaYlpK35?irtuRK->V^b$o`RkmEFr(9y6S-h@Ay9{d4ZP z{hj+6?sd5Kjs~Mvh1Pi2YwrMpX|Yi%Sdr!s`YRi~Fe(Zj=UdiUTZk_^4o|_3_2?To zf2h~rF3PjiS72PF&X>L$IbiD2ax&s0@k>7Z2X#I==GNK(KJ$dM3rQuKCM))q{Xn~< z^iizvfhX&tsyG7ajj}>f0(+M|@0BPW>fTk7%o07aJ};koG~;$uq`-WeCb4ht=S9=T z@T8c^t*+nZ*(M~>yJfGFJ}`4@4F4TlaYLwlT9?+kL}906WI5{6pklNvB2{DLc0fW} zVuqXPOA$@7xxO2nefl4T;(l{sDn1*s>pQ@br~c(iUm0F;V`jx&#ZK3TboX-E2c-Eoiu*d z9^e~zYPn%BV6#2u$0%&uEK{lV;d)e2nhuf<`?Y@bt;6KHgr|>&LinT*X)Gv4!N(7*o!^(Vl;>_bpo@GtxS_VYI67x>ezp2<(} zU19w9&)WdDzY$X?QUN;vsOfQvK!Snf^L;soX#>C-FlRsVgMr*XB0Ji^-^;lHr*a4! z5a5F6lz4US*L!GK832}&f%XVQ=l(F#fN(AVB8C8@xLw`J^B$qFD=?;U>Jg0KgE(%0 zQ=J8lGYa7)!#?lv3>^T`+(5kpGAYO)^p*cGKqx>92n+)tLNOq01OS$00b(Nnhz9WQT%DG5}y`pAjRj>;-5_ z&w2q0=yQr30I>86_znGmysvb14!weq%T8b4`6YD;dIf;ii8&*eU1fY>d4mUhI*2oJ z*=Yp*hnAt@^Nd_}mGOm^p(SC?$YrNN{J&cUzu`aK2E%<<8DDJqTrve}`+!0XvX1^k z%TTcg>^3+PUuAr;WvHkF8iNt))1~|$T84@@pfMPgzsmSx%TN(^2_6l+LN2f309aw?)E|Tq0$Q+Og*R;=&7AYBLV$B8WC9?Me^Ijl&|)%>5&?D97lfS2b4sNJ zck9f{xvBuIDg#RF5Kb>Ru|sAA^cgr6offV$FY-{ZIe-%?jv)v<6g~Zvngul;$h$pH z%>qEH&wzaZBN{X@z>9a}v_VA~iXwb&T$g(TH3vP*(DjoOlVG+ngqH{41oi#`(+bkzv$_6L!61BQkPGlqgsiwLT>O0= z;Ix{bvD*O?5i91Lj{6E}5 z7qt{p5YJpeJc0faIz1Z%^aY*pu5fWKVj<@+P75t$=#X*=YWV^+9OD0<`~W$7a+UFg z!1;&J4`hj*{*eKE0N0#9T5td`(fqWDe_@I7va><6#8&@k!HH0f27aoq(u47ONsk`@ zi*NH9ev^y>kUfAyolKO!cEbo#eBZ$e_C@CzOyx91HAJa{Y! z-y3b5+_n~{(Z}EYQgH3?E3YO=wBXS<8JVbg*Gc&7^FHqpuZ0k5f^YRSn%&4m?fnh7 zz52?ygh3m+_^;(JNGc!bve7hs!fu+QzWs2fPc|%i+Tz%z;WyR0tWLe9J1p%^n71Dk zR;Z4dbC|1s{Ip=T*@tQ_WV_(qxMlTgmy)~n=Lnt}DOKr4=>Te|>{^e8DLhMJL*4|y zPD$n^LRxaVVeXDu-$OOU`!10@k@QM0ZRES(*h>kqOA67m20LWpDh)muml=7)Omp9$ zgnUQ&-W~Ql<$QWh9mThuD9Lp7Byb^(UZ@WMoG@AOArXl%fZgnUO_`Dtvio&LcJ3}M z@HBEVO4^2Qbz@3h%S$($@+f0lK6HAMR&B$z1xOjZK{H@8*3w5V!;1B^jDKhXC)}RK zp1-LiVr#*wqDWqv?f{RS-BlU5WZ5sZkaI-UvC)b$EZ2D4=kjR5P5Qp3nHbADpm*zD z55Sf=BqmseE3pq&N(s|mQ8F*R^X?&kGYqF5ydvLrM52Z39G=UYw`O;_ZSD< z(|}FmxMmS$0(-Ag2wP3~c`6{Cibl$&{l_@r3>$szbG{rhaul)WN-{%@x{c;ewNyV2 za@uZ>m1srNdtckpy76en8Cj#KZ!xG39`4HCSB=+K859qI zeaMP3rZd>w(-hu4XwWL9tX2HrP5qwVQ)-O&Kklb2Na$wvw8^$9YYjO^TV-h#KK=Cd zTP?!T^vcC9j;dktd`>ZDDMc4}Cc99R|dVbR{en_%OPR(UD zRLQZr>0nq?_>RBmer{Sk)86kEKn{!E>z?(WFcdPzvIOD2?@1Dncxy!BDkIbfyQ;(u zzRxYSX0r?rV_K>S-}K@H@D@!)4FZ5$!X6fqOrg$*v)%~rg*Uq+)AdMbZJ<^2@w$^D9ts-ECaZ>M3z^0@&cP4pD)6p&4imOf^Q?muVX|H~ zzHazNMAK`D@xQsrhGG1GCp&3u3Hl&FU<|>t8bDt{>P@g6!YkBT+Y6 zt!SJUPZRgcoaL_-$Z|R2(2%jf@(vovA%AFjwYMg8(Q{c&_fQocM!w z-`Pp!Gqa-;eKfs@_4kzPkNPlO$NHwnw^lx6Xkc#tc!r&WRR{0rys}p=ekW_~9j_y| z4~AozzFmikR_b-`?5$qPOb<1CiKG!@WInC#ocj%u(}hb&QBRpwb1~D(J5KhEH;)l& zakqrzfHy%PXxd^b7dJkbAHU`3#@>%L~Ed?NNRWyKM)XxuW9u)}_JNB7&mB;=yK#oVxz^UmvD>pfO8*bm3qic7k6&e0*OD zowvP=kA|tlHDk9#Pul|jhfyrNytAFwNbvDdUzezJ$f$N~SBuIk_LRKwN)I@3N%65% zN1=!FD}7PR>wM9y?7r4=yp(T)0NoEVlpsvCfz+WOy>urOj&^>vrzTapYKDr2NDh9& z?D7s_EMK0O33bgGwUW6dA02UT;>uMt`ms?EtlOwM-&Ea3Kdwacv#x((O(sM7I7!%h zt^(!F2VXSOZ|{f`@TEQSSRRdAT6q4%#V}MS^>hApOS>)|H)u2=!8_cUtAPf1`NFTN zyuC!jotM_ar0GnvxsTK3NOLX52^_yE9=#5(c_pKPFp^DS7$AV7@s!B_PWO|jx6?M3 zRXhQ2qDjAGG7;U6C`?sDOsHf!&X{m)${JM*8DpP`&NG5*TFVCRRMs5TS#f|zQ@ zvxn8X)+bxXc5;+~R#KSk)*SPm?0NX8oTicT+y0^{oYS$0A--7ysAG%?*6xmd>$J5K ztYV|H_zh}8iRMPCYNKKeM%Z8K$(lN;%1%Tvif$&~g=6r^v#}*@n0SO?@49(nj*(N^ z?)N;cE=UMJ9U%RgF_$CRio>ygu_+5oDUdmoiWzV+FRw{}?jL!-4 zs@YFW07)-aW|Uuev2$$af0i*l@Sc0%C&Pgn{`&Z*9bxIJ*fVUzrt@i+UXUnq}fnTM2h#1I(B?`;sctEvO^A@WSjXk zsO#PgoCg$^BDRRK-r2rOgd=&g@QuKc7=|0oB^W3ep5 z(?Z%RLLoKC&r(@AFlN=QII^4}PGjKKa{>d$ys+!b17N0FjgTU`#)rCH8PN~$&sC$z zq6}n7XmhzV+Oy&M?4y$2m%pOAi*|CLAd~p35%W2#UWL1}v%~LbvK#Va`uFBJBySve znzIA&zF^x}5`2cC`1lq6h8U+?EmHjW4X1GnQOOGr9+Z1}41_6+P){p;ctNMB9^&pu#7;eBviUg1_1O zyX*@NFKd|# zGmz##CK5d#->97tTO^x@5fOS8SGPzw%BiRdSN{=tA35}mjmeBrZC%q~53-pS(H=8J z06&f+yL{&qGw-p=!tjCn zsMg%XQ3#vLL)ub3r-)|QPb1-TH^yiuYXO;2HncaxZ|DepWWTY;JH@VTaA2X{^+?&yAkvcJUZIyaY;WZGsQFr zABe4s-YP0=$odeg zN@5_X@$|mHVXDXo@h`7AUh@*m@aZ{sfC-0XWyh1Y-~tN&I}#Q!S%ra$f{t3fiel8G zme_K3kMICy6yJP`pMQ{1p%LG{Ar_H5$nbDS2Gt7N)-7&D96dT*>6ZV{Y8JQ33$ri5 z;^d7kLqg)~gH7;&!$-=RMFH6Plj%OOG=qx@6CSo*!K z&ZwNlnVY5V*C7*&h>GQixkP(nk2wHKOJm0ifBWv_T{^ovQ8&naQ+i(w)&+4~_xy5= zcbeSbKQ3S&DL(LoV~zAonO90hIb-* z?~VGsDUlhH_ib5C66x;SPwnL1XF*ZbWpd#p|GInl!sy{XC4qTp;I}nPf{H9d<6JDf zMmA3K;@R0XBMR5w$1LQDLY537a3?vl%>^%?wpwY$#H!OYjW*@8V(Itc4p1l!WDd}3 z_8L_N-P?7=kh-b8PF}sSm5$|t2)s3OJ`Ee)sOj^v{4sJ9D(&Msmp9kL3T5k(G}-s{ z#(pPalPgM-;O^<(p5ZawYAIi_Q{T$U&~@(|pv$(w<<^mpFzO{nLd)kOp|l!zM2?%w zRV`oL(uqav5H;w-Yu`BF3PUD(vsibJZL=VWN z%H5%o*ji{AHyHPe%Bdfc9q+<5w!prgYLw0AZhoXV*mSR$EWJ5SQm{ArRvSIFkLHR^ zT|{XWe||6u!=x4Ac!rydp|rQfFZVIhD4}4>J|t-z9{Q&CO|9f$j2nk`*NsZnkWS3Lj<7uMdk)sGUIxgKB_Uk5r~1VP*6Lzc?wj zWhtLW@1@CUaL9{HA#jp3{GLZRrp;m|@IHw{Ne+cD-eC{E`%8#5YjChX(Y|MDh5eeK znvU_Kpz)yq+I`GMc&_i76BR4Jg2!b%a%sDSc!GaX`)T#Ax%LjQM#M|@bq+RQ9mg>X ztUqOC8Kv{B#wYsN>mSQj>bp*F_-_9Dr_HrHeSHn78vs6=8!ky?wc}wEM*SH%wb%}MzKh_Ulm6*b7khVtC`0%9}qNSiMliqswUW=n6)(SD0 zQYY=x^Ik3kIJFF#ISkk8k1Gf#GcgX|?JMqNJaNFJ-8f8hDPA@-{&=m6f?CfJmm;3X z$QAS1^$e|Y5BM&oN1kY0zuq>&mWRL>HVyIzX(xW&9tf2=5v1*!V|^s2wUs)gZ5z9I zD^tx6;gOtU8QrgvEL_ntg35!LM#dyY3PO)J=uS2UwiDss@RByaEjMno2T_{q8F}+}5+!{7u!e`U z2lIK#$*6?GlJ@bwE9H38Epz<`sY&yU_sprrJbmlEd_!}txqn(6PBSuiJKJGjOs1I7 zvWj41+?u0FyL`sZ%q>MXJgDy`uVNgZh`0L|wyEb9?QkaB{cwRN{^3jep1KDCvV=&&%ajXlG=zQ+ zpSg0{)a0&CV+;~gRMo!0Xl0ee~m9zwG6ftk+?SC@->blO) zn9Toe(yh!2(PL*-#8(YPq1^mcr}@_PreQ9IA(MNVhUkQzR$;fKS*v7QI7_ajw8?rl z9lVxJSiMd7Iow5sSV_Tb2#vvnrxSivVjuIh4Msa+Rta~<7`Bqa*U7T2{lF;Qb*@sF zvOqGdkKkH|2asO(RSNiG)69?mLRhqV!x3-zgJrp*PP6UWFqmLyhsTB zo$p$5j`;0#2ydHciW?mT$OWW+CT4yjDfo4Pn(Qr#a@S|LrxJIO3`TLQgNi>YA-ldi z=mMV3;&QS|#%$(5<|qo@5ce)nZ4$uBo){FY_i>eQ#S5#?TY8nDZPxfjZWKxKhnM=6 zkrrcH@X2&g(rD00qh!J-;Q_z7W&~YL*0nk_7~9l=`1i-h>jz?_^xHdY_0<}{tJ~B= z^#HTvjYkz>M5s{DuGGkMvMb+TSDrAf1Q(46BC1O3wOnp6kW~ z1*<_w0ucQP5RdE>S>%D>n&)AMb0h(15f~6jfDeKLgD?+>iU#O2Xp#V=TR`vvnj`?N z0t4yFpBv@0fm|z~572y{X~0}Ev~!)hAO{1D@B`UjKzHCNA>;U$$vW>53Xl5-*oW{@ z{`VY##SKnF3^YfliVC1Pg4`nr`V2g8pa(Fq0E{u6dH#E{Kz%=T_n&Zla3iM%Q1JJe zzz6_JU<7a~!~g=9&b=V0h=q1>MrMQ3dAZWX-*I~$K|d3b0YFqZARyaSy@85cAjt@V zCZ7t@{JnnU9~l^0oEyqHc@((xaRFvg^whW%6)A#TXH|h%Gi!DP% zAW#nx0w+UVLkVH3fQgJ3QNi;PFA!$uY3!X}+m|IAXo;6g@L$M{m;msa`z!Zdjwhc} zefh)6f&h-t-GK&xA(z?!g z7b!2`Yq+&M@pzF>SI z+MtzTfW-h3ZIFb1!T7=o15eUFaSo9nJ*@^8j4!qfO776p2Sw!ua>+Q)c-Nria2g0_ zF#7rOc0u|D$agsd_5ab?yu{17ybmq`W*OYTRd=gY&MT zGVDL~4jctM&}5^_ZK0wTG-u#L2p}RG@Db7r-~+e=p#KEd@^b?|H)p5jr*rln%H3%r zXOj$iMitEYy3+Ws#R&W!RM`i%49X$E4=)Lx zOIwBtPoOcVN?&Pwv1O<1m3EHN4D2mb z)c&>DuBe?r8>sLEZ{DFbws_c1k6i#C{%qj^r@B?3%JpY&26P1#te~_5*4P4m3|_Io zcLV&=q96@$atA1u!H8Avyl9NxV>fPu>4nv)~B4 z!uDbWo(o?vT^r~SGF))%pB22zV*jrb3m}5%mBtrZ{^!I3hyVu3acAmaz{!USy{ma& zJe)k-(7dk>4WK$$Ga5)8%=6Z6S4*Ce-!J4Fl9YEuRQNLejx~$ z{IQX2`XaDkNBC>`?-xI-O;3KMsU80|^fG-Bn$d=E#Lm-2Bf*tzG_l(q5fiT=8@JYV zJ!b6Pr!Ru;B`33iJDkag&$jfQee~=h`SdZPdJy42JCTU=V?AfMUB6=Y18QdsI>YhD zK300oONZ~^CzTMzUR5Pk_1A7$>g&EhNyY>W{?2*Z(KYrh;H8-OHSvxcIr$&fkBH=B z9gTRLogZR;KCDLhTA!OhJoAwS-^*VgUg6_drkdVsKHNm6Lw%#Q$)NXB%~cP#xAAE| zAy+CE1qQD=ld6kxU+aHdDDz{2x%bN`qNX^ZMRG$ACDpiK5CJ;Hgecx7Y>_U?5LH{X zVvp!2T!D1nrShSL`dL(#{MR>AhGFSr)!?$L8cLl^71?w5(oj6*mh3 zQ*3?q-nMSdoCp;cbY*$2vZ}{gqA$ahuS-$!WC(jvr}~H>Efgw!E+}r@{T2G|M=jP( z6{fUL68extA1rL)xKnfnVVGha%^E!Z8 z9(4p&sy?1UPz$5J@Ewc0_eRJQ?>e>I$E(1kz~M)r;=Wy-7O#>^&Jj)@A0blzTbcQw_(xvuaa+yO`1KD`!d&7O=%!7Syut-_vv>+-g` zkzhF!TgrI{1%j77OLxYuT}jg(glHq;LWI0^6`G2CSJVJAs+i-Dfjt=85Y9~D#TD-~yU4CWOVUS) zI32GSuKN6!D^TLWvAFRLih&{1X~8?z}IeqSe80)3rjeJQG5-(9|M~kdz=}9 zN6D$tL-Hhd1iHNF*FDV!=}u{i!(F5#HTE+!2oT5zdbYBH$d9|?gQrR&Cq%GOp4&4k+SmiDlM*+(g+AjA0ff>=X`pcfJyUhk{zd-Tx<~5Yu+~+J;=Y& zN@%Eef(!=kL#q?Iu$2fay!oM!##=&+6*XaTav~M%4As;;(WhIHnPwKxnw9aL%g5&}ah!+GvpHrK z8*ArWhdp@BP`Z`RV@f_av!q5Svp48U~DrP}aeTm1LC<^~9xwJ*O&iY8NkJ1^5=Vd|t^C%)Kr*16u zol{5LYxjSKHC^q3@Wtj2J?7vDbH8j z&#Pge%tJi}2MK1Y5V2Rx8fo>;c_dE`K3U4xE)vrrxvFzjNToPjD4i-FVc$!aZuZ5c zkIFmY_(v2RF9=rI&U{ZkJTDDF%>Bj!h9Rs@84FS3^SUp-X9eGsg#UbjH^2Hr3IdDq zy3DHGk@wc#_Pk#iJfD$~WqI+3s| z_EK}>4myJSaZu+SOK1!B$hD+cFO)s_U*su|YmRerJGdZ>)!TLAb$PBEN~4w!mT8P( zL3C$xJ$r*EYD2PD(?CtAf-#tF=u&ddeK0&`E=5_XNm`)&V(ng?DdsL@L;A!;F*!oj zOOf1Qz)`ae8(?Djg0J|fcKH2R5xUjLVcUkb$v+pIo6ab-C!;<^AX7RTG0pq9&;mP) zQAM?&D4o6RkW*JcucS&t8fjXSX?j^vCpPos<#g{M#wQN%Lw{b%oE2nyc?c~v@d7NZ z7cZ*6nobf>(d%}FS0_SVUhQAa%*|@JpYI-H9DEGt@+Cuh5}e=a6_=>;l7v%9WM`M1 zMmaC7L6QraIRI{}>}@z$?#HD8K4Q3HOnGi8dYkSY{+>xUnFfTCK{=x4a2RG(*Zw!j zM7RuQesXr)PpazcB-C);PNuOeC44TQTykxG$7`*6wVA;QF3@T(uneGx@AyJXX0Sx9 zm2GOix4TCZp3IO9HZcRPwpmQ19JsT5Z4P&Ze{k3pr1b&A{!OCHF^##gaYJ#|Yie8> zDk*(rzxQkbY|H$3<6|a=W!-SGpKGW-f6k+O9wktDQL1|A;D?8ii{zxoWP%`yXvME+ zFm5u+pG+gezSA;N+{Ci)Lo>FN++QUDYdv^0!mN*2ZgRfs#NU*)^er*JOHqp@5E=Q* z2FpD910LLFDn)Ytwa1*ohZ+a6xTe_i1nQ;b@wp}^_k&eoz}84G5R*OXUR9* zJ|!2P^2`ul!UsCj>vAfYU@p?jX{bH3QP?3SNGgegQb}z();V}mf#7p<#twM=Hvgj| zYwRZAw32FRrn!Om7Cqwddyw_c)5)ZIFA}5J?tt&btXAu_ z-+Z>}v-dPR)e1)L*+T-6z z;*w8zUq7d!f7mTbi9@`hy1$ty*uoGLTqlK05KG~zky#fe{aE(CM-A3S9PGEPtG(|E zD;}fJHdCkF(GFeo9XUvr$CCtIu@+0CI=$D0ZzHjbWW{XH`=12VIjN3 zUiID!Er$J&jXvgiNyu3V7{iA<%b{tKLRZ%Hjq%RkIIiDQgUwmA=emX(XRWq$u0i^- zYG9>gT*b-|D8fvC(V8f!dXX1Ja`B-__ajA5D5mQSR{cvq1&d9R919Utll}OxNXG>WEusJph_Pmu5xR0)rh#H+>w$Wd`(oEYm;Ys3v zXvjN!kiMs|<;0VS6xZ*E=C83S9_)&+S8ouR`L^3DmV~(Ifn*bnPp+;BvT~SjBsf2~ zIY&F>iU5CF8p08P6!sb%T_f1~wjgyPOe6&o-Fw70; z9$0|cOSF#iXYsJ(GxK@N2_uP(-va{;bA>1Pr%{uT)=tJ&L0*ax6xsrUm+{T8}D74_C*dZP2 zT_)-4_&Y=M;%xSt`_La##RgRKd3DMIN#wbMy4Bk4__P*rPrk;I$`LnJRh5iCcP}kG z5K8P0D;GB|_!#&}$CD$pD*%Vf8JYjVw!di8E6>LpF`h(z_2)+OCXbjSc=qY0J~~l| zE=XJ*ZCuX1&=lKB&*n*v{sNwXz~isB*38wsJN=Te@~M#$1P^{;cl3tMsdQ}X`@XM8 z6$7sx#+j`y5VE@%r|#qp>Z(u=OJ~uOG^Q7SQaGyC)ip+Z;C>2$Ghp@1%^b(+evYq! z0y~j)GU2DVq9>JgugR1(65-aUL>E0)Dp=j$XZz{!FU*mcF|cB)z0LRH>Y`?f$vk(! zK9(dG8bT67d))C758d^_q`T4N`%#>k0-q5}Ty%nq=~sp_hDLcBFQB9K>Q0FGowBOiG}n!tLgd6s?%UDOxnG1bPrw= z+C`1o+SFDmFnqrjX^#NvJmnlGeh0c2Xrl~7dbTx-sSnrP_i0Q?@0EHr(Zb0hMY8N) zT-7DysgJB+ttM`mV-)^=d9$0}bXDH*N#M!-Qk=)RrZt+1VmPuCPtj0fjL({O z&6RcKsFInU^e9}}31!2Ua4}V3My2H^w!2Fz`uU~SR5SW#F&9T2gir*+Kb#HW?F3&8 zN&Vz0Z@Q_9wKdq$XtJ+e&N(IdP-DBMqa&%u0IQy@%h#=Im2I+P|Lq&SDJrFpTjH-C zR9G3A$}`U)^2h15YgbArCAf2F%Ze6X~Shz16?_(BD#o{VyZy~AI0JjY#{<%veC!n@`5RwLr{p%=7Ckm@; z&4fZumOh8}3>CH&Hwkfo(wyj{L^Cm!=C_mYyGb8}kiA2IR($jDJi3#~zZJC*Y+kZh zU`csvfoe|L2)pjYeeXddliu80g-$Lp^oOd-Xxv|1N*^^kc!SXg^b zeB3)~7M|>OF-<8LvEco*t47guJ9F}T;o)|a%+wGxH@-ohygD)Bc@j7U0~T*JMnaS8 zr!(yKdp6sfF}ttf^U{nPII;IE)>gW0i{2;UeRCy%nmc=C*@kP`8j;Y|iO1tdfD{oH zLh!=B_!WGF)WRUa3tz3Jz7P5P+e^jEn}U>`NlKFbdr8M*TE70DvWXv1z&)27rd|?s z@{bO{+_S77PV-7#ZY!`#c=g@vVk;05I^yCret`EiDv$fnmJg(hE#AVSbeq{8zgI6R zt@3@5F}w8ip{$L^U|7$eD?w%(Pqw#C7Ax}~#}h0-H4Q(LQ*R5?JJGY}N!cphmEiP8 zTsvmvR8KL~8s{O4W0+MUjq5xxQ)(BJHGam435hYON=~Cyy-uZKJ1?Hlz(V?n>&ZaO zM_6)uY8Qs5F#_147>20BnB;qUZgyYmU9xiP+TgBnwe9*ez+pcp_K({KjJ$%?&0BS| zetB*A)|>f+nu8ed>4y8{!|0Xr#9@)De4Y{#d0GQ2#QmXdmiNt$Hk6c4>?fXgu!jlQ zMTrOP4U-SUsk%kr5S6?MGeo;@Li>4!T64-#Pr;m}wP()v^-k*u7)ZC^NroqpXp6QQipC zf%q90g)#=J_nMZAy{MY%^&;c8R&uJHPa;`J^vzG!h|SvbP3lch(Jv<4Ys&I>9908_$t8up`0)z-c=Q3FF?1u+;>u|vmZ!|nj@@MH&i{L zZIDy7b*-$6wke`ZJ)h?;MmwOuM?>NdBhe;^WHw79wL{sntY|Rw_2kPSY!qaGrAUh( z#M;(~<7HgxJqIwWX5)lVfv;_z@0{d`4eC(tQ4b9Aebb}>Uz19`v!CU|Zc?S=iB&??u#A3Iq4=x09u0skR@|%lk-C zOAZw!Yjl!JN+@R|5368|?mqsuMN)3t6$p{#4c3^fZayJb!&qoHP7n>V^u{6`9{>B` z@VA2^Pn_w|{YCnx!vaDqhauI@a-W6A*W{KLJ2W|RNEbZUX?wOvA_nP{xGgoiUm=yk zz{Su!VGIg9BQvum!bi0@pc^b`pR4wincdqie7Z22wqk}SKxMt8WU3*-8SnIAYcOFP z{vN#SoOSQ{ikm>#;ycP+wDG>nkeqwrK`|=09N!<7BobkK+DAdgXU8b^5M3(Ny-wJX z@}T)DJKYjoQ8)hpGjV^co9c0$N{7DF%STrd2?$8;VXFCNw$~Bs&8FkUc($e{;B=;J z!qidz%k8!?12NeFTy|!#K8il2m5*Jo^~ALLzsI1q*s9DaP<0d{@zYFSPECGuyPlDr zYpQWNW;L^U^*lzgWNP>tk4OPrvbCA(yk6yWB6)O5*?D1My0r~?8{x?XUZWa#6`fob zT8fl)e>>NJP%*4Sp3QRdWj$LK6xJiVp>9QeS_V!<7g^1z*AD|`)%!>VIHk~1SBFHq z-uUCrf=3M+e}<29*rcz>P8(|St6vjG7qBC5AT8ckltl` z1^*oF8ynae*@I<8B8+=(?=FebeNFpU!d&*Jt6D~j?b)0}^Twbor&*mU_OGG#{C!Sv zx^_cffw`*mYgF5>CaL3dn6isQ}_*C^LH<6}w5jo!Ya z5ZvNiNr+uu>qPC=?tJjT#gJFvSfUw68AgHL`)i>`piTpk;QI%p<}!yigjl?uVE5uT z`MG{WLj<5CAPCyO(h!+I_=JFFARrom8+3y*0$>{;NPG)6{VV1J0-FIE-zYNtvGK2% z4+voP8@!Vdh)}YE%5D7U%I^VBpq$;G0nc0J(*MUE2on6e{sD?Gr3ckp0_9@@IEv!x0NFuS#ycSj zCZL?*?@fZRH~@+A zU1zvs4g&7n!Nd%=M~D%!GW<Y8!w%KVrCrx&i<5w@%={#Q+Lb1IRA7_&T5p+#OE^ zxVRfGdiEbYm|M09z{4#;=f7eAS%x=snp?gfz{AtK>7>6UYu?V$| zyZ;sg$ilqwaGQVtdv_XFfQuil?&OvLcYe6K)pGie7=RY3# zO-KOc;b(gwI}R|aJ5m`?50vS~9xz7qGi#?DP_ZRo;c25C`?GJqcSxYzEue)O< zfz$aT0dL3j=8t!|PXA-Y(f?R+^nXi>{ng=r(87S0??&+-OqJiMf&#pOERnw`%z(kU zThjEm=f>WS`JJlkKj|sJp8uG+znNvXho#>PG%!E^-2_OIgY@D~9|&OLFMS|DkAd^{ z3&RCelnT_ukMaFmlkd+aZYtZaf!r1|Kp?kLfBzZ?=uy+RyVb2GA3&qko~8b^KF;-R2j_ z@#24#vft$w=S6%3s0D6X#W6;a-77{Eja{fW)LKUx2D zW;6(K9=Py9hY*DO$8fjuez%(b!TkdsxqUOlH{`F|Edy|IyL11|0t5Zk(4SdgEKF?l zpe!&D^)G(GNm1su4=2nL&rmsqlGXJb7nk=XmO+t%rw$^}$ubYNZ~+)BIt6*7)Sr^YWFh^W@d-uiux> z)2ar_jj-t6JbnD^O{qVNe@G|Cu(^fQ)%O5HcboS|eT5SjJIm&^z5z)qPiUUZwN8FD zI{i%Zj5%dt?$y&WRSVp~OUP4_(49Cd!q{W0J*~$f)SZI$7hR%8F6_AgL3g8K)vHKH z|5*_~%WJEzNtm2OZ?lK?5?=8=VKZrQ-t(q7wW4TK8CH*7-otG$Grv%n9)8S2!drpp zZH(b-1Xqq?v7TxhHk^;OVem1SnsPBmmeu1cUyfolRN9CT97n-Szby5LtPGPIm08(D z>$iBMO1-xjjE%^ZEp3k+8yT0iY7{gUQaY%|$Wt@ZrLx!jPfd=HJ19|}IEdQE?b#$_ zLb2#^IE8kccVbLV&a%DmB!c3B@%_?K&oxn~_~M~NUHj+IZF2yOcwaZsu?oGBfzii@ z9!`oyE$ht#H}%b)EcR46?-j?IT_VAl^a(rZ=Lg8|z?VEzU+}+^(j>+S8AD(sG7%Z` ziCBu^4?Z%P#`_c-ULaStj8;rVdaO18CaR+9i;OBPv&d`c<0bi+UcKA3O6tiJ6L+sw zwkCYVGFOM2cF(sF=H z*q28)`XT-!f?Z zT#T0gKGg0Q6LG9=F)Gnx#&6Np;2mpu4{cfuH~k+zMI2(3D zyui#TmJn6VCrC*Y=-8f#&aoRos8J{1u=P!&+@okEaN6j5(OY{|(2wI{)-~@p2EIPA`ur6&!o0}E5SvOZ+Dx$H-O+Dev2J=;x>7BTw#5hP{r>7_@CaKU0voXeCD zxQN;e%uuJs3^K+lDd1?{+YTpu8Vo2zYoqY!{GzHyl*W!GWV=tc*+W5}R{bV4a4iv_ z`6HC&vdDP_MV5=-+o$3i*~n^9g=wvn_jsZvZAv}lKEd~E9Tsri?G?+<>*9)8cGZ|! zhxyd7%DB1;#4%;KJ>GmOL#KGo&$!y!Avlc^oh0F1#vs8BkyxY>6Z&Ej=C~}S20y&K zIZe^|Y7-LA>D%@qWT7SvoNsHTWQu#<{Mk0g}LYP=}1m?fKWE~+P;p-j+htMtTU9rWHz zXXfyd$N&1YMM9?J2o_pp_T}6RDVXjUyIvD13Qt4Xv5vwM@G$jj;oLD=sYdD=bA}pf zOMCCF?Fo1D4DYmdaj6YgI zZ?*!{q~v13M)E9$L~VlgLR|C1+tI4rkLW1LSrEdA4H0|LaVZ((3+J`V3|W^ISa5J4 z&lp;_T$ry_lYP>v&O|#Tm_g7Dsr58WsWI`b_eo9o$NQ1*QRn5*Q8FO#w}T|Xafbwi zV=*rTxFC_}H^GY3_=2j|u>3NArTr;v_&;wSg7rz;^QE}!7L zMqJ^zT2%|wpf&OZ=yRhUJ|`wmC$CQ&_~;4i@-XBX3G7LnJx`Hc_nxk#p?&~3*ta)I zZ^CC0u(NEk*~>fr@C|WdO z(HEkhOPIEfhrQD3{$8=dqDfX3g1a2*8zmBaAQI~pu~`D^sf>eiND7d*dA)U7_WS3GqPs|q63Y@cZv=|a^HRGBkA3Rx-Gi^dsSPPOyO_rg7r zG3V)wHKOjMet78uzizmCuPSnsGCerWD9{Cw0{cGEiwH2ymJs{3<7FzTB4@<)Nb%}3 z{Xv3W40&uNdv|Zi3_IuQD%zOXOyZm^v#m z8YjO6>1;>?N~cosQc`{eMRKzOjEz@1eu-fo@DZPe(%XOwOh`$Fg_F z6?k&ZY^Y2K4L()!v_yF&Abm5j${qd;!-K2vx)`?5z6?vI&DBN`aU2- zU8`x~a`G2#5I&)>tqKb2wTOr|?Jc)h8<4rOP?X zvAG$o60~pWkMf#x$Ol@RUAWig#-6vCm&2TU z%!4(JzYN<>Rl*5B_LN72u@_ekC!w^dwx#5y+bLDXi?5SIZ!5|+uL$|HV6LmTWk%mB zjJ2!_K2jsB=pJvgG?x7M(u56zaCuQjM7H}_+AP#z?PLuno*coT-<5?OcY=hKDl0GU z4U&%k29jKLu$#F~->ewAkoxAd)NUTuF!@O07w^8-`}+;ZA*LcvLXwQo=}=!?p&L;v zywqe(!cW&4st~v<;|B1(xIT=&!vY^!G~f#Tr)61415Z7T2$?Y&_*%bOobQs0%OELe zSd@;DRh{cwy}XEnu+GTb zvz(^^Z7)$Cm@j34lCJ1gR|c|+`6xSM9MY??h$@;xfC z6iS<)U9$2thW8H?SyEqG* zk-W76;4C7h#5`m&-j6VIDImZr326)KcI%ktHU#)C@tn02&<HB?r zBsa(-n#px`HcJkmO6y?!%)MD>)RlRx7I{n z(J?f04v4c*vkTRQJ;G_;TCg+7@qd$1AYgk=%Xv7cWWG9p#6(Dp{;W#C_4&AD@91xK?j@ojST^Ac0OaaVQSsXU^F6>!>p zc!6X8pEXsmLXD(q#S(xQR69HzhG0nuH4-b&$HMLm0AYN+;?vU$hDLCxv z_By0X%I!oI78%r7Db;oc^{&cS25h_$namO1dd(9x^O$5H`_*gH>rae<-Qf7I-)C*2 zM17^5ZIt7MZTU`LE0V%N$>Nwto1#kG*U35qQM^092jO4V_G*u}bnw|y)7~)p!hkx> zxp0GBGtZ9lX%xPH_vvJpuC^)(quY#<=AMm}%*4#p{6Pf*PdURf5pT&3)oTDr-jhp@Ff_>G;4oMC_L{3QxQ_Zz#J)_|Epd7_O`F#@SP7HQVwTIb&0bRwvat>bI= z{mV*Hc7jI~-aSA&^Z0m*rg(TLp=I}&dD4^V!&NjHL=z%4@kQ@rPo!zjg<>?sZV`bz z(nDh946a25)Sbx}Vp+^21{nn$o<-dF&30rI!Z{{&OAmeM*VS>)Mro-`I0vpyaf6U| zA+S)q&A{o{GLxI$cPEv-W82~w>=AWg9VC7>j`FW|@shh2R@a6!j&| z%&#$S5^3vEOa;A@Nw3+T@2@NRIaYUZa6~EaBq)3{mi{E3>#zP@P~OY8i$5to+3c;r zlTq-Dk56cLyc?M>a;K>U7Cy^lh-4-97@Kf^hh;_cZN6{cNgT%b079fPjUGO5hE<(Ruwu&KJ>?1v}Gi3 zQPfFgMjN}VKTl+A^((^vBZmnim8dF ziP3q-Z^KQ+%LdIfn7MD`z$0b;y($-Bu=JtAs4a`mGxa%N8+?A*^_P!uuvUHIt3vw4 z#j#EpwfV0fVUeE+;k?p?Iz2yMJJ({ZzOK`nc}_@cOZc5+Y06P?<^(0!jjdS^e(ch( zdLgmOubeg?4Cb{}Kt)o{y*ILqh9od7L-r8`-#dkkS38FXgjbcRFqvJ7XCV36D-N$% z;?yUdNGH{>IbVj3%LKgC(;U*OT~iMa#cCus&qG)L{x0un2DV8pBG?Caw*eCoyVeo% zW~07X;m40K#%fF_PE-y0_)OaTcdVW_v|gJoOu}8PZJJytKh?<-(3LQm;S%X;oFvG9 zf~YydKmVLn+~1JlRXodDJa*^s=)S^`^vQSneLUpVCG<5Mfn!pob&-5(=kHmFowwH<}212^IAy|`-DvhOlD$Z(@krzgrRW!RH1 z#jcq5=!6AVo?TronKqswGZ@>zbC{6umC{M*@yV*t%SpK0LpF8v<%@bx*l=y=cv>2? zSB=FSVltIKj)u-igNcI<6|JBnou_7tfcG-1W96uFxfVaW_1sU=;w`nk?6*Us5N#$# zws@pglFKW|CR=uHEGq>emn28L z=SEMTxG_bDJt}_IwicqIQdv3O08dKC|Cj*RmD{l^Dw!3o5wEkDhTP<989UZ@2!>&a z7QuRbutN$7jjxQ}Fx*Q8Exu|}9EOs&=^97$obOZt3V0@*W z(1iVz-xv>D>rt!0kz3mB)2M@4tmgFyJl8DXx@fYpL$}Hg7P1gz_oSl~xJFU^R#W-f z{utuYuwq-0&MyF|vB1p|m;Q~oF=N~{&iDvPY0|Q-WNjMzkQCdHXXVbwXmAA0Xcy?4#_EVX}GyZq-G*mpLollQs@J*HAcEe~$$+TP9l3S9IH90nRE;xhu z-&E5!S|S@6KzyIPS0NUY^2leo=9qc}oa+SPDzr{(@_?Xaf(fxVaEeM#VclWsv?}Vk z;M)3(pAO(*D!i(g+L8IC!nby!U>5l>>Z8$4sOPdtfzvP!kEIk@v#8W0PXs;axz&b_ zyq*mTCY^UMvV`Uhq1z+INGtHhz8`aBAQAziyua0UL>#kO_-Q&Dw;xMNWCZX^_4(0- zd$Wwg>E0u@)H9=t6K_r2<;tJF=7NZqV#o058vp%Wg-*UV1l`BV&{$fcVr9~7lhZ)WN!rRk>m)Whg{=~%k zEeEGIX76_v9*2O>IAeQu>=Kp*n7t^O>2~!BWXK`{QuvwIoXdg&3Se*y3_eCeXfJHpdh<^x4>|~$P|2Tk44m^VNh=HtF}V+?B7cMU za4HZ-GsY{r+m{}bKtz%t1C_AossbIR;ep$&c%+=UG9_L~F(C5tU^9eJsMQPoE5~-P z6Zh*Y-e~Nv97JuQ+$`TDC|^M8Hk@I;Kd}o#2>pa(NQwqSsTrY#-)JvA?uR_ik^F^_ zTX!0j{?I^wP4r<>Od-jtw54GH>{vyysne5>_!GRu=WYB|Pc|xR^pz^|_i1sfXpJw<$qN1%#`x2; zy{8?=Tc3yOr#|aAI;v|lap5WLc}z6W&1y8&apLV>osU93+T=B;*dGaYUr9^OD2Sag zmA5?`dUh!dAd3VEgCG2sECQ;Y^si(QhM&kHKoyj`kKzB?jPd7Yps3Fc@CX8b0#Ihg zAAsZEpXBd8u>TYO1VX-d{(;!fty&XMIEwKO1^tbYpHNFsQKVb^2m}QMuwej*^)0r0 zdoCgX2K-Nppt$8tc%V2afRzHUc#HMjo{RXuSOocg{}&PpRL}We8iRoTH&E!E#1IfW z2ZnNU?*{_I@Kfd=np;eSFvfkcTP)Al!fc_(fI7#X6*i= z8~mUi`~so^hxbPyKoB0}NHKtgAE@xHP}sls<|lLssOI)#`hcL!UyJB>@DixF(%rd; ze{B2yM3p@%*zU67XC^K;z$3rQgl-&zeZUa}od8_*c&$ z8TLEM+U?xk$;#c})_9k3FKS5unEWpVr(3N4cSe5NW`MLO(5~D`0Rl;N0AVDC zJERjRjP(0X{cH~;cR{x;AlZif#@_9&#c&6_{&xpK^7*el=1ytnzZ%~%x9*|?>@f^? z0y%&^hT(_862q-f(9Iujdj_}w&hy>Yaytt@Z!NcW?(F_ATg$DtAH)1tMP~Rx^<(&( z>IZOtOH}yB)^gj=-N73_w97 z0E3d@Zw077oBFB10yWeC|NF}tyBUXns<++QzZ(sJdK-}M@TbQAtQQQxfd6WIOQ^Y< z{(mgo-+2Z}$RC87KQ;cvGpKmd4?@jd2L88a;0*uWZ6KlMPmO=|{4+rW_!N4#2>u7p zAO#lCZ6Gn@PmO=|43c%fsm^!WRkyUupS$wg>U>*~ehdQ$%>(#Q18M-IIs<4lt}uYOyUp2uyan8nS3wPdmgl=2?(R%a;Fj{k3TQpO zCBA|h0lYul)OcWh2C$1+8SYquOh4$0zvu5BJ1W3Fv^`bqPP0T}adOaNa-Zh8TH;Q04m+>F+piJLLLqp1Re`LTW6l8FD^%*|NenYn2T zB;?-|dmxV^g8x?*{O%rv_2bQ2_nD!A(K|&aMWvJ0GRC3;Ns&kcm}WE;bEH!9d9DoW>+85&%eSPY!lk9>F2@=xDj-Zb zdjxa%?4RLV@_cAo57$a@cRT4TcD*<~+K90@J`8rKkZtbJbP-0Sj zIko9j-r`d?K=xs>p~W#->p;2s%rmFH>3Y+tdcxtJ2gH?*KS~}3Zub3?OWR|c%V4=N zB<&}@T?9|(iapVKr>&nAwe}6nDMQ?og|7n(w0-n!XM#Ggd2eaJiCCoxr{9>VfK^;q zy9`TO5ZQvI5C(#Mwx0&9quvXp)9$bbxkE_h4WfSNmJMMh9GE8j%ya027LIN7B|)S6 zaZ?3$F6i2AdR+eR^yKghiN+?SWJOhC9<->sDDdY9(=#?92rrRT_e}7KbCxTVH=uI| zNAMS*5{(M#ap1z&7;>dG7fcgQ3sNv72&9{Yj7{X|8zY~w#o)&=_oQf3>Z)s0%O&9D zNVYClL&x+)zDG~SSRt#7TMNdfqy{%Yyhnol_B@lmED2`aT<8g*!h3fO98c?*6O1E5 z*TD*7&-<-msYDeE>=B*0cyKuzcyII!dh?^nQ-@<=1O^LJt%JRCxiWky6%CjneBK&( zRrnA|_|T*N#xRyg zyDD=Lek7Vg-z=nJkg+9L*D6_niC#ct7Bw1;$f&_EevNd3MuLCe7efhVx?=2+1$2Vp zi_>c}&hSo`n%bpLepO99RzfEg*oYg$oSCHs$u?!CCQKWg8uy~EIo*W~RfRss+Uk6C z(|y7jimLNDcUFOksCmoR8oPHt!tU#A#)bdbhuv>v5Nu?*N_ciLu$o&DoFUZJeXAj?!L17H5 zuhvX_WDXULGHPOV=wtTGiQ>L)^A?*)jbp<@^+}DL*%$iaAJvjr>HN6U6MINtuM8^2 z&DP&1I_zRW&W7x(W|tHOuyjR$zrz1sqBCq?QhZs)fN1qbzAIi22s;*yp?A1-@tLCvnz3TZ04@Ou3ak z<`dEgtm0wu7`>(vlVFAOAu3S=(+`#ApY_XY=R7LLU%t0bY?|wQ9e{nWdk7b-_sB~F zMZ8A0)C;c_qc)Vfr{8_K7w;wP>}aO%DOS+#M~vS|nNCu8 zV!j%rjlH#y&AhgXL47JLtZvATI?Q#=)qy?}XKV;F?8{!5GhrYoZpbxUBb*fM+4SvI zB5yOUf66&>TlOlP%&7XwC`-TxLu_*KwTq_7cUuwF{qIc97A`03U&9HLP>|LHhIuad zbYxZ#a(1u{gH>eBds%HKd_Igqx_aPR+KlhS8CO~I-3|=Kncr+$)fT&5-*`xFtv5~A zw0Xv58sdaqk|pr*(P@N(bi`uxYP&JnQ8Un;3`o&jwi9BmP!Hif`(z4N9GH zr0jDRwr~7mI&py_?VQCqDbKn`F^Wo(o(S(U8&ZG5F)(A z1;6*hSegpjN^ZAcYB$eLY3A1=9-3mT2}%aWRP*3`@)H-Tq^!kEVy`nAsJL+jE%y(Z zL!+vErX-%TkmNQm*@MJXGl|42mb6pe#4$Gt2RF2(RS(8dpKM7!+dmdQ*%Ezbe0?z4 za@Eo}S!a5t;v=86j?&6SI^4ay_v3fOLIzk*nPMs&s!%W zF!;V^FrPpJ6iw1$hhAGka_EQp*)v$1bYb+PwcuFr33aP6@FV+-nFMcNCBuk$%_*evLuYtT{XG*3=o z2OAqx99G1xoT;zPTTM(g3@DYtdgmVqG8cI(cAt$)b#tXR7+D07fcs`2Ohua2;Fog+ zU7W_{_o8|sj|9$gyw~9%3)36iR)>nON*3%z`=q&yFQv4iCNrc&fw->sVu~59_fzzh zf<2C=F}lpOb3&UR?_mEIMEEZ1QBhHG+eBlXCkIQ~x@{Du(e~uvB%}2; zBw`9P?@kn%)*tvLuFI)*2S?}5=1@|~?Ng7rQD;*Y2(Y{gg+eb^LU@1@T|vW+H-O%F z-iu&A>qSpJaB*Uf$Hc}RNOB&_Puur&y!IsZsWVLJZuX?E!+k9@ZcLFBHFE1n%X>)H z`p*VGJeGv}US%&KO1yR!kl;n%;@5sqnkWQ@zMDK{2epvJ3ODD3sKRAL&fnpl;ox9G zn=54X4VKF0n_-vkgN}AuV{ImTqb-`CQ1MGzs?77Am1DMY;@v?0uB@EeZQIqH70s7* zQDcFONEA$j75)>)j3`W~Y1P)+(pq*kt3oJ&QKBQ(sd`aI*V8-+?I zaclywYNEg-985VDgxtiN4v^zyNaT%(SA8EUfq(OPT#^cJQp27ewB!xV&BL-;E_J=u zw-CA<{_c_nj7XbftRx%j-7|mgX()^%PV|wi#2N=dQ`fyLeD#pru64tHmyd8kW^M)6 zOl@fe4$L{V<1vw#40a#eMHq02Wo=A}Yh&`aQ-wDUUL$N(iRv!7%*ePa_Zks_VKU(+ zgUL5gm9B!zYr*O|cacZhZj?Y0M|5&4S8p`Dczeh{YQwI_VI^8}$W|{|?odpl%0hxs z!Z*(}UW~x+vLUcY{1L)j<>jdETOw9}>16Mdr#?#VqbjaTetgm$+{3Jh!q$KCN|C{Cv`SsHN@b==hA#3Oz3SWq9SPIVZ115`|;4J zuBz%2H~R`Y^|yFg_*njMBhDZW9WJH!SoO8mjBjj$MneM%F-z{db9$ZM5Bz{Xu%)&O zRnN0|c$}ZHV)gjN_shp79xw3V)YilEb<&HqvoUeiUz>R>Fa!9_))B((XeUs z_{$E<#M;&xj_Tqm%XRT;J2d%NL*-1iEmdry<(-wgHj<=g9(+FK4t-?l(uk;O)HLU) ze_y>7niiTf5XB9LBs%rHCD7*eM?|Fv>#^`DlZ@3=0=d5Uv?2G$LQr1?X%=8!U~ltr zMfEvFZ%=c+>6cxNk3Zbd{o0|6qhMMVlA9GT6EF!-L421W`*`B)>9OMIR27Qg-X(@z z*gJihk!hseU}HqdN$@9;0>P*8_x(~-!lo1)9$|`HxjQ--e)GvB?X}iD(H1~Ws4r*Q zYjn0v%P4Qra4zqx5cc9R(i^ES8C%T-zn98m$HI=SZd+KSW|#Km!>a0(Rd}0H5WZ}E zg+3wM(#A@-nqUgOlR1fOFi%{t5xB^LRjq31nsT4LNE9x+cnhVei&*se$Aaf4nbff+ z43dcbiDUs^Y0oY`YQ5?*(d{(hrxHH4iWm3I!{kAFbLfv(eYDo9LW!Z~@T?CEu=zi} z|BbuxKK@)l-n2uN?rJTE(r$>K^c)Hi%gfGWF<;hK0gU3xMRjea3m;Umufp^~AyL}8 zMqg7;qgL5GlP29!?N6MBSorW#Fr&h_E{&ee&bV-kzr%_JbeXN z?5w=5$J3u%+87@-csGRQQ0TNNR1M1`r7SKEyOF<8$xn^iG^bWWucX`dV|pVmC;eRd zfN2&EG9GnZAd+Jro;kSSlWv?E)CDB88qH`N#9H>bD^!L?bJMtDQE$Zlo-iRBmxjRP zT$?n+rwtbvf=gX2oU3mi(gmJIWvGvSd9gCTZ=&3d7#G_zht(T*j3}-#D(it4r=Mi! zKel^LB4#ke;p&d4eAYFyI2XK&^sF}0;{lhOXO6Oo3&k@mDVU4Kw3agQ?jbgxDKui2 z32YIO&^E1!ckUAqEYk&*@L}Iqf|HIiB^46c;u!eI?+NdB3cBF=nR_5ootDXU2-@8{ zuZ@%=vWBi6gnSYv{z}f5t{JjDt+ZOyher6&n6R#xfgzkz$7>ri>>g&jdH>42qpAsJ z5$)=QfuS0fC}l|v>yhwxI5IIar4Qj{0#JB^qg^j8P(S*2gZGho77@d3dy(?;RwV@_ z(KUnVU`fLHMdZw?K8sWXL(wI5cT3a6NzX)CP$?o8K!p@$-f~WZLAa*EkZkkUH`T%DU;IjCM!JA!IA*d(OLcJeiNg& z1jm$QH>Km`dp~S$Y`=x3?5Mfox%4Eo(|7&%goXA=83)ilLocYBZi;k=x1wE7Yc9Lw ziV$7)V<_ruR6@RSS(wPjzlzZ+6IN|eAxD{3QC--enszWHRyY%+c$#T~6^VdGY`v7@ zNdxO+kFEd@0fz9UPJv7ZCRTD@&P6Gp5RMC4iIU)8BTba``*ZOva9%LVENDEYIzl)j zb*E63g_gM3cBPT~r;i>Ja*NwVKn}d5npcA`v*h-mA%YWgO$~D`I^=N5f8`?@n3VE$ zfkG}~1NZwY4rPx=626=@Z^`e8;xG16ltVkmypC_@7V2AEkFrMC5JP{|x)N!^?*HaR z;dL_^Z*0Fp-k%US_Uw2OXv*A;oam z)o#2#1x3+(%Hl7NW2)-v-(eqTGOHp|kTrxtywlU2_~2fv3$??&*8Y@-A2ReyP(|mm z`TNQ#{j6kVOM~R_%|@>ZHGf)vkphxWhFLz5gH+hA^Ht3QT#abKl_xdPE24p^WQZ%f zxRI?%YX?Ss;I2rRQVY7GF1ZUh4R)T091lAsdlBshj}yF%fBwT2RmByILFSKH{c9f25>ef1>R#G%(`>A%ZT`UYVCak{Dq`K%) z!qIbnkj1ff9Z{t+;Fu}R>GB+kmXaK*H!iKtCD^2&g&}$Fg+W#8-PaH+JKFV47P1`j z)wBIln2aL%jT5(5Tsmm4E-yE}ZeM6Nr(4+mA7$4aPxb%(lgyAEk-az9j*N>09G8JUp~BAdvJQ1;$?Wki1W-uJzq&-GD#`~CNRT+TVK_v>|D=e*zV=ks+A zmIX^jz&(RNMd4{GtB{XK)KeEzk<(hEKd0Eaaeuh>EIUvX^%lvOolSCooJ6S$Efb@C z{tr}BmN$9AGvZMdJ=WwrkQ`#J43xgra5T8Sp(J3aP3bFl@{`snreu9eDxD_UV@!XF z%co7SCP-H$$&MQh!wv_(@|L-mz>TMg0T-^%-%{}pl6YiGm11CWia=JyHCbUWWI)Fuv z-quX6Tz1U({eve3(?RkNtTtB^n#a%UVncRndz!EWpS=kP>EGHtNAIyUvvp%r@_SiP zrLyGZYB%-dWX})6oQkRJCly+p0U_;qAEePE`j(I|tZ*3h;CA zgZ~COW(@mIX1UNTh=?kzh^e{CHt~eun=1VJL z=?kzhfU^Oh#~IoS3J(OPq zlTaiMK8Fav$zD>IfB>mI5vI@;`@#;K%=9k+6~(|9b=w?XY`-;AB9V4=CsdbRUKM27sgB3pi#4 zlq3QF30~)f8?nv_%;u0AU6T%6Hun)3>FC; z`7cyJVMoY%{Y!6zm2En!0wMfDW*0UJpgkW%1p<8cn^8b#>+C3?#T6hh8nk`_3`_i- z3PksXj6wi97qBuuU=>hs_>Xe|T_N}=AUgnjC;!0eU=7eM3mFZ7azWv;-;D;rZNZo# zfXe|MaN5~_h0C3;o&l}>1~v*^h%>@x;urLWVK)J`4CE=m3C{?hiJYg3Wq_-&L2vOl z!e=d?3cEZ&o&xs4Usy&6yWn91dFnU9XDuUmAXpg4Q@~dI-cMB})D1$(%dpvoq&I*<4~?C0J~ubO=Z5?d$ll-!V2I!g z;O@Z}h*TS34*rwg5ZU8@mEI5=@FFA@cnLn9e@pOz&HtJwgUA#|Q~@6~KrjQc!tYcd zxI3Z>_*4MJ0{^T6;b|681w5euhc^DK0wK6URRHM?ehh&d;TXbi=K>+b0uN`W(i{9Z z0yn~Ogx{({@L^beCzu1A30!A#%xO9~KsrI_u={UVIMc?RpZheM9LQ}54R#S_&)Pi| zZGqJG8`(1<4|)dXpLhvmHdxd4Q%}^t%I2qd<5WOm`;F{by9mAqPA|}O4D7+bm}dm1 z10NXplk8c$2;K%KBLP9+FYF??8Jvps8`-mVPx%!e@a6`DA;2&^g#BWofpGB8BJsgy z3%bY72>;hI50nHB5r)v20QwvF0(c4rUqJ2Z|HEtILF{$=2VN78pun$qP4k+eG)+Tz zJdK4linLF0m(MqOW1(-Hca6aEiT-r+ZAnxvpAopA*QkDfT*}~VlnNCFxT4pjyt8J1 zu4;CkQffMwtoDu<508gK)^-L5e+bmtR0Uk3 z6m=a*IkKY>?$M4&*)FcC6g>EGY-7J=e$^mkZHbaGdzp`-uYhy2|B$Fg_XN$$aoO3$ zZU4u(qT_Nt4wX%vn2J)y4#5>7+O;2hpF;ZOsPBv2F1jx2S^IMsqmJn{*8Fk2CKIE= zT{a@o^DdnaQ(|Y)k9hJvIU|QsxqE!h6nU7+(EdyZDZ6cGxshk z%6yJtG>RUOlD>x-o~g9#g|bgoFF?hHQweT(s41u;ajxnP$tX>FSlkNQIk6>~`+I&& zf(ls`bkapxTY*ZYPHogAcLp@WD{Z3;v-wP)Wt)~NuDUFhwnxlK&+-{xua}fmPg3Sv zqJQy9lbq8f=FaD~xh6ruQhxI5Vb2qYE6$H;=8K0(Nn)}y;-y{T-o2PQX_~{o+|#}1 zPjGp~XpUvSK3w+G;9U{r+*Z;>oNs=%TQ<%mzIcnJbuzx%uDb7|YvnW4-R8+VD&@7M zL8*DeU(G#T%?6$>Kzo%$kD5kArlv*>rd|$ZZcQ-4}ImcK+?#F4-qi(E|>|-@;0gb z%y)q;(ji+v!8Y+Lek%HwTcb_%JyZS0XB?$rBX&09KsGF9!?A)T z;neD*PBkyX!G}dTvyDq{9(D*zsU+*|3FY^3zt$*GBf@6#yVSg_-BPz{fz!xnMRLt& z7!3GZ7Ct1E&10@gw9nf>O^~@DR6StC zye8j3qSF#|i^-~vnGx53P53cW~7n$n1hi(kb9jmU1uTx>LJH!um* zesHAs;@x7s#x&6UNL4M#F$cBRi<}7_ zwp!xE^GJC)83%bqci1qB+)%6#+PF4Et-|8V!E{gUlZsx{mJPn4B^FcX3=+-L{fqshyw+z;+CoAD*p8h~ zC>{jwQw6W|V7ls6GDb_u?zujX^-?fBTD&?qVxV`^@ zQ_3#egJJavjEj2rU+6m4m$1K5*v&kWIda%1<{uT`ae3r*ClW(dtp_PzLUW|+fqR0q zNEX4WTue!)UG&10mUB^S@1?eug-QLw2b=hVbq?RPyUsba9mPh2jz)5q{D=ia=+)^T z=jN`Pu{LBg6?|DJ{j`54EAUQ~q@RPb`CabMNNrx4dNV=!9Cz%?nqT!=GVOicdwAmd z_F!#wkilN5d_=Ws~KZFs2-Kl z=rYa-cTAa9I_XW>cb2M#dLI|mmRdw{y+k-a9yUqVj@~S(tr)hL!h5AIX)$b47*E7{ zned&kMTpjpTUqogAL*F1PJ7|h;@5gP!wj48k6MjYK>9t-s&jS7_82YEB8n*|5ZSJQ$5Coc8>%>m8HHis5$Ip4TH|220f3Gdb1OYMKQKw?C!al}15%PET7m z=y!s{H6x)oZMLv`FX6bQ2x$UcnB{Mm zFGV$R1n{sm(P&suV0>eUHWVOUb0Ykna(D1JZ6uXriKJ3K;$yt-ms^z5m&>-bduOlA zwJrxDuZ08#2NJr{Rw79~$<-CBPacWaog=X!-SbZQMA5=tw*B7T@}Zq=1 zZ_?!-4=6-P?g#d)UU0pUcol?BMlYt^5T4{)ay8UFMoKnpf!F=EChj+dCOgU?fre-8 zO?Fo&uTfy%GI>qE9r6B3XuB&<&Ev;q%($!a=~2{IM7@14-3=Sc;31imihCld!I&I@ zndO$1^g{HWN-(YbQ#JEE9v9A0y8ARb6>hRISh5oDrfDdB1iZ3jF$KIAk|YK7yBz}{ zw7ZK+Ug`9mLHGSmF6G9=r`2a-ZQ|(YJ0WG+P(|JB!a48{p4ZP(ZG5n~i?7msQT`FO zYjvHFf|6&nHjR4s1eLOXF4052m?$P~B<;~Or%!65x$*k$qQUXTA0i`mvDx##tvRwf zs8rT;W*v~--3xwDmT*3H>1B4MP%tt5yn}~EC02U$N1o7Tk1jKMKl*bS7ggplFD_k( zrjIP96GkDB)sD$3Z;cYz-?o1=>$tz0N7=XJvA-)A?X+KkQB-^JO&PV4rr9Jnhg5fO zmGf276wr<7urAmBDB6ZX74IAtZ0@m$!YtPcLT>8(oW%Rs!m7)Uj)Gow6*t_~_f__+ zXYyQS{<(pv?{;N>LwEnM%s*hmbySIYZQgJ&=}9*SgmT9zO?HmivnfJv@YZrPXxa%45bbseAa>s3m)i-Ny2rR44Qedx4Cx0-w(+AyW^ zG5x)TiK<}ah3I1q6m!uR4T|)d%wu^`feM31S$=$1or>DfCQ`3m&cre-BhkO!jjuTt zr^7LVbNz*xKaQtbZ!?lM)g@0hzdJYXD9HG_JgB8)t=NctV3J#K!;q*xH}8T#eQOG* z=iIHMb;Y|M3}fA2POlKZr6#D5(aa<{NRqid`;N9GT%G^p!0j^pmezbCiMs`JLe#SL zD5!StR%LjM$JvE#iTfGc!&FK&m8Mkn>~34|sjx7~ZB7iRkk#Dnntx|O7qNQ#94LiA zRaw_M-;%($>by<~b6NynJ<2!Z0X5FXs0g9ka*M+e-fyzk7VMKhl3o(CU}Kdaa=hn% zH&d0Xk|r}zp)&0UV+AGAv|6g3Sl>0RXRq`~DjUTQ?UKIoH(lKQfB=*Kkdh_tA5&W-CW5#OfbC=I_X?WE2l|s_V@yY zPFR}AR(pgeWe_SJfLk1fTz>y$<(iyM zRC#_K;Xp;J*aw;{FoAhbY%af`#d;dEc2D!Oc3n(paQpj5{x^?ttFR-^xjr(i9h7+K znCaG2;FMn^ezbmVp8s-WRE~c3X5&zlV6y#>F6SEKg(B0RB^y|GE1&EoUI#O}d6TQ% z&|mJ0E~QZO^eW&#=@>IkjDEq$PhSuf<<=dPn!(hsgw&ds6B!;Kg)2aAdciZq) z_X-pqv1vZnTZ@Zg+qL8WQl`o-E^sxdJn3s?m)W)4Y@3}BCgtxm^0vgt?n9vlZZhVIxheRl%VX(94L6;t(^!DuE|QaRV$X@mPGI#-+<)-U22 z&QUe+@`h1{1=_bI;ZZx);M}D1SfDP5pKiT6Z#bEiV(_We=EQ3anMf3mag{vz!eZVF zUjl(kj7IbMjh_hbcZDXmJpV*V+}`#nA_e8D7@DxckDCWQoj&2;4ieKqOM1r@^$z~t zp568Ll>!E$!9+X0e%by!jOK&KOkK@XNg1||*{S?3DCE9dF_E>-7RzZsG(R}2)HNZcYk zH*Wd@2|3<}fMFNwxopx)evl6}rOlwBa0D_r>!YxbhMj%>qb2zk7M#sFQ=DAn3#QMLlp zE46JTDVpCNwZlU-UzY4euEUL_f@YC-=lMnqc&2!jQjF{ zgP3&v(OZ@492Obek0*`d-{v2F1c2OoV6=iN}^jol$Fp}REXrS zE|rN~T+eW!m@>8_QP7P*{dMG{3FhLSJF@jkE;EF~L+6;O;%4eI28mN`TJSkkQOeX% zEN(g~Xd+MEO1#K&VMnBunJqgwbb@+O3slng=)zLg0+X0-bLl(}xu}#Y$KZk`Sz_L# zr!aLMWBtv0c$*D$1T%>t)hU*XA(;o44bpo>MA$p_C_fgvqi9p~_Vl4&aMS$k&M?Ab zQ9Vhi6{K9tgM`B^tf4=v;#BoRv*FHTDg7m?_9|INVdlV|x(-M2o<6FtKW^~gj@TOM z9CQ-n&FZX?jORz$RdfV3ND5>Nv&U)Y4ZexrbpHl^%tRY#C~QT_z8N0WXvGk-+D-NI zf&L8%(aqK7i#&!jQb#v+x-mzMKTOW`4-4F(3X71s7DI1yF0%k1LRyRD;Eng6;BGk< zX(+L^|A3i4>bRpX7`|_F={8>PjU&HTky)3Bx;`6r`kF&XYe;zf9&`;iUI{)XjdZ<> zqv%aKE~ON3TQz}0`KQs(*><#Ef#y8oRh}W;Hk!yz_1tg z(xa?!xZOTzShW8;{+J!l(0er`8rcdo5Ay2U;E79+?@ zOZxdo<>C+Dn>-Ysx&4+P8790?Mn_TV$}V=ZwiZs2Z;&K%Q*1M8?r%)*seAQCZIj(~F5(H@y|CPGQvw*(VV_#R z@ZH?_zL+@uWTT^<<*AumXh5t~5O(^TQ zspLL)`Ofz0twm#-wAo^ORHMvlaYM#fGZ{9UNK33#oNPDY(e_DkJ8yPMMxtk+`!W*P zajP?xQj9;R(z{5 zjh0Ca8$^P5@T^r4mFO5NJ7ur~{F@13o1W?sf)6^}wfmVX)*chILvaA|nF=ox-Zf zK&eS!{u)>#0D$qp3NifZMo()*fN&rn7+4_~6#)wQ{BL21G1v`)fleM+pFl8Sh6h&8 z27Cd7HF@AY#(3a8#(3a8#(01pW2ffeG|&lXhFSU>pcAkUpL>9J0vQ(kC_N9tQF>Va zxBrrGfRUe70Y5{}13lypFlc_O0s-{-7p3HZ7gOLtD5mgR6$sc5q6!#R$^-Bvp>y|J z6$lUzR0S0121+WJIRVDtc3c-iLAQ}{{gn7V!_V(GL zFo1s8n!rhnzY{(KNFmml09%IQl`tp#3(JtL`j2IxOxf>*&ss)^zF^Bx#1gg-{=zas z35>PW48RmlSi{THR{onVp`=N8h=Xivgmej>MG%}91Q>zXgOxP- z4=)I4<3Ad0&gs`G`K&XWdfkgEi;j@+zJP>RdNL0X9{EK@=@IA0FlpzD#$7h7kT1N0X zSR+DMFgPQ7cCr!N4Qv?5QwTl$5PjsV;ZqI<^RHiovR}?MLNtUC)nK9Q%%IQMMI@#F z>U9#DxDX3017iYb8`nqXCN`>%3~dlY9yBk&mmMKJp1Bi*^azxdgEgG~&xrr?GWidA z9ZX`R`7< z&b005!;$CcRj4$lsL80WeZ$2iGt<5>_f_>+U0?J|iKVoZE&ww zV>Bsle2haWRqy)a@5i;VZ!+}ihMQSRTpqOx#LYWDG~kSTQR}{UEM^mzt@NVWrAF`Q z5%uNwg32M!EZ)0%Z2pjL-)%0j_hgSt64Td9?KU?Ts;$?Yf4Dh%@M7Og=)?ml;pfTY zp7sM%BwX%?pDx|O)cO!A$v$7J@9t3%)q7QmCFdK(E1$!hF#Fw}R`d30f%$Q|Ze7uHrqlepa*pQ5yTolCiR*<`&vrm;7FgliN;?YH3vw zyWCgYa((ij$$A$)lai6~wB9CjSn1-D_mVn-efzIVb57%;$Q?wGl??{p`=T-5Q51th zY;`THtm}@BdP#vBb`S0Q&BS0f6FGg7^Js>pDJWwEFCBcEW!?+khE~^Z{qGyl>p+npf5P zM8*U>UCL=XoNAXUN$P1aeL`JTzBRuc+{$1KZAgq^{7l2Ych${SHATYOutz z{Yi=RnB3IztNBDmF{A_*0z$Sna^=lTrpgL<6$Wo|MsQg7RH>fyidk&-0V|sMPEXP3K4Z4}4%4pa zUWXUfv5MK`CbB;F(Uc<$MQ^4vRXLqYY9RI>oLHl%j!6=EHPOc(J{BnDwza^QAxYn{ zGh&QQa;%+Z_@+K$A)4~i5WVb+G5Tr2dn;CYLPCV&1tH^`O;#nJX6VC$3v~{y?zk;r z&RmR-Eb(ql4{HceC;1Y(H7W8{atKv)CMMDoy)LuecgK3(3bXM!jkh3!_7k(j*%$Vbdo~lsIyg~nFRwQJDv=;jgw~(<_wrhpvqax*cHx| z-Q_4wY&KJ0!x^Gd->yQAZ$MdWn2>AFlwMYF9jW4a(iDV0l5Y5c(`6hzhPu>%M)}=a zP+3$_8tLu3PN|K4nO{)tBnqg$@_sGITVQUN#W@amTlK*3TftLoyRi@7s+=14-`W?C ztv%D{DT(8CjR4Im9$CfywKNqFaS-%ajeizEKe##`J}Z#zrFFp6JweAjJrTUp-4 z_Qr_39@oR`?f#0!mg-HnNY%VKXhx0pa)q`cU&LWOGVhH(PF66gzQt2`>9g(^n++`e z^E=G1>5#(SWc-o#iQ2dcqw@GW|4%!0=w3qSNO9{Po+?d#^8l4LcBu z$Sjd27l8)fD^N{+dpL7}c0c@bG7DXmTg%NGE=vUu&P!Y*Aad&+TBKp5{y_9T4@2|0 zlA~+DQDsnX;?Hm$8D_5Gj&a7E7I({N8ygSjqZRkf!OPuoA?%Mk(VFgxfn`)=w@!h^qbx#^oy=do)@m3)g{)j~JJZmn!>CZv@xIg52yXE)ADX8` zPgIDGJiMc%U)0`n;j^%JQE4HlZuO^{*`?=Px+kk`sHG+m$3aqaU(C37#%rNz`(9gA zSzL=o*@Gm5-1Ai9m$ckaR-;py2U?H~ou1RLK1;ZmGOo>7p1}o|&8p+vId% z@k^3?3Z0|x3kzQzwZAo3rIqS&8wh>VRLlOEsv<4TB{WoAmeOzu&Bm20x>d=X@2dC5 z1`p{CV?`#yr#A|+%r=&ukXgiX;@<4%ljO@6Gt{Lq@yCLQfZmKZ;1`I1aPy z-1B?o{&CL6;hZ(*xuO+5%nc&<;hL4SSpFw%-LlwqW?Cz)ayJC1*KM`?EiO7oI|Z^J zvwZ#DH9{WNnQ!Nc=EPI|CM0WcR)r?Vn{wxSW1jc+8>QC97R!U+FDXc`T996SMaH~; zo1o2wyw6(Fa64NARWn&)7C$a|G&Z$YTHQ~H)icG`VJ|{?adWzB3TaG0liWDL$cN4$gwVET0QS*$sCrK8P}iTm-`LP zkL#brd^TN+yn%^gsFhqMf9YVR7wfeJi8l$q^bfYec=8AFmkYo(G$c#$W2bqtAB2rH zYAMI#VTExDbd(=fs~39{Rlhc$Hj~jOzJ33lRBbOo`gD&H3;E>qjp;rUZSRjkhQ8{@Iro&ab%MVKF2y?j@ zj!GSB$2;CJ&;4<5r|?lCdKSK$M-B7Cg%D2X;voyZ*DT4hmVNt%-}dvO?Td1CY~6Dy zhohVc?J?UmdI+0b65Z7w}SL{ zk1x^>lP?tx%V2u&_}^ovy6E2jh;_KN0WDKb<%$yh<5l4ZRhLoBR+m>2s8NV`yWWM9dd_a<)K!^DZACHbtPrgz|)Bv!*bNpwLyXQowf?8 z&e7I6i_W=^q;tVtrm3C557TJ$uV@#p)67%*j_wT)!wob#FIaldtceFVm(y z!_;YHkec<`*}LqF-M?|yXhgW*e+ii`O3tE6>ea2F@l3%)^6r}xm)awR#aZ-;^I7^k zd!iL6se0%eA3U#g-sME6oIFYMx-oMVtHtSA(@BD=+*qUGts#Rfaf-Nphjw=D(f4zO zHbj(e?Z?)PPDKsP@+(^X*D6}VGb{}V7er`uh;`cJTH6dd=XXt;s;V$mrQMNzu7zHq z>+H25v^D`rrrUwixY%)@1}b6xrc8kP&X)u>AnoNLbNgmnie z)#~3oRH?@Vh@KJ;4K?d9_j#xy%{&f8N#+`g!`L?P@5tKFXgWtJK{S_T-OJfJ)_Se? zVXas4qoL!#;xWc>FT!l0%u;UAqe5O(j$6Kh#UgW5HsoWMM;Op)f8Oxe{aF!4*0X-h zO3oG~EB-oAj83-VrS+Pd_{EWc($?}3YOU<5YIc=}U7JXsyvC``{K-|K*dLZ#A5v=% zr?*aaB<+o9WzT->4MM~J!ms?W%ZU2PH>ppkjBmTLUoOl=#tdWOWT2fB9AS;_eM`P8 zNZ&^AK1QTa@pA>a4jy^j=Dyr{J+Vd-kvN*e4xN4GA~$?5P#Mpcdo7u6xffn!P*3=S zM0n40>69!w1jKI9U0QS$xj>`HuuOA2N%;OfLvdK~=t%%)>jSGM`yWr6n>?{t&QBF7 zzE>M3ks&&{7McLcSvW^DWE^U1i*M|7^`nko<$?M=c`mIDhFH17O#Wk9nW4|$HmMbF z$qv0LoH);yOlNPN?3A!%cu}YR2NQM=q2MA$x}f!sT=Of;e4)=bW}q3>6EsDiXAa#m%1`M((0{y^7yI_-!^dni_OIF6zjlba zQ&mNa&gSeEC$6-4CMUFnySx{5PK#DhG@hTHKhjqqwY9>NqS3fh$M3X3ndZQ!D0-;-?+7f~bIk@YQ3 zp*H?z<&HZfJ~;)rT-WNaCA&wmvLqh9W?itms;N4U@veWPynF^Tl~eoa&khZ946E!x zd@i=anPZQo^M~=KH-`8|>vn+$#Po zYYOY9DAUBVbIzr^p@}R#l$X2ZpPWzlbk8isp~MVtzN<^PkTm(6tYcdMPQH5%A8jV8 z$HG^QcX)bx5kg#a98(R_@j+ds2}}21ELseFoOQW_a)&-RLqC~N9ItzQ*=~Ww#E-Z{ z#h94zhU+1l7J5gT1Fnn_xwO@Eeq@?zThoh~@*-@v9vZ#JC#goSZofhI!t=+!D%G|yhMYmG^ zRCvibxTS%k|E<$R-JQ{t$z&f&dFSur^CXVtcf3!-RqteW25eY zBz@N55^^S3xa9RW7frvBd}beDeR7-0<$MDJ0hi!p=jdjmg0Msiw^H7^MEw*g78xD! z1yuBoh)pp^JG21HtHaLS8LIr249nJ516R-V~CBpbA=F#IOU^{^1XqyC*8O87~5u5@xsPHUMC8bZ)qfq zB8mDRld6*Qt7ox@O|cpA0lC~=Ej250)lqG@k%ufEElinvRX=vU6sx`>v}`;@itz7we^wKB@z_7Ed(P@9>K{=4e(Gegz2(Kj z@9(oo?H9kAObNeA91CT(z3zM6KK;|}`0pJy5|}%mKg!rhGjCny!F_Y$6qwLt#xd6R zMo7w-+lVP`u(VO3?rz$-?-zc4Hn&Q8S~q$){wNNa>Y8-Nw*{x$xk@U@Sx-KwMWje% zUk;7@(Q<9#lfke_T4`m;R2k-va|z>nKZtspB9iE7d66;3d5T{2Whv2cmzL0QuOdC* zr7K9bfBtk!$?>Z%9lf;CGN<0vesKYdbkw%Ur+P9c@8t$8+LkhTr8Ct|Y{$%dOni*U zKW*sytuQPlY=-6M+}5uIrI~3Pn{oAyV>t^gqP7QM@d^+*fFx(B(jmV=eE%aHK>-0*06{t zX~$hBW?c(h*?(cTFv4Rb(h6$aS!TWanX}-=0kz8siP^XCPW)wOVH2jIyrKs}LzSkF zr1}(IQU$2F)8OU^rNv3?ocBzbumUG_@`nsVvLpk^SZ4L&DeWtDZb>@F{HCl|>N~Wb z`gDG{M<&{G+XnY~XcoBDF~9Qo$Cvc(8mufM%8pZ@{mTZU1ZYb{Xe`!O7@z%M-wOX; zf;M%Ntm$@Z5~oi-KlQD=Lw~#T&FGyu3is|9an#yyq^-S}tOpog}awMi-^uJ|~kGct)-vh`{Cw!RO-vNE+#7#673zgc?) zqn?xEoUbf$uw3z^xuJY5vmk1*eJ9}ZTw=1d)Uw&E0)}=JX3c=6Vm0!*U+N`v5R>)9 zH+_fNg-l0GqyUj6>)mi@!AJ8#Buu)t9Xu|(ODEU&mDi5E)|U%%YxYlSwnNt`*F1*A z4qk-UCt}eG08>EwUc3=$V;7e<1LULMj@GG=ZK*o7Tac-}T%AJ^S-i z*X?F-$w#yR+Qs3eN7HY%E{;rnOjY6#6~2bL{j)w%cbGbJ-;|jcckZM5I^iC(e)nPSPriGeG*RgyIZ@|BZ(Td7 zRkh(e78kv^#|7_$>~BxFjrk!ra4jnI$n02*xOXG<1m|qGTi2++Hc*w4WlrIqPr;&h zoN}_l3bb6ifj@D4%jx_#ZN`l-{EiY^n-@NF^>N#^JXvmG@hTW9(Mq%|$tZ;(jMH?% z8>=#UM_THWMNYQ9#ukLLm?XOKTbQYi@+Fftq-IG@*tL~)Zwif*a4RNIIqU=nni3?O z2=3^iRc2Mi zWj(x8^uYL--aY!b%yau$gu|8@5nkr^T6+htgU;FuBbyIcqRx@4S}Onz&I4-8h|>vp?LjYC`T+81Kc`*|3hybiUj_R5(HWiR0(kJ z;1VKox?o-!cvJu=%?&Lo@;3@0C=z@!!8Z#&IuF(aE+!%flneO%!k$`_Q~gC@YN(*) zVg62gskGzIw{TR5?{mj2#fsPsHLc5L0kEr65431gnA5 z@&o}|9^@CeO?ay(L3pbt!GDQ_|J>#;Y$6bxz%~V7n+kjZ?0@hDu=&9k(D|X_7l4Ht z@CB4a0r>?w1^?^z5PTnE3gD7}rQrk>0eEFN0T`c$UjRlF0$==<1%wR(u>hYO0r=zy zz$ZuG?i1L!P0OFEkD5Pg8Tw=Dt;K98TRXn3w*l%?R)qKZ#`8PN0*-uC|E}YzJN_OA5aAk@(avc z`GC@T;9sD1$iO?7@85cTe=>!Te!w@w2N0&f(g5KLasl%OK7gbF`31J``QUUfK7cIq zKj!UJ3ssi9su~@0e}x40QlemfDiET|7GFyF6V{&CNF$*^TIbbFMM>m_j{FdCkVctpubzs)A0iYkJ=!3)CK`jn+hDMV5j1VJ{e9YyY00`S*PVv5PS<9{BSt-)-QD+KHLCzf~W#UtOc56LS_|+ zao`sW5GTaT`I_;|FdkT zsl0$VY@Yvy$_p5QFAQYxyinWlLpUJd^%G_innM3ekEMCdyh_`c!60ap6!kE#%S9{k1wC3M0j?({qPFBpm-sD9Wuz`{@x>+gjB zOHl+t8!!GV3?+2J*6uGXBX}{`GL*#nJK?jI5j+s~mIrsAzp#wpfnZ@Mi52F1XN1pM zMo1LD_#^^7Kmm(hr`EbpXTm|Dz8f(EmywY?`4@Q-3o)XqfoJ_yC6i zqV-?tLvYq#jStGN{eRpqG>XDq@LyUh5I_(Igg|QrP7uO!4dVZRL(6GeD-fA~fBR6{ z_AeFvdbOcx7pCsN=?NTnxPc771C$sAMg|Wbr@nvzX&X_|zX?hg9Pz;~6#yF_c8K$r z8c(GwX!?iWC|Dj~-g82uy8yVyFl?Lrg(8Ig0VF3#ToVKrlLhMlDBr)jz0-q1cvOPw z;1h%>5dxn`1uKEN@LvoBVJARu10oBs-T&tR5RX(r2LMbjG&5m$||4GP*=dk`NA)h)}1s*a#xC1fxVF3Q>2LfLGfP@S? zW(zslfbe+-7!|@@!&JauL_olc$e&dp_$_$Kpr?9acYAsx{wj+ib`Ajx14#gwsx!i8 zG79t=6f$@Sbsku5@CEQ?;~x$^2>Rv(yT#vg=)p&3K!_arKFwhp@)j_M{tb!urNNl$ z#BBNQxiCDcERniMTa5EdA3XnG9Ym>8kI^uUnX~-Z>Jt6O3ESv(HmZ zxqi~wIGt1#_l6=MBxE~3pYkW4`*Jgt1Qx1Sa%rRUe3kRwn}F>%cWZu3wzN!cZ7t2Y zX&oEWqjGCu_-u2De7Ji&xmaYNzdB{jEpp`QSTj5+*|>)DaP{tF^{Ck9*P_SQZsYy@ z`B=Ge%`k$;^NE+ZQU?AN0U}z@y}kbO<;#+FrmT$1Tl89K+pl;A=H#%IIT+a&@^jtk z-?2DLcxS%*pcFU0>RC0^*5d-2pkzKO`a!T-Sjrs2%4A?A!NQc^{wezMg@EkpseU}H zgt~8)cq2uAc)k3SSIY;FUp2IcH7uOda>Ja=Rm-@{GfJmd%1QQ^-W9|wZQWso)MQ-R z>xdtnrx$--RS$&=%h5%8;^>yP_h4ji$Q3=18;Y&H(7Pn1S>uiH+Ego|ppTVY)^u%g z0)n2FDuS?B-<3^tFtPRw7JRRcN|T9_jxgA&Gxm;gl>K5L!;Z` z*1lL4QT~wC_@XKAXL>w&W`#UI>sIf%kMo2+KZoc~}`^=BIG0iHQIGnAt zQRGWU{TAz1a)>KjBL}XVw$@*e=1RhS&0$J+k-&g|=VQaWlDm?o?~*{eH!4s>6FJz1 zaOp=RF#Sxl?fgj!)Ro#WJ>@%BRbh{U7(jOxrHoskW$I z=H}q8ygOE$H_L)7hg({=K+mQ1JuAT9kXH{>Bbnm#F)pC^lGgj2>cL0F87it;%{m_U zgcEwY`X#P)A}4ahFjA+ueB>f&Thx&u#3@ibs~_*1BH+W99{%YM`~nUowTKCZt=>HbW^?Sh>c|7}%#G~F7a*H2xZ(V+D5>ORPMY5UUg!<0&Vo@fw90c(D`bV7@^ zoIIb65c;Q#%%xOWzG&(x;j~>b&0sM!NmO@s<#*5Pc~&E>^IgbMR_?!(Re#3w{{9hd z3I(GWQ-GbWJ=)VD4H*SPB(-7OFmW7pC4vw#SL{v|S|ZvT-B-DTv!2|gA1B-XIMl(B zoxtRj+~>2Un2_U6lQbM;-B7j(*va;xBp6kLXtHZhf#M4q|B0 zqm(SdLS+lFO}r{8EIdRZnX^Uju!EyOq#&%sbNzunV^DuT5etW%NIkCBz@83irx;N= zm2M;UUFQr?LB^D7Fe>>43$+ysv7g+23>fUVBZ(<)SNTgAk#ZL^zhDqh(P7h-(X5I% zXQ)-XhIckC8MuvApjNF&t(x~!BR^Z6njP6usYl)*%{uMeX#OJHqmQE4Oz{K)IdQbvl} zxuxoG%X%tY-S64m&l|+yc8Zj9$i5cF2@dP#EfEt!-W<#Jl1lNJIr!p_!*AU0v9RDR zd*RVZ*7iPi(2(A$Me!v;_Q?JtZC9}yla}hGT+S&zxz8&#Qg61~QI@O-IWhIJ>t4|f zzOZ4AH(B~T23J;In*t^4E~)m5*iSXxyQs$E(PwVeeC# z<#LVU%MTc4FVOT{S&$XF;T~E_|FJmswV2#9zYHZ?nXCRT4Ri%QG~a)qTa2LLiRRxW zYP(5j$5tXrHA(x$M+*b9*I37xD&C@U-yp9`D`jgz6#W^G2V}1%^7!sj7GQ zDJCY4631u=7KVh>%h$7*UvF^;ymwjlEvBiqWrq~uceQgI8o>s*Ue59syBNuXNb|Tq zQ*Hgl)pE+`NEj`RpXd{|2FUw$(HIuX54)UDUs^wU81=bIl8bmbWLWR&q%KiTD34~5 zVmCQE?wD()+vW$XJQJM@yKFV_VigLHV}^oP?czS(7{So~q)i;Zv9TbUP1>i1rz*kO zrE)B9scHObz#u?87$=vcpCRK)&#_3yy3Ua4s<*RP%ZAFQn*(IlBLRDT28_^)@J#PA0UD+<^6p5=*HB!ef^Q?LO~W=3(=q+dGXtqbqLtJyMkpE{2KgT z1$}OuVH`*!Ox72OAtWpFxNKRVX7GCMmdAcicN^`{?6(24w>P6u_sc{~qg0rU=rMTB zc?9Hk9>r6c+j}LIN}{3k@#zbfsE0jgGrm<@oHO$Y+2X*vD}%965gE-e{gbfjrd8xK z6TA<%Y{hAEqewPmCitS78s2z%^Tf=!q%-Rc0oF5P3(Yd$p2Fz53TfVKO zc;_>i7nYLOUN9Yzc)dWF`$4%@x1J>1TFFeU&xwVIDrkP2e|EVoQ9$BDYxeUO9POP& zCsU)xdvEr}M`}mD^a-pd97;7X(P3!}&h$TOuX$0PeSr44SXMA1A@|a--4Ic_o;Z&eUQeiRk--L9sa+X{f5iJF#W@uA{Qg?yyId|@hmB$8 z#TdbY1y&8+bTb=*oKKQ^)Lc$@uIgVKQWIs<8U9Gj93HsxT(L<;y=zak`};kXYW{-r zBe84wG2A}qlbu-4Gb-Mps5D96+FuFZcp)Y_orWr1=grJ5rsMHJd)LsGm-e}T%*?Y( z*!guiFFk8z7;@i4GIdo7;bl7KMStoD37(P;=8qAkAigph6hVlM_4YV%#r~y>0q$pa z&OR;KJHZKkn#ZbEdRHcjQA0;u!l{WF`c?8;pGQT$^|HHu#rbu&a{27{vb0#|4qcHf zy1iTML-uzLzutU8vCYhW)Hl`6=6}6|tt)0~&Y!DJ^bB)8*` zkT_Qn^MTFJ=v?``&uvwv_g-#(V1FkhkYJ>){b-l}koxrpOs- z_@fWjTrXp@xF+&i*x1R(!7NS`X;&#nwqeVX-ABV~Bi^Q@*NWet(Hg0Y`aMXKbn#o=h&Lc2AXgu_x$ zocFqfv`Wps=;zqEN-}fY8LW3vM)NQGJ8&;t8GSSUcr~GO*G*s{cYEh}T+C2SQ*2h> zAgePAl*GJ#vTCC|aI&jgeK+eZpHc_L70WAMMx(3e3H&=HnTwcBZ1e68|$wPODASEdxNOuTGmm(nDAuZkAjWkGybVzrX^mpLEyN9dyzW4oe#~F99 z*6y``?m5?7UTfLdI?;HRQ17VF_IFqe5Q`w+ePo)}T0D)tH*OGlTz0C+#`}FSNqR&4 zL$aas;q+$1Oj&``lsh(|jrb>YAA{_T&;cEeSLL~;9tx>i$S(Dvi%wkUFooQmtA`xx zu&YNuYZBkT52z??%`9|#9Bth)icCsrQ zM7y*W!T~PAYbDop-}iD)7<&R)8IJOh5LT{;&5DnG%uF^J1)0xHi*Q>>8|$`GPU$H= zDXphjF{*KY*qhxr=u*whc-Nble&1(RQ*sjJKK2XFm8Nez(DzYdr4HU%!;qh1=9&iB zupL9QL*Z{vuI~cb&B@~8_v>PXN%N8WUHQ0E5xFqsz8TO{c11WAy_&rjLTS1f1?ym7 z#Y8qP-JtFG)lGfO87B|8D!V2&0{J^StI@y6r{<;Jyo@i6SBKUfcSzuWCv@-YPUW%n z*Ib*|9r#DjqYxv<>Yg>g&pjBYyfhMRqjThvnWLRjTU%zg5Joel_8yfDt+!g7diJms z+r7tjl3Uk0lH*L<*Uvbc#70Y3kWZopflro3c%e!~=Rze%q9B_l<9-HApGQMu)8U1m z$d47e>?b2k=uwz`95382e_HCrNJsXi%0>9YI+VVW8}R9=Cmq-IgyS+_EuWF^t&y%} zFG4g8rG3VZE`m`q1-Uq|R7Z|nuOYm$taqIAz`f%l%opM%&J(wqgv@1q_v7>JxTgU= zp5k*-KD?veuET|aPhlkV(3b7rQ6M2rwvGKvqti%+&Dc(v6o7`?D}j4ZKe$$@I_9N# z0?)jMGLPP_DZWKM6;^$y}p%cEGcjfPs7z<{MKi zia78BaUlmmXVEy$@{D4qB7c)Obbj2c%5uW7u7`H-N&hc+tXO=@nHclO_CE}ykKmUs zIu{sU9Ymj`3`>lx9Zean1r(4ewc{~kk@)7x1?Zdwu~i5|1`J@9bx5ExhnB?o6@Tg} zlPFHHhSQ3ZhXS~8{J@;`Y%+`LKtz&EnTO8yE2rNi)yWS_nw_;u7dz%fJ5nG;IRF@TN8}|H9}QWg z{@SIeV^-q5&v>!SI8k}r$iQQ$CVAPUqC1T?ld|`v99}A)UqjzJ+JiChIj*-aL|Ux6 zt8Fet$n2|@oNr!@4MLj*=xTT$OB-3H89Wim-D|~U@fL_0iNCD`4m98U9M@{yM2ONr zj;?JRsk6MVjR$FYqKX*1G?}HxUQTW5fTTm)5#-w;TEQGJ`wg94;C%{msq={`x>6_x zo#i@qCrh7yWHq5l3ETM#?Wr)9#Sl%HWB47%jx!gl&F0tD(H4FX@K4NJ32-*}xie3L zYzNIZ^~6$?c2lS@s-%O0#Rmq?Agf_X$ms2uDvfF2MxgX1I2wPTGSJ=Rm9&;U% zjci}eZR-iX?YF;=&?1~25Qa|BUn7vF6!4|Og}%`3yFX-fhx4P0?n+hE7~Gn%jtt>! z(_D_e9%ojF$RWr_k=<~Rkh$3RTnr8EiDpeVEbHF>u-MBqD^Td^t)@13yy%Q@(*8=; zXrnz27VX>Oeet1~fQ7U0*qgy^^HASl zkFs4}jwH5cwH(01Dawr6rmeQ*6fB|=WJn!|p=X&b(CQwAjT1+^(jA zBh?uvDZ8mx@|76~33&OssqnjGMS$w!2w}rlU$rhp8Z#%wqu(ft$v#SHW=#kTDX+`a zh4RHT8D~7{W{vI~dx=Tpt-%ya|LEy4nPF4qoZ1Ai5V+C1vL9~+*pgEN=*G>8;D_NG zOn?DJsajnpOp}gI7UQT1OJ1HWXADFHFu0d~{BxpaTquZ>DE;{7bm!ATC z?9Z}O-pz!-wl*%SjyhwoD?iB;y3b4LvHHsY<;;PRT~#2OwVU{|(#E{`8y1HzR4csf zi0@*Cf(?X-Sc{Iv%pR5=<f~DPF+uM>;&^UJ zB^TiGuad6Jv^8Uy&|!rkuSq;d6_}&%YvMFOlsO6UA${H{99Lu1HJ7pn|N0kz-39xJI?=^~&)!ZsrM<46TQ1=pUPz|Zfw=eZf|H()E_P5Q(h%Z}T& zsqu6A5H*(fISo<`L;L87=H0FRCK zIi1~$z6e?EMUw6XF&f1P4IXAAOwEYVsr$U~s&7?*WRS&ShW}5@(EJyRgMQ8gA>JOy z`p`>Bv}8gIFZcr8GD=F+4XK!Yt%Xl^WLm_quU?LwZqy|(;{?) zjLWzIG!h;&4E}uK{6^d7%MaJSZsd7>FDRsai+BX*qO!DJFPigeaNd3@0I_ido!;gr zU1(yv0fFFIOkD>D>1UFI4Dqipw50il>WWFTQS1%)M9s@Gj3=>p+yz_ecrx^+XZj;& zt5B!SU#)No%&NXd*`VK>8DMk;iIfR`G=JBKRg>Q6-9sVild1oepXC%&qFEIU1@1$+U(cx>kg}M>-)-Zn(T*o{zCumueZ2gx zG7(*hEuju(ude;&;gI_=QFc`Fi}%U2fQ}b*3S`aSzXbZYB)mqOt?4Xvi-mls`5>xq z@LlT0_UqI=i6U_+hbOVt&y4F0q`4UGr!}x^LLf^$OJLG*)J;&tAC(tJ{E<6Jd_WY2 zB6(~P;^8ic+F|GleL=!D7t5fD#nC&9AXqtiF}vl7kn^i;``su9S^Ed&S9{HSZ1hua zrzaK?#|pu|Gc&RMGPE5OM^0a^9@^T391-?>yq~>6@bz1uKu@@CAXSNK zV!I;hg?Lp2xuzVdA@DQP1yFiA#DaS06^+PV`c;VF&DN~nnv@h5{w5?5z1(yY z{Z6X(*r$&Mh>+io>yDZ~j(@(#J7={QA<)S~87Z@)U(n{2GT`LCC)R1dqMY?X_FpqVo#4qD#k%%>mHG+j5d?rtKEPk07d3-c z6!>3JiJnez+V;*Kxn3JuDlv&}QArukA)D{?RP8-}+<_wU>5@(UeE#LH+Kr}{sB z&iK=sx7SWo2D=RgO&x-#k%jV4*#^wlJiZ&O;$O23n8C9Rn6FuX|BD&mt{E6?1q5F} zm@Eje`VD;fyEGICT)Jr!Xbgg%|H1e-vgxFJj3?aH6w;cMXUpZ$S! zA^$)Az%Z>p^be#t`2X<-hRcGLUcF)PTuUB;;A$|ioe5N!^oBcjcNYGRwu8&DJu}r7 zGu75HwIpJr1JY7}f2t#@W1y#Rd8IlgO)sHg_s+_aUd~d(!t&vK)nyIG&V!}mZGmkCrcl?hbU6Xfuk67=^377*nR+|gg~{jH4V zpPbwQ$-#BpuFzUgwe4%@^rp%=@c&&e#|>J0jVNAmneI#x7z^jx3#h}_$pjog>=>k# z2Hu%lLc-n7fbnr|!FG^1+Uu^j|BJj z*UY}TqP^Wxmal$-I94Fi+nq)G^AN!{|J4w$kadt;>VF?17!~1al0kg)>!rG7oHO4t z&YAyWoC6{IKdu?LGTi@!u!C#AU9S#^@^(w;W(EBZ zsk$1{HE{j!F2LgS_362xyj?Fe(8Dz+>B`kL72@Arf$dtLpdX0x2Aa6L=lD-xJ$O}_} zHF98z2J>}E@#~x!-~{}Gi#z-D<}(3wmw+bgFSFl@yMz4yXRCpPux~D+-;96XYPXT{ ziVJfcTmGtg%M6}#_Rka;7A6ixa0<-&4Fv{R^_GZ#s)VO2cXiy7AFhCmk3H}nIj~Av zqK0Q7?h~0O9vXqy6d0=`m2`4RGPpokuOeor3|_0%!Ign`x$mabYV91DV`5{0I+8nI z8;$5;8Q5_{U7@(n%#JDsdI@6F8TQCbAL!Vtu?&YVoP6V?*s zO2s{zHR4dY+?n4ui+BIrNM6HPonqthq4z`M%sZ&I?ISf;Jd|N5{uurbXeA7f_2sDa zr_`jZmtw=1Vv3Ld;EUk*l28{-ypKoKNM%@}YuS_QH84ZTt|7T}ogD?bD_19SFfH z=&f?&aW`v9CLXb_L86XeT+4yyEBT5xo{}t0EEIBrK`xLg89J7kO`cO<7pX1q-F!~ZfxrOyTm5DJ>HxTZI_k#{h)Qn>V{xVp6-TPU?mqZW8M~3?*ZuEf=Yp7>JV8Pv3t$Brh8(N8t)HD`@D) zI97VaqpK+4d|%q6yeS@IH5orXUDVyW{F9g9BovTuG5CG$9s$&+W)D!`FJwlDYiDhYf8&f{=#urG;6(}2$bz3S z-0RQ{M|Jr8CMJWjPg3q~&_RTchVvPX8lVd~AOw>S6jvQFMHm9V=ZMXH=n&{OZbC;X z>|;b2yPVEC*Q>^}$J%`R7CH8TEoELRrQF`95{MDxpdaQ0zTP3Rt)O%?@0huQFN3H zMiyl9=qi6_j3!jT$+2h>L`#%cmaw1`XemZW_l*$M2=6sYV<&laZiwt}QDjVnWu8Oz zW1sAE15Hh2g_IzJx01B8V&JKKa=-d89?lBy zGy}y7jXVuN*1JIYV7S8U<;k<4kAc>c$t+~&6IO}dzFV70@|iih)8y#)oOyVVnu-UN zC3%Rx%|OacmAY?^XCVY8XRAV@kIq?J)uODHd4vGPw|HY>E-seXUNw%6t{nB$IS52t zMF*G~XKQ@}PJ&#I%syP-lb;P;p5$X>jB*yJ8hWATq)g6H&ib4}c%dzTKv$pX$xZXK z`-X&X)#kr&!|I%+Fi0uvFw)r<9VKKo%qb8wkam16FJW?szVG4m*h8IgBcm}+r%#nf z5P`pySnNZ`y@u2U-#(WVQp2vaUh>T2m4PyK&NE{xf0n0TMUn%VDelQcIR-&?(xe!0 z66UNQc|L!)Krwbdwa+K81;51)j}!8U|Ol#vsll?(q{1?L$|1t!QMEB=5eB5J^Q(?UEU0kc^Vym!xz;lUL2G zf~M9?f=RPM?}rgANS=~8 zkXp(Jdy9EMH5HF|_FHKNi+Q?P0I>ce?~hVYr`Jn;gz-rTX4 z2NlO%!4C9wr#lPLJ~o6ApGM?fF42nIKe>nGZ9w!PRM|pPw9{sx9_?*0KEc$qqirjG z`j4S$vkB#0zUpVhlF(cOvlLeSiN7*fUAIzeLXLVfRIBdq%eKLn!PQJ@?Ik?5WMZtM z+*u0_oQuVMxWu+`*;W*vQuML1<2A;Q?;7Eh3B-eVsif@j0W%*(UJUSXsQb_Hk0!3F zgk(cNA8k?2>1CG!?m*y8!Vua3A&A*p5%ALv9C zG?I@@vS_ZFfBWRR{Se-M`-MKLZhn7g?ys0u#?OUprWH;2r;*yG;AOmxElfLplnV?`}xDzW!oJc46pL-XPbh zhj2VKPY;U*cS0QE7!3Pj*g|;pl=T_^yjHs%snc9F+_%^nxTMUG9CNE-+3ly zxHK-33nqPhtHzneqgQUdc0%aj+i}Lh`y-^VH}Vy0?a2vDM(NG{0#kwYlQJV!(pW!e zlre1xSB5?EPfp7Z#u;Yi-kLXKJ)z83Eg+$@S?Y*>oh7>=@G2Rvh*g~dcB4J|f-m(= z`ev849!vbFcXi9s3cNjjq2j2nvrK~^ z_2@lu14rz(T}DfGDYNda{77}bx3+neSg-uFR;TSBb)~IUepGgjPUD; zS8`4zy!+FzPDd)9jWRzSiUZ~+Hel0@3D*$9cntabIrX}A$eG8O7OpHV^qI*#0nX85 zEM^O;%9G$H^Z-r-;`)LtWVZ_Z&0HKBJ*leimydAx3gI*9;zawrg{B?)9zW~x*`?Ts zo|Oo8#B?XwAXFWd{V4e+ZtuM4GArz*S+RIwjpK)drSEKKz7Itz(Is5((G%=FeXC|g zSzL*ZHECJ6+QdZTpkw-8aeSON1d!HSN>PTHuQXmUN*86@oj5*<(sovpT+uH#n>CoGnQZ?6vJQv(|IH@ctO`eNuHm=x7&)mu~T)8`7QRKrG2 zx7YWWQUih+d8iCm83S9%?xpz(^yMUL47<=gYa_XwFl{3V-1IhJ&wV*VA--1$!|*_N^W+`h-n_;J5|GTqy5UJFC3EZZt3IafJz) zeNSHC@W;MK!gxDE$>k%BV{OFnj%}?I>))2mTiPL}9ycxvEl#JkX$C!ev8ov0F#MJX z*1jPIuUi`K$rA2xixttmd%w7e6-OhDsxQD|&b4~|g?@0{h{G~VWQ#V*ZZlb+fHS%DDqnq#9l)Y#Zy~IdxX53mm zrBz#8KQV06vO-cxy{EOjM~f9_G9V?p2+5PE@V#U*SAxf7fcnet5sglgDVoMSBno7+ z<=vHTD_CE=ds-Q7K4C-U3)=gm)BBrC9Imlbz?>}N)H9~46UXRNuY}|<;S?4Z3~VyW zxW5^z$oPrG7V{DQweVQOK|T!2fK%~jECkvf==K<8W){ijoX@|yvn4FQr>pBQ=&AAs z@j;%)Gcx1G{amp~Y|A06hkiP95mN(rRzS;U>#NW$A#y>^wOg%Nnz&`3jwcP^+~wcK zG3Tlm#l{h;MzNg5AG7Sg!1~O+e@TIRCUyk46LqWkv;IwaT?TMkhLd_Y*6gXIMHa zPBc^0-jm2&4Ii?%Ua7pFaZU*-dmqO0Og-}X+nj-?fY{7ho)QaVv(gi4YB*H`3rEQ` z-RASS=Y;-PhT zB-&--C^sp0YtAmZIwrd|PCEr&TfA&#x{pvPf>a2_YZR#~77tXDq!5(r#kVf6<*Kgh z;!3yh5Nn0gazyQaER639L$&BHL88fI`~xDogWGANebvX zV=6&dffnXj;h~p$CY8QPd`U~tQ{lwM{TLNag^z>b<%5Dbvv5p;b#1js)66b+HOhMU zeaX>+KQ61dLGrTyFrfS_!YQ_RY%I=bG_k*4M7ZCXiki$(nDwS03*yAER&QyEw@}4W z#WH@%6PNNS(~mb8vP$mlK~si(I-PuT^Hd}SI!bxN1=Q3?vHP_jdP2uxT2dG@n!N_| z{l2_xvwL>fjyD8Eqlk`Yx#jnZ@q^D}gbRN=3a3nZseSX5ks_{}v*vxh0 zkUi0)tU{o!eZSZE!}mFj(|130X>qU{mCAwV{&9m`+&fxxa$&2X@q68$tP&g56}jgC zXjVA<`RwI0GReLI+^EboK8>A0zEOHyx;(40Ggd*+>q`h2XL$_S9R^v3bUjKWo{2$U zqVn&LBiq#|jVk(|i%`7A$=K7}CiE<#$|{NqOYxwvlh<3YBkLmW;OY$Nn63z`l;fA~ zk!9>B3;Sv<5wTm0nBvH^u!KV-d$FKIykRvY*$u(h(58%FiM8mc#f{8w6*0KVg^RR}p44tdog{g4gBq0n#Kw<;&U4uYrgrO63S4D4#o*{n`bnQ- zN;e_vk<}dx02Y20Y0_kAyM162WA=`~4$HmFYvFF3AcwKZPgqzd+IzFta^CPYS2kps)V;aIu7> zZrxtzC$-F$yH}dr%HH!c@spNW_V^uc#`8DTNKW@qVShABd9xwK9?_j`pj}+T)hLeT zY`Do-MiI&qo-Z?U)0oQ>J97wzdqIV%oXMvzFPo7DIfQ>69K0-ID1+RbQ$cWsGe>yi z#4AN6VyujTfR10Izdo;vH~`5?v1!haOlLvbVb8k9ym47vyzdTOL%<*mpsni9lciAp zp6J;V2mHtKeezfbKVn$!>`w?Z$ZcZ<2Ex3-V$VMZ#aucSHk@6yCrE}RHEhcpo6GKI7cgHLw9WOb2dx;NlQ z6!mo!I=MOm9)b;G(jxa{9GbTXo@k*7U*PG-nh7?%N>yA*bJH@DANO@VyP(WqpTM#(YE^1Qaf-kE)U z>caf=&ED#2^ZAU~rl26`ky-Y)N7&!Mg6l`-zg}=bY5gEf@i*h&UU094Q*NK1 z|5hfCo#+-Jy+(`fI=h?Td@Z{I?goefU!j5^ox2-U@(*6_ppw^;E#OYTH8_A03qaYJ z>z8aG6m$Kg&cyLwJ%YWAgD@;Gfsrd+4FE`71PBXU{RSb7R|(mG8;O(uBxL{BmcZbi zYs~Jt*z66a`d^K2pV5J6-4);nQXaa-0dBR2m~XX*nE%oq0s@X8&wm4n!L_0OhG-bP z*ZKpTaox!6#9yr&2rUG`nOFU}>fa3p0TR#o4R8ckZUVzBIc@<*P)|Wf$UnKbTHM=S zfN5;p0FE5DfFlPO;P_9j?f{OU+LSjFcXt>632?mjf71_O4mt?n0?qnw#=o7X>jD2| z41zjAYxkS+ZzuVBlKwIVA$9*?{Cmq_JMcDlpBc1${)d*qcHnK!{y!Q2y=BlDy6N^G z5W*YC7No;;w<~`{96{&sU;KeqREIL}+j_Zw zasnQdL9iaUk89ybkU+#u+1&r`11t;!Sz9;y24FLB+x@#OgKg;RX#i7o04D1LWy(PD zn)#Lz@?RZ-ZE`S&AkY?Yt0M>aOGgeEU_n0bvQ|J^Ww$)&%X{Y|U~>jY>M{M{B@ zQ3W^%kYdnPtOs1{^8hhl07#JN>c?N9?ys(Z6M{hIH(mK(Vm+u4@V;Nidcdu&9sndR zbsea0q}cu*>p|W7-Nmg~9{{9V_3tjg2}r-idH_h&>1qP5FSvhqbv5HRy%8t6rW4-G z+ud06hfoi4{~z1yxbjc7zeT<4;r_?=I?&%N-2c!n*iIBDx;_v8WcypY;1WN;P<_RW zxY;@Xz1{1@{ZF5-2`&F*`+K`!QB?d5Pz8e(a3eVfUwn7tSZL^3Xqf5$t?(u2^!=xc*I$lz9Q@}{{iB21yZ?%l0QzPC{s0}M|LAi7 zu33aP&HM{F0VtOUPEMGAW%7=o4E-WktswX1QFpftK`k9(y{I;Sd?m-pdg)vT^fVoDau)Y-~UTvi>AQ-VvlS>rs<> zn?si(zlI#4zQU*CLt6#sn931h~ zL)bdVzlR>%N^X2lw6-%J9wI603j~~Bv`$%%L#gQKO9?_`z^SjP}%oK)fuTtOpX|Oge*Kkeqm!v^{L4lciivAw?Ow=k1hnZgK^ur zV+`lPdQp3V(Fr^%K!3VnlL(@go@N3yEYb387GouQ`nSe}5_rp*r=1B|4=Lg9jcgm{ znrhLx_tzE#&3P>AYZ7?!ueW%hWtg}=@P^+cA-0HD5l{=SA*XM6BKXa5U*s1r3+}yi z{+{>3P_B$j&wc0k4PHZP^d9Xhbr(eSz*pY4G2WbqhzOq+`MAsc(nvv(MdagqM{jFV z!t`h;SB91*sMr$K^_I$nRM%3+L>X^nz1lKp`M6kl7ZyE$U+B*gk#UYidDWLuGta`J zeB26RY?WV>8i>5^O)azzj(m&Df)YW_iO&=g`Bv13;ya`=G(2Wx6uMF{Kx#uOYJxp4 zIA>W<*ifa`lhF{0$OXG$l!rkUq8fsS(syk5kpoOZ9;6gIw`MIIJL6|~ZvPc8B@ z4?isBZfuv)N};i$3Do5X0@PJltP7{SbBL78GR*HpY%TWByoAyx(w#zNeO+W!CJdW6 zRkmxk8NSFleUbT*u)t!_ zCw#_bC<@O|JGGr*8}`jfeEq zIRbeB=bIaA(KBaf>m5sK)!+Pj;#8}@4daY|Ubdascc>k%Dj;b@oEURL%=0&25gJU!pJ7SZO94)xe?+#{+Bo>dR7vxMC zk54{B`lK4qdbX0I@we8c85MC#va8SR96LukukDwAhATfb%5J3KQdbNZDhR2h>yzG1 zEb1FuY*f^FTH7GhVsA>1pTv+*N^H~4HWBDV>X3So7O=l&ZSwg3Yac$6ug=2*jQr%< zjK0>WgObMa6jW}Wx*ph2p2PPbKW1N?Mvd=ZqjGZECn0_QFI{cFQXLI>Q-`Geo!mDp~ zr1CFbPU>442Fzd$8LzsKeGHWpg-U$(T0SG*E2qgFX+)KYV=PJxDz#_S*IewgepedD zXps&Z44i(jg9ofO-}|pGNd}l1w=9kFYuo}e#K_w`lZVI?!w0KdG+Kz|&cu+(Y+nS@ zu~$X0kXI8Bw0r#`X?D-A>Oh$e#oB+Gt?etR#F(2VXSbHw_(}yYo*vndv(km2;4!;V z1+_2>^RpRE)6~qLQMSU~BdcoAm(BQ?d0WJd3l+u^vG zjb3dlw^pw*BhK`5V#LUU`}r??U726FiI#SL9{kwIhPC|zO|2NmczVL=Lo?3u1!P65 z-qN;NZDJsWi)8UP3`SOXMJBa3)o(IHCY_+{W$;^7U0IEOIO?wnhX%D8g_rsVMqhdc z8GLw9W4v!(`^2L*^dsStc&f6w?lh)Kp?TI097=>1dptR766*X%9)G9>?^jQ=DGU~S zhDXN-C^kq%0$z~t`r9I5yG;0mE~fh|atKWoiw6vS-+O9u%$j2V<;-U})#veZM=!!yk4awn8&Xa&MYr=uK#C*cfbjv}endwW=|W zOLnVAd_f8AfZvWi33AEv-TITAOFbs5QEIvI5-HyB(f(5_GexkNfVv~bu@7fQ90f`E6M@nobDWy@!dYyqlU9(yR75o%8m;izT zQI?#0c9h2rZC_P~nadPH-(Ywrs#Tzfo^&^VS@tfIm_6_rIUt9!z;CXb#SESkd&ro; zpjDfY(MJ2jOj~45Sy(G6Jfk3@WzIao?WIGvM819 z99MAeuOBgg7T%y~G1hdJBv>Ry9hb#--udZ6Y;3oJ`SaY?8cug>g>G8C=IG^*<%|Aa zSgVXrHjV??ts?B_=%!O5bo@7a(k2osgTBB}JZ(YCjFvgcXsoZ3S(Rdb*An)wpg$`w zkyzSbpLXM|NXfo~S^hM0#yidl_iVp~%~du6vUMvr#K!y3ZQsJbykL;|1mm^tngc_W zfQSIIYi!|G=`w1DX4H%9T0;;)fUeN?Q&BZEB<9d42-f|fmw`h8B8h}xn!H%@VESUO zM$o1ptl`73eG_WMF};=OuXO3^EOXxzvJoIf6iiIfmuKebAD*9nh9Y;s{+NLfA%kdQ zauR*wP4M~nn7^JUEhyEt-D*|HLYID5(XF5_wH8j>ZV3?e5VJys&F@6SuTYms5ymjo zUxJ7-#v0Yr$YrL+J4#4$ZN`9dV#>^y$nEVSx@*48j8n_TLk+iMwgZI$f-*nhty3Bi z83m>gH>@3jz>)97)*HkbyTqeEx}+)qUWI+8Ox6{)q8CmOmTbKcZN$$NsSgEGf<8l^ z%pEx7!M3B)J(VT3`Z*QTA_!sbU+yl18REw=AitaSBX~vrahXJiDzWDWfVsY>S6hfx zjvY4}Z!N+X^y61>?94(B(H`Jczkg7MwpLI=@WH#-%KKZ7uq}~djlAnCJJH;oK&x-d zgHlJNxJgCa$)!7itnK3}MEvrJ8m69>G?tg=_{G0Be`9UAF&CZsrTmuoCMY@KT~(Wl?!@{_*7>XQoss;j*u z)=m&zPRrNMK>G7x`TK+`Ufx8w;V*_ip0j?QBg0JLL^TYK#G&g36sK&uI-`PfVtsJZPu@Sj*Io# zb$3=N76WGQJX&;Vg{B?Bb?scYQP_}i57Ta5UoIU9qjp{hzc8z#mp#hI`s zgLC)!_AGJj)?ZI{;Y`;$o7+@hvandSMQ0{tu+-0o z)3g%blrU9oYXEr;!B`kVqS{p*N)xN=M_UWhxoDETO@&0uIg z_MOK%Rg$7dtMRAXp-agljeT?nFXz!5Xb+R^XD^bEE2@PK9&>~$`zHUWd&eeRH@K6D z=X_>zb18-i3FbyLiX? zfW?GdeJ5p1IfOS9phoz8tAzRt(-9&9K|9+iCL6hB{pNwe{cZ_lt6CUs6pW>HY-Q1z z9?qplUasPM>_Q(UEjB1IHdA{gONSoGjmJ7rSGL@jTz2Y{7M=-y)L-!^IE;8pWXq#i z)42_%_t*$Ym|CA^$4-KQX_e@lR2~Ao&PZ@byl+1`5xvwyDL2-sLSX;&UNjuKYuP7? zXP9)4CafX3Ae1C*l{AybJ}jwm5+=MZ2)bl9h6YKfW<4*tspN!rD z_V&3_Q-tvstBYD@;k3>V+CEH8#mdrJ3(->Syv6IZmodvjbgX%l%{OyM>87dPU_-{t z!0CKHC?T5vWBEn>*Kc8bLPP410TERnUb!D`u1IipOuNDU(o2P-i1uHZhwxzMKt!EI zd|oatlKilmP|9uz7o{kfB*VIxHKl#N@BGlx2Kn2=BdEME;50(nL9&(GN&ezx%|LfD zGA{1MJ#KhV#UElZ#$xrSP=#=p~(#lxVu+qQzttpbFFa~ZX@0vyY;Mr>rC_xc^ zXV~`?)%k9hV00F(s>RM+oX^s-nbrm@4Ua|Ayba|#pdpi?8CUwVc(>ZYVN>~G4Rz! zIr$s|Rd^$-4JAJ_i7d0OuHIPS)f+z@(+<3PL(4;i=tCqq2NVi(+@n5AuH$8AFD#-V z@$XwK`*?MPxaMSVAMpY2Ui0g_w-FER!AbRdsj^nT6nfxvewN2d&#>F zRofm0v!>B)p9o4mTOfP-K4S_$Hy>OeBMKtQGdbxzl<(X@>3%t-0XsA*gLDTlILjIe zodu8P16Lk*#_M*X&Z3#re^V6*O=}q}%qSm0`xzPGrT7rLDZA){%hM0S2T<*ugJv*k z9dRUGyblI~;9o5#r}p`h*SavU8Ze6;dt|roX^(p5Zm0~Gr}cS4)vLL!K|^6bzJCz) zWR_G_*^h6OSnVV)1BtgE6I*~Gd^;7_0_%~+d5!9WLJrIDeIp7~!Zt<)X(V?0*V6tA z+}*}Hm}EAIRP&W$I_pkn@^x!b=&&-(niT9kQ{C`I&|6-0@zq{XcbcZdp4#kNqbNN z^Z(!k44Jy-L|ob4fS-Sum%D=igG|A&%4;sfHCg4R9??w^nE#-G4RxATWms1m^q?4S``>SEIg4yazEb{<|%>YC4bz0{~SRy9P&ZYm5Ov zLi5-A^w!~B{tL+JW=s7~m?*fC$zS9Zz>Tm!up3|~B&a0TZL*dTL25l1_DmqH9O&E)OUCNpAb!OjT0c$4hm|ZDf`X%H;4~h&;-~r z2oD8K{BOp8C$E4e>1GCi#@CAcfPXOly=Ac7`G?@g1R4jZF2LQc{5d#-OOyP`A1FBg z@BaRaGzq9s#Z3XV|D}K6(j?%)`M0nD7MyR&joj30yW7g&DJ0i1^JX#rFn*Atz)f|y zyPp0$pWx~xe-HLRDD_4)h6%*cx^@VvO9nhAcfFt0cipd9?0Faf&r{uU;#+sn>d3Qz^#4>08GE+A6;F|%gumpDJI|wB)6;Zr+|D{z62Cf|H1aR zsCZYs1oQz2u0Qgx?SgH`TZ+j)*#6!w*aifK^6SeATz%wU+XcJ+ffvxf+5XlpxN-@& zf)vx0q|{$(9$+F;jO<`i9-uRJyH0O_-+{ohbA5FKWyY?4UkwXHW4$S~c{fu1BPZqh z$lm$|X)J*|0MT85d-$In-0sCIPRg}D60o)rh|K(#UeQz|w~(z&M7 zXQ#b9j<(0YWNdcxFoz1H-cQWMkE?w>TM#JYs+joPnmvBGG4EK_>{_`Y?pW;P(o=d_ z&o_B!(i(Yr`9;cdoF@uT^%of}0luAH1b)K!#ooNZr7t6o@wZRn;wblLcUw2gC{=ue z@jo1@?dfW`({c48KCb!69k~+oDE57UhAa#;p|bOenBG( zAyFaI^!0+F(wIgKtO-dJ*_b8vnB-;O_~m-h@ETbKQT#yCG7{S!6{l28%jB2jEGpY} zc@*)~%oldE6$5qIk73vL2vm@G{;IhuHDTIH-3i14k}>%2T7f<7^Y zIpD-}_+xQW857}#95cUa_LP7L%3!sI{+9d=t}l67+tC{_Ix>iggX&`*!dwV~=<{%9 zNFkWxCt*<*s5Wgpr3kEbg-KBb!c=rR05YV9%{}hqkTkXYV#poEVa#&xse?^fBWMum z=s6e^Z4g4le_-T>a*k(3BFfQd8XoA2>sp(P?ZifFmj~uR$3tY#TZwdfGMf;SLTYbv ze#BG9g~bfnRq{1~WXRGsfwl1@2kb~3V<%8@;SCyg5DB3ftNMMIesVvYBvbcgciC*d zv5KEPUaxGODL+?%GWRq@iP1=gQlcG7CRVL~3 zsz0&oc_xy2k2SRW4lOSvDjJf`J=3X{Cw&FsP9-swDId2KrQFu7Z?W;sg zo}GqnLfel;tN;izvm+Q0Bz$!@3lL-k6LD7=pw89p-AN(+UUH+7P6~MW@3;nV6LFe2Ld9yJP5e2_iU0a%DXlHe(;Dn}BlT7h;)6nq z*a~8mhx5#jBfSJF=&>Dxb3mf{%#za9v^c(Ns3K%pUB?31(| z@~gjh*h1IExxc=BAwT;0SMRQ|Feirmn3k>gC<$FNDy+5@2|Mr5ku`fm`Elio36Tow zpPkO&gsvwef4h%46|dKBGO7k7ksK*Oyge75w)%i)eQZ~Vh`OW7Erc3&k16MV?1zn6 z5#y(F4j43$3rSegp_G#R2F$@VzE727jvO$wQVx-IlHqnPy^1Q{T6wqWat0>S)AieF zt3(8P8wMar&Yu(!t49g4nLmn4z)=a2!^t4!3n*w+Bou6fU#A}UAan9skvQ2iu}Dol zN=HHMCnrb8bY@D+q63mw$DJgwq zOlOcx^D=D=4_3&Dv`V1Upr)iWA3)HFlFKh>6MOYw#yMvNuS0$L<*oEe{i(e1AwhR` zG*4YytvBFjC|>4Iu@quJ610o}u_iYwbtJQ^aWwbgQ(Z6E$M@ypT9U=m1>U$8e?NQ# zG5!p3>;EXb%CM-nuS*C>OSgbDNT;NvQlhkUcXx^i(t>n%N;gV3(kKD~A|PFY()|uI zqYk3}@B3{Yu6v)_XYX^*TEBH9>9JiRhgqLM43Q z@b4WhZo?+kd(U2>r>H$p)f;L3#LaH^Lu2q+h>!3_Cd0 z$Xnkyumt$_YD7zN(LQyt9!s*oH*84P|7EtU_lQSjUb@slAtg>IVji_ricF8}`@}B` z9Jqn&&l~gFDaX3`!pDveD4SSY?j}X@rbEl1_-V~74tZl}(6vH!#?FqDpG;AlMDRV1 zR*!W&tRYaFJ|=D)E{zA^x`LLkk`Zv)&xvI?3WNL(P@wg0QBs>qjF1*<7F7@4?hE33 z#p>~N5P3CJ!bxv4et<_zWI(E5Kx(z_L#jWF_HCWF5<%xyALHkAx@3uq(}_a8lLgS6 z9KPQBc=}BjVGF~lt95_`j?a)&w(gWQZEl_R!-Bq0##i*P+S7Y|MLNZwNXxzvsWzkF z_I*K>r%U$7FbnXm_;A0z-5)OkDr6=UzuEem_ttC9hRH06S)no$`d!*Z^l$2fZ(m@_ zSS<-wi$=CYE$q38j?Z~6rO$DvcF+``a~#QQrg5!ERX=VLiGMOm_y)#7R+3R>vL~6v z@_=&ZlSrMNrbs+75i=QoGJl(}7|XqRj7ol=b~)~h#@Urh(Rb|QLuzlJV-)>J%DlN> zc@G$3x$uA`{-8e3o5|T=75!gXaa#xPE^Zj7l_E0koQ`hLMu*8jgyx^78Y@$|4 zGmU&ArCEUsH0we9(wiBmsFBh#&y%Wey$FFiJX1Wfq6f2gHOrGqyh8L$p|tPBuX*gF z#D5oOvRMpyY_8B2O)2%3#KLa7@_AF@{dQZiR+9d)3h1NlPr>cP;o^IrA7w<$gbLr4 zPT)on`-Bo`G*32nZ}Tp5U$m*@)bPObZeNlYa|>8Pg70cL6ootAtVqXPXMXYNP7&KqGrUkI?*p<3e0^O9LW%XI9LDXZ$B4PaFG3a$jw)@&5hPqeomz!^zkRW)*Jt(^ot{UDHgh?vQ@qWFld>i!=81pJHF6qN7=gQd45 zat&akGe$F!C{}c-^$lmMZxk8igpx6!4v*rv7@5HxEbmn4O<|YTONb z+33*J^u4!~pi0qWuR0M^%@k@$VnNK3^Esv2p{6MrDczVXjHtsm##uRK8TMD7+#ci! zeap!DaI7);ME3iBO|@CO?gv&VRhy(2p>%5e1u{hWM;B z+t$MIqLVE={cS0uvK5sKf=t_=P@r!!&>pYD1$v&9L z@_5Nm`>q)K)k{`}9(nOi@{@h5v^ww3zJad~4dm^j(PQ4!#X%39eqP(Jh0askeyO{r z&y=a0{hs<r08YvRqifW+_^VVp9lUD9~lmI*b5;x?rX3@>{ z0@og!u_FR1oxF%CrNww+1-oJrMejZj_Ep4fl^26-mZ`QDg63%jON-}JL(wg-1k#@} zeZHAG)pgq14aM~#+;lO{eZ<)fpUBt&Paf*njn4BBtK?Q&2@Lg{V5K`X^gS{uZ}U_r zPIMIQl*lq_W(tz?@CE#Brk66w=c@Q_eBq(UuJE9MZ4Z5v_MAz(1$j$K%{DQ0UDZ@R zU2G@=5VYyc@J5F$QS0Yop=*h?2TMN%pWbettDL}s} z^NWfXkt!$~ez7Z@btf!nPEuj`HYxS@TkS+hMX%nMo$ab^+*xShkuBhypim`oVSV^6 zPc|{KxK$ydr!BG>?~YH>x7Iild2G(-%1RIY2uKoUhpeSJvUlMY^mHYQLJYXodpvZQ zdOjJmCxt^tS7nxBqJ3z~u|OQ;wb#j>OD9M+QoMHfO!z$tF=u zhf8I0yQ9cr;+=!W^EIKyruy15RTg|R6kap^XF4Vh*0p72ZFg7W$RY@}o(?GnAp#T@ zro8G0`0yP?cpTl_Kl|wV92%0DQJHH*k-D3@fBZB=iLL>|c8^_!PV+PZl(FaJk#;<(y9WVM+ca2_g0qgG*jr=I?_vG2`w<`9~N-M+Me90gKb$Uqe!fQ zg|$`EUr*@d8GbWp6{0?d|9K8ZH^>LAM8FEyyta>cXD?E>Pd{3Tpq~s2#qiD=o#OZG znY&Ze+RlignWbmVQks@;qH$3ORTB{8Ec)tIqTg|NYKli^TBY%}lD0T8EjN};Y~S^Y zX6CVqI^gTf(cPvW`Tn-JEl9IUY3NSb5@`*tsCS^I;zKb^@$zF^CpB!k$b1jKG}$ki z(zGV5VUHAs$E0(aQo54L-wAs!u<9BR+;7pLZS%Y-vz9c8hDBElBRYHFqW3Tun%Kyi z@>mT@@+)`4^8t!ZnDm!a`7We6!93d(ALY>!2{5hmky6kLG>UQ5d99wcQq$%&`5gr_ zX|$G3Jw33zIitEclWk;=kSf?YHl6d?D}do9q1#e@$*3?tQneN1H0{WN)Sh!0vy2g& zL~CH6c57kE%5ZS~!Q)R$dI;_3Dh_F!WM4jK9i+qXE{(aEB;FLk5o0)YoYiKG7irR~ z#9pkDx{D~qTwUA+MHv0nFUkt#xrKqTELvH`kPoify!xzrWg(w?1l^;eJSiNy3Iyk> z6!GkF0qVp-sY+)HhYHp#yjC7) z75C9OvT-ukYt!3$*MXpx^_pP+G+XTF4#Gz2s8Zh?#nP;Ftk}}q=^RK}78_9J4ur}_ z{*~fXnFh>(HDcZw&!k;-;}mI1eAMN8R@pAF zm)AUEk(4Jm%f6X96rV4=FZ6)7U^IMSM^moShq&sQlX6KWNz;Mzm(#sK<32nQek;B( z50SoA0zMi&5A=j!Is%3VIi|I_Y$UmQk~*Uw6j|Bx^Du73p?RX|xFw2+`^GSdz@E`Q zq9W5}@b0jIx@B~c1kx~yr;E!`r!?d=OX4AnPM!f44E-(}m zBqMB3mP^OoK<{VzEeL^7e^K7O?%25{RDirf!hFbDfN;P?G&=zcik)f}9;@IWm-a52 z_$w0b1qDp%I#VSpr1sba!PlmB~3<&Wfb#IJ|3?z@T9pg)E0t{^X`1ylcvhuiloST|R8Mctr1^Y8(%S zC|;L{5Loft&bcK>5Ri;s%Z~|oKO&RBgg82nMs*%BP!d__%Zjzja>pZ)NEQKeQ~1vn z=xNg)oSypxAJgj>hmtIZ({`_!GQt;Wr&LVz2q%7~Dc6(tEId}FX*ge@4c!zYn5q>l zN=VQl&iCZ@U6Jv0Fy42)?w-FUyeaQaR=945x9F71rWpQdSIvaCjjY9NG;ip+WNJ`_ zXl95T#;Rc1lMkz+d)^DMd>U>_c!SvFj#gYNM%Df!As=#Na#rk4vcm=>G4j8qKX)M` zB;|`EM9(sMa#LA52EngR#8Y19g8*$LJc;z`4kG0W+SxI_bKQ$`kEg`~l!E7QX7+gg z?P$0s5seeD(6`1%7BOR{sPnqCp=H_@V~wQB3xjZ3)}ApQzZYOUuqK%B#Dz z(WyP2uqW1*&QZB5O;WT1r98PS$9i^eclleVc3KjK85*&=qk?NF4HF+#7CwS#o^pT! zO>*+}BtJqLKGcj>E#yA%CQCtYX89bED|Fn&V}EM}@IRWCLPrx%KGMDW zlvn#1{RJ1{i(Ak1#s^VowD3J?>L0-Ev1@;#MNbarIej7XeKbUuS~Dk4JG8!x_F9K6 z$-vIgW0Djprut_tBk6(D5=Gm=^M= zwHlb#JX>>ee$&)2$+={`cif9EquqsxbeH2*S;Ci3kFzxcpDEJD1HMF4X@3se!&~2E#m;@0I@y zsR3`J!I#Q^@&|$nK(Nt&@&|eGt`5MC<@C%hZkd7C&5#ZtAVqeNkOl{Yvi47K>vu>I zQqK7|RQ+!{*&L8^C_oH`k;?kTAh-f+-+u8H5)?&eMh26}@bb|DRX@=#39B*m%YG3cvv=lkyWI z2SJusjIRLfkn$)1V-PRkFUD6}hKSzZ0bCX`Rxrj1`ndKI#(5dO<$*wkK%g4v^#>r0 z1OS!&%bX&VE6vu0=UW-^9hu9__vGSqxv$&`$NEn146*& zuf2hYY{2dU0heHXol6_yPe}pj|7TJFvqAo1{QK7A1WFM7G6w2MfYAue%MkJQhvElf*l|Fp*Zl0t zAB!ny?}0n>Cx0MWi2sK_2gzu8`G_o8C_ zY!}E31(&`5&@N0vI+IvkI7uUxy7& zkd)HzXL(Tf{@?<*pcgKHCn;dB|LOuFgdxr!U_~0hz=4bWZx@#;J_oSwf+q|V^*`e4 zPt^~S{Vz?%0j#@!GrqF_ep3A}=s=+34&Vpqxbst@h7%}n1)imU(1AF3xFP94pMJfc zbL;Kr7o2U4+E5~;bcZc|C_HarTyLO?Dz@JZ6uFa#in*|+Fg2p7DZu9*ew*s<&HHG^ zwRQOg50ZHu5Br_=7r!nPOxZX(x_X{|)ou%>g*R>2iN0Cy&?Xm~xZhNNlPR^y0Gl2yyRp_e;mB#PzD1+2tAh`9n9OKO7tkFCHVC z=H_XZfA2!}s5{&ikMsR@5ISJjQmvWE7P;$$AGz>$jDVvxRvO9T%mS`BHI95<`Jbw;APeR%gl$CohpQO|urmo^Xl zU4s~_{EQe!>kqs6oy%@QR1N&qTqI06d0RFFwKk#-YneF#-S~7_w`%pxE0*k#obE_I zh>VP4W_QFM{Mm)*rONj7lLX8Zh+(7Mm5U6fd}es6AEK<<-^U)ex|fzOS&bKrk0O;`9E%`u1HT`i^>{$t}N$QOOoa^TtFZ|5U0>y!edW+-4Olu_LG1^JBU3sv)eR$ApHR?(Gt%Tu>)Gs$@ zld|+5tRkt!g-APQ=|{?lsn8$6en4n0!6_FTFqq=n>SE$}$hru{TDdo~uP#|_Ma{Ub zyB12XH#)4N&sOtP$WUFt?oGHvsScWr$8Z#iU2hRuls(P7H(sXt*Sm!Z;oHi0++jPUhO;8|=56#=AamZ$5c)_I+(JtsxuY(}0&rn|?mz4Kwgu)=t*ikTXzEB+T8!LY4l5SdpOPO0`POoiiBh8~nd=HtmZjz5@ zag``4x!)lcJ=(nQS3--L+Pkw%e{E1QkdKB+LimFq8`W8Tlp+@Mjg3iWKEUm;O0j-LR+#RRt&_~Dnl43fSHn%V-c%9+fGSy+sGZQ-dQr+x5tP#4c zp{|D`_z%j&FmB!op?fsZ0!ZT_^LP#orI_mkN0u<%T>jrnM_l}rUg^G_;qs~&t>wD! z^G1rmCvjpknNkgg4J!l0 z!yK%&Qnq%RidO47QE|m;DK7|X^%MLpLL&185X73yk)9#uWoX=wt)8^+TnZUD@Lh3T zF|I)W=zdoq`NKm-Dx(=#`d8%1i&fMYj4A3@xvC;9 zY@;N?=RK8eP+ugZZqNIaT|7sEW2)CgpAKiFhBC1xIKoUGba$~}|LMp`Sof|oot*XX zW9#=NDl2Wrc3%V?LK5_sieE|upxzTlqfbECZ}rEFdJ!aZXI+->Rly)@95FHHfFGM; z%ap8{d;aMCy&6n|@VFY^LH<@lB0mhbRMmPMMC3$_uuOe(!=&4ol;UH}^_EXK0vZK8Q>RIYB0UQ7w+e99 zV7M}slqFR;?okCP8k=JC9*DQv7&QBl=`zkMuG_tOQIxkA-&af^rKTq}Z-VxraIs_c z?Mru<^!Dq|WGVUdd?(>G9zPv}?jQ18qPRYy%~{qam1Q@-%p^?PGJz8zD}+8eF;bAy z+}urv&Z+~48j%(;*z)uaI_&PuIWD}8Wwu!u{b~-{4b5+kg>Aee5@Qmah#NEX&l|HD zKAXCI#^o*0_TYM2G#))#$gh?2@6I(Ze>e8 zQF;xtFk1^H2zzcDY2NDw(1*I0T*{&pxlUjd7Ctz?`TcPFyPlH#kY~u5y>XNcUVz1F z=&jMMCw@T;4em_lg0JVlJ8<5lM*L_zQU0uiSE$OVm+!E}9&*)1z*{}s;!MmYSSfe)0k}RdW$twr>-HEu_^ z5}!YM<_~jgM~75saQf4Ew(#5J86`M-${W>bh?r(6-S1m{#X>YVjBFpde}SfhYkfzO zhf)j`9IvdUO%21I?fD^>-+1A?bLW6+VP>rNc1LoS45>AmJv|T4EXRjYXq}vTjEt1# zVVX0Zdj}Oft=BY(mPF%}nGl1cv0su^cfaew94A4qGBcyVkebs|!f!7`wK{@Yyir!w zVkpjOo*WrgZYk-B;W0Uyjzgp;6|eD4E2tmgTzqqr{sU%3R7(8*>U+kTD5sOfI>82t z`A(-k`Fl6*kGJ5;?MBqfg+7I6r-&GYdvBW^_mO1EXCs~3yzi2dee_&Vd8m6Xg@I=3 zYchMJ+2gv59;Wp2V{y(w9fxz>Ml-iLiO^+%re}V-hSX4WdkBe?rT$g><;Vx6!VXxt z!Qm7gB2nRF{p4r+uZqLIn%U*ez8xn+kjz}6t}9p_aWCScY?mF1Qb?zMJas9VmLNdv@zZ zlzX}fjM%k3jO|f|T}DmXLu8DRLwr8_76++Y^sTCkjpeLGk_HQ&bZL%S2^cgCddl@H zPHHPdyg^%YqR7ScrpGY3$ashZ)rzl`k;YK<;!>VMlg=)YHy#O|9hDbNEvldFD$M7+ zejR4EjoI|WfReI#7ZN{{i0q5e-cllAm+59w^l$oI}eZ>N9b^-8#Hd$%+lapNJ%b0z^5JJFT$0@ zF%GA)-yQn2lvwSos;qNv_w^Xom~FCnTRn|iis-G#ZX!o)`a7v9QsMUtEZ(qXUKEA? zD_VrhUs)1E7sK!GzIKo5f5^sSVokJ!EAu!i>{hy&7@xUFVmM*L=X-lzsM1@+j*1yx zZUVi?oH;6Yr8%VVlx-p%BlswMYj{W=$~esJXO!Q$mfgJLnSlL0$@gAoDygB&3zbQ8 z2MRW!ftLNl*lD3nD=Shqc-cVVK|`_Yq0uY1LmV0%DY>s<+;)K%QBo!4nO!~GvPqOH zrRkKwf~glsCNE8Y$7N$qE+9iAGS)I1$Mn9af#q7dcZ0}%iT1-HCFB!-Z7wUO>OES@ zwF;KN!HP1H(JnpM_FGiic*x$e&*JaFs5d`AF@HFtoYwq;MX-SY?geoO4XJNZdO;z;(eC*@aZyj;N1COMPtNpwJrpTYZ zNRG{j`*t@Yh;n=$?%o3|4}9HvB3YF;1Horn79CBfiOQa#pXmeM`i`O9R3^62K(2b! zB_aMSllZ2iPe%Y(LZr_9?lq>PMZOA`3j^UlI@Tkmo{QGA&q z*a<>e_m^XdD*7r~#{AH|WpD*^8nKg2j+D`C?_`UrW?mNA#Xa1@rVWaSg{$2`t>Qv^ zqKEn2V`Q!OKJ15zIvfe%-AEbY`?Jeh<#!^^6k3vppWH#FcXMUjz)hAkCbj3V>qv5) zqYisdIY*#_$p>lEoBIJt{|pPAyR{kxqr zJo870GH+ww2ISzftyQ)ly{+U*+ab-_=pECmkUe`c-Z%Z0n+?v0TeyNu6Y!i^4a}hN z0vW{;dsS8@HGC-t!TzzAQBph>zqznpvtFepZfy0wIA!1KH<`ozR+u>KxV@`pPzI-; zBShX2`j0MR=|8tt4iLaAoA%uZcRcK+UC_5HJ0n&?X4cuJnHN1N2_-d`@H=dKiBaNm zAAcz>27m6uC$Z?tOlj&_)a$`=^$#?xaBRm}0_>U)Z0oQc@OA0+ik9LK)0xB^(a(nG z6x*4yXm}~qwrv>&9pICz^fM}asd1T@Fd9~SY-weM5>D<%>As$1_i0zy&)C;x>SP!Z zbKPN{I(v{t18>n9+BwO3`Z?J}eZ2+>OXDq4gDP=;P_&qit=Y_=H zZ8>9xwo;EYNe_pS8BL|-C(|{@kv-Y--%HU2bn2DT4-p%GMNDlKpy8}NqIFx)YW63C zC$f!cC?h~NNGz&qb#W^u>0M7R9^i?5ASo4Nr>H(z*`ibhy@MWjJBITqU*E9>T>FQe z+H>9p+(Q)Yc0!BA>L|_fF13o>jqUcKr8MfucV)pyuaF9AuI=HvA*VfjoN6>gllJ}I zfonj`o3N(Fr%KZv!A(zsnuCImX)~F>6^Qchx#9_ZF|x7SnUdzD%K22xa*9f3ysC)S ztqU~)ySUQpt3MuG@a&1)$6JDoOC{M!AF3@s1$4mQp`#t{!awcHlX{_yJyLrJ%Qo+p z@=!@vmX^MET{X%nuq+H`bewkVtCy^rz!8K$4u9%G|zxEPtSbLcMx z8||5S$fDqPt2*%`pGEtQ~bJQ-@X&&Fq_LYOr$oV8{)j zw;@MQgs-RJwB|pcHCcCj9cw~5=6&i?UMiyEl^#)P;bYPzvLlHyXm|(N*J@Jh+NmnL z??+^6E}!R|%Rbi+@lIBuj3p>OS~-<&+$^ieA=emtriVi#Ep0<+q9_%htd%U#QlQBy z*>fjqd{cq0QkwfdD z!oW-u$E>dsR_MyH#j%M&i`%umO5t7WzCyNPD7{;@K8VcwnCzc)c}c!X+ zVus;yqdb`{(*WoIofh^R`Fi=@SjAt_(Q6KU)A@BfC8@7%xv!vjqhdVN(G)hn)!%8L zS%-$!<$&>ML!25BwQrr=^u@M%0WQ*FNmoBy@c{Yb)aQ~ODXQU24NSO1WVmw!fzO+% zTly%x8Pnj~2(d%VA3`(hj8SpMTcIqe`a_GzP^XRc)KA|8f#Bnc-9*|8cy9EJr7sD*|?mHS<|pB zO;jUpz3;TQ)d+A-#0@}kGj~irJIX!3&H~lZ5vTemS`sIuFv>sqMO={lB2EC3@DmLB zry2KUvx{45@GUXmds`re3%XzjV>kc0#Rguq|1<_k;QY<_>Miyq1d1I5n}HyR|9yWB zLpWNfSmv&RycuT0YL2pPLNIj;BTOBy}_svs9V3GMpxucI6=fNkUq@?8;0{@jX*rC z|IjIjAO?;M{PGh>ore3u9S~Ila1<`}3SwyhUteFED+p-yC&UJl5%~|@fr#vjIRfdw zTm+=KYp;1K>9eBy7l{HL10z?31R~_@?)WYL2Mvq+{I)7u{IF61rn*b0KC&AS62`aDu7%ALb^c{cRAqy z1hqkGnE;G|R1VI+7+*;hkisQDXg%Py`wuNcgeAZjlvY3sf5rG}%McL=Fb2Vkpzyh3 z{5#hVw8B3!5*Zr^Ui^#k)s`XR?GNdZ6_jj2l0=ug^5^sj+{!;X1CbuDBrJ&Z$jSu{ zPYA}$k9_nSvlNtq!2W;RAAcpoK#G!pav=mL56ED^wg7Psq3*#679;wNhX%@aKX%&% z%MVZof8zT955Vxga0MI+cvv9Pz!g^zz&?P50whv^v+3oD{!^R-{r{L|u*lfojIXRY zaKOKeLD2?E=>MVROQFgNinhNPUu_v8Sprw$S5Z<2pycc<;M53FOn;P=OWaaUpr#At zIso#-&vgKR;aptc2l~LQWj08n)eo1KiU3e?2JG=7kAsWjMIHz7NG|>cT-A#oz>vAr z+28UwP`Bn%2SI@XEP8+%5AXpTkfJ9Lh3bcn6DNd@6DLSI=}N7G{0;!Z1xUT=Vgi4y%3odl9>kZ3q?}+C z8NdYmI@SEu6-4$0iv@w_?SF4X$ZrCq$v`J+(41efy|NF1!v)VgfRS>+a0V~j727N2 z29nzk77O~D?Ui;RIsSk;2Wl4-YL|{@e@c0fq<*ki5IE|t^!aML7lHa?yy}454p?Z= znT!L(KIa7MW?kNae|a_vw99_D18MwRa`1EW{MEsaB&yEF4kjK0et>95zeqihB>sPp zde~W6AW1#-zeqjgAIEV@`-@lk$gT%a!rGF-LYH4?{M;~PeU$MKsY*D*!!v(#guP-u zBIA_I)+wiM&F(>RzTo-k?(FG8VvYYwcjUJ5px~La8_xVSG8!K@JDuFrfqiYkhQtBw z#>4O5ru|n|hK-q1s~Eavfyw!Rkv=H{)N3QCmqRrp) z3`)6+PEF76+36v`7{u){kD@7S)qTJJs(ldNBW-RNuwL(KQFt(R{~e(=#qM=Rlf0Fj+oLxs-=*`rS@8H1 z;)w_6lN79#k;g@6VvlZ)y2of^Uz@KKolPQSGo8?qfLcf(y^a*)H1ukyT2iyYnz==# zRbuU$&dZ_K!$p~^P8Lg5Yw700pW1HJ%6;@?Lrz7)Vu7uxxTT7t--T2}l$L0NdflEy7v9J#fBw8w zo=>gHj&dY#NY{i4{RYQ&dvMyuav)MeNTTE1(HS|X#KXsh*%GcJMQbUl)I4d=BNksf zntM)nwdKBG{c3pdG>5fjfhqo0;Fep=cQ_f*xTDS}nA#SK8%!Uo_@Pu<$(Ac!n~Mpm zP;xpwY(7f0ajD=y6^_EH>P8vsmC9pEsOCy=SFTyMRo}yLC_0(aBe!>^Q*ZYuvj^jn-rp68i=x&f?PQCRX&N|jE+lIQpSnO%7^%h1-cGL<8_LVJ~22Z#TJjl2uW+vNke$KHONs5+132Uu3@S`R1}MpwOgmd)U}`#CMIz00YxVgJj8| zZSn0rS?eB#oZ>8EKYWj}VzI;mrNtu5K!OLBG`?ea4_hG=Z#C@~Pu$n@r_9dZ1&<0( zLnP-JY9l?AoOhLwo4(NL;5pA7g^W`}Q{N^`8~}jg++I@%^gU4aFC|E;ctfVFOAWA! z-+Onwb)%oU&BEUo@`e~cn9N*%QR?n+e8XczBYUa{qHQg^HH~rO3Vn_Lia6FRU#e(=p&x zgx4!pR{?@v0g15ivDZQy$*w1%JHU>>vqn7g^H$P{#l5E(4ntB@ilOOb`GxycX$pI5 z^W4jd&3)tP^8*iFKCi>JLFQ?V`ePOWSG%*hZBnhF{9L)zhBUdsy>Hi(!_peY6mAl? zioGJ2w6pCCBN0gOMY(pO@iJiZ14m7zm)F5o@#AOj-s{<=F(AIuXWus4-oPy<_U+HK z3?WrKv9E$l^vcT0_#~0SAQOK#&9Y9+Bh6ZM#B_TKms{ZkhjgNt1FEBm+U|?wLU)Og z8(s~AEVBpfS01j{LH*Z*Q5|Ma2~|HxmU6J8qeyEA%Y3dEOzOTL`<$nelPXKBK)PLa_Q0oAbFGK<^j70=$lt!ZT5<9Etz zqkB5sqQw&eyUy+``J$rkn$Wu$?2`?;1HM{MPt>!o947_wAMK;`9!K?9Sf0TeiDjNW z*jlkPtEBEA`HG4pASz{3C5rzV{%CGuguBwkr-)@CT@74M43>5CV3g&V|alxcx9POFXu?f_Tu-p z>Bpd`Y+{+~_a@tUr5whyCvDsN*Pk2`*xw&-?8}boB46gjp=s#7t-Io)8hjwv@S;~e z4o45R2A_6@kbXYl5nDJMm8d{P;nwrF;gX_FuViLp|>QAhPF&r>H5acAhY1imB zD(+d7A?!eEuqiL(dSP*>#9PVE$AxF~v@85WW}NB5kc(Dur_+O__irZ3vD7`7Hpj-* z*Gm-lU=wc*4tzx@`%+X@!(d^A8@z3%z<(2o>&VW%V-%Z?+l9A{R+BPf!{sECjdMDx zk0FMt_^fNro(N4fFpN9D)t4kwB&)_k#UC#)&rty>Pgt_9aXepM*rk%mXq%A7>Xr-Pcrb=_{d%*0_lqPw$By ze7P=c7mbU1Tg`{$X?X~(zW(cJgP3DGjIg~|Ei$inq&8pZ;>q#vL^p8YRq{)<1b@$X z*?291z{!MM(enECgq0Lqd3D`O>4cF82UefM*S7;4EjKC{d^(N`yc~{Z8OuXH1e_Su z7uoYO#QTnj54VW4VW@_la?7SvtH*r7j9oA8+R=1ir zond)CN!)fS;oZ;dN!s%ABh5y#yJJ6Z^zhG?V;YLT|EB)Q0f8zao$g(D85wDn3KjM& z%noCj%-fnZ7(4nPwhn9pS*GaGR4=1VW(LRAyec|(B}zn#)%e{)lUKwy#)t{AM1>?W zdi{suB5-3+@y3-6E%Q@*Z%=k(zS0UTSAK;lSlUO-(5KWuh?SF<`i*#O3r&{Gpa1o7 zj;_u;X`{!{WL<$Sz27*aO8=`@rq{y8;v@#vahpD{WF)FT2wpX!(Kl!sAcmvKe8!1^ zn50?soQg;7DHjTnNkeH!foqO%lPz(Ku2~Ok#{@^2D6?E491V<5wMaM)6?`wuhV5R$ z5aXx1EWgZD-qF`F2agCMk!-^o$Xc7%1&7wywv3ff_4mGid?yxJg*Y0h7U~orq86QV zM?Q`ow+pUbF>X|{(0SXPK9Op?#)*NhA3vtT@$9a<18LtB&rnR7)b{lFT&VJ+B5tYp zZYG-SK%~e=8(fEhStk^y$2S^WNzdJ-@f!ML52m;87an}0uWlLqHbS1z@C1u=SdXyv zd)?r$Mx5IldQrmc*CUt_ZvC5l#rv#5*z0P0U&eZ#B)^H?t<<)&>gh(yewhB^s|K56 z$RlQ>zMyxAX&Gu(L*h>zZ&LD<>L3^d^P&yiR9NTK!Rd5*kuzY@1Xmg*OW?hs+ywuT z<_*WZ)cUR-ONi>)__#M-%W`^}qwuwZPOkI))`(M)N&hlrqo^sD_&n@G0w#&tscXE> zQiAZ&Qd1PMhxMc8O}BmYvRs|$Im2ApSyrtUwh~Pqr!M;^QKjvLv9p!Sh`DxzQ&u** zsI-W_ccMt&+pEeiEu$q`4+K0V<(FZ4%eTd@C?vwq zV~xPN{!}a6_-L+!RT_G*wwA!Y!M7^r*&=~x3wJjXxL-Mq#V#Dtwyq{m$0}TpUZ+_*_9W{xXjc}g2vjhx^*;5kDW>>IOf_vd_!S`qFPCNA5&WaHEe z$>~lzW;t>X>302XZ@qr$A31MZ?4{jRBrrqo@K5#(l zJ)+h4a!mOWd#AQ;8SQIEAFDHYbGKm*w>Q-g{t@SW{86$Nrw@V;#GhG>k_!*GstXpi z;@DH%u4d$Plrbrq;lxgnI3(Eml7dyp!ub3gmtL0YtyF)u!q==}@8y$;l(u(|DDcOy z?-g)%u*P)8M+Rq(;oKW=-TKmAyv8q@;_8A|svGkl!&6iaUGWC~F30Tso0+|$?Jt+4 z100f3u^4!X$YYM*(kF5%jRvhZcPmw|<=u<x@Snevmk8@c15kOb-IOtuG1zrUPQIv_SuN zbm!Pfm;G=&hhJCV z`PSR>^3}W$na{bdf6X3rGnr~l6jxRt7ygjaUjM$Z%o}R5qYmBA-zu2arJmQ(cIzMS z8h;M9n>wjqB_D)Ony!w-nlG^EBS%(na55t75xB_`**eDRwF;%>Zlbf0LhlJ&^MAxPd_ZttPXcAN%=LADQmhqk#FCW!w<*phTg`K>`${Zr3{BU z!JNJ~-u>K#^?Gu@1W}3^-ILyCr9fZg_(gSlnee1;qMi+`&{Z46i7{RJ2u>~=(!j>l z6J0`u1^Ze)=mwG3hbw*2+V?mnsay{T-&@Sh;5&4Y`kM+BSOgbj*eTFPhp)fB zqw`H1rBb7q@YqC|M5gLe5p-)b60BO^{ok(XPUY5oOQ>8E$^v_kq3L|`{#J3)T?)m!@Hp^g zw|(N;{!6*$k$)! z2?RCba)=j-df&r6=1&aYP2BLJ==%V@J0j&OX{`~bRp4+RpnM6FFyI)s)*++$)?$pY zl!oN}LEQb8lKLTCDBdUetBqOKRp$p(Yrzrkx(tKDh@4n^k+E{N1Q6MxT)nUedc|pN zUWOo+!&$QiDkDJEL8a7hvGaa!n_A!+RV|6Y93jfzij<07f)2?b&bqZPC?Ad)(gmGf zkQX$~Go`x`2@-duG)qvHc@c3gg|S_7mN2Jv&P z(!~Y;M21H5*F~TGYlqomId?Rle!Wo>Z$8Djhu;;aWVk+M^~RAQa?k3MoCRYw&O3#v zSff&>9(`I;?Tkuxfkk2s0}Xj=FsNP1jV+mk+vD(w@|n#+TDC_HFaOwn4c{f zb3X7XjyZe3R*~m>Y-Pd&24U6r0yp&eR?0FqA1`4u8hT6D&K$tGy?_5T{ZKgJwYwZ4 zQcK#TGcvQB)ZM$QAF(@4N+lAa-J0pHA&)Q>~hW-uzJ36fD+1xK+RP^}R z;%%s1p24x}tKg3oKkUS`v@pSW&$t~J#j9+yW`A}9t+wP%W^;Y$h{(v4yZ1h|d*x`s z{Q};%mZ|vkkrN?0h5=??9D@q>J8!1`KKA@WwVQ0Sn%EM9{^Df5KadI zTtFAkKLDFQ1EP>JBfr!Ez_-4T4j=$g4lrK?^!NefKLVgkzwt$YI2E|Rzkw)!1w?^> z7T5-eCIP5GKhZM)G6kk9aDl!z1wvGupcfgg;3+^z>>sW!*6sop0^M@|+ttOj`9EA; z+?fMi{Q{Q$+N&S;>%eDmz>Fct2SW4#tRq zp>R2v|F~tifWk14fdGLL|D-^H)haFlHkUABE}*Ooq#FP=;zyMKpg{e}3nb*p1r+Up zbi(?ZN)SLA=prsbIPU*;2N9Sc92a720BH#>F7Q|BtYCeB|LqYHjr@t{0^^SDe;Y%j zRsf*O1%As70O)f4P*UOoDJcQ|BR~@gxBU@?6yVDJ)y2h_ z|KI}5^WXxB7W~@<1kd9FasDw7Akci#3*fZ=+XV!Cd9h3&;Vj^M0QEEgS&<8Zsj&&*Pk(<2hMNocj};AF9KiOBtQ<_N zY@C;(=Tb5T@zB5#{~v~UDH(%!Xn!-lGDJvO62SZbPaNP)_rF^PhSRUf1(t!o8DDJ~ zB31z{1DQeKeg7X?hKN#tF)-`@&G>4|5V83~UJ9Ig{zJ=`qY)_R^EczGEkh(wK+B*| z24%nh&@w~<1sH=u`7g#-TZV|RKh#Z-uoV|bD(-Su{#-XN>5Tm3-hp`qkPaY@nqVO+ zP@R*9{6|-gnp{7nNC2m*-`QIL&J{ZwxCjDyFF;qI>;yP8UariLY9&BNkd>Jo81HNl zl0rYdT&m2F)OnB-2+HZjdrkmK3q)o9L#HmggNWWMmHFaHC;+JsSpV3;5=H;JgAgGN zq#9i?tw5yv|1dg;kiJOyAjuqH$_I(&T>K3mIKH4d1`_4@{eKof9R{}v;o=8R8X!LSbHTX&<^m$ILb?F0 z4PfBE*8FcSE-~yc3Lpn?T7Nvd33$cyfA-=EyZ#ad4Dd2Acuqi%Y5sFgAUXD63K)3x ze%p*!^+mZLne|`_*xzigBp={#f7S_5nE-{)e`psXIKdP!z&pSfW4>a0wcShU7E~la z@q5Mgcj_5vaeww1R2TnZd$nDNWGfBgY=Jk>e`psX=m1&%g0}WI+biutGUEYMJ5X%` zZDC-;Ka<;^PD+=a{v-p*PI3Lk_-e~Piunb}475K0KS2BAC&>&Tpaobr@SOgGWCjq) zf+U%(t5{kS*I=9#YnS=W%yab@9}G~D;RkL&$<9K-+1(XV6`qkU9JO?_9br)0A9KDx zfYLoBuyVUs_R+kL!*MIg0RMI$ds{HGHJWv?_NmP>6Eky);OU|ER4*AXor7`oO1;CB zGv1`LwYD=JvsT0LA*uh@?#SH1R7YbkKCI;BB*kR({5n_9J^#Vl)A3g71!|Mi1?C^9YxVuh#WbC(&TyRyLZ%%tHIu z7#Z(K2^<=D0m8ZnWF;OlpB&W}@37M%v_4mJ5#s4Tbb`|~r1>sk<|pHK*QjzPx4=Bo zcJJsgL6<$ghlNJk7pKk8l9gCMi#_S>HE+Z_6tg6sb2mSkv{s6UtXcLo$~ST$I(dlV zy;z{?dYX-bM?P9srIS!F-qP7~=n<$yL9NN<#8?x=c7L|h)Gm4Cri{ueR3Tl04h@o< ze3C0epi{OUf33WkQPyjY{g?DrwS2j+A^RS{fuax=d2j4f=jyhg&vBEm` zDdtrZXrE@21=uAAE8imH)Hn@r1Xft&%-fk`hTST zWmr|)_dX7TG$Keh64KpBr;^f0cS%bLNJ@8ih@{fpEgjMwN=uiN)PKXqb2i5LexBd+ zihb>iG3Hovjy2}o>%P}LqK8He9(CBpHn>~R)Mg7(@P1r~)Hq>@q+y57Mtym(O&ziP z3_SkjB;BF-8kUBvQI1elx<+(1l7*68V9h863u(941H~uzG}Dv52h?EqiGw-64^^a~ zNqB>j3d5T6O-3P{m`LceqP^e)3|r*Vr?9(%nDmk!H7h09L^lN^c!gHRYYSUuZfq=V+brD9%6}z7gX} z8Q39xuXub`fqgl()0TWe5J8_4)Qm=*y{Msy4terzO?Y^@4OZ~#%f`Ocv}vm2?)G*y zTH^L+T1c!6QC9m6iTU zGMsJ&%1idpBL~*~U8KY_RwVNuSJ~cf_f3!)6> z-7)5xW_FL}Q@rvWaJonchQwzs!pArQ$#NKW_NvonW~Ph+Nk)t2?`Yjb zy0NGa0^H&H*Ltm%pe-H5KJ0=mAuJY$CI!}cX+YqTDh2de?oUZpHAqK8=$!PeV&SEU zrs^Rw;q&>%NzQTAgjF=lxd-c9q|Z&1!7Fw4h+n=xp#Smp?R?zW<~pqip*$=2gD{M; z4>AHIYT@^>i-fG7{74WZky0zg)}!+I)`wX=QEK$&o}f}&Jp{y)&)frYhN@&o92(i} zGGeeb2@3a;MM;Wa$M>CIk`J634NEW5ZKa zmm)Y~p9ALt6Dj!(F-CwSxzJ&f0pP)64C#gaZK zXY#O59vFVfnkN{HP=*yC;NRySP1V>TCjt=u*Jai`tIyFKF(=9CCg-8n5bB<(D6)7Hfl_ z35{ejAtRO2lrW67#c$9bhaj>VeA4mtjG`N)0&-bs8OU;LZgS!W& zK10pe%CpOee)sr`Ufl3gg>g(cAGM=l@=fw+0+)KVBx4oWxz~Pb==(lWujv6bscb;!>#1A6K;58f!jFK3`c@?Hq;cnh_`@xv%oE=V;!^7teRO)$4Q9i%mUKL~LOj+70!5#$G&iOR`N3~(A)!TVoZjykGVvn;>$O@5h;VGBlh3I6F_ z%bORY`1d7B7Wm|{@s&8Y9?}wYcc<9~Qt_z{ayh%>y!9~TB;bIIm|}<(H#CzdTM$(0 z6i@I9g*CLPZp2D4bN(1-4o{^XHA}stu}Lmw7IT1zsfz4oEL@gyG37Qw5`}St$1&h$1z{A2%~$ zkL3u>Th-W0SrEJ>V4?9!Ab7R4m9Qv1gtrLQ$F@osgehr(5>Lay&WIqF4A=zl8NW`t zFUI$aN1=DMzTQhemLWz~_7AbmGBcrOj2eVd;q^DT*D$LcAusz?#*ZmMy+w@bi{Vb8 zKPOAI#jYB@7%{tkq*+_?0KdA8Hkps^Q;K)NO(U_1a+lh%$HZeneI_Cwgwo_C|dt3`wkr^Au$yv()!+zz?+~wL~1CN0uE$ebp0(1z=o>}Ko zuf-^NTfnz@L{r&Wb)!wlYz(@k|Efc#flb>j|G!152`YJG)r8kq2A@tN0Q`B zY+oRCVTa_63Je*a$Z9C=)H_9=8^!J*B%$KIE#Vn;IS_%BK?PrLIW1~*`Vvs<4CdJA z`>xh1VS0CCqsBJZa(=u}z~NJy3s$i7d@hlf%ZyK`12Y!$kL`~fXt}~VeD}ua4UWbi6<7;;Cr!acK;;rP5iNZo-qWaq_(%W zDZiil1^Ky&dt5X5ST601ec(gY7KCwkwYAdD76dwo2P3d%2FsEC@5nm@;A}@{_fpPY zsd>X|zHpZGw#rIQ!|v_-OwcPejKA;x4n<#dP7hJ$;8Vw1e8;MZ@fo2-h%!Sd*re0o zy`>t>HRWeq59~7xhNr2BeW$1@A25)Kuq*GMYex9t(opQ7ZR?JY_Vg8fYihS`kAbXM zZjC{sN{VKV$d?r)&0Rw{4wd^7YS9;ko}#A?=ec%B1GDK+p407>3Sqjpypcgj_H0*q zii4b!(SuYEU13hOj}3!rnhM7|YUB zm|4Z6Sytw_m3Z#3Y}_z{;rYA|m)Gs9YM;xR5g24hLX)&|+{2G}ALEPQg#I2+!hS75 zQGk@Bda9?l_j`S?O~+}uA|}%X{n@Bm9jA|hBL>}`*_=-1wE>AC@8U~{y>jDpT3daG#JDW}C`0TtBicL9& z_#BfvuuAYb zs5%B}^1+6zTyjp>Ag6SWh|UUdmA6%FJYefApa?*K=43mAWl>3(d(_(N~8>v)MC92w{;kxhbW-NcFkS zmN>?~(Z%2G`*KNb8^_);ZjkJ4zIABl^h-~Jl7>gddu#3M@MV7LnW3wo}h{8Jt^;DqePJeOk}ua6BlLtIv_^=j@POnReeLW;iJtWzaqo@!esk zgMaXJc-16Hn{&7n(<2B}E?xKIQLfhPncPZYua;2Lj#jt>-C_C`>z16QzV$eiHy-WS zxw5fTJTDaADSjB?-dkMI?%`S8itKawh_*YOSR6qe|73!C)7Wb?F_n3aR18Xy*$#GA zPJ!gU5-hJw=2K%f=dL(7aIt3#b>p8<~BiL zgL&r6GnE0aPcvNRaD;q(_i*W7O4bFo#FLrF)e^?+ea^5YiRou@>d-3ku}XvNAj%3; znuYin2KUP|&-&O#4vXLcy zdL@a9*@+RSGW#aXPxCc9y$aS9^)it&$ca>@s@Qe8P)GI--_-SUj;%rSCi~EICRDk2Dp{rx49BqnqcXF=j ztA2UJqb5eDy$`&TeRNvL9F*}_Tjv5Ia!~860`<_9a55CV?E&$Cmjr*?0l}5$7kGo3 zvUf)xw(wefdRB++jOB8yfY%KWA~ofIpA^zfS>5mCxjBU9DJjLJSZ}2`umh)-k@eD? zTPbpAEPA7Ol0lNG`8&}wzLNN%bSSBEi*t9Q)3(ahU{>=nm9h4`avLX}QDq|?<-`IE zwI&<-!Jcb2%;Y_)%A1{!=wb>NEoIuoc?8{3sjV`r0bohUM z*Z1+nVlaC9e75sxN5_Zw70!2gL~bIxby&e~+xsGQoD?0=CpsF84vD=#MGhVN#+%aN zy*#18c1S%t8vUSs)?jiE{qf2%#Z13fgcBt;8SZ8^z8*nXGrD^)(GJw!$>l+6Fy4lh zm9(5$s%AfnI$Ii8uxKOl#OhJJ>maY5WO{2(IyzKrbqo(pAiW|SRY5OvQ;hz!cJ2O~ zmpk>%x+wTk4CD^4>DfKiJfXe?Wp>zS$D|OFs|b)(-ePPn+ib>`(Zz(%&`ebN&3c0cGlPfw-!XdN68;N>y|eeNku zPu%cRSA>SpMz_z zFgiwsT3~AxrG*mhBAxsy#X zXna!Ma9+mdDKIDdDnz3I`(qW!?LGt87JwxGC;l8je&*jNy#GmrV*(|@0km5FM>FQT zW+2b^{{U(NNlk1w0#-n@;GYNJe+D&gK)j#N{6Rp?n+MvUPtZX?&D-W0Y&Q_$FQfdz zp98!I{_kbp;C`Tl943G+$1R9<^V}SCyk9}h8*!xDK!JE9DBb7=U}3tUGX4_K9Tf66 zsS<#Y%s&*3>&{_pK(T|r2X)sSD1GIoDH(`t1b|5aa0i6%erhHC-vRyv6|OPh>(H)2 z&0DRc|JxV@Yq$nAfyyg4=o?Ub<@!4yQUUmTGvn9a{De7ybjUlG{tKuHs%-K+wu|S}717K{RE(8$318Tbb25Q~}{0A35uLGzD@!u}4FZB;Du5a9HZVymXi zrZLEc{6r#wQXT*80tDp(BH$po2MFRP&wG#TH+sqwh5|C}?x3Uki&D`o%0l1Ra_vzhH ze%)q3)k}WeW}cn4x>zea&l)|xKRnZtv7%= z%nsynUe{rEAd~a@yPM&!Kim|uo7?@T=U=KWXs6PfkO1W4e>N=uNd@5JrVQQjadR{N zyu`cFfuu9A4uNdRfHL$mFwpj#x0ft`N7#?;WAq9aX~Xn4M30r6hh!33PAb-dlVcl)qJ-s;$X2rIRQ?BX`_`=$e<*TDM*w`FK#cgJ@}?*}#c_ ziMbjZyL0*EJZuE48}a!Dk^3W8?k{f6S56#mNBfJljgNfDrRfS&5CLo;c~2bfuL&8x zwc|!^KTN84YG-1{O{&fgCQn^MVIG{}I+we7?;Kq-r&Qk35dUk4brn zv4%sNMAF3>Hnkz6mjqIiO^ojO(M}F=)RyCK*K5rgOAXCZ*K%u-AEB3_Aa2imFr#W0 zNOFiz(>jRwq8h7SId@3HD8!H5vaI*rVq%REGE%xfx5fVIMfg*8r*pPL)`O^7a;x5;v3y7katL!vCR&rRgq2tyu;ctb-&|SBMidqVUKmb=Bm~w7^$VyyWv}UvTQQ2V4SvvvD zr*dul=?wXGwl#}LwF#Eo=X_+A*00t{GO?d7n@LxG)?(D1ToJ3+RaISPNLMU?s(mBTX+GODe}hxhpkmb0>}DnFG7glhIv+H@6s!#}3hv9_9(9<;)ffqRKznCS=So~gqYM;Cb_n}diNTi;^aK9Kr?dV>1p1uPN#zV?Xm z3jg$CPq?68YBo>N8=1s9;c2389z4|UwobFca=p8(6dcBz`BMufx3@DE7;?Krj1_1s z%<%(l(h)5WESbmdujp|t3?W1c#)&|ncbCh{;-6nOSdqoLV@=JxAYrF~vP)_|Uz}&Eg=o z;$Gov;gs);>GKuWWxD%xneXf@2E04w)p@vnGt;YUuIDE=vSWWtGUJ zLTIv-r*_h_VxlL zeK^Y&Myq3qyWVs94tht<2%Po1v$$zkw(}z~&WjCr?kY%3_jk4)d{+0}U*30LmP8N# zD5D0~06%#oRE^qb8+# zCrZ>37j&cwIQa_6RgRb#)t`fy{K>~-QSCHTymGl|KJFU_PwVB0i?+BZyjL%?bd^pQ>_!8d@_YcR)`3jG+Z8$T{2zy{uPsDljIpu$QkfmxC^A zR@@9z+qJ%Ru5?F}`;Ftp4_YA^X(D4&jQjV7!Jel#94n>U3xS~siZ^f}`kV`D7P;9t zoF&jRi%hACG!muH>11YuS3}L0yHfZ)P3e}GKTmSV8eW(zph(hJ;zYfqtXG1} zzo563r|m5}l^fYqXo7A&kzyR36V`w@E2+xvM%-p@$a-dJb@7y5h#Q+*hs|+)BZ z0D?sheaZNKG>vAqTCY`jpTCqk8h5iH%vBPaz$KJqykyR^g#EPaplqY^f%5{aPA-Kn zdAwfr6$%QmN@rzGBF-j7ITzmsd&xUL>);D67RTnTKFbDek!IDr_sZ%;bEjkwBi5>B zHF^E&NCB??t5l;Ce9Vb8`WpDrYN`tG)jWd^ipm;S$8QH_sH$aA^^_}gSs{#VOd z-K~+NT#FEw)Fc)Z(WJQ2_v%U9_b}cBg*T(1eKBwo5_x2T3EB90=W90PBc~d;EIUcn z{FN`f zK{G)~tZ$z?_mO3&`g$NSSD!My1Tx9f1Q_ zNU{O&6!*j*@U^VCdZy12ph-4O8fZ8(>eulP=;J%%1Y`rD@SZg4N(gnJJCl)dbPM-EctZ{g4_v3&IIUQ z?d8BoNt>OfJPv=MlNkm{_uZ|IV>d?^F7$%Z>YiS39a+-FaC{W~m?WOZ4GRz*$PH%J z)!Yd^r3oPTjIYyv zEHU^(g!-5wWbpZhtfM^6JMmtO<8S;_jHdS^cUBIT)Di5aOKdv*Tc@Mj3!hrFfVZu1U-9!51>8u&MRs@*Yz)^AP4FV3!YeD_(m4p1Rm`owQJ$24TP}QX5mO}Mr7EAZ6WX=? zW%GrU4K6!M{Z3)(xPg%}+cVElY^xk+w#hbw(s@k}by~&WIg&@hjhIZ;L=D$|PiL zN{&2=EQxmxZ!tIf;fhtg(h~l*Kf*(;W+x-l4T5Q+p>SH%$9Y{yVH=&aQbpXaOJ_J6 z2dSE$_XR(jPd(Hm8JV9!HT8>aKRu@#WM@pMFp|{{%w>p+6Tnmwjaq$d^|WU=>cw@3 z9qBf9K!=^|j2)E%v+N(T+)S6}o&q6&=51d|OteBhP8X3Lxz^2SxO^62HIU`u(#U(+ z$dn&UYObDO3dX}QE*!4+_(iVnfCuWF#v@*>WzKhIZ4TTE-aM!eDEze5dnc!;Wh^92mL*avM!i!f zhr%b8Hk&JupMOB(WqW?zdigF3Pokt@$|jkCW-jIX`P(gSjpzz>rOF)Kjza4%%Y9{6 z*oXv^)bLMG*1ZKao^l|6v{Int-NtqO+VMT8R$5bb$7N&&W6^}Mj>B9y@YO1d8>xuC z@#u0O4mQ0}I#G0t)8qJ1-MOCjMQg>;O5}MdoT*F2prSJC!lR7$l1`@_>d%c)iQ@P2 z=>1V=bG@=LA+deI3uNK^DCs4*rQw%)D7u-+o7c%rzqH^8`^*zr>s9sw;X@E1*F%cWCEiH@C|9rrSGhxO`TrkE%C0{b;OOVL>3cU?#Hjb7@#Gl+N#W2kZZ-dFeF9|ouZlB zrwS(JL2SsJH?Oq4Pib=3^6{w9foxJQhXmhZf*h#$Qglh&?}0_4O`)RPDJ@RyHO~>0 zWuXq^QFj(SF|oI${=>PWhD`b%0U-obKb*(gYvHVLfs$_IGz2$dny))tU=UiqrBm~d zJzt-`HYv2!gVria^)n|b>OYB*6B#FrY?FZ+k>dA8Cc#qUvdiamA4@ zxWLqH#O`m0za%%n948NX{c#p&*lISg5l^mI`!P=L%t;9Ho_SVxMMeO&Z06+H?we_5 zS^lqMSvtn?G|bxJ;ZzQ!l@+hV5LyT1Tq|_G#UVLAOvi|T3i=$jZfYrX&q3s)N(v8e zl!9s=J#CPKA=6^*ob*GboYSC+1W2ul4`Qr&Irv1&4d;S2KNJ@m#f~N-TMao0`u-K;$UeYK_z4~S$__^@dO`q_PoMjvb zLe4_)1&l`o$LIKuP=;j|S;yaW0t*x44>U%o5n5NIH~K2luGmf(YmbSu-dWNgQ<8n5 zA%S6`+$ND8uc#4yiOTzsecSJy@WVXQ4@!*lFo+$4x;;yKrqcAYo-9)DYFoM=MU~48NY~EOkmKPc_p&pCts~#uumfaSGVCp3HX_5 ztiP@Nu@nU^uS}i$_$B0 zuo>KwQ#|R~kVam?(S}s%GxDVsGLr=YjB|f2{HDhO^{M?@EhVPHPR{V!>p6TcgaSx; zY{68&)H>63tWChf$yWvX(~tF)%{PchxAm2q5!b2@NX6wEi@{iBH@Nt{NRdr{LPkR% z%`CXpTArvHj7omjz8Nu_I?ua`MQFS=jVN|Osrm7{~&$31o3HV z;l{O2iT8!GnY1t%>$z)md9Ec#<|uP7uDX~f9zNHrEeEs0$YRcAT37e*uM*LD(r{&c zb~f6;LXgEmU?IxVXui&7yIV}kC6Wrp#jvQq>Hi>|%X15d{5curF}6mMwM_u0M;u8z z_(#;0_~CJ-MYM{@lJ@O~(~ycU)$IKWIel^1y+8O1lts}cj?zo{Gg2b7Z80S^C#_3f zF(g%^78!$Muu*6S0bZ5cwz^o`UnH{lvC`LfrL<%INU2$fc{g|NqNK**c=^c0ZtrNn za^qro{)b^>je`q^y6gGH`uONsAUnJ7r#?5gCyd-xS>O)PT5oDvHH5}0i&``A*Dd%i zw&=m3!Meyo>i)#XVZV_FxP8F-pL`rfP+|@6(ebU>9}rLA%b~aE81T9F&j-nWL_C3y zpZ~+(&9mo1@`;}K?Q=8xAFdhm;FuX3W#Rj z+T6fIEFf)S*w}&6D}YDwO#kAOY`_*OztTK_cI9gSVupwQI~mUD~P-pzqOkPd+UZ!hVm+|=KUe*-seF8E*L8#Lz@ zH2%LwzN>J;d;{nF&G@&G?<$-C)unE6>;GY7&@3ecYEAsj`1g@PfTWvr0s*E0$POb= zwvFje*?b4YXJ-P1FM+@%fJOyuru0X1P-vR{Mz`p8>aXGZ+gI}%K%Ku2P~(E+*n@GpY(GwQq4 z0QMU{w|;-QY5yqu#C|i{t-%ey>_(h{{ioCgJMeY?o7)Q*^fg1`4#*9R^A9d=cnsI! z-*7tq)5RU7lk4@ljpF7eymkQu&90HezeVwz#>pLt2zDSf@!HkD>+@GvcXAfUX=1I-k{8XGyW~%0WvBe*f@~Wbi4fj_pNrfVJMK(^f%+*M+T{pfUtp^ z5ikS)hmr48MIfi?Hhq6H{(a;-$U2bI1We2SWw!4?>p)J^-;947`Q|>pO~+4rOHpFj2)U%m4yc0%k9bEa-&*x>p9)^wRW_I*yihw)8S)I(i1?fG_C< z%`EjyLGNx*xsvND@w2ldJ4k0oU{$%kn-t{k*n%eCb%nXvlmLkfBG&R(TabErQ=NX^ zKOhn-f3*cky_+I;bJt#1$s0D|ZC$&&oC>0MBEP;#Z>RId!%YGBhpzf(55jjmfF$9~ zqylGN>ZQKEnF0MzoiWxs%OY>9V{QBIs=RoqZ)*%7X0g$Mii@$|$khB?>g(nDfA#!? zg^q*$u4|C|y}oQ<%gyVF18%dxo#8(x4kU?hJOKG^5^4Y{7{DKpEW`+uLAu>&esOna z7C{wIKxR?Uz|hkApIHQ42mAlaM1m@${NYp#l=HgH)w@Cd`BV(rK=l9LV1Hj5P_dPp znf;lP!1j-~+xOi#?M&+j)sIBpI>fRc9i^z|F%AHdtX<||%z5GG`~;RpTE z%bi2mZ*+f9VNk%Ki;W$447@pK{NL_=BmUoVC~vwNv$6kdD##9Grr&W2U*LCuNPxNXt361;zs|5*+WU3=2J-cn>HX}$-jIN(L0IvBbpevnpiuycTmTpU zo`L`B;@8BzdldZnegiwm`wf3}1ybB42!V$=;MCu}<^S|^@5cS@0^CvtZLWr*ZG{`EMwLw|VnFj0=*Cw~Z=qlkYd%U)92Zi~G;@0yjTUdO1kU zzh5uN>Eo6%c$@wI!?@Ru{}~r}a=m@i1>`Bn^{*DK-^T^Xwtr4`H%E$}LZ?iOziXEQ z#ZN(tz)ijQ8G{<&xCJOjz{3{{K<)MVXA3B4{b!l{E93B{>il#E6i>V3;OA8S-NDZz z#WmybW;no^{+28a_;3>%2nP|A-TxmPL?-56IEbbIQ8M(40xd=#ZKKNe5QkGTZLHu; zFsZL#P&NE~q5@x~0HS0$Roxi*XB%(2Bs3$KONYem<Cucs}av+0&~Bj93zpBG&eZ*NCY2b$__V8#*3yv0RO_t7DFhTRxcSao8_7N_9wo8c0EeW_;>5_?*9Fy9J(=2lV679pm?;$bq)K)nLIbbc z???Pi_e$&=knKZAw!U4IAuNyXmzUc!9zBQ~6s?uP=;hz< zNb<;GEh?Z}!zOqRO-J+$dRQ(e0%_ka5MlS3HA+QmyM7B#R z`8+ScDwkaJi3}_}Gf;%05Qk9fV0FEkDfmocP;nbcomJmH3Tnv}mzqA#>z3cugVkYp zNVc9)T_K}J5gs!mrLwy!`PIUjZmOmm^JyAdQIY#df|?-}BQ;CY+tvQ0H5|%3)il#! zNWrfPahJW^nemKvrYlZ4nawDZaM2HFmS?`sQMwBB)HJ@!O<*eL*5yYZ@sS9<@fE{+R?t&Ry5>Jx7k_s5Uhav2#W9R zZ9;~e4m!8krxn}Fu{S+6XYv~r>0(u%BkdC5gE{zsiy&1!|M|eX4AN{oF z7oaNhI^2uKQ3F2+X6`P~n1~;Y9xdfsY9WvtH9kt=;W|5N8>fGjzuMogwNQUxJ`6cC zZ}`FXQ@m%`tA}t&lUWN3xjh%lhd9ULS8$X=@6IVMrT88gdRZ2HTDJ`*N@=e?Fvhpr zU$5v)4MoVp0c+9YVB@z*b7yUB_sE28%7<9<3k1(F9#LJHyEl+~I!Pvk-q0`NXZi67 z|ECYQ!xgF>m!iSda7`u8j8vMWDI*CL{`LYs|H8_jEZdr$GdwVFML#~rS&+aHD z!C+Qes0wIamB%mN-izvS^ptRxW4dHW zj;3*vJE~Bz8n&!|Zj@ISHGr057CBgKT8qc>y4YDKkxE92pik%f`qrTqwwN{YBDxp~ z`X{6@??J=I`SO|j1VbnRCQHSdwKylu`)F_)lMv^kZp_d3*`Ua+58IZ}$72g+#$J5i z2z02fP8M3{K*VM?={~omePNV2BO@vVS>x|bPb1D@?Pq|$BTHbCY~YKPwOD#G$P-5@ zs8}hdL^{>7E6I@pw16?=Lc8!X0a8_~RGq#2fb$ z4DzewH3=I^S7Ur?g2F;D!o&O}A8i^J4qZZiqmFoAhRVcbq>`HR^ie`Lp00R|$25GF z6-5Or-P%_CkOuyYP|pDP{_CAD7pHxPkLKzd4E5Iu;!Of1@zI?06pO`Vi8L{^Ew+_u zP-YO7ayc6jD}0=YC9vg8*}UNn#=apBn2vk~^QZ8CiSEb}TworMBS;(-$dneCQjz|O z#3e0)n43~A%AQTTu#}3HWjft1mbEHN_5r5tS?g$kK0;JXguU2!be>YsxG8V_{i{;l zAA_vv(d2SIPe?hj-TJ)Djid;W6^Oe?v!jh6OZX#2JY`i_i;X9nch%VxrGHHI8%}y0 z@vk4~n@|r!2t4jHM zpf^kf-kWutcou)rXy_2G^B{t=wiv!R#Kah+AIhBkk+%I?NV;O`tDG9o8U)vd{Z!3?CN9J z0U?I~o6r8lWO?o;a!uV5)$3UVvy~4*7h?9lSoS#5``FJCKWRSbd2*!ba&eJ6UdztM z2q}alkX#%05DS_CrC+%HO^Kve*vL+R=X-hH8SOLst6|(ZuvYw4x*`mNsAGx`Vxt(F zyv{-u)){ip?9!uY{;nEN1<1i;vLl8}C%M11Uyp7p=b%|CO3z<`VXyHf9LF2Q&BfcIZ7vJos(`%-rnJzBawSMOLFXQ!-Zx$|@5r z3zBwk75s@VzpluQ)^4v@c$}Ri4lM;$apfSb$MGtQXwD0`40Ig6-+U$TL6TU+2&;9m zS(ShcUM04xh*p!?bayz-%V3w!f^cs9%i(f1M3k8VhTQ5pMzE0>MgR`oi<3+7&s@Wk z0&#dW1|KJ}tVeh6A?0v>O?-OFl=m*rW=PawQ2iNyM#*eRCXcQ}n2GI{&nv5WGAi>D z3605cvFE7opfB5Z`%O*M@qGCA_p4y_FU1e6m083E6l-I*9vo?bdxVRj_f07BxMz;W zloV*f&fs?<+=KD*kbxxrfs~NRIb0rp*!KOolo|Cf>SR)aIy_s&L)E)J|=yC-zYtCLGl^PXJ6urN947gkc?*9kREZalaJ;I0z7gz z$?FJxWT?n+Vfrj|tlh=Vl-`@GBluOYE%UQ74`gDrMniEWUz!-BB}#wr)*nJM%|AQP zO?+wI-rRlOkAx|8e=SUAkR6k3bWM)0C?MU&+~@Ec+mn%X)wQNancUko;mv?#{D!p^_ECpiQ z!-rxBNB(B`xmi?Fvx!aN)E%pGwA}KFx zOTii+v}MY%E;fiiHh5RoCK&#|Mm%iH>ODBd>%b4s8$OMc+Y(W94*7Zev8eh^svdn?Y*T z9FAVbi;!GJ7a*Lgj$hV)_J|^8lpQMe!@cwiq&>x9yvktVoiplhaw;nvL?X^%ggMsA zT(M@O1W5rFeC$mIpR&PeDbx;&ode+}^f@yVy~?`qQ_4SA3Id*)0E>%S|*ps-wl?9-P%x|#%L-zu#VR* z6dZn{-SM1n{{stb$np;&m>)k3yd+{fgxeEv_DQY9ytYWHdAzJ1dqNiQ*ZweK{0fEG zg#5nQDA7kGgV4+D#r;lr)pZ-5Zdd~p%?xBnu9UfOGTYNuZlQUOTC|a%9A2}lPQndo z(RWJlXrmmThS)-o0-joSi z+hrMS=8P_jYL2Bs4&-8v2gfZsugr4I=uOg5%iv&UGdev@#-Rv{&HV}ytQDfX`@Ay zi2RWgBuQm*$F6tU5e>Mi5cdjcYdZDH^lR+OGFTG5hs$gSm}=~1mCJ(iBM+*BDT(wm zV!|gDpQl#%A3)>MB&$)f3#P;yBjOkZUT*pr>pz<)fAC&-K#Q#u%?0JiAL6S(AsVes z-3yGFc-h>U_@kIvmDVbQnc?1&Pan&kWg$$WD}g1cDa56UFWS;3Y@Ef>ZyG9#&@MSL zRxuRW^yAuL(5QD>g?|nic}u5(_yn~kcETW!i>lUuA}Mu3NTX>Bj{R|m97XC7RjBG) z&r_cLcT|krP)-4GmOfWJ&^BdT%6&lI*9Vq64AQ7a8 zfxDd4x&lS77<|KIcQ{xG4H!b^TV=BwJyK^c5)A7m0w z`Y5^ka;-Kt*XR)*Rgkeza&P#qkAAmdZ$lIlr6TIE^iDK2&lT8ey{J7YHcxvYhqk5y zF4g5*R%r-C>Sh)~RfN1(x|QT8xO32Ip%pRI;>iP#ZpYEL9BXk#2aN~`T+arN0V8dIfUs1pBgv^=j@(IX&qb zR784pa3Zby(BfR~Yw@j58X=+kE`a1}- z4dWkd4umo&cm!XOmiJsGB%}-K4SE!!H1y!iGdZ4jX8|9u5VTd zA!O-`Ve4moG)#4n?e}J*>@&1FIND1DwcMkt#5)Zm1X?D&3FGW^3ptBY*q(>$GvP5I zGetbuX?bSEAiIi+N=g`2@2jSP3!iDHxhyRh+B9oV^HD|A4>#Q-$SjOt@90?BgXpv{ zp@9_~H)n;%vCs-Y-yYjU#d4X0Ug4S%rdAhyG_#<>No1FL@G2I+h(M%^)?{ihu-C8P zdkM8sSB_-d%jk$FE4xQ)ztvqG>5dKkh%8}gSRDMRzD4XCqm(HJrfG>GO_ z8nudZHZJoQP6Ll$3T^^^8`pKW&Jj)2b}M6&Nr^D8pjw@hoS&g>??1de17mvOhIr-j zNE=<#!V~2Z`?3tlciW<+@D-pko=?9Ujf%H!Odt^LUSghHG{V$$vhkC9U=x4e68jY6 zmA9?<@<_))__z5!iz_R)1D!_{3tQ72jXB3twcV556l#tK5_WbMr)vc@POlHnJ{=ie z?N;R%%xxaCKjNLcP^xcqI;;A^cexXbn$l&9UldT9FA_3U|5S>)4DmkYhmHS_va62E zYHPZHq_iL{-Q8W%jWm+d-6_%%N~3^CHv-Zf5+YsF4N7-+e(*ea@8ebPd%yqA57;wv z_L)6me~g?BJyv{K6Z|un0=tyApbgy^XFk8==#47&Lrc5akr$C=eJ9g!jkF3VaC-0MYJf6+gWE zllKSsvi;8fKViQck&-(R7G{u+oItgaUtqtV)Ie^) zXW%6LJs5~A{$cR1o4v@525~>AzzZg36oxu=d;153C^nVh_mF`hVC1%|no_MpG=`;OQ9RIPE0IT&~y#FW`f1;2B%lh3I!1lxTx2)rB)dv>Qn~T2-HOKFD zkANG)znB74o}0xFqPX=(Qy|&@BM~T&-sI8&k1DN|LeSiWbr@B*>B19Kqo&Q)a?llc=iFZ*>9%; za5@CIKuPvD z>lm;b-c8*9UdNyfM1Sxn|1|iQb^J4}9w_{F_w4?IXOQ%~@eDWt{Auv7odJD zJ^#TmNCMtC23A~P>ishKSH~df_M6iK-~`19__F06|Iz*a@BmnMcbW7XbAY4Z|Hm9i zVFmsC46p%$-W=%J;V!uV$qV{7Hz$5GYfuV3url67`;WEu$D;!%?H*XuSpNQZ?55ZP zP7F884unY$tjNE7(*i8QAj|HikL2zDoWPHJZcY5X&;QW`NQJ#Qb^_N52pRmZedafZ ze4zb1|36O4cRK@M-arTck~jdi|Lx#g@)z(Qo4@4dI9Wkb@?WT4H(Jr4a&tp!+BT0W zQ9VWr$A(PpY~rNtPO51k!J`)g(V3nRVy+0IL&jKOQfY9hSodc&)L$fEZ`qTL+i5O{ zx|B=X8}}w~vG87BUap?I6wW4O1qbiv=+S zeQg&<&rn#9EN|i^@b+y2-iHntw&@1G^ZDh$>G5HvhM2+2+_p4HnCMb$;c1)UzcfRW8s-EBgX+c{2UDg5Qm1 zQaU}ApW0^mXym)*jz&2YG=WoWzpr(2hcfKu`bTs(X0`oU{A-k#{@dndPf#RaJKy_` z%bw5cVo}msTlohy(7U3#PR#@u(?ZrF;YL~8<)vsAwe~HLa2LR0ZBoH<)MAi;W40GW z2|kwkUKfuQ@K z=^ZTbGx}&h=pM^SX>rj7Jk@{!bMNI4yA?r4iEZT)G*md#cL% z9kzVrlfv~eN*qztQ3h2a&C{p7NseLwdJcs9cO0fA$>Htk4q!} zK`-^Cn%*W_u%BOK(Cg745gjZsb#5o;b?aQPdu%90HX5(R%jw?GSQ!@L4%dse^|zGG zz~6JrJbCH1948&l2dmyEp=edyp02olSUgcXb57Ya_!w^6iK6_z5wf!SJBg*N(Ao{= z;j-|OuuuIFFK}>P29Ycl$*;gk$fht&K%qu$k50&0r+HUD7m*eQhq^DJAlRMx5>0VY zSSzaF+L$+^j;Tb|jplo_KKs7V^Zh6k;ft>lPxpridl(p2GNRB~J>&dU;yaD70@=h0 z#~58+h1%dNaNZ|QgJnVH%B|J?(DX4!HWhYXQkMqj>;)M!anPY)P+3#8M4opIqTASn zt^EM`3X+}n6Fyf|c*=mBp!a31$Bi$Do{v&{=mZn$`7p#wy1E(UIU-`kaN)u$g)ey* z9Jcm|^-Ts0t+Wb0dg*r0sVSroQ(-#5AV*U^bj0PWN(uM(1B|Eh9*nf#Qki-w{VSQ9 zUzmQxnHRqlry0Cwt`=L=QFU)80!3MGD7JF{;gITRHl=>Hl7Zzq_{$+A+N?-}=kdf} z-dVn~^cP*2keU#~YFEMhN`g=`KM!T?pO^jmwJuAId#r?QX(BS2({`6-KqZ&wcv>Fe z8no%I%dz--xzV#VkeXJ3%{ z*>~G0Jl~vHiojQQryrSXqf>vqc;wBfKMFG~vy+FS-I`%pYipRy1OC>I7~gRD9lyZ& zV)=I}rSvc3t7l5Ra-FplT!VayBjTC%Y);md8;=%dW-uEh3WZSU3u##TWjqU z1*@(COkw0pFC@HZgxN&WGIXouv!c4$nV~1P-o~dKk4r0I#D1FPlMbGPC_grO93oum zZ8?)_c=b_<@IW;$=Cq{T&nRfTh9_B(FL!C3{gZI%;z{k6EpOlQr^B(R_mem}<3W$3 zDvSF3EFx9KjrKc+?j=Vzca_w-elgi}t>P+IiYLe-gpH|I=`s1#Bsf#B*`im9+J(OMGW9SuLCOPH0N;OHMXzojeof4PVR;o!GRA zB&&@yydh)YCfN*nt%awR15mCSFT$9DP!;wg@z%1HxG12coX4pG4?cPjsY~La3XU5K zVAmU64Kqfxtc84 z*&bos;jsULv<-z&5T_NPY9%?mS(fiDx!+K0kQ?TStcIa|3Q0Rso!iL9eGgt48dHXs z=isUd_sP20!>?$^)F6kKUD%gD;GyeIGhth%jZv-!v!CZY(eSy=ab9^nmKy*Tdv_+fuO%eqsRC&h&b*4OuRqJ9uSWvx$ z{r4rm5Bkr~RkHK(R$#ySoaVrK4}H#u5$ok|(LVQjfZ4g~W-{U*HMT>Pc9 z5O$xeM(MIbOLtBEiAt4VQ8$c0$Q<3c3*tv77Pl&ecVesFXO5O1bHD|LvWeKtwc~d3 z7WU53CC!H{wLRTF%D3%mRHanI5KQN4uCWt7X?$ksm%G-Y3FVplTu~&F{XwYZ&S`#F zAe&?*Er*O;94Xz~=cBMLoj%j_9q0YpEP=z06DDbE++6zVq=5vQ9rI#=YN1d1;D)#dF zY6hNYD({T9d;VV+j}I*_x0Mf4M;yL4TQzZ74Id7AG*`K;?Ru9jiA?0+tn(VDzh_xp z(9hP7eXD~IMY2V*6r7bhZ-jL3ix0!-m+hL4Cd3_u&oC*Q-2U_NOd(k(3LfXNMHbaI zVxEkM%9&M?OWlO_DAeY}WR(=EF|wQfb~S@N6aE^hV|wpTKY^2vWvSJC?YEg%EE%_o z_hWwE6dcpmclhCy#0cWt`H-QjP?tJwc{rqD=$-52wtsa`%W%Bta;~q(OJS4laz%u% z1x?^;S92Cz30{S?1$@*Dq4)VcE~ zCVE{quh;&lLnIyyH;1YD^*n>QQX&38Zm`zC6o0s96u7=mj36(1>U&K03;+)~3qe7^?rc^M~bI~bBGc=A` zX2Gn(Km<6<Km&m!LEZZ#_j&j zj3&rI+lw5d;^tealTx|YyF1a=B`-E%7iMGB;eC$Zf8Z`@+pd3Qqw3bGWHk5S*t^$I zsdY)^^&8jbSYajz8WA+I@MH=_r!7mQdDQQ)MYcA^}(G2?@ljK;l=WL8T=%?D1VP+zWu zb2u2~sBQDEe7?Z?jj_02-_crr2)ITePI_4-RRl86uwr7(1VaxA7oY2Nw+*~sfYD{D zq~({g>mpsY9=mz5gCyO@ZRJNY4-~(^fTvLhjztTzXTH?#@2Slk;8aw7&1_G_Yj}ML zv0|O_*ggQSLx+b-{=gc0|vl?5N$1j(e}05VUyQKiUlBNsjk5 zH1IY|XwQ=QjKV`OaE~9TQ1Co)o#Dp3rak&p^=PYLuzq@=zSZ?@^wFXLtm{{#NulO; zw6naWd{&IUFx=JM1by{oMF)*`%o1-Z3r4oZ#RSTUEEV!T4a@fQ~n8$_d+P$=~IB z=IbND>@s|2EyMP~zX2+&C>3)+d-J7 zyT`xCkOup5Wk@}f#Tb9J*f4#*&n5TVbTK~;j$t~q8It81_K^&y z;g;lv6_I0lrAXQw3E2-HHgOfGC~!iR7uG8u()lV{z6rEMBxDLmuVAKy(;|LG<*7y@ z)IxRye-zM{9%w99V8OcHifCy5N#@m#+{e+O2}OS$D>55f%TI4e9}99uAj1#3c+Uu% z!>xdK7b8)RR1oJQ($b<9#C2pfJ$&Sm1#f2R1pN&`ZP@h8=M-EjU(ZE^^pm$S7(U9W zCVFrMrz3~x*y-k#F1DfhAc~K9U6@6-^ zd5n9q?&Rto`ZPRI95F_e#oE+9#vzd^&tFOJaTYbf==b7&$!a+~MsNzkL^a_qNYVI4 zC5$UhrWL0zU(L3a^?P*AoVlfo2+6@zUBPgnhftb}TEcJgp7z6wwfi&K#Lu1gk;q;X ziOJP_;X4jDPydx*_Dv)I}1J}SZq|Yw-eQ^ zp;GT2aem-^;!h(@vA|4&Dk+3-X?UhDdxpd&!DPidqEdkR$=&ag&UA%A!0T+)?YdH4 z?YvuDyF*;RTf9asbgf3pY+N0$%^mxMuyw45b^`;wLs_c4a-{*14zVt_BE*@o_B92POE$`L z{OznLCa0XdZxm;(b{A9wBShd0D0T8b;gh5DC8dtya0H&r9|J#hiQ0MSsYOMh|Cn$;!-$~zl7-Z5ZBWpZinSn8r z$ZE8gkNA?quGFurWe&S7(fRHrOBbftlsBf#xRQ?w zKv_+CLx?2}DUINQPN#R-fe+t-M=ia_<`9n3PH!TwZuu#Vyw*;j7s2qJmbJWgyV2W$ zG5-@PFNU@dbxQcRUBgwYjAsIHDXr1Rtd|U*6CG9p-S|AMfQDqtV-MI1A>%se|j2&K-pQ1P5 z=^so^Sn0IbWJi3I|7_@<{B$bXWtaGg-Ez?!Js5jU_W`-*>tpmw9P|}7%80D~aIwdg zNKlSqOWdjj5kZg2Px5T9sb{f5VBTk>xoMePW(iq|5lUR*J-|G6hjOMRHdcY|i9@)b z7|=J!VmfLR(Yu2^1xC269KN{oWJK;WFVmDuKcn5cg2U0U3|bZ%r9`cS$fnCwyV+iF zj?9sf25DxdT`bo1w?N8G5w+L&{s$`eOJ~bAuu0h3kQ`}{(3wN5R;y;MqlrBRB9?cW zz!VXrv|K10X|%kklSkkMknTuuKIQ=yT5vw(Yd2oY=r7YoC{IUo6`@YzI4Imin)Mg96vQ z%*N^A<>F9u3AM|Wk*~`TTAVuzuX!B9iv4N;mx>j0o~YE8e_Y+^0<-$e(vz13ED50+ zXAE-88=3jD9O89wSwH`KnmHoXk>?n>PzsX>@WqkgAFL5bv}jw}X&z`#rx+j5Ju87e zjzLj+k@T=8SomG?C)1Tq=g2-7rZ`>{=3qkC60a09C&fpk#_cm>dFD-?EUY5cGG=|5 zgKtb;&f>ox#mJ$IYgwkzJkCa^(R6vYzEI4l8%l~F?8N7T-_A3(Ygyu{P8;ZxO6zJa z$-2$R;9mWmuyJqBC6esqlqtX`vCf(OiGGKjh#JXF=Vx&CUIm);1!|hN>{lqZ-Q#|) zFr7?aT63Qx>tR0-gU9dcXxhkx>!T=NIe$674k4vpaO5G1@7_3X#iPhRI+(Yi+$ZSIYXV5IPRR=P@d6nyVd5 zh|&g?BqQyD@23Z|-kTY1vS$2et!G>$P<)blQ=4kmsJW<;P#p^zVM%EhJtC?&UT-nt&;8<@T50A&|Rh^v-9?s?=o7ijz ze!rR(p#P>;Ze?(h#n^Y&IW+Hsyrsb2c|LnV+z18^6ZrIZz zHGm{_)5!9tXm80Re?8xyCj`hH?Q8;CoGJol6Ch1;3j+h0k++fk zIsyNjL=ar=AJEkAVc?(iPyU91e~5Z;0)-s_Gr`FQfP{a6fqzmz0Wt9d1_tUK{Huvy z6i@Jx!C%ktchDBV{$Fbp$bq_>^`Dp3Z}b{C zK}Ah&JOeRM5LWBIdj?6@o527U+1-Qx51v6X@MbWuv;foRm%+c(CBPH@`<{VV;2#G6 zQkMX0=x*?DfLox<6emzx?B`H^4+I0&;lJ1e@cRBg_CS!}-^B-DrTstb{iJ;Y!b$@m znV>faf-K*)4F(oCARPX8D*OXl2GvLT$NK#vv<%wj6j14YW~Bk?LpO^D$cnyOhkucG zK-sLox_vkOzcY0wbi)bUY5v_5NJ9U{)Q_&ZoFH9wIq&4j{=u;Y?j3)Q3MguHbAuq= zb^mAzq}={RdI0WCpil2M0^MI$%1=TnHwvG(OuD;`?U%v7tdyT+Q-CZp;O_X#*k2uk zWbqH0#~;T2;ulmtMVb&;4uRYA|Mm;|4TCfxaP9qJ?5}=rGwkl6-Kq6(0?!Bk!S7G> z1Yj-v!`NT_g5=$wIRuO4Y(5a42S z!g!)OZSaqa-&$fo?XTy&Pb$cLziPolm>PZ5n>eYh9j=rur+a;N^*z4!T_OHWKe_@N z>-zK29Z|b`oLCS6M33?6>yl$x2KFg)VP$Co`+0o*}EiL zk1y!2>{Nvk*%kpOwAmF{Dy3MQ`E ziLg{Cf4F%Nj&_17^nt-BKEtcyVF1&KPGVCO+y(|eoc0t>%ZF2CbmIY1NhAl;on2of zq30WzS?vbrkOyBUiOVH&)Fm3R6t^B{Pnv7h6E+1uPtH_)jQoIO`6XjG*2PVmR&y8_ zy7EEAbzc#T?UlBW9HoQ`m12KFF@$fB#2Az4r16p$kKZjC4b(`yVUm9B{bg;5(hTdf zV^QCN{s3gU=Htrz0HM!;V$NM|I37M$8t-{mu%Jb2>B9WcMhjct=zX@sM|*Ta0XNO* zKX63Jr?-=>^)Z6>jGmg$yKWQ0ljR|)|3suSbp)dY)0Z{G=subD6y7Y{w~myRV|GZV z8O=mk7~KId!{?TqvFF}L-NK^YEvZ<&(inSY2L+lae9+WH+e z>743vmQgx3TrmXP=h5XSJ^WreC((B3JU23>mTVu~F@15U*cuz?=zQ%!4y)tzNBq1c zDK2D65Gm-Q`BI#2_Do8$Edd+@a#=%O*mEHy8;0skV*cD3b}vd(BVl{H%bldY zdv0k+ZRpTGwxKc|$7Y^Qcasb|YNsI=fk~|A&0Y%geGxA}<_T5*KIe#<)P@R+FQ>K4 zqW^s!MLWqvy(6APAXiB>i`aaeyShLNig&Vx2f=m=o`>6!6m`#3O)cMnrMoPlBuC4hn zoD?O9^H>EAQuI=`GwV;-JgLqj=q388Ap&gYE}XWVYxB~WHiEpuYenku_yQ^8%Z5ba za6YZyPjoSXi5iM=ZjmAie%n|XIP|hY|0M!pg&MLUT}^UnC&nlEH8+DMk@E$ouSL;F zv27@BuT)8k_jrOy5ljj#a7Ut-ls%#MI*B?@k!U3a@v7ta*rXG&@*Rv2&S~SGr;EU6 z?2}H^bG%eaAgN|aRH-#uh*weDJc{@bi_~K5To0SY2Q4yf=r8xC!$i!GaT?3X&Er`k zOvq$+;6SDc^9TpTKq%RX!{+2-M2%JK^~pV~vucDX?rw-dT!+!Ffr*bVD=12GC$xDo zUqPW;U>rsfh@aCt9okF)X8?~a%6wsq?tCGl2YZH(I_?-$A^&+smfatyAz z#ToApKH84kf@yTaNAfq3KDq~Agi6zO^+wpxreAl?-=NT7zs3R5G5pDTV>*q-JOe)G zBM17=iwPPMhcqYz67JuEHK7kg&*xC`SRPWZ3t?guR-s@ve9JET=$I6^WJltqt+W4p z|G3tGH(8po3K4qb*~mb5`FHb{jkcjyRB(sy7pwFpW2u_F{%nE`b-A7>I$6Vr4L87_ zJDl0mRrl!)r+ss0?V>HB^48YV`OUbrnn29aj<}dlc`6wi{WZ)Z8HHQDa#K3=blQmQ z`#tEbXEfPW`EhN{n;+8?6J$xmg_X#B@t%A50=YVTVRbn$ExlvmY#q3(Kl zDl5DcexuqY(YY3r0q0RRUIV%FdT9+MaN4LKDiGv@jw6(Nl<2qTJHKXP%cCIeEtz z=g4&qs^2gd%16u`M9hoyI&MBqv{P&Peh`>Brp9c2HD(z1NU{yzW3prbb}a3*`9RIY z0P3xzaLDlbB@ z55{T&1%5luIdM(=d<7^QM4j#4Jz(#P^l`*vn$nC2M*IrCChmh-$i<9&%5T_zce;4l ziDa;(Ij!3-Iv|tGjxls9-W<#ECORUXmqFy zv@sN)MmH1TuQ-pK6B45Lq33Lpw+eC#a+8v#`BrJs_k?ODs}nsxoQ*bk`b%dY&XGBa zGI-dcg}v>YV(pN{(Q`$wfG;Q$sxLm+kb-fWYSmhxC6D)|e)jMgS=&G_@>C_*r!G;S zxV>b|sC!BE@vhS(W1gubEW3S-h`HN6mWfRM=xOl?WU?K_yl6e@h6&N$`HktThb$!> zg;y`rL(9$?ip{tBUX%>CEpt+!HYcPSR>1`)6S(po#9h2( z4zYH%g|DK?zrPJPuA=Yl#(>5UrLahrn_Zp1W6kqe?4p$MhQ%wc&p(GU5{r)jtHi2? zH}3a&zOAs3PS;BCL%L!_aYSXq19syp_LOkMuVn#=Y{Hfr^Sofi9u3zhEXNiX$KhqI zeX9)wg*=tle3!?}h#yzOT_h74GR4~6j5a1bB%T4$6j@!gl#=|apFo?jZ1SR~q>&9=Crnc0~g#fm?m+}fdDoD*0r zBrsfIbQaLBFxnJ!tX_F3K@eP`)JNSyLoO!9EYw{L58I@3g91M2qJ`5{Jz2%1M6qGHo$ zzVn?Y(s}3w{OiULEmhO9y#t$)USt>S6PEGDhZ5+^A6ZfA@LMS;2~04#JE2P8@lUC{ zVQi0Iv*Gr%ofZoXqc!DDq2Uq8;0q#`YTOH{bMi+?vojMI`4TeMC%VbEyU}UG^L{h> zX$N0I3_(NJMo~1B!e~Sd&dYUrmp4|Ly_n;c(?fJyLRji}drxr$@yhyE=LWc_vi8e0`)q?NJy`L3?^*fxGO7?hjfXOY9~HNL>G6~a-+`}L2$qmhKmL}#wk#%8 z`m+$mQYwsMP)X$V93Q7P9XmSqMmOKOGI=_S5i%+-SuiiKGc zHWLRPMH0VB=s2>)U>Hi8@~q5N*6Lc7!Uc|JT(}NtP|U|o(EO||R2;7%oOWQB(H?Zt zVXD@VJi)+-FKQN}7C?RNO|d+KRJzn*#m6u9T;SE2Y^<~AZhxMD+VjbdLup6T;`MAb zPE9h0dYm>}?hpbar|SHOc@k9p$APIbzRH8bnh|+YRu9v|Ym%-h#iQh7M4kkY34DSNY~99zRws{%o57L)tR3O84-+{Q2-1hGQ`eoye4< zvYWE@w3S@qxS34Em}it1hi|U7^y85OqNNnd_G$uapV?qhC^@zdgiv-V+tW(6yXTK{ zb|hri^vl0GGd1oJ9@9L;9u((zlH?f_bbmssq05JBt`^_Z;Ml1`*H>jrvvLrzO@=hN zzPjX0KCTMq$mkJr@pv7pWm*2B;CyxhZdV;F9lh2Irmyzcj9;P@z>(~QQkMg8sM{g< zVu|0{+gEsWfbSRGmtsP0lI?CkWu-dM)vkT*=FxeXS1GUa$+P;!-a*gScxiT_uIG!= zc$dE9hN{;$?8a$wc>xXbzE|+iO&+Boeu~0+uFL%egVk};mvP-k78z{7ft1*B1KlaX zNO9_jjGd_|OfGPVCDfre-czE8@ac)g3qno7o{npmPDZ`fgYjrJ51g-ZS-=Ccs zobN)$vG+6<&oud7S9v}McZU_9r7stghE#c9e4LU?K(eqs+xBToskDo3mpwnYhv{lp z+suD^u#F=p#y&YpwyfD@Uro+Y3~k9%Dlt;N(O3md&n&oFx}rJOQr7-M20f+Qmx8pk zJaoO++KGvQbI|2M_VwvsX_xsLg4tqVND=rFY0Z1*dTn=}h(K@hXJX*iFuIbx(;|N2 zGN;&fKUYpd88c)|7{X`wMHB8v>FT{WlBs(0Ll<+qCWhc%G)(h;Q;y^26&9o~dMG@P zwab*Xx!hoPRN0;=C_q2O4f9jUAjjs=kw16pp^pD9xW=O7$ZtONO#*F0UqH5U$TKii ztddK6fW69d>a@wjx-(H`TZwMJH(98f_AT9KzDyUs0cWz06r7o#BU1^qpW#)*6rC$b&5^5UX$Y!5xJLBkHKD>w28gKGeP!0Qn?>=3+MrPeqd>xC&yCS2K zbM1U$ON_+Bi#XeFI3glc)MJbRz1?vphN&#g(}H=Ffns`zEvsEm{dX$CMv23oLYBQD z`TiF2&D0wPB^>;XlF1=PU`}&tF(hdZg z2n7b-MY$dtnfL{#=fiju)C>KaHWFhQ&~u~iQdC51ISVBD_%Dh(Rj<|^akUQNR8!we z`hRwC7wQVugnFYnO*xQ?WI;YEn-=mk1E)ONxHc2H*cd;|*-ywcFqY^mu}%hbdXY^E zdeuf;rd-<46by~4qe^FP`aEn#tI(p`z-Q?~-OA=Fc%&y5eNr4(I9q#Q81~=;kZ&jt z%J)obX4_pCq*aFf)e&D!eUsYbVL6_W9X70fz7<0-;=j$uVOLU|(lXQGbiY8-Ab(16 z9>rw&335dy6IEXNJEc{v9PNCwA)nn#ysjg(`%V1rNt{aewAhy|1cN=MF!~8UU~+$N zUd!NgXjco(emIsYTlSPHkC_XGUGyG0Wkqpsjpu>Et`>smsxi~_)2JsJ{OQ~b>ES^# zH0T*0sv$AX(O?v3?wuRZTFydHbO+$s$A<8Gk@0;L+W0#8?FyOZ%ey+?5~L@{E{gNU zZ>=6@J2cP+J8KCs#E=d~V>x_BFQo>1%3|(ru8f=phWWt~#@fU30XdCiq$4)@sn!Gk zFEfv=)U7Nv!TTz!=oDTY9(Cl6GPuYm)sOSNI664&vaxY)-A)qlvO^=Ncco#rl9Aaj z3Kob-<>28#_6XS%AlgJqBd5;ydChEXkFQME@~&?|&GluSAWAdXxlXf|Cb!Zdbx+!w zBDu?!d|s1-zu#DNi)(z+S|7^%~_Ab@L$>3UdEze3k4Cht-{=<7Tkx!!zDhm1NASlmKh?;~^o=X## zm2SKV{Vc<}26MDstgYfazFEHj0ZFB>?N~WkkgK$uU~XvNwStwIpXdg8^!kkc)qFyr z;ahYUms}?!RR3BUDb?S>FE{BI0H?kz+>4-PMiLAoLuS}eTW@1&jeH4Y{}1I-|B6o z;E~ih6Tw+B0{Z0bwn*XV#0FRz_OUG|mtVu8Y~juqsa4g`J`DUo-TkHCE>_Qx@M2G^ zrRq>aa-sg6OzINX>!h$AAr?A*iX*D%DuuSA$$d{c7etfGZ`ea2C+SOADC8)DiBygT z0%{7xIfcwE7lctTIXL58Tx{T5{!}I3W^&rsa7b|TdqP@mX;6Kiyl--`Og9{vIo;`( zyT=wj#vU+flIc3rOra>s7}HpFKj$J!Owy;#xE+g__1p^#vX??KeYvh9`~BPq!qd#j zkK>E1p(yOqQk}8K2w!-{y%Mc@^~Wg`5BK9~Oj~nlOd0b$ED)=}P-McTkPgcDi z{q0PPDm{XewkgQ2f4gVFDFNDAWmqOF!R#A}$q*kp+gMtja9S7iXNU)oh69*cTAU+> zDj)kwEU{MO(cqP4eNv(&>Oni-$m3;)p2kj&D z3O;5UdDjBX`re8m)afQX^xYB&on!tLnJj+FMi0s;)yOd0Fb7Pu84~I z63qDBq;!L{TK!5rSQKz?l@&E9kD69Or<7U>dZ)RBbD78^Rh{y<8%nk55t50$;eSIiGJ}(c5f)UOe;s z5)lP$cGkMbz-zpzNC^~zKRg_QD%*7F8agIA!0$T-O?GdbMzLAeU{!7 z9M`x#aK)l@qy0HUJ}EQzU;{I->cQQ`SWIIP$e%F<;m6eIaEak%QZ%&wV`QZIo5|b>V|UNStSsS;H9xH&N&RnB)VW031;RCo zaI5>!&t8v>VuPDi$QX0>=?kBKEvY6NOp&MCG5pkuR3qO)6eUL)WnRnsRxOZF^0@Ew z;t9LfR>AirW5w*K$k46*Hz+%(+vl0e?tYQ+=u5A&vfk>!;3}kyd+cjo$T7RusN*qx zPG2}Jc&wTKvLZ_E2yTKc6jwzNb}>;%gHyAkL+HK%?)yyvCP&#msy&9|0)3TbEJEO`UlZs*r$SOGyQVA)l2tn zpVd_&iw7&+J16YeKPT;|=gg0I!;X5}s4?px}=CX@Y7_d4jnXbo^$DMi_V%~CJ zW-4-L+_#?kNaw<>tv$i8(l&hfxe5KddmPNKJMs17NquOng7lny!H`SS&Y`*}Xda`j z3YYjlB!S8zwPPjVQqjeDg;6?G=N0HdP_N)ZJH;8`wEv1@9c8v6^!0r+Y*X`2{}U88 zZ$~G0URXawR*&=Oh6|J+cOL$Ww}ZAWFP!*Ju;>}Wy{vTF>n9!E(*0%*)`pknPA_ZY zds<5K1h$aWnx}V*s$H28)J6+!JZI~ws(6u_cl*>1i=h1I5}Hl5gI#L+`OVw1k$aOH z;2;7DALL7WHMmvuC&dRR+gJzo(C|8KvrkC6=(`ke(I=d(?s85g$np zxU>uNFIVt(Gw5E>HG+NYN*Vku*%MTh@OK;_pkNCqzu*VY?e`odP7n^s@9Y8i3e0!3 zNC0i{f7k=z?ES_bfTF|MfZ*J&8|KM$bN)H0qPC&9L zP_gJoH((YvfXdY!1q{HY`lm1@=TDM^070C;wU2=6Fu%9*6C)K=l<-CxgbTm{x?z%X z0eM@u7l5h0y|`m(a^1Cry7|dpOx?dc-8=>(1IM3c6J!nCdicT6x|KOBz0Xe0&Ke^3(fI!f{xdK@px2}M?R5zo6-09nkA2;(u0)-1GfpYt+|8z4T zE9TY%^N%?J3fSD30d!fuy$7HY((MHx^xF%7a?5R|{M$W%tf5;EKeQdWfZC2XW*C3m z15hyX_9s8)?Qa#zKYIXL1m(zqu$^zBXa14Pw}IRxAmA?lnSj8E?hM_mPcC3PbOr#i znS_0>Tgbi>(b5Ui=RcfDmnOC+Dsn03PX&gaE3v-u@CW*LO7pIPX8RwSmL$Zs;Fu z&)>4Oxd1Y)KW5;DYJEd*zV-d1;XD^W2o9*Y#RW{8f3mf?0O5g}-~gKV5k81^;U7(a zWb^G5{)pm^9m)k1y#?I(pG*J*a_^$J(GUVq3-2cE=al*l4-;tr@44Y0U_$rIoWeQ-a6}JYV&5e3Fagn-c9?t@54uQb(2?U zo`{pWF!_74UdYa4Ge{cm5O>FYG$tF zhq}#KwSLt|#QPLV|84$wayHp&$W#`O-ED{(ak612@vUr`OB{r5MN zSNoPpk~!msX8HXEEMNSdAoMG-Lkd`3$Jq_Nnup$b?KT$M|20TmO*v!!LtWPs4)Fwe zKi}brGTfGGPlTD}T47swism<_$8urx%#atRZ%IPPt&n#s`{78~ogF=)J>Swc<-H|? zNhtO42{{{^aOXUkf9rklFwicHYodZPTZCewBcs_Wi_Ua1NZ?eCXa0#-n8or3dSdAQ z5jPn&x^F~_?mKUL^$MS&J}ZPP=GW*6r(g36KNJzAP>jnolc7T7k7eqly=U)GQ)Ua{ zxKI}F4qx&;gf%S1HZmRU{Y3FALlG%w z_nw?BtoEb#s*1KB&Ba_+v&6TjwCY7`Jmqm9z%YXsz6HDp4r52u>zS#MbePFpl6?!u z0X2=loGv@4r3$wP6$HyzpmHxvVji0?bDX=7D>78^k>W(n`v`1Iu7el{;ou0?KqVSM zv|9Y<0)A1^ve+eD<=Z~hqfx97>cDK^^+aDJ!y^_vRQCu z95oc`_N7JGrOGern2A}gG0RQ*hQc*p91)Xb`U{g}WHJcTCc@9LzVKDb34V1y%aHL& zW}!q6y!Dea5+}@(#W}<2Pf}>v(mLNhT0nJ;p-xDOioga-g^PB7cDvSm$TXTkVCX8Q z7!wqW{Wfl$$5#td)*AL`;Z51s&6zxIrv;7_8@sSeEjVVnmEPBA7R8U2Cf`lyVPNJ# zA(_iK%YF9K@R8IGZk#}sZa&N5^q`hY4jOEul#?djPvI_ij4jm`NqZmvwI=m`)IcA( zdfu~3OJ@_NbGH{qhn2dBCYWAWN&KHqj`D1D1R<08UR*)U@Xg+b7Syr{RCO+kOPLT& zw7^$+^oia))!}KE*L;mC7wiT7wcqjspScVo|g z^WNY4u*uD`R#NYGiT{qWZfJqe-{F#6?Wi$`SfmxRE7X@Pe5ALK-Zq?VNg@3+?S(PS}ce*4X6~!gJM;vjH1$=CX6ZE(ehPB{osA70ei4u zR#|haj9U59IZWVowwvfiDwnOEb@imzPV7@|ta#HiO_dIN-y*~rW~b{+s8^GuV0wam zTFr1EWb$6CD{GU6(?~p09giQ{sSGga8iUEjJ?M49r=sxPT$43|D`_P0prKu#sPs1m z7ux$k+v`@M17DP<9m1vK))DNW%u)PEwwSn8Chx1>6C%`&=7#fw7kg(o^ZK1c4%d7{ z1BP}JyZz@??2Z@`C4`Tb%3S52P@C6nx0JmdSE$xmRT$ABD4pz;nyH`gPZ1AvPA)`z z1@T^PFF?^H{4}CSkbIcs|R2ndRs_DOd-+|71P#{-^HFwX)Q{6`s$vT{T zIEEh$Y$)rglLrB<)caf~6-=U)t!GpUFpny~5Gk{9*RK_ZK3z%prV_?7r;dQp5>tOZ zfoyF?Q8)QFTq2?vxN|rF-cvrBgz>LmKIl?hpYf3F+<<1VIp_8w8|5LJ2`p zN)f+hckx?9U;Xd?R%hnK%-qX)o-+eKp4HMDXhA^8XC@QjJ{)wtH6ht{@q=&ETlsdf zrjlF!=tsmi9unGhSKtQ(>6i*z;vIz2=%K*DE+&t|wd(c@+<&wASXZ^U(`H`3GlU_~U^h1Jd z_wimrhxR}rEtmI*0xpWJ8FzD<0tHX&aY0Jt=hug`p5>V$;2sL4?%l#M<@Yb z=Sde@)4QWN32sA}R+)7ErQ{;cdBrD#8RY3x8TX2H4M+oniO4;w! zEnS};rTKs?x-m*=5;L{Bm*BYcuDdgn>M#XwXT0m7%7TVKd@;@_O0ct~bzCU9Q%9DC z7!wBp(Ua1*)&s(RZP7itQJ=3PA=Yb?5@ts;9BN^}i%g+!rtBl&Oh$jYBc40&YJt>aY`A;wDypEZ)2yG_w$gCM!<&J_xp%X{@iJ zQ-Yqjb;eO;lmiYyCI8@=R9jrDbJpR^P!NExoP21EbG~H?6`Fs_@kN&F*U?$Y`Om1+Fw1xV^Yv@8chmx5;Cy z(0)%siR^G%5`K^Jfp^-IZ&cLt@-jucFhaFn$T=!=E!u8ZIop^j5II|f6ixFw%Bg6n zA1axDt*ai;9Y78%%taB#Pqfy+>@OD<%+`9kM5lsH{KI zc3XGb2x4X%W6<~+(0=RMoFDuq#pV~*LsC>ii7oJn%SBeaP2FbuA-(ClVEYez3T)Y@ zx65DYY10I}+(eF!J^*GPjn_Do^69Zx&9FoHBWWKzZI0l3_9>jZP_hZVuK7z1>T6Y* z(oshO0gTNnGDax^)27#=0R133G-MT_dU+&c?QLF zD}sfmdxplsFzLht@XtJO;;M~&2p7%!%*C><#PlBDgcEj*)R^gJGgH1#<+Av)+xcZA z39i6&cf!;Vr64A6WRtJ9(iA<*(;CsDFNEJpi@K(`k~iq9gvvs)7nGLJ%MPuLySMcF zQ6~MT>|RIJ=m+LftlS?p!mXHkT9m(W8|&M3jxft_*IvCMn`1$Hu}UM^#C;7xs?htP z;1dzockl42QVF7(H?`Yg<`fiIAM$FOtM=QegI&2h+uXx@~M-_0`=2o#O^F&G74*~;9*+F6R{+|&b=Y@LRr|;_R8VA5cM&G_Tk!(8${j~m5Z6>Y`jyr zLHd#6x6HrbY#Y5DUs|)Xa>%+BeiT?J)-xyX*>^nQ(1Kd{ey?pHYm-tEBcGjW*$JCPOh(*tfl%edg4Sz#QMWEadKtH;rSj z#m$$4^2w8r29sSW@C@@KrqYk@NEe5N4VBpzmJDdgovy&NOs)ZhME7M=`N}gKQ^$}V z)1|NJYi!|_vD@`@&SY+l6=FVW9DY=ayB0F`_EB+CX#+)ZB-aAbN;l69+oOS^{5^$- zm5DE>h8|*)8=iUu?H|g|`PE^~?)jYDCBL_$ud%X8dhy-gPj>X`%%P~Y?0q! zlvgXOOn^CC{zH*i-SZ{%!slg7FFz3X_;Fj;Gzdi&aHLLdbH_DRU8`S5Y^tJ#o7Vr zlS2u&@=!voAEk+lYR~^N`@Nu#hId-a=I~JVwaxZx+U+*H?3O~Ed!M>Fr6%7z*p2;Y zk{rq_NHe!#uXHUBb7!TmIh0BKW*rQhv&7f(5Z|j6UP0Sr;>28!3wU-)evn?DAj|T> z47Z2%G`k# zM|x>u@wh0=?5nhK%sdjy^2dIUB?CGs0^20l7b}Od4X7%jj*oWOvR3e(!#?+ZOCD1| z|0?10rhY>}eV9kN79Pg)ht%nEts}4HhX5sdW^KsEfkPG(d@@g@26L5cQd+N$Om;8t z3?%iWH(=2zWM<%`nTNJNT;qJEh4)nFFzwrWtOOmm09E+Zv28eVTN8^SCR`JZ_7Z$T zxOnnz3L3RO)}WH>;U27s<0N@)Px*|M+1D<1f!mxyW9UOL}fQ=ISyeg3H_qk?cf)9A5UQ3TnO^3*zKRSg{SC-HGr8JGe| z^(+n6Xcl%R{z#6AS@!Zb;(Pct;_fs#65VyBIt`OdfWtvgYpRxoo72#MQ+4+@$*m0V zQ%uclzkQ>}VDebmD3IW3K=brqK>=@mt3a@@#N>D164E4KYgv^yWXASkhI|AEtdd zn0>UH8}U31op0b_Qq9J4(^V@qJOaEUVq|zG(zqb@2Cevkl+T|c7m!WcNpg#2SFt!M zWtTtsSm&8WJriZidw6igJ0nQBdqnX5_fuP+#>R&zTnuoSiKFmU{p$HIw@PQ;+J@nL zLR1cjZA{)v_*}Z|g{NGNd>8G`R4Hpl$A~z&lmmuu__aaV0yx7DYP6V?g&Ev=SomA~ zT&I)-9BcwcI=zIrNu6XZ#LdDlg=dee-xHfG*9=D?!gjxWKovkkN%n!1THQGo#!nOb z=1pO2RPVFI?FUTUBWH>G6Dxl-y~yxm(t3Hla8(3W8G1>MuYsbg4Q66X?86}(NQE8L zUxYMaiK77ay~nSvGB^+8JrhJ-I*KW{;ZgC99trOn>_dEpX&zx@n7IMiDtiiqMK^Nq zPYLL)=Bxv&N?Y$4>G9VL%d43l0MocurpnBF2!k5oIp$=`&OTL58 zlmEdobc2!elJ9>KzGNA?u?SQ(en<-%5I_nB5TKwpNbeH}Eb_~d@I~wmj8H(1gC*_F zWbMt&?OiB2*;%>IU^;Udb1Mr=7a(@V%E|j%Xb_C|KomfMcW1DIF7Pay9b8_A58OrT z;#e+}*Wm}@MbL_XT`10L&YX9o_??yuxCsbrx}XFaO9U3K;Rm-rIq!D&+i_jg2<5Aw z`9YP!p#*ok`v)aZp8FFwfpp9H`<$RW7X&JS;gB=z0^HiK0?tAK)_ z!TSK+?1UfGM&t}+gzB5}M^#X;1Q3z~6>Whm+(ifdT^<4Hhb$jZ7=+;eN%&GUgC_ic zVG!yD*}H$R4CRSH%N(He2j2Kg!j~;Wc_6TM2Z$E|ai2@Vzn0Jd@9_VJ4eECCC*jMM zp>yXsciBn!PvpQ$RN-$^nbd<9sonykiq?$fPg4B*Lea0VRT?szhw`AA@QHH z>HF-^#2ceLzjg6Gvv(;;NZUqdC%GdA#a~|nhz+&7BFi%Dqiqr zp>WWM(q{$0EKp+ST#w~3?@^t^Y7x)z_9?kHF~M28%4oJq`7x-jBW0&#Q=m}kPNuJC zt>59n-t+H3$a`aYTKNa50W!P)#~@f%p)qY2VIsfj8b!lQ}I)!=+{@h;IE7Mp16JM#*57jzhA$Yxtcsnq09rsp|MDa z#DkAQ>KX6NYMj_7%J#Rp_uq^i2qNaDHF^tYVfg>8}Ts@C#=V)pb!iVgVpd_EY@kvIuwEo)xBd}iVZhJ$c;zmYM>AD9?@GXcq zWPxEJ#3@G%9Ew~~=yfKX{t3Cr9a%AxwnKf(4B7PjV-8$DSZJm~iPJTzZa>ac=@nN? zB)`5{lJ==fvWt1cqD~)EbvQ#tz)_N$gB{iJQO?vu<#s*-7Dv^aYN;BXj|LR-Ud0&n zFH(Q!mHpBD$XDT*tbFH5wOquuKC|JBj-B#OxTBnI6BXUiQ{wY1U@gRbyhHLM1}&Zl%i|&nr~ksgx~pJI{)M*hNT{LqAu7TNWwo#@$lV(sr@!K8k=A zy;m>7=8?jR=HT62@wZpkr$WA)w1jT1JG$9Ty6t~^s<5SAUtm_R;d|Iiv;$k#QEG;k zM6{}rE+)N{8}qW;l&%R|WS!5uB+c*|MPFlwTa(NW?VMz$eLuk0=)no57)FEp82qFU z@eZ$t2|gs982q95X(0f=%|w|Gj@u8zns8^zs>8A94liFsnQD`2cW+9EUbpd68Z*VP z7w%4?bkdA>pW%KK84-FdLlVvN`VMoK$$;8?x2(iP0`GgVFy|&u74~p)xP(9!3s%l@6%Bf>8kar6X zwV?nI^G5rKIy!KpEATzaD&_W&GL3I($Vi}GC?D@puHI;3$fTcuEgKI>R85f!H_vf4 zb(TSY*Sn+UXsMWAe*B4UV@!T}Okq8};`(R`d3UX-jvndM&LnzBSnGz&m((R{jc``B z<5Q%2)(qha5^)ihRSRacZ|^sgl~=Hr#e7;Gj*D-7RoH*Dh^;j{b*lwqC|@N?1)*~= z5$Dbafz*}Jh$~dOXw9pYfx`JunTceDWpUH=iRfkTk$BrbBxmE3%92aG!hWYMucFVs zcVDpmusP$+od#_U*VDPUNI*j9Tu!zErtomk_NR3^#uG&)CKc<}r|vX`OdnYJtyRQ} z&{ySnTF{Da-JraBAa&R7i)Gz4o;OA>v1fPjqS^*G3$TBvn98#}+S8tqDsn4%@2Z@X zTF1lk1P7NmHu#oGQAgy>fo8)!3(1`x^w1g1*8GT7{N|QY?9w$UR8xBHXzc2%$bcYV zQhj<&^Z0YA+JU#Dv!=zQG#^6o2(EM3bhS-p4HbVDN2AiSl2s9BRx~l$o5lCGH;(Q- zD4(k!ZhzCaMVZ*ZAd@FnLnF%g@{x}Qa_8MO6ms3vz{V1`(hdngJWp0{w02y}ol_>S z+sBF$B360%S(~38y(1Qg;u>n;s@Kwi>uiG~v=wXIT2K8J=%m==s9;WPdH2d2^o~$= zA4hBE2DwEmt*Kh0v3DHn;0`+?_M}V!J@Gh1Q`ktaQZx;BOobG2T z+q|9)7|!o+X@MCqBlI#Ze>apOXq^*x*DAvkS2=yiuU4AoI}#^@=B|mzie>F{^E!4w zlgEKI@6@zQ5|2x^lV?Sm%L_#DyWCdaQWI(^gJY!e>QSlW#G1Zli`i%G%jU&IH9Kps zg z3pLNAoqcqazNmrdy`G_$z9}B*0ywDhq{AK9@O^9Ib<-=eOkbt;YcQ(QwFRZt$~VtE zQF@~Uf@k41pP|N2k31+my>ajv-``f*6@R3ZO>Qe#m!OjZxiOjg{kQ281-b^sENlbc z3hPI;>dwN=$SjdRW>m2r)Nju%)6-0Jy;BpF8s*FHDRsDu+Y%vBESFk0S{^z#!RgD$ zmLzHJdP2zS6WA0fwkhYb=^Pb2GS7S~`9%-=pl9M?gv4R`Ud|ALfou_dOODY?u4An` zmAvypvLCQUnm0OL=y~Fye zCce?t#HAFgKI{n*_OQ=QY@Kn$5{kgPrWA7m``5UU(!C!y3hXO7Vb)(C!5QqBZ(njB zh^5mVo>F+>p3cg$>^F+`B@7hJ}M5hm^ zR_``?W#0>}z4kPNK{{PfxlsDC=d|I?=i1V}n;fV2heGVTwI4^W_VXVP8Mg4ZHaDG) z@SzAJ-w9w>0W7hobvY^&^|UI)BDgCDU4OAEQonmZajNK(xZP!kFna$*U^~nK;NbRl z2ni*8eZ0Is=@l&zs|QA_4@h4Q^~8FH{}8#OuRlLQZ4s)IzGjrtkze|JbE5RHo;_6L z##eRyt7Ou~Z*V;E0A6EBw`gn_aYR`4oo+hMG`?hTWD{sr1-o zF>^Ha!%6LX;-Pk$Om{*!5{kRtS3D3OS3C)VVpDU|bofBPSu`zo-EggIX|A)cH;RYT|>wp@Rb}f3@ zEJS9_P*FHI{)hfcDY3{u6f_*VZ3oqRj0JIXI`IH(0XbGe%`Gba#xe`{^Gwe!wyBXlr7>n#?%hbYxWAP3iI3 zvoira(2l2bU0&NyjEQur}Ooj|i(M^@^lrGDd z0l{*ZqIFpPd%klfcTKRBJT$+&FpQbf`8wfqBU*5qb-T@j*%3gZgvY!4l~W80GsKT> z+r32OrmMR&F+mshV}(_-gJj}(SrgoI`oe3l|Da{1o8IK}w!nx%Ve8;$vPt3KH z&sCxN*h90&<)fAc-E$J&d%RS3Ig)9JxDfc2&d=0Tr9|5J^0wZwiHis&_opG##O7I(OD=q`yb; zHn#RXKeH|ZtptJI06$iM+>b&^#XBeaJEpdNu4ZO7x7Ar>K87+JF+{=zhLY4RUp0VL z$Uqv|)^wDjh|)=v)a|YMoXx|%-%9pIAmZtYt<8FMIk&)Ti3DpVgv!);x+PMFi*!SG@r0 zcnXKrBsYIl=BAiQ<0tu2|Da7-|0q-SS?Z=X8s6*MbWQlN7_DnQNFOzB^l}GaSI=WD z=GPfE>Jc6CG*67qlC@&I#^zl0-Sqh}=RrDVk|URPP3*38<(|3;GT@`?3r!R}7#~Um zCMm+n_&xfzvXFYN*DZ`>!M9p*h9m?FisL`xJ_nYLD;{$cTD$qSHTltdw<{qPvIdIu zZJEB`Je?cA2Jy4}k@hPc@ zV(l`1j}w5$=T*obqL}TKiWVFrpOQY3{#E_>Ioun)DC9@&Ii4gPPOfx%O}oREgKnqV zE|?ZT+*c4C_8~T>2x>E&?bML?O-^J~#qX4)b)Ox?R9Hhh7#axZP0S@Wg^s_n<8)4O z(uNv)YUW@BAYT!Pt9!A8J+GAWS+G|TGm63L&D*v%?$6$RU)e=lD0QgcFb8T7zP<7W zj_L7o42;}Es@tBl>K(1A%tA8$+Sd^JV(`oroOnkqyPXQL3Wr8Er&|QG)5cK~bBete z4XW0f4VL(>+K=kV=x8Xa9fWs}`@vn2{oJP55a)P^LHTj%G-A)x=*Q#Xr&y^lB3hg5 zJPY0n+a{grI_x}rCGWilmvT5mKBy-$=znIue+6dN%}dG{~GE#$Qg0g%$RhSHIX>Jh~U{_;&FYj0l%?F)6EtUS{H+TCsb$i-P$H z-kP5!S<)RnX}y8lpM%?Tg+B_SEGnr-`#Ii8?;il=eWV2eHZP&0g?br|R+bat6%Igif zwH$BPYadO2*6aQ_x~}LLZn-;>)KfJFOGEGs0dba4N8^YJ#-=gkY3tigT{C|+kEbt1 zftUJc2P%1_q9nT~Qt$y4GIwwD(1i2pj7jv5kE5a=ZPvHGm}%a{?W{ChJW14lU(rjP zcFjCMY{9(nouTNx+Hpf3iVF9%)30}vpS;-oHuz1nzSZJtVdcHAr|ZM+(*F0_cqXeX zjjiP7+eNk__$Bx8ayO@TPYI1+oF15c|1E3|-M!&Ifo%2*KsI#8hW`}fxF~i8@|~Y+ zpIvW+zNW@Y$-xJ?E(JQA1RrMp9_fJY)NqC1`M7TQnb1UM)VtVqduj^F%sEKol?4@#6tp4v4g2LF&mKAaj_YA0ov_%2V>inJ;_=@v|9s313fo|vUPtXa-2-M)Y z_(8YR&P)9BLzVc4+#bDzdqB5nINMNe;D!Q+f8L3PAF310A65M7rNCi8Z|nJ8O>ixI z@cBFVF6-sdKw-YXZ2*Io(09Yn-TQYyEl59PHGnnr!Jy?IgfC$Upb7sJhFq}&@7=|~ z`mJRsPXrDde8uh$!j~;Wc_2_244;7A=N~LXc_2_2Omg{y@MX(TJOgN|$)%Wq!cREa zAscuW%MdQi&rSISKmlbL$eRA2YQn+G3S^dCVX}tov3jT|x3;7Rp6C8R((ARX&dL!|JlLjUGd2asA z*e+^>0^TlVF)(b;_xE8zXV&v9#sNvoe;omo_ns{d80!M10WjKi_8T}i10O(Klnd+r zOBRDJ`0!6z3}obdO@V_4dhuBb0^RLDgIvM02fH2ky8WfR0U92(3h*^uaEXL76;J^1 zpH%z`00V~smBqlI;+ZNC@#a5A1Ny&^(ExcH;D`n<+}|S_r2qfI;E4W%@TG_bP5A%9 zpm!i-@BYCulqdcqxJe#W`1;bqHE9tac$6J5aW^ADDxJn$#c2fXXRAj|ce90eU(gFk=B3 ze7um<_1ghm)C2Y2m)GUx0;WG;8U_vwr~~+Lw!%M^T*wi?Awa$7&!z&Y^a0Mtz}N+I zw0=qhS&u*0;5?Y3%HuKwEtF0Gj9DEL?~XUQRH74=4?xM)Gn(s)PU^&W8@E5(50?XX^Z~Rf7Hu z0nPzj76E7hQfq;i6I^Qn_zR?r1@Pf~R^S36f1AUFZxvpS^IhZs?;=n!q)G_z;d~B| zDj~pM{%HerUX7fJcr|a%Q?=s9MZY)FLSt1#sO#n(y5S_<9y3G z&bOT7e9Jk`x18hueF6VtA3(JvAfbIW2QbYNICKbi6ZmjGhx5JXINy5?@ZSGz4p5PM zW&u*a1NZ<50}jwEfoXsPT-f650kYE^pz;vECWc?*0lJ0+&;mQ8_zv&^;{EK9;yb`! zAW_Z^q2~a9`CaO{WZ_~=vqK1byzJn1l9a#)$SSd)ZxQ?X7O{i3=x?iZF{arerEz$H z<(9xXk{wbS2lxxbyV${{ae&4_eBHmU(#4ntoW}#;JRaE3j5WhkCh#*ziEAF8DBm7XZ$K zXCE3rS(DH&cc4|MmnldOFX-zNT&(BpJMOnSF1!puQ-OZ3L;r08WHAF54}2EE2`X>& z4+_s#|2GQ3gF351^A9?pVh!|q2c55+{e}DwvQSY3{7L|TV+Qz<0(^u-4d6U#fc!de zWC0))d0qgRDGikSKSlnh&0oGpK$;;l{fECIG4CVcxm4T>$yuAS6H}HR}fO2mr73ZlP08Z`ysp7X>f8dgxukZi4{(qbZ zXq_*w1%&Gl)CEct|2+z*w+i@=U@+Go=%{DQ3gP+#AO60qp#KXQ4VcIZ6a&40e)-J5 z#J+{7|0#QR`t(QHU;YdM{y!*Z1ru3;zk&AhAM8RWb5Q5VKgwRVd$vj^9hNm+XSR zQhv&w9dSTH>6c@h%ja~!sDyGe;GKy7lD%vfDj7nKCV_@QVRAO;pK1NKcA=6W8T>i~K7iujjE)S-EkEhVz$rqx(tpsAIsZsUmJnNrYw4)i$=I>-zilGt z>p%$)TO&p;(Lrg>uCjd_t&`I6g~&v5NkzsJeO4M;IT+FK)F&IdPXt_*_Isyz8}3!I z8Z5dM7SdT*?4C}ypq0RzKUYZ`3fg)hI(@Qts_4GA_cqzxuk}NQu;Beq&4OQN<2Kdb ziMfls-&r3VrO0%flD0_uqT|ZzCm=9w>yT~l98$?s`DuQg;;3-eyKQ3S$B#{ghQy7)5L{8xa~q*01qL@oyEn@NNLk+zKUj(-w7Pnnj>3&JyFupM zg)0R!pK?)?mY%dRo3-=KaR!kk7hUBOL(vnTB<_y&e8bDbx`WKw6f$5;hIS*M3*lYQ zp8Nw6T-117zN0AELe*2+ksj73Z{9PQqe| z)a<(2EEG;YnA~YPvhN+Dvy!NnIA@H~UcuV}l%F-=qM-w_ zN`|Y&jXADjphd;-<4dVX(=XZU{>LB#0B! z(czTOATdh)>`MIo#xweI-#|mfjfDbyQTZ#ck5M-2-f(I&eNLX+6uFyEN3)&F&7?0u zpGJUIuet1CI;J$U^dq1BskX0-sr6ga&Jj5t`iaMPulYHcT07PT%{tNAer)9PVDq-Q z`;L2D)l>ax_w6_Ec`4i@*V%5_TRpL}KAK{hCo?$6Y#n1sq7R*SnGABe8}TeEIh_ot zVE;fQ3W;zt&ufu18fVq9%9o+`+lf3s6VVa>iOpn>P_Um*E&tc`=kMl6dv~9YkH_z3 z_3Gxgj(L--EJlxCUT6GrTl8J?XZ&vurqrkeQjJV4sJDj zZMF#pOB5flLSGy0NK|(4;8RIVtW^{`X`wX02jNRi^Q&W1@|?W_fg#!0hIrf5AgY{e zUxf1*gxVgo==w}-B~S!ecDV~k=c!dSFudlO}cdLM=zNpc-djb zIwgc#H{Uke%MU3SVo=!>L@&P0yKkAlJrgTylbMZ)Sra92r&qCduC_9?8eb2u_T2)(<@o2$yE8KJ&E?o_PYt2 z1nENwjh0WI%!y70(IqV=vHC^UMQ;z@ODbr>!xj6FYhG&&cZ@83ptK>M(tj<- zf%}UWVNRJt>0w6~W%74U!u!MWa8GT=F$rw6nD4tz1UC@OJ>be3KT26=llG^slSO<7 zqe@2oOs=a3u1AAIH}w;DX0UXx11PDo$U7KH5tGB}H z9wrg;ifj{NOA@5ax|VaT*#JtiC99EAB6L%*YOt6?5;o-?72s*nYwYNHtIcw1SD_;{ z<<8Xv+GgIW5cPXvK?q0ixgNWJ>kR_C_o0pE6bD6(`5mE1r-PWp4NR!I9Nzv z#Hh|;8&PDZqHgvFMVC$Z8wCu;ThC*BR0U;*iHn=n7PeZVTVtMHIpFtkl{iUwj(TJK zdXgoV-L)UzHO4;Zr~)G1PR-8UKmLHt#>TpMGJsF2iSk7sD zuLZCBzkVRX3r~?q?4xCEiH*N<=fk~+y-vAG6O&DB9~R;Lj~1x|-y_M#w9kJp zD-Z70^YZ9RTu@r0STNMnj8#Ohp^Xi@ZPXQJghXPrEtQM>B-?i^c~d&*NL9#`BsBlK zd8FlV#eu*6OL~Q}H=O&iYE2)g%Zgy9tbP;;&m-@%aLZeKh2`x)-4!=rKc{C(^QqY*ZLdFf zx5vpFuDz`5QEb9whA|*E?IlKrf7eZ%L)6jiSH>Otjx8s60cwp~JIXGtAb48`Mq!b3F@t{#7 zS8nXP+!}N7P#ZqY(*o2f9epE<#;^WyFBDxo$oxd4HCm!94ZB4@t=K7y4oa$q@Zq$I z`5tF8k=WO^muMXn&`1T&#R^A+`qJ9Ionc@T+>pY#=PtGMTFo4xxNwi7GCk92E9|^T-+B6Pl&5_!&jpIa)t3ZY=A7bDMFsTx5#r9tI=a2Q`y6{ z9qN02aKZVd@rVYpNA2bXx8J}ix3MVD-g}aSY7!-Y;z#(7$!c~vN^i$D%HWyF{m!{f z<6uUkeA>xxL=?k=g^Zu&ZcQf@g(5Q@=P0E_A2OcEMD25Fal6_Oi5VaMSgG*+$h+a8 znZJL4T4yrXk0wAU+wfsSPJ+R-o4r$)daP;EXs8{9iNfmCvNU5dEZ>Vo>ca>BnrGZs zv6m70WwoPpZz-a^5H`11OP?+&mY_?*J86{ESDpDW@2~n@PI-PKm69no1irlt|>h zhRBEFCo4ZQ^`|UVe{m29n}e_()ppfZe&4tH;c;W)I-7Mp-;Dm44qM>8O23kXJ@+pa z#Jgx}7Uib$FB0;}94mR!0V1q%d5`nGWfCmzbgt|9n+MRo(idM_d<86+JI905a;VwE zjkB9Gp+mioN@SP5dZjIlaDNahaQ>D3gQl&v(d_SsYXc5F*)KEz!pTGI=YS&{*_(#!+Q=ujrp{I4mq@K8I-pts89K_!qP26^jp7@fA=z499vOo@7 zj7KkKxELH*Jet5t9qLuyBI{5>8|fVW=Af7iu?&qZfTx@5 zfUV~0H0z4&f@*<_S0x%h( z;>zN+BWgRl-B_fE3|8!I)7`)4Be^u<7V(R50}_WH9XBmKf2Y%Ta@(Rmxnd}8b2#T_ zj7RG`^!G2mtI<+29*I)f$xp#JeVQ*6aSc;{H;!LktBr5h$B03ukGpk4EjHC>72Slo z4PEkCSc^zVF5uLIrFTh}`SJDTr|OvH_8!&wCjA@VB9wOaWwdV-Raf1slZ|-PD~njZBw-6GuQN_m6FZ_iSI&zwd{qG$NRn$SD8(xoD8_ ztvRJOOO>O2q!fnj<;Sf2Ec_p;t-Ds=$+H-!lil@u`Z_39A=BP?*mBqlSOu-F+M)Md z=at6l5{d}@M@dm$SZD*J_^V!bK12t4lcOCyU|MVsbIMn%CDR}fD!cB9dh*d@Nt_bK zalMpBf_wN`!Ij!qhU0c*!ALtv+xj~uN{xzA_U@HV$)EcMExfy(g8J7uzcx{GR)=Qb z)B3EwQs5}$nn)ijO2vO^kUwqis&94lU{{+s(;hz?!Rv-Li;l5HvQ9@l-WGX{nnkF1 z$%7TKaEa?MwquV9$IA}v){Ur{4l<`{)535?Rw4!RF&HSVWF_1NbTCzM^TwCIvKB1W z>1w~ba!cQ0MojwUMmVOK-Bz@%1(oYtSfhK5Bj5W@Ke@JG^6%2K5Aqvwvu+*4bd~K% z5!6R;X2e$}*_&wj|DZmt-2YH5Pr{<4M;x8E(RolayX*HvL*$9!tH*htk)WC6dZrOOB^m z=960MQ52)9ig_$oE&X^SNjAw^g*}w3qf}R9u~>&6leN4yn_S&cMUH=`i+Yc4F1=Qz zO!8?_08XYpGa9=v?Z({)n+5x7YYfdu%GIoVP4oqBZCo-Jyp! zlpIjiU+=yU4WLgfRh7Ea=RiJLqu^HAIpY=E$xE_9ma~j^;%%ey17>=m-S1;f$Q9v= zI8>u-pWOG$4X?=FNK0mjm!=UBJ$CBglzQAc^muP))Or4?drbY{N3wSjah+yOf&>U} zZsh9vtO?c0*B-&K8@{3A{fNN%kx*;TxR{T^KHrYCf7m8daG=*iK)qZOF)t`)AASZ0 zfE(Dyxx*INnSIJ-%tvtp*|zaL|8c2a@8GNSMV#3RzA!6@d+LUcQ0t`_X5#gV`pG+Ml~0Fd{rKCw5@$r42j2t+DxS;a>u{w8~O1>79vs_Ui3Smud1N|6$+j89mcM_3}*svYhY8>9LwkE$NB?&HPiU!iAzCE7$s zE;q7BriwzLIKT8p!L8C&@pR@acM#<s&S6pnrD*Sg`I)S1L{xvFv)u5Q`iMHI*=>x{EZCRZZKp0w2G z!L0T0_j-#Nysf({sm|}KF3uGPlkl}?TU2O&f2V&A z!2+fCcen+y$FF1sZOn@FMfI%bxNejkCRlc>QYey6dukNEoWyBb~Z^o$sDI*=xxQ~?M`fsmz zz*$LY52?7~jOm1POA|0=sORFps1-$Q%g@L@4We3Jvfv=S*z|MHH(YbKv;h zSM56w0ym^hlJnMbc5;_as#~7x`&nm8-CGbkiPzgGkSh^lXH+Kse4W4LFey* z;pZQkTJFE0EqrJ9{PfG(y0eq(*Y#{Wiqq4o+%npJjr@6+L_8;QmQ0se=V-4t3raBW z4=GOZj9@+}8rA=Xx(z%Tg*qtzFAg?09~1{0C;sec!;sGA&gXzK$Hqt*RggRq~RtN$sK|IQT&~bj& zE+hoz#-D+eAR6UA$U+^wpMjNNE&&L>I%g9A&e;Tjb2b6sobUkv6F$Ho8D#x`!6<*0 zBLNQXpD;@3$|O+eAea$-w!k2V0h6b7{=<5zpDj?)`pb8MW^q(p~Q$644|0AVf z0yuCKV9xx1tAKV}C>0>=<4gq1{gs_n}8a?zzXmI3Sj(`stZ662N)#; zZy!{E0ypnB03%5KPw)zKZvtrZH-USJVF~p`yEEsjQemh^N}9)985AfBMhU?Y^w;@<{PO=}2BV_C zm%U^c6d(VW1*3%E5dOQ}3jiaiVjD0MTu!IJwYqE<+OMEeKgc7YEJLM!FpU*x;n&v# z(EEN#{m}OtKmh=i`hhSoCqE?h{2$N++r3Ca1x7rS7lJYZJ1|9p?pgp-uL8tLeMXMnD|NeBqu|v5nlnO|nC!h+bH2)_RP~Hoz0<`RB%L596{~pDqH#k(mN1%rD zbPp!`{kJM8F9ibq;1~w4Jyaz9K1V~}UjWL2nGL^}y%fVB`r*&q0e&@r_x|r@pQhC*$Qm-wPM- zDS%%KzZbo170S_|FD-$*18U6BX%gZqpw9%T|8hA?{_H1tMz#P=<&0wi{!ThC`34LJ zDDV0+$AXKKlNY+=+nnall5f;vbFv)3l5a}zfw=N}LGZ+YCB(ffZj3Qn)2<;oZM#@L z!_3Y5`vcoMw@v72uvdrj3rn646|3F3YPfUY-k>SElXjJj)!>Eqx61Wsb4;xXdR7wn zrsGqS@3YU-*5B@JHZ=Tr!)xgMX>Y%DeS6oU%s3ipfv7)iesDU|Z_0MqpyIpfN(0_e;Gf$<{`s$$D2>fY! z)su1t<8e0{<>dCrRrm+J$$D!~gG`*IR|+gtC#2IH5ofT>-obfQJYD3+_@eeCrtc0a z6S8bzuU9eBVYx=6Z@)P91V@2U9Xr-717^9RFnnrz2^~rzB4V2brd|s-j9XplZQYVQ zF?l^l#2JI~i5X}vt|pq1Z4dQA+t!p0+rta+T2SsgMJYT#Wm*;l_9&)D>!bBTff2FM zK3+;98rJHfdEZ=bYZj{fPTtr&X9&im@18OBG(v_{NeZ8{?oCrk0sn*>(x@1ux?2y@ z4Csa90Y)r1n;$bI*Mq}6c80zL!PZosAbouaSFJ4~{%Ofs`kJR{OO@$8z?aA4l=#jGIN_e_D&L2p7VnY#9P%#4O9VhxMRtn#&1EAybY$QMA{ z%|xF$6EXET!k|>UOk;MOpnTNf`+_7!aE8U`AppxzmtEY$)T*vW)Aul#<8=!^Ym#PtSYsAzHBJ=S*mNhEW+AOngLbRDH$=1a2AgLx z&pp+o8W^h=Mb>TJ*RM#1mzW%c)zJ!rbU}qXOId{jXQ>a9hNx+*X7bT$m+*Acb4{YG30?2i-G#zL!8!5{?ETH5 z57!pktrtn{4Up6wnWR=Stn^ny_K;UfKVN02*vUr=AS~O@590hWmdoN{b3%0(l;O(W zm1pQnrXV2VAUg(-&PNEgc^%gs6MnnqUEz(uDx{cUPiK>tK-fId$;U^Q% zMlD~eZK*#Nx>v_teCVyWfYa@)Vp7$p=o4S+0hfO0{XSB#1k+`Dd$z3h4vLz3L$H}k z3Wjk)r`EHmEj$V1>yAETCn*RjOXW)lj44S+6n-N2gi+G`wwi^U3l0O`6D%1>DqW9Q zxp}YPw)LyRaTFTLM=09CSFSud>Y10Mc3d0k*fqi++QrTZpO-Z>^-!+cbg+<$pOidE zN^80+#O2HHe#1;$FVHmwKaEm8{&jNG*G@~O(;eBQa^#uj`(A?OB#Y}guy;mf^y!}n zASWNr#P$;CI8+5-4YlP-a6C*TmmS@E;|YWaKj|lXUej;9W5T)NXvc;-tlpxz%*Wv< zy7tOd+z4)p(M<7s9Cf~Umq(mGDo=22ew$!kMi^%ToT)sjTuB^`91QhsnqD(o6qM;) zW#FL7+$Qsg~i3I4~}Rfk2nHE~Kw=@g_vK)PF`rBk|7knWc5?vz&PmK3BBK|s0% z1d$LWL_)u1chLp(`u%gC_qjMT=bU%W%)2wcnTd8W_tHzkJ0?4I!uYEBIh0wu2VT)d zWxg`F+c2gbHFqkR(yOxyk3>JyNeF z$_IA}Q&_1HBivqKD3NU1E_ zkPk1E(nN57pa@Zn3+ndtWFvfP{C4K?N8+zZ;tgEI6gUdj&kEmNr+SbpNh5wU__20E zPp5AJ3>Jq>v{@MOZSA>Wq-p^nGi7WljGj}0hk=5=>6$@=Mg>rISlP@42wO@JX@xxp> z?!)|a#8qV%tBg+78?;MAOCPyp#7i2?!Mm8 zX>7e)DA!|UCG7z%-_K-5H!^WoTUTe{B#ri&B~n;Ou35H~kR3KN2TBh0wIJ7KOJeqI zGN-DSGe6zqGgGj55jFFKO}Rq3a|}jVsv8XoUn2xgclMv4`^CUKnNC9IBk`WH|LTWI zSSIE+|5ZcD`J0Wv@<(3!yT}u+Ny9Y`OZ2J^riHg(QE```AiFZtzxP$liSeRA+hirC z>&n=0?ru4f)n=ivX?eHO1 zPnspDeo}dFL9&&CS;FKeWR0&{safvchkxX0BDoWs-`Q>yfJ>U$QC-jLXXN}e9-VOs zQLi2AT8`Lv{j3a&0t)%KCvW|4W4%^+A4F?eXkt=C_LC64@pkA6CMM#soz?YcCX`a% zf_#`=(wy;4`qhn{1GDASPRrGSL83|VU8uabN{?bP7{>Fr+op)n)Zg7h<6bV+dz$)f zNYRMRaj)iEiDfviW(E07>S{2mul2OR)ip-%vPZBKX*Hp_#k}j-GCK;Z(E`7s==+DPYAT(PB=C6VN}G=;XW#V`4~cEOc`!jgf2+ELhAU0 zNKUM{$YUno*@Glw1HTBp0pV^iOx<#I{F10TEnwr(^2geUeyq))& zI&X7r_l?iB*x&OGk3N|@uCZV1-@p-H9b6m1RohJe=q%m^KY!=Wvt`;_gVM|L6md~f ziys2IX4HKh>JASn2QyF+CLRZF4pWdPY<_c!uCOxEJ*;4M;jSHpue)7$atAC05Lq<+#h{^?4g_WUFqtM>NK^P(F z&SQK^R%@67anA~(9}!&1s8tA5l$2j$o5CfRUS|d`yuxRmClOV=IW>XLC|0~T5x6rb zecRZkq3`sId=`F96Y^;QDeos}?=f*cYyil%!$FE2+U_B%P zqQpj{YIfm`TEZel_G2llex~ex42puj^~#y`S%-Vn&|G-+QCwaM{GCA`9hor3 zsEWgK9SW5j&Fs(=RiqFLN^b7E6p&R1PVA4mzBnyFk9uOB#B-?B4_E4%KJOj0LTR(PLOYSvM%q0A7l)7q zC>J%~*Xv&&;!(j8XJIzNu_)v+FJ*^>h@~JQ7YH(~Bo&PEmYUkfrXgCn6LWsuygLd2 zPt1s)fhUF#(BmJ{IJkUA#J1YnQz8w<-XB0j>Z`m7`}`3Nf6dRAyOq^^*tFqQk?aDK zF}-8kgXsYD#N(x`YY3t*)nC_z1b!qK^NFXPRpoJt!qX~uqI%guax2GfC|Pv*;6*(w zn^3k&P6qVapk;oAP?$bt=vUYFMD?!mtm8MPXgTRLbi%hz`1-WHXza$CI}@!QiPXK< zX0ODtD!8lMkUdsm)X$d|P zEt_jZB_X+V9&X}e&g-5y_|tJ!WW<ca?Gwx+ALt+ta}#e9O7MmZ_{c)10FW#;wXuTpu6Ky^<+{m@4~C ziF*z_QVksw8{hr@6IZlPJ?{Wh)#`%OovG7cD^X-L*`nZ*+Jr_14TSlE5$jg056r0@ zcT-5$w7pb2!iwbzdIB0KZG~6K#KK5~R|_fE5GUAQ-ww1qDwX$77`E;+Qr-^Zq2)^Q z>Hs{wX-??p`DyUl=&enKFoBL>>w^@MeAvT_9kR=#pEB(pD_ zgNvbCymhqEt9@i51N?|wr-fdnMgFqwtIzyoC7O_epk6wZ@HgCZ#qC2TZLgvk;zY7d36v`mt!=-@3}r^iS*WW=b9T5=tsq2Qhp5BM2x z4Qi0mvc8Bs`V#A)%da_s7h$&jDqRlA;Sq}e%gTG1)D0iMY)Bm#em{V^nY5~q{>&t< zz^_{6ahJ8?p<$YSxnt@F##5Nsc}&8xFB^pVr?+xjUilnW^_aar7^DUW^tcLkkF-+$Aln4M&0wg@?y+k&#PBy03GT_o-eIYMTHi z1jg5w?$lv?VYxI~U$hg8>()dQo;0fnZSj%{@tZ1&ayM%@FO|v)Sd+{NLKe>bJ-bg%C zvTNnjq^tXFGKq2~=F z7Nk})!*lWS`8E*@n>mZql^Z1ciY}IGzCCg?fX_6D*8gP2$A$hJ^9GjGg2jUZ&A^5UT)@=g zd3x|F6Uf*%s2cYI4~Tpxp!gF|_6rQ+1L94fXcefN0x(*2zN(81A(LWfy>Yvwf|7HO;N;n%E0(b;RYFU_p^3VPV4g<5Cmy5HUmy5H2 z%Ed42`C>#I#2I{a|4&35B>()Z0Vl(L)(r-5z@UI0-~klSI}2EXOQA0(K0zzL%Hq78 z0Sl;*7`W=cvN+rGA6T3p1t`n=-z*>%`1eLY-7)}+2fd^JW&sfzK8wqd_6`J z?DG7U3(SB1h4!jk2;Bq71tt@~m+;?mA(Re43(TGTh4!jk2yHvhGlQ+bKjlJJ(gSFL z$&3nm0RRs`YT*541~=rn zm~jO)t$<_%*95%uzL0n?0_x|?7{xU0zz4VX~#1U26kZo zB8AY^GY1APnm+Rs=bZysK!xLHe*`&azyok6Xa5Jt{_Fwh2L@dE`Pu$<9iWj_XDoiN8r*Q?DhmkZ2D%QA8$IuF zzyi_Z;IAwoY$qfOpr)Oz0>Tr63&78kvKJ2T?3^Jt0&-yIJq}nPdK~<96%dy64-V|S z*8vMeuY+7)X6D(_WE#vDzM#3IJO=ro+KD z=rZY5sSpMbocjL@=~bx^1`yJDU0yS!^8$U{fg7=$wLLgD?3eIHAg}UE=>T12&t5*b z6UrIgxu;Svus1NXH?TEVwl%PZy!Vh;RcX>I^yhN_PJga_fK)yRvvQWo2LV}rrSe%I zVW|I+%IDZem<@n)`>#;n7ygomCj1Fj)pdbW$y;+D@QiRlsRVjA}spZ}h zV0v3q;}I)g6W^VYD$JdGOK%=IsZKmsei2{(dE&EmxwkeKuvx<0pG^(6CGTa}HJ^3c zzdNz5I@<4$b+Gr|-+22|n~O;|qs4uS{zs+$4NDZfNT=L}R*jSIXajRgk8lL5SAQ^t z$B!Xla};YG)*NBHEd6oqCr7cKP}9%jC*qvN$3eTcP(Kj*JxW^?$2%HYnHZCjBSPzz z2kksh4ECR1!xPvwdvKRwXZcfk_~3#62iYEvLG69y&+x%_cX9+_+&32s2PfxyW1($> z^4K!IG0x)?XS5b6iZG1?%Fcw|t3RY^2#x-+O%T7yss4E%N;6=?>O&ooif4j$)giYn z!IOl_J!2dJ`|!e+eDp8(Y2?yMI2=Rd%$AHyvTp#|l$44TA8lZyC7%4QInOLm> zW&82FLatAxU9Bex`mm$k^4?@0y89gAszrEwQNrT=V(BPUD*Y~wyy-UqI*qsWvFHpK zGvCBktSeF?bY)K^ShgR?M83)hi*e{0p!yuhf(4bnQZz*H;1%)l z9U9XW1c%4Ty=3)o6tMW3ku+f5xO2G;knwS%@VJL=3Kt5&+>U!JODbK^$49FTlZu?0 z&E&PM-fo$&8cR^k-@17{&MoUC@Zl!7LWY>M=SGqS{_x zlTO*A$($~+zXmfxrx-_a$mjdmHZ@jGNhTpKG-LLwPL*!MRzVi|rp>#s?9dQeHSuwE z`A~Jo%A5&dIg7xr^tYMp&3*g@M>pWVaUq6&8=cE)oGII;4lZg6otK5t4q)PHl)+a} zhQo}*zS*t(#N(5Lyw~>gw_Beav@5(PN7h8?8;_5P%yN@|s%37ck1eI!=y8U}?@rhZ zmY3PgpK0vEOV3lJ!Dd&x10-)=EjJlTLzuK}LbwSIZDgo1do;R76Gx@1H7&Y;k6^^=P^pqEL-V<4qD(6~&RB%dB3|FhR=(Eyd$SnE4DS(K z9LzPxfC(&p0-Sa|M*o*I5lTJSk!z*uoIkqm!fD-Na?IYN#R+tLE752g0~1)+Y^vfV z<0)!&<7Fe2u1Y(@8~YRtCl-Qz-okRDhVMzd@Dso!tG63cm1)&?3!PWm-7F3$JE zStq}K;;qg3W{)f(cSV%c_GPP?qgf28A@1E#B5#x-Mv`_kfoKxr)!oIO>#F1=bhEPHTd=B;RR=( zl37d_r5oTB(jdqiU@5RLq|}Eiqyj4Bi3zh~Sm@}&+c=v0AHV2Z@AB9E zS%;eQRq0EI6(NORdt0PZUW{W7sc)X~qSeUO2kUCDpKf<#7Csn+Y#G?$n?>5TPu1VdEO~08yLv_`2AE?p0#-~gJN0NokEop1{1d5GTP)(z|O#FW)tBhA}351!Z66f z5TM<}eXt*sM`=+p8ky&4fTWKCEDMP?q^}||J*dp&^hg&(hMZ_YuQ@|>`800M=Xcm;4M~aij*&O#>a(bGs@B1IhOiw&V+0*Le|wG*tGRDTLjE!! zF`KdxPA)s%9Zj9%_)|jtAZ2C`Vc~NOPs4fRj(0S-G;gK^%Gf*Ipl4IKtMr^+MlVkw zT`4&|qY0l*jNENeQu%F`Fmo$R@4b63rV$E!4~6b}A~UTC8nYy1kRv`h(TbpyoDbeP zW;TqN(8_yO@@WH~Shp9sexrLa(phO=ZnAJ$U`?d@sBgw~^RQqxlq_D1MB(9le=I}1 zN?0UG_rPeYSM2L?3Y~eMmbnbUaOmI(*r>@~Ax@zs%i^yAutusWg1j^LV6>yCjM12Y$_->VQmt&Dh)XUx!&OonkmXUE< zZoc2y`$2#_N{~Hc3|VNN@{xw)hHN{|>_X%HPM>9y++E_bU0;6sP6CUchZx98bfS_^ zLwuQ{Bw|z2Pk4M>zP*qkt27hGopn*S618@0@K5%MQIl*p$c1wq0~0e3S%Qt{QIB^d zB3_$`!O~XhLg`SLu_zXw@1t(Bez?j~i(WUf33}C&8&x=ne#RTDGp1MpxIyHIF3Efx z<+F%$e9ea#DEPP6w^bG@#^*e$6kZ`?*YscaVC$C4tqAE-_`YzG0~2xrS6**mz%ADQs1&t*LB z4+a$F)_%~?C&en%*u81Itw-UnRTkcEPR`0d+mIxNIe%T9N)Cs?g=R|<-vSx?d35@q zv&>F3YY%4L$dK48r5XFmJVYDziad8Iw+(5TS_f!?P=h+k`Dao)jU#d~X>~F`v649G zplFcI!^3>WW~tvLEdM->l?rH`*6CY`;nS0UV^+S9p{KLZ{FaEF1KtG1C_5WA49R@L zB4)BImYi&n1LNk;%9<+o7v4VcrIP|i&|KG#EUH9CUu8(xm$3A7zl$3k(ttJQZYD*6 z^AbQ0f_he$f!*)C3jcYnG$r4}<vq4G+ zT)*v)@8;C?ZZf2Nc(jSd+JhU(R5e)>>iMVrxX|?D<-_(Xaic7e62xuYt(0;KHnfs< zY2;k0_QbZbx;0O$?A*tCo+n(h8t4hquHYe?fUVn!zR|F_D=g>i-4nC6K6->A=BSv3 zm-4v)_Jx*&-@^P2BG}&Owx!qC-fj*m&}MXDu>{|Ky_oWKn1AX8pLkYGCII+BnDBft zOMk%BXsQGN{6M`WNzM^0swD7e1l^rDw0F=sfrBp1>UY z;T27%iXDc7eCu!pB^7d6G2de@sKJ~HB{6?_`CiThSb!-2x>cdDKRYE^e~nH zSHh0%%JGE4w*lHYJ{$$j{d9&`^o?{E+6yZb6eL(NsYv0GKtIuGc-L{TCxKU5ph}^f z5i#p=pO-XxeT`xJHlxFRax~t|btzT4Se9Y>?Goh#*-sX$$6Eb4ZjdEfty;& zRG6tVjOV%;uv%_BcC!nO_}zQ@C`2L*q{IR>R@~1OdchW74$;k4p<^>EtUh;PD3;c0 zI)rc|E@#6vy2=T~Y@w*r9*@M;M^X+f%TheUXlAxqdIfMlcW%_yB^oQ;SizYTj9013 zvw6>dOG?eL(wR*421Dpeij*e=WW8!o69fC)iJ1e@Tfrn-9R<<^g-Qz4TX((%q}JRa z@jTMGN!D{ZPtV!-e1vG#^iJa!Nmm!ChwwN?fc)z^S{DB7H{Tou83`}H)_pCS?1}3#x*T|LD$R)Z|%e7@^Y*f@?05k1|;4SGewhmVv@{>jw z?Cv3}hqWg9+Igz)JUS488*W#Ll+}*p(Gp@;e&BO=#7=u>1&?>L4U;%H5HI6^bS^0N zs4bs#xRxqjc%6K6nIsok$btRy9fgO00ez|Huut8es-qhnXj{AZh{E&{Y}^U7%p55( zgby!Gt#(=@gl5>-eWL&sYKtJYQ!R^$k#^_N=XVT>A3Mnnyn2qR9!6+ZXtO^1q6=-u zy~jyE|74nweMiR+T3ERMW4o)2%uH&!{K++aq!d?P9$yL-S)yUA3US+mLq9LSoUdP7 zKKVsOr*s#=raTZYGO70OhI-%|oLJVU#5>g|)!rpvdhilL>r$!!dqIAD z;0EcO)?^=FFk13Da%$H1Ir^cE1QXCU2lK6=DG9H@QJI%TV-Mt%qLz$me zc7!Hc_SB%|;qIPz=p=r@b;K`zH-3EbH55Bw6zdnQ6fq8Hb!fyzsQ*$ySAivMpkJHQ z^+2seNMJDO*3QaXL%mSNS5}HuX+reVFQkzcH%wXWB%}$DRCV?n zW#?*qA~f>s(4bUIi~2+wB^~LY+sm8O%~oy3j{11IA%)rW?oa22mo3NGJd*`PDk>F@A3s(zz9)vLX|p8WYjke-hNNPNF+U9b4JyK z$OHPipP-YUAoM_-mgxNJjAifIg!mfzXp&;x_~`y9F=tL(DGyzGb}J#~Wy#IBDyvRS@%%I!pNiYm;grzgSdQDrJkpWuuQ zTJ&AtD&70o;=I@&42}DEX$M74*tUd`576E#s+TCLgi<|0qT1NnR5WRbM-N_JJmLPC z7pZ?9vA_HiV$fUI285&HzizDUGx~AtB>J@#p|qQ{;;V9q*96AY z%0|NvbO&D*I_dR6m*7^~N!0oXCA{DYMSlSc^SoRH zrH|k625REOsYrCUu*K`u^St?{-q)$TR{3gAc$=Q%ATBTyAJm}K-`Tj?>bYAE1q&5fy<71oNCXS8vo$zS_Mealc1Uak3$PFN z|3k)ckqjb8c^MJ`Xh_U@o>BsZ*B}FR7b?I(ozlVLuRtQeb*;Y#TKtaoU5M~Ogf4+R z05zV!^2&e|2%wugC{Mt4o=>{Estfs~3)RYJ`7!`D;6pjfD1i%m&oWBq1;#ArlN(q-lN-+d6)+QX_Hd32fGmjyulEup0 z|H>!<<)6Q=-{~N5U=(oDzbpK}9qzBBgCJ{{A#yqAz28|tz289rVsL5kcmM(MmRo&};V{;y|oS#>W$BF^jMSs?1; z|H=w73Qx)o3jTvM02ur~50w82B5<+H8L)=4Ap4(buSEYZmN~P7GD_gFY>@Zws1SfO=U_M(NMASLI&F?689%5uiKp@BN-#Ua%GezPbpo|je0$--RDi=cA0G0$;VF|VZmuasgcYs&w*M5QH@Br`kss#hQqpNZ+=oN4> z9Do*hP5vntvIZHjX0TrUk@kvQpv^vC^Y1ctaM|#0&4S1(frli3r*2$a-6crGg-Yd1 zkO*$lbMJL^r5C*yu&nmn8lG|a4Tw0eyafTIF0AE(uK^YWL$ZK$UI0iGU?2*}oU@!e zud9o?$Phw5LEaF;c>%@?0IoLkKNkg|r)QQ8ke>!5K*4Z`f60f?(=+D<9{hFYyw2;u zS-?ZkxLD4M%UQq^)&Tzp$R0ok$_N4t@cDW#IWHh*@X`HW&I>62{H%Z3eAaWAAu9-G z2(tO$v0s-x4`iA1Z_mRD8iaE8vVfQBzga+dcSshXZxjFvVBYk%Uh6p|rnnSKyrR z@2h_HGW4z(H%Kh-FWl9iX|EU=NI)=v7UaA@DtO__{!uQ3?*`Cgth@J z3CMYYtia_pUw*%!EA>k*r~?z&f?TG(D))k3fnhekhamp?J@JS43$g~k<$|2opJ}hk zg)oAUkci({J<#VEg!5tnyXd??v$DV|171AH9xR*yKMTBT%pe@?*%^Ut z@FhGSXw()Y9{|SX_wO7~4~IW6fpj;ZDP52}ApI8rZ3LJUcJ>aG0AD+QUDZW~kmm97 zk1xp5PU^?X7hE2z24*}nps%d>~G zn+>v?=b|pUEf7QSiTyur3ncdZh|gXSaKI1i`NSgD-*dhI;(_k-@^3ECg8#q*{F9Lt zG=Bv6g8s?^LZyM<1mINw9Ufrgzo%UNeH9QE6Oskc;hnJnF8;q)0bw|Sst-7fGnEDP z-(o$V%f$-9=>I3Hi#TE6?+#(39JpYyop_yQC z>R(8&N`-LM0H1O85eU}Ze@ne!LV@1qFQiwcLVQMop;zFm^KYpT+6HhKpalc9^)l&I zsSsKQIANeq2VdPY+F!QtPc|QTmB9A|KnwKgf1$l1_tylhGoTpgVgVk`_Mrsu(%`7Z zFT@xtBsTZ&h%pWT2oDl52GRV5TxhydpyTPA4@;(zudD`-BxSrsN!wdkKbM&=@=cs3R2qp4*no(s#3-8gc+Q8~Z$F1Pt)dMDp zo(&F$(US6q=BH8J<3DqMrtRO>oI5?0r%2nkf?d3ueb+o&O-gAf=jrDk-h1x*ruY?G zZJG$tcgudd!cC%Wr|-*47}%apP^66@&p8ft=ofPpP6*4Gz8fUnM9F@^!Y`nXr$)GW zLt?@z_?fJGf__KdjHIBxp#LooORK!Z%}QQB>=fc!_H_*Lt~`T>?${6V5yhthpI>*Q z+oBPa%3~8ZcSkhhcAoZQrg6PCA319DqogB;M0}5XWUZ@*;wyX{S1y!Wf6RE{#KUin ztFdUTEB>94&NPRlaW0&N5>^1D&Qv-zXpnv%- zfY9ACAiT7e-iRV$ak%E*D{KdRx2nh25F!?}Q5E2}LRO`g+CvR$JdH!!ZZCaM)DjGN zkAm=g-@SdH>D^OjKC}3@e4=W3A|11? zdTJp)i^h~Kg8}0m0~5oU-e&rbWD)e7_nyXDK%3PN+)UpPLlQ?sndO*Zuy)Vc6BZCC z%I}Mg!d?rj@F@F)Nf1 z+N&J=7)x8A2&J??(x>I+yuNKz=@{!2?fY1H%BVMQ^P$1#I05a)6>%*&{G}i7c|I(H z@1?|Hw!M4Pw_n^Oi-jVrQ9XfWvGJ?hM;!XthBBm?XnQ5>aN@j0R}+b#DNbs2Xflk0 z_j@P90U73$$oB@)bp5}yr3vPI^p@p1HGfU{h47;Uvb5o6&&LE?BV1)@o^pgj1=Lph zqUkej#AfN!P)NI7b-t%ZN9pFU$4z6Hj}mX=Ml1?T^zsx(+FB#z)S%fQIF5P=s)v59 zFmBk7v$?tJ*3ClE*O_;x%TQ!dSxH3Spu>~ou_srNyFS<6Gdvyj95` zG38Q!85E-p+F+3lvZPWS0m}~Tchl^mY%DSgiWb^z8eP}cnGjlaGl)!|=gYj+)aKX@ z_SmUB;d&U!d`$Tv?b~;unZ0WBd&<^qjHPiO1IN;K-j%hBU)vHc?}lZK3MVL!FD=dS zoMoF@$~JaDAU}HjWc11LbD#X`rm%*+95yPX@vu$4y zLB*b!?#t5qa)&?OZ4G3)kr|%&<57Eg>D$0`9Qd*s^~VORDRhiTTxjni^uO~%yIFC4 z=Iwd<{u=*}PW_JpDtm*lW6|GQ%R=O9|ISvB5G4jw#5=2`_z@pFyo@>2&Xg<9?`|`|`t`!Bc(;UN2j7 zn^~Xj590+N58CmH(86~Q9EF;7r;)9AT`;L{fMkZ7v;xYWf$-bBDnfMp zN;T9Nq7>B!aQ247PjqctZ@3e)3qUJ9Mt>YYucdnWm2tjMh|wALDxAisXT2l+>?3AWua^3r zRO>gM`Y7=(K2eK@nN!b=>7*=JR;|`2`wcP5U#<*HZhBek5wb&>PHC!7qVbTZ|-|=`_pECV= ze3wGPB>WK5RH>Nv__QwWFqUqf6>`9G<#mmzgnlAhGrFntb?5h9M}(<_9mcDIF3#gN zP;<)qcJ3#c#jP~>JN3_B~iS`0WxJHeuKRx($)=3+bXP8!oiZMBc5GuQuZEi z5Gc2hc%3)0B@I`@7lx=N_$FfbF{q8OdDrI~q6I}3ulK`nZFRyQTT-hYGKP$Da=h<- zAn&JgolQWd19<|P{;=_e?89pR5o+|_=lX_G$KUdC-1U|gD?0C|dZ4GpAjcmMS$&Fq zjv->FnwK9`hxU^9Qv-CWWpvg~^~0na)mCXTh`BNgkY6`u$jZ*% z_x4y4Z~xlYXme2z z5@*6~VaFL!PQw`$8yPq)3+G{k`FYg)nN!aYOvP+!NG5quXwmDYgi5%LFOgFnDa7h=; zwtDu^_$`)1Y>BetkSR--G!T)9jtO)e6U__%3=* z&Xz|%VLk>FG3n6YD=<_!8a-F|`F^>JdYPpGMyNgS1qOzDMQ(Bul33Ja@#ELkoZE5i z%Nt7?-`Qp{-V&puDWD&TvD?s!KNZN)bi^ikM3yVEUA~;Oiqu~6GStL3$}6YVo%6_k zxZ&}ua^zP{%Fetiz8j9m2=RSM33qZO3BR(b!;_V7t?H~DvNuC1aO!ez8a%z#>vEr= z-&G$fvKQpW9>&Xdol52%;eHH zDO?J|63Mggx!+XkGRyb1bP;Z~@3V=-m0cY$sT72a&n-i9vuB#@r(tQGy% zgf-$zTx`;c=WVR4Pi_bix5$lfD0xmLshsYiKCGp3Ij%NZbjUS{3>sB=Te8 zDf@2Hfxu9(yVG*Nxd>aGEJ{=Mk{n+N4eVQjFDI01AFOR6uElb_vRU){a%eog2@A)e zfaT#R8W1P2Eh3s2!mP$m){ZzvoNw`IY~MDOz#ac#fb7xF-uymaJkld=MN-)2Na6<0 z?aG5u*!2}rZ0ZTg2k3nVkD1I>gRTwg$|O#ny0-`TWDhhAZ!~Dox>Jm{V3@5Fiuc?M z@YKnBuxW+=(Y*YfRhQVzbp|YkMp{%}1m)$XsPC!GR0Eh<81oL)FjKm@ISeH})62Ln z;fJJ}I_y-;&3}RN2K;UvmFeKP8Fm5?DrhotFwX|_VBre1zj1E#Qx1+ z8l#s?&H-^zBV~@_b{h9K z_0RpV%+JcGG*NPuEuVgN^W!zD#}7Do``~62zRZ=ES4)mhYE%Y8g_^y;#q(X|R&|k~ zs6pIzR*5mXPkc20)1R?)_|&)?Z+LWkpw|U`+lPAAey|}tCDq(}pv!K&E8ablYoh%m zrz;`rnV6VrY3MF%TzI&eJh8`Y8Xjkh-6BY4^g!V>m-1=6k0olxWl)Hl78HsXK zB6N!F%Kbjt4xdcY@?ia{pfSGW5p9n8vWop!%{9$6N5^|_laX}|Y2IBS@vfD8t!-mL z#{-QLQGqvsx4wLcUQ!E{f2FPXd{5;z?#haLH<7OVjRkJsVHu2DIH7v7Rc3`Z$&@m0 z<*-{(Y-5Dnti792Yu+E=)yIF(xCStf<&vbcV+R>MFC7@gPex~=lV>*4n|g)fSrrTj z1fXYRMn`VwO||a;?4zFqx$!nK@q3Gjxw%e+fj5uwx)ZD-?$!8O!y7sd>3D_bTM*86 zTzf}MN;-L;Rz|_5z@d+L=iaLJM!0sAQWdvXush=CS^BqPH`9?Fx{&R2x?ti6Obw&4 zOTD5GG0T_L$kd_LG^a;3O?o>DM}A%=IKn)>KJ}>4qoKAELZ# z>@pF1r*}DEJ(A#^HPY>&etMxYf1^c|UvTy5S!<6uWH1cYZbN-oIw#V=^5P3L7jyf! zR}s+n(U&peP=b3D?!5e_B1ajaE1V*`Z;O`m$s{2Me^5k)jtc{AwoaT&wZdM0w)Ocv zeO>OGu-|e&YL@zH_Zx6{pVrMuWVl;LCEZi33rRQ~DpGopTh}ikTRl!4pf*?HWBg4|M3myD&*E6H`zRbOeN0L?|%NRJiy?F-_+evUfS`e)+ zG?Pld)q(z-6P@wl5@(Nnn}IaS5Ao+8g@1@L>yW>k$!v=J5||Q1Ywd2q*0ESu6`rLM zdd)N)Yf4^U=oKe_nzXNvuSTC-d=+~$BNd;IN7V#WykgJZJ8PS3dJB8KW43`|x55aq zUUE+TJQ*yE&~w*eOt%Qx?|mtboF_X*Ss(a?gp4d%f0dLrWemA1BB$Yax1vJ(P@o_M zmVP)(fL4F)OGDu;oUUM9f=^orTlr~?jWFF0dexto)_V+kS4Y;?N>4TRj~#^@Ef$=v zc6(L3_?&JEy?mkfz4b?ae4R^4n>7O~--3*XM{Ym!X2^(*v4)mq8w?tO9j+CDM1YdX zhs20p&Z_%2yO*&ZvcZS2x8G=dDlR(KnBWjHN)+3MBahHqk#&!*KzAB#A~vUAl7dp! z_cpaG3O~%Sp`v8s^(wV>*gbvSlxL^>jc?o6C5DHx^s!~S2~09ggKG~eVVZ1gf`bAE znmIGw>=lwMjHUn>!xBie*T;oX6BK{EZs;(DBu>`r zaGibr&f<-GsogRU5XXBLwDh_8d+(V3gcBfr4}wQ9FgzSeq+G^i+qd;p;gBQw;E zl?+dl{?3bs9Vvw9kxtjqOG9L|WYDUjOOB&HWhC`G$_3AvnbaQg&t?YP5ZzvUCM>mv zI9bBBW2wM%Etsk(+xhKmw46d~(Tz`B0&Au+R4hn7@B;vxsQdLyA<5^h6*pzrl8YDt z_Lh>$fnFQ_yDn@5DQB_c*Pv$e_dMMXUg4p<5__VF)5E{O95nN;b0*WRhk+}zobEvC z%;46Us@ZsU*;141qg&zxtJ{b=@G%!nN}QC?rOVKWEq{N0QbHTZVM%Z6Ly-1-;^9kT zlDmVeg{}r816!kCNhXMDWgJ8+n$9e4+>Px|LaF3F4vK6V>>=ShTyk$=uGt7YLwY01 zsL4GyVo*%~AeY$mb=2f%iOTZMr;D}ERNRZOkXfAtqHmNx4YJ8-GcOE@3hOMV*0`-4 ziT->rO5vuxAEEy<#p4c*@H&~vWNuCzBEV;G7+kxK)myhszBR+n)Rt4%hL)EN;V7fD zusBHobnbvC!(2rfC5mNs2$L(N@aoG&j56mrK;JBdxA-syGE?37qJ$rvNyXvk#$4_f z)x8qX*4Ki9@e|S`5E%XO-wz1$*0$PZc-!k1jp=g7u;mD!-69$kK zvRMB=F@P+PU_MsJQTP8z#(I$qBB=bIWNa77AOp$}z>Z(hU2udJA~(j)436ag%Afs? z;$F&)0qfw;GaZ+J9gw}6K)E%@c<=>i2OwYz2;4&Qfy|Aa_iDPz*azSOk4wFp zSV1Ele)nqn7sJch4@h7lD0|HeYNK-@(tTl3z&;1(i#p4lK=x|-hkVE?{!B z0h*oz(jMUIm9FH*fD8Tui}S=55Frc7=&}Bd1%ygNB({L#jg-z-0g>4H8;i3;`ok)K z8h^$D_-g)pBUe=RLT(Jy?Bndk{7zB+bwd|&C?Loy`1M`TtUu*Yfb79LIfuOdh4xAg z<-*u1aGxWv{`^z!#X^5JP^Jo`dzWdi%7sW61J(@0MSvCfGVPUQAY|!3fEJXi0xADx z+N*LQOei2P2TZwxZ_s7ht8yWf4nPa+bMzP5t8yW<4L}P@euA#>zvV)x8Gsg){rofS zRk@IQ1!4Pvh5C3qX^Wv;Tmy)PO4poPMM93uk!MtzBdX zp`D1|l{r$`2fKgcgq&+)-u*RI3 z9PlWiGm~>Z1B(@elso$)@Jkc;;?7U%lF5ODd;ec1=K`|(x5+sNF0+D=gCJc24;;E| zaxNgdf3pB7?AfXzKEwXT0z!ZPU~)hMtj<{d{;+2K8>@>RA9(Y@3JLim=uZ~s;xH=E z1^hGVl?w>m?5~Rt`mFj5aD=?OSMEI|So<6S^k>p5QXxUwzYsvbM_~QBhkx2E@WuXG zF&F{#XWFZB&rReR0tooYe+K*k{f+=UfVA{C0tko|28;SH1P~7!Bm!ttZNY}9=Z5!$ zUS%lMxADHRq+JJi^n`AEVr?2BU!o!SJIs`77PF02cl3q|eZ2bK+nPGt$n)|Qy}RjM zQOm{GPvCuW7|VZj;Jo|kXz4>CkD#FY*Oh_Rv^4{B{h>(JqA!bSB+=uo%`FyDgN)v8 zySs%vJZ@k2YIqKNUI8FLu(Mby4jxWBPkROiUd20U6Q|9z5)qY7m_O6dTOK*0Dl7dN z`jcbB#XR%JkEY>)qdMpil0}jNk@Cn6kznH1H4 zv_4r+gq0_|Mc<~RB^G#}5Oeezv9g5_yrPQ`$eQN1bms_^y5r{9-A@t0S?;I(0KVbT znw9$GC)N2P8JK#um+dm&=i5*Swh{+%zgk5QK2<=Y5Q%)EMiNcuqyJTm{+Xu<`pluG zb+lmgRBR46`JMtVpW)X5aW}{L2V86|6J<+}wdq%8jG=fxu)@DF$JOsLH=fkirEgY6 zlIfbsLDPLVHJEzzD6u2Hj_1~Dia%*~Hgk5Tl3V6yt~Lc8l$#o@i_8&IJj_U}2~!k% zf@@FSLJxJnF6xedU7%0KIR9XXVgTn|vqK9tsbhKSt(rb%@+6g=Q~d#KI3tk*Z4+Tj zd>Pa@*ZIirNl^FZDf&Lxz2PsO_vcb|7O`Q$ctNX8l&_OR5}7&gz%z9)*iZ1_vE+_G zMlD}kRf`D!Q+*RX=9uq_@NBbzj}OFEXNLuj>LMQ_QBCL2JRauRS$tpCVm$k8nvrTr zW&_9lZI(&xHjT)rp}FugIib~bgAAV%=CXMI-8<24Tr*xz+X?x8XnJv}V{Vyw{d{(W zDz+HQG^MX-HJVDra;Gbs`*}^Js z9?)S(rFx%elM7mhJ}zjiu;D`EK&`i`uuWEH`eev3zK;^__(I&v!lD#0owJ?Wej`AqkACb;Deo<>tn?{+?i~JKNUx8i^@Sy^2PJRTX+)$27cM% zB+_fQl((*{sYOp8UKhc7X!*79RiUTjx=~G>Am_u|)-1zCF)sV6{qMi*u@+Dh=ZNz3 zzn>DE33s_~Ml=$txXaz&lHRrWph;1n3r{Jv75I z5^Wl3cdC)s>mFE~na&-t&#CuMuaew(lzyO-yldwM{p7Bx?W}-GbW2Wkp;|-fyHYG3 zl~RVyVG&BLxPIZTX6UKqRQ_AW2b5xjmb^DmoJDb=qw%N5RW&mXwPfyB3keDX zy?=}+{N6W@oqe)DW;KyHr*!OE9b&P|$Ms@K|Kz=0?Df5%p_e&7KYj=jcJ#P6U^E+I z^B8Y|gKx%*O~L&WEerXI=3cK#8D%0}d$NV;Yg%W<10tlu%tgvKm;@~(NYo|Jv8ylq zIt#~&pY(39X*c91hPD<FsGn*g-rxU3 z`8;eiTtv~*R0!JFm-S($39bZ5Wj>MvQ>w55ax)TO9G~J5>UYtov~DIUMaq16mZfLZ zjfEX_BN8IC6xb?=w5Jj2+SX)bO+_OEwf+rNiAl^k$W1Bbr1uf`vuq4e%9KTLj`d6I zGZ&s4*U_akj@Dam4loZkeqK@NJc&V{3aco}F{TYnyp8HzDRv;28YdV5=dWofWy&N? zEbC}$#(iUDtkhhtVj=2-NN8~eHj}$Xfc?^U6$v^nGZ?lO$&-CC+%5P<-cnr~F7ATd zqlaRuT1qSt`3jTHDfHMWJM7!O%N?YFW5Wi7)Gw`7(-0b1dOtUo1dhxpMG7vY35eJv zyscilbz{SD$89xniI&C&~`K@$bK&3dT#1 zWU7Wq7UU@USXd^P_<^$F8}@0D+f8IDsurF3OEahSursbcyC!p&5 z8O6lS@SpO2^~d zquj(B8&2%bizyy2OXVG`cPcM4u&Ir%&`36WCbH=k#R`*aTw?J8E>KcS#;4Vy9%ps& z;e1KlCV{&INlWnT4YK~Z=9x`k(b1b&bN05ZCP%)prX8fNLfoaVP6w>1ZhmVQ3S>q!jusw#?O1yO+u9F1JFTE?dvy zxVpp)JfowLCmHwMO3DuoO%kQydO)sfs)p-4(ltgAl{Ija|5}>VjZoVN3VFFn$By)mKX?^7-?My=N=lfws;jX{e4TAX@9e8s_VnpM*BUE57}}C z5!fg<)WrhvVDNMcB~e_-ghi0|5jWJ*C)7T`dCA+sOPB~eA*(U)H8p&suD+&G&Ol83 zeo5*rI>M$>zV-uaD^1mwXW{rxCDEF-l6~8!Jx`75c(y->+kccE!}$C@90h0dP2KJK z0*7Kd65JFob!OLXcftQrcGY1~ZC{%%0Z9Qx1ZkvaC_%a;l}19kyIVj)N*a`sPU%uW zknWZa32BfNP!PUh26Qm4zwe*>oM*Uet$p@hd!6lh-}A0#hz@+$+K75>(PVAj1S@HV zxd5B%72Zt`7_qI{3Qg;0klo(8{w@6Ld#^aGIZiS2`z9XEY$+ydYjDDu8KcG(!){h@ zrbuSl>uvf^lC6&3H6->PVl-;FJd}O;)@MDH!VEC;WMefEw|gQ8Z=N@uknQ01E#bhU zmKtF+uBUYM$!f~Svfp>+Ue_Z!D_=QzjMl2KNZ?1vzNasvZU(Pp!hIcF)H!p;@aQ&p z_Q=S5uL>McCFfq}W>pFuPbYRtEL>e$ZoZjSPm<-83VZt%zH4uIAYR(MT(sP_`oNt8 z^XkbXtY;oy>^n%Bo6JCuAzqmR9e2`&Se+-&n|FIROSzDzeMeX+F0h;s%>n#>5{*%_Ftp0X_@qT%`yMTl*~z^cji8L-lxcxsm&kjN)(UDaUBI_^0J z530#KsYRBE0T?m@eBmR8Z)`;FU_X_YE9YSNwI=6IC^Kk=;8@>hvOL`0dqcz}CnshVjCX3< z72GG=s6%r7y4SXY5H{svMf*|(36|WD6A93~+X7b~PC{4_IfuY&UJFiJM>BzjSl%_KDaOS-fy+D4URSvZDR3Qu!DoRpY@0BZH>N{*5T}W zMd6Eh;v(@$E>N2~?j5zCT0LG`#3FFV4X3efC^5lHXNi9uIo%fvg%Orjy;dl-_`B{Z z`lws?wAPG}PXfBNqsP0`uw=ul;-VXf_VO=U(7I7-L}Jx(u8yuVzC@TYL3^%3{bmtx zpMB}!WSSnn`QSUc`1U*X_ae)K>6K&2>vm6JVz8*9*YNB(N%$M7;{sRGa-PzE2=wX) zXxS`&5aM4svl!2qJm$XstiFdcFzi}Y1b}w|?tjMI*Lp`AxfjJU8 zZ%Tmb#dy*8sZ`Q>>2g4s3i5dA){UAyn5w*SaYuJpmWgY^QvI$#4DMk}*w+$s-dViE zK=Sstz#BRaz^;84Q0JUr(~|#6l{F>s6O0Ta;z<%K*Zcnc2<9->S0Uorv6ej?6M6AI^;E6N zsQSVv6~2#5UsMdmWikjLTuJhL@E)FMcCM=WtpxTsJg&yjmt1KULiVOkgy83gWgov7 zY&_MiGO8(M=rokSi8?VV_ehbenm;=!Z2ktn%~vb`>#vOgr;Jtmj@W`uEgGYeefoYJ z+mbcd<_5{{6#x&C??v+Az>9V_@ITw4tFRodYnSHg8MvPWf2V2cMf@u51be}wQY7yt z{4GiyufQm;+54|Y3A^1|Sfa6ZY!2TK^DLupDDhN%aFNN04@BBe3p8KEkJmj8T9DZp z6i|My?+}IQhjLhW(_Iztu^Y}e5k9br?B)*51L7TfSUh6*On&{2yHk8d3lCid8l5EU zpJdp4!sDA$GfEpAeWM9SzgKjdX@6?48)9sCFxXXzTB?{m~Vep@m{?MG`L0BC+U zJ=ThDOWwS--Vx^XXq}AI@dMJZu_iWhx`bWBgv3hgc&ReVPrvv-szU$#{@87XT5QhT0A{dgL3tK?;0_L6t-d({v{b8@^*Ve7bG2Y^p6!qSWt*_f3m(#aO zxzj=(Y!dUh2&tOXECEN?JfVHqOTHQ4*;t}FmP;FBl95~S#!1YBv1&R7eKWb?QD#K8 z0>gtbVts-*J>h=!Ej2vErxl&@As?U5&D~@8e!TjAaLQ^p=;7dEn&?%RY!ju?`^8W2 zRtOc5?=>W02|D^9%bTdc-G5jHJgx}FtM|qbC5VCXB|fmKE*bv{|6ukS`eMqb)sLJ? zI@nmR-sxpX9r;DPMBIiAsUYq*5~tR9^s*vm-PSS<5iXEC*b}#BT$^e1gvFk{@M|2G z!92F0gdZn&-Sm@Z4@!q%71Q2znAX5q`o6XnkTRA~TQEy#W!w%9Z_j#dnTDm)oYbFb zmYViPOf?YC-&K)a9%cg1swC#&{)dIO&0{`(4xjsd_YiZQA@^+sXm#DHyBcr$#rz?Q zz%8Zjyp{0`*n}d=@+la#e4lGI)=Z(Q_d;8xfLB{R_FpyQG23H@ObIZ)=qx%&bc~@v z&9U>lw)Wokn#a>vlJ}O1H@@cc%^6%7L7{aC<;D`S+YZMP-^uebEXVNA5r^1j{Sg&8&L%#KLP zM~V#j7S6>?p@qBi1|xRnb-~nge(n0zg>P@t>whW=j*e^J+NTeFsPqW-4h&VP-87cAh1mw;l)Rd49L1eR=Ib}fC97L?>UQvUAPL8GcjUj2l8Ucs zk)b6`*^g9rPhgtt9e>?;+8AyX15W%J&r!#f<=PiubT+_BYz02 znsEL`^1m28K+a2y9_T*y|7pf`*$nEH^naPLF<&-=#-E`;9qRj-L zARl2u{Xd|0_P=1rVBL%JDFDB6heCBgUktOJf5i^zKX%E}WmM<4UT@H-4n**Q`43K@ zQ5^tS#shjRAf)gIj12l%ngekD{WkV)r!UDMH^#-`;^#*|4)j7Naf$lEDI}ktT6ZOBqJCJA> zGy4OZ0bG3G4}fZj27qY0{7M^wjPnmJAn*M_OY;+y{;Lb9O#Vq50zepCXRG@Yl>V!W z{{*E05SZ=E6&Q&J&*5KPK|y{X9t#*8KA-zbdHx5~1mgaDGA=kjf3f`)HG$mjPh0TE z>F108@3>IO2#O2Frv764dt9hw1lfYYsq^gncU&k&1jrUlqxg&M?{T3(y$jCIdHVl5 zE>y|9;Qai>_V>6@*#@Oa0>P)CB16?pR^WNY{3NJAYU^)x695*#xY!QA@GgIFZy;M5 zD%LMpH~_4k0qq64YC^a-fADdsXhO?6KqJ=|+#A4oo2GM(uYbDxuabGrz4@mPs4V?a zG9mqhnEz=Dm8EATlNDT6&M21vh~mcCZ)aHn;u!)UG9G6a;4*n$GSAi>OnZbP#6bL< z&-DLPGQrUxo|Oo*(}`P^Sh@;{Z#A94|3?L&yH(O+zT+se?|5g=?F zyfMxf|KD+;k`ZJJrtkg5_V>6@$q2HAJR*KJar!S{9ROb3^Th|*f~7UiGxygq{~q^J z$%OES&eQ)_+h2JEki7gE7xIYs*+2?<%)iHl$~Ned2`PeSya~t^RLO+!hX4>En#+T` ze9{E`#tw%*X|jWemFL?Ryt%=iz{i1K`9lEcmTusJ#|ow51fi5NLk?A!oLnlJmq_7Y z!XorZ6Qtq<0COwlK##h=j_R_*U(4qC(G`5sg!C`{_n@FM^+(x+Jmddu3zey7WfQ_m z2bawYUOM1{mkxmDrJv8#F9%F$j`;snEx|#4FLf7;Z~zn|9B|H^1%-sBEJB9&2N&RH z@!5);O)-R*{#O@J`3rd#LNmev7mRQK6eIkvuAr(W=;U$6A3C46%SrybKp({Wj~xiv zfRHKw)%3Rwc$p6lIif*Px_=x-{t)#t9UO8(`?KlqQK1qKbh?9-IVeW=#XkH~S^tF% z4k>egw*5Ws#i{a)KLlB3&;@vz&xl0euo^%3LjY*$?*HHq0l7FY^M@uZh+DDUmz0Ak z`NxWj8w+Y>;LEfg?twmMW1c}gCcTcNj15oOBSFR?o=_u&Hf8MN<1w|iwj-Tpn_&`hJ;J6IEvcE5V+BV&7&7d?%E4-wFjHxq)O^)tMs6qO z=LNm`nR&NKpR~HnGgc^YN0l+(VF5=plCja56nT&Q&3Ec=GF&-38RfdQ5owIEJ&Yk`h9^Bm!B!S2KnyBDdrJo?%n6l9s4uuv3X0RrM8s9_bEqv7Nd@ixjS zWIH)?;rwlG9fvWfA5FQP@~X;-^-4%IZN4uuy+)oS4YsJy3yB>Jq)ooNf^G69>Sg#e@^S9uyRS)aHul4EY6@1CqPXpTY^%3`aHcRHPa(!^(z{9 zrRx{3=e{~Q^Pae9r@=U`m@A@wrj)7NSWlb<-6YDEf_v?y4Kq6>{S@;}U6-g^_QA$^ zC)}-snf2{N!L$!;0yaO8z&mi^aM8ZlCi0X9wp;<&m2mdAjlz#l?xJ69=$Z~uV-%SNmCtB`DxE8q+xr3Gv0157ZnodR zgQ6KjE{B$O*JuQ}US>wnThYN6#gufPzT+uXRrg7%%9BQ8tnLosQ_4f4d^lNnrB@|f5TDfCFT)3+2*C>g8yS=0FCA?ep7i(6AvmEnh{#r&w30l#y;?fwDTjeNMU zQtJ2@r;q$ju}zL0Y+H0dq%1eOKC{8mz!Mgo zkV=ITCJ}?G2gpR@mS3{{Uohke!X6rKN3LyQp0LI`kD>9A65&wsb`|n-X)(6lq7fVu z<R;7z}=+y6tMQFamV0SnabbE94`ILIU>#RVH;{*d^9%m@hnqqti zVPs%!YfC$e&RaJ$e6w!UeM4`-4h^606dHG9Ix|akQn&D8J*dpmOUaQaWSx20!=2?L z6WZH6_iT85k7Y#eXGX8hS4A|8QC057j@~Qy%BmU-yRDUFsIM%MoLNXTmO-!LWhKl2lal?-DuMkq%N!=U3_Nd!?4M(cs8#d0Ee(h--5M8ROc%Oc+??d#+&2rJt6mQXXZl9v5=7^gw30riR zp>_AJV2#8aHY?Jn)30wQtXr(&Oyd&Y!nF|J-{se*MQ4bdd_+Ax81f}}0!fW&di_LV zYv91>R=_ul_1COslLR!kWYXs+N;fB__vAIFOEmrPCWX1N@y9(DoxjGzzUclS_?@h+ zDHx%O4h?YEys=P>h;XYKmYmgI*v~-w>kzE=KtDdQS&xFQO%6M&U{jvjt^KYa(EgV~1c4F32Mctf2;VS+h2NQ$$q3Pr zQ4Ci%3lLb?kjHZzJ$@V+zD=TvF+5i*YJg^?(*OYOKMa)lP{2x4sMGKUlO}-4EgI3- zDb=-|#ESRI_1*hSh5~OrIAIeq0Il=7;n#Gv;lDmp!I_j`9u(ig*Q?z|AwJZ#N`~p& zgXQFZX^)2$m>7E}HnOux`|}hHVNw}UUt~GE9`TE!8KDY0iABUjTcr+7&Qu1z5!%qk z*kUOSp2ou3o;=m2M%{>UsrcKd2!L&PLA8EybPGe^qK2Sk{U~)?!+1~D>~s1i#C!ud zY}Y4raHJfMb;4BzQ&&dQTRpE~+aj3wO3v@Tdw3^Q$h>%$l_buHw>vD=esMp8M~oym z^{(1ghio}JRf$}s!+Hss-LLc2c^V;dt}V~%M|nliJB)Zt1f$hN^$1((MX(REdxc-yi1nRS`e64+ zUWG7bA$Q{yd>Z5~5mkJW#Z`-SCoeSF39NZCJH{XdDn$7hlIdcz!Z<{@c%ds*=_u6^ z9^r0{r=Y^#xM6AUJ3XaiGLU%$s_R!d-ENrqG;{DyBDY!;EWg_#ovz*}d1p+Q?pN+dTrio0)657XRr~g*`NJ{$E>D4cagXEPV!kb5T zTv)xP5`BSl{^?XjtxJwN z5LSL=S=0Ace>JmavOt`wyg~Gie%_h~>%&uX$4Ddp`!8IpB)g)j`d{6Z>I>J}*C|=> zz6R*{LXMX8DZFR!$PXFI88NUau&L(SkD@*3VK@>8~I|X zZ-JJ_CbBaKDcOWg2tF;CDm7EODmW3f;c;o3oJzO4da1Y0{_vH+9w}VH6xlv%YLGM@ zn=!le7T+mr9F@JVX-OhE*8q7hg#c>_yRlz-%gZ9^HeZc7AzjmnwO}k;v$jXqW?m3H zo*J=o)F0c{Het*uWV4?yk)e<_1mmjMotia*!`Fg~7a8UKevK0BMxjMl+ z?^`rcV)(%<6xgsuiG1dyD)EV;Gq8{89$lYSWQn!$ZoWRJ*GXhsjx3CuZWD-*e~Pr@;v6V>k{845#sxpx!&u9e2@va?u(cr+*@y9#8RWgOa0WR@WCn3Rlq)V zYXYx$H4QR+gd6iKpIA6isW^wZk5NQg6nWzGg`IvS@e0m6G=uB%Uhwg#=Zs zbYgyfl&!r;bsEQ&3H!S&kfCyI3 zlXUqd>NkjN*%co>SnBJ=M7gGEpv3LX&_z@wZNjfoq2C>)QM*hKCn};gkc<~Ish9Y8 z^hk3cxIHARj}}vJ{d+-QQyc32YvgmdGRLq&leAnnI+T?i0-5gPYJB2`KTu@_6+n zaU`87a>W=4p=nHq_72I!65Xvwb7rfzhxEe?dor$2&)@tgua>K>Cz*-C(jRiazk~&g zwNNZrs<-+BhEw{fGv!ie=_kpiX?N6j93M{)7p>e539+-|iM^oP$E5q&kqZpDL_xfdnB`w^RXpJ`Z;85YL z+|t=*f8#shL68X)ZZ|KRYRH1)I@H~I`b@w<3eM-F=$B1Yq2L-mGB$@Q?Ocny+yoKi zlMj-p?71XGsZe{H9W)UwtC6P74^(F?M!e!>oc+}zh{J}9DC6QXyrj8b8K<Regb=r zsBA_MU3@Q-O?u!{l^dKhJEJtxl}a|&qmT#E7pm13eN^ZXtN;$F8)#!O9>Jf^6i1N> zs4-?SXk?p}`rpodr*n@#Mj?c+Ff9$w)%aD0*NgT;t^@akIR!Um5v%)5p4O>iT6k~A zy)|L&Ja!B%A999i9%MGrb6FvBPCg-=QTMm=o4SIJNNFwh?l= zdrC~E7l*ho*zr`%{&^NwvVfPftX}kU<2?+w&H$8c(eW5t?H)hcu)g%--JOSpatwT> zV+?|)t3(y)fqUU8--J5@Ldk;T+u*7baRM+8Ow7hUQxQs1>I6RsiW<`ALfL#9*F|R) zs0YaYDru>+1@{SK?(qqSPx=bo-6q?Qw*?KHnzHRlVba2ndx40q$t0yb$QeiKZk(uB zPn$&yfG#%yaag?!dpjERjJRasbGrqSUC)-E);B&jMbST_qYjsyB%Us#RhX&kb&6v- zUlG#D$4Y+j-N%yA{qXr+f1D&LYJJ?L*iRjy`jqJve&k3t@Jmw&p)3^>G|MLlr?#bl zDY>z(suJ3G1nC2XAl`s+zzs$d?Ck8Vr3VTnhG^Pxg&AEuI{WAaeu~ePxHZucy(Lb0 z84?ODl4N3{g9?h7^4K;^lUFNLI!068Ul}abI~=`_Xh~lq>-3Qd+1iVqld6hEoAQ~t zN?w~Q;vjP-@Y7?Sfzz5f)Xv8n^zRVoc02?z>Q1-2XAienwEGqbfhoZ#0>~8E_wd={ z_QFWL5qrIgwy!SGTFN%I`rAoV^S{kqGl}idUJe^CR%>x);X=vHGWJSh))$VCLXvT3 z%vOP^9-Q+nd)>Ym1*%UClpaielhMV?m^u#^<5XBba%higp$3y2;h-M$Hm+=MX>YN) zeE+sm+0DK2P1;g`WTWNfEp|uC)1$S<#m~3=pSlH{m_1o+&5~+HNP`Azuea`4))N-Stz^OJPlPJ~Sf}Rv)%br=pn#XU zF9N`-HvfwmJ2Z0&09G6NU(7fzn?a+TP=u?WqyWeZaVQiF01<2gfN>>=XvdG2=D)yT zzsYSt!C;_n7Az170yBgkbP2(_M7RR{rnv##iwpc3{!czGfmYDn5Ftn!gdPQ^4uB{@ z9Ot_J=MdOW6!7BSE_;K5prDBeUA}pSVkT z`6pQDvhoI`S=3)_e}jdP6K-Y}D1 zz}pa(%^AXfahI2?&2NGmP}K&!K+NadMraq8$^*EO;YDtrLGI^TZs1~b#_fc(5<9Oo zzmMmVvrAGNQ20H#)|?l=f4MlD-iz^^ZILs9pmWOAzf8~O=-l+I(wxgBob7gqV#C>Q z;N5<90p>GYx~*R-4Yc;g|5RzfL7;{XYEpR?8=}#1Hk05rgzW7f>vr-FrX?8M5E(u0)BF{0Dl_|6mAdV%0PAxWa6Om|Eya6)(#Ki z{`^irwvcM^XWQR)-et`Vu%g)c!u>PsWz7u;G43z6zlFW5xdCA$K}mgF?7%-Wp42AW9^P6ntd1ETQ#AZ&vl zU}r-;_xUR!5}H~M=D=_OK-=tmaRoVm5R&qbcHQSxXXxQv zb_kW15Qkjg6o;^Szz+!KfBJwTlKf=#fK&Y6wongqP@w@r`dpsvR3NysA&3JBgtX5* zy8zG5d7**K)a610F+We9|E17Cf;Wk!U{+m4YU@+`LTOfG zJD+S5Dbf{As$k6o8 zjfJW8K=LvOo93@Qw%BcrB)reuc%90$tLW`|Sll4puq+_~L?dLHuy!65L$v3Qmhk|dwL>5y; zG;-N{5*w5p7Wlt6_Wn4Kfrj91*~To$$uQ>Ja|kCsxN>NeN%`39&J)^ZU{ z#;{cxofR6Y02_UVvleUfOG+x-YYy$aFx1r&9IuEu(0!1wclOg#^X$hkR;k9 zXxQ*k@o8>j6VXI036nRN*5;F(62~NCC)?19_z-CJ8Zo6KBc>%<()e9ZtbRp<&hUg! z;)5jQ{Ebgl)5CGfrnEF4eUbsSDGwU2VmQjqjiNm+H>vz$A1t+cKj>b!V(yR}E<>0% z+4DT9yUV^^MFR)ip&R}3P`XcQ4e43hg>Zq_e zjRO>YAS`g_k>CedO%81;bYWjcOJZ&nn(jBc6liWY7Q@0*uF^h0O5UQliV^Ac9UZ0K z6ov&>{C37S8Ij%O>tom7S_&JQtL6^hXgA<&#WEN5T$n6Mko2`da!-HX*-=(Oy@~_d zmg0o=kgj12hCml3k|7#h13s9Q;X{@He}j$I$Gb(Z#mkUwW!n9j1sUUx@vmse!rk0X zV8LLF6 zn|$Or#f{5P6D6)$%9a^sqPXdv`UoqFHcgs#Nh0gg`QQUv*I?t^1^;gSVVKHFCceF%t(OkBZXIN`imlq zSWLJs;L-iN;>fwDOV$#uopcXViH|5KHmt0zPc{ZElV*`+lhk<|TVrp;+(=lo(6YhB?-n?I)oj4s5|BaIey{a0pe4#v zg0CYu=5vQrNVO^a?owrW(fkcW-EY{s;_w62>2K{B?ujzlC2D4$h_uO52S$-@Ipiy6 zkyqq?Tq=)#{b*~0nw*hOn3wePSEHyZ6w@NW)hP&OX;Hdsf+<;lD#vs0kT z3-)e7?J*fAhZ|X#)rs+yNFePa?tY)`I2A#m*daoWxKz(hUgN?>wMgyMd;Lo-acQ~S z%LGbS{XmUQan-8<4y4<>iwg@17YLbli+c`eRCQxXj1?5w7p^9jtbG2=`}IL<#$?s~*r-hdv}!R!t$?)~Qf1yF z_@C^k1k^`%0DY;iA3KG&Oy|XY;~e^s>o5m+y>E;5u0t=TtGX>JH~v2Al*zO34GFj* zm34t(g_|FnLwWfnMT}z7c8rJL*^dAvHLjgD2SnH525b`TrZz{t^UkJ8Ordy6yH$K$ z6CZf6w*i~P;ng;~EcH}gN$85Vl3{0BlQvsm&BQ)W$B=s=@@#YEheW~#4Ex)OqzB(# z6TJSVM>xvinu6*YtKHzDGo_PF*$oy?2ZQXIYT09J&L5J zM{d#}FgBW;=+q6*Ym|t%@(v!u(Y9!3SnUs7zlzdpb2|7sCi}r^RNN!Gkz?l_Zo=p_ z(l=CMo$osp(zV<~eKUUfDlL`umorgkYM z5~wbTm{>X#H4N|jg%uWTbyd3f*Vol2Yk#>r%`5W#$&HB>_LCqc$Ns}9jg0jcuS2Ar zMn@r4tCU0}?%9;sLKTO+eU*C2aZsMxs(!4_K_tM`)Si`Y_B6QXtwd$Lv zupb{eQIc-OV~V=(275#S8?$9MxL&eLGq9TNT$yenUXTt3YzR|pRNM%l{Hoxne23MG zc+m2C9hRSZU0CvZtASUYG=CoOx|lD|-4FFN=tc&-pP8LT-|r!LQLYueexpg`oVWb; zX^UvDpOUKreq5yBhW!S8PvW$4#ZFp^!n*rDd>?noTdC-K3(rcwuh88Lk1g3Go3tJ& zLCHHjKxQOUE2z9LR(rdpQfP+bBVS!r?biSrBUiNCh~}pE%rGTmS6g!3(7Vv@fBo#t zY=_V)!fxrnH`RChvsW6jN)URMKAm+5vw_L_0IZ=ysvOey%BXZYA|Euj4N{_NggO#R z*Lv=*H<)>1Y3dXU-=3x>?j2E9DGE&K# zC-hevta-9KDc;G?M~vIz20sfSSD5U56j4j8FNYkx`(}jJVUlDpVEG}!>#e5P8lN&4 zz~_ZS)$3zPQ>M{(iz^%-;geGtJmY98_jOQgOPd)9=BJokWHBh7^~`hN-$U2XeZ}P? zfo*wE-_$bffl!*!&9JZgGUU^}z;XM;k2K}6*WQSM{)u+z(QL#cZku3rsG^GGjPB}t z4AelfCw5)C%LEu*pNvS<<9(H=XnJi{OJ?O6dTUe^`f&-Dri8Ug>CnR-vk^guNTNK< zSj-YV#ITvrc3T~uJ6y7dL9Yrc7%-}2pVAwLabeh?m<(uM9j~XbB_W9xlAWC0lyjZ} zymQua@iclry8bxbeKg@Cf@{z07ggcPX>&l9V!`LA8Wah--QX7UfD$bJ#c*D(6rI*p zp2}!Eb7`^_TP%AnVk_>CmfVlL+&u>bX8I*exw$O3PFvl|H(El7`w!fjoo+gD1^DYc zZXlT-)M^EJiz?XtmMD?~ZtDZi zxkhDfRTYZbuALWV>zVxTUzyS94YJXRm*Y`}B&aWJN-dE4Qw(q2uM6EA88&$0Aj1=tX`o!_4m!2s(Twl}3_Ra>bZyTi;vG zwO;jHIvU0BKV&-L6sEbSPHx%sbSo%@>6WsYrC;jPLZQtvk>~Z>5oxg^v*yngXQi@+ zqushwfrFME_F?9fo8p;@2iKZ-1VizPLuIF%<=h9^0ePnF`eI5QQSO6g3^XaJ6+y@p%zB<~FQ+%JV-;tS5F%uzV~tmEpnJq$#fU zL3%GWWuF(4lk%PKyI^jYF0Op)vD(1!6+vdgr;_)b6K#mK#M9i{tJwgsdqZ#RkhSry zJygHvvUPxRXj~x#6p`BS{ffaRWa1NI9$6S1T(F+-Nj)BpB%0<`^PTAk?nad2byib; z!RXS$;aW1J_11$KtI72733DRvy;8q*^nU4B&l6%?)l!>x^sszg<}gN!pK!F|ZI#^O z^VQ{ao~9OkR;cIiUf3s9z0EhsgXY6pyG}Fl_7T^^sT#G1MSvQ_VEk_Zje`|wG3|#A zRLaUQnJK+I)VVn$59Na}5Uu48<&}DYFP(Lgz7cI3pFZeLpzqbKHDlIOSzp|$(qmFY znV_n&E?G(!$qVnmxu3itg-R7o!Im&=X%iFQZxa4D6@h&P}Lvt~BvR&P522%dr zc>>CZyQvmV%}a6Yz=;+A2f>mFQ+JQHV-fLSFls&Fsv|=Cd6P#S7A@!~DgcHT= zm6~4qyiYIrp(g2y!4<+GOpl&b^TRLXwbOG?28?eBH}wY~yU|8Z>IsRjSf%7t8VN_-*P)?aF>|2VZ3T8hFHMJNhD~!n6?lL zM>_pQ$%*bGvk*>+4gLX?o0f%Wb9Y|yVT;u+`VKt^UkQJ7AWtVm?PQ}L$ez)#=j*cb zwuJ1+3_;6QKBaI`O(~~yJJqYT!=<|r(?CNwfsPq&gQY7expcwI&u3LlWi~12d+4Th zMQ2QIUUfV0kR=q>(E=SfA+E-LB35@Qp0mEyOq3^YBsb(S<9JxErj|wJZ!Brn9Xn0s z$@6i5EAP=Yi&U3E+j;5U9&;C2jXkFTtgHPtkJjv}O^Mf(7}@1Ts3NgNaO@n4y6P)mXA=G(d{M>5d#bz*5vh~#c9@!c5z=Q+kobMezd zwHyq~2IOf=-H%4iuISR#)w%F<$Pk(l5CVsX1mYWM{Z(evUmGVp%y_WH36%Z%lxGws z?)rBdWykIAn@cV2lsy@doP;?i>ExdeAJ#_J5--c+rn|MY-8Z|26jCLs8j0&@h9^tp zK{s41$=K2VQh~0#uR9O1QC0m5M$wxMdWr~n6c##}nfA?alo1~Gn%lXIw_x}Y=Vn6Q ztohnku3V{UOTW!;&S}+nJRob~b9gt^y7e^)t+7~T5g)dSS@Z~g&7{sq06NQ8)(X=8 zvNcBcyL|$0Sd5e-O1W)V#PNvjOJcoI*67Wg!}=1b@Q8}iVDrkd$Fa<>aw=zd9|}Bn zcxY8+a?8CoV3YSXM@m&Fk^c%mA7-)C)sYqTW7s;^1p0JT!fAfnF9l6VEvt4Bv?6#+ zc+;QgGZFd=0eERz*Ck%W6>~iN04MXV(7hptY|c04qm?X6weP5p3T|JqbhM}(Pe+}( zToRWR0`E8U67Hq6!h46qMLjtP#;|y)z1dTVFp{6C{Y=F<+IScBTRfLzw9?y`$!n0J zRcZqj!?qRM4r9geqCR4cS$W9iD@3wRWV3fC5rI`LWd@sg- zZM1_XnPnwgbgcb$po*>e&JD>4v5n92Bhj8mZ}^S@x)!c}*BQ`XGOVkyhY}PBrQ+-q zr{l;Fp}*oa>{>>%ljxgqtVIcUITD!E9$X?BWhSwsEz_wNldeM1_2tn*+;<6DLq=); z&=JLFHFs>@(}wHLF~_&tAF=l^*m-8wuTzio-wLb}O_mdUyz=Bugpolmv2L7)>X7tR zxTm=%6z>^YP~bH==I;mEb>9vIy5F(;etrDp_E*LP@#Djy&#d=vqY0G<7GS9JMijEN zVtid&NukCv9HgF;N~W72s%jvJjK9);R|8iojf#$Pio)2!PC`sbxqm~h!5|)f#gBpn z*nzmmkWt(^fsI_KK;BKNY>_74ZGAYdijy=XJe_Vy9bt4m^^rqG%?2J>2PtPxsGwrh zMglME)C<&5lyv)7Q;W_gzyQ2e2mJ~e1-SbZVfR93PDsA6no``sK|N`{6)DUrJ0M=c zo*W(}(l4GC$Wkm>=`TS$y};W3QlGf5+*xmo-#mosz6Q@T7||naCy522@BON#efc}| zL!U4c9e@iXnOTGHi2XE?2M$?%?GtE{kTY`)WDnXI#Ry+ zFL1bHomL)oTVYe%c0|B@QKWHe5p*W9ZP-P9(#Cq-cD@t+Ryn?BcFEw*J6FPe#}N)8 zsr93SgHuh7ao*S7$SHHm?~a`9w^#UHSt=9oX`bpnc|)>);6Kz{t^KC<>zDo5p@rt7 zBkeb*BfW+uvvHZ9X9g5(OhKQjQXeRcJ^42E1d$NNjoXg*Ph1!vSmx#Yt?z$wVJ@{3 z1A-+^{ueVKG^qs$7DPEWyZFZQ96R{u8*uPD`k%I7eDyE3zr6tmV+B8L!SLKUc=7MJ zP%r*LV+Moyf3f{NF7zA!pJ>-lD!@4a1%-C8o`1^@hLOOa`VWxm7u6&nSUBhWu0Vg& z7uPp7G_pHGE@hddw4E*O?U>~4v~BF}Tj=RqfPM#kk^1v>KUi$%+!%~1fqF!MfKyIT z_%mb&@+mzC*I)$`0L}p&2pQlP!UzzohxEHEu)q<>6r@CM; zK>YtQ6~AM!5cfY88N%53i|ua<1+8BK!f(MKED)kc^v?tV&(P1fU_kCKw!g=P0`WyG z^v+ib2w>!3I}^$Jv81ewAm+}GWrbcxuw)1H zIDz&8#jH4+j6b@7Mk#@pluE#42)3UnB^a6hAAI}@=7R()&cJ*KdFu?V{2zS$hL%En zoH0Bg!2JK<13C-UIM~2=FeroBAe-{+;w%dI7cj5j>=!VeM#{ksfk)3a%#T3wO!E4= zc9&KS3R4AbH?|8#6x;cS=b&G}h&agcMZ+bw3l10CPY&0AM7X4M0*V0n3LoSTA_8!B zaWQm=5CP~H@Q43rclA@{;J+fAZQ+Z&2SvCL#9_M-#9@O7;(+{J$h)vX$HP2@00%c}{pv)jQ7w{|Fg_0Q?L`vf9Pv9l`R|M$d4ysiUY5}NLLD)2B7hoFB z*~K}R26)i`2Kci9%zw?&rAGh<5JHv$`C|v~$+L@#2oOHr*)L$W&e_HPbPv$1FVHle-N-=~YdUo-ny#Lod{JJlpcom>E0)X}>NSOi%Q6&P`OYjZ+ zDw+Zr5OkFRHI};A-=KkC^p6BW^^d%8D$jJO+WaQt0+Q7ELHl6=jRn#_lJxhHfww7W zWS8ARZAS>j;^!Tbf|V#P#_>0n24qGr?(J+WXG|{0Aq8q){umv+2Ir<{1dE>yK7kOG zlC$3~lH@{21qj*DmuCJKrp5oauO}oL^gV#dqd0?aYDHOGJ}s3 zkb-jN0$kSq+XYlUgDI>K7Z+6u2&q#4?c&#j1#w2s(t{mxxVb2SKu8JvZ&y&ylM80o z`P~2WWB_)5J{cfe$k7q9Zok_8b~3o!&=W%K0{)aV`FSY(!%66}fD44l_7~gV;$Bv8 z0du>~lke9d|0?Wa6D&Dm)oCxuT)=vIpnb$;rOGzmvp8ZZ`~2jjP=0DZ6Mk9akb;M^U&zpRO~3McYk%jEFIJ-q`GVGN8dB`7{0H0H z{u{4C)0Z=tr@MRiZU#S!!X?CN@`Q! zh>(jy8bXPdzYTwu80`@ADY{l$sLh8lI6vkXD}+RQJ*nlr;Vf#G4CzWQk~9h|Z;{Bl zXrbclou~bKhJ-c)1GGj>IVfm3_Usw{$8ucJx6Io~mXFwt2w|gude1&)krB&2UC0;P z*ikbKw3U##kt|$B84IsJ-V!;naNm%CwFbcb2A-mHu6DJ7k$HUp` zP4JGLuy#FPQSp%Z6OJS;DguViXH8U9{&cA*#1a_aIXPw|oq!Pe5S%*#%)#iH4S3Sm zGH#QFJtY@^O@V176izowL&cy<+IJ&gO}{L#-nWV>t-#!GT4K#BavT0hTR~+V^G4}A z=D2pfnRs$H7`?%g6=d8G&8J3cE#xW%<0TB<5A_tdZf~imXpAPC`FgKTRJBlagg-Ks zhPxB);NK(Kk2lVS4c;K_Ys3zp2xbW^?d8yyB-LE-VP$USD?sF1uv3`7SP%>;}yIn2*D6E9gM$s!^gWsO5p|q`nwzE?*y{z1zgl? zq>R4mM<13*xT#X|`YFOOAqtsBRbtKDwFnw#nT)<}NR;7=IM$e{OZ34{lw0|(bER*_ zfQDXWNj_D^0*qRyQfP6yDg(U&=(9U(?G*T!2r&^-I=XD6aCrt}!|p(`;;W-d+DF=b z2V=_oIPcMfS9sYgJN6aD<)U5mirY2cX6lu-@!U6P5{DmgleuLi61TV9SRjrY{mtsm zKstM6f%pN+v9@wLZO&n!&l9D5;|HkzMn=a|N)&{X{%YY5`uO7UjZamM)0NWO-Hw+* z|7Ba6R}bGW?7X!ZxYxbE9KV_5C`SFU&fR`0F)7LI;CRAzeb}(Kr)T@iSj-9v`-wCM zHg3W_OsTUyVz%09+RL0{?U0{Tvcwk#EOQqeG~B>UUuAII*Gsg%0%K~ISpztxE%BLU zLTeyHU!+TlLOX4L?U)y&Sf<<7lhJCnz|(OE=l5l~&Uf!sm}krwfn0i|&YMwtUhkBe zXDzl`627v9X|U)N_h_T_KIFG(5h}HAOVix;@odxWfLCyudcV(v@cOk^VqVED6!??J zj0Gl%v%(*w_Ex{9HI0iD&T_OThazM7dsb$tqbU{2%om4iA_(y-HZ-&uvF#^f%9sSb zNODYDzl(mw?aJYiep$raHjkv{(-b}8)+XK8{7X+zuL%||G_Fj{*+oi?jop&34Se+! zuQbHj$B}Aj@g5J_llSh@wt2Jj{Jp_3ZOrX3Ss}B_Xqlwx9Zhqi?-}U${dja)nwaF5 z(I)Qnlb3WPQd`!0LM6v=?6W zhSR9)%r<9zPB^Qs{wiJQ|1oyeaaC?jmk#OfE|HLKknZjlkd`iKkWOikly2z;k#0~* z>5vBL5Gg<4;JpX+zJC9mpE@&p?=#Pw$60IE-ul>y>_E&4kyn0@%7sq*qF}p#VnmOr zh@Oct09}93Z0)SO%uqy6p=FT36uamn3Y=@gm(cAt@xsFaPX;J-7`t#KwE;*!ERRp# z1utS8H_yxJI*3gyt=Dvr2w7sg=n=dK!I3=MXx^Jb=ysAz5!p$YU-z8}H1Xf$OrzIB z_HOps5C=go6yY%EH{pNuU72m+lT*mIq{M)0PzSSrO^pMZ%+0i#E>H5}Sh19M8vDTSL54ESyxw6PuSgN zpVwvVY?p{sCUoT`T9Cv!n3Q`)xTlUNCNq(@L1u80D?X4?O$}6h`R?GvTjc##(|8kU zMoGQ4%v0vE$0M%en;cDUC52OY@qMgETOUex$mgtj?UM|e&)4hHc?*a3 z22)4;B-XrBEhJnrv{^!|R3eQ=#y(a<&rp~4h%K3CZ5D;6=vwlJU0M0Q5R-U;_f=v( znSs1{Rfgt)p}5N1oF`vgK=w_~rYRxpD*TB?kH_99X5ddhomlBR*3^X8Kd<~&|A<#= zY4An+%1e?)$$shMsMU(?$FUcrO6&`c#x1Tgq)esd@?W9s%6iHYK5RjZWK-l??iQBp zn)Ub7;VT|AGCz~`2zQS@6MD;#qOxOSzSt|-Wfbtjo~{d{RJW=Aid#YI^Oz5HHF>o8 z*DyS{gnY+dg+m5wa*1R5BU@Z8GlBG-rR+BY_qz zoYo%_e=>`~7zd#%qc)qtviDf}U2&u=s`JwT4%tX83VU_(MB~VJuV4wDHNKJes1y}_ z*R&67I1CR_Rp+&Cv*G_xf$f1Ay7Kmq)hDjdB%N^-aMT+@vmMAaFl@YR-;=t#P68|q z%3VmmNCZ_%#;!ceY=m|~?ag5xsxSxnB;~9cpo6=u-*iqhxY#gh)%Z^K>m}X*pBGi`}S}gBX)D58F2T!NYhk(#I>CAMH}L&%C_) zxZ{wvldK6|#y@56TC9E2?CkjcOf7RkT}eLY5foGdV%U*nJ~3iPPo(^A5_GCpZ>q)o zS5FTa*%>+?xOQ*E9vMp66epog+9zleC&)zw@a9S&v?0b2B;Zex#z5ZdN}U8Ak>S`c zmW-3Gtj;FPjGEeOr-kBw;oT*$3wG%59bj%HtD6spa|SVhMQQ1ba#kbNdyBFEphYN4{(Ag+)`F5~i;~qjdXc&fe<=nss~9_n*-3`r`3kp^7JYh+6D8v0 z^(VSaw(sAi3uf(X_*LX2&iM3Mta3PUzwXcuxWc-u7Pu#?0RVbK@NhP+I7oav_@Re9T$E$8uQTn`lkG!UiJ6eXhuQsy2uaOotffIG~zgNrx`VxR475lKEYDE?IhkA z<4_kY?nH_ZisA6@;celu8i%}igh#JNO}PSdGRc=uRXiWOm_F@%eSOs;I~yBHL2RB~ zUz-wE@053g_NHD_PFzZhRO)*Q3U9Rb(G~yM*^wOT-P9=g4aNT)kazVyZ)hCKDscniNj3v5-{ik=kIA?>RA_B1dfy_0JZk__}Kt;6Agn%2BG8 z#^R@BXK@D8%uM2O@%@A$Eon$CNf@Z;?aC2X^Ey0uV`W>Q-K(+=C6C5dRoxB0zh*-Op_ghnlMEuE; z_V7Nbip1F9X;%Q(?R(BE&6PBgK@R?JZmz!yR_fe%6-tsiR z!x>4%9YS6)FQZVmhv2=TMqLS_hZTz@GpWw>MP&Mr#MJE6_E5rSvm-X$&(H+)eGQ@R z31|dXwwW41-b}W2i2ZUV#J)+{7*T{2jPo*RGD{oF(ZX~N% zOfqA&?zl6RfmnT8L3>i2Y2xGw9pJI$fA7mPsu27}%I(Xr6EN96@=o|ufq(r69}a8{{TVkSZsU>j z?%Ahl(iN|I$rYI-ND5Ull$9jpa+??@-7LtIgn~h5d=G^zeqdKMh1yP1yh|o*tAwzj zz`@&+?T+tb;lN-)S`NjGDt7}379|$@f&eYsw$3fmIN&b(BTI1awfq8mGPJZN)5UTH z%T=zX^d~!b_cCPa)eL$J1HLdtK|#|w$L^Rf@wJ3n6N+ixSk8Q??QdtFrzj3F$xfCQ zBF=f}LwIfM%F4o)d>^#)FCIzn({P$e+19Xni%nQjM;olz;Ucj zK2c$ZT4T+>23$mp`($q;pBV*rz;A7eBk|$U_$ID8~sMhqjKa3^1t<0_(F zO=7n2VU{it;49t;24nu>2JAst09nx(=Px=W@;`#_eH z_Or8E_W-U6zoi3ck2yc`y1e<(6IL9=~d!|T;7qZ^WXqzw`u}*EE5Q| zMB2mt?eoU%%Y+sI0(*Iquvb1FB)Dd0Nfw&@Pl$tjxpM_jP-arfJ@K1o0-2M*XO*ff z$49A!@gm8QpLtWJ=7NpCM*Py(`Sw+xY)u%f-OEF>Q}5}Mim!|%uc$TnyyD%U-AY#9 zi`1;rL40qj1({rDTuRtm@bHG*#>X^;^tdu5bU1Y8U*mYsz0uP44cocPfJ|x$sAA{teEG=eI+trszD3+l0fFp%3ZYAD1GiPrF7{^*ua4|>;5Vty&RoGadc#@}z zIL9z~t0uAvWtCL4Uc;FFEWv|K5m+to<8*eDJID z&y70X0$mJa5JKZ*$g6?6Dh*iSFSAQ=L6%s91gG`(<1e+j-)(cs4RXkdPlr#MS?#D# zdV_&0hQf+8#8^VG^C$3q(`;>QgV8($$roql6^Es<$kL)6#@55D?fjHBoD9bGs(Q6( z=X@u)jT?3(Cw7N$+xX$v1g(iFPmG$}=hW%QvrmWRB)?l1+swnANoE%l$OQ# zEpD|cZh=48dd|ENEE=}FQrHE>m6HANm1Jr1L$6$6Ll=j6hiDG%rYx6qB_-$%s&bJA zeGTjturn-@Z*>IZFMQJL(`G-oNSx_oPqc9fprQB9UA)bxg{(FYRwCKiY?i+4Q7L+b ziwgOiAWmZ3P~6!741guk>PQX}~LraUE`*i2Ldm13`&CLb}V@3vHZT%uj* zc4LIR>|2)1ghg551OgVIp7@OI?fq~KSaXWfsSwv|E11Y>m(85~fL_Qi7BZv9F`Asw zs3+yLDE=(xsz*&~{6N(%tThGAUp#jJ9=vyxPy+Bnfm*mbz?bf1G5<>JOXVMaDbq7cEd!?poDq(=*nmy0*>Y_Z<92(>WlMD8RZ0oPS zZF$&!-IY9w?Ob`A%$CotjVfVh>uSA4hHQm zCyOy^Ir!*X{0EN*<~N+)U+%pD0SDo}C;T?1IR0056}v4wk1?m;xSC>gL1 z;K}`KX2CT;cME0xye#TZtGe$HsQLRF=5xm$_`}Zb`vArneu6##y@$WY2LcvuP@g+e z$PM`d(15=Fv!Adq%THLC&ZA5rAuo?#}*RivDR-_tyR0POb?{&rj%!;00t3k0Uu}Pn3k1Ag z+XA3gApGU_OTSIG-!vBhdHL^I0kGCT+x`~!wpRSK1tMkv;@#jzfKR~44?tb%4z9ny zvtOW}TNc5c_h0MgPqh;k=G%0<=jVRa1Xkn#6eyso381k3!NN z^w8Ca_0A9x<{<^Me{P%i!h&;Qx>_qagGcx?+n zX93yw_qacSS->S!fFFoI+x{N+Ucm&sIsvl(Z(#vx`LpH`1AZR3%?H2>^!0~ZuYl5Vx5N826X56Wp#DEKlNFdSezS>d zF`b)504|)nIoE$n%pG&@*OyGdI)8pSH!g0~qF4b0qm5;eWnd{)g>vPw_u|@f$+O z?J{o&A-BI5|6Xv!ddqsgi}2rs5LRZ6dpa=7cZ87nQfwdZrXuG+k6p7MVuKJ@c~Vd) zCVoQUc4SM&$Y-O7?*zVF>%cr#(Rs%#RANY(fe$k_G<1?fe|^6Z*Y__@->%NK*&BC` zj+QSjy1ksNeb%#KQdM#fM;xD~hP}TyD&cmyo_HYo(Y!S@H1s&_MbZ1W!c<&TDr>%* zR`YMKE~*+eQX@95=^#HUxNyWc^6^R+$4?QO@P2^)a9sLe<9czSme;sn6H|d?Cglo~ znUIQ=p*DNkzBzcN2va-xXoZIl7iVu6E|us#?vJu)p+ha#SVIAS(97RiGQRye#Y*Uh&OwfDjUJ0JDB0*HnXX zQEjYeY0AIyE-{!F&QgRQjiHL#HhAOhr$nheKgdXRS|W;`rVxBO5rhKt0eL;{GI#oX zjB!boAO%|{IrC^EVsr>QIjz1I&vFx!dV>OAD$}^*Z(gzd+ka=?Ku6du6!FVcDhJSY#4e}p8D{b+Wj!yC_>@^K$iA0c*>#JJY8lU61M zr+~CvrNUI^!Kmn-2b&1YhGFEAtAr{BMMnsW`ko=UgpvuUGn~WI=_V<8u^bVxJA<>M5jAflt-;ZM$u`mU{atqeIoVp4YUV>rPzK zPViR~bE;0(*Sz>tF*A??FLl9(7jzcg!ewN@nKIX*EBb0#U9#2A zP{!YZVHdfg5Z~b7d>IY(NzdnO+iamT;LMbDFHQb}&TQeGq5B!G^JBFL4e;7>uK`?V zTZ>C&RvWxCIaTo8g35@|mf=gBfYj$iAr#r9@JW4Di%doYD5Y9BW;EXF^Qs1R(tgOZ zO36MacCUk3`1ADZe<*R%VRRuvexx83` zth04;@&qmYAeOt`T0d&}v~N(f!5k}+v{Onz6g0$cb|p1~ zKGZpOz|*Ww?o`XcFyS**UdcfQ7lHR|2(5T;Ust8gLWa}Q`m~HLjHokVEiQCe)E>`8 zsJ^d~2LB1F!oaX+Ox;`OXe8>cL0m9`b65z5&R0*L`Uc`e@ii>lA62Fk3)OtRu+#cp z?x*|sJRTRqF)h@u|0GOZ-xc?)-JOn`F${;gY*nN6v5=_Xxb2hxHbVlp*MOqC(jlmk zbUNo$M}Tv<4?j~Z8KwrMeyGFp(`G3-uL*Fqvv_*fPi<2M2877TEpEoSKD0&n@YQ52 zu~n2rg=&qxn3_pjYDwlocy!}duJR1ZGa?FhQMgHc*@qSZY)tED=-3>4XW}2IugBEW z*veeNaGymn=TOlL@=Xl+`(vH!M%IKCvWD7m%2p7Q4kc;hsO&zY{Mu6jMHGg!wYy)n z6jJkny^p14KdpQzUOOrnNwU)QOH>X5y71JKn2O+1q-TVJ4ONWoAaP&y0@jV<{oE?p zY*(0x@+$Mp>naOLd5ubX8(-90e-6-fuaQU9$c^XI=6K6rwB0VnYuO6rXAfoG@9U{~ z5C>gr9AOJxeno~v{W0N--y;tp+0G4Zw*y4HH-^Jm2psIOjbK~88N7|?c~zm>YKD-- zVUBk0!O<%jdh-sfwO7dXOJrcLa7CLNpORT$t(~*_Q&Xy%tCk>$d1;#@gSp*Ib5v+qTg7u+-_O&!3{5q?38S@;5 zIUW17O1+d*)$B~*$uPcRC!>3djxG08RH~yzr43W6%#D*Qjgu{u*1Kex(e+wd7?ZFX zB;qQ8E~hp5rphTc`p@q1j1Bp@w+pl5EnFC)b8?i(6fKN(+iRhPay$lIKGTzXs#`r< z+2t7^jI($UYi=tBdB{(0XF3syZUviBf;}Fu#S5Jyg2J5l32}sl-<#R*hu#NFfhlT|p{mCNs7M&$a@C`=$v;445HT!nd$5rzP z9^sN4%-0t}``;F14*31G+YTZfvC$3jHfg20PhQjJnmn%#GDl}8C%;2BaTBRg zE#-4fhJU7^<_7(-AQY03kb0cUK6@%8O9er7knTWHIA#{ZUC?(dN>QksoSj5|StApW z5_a%Bsx+j?A!O}Tr;2~|a|U~#FYHq7{*WV`kMHzB(h>KxVUh!Ns(7uWJ7NqTt?yt! zphbl(jgC#T$8i#npsGpn!Gif%z__iBC1W{r@K0&lCRX7DT%sA$@4Fb>0(M7a;E?V~J)xk%uS zsI^iuNLlSkp0_4u45=K*sCB)c&vFRKowc!y()->iP38XmxTscbx0wnCkq*MK*FaEj zJzJ&4k8)xLj#*H#SqtA`pW?lt`}^}N0v*&H673Cqc{&~6mfrB8xW15WZ<)6V97K+s zdWkId$P9ayk7X9w@j5*p60MX)ipFxvTRnk^GxNe(2x#|EppOtET969B<6=IBh;Mnw zgzpVbjR@M7ZYOo2PRw6|BnUQlXnZ-3)m({NV`6>^6Z!<9YQLYLjGE!2AfLI~&bzT$ z+q@s_hvVPyIuZQl57jJ!9Ah6&OP_T=oLQfE7AOayE+U zMfgJ)VJ&RT?xB)ZnWRZiDE}o^u>ATQX?RGHT zS~c?!n&O82gc%!FYB^X9!I3bGF8@?a`0O|G5oL)woC5y8Tklu!6Q6@eKflr_A7@o5br2+Xr& z1a9p%z8tk)KeQ?WH0g#pSk2zSp40Cd{neaoP~Xa0kCMLXR)V@>t&r*+eHe*i>+&b& zGjKU{Nypci-W++7$i{|rtU$tm&s(F?HV?tpx)A+Re39ZM(FcNe32f}7Uy3DOqFZ>O zetHlnN;+Q9$Vq_fW!@m!iSy=#$VGGoG|2FCLNW^+V%pcDNl#M|w^53|RzLQ&(g}=f z&tc*XiL`_SXBUXXKvu!qg*GWT?SxS}N#I?#4O*QV)IImj&aHnm%)$B`Theif-+SCJ zzGKEbh|g9E@39%lytBL~I|FuIoCb-i;Ni+@$7Ui#iA#zeTniVP0URP%8iaNg=)7OB z3W{kV*IwwlU?fzCvZixHM6@zPfGTZ&U8#(lPVwdunt=FgDB($XF!wblnOs66Sc2Z6ni< zxIE?2gk`@+Q{E|iBOl!iq{8;am3z{9pAzka51QrqvV6`+ZgKgt9-GqFtVfiOi)U?8 zm-2~tfkAJXIuX(3@O-OUDu%jPzE}tRRdXs+r>_5Jb0pC)DK`g8QUXuw1A`b%Wyqj* zTg7kf&5*tJhRJZ1R_SISNlp6R(xe_*C#S1oA4kR=mO3D?BaN1FnV63Wp}@FEv&BEY zmL!KE)(K3?@b4HCJY1tl5RT~J0~J1m`;4YLC2Hl|gYvRAKX3d=?#q?7zPDGJKW1Hw zNSpO@lLsv=SwaSeo)crFoH<*1=)LML-DZ^5)4bf1kYZzb%DZ|bsG2*i8hkHh?G z-Jf8UOxfJZIi2^PLI4?ncWL8{lWj{6+F+e!GIyzp~ z`o_`uNH`kA!ImkuWTVP$9B3{q;{%{bH>&;;kKoo4@gpbiYtvTH| zLN!QmEzpNPGrFn>Qbr&oUDGr4QOkY}4K`kqy%fhXBK};LPy9AwZmb=l z(gVnEoFj%6PMs765YZRrU#N1c)}L>mX1x)ZM5m4K$&7O`;X8vm8A}rQii4*vX@N26 zo|!}{?{N?PCVXlJTW^6iq;-7OrlGV+@vZ-nW@G`K>X zy?4G?5O<6GHZCYifK8v)e7b2RIDW5a4_`=`g0yWlu(g^;;_V>8=I_dx#0RVCU$cFp`jQ-S72bR9Lj(dwf{)g@Fae?3+ z-~rOx<~q=hf2R@LDHj0!n`?yS7hvpGP~j)kaD(0h(Xalc5!`|{_x#+W5dhQ}fV}`C zPyim$?=J3vShq3`z#f26u^Se_-AwvV7Qx@#0VU^e#H%|N!Czbei(C8yiQTaX{$_gf z_jjAQLB#Ixts5{3KtQ94}FSgoptIH-2{kl)<;S9Kgj-p$JxhP{jXU z1u#B&lcv|$-p#N*fOf_DQ-$IhG5Uwo@Sht3f-A34^;;If-PzyE@IO7rz>*Nxwt(jt z@V)(N``dGTyWP8kytch1*W7*izuNvve*&D)zqYqS{{Lb7TU=n}ho3BhyX^aW+F-g2at*jz-aceNfq|+efJJa8Bm?wM zelM1{vI;++gA??B1e)MIrvFnSeXO{%-qA(FCY? z+#>it#X(pB;vm<1yOUnI{%}(m?nq2`tNW#B-uk&a?EhEMyp8tr+xfR>0yw2N=L%F~ z0GcDeRlM7E0=ocIyr1GbtN^J5K*jqn7eI*&R5X7o`mh4P_5bYxxM=>n5rFc|%_06j zHgd06-o4}j&iq~${Ha(1UrKrX(gS#m|7`o)WBiX|#0`z$_7~=cMsWLz1w@;wOz@O$}ba`{p{CjdK=p7)FsN6Oo|cy2MDC`jM~Ddu&bpHOOq6`Nk6p zuVp1j5>U~|dwlaJ6Pw3Y#tM{7o?g!+zHj_)JFlaiqN96t5U~?Z#9iQSlD(5sHv7$_ zah|Vfdq{Ww;-tUyd}pP+0SBHoTpYa zP>g3*-?|OTl^sHuoy>BXVlpau>z8|sIk|XRIl1_wYzIgehtKq)P<>%Zj6Rtz(y>n> ziHc-(b|i2v^{*J))}vC?e6=H-mPo*p+N192Q-Y_SbAMm)Rw;*Zz?sohUlZj8Zp_N@ z7{3%VLL1D3x^mN)ycy}Y&NOn?)zM0v4-gmvbRV%sfufcQCU=n6JzvtRdcG{O;S*=D zo5i_sN^cBfM?FKmoNiP%g4TzuL@7l`G}Esz$9D#9sS-QDaj%&Is? z2^Ri3q&?{o+JkVyw|N|#5&@!W?8 z@!Ci~?|K>(uLTURYmneRB^5wX^=TSMTY2%wnGT}7%P_YqYOg|tRAn=f+4v({ZmZ_I zFJU;vO3WrHlp|FQ6N2b$jLpPIu|;5|P_u=`8*s<2nTl^QTpp)5n_6w$0XkVQLhFiSg`4If{FLQeO3CyTmu4AzFFfAPqVOBUx{ z?rqV!h*~ch7-UG(1;$U+em!W|nmTVr%P8$W)sR4@&|#e_#!EkqRSHi>jrY%_pmO95 zE1WEOogFn+Z!U2t5B-+<4a`u2Q#Nc^r(BQgq9Cc1oSY^O6r>*eY>TRfZb7E17_^Rv zDy{@4YJ~tiPggU(s-q1i{*lsTR6iqQkFXIO=?@1ZiVFr%t-)-S;D_K*)CmetjNK8a z*VxVlWW)JO4?LGdKcT2qD1uNKDS*eK=?!0)!qP)>6jxWwj+hSF`PvQE9KPml0(mW2 z^dLON-p8+6Kc`Ou1)ag+n?J;A50q@u4EkBEZ%vmisrZ1n2832}apE4eKiob^CHXjU zcN2bM?y1)&eg=hN*ywbzP+H5B3u`R$%7C*bpX^r*fmpjB{?U&F6z4E|dW9msjQES@ z(kc?iM1I7G8sVa=$n?Rrdrk@oW0Q^RtQ^Y_am*3J8AA@P=J4vFilQskDCbngBZn9k$k>3iEqOY zqupaYDD(*LEr~4TOCt6IJ}>N960K!5DQ(WFaA&2;6Xfx7OtdB)*6~XmE z@8c0GKHZ&_;9)253e0OI^>v$Bt^3^aVAqa351EPLOfM7nu+V|D5n>14X}$}|?u3H7 zR71F}bV+Y?H z{<`iln+>myT}pw^ELX$nklv8a_L*h~5~7>)SyO@>2+7QmODS{uvjZ1KBdvp|%6C1W zOc)@T*zR1^$Fa2rJ_i*RGigeF+wk@o6kV%(Uvs3s8GE#VVOd z9^oRem&*=1;skG{gitn&kuVp?Vo)5AJ=n-~m1I#mZ5%R&b>JcyYnSL#dey|#6gfpv zR_e3CCP~)FZ1*7~z~IyZdCgXx+A6SjM9CcN41W-(PM}U(ykksVlIvq_Mvi5LC8N}QOU>p%E4R;H{q-J>si(-txGO!#B1CCjn}m1obWn0ihoc;lN1 z`7h9P{S(#HBi~@d<&LFC4?p#ye#mJKF;uW?>-~nP^!Xb^Mb4%-O_sX4HOfY_awZ#g z+cHhlyUkf+|K`Ef7b?|;p0Ao$TA}t6OS?&am|Z}Q|2Rar(#|u+wVUAV8KBqr^u~dbFEFSzo#<`Qm-u( z+lfJ~#i1R$!)P7V8~*IkEFTuQqy5u$)5-qNc9P_#Mc8AJWawGO5B>KikGcIsEV_?q zcp$xJt(g;uz#=g;6#_~4rF|(iHHc!Ziik}zFO_YaUxk+~38ald?`QAhUWo?EdP@&I ztQHRoCg1f1?}n9Ip7s8Tn^9ADI$ID$BVzzF_YPoL^I9$Fh_DbGW05k6ta zBg#|xSV346GG0}-Q!I?8CsE>&au#+X84hAJC)dmLv8l}JK223xhOWLeSm=Vy#}-Ws zG`k9%8Aj^$>U^r>ltVl@ON}->(&qJ_#1cZ_XY@$9aMn9znLGQ*oms4EQU;#{!Hwk2uW%4_1P!|eYnqw0F22S$8%hm7^ z{fe$lDs+0gyDRRi4riE1!=6Jb5ZE$1CE z^rM*lMvc-T(l^Fjgy&Jhy~S*0`eX?kmpko)I^J=jt3Jf+`RWj}w7!7*U z+)+>S_Y|$5xC!UeEu}&qK{;sQTH(d#p%_W7*E&tm*UI6K+>(q6}hSNsA*n z)v`p9)(6zNwW7n~FJPcMKfgVV-xrt=3+ajYC|ZpN2dRi)^mV*R5&f0nqDizdq5!2W zA^JOia=R%%s(0&Q5fBnMX2$f%N&?SHlTo__hVwU#kcrLYU zU@ne@9}-RVl^aGMi_j-nsGXG{so1m&sTTz+f!|s1JUc^&p0nU3v85qJ#~yhxKDBJL zo#sE9eJarIO+zuMvrnoZ=$r1uh6IXA40*H))yh?_RU52Bd-Uf3t$7G@OG0 z-i?C3H<8nR2*<87n#CuoMQH()on!pUOelSEd?Eq6wYNXJ*&*mSb#?rN++qJ2EB@O$ zNUc^(_gm<}F1t+C~)PAwdk%9>}OVNoh#w)nwA;^+xV(re&tGBkCs z9^?c^O%^#^K0ZAkeZ-5yJNed&0JaW%PauKh3bK!buMB<9R{@9NVUtEjAjzF*+5Ap4}2kxcqiZ0~>j0r!<%uoWl zXUC*ps{0@&$V!xccSLZ^SH^5Ug42d4zS3aI9Xp+8Ib6Ac9ay13>V&Ow@)Zt(vr(3* zGRMr1G@AO2M!@Anrk|aVDJZSsf0P*;;ya!dPAgMrYlbrzFL1$tI4o;@9S&!NKhtxV zPP@i-fWGCJu|`=JMx>rjWQ}wgY5%&#^h2-WN1JYf7whr~1u^35l3$OtF<^80oQyCb zY3yn<=6hzV40Bh5l49S{vC>3|$W_EN=`bjLecRpZHZ;LzutylIdGIm$B#eD~IQd)Y zUWme{EZ zGqu>t%ZX*!YIFiYr7G8xf{09QZdHzOz;m=(*5U6r6^SbccXa5NmbI%zh3S<3oYF0X z6e*0U`#Fk5285LdbI3sPkURHe2u}+G6^!c(`*S%6g;byXbzgCt=HkTSLZc-Chs2{2 ziFMM=r)zcnaBp~%YH&JVSg*o2eLbPf^l?!BUL1Q$YlLiV_r;Vwvt!8*gL}je#f9nH z!YKy&@!bFGwAd?T%}cnB>OeC(|&&7Ohk{xpZ8 z!9pli_PPo59_2Fz)|8T+rBf)2#D(heP4hDJa^Ka0wKcR#X!{`2mJ0u_U=^yqu-*Q3 z5~q)lUFf`1!EdypN>VwmDW8Jodgj|vC*Rmvy8&v7dgF+hbK1i3vAE$%3%tb*8>hwFiCYOe4A0kAQDKTl!o76#Uum>1W zD?6mAj`7L!ImPo?d%m=aKU^aL{ZQZI+4P;@xLoQ>P(=Bq<*UTYGH^CRsEUOrjt||C z-a4fe^zP(&_b%89GJ!!&o8%VfVJ0+RbDb)az&}X(C=?2d2rT{eO(>cp8B)|B&{=^g=K2o6Hxx*H4ueQNXxw*&qAO{)1G<1etAUB zR%_xPm@}+lBZOYK6bJh3n(HLG2aQz#3xx#>GkYElqCinA#yokrpqpCTI-j_bh^=~H zF+Hno&G&+>du{E-k8-$S)7&`5i4fKUGOg+#KioQ1iP*g6W~>^L8?|bu_!VKJ2~;`<$B|_Ispg4Q2ZZ3&i}8>05khN zwDPuzbk~vlUmzzl$9=PVO>DsJ+;`2#zxKa?)dc* z$Utp-M!+Q&cM|hJ|K|6;{XOY`U;6gfvhmD!Q`Z0m`5RCF=m*?~Id2Euf3|gR{QL`Z zUPF67=Ym-Q5g30CHK<(@QSL6OR+RszH0aR{hrda{g#5W;<`rQD{hu<3az&ZoB$8hK37CyRh@h{wP zcSXYQE`U-Q*u`!0`o_gA@C#_%|HmqB&*tYwZu0D&$OP-12+6f8Anf(OTmhjf|DcY5 zv%mky{4VhgaDTUqYg+*7_-EVS9%x`;fqziPJ00trS>B((*q?v{U`2sz+uPaYyTti* z&A-P5N=7MS0O|-xzF$p$tDCpq?LXTEz!iTs{XOcvvI(H10CNBDQSVjFTYkaaWAm%& z?@@s=4Y+9DW*U$+P|;+%%e!Ce>hCoZSUupMA<%!7KK`kY|0N9$sDl3-=k4(N-OVFF zOS>*){~;~TdOMtdV}Any-O?d|ke^%GfIH{^jr_1NFfjrnKQn4t5!zxXp7T#_i!t=O z42GQ4<~#e^@YYCrq9U<_p}9kvT0?!>C~19(FI+c|atd8#Kj^xErpGShT^#h|0BtF3c+w7Vgr7^7-tw~(8Dd9>YmmGEX>4y$zj@?i7{(r74_T4{62 z(3NK{C94a9k~qWcyC>(PhZ`qf&EG_fJA6y1480_TlsU)anevJ-Irm!h8oeTV=<)sh zO|SHMqr}z)$Pd$969R?2r2WbHAvWu{2h*2Nu_PMA?JALsQI6Lt+510~%}(kGUBaaC zB^jz*VpkWusgkX^B&3avnBVd8s$s5l9F_eLIxomZo;5vfm~K|pRSUREfq?d1yHpH~5jZ*_K zh6|2^cc4zBI>;rY^ga;^%lFB>e$EPw2Th5)g-^pk202%X5U2-MBtk3ziu#2u3o*AU zeejt>yH9=b&|{yt0wTIP`6q%O%RQ9);v-l&ALT@+*iE&n>S=FHigMQ*8Wa2Dlm+PF z({W-L9BP7-bICXq^71Mj!IOgWf)#@cW9Y|OM%RT2ClWVNkG&$+lgO)?vUeWG--g+! z*nv+(WQ)XxDt!@U80d6;jXUT|2m5!RWpPI&kq$QaS^QNXbG41=Ltp&xz!)M~MeQ%( zI~?5|vWs74on}Qj2*kX{MwaU06tr;|l-;)Eae76KP_=3CxepOlFFK+q?~_ex1#f;y zYuI4xJgiL^OaP{OC&h;e!$%wT)IlIJtXZa^es=kF!op>Y;8x2}B)Q#*&tM1TXhbUZXGsx+uKF}CxyVynQ=HPAZpxP|d?`s-p9;q_se%4=HVwuk*Vc027 zm*&MgGL9soCn96!`$%f6szLqodk)!!Q$l|$N17L_98wmkK3Gx8%c7p3y+Hg>TG@SE zjF;)2u+;Tw@~+^AlaT~_o8sR2qx)kP)X&5p5x}amCq+OYg)CYzSUH{t2ygUA)4M-Q z1#ykY#2u8g^EPbYW2Fv4Q3>+{kC89tf2E#RwmXIa{bV`r!FjZH zJ_wJcLJc{`V`a<1KBMK;b;3%K91be&+OpXXvh)hk!c7wE& z5ivhXHk&aWifc^F92YK&C&pB;kr*lw{UD14f&#rXM1OK`GK~plsN`)opmLgPH?0YGBL?-IfrG2)`Cmv!kPr>}klBt;kMMFxBBA{}%p- z{I~ITwp%!@G1FnS1S)28@4b`Kt9ecy6o&>Nou@S7iZeqr6zyuY|)b=WGy4-qT3Iy z4hT$1-)+=NfZdsrR9y&#*KSn>lpL*kQJeV*# z*-4b!-ydq-d~t?xcJ`%noQ9`yDwMQiZ$<_`lmf=}fore}0;C_^l>G$#iCGv^?l-Gs zOWSE}Gf~S>^V({PkFMWwj#Rss8o4ZnPm;CQDd)Si3T9-tD~7c?zL#VQda23iSS7QH zWKWWEz!aZ4V}+<_l=LxbV6U?^f|yG=>t|K>dWH2v#abUX57HCq2$MMs<m+!bdh@z%MKRZqMz5+ikJu=&9-|bvcVMuJSCZBt)ZaYgMWI6rYa! zae*nl-m<;D2wZ>t+qGu(2Qn)MyDui0S)YAv@i`G}U_*CC zfyMw#$0G-Z?%q7_xCjthnBMO@whVNEioI8X?Gd{Yut$=rtP%bAkBC_jI5-zDaG}4F zca|oNY1&ya$9Wf|l%V=yo+ja`7$me?*Ajc?dli;deJB0V0JX9skw38e`1!e8)8mEV zg!rTG?}`hbQZ(Fr)SNugh+cvpV&e2yOORiro&-bbs1eaRDwJO5T{zQ`OPfwxZZJz+#>&y= zO^*w*Enb9qxA*ySuUkmV>N~i5kJYd(x}F|QP^A;?X6fZ1gh|zenKk;`Y_qjnTOYj| z_w3mDU@VL!7=*+(G^*B&Qs){UzeUnWBCgZYymtgRQLUbcFrbra_>@gZ!P>&`N_Bla z49EVP(!8{ry=}ivc{t7V@TZpi2yU61N@3J3BI~6+ z@@rZVxvNmEHkvJCqyF$+xjbz2Q1UJ}`9evbI(o7;QftBPm=^)>5S8%C?c;C6?7r$j z6eUB}b6h4}scdBx2T4o1imM)3CVfLi7z>qU=1CQq*Ilw$soJ}UReNMgDVGPbdk)ZY zS6nPnGh9+D@+y%+YBAMrleA*Kh`F!>vLLs^F?FCw_(QF zZ&1AYS;vcVs26@Sg;vTHs?yr_4`$1G%*?QYX$J&Q{Nc43_31~n+X_T9_+v6*rCsD3ghV0sRGeM5dT9FW293@|w*E@Q zuLBV$(%t*fKRfFTqZ&8P(j{04s|hj`N55StCJ^9eyO+TFv;@w{Q+)-1w>V)HdmQ)7uosuX#`FC&rfxbP^Mg(aUM z5#|l|ag5gtrG71Num}?{PFJT-N;2eWMHx!g?KkJYMM1Uq{3RY@-xrk+cs(jHi}t+= zVq*diw6u*UA3P6BD2!8S`_Rufc-^s+Sv2-`iqO6HjbTvh^OKv;t!yn4;n9~z#aIiQ z*Nsl9d#tmV!e?>?`nT|e!piGy;=Zve^d)t0^&5Na<%S9HG2B2OF(+o{rs^?rZYEWr zx4tJM&*S$YeY!LHo=ee`Rmpl*Uz5svmTc7ZhR~$&SN^5GctC6c=#bd zJ(Q9U+QL8oMrtW;s{l>Z@dG&(x@O(Fe(wUUxLibr*{u6E!EATMcHnkI5#K@^dS`O= zKjS`&JjwoQJkC-#wISP$Je}IhH%lFv=8caKRY_i1~*Jr{dc(lJ4Jw7(b_2nH{%^N<`*|LL0 zl%)$QAh?cpjm3OK@!_LjeVOX#23giE+V>fs?U5T-Bur@ubRzJ_rv(O=YFb$;<2Kwgh5PJ- zRx%@$(VAiMFPGTo(Cx3wsbM;hkTr$ySz;E1eP3%hgvpSNPZht-Qj|L~Yka(I6zU<- zN89LC!rxX>o1Xt!QYv}gaJ;4aMbc*J_a2^cmM5s!2h1g|L-Fx?Syphyzj$DMv{D_c zlF|C`?yAMXnB^}nzWi;+aLd!Zxp8zh_aZUKw2VdOKNIq9Z)u0soozH3Hd%cUn|JZ(Mhg zt;+=U7^l%DbV;kM&|RnV{KIRh_ETJ&j>emjo|ji|u%^;3Kkvlx3)y*1 z7^P={y)U_8Qg1B7-*w8)uZ95oWs!YLGReoYe$YCac8q9tzAYVK#J5SOblecl@P1~X zubpHN9!JzKO6sL!Ppea?m&>-ol4c*_gb^d~KK3?+yVT}c{C>C;t91<~t?6fky#}0S zcT7YqW)JEYPc-{KDXb)to+%z=zTA(jR*6+%;+eoit{o$}eOh|@>a5yzdnj?Zvwc`Z z|81#y(U96M`5{|+Hu-Rh&=HnYH}YclX=p|1cSF0BQv66%Oucybq4$&DR%=J7KddWz zerKUq*kX2aTM_m5$Bxavp2a_yJ9|MRqgWt9`c_kFtf99^{x<3!|5jccS}OB9~8B-ngiaSfe4iz#fOS zun}w|we~C)J(dP4GRg@h01@iR(7gBOa_rmfJJMe4*N*URC2Nx6zEtvFfjL1ealVGF z9->b7J>8-!zN|~zQ9IkNGu^wfmI!!p1kHoB)>@iVwVzFQA!&8CgK^>azrUMsbt^Y40J;+Ex4FL zHq>U#VWf>~M$5x8yJv|W2X)bVFL{duX?X}>gvH^|l}8r^Jpv5{8E^G|>7ZqT=AGig z`;HdU&;K9`m0uxiue4j(kA)46`aP5KGVRkmCqFIJS2)uiVP$)2Z*R);!3>8REHSir zD}92O`{whEQ6*c`>Wu}d(j4jL9?BN}QWbtTE%8C2*G(@yp4;>Du$ZCV4f1wXt~H||*+unGb$84)L0Vjx~GWGS?S$$<2ON<>w&UlTWJD8wuxyMry8m1$7nu3{xV zlEAmm3B~RYKvblPCPR`sqLlhlE1Q3lUL_kZVSQPBj9_ee5q{P~wpySxIb`{Bki<~O zw0K?M>=yH23!CF1B_3g2C^Kn}mm0{;ciRYbV@Bl*f%H#&zr?~d*MVyH@ikyEi2E(X7^*ReRU{PY2n zWpF=s0Z|vP1UnLcaTh*5ze>kf32)pBz_dLtHf8#hO}kqC5~?jx{;kCxe!Wh+OtZ9bE)b`}8B@M&Ws6I$?|{VJ6}ZpJna&>h4}*i7=g(c_%9Ow63*|*|EXxLc(r5BJ5l`!JB$5EkoBbWQ?5%{CISXNR6py%j;s|%;G6f z#GAGb3z6NZ+3?5(>BK$so8f0vgguHw2nTOgY26p8fr$$zHoYe6tEZp%oUd^r^@DEm zX{xqn-Y0xU=pfB{AMq{H0ysQsN90&-clyn*<(7@J)|7DSDJkynhL0OeZ>HWgUmc!+ zNt)t}2i`s4%Ec=7$@Tm4!L0jwWeNlOc+;ESphlg8jV^q@j)MbNSB}XjDG? zVTV_kTtRd}Rh1!mTtRdJz*^tnqMg922rhu(e=&r>g}|8Z&)yNxfh+6&p=Vbc1pyHK z0Cg{pa{YrAe8v1lhk&Rq09?iU{5Td6RRLqTfXge=0hd>#1Hf0LU+Ll1<5*xm7kvL8 zR2MAma%6v?x&Uzf*z<7(!CfGc;70#e2^-wbKd=CSkmoGG@Y4A~<^N>yD?Sbah5_JO zx94OaT>I~>fPf~!8UKSV+6_tfu#RI`&K}ht4_5D*WNVz|0L8&zV zLHoPhb4&k83qqnV%>UnVA(AqH{RO4c{0Hstav`h@64?dWDTHJQWcT8t6ee(acZmP| z2JHfV)aV7)1_v1;1Gwlv$Pj_Y(HVeOn2QlGK$QFipU?)TI$Q~y0LU`FK#cety#6B< zWKaS?R;d6&I6zveA`9(B(QDuXDBT3ur;DoMz=t0>EI-&v z(nxA+T0tb=06_GYmJj525$b^tm;At?9?1A2Z~-6AvmhkS-+<<}D@ODO30G{KnH8K` zLjZgLvjIMU*qpxs1y|t1Wr`K+&lIb_^#LN_0_QE(i+a?+hl_L`R`5AoAmhu!y{zEF zz2|R!1oXd2fQ-XH37~`B!0aYg(CKW@!)4P!N2AZ*fY1A$KY*sue~l7kW(iON_>41< z8eD7P{NZ9YX1y#e!FpL*f)!j^;$IRV78>WHbUCH5f~Pc~gv;XXte3^xSuZDF)}NE_ z-$n_-+kg^SF15%4)*=D$%|#zrF0X@N0bd7k{?mo7Sbp9$@fT5$MLW(#fv++GvbnsN zhXs5w&-t56#^8Ll^EVfU#{$m!`Nz0{6!61Cm{~6M$^zCakl*F8b(V{80(^5R^XIYk zzjfw{PcySzs+{Fgx`{w4u(jsgzXg--(?KrsT?hYOzuK3q5> z%cWVcT$%;T&*jtKL|t`v=1b=WY8bql1X|wZ18ABfU}nBF3!sso|MV|~oDc3#g)oDY zm4Iw6jez;m2$(O8fcer0n88NyF9}!O9eDZ3MT;+;8(5nE^38=s1M9n7z5xZ!e@VFN z?#!2(X1>%k^QESlFEz~!)-F8Tz&GIR$$v?Jn2>>S1OTcu02~ScI1}ys;X=WH%Zdzu%jpGhaoqvr%>VoJ2dbL` z(TB^LJOFS_9-xGaibueQ3ugpePA>rP^zyGhKsYyOQStKwQW3Z+pa)kg0e}nmfEJ7( z3;k`C2WrqoOCc5~pkgH#%lJR=xU%L0bp?_I9eB|PTHt_h^ZHXeuJV9zzVnY+2H+Ri z<>$*ku0@-``5AfImDhi+BJaig;X@#koj+$h91(d6%OP969i{cYw>u2=H?<0=60y z=6`1aF%^Mq;36X#_@!{}9+yE50G{d24fDTQL71f=XnhQ%2agrx7R{eNT|wM0Is#r8 z{}<_RUsRyZ{vZW^K!VkF^;7BhG-&Yf{2&E?KmM8Ycc~C|2h3y!4GY+6{w)>4?tpgw z7t-IQLImLdPL5>+F69@LB%rxUE{f9_}I`4>am$sAIJo zZsBq~zEb?sXvW8@ZPA3RaTA;v^0#^!U4lDRbnMR#Lp~nP@2{V%ewdoHrcqJ)=&(2U zsgl`zElei9uL7afR#kP)<=e8d?N;MhqU-6R^1=2(&QPL_uIpo*%EFynozEvGs@YF= zUQBe1qVvM%*eXxX8zb&s-))enW%2Xgz?*csYb|R!^<)zo;ly2ye@`broWh>PbeuwLHt%fXR-O0*%mfCL^B;Jk7@) zX<%We|FBuKV}6;Q?6@5h=SV-PXivai_{9_1Ob0X-gM9v%=^r|~iF1imNQZW>WmqeQ zyV^`iGkfSa3GL=u-&@^DR-h{kuXb3I<=7u!PJVKP{aSCR^F6+el1u)xxNJe<2c%k& zO~YmL!-!v5JQU2w_oHw}5bxaRZ4Z#jA2a1CIJFu|7IVrF9F8f-5htV3hS0_^HFBMJ-5 zw|XNby|>DGXZ*PkShwPs{yzNKdVb1&9W7hzt&goG)D{C|6iLxa%yx^<4P+kFhp6ei zxjvMar)@;^+9W$l3Q_*vJ6a9HYiNe@K4=ypBXtV(bkG16E5I|8YjAlU$6UkjDa;Oe zJHC0>`G-8fWY>>gN;*>rxGzbb@JgUE3Ld2oW+brrfBx1k}I79;05g0d0i+?l|(Vg4lhX{*V z_EfWy>&@-QG3iypw4{~Awki9;#SOL5z1VJEv6J(|(j(Z{4d30*T0o&z-6!39#{aPd zzcla6;mph{&~dMR+nCMjBQdt}YBR%|0Bmw$8wsXtTQd9=LtboNXR=dlnz+jf3;i16EB7pC( zWtxIvSTC+@Y~31|x6GT9D^dg1{dvmZX;Z|Q;+yS}^|d0J$6q_CtB;qz3LnfiHby48 ze8a|dJlY;Gv^zC;XooRg^;Ksc;S4}A+Z zjucj=Yu2{BC|OH+Nm8#?c(-7|eQrL$LfG|KE)jF8#58=g0mj-d!~i9y2pnP=e!el-P+qn`?X$H%eIW>JB?i|5v}GM3(7_ z+lTM>()U+pT&J6K9d0oUZ}_fj1!0}YSuL_tNl4sz`I_(()Lge#rM;W?BCLGy?AjA= zs}Kc)IvtYS=Vmlnbji$^{0ox2?@@~%CL@>VJR!qn`AU8*RgjsyMNKJ5ONvJ54Qae3 z58-DE1O_o@rV_glPKzUPuJ37GeTxEdO*P5sav}GsKi5t_#2iP})}kGK`9{IAZ9Hs1U6dGl{mGgVb!uKjvbgW@AW%LA*_2F(K zmmbTZKSgNG;AVkO6X#CJExn~VC@BczHc4>Zw;_9F{3CDO`{$@PiWdzAs-NGl9S$=D z+;BF&R}|hTVHHjr6*9;2=Bx6?k&P2&Dn9fGI>sJ7;O@LWBK>snsIKEh5ZN2s00q<#IV2(T z7IP(^$oxoR3FDXy;~0lY#sQY}JpJoJkNTOQKEQu!)r`rczcn%69i=iC9HCe-YpaMW zKETX^oG$srf-a&73ZR51$c(14h}stxmqT)73CA2&{e}2ZTh>N2Cnf1KpWOl20HY=J zbW1n@Tf+JPFUc+MU;>4(>zw70PyKph;j@TMZt{B-4JrzVglMK9Nqv)Ef+Z7qhT{^w zZOz<#U*;|}rMAg|cx}zMqb~y2g6qXNM5~r?b3a#^)1`F}ccb9Qhq!hR;FgXH28R>{ z)dEJ%%V|KnR#7=-LBD3=J*Iir_( zvi6&L8!SC-M{~&!9C_|avam^1aga4<;)lj{;iXYKqF9%IZW~|?>$wptq9kp%3P_Lt z{HRa-vs9u^McnPaIcf#(jttx7R7d1d%;@fY(eQnV(i@cT1##tX2+WtsX#{%kjSwr* z9Oh#YC{p)AzqC!~pIEEa%Z#R3G5*G$yinG+4G1V%SQ3-CYcN)xzCaMFK1)a^{#2xm zBAGsWw1|Xuh}ABGRwFS|lI8v~?K~{XnajjVP3tC^C3Lt@l&P4Fd03JpF0%(AHj|$n zu5p``)&e%PeMY!ZDc7{4tmA2NIB+)F%;vuF;SL8v&mfM;YEG!IO!T*J+z7n%UwLi% z5!*x~hEHa9Osnl2_ts&(l1vHpX#KF<3MEC5Bo|K^Jz#2H1;=fm!zw$Fg|AhAI+?lu z2tF63q^A7frJ2mL8rEttlYr|ctx&0G^xidHvV6D%D+s4g)C&U{7{p9AK5flNFvYJU ztf}6Ac*dxDYy5L``a?6AFB!`)xI%BIYmREUU|_cxaf4%+zvsIz_q{1YTU|$B1mrjG zX>f%!MhG?_8tMh)1hcB4)r|yf#D=mtKH2Fi8v1VM`(-cm;MFtBjY(yz{8XmA(u{(* z(A({r+>3p|&redX`_@xxlq>tSS!7n*>LE#nVvEj@qTvswzH|{Gdf0n?zL=cOu&LE% z_cS1b@yQt<3KFGt*>)zIncH!Iiq3IP;^bui;VR%8aignu6jYhFPJwuNCog;18_&0# zjphbbh=96@EX7D&)OB4BA9x#|{FzIML z_`0}!%A`RcN}RpzEMdhd`GNViHIl?W-`B>w`vf=~H(VLDeM|Yatk>^n&G~G(tZK8q zOOkFkc&&3Fk8e!!%C`LZ)94;^vQGvI?qtH0d4l6ilDEI`#=ZAvCkb~^mdL|i6j-ho zojg$Z5jM+wYmelW{a6<${c`%V0+I7b1S>V7!8mJvEyvxM% zM67LMr@@CK+4|t_H4{L@B8~Wp6Q${k?Cfzsb@+;U7%&*FDR+nz=}5SX71Q`GAz*Xq z`;UGoVl31p%IDMbdzT{H$yHcudmS$Gc22hCPA^XB_OCY>&o;!%f;O3T8FF1W~i)7zgw72Kn@u_*BUWu<3rX?Tekx^ikg1$J2j&4_-w%%-D z_r8Zo;MSreUK@R>_wKDC`1$^nvM*t|0rGkGi*_{{vEDN3>Ni@Vi>ah=Efm)INFij> z(+cPJg@kcQ2hLU+mugmfX`k#k@M@~yzPqDVvtCIoIAE}AvA4zHO@Ki8WWIRYVv2!Q zk35uJ#<^RsRWKT+lQ>svAso|uJYg0OhPk?#H>0Fd$wX_UFZDrZYPU)Z-=q>e^&EHD zJCd7h&2B`og_xH5n?{aWm7F1CNRtuAl6o@d(XqKSA3`!cBD% zvfy%zYB}W>(s_kvHS^vwGYz3M{&NoUh--BIn~Aaj0*9{iG+abCvj!EuJ2SXMQ_zRO zH5L54w3>oG*L1buI3Bnrt}6^nEAhsWyhQRMDQsEEcGwumi5#|-Vd#E))99HJLel*^ zNQx3{_=$~?fnsH1t}~CFuLUXb6`-ZXuJL+OQlrTn+r55T znh0gA!QQk7=g#~JxfO4VXdq25FD^0yA!sWrBe@_mBY9kTk}N{9S`l7+6k8(Vt(}{@ zk4Ry*d=rJ~;B9u8F#_>vi6s=3VZ@!8 zYHcKZw6{eLB}0&H;(7R{S!^SR@ouHY+P4ncHSHs-VC5s37Fyr?z;0jOqECz)^F?Nr zKW83hJ%pqiw+s!cfyo&EeL=MJ%fZ$_#cx|Sbs~LDz(-dwg>5&Pr&&35h4;5N-Q}}CVQycKU|bp)@ER5kdQjCs69#`>>$N&Aj7DdQO372EJx*>+8cs28T?zD<8qdQ% zI%jstUah%FeywDjxNTh8k<3{7)67>*9bv(t$(<(+cmwi>MIZW|jy=j$h%w1Lb`#z? z&tl%6F_auf_ABCB&>*mPm5XArZrG!46hhKUWzkHc;NG8*)BX0)>HQw8@Eft|VOZVQ zdE$w>%nsTGiqZGBoPhTQ)gDPeQ#SP(4UC4rCv?x1bVG`BL@8w58PMC&e!(tQ4!_=J z1TK{zCMK^%!fywmbxK>#fl%txv=E+c=bD3iFgo_WIY!+)h zry)v)SW|J1`s>(l2(LJFO%1F^`){7nh}`7x5sd!B6Jo*u!Nzc9GT#xGnctc6*t1zrr`3nP#GIZr>7v|M=V4&f}4I9*C4mfZZ{{Nzd0M^d8z`>|FXyf-1HwRqe=768LIdBIU+^Ao+z#;3?{9jw( zAR(9fJm2|e0m;4u@c>{D54`CN#$JBgzXmlAk_9W6#U+RXMh5@R0%BJcqy=CzeqKQU z09UjCjt&@h{3|Qae=l0|BQ*#-a91?=r#*1U8Z0Aqf2RFiE`;#`x52?FXBWws=X?H_xYHl|3t@afT2SI6;Lo(b%Y}rDeyRI& zdASMTBDV>$9apoQu9TGlRbzn&1K^GMKk&HXeIPjU()>UyAffK&S3gGD+tpBnl;!J!2|bCR|K*D;l|+lI2VKdEA4MC0qX7# zTCgXA756LYuk~@j1N4Iw?1+CR{Y@%JPd`Y(GZxrx{wWot*&n3f3G2_Kzf1iUwEQ`3 zDgqOQ80f$n0^dUeYRKh$bu|D$7MlU79U^0q0UQASz~hSRL1wsvEe9g^7ns`tOuqmH zL13=ne>UnWLkLp@IwUhV5sL;iwKFpS{h9$h%KvN_gdP4^7l1N3nF0T#g+MpYg90lU zJ3a@5SI^F_k_`Mh*#mVcNZ z!R#-@18G5%$$!xP>LARZT+VY^V2LGg9szJc0lIoa;{3V|km`OGU1A1hhh2#J3$6^z zKfH=7kD1^$-*sM;^?&+uG^C)u`hbxVq42?DvS7Ds=htlz1_Q9jWb`~I2`;bOh_2$( zp@i#nZx~5PSXs%Id@B;~YW>04(emi5)Ny&iY3!67k8-D0;!d*M>(|H~6+Jb?*tVNrGoiV#NtVr}4wnMjf*Q-X=jK_W zB2zcwEZt`UABEiJHRYUmqQIX6b^mqMV0d%VR+ZJw{8i4c#l-7Uz1;?IUVwf(_*-vE zp9~QAJi(mGtu=?5IdoHssNnD)P?f~LAODaf{-L$?XGiu=vHjTj>bO*c)1L`;Pk9x( zDG;J_ZibOu<8$kTVeWO*UiI9Y4ima`8BE@Tsg?*UjLdX;r?yt(C8Rkoue66}_Zr^k+hwP} zb+5$?cuy2@EwxHr;I!i1gSbB) z%4g)+g?b|Rw892NZ+)J;7Wa7gySORs`pzn%F|R9Zy!xxRT^|^P=rPD{@)B7Kv0V@D zd%K31Tc23Kpar+KfoR?3eBc%5DcXZWy5`(fr7j`&iN`cbX=!NxCX?^|_$PuGfvZrh z{DZ1ok<^>=?XVeMY3~CHUtvBAe6ux45T?lOlOv~SgkzPi_52RZ-hB~0nJ;n@Wtw#Y=aysjBD1u4`K?$=ke+y+k=GFVL97v3BcIPHVOq+D zq^cXukan24{rAy%V)Y}&br)PJqfp|}gO>-hsLpb1B2F}pCX$b=NJdb%k-Uq;Uj-N> zWSUN?PD&g~;Z!e}AnGCY+L$nIKDx0*d2$T{Gj`FBJ!yA9bETv0^$PKw8)uI(UFPfY zR>>bC1@Y!;Ree*0w|h>hBiD>y9-jf(FslU9?MfSle&v%n!+*#rfp0SYuUK4ppNgLBnm4rqTDLFxA4DdK?CmLaF1{km!nx zg9yE1b*>VU(=fJ{u1ep4YdYmr@SVzZGmDtIAZzVwPf))@cUvlGg!1PECtGZF3D=4Y zvVM+W74{lKkA5PUJ;1o>hr5?H`x+-k;^9PnnryVcWb8W{=t>)NB1NZeoXTTpq=#$c z>}qt-W$uYL{7C#W_~Y23%KUTU;o^z|=kD4i#lTN+gk;pzN2)b5zZL%2-%FKgYvDl! z?Y&s_it$z=T<;q21}1L@|JfD2Fw6Ww!+@;OoR?KO?f7OBFww@QI<1k;Ve;U(X$c& z(d101F-kHxB-LtU<(&-7Z$CQQa~Sg^MAKr_Kb5Z+u!3W2P*lIGzsT6TDFeT!e&B5ryTe4( zI-#uU~^a&~3RjC~8`UN04vwU|ZG!Z?Z38uM!MQ&Yt%k zAtw~#2^mE6lB2gy&Q7Y#q%YA+WK$LPE=5(6T24bbe%FOzSWNi#0XadAVbe^>TkZVj za6=8Tr?1AkXDozB-oG}#`FY~8Fooc!^%NCR=NG3G!D~sdu1a+;UTdNg1Uw{dM$2I& zHdaoyVdM}nMt4f9a@05G@Ev?7>E7j%__T=S;ZR63{o4tiG=f5s(%C_#*KE~+*8vz+|?wJo=?Xh)FO7<&}Px!A-TSQ_VxO(4#@ z&L4o6(T8Rs)Xwon@bn;QXq|hq&fK0Mqm+2TlETTD-?mC~f|h84-l!Z=nB-peXca3h zGr8Spm=4DF`pa0t$H7ZMt6G(zj*t6pM6?Sr#g52$-06ILZ!54j8or$O;j;v7>0ZmM z4CAlg9rsMDCHGmL@mS0tg@_8+d_bjn(d6nnzr7Xl$Q`CFAN_c&jX9q>KX2+TOu8Oj zrXcn`m}d`jef{4`o0ww}k$y-gnPR?w2$8D8PbsWxb! zcD!U!M!)yL;nUX)^23ZpqO-#J3Fy8 z=ux+uG{uqvpSU5GZ#bjg+BGMuVNh{}u601CvSIR)JV8VfCDT6{_lM~@IH{u4)Z#Gz zkm?i$W0S~s?A8KkexP_riOxkavR|e(hjpTx5Vt`Wq|Vf>{vytPt8*?+(;xMdt(81_ zdFaRur*}ny_YTg3;h?vW4!qA@tfxNk959?w*9sX@v5f-T zPBDv>&15>e5tz6@N_k6uBMo;pQp1`q*4t)Fv#u>7tBA)$D0|ovZ)Dq8dfoW8q`Oo< zDC|vJzGyOwP*jsB5A*lFH=%F`g}c-~L?>4!1%3AE!u>)`YhI3U9xSD(U_{CR18h5g z6?mP#lr+=Z<~-Rf+Fu64k7RPb@Td*(w!~9%Ed?k$yS=_=vwpvT@p06Ve1Tk@UQB~@ z`iDp6ShDPQSwikM6K`@e(Fox`z{M7J7;O-wnn=0-ob*|D=SSIK-{2<#J4k}Ecb@lM ziw*Hc+po4?pp;bVozz4WgCg~|#gEQ}@0je-2S&PGJcmJwEMTPDJ&$x7o4Kb6Tg{Wc z6{aGwvq@h`%uA!XQt$m5=*-mu{5UKvTiJtObT!G@B>Sc4J{l~9Q?8F+Qqc}R3?)mO zd1r7hOKsA7Cm*Mx?Ts2-u9_IblSfUNn9sQzuK|~l(#x&VW-t9-m@vdx<-bXjw(kwz zHHkl+e#Kt;+UoU#2Jr%qS~8?NMlLJ_$#0=O-V{=3^*U)`Cb^uDQ|g z#=t=l`mh0Vi~>~lc8Of1VrG2d1G_u2>?&(xb0osX~Y zbPmd6mbX7V0p!f5HOqALw_I;OCjEFX0W%~eZR;Q$_944*qkh}wfx>8WI~o)Pjg8(o z@X~_PA?5>kH^7UeWB~LvEYkG+8!4NFzBz;q=$&s?v+(sRh zstpE-vNC(MkLqmElMgUAI#5tE(XBVgP>b8dY8;*HZuU8#Ps*iX-+@t^)uSdBN zv|4-%LnW>c?1K##?=3pnOo9beD)z2r^X8jL6-~U?*}>Z>hdr54M-}w6xn~_w&z{FH z7)9;^s9xJIcR!u&irN;GIhd+8!PnqvClDda``jcheCirEBKOu{D(O~^h0J^X_4nT$ zwfC#?rV|((vu`+3NE#cB-WB4(7zQS&J=;yayMR7E#pbI(W?4DgqBo=ZoeVK>3jr-; zFgvZsEpuk*#_N>Z5y+Cl5BP5o$vK{QpfT@qZ87$0UH|O=*y~_?b_|u1K{`XL#(&aX zO4j~+Iu6?X$G1njzR~KYJ*CpRm#a!2p2JcbcSGX&T-Q^|6eM}(r?ro=C}B#I;W-DH z;a|Mb=%0>vB7N+b%V)mw$$hpm_v`8^{@B1*AenLlo&74NM) zoaE40th^4;foGp=bLH1AmY;jG8f$<%Yk=Z*U9b?>t$ypFP{(tR*O-j+SUL!$G8zw` zP}(!Mk9*&yCM(EcYgmVpj8yLn9o4^yk({0aYoCVQP|kVdUJn&CqG^P%dlmL!u_0c% zPi8o4P7>D#&1eh-4GXFs;vq@vCqhz-XJ|e?7_b?q^(Bvs*Hd0Q`;k65? zWf^L3wrSQb@K#`CLI{_8e%NUd5H3a-@8R06o893XyyHvblh_iPNjmI88c+HH-h?7e zx7TMbt5Q02;H5xa+hI+yFiIsxEoF+p%jAi@<>eRS^-ef^8HXt<{bmbmO=9)=MNMkT z4+~2%@fZ_4kmT4!tvZNOB&j@oB}G#gx8~aoKbwm}kqKE{`!x7gFv@-{wze^buiI;? z?ip;b>H^Ub4`ZQ^x26$8SD_99-Y5-^UqXFP?HgS>CbY1(ehwjuJv?cGj{BKr(Luh= zJ+FZGO3l4|b&u`|yIGrQrSJNQ>#nD!=Ba8~gWTwSelOcl7~SIGmJ-gtw)`gbhr1|7BdW)9fO3$Py7*w)>fA(^lr9Z9GVaE^LC&+?sI@WldV|TJVv48x9OTD0tPA@ay8ZgaX0XDjasul4m zF!AQ4mD0}JGRD9|%Vi32o~&bNk?erfWSOdj>?u(X|Kh&Nsiihaq}4@pa!4e`WVe$J|sS>{s9= zaGv6&W?wYTU5>hjVrNg!_75sw8@nDHip8n!p6&18GpqU{Et=w;eA~(oauhJkHt0Ky zG@-N>T~)sSyl+{Q4Etym>H96(YyHJzR)2!InL%eXFSg_US~Z0MvT6!5=tSrLL&kWO z4B|Y>U!^f!C4+#ifZLNGoa16s_{xs^pSCuyR()UuL5}}H``gwgXcPFNm%z<%FwgbrL}=&7+&EHfi8gH3JBx`cuw@9)&zjzS82Z#hyb4{y=Wzf z5AYI+bIcr^K>=3EADBQQ9n8PgivS+{`+>XDu>vuMi*wQRmw3+at-8t(!ji#_`q{h7 zIvxLP6ogs-fK4vI_M%E06;SLq2D94p4zFc>hmU5Y`GzO#qqI#lT&)^4|~lf!SXS29Ory>;FOf zo3Deq`;!&~xPga8;@@&1j1VXnglql>?eB6Sj1Nc)0{<^e=bv(~6i5J`0S0RsWOl#O z{wDWo#e<(Q2ZZ%OP(#EVdhpdsU?=`%RDOv$prh`WX8B9920g(=&KCHHJA|xXBM#`C zJR}#$hyzZO_ydnC@d0$g9+CxQz+nQK3$Fwj{gozNWd~uMzlEEN5cn?^e*$U2 z)6zdXa}}dyz6eg|!3GTPp7-YxqXp+{UFp^@!3IQrF*g5KumK6V9L%4==JH58Gx$h5 zI8t2n?)K{-P(qqz|z3{h9VR=Yu?j52OWS#1Lsaf0YYifc>jSD0Lh4_8j-gKYC> zZkQr4Mvr!Ps*dOZ~25`N%f6_wC z?C0y7iz^S$Lk_so!1=q&l>&HRuMGDuAqVp0{{IznKte8+`!nQRW~c&_Q+_%*xL(0; z>l;w>{=fp{WWeTwi+_Ma&VR9hu-`wdZ!WSdfUF=^TmQxC%6t$0g!*lve;zeef6dtf zbN}gqpkVc9(%&2qGW+@R3+h5|SB&|OVj)ZrNDE$7fpz{X?eB6gP47G@1r*xPziU7? zfBpb69EhY8P^#la5C1zUg^7ug`In@WK->>^ou~5kc)S>?^c?JU?~TB13AmUMT!-R# zg7?vjaHP@=MVHEy)H^<3bW5U9gIU)m?K86f{F9snlQ)goY}O(JM{jLUn3?mdCy+2O z79%4cpE5e3H4u2>z3X+4G&wwWI@lRoojF~|NpwA2bg|oC+iu*MS!-sX^RDG*I!yAa zTrGP17|W!K+IG1FbN!ozP4!sqllt|WDqpKTZ7W@C6V(rpSUA6Z-*|#lS^1=uJdJ9Z z(3}5`iUTCFLk}0g6mHFN1hnP7n9ik#u{72OCm9vA5CKx(3*2mp;;FwS(J1 zeTs>TyRodsWRl)<3xCgOOT06WBWA?G2}daDg{Wakf_d&E!MTpGI32^CfzL6K*!a0& z3q7nHHHzX1VcC(jR06$E$=$OvrpH_CIgJ)zm>;VZ=z1Py#WA7YOJ{Sbc!|*8PQ+uX zjeMx*(fr~*>ZtUnfsH=h@<B;6Kf2xIKZsDB~4{3j&E7i z-l%kzVUvGEvCQV?sy-m&o^!{#lxcSH^Bv3E#ac&sLz2Bx>=L3PUV6zN#}iIYSveiOhQWN+{OB2If1F1b*EdhjB!MYIyg~f24GBCJ)i(n z5vI?5Cw#KrZ#zaA(^qw2cB-P~QCWG6)Fd*-Q3S#1gEb% zl02mk9p}gqcQda)G0T(7G3%KumSZRly^Ur7eO)|;E+z>^%FM`^V_e9lw90p_?scU6 zv=xjIW7msonOJgAIH9w57DSN+2v!J2w3pnklO8k&MhbVr2-FH_3tfA?AssD8iaiy9 zSP>P02)wII<_&S}o47Nzk8{4MFg#)>3g4ygSarkPlUIk%Z_`Xt7JF1;LNS!t%2ZQs zs31M*hYhS1v8?~v0{TFvMsKdC>>$vDV@^;z$HG9vWf}gBb7a(s#InF~!UBp3i{XT) zZnz$Y*?LduJLzV|mpi$MIVQ^vOA0eMk3E*6ay?U4T$EQG@?PmMuHwu;2wUa14}b4) zR0hR{^MQi-#UyKrz6eEorHe_FXv6veE3`0zr54V#MzU-zffj(Im$h$*j*rtGVZ|*- zVW9GG#Vy-##{O&WHW|&Z9obZE4|0ps^s5k9M1*4BP=vgm#vM5aRmQhTFvyP zf|PO|T$V|2SVIxfS$ma!vtkTR+2=w16m*s_-To@fY^TDLKs2VQzMwI(@uauaU|1o`*j3kM116TL#H7CJf7VY! z#+UfDlj~&m$js*3!kFxb`o_j1jIPJ7Q09(6@4xY}dYo>+O>gox!m^tkj6N*QQzNz% zN)GHf=`c4tK$ooT8~}UJ%Ok^7$tK`~O*(q$j0}FzlC{MhBeM8+w@Ad+Q_K;LWP;i1OB^^iBvL}QtW=GKGNFSDV zl+yz@GRijfzr`T(eGyT5qgqgub99IvF;VOnMNd#ggK*u( zkmgEaYbPAnh*1ZY%-uK(hMJVA2uDK6`bZSEYXkmFZR@guTI{oeO;X!9&vQSApt{F& zXxWpQLO~A&cXo(QH*hJO-eV+;{jhml3FjrdHRjSEyE>yLn{gZYe~evqR95NN6{Nc* z1nKVX?(Xgq>F!QRrAv_R5^0bQ>5`TP>5vYA?>182k(oh3{r_-j$WT_EbA5I74Hp{9Z( zJ^u^3VK3>er$xgvn$+AX!c;jH`3PP^s15$_SS*m}xUEe-EA7l=%q8avI)Xjp##Zn- zAjfx1`*>(!7JjHei{NN~R9M90jFb8NpoaeCfIzVMh%*P7iNAWdl?y~)ub_vg6n{=- z02bK^27Ddl-iE{L?gIx2_2ajZDPA>M?5#L+Xdk~FTA;nwAgWis`MmDh(JDMLg9>@6 zWST~d1LPib<_C(K=q$C#Uwa4+l8eVI0=20iiWAmZQl9(#TeCH#Vp>Nn#l*n)b5io) zGBQ;nVdu40sY4_t51O|jw#od`@kxm2U5zkFah@(X4wKIZZK_38!wt3hDUF{zLow<* z2-#F8z4)4?TFOHy&UNL=t90n|8L#nE`k50u!K|aODG{E2L|qmYvNl`JE73an1U61< zu@}qnNibacGO4XZ8#8ezWqC@P*`>;UQVB4UDXf#`rY>CV2!bXJ+_H9b@X5fb#?dYQ zS?%QWz+q|a-{TB=q|ZRI8!Pl6v5+);?RAMDrGfHs(x|`rQni>eC4E5!v~k~sy?0Y2 zOq!!FqWn&^GN!et{wbJ>$I%Xo!fmFI*y+s(i?!?dw-YOWQahQ_V%_pY@La}9Ld7Gp z646Dr4{m2C2tkRG>4L&iqG)4+o+wi#?ExlKdSzz=jMWRkfd~f2@0bQp_vH(bzdG}d z@x+Ofibw7dVP=MrL!}ON3C#c%Y$Tz_>?KGFLaVBkjV`ltujVi#Vqb;GAl5l`2!2U) zTeR_3*nS1!-4w!<9dvf&fV{%*dPBtu+|~Jsa6=kjjH8~+FbIdg^1Xs-Br1czoDle1 zV&oHd%)yMKtgMX&)o@V+Vk=khP5(f+{OGgvVx8ATwdxKw>Sc~;S&iGh4$%bKdCwp- zAexh2y^)QN8f)h+R3UIN)Y6+Cm5l659yv5|l9~JQ%EitOmE|pn-v$}5Q@lp^NSL5M zU@WF>(ikssLY0}FuBH6GJ@K+!U<3Pt{%3f?i!1x@*0wy7Plxw5@ivSrQPK%|8)_^> zL^1n&&cG;NqL=8W$|-qd4)0C6qrN`~XHd*CrsiE4%NSb=Q-1mBZ0~eZsH1T9fSaJ@ zU^D{B^SZxRrL?q(1Y&>+#GzZCUl%<~so8(Lt|$Nlk8GX_F7PZ0YwFXKmzR`qE0;fo zmLV~{UvoGAnz&JHV|B`41*oMsP;XYEpSO=yWd$Q^hzIFSY#aZE?|9nRMr88Q>rnS^ z?sYUhJ~ZZy94+xMEcV7bkb7$p%e)~9-nx=;?Wdr?D;I=>X(_GFO((>xsT}PuMD`u{ zaLN4hV8+Mcwjys9{4T>KLZ>0X{3N=RAntFdi3S^ z)TsVPxGm*?>~7DC2+5p1wsIzntAm}w8O*hgJ|fxy1=7gCpeIjN-a68@NHU9D4!<64 z{mLou64;YR`~#={SgJ07x0BIk&OHE}Zfj^D0tCAkXUIuBXl1yYu5Z3zV7ypPP=!YJ zsRkO8)`t?lzA_A#+~IxHmPjM_w={I=PDw^EEuVlu`j)gcgAxy-=od~}KvwMQ8xF`~`4ItPUy0r>dzSa`TYbyA-iR2GzP5HFaqtMVU zz~EcZD*~+T!j52c9tE~j@^IU!ATGzSh1A@F-rTkRb=Z}*QjvGlIn1_R3ipcxdP{Sl}N!mRW{W0RkhrER$^>rKJgan zE(C#kB~qMH23wIsWjUX^edo|U#aJT;;XaQQZN&#Fq|5A4y2{pa?OKs^f(T&B+EJF| z<#$1D@bsxjSOG}ljR2B3q2HVXXYWQ=-*$711!N=o0v?|;GOV9jB&1#d{cA458}2bJ zrCB8|hWd|R@Vk97SW9V6SCK|s%1F#I777o?eV znI1$S6ZkQI#Z*!T-3~O6dg3WvLIae6S8Gz32w6Y>6D@@?V}qphx^uD-b#qF6q^$iy zNNH~p9A`($19}QDJpPqtz6#>DO7nnsRTOLjn$ICM&D!IvLmV-r&%r)CU7HJ=V|_iJ zj}ek&L+uVJjj9z((IQlk1~!3_a2lt8bZC}bqI!A3w9``3NJ1Lumv+ED9gU%ET3uL0)ofe^QB@73$H&{Iz%#T|EJzz_)H%lZ+}X>Q9`usF zwE?$FknuYuCjlrK2ZsUUJgKOvr5Ba%KwG~bt`Vi~@(kqM4tbs^ zdq)HgqNGbTXtuT;g~5E~O=gZl>K3@Tj&a(qbgIZ?9W(cH@%Lhr25rOK`LJQ_)(}L! zZSp41!7MCGR@m>&$S3yQEEtdPAapS0ZrIFoCuIQt4H5jWlm*IJtwP4VsY`=ohe9U( zVsCY%l4_5q!-9Bm%SCugwt&zMi11@8psv%75C0!#C#1z$J_ocbpBUU|se0Hu z&87|B_GmbH=fsZIQ1v0jfSlo7@(4cR$d9O1gVj}bS~sUEHnN4QUfJPLdRo=NY(sLr z3k7t}zS2?Sa~9d%l*-UsOVifLZ9b@tslWR2AM~QzNcHRR>`EIJCG=N&tmZ)Ja9`iDdjIHIqBkvbOoAY7g; zMC7D3tUtMCOyO6~U7p!BrLTy_Oj^|#2kbD|iVYEg6rwGnHk!~!C=!7`-WV;6n8}61 z?$f{fUK%Gg(4lTT3DbK)sM&d1s*3dNeTSnpn&oBrN8E)o+U4kG0tEjmiMI>!xGhI{ z9yG%I^)QeP13@vb?H$kWxWk@E-eEuUU52c1!!>9#3CS#cl_ z@%fpQwVkXgbIEAV?p8^dAsm{N} zcz4qELBB8Ba9CZnTnrs48SNP{!J-K+e>0)Z4aM_jZ!2b8KOtN8wNR}TcalIbW=sq& z5lCv(dAv0T#PxI$THm{}OW?2=r7)dtGP37=?J+BeHUy`>O6+=bsOWW?@F1CMrH2TT z_2v3GBeI4^Oiwf3U?zhc7DC$IBJgWUdHW?BLI2mZjXjw-eZHLOTA%9wP| zbF~5$8u=Jots}|vS{%Tj8dp_Y1!qQLt-do7CnoPf zh9SOKfAZYQj6%1A4C1C4)alifHEQo3C{WfY@Rla{2Y0NnugCBVStPu@{A__yiXh3N zIUArd;>?+KuCcViT1&Y(7#O^a1Ll<$<(0>n<-pU&Nc-=#T1dpTk(@C-3;Zk`ZkBZ5 z^Vt-nyG?QpMbguzzzVlc5pMqGmi`3g$Tk7w!Whv)`?PL3(1hkfQY^>Q4XX?N*s~V zzAeTbwjM#YskPkPHQxNI_M@GcqbK@X=1y{3-IL*R4p(PKZeVd-`Ylv~i55m+@1HxT zcNC*o>>%ZHFk%P~;j0W+xJ#Ll<*U8RX0wzJQBMLc5tTFz*SnR_wVHuS$ zL`%w{sPhRe_=V7OlWEV$br+?f=@XkqBvDoW4YOjFx}sOYlbPg^BO zXbC3SjXOceEOKaLVq1cWtf;ar@ih=W5?Aeu8`fa?%EZ&t7uSk>AAQwo`Z?5kQDjPA z9W!^>vqn4$W_;)MB#AGN{t!-E;s&ac6(^E}KL7Dk`)zz{t7ctrn_j)!M$ zgO(upa>1qK$GTjqv?IxJOpD>=3xz!T7FxDr>;*tXB`jHX|^0B^|K!6ZI-Sr7#gCzSr%6 zX1I!r8Jer#Y;HEVOGjSF(TqAI7FupL%D(}ECFpeV zBOeGjj7*bQpqx9>VPO+hBZ3on(QibMc?s8gfc%(aO*k8eZX5+#?BVPEv>vD5ueLBOFc!ON>PuWQ?^iIP{$*zWerkn(61b^tZkOQ6E0 z>kS@Ym?zbkgp2>ke7ZAvc=+b~Kezi^Qr8&CYtFuGsE9<@;aXBhpjVUHRBKjpX& z4Upfzf&cm0{+BQQ_j25SiT&gI`7h=Ye>ct^x-ftDvK}?g80a5b8TU=ZzyAi%RQRoP z_Sk;nuC4JmcSZvsVW#^jU%vZr|I2ayqNxV(Isi?WpB3>uE)L=|F6c` zFD?~-H_q-|32v9XYr@=@%Dv_OAC0rS?L9vHdv4KBj|i4~zkvUl;un{SyME{|z507= zhTGlTR?tJQ{$F6N;vG*K-`_lREbsrTUAoiXk@XxV-uKNffAC0TJZ`wUt`4Qwi zjKKqR>u;~(qrdqRavob&{0=#Pxw!n@^#7Mu{hhtX&&s?jt4CDCyEDc74>^9phsQ1! zkMZGtZr1Ivlso1D?oSN7`@dff?bmd-X#2~K9>L9nd&7UFc#NVy(dOPG<3A7PXPXtk zxZl%nVDs4E;{OFUzYK2#Y#nfS0)P%Mo$7u` z)P)t&_IJv-o^L;qa$w)%eV_|eNi8UP+DJ>W*aBhUPeS@&-gztMv3rzbtm1E6~SWZ-B3 zxUqmyPWLs+a8Hk9zMt-Mx3`}eA4A3c6sBJiJ}T2&ju7hud-pGn(4SlUHQ}RTy{r3& zcc(jI_D_z`f8}`elKKZn=s#i~Q~Lqv!wTSW-#!Lz5#XM3e0xX_Y#Y{lR`f6D{#W$5 zpFs6+e(uuUp$Op33y}F?C%2@h`=1KG40vI^bBTF~{bxo#BQ+i1IebgV=QDrx(vn8n z%F^i3i`M-T4;lV?{INcISGd2Xk4y6Yh5KQ0)-Tunw-;_!z)SUC1^++zEsP8Rd4Qe0 zt&yGuER<;Qw#vQf%6ut0pLaQdNs!0htAsRz5dH;TFxx3y_$a;C^ogW#CW&*+j*Z-7 z@dYKRiCWazAme^72nPm^vNylvD=3lZeBGVXY;ygyB`qT}FxYfc>xL*u60luFpAuhk zd0}|jds(= z$~Sw0scoUtR=*>&uTy=6DE-FkW^}{SZAL7Sx%q`rCtm;}HR{uCw`$i9o@D-;EIl)_ zIDpStE-@`^?pQH7mD9_>*`STF6}&yVo3%zQ6Ei#|%=$w;PFQTBh;=*F_E&k|9oZtB zvl)-AiwU{wc%cjMrd31Vko$usqqr);$PEw)tf0eozpuIpdD{cC0hV@9K9k3{2&JQp zGIWJo6r86b5(XP$S@c%i$2&m|il1c?w7o(wSGd+YkFix*WF;-k$g?5MdJKJISTTD4 zAkBy?fNdub;f>w+uFW*uz*g|+oO1{q*QRbeo=62th>#$BXap%e%KpgfV!CO$uuq&7 z%$X};+G!~;sjA52TMpT}5Y9^}ujHzUyjF0-G(!4Fx6`*II2DC8#9xa@Ydb^GnH6I# zBHB&(%w$5X%1H#h**CQDK{xW0)U9a=Cl{e@vRKmSz;EWlvmXy>u`c#*P#jwm*W>RG zi~IacGQo|a633?aaLkG*2=VpATj*8^2#w%jYs)M**f|OHw(!V^Mzdv%4WKwa6hxC( z>0RV>$Kt7eVR&Pxs34GU=$KB$I>L%9-!$R~OO{BJbsH+c^8165Q(bE4IlkWMTo3t_ zPKdWnFesMh&v2NzqB?8OgiDakYNs6${!Kvg7^$b2dhuJ@TaD>_+Mv0!kaVJ}qG0${ zpcf*c39L~%U?>n&sf;7p&p%@tW>XTtIqM(uv+DYBFUU?qHWlDquNz07 zy~spCY+r|fLam?_X;tXN?C=a9c_nK4t4&{ukqVZ>%V8<7bv{u$cb747_>)np(#lTK zbW@rNRovJi%Cmw%{etM&YN_sajy=l6n2K_7qPAQ#(wqV}@|Dl|nF6X=11YF>>6w1h zqUOfOFJ(Hi2xUDDwK|7E<;mKxA*HE+_Fg@uSUTpFb%}zr?cSA>urJ9^iS;RRl%H=< z!R}`1Wn|_ZCRg_1o2Mk|><>agl?c`_`m8 zIdg_{(|U8GnZl!e<#N1Tm^-_&Xev?3Kf&DDt=K#b`&>{a?+{fD!oaIZn8+nxy9X@ z3-f%RmP>qA1WYF`zHI&*5x!26^_T}#$VN1wxC{y5K^r1*%9Aa=80iBI&0=%Mf*&A< z2WC?*^O;_~kK7WGRmkkhQQ1ONYXU>&l9gDP)t+?-*=li(t`8^R&Uw4kzxCip11-?2v_J9`S>r zM3LHyytJ<89M3pOH5L^=U~*B{#PTTUK!s3_d~Ws)?Qk*zcitpM@KZU@sUZB=Y)o$l z>hj|&fMfw<#4g?-l|tG zBvv^ULWOg5z>&wE$LFbki2`=S?CTmS_=+zJxrNT%+un|%a1pIb4bG6K{-Dj}?=3`wtgU@UFnX=9?GbSz#I_Im)bkxp zqUn0yS7cRSt{=`I;6Lb|BTzd*zi9RO&I-4HO2ch#?(;Rl4F~-78w?E`p?CEmMJoi7 zy-^BKtGNsgQvFRY=voom%UXEDFL?DuZBQ82BcA1N9+d#&O3Z4Tex(N?;Vjjsgc5ww znr+~Rr)HE#f`c9>Zh%jPn(rK$)U{r^r!%W~M$C}Ue-)$YZf0J_ndSn zxvoj)jFCl`kf{RNgqIn4A5~62Uv1;SH!Q^}(%YxovpyN4T^)M5q~OM$zn5l@&}?J| zYKm=OUmn3^m2K9#lv!|0b(1qj*cY+zk)Od>mWI{Lg30WM1cRnyd6Y_(zE|`r7@CLj zwrlXtRe6QdWuH5)cYOOz9@!*LXjs8yM;BrEss%^Aj9xFRc7y za?csQdZ)2ig|)?DVOa8YG5_htnCASna_Wz*3hsJP{RR;If&(C$dr;JI;2TCM8mEF^ ztj`uob)5w0*q>6S4pUZ;byqE)65I0Nma&M#0@aU$3%KxJH)r+qj=bolvv6k8{9{r1s$_K{I0sRq+^pidkXBBK%%aw{m#; zEphGDH#Kg(PF-t)Xb`a>P;YI;gIOc8k7I1-F zgsB!1t>_G>%fi|Wkf%Mt85zv5z-}Ls-$~`WwNF+0yus^HHXCzakV3*wr7i(wI8=-X z$YtT$`aTs_!&3vjG+$<<{wZIEklr`y>U4mGlsY?;MI^VW)4@(sZj{t84GifZVnqtb8Lu5M0Mu$q@b6& z#nLkr3TUb~TIBV%ccUtA_?su03}*r!Vqt>={ZY^9813Q7_0(*Z9VjfmrH5YEUP8q zMWfEJuXn%w0uB?+?DN)6VrH~Z*o7e2B~CG6T%yeIvIs+ntG7R{(A1O+KhQ9684!6> zy>gv2{IK~>A(viS={*Mj2V$3{Mu#V%SCK%HZSHl2MP`SF;voq~HHAW125ljm8A3uB zuVO+X-cKzFk9;)guQa5v`gotjV zODKOJBR0$OqYX1#KB_iB7@@<=X3agy0_v64VhWe)8Fun>5OdBDHZYCo;VMjA5J!Gd zO*b#v{aN;ur#o3{M@V^IvHCCd1R~wwboH`B5$u!6{h4KV046L0%LO3Y+EBx{hEb!+o&I=(6H;?eHV3BwWhYqWpQPAqd5nwf?ei` z%#jI2l`x6HM)5WUFhIgB8@duP&Uiqw)P}Wkhq+YZGG|+2YQmhVX((qtHi^t*T?}ju zSK*31r;6AK72*p$UUw{~UCz+!Y9?mrsOZ##0)5U^^$LblI#e(>n_|wAlLmBj$S>T3 zeUzi;Mlcqs%4HdGuPjLBkl<0eiHgWoMiG(76Sv2)D*bo6qj{wmj>Z#E8{QLz((4?agtAeup2FIwPr zyYEX}#el^?WNuEF_b2Bd4q1@}jo|LN4Cu^xtPo*%%-6w9wAjyaMu~)?N43>SZL3E# z#I7g8NuW6c4DFWQg38R70jYaDn{CsoS=rk4)m`qDw8HQIfrzrsL~4zL-KIuLyCvKF zQqxLVhKwMzjxmSQ>7eWtDmUR1YiJ~hv=H)Y6xC6N*6Xn5&iWVmxmpT?bBkGS%3Sph z$14ma22BfOW4YfL_G;k<^1b*o24BdBvj5mWKcRbR!pLAcFf^_Zu>fyXHC|XkA6I^K znnaSR^__*$puq{t$7MmadP&ttJxz_Bk=XSamjWTLOh%@ekQS=BXSBN7LcmNzYlo~b zv6zf6sB!wnD7>F$9Yz5w!qR0=?x-(@kLCE=qSlWVs-iO@^yDzaRAO3jr*LQeGMB6b zJssdt@jD4~*gh3jE#VjzRkI+&bliINpZBashuE%1#3Smx-<#uEc(TouhbGs^6L4~z ztGX&wkh?NTz^;(NIF^!?U^#x1@LxXL{?gmlCK!=MW^S(0X9%5N^;R%a-1;V&>x;|cVt*v|jPv1tQK2Nb8^UES} zARh|}v}iM;Iv2S>L#(fayyR51T#N}KOB&Y6coN~`8t}ddfsB;`GO4cOwM06l5=5T} zR|QmU6x#FlsQraWXs8gm5S$VH$)x;24H-vGn>SytIJWXM_&fE)xl-Sn{4$Ggz&1jwMSw4p zdXKQ$Gr7f<#sW8={t~#l(f??`dgbzwlDcq{&fQLOMQzEp(~_ptx!r9Ul_~sVcsM^efEqdsh~QB zk8zxUgsX1JyD>_pIid?j+lgOT_gh(_C*6S8S`zsL} z6T@W|9ebL!v{$U_STb)L<{B&?ILC{~9O+T-q}g^!`sJpuA{5t0#7+ppqZ(nYaBQ9Q z>(Kg{rucqlFhSOk_0$XVzOI4){3J9CD367`<(Uwe!Fmpa>&^aI6AZpbmX_K2S-rSM zFG2=!ONJmK^`t%u7!_2nccvuarC}(v7yw5ojxuHpf@DEuOU}9+&r2uSd+J^%70L+Zn zxb{!cTKw~(x_N`2*&;%F6ucd%TvF zOkxLsYGrAbH%Pg1vU3BhNqe5IUT)PlF^H4#5Vt_htCKG+5UTL011$(47<7;~ul1=* zYf#YQDEIq?hzhx}Q;qk7x|3;hxU?gbN_EhqEsJzo^7L#w**^F>6e+QWUbD{hO$wsS zBoX5KN3b*R$DD?_z6MA%?ovZAH})M7k95A^Yq5ldT6pQi4E2K@WglaLLO3>OEos+M z+e8sExUeNZIdBFCm~;mdNDgT$|nWlc2yx~*E+p<2&rI30lZv7;!! z%MrT6R3itn&&=K>+Rxx)wj4j^up8E_+|zcl(Gl_R;4JMgf=M7cGe`QR`$@)?cmhU_ z`g}j|HBnkkVVH6!wWVsqd)Exj&`?X^1KWqbn4y?bAAipB&dckJy*#1^KhJQNnIy3i zNU)9pw>Xqia#4b#zixbg$fv3#7F0dh)^@csC_uVh?Gu1X8NHgT^NA~(vE#A&Ts`NDon=HY3|>C?WJ?SDR~*J0!|TMk z$|`%Orvk^3ODBkS2n;_C_EDCvCq_rhyi&tUpRPgx1wKZtzI@=>39P@ zVGNjU`6s>!E8U~M>i=SZ(6c;dfUp9bQvUjM`#-~2e+_%ollq@wY`=y*`lSCqJ`^+2 zv;F#^*y0UgCE|5sQwGg5-HVJ}hx5u}%G@$1+{ouhNXV;g*!@2_fgNa@}@?z;W3L9M+m0byD}d zF0KLY+}o=%^H&b)+> zXS(71iS#!k@np_|9L}U7jl~Ry1k83ZC|zG@5A$tt#h|?Lv{g zx{Rx$^_E-vxU~Hw6Bq=-TJN>Rx~09@lIE2#$#lvERqz&TM}TN3NRqNN165>*_p-xD z&$%o6z(l(!`jjQ>wmnoAL|(w_jLLFHCB^7cWV@;iKT&&a)fU6}dAGc>1Nj?F@fXq$ zhAN`vAxM-P*qK>{uB}Tz&l2azXUZfZQL;lN&z?`zsJ;>I!*&egBYU|aDP^L|vXYIO z6$MPmG;+vRbwtutIQAk{7Bbxt77=qxrPU=~f+2CAKzPgPoK4B|ZE3is#1ipfj$9k0 z+IRsnZC?Pd`>1h(O)H$G3w>8#eVq$bPuBQzt0F!v3R@IQIf__3r;N{JW)xFw#I`k^ zCQQf`ui7Ijoe|Mo^m;Q0d~^9P&u0)g71Qb}CS)5Wvfh$-*!Zf|tf1p~s=H1d=D|1=c588}UO?eTqRTQ7B5BI+6#Br(BD-e?Ir)5FXB-%q@hXgW1(lGPD zE*sgTYwh24q!Mp>h`1=LwW*0i=~ zTHR`l6k^cgQ}M+ski=0bsEFvrWMpxMH~jrYq#)#pkJ$s}5Hl5A0!zkH!(Mph(2 z%T#I7`R0krG+Wm%83|;q2@#( z`6yX2BvIMAIFX@tXTFVX!V!WHF(Ox8;T@UU3!gHAaqw%`25KewJk%gqx^750AS1g8 ztz+tu`VrOS5Fu7VM{^c@%LY$Q(E0!&XUQMX3Gn*W1g3srE0|-a7%{ z;XT*+5gE?;_vPMPR>#`X0`N@xnK8VUxC{ZL_Pyr_>jWhH5ME~v9-Fd5Qvzp5;>YwD zZ?us1>wReQyR{Rt<3Kk>sG#fjF08rpZTy11BPzZq_)ZSHwoxc~vl{+!y(!CO1%=USJ^ndzEl8$EA~fVO)=PHojXu4)jjWGkky@0B0}j`W z?LR`sM-ct#QJ|qtf#$g+`RMeXR=v}bcFuag1dmZ^v$xrdzb4C`+-*?zoqydn3da4N zjZ(pr=iu{*udAGSyPV$w@wJojY*-vfFbZRQVp4rBg8O-OfSFEokHHngsX{&oXY1JS z*~Cgc4E;xnn^t5a8wk`NdVxx~Gq1dk852=^k?ESeZi&IZ;=AyVoc$**^hf#O7$#it6@y&45f~4yo^K} zjN;?jp^ULSr|peih-ul)K|W}H7X?lmexh~IoEir{)pvL^FU;Uy4LvAA|IJtLit4#R zSuLlu*fS^bx`hl}YH6=4Cr=Zr^RJV94~oV&2-r;>T1%g)e3O6I+HT05JH)DqKFjVBa{ z{?4KvSDF?^^r(*c5-74fix7r9Lh4)d2*!{#oeVbElky=Fnl|0AT&XhjX|U&+!OaM% ztcK3re$CN~$8H|37}atRWX}wiRj%K|MyG4NCm9XMn<_pyPGbif)mOy5 zdqry5bSX69s9cOM9VA&*i27pqnQaspLNl(r?2SeptW=YXb-up-WR9&6vRc4x(au;L za*C6ZskYUxOR*I@1)FdfK#-f3hJu1!j#e%j>t}WG>hvkI-_bEa`S{kp^-MNbRrw@@ za)j*(`R8OD|IozZiH~|Q-m}$ux$7;3`wo+iPb;ufREkNmTf)%aCS^%j)P=@;saZQF z5L0MWj&bXQ)v+Rlsw&;I|8%G&Ry+or@^Xi3IBqUeS`o31XIi|)q`IwWO|As$&~vfa z(!!I^jw~nkx{KP!vD-2RN^)UPbTtL2)yu1d4KCF7s)Sawh`z86NEpGH=CUqEY?arR zc2kj?WOY2nqQH{CQKSO{*%gdwHFa@s{Rrp74WVcU3erMovs{q%>lv2CZI;D;mSi!! z0FmoFM|T@3k;v%zD=L>*L*Pw$LhKUEN_42G;$x6*@-=lq6{c;%x_QWBrxYVYHoBjEXA7RWILHs)aV>^JVq9G`kCYHe@f`&@amXwvP_3 zx$g6*-1%(reE8HI6c(H!;)(6lGiEVCAWA$4U0!&|3YTf7Fl?6zH31ArGceKXJMH6G zL!b5d)3$*&6DC6$6{i%yd>pDUEBnn7`}%;>AMvIEtq@cZJ^PEjS9rmGY;=*P*_(}J zpY*Iwd)|CnBxV)qw7T|Ejo@C}9LxWFqPQ|XHV#LBV)fo4cdTYMtFsEbX3Y~8*by6} z=O9%6$F^0o>+{L4u>m}jqUN+U35>APX5U2sAN^3c&Fl$Z&XM9(I__3WwuKO>hBUQ_ zx5wnpJzt4n@7EkTx0$<=&&)v}IO%Q^54RVa>Y7CSyq5B0z~boubAI?H+y@B%4&{r! zXwVQ=+-WFFHcS*HT+>E0hC}r7m$I2oAuvbHp+LC27e?65*t5OPsMHuE11q>Y=45u@ zG?od1c~SZoEfL!Rqfq)TX>@PayZo8ovDl2H?6=ptHCMjf={5`*oNYJ17-ZQ7`Y{YQ zG7O^Km=e8rRXyL-G|%HM{(RdO4%3%T*7}LXuy$b!x>Kr;Xyg-TY5!K97&*(-P8q;N zW-tE4Si9!$=t22@v!il0=X11M+Bu*uP-M&9dC2*LSoTkNYpRcen6UtF=8n?6o9^)8 z$iz6VGg=jX^|aeFyT1O*y?s`|61w(V)wFt(tstvqc8xKRbyJ-n5q2Ct+arPXQLKZ+ zALlC;8xIzqL0S^^J4w&7MC!aWjD|?I-*IN=s<+gBs%s{eViW_ne~_h&U$~PURX~@k z(r8Jlq0u8!2)k+k7Et`7V>Oc{Rwm4Di$q<#)|v-7C}sl!E8$CY9EG_!q?5D{_Np(* zKDAZ0-4{a@&1Jv-jVH;te_-jJM7{bRfaZ6tcF&00TjzkS5%_dEdngI*}j7>;W(v=stDy zxe2{O8*1HTSLBjWaUaDDUixaAk`EI0(jJ0zp_sq*g_Rp(C0rPk#b0eoM?2X+?*@0@ zm*Kwf>hyI~Tj$iBJJucH9w80t&CKO(`jDGXu4nrVmk2CNPx%Q5KChLMdtI)jvAn=L zW37)R1)z?C5`?MA5>n-d>}m_76RQoP%IQoyvi1Jm(eM`x&jWeEl$^b-2Di$R_$D?d z{FDf%nr1}gU+mZJSMMq&Jrh^Tf=-gQNFgIvqDYXj@`P~GcVvYj*VcUxfXYo+@eeqf&7 z&Y3))4;5JP%hG??qnw=$>{Qxh3r&bpZYM5NbY|Emua)`GDZ z)@S#JdF-%HPHJ&~vv~^L8)*6Q&&<2SGzLW46?4i*+oF2KOX-zPxnMs`d!xoPlR6qv z_gV2@VKUN*s!tm-ps^d#Pvk*6`o89iK)s5&ri3wYsm+Ip7LOh76m(;G0h8Sp88oeH zlQS#7Qz5;v42vYxo#$v&VM^ywwwT=R4hlNCA(`7vE2oCsU74DK<-{1ysr35&WakdC zi-^Um`B%Uj4YhmyBw7~ zk!qRSYTN_m81^QP7H}O(+Yz27o~X#d!DmkHUA`rlYu~QWK|05pSNd>G7NcVXd}HZ} z#KiSQ*~uCtrp=ax#GaOjqF}`@uDwePm2lZ690N{jc@USnbkA{;C$88XM2n+@f3wP0 z;4|5<=5o8!JE7Tzx9eLmf&v?(b1NtXXlx)V3cifz+v_%2Z{WhwEfqHnF*=X@6d|3F zo?$o~Vq$!-yo~Z&_it6pYU6!Mgxb*eCMGXfo(>8+kgy9vl^V2nsdLow+xIL< zFVxe?9YNc5)^IIrN!HOQHn9s)6~ZTVBRgnwBGP#MWRl|hh4muxZYkGm{WmLExLQJ! zNu;%2-_KI~)r+M`8ei?Q8H6zAk34HmShDjutL%y`n#nO-sQQfI4y(Puo|=*kZL~eL zJfM#DC7%M?t0HoNwnjC2K<#GWW*x@k>Bp{%Dt#>=9gf1ohW13_Gmh=01p5(@z&F8M z(E^?g3yKxG3$KCgRPkQLr*-W!yEjf_I6>8TVp;d(pk;BiXHXbmxf(yi(&D9X4l z&|K(FW&DlKa4?N__ltKSxHilapb?ra?X7j~P8DM4XCcJ3f*cw>Ul-vNjED(fz0x;* zQDJG}t=$kpn2)bOy1LeBfFdjX0}3!b6a5NfWCs-Xf^H>_MU9s-Hyn8Vc?|Rkj7In^(2QFLsYDLlTtcx zK69)~z^Wda^%|eQafezI@Ok(LaT&-v)g~WMVGCWKP4EPHFG%YF{`u{Oms z8j*xk;*n*i#4y9Uv<>jlN;VeWy`>I+W(|m)>5F*C8yOmdazxR@VKe5;y{weN3~x^v zlZ>3b&TPFzNh{c(l4OTo`%;4`%*>%dEkNOFc4TfIkgptk{O_zWoR5$`=egg=yg7X#BD3za$989jI_LFctqs0o=eT}w`RrV0J|z!mlraq>rPyMd+uE>t$Vc{45c%Tr#Wi5A`Je)@ z{y%?)enhzb|7a}ksnkDdfr@_meJv7f9Tbu>T>&9i{n}qqz{|hmd*89LZ&Td~Oa6DN+rRzEw0>}tf1ro|N}~SL3h_Su z-?4XEhkuFvLv?WHM*Uapy_@_4KmEVgebfc`>4o?&v45`ns1@*2L;66F|L=7l^#cI0 zcdDR&iT!ikN0s&$qa9$rcu%Xp)rbB;X@Ag=-b)qk1zq=l^QX+>u?IDufxUyC`7O7e z^!nyWG1;wJ@=g$PFQWK0k*JHciIJs(wVvf;`u$^D>bv@Sq}l+C0ie6*+B4tzOaGP+ zFsKyP$kOok$^tYQzt`#Cl2i?ViU6Qpygj4x4?2Y3PsMMlfxx1S8SoUwJ9?AazMSthZ`*7m^^WMHo z{}&$Ji$wn=_K$n}R}<=ck?6yf`|ouh72!{j=)c7Nx$Z3-{JrNp8{3D{`R{cf6(3;T zd+fe1yWeB~T=y}CK2nU`i-Gsk9%clWq>I5&6q+udC92LtLq zgMWc4rbkcu`8ik_RW`TkO1-h2H+#PwaeT2>o+UzhUQH_``Yqe_`j{B9AY`J$ByN zXaL4_u-+MCJOJN=X#02UyxZPCr1*)QcQ(xbJH_3B{Y>#EcHU1pzunCv?EIJA{OV18 z|Gx0IGyFsG-yXsrj@b9vA9nFmF3bAQv421b^P{2!+~Ie(_WgDH^?v%NWgivbgIf0C zlK&q1=cZKN96v({&lc-n(}`M{d3iSfz8|Fczl;UQZ?Ss-(kJG zbszr;;6nU{Fn3<;xBI&F_`a9I0)E`x!+%?Qv)&oCKkWYB87<7Tw7*FoEdW-6u-7Fz zA0nXEsGEz8S*ag#YbfLctoqK zSr`akaJzr5J!@-QoSofb30gcjSlZmY>RO!11G8vbXolgtT&xeh%6%~p_e`hh`sg~h zZGWj_?6`MvTj!;ztltE!KSW#G%*Q5oy07oGb`H&$IDcGi>o;}z1zuq{PB*nUU3x7y z>D}lJk$YUfq;0#_8*&YEk??$N`b9w2#$WGd@S_zAi}?8tTyxNc2_u(!u7yS#@hnaX zlSNCGfy)oe8>Iu0XI>R0U_q?mbe%1kQ@mh$^`qmwZb!@&B3!j6Cd4`~@P;&y^)f&k zEPNdk=;lU!FKCCO$A`y7IHo4&geRndX+!3#q8qG)Es9dJoR1-FCN~g2;hcCa55<5T zeCx0Ott`p2kbd&@VFt8)TkY_LQdrl7Rgi7yBgM9+Qxnlv@~` zeZ&$CgGf03Is{z*Ml-BGJ*y)Ise^iD7XqYfW`I_h8wfmx!mH#7tWHN?>z)_1fq5Xv zR0$}_$~#o$JyZj}-4)(_DBG>%b-Pmz9GIw380^%N{EUDAzogNT6Ap%MbZH_X6u z5a09rZ+<*?+`&2oI;{j_({#IS!<9A)KgZf8pql*~7e z+@R@)OA<_iOyM)+%*=fz@dSpXZ~8Sun|gJVB!?1(KHUOhM~eu4T5ffl$PEv`_>p$5 zCMR%AL1;;~Ut_*O$Rs0^j;Nu1+FFd&++l9#-cU!dTgqreMh3Rr7;U_K2?jDd zJ_4<$Yk~KO+hB#Q2Abb=nYZu~HbV!J6_2O7H!qZFO*H6BXmGIRjTTOY zT@mVLxKt)94=T|ChnVzaYVRQCB;zOa^~!}>M>1@bOa<=Ru$ukuxP|Qd<@k<<6 zud+pzy@+r9lNl(*`zFPWE`UU>lOLTE2d&G??VOD7>N_m!pV~RSE-u~|`otuT+A8y< z1W#nsCq+M^_RGu?kJ^&NL4icyxYe3+LIZ#R^%0|2>D|nq*fq8xvG=8)&wNfmPH9)A z!0UXdOwM5`R@%B0wRg*T&|XHuZ(+TRyyC3&quE)%bG}Oi#~!Pto zF^=3EPQGao$Z`5?M5?ci_*d3Kr2~X|*X3y?PW^Sg2s?}>B$B!pUu@wSuhXjeCD0n* z$qt(C&}V<~iYB@qYLo*L`3ZYd(wwG>M+(jlVp)JdQ|bnNnrTGX%*iYD(?J zj}xh%>sWFWYYK5hZq`i;|J1Lud;D;It5?X-B$T8yPz-Bp-&x2x-{<{%d#E__dKedZ zE_KdYAJGpk3Ge2{%AAeEP_2ldFhQ=G{&R13GDajHb3ENcpwgky1Ifl zyz=M>QD;)b2T{^}YWibdekAH?|kE>N@3DDj@y;&);(4z z55`{4^>sa34S&c(nV;Vpuup*{n-Vy2mv?``xBQ!O&z^hQG4#!+hh9_}PjEkoYdT0E zG{|m$4M#m((_&aS@SFZ=>sWp>#)pthR*Gi-jkg+kBDUG%Udt{+12GSVf-om#Tt+TR z5rK~~vt4KFOkfeF2yVmO|Z68Ons6v8Rku ziZ|Cr=Exd`3vMw)z?;l+JqX7)R@sy z&(M-YE^CFdeoNbdra;Ki+1Y#(4vEXpOEx<>q7v^Yl~{}Y8P4PR8!pz*hH8!0TuTpH zjJw`iK)Dvb!z7)$%_mMf1+ak&mpZdUuS$z zcDLMrM4!D-W0M%KHx;L}l=$R>?KG4(6F=jRlc}Cz)B_XO?~>T&=J~@V?QvF;O+f_J zz;{NIuT$85&c;~pDdSV^H!Le23d%-ef3kgUz&fCwguJNm6J-;jt8>no+*S$q6|u2_ ztU;BNMe4peb?}zx=cc?{cGRrui&;ZIsMxnMD$a7DvLLF=??&X?=)FJ$63hhgN- zTIpjy(s)xB*Uf5DWox20-^L3=to`+p z8h8GP-Xah3+V-aL7{lG%guq0g;N-*BXU}Nbd0H zejV&+m}HXcY{L_~zPvUuOeW==agWl-&NZBlyS_&NafJZ(qi6U`WJ%5^VWbpE17n>@ z9D^)KG6)jFyUcoW#6+;=HyCwW$zpZ^}G{n!BfZ|3O5PR4cA-7eoCgfv9h0b(xtWBVV zU{xFir@XM|<>7Mh?Koj>Q`n36a0dC6H50W8$9KjNg)>q=-DU@3%mr!po-y|`+XOjg z@uQ4fi&%+8z>RxkZ-d&Chm6hJ!<7W3^&H~MA1b^_Af|h%LyO+aMjUjXaoiarI>Dp| z&8_#QQQZkcrB9v2RLq<=6lDzFeA|NID1)Gun#j9HfZT>v7vghwwa7mt1A zKOTB1&=Wig;+UGs6@AJDmC>uVc{Wl<5?-V&WY=Nv5k2$=Eb+I(RG%j-U3sF!fnQSS zpR99dwv-UXes#<^!HLgFwV(Bnqt?RdQRrb&<~o*Li=N(T(jAs(G%!H+owUPxapLy& zVa>guhRh}B89V0%;V+equV@bQumxX~VsnlgzoD&P_4pPK`vq@3C47yIO`JYnAcJJU zH}esUNrE$RVqT4Oyp5c3<_vYVe3tJ_yKW=&b)T4UfURZm$ zRm;3lc5n)zC@J#Y`oyaEE=88`EWR6uMKENmT0BC>PHgS^5eR3qtCI&4`6S=%5pq?k zY%y27q^wU`2j{%A-&W+S78^38Ez&HLQpdV#g=iBwTHqml?kHnn|K=Dh18*NM-%Tdn zabrMQCZfVp-q*id*MOEY&v#cG2wHko_|e8pNhJoEvRsrA2flh}Sp1fJU2HIstJu2n z(p!1mj|}*1vGKf;d2A3UwyANs^C)oiIpfuz4Ro`XX1H0{?c>3fi}Rq`*sIJEKf`}z zAU{UtW=k4Uk}Wh-49c#{)~m#7rZz_p4V@;&ETov59F15F6<#f}u{ZQ4 zzI9pSydaKc)#uQ!2^u@@!O?qYc7KjI;9k|K&)P>)z|%OEyv>(Aic8#@Li44zho?wtlN*qU_(PIF)rs z_I&7=;;`MzBjh2fO)2w>&E0`b!ZWv;&IchUY^1$VRYew++VbsOQTO_Ip!J{RGNiX; z-jBO{J<1t%S5J*H>)Lj{{w2RLcBu zrRX`apBU6iTN~2w@&FkUx+dSIq{esIQ5oEGk5IX}vmMQG(3=i}?8r-xE*xx!(mSVtr`$9lLhvExw^ zIxSSDVDZI0tE!Bp@f#XcIJLSH6`RRgkmmAv4JR{aZhQt#sQL)=y(amH3qxgJs7gQ2 zuBrc24Tl|km;s|Xy!8etzJ8e&mR65Ak(|z5mS|1hJSkb_Qq8Co*;EcWQBmgGuTxcd zEOb`-;%CSbOlwHFgas>FSw#RrD~BC9h06?1a*c@3%uw!Dt>|lo>(bq$iFxSP2eo(l z{LG>yl8;4N!ysj~Ht+V0?+FNxIDD1Y!{B4SPsP8@p`l0U!$VE%E6Px$Ba2VIpRbHx z|5ct!)-yEXtwr4QxJ8szFfB!rcttgrlG8{=VWwKkjUvm1x=*WZ{w~T4W z;o}d{AT5}Xwr%Q{qL^qTlLbiM)iim;1L^bAQQvvTB&P-#;V3hcA_ZhHK}YT&eJl-~ zmB7q80^clix0rBltG4C^t2`;gRfGM`+n>{?_;qIV*)$uJGVom{E$5+0$^3?k zbmmrNfW_c??BCia(JOh+yiy&6&|Jh6W-5Ztnqtw`vG0tdltTtdJa;16 z0QyRs-H`r>DQit_bWI-Go%lB3yX-Lu@LgsRk|9bQgn#iaTSIeuMlEK%t7VDuB&>|F z?iREh18bvyYjZB}Mdpl%Vg4}b%<#TrZz%B>H!dp-=;Wa7chL8a$s)P}LpMp6CsuOr zclH?3t(?6lW=B4A*|A;5c-nM!8q(AnXS5UQ!2dCeWzxAcTXv>&!E{Dmkn3SKl)0H` zkU5rF=S|_kS<3{h)y@IV zh|5qD*RT`KH4&E;Owyj14P~Uxjwe2=!!Cw<+f1?lUZBvpLfM8(vl}&3bsFw8ts+HL zCU!G`yAkzUu6Jd3v=vz)_m+cr(Ay>RohMVdWW3^@zIrcXdQ}{zq?`wSkWFs&eB5vP z#!hCcBmRxX+NbF~ivLfS2K*a#lX|s7*shpeS$-}P>ygEj3A8qO99_i$-$-^nM2oo? zIx63w*BW+tB_)}+@v1KGuF`b=!OFU85Akbbs*>6~Cz0_9QD@dK50 zsRQp@oKqsUarS`!sZ*BJr)F;>a=~o6`t2L77|#5jtQvfLP(~j}sT+O15GHO}9hRUj z9o^Wg7vJH(fw+?I84?Sfy}FiB7l)$H8=5fJt%gqX2rvv_t$kgpUNro4WrND!&d?tV znmExvLs-5oN&4rS-keV*y)rXpKkX6uYdF$H0IH!EaThBZ)ugr$LZIu2v4`k4j$}a! z%8_pyAMymLGG2FvjqVkr29c?Yzq(OsVW&)kwM{t}s!mi}aPRYy0*qTsc*>aQCxHa~ zF-w~Am(BSxP%Lk9Vqs+8Nay&EWy?fUTNCycj8kOsB+fjnc`0Y-Xn7-2$P^P9lk_zV zLJ*$6!JHbceDukCd_PR`>^fex1zajZr{E0rW10~;J{`~RPowgX34T?QT1kp zS*z1gZ68>oaputqY~Aj9XSF%*EC+9!?4NH$BFj&f#__)FQ0$=)k(2xs^qo3KH5bCF zBcC;XvuNYejt6WRPiy5;Ox4Hk*eSx_m5A9O4%cYMObKf_aD%!tx<%&+ePimVgH%bn z>x7cU2Ojs$7k92W5u7iwC(eeS$_l#Og{u&5GdS;8dYLT30s0G66^N|!^wv)`_jY;{ zr&-^#NgF+N&(PPxVE!267yF#^PH8_bc`oCM9#gkkJiV_N@h3*Sa7Cj&e5WSKWUBiV z2TWW=8}Ni;3M>y(N85aK{eA-8y&-r~fa*rp@^M59nMzKx_|4IAT|$UEZvBUPmlF-Q z5-mlxM%xaYq~qM`>Z70Etn79V5?*}RwmCZPbhq2B-L~OBUEf#SUHH^*F#q6meaDbh8CY~^4b?CAdz;OT~zKrvXvlp$p3R2EBlpgtdIiZ z|7pf?)$Dv|bTKQqMgrmZ#j*em8~$Tvc}-Lt^8D~in#FY|S0;s=5VIceun|K36R31~ zaVRP!i5e>a)tWD;7Jo|&Vh(w23JPW*{5>g% zxzImjP%s1G@3s(>r1LrGg{<}Y92BgUd45TtDbV?kUt_>a$G^=%A;rf3uQ@0v$YqiI z;=^6Y!~;YABKUA!NMHXx2ZfXrhv1N0YNT^PXr%wEi{DEXNXz?&8U#$@a-<5OmHw}; zt_&o>2TotyxGQD#r$H#l{l(1y^25NK3h+(;-S*mW5Olf!*s_4ce=nZg@3z-wlAt^E z%N9Jm1wZxQZLi0LC_W$$1U%4$5LyM542Z*ceeeq@BM!6$PjCNhdp#}$bLbzs#pUP{ zB5R0YC<~aGz{Lq>1f26s{>kpQY3MawaR|P}KLY1qfnSJNzq2g>=L_euxc@A0{s$jd z00;1UWdcw9KCjGkRp7_0#9#&q$6vib6eSq8AgCKa<{N;imYmsyt)IIBmH2fS z-a(~&ffXEx*C-?Wb5G4qV3*rl1JoVpgug8U`y?^*7;L`cs_IIcRKipqAgCY9Q zw%6lALL~(44fJ}2hztQ)7p%7nsr>&yEC3V4iyXAXArK2lDrdPka0SdSKM!_6i~9|; z089|L3i9)da!U+;n{oWX2P9?zAeF?gq0PB8IsgnX7poHVhQE^0Rc{d03F!^2iw-7= z{WT*<6g^)i=V)`Gss2}62jgNsYVg4i+euPz{J7a|L0(8D{w10b&4 ze`f(vp}@Nj0($`PP@oI)(m(b1Czt`b|7Y2;ftafQVtZ}bfz<2IZGp_D3x+rF2RL!y z4{+lDaLxfBjr)sG|4wmY;{+E-h(oJYbVSV5Wb-73u+{4N`Xx z#-(yL^`0WO1F5^OC9i5RP{T5RCAM?Usw>KtQ`T~Gse19^+kWRyTNf8Qr@h{HJ`;k- z!+Fg#fTycI+l-hA%$r0zw_i`K2}SD3ro@8J11w&19W&T^N;Xo$tj1&IXtwxi2%T1O$9 z#zHzPAT7JzC<-Idfxg_3H-VGui6W z0Rfot)Atn6>8AoDY3J=s#|^vsZsTDWVRcB=G})00mzSEBtB^QaDh#vvP<;s}Ar%q+ znmwmO+NA_H<(wQD(~6zeY2pS@e7QoYCrbzK+&(GLrHH9R59`y`7hcv$jD#E}FvUJB z!J+X`KRT*EXJ`tqLd}E<{(bStkS+{+^t66egIucJdji`Tx%cbdGs(Nnu-UH!b&RJx zeD~R>t6W(s7gLbpX~-XG-A(VtSzRuDOTIkbe{X~RDQXbcT>es1H{T=XPV%L+=%O#i zWJ5JYZ8ef{0^FKIMNtdd!wtTQg)ja1f)r64NPXMT(JZEsG;hNNwyEVITMa3fxM#h^ zL`YQ`ewBV#NXaOj0!p28yR0?M9ZnT`%D^Hw>$QR@?45e!Cp5WI(rngQ((u*Kuq#^v zVvUm|x`f;JYVK;7sQGF=Q$S?P8TU}tM(07)&z@3|@J_+obbZ9$*QxO&R~?-i53^=W zV^F=@Nu#}cCLohm;cJBaqk7k2fd9LD4Az2sI*XrXYtC>qXSok0t7CJYLeu)#NY~yk zy|ovu-G0AT_|7a=e%%2E^`KF^Cw){4431oy0@mj{er!AGX=`B}tp1M_t3xF9K4rwe z^@$sO(nMLHM(u7LeIab2M9Baiy1`BqSevcpR=Ywcr^EcO0AV;l>?lO>`|G z%_z+1oCRihIL()U3au*n?~>{V_@c`GX%x4q?hV~lBv~()A&6f<)FtM zk!@ZL!JDp#%%h#6z&L%k_^CR=$=6y;; zq&ejotWs?xEPI)p$0W&4KXlVvRzJ+P8F2n6=ri|{eULdoIS1FCbQ2|WTU6vmPLNuE z)kiA7fU{eQ*&z`NtxH`7mF?AUi4k6KZgjQtf!L5P2qMh}9O9o}t6xN|46NeE_hSa9M zsgo3f6-4H&ZA7+YhFKzteA%?DR=YQX(MFXN5^3s((eKstABdv(CcnZxEL>QLa#SGX z%Vw5G8S3jrZg?22JRa?yDKkbSge4J~k4s*LiZjcD5m*2fWznTh?&H6&xAdcw70XsKb9L-N=nL@2`>t)#c3 z9$*g3h?HzqL01Yr{OSBE_Im;)?kn8>^@?7sqfi~B5Qn-f3l}$BJ}Qd6~))R)tk*F<5CB;>o@|nNLP%H-~NAp%`rP zeNhr`b`$?W@rU_S5j2(qrgxssT&PSWf{Ju#G%AXT8){>d!!gWsX0XtzpY(T=npb-B zN|$Cy$1=!bXT0XP;W7uSTT;A}6-7e~L~kFUIrXfJPt^N0>c6pl6S$CH#Uji%40nU)b@F_emX3bQ`*zA9&Qh zBOVF+$TBr2T28!3j(pUQMn4m?v|3sK8;2r$g3ZYH5?1tM;Z2e;XObMmx8_-s;-!+t zL5LfZ&<5ISk<*&*3{+=bXpTuqK36{Hah8H6v2nl^4o}v#)sB*fucD%VgAru1fHwed zMWN$Rij!UvXe6|#_q%qgur#2JvX(EL?kS;1$8YQ89*Zn zK5B({;Dg-3g}*1LU4@7_3u}tHkip7FybJ zf7GM0*7fh~7x#@@7-_2xk(NkRzbE=3%ze;!H`B`=FE$`jzec*K2g&e|uj=8H!W@1f z%+4Y8w}8>8TWBs7YLQa3dTWw2i|^)12Gh){*vaoZAC<8ZyMJrVubS9?PJ!^A9>%F# zUq}}>LwS(CFu|d!4?*&WF#+n%*@p-=9kN@-$NisOb9JOR6N?$KZl*my|KR zYaJqHI+31-k0tVSFoF8A0R1I(5nHKMOzlTozDL;ieePS-(5u#u?UK(NUpca7bgmIu z%r8b-NGh@-Ms32ey;1d&r!zmH&;BI!sAIn{URZgat!>;+z0EETNn4W{%RT&kemqb; z?6~?KO()*sYhf#XmSSBk9cxt)P0VU)KB!yE6i=vgCZSCt?~713rdVp}2bSV+_9Gic zd*H6UUr#<;YFn}$GtNaaCKtvo^)~yARz8+eXW$y0-#$cK#U@{--Z079>FA8?q{Jc2 zgCF@URVCr}XQMl#Ifrg+*ffQX?XVo8RFfx;qFOy0XdcJWO=ITHXsk@trOB$k)lD6f z(!R@z6kl?z-jJj&@*n$DvP;erRxMiN?)U!4=neFze%jGpu_!4Ng%xkBU75PY?k7Um zTl#<#A%#(W%$C|ean~ei^}e9p0M%y9QfU^3hlFTkCDBp_L6|#D8@(#4x~PZ&P~rRS zeR5pDjhjm2Bz6|O4X!Va?+BYWnovAq`r7x3xe_0Vcg&eOB`*tYw3~&1*TvL|E4}Eo zLpXD=a!{Z}9|g6mGCC0fyY%Oij@L=shd4FkW9883ZrJeohA#si#_hy+*4@bQ6-Xa= zM61hndnp-TV|N9O-D~7)4tp_Hh~Q)cL1vp70eR2&6BzUFo;O}bMy{?hh}{6t=uNk} zV$BFjCcpPpUSPcQu3Z}SW8vA3HhY8BtibmVI;9>SZQKRrCzGgY{B4b}U8$n(Z#@O1 zmQ-?R;X4SYU+9Fl;@v)YTo(39@3Hiztub(7Q_R%%*j@dV=^)}`UufS`i`#jg^s~{< z>&bdA+a68=nAU?fqrZ~7vZ+yIqX$jEP{D+o#67WmE`i$Syf`!YS&X{5t#dMoS~c<& zT1v+>!j6>X5qGFC2T_zKHHX!6?KL>9-gb#9Gv*tPf|MG0`ARz3T(q?qP?^RDxNLlS zr+1P(rwQJ~KChU4p`AwQLyU9uWfg-OyT3j!p<2Wc<<&+$()5xM)=7G{nktzwS5oS( zEk+~nsyfs}`gXzB>`m&M*(ijSBUWagSR`5HP;3;J^mL~Q*FMPKCu9zq*4-OiK%Rm^ z?+j0+iy9?euI1N6T-ZWK3w%Te``87r0-x8#$DeWh!%xCNRk|-PJ9`Ei{oCsLm$}m& zOlB%YSYVIdNFD8#A&&9wi=Au)34& zV@y6`QE5_lXJZ2IFh%o?*$WQahjqsIzx7CYb{yI_Ky-5VsmWVj9Q7&9lI31|=#nwJ zc1M;4q~~z3u82rd?#ysKMz}8#Py^kiwDnXI=#L@~iWt-jygnwAZ?2(4ow9f2+}-IL zR+W}2hE*F04A5bujLE$4H5Ds4&1}K8s-W7`!qN*HH-$U9eV$K+XdY`|Z{FMq^>VGQFk*L+t7~a4 z@lkm-Rk*o*11W*_W4Kj9jSZB3;X6+wrREq@6y;NOUAlu^0e<<=9DO+ItP)p|_$>Gc zdi?RxLJ~8nXu25jBo)^2jqOK5u`!(fFr%xsz9zW0m9m@oc)0p#n~QRXVS{vVwKiCs zO0r^%A}2Hkv!6W`Km3qlP|E0Bh5XDzdX$gR<`XUko`6Lw)@Lo5493?E_XYsU1i4`$ ztONMSx8FM1q53>yc{Pfo5o9&8PPxrgz;;@6>{s6WSajatp7{=+L(Kh691%l>J6pOd zBn~_gA7BJI1q1Klv}dQG!~=A5gmG;d%Pjk>CyOLI@(iY*rNKK5d!kQ&a4?YyMao2% zkIEFHUD0Z37kNjf+f8@>v2hRGlD=+E^$1yZ52a3?HNEYDe7sTk79k3zc(N&)%Obr5 zv=h=|SErLXlaIH=Cwxz@`WtmCTlLuqZ&?tG>xLgop+isQx-HQiuSW4~GEcF5Q$p2? zd0gQA+@CpWfaJZ*o7QSF$1@kw<0z8^N?q62-DW0Cou+<%TK?y;JM?5=6)#k8BRJvk=Z)fLU zt?NCL`a$E86hzZeP@&u+>U=iWULX9pD&G`dwbbG}JF@B#dD6@9NJ|>do=D-F)V9NM zkxf4;89f}Hq;n((x!s5*9^zyE@Qgq~*SbkyrS9(Md?x9z1TvygOIx0|;;J9(SY)J3 z!p68sGMR*O4Y-p}gD1mTk(4!>=L{9FEHH9mmV#fR-3$IS`q={dxU+C#EFg+&3CkNk zfxjKcra0z4AaAV6;pE;9PK(HiyRE_p9f6K_^%`<#v`RT87IxBn(pboy&s-dk@s)F2(SN*7hSYnh*vJ0&D%YtSU6=Ce>x zSSd60a+^*xzUQZ#$lgLxbnN4h-Wdil>Db zh(ibSL^IjKZZFv1Mv5pGqKFA}y?k2O@(9}Q35Pe0l__2lW=04(WtD*WP=4Uy%Nd3p zyCG_OuFqd?HU9%d+@B38aG>xhMh3i&-{8TFN~1lZMnl2TOHucM4r=yalqp>aAE;cq z5yxqO(m+zUd&Je%g{(Fds7@+XtM_CRCG|j7pH|||qiUj~BMg{Was(>aE?;T1lt3ed zCfpGU7@WGoH!CrW+c&2RvSM!TxjRf8~UA01HI3^gqp5A*liYkj}{e z6OHYv*_B2{#LNlQ13#Z4TpT3-S6hfuJ)a_6C{UbF{lKyv=YP9wrh`R0E~W_J2KjGO z1d#c~{rSJ92$13)5dC|wz6LNhShNG&zXxfODEzKF1WxbrnVb(%KwH)UU|o%K7w5Ma zJog0rn+u2n2G4RJc@_Y$M#;G=&`9h*vw@WTxa1uGz&GwnZT@NPgWUhK_QAY^f3dx` z27lA}01r!l>0bO=UDtPAos zT!?8qB<6r>6(TYO=3E>k5BQ~D^XsnshB+YUx~!@5DK^B^@)yqnG*E|#^*iD~Dt>?$ zHw$PM4qn_~z`5?@3gCb;giHhyaDYlf0Fcmt!sS8o;ECCll&-jg6a%>iHy052myE7R zeq7Eh!3W9zH9Ew&^Bin0w*Q}l4LgWgaQ?T;;U8Gf;R0;HIsFDUkisAT7ubM;T;9xI zNO37A0f3N`0Q{ohNJ6NofYZC~;!=_W0G5XUBgDVCIKP-n7uUos0AR(B^E&}5<^Ohd z<%JJENFHz@gaJ89{}b3iDt%ls75>Hc+Tw$h__$;$Ts*lewfCpEpgVMN`9NC`Q{i81 zuf@G8<^ldT0$0x8!$Q>F1*7Mp=zcf79u?vp4GA@%2`z**1k`}}Pk;-2x$-D}LmH48 z3S>1vAPp-U@FVVG1%Q?XDA?s%kbsmV1Ar7-ApJn{BQ93k%S4EUnv z1YB?zSuaT&e{%>?p4ZR@JS^t`>E(ex0531>YEls2rT=`~uz{-P@3s)H^>e%d@r=O~ z2@rSqoEgD+UKgMrzdjQ#9sh8v^(PlrQje;X=pl7e#^-qTc?4BEiP;8%1K?hM)@l`Gihs z5!4rs_M*cCX#oWNP8Zt+C|G*|qK&3dgpYPMGubz2P-Ej1LUQ1iM-tEWYyV@#2M};5nY35v3YquFHAH1ktW%!`^^JMYi z@m3(CcH>bV&+#$vT%#`;Yi^I`=K81J@NYYtFjlQrtZbdyJD1M22+r+eYg@hZeKG?i zNzCmNC1LI!%qMMCK1qr+yLr+j8H6FzaaQ$$=UJT#rPmrfUVWxGAHeOz`q-BhpkYxb z7_8uBef*_NQ2L9>vqiY-u(rFB03S%Q-j1<53qw?9U(?y97Yz6{ z2N#y)V>{4{>Z18Ca&WhCgXV*;U*YpyK@GR|-$wvgL?Am2dEhyB5a9R@CTH8ofwT0e`HjszvBHha1 zj#vCV&W3NG;G6{b6n!sg0^a(EeOaF2U}}?YxNEY_CQ2QQ*D#%=2NFADs_lEjPg!j) zF6LIenn6vw? zS#M%$I=fG`_^!|zQNenye3Ze?u-7HOMHCT1FS-(uea5FS%2E0@d%eB2G2hlt*Jt~C zoJ@n-^)5e8`^WbBJGX$sNeRW;?>wu&sN-a5bon#1ZfNGg%Zdtpr`m?{d_)q@Nmgvju&3HWq$g*Ijg+&NBYA_qpn4r zZ7&Qoc#MyS7OEnG^kS(fFK-cU9d<#jC___GC|Ena2{$|HdbT=P8?g4 z@<1S-;0UF7QMGXA;o;t%6~7E%x|~4mDamoO0UIBWtXhiH*EeXj@(r^&E`INRI#$qr zNEkm}zJcV1GVDBfpeT%jCmQ3M>*90lr@$UVKaGVgIM9so7GBSukKmo~64ivFpj6}C zrvKr1%VP@3TH_5-jsVOv@&AN794qv`eH< za|$7r?Lew`XWK;{VC}TZ94@kYh@Rmg$9|9%u45)LYRc!G%NS`?cJwyE9_0z%gPN=IgI-b-SJpy{M4@HNY$wpQ=3f4i^IJP?I(9 zD{?`P4Lyg@xh`peGWiEz#iXlriEEQ+O)@KOatn<`g=NBKBs=_OFxVv&*t=YuyYjtg z=JIF7$z8&hXF}_$G{(}@`gkgtT96gFD`oqS_4G7ggnLxztq}-yMlwb)ddHVsG<@ z@N}iG-y;MAQZpkNzw;3}KfrX9J;1yTD~eG|csP&g=%PrviQ1%d=!Kzb9%yMAf#t<| zq7F#kR`+{r(n7byfyXg=&&Z2&ZE) zRt|KJxF;jY_sE=JbMgtah~x-U>gDzi1qcbIw75&~$!Kl%lf%Q6vMMGa&TFjpaU7^& zJP~Kwx|N0?DQQSEg-v;r8$}h-S!cu#|11OjO~Lblu;))Upj+PoY8LP#)v)$q9roS{M@@j+Uqg$?!>kw;=C?*NXqNst?C1W-SkYm@ZQ~n~ z{2?UIP*4R!D4<4O<76xk9P_5=Y4m6v7ztY z4P*jg>R$A2e(%0do4W4Se(;j4##?c4oz7-BzO!7bpXP6eDLqA}^nUDiuMUORqIr4x zHjNW%f#*x>K{fRsT92X#46Ssws&Y)1HS1o{IQb!|R0JO|Iq=`kD{cQ0&9|O=tMX3w zo3LP_iV9xKlHLjRR;B*9*ZALtZrwKK&Ba!5Nv)P_cr^bbqxCZ)zufp(oK8J$0;=Lt zfL^<7{^y%-%2vuM??Fkk%6{!*X_&1>{;K9!BI~~6g(=wZlR*AQn?v|;{^$GYhFBh4 z-F~uhVN&Gwem#)__uvzrWLm{6&n)^R$%@XVW)Yz}7T!X5tRtuU<1|w_73t*VR1}|0 zbZDN}r@FFGt3Z$Gm?(PcZ>DJ)6n$cE)`2HdEcki&)7S;y4dZB6@F*vrO@KXi5i*e9 z%T%>a@J6j8qABR(bIng_5y&T&5~is)OY9mHZ^YP^wW6|u)uvTXjEHJ?AHZaMM&2hR z#dNEO z*Tl0*g~d#zDX)s>##b5^n9OgL#tZ>?Nj~{)cA`A$^=EgNxw6z9UlEWa^UkP-wkwVS z04GaMQ^l|9sg>1T+H6@uqJ9K>Ml6ww#Z{ErE-rb8uX1c^D2>l7y_Cz>QwD)Ri3dpt z?MkQmP+IUOSC&@zr28@WJ+DYAW2Y285wOGFv{;u;kH3TXlPP0{Nk}ZmfM7Y~YZQ~C$bgl}7 zQNU}&mrMj2SQR?3qtCr0qz+%G6~}+5d`;}SU99`42^}@EhUk8U>FtUkX%9k;Hcm>a zB@sFAT6^7{!PDdSTYVev!z0U8?7MvX$xTc?_a_`+pwXP&!dtL@z`v;g^ThaFP9ywX zd;=y++e0*5GQ1DnJ{_Jfs{Cg(Mg{H`eEnh}CC84n0w1v2T>x)G7$JyMvZ?P5M9 z1bi9cosEC);eYd0$g1s)1#f)=qbx-01&|yltAY zD4QwxxWsz2#^ye1WCHA`SILeIriK({_~r7aPdIwThlLHX5)4JEqykyr3}%p|Dsmla z4^HeU1mdU^0%|nl$c_u(lrZ=^aI%at4@qLXTl14Vv=`T`;p?`oq}S(KrnBiL(i<*boQoR{{h-aO z9lLk~34YL*qZ;0ufQ5LQ2t$yO`&fkG1zI)vlxX&rT>t=r&6S#Wr3t2i_%(~{%j;+`g{JHoF8p7&Yr-})b@2p`4j*5 zCir365BT=-EZ3eTBxn#=DR3~dug<67xOsc&`t{2iKC$KC^uqm^ zH+bO8jaN}+q;j2*zqYc}!6v)#7)^vl^P%HT2+=8yE|d=Q8Nwe2_Mpwt7ww<_n!Gb# zIieZ>xncXi%vhMNOx_{4ZU3hk^Hnp5yTiLEXMeW6 z*53kk0)N?phiBl{Nj3u@w{3&kz7Q>K;HD=Qu=q0v_z)L}XuproK%4C^vIO~oXla87jeqiSrF#sy zlN;m$a(o6Pg>W%}_n{KAT=v;PUB)X(U3Cc2QU*C>hD_?B&;A!5S2l59PSC*9-oIWD z_jLf}g^bc|CY*^7)+rkre*h)n$vBm-l?{ zC3p#fZ`_qC_|wvd+@cM%1uwxr+g@9Okh`^kw&0zE;3xO@xDZ7Mv;~jQ{%reO+>0l5 zx%7#_dJKSH`*?pX>T5iKi--Hm7Q9pP&$id&LeAeHAO}>U5LXNVIV=}bG_ckN#J>R+ z@s%kWFf+&*$8Ym`wtt4>pb5_vKaevtpce>81(y}`d5MEW4Tvw+_H`c+_yBbAdu2ib z4kvJdfCy{~#FrDazqx~`PH;xQu#}h?R5TnQZrjy4%+-`2rXv4L(7 zH+beL{g{ghdK@b1R;`(D;h++iBJ)Z{to9*?u5XA_zJ^xAr+JdU@?{Tj{CP)wB-)yhN{b!># z=oJBCSpaSS5m5S1$b{Ur4b1uc74dJj*W*G|8zk=l{N45I3k(7>K_6+rg83a)uOlWT zBNkN3oWLV@9s?2TV%h$BoZy1G`f&zac@V`1LMHHc(7E8$rC!Q)7gulz@}#_TY`Gwu zony0n$;7tA~0k6+&v9AF3qu5TqheM_TX>>OZH5O8_!@`C+%?h-6VaQ-*YGCz+8 zDZv8H^*59PnO_w8|AkVZAeW2#*Vhr4b$A{U^yt74b3v8@hJ+v(U8MI17oewb?g9i5 z|LNiyVHQ#~3h3byufaUH|8{l$Z~s~9=O0Ix_wBDM4w5Ph{7Cr^(`$tfc_N-P@%dZs z^0ECrDnwZV*V})XUXKd#>IRyEVGTls<8mGR3DzKauRvQcto_;cdRz!d{CCy@2Rj=F zq_9KZKf(?{%}pPXK9}TgqaYy3bTeVJ2@rC0y)uAFqlabIoz}x`+n>ljQc>m`k(Li4 z_~JdAw3)k=$L;ifHUHuE*4gR)-o!!gw=b#_6Z2=)ZgHbGdKlzp$Y1I-)^eYIZ%tTU zLoI%BbgFaE8;CPetj%C@#-$jj!Mj3!zhSlkaQyA<^8Ut=8e#tOmW_#OCmEbZu+8q! zu7#WP3FoPL@LAi+kF$Y5_24JB1YDrcpqtjn;9x2~J)2K*ciF|s{Jy{fGtW){gOHEM7URCBlC&B~Ly83-SJLI&AJ5F&=M|o;9Uikb(A{aqw7K9Q;4>EuPh`n~w`2M2e{lmdPCEZ-qdU6D~R2iUD?hxzyv@9hAHAkcv z3g-DSyTlDPC|Z%&vEw8(KhLnH0_@~qC?Wvr7IIh|_P2snn6!iV9^9vq1zyUZpFLO) z%i+l|d@_|JCXx142EC;j%`2_KC!D1W)!2!~kAL({@O*M}o@boQssHDjQQ>!~*6zNZ ze@AYsZ}~|(TZ_G?x(;hNA|WX;Vx(vy^aS~N@?G7yMUOAufyubJ_y`Dns_433^H%Le$ z-Q6vXv~);!cZt%7v>+i$Bi$e&NQiVd2!eDbUaD%dL=+J*c3mX4UCZ3EfGG0DAcG@A6loIB7{mW_nBRoka zmJOq$Y0uo+DUs}oRu|QzU@6?UIWdaZLrZ*^0&E>3h8|k50%?`^utZB+Q#0yq5AlQu z<(9qPsC-N+C5s8UX1hiH%jn>bLhxK4knhn9t48_SYP)pHO zWIg8aWQ4OG{@S@0lNJnD$6u_Nde16l&nPtEu2otYwoEtTrYc$({WlR6tYhr5XLmAn zbfajoOwanM-F-<-^2^2Iok-Wb1rp>6^L^NkFU~&kkift&4VsP&Mj;!qZp6jmjnJSr z>RU{hPs+zH(zfGVQHiwhdfrIbkGi($?}(wa<2pVWLvy1XjJ!D zA}iTq-4SfCvUUA#33JKt$%@d(tRmW9dI{jY%QOK#5^jzw^~PGq^H$zvsYQ- zel(&`w&}F8BL&o8GTfYF3+u@x=c3_|s0LrlcNPNj2a?T@r};f^Ayye*1P>P}QSf@| zNANOzTHSP%Z2r_QuZ_W^KJ0W@$%Sk1s7e^N3_UEqw|K<0jMKpEd5F^mOnCT%9wFj1 zwj%QeV!_~QH4=qYuFqv-X1O^hNChE0RHF?_^6Z^i#eI5{2pp>9RN?L7NweY7qj<% zBU5UgY_(fK4%04|PI1t=+X-FQivv{NfacAD3#hc6V@=hE`=&pd?R@g@XAvr?wS{)f?`Dhvyv3`f^C zYT1&%AyqU**7VYOA}TH=fmFRFI}f~vr5)Pkm%Ysj7Qiy4>8qP6+<3aMyrXXf1t?0? z*laN_6-|`mR*hiXNr|;js-}I6Cqx*QFpJUn+>jyBc04LRy!u6 zgooouN=G#gI@Rai!k9nCMq@&9w!$voYWGS_n-oxegYmMzIxYiAq zaQVp6nLfVy!#El&VsubBndcg7e*JfIr+|1D+6UqKJIVkcrHs*VM-Z^ zzGr<{WLT3^3*D#~D)I61<)A&p*ZKgjIRrc?Y)vLY-ak?FRHN%)icGnu0y5a(J88FFkaza`>S3A z0=SRTtGc|J9BFz@me1bx5~5b5G1D>BXQD5Va#Imo<0KppAT^B(mdxf$a|3zW@u(`NR0FQ<-9j*kE6F6 zs%IQGm0cA-uva*l#gy}@_XpMAX;jxpBbi_da{1CyU0hE5n4btnB^Wu`s}Wfv<>j-z z6wAuSV__^t$j3aK)|_iQ-?~!s^jYI9#E$GzH$`xvRgNC_#16xD6&vlLYo5(#$q7_U zGU^c>YQ~rBy{Bh*=FJPJ5FSTkEJ4ugd@5Sii@5S6#`;|?rv~zrK7~Q)&?EA0`jN)k zC?A%Fk%cj-qs@k~$j;p^S&QoXleE)_2~&CPYY}hNs?`phH;*YUS|9Qt#kn`X{UL<= z`9&pux)iEJ(Ci-mf?fDen!^52hSxs5uX>)__94T5qt`KV=~{S4z$Fv!-Lj3JQ0*Oe zS`|@Z;p%BZPs==q@s#yxO2DoZ-3V39Pe%hgCVQes$J32s70@%$PBv<p| zCW(+v=JEz6v{txFn=X#Etjs!0_ZJtOl0T~Or-HH3F0M^JnC?HeTAf(>BaTafRL(#HzPSYkr>~TaT{K2=^3(Wv64AOa6jn_*MePH z-G?$dP4j-6VRvM;&e4*?{Amveo1eh?V@%5-o>ytSgYwRYgHn7&h3sOAw^M*_Q9cl3 z0oxGutmolZv8VgvzCK<@?mt^P>h332B(Sc!+i5&_9RA)d{d@VQoNNFm1EuJxZxC@6`g+x+@%6mHkR>sUjPYz~3gkGgopOUg>6m9_SY%KA94!?v(NiKq%@ry+K=yVeYts1$yo>jgZn zmBxbpdy&{=%h)B6=yTmoNKU-y!a?NZ&sLO_7?PPBj%v1%ZMq9=CVY-5WMPG(XCC^q zs8L(#YCT}32(!qOh{m%Xfs00G8dTOe5EWxh)rNDl`pPoA)xy)JCd(T{Pp9#g&JJIr zTZlKZoPkiXuV+qxCSu21?sDrnn^pEmm%;Qw)+;oWOye&lpY<87rW2@}de{ZsmQ@m> z7}L$}zf+!zD|{A`rs4p>BPnK_(`J}yTsl$j*V(6r{e9Tg{Jp*q>a^RD+Yua8NiHfW z?q^!WFMSY_{MwMTFPY=W)zx-Ip`So!vrlSPWc_UFQEG%|l%is+a%qm4##`wy@5)fr zS=37v3#8uqpoD`JpabRX8QP<^76{kOxgK|3GLIzzA%mlef%s5**yGVls58oQ@ipjE zEH+4-IBl33(&zWNUGc|Cv}dC5>iA#Rim+dPQ+gR^YQMSOC(B0_ZI_ze+13!7fY0$v zPNu_iX4-3e@j@+gcmt}vfG1_?6yL=?#2npB{uP4N&>L8ZidWAoSSjFCYJ|TOIk}=e z7LVQ^5mU2TroyRi2Wo!&(mxRl3BNTvwAV? z6c~SHd2XUOEl4rA=k?*)-^zA2m(gb5D1;!K*^g0&ALQFQQ}RmDFY2y+P3$q#%~#|_ zYr>I5EF6PMHt5o_U$wl0WFSr24XYZbO}*~OVIv-si);$hYfmF+$!i`oG{>&tqC>qq zLQTXb(M}8NGvbnD_kbp}Ku=``A{EIfMF~(RsAIL2N}FuLyHF7`?yxnF@2N1_eCxPA!5ubl(v=lAE!3x%k$d)6}g( zEPlrCto?iDDdURDBfpoN(WZ$bgPj&zyzrE;?<*gCGLo5uj%Q&WHW0Hzj$M)Arht4L zT%&x)<}jdg^Hp!%TcN$tGc#fLQVBcG#f;ba#}oS`4RS2^O;FzA*Zj6x`^L z@_4)phmI>V2a=40&;&Z2o_kAU_bKYGD0~;Yd z)6YUZCZw@n$)*}ms;DD~5V9fp^SGdom$^*=vJF z)D$g0JmVT-wv}~9FU{t7S;ld!rvoAY*kv1}R0Fk;IvwoQWBA9@@LQI)5NXe#j6ptagW(^hDWH)b1KlFjNt!;pk!j7{-;Fs+A^n5@! zWCQL68&KEGr7i94MVDPV5<)ghA{tB>aJ^ zKNjR>Pj1>4lv!Qy1Dj8sE`6*+MO4wrj}TqUs}r;7e#G;ar5_af`^Qbw=j&d7#q4^+ zHd~!>=r^_3IzPQoF`>_MrjL#%(-MeTZ^p#0q*RFW9Zn|k2l;D)p9~1a4Yjq;TM!Mk zRwDH78X2eDUyQCm>Skc^m{?8<{?$R2N(ytGc^@xK zD;;$C7PFSer+ig%7wA5>3S&5Bv;-1I(Zal0lP@i+GVSpI<20nrW8>)YzEUl+qWa;5~n5u3XIa-1x-B^rA`?hJwuG9gKd5KX>_T?e9lDhS& zh5#Gp?mn6|kAnTE5hqRp!|h8SJF$?zmgO#ijR{F%zFW`?|NTfQdoGuHDc|BaT zj$K@%dG_AQmY%Exr}5;6&pR!*&MrDt@7LJy+VgK3*Xid!|6DBK#+$Fx!&p}|t;&%d zasagy-?oS3j#1$M4*OYwB0+CuJCoP@+HU-pQoIl!BsK+CWhXsc6YpRk=6&np?(B-OMFm8{#dRrpbuhkkyU~ag z^R~Bb?qXNP7i74oD{s7r#jdgwg?JW1H+y%C3XQb%sX@F@K{}eZoVwDn9##Qml#5)4 zG8TDm3cW+CQwhS7b0r>fUtUBg9cMCa%$;O?{`MdI*2vDh4ITu#Gg>T9l3-%|B6)Yj z9t?3JD{FDp2OB3;Cc|m2Npyw#%|nAU6Q%snuT^K{8#wfBzhr{fk-X zx1E`Z7RbtJ1&Zwz)Iw!;%~D z*Xk~siAZPUdF@w2nITTBKXZG65qZM!u_$(3>u1W(p}@&E_|_wP;+V#!G`a&c5BLN7 z0d=ixl~fpPtCqXqzjbn2mvm>}zr!Z91^@CZg*^m|C;~H{oO5=jgvQ=l*gg>l6Mhac z4PO4wZJ`k&CzoWSj?Ky#?w{j}YWHiith#@4iHZnB`4#9`eR?lY0GmqX@)Kr=f@pX= z^#uli4ZG`8&+*`!etS~J%1be^pgsuE zHsah|>%Z(oo+oMA8E{{YQi>z+0qK$YQVshiQVAVDApnhvL3i=fK;+|hsVSEqh_ZVH zFe}xw=jU6~7gMwO`6;#qp$gMMsrGsURSw@KTaCCgERK>qRWFJb3i~0xLVs-8zL-C% zt`rxBBph?Icl!!$i1nNj3Yz0%1Z<95Qn0fVQ($?|QY<@Zl!Pu(d>=P#8)i&j^yyM+ z&Lew{pUkx`kBttNBkCl|n#{VBb~_oAcGpMdFIuKq;Ab<(ONGxZ_A+Mfo>x|(YDW%qr>sGC;$Nw8p-9cRYtLSgL~@q6fY^v z(m7M`LszxOf0cs~euAi3ubue=_z{pQ1It*8i8*-a0H9xNfDAnsAT7+!3V^rB z*xOp!n~B<5S=h6Po7uaXIkPCT$QwOzaC2o*vNbX>vjaS25wmqLu>sF>0`sFcX*oc0 z6Ij;a3W5PF&TtKbxIS48NRz67)7~mj0-yz@uK~26ay{4SKu`ktH(Ky?;1w+}ZF)ru zOpg6K?bUCu`+Sv~1s&rBWQ(s8`JfChFu`||X;YKF)$yyx;0%D7&?^R4m`eadU|#b! z1BqJ+niy4ABWKsY=0(%W)YTGzy5eC5 z+}Lu9KUf0s|C>J>8~bnk|CZgpt}Xyj04OmFN|xVNz-G_D-av- zFB$|degb3w!VLg42ud~oiNP%m0&9X?8}UDmkdvMH|51V9B~ku=+5bs@U>+oD;_7B( zt7himN_+VeqL}UqJqhqb9&Qkh>Xs6vpEz2Y*{eDl*@OEFu++=7E`Sgc5Vj3?XW2Cn zg@fxad=Ch>0Dyhm2JHdMo!oE%U@oq%tl0f?mR zz+xD{#xG3QFK((Vs%9pxw}t}d7*}kruWbs8oz?)zexad zjVlQtXbXV)2H3)W18iXj0b2n7xIFb{0kg^K`v7e%*${yWoLoHt4*0($fH^l^O3Iam&vT_3l0*tI6^x@xQA$WxvFi;+- z-WX_?^amcd0^+TjH9&kS7_bj`jou&oahnI&Ru9+>0GR3*jv9E-;eX%(=4Zc9%RspL z|3C}oL07Bv^~HKuW^xk{SZ@LXE9myds|otW_-`;k@Cr8n6AbWI*%|;~^s4WGZUas9 z+Phf)s{3!AscyS@3~a+!)$lb$|Yu1(?|aX93WSt62ct-38Rdb^K!m#Xpb& zK-T(uZ@}ymu*`#Yiy+0_vc^9_+GBxc?!V=N86kic zv_<|i?eB8Ij1N$l5QL5fna+R91v5T?To8Kk&$PeG1q;l7j{`S*8i17oBk-+`+};xX zb^r_PjMDW+^$$F5x$v#CS3tA5deH(Y@jq$*Zg_x+yD~iB#tyJ`U<01(_~STk_W{i6 zehVYlFMa>jmp`7hy2f_?CoR}^bEzGDX2;<;J3hC#x0BfQz*H8-U@gG@SkXZb1m@m zR+9FnGWMo`FDs;6tXD^g%x>QO*_i>a{=YuJ0N?wsf5-#+EO7O@bNz&gjguL$Jpz9V z0KYyH;4PrA0d_9yX3_q`*g&)JmtH_&)h-11InX?=W*1aa`0uZ9piSY8c>xRyFtdQj2?AjMffzhUfcB9$v_R8j z{bich(DA=mTz}wDWx34)%p`x0GoX#ZuOa*c3$WejU%Qq6jT9_e0$h~suOn7$H*a8U zH*a8oS8{;&Tz}uY9@gzB10uiH$N#cf0SUQL;FapG$|v)(fsQf(`U5&21&lJ+JM+JX z2T=F^z~biJ0dzj<-&uf}A!rW3PILk~aUE~jKrfvC&I-&b0Kg#B3(L37ua=A*vTvsu^<9m6T zD}MC-+rev=+StaFkcX}h1LT#a`iL|d z%>u>UhL&Tv{^+(oDIUrXMdvrF&t_9loKeKwcVCjbo(W^8RH}Sm56J9G#U5%OE(i+O zqAAwO?P7KfdmOMx$#3sy;#f;KnzwsMyL5K(_?62AZBgh9Q!Tz6HHx-u)zk8ODOE!y z$6CVp67{KoySC2mHLe@NoG6#n=z6NwsYOvwqo7#|5>#e2_&1nFxNi!uM0Mq~v{`07 z3Vl6_1y5JznN{sWhCbkLGMX5vtqAL*y7=h1eyrb{2ulw{jBakfE)+}Ly>-C`0{mSr zVu~#UgnTbFOj1J`UOb&Zxhz?<=T<0WuAd2O>Sf8SkhW##vW(D^y5b#i(4Re}oa@e5 zFpUXVv@_G%hWhD*W7#q#k>_RcVC$=Pm`oEZb4Wavjb@AnVS7qIi)=_(e`G9ES<$;# zhcb%5N1^<@ia75e$YRu2iptcMMKitGjE$)joZgKGC|af$J;=WxKp4l5a8Y^)yPiYj zL(-gRicP{6RMf$kEo&>9&5a*oe!iA`BJ6KR!^(F$W?F+K#ndG8zDO)1({7S(YP5#S zMO!RzNy+Bvv@@ghc7aw8b|KsGGznoCLon(Q+ApKfGYQBr#>p4& z@3>{$&5D`BhR3mlK0J9Xg$ux;$cp@l%$ubAsWm4RITEaM+3^bWnw&o87L%R#^XDWbpc>Gu;kEzggo$50TCBiM%0Y>;#H5oHvno%-#uROw9g6y9kV z@CbaZzG55t%RSi=L+5s#Yw-x;dz}PS=pl=KMy!)4P#Odqv|KHA-SM zz21&#wT+eW6oFdra9A5OeSYW- z!qzB!zufyx$lY<<@a(F3=t{Xa+;T4)E)giD}PwX?iUa7ZA{G)N1Rm z%}s*78b;QIAI0jC?voY}+i12i$LnmMb`kL0gc06=Pb0b`?|4VIaX%#$Kky_Gv$VsZ zl$Bie6;FD|y^8?d00ZdgPKy?)QA|i<`ika~_K?y@X1pfKH~y5}`u7%bs=Aq6wEas= zT=5P@^hMh-NKo5J5Yrv)6weSG;+W5LE!LDbi7ZEcDxGD zA~^4O0TRSTBO&3OhJx&J9Jx*P$Am@{=4hziobyIrXHr`B< z*k;|a?#DXoI~eVxNlGSxfNKd6=T10TG<5woN(L=z*)IVYlO(me5(bxm<%(A-d+XC1 zN4T%k@B(t4r}rz%BLt$26=*R=wEMtd#4JoNq=$$9pgM~RR($Oh+K@>t3XeP%Qc5;w z*yO@jK_0~-`~3YUg)SrM#5EXaFCEp`GX(?OsdK}C%M8uJbfWF&-IYHDk8-E%l+kSS zkv_rcpxc}F4r8MGuUJj`L07}VYa5R2DiIyq@uu6%sOcGnNfbyGNNv;}`%oILZjPbm z8iwOHy=!|kf@9HzShyvgg8iN^yo7J2nu39Nt0`NXpZ;~+dsG95>2)DpO>d9IF5&at z%UaihifHNR=O&%p&2obj@&)fJ_F%WpGX@k$&7<>uQmN31KB(B&V6M~+jpGVE=-rg|8E6 zt2^J;Y{((cv35e2>o8k}DHd0-g2hshsKO4w`Y47!c@Zy6b5W`!4Ua>gHu%YFE^J&b ziel^@FPhUt)lA$I$~*oa5;gnex5<~B`HK=BM|OvW7IxPQO7EUyq9G*vj2{keO z2KzG2>X1z>=%Bw~{w-XF(1vA)s-l3MXTjqGr}@P4%a`91UQmyv=Xb;4Jw=>@l-m9%2iXXtwkh;!|837IV@tscLbt(+PJ;Iq?LyWwE3XqzOl?`Y6~C$c(qsAE$r>rbv&*m^J;57 zINq7N=botpD@}dh0?b3F23v|XxL))*7iF1qawFwdpsAPc&^>k02@VYy>xC;qklJ8U zfH{y6Q;(HMRY|N-Hx<{#Hln~ZTpHanFkbg~Pty<8ij)JfINm{%C9=?_*GCqT)>Mf@ z)cuiOF6J5W52eG%J2lQzfi_hH*e)==>1>lvYN=d5rKG|cSjwwGNf6gi`g%^hd79;< zZ8q!it%PRcjM~3o2>r~DrD<%!aK_I=Y!oX|zqOyO%Vd=HZUyVgnpEj(hIFQwq;8J? zIltXJdKfg~{^x*7xVpN`0YZ(_da^^xVDb;?Z0%i_i0vOnjrppO`riEK1bc&Wi)0Vq+klUzkb@#HtkdBI z)VRcWsaLKAoWsW)-eV`*xfrN|da42&Us2`rYEs2k3OrOY#}Z8l4fY=q>X*q9V8bjQQ9uz?RwKXn2DwbM$;0xlM#9Id0;ki@ z-b)xx8hcdEJcmd!v&e)!@N5drqbKBVNWeud$7LMn#A9m9LkfUrq#mzMAALQz_=Ea_ z%D9%o(OqXQndz0}lZfXmW6ME_jzq4oheCnOuRYNd9LKsdEJ|XID!bem(p^c75YQz~ zjU>MvuD##RdiZ0F(y5Z8Qx8#cno$B#Af~qC#{$^_?z zW)ffs5mMl^j&iPea7T<1wjNdt7k5MFkmODpa}U$U1~WD*nbkSCkHP8B8nS!3UafiQ z3%lAc2%&DQtgaP zO_z3)0fAP?m=Smvjn4ziP!U}R2;a}+ZizP8MTIa3+29gn4z`h?Fea|ko2IxNa|ks? z6eYNSB~^)gifMpA!~TUKub_BJponX_Yo=h!vg0kvI=0Pt`-d|;;W9g&vbs)@mDGhA9zB0Sy*uX^?!I4iTv4(5kC4uOM} zK0-DwvwW|MC!W%fpP%@-AviAcw(hq1GrEyJk5Ik4M6;pPMYvLPT+!}H%w~y$r#1;u zE#ab=PhuI6_Zpqlsb`|vTT2v@a0!J7kMY@u!?felK(3(tM?83`JI36OB*~$iFND!_ z&zdO{-xWHHYjo*-lau=1lsXn9g-V43Clp#DqWno59d9NnPhLCmrS&_@-4ca(8mQFo zh3{$BJH|*26mkoxmH2pxOXXcGgmj;y6-s(Y$h~4xMPGd|+O#BUP6f}ne%yK*@RBY6 zo|&H+G1m<1w@D?0dXD%0;-f+PMVZDL{qGmWu-Bu^KH+!y>vf8}3n^71WZZl-sG#|Jw}$07*-86_9m8TTX$AL8@REy=To(qj zGEs%h9=%k!+loxkg-CsCRs@YzfcLD zeL!duG0#x75Wk;*nuB3&JR>u7)Hp&t-QBFDhmwzpZS_N!o&#QmsSBzLlBGo9vfa4q zUB08d=cf0E?jNGQmG4pcAfXIK`3mUP|OsLG>N+;5l(q8(LEiR1Ja8hDNr_0+h~Ji4abQht^*UVPkptVhf`& zp;r8w$C>k;Es1Ci@5(t~w`1+7D6X;DyzqW7lAN(n#~u?mYJ-O|>g4aLYvu;eY-n{) z)gV@F{Y43{TMPNu=jSX*EQ3!r-U_5O7`8c_k_3mvl5gRca)@QUB8K+XeZwO@onsgx zRKVTEmR1sOA%s|0bSO_@)0er+_;q53P@`6<*qv(uqr_&Y@*ttQ)wmrW}VVkb9{$|{Sn&>3tvnn>>VobcF#!7#PXkE<2(5^tEyQSLUerZ z@uko@Q=;Q7yvHh$JbY?ud3USY$uhw%^G>v#u4i)Eq~v)PPtmsl5vDY$0qA=eT+^rZ z@IGRkZk)bV!I6Z=6V z-NWxyWJ7E6QigBRCd`q@$WTq-)9JPOTO0bv3og!@I+DG*wHU5 z=2#=7z>7(81u4_Qk*mnLa`JiGOVZBo7yQFs?gx%=GS05lYwcfT^@3WXQ6E)jWTTDnY z_Hw5q-KW6@{>wbZYnJvo&mRXnrSI!5as!(bB1K!QBoJ!FxN0Z;F7vHo$U+R8T}ba< zzO8h2n)aQfVPLLiPfSpo(qR6AI2ir3ipD94TG#$7>R{~WcR!Wz#MTbrLJ`YsnDlqy zNmfJ_B<`m*mDgi2w+V_oWT^|c*KBj_6>!3Z(yi$|rly?XMt*6yP9@EnB>NMW60Zsc zv8g}FBUk`o&^d@O<}%O&yZmT{0@C4QBZT+Dfl8JBNh7XLdPy=5RNO(h35aUp^W6=wR$-bJ6RISXE4n zlu3O!EoC#Et!(HlOHU)wcm5_Wd-uoc78&g475_1^vR8|P&A1ly8)~X~ebl?>v2KIM zgw&PC6-|Z2Y+o2z^D76kSdZh@46p>*7J?4cU2N;rB^4oz(XBjCf9Na*z3Sk7g{mNO z?*}rpu7aWx=Lnr3^*s+-1Zsgxy#q87`*&jqum1JtBpPWP2%wQtMk`>?D5f1IbJnwmQ zzM9xrnbr4PDqkgo6sxaFZP6yI%TSClXTTpX+v086NO_Z9UFUS&-4*8j%GbVM=)+D; zQoD*qeOiKcxvkalN9q|EL+N(Nx6>$JX=ve^TMQGyg|Qxv!hA}EoNyI6MrdMD!Yyn} zhjHIM8cOl|W)c-zWHLeO0nRBM%j3~Qv5Gon3`cUZ3yrp1 z0scUf_*~_O8Ej6_fo0zZQj=>a>=N8jt0zRqujwPS>$uksj6JD`^x3yrh~lnQv{=WNZW_RJKXSo_-Qh>fwJe_ zmgi6BPKDqnwAkY(pBIzYZpv9E>UGOen#-#oAm)Ua#KW$@Jghn#ZsHc@KZoR~)>3aoX1ig#wZE^72nbIsxD8z%pI`RyLE32dr!+fb8!dZU0L1>j3`84!|7% zv+BRHJOA+g|5h!ct8ei)2#34~h!WsE_ z{5}183%78ckNABsw|Rhl%>64904fOcpJM>~ntPQBxGo@b^*R0q+{JbS?qUOhyKZUt zZ>azv`Sq9B|0xv!6mm`Q7jA(KRJ91uAJFuHKE8usK)yU027b8yr`~`W=nV$oT5-25=}!r{+eL^#n1_F$ z{p|xeaJavc0U!*(_00XZTreX9^cjeG_y^kG<$@U>0Ji{2V1P{LzvY4%-wo#B+U)*L z`@3AQTmo>)zybjviNyx2_zFk_01XTOa^-51hpn zE*HQ8n9Tz88tkOPKe7O`NKhaEnbmb5xWU-6fiSk9nDS4(0W(m5aRamK*NVGkj(-XS zK=#)o0nmaR@~^v%f30Z%+TR=l9B>Xm1b`g!x?mu9KKxH|!LjByXoBlm|9hW*mkVZm z09xSEb!|F-rUGA0r-OT!x1A_$u07jMbW=8?V>H)jv?^VFO{Ce~Sa)h-`2cH_;0O!U8$(Ke4z{Ft}0O zs%OXs3dC2v0oz;r6Du(Lyh-r?VG{o2jzI3e+yaR0Vf!=bZ(adJYWyMvIU{J={?i$O z>iIgBLCRyOV$wEd}ik*#5e= z_OFn7yUa7&FL3e|@Bp-u02)B3#MOO}Ku-XJB7k3>`Oi=UF2FIp+fW2Oz&M+|1=X70pPR1{X(-bGk|_mrw5 zn(1*FxPP>}89r54Jzm<_NZ3CxkShH1M7X6e3$8e)iBLe|UXa7U`^Jx+9LWt{7aIdV zYY9{Dd;07d^Pa4R5{#l(;v2KKY$e4u`fz_u7MzVQ9dkUZj;+|j;U;)LzB_j4d2D~? zaO^N~301c`@Dt5_Vg^k+D!*QZIELT{x;jB$*+oZJ;aIkcQ3D&bgpVu#o{4KJaf;0M z_KHy&Ai!RwNC%7hkh@FX)cLVqOjv z!evv#3d0#7+zptDg<>pu{PBH)~6d{azGEWr``3~NT%wUe=8!Nl?&a8pn`ga)IqK)|Zosc?6SruFwm z&ksq-B^{bSbo6T#Va5UwsQH2u=xO__zj9{|BY$=O?9w`yTT9$IKRsGGPm_O6`KpmA z|Etg8-reCut7IVwiV?h5Li!ZNLHfrjHl|HX2l7YfV>#U^SkasX^e;DIO&1RY?6$Ub z-kL$YsBKUzyuwxhASW4ws-G=Hz+3`PlU7BO8~n)6(n!B0aSa`P#_ z+((_f*wFWMGMU0g5sylRW#$~zp^%;4dI_mnE$~$vppdoW35lTGStI@q2jf99?Gju1 zgTq;Z;;_4IrHmS)%qoXwOqw%dLqa7PM_Plz7GiyEL@a@Fr5$cYuyJ?!aH*%%0ENb4 zw%*g5BRMV2`(mLGxpU=9#VYRZj{`es!6grY-a+_os;%HW75fhn!;5Z0xlSUFjw|gC za}7TdJz{yV{VYI+z=UwWD{+W6I1sPhSTM6@pFvM!ZHz*My>!1fZftqFb}9a+^g zK3rqI;^ze&5jxd?eYr9TtE3I}!~Wop{Zn53275Wll+QctNA7-Eog7K(^O4KDkR;`} zZ(1kO4}-SrdzWB}3mW#xlZa%lwgR{2Ps=PLeqqQF+8z7I&k%aGQ)0!saLp)~j-l6c zrm<(A54?G+Si`i9OZqPNT)=+gLl&BNhugQtFa3Fu9;BT8JqdC761hqx=dS8L=?W*o z5@wZLPG9#h?4f68i`?FFHhm3Li*+@IabiDaedL3G*4b_Om}I&nmm-XTahgu zi_4yr#B*jGbKH%{N5gxBbqLv3VQMrUMEx`YN84xW<%gl!A)>y*&E-fEg-q!2UK~^P zv$Z%+iWV<7ky;J4kZr0C0yxv36b@m>KQc@ztOh06^+$L*B6zY$%er9S9k8-+Kc$MP zmP0~5;OQSnj&k_oQ|vtcGHm5&I}p;lBu>|A54ypzZPrj}^bWr_ad@t4yxxNbFVBO_ zm)+AGm#7{&RtTTRPYj++Ri4NrE;CLbW@@zLxXegOKL!J0)ETX4@ zjlI%Mk4CXU=KM~zfvcyHO$rrVs#6>l`sysu+`HR-WpIUfUJ`r@N=xo@^8Y)Trf zcSyU5srEXs??senW*E4&iQ0akcxjg;Tb)TKwwTPT@|jrelVcpzDdp$OyXLD2S^Y7= z`;U{pG!tm?;%SQaZ$^e$jJslpd%K=gpAUPk8GCY>$o`;~PBQQ1Hf!B~9Em&Iaw*y? zqxr=wx^}1AQef14-^LZyDR|*C%Grn6mF|j9OTJZY1tPJ%k5m`8JR0u{mAfUa)lCQw z4woRJ4O0h|eq3699+C?31`3Y_P`ZoI%p}5dY zeg=1vs?PYvaHH=ZidGXm=4)1p?bndnagS#=Iq9yj@`}+rltfM8XwY7qMIgM`E)?hU zNNeISYVTCCOQL|-H#eu85_tX!aZE47*}CsVNbP+1^P$tR$1Da04JR_Ryg%+%sclZPagkD#JHe}63A+2_et{vp6{xFZF2n?`&CB8nGT<;9%}PfV?H z#KLa~XqIj$h+dzJ&d@PMQlg9@JMv`5;~2!rTC#Z8-=@~2lP%U4&U_HjVgIs2#<$@^gYheDgZd$3Z(^c#fx9@2AEv4_vbIc-QvztAa;I_|G7ioJt| zyug6usu|a6xi9L(-dVpO$QZ<2X8NGxRr_!eG1q#uFI}_Bu<6Q(P&?Fn%je7aZ@O&n z4TrT-cE+&dKMDD^aNM%)av8?6Oi5Qi)@k|egY9976Y5sApH`J9|JRnSta4Np>+g(c z-6ctKT8odL4!;{fmV>cH7(+OGJI_@2KK>wbOF&Lh>;9Hr&T2q^v1v6&zOP%4Cp%j$ zzG{hb+vhZu@UWp+;;&^S+-={>a`QjTnlvAuPI$aHBw|O^!`ASzT) zT_uXM$9NpV?dHfl>7}^}+hLbNyi(T@X(m=^lqpr5Yvie%_a&TC(=do_Y4f`ny7K0s zg8zEv=brw>;iO$Y~GMobzRz2LahY}FzY<+7wLbqNGV`Ef% zc5#{iNcXI;4ee^M<5ylnvtlMf?PEUPb}EbFep($(pdf5H`^kwBuSUV=AhKhfaVkCy zKBx_T=CE;>m#so zSk)O)O{=vqMX=r4vS z`8;NW=-bXh4o^ny`QamXj1EYbrcpIVy)_@4Y`n*rhKb{3kvAsu5x?@X*X} z&wwF|vD1w%vF)S&MqnWp3!FYg6EU~#QEWjexo7mxclum?c2gqXXAGJ+6W-X%B_5N~ z$vZo>;|?qhK8#U~>FUfME^u2ORks-SH82$RgQZicjCsZsN}^?Wv^8~PzU(3lhq#)k z#r+6H;AtFL53wz2aOWJU*t_EN9guR`EAYUL6c_rCpdna^060`VL3c zNq3uw$Xv$Us^r-4xOq(k)>m1*9&q$m3h`!zzw%)jPK|Ps{&@fOL5h$i+p1Zjr4wY= zy6Bt0qqGBbeJ`BplL`cknmI-UZlT^|%FE~i22D97!`JDb#%0nX0^ISDcpohAE0??s z<5d(lmyG3H6EiV{w*iY9`7#z%?v*^59$D&$dIlf4X_j;HhGso6;j!hsO{ z0nf%GK~0PxYPhLNiw1H;?(dB6cyK1hR2k(o(lpb?>*DJCpIP!guFBjzVd)?Jod2Hn z=`sT>pV!lV*(Z{yxW1PV=t+p*a01mPkDHjGQpxUHwGwyUdDcY62RY)MUna6l(L^$j zri5%8_fB!ca*-p#nb!we5`XC#^aUF7<&tkkSu14dclOC%EY9HLNROE6bpa&iO_e~1 zBl^g8G+T++GxuNiQpU);z#Qw}d-5VHagx=6b4B-6M`_QxuQPzNK}g2&oDTWKk*_-hZQ5OzCF!P0$j`mVk;#vs>irPM`*| zpM99@nC!{rM<~k`qHb)wrHP#{1<<18Z+m!53O-sj^s+KHd=vhpClP)3hjgkM40@@7 zC^<*+p4&Wh8p>GQsGiKiS#Mk9rhmQkA#FkR=S8y^If~wQ{gK!mn?r|POfj})&nhIU z6Jn^?=9ZxAi|P|G$<7pi;Ge$m{A2~^Lrqrd6e1|FLN+f+x&MZ?`J+RmwpK-N^LmNm zg3z1ZoQT6$x|S1S1O1=h%<;`iN@XuJjCid@;3Z}i#_%(Gb|Dq>GNhw0s9-9oKM)iQ zqBMr%rQL zpP92|#ljt7BbGemqnX3nc&sLluZH4op!CgWtup|xjuGB9ZKJ@0S0s<-h zn88bYw}8V~rVRmK#G4oM&byFDa8OB5y70cmJJPgtOSsfS zMLw^|y%u6zV#8e2IV+`Qb<=nE8Fb*;_tIre%f1X{qCEPnufm&P$%y_|%Z_1}XqW1q zAD%ZL3YD9Eo+vv;sz%S~4xuO$NnynenLuZEd0=GIOrR{FON`e%PNHApz+H{_Oz*ES zRofY4wjLGQA1A zui=3~wn5_iTOV+E)}GEA7HrH5}~+2vKQuD z1p`}1MY~oP%QhEp1VKTWij|FI6;c5s;U4|4Fbk!d;YctC7e_sZ2!iy`S(>0oMvQ2% zoYM3CqnL*Nxlv&%Uk#=nlK;cmRfkp8JzYRRN~A%$LqNK_ly0OEkdW>MC8VTNkWLBd zluqduX_RiIQ3=1xy`UG-*WdH~$AiwyK6}rev)OB%H63wB{Bf=7L>a7)pXe9MQ1eNW z736n+HMeKJIWs!mr986#^wrBQ$*=2st}i2bwn=YMRXIlM{AiD#Yh>HP(i=7;^6kl6U?HH4zu`Vp`JfsuIpUUAh4;Uehs2_QWydC7-1K54w}S zx7(V+AH$1v9Y2r?c!&B!pziZ>ylF>q%)spGgg1oyjHIe}<0V8$wcI-MI?*y+$x3UP zpJwJu%`WzYNjq%zJ)ErcsAV|Hi14DP&Ete#;ni5TKBUt~kGP%$>YpsESbi&d5cjD3 zgly9kz0e)$$05mq6|b}t$=fOGy)WDJybWG{b%)k9cd4hVca28J`s3@qG6k{k9N<7H zzO@T{gM+8o_}aS^-@rBU>6~UPHU4;&@yr`#gCQ+U2@7~ez zLB~gqMl34^o$0M3r)Tv7!kq6k-}EzROmU`p`0ZOu`uE-9_}b(21CbGeV7!Z5r z5bXXK+#!(AaUlWluR($92K<6eE{Gieh!3tCaE_aR)DnQW39#krxeyFUgyH;$U$DXD zbpM8%fVX)4pKufKzOG=P$EEBD(=XYPOVyccxCwB0muqsqq9EwyQpje7=7>1WVCtH3x+F|Jw&R z+6zLCFA@KL+k(Mu=QRhUuW(*-m@m8IGG9tJFoR1sTuk?GH3wWv;D4z(pdgov`?Fv$ zU#coG|58=D)YAIBV1S1A2N%EsdA=e*&=!<#AUUq;2yk~xGTB&hnfR&f4Pr{L6Sp%vHg7yGK05p1;ho?4=+~k-*Lf`5MT>@Tm8lM zdR(yN1K0w|1sAFF@3>&e2e1XQ3;tqzJuY~i1gkl}R{^k^!vyLxc_G(!b#zxDTab#} zWlsH8a{$b+i@p7Oefv$=3M4@X?ghN!T+lGC`v5OEAn`hI7vKd4&#0* zSax13H^5wFykKkms@hk%B_Q#<%Mo2xn+vAszoLV^+5yFe8KkfPEH;Dv^8Axvi(Nz968gSJD0AUKW`F<%`{(7ZeZ;K6bfAJ&$ThQkFv+cFb z2Tq{|*a8n$7b|ylTm306SPBAcfd{L<*j|r&oe0AW%A9|P1cQ9K;|NVSPakw1x^@1pcGU9|K;!st@_;IMezdt zK?N!||MYSGxR>*DS#DTB_2!?pV6XM_dIREK1M3ZFYn=b?@|XbL<@UnyZ}kS8Tm3)P z8(9{-Sj zM9F4iMs?E>VN&iT zW$#rPs>@V8K$z$~g`?*FZ zn_sB%$0U6Z4y`643uC7@eY&#GY39}t|Pgg{34&KjTT&>d1*R}+p}S+L|Oj7OZ}{TaW=SLSzR|$tUkpV+eoxlH03LHpsYh0!13y=I>zi*d{)n-ZbAhV_tZs9P@=Rq)(*E zn2P1jZH*L>#Ke&@0^EDdP@kyptmLBAnPO(3k~$^M-x8%@j7D}AtAN_@>y^y%Cj2f@ z+mJ;4iEofhO^>9P>6`YfQWGVNBpEl_51fE0Np)FuRvuw)Gf$}FCQ`I+Iu&Ry8E7v^ z=Kggnu`rtX;;jCFP+y;z&ez3@?6~l0e(w$=@J@2spcqNETxDfKchWj*L-g1cXCd9k z>@)a!-00`^T;x!1C$p*(tx$LQMQ2%lYE@%TOWX9N^P)WUe}Y{bN6zyiL-F8NkAC}2 zx>SFdI{}incdc3?3)SjT{F%J`ArxJM8>nmrP3r}iUD4O}%S!fg7+ZQLqrF;qIH0>7 zo3_apIhRx6jV!Rp(Y#3zX%0qLp^1hH*n$>VtX zWZzO`3HBzE;6$5G32Y?CR&bEs!~V~~L7@k@a10p|l;(>*K}(TR)PA9D9nhQ=IGMC! z^BVNf-+~6pdF;=sS+@Ek4nkSBHY0U-yKjwfe1n{5T{lwxp0f`72HpD?K8BHZ*mcGj% zNBN5zj6^V*`TWQTKJChmlTG-=OtWI2+Tb`%XG#mjUz@TQXP!l1pjs)lS@dwA-w4v^ zfUXQ(VW^q4(gEAiRc$r7UIVOLZScD3VM%ow3ME2@V) z1*9*GJGIB!ky~&h>NSm1a4FE0sR!f{Z0umZEsaaBt45h&HQEhQ0BKaii{m$NU0 z*-&_X&)=$|SV{`P5sksn?3;?2nKD%_GCj3a!b+oiWvPQH7%jx9YuID=$lLER{MS79 zhYsoWPNNQcY6bbYv7I$5%4GcQow8;$t_T6{@dZpRHI`E~MG?YI@jv+JSKhfe}l`LD~KtD^P@XYcK-$UP@LZ_dcbpHe68MfkTda%!#ri>ih_Ke1UUN zySP74-;lV_)h%Udld8W;*K1H!+J90TrKvrKJ)ZzUp22whMPC_`)pTD^>+ij+Zp$B>X268$3ICRU|7fI5F}{?_yiLOXyL^I!w($Ghy=jy&w(v!E zF8ns@UXf1@P>vz3;2<+SXo^*uVBFYaT|U5ih7g5ry>rE-PGr@cGM6-CmvUXMT1A5{ z9MQL~gDf|`QuhK#`Kze&&*AMSYD!&;vcr)<1zShJ*Y!7|1Z$MJ#g{h4~}zA7%c?FL_Z!DFf?xxOv#{M8!i+f<>k( zEQ@&7_w{b-)>gcefLh;9o?V#cAm50eZcz0sNBq!|F?OAT(^GncVC;^*!F{{{(}PUK zmN#OmCdViReyyo}R37}3B8THr26Auo?7#MYO@Z3;j>{G2d4%!eskF8$m7qY~7L2rC z?TTdyb(&aTSIqY(mVVrJRmt`;QaU5!Ov%wA{+0Mdb>`hJM)ht;A!B{5+$jpj<(%uM zbBMP$So!^^9-NW}y*4CW<(8*yxgjL5vtGlw8=AE7E;sv;Kq4=Lrub>xp*Oo1r>idI zXa`bVf5#E7^IWHw>Nqw!?MIWn@fR=E5)q%K}NlGIhho%6+e_2 zv2PX7q>i?Yj&rB#Jc}*TP**x?>!;U{t4C<8IdlvQ~^`U+ZmE_ZAcl!>e+3^X+ z1*zN1SoRX9PC;HE+qfshr)<{+}+K>kv?K3n;qp?+nI((FI*YlV+b5$u$tAnF~1AsR&`Zb9?!BW zeI|5_OS<#QD^K92D>8dPQoLr(H@-NCHdL?W!@SSjU*qrW#`5*pMJ2w1Wp%<`P`2OY zBi>*ue>WdeyGc`Uv(k7-Iko=4UpSUo33r&;`lzdaPB;ElE$d328AD^G;as^`p3_p9 zLW;jvYxyRhe$=9NEt-17yr%{xY3{7v%<}tJUPQ&vRsJ~0{5({n1P`Vm_0+^<_{&T6 zm8}x~eIKT8&lgdWQAh1E2GRdV7$n zh^t}(ktj0Wq9vp0-Js!_`OJeHwI!XCI(nLq3oQ6^N=T zM30@TNbuTCwNed>XqViO_Xd=0=35`AO*b&DUPdQF_8|)jl~4vNlm<^DcIA3Wbk;$C z9gZs#%ctI=&>*qJGe{&R6&bNJNGu#GuD{O|^Zb~h0V$P#0fX#YI+uN&^3zCmQp(J9 z1@25aBnq$TPEq^-JuQiqB^12Wy)1>Vx^yxbUwD7UCYU#T&;D&7a5IvY;<<4Sj)QcteOiH&Bf z6_-DK5Lb-#$cig)K3y!eg{-fHKJDh4tYdnSV zMzn3JV6I#?3N!?&K=yPNL9|5R6soMw5GpkN1R79wA}_FNayQTm z)sgl^prM_irVQ`vAE<@SNZ1>O;X+Ih1pJT`yB(gWA)Rn1)}ILO;6^6DpD!O@8Zo_d zhvj|RXbtz>R*m2t3Kvtx;+xyt-Fg~D^Nb@039wLH2P12AS)SsEaGNxX-fDEak+eZ5 zw0Id=y^w@Pet9dgooLBA;&M3?6=c=sGC!2}}`-~09$ z^W8pk9FF5Vi7XQ+(Xt|))7HJE&sQH0TRCn^&6vQAt=_Ik?46iVSDn*lS*7>sdvhZ} ziI=hB#z|Y0?h}5MRTh0Ge_F)H^ImYwqV3X)W?ti;=VOq9!|rm^H`csvCsZa(8c3+v z3pnA=Gtdxn&72%kY~ktK(7<71$#p3+b)%Eyq7satQHiM<$MJBc3c%TZ6I|^*P)C^4 z9HAKe!0(xr_$%MR!_pD`4J}#effRv;+KCx{Mp%nbAs@qFlug9ZCj-^lYd6jyh)brC zd`M4-j~Z(Pc&B&I`cREjEo#@+puLgQ7$JODx-IoNU%ewLc$=1c+wQ5b4SMppWYEo0 ze;*weg*6Gz4Zu_Fr$;PmJrZJ++Z*-4pXozvDW%{HO|*6Y+H(=Igr_?6S#s{Oz&1xrK)j6`q)A z(@8-$NPf2xR@ycJ7JMA_~;p`>6j(1?P31NaAPaWaz=KKa|PDGy57z4@*vh z?v1{&%boOVY+IXsVA-=MFX8c(8b4k&#f%^}+(dD0V(*Pn*Da3s9DDd3xbU7!!^qxd zzQP(P;(i9y2$|dq_wokKBQ!;&+ZI9x7jeWC1PM?THRRxOxu^G=f?hjJk`~zt<{1Xe zQM3;7w#T!+8>&4%#rBH?h!2*lDrl$4wC+OG@*YSj1&Z&TKuO4FP@5bv`j_0Cw_>kF zRZM4(Y=pH7yA#YUSzaR-$S^H&_lZiN@?$NU1+w&4^t2}N>^+dEA3alcaPCd@5YIwj zE1&>q&-2Idp-h@BU24;0lKS38M(^-FST{^R$Jhn25v3J;ct06X`D(5bmn6XPxwuws zuiMt$StSp&_w4FMseVP~tTJl%#6rTa#3Z z5jOqL0qcj!D!6EY$r4fI3-5tlWZ;RNw@P%no{Z%t?_$qy#XmsCT*OJ!Ek?81y>Tb0 z3n4Dt^nn!o7uJQWx=6(u29s{%(L=T9LSav+6plBhSO;v=@T9Q3v}A>!Sc>dK;$_UE zmNl0vg`c=hn3Oo&qoUj!Ao@77X-R~0PUZVqnMU%qblGo+>Nnqk6Z>wXXum* z$JnfGsvp~Vf`sq3V>&?=b1mmK%bY~k(AQ#87f-QKKhcQ$Fd*cmvLP>MTqi(Tm*sBh z>yCr-27WYOrdJNNAv1EsEPWX}moX?UCq}U$=Jf~qW*Zfk{a3qch_4pamzXxXMT|uo zU%D%&7laS3z?r5nfSCr%x_9|J;EbZ3fC;0rulAl0$cDBLe z>aeB6F{iB+p|K4r?1i5FkPw&m9)O+ya6aF}} zCLcAbJ>dJa`7Ya3Rs|#aWtcq1VHMFCx-LYHVL)gd^N z^E(;@A`blN!LIrMLv()9>p;YTf7^m(>Ny$&>VXDCgD$(EF<*8;V+M6WyYgVap+P|N zi>3OX(4gPdAwb+XW)P$Bd^&-c4hRhbNtIlKa;}I(oUaB5Py)f@=PrPG_1`YQ^7jwu z^JUXFW)KAS->$CGH$YnuG;vo_^G~P{(EY{i0jM89n%l*s|89G23xW$m0Bk`N8?f*2 ze{QZnpwGY=`V|+5BVMffzvF@>A0RG>VgpK@-)(=FCjl+)ueczJ&7W@O6!kKuFN*L-~@p9$8yDRHd7C~-dn zU2Aa349;yok8nw6X1Sy@vs^YpWVz(`vVi!##DM?&6QBOC2v_z9CksfR1z>%t`oePA z|BwYFqyzY;%l?Nfp#F#FweG(nfD=dn&v4lhmE}@jiUm}(0gf-bYqDIvS6D#R>0c4R zk0pQzmmCF_OO65y2sQ^qxCHMnQE|X;K&bdXo&l`*pRdCu*@^|k`vEw1!8^uGW|(Rx@roxZO%(MXnzAwU6(tY`SSAsX0Xo#E~odmQx|xX!2jvg z1I^+aRJM6IOTj=VCW;z+)qOZW(2*lHIZt96@bMmzX=%H8Fwo(LeAkq$4ly@O>>$GJ}rR;uMVU-!fN*&hzKE<&H5`*!GkSIAv;z}S(!fiN-K_U;3hua!d-EFB za13PxLXP63P@9Cp#sxSs1t`O-FEZ&MDDv-iL`U{|^mM_oRvF&Z&nfFwp+%4}E%ZZB z;hXeJvxCZxgWdBQ)+z1dgHp(UXxN}wP>^%>r~)}3D>Jp+^&X7bg#Mje!+eY=i9mJe z%_qK+nbylvT@N=#jU(upgwqLQQN&kTa37vN3=}+BrnR7%4MB^@zkN3Xc~^))QUX!t z!Hu)W&&A!?CLgHJ#pVpnWOQqGQ%_2j0)q*3O|d-sW#kj zP-%pP`Hrk(rh71@hv@MMZwYJ?9S_`gNdY`MWv!M!kUvAW8G^cf%Re4cL*7ZK4=C|)g9=m;247E{v z0`}P0D<2!&PZ1Jb&rWtRd26*)Q$6#Kv?ZWuC_CvH9{VXEck)YA1lviS9C*kwa1K(Q zp=%r&Xh~|l`gn^Ab{EitrEs{m`a!7cJCD%^MbTcjWJj{zdnos8oS-yRRg0z$VPMWs zsY$26!mYXZlb09!O7JwfW~mz2YdGvsdZ30QcsYLF#!U|DKK?7682E+EIzL&oW21@+<655e%$^&iMtuG>>Y#SEsTCV1Oi0l zTzk)tR?(}!Y4ayhV`XJ{L8w>|B3``$O*V}vj(_i>gqU9z2a5kZ@u zZ0q|(I_`j<9=$?=KDr9-V>{{81?(z+1F`<@?#gsdss}zVY!Tv}WFce8NvNrghNy<4 zqaz7zhuVyBAZLs*MeCV%v`s3kI*-_-mg?zcX1yd;)b2b=gOkvH3(@%+GIP=P>E{=+ z6j3{0%=9&QC$*EvCBEov+J5QVaIz{awBl!kagY*9%80{(BTG?Pc+bTZat{sVPUO6{ z^I-eU3a^9XK7TxRU5y(&q*O^kt`d|1tni!Ci1Pip!?xYL7R~GcvX?R(gqN%#g%iq7 z$ePMQi&fT+`XeeAlErQ6``KR@tOrcqGIT2#*NKcZbHvvvgboqC&3&5J z4 g1mbvhsE1`Ow?lLj0(T;n6k1tpkR}^>*C~5DQU}O-`f4?QB(6+UKsHOsrJJNiPwXYYYxHdEftHi>TwM?ZjX*j1)-|K+c z$#2aRL^HP#eCMW2ozn?Zn?WaqIYh+wyfG%fJ{D*eiQIvytanpoU8Z_Eso~LmD^)J& zTD&)8*h0E)e!T;YGNPft8nC9$Tx)_mb!azksNIv8cNc#h#g=OTsqvm+qesaMRC_Je zbgX;q=er(fwVUwh9**k@AA&3ITYY?g1(C z`BKR*z=-6W43qgrpuY@abcQ!>tI5e3BD{wZB7Za|E@m(z2-E2Yd4e^goDZaUA{v(m z#l5~Sp=JxJhQ(7@%M%kwOolccYlC~prM;GPTVm2T)ir8TUi^mVy+-ZHm;g&sf2S$W@}NAo3XA?`csi8Pt_2P}(0#@4WjHqv(C zbXFRp;VP4l5j$QaV=M_iNZuyo>#CyhM{CztE|wfQgeA@RtXi1jBG(x2F(KXj-Q*3@ z8pK^45`|Uf+uls|&$~|D2eDnXj`R<`rlPsH z3;a|dRc~q_eM1zs)=DW6_$F{0QCz_T3nDuou-S)&>m_^Q>O3BzY>_D>_`wY8#17iM zRGOU{P9ngCm0Uq6lIPAW)Ph)yF=b{Ha1zsw?D~4drXa(8NbH8Evfh60+icy_qviGQ z%OZ2B7F;=YIOs5Xh0vd6l9-^frF4lE0WF(Q(t>WAB5oWd+~#QacGH!O>K98Q!xP2B z4++P?ODwIdg|}#~zB@x9ELgl}FaKS9B!68@`=0(Y#}E1HlE`61rFlcvX@EU0P&bZE zjtAP~-x=xkydJecvFYt_zJM8F#tIKfcTlO8B=Euz2s(3WUwD514&nN$He;KKQm(2d z`6u_#rYybzQu}zOAQU7ilxXCRhQ}z%`ggny$U+c!OMO*LzOT5ZC#8kFYOE}Kl`t8% zZ*|mXUh8n26JHS6*pW$0{aKOUH?FxYK*e{lQcje2KOwXwY&g*&}0qYQcH)tQOGX#gI? z+tT+>LiE;-S-WpxS?%2+F8ra_VCp)>?!8*yC@c%*Pbc`|SnP#3vWzP=!v0|TXPR3G zG!dF4f%rJQ<);TpGvCIw12b_t{0Zr#79-05&7bNyFnOqRhNFfVJ}R`Y>Idg>Pd+TJ zOfu(F7e}<87IB`$>(q3Gzegxx&3b=Q%hUCvCj)a*;mn=kXDg_x_CzIe`!cKi{+7s% z&l^|XCuY9HrPG*>!h7x5{-XvBaYy_qPGLi8lz3HeKjx%*r)Fe*?prASLlh^Y!a)yB zo;ccJ#mzVatSN`Em~4_~*_cYo$seSjFGPI{C%Jcz8fJ_(8tS9IofTUOwb`qEgGM1E zOJbRiZj-x@kk0~AK4p0E%7p49!SKh9ZHtF1dO)2RqI=n}&pB^z%8-mel<`93E(k$Z zdc(RQA|-4h&C~fpsZhzWS5R$rkIvWGG_nw z2NAp)8>w!LTpNliGtna9qX``PlmuHufLu~QlMObGk`JlH!*}a-Qi0jT*m0&oO{-~l zV+`+)vC5GjcE@y44ulG!E17@kt$)aw^4*Mm3g+N3PCn(G)Tlzrn&39^j%qaAdr~o( z@rR=ZLg@W|w%J&bp}pA}4q^#Qo}caLWF@# z^QsIEswT`1P?)z$d6mlC>G{875S|52O`tpUj2GKT56Pw3jVbD63uLyqJ%d_q^=w4W zX@Y%;fnaQ1axb2Xj(;Bpe`3ESq6OInQN+|DJ2d)7fb~6oKL2_jnlK&htm;nKiD31Y zwk+-V@`5ZPq*FuiDAqh!3Mj`i{q5|u<-5?G*@miadx^>p-6=TXGu^%4(5GIxE}TlZ zPZ*F&+bko+1-`DleZT6nOl_WWfo@Y)%StRcS})nRx;tc}O#8WtqU9tSUz68%?7#ST z-mpZgxNY)KmQoi_!f5=n`y(r?gNn~>GaJZwqc=%Y>;~3D^k)b40-ZIKF$!8Hb}OEQ zTZ(*)E5?0zP+haqK3Fe!<96ADk%AwbIJ*24G{L$R#!~TWQoxJp|R`%Y*({GPJ1G~{c(BMp*omG8SklL{tr@3+bm`Ys-z|Gh8}8 z*gM2Q2WS(T%9_t8na)XBnNHE(%Dd9zX%FB6NzKS2^}B$w4fw1Z=M*v)!NyfUMidB!(;4R2dD zuPVYJ)3_xYjaH1%&sUIYNjy%#@bI}CJGMJyASatlc{de@Y)IG-2MVLb2zNFu4OTlz!<4;%IR+!~kPJ^Py9 z{`%AaImvXL{oULInMzD1OKb>Xo|ze00c7G72D5W=~gOVu2o5k5y$^dVN zPgfybUPaI*kgGv;}qcGaWR9bawrWnQuVjr|zgqYf)Q#Qdgc1eb_Z+95a|b zm(e3-zg-6}jY{=KVfWiZ@?+6N|LVwGaw68~kfGf<`XeF#1%J5QGpGqu`N~^gF%md9 znG(nD(bMxZ)xV}Q;xB$u=gg~0nZU~f8)6ZeGcByzy~CEU<*lKP=>4uU1J6gwK#lWV z45PDp9(iAR5hdcQ!PDr1G#RJM`b1089oWKqly`^SQ=h!?gkzCW?3rj1HVHGy+r#0y z2h`SQQGtdUcbwGoavwEdk$Sv9`O&tu8Tg(#?>zzfiPDqV3gx)Bs4ly+DV|--g2gx3 zi}e`E%SK7ONFy|!4G8SRKu_)qrwXIEV4s($g6JP`w&x{k3s9n1d`jEfwDeXEH1l!v z1uOcdgG9%)oCa>;%=$Hs>!Eq`#Y?ykaJhug+Aj#MM56IecdJc}W)J98c6N_<@{erh zkH(vBEgB3~Rrs!@D^@_k5knAmVf5GDyXV=X^Ne|%hU4Qp$*yODXhjrP`NFhrN?6Xb z@g{M+#u_5zswpR*FUw;^U(R&uhdip*H@m43m1d?!zb~f@9FKlq*-G(WaO9jOP~A{% zE%rDXJ3C$P`+hLPIPKx;<~1z6kfdsC7W57=;Ju!bQD2_i={Up36RIYNTi)Y`f8@si zg&QvJV*isL!+3@00xoUwpJq(pW}sX8i)diV^1nWSyZ{ftz*`oOcE|;eaRp%bO&bLS zuYlhxgLSR|AUMn*@Rs?P%F3Ui3J^MT=?6&jIEN}O6dC?t4SvNBLUb;T!H69|rU>BU zdH~J@yt4&B^%qbD5YfBxU{@W2UHbxW%K=!$IrRki-SCAh#ys4;T*ud_J6tnKG>xT;Ie`dfB=I45(>^o1H?i8 z+tvC1y>JCU4}kE&#l&67f9{)&Q~QOE*7j&4myIP#6w~?)v=l^s~GG=vY8t`1%Z7eFm_s1VExJApH?w zc>yVqoc|7lI{|(GI=eEpzm*s89)kZx9iUjQH^%5vGFjs+x>0NT(X(EnO_0S@mE zEPEVb#e!z&*O-Cixxd(6j|-N3ms}_o zQ0n|UE?DvbY=I!~Uu>_(1uKcbB?Bt}fEH$~7d%%EVD17(0(@fu*6Rvs3B+gl`RuG9 z4EqmOS9T5X#B`Z*=dU9$J}U7A7vWc6&Y*tr6PE`yEY&o01H?dQG+ zq09d?1tYGUZ+lQHAmFyYXa)rM-36zB1=JDlV%vir>$hzWu6pr5ZF_KD_%9j*%Vk44 z7O;kN7i^+y8x5Qz4({TzSb;V5`>PAE{QJYU2kDud&kitkKotbUZMr@huym9n2JOC! zPI~{^^;g;Bpw0JZ(`%amyhY$em#K?o`{&*RPS4N02W>sjivMnUJt|nw)TC9q&VHAP z8J(n)H3=s>+metlF{k5~=Z&a1)+@)pJ~>9`pE^VTu~GS~W2W^>BhRRX6_4jv$TQCh zGHK^*oSm{1Id-e()~AO>dQ_=Ny-$)5G*7=RIyloG3-N3XXO(|bbfF(!g1)N_>D>1v zDc1hm!r?i|p<)ddN9e1o)f(n@m5v0z0&NdsQ*%j$jU5v%Py5VJt*H~6p-I#~d2^(`ak3 z72npK3S9slhSy}j@xg|&4rlVcDf&Z3(tLY^<}Bjd?Ov@9ey*G z+jyT1Iw@(eNLVsZnM*t4ZiIW-*i6}N+XW=xFqMTN%4F%IZL(?#PQ{7tez-49cWAGE zn5kUYd|YgAvhl!9uqG4sktjl=P3iK0hk-QS*BCJ*XuGDjy;u+56}>jO7a{Jglu`lp(m_gP7&m-Q@FpA5xmhrHRtpz~BT+ zB^f&^BI?lJO=L|E=$S$A7ZZ|ENjjm&_>5R?B{p}Mxt5IZa?4FY{^hijUPFuR&E|(v z>Td4JtC<}*Z_sPtZ_I0^MXmPTO>33Ld1jcaK-pXw?sh+npiY?Lx)!E%HEod%kU++&px>? z8hgZJgz!1uLH)3foL|brw}rt8-Nw?k36N1Wy7I#GR5@thYqz?bJ_>x1?LQk#0`$K6 z0njF4Jy;tF!v4CcuQ`M|RKN9tmYA}w$BP<@Qaj9e^Sdq$bTqq_<#9mN8re$pYV%+{ zWh!x9?BLCy$%;>|_N&~AI_;y?-6N(0L74k$68^j&$eUVC+2mqVwK1i(7n&nfY#yO9 z!M}Az*A7n~hoqbQ@t4RHw0TXW>lHN#jcM%R19NyMFcL8N^u2rfV# z&VPEBFt`Sd%jh@=!e(ZD8*wsX5bTPMJeNneaUN(fY1xOL8O^np{5j}?RQ{J90f`UR()v|TmMLS`mdsSkEw4n`u z^9yRj>v?lBb-PG^l`%sL_c~~WwUHBo-VlO<7(&QND$60d&w>HnxzU~aPTD-{lk&N} z$~&gHMY*+YoDGxy+zveP+qTl@59=O0&^7|j*Z zEsL5@xeqQiah0HDNRi-4eko~n3RC($QJhOp4Ge_clP%7hCHnz zdC|yX97Chz43Rabwof)gbEc%dS}g+}aa0o}5=|n-D<<-EJYDFxnk~dvFF(MHkL}cJ z>gdMQ;Uu_vcc{$_Ff*ykh^t%rNYODct>8NbbIXbdzFiZy6?e6F#^$f_UxZ7cpxR55 zA!yU!5Ke&FrF7be$4N&+K@eJF(<>=@t(^bdwBUUfi<9y_OXTfxMxQ&VQFY|fH0lz@ zp(USng+4IvyK!Z^Evf0V5h|;MhAHcBk;fj^jSSs=gP{C|%pZmkpYypN#RUql3TX%c%Ett4#2LI;&L!k6IIP1_B4At4E9lZo`pTQc$kIzu(E0vD zS=Jlj-d?_UgNG94(TJiJuK3Du)M*1D3NBWXB2MNn!~q2-lR5P+Hi`>Pg1N;c7R9&D z?IU`YTjqzvE_l#e6N&CcIt?BNpLf>*n7k=hjv@{jj1423Z6f!LWLTwiaU^FFVQj+p zROTPQ@N31O?-Sf0RKp{W7|@*@loo3nA9Akz=t%A3-!mMJ294xq$xEX)7xLNgAia?8 z^b^Nxj{-yA$kx->Wv1C$YeD6!i2m+L45I9gMxWvD3Hc^`C~kVA=Vg6+*;Bg%a!w;D zUs&ZXa`utQc0KJZR5@nWi)j}>4od{nvIm}tJ&@(qD>RsXov|vbZ!uR*iaPukI0{-A zQcza{dFQ^##3RLOyq*Z|;M1S-+zIc{-7_~Zd#bo&f>HEpcb$#~6Ne=;^pWX1Ba!4c z(&kXRt*@OpVD5etrnr+gL{+@qlCR)KUSF9kwPBL-3aMLmXm)*dYECIj&F1d&>^%NG zvq&;aQTyjkofKr-;}%aJn7@Ny&ZWoWd~S9ohkEp25`qS+-LG;8Wh#gK=?xAU)`=w< zhPOR7-#VL%MPVM#yQEAQqvNkZ-~8*UyN z-QFB2+%9Hz`^2PgX8@rf95$PO7pLQXxJZ&~_aWV^N&mtjTS>?(rJa~A4f!Oc_9i-_ z;rmOJGnwfvLm_e|c=Y+HYYRE1`42P&zmjFIVa>S_Lfpds;u9l)9(S{Zb$m^(4nFLb zgG3Iq!OZ(ql^pIw@|SF3}5$wJKO$^74O<3_H(rrDbXQ#+qEQ|7` z1Qcr|1r`eUw#$8PR;GPj&$(SYsVh+(#&dR<#kw93?hA>?ujdShf8ezB`)F>1U`m+O ztx-wKZT6BoJb+P&P*$+@9XP)hZ}lp>eyYRo%~guIv+UeZ1^12y}f$L zVVR|ZPV5k(os;jjJ@;9(BkCVO!XQ~}LYm^Fq}f#Pf76!zeqJg}H|qn{LsCoe&%{(8 zuq&66c)UK&VDs2%zM4f;z!-l0rYc_x(oT-S*OaraPUunY zJ!hTAnBl7XLy)8;pYFh^=;f2NjP`wYj3V2=-J6p41ux|>qxs<0ep`>t(_SBn9qXIT zk87NfY)H4V(q42`A<`2TJGA$mxL2aEs|l7qJ^4!QHyh|Q#5e6L#lLkAj=iDxD`heC zz5y2uj3oj>`7>tN*bzogROW#|MMDDb!(`uD)o+!OuEV9aR*J3*+14p#&jR&uTis* z+!OmviB>?`syT<;TG-zj0u`EZ0BXQ;rRl}zJf*P@E&G=s832kp#bF3sJ{uvQQ^m21Gn`O08%Hrw`d{LIJgYtNr zHC;XItTrfeyBIvqukX!zq3LI%_RVvHT~Za?5kn<;Zu~$SDK~0%@l%4|5KZGYH`8P4byA5ZrEF)c?d_l?JL6lWC`11B~u!+Tj zUT_3VJaZ>fFJ4R&!pAVxK8XP3w(J+Sbfr4T4{oCC#`fIr895`I_v5h=>EiI*{&srz z#0`&d`uVdn#CnVrcmHTDUx%F|qPWCXGMz?fNAVKp*l=zVYXOUBI2bL;Pd*b?D<;9I zCd8jQcb-Ec6->D}R^H`vo8+|?jYjTwvddH7iKOS{+;HWpc=2u(J-rQ?Au1zGR}il# z?xp;}!TtG3~-)u=@7gVm<2)S-`$Gl)K4uOz z&pR6M7QtnMf7-K)*1OZ|ZKcg7>9d9K!SHc&fZ&HKbXo;Js)lWj0hX=l*7*1<_SWcp z@h^Hebh{B>{vTsk9T(-+gh{0v1*D}rmJ$#U=|&LgQW^y56h%PkkWOg?>28n?B}72F zLAqPMWf!iCaIfEg`&)KqPRz{va-QeR#2Yzwz7(@j%p%nDR(s;$iKA&fYQ?t0`e2_| zHS*VohMiEP^l&Cqv;f;DB)xG*@TzoAN5a!?G(480_(U$>Q5+ey6v>aR@|i9$i=WvG zMkqCbO2s?t$Ta(QDT>0ao;zO*JW~CLs`guS^{D9-bOjx9{sFYHq*D-5K69P;DY@GhSLa` zG2D=locbculj=(PfP@~lfwMY86nY7sM=A%+l4`yMPR|v63i}xagAREpm{xi2-o(dX zr}TI%)25T|aLe(*jh!Nt7k<-yFuuu_zh*GJSDA;uw|yV~BKBpx2ysY%8hAkRn1G{j zW6isOZ}X&B-r}y3A?f$K)6d^*Ft;Bq&YQ$wKW}d|m35h>-C3`XX?E&Ymb71IOnX_P zGfkGj zK;dt|3BIG7(mOMN&h3IgSijhUqeW9nvLbFN>Opo$y_zIim-bzHa6EikxE8~3j9H$K zr@UT4s}CM~7Zy7o+MG4rJoSjQojg;WW|io8u2`&=^dB@?lpgNx%{lKJ9FLA# z*zZkuz#4HeVxXD%l*g6|vmUU2iLnHHpnZ9~TMGpXg{gHT?m9*X@UrM{{O3wq}X1|N?9 zMp%G%lfmfX)mdB~$JyU6#&I?Y&a+FW;LCp3tiWa2vxEF|*)xdZ{C@oz@!_H{1UtAe z1n`gGsuSlB#l?b3L)>}b5y-KFkx5XA0$@u7c1{q`00srl3qAl*5y+dC z;Ne}P0)!l%sW@BWbK=9lsDP|5aScQPF0yf^3WE6XZ>k_X^WwJc`NDw?-~U;*YY;+^ z`tz9pWx)gl@S^`Id*$FBR7>O^S#TGr^PT%s_6lAATA_br!4-Y}MfR#)2cEJ^W&fV_MF<-U&Cz$*@Zq$K%gNt$)pk{escEQEUUq&WD)dJ4P z00Ou`SGL*Cu|bgQTpG)z=mAw2xDfs`1Dtopxn=~HbX=(m0ogL)f{*o=aa^hiaghPe z%a#1qJ_NLUmH|MO8x%nxC0O+AJJ8ylefS-YZ0Cyq04X60Km1=A0Ho$(4bR37&Hxv8 z``N*F`@tCiT(;o~EC?FjRTbci>cCNh3kLkR3Wz*-O$GpyL(Ucegc1L@DhSW~hYAD% z6<_$_brAtle?F6cs6f}tUWo|MbpMeBljhEM?ve*zXBV;n0&vV=c=VcQ2T=BkUC5#b zKv~c;i~Sm}yVfp*^8sbS0O|FzSMC0ZD??-eU|%-S9)atS{8#*g3PnKr4k-S?)rrnS z0rK_XQs{!N{$I#~!XG>YFg59%p#XXeUD|-lI{tLLbCLsy`FKH*`kM|2kNbzBa6ygw zn=Ay(d=~!a)d9|404{12u!Cz90RISXuX$-@{|JAO`1z9jU*Qi~+yH`L0J>{`_5uKI zx&{uo^YR0Kz5qZLIe=7gk+gVzC$00+GFLJPWU+&5!XI4k;cPSz?-Ktu8VI-ihav=C zxJzDeT{u8CECkAe!|;09E8%dt`~fRC48c41ce@Zy_zy+sdfBUXA)F5=3ubzPUFYw1 zA)F5=3uY=@FMHK41i1#ZWf0*HqX0+&3x2;$%W0-V19T$P55 zUT~SD3t30LAa|S8f`9te0i(HK0vW~NFFLYcyyf6L*`I~(RXZt7e&lAsY(TgX} zWwU3ld~OyP_yBNCp0npZ09=*l?7OqQ1x6tNqABCWd@ct*So~bw{}cFNBaqVuJ@)}1 z0`Hkg2)^=p$*Di17CgLbRDh_6XDUET0LmTzssh3TuLeHgg7Xc4;C%n9DhP)>rwN^} z+uz~zS>X{>-&-FjZNi5tvkmRIBmEYtf@iB$G&x_7n(g^tv1-OG=L1~eq zr|G^8z~iacTRdc^zQ&V}Aw{RvzVd|zrA^WH;zwO7L$6J*r=v-^H+CCaUUHG@pXErI3Y-&+mn3x zwQW+y?_5ZqJ3qO~Y&c&@gg{`&wQjP zUM%Sn=#{l`u7%~%h5{DFyRV2pNp2&&Sl<{PCHbNhoBd9;E8*+<%4+V=4Np!QMio+kh@H2TY|GuZ7eNhhqNfwVTnh_dpw=8|loN88Y z3Mr+csUd&gC!Su_)OiZJl0;#3ezX1*B{N*rX)JBlU=pG>Kyy%U9rGt@6=^o1)QZCPWMt5o+WZKoD(Qz*BGh9S?}tXO z>*K{A0E6C!>mK~ZG+|$mB?NVTFb$`P3au#K)$r}E8@!1Z|Cg4;F~IlXTY323^7_j| z^2vp@gLR|hR*)O-eJOn3^h$%vaXy+MTiokzJ)t;S_|iA^dY<&^Ob2M+#ZX-+DEjhl zMOZqkt3LcVktdmKfMHxF({j0YTemJkHo zZg_+D;+Vg%EYNxwrXgjTK!~p~)WDx3V3PtFJKiiibRFju7ob<$9Ew`Xl_SzbL}5gW zU#%E;k7dO;7~_-q-3LF=VaZnn?-WV~MC+l<&`3-@w)4x=OeXG^^ps&3?eQ;Z<6kbgTcHP=Bj+Xm6#G402aH3fS{ z4mK_ubWhA;O({Q`n+||UE#tgq&oJ16Xu%0Q5-(cuC5&5QjC(3~GK}wY>lv9(u6f+` z`WQP|XgT9IjT=7oUXfrM#bzKJ4`Fg2slON(!;v6g_7<&vj42Gp+@{fEBWI0Pxp|Lg{SHTC3sBwVT-kO*ZXvzr+u1Tu-gz=_<}&T zqY0mJLxb*H9=_A;K}WsWkg`NysBT8A2A7}s?Rh-AeJlF%r$1WBYX{?8H~NPsmyeec z#>dfs=|j8vWD_gf@#L_JvdXQ{^dpK{)g3fRR011C3k2(=gQM9<>ukoxXV$g@#|}-! z#W_l!=vH>>Q4oEFlUMqJdzFq06FYIb3gb;j4WG-D{ith`YtJfk6e=ySrSnr46G#xs z-YgV;h4f}|*PhgCXZ@~kMFr8;v*`n!dU(Q4fnp*2Z{14wwb4x2hA{bONhH6~3ikRx zfyR0avo979znWY+lOydz{A+XUnV{;sEz!QD-c zYAWAsiVu02tRmmJAC%lc)R$2y7If}R)(n0e`f0dGe7TrFs*yAqsl!A`tHHSFNk42R zii5Or1VXtUYNSv254Fsv0lA(Jn56{|5)1d@3$*-Jvx}8X5#E^~f9KN0Kcx=}#R&^6 z9V*2-asA~uTJFM#_L=f2G|Fqb$I33ouN0me7T1U@DhzT+FoiWI_(To(5$umXOJ(mb z!86G48vp0HCQ~OaxF5t<~X4Uvu=guV{OA1@Hf<^V2o?oZ;&bS&Ui!!eijx> zT)n?fxbul|dvm3NOzEI^a118p!@U=yis6q8*Ir{!Bx75=6cxPnF(cb6(EthRlyr=% zqg?b}$|7&d{pBE&fO3%^P}Vn4_deQL2X17|dHe{f$M1Gg<3rw{`BgGYmd82m(yqan z_7$MY2sHOJQ$UM(0$>$_qP;+1rDM>J=LDxfUO{FcJ_xZJIUTK$hAx zB49`S;O6HyjDq{t`(8MM=$qJ0xias0)sN(Syk!xg4GTs-w*$1yl~k8FgmR!NUx@lQ z)u13c#BCHid!qV#B?Ty;(Is(ej)$o73Mg<}6}PRK8OnBuw$Mc_Yz;nyd$#G<=0q67 z-DYH&GDIYUphm=1<12)UNOadDi{RZsx?=_74IHu-w~d&}Xfu&Ei{?9M8y-c~Y+(#9 zYWw|qt5MzpSYjhLeX2R<=b&E~P-DKAsygPoSs-Az^e#9kZj}w{Z4y#845ycCmpA?r z!Q1U;Tcs|Gm_;1aL+WcoRNpI}wxya|Dy~V4zmzQ!YdYFS#8+MpHmitwRjksjx0yM$ zRcn~Mfj-j}7hcLOrQZYn2s5R8#NW1m(rTDvebct)5&V-ARg_K{#CY2DNu`FqcWA& zWE9Py=_`W@9ym$r=D7QLIpOrAhA8v-u$#Kh!2y=@TFvn)kTs1izy{}vF7&AI2}b0N z*=?Mg^V2wNP?%(t@|O9l?H3zz=qm z^2y3WL7_GEr-;==!(&4h){a}QJSF1LZ}Xxvx`ORVLOY}tP>h3x4mk$h#1T^uT$ z>Xo?DTJJYpRrNQ}#Ses0X)y0ivUSI=^=q&zy+O4RFnsRWN5#0?50%Imx0oqkB6 zDMZ!Jw5<8a?a|m!(-JOYyc7W?i z?hX2aPBV_C=v~40x$7_Ss52Au>s;zr!oA70zZXW=A3HUzSeU*pO4X5FBU zIpkFX4?pN^61_`p7P80jM4`mblq@62Zp1VnFVuWmXOK_#H2cfv$1+HEgQJwU)Sp)) zNhcMVbr(23TCou|%53>KWK;OkiRMM|z~e3hvx9ZZ53?5ibssXy3^0gQHH%D81i5l! z*1w{jw!d(MqnTkQXv?_G?+a%_9ro&VwgnfTB&G}w$0U~&+w<009p)b2UGA1nCMJYT zn25{+fe{s{=Y%2{HCyzz7_gqF5XlM5QNF0VbvuPnaQ~KAYs{by&i7!BoBMl8_R6-( zUrk%kxh?bd`ul*d=Htmh8XFoVvy)UO;n}{7@5oS@QpfFBu^1$=sp&aY8LX40`gyGcF7Tw2Q&zFDVR^yAE+{q>v#a}&sX^+r(u?c?0zO@ zx9us)kZ)7tPL`S|T3TsbJC&rRVp&EDe;!hwn51ybJ%o`#Fs)niswuf7lQQ*x+(fRYB!#18A#osMA4nA#J? zUlH|LdKzh)l`ycH3?algIBFi@6AHI+I12V{z2`pRzV+?*TzC2Mxg?+AHf4WTGgOW@ z>ij`BpGhm4o#gfFA^r^magw-3(Qo|Bx%&w`47OQ$Gtng(PeRN+px$vjP<5M7ry71j z+c^Lrj>fa7xusw0FJf)Qkxh>NV?$36wQkMW8cO zT5PNM(S>CesB*iBbzV6>Jj$fF7n30Ug$#SWfmgQ?;YqSCY*gvvXd@azrZ%hnqj=XB z2rG%s+)4W`BQ9%h$2+4tzvire3aQWWFJ$=T!&mxen)O&{Xim4jW5hyc^3OxmUchEr zJN(M^;x!LjKfz#iD0`WC5N;l;Ack6#3&Ud0>(BZXLBuTZvAZM1jWb7|O4y@QK93xl zWOY>+&8#Z$<0riIbuL+2(=#pejeh-j1U|-}nY{*)0owUT<`@8ZzDK46)^s6O`Or zq9FBcKwByS>*p-;YMCgduYETn!;bszTF(s3wB8|1h<~4Iq8YyLw@}x&(8uT#j1exp z+VRMPq@^IYSYa;V!`#<Ip`rC_r3~A@Z?3pRxWBxs@GbjJymcCdpN@O zbwG+5ASTPwj9Yx){kgkifW3Vts_6lq61+H($lmsFq&q=Y!6P|nz5dUo)0RzSgS+Bl zHk5d9!{4L1(|5v++K;ePW2auGDTl?7?#N;y*SGAHU{4J zpze2yOFvd%RfSHad`o7qJ>#q02!lHEkwnR?-j^^W+3}flj?)tczkGT|^82xT^?k@M7Z+OLK3Tc>43wAcs-1BY}h1!9dKuGt7$51v` zxQWqbaLR?(6i{5Vp5{-4%siNXI%`wdmzOlZxi|+WfZn3f90Db{)|{mc!(`R>5K1lj zK~u2G`(g~=4^1;PdJR*<^qcNI$eme}zMZ;`zorq@P7ULwt|f3n%op&O^sYVbO{k3$Og#!Lyk`UtLtq9xf5SI|>TjWRpOio}YN zB2UyeWa?W>SI{=ZPH%98t|}6+jzzL z1FOEH#XDTtu+)j!AHb!MKm0PL$F7@|ddpg?6dRZ6j@eXTBf81BA z!7D7n7eByxK}Cd`O}(j+n_L$()FqPmL-{g1)eDrGz<(joxIC9=4APFdn2)bFVohib%@^-l# z^NF3u4ZT86#JQk(`uIDra*8pYSvv&|6UnW^45kdW$PZ#R#I0^PHsU;T_I#mP^Ujl` zjEA$Tj~JPnAgjGTs+SaD{D6Uw-=ow2)f5VcA!04mlbRa6zKYS0d*g_U6+>q98?)FTyx4a!y?4WelBGsGkk8lZ@N*;>dKfXom1cw-= zN&ewr@@K0}yJyNg2129_dA^dIq;V2)c5^!`b<8fqJ8`9%&Z;y^26k1(vOrhT358I? zoiufeN{O&t&WZ<_KiQRjaFt|iYgtdF+d7RNV+M@CFCk^RfxD&$)$sKP|5v^6Iyj{j*BuH9N^<= zQs6frjPC3M2wpn-aE@JZfX8+A4d^KT>@52qi&wfX03Zu3oE_wYp(Ehg>;-@YxTt~- z09Qdj`x6KqJNxkeSb(g?aApCFO#`Jb5OM$*AwT;Dbd4YQ;i6tY0F3GXWe%V=1izOH zaKSzTfQc|beHU~bz(pe+0JxFP*`NNw=l)}rKrjr11@N_Op!CJ1Y{12(YykL%@Y$cv zcLwnLmhyjDfIJ=tt`fN315gc^4s-V5V%5Qg2hP3$F$>N9T`^26T;sgW+c|5^;@^OAdaiG{hAc9K;B^ZXlO+K%j_V90ts#1CIj) zg#KLzB$jglq=9Qg{9P6Tyg5U|K!qMaEEoW|vc=hVAUNsl11Mg>xYF+e6%af)u=x41 z{$FSq$jHS$oQ)lfhJl-motgZ{DJ~r33K|9)-Zd&NJng)mJqU0C``A?#5Pl1ZhJl+F z04~~-0Kn}@&KCeQva6~f925xifS}#;g#$rEV07{f%D>XJ0IdFeCKrs7f04a{5kVG> z0Lp^#CGgJu-7bU^0%gHq+V!$m?Ls&oP!@#2p1aQ9?Ls&oP!~N$}(7O7vaoD)>8{Ty!S_{O(Q!oYMt8;1aDCaH*jn zgbGmZI~xV)iTIzRfGj2fnNGk3e*hQ#lmOs3u60H`@Z8~53KSShCdMjA{Kj{R_ zQ27_xE8zvn@dg6j;IIa7{@?9F_##ji9M;#%UbPG1j8dfF=O5Vl{%-aXnFqvVJNMf^ zMXy@DlmNj`f3WZWDSCC0FXcb*L;rfwt5zY>-=8V$H<=#*?oV|#5OD7*pwnM|m$|~? z24>Q;mvvAQ0~2blQ*tSPKz0iRyX+NC|KD{$@G8JMAkr9^)BkrJkg4!&7QZ?Df0u>u zyR$?FCewqMJzzTh*>|9q{j(1c$>e;6|6uk&whR2f@)snn8zO&!X`MimU|uOW+`%vG zSMnERJ3vSk7jIx-X6ApZfN)3%6&Fq60N|!@|E&VTF)z6M=L>ep4X=BLfuwa`aQXj5 z_DVoN(z*Yg=K_2na6|H3MpVWFM@lf=YHJ^?q<*1uw}~Ya@oB9WC!8nqgvDuvaeeDi z7qRbCv`ATP)|2+q)tm5zcutY?z0dxk_Xo2=TMrJpxY$)l#z|@_U3a=ZRMylu?Jj%2 zwAXg(f2A-AXFXqMr>(j2^4Er~{mxYXSApZLZhqIp>9Af|nGL^toiy-D`y-P7}7LK5r^i*QVD&E|%Cr}p7 zE2v>6oQ#W-&MCe(8J8q3bjCQ_<&~pNdvR1VqEL>iL`qofSIX+AnoiqE9rGGZ?>_^2 zJ;SPuatj}FJ;T87QCz>(xNr5Ercw5hepbvex&Ko#_rXt_&~LEr1{E&YaB9$p5yenz z9AUAY%9ptNu<>N(QR$lvUySf*JBDVluCIV)R~31&eJhyfc>68;8d)7Oll)BlyNW z7@2(K|;Wx(zRL1Qu#a z-8JAvuvMJ)^dlh7Vo%SMVhvWc_Gy(*>cPN&%Aw@!323}yGbJPZw2v;hc(n?d{4)<5 z{+&(P@@$uM$4(sQej~$btWR{)-z$_)mos)WQV%q{f8;te6Hud@vOJ9A?}zzxQv#Vk z;1JIE19Sq(E1vI?WQPxlj!PuIgtQ^FPao6ku(=mDdZ^iac#RbM?TM(yN^c|8Y`YR$ zI0+SFHm7fgZ8Ngtw^SutE;vVC@~@g|4`cKJ%_B)*aHvv!r=X z^lsVkFLG~_RbhyJ8tpi`|ATXfwMuP=WnrXfhR9gCM+P91o z&`lQ!`^9bO6DmgD> zbFe^)U;jB!cf-K&mRRve2j5lH4a(+-d%h~Hq>_)gEe)rv-8^XndM08V{P8JV6Q0=i zw)W!2C_Bcv>iIIa6-dd7*u5eraZF&C*`um1HKR2Mn;aMGVP~U_4CfOcBR|>Mz;b84 ze{|TC6*Dl7jP{}FgRH6_!Zwk#xJ;LmSoM3TR)lv4Oxz0%zH0TqDnIY#ia?hjg`f1P zVKLFM8P(l-LiqOHVEX&+MndexIV$`|P0+1Ea*hgwrFc$#`a5JN6uNGE6mFU@FC1{l zr%#p|?T1}I)O?d@C_QM9@A$&N|KYC3XxAN<#8Mp{s^*uEP$JFoTIrC!Dz_oMDr=iP zp>P<-eW}ktvrX7XWj}y5L4&isiU6b7L1v~f7m88#CW3Jzrlc{jS$HdLqi}dCLRtRU z4nDqW>J3c{U(fL84-U4`vuhu zRe_K15q-W)?rk`tmHQ2344Dv#jLc#b!gWiqtTWs0#7f3znZMDHKu+BbCnL^j9x#oM z&}|ZMuPrlB-JY=*napw>uj0!KO!cpN6Gp83=(M4 z*(5$@I=pw$35=Eyt225b-R8NsneqA1)x4OtKNeM7B~&mimhV}VG>?^K8?6MF?2klhujPjXyj#oatlAXLKeO~ zEuPJ-wDvPU*N(NAWvfHBE2`#s1fNC*^!M9Q(?kZFHQl;{Y~N&eBT$H5w9NKzd?sCd(XqbUTU0FeV;2 z4|HE7-XFwuIAZDsq6mp{MYmaHSf+CHxHlgdbf)7Pat+>l9l0PUr8N1|AO)3n^kvqE@^8KXCxR+TZ*@=~kpIZ*b z=vE2l4N2ZhR@TI%kpcp?7(Md@*?c=FDjeN6J6p0q`C%*22 zcFFpDIWyJ>mT#U9gT>4wDv56tnW+L(g`+J}+GsyifbGc!mdihh;x@|9TORjPSs!%U zvrKZ^WAFFegkyWC*MN*sv7ThKzqq_w*om+D4m$JqnM69ll+I*|BRSQF6H$<;`>Tc^&pC&S!Pz zt?nCrMq@OvTWKh7kGa2gU=^ELtw?X(8pt5Cy_10zJ{Q_V;Mq^m54Yz_qCJW`;JS3r zU_dM(HvML<*mNd>-=p%b`-^?zEREr+Cqfeb1_|HanRv(w%2?(Cnhox^7{l>cY8(y< z|1^c`7K)Z|&qrQB>A*adsUK#2V~dxU9Lq8+hzWa7;^wc^syV%h`Yur;)ZRw%ImUEK z4gcJMV`gmB2G}QCJ~s&1g=lx#^_>WKByut1LuJy7zLmfZRK-1I5-W?&iLj}vVpkG= z`gB)nkSqOq|d4=C6s!X!=rzS*BB#k}C*vMk&&jf_VG=9@#Y+TgUK z9^L{ zZIvF0#lYjxFmv91Q}ksnih9CWu)g~P2A;K1Qy;2Pz<18jsHWRkS+xBARb;tG=y+r~ zDB8GjCfUiio7xdd!%}w^N3sK)Q*Gmn?gCVPxXn8MlG&FuL8=);m*JA(EiHf4s^88c zDLX1D7(rND;5!BgmPQGF-HOi<#^t6$T}%}a^3BAPRu$FoE4$}dBaRcNqe)o`(@RQ+ z&Tn;qv&h!K44yH%$7!|aqi`14fuP8Sdr8B5Y-Qo5YGe6HQVs`@VL~>W7turT^MSeD zcQ4zL&Bwit6Sr*bVPfG?@!?M?fxUVNZ&)yU*36~MzYnf!>Yrm zYAam0&bF`EVUL<7`gOluSbe|Ot>K*f75k{CUrRNRj2n9NGDSt5#}HII7tLrn0QH7S z-x~$9#y&_CTG*SDC5@taO_uhE-&I75GGg{aeC~%z?=U>rDHWv%h;YND7^oiWGn&b< zo5Ay9s_Ck?Kb`D2`L(f*#X6XVr&QwyCG_asV+*^mUUvaFg!jA+i7&L*Pe|guBZNn4 zd07p7a)$Bly(0DSb5F$U?hBw)FWxm0$5n*&lB1Q=M5NFf7|F4GZRb<|@n9Weaxm6Y z%;DFKy^*jMa^5@0k7iy!!7##+CVr=>$GDIK2knXolOiNiivU~6hSH56JpZITiF=F|(g%!L&~`T>DDl}Zkm zw^CuRm5BM>DZ98MwO^f@)85Hlhv^?SXTns0KKSCmKlyCrMoA>Ll^AoCc3u>ockzR5X0hTI{f| zs&YBXEYdKe=m4RdP4{<0(McbAq3^iuC{I0)?2Tat*iJ%kdN8Wuxj`wF4ysC+Qdm(My7s`mGm3Gl;v5sJ9tm( zS460v+dgCx5@5BU`kYmZe%LWFLVQ9o3G0*kAj4A){*|7u&HFsgm4pHbWK80hy7mDR zQh8#m`Z>aP;RT!MygEwqhb-@|yoGL4=qnpCdW=f5x!ZW0(mqF>i5m=%PZ^FdpsuLp zFHO&H9~(#1$=f17wj07IN-LOa=N%Pk;J>T18zk$)DQm4Mx42VwB**2|R3h#sSuSmh z{S!5StVAXeim$rkoheL0;5Oxi z+Bo=pbxXf&YkUYV<2NvQNDYJE2y3YMK3A}I_2;|s#oC(@0#pWvaa-_~(2HYa-65ru z@Ts^;YORVocMXpY9lFB{@4#ERAG|$!jpQ7Ln4*qBf^Gx?cd=Zs}^WSL2r=zt|3yXbHeH3 zPVqtQRDDzI#)OqTwz`qx+6Y4&m@|K*W}A*Q5QdwxM!qpE_-cDW$_)aq#-LBz&!Y1uSVC+HRPD#|b{vb@#3Ypmh7=pnZsZ_5 zoKd%OezB=z27nExFIs5ujB-nz(@wGM8ubkXrhq4yKAwWap$E*e@^sxb&ehb9=71T1 z0Hv(zQU*u|X8>N3l3rQKq&~El2pBZ>Z-i!RCXNL7(3!og(E7 zlHP(NfDaYZi+FOUh+fE@R!ES3c^sKFvGf^UB0Cg(CL;>FaK+j}SX!kI z7pwS;6+)<=$v|V|m-v;&_KL(BnTy|XUCFx|Zkwx?K3r**3WB!};Of z-;byu&KQA5RN%91@WJ4pvR99&AkG*s%02+Vr;C5eUO6g;ysi(F1s`r-FMHK4#Nqaz zXT`tEJ^(;81<p1#(G@PhQV?1NCU$@UFYr6+>Ruhdk#6kwear$G_@; zIAR3pxYYRO95w^>Sh%#Tm&O5kc^`Drd3IKOj=28KKIG;7v$JAwwFS^wG4}=11G*xA zb|n+s>K=S#dan47vtp3=`Lh0BXT=~R7yIxVWxBX}4gg<52Ac%aN3NU|U%9~#hR(s) zv(H9-w#4B2FXs%Dt12MS7Vu6&HogIHUqI;Gpi}ez9u0(p0(SunzknC+(hgpCW(-pQ zJD9-%dA;nFzyMA6A6anq2LO2I{%#k-34vn<2jum#SL{OG-v`Qqp;oZ#{M9bx#eJYG z7;m~>_Nv`KL6+Ybi~2?N2QVM%ztRAR7j@x&f2INO-km29NZ9F8^g-U)zmf&c0mHxQ zxZ;02zmcnR;P9_HAROzxzuG^Y0lC3ENeH8m69PBbfh4N_W8jYoK^6i4c`rml z1QOQR!I}UdHYzwJf+7Mq)JrHjn3Z}yIdBv}qUhlKevJ~yoCqegUeW;`42bvvWN2}7 zfC*^8m%sBo@_SP+Ms-;s#Oo$_P>`_vd7}QC4#*^XmLa%-uSw@`y?>q1b;%X{e1;Ic z*qX~jznoh+&VLUi&vJkx@@zFOaw`~tzqBTob1PWP8s0T3K#A#W_-88%e#81#75|-E!OXBTRljrVzpA>FTfv#=8g9sSnFyr) zd?M#{Hh`^c!08o&R&rf3g6z2l{HFz!y{>t=zSb&);{iSHKSck0%i(~e)&jE>Nc5VA z`L$Ld{0{hX^&g^FtwQ9+f9D@?aIv#M@((&y%mWFb=G_9>}vERX(9py}=aV zfEkRE-RO-$me3{?WG&0&{rX@>saCmv`ODb74Kk5?qr2PN-X_5qmsLp zZupfcH)rgZ;UQm48v(B)%cCOQ!>Jdit1-;!9RgKOd%NR%eOvP?%=e?1YN}a6qh5Q` z8bq$vRPA^4E$&X4XqR@`>;?LEoW#S)9Nqcxqc*MjWN-WVkC$S-9cwSCV|VRCi+5lT z+pN6ar1W)e4-MQ-c>c=-#ms&vwd7Fm^vIXnd0k|1{Ght&jXvW2z*LTah&Eq1Wa|f& zIGFki^z({*hh{hJ2J<|0sxmN|n&0}w*|Lkq+S!#*G2?y`S4pGlz%s`Z>wzjDvm^8$ z^XsC~>T`0zjnh>flE`a@_HM<(y7#Om!JK_8O(fAA=>=WaTSt6R+!(*d0a!R@9x#)s z26xgl3J9xWi01DFAq_l`lw#r8N$u!bVo9;pL9{b_=kVo`JD(vcF_AnGTnjV@7F4Ha4N-YEeosF2f#tUvRc%5BOH-E--_}2z}CQ* zM&EK7p{x@tgeNC>XSos&u)0EM$uY)iO^rYZXXtkrDUXO6rd#6nqn;2Ohiq1SWc5^; zAh4Jpw+i2ojxH?ziHmtq^0NVT&QN6Ya)wt}>reWjy~yx=o_!Ji=U#oG!CD?1$(D~g}&DtAQ0`E)0HN1OP42<=IgF?zRB zeb^#A3f(%H==g8sHa5PF&gG3|M;#2CV}?!_ZLO#d6vM)dtD4`f`2NoHy{;(tf_&tl zAxpM2fF{9=@P#_!qf>ib#$A(Wspam&>7FHu{C7L@3mY`;@zfd7SxVi6>WJt_r0{_{ zs$pFjeS$&~yY={07L{SGpU`gR^7W!!37A_N~ztQGAvjZ83G<^l>Z&zT8FyT9-SD|}G2 z@ZHc->T__h@mwWd4>>#$9wT2TWDGK{u2JbHeBAR>kgBQneORiPTGtiy zf`$p1LXmi+*E(8E7!m8{6hi= ztEq7DXmM&dlS@-i;9DFuNheC*QtncHE;EZmL96uhW}h0TM`Qllho@hCv(j(BR0=UN z>N6#I=lhPLqHy+M*Rf20_P|^b#kOGbEGvcWT5G}at1(-Nh52>vkcA}Az`O6L=Ji{x zaC-N-LlhHdTq096@SqnkR6~FE97^d$BfR9~3%q$ZWc!0fST~<+@V2}d*J;`I%flh+ zzNXm@;MM$&ulEl|k)3vq5BiaRRQ|{s5;kA9!18(=rCl_8x}YL1u(bAO)0bo0I#z>(k!c%X+<5x^j!F;l{9y)Vt!hNLZRdnSy7^p z8C{E;fb(eQ>s8r7MRAMvG1t-ZyJ8Uo@=0B)GK9UA)@8I=q*4T8Y(q_yvurCUY{EO46pR z#m|sNp=e{mRhT%EnSgc`moBosXrAi(< z)qRwl%_vwpY|_52#PZ5fwSHWB1>GulH%jUGhwARLc*ClrFh`mzZ$A;Dd>Vtdt7zlA z^+-+JbJtbbsaoEjLo&|c!*Hw-)(F1kW}IN~1dI^)xKzQP9Q=sGCYb`c@)v-QGru+!3v2z>HPj#e@4 zuGX{>QSwn;?8!-N2>HlcP7Px-rGNM=vyvPj6E;&OhaWe%q^rIB;`YI^`=ODq5E8jE ziCL`$1A>BnUk!G--e+t~9&$-nM4iHg!FwDT-lC-|ZP5E(Ths2L7S1)CJRcb8t(KM* z4lQ-W_jih+#25sI(Z-&4YSQnvj|zUM>4xG`bVYdNNeqAg^XQt0@CSbBWjy0{5BMg{ zyal0cF4y=*?Zt4%EJA{=O(!xhQ~yuT_fS{4E1>Ojd2WB@)korA9*kGejCE5jwHS1z z;yoH?8@7@vf%P_PxhF6^1B=m;Wivm``m&>I?Y8pg6BZUu&Y{RBZGq;uREN<=zs-&s z6}nV!Zn}&M6Mjs5WN^f8Ak1R@%|K3*J8F9iI_j~^ldi`BgFnU9?>=UCS~5S#+dk=I zEP3Hj*KFA=O0g7MlK<0^DB_)s`<;7<*b|}#mi=`%l4B12l%<>IT%Vf{(#kkiXJLAC z^I=7uEc@sKZ+ts=k*Oz8uc1z+Rl>^~g$*BPp8&MtInzQIvqg*VZcnI8(0%NCP<%4n zZ60mGE`);fC25pvCHL(Y3nMCvG0dM@AxMK&sp(uzeYrnJTs38@Vq|}I&fDmru`}3u z<%CewGITo~3H;1Tr45-z7(byWz*aNJb6RlPrY{QD8$e6gC3P-;hkCORneDNIJceuD zuWEV{<*@$#KxnccW)yZ!&4a_u4ra139qay-N*l^1+0Jr`7>iiF2!30y<9FI$i5?K_ zs~u@n&QFc2xxGX{f4~tkoyHT$H65C&NL!5Mk>gw{;feRFs5rRAD4p%;2f%B}!dK8= zTu^b?l50j5LqB~QjhaJ9-|^{7TX9EE?hA1(9Qg+>bE+oW@G%AJ*kfS%VKd@ zSWl8^%e!3f+n*wm^I9e;MK{>qs#;gxM`P_>iKy$09`3S=RA}zXQ2E^X`2~up$6HKn zeFx0OZ0=Da@7s&p$P>?+7JqRUDamTpl7EggU`49tRK{m!^@-4pxU;sgt& zaBlYp4Q1zG&Tw_S&%yKy1XGVNsJjmw5bLt{t2jjw8Q*=a7F|_aCr?9S}3lek6cT*E>H>Oox5{C5a}nj9e3w`ir4k)k8bgOlF^|zCIsu?YiZ1 zr{ukgVacfIlEtV9_1-V!HfqJOZA|p3!2Mn5wSI%GFyx!EUi#vGUs8N2`93meN~MwV z8%#PWzdM2sv8nKyFP#cg=VOn^D*iC4;x5h@?IXE(pWa48Wg)4T-ttZEn-QvSBb%s} z%kGA*b|xfHwp#G-Dt=5KJ#MiMYf2~zHfUvjiH*$!s|K zuf%R9EJ4$ASY(T{M(5|OlqClj;XhDTxc6b{dqzhsxnaJmFty^xc2W84XdjF~m)km@ z4fR?_C{&T}+JwgYur6a4d~~%Z#h5~EQ<=lI6FhvQt917b<=Cz&o6-;1G5Z9on4R}6 zP+fB^oIcCKJ+#{u$dTl``m`$th|=*JwTvR-Kzog3l%npCQ;l~n47IiCMW^!z|1O?@lroO-)P z7eEir>(f_@ZIM($4KI8^V)o~}DaW3k_Y5ur);cr!L8;jc>jy+gBsE#hSo~Uu zI4Ia1hNXJ7;_7!C!F~;~dHb|aA)rWy=4aN4Qsq0Y1fSviPHAE8{wAA|bDlFkOc);g zs<8Kexws<4xM!x7Qpv=)dwpuND`6?IIwCfg`S6-Rq|u>Ed`*RZkN%mRf7LG&k0rFn zw*}DPuJ#sTO1|U93`dYU;;xNa~^?^b@J6;LNGjU-*Zk2lC8+Gn{?39bjC*Yr(niN$aA=1 zW0ALP(R}ox*KnDhqfmAyTKr_5h#za4$^9M>+Uol(+A*B*E`FyfJrl5PZQ#jMel;7x zH-%{h<}{oA;?*(;xX^cACQ!#xy?ge8?@4+}NZ6x^?0_jILw&SniJz2B66W`X_8NTNH_f0p-zwfDT;sR%eul?k)yyD1_g+4EGa|xpQ?*%D zs$&UotN|5zA5YbuN||Z-z7qicVLrwEK>flgYIx4%mzrDA#xfu6_?Ni$&=2xsizfB&DY;^(nLtf_%|MY?@%98 zlX~10FMfv{stnnT$srijXSKbpQslXW^cYSmt^InP-o@m&EoWXUw1P& z?3P$eP&`a`76ZU39j9V>1KT&nXprip`?UYZc=c{qnet+4xLg92tH&Nf1eL+Mk#t2I zOuulFYW3T>w-oF(sFu!Hd!8E9l6q#;1QN3?Zn9=6rOGrFJWaN-((E3j>ROHQ>~eAI z^arYTm`SgR62uOf1DeL~U>8}~lk?;-Ku}Khry|X6bO0y%( z){8BwU<}Y#?l;hb&tQAIiP$Bi1uwlGPae~-rG@q@GY`JJ@qV4@2wUBlmw8>vi}>-U zVGK$vHF~X0L2ms|iM;`mYDlYHAHONd@gURTp^i=rwk#MqBrrI_7#x30%rIPGbm1nW zY8*7}%};O9ms5_5asIew=bzwg(N1S{v!6wQjgTPkUXXEN{~)WM5N>?fLR(YnA+;33 zGCf1XY;DuTiv8o#FP9oUN+SqLN=So93KB|vJK%AnK0coFopavbf45s^-D}pY zH8c0DbzSp1sYuqYQIgcc&XBI*AAB3HM! zG9(P#6b4ztwtAn(&Ln?7+kihe2K8jyz-b0gSmZ5+XYJmri1 zQjV3VyGGsT$t!7zBd+HAV88kFH?8TBmsvf1RbGJ16eS>s_yu{6<71+)d44$s(;c7SHV0PaZ5i zvaPDO!GH0!{dnibT~1H8mQpxX|M2@qsJve>oHv+sRR{MQ5I^BsrDc6oUoNB*rq?}1 zEjQA5MJt#nA!R`L-w8vTIp+2{v8WT%?ZG&t(E!~OkJ zdd~q5&B|(~9-PLnN?KYc+dDEgpO1ILo%~m4H%{cWUf}ty_Mg^&RXDQ#eBya?<8;Tw zkdZ0I=B6<{%xp-sYDSm6AIggQ!?M}~Ydaq7w6SHvt;;7kEx5p^=Ba5k4z#GI;Re){ z$Nf!L#tYYEcX~2djZRMdPZ5|dB^j9O{Hp#5l1Dl_(FbO(+0S_!K#yk!`@lyC!3r?1 zp=j@7Zm4LjX9)$+hO{}8A*^R-Xl`O@sAz2R(4Lr$ff-oQAjc@J=VIkxf1wRjKI3~T z@2q+TR4V{UV?m|zSb@neP!9Kudg1%u{G6M-z~lg`O8A~VgFuj3na;A{ASvLC2`G)n zdO<r3oBrU^l_zb51$*tAV?y6jUt^SSg6jK{^qG5{?(t`DLyY znh^q&WjtrKVLxZJVTZ8V{9si@L;VXL{u3p{cPG?jCT4*+GlV(^oVz~P@qiUIY~@px&KR zG_jvkG_ilDXae@@JnoegE(n3jRD*;-s^5T}Juj(ahbpQ2TOm-90Tu%BVW710lrK~% z;NJ>?3JZ{sbA~7&Y#Ees1*!z8d^ofJ-*g8m9Kb@(#}0C<21p3F;ctaN^H6|=VEs-5C@%%a z1tfTc4If(B8Zru7*%}zyiddOj*=m9+BY;=AKz;%*-;9b@<|YPbzbF}-=$ly@+Sw5^ zF#s>SV!Uf;Vq|Pj%*?_7T)2N1m#QWP_Qt@)lNI=f7iHsp|{>B@ii90~<1fg>SE##0oi+>gX z6`NoI;E5e108(x7&jO(063VtRCI$xP{~><_dFQ|5kkA)9{*P4qQ;!4>^!dsNTHPQ~ z{NJ?NuT}fWC80S>Kn?*R`v5uwgbwa(FYr5;gqonh9tEE5K^_IJ`uYO_Q1b{_0C>>@ z34m1bKz1X)(*SDugc|q%2c}5qTQC1Nn*Dmzf1VD%0(pHv zABEppq5dKwy|`pU<9xsZz}p0nLqk^Fe-;4RCP7WoXO}Dj1%S)_|3Cw%5=z{0ZceXYd@LM?n_d z?{sB<=hIMod$0gV88uJB1waFzpp5(fz!V7$tNPz)_NNXBjnMkP)a)mJghqma zz2SVpgkWgSzU+VFkI*y|`#YW8**`31Q&| zwm(~P|FQiKpEYMU!AcQ>0S{+~UcZS5@ZbM;{qf)Y%7(_>{g>SF2hIM}8=>KRP@4T0 z*OXst_LDP0-|q`_CIAGF2Xv;h)fTcLyx@#?p$|5|hlo%cz%!)M*-fQqN2wQ`>0qEZ~PR|I^748h-d+8uK4j`}Lsz^hE<1<)1_NziG8!tM;Qm z0>D_rGtERT4J0fLfQQ_`^c3jW3WT;ZJU@zK{(iOv7JdGg;N%*VhXTL=%QK0;ft>)e zL(s63HC1gZ191$GG+mp}?w*RbT28x8Qn8myRH*}Eu7tF;T4EQ)-3(BpvVry8TFpDj zFK!ytcOzh&^}f-6AUnO0ub3m7!hhVizOgxKHNF14qGB*O*y@D65%s~9%TbZ8zi*|&Ohw3ODca&$De-Cp_4l7f<1Jt7Lpw*J_3cX@fR@6&@M!r+y?l7hi? z9FD~5(F5Z{)HI7nEdqmkZj*eTCvFOZdycON=8z6B+K{6hJW&Vtjz8^oC8)?Jh`$W ziqbcpm{@Ij6SZaSMJj*^uK=w*YV^xxZy!E)re)Vu}b&4Spzy$zN+;7`KvT)__mH3*_?Mi1`B&Ps1O?CoBD1k zyc790#WkT*j$NiF-dX>I1lGYwd|~iq1xK0j2NB&$oNH>Nkw)+~Uv5bpt!3+7Lgsw% zuq+E+y)0b354w2ptRFFCLyU^J@KEp`s@;?-d^-TYfNYet z^|0khEKxN+^Gih9`lq{V>BsO0@)fE}veaur)b?=KR9?RizjRIRol`m|$&IxLile6~ ziP;fOnbx(FHdX;}@JgZH z+xQY}zA-J9DQpjbAidbHIIGs|W?O%?<=Bh}Z7Ok*Ui%K)`_{Fj4w01J-diq@V~5YjM?p0*wTBbKag==Wj0&qmK#ESiU1xb(er6}#R?5h09A-8! z=XTd|$9PVx!xCZTg849MHJT6nLkraXq+~s-ad+H!5d5rH|5rKJ45tK#KQ#9kgo@XT==}PN3i2mq@-n{CVLu+Zts-> zzou4~*t+M}a@A%D#yX4&+p2G})#zXSoL>i^Fvho?vSoL@)ukmoGeErl05N5zjaMbtc?!BZP*U(wHUFW4vDU$$1lNGf)0jGB^yQJ^BK%Zd!g zQT`cE zRk11W`G_ZjH3%DPQwh{mCam;&@JRBMTH%p)s7C>B2sod44;B+CEgs??>rlg@U_3Jp ztGK*yXmZ8Wc~;-KGzo5%0=5o$vOK`NHe>l|1=@jkX4)bBR@1Xt?bd){__->px825K z=@vFKd_4Zy$L+#uspaC4)Inp~EjpH}Tzdj1j@K=g(FQ*?H_)IVzEla~H zK|exKzCx_TDkV*XJ`EGzC`6=$Y&QCNMW<1h+nY;;725b1j5=J6&O_G;pU>%Wth60z zdkMd(dGz^2UR7&Te5h1aWDRd^rCKjEm0c8O%$@6VM1N>}0rGlB)@B}V6$?VD0_yiZOwYC1F%P ztZG6}c?r;1QO)a^GCFwbmiHN3GTMu317|?%-Zp*33$+@HPNs>Q`uvoOF#{9B3sK!A zZ#k$PmV9{Iu1(nqh1C&@=s&mTqD`6WI+6-^tkVI+ECOEoUnX}ao%CZb=+l!7(EIRw z+A;Hk@=C}FrJ0d0M=q&_Vh?@tM~;SoZkr-R&q;K}ti1NHX9U^H+zygq8TPDVh7IpN zg~25{YsahO;2`ED%OwhCd&YQ{rw+!ecP06pIK1~W(-DNlo3Ks)~M$HxkbrnqTX` zy19K>>qE~fnW3p<_2rM@W6`Vt>B%gMG8NikwtS}2>%NEz0_vn$8rbS@izQVVB30S3 zo$efAEj(kW*u43g-Wpx9mM2V;q)xBzxn@i-Y=>$v<0KtJi$~7#L%9foPD61s3r>q3 zy6R6=3<^0Cw*hMrnR9&yK}tg*PxXeod35QQBp&Ic8pvyWB);~|=H5FqhX66&;aQ_> zajUm1I8Mq-dha-?oi?$*ZG_;q2Mw@>+LR&L5NUQd)LI(}5{&d7YCl7RzcTX8n4pAq z)c5$+bzhNy)S}mcN$qAtZ26{7q{#LpEJ;+hP%01S#$H& zPrgV7@mRd0)XBD=mD?~+VqKhAq;hGBnOXJ1s%TB3)}BNS?9MK-awTI)C{c42G zG+Zh2@G}`EZhXy?bOM8ghX}ibU zx8DxN;=l8O%?%GtU}NzKTitNMZSFTAYm~B0aQ7yVzg=-dt~7~0(!~zoQ%2WOXfqVN zOJpnZ(%TcWB6{QW_{;QKj{hKEtnndlLj~2ds>BpUnTHw=rHNCr!@CD5pfn-I41(Xv>9}rfps)eBzo+H;xXsGrIS|>0z`DQpeSxCXZL%;1&)I3?9P%GYNJEWW~Ucy+^QAZVs zqJ?96hxnEuI~HrT8RvVlFo}H}!}n|$i}huX3||V~;&0z&1elNCo!MR0WW8;;e%To{ z`f^-%?BVcsV)eY*msbo8Z)O=OmGg0R7>Fd$Ce|~Ls;h(H_bq+>U2(Li5MiWtS)Zj$ z7hFoap`VVWMQeFNvt!sSDKJe#yCIa3F)xBNOMT2~uldro=JP!K)5R~hw53hVSGn9(akb)WyoJ-B)_EEHI=xVToUd;nA;JnQ@=& zR;tR*I|Gi0q~i#rnMmANhd*VN?A?9eKsb6q2$-^889%B^^}rDh2bHcXjO)pOZCl%mIh&R ztyxR#R~E?nB0cr)%?uw2Xi%)jP-glpFBkh{N1->pE6Y?o^ww3Hsohj7akB9GSFdn! z8*lZC+XX9^0`@g7%Jlv zVb?Uy+)r&?FiRt)UF-%`HyrBao@ifwl#jkZaUa(m7Ut!oE+N4u;bPN!G#W7Urll?9 ziVtZUtR01ujh`vSC0Y`N54A77mskpOCwe^@zfQtQkDKA^3!588lLB~fji%rGE#XUZ zY_C8bV#QmxaVp|8+WEE>_MUR0e~>9yc4i|t*q&i~5ClMhb76*iThQ#WZ`v^NNLo#S zE0!%W?NW9bM%c2ym_xoYp`@yi#?|4NA+@MJ`I^>=hLw5#^>n#(<(u;hRO=X2h-}xe z%@7;kSo>iU^i*eN8MS9|6Dc~yl35pTJS6{AMX$%zv=1k?snacJ&UfrziN@C$>6g+1 zw~{8aL-|zQ>El%u76MM{6Zp~>l9|DMFQXE&`fBgX@-S}%Szx0VMv|Ea`6iy?Id?o) zzumTkMF*^0HAD$GyiOdOd8ykLCqSm@asK1@J$Tuk`=Qs5PXlfR$lbonM$U!~_wL=z zFh;X}-MCu73Ftm}MyRA|aK3W180-jppgIo_lW?p2#2R8de2o zSsB7U^L-pjMJ=bk8WxR?K+K39udn53#$*XsO16AoE6CwyxLb1gXPR=PXt>Md8)=@X0%3S?K@RNPfoghnCED}wVp;I(jNtaSh7{W$a-bQ}i z&2CQu=Q+Z(%c<Rj}bDZtA^UYR5mzftzBy6qskf~gas1Em=G&BJ~P z6O=n;UlrYEFDpvsHD9qO-|Q@uE;TyhP9u$!+M?FlpC`R*%4vn~QQmqx^VvtiKzYJQ zBwMZISJcBd*E@44K4Y_}>8DA?&_r96T9JdtH$xeb*sq+fg1GO^JC;)~jTm6A zAv41fg@+u-q8(7gV1C=hyaZq%AXU^?M~gC8D5pqO%zE>o{aIJJ0A6Vo_CT(0?$P3o zS#~UZ(vnp~vb<9;t*wp0 zW`?9H3z4$dVl-lAL%3P$RBFiv9mP&Vq*u@+UeCzQ<`}Dc>ViTD(Q;(lQeGnST_8Wf z7rJ4W6I1(J!u>2w#*-}sb?UxqGHdm+tgPH~GS}sj#Y9Otv5gg!QA=2j^DG@B^mj(d z)}ItWB=Gjr4U%=GB+dCK8AV~>>veqj%p@6l=<@#j{+O~zCEO-5a}_z!Mk)XwBbH*~m!ufIYq`mBVp zAAaXv4{ZnLtJ23RYCd9UaW$Jyk&oR)SoTpJsuu&N>XYmHymW3v?b$z3u9|uZy2wNv4Q4x)zr_bJ&x){zmFRO1( z5cwwKGFfmYbLb~jca@Du_-I8*bQJL)hf9zI-VIJYdL^1Z`V_}kT57$e=I$3pZ_UQw zU7V4jJ24gw4Ev?l@Ci5H6qv2qT_Yfvt!G{!15I%d0G_kqk%Lx~}!)sFY!F5vY7x8RysYPL6{<^jPa@}q=@G}=|FeX}c zcnYPl#JIa^-ixg_qV9p?JB&cs%?Cx&2G85gz9hjb^!3Xna%ci;XjX*PaHeF#ixycu zfKNPwu4UH`;rCn*OElzYZ5}YMbrP|H9z9J5<>tCM ziWv7R<7&4jJp83c*Jq*;hZ}**hh+^BW!h96b^7w1CQ$ zLckOd3RMuHE)eVip~wS?0vB-qR+|end1ob@XGo9>qxcKfD~R|rdjf0iz=b4#)AmQ& zD**UD=I?F6N&hn_%0Isss=NyLUU1#&-?aVty-<}^=LLpmSeSo)FI3IKd2Qj}wEg+L zP_;?tMK@<)oPT~Vl+#IR0^JojvfzRZ@W}p+l%F+#@;fLL71%|fRDeQJ0pkJqCU7w( zu$B|@GDwU-{ryjfDoBg7p#>#R&zReQy#}Y^&vd^a;#W{HNV_vRe+U(WOb36t6@+Q> z4E%KAg}-uV@C@?3EjZQtH*J41E;QL4IH);5ywGPDqVJ^#kfN&};A4Obba%k`J->(; z0J(@5XhH~V2lN0QF3`jIbOFIFfPOiHivZ4nI)HPa4&WT912_lj0M3CrfODV@;2fv} zfZz#$0wH(_(69q>P>??SbPGB#)%v~E5j6LlQyl^zREIz@=XY%b&S)rs{R5i;_+Jpz z;6J?qDssS+-7m0F5H%Do4DkhQ6hxh~!G#PE2)qWFIv|va7aBu@q98puYYTE{$mPzA z5HYOhRRO=!;i8zIW^Jf@e<73SKWPHC9JD5oVfn5JxWe@xH38fG+|xl0ckWD(%eFyX z1UnNX+N z?nn3L1Umzmp#Ln+z)l5rhI0`YMgSU23669yF*g@G2)+oJjlnbJMI|mufGXkwOMueh zEW-Xt2PkmLcO5u@tKS)i>8}iNQ3t5q$+;EJNz(thF-W}&;lT9WiV#2kM;k!-F}Md% z?7fik&VSb8$0-+xVFm>@cq}0l>HjPP${E3G0N?#x24uhYk6nRwNYLZ}-IYJ|sUN-a zf*OD3RnU+|-~__~S=zw!KWGtwR8aq;LBI>_g`tJA$JxC756%f*n$JXlW;zId5xnPz zTrv*&4PB9G=mEUOfF8~z zL#{Cf{Q{PJwn{*B{~6N@*+)QY4f#vRqIJGa0`3#OcmDj-@j_fd11WzwyK%5UPe)+e zoV`^Tgd_$Qh%y5q?jT-wR(9Z=@;iLk4?yAza-m`axZ&Y|kSK$^0<1s87-yJFpfRBF z!jQ2!(+Sk}oRgXZvPJ%VTc}t7w>=vl4#?;0@7qEJ0l4kiE|LTM6$T-bKHK*JKbkM< z42>5AwLRwz;DGQ3{Pw-j7kq=;f(I68D+n{e@7qF6#K5)yNC_pVEqLwteOst07~J;U zmm%BO-?s$~-%b_PM(5+qWq>fg`(V-bW|fy9G-Nn^YMX zq1WEm3IWh+s2DY9~h+xK$$*CTLV-Y4+*qTco9{X?Xb zPW%05ZL7YtjI(p7u!H7?R4aVnEcW@9KA6n!EC-W_wuFoHi0*lC3p4KM6=HCyrr539 zjpJgy#@lMEVJ`2_dvn)bc!itn+8f!Z!SV$Xx2RNZ6qAHiEYo)=9tfxbFjvRYOJw;k zJ??X8%;2@Pt$xg`!KeFxCufb?>GIJSX1Earo%)9fvUg||qTlY^jS#DYckPO}nUdND*(y$nW+nE| z)9`U5?qS0yF=#ytx}8Ps>R-UJT83)m|D!pW{H)H&_ znV!cYyxk?&$t!OUjZ`gTFvKj!^A3%chH{OIj3vn0?X*`Q$8wv8guQjkU(>egZ}5~2gC)-dsi70 zDSHEM;Uhjv->g&0mqo3p+TbA(ulG}?f1+1AyVY`wQp#d4dDZ*U7@Nh%tAh_jrYbKp z+J)NHUW-hdu1WP$s0Iks2hUxZZg;+1RZ1hi5iZcw&>#59Jwx=3QjVK;k_1J>75-Yw zvN*!>!anf`aZ)d$;LJ;?fpbw#{9Xd&?J!5KiKuHtQ~uLJ+S4*o)a~*W*@VgoE+2Mq z04a>yq7Ci$={-Gs`!-vB`XAv!XA2jfw`SRZe>m{d(IzDtT9%1&5Pdi%DB%$@zE*{d8e zKKx8wQ5T%Kdw7-X7zDH@Zco#ysFQMLS4fBb$PjC|T$g_;pA#Ay{%InG9LTI4 z&NCktfOb-I&$Gf!!^;rwz!j04z9_1VR^Wvu8-D;pf`K-vZ%nOG3vbIitgqyG!mSgm z<08}P9!Q1`yv@O4=nrMvPzlid?{mLG*LBC8>Rgght40%_HS!X~K^Jb5Mk|GB<920o zF`bAu-r{GE&qWl3I{0aQE83&%8jfAThKeQB!DbaoB@>=)2ANT3(;~6D#GVJN7+o@Vp zckYCBI3_Qr4|P5I^?og(q&(<~E4Nv^TzVmOW4!n{{()Kuq#8omU2 zqiPd1&_p-)yQjNd=YZoKxs@cW#E34W(G&lCzj)BsjG~~ATg8lTFEa4$%K+YIJoxzc zoyq_P-H3ARL%h4q(^YQgJ2%$HEs0=g}ssgq*#)5`RQEx zTwYXh4g>P*2f%tPp|pS_Sb%OA6^@$jN{>-=x~E@qb$M)v^9HY^k7!s*b5&HU(FWzl zL{C_3vC$OTVoEOdP7AT0u8xsvBBQzu?Utj24xQUj)tkxi$2TO}mDt7)1LtM{sksEJ z*@JDFB7NiXoKYtseU%?-(zbc8vvT#w^z-*zSj5b3MRAk0%ysSv-3S07%sAfE+T=-5!g+g*604ym$X{H2qR^Wvjt^iI<^ zxHp<;-R;?l7I}%P=qZum?y&@vy&|zo`qJfFNO!WS6X$hYcG<*`;4PisJPIHZMWu4f zOrdyw1AtcB8H2c8Gq&$5be$40ZYK}kddOcnS85am!C?jdVPils_UZsV&nb(rMns-6 zW$tm4?Q2rm_0=9DiU_$IHc_RB9L(5u*R9RojUaV(J9Nb~K3c(GD|dFTD597#YWd*C zp}FMgA;AM*tN~MuPaOJO{BywTTEfPqYg+HCU)ES7FFI!^r-*U9)wn~Kb~9$1G9jmv zeset|=k-jy@(ic4{ku#w<9HvwXwNP8>X0F3GxW$gX8sdbnm|$;cl4krniM~2LO`AV z>Ztjv>e`sx(rov427})Uvu8iqPP8RWN8%PHD!==fW$|$?GHd7x_jBae>}nh-Y9ahu z@}xWHV%zi?_17+G-@pt);NJtVyXN;%aqhE4CYGM0>iCxfIK)|Sm)j3|l%gta7BTu` z%_>YYBn*RD3MTs}1Vs&`X9BefBQ!W>)yPLSSy>daSnsZ?Gh8++Doo>=we?S!R2Gc2 z2wpUwFd)CbXBkZ-PheR)i@LYn;t<5HwE!E}WPqCI^_5coiJi-2zVf_^a9Y+O?;*ML z?ps@e(LT*;7dG{cnzj0bo2D84DC`Y^#r${+W7@;MxzZ1-HS5*!uNq7RVEfRp9rR42 zi)dxdv9QolJq)zn5LuhBAadWnHDBYuj6hhapTjG|FzX|x_+ke(uJD+$_kIH>L5I!+ zhi}(|9f>vmfZhB+BtGo$-ZI!KUz(-kvu2EOlaCN9&sJps&eO=w~m8pzu2M3|-t6st6yXAyQ349hT zpPxwM@%LfoE0dvBN?cibc^qOMXCM6WlY>aux^^ZKvKPxf*${b5pdUjpp)5xIyR6yk zdeqhiLW}!#iwq+LV(>E_Y;+H|F5hVCO;hY)lYJFeVK{aoMj<5p%=bbPd`}uh;IihCGBn?@)YJ?nu&%oX-3q0Rdn?uQgg%7xm7<>p zoV`W60_t^Bx^&mV{Jl3E-mwugMoMTznQ1%sW%_6ijOdsS9#_*S3Wah}qO)mh6abd% zTI;{OBUs_eF{X_zYPh0YyD6A6Ud4k`6chKk^NM1_XJL{K)Q7JdyoH{ElXqYRicYouzuWX7eobd`6hTT|(qAJOOFTtBJwI<69Etm2(5P+XVhL#3rUq`?v(C5_Ir{dX{ z)&JiQH+H}e)K8EPVCe5k&<8RI+Rg?hlL0_Zzkc^&3iTxq{;~z1n}GyCPCb7m;NpiV z)X^za|IR?#=TJY+A6d8l_`?+Hiyun-8O-rt6aNeIL7fSJdjA*I1?0Zuvs1+1m=Bt0 z0xST0mH;vzxWwd_0xp>E_k0llTK|6WUH^Mhhks4{&*uAqnE~(@F9Ithp$2tz^LY;C z;<3mN%nX3DD{Xl}xD#sj z`-_Hw_3T*g`zige{STT40Xzbb!+f9t&yMAOA>e`me@|ENuf^9d!uR)_1OJ-%UziUn zc)-0sUp!dP77vIuK+FMuW4<32k2CIJp!v=gk6#G5XukjM;sJf#@bBF3PYz9gVLqtf z0h*5kat$yr`XG0EpXICmK71j`f$#3iadwF>(0pf$2RPw%Q2@00APs)rTl|M+KS+mu z7XMT9{#)kb0Mj2s_a1zN4>I4`;sIGo|JM5;c^PN{;KT_?z}e#Q3jr6+2j%}z?(rWp zA5?TeiT_WT4=Qv(-gg$Fz}}xN9*~gzjrlGv9vl!xZIJoS7LQ*DxM)5o|A*?|f69E& z#hy^&|3l`3z7!d3KFCZD>^)@ZfaIYs#vXJ=2a=71^1d^+b)W#q((x++7t9B4@N;zi zU_LG&rRu+v(cu7B`TmE*|1|e;fJ=v=dw;%kKu9dl^7+3rA5?IF?SKB=0ilNdrGSg( zgYthU_xQnlfPXh5#sMx`{YU%#q5NMM5Gr^;{fAV91EUYZLwZ&j@f!m|U%d<#aQ@{1 z;UWE{fC~l$7o-2&!G9~he%`u3I`khB|Fij^OIX3ZKVLi`td{^tg~{*C2a0zn2R^GC z{HyNwR{}1Y@7IgR59VY4H@|y1pzn8va_@gj{4dN06+GX|Q@#_>v#~Hhb6<0S%VN*0 zb+Hr%SZxbgc7Y2GB!qt`80G+1(w?;i=KDF$tAaToRl%UV`(HwSD%%9!B>jDyK&{Wq zjXBQCjX5CY#{VP+6dh1XoEMRDK#EBJsWnu22e>>8s;ZZh7*cG`@xAi%FFQb&975g% zWkX;!mL_nG19l1g_dqT|a0$XM#9%L0o8~oF6uEfPXl9$KR*%*|<0X z&}sZORWmF6QIzAR<_B7tzJRVUhRwt3pz)q=ka_Fp?W1dg}*4_Cf@TiR={JUo<@G2KqjiTGl_KeZv3CY>|YSLUuVIHl_t*O{4k zpS!75uG4C3;G`ra^jk&ASOfea&ighC}Q_vzWU7Zf2#p&;UW$$%MDKTss^FaXm%J6RE z{ZLY#mST)5t(3WTRQ7_}m-l29S9#&O6t9>{TF!R`$b<;9FbxK@GT3yHng~m}t~1jo zFDHjw=>^n>65o`{p}InPjDs9G9D(YC4riMjl{MrjYm;@CoOWVJG%xpNFT5Zvim$gjvgUstkV3Zhdg}g zmWD_PWnQg!pwPU=E3}{+&c$jyhyykqC}gJk*L|5#6U>GRg{)|h;x2JRD;&Jy925IW+{1Qq@#qlUgQ(v?TvIJ>GwtDNO~fg z#P?b=2OoMGzp8vz(1E)FPl_ZUI#T}bDgqW)CY@0Pap^#*B5c&#IVl>999kOc5v{MX z*~UYnDn^a`hBe}&aY!29-gkZAEDRE_4ChScOsR1V#%<=A zEiGo_$5ArN$P?;|J~yrJ6DVb>KdNh&P4w-~uR4ynL)5E5cg?F0tC8w)phyjqTQgUl z?|?Q{SGVI9eW=8Q;iy+atK<9jlQK$^uNsdxq-qA5QVU++x9f+G3NslgXPUn&+=L|g z<+(w9PEa-<1;?N?62}f5-Ocfm_a{Z%5-D{bzscisB4!-F`{>rtjei9JU|yG+@yR*9 z%6*4(Q4P6hDu5{|G&u`a4c$gc`u$~}uD5R~<-AB8_$QmJsu4ygdW8Bff02wPV%K-7 zT%?h8TOU(J{YWTBu#aw&PbiE>)ORq6&&!lcGF_YW;E}D@C9~WBbPdDmE96p_(c4K2 z5!n(uqRWDOBif|GJlyl~SKD$Q@~-;37D^FQHkb@Ppk^0#(;;*Mk(D^c=}N1r#sSGn zJcAKDJv{7!r!B*Tl}i04^~O~%mnyQ1#jn!jGBw1WI*Bp|vG`0MYFU+wx2&c#!e>h^nYQCkU-~xdoUP5TX3{+BOI`fI-;=9r)A;b^@N@;5y&Bo9d;&&? zt9#G4O#(-p>+MQ&spWDnN2#&VdsO`!aPx7mDPjyY%Pyo0v;@a+$@{ifCx<(#Nk6TB zk*bRZkPI+u79F+HNw&;}_4gosV)dFQ0~Hzfw5R&Tx~jl*c&F3V&?EP(yfhX)xkW+# znmY?ZR!^!NEZkVTkmES?jm3*=m?rNj_o~2nh(0v)!*1UwCgfFD9b@2m6_JKFVtSWP z3(3G(@_z7!8~)f1JOwYEmFz2XBs1&!m3p^Tu430}Ml#bHt1ZDi9`e^UUH2!Fsl!b- zJgP@$=QxJb-_Xjkx8iM#Ru1T-j#7^j`mU-r3U*WD6k2tEd_$yJK5Nm3P+9OnyV>!z zWI;e#jMh}ZI*g||P3<-;VxTnU(y{;Y(NlZ^5wYHGVqQ@(x_Uh7P|c9aE|}|ytdA>e zYN^?X`*|kU>T1mF-Cs5kYIuAuXvAT_sB}^AsTikFp?PjxTuv8ciJ;4BS=#ZmwrB(2 zAmX}Xw`!i=Vy+uWGTt0{;Qagd)NMjXW7|yxbOBs5E@-L+GQ%Tc{X!$^r+#G8hL3lJ zoeK%znJ%#^P<7usU>lZ$E%mRj?Zp$IAH_Asrm0aEditqXhgw)>^kmKa`JG4hljwRq z0?n_NPG04)k~--;h{%$8iK86!;zLwJBBSI(?_P2uQ3=|*;Z{V9nUUD{wq{PJ#FXx- z=tM_PP9xb9u4v<~*Gfp;YFD<@k6Bh5^$IgDdOCckOUGS>5p|(7l~TLCI0>)9;<_RK z^~Ol2lj`gu%`F&HPYKP=AmP+vj!}K#L6YanRT+HOik`xo_m9D1>*3SZx~sv&OPy+4 zW(wHI?2VM)!F5&}dPCKH`W#k;%T@5pZC3J-KAipQv*v|WN`24v^~X|Zg|TC=J&(yJ ztdjL|-5BuX)v6DDzRkAxs7O&0yJ3U8pucs%=f(c4)4QOkuB_PJf)Ph0d`Xri>P`68 zMbcHIYcbi*taNeQZ*(MYG%uBV6zjW1>nV{M+`6e>w6@B6?N*1S5Z`jP^X|#z7`z zNk3^oq9w&Ke3pr)8Uc1K1ICz(VwsEX*jRiQb1sEL%Yg_!(wM>cK$f0SeM9A0#ztY9 zsV`yb!ZDs{?cE(Jboeiwc=%b=L~R($9sY(`eq(hJw_yj1-WprhM9$|mZp-YVoxHEWy76sD)pr@5~8DBwo_2RwZ~%%V_={yj(YW=x}*@|oa3L~q`S zRlx)+rQ8HL54E(%ILERm3&-zJMEU(`vdYceW&`%L;u3GQf1-V)QT})$rQG#ye8=mN z`B&|X6}5eCpP~h>qZ-03C3o?pq3zHvKNKbING3@m#1(%Z9QyXNd)KM1qFML+ZLfVK zp=^A7Gp^kS=Gknm$VGUa&tGyeYqzx|WNya}=N*KS%SNv~AJSrZBKLtTVU=Wa>;Ck; zhr#_lPX@{ifO0!Dx{?qPgFcb;ztJRYdb}SBpuTxa@UBb#8<$_VrilcYyNwQ=X zXP~{#$7k43tbcey5$LA%00G$~qLkxGT_L-KlI>oBMJ+nRM3`?_$vhcMUAT0Kzi)L_ zMm)_iHyRJGW;Gv*XX@9TY?6`@AKePPam%Qp*ITxZl})8ar8>{x$#D&QpJ0a6n=lqI z>!5Jn64ZLC@XR_xBW-5uzqcEpxEUx6X0Pg)1Ke8WdLV%vK|%Eh)x| zuc0T-dFAXrp|q!FewGZ7Kv)f6Y`(L4AQ_$2p>lFiYOH9QogIHiHEgo!%b@V-#)5lH zLI6SL&E_{s^F~7vN-r*pSlKM;D;84@Ejl`vjdG9D(0RUSBu&02+!51wpFL_Ly|a3cNWrKyY8SC|CDuhi_3IO> zjvVeW&FyD;66z?P)P)DpQeFV$TmAZO)}QtX7CGF*8lIW9ikgoXy_k5Zr?Fcdy}HU14Zue+QY5|1DGSkbFzZ1AtHf0QFz=bQY9 zqZ2PfB6CZh?g&2;)m^cxQC4<#m-B(qiiZ(a9E$~OMrgVtpT8Tm(D>Yg7q!mYEejs; zeZe#L)cr76d!G*w86qa7%ILimy;H39kqv=&9$|YyiAt3^a$w6IK5KS%E}ptBQ32Vr zb0<4yfs}NM<>WFutcu~Xxho4Mo-lpijC*$-YF#Zy%W&H9Mxs_8sUKg)? z6ghe3LYvYKmeF&rr8ae*&dg^znJxN?=>5J-E@sr<~1qLHP(Dy zxr~ZV&#e22v)51G^c7XaZCXYK`WFfh=dVWMjrpb!-AEkP0>M2#`zxe(FuJr}Xu9C8f7YR-`*=ByBWR+Z z*O%+*@j>T0e@=O*tRc#C7Nor1H`VLo7L$eS76Z6lhH?pJSe_(8(vS2Gdv8dq)vFQ( z%urz8e|nACJnF^xo&CTXO->d4&z2MO!Pa~v(_0!SxmJ(msP4=l7k5$IsyA8nu!(2y zV>SWQ&Q@j1u&*l&^cqhNYPG=M8Z{gRhYm+r8N#?4KHN$x*Dy$B zW_{VN8ux^^78vqqx~q50%GhOfT5%-fRE?cz^7F{{tvlewujGW!v8Itz9`(IY@2?%)lu(Zr41Xc zT;XBA%pj>{c-O+9%Mau8r>Tg)$cg_=4v?YJnc=Z%J71wTyeZn z1A&fEx`BdLg!IL9$w>vD`{Va4Sy=-;$+Uan6gDy{r?bP4w3ua+S5(y}-@Nr~)3Jz6 z@WXX&+v`Fxk#@WNEVNcuz}!zMQqJHppMGGvXec6UK9=AM238DcFnYe+Uv#-HX_oWEam`vTV*JtLW0_tt%zNX0 z1FcpRvUT+RSP8@o9L)FZOyS@n-==3gg~x6-Ld_I}d-87N%S+|HZaPe}yF6U$lvHS^^S*t*MnGWA%HO~9cx`T-Y0~px zaj^4!L-1;+p7YW1|3}-E$5XX^@uYcBAOYHU2s-*1|ckGFq-k=NWnV=uqC^L_n|U0jW)`33m~%$@A+>+3(+ z+h@9;yRq*qZ|dIwPyYaKA1|XB0dr>eVO$V|zDMF09XQa~Y3fXH1cp+%5T7nH&jt^< zDaqMBc6Wkn=d>m)ovMF&-nWO5FHE=}2WTZwB<8 z!=p4`fQN;5q0JTZu`pQT=w;LA%8+BL;iJm{D8VZH-cq2 z6@(0?f}r}MPbIiULFpV;E^xsaq{jdv!O1{mI2nixCj*heWFTCvGW8y`3VDS$ZUJZT zq=|Z<&#br_W1JJx+6OC9Q)vb$R_QZ(sxA8Tk9xo&fmeMwT4!DsS8N^Unv%ghI-qr! z$%lHNKP6Y|Oym$jz-zoz8}tl9Jp|NTskK3-zGXS7YFgZXMR;h8hPH3}P4{3_l#Y#nn7!%V4eXb4gd^y4SYl~(7L%*4~+v{i@a|&x_Q{7-$!7J8Wyi@d8&lTj3Q!s!CSM)LQ z-D?oGM7`l^ow4>Q@{W^0fZP$Nb({nO1m7#uIuoOcyyLHm(@=oi54am;uu3ykuVio{ z3{Zy_HHs5qfSO>+@cvJ%;^bH$K_G4&f7RMz;{Vc_e_|D<=aS;|TvD8#OA6C-aedW) zVihL{li~znQk)=63KN8Jwa&&WbKR6e0|cl!4n~k-J4g!cAdc3V`2fgjA%#W|Xce12 zQf&H2q3OfbDs#Q0G!Z6BL^CfAS&(95M~aOdsZz!cGlM`a&)CM1VjD+_6P`(-!NtWh z8=G=+#zv168$D8-a!m@YEUwm>*rXQ=Dh32+eURWuQGzE$37izUT4k)CAm9f^TuD$) z2e1>NK|j+NB60ovzgl(x>JN`Kn=sK>Z4}o-h-SnsOd=S`luZ}-9fo~xy~7& zp*pAItm`8m;qK)rM~pE6WQZ3j30|ZmIERM>=I{V}GrUYn@G>dEIYK0Op_br%M5o%^^>vk*O>IA>{1>5VsK?@Q0u{CtvD{rgL=$phyY{hi;Vb6&>_SJfWPo;>My z#XNuiN)L^#)){}^y_}iRuC*{>Oq%zX6|aJGRDYh?pp#y^mn>OY*mB>~UB_;I-1BnV z&;!4|2Jb$4-@dI%n?R34v9gXk`-)msdyH!wBy9WbfRT;mz=arN(d%Q{C8p;7a>JBecS4U8IT$9rYLokDTw&4^qZ?WwFbz;wMoo@#>zA*gs@3IU_O0^|0=mZDZm-(n`HrLW zCkOoX^RIj@`LHYC+o76>C11WCFfJPMYSr~68w@7z%hnmp-^^~HdZtF)~H_HBCQ6{DpoF}~?^+~DA~I}utlU+T_zKfIu&cHrQm%;Ig% zy(Dut{rd4Ies*yD+lR*6Ykv48ctzZFv^a3v(ctIxZY%YTDpe!Sl??wO>z6indyR02 zIe+)=i?O?p1s~UMy<}OJftPPRyfgXCZ+$Q43GG@w2`!D>^mN3hm13QkQeTlHD9QE;g7})N~$yQ=wC#dfdY8u~R>J zy#Ey2_pRE(vRRcL7d!`E(3sjjY32BVo5n@QYWI!O-{8D&jjO@5h>`*$?^K=hW6eWf zyqPx4t5?RBKVkjnty$3HcDEUg5R;RR$=B4%W>(lL{c^kCLNBug4ijEhSFW4Z#w$^Gk#lnO zPf@P}x)03sM}_w+)p0`_LjeV`dyQc2w zc?OMTZkERJ)WW~VPR)3o0-bo%_DzI*h%0-BUJvF-D;DtEX~RMY_djU}2o&E9&< zy&5`bOPF4ym2ao!DOU|$)y8W__77>%%Ky-_KNa7)xwqf5&hK0LMBDzyuU?WpcFgW@ zF4WOObM~4I?Nc@;s$1tQ7LEH{zSn<^w#}K4jlE=+R?(ev=b5IAeXemV_W0ITuaD(u zRz$WPv3s}PUbT&z`)+L3ynkE0h9O<`8%_?eJJlrX=gIJ+mIhIKa;=?Zt*3v!e~Xur z+|06}=}LhEu5Zy@`N^!kv@>os-SOgJ^Ic& zXJFr}XG^njJ(Dzh)f`*X?Cb9grIsq0s@S3}#$N}t{A>*wXPJ!Yrr zhF)I>+i9*oeOzPNFqhE{hRxflb*x{N&)?+}UItygCrgp4YRY1Zefg_2OHGfO=9>pr zZnd*IaPYou#KuMAwA*`+cQ(t-+A^U+MdMWJf}Tfr-fnJwu}{8DV0*nU#;;bk<*g5D z<=Otx3lD>xZ}&Wr{!*Fva?6Vs2d!gXo*5Q4(zI~FvUa8V{B-B7vnw^{CW%dQAY?qj5_n0>~hk1-l z4ZZ)$Wn7A^OZ2#~l{a66SwHEk?mfKJQ@y=?NAFi*cUO#lw_Fg>Hr${(#mR1j^%(s_ zwxfC^4K|n=6tel}I?L9(RdzY-y*YNF_i(SB1wP@gO})(aI1DWPv3b<`H(eu|_&Vk` z6$WWbJDDW9Ut6YPZ8W!UV9I{WR(qfEr(PHKcI($JG*o02nh?EUj(V>a^EDjDW_qsj zxnb7js(rRiM*EAZf8F3Ke`XZ)ciuTi;4`>$&^Pb3$ys_S`T>`pcgyXbw>+V$ zN4H)4xwzG*aocZpAHLG-`&ftX2R-hbUOy;Nc%!_N ze}JA*!{F|ETPKX1rfaFIvUPR0kt2T|^v!s&V^Uh+_v~|*_0MT^6%sk zhQulMdLwQ1hJWzX9p<;Mm3~&kxyu4CHuiKW(TnMxta{SVUH^WpWW*0y@)D<4#V7FTESHtGU-O-C_A_TEG7D!y_sEP0vazl`UBtdKsy{?Yrk| zqOWRK)7M-0Z%$3zB<*jh=J@iu=IxfFhw8r#E6m&EKh1Kt&pX+bRYL;rJ&pf0u>ZW3 z3)PO69BLk)l%dm3_U`Usqlv?c_g{M_n-v|iV$i9ROG+-EZ&BuZy`RfoM|}^I;cDIQ z{<=BUDq{DZnW5?+4MW2|Is1ApdzpK=k6G*`!!1+wGsfhqKR^8A!Lm!T)y-l9MvsYm z>9N(fq1nAgtqKoYZq<2^7v?g3i-BjVB*p&T&u#`L9+Cc%HU<8j+g!OjOfuv9#*>$; z!WxzCbZ>Hdid9L9<+z^ZYekGRjmv zXWBJfzG=xI)7x+g7orh3yltXwB~+BkqEBkE9htgS-NYZ?4vQyzThnH$!6HZ=AFFRnv`k-tD`n zYV-c>JEN$mtTvj%_sD|sa-XeJoxIWJqU*Jk>EB2A%@X}`j$1z7ve)NP!HZoVJ^GwJ z(QRi`r(_kE=k3!1=Y9H=7&lJ+ZQhS{4qZyMf)8F49q%5ICDgKz-rL_$miWx-(3vHM z;yK^_CcGS%y{@O4@9m!Iy;ODD=B(P7teTkd!|d1Vw0kD4!i%@=;nhn zD(Y?pJz{nF(K;n6&${QF(3`V+T3Wl_H})SKdt_Vpke_BPw}o|Dll67E+LfJKR;*t# zFZ_AgkVT_?t$GR`_;*aWKGwY3rtxv}`8kb-9nwgtZ1YAVVz*^<&g+fYx1W7*_>(nX zP3k^r>WdO{_ZOFs-pOw6@aOiau?Jfp-moxV+urCyshj57AkDGY7CrB*Rovy5*Fonw z<|=m&d|R3SWqA8_Z~gQ}ReK-x`|9tVGi-$2X~8@1v(5Pl1ua?+Hyi72q2b(l&#N!D zpMP@rGhgR-M>`X3p3aeqs%|m{l#^E6w%*7x(UHy^+3{`>J~}`}Ce#q3+r(u2}=;Ep7TD<5a@h1u9J%luc0!uJeeLnKJ<#K1tzGhw%^>aDEAH zkiY}eA#?q}-r0DJj>+J`#_)gKC|{n*L}N=g6C;pc75oeSOZf`mhTqw9T7a93ZzPie z7az!FV8jEiMG>EGWCFILVwungWVf7X>@t69K#;E|Rmgf4I-2$InH#{|XET#7(EQOJ z!~cdqo{7YW2i%5YiNJ_DN+SG8`9?yalKe4zHZ*^<6ZSvmPb4)GF!_@JSxbQ{OBwkw zygoF4v=8<_=1(X#;)BB+B0rJDNG4X2KZgH^;tw8%{m1;7m>3CwG=H@7`@i82;{(*hF#>)kEIyG? zVk8C^wUp65hKr5nj&@P~$K3G+fE`{fdw^S^lFEmjcwn-l*`rTA{#*8hGMNz{oYNBN z@l1?l5)k;Ig!q^#KWP5o|;OY8*EI$z_WC2b$ zi2TGnBXHoX9Dl6E1LZ~dZ}m?g0sJud6UvOlBIOoe+VzbN0I2Va(k}eB{PDr}1xI{D zet=&gPf7k*iw6v>_>aFYPXPE~@CW$iNtB!a=z{{L{QeJ%htNa__^UMzggjss3Y6rJ zwS2&Uk^feH0<@KZy*;OG5Y)0AoQYQi?x#+Qa<5 z|A+NMAeI=3z?mVIpFko8M!r(U6+DDu^7nt3p9MUTkpP5s5dQeU=octuzDVg%BE+AS zn*<)k8{2pX0PQfgo$ET6u~U&UbMVxEfX3&Ez)g0>0ooY1D7O>smOeZ@WvX6u;@j1N zlH$h0S}%MxP;bUE%|YhcXKaqVAG=@G>b;Mv@WWx_+~Q#;22D8h;A!LU)~i;%^n8;r z_uQ6@g+XVRoj*rIno)Ad{R`}q6NnT@l5%=sJ~eEZbaTlx*&B#XRfICftCK&%!sD`w@8 z!l%cEyc;}cL2HtAXU)uV4E3<`?Wkn5i20S$^OMAGrPxgRKt*sXfTil}XiLh~# zS8er%bRN%d_~+KOFXOj8Xt7@RP(f&G|*4_XfSNv^YEF(aO`pg&l$orGxp+B4bXq3+Qv-;%>W>XFB!r zoZWNySTEP`&;b<0&GV&Trnk8IJ9sV$(-KhK#vC@3kaZfunNn8A~Nwe{ua~nC8 z?eU-J7cpnU+9^j*7>o%BT{3CP(Ca7FPRu?K-R_L#YKuLE#Shn%P3S1m*YGe-{n70H zw+SDcM>|N5&C=d{p_%@MC8=Xu9JkWiU}*DgfOyfE9$7zrziqwjJB!^XB~4>H#Bf zpRs*--=R8tP}ri?@8Xu0nQBZw-#`7~=3xT!M~9pu-t_}FGbD?V5c_tdn9~fV)y=nZ0{rim;y>XXLPRdvN zJTOgDx1&|lgO?WZR~Y>oc;<=an2ma2S*P}R7Yr`l+hvFD-d6L@p4r*RVvBks!}4#{ z`RBv7uQ+!p{(#R9>!gVH<~2cawq~B{#Rh8v=l5AGygxa3=l1Z}{Nk}@R(7qDY}W*2 z#HnS)@s6B%eDm7O!S`G`Jsjek<2}g2r)lcKQNE{^WzL&)*y-)+PpidwPa;O2*7$Zi zXxXvk{G2NO@4T! zMG+C7Me$|5R>&&bk9wpZT|UKQ^Pt(IMoW^e{2aA^OrOC?LV?L^(I3Oa@V>+LzWCX1 z^@q37!TT-m2lub9?=^AIwzSSucdS`c;L`b8 zdW*6&O884bv7 z52h~uS>0;>e#w^s_D=1dOxztFtv!AGjq&$% zGtUa0mXy2aO$)Hx+P+FJ{8y|=!8U2aq*;BeoG-0Qer8g7d47fF(}QQjKQ!!qAZzma z)kdEJ@An@)aQ}y1BPR~YblTz@@~7g@{xppTO$s+P(ViG$SiP~pY{q^worRCmvYb<= z&9ADC{}3_#>7j$ZlD7@sY+jytJnF{hviUkDyDf%nZU6NBwY1eYZ+@NLEoPYM@;%GT z?7FoJ4N6MbGCg7OfUirgtoXa!J^R3_d=K;Iw*!lle7in5-+9`i8@2{V&K`Yvd-mMa z?fYdXtxwIaP+OmJ+9&z+-J_S@xx_l|l$_YRvnnqraM`psTCN>VXXK1r!n66d`P^XV zvty5}D!ZJhdp^l}`>i*BY_^-6xYv5P7k@>IKYIs^sd)EQ-7MSN?N7j>{@w?AeoAlA z{PUjjhHl|+gyAJ?$GW^XYPZAm>c|G~HyeC&_@;l#spY`79vye5zIf7ntSK*KY*}@{ z%r;eGm#BRwdt`bI>>P8>#3!M0vEHjAyLY9mJA82Ax=tbQgMW_jo0M5HF!irSNZ2!f z>m^0Y{dEdU{(4xp(B~VPdZ#!HEjM}nYoKYjyIqErs`mFkr*fg!y!jWazlO)Pv6sDV zvOcO*FtpG6y+Jzn_>YdPQ=8T*G(P6}*V6boO@Gety%Mpnyh(SJ_nkx1Q|~ojt{JHD zYV@STIUfpIFKF0e!I=5GvKn8z@j|BQ9pBP8SaV6c2A^Uk>#zUrk?^YVR`XV!Byk%z zyT_}w>196uVvlwv{dF5WPDyXFHF)RYt}C|RpPgoXp;OKLn;Ki!{2d!e({4h zR?P}~B`0qAzIShyIzK`+T-4CU?waPN$ZU7Lk~m?;>q+fCopO9Is7p@D4~s4jcl&9LX&y1b^>Ro3 z6Ai~-n)E>PoVvgIoi@BxUY1pYq62vbR}MU0sF}T>XZ&WZwiTm?JYPNZfNy!W|MO#6 zp1++cOAd|JKT&fa@~T0HkDYhLKm2<9aqO+488cFY+}hW?{`T|F=a&_aXH^vz-q$V{ zjlY!{u-!9%(+SCJ-s0b%*7sj}`p4@(WmEtBoq0ve_~HAtCu$Z~2^O7|W{p35cO7;GjvGV~xhS7}m{+Qvz0zXE(r25P(#-6~+jR)hQ>TQ`} zpo1U7V7K~y%uJF8eoU7gbFTNt4A%$vF${UE_s0xB1o$!9#?&)FW-dGG$IxM0-;WtP zbYP)U!>ylXxeo~AdF$m^?)#zZBK7eg|M{Q|U*B)#zaI1#)%RQZkN3~tGBdaVIs8iu z%v^0;Kb8A#|8AAx%He92@y)1^Njk@*1V)Qfm$%?1t)7rc82yPbOHtDaChMbShfKnd zQ3f@J zUe`?MN}>{YQ$SJI6vxe&GANA4xz@4WDe&u?r}3_6^a^(yl!g6aWm!_ ziW*_8Zfb?lU>IV~5IO=`-Q?_XGjBE4>*P`r)V-L?|O(8M=hslGKjBwi0c@%oTAAf zzUrY?7_*$3$&k3=Lcyuw^j!}kZ5a}F-NXuGX5KagN(Qlo)^vrQ6>!ZgNeieUw(6l~ zkC}OA&;f*<(^rpciwpewJ2S5a0%9a=>ian>Oh<}imeVjP0#@C`ir<-87Z!{e0jq9m zg)z%%m=sBy(pg2e*_RyPeI)XorAXLy6Dy8cPQ#=KRdo~BF=n|%Q;J|!H#K|A%sX@r zIuayp_<0pHjJ;|xugHP#jD%e`vBH??TVb^VL#V2oSaHmBMdMm(1gpBK6~;{cjL?E? z(bTniSRz?LJr%w)^LiQ(7!o!#TiF6r9J8E;Nf4^)Caz=5a&wpj!K!X*g)z%%m;_0? zZo5ix%yJ4QLBg(^SYgb}n_oa+2vv0xD~_2qVrst?f>qtr>@hR%Z-LwgNZNJVR0?Be z)^`QONZ54~D~?%C!^8+xbraVyW(vBsV@9y5n_6MaavCN^(yrU2Q5>_Jf{Br^>n2tl zvz&&B5vuAYu4Bw{Dkes-s+*cUX6B_P2OSZVc5OC!I4RV((_)6kf$t23T@SIsn3-{F zfEc2x9%98YGm8NMY6z=(s1?R6r(q%}ZFm)ydk&+osSyPeL1EWJtT<*l4HH3B)k9pz znB`PV1YuPVwZfR?G)#n~UAHNvpxd-3t9Hyt*mV;tjF}mt12hbx3f@3gl(vE$#w@x6 zs3ENCp=OVnS#Jl_$U@SlK7q4h&+PS?cAJqg3z4wvCRQA?oQ4Szs_G_I{Lajv4KQW| ztGcNb#!UUJmTe^My6qW-@63#L00Kk8uA5kK%yJqgM5wBpxQ;Q)&0#_WtGcOKW0uhl zKr&`nOihBElWensJ!Tnw&65zrLTdF9v&RfGY19%URKZD8p=Y*k!}J@q)Cg8}Q!9*F zPQzdcFA2PP&#BuoItqhy49j=bN31wzISqrg*Xkoy_|7nqNp05%R!Z4nGTQB3ON*pk zw>_iyo#hk^mW-0XoCOL3Qy4ST@eK+lAyn1Vv%+^~R)4|8zUu3m{hjIjHDt`NSP>4h zP|z^e90qgV)Dk0M*KG_bj#*B_V3nzQdsZAX1zplLEHPCdwZfR?Gz^x=k)Q(-?lH?P zlCV5ZeZ-1mmYc(1ZKL{#6?L1A%qC-og^lW?W{;Wao(Fy@xMILu7YgdBpxaD`JtzqT z7mRv{6~;{GaH{1RqN*NZ#W6EWqkyjA999pt!kFbW4EgC{q7Q{JE3z%8V6YI2q#oir z*p^c<9z;ex)Cz3NX&7>|!!#iZY%6{$ISoTz_IijF$1FF8@!0j-L#5glT$Wmkl{Rl>?1e@smXizq2*l< zFVIeE@3cZ5v45L|B4GgbO$w_nPm=%=;pvXHjOO&`gqV z)U$yf-7KZfN;b<-N19j2fqb+64ZIu7r5mPnUAcyt=LB@a&~YN)un*lR1p*}-rMP1V z0i6)ZH>%Ts*T9Hwm;#8B4O7x&HcYK2&c^Z$o1kW?IabMLsSnF+7H;n4o8>jop}D1| zUnQGmtnid<(IJR@vlb0}8~A|_H=Amlb|NX+I0Hd+<8We=Zyd;&ZkC$2m28$VY17TZ z$w0nYVS|297_{d}$%YvdIo&V>lYGN`npzw&t?CLYgQ%;}wZR8oK3I0#3QG2_N>#y#J-XR=@t9-!Eih z$f@eF2{}lz*KYkB5i)Ah zr#3g7e!E`}X?60=&->AR3|Bl89{7Ca*OVTX8oJ|!uUB1ZQ+nIeY;(x56Z3CvZL@9u z;H@7r7T;U@Ki?{}PrN@gPBd?E&WFiQx38L+Hu2+> z+y0{K;idVPR@nW%W?vXOHZa|A?e~#tpF=yJ>z6SuX>V9>^__OBXEtk@ZdBE$$C@xb z^$l7>0-ohhX?eEUTWj;fP1-JOnLXua;~10GVHR!Nr@x9ei3l61w{B)L-U%zq6`eY+ z%t*YkfN%d8U7ti z2EV(%ua(yCFG7pMVS~{oFtN$D)u*C5+m6~L(DdsvVd+bcQLp%#EnEJU?sXb15?hXQ z&(O8Diud#TsU=#UYBT3d%LnZRiALs;FBW$1KJM#YGu@q?vnr$AoGQO&t)AH`XIgr6 z;QgTmpC(>D8ul~9TOc3&do+E8HECjD#XnkP>z z+G?Cw+tJpw=b#J6-c>)gJZKO#LP*Ne{|;MJ4dYE`69XB!by=T$zG~ErA`xrMOtAo`5(4!o4n@F{0@Tk`>rlE zDc!ct`@Q$=2`e;m{|Fw2sjeB*)3o63l}>$~Bj2|*O~@%u(QEFfEm*(*YS6V^;l)2* z1n6t#A8Xlhuj{Tsnk&A!#~*g=yZzjEYKR4^{N}1O{bO5@)W^jt^7Dv`ySJR~wq}y8 z?vxQd2R;jW|KZp}dz)zLGsI{+{r+1|?<9PU?KHWKc!b4fRPMKNM*8 z5uY7*H7PHAN<(o;|Mrtjth!W(HQfBcG%vKe@K$@Xi7PIx>l~mr<>n#d&zeUHcdP!H zv5Zo;ZF#HKTisf7HZVQm+&kf_I|-^qdVXDlY$T>?TTZrKWMdcIMz}|%EUd-0k?Yo5 zHJaN~vZwpYH)jSvf41@b&O0YtcJxZjTfN>xFSC=uI<*-W7EbB;aq3l`SLV*1yd{~9 znosYq^Ps8MO`EXwg01;SG*&h}VA1r!$E!1EnH9|M68$qj^zFP)owmKR^9`ILzTCZf zdiv9<1Ea4djErAD_w2x5!3+B>?ssB%zsKU4L)8u((HnBx-Er*50=-yKpVT}(-SoyO zS@u&GJkD9?lFHM2sp`?D(&JW@{iw;44;hy=2|9MVdiL$~YmRRcis!Tl_T2nB?ukRj z?>T?I2WO=no_lQ|4IE+3_DP3T*OeDiA+YKNZ82hg2ZbH%$fhy7f{q&%z-U zkReS4{BC>!xbIw-?Z7+(r>XehhHlUs!P;`KK={xQBraP4Oau-t*Vze}CK4UDjqEil-745f0%MwX&I8M=4syAz zBs0kV=>sVcc!xBIdLrY%@(1t8I8ZiO>UU%u zD4#6#j*J6klm+jw{J|5E6-p{g{gsRZrIn@Lk#V5JveY{=4wPD!dWXj$K*?o6q%TUw zPd(vr2w*yXAThW( zP#py79Ug}O)nK6B;c*C16$a`Z=>t`Q0PpCd2bxn<3xaw_`al_(sduCgl#`iyNBTf{ zp{aMI50n`iyn~l3sBxgI)YKE{1LdWr-jO~~Zfxou=>uiQrrwc0P-brM4yER%p2+t= zMM|i5Sg!=oiAnK-GK5o4qz`z4K>wBW0S~UIckp&J{Y3ge$KN z)bGeQCpf3pXnGbg5fGdU2+jpCJdbLR;9Nj(E+9Au_tZ%%qz{5~0l~R|;9Nj(E`Y8> zst^3Ia4sM? z7Z99-3E+jYy*LyK91m{A6b0NXGkl4pN$7UI@;G1m{A6b0NXG5FT|>--zH`NN_HM@dfl>@q8sDI2RI}gKQPJ zUxITX!MTv&Tu5*(BsdomoC^ugg#_my_YQ8E;9N*>E+p%@klE+jY?5}XSO&V>Z$LV|N4!MTv&9Asm{BO*8#5}XSO&V>Z$LV|OU z6$#T4oC^ugg#_n9f^#9kImr4%XfXyw1m_}xbCCWW{Z2%1E+RM=5uA$%&P4?0B7$=f z!MTXwTtsj#A~+WjoQnv~MPxk}5uA$%&P4?0B7$=f!MTXw9ApE*;~+Q}5uA$%&P4?0 zB7$=f!MTXwTtsj#A~+WjoQnv~MFi&{sT$^h;9Nv-E+RM=5uA$%&P4?0B7$=f!MTXw zTtsj#A~*-x+i<@G=fJm&-w~XP2+lh=+Q5}WL~t%5 zI2RF|iwMp|1m_}xa}mM0h~QjAa4sS^2WbFtZv^Kef^!kUxrpFgL~t%5I2RF|gEWG; zJ%V!)!MTX6=VF3$F~PZ*;9N{_E+#k^6P$|)&cy`hVuEuq!MT{=Tug8dvdkg=sQhVA z&SHXdF~PZ*;9N{_E+#k^6P$|)&cy`hVuEuq!MT{=Tug8-CO8)poQnz0#RTVKf^#v! zxtQQwOmHqHI2RL~iwVxf1m|Lcb1}iWnBZJYa4se|7ZaR|3C_g?=VF3$F~K=VC5fd= za4se|7ZaR|3C_g?=O7asrX@HR6P$|)&cy`hVuEuq!MT{=Tug8-CO8)poQnz0#RTVK zf^#v!xtQQwOmHqHI2RL~gT$_wdxCQ@!MT{=Tug8-CO8)poQnz0#RTVKf^#v!IY?=X zdm}gpsc*?UJePF=vKtR94_`sE|sNZ3H;M!KyJMujU&LsrrxS|vI9l<%S=|sIFeGr`E zvQE@rF$QsAC+Z!xuW)H6@Q&ad7k8rGk?%opj_W&7ep3p*MEw=_fr~uxOi-04 zAQza*j?y8Rrw%^haYzZyr3B|vf^#XsIZCiewL)+%B{-K7oJ$GLr3B|vf^#Xsxs>2s zN^p)cKvR7XoJ$GLr3B|FQ#t)RG7f@sTpNvQ1%D5ifPx-5S^+aLY(Rz#H5$S_Z%y+%i%Q@CLVxOg-=hw~P!u z8E|*es|a|&az?X1c!TAPY&`G=%Nfo5;0=~DvhTnfEN5ihfvYgMWn|ldH@Iaq5WK-HBMgE!sAZJ)Ne5J3MlFMr7N{-2xr`r>)`9dU z_zluJupHnwNb7hQgCL0u`V+<=$fbkd;Fd84L2@GeC)_f|AP-{@)OQ#u%hh;ZxR?jE6A@P7To;j6oj8AV{^1|AeK1G04LhyTbF$Vg=7^KQk zz_DWt@-PN@7=t{FK_12+4`YyrF-Vo$fbC!m@-PN@7=t{FK_12+4`YyrG04Lh1V`?u zL5x9^O${)QG04LhyRKV~~e2$io=qVGQyx26-5RJd8me#vl)4 zkcTmdlEVQGF$Q@UgH*%_ln=%r6|aKcAl=~Ob&v{5q5s6k802FN^6@&z#~7pvVW1x) z45EZ~I-tTlZW&{ck1h}`FI`V zV+`^!2Kjg$57l7Yjea0BX!38ot#vl$Y z0B_KYgaZq}8_YAtAj&`qz878xaZG^>hZKMZ#4`>k0B=ysIGg~yK`rB80`LaO8HWpo=}+$!N?%`77n~qSZ5>hkwH|` zifvHQMRYU{lr*qTAXwyBb1{~0iux_t08u1R&eRkA30cH0pokPR42)JlIeKUoQ1tXS z50o3O~G9B485d3KAO`(|Io1FqNhHxT>nIVaGBtuXQ(3GKiS5k#fgiat$)NBh}JzW zdJ6JP{)wv*Eva1eZ2dzM1&|+Ht-0vg`iJHqKo1Rpf6{|(I0Y9b|HL_iYz!`Xw*H}+ zlj@&a|3Lq2{UeSgWEpYw&(=TUwn9c17d>15&{6{UhxQy7Jxl+1#N~!eMJ{@l{$a}( z?D3%K%SF%9KWtP}^xX3w^2ac~KepEaJv0`$`e*4Mj~uF?y#NP2ZS~6akLNG6&ETSE z=^x&}0REx%#6{22KOS*IqsiA92|tcK`=HJ>4?L zPY!;Nr-6%}t$)Pb%!4Zl7d>15kXZ=E&$J7XUB?cE2EIwQ{vnH#qE|+L=zSk^{KOH@ zgDVLa|7`suZhjtINx10Q^B>v<1ODMk!bQ*4KXOC?T=0}8anZB%4}0x^vkh)nxae8> zXF?8gkw=h&p58$-o~?f*?88Kf{RcQ6VA+2r@ zD0)h?T=O68A7g$$3a1EYz{4qO+x&x?{nR;kTiAhb*mms-2bUJf!E~j|l#Fb_kP{Rd;i&{?Y01?eF zMNR#IbKG)D2Z(4*r>K=t8QQL7j2k-@(d{=b&gCXN@SSLeLEq3@$we)vZh(kpn4(r@ zv7;?&2IttnDuas#N8j|!%%H~JVwn<-DsZMLH_^#t_$WxGgqsRb%T04YKe4tz|27xr zEM3Ena~WJLxTsmWhCT8!B^*qEbC#~*<2D&wD7gBTo8CYW1J)KLoI{{*magH$37A}q z3njF6FupfF^#G1zB``*-6q6dyOmKnV7&q3yb26}1QHEMx*MLKtBGLg7F7&#sZuT> zdJ$nzqi?)ENR?V2XiaBQBWpsc)cPQQgaJ6GhYK(Z z4{ABS7>y}L-}nSr3QvH!sO4um6m$prR^sph#p5vh#+<`V1XthkGaU{a1br*BaiHfW zM&I~wT?&^OuD)3_9X_l_k&Rr`teFlU{=-6ITqvREWG3fWYDzh*=!u+3jb|n$jypi) z6ZLBbH4b(_5u*PdH}EO3sPXKejH?Tr2(YLzO5m1v(K^)0`K;&5n? zokNK^6$ZuC_AS8?2`Ijrqi@=K$)rY>D~j0WqL$Y+90U%wShUh{QOoNZ4l4)LG*r2$ z<#i1Qssn1Jq$aOxI0zo3Hc`Ur0i_G&FowhG0W~c?F3#n34F~E2YGp7+&n1j6hC^de z%5-w_%uHj%UbUTHMnx$(v02AGJ;i8t`nc^!n zz#BrFeO%NmUBgx`x|72}Eq~+yx}=pv2RtZ)G1|CcXbTRWLj@7I`ew~**b9PgB5_f( zbPWghp}S37)GS@Y!Gh?v6c;s1*RT&oqKu6U!;TqJ!!|Oy(Z$s_OV_ZCEK$ZrhUc)1 zzH!v0L>U_yMnyBJX(a*LqKpTICx5&Ei0Fx!qE=>Rl0RGkL}*8aZryQ6jg~QkbL_uC z_xQM|S-OU!VA0J$E^3yp;iy`4*N}^vrE4gr2zWb{k{WAX!%@HJJ|tJ)EM3D9jOd0X z7d2~M!`F1s?M*If*1U$pozZ0={A@LpMyhs99?$4#!4!R=KEI^BN8*2x~a=W&C)d#{{&p(G*r2$S-J)dYk+TPsB=-v>zWvQ`_TPl zE^2vQ!&jbVVr9;LV4O|u?0~OR18QY3#yUyB7qkJjG8Q)LBmrOf2Gq(}*sPNTeA!%v z@0x=LG)Lo`=HLw_Y2Zgi_slsY%Q|hqSKI-$QlpdCM|^1>P%AY$d40s!@MY*0J{RZm z`iL*~18V9IT)R!$`ef(?K3zgN1GxHT=_9s;Q9c4LYWcYjr#Ju!2HZ!yZ@!9~r|HEao^{2(0Etg{82azutQ zj&M=Sud_Ib37}SHyvvdugWTNacT+}RGLoqI3+)7D}rEAzzjWXbH_07^X?5RdMbvUS5XA3xC4@hOL z%*@0(TfixR0JSpf7`>D;W+rS2qntuqoU?Qd-wi@pinyp*x`yu>p}a?2)GS@Ycb8Bm zB`#`~uHm~-C^r)qHA~m9ry6B@;-Y5h8unD9{83!gEM3EvFv?B!Z)zB?&-mWh5=Pms zxTxjlHJnOIhB9e!QOoZiMA+Aia&vJ}%j+6W_a#HwzPPC6bqyyF1Jp`j4Bm0Al^RY- z2B?+57`&swpvGtJD90HW=kmIS)27K#)-*0^d0oTF*#I>?ZXNJI;RsmGC^H*Zd-B?c z6Tks#Wh5bg5kiJj$^mL6tY&y;m?1~(KStT=I5?+o>M*IX0AO$y7d1=!u+@w*>TyxC zv=7Da0s$zoHo-ee49@Y@S(NpUt8e+44kr?np*(_I)GY18*XvPcLN02S_F?Zc%5}&^ z&C)gOeMZ?6IjC8u4LBjA4CQ0wqGru>*!zq!JaSR9W;$#&qwJAf)GS@YRx`>+$wkf5 zHEcDDl!>u`H{%()hGQ&5%EVZ}>-0=&JhvzlrVZ~RGN~y!P&1Pfmqcao;y#m_h89Jw z%*;glO&QeK`;2mra>$%@+JMuU%1|~_E^3yp;rKt1GTvvHjDX2GmYOo&XTJQ^2EZ^q z5d*0yV>QFH2aLY4)r|7Pa*bQwg2O3iWhmn;7d2~M!|@#`hbpe_??9P*Ir?UuHsEByAjFm$5{C~3W}0C3jaNZs;yd7NYbG@f zEii6n;yYkY3nn$zHDxYA!9*AgYHT&5?8;nHW9b@>??CyQxu{vXhT}U>252s7magIW z4wO@xi&|dSgy`}Bh^gT9rS&sp~tZ~}2at&G&@(_#ka*t3i>l5=q`uWLBnIVhn@FNa*z^16l- zr~_(cW+v9X1)P!{P%C3;(s8JaapU+7l;fR?b9s9Wr;P`3{L0KstkVXZh#pWYBQ@4( z15RxZsFjf#>$CwU%LmlTNR4%pfYa}TQofWxxKKh{)C`&9R5>W0KZnfeXb>hfn$J;% z04{2lu3@h>sy@I)EkCc}f(BsR%3zFjZ$XH?+NeSTSKlmM!(MGvbAf}Jb&?>&_BpEJ zz(p-@ui?TF;G&5#GZX710hgKp)XGSWb&`OKSIAK93NFs&_Xa|Aj}lNTGoRByWat{s zQHAPjaP`g7HGIPcRqWuRX6YKfVS}oHa8a|?Q0&!4^+mX-S-OV3+Nfd)2Q}*?0T)4$ zp&BS$)GS@Y_PJ0g`fJ?T3OHGtOxMn8SEd^Wz22d-bEv#D#xU3AIrl%;bakJJ? z9N&TJ)NoO=bPap8QRN#hYL>2HuQsZs!$r-~H5}g|RLa6;-BQ4%e`G?XENs?E0xl*5 zsFhjASSJa%Jdq4lC*l}4>m&geJOb3ptp0S?P{!PXz1paP5?9}>c@2BDQB5W;YL>3y z_zqO%iHllZ*Kpw|aP?1_)t~l(*Nz*Pq5{-PNljkYaB(X@t&GjYx}|^%X8~#@)-jl% zj=?$hYNJYA|CSoeYR9CehpQt)wY|8g<@W}-To|BMVrGK*^O$|3eF>^R#?`mHuHlkq zpl_w5Ca-G(oF^33NaO08rEB=k8mhX+MJ+$C;X-aQfiiI;Fp(fbYS6F-Urd?!YnXkI zNli~k6tyx^W1Slaum@bAjD-#J95VXG7B;Gk$00S=xdAS=CquRNxTq=JV)jiB7mQn( z#7Qs>Ba@mo5h-dV=5v_4kwJ}b848q%zlI4Pnbb72K;O_%=NdOl*RU5_0IgiA8LR;~ zxLSa%a8xsqs|VKHhdtE-Wjxg|XC-5F*rvnPCc*7#JYF11EWkD=t~4nVz|dqc7;Mbq zGLztq68lb=Fq6pzmI(}f;E(`q6EUc<_Z3y!Hw9CDf>fanpg42A zjWF_af;Je_svdjs zmcU5qQTCAc{&XtHqRwjv^Cq z1_n&Xx5Ln2O0v*Lz)%IBtVvDBkCYVPiQ12ur zwW1O0fSkV6WWx|~J?${`mlh56<((O#p-QVO(+*?mRpdto@`@?T5JP#{vf)t`(3N3^ zp}w^MkP4K8G_4&-V{55-CSoHc=LFjGgc`8%o*m%nXKXXuJ;2k-bJ|=FPh&?A0?A)^PpGoBGj>(l<`XoUu%E;*Ji- zNB)REZC+9^Dlf(9d5={^yURCO9rDNt^y^vS7t~R$v_>j;c6RHeMD1;kxobPTI(zoU z9gpYEm*VxDXHJbbSoP}XjlBZ?-|DwFUYogmF1!CM;i1Q;hs)H53SV6wJ3Q@nlk*kP zxl;~*zZE-SNyl~XI~(YJlL_zlx;wh2rCG|~1e3DAH9eOXjQPZOUb;FYJ>c?`QKlPG z{z@MitM$JBdIbOKt6eDu1Nm-OY=`e}5jCW;g?5|w+Y{Thik#AFOz0RNo9i8S_IKJ` zY$ExaHP6yiy=X&^F1*n(KfeZVPu}O4fA;CDoWRWdPXoLLblqz)YfIO8)3zNLzVY^v zoaiwIA2!%05BQ#T=vGnIKJ|qBCF9(uZZsKqJauT8txM}rbOGs$c1_XCWJls!^_zDP-~IZ-RjxN2MhHc?%$po^I+-& zr_uM0tIk$)++IC6XPQCPXRX-4;8vR1yBy6pEc-t zjl+`b$9|^{9yPwSI=1DhtDYy^&l?ByNm=@3f~nKVt{Zk8x4oZt(fQn?n8Ib#+E<+G zq_LlG_-a?l$(1gLoKx?0o0YNNUiNYN8S6Mtjp%t#Yc7?4d~o91i;4lgy{?{LYP$8L z`rD`PwVyBZOuil(Jbll)QzO$p#T*+oK7F9^wviJyx5^CObS6{#h0}%Y7edCh>e6(+ zTej(;EuygMtR;JVUuwP?wRBX(0e*2+>;5jEEG=HF(lSll-u#f0gU=by9z%!t3pxng zb$^TvullrR)`Uav7IuHOWbT3ni4y<2pQ_I!W;NF!_7~JLSrWd;_ zd%dc8;W|5@jZM!vQ-2RTa3run`PxyrKR&ge{w;3x-1Tc)hF|?L{l}S2-CK7)Hqo!u z#bl#YlXXK3{gYLmrtO?Ev0*(EN!M6Y=+(_Ux&P4eA!y?AA+mD}%um!JIY z5<2?C=sANWvBD$L_c^Ukg>^ZYwfJpA+o=xSr5AdC%8K*T?Yv;pMw<@8ln+hfFFJZy zm#p*-v&^1y`|+K2UHBs`Z?CYKvhu0pPWSO=L%uy;cBJ0~-!4uc0`IjlDNG)HJYq%0 zkVswaqIub-dmeqB*3aN$IIdyYJ^Hxz zo7cC!*PjW0P-)e@FwCmQj`UyK? zGz;f>^ie+cGLFPQg8MCG~i)cvS-!I;CV{}`19wbpIA`6rQCnk>X;pK?GH-z z;QG2We(tY13u_>}+f>RanbsC7Nn#|v9|8B#$`ggV-g=j0!%%k-?&dU=q$ zg6$@x4+`+4M@=n45yQ7q2e}*@%y^OdH>se4o>+d9>NfX@SaaF)KZdJYy+7FKc&`7# z#-|(3d$Ovv;a&HJ-=iC?*k~}ZNx|)b9cF!hZyOV9B{@25T$+p5qP%eRpfv3}#cu=7 zojki`LjP-DN_SN*{Jti!)6kAHmv3lyMekI{*HsH1dVIZCvh@2ri%DlXo)5MU4*A|Y z*@~}oy}_2rRZ9mM+;%xM9<4ZH<)vVIVE&cA< zyGXNY%G>nlp{o*0w1d6=_z(3IzgQOB zE$=ldv${9JRyS^bWO?$Qi%EBGPM+J@(=y}vzUGlJ*Ni)eF5VyUK{B(Uqu%Em){$K% z+~}-UDaek#mv7>Fy6fxS3A+0=dggALQF1tb@5(0QQo{aRU*=vtBYJbxKF<>UL5&J~ zyzP2xylYmFfvlZ0{ZM7ai?helEN+cS9{eJ4^P2N5J{F{y_erRk}x?R1M z_9$pu)ui)B`agdgmzA42L*x0G-^H6YX_;C)`O^PbaGUX_9Xs!OwdaGL;pnDGysWC5 zyW)PXIGcPnxyGpP#)SFqk*E6|xL6c;u3&sat>t^Zhi*2G?PKV$aL|RP9g~b_51g_6 z(X7cUKRtT!BX3tL*Ba^NJ8ixn(2uxZzPKvyP4Vs}&Pz38TlZVoD=tK9W|)~_@%3S+ z`b;X?9kk@|Z%_WS!49$%JBE;8M9Z9=<|K7}va zjqT)m_+*!}HyvvVdUdu7=o=h9=jO4R2~oN0+E=#`W(?mxJylpUuF2qGI}T@$FKDg) zt8!nznSo(Ev$L*KUi>ynZM1jP-}9;a!iMggzriJSasTtW9*&!{ck_Dpb=%Y?<rU!Fo0Ejw>7U#+yDa?{-Lc=;M%XCp+40A9(+cr1

    hkM*P3H$%pWB~m{cgv+6>i-w^u7DT;I8x5(QU@3IPB}P^Yff75hL{Z^Lmdv9^cfn zY|!ps@A)##zN>b<%Xsm~#QAd58@zq#YaaP6k19$i95&8%QNOi;+T)`7IazEr%&Yb& z? zl&41}In7obZ;>?ox$1~7YO4xg4O?VB^!>-GWp***Mdn3Qe*OKqcxh7L(*6^QQpcVs zPqUPyfAMQAY&QlOd0bi-M1;^tAIXSG75& z`|IL0)yiY{Pe-8J!qALb3y*&Pt4k}^JKNoc^1*Vpt$T2+UXe!btW_)U@Z z*5U0ore^2b&EC<>WvheJ$P_!Th#wlpw$1wJ@O--enl1bvVb>i_W&g&Jy_GF{kL*2@ zjBH6p_RfwFvW4uuMOHEb7g4~vzB5C>YzNW_(2RiR8Au)hAOWX0 zZ2z%f(BKuAU?ADV?|gTf^#sm{BR7Z$Lo)*o2a-$x;aptOfeL(J!hs|dK;M8a>7W?_ z2Ls6_0AK)DbfB>^Fu_1_3UJ?muIQkd0fz(0g@JG`C_bpq02UlzeIR7qoZrnsGXe$% zILjC^h)?Sm{<~HK6;;6m1IdR^In71foO66=X29XV2;&Qm4{D--i3T!?0bz5_@Szz2 z#{wgU|1f+|y%-lz9~#bQNxD&Fy3x zPKzcgk<9D$XSiz`&Y^MUBiFi#d57h0L zU<&PJL-t#fbk4SIQg>1(7hj(x{=rvALernucKd}qRTDeKCx zAeIAm^94^roU&kI@9LnHfF85k%6C!~S&C#Vp18%zeC}i_L{gaR#ir_wthr^DVWNS- zgF=;-cCc`3$3}BZ-~)?|K-Nh8v2~(<&-Ph0(3%z9krORgEcpb$(iy905FE%^7_Yzv;)Z^KBXFhnx7Ar*tK`-Bv`Tt(LV; zD!I;ID{${qu4Q}45|hjo`&`$r%J2>*z5E!qVonn^hVZ&~9=h9h)IKyPfB4-{IME}0 zZO{!raPbMoup@rB;mybt$FREw*5erROP%xbRAp3D$Am>3QHO?p+<3}Jh3dQJ;t1BB zzMqV6t*LGqMYnvE9PGmpNs60Q}Oac&$qdMUc>(Hj9L372Ju zUBThgoYs*5FESPOl(UgdnFo#9oI zVv#OpBKKewcbj({#kfw+^`2ySP-cgj%S_>HqfirLV;P@nnb9;E-}Dn5xq*AnM=eX$ zh6z9Wzewyi#Wh96vHw|#`!yKlS^phDQ^l?6wMjK1BkCswv_0x35&`5^!cwF+NUwZp zzE|aGGEFgyY8};KxiPw0?azz(%8+%Cl#gGL)H|gHQybUFC$dB!mC}VlilUE5exQ!W zW4v8cZhU3$`|uc!0ZMAuO;n4dS6@3;;iEoZ`Rs_*hwD*gcAv<)zUhj(*>YO-O%fz0rL)C^+X zP>q0tflTi}Fn?J0`4VxMU?7t`xNpvQH&in~IJ{^1`yY?$f_I-UH-`ZSR80>w1oX`r z>xOCs91J8s1^DLl=oz#j{J)j!Fu?%wJ&3sg;|9dL&o{S&n*oOdNl<}s{_yVeRq)_; zz^WKQT@L^74TyC^H3AL>MiBpD-RJx1VPb)dVX&|P@ouPQz|p{n;{SLz_Zjs&zs`Zm z=|HU~|8UG1>xOCr3<I2IW3`ycP-26a-v z!~z+;z@O6ZOD?E3z>&ZRT>$F_EowW%0vd?{S+fXgYx?gA{eJcGasN44=Z5xia2SA~ zg~7W|2Z{lC_hh2&Z{F?Gbg1cYZB+Xj-F5^%GlHIP_44`AIyE-3KzJR#<)9nI==#UV zFQGT-D;4*1E5hMQZjyJ2P-J+Jr1ugDlr4|=iF%8ZMsA45Vo0ME`*C&!BTBN%E+nd) zo~?KP=$?|m`2MAR?}(n{h%YnXGQ3>Q4eln2qm#Hv?2cTLJkt{|P8Nj*TxJXRm-T}t z3rz=<%)c0}7koY?-V3@-rZvgN6!^W@H{^Mg-$(j~&Ia6$&bbP=HfOfK4fj3lM#XfU z4xHeXbv)+YDcURYd_(2phCA@ZWGk9++U)dr=>Ftt8PJ42pT}$RGEC@BA*aP!^uq}SYIXA6_lon< z6Nbn_JC!_dr%!q@2yMoRV`=2ZUt&d}tz(vDF9b>E%f?T(HVJ(sTzfm6)+OhmhIDV& z$)P9t;iqnbZ*Mitxj%C?=`OPFk03j&&TA^jy{X*fw8)R0c@&zBw}^U=x_lTSr7a8=E&w?wQ7wT}yjUy!MuVy2J7XcXN1&o-=kje-?iF z%k`GXBqCO|sZdJ1k}G{;dw9&B(fg*o5UHE^Bb!J1+#YLS>o<(HFDzB53{B)yc^-d% z;nWaOAmr>k&cZ^8ADP6g5wI{82;U&Lk4NLKz_)0>< z7|FW8_}F{LO`p~tRBYX#Y$8#{ssO)G}Q16zh;QM{*~mt0(4^}ym<5}9Pw$YfVf zBD&qO?4lkYSw&9xYyFc#wVtr7(YFaCS_(9U^vwKi?jZwKgrtM|1_e0gZih1#hZV`G zo1T^&N&6DwqQ3-oW=#$^DJK>0=?2D&c3&}yY|^Q8zquJv6_Pqob?~xJca1j5IczJ? zMeDg(UeS{4Q{|5;mwiSx&1_YsVg|J=Y%3_WUX57^sX>Ywt$RVt*7AYg*pB|G zr$)iok@*j#ueVbi%GJZ}mX_vt?HE+JQympcz$bh}G2O7BXYlWuUgsMtMZJ5qL=t5< zQL8pki$ck!4ogJNm{o#sy_J{)&12kZHrYdf$1zmDqEmoDAd*JFMqYrv>SIH$GvPEA zZzmCd0uQZwltPOpyk}SM$0*jhF59?0YP8H87X|M`+m}93>*e2LgQ99Vu=y&{Cf6IN zCzs&$jTePVzqVDQ@C|s&h>)fyO4_}x>ON|K|LFT7c8ex(tKLv)pqhHFEoX7DWav{` z%RSmllUe5P_yjd>L`dld8dc9ZVzTC4rkKGG^ry#PA(9)U`Z4x|RNIq!Q8@*xqEAY6 z{^px6ZIXSt_J*`=@I{XkSDrsq67*THZ7zL;Yxw|utGRWJeT9Piq>%>U`W?CJ3+c{j z_kWeo4WJWqi8DB~Kb9R8U?46O_P?PRYvg|;v%|FR`-vLD;PcsbMg2ep_#; zeE5=^@!GUGxM%?!y8x0&raW)J8fk!tb z-ziP>4Upc{Rt&er!z$k+4gRj)n~rJHjQA#^>{}Y;y+zSf4m_~-yjUFi%hhBoS!(n9yd8E z#qP%$&9H!S4aZw>y=RA;W#vK9Y?1#jBw{#mE_r2W8in_)YURJg_HT^>nhgRoLqbv^ zV75NH8Q_Ly1Uyeda(MvLyto|Cd9L*RWx|ERCxJte5%jYNQNbs=>?BX3}RslOVMfF3^UpWudO1nm0&JCPve z#UG&qnr{gc3SOivsjs-G+0e<=Kf`J>Oivsjs+09kWUC8bwJJ3AT+O+nlcz9SCX|e&%qpVTb#!c~t5J>nDo^l^-kjDB z&I#>^0pd%y69vIni+eFdE+NOy?_*c9_9DF!$L%=(_es z6I-?;Zi&lYeBuoOgm4r7F?Ninzp5tsobEQ4uHC~-&|xI)>9*|FFrni}2ydB;ik7|e zCbyX4xqGPWC#<}vZ$-uqjsc-DviEkMZeqVEC)Gtw`(;b3%Smp#Ur5WwYu~<4LBn>Z zgt6`Lrj|oPxRI{R+sbVFeNF62!(zOzc$_ogNN{e?HLPdUZt~Q~&X=s)n$$JX#>Dz4 zjFWBm^;!MA^rG+`QO)4}TdE8U@SReQWLv_TaaAbK7URmq5c=b6q{YW){OFNW2^RF< zZakE)YY4NYf99VRy)0~@%RbTfJeclb#64kn0WD9adK29DOi#4mz$IKW4Ji;@ z6@77t?;d5vx~|utx|r*Otq=G7ux)xoy{Mq&o4^=ir1vpza&pIhZvkb$gWpDY35LFv z*T)py1Z%wx+w}+LcZ_H*J!}zmzb`)HKZF^2x&8UvCzVtU-|&1kYxv!`5RbKFK2^*N zQ(6o|BYp!aRDSjqTt4;)A zT-%;8g4xGm*#z0?#uBe(7i`HdS6+>&xardC@c8G9G(-AaZ|NeVe-yT|n~3`pJCQAI z7Pn(sk%@huufLubd35<`0uNY>Nv8=b0{9~23{^jSgN z7@wlCunBz1*gPK{VP~%wO|fxZhmN-4;S*Ed`K5AYqu4cZd*&)_f+#Gw;d08FqwTh` zltVYl$3>IIE*^?19WLZm1`9#$pA}8)zhSFKOjqlYlmTU62d$!uQw0da}g?2pZ zmwh`taM_$`rgkiaiWSFY4#C$jBEo{i8pVH9ujS*b%jxpN<`kwVEX)DZnXK^-QQ}$B z-^)A=l3t*u%r`^NknSSur~LB#pgFY7ocp10#uL@q(ogaI#+tPCHO!w8Epyr%;6IgZ zh}HXFp?a#AN0vz0+_ikK`;vr^Z*Dd-?}n2s-#Y2q4W8U07fTr(QC?o0{U3>(<9!-{OWfpqE>1ePh&A-zG z;wC>pyw`6s+0eO8rdE(GzByE<$bngp@5$cS*Ki_gGeDQy?wU(|d%h$-P|6ODSc&@S82quN{e~RSzNyi@ji70{%}&-R#~U){(5p)vsA9rDY&9`GUw>#Q z_r7rRA=2CMM@k%D@-p0)lvXFm{PKcVtxml`toayw$PxTB$RPvm|AGjCaz%@+qBls%)wm}|tZuz7h1?e6Q{_i7AX zjGG8}Q8R$hz+(G#vbc4n@|BV6GV1Gn%4F0OI6?8L#Ft1L;Y|j1uaH&IC5=ff%j{B7 z5_n>Xl36bk4#x2`90l@aHoz_AAY7NeQajx#tI9s!r zqzabu8)Q~DvsZ;HC|db!wvbA-Tq@#Gep$R7#}yze4VuJvNYR(Mp6?L(O-CleH4g8Y z<7Wpmy1_4733#p#>&i=`m6w@>r*YS_(;O0RD_>t?2nZTiIohz+CO?YZ|KcKCqn~tD z@GOrc-@S=us)O6h(N%r$eK|1fv-0%kK8DbVIueo$Hp19%5_Z$k+gr<1#t(jOIm&*T ziAmy;ujU_KWX)%7>d(hv!f85mH{uz~51x~3J8kGdIWpopqT-O1IgF`Z~$TqG(83;97xs%^bJUgK{Eml2B0+{;|6eD z1e!qu3(Q}AH{f?70w5v^y2AL~Cjc5A0?}Fz8Wi{+e}p(uxG2-&1`VBr2?vI1KG$K; zjDYzDI3X3%Hy0WTG^rjY7RVR|E2lfZE`nwT91V;p{-dHm(|%xrfsA25(10`)G#lVZ zU@8h5yj-Y*Zo=Zae>VShH&{Dud*{rfU3;BDwn{$f&tGcsc?OweZ#L z&R5LzVHV>!aswFG;Es3Bq^!Cy(Ut11s zg8L!`!Udo2c-(Lbe4ipSLOSGrTsH24UL#+ocaND=Ab5rS0SD`-wr8QvN1F*5F^wl4{ZSKH zR(2m=AoAnF0{&WG4bkMCS(i&!XaaW*KVyXr%<~vlPc@ex`S$tLts%$J?AtV3y`1tf zi;vr46*ujWeLH{Y`N!R*Yd&!}&$jIMEV9?AOusX8>Q4F=#Hmw>t#f=E=+>;&V)r`a zt>Z=7E%++Y@Zp9hR$;*cne=zfcFsk4jVZ^y2j)4n{XP*Ygy}Mek`lzdKH(Ts&SQH< z6)eTK<5P8fl(eQ&js{8JbxN3C`SxRwt#NoOGml<{z3l0Z#W9T>Btj`F41%M}QInD> z3N(w~vMY2WOMLpUpCu;l$IO60a>thE@yMbN>QoEsYa6y0Wifl_q^qyL8D&VreJ$CT zL{u;Fp7a-s>}d2LpORfwiehbAvq60_5!O3XV;`h}+0!s{Sz!G(p_XMp4mOXK#m?oR<``aZP zhsBXKw*^;4bZpQL+4mxxChoMEe$QX{KC$>NVMn8wz8g9f=t@?zuTPbrhD*z9^ypppgs|l32laNT9u^8a zwO6U{ThSuJg{%XY+SM^%&jAgvK+7yRKWe^YavDCFRwlbx7$?ANZD%GRVv&BU85# zFvl;qQRHbWwr?b@Tb4-Y*=yh5Fz_-bZsT?sK{Sfoc6#~nC%**cwFIK=@$ta`d*OzI z8xd-^Xljr{uCy!P0=+1|jUR?~kAMHN5`!<>y|B6(x$Qb%ouq#)QIk@|gXWF&ilM?f z3-<;;19s_wKLw7x=xdj4Z31WS51Stcnh-GIB4(4zpsEDmByC7W15gQ|1?n(!6eJk| z=1Y)9fMx_dQ$aEjK*9uQ1kgSmm|!6J2-j)GyttG&YvtgEW(FJ%Bpm_5xljq9se~}$ zKvEK*Z$KIWnh`KCz;;T=2L;dwplw00!2H#`!^H<|a{;LYXlB6SK(c9oZvZL*G;A`TwK_IMy$gG0~y3%zByM3(9D3tff2?RDgiW55+)kR zC#JZQfs9=+uYgnnG%Mg(U<5BfC7jQRI1|dC)@z7X z4$!8I|J)0H(*o_o;2;1Y3qvEE&M5}h2%mqKly&}Yo;C)@{&gO#yM@*hP(VKij4!=n<8f4Q1_F$d;%qkw)VbVH1i=HL7yKvsqtP5)_XN=I2rw&IG>Vv zoyt`6tpKs>jFozD(QbdL`6^r*`KYYJ zU!QVCioy%0vH2(N`g?Jvz?CVXgj3#C@QuH1mk*cf+{%604*xDlf}Zx?T&^l)g+$O8=l+w2^VJloe$hW4=qu#AZ4CqH}8O1iX8pD&pL+rWk8*Z4H0l>gbod zJ`eBt^Qn{58PY2-HZN~}Q4DsooG4P+xJePRD}tRaR?LwXD)rRQ-onnDN7}5x&^Fdy z#7$a9Z%xr!bhFnAK^xKcV(=hjZfTm)uJpFt#L{G?!;p`Vn8Z z`gFwW(zk8_C%TF%SWBLfup=7ce7D@~==tjnA-mw%N0XN72{wyND-W^X_TAtsu zo_J;&D~zdkWH(2$?H(q6fzPs(9YM_V7V@fD_H)PK5j7ND)h#)286|M3#okT2_rzaJ zbwFk8Fm2Aa)3D!cI$(*pYh$;k#=olm(k@{gicv;UoA{#NY>Ba~^P~qvl7qT*aiOoTHqeW{>{zsgS$5c16-B;(G=@ z@NkUOZ5dG6`&kLpf3JLq!%+ZxKU>WNDj7ek0{Q!d>8$1$Xb3!$f%rQ#GvHYSk|h9m z7=XWnW>$j|EA&+MSC1qh#h;(?Lo)&f23CvY#lR+R&?Ie`VE!Ttz$z2axF)D(z~Ml0 z1%Ph={QZ20DvUJ$R~rz}Hz4*7%?LOcNS+G>b5U*unmZ2DHvryn#@@l==A6GnGXo9> zlIQ~AT<~|$Jam|FAlWX!H|Ojfnh|g?FoO7ky`PWo`S)`It(yDiPwM=PADS5;8oslx zWS|v*YyR+e&=_|Zjsb1W1DXLi26V;`%?3CU7y3bQ<89!(v<9|=+_gTg1OXj~p z)}TF(pcnX`kAuSi1T8H7&M5%S-?i;0WN>{x@32-PTLoj^TF=$a{lr;n4np2Zupus;)diJMZ1ON7v_M~(N>8C1k*A@*Hk3<94-?49dUfNLXTD|uLTeov_opHNg z?YUPxj(!9G$mZVE!b3aOrH>rmV%&~5qHW&KT5D_;S`n!imYFvkvXu-*GhPp3?C!|) zGO`O}XbwcN3)y;qI5OHSZ~cZ0fgOYI+j`A*G>*5t%(^;8!D~*&s87+t$&9pD!jpO6 zwYW}lDIk-1e%&BKa4b5^eTlAF^M#_mAzIH_IKgj)fi~shd@%DFro|fLM z=s>~O_;o_0mL+$nKG_q5sZW2=Uhc8Q>e$R|sWbe!9r%dQ<>+yn1}#-rU{ioP>PDM| zi%2@(;!TY$H+3YGB9yPAvpdcY%4m&fqQw#K=6l{`>JM~%*Xt$sWAj6XX56Uv`>D$d zw9TuGQdWV7Xw`Zw53W9NHCZAgRXM(2)x&ou$!FXBK~2c>k0^GAiF;BC)IB`em_ctN zR;4&I300(#2n(x4@_!-iU~iYKQP(gxCt;PQu{T&`mFn(q6W6l}B}7P4&l`$1>z0)cX%o#n zAZzB@sY9tYY9EDLjATAUh-^t@9hj?h-KUD-2U00QOX15;LtkLs( zjur?jzAGjf`1z%W6WL;>7F}T@rX<-PorQ5cglW>deVIXk2q`qoIai`CxezC@z1_zB z?wF-A!ztG$uAm7a`yx278W*-*(Cx(S#dG|SD}#_IREUIHqs|90g3BT;Sq_AlM{ zyWu%$lvW9TjwFe=y%E!5*taNypGHZWGJ43LvOoB?>a4dx`G)x>G_uVHt0xjbwn0lw zV7==9>WT!W9T3%qW(4eo58SW=c^nL&+Mqq&Fu_2kb!bQB(9D3tfz0XvngSr(pp`E$ z;Xr0~pl?7&<2low#Y(p~x4hNEy0^wYc?ekXA-*n|q zjt6Ua2CcgOk0Sh5djQ{@Q*CHQz`*>~$^ry)LA60^dtmwIuWlAF-<*?eXlB6SKx!)h zoC~rI+9m`O4P+DpT?0BQhh_vE3yc{4L$%L~lwdrizn1HOIR-?wp;-aP0waX~kZsV; zdzfy43}Ap;KvWx=4R9oo(F=`ggEm3IL;@hFAfX6$BX?E{2F(f>mb1eP;12*0Eda93 z^E(*M+4Apa`qyy>A6O3y_)$5u4}*gMge(lIeY)5doN8Y*B_N``#!qm=wx{_(5IiAn zqveZzr8tO=IE{DtcBb;;E3GmEiD}cWa5nYIxlh;iZMNL)jviqLy%_qkYyMaxO0y_1 zdtgeyF^?HO0gnM+jjF4i)4RHfq0OKZ$JGGi`@zoA8rk4soh%yt`7;J?&D#y#hUTpd4W9ECT`DDrX4i@3paE3mqe?aIA8dkYWj7lA^fmADULDT%jrA) z%<)}5mok5yjx}9|S74T}o9!IOoKXx^$+;7t!k~4xkO$rObbO!!uhN}Ysv&aWe5WIi z4!rB^uB)GpJfcE+XMW@B*QGd;M4|Y{7AG}}KFDOJG`lJ`98;2SjHx1`Jlc#edi#K^ z9pB5o8ICG<5nrqOmA;`{T|EBn20T_I^#^xD!bWboM4DzZ>V)I#=5qJReYWPuXEwK) z-mFP7kLDtHXhN#Z7rl!~{N#q!wnfB7NLk$Y*KW2WqceL8XI;-H2)5#56E<$%(Ye{s?XfYPT57jKs% zq2;H&mzVX;0IU9CXQze9>{6^#^6oyn%Ux1OtKzfU|Dr;M&+vp;$!8~0k0_f*A+^F+ z#&(ea-c_%kAnM)gmrwDix{-5xJh5N9`jXRC&L>?Z<%{S^`hGlIKzx@fWk9N6?G~!t zuX;{ri(k!r&X&o64x>J$B8RV(L*%(7go_8Hm(4X|?QcvJ;_7GOEed2AO&;@hqmAnJ zv95mkmRC~z#d4HjQK;R^ef0o`r)jSKGiAD@!SV=(CBtRSaMr5A+!A)i5<2t zPMESx%VuZ11D{^okE)fpf~6ioNL2ge&($142)tB{bf%31J#JIWfw-3wEKW!)RbH0P!Q=FieBiX8*XzsUHWm)MSCR7SI5k0I8PHBlEN6l4b*mx5_ z!O^1LKBvuG68p$~^yq`QSw9=HYIMo_{r+*MwkjzeQeg_!7LEPJZ|F;1rCF6V9dbcR{6rd7YLy?2X%3SDPdLv)w1fS(#)Gi2Q`0V(W7l6B?Ew;v1KAtoyi zR30dW9%oiNeYy5C*o62Qsu6`hr{6#Py!$bq7bh+7uh$yS5u_sqz7v;p^R((H+-&b6(SYPfMg^AAuU(;y3?htY`+P$$ zQ;bW`-|Rz2+#bcJ6v8@e+iS&sP4E7$9zYE+xc9_ma^hZUid zRSqnzlL<)`27d|UROYRtYCD=eNx_r|lbBNOXkVKOz*Gq}e!TN>N7j-5>J&lyRAMN7 zH2=NRE|PVH(#%)1xUolN+6dmrK2rluIw>c&yFR=B-j0waiD?a$`=4cne`Fp2_Xn*Y z1m(ehWFAP80e1X#K6?q88Soqg$&vwy5WxOH`>tWaf#ewgf^dG&4$TNS7)X)<1ana) zbAI!1#+?4)o4=?ASY--`{X;VY4hNEH0N?=F|9LMi3^>5!xLa5#`O8R(k}_J6KFVEG0zi~+tm=l;-)fP;Y%#24Hj zv||hhB>fuokXN|B5QvW0!``Biwi*rRyrmq!H51ky#rwK}a!$oc|s9Fx3i?KhZd_(pTGqt`QBo<-0H zrQo(V7N8{--~9zw2+`>y}A;8rdY( z=HWHI?f47cJz?<~LF@B0z!ToGr5r0JAL)`Iidq}W@iHKbgkQfiJu zyOr#f7lH&gGnwk|KV--o&SZhk!6dYh1MZ}97p`Dj;xn!0OWTx#Td`LGJ* zl_v|^@7_d+B7E|eDCEn>S!}UH+%+|x+*R&g>(@kC%;zaUtDY2BpQR})WsnJBBaP$! zDO^mAxccrP)AqLff)sAJa?s+}hfc^>j)^#q(jF^)He}QEG~{=}Up8j!s1Wd~nxQk_ zRb8j7wl|Nm{q*Ds*`@bZUlO@O_1)ubI9RSQEom^x&|H&sm-ehm{z6yVwExYcm&2k; zyRi2=nyi_oIQB43DVCHSoZ?!0hQV@*~c zV6{n$-@_f0F8Z$5j%p-z#Dq|l#NCGNS-!s!E4Py&jV!&~?pBgU)Q#oHT=}%mD9%s) z=9qNBBAgym_B{smQRdFOOj`yO_SzZohopk8A(tg|2Ho!Fq5V*gD{J_yHOAsQVnyAb;E0Ly z>@nCA#k_75f8BH+0ap?&(`$Jx1x^P^;9CFgPE)HjPKMGWK?J|0Qd?1kM%g`khDQ-*V}Ht&@LmmU^@(euPArj6dbHn6jd|mc>nSgyEQ6WZN}(u2 zfuo~@vU~vHP43!O=LB}@%Tg>$Y47BtZK)j-BjrscZ4gc(-{hn!VPXW&%-Uqduud|! zbMs5B-0wG6ie@w$+76f@EPwamL^2@%saN`ylixiV|w9US>6Ec2Kfd;*L zCtgbKqcxF@iN*DLI1(7q`$rI*T~5M$&75`UgZ-5Lz7Bw91sn@x@NxlH zRsux9*@Y_z&-u?2@;!4lis(N);1>eWJ`4^65VSBP0Y4A;g@ESSg@D)3q8Xi>;z9Yv zSq;R~J!eA~d(KiB^w4>iMX{`Zesh&uS=32j8c|x~#i_g*lGx_d_j606EZfY>xkj+R zYv@JU{?Q_>5ZCDzgqxgHr1(OqW*OqTQR5t;DgwXePy1{4x16~5t#6>wqZ1DVMlZC_ z|CDkROSX8E8nZCb#n$aW9iwNg=@Q{N-n1uMdRlyQcogXnbFCy=PN2PkIAu)lK8@V2 zmm{}W?j7k8IKz`2wnH}rZX@JXKl^;VG+%aolHAhOc+tYI&n0KD5H>}OW0!AQDa9Fu zUn8+w&T!FJywZpHlp0>HKuNPR>87tuQh-6SvYA-su1vRY{GC0CrRLV8%1f*!2sk}M z9SIFVc$s8DPnC=V94MZf`^(niC{lCX6LN3}FndpS&yK#eKzUiT7++Y;2xYfnyzZ&; z%eVq%Vgjo!MU##27vIyXixh8nNPG(&xKa3nC_tB(0)0glNA69VC{_6+VXa8R@EV+5 zpx@PPj1@fLTl5n*#HmVfe8t}}L@p!VtWCH|%v6um!HA;Lt}0GEpE{#BD{q@he{lS9 zjZ|4GIeUuFGRCL(%>XZ_tza&h-jK&CuOzarLMktwrN;{?5zn@`z5K>#woON)8@4%P zGM{V^JDGkt*O^xbBFGGV*Kin-;ks}5=6X{|b z#BiBoc*-=H=3{lmx%aGVqt^@g3IcuV7&PVKI@a!ftbWQu7U%erbV3eJq8U3}!d{&# zfQxsT`sC)FJ>G;NMwO#9W2MhCN5!au6bpltIFl4LJ9|HT4?}9~Q(c&sJA5iV4wL(^ z$#YMvZJeGkH`(*;m0H%34BlHxvmnZ9cm4UXF|ulZX9a$$Ws*r>QSfDL$b(F8U7Vf* z78V;m7VGg<0*@;Lx-#tB<@fFixyIkZBl;22P&8mBJH4g2wNl2O)<@&P%(Fs4EUYfv z$;ex1=&c*;BnF?3b>GBm>vUj|hD&0q)AG?=1O1VxqL%tDp+Y=u4$`b7;yN8^kQiI* ze51i!tHez?%=Z~1l=8ujHCn@+M*P+kf~+|Leac-s*}+Or*D5*s#s+QIaj`hcFFi$p zdv*O`cI8#yr6Dt%9BIxR&5%iZ)MfLwaA!j&+>MT(*7nhBW=U;fe8m=rmajNnkjJ@E z$9om5*h*c|bZrGgjd==-N9RNNT1yhQTu?1=Cn~ZPu$qOQ+A|&n}^`gV-Y~AkN48CvD>3x=!PT2~Uxz6$n)inmPbOO*RI8g=*i zP>@kH)wzs&U)#Kd_&g(7_>Svphkd;chj*Z?g;da|X-PCVwlti8S+i(VOHO?I6L<%4hA7cF7I)olN$FFBe1pQ7$P z_a8EAM?vA&>NbCJ$+-3vckrY$wxGE?l}$N@{&?`zF(HOb$ z)q)(}8AnmAipTQW zaCz)Rs;XofR7WF|gla*M_m-#_ea$33O6Pr^-Ml`~B*&q*Bz zmqh->?pA2vCS#?B23%@!#oG7#81lYD4u<}Bh~IHFSI#{3@adIep~hJar1rREgOfvE zza>)AtBqUfrqelhQrqNd{EEi4yr+nr=xYtu%ww-WvfF$7~CEe zk35_k-WA!s=~`v#C;IBGUr)_gwy*T;bG^j3r$X#cHL?hw^}o=6=0KmlN*)m;fj(dR z!->Jz`~GZE?C;^Mgj@_BP!-GB5X1kH+;8RymM;OC<*d>PX1@HZm5+;$=eNQ0U1=cI z0?iCq=KQOZ4;;|N5(&T(xPK(@vk{uW?*^bY=NB2!jDW*|q(?w9{Ac4dH(&+azra9} zBp?{j%>gtc;9wxxJr_U7!)Hy3r!1VC`)s{4R5;+4{-Q}x`WOB`9!P=@bk0Q;6JRCX zznlZ0OXrm!fd1oi;R4MJ_?LoY_&_)pHyMDHbpL<@tJUOOwm>ri1_oBE$%SkIY^3`a z7D$@U#Se51sE!Gm8E`Z(!uXGH0qmpu7Z?~p43aI-Y=9$yjA6h-`XgHa+vxs<|+Wf@T9835?JMh!(&;x^t}xAzJvsw#=Nq zeNXqC|LGWj_Gusreqdt>4ApYlmjHH=p?S7M;$+>Rr9#fAD!xag@#%Fi=5{aE2O!?W$Y9b{C&fE99ZXJ6$@QUW$ zi9pBpIoZiMaf8dciM88YwT2#;*~)sGB}My{b5%bRqCPbo#{i~U{O?-~8JdCMAHQ5O z*y)4i()L60FHia1NKA3MeH~4;y*o=v*qW`T7=KW->VZ*9{#%SPmdiCSttAx#KTQR# z5d2)`dw+nT&g4A(L=w$XUntgK&PJ_7&V8fdI`2;wO!j%gWAS zZy4sj8cp%FP6++^4ii(2Ei{mYi?sT((1*x3!Sc4TNPg2EYTprngZH$RCDUNIq5v9F~m^f^p_dZPvP1h}d_-PswHXYkSY1J;94y|b3 z+u88a@zPf&dhvskda()yrLxMRzZYJ);jRq#%29j9+WPv8Fv`Y0-%Nq~=1Rq@^v)*F zB>i#s!=2C!{S+ywTecxzpQP-|*oNhfYUq+nkcD(6)MhQ`USzm*iF{iR$}FYa@TGG2dj>#jgbD3b^6&IK7dPe$nV$j}L}7 z&@2w%O{9bG^NTiax?W;5v0Gf)^gXnivUpKv+Ly(BBE?az{j^+f zSz~+1JT!KRqPzcR?K5`$*CMG;uu#_SXrZihreeDdxnCk`ctC6CNlz}ot{8T;F;3+4 zLW3__HQ=$Kxk~seY$;rY#XCRH$$s7uH+;xbaCE2a#+Z*dv9E|?vKfx84d3S?8LPdv zcON2te5u#!OPvd$YR4WBRusI(7Dilq&1uInK+5>VTIh~^f!pj=1|7ixLR*fy^2I79 z3%w$DVt#{gs;J(FCP)lAwi>8H59?BT^}ovPIl`47!XXjMiWy*sP5sP5=@cdD#7O`8 zY-Y^861|1#G2Paab|Rxy7u2HXk%RUj7SRC~cb&1v@%y!-6(@Kb$%)q(li5&WdYXBj zCr#|zHTVc`Nlou<*waea33E^mOWxqm$C`MJ zt`Qb%2E_ujT&9qS5FC{aK40WyQ zqUI{}k{~B=PfA#FW$nMD0xzMNwLRjRxRm|n)2IDt0>vXuF&i$D*dDvDUbrNWXNs#y zC`DIj{p0S^MoGTtIEj^Xq5hB-EraBspqLqx1ozx&*psA~hqoNTS3~$pafm>#F8>wL zbrZihm$y8UIUVaR=EF}&@9efZ4UpKR|f@iXP;e7T3% zqiCoktId`}CuU`Bu@o-NaVPY}QZG7O+p#IaMYQ-{GomKk#Pvz@-O} zNZYvA+AIx{6~R268!#-4))41PQQbf6DoNh0)@CW}E}5VA>%C0Tk|c-1 zGOnmQ?dhP|1`NJOcO30mu{7)aj02gOkl%=?tlDBntc+JCRB(7i1>;z3cZV*IPafEw zy*5=@v#NcsFs7tOJviQP6C!C!Zmg?M>EkFWdbj5wp7HG1?Ihu9IOE6d{hh;D3e8m7 z@I->23kjhmb0p*=-pM1IvT*sKLN79t?SC9PZ#KbQf~%ivj)A5e_|I}0kX-{3IY2i6 z)|UP&WkGTiVEP29253gWGZ!Q=0fPCX8MuUgr`dB613EDND}Ms$$?150{&SvpHepZT z_ndN&aDZwF91(z^T#V=E=H`Pkp8s@SzY2$%7Y8A+V3Ba`>&Q6u+kjRjR{mUU~vBGmjOKR z(|`DUfgP97@23FMH)kixz%T|xA4qsWH3AL>GJ=6%{s<2)AyCNuE}{CDZy>`MtWN+W zJ)oKahXaUV$jhxi(u3=)XB@U`03rO>Wzw1OfNBIB3yc{4Pk3+%{q`ShD3B2hw!h#^ zdO)=Tjs->t|0g}T&Xym;#PV0W3?O38ga=d`U`Wm`%z!}$2$=tb2Nz(e-#^0TtTG8` z=9KMU9Ju^e9#D;dLxB;y7s`VRu-EVW4hHhgc~<82ADB}Z7fT(Wei$4CAYx$%4}Jl# z>ymlU_PWl`hw7ZHx3z3dwL(#S||JTTaf z9QMAFx%>09heAvM=gMqgbzt5V&VoTS#+{&n*}dS~+HqI^N7!`-QvJSBkwo?$Wu#;! zdkbZSY#AXtdv7w5y+iiidy|5Nd#3y@M*q+?ha4aFDq=Ur6BfH`wCmLMw+eeAR8(aPZ5EK% zFzxO}+==?AZtIZ}tFv@lz|y0hnZu=yZ=w+6`U_hzR4ftf33klF+a=#_z0LAk-F+LU zl%;93fj_*eGZQgG!0X$Q&uRmnKiFBuws?4tU%a%&~^< zrQ*M)mE?g)62uXRVgB_M=@Zr`Wd^wRG6t0QKWUHVd*_7&R+=kVanezg;Y6&BRg7!- z=JpaClH}`mxcsu|iP&m@k|X!eWjD*+60m5((OpdCeJ7lY5l3Lpm)~Z>D>=sFcwlQ- zEr=>d5wz_Y9`CLdFe;-Q_+88r9v-_PRruXD!8<6S5@A6*Bi6%wmzA6nl2(emmF^Xm z)X2EwgDp*MV<=;li4sY73cQY9qFot392{;wb*{|s>we}CB#m3 zWmZ{azRr%MPf5)G-d0Qo6=L0j5%DV;D zBIU1Rx2s}~s}BdN1qSDr3KLA9jw5oYmn|VoxKL(pZLfH2m9oJrJ@(Q^Tk-j^v)sTp z1^v8S*ARoGkq7Tx_f9OfT@?|1xMsWlT=kdy{GNAxN8!?4-Mo(-bumuz@E7y%sP1Zs zC*u)~M=J0(u7703&{z_qkE}h?tA&<2MoT#){Q1-NT645joanywaOc$XaS91P>!Y$3 z(Jk_5Hy^sn4u66MlV2Ze=?YLvP1_eW2gdUA5#^!toBIoi^3`GTISB?E-YKa*hlzAH zn=%bcj>S$vUeKF}_Y!KjPByaeBTHrvK{m*ZGHY0-;!fs~4qXNMf?m^rnbu ze)BPNLqZz8_F|`0i5;L?&udGqL%$)Qvz9~1wT8#M2ZCl^EF=E9zVoJ(y z*iI;qqa0!0EV@5kAf^21UDjLUN!ZRpi!jD-gOluqS9vUCe{H~7*?Vg|HURTvjQZVk z=)EexH!nB4HmFLVHC=qzW1C7R*WF{9jO`je?K~ar!mPyVV=KVECOr2_|%^6)>JzgaBJa*x>xHib0N?yFL^gSrasL0W|Y^-Pv zTNx%A%*B|9Y>bdhNn{FfpFYbiqP3IhItY4*mJWCKdVTvErN}MR56EU54<-1Y-2A~9 zSBgt#QIC_Eq2=Md`6e4K)8R-JD?l#4=3vVv*k*Q=p~~jo3r>?QTx~2DMnSgl5Ro+2 zV#;az_c=zIXm;dqNn6N+a%`~%63A`kUDxMya!jCU#h=uaA#4`(I#-k3>ZHev_vI8I z8J6Ihl|{~1Udq3JvNH8rVH2j&brAcQ2kH8qade7dU&A2E0fsNGIYAGOQ8S@t_oM>I)>!#z#sn6)UbBfv{_c3{MxtKF><6RiaaF&zPd3kPtCMiqi;T8B4us zP9gZJ#dg2u0ZYL&VQ|zvwb&@vPY9p%r?kRh9+`~A)NRW!RP=fvscjpmrwxhbK#62fq;-XRTWo; zjsa{9Ajf=1BmjwiVnDv00g|UGI14;+n0RZV-8XG{A-&J(L%NVdW7q$ix z2q>9<6!E340VMfd#Ra^ELHd;EN5SYI!GN&&YZ3^sG=Gc@AjIzqGJg#N0T$-m)#{$pzZ@q1S>0WV*WC(XIBfrJ9eFR90|Zh+r~7HYlB4il{V;QrT+hZcvJ@M8c<<8nN3}?`_^wx7}5FA2Cz##wf0H z>!)VT$BO9KM_*@}W}0UYNZI;-`x*?PQ(wcJ%U%76cqT3_E|;77Yj0ZcLg&}Xjo+6r z(N5^x+xGcvjPlihHX|nd{eIN%hRT!V8pgzf(XY!+?I;;1Bs^;;r+28@8L0@=JvT*( z^sikN7L4xOxRF*rK@rN|e2td#?fXF?Jfr|2H%}rHG6D)eDKe@xqR!>GY`sZYm`(dA zIT_N^pgR2E_HF}=V_uo9ATRGPg8q|4YjyYU(Dfz1L*wCJ9*BE{&Wz%yOQ(#W>xiOX zQA^ot@#20|o?eW+fTfR?!upT_yIatBzlD3gT%TWK^Zd*9X{;_70c8`W_i)V0`EBX9 z`kLqAybdz$nIk)xMq(^;OZ0pyI(*sX5@A-Xm}-OA@G~skaK0JCrJzw(i2q{it(5-M z2tTyN@{Tb4z|wzs5$46#kDsJnDJaB|H}47$+&L)ss!djM<<4p7sUe^9;M&1UTG^WD z-dWvbz{nWe>NM#T=#^~#@za=LEZV_-Dj-qO)hSAWCQGe>%F)#cSGIOn2#Qas^Tb~T zRaDE)*`Er4U7EmttAdeRoD^h0^dn5w?}(tXq4C?f1gl z`DRJ|Vh>KEqg-i2AM1+$X^|z0# zc-edrXzK!^#5l~&?%Y3_s7{RJu#WAq=7q|p9Lu__Ooo|u=W(|z2O#K6vqvK3d_FVQOf!G6Nw(3Y)$*-!J z3f~^zZ7>O&3J?57YG;G~U5*~(0n2p~TwDfw@}qm)5hH3wPxXAilO3>x7(uh5v6{cp zrouT1Uv7d$_Igu*@@>vfAjQXBM?M~jvXfxF9&_#vT>p0_fBK}izSBB)F#L`wlW{5( zObb~^hN`$u6aV?3i*3~=fA#t!4h4QH0UWx5)h&b^mvh&?r zJTD%K%o#yhiAoOljX&M&W;qxMeq{v}_=I|73<~oll*~R9jqFD*C@yB5H|zR=_4U`v zQ;4l7-K&WUT1dJ_nZk|~<3ti%yK~D-8i;V92$4rJ7@d*spgnEq8wHDcW*0)#J0%5=rJN?1?0c6z($%m=Ei8 z>LfOVsTJF9_4*O(nxIIDXN~8#n9I)zkNWv&y*-_;p@oH0wHa8CA!avOsU30~`PzSj z%j{r-XI;u~JUFUvSZWsgrRu9V)lh!gy1l5SFpkIH0;T6L+9=15=J9XNkKF9g?cw_D zg)i7G%Y3*`Z+)jMK&fJQvW;0v#MOO%gY|9ks{0zU2YFt+o$G_1+nf<09u>KE@JVq& zpDRh!&=?A|kCS>>zi)rrMt&jj4*3^d#mL-_%`J!UUPri}AJ})U)jX0UftiiLWArv` z4AfG)`SbbcvqQ5R*(A;j8lJ-IR@dI-Bh^P64Qqrin&{)^G8R1RJP4(l&Y2=NH{p}K zvpj73lJB0Odhgv~4-PqeSvWE@>q@1^qm7zkPPfCAmbN_tDFSTZ+cH21N{hUR6Yzv=<5~_lz1Bcb4pYBZioR!A?oCtW0Z|WY{I&rUQ zkj60+)O=2CriBxqw42CEwy04;pZY$^BUvi7l`P+^YadC;oqB{%xNHxb`8D?bg5#!# zPvO`?Y*d4ZO>iXU%6NbGX}a68nO#l3X{2Z__j~C+Z*rsBDZU~G`t!%GTrZ1U(bDv? zoj~IQpD#PV@_YtnEjY_nsBMWdiZ2bCs5op(x{iq=JkJ)5-;_%QRvJ{emaeI zJDo2{WT*B+O#_>bcNMAcoz1-yU(%X02FAYp(q`A7Bs@f(1s zx~rIg*Df71EqEsd5(+36@ZtqIxeD+cfVjGg_A;2Qxi0 z=pn9`0lfm4j-7eoZ{z7uUw0^RQSuK%q2ze;$%?!g%+AbT?crAsOU*zy`oU%H6O)Y* z5KJBgh2q7<61TF~&Q>41w7P6&_Lx*W4p}fMN_@6Y0-D%!(pN`f)>n>w1IUzg$BuL+!s&r9DXX~?~IsY{d z7CGSkUL7QpW@a+_8E?@rJq$~m>Bsb)hM^pZLM5ufyCI^5GV6u~^lTx% zK5INfvtA_vZz*0Rpub{^dr6wal*JQ)|BPIRl)U@7yPI5>Vw0Roy1)YiY#CH_tjCo@ zQMaX4^)zhA_Gh(*?DrA$+op_(9t@PyygAKP!%2Ti&QIE+!iERcl$xWPasdz(G>|xHidDZS07tb?ZfyLTSW-M{fh64Q*WH;d;}^lpR+9 z)=S_1oakL9-Rk)Tdh?9*vDcy7uiDV_K1RI>jyU!bS4sWppkQxo`eCR~yN`=jf{eZC zHERs%EWhlI3|!Yx?pL3MdP+wunP~sIa;3*8FNWK^uCG_)A{J!*^n2XIpVfObsdV^p z_q{FF0305xz2%!Uzon9rol4QK$Ha95`mc`|dQlkM@wE5MUGk_K7#456say~7TDQm? zsOm-Jh=r?p-Ui8sid}Lv1jdXNSdq2H?vKo;SD}K{JwbxC06jz%t6|J5i zFEBGlF*MbHw}g1;oMp*q3$d?OWa10;h~nBYE1Q%e_)QJ zxm5Lb2r0o*y;nOs6WM`xAxDFyCjOyALht_DZxsWN!XNEQ3SC!O79~g@RGcT53V(`S zg)m#DKAo?dg;zor!)6} z=)vUYguFO0nI>AjR#`0nA+LRAUh?XKLUtTy=tcf z$fDopwJszk;JntkWr2hQx@`i45#YQQD=iJvBT-!=Eg>!4*E$x&bo4Y=oYwk#d=)r( z3UEDuaMr8d)IWsLMVAE<2_{55F=5RMnV2NDPfoqx|60gjLXQuwZ-11|6B7|)HuSs&`6*8&L! zln|hj!B1`d5%_=%zN^Rp>KNRHoy&Vj7@$nRgZkHu(WU!2kJI^m>hLNq;Pnewmh)~4Al~o~1}Kw%6feN}0HO&mhI7E34@i>D zZwq#M-QRx$ET_M3Tt2FP|HI#pDo`4L%KeA;VPv5N@jhXfk#!XK@=MfP{>kL($}S(5 zE@G`cU4Kuoz~Y}q)-fHfSl|88T3{euurkO?IPHna?-Cbp+<5le+BV-m{5W1VZB#(~TFlE_y?W%>U}RU{ zXJyWO)aTO^LZ-fiWtoE07j`VdO??z~t@Grh>AFZ--_6jYhR3*s^I6{|3U@>{in*sb zk#C?wjm;<=n4`#i)o6S0OWqHPVtN{lP3}vQCx*0>;M-bwXcHV% zrnFtSaySY`g^&}Lw3B(d409P{b7j1AsBJr;z8BWA$*HGn$k&GoFVl{DhK}dT=-`Vy zt_?NhDCiT?<&&dKq0=vy(klrUMk8b05XO6}*c2)io-0F>-!l@5uEs?-o)|ex1!~i!(DQ}wW!w{$`?;e$Y`+)l-LzOXvh`fW zq{iv67yh|SUx*A>2d1C-7ZUfzd+pyhWdl3?>7mAno)h>T@Q2XRExYCNf}{w) zcHScb0n0+QGcfVKV?4jhF<%XBHARJ>OX|c%h89-n23ky;da=zj7>kv7oN^@BY1|z_ zyqJY!7sJRz*<4K=*eUn-x#ldd$9*EjVA!ogNP{YaDn4k)u5`}WF{OK}ftM(Tf8P%z8R>Qy05;(7kRjzTRjj>y$p=(Hf z4?>x7S$7=~(dg%R>0SQ4OlTUmI%H=rk(Tbn8e_2$?%Oof>iY_|_oISOpS4=M$h?{3 zlUPuD9A2Jk`mjLUsE=&o(b68JS)uQ1z zACa(eT2X7(P8FWX?jwuhU<~W{u%`-`7D+6Mym`B6Wgj-lci3mYhkneL-)c{t(v%|? zb0B}=m0n%&iEU6lR-|o5%^5l4m)Zn+!Iq%HGv#rS%7iw#{;sut2ZB~4q{A;}Pgi;N z$+Yb|2*Y%t9;J8p8QF@pkNA+^a(?2JnSwSKlTOgDht>a>sV1o+VQMSGhD^=tve6%nSqF$Ds<_=>s z&~sFlNK}q;bk|?siK`@J!ltckpD@7c;6BzK@;9iPcj{aw=bq+jr$t0`|v*tlJ<9oFcC{oK)z1WPV_66nlMvtb?c^sN#Wx*ntP0z26XrM zWQEe{tOYfW`ttPIjzj8M-g54`+?JI(RGs*K96#MARkXmSYz>85P?co~^V0;Y`thFc z+i}JE++GgSP6k;awqwgTHoFm=-8$QAuZ?zX zl0$W3PO&LeIibd{GaRxaWF9uDlGu(Fnio=O-r6A{NX|Ga`jk;FxjOu$jGS}{&4=sZ z&fACY_J|FM#EVw4w)j6BnzKebXr<{e_P(DCZu4ZoPO&ZvqduTLws^zPk^6v!n!TfN z>q}f1(U2}yS4okM#S!5{v$bk+db=K*!YXO+l9uE}s{~Kf(?i*Nz_5Lfw5} zxD3%>oSpgy3Rb`#4R9BLaN4VOBXH>f+!@b}1tbvAJqcWN0LfgArU3G3uOb7kJm?sK zbk2JrkYIpxSU?6u!TUs)t^g2G3z-fJa99*vXr2e)(Ln+MB?GQJ0BZwq1c0d8tH^-s z4-h$Z;RztYfYJfi&Okbsy%0d=;Z<}1Is|-eF8lx_5KuDU;u%QhQuG2c53eEvUc``w zN+7|2()mXjUs?h{a^h8Nz^fQg!xxSK5(o&Fzeb1vOY_Gno%JBk2RW{w^4AOzgrO2h zD4<;aQNn-x03hw~DlXs!3|N+PHvkC(l*vD;_m3L@L>*qm1iW@ZA2Vl83la(_mwyy5 zzz+bT4lhRh!2AHq*==?IJ<35lA&_1SN&--_|8fJ&pq-GgvrD*61FR`NV!>xyoTYMn z1Ki8Y`rp00dh$i$+$#5cO0}YdrCz<|9DGkM^^1t`xPxt#NZflRtDB!!rFt3V2Ft7F zjMVG$0^v6jdEOT}I$GO5JNV?kZgfoXb!EUcm?e4J+T&uJeYSAB2@TKsM!9~f=J$f$ zPV;S&_pc&Sf7KPwokViKcRD?N_2YLi2OUa=$5tJ7ur; zAKgKv2-V^KnXsNvLTMZ%B{@$2xzH{e?Yau8b6huPqOjZPPzhox-!`vP$&4MNR{Ap( zDQ5%rB?BT=UH25SiAX1e7xABkPOsw)pzkS*M9B<6pwqX}$?0S7QTzaF-l=f62llC5 zs-(%M>oSiN-u8c!68bTtNEPl~^g@$5{E)E5P(CQM5g}J<$mrxWfUh}8Az2W1S+#}j zC{U^qTM2=JfpUFADp%p9aF{&aa|*d>wGif<20hXU|CHk8&!~}4BpIV`tFc9s2^a9Q z)5)R}P70rfbFdG{5AB_*TqO5Aqq4pG+QH4OJPPxeN-2S3DYjQ?^_KL`m;$slXeC|O%bXNCVkd5CB^UzY2N$(IBKas zyG0S^n^qg^4jadj3%q#?4&$oJkHoz1 zn9>?X(nO=}_9j-2i@$Lzs!<$ltl34>w?B>McuT&gu=F8&_`XV&K9{(~-r$CIh{1v4 zK9)wfyklU6k7-CQ_SX$NcDL!|#ympR)wk5RuWFcH!74Dx1vAib6RsM#MWKhk`r3nf z_{|}ywM`^ziNCyNmwuO_Xt)dxp4DDxJ*$-1 zG%7Z@g7ri!(JDuBUH5vONuq6&X5{Yx<0<%Oqv!9{i0X%Lgv=49}z) zZ!#Lt;@=ia;(h*c0vn}sFY^Ni3abM_&9y`*LFH3%Tv#nhofgifv&#_y(+JbXl!dIb z29>%3<9)q3p{oJbt5u!?}pO_L}|%XK35lyQn;WSD`{8+uOFB>*<=7iF#ff zS{A1<)^OKR9EddnTqgKb9>Iv{ulwcqFSg?DNNSeE#hM>t&vc;A%G}yP%Yu>D-`Qv1 z(eOvVe^BB(_GE(7#@qVgwo?&me9{xBxsp$@s=FvgYr>tpOWN|1&Ks(1wK@)>P#Kv; zFDt`MK9UjVhm(4u+;nk&fPo5KVlRtD>kAKGYq?gikf|Cr-QAbg6g+*PXCWy+fc*Pe zNTJ7%$)ahNIE1&faOwh*PaJo)>^LcNjT@7llrWQgKGARo_8w2Bk{dma%NatN57s6n zU)Sd=!|=e+*Ld$l4>Q?`ZePY0Bhahz>{rhA?>UU`+EELToB+$&MX>*EAK+@2g_xf8 z{Fg&O(Crob&|gEJpaS#U3qXPa*^&M=_X+3_0J3hcq64lv0CM4?LjVZ`lnl7!0H`Ry zsVG3)?NwyJg$Ibhyzl~$U_j}B>ka@NfENIy=3YeyTzdf5=6ntV5(p?6aLo)PbLj*C zk&IW70cemjCjg=`FT4OG7*IOkq8Ui%(hC408Lyyos=YvGZvbm^@e4R45D+qdjokpq zTsi?jBI8wDz-t&pXkK^$NHCym{!zt$yZ|7N@hURlH4Ipo^R@{j3{WQjDBwR%01(D_ z6%+9C1$ok(djUu&pj`e@zkj>{Ac^rRF5uM*Se5h603-}hCjTg1fD^b(Vr0I!LIT_g zfDGLH?hKqB(fZRFfb?<@8o)W5e|Z5mM$pc{pM<`T*bh&=K(o0GT0t()=+61wR$TW! zPbNPLgSMm>ua7)BkW8kLp?(<>(`Xe4_sS-y!*7DkW2WBL%94$%^Hl2p9>kzx`xZhg zdh>J(44$=!9v@cS{y;2mdZ1TNDTXM|d^kkxc z(Al0E2S@5oCq%DKr|~T1+4kpQn1=$wB<*`|a4Cr48PPGsHKhm8{LqR^JeKe87PG6D z1ciKIZxdqCS0Psy%Gdp=NP-1#SGXZx=U3uGGFN~}@J_}AtM#ztg{rCntd96Deu3fk zS7H6~MhRgmeOb}D%)#Z_L9_cGW+>HRZzY7%&DpsQn)M}obXO#}{Sw)L!RRGtVUN71 z4P2?rlU~|JNuwuJ!sXE~u%#Q^0t<2duva`VgRCa;^|VaxbtiZEksEF|2$S+QBMamB zGTQPOLO<}-lzlk&QRqQ~a3RtYc&IxT?uvM~h2tH1)hiagLIvnE4y2k(#>qo`SLS5Y zqifa4{p9!r$tO}=tv8;dupO^yv$r00>=`?;(?6nA6zSz-wrg@D>@Fr@->PholRUPX zL`$jxQ@;$-ENkRDZ3zCK< z)}@#mEpmR=?mF1z`<#zN+nlt6z7ytS3$}U79CwVC6e)#m+%;0us-sYUlav+&uvl6R|v&z zI5csg6h2p2D=ar1v?6!e(k}WP4immz*A?LX2G>oaggqlAk)h2xzd9m8bLw+8N>-%C zS9p3eOD9mC2i*Nqj6r5EA*L{7xRdlN-qj3C%r>V^OhN@|w44!x&83fSLUPDn_D4)S z7kq;9J$aAC?!F!5UDb`uO5_EV(`vN*=+xieST;d1T)Ss6XuV0WydhQas`;@7@1|>R z{f^9XS)A<$XSk^ybHBMeIYdV@GzU*fp^$XZS}OPDf_0i!Deba@b)6oOcLmS#GlieCSf>7#kX_`jrJoebT5*MFEHZ zgiTnXNp*tV`8AfN_2C*<_G+zNmrrq3ty{0XM1KR8@H-_o1UvmZRx#u5b}p87hYvYb zQEL&GX*ole;F<|V2B)T=T;I=q$s($Kuub#!Da}oPRdKHz)X~M(>fFPcOw&S!d#$MN zdGA@W?v`QN#~Aka&pYkr5@r#y!h~3-#Ii~!EAx0*{DAE$!9Rp8PFodv_d>`1TPb2G zGIZ2;c53na2UCT@91=qHpS7hz2a?8Bw~_PdlBcXy?ez?Z44hO0G{(FpM258WUjG!h zITdB9EVv+vxz0SSq`#^a6!UP#WBc?Fsa@=xTC`~Hr}r9Nr?V5DGkh}?cxh!UIGVrI z4wm$o+jDbYYdVCV299t)di;K7YnHt=_fxbL-*{Eeb!F3m!XeVvcH6cgj?5!NM6hkU zh>A$<4jGeqXF1-kT7Gm8eZpT+Y5+|G=onmP^j^73fy)u#j(P49Ac27HRp43#NanI* za2eBkB^hu<0&+jhdBXq_3Mdb;T;xF!KE&H3;IBoI(C;DQ7|24E5{ z1ADI|11?MGK+ZIs+XP53Aawqkl>ySZvMT zvm37@175=*3iQGzK!O3K^N%XNvq%uL5%LXO@M>~%H}Ppk)7H5}27-t}qFM z*c1ShuzO(=l0Q$T{x%8ho%O><2U}!b{#rhTF{wr#P{_}=%#0?crXWmf(^B8mBldn~ z#!SQg=HvOa_K8a1197s>*!Q2~V1&to+S=&0=W$#o{F@DEDaL5;Z#+O`|RLr}m^^tM!Z9^IuHk+H6yAQQ`=rWstC=wox2^8Z+QCzy4gnsOB>5b}Q6*_j zo!F~Uot_(-Ak5f8`?aL8u}Za_LtSU}dWV=y*4KVTOL=y0p;;V6-sDB=)8_!Xo?T1oNEd%q#kZZTMs`v+up=c657QB`22Qln_5rNeF?{ZNkYN{)iEzSqLsWdV1+cfnada4rl3HsB=^u@JQOlX87O5MR&6mMT zq8BK8oyfIavd^Gx{eXThl62->#FCmxAU4lT!>itUuV}M^A3=eMQkJy)>2;gWb#IgG z$lElQJ!FZhvhP5(BFn=|zKUxMxQ-cd%WAH)7`zg;`Y&UhUO+c=o*`OPCwTaGMiYT2Z?Q2k{LF*DPODDS(t>3GBa z$RL^O%NVnur5^ftuF=6=ukr5rMWLI>pZHzK<_s`O!PK>a96q0}7d_KTZay zN+8{;&3+*BH47?lUhNZ<8<$~1Vrt1sJ)(O9ejU*ww!1P^W?f^OI-Q#A6ZvNH(tCsA z0!yJC!)WihR8zAvQSIt~<-2NzikXpqnF?}9XR!!+QcRwoL5#BL{`jLskN4Z+y=>9MCL z9(_i4-%}RfSP-MZPh2lu)TV?NQ1#oga_v?;P;oE3p&5b9RJ9<<^C}Aclk4L)k4IEJ zY@grCJ&GES?xGQsTDI(bcCXRU%q%@XCZ3`yJ_PPaxcZI!$PA`Dib|l-Q7-14Djs1M z0vp|i!OVPL{bq^V2aa2^HOElFKh;dq@;;@mA0W_>OfE^dygz!SkJ4V7?vozk-Hn0O zylLyj-Uo;E6*H9wb7I|9&pv+OUD5JqOr8_CK&_T%)o7U^-|2b!Z=wyTIQ*=(e1mBq zJE`6B%W*()gQ>{$spR4>x;$yupUk-|G4JlqRdT0&&{40M{Kka+LuEIMt`oIgu%^!6 z8=Ezh3#BzgVWcCQdXL_Sfk=xmAjn60lX0jKq4m}77f;4J>SVGf0}-y_>H{l?(wQm& zruQ1vR2|Z-DW4#G^<9B+TDT*Roxx>E|4K<&tP|&(T5$7e*f_%P_(9QV9Zu4j@4v%5 z9NFI3Geyyy*_c9k(aw{PHc!Qxf>*vw9~>!o1hju>toA;vX#Nsb9sE2bbfXP=*PgiF zEjqZ{SMKgH{ZDb{Yfza@zf>Xmn6p#(|G(dHnKyjpHVUqoKr{c&oeU%x& zpx<%&=O2x6{^wu2I=E;8sGW;`2P6M-F*5%CLGmK# z z{^p_pPv>!1F6PfK=W#CF3?w8_MgZ9ln8#sZ{XKsJI*>yLc_N49Y!v^BF9Tp~;4-=L z$`uALW55bu*da(DpzjB~f&nXhX@@R@E3f1NUd5p1?A#DRf&pRk*8~lK%^yQ_T801T zYx&m@4Par;?GPjkP$uBj3t;lc4qaweUbQS|_jLh3Ymk_fb3+6P1(XXw|AT)e{}`gn zz{)GR07@79^xwH1f`kFe1pM&}Toqbk2Dzx!`pem|s` z7%#gfkX{Z-15mX8GDIv)R~RBsWQuI;Qd?x>-^u19f0E6~qZyZ^;>8wh<%?c%tK8QM zGHkJeCRlWR7WJTY zc;VB#AU!pFjj7brJdmarly}Uf-rz+eO-NJvpuyE{wqU-V!cth}%5x-iCM1QUn%Ce$ zp};bY?W@2uuz<-UaKErcR2P=c5z6uOxw#^_(7tx~*^^B6^-wh=MN zR~1p>nesA)l&VNLO}gUiRA4RCcbSvD90+jb<$7*Wv@p(=lA$ z?6K9~*KePToQp>m7BF{VD8DtXPe?h?ytS3WzW{jCTd*D5~X28s*Z9yZ>L$& zUZGj8XT#H%lu_1RXYwwDYZWVgM#kQJgG4rI3u85Z&2tcCt+E|6&F^qUWn#omlHiVZQ;9;jiIlaQX}lw%e4WRn8OuWf z!)m#WWxu*zfw5b9uhvq-P{D zooxJ3nNLw38@Iyirj_yS+o~~>rC)O4jC_MjWty{o{OE=DXkc%;Wq}ba%juwv=^Tb5 zOISXJ!K7KNy=iHV%uM-~GTtC^D@*bV-fTtEzG&aLLEMa#?E8vBV@bJt>Q>#@@P&53!_ z*x+n9Z#WCS^1&xB8ow7}QorYhR8kkf)s|g_JU|a8Ct29A@N&9E{)w>C7fznyr!1u# z=GhN#P}NEsuHW{!#wlmaKrY2sXR1c}4nVad%H`i(3O>= z8`DgZGpM#)-xzNN!qO}^>^FtI4%q6G=S7?kZe{Ypi5;JPJi=!rhPToDyl*ha#;Cti zTuFpzYR>ARKPQ}EZUgVArpDM(rpQR)qrG^})fIA2LY{J)apd%cDCZW6L>LJ_`~c*> z?s>LQSnRsJLrvpMx$71YDA-i{-^%Km$@0zglu=$JHagaRr;X3K8{uR9yObUZ;8@-% z5BLSEN7eQA-FR{YhU!BDA#+s?sdYPoQT-~8?Ck6mjlGPVT~AAA9O#F%iu^NZ$!zZk z8R;v2_yrinqnR%c@Mt78x^&?hhy8LvpK#s!T4-~fb6I5Eh42Oy>*PLX;`^5qGYw>f z<}I%}H4+jaVgy{tLX7=p2{w2=Wc zLM8ofeTf8_%}n02ebcdHd?-Z~-?5umYjpTO+TOt{?CU7Ay|$ER*4T$U}fFe(xC?`RYco4KS-d<(V?KO4f?GeBI>t}A}q>8u{EhW zBj5fqIfgy^E~(D_Ceh<kyx4!ECWTYDPu)v&-bUlFXzQSy`1+!@bdZ! zRzy|Qn~I3e4=iQo^lZvBufv>_-rRc~ytHO!dpPG%&m48X9hqv~hr+2sUN0g2aTNR} z3GvdCjwPLgB=1ki#~7+m6);%p5G~T#oxA_-h*uv8yUbs{YHR&#gcBfs=+6xjBoL4d z_Fog60E2WH!F(kda2W;ZqAW--pmhFW0{}q{}SkE7t~GOo9GDeQuE;!GO{MHvvF8mlo+V;POg308s@l4=>yiBoI(C;4T12 z=Capwaoy3?9~A4^!5`qa0rWE5^NX?|!2s#7{xu5(pmS+%F7qU>SQ^&9GKBzTb8#RH z5(p@lf7I|FYjc?;c_kHaFYsGA|1tUJ<^~c9D3^bf@E>z?F;V@m4+*@00n2i3Z6INQ zG6An%y0bTPHqrmb+FZs+Ub!mZwF`2u+PS%bgaXRtAH@sk^;||tGGE*&4rXpxLFRzY z9x{Ipgh6^S2npcu&p)gU6C3!&yv8HUrx)`cQF&swXP5qGZKD2IoAcq2XA8RWm9MzR z?{ya$bbA*L^An-_44BU}nX_`Jd>D}P@p;c_&m7fh%pD~C96mpqHWUN)eRR8bC()zk z)wC}QBcFu7|JwgG3yXI|m-r4HUMNJMu|sU(cL}C!B7Qe(7OMt$S!n6e;#uC`DS#8zrfCi$GY5c?t^mal|yWgE|f0&+8qU z{UW;kt=C(R78JIU`r)b`L#f2;CPpHpc=q8w<0I`p8Mee=*Gg}`o(jcAF@9{_@lNt# z{R8i+WhR=Cb}~N(#nsR!ktZC3`qtN(w3HOeYH|j?l(s5881DEkWS6GQxlq{8CR4_m zHe!V!%~ibCY>LC?lZ=ACCwpR0a(YE?XyvfKMdZRhlqpU+>5{S)TiJF-{3QS3`1H}& ze3tg1J7Q1+1}wwURe=uBAJJigKXprwRM+mLa?~2?kU?h;w}!-rEGNmnEq-4Ge!Cd?KGpB z4D_7+<&G`>`@!k!#d4~5o84>GgvMus*LLrc&22WSF?A(oXI zUoU21tEv4#TW%LDu7aHumM5yqaX2?K-T0wCPvw`1y2VYbybMD*;o*`VtTe?1)2)Mh zMbkmARcU;+`gCp>aMN)gZGiE|@=vO_@A#z`0z7G8$P< ztcF&kN-RW@#m97n6Cuf1xc4#|`=9_isOTSg?J7JYw^%k_03tzxIbR3(?(>I>UEF17o$y1rJhQWy7 zc-~^D&yAMJV?U?7QEob7%If{TzrMxZS52FOciB;N&|;3*Nl5q2SMkWYG=^% z2&JsFa7-6HqQ|jCp^gG2oqr?sj${$Lv6kP1B5VpePW@OEM#t1P5}qa$dKn|U0690R zQr9N)y!bVK^Kn#C83Upp46;d<>>eiExZd{=XC4@EBW}1{_lOCVXD)*-Wg3 z*$Cs`%>G;{@Tq<9Y1gNj{$4TfQ5QJ`*&7p~a^^i8p0Y~~%zCR_1(G-BGT?WdrmU!n zZ4rv^zJAWN_t1L0*RLDdN6h2JX@7>)+T(+DXz^OVB|%9L;hv~r|K|95?O=C-8NXNF zBY2p5*ZeBHyBxKrn5sd?W zhBp(~Agn5RQ3_2I?uC8SWmYA#avtmc2DjU!oS(*t0KMvmF5v%_EZZ++`GyJH{*ttH zNKTWHZxW1gyrR)9aW@pL)9jMvLMXySH1>Kn8>z7Q2rk!%xTxrl+tt?;?z{MQU5|hC zmDrV+$+dmeqx;6F^qN8zu3!M_uGq;u!IRH2Nd1n?YQH-4^}aIyoy!3Hh?yD-v7z75oqO%YE>KFz1&|+ z+E|3_OP8{Vg3BU|C}lR_;Qn^FY}?;%pEGLFRPnuR^`^xWyG`A7zctUodwkcZ9_;a3 zq-Qcw(t8=+nXbgPW!FsC?6iKk_Le$jayO7)*n#&eC(YsR-L-q7si^LEPj<=IT=(3I za;%6E3l=n_EYLnkVZhbl-*>;?X6{n@ZAYOY<^(PxOR?I^_eGaO3Y*viG@*UvSHUn( zCFIOfo*t0H;9{&mKWY@W4#xYDv6@kBm{Z}|Jv*v_BJJp!*Ee>&n5lROPlByq!N@A#Vi^Vin3k5&qu1F9oO!Xv6$ zs9WQN36R_f>zN7$>MwwD0vtTMnAQBP5w6+`!DSB}^Z6Ek9)@x5M;ZF_l-60WV>|!kn2Ah!~(u{!zdGnGxE{jLIvSfLAYwn?AE65K%z5oSoPM zRvn;V{<9;r7bm>_@lE<`6bY~@XJ!N<1}Kw%lx$5Ff)O*VHAuBSWulOeozhKGZ(|( zGu5`CcDd&qGn>E1yA@yJ?x;jYmJ`zROFNBIhDEQGUN`S}tOiYs|{P zN+_P2=Z=H1yE-&EJ3D`igDLu2sHjOhBe~V%bR+Ipg`cCQ*4ig9cBj8IXN6^NzxH70 zz$EUyG4!)=yA^|ZIa$reB`@rW~-pPqpLuSF7MUk=w zB*YC@uFyT$tjCsOm9L|-5(TBUXfeHIaNp9SaueTq4J&sSQ4+n;n7;^-EzC56z7eG} zi%8$)^DV^5`-K7Nhf?~fh-7yYxX6ALpZEaqqy4 zL2zPC-m?4)>rOkg&owXBdk^=`T+`_p-f2E-_VOxp=J9h+8GrsxDB)0#;6S(q5z32< ztw0NEc2F~;rmo8X`Pt6>hj(u{SNRrsnqizEJj6-9X(S`#yn@@7E>g~afVR!6^q)6xiQ=5S}O9TRgqYsQoax&p~IcrXonuI9TRxO<-Stq}I$c=ardq ziNlo0gcpVpeVL;TZ^&D*MUB3^@f^f%*caBeM=u|w_oNEFo`Ta8M(&m3yKJE7JVdYh z*wYL8+erIS_rb1%vZczW61TO<_8*G@6}XOv-#z4BxJzsdw^*gdSId1=p9rUas2qp= zW1So!pJkcVHoRuBrB21XkdBA6zBA4vN#I5}RsHG~PhZ+lT|`$*eaaC>dgs#1B8$#k z?|6$NK^dpXjxc4D4YmRPJb%vkNj8y#hELFjbE(jEBeZ;?WwUh;>wmuO7wK0h+aHZ( z)3Zv|jA4*Lebh25emu?F71>Z zjPtup1wI9WPR01Hu?+;0O4qtjxp$5c$|`B*GE)p?*d%%jwcaT|AU-a;K)fMsmC^Ydx;S362l1%>?9<*gtT zHkC!bVq)_(sPV~@%x1-Agf7^SJ(m0?7w_Kg)O!RO&{Tdhjs-$UrMLzyP#m+N$)8)B zsjSA?KfZooNA=$4t1!*HQGmjTo1!MpN+ntKDt!s7^}8K2mdep*G^jQUB-MTEuOeSL zR0Pt=d};Hr-u~vA5}vq9(@sxM)hZG3(`t;m*Zt;r-@TW0TQ9v|@_f__(qe76o2C4L zjUZ2mft|ZuR7;57ePN%L^QLhzp3L%t@sEpo)<0Yw`AovtOj_Tkrfl1p2nvt-t`cIS zCa{HHtNW}=blZ+Z0-jWV4~8xFBV1TXbCVFln4G>^gI69D{JizOZ6VsI2P3vJG=794(o;@-hJ z^w3*ooK^iUt73$b=qHTv%%M|RiKTIOh!&|kPd=~E z344|#cK~Hec6JWa$E7L*F~GIT<6}Ma)Jx-lE={_xU&?lMIN((se`0jLMh#KPlY38v zn;gB|#}NKCAKO*K*mQcG3jN27WJ5hexa{Ngi4?(bnA)+RRN%xk~e7Fpdtt z{g1Kh4#etv<7Sd%6cQE6O7@mnRHRfw$STPm8QHU}2$76P%E-uGA+jPPB`aAG2^krE zBmLg@-uLCagJ1vM^q%LO&pqe4_jx||^PJp4?6Z9FxRgB4 zmBsQu2RteFl(pNjefp1USS{f%$zFozxvv`WCOJ^W3+nx)&aZJ%ng5cD?R9 zgM+P<7@r`Y7@wphH*o&B1XR?Cexq*srAA=m#O6(3&DfC-7$!iO5ndyhFKFzr2Z&fU zzSIb89NN6uV8A+7ghEOJRpGp$kb=`Ayp}LV1eUY{3MnzMf84QHV#}hZ_54a;ADjV*=+Hjd2P6x0?g7?q^qGlGd{ixs>f zhZER1FmtoP;8Z;!L*0$U2>ND(*9^vRa7vy4huTQfHcrgkbTrrjJmB1@Bn_Vt%&}lE zU|=lkN!rF~nVSv;Si{JrhuUy%W9h+}8a_jq!vU5su<|6tu!N7BEjwu6y-gmR>zUrh zd7GQU*&^qJ^E`YuFp*%dTj0h@O2FF+v%q3DfsG?KHysf63dYFD;e-#L6^tQ)RZnMh z5lCR)Hj%ggBK(e0JFaq3R#pI#+evKf^|&!YgcQ{Rba~urC~zBiNeTFT zD71o4VB>U8G1Mh?UJ30;jh;-5k6d^gV`4?GYeZHF3z88?VWBkg0>X*BfF6;^3*?Mn zL|!204Z1+ya^wY+u|pSv=)WKx5BdwTmy1BY3T?iQ8uAwTs!oA zD=Yki^4Qn3?S-UYil~@$l4?n&Sjo3>o_*<%-r;hf>qmE(!ToQF(OmVXr^Kj&*n>wa zmuC}e-O>V@JHOViTHZ;NiElH}di*}3W_zG~2*G`p_NKzs`3dH;2Jfn_{3$rjuiv7- z7RcdsR-ooIfx<t z*9*=aBWYtLxN)J1HrAdy;{0I&6+^6|3*(XQxOvJ zD(v7}_^Y6Bk;qD6hlb)d<-66RMFcE2M&tg*9*AmDy4UI7SngLBo|#R;=yAUy$)|~i zvzJKmM#!V4D}`@j1TUnqr(7h7V32&{Aak>Zd*a;qx5zO?Qdv<#lftA@*Sb-U%_Ci#kCQS$&A6 zHiIsYn$j?MP^w9cws5!fk%@l4H)e-BW9^##S=5(D$=h#{o-e1W&yG=WX^U|^JoD(x|&UpO_ z8XP&cvg?kUS{CJ4NqfiiX!55I9&9yhBD?ul%M+|F`cwOb7>ri+c};0Q4(?c}bnp~&nGe10E^V2OIv z$@ba;;cw@j_BOfoG$D52x?Dx!^pd@9XsXBP`AAQOYoqJ;shB-t27%|^swiak)-`Ez z+zQT?4$dB?6uy_eth~3}C$=nK$LK7}@&$I$pyQtg+bQi`tWSt<3)Vd5Q%^v2E&c7p zULyO*Xl*K=>(V|=rK(lLvCn($NHbacyp=9fj>&vkfzAE1i2{at!_{`2F6 z(0RMFuDucz#`2w&essj)&P_(an%UYFqoy)Hb|=IX*9IZcaZ9b}gb>_)&&=UsTd|@Q zD!pC*(gR|5@3He5qA@2#0v65AsiuvJrp+1N9`k;4vP(~yedkDLBgN?oX6?SaDvH)e zKD@Nt`7QL^%J+kAB#a$8<;tIzq{yp3A3-=+mF0wgjAw)KlvUFy|nG&XN{2> zo&m2E-wOw(RE;jx-QDxRA@{V*gnD|6emnOi!!?B`*7T}o!;!I^9!k4&^)7JuUW*F4 zdEn7%Kb@+srO^RnJBR&BhTe(_5t%-;j_rpo98SHpK-(EJNEr0V+a4hj5qob-<*(EobvRA;rW@rZu#HkIT( ze)O-&Jc7?SXhXdtuHSPLEB_sGFYx|pp;mqWJu(U%^UZ1YA|A)Qyvky7_;Tn? zT}yRZ->pe_1>8$5$n5<7eMDK!{~NDk7*}k$x}|wsm0#g%(s=ERKBHy64#T4J*J1uh zUFwhGtBfEI`ZZpnn?;^_6CG(TlFR>h}jH? z&9-bNgwYJFrP{KYFlIAk5b`hBL@=8Hxx$vciDEWGhf#=Vam!|6n9YE6V9RFWn9YFb zf6Hc=s|2ie0^(Yr4h7=jM%VoDy6Vs!#9;hNE9+DuyHQ^hDl7=Th&aVs2_YrFhE0{;sFgOE>I4G3t9vQ zjn6m^XkfwPn`=0OWf2mBLBmrI=T30H*hvhOC}J!g#Qd&P1}KgQpBYTpfM%;mk6DjxL(ADyU^MG?J)G>|)l7JXujMay68ZdM?F(&Hz+SOk8t0G=>jwOu=`1XQiV-11I~kkSrS&+u)uEvfsLcGH#`w*ZDYF%KsCbD9zGi& zUbsu#CpWO067E|XUgi>@dS(;6l3NP#C1Lp&3;ZGw*f@=Q6TFf*a(u)QYa3GxQ-Jua zU?RrvHo$gPxQO8c-C#5rFL8Aw0}AqOl913F^lgw~l!SHhXohj)!0$~FWBUj&!!W;y z&ju!5;3WdCXyk3czyhpj*y&&_7{9@T7jPKd6%7~qud|CAr;3ZAUanYPED4oUpl=^? zZbgMRR4e$JV`4=+1cG0L>v<4NAzWpIyntdb41V$9x*ldbgJY4hlhUpn_V8`F_oWL@d+*UpqAI@7 zcrQUpY4noD`)5_JYAqh-JD$&;{C><&Tl^#<<#e=dS~nHKdfY)B4-aKe7~)6Gky08nKD%_uH+f?QtE{bqw=b;xJvjUk;dHOcSdjFBSisKjrTl#Rx@bTbI2vZj4Ee$1jY0dlS6J?nW~90o`o)h>U5`y zOe`OfUrJ!)(*CKq6iv*2=fy`S%I149B$15+H|uT>mnjzccWO|&Q_$?z;ZwZZ^wzeM zd>c=xaRw3l4E3qkXZdW)##9tT(4)S9oi86I;_{H zai)?$N5)~AM0?O+n#4QcMS^_&pU!is4%X8l!ZAbN`R0sjjvkFo-}|*mnTmXG_N8XO zrTmFX_fU_aq0Y`7iPNGl&lyKrk1*Q8v}=j z5TA4(CRvDV$hr<7_Budel+I#WkiZR=g0{>ddN)g8O*23 zToXIQ*=SqAdp$@#B=;M~ing4C$dLIltBmZv{UMR=5Z23;$~)|?)TCNJ{B0+nZfB9)_SY33DTQms?OTNR?%2-xFy8X^#E#oaVl_bv zmGV6&3x1U7TsXhxTolP)TdvD0bN5@GRr(^7c{jg-9;Y~}SG%=uF(y{;W0C7ZFsY zL0W~Y?%qDS4`^;$GqN6X*ypan_&Re$j(2AJ=%d@S*Y^=6JfQHd_x7;Z?!-yM+eqr@ z$v0FKxct)brqAUE6gRC8$ub4L&bIjsuS%X=;#QyiyKO@n8*-ONnEU_o zaac0-2p_!qp0)6@lLO;3ls^wCCuGjS-6T(Th$Byks z20rC$dld#RK5D*mLx#r7Cc(o+D5qdXs8(TEo{Ay*Cadcckr_Q2ElESatZOV{q$^M2 z$GqEBJ1qbFSX$;4k|!XexI{>9Y#%qGcl47hWjNuN2RuxpZ!+cE${0z)kIk(R%^&DC zkGvy7CwSORJ9An3am%T=4){B~ziwm&^%jR#E=7lWL=TLpXF;xP13| zs%&c=4`VQ%HCgy!E*+<@7uGanDz!i1uiacUGnIdL$HZbl2c1tnuVAXquU$N&G~W59 z10(KBZr<(th0@sWouc%bKpsLD{@iX1AK51f7MN{C*gJ21h6f1q=Vu8wN)x356E_(hP$m zlmw3q+3HS8U~q(zpdf$CW*8iyBq+b%vKi(ofkGk_HXz7^V=yRfLdAPPkclGuB!Q~c z^`H>dD(BKahNOnP(B*m*4`XcYH@;?tlHM_Vp#P|yj12Id(hN5f|X6Eff+AY^DP zn?Z)%PZHR)d~?Wv>)`q`e45KTuL*r(+Zr;qr(kH0P|PMiGZ>&j@h1oxXPJTX40C*v z8%M2dB=gu0F;EkV2Q>7oWI=O$(C5f4LE|Vy!Fh(ZniIfh1QRmgARuI%hY0`~X80sg z(pV(1zv(nXM>%ck&hQ~vXoe5cC2b8D+fNW@&TlYYFvo|_3MOLUO#&bWwg^O_0T9Ek zC%JJj)fR{W$H6nl(0xU7e9&&#TO-DH6JUyAh7X?&OuT?=fOsMPW)n|FF?<^*rfrTF zM{bJo?1B%AMKgSmSZ+(aII>gB_cHRkpa4EA7>J=xabppfsM-WEisRcj#&rwCfXm>{ zF#IxE=lFncwx<#A+7bVEFJg#zcyC2n53iSI8omIk<8cc>zCA5Ep2w z58nI(`Crhh3wZ&*To4z~Lk{^Dc!?r7Kjdj-NChFh`3}JFfeO|w7(Q`9tfN~Y1)={8 za(51kY$wFgtyPLiJmH0vJ?%vMISd(;1rD2iNI8+vwwUWwsNT4d7Vt)RX|&1t*7EA^zJf=_$vyrnd`<1~ z4_U8U=S7Y@bycKC?e7j*;=h7mk4ejRN*f1EaY8%IW+)A+*n&=*pFo3!I!+_mnfkq;t@ zYb?{_xw$K)GPN-?|9D!8Y zHgmU0tgNSRlbG2o+;+b}rC*VpYPULXIsec?#6V`{Kgm$?%EOMK_N`x1QmM~aWES$e zUy+#PqDV?lYYO{8EaSUZ*4qBV@7cb9TIEUNqYFj@(%UZtfBYSG_DUOd;MLJ*ek5T7 z&#x+moL#z6zdg=8=8v*q^5~;B%55EOrxfn_D=hT8O$trkU}>j#zcyR@?T)x@j=V7Q z`;v&qCx^uh{6l$!E)xw`iP5WGpwvAj`Q7A__%D%FYZLivd;0D;{~B1;wtN#{zvtkW zDKTxM8Y+e_Y5&RTz37-MJ}qJJ>`Y(Jtr)WrzDrL$2tVh4y1_rSbH@4SQhIJ}Lhjun zQ#q!`ygqmA5Pu45u4x$kmEESxm3T|2?`)Fsi3crI24))VbB-c>AJ1=_RMsKQiKCPq zukov)5**k+qhZ@grb>o3Zs;&F{@}HjHK9MpS89g4aUYBucnEmaOLs6N4*DwwcCuJsSih@WC!$BMNLlYZKVyFA__N8PyABJUYq23~=yP-MYa!IxM@NzW;Kp)vW)q!!CY?9E*g!+R&#rhc^7oSB zcjO&z{N>r*zrK8Sf1wI556>CN6=Sl$9DlT!=Bioof4Q#|_oXKBdh>RMQp%NOy0N9~yj0*hcX%hV#JZSGxz@ihewwq4k(P>#-;8s}xJV1A#!-^gZT3 z!x81GPNhv!T|NACcJoX&$3sMU%bDc(53boa3&&jE-I+Wgd#-jVh?(KV52cR* zPb-{~KJ8tzqW^ov$x-K_7h>s9?Qm{@mQL~yspO|7yDrX9e>gloZ+Gpps}_@$Z+ngl z1!12xt8MRK*nVl{Hfr%QVQOguD*1Tl#pW)*H!`j)H~DzkBCuvjeYui;fERIug zTCV<{o$ejAb#jt58cFD#n*H@IQryy}!c8_lp-S#sFJs|hs~v|t-bpNYvdSL)eoN%Q z+V&moQy&_XTo1~uI?f^wt);m9>H%KnP!tI8w&H}uFsUS{Isx^X-?AAdl_Uy8Z(BCQ zBpksqiY=RA5{_Vb#8%D3F$qVo2x7}-n1myE7|fQYj{hp}6vtd8Q1pl!x&phOprS}1IYBdrqENU8$G0#uf%|y4Pr8fpgt4|g^|a8uB%K?B0+p+FrrwfTRfm)83mMI!gv7CXzmastTqD; zeJI}?G%7eoafgt@p>h&nN*q0O8KF5Q;ejzx$&{h|M%W zN|((cqk?{vKoBUL+9XGT{tTMKpjS`=L40N~K?6@tAQJ^P1H=Ow#T^3Do%J!|fW}Ui zF;Y=jS-H*~LXYvS=NWkPLW>)mXShlgpAihmP^Wm7HZpI+=p0zuXyy>m9&QR5N3Mzq z8BPGvN<1iS!{`+|7X_88us?$Y3yM3$X9g2A;2_{U!;2NaKMSI`LqM3kIcUIna1(G? zRk_X`qN+TBUU5L9lV~){4$L!(ImBlK6EYGTo_U5G4Sa%v^NeB+filg_Ap@?12Qr+p zqnSg9QP_H(u{{NYW2Hn~a2wn?hV_(a<`Cx9z&^28HK z%&-u|9OAQqi5Kt-5HG-$!VfV3FN!$?HVNAtFW@lPcm)LnP>MX%@gV{r7YRMc5!Ef= znntw1*dH1hcp;S2>$_UvYY(7BHb>X#=n9F#D-=;F0gIuL7f}3#yntULhzoS6gj$S< zzd*MG`5RP7f!L83W(`H*&FzqcBE%!E(}&1@k(N<2wFQ5OARaLlf>wwMWNPoK6)o!h zT{=xie>%I<_#lpZU#j(||0Y1V5>Db5*`O!&aYBg7VtMk^oKiAPQz|omQScMfqZdXi zXMcU(pT=2|Ia$AYQz=n4q0L16apUt;l3W%pie&lwKh6I8Z-g%PRh-wW|16XcCCZh~ z=T3Tsa6M5ZI;0|e(@pgE*TAEv3O?*ozqw*9!h7aWU=)S$CH=U(d7GaBQC_r3oilPI z$}SfAH;o?lke#&`&@pRM{?EukO7`g`lihpn`=2_0$4#2wi`l28tU+a|&sAvmr*|;~ zLiAnA`?H0MeF`Y6xy5r-zaq~rxm#FZS@VZqJ>ND=Q?ym|`ne(|-a&-aN%92C?nc7k zPZ=izwSI`F*5BfO_FwspLDCGx!Mwo2oOqchl0sH`PhZv-Mg8fWlDc!{R%zS$iAKkW zGp)-^P8STH$v9C&>DW{F43ZyfWq;##ThI1Ev&Tvzv(sybXO%WRB{T0%cDJ(rNbcWJ zcg3{$2ftAGYeyBOnalRy)Xiu#0@-#5?ncVy

    rQlve0x zj%$|FBwKt>IuAnnr1!#Yw)i>X#Fiu1I>lW7ybUV$^36`x*VG=dDmNALu8+S)`9jm3 z$&FZ3UNfYsiYZ&%F}=q%{RgvVw^~D}bg-(cR%p-n2nC6QZO+GBBPQm8W-N@q@+g(u zyYWdowSS-JT7#R>@@UNqBZ;v!=Gh`%1)UyB@xIvSEI;hF$=1Al@7;2i`as-{j?;-3 z-o!Uul2GRf-7b6joL|K5odUjzr7jH@ch?AJ8a)%u9ocVrBD=F%J#b9rw)~WegZvn4T)%nrjexL8`dil{gC3|6T@EYYI!lswi?&(e zfeE$DFQxr2G`Lp}XrsR4HAu zapizGArNy%RQmpt+{Xa zT#n`Pce2ZNF|(2_czH~e(ScUQrxD;gIbwOY$YsHf6h_?+7i z)L<{fE9X_g)*=4$R(JD%-+!AZr*dX?uFjWamW(<`m1}2P%RaIpub?rz`l58Qbt))x zP44a6WfR%e?~=tg+T%>t_5R7cuAIJ+L+x_Eu5yM(9pr~^r#ze(ma6}JBdq9kd zrucvjgHe?(*c2afV8Ft{7iFR%HIzJ11jt_CesQ8qP#6js1OsbWABfKiW~>RyL_yd< zXpI9KCi&2iP{BWXkeKWb@<+fz#e*ANxq{;PM4&hoyx+LEffWoH#5hnMMfKscgNYo} zo`T2$dJ`8p#Py*;{XgWOOcft;$o#rc5L9)bZzfh=0SZ`gW*k-u;<5F$2Z}SPp?C}%~vIG`v)v48mNU?K-qs~~b{ z0fLx7#hbi1SRxk+Nb=x(s4J}`g55zol4`KxInZbe$_{qjxqev~Ve_*a5 zN)Q1X-%7$+;?Q#y9401g`0MGqo)El~5U++y3PLX^v_VWkA->jFaM5oT1SJUTU=idV z>eCtG0*cmClXgz?GAQVQS2E7F( zh}iTVgA&y0vqo&9@6oN5OKENzX{yvVn@@6|z%DX?o;*C6=(i!$o$1TZ)fLa_(VhLh z_|@aNGrQgOvZ5*J)8)-yZ~EUDV{Qw1Y|!>D?M<5fJVH|F_4mte$@VA#%k4L!xHy{L zJJ0_&!pK-9wdOw8{Ycua`0p1tpM@1){>(7FB2vtjyY z)N4zo^CR90p%*_D4W>59(>2UI+Yxyxi;&Sq@~z0jU}NHVC!-PRpKZcpmBL|3=1=xS z>=Rl}+GpogG#F|cn$#5786w)0>D0EJz?4~Ndw_0g<IfYMU%#^^GJO(452mYMQm_eoTn{@WoI>+iLD`WkYSJeu ztE+F@@uVZf$30}j4!U$XH?Yb(v38j9T(d@rY zbnkAtlFDw4ys_Iirscm=Mj$JG|0nyh!p^weRHyDjo&AaX# z&?1*<(|pPqUvqn;TFTLkTqwjMkMVSOn~dczq28AYETnr9J;y5gFLxL3S~6#eSn8}~ zm)93wZjbrS>U3tP$2!{Qz6ae428sIrNRoStvmOwX?ql|TpyOZEZs2R*N=(CLkfGKf z7~InL^J(Pr3)$l?p*syPW`B&GKTChmh(nDHGO)J_41ol7s zc^B=3NfMaOIGoOsVLWbmTr$hSf_Bb!?7-A&tlPca@k42POFm3=o=w9gKa>N~jAOZf z)*AOqYlV6p%Woq2&}z=9R%`#MkdTE}vDR(5+v<(Y@L|84FXWeJg8mGZi|iQ_TwE|W z9eh?=bM;Ejv+^0)c|IDYuYpfL=YOa_#L>YOm{G|3v37j8F)~Jq+!Z z*-9TXWqWtG?y{+zfMEg0ifn~wrVwMmQ@cF}b~av7oYnI0`WYK<=AI>;zcfi^ea1Q` zjK}u$HKF@Cg3IJ56Ta>)xgYdHUo`(7i?~VrP@vN`odU5_4&`pbdl`o`qXu~Pc6oj- zTMT6)snseF$fI)8sAj)9^Qa|hs%y{DA^Y&%+{RHquS&XHA_sF=*CAzzVf6YG%^iU zUAnJiHH)%d{&r}GL*6m*V>BigS&cmnxp{}YV=;Kae0GUM)8eL3QyxAmcyu@@BwcrQA9 zqz%h^C~_%#og`OzWUaPHl*fVKL1Thf!j>CBFT7c=0Vbw`QmHmpmbaIPw77l|Ff&2vkFQN zJdo@wwe+YynXM~GMcHDHVv4AjeR9p0vK9iwU#jPZNmp%7(Jun@Q3((~tF3HO^dn>w~Nq_PtrK{;RA)Pb@_Jp|Zq?T1J z%1`NEw8N8%NU8c%y)`qa+G!URxcg3f@jCtRU2x2#%02MiuP|DsbA0w@=&HQ30mEoo zQI+t#y`0LvYPJhT?F}>f4@8dXB@ysH+9q8C&*;#g;-!k$>n<6pJkdODeYNPZWzS{Z}=rC>C4#uX0pT zEVlGt^{Ap)>je~~ZiLaO5EBlg;cylRqhZz)8Ak&Q0y^l$iK9X7DxRDPu9I5VHiG4P zXp>l+2&ig>3<_fGiU$*)`0QXt)S${0Kn`s5hpICMkgpS;U)pp0S@rJxWFNm3u38*g}LZa;sD2y z-C_cV1)}RpN3a|hZ4wJOsKCXUa9HYy&k81PP-Y8GIKcDZ;9jRa!CHItAaQXcO`+~A zo`nu;MAvCgxL6!~w%||%(DrDcK@43hiulB52MamiFCcO#B?booEOl7$h?sF;%QDnW zz{8C|k|J=RSThbM)`GD13WHih-%RWo$Mzk-#Zj~;NYJ6JVBrS*1;mZ>xCU{fX-||& z3gRfy=5c2n@FhGmj^ZQG!bh;y9&Hi}Hz>%33}SrKK@p$$>|i1Xb+;gLfZT%z03b&b zpQ!TUt%2hxaWN+x#kQdKMg;aJTwg-ixUpRam~WW&#AgHxH1M7QK|}P;Cd(X6d%}bf z_#-^49HNdkU*#ws36{ZQ(B_*>Ht-69CtCo%jfneph6N@*LG~SO1`9UeDj;mg=Ricj zT%(Ck;4qo>nZa4)5G}SjY?Lw&rGo@F(Lj$Ed#91YmWsO?H~x^6IH{F zxPagym`fN3@&e6(qF%Cyzd-Ld25`QiejC{ zGKkbddM+Eh&ek<7DpEb*6(q04Vz!d|gjA}f`oIUn(;uES`%5K^8%?kMj*z~XystNz zIW4F_rYD(e{)h9e!8hd-Ygb+DJl$U&R!dZ++Qlb#|HKLM5xU`%w5@w2*SMx9UIOKs(SwC$vv+~J?^U$>~K=R1qXwV7yA$0qbW?|q&S z|HtZYv9r28;u}1dSST24c8DjD%ckx76_r|Qi8@v?>z9!! zbNwbwYPlRzr9vVu$kocMe#U_f=*wPw%z;jxOJGd{(f7hC?SBj=-;S(ehRruw`=O*LmZQYhAw zNIN^}k@dmt72Dg%Y=!?b*2pn=JpEhwX2JyLkrxUoOe;6DAIE&?9!YELxnibWZfS9; z{x+kc##zQU+_P53y?1-R)${ZPs~YIHc-@+A&b%=wS8~#SSN#%OHvOndCSi)8#wSbZ zBaa-Y?-aO3REQj$^6Mj8e)mbOh+WP@BC$I<_uQFJCk5Kh3|Kpt7V_Opi#j(cy^E_u zsdTo2s(tU!(%f0r$;CbC`-T2qzZhC|gyR=4N&gQ0Pj6y+bZM=Z_iKq9iG@mO3eSTl;Ki)jI2+LPoS<&?QfS8TCKa{#~&y3dwo5B zP_z5hNPh9@YssIkzx;ZtLv!HlK560%AO5IIa~XSU7~EuxS@WCN1c&q^l{~funfTNc ze7yUvwtVn)ogOP?tkS*;b5c9u4}0(bDtuvBeEa2J>T8aX{`=(jMb%$5+ioU3#Y&l= zwl9=0>nmm3`zJRa`PTSk*ONMN|CnQ)e<;f5khnl{yOUaRPRwuj$>Er%Lq>V4^siPO5lbPkH9`!{pC4<6@)~(n4qHoX=6YF8(6S5Q=$nrY?&w z>#w7qTnSybpqWqoUbbedpEkU7$IjElxZ9q2az>Q-bC_#&>&s)Yd=8xSQ%7G0=q=M4 z>GZ`1%vZCWFg&+n*LIn{{dL{m>Cw=tm7^V$4%_}a&EWq=(`NgJG>_Bo%;cyif=JtF zV#t3IIFLzskR?@EFo^D!B%s$h*=@69XvZNRay_kFVwBvcgX0_ z_m9iN940pj-C0B^%K%a8F?ROSzM8Hx;j`uh5JJOgi2nTO+>Xw|K zIkwS*0TfI<1oT59PD+wTbI0AqCY}&9KL18cD)N1Xf|MoBZ}gGdpQTBgA?=|X;dSQA ze2Xg$(md7t^RKCN>hB$4TD76~`1a0>f%;F-8h?=Iv0}$thuA!Qcl~N+;wP|vmGzE? z;L@0VhM>}Fxh!&VA zeo!pr+?pG_I$@I^uBJqr``6~L?vn)TQTw|SH4hf3dtNVelKPqZ_Suk2jD{2K<_P+FFN)Z$Uh%(2 zPFV+c3hFC7?V>3)yWDiHVd^I>oepW4t-eOhV5rblue=HgIa$4zLkF3!cpeTg6nS5h ztV3NJ*66S_QOg+nO4jq1pq#$`m9{1auQF-bKZ{eml8+8t;d}USCd_rdKDh9CGHG-e z;owpUmq}GG<Li9 z79R!{t8Cd0i$8_REBDdnEWXsKix>Vw;U%Xe=4|MTJnF?n8KL+sUTPy zvQ>W~nEa{Wzp8gdF!@u#e^u{_VDhJe|Ek^8HrU2PIr3xWb*$RL}D;VK5+$|p58~Fq-ZZr!D zLxL&G^+Dp`26e-DaHBUsN69~d?HAWgVy01opr9De9z}tJR8c%AK0BDmL47eWS_*_ZMMTCtUNc3@L9Hv3>S;4}MpA>@= zD6o5ArK9Dag77Z&;IDA$0zn*IGG+>i+Poeu{{)1U>$egcH<0PWGmdfQ5ln>Qvx9{k zKP?8-?c>fknh1qK{ol2Yo#A65NA1mzuKNb|SKSObs8PnAaTE=T&k81PP=*YybSOav z=MtE4Gz}^UpD+Oa3eSw==#sH;!x=c51_d^J+Y~pp>mW~9Sl_?`MTFwBgM}P$7!Wx$ z9uO0V97Ti*;xmuqsmBGyn}M2r87fph3k2Br)`#4|S1; zQhN{n;VGr#$tu3@vdf08oh~q5*3#5x*Y4Z^k-c9;Ci0)0d+2hx+(1sBT{41K#qMS4 zH$UFsFJC{us;%vP-TD2?>Zk*+4hu;)@?+6eUa&wuVn4h6@ zS+ex}^+W>gR1|wH(cVXLz+7e7?pe zKmF67=CtE={T;)prT(d;F?wdNl@~p4ig=uO-g1-UaOhb@`nb~?mP9x5f21TQHmD3r zzwj)a_kKuLZDXo`feu*+UhGtNbbQTh{A;0My7DekdF70f?l+_9F}u#TtJHDuTrW6% zEo7HRO88inuE8_a`c%a{Jp=9UiXPg%pYl>DqPAb)5=i zh5L8*SRJ)(70Z7`+;{i}!Hc?II|T+j`>bjg8YRq}R&qS-@2&8Yms@##L-Su0^O;;A;~>IW~M zvoQqT+PyPjW@=lRXCt()rmYu2A7P~qcZx;k|iHryNM3~dOJyvi# zfsRQ5-r;6BT{>b+ALiyzzts7?wS{?OKa7CnmCO0HRl z_FI&(-gd(*Lo3FRXt7`Nj8+MKQInT{TQ~T|haA(iCK3FrUN&&-PgmvStcm_@b%Ln> z?$Fh6r2LK3ReS32H175IaDS_<8B?Bqp#RK|9JhnUU50mi0t?J8-@ZdW*r{j4oIYa{ zx8!K0b){r7^zwp+)5^J8#j!6Z%dT7PW_|gQ;)g3kgE83?*NCjOEZ=Ft0%{gVs<*=X zLq}>Ox*|L-kKAr0xn{|w`x7CiJkr>+U;M^Z*HW>!iayq2N)ru?VbU!(kHyaIOuHVF zbvB2)GSG|C#@a7E!yrGRg6VKH^(&tzU3AtgCn^G16I+Q%eKBs@Mm z6vE|Vo)uYqwIKK8V&*6QRxwJZZ|WyrNQLLQ+T3Wc5+d41{8Q6fkybp*vPB}AX`8~W zS!*W>LyoSI&M>3Begp1G2aAjIM6a58X#Vgm@=3Zi!bUc9ob|x{6SgirwZSSkQfP*( zwdagxpUd&-tJLRY}!ZsV|Zeok$O5+F-@JVG`QpiYn1f&%(pKo>iAT3X!o3Z zmr{_<8y)Ro#o&1B&s(OEX2lWmrBDHqxN+b4BR&yynN6pjDjrt zZi&O#sgKV@d|VTc%V=HA$+>A@`nFfTa<9Bh$F&!s1+w4ORp#V94!!0}7f+qK^O=`X z^WrVf#R|8UYiqr`UaAo7A1=Q2uD_t`9gR&kv!=s?e8T&`QVPBLN_cpqCXN=|4=d~V zARDdDw=?l;G|5VJewvV?=G&l3&1ZdFf4$D1jPn(W6p|X5jQyki^R)Qe?ZoFzLErb&nT0t`fBq3w#!CjX zaob)(n;F5KBklcdyl1}9=jN?mwtk&jK;|@B<48O+ntV3uns0qvwA&gp3q?tS`P3fi z?RqKS5A1)@*b$`2K0?VAaoT$N;WAC^#Y{IgUE0sOY=4Hoz8Yg&yi~bD6w8szt=^+} zK}@!%R(MgC!=KVJgV2&~S4Ewa*x;4L*RdDf$t0L)605p4ER- zXuDVLdF%J^dDd6k#vgjQC?zOzel4l2m}k1px?|W+luUQW*atFdPZ`Aoi@j&b=$`F! zKCzgzFWB|`b?*A2Q$_4`GAA7kW>R;mpC)~={M*{~U5DcIL%+<<`v00H-oCscTeW)n z-g%zn(&0P1Tkkbx{azRjY0-aNQGPiwi;wT2u~V*2!lN~(rD*2Xv4@$RUspyBgvGIk z3ezn=h$v86z1}%vvSW3htpn@WGm$?R8Xt4~B^MxAp`?C_mv$5ci)yx_yM(alC$Ls# z%XV1w6Ic_oWjjo|QV=S>`3L$?2$QZ91dCg?><^Q!6a;Hnwrqz*S3*^(|1wT2x)Llu z*|I+@y7FJ;v%*+(<-f{jg|X<$f0fS)W33lZJ_|&#!2We8#T}5KqUD!@fYuN7D?F(= zD73{F#-d_C6zvF6H(Q6XpaK^T-$eyCQghValKAXk2DG3c7eo%k?{FLqAYUgQfi1zd zKn`RG_>eaO06*;xmH@9Mk~=z~PJq>>mUUWtE7J7Qn`x zn*+xY24iODaKm-^B}ip%GU1>^7-zy^))Ai-EZj)rco_B#y)6n6fP0;FgtIsB?%;88 za0gvH3ms1C*5#MLX;3uM;DB_(oxbUwEPnMSb;W)g&Wie!!wR?);D};4L&j<0! zz4C_`HyM`eNpwh`mp0m zbDD*ihv?s%%gezsUb4r$UZ3>3hd9ZGP{=BrH|JE9w9(!7S+gCFc;!M;m5dDPf|-tK zTsc2NP(hLkPB)_ni5-`?;w4Hl{v9G5R?<)91~sUytnU?`v>BZrZaK zu>mE|z@P!+tq|)H=hSEURei1;f@%vP^9^E?OQP;Wsr3QYGvaOyMps`-A0mHnEY9`b zyTb<_w>;0g)?_#RH!OIp1@X+Qn*&CrUjOd#*xk1~OpC7e6R^acxBnXy>f28i)fW(XZ`?3c`#-P2 z-{g(8MHIIe{CzxVxumUZUNtw!zLNT^V0GditL4{@#@dc^r!TAZv5OB>GKqJ-BEQ&E z7nY=N@G9X;@Jz<@U(DZ*%Kce0`aEz+p>{Dz=Da4?`S?!RCRHV^X^Vd9C(@aAS^ZIW z10`kdeo=RjYCTSKUB=Fib-tu!LfJp9CA7bql)HnSKz7%Id1v+(#QE9{J0_nWd$z*Q z(jxz$BSrEsk3|txmYb?L{oR%g`HPbiUm94LJ@*PZfihZ_ZLROmaiR|rNtunKNp9UCdeZ28Q_Ihr ze`CHF{U+_vPAkf`n(GzwSC1OFksS1lyyv^;rRCKR7bGS!9X?UK5To9=B1g3SN%icl zH$tM6&RrcoJ<0RKe@+t|7W7HARtOWIlim?NtxAx3f^{cl&fmui3K19Yk#g-@DNu2; zAbO#e`DFYg=|P83>JOH(N8Ok$atPS&Fh2SEqV;&xH{#B|YjzPQv=xRf{pE9}m9(|d zn+Pasqe)>1CqB<6T#@JeDd3_?Hp7LC<-Z5dOV!YmIM6C?Kh^K&e%ALG%i9jtqZ%v$K8a=FY69zT?!h!z_ehFMFk0aumqI+4i6QXzpCXvEr@z z+>SUr^bZ+vlY(UAK0Wnx5sL|XjjH!u*@MQH)J2>!{ZpD>SN1<)$+$?Z6gxA}N10qF zPI|fEN>_kSq{@2R!)w-d&q_(Y$WpiIo>%3bA<_oP}65i)A?k&D$lEkiz#>K8rMD@ z6&c~Azd%fLu$|rV-WS?0H^pd8mpV+o)Bko==dgS;aB_CLdNr|;la=7R?)ud3w{=NI z)cX%VGA2+cdvRn=>r}f$BCl47_|MD-cNZ<4mSgpj-m6mZTz$P$FW+qLYlmq3t5~m6 zy%w#KTNGk4y4hn|ReDu77&?0U%^jEL^2eR0c&3|7X)+jd?#{kpzGt}J}$Z)sh zL)*iXYa+kZya@>uLL?sHr~IHQ7StPOE2>Eli~0epM7C^)Mg2f~t^7-WSX3cc0kUO( zSX3cc*s*0hEUFN!-`KJp7F7uCPW>1ae4pz=sn=91(WHgdcFc$+}6* zj6nz#uR;a|MZsfq;M1t_*}+1N>=+MnD0l{MJct}c`N5!2jO=DJE(EGx@gaxq@p{EI zaGK4g$bp;|XU1WrAwDZuxbgEpz@DVID;=#ggdzQ3+}N2cMv5o|6Bg@?AAA5Oc*C)? zB_Sx=M@i#_8gr6E2mSh(@?Kfw78cyOZ_KOvA<+Z;FGOL$f~{M})Fr%CvTgROC+6I?V~ zj&Tw>iu1!~2MamiFu>CdPJY1w06vc9{DeUAd~@W0H{nALvp_KCCn1UNfr<5W!`YV? z;6os#A$}`Zxbd?<;0GEQ5r7-T_z8ikr%hqwC}1%cIxNzJm4=A%;yhAuJRB6mqC6bH zjpY3Bo56$)b&JQrp;yc%(~aW%gg_nR=CA=z!ZX{jNE7D#5aY#phvLG<_8Y{f+>Nhx zNX`$x87$aCjpF=-K%MgDumLy12OH*_AkGglUVv&uTf|!9Pyqzy^IUWT zHj?$jZw3oC@R|W(4IjmP?5rP~CG2o5cjXK*6 zXSzWpEVAetI=mYB#R`9GOt|YRS0v{L^#w3H55Duf6tOpS9NB>j=r2xtFUpcuo+G_;bI&HBC3fg-^Wdd@XbEns|Gk3S`{P$hOGfjDa~Z}qh3->(<1dBthXkA+ z=DBiJOjtpoZ|0ay3E!5J|6vk zZ#6F8Z+K-~OLt(qW6+(kp3$+7ZEvLujqq`-Dz&;P!byt7kDtw!Zdv&zvs{1Z!n)YE zZ_@HUTYejv%eg(+HI@H0aZ8l$LW9g=QxC_Z%d!%5syleMzm(f^59Nh9O62y@>J!*k zX3CiTC4Jsa)lGQxG0x-64*3=JT5qIoj+)=oJ1g|ct-dB|?N&iQo^QQ;%e466!c);# zy0%E`UJQ^6S1Mr7eGnJrw!-PxqrCltExisk$3Mw49kg?tkJjbEzPF?=&FrUqJa=5q zzJ}TUdQCf-=F}pk}W1WVz=A#u=f1(2(&Sd=zV*l)(>ni!7H#jWRZtbqG)}bAHf(Kdk{ob!* zKyYGDpY%?P`M2%N4)q+dcgoA#VA~z3kZYrU_RDeWEZ02c2kv?-PzC<*%UQYD7y(*By8N+55n2 zQ~x2LU3KdY~9wM(Fy?UmQ7xap0?$!E`cin1Gw-TkLr zxDuYY*)d*T%^+;JyRc#U%Q7iD%yMJ%}mR=F4pZwL|J7K)F z>%z<5lxza;TS|w{R#ueQC^f{idpUn$+l4lj8Kt{+evcjc=9*w(L&}$RIkgi9xN5w0 z7*$pD^Mlttv|0y&3*7yt;l57H^t8%w|xjpR*VkJk<*%2^C@Qk1pn)8 z%a=s`DmXJUJTKN=KXzj67mwLK=NBJea&fcFfkBUDoto$7rYmKccMJ_H$xq=wv~+QE zd3t}f_Ago0V@p3x{e0U=IMB@BV7|s)kI6NWhTkT&d)`bvl4Doww`3#BPv+g*xT9tR z>mJsoELBX*K49YKP`dB#fH#fm8hO%3rPrlDY)0zP9&fpJ(=CRMY`*hx!~QYeJ?<-l--SI2PA?BP>KIa$9d4fD zAlJ>-vu@gQeAdWU^GqKm=6a62&he>jcwg&VQ^nzVVBaQXfR zu0JPhHkR&Q+?hVRMRe5X_JIrij^6vJVl#S_@35zO>nAR?=w6ZD9cbM5WX$ykK06Od zs+unPx@_u4D}^xwf~F-!J+gjMWj%h}xrQ0FJ*U>mwK?$HhQ5$gxjt=8`N;Iqg;@_; zTLkwclY5Q7oE!he{95()=Fpd~BdpX?zV|cjIaxd*HL-4c&$in$E*|VzzoW-$UT5Zp zIdVGtw{kV+n*6T%yktj!|J&CqYi#_wA|#3*ym8yFy?jEd!Gz;-UUjP`JZ~>3?KrsK zqwvVsk$c+KsGiGS9-&Yp9{M19?HQBIuiGx_ zrKdeN_bf=zPk4SxE;C}e#+Rz9vc<`zZUzlXPu+9Zq$g%&SLU^*4^#8MJtZJ0kgwgk zwszhaKc6(SX)%fCzfTyU|2DGQc}aJLp=(CuFpC}bn#z%852Jg&zbmjlXc-@}W|3g( z{iA(fEWL8+m;RKW!;RigJCK@oVCs?9kM7eI7h69+C6gP$Tkxf7ODWss*^?&=j@I~` zec)t0(A03EPPB8-DbCG#t31_`mzb^`sFo&^cUi9TL147>Mw6DEPMvS&O|9m4_dBhf zeK)vntxlj!;QbZteEaiPb635|jqC`Xc0ZtHz!c5GKW#6XkA;1l(D=z=;E*3piY^Jx z{+d&>kEV|u?zFnLV!cYzyp6&f)$F(WZ3(q6xug5bd6gtbE&kE)O4rZ*SDEh06pgJW zc^1L)+e}&$&p)ev(D5LvaA#H3i`U15FB|nD2QJ_Zd@bm>9nra}?AQ07GS$M5&CM^4 zIfh=bPPF+G@cm*SSG&+E!!s;&u8+6x5YHvbhJXee<|&JD!*=YY}w5{G=P1x3;jk<^16clkSv zxIE-j!vB&-pu|Scp#UI^_anz&{-->M$m9Tkq#iaNl>P;UBF=xsj9eu)nogp{jikScpQgyokzpR|EV8pTu9ar7RLPzg(A*>ShG+G zU8y1sQj@IzDGbS$7l6B+96Y0mcDE8Dp%#)8|2q^#B9cKb@~~gxVejDK3*tQXY;X-z z9qbPd`VKBm&b~@)&TOubuWq7lXdCG1=c}bP%)!GRu@~^`>7~epA^CW z8W#BsGde6hdG*h*kc9W&p~QzpKGposu(%x7Y!MiQ_^^ zYx36|(DliUw0!yQbDzESS0!egRPgx@VovgYKk>8?1H*YmMveeSL8>F;NSuDO2G z^FeQYqU+C*3133P&Mwa?C^>ScYu2A6xxEX|ovM7={@Uqv*~OjC&AEq1JU-3mXoeOA z2Tt{?8t3KIyM2uAOn2+8*7x4*Jakj)x`Fd@&vV(5j*_2pmp3J?Ql5A8;;`s1B3~JE z?vcHR6vo|NF=WkL(PXvi8ESI#Y>dN~S06}P+1Vz0p5JCV;n=gj$r){p#(M*F7Q5Lt zHeRo8nmMR@$f)GQV-AjfRdu?>`It-Q1ci;dLbG#LvW_o2ep(7QRPW6>G4Ix}SqjA) z6D9cD#;MKuqi|PBKWUufrN(E6<0_Smf^T`%y0o&bDhxfg$~c-w-8}Q~nRS=@**4WT znWN(cxye}uw@veeb^~Q3N)N9dtAF{6{cYFyeJfKH7nzN_8FIjWhikV?7lQtOnn$Kt*JLXr6GHR zaLAI~+{s%8C~8h#5I0aXdD6<4^ZYj)^Ll!%*8o;6>8sJy1nNoNgbiCJe8WV2tS?h0-foLFGEt8K+byT0%A<11ZCy`0QyH}^gK zIjwirT=_Kjb&prEuJ+j--I}3vV#v|)x7HNzEYDuE_Nuk|-7SaBxBIDR2aMtRPKmhq zdHjoW3&yBayO$|1IurHDr~ID7OpON(_A4%oTe4AWgrtPKXwBr^hCeK9K1D^nG}GAK zXzCGmZ1AyyWFMsgmk(7YDOo6H4U6K&9LW8=f9aAx2S?73u~OYA$RCxbzWDW6+lcqW z?|*D7uXf1W&~LiEm*JXoLrgZ92JA3%GgzuI?Bs|Dk#prs^TWH1Y6J>WA!XB@$F-gf zY7|8NIQPD0)oaa+@-bn*+rFpg6<7v${A!j9c$4Y0O1-t?>A}l#M{~~&G#`ER`qvqe z>T|rxt7;bw%Jcu`bJsfI5m!sO|Cp{nyT)#KDWmaeanrWtU-sP946wXAs(bm|&CV-# zD%KCnTkOCdo!MN|uXn(vhrhCOmYr>0p?_p)!SXJd-9=-H#%=nt!QR1X!Q;iArs=~+ zdz{a3)BM&^rc{(NC@IQo`_tc1&g?R_sM&niB41;j4I#_AIvhT&SJ<}2!t!4APrmCw zt%VPz1_r+^TB5dSmTq|QMD0*Vtt)}MN+r)2zIyy(hWvyJJLD(NOiV`!**ZaOqJ{_@+qcG8EW@~Eo+6rBEd#QuU zovGg*R`O(_a$sE}K!ck_#qoT;#Ud5TWhZg$0I68hy!<>vP)qKBE5`7K7 z-0uh(T|P5ZlKrOa<*$~lxfv>)i35zroT+D3l+?h&Yd;y@+$fK$*`|bB6V=# zLJx1JzMnQvxV>n5(GgRrOIe$=_cj!s4&X?9RlHrIS>HMIwd=Uf*&q5`?eDep;fBaT zLl;)vbLf)kBYUgZ{|+16nC{WjmulJLW&d64Wvf(HiPhXQAMF*sFGxM}BjVn@x6Av5 z?a=ozoV(@9p{PDO5*0oNG7oj^7-Zcd+AkA+YoB%3?_t0FyB`U4_`hX!dz%uHJg3Qo ze7N~FuyNHNyZnvMH<^bQelgtBIjZE3>5XfTbJFLwL`}HVId#3dt7~abNA{Be-X^Z* z^By}Y4%n!;sYPQ-)#vlCyyf#fKN)1^2b`4tP&DGB@t1)LqVpbihp6_A9y{Z8_~SY0 zFOMG2N^n@eyFmMDrN`J^(mlz3S)b#ZIN>dpFHFvC9`+$^ZrysBS4-LPU*m^H>o(3m z9jNz2zG=0`!~PML*+V;CmK|)JD|00AUgLpRBR}SM{}}0{v;V-%>Rj0iJhR{lJyzE) zN0}7YTrYVvzi{KiH>2V>Dm&)A-#I+kK1p5o+@zY&TSqi(w#x*@_wX8xMU5Xsl67wf zY#h@W=*vz`8MiSnFit+oMQU+P$+=@MCiyj$9+~rfjI?)k@nG$wZ+6?8)5?d9STL|c zIR9;V@Qp9WY}bvR{`Po@=}LRIQr{Cx4@a=00^=`BT#=pF>g4UsUtqOiyZqD}+wEHV ze%#frH~v#_um-Tov#wIEIkomWL*^Lu=-L-FjS9(FsB=+TC%jaoqbq5UZSSJI%p%Am z+pKlk<-A4bJq{SNtgfq83R`5`jXuYCx?Tyko6VZFbJ368;|+4RRIjV+c(Cl@B&$yD z2pfakl2gCh&7|y?dxkH6wyXc|JK(%#ykF_m14S@at{)3{Tmq zj+SxvQlqQJD+WDnoVaQmYuIGJL+@-q-Z2dg%rhCBHB!o8+1~dbEZdVW*sUxu%kk6m z?B{q$s)=8BAm`Bvjgw1lLmOo`&l~c@a%)=9uoM2Wh6_#z>f?<$uf9B)=fCI60jtQ% zi$cy^?Wo_#>zFP|*0e3&KCR<rt*BV`$6C4-E~XvJzMS-=N;U1a%s8i4SDZrkNV$y zJ+gHEgA9Y?2Fm?@t}VNy^+mYf;HtcT%`OXp@Tqg_NtLmuPWi2A=32KOSgU+F+|glz z>nQ70zMnPC>l_cPj|)_op5VOT(;~?wkv(eahudeBz7M(H$nN(njH{BSIOW?RcTaz% z1%*6(<=7sLQErJEuImcGJfL zMj4?3dC?4&(wGT%&7Mg-ex>zY@9r&$*!QVlyCOWw0x#6IYhAjqHGcN6m?sBwE@|w2 z?o0OC3@QBIG6j}jx8?xd|pLs z_j8{(!`O|=>oR>No6NjpQ#E5=)19C}RjUu5D=Ztfz&)C~{e6gqzg3hlQ@6e8nL@{r zxLeO!mUI?;E(z9s>{F}m#nGAa-n}xaaiyi3-O+hnaibiU>{L)VVed1-S$PmocEHgq zOHLLpSRlyX9HHvw*AG?%^B?r>P^?|=!3#TTo;RMal&eKs$oXJ*Ta ziYk`W!cCz&ryQ1kB+A|yvvpF<^ZBJK=PWczT5xK?S=rXFxtSf_9_yW_j6FKTbp7jB z9r>GNWcGwO+PKJ^k6b@z${m(R^YX`{siKM~->d3fg45d5CwAYheYsXn`PY-Td%=$PHoH&v;s@{CK+BW@B%T9dW7ic@URwnA@hc{*! z#Y^;)4)2*NA)OHr|9Y8D@x+taI+AIZE_BY79-JLMy1(fgtL;bne(`VJc>C)~*+{jq zG20Y88nrfAn}}Yi%#k{Hw%}gq$?6}kExXH~xS6;1RoMDrs#&y(h1;hyK6d-31=a;$ ziPh&pL2TFRi4ec@iAnFjNI$KQhn}hO!57D29*4<7&K$>&jsGKAT5KOj|1^A z%r|lIPFSGI%oB@5$rnSHu4Qvs*cBIW{Dy`7wHT7Qy19d$c@b1Nkz&$pa6J(8~{Mvr36oCn2ktDXKhLNlB>*?1#`lLqX9TCi;Y?MQNc(xd{{sZwZ9Rhe|~YKu$~`bBT8uLY~l} z(gKjv5-0$wY-9-d^&UF4ld=-n5YUmM0BFXWRsvEs4FiDlft^630}#Ks2?WQ!w2Mf9 zedUxE0GU6sJ!9W7MFALD1o<8&It1*FKLUV#(TG+8s_o)uM-Tu;#*Z!*@({2dVWo7FNXonP|MeLMwr|C35i0 zIs$;D>S+PQcSrDN_=W=62YJ0n<{u>rUP+HARtMsi$kD)iwgCXlDbWImTO#-~r~|Aa9324px(PZ2!m$7-MmiwhJHY^;4lox( zD*+<$KRXgf1HVWLbb#F?r3Ii`B7R8~0bsN%ldq(pL%=V<0s!m=EUg4oOT_kK#163U zmeB%GEfM<^5(>b`l*zYM&>>)ZF$%zJ8mX3u9c)AZurAZIL!eqBb|4f5VB+4v)=9Ag z>>w=)z+@VM`=9_2js+ClkkOgZ3;{SW3IKNZ1CfB(pTQGq-n39uo5XMBAW-NEr3Iku zjw0+-D3C>jor^`Ea1ssPF&iMoPDNNL9fe|IW`JypYezxIy+FtQw!qmcoy zjS(3F!GXaOYQ^X~WFE|rCyZj#4v=cuc&}arp3&|@ZfcII9q)0B05IBp(9MQCKy2GY zhJZ0-+96Oa8|!$E0x+^&w3jeh0<3uv0zfci@Wcp;d@BRh265F205H-9`5Fcafc4%$ zWWl&Hoi@a8U?6`6S2DI2(*jU-U=iGbMa*_!RQ)7%3i0L~Y>p7SeM2h&#U_Q=4hM7~ z#7?2m0#J5aA^!P61c2EzQg&M*k#*q+iL48FB9@wv5$WZk)=bt5k$(YD%%r01u|l|o z3$ZPnPA}x!4~TII;U+C)wn@Vq5a3c63IKOAAtawdyp0KfhnuC4*=9+;LV?2L?Nbma zMqZM9gb@QEyrdALrnDNOum>TL>EH+%WjeUzql%aWsNjh0qNn0$xfJJbPJ;*VIaI+L*cc*AIMA>bHkZlUF{`<55R4ayTQ^<^MlFulj8iJd& zkl7|pKAwmI5LpNgXxELqPa)j6g+!8rBg9&}(G8H?>lA?(Kn5y+3{-$!O#@~jfV-oB z+3rYgiHgEQDk;EDFruKSvq7I2v1W3=R1B0@I09z$lH52I10blR0NZ?NwMN;q1w_uA zBVd#>=aO5gq7o2UXN~~dCut?1ShfJ`MujL5a!~=1@&@mS7(#&UqO|Z7yBA=4A_7mO zl))20Eo?blM=dL`4AjaD(T=4W7?zgGaX=l3w^Q!_0?i2R?SS zfL1CBljcKT!N+_BEdXU#=EGbwAImiZ4e=p8=QE?{=*~$VAeMDTp%}%S=!Po>K)5?T zmdd6b7R7e?kjwL#ad}Eb41PKpXoFD#n~S<6@(^GWhWJ1;0!3^Od}aXxrAh_>h#e09 z4m6!!(EJZsD(LR;PoN-k1cL_rbJMh-6i&^DsdnPqD+nkYD&}ixL8+Dv{U!db7g_+S zWy4^F4;?e{MHwI;qgpQ)oqMwWU{u6sl#=J7(IpuGMnFUdNkkTC?O6ClJ5;K*!!$kK zsFDrF`^fF!P`zNm9wGtuEiYOLs8$TaK0X%qp-=>=Pj!2ssiTawI-8jzsP|hk?TN#w@Q# zt@iOSI)h4uYK>Me6f5RIj>KbDh9S44Lx#YEku?vCtZ5~nSTPS$D;}g)Jd9d_VezmF zrL>?FCe4E+i^q&)p?V}OP998G@))HndDIFZ4;J)!j0*ZZY6Xx7gKr+A;G2h95P1kN zP0GWl6^#;ksD+CG5QKn-aUWzp;3)wfBa+2K7mFAu5%u!0N*AqEREvc{KaWw+&!g7; zcrcT|V^r1RQR{v@>~sR64U96;4uNW&SP}sRV3Hc*p<5PNiI8dW7#(!rph{C{;F`hP6aDweLLRkt$Ac7%hfy%ZO0Wz#tt`}?6_zA<7}ui(pxPs2>ka^@~A4D`Av$;!*2)n5K~$GY=zyw1c7UqA=snW0djdp@Sz60TMpUgy}*B zOlM*MM0Ofmh4cVa>x4WJ+mldjFe(pVra+bjvO{dErIm$R#lw6jDgk7NJVv!%%&x^` zA?Png2{2GbZh~67daTdpKoxRBg&VcCR>F-AIrL)W_)6yf)|klb+@kvnX| z5Q8E##KpKHtt^y00~hAaxG-a)cj?0YKQLA`dNXxh|J;sGxkIRhfQLA`dnA76IoE8^yE-oxKaWP6qJ7~&2 z&V}rY%Zz=Y1cz)OFcHOtG>Qvp6qgx|qSpPm823R|1*7B?#^A)HBAf%4QOzGCeqsPb zWX)xi$-?*|831x0ta6WR!(2$HxG;IfWmJ0OQEPWxn26#+V#CFV4f;cH_>3}M7;z>` zkMR-&iqXXejKqrp5CH-gBRh14Nv-U0;h_dDGm1m4>~XQ27CHpzIZMjjT%P=FPKBhwIykv&tZec)s&0RW4M;5aU$ zVNqB(I3Wt5P+ig53nhmPPTmm!FkuBwDKe3TS^?xhUc!N=sKJ>p2+wHVs8vC5APEAX zGe|c;Y6Xx3>uTU^2>}I*df;RXe1{qx*w zUopl*`{Rf*#eN(r2WD|VIfDR&)H?8WZ z>k`&>IMDmy?cHgis4EouH@q!A9RRgfiGM@@87k&9X#o&@lXV5pwcuZ%pano|L<|6$ z1*1w0ma`WFfQ|t3Z?qCnR|-7Bjejz zz=qC{jRo#tLfOomA+_?zhR%?U6@6&6L9t0Tbb)L}1s<#nL>>%`{MpPRe^g>I0K%l$ z%seNxqR5760ygH3>2!dqUrYjGTVi8Qm==IylWdq>U^B}upp#9O06JGTqth{1iBJpx z4gvaZHnW@pYRzOQm_J}M%O9YNKn#HJ#B64TC2GwO|1LDLDi|do_|%#q8zvjrjFJs} zYR!-hJv$ro>@*g^r`8PFkS^e#HKzrjun{)oAZ(0-&;n3x5@QO85;0;!3qai`ArWCi zBErUq2rU$a0kB~n1bkczVF0uM6d%uq$rbSB9!3BZFV2Q!hs~%4gdJ`m8#QE5Y>YwC z4S`xIWW$^Xn^6%7JF`KS047q{jEYFuQ4cWyg50qgm5#6zB4PjpV`O9XC|Vs*Z4#D_ zK$8Sy8WHQnI3X<*)jA=s1IJnkC`K6;KDAN^*c1dH$O)(iF)=eVO+nTWJV^uw#t49F zr?8yFhP;!_=u8oI@`x-8%&V|5-btroYNe13lQnEc$FQ-(Q(_XpNygGKv=UI*CL1PU z*o=}ed}@7=4G$KvF}jKv9HVp$pIRwo!*fe)M#Pnm8Yo#Ckhp?=&P;5BS}9~f;>yNO zbknMnvWv1{?TN*x_Jp0sBMpHC=_-p6UFD~L*r`o208I3-AOpqwbI}fq zvY*1PTpYYB7cBtA$HNv`0DxHbEO@Dt1z9PJ5i7;cx{`+q(>r)qE?W60J1YyOXjrf) z#ezJM1#?R*MrXG9s1GO02Tu|)>&1ng6&3>^!XUhr7GmSfs2{Z|$b#u27Nc|#pIQNA z!CO`=NCH`m&J^*fwLlhRZY)?9V_|fVZU(6pKo(40u^^j+-Mct=_bxxL4#{C06gOWpcsXRlxiRNGo1K?C)~2Z6S^VO?NXGRf8ft> zrw*PN*)FB-2XczIHUI#+AZR5JXD9#w4~W1M)C;5B9Cn9^tXSf#3&?pwP@>KR-l56{ z-*|yd)4)&Six@mXMG&Pe@D9~8?TC;$Ad5kGY_&B2az8F@6hR{Rf#y42Y-gs1@MFpnifEu4}r`xG&926 z11LCU%)C9SQSw9)-X6d+T8QXGhylP^C62xTC`JRM)EmK{;X5#RVq|rcdLzivL(3tk z0f1s;IVi^^4~y{K02J;t#7SQ84$dV;7wF~^%@&KnL&Id|&(UQ~1|YmRs3O26L>$fq z@1Pg<20_f%{1_f=1@azB-9Uv_f)qfD49RR>3#LTm!+dD}r z@F6mUz9AlhnP*3XYcT*~Sg_+As8}%@7V?*3P=pbR7#)|zE`^H$5Yvsf%%fE-WzU9< z^1u)nZ6lOwA1JU9ixY2@2NWw}=GjqFK^_c|#sC1Qis=S}N-PEdwE^9`h?#q*Q~=o` zqWT4%;B-U2A%c8Egz*hpNh$UWdjbM@Mvj0|9|UDdV*kVY{~>B;Mj=p3BWn#Z6cNTy zXa_^JVn~2QkO1NB1!K%t2;OI}c_hinm1w*pVh z3=`R6#3X=2fOH1$R7j&C0i})z%E@rz8Ko?+{u*RiAc+wXr)U5ulkE%Z`ay<*90c!% zh!`P}5dlw3oFUdgL<|&_1%blI4y}eL%p7m5hyuW+%ZS8aeNn_@fg1{BOCm;@4y>^X z843~>5s~u%17x!03Q(6R21O835#&fBj3d$N3NaorC^$f(;snkcFxim=lzWS85u`36 zqD%zdp}v+*DoR}v{281#Mr9%a<=!FyAV`9U$aH{rsMcs@q3+ZeVL_}3G9wYA$`95u zh^%a)Tmzus3^F=Li}f55gM#zMsBj}dHA(`2O(VfM5rPki81W$iIwfLI#P%v=#DWB< zp@;zx+7L3zZwOHPA_KtmgpjDkfMKB;qMdHaPK`IP1k){q#0Kw=Ne4x#RRREl+~NH( zX#o(4#fC+A4I#{12pLsn1n6QWL&3BN-d2-V7DRS20657Q_n`$q=2Q#-PBNq8L|Dfz zG5}1K2#I128+PafPmG)mrGCj4Lhd7k*%`cRC+z?!Oj-!JkC0Kh2J2}iHb7!c3t?_a zh*2wAS*TV_RDQq!8MzorO%t5>B6eWBwJ5S67?CHe*Bg0QMCAtnpe8^!7}V2>0YJSl z$^c=F>&O6*G6`XViCM!_tn-~16kG<(C=;4S5d(nBfKf?EfD#um0JteYrX^&?w9sk~ z844zogcy;dof!&y5W>Wf5GIa$c$-G>X&T1k1MhyiR0fu7DnrwQojTM z&_@xMpTIk2!$STq@~~iHMhJP15b_)$QRM*#IN=gvlnWA|QHt0P!4-gIg=kHHvQxu0 zv255T7CfP06)hBH1qfheML;yT0Z@ca1&oq90!k$loKPhg8QyW0PAW>(5&#f3E?|_2 z!TOexR4jn$69J?2iGWh8WD8*WL;%w#0+>D#!1Rd#@)7}~Ye51^O%wbOv6uvm5-9>o zB@+M;*2Juht$*+T4}tZbO`fK6!u6qJfMBLd#Rp)z9ysJ|Bb zA!6m>9dT(TrCK}8gJ4>qJ2Q)oM@#}Z1dJ8XNr0+>3;>Hc0_fDS^@AjI1z6RH7L>xX z1u!Fm?KQN+LMK8@D!Aeq-Dnn|^G61Ni4?rsFESYD-Z2kCFBOGx3y9Ml;OIG{%?+ik zVp0(#5Mv?q5>PE0I&cAW;CL@!WPr>ZILgb(Qo)>u0M>;Bur9=`Q!ut>#X#WMXM`nl~Dj)xqz7~r`8tnw!(;FiHpYI39dKH(bFvrYP}I}HH?5V%Xv_% zjCg}#6o3&4q}CAykV4>Hi)n{I;U%zFF&F|m$+Q4eE5_0y=n&9JrUjtz4cMy~+`C}3 z5UKS+*r6Bz5EF`bCTff7Cx@7POc4Akl&?9K~r(-31N(H?=A7%sa-o3PvQda;x&Ve`Ar3Iic z57@?*4cpj)C%6_E9j3r&HF?m)K}c|g2sKt@_{>}-wekpi&jJ9#5#YUNQBbH;MlCt4^#4ZH&{d}W`2fRdBmHvA^2)n@oC`LOg zy1$Y20-XbF*9vZP!4(Qq_k1jMPb(i~=f|$lAV@V7$6x?I+zMLo&vDkSqIKw-L(rS&u z)?u$sHnU!xSVBciJ~)>!RL&4YzHr)hLF`G-u&d-B;EZ$}k(HhJ<;=L=8 zcZ?3P3DI>-mK5e4nYEt8K0rhUfFTOrITDqR$!3Io!AJ~>U_n?zMRct)I(CkI0!a*t za2Qy3NV@$V`*IQ)0Os}Z28_tCU{w|G>WIE093Qh*kyyTv{6nxPig#B;L5buAY~Bcd z9JNlmRe^dGF?gs5xYgsm7m*)=TRqmtmtIX21_hfag8Q#T&JFAKj7}arbcXd`riZ8a z54;B=kQ6ps1W)LeMym+QI^x2@Cf*kj1!bmF3YWs$6(Rtz#0h&Pf_F?p6fE&fnkd*I z5daWVhIdG$8!EMK$|dfN0Vu+dxL8;~3xzCPvQ#iTh&MAt1`Sh_c-KT)P(;gQP*^F1 z4G!6`!6AT$GGjN*XyFlciNO=w2(wm)SUo}v08Ri_lBAV@x+-AG5$}~q3qZAd7%#xS zh~RoRvD3i5h~OO){vt&8Q1Sqwe`D4c5i9hN0bm&r?}3Pz1w5F=WmIJpqK-oh6wVtw zSA~5v4cSZZ28?u?q}E}%SY(3&FrkfDd5kO-^tG_9A&>={D3)WSm5RCopx4E|$A}J) z(FrT8Vkjmblm!M(uva3u(vO-lt$Y+Ng?$PXl?rq3v;foj(P;g2pn?eBiYu(4~+N1M^JC-!iI$VduoiI)ImkKvNR}6gnFY ztVe+!JMdqj4j3Ig!49N}{UqF^nK=wG=+QzU<00z`9(VzVFBuJs;`8tp zcVG>IqgYTXI6&-}3;M5&43kjO5nLn_yd6h>Vs(5K+N;1K1&;uYR%4t>XHKB$#>koqJP0RubO{0$_b2#+v3H$WWmZ!5g!o@1Ug6H-Z!z92+CuQ|tSHcoG2c zhzH(24gE=Iw#*_qYV{xQd4@p2Knyll1Mi?=GCIpCM3*LctwP5KTrne!Q`aiYO2W2Y zY}nQdJVE(jniTIEhKvY0NbpD~5jsdPh439*oG=;#O9lQb{0->snRRCqqI(`$8_@gV zjm2n9nX=CD4qRYtu&oz(BIILXZVdfb)M#koDeD|I+5(`2!dS4vhIj8m;Tf$S>L~`; zI}5aUBectcCn;Gl5M$P)3%jyG(k|Wv3y}}{ExgAT`i_`xyqOoBa;T>rU^gpZbPx&# zIxOgv@TOX{@CXK3dYIP48)(r2Aag(lfR2R)9SaLaO3WH)VV85nK;clCr8=qS9$*J9 zuxQb(igs9tHIpTPfdp*(1bXoi3l?wtgv>8=9kBZpct>o=c=svf|AR3TY;y(P5xXet zq6OZ;-+(a_Y|;h(6)rk>xRk{#oI}l=JV3au<9(SBAz>(kw|zq2L4jZ>13OKDzkmWU zI$$BB-VJBLUR8NDb=3Rkuon{Os|clsPJ{)cEZB$%hz9pWX0*c*pFA#Nz<)XZU=8Cq`QfI!3aj#O@7TC{zTIrULJvB8Z3u zyu)V@{3N586ICYpCy9g=@ZS)M*!clG91)RK1Mkpzqn!mrh2$S1*gyCooPmNT2v3A4 z;2kszB18f2pf)g1Li^+5JOZ#3Xmvym3cQ2HK^ZOoS-l9V#;|Jc34+kJz69i$Vve1UMEEB>+$+)+9pr1u;-K zXd(*+K;bxu%VXdj90%b#z&mE+K>m{alf+gJcp)4IqZ*J1Ek%eyLDM6=3jjq;k5;>g z>|#*Rvax`J764h>WB|gQ0122)1$Dg<78xJ%|Lw~jTF5Cb5z zA;Q=L-C)qQBL+a2l!#Hc01-+;$pDZpz~)CFPGq#e(2al$1%0=OIQ0Uc7|jt%gTvAFn0F97QYEncw zO9CQ&Vrv#b(jkJR1Mg=D}r=EM1)@;xj+yqyq^&*C}ju6TMr@2g;94!tho$X zSCH)B{fy`&K%KT20Mr%6plAUoECco~0yz#wJ1|NS$Py4yGyp&+o>l^?6+_A-VpQW3 zp@c+C0=Va3Jd9QX$_@-WC4nI@THPo!BTE1Yng}Ckv=Wf4Q+KVpu8{!z2QJcEsV`j% zd?Xt@EJLgcqk!tmoRsj}o$BW5`g|>|VGbVl$nPWn3&|!?C?N_Z1W-zB-v5SKCWb;j zut60_14u&1gL>Qll!ttB<6rWyae4j%Ly?DMrc`+ZN?>r9deBYvzr`UD2C6us|BXVC zhGeo-X}C%}LK>7w{I@iu&6X++AD8AYC=_W(=1Y}^rNkzrLH)pgOG6?ORB1T4G=D*% zNb_H&EKp*@xk48yCJ*-bFHU!?Bz77i= z>^$uq)D0axoP3>?z{d#%T3Q=@eH?5z3>%`q`}3+79xwGqgd}D-FMfXe(S5J(I`{d~ z>u(3{s_!${e@n=vsQEtU&-Yu{J|pvaKvC$qjPoBH^!HA`HTc`Q$alW0R-Kr$!Y`=j zmw)e{PYo>z#}hm%$~{7-Wz3oqWv;weIoze)F~6s)UZLiCUROXz;=G^j4>IL!VxAVQ zI<)N6xM_EMe0n^-SDbkl?(J|p?jywykMmN{(LI54YUc-t@MW8a?hnhuP!d#iFrqHpJP-|iv#hGAPDNobr1 z-V;@l+>muC+&TTg(zq$ZS4o@l2l?#Uaa2O2*pwr$5V+xF!`%guPNrw4N=bC89b+wY zTX5#{jiCz#?;daaK8bJtE$Ne8`iSIrjjiNy7h6ozzmL25z;)60KGq7)I*z6%J@dDD*7N7V&GZ=^5`RAI8t|i2sch2K z%7i=PVs}3>YYYs2zbHn&{@m39XNyRa&sRO`cNfa;y+6B2Q};vMVg9;+dv1q!*EgxS zy^`8nzdpgiU!GqPXR3c$egEcE!@vP?$4ymM_j#DUGtjL5O{he=ZpZch zajKV1K;q-3O5x2y&z{PDTU#<_#JN`2Pa8bcrdTlWmSWpPzEV&CEMNu&Cd* zl@BZK4PXB}Y`p)DuQ%toz1lt7vBdv(=bp$EDZZ$7RQ_@%`9 zeNNe$Q_kyu{V5!zKDMgQSj9VT^0SK`n_qQ{_Kr%fXi4c^a8qM~ldirfW623OtB2IH|gYb0hKM&d%}d=^t)xu-|Z8`sT6?kAEAz95F+8{|$p?w&U28nC%kMzJ`M5 z?8=2M?z471Q`__)!1B$$ud@$)sk}C5n+$J}^80QJ=Y?CNr!De~4E}!N^|M2M8Pf;9 z|Iw%a;lE|-#RXj+-2H97+|``H-M2LtD$Wr7SwAtg z<-5}>Z7oa7kMG(zfhB#nS3eUh+-UJ)|ILbXqNnnGuQk4R2@PM|r)1W03s0$hCC8i_ zI|lqvk}0p2;LClG)6$EMbWvP%%Um~eTT+Cn_k)*TExVTZHYIA-*?PXdmHIna!Srdu zh&q;cZ66{uYa0q(53eyZd)gi9s`^b@aor2epb$>U=BB+{?)N!loH70J zbQz(~jqSVS9k(UA<<|Ruyq&qn;Y+k@u1DG3TUqf#E}b;^@%uaHm*uyv*^#E%vy6Xe z9?-aNR8eq6rDwZJhx4-&fzrvBW1c#%JhMm`b9ccei*N7x4=r$7ELr$jdgj+;`;?gM z=C|%+B|qs_9GH6LKvvZIwzQVJJF?<4T2fL6KdPy%`~KO;#$n8CUS`(3_BR>lT4eV4 z%#Hkca9Z5q;qOCY*-!lC4qTBOC1=;X^~aO$oRbYB8Y8qVJ^2rsE;wJ`+x91@d16Rx zhH2i-dkXC>Q+}Kp#@YSZqg==-meGhXk2vTtaAWz#(zSDS-?hobNyHz%wfmOyryXy{ zPSHy@|Dak`c%46p>#AHf(k$2Y%-~ILw5FLFx6O(*GT5(Ij}} zXB4>b>QifnU%wy!9JAOfM;KS>ecorr82PV;*&V;VbHcWj%qyR&HLt$&!%SYA*~+$^ z(qo^D^iAsBHRSd3_$8x;4b)w2p?quW>P!7~t3szg&NEHq7+Idy_jC^0bf>wkbjmA} zs)z4S7&Pn}IKy(zP>;jM^p4(Gznnive%_Jv*(K3)d}S5#+~XIv1`QF+5PY>>eA7pE zf>Z1LeWyh!t+#@A-Ze6RU^i-F+5y$Q)12Hi-|bW^on80csqVV2^Vgl`KlfdEyQ0=s zA^Ah2(nXi{^@A051Qm3S{$70ESZQUA|FH)R+p5fFelg5yUAHEEv_K{$<>c9vi-MO| z#w=T&`*rcUAC*!Y-0o(Xfql-6^LgOby%%l0dtF9M+4!L(DZOx`f2)4nEbBLA-}H12 zJl{M-Zc?$vS<{-ACa29G2Jcxmc(gzz`FUGknO{9?--ktXnLOIxT9ei<>)@9I>1x}e zls$!WpR+{cZawez;o+QA!#N?lEvl<~Bl(@iGM|o^T;DLU zGVE}!k9?!n#Xox-hbcHWpL0v=Ra^D3->eT88?HP|csQW$_T>d9e>QBAEAGES=Edog zu{9Q*rBV~C0#7$7?4NT`#n_x3x$lcjvybY$qE|&lc>(#GM*I2ucgzheyD&*_gv6d_ zdxZ8F^$87Y>*#5Y{M~cR?Mle?*ER*etMe1@HMi81g@$!BAKR_mKPGFy=>=XFt2TUd z$?6&KEK~7qxZfy?mmww-|6J-W>eH`}TUy<=VM9RBgA=!Z!XNTcS1K6>=}k5y=V)N} zpY#(Apz)}VN{875JO2v|g@#fC4svJ*=sD!)XrAl81)_!>CFK8G9BSM_5=R3I7ygDqk%k&`kfh-#5pge8DEMz_$Z-cAEa2hp-~O5+1vzL& z;$@Zwh&AvzrvG#Du}-R`2yjgx;+ct$KwJhi%SARfk|scDfDLB`&8nbCScc}`IRG?G zMnDmP6EP)!`E!aOWQ)cBnuU+zpFhUZOW?ODe@wE`1xU&Qs|2be@f$e7i9~RWp-6_h z$ise#hrNS`uM&sNp3UK_8@hNn=sUPLIs1YS2+am3&(uxS4Q&HG{e0DzI|TUR|Feb$ z@=s!!4YVGK>*hbgLeND+JS?<|ewjTwB++J4^_H0$2f~je>&sr+{`pQ|T74hYIr9|@ z^e(w=HlJ|seEx}3-eDo?MN5V`C0n`K&V6-coI%6g!ib2E6EB)v-1K#Jh0WLWX(rFk zoLN=0N`3U%EmA8?k`5}RuWBy4E8}_Ydt^uSs@}R4uR}IzYa|OX75?-B;D`(JdFXbmtWarWH7zW=uN56 zq4CD%`@h!CSY&x&$_eH3u1Wn)UE$j))-B=3&1NNAJx*I|xZ7YwoWANrosp9U-Cm-< zy;3Bze#jW}4fQUbcV0?v z*j%mFOK)Y}=X|Sq((l;wvW%GRS7Qz;N|aq#6rjzP9btU)*1}{vd)JAHniVj; z>&D!y#-zAY+H%Skmkq-tRX$c3zFq(D>Wz_a)Hp`F2B!|I_ey?g5zu2=T4P3!FLY#tMHI_2F#yZ*ktvs8G~+HNd$RW6J(yb{i? z-OX|Pwt9>4s=GPr;S073G`4HLm>!d`UMh$aZ73Bm;@+?P9QRL-(0P-XSUrD{kNN6bZ4J|ND?+9Yd@YwbqGR>GBWdmPraEY> z;>jLS6rNKID}M2`+bKk$rzxUHvqbgP-l1Pt*2K;zoHLGhW%J0>ADq9w>)dN`_~5{f zTEW!Z>-FDvzu1>ht$uV;aKqm8#6d zNpQo?doB#9txXV}etAr$c#YPT%%L4gcm3APlYE;~_l9HYC+Bl}lFax_)2JXpgOXGp zXXfyL2EF*QLsQ*~Pi~zYeCyG`_g&Xl`+vAEnY!6Ly?TqOrQ^4aFOO$Ubo%jb(efNG zuf+IaXA1A!HU4w5ex5XEok+QBY}&3@!)?vDBUcs6MqHgZh&^(ztkjR0e>VTPq&2yz zzV)~Hax?jf;iHx>UgzuPt`qhFn$9X#?>v_wXbiP5UNu@OI9-}zT~-=A(_ z$r_SyciQaz$u6wQ>8tDNFX#$dmT6!5#yhvgs#brymY0X#!QqmfSFQ|N>wIm@YCZSa zkN*s=im(0L(&S@fU%o(JpZ|>75M1b&Hbi$Y*E=O_N5;IPk8LkUgpW94As=hIuQ|H8 z+BW3Q!*3sK-L5yS3awi|W>860$QC;X+uNm_88fyGI5%}pm#8Qro3s^ZunmwWUYqXXJV>i~T*sBg7_F z#(2*M@1pTe%DU0cQYpLd=+9)YEGxLv*mkk_d8ftGr8)&8Z!c+{c+BR<%M{K9jT`oR*4_h8rH97{DE0aArEgJAtlOE8t2G4`9^=M!$vFl#WMTKAUek&{X|p>Rqes{ZnVGyZW;@ zwER;^SO3X|rmCjHcIB}ftcV87LD6?d2)910eQ8!E=Uu(nP-(u^vWsyyw@uwYMNun% zfc)XiEgs!*Z{3FmJTM#gF#lE9{+eNfhPtHQ>~1pE*|N+3d3a*}qapd)3rd91Bj38%KIPsys<3az@2-8)_i`R_{Bg)w zE140i%h_z-)3`2!gcNhrS_Q`s*h(xJ?(!jn;)ZD8U8Iq zQzZT5*7&RQ^KI4NnzR~THRj1r%iX%`+Ip9cepl7r&DzwJwEu1Tlqp9RO;SJGdm!J& zr}(qV=!u!z{FoJCtaT(DKnQ(JbY5EYRc(Br(;bMcKcjxuwBd0$eXI~rUEI*mK!F5D&;)XBfD}C11pQye%b;PlWSDxGz z=*kP*lOzk()a)I0cV3COaQ;O9;890HW%v59UhOr$uHm|IYgt>aRF0(Y;KZfF=ARuE z5SIOUuiNMCAG-Q|Gzj1g`W&~Qu|(_8yN1L5@&Vu8b~^rA%6mKKw%pwSM}LdZ#G~mO zEH!K^>fSHauJ$;->Acq9NDT)YZ@+2gPaZYANo>3#FGy0(tWBPNcYGs1HYeokEJZHo zgNnO$meMJYt=oOBR2YA-)SLWqvijFy?^j2S`LMcb)QL2Snq!>k!1aqkR{W zTCY!=rq2l-8l9cc?)+Om`i`x9|Kjyg&!63Rx-HjKuR`zBWtXaH&viYmj@7K&Kc(cU z;$`>RYw8U(1rFOw63XneJZlE2Ja^yj!p&~UaT&SMaKeDruF#OwSq61h@q#%kYtmvm zQ(JoPTy@aw;Z^Ak;wDL^9JzVZ!rMSie&`BiJN+R`gAZ(Qc@cJhl*YQccYSMFcMB%T z6a;cJrj@<;(_|BMdUp(We)&6RZKKM~y@F>c+B?ExI(|=BwspXt4}bO={=8eaHQ>o>kvJ#=vR4(F~ndC+C|1hh9Z~{(NiWN4@Utn->ERH*X63 z6LcnN?!3b8!k{Iw=O<^3wLU&-^NI^XMeTwM&$JVJyFE5v-@Ga7!n0}luYNX%6@-`< zS|(bz_^&D|JUV~Ena`t)T|+jt7*4%f_F>+S2%DFEN+yg{zTPSO$M3tg#K1noRO3tk z9%hnn?EEXtTo?W$S;Eb#mZ>)c#0e6q|@1{sKec-Q);{T0vw3j!X#jPl@b* z2}HhJLyczGT%5iC1x8#T@*NtghW@G8VaK-qGngUYpdqS2coFDte@&5s63d9#AOayG zp?@lCP!*KFCIvH?CdhL`#6j_e;<--c z?|ZIW6s-2tdim=5i&1iNkq;j9yxvn?I6b*>NLA;~k*NWht3$g1bGLjQn%CQz+ST3s zV3m4grcK4dNke9?s1I6k{&nK--vz5rSj}$Aoc>Jv#H_+$ha5Z_*S^y2 zVs-DP(zP{?`=ZVqKmB5S{J$HO#=ya!) zo!z)Sp1p?mW4`0^w*!A`AC3=oD|oAuy}If`+~KkPihd+nAKDPw{UoyF-o(b+p=v3^ zw_Kl4<~;O`(&W1Gi*TL8Oj8r-7T0Q91#K`iya`$dN=~w!>#8&_K$Vn&695niG zI`Q(;ttN|=D>b8XdaeYIxOH1&-elcj8b(|nudcSs6v?z{M zcXZv_-4eOu=SPJ$?pnS(FxkBRl5(E#UHGm?GlHii-e3*dH~!w*7cYafB!}Ew&2I=$ z)AaBhoK>K3E-t<4=|KJ!8Rtuf@>`$#)tk<#ju<~`_Iv}K#NdnB$72>B*!pB7%So}< zrLB=5u0{GTQK`5%yEjf$MP%^ORPTq23 ztoqtUCFKP?F}>8?HNDtDRc~XfaOj!o-r9+SjJ=Kt)ScQ4Xt@L|@tzPmqpWvDmq z9lp3kQ^$PO_YS9Z4ddefkFm3i%4%x@Fx}E1-7VeSp_DYz-QCh10us{Qoze}0bT>#y zBVAG=_@T(XuUtRx{o~TLn0@B#nS=A}*)!v)|uCApg;;kt=Qhu#C&UgdVw6nX;&D%lD zPtj6~wAHO4gQ6bMfUhZm?dezmZpi^DojsysgGeP_Xk>~t$l$a2S}VtT5H~MuL1-p6 zR;d&CE3}n)Bn-SjETT)(?+VRuFmm z2-QC8RKsQ1w&atZ=fJ)`Auv2Ws#E zjvH><;h8vbx{dJB2)Qu!pT}dj3Q&{j(iql+ybQ&?i9Fd6dY0qWV5Lh#_S$c*WhN>y zg`(BZGu2FXi$2a!)yFxiN|B-SVWv-~*( ziSL#(myVA^lv4xS_MsC*oCRNyFimY@)%yg&kwW&f#o|!Yy;*}Y^&=5u*Vu4UaoGY! z$y`eZj-@Mn)Y;SL_~fAR72m6hr(buLU*H*2PJL_1$zD(0K8e*WO|vRM8@|m|2{Vwa zGMnZyITtyM^S$Y{(Y*$Ws*OtEK3O_{zXpC&2{}6_t#hDML&%+{ZPgGVn^Ndp`xqZj zOvRI6M?rtEy)E}>n)t~(*W(T`r0rLh=CA?%yS74>ii&ki z42gIR%+)8G1p!VW@z~5JG8m*X@cz9u?bGGHag&J)64Ro*{_$$OxA#t}k935ZHd7wy zy*whwJSadwNzhT#b-+Y=@2czdZN|o%E^JJljB}>~s+`XzV{Vo}1~Z_#NI%Vjhr7dr z(R%!{$9Qyx_yVeNpMcOI3YyX`V=b#lCYv!5LJ{6pf`mpgle`qzM8{J3)mtJhlD?JL zmmou#2dPy9=tggA%ur0)n;e4mLwI2G%HZW*@cFlgDiEgUrPFuH2wL2*_SBtQ5}a9a=$Q^JYbazcshdWFdZ3VB@f7+nmb)N78rZJd{n|qyMuW`m8R7`c zb25WC+bw~@O=4x_eZ>?$twVyyhyRwk83^M&Rcoqq_g861ef~$G?(S}#@*?$C7;Sa= zO0NX*lvN1xU7wikG4+^+NlV+by+e%P_8_2JU5}P`A9}13W~UHE+9!edMBU$_3TeMc zov`v(->mbM|kqkVT@I0?y{}w3Dt4WF<`n4`JO1B|a zq10@ELG{gZ+ow`KRS8t&OmuH5I&2yA#wx;&YF=QGAQPCr5#03cc6np>RV2q9?*qw` zlr+0IuylKyN|I+fOGB`NJhV_pQ`#FVNWn6Nly78IkbI6^qx_)PQ=cN2hJzLN`q1}) zzg9O7P*0Yj$Zl68^PlZjuY(Hc=r3(u`l4`gW$0InVLRAeK-#=?7#BLt7)`lSf5;9h zgtv03xmpUPQrW*hB^5*e>`|Dzy-D3#X{u|5uHamxrlm(`U3kOJ+xJWqMUeK&RIz4~ zvs8pF&vnwlhu+v{VDapZdlTDr!fBgRS*cz4U8349xM;~CefGt&UL}pF%umBH^yf4# z=un)$vM<4f;wX#9(QWEItsmAm>*y^#qgyV}psKK-JLkguG`TLlA)+*=6T>6zBf>m` zEcje01l+?j_Pq$nN=o57xSfdW-FesO;QsZgen1ZG|Ae1E}&~Bnh{$ygn2Dt zgoRx-Xau#QzK|NNybYSJTN`1)Pb)5W{w83d1FdlxTl~FagIr7rl#N@l918-aB9}^m zq2~O6Joya=Rkx&YCTlig1noSW3|iiD-Qz^7tyi`MwxdZ2`Qw|D{5NlwLB6TbDJ(Sg zv+8vMo?$qA&rCf^^ntzj)lF(M>X%)*RQQQ%_bY$ z69hr8K7WyVdl&nF*C7ew0D}Bo}!)MY(5m3eMIBbOPW1N?~koZ_R1p zY;Ry^uV-LuZ(?YocYEQ{j@HP^k@8ohc$m5c%rycerSB?w@9_NY2;v`?G=J1!K44OY zpULRoi9Z0bhgf;r5a}*c_~YvHZF$8H>iRox{~wkFfJ_NBZf?5gx~2s8{fSE`mBJoKe*ly!bP@1fAskd`EGPMN zN2Q`p)~lWK0S-H25!otgr^*FLHIhxo4fU1-uKu{4!NA5jr=;Cob7z~QL)Wtg156{v zaY4g?>Di?9?eXsO+2b!~;~ji#v(s8yO$`Hvo@sAG4Okv0n26MP@LlbgIPx{VST>3+ z@l2pmelkO$w(u@*lIx=8%j2*8O5eN|_6}N^5=y2Hk;U}Vc~-Uk0zsoPO`e{$=If7GEb>a+qs%qG!b-V)+!?A zngVY@fb=UGn5M*Jf^^%9f|X^DTr=rwOjby5@NpoB5>pQjL4j@@e&~KaVKSdoSZctw zZ!x&y*I?>QN0+OdF@eIU{rCeODQK8aO=E_D@*|06Up75%X=AF+#?`KPL^q^%^&-}I zLwou`;c>}e$oOC(1#9662qQPkOE3<4%t^?tFg1b&#dmH+UOITnS(>rI)9=7i!BQo> z{4`C$s%jkYV;v&#i27gSJ#E~Q8OGMECYC`^R$PFB0_tGTC~2F_LPBk}>19bm7kJwD zzDCTpUH^I#kMIl!xgImq+e*38suk3r>Fd$zUbEu(M~$0xG-@Xw%xoJmBr8fS;ICuZ zAI^)~4WnehAt8&S;>Hi*!mY(z;;3G_%%Jibi%-MQ&Xod{wS}Aot24Ta!wUo|(=HEt zJwi6GtEUr(eIX||v0PtQA1L7M$iNl;u8dYZMEe46Tykh(u^rw`R=d1P!)_A@sKtCY znWLq4e{fh3w$AThbB^sBuezFjS#yjJiAdHB+ouo6AxgpR>Ai<1W8S% zn@b}4-t~nes*=JpIrgT#@XzEa_SssU)ea$Wcl6AT?Me4xC%s<$iXy3H`i~?J51M`I1g`^oaSplN)`Mfkt`{bC2w>li}xPghv zij3nI3OjS~D2^L#qgYhqDZ@>bHuq_f)s%Kr$tE9z`CL8g%`OYSx~%Iy?k9eSA@dM2 zs2HrGwOOY|RX#1_`wT;i@5^mm2ja(o388^oEw(F5?rQ6+p~eTNE4dF`G&AkI zLOg4*U(<1KCfLkW2kNeE9krzeMtm$5-R(Tz>uSEyAjS2kC0n(eavW(-#dnOQU5Z1e z+0|tBbMkLi*UrX+8i*oBIm~u+F8uTu#Nf17tq)Z#S$ps?7-PKoGl7}4c@?Dh<)uV2 z$NbN#OhlISy}t@O?~4sEO}52%1iX@!CJ+@H9$9nAxukIMcpI2Bsc$JweF0a`QTc6K zmUl}2;sskt>pH{5g^27_v=5P0CW#vaW4)iJhC+v6c)sXU@B9sh&I~LNVPTf5LP(hs zBahukbwcNMO&ck@qucY|8P%QOKHcSqV`& zbI=PDc;^IN2>lFPfi1)?6o9%~_>GZqgh#5J4nIAv80%OU2o?a>+k3)RkPi(zI0cN? zTSA=VQ`kQvd@Z57F zi(=**hUDx;U`fs}Lonr-k&U23ebapI_6+0f`Fn(&Ex82=AY+9VVbEhfg&6(ECDTOT zasu*vm4`=eFRtQ{?ZN9(mJ&%lqBzjAoA}mn9Dq4Ije@(DydVgw9?q6bcNq4P=L#3U z=g~Wz=T>hwP~A6A?fN@lTkRPT!U?%;YN`j<=X9mXOSoi(D>pE@gwzj?M+^j?s@K8f z_ze1KLmRYn$8#R&i(;aLkg5p!If1h^Of2>jN@bz+Wt+EyYoPN^u}eDhe+7NAee#Lo z8*0OzS4%|-tz|ZcGGd zzEzAzy@5I2e%7^jN)jntw2&|;z-gB5@Opb{W-{v-3Uvg`o#a&ZG|~Yr7$J8=={a2i ztv9u@Y+qyhAt^R3QzjVBKrbwEQhxDx1u@1vNTWj#d9;0) zC0!_L7iFQ{^A@6Niawsd))~#JwgPb;i(*2WR;lY^Ra=|Z170Au(~S?n*-@4LJp5{5 z<$Y~*bOo6<=Ow-qO6b0X<>5X(t%k99l;`X#m2j!1lOB-`5*rzP;>l;D7PKo=oN=S| z$ew>UMsl%nw=i<_0PCg*}*|)DT#+b>-i1JO8 z2IX<0>02p@$YYWN(u|NbCR8o!Uie`2aRVRY&jO4(_0P$AdKn2BmcPl7>Brlj)^W?o zuX*PWGOWLYrBZxq8p+0Gb7j+1r_n>~PLb|cE)q!FCM&hS zYcfShm#7J+-RZSYh%ZlXgiTZ9K9>|DfS+WREGX4$^ARGF!cx?yVwKF76V$1?q|X}@ zUCr*3T_wzAm)jkuiqKzD>@MgzSZ!p+`*=9O6-S5>i)`d&0gft{6h2;@AXwQH%L~$- zuCkmp=91lk#jBcUc+jAJl%_7N)3wA+Y6D)7pBy-f?}4rycG!ZuPVCEmw0_X_eFcA%TM%%e8E-*042T zJ&c8N=(V=ul85XXHuLTHhTo91fnM#+Wc(ISIRFO@J%ka!Le{$m6@Lo2@0uUngXP1# z_|LrM@0R%`X668#HuO*-fI`;0)){}+=Q|kuKYe~)YW>|Z5A^v1AN`#cziYqoXLbI- zM?cf!zgy*jHh0{We{L8?cRbPsu;S*d6{uJ*n(kR-u@)102n-Xu}HSLW43!6MFq6J zKwrFrVYQCub!wr!qWc%taXbWSVUP00#$4LXf zZc)Kiu6&u!S~ms9Mk{inuW|v^EBe;fs(b4CF2VDrHllMIi`Nu4*6(q*DSTdqDq7LU zFwL0F&;-*A_QzX_FZ|2Ol#RsHC)+t&&*}7S6W=1fo;-?qV)DU38(VCSy}M&MDnyl2 z4THRA3naGh^9o5wS>LOR?OM>R1RC_Fji%n*HfqYyJqw@lnD<))qg$5*ozdcIZ5c<3 zGi0x+EROSkz+c!4!SLGZND#dM-y#J14f}EI@#^Jk1~oOZr%j{n`mx6GCd0tKW{3Lk zWeLrVGzXdS89r2FpG;}xy+}eBwH#lu0Fw()x%l?YC)yH+!yQL1o~NX1WpX$*IgUpM z@+4H=cXun9$7M(`{=+K!J0wlnMdm4-Uw_`P$a)F3-asn|bP7FJHCt26}aIQO@&n z#SOh%mzx-3`RsC;e=G{EXan_;<&wSk;1EW~1L$Kv+_nwZMLwjOGy6WwXCFs2R^LX83)CbD#0a}EgZP07Ww!5i(vm*^RpLaF+see97#uy#H|6)^O2?FX4wWoS476qg(}JIYXC$u z7od;A1|ub&7X#!$IF?xl%+KeSnsHrs!%*60Gv7R@$jD%|3m+f%k{{v?;tk^dH#{RY zZH8h_Ukd8$3YbvWdYTNv^fQyLjKR^9?l;W-ZKBix1lI}$$syX?Hj@rPdSdBnV&}tx zGBDpHs*>j{F62^}@Tws}o8BX8-uRuET};lCdlS|lW$-Z}fpQFyMV~dp*w5IQ^Iq0^ z1^2U_#|6E?*w%Stygg-+_i4?OTa{{GLc+cLw2H9Zp1%JY)aZoy12Bz+98y(>xSJP^ z1=O+$nAHi;Yqk?YZqN=)GBP1%?qwNxHBH^gm&N=O`#StSv)LRMf+@T3PetEyS^Mt2 z8{J1FyJ`cnvz7LEo0f;a8$o0n02V|Aroc$QFsKMMmmxS|jwVQb!IU3C1eaKHTSqF3 z-(W*Y8z_U1P`*o$pJ@&+-53YuL;{IlBP9pUW(XnT>=?FxF@D^xt^$P6o)h=1Q(q~l z1g3heEQpsOcafLg}v(=Ih8XO*@D_8Bv*DBm6*w+zBsX z%(XaqtTo|u=s$ef-a2zhxZF;)GN5|LW%$HUi?9=w3)+aNgbGDjYk<`~O*jVuPA}$l zb&x!f;jthWI{`xp!ZUdrv9SFw^n;3qyc(vKXPLK0Mznk84J7E?!o%QQ0y^ORFM4{! zBjtoZHpgyrS>ry>k+whg2F_pbI^#TEEUSC{J^^~lP~yefi+8g0Nl|g(Wz11IsVg6NPNecMA$IwVOR5CfUZ09V@c6b}h_I=zzkVoWc( zLW9#al1H~|#`SO&9G;5%m#u+7*ZQP9?s@GlE>L5MKsJe}zu#bRg;-G`{%W5}gW7|z z-`Pd*@XgXz5i%<8`Ibag@2hT_78S!ln+& z2E?-U;BPn#@}e%OLQ_=;H}e7ZMG{IIs`bDn-~7#5jWZ!gDXr$;Vc z1C2HcmE?f3Py4LuUIy53nbR`?4mB8L>=p}3jAFLA^|VCdZ+;GxM1c{W2#1O2w9f`F zC(z9C_ZXKdEWm;r$srWoK^zuxuPl%#_$3`sqM;^`47Cdlp1<0iE&8TrokwJowe_j+ zLUvYWGCox9Bl)_;L$8XoXyLSU&2xg2!cuqt^Ov>!6x)h9U$@;vlw zu$#M{KVnXz78fnDuz3~*qCPrw5N0cMx6?N@Ij9%F-1Lh?vP;k_a zyDxPfVqamHE#F0zVzD5VF2@BOainG6WQPeY+g<#f1c4CDbq<35S4#d#&p482RaE6= z&?-YHVnif4XksCjn4%HmWZ)2}s3F2Q{!oFPj-CcV5NWp$SZci@OV@{E z4PEMLv=LN$K`{hBLQz!Jup`6jD9E7NM01>(!YIy-@G9q{p`-`J`hk)o>}> z!AFgz*_WNRKLSy4cC{CZPfKCQwI26R=7n2@tcO2tZPC&)U(_lIS+5-2SQ+H|cq7-O znyP8RdVAx0kY0;GfPn>5|Ep8u699`MOS1O!kBfNk$ODgL_9uc^Pg zevyE$2B^-49ANx`jBm#o|4POxR@h?5w<%HM?ioK~?~YR5JYcJGx#U0$_y_{9vvNw)jm0e#1R;*{la6c-aPHx-QdY+$snM~z&u4rgzxb|(Lj|KuK z@od5V_VxzGrH~Zb;U88s!_6FChpjp zTry?G9aQ{rrRemDTkQ?o4e`#$Bm1jM{PtcKF`#*fuRtFrn%;qWPt_gNRz41SlvAu~ znsYtgf6C-aeW7QQ@Y!|G_id6wRz*pnDhv=hKKSG^k|YXV$E$ZE1L)c;Y>5<;(KSHf z2m#~zXho!x`p_&gLQ`d~{d-tnCn@&P1(<4{PD;+c$kD=tLcw<+ZqJIKQf+@hT&X5J zC?FZ{vr~;#hsgtB(eq}qPJ4h`HEAOPRwCl%m=}1L@QyQzlr^^T0u+z+_Sg3k45=^S z6UpFu&PuXR=m}TEr?O)RgCPiQjFPSYHR0$& ziN9lIw5tutsVFE&2l5EnWNbSZ9U`*FY-mz}Tbl}xdzM5sNz!{fcS=EuU@8qWG-1W!%6g)6E{C?93TDR97QxG#}6^ zmS=0f(ZwPa@Hp5#&|vXP+Ei<*4iDlA&yEN~6HtEoUTs4^Yh zj+<3%TY!vUofB}&~>^4n8a0NQ%;31&WLDAh4*Ujq>?7lbbnM$*w?tK(&Hdgvs5 ztBQqWl*B2l6;I-8=UD@-p*bVB_kNyRB}glC!uic(4F_L4*<7)K ze7=1W^v5gcn4_c0jZ&0gSS8sGQ_XKZ!@bNn^+8xE1+6#d9R)^MLYZ3GVocZM?0?zG zxKy<>kA=OIa}1>m1*}EBylGucES_yS#0puw~ zv&@`N`}t-x3k%igg%XkKFcAyS7fzc@i3o8%rOh6&rP9=aM_2NV_Jfx|$+Cy6s0DCT zvzVNdXf9El!o>;3jJ{PvfZKmw9h~JMr(0+u3Z|E=X~8V?pLe& z%-?rNz4(?kJ=0%-Dyk(F=E|AFqz$N~6IfM9&r}*!3VDr8_a$7!z$%i>EPJ-BCh5-Y z?@)6$-;V~DP8vNTM4LJ=k$p3Y_Mtfb;a4eym(&Os0~FnFsHIr(L(vM`^)_(Mz;l%~ z-dxtJ^}Hg%E=REzwxgsa5)f)g=o??qUG0h*SPZ1Oj=VBN+qS-Z0iRu@#cMrUipG|u zNJ!ZXGTu!U2AZGvgxFT@9D2nMY%e+hlT&bT8cA+mO3clfU-;835m6-&u41f@T3}K- z4-=+Wz9#G2Wh%ApjSznlF1Ke+YKsAFTuyP8&>J=Fg_h`1+nEVjv?N>w4caZ7mlbQ6 z#L_d@obR7n6jIN4eALS^zCbY{_a(dku1=Lcc<_{ z{#jA)WmW_{Y)t|+#~S5I_RcPPLS`Hm5Ncc@OrOAYb+qEfjO zrFwg}sZ_#CeElZ$CU6D829U5o>|xiTf}Z9`qgqde0#9oc$N2(V*iDZVZ-kGs+GLB( zp*9Jt$;-n%3mw?`Mv7daLb4Vxy<$%?ka?Kkhal3f1cUobkT=jzy|9=num%g~oe9~H zy-IeJ+!!lSxaw=h<`YREqTs z_?2<@H|k}D`{a#hI*!hKp?-F*U;mySHkN5l3I~nQPbx5j5ia5?LTv%h!t-@)xvjOs z+>1s^5cSO@OHs#0iJaCM5Je*^T+((RY}Txl-m}4__{Idj6`w?Z7vt)lJm%HXVSMYV zPP00!oo`M_7F;4+QVfI`SJsGwrqr=|atu>lc4|;wGYktiMEMH$(&AJ> zL4A~~k*!L{YxE2cy{Pq42C5#?M)+zy7QmHNk&%mR&2om+pjrT?SsCe^ITlCZfexPR{rA;+%V~L0OY{=@TxClsA|K_EAL3BAPXR z)`yM>__`)>hzeiQh_E^HLXDLHtZ&1r=IhmoAD-ZH`jnj|xE^lMl`Vp-a&mnE85(|; z9V$LERo9KYoSO#b8UNTph^)r3%K2-S$*WH-L>cGf?$NeJPP-5pxGG4W;0F{5R<48eG>0ourc2dRr^|QJBhxE>;okMZ+PVnITg_8HO#tJE2XQ*X7>{DuSsSR-j z;)ob1KVb|Y+XFSB6LxTCdbQFeY{S*!0*|52;;OLx-rTIcq*<83~1Z{0h4HFD;<`jEp3)dp@>aYxGr z^ec`dwcvsNnLG1QcjY%2dLY_}vee%*7GUq^hhg$wCXdS6fb zJMjmB=|g&8VE+4J>TMU(p8@LMwV!{*$G@)gV>Hiwc>JI)7l4WWE}i^qod<{p*y;H` zgLKbAzma~R1t2us?!}MV&!1(mcU|g#-O2~jfVA*kn&mb|XSk2?|NY^Bu=^v%r~fX0 zALIYK`~ya~d;C4?{JS^+B0R*m`*P<0um^u&+rMjg@20c;x|a{__#3zUd7t%n(hn>F z=#}?&{Fw{?cWJ<;&flwEIqte!15~}<~m&2%?F<^OyvfGx1@<|5o}^W7Kt4=nxB`TKsU+nxH+dFtNd|4z8xjWzj4 z!u3a)Er9gxEI&Z3{df6?F3SW+wf`>u|6Nw?yV<_`;_Ynl+rNExrXN#hzti&Fy7Iqv zm=jrY6f{I$m2m;cKWKQ#KjjsJfM z0N4EksnfIGx&&Z5W(zA6F~pmFt+&jXr{I@Om1VVZ!HGcl!9K$NIUYg8sDgq5?HQ#- zf}ZY1A1$XhxvrAg{nOomwD!*oHWG|d6EN|I9v{#R4?SL6(sr}AKTSx+5ci@Y@A?Bon!uXk67%Oa){Mz=eZff9->f;Ed1XlD z=kd;JZU*?{FY=!t;rT0Yw;04ol85RSJYn=f&hHI>RT~Nx!_0jw-g}X7^fClU1D^(N zZpBj3$5B~m(uIZo7KaN_yCRV2IFv2=iSf$e5mL>OtEI@ebo|QALeGO@LbqrujXwYt zqY8319&VoP>dL^-sO>U}P8^L=?eTYc8{sfMby1y#)Vn09?|qSDj_U0%2A|kfi*bF} zgF1P`fP?obnJG4A-k4}~La8gP?XZV5LecO^qOb!jEQfppxU?!vOBlyDWm5{^k^-cU zF!|eVh!CnBDf>gdPH9+LG%V~n@wPuU|@R8pv6j{xZ**kkb_15z0-XQXw+R;n`Ad%@!)7lchz zr&1(53qzpq)gK!oMVUck$H}M~jWyirkfBpNQ7C2Hfc#}v|8N)lOlLK&#>Vw%Z931G z|I=VOteR=dFf)Vxebhc!ZYCdPN-K70Foy6pjVlksN8q7aMx#B{CH)GcGBKNKL+y?L$q|~BA`SFLfm$O4 zw4oOLHTs~B(qNzXa|3bd=#3mGms2v%7!xH}aW0@O>y(*_M*&QIZ{eTBJc4*CWR{|+ zl=S-SV^)4dn0v!gvGj~RSM)%eEytq*jcy?{f;r*$Umoi?%UH+Ie*P@Mw*A_tQe|0r zf`o+Ps0a(hYItu7w6*F(0?_*99@VJ0k6J$Y6)%Saaql#Px0SX}QC;w>#CMTU3`JNi zcB-HyNvOjNv|dvTMfnIZb2BmTC|Q&k*#&CiSj15a*CBSWdwE8moM$uS%xdf#5X^5b zTC8bi34Nf2Hb^6RFH0o9Dx>3zFX_LA#4(YP)Xr}L+XH$YhnrbCt#;`+4XKaS9W;bz zIQdaIZOE{?-*k5Uj3XkZOF`Hc1-I;3&^AMgk>~F8@WrPA8HJjDx(?3Mgoi3bEKGCtUAE9cJA%`_$wrzGJV*Sy<((D^^#cPncyx-OW^(b6 z&Bj|pvoePB(i|F2&F7UHgNB2&B~6#i&nTT@#V$cL!ejT_+-laS9YNGY3GiuVEyX0P zO<`qeumq|YGPSBf0#<9`INQVrTCbpOHDcJBb43W{SI=MD7xTMT7YlxpTL=$vDmECD zvrURc%UaCpM4S<3$&0^wchq3gYPx25*0`s_SxS<0Jqae9%l!qjm5H?I|9+-Lh;!aK~sHv zqyguzVzzJo`r3U_F@q?GxtS!PSD$JxRJh5^m((Hj!?OCUOg}Rp7zO$=LE^z((M!$v?iz*54kwrbWTr=9nGspJ) zHQEgmQ!F)td2+sjk`K_7@PaN}K2RL=70$;q4)veBqWL(C)^6-+bI|B7`!Z`&_Egl; zye&FH<=EFAVVfa<7L36q^zJOHf~v}ejy|G-3*^K`)+g{k@W2wGa)f)O+dw9> z_)QJGzg!BOD7b2Mjghr?r)g}x+M>(|Yz)pU3(@dJ6azO~qfK)Si%I>IXp)5=9_=KS zdIVbGh@3et=?o$%M8gF8SL=xmRMK^pZpOYF*Jw(ytV-Tu3FRmBZ+F68colRU1s_yDIY_bHol3rWoD8@4TMW$=89=l{M-htP+V4isSddfJ$*o)QmlGTow9Y6@NPw3wK3S}!zHqOkxwlr}+L&HnaLyE%llHPQG8e7W1qj*e*Pm3{|^7}`1`*|KXAeyrntAn4*>bqhaWuqffwG6v%h`udlUS- z`0w2Cj(Goz>VRJOzzyzL_rELx;EI1D7y1V|MzvdVLA||wi-E=RQlK%FX&RSOM9M3W zC?danB9Nr;O~incf)37NO}G~p_NmYje&Z%6ZcJOc;%g)qRJ2!PWBf# zxClAzUoa*Nz$+9- zT6U&55#e^O8h?jx<_sUBh_$WEl{YDsfG0(j8@7`i(OLjfZL(}F&bFH~caRP`QwG9m zxbW06%_>m~DT`HnsYxLDxL1Ka)E*~EnHXgu)=3zU958ftbMSIBKjYhC z^`nK@7zqwlB|Tq-rpj1nh|@Ch5pNjjXD7xq5=ye##HIP-;{M`tTgVQ&&``sfdNC7t zaaEb22psSzz{opN3dDSM$k8))`JcD~6+a90bzD2&OXoMm5K3cB!>N{=d)>7mNY)fZQmbUk2nUWJ3aue6isH<&DUv{xssrpS<3qII`YyAxDe6Op%3(NTgeJ>>x z?1XwAW%f*Ijw;K@)v)rBr3S_0;ARG@fYllU%JEI43Y*+zASc7}{oylZhXpek*zW#J z__rqf1(&eRkC<6*{yH$Upm9D!`*MLOzlIPCBabQqJGUs zp!*7O9~ul^7sI7;@l?=AN2dnuLw%eOOEq*1pD0CNJdd5ZQh}20;JM|O9qm>*=1&N1 zC-{U3JG7&(lQ*U*)~e17x#T{i$u=@B;7`%FT8PhaNX1`+@w~M((q?Jf5-CCv4p%~i zFQpPI(%3z*V!-f-OoL1#=IqSfQDC*RD3T9BN?D0=C}gRvsns7qa{#YI-x$Fo>U0T&MGN=%e|b zzMm*;RHE6YeMcmJE-)W2@?Zj{Cq6vqh)u})t@o%ZqS`FQ1cO4KcRJxt1waL)k_bHO zqFSpA$moff!!iOv6>iflOGreuFU_uZ+?S#TQV?KHO2qEr{+h>K#e_!Tl&$~3a# zvl$9uV^M0P_ccS|)8`Dp;R{xh4%6MAX_Rr-;htG}abA?;&q8hI+tu{2zIgncRgGm~ zUmi0}tB=WWCu6TE0J|#Xi*GX_$OqI!>IvkAV;ZrsM|xYi=_pcYQuc`p2wO9Qk^X#h zk=XrDi9OSbVCtS`dXh#IT8eyyX2ROi8@7$$74q#Fdrj$mcJ9u@+$Hx3n@2yzS;yZ8 zmD`74alxhw*O*Ghw>%Nq_(@``zrViamn;zv~zd`iB*wuiKh4t*tpvW0C zx{!LqZlB1PdXrFpLd#?{W##cU0p%h)BMJ&{Zo0_^GZB)R-wc*rGGxsIXV0Z^g1KSs zvF#kK;m$G>ORM{C73DN1dp8x0__I>h4_a_)abl7gTJ2Te&O17%`P6%!b%4L4c4)l) z*Fs>3%a}E=oWb7owe^uoKnT)kJSW52*n((r3g%(cEKsr}2Ij=)NML5enFUdZMawE| zOGIvG{hp?mpJ>5*vE56w5tqovR{eCANW#!chu^A|y0wg3%f<_ZyzBLDL)`*NCydaL zgn!S1Q#x*a?zdN7wuch`?9E0_DydYKP@-W+HOq|G{<5jNyMyCf)&yS8hHI~|S8tv& z3ZIteexg*R=4)vc4w*JOD76}znyzItwyD!h)A;ImiH=JbW;wkx$0yyLFZ)a?cnnr{ z31;rH0m8J-|I+y^?RMyh#86@G?*Zh;T+{pG;s;3{fSZAAcjI{f947*XoIm5dpEm-3 zEB?0@>}T##sCaH|1!p1=J3CW1B9L56MpR9a|ria@Eg@1JRA^!Zl!-%@-F}JU!MKI z3x68&9ytE>>A!Sm{ih-C(c|CO0rbZQhWsn*#&$QF`j3VL?9%!$33$&U-);TC9e&-@ zzZ$XLHWm5@4*osbl8xhz!oEA`&)G5mNKXNFZN1Ot{v2)jTk!{qJaEe&WY2JK-QPU@ zf%pT*yaT#>? zn`8PVHTC1C|4L2Wr?&w5IQ?aU|DT%zZ0ICG@H4#yu*BcLX8vz_3$T^b|A#~dRtDx@ z(_3?v*ldXI)5`SFSO=UlXhtv9Kulz~hJ-*NpN@im(Z=*&nJIu3mexR%`f|GN5Lc9> z9JcVHlXoVQ;ti7>yAivQn>9~sQ+(=R@5$zBM@P}{ny@^G3{okYEJ5#9-OcgV?ZH}} zR_RS*)MGmMaLqTP_{8EAkzT?kB-5K&T4%lH_AeSu#7p@?yBsXwiBA0!3Wo>OuWK*G zw)voCt}YRDvRhcS#FuO8ymLu0imKMKZ`e6|$)fw3mViD5=AG^!@fVDwp0}uYy(x6` zehatA=*9QJ4V*gR)l*Z+p{^z%bjZX}cGQ^9Laxa+uc+ksO=Mq*4pIfk(crAa*=@wh zr_es1?m;G%5TxfLw#E%CT+!+A54|B&%H+vF%qdi2pY-b}2wE-|558ckF!uK~4cow~ zEvJ!~K}}~MvTtmls-Mc%CSBD6A{>4PW|!hNYt?1=$wzx$ieZsnubQoVEUA>Z&Av8m zt{)VR*3xVe!|2AB(|1rN+svy|!_JpwFz7Pv*>gQ>H=nxo_C3%V{6c=#-jdO;SL-hq zS>I{1#pehvQAv(*Q3a|1Pq78m+e#;e`&uXYT(!}|!j3ywKI$J4F$7^=Y__v&tIXqg z3HB9FIhXOV>T<_%9I@@JThgVTZ;Y2(`HHxN&;@Z^cuDK1FnbYHL3#zbW98{!n+08H zL9$Nn{7ffijYGSE?YnH!1~yCtgj`I{@ssM!1Y}$DQK+}FH=Jc~PdOAkKznvyJx4$~ znZ~(brptb=Jy2+k%u;DQ)_H=GDh7I%26Ocd8b)d0NQu2AO>R|@>|jaGz_ACsWPl{DMqK z#uzE_8_Z-ui8ES=h>3W#pm|^d$RwOiHukXS1U6YgqDo0Ql>>9qs`(1fLHUxzcI>Tb z)j(txd+d7t2?*Dd=wLfEukbN+s^CRJ{5J+F2uy_Qqu0neo9KbSfUT6Y)Lp3>@QK}RCO+u)@J=RHV)p` zayM506DbZyRmn%tEfru_mXhS)Hwb+;-HB6bRASohSa4)Tq_|8^yXVFt&NB&D=Lz_X zyB9K-X{w2XG?}xh3I-Z!@dVD4!(Y6`xUAW>@vKnc@!6)qN1;38o_$Q31=(In1>dSf zA4Wb0)m8YMD8oGULV!Mi;(UrH-&fl$--iMAs!7zG_?RPTx5j{WGRV3XYcwW@k zD~8BXId~YG?)bVGLGHR#EltVc4OSL-gfiYJl!;&pX$Ex;U^Q*PXhaosWYq7c3N+<}0qIRVSkz zX`97k?1&+(j%uFMs{^A#Bq(pcqI{O9+04>12O|NSQ(TJmSn*>Csm*Ov!ur*aQp zKTFR3i!^{2{vpz5Vf%lPK0TJPym2R{Z7*pAMD;2+v$Yqh#`l366k#cx{A&se>CakQ zI_78{PW!5Lie?~ZQ9Jtw5;!_IRy&;C|3}$XhgG#bZ5jaq>F$t_I5Y@|lyrA@cS#7S zloA30lF}vJ-QC@t64D(4AE4ZOuWkep1pm z%Z(u`D2hm?C}XJ&Gd0&MoBEc=gWIE;rbi3S{kx(pC$@E1hOj}#9%gQUlMAe9_zzU9 z-Q(XEwbbP89%a%RXK4(ID2Fc8XuvJx?v(9j>nO+eSNDWzr(=p0?JOJL;GBsyyT;> zT5fy83ki5KZ5rlOMx3~xe^14vsl|+5jtxNJtiDN94umEpSuyBbfXyFi(`33oElqbt`FX zm7NMu)=Qq?wlZ1Ke~YU=pYaCy!b}ab^&XNfQQX@4HDV)oIKA?>ZI@ES=F}knfrvR1 zp&<+=GQyWg6sm+%U%kDJWb`{t9l*kGkZ$W1eO($ITNxP zxsn+>)M-6e!&`=WTAzfRYV>9$;(*#Wi|D%!JWQ>R2X0G$PYQ3bl|Afgy#mw7khGHO zixBbzrgANj=dygWFVa316ho!l>^_?Wf6a>dAtsbYmcjU(5FuBvjbDhA=Z(YXut0w&tV|+-F9UHN>?ms zVcd+J44EmGOI`dG9#|yg#5&omlYO-8gs|o#FQes=wgne`|46xbsd5g!&zZeh)}L`s zyh~(@Z<)nH$4WE+4XQK(&etXN-zWhZqK ztuIFHT`x{I$j>mvDU8?jgAp-$GbD>JXS{|R-(#Q|tt2_sB3z^ZpV3Zw&zc5)pqM1(>wlyN?VEgbY8=I%oY6{=AK5 zUw?cPlKvm=cl-IBOZ>c(3_oe~@8G}QN(LYTb4P!E-U?vwofq8$-zU*G{Qu{T_z&oN zE_mw)KkvhTK;QGhA8zndeEbLa@0{>AR{Mtw2ll~x{Qsu}`439~a>Re(j@KEDU!%n8 zmP3N5uCtl|BIII^jnCVNFhR(338#~1jI`b2I_~;>dYuuqFK5%dE^t_R@nSTtKfnInBVSAsA?&vjE8XGIa7^xnCpH(O z*j(;z2YZlF7l6hGBruDi2}bsS^JNek!xsTA{{8EVW;0CmNG7!N(zXb_QML2X%EydC0)AuUcPGvV(3;D_RGtc>*4QX+bkQNy-gTEJ8U&4k;`|H}h3 za`@Z^M+HW5pBDG-82%AnQ&vihQ|Oi*tJb2A;}~TlY6-9>+9B@o$s$RFT20XYb1En4 zV>lkBZy~~pjXj7vefd5t(6mxbAtyDOM*xxu1+cg?Bc+A3K8ufOn_^0&8`0$XNF0=a zG^mn{gVeqX%KB17C1goCPd-D1$JgrRFGMk%7$Pco@&FZ+AZbP!3ll|O5ZMfReqvP} zm2eSLkBPf~l)8vI^*r^gvMy3y24mGzWZgu|nGDH&KJ%xV*Z+?lrtJ+sQtZs!ZF;q?0S%6Wqy{2Zn}rmGMMJW1hikq`r9Y3EL9 zVjU`GiD0;F(eB8h`RLNO5&Ay_^(gS6;UyzTNF<%$lWNvz*V`>iHa1Qb5ro4}oN#x0 z3qxJ*Bgh#HaI}NwOcd{~h<|i}KWb`x-zq5Kn0L9XAsptaN`LHaNZ}-kapHt^v@f|-2693R zss$xLMz$u@N9MreLFKbkM*94t0-YhC=5?F(p&jn}CrR%Ld6AQu8ZT2ZSd=x7vc$aY zg0`>k5rg+_X{-5hw=RmjhEP=!X11&QBu0f1d=mWVZWw{ z5ua~enmx>nNj2_J6`vK~{1l~UObClcl_!$(?Hzdt!mei&KA zUD|PpTXbyojkJTF6WJW63KA+B#DjkDS$~B>Z)+3mAY>iDp%T;+q#ltrSrSQlevQPm z@o{Eft7HUp<$Ksuvyd05<>~=}qqrkTwXkp79*znVo+VoKMP!D?0(|gC6<&~4dKJM> z=Lps(ERt`dI8RQ{SQO|fQqT3TW}&>>A|QT5T7&PglRA|DS}nMW_K?N2^m2Bc=wW3PI-1#QWQPptcTm<==Jd!s9cx2Ib3U}~ zBYz>nHd(Idj+$)PC)X}2&#w~;02NBZXvax^4&&X86q^3IfS!7=!Vs{;V&TE{b}|ju z=X;Y=W^06b&Cu)=Xw7i|{GgDQO_24s*-r!N=HZf*`W`-=-J58#{pLm+wXL5o9ACth zFvGON55;54JlS3fT0CN{CASzp-i!XM=*@Isbr#`phM85HtP1I*!yu==p%b>*;Z!oZ z)N9*_VEEA?-*;FgAOEaUn!=zUO}cZN+o&j{bXzUyvvU<>0D`fG{s7z{KY@c~oYyL3 zrhKF)i-a#%@JxO{D$7y50D;;8e#I&xBKlc3-edAuq!qLJfyO`XM~AKkt==L5RVMKVEKcckHiiEt*S5~!k&hUj=BX#7I$}o$w}dV>*bxBq!_l)~`T2 z#cWtmG<`q~MfBV%1>>Q#wCq+$=OfFxdBdW1n$3#kLUD=6j1y9MB;@k+prtO<&-jTi zVYb@)#rGeoBG?|`1vH1_%uo6?e6w48(phRmJ2|FOAeQ!baWg9mE$e?h(3b(gd{YR0Q||otp}x2O6}HgRx3D9mVP~fW zFaTFSU*Gi`lmGOhzo!K-0{*?G8u%b#272b3qU!(e#6ZgA`mif~A$?;*BfIM}!*3>* zq!ZJ2vb4ARmocwfBV3yXXjjJdwE#a6_rwlR>ulEB)5Cr|TR+d1`X90L+e+>`$G&lw zd+=YMi{Dpr|K-$w#sfVVf9=Bh%b))Y2YM!Mwbspsy1yLy&+waX0KHfM47YXYcY5p3 zc%TR3Zet6u&Hs8I-ZL7|1Ms)H`+K&3fc;X3braUVxz-j(Q9e)sDBGyI;5{eb_khyRn| z?zz~HYrlJI|9SSCZvea4?X};%u>TAP@~~S6zrOOjwD5np=|GP5V_P233;Sn>kpJMX zz{OSnEUOuqSm}S2)sq&utw^pbibX>FW5IcauG_}10b(j{?+C#Ws(A4EiQ@U&r9tS> z3<8u+&*WxJ9dgtV(6HLU%Wc1{SHy7GJKI{9UY*RJO~=N>S<=#3x|8J6komLl1Na^e zE_EB6pANbdIN4vE9*uIHevR(Lm<Ln z#$NE@mL+u42v0UZsO9JvX|q&waRRc8lsYjH!!2k~imkY(myX4Ru<6R_#ht0VXfs8` z#>_R~Oy7-&Pnwetc%d;t*BQfrd{6ey!ume80sD%qj0IY-VMWHXSJ~rPFOD#kY$}A= zHQdTv97#CkCxG zJ6T_n8wH^wgANW_zl#(%23{jmd50MUN1FHhDj87^7{t!lRUavkDgBp(X z>GB4iHW_?kR(wA>@+zSieQKLzxR1NwlZZswho-gT$&hV#kc6t!wZX%l_umL=&IjSF z7}pJ@I%wYbd*!u07lni~#CMBKS9_qQ*hP(u<;I?kS$B{fj}V8m-Dgq?lG&K89{ozkhBdvaH%(RtoP*Nl(JecB-KTF#o=1DqqmLx ze2zff*fB>PkmEqaSEJHEH&^9r6>41mMlsA-sa8qz-iC#5rss~^G>hD?D_!Qi>57Lg5q^=l-2pGD6kfmGf#*vY2$~>DL5g% z9L$_e5HXc2HpscPxhz71Kvg0YTI<(wL8~#0z==U`RjEh+UTM=s^3(XSEH!mGe>y*gpZOhn~#ym2R>x2%zDY|BAz*ZUQs^eeB$t` z6NE%orXbMU$XHbg=FwNq5J7qn8nkzhPY6che9-2d@-$4szEES8z>Sbu1ifi0pY$xR z-N%J`;w?`{1cy_a1-7CQfHw4a=vB0}(IaXRwNwe6=?m4aHpBeqC=&H{QoHnaG_!Yy~j1dUkc0@mhQ$Su(n;2|;~u$|k2D z>$ep7${y4LH#>ggWh=L7dy056QSTfr$=c_6P?SfWGHKj|ha2k>l!vnRn!St+PcJ~g z^~eyaM0bSIL=9;?dm!R_lMcP7(hW1jia1R8>RrYN z*D|kM@z->?NQW_!OO0Sm875(G!&&<^1_gNvPu~MDHp2!I+U=$ zNLpN0CqOU~RYCB)x$CuttxkFNILF6;L*tUyn@=Wqk24Zi>PjmQ3f^iPC?@T}ml=4w zh3H6MwD3jy9M$;xge^-Tyy)3NPjYaac{!+DMCvDlsw>j}*rR}s5Lb>_XE*R_U zw4j!K9TvYSCKpn+7<8G6zrvMu*E8MK04Lm6Uqc^?Jz#d1vK9}-le06CS{wI(b;{p} z_l^62NWo~xW8EH(D`jqf35gi`!WwQ5%^I$^+q#aX7O{X^f@3?ckyd#tlqBz27H)xz zu?`y#+`Gi~aQ-7}`q@em zheVN>$O)corEKXiyHzzGisNJ4!`U}-)oll}(GjG&va}H$kTdfMxF3{gSDsfGYE%S*eV&VNIU~ru^X9D|r%cx*? z)3X=^=>6SSMXwD^VH46GPIYmok`k`S!V)}9S>>7Kdz%~R1df4sbcym9lB3FOq0}pc zuaJaehb~eu_*gzfoS6+xV!SW4kDkg<#2Ie5-6t(FP$@)-7IhpNXW{wdcO{d29^_vY zDVof|n*vN7d8YKwV(ka-SkR3A+TPv~>t2*9pFinaVV!22f^oOYgIF`Ss>{>GE$6FU zhZigu=NE^Swbivmxvb%(=NFrFmZ`|5@OJNli|w4?vnvn^bz)+#UhNTFM}Atqt;YR6 z^7BhE{C#!FKzMhWGb`H-HNGbg?+Rv) ze^?K&mbky3JKgsqLv^#g>o3uKZ#}@0;@*1xE`Yi%LixjT?um<=c+8!!xmoEw^u1Nw zlNPso1@CmtpV2_d;x?Sb@*|vdE6{GkTX!1g&qD#pjK3o*3;?#97|hN2-v1Kv_!+SI z-*$BX`d_N;?pgWo>ZIGMp?h|^=Y*`l+V|c~ztg}s9(He(U#-o0-;;rwjsW#^XT2?j z`Z>~%=i`4uF08=re3xIoOA+5pa}R!RA;2ztjlR9@e?{N^3Y=;tT!HZS6=kfEV93p7ybP9PkDU3jN7|${VC9k z<<5rxR9^IRp1;Ppwd1ct{BZ2+ssEw8==$409{kS=7r@T=%hBK0C%{SK-1eY|AT`;M zapE$}c`AdA_K_16iBev19b6END2QB!FeNAIVDz}l-f*+H`gH>NA-E%FEW0i3Z27Cj z>dZBt{g6RQrz5kfTK7{gTr82-V8Mj%p#(m(9**`J>b-K@JKW2qbh>R><{(>LKOUu>0aOnXC5$n=8*eL(X7pLkHBY z;rK-B6pbl`E{v_1Vx%&BgF&>k+n*1XsRAM$^vAez5H~vKG@*79cd7F};)sW8N17@4 zzi#!KXQI_l`99#w7nV*=LIFx8Q!C2KF6%7#?ip>_GYN4w&Sy!YJz@63`;6e)3o?q* zltl7s45^GMf*Dz)+kI5yB%wm0@l=;xY{}}~iIkxO2W6kutfw!^sI()!PTnzful?w| zR~|GSrLfBe^_)zcs9Z6kg*C`8l`K4!FXR)Wt&37AqZ4Ji@g9;);y(sy|vW10LHk1 zx~$Nm0d4l31u?}Gi}=HgeRDe$+6=UEA_gb_PriWd>rUkExc(6oXq#e@pI8M-SwTgn z)~r?nK)NF8uU>*{d1o|;gH9cFiGa{$VwpnhfT2!9zs6YVAqLU4tV9GUEnWxLQo%;x zaxPRuE`+oQ3Gh@roEtVxMqbq9j#E=Q+dXTRq?6Xs!fYc`LDl&{l{XMU^%!mzV+5BR zwr*8jU(;a_JG|$Cgtcj?OtLE4s$5Doq!nYQ63_h85V%)TX!W&Qjog9JRhZ*D4C}VT zE#cP(2wgmt+dV6^}9xfHEOWU9)h zNUnC#P7&gu!LKyoqcm@qc9M^=K8de^GzAv+PLjig)u=n>&xg&$@A!gSgI$SYd=i{J;SXYlo$G6Sd{i)O&QLrdodeh7 zJ(2zS^Sp||)`km<_IDR)8^>_Q<1M=c`Ybaa0klotD|!H@P^#*|T%hIjVVRFmu&_#* z;l<7nBnT)#rjhDh+Dt2i`-~HMToFc=(+PqPaUf4$l!$u~EW=ZO@#!({?>vI}z9g|brx$L3|41W- zwap`JR}Y&b0-jpYJPTqaD85~-%wtrC&tADs$3=4>mW;`!pM{g0)iCF3 z!bny6qyTyDlEG@H*yM`~pShrb>W> zL0W&qSPn)IL-+hxXgWJnMyQZ@ksw?nnxJ1RqD_&Oa-Seu$9`Q5_7RFJUQvDfj1x7& z!+J?KUMmuks6!)U@5!+D?p%tKT|CB5L)zNWPc8A^(KshL_eJv*BnRcgYKH5L3+qyL z4pb{Eq&7<+MHoaYJ4Kx8Fsd=;B8Oa7Wvn-5k`DIA(Bwuf%O`ok8+K;mKg`AUR*e;5 zhMJ}f5m_ADoS*S~q0ZHm&RDH4?NrZFtrRMiAs5}8`1&Y{!V5KJY#^N`z($hG5!*W-y74Gh#9`l?7}cK`wHBjI=8(B zg_jLpykm;pHj0Se)RJjmxtz#+#b6mqVfXR0VUW(pw57?W_KV%6k`R|+cN@d5>$5Gi zY%oI5LMqp|$_;(Lmxi2gC0{M|7}3>%@(H4xc6&6_=}n+ZzVtaICZ za{)y-)@IB_Hg#pKV%TS@0^Q$Lg~O1|ICA~Z9MR$$<7ox|%_29%LFcXx_%-%#F(az` zM2i<%V#XqMryRu@FIV+mnJPrQQSx6bu)c(f7&q2UMJsmDj5I~Az$^MzQow1#=CYClPiW|U=9?s=y0%^% zy5WDPt^*0+_uT)zocW(>d0^%SEN5tGr_%U0H%-kNcrE}Wp7P>Z=Cz4 z1SXO{O?js{{@(2Q^91VqwDC6e0hCp_wd7q=<2o7@e%UVjyQSYV0T5Zd&8h$x z|E{pVYrM|-=W&3`;_vr6_`BllmYV*%DS?aQ?~+6eKN5q#L;rd;zf>^ZIpr-6zozm( znDea?{)>nIl8C-vws>pGpAW=;K;L)CUo83a!T1lu{EJUs*FpgRKl=#&5G1!-e}A5p z{Xf#|wrL5FW8FUBcecFMGrz*`+46Ua{B8^L?`FRT|E*u%S@X}c1Nr5RqQ5R;yM3Wu zXAJL5`KK{{Kz?5TufqLC%Kx%i;h&ZJ^TkLv_n3evF#yeYn%> zWY$5|`&{^x@vI4IQfM%qWVBJRDdOM)#FU-H6t%I8vy7D`qtRQ5$sGd7t+DKJy-q#s zeuc~H(}&B^XdGPXF>$k(0U9R$50-@<`J)D}4kw=PT+*mim3_B5Ux9T!T|O<$?b|rU z62uhd4IV(HneB1oe9l_9-&50Kbh>ZWZ%_EZesm|p1$?`rb`E3xk_RHX_KMKEf{eIH zcx9Dolnz{%DX6>zc`D0wYVJleEAugO#iHU^mq6GgW>`N)HicCju zL*l4Uo#|gQ6#Y#wQCiXtB9U_%lVph7(0sj1Y2RPDN@c*0h{vky+oWEY_^!(fIT zv9zm>?ITe8v`4yBD6wG=+qBrAJg#{P%Y03SmRtri(H5JbiD$0q2PYvW@RX;?1pK9D zfuxZ|>9~3s#^)eWM&Nq{xhAn49{ukrQ$Hf6VCp1VIZn!4_de&OX$pc6I&5&d=UZnG6k~y4{8yS}>Qc7@Pats=)g^h}!jwe;EVU^Kan^&L(#Jn*f zW%wbi?1Acp_hOJ|8#~W4qAIntu^=@j)XF|rv-0X)jCwuz)-#f)`<^jK({-hI&Re6? z8{aIoU#q_|B%iUYJ^PAg7>gndOD4 zrxGnq@q8OI>8Q&D60)Vr;eq{( z?m@%-PhyzGbA=rgTDX@*8lWX~NUyRaxzffL*V%DN(S!j9){w%nA#>zJ`u3hrMqUb& z*gjy?kTwZ@v~L^LR`o=Jq@zhkTTf1F%@3fGtompjQ+mLxfK6zZU>ck^Yg>@V2k>>t zV(3-ec#yabU&27*-p)9Ek3if59DJ^aEM2J{>SIBYI(+pLg7~5EyIfj)CZyxiiMF`i|j(bAU_94^oZdty35MsC;(C_`wROJ>O$Dhostl6;L$V$yh8 z2`c!W-bdE zrikR{e>IdO4x8NV8lvN&Ob`+4q!)Q8IAXxni4L9J$EL!|tetfRGm0);LE9+I7= z1g*Uz^MGg+=bNFG#aOmpHm9s^3Gv7}OADbAm8)~pn*n#ZJw7@NSO0=;FvP|F@7#ee zm{F3%4wPWyG$@AxQ+AYK2{d7yW-=#g9$zw@Za?RGMt{AH*Jf-3YaJgqV=?`-@w_vd z%{;?qg4AuIDGzGgX^_)s!f2Y9oWF6p4T}}5aGa*lU1EWeGioS0aEyc7jPGeZR0C62 zWh6|zSLE1i#GI#lJg-b!dhP=rA^21x6sa{EEu;48&(U}Xw#T0;!q_Xmq| zO2xim;}k~18c@egn29QDCTB4+HS%y`glw}4cV&MmX&Ui%$J}w^HBf%|p5ePVb$B0F zqWx>pv}~#mk#*%|nR)r@kh~5BIrL%1k2cZHk<|mtxp5$jzE$;{yjq5w|HvM!oB;;P z4*GBdPl_y=_I)3SaX; zcVy#vC0^r)2`)>Qwc-jY0fNxty%2^kWkC*4vso-_ybf`|X^m!{-4kRg#q?nM2{fxh za(zxuf+^y8o+^(w-8#M2^gzXf*qO@orI+8-bwszpeB&mn7;x&Yd-H|c@uXP~TEWL# z@I6cxjo&m(cwhc)^lMKsV>GIICpmRZ1;Xb(Jp}x41*#!=$g#oJB=`?~lz1O(%6k!B zn4@wMK|FajwxwtDvh0$-{JOc2Wd^%XLqSwXdYo%u$MdHw4V*AD>qSTc#Ol5MR=ykU zHUYv5FE`|vhc;`R(U2%Ra%7wHJC7;Q=;xc*eQ-4>{c=v5+X1w;*WFobVl4=Y{qlGt zdE+l@t9uPS4KB2km{lS>iybAK-pmjn6nLw2uCdX(Y)ExyFE?`*G~_Tq^*bwObQJXs z1ouJ1YhL6U1uUDP5!Hni;s^JQ-0O?ECTP-|GFaaDm@3l;B?H)5q>3a zXI1OF@)Gm(sxrm*RDmH+_Ao(1jE^fMUxU@yT(wlVQzC}8$oLgLRVHrW`xKTr3SF`k zyJ3&hy}{=1&m}OJIv?c!m@9{thnOUe&;0hfsM6WrONc> zkqM4>F<6g+8;y-|gyM9rRmArtNdnC>r|78T`l@Zin{FWK%`o}DRhocb`Y+rQN34Ww zcQo|xU0?q|Ljku3Cf(7{ds^+M%=r;#{}(oTy-W0O7It4>{6dR?qU}Ez<9%8TxIHQM zZaqK68sLr={|5dGuLay5mO<8GoNv-@@;B@t@)MY4t7qjuQVF4n(VO z)#5Gur|bsKRNUF_*NX>k#&FBZZ;vXz-M0NRSN9*r0OHfP0`InO*IX!oQ#;FtQ^zb5~wPJ!nB2Q;v>yHlsXalC&(-;58u z@|#@Oowoh+-1pt?CS3Cyult9&?|a?N+`nMVU!QP!H0_4(`*hV*Hb|?v5`C5 z_>{8SU$A6@oCn`5fTE||ZRP38lU@s!?HpQ7%eKL^&i(ywwQX?XFt5qsQTX4G(uGgA zB3icZE$l5G65#B0v##{kkQH9_P$ck!k%%zb>^mIA$ri+Zet8t}FrJlN-&i1Sm7n>!uq!w@%GK6AfsB zAcuIE*JhejRp72jnMT*(wTcY}(%l(t)23Ze8%sO zu*HTlU;+u3KM=t|5f{FHAC;KqrPf!}{(ULSVxpu~GIe6rh{TCa-~5Qh8((b|@F~DA z*Qt-ZKxS2?=|lt-ylyHf5MzmU5fY(C8q4#%Ds?EqGs;we)JM$W(^I>^RxRdiv64h# zxkJ*og+cGZK#I`S4n4_glT4l`_*?ka!Vqr5#dr9tw5jk->dGIy==1h^5l^&O$JQi^ zwq+x-2HK$yuZy4fk-Skx6)wB|?Wh{l#ix>a4ss$L6m9GVYCB)}r9|UyoX^V0oi9c* zj7z|>bRgde=3k~qb$rqx&7yTtD^)%8g-w}Kh!}nI4z}@&e4Ac37F5WvQ9Ei0W;Sku z63q)L=tZ)L0y~~k6P2}hf_e?mA}@>t&qdPsJ7xy3nu;Ds&!-=NG(7L8nNXG8B6OUj)h_|ajO0Uz z4YV%L0X$S1J@Gg%0QpUmyW;#(7w`#;jDnh6Xei;4&}S4yuZ5YuDsOL}Fl>87wYi#j zP0eDTILwZ37kHD-S6UoRBeK=dx-;!>AK0+xJT2vDCRBCGqW9+i!o_3!L9w81(eq`|(@6?SkKHkhOv$R}81RPvv0BZhx#3zM?Z zzrt)b3GmP;F>u?=LiXNPU>y%1Jn;`C-~ZY=D36(PX0C-|29nb$ew^9y^1T$MAl>nr zmA-bPXD!P0#x#hrLhAjNutF4>O)5?3-PMlKqGsO+x-7A*AlSu>m8+>kN@l{D$=5R5 z`LoF$2`I@PPfPTK(W4_9dPU2On6DHzBSuI^^HWh^7Ld-BPrTVJeAcqNqQBaTamYRuCRqCzgW(Vc`fj9hpot0x$2XQuVeiFq z9g;?2Kh*=G?^}@NNG8*r9A4|3rGYOiwROz%eTox?nI8v;;P3(7HGkjYUwQz_j>A|r zuFIB$`_yPKUByQp+FC!0@lelX;Cpjy4zU0Uft)ny5ng4=v>Dm^lM<-aP*#2-82rb1xh6p+=ga4g?;q9<+8#)>6=q{ zR@TvuP&2zWqxcT*u~5&9X6~Zpey&>3C-?NS*faptPLGRsC%y5)Gxq=_Sobp~0J@eW z2;|w;%J7Dyy06>4lfa*>vZSS%*(M^@Z|IuYmf)K6A&(5vJFW~OIEV#Pls2hmU|$(v z>The4*cCfS`pvDaDHMviv}cdhWor|QA8{k&(7iKQ@)~6Pg6WsC31PLqR*z`I&R7zs zqqw08rsW99X0`1S&vLZ7BQE+(YkLiG&mt7XcYDmv<^-Dpeu33g+?09%giSMDEp9iz z_ZaCZ$}G6faS=`Y;5oYGyo0N0d733rwWPUPB>eGM*;IGG8>E>? zhB+IQ^++phaCAH!)U|KfB_1w2hkagbgd=nU(?kZ`Mvv-qJ3bK+48Tc33Q*3bw@FHS zdP-_Two%0S%pI}{HXm)uj>}TOY2OJ~7}+E>K}|_xnY$$wWDd zD_@G03;P*M=RxbwSK)LCV5&@z9YGaE+6+3MZXp}&KO{6=n}X^GYrZslVwfaYD(k>5 z#et^wpfZryQ+QbXW!7#|9^+(1=w9ka&E>L)j|L0DlIfMo)ay#4sIC<2Y?As}pY|A2vQby--Nc+VNkLbC{0E#P>DBW3UM%h?(7mKmA}mt(}@P*>tSiIiq?`CF5!}mxr4;dpb^T)#GYc zM>Ygy#k@+?^CR6_T;cM^_}h)WmynCO`;U4(yqBy9fBC3CceR*x!uut8`-cHvvn? za3`m4zV(OI+*1)ZS)Dr>@Ei2KRooX5z%t;^==&l9SO)wV4J;yV%m`p)y7~J@$NoDV z@aJLfs|nx?IP-NG^qnbx$cUSK-);ZH|Lu(f_@yfRdMURFvO6LB8~Crbyk7|ZGZJv8 zWdDr6uVinv_??pdGyLWo!0ye;_O~_f6z$)m+)DTR#~)npRK2nH&r$wGRk1SB1FNbb z#p_<=FOaW$k^2*m%^B5e&!)Oy=Xr!JaGK45D0|j%j|mbgD~y2hIu$=;naQ2a$f@ZG zNEV}6f_~pPFJ^!EMK(<$mv*a^z%qBnG82PNAw2x0yMpDD%rc`)h4c<9^=j4ZXYOZG z*&3RzHRrmjuIHP}ncEp5?w|8~<)i#Ml%%KK*-l%XirLH6Dkrllt`7BzHTdF9T;WPb zw&!Qgp6%qSTvaYSe0HVUZsMwGy`}LQv8Phd0T*2#zUuhAJ-S)7g}-{~BkfGKI~yQC z=cMI~{PIaz!Tf;T<@oiKGmSHE~`tl21(OVBVv7-jgipMzA18yqXUhYgMVe!>HNI!8d-Lht8w_-;1T0gzC9f6+ ztLNbePez1>^_5MUk{Q?DH?_ssB?gbknLjR=6A;eQ11JZ-fnm?j*AYSL?|tL7w2XVg z^At@Abconp3?siodAL|$RidZQcb&?db&$=8{V_K5qX8W~XezEGY~4z{$R`Oh4P(JP z@6q3;WeY;-QZ~ivNq;uk&}*X_!w3eVD(dV9*#=kjU$0YqM*y7io>ZltI%c%mi;3rLCJvrotm9M!j_ zzybrJNZfMc;8=P->b@d;ZP_>NZ@J^^S$!oJP0fltn=4s!g(SAJ{@CuzGq>YX#Yc@e z(s?mngI#zjneN(;%abpI5?K!NA!JLl0Z#QMn)cOYJH{Y2xu#n?EL-^m>mM4*Twpb; za-7@{HDA`Vy|SRt^ULJUwSFm6|6-+)v8??xv4M44)027Hqzs+2+f<^TzBh=)bgjRq z_2Dy;myp?MGJ*y6SpB8&T$FM`VrcW~YWx}x)I1h7KZU#C5Gl>OFt0Pu@rgIM?+RGi z!=d$>qCD8`2qV_Ayi|GGf%H8(R5AT|W*(IJcky!UC*M`ef(y+mN4IE*78PK2qAD#y zA%Zkrq}&5_Fz4VvSN-TCk;hV-oY~<^5>P2EKqevWupyS!qfi->(R5(zYXoH;*b-7& zX|Ty0hBQVUS_vQ^R&^W#hmFPz?$FnCQ(KwriwjuQ4bj^j9 zru@`n>dxZV@~&c6+PnZt}qwiGG!1IU0tsQ%2m`8vhm7Xw2KrkE5| zE7DkB^j)&&_vgJ)nX82CUQ#Y&i@bbkXJ<0ZJ5ZTSUY>3kjhD_rB_)}x#xG{_<-Ef} zHn4u_U6c;`=}sM*Z$ki`tYiN!*~i04pPa`Q)-w`|Q2&CbyW$Q=|cw*v-gqR(5nyXJdQh|sl*V%qKZk?7$`5h=Tbk6)&)C$+wbExh|r5TTjIIkQPl7^I*M$! zg(S4EiILgx`7Gm1LK7((*favI6S?umHPeJh$5Ixgy^7mWGYHP)7~;@w$ZM~j-(SaN zuAk)jZW%NW`Qg09EPn5%A^p>5g^zpq;!%PHqS;(jGSM|`UPD)$;A#;zw?g>lKS?I~ zI8ohpNc=KqoD@zzWRuu-wf(GS^XWloqFuuJ)_LfuGpRrm~KWnQX-5DFW|R#35w zU-;$qF=+7RPF#R05-n9;l15n!Q6Yig|#(I3**dq4eOZ+p{s1G1n}w0S>c6 z%n{zcHE$+%t8=7xEDRF(^#qQaT#0;hq>+-={`Rdny4>I2IB3Hl>`^m4v}`2GV6_n{ zBYT5sz!yh`HGq$WC41$ru%X=o?%kHWyZYu$c!3c0guF>o7kS-FkHy@n7ZKV@HHOVf z9?%7mm>RZPVcl82fHkQuHIW=luJDh_Z`s2e#x+<3@=N;Ns?>b&^kf*o+L0cWM|8(* zx2e&?EJ~|jAtZiK+L8hnjd}j+yC35u{~LJquum%id7KW%@ClD90A?|zx?Ec{{*B8; zpEziQ^hBwn-rz4iE{uo95(0mY*N$|1Wi-QAK zGg_zdZ>BRyqud1x)}?#0Px}U7TEspZwmJ)KjPhlFn0|)ZuD%mlw!KQdG0L?qCUha( z{WNR$jB|t{Un>^OhM<=w;%U9v2K4to zIfteVPhQafSQ585L;s<;d?Kw|fI6|S)d4>b@YX+4W00pomok0&%X!PNPMRXSSeNz3 zkQP!voXiN(!)NXl6QraQ$S_;MTJ)>9=#JU~y5@>7{g9lA=8Y9IhMGN#%xXFxP8My$ z`^1o)14*wR`H)cXCnUkiI2kOi+Eb*INHrJ<+TlT}USmdJ&|GlS7pdqihGqViUN6d9 z;!81CKI!ZYEiUP?L)zr#dAYGqnYKJF#MsuVbqj1Mj9%&5BJk5%(Fs<`-2hRpP!AtB z>2}{0C3#`wpX1)ikl2pZ-0c&y!@!}8rLGcL{pu|II*n~M<`;Cn028H@0DakPeS8>e zzY!4B0GM+^9BRiwVh&Z+JhUcYh_1stti&5y`D{*V_s-00b({Sx3_59!EICbu;w?p5 zupv$}nJ)rt_|d69ES?3b!<0+u6fD=+hh0G>d^meq%oMZpaq z4}+A|1(g!~Q%q1TU(DrjLqD7-k&y2u0& zIAkq-g<0QyN8KtF$+q9zcDlFVcD{SGet~|zzPGp4yB?62%8>ClMz@;{j)^;yAJ6emBc+=b)zKinEY?h_k_fKS#`UW_Kw2;84j$gt|h>a z9iTt!|86V2ehA9H)_!kxU_EuCAa47{{FM;>tYY?okSq7ya`vz-hsI zBKxkm^3NCZZ@q*V37PJs;otj<|1!!w&HuYjLU#$T-=Kdr=`W3hZmxw5s8z|G(Eal$ z|Kgkg*6U_lcUSWxY;h}ef2imGNqI8?x#w-(_O|^FaJ#MB`oy1payQ7mi@N8fH!gnX zqd+UT`PTo+Os0E2`tz{CpPAD?!-0MDo^vq#*Fk_=4*gx($#~tmisd?}^lOyqrZLvt z22tQW!T{hy-~UA~GqK-0;Q6|J3@fs0T&_`Wke-U)mUggN0nFI*WHv+qE}lY*iOD-Mv>~|N&c^u?@Dcm?qUQQE zTqNF3UumLg68iHUhjSAFlO8?k=kWY!lgHXl6@nu%M&RwesAYSB1@@-YGY_tWzM$@U ziVVT3=t4ac?4}=9VLVzsDh*3dd4xAuu-uPNQ1aL`<)o>YDn7vX+hi2Ayj+$+6_#2L zK-ij{XS(CdYo_q7 zh78TYN@e>~>j@FBSr%o*_}3!uy=Vz%ovru7X|Mxl0#6Lc32^C4kHyi{5Iwkx;F zDNa;&_`0?8!8`#`9+)CheGoddcae0vdEqyv>2Gc1YA*(?@WP0BhsA7rmRzakn9bKf zKw7mt*yZHxh;#ZMFH0Q?yIU*vq5dCjZynXu_O)*#NJ@8?k^<7*4bt5m5=u!+cXx|) zcc*knH%OOsw~{|ZIp-r^&pAHt81J79nQO1T_S`bBeb03-ns{|kSrk4Y-u0F%>bI$D z!Yv@gR`tX(D{JnAMw4_ZOgr!ltL$iDVc{KmIn+`S8SceP_8HX0Xo*G0f?Aa_WQtTHcD;XI)vNa<{@8w@+B5( zAT_tW6H$JMazYow%O7)ylbcNF1bso62u_aKH8MGv@;x@mQ?H{|o0C>aQYt1c6NdAV zGp+`Hxc3YEMsZ}_axC$AhNZWs6k#PlhWR{gROG5G&C7D_klMF|H^1`|M}zpK;KVTd zGUrBBVof;%G0sBE<3?u1@m+Kf_fbB$l$Z_zvniI2YztE^W0sHBJojiDO}bkCD>}&+rx-rMl@JjYmRVSBB*MkO6Hd|Wn{Xv z&r8@7HkXsT{5vZP@ zmRy=_qHN|$zVZI(AX8C>q zs(uK^3=J!Okqj*LD;WLe_)m1|;X|AT8<;0nuDYX%u^OGP9sN_zr!wtb33DxiLq!6? zSaf3dttpOIJqfg~9H0bD!2|^HAqt$?eP1D|?v;fzz4`<+f#ltah+=^;CfD059^SB+ z5{$)@KY~azSh{f(Tg=o$xIVEa2k*oTd8WXyv3d3Wn%syN^gwQ{!D8s5Njw$E)_=W2 zLzAStvR+riAY-S$_o}iGlj4}&+(Nj{OQT9ML0^IKg{W{Wb(A;V?BSfGRFzJHN(=sl$JOqZJhq61!cXFX$ukn&pk2?yQ0>sjq2 zju)-~?0A+y3R7n7InCFLtbi?eZ(_LCeQICbWa9wua!&LV-HrEi#F`SVbeyS*D9&a! z&iL3iJQU`SVuv?;agz};7wumknKr_QhVf_T@luRIaXf#k zO%sMU$uT3OwzQL%!hE{D`GbCCXocNSo+T{!^5Oe^;ZjimsWb;0vAEC-a*IxPM@#G+HKH5%SHzE3~$ zPHLPx6NTsz+3||Qcn`!Xsm(i$0FVgzPL3grA`C->b+^x5m2#js1#Ms?ek3#!IW-ng zdX!Hj=EET5<(cDE4S8kT)M z!+uAI;i%3g5v)ksAbIzb|GuBeT$*YlTS}Z_pFPb1ccwahC7Hm>qe4jYmnfZqGO@0= z$8j?uFJVOmM$CT(!o&pbAl;+r!jY-taS9y%qW!EilBghyh6BzkS?!d=Uk*nv^a8O^ zGJpbHe+!?>zzRQnVM#gCjnxj7flHxoLmPR0$%y`75$lN>X15NGpbVW4;=qxM$@zT>Lqf(SNFTrXlmKyk^fuP`gj z&*zOy<16?`H5-I{@FkY^?FX$-xlMRp_6?s7qKU<5LN$@pza_qY!ch<}^6r(+5v{aF zojMqJmlp;9M&dKmS1OnnqfTiw?{Of_k-s#XRP!sm%~BJUY-}r+oqT!0pQcA~l!pYo z_mNUOzm!b;I7*-BjC=yiIl)gs5aQa_HdJ0}!XrN-PNK|l*vuF5^%2IDx58L{GCM4E z9Q+f=U9T^=gqDmO_H;~}@ZRE)!>AX*Sk~~$Qyl8DwNxjX>sz#;M-~oSz=R&A{S2zp8SR?!n3pTS*>pO&Dxd5VWCwW z2TYCMWJpetd9;?WDuyFyQ6in35|zcl8Q~xlYMN?^E!Q-Q7spF}pAF$eYC2}Gz@QvY z&JRa9qEvW0uFGpQX^9qAmX#)G12%q0Aso{Tbsz?86?&B*-B687@1AIYmtDHW4 znBC>lP_Lif+W(L=f2mxbB8nQ02HhU3V;0bNdXxp%zPc8m$)%yW%{8ZnmQZ$ey)?_k zRsUknwBPLXB4K{MKddS|7P^bl)^U^jtEo%t$$r3ev5g|_-bWu7)vNFHxGCRc@_Tw@ z_zpFI3JjnUMRV(k`m;d)X-4vI1v&$um~#sZcS_VxRquD|ZB-h0wA{wDm_#bkVtm;lTO82o$SWPF&GcUk>|_WmFm zFe~qq`X?*?LG;61ygd{ByHtJmQRDu-1i1ZwxC6jMe1NU@Z|8px0+5jZLY#EejDQO5 zt(}Y6wBYx?SFI{xa#nZ-!@_3^l*UX>*^9vH6mCww9xWovZ=mEPaytdZU({sV)ZwN!?I_d?aK^oeAqG3Wzg6!%mW2kE(Jq5USx2?@?4>;XS|-c{XA>3^!1R`(A;9)DN%#T zjn9q$DN}hN*NtXzsyZ5w0f;jlWJj8ZsFAur#Ul;10LS|?*}=+j$B#;lm^apF`)Q&x ze{Q0I*G?OO3xa)VNss0pQH|zWD+K2MwNp^!BAb#|9f2x>x>tv1$v<}cSrYg2a#>-p zt}tazEWyjPY<=iQ97Nro(AJo=X)-5zadPi-K0sSPPdP2(UmE3As9508@UpA^vM?`# z$txS^&Fh8a=KYz4w9yqIv^j%y6ipjL?a-{^WhpR&d(+cL3cE3x%fJeuBCab8D2`7f zm|S@DEb(!5_|TyTaayz-s@oT|JRNn+oBbf-l7Q+1$&9?(H$_@`nsgcDO7ZNxkwn_< z60Hd7E8@M`iIsKU0om6dczp_sA#or%^v36@9)N1)b9|1Aq#n@wc6MSOM~dmBmAfF< zyKKl<#uu0IeH-+!A4BHX8$E_h|K0o&@vMb+hO8`ZVQY)kMO8&EjsmvPGHh7xNBLwuafWWDwgSy(u*rae6{wU%tY%biWO2JbU zs$w^bI^M4!qn9lx{QF;Q4Taa|>yzy2p|fm*HKJJOBe$ZGe8d<~+*p04p6p35H!?Lm z^|VEJq%s6{h&n03p?zwe^!BWV28@hM-h7Y*y5ybuIH!%(an$wP!KwhHHKGRv&*OmS zcw9+bR7U2XaJYMWT6R6Gd<4q))E8B#gW2W@mDFz70^+u4CK`ZSCdy^oLNB!DV#lM*cdJ`t>T3b7e{P=6z2}z z5zNoYvngTGC+#xr)0ymDinc&-a?%8Ng5kTT zUar}s5}K50jPJr%>MahZsabKSQ;pzYc<4~mZ=@FYSHM;1=@M*}Tz(FpWE?)-lV{so z07nZXOJ&KtVo4DD0F!hsAy)%JHnL3CU0QoOBTX1RbF3#3Li@7A;e{pMeWK;9WI+PeZdiuB^1_ zlwp**)!M8*T-0C*J&B_((scn&*sl-=&qf+TW-WNVzr1yjAHz1%kDdE4wA0x>{Oh2V9wdD|DvCI^?tCxaR{xCq_*Cd!SAV22Y*PNWoeeF*uIqO(EJ&fA5dQ6>JB6c}uF z6MiR`Jj!P=MYnu!QQTzUq-`lTZsMM%HqbQB_t4L-1IEl?pNu}Q3W_t=xZW6jr8ZS{ zLz=?_UBzX7!ASs2@VHAG}poy)ubWoGWdSjcMRjg-;B=eI1YOM~WYSLSSP z3ftt>BfcGFFTjX;dBRItoxNL7A=zHPCkWq1KNOXg!91VAYzpvLf$EGixT(Rrh=4p) zvc^dHgkTTUx~b*jw=PoxsoPGsNYnoH{AuJ;apEc^k@Gr)=s{iyJ;Z|E?I$~tpanTo z<&2&1Bx96R36Mz~KIrvhGQqGQxHz32b=g4i4?2ENvJ!P{4!-U$$$F#7AIG+CmAr<` zlBzK5L3K748o)UjDZOGj$nIeQw_sJuxmrXRKrnOZzx;6A&@|-oQIQPzMS)BVmyp#b zCadV$$F%96!EuW?Abr#WSqFVIXg0zH$QB7IHTD`dHheJ;5fv_3*jG!YQ7 z8_>f_JIRdQc00s(b51k(!20>a8nmsw=__U7T{|EciDp*w(Qm|RTBx~S@e%VPGO5!J za~iB*9+&w9#DiN5RW>=s49k)TnBhu&a59&XB}OO3HQWX9k_-L{4hysScw(vngpnOG zv&72Lo91xv!)yY7BI8HeJ^pOP*n~Qt0bwWmrT}e+s5$2r!3t|`QJT->EQ&-l>1$x- zA!mtWA4$yEH3!o7n(}YVsqEm;4-!qf%as#NZa4Q!fRmTJKAYJ1V&EfTM!a?0<`uE= zwr;2hEN5rVNY-|oqK&F#8RC8Az#Iq`%C|_dRAHG5^ALi=oJ5=GryTYl4n^%s=IR^j zoN9)&H8tjLq}kJg$dO;5Ygl5Q)+<$-&DWDh&(B{UJ6PA*J2jF=qb2n1^xQO@m)KR- z*Uy{oy4W|oOrVF#cm|8~R9weu@)X0&+okUsSqq4E@wNN!iS1uq7y;aK7{3>fKOy5E z3gcgV7=ISV_d3<@!hbD{e=%VEUY&kFMBv`p;t#?f;36~NHoiXy2Q14U)TQ_CIe#z; zV1538*8q%6@5=c9SWCcK{o#Cm3Yotf=E0gitl0r@9DpBxlo}F{{Bl9XJGk`ioa=5zVj1)kc;;x z(%ktG-#vxD!+%XiKx?TV>-gg`f3M?D1^4fv82{;!0I)1TGBVLpJ=9MBDHUm$sQ)b& z|M!$5n!7_Xf8PARpf5e$gX7chw|r_LRgYB<`mTjy!@8Ac&mL=gAg}9yfA(P}eIHN< zDaB?jUp}eX=rci(5k_D7tZH{vAbxS*l4_o1zVqAU&eH7I$`+{Op`Np|^AWhCHZ#Z^ zt&vJ*joyp3@4Fu+FTbsHCd{L5ZxszBIrk7ZiZL(eKhm4RuXAGic1BkB;l1sf*s|#) z;-kW}ASGJ?zF8B@E$1w}@hj1~>6;tc=2}&-1=K-2Om(cW(vIu0-Ldue^;0NPG%0*q5u5xh|I4obO@_HHMwr@94%p+4b zFQ*xo!G|WkBh3KTefDH9l#ds#jUy?|gy7iw(l{zL_ab| z(*xK@XH*n9(rDJ-y&~heuH0jsTE4Q3g6WjZMri5^wkAuCIeq)I_ko-8G9A(C5 z!UI?-==AbW1AGU#ptKQ{XF!UfmP#*gu9Wr~7SGk0zU?~JLiV{7D`xFAUUkYIQqKgh zjW4wg)CYx*8YP27bL?y;^sRl}l*k~Ykd-k_ZLl;Si>!1c1f8wmk+CesWT{U_TIq=-E zF!XprhBx)~6fT+T8<~TxnauoTj^;i~fyYdjWY{`#YNO1#@HR=Cil;kPc!kCIp0(yl zPf(W4$|8lHf`->RO-iW$?@{sczjiU#aVq*8-}|udUypu^@>F3AD?IkczP*AdTUYG zdQfbG<=}kFQI=C%s@Y^S0A7=|6edPKURgOaK9U)EBPNh{zV0>aV?i+TE>4um$BTkn zA(fVL^f~xr4|Rwf#!_Q)r%wYxWFI(-rjS+Zn#*!c!EN&f7t`5AvQ*NNYFhfRHG-?V za^H|S3dmyNX@%&+nV@KetFHKu3pO!^1^5R#Hh3aExs+sPp_ORU#3Ut5w}O$7VY->{ z>Dd|`EHPbgjgK59on6M1Andn2d673*=him*`qVQ1L&27gae*S5v^#79zF;g+3w)X$ z>N{!BDAWktSpcl&T}Y1OFlBA{^T)Ps#ji5*2(8W!QZWp0le_?7s- zJcgg*)Z9BbPIq zyO{n3_mjjbw=+TlT-Z*Nudm-r?5n%>Xps7f^ETIDG22$izlp9j@$9rBfzxRe>032d zaa-!W>?Tqv{YYuXY=3y@O-J#Zk^WfRVbE+kkeFB%re{%;|}d z5}JVS+m>Zybwp1qiO&ZS$cic;?LNJ6WXB;JdI1# z{0Jlwg_g6fMh->_6o(hry9XO` zmCcE0zrCA`v}efvA^u~+UJG5@WnmRGEtg)(%uQu1f=lnsqMr*qt>2j$A1_KE*c3;} z_3WktWTfNLL9>xh&@OC*J)4H4@EpA6P9X`^n<@w>Iu$8B;%)IG=VNIvR#dy?O&#gT zh*|hH!FX^^?=^vG!4bITBjp~e%8rJ(qvz7uo^r-SuopVe&vhr5&GA&8_Jt&aN#If9 ze4aQ;{Os&!aBd<8(M4$5R<(m)msLk-63Pm*384Fq(Q*ecH*fGc`=i ziF(PX&BPI#X`{(b^Sr9cDs28HTc#OMGtP_6PEd>|!q^0Dj4J}MC&!aBEL_OTxUJa^ z)y@hc3?~8MNGZvFdBgPOILgR71YWb0p2PvA{UTJvV%hxjG}sxmD*9hLyS!2~AXOcR z$}>^Lv}6+o*IMT|`wD@dYeI3bC9KQSt9EZFHYhn6`V8jj$GQewYp|%OPi<`tI&DngOlRc%<*$;7*NDji97-Ff z^7+4@6S-sRiovGv4}QbMw9R)1&m#=)=Zp;onmn2%EuG$R=C;sCWi!=D`|J=$cV-o* zT10M2i7l-t*2)U*-AfcA+pAYzyi7t?SPphM6~6m;PqE|0h2c=N6vXTz3bR&+$n$Oz zxhGRLsE5xi=$)syaJY6Hy5yk1eMNTrRG@f?&DYgc=culHznCC7%j{by4?$8?&xkIc z6^8}rWELHQRi+owQkF?;=18AIJu=2P9?M(j8J`5>wRH7;Pt=nl2$Hd>(uXRa$;Q5F zBwm-nlCb+)s7~XV8t11iP=+}bsjMKFGyLwe$lzuYQjLX)~>CuaD z>oyf?a{EN-j$h5jD<5!MZ*8>0)>h!8sq%EAM}Q}*CKesRIz#tYW7q25Zr2UzK|E5* zMYSODaDX`#Il>hCV$#9k6} z(>~QGwLd#(Rb{+cJj}Ya9tyB!nlN>)RJz^UIWWz%-F|s#P*VNv+e&n$xT;L&_^^ri zp4TDJyy+Yl$qkYg&{$18*6-2#-wZ+lPhh<}uj4^c`#|6Ooki$h==}rNZ}IM*YGOc- z(7T%W&h}I0#osmYUmX75V*zkDKv7J`@c$!RumAwfLnkC={J*5Vzj`YFUWbRv2uLaS zUoh@@;5XsFqQx)fqTfLgu*dcOIKDeI^ufb?Fw7r8JHvOVelX6%y8+;nA8p7#fctwF z@=tjG-6#)c0|4(2*OnIlR{WE?J+P4JPGA1l+0fp(mEL39gD)CC(e-zu{4yI_K^{j>hriOleu@COqCNb~Qn%A9>^=RMmEr131NZo;MVl!5GlbFzboVw^3J?6XiKNZj4YIG9x-g&Oh9_d! zDk?giILVJCkX&5%^^Ns3I9%FUIXhn{p7e(LBg%`kJQtTg(J6B}JGHK;sduow5YlwI z{`RdsW^A(xB}X`eG_PEH?D}NWM`-Mgb%S-1NX3m&#pIi2sfv$olG8E!uP;b06<@o6 zZ=IgGpcGYJ_{&s1a#kWyCEQ6#_i}11{7{gD)UxSqd4s>e{_b6gQ*CN$#?0Mcw2>w6ZUrQ1hVqOyWYvY4cQ|HI$;H9to*VB{Xb20on&Lak4wg^RuxQ$SwaeOy zw>?S@gh9P^<)GYC(4pBab0IlvtKYti>|e5cu2)IOlQ0NkLdjGc&TFvtWnH>e#4a*X zw8YgB{+4k2BXQB2SKOB^r&fB77&7HmsL};{LS=I7#XS3wv{j&bF&(2ycm@Mu^5vVR zmV~?Qm}Lg-U`hA|g=)X}E{z0A!569cq6LQ$8+ub`8r$_~Pn6G-Xj^QEZP2}bG!DhC zh*S3xZ&yI1DT0NlMoYLyK(X5=UILE4cLJp9=L3(95?Kvt6HcB~{TX zyafg>vTPDuO0b$c>9&&DzS*nG#$T&p2W65qunsiwoyDaf4W&6JL$1@sPLoF(p&)1y#M{=JrO5OI7%1kl2DR(b_XSis1|$9A1Z^|w1L9f>P$ zXnVH}0wy|kfnSZsyrfTwpzlKGWnLGtE{#Ndj?n&Ik`EKomBR}|r90)U=gOnXeMke2 zx}svKg#`glV8-%m|0eXrBj4-iU)NvlzCVUsdKTV#(T`jRteK6;hJ=XCGI;SiHXBG5 zV=%QHeXjq?UbtkR4NKOW4RqcfEYO`HVpqQ-Uc_@XRe}>tBQH!6L}3lMSNRI&e3Ovb zYQXA~uU#mYo6acbL4P2)ZD>P4d=~}##v*~u1p}dv_eYmNhb)6fO;MF%S_m&sd`fzU zc$A?&JyxLbi@<>=nS-n~4TnUA+*S-*)17l;t9?^@0&;enO~tJKpp_8(Urr?3&ZE%^ z_)btxJ%O>XmP|9Sb&s#6^VB{4VyML>ALlb<_PmfP(UyKSak0H3{jL)Cpn_;K%Yro4 zh6j5Qc*VfZtBf2}yPE%7jnLP(%4pT%AtaElZmv@+#mO7&^9cG0owZ>+N+{gI;oXC~ z;!>3rwT{lqS*aCfgtP@IGa?|kXK%vFv0b6ZlY%US-$n@yF{o2kWWDT&S*%~+*3#9m zpWSERGiG&G2PaG_T%pR5#X+H3EBG{;(@8|vt5W#>{Up+nO}2EF{)z&q;04i(6KM@v zOp>PckTXX5DrGb+u}0{XR!S@h6O!jdIgE*V3MPR?Gak`)Q$xMEI~K0pA%<94GgE$V zE!ek$yKy&E=+=QgUK851T3TwxchFd1UqtU=$blQD^0X0DhI;WQ*^ySs7;-k#>%SpA zIK$@B=|+@?8n>sSjt-i%!{P|mJY&7&>rqONVe!^z$^Klz?mOuebOdanAQ3^Jl}{#x z8=W~W3Dw;M%;mZW6}Ot1%H!GS$On7Au$J6{DzwI&ByfACtkyUM73qXg3-%CUz~19U z@!5#&FBeczl(WhoW8$vR4AIq%19Ml{Vj8{q)wH0)WGh;t-r}W4ShK?$h2}Zr6ecUt zjU%U@gdVpx@a*`G%&7Bx+wZ4oh@B}LG|D_OAY9z2jR8`LAJOGp`}9e#Uiy{T;67qo zD^WIv)4Jg<%;NlK%0XaI7v!QOcc@~rjFOXn!yvP}?Zr?NBqZQh(u>)LtTqv#6 zObyOPiXq!a*t9v&7f9I>L?;v)e1m0#PG}4f%67x8eA_k@J#)opAwyDfh9kQQDr0aL zL*OR?esOW(y50uFM%eLBg@CW*pPk3rEre7mc7X2&1$#=*6#EPFYYgz`E7~Kl%DvE* zB#mv*IQ-Vl1h#QerC8^QL}`(VOEN6V-_40WjyWP9xZ$d>&5cZ@{Nq)iI;hCl?D$r; z0K(P+-W?>aWcf&95p^0z=8>lBs0d!~7G$?BNTEC`rq}1supXK>vUGNH%Z6^6bTq~$ z3uP8S7$aY$#hwx~7dmBb)aIMFJ3+Q+>x$a-vsqX~`U?AFk4A)>8h!rc9aWBG-z)K% zCq}dZ*AXide=V+VVD~o0FTYST#?OAS9S&b%Wx-T7|TwWGS`$DH#@9U$5%eMQ57r;?W zPy9ZqnrHleM_x zLH?=MA6{1;3%MLmp*bsxEYD_!7}`f0Gq~8@ z*)l$w9g{S(QM^i+R1JHT2PK$oKdXp?35OLYC`GWK7J{Cf-5-wpGi7X6nh|L;wL z3_ohzJCgi|sv6J^^*cU(*SLPR&HgU>*IC@&`d`A-eeiun{+mlb2nOu%{CVYj%K7hL zfO7thdhd>L|0zrU!NdVd`8yi;d9KM{J6``_i0^X*ObLMfk@sz`e=rJwYz#mHG}O1E z=7arw|D;LL(o$31%7AkEc5iu1jSSzskT83rfA{0h6Co)7SC*o^-F*4$>;V%Rpo`$H zE&C@Y{!scJw%6VsD+w^vJ(t}B;`eoa5dI(w02BE(`sc37`xN}octA_lyC+He1Kw_1 z5$-ebzsCSb;~!)Ec#UtzxKGIc9s?koe~j@XhyUhFfFXYTlkBf&FVgPkdL%~JP1Hi|DBF3f3A;ycQ6A;MNw<3w?+o`fbu*o?e9~bmgWBfz%+DJ z-}krvn)JV31|Y-#g?Q;1XaI@#i{fiDtWJdMe$5hZshF&V;ERSTSHw2|!<0hcbO<+R z>LA|Ig3(93HBbQ^S0{y2r9IStyNc2oZ9bynmv z$}RM*o?t5-&XZiTnJq1Ww+*-Td-xY

    bE`)Pm zA@I*h7j8YpkYtMP-M6ER7vp}VZ^_@YE$k+dSF5oRcLAF{YdfqWX_}LHH6Ez=Mc2KL zTmOkdT{(@M1am6^$dfdjCQ+5yjSnuOc$=R_Ih(W-qoK!#g2$i0t$sB<-*1?Y;S43o z{Dfq{n%gH!=ZAHE6D|UuMIOP;e|y|{h^LtU#p4WemSIDo@>l~;?+Z@C2qhs$c|Dm_ zpA8`QspiOz_?XlMU&__Uk794(HAW=c(@;IlCIZYFJ!oss=f-CD8orI7V8e?(M;^+x ziDn2tsYLRCg7kblx`MpB%Sq%6HD}il+fhfJ#H3Ut)_T6OI^O8TA@;()bzP=OGWUSA zMYU1(oI%TnWgzaA-rSzE*8tk0CGQH%0so5gwCNDmJ}o*=Y!s6>W7ReD@kPEbc9ki_ zmoVF);Dm(*+)tCwz6b~bcfpOppCjT7Nsy4cB<(NmStzKH735K=xEsb0;JcrXfi9^n zlLz*%R%)SbdC#C>!}+gm(z1hKxxWw}IqkXiT*b2g@@79Dp}4_FsY5olW6fs4D|FrN zs{=lm9koWZ9h#Q}#s#~w|FeTdfz9N4qP`mUt?q54kgusFxFv#?7&j6`2B4fITl&J? z5DH>qPqK>o2+ik`%7?_-*&huv^`Z(X+L8{yC}+e>h~ou0g1ks#!ggBJ%0KZr3`kBV zPpovDJRTcb*o*@q5wK;gM;E5naE7aL;D7fb{6_ogrCm?_W~dgW7u*X*gBG!T(LKw2 z_iv9p)LPWE!K`eFtz1COVRgZ$y5lUi8*!g>!r{HC6k)R~z!@n3+sohS(YOjAg-xzb z@LB4ycd(K2D^8r2c2!w)uhgH)A#;$q6X67GhvtAwDl499P5T6w)Tj?gI&3Y~!z zk|~d14*Y5)kW=MjK)J0*&FqX9m{S-Omk?is4XEJZF>V+v=0rYVMT5+%6x!^f{l| zV`=~MSJ0#83{fpLC}f>=0fUv1oP#(k4m8J*`fs({U6smP{=UKfo)-+35Lsh;6Q!Udr%w#}m8N=IAe-RQLeN8o1 zm}4H2YWci`10Vi<=cTt?;+D*{R0Vi3kYV27Y#uQre*rnk&NWH8CQhjH`=H3)+4I-3 zwyFl0VMsu2KKKxm5Sbx7PKtnZ zB;7X_m16wN4ZweRT6!s>^y*nYQm@xk`2^8h}4L-W;Oc~lI7ZU1J|(jvuMZlvvNrj;ZUb{S?N`_ zra5sK&W(5N0Lqme&-xT#V>f<4N`}@qAJ{SZ<`ZK3>wh58PiGeVQ7**$% z)cW?Zn@{>wDB@d_6HqFa*5=qys_B9(k=%xg4Te9qD6#nsI&TDXM#C&cIBao&8_{c2 z-x}EJS&BfAP)CfNQ^2UKE2A{zdFL%TkT>zo+Q?mMF@Nn;9^Lw=efB(&9ol3$#~AI) z{5uE-HdK^uY`*fdawR0L7{zy5QwnP&)a5C$C52?x(`R?WKT)W z0gd*vp^sXnbCBgTS9nIvU<*=+=OF|XOgZtf+_CO7tqRQ^O`W|^IZvapyEZUvuyWqj zma4`a4fn~M>7;#OSnS;)Gl_3j%Ue-|d((A>TK9?_8>gpF!%>CX1Lbh?1=guJNzV=i zD#=E?3Rd}BsdR~HN|r-S{%qdP@@uDW(9y72WNn4}`Y4rPdukuDmsXM-Ta7*k_A2Hz>|}doorJ{YIy~5Tlko-j?`bI1D#=!^I2;>w@oYMrNJYUZvOyKOMIp;oLlXG z-R27%j)Z^M;`mXetP!*-nkU)5>^kR|QJjP-+Kgr;>P!#qaNsJVp?S0mJaOz&M7H|Y z>>ph=@$vDk*FWTp&Il`VD)g<3T~7yE4nG0c%Sm6;Fk=d}Y%tJ7A;j~pt=?wbQk#yN zQq8xBAq2zaYw}H!8SgT(%N=Coi%*+&c@-7}FY+WYCrgV5nj=$dU+DMoY{vC-OHP11 z;;ZVGkADi?Va^muE_sc?EdO{@=uiX z^FVt*E~2@UTz)MY0cqqx>nMPD_E*Oy!<`cQ8?owlwygI|^qc5kndqS_>)in#_eAvH z(Eud!9gXiW;+}>6JNo-?++)Od9;2fMP#^z09FRi3U;O)q$9pXQ?`Q!0_-pDvcb?vD zFaB4QqyqqpzoP#_@&CR!05CjMU+=}>KbQm{4L`^rz#f6Sjn_YJ=dMNccR2)@jJIp~ z{nN~SkHGK3e@&uaJgx2?B+d8u`!xCi^WVP={dM^V@c>YKx0-A&v)AQyj3;U4RMb_f8>;IH@i!6E=Ac;1U!a$P`j>+~dv9f4tWK2MjkZcc)FpY* zJ+~*REj+$;LLQZOMJ5OZ?}2#MDT;$1nfE4)xv{};*YH$OG*gC4SdGeXb*AAc(Ts8J z?CN5AtIFwQseN^6Y4>cif&e8$ohYY}{#F9+JG~{|vDL%#UVIa3&)ea6 zXOuC$gbQs%rbJYbUD^1dzOV>Fx=%%_`*Jy9Cl9GxwcV3rKdamwb9MzqE8bxw^1N*E zx&Ey*E90Hgieb8P&}@!~>!rOogbU7zpk82PGJ+V?LVl~!VlTx!*^NQ+h#}!~hd>Ac zN?Q!uplU#o$*9VYXdl8!+JBtDR3L+_--*lXW$zlr@FfX>0l}Sy5GRfai^md5nUmzH zR_Z7Jc**CM6QbQ$z&Dl`J(i1*v#NGUx0b}$*d{fhx|FiP*8L@dED8nTWAPRHHvJG5 zxcT-yHSrx`sif0#<&iH?=3c4kOd8XotO7yhkAb}pEs)dcm!1PgM|D@0B^EbI;NdaV z8T9LibiFP13y_Xm+@TJkM(==3=51-9xy1!v-zz@YOS?Y;=w0V2kP@~RQi>>sxJXxs#9 z)Ht7YF3HAAfk}W@`mOG(HtVOa*e^FTQ!2H|LKsFE<~I64f%tHY z>__9hdj0DYUm7;MOxsWJhgF%UZoO|4dZA8a)%#hM*(8yjts+6)+)4KxDRpawvZ$4Hmya+(CQy8(!v7m=x5nz#j#Gt47A-FB0#FjOb{>@x6o%&?Y&oC4nnpJ)*;x~7 zVwA_70n?qPG-%+gcHsUf8Q#sI8-hpux}}Y8=|&p~&a&8W)z8CF!ye>YnE@`)pxNla zc4ni4MrqlLcuS#XsZy?)^9tGpFQ2%LcTxdqGPv~QM~Um`X_jO8^2q_UPiiBt(M6?v zcv`yyra~8R8Mw0t)(I#SL*F+&dnS{%ZV^~aQu&QWIT%Hn<58zFGD;el-J4~gIp((- zoY`W2ptiAMrp|7&#=+{TP=-DB=!CpEo&!e$;KZ&4r$7ldnJXx2ibolSkg`KL!t>pZ zy&N|kgz3ZIJfH|x*0!?ES$fy}5=*F{YYu9uQ=cfQP}X!}DNp8>g(byQW}ElH{`)d=lQv!APqei$ac$;O%4Iy%=mbeIX7tA5-l( z5Mu>Dg4>!&TLB{@p>1B9&wTsrd*feamlnTMZ;vw-8Ptb)9+chbO%KZXK?R(Pi-j>d zB`J(G0Z6q9&eYQbEOZ}F{D$O3E41iqQ5;do2oY{$vpJ9)YAUJ9msyq}Y^ylxPzcs0 zMO2Ed3rg&olsH8_BP38-uwl5oIbwq}nW4(L0jk*Dff3`U)4Ay5Lu>AhwAU2MJN|?) zkCfy(%O7{km_vl~BOKZT@e>APkEMBT5-sW+aE|CiAdSx=w1qY&DZ8=6H?rpUl}*T= z!bi)ceDblyk&B7_=tg?zQ{WG2i=^vamN>y4%<=`Jlq(CGH=H%EU6)&R-WaZ>4m-#eJ=PRS92M^odeQmB-ychTxxr?c*WsxEuemg3k01Ir_IIVv4u;7v$o-;6-P_BPAo467-Q;B z56lN(pS;-znMs~$k`mIW#+|g+1EQw*HgVd&)va&eyumRoiRka2@W>Jvuj~H%QCpU!$%vsv=>j&z6_b?cJg5K!(tD;AdBkx zwD4xK_#~ub)t()DWfeF|l7lOG?Wu+wMLYsd4dXoXI|f*R7&!8gR3HkX4_K2*>b;OT z0^pgUlxO&N?}x_?vCRcycB-N@3F)3?XnLA-RNHF>Yv(V4P4mDd_mP1Qv%;ChAv7c-$xhK#&f3lM>_T+8ef!{D z9lKx2(rR`}*Cj-ALkrZUIX6}N$#xH%GM_j^N`HLjU9`KVYLq`IoNqz^`C;;Tukg@D zF=Jj$pnR{ToVbzO(Z%)E&dKy#^zmJd#6VX&oVsK#Pje|=G3k7{UpV#7_UhCs(sYW~T?WL-^ezxy99$oH`G-|+yL@&kYYVdtK9{(Bez1_8*q+sXVP>HJB){o;@H zAm6C*Y3{p<|84>Q$9#L3xBxQ#y=?lMQGU(4UmUX@%m%Q_`R*OUKZpiM-+y6O zI>raK#Hu0F;|SkPqH2YC-@M$MfrDFkJR5X0xC17P@W`n+P|Hbr6KIH46(#6mi*1e5 zC!KUMs`Pf#lgKk`<`^@BhB##nj_o3+;_L@XlT8A%oqDJv5EQm6?7GD$+nSEk6{ z6W;+?vY#;7;}StFDbbXmd$c&t!3Z=gyS~Y(1&k)0!k!}AV2CoDpL#Yx&lhnL-c#av zoklK(3r`R|v%VKi$Q&?tZZgt3PJUsLVn9)&8;j1j+3C81M2?1Un=d36#n4}9g_5rN z483n+)pcMeyDTZejC)1ew)ALLEpzL<3~Z3VTv8@ja+-%^hgAHQVGU3|&b3s@TWiY~ zm~gjnm`ycYr(2|ii9g?h0$wo#me?;Vad}LTAXReW08S!u<>Nj1)jaG2QpaW8Inu>k zQoc7s3ag3LFuJXa>7_D;1Hzf*M~uw?8q9fOQYFZCUwG`XN+3~SIoFcIDTQ#w$=|%_1rgfu%y061wB6kjPByeJPPW2CjQ$f# zLAbjAL>0`5Z>=tq_#WRHA?d;zFt;bZyOB8Gk&7CWyFrc?gFqDs-XhMFklU$|WgHJZ z_f>0zROj_E%=;7=)B&Aae_*R3og@|1VKF;&Y^YM{jW??3sFu`zaA1><%gD2@K4Uu| zx*Y<)iKc4Biuq8rhw|(t3YGA*mRs3mYEP4Fuy`tz?g|AoE&=}Hnen)*U->HdaQtcJ za#T32ZB0#}zaXR;vh1ABF109+aLSRp+O--0G*H5VZ}T5>s^zxHn!DhtPzTAt}4T;zq)z19wwBwr@}-LgU}pfp(tdtWJ~#vWo1o;6WBJ>XH^~9|09dc}H@@ ztw?=r=tmU5&OvELFp6#XNay86^vd3Jja-C}OprPHqjZGoZ%G{Rj+XQxuf)KvONJ92 zk_5dh-3F0uRn2wjR+4yHLY26Od+bMhmz8Oo@Q)Ng#=EkA35ze9G5VC<$adnq= z5$^lqC5fbPLC`fj#KXm+oW&(2u*F=wSK#G2xQX}ZoDMU}& zqZqp^2hxDms#F}tZT}+E#$TM$^0@P3jF{*4#dYw7D+5#-LO=K4j z)oLa_V@%BP`?;&yfDfEOt}>mPdpGZub1!L6U@s_+ z)w9gT7P?OSgC< zl9zywXFYJ`mHWFU2idxKv$BH1o_?D-`Grw&R5Os)%=2sh@W6Oe47?fLMn}i0J^`}s zROn?kqCr)4<*6sFth(p^kYi+;@kZ(HE4o*%Z>UBpK*J}-6Ky!A%wA%BL12`6L&2tp z#CbNPYqVQ5tMT$FTuvzZR>4Kx4oKR$l1l3TW9_S>s_dG#ML;B^QyQeZyBnlIx*O?` zF6ox;lu#*=?(PQZ2I&SVsUM&`9(jCy{MP#Zb1j@X`<^}bIdko6_BDpeXmABnPouzu ziEI&yrbiZD)$GmN^ck{Of?L|+*q03A!IUy+1YHQ4ybICh8xeA|71oTjZGsyCa-Y=f z=$hKHqgmA8PiCLSU}ln8l@XY!+P(B7BHBW$G1>oMGuon6$+;ZeLgEkr%;24GsXo|2 z@m>@2ML6_fHe_qV;tT zkoL6gNPEf_?qCDBTheLB(h#;1K?~M(Ad)XS+2;$0pK6ct4ED!FI5U-!X8dZK=PjJz{g%Z`0+6x^EY zK4&(D{|=K@nV*{g*pmPA3-bJl$8F>KLzah0A@%yoZBEeH#N*vG!0^lwAHI~;P!js( zW4$tGw4<^^e!sDCrt!g`dsQ?rpo!Z23$zSIvi^B3lT zh5e2BEr0a`#r(JVFEU%VVCuFK{{ad9!u|#)0mcvjSKPIE|AiO8dj8%{{De8Ttk0ie z1=GFC{^nusp5N^kbzmXH3y zV*Z6WUl0!hkuDf%-FhD6UC(Ez zpS??=>`CYlnmb3czo{3E4p@-{(rT1@cANCfkICMZ>Er zQSFL8jtaRPRz-CovxTg>^n~hCE6|N@?()Fx`KJ~J;Kwj?VBDjf&=#^Y3)XcK$>J&2 zl<{coCrd309nB@JREL%4#M~9>qP+*FS<$0=w=1IcI5IK z*^Q#$X|K+Fn2-{YxS{Mfqw=^Nnchn@^=%hh_PVLs%ZlL1w!lCQX9L_<$ZVN9XXhv@ zXZlc@fmX*sRB-&~PkZrI@DW*HW`KHM9fky;dkYp1D(Oc)3mnS#h+xMa2Umx2XV??J zh;AHva-wn0IyKMEHt5#4}^e!R7;%b^1`A@ol-EO9i-o79bZQKj6rLX2H{j!$bezX_ci#KC8iWuFUW@G`LIl>6 zsU+Bl=HMhL938WDuUSgMSy$gM>&u$Hce5@B$8Cx)0@6^K!B`@eJGfu-#De%QEo37G z2V>Jcv!6YY1;@(A{i^R6P1-n-%;+vjzG%KKg0QNE{x}69h27}$*FeFAT&5@7=fed= zrU=ksBT*mVV6T$AC8NYX9>#r4twTME8S)K|{Y3Z`0xNT*c`{{At^a`%S28FORS7Eg zqsp{wJHrnl9QEp6FIHP4uNG(ui;LyT-R%lb;rQ|tjFRS4X9 zEG$H7_&i0u9wjF6l|oizm;q_VJn~Cu?)i1W2w9x3!g; z;eE6##;FB1RE0FK>Vnjo@NpILJGio!stRNz9CY1DODifMXwo6xm~A~7;nWc9AKaAS zAmd}=Q1=i?4tnY&eCqS0Ayn*&Px%Y2_XDaEL-8T7;K!+Z4YssyBi1YC8*LvLpD|7J z2LPiH99Wv*fociNL4?s&~S6W=^%J85Cj-kipKqH|FVP0b} z$la(^D`2d$LR@V&h%#Xb$e%VI82dCt%VOI{3Jm6O8ITDQmpDEV#YxfZ{{q4j5ivc; zUX^?Q8NSiCrUQ|kN=a$2J=6hxKZv&xJB?qn)GsU-<#J`-EY8TohAi7gPG7!JS;N$T zg|BJgcV!dZu_%gtLDyY3Ho2x})S*8ry;viu;`-*8V@k)_v3M^G;_|_w&b$ypZ`IIY zH|pq+GRDv$79(9mtLp^j$qP%n*~A5$sW^~ z7y{wFB+;B#v6e0L2>1*AZb&1E;liNJI^fwuPznjKIFUR<$p_w|y1m;kAx-O>g2VLm zo-b`bk!^Z~i=p}coy2=QF}asVYdG9+jTxR+RrOC2@{CEyo{kTs70t&};xT*awtMWQ zv#?Vrej}B_Dt?LH&uQ}nmPCoA>8Kyb*?Cub|Kpr>CD94aN-H6@Oe1!zvvcfpgbR02 zJZ(7)moLPL%LxgR+teFMbj@vXLB;zy%Ggd%^UWAVVkUzeE@%H|TVpC5I0Gpn(%d3Q_@%U1R05b0 z8EZ!Vu{#t+oG)835i8!%riAj@3{{g9gwy8?f`tb@B#v=yhxSJ4)aDFH!;bHd^z8D? z5Os@)7`4hCF{@dmszj$+Vn2rQ+}-6ahdl3hJhLs%EARO90o~*4dviy@2k4R9Z-Q~R zff=oR^z*a@n~-M-^<5J`ZE@YS*BoHHd2mVkp4;fdm-DI&jGcpJ3>~2;jZ~R%125& zR|Dk1@RKQ)WJSQ`apRhJC761z%9UXIx~^X#qovBNB(-C6Dk}9u^|Zde0#}1RucB^J zLLM3-jgO}b7gbCqmlrLP<}oPO_qGWVQVuU#a#CiiuXX2F6kOa6Hv&1*L&Qp_T%rW;s3V3U(V9dejn;^Eyww@x$k#Txc3-;sA%bN?nGH`2T0xv$3434mR7lg zIk)BYKYZKotbbj_FM3MX#<$I)cVxx)3iuDjFrb9eE#LM-1nD2X?JpK^A71?u&O7Gf zzgGf~odAs2b<^noN5<<yyH?A{xBm&iA9x##8H)&VB+{TC7t z5&_VK-)XdeF>65yK-s_VNB<73ILg!@ z(%}gl$EV}A^7A=uKS&IJTQIviTK+a%>$tD$;^1(maya!70#)vlL6lFver_!Bb1KBdc)k1 z{nt6Mml;>n1j-+aTZ2Y~@UhM~#bo-bY z+TII^i}vkrH6?X=sRv5E$SB*P=yfkZm0)K+*rlI22DQL|KURN8gBPSjU<6&v_mqq} znaJK0zYon-&5K-m(5Xd13s-GraY`8HT!U*rxXKSclcN1p{Adij!! zAx~kJ6o}ijt5u4*YGG*%yR*Hz#wC;j&y!}(&?#`Fmce+e)vuh?;*R7Ph#$5G zBkJ^nxKp)QahUa#^kIM&qNH4lTH5sCwYA>5*cLF4L(DG}zr|8SI)ZfujF3aC?<4;n(O+Qc!f+k zORXBJ;yKElhZh#%b!fD*y)|7a@r#pS$6x6~YI_hVm7(c{kQ4wLWJvv}1y8J1yKpsx z6j^jlWP~!EF6smUYn2a6(=L~cK%P^{AzNO9kQrphXmvSH4pb1K zg4p#(A%=)d(6{4t!OSJZ!@GZuGSPwLnlz0ZmeyBz^hB%<&mnu7EowDtkgb#&`*TBN z8AYJx#5*A{DU5GV{qkY9skvCb3O$F`vJcC8*~8(B;?vjj%E6vS2!^WJb1NG|-Q=@r zu;u2e6=Jc5wsZHl1*i?_Se;e_=9n=LrAK2l#-z5`G^e!P&S?6ap<0hRoVw}p350yE zW+mzBL)WFAF%`33wzb8%C}LG<%Y^Y3yb+2}4RucMcV@{9XKIh9!ITw*h?XC!x)$?E z*N8K$M=1M}s#_ryeXLk4EJIPOBmn0>TV#i4!M9R@;jw1Xli}1nMjy6fmgJI=cc?8y z$E0xK{~SX-VdYJStN}BSjl}8@J+pmZz%EB#1u1-2Q`6=vE+3Gl1}^A^_eu}WMae*# zUc_53teOys+t^Tswa^4mg1lkxjc6@r$dGkkOmSf)bL;@tDt^=5W*NDZrT2K$khx!H zrrCHa2R+_~Vlf%#L(Dgz9M^*m`Vk6b{DhZmm#6KFR`~KmTBa|GyGKk}Qq;Sxmd3z$ zbKeBV?DZN>I#AHsMi_iKXQ_F@4IahRjG(5&OP$_;+Ag`x8@(iiMZi_P5>c$?Wgse= zr7GpC`e1rJ;H6Jdj@>*$6y0XsZhL#*s2pdwt}Xp5;6hkNxXtQ?WX)�<$V|*dmjI zR_^TXuZ*35WMq5~+3$ULK&gLsTA8tq66^FDuQF(m)mzGT`JAIrEt0EFmU z`)H6E`g-GYc0J{p%yhLl*vPkf-YYqQ|F zgA0q()=r(-n(wgms3|KH-Un#EyRgfWX9#TB36(-?Lr}o$f<9sH=#@F%^2oZG(_$WB z>HF$OUQJ)7@}#2IP~*RC&_HD1d~G8pF`%7M2ct!zGbd$xqA02pdx98sQXJnQgFVk%6XMhtqf7?sea{A3SOl;BP?7% zzDo1(vDD+&yMriSz--n#6M5XyG6V^lVbJIjB-ooFc>6fuJe}5U8##q)`WxRp-<9|C z(@lYt{OU*eHtf)?WF;1k*Sh*Cu!KBzMk}){R=-Yf$cWBDi(3sASFJCWHM3wSP%{cg z@~95&KA|7g_K~@HzQz{CU`$L|oqS)#KvZ;8ePOpB%CO_X<#dAaMbn|Ax!velSy`2_ zOW~|W-M7hv(cy!`r7c&tv#vnCp@;$IN~3X6bd0vg)itZ@J$>a^u25d;-eQ(#oQ@|e z5pIyw5BTziwtkBe>HZ}U38*0gh!O$%r+!}p()~*&5}=0r2POW-%`cT8-7gA}_lnY= zvZ8c1rQVO?_J1u0prF6wt?n+8{m%T}GVUSFTUc{>K+7Kx^)KuJ%JCamMo0ZU-ZydlK0M^^4%%P%0;tLXfYo(_ z;GZu}-N=IcXjZ+B9_25ss&v079^K25pPU-q&13vIOMa(*bhk^tvHmqluI~c=9S2dH5D;~d~GTmdBP&m^ItX1-O3`QHfq&q;C9*Yftqp_dZ@)*d4r5tF|vJzrH}8X>Y0sluLr>%gd)$ ztwhe{;;ccQZ^k)&<)r3(ak$iF9vI=4{P8ss!!9qnI(s$O>4rlgYlUiMTdw`dnr@-$ z0#D06G&aTTLeY}ju14WGO0pT(m5QJCsnmn=CnrESq?rWjoupI82OS&Z3_8_`km?(| zNM2X_`lst&@-nO1&`8v>113o^kqDn>}1qeKHwA~#sEX@sne^QQ#* zzpBy4lz>=eH+z4wCPINl;j0v;e$x?7s3Kz^7L*#@{^3Pd>;Z&$MjJYQ$3^Z!u2Y?% zpIGeE-S-V8oo%zOG>p3?{m;%z7*NZv)+I&_frE+jVN(^=!w@8`yU4WYAGQ`-Culzw z{D}IX2~C{tV=aAXdODXt$pj z>!PW02_w$&Var3&&uoW@IY>nWE$JV_*5hG>KYOTBxG7gY&_gfhK3G@uj0Gap94xUR zId8IXxd$3r3Ck!EfpV6fLCia7R0 z_&sRq^Ftz$)-z_w!{cv5SR)G$gL2Rfo}UPGF32wH?d%naS*~5WhFB3 z=3(QkY1-+D8)lhZFO*S(f&|Bh6DQf~FX5`D%+O1`rxlcWo8D}Pb3iV|z)4W5eM=aW z4`I@d+QP%B_~aj;R1~)7kI+lwys!_(n%%EIgHBci%5GIuJ9%f zGq)`~9b{E?V>|R|YkkYkEX2D;_qR)UVGX5Uh~k|dzu%+V9+F0B`0z$50Hp>fMzvRU zsng|!sCNR!gLD*J31XB%TC=JoLrcBzTr+%KE@H)9I_*A{@c=C zb8a0{Y2r*Wgym`#19J66wRek>+I;UkDj@N`8WRQJSD7WbSB?9mTa`cqXLetFRVAlM zGKIUoI_u}LV_lFQHI^Uxf@cVkB|(jmFM5OxJ<;C?*a%u^AWUB0&mBM7%V?dX(21ZT z{>#h2@h^K#E|a8!gCXGvHCQ$Y+F~O7V9!S{IrwH}QH%qUWpYLIEZbx2-8^TgCq{%? zy~N>-*7h8~3FDxny)7LQws7TOhhOc$2P&Ln?Q+>Qb;4vHo?098d0h{1*MSfQ@bctJNR5v> zp;%8w(Mm?@=sZp|+3@;o`j_ew4P3 zBo;58!C`Qb^cEvVh%Dn~Q-Yj@}Z#7_2>iqGnwl*BmTjlJa7LOtUn~w@;iH zh6wHTzVOnutZRKLuL%%0mjq9cjS^i=7X<#%`X`NG8zs$%NphNbYvUsC3k8^03MQ!t z6FL3sv0I0^iKAHl&Lf*FXPd*W-1_nCUie1h#}T@|_y_h*CL!lgl~Wjqt*!}6f$BH60!ttm2;7aM2+pibYbTsl2659l(H>$_444EQl9kWNd;kQDp~5ly(k@ixLgM;}0x6$4P=vm&FTS@?K6>PDxJW zE(}HREYIN;dNrlD*CQ+UCW6ePJ(&G)8x=wmoomk%k3K4CnH!H^*O7~3zEL~UTBdwz z3NHdhZNm7S{{)Aue+*;Lcwn1u7el{IsxbOtD=7V@ICw@W8z+=742#;O#k8Ci%xMv7 z1efurb6mpIf|4ypGB7<9=wy4-Xz!qnLtCi=Y3d%+I2EY;w?4zsTH#}8gJL{n;COBp zX@Re*;r+hK$i+SBAe^n83aEOchcZD|_7GP=8;q_<3r=1VPP$s3CZG*gdWvml{frU5 z6;9>C^%J=hA2`EN%al;=QW_1!mcMy|l`N;&8Mq%6>z)`}B?C zoA3lJ0S8i#r$v;o*_D?(&lpK{#mB;w}YEatbxe!By zEh3G_JG{q;bdZBBM3q5JL5-VI{7z9e1{z*`pJMka*Bv@&@L}?@Gnz|!RzD`w$bN+) z#;jrSNyde8#`GC}V#W6!hi=(SMaOJ8`{Pgy1Q%YEs*wCF5?bh6$6ooB#%@ff_wf>= zT}>t?)brO9nNZJcq^*)q8nJOulcE|g>-Tzw(oeRmfb|vlz&Ye3z77`EL_Y?BdB_@O z^)&p!+L*LTM)K65Ro?-V?Xk6Zk5(9Q?q)*L z{p7L#XEg4^9)JU%9|AAG^YZIc{UWk-Z*zW9qIBOGzds?T`+`e1dvh0)-&o&U1z^rz z2le*2=MIJcxAh;=^bU;wx063)={2sSrM&}@KY88Tp5A{qsM6i0;vGAD{WLeBpuLO5 zZ_Mw-0x(T)b_8Hse{ivM08Z|J>^&y{$@(WGO2_!WkZ3cG8u{_fMZia4*CI9+?ucrs zFwxS&rBRjKFY-InE!|vJrhH=vDn66G8sHSJ`jXtGT6?;ju+`#nws-VRP30Pg)>K!Y zmDuYD^MF%5)AG*xU|%)ua``oFthV;j`M9t2ZQ!om2>Iz)?BK#9c00)ow@04jopH=3t)+|lq*X6!YW^1XAV>6pHC_V$avCc)5 zCXo|TC`gShOHKHJ7N3zw#x)tmmbk$hzH_UF3oGs2eVZ^G-e&x{!QH4e!tXLRVM%Y% zIkmxSlLwU^(kwYBbe|E$Z3Rry3z zSkI*~@;|qfX>{e%$J~^B9e=nC5>UzeyX>L|G-d0 zKQZysfz%+opS5n!yW}cr>ni9~0=?&wd$Rnao zAY#tPy~J3q<=$-*6t%Wouxp&}B!n_hELw+6+q3FCA|abbQWcMR&IWRNE z#6Gi=8KQ`CQ(^Qe>4mjFc2@QJ5Ya&O!sk{QC$)jh7j*u)t)Yi(_1cXx4#ABwPAiK+ z6N=S)vFf2D$abIe!EI^uWt7TjtWxVWvt3Ci^Z3w~aRM)KqY6j=i1w=H zHL=N7DMXNy%Nt=G?n66pS5|>O^}s>;$0kU;i+s8o<5q4mJl0U0ZROxsxNs8Ti}OM; z^Lb?t7384Cr~@D{(Oy4HLPMq%&h#@%|Ms#QA;$GUH{J@3Uq@#t2hsW%oJodyy;Z|7 z=Slx*^N>do+WhP{`;QNtn;<~BqY55)Le^81YR#u7XkRd=C9Xv}^Y}uD%Sab}5b2B~ zBtd2p(QQx|dIotcBhDyP@s0)Fv2*z(cY-*S_5~x4!$6(aTy$F7N8@8AUFno5tSR=` zkJI=OsQg<~SS+HJXvOKWxr^t^0XZtz6^2p;PYswwXUdjM0P0qsT|3SUl8lGOiJ5U5zkd(Ve?t$s^9?19n zBUiF>UG2MH^Qv2>-r^JDG7!5-37N3;mjDa)n7Kyu`xEGxHCxDf)xg$_Eia)Wp@OaO zDfc!E(luy%0TYOJP@_?j7PcwC9oeP>2P_x7OYWgC=uwr#~u%iV~$V*vixik)J z=spw|oF8OI{Xs>i7HCAk^U^A~P?!0*v!8yEv*vQ%< z1RCxPdvYaKOGRv)@c3rVsTh&7#HemGhzHhlcfh1ZxR4a15n(*K(*PVi+Cp$@C9<{HNGw2Sh z2xg%Kl}LRHk0u+UHky@8Yf=eU#t4BJasJ7KwJ<(V$p9gDP;v~~l#EH2yaJ4rRu)Vm zhHf}Ci&JN7fP%@c9B3UQD;@ug9RlQe82zh^Wt0Sqr-JYtuTbR^aXM?_E7m?A6CM~? zX@B-~J>G85Ty3=*{8HD-Gw7lK zMH(V+56#BMh4wPMjH*i&zLk*~?*)8MTL(P5I@;$D^fR)Nh78q35n$tO7r5m)ZTqq? zf`ncjevQRP0g4`2ow{m|jp#=kyRux4={d0J6IqUU6ig(&V=h%uI*$`h*1x`+uAMuI zs?Fqwcn$1LS7zN91}Q6OP>BprD^X@k7I~>Y%F{JePdAvu9h$w<*=&rbMJV+rOy3!~t?qh2TX(}`S_5iABc*rwJal1x+5hC5|p9=)e9L7%kps1eCH7oh-R6M!~ zzE!AE(&+Hy-sZv&G!baBdlS$p^TZ*$N_CH5Vl=TFVRqxhx<7Fi0bL)8Oh=Zs5l+4X z4voS{@XC&!JFy7z>I-~pfJ6suKM@<>M5~^o*dnXgMZEhwuexJO*0h^2MGibyzAZui3WaqqxB2DUiha9Q$F3^7N8yA!XHv& z;;m#dX=?d1r5m+%CDI0C1JexR5`60x=p)QPohi)me#l)kHYK(GEH_>mDZdsZK*cVRx(<=+fkt8YbM1i zP{`72#_qesuYXV)QTlr+9lBd0>aH-p4>kbU?prMJ15DjRmydiSApV`9F64_J-iya_)BiN4S4yes387!02YXerYWD3-kNn9WWL@juQUD z%YEby(Dm_C>FLK5mOsVf4@ytJv;H*{_m!S*UxFW}I)7mekhlLn4*9`6|Am|T*c~7g zKRXF%zoXnghT=Yc2iTdrjron2dm;Hll3tHDqPaVrxt+iA;|uEh8~(2^sN4Bd_tW&p zvCQwx?=9rFY5L;}>MzUz)AT0GZyF=+zLWmK956qBykd9F>6pkA-y>mo zrun#DIquP1?c7m|t(VFayJ67>6TQ;X+!YM>Z$gg(%7u!c=D2x^f-OLhD#h^!fez^U zeT?Kq#-j}$AY;+v&r5%?)UoH6x2}gtN(qsE&l*@hpI9;9AKf9WV}q|e(Gm4!f=edT z%k2xV_X)AQl9cr{EV&5R2YW0^mW(}nXWpu%w7q5w#3yHu@pN!ZA^5Yn8w(g=2Z~>Z zCZd$VvHF5DSr+-wuta0UMkiNGl?yhp=oVfV*t5Gx^xeKn%Ny>f$UzL>psC5ZbWR<60P&Lx@&fKf}(*}M~^BOU-s>@ZrLi`)?e8;!(x zf@v+m3?nv|^&Z|?fxu!dIvDpgP+vO;y1KqqwgaYjhvGBWRlS_OrlW@2#Lnvt)x!)L} zrh&q^KpZkdSNdVZz~e2<8)D_b4NYi8q-E(@o!1yLi5X5ed1y+#F#=2!!`RW%c0~9@@G#!Yk8LXdELJ{5erZ2JsTQ7^Bkbn}qlWTG33xu9_D!+b@@X!Y^e z1tX!;1XnjB=%756DDxvB2k) zR$1lE!k)I|ztzvy|Kx94Qixd}xxuAYuNK{=_o*l|jigLZamswl$+pOrgZ^coX=p-v zg4XP4o{{~9|2Ir9g_Fr4*yMx&EiDYG70?5sug~1egE0p3R*tMD!b+i)SX>sSJ`MU1 zv9IF>cJ(rjE5|yNc&{GN5RdV`D|kr;Y?fdnA6;O@3s0Zy(l^bdEs}hsguq^YzHEaPTHlk+2SCmChyZs_V(aSibVh8)KCm zH_|AGpx(u7e2{0RNZ=n7QVnUzkQfI1?29(JMIpY0Xn(N+?}4Bo8=;AfkGZ6!!vTt# zZvZK*v(f~nxk2S3Z3GkKN-0VcRvojvosokaT^ys0lo;CwER@sFCQ-hN1f0fAiO03t?VTYi8e$zaAS`)}aJ>n@o4krsTEuxUh{+8NjgZwTvQH8~YgXx%}>I+?6s~a=M;6nd)rn`zT&^xT65%Iq0k0XF>lgg zc^HO`A611IE3TkPs7VFt`bo^=R2Q_D*Zv)Zs?t=u{yV_HC*wBw#eqG`}#LK-7X@`xeCXb&9;1XgzXQq*p*C!qph)9%5n>7`$kuhjKmAuL}#t{G$XZC^8F^r4sA>6bFJ zZR#gp^I?NitN9>yoa-}W<4&&jbxS26F&r~YwlT;W9zxtbaEg1x%YeD@P0(qedN1Cv zv3B`E=2lwTQ#`2Ia&oU)7%(sze&-Iif$_KT9mQ$DniJB&;kuSf?%WH{o1x5}OG1$> z*GJ*6klA$vLm35Hd|eRC%ZQVUe@@kBnzoH3x#Y;Q6cDC`n8hrY`ixN_HxdR5auKu* zr4w(cEB(+s)?0{dhYx!{iLN4*0&iUMYfI1aMODrydc;mw*9O-I6uBJHy#SyBdM71{ zXl$!+=nr7yj#2)dn|llT1KRkh5p_G#^3Pb~Ut&`L@wvkc00ijW zL)}{qAmq5eUpRO4=WTbvf2`&n_yAyne`kGf75AVAAQSxG*7p^sZgI~K3ivOqZvt}% z*=`~L5XL)P48XkpK8#HFa}@y40=8e=_6mOwB;!rMe#0aGPH^gOBJ1zWe~skran9Y- z{BzQA2h6`O{wBx&`Sg3{_mlHFmbbSLuDcynuCF98-S&OlTu%7jpYY>6>BqWcf1S(v z{eS;h%yrYnEe^i6{Q2ttT!ogEmVuR)g`up4mf0^yTDPC`kB{3EpI=-s{j(we+XX;s z{sEdY(BEs&{tivAuP9TD5t>?z9Vb7E#0gLGWkAFUB=`uE1=o(EcRkxhLF6aw3^fzZq@>zeIbYwv#l?fV93~&R$bQlAtU)<>bCfQs z6s{M65kpifZe|~L>bP7FKgFNh@si4rbds7X+U{BI@2m_vT2bWlF8sR>Bl|5&g&wE2!s~1cjVph%;&!{Fe$?zzVfiZW} zfZ%y?x?XX51X7Yx+$4A0>f?skIlQ+W0{Ftzy3ArL+*u_0PoX1YCC)TWuo^Ozn@vb9 zd}Vw>Ur~KY6p8l+B6~MSnkQ`AE!J|)zGpJ`K=)b0V1=`%$oO>~jDO5okUa&~sOgF!!Xl#2a99t~xh;*z%qQgxa3#AM{;EoNvtn4bi`*KY{P_*4{`J_)Bp$Iv{bDY*R6X9nX7)FiFAL6@T7oXQiR zl~ckRi2@kBa7gI{GycZJp=ZEE#o4-5uMuFQ#w+lcyEb>28_Y2hIbvZ&`yV2Bm2@>} zH-j?!2ZYdfgkdEESulQj3A>4%sE20;n;5kIyn32iO-4sl?}R(%EVC;MdBmI>MS%^N zmOxyOMwuoTX=7hNV46)o{;E9j`~+c23Ylw?tVfdSY7e6On+oKVWWY-i*9(hXifydK z9&$lcAZ*xFM%&1@s=5zdIX>#op>W$lUknOXyU{y#q{3yTRSgoW4UNyqdoL3 zr|h|aeBiJ&1@2R$lE_lVSW}9_MMU?m^{E^D$6W@Kw>YW1D-EyQ-gJG0V#^+e$}wO% z1!j(uR!|9oKF0p0Ty<>ED!y%xve=;i%|_5DZm^;VpN9VNfB-RHmcU2o@gt!Mqycxf zv4DY`khji9%o zgQ-|!Z3GF|+I>!%v{bWsjcYama}#_VT?<#P-0XkU+D2ypj22D=AT<4OZ>!b%tLXuPO%Dw zCJ1R9Ld#niO;wxY=U=O=2c&rk=%0_S4B0*tQV!QSHZ&-q5eJpcM{W~X#wPX#AzwSMdIiC-#7)WF352LjZ~bo| zU2_@*g=ZN42vlk&$GooCRRyhXIT-Mt?Ivk5J(}3SBwmgXOYo6T#DpWu3aunAVCX6J zEV9ljNE%psbL$N03x!V_HA_9qK5Mgi?(IX?PT8jpHeRCgu?~1zlnB_dy%$M$O7m06 zY}oclMHiR_M*mpk3MGs2zQ}=xx!%Mj*Ha;E@RbGl#G%&D)!~AlN$Iy>n`IorvXLCS z!wiof5`RRjr{E_mGja$CzyOngPM^z*OUrCDFY~7K6n<13nhI49!j*y;;kEA!wIq{a zgFp1SoOa(Y**~4mojaYJ`LRjz-!a6_Kr^`v1xQTHXo{&*5heTyY`36ha z?be+-)t7`jAGNubf=_5vLPBW2gOtz)Pb~tv$g8>*O}0jnSu>?pT1Pyi5b+Xjyx7#` zz{tvGR&jh3i!nOJo7IYCt@4m4(ZVl=fYC-thCOpcZ}2mSrfSx{qwFvfw?9iq3FfBanDe#$#6Y##?)*8&8clM3u@@h03`rJaY7w8|cUp13Mkp z&B9|%4XD`{Ch1^60;kFcNtv0%No2xBd|{cS6*h=YqMOBEPH9ViTFMCfpqBYMZe?4+ zumMf3;d$Mp1P?qx4?%h}EP7>7%#*G8u<2tA&eyeX9yV#Bg)Feb;P~*cme)aknqTgp z;OkiYjQ9x%PDEl4mu0E(u*oWc*4JF0V}G;R|D6-{aA_NbtVapNw~oNXA()MP12-1m z&kR^Of<>X;hE9=4QWoC*TsX(+akiflk?h4N$9H7wsDyW6K^EfnYC1IyhRSRA9nv?m z&;wZgg{85~dN7=pbu^y98BAsp8*O6{h!@O&M^}@-3az$yS(U*9)NRiHP*6k)S%%wg1uV&Y9w{Z3m!9hNjITnlJ=11TpO#@1oUzK{C9LIiNGM)5 z?NFJ;QKMbwnVBJSP~o0;+#fkA=wwb-!k1ys!5W>+1WL@=cY{ca zQIv0=B91_d##kUG0GqWBC^H=_py_AinH%A_Az|40b}wFEY~VveHfie?AF@}y<*4$DA_jkHYV$<`wT0zokhS%%#A zvQ55Y?>Ezt6IWv6h3N9bd74!y+k6cTRdi;pah=E52nWW+S3Xv8u$Q!$Jhge3W7D8P zFrP_cCrh3{hr08On$ps`RpT@$P~6g{@YLqjH&-3>#gmiso%JWT^Ivc(pSY<|L~C%m zMp0HO}SCbnPl=*3-lunx9-O<98JJF9sD*ob2uuxo)|a!l9vN`knc&`*1r) z^bY>s1M@$+1puAgLGXJ{0Mhz@<3$=4=6|(OBM2e79v8$S1I^$RtZ=fy3y8b>3gSrH zW^y)5Bk`u<%u9{Rr`-$!r8}A!_hN=_hVeJByBP&)ecF0fbb3}slx_X>Wbb5d?wpQw z5EX6;C!bk{KYh{iY-tGXX&v*a)ny+BhlADbCdt!thWf|&BE&NB>Eq*b#~k#S7{x~n zf<<hLFCnj_&X}gmT(9_`O6ct0d2?u^JRJqeScrdnv^ZzT+@SaZ zU*fTC*W!@{H-8TZ6H2W=+q-`837~X;1aZGAbS&_^xEI34@oEw|a9UbvXwYHix9&l75Kk0c+okB3`DiQ_n+TjiHP5J|EreI~O zvYjE)*1Y0eaSE(dAcbE>kXH}?0FDqW9Fmc}9RI$V0KYhaiVl?@9P5_3v4<904jRg| zW6`Rg&tUgM=GUj`LtgE2Ky$?7Hfwk++r=a-Wh9g`CGhD@Rmulbh$6^H+Sk9_&^Gm| zevdBg8l9W{8qpT?#6fCE7eL$M62%xPPS6TjljGc8{l}Q)JQ9uw7q>)DH?i8d`1nDjT>F!2Sx*O^45CoL& z?(S}p5E0P#asl^>yu1FfpU+*_InO*ZXJ+U3ea<D*+XXG4-72OW5OjB&HmUFdYN;?ktd;~8aa1o0U} z%kaQ>aedZcuh54r-P^B)0}Q0xbDvS2&dXYXQQ;J$*!$-MNRw?XAksO|E0GzJo^AVh zF89K-A7ULi+aO>`y(VHYaWbAmG~r$SxY|1|%2u8kn4mbyPE7tNDRWneriG0_xMYM% z_d5gZc)IDsh0mDw^VtiWmgDQpu~YaAvUKb+HpV-LZ7`O`&=#S@Rf+9pRp>q0sGREd zc!#CvvP-ndJ%ZV$KH+0Fu4e8v~+0P(&S4B!D(R3_W!PgP>NOUs?JzOqGhbQ4Ca-8$ zs{jR#1#x7l(-n=(ARbmWKdJFeqE$k$U3#sK4^qP+Jp2$Yu7;}z{4-_{hJcrf|YD8aLoih5_Zku6;7Rgyh01NKIrscct=AB;oJxG`4i3e)d}C*7r1 zjVs&^Ik)yZfJMoQ;US4m7g>U>@6>y3P$HsrfGz}!Dpm)H9vW*UB`x0hh(5!ycq%AE z%&X6za|%Hoq^i-If%#wrS}*kL+1&!XdC} zE&bME!OpU_uwYh)1?Ub^xcMnf!WcHD@8)5d=r(NdwcnyxMQSQvlJjoxW{AJ~9OM^4 zFpY~UGV?hv$5%utR#rdtF--~jYP09S3R;b(+Ff;eE#5Dgz9J-dou~)GqNjiK&hm(A zq0I?Mr8@a{NIArFktoL?XKn!Dnsg6rY%dg8gnaF5g z+&pZU#5O^jFM5vi<)5EsaPhbBh&^~>S0D;IRBJfJ=+WRe2=9nyc*@K6mId78d_>zKuZmwZ z7Vxzaj@*#6*mQRfLrniCU6ka@EsB5=lWdhV@GZ_(UGhVWmpyiIx-T|`MH2pwFJ zbfq~8Gufipyu{5`iG!X^3hg9GeJ8WjK6mOo?aqS8(-^ky&SLJ$prKAS#6aJF1KZ+F z5~cKp#hT2O-fHMU_lJSk*Z*%^s`l_W=v((S@Iny^FiW4H!>m;2N=*5Z7jFAGi{#*V zO`35wsZZj?&!>(aL9I}02PY?OORygw$iGSB!zxxR_sRPTZba;AH~fIaBr0>&S@QE( z!_T{LU^$iX8MlAW`q$#2tbj|}u1_{VFirzJVE(_84d_Yr>VSD2odpOpyUwTlbuhYd zC;>U10#BI0>Yt!>U#?@d{=yc>X%*yc-GUy|=>g*9 zdK@nY?_b9e|dZY5u|r$N}~LCzArcJN@BPziS>wT2Kvk<&sy?inq1CF_Jg@890*H zy6u){-)Ifu&%lse;6PrV(f_+ShzkRU0CXU)l7s)^75>F50m}Z`C;$11`fG9C9LQUI z@=DhOzIy*L4Zjb?Z*{eJs9xFP=llJ%cW z^5S7vNa6D5P5H+NoU?0FS04Fmlf0$*jgh?Rk{6}5e(j6@-TbCcUfg^{e?5=?-5k^> zuls&IkN@2o)E5D*fq~h-l<$8xzxF_7dZx?71bn~`;MA!;&@s`z7*jerM$l4M|6kkE zGt;r$OcBPeM0J@{r+cCCTBxCWKLlG1jwu^uE#=MK^!2-d%R+f;Nv-|!RjmD6&yP5t z68a=`?e-SRSHx}dOjen-Tb}gV)|Ro>DA(0hxs*}AkU(EstE@w#p`vh$O>KDgAlL4_ z!o@|-3My)@AJ50CzwOo>pwFR~xppfwz(9WNk3zTotn11}CRcVq#Hrgd(^uAF@fHiU z3(Kk8$)hjoXRB+=e$t1U({l*|zZIO>;RnvV=usnXS*1#7UFy0tfN!`trD0&x>a|L0 z-EL!Xq-z2RA5B^C+m2c9mJOx{xn=p?0fRbN17c`NJ51 z4dKR7*%})4K=c_cb{KqIo@_4ANn0dZQ_8?0pKkpADyHYSL@rY{^WFfbV2t4FnwUug zPOW^oiQI_z&^?Mf?=cZviM;3(iLGYL26{Z*yv5<3`EDnC*^}?bh2@RE8tz1|Ixp|Mx=I<(TJTK>?)eRTvi4pli7CSsVxR<)f z6j$A0S*~nAhxCqX-VC6tr~ESRq5QyW3j^!X>M_t{P>5ABV?~i0jN5LXW6X~TkmOPL z0w-6h``oA@GDsQvo&i*$5&R=rh8dK|Y%e3?c>|76=eva=-W3(lFAp+(k~f@r^eW0| zWCr(N`1?X{@@kR1VW#(vFo!LEoFN>PK}zF1JsE&%jh+x#!D&Yt3oS^3zYdqc)}TS| zX1XJX>Z6?+N$C|L@tnT$`;V~h_ncY>rf_r5-YJ&kDT$SM6g`TaH;~9S?}yfJ%vfN< znI{2fm-Mq9%0b1mlztx@|AvbY8kPeKArq__A}5XeYd%_LUQGHMRVAq8)%?m}6B)l) z+`vat*+$GO5puf(JrX-Jy_-T;Dm%Spwd5#wefRNBAeuh%VCYKfv=F zwC`MUT;pi_*nXmKmwNui#>E|vC-%7^&TDZ}x$n%Mg5)5v-pHn=AfL~47Qxy0cf%&>Afx;$@;evI&8p z|F-_KVGr;(4JfkGZ+e1uzZb`nwm_u9sT4pA8%Pw|9FM>kMuk_gm(9o1m$N)dp4=~b zP0?1WI(eix7`hU=kR*A(YM9yGmMoomfkNAU^N#Qmr{8fAgUj(gl$M2-V{&=tNo9Gq zxsESdv@+SJSpE&tli@F!cCHAYlFk4?Oi z3ZC_%K>Th8Pw|N)7fE27Uv}Z0yaA#{7`9 zc5*WCaV!=OA`Z*o>8Ejfr%>?dCT$|d7&6TC(A{S%8{w-^_UfJrIvj1Xp{OH>uYJu0 z472<<@3|vD`EKUbq=ambgBg|P_Zpe;PJB7=+ZX297TfM@M&q{l&f~k?GGY}Pi1E(N zOkX^pBdxP`Qd-CIM|LTm>{pV!ZH!JFV^-!Ut~{ZNV|}b}#rrT79uPC&ceN2Y`Hhbw z8fr(JnPiRSUm7DTa$&!B#=tr(wlk%5N-o9zMyN_%l|Rx@jor+s`7RO3v&yGA`*B~$ zK|KoN3V{`=19+eGEK2}_?T8=|fh~jtMz(!8RPf`7Llz4Ysz`mr)2}ZjgZ(FTt5eZh zn;%&`69@z!l4P;zkql?D*7eFVL-7sSlFNmD*(%r40Bd+m?q`&V0~L27UA^6|)i$FE zVU~lhdX73XnO@2VsejyHBa)vbtd*i@wSf`FYWP{(kZ?`KPj`G|CmE|NRhD(3Yn(V3 zaL1F(SL@Al=rtJmoY~l%V4UR_w*3Y^GZ?ruYgP0r*ktr$eOD zcoEa%l&=YvWQvy z8sdy4*1OhX^w_NI_XiGOpV0*Byh@&g-*IQ_RwZRwOpwAcf58sn{_gF)RoJk#9jcE5 z#~$0N1^v%Wy{0$$lvAchV0M<}VidpVC~5M%l~-2Ae=V(qKlU|-YA+T~0#U)q1Rg64 z-UOD)F{Q8;!z_AN3SBdHcJp+JsxVa+XS4GO3$NsJUocAdn6NtA4vlZ1IddB4 zer>`!CUS(khS2+kbIqJrPoBx3yKu!)$0ftG$$nSh@g*z3gd-e5qf*xjD!UegGZ@is00S@tCdOy(m7@i@}$(!{?1XjFVh5`5;Cjm z#Tq3T(?{MZS=J8rZ%jIynLcgOR#mYZ;VwLjNrxv#pJ-4+&)@NJFyrn;Zcj{W%0`FY zn3h{GBGGy#W~{6A+B9jg_93!R+>`cTi_dFxMy$g>B>KO^jQ5;;m|Di|N>?XdED`+i z*)V}Y0cab@w$=2PwY$_Vv|skO1Wbde3|2NDvOyE9xEKg_?X-?;~7VsO{%R;0oR z3>LgP;!D%WN{P_O*qiCl@Lc>P)w8lPW2d39(y_F%)UmM9v7pvBvC%Zr*M6mAVWqFD z|4I|^pQvA(+R*5mXzSQf>sc8ak%0ybG6Ew$|DSnXp!NS_k{zHFE*{Lla>L@k$r~no zI_7Jgco~WaWEYp`^*`hdFg*BL-rV>;^-KTXV&-?51B`kGwE_ZDKx%6Nb>+XyEnr^X zwWTY`a$Ruyw&pkb0V;Sd-i8h!mae~9Dgz2NUkDE1H@1ILkN?6dh!7G}e)^O~Ld)Pn z%lsjMfNmqfD=Njsb;XYWkGts7jduoAGB*6(MXt3H!1zsm@=qr2Rr&3Io6g_rXk888 zm1@4N_3xtxT0854=rLXuc)Fk=z zz5#=zmb0C{;+E2SP2udV9YWttg1j4I8yU1HS*p4x_+DN z?}iP5Wb`Rm9d;bZ38M4}E-C9)N7DK-v2Q)(e!3&QcEhttFHi1hx5AwvSDA&Lw0ZF; ziwqulY2I@jJ8T+NY9ij?e$QKRD+pg@y;|^h)C={^&`W|<&8Vi^VA08Vp$cVjQ*Y!l z7XoG@>rxJ=qM;|XGwZD^}y(i%gd318yiRQp13$4 zo(CtF$-ACgRhdtowS9K6gXD%hdB9tfQRK)T$21xzCF1(tYByFv%FIsrX+rvEe{?a{ zc33-?(D5n`_-ckA8|a9sps2a|jpoIP($;d(HG5bRA?U*vUBxD=x<)%vsOIS`_;`GN zcmi*My&sF@5wodxko`N)J?0{nt+3QnPFgIT$`{BS1g9c?R=JKQ4e}_SCV%2>F_D~p z!uVKGdd;gWBac;Zeu*(%+1sO7KtZ9fiK!i~mfsr|4z&YP&S@P+-TYJYs(&lZELBb$ zVWt#KXQCduAIzZGRHnfy`sicRH6+e&S%C=R8Masd*MOC&w+{W!VAR93xBu9tA0K7zWU#pm@eZtd6EnM{NRKNulp z5Utm%CO0oj&3qM&96-JF9M!Zjm;jXIZzvU|vS@m-R23YGO;wGNRrIG-xg%%VM`e+D z4NQUaZSrzv5t!h%=oMKayM#mm>C!TOZrDm}j8&+@8f{40;PlxDi z4Y&q!a!P2UP_tf2z8%MBcSa@HY7UdwINan&0?+nEvm###*-B`wWq4Q-109bDUnb)Y z4;Sqh`8pbUW0?bUN_J}EnaXQYL|51n#LPm6)Y8uALlNzPpZe$Xe zeK>wI3r=t%OxE%#x!r82cr`U9&Q`GRpsAPAhhwq9my`w z)J9W>eCxyES>dvoHCD z6E$2UWR)r%ez;M85_ztEh>05EX_0_I zyPb>btmmNMjHRTXWLf%(lTni92Toqsn3+_siog$i{yz*-1*Dm4gwP4jI+79v^u?v; zj*L64$82hj><3F~_+Gnu3oM6G@U;m@s&=yU&y*bVo$i*~{H$Kza-klIdB=)ITT(Bq zLa0i>+uZdZjZut>s4X`CBu5R2e1M;!%ccfpyB8+7)ubm&sA1RJ!jgRj|*z zk+1_K{eAS+0JX+M@)rl$1t>qZ+PBVIVrH;g7Z-OC1^K`l+Q)U@j|*0(zsDsZ)HKIr z-`u>M(#rf1iE!qLgD7Q1?Whq)-RxOhV*7oPfLy_eL0B~P>a|W^tp55GGnhX08lNIQ zRja|-$4&M810ri^Qo9C|vplHy-Zm>TZ;BH}k!3s4m8qZ&AyJx3kBPEOn@jTlEtnJ(e2Et93DI z)6mV^cnpyhtSUCEfs5E&SXwAOjT>SgpQXG#M zszU#VZ%EOS-@g3n@PbYJIqieOrPzF9RoC53t!ik07=221Ol%G=k}nzPGksqMbnoMK zKIafibBOI=bBKM39BdE$Nu}E*fXQZ8Dho|}v{2hw^*iw;M$mX4NY`&(DZ*m^_feqO7 zWIURrXyL>cFv1Y#GQbr(8Si@%U#%a3 zzDvT7W035{-`GWClv9E;Sq3d9abKcw1`aj#CGsZoVHskmVWyM$1g$bVg%nAt-?aTX ze>!u)l8+U9q{kGe8p5|y3f(eoPCS9p7orX`dXgj}18eLXxa>~>8(h9$KWs^eMl%0~OV7vwYXz>ec>cKeg-W+*rVq<^%}gD< z_Nzl)LDK>7i1(nZdN6fSMkcDRKyIrqiAydoiQ2VlR>h>qlzC*+s^*i^&*NacT$a4D z_?@q-m6g(j|r47*THbXTDgw>AG=1O8U;>!KsSVHUs_U4WVcmi3bQr(pG8SiRO`00;s) zfPV}P=m1`ZL;xQ5Pp-qScm87lnLt3qP0Rwg0*vlDyPWo)sGDELZVVt3D1y5Z(bowN zw>7^pfFNNmK+?i=`NV%n3n1*^Vi18d`47V$6 z1sY9%3u^%_A_g)uml7GsKCXrdWM=3tuO0`y!#|-jzXtQqnE_cmH)rObvV6ekpnrF4 zrkiU7Gz{k&4cyYB8}kFYJZ`Ks5ccyAYx?zOH{1lY2-(Ht0&B2ep_W@(|K5w=N>^O4 zk_*&w6~00H->pHN{i5{+X#si_Gw}WKuPO0gm;!b7i{Stn)THEHSP{5Y zUpK!oZ=lW$XiW#e_!q?r7%xj(g21}}Hg)aJ7mVt1+5kU*o5cmJy4)TBKY-K^lu%u7Ffy8 zZDBs$aWS87`=WKOVaUb0yi&CW_&Cg}Y-(a!IA=V*v9Wk|wu|t!dIc_BBiA_A zJMI(U4mcOPKD6jDyw5*AX#&dM{n*5^*)KxwWzFNEoq?%vaorD&HnO&;O>avmaOF~@ zjAlhto}Euy;c%)rL-_HkYwnTR!Kpg&ghe2WjzChsK$lp(tbNY-er5Pr8Ab1wRw0;Y zO+<244GRABO8iR8ea4J?v|VQ?wc(OPPiXOr?+mc2Ae!<-l#b+^2$ZIiuHv5yP*m0B z$4#omZO}>;PGF0=5mWl5rDq?F654zSvtczITG)uGScZNoq3$p0hNqY}`fQ}yB06`F zONQV~nqlH28O4YV1V%-s!O9vMHogl?ZUlx78nmyQ$6cy3U3+MWbwRHf15~Yj2{PgY zj1Btej0kIXNA_0jIy4;jN@MzbGM;sueBNB`xLn~D_zKxT(k+t;M6^_+T;erU-SGp& zi2SUVaC9Q08!0gc=V%swD+!M>6x185_U%JI=)GQi92-X-Umd!%joS0j@dOukQ7ZM( zWWXcBP*PUGi1ssFW*#!S?1g%JGL39Wqo?f?LH2h^UIs17O%}_0Dn2Jn4f|ATEAyBf zV~ibEEMpj&vQ3sUp+J@ozos!7c?*}Qctn+Ou+~K|{4vG4v`^Kbb^NkWv@zO*+5=%x zwnBL42kWGpdm#_9YraYb=O*9B4r6c78Y-T0bHY~ye}f@y3qDBpM0>)Fj`C4b^_}~Q zOFtzHY$06Wf7%+ICfEqcB9AlYJA_Ys-PvEB`rMyJ^W(>YgO1a=?cCW8s>@bBN8Dj| z{AW9}mlek0)q8bl#7HSH^^jv7JzZv;jxQhfOD&|4hZJ+5tiurn-_@>hMsdR&t5RBc zW4(}^f>-vGE28BiUEQ>thi1mGZx38|9fdsMgB}g;Jl#H+MM0gyB4$QE%bnKgerb55 zpH>Rp1*NIzEQLpdl-vvpF<6*-wNGdZM;T$($YBVrzGURR_%^T;Z^Qd4s*bt=zAhQu=3~v$Ywzu{a$|D9K)f}ApzE6 zkbBPb(4HZ%o(&$|Ys7?_NW&T#zEw zeqAof+{vcNxv5O%RB00WVELv1koCZ%5u+FslV5i^2N88?QowirH8_gy?EENm7tg9bN_CE zHgrkyqysHG{lQt4xao>mRX8hg#~?EPgl+mm{$#08K-fvc9$!}VN7Zx8xJYb$x&HDD zZKm&iqwkL@IU?X|z8I`mg1;1zjWo{jP*?oy-=kHD8uKDa@^!lB#!6>ul*CLM_rVb@ z8_3h8@#K#>k!vR?GTGtK#cM7wNIX)9R|tN0=nI^I?S()N7^(A{PUFgyigp$UK-ex zOo+zcM)^q$st+psy<)KUv`cLg0zb|0+lsy$IWLMdGo>HPc! zgPD1w3nf>6XqbzbaJ06T&)L(#TK)U1&9aF;{?ykfgjY6eDNc)VC10?YUsrBFWZJWr z^2TC83`W(T#-i|q_A(_2nHKRWV>>+0`Ft8~ygu-P>|BtMAw{vTZJyf4!a+UBo(6Ju zj@Skl-Lo?Ag&P6~l~XliM`t3ccPUEVymXA&LDWaZIy%dpP+z1m#@g-_)5?(y_*hgC zO-C+mk~opsg2hsqSqaJhLHRw)DX&TVv{{K5A;^@Oi)WPB}4SO5*i^oPc%y6v9VF#sp`&Q~H{KFEW!s_&i|a^pPZAt( z!ezf=Qccx?)N%IZcMQaWPJ2f=D1xFszT-b%`esilB^P#lL^(XKb&JE`lp&Wme7;kk z`i^1Sw8D|lojD|176BQXsf32Cc9wghCU<#sVhjUziqp5q!l*M2g|YbtAyag^4ht$t zgr1tmexi=rOY5T235rtu5w=~zmtuv>?Vwv?Gue|)FO=;#^}yXdw@QM0AexJ*QfPD< zo&=5Pg{yJk`v+R6I?O3uIs?sTn$)CT49AK4J_@eMX`em2>1@NzqY0wRmiMy5^G%aj zIV|5X@0yi=nTC7IBD?dsxuoD(ESRgy1i}5DD&`KW6Y2MJYJvqafm%Zkh9`r{pGjiI z+IA)=Eh{3M=zMG}5?4d-Ro(8&UtVT!rDX3^?Cf`5&*X@poe1Z8-{JC@4gYS)CghKI z54`cJdslWg$HwjALR-Pbl|_lISf8tWn$a{I50YoD!}HC}&NY%?gQRyCXNvqdP|+Vp zT+phkte9Le+1_B38qJa!kJUF#JkAl{KQ=x^7N|PBTIY4lg~s{Pd+BTJiQDS%%i~p! z9&e-SV(L#>wgDJ&4Ov)n1ct#&wcfIU7;<;Q9~dG*z7cw7C16kZu(D_CRvI;7J5&qCB9m#pOQC+J3E&a9hVd(h)sdZ8maVl4SMFpX54${_x-hbnXG{> zq$?@I)P`tcv}%ovTySp(E-{pH;c-LzH#?l7kZ^1oQrXdC+mE61d`v<#X|Ke$P4V=* z#}Jkjyy6DCcv`_5!e6N-6tGmXjD2Rl*K%-B^K9I3z#tPfJXwKauDE4?$>-SU%lT1X zW!_fL&Ws;bFLV5s?N6tl$c~>_>!yr$T^t$iK7FBB!I}d(%YT=quGpGg1?*YE8Cg9T zBHN=ox1%A@s%E!yk_(da??E!ZBNJe$tbc_$e??wEYn}aP$8MudH+lu4c5XNKcfGn@ z?||HecB$?!gN-huMy~SG=@^-T2l`8CeJwKn5In%TW&cO;0CIMIg#pomNUUpPH*_kn zjM}xSE5UOe{&QRN-vtk7Ni?8(XSYfV~BlS<(#a~#w);%{^5D1vLd=pUO za1GP0ZmRoDq5U~{AOh(oakvN+y3YRsrf2=TTKuhu#tnIVod`3TI>V4&;3q{}F_3k(FrNEbhVuK|jI*gzJ*zhEF%TDsq}tENnzv>^g6LFjgH ze;{Uh)|;%6Zz(nujLdt`GF%Ip08!-q4w)6e2ZE77lu z>I#E?So2?(nmqooj@LHweckA-didsUR$7b2eJI&3!*2#B@U_Z60HI1Ga`~J4F#p*cD_=^gb)WNO^86&?47yR;FrD0 zawS>IQQAzOgc!bL{ckUPnYs4&sL=DpNubP!)kXbfUni6JO0I3=0M@dGPo=#A&joo}M&{PPqm3{L0df|wcn z_SG7X@A0(TaW)|33ZP-OBPCmsvbyaQXVf$I*bG&Krn_=-nQ@M;GBqfqVYn(Z!;oPz z1SlLPG8Gt!q1?s2o9PZU%*fr?*xd__@1?oi0LF&S4)5g`iW{%x=gb z5``!sBTz3+2c4-~nJJrU`z0 z-e-ElPryRoKQ3c{<3~p$YqoO1>aD60LXL0J7c_z`EwY&{!)WTUZA;~aRM5bxI zFbTE--(~3_==Eq%N&g7FHhTks zOU3Sy3b-G2>q!lUw%om{Hb`OCiSZ1&Q2eQ#9>oH>h&^-6{#BYrT^G$-__4i5P0zV` z>z63bf?)jNHsPB%$3;}&*0@wKj1=>}RoJvSP*6Yp>K6JiIa}P8FcebliOHbx8}Qk| z=`{I1weR5&gd?o;+$1C40$%P-b!rqlvT5f{v7tP7Y-8nXV@?}Q9#J0`{{G>ixmqP% zFWIANG_roKP5v=PS>Gl6 z_8I#Q6!WMhB6VC=lfcuK)+vdqN~E7Ke(tFmi!kIZRGz_a9+=`574YnWO)j%-gStYSWYjsGo)kAAUgPG2>cWF|hVXC@1t4D%HTU?8k_QAg~F zNkdpr`}7SJ>iG`j z93s?o0u~}q!qOjjEu2I6D|(kztZkrRZTsWr;|kyDt_(@_3sB1j6FjIce!l}z-zmXS zGRZMKfuKuA(th9aO_E&ttfLZ}nsJic@UlLU<>F6crO-SJrHwYm$hYrgi1+&#WBKu) z4Q`u{(S3WW{Im~^Rym-dn1eGQ_4T5YB#KQ6?W8J^R(~`ki-9j3Bdd}O z)2oUF;FFd+;DJ`Nse#UZ(7N%rkL zMr`?*I<^bJFlhCN+fMkcoKkT#_+Sk0al@eU8$iKG&2~rdCAd{{H8Zr29TP7W9nc0n zkfOpiM3saGV$LHD*PKV>t9eMoHoEsmCC(>C#@^A31nfzN!k zo9{ngjqoSAYYP_eoH5LF{HG_;3O>OQE)M$r#MCEr;-BhqHNYmsu$Kc=YV7F-Ean%( z#~&tX#C@=euhb=zZFnV2bDAfs`q43TU!f?BAwFaR49T{Dz<_jE2)82oJSgT1!yHpa zdFBG@Sn124WIWA$Pj1QgmbIx`K3j0a6pH4kYk9O(ItxM0oDpaeEz)5Mjy2L%;Ro3DOz!=Bp=1*_o7m_Hi$&zr{Q_?pSn{L z<-RM7VACW>J(lhCuXUoF(IcT)>Gsb`iJ&-@Fh+0Jh0#)^XzYO}2vI-D5v$K-Zq%^< zScjkf_GkswBmaphYd0RzH9&<4V?I~A|<8v?>rcWBjGr||@xyq$VW6<@wq z{0txC!PZw}lVEt4`PHJatPhKg-b^qIJ{%2a$b78rAc;h_8Q^|hHq;CoEb|d-%V{wc z#jov1^4W3>8mP%{W|(teizs$s^Ne(7AStjHvDNlCzYgHy8g1IO8`>m!!o}SU35Rrg zXJY-VBEdiYh$d%i4@cFf0^oV5<^c+-N6DB)$a+-MKE$FZr5~j4yT4Jj-}P2K>2hTL)WVB zA}j0~%3Z6^TbkeK2#ECiMRKk}l$hE6yE!P?06ZKRK5`*mff5}5D!hmGZ!CeLjhlGv zGI8i{tblkoC^i6Ln}4{{)%Bu)PJ_UO>%soRm4JzWpz{yH4L|@K2o}0Fbz|NDp=7_P z(+zf|e39wI1mKGoJoGBjiTO51|9vij4X(Nd`tl(0BY(X76%Azq_U4A?|M~70%|YM& zc8+!Vkbfa2Ot+TH0S3-617XUIj@)=n5Qo3uSWH)y!!F$SG6C`8&wz9J568NtPdBWB zECdjaMMwAdSKIy>6L;B-Tc+fX?tpAe>v`Rc0>WPk?(22*+Xq&7uAmj>XK(^gG7_gfq3FI*%2_G`sc4)~|FY#wOx$ z!#{4Z&rSv->r6(dcqtqdnae{euQ~9cuGV(fY1g7kmEN{Q$3D)r?!`kB zXG`Z3lb#nZ&|bf;tScLfVjv(K;$?V(`4vdAIF(gYTt1$+#W|lJP2`zQ49o?yF6ATE z2SC~YKvrLyk+oGt`dGruxl_3UwK+k>$5#0++ixZ(5@&5ub#x6gYjrW&T^!SX#Pd)l zN``4>(rQZ|)q~agX3gM7RCr%CriJ`ixL{XfqL|F+@8_eaTt%C@=qgr`re{xHzb$Kg z08Xr&wX9&`J#N?`aNum+29 zcggzYyd=w%L#6AOWQO}Grs5)ow8}etubF#(6iw{?d$2Mpc@r=>nQwktUgb3Lj>Uy) z&|cLdvWC;K5S~J0aKXWX3P0E7Ak@TO8i~AO>I0|u6;0r#D$tzF)oLq+YwV2SOPR{_ z44CH&nRr{g;P8yN(VLD_J`hPCOOFGZq4;faj1P4qzh6fjigfs^QX&VL0w#jz8)VR1 z_guI=bL2*BFf=2;vXy6S8X&$syHli}wIIqQUebrALI&#uEw7sVG^ENQ$3QlIb2K-l z`n@xyI5&-F!bx;j9nQw&Wae?N)Dg#m2Al={y$<`g{+T9b9&E$VhsHdlyu05p)DCp> z>CP}7zB=4~!i)deU0Tz+P+Np7EhJLdY!jJV&VuyoBk%ma5IF<(l$|&HJ~fq1Qv1C3 z*OCoZvbEBt&ym`VQK8o>bhCY)Gek;+tX815adz&J29)IBOX?xFW9HAue*z=3l<%m> z9ph14eF-QpUp_}TB;TTp|XA?bhP|DcaPEwIheA%MF5aN_{-FW>| zyvNgnM#N5h??V%0t>`O?3{+7;$ig*ozSTd1O`sw7nd{VtUp?U>vc@?i*9tJut4(R) zeVC#~U3ixbz0jc~LIEvzm9qN@qufcoJR^cO%{eVcZ*1_yu~QD<=1M<4+D8v7JfIlh zpgQ#$J(AL%7$Fmb!D80&OsDFVJ5vaYg~1T$uIfTFrZ_HiNxslo++Y_zC_oI}@TqvD zf6iUmCh~+&3o4Y^v|5s5A{a-H1nRBVRGI@LH~sPKlfYV6*_;Vl3zbkEes1&K0D@3t zS$cSvcR}7stUnfYkHk{#>4Xowto2@cE2d5EGC@1_Op~nau`&y>E2eiim5)b?_EA@) z5%UDj2f03TNM4dE9-!{aeKRS>+&0Goxzc03{t-8|Gf|$aj`MsHEB|oGdPN%tQ+-sD z-tV*4b9YT4ePJi8x0Q*!PGaN@IIvcdGP`E)R)j4|IO_Ix)Ft~gnM}BN4FXA&&YTqA z7O?v~7mIgH5hK>~cQe*Kl)$5wC(9{~AJ)u*Ul&v!O?HOO5zj_z|8Cn7y>z&(1=pCO zd%!Xfgdmhc%ukSRebmFF!HzY?K#^-yY)eohL-J_9)tL)U*JyXV`IBmm(Cz}(GrgEh zNYxid+ptn*@abvtHSXYHZ1}u4WGyvi0^Ichl#P zJ#v4}807eMuPv!DFJkw@(lgo*r-~u)$+!l=cIAX2scT(jM zGdXqf4-lJt!NiCj>svFZF5chN1@m!H*>qQ^WftsrmmTXO{AS!XVxut7-mQ^a*3iUh zws{6+KMz+gVgA6PE{tcFMafn%;RSxDBfBN`9*woANw77?2FTg z`vz68^*U~xU>t{1c~<+1+{|T(zK1i2C%w+x^+EmaVpi;>oZq~X`;SSCzIaVX;%OQ* zX-mhQsR#v&sqcJaI#bDY>I{g}as2o+D38Yk?NPMUNmfdvRpFZr%+l08L4?9g4DK8m z&qLRZ6%xb;5_O%z^K_xdwVh@ia{=nQ{0t||(h&RQrVIg#dab5( zx=6lk%}?+a(GH&Ci!EeV%=I`+tnn%Z$$%7{ z&Jsl;PLG+H^pm;rTdDq<*BAtcHr3@|<50r>lSEWDrR6B@ANL-)t)B{n!Sj%WTgRYRrkQC1 z10ApZms1Y6Q=9oVP+`)gD;MU1QQ?Lw^S|@pFt?cR7)8`7y;`{Pl& z)+(wNnwrQPnOCc+*Pd>jCXH_a@R5V_1wOK_Co=T+|IXge_OPM!i!;|Ox9ijIl>mMe zB;libD?efaUYL1x=>7wxfbt_I0N}a!_rInppf!8`)iN`{@_$1b(BeIRm;;tS`U@K% z8tV@mpfAhvcU=O34vKsYe{o=oA4$2WgsL@r*%5_xL-&g_-CAvwCE~^RujTI200P08} zJm?Qcx=I72y9%fHeeVBoBw#EN=(OhA_4Wkwlb;4XUeUn}sp;ypJU9)R zy84f?%L+jNSaQSVfhBsb=ir)eT#?1wn*Tm_pyhn72mWfkfHb~JFqQuOM%l}P#@CO& zcndl}8ZGF+1CyZvd9YX5_b)7hI6kP$0-4DF8ThL#*sJo&pnvHWu=Fd1`U1iLan%Kc z0byLYaDZwy(VL0^3k71TY#x#tH+Cx znvk?FNhQ6!tL@4z3N+U$T%ebeR*yIDxR3A8f|&Men!3q-EJhi z_4{{e6#_<#pQz8%h89sYaKVc_2Lx1Eb}+aJUn^Rm;e?mQ@IiL-r%hPYw8}i+>n3rc zO7Ev58uTnuqWCFGj)UCNB<(nkEy2+HnDHc(uEPeEoyMDTkW5^seD{m;n1caPOyROH z5m;JOFVwNs32ZfybtQZ9czIZMtMdaT|?L{bXa(p{R5{_UJg_ zTl)#6DdQH1jUl~=3a5g=&>wzvU)98WwE#U!`^Y)>mGnNbN3V)ZCiPxj{Ss6dZQG^+ zJhEi_5eA&l9pd*nn=Wny28>gBrjCzaN4hy95*xNt?)nxpYgatZubVx7TkP_@Plt*i zZb2MYGtTre<#I|OtuNOj9A{CLKJg%2MKS^Ca08ge$soLkn!G$ZxEe9g1oRx>AHuvV zS37xPVeR?7ZO}EeRIQ$z=8j~K4g`+FE6!T|kF&3i%QAc3CZq%@DFF#Vy1S$iDe3O+ zl$4O}?vRr1?hffjy1QFJ`bEIqM|AhQzxO{ryPkRGoO|y3bFOP}{z^0Gu$nsynB19x<})+ePolZZ_P zo3x)$)yHE_@~q{o49dT{EgWU4n>y8^Ypq5UN>2kJm7QvQ!Uh7llvj zr7I9h!o`^()P0$>QK5x-klSrXYtP-#n2+i_@r0@M-RKqXq0*_uSji_#^-e_bqEC1+ zYA?BXYl31?rj(#dpG;uH2hx;ip1@wdsK`^!4r-Q2qjD$N`fez#09W;uH5@wJxRbE- zXaeq8ZoK}XV&~efnLiM%S==R)&zv!2^Jhxkb_D!Om3=4`XR7#|L0^rq62cXw&%tBK zWazZ6(hiQ&Xa2p$v0UdO>uH>nmoFTy&$=o=A`v8s)~j9_w<#63K#)r|4e7od+c=oE zpYO{|G;O;yhEe#+UFEj8?VIjs)wCeb>aac$)1G+9bpQiy9?!#oqOHQZeIOs^O%>V+ zy@?V>7Gr(BD*yCtC%%U?e>W2^~xJT zC(=dva!=K+b6YY(B-Wjypf}SH6ALH!GK{Q4Yb!}R53VJu3I+RpNYA=GQe0rX-hZB; z?g#>njttSQp*OZTdCr_ES02E!C#~}=J}uQ9$$;^tWtZ#}CmIaHh=>3SQM5@rRZoru zgtcyU=y}n3CyKS~@Wdu+pLW|=Mx0Kn7p0$x8<(W$=TVM(w^8=UHF(p z?CO?8i$A?(#9fICm#m`Rh~G^kM_~-VvW}FQAq+ec9UR3Y4E$E#^3?@H=EoKR*aGkc zer%YLke(#}9=<7X$BlAOD+a$zzJ#-|RP5Is;=EcsZa$$d;njXTiEZ=OZD`Zj+ERR% zjO}WDKGKVGFs!KMPRY@7XxVE$dw6U*4m;>Res6)9igkJ%8OD@O9k`wc*3q`_*mLo^ z??UjhA6_mNlJIyKpYHo%pS|Zg#GMXd;9NS7YN-GAEu6)D%vIs7v_1=erq!$G*5NYc z{00~XsV=m+@w@!+TAdmi>c-(Go^PsUSTYCqm=YP2G;_#69u-$U^~QNgLiqfG4a17# zZNA^u2*=X?kfJB*{4}Bmi1f1$x_-#5u@jA{>Eci#Tz8oojEpO9LArVe%)~>P} zY_^RMnsllmBPZRLcS&41=3cnEh{!a>phk<6TIOA~E=uUs_>QOb`6%Ph^Jn=4*}%6# zeuXl|F@$73%OPIG=iC!Qcvrucd6w#ZP2*eXQCvf;(e?-or44qSC}^Wm3453m4sU)C zQY&Ihvu{@jJ4gtHU=t@eZljPDjqeGlDWe_c#NyjSTL@cr6+0M*P<9j%x2HSm->6;5 ziM94K4gv!06m%>TY1yDADRva=a2SiH80syUcY8|f_TGIh&Z&3>z0faS_e8^Y2%hCe zh6Qo@=_AID4PQkf$cY(gbINjJ6MA`bT@_nxGI6x9V=L#9=IGa<<+etljb-@L$n8`| zel(6`8IRxTZj^*Rt=ArZo>pawWDJKrHuw$S5*pzJhkIaODbOi88tdLSm~WLQd3!P; zCDxPAR@Ynzi+kl|r)PsEokr=S38qvGs#6-gH`nCt^Dnu`tg<8gJn(GzpY8&=C*YwM zr06xs;sgmhFK1W0BpImkD{`Hc9-s9ouo+9nh>E~9$J`^Su%DK~%GcmNweON^lHg%; zpRX_#fPnSmU#Gp3+bi~L92(rqGER8xcKLpnLHD(tk|tJbe4smluId&_?e{(7n}u3WnsSO zx$+7`?*`J9Y=u~R0eluX#DeYi=p>mrT6=7c&kSDYn>Ic9YM_r|Ys#J%e?^Br?C=U5 z+Ebe9oR2z+%XDjDE0(LDQzC~gU%$%!behWgf({;p-QAZx5S5YL@C8dG;d##MV1XG- z?nxLWzM0m50jzNP%P}!nn_>Don-QLD^eq!1zfZ;TV$c!a-HoF@od+w1?!YOMp=pWSp-*>egCLIc|o7PJs$IvS*qZzfpm9=)N)NU zT*)fXjCV3ImrTmWOP2KU!(piXO5fQajl9`*h+vvtMI_8vHg@j2zwaHL3M=m}nQ3U= z;4A^%XrM*E`9@JxF2E*hsOQ>t6E+zM6x)9Mz9rDwZ`;v@>zycxs0`8YWO9|=qitg6 z>}>OJX42Eq$?3@cz!yVVPaZPZ1HshywtD9C;#7BHfo#;)R@|+oGUeRm(xvFmA{Q}~^Zhx;Pg#!!?NEH)T@6SBQ?WO(x zhWxM80PTOG1^`8H{?#1a|CLq&)WrGC@_*z(epAK)K!Z0j(=>m84@0Z9lmKT7Q}O72N!*tlW z0MI%hO8Yzgf4>m`cziF=L`{FM_Va_q`D?qs5evU5*#Lyn-PjNZ9-d;oi#B+;sQdcg+3KqX#B`mI3_Q-FJsU0k;Bpcz3T3HT|tW z4F;EJe%K8^Bhs+m^@sn7Df?zx(rtm*9Sq7Q>&G|LO=}@AF?@ zufM*+f0tq1u{}2o)q~{#0e^cKH`R22ad6wgeDexX(=*be%{W_prl>L!5V^LIaa|E>t(+%&{yP-^*~HI4 zzoC@wCZzvhl5UC4AAj81`tir@egL^8z!v6z;g)`z{xx?~*Ms0RrfMDt6qn)JJ~J^h zrFd7@lYCRx^XaCprz0?eHB2?is;bIP za#xo(Mk+=I8v^A%XGij+ zJ&~%w4!UxZ$P4U?`bwK)@_|KxEJ`m^L1jU-8}9qmA;kHi{W+g4CPWlYmjcCtAqx&@Qg+6;|y=<}sMU2?oziz=37l=Ha@aK&}dASl; zsx}Dr)sNz9`X@tVzkJC-D;3L9on^Vu9TMTt@zs!A%YebSq!h(hMTin{;&10|4K_5) z8Yn)r6{haWdXX~Z;TNyebh_l^J5pINIZ(5@_sgx}J|{+*dGsmif`rUm5xkjezc9!U z@*EACAW8FCPHVb5#SK422Mz_w`mEQ~*fOxRnJ@`nK=+Yn3eZzu#vPp>{1irMMHyr+ zf`h6%6fRAW4X+$jOgtn;JOZ3+p)qJd1Y5OBK4;oPBX_dVTR&bjyQL zaGP5m4vCJg&9ch#O42wCsCZTGU~0Qtz#-vPfidK9nlIWECgdF2n`fY?>4ZzNmTb)S zGX2CSUDYZ}O;GMZA{^;o$G{{~0ZcTwqLDzCb2LY48c$e1ZbdYi~U zc9$v>9nRP1Dd`n=#8tf658VI2H}F=sFQx2TK*;l{Udu`=<7siRc*FPB?dDU(;dRj` zn3F0Nux|Q$azM-~re&TV&BSdM)PxtC$0`F-XhewR?Rg$aBU``t3e-$s3S`corAy&d zas6e-tbuhaO9r=9Zyd9bVwUR>qO(==&YV7*=MD+GeSo~&xG_Dr4YiDzVCEIUqFDR3 ze1&`rxKCb9biVts`!qA$&A8wLBV$2?cv5`)=zXXIKc3i&qP36pZ;Xnf$}{^97Fv-( z8!wp!xJ*fOiM718GURBJr&k9<(;^E?7nmErMV^FO7~c$0C)>@+DmM+0)cN!wc!5w{J>RLOhAROJ5zGJ5B%munSfXJg>#w)X@ajf?7tkj8sU8vD!dBZdXp8 z`Z=s}XN&ALOCk?7$6Hk6T`Hx=Swg&p#KSov1kxnF6eC=tYMM}b8QusZT#Yu1c}Xyn zZ%V#C8x)?_^rAXkrX@sOr<#z%uQZMGlec)KW=0j8d!VQQ6Bq-HJ_Og2-NJ?vDwY~*clpVv^a_oukr+!CCG!eRpGoy;VLFe);6rXAcz-;UnT_SF)szo5E7 z%g}Eq!UmY#yEgh&;)7lNd2?fHO_yLLX0Ovl{VHvQansreeNM3Z8RI_%j?u zEQ@#E&w#=O$GZ01nwjTc_9a*qEnn}Cq$`BRt@KYkV=RoO0PQH?`a;}38%jo(Hp`M2 zt{KD%79PG6rT;xVW8sP@g=EtdGpGtj#>bO(TWS2v<3M+AJE7Ei6UKsB z2&DK{Mqik}@SElg7D*nNt|1h|P~)@7wO1*7Kk~ClM~GOr)VzowkA(Nr;UM-QOy*h~1d&fK z@#qWhGFUJ!>|A)A+1}8=T$@6VX4z{VZ|?ARD|P%#$u!LsQ>()A2OIXJxDHr|vLH9J zuxnOJJLUUOnOazFu;jAGK(;=Q)vkF=2hn=r@J*eX$rVG*wTH$M5e7lomokIudK6!; z?OAzMh?lI00<7}tx-M!mdEVudDA2;h8#%^N>}yy)m-?GKJtdOUOB#xzo8Y+Iu~&K; ztol=4h*LoJeT|eF=WuxC(BU(pMzjRe`{C+~d@Ca0?>0oZafMw8Q|hEC>Reuhf1Snk z0CGLtO>fy%Ln?c2Yco6(LcW_;vj@~qm|IgLP>rF$I*2821ByTM1j9MFMRO!0UqB!Q$6Hc9zXi7mlR|#+iWnxh8;F(w9#nZ{*E}}AB@;EAkf=H#Q z^3RuZlhT+!8Dm%pL@TUr`zf&BaD2+78IKLtZa(3bXLb}}smFPr@(#ogpsAqdg+0Qs zxi54;KWaRoi}UM)`CfTahyC?M#$+iiOdV*Dcw9;S3r94ci^bG6s(_R_d^1rx1djd^ zSY>-2GWwhmTj?k8G0o37*O~JV7QK$`C-z&VcqpWyUphA_`y+p?H~6X&?r3wsRH<$x zS-Rnh5HYJvffgi7n|$$2BUdZyB^FP{R0aNAxgjHm5)^%BMuZ6#^{!l;?WX}6yUD=z zFOc2>hk-&9rGa_cNj_L*5`FKRQZ-pzBqSNesyme95JQ4nK+loPQM-_qZ_2))&`Sq8 zT1bYC>e-l+?oDEqqQHh2pBypm1veoUOZP^kk>Atfhm($;RRF(|sY*w8HdzHpeaHL`McrXx+> zH@ejgcYX0)^P7&jQ;Evl#hHohu7AY30*mFun@Y(lOJvLj&C8Yb4>yX}rO1Rif99tE zrEmU!X&*oVoZoB!mcLN{Ur8xO00i`}mTCSId&UTWf_^jiA2}{Sxf=isdUx-?gO_(0 z3;=`P&nLRU6@S1=zk$$ylft>_o%kti#BlrX9^jk@+{d59aPEbT{C+{Ofm{{IBv z?+`lx{R9A;ege@4CVxVu2i(V9Rmd$R^xNtEMI7Dw^I*fjpB?~5a0@m8K=VzH(_bBE zcc>BYf&B)WZ`rh;G|CNP{lR`v)7*1pzj^!+r~WRE^Po23t{CF4QEUu<^60_o0lW?X zv3G|s0k;AWdp}39(F3xjKOfHTrw8zcJUl(dznGfa_vpccco2Dj@;MI)ko#`JKUw*8 zzkp&n552j0l=nQr?MLE&cmu#0{Nw=dALO4_Kkx$ZHTcQh(%yx^e^?C=@qpCrT}$R) zWZZu+^f0gi81Z{f?mrj-Ah-Y{=(q0@Km^@sCQ;J^H0u3D^!ye;fPKRc9~ofZ7Jy3G z-H5T@>zV)?hW~nK_Z0P?mOprE0FnGJ+zKrf?XNvkQzjVvh>mNrmKu!<9o_1(su{q9 z-bib>uAuniz{gEAD507!Vc|Q)E5~gcoN96kc>2uRkcfpmvG6TC9kbZ2Hot7F9Q1C^ ztenOn+g&->Sy)^$+G!I3clkVeO^3Yvt@v{Pid?>)?b_@z5&3jAE(~=pWFnDPkVxFb zUwwIXXIqtj*}!^e(NNIDDV}_4l!A9s=sep|bFS>V?E1}ll=6(@Rgl@xEIiOhHIC@? zvJiiw6hod#4xNHk-SA=q+-5=u@+HzNyYF3c4(HXc;>q=9-rzuI0;3OIg`xl_Kn%vZ zG*N$n2`GZ2-;-}g3xS}gr`idW$yHB%+f7drRA%ek4ys3fnLLBaV~FExcz!b+d;%1N z>UyLXOhN=5|hqf7tzOF>#>L(rPL1o5$3y!CAz*>;%`v zmyQI6no_9n=@<#c>AtyHh(_{~w7|yfj~McYzP#Q_$SfOrdW54b>37A(bT+t;?2gE1 z9UH4q$}+Klvr!uUhRcuqTvFqJI7vWz*z<_6aFN#OVoxRNiX#k zY$Tk#JwG?ydyE{dC1SjeqY|Ooq;vxosL2m_%C^-5eJzA4cbF5lIfcTx)@O2IoHik| zEmYSRzImsdy6nqlUoPnI#oJbQE8ZY<+TVden^gL35mj08k9FAw$m1L(wAZ;sG zIGv$yJhRL9RkoRVr3miCgqh-9ZrM*a$*dD;JH-|`@My#)OQBj*_Xbdne zFdIfIZZjXZT~n1RFJV6lp;-{c4Dx*!#B=5T@kT?O>GDgU>*L4K+ddaqxFJUw$lYt- z;7Zso_XS;Z-|D3LB^bL)hd6RLLd+Af#iH;PeRirF|IrEx#4AufR~;TnYGdF6{Ud*~8I7tc%wNjn*jT9=6Laf=H? zjy4Df-|-|HEG(-H&a#j}0XAZr9QEj(nb1alZ0hpyi+bpj zuo~`Tx9vUMsAT=KQUy%hWw})B3xytJ+;%&Yiqj}$wY(uZSk?=L3=R=UqCAtKDRpn@xTD3xt-(~d5N~;@#)9RZ4sH{GV~nJi0AyCPqnn+x=#e` z`A2t{Al8O@bEd6|2CQQ(FFzYw1;CiF#)G`LB^!hCnU~NIV+-#=MhPiUb@7mdFmaV#Cd;z(4CaKz?TPhx zwXhBP;aOFSQ3u;$COv|zv!=ejv8fQ_v*$YGFb@;Q6*SF+un!Q{Uq49-s@qaO$&a`i zRpn-&Fa-nMr$KqT+PC|zjr!~O4ky3wDcEI*#F1YxM5*6YoAS#UX>A7$d!e@`Ymu;i zpW=+&ANvK9EeNAu}RWM1xPF&{)bHZWg%D^QZefdRo{J&UM;ts1i7j zw^IFPXGlKizfx-$1r=rDbjeiZS6-rC1tk+a5A!Mhc2eRg#8HJG;AC{c%HX6n%*r9F zQPFp8lzVj48QU+stXp?-#cce2%?767f z7`m$}BHbPC2@}{>q<4)TlNroR-D4Fn%?jNVf;<^DZ*r?s`P5hCDULm&%m}0bd}ccqbK!J?M`? z#}{1=i%(L38U@D6WHc+Rv90rR4>~Wjeq4|6P&RP*gmxblHw7z$@Y$CSQZW37jc}1S z)7*z0gpCM#6eE(q1XP9VR0{!X8|2~y*`VX+ZM?FXSqj`-`d-A#vYyJx;+ zL9#hVj16^{9<>SyN(C}wA8N5e>}pb_ZOIK5w6O3vxVy)$Oxjx-THNh|`B!J#AwMKs zsyYJ$jhWOL{gEMH02D>}?M4RxM{k*g`)l|e4txlx7;dE>e*&r>fD+&e`xBP_$;>Y| zJBEK1J^5R^mf<$L_CFi~yxKo>=)TS3Pi7uC1bD^&VFdtk0@Nzp%|E$=Y5#OU|8mFw zS+npbGY|X$xa2>4VhlJxn;`CTt^e-MzhtrRRdN4h<$*TwyaZ;d?X8`Yr{|03e+5*8%)v z7X5Ck53=ZhCjS2Ef6AgW+^U`YF!3Xc{v&2208-^QDe#;Ba{mMW0_W%$Xnuur#y4#k zh*$ZlMLsSc*Ex}Nj{_b#@a?2yQ{1#+WVASXyEVUEOt8=VC}~x>>g1?9S6PE7Fj&6K z#K}G$+A$L!qni+8XYEw2FsGziuUHZmb~-V!gS{;xNu6mx02~AUdA1KVk=;q{=%`z? z;##@Hw4T}i+w-^!U5O%J;*xZ(@-wQ_HEPATeJID~pJf_^SN*`Ax1x-F)jJ4GAiv_j z9$&O!nQ^#EG%uH<2C8vk2eKtD!%2}AICqMxjZu+8MxhN9JTGXRiK_4$3(H1QDtQ(z zMsIXbubhyt-{qT9bm_E+Md1|RQLO)^tt5RJbGpO~W>evN0XGR&!eO>gdp~DHZHSTQ z%TK%ST%)>jaru*X6=^|<=(+isMDP}is~;7Iok9hCF$YeDg|*@qXVL48YE#P=3m5Ur z{nQ9F;7D%|+^sO$xlszT(Qw^Wmc6tXJxk~I#!N4rBw}3P#Y&!4n$4?c9U2p*Z0?^y6E8;C0aL6%q|t&`r~oOvZCNsji|;Ys8=G7oo*H12 zO0N5)quAheQm@w;xOv^6veKA=k<9{qcs45>Eo}9nDi=|RRt5zrH)%I4gnWPylq?(d z#IPP`x|DAK0l%Scie0MKV~rrpbzoXoxMo^}vlx%is94kSN6YF(&ggEv=`LET%AeZE zRl~w`KZYu)L%?9nYRY$l_ER0^7EHo@rs+ZNc`jc*W^N4>X*GQIu7u1hIZC_g$X@H2 zUX0#AOD|F|%UHFIxS+kU+PQ?F+aq>oiOrzR^UurY*z4Ie*Mrl>PTzM;3p#=u>Ie8< z)+DB$zzaEVBQ_UN4QTLzE2#ufHpXvqbD0MD%bz_(-D*~XucTmlTXy;O+;ZG{vn9k@ zSM9~cwsOpwCK*$f7x1L)XtLTQYug}8`EJ>3eO5|mYqA;EgX+Q!WD_ql^N{}Xb>)wg zj|-bNK|;%BrKANYnV%eiLXJ|OON}GeVM?H|8T+2-{45fpQAO>pBfLzvxoh#|bWV9c9Dmr13wju(^ab*!{WMp2at&;4st zj5&3u-c;Mo3^?)=cj$swOT~#AUX5!FUX*#e7yAW&G^r>!id$(=lr{4rCDJb(03$bF zo&Iu0N3hVb(z{@>61=)PA#~D=WZE-|%i6eRRr*s~wHjvFL z(bpscx!z&`2^ls(${K3p!Y$dd>Ij2xF1uXx%!zmXa1M`Y-4B|x2goHpkU=$W*h z)R12J46m)wTGKf{Iuk(!Sz%`wv9CjRTGUv_W@vnzJzqLvlsW(ABn1~Lg`Zf3SS!ob zv*@iNeM9LB$?v=GA`H=vh^8B9a1<)1n^SuvrD0w&3=nM86>Z}iaWd9*kxRNhn$C^U z1(R*v8t^~2{0`$`xq?QSh#Q-rc2i@pv6T-^xENMvc3f80q_CMJUAJ`%QvF3(CX4P^ zUVnp1(^9cZx;b6h=PxM9`qXs4XhSU z%FhRvAIISFm)4z3RQs&yE!nG+3E9O8yUMk?RsA5qBVhB3dN&8Uh`3m+4Ne+?tSgh% zV)TNbYsgXBtv%>o8X&EjwV-OEv&*t^76*9-p|Hu8$#S)Ai)O=?;m60lxf%U)eLSfd z$D94ta<4K(fPY=AQMG*xmA!uSOwlH6yqbmprckyqnCfXw_p^$8FBb?Fv7YDa+y-l^ z&eJLJ)6cO;H_}O3D5n)I7I_I-dO}^wS4h}SIuQeT%LOsRt)bykHaqCWhS@C0)u)sf zwuE$vGWD3kpAUQr)4JO9FRt=?^{tK(d@t2v|jw(FZvJt#KW<=7i<5L***`btz5n4*8*@9TI z5f>}s(ol<+(gK-#85x4*kQdSsmRm0GYe|5~^}%QPBcy64(}ZFNtMSd3oMW52Q4_5O z>&DpBWCXdF)8B_r%z|$O1O*+Y`fi1}PVSfQw`0{Q>(0zW%`I%)pAIesG~m z#S8(GlwymM?z$z!Q<{l@B^++goLOrNO59;)6h6P1wGirLzmKUY*1AU-h?A-s!%iG3 zg^jzc>paU{Zs=F94Td_0hxhhyX%Y4)Xyf`{rK+!K(YAlKr{833Yie$GHyYVeYhoaIx7mQr zT~nUSDed!qiR!Cwy$HQW^RuF1Kl&vC-QJJ=8ExL){O<30zolsJbICI5M*3R3Z%x#V zwRucU-dS3x>zi1QHc?gUF{Q0}09bj(IKe_{mjqgC)&x-axt$yGI00{Y!k-EWn ze@~bB56d4SVd@*w<7Xi>&OM<14`v?XV1Tm#6n(uN<9Z(~w@CE26dS`YvK#lOaX$!~ z;ZMtdJ&r$VZQSSQ02klI$bsGKR1Ww7pYP^*;QVZ?_zxxlf)*gTc?Tu| zgA^dSc~{ea^J9N!K>rGzhsjNb+v!#R8-&t694k8&cvG)^lT-93Q|k?(Zpp6~76tWH z&s*^#(`w{`T;?K0%jsr8RLd_;Mj%y9+}!N`I;~4=k%xB9ZQ(gHV#O@I_H}h)=j!s? zNSx#G*NxSSi`A3uH1%gxA;e-ao+S2V6HaH}DW+;G&n%Co*w2rrj@IUMb3WwBwG}_M zO@GpFGM9ICfIpSjSMfDgyP_eNVTv5Rt9eY2J}jZ>1W ztl8@MjsE0gjw&@D2(YL$BsNmp&Z@UI7pVyfvBB=LJvyDcMf4IVR! z#XatkGky#ldzy$t8Y7iUAx~n37nljD0m7IYMBLs&@4zWvr)oL zoFFyptpfz}%usBfdG&YIi8>TsuK6d4pwGs_5%Mb1$#}(1z32qyJWwc8Q0~OdV9D5j zkDECHoaC9EyYFl+HYJ^%t3_Y5RX z73Q2C?sKs)F;u0cwT)zoXn{WY<`2WpE8R)>Nf2qcOer?cL6*&UL5xr>n1L2%*a}d#j+X#rbL^_X8bhIW2RSv)5a1`DI{TZF*O>3u45|jnM8* zu}a{jPG-OP;}+|0EkU-V;}@4pBYm^@P8U}N{e#&JWbk~7yLCc|yo zu(tEYhx_OfAf|rRnoWwKIMv@IgSyHe?tmc-hyQIPJjs92x|IzPc|N zR&kN5Jk$f`OI0Aj0Qp8hwZf7omFc$Iqp{&@2wkT^Ne-)kcVG?2qo&V5 ztop{^bbe@hO6cm>hoA&gxmh+7v&Js}9tW|4LWjCi3<8c~AHM^ac@EWu7&{cUQwS4( zY8H7fNo={?ezGcpJt(063J4C?;d6v&f=w=$*Yg5**kbMB(ju8d)D)t}BVS<;NJeAp zdAg<-97I;^ctuT2&S)OtUn6{92wq%+i6bz)q#V;_#wPpx=2#0zVbRdldAntq-7~viWcE|Z) zti;!xef#=upQ2CpEVAAF?8YjC8_gfFyJ|qfz_85EJhLp~ZT9V_(TVxmtOL$ zDHRnuz18ih@AHBjqL7M%vXWMp)wmh$euWPa!>xxjnfny@>tmy5sU+D^nJ?sX;7_Tg z#A#AHN2oSfzYxa}?@z+LLwLN+I<^NhyldO#J5)B&+>ZrkSP*Gje;K^I;bb{BW^=gO zPu$r&U>8gCjZ9H(?m5C!C@z@CiCj)VJsVAGXG-K>AHYUp5er3p4xL&R>MP@>XMz8zAhz9}^IczGXD$gJ_ z;L?`nC8)5zPBfx{q^~dtWm-xX^F{iV)qaf>ho%Wmk0}Oh_%vtkf}$eNrbqO}mktU( z^*5x*JK_{1Mhlz@>b7*>;OwHhL=yV-rnE|D%8Zwm z4VVw4^|{MvuSDp_8jRiKUK#_`Pi#ooHRxBW5w@oYo6t?GIAfZ8ENc1ALW+@;|BOmcS+a1{uRze%5NXGzf#g-y$9fWARR>u?rSHXig3nIH zMP@@d$*S<7bhta(EAiv)gawqOZE6m2wBd?FyxRx7_=k_7OK}T!U(@i<%YfUy_EW3R zoqEkfDPCYDJ%{$hvCncv71D$$wGwKKCywx>0aN=dWV@5dwOTt*vSCI|qR6CZYSpTh zH(tB-i8kJH;Drx{)tXzj)FXzi2Z%bHk=^J@qJ+M8x6DgreFCItX-Gy+Dv8n>M zOqN-_ICP4P>;9GAVnR*wFvcsWy&{t`X3>p zLi)b|7VVd=toc$wdIi3@FMa*WPR6l|HjG%%tNX~a@;y(w0q4pgh# zqC}0I7o|%QxabX;m$d$PMu;aK3m@f}V57YJ^P~udcM4f5xe& zeu9-BH|__kfA!*_IN2R!x~~BJ(~mz`{t(Un0-30PqK*IU1^_g82(bT7Lf-aGKiJL# zynkEy2pD$&&*nY}`6nw6cJ(i4_V2pZyUy}|4P8KSvWMWB=B`5ZPgWjy^KX$0_$vKf z@_dh$eoKi0%2WI-*}TEXx2ggFo$G%sf8YpU#Qp`Ze-;M(@AbdPPu#9&`jJfi8LNMA z|JUCK)SUR29OI2r|F1bl!yhvHmp3`aa-b+u%_!ErXN^x@d_EOx0Y(hxjDCKLY_=uZlo{@ltYAbBDP3xsg7iKYi`!V!l(&q9 zJbkH0l`Twr2pW0Un@oup#s!DRo=ZD5G9^W22Up5MKIYVjuU@^TsV05>*(YeQLFp1? z4-MPXnCNkEbF*szkksOMnQv%3Zkwhs&l5Ou4Ec86FX)06Bv1Ah(LIwhU5r~xp6nwh zNZjbmDIxaYycTfwhTm+Mta2|`P?Knae0<#^+Z@y5Mw^H5P901K>5Zp9?HKr!y4<5R zRyE*HCB|$)^GIxCAPbL4o#`ro4EZ-AVajn|XCei)H4o;AYc`8Z^a?+UQtoblI!N`Y z+P!j_=vDO&6XkG=_xkFJ`#axq%zgnLcZz5c7J3lO6o~+>$APWZBVjeVlAyY6u7d5r zJ#QS^mnLC3MoEa6v_pyg+?WUHvby2vL@T5YxW4ISI#)AVPiHM=>=SE|rY1BAWa=Hg zsfsWW&Lp0hDu6K;E(`DGVQ%w1D<*6gM6$6ksvgG*(_9iZu_YWbXJQ0vheXA|r1jB^ zfd^;An2&abE$XDkIqEP!S(dZ&JzqdW&ZUPqK}kHm#vY7fy&MY z$?QEIe{PQ_7>1Q|E>9&LZ#g2vxJlD-i8B+yYjElfllg*DEWCBpL)r7Lh4Ycl6OKk? zwbQX6Swnl{?+Y~zY+h9hIzTqg&1af^dq|Ss?RBD5m5w*3Cc#8%(5;onObo@3KHD|E z-v8XKkdbI>j6!MfyrG$Q7iBX#TN&HkWByb?M2TOLo=dYO-N`LUp!AXYRT(ynn^NDi z0FQq5aa_@bJ#&x?0TEQ>T04|kq6SKLs1|{EO^fsMqtoQc-d>J&TW(uiOag+7Oqde#_d=`%*LfFG z)*#{Ry-<=Fpsil5Yd!h27#*sa*A=Y%iP$L-RbT=Kd(yDT+v{jZk=IZGk4wO_WF>gw z_qAZzwtdlFXt~K95<~gFUwQ{bLX;Ht%xfQ*sqy>KG`pg~o2+X_3SUS%6|I0OL|jX# z_fjoS*0SbMH;C3)GVRu*<+8yBKRw%wqlB9T<8n`oHCGdK7EFd+#)sI;c z5K2bJX-|##tO=d>v|lDUz$|cg9uq7vo21jK90XFo;0YGgJXTA8T~vtuo6cqE5Lfy5 z&m(#$WGzaMIRf(VY0RYrxw7Wp8nH6QWzcsWN%xWOft1#=m*G|q%zhWdjzA__ZIwof zhYGBkZ+{dSyQYgG$JX1b-uqpi@oTBP5DSRgW3DQF%FqO4ZhgsqZDdK%%#+y~v0{aJ ztXG3E?1_aoCp`#)NAeOV3ZIV;;M1nzK^CHBX$UB``Lv5wJgDmUlA*Pq?RUJg)8*SF zpy@X!&K*zAhCR)s;x(jHA3gp4>2O-DT}9hY?M6R`A+DfYNo0hJ zmd>!w>{I4^^zuNBBo#s4>l2nA{40hceI>IAQHKdnmlHiSkC4vWVkQ8?syI!(|TK$q3ii%x-J@}>w72S z)ndQ&cXJYC*5MkoHApEq^MymmlKiq>5KlfHuxPQ{d|`Bby@HMrn_bm!vAet;=~wbx zA^-z77b{O_TA@XNF~j@aTRi-BqQx&RYkX$})ggG16!xPlz89}B+tPZCOU}UJ%~RR4 zXn=g)`%1R!%lV*MzZGFXTPP`&(sae2`P#ei4b?Ejy#hQWHt}HGY zL>iLxLltV@nLOAC>|$-zIXssTagzy5`DD5LruU;MeT6ICu6t5eKZBNVrmcOPW=F#K z1%0Qha1AxL?i4jrb0V8F5ARB<{Pt@rSE$BaZc9Zy<(7=LJ17FSw7Op>ax?ni3u0uI zymi6nrOD$$wrol{(-SzWHJhy=29?uD4WuMUhSk$i zpIl0e=2cqFxLMgdr~$v9uP6Vqc1^n_6TD$Ex)VsQ70fc-O~BF-d6B#{ez+1Rh=w$v z+2#d`T^GP%7s{oKW*eGL_cA{NTz0Wjw#!^5}p{BWd$%|b)99jAc zlVq~2O9elPbSI?@MV_lv`86^%0=uleHvsZ#1u^O8Q80KTxX2pEOX%s&e)BEVM>DsQ zx0j-YLJw3XmAMhxgJeUk|2oZ8ky*ZzqbTTAeYqqH8{| z&A!gr01H7kX8!u{yw=+Zr7bM@RL41BHP(rYWHqE5Tz?&@S9m1g^S{!nLp%b@D)>w#n0 z#lhwp+*Zz2OK-J8!pY^x)Q8#+vULh7(_b%p3kqxyI*2M&h<3Nq{c4$y0`%>zt~Qo! zfWd*(Ls(M(oTdC%T`>T#NB`qSdk-k?5)8jxnSaq0dx$>oyUhM%=E2qVVU`U54*#v6 zek-c=Kiqi;O#txCPq_6bGY{N(2&n1e2#DX3}ae~g6Fext3gt7mybo>0&-(o>333ai_hT3J#`TB=)E3YchV zoBa5Hj1)Ix&z@+TX#F^opAX~yd~V?1E!RNJ0Pqg|^>F{Wp7r)I{$=C7Bo@HL-v{%L z^{lsv+{`>I?XiNjssr9jq5Ecjf`!l?l3+7~Z#9k)q$gm^0Fjcq?3yaeIL}KP^rWi_; zByX~}3&V@g9TYD>KXfco4(wiC3q6wm__XZ;_^~ao|urk6zNs&>BELGocGz zpqK9PD+2eECuPk_*Kt@O(TV7!V0eS)9_TT^MI_}NWM4=@rBI@5&QXiMWe_2ROe#aDL>u>TT#VH2lRGm2_k9i+{HdytUdUPNn8!)@selDG>&Y%oz5R z{3dwv87$0CaXDs;JmI9&UpCH3s8pQ0!Ju(=hMMBn+eaAtKb2VcS2~s>tJxn)OaAEE4 zI!`5Ge&tU<#Ox?ee@ZAnv2oNDm6d7vy?L6HHi_4Dpe`vGO3dP7)bJpjyAlpgldhQJ zLx()KN0tMj^UHmw290_xkpV32l##yX7-0{p0MratE~c}2*woS3Ltl|$42Vm%xseT@ zj89m}wO$Lx&+wN-#DgUZ2F9}0s7l`9%L>Q85}d*M2%X3kNcNi`b8mVWW9%me;cu{HYtI^0!s)509mbbI?B9KC-V3m{#r# zj!DwojfAZ+@=;6X9#emG?w=>}{As!;>vp^$Pesf? zISN-St0(vI{4Nd){>Z^1-8OhxQ>!wD#q&??!KLB|J1j#BH~EHsM{FcW^bkDmG7i;w zbKtg>%5h&X)IR7oRcdsn3G_1*s7saOePy6p*9KcenE3+!OIYWuftaW&YX12pydIG@ zVd0LIzSmk(9|ke=2(t`9Adn6c21KYul`V}Cl!iH`8NkObH@zd|$SWksG2tFD%|ZEy z(7%v^?S4#yWZwGO(bN&kdY!ByiPq4F+}psG{3*ulQ>dd^Y#l}U-kq+uE7Gg$;Co}S z`e1K%r3!c1dd6eUGK9%6bJ!~z4sFHT|OM&^d*#IqC*{%tY?=i zu*TkgwCY}wt_bVixXzAeY9QVTZ|~)s>hw1toalf}GgbM2lwEaLS6kDiQ9?kF?hfg0 zDUt4y?(UY7?vN6sq`SKtL`u558$>|K4-xby*Xw(~KlIV(anG4Edk)UpYxWv;;1x&) zQsFO7%nG8yF08P{(nu+~1_bZZkrf(I?C>lourt8)xOL0b9<}d|2dQhNOP1G9KgJks z(xlj4hebxSq-0WD=BB6O~?7&m9=pd@C!fZ)S5) z%!D#}+Vv-7^2AahBc^oikUREb?fVWCE~p*6O`Zc`Pa}oE_EW-~i@?LtaDux&Kv^g_ z$sRFo5wr|F?glaFeFrAP1~c-Y!m?)4WwB;YsE{h*kzEtx6PvUIvkpsIh)(a&u0D(S zvnp?5mpIfe>~$VEkl4>q!4SUGmrlDyonWGqJ@ZIXtl;%J$9Cj1VcEm)NZi*8OdUyw zKw}YRcNsckgwm0aAlyDHiZr*=)=hS;)=<}5CJoOH!{~R2M5p32CEyGj7AsOf>TmLh zMhrWal;H)bsiY~{P|v4=`h{axNw|`EMYdBK5`pp1*ej3+acl*6w0~t_DYt(@pi-aM z6+)pNgX*LyXQf`w%=az=$|fV!w=^|%2}?B3WmtR zS`7{1E;$w#_a39)R<@hC^@UNybnJnSM`3+&m=^0eD753g20Xr9GY^|$D4t;|{v=~M zD7Ca@VjMRqJVT3Mo3UF1&PP(4?<(lT0{%2Hl)5dpO@!Tg_u5U&CR9glR0RCBu-J@Agu%sqDi3h;ky*iX6J8?gI7q63H;f50N#yP*6)c7O8%5G?)# zBX=m`e=i4sh&OQPRu@SG_m+?QlmGYP00i>M18x5e_eFcO>EH?n?cSv-Nk^YE?nCPjl!IG@5gAI>~p}rZlxVf3`ZvY8UU<%+N zG)(s}*S|gBpOEV}ovC|y4S1{ahGDx+r5`BsALk+e5S{w<<$p)ocal@rf4ZUb?~wMN z??>MJ>)UYty4nb!BXv7d?;4^1D~`K)&QBY+P!Q0>k29XXngGb~zd%6-`g>Y5*E6I# z9=nbejuSq6nt|J1AJz>%onklStDW{NkYJvpjb}k+I^)^O@Jh2`U*X>NwkhcwqYnGmtPmKlA#5MdEOPgc>sdB*j1kpd=oY^$T)?ep@KM-e-Z#78{;Ivj zy

    X!5v}Z0u3kNt-Rk62@aX9n>>Dc(%!wIt2C-qz=E=SJaVelEHEG&%(-u>f;T@m zXGOGChFUf+4&9f4>fnW#Hju~U@d2So&If})#NN0cs6A4Pm72voMe=*oD0o$Fn!0W( zx*LT}>Un<7CN95UhA`x^1&G6-Fc~aoCu)>DBlz6oRLl$MWGZ>%3X7D2Q#dNgzB#@H4sLSqrnSB{s61>WBpLomxO&hr2YyFnhrQ zrAuTRgplVNgh*dcih{I|GZm13fp~0*B|uK_p&^5`dUF?4t}8$#CZ#|pbcfeqQ4+(p z)k><#xJFn^T6Hh0FJcq_K^~Z;{iDYM6TS|~wohCVU{KzjzEc1PO6knoaYmS`fhFoO zASb1dfhx5MA4HS}#{HC>sU!o8pU?Y==s`UnNYg+tW^-dd-9S)!>~;k28>qEFJ#{(- z0a#~-2l|=*^3Ei-r$Lb`$YvDX!|eL@^-rrNmY^I+Pao6cv!HO0Y0CC+69{>Pw#Y-l zUUmBBKZSimpB@>4uTvq-CJqZ3Ian|`B$6%JD=9&5Oa`8}yJH9;VmPMk^ld2yPc+>o zEFHTn(o8OoipM`C?`wS&agiNqr+bqvT12%xn65^?v~Nm~y}=63RFO-gn)4MX41KPf zTh-(^@Vf8bAsBYjW{ z$M)zPe(#soE23ti-L0rAKyfRW-TNh2qVoDbK)>$3Q~o}h^$h|84D%x}E_ zwzZ6u9fEv6wt8!?^^D&rS0 z+#WG7bf2CIeye@gHpkIdX1!ne45d2WW&`#cBY{lys_)e{Xutw5?be)MFsDsgE!1#Y zfCe$g0STGJ^T=`)b#2xF77|*)4q8kHDgaKHNIbZc%PhwZ(@18C z*K`GveEu<`W@QRW<#GAU+vLEPGnRr0ebAj&iq68DUr@v0K3-Ozzu*ZKJ7gH<3uZ&# zj&->r1jm)P6$A0EeOjjT8mpKD?=1xotHlSDxasiLDAmZW5OA`!jrNV1IlP}%6LkP^7wt|!D?G+3D#U|U7NJ0pKzR@pP!OckFQWmJY+iF()a5;TL#D5ZGz5j@mFnM%{P~i6R+4>X@?pZO88_Y z6WR34-EY=)Gv@hwt0W@B0;zmAqfbNnD7udlRdc!zCemX$YT=1OSiHZwcS0()!|m>O zel^jawv#mOU$wG%Mk@n>l&+5@Igd}f;2ePgg@y(5AnXm11D_S4yk;YP(O8f33xi#j zq3(xyIjLFNFr@zd_4F^@B!yl)ei5k4+ZJyR`C+gWg0je7e-1Ke}j#=_`Kg^L7e2Mvxko@NTh5U89g}NDD*GAK>ypr03 z)>_J*dWKC`Cntn_G@8*bQ&5$qAqjBLEI2Wl-if+YEjn2cRZ%fS)C6$Cnl7q>WWk#| ze@Qaz4J@{Hk*^FhQZS7F7S7x0w#l9?%rY?3;7MqM1U~aHi`zI(ESGfAFe~UWim3`V z4;CZRWff{B!H6!c3#Q7>V)D?26>a@OG%p{s!bSWQrpuYm1n$8GD`vv5A^Ma+i{Di=byo{ecZ6$C=sRzJYxd zu0K!i-N1B5P`szJwrIR!XT%b;yv^Y?vLyKw?rS zezdXxmOw>OEK?`>-6xRQsBl`*)OZz%Rh^U$|59}?vpB&-+cH^wj)C05tkoFN5Fx)# z?-}(4LHGzBsCO$YrdwoXlsahJNuCwpryq1zwmx}dCKIhEW6nI`(MM}z@1uMHQYJOz zDUcd~x4xs%h?MNck6?6ESx`QMw*4aBX{qGPnQY8Z9r&YB-sk!d=9t-5E9Ci)a(Q1E zi&nv_hrHPi?zCXB(5=L6Gs$@Heq(o-<=~A}IRP8=1$4Q$o9t^*Epq=2u%wW>!~WXZ zZ|rX~NiB-C6MR%ip9pRwJ&@l;^gjF|3EEy4J1c7;hsCxw;b^a}tVvw?gdf2I$L*iF-_sp40Y)2~;uA5Cy zqU%)>=E`<@_X>}fA7Lt?vJ4-s#}s@Ms}AVdtMQ z?mtvL0l6dqHJsalsW-6a-zr@|)N!BryF(1Wn$~`ms=pWW0N~>v7!E)U=Vrds-%Ibm zX?D`y;;}!O`5jFCO|DD;Qw$35G>z<%G<`#Kdrv!1t3NB6Vlx=nEzot05rbA zbgVaUgZdYyySu#jA8Y}jV*tEG%RqIX<@z_o^*q9K{_1bNon`X3r2I|4 z^ET+WIQmbk?*$zoqkjbL2R8Z@v|CL5A4~zH^{<%G(^IirW843RgBe(_J%Z(3~snyAcwleMDzLCOBf%5Sk_{;#T5H}i{c{rPcDbRR-9)7;Db8{Oi&@ApR< z-=x6Z@_UW|Wd6;@-CS~|y-R}sy&fRjzb66n^#$hdr)$?#?A`AFZyNxB8Ni3zABukp z!M%65cP7M4^F1?fe7Nlf{tq?)lKEE#($UfUKT`02eYeascWM4z^ys_OfTBmtfMQjD zIX9rExhBA`ufgkTn!-Z8@ZVOLGFy87*kw$ijJ}Eg%WK)W@m>f$&vJUl@n*0WMJmgh z9M>H>`UwKdO5QwlXGhru4dE$-AKzfIZ$ZYPFxKXXC**LIvnbnspFPd?`TX1B_5BX! z&y$iZ{Cq}6etH3QN@drYN4S9sZp14{g$ly%g_gd1@p-{2Z(jFWm+0h^5JFNy=wi` zq;djeXiJy!G-4N&5yCZ7%sbs^#^mJbjE7vVoliy#!CBhk`GQyj_dhrg1rdMT?;-T< z6{w>1@R_QS+8s56Oq3QAmZu%%Pc0I*NQaE8`aT`#wQ&W9x;8m^$%AdZV3TvovEVP2 zCGyRjeQ|82l1y@xo$&z+KzdK>A~en0BxGM^HQ06tC_Ytc^%OExJWePm+jWCT)Pol0 z5o}pi(N~PFOJT$~m_m(}XMC~*D$_IkaGQhO--Q4S^kvf(JCWi{OwV#6*cM-9gvL@f zH$!uWp);5V@NOA4UC$RZc}uC#wpsmHqSts$j1CEf;i(02?pwX@wis#(QnwhpA1Kp7 zydKm3lH|ddO932Io0}76WG&Z}|3R2XK_zD@8syoTn>18e$O6o_Hl6wol8CQJV#2Lw z=}pToOMB%br)6`H*+qcmH{J+;04`Y`i4O*Iz&w4Z$&_%4%3k=c2F>EpWv3eDFvID? zK0BNvAa>44DY&*UcQufpT^_da8no`+*AsOU&rNCd((N%z1DI>ugjLDbfiY^c58D`w z6O_jWoKskt>nntEp9k&C2*%Qvf~e@U%tNEU5%m@E2v9)GRpB59Mm&+dx2rLRiH_r zhpgc--RN8uv&nE=1A%DF0$5WdV>wt{&VJbZb>Fdo)Jrq#O>}q47sG3bG0Fu`D_W@rI^TZ${}4DY;)vbtpv z9AnLo_{@8JZjoJ*P6B!wk*U?ZXpQY$814yi1C^}v%No=ACy-)A9z+P)mmsBa=di@* zYU!D=iQESkLN8)1H^4WI>pEF3^e-&FHKpZ0)2B1p6@w1Rs0}{jIjSdr2anGCrKHJ~ zyxw;`LR8XmI*UpXQ3}=v-x*lE(OYoHY*Q1FBMb6O!_7|4Kh4^7nT#;1seA1b_Ena8 ziQZM(yQN%zvI%7+FbW_cfO6Oot{rhLK+z7QB)MS#kb3BFr&M zTqSA$#E~!;k|?XY2xDxsMdWsxg#~Cx!LulA6L$= z_V>y$^ z8^-88j-eq{$jK4ZN)00SE`S#UYG(anDTba-V|_zAM79#!TAaEfl(l!6mc)9|8gksC zOf$Jac0uOL8Z47pT^!R$44F)Dq+4@#hkY3VEWK=2r{$_;e04hu{mI-Bga0(1(C)eO z2Ypn#aWn{mX=0K06{qw;Lxfh6`0K5wKtoCDHjhbT%K1Jq_-XX7Hp6s z>_i&jaj1A<2Fl}dWdU5Zm$@01a52Bje^e24Njq^4IknH#xz@fu-r9O5rY(`yw4RM& znUiFm^owoQRNJp8J zR&_QQqat`oHEayhrjCr?ypq-zDx)xoMNH|V;DpgE$lOGj{gg#JgFCwADr3|=y$+PXTw9D7t3*i=Cv5G3YzaO|#Fe2*CL68b z$%v5rjxy-A!eDT02HnZ~NfVE&&5@38pxG4;@;j=gy=g|;0lvsr@VT(WKEg*z7y^=E zN94kUbsfAsSej25!sfw};z2$VQpyh!i^cJj*(`%d8GrU@YDWfPCs_61Ju$T1KfwRI zU^1eruG+Bml=7O2a3v_L9^e(t`s zY-V~T%H)RD}7TMxO@;eapL-+-2A#F?E1dw)WqKPoSUA^(ds|qc4k1a z&VSPt`lF=Ke^M0sQRDuTx1(YC2gLjDjf~8+fOY&mRt*421F+6_75(pQI`fSr=^Z+} zhot|o`uAG;M#c1Y@sE1`$9cw2PPr1+QNiYEAHPip7 zuD|2C+s;qcn?6y%!;l|t-1-Wr0CQ7W-!vN2{Rk0&0t_w9jnCKb@CR6OUjl|1P@n4l zaSH&@{_&LGUjP1{+*SV9@BclN-$B|P#`?qR-}eMib?RnMZb!iU+><*^BZmKN>N|7# zkIbcKq54M)?!O&Q{4bn+Gxzi^`@W|!?e|~I*SbC;$^bYUfE)ke^gnRz&E5eT`b7=j zwLUZa!OFeR0m9pR9~EFT_^o2?%@+PRg!`vI07&<43-8pE{v<}*YioTd%LH0TaQ+z3RqYt;uB}jk}UVGcRht>6VufKLgpq5O1%`o)Dnv2udhj=uEtW!a=jrAF4cT5INx^4E$B z=5w-&Mi1M=D{gS=ipqUyk=k}H18EtSsNt0H%aT|14Y+A!6g*_sq2?9(6dyNzptbjB zKDx|Y))^V6WS=41(PmGTK~E?5VF}MT?n7l%$qS^Sv4urFSy|w*evGXlvu$LmJ%8;jG(B6@V_ zuJ1vj!%FSj!=pdR48V=Fc)%Jb_%QSF&O2Uz6Gk>CFd}#oI7)EG ziXUk>AF4O6#pFkshPKZax}|wAcfTiJ2jRu=+~j!x%OVIiZo%^9kp{>RWs;Cj!NV;% zU~_>u@ddujEQrify&VbtA4C1!=%GG(;w4&rd0^PnQYf^f$)J;T5yt?fM0q)4f zNrrvMEzyi6qe;LOqNFx`G$t-W(6piOT;O4j;-Jv4{M<{d%#A16eT-tEAVhp}^2^c5 zX`hgrFd>v-nY-c0npb$=Ne4$>K4d0jR9znm2r4V+5q~h^)g^r(d;Qz?mVM_9}As8X$KX zzD;#@Ck&j;xt+aLC>j%a1-}=oH#fAJH(Jxad7eAy(84c-=U2JDBH--fhIx5#1i|&@ zL4&5k`g@9Ml*lb-eh0PFwDGJe0yO)pY4?2t*YI?aT2(7>OBLh8H4n+!<;hFu9ga-9 z`WH;(PkMLfg@awPpQ1W)gj#9u3w3E6^qrp$k2|l5;~DjHE*;9K*Xs#zj5zXCmvMun zbO$~z__lWO^#b0r^Yi@9NX1aU;h+=~&y#X8t@L^vcQv*3UuOCi<$8SHKjs>`U_sCvw|x`=ajeREEJgnSC1`;q~LHvX+HHqd`Tb zW622t2KN?$Vn2Y+Gv0)emr^(RYBm2_KliBEQ?hQYeqg@GX&p@=?d0vdm+TLlts(lD zjsu9k+PS)6R&Tj2rL3sz3(>0K*}$wC@0=*LMQzj+$i`SxckCJlv?U4aMSM^#;uSq> zN`@t`#j{!0oqyfKP0?ADJSs@F+!M`yXip58XKfGeG~`Fr!`w&6gQgZx=Se%jaxA_p z2vxBTBP^bRdf#1 zaIy>=?Sy)?N(o*;iXL4I83|*AN=mE_hHo;T0Wq|th$g;3b*9|25WhAP1vJMgGY@-+ zV-6aeDYASL9c)1*&W(h(F*|SzUmBl?%RF<4VR*N}1}8;9tQ#5`+K)#vZK!f;g6m!M zHdK+cmR}%N-QM0fC6*$Rv5-tf6J6>9P4D2k+!7ng zpnyDhTHs&=S9-p$NL7g_;n^?QJGd)d1mmz}&@yU{W%ZwZIxYNUrvj?GinU9s+4?OK z!$@i_xx|bYTA%JsA|UbJVFa>n?HNG z*_C~CB=V?TcI_FnS~ZlV)DCg&uG+4to@Z_`O*>nr^fWFXPM^^btMA0iX%Za;vni zIE8?*j2|ZL*=sOFLyuunQI4Wq7g`a_13aTg1cF><{14^{9XPxR%l(VbSkWaA*M27LJ%!SYE<)5z8*?tf7p=n^^6}_l&aneh7HW(G z{V!CKRbexxG2UGYPAsr;D5;iWGlE*#4Nice8i^WKyoN>U9#b+}% zFWj#~V$P`tEz&a;2~bvX^?k@B+pQE^LH?qRy_C)-lU2ry`x z>{n^ynG0fcgDDnd56t2rkio2vbH5ru84P4Qf=w*?^ud>oGbXltPJh62d=NP90JRT3 zSkOo#>P2pA4uf56I5b)YWZaGxc85<_lN1+gilvSIz8mo?0S%XDe6cS`biXyyoo&B( zpwx};@qAVzx@8e@SV4cGM!n4!3b~^|uCTia8g@x463L@`4Qw%aSaw^N+PoHS?5#Qb z(4e@4xhsVleLfTs)FZ_AtL6c{$3vYb?W?}sNnG1hwQ$U}T8AZDRCAY07qyE=t6ws< z%v>GmhrpW&gQ$gvTWol?9Ko3lKkoDwC0?$#w@%u_=`}#YUDccxUbErKJFRAaM%8ox zJj;DF1laL?BO!E4TK!uw4M4Ztm;xy7e-cLkZ1|m-dqp)Ms=8O*1B_y!|NhVZ?#~~k zQEvxx{Au~`e%zNvz3yE7PJrFAf&XFscN_x z0Hsgwu+A-9{nP4u(YObcSQxH@aZ3jNht&W;>E_X_*Q;--!2huNeu@I*)h!qJAB@~j zPJl4}g0S=e#|(Grc@Op9>=@vF0C;nk9DlI#dpLg+xL@63(Fst-*W^oORqsaEA96rzwOcZ)6?%Q2T0DpAYgh{n%@zyYUmUb zvdc-K23<^c^YmiJ zZFG6coI252g7_*?lGk4=-k`N>vv)Zu^!lDGZD(g>o@+wSs&$NC56Zs5B~)VX6*RZb zC8Xx?<&^+fY~g&ycYc$mOsj}IpD^}{%Tb;qQ#MMb3)TKD_3B$hV)Bns3H!E~cx6U| z4;0^3r=wY0w^A-e(YzyVE$wn-)x}pq<(WxO08M!lE~?b7h^X+<=j;W41UN`x^=Nrx zWcec*YwX0yevJ@e;gATK2shK99-o1nH#G!c`8McLgVS$>h!oQy=(;F~(xzTJv0a%C z$_^LV**Tha=%G|(*y-4R+T}a&^)f=i=)Tu;8r{5S(+!<#O@lY1Q-{W0|6) zw{hEuOg>E0F1CCy2?q5Z&ak5>Rc&vMLpCchYU_lT#v?qpBeo%r$;h7;ZVt`PZZYc4 z92>sCTkI{$An!`aC<$VfKQ$^Q$|3eQQnB{RT7A-G(=KK$>E9gW6sc%>%tTcuH*^&T z1s!2r4B53AFy@IlC8+5ZBjNh>VczccTl+B)<50KL%T5ybc>AV#TV-VX?vEfUO~pMu zuBww0)lVtA6efC89bnx+F8OI&1wEb{*$B3>r5Zwl=(!HbT5G<2*#bg7ElIv_Wwi03 ztu-82AescegRE|7m(>>Ul$yo2l7wk;jY1u?{m^>~y7l2$nBz;1r`6(dJd)di9^*Ji zp*xgZ!DmZ57p6~qt*g5RjYXFtHSrw{->x8CVmnO^4|?}QbJO7XYV%vli$}G(qll4* ze3&7L;U%`HT`+F8EU`6g39q7jq5!d}78TZ-?nIX$N+Yt1gR`}b?lZhE zC>%mZfD_64B$LSO$v!RiLv9DdR!2$UyvNaUd=F%knveZJ1C!2xQQtLqN%i1~9`^D8 zHHZe#ziqDSC$m4$6n3skp^`%m?UN2+@5(rdtxO)~Qqx1T#|~d3u8Lnk7V+CL0!39m zc@zVm7wSRrwlz#$F{0Uq*-S_cw-jd{Ym?b|RhADw62l?}8J#9fCzT!kjbX=(-}sBZ z?KR+Nmh~PnsN&i$?OrFJWKMx9l8x!&vpV!``Sqdu>OV!&Dmry@_^NUo@YR>UhC`*F zh93F0dWU4^=0N#%HlKRFXBR;!z;f|WiF`Mf6%{AM3e8e z$=LpWbu5(ur_O^dan*VZqWXZDX^qw8kp)e_u>Xk7+cmgwd(GniXV<}#^1+l5+7Um9^NLGTx; zo~P|fmCPbAo;^lb-klDlE+{CSLvj0Tc+mxq^2i#Oz3l>CMgwoFRT~w3uE{j$ z0&5P|^f6l;_*m$p5K*G1%0u=Q`aaM3c^Mfgk}rUZ#;(l84KYHaaWrk}D8pecPf7(s z?Z)we-14YDrc_ln_{}RbuKS|mX#07+(X8yG;n!c0Wz}#P_)-zqKMNVO$$qjr&+^Ik zG_DU1y@Na7$FvJ=Pr5X*=Oj$NqoLeiD+2gABUf(dL}@~gE`t`^Uh4Pcd}h?1VIUm6 z;;an^T0_>+T?tS3Wdts2uh71$5|eUH38_eRWd&nA5N$z3W<})o!O|h=g zwnU7ndm;T%pZH6&@caS)DGoDbHJdjKm^@t#(Z zYivYhl({g~j7m&Z*n-&ebmYF0I=!+3F;IEzi83d@)OzOEe)-5=&wB=owGh``1jT<5R6SKu%6j38o3Mr#uZ{ z=lq1+XF3|&UIVar0gSz@|J!Yza{~X7;|0UC$1G9KWvvrP!q3~fP*XX0;yaub%pB;N;kI5 zAWeA_+W7t2CJf`;sjBA7En=%!ICId7?@4QPeWbI`Kdj_D%_H(6BbfN*<7PtIMex|(xke{GJ&8g$m)bhD z#(LH8iKU~{(~-v6I^upkl*+B6ojq#1XAfm~mqts%k%gxFkivL7*|&FG6VEA|fFkU} zPX3JUZb&@9Viln3z2+uqe+-7F`Ju)815N#Foe78lzL%^3b?;qk;jJ9*Z{_N}f)Nl2 z+%J5u>+n1F@dm8?4~PB&3x2}1U)<==_qylMUvR-MjolxEENpLXuyf}6JLyHMYR zN91lG$e&jK?!|Aqr{BYJU5Ecv6cq^acD901?-(1BxGG zK>vxjZe)?}?ev{Q?ai6PZQlOKz3W@0zY*LwVpjmGuZN}pAg(_={oZnbeEl2ZqP?eZ zJ7qR~-B6lTxE}OgXZ>6rKRHzja+gr+A_;w z@qr#u$&mhUH$-d`WY&=0_A^bLFe{i>EN={5E8OlREk~t$J>*HNXrmFk7P!UXt|RE~ z&JC@+ng}m!sBt)m@41YT;`P^yNA2!fo!QPL(c!FBtR9OraZR99piuP7Gn*gTgsoG) zK)HM~()cjd;Q|LiryMV+`k{rUsO-lV(v_>nkGKTBl@^KKX{9hyaw6ye z5A=*(up|(;W;wEu{JZd_ln7Hwp2NmJu8?BDP*-?KFZ~&6w5wB@qSOLBUgXr`VrsOzCXhbG_kZf2$DQQFJ+W5P4-e`6E)Q)LUh`8G&gJRNIYX)* ze|9qIZgjfbfkwq*GhZ)O&bOWAWv?hZ)o+IO@{$>EIRviMY&ii_X(`mNqCD?Ps`PFr z%Yb**oaXGIx11~`4cH}p3Lkj!m{-Y5*I}y7&|}pbn$!#n1aTU?Vx}4c*IEfEYV4Ba zA*lKyJr&^vhEJ%+X|9uLi4$tdJTKI)@bl|V$8i+M($LnXWstwcPm zRECM2HE>^nl|@4shJusF5XBz4N^tt=AK~&*SSrDVyR_rUjFRzXY4ctyppQS@8*P8a z+R2G}scTt15mQdoN3p;C)~VTd*$v^_a_Cig|2tok8Lz0~G#qB~>1uql9)9#y8kIA| z1LVHrVVX`cmiO)2oS-a0N2xNqKAjFW=Rprbl?TZf;Zqo3TltV%-yH%yv5uvqyet!h zq&57i9Rf}BbWRW_%`lKx@4#w9`oZ}`1XuRynD<7o(^b*b2cK`K2}zH!EuIb)gCOWF zC=Tbf*>q6Oz7wejdzJG1C3KV}bBIM%8+vf(N2Ljc4t-CuZA+lhEuh%sv5LoF=Oj5- zL?8hOvnYJ$^I z2HGkOS%n}ixfGU!iAR8r*^X{-({NsvBO;E0s!O}1;6tytHh6u6N#t40ibSxZZ|nfJ zxCu+a%I@TGeVKdw+{9;KrdQ1eb!se69~p0LZ%o$oM2pmqXXayQHN6R*Dl&sx021P& zwrkd?%c+!HFPnH8g`?#e$k~=*m?gg}Ih{yaN`p&LRPPj70Lg@&M|?yeoFlBSp6Y5j zf+@-Ld29o!^wZkOXvDshSyCEFH35AmBhIT=hsjy_%bLBAScY6Z%c}&?i&sV8aKB2x zF<~A>`tZF(mT(O4S+b_Sd=05S%!CG`z5Ln>h}{Sz8dj7CsvcDj+L z*63;hOtVdIO<#O0`iVFZ_wIo|=(%!*iZ8gwnZqFe&;%~ncF9YWr`@Ls^xN`c?5eft z?*}+eM$8yfW`e|#_nty!rmEGsH&EemWOt;zvDnQ|W#F{h8+ao0L8{3lY=iOg)oQHV zq@Qc(E=l`IkS*#A*!u<>ZV*kVtPgMCgu-^oTKXJ%n#jBooVu-Tx4RR%&d#7r9)7BK z28S4Mu*sBYN(lM-%;uXRt`@NsdA~zRCFUS!BS|MhaGXZEH-o!xVpUr_1?X~m7mpBu zW-m4NrJxb{%24&*GXkx5zTPZZT4Rh%bApSY=b7H_!~UR^2$yzS%R#ZRSyGp9`ot7+++ZV zEJAT*CsRC~#A>T4i~Scatyj>*F&+>ad&n?PDlv_lmzR;B2Bu6&R+k25RBCCdy@JVXcuNL$x1#wNA+YqGdpcC9&a5JCZG^{jFqv_(z&yBs ze-yTSsD%R4G1Y_%mBg!W6V(5C;7ii1{tO8$7nV`ds~Q(8D!B4~4G~bwn6ArMZ_C2V z*l#Hoqk<@h9_$_9o^1zbPFkE@h}o`R+MJH~J7WYDoNd|>YqgLI5cQK#Twe<&=9ECF z(D4(=T6};Bo58L&V=%y%vGZn}wfpqlF~rTCKp!^wQp%#ze}8;ier*f2=558KlTsHq>m$8DMKzV_OChyp z1#;T(2gLqQ3cIY14qDku&M!B|PPTG)&ZZcZxTeesXV150ls_9eTGr0YUS7Teb3NZL zFESuPaCz%7h@f$V5v1Sf^)PVWY}X}d-*-a&y1R5nE&0#WNSJ?<1-%bU0FctH4$n>X zd{^Mzt5<&$2mKeM^d~dF7kYpiq4&#Y03M9)dp&rs;Jok8y)*tBhTxV5`_uA!e%vqP z0jB)@q{IG$nfpaNK>hs-XWg)o|Kn}$7xDmT;Fk9Ila+ff^%odQ_j6w1?S0+9?lm9? zy+wVu_w@d>`kog6wfxN%1ERiLob?~9{Dm;R?lPsjgVc2219uzSA8_d(?U28zZQZ^N z9o>)nkAGVJ`|JEBuywooR>%r)@!eN*Z!ut!e*b7_X&Ar%&U{UUUE`yF`tUDi0J8Nj z@QCIQEt$;U;n92D@u?k+SBiB^z~=B2eXZz^!rC8&K~6o;>HNs{jIfZ7XYu0ny5!p4 zz@Y4986~Hdwue*7W6Ru>wLDxlI@vwn?hWB^tz+e^KfmsLi3E~t5ffn`{cKcvv42T9 z!NGlI@og%^`P<6IP+`|5H-#{%RFfZ5kV?I(%axx>o_OUhJ&^);{`cvQ_*2&BWiFm` z6^%qO<`UX=MW{%0UK!l3)k)1(WCBwOL8T-1=)iT?0~1Rt(IHt`elaQJ z(pDB>#k#}MDjnobtAPrICeIr1dh{D+Kp%%G4Q0LKmF-#S6tr-#LxwiOQ;?@H44X?p zt1vcbO}vLaUj;{Pae~`xxF8tIXi2LMqdbx;UP(@NmlT^}3{h1lek|H+;zv7%r6l=e zqGyr6zxRgDvzv)tP5Koy49r(b4IpN8F5(%N<@W>EgBd%~vpYB_s5$j)vMat7Iuw{F zZWGK@vc|_UxmoGglkwG=zTH%25G~yrt~7Xwdgu~+<*1d-##a2P!gos*xe1uvIVi#9 zoCPP2@bs%ChcfJ@FZ1)@5jDpPpdp!jXnhtj`ZitdR|tzx@o|%M`7QI&wWuGMJXhm( zHsj1K@#oIBE+)Ja78@^4aU=$eP=_rE_rw-G{o|@TB6_FQhmoa-jha9UOWq33&|fZn z4XrKTqAIae&=`(tKxyi|obRvVTmzAiKJb>_#U4WznVo8#tF{Z@ve{PuZr_J`PyllB<>eVo+Fp%=B6lM2TPn>GV;{Si1t481?Q${J z=Ld5UVe8Tk_DWBXSGT6o--6cJr9rRdh(MPusw(V~6c_^!eC-}%bcn<^todlqRvXg- zXZ*S$oAD4@bqQ{&+J@w7CG_6A^#$aoY-sD`JJ|$u?eR{56{89ICp&s5(|yufe9gtG zwfZi2rnzV3}U zkg#tI4<*0Y?}X1zLhs(!uQy=@Ic36l1+%_6(E-i?;U;QMi&10GuBY~_5}K;#5bxc( zG5=&?NbWgRq<_GkZ^ZUyeD|*8GPNGi+nLO=7WZv>D#wV!gcd82aADDGI(1211F=^B z#ZQd}Hb|a(;KYZm&{1b2?ytF_AZxQuBiBN>_vJ7iJbs9U;@>@+$E5SlLX=PQ3M9tC za$WO{&E-tdb2?_E!h(MO&uqc+v{Nyny8&r>PAh~~g5s+Oe$miDX0G^k~U@U^A2z2;-~|O4Pqt5?%vuL~wffm@jD!$7v^@ zjWmZN+Edk5+exsG{0LNfLmYB++9E!`Czx%0mCrGmXGDUrhX)bIh7v+ZnSO!dB&xpr zYVomvSq&)tlgi_F7LPu@K%Aw1zi}!=$2j1H)#pwB$p)q24SI2%aftY{3_&2O9yvoV zuL1Fhh$eEaxeTC$4^=G2Fpz0Xh;*5+@}d)*gR{;V^@sE=`%@w)I(5}GA)VKUFHT}UJl-O0weAC_ z&eUq+FC^zW44m+r1W^rB{=UaR(a#StrdM8-lqA-YUb?|bE(K#QP-2r+$&a5DuuJ=S zzX4G^5Pie?IkOLm$ewAQs1@w3Y0&!k+lsWQ$|B!cCg8P&U8$_ON+Cx&@;nUJ8l^S| ze6+oFmq+~7r*x^>S7(YxE>(o}C5o@;skvgmbi6J4wtB)YN%XF#%s+Xy7g|l?Emtr2 zUg7GO3Fgcx+upcUuWW+?K@qiDR?4NJBhgl&%A|+V(|+;}YZ#xy$yXl1!Xoa7xbdT; zZ`P=O8IVRX?XETWym+{oBEXC;Gsu~23OB*IX2u|tVrD|) z@?j1m_z}Oy?11v4)Rj{hQRdB8r|0b+T=b-)Ydz2~3g9jsCboV>;utw;gW}m?_?#*0 zQkJRm%CU4KLcP=HUX5%~4jSALr-EtqGPdd-A!&zAk#C)QV$h*K$(DZZRea+tgNVT5 z}qB3#131Jx&D1x#Vkvmg+SjxPG_1#X2aL=7N%h;yPplPk=BDQU0IvT0dvZ&K0yC{=FC$bT!m{!-N5b>sZW%)J`w zFI6pIFW>DAs=qn}Sl8aiFt>eQe=>8=q5B0cK+%7Fo$u#F#hd#@|D!a$U*!Un{dW@; z|77NOhXBPn?}Mse_wjD8V*M>XfC8L%&2+as&7W4^^Wq=1?zO7TuUhx6W(MFi?$YL- z9e`r@{@XC%UiTJD;?mME-P|<$dvF0oHg6081ov*U0hoz@@#cOG18nv$zK8Z#-{#GQ zPU(O0D=dI%e2XJ)LCBw0--`)A;@;e=WBCD)zi-ktn7GCgx1E>&!4yFD{<_~t%kuw` z522^Or(bjP*MGnM$Z|i;0fGqlGv($INbpbKTH0!{P#ElYCzq@ zk@W}Rcc;Nh!}K3)0Oa|v0MgMh{6Px$`@E2!TDX6|BFYMo_J6^6bd2}3Sf|V|1RuMs zDU|7scUv}TDyV1PVmzp@_QxMQO~F13C_(xy>!K3Q7S3&MZghvW#=hZ)h*p4m%-XuU znZqWxCQF@^&x}LWH)l3Jl-WHrl*>IK(uww3?<0#|bJ1A$NM`8X#OLkvp^-g|s~(o6p4S?q4=Y@`&ki2e#wQf4GwN?8>35Gn!4{8zH@vKGx6kF?$5FoMczxD? zMb{;7?3~4DnoJ!s_B!+P%i@v3(zk~S@o`4UK>S}%Uma;dl&rQmc5rY1N$}d!DoBTeDMm?3RCDQXeA0sK3C6ARE5mt z(FL6-axwh4`S74j7v!qS1s$;N!<;_xfkKF35vxf3?*mLo#&jem44v9ahF;ZegS5On zBGQJ`jPWZXD}7*~`bhUp&mnp@T@0MLLgObjnv70*j5rO3=8rt41#dMB#po%UKYnca z%6L{27d+6w1;J2fSAe#G)Du?5p3fghREpUwPeQd9V}$V${t%cVLNI}@O6HJ?sTYR!xTZn%1SDk$bTkU-)}*G} zEWED4J8HBQZ#t*|YyMuWZQMtke#U);Oa6HYJ8`0B?fG;0dUGzJ+Q*;Oar&t*3@$G! zuN*>VD~Fi-CK3)_=?5XF5x3)B$gSi<%K@L3P+=#g?R~{N;2X^C%=S4|byriUQG0DO zHB=XN885=o)dtx|>=h%9};| zCDsSZCBD8V<0zW_GH0)SiU&?u1H4lP`+u~(bySyI6ZcJbr*wDskCN{0?nX))DMh-w zyAhBQkPhjV?vj)iX@Lhlcpv0=yzlp2&-2gmtR;JxJ=a{W`CK#myH8A?yOqbX;)Zz4 z3a{_z*?n`xC>96z?rhXif1AUmOi-D9qqs&L2d4@B7Uxo8Hu!U5Xv+&F0dXba!J+;% zW6YV==ino3)kp?JG822wMcclIj#%1CX^qtwMM+9!ycDDk19`RP&!TwTw>XsSa1etK z!2_O4EeQb(w4y3owo5@h<@`W%womn`ww4EVpY@EGsi1;>0I@&Dd=D>g>LAHpN@OXI z=Q5;0COkim9m$iM4te|GroceVm7v6|Bs-+HoSTq-54b4O_b}k)t$T8N>)`txa8rZr zT9vK&8Klfu`74<>LMfG-5p?>q5>^wcCWO4`%NrsUv$8AEO|ff`aihm#uV6i#h0HLI z_zK(EU{R_RiLq`LAz+=kz_OJX#eiBdg(1PXy(@APFOdS#-$LXd+H|izLrwL8UFAoi_*%9Snq0wZZpS-&d-?S>E%ZyZ0}-DmF`m-W2b zSXA&#H;T|d6a4KV2@?9Xq(mzLdY;Z;Lu5iYA57RBNUpszB?|R&HZOC~3Qv#0m1e^8 ztX+c)(p#Guaz7l=A=_}_)4N;wDrS9$_TNaGYwhK7g?CIYq(qzZz@%8f7Rw;dLJIH6 zY_XRSO&cQm%qqxWmh9urO6`F2=|uM?UJLKMn}%F5Bck-G=qCCS6(uK=ST$=QH-{tV zE+?AL%j-5vlX_lUz$^MPrHyJ>I_b;1r(3aS?==%6t(k03`wob@Qr@hE56~;AJTb}d zcfj)s;^8R#(B83tM@4@;O42#U`>w^0Sz|BCQ1Yb1z`O-xDL7KND6J_ca!3Cqtd!yB zwye830Xrmzjf~TEN4bU0EF%|1OBgPaebhKv(n+B+jwk8LVmz(!AB1PkT@WY(GV^_i zleCz2H(9vTRN`LG&WEbBU>i)BG8bdW;>M{k2omx`aC8(<#FbkF={0TZLr)R_dg^Ro zHmPZhd;^xX34r2=)GE52_ushUsnp#pIuNc>{oFe#0PuC)1fEbbJ&a#Nu3(#GC|(cK9B?jW zMNa5A8EGXZ@{FVgbPoc45ibJ83(!g%*zwtIVl?Z<-1zubwCUiX#ggzq`x4Zmko-^@ z%43cel2bRag&{4;IuPHNp5pTm|O#Ql@Mi_{`u|RAyWMY+cj+mT; z;4EEIKuhnfy%N=Y{lY!xl_@9l$jd~Yk7&9c_^4qmyy16JsIp1Mxi*Hz-OaqFop&?x zUVv?+CNNL_l|%5UCw$_5di!$29YRK%{# zCeyy6f)RH--Jqe5S1i#f3IPebdtzC3_Ub0vPL{=Mou0(R=YfIzpDcU%)yGj3qgY0n zHrZgGKZPc^!J}}4i`Y?>^7HN@WV7kfr_&y+NFy;k*zYbe+ZhZ9Ij+Tt=-=L+$k@%Z zi`VERrQBG1R-^5Cd7e(^4Y73Qj(#_R1_o=&q8llB^os ztk@gCUmUZFCm7y8@v;mkbfd{`Z;9Byb~xp`yU~!ANN4!>ILi4a9DQ(i$NiYqce?r4 z((!RA|9}U6p5*$SnMWn$!#e(POYH&u{m>ElFSYE0s{S#c{G`9%nR(>UgM$7sFa1q_ z4@5-%H9ilk^!w8Kp8kHf`WG(%{}8Qw*!B4-Z~8x&`A%U!=g1yK_iy;SpJDsM!v_3A zw(`NlzK6fxS$VXn2Q~TQ&^~~_??3g&CkDO-dGR1`zeCI2ow7fE;XmQ; zznglHybsugjrlh>8$LvrhZh_Ee}q2(~LhJN_p_1Ab)g&+PaK zfA{Ut-z|R>#|QcSBaT00EPse^{!H_~Xz&*oezoyX`SL*kS=j%t$>sxQ^nUXS`p$`z}pXQyr>bd}Pb*9(Hz5SiwM%g-C1&5y}E<2&k z(hO!(u80_x2R^$Np}8C>PJbOg0CfS>gJQ6zZ!_TTxEhs^ieWQ;s0&Pp*78qSah;)} zI&}4@zv#$W@MYcE(PTyD2w1B>ypgCbjOAC@+BvPY@)Y2liYDZk$(5%ZzxLI(x%pCQ%GGVxXN86Yts@O0V5IDgr1{j@Hcf< zuMNh&ytMGU^{K|CKID4xipZ>K8*(L_X5RmXnt&t*t`__mJ5R8Gl7EXB9U|qSZL@jr zO_8X>T> zN0PN$KQqkR(7fd?6=CX)Z(Jq7aMeIewdbE~qG3&X6#6KwkRcE+RI8ECk)zoKb~Li3 z`~>b)7me|1wgi16E97(wL_Jeeh<2&?J3Tr!VBn+o+0EJ01z}MjW$_`0QKP0W1I?dd zwLx2NakwuT=17FZDkdY;M%fV{3>|m)ZIbmL%|{`;4SQw7XM2UF)-xPZqbF|)J(Q!X6bg!wo-aRo#Gp@RYhhxW7}5?Jv^#dojcQ#+nv_~4qmATUp-Kfw zwtGXndY`))apYV`*iVBOjGKoVI$$TKv^TM&nD!0w`qi$JufUG&hR{TjRFc`iz!}n2 zo(jGvLQ(1$muXE>_2tS%kTXz743BEXY%t811~}=rXW>saZH*UX1sH4>64NiSWuPC4 z$#=YHCZ6oejVMl`G`ux;<3~=J2~Gr5(8vghm?#u!KecMgpFc0*gPG7J7hm5K&dW~0 zFV)J}2w0iyY#1$?)LJa&+rzys63Gzc^uHk$x**=Uc|{GjQqY&`suNT~%(FVg8oe*` zA->|d9JaG2D}hjle^CSJLQR;zx&;qkc8coVp_|g!Y5tJqDGxrO33tG?&QC248*FJGblz(`lXL_>YOA7=7wlqqKYA`eF{g3 z{!({l8a)EdV!e6>n*S7)OR@$$m{4|c`YP)XlzDhC!7X?}b3;d)V8ktT5aUHh*pm7d zTh^*+Su1FJV%DLtx3b^admZe7TJ^6nIcHBs^Yg|PdQA4g{Hc`2v_%+#HuBBN87-c% z`CBN8b{&@c<#QJzO>{g#a7!=p$=^IoI~O0RaTd3sVj!fn2wQ>8A;fPq48X>0i;#j9OBFU+X#@oO!Zhz4cA(#z43g ziolGzOBdFuKDaX&6kL8xu(+<%OIEcCkW?4zV`Nv^s)2_6)kzWMjB!#dv2#-FN&B^k zuiFywg;WSG3mcT<+qTWNFMQ1EHK)&{fzvCgAY-z_F<b9bmw@7;LAs9`m|iX4w-uWbA0g4Kx^ zmlAf1by_}9t0XVUy)p(?(wZ#5w?OHDXG6CG~x6h6h z0dwjT;%~7j^w^3|0`wNyiw_vQJ!J4uY`{6old;8! zgq$UxV*`-mld5+z^qFq8w3`AyXr6EOHt}VAQ@cB$G15`|_P0z7_)+TqEQ23G(%s)N z-6_Vov3VIyR}5AP3+{Cn>E7hw5CmGeHl_X;7u zTm8t3$Gmdi^Zc9p?$PJJn|i3r`2bru82=w~-;a**zh&uvF7dqo81biP`ioBIeGu>4 zoxfZCYY_jT&G~T9_de182P=;g{a+aN2kYLa#9u7=xPb}yF*N!!Ecd(ldCu;4%O7p$ zaehDC&V7shp_QL``N+zH{Qe_ia{P*zclSQ3e!uroADfj(Cx+|n1E_IGSjtmYyH^-A z`UKILANC2Uq&FqoXID%@n}IR*;;Ddn9VNp>r$;EUq628qO7DH2Q9= zk}Qrt1<|ZHzfuM894Y)2r9DQ(d@m7j#>qa9lptb~8A!8reIfz{P+l*9sVAmJLGy&i zAa!H6>U{yJaSv5a1qH%1VJZ9i*$>R*f1MUM%C|Q~Xm>eF0f%zJe zzJgl5hjv{UWf{;|zhpuL^;^j~pcN|AQ@z0RbR-3h7Y2RT&mnd+M5GXGbG2H@RnBtq{R(Jx$2I`%_w<|Wb zmAu^)Cno9M<~E(ZD%et-C8+K4t`nS^B(2{m0S%#8$lCu`g`iv#s)xrDfD0G1%E2-jw1b7wp(^6nw~KDcr{VHC zfunTQp7*?_`cV4ri8Do>jhM%$X6-pv4}+=8{`M~dMK={#0rQ9#`h2_9f{_D9-?#{a zHvGZ2r-}q5Rw82DVKg_H5POT_hS6x|q}_^Gn(UrKcw9Cww}dYro0F-G#8B_SHEtxg zkG52nduim2_JU6rQwAr9H<;AspB|hS#&4NZWl5z7scGo%Xl!}zQ(lslWaEo~L6WFy zTK6dj)hh))^=;#&rDyg3{r%smBtE7KYg3%Fehr7!H2O=^`Q_LIF4h1{up+d@qh z0(R3PrKOaT!Uu4l@YJO@foIxpy?E>@Uqh}LX3~6e#zDdRd8x3!X-ONgK+s9xD(;`l0sEydhFrZdKv)Nx*A}aNzi_TsvXKaBEZMA~7tJL;Y z55HGKJcp>I;@YAEV{|TYm2q|t9q*}lR6u4=a^C`J-Q?}pm9KNO4of0|FX8&UAOt}C z6-LdZ#9CK&&kgm{E0jv`H)AqXrCp8a0Zjg$>LzzL&^n9jlQ9FJT(j%yK{MaClsaRS zw<73l$i4z9x9q6J(y&=<#021ehKEXM6T{axB4VjkeWSpSFKb|>V2oXz4n(umYb9HE zfYghkQYcU{RI3pTG;5eO{efJ%3!NTX7k0zQ;5u;_mFP+G>65l?JTNh>u|vTpvrxl! zo8f_B>q>~`m*aZrzDIHr?gxmXAM---$UPpsbmvv6$FrZ5llBYy zx0o1edcGRI=!leI+J^;F*uJnR4cxaQ^!YBF{|3) zfnFUNTWy3jL|2r^sc2l|n(V%gufW^A`%@^kVoi71u8?Dw#0Zrzg4sDc6dWNX+o*0e zte$`iBOZZTBjqY5dO@mJkzJ?HKL3-jgAx_@5|Ig2Mu|xjW=i(x`fD>!=xqCtOti=_ zLW*Y^>FE&bJJt~5$5X|G)SPSJqieQV!cy8B0#9C3o(3w=GplKMAru>a4F{E)IQ)pY zpGUPoM{Q#*SEW-KOcfo6iu%a~sy7(wn-ezb3qh23**zWhGX|@?)+iN>~a@8?NocB<*E0z2rHo?nFzwMGVWW?5 zYx#gxplb%R=PodQ!-y!E06+IlYJvgwJVJM;PG$+%7WmXJi@BuJ@R|}=W?2I5*)q4O zwx8x+2Hb$n?5Nl;&Fv7t@JLA!k#-9Z%OD!Fb+9k4xuluUk@Bf(htc<9>wMn49zq|0MGM&JS64@L zA-CIpDhu9Sq;Ew{*r-V9qAXUv(n#7|anoUa|7vK_vqyDY2KJ4MDC{CxNoQwj#h~Mh zbM*vW%?To+WJC$60h|n;0INo$=&(9x2Ey2zw|=ZWMn(h(r5T_m>2iHWVC;VGmg-z1 z%RQ{NgQ$jSI~Bh@H1zhCR+lLUmJUW%#Na%|@UL>|c4c)Fu|MP_V8?{XyIEJS@p|~m zrL*{A=H!Lv^-c=j8WcGWs3PHp-Z*}hjn)x|f`t$O}-!1>OV*N$+^1CCP5BhmOgbibYZF6r-9KibV>CSiKGo1eJ*-PK1-Cop$A{_ud3_4tq2SY>c$JC$F|XouV|i|tsfz_R6AF6-*m&x`9!-q*;p6L$w1qm4<22hL&MJ?Z zndX)zuPVCqr#ia2i`S}+n7F-yh6;_kZ=ZU(s?nCcgYUj&jZhRRMvC825!Old8NSK=t8NKDaes0Lb+_c2ArBZVBk;6i) zFA?fW(HpOp%V7~PKGB05XAX`Ej*4~zfq}hbdLCg)>&yQxh^qvFmr;P4hnZS&GuH2& zLSku_CWg z7G3a|N*XoKvPCl&lNCD-W6kAy0R+?jX!hic+Q%i#r(j)QBjFVn5UN&I6>E0vf!-!t zj0z%rVTu%$Y){uB%=TBf=zS%ci0C`5r4$ZIm$>*$W|UAA;?&L6NhSf_FdzY5-*3GU z#DHHP5uEuYx`=ca8(GA&zIXWpMIc*hMLKh&^7yPF{hpfFm4(pC2n3Q!EzPbB8&B{) zaM5!&j29|~orC3xlJ!j{k>GK+;xIf3E|dfpB5^eYYb3=BAh1y{RC+DIH9MEcfQPm% zAroMkJ<$1SQIM$3yw3!OuDv=L5*esTX`yXsEiZ05Gp#<&iV>P#>^yOqn8%6rnLl6~ zj|e9S{v=(_8PCpSf3&&aTJHs-Nf$^5>jnWO(^RY|)c{nO7A8NR|mWr5G zGHKOnYJwRI_G>B#V#GLvW2@^>_JVmx;=cC19>2O8CI8TAycB3FGlxXVetQG2QRRA% z-DUx8b}OkJrl99Iv1-|IZIK*vV>W0f0=HKIJ5C*Vwa*DQz(&mhgfnT!3^w-Dz{dJ9 zY(t-_mWZ5MN`#}3{XvOXK-!dr)=i$bDvr}u`-=#h6AJGc?Y%j8mZ60ib07%i>j>dp z0#gu@fQe}nnlZ*k=~;c$szj;xvX3q6a}D`~-c0;yY5O-+@4W-IG*&Lx(NUr*I9dRr zdn~^4Zl8L6Wn{$-rvp(8-1YP@I%}*F9WGL?au66h!j%#!9p0rhR>}gfV~S(&an3eSXxd3qbA`Bn8fj2Wim(+ z)cPy#24MEKN;!3)b5L{GTM68TTyD=Vf7AUW4BPFA`)Fn#B(frPkGSG zI5Q6QJRW#9=Gy$V^GwgsfPMofg>E^z)Jr2lQ>A!~9!P_4D8A2WTEhJ3NS>HZz?~_i zlD|80oJwW@qInO&DaQz{%BAJ)jLA}xZ;z-Uwu_|U4OjLVFZu1pvllR{5ffjfi;Lon zSWAauMoTuuS(H`%_PqdN3AOQoJ}eFg819R1Caz_n^S@8&wChOd|LK{ zH&z>9cddRRY%5>VJ&}x;wYcZ}DpE2zAXo&VNJ{((or4fk--kFI8iBeYM3apYhPt3_ zrdfd#^=*HQ&~j18B+$>qLA^^2xzadv_H4cx@4Fq!bbV54iVahFH65)8IP7D1 zQ>dy`iwOo?7jInAUk5=~ypWQHbbkw1aJpJm5yk+DT#uJq$id{nq35E6q%jE^9W7Zr z3GdSmb8>RpY{Tf_P+Qu7kssLy&6Zb=&(YDFm!DD&ShQ#z?vrDud z)C6FZB+^gzwZuI29e&Y%m>gaF&yEq9O&jKChp`;YYSmX9>uIRoGMZ~6l6DRPsAE z9HbJA*&`FqSMHronQl~m#ZWuWPOg)Vy>}aLf>_f z=K$wn$bzpQseCpNfP#jf>swfs9~!g{Om3g?A8iHUU?|S#UHA`JPGM zPN?(m7KZFj%~#%e&iBZiTICODmU=OMa%*_z(=-VWG6H&Pd$7}@Q76T+zt=KoS;97$ zXg|(e%{|Jr6c8~jz_yfVDAL-8YbiZLZ}i3tXN)$oS?}FkK`)n&Ug}{m9O0pC#m0K4 zAI_)EuTIi>){T0(KoI($k{eBoEs71qY~V5UlA8CK@MJ97li$UG4OYadmq!K~P4`j8 z2Q~$(HXEI`4p%q^)msD^8anea_YC)zSSSW5X()}N=NnrgROVC9;E+_Q>{IbD@FtEK zB`XCs?jUHYR0VM0we7#d49P?~d3Ao0Ny-^LZ6j8rZ*}#-_$=JX-{AvCsL|50iYFQY z&tfxv#IgoHBFV_r@W`i5Jl;90r6t{#ndC5?A7v7$CPp+mT9x3~ROfe(GB7$iJ8B4^ig6RR1{|{JZ6k3gpKG z!^8-ss7-iW0qPV|N=6=rjf3fvjmSJI` z=U`*FyIavj+{D7n-0?2dKMwW%Z%6n5Z2t?6vvK})bn}m4`cD22Gy1_(`wPo|Yvob6 z9_I36g8j+UY@FY7_Rl%=i?-))dHT0j9(nVpoc{Y*IUDD9ukZc&>wo{zLH$M4>gP-P zGmCz+{8vYQ(XqN)eb+$!&*{(K{`N=9A7=3PU@$R0csPHt^e<+9eiV3Q=0Pt1foM4x z9|@jX+s^eM-|XwPk%~)G6LorSf@~8Vtv_Ww1Xfe#=OYzZ={RD8Oig`5{o?M1iQS=Q zII`euE6zHp<4*FTg_$Hb(+xN0`yQ-~4v#0-_a1DitI3>CwGPori$T3Bi=M~jd2?ch z-rXqeS^fEb!(9&+lj4@gBBW*{6tnA#;mOUKZIz*$ea&IUoZ-oFuSW%tQ0FSlQ@X{r z+D`9fxr%d4b(h;)tw6&H>LFh`C!nO#j za!&GAOY5VNCTS~P1hJ{t&yJVu78?p1nzIB{$A}DKPtK-0+1J~IGJC=AY++06wqmmz z=9_9)8@o-J!|#ZYB1leE`oKvsk|cgcIMWigG| zj0=)sQ>-zi{sA(Q7YKqUqnF++pkWvAsU97)0?V4bJ>S=S*IK_SEPfYhx;1wJREv)8 zfT(9SYXgbLe+IP5I+sxo#jZD?k=JV4QKp++PR^Ptj;Jc%h3l@JWGwl1)F(X&04{bVSo+pH?4_UQ13prmjQsT_uJTHHQiy>B~1(O zk?EG$Y%JTPrI2E0%NUY1GGq`wF@VZrgB9>6fnR zDy?Ndl#p4gS;IUU`%(yzkb#j`Q-!;zIE+n!g>H|?k?JK~L({4{G&g;?w|eTgLy~#? z4Zgaau85`E3vkybHfVM(TRK=<6RlIC2fBpwE9*PeZmMnsu3Eq_{e41N)EZ9_pHph2 ztLa=ysMdIFFKUt772JYB%mw=mSF*0n%)KVWR~@KLeYK8gM{~1JyHuR{<(*5>`sj6n zIYzub$YI>G+cJ|y?)6ZAwV~G^LPgakbS`@Ev@(j*O0MLDt_!!OrKbBEWyHnt zqzz>4idedPhrM*WQ}Y7--mnHS_?vubw_2P#L9#<9Hfm#d`@tsRsBTWJPJPIMtRVUY zaADua-RvbV0f?{wO64B=KnS89pw-XsVO*Yz$7CKQrt1hvk>bIaAj9^Pc_u{{QcbcZ zsJm>9yheL(tvPA^RnmD9lK?IE8uvt8F#1g+-(;~>xf;i;GES7}GpMI)&XPsz#wS_Z zVl*s(etgC9_-&|6F#s_`Zy98EDq#?f2LtkxQT9hk?h(6^d&yk_uZMSbV4}SUYZRl+SjeC3>}Eh$9N5ugs0OF3E1_ z@#)ekJr&{0_y7Y>4{k>=x}P1S;Tc-wi&lfM{f${__-=$=3G$YAgjwR9f!-RJUSc`I z@-9p&`Miacn#2(})EM6+)Pzs~lwkT~Lvk!W$=9Jgg*dr%U!I&n`Qz0SYA6|C*Xbvf z=GSWEI!Bl9u@u>?G~LtRCK9lg=X+3kVuCy2V4%sS#$C$I1@)qr!fv$N49rqFyK(Z3SUy_0<6JNlyA$A|5c;kbe4=MoW|k}6v-lFG-C}94lVVnM zBhx;BC)H;}kxKII1sH%tYzk6fmO}l@79r2m_Qol2mzM|rdPA-Kb%+K~%i}fOMkmN7 z#^P9Doc=~2T?SN0MaDrEinNWj9AkX3GPFEdJ>`Kk9vc-S4(iI?>#l}$enIa;UhU#T z7^YbZ6RFe>rn-+-htpLs&rm%b0vWbkUu0qw#aB^${oX+&Jx$`vq!uKG*)@Sn)=j6* zC!Pk?xqLr2)b1g&sQlWbjk@MjOtr}PwORgrg1c{P( zeKi%~>nVephLyVYj5F&qreyJ z**d=%1hRi+N8RLD0BaNIrQI<|xt704`%D%huOTV}5ULH3-myoT@3YzWuqAkgG{H%G z?g9zaoJ^%$`NZ89QuO2l@^Pu(lb~{>#zc+DXH*o9WK0{km4@zH3sV`-VmFOFSDCTc zw@gvpSJ5zV$lXdwGkzq{g*amD5`fLGzdeCe2YV~kwvp4X?8f|*)g0$XgBR~Z>}_uYBe+s zDW$e3vLI@4q@X`ud*>qadsyPIg>6lCQbfvY^-SX+AQO2U80F6vg&RsBBOUGA;c9?3 zk3^jq*Z^DDH>?=p-3KI3a1&&0rqx zn6=Vc1lpmk8n_qMDHx_A!Z%-P6gA^ro&wKXRGOJ$;*BeK?8c2vhlVa_Djh^Ro7VRj zr&+9piEMae^z4#{NU!$P7=K*}DZv+D4(}1s=%bW*rt;Jcg_LR*j*UUL%*Pll(v2TQ zFHVUV7!>iaoX{m?Crujjii;Bb_US)_TJ1@CgEf(C;f=2kk zqWg?(d!!85z5(GtxpG_c#N9q24U&VXOqn5~b6xmm4PP$YE&~(T+Rs^gKc?8G!j!!OE7x)(SFv>Q}rglzF%4|=KL8aL-LW!SWECP5-zjuvK&&uoJVv-vUJ~p+a zev`W!P{!0MF8O`inEe4={iBulx9lt%=YKk!toL>QKZPJ3|4C(kf%*^R{RwrCOg+G=2falA z8~tM*|F>hQtekg0`fFS9;SCi4jt9i`I4A#ejR@Pl9?&nIKKh2i@i@63Ji(ud`Tci2 z3jCw}K1}OJaQ;BvmhFdN(Y>X=g7}X&gyUh3-#@~8dE4JEf8@x6)c)%k{spX3gg;sK z!RM-fd3Fy|`pyBSyRnX+;ymmHAN@`sXDjnPk&M=uu-6YAA;g6{|cYnLrx5Kv&C8U@x*uK!v}^npPZnU8^oN zNFW5T;B$xXLQ2TI(NNJTcr&!U9&@rWIC#=8b98?6Wp#D`Y*j-H21wEFTQNVza6++* ztsZ87@s5kj?F`zIhr`j=2E(HRa4K=4R~T<{IxkOF3Cue8Rt-&bV+^m44eKurV6R5g>v$!8T z(BC-|z8Qx52{^h-=Cks*z$JGQO|#{)=#@D^&ow7nzhxVB&{xBU`X6WeLuA6INAHoN zn7dAqM=jrCt@P0qDYnzq$uGj^-ITH`N((aN1X_VsEV z-qPJ!&f}CYDf4s$;NxpoFqYAU(b*$ML2LfEck^^_LR_8bQG=iB( zRhymgB6LP};Z0?h@#>hDvQtUlhLUSF_b2LITHmX0Wp@6&oT z0>(UH%a*|7G=$@W!y?9yYthl`_722ei}E|dncvM zr{4}2^fI!ayHvGtOFKJZX)BnI88G&et?x*J%D90i`a6BG!#)0PtwuhWC~Xz7j0ZjB%eQ&2Pgb*# zT|?R$D+)HdN3G}6%iN0TiMPbqmld>M87>l5?iz=Xc^3kZe&!71M??A2PZbci^v&~V zf>FL5cM#FNhfj*PF{&TlHCWGi6OVzUSyO=|g#47P4r~A`LXX8V)cWg6iIf8^7SAU@ z-5bp`s$+(590r;c#}pN5w`WHIhni&1=850+2gGsWDVVQ}PljH%)O^b{tc*R?KJ`c~ zpqF;Ueuat}FHWq6-7Yrk`l^ATVUelrjnq6u4Tks&ZMa@|mT%Ff6lE5H0I*hJvMM_g zsP{1i8+aJ?=kH*3gfl@scE>E>wdrLbs6+SOK*r%SU{Dj3gn$g&R(@s)e+oR6-au0Tk1%!3HI0ZxFlWlv>uo@HIgvp~I+mnIM| zk34a3C_j896nBGC<@2Gj#*sUhhsS;YQpRQ$Cff0AsN7St5^HQU%(}OgrU10-)V_Oq zqpI5(rJI1OW(=}w3eJY5Ymd1-&yg_ZgZ2RSM(elU2&Ms)Wz!;LLc%~z@s~L_@MVDU2va5B+;p>XXK|OkbV(+N90J-a|S2%8pIf)*Qv@cGP zoIJH#7kz1g5V`CI?*h|7)*iNMd3=`^{15|nH>V3FOB%0nt!zvj9pQN&{V;BpL{^41 zv`{4)KGxYfm&UW0UZomDy7cwiMwm8VU%c;MEA26RqEOLmlR5@T}Y6caAOd!%zJlsrE2YwW2d<`yyR-fl%^KyyI%&(GMpklBM z;9;3yzrHNVqA~a3JXD`o@%1uD{KPXo8lRK{{~FtM%?8&aTv>WJJI68^W0vzBzuTsR zJ)CA{yp#;hY!uM9z=YN!qC9&{=By0L1}CdPS`(M1%x!TNfp^G$tq}T1j!F%-E=AYbSp#h14TX7$G48n?9Z=#yD^J{S zgf&hLPR&XmzuSA`H-=wkm+HomX^M$}XPG^6)opYH9jc3-tf75Tg)*Iu_M=xo5}g@p8on+~6t(N8c#?3NgV4JvOa7CJ7)qgetivf%5*T;`LJ zVKs?a_VC0_6p5xVUSEvoeDZ9QWiyqd+N$Xv_n~G;AV*h;gYg^Dl$%W9;Fx0IsQ*Au zzwgD6{!tb^7!%I*W5wNs+{ymlU3>V`$*`?W8Heq@O~`u8;Kt>8i*5^bIvvA4drE^| z#(}vc>x`rMcyxhDe~je`tc|~SJ+xXqb?#*o;(=|*?Om@J*(B!p_hkBu!tJBF`@t3E zY(Hd1|6F$i9s6v4^*y>z}mIs22F{=1n!aKwYFFxh@6 zu>P0*JmiQ+ZNB>n>))FBl_!3YxqTGizmM{=-Rsx>;H-b)8o(p0cyPhXZ_4)8r#{LYO>b{>GmV{H7Jw14>e=kWd_T>B`z_gV8hE5Ca4P`~!EH-AIyk7w{- zym^?skG#2u*xy-sKz_O8*bbA7t(yFq4Ia^VebLx$wEW zyD+EJMvOWzC@?0@Y(Qj@BGLk$AVlhe@4hyo?Fy%O{?Z&*BqZ!?r}k2}F>tLX)&+N< zKXA=aZEAhIXl#d~;rhG!)79$Hr<2ak6TQyMifT*7F#R8i|WYY53zX|eoe47+JiCYIjlUO378`b}kWsq8TM-V!E zNFYh~l|pn?2s6Y!@VL@ylySuj*bK zcUsQ+VxViwypDglq%i5@k$rCFj}fcUf&Cot6(SCF%pZ}Ea_~L7RczrH6KW<*kCACE zw=$XA!l#hdedbv+2s+?EW$m#nqIyHtf*cIe1X#9y!c2gHiYGNc6G`Ne7ypH^I8hf? zL9v|O9{E7nClP24I&Oku;U}oCS+Xe(QWbca4ur#o17p~~grbuucZxdKy%MoJR60p;HNpQeWdkS-OJ$8`Z=5HtU@{0cx_RIC=4{Aa?O8aSR zCF3_{;4hx(&B8G$LMRul$3$X_kA|Q?oKN0LwYG1bE?}eFz*d)~p6i`y=70j%c{^j zqTqAjXl^YI7rIny73lA5)~T7flshXb-`Shs3~xw+bvq0h`pF0u>Y(tz+6}`q={lx? z9H8l(5BRBJ*MGQ*VgEb?+-8u#qok-Dp$Zou;lnPG?G4d34rv3ihmF3Ju;^}wgKZh0 zJ2d7172-bKI;E2=dYxVloi48nsz4-0sBbbn%e4zO8d_q+y8_JBfhloi>jkOi2E1}a z5ZTT^>m^tbgLh^W#%+TV)Z6(bitUJUrZV15o{uYgW@3*TZ8)DC&VH`VPW3{CgPSjR z{7{$NHtIbJkEsY`CQ-fpNN_BjA7T)ZaK2MIZ2UlN`i|5vqB6gng0vshX)(^KS73$X zF_fQw^t0Dj&Q&LL(qwOWUGS3S>E~Oi7P|QCR~4efbdy~`jomm7Op{$yO~Mcwn{K-9 zq_C<6DM;k`kxd!`eYv|oz0Bn@M8NDh1O1dE!q@2=+GLKyN{VQDqAk)}MWA0k`d+^1 zwRP35O*k$KfxXWKze-Hhhk8Y-idK(fkIWuyB64$v3^Fb0{RU2rY?zf`w$qI^MDviq z4HRIGw{~?AZlMMS;-`6+UTUms2Bf0?$ZSrXuomiM-&kL)Y?xYiXJjOO&GP0s%SoWI zSn||IlCf(07UP()&KxvqU8V@+h(i`)f(he`KyA0JnCbXXR>dqqy_*c5qc)lG?DT95 zG8QIi7t4xb3?amYqE7B=Kqf|lK>}tVXQo^MB4R|q(3pd=fzq+Xg)=Hx-bS;{I)Fj3}u2ac;nj)uHC6fm;XCrn%lpPG{J@>iUu?+|BJeMG+f4ZZe2CbQTAaXGPaO`NT>DE4b)t6GGhuwmQwTx9 zO_(}3jWcB=wy}Eaa5&*YSVr`Sq#AKqoT_LTkJ`Ui=*D{j~w(eEhbYsQXrN87)h3>xw&t->VdQawZ$^pg`H!$T0IM|IKi=<`|rXz`3F+&nGBm%cmKNnm0L`%mmrp)OvhSMlj4L&7bKJJjlg7TUMPJ&ZQP-2WL2s zqP818FGKX~yJt8ay3-v&cWYc{E$VtYGW!&xU>aoCnu_Q6yI?j@p7ePZeWLUGrb0NS zjk|zf5)y01a3^PC0xl@t$h1 zbQY|FzUB&+8ED*bQ2t@{EP>!>kP^5PZGcbs7d0;zP;Ep;Qu42I4~JTW#H7sM7a-}~u95?3Yw=Kde z*E7deuQ@07DCaJ}ovbacd|PyEYP!A}1xIauInNa+@|vm!m#v~TYx)v&Yon>vM>o!* z-!&BTy5=ku;0Zu)3Ha!rdGM}h_2*9S5w85kPd|39cf9iFO(XMP6mTDGV*kfae=zgg z=8^fX%lK~`ddN=?DolUp&%-VL&rR%)bA$AE?D}XA{K$_7d;9NoA?EvYpucK+KdY7h z!PWyv{Z*Wyx$U;SEyeuaZTtUNn_<2?EBiOg_CLiY`aAl6H0|H3d(3xdh<_ToU$q~N z+kYJWXwe?-{J%%jZw=r-Depl+?dPj|Waa?@Jf^(=orI;oD@XmyWFErn{bYWefc@j> z-@SM!b$jQ6Zcu9+eiPsi3imB541;5^O*Kbr*CQR_G(YEF9f$mMO7E=C$re{Nxp~( z*nt=tSTFIyD8FCrxwlQm@crHwC#&uS^G@wPkxOi`$nD*{A{m#>k<0Vjgxl)3<2?Hl zV^>?-QzwgDVQvUg`#wm1-2=ZY1&^V3whgPm%9%0^1Pn}l#rgb1EAI)uLJ zaRT};7qNg9%3Coe4>ZI;H0MhD;60?94!4fQxtjX(EA^Iu4tOk7&Dbv<1kn8X z84DeY)f2i7{C)**#EEMb`Z~^o0zm2L(Hi|}bKvQqm?I5o9J!N`qgZIqgwiyX5T$wb zz|4uCJ{j;sOJEfW!VkUq4!t z95(iH_&i4GsGq>_<;Fx%z06qeZj6ebhc;2}rwXr00IG;#fn8{*C(oXHq>+`=LWvI0 zTT{K~g9Z-bW>N*C5T(lEV9oFf07Q0T7!^niDq)y3R;(bVO=Mmz&?LuT))V8_;Vuy4 z(R^+GA`(p%IH|o%Y$m&-*#2YNf?7r_{d|@d(b&b>p+SUY?*2`-g!G_|o<5|Lv4@LQ z-mR|cs1gUT6Kg-_g&;a~p~;Ic=}ti#+bxr}QDcZca@HPzX;X#B&o_ zy%)83ye$(kYfx-*E$FCosn3|7N5X$0N$zjtB-7)(^kZ?oK0O_;7Pz=MyHZ!5msguj z58GQmO%d<9@Btx}*_@LlaBn6JkdK*Y6GmTxZNpk^Ol_xyx!?hF*{HjP>^)@n7rfO5 zB0gX|aTsG+F_I@J>O_}TnCHX*>z}Bv4@guHq*7Aq=v^gFo4<_SUdhqh6%CWE+uoST zq_)5)&0+bm(23&dh4gi%+ji<=e45iLX0Nz+b`}3b^I`}6Ng53!Eci9ssXs~05vB+y zb*lba$)T{^D_^K6llQ6if@)t%q@l1R@?U%zkY7C;%wUfRiV4@I$QuJ5a9w0N_+WWp z2e`^WgF=65q@HgaB;!SWUQ?Eh2WiJt)w9%;m>f#7eVoA>%ZjyD3$c}4!Re*+(Q9Ie z69_n^9b5A4Gs@KSKCK4%wRLQpbM8Z{bh8u&b9`$aNnUGq$5uXkR#!qgbApf6r|(eK zyzCMZJ~$yQZZa^XPD#qHPj#T`iMy%m4LVXb<7-2)PiEB2km|!zeKT0==1>f2)eT`& zK_3tMgz;|7V$txb&|)!XQA_>ZCB|0`z+(-3fE=)#EDUglWtvm*lNMvzWinnAN+30M z_tVx`LHz-|V~D*=|EF>v-R-`B<`o(sT~yK9#!*ruwL$ZYj2Rq#0h*)Ls2 z7nY-vU3K3D23MQwE;FW8L{zjo! z9pHyj|Kbd-1(nzt41g5jqa$In`)W4rf?^k}j(PeM%|YPYF@ErI%56RHHk>k`=qjw% zlDAlcvx;$GlX$90=J z#cA?lwW5SX8|9=4VV!O{lHgdrf=DYgeT~Csj6z{7Hj))ryPPgDv)>-eP26A3iZbAX zOF~_386P|lGa;joxoiLF%3c$eR(&Yd<$#jikhi*eXSKb76^3f}41nd0hzIgJ)Sc!9 z1uTg(;F18*jg!P}bI zZwky32j2NMrunH+reByg9rLE?TaftZWVE{EwzRVzf`C5nN;Zd?9gZ^+9J1pP)?^Y6*O>*Cn}gN+ zexX;Q7=@hQ=HS5U<(m%^89J8L@wEr$bpt>*;nE?t@o^0@mWf;Dm%J765_w82Iq!_M zi^#;Up~U2}hJ)K@%Nr)m_h2S8g8h#MCNE+8oVRMk)|yRSU`UEWjS{)n^WQV+lrPm# zzaq;!1bs;%%l;(ScUV_>7|OenHprY@bj^9JDh+2M{-}pxP(PBH(`qS~m6MOB=k<)$ zA(yJTUl|kPmS;~~_@sOGJO^O^Q)M*qCAI1*nwq+IJfD=_nX)OB@{OFNyf1u{baj3! z?Hb_4h38C}SdiCTxvne(_T)tWA8@#ov zf;jVW(x*uGjY4&RZ8I{u@hg613a5g9E_{ zk0%rlU2S#rJsbP+j?dI*eY$!j$I`B6C>SAIh?v1;usN0JnD4h$7DS{uXv%k(>I-`b zJSn<5G+Fu4wRWCzGkY=7r6`0{6x4gHTK4$l1!dzNO9I(3X63mYO0Bu(-mBLe1A1iv)!E?RZ$ zkvI!YvwocS!F8Hd{K$aDee)qNkb^S)==LMROH+5f1Ye>~AjBH|&^(6vb$Fmp=U|@y zs|G|Fy?#E?I;}#s0su{eei|3h+ntf}xc!5&M$|neckx{%8bM5*ap^cW%Xcyxpukyl zq)}Xc9XJWmgmUB@|fDGGX!~=~?m6gB!+&42-&AbBzrEiIzV|h^|6t|;mp`7*gZu#Fk6z1vqN%%^cYnsf zcZYt_)GZ19XuSNBnMc!lz%P&e`Bjm;>rwre)qT*2`aO`omwSJ%%C8FI{{s4v7Z1Vv zcJQ4@(tUgPpPv0_^n-Z5d-V4sq4&`LA4Wfj;JX!gu#P`JsehfoU-Zo$6fb|3Qt$3& z{^w<+eT>@=yrH>&so&EvkF5N@Ait@b{nLM%U+Jv-y5?V)o%Uh8-oMs+xnugfPU?F{ ze)#kl(rF)Lj=sN{yZ8FDl=>frKMc;>;XgW)@3pu7%j5qLllRhF|7G-pp!_GaXMT+K zAyZ?B-wU}6#*v?KY<7LY;y@4D9df7vrDeIWjMGun32fXARHFHpTwP9U&7=|dgEK8= zmRm5T*`~)U$JJCgrmV3{i{@-QIyw#y4^PGyGjTxhO>pMF*Kr%ZU)k39T20lh?n*)7 zr)bsBI<605;%Q)03gUOssw>fe0g1qsHy}O%qtKTXj!&Bkuc2=c^W8jcE>1Z?DCHA9 zrB8t_HKXWxEX_qw?e}6k`VJ9s3i60gk&6{5k@CW)5$H{bs5>@QS?~_wK2c59;qB{R z3W@2q(PNZqi!#a6=GlLs^K5?&r9T0)EaVdMto*D0m#5malC5;OD{0sOw-U=0x57aE zUzXGDn7Ba{&iRToDB$A^YKFZRtv?7c@OTE|c%$?@ACLMZ5QoICmCE~-+G$2$if1)} zs?eO<5N}jyScW|r?-LP?b^DYD2F{95v(iSqO>6?XlHFiVih>>S3mOi!Qzeu!BS3t| z47#L_D90K1`P#V5s_s-#w?Rl{C0pB=paj2g|2ENP+WLj zke1jL1k`vL2K~8IPk4iaKE{u-LmT=+!?Dow^^H6WW}&=DhAns0;4VL2C^&hN!kMo^ z%BS5>H=gvyQ)!4nve5Nu9No?bB=d>g%vY}=Q79dZFXSd!t0D&?y`t4m54lC z0(_cVt~IE{moz8K)`d_KaO1hL%M77YyHTcvymsqMqCBJf&<028wwDpM2@cx%oc0Gt zBQQU>z93Y$haU0t>ux|#!ffu=s7rn`O|j^E?sw*;%L}s)E{1G82h;t@G~2ZA_Q$t; zx#wOp;gZa+z+Ib^oNu0VFRp~j3*PL{q^9t0c*=rGO@D5EeZ(?^+d|s>zDV>u$MQg0 zjT>Q0Bo>y$eKoSTwgPNE)ZDEmxMQ|g60|RHKNjMqo)J!>OXiwfemJ5YYsV}|woYH+ zV%%jVLS{1NBM*H|Ma!tBa}?)p`aXfxCG|VOTphijF0FkAgg5NAgC?S_tQHcg+xwC= zZ=jPqkd0A7Nk#f(6~ZGe(>QayL?MKwdZDVk-mg*As0hEQh9P98+i~kv+e(`%wIxw! zQAfdfUyFJiNUUP!Co9e!62fEZ&XDPlRpgiQtky2p%1cBh=L~HPVZSK9jvT9obyI^+ zb3*VCm{ql8-G|R7M@|tKsy1nCP=`#tJ=)UOWUrRXyWFje_{sD66mAtb8yHHsF&t8L*J6g!3{5P?L=#p^4W4Wrj?Iicg(bJ!6hA z4M*7jin~pNA=YG08!SksgDO}8{mMWG$PQKmN^}V@XqESh{96I+n;X@aoBL){3FJFY z(d2ET;sMuCEZX)H-iTk!0*GN}Nx@Fr)%HmCVI&25+%vhh5hFlYYW$t!n(LZe(l0j- zDB-c{3(>;1mV_xc$-!Q?Rv_|6V=R{>zF2Ygj7gY|f2VG8LRFD4Fhmq|p|_5fiebaS zQvL42ITOesVmrcr#t)SAM zW}T9xtv8gG2G1B7*C!MB>>8{z4hnAeNkAeu;k?8#2*9>Yy4JL&c0h5V7K!;AgcqEg z+A^?dtbqa|!sQZun%4#G8!n(BMlCvYR!JFg__cTQrr(h{RiNRQcc29?@iZyoO#$TTMVyF*RWUmfEk@Dzy0Uw%%M18Z8N*$yq zc}H<#rNBkGg5Nfm$q3lgm623=D@jByzcPD+%qxD#v0PswG!?cD{)QE7;O#e`CiI?Y0=&aRs zfS{EWg67Yf;w0ZX3$Sl%40b0TzSa~t(w^S{1RI>_q#*6epr0CJG3*bmE+w2SfYbA| zKa?xmS$0(=d?kycQ#xDkQ2AsQH>;L!D40-XM;k+12_;H9)3t*9=}=v`(-^dgSld&* zPuU&O%0ZpG)c`5k*N0@zmqdnpE_w*6z1^S-1JHH1T?nds=&#wfIHyNXC^1pBnJaFU ztbqcfPIj&EYltKUCC3uiJv2VNv zF3~C6e}U5aoZJxEXjz&JjQhZ!Ol$UQyWA}P!a&WDIJTOCKH*3KZ0c?lx1Dr>2@H#q)g<79^dTT!9`h*ByXM3|`fx2>}uySSE@ z9ff*}7qdeu1lq`-O2Y$3tSqs*qD-r|*-P$5UIiRs6Kt)XN+8K*#j50}cjF68&e*QR%b@9uPaSYjoYFxmcp$#zQaXKR z;?XHk=Nv=&t@@ey3zP`C{8TASyb(fau^ElbW(j769FNu>bCwr3La8Y6<)XRIf+0=5 zT?OiH2kI*Gx>*F@L_50%c|;5X;SV3k?3Fhul&qJ$o6cn!`lbT*`kSIeUK>W$e5qr~ zd%|yYMn?5v9~owR6Su093)fawc8WV*=~<`ox8xE*xv7#Vq;fP;#&D|LeARTBaj8*7 z?$cMbyE@t1n?t0GjjdL-yXf0uCkKd>bRqxH4TD{VV$Q}q!0D!TcP|hgT~*be69j(| zzI^}@zp?IvBG=D-_oD;>?L(;fxo!W+x_=n{J3l;ByuC{h+=G2O#T`6JwU$ke|Iw|_@FcjCJL#?*f>^Jw`VQqLoQeigItPTxLS zx<_yEH)XW@xA>E5f0Ul@5(GbE;E@*(;pe*-zjaXmB-?*C^MHaLCkSY;@2{$&XLwNk z{prr*$vmX=@BTa>+xy7;la)u4dKlM_mi9I&M$L3zG-h~^L;LZ*{zA6DiK6}dMDFum ze;WR~BM+6(?mm%wF|+@jyM1Wl=ZZWs@i=TBEXaNS=06yDz~>J>FB+ww5?2u*;tmb-0EFbI_e7XLlnN0 zi}rCVR@nNOI;)T$8=G2uQ<>X%zPjCEH`>ApBg9X_ub2s)Z#s*0d7M+n!lYdPF{AE$ zL*x6Uwr{QgISS`mtB;!&n%-PVl$hRJ%OAXPk&)VDXvXTb&kl0u6$ZO-Www`7f7Y51 zV|lah=;Hd0wP+{gxc)0`tWQU@($-my7euJ2(F;uP5jIy{CEa@9klp+k+b9%cwv-uZ z0x`8BmY!f`aipKG+*7b_@l{sTBU<4UH~r9ggf*; zKdH(IxZ|vFI!2U=i8p+J36cmsNM^#@h?hh%#zT@2a_^tzo<$BP(= z_2Nq8K3O}WNU#(3{9pj#?%OwZQ*k|!mBuK;AF7#IAmb%rsz0PHEwRlgpi?aEgvt${ zk+kyMT_I-;aUNo$r;P)p50yu<9RqSG3)6n3;jMQR-Zyhn=a~6$IN~-uM3ohn_`YYV z+&SpIq5vjhpQ4Y^jv3L(+hJJ1x5r?6$g4jgSq2sYEoWu*6oQz-85171esy$yi5!HK zIsB9z&Qsn|)3rt``Aa-j=P?y0?y9ehMBI_^0?#|EtjJH&6UdNUJ+d~ISzr0`gb2?N zklL&dFS@fgZI5vzZ^cAD@`+H73CF|RUo*=7B%h?6^n=)=hgXayHqVFigkwJ%g|=Ns6IUk$mCti3kSg+8)sivghf9jGHX_iorY*> zn0$!sW5Cu*oK(V6bXX6toB+GjV_P}5+sA|(`-bkTJI|MpQa1QpAqK}0z4Z>?}WO&j6#w?d}`csGIOy^%rCA6>| z(bm3!^C&wM^WY-~pL{5I!~Di^4m!L3aB%f-kXT2hr39XCB=0>wt|v~ZFwll!GD#TE zWQh=8^A%x;V*J^)b~`DyRSzmCh7XwkYZn^ZyfR`&UhV*8pNLI6iyc^64@H?;3L==M z$T47Ow(!ySRQMj2UHGU+hAA4&fsBJFR#im1`87e2WlUNi=E!Q#;pgEkpiTtAGzJh# z_y#HtN`0ROul%S4G_Npp2*rJn zy!$b|zt%w4q2Ji$gy5k_Vlbpw`{qR!zg?7S`)V8W3V}5$bOvI|2nH8h`?#b#>&w&g zlBKRh>8WPeVoae1)zrO+(CykXEgS(QsTwK=KoKSwx^DRJ(RWk1f`MGglCU+j{ad~X zh8n!?r67KOO084n*K1Bm_1mibvtPZsh9pqZ6K64ttfih96JFRt%w|jN=htq7)YG^x zHbDsHO69-0z29ak6cETQMPBW&I%+GvBh?w@mgP09fEsl(221A6A#GaO$W?vanG z;8P9j$oAZ|r3hik_F5K4zPx@&fP$bBKrypmomW`(^QA{TKr317T@1rrrtyW%q~-~} zbXx{VmS)2cF_sWtUWdWX1;LevGzIB+7JyNpIwob?YZKtm5(0pWn!w8Zt0aC1j z&u|;g&$`tM;+oTYh~&%_{)=!|5ld>_w82Pu!xZa;{?ruN5mQXC2FE+onaCDh#|ZG& zJq|E%1zUCPdN$hec}#ocPg*wNNLbUKK1}a^L;3V6pkMdx$d_0XCbJh@d}YyK0dX|W zNf!je{M_SD%bA2@8lUpvsuNyI9arkxu=l!R!isw3m>DpyFQ8N%VdM90#E~LV(pG0K zjY45OK_p+%Uhbg9;t2Hi+!&W3OvcyG$!Q-fEC{WZrqy~28=mR1tOA_SWbm#`H_ zSed6s#SdkfgD9S!u2MST^B(sB;Td17AW;UO15ITk2%Nj(2z4I=cbGq5R^8dt+YEdG z73`rUvV$Q`nWD?Yy4ltA=5xzv2?0f)0--2GR^Sm$1&dRJ(hP1sBo%f-%Mlb=#&ouc zS%`SR@F}a$l8mt*)eOv@Ej}e}*)E2+rT}J~ATI#!6pRj=w07HMj<-}MaD8R(pB^aK zlNIH(BNQ`TjB^gyTf^8#)@@lJN%1-RL#rm1MUW;xP*|I1J5-Gv#aWQb(5&?bEf>@U zb)O5v#x0JcP(jzI1rhNXGYA`D8>7oXw6Dfu@2j1 z$J?rJUSD7^R0pwZoqz4{+U$=NQ`a&577>_Dx!j>Z?ZSS0&0c0qkXq0&b*t~N5u2m; zq8myBra@??kh*7WY$f$RBr-mqd-&d zL=8V|N082Z)J}MH`zJ|JvDDQ!F9XW2)b?$APUEXjV`SQ=`}mW9UaG4=RX;le+!o8R zb3^?468*qhYV$ol8+zt)eWBk$A$pW?6aUUasIR)?*Wt6{xtF!p6gK{_5@rlooGOho zua(&DwyzyQMHM+r(_qkUs)b{zoDIeDoNCu!4>m224!+$AV3;z*n%!Jqs~*3xv2B=8 zxjA(75pH=ImV=aBBD!h)HU8=&@~|oFjrD&0ZEJj{nrhvjvkCMMi)W8f>6ffF{hgxK zJ%|1sDm_NYhoo{}ru~zdN4)b7BzfDc{67^ghVM`N7l$6Q z+g|uvKE6M^ecxgI?{BGsLu+@tV#lktFZN&OaX0e*HT+60P}4L1XH~cV zr~9IqA8Nflc<%qrW54G=e(UwW3&Ow7g_-I9Umo(Vz2p87|CA!3qWS&gw~^U&C*oC+ zI`>qVXfLkaE*rBuyllXe3eP7Q13*_AXx=)?{!eu>jjIi&)#q6E;#DnUN&8AaufJ`0 zNl$xfG1#y+xNThP=;m^+CzqTuIQY@bwNUMiG~fm)w{<3$e6ju!Z1rB=L|`8*=Ws55un1TtkJ`nmbuXUj+XOjSAx;QuD27;Az*SxMwfJMZ|7ETT5j^r zoA#}bF6IK{j_@0;TTM%06Rh3kg}d_4KY~$iDR^~ftpJR0N()!I=^#WoIkPu00ZdR& zpwXI@y99Z;@PXfeC-qdo&H%3wxF0=H_plYs7kQJw%ws|N6m~LMbmzr7^P1dK3@)sl zwLa#BNlxj}!2Rg_{cf);O~8ehMZr&NBp0YeqD8BeKfwtXS^$&L7SY3^ab-St!Yn-P zalC{S$z69*pWLWL1(z0%md76gGmnO1VfG|F;y}%z%d`OWt>Fsu&jIY~he{vw?0(C; z=ZD&jlP+C|u^3~;5ETGr)*{`xhiFzYQx2#QY0|SKj>+r}iq}r3=kXTOl!`|q7VZ7J zxAR)qV9Yx@O<+6A*gIA5BIYy#L{soWf^gZDG3Hs#GM-`~o1mQ9+Yk z!I;{yQ_=vkI_%Xuti)+=41K$tDS#|V_HQI4xWr}k)~ucl6-cSV*0v^m)&aJa9+$+> zUbO3?AGPpCY#nl7j!BAH($sPf-RNJA3u@;BYZVNmkqj%V;Nta*rAA%s2oUREak1pJ zZNBj6{Sj6oJT%+<2@&I_2pV_+&6fQy680~O{gjyIx~Gyc$@w8eiM`I8 z?XFP{5@+c?Bwk3ZCxn>5fn|zcyFmnu3~4b>EKQT4J)WJ4WU4}+MB;>-15?FkW~VuU zD5C&95k!^Ni3Fbm-@=PEzR{oZ+q5q@`n0bY!=X$lr?f89n}dw;N@hXT>vNb+(*+PM zJMBdRXzsoiG~Z`^bU%*z7HAT7$my&1Qel8F{i!rTb`upYjJy(NARo6`X^LcVNMVYB z-?P`Y6rsD5Ny*NVVUlV)lKBju6Q6lYy^Jt~N`jj_LNV%AX|A=CtZYGYeeSWHi*C!S zE?MuD!U(W|7!cr(HtOR65F#uw=RPPJOC4lq$dLBRsWc3#Rm{e$6dc-W8jeGef`*ey z&G4cUpD7eF%*JJWw81YYInRBWL>C9MjOZ9!d)_7tG}4~|ocAqa-c}(zHi0le$+KM- zApjF>`4PFC?DX!YWAU-wo;8yzp=bh~u{81qXrQc++Huq@6@Apt7;tDU?3*b2FLkoU zcZVUdthY^Bd>E5vc&en`EUB1i19h0wpR^K=E#URDV0yvIY9z7_f*>rgSw~X=X0jk@ z^B6vRDPzGwXdhd%CS9(@?o+G}?MHTwqSWG7K;wgw#xdBH1Xu9V%P`&`=To3dGbSGECDhb`3ImzW$4 ztxZb1I0sh<{>V`rLYFn|PA8l~mv7r)MVxo+nB^n@XSheQmm+dm-s}@fAIq-@hmuYS zJtd01I&A^r(~+G<7DGCGIo`P%!aW2nHH~xwp9K<&|AfSf96JS=re#m&#fgutCRk{* z6v1M4Me8cZGPM_?06?jD&j-a2h`?DKvZ1XIITfC+YK5h5HyvJSYs#3nQ5Fz#}@p%Rz7(-=CgXnfvwMR^xI%Dj|0YYe6b)gU$6PBVOOD@ z$Ga$ou|-4K7*rZURo0~eX5FjPGH3iF+ zuBdh&vhvab>tdQ$S{Q97%f{jYoXVCy193d{rrD|qVtuRm3%wZvA}CEUn3|HE&KE3! z*Sv!C?F4!P!YQE5^kwl#pUuNry;4)4XdOq=@(r3YlLWm)m1g!nQ=?$Qa#Ss$gpgzy zt#-VG>%J@?^NScJLHaZy59+51rQxoUr6eGrEdyBbWwi%RaZ4w|V9}u%GFL(x36<3J zu+43|BYz;rWeeG#w5?_81TKqsvDsE^pe_G$dojomO;TVQg3f|9&2%YAGRUf9@yRF{vc=nc|D&z`9&F)=`-5%^g z=6)?`ra9+V%e@TjkQf6|Bg$5Z@@b3Ot*rp4el{z{d~4g*a2H;$8iPwj8|pQ9cnw>6 z-U;HhjhK0Qem>)>91sa;Gl6^=K_C$#y!nhLxK#V{R6FI6h#!su42Lq?l}$0RK($r$ zg3S;m5n)Ctmz8$hUU-T^!!iO}M!5C30AaZ+_a*|mlwNECqO2Ku>Pj-wE6Ngaavd2b zLqO-+&3nYQTcR-aitY;75BTdhhs$@V0-T|o`L0k&qcgYSOVi|vq{SYjl$YbNOdReI1X$L~r)H9T zzIrvbJem+tR`67AaD)a~H*pIikL{UOZeL8s)>}{S&kR$A0YaLBy_MlQk{^~Rmi*^u zO-Po2BdqpFs3hX6ZiviB6)0W`nGdx%1NcKMIOE~dpv7QYMiY(TJAoF5qADq@cCZyJ zXfYVCzQd-@)J64^c+z6nOwh_^FliXfhV=5~k|K&s@I~MD3KK`7mql9-5+{aoY*kGQ zK@FfNnotC?FM;qN3#eg@rt(1AKv+k|S?hGD;(mJ_PMDI#M}O{(b_!aO2Cm}xKCB#b zCMvu4JAoA~8XOo)}a|bLA4k3r2x*rlrG={fOK~rtvzL*eMygX$aneDWB_e@#0 zC6l2hTER`hyN>8-d^QxIj^%(}4c*EPO%p<)0Blr0j6~Y=1o%cF?Z}V4y;ywGHj9IG zmI^Eir-A0_WV>m$H@Q;_jp}^fb2Zhqy5BI<4nT2Zi4Yr!TMVJvHa>#rY3fzIXuw!+ z)$bd<*y>{>m4R7XV{DSA%$1K`M0}!Vcv6=zz&YKRuQ#WDedcO$yPqx3(bLZ#T}e!x zZ75V595j>9PfS(cix4&0rAc#}0{te7a+N%=fYsPEl0ri_zS4wwCu>gkN}-0UY^{$cpaK;KAr0ZP7pR^52L52`}&O;-Gu5`{C&wE>iYl8c>Q6e9$9%1$d6l7 zew|&pORoL%T>eSh@8>7+BX#%Nd;8s+f715*bp+%tXZSDPJdEzg@pzxW`qj4cHy`<( zY~{lhevl1(*h_YI8QZ--KT?c;$p-$W?sxyDfBv`m)9^>j@-Pj3JDU3TY|^j)H2-1z zgJj-6Bvlv~A0<_k&87s9T*r$w&}-lt@aaz%0A}A?eD+197}5gS=0!)aMYofAXDL6b zm3VdRG&n7Y%ik068Fc+Exg}Gq)%l=ZV|;^3(d^vZ2UWSXwer9~-?{v8AK56oXsWzV zvT|m6N1<4=a^?Anp|CfKa_TNN2b+m+4)-8(g))iqD>QF&D$A+*qgs~K)omF{*KF|v zYb8?jO}=U8$|#99$k%d5b0i}Br*4SFt9=2|^#HC!D}^IKF!V3ZP3&Uej&WC1}`(nN2={LiY{9aWL_IlYaRXm}AbiZ5}90}AOp;z(4b4_Y)B0Er3%nB~@q zba&y#6UNq!%`TFk-*o#$U57&!eaiDHLFX%2DT$}UWi9c0yMR;FT0-_xgK(qmGts3F zHWwchK6)KkqsCT9D7JECa+WSfjcBb595wI!@PvnX#75OQ&^-0|L_{Ly1)mS)D37&Z zRsR9_e(O5y;&=iCHm-w)me>;^CH#v|;rsmtkk$UjF!7qKp0E8V@UkQTv|7gFO2FD- zD7y_pTV7>g7vgnBQ)v%L@xO=OOK(N6_e%^BB%tUIA@c)%H{{>QGm-`)NZS!@*kPWf zfxCoO3s1K!l3-d5Y$0531^U{jce=ivMz;pWz%owhfG&5%$26Pi#Z+`RsxNa*<;wO5 zcB8JuGf2N4dq)`RO1EMlA50*LHU!%1aN0atA?^ZMyXiyyfS`1v9A69&)wp^4Ro8i8 zc4HLQ7vQoYI-u!7GhU%7$$(i#{+nA8={p5m4!EZum$J1!u1d4Jqi<##HW82rBW`$4yS= zb*cGWyY7rw^bu&kuR6|l(HP0XiIgpM<=W6BOHui9tqs$aB6PI#raoJ>Q%&K1g}yCB z`(j{%7%2)nY?4m4dgnmH%q%ibh6Ej1Mn#aTwxLiRihX`9l(4_4z|+iRI9PL}1@Jar zqU&T|C96Pc4q6pCy!SZv7t0Xbmm~mP1OjfV^>K>No#BV_pkTtV6$!vyYi%HDcn+dB z-5IKrtxm>vTh3A-Osr$1O3io{n7+K}s!q7KDUH$oy$l#dA3b&y?a;rNy)1 z7S<@B*cXd!P>HtI3|Bz5&SBQ3iLKe6nK#8;`vq+D8g9jZ1DN z+_opmEp{cImQR3iXcsF^q#^ONA-;_Wj$nMOxoCm-SO^FY|6DdG$@M(5%Rjl=oHD6? z9;b)gWqqb7>5To|4&(f$zYD*8L4Z zbW97;U|_)ur$l;sb76`SE?$4W_3B2j!!VgSzN_9L`jBbg0xxwLbqPE$iK18|LIR8f zqJ~@I0DMkaPGd){cpfY?_A(wQxbt-eL^Yti_+Y1PgIUwe?#$`u9wu|`hEz`rg(;dk zUvcH91?imtLhoK>;i;}R&{}8b_*uOdXklpmG{%cXo(h5VRbhUvYhz0SFYs{0y)|V* z@^l4%UacKm@69*^#Q-Uu_pp5;N`31I$c59)-(0w7KlY_i_(BDUa@A8%GZKmLhF9qPX z{k+%m{ckZo_J%49$E~YI%vE)rA;g?0PWglaK6QB&B2Srq4hQcoqoK&K;Xr@%SucMHA$JGwb+&d$*zMg4<)7X3Vd^h67 z!CGCttgWO;L%DVRv?4HJOPltzVq*^4%1~$4%)1yiA9+q8>4=~r-c++Hquyo?ZixVB z<{nw550X(1Nsb6Bjvdg*Dv_+y*+eGmcCz2vA`Y>?X?>1EUW+TiDt+a%Twp{{9dU5L zP$wh)rJ^-9?F>ePhVD%4U{05By*`vJ3;or|wtDU$zO+gXBTToAi^6BoqM~!EelI;c zj@4e^+7FaieQ+FEI{G|=1@_@^hb$1RhZ*Sz&>AGnlj5yOlp>ac&+PWB=0ChKX7<28 zmZt!%oAC&$&1k9D4x`RDB)e5oVUrlzaysLU70e0JiX`BlV%vHPSt&|00;p5)4bK*V zMEccvek%Hi#AUFi6R+Y%@zRWR*U(arVge31&8w$XSGnrC9+Aw}Xe@$z(I?G(ng?f8 zTnem~qmraO4gI0qp|qM3i*I+j1(Cst^v$rju=F%S0Mvj0;!6QMQq%^GEdc;Ujj^#u z*SHzqOAr$$6qIua$U|8(RXL^W)=iZULyB@g;T?FLzQW2l*$??N(Z{K=EQw!Q-+CuZ z^Q*mu0<~Kisf-qHuu)aDQR%CCy#VxbRc&As2Y5{rXxVs1sr5+Q(&oba6iM0e-m6|N z`c#X)F8HsyXLKe_RREtUbhxFqGU8BfK3tSBD=F_vj|?4S0L3OhgZMgf`ax**0;15c zpnRn16zA*5!u(GyDI{7Sj6us*eUpddljoj|g9senehWS{x8H&!^ns1tr^ZQg$`TD_ zC$49)7DNLj+%WF2W5A@#EHIX+FP2T1Tc;{$$%}JZkk%5Fp`Nht50}Y#kO}IZLrRJdB?8a2>wnQgtrh*&N!3xfWgmkq#%3^#ePK>bKOKm+!yw)3Tl)G2 zNo1D;LMRHwl!qcNz(Q_#F$g^IrneK@5xl4{7W*sB4Jl9-QcsMduqMPKjjr;;B{@0* zM}6;fxg`Y~5lzF?N|Q5`k|Bq%0yTjnyqA#K&1J@&D6e5YtOt>XHx%Pg#^#@%GMXs} zg(D-wHYpUx4@V;*f(09$CB9*}Ia^SrzgSpZI}J=6z3}CycdAvI`EWH}U%z?0y{K8~ zcy>Ghp5Gc%=pmMjS_R04b9{*$C+c=so;@ypO^pt_dc}0!blZRdB&VqN=XAr})y#jh z1%GfXf&N#k`u$<`zwW>v0{` z(3@K$k9!^-0Lrg(1@ymqLH@irw}u|#(mkHs*V_Ly`jHop+5bD9{I3<{p8fuVnFsLy zm_)y)C7AD%5qCW~_lx@jZy&wu+vz;wrSF-gpC{h`H2l$g9?;UA6vFN3`-{LH4*p4c zj|M+zdbmvt-TLw)G`}0VZI1blZ9nkyKbU$DvA=Q`G}KIg=^UWFy|Mj2-OqmO&VvB{ zClsW8bm_Ko=u{`-EegIH-}jl08=3Zf!o>Z-0`rZrI|AYmSTWr8OJSRr1PWEZ&xz|i8cq@6PJgF*VT*Bw@30ngz+IK`E%^pBM$YwcOsg4K{6hbECR{d*e2d&Fu+n=@}wzE+WJE>Ed#Q75du~`N444{_r#3 z1S#4!w>tV>=mrl>LOQUvjdpB=z^&%>ojnK}hB77Tj^kj!+b3UZBemX#?)Q1s{&jrrUG zfPFHZ1j0#Qn2faHDZr=rPlTud`y*%p2~A#cmpy;?j1gC$VL&%Of)4|q25Hoob_6g; zsg(TOy1OBH0nU?N51TFN4ZH$KaQI>d7BPVsE4j3%zvv=Bmt_1@JX6+IO)@$ysvoMmEn(CDrg;hk`kGpC{WE1)H9QzKK#8+Ypr-$tB-U4G-{~RwjHwb$7LSq%gDmPbHZ&3JJnU~!;wxwO>%5Mj~nSthcEZDkKrKvSVz|gVkbGXyINZ@wrEH3~!{g?{yu9;%Rff~uB=!Xvy zn}*@cb@GvMaBS3-Yw|-9Cg!R1rzbNJ;ufVp^I7e`zAe+nWeI2Dt46&rJuTzyg;oO( za+RxWVTk=gxqt$aBBrKz5hx@g%%q5f$Y34g3z`)bF*HsN>$S{xB31RJNKY^6JTJkY3f`4g}`ydT@S>2K^4b@J(i=PnzPP#ulYItg+3uj=G||lYnS2K^i%I*+?}e(8O(+KKTo!c;Vm{vewgM zw;h1%ZHlv99$$cFV1@gg=`Ke5CqUz@K(rQZ383k)EvoZi@Dp+~iG)aoGD<}+Zm_=? z^rfJr9@_;^tZMKt1hcxl#KH zO=A&N@r&}kB9#O(`AS1@K9aqs{9j9sgdlsa^6b* zTjFa$Jk#UN81DtAn5_#@@%nXMG{VzRvRaa{2?j$9?kO5+RHAM}4{bCua&^8$@fbp@ z85mPk(E)Yzs&LlejMvFYt46hLfFL^g!WLU zvuBIg;WCcDye7pn$g_y11l5VGm16j^KBATF3o%F*0gpXobRdnH;DKD#;vaHFG3IED zg|PYVO+!KTdIdq9aU0E1_Ya*H-<>rwEJKOf-w8T7$6W3rcSvO`l5LoR1FY6IDg! zHJI~q=1$fze?^xrlbKeLx_q8Fwk)X@qg@zCScs5hp8)^E!ZR*tT*bN^;mV$fZ+JRq zH?7{@`QYX%xbTGNL|3@SpK{vh5RJj%AY-<{VXhrB%U%fE@~Ck+&iYs#){;NrpID_i zs0x!gIT(d|j7Y-jzYuMU)#KVX4iwrxhhLeCb@b`@Ey9tp)mBUD9zM%;^4E2C zvcwq&9i>;e*Bqw|R27T8;WFx*AeC^R9gthH84x-8Dzgm;>56RX!0Y+~nMd`*UoVbZ zlOsqSx-3cfyken^HN_Ui&l+PX_m~ZfpIm%zmL_%t#YEV*y3u@$9v)=u5g8az+J)=j z(HFyDaeDBsW12d!-Iv|-T6o%j125XWt@MJyXh_UWvOsF)M$&T}f$vSNpP>Fu1O-zS z(vA(SUV_-;>A5`>sk~vqloyK?{aYq}bg^n*ms3jA%>;=g&Uiym*;!($vKGN)G7vQ_ z!1^`(UkLE`MCSu_iU%=@lc_I$0b3x4ihr%Nvbea-bm-Xwe5*bU58&x zx9;Q%%5rg7qOw|*LJUl_UIv|F3MQ_RBgO{=4UA}RPq@_Z$tezH7D!rl+?V=IHB3SY zjKq;fde8G5-u(1I-qB?NO%TRsiAY8f-(sTY*dX~=3du)B`8yE=-#)pS zNSHeJY`toF(p-bIwZ(zc(AVucqnz$ORs z3)`P5RR$|fh@5xhb{x{~o(zi*M^+pMMRcTR4}sPB5(JsBPA%FHWi@vGoPesHQT`>>Jiq4e>zocA6^hI zUM2!VqoBz9(zjQ*hE;Ri^gX^VBAQ`s%*u#iQV`5VIGx&pmhBpdU~4tBbbnO(Xm1yh z5eX&B63S>VO|y#GoKLSym)4C-rJK9`fu3n!Q$xc|p+iRyRRtN#;ki#U)oP#w{ygeI zikX{ZbAw`YvpU+r+SXBDVsoRjazldpT=B$7bJN`7vl^tN3@~^wDms1iu_X|bEbfb0 zswQ#n*9eq`G;6SgGy{`TQdUP~@Q`!bV8CpgHTBiH#|5wB9-M#t0W&gAfsR*DJ zNqbix{c#ib0Yv_D-Ub|fYC3cpk-nHk4l5|^bekw2E6h7^A0pX z!|?5{0;1G+=mywT7J|Qs?&rjRTZ7*!rMHFvurheL&W?gD)8f4 z`h(bb=neoyJ#^pqupC37(XZ`V?e}BaMe?-~eR2%`K>{gcZuQmpT@4NPM zWA9WF{`R+n4&Vd1XaD>Dg+C2{u$F+~ejDwq-$fMf-y#1G!~Z47?_wOl$X|c{9{2zd zt5h1B8y(9DB~rwTi+0_fQY(wTks{RLV<6i% zV!J&o#EtJa9yI6d3V%_ji3rFJ__{=Jv;on9tk80nIx@C{F|(k+>%x`Moi^7- zY&u3(62!Fo(liN#L+p_}#it!2gI=N&!)tmaBzZ1%dRfqK+g43&u!J${Sl#{$!D`}T!# z%f)*Ziv`(Pnn}x(UfN+?O8x9p=8)&71dTZTEkLH)qz(t0|1<5?IidhvP zmVA=H>jbxB3zZMTm?iV6Q+!pvZO73vlyLSg@o0iG-3;)|soCE)7uX?JHqe985Y zVQTL^R#BoaqF3L6MQm-;nGOo{&vmTNseLq+!@=Q!U1zbg?6WhZBJ_mH%8>0k=W`;i1lK5m5o+S`6VZLb&im7{3 z_Pj`86(39u`b5#YxWMb}7adoz0G)$7|9~KNV*XS+iWlXpe-kdMzjz zUaL0E$4XIAdeh$I0S13{5YbFm(74b3+3G20Z0=hYF5Am$3!Sc9V!obgJrMS(3=nih z;JuoQ!p}?L7e02jHHg}>#PS&`pIajpFk*EuiOrWzzt>D5iNC&>Do&A%tA>-JgkJk- zW_|c3;qWDO?6;}f5C=&dC!9=~W>hUN)DOzYV><1%EvAO{F|W-Vw;y*PBR7y5fK@Bj z@bJ|jB*TwCviGyze8bR#e^yvh^VBQ*xbVol9bDP9azp5oC@VQdF7&Z6{&V5VVNt(= zO=Z&8XyYscy5y@OnMqd#2IGo22d%2k)m`(zq^jE@YIR;9Qb3>CztVN4K8*9le$T>eH#N*wGew&M zaksxpBTLjwmHZIxMxSplRsA{GBSyw8QSCFfGi;CZOKX2$RMkC9n-9#NO)wne-yjt1 z2K2G*77(nOLbiG2k!X>5dOpDs6O?I+=@J&F-LMnNiS1SK;wKWyr}iuv4Y55E)QNm# z3L-8Bg=u5V1$z*MH4r16Gsv^u6ElKqk}FiMtJjXM-J`tb)y-(u9Z_VdAK=NPY`QY2 z2kR?34q6P~lG?d9eDr)=mQ-d~tOPXwWw_ODWlxPowszTB^y0aj2jLtawbRIFp37YI zvVPW8AqC1ISUF%!)_V1Ry!=m|x#SdAV!iUXh)fXrEi>pY-)eL8SEu$P_8^SCcHg9| z45AM;vtGJzoVQ)gEQ(G!jsqomAA$2!w>N_ZFVLZUk+e|wxFr5wy2J&`w=#G2iMDsf z0v&uNCfa#eTT5XWWUakpLW=2lPy5OaJe6-&AuA#|^pfHr88%#YB(KYMjkiur0EgAUC-g`;vxrjVXIE%~8h8GWp$vYk#b+Yc=r6)0hC}#}-r7nQ0T# z%H#{_&Uw877hAc0xH8Jl&mL<>1XJM6u=3L%bs4JI_@ashU0v>nj`Hc)ZQK~GFxh2=z1_=!a?h=&o4dZ0Ca#jZm6a&O;b|40f&4osqD z%BSY8kEv!AoI?jAtk{P(Y59Aw5F6M*hv@8~c6OX_Yj!Mx%7a;LP9URcog>ydnIv|| z2%r1H4mAX2%uv7J&NX=>Z2RRkgCKe^^zv?5>F|6_)evr(FldZ73LioF<2W|8Q#mFP zx;pE#o|;_B$9sLGldE5eWS{DGNEk`*E$7V*#s{{#piHKkL&kMr42z<3(lR=~b9(_^ zGIwtM;WW|99m_0mz#|t9UJnSl4Q_GKNZULo80@zH14^`g))iTFmz-~=+wF+=1Qc;R zi!eZdS%>6DrF62M@}(IVRoIq)+{lcEn1S6WsKMt145R6>S_5b~G3n2ORr;Xug6W>jd5z4vCcKmrlSa@%}*pf}_ z4!+;-b3V}1ZK$iOy9jR3DI`&P4F9&`5;eY`+s#2Ji+kqs(9N>k$-SCj(C3xqkP~?mY?a`aM+d_-`6>^Q7N(>#JGUME;Do zbPs_6FhvExTZW(2qVFj5PbuneGTHYuc?TVT8vc8F_&05A+FN}3t5|ohO8p<~d}on+ zrhPzmfW46n-*ei3&$)k-$9`Cuy@QWGnRzfV08DMUToBu+F3=H(YlcBOX_D58= zwPK9vu!j7E9#-pF;F<5wtU*JErGcK`UafYK+5`$$@e%lPeg3X?z{TD7C>iMsku=_L=D?LT3H+|5{mp}&=85I} z;(m2EzS}p}q+a+x60FeFInq2np|_%ESFh6)mFMn7>mkM>>@mhsYHBN8ao_W$bQjz@ zzG?P~T!B`{+K8!v;KTl)YWTEkKYJ>FlQA>z9Sjf}9xp|VAS+yGkSHb|E657|JSBAj z@5&lQ`#id9?NjJ$;d;l5~D38kOf zV?m3hnGM(@%LtgJ9sgtky~Ff|wGvxerih7z3VdpFuS=H>N@=S>$}obda1i8)LFPe$ zN{L4T8GJBX1xYIgXDJCr!)GaEhL3D3z zg*rOj@`i#;ce8arORQbl)TS7Lnm{33g;#jO>Xv`J)i{rHW&$PhGGSo#7wBB~DRZZh zuTGORux6ouC6p?;ClC*845OuGD(6o;Bn)ETQw8LzqW3r|gw_)T!4w0p2B#qL3BkBf zf}N6-Lyw&dh)?mS^Gotk3tuZ~%_@sF70K=;rEsI(O#k!`EX%D~wGqRrAt(d}v>KHV z`W3;_elNz~$EUxyplAvc|7L&MYdyH}9y=!V26*pT!6;&X`va~UYX28_p zd(4?&bLI{nbYEJ1fW^`|w4iNyaKKtf1H{7iuwk%?ki$iT5_hF|8D{sBv3y40T#01q zIK6!g(#NXIj4ZYG56xrCZ!bb8b}gBw6q#-Btkj!d?<3(tqN6kf*q9MCCW0FW8TQn7 zrWkEKN3MK+p69^&a^Uo%VKBTDPC|AoLj5DpBAZ4avpV#5k)PZ9SZ%T2nsG*KqHO2>9V7Jd7XK8ja;l2>kavx2(kaA6Vp*0)k zWN@P3?NU5UWom8VuU+Z=JpJ^9@c7x{Q%$+J*ZtPk4z@}IJD6V{=~rS>LXlD9N&;yk zIWp?^Pkz=LG2dvFHq_@o*PZG6aa?j$pPL`7qj3MWKqOcL@w_0MO`&8sHGau<68#l zo_F*&N&L{ls_>9qXY6T@gKdA+?Y9S4Kzx>m^yAn%X^~Hlu^!h>ao8k4C4+Yy?W&cJ ztCLo2MrqVrO7&i0bC!YPt$I=nZm@NvGdlS?m9+R+wHv*@VM84n>u6oE&-s=OV%Z>X zzeKwhaYj^BeQ`m&NK6jp4pfSPdg4l@_$ZnJP25l=(V39$H7Hc9A=!XM{7Ff#rT|0K z&@9n1Xc6WYyGqaLR7N;bX_6}!!yfI%T6i+g?CWoohvc`SdI+!qLYO_6@ZA6p zM%^UKea!w1KVd(ynqs}_Jg>Ldksn9HcggtEY@RE{ex`ap+6Y(1!62v1=dm7)(TNGa zj;Hd{FdcqXsnpXr+>|8J)NVO<04VU(qdotf#pA*;ksRfdeARuOxOcNe$|s3b)aV8c z;wZR}66+(q`bU+a&?iwkSDps~<9S-fb9?XFGzRM%SFnC{6`2;qt*iGYC*$f7+EQL{ zKnV)r?>to_k;Z74#U1D7Sq9%9e6`bQZXIb)MIIO(CO~YWUffFV z8%;=npxtTe>k*f4_4Z(2YFjk%IqA4L*J~bUHLabgQUvJ9j@QGrRFUuW>RyU#rAt11#}n%TrZ$4K7!=#FSegrl#~(7md2P~^s2hd@|IRE zH;E9v+%?W|ViB`6HOrlR`;?*f6`!L|k1K~LZGkY96|z6^Z16F7Q#vz`F_t*XORLM_ zBU+iG;@m~))aAioWa`}F`jc@vM_*l&OSiz-u}dc=2gOS78&?&1gqV=0(1Ncfqzj@a z*ARxKv+KR0k|;Bvsc9lVsS2qkzs1@NAa^%B%7dQTdig1Dq>&*yAuTs>qM&<>5)>_6T~q^ZoY}6FiiG4@fi`QcfHqjML(Xd` zNE0^%=={3;*5ODLwDdCClNXweYMjCaAytOiFDWInqv7g=&KwH!Yh0w}%%-7ww_UkatpX zxPqvhXRCmYv>SFEYA7R25T3lCendj4 z&F4m7XBts0yDh$Aqp#W^xDm2f*N!>wKMR}a4FPMi2lK#48Rt6a*7MMUFVtw${n5NU34EHL+$A;_`S@IODuvv0b738UN9UWf z+}sVM#b|5QTSq$*=5~)+68L%31)frRu+MP1DN(z(ckhJ`HspPH-5Vlwa?N(}{qb(M z_lQP+2Fo8{^iLcHpiuThmHRGT|H(jqPmclV;VwOhM3n{~z`TP(At~PTdpcucG5$5cFVH4@m;xAOZmHe%1Q^vh$$m_@klsKJf0M9`8TyYfYyXNj{B39-xu$1N_PNTcw2C%Wxnf7`0*6Noj*Tox_|rRf783W z|K#ruJN`8Mfg^yCeLI?!=KE>IT`2yC;eSHndmjG}!vQ1t&iDIL?SB~k-(Z-LJm34Tbem2EPyiOwitqcS-tZqK`X@wKSy!?&#P1#s; zOWoB)bC7;MTtn2bsU?C>6pA=;W|w?(FV$+SS5Cv@D7u?dJzFMEbnv<|FlPhZN=q6A;vio1wGA>+jtrMbVzJMD@SyhbfU>9k>qdx6YfRwIXjcoj?H zmKiis6SG+%j}&n^NOzVRj$d}1{`O#uXTc(XsB0%rHb4)Iq6JpXJj}Ng9t=Hb+}SwE zmPZ6jD#45l^|no!RvY6b%rQ^IC^YVYK5qn)p)rUE;TTItNH`JF=m&(M6(R31S)S+K z+kTgGg9HueShD$82pp+i!kFlgMOnOjvQ{`)VMwEJ5I*1)4Z^u^`M!p^(5QX`hMi=r zEATT&3(0SPJR+`{m){yk`KnPRI>H`UhG38kh`Ju+CQN!N>L3DS-06|`Tk_U$shg3_ zHB5qZ*|K~cMq$jtbY?=!w~Ho(YOEuBH=bXjkv&5;I`gR$P_(?lfUsoYd9+W~R!GZNwJ|9g5~Yzk+KBunY5~+*AqwOi(h~`x8}hnsvx#w8 zMO;68RK9FEh&l8fOD$x^w-Y0`2tw!CK1f&Xt&k5_W{elR&XRLI?k){V%9Ynw)$Y!4 zQ&4YlGVJ**tD_hxf^$o%t_iF4>B41%JHZ<%hv_dDiF`RI7e@$FtEN#uZ-|b-d=isc zXzm3muRpyC54zxP#}!`txTjFH5btW-rS7sjas}ujSZ3;Y<4!U~1*t;&Q$>_O>&m%y~)FQyB<--2hz^-3rmZs`*51 zZG4Z_dhx~H!mRQM+>&d!ObTK1N6X%s4*Am>6$h17^2Wl(DT{!C7aScv^-3&3<7R?A zE&PZ)sjB1gwi{Mkc^_@zWnR_mqpMAh`weGu4T>8DPV9CWaNzXCvpY>2Bb;B)kUa6? zZ&y_7i$0n7NXq}oLjp&WJPSVk!(u>b4!#=C6S`aNWaXj4H&^-#sC|~5p2hsK^X=#- zJtOKh%~%R9=&rW#Z)c^x={=}w3k@!-e40i4pkrOABxucYq=C+8XXk@&><_R+l`>*p ziHI`EG=acl5g3?3j;eX`%ny9jXo3MjGls)iKbsmJBdxa2M}w43EVQ28n4VSLDyTa8 zU=BrXR~X4wBxk}{yLPVA4f90(WKhDA`kRT?vu4qSWjfb9g_@a>kUc+PI7dzLWtwHW(Irz8S<_(dz+fwTy(2tdk3k)Ui(#SYr_w^N2GMy}grAC* zr+hlo;$P|NCWl}JW-Wiwxrx~28b&VGAtM`}9HpBHF~;$DS5-DN;kK|QPy2a5_E^?*UCB@=Cpm%uCQp5zZvYb|MdRA z*|U)ZKWHHK4fe2G)t%DPhS4OBUk_-)68mTO<-53{q;#@rW)Gqs(YkFN}J(-!wNry0K zX?^%qX4RIx_x-dE$WdJ?StdDkWyO_4W))t_>@GHCC+G#U;PJdv9%b02d7m9yG(xJX zalDAbWUiki6>CYyGN!Zv4;ozboM|MTVdN>{Qm?5(+6zMj5MDfK=5ZHHwcJi6D$~(I zkiF>4PtP80h{J+xXJkbZA{wB52#;`&XAV+r z=yCNXkD=`9B()F1w+FSZbi)R7l3Q5#&akwL|$#}pKL*(X=TR{tZoeU zQil;kPttdR?64HWzvyYlRlRCnV@OTIBX#eKXi`K%x!z-#+B8SvxBZmIi7B_Ydw>lI z%rVWr^N8Kx`3{;#ZcU~X#7y`Rk%;Z2Y0@>@C^LnMuSQe;<6y!Mb@amVD;n%0(|nwZ zHx?i}7`ZoVmd%CRY-%jp@mGw5v$9tV*tG@c&cX>U?6G4Ryi3rr=T~1#R8`CbYm(%% zmT43tAG;m)JlA&Bb=R2)>G!4U>x#-1@g|Fws1VMvRvYJWjj^t5gT_TF7fkT{!h!~( zOz8mB<@h?f4>2kSc!nFuk+C&w*`E(qrFE%kWA4bGYeI06S9=N9d0HpS0F5}O5{zK9GAIRahEtr44eu9%-X9hG2U`Fn z1Hhp4{|8;<|1ToXbToi!YydyZLic~@xcx6rSKa;+053f(!!i&s-iPsbCi{2f{7tv* zK`HYN`sx2*E{1yPB7y!tB?&!ZpG2rKL50O6$sz2V{elVBcz4%SQ?fX=IJ0ZF| zAo>qx9^O{~n9OfH|MN@yF`b{sB7fugAIfO=e{SxkbKlePqs`)OKKH{P%m?6;_?H4P zBh7;X@pQ=a?ek=QHmL7fmmb059$R~Dpb2D#b4W~b)m>FMw!koFIT>qe_XL>$BAqF*xS)k2PvxZ7- z0R8)Gk*f+5DP}j7&zi1|_dD!6ri%3oG`v^SXyj40PW0XD$;@uA2cO2FZl(0E27-Z- zqft0iIKT{`-T0(veH(a7e{#d^O^Ie)lZ&177CmOnOin&u>s!xM{!|35s(gU;BDFfT z+PiOAdP+5Kz79h^tLc8KVYnOX!>M6Xvyv7wj`A5ANhJz3_FJpyDzz$Xmtbz%662bw zl0WRnSF*ElK01%Sdee&4$OikDdizPtHb9dY8Pc$o+f-Esc*RyOeeyk#K z8^q*jR&*Wm$hh0MvHnB!vQM}YAGGu`O2tdyN0yp(aF2scNtuAOHaX#P97c>j!}Qz9 zy$q;X5myG{Os&Z_#069-0iS6AVRAZAxr&OxP{LI&W03YCsoz%@t0n?I73VV0ji;-Q$10E5^AJ=#v% zarVl_P)&5Rc?6rBUY)!SNA#S;wpM~6T~$5}b8~+Klb^P{`3nN73x|m-k>BS>?BN4m^RZO)siHzL##YwhMT;pq z#G}2zrqZ5v*{$|j!+mdGPT$BcX7M|jYWQ=1D8soXqUsZKXrP3<#U7u>2EpF`n z?8ufhd7K_{(Fx_2h53Uw*(BS7y{$ZK@E^OTBFn4@BA^8;F?XOGs9nS|NrP#Wp<$~m z6AxZ4RoN(E(zveFS$t7{hH**<+XAIBP*WU4JhaGZuEh^L7PI%ckMrYFD-9~&x$%6T zxo80py-mi}Kyc5#R4z>x!5ZVL`KLT@Xp0G4MrX88N^nmX;uBnbn~@Sd7C#ypn`3pT z6zS-4-Le+Wkr{0Y4ixLtLB!a6jY0Ntt|QW`BD#H8IaEr3A5-GE`J&dy=HG{$=ex zhfSvf-IyCt3pr)|Y)4E5EJ8h5;%H7`|6Fb-LWE9AK(S;#T01K93L&@0-Srdm)Jr`?ZwQJ<~A_i;uq zce=8Sf@MJ3ZMOxv5qbth1RyAe%S(7Kl+tAo%m@I3Mm>3nIpfjRgR`Om8}ab~@#)&^ za-tuF`eGLe1JZPQHd@f>^>WWn7Im2JYV6l!`NK}^ArjsZUoZ<3sC5X`8ki(EN9 z5pItZCfkzn@f68JAT)6rDmJ|{KUu3G%2azXM6)hdI8^2`MfQ-PYeLUfFo|O~7x@4+NQ3iXo zqa6P>e+wqX2@ygyfmDr2se%FmrLCx3qo-}oti+;7pi^T5btxF8-o+moSQC9b8@;mq zp!6Q0Tl+?3qR0bFPH9BJ`>f>*)2*+R%15$`^Uj0x#L+XxQpSCV;tl{07|rqu8n@nziU$7^&FQF!)P)AOx>;*#O+bw#}1oN()hxoWX^Y=*S;<5gbE=^O-*px$~h*O;MQa860O z!h^1$wlVbt-!(Rq1c|s>YT<*YNh6}odGQ31!H`KxL5D*QLs+c6CqDE$@WiT6moIZ_ z%KZ|rG0qTtZZe(W>cb_IN%zGm8Zp7b>3Z1;f|cHMJ`|ijOsRT=(?oID&D8fLHa!zx zX5r!CXESu>w+g|c!2|3)MLRsC-6{gz8OqZvp9Wque*L;8Ss1#HBcu_n-J!*F_)O#sK21EM6=^l70U6D-y}CT>@|?te%a-mVX1AW_tw7b zWvsP((ygkWgzUfDlOOfUSDqu2K#nzF>Jx%Bwi-AcZ11}=wd_OJhU=^(mlZ_GsC?QI zmnz0ArBwnBGCi&V0=?_DH)qix$R(~{E-gW_@2+NBL&WyP2j4SBO z;fvUczd7fF+o^BqU*l}Wcez4G=&>}J$rFGg=EZ?8~E3U%~@j_lB{ zfoGu;+^#jXb1pTF&sGPRZ=c$}akwdRU~F!fH8FE{Y+QTK*Y){@qtA;) z7w-j7|1|tTW(q(bKVa>La_(<;VDD;=|G^eO?Gb>PnCbreBR2onYp{Ql>IKN~0aUDh z^k)B$Wd!7v2lVt8`vMe!|D5RmO{*8cpI^PwKN`*d-JQSb^#as0@5_h)72JRD27u-t zqUEoW^p6hu|KSY)zdSr4xeJd!S@}KGepBjw5c9v#lI}Zz{ts^e>yr<*itZ<3{>jP% zZvX=S;o1PQA>FTopF7#Gzp>$OQfd#_@K3`ZI08W2|H6j!jJGdFS=(6Y-m3LM3;S;? zOq<~_BYkH>)AsnP5zdBk|1t2=rCZ^DAjNH<3k^&U9c4v`uCDxK0?Q_@j-|}0kqOLD zEyEr3+i*|&yyQUqG&Yz(*iKEx_fRVrRte=jxH~+ z#)_5qk0!Dunu!B%sK`?J>BWOqme2c^=0m&mEbBT4qEv1wUKdVi_!Uquj+~>qDBpm) zcb&U?NuAsv5O$qosgZjt@3jmEwB%Mq=v?(Ib?gU8t42l8;^BeOk8(Gua4XZuC_Ycx znJ}bPs4|m(gWl`h62}d$hI#u}nP2%`a$8`8|EUI8aA@B6^-w&>NzN1Ee2n~&)Dlq( zQ@fzk73tHJ(bb*<#w2<9QAOB2cIHahQ0a|z)U`^Z7)^9BBy1fVexC zz6F;PU^EBu5=mVH<{x9C=K^|c$hrd}%#I!jgh~D+8WHLd{45B*MjaZm9I!Brwq2>d zY?&$e%YFmSrE2923NY=AEgpIE^`d}hwBUge{5hB82NlbGI+?`wyd!4M7k^&0RA zo3KR1kA&SB^%w|DmY*cR**KIQnJ3)#dGs;tb?C!%7aWSdogo zTCT(tK+kp(K7fNW1j>kqAd;ULdGWPq07miIY$ez8r?_C{8;*;g>htlGSFX$&Pj{Vb zFbl4ac3r-hAW)u8`AMr;P0`k4xN6oagF0bE<(fBxr zQN&;o7P`4tz%|pO?$pje zpH2~<@IJA(LM`*lJ#QsVN^r?+o9{exC=N4H)bk{%GdssuMdt9ziyREt>w2nE%H2x3 zjgTtQ${_%X4JlpnmXQ@ouVsiPC~@S;U3LumnO1T^ zq1}DkbD>v&9}hm>8BRKDn&7H8+3N8uo`%?MXZB~q-t&RXZ)(7?qco^1%aS&`3H_3X z3#+GUn>57U@aewr5_M38#Ckc21mz5jA2uPn3w)8WUiOc_jz>0IKI3%=Gl=M$&e7W+ zLt)rRFMRpU)unQ=(2&d1yShi}EMv8cRBjq$gLYY_6Mfy(WJ_iAjafKciW;aIVriCU zfp>Cgy4kC@j85xWL~(;F3sJ1Xo?~!Aq!G``F&p803_2NTE=5`#u~O#VY$dZ{zpJ?+ zvKo0F#qEmI>4Rw^aWo>b{V}rI4Hm*X5Yx`n$=zEsG@GVuDay&swr<6LFE(9v^~%g( zw(3LdzWVAHG7?3>*)ZBCG5XB!I4j$;>=`Po;`uIkW6=`76_9q)dv;U$EoGI3`%BlT z$_+gw4}s`p0@*{6Go*m-2x4@-N^OM-jP9dbn_Qqdh=y+K?GfDULG#6=5}cwc#{hwt z|8Sb{m{+d}G9pIqoCfjG;05Sdxq#$q`*S4T_N$@v){p&&T*H1Cv$S3VeB8)VLKB`g zHaK<7j0Nr1(pq{<&s-0Uzd}Bn9ZOV~!P=nsqUJNq0W>Jwr5dfUmSMb?C~8duY+vX1 zv`iw4)#S3FJIe600UN~fqg1Nbg1+puu%Y~dCvm+&LR@q9blmUadTHYILRUKjLm3ld zrL@3Wz+O^Q65&u=V_92mxYZvDl`u&d5uG74f1%^jABUmPuH))^X=YqA+eM5nw5vZ{ zzm-wVI8VfqDEr9XLVjmj1-Em5--5HAdA_s)4I$s5y&>#YGlR2wq%5w zSa?N}*l;|$x>MOQrXq>ckqu-hCNU_NZBE5*Xtu0S*6tdus40uP`Ll%!Hy^YQZL&D$ zd76$Sc%-h9HDQ64`|{;oi2>RX%pZ9y%)H$+_oOgNitas9WwTq3pZTLPILG%Or+wmQ%#1iXb6apuyMZzfBVoF9TG7?ZtreIAL{Vb zWm#||+TQ1U_J~%OIM3RQ^{qoHc<=pAD-8H_3z;}I?h||KjEF2p|C;?mEX#=7k4kJ~ za=?=M2zkgjWfJ!VvG1!yoc>nE9g>PMswM7-s@5gE?3Q}ELOB0t(OGNx4C1!L2r`B? zqM7kiC|(&AEhuCcL$DbjM+IK_4GiE14l-KrN6UHBHiYq zxjNT>-RA~-*#K)DQ~!0S*`4YdMFYsU5MB7s9LD-E>j%i!0jr2~zY1^vkOk8Io9^s= z74c7Ie#-`L>m0Y~?>~VdK$GqdIhCJj@;^HCF#88Ui2DlMpUgaP=wa#)utLAenm>eM z{)amNrM!m>aaZ2_la&YFJWTxoya6DZU-g`STpYmk|1M|0Cz(Hte&7WF=>C`r3(KvE zyBC`8N^N&yKi_LgfBEph3P9rjkU#)<=+_CrUv_>!0l2*h`ygfjHu|22{$S;IZ~j## z3_v9Kha}S7PXDX|KIEZWkzxRU?$-9c`}9x4A2)IxwRIX~KcI_-4Pc?eob~){tov>dD*)<~x&dziD6Vy|* zVwk<*4vJS&h7mM`yKtN1pz0@E(bX+Hl#sAPU=EsyqOhMi2zIZ(FqCPT?zE6DO_18+ z@@^DNG^4I*Z+NNk!m)n0h0XJ`-)F({x&k8Y8SXSyIhj88`p;8xl_+H=MS<*a!4s`m zY0;u4Z=7FwK~NZ6kUh^%9$3I)#K15f{s4*)-obZi^{iJIZ^quX1f+!RSHcZoUq*3JU!7MoC+18aaqfY9jclTGfOMEXa>*-CLop- zjbbKQN)Qh+D4CX~d4z#ygQFen>bwc1u110bvJ*4<%10ER2dnKhZne*N`iu7>C{blh zK_e=WATRC6`h~Hjya-ILdE=$x&o5Xr2xSB7&*35V9E*0HU-_UENpap!(i#F8Z@a1$ zCrp3+oj~UWgy7OVkKZP3(@Tjps%M_!Dnn~HY?kqU9~V-zYoAZN7#|@yoXGP3%Yn?+T|t&s+4Yf`lcsYv={T=3bP7ijJwdt2Ob1q$C#~+=|CY zP4m1mb4y_F@Ox!ej$Ng1FUv62pgn;K6tm1nsmpn^lM>ZHunFs4 z$Foqz+4Pd9zQQOC+YG8nX3h#*$jJ!_5;bo$KD$KCr`*-*%B~BzbK+VjON{j#nK{A3 zV_b7ndNQh)B?tWvb$qU zOh+~7F5c*`Ca;emk;c3-F424GPDuwD=$|NLdfeQ6*{b%NXFUn2%I_e3UePA-+H5)| zC7?Xk4gYo8BhmV|aptizD4_TQqUg3N4FezSxM;tf(V(jK1PsOO*cw|o)0+y=A~+Uw zT|9@$WfFcDrKYmRK6yr3BA&~yP+A{RWtjp>R7x?J-NXUH+y2SK9-NBBUto5NXI>P7 zL8Mq07mf>3Mb~Ezyoh&Tx26vxiIfl$OtD9AHvb?>im3%@cCm1yYUns}twq>jId9b0 zr|_I6lb4|0GC_xYvHQh`wI?zOL1Y&kQ$;o0gU(Jk@^5-Uc=L zm5f2;F)(ow5)ND)Wo0*F4&5uC*U~YFw9f5jCU7{=Q$VHH%eeU4O~b*I5dF(4{8}p(F>n4lp;w24G z*zjxN7IPiswz50I#3GD0yDK-cY}lh9u^ZFYT9%(KuYpFx#6+#uyxYd%L@&nRt4+S(xU+;gg_N-j zUv_w0&K}K(Zw}MO4AZH&z@*j+bx${DoUYBd1Kq*kdv42gOblU0L76h0v}3Kf)oDG> zt(V$u{M=DTV~@6`#|lzdzI`osI|tbUHN3X#zC^LWRa8uY#GFf7rcd=8W#QKI1xYu~ z@*JhqS;rUw*5?Y7Z{TiYM1E^$ybsn+%4NFEg;k zk;_vu>@uqpD+|`}^h+G2*AZ>W`1Y?Sv9vg^i= zJ_VMC8#?f_IJ-T`Q0{HPcz;#ORYcV=y@4U-8R#eXj2Ha%)R&sw!OKY+N@gJ0+5z)Q&@r#C86)5b+l#9-_-5YcTLg@?0PjqrCSC{tz|w}a82 z$1Q2?qD@QfilyW-M>z^O>z{}DGv~@%Ou)Vu!0~O(6(dOQG)`0GN@Cx+%D>8wT^l$K z`5-PqeM1mhdxsYsPo`%RC#buQrw{PeRg=D|tEz?VTwPsXPTi<;kcL)g$6j2m3`n4{ zAcPb=$Jt~ZaBMZxrrvdXd$jGoy8b=O1I(ZwoWkGNpZ;X#fkO{d zX@G?OmyYSJ9LfK52QZtyKZL&%5&6^b2W~t}p=oIVQu_P)&;PdbZ_1;;bWne2uKxRW z|E4_pV0G^#iT-5e_gMidkUk^~+P`#Ae@Myx4{rb=@NRMMy72xq`hgb@BbSy208s8^ zi2j3_e+k{&Wv8RP>y*3`@%;f_KkIdW3*8?Weh=CAfI|1Pa`dO+59aeQWNB%B2JP+j zz`x!z0W@=uNe|2b1nj?Y4$TA3xs?-Te(ZXpK*P9X5V;#*PbF2Ilf0ZN_$VXi4cDaL zB8%N7P^pZ9K%|?iZ#A)k(vEb%_UW;PaV4Q|8!P=lPem`x~Ia>bS18r}_bI=Y}U8))n6-zy&cxUW5;$sJ=6~yhcej-xl9C z4x*Yj4D$XlJ&hZOroacyHa-9Y%!DCJ~jdsy?MHdr6)c93x3-iUd=9U4kx@Q$b7?za*^C zQhM@it4iI=8=|koeK}!io$}NRl^n`teO2;xhe3_BcKh?S-shyYbsVaE4#ZKyyFkq{ znfxs3ISZ(ni-l7Pt%9(Uee5G;ROHWB3XT#O$91(-v&MCa3FHr&jQfxe3YNUs4|aE! z{~u*v9ad%9eN9N0NOvP3-5nw!CEeX!(kUQv!j;&Mh7C*0j$FwJP0OZd z=J@)J`m(Okk}MxvJ{Q!@WV}Bbh-4aYr8Eb83NRF@_3&8BbY@ZB<%*i}#Uz3*Zlvtc zXGk)uxb`=GV;}cHJb7PH42u`2SwPboB57;Oj62sVSd!}tV|kD5c!2A$k`wRas{5u1 zMapE;0eihoMR6v3MRkF-`HDHjenTq#!(hXZ3-I0|UL`cF3jT_EwJxt8v|WzOGblwM zWjJk$BZ6FCS^H>Yb-}{=QWDaSC?l8x0Kv68qVP@o#V{f+K2L?l#~ZDZX=X0!VvTE^ zU=Ti^RlE^c*Y&Zxx{N?kZ-axRepX8CR=QjPC^Y2^%P*s`8HcvsgVuy)03l^}6zU9S zV5u6Jn_emIrZ`Jm;zRxI^DDdwrrxyP+* zog=TV*h(fi_!~o6R@=|1YYj9TSxan)H9}a#&yDe6cZo4uNmw*uIstSC8v)SeYkf8CVb7CyWvWro)^a5})#G-M z7~YuhC6fx^V~e)B-k(gEUM96KYTnR^r4g(E;yS$p>?i(Z+$;4bB zvZPq~)OhOTMQ#IRtWK(6q(L}3!**&MeIwRA62z>v7Kmp3@QoePF9awZd4UL_a?iWhgHIbO&k~su z>h-G=3BcZ9?>ZF$(N@3#Y^C^{pzOmwI zH9d{HfHbFFsnq-!c-(#gNCNuKryc8>LSLEFfyN_J*3aj`eOYIauh)TtVbQ~KzI-I8 z5F38G#{9CR1vAIm$9^6cC2B9*fgZL z$l3s1RH%n`QOscYDc&Km936(#uY#`u+8Yy1y%ZK+-V0jX5kBTs{WU~GwS8`@;5c1? zb6Pk&cI!4zXFgx25cp1Fs7{~mE5f~~HtiML$tS{;E0zhxW+^s2cA{-(cApQd7tNox z#2Xbl9YrZHKw`!A*&RTuz zc4gBmKS{5}SX)s#i0|7Paw-&h$cDu|++*afmadG5zkOTc>@}-X6jk@8Gzb4lXOcKN z9!I49OS)#LJo$9{I+lWu5G-4Omc(WGsNmtbcH&8E^@lqz1u6>brA35Njd!ItA%Q~y z2W{1+VHGl;q0^~Stk8IctkX;b0tS5vZQs^JAlHvt0;xMw1$+y0#D%zi%Jm*YMK$Zj zo^jwtJb3noP<1Bs8Z64SxMDqtK4Tp(^g~Tv%KD_GA9xhMK-sY|JD%%Via@)P2_-+uiBLr+8j zKl9W{JoGp9POLo3Oafo~`vTJSP}cQp>Ef`lZtM?WcLHpw(uaKmynw49iC@6*#{r=V zc$0!J(Pqszt1(^Qj?a8qPaXVch4R<&nGZ%D(EK1Ve`8gD9G`h#tMsSGf2TwL9-m3g za7)eZgX%wLAN(KeJP05Ei}OC{3%iqM_pJ9nXyRYTXWl0Z{$%FSi#?{l4;0RA(4FQV z-ufU!|6hO}Q{V?Y`e#PxR>l1zm42Fe1n9AFdjRNHM&~Yw|3A*>F%fB9vkKfdQ58+SteHxu`}LT_xZQr}9^k463l6b}D*E1!f4l247;sV3ca$}diEUeBY0G^X! zL}=+6ues=23*@!rrwbn&@{lFWsHx5t8)X^IX|IT>kc%i_Tp3ImJwNX)SgA^T^6r@i z{a|8;?|tdq_Q6%JE7MAhSzm&aF!GJ6_}$!1o!h~5OE_?y$4gE-TvC?bhBeDnQ}BxG zo8D~6ota#5UGk3I;Bn91+&quXHQP@Ma`AO7ECpl_V|34TRbW?B70=FA1Ss4))4Z|* zEKc%a@hCu9+`3rzG|dcEnjZiL#|C&$u!khyoJZVMyaX*f+Bod7O3w+|y_CX+qLLCl zG5~;TD>l^`HKfGfWcj(-(y)7V6&<=Yd&A};&VXR(T#~2&m9BVJZkb=q1@nstEXz%h4?FPIv5Y?{SI#Zhej9sFOi zBy&Ym5HY1CQp()VrI3ifSdwq)E$D*8<>y^1J9_XzIL4}|!4zLg;>yO}W&i3r{znkcqvE6F5t^fSH=1P2r~audy_V2PrHUXb6CkC5LKS;W?=oN*l7QjH#L|x15Vjuw7TezILPQOad&cOMNE&^%X)rNX61uKM=KL!)qkU0S{m7Gipr* z3ab1jPWF!nI}wU&71{jljNsP?_0#CsA;NQP3$9 zw+-yX*L~Z$uUB!(LsVXjbhr_6EF;J=x+(T96xJK|n;0F^#L|W-bd9}yuN*L`ehRFVhZlljqFxTq;uFxE z8J6+-#AO{ha$&IoQB95~f)Qjz6?X3x%s)7sHDjKig&*@5;On2)D}4*+tId`$pnjXm zLmN(O32mUxiKr$S^prbxH+n27bACPg#O(q!8L5(L^TaVr>C4;ojJzV@axB*)zMiV^awur{A(ch%U}>{=0e)u3lk z+I_r=RQI)!ndAKf7BZ$I=#4$e(>6&c+`68`N=BWOy9ani`$Ttd2ksu!uXkN{9O_VF z#zA=rAhNlNKU2==o~rj48b|PWHZU0?x#)>QDoR#dCvdw>@{<@Rr8jFo6Gp_sx9ici zit?gTuu)2ZcAQvq-5xF=W1mCR!#7EwbF(8QtJ3ZsUi$0D5fTh`?(~+jGf`8k+H}%v z1F?o5mNu`&AX)UiY4d>eK(e5K=3eoZ2EuFGNYaE?(V&{=4bO!wT?@Rnn>qF8v_{HH zd#}YK<48D`IX{G~3%oO{SKC-h}$nqU&RWTP8ONp*R zK?EK=bL^NMyOY>w`C#@*A>GCKI7dW9xO$8{ed@-|5D}m(tl8rJ6oG9gcuyX_S!~Uqy?J^n@Ts5OvahF^^i2_#)*1_xpLbYWxNgQXEP*dvFg%)R z*lzK80ytNcY{>$)$E+w)FT&5G8SVMD!gZf5UF+)!6^&lU^gu@n+n|3AQh1{cI_9S5 zV?l2=QU~1ixlvj?b3qoGKsj?wiWY&rbFV&BB!fhuKYgXiH{fNboJPVH%`RG$znXY^ z)Krg#;r1rt!MZ)$PT}xt(~Nk!2Enno@Z1`wItq7G{w!b#39si-%iWH<)cov1>JSoe zN#$OgF-e+UwUg&$P{CN)#g;F1(BkrnJy8W)aWayCZ4C= zYJvC6V0rb8SpgN3nOT14=DzOR^G!7~)sXd^!|WFKXmO;VbR@x|1)XC z{n`BfCo_*&>|a6hh=0x_1yo#%wGiNubw07UjqKWuKR9r`hQ&ay^jBr zl}9i2fRsPhbH6I|sQ;i99y#A#wcCH7xfkDmvhoPcU)1HV8awJ=n)yG^=CKn$@I2Zd znWH~h`5n!_hEzWMB{1Foq<+e-AHw}k&wZEtl2rfFbH9zM{ONi3qWi9f^xkoQKK=;E z1Hb)?a=P6e`nz&6F&p83dhODnNeVPsx;{NAS0E$-v6lo+m>oX?_gdO>+`Yv!T@LAD zi|yN{b)Vihf3}y;I0-GbXD6fVb>sDHY;KItPmVi%iK-lJZOqLtf-upA-WlK<;-Vw6 z#P@PJ+wtkX5#x-zE+IVK#bS5jCUzCQZ8!oXn4-2kF+BK&RUC=gGixN&Hz%Td$byc4 zIDTe$4K&|-)2gO@%>-z8b1lFel>iS=0eAzjCuHd6H3WHDmw<^Z5L#^66*aU7U+Kym z&lNu)WG<4F0vfZf(sgc63Sayn#%6lpzzc1th4fT_Z|a3F3YR6iIFw zqp`&(e-O4vbv$_;Mq%pPC3!^h)In(Tg<#W@XPDu0=;*Sf!|g+T)tM{VpnmGA)0_h! zbJTlv-j)#GcthWEdh6HdT+n5#3IZAFh)HK79NVnf5pn01`en*zgnu$aOFvI9Ch|jz zQYT&o=^k5u$tx-+QIXr-MN%fpn@s+B4|fQ}i7HvVekjPndWo&zGq0u47jubYas$}EG!eQP8PK_GOjY|2E1VcDGPUk>#Z5b>s)uJ9Jf<>C*Smwm4n1%ZiNGYOU90%mE;qTYh zJQ!P*5@EEXk(?0vjt%)b#xC}Kcd z(i_Sr5HhXI-}q{eHZdIeL#X9iZ*?gR+Ee!)s)}zG3Mh0n1uZwy`zx3}<;gg0P5Tnp z+s_dF73iPqt?sqB1uZla`1=%gBgrEVyshxv$8VP}aFf>oA9gQTg31QjJ7RC@^GZiG zt!yr;G--YBw0NMhxR8gk_oEP=nQ^Sx=ESX%StS&J|5vIhsiTw zovx`*Cn0qGT8k`wdpf8(`@*N(A8o6-Ej0s|b8Dt7W}X_rbfA>3<~Y7<{1%c00h=n( zP*3F{q_H8OH_2r?R0896aXZB}IWp~a@-#eS6Z`@wN5^I3lg(m(h7*E#Kdk0THY_Xh zI?3g)IP7P97k!bZ47qC+vH zh>@u2uquH;;Vvlq*b;W5(2S=9BVtWZX)qP33tbESL7$jVa3@upJSc@peLABrb8rVvQ(O(%b8|2Q zMj$GzMRkTeI=jt3g|a!qYUI6)o#wf(YSMuVQ?iL-Ys3LpFB&PaLQ59zFbi1!xgBFH zB68gJK$ni{6q8(7k%m4^SQw-PaWGhgY4uTi#v&jOC<_0 z1L44}A)+wjeKk06#+E-SfFrNkL1~5qw;1yyyj^See0pfq(0_tvTPyOdAg9g=#tK>k zideH_{IGaRGqX-v7R$^^eM@fSjX?iK{Z(s^F)VIV%}=Ecxz^~N<6PYi3Ulu9JhPA z9=^=l!!^LYD$In)u*X(otO;s-bv#F=Cz`nCq@)u)Xk@t+-LSk&e)%v^c|2v6_3g^D z4h9R95;vttG=ky87D}D!ugGJ8vobOnfJu-oOhTD9453GYGB`UbC}T=IekLwVzShpp zySk_S;bv+HwepJjEX>STg0NA8w?bk+S@(=4>c{^q`^DyJRbt8K<0(6~uPyBlmipzW zIv2MWtg6_ZUD>(c=oi!Kmp%)Rhg2(59<;oM9dE|b;DsmF)14Q9bB(*a9k92ZJ0|dF z9l`jRojxQh59Z(B^}Re|8;__Q<70;UfIR)2ga0Qpk4Veo?8ieuzxIaH-}UtT4?vGe z>O(+3!t;ML^9a!6{Ko@8|J1J0vwWwZ{{zlrmiiFRj~cc=nt250F-3g<=bzd$`nzWJ zzr*=$0O9Ys0^A?9XMeQvJDT4H5k3-G|723=SsrMA?3GGQjdQzqOj{qZK@dAUR zxP@j7hScU?7;u%IILLt_xc352)P(2f_f@e9*w#8SaB#74Mg_;k?a$4v>RGCzEs8uN zeTSOgIcRsVI!ubzz%Mj85q_?m%0?km`G z=M&(dPPF>y*oB(ThO+>X>$Z*ELoWP|6-b=S1F1`tZjyExv@q=h3v+6AZ4o_!PL}rt z0wGs`a-jz1fb%j0m59~YZo-F!^y_$xoR*2V4LB69J_Ba>9QY!UJ6Y3EV~}=wOZ6QZ zrs-GqzY;eU35B?ZC8h!vO6x8F;2%Gv1_#k_w$fdm9P1)s7Y8MK4`=oq$DDFthFe&d zKgPlIlM7U%qIq@%usi_MM}XxuE4W4igCsWwy>t*5z}0Z{LM?0Xw?-oXqq60M!`_rx zLx+PpN=M4AgGj`){Hk30aeic-rU4Ql1Ks+E9aaQ-BjlF+G96Lg5uldAo3dju9S~$y zv23)#?rRiLX*g(EEM?t*;SivNvTBkd< zp4W#+XiV(TkRcw?MsL%?RPv_S)HGa{&)OpV^awl_{$_ zF}5>e?0r>PSi%9y6xA-e_>60*3-ji^T3pQ1v4-y64cr;x5Sa@YcolL=D*~pvA{d9w z^aN!jCbk&-+@kIEAo81*t6{EQvwhJrF8y6I|2gxT0yfNL4NMC-LhbyccZ=<&5?`|g zu|Kpn+Qs4!d{CO~kZ}uSCM$qbwI)}60`564%cArSj?p>>O8CO$i=j?viyZ8c?_NlY z+qc%ITy9%icJcja({^7H93*LJ3H_ri{Fb(bvo3k&yO6;0_isUEgFH3~KwT*jIHj8tw9qOahE z+Q7smg?EH-p$099x>iF;S$Ki0kAsR9&yJ~niuN#(vZ2_{F%c$?f;3#biR7^#uGF!2bHfZM@j_NQRC=?bx z1)7dD6~>^IZPOVB8IMR%o;GHF{Mud}Lq#bCtwco&QNP^6SH}*ABt95S7qpo{W zJGf94l8d6Q6nLlV#avGoJdBn-w#IYHCN)K|nZB&>8S{IIFU1p*_-r!*r-14gkM_L4MxaJx=N)G*DzG}W~ll5t#DG&J!xpDGX z3u-^IXzX!GYxITyjaZD^4ZFFuspH4e|d0~WV8VX~WA z1_kIeeM)rT%#FKo;pbn1`=W@7+yrIuAYuW4@3^uyX!S=g!z~zs3`TT zU>s_Nr9wz9fCelzQO~F5_86ZO%2sD{zMN0)caE4inteT>V*xPo4tiz&I+q!LxijKT zhW6#!+0}XL{?X-uyPs{w@Nx*(oB1G*{kc^uhx7eRFjDB(6reDINKYW@;zT(Y?5+hQ z^y+<_e9r27_QpTo06_yN?E}C6GaG063%R>(OQ2!-NfaK0dH;if{A;-GF9w2p-=<4{ zH>>HMCH^$?J0)WN9;5t8%O3N)UwfD7Ssp}se_DFP@P3=E`-pGex3>Jz%p*XLson#Q z_Mo+ep5+IMzj3sGO=o*>LiepLe>C$5(0AhWA1CxH%|L%Q>Fd!^KR%$p$(0}JhCiBl zgy%1E<)1tO{oMq!{{iO#-Frk~aew3q{%GY9n!h;oKY0Rr=I@{SJDPuuTzha?Kk@{B zwDLQee~nvv;5`523Fz;p&HWEF-@WVMr9VJJdzUBpqm@T!{^rWRQh4|H*G;$T>7PYZfBgDK&p&Y7{}u+fGteLHg8C=V0Lasy zbh5LZBPW_e+~|cLnCT$NMJR#v@}InmSX z@bsA{eQtA9+iv#L>@r8v>{*#QN7CV0Yo4U$V~sOMi?C=@OgYj?+vORS8`LdlQ1MKH*K3BscUFtW+KzIs~#lC6iHCxHj zOJuVO$Ut$}OZ}9W-`vuymKzU(VSuKM6J-$O4=C-TAx1nk45{6+2S~CbFa%K~qm3Y* z>XA!~+Qc)I>nmDUy1$khd*Of}!dIc45eHl>ZIC}+z>bXW%%E>K*&bV!7|fsz=>~bKB=@RU`zLVv|gN)m<~i^?4emGWax%uP+gH09+9`aO9-qd}UG? zb5F0qnVG%B%RSMYcT%3pQjKU5bLXAz&Y z7RRayy*HtW0f*<5drsISCu=%Mv>WAzBpY!|oje7MeqxGC=2W}*d;`GkFoSj^5AKPV z%6ceTSTMj4@|S%}LzN`?+FlP>g$la{5r&s}B^dx=jHHb)H@_%qV9w?@7Q z#6uVHPnIeRSq3tg-FGEdJlF5G9SeCzgs^OjuqpmNJTFywmSQ0{@&(Q>z?x_BL{^1j@lWdg^JIv z?v(?sz!yLy8j!64;5B>;Peeh0mNkDv7{v>Afifc>bZ^DcUBaD`*NXn^%$WuRaHhBj z;5(tTFtYg_!S9@|=&p6NsmKcRqRsi6R=1jxx^8F}c-05U!}-$)Rfd_d@_osN4i_QQ znx>ZDj2>+vY{esw9tSYLIj`jh61256toqmx$YG!za5^{4-sT#aJ2r^9++M+LdjWj?02< z{H{nQy1wGrbxk`MZHpu}jGuN~^^9<1rg}M<1$wv-zkZ4R2KF2UAj%lohYe z$UtwgN<3S3Ynh#0}Ia)diWj%BZhbIpcC0y{_T^rt3TrcmlwSFiFJrs>HFgk0i-C3*_Id3mk>yYbJX2HMH`dzdF?w>pxGtL zQ`C!}Y?jZ4z;fFeQ=&?-N)sTpK*I$u38%P1Q!zmdwVuw}m{^aYp3gYOhT=OM(wySy z>12C)NieC!k3azq#skfTTXLQO*RFlCxwrFWa&hVC(yzw`*|#}`D_}mbZgTfr)8hJC zJyFP9IMj>+Qo~n!lPx%hJ*J`gcu#;j5_DGc#Qtb+yz{#}qGX_%`m;RxZ3OFMHS(** zh@SaZ#P~lM(_h%_eT~r{%{*d0f1$Szx<2UdrZ@kfl>Y&U_OFA*esaoRA>V(@{04~j zZ-d4D>H46*Q$GI#&R-brj{=lGT6u)#FAVpet`B<&W_c@C{S$Tx!FFNgZLK^M;N+9|>1%8j`hg&~p z|Fn1g8-G5X+hhanj}DaEWCQJw&Y1fc!oA@~$%Y@FzBhK8Y`8n!TN~ehE{{+pqqwt`FLOri&@jGW?htpaP>~s{P&Q_ZNBKo&T*k=xFE}e@{i+ zPE&4&cV3tC>k*tvs%x%4Eyc$`CIW^a0Cp?k#unl7E{~jW8;306Np^D1rW#e@m@cVF zmGyqI?lx0(WHr7zk|nj?Z_30qS9{?y%;D_dVzJ-dP-BL*#f-t$E24+_wVq9_&iSyK z&Gme9hw5g=O3le)f63nV;1pr3sLy;*;d%A+_;Xjzt+D4QIeU@T6|O8SYI*7@rq;j# zvh&R)qYVpc6&GOJyRJ9Gou<~)7TBEca2Agm^R|03!G`l(IL~b?S|c|il-qp2%0@gF zW-!mMNke^KIJ@bU$0xj)+SnabWW@sM)DdTX7QbIBE%*uQOn)fN%AqAg(R>C9ZV&Wz zq26}5(?XAgqaRu~J{vfN6L@AFxe~cR)SE?ijOSSU)3AnCizuN2aRI~iX13NMCDxzB=vwC0YcmP;3v zwSXY3+G+v6rEn6~Fizq8EI#QY^8p(WjOkob-WO1MN;eWxNgf}&di^(}HL zr85`kJvISsEZCR-L{#woJ1K#hfm) zk#%3GG0C>W3Q(DC7>`}NVr*;#*0FnR4zWiVXH1s$%UYo29_d@$W(tJA1>$sO1vlT}mKIa}gTs6%XouC_Xe zV@Ibl*7HrHfz5SSheN}i+IlR_9;&J|cn%x!Odnm& zmhJ389Z+}E2Cq34n>y1@ZknRcRw=4Zl!9vvv9|4G8=R_kCU8pRYQG?%QAWO>L5-;5 z|7?nk$-3i_q_d)N~>9TvX zTY!Nvu99;`+g6BcOwOtLU`31@m*0Rg5 zH>Opt%HTVm)AP-d=TfoLyMwVGsE$s@Jo#v|XOQ2)$dW{ATrTGnOcb8w7O-F5bn|tt z{(Ni8y7jB&8$1#y5q-9lHbGC{ekUd)=}^|(+qiCr4=vm^mT~@ye5L))b!1gR7KL5}1^7u+GFkKkkI^+{@10E#d7MhL)3dmW&4V zYWGWe&p{J<8pPaRpu#_23!g=QG z^OBB?Aqy=#4KJwd3Jbcs$*eghfByhSE3p_08UAs)*D0G!`W){^o^M-&y8O9py3FAH zt%8VCKu;BLn!rGqBblviLu|AO*9MYUyOK%uNY&9oS;hi&#HwLSN}D--zNQ1#K9B2p zgO~2F?HK&bP8G-cL=QB9Bmq{_=Z zvbJ_LPh7|^Z`8h3hQ6Cb<*l#-a>ff3Caiex#;vkgV^o{Tb^Ma{G$qty0ndA{uuLwO zyWMpEygUb_a+#-523@5ztI%?}>)2mXVN;(KFMWtfa?!V5FcRE?q|p9-Sw=4Hlg!tj z-tg%fD3v1MW3@{3xgvC+w3_6y%9XK&)Q#AuE|wgro#j7IHl?e{2+}y=E?Y@?3-Q7P z+Z~^G;u!-f?aPr`T(V;NysA_ukzsCMMa;DH7jD6+wvaH-Z9EI8KJ!sQ)k-hCmwCPt z->lP+y8HsIR*+2fL^+~T#i0V*q5oTHOY8KEDdCs``iuQ{h#y+K=g(wfM!o?H>MqlM zQC^7jVrE2fDdk>oV~J3RWweIz>aJ#z8mvlK_^RlF2vZCJ8dc0!Sor?4CFBQXp)h)O z5{I`RI0z~7IZW}9H4Ba`j)2QTV}B&w3h={BK{ z-5tU+g^PQu0Xm%}0Yi3RkBj+6n~A2^kIO$oZy{n3@bX;78Aa`)r72}VZXbUKB_&9$ z*+p+dIK=46$JZzHllF$algFHU zJbw6e6L52h#-cR?y!eUwiH>;D!AlG-p9a~ZfCLVho^5GZYp}p63!{6 zkfFenayB(G&|^%OR&+A?*RIzgHmzv8+^P?Elou%n-8p?kNl?@w=zUQWMUmRL8?p28}H%E!V}+^f?@SgODL%w{7%PlY>%) zcUCBZZ{K`Rmgmk;wk~o$Y(gC3`o?IS-gD(ivqL+Q6+VYg?Tquw!r3J-!g}v(6V;e`3-M`4V*@_!xS4i+k37g}xbaE~Aqzg8 zc>GO{7amwIaX>Vl77a4SPoN;DlbHLe$$iPnpy*jDYGa$Z&YzqVgKKiFfc#`5hvk&* zRX*jK_u5?Mk}OpZvYbuq^%gOkNLv!nPTca-if=7z8=#Y~quRlj3M%T`Qpjwua6TcW z;ZfJA2{Tb=GO{YwmOM=|UZaRfD~Zf`rKhpMciTsZJnHM3AJ{oK8+nJ@62 zMDr}~lXEr1r)=aFVBNTy9bQBp)q4ZmpbKhH;F46Hk%BRlfo@F<4`p8WBi{tHgH90i$D4FZV#qd75iQ8V@)yDXy16tAx zvDY4~?Alm`=if3oc3S>zRfs$v-FeeH>Ht)Bve>u#a6#pTOj@+dr(~`4%jbP7&kt#BY0-05XoIu!f(F*>#~z`^6_4^=@P&Uh67qT0(RLiHV&fK@ReV zuR*R6L$-Y&h74~jg1o>B1IdEC0Q~qR%Kjr!)VV$6g+CF|$4;~?Qpmvzv2!A#^QxjJ zmmu`dCMf8c2I&CLp%lT;W3r4sXakO7wDB_NbLU7A1Tyz{x+w$PE_-S|ezp6@-~{c% zDS%Q`GLo;Ur0vahsCd5rlSJRj%AA#oO6#qq7Nx1dTPsREGaD*BOEYWpw^UNnR9cqy z=2m8E8s_G2)eKB^Ej4aGX=X`fZe*ZlsiSxMc}oo|12a=feJc}V0&(Hj(mHRgNFO%Z z-!|1h%1Av(Z9S}AyGsi{5^|5k_T5mkKg-Gc;xlUcKbiSm-`XrawsC$0zhK?DI3-b{~iM)8oGbc{n}r`!cRu zIeRCrA8by(ufP01*m{tk|Fw*ZmWiH{hL(X!#K2TXP{%+|-|F^jzOUzcLnWeNZ)R;p zC9Pv;_1aWh$J7e<$Nu8qoat{91%Ks`f0Qm#-Q^|!BQkL}9{r~i+#l3^TJld%KRTxe zF8$-2euNE#aqk0A{|6HfLOwrCe0L>DDq*GX(Yf1`zq{+(f8EDK{tp)a68oXK5B~fg ztUU1O|Gp$CD-Fw^x5P+K$;`y?@ZKnB?k@TFi+kYX!b;bN?uvij@6Y%8-P7)t-aT+r=DYm&k39ZE4FB=; zgDB^nlily%7FMFY190~g?)|3v-`?pz>^<=N$Kl2MQiuNos0W_^>kk7H&Hu+@a~gUY zN~T8__Z{*5LGfr=S!)=7|3gA@eFKn3dRsDZ=l{1y{ve?H^A!c{&GmImAJ2#RaZmRK zZ=;R0-_QKkz^~58ds}}C72e(OKQ`{8jSo%y#PHwI#=E%ly@~&hC(<&~J}PZiGE=UA zcNs5W4u^LP*yiY7Jf=2xm$!H)EB>xjArUTIq63A9GB7O1bg;6ao)^|@Ws<|Oh=9c> zCqjiXVr8cOTvzwx$ngAR>2kE#{y^Kt$?4qaaK;z(y@}u6r{jUz$lmz|$Kf8a{&}@) z$4RHFLza{d^bJ$lmocak_@ayz>_`F*jgb z(dP|&$9q@v{0xUVpt!1yR9{5F#2Ct%;!M^WFxeAgA@HV2Nfc`%6EH=r!PKL(wo|Qo zFOR2^NSXD9hNj|~lGa5F$I{cJSKomN3a6!t2(NE<9NKKB)k{iR%_aH|0A3W1NuVc$ ztMcd|cJ#4fnQ^Pl@2QqNA*s%u3-8|0!{zeWfM%g1uie0Xl6jD3l7Y@WL_5>!@l4vg zcgymneq1=DABmSRw{Xv1nHYhf-*|K6mu)#BI|IWqzUNL{O9VuD7$0jkN-YUsyDWIh zoc)DWyMRDVFcbJTpy>ze(0!3{eQ1#k!j5U#dR*@eLO0S%Azqi1#Tk_AGS z^M@l}NR5)}wENGOYfGqFC{u9ZSVQmPcyK1qXv=NY_aSfip?4R|M^h+9_05}?lYB*g z@|s9*p|JN0kS6pE+prFBdYLVsc&on5+R?U%iLsk8R!uMq2JW{kIz5k~7+Qgt=^&Pk z)}Dy`57j%|0YTar+ecl{(6xJ}y91!oLC`YS2o#iUfP?V-ol`gT+M6JGs- zhMSZAerm!jk2Y2N0sQei>Z5w8PaXgPsD;CHcsjl_PC>yq*h2@IaiB+}Mongtz}aaK zIQ!7Ewb^5fotxtenDut_><-nvWT<7?n>(H_E0q$q;@ieC(XARj`M4WObR}DdIOY|H zG<;AK4$Zb$=QQ9Jcu$*`rnaAqm`8BdPC|My^jT(+q{SPQ=S|7Q!0T;!Ba*@W)Bwr? zs)0|LfsAD@E5qP+vIe@zUCBr-+?sjj;h0(%&8=8wF<+4icWK9R@?z+v-exQ7l2@h0 zum{x!T`p0+jZ|C6#i{ zihZNxbCfQXX^a!*?+QYul0V&REH^-F$~kc$P52u6R9Y4=U8yUG`VAw}#x5XYH3VX< z?~2!42#$IVMt*1E)8TUo!jdE9XRqZVVo|7;4YK&>U~dMh555VHDIIpRa`Fj|ved|5 zMR;q{k-qXUo;rR}g^m;b(q2x{hsiK>3EPA~r6{r{5c^ax!)^{{5xb#S2Tqa2pedlx zJAh9il*D+08p6fNw!XtY@q<0J>aotc^Spd%pCm22VTb_t6CX-0{{vP$rNJA4s-=LO zq*HO=(01+I(v9Ri6bZtVRz99g2tom7GUh~aiqU6=!=FZCMCx0L(NFL$gfb@HuOwkm z9gez%3i=vs;cGCUv-!dih)k6rdmN8e?|6Fkz+(GgMeIkL*g$wUHUjYz&;`?`R`x{Z z1ydFU5E@yzJ$t#s(;bkQJ&7;xFiq}7&tAQl;Tdbq}6NMfli^NIg?(Lw;|-`myii8oyHxq&-o0%d6z1u>uqc?`w_9Uid`5kK3oW3OR`v-`8k2RZT*V9S**Hhs{E z0Atx=J&?H8(bI7#BMs{sk5L0vTA}@SY_Sor!nWjNx=9n(t@fP@o_SLK(?(r1v`keM znq7;pkKe{yGN+l^b$vOFwzMjsgSGFfs*bV1=TmWBc>h)uQ6al$Aj?`x$56{_PKgxg zl6f2zE0(9L)lUtE59@O@pH|=S6GS%-&U5qYxr5I3uUzN)I@F?^rU&*`<<19yMW-85 zSr$qHI2PqM8y=S>?b|7ziw0kmyaC-dCq8qHbjp|QdTlVnWw;Hfa{Lu%CYnahnJ3>< zc{hEcv7MX(_}MEw(*dx6wQ{`7XJR*Un=_h_Y|;@qEcBGG!Km=wN6bkh(_I+~5*7@N%nEeOIxbG|@*G$i zvu|r35o&Ma79VV4Y{hL`ve;y2f|0BIhMG4WKNirbC7v!sgTBo=wx*lj^##(-)FnPP z{nQ?uF#n^==M{!y=B(@{9<>4N$B2Z{}e*k(_F)-C7%Iw8%bhT zQ5O<#n&-_%S#%m#l$ykaS(cLr=C|Q*wpOrfu{T=u zX5X$3WbJl~ZQc?h>5!p22-NMdwK%#t0nS-Os9lC)QkmqtlI{~|l1K{SLk1##r2*w% z=dQDd&fSGqqAL)C_knBDfldm37-yp}>C9 zs8P`bm(R*l?(`!bmD6vRQDzL%ej}3EqllqVnsh!n7#Chdam3uu>@g$$9_txSc)mHy z2J%M+Y342>H99*ZuQf8*_K8yY2+!!R;TZF!kd99}P9U5m9XwXTbsYFZUo|_1q=(Tu zhMT@s3!L6Jzk!%dyb4inV?0?MM~SKa6i^vKd=4A0P3JB7rtnR)r;$8wql^{nv#|~F zQ_)#X!gY|(GKFGVys=mqeCDo^kd)JcL{$5|<=8>6P3=e9ulWVNUlnvzjmJV10jpo; zj?au(_;y`s?*O1!V~%gkJ;=iPmF2hY|9akd`NA3I%$X0)J#nAu>)#KrcZYKq zC;j&2dc>au2GKYhC%oQ>jWa=7Y0pLNGrGK-j@3D8ITbTSUGAxj^3yrG-otf1+>aga z+n?B7w0L*gFWA92^fwX>4ytR z|He)UFi{S$|Mz#2e6LRN8$IP+o#J+q{2}q*Q4u3Rll^CHf|c>-RParTPRsZo!~tN@ zjra|yx`W67So03q-TUbPDCh=NG2Ws7yV?BzU;+RL`eni$hWfJ!0BGl?I77?uvvP1f znoUpt7lX{-WG?^39{`yDKCHVXzWpy+01*BI2<)##ifi-!!aO&%nLGdf4+wVS*IVrK z3n^Y(^xxn;9X%~I!);~axskrE35}?!iS}=B{~vr#0F}32O8_iCFZ{L;__xWw!_VI+ zoo?g#?lvEg{ym_W9t!8XqTQdRAByI?GToo0fBuVGAK%k9uU9hOTbwE`&Yx=IsPmT5X8T} z%e$)HpTz-cP=9}ye=jw${89clf~Gs`@9M|^(trK+y7cf{G~efB`mI>>XKBDF{CS1H zMZ(=L*FUTI`7i!luwYOe`1Fk6^LO{wgqeD2xp;PK1M?aM=h~Y0mBb_@ex;?c-#QINo`~ax z8l)rl*J9a*ed&V{AnxA4QjX(Y=V=p105U#5MnFtxmJ4#aU=LOs7Z8%CM`lYD5QOoYx2y z!~FI0m?d!IIefl^iC!SEQfHr(8-A5rdHxQ6LENeig!)S1v5IhDBL_xcg5Ki+6B^EB zHW>cs2C#q(-(KLWl_`?A@*G}`$*WU+?Y}$ zSi@9*N#fRyj`K>X5+4UpdrrO@X|~o=CNOs?MsR(B;^VazoZ2VJPk5sv@&&u z;bLDr>MyOm>KbK)-xQYctP$Jo+vErpI}p9swwMiR0ywKlw700Mu9jQT-_5?A+c~lg zWxcQsBJ4lzN!@nlm8d%z%G$xLKihxZnu7Y3G#iR2o!lin2kIs|*`hiSmNL7N_~gm2J)+%hdwsp)=)SkPEHNLoXsAISf(L z>yC`h2&_i+AwKv^>3cHr%=PsPUr}Bq%vn1<;TDqV7^>6mo&~TRQNAEjh zwP`Ajlg5oz|EA89K;MWYFjpOk4@qfP`e&=vm*7) z=}b@3(!Sk!+)~YBRJBKxU6ZxOyINu|x&K}KY@UVKZg+1_X#Yj-9_OkV#!_>9zk`wo zQ+ajC<$T5`#OBdc`W>&bu?g!18<< zQ4g2dG9AZhFQ{0ha-7nctcr=YwI|p$hq3V+BkJR}w`O_RO=MAiHF&cX%g_~3&%F@i zp3fSXe$@3jTrtkd83-V$Q_Zp~XURrwRYPchn~1j)7bcFmIa_E(G7_8zskHP&v%r+0 ziX7d*Sod@0qc{)Ab>@bgPX_8XqbLQ--Yv~F$`@qpuV0{I=9Z|Xo@p;RF}jS9Qv0tf zTf1>sy)d32CyH;=iL~}cc@maSxl(D6$7mFSl`Wv#?mbLpvy_7YBu1Kxnj7Y_bLLsu zviFsp&~=|ziJQFP&8e~VEbq`$4qqIrnpuGy(z1pcr?lXMc?%m{N)1YR>1XGLu@%Bz zFs&-02%Mq&f+slZ6vF!|kC#ReFehGF#=??zUX+lEs;2`u_ z(phNeGn;Uvq%cEaomZOQ9AqFwv`zU88#(ydfZfwmv*>5IDhAJid&;80*J)U(RI zJ84{kXBx3_8OE!tQ?FJRN@YvlUI!93UcjXXH!?j!?ch1>;r*5>erClWf+Y5fzKM@H z95dLcYTp98O;k%k7v&qP(W4%wS)dbb4FO^DtZV zpGqX~6Q8eHFjUcR!0ePnus25Zutoq6mJD03nqMX0u!rRavGka=Um1a4@n>R+R^>ZZ z0L4v0W{C9duDsjwV(1|Ag5I61gDy#i$+@PkE+{Exqdy}boBdF_*Rh{ZGsmIQO4?!2 zFF&bw{0yPRkg5+USE3A@up&Oawx6Gx>bS~JH1%ST7A9n922)ch4g9-KnjDpu3A`va zoTmLqQswR?+tX+5ovkewj@&3dneHv8c1SNVt6FO?<$t8S`GDWflxF@pW zn7#fTkS}?8H`nUvqZd;Wxi8gg>o~JU*CqMqv{8sIQl zK#L#g1m5vky_PKw;V2661L9Q9=TT9vSH#3hh@UXLG*CPi)q03TU-{y?VRiA zN#s#cE#R3^3Ts=ncRby~#hnQo_bZJ({IN97@+m17nNRMCw-V|#L)?C$%B7p)H6cP~ zjTw7H^r_l{YTzYFBM|0Vp5DXg{U0n?0AL3Yz5mPuZ_&>GNYR-Av;FH#@g_yTL+=lW z-%C^PCHTLi_dko@&+vak?|&8t$nbB_JM&-Y{U%*!xjD%#Ez=G0(>+JrI|)F#{|lh9 zGG8|*|070aq5Zpg{y!k&(8qyedFib;i_NX$}KhpP<1mw@zavuRRNNI{BqSb(brA<|Hpz3BkPT0e|GkN zeJ#IDo;=`9K%$U;>7X+*+}p@eG{x*dcN{N7n=ERPXGGp9!aBZGL#VrK-5s$D&)GgVlPtb*cKs`~q-r9t;V7{PN-AL2p%Dy<&YosCwmY{7-oJSY-Ho*kUZHr(GOzPR>G|)JKX=n9hY7im1;OPaQ!D=WByd znuG@&&I)V86YL(i+T>pz=@rHAG# zDWjCt&xGhdYU}9WyW=O&u@S~#I4!W+P{}y1a0`Q3i(hEbj%#s!ghq3&#n+_e*1G;3 zzm~bSt{YWPl_@y>T~tQ((9co$6ZPq;AX`eH4f{)%krq(s-n6}!V61M?F0tkjECOH* z*_^4X?w^=m>~xJ;*fr0<+!CYmJX|IWaZT&X%KaD?Yw+>@5LGgeZg@IMrO{O^ZT^HnK zbb2@KGJVmgNpg^)w7N0J?KlK9k`dYKyi&wXx%~Ovj%_73qr@oHTdS4?u#56_(f(?G z6k{qWtqP`IqRMir;%vMnL)*>a-Jb4HV^LequP_^2f|E@Qy8Zh$gIFd}ei?qzvnwCl z*r-7~nv}wfX%_~0+asVp+tulyJ_fOw!QT4;dj2EI$+7 zA-X@-b@&ibSFygmEHi%gG$;6FC&|eC*KMQM>?=(ma8)x%lxjUZLLl`{u3+y$vS?(| zfP-|7JW1Kn54s6}u6(whK5dl^elPh=anF(K+3A8-mmDaa_X5FDB74@s2vR!9VxI8! zi&fiEeTTHoIx^|yTZm|c}NH%DKJLp_7NF?;=X4P9ef!P}?EeYEI25JX>6atMc8 zBFYvJM7|inJ1|H`x-Pw(Eh@CBc|<(rrDk)mJf8@yG>c-@^+Z2;#!?(Iy1>;f(bfX3 z{RtO#zK5&qG+e$cf!?TyVD2-YOdDcE?&_y;7HOYt5Bz~_lnLYoIFCJ5&E_{3Y{P~I zw~U_}R;RGC^C!sLZt;hJd&Yl$ zgi^y=7S^D@{uA2wTL!Tc#=cD9d51QuoC)Z@74!#3c=+W=)ftjA2>z2 zl{9EZOq6XWM=*W~)$iZQQWD7Sr=TuVj9<2MO~gl*oz`Pb{0KDS!UD4L08L_`B6$=l zkZ>H1IuO`kdND>rRKy;J3^NYdb)e$w6-bJq7Dgn3&{p4>0%HG^vCWbK zce-4gjKWcmHDm(z@Kv(=9>@vOMUyrve*(YrcR15?**B+~IgbdPLPEB`4ya=Fv|6ca z$2Ia4cuj2B$DIZH3Y1Wq*Z69q&m0BGnnzdW|e*(TLNk9!+C5&gW>JMstJ$8OR}% z^Gl7Df%~@mr`UUSA6t)mv&QU3sJhj{9$`kmbV2j!z&~at#~rd1$R^-P%B6hC!WY?+ zm|Z2t@m|8gaeBbB#AV+}tY#wqFrtC;(5^cI+P-hI_Wi2OTte;Z?!wyKdVasm#gdLN zmwx#shKc}pf%#HMfqBeVj$H&pc3EXK0(1z^>A4=2ZV)d9M{Uk4PaAyUQalL5ZodvKkG+&|hJ7ujv)lKr4*K2MS;65?#0l3cg%z zhz+`QKhBuQh|JNlPyi z-)19ilOE^AN3gMAb)lWMN&?ANH0Kr27R@2MhEz1~5+x(i>9*+Y;0 zy%}TI4Pcz1s1#Wdw5Ri~Bo@B7BiF$4B9q2PLH~{EVR$ z)m|^osjliupvrgMR4U#orywAAg+W#YCBiiBeoJ!0O-;ou%`2TngborGHX_-W%x+lE?fU{%Hm z492x4mXQbwPY02aAvpaB{LzzWU$SBCy?$@&c!!<|8Qu=*AhJtTh55CAapSF--s zPyCgv-?gXzgDwD!4VbO7{&!@{z;Kh8Kb)sOl%@mV^80@L#Sg*!^N@cb%l~<;0HEdP z*?&U%+Xmi4(!V?LA7pNHwDi|H?p}etgF6pcaZk@rBz2PglUMt?~9o)rL)`zAnd$+v$6=v}P; zYB&FV$@f$N#5zEHGSdFXvdjN9IRBO21%MFmhO_?Gg?}C5A8P?ObnJH*diRmv)?XeH zzjtte;Qr}DhFjYDU!-_{)bW?dtpxziqoe)rA2%Z#^k&cqXYU_2Nia(c6N1UoV_q!s7JM;1=~)!7C_ zpsnd;!tF$zWoHJb8pKK<|bzO=7?SR*~r7Z4~08d>Ni$oYWES zRR^X?7E>h(jC^I6@m5l9#g!f&^TJ;9QxP5e{M{1=@H?`Z$^?4_Jm2CQBD8^a(U&`j-AUOCN2KRyz2q4+*(bcoR9-vjmE&b z(;09DqzUyDGd|MamcV#oY)Kek!I9RlH%aU{2*T ztm_3~VN9G%gfrL-0fMQ^QPp zfR%Mg$Y+0IY(W9tciLw4iv9Ixz~H`ZJUmKDr}zurrVY-4_(7InqDXbmHH_6<+J}-t zUwRc%TybV~+YYg`b-YqJb1V~{_v(MelIMdaomL1U`uZY!5zSNK{Q6~~;50~Z2uPu? zi(hlioL+4k*7A|ZTXwC6OCPv59%@$+oAECNaU8_6H3ecWEJ7Zd|p4 zuc+CLUr~$m;9pgkTm(&6t;E*LhJb>#A!&D2m+uq`Wxdx2?%)|f%y_Y`jsq9DyaG)W zlSj%SZ4(lOD9v&ZRu+Ny>g04?*iH;0I>m5#Q6$uF=O7I+g(k<#tVnj+I(yY~#~N8$ zimTzp2kEA2`$VZNTjr>*DS7OMHVZUi=DFREr3ibe^4-~H6~1Ykt-peMJ=;ad$xY>& zpkf^E9pNmGlV>2J1cO$(+qlw6UraNj{^01o7hz<+2fE**hH5b zd44yz5=e}IZ{^?ws+KH=UT}!CfFLi477ccG3F31XHJS8sl-?_2A#Ch7vvc};(zO>U z2Fp;+h0QcfJd-FFYDeEnJB*G>ovVFT(INZrcPfrkd5?Rrrr;l2u|(ElKWR}ANJ52o zrW5XxkXV})c#Lh!L0ZjSzz!diHKEofhofLi`E;tCKKeCzn`kI4+0sPVDm5JK_gATX zU5IP^kNsbhbRKpEbmi%Z4b*%de!1>H`MeIx)qbc(kbYzFGo`hl)e+je> zO{C|3kEX_2xMTw{c|&48E4f{Bj^x@%kp(cmHsA|FJR|)1?XHBq$91h3tC9(_61KO< zlqTKHv=NStAru7f8(ZppqaSF-D&&Qe!e)E~8m8;-#C*uRPIpaqBIj`u@esjFt~LsDc!2wSZZUq~L>4VM>gB*a-d z3g)ae{*&g1KWqyEUZy=HO zk`wF*J;r_PM7M#h)7g@&=Lsn~;+0hsO3jHhFu8ls)C}hm1$o8TNra-|nZAkWXR@;L zc(~TFo(0bV5>fdrGbz~+$PxH0E^X@djM4TP*f(U4$AP@I;&oG%9mlMhI z=xQTUplPNVr_h-TYl4w7W!nJV#(w9dIF&P%QEe_PkQ#~Sma21bjk^aS0{dgGJ=#v} zK?VoiHrNpwt64{B7a5?1)70-111o;y*EBP1!hI<#uv6UcpD~FU;l5Y1Zt$#PIjvBY z`PSXXHN2NYuEb0R8QVLF{>*GL)5E_{KUAQhJ(B5>Y)uacuNMkggx|=!T#n}mZ^*)W zeUA?EC`#A#a-qCg2Lj9z^ppvTqe23p(rg7uw>Ssd)6U5$#oix#fMISnxRkx=<9!@pA$f(bTU@SW*m&r;`q!Ni&(Fzq-Mj%9&T?CvG(L?NRlosP*l8iI^PMTa;iO9yclg;yEsHvoDe6>h?Yri^8NanzX=cGOTzfo#|!*MpoX~Wo(DlI!_CW#cRAlZG;qC~ zPj|P0$^5H(c}=wTP(z2|=E+GwRRDP4jveqJHNT~i4F6!Q0|c$th=A^PT=Qn4@L%&; zhMV_6|Cd4Zx7grUU-9pA-7^Rvp}&t%0MOsBj@;jRe(x(X+&l;SKg_v9fe&c8XU)H0 z(O>9|>1Qtf2j>8!>o>;&xUF0C_K=p}t-0aG13VJIW&J{LOaKLs{}DTXGuK_OU*93) z+Z%dF`koa(V-wH{I$FA4$oLky{RcJw0!4q$ue01n-p%W)x6b`5dhR2sYYsgCi|!$* zhs5ul2LO%!bOsyS&pG4U5cv<{fC2mShyN76>#Y6v%gZ^%B05}WN8mQm_59(rAc=TiESXOBcuKH4g(nW4H#RhvGCElBm@!wQ8!Xn|SJ zh*!dfU9SP%(7G|%O29isdghf)9j^dBsr&$)-lEaLg@`P6hCKbv6X>Uq!ljT)M*>;G zjSks$pPl2KS6-+>ButlR6fhxR^p>YPt#_9rU&t8P?4j=UegPzJO;4?}lN%`^^$g^T3t0RIG<$v1r^sBQ7jV$4!(K@R%!?BD=1X_4@B^=(z>liRa(&R2 z>-wzZ2X|ofS-%~BNXRiD&8jo7*U1Y%>xYUHRo%M}>t83R)`)7tYbehr zPHmF2jh}nhY*l1dUqo^On#{0Qiw1yZ{bB|O5$Blh$vfea( zZIxFKi;*}lMJ>hq(o3waUf-WT8;0wfZJ{=olLMQLBs!p+1av%$ZDY9vtN5kklw!J6 zx(40zpr}!;X6FjAYDevpnU`ch*h^SZ&e6FgRL>7wuyHSX<2^xZHlKs9dzo=3O+(`& zhfTv5ZQ(e&oHaTGE=8vF@RiLALR=kR6;WX>_%5Q3CXy%gVD>3%hfydRSi_?u`~|PF$=HdnyJ=Pbh^r`^?2~Jy$BqLmJ|> zgEn-IS;fAeAiX5+>707LWM}L?2b3b~eU;wy8e}ZGWv*zDhltUtc~B+p)R6c6^d-WY zi<*fh$cPtfX}d*@926(@j~1t19DA1UrWBUg^R{x)pS1Y`qR7cs>?O+?@MP@Eq_v6P zYi2*&a=y@ZU=mCr)Qk&42D%_4un}Zzvobje zaPcbWxqS6CE*(x)^SQ7EY4K-K&zZyNHe33y2fTxNbpoyjyhSbbH;=N($aK^WE+)52 zmJ}sjc6MdpQFD;irJt83lMDG5xY1*pyh7G;=y4rGT=>}ST}sZqnc>i*U}9ozI)NCk zv*R4FP$a7HE$O>b?wh!kUM%>!P)iQ|OmEkX3#T|^>`B*l*4j*L(yZNup76l0)flIr z@%KhkyI4w_$}xt8YMJrGg0B1XKYH1_-R6`RSP$4W9h#3MqR|uun!QHyPlA9iV_cxt z-BJ=Aa_OdeJU-BTN>tW$cc~W{KaF^HU|iF`E#sDf=lw#jj=0S1kYiwS;3RY>(}}6m zh`i(o)O+1GdNbCIM!DSxY}u}6e?wY~U1|Mm6ttPCJpqbE#fp#T`m4IB_8K}xM5uz3 z9=Bu!h^omNeOXpmPaCdK3rkDkPZqv&y6eI?DbEr>a{?n=w5Aka(}(IqOC*LqlRE@* z^q}LWfc#_xsu*yPS`nwqt_fxZMlNM>9`Ae3pXo?!D2IENye(C%9wGlN7G}}Bw7kyX zsQfgq7*=dbpPFmK0U=d0{ApS9w`5|qlBErB&)_h5y~?))YQ zkd}Ma0H(_KtogNM$@KH+fAB3}()?2qfHk)>n-6KZXAMB^d>?57peX<({=a;4KZpUW zq5li_-YjR067a1d4~XA0X#gzuFL;RlJ|0pw#cD&me*bj^{;`dlPDO5mV)qLc zVorGUC#}Mqtq3JyXl@?ZkuTt#xJJKm%}hj31U!XaYU5zoDk$K#UXvc(yWV^FF}Km? z#c5y0$zA`$owGC?Xj#CFpOJL$eYO4B60&?kTwUD{V}9XNkN9&LRc+KgGFfMNlw9&K?7igNya98~6 zY<*%-0+lG4wuoWAk60YWQ(SZ=dhSOo2=INQ*7Ny(fM>F{OklFRM zOo@Z^;!(1e6@rpHREQ*dApCy%%Pyg})F<$WGE%T=>vUT~~Ty@6T-{KOo*;QDoj zC{kvr^hV!x&Lp(MK@ms5@mz~^LP0N(;y_BGK_?a*B{#v)#ix$ICUCns45gb~*{~Gg z<7fG$qZ4C_e1UWhL&ti<_+5vjyot4NQ@T8+(A!)+-bf&MgGyKl2kN^h z64AYNoJ4yYf%2?nm`)r~^0OnO8$S5xmp0cf$gxPIDI5J*G8aW9M zEH-AHNY5wyW%E|uqU)?;-rWnyr}QxpZ-)9sd!Fh=AOeHR?IXHAk)617Ab*OC&d6CN z&h5Az_DQj0lv}4Pgj?=lwcRW2)LUm4O}*NwEu}B>7v^hsov4jCfe178@{E>C);gJzI-*&Ykj^PVb}U_ zkCx}twjI7Nu3mqqI_?)}T$jnqw4FwL^d#HsM=~LwAz^(7W>}@G+gW}+RRW7qG4bwi9G!>lvt)u88(Z%5ORJtufQ1qgXD;$_|ihamzv ztMKA=c5#rBwU~;no`*HO?1X&ls|02dWWFI`TOUa1OZrH3rm)}D=^L?sR(-t~M%N{Z z5mx1!G}$)%oSWl496qCaH%uan>o+|Xs$=sesvr%>POB5CsV5>LS9bZGPKh{1v>Z8% zX-dpF!om%R5@Xux0>m?|^SvLT<&t+u)sby^UNlCUsLq>MSWuye5++WuOJr+&$IG2P zrjW|BnXPs=duIQZI+joKQBAV2-jxXPHWWf;YI<&X6$({I`VfB#LG4Upt%NByJob?i z3(S|bl}l_JsMs(3O4*|PpPlB&Nm^z4QOD<+&z_E-Bk~W_#Yl!LcuB5HGWF!oCuHg% zOd}F(rqGes8w8#RYYxYo^1XLF-JuHa1R9l}vlM4Z+1ceRqFZz#)|iU^Y_0naF1qxk zsDD@R%n>s(c zb!{z>hd+omZYN53!kfIY<3jMt_c4-7HzJx*@o^TF24i;*#l7n8SF3undYUfj_O(H} zhPM1^`sZHihzO|4a_O2=Ee+0MOY*d$C1Q$&FLsh6E0IAY42)flg?{aqk6WhV7+>sH zzdAh@9`+C(mFSw(?Wg|`Z)+6^%&waJcs!n6AUV}5zz(>Ssm7w&Hplq0?#rJ2Vf#?C z=awNBSsrMvIPgbF>#ni#UtWB+?(8!;LEBXYbLUQlKh}{BaqSD$Dq7XCwbWbf8uUh2 zm?>s<%t~G~ktU8x2uoirl4!4!>R-nvo+i8uM|00pc_ID^g4wl zqD~#+byreDIUec)_B|pFt{1lt#p+B; zUy^qD&3>@RuWs_eh0+SA(;&}D{NB=4ARAbh06a4JMVL`TVB93!BtsCkEO z84tZJBQgy|oAqMaLx#%&d)A#_pTk#6Z14E9@_cPE6TXaQB_$X^F^Ovvb-k!qrAe6K zx{X5!VcW5Y4B3?Y^Dx;pis5MTI$S-Yrx_KAjQzR6#=xU}dbq{N4!9Ew z2BH?lJ|XGvdb7yeMvtoe$Mm9;AbL1-)0 zI%y80)AKC?9o$nE%x}VxhN#`UAzi(5@oHV`pV;V;4;{q_hHIwD3cy9)jQ`lH*8zLJ z=cU)hFpeAQRcu%j-^yMt=H$FV+H$NCHEHViI?6%HHT!Jplwd$8>dXX0O!Z}Mv97dG z@mn6BSqR}6ouRakyW~k>o0B{;ux}7Qv}mC69%B@wd`ow(S|#?2t1W1E-F7U)Ai7Qd?DN~oKVMa$ijN2+@8O@NEsd$Xz@9le8Eip zyBCqFi5ELR_Kfy_tc6nInlkIsIK4j%ICo7!-Vx#)twDL#z3Zs=73Q+WW01Nb1+4JFE7IqUz-Gy(JQJB)Le z^8RYB{4IVj(*#VwuciOWH18S+e-;N!yMO-ho4Wn&-q%CM|NhheL16@twf~J5|7gT- z^hNg|&98RVEicedfc3X8?zO9aV=}r2X>NNF4{5n~CcxzTo;APPRe$jU-Au&(Pip|P z@O#$WwyPe}a?cuoWc)tBqWgPAknv{>{d<_*Fa-fdEWlOWhRZ`*?pXsEtM`0!?S{YK ztp=bax?vgr=Pn(?&C&1dxx*;86QK`@-!lXtZf_>{ZYYDU37_%qaL%7~{DZCtz#|VB zat9QDHw2KX=-2ok-SsBwPqL){wu$%8`CSG;5~F{?U`%xPp4y!>!F-A6I4)O4CA8Ez zTeQsuW9R6gGp=E0=M@lAB zlqR8IY`dUPrLZfE#BYCp@>>_w>nBg$gou2SLu-{Nd1{?sqoB&+nm8+m(KK*6A2G50 z*hU}<*K7Y!9G5qPbFuC}g%wY8p(`xQgL6IdM=KCHzN3GNQBURU&ZBh-r9N_Tg^Qq7 z{mlOqW+#Yl*ud~ZMMk;S>Hd)41W|fzv?4`ISdua-PW9TH+yt3>5KYv;bT#yVcA1Rc zH4ytspAtZ7WcZ~A4KAoz2m$9^CK5NhUtERqcs0Zf*6jGA*b6&t&|2g%_;HSGy zkTJ@SE7J%q$LPn{<`sL=M~ORf_e3)kshDbzY|S;Lr!wC#HdT`y^{J;O$Mb}JwK#_8 zyc8ep7S+M3YH5;3ayt}IKN!g)&HZj_DtlgCH0X{MaHd6u5teQgg}UACN1wr($wTA9 zRw&t;wd(qMCp=mYH0rgwjqb?ctpC?f+Tr@s^BSvB`j0&%(7hQmA*zaYu_6b62}230 zC&K#!!-0E&HHYQEORV_Ox#!m6Dx`C;(Y*SLjauP7KXz<1zBbI}RO8v8v?4nt{DH7a z5ymG*VbZlox(bbA8!)J6e(cU2B~3i|eUQr+{Ee*!`P0uM$j}NpK~go52A?Q^z?4Fx z)@7f3`joU>^H}KR8x)^`PqK!jN)y8AKY9X6H|io7mxIN$qMuXJR!8goTrESrpI!D#{c*PSve6h(;7m&;}9gGhz72zZ$D{yaOT;$&nXSY9P{R>MI5JH&C6=x%m zU`64B3h6E4+SoF~WOvnB`_?a3Hw;@Q!0H4?*xqu2=T&{^S%_uexucIM`0*y6Z1@_z`~1D&xv9mr^s724QEiJc z0$o0oS|0t>33fcz4Tp5YbK0Pn<8;uanQ@|X-8rnG#{|2>2w-wy=(T3RqONfelnU~^ zVfyjx>{oM81G?0HEG~YHT6Dtq(AyXcT8u9F$% z`+sMMp<-9fdsD>d(@K|-115>z@x~Y9 zqo!FsS8+}Wm;m&M&vuQ)ZCVM6&T#qs&{S2A0)q0(Ps!EwCBde;UQ|>HyqNb>oENQ7 zChI8Pn1vvVb(0~hH}8c)ML5|6?zD>VqV})82kgFlvNA$X^ZSq-;sV~*f zX1L|a&Y`pc%Zmn~e5vHibQ-h^gK<&0Dak#b1t;G#BSjBcZd!JE3si0+3Y|3s12;&R zi1kpnQ2C}v88t0mO+I3(ISDhZCl2zB<1 zLS?p}2QkU>m&6E3OnsJ!E$v+y<4n!$2u*x}zh5TN?wsjTJ8%nMj-~lNvx}2)Wj4f6 zB4Q6{MR!wQ+V^CQEW&DDeokNozfoKhYL-WA3r$?3@C|Q{d}^@(M1vv5sIpg>+loI( z2OCk=E*y?r3OzAR$`d6&aGs~>yPHOTsdc&xRQ0Na3-01zkyyfU_apEixHgJUDZuti z<_KXQ>G?f0@}cpk7pl$KHcObLi#eKCOj{qNeU{AL-O5!mdhMF<>~$S*5_K&-(BybB z{uhGxoPPFis%@>pkb}rS&`ed6C&YKn{PC>EPN#1KRSm87H8r$t`vk8aQ zi`tQB%vUD+gyu&QY0YOHTOZG{8|B13KKQ#aHy%sqnUEw=6dg^sV_FLxhP7x$5Z8h8#B#(Kx;IvSQM!>@neGZ8W``T%|s_)QkhwXUdxXAVT zHE0A#jNb32Y?$q{^+O&h6 zgQiw{zwNE43>hn3I&8u(BYI)@t%oRH!ax9}arO%w!i35G z{$7@S$I{&8*iG;CTwBHKDa^IGxg*=XZi!}ABFVQJABjz6*TrzZg^ezbW==Yrbd9U3 z)}DC9ozHt93Ny~PvWhZqi(T4?nutNR-~?F zM-hjwa7}Sa&=QyQm{8Qb0ysOt2&zCtYz`Pp-M&QfwM%y>?w2yHsqRp7Wrn~~W={@Q z6{WeHFPaLUxonE5MolPz+9Prk`H>;U=fgLoA=9jy3A;}|SBQgXWhJ8PTE*4Ywq z3XvqrYklq>bIf=ara&-x@d9O6S~4(F7+g$d*GkIKcSlJQDEt_2WHPhL#A6hjLG}o_ zqKjK}InF@9kHKP#ihdaK3yZk?`c{1N5S;pSqVOEz{RVM z&Gv88vNOh&oE>KyrAvCtjp_B7T@V>~^{mFM+H6q18Nq(j3riek1f8Ks@Z-deyz4Xh z$j2e5yznib`qPc{)Qs}s z7G-*_8c}wdP&j|$K0R_k^OfT{A^UM=TJHd?nDHE4aIT-wpJYZHE#5rpL)L{G3-KkT z`q&h6!VgxMfh357xp#XQ=M6?^c~u{_7kY-hJXc2=V@Lx0nd`po`dQ5f&|%v^L?$7r zCp-7=`?yrF^nIr8uT@8+w76v4POP+lqFSow>h*#RG)J<<6*y4ETLW&pGz{Nlbj8B< zX~P0Ny063Vb(KOE-1Z!&_X@wEc`YhHIq$rN*u^&bNBG4@peJZvO!4h0kIztnBSU?3 zi5xN(rp_XE#SxE+kYN+ioyA^sJFxU0NQG!aPIm)22q!5XJfp~T^>l_x=&49itHGo6 zmY_xOfKU{~SA?sgff3Aj|AZO$3QiU>?Og-kZrKP~_y!@kfUyVtIkDLc7(cDCce}j@ z`wpJV@!AxhmisFlzgpU9RUVaTq!LZ#l6BPQGwiy%y9Z)J1VS+4t6Es!nPCB1yd5=@SnBFDT%>J|A6Tuo9pg&9&i=!6usSpq6*TLantN??VE{B>Cs zHD7VGV994GQ%$DjXEe%DvP(6beuq<18sH%!AGvKlToZ!C$}rj;5sntVp@&TN=*J9| zPAuu0=inHF7eIh{#1P`O{|s~pNLpDd9F12gv5Jy=d&e*;n4$p( z3az(DgS&~Ex&xj|$>0;TFQ{!epDUf%Q!GmH1u&J>=8ObVE{6=4kMDf+QOK!r`YZ}G z*uqm@1`NJJvv6(0Por34irmomP4}lvfB8K>k*9T9Ek_yp%`}oPCkPdi0>(sfb`Wcd0!E(c>c;N#Zsb<=!skZg( zcQ*4;IO9%htCLbqjX4jN=bJ&2olmM-Q6WE_@KglE;;D`tmhps zuG#FF*}t{+XZFl@&p0K)ab+RCO#+r1P??613awwdG>XM{U3>l1E|yT4uv69Mf)KX# zGRrfE!Ik`TT;hu{u^DowaCx%KMNI;lE+=Eb*=#+y=TSJrv`h|fC}Dd09yy3tJr-(R zOTzG(@Ehcz2;1bQ?#mLE=Iw?O2b+!U^&j~JRq1(l7 zKJjlf5;F;3lMg29ymwI{-NQ_vfOb<2V8`QbfXAh`q*mgf)Sljn)uG?~h~gR6bDBCR z0Mh6T<#;rlGj^=0L+9^MW>22w@%M#U<6Zj_ zoqdl@gvexPagSWSXqFv9K0c$#G3pQR^oL-2j`UqRq(8(^Y4CG;Ux-n!TnE8&+UWF(aQFNEG3 zZbZCqBu6!Ql^mrX7p~jH;9;Z754mL|iefzQvW&R_()Jii)9HF0;#1RSX`*h+>l6Vb zv5TihenaFP$e$ag!109YXoM9yb^SLqfIc`LP3C6uo7PwpK_kIfce&(`Vkv#m$I-mV zkQ*RaD}(AY`ceU+Pz<|p>Kf`D!}Dz7F2TVcZ)@AxTSk5DgCPcnW0vF~berD5EAzQm z*G#%qHxTBnP3?@4B?BsjLB=_*dKrzhwxP4poeaOo1s|~1Y`R6+8uXdw< z_vVL}chkDv^jqY6X!JcV0Bg^8q;-2@@E=A4hVBo<`gv{i_Ac*#7!DY&_r9N7ivJHr z0HXF^>&S5fowqL%Z~N2!sOHoEz{>|J#O#2<`(rWK0m{1%jlZ{+08x8CEN-b2zzD-# zaNRQkfWCjBPDYMD?*|^Fl4NypE7DboAHm3jHiOZ;AuT z3grm$Vzzqgs*3WCS4QjV+%59x8mk>H6f4fm1gPZ1Qlf^+Yuy{ptQ2RSJYhXy$=P++ z%4fqyQ7|*#A6-RlocadwT`^%!w)XtWqAj=A6Q&8jvJ zUhuBAvvvV!gf1szk`5DmC0Z+ujeEkUL#Eq54Zfg<(97J0&&*1lqr9YZ`7COF=#<`^L>kjzLzRG9%N{ zkzsj_o)~h;*M7wRoh{ZNT#Eg97?1z8X@_En78S{Q#`78lT6{}N-(|U#!)|u9b@Sxc z9Ak0YZhN|=wjybu8+oap!?6otPKv8D!ncZG%AS?`!DkFafW0a<$MAYiFj_%C89nSR zt*&j|)9m@ykv{I}uosl^F@HRLTigo}QcV|XqYQsw!*&(2OL}cy#b_M(9--Kx2yv1w zJ&)J&RVWybEk)5%++k_94L*`&#yo}9cFJijiIrNo(vJovkVs)HBU^A)LNN$Piw{Vn zX-28Oe+jYi9CeMDM?3B@OTS(io`e%O%7#%`UJ+YhQIp7F-F08_ibd1KDy7Lh z6ocHH$H8jPm-ytP$*D=dtPG`(;z!gb$ROG$zW!?MIbWvpTxUPJ6d!duf5~oP zYya$<=LF1Cob+;yr!z`RfPjKX^zp2mY_@ZTL zzO2+(I1_;?|EWzRuV)K?R%@nx#D}rsG7#$->$b;4;@6rZ&`IfcQ^T!Pg}u(@raOm; zpB8tOJ^N%pV`r1T6uV)?H0*{Tg)DS|jpc%z`814U#j3mMHtA-X1!933EbfQ6q9TJ7 zYk`eZUYqX9H-_qs5R6#Msz;78=Q+NJ_yXNSl1`YX*?XhKo9Trx>j6e@|B5s@Qbz?a}!QrtYKLzQ895dz$y}9`GqKmY6eAT1M{Y|3-k12~ z)jXR^cEQuOXXD6f)=D;E1GOZ!^YV?_} z#-Tl9J?i=vk3Qx@V#){=@X>qx=sTm~{lA)C6I_m&RJ%vq{W zoJ4q9DchZV^9V4)y`<*Iw!zG6<@83KlF(Z0Wb6AJz4tngQM|5ZMo~=Vobm8;oYXh{ z)7C3~k0M&Qxw;9|Cu1jhc9&f%S&7QBbn(SCqSWQb%T&8QU9YQdHpo}HT?5(j`s;wG zT_GTq#S<_z8sU03(o8%QaWvbwMVrImqy96?$;Y&jE|BzcPhHOLkqdq*OB0*rciik zj#QJPFK{?hYq2D~)`%^v$?R`o><>AsivP<^UJ`*z6F0zmSY?XJ;sbF8KdFoa>%O)B zP61O+Z-nPF*^06daRi0$4T03yp9T3oUh<3)mzQQCZy#T^%PMWGm(VH2*H6pq#G_JT zpx$Pz4YNaYM%$McyosY)uYNzhhZsF|mN&^Trc~8^d76TuJKd*QD@Iy2U5ICQ0ukGG ziC@Xvr@TLeXxOJVZHue&cqxC*W7$ zIU&c7I>B9beJ@A7d!F@>ncuUzf5|`sI>dNW>AOo(|0!1fDM{tHm$3u3ykL4@_&rAe zGxi_T;Q$1*yUhLnHgi972bd2#0mt2J{wbpUaW;V2`;9w4XLFYYycDXpR@Vp z$FKL6w-wym9;Ux-@;x*66L)~wun^q!K4kipu>WS~9)EKHB=7eL;I^>%kd@!OVg4xz z2^etz-uzP&{P|q)*J;2X)|MGi#qmz0lPx4-+bE;oh2 z8_v56Isj95n0U_=K*$0dPTX8%|8JLX8UBCTU@!v;BmIR7nVA`Xm*kuZo_hM@el9(0 zJEB?W<|Z|^rN{9nN0nCKQWfCKc?J*67o}PROj;s=L8n_)7qhfsL?0GDeQt&)X62X} zwd1hMH90mdyV}1#?5%XVu(fk@J5oOukAQ~EbAX5fQEkvF;B$3RF3{3)t3B_pyf~RU zTANc0bf*&)p@J%xi&si`9q7(oScty%>M~9t;XQiZF&4Pu*6G>Ht4B=*-vjwZFO(zA zlfUPwRLm*>odEFysZgVIJQoXGb5pHX(?Ss3@{!H?h7_w_uhpay8qK80G5|6-dSN!5 zycb3*f-HJqQRw|buE4HZNCvABLQ|@1_PZe0ld;)y@T$`IF4vEBNMWXft`Yv#cUO=S;HCXNw22^5@_^^3t zNijG&0@r;kktLaRsF21_&qLmz2JDUlr?9;PBTq0G*=66i&#vLte$ys4CJx1uOOmMF zC~_Vjv24JJ_{gI~X$}z<%um9e4>qv_e9hOx-yF><$Ka5iqh;ywOaBar1}KzIZlT>7 zf(*EOp2^VsxW^pmy6nf!3iLx6as#0!LZDG=6VOn#NUr&4P(pPq3(ulN5-k1R|5#w?Q9i2N>-_y-A^^;u1Za zIiN_9sQd;eqs{Im81uOiyetM!+8`>gq#CbdJ63ei+utR8KQ0#6%VgzEKSy=&j>7Dt zOs0wV-c>b9%U=eumdwf^E`16UiC0%Q_r?PE+?zj}9G`~7j2U8GF4Q&gc2Hk6d#5Wh z$gV_01lcmMGN@t0%XoCvXvZhK;jquZ`F=St{m%WHt~xdby`o-7<~CM;j^(y$aXS%u z_*hy;@)WhFr8`Ud$>vT9H%VR$3(?NxRp3%P`f8GltPnb!tD;Sb#waU_R)#!2{!n)% zh*hkUoH}X}l3WT%;KaCF|V26qG<|5lBHqCc6Z(S%W z=Z_5y!ey#kUimqmLK-MKT<3HIRcJIcCuw^-^MMQ5U;}kIsHqS5kYNhMLh7u3ERuR} zY*yb4%_=40bFAZ?MaVddPliKn)1z{2O}@EiAPz=U=smJ)~*T2gYWs~M_{xk4FdSVj^^&~9AWJ};^dQjT(f&UX}%%z z*GL1~yi6b-d1Oc=Os>rg6D*>}kD~?6=oy=vV1BOXry(FlVF+RE7!UrDGEI7#H%?yo#Kef_3*77$Q{>LHj%t@m4~*H;DbJ zjV=>M$?$bzkypOk!~rR@xgni#(Yjj6qX^T-#o5dALEYw1(K6LBJd<{5e*RI8qD4$b z`WuQ%qOVDga*s=UQHMw9=WM{m2#D*21ij0E=POx#W0??9RJ!>DO9JYX~y9@ z7Rz)~daJ#GjPH}pzH(TcY~(7CBK0J?*kkg>ddlD%k|&i_3^_w7`FJl&mbWKO#KKOv zN-NFlS^I>YYm6fY+5l$v(=_hy&{TVdivks|1#%x@`Qi;sj9!AixLSS(ocObOxl| z=JJ-4SwCOhr&FrU$+PGBsT(;-BXy9B4iCB`pw*c&2u zl+hhc;Px23FDTojJL1ng#gb@#$rOdL!BVU%WyZ>gd-94;6-_9z)z|6;Mp~b4s;|mb z&Sy|VuC8RnS6N0Jiy&6;K(!d3J6%TxUmrEMYqknRG??I3fgRVBZxsVO#eaHb7j z-Lygj45GLa^S9D_XcQ5&e3k0-p9kOB!RT67g>LNE*}|Y+hkoFmCheru1o3`i+&D}s zY))Y^D;l!j83pv?@IrLY2BjmNlKg9#(G&Ux5{qvQ>Ixw`7miqQpxhQHGyzoBS6ymO zp&J$vJ71SS>%?b0+gb*C=Rop)M$|TL>gpTuYQ8<%T&MtWzzGeWf-`ysQD%(hW6rwT z@&zF3oQ)AkL2nOR92PCp_Ue*^o}f6S$|7?RI;?t4&1IVqsCfU#gMdIpvN_&VPF}l| zK(8*)_a1pc2kECxQ1KBjr-*D_U1NEVQ7)Lty3W@lIA1wXWg7Rsdz?{XSK;%%o}n9t z?RdcHs;H+O@31=ke1pQ_7~3%q5QU^ zjCOdRNEgVFt+}utm=#ihZLsbJshxn$9-pdmC+>nPSVynF?Rr88OC3j+1e`tIXy%?~ z%l>irToj5})Zg~vHp%%?ym@}!YcWcltN6j8t+;h;+pa>*{o<@p?aJZ&$akxI$M>d# z$FXT$gUeC>Yl}SPyrYDjlhv3pV&Qj0>Oq2<_*n*Hyc=T8Np|6`}`M=`+K+~Vd#R_=Lo zKYjtcxzUJXyi>Hj)s6kRI=_ww?q5A+{)?oP`VIK~)QXb(fq;xZf&T6r`*r4V?-J;* zU*E#`%?(z@A9_4DBLN`s&I=hGYaJtN9ZO?*OC58-ZVJEt&;M-vxI+gVv1kvp1G>byg017nbg zh{-#?d~MOWIk9q?z-PZaWkHwhB8~Q4Lq^cwFcG8s^GWZb1$?KWRmn*R<-~QZO2HUC zqUwv*^kZs=%4@c7#9Qu&PiKz#ghP+f+?c!I57?qvVU<1vk!;PO_s7stj4IM%E-jp_ zTx@uhwAT`DjctHt(gs!uV&GcTl$x=@F6t2CwYPZeM;ts=5h`Dq2*4pjanJ*AQy<;5 z+{*Oi&mm-ah4D(BVn1qra$6FKH-^YX%Iw

  1. ?-TIpIX>dEO#z)t5zi+Jk6pPkd1W zdXqj$G?M}>;!phfFJr=~rau_h?4ZTWEK)w!pvP%f3&t1imJ>CLSKbHJi*X<+Dt_uNg>Bg=qX#jvrq{{lE1Li3}SVgA2vrjat39Xy< z+Q(W)ph@M{*{@+M`}BcHmG|AN-*{k7j> zh=s#Z^JufyLgXR4oRcZ+(RR^C1f8e4gxbW+s{O=}1mTfyM&3INAv#r@(+C=ceNurh zwvWLU#4EP%BdyxXo2hY0AghWaGI`qSbkG`N38{H?xNE%xSIFn~eT$I^B2x^|pIy zoJib9;=te={r5h1;^^r;s8Z-b&2uA(Cws~?`fQnJ^Nn@gyVCEkW*@kU-X<2Av&BwF16LX7bMB=qQu*vVwBU!5TT>CQzz6$ zR7~@PZ<5qvrCssKp;1T50*qcGjOyb&(^~H`4|p_V%nnBc11{*Z)wE)-h1`SIbP?06 zK$Sf^f4a0+e8KicmAPKL_Ikh&6`!f2E{46!cyKv)Tn7AypAlUEt=rNDUk2)EA0!%o zGGPj0-`4=SJcm{-@`a8ygh%6O+DQeGyP|h_)~gfqm_H5A#MINZHwMhY2Z@L9B#mD$ zz3-Kw^qAwR0Z-~tsmfXzf=l#G9}1D_4+r*YJ1-E}6q-~r`*k)Yt$}s>Z8Y>uv)A2L zoUdaft+eqm&^u%+ltoOWClXEI(HFRevjj=qdRZ{^l}d#%m4VmCWpaF%M7_SRZDCZx z!5SUI;=**4Z!ZcnFDa&Q%6aQWpX%y>2oS#&sW@1|Cq%AW<7wHIcj*wc86{J`M8>#G zRC9M`vX9>in72OvlqD!wRPp3gaTFal5O>vXC4tJuoQM5G#3_nI(bZUZ@ ztPVk})*cxm{LuGp0YO2-tHO-J7Qyi17^jcihys0`LInKrJCv2@z&Hjr0nk^d_Is!A zEKc$Vw>=n4MI>r)!Mwi$6zuw5?nh#frzsBL>+^BY5th(iohSRGq~iI5I7_OgyR0?Q259 z#c&wij_gTyX_tR>MG_vB=WeGEjX^g=YC@l7vyOD?{P<)O+W8Dt>E#;;Nq4BE61k`R zg)#y_-caw@$$Y3r=f5vHCBAL4w3> zD!Ct62M~AK8<7}#nVEydRqP$M#(v=z`93~K^wcuBIZ_~B$R&hOqDlXw1fGdC%$oq# zIuCB7C}UgX6t1~MOk5b;(LW{5nhv3{=TpVtr9RkKGc+WKqRH$8Ltnzu zQX~YA3|lTMj;?8N!A=e|oB?VsbJq}=6Y=Dn%T#`&{6cb-q>4&JujjMt*?w(WpiinX zRTtSc{BC0MD>mBvF^)OS8q-Zorh+Ghc&$={y^CIZ;cE_CXGG(y*C(VSKid`QOf6+c zY_U|ZD~*{~Ij&;B;4;x3aOQhaomxuj6Hq~$X$mKVdQ8N;m)+O9K+FqVBXr26xs{ns zg*O5>x?9G~UY6+Ws8jQ-uK}JIa~qKoztEmX!JJ8DhZsar%K|a?DcLLbAvs1JM|^m* zO2Q^btsI5@5tCu_bx3}F=r0b@J(5mX#&BrOt2Q&Rl6qwyE}b!A9!Yf{`&)UUEit<~ z(Wgo$qHf8ffto7S8L;Bf@qk0^;Mx)a2}1z+pNXWV17F|0JG2IRwyN<5#}^^DgAiHX08UiGD)ZovFJb(QQ@pq2c!&xlb}2 zOux!QKjmBR$O@ng_`lr$_k8~^Eb|*h1C-D1EZw8%f9Zy63cNqMDm3!U*u*`i7{zp&tr^fItc>ZZ|0BhN|n|-_24~@R( z#r@C)-0Rz|{ts5}lQ;mj{-Z{FtJn0mFX`t!*So;IcffGF&ktF-H>dmY3*Zd{z?XgV z_y3M>er?ykAo}MW?K^+&KBU_%erWjbjsU83{RLN<+3)oa{8g-cU$jor{HB~R*J9fc zR0=^l(U%2>AP}_}zOn@41)0?wV;qr>?U%>uu9T$|EF$7Uq{v)!OemiV3%fUL;9^49 zre3p+6;*8yrmu{S?(A*XEJ;vwn0$^y^=Z&3s zh)Eb{7j8DI_3aW^{e?zBi&-Blp9YOGHRLBHHp^GXSi1$+Fz(}<$~O%Jzw>2|n}G7= za?(Jd2P=cvuS6Nn>yBJc~iXcV3Wx$fbOsvC3tHAYisdu)Q@#NJ4EosmU z6w-?^s>VKC*Q7>0Dk#1AuO+s9AD+*!zkTg(9Knc1_rZ+0Q5~CxzbkXMQe`Ackt)Jo zy_glNN;U{3;waSYeR(m`i-E!hQ{xvTb5{V-YQ0ubx^fk}zO>!5BxlxU1P< zA{$6Vjj9@lBB_`_G0)qIwxk|j!j z)QO7j^-(eSnD=x|>U~=)8?TvhC6_p=w?D@&yq5ALb1R5yo#Ets)G$ewGfC*0SC7A% zqk?#nsfP*cnP6|7u-VLRJCqlYapg0qgTYPm^^6`QCnaWxFgLajH9q%7?Z<>{<=V z?}93zpyNL1)y0I`)e1WwBClLqiQ=Xpmb|zaa6VB^iWYBh>dc~LKpr}gx}*8f=G9R@zp9%-T)VALZOmG`!1sz?nPwf%6%( zX~^+1QrhWj(O%%wDscOEj&Sg@IfLm9=>(Tz_?Rvb^pb?`mbDs?e7=hGWy)OYCSrxP z#4qLTD2~^)2QmKa*W!ifQJg~$X7dGR+lal1hKLh(s8Vm97hIpAy7TP-5-d`Wr|LF> zP9P2t{9*_{Hv}JQdYSAArj?e7$COwm3@`rR7d)fdC(m$VlDDfxp;HMz2S_l<42Xo) zBIClVC0=gixzKC5;JG=yS@ppGs(6g@LXi!Qi_^D=NE}g4q$brI0yb#3uPrZw0y-?h zkF;RBZ#k}B)hM!WxtFzWc}jK~=L?PHwFg2EEBNBf!Rd0hIHi>=bc#dTh|0~|(DmB5 z3<~$+ozEtn$zET{oSx0ul&%HA`X`ajaJJ8pG@pAr=Y0L@4Pu|x=t869fJIiz^g5r( z`^6A-!sdZ0Oaz6HCa&A^r!0czdYuk%9+~;_*W-o|2>MEwPO}V+m^v=N`b8?VW-Btn zYxK0`GREudl`a=B%2u(^aBICd$svrXMY^HT=_6!Ru*0BFGRhbZa4sP@S;5|q9|5_3 z%AD9>mE@9*lQ*68L`?W1QTdX@TY5ON#Bvy?+{iqDXIM#xe683>%nfL`)cBEs4V=0) z{0Q;{<0Y-b*>d#3Mn_SyR?N3W|3ya#w`k-8gzwlci0FJ0Yv#Ug26%9RICwN~Tdm^R z{J`n#!OS>FvN4i^q+ZXnZ=T?66MZ18@M%1AL4bDtkO+o5^XgskSLaks<5SjV&#kx= zN^fHI(^nX1*dIe=xCsXbaIzfWpP|63IFv5iaqyS4Ta>{WZ}`iB1qPJC05OD#p9pUj zKmC#<+^$mAxg0DJvZX)H_0k|BOk6Yc9rBTvHX9V}O|#9VA-zm)ia0^3L5UUSU|qQ0 z$kcITv=^x$i674ls=u66rQkzG_G<^oCPoG2bCHasPSblgd4IQ9;1f8jI@x0HsBWuW zasw&hCaH#gnXZU{#()FbZmqUfOg;1-&4YWTb3}%B5re1^NDU_K61Ngby%V{a!a2(g zj$)O4t^aFAZ6{o{5LUr@vg42^M#4-4+!-;;Oa|rd{__*|h)Nu$mrkW(#2m}8{W|^N zuBMV>us+>%i*0KQSsjXfrnsy^$0$rBNzLJF^g>=8LWLBMM$+EE4C30pAZ=7;pCZA0 zX+R!t#HfHfocLMBj4?V_FN=dl@!4Ju?G%b1a(nb63E#+S3UHZ3x6%*C{zeHKa{C?U zNEF0FO9Cf*kB@`fm-~-%p=`_&q?v<{ULE&2aBDabgSZB}a_0ASOtPPmHlSqVHIx$v zmd~IrPDwB0`4()N3s~@vpC`38G2tu@oS=r%7h~#Z4_1paZZjF3S5|;AsF-0tV$WWTbG1?xNKpysarX??j1W*;ebDq~c+o zAWJNg6ENx44sJ=NiQ!P3-K;E~g-niZgJ~2x;{18Vjk z%{ZjJo!mFzV_<7|3VYMkM@?19NDvX(wKwt(lt#mV8Y(gxHX(9FSOw zb&#E4F+~zJ7f@(^-$^*(P%x~$E@Kz@=&tFSfk0TQc^)Rrzsait_6ND?knn%yp}z^N z-sPcpN&W-F@8zNQQG)}Z=iOad^dT?qnE?cid;A0lbhqLxKlA)QBNnrZf z>i&U~k>518?mnbDpnG8WJx2g&`7c1n#K?Z{_UTV`*fnKaqGqm$W7tbK;6wtYL|+Wn zc>=IQZA_TYl}HefD=XF|2X3ypdo#4g#@HN?{0JS7NPm3}fe^X+v|EB%FcCxeFhe>v}me{}~!>fIRKs5dS9iO3Gg-~$%(b+SKE!0&@ zid~(#y|T4l@b>Z@$Rl_JzkG`|^o67f>d6V%y6_4r zhk=L^m#Yumvj?kU71;70mxm#^Dilwh}&h! z(w5)CL$3tug#|?E$tO}e)3QQ^lu|?|>Q}P*z;S$#-0%l6?qWxtC+PAVVi0di!Ij^L z(J2db%_bXOq5>`UfJQq->@KZ1ny6oSttq%W8dbrm-* z391RuNhBIZ{2YuVv3M;6QIrhl&rH`q5D(|j^_-esT(q)ivbkg1V}YGmgd7cYP zlBw|L#jmH>j~-ci8?s?4hg(0jY)8fSpiWFZk$QnU{BC)8iJ0xC^Oji1vFMkN#eKe$ z+40nkFM1l?p~u3{r7h@UPN^w{MheA2nXWFHAcKvd8!< zWxn7&BvRADn}@AKkwfGrf!E#LHXJuVX04i1v)mOc+)kOQfP70w$LNq6}t>KG0mn{ zTksg9^zOPfK39)w7z@R3XH+~>r+qxLJ;=n5FZs#O_+#JhQfgH1fgG`bVn(9DVj`E9 zH$C}6mu- z+{J=9rmKG8eH3OV)8>)WUDIv#jPBXyZniBO;&da;s#0@T(T5UA2XBB`s{?=?RGvX3 zA`-3+d#e~bB_b>#5~4+TS6eRZdSguRSr=V*QC?7!@O`+ReZ{3Lh@-TTgmU_}TS~y{ z{T>)g#b8}}K`-OX5(=Xww3x zYheei>o(#TxumtLG33Q&FiQXrZv#{F zLT_M`fg&G0^-JDS#3CRkmtO^2xOw!gq^sNy|60jhsG&jAO~OIXS8=^^n$ykc%zr$sI$$)lwctOBD@7E<`JLCxW@a5wb`~k5gu6J zci!Bh5EGmV!Q#V#xUh=^LfuJlPbY>xMx>>Vw{&5egj2RpXP1110Np4vacKGc9MKof zX#e?XH*CTjU#K4?C=?6H>K+QHSnia}p)5=n127qIvj1Awsr>e|u!YW=2*#O(S$577 zk}BqrZM+OAhEaC1J%zq5PK*}tB+#Ao=%G&G zbq*TA`|N|6Mt+Rb-4tGS%ZgXoW|2NyS?{2%*|eU1`QG;xqn2)QfAcDFiL%T0u*YwDzpvNys#x zVH~9%nk-}H4vL=A09v;0wtyDq7nY*G;YmQa9%OHpROb)E{bl1x}EG~ zvSXycX1~W+>BRL4EY}gPE57}v(^Y|NPpvAV^Z0FFy&W_3axmJG7(Z*EAbJU>RmrvR zNR=Q*uDC-KMp~B`ubF~6gm7EgOo6)Yj}MBf(Yac!six7Trn3C?%_A2GC#fL80OF_Y zjN9Pxzw(U!C+?1A^%_kzs%ht~#}|hyMMW=C*KU%MGJY?mbHvsAV z{gT{2PY!RN%>8w%?t>|SH@9~|AF^`K8^HLzA36X%Kj?pWeY-k$w>R$XI_CGyl$F|GNu{q)jDhq8gJSir9&k@bY4S09ZxA)Y))2 zQH15=UlP;~R>upgeCmgz%IN)#WM%ICCUVHYk)k4>S9i8MY)X?gX?nNfP2J*dT6Jjn z(I}spoIjeQ{T}!|Y-O*y_WBB6N56&;$PnZjs5mzahpm7*@pNii(Mol!Jduei!x_vF zUyJU2|7HM_*s9EiaSWgD!UjePs%Q>d$Xrfjkn?ho{x$8f#c@3cKPd`Zp3qd)MdFy` z4!&bSIFHCEt7Id&Oy)OjKW8ctAsJeDfeNZ1VI>d$<;0VzLuCmdJN!e0C~+x}`dmjg ztSD|ObQ|Tdupe|bNx!K7vhd4!# zF_}^?!>L|gWmWRi)p`6aYneYlY4dQi7T=w7BtWNf^RHqFGo z)MW~kv1?hP>k+ON6dGTBliJp+Pp@CNU&6*%v4Phk>np!4Ut!zmyKsH_9G9}!`;r&*s6olq`!9GWtlnWB^NkgWao|Xxv?Vt#Ki8xVN-3bOPA_D>k zm|vT$XD_O=i($B5M8?~ZJ|PM~$JJ)$dhbYtL9)!(YgyGhNgj~3-^dROLJ&(5^x0rx z6|*byKy=IykA;xGvp?NolJ2?5P_L<=%WUmP^ZJaMC`A7o61sd|#BX@K)72?(Hh$U{ zwFkz#5X0}7&&8TyDW0C3Eg1>4w1SP5xPY#Q9Oz+;DUU*dYDV^y!RM3=NGXNklM~~mmzHco62^P;88w7vKQEU?hl@M(=9)8J8pt*|BXe};B2b8dpk5xS zr^91WzU84gi}G^0Tv89QqN|YSS^J!-3Ckfz`}uR&ZLR1D^Z8c-1Be1Z^3~2rtud?m z(eGj@Q&*ll%oZHKh^?w=mHJ-Ms1bG49t44zDZk3Qkko$J>i2*y+R>fp+H?+)kBqL(pdKIIhf{llQS4(vYe6Uh*h*rA%*i*e# zS%gB`30D#D2`eUA@C`%}-6GD!%#JhNqF9$*hF!&wFvJBk9v`$}XHQY2dMSpImublR z9Ny%w5f1UDw;lGg@rpaVdo5O5GP%Q`;Oj$ODs{^r@y-TdKOs{qVJo`QVNUO5_g}n@ zWnjQ>6F^4Olc-MJVURq_PsHZbQC2H=Rx}U4vVEf9k~N<-GBkIimZ{0IThMvz8U7ju zqKztx0={n?yil^W3>;U&p(-oZi$oesJiVB|Nxe>2G|P45`Sn&i~ii(_=U@fhH<65kh4E_p=1Pnn>G^7sB--E+nJC&%sA($ zJau{qi1d~^ed~i}bZM7{Y1*p`@kZa^MNvt#C`}L=y5Z?R5J&_EamwZBreIZ#91?$Jp=?jR~%E?V4V@>F2%&LWMz zD&xvaar^8YllCgj$Wh+(s#kS4Cs=N!9Dcqx4XQCizMogUL-Fe`_Ppkq!EfR1=(ht-w~VI;d%wW&A0j zFC9d6Mvc8Cb=hlL&`QXQr=N9Ef75^Rwgt!aLsP*vRp@0redcuf5TeM-eL0a3U8D2V zV~oK^?Jg$4gp+5j;)r>@FT{ti$+f5)Np>qf6rcw+tFR4kwL;bU;$4N;4LW7{(-w0i zR$y@l$d9?I+vXit$xhBn*r^*GO(-Z#2@Fi&>!i*l2}`8k?n8B!MC*p% zn+tF2&U-OiP*k~R{^h1sMqPu`QBf7&jR<<+kLP?2Ak=nBo4bwCGPMi+d^Ky~OpuNQ*vX=J!mR?LHg;Lgh_4pkC%?#(~yqW{6neKG*Ri#v7E|6t`l;R37* z015uDI>W^Ar!~3HxB%|lmR9H=u=4xT{7Xy}z#9M(1Srw`!JB^xiUN3ZM}iMnx#!J& zxCQVAfCK^X|4-iB2V4Me?nv+fEBCzlVf+t=A^@)fnSSc-+u7pG-06V(K@Je^NLKHvGd9MgdV|#YC~;%8qgTxP;UVZI-t_B&KAvWQrC$D zWavvScGvg#>A%R`R7jGqaH*YXP@SuvM3qjaDJtA`qth~$0}Az^R;37S>oz#r-PzJT z|F$|a<8I$})1-puGBftd`6;xVXo~kx`FLaU)l%trPa)Q2Jj&F2qwdU)o&knIMe)jK zh39nFl<{-W1gqb_Ln|?>yJUOK=(-!r0ndt4X)!nTY4s?3by|M}&b~Y^tw{zhdShcV zFU@pXd2T>PO?EuXRSuL04zvsH0;a}L0G;#F8iE$Rxdp!0@ABmnq4fPia0Q?W4j1OgE=_{$MG78cWM-ID zRbqVgQf16u4$~fT8Rqoel5}w)mq+9C*ZtaXysPQ2vR@%|P!p%Q@;!!RRgN|>;ocA7TB_i)Umk$M zr5{8@WtPhG=E~*5k8iBBk}5b6^p&P@+rcQ)BV=eYplJ80TA#hG1(xl;X)<7bX#D>e zJIk;tx2KJRDBWGs(%s!5C7lw|NOyO4ccaqXNJ@80cXvzI%TYWBIsSdm7e4JZd!AXd zx$fUHvt|X2^}W^|kx7$^9&|_}MM?4_kQg)^bbJ9G#iIxr0Bj11I}~w?H^N%sCErcd z1>1J|ste~*Ec}Wu6^u3H7I(~vyRm{_&d*@H=ea$-+z{M_VpzZdXM8_CsTDTbsv#;G z8wfV3_@#2lS+AnOx3$-*up9SKfyx{?QW^(;gsaa*7%Ppi$}-}z6Y?$FE`Ee9xh-lW zJa(hnjz_@lr6;W-J$0V}Rs=l4+eRChh+ne3K_THECuE(=< z?4zN`%>3GAe0qZ17GJGdU$Ik)_YzY9Qq2&;#2!}Jn^I_D&a3i|UmClsy|tio+jNq@ z2(%tl0fpReA|A8!-}kbwqLIjZ>C@cGGnv(Api1eb4nt~^)$7_06Y4ygzG-*{cL3Fc zHTAKPoTrbfH>*Hs-j(^D;s$+X)aZqKHxj8HwQ%Upx)XHf?MzshBccD&6lEE&{6tC`qDdwCx{liwLeEb^xPIT@|y2T+_1kRk;HI4-bisjoT5vlpWnr3l>jz*B?V}{h4WTFu9L9k-|DB zrmhsDy8uVLC@_ye2;p%L9PN5!7kkN)1pcvEFF?g|D$(AjR&baU+B3-Ex;Xyh3GeRX zp*m}U$_l+E(e4fdH&Xk=>?%reAn#Vl6E>i?Nuj{L6Jpi{P!ZY`SKUUH{Vd|V3gksE zhlwy~2Z;1W*cJ*F&_3+Fl2+&?VCnd3+ml(cvb@Tna(R(E_bk#v_RMC>l%`3pwN)i) zVSZEMR<`xL4x9Qe@|$}W2UPr_*z>ovkTRsNX+GV+VhIiw_R5h84Kju!V8oiN4c_GLv6)ZS+n6&XbOn(pQ5H>=xqcv5G)J1U`b>`raK*S&TtGg;~9 zO(id%JG3C)9~-kGA(TjZjS4=mXhI0BM1;0&WL^jlYt=^Tr)R4WiyT)x-r;3l3%XBI z!g}Hqb`?HH6vnkqZs!Vpl*Oo6D5<)+TyAb!rXVQj+Pia-0)7hDtCpG;67ORp+xaG? zUEZ>BKv!ugf()R0ttGg72$T;#L2Osv#e!CDWBujVDY{tfxIWNxyrH}hf))cur5_cgdU|Nm<4B23#TkGJO+5@o3Dk(iq;G_mL(;;d?2T=hF}bbKlQAlP?3j0 zcGw@{sLtk$8C%;@5NDN8VzmeO zYk4Pd%1dVRIfY`8wHj#WXA^}Y`J-)izQfaeh6_Ydee1dor1{ZTrgiEKf{imLP4&RJ z#$sS_{3$NsNp~nk)x>)i(ulDOYc}ygW>v5BcG*IP1<|YQx0dYYB#E$E_`WGoH(p-F zPA2$5mi9%FJ_Y5sz$aSC^!(Z{9Y1Iw&O5ksi0ItBn-j9RR0&E4sJM(<47jw1n!XDd?u^PnAkY9r&zOa~k^bp+9oeCNMNJOKw zj*yYv;zAhVg02+M-8thTKCDjRH3Eh4Eps^ikv=DkpLXuD34Y|8j$lR8e1oY|S$jEk zy+BJ`Uz{8H6@RNn;X0XvV#bCglYxfW9DHJ=^%EiHzb*iOO%PK&S@SqopxE;_GH!0_T{~0-4%_LsiGRZ6eJe_1b`N1c3WWb<`BPE;I2u1ddHi$YnbSx;QZY2AE5Dzm0!GJ_+^mjlY-peO_6lp2h;u$ z!Wh2O@c-DV?+|q#;lGmeiIpebJWk&y-aKlGr29T|_lG6sAHVUZP{{CynWDd4{=|`| zDg5}Q#=~WY|HaJXcOwr!=7+lu|I6w}dHW{@WTyVL8u<57yVfuKR`Rk6wq=P>cAj=i z?D>lTO8IWi2dIH)9g)_59k%0Hy16W9D7AwV?mE(mut$?l+N(*)Wvy_io2_s7?C@DD z6sv%e(&X;l0EHfoTaGd{P(r<8!F+>#oBTlG+}v%Y*8NGl!~2tVr#)zTN$U^0!b`>iWx4(Mu#G5w=RNnG3ahiMtcrk*@eCx^4H)%tu3(__(oqmVUY%Zg*eIlHEYM|cYMp{DKqfHo zL3w;ZqZ12e-LeEwln<@VUN~wZoUc04$1NCeHeU|qMG@~(JJfT_c}TzPL{}Z~%!dyE z<$^8UeJ93iyjiD7&+NVRR(=b8vR~{SFe>j)LZp2fi?4|h}rX!b^6Ob>G7m6ljO;Uc_ zN_sSXGFdf`3#N9n-8b3}x4z$S(Sh)d!a_^CiQ-69xDW(MqZ-^hq4|T+rja>oZrV_+ z77|g~;XL(LV)Lqk*`1jk;$j@zi(xKpxs7YG6b0c*F1R95IRJXDCd7qk2gf6U5gAyh zHE?Wez?f{4t70zs!H`k2n?=}ihShKCz}rJc zZOZ_55sf83QsR-zg8IQ^L3SaqYj=|0#)Q60is778_T8z8Qrn|8VE<&lygyeC?b&rE zRXKu*=mrVyG>oG|G7AMbb%~#yQB6**>beiIa)k-S0=fWg)3v3ASB#_033O~uzCx-@ z4*Kkv#Z{2f3nt!oc(vjV*uXr+9BuIH7bkn1{zT|FvO9kX4J}h?I2{T(j~gJ{$w{A! zLl!!3#6Y*3OaSX?)l`t&VTMm>v|ypRS_M0&-7O*Ky#n}`?V}?fY;HW5(N+#6eUm!P z4}+vWjV45|x5M)#YG;DO__pLwy-pPqOk5nd>}4Rc!2D8k6&k_S6_;fP1fH;HBxm5f z4oL3|urtueHMyq{eD241O^~aNS<*9av#9#n@r8?5TN%yHbK6Gf0>bCcBl?7Xc0Rn8 z&yx4Oi{v-OZJ|DfyuiXic@7-Q%Yw5ayF+AbCVHDf7C8Yc`Yzss`AeI=cdcdZOwH8@ zgnOwND!|nHWQjb6Ya-=(KW8<>?NmRy+189p>R^gaS^joSOoTo^Lqg#y%L-5&@$f2^ zu(q&_*(P8n<6K{QxJv=E`!ha0e)uW=CRhURH>BV(#Iu~=By-M;->{&#=n(;PZ1fK! z0}4Y=6y6B=xTH~TvCxaXPwrWA*^R5RnYb|YmB#ZvTc}vJaAaw)1xT&8gJs)5Uz7($ z0Zp#qodC0;!QphMR+>47YDqOUgs$n}LUkCzj^!u4Ls3NS`wgclg!^)n78YNFYr%@#wqBZ9K+ zLw6uTRnc}8V(-#BOC~^TB1^<7$FRb~$HJ|-C3UF=VzP8^FH?kQW&{u{Iq#QzIx5FL zxRhiBvFL}4l3to;6J6)+lNdXA&IQDfnkH-_^97nnA2pmLK)x?izcoU_>jTXlHpiR3 zZF+I)a+R!t09ZukgAfyPu?n)@@na_m$B*7zX4rNuQXsq^{so#?aSkoYu`O`a1Tjfs5 z>nVFfAF@SmFj~N%f`g1>`T%+pm`nWX_g5Yg<<8m0B<5OOva=tfS+t1~qY`!FE?;Ti z?mnXwjGYuz2nAW?hb-P1!BZcS-~2*na3p#DuK(-vCefE4&tgB-uvmmv)s8bMP}x$t zp`cW`7Oyv>>mo*`#YIz17~GupkyT#a-)KLcm^ZsU4fU2|ZnseF_G}bp=VEKgrmFVl zqK&^-O8dQ({yS36qS$FtHxu@2L=BYk^9F!lWpZ{XzDP=wi%HL%%y6=$x#G7AvjN$ufx}VW~kk=2C`n%Onp5=)) z|BlK(ZgTkTcRyMENSpr;6#Ne^Jmtwpf%v;3_cKHPl&s&UnfwgIuN5$yhi!Stt6!}A z`bhs8uKCED#}&CBRkZKi{!r8U7kqsm#QA%F?t3#CevIq6ugEd{m>~2(;17nMROEhq z`oY-Wb2=G*%=-M*i~m_p`|&-0+xRi3^A{68De?~{9%b#HXpENb35}Ux3cxzg7wP+H z+hFQe?sHJY6PrhXe86!>_4g&XYE;)CO zy?UmBlg<9KfRIq)@^YZgjzWk!L8b#zXav9idnsMzP6) zs3W}aGDvEiDlRu+lZ!$yuFyaBs4FC90`g_Ecq;UX+KpdBxk?@rDKg#N@jx=f`oY!$ z-b&?=8uYg!8C^M_7~NoMDMxvI#->UjB2%FumlP)TU@&k&QvrgBZl5W{vu+SEOo@S0 z8(lLx-&12W4H{^@fP4eG9(R!*EGiu#BG{oVWx<<$wYdw|pWIaJL86p}1Qw1+AD0~` z|Jou3Z2*tdUw7heC1D8@!ebNw8PW~YD};^#K%@aU370e!ut6q+pIJS70V!j#z!NiV zNZSXM8&q_xLhV>zm2lhIL{(m_|Fase0X6Hgdpivi(%HS-=`h!>|1`rRdKRX1}pDiQJx;9gGwE~7j;GiNxe%%Wa2s?Upo4> z4sEH?OdFU!ezS#XbbbzTT@Gn!Ziw06p(ec@P?4oZ3T}M6$Xn1zT&+0bq4>Po-c>Cw z=~e!M;Z+bC4{F@C!jjV@SH!-xK{pKlw8JeJb| ztArLJ~Z}X zK`)yg&%JQlWo!RP59!E@V#gb2qF&Qbxo94Un}iFcHT)423`8RAbB10kdomXnnaJWe z0#cRC8dr;NE$43272R3*7YtpB#go_dm3(AY z;-VFw5<`|aUJ|PLN@ARZZ<#f=r=3f_GfFEao?MAF8pKgT^_j1BO_d0T8?gxwp1FUvaGS5~^Z61Q?hFi56`s6WEUw|p>nwaTuN zavY>dLALhm9J@rAgD^&k-tgluR2GKqQ6b3}#s?R=jkXr%DB+FQ?}I)RH*%I7ly|Cy z-{|WI`uG)7L&P_3iWNMK1xSLCF&g|}cT-VDIKY-mH$T8^{Uu=BE)C#-X9CnbJg&L@ z2mUHlsg_cX4$y&mrbQtaNGvpDQI;u%c=6(|nxHml&zW?mVTIETfWLOdhF1)ETf@qr zOq)?b>bp(lD=~#IifiO`PdjkZB~=YUY}Z>je(m1qO?KHABkk9doe4Jkka>8i2g*Yj zx|}wOu7&E$N^cgri7*g`6&7=&OFJOYPt-|_tSKyn;33N@R#s&SZ+XJ@Hk58TMupP^ ztomx>Wk-Q$ypkwIN(C*INq4^Y4iO8B)@UFt{5I?~r*6LIhahVe+pPF$c4f#J_EH=3 zXrAQ}1{$I>gBsrx;NZ8Pgz!I=pBPA|JIuD(22q+@@1^8v!o_cj2eZ+1eJo?#00=)J zGLfwZIzk4q+uqr*fm{~Jj)kCI7lgG%SZP7yA+#&O(=&0B7U;*0*rbAxxkL5{5hE&% zqG2N$PwRyEmOuxOH}9)9&8?kVXx7qMlxX&Gg@jH*RSh`Yk7Uypm}4TfUwkuq%Ml|% zEJ4lKtgwfhSpIW6Ye?twPgF2$Hq^~B5Vdm$Y)zZ1 z<$dh-oKHvm#IxE~736GP0xRogWKh`53?*1s>yc5?EHSF+8W{Ngm5jbTOWj*6RaK3!|k(dwbx0!V(#x%7#tnA=bqyh4la?R7O@6Mcyk@sHj+^#E8B6{ zeT#b|B3T%fWZL7;F49eN^%4t#Gx8dOE-rU!w_ucB0o?WxD)x2!+a>-p~eG{L*62jULKXT|$5~63K zk{AL)CzA{98j_UL3pJ2R3nETdr}pXK6SU$E-=Z-!?WlV7;EJtU_1IBVeio&iXHYBo z37eAbMa_Vv6btmaO=|CD$jrAJpq@4^ zD$I4?vSMZJ?j)%2jiZ)UcazLYEZI8fc9SC7cG)eLV=9gh1C=o#YCc6G-Rl`IQ5Wk12?-Sl1i@8U-@bOFeAAMH8DzYbn z{a@oCAM?YHwmQ1snRy~qpK9;N4*het0^OsItN$rfpDOUj4*f)le+ol?n|b2UQ&xQB z&?CxY{-+xAx1lEi`ei8O1JTetP~PvB|LVuThC#AW-`k*J`q7F>`=ieFAIv<3#m7PU zi4(thmM6|UWyME9`KRi}{7+5jf5zmI@cv(@^&2Zsym?yCdF0I_)cWhmADHvUuKx>d zzF+hG^VjgOLqB8ko7GRec$&G7H|U|r%l!Xa`9sn^6#o8$kw4_@Jx>0-Tb=HE>*+&C zet7n;kUSm<`SUWupH;5kE&nwpzf2Um59oIe|8W}w^>4rZ$@0IPdf1P@ZvSJT|B(w% zZ~yzn)X%+rV(L-GKEC~rj*^av;XmF0NY6saKqaeVXT@XmUeAQ;jj4&w;{mb^^pBGH z4-`qq!1RP7LuT6H?kO^jf*Y-n?~Q``q?_hz!;2;lNajue`$6#b!hCD(FJ;}j9*P$Z z3iE+{l)}M+r-cQvXlgZid4KhFs&M_)g;8Tyk%z^hoSLk9CtY8h|BR4y^03>jP_2+@ zf3Bf$Y=CM`_0Cqo`C@f)q$oGiHMKZE4&5wxb+m6g(lteXI@bD5$E^S2xnEj0>siIpXg!?ueq(eO4Csr2VEMaR5&w7sN;e;_tQ60O0iE6x3 z$AL^*(%@Hm*CsFRsgXa(%^C^iju~(kQ?}=0i09iFj&oU^9>mv$x9{ zJ626Zy(K&k23vV2e4v1x!Uo;Sf}q$oE3!tqxobRd2zxMY6HS{KzHAlkhlMj8iN~;#L2p zzS_Z*HH6;z8G(FMz}~T(%Ion9h6YgnT_q(41!vW?=!KfoBCj0hA;;zQSOzOjQ83Z6 z4{Y_SD>1$d-1D+6EzN>4ySx_&&9jWvgpT%s$j;mAnyy>h)vaRn0&m4ncig9UJf}w) zz3|Sv&$nUUOpJ-5dDi2rZhPTJ9@>>J+-}SkoQCPAjH`kN3#*)qL2DxB9~Uf%aRcCI z!WfR|P4D-vXE>AObg76Ls9;Lp#Ln!`X?v4lwF%9=I)?1yRXup+%fH%`T!%8B{#x+( z^EYM%n&}0H9VroI>I0))!(74n6p2wcp)c(H8HN@$v!9<&0>azPgW$jGIZy>8prQ(! zz{2y{afab1IGOWKJ(MDV69r_IFB9kf>Iq`|`CGwkC5@MKPmr1H4z8&dSJp=`sFJR7 zCFDv{7XE%E{~P8@)Qp0Rj03J{U&*155%uMqN4CAnk;(Sdh=a|mnm#@0Wd+&gZr9#R z068jfM6sU`@cA1Kqi_fq(?x9)?h8c3UU{A7b$1+JJ9yyl?rUlBgk&)7m#gDL7v1&%>(oHKX83^Ey%*iB} zy(c^)Xo>Ot-!ge<$5tsqVIXM>H`x|1IB$rtQD0yR z*AvBtsME>@IMw(>I+_jbQ97JZ)8D}sOgE9v`yl4)yF8;r8>lr0T@G*LVs+LnzfUhelGT;@W29@)Bjy}A;Y0vaw_!wWb7~lTN4-sK{ z=IU9|d7CSdR#V=COkp5Kv1XhX;mZB!L2PJ#aGb0reWKk#2E+3uGl#FhNot^7`L=GI z%686GUT9ue5tWNwIEHTao9m#v5?+S|g0L^Ozr;Eqz1AS(;F!n}&>^!9I79WEZK>&6 z8C>0(NV*Mgk1LU%jO=1#91aRtxfZkJ+B8H=i33sO)&WWmm@0$O5W0cvE2I_toUl%m z3MQswGbWU3v3k>m(YF9V8WU$H8nV|x-4y4*VtM?g;)r{VvoZdoNm*QtKQ?NyjgYbP z;bqdn*I7wamIGuDZ3pfBsS!9A9LJ80w-UAFI4`sBa;vHbPQ$)6kpYgBDB=J{pXT;% zRq*AftR0(xrCJ(G!-q7j&t#EV>227C34JOg0j9mdr-uup-FKh`1;-Ox_%Qvo)pwf) zb^91-6ihojYyQk|FEm>U>S#7!WVd&jn|LwG7?ENvPltXL_VDt&@)U!-OI;k{4ym6GkbHf=svQumrnJC+2Kg9Da^?l^4B)Sj1NyPQn-?H9oK>Ki zLt1DiK4Bdz6f(&b9c_>B>aV{moeQw6pUmuv3^{oxtH1I$Mxn+)iv>fgL>J!X$AB{p zoeKB*!bioLgOqL@>I+Vrdci}!M7{rikS;mY7ZFjeHX8Bi!}-BG;&Xo4^Pp^Qy|?Zt z;1#brw=>R=2f%1HtVEOipawsYhd?UIqR-T*5^kgmYGlyofVv&!Kp51!?=QbA4lwH9 z?vo&hb6%0Qjav!~V;E>dZA$}H8VanZKg(hb2tQ*Ha|6tr&2K?VCSs~(Qa~xPf&Nrh zwymCvGLz8VDdLu&Z>Lo7LygROd<6{i?=k|EI?oKK11u|xmNhM{BnORoPv4*dZOezt)A&dd{s{=fx)U;j?W^rK$#y_)nt zsNk2OjXzQLd*y}tx66NZgW<3C*q@m7uY%F-PA>6rf7%0F+>FOwRdJbdiWjuDr+tBHDB$x3b)DAa_!uyj7Er2s=bIdR_m^cD2 zzBL&>uMJ_k@7A1!3T(eQ;jm1_C5adonS)wF5&opxpVVX9aNKv#KoB4c&sayUR& zu9{@JV;E%Os+P}$LG8sjeqeA6J!gCifvtaxfj8lF2SZc-+1pong5uP-oxxqkyl-f2 zye)C{MSH2TIdAse{ebkn_36I67g7vs-4nMYl$pFt?_b#QB%yd!Yb}HiCcO9llsU;# zt_+9lqVIDfQJ8c0zSrGRF&!xf?EO-Dae!0~tKf`9|BOZc@#+P7vjOfg>Vj)7I#xdl zt)0Mo{9#UN>17`nW`vf7h{zorWzWeY9A23;{vk8i=Nx-r`1Hs8qfn;6%`5MNbG<*{ zHz>2A=8_N&zaSpcZiX#HODWYF&N`I5EMF5CW_Ft)?5m%>j^J?wsOP0WVDVEklpG72 zD5~eCA|OLnyF__9G4SI07qwRt zAB>`Ay=Xwk?FcFo5w+zf$FCd1_giIHtm7wN6zk_BAEl*p!Ny0XZfkk2WwwEZfGoyj zBuMw#{L8mBhFAymcR}Lf;_na{$7G?|GXofrNiJ~gyqCO=`nfPddfd@>96 zdSQm((*H@+u zj$ko$8^HFe*;^?NnH6K=g{i4>?KItF&sb{uu=7*TKoZgr3KqyO2?WV4Jmu>8&H8{TRwF zYy1k6My$FxMxsh+oIY5vt|z{-nvA%7eNZyp7c%+WGl?~+D@(~93rnBCI+3n73`Y#+BQV&|K=v~2xX6lnlZVNZ?1FdF!wpaN1C`bblVNP~4 zsoU?Jiv16H&{gROl!j#$#*~=by>VK!);v4v6WAs zEBS;4<_FGpW49>+7HU>IPa6*Ri1{REHNaHR`+mxWf;J!>Hi{4I?zgm^R9p^ZB0o z&TI9Ivps9qw45E~lftsz8qns11s* z5b~c9t$ET$4v{vlMA>3C($P1AWnKV8r)uWUyP$2Iy_r(?xx9fsDFX=!t@mX`$`Qqu zQz3s@tclZrOue&AYtY>TE+1rFi6IP5h`oC7a-rSJmM()J9|f(uG9D)MN`@5!PFs^d zOmG~sL~wMf4>Zkix8Izm^B|68QK}JK2{Vk7Whl|w_|x=lE7%us=Fn?>4`tKNP?u~f z4yF-xx>3)iL}SyNsvS3y3#L>-9|!;V`jG#=tfVA}^Wr5a(hJF7VYn zYfY(-*%rq~H7SAjzQ;gAAm;jKjvUK#0})Ccxt)H4r2KY5+QItywYdk5)o2{nSmtEv zFm))-4Ia!aIqlnU2b|pG4S+`CwP-W@3DSpgkd`tUv(()IPHMsAdhfNFt76n3;*#(@ zCyDdHH8fW;`eQBSMF8fYm0T|k;){Kr?Xbkw6d6?lJ}E^qJ{I^tWAal9|7Q7Et_p85Gb$(VdzfZt4WAT$w z{$D2^Ph|W9xBURvKgHtlT*jvu`EzG}W98Rp`qK!ZN8I+~T<9OY`AxR|jLC0SKk?#m zvi{tdpS*$`0{_Kp-)Z^hYl4R){dqj^$K22F{Rn?A ze-evFN%|*VV|;S;fodp58~pv%>-yXx?2G-?d0bf;^?pXpKvH4cic7c{>94du^E6{1 zsH)0kZGGJwZArX8Fx`Xl*21Qem8vkx2A~1g9bQttDX81D8#X|VRQp1Dd6RP^c?ty;v5uT^(7}94 zQ7ZYA4|=W6jg|up9%Xhs4L#>-!B*v{v6h{vfxcUUQ<;3tTW?O!Gc@P0Ihw0B#n7m= zU}2Y>Tx5V=*9u1-MvszSIu*cf?(^=?@{44VnY*Xf_T4f~=qB`1(z-%5X-gP~xn*<9*_1-*vR~*L~>U*tou-zF<){kRA~X zj!Mwy_EXCND_ld0jv}XP$jbK8P+F_~K$@prnti%Ns_DUumB9U8;F*9m!$^0tRS(e? z((?0HqOaE`3I*_^&<>|5K0vMC@8Bpkr~E`i9eDsHve9wVQ7)QQAvzCR+(a*L^9R(` zd^V&AH=BrLc3o*PofgeZ0qim~Ob-k+1t2>_@qhv`cgN$~%}c%Ug#vUlqg%0s(mvhM z{QLKm4r(r+H=vrU=CW=1fFUsA%|9sEd+t_`D72E3V;g4Z5(dXW(Np%Ixsr9&lEtKU1^m8pIvyep=Nz7 z+_Jd{zw$28SHZcy9qw>|u6G`zAo(@6ObTS^y#B0+|V!`q{;@HBkH#`DvwE+#z z#HNlbn2I2_<9(xgM09Sq$Z0e*Ci(>|#%`a#l(fA46zs6>h8a}(Eb^sl`@0r#fz#dX z9`Rf{;%%e2P(>}VMD-nZlMRG-%QMl@AY%+rCV%BtqiyB)gmOvmF^!1JzK8^CFB${V6;!S?Hwq$iQU$|V&M^CMEnkq+$mcyg3y0k0a0Yq|+sC3&{G(cAD5q>N> z>=CqB9G%^3G5MHBN!f7=+ht~6$6{PfeCgeGMG|#{{FS1mRg{FY0-dVZ-Gi3z5>Lt3 z<}mC^OMAVYeNjZ8FE8*~ac>VKmn^hqY8~d+rQo%KnfBIrUu&YBewNiGIjwKED9bKN(U|)VyYF(B))9J>hum=LgLfh9)%SLX|>XiQKP$Ux?PB{-O{goa> zL9h26LA|Coq%EmX8^4J~AHvr`zqq5KLxGp)zP^3fwey*DNbiQBNy{+hxC}xr!z0@K zLegChJZlAE@aZj_3Rxu;{Y>g^7N&`8o=tB@LG02NoxwZ#dqWuZAJ_h^yandp@_<#IyQTatnPqL-2eoV5_c z`M-J42PS}lKx>PVOc?Vjc534+B4;`BbtV?lmR5-N7BU@- zLilUv1d~~cCf>EU3u#d^Bm@Vx908(F$b*y0WXFpy^(i#(a-^KSN13u1(}OiI`QE*_ z*#k`zcPqli6c_hPZtl(jtgGDi!#$PX@3!dC0GX+3a$gQXI!t~yF_}w(2nt;nt>vb4 zv|P-#oOW8xf#@8Ag`VV$O8EKxfE$Yc@+Eb}XSxPl9bQe48qY9DZje426+7 zEPwW)F1Yq05@*YH+QqMCTNPT0n#)Vd9j37CqHLTVVu(^ub)@c&Rb!wx;uwTT=JM2Y zq`n}FFe`zBg^p(m*4JQoWG~*HuRzr0>o+e$Q9~~97iVn!@w4Kjip$o2!dXmww2@47T-PUAw~N`0|yKv-8DBUf=5J=!s80mPu7C)$Q4l z(2&2OZ(&0r?e`Rj*0ePUfs8R zejnZQ;Nc%Qj)CRL(LB}AnMx$*RP`o8HyR5ZDEo_7&oJ=S*kJDOBo_eL@H9r;4i&HB z(M{e(48GcSyb$kujo+tOJ1c&@P$7tCPqoj%zHWB%P1n)d{?J6Uzh8cReY`PT!3Vyb z7)~0l57E9%+4b_=Jzq`Dspj@9hTY!c_8Lv;x+cvFzRgV^Xl1Qs$uzV}*Sx`|h~)Fd z`x50MbKKH~R)uZbbCVnFYre5Nyr8MOJ5gq(`Gruy8j`)HK_3m-DbUheokN3*1ZlZZ z71Ay2`FwS9RC<7SC{C$DW(CdoKxo)J7JjBL6zsuzgD+-KkDCsO3VVVHySd?BnvsUW z_{iMpkAJc9#$hl-HIyN3Gh@p%79$G~JEY5sY7ZA{75Wm;QAOG~S^ye45gZ51O=jsg zMK4Pn3&Nm-qs1Q&%8;K3iYh~(DUF9XET}Bk+Ejl~sn@8y$xg~tpH&o4CK&CEqHr}o_nreLMycKgCO zkY8JnB`@JFP#zcpAPM)mHVFI$yx_eP~#vL!a#ZLZp4>5o=az7+&a4m>x6XDs=I3ZrkSPP+c?R z2Z;h}AxC>aot*G3N`t_s48-~^UC17c0G$IU^zGtWd&t_5if|SIR(&G_Mv~=XH@(_` zH5=<^+ihoD?D&DBJ@?JCD?3IfEoEF>9n2CbNn9P{>)Ri4%h%f>f@zHH*KaaQDS)Ju zV(Lg-*xw9@DlLv_=W28>7GYB{l7NgQ@-eY5*DdN;sYKS+YvhY!hbhFcH`PyRI`5#~ zIC!QSz6J4Fjt{YHJ`k6yx}DYm5KS=b@L|~f+J9sYM><39huvVorBu7p2Ftczdc<*B z5ylDHx9lvrq?T)X263vDi)@uw;VbOw-Dcy>`+gjJ#RPI7y%Z7{@y-#Q8;_6X9U5@V z@(gN&lkDgzftmZqsh~BlmGwg0pxUFhNz56|>F(ArleeS-?UuKt2F5VuMUhGkgO0*p za=U3ll)|~Q0VYo90vVyZ{S?Pa-s0Srx&$VYP)Ikc5CSlJY z9M33f3T5kx*cd>O_-{)-Bd8pZ^VG7%G^YWs7d&Kh4BWh+zQ`s_lC|CZrwr^({7R z%v4GRSDS|wn`-_tDd*r;b^6zB_==oymx!R`1II|A%IVYLesTxn;?cJ8hBub;RJ2p| z?lJ_!nYQ7BF>Gh_gfe*}n*kHdVCZUTXLTuqrnxg!$Yys)^70s-ML!n;Wr%#GC5_Ekv>$ z{+mb@xys8?p1!b1de6h^JQjMOncEwUZ-@)1wv@DN{310Nyhy$r$JGcgsNSeJI-tXo zR;iAAqj`t==R3uiN-VWd4ci6|D|n)!G#1?UV=H27M_!b052W#29#GfOt$Y6Sg7iT}#ksEQsT=?&+ideR%1 z7VK@SOC1IASQnCw_rrIWy8Krs+PhR1cC(HzGJ5LSvdaJxdFyM(CGRS#JvGP3XVqt) zpUKZJj?zOi*`olmQKoz9eoWS6B>0k~`w>Sb)6U$2_J8Lo*iOVCrE-1zlV> z&0aQ{J_Fk@u}@bQ2-w<-Z(Vlo_B`+%nZgcLfXVVc^4_D7uiXDMH|d?jgxW899F>eOpcSx15N7rSb`5ix+1vn!`tB}^_PZep| z5mgm5h9i>X&O2YO22P9$zq}}$l!uf~NIrEjLs_k9CEWB*TWuHb>^UbqG$Q~O>z;!cJ z2P*&8kC({&k~>FfTyY&UnI4c+{@#dq&s?~a_2pXLq!4(g3bdLfKm}lkz!Enl;lNH| zvMrtwUP%pN`FjxivzcU{Pk{jJO}`dQWHnpk?{-ANF;;>d@TA4XNp1s;kA%gSF5OGp z9G=hmp0(^zHZop&dy8&i2b&)4-T{=$`aB3)9)yGt%HhC!3X`ufZ0T8*mkyUIy0!RU zz_Yx0dwm$KL|fqEz58|VT5~e5g%v+*1Jak##1J|ePyxVIdS1}b27)ukx5SEx|Gh_G zZ3q%PmA;DO9y&bJeX{zXwMF>n$J~XoEu(y9m!dr6rK5~{dy~x7$=OL5sRx+L(ILw+ zwn}+OTq4$?eD&hSCt_*O@2gi0UyX}WwcWduuNKu&)_|pZ_T?9=d(q{v36_?~pxOpiKLUo!kMuozZJ(fIN56*nO*>0+<=udF)MbxdXvKw>=mw*jddn)K zA;(A;-gCARb8JeW)#F!zmN)k~oAv6Y`}tMj4LTNJjZK@l=UkoH4iq=lZ*rZqEYAN@yri)=ICSJTx zkp=LNzJ8VzbKm}OM}9QK@%2TXe8@8x@D?Ymg~EcgM)U8BXidIb8$JRJzRA24 zykw|kj^@(%JG^6&hqK03ju=^6!#eyp=J6f2h@6b?eHCoJ)>8*xfvbeoqT$-!=j}&s z(iOWRhkimuw>B~FzOT|Cmigqcw3QHHOJkYoc2SxrbFPJ>@I91rlQxhR(Oh8ec}_m% zGP0|{o)YyV*U8ItwPxQE;nGH4hMy3uAqsu7YlQ<$-0=&*#45(egJ#=GLwFXqoYFhzEpw_`_4T0{Y+Da%W?iDR$ftp8)|s^h9!x+ozHN{e)tNOyNhgEZ2Oh%^Gy z4T91FN|$s=w}gZO(%l`>A@IQke3$rq@4xf&vFFU5y=UHC>+HRTW%zSjfSnp#-x*{b zZ+T4n!HAC)rE!BrulQv97r4r?{jZ+hIUPrvDuT~x!>eB_T%7EspJ#XGei>fY91EPl ziWD?5os2u_ehKm-Lu7ms{}6z(3Ou@(f;>QZo+J!#r;RKl<7RR{>2yI+&!NT(9&Lp`mRxK ztnAGc2AT~WJu^Tl>FnmeOUj7p{FQ&7)h(4KpjlnU`>s*0&k9(e>8aXT(4}=u@UPJ7 z1!Hv)BEW$m%`Yy;%}ooKBRwxZ2eH=UC8&ej?Kofi=2H!KYYId?X4MopUv2T4e?C!MHvH1CAYpaX& z*@s*PsleHpwT9N3kD)Q4J!PlS?Z8=u^N6LWeWPw(WhvfcP8k$d|( zwC)>lCprVw7f)DIo~#_r&UDPg%8f~6hyU`kYMM$4i)|7y2=Whh-z?B;%OQ;H+tO zwfIzJ^49u;iR?UYqtV_2EkZo?8EkSVK~@+hy>An3bLr}@OPQYv*IQE5TlP)P4!%n+ zyNCRdWv1$0ivH`F)Hd`m^sMb+v{nkIz@?oZBs)aLlf6%1ZNAjXxK z-7tn%;!r0%Ag-&%bx#e2N;qpNfej&ESZZm#9%Wc3S* zW8hMrOCg`$#CpCbr(l`+8t%Cl)@ZJYEclKWBAe0Kf_zcR6VH~mkFqHuRx$MJpl9e_ zY%_7z%Phn%2Bo2GAnrP^6sQ*7Bt?*h6pWVY{PO3-<$st$zf2SsUHk)==xc~psT6G= ziRNafkb$M5I;D7jGckDsT}GdYP->-@)&uaW;wT-(`!-cy)}|(yUVGAtWzgmn7|FW7 z?10FcihW|(l(5})!k~*$reVsV@=)YQAas*Iv<~C__v>0a$jk$0x%zHSXArYEMQqKbt5D`}sJwj)wV zBGY8zbMO;R;+@({%r}0zegC9-qw^kXPbjs4AL-WYJ#-xWlMmmMdc=mBA|W|lD=Y}9 zYr$KDkUt}jb$=M}UQ^5Nn_4-X<0(VW$`Rt>sMT+_6|`eVn{Gqo5rj1?7ohpRwI%44 z?$y3J9t_D%2u3RS*a9Tv$*P>gwEqgjBkgE<3|L$_Xo!ri#UA`WV&@d z-*?mN?{A@qdl|kZ4om;x(Y{R_egZF-;XV+mFogB!!Q=3cJnR_?`+6c7MPNV3GQyI( zGkr!$LLbpYC+BC6${dZbB_V9dKHHs8RDzCxDI+3qEIFLZ%NF~o>U{=A1(Hi zsM;o{Uj-$5oV7&`S{|q4Bv{`Ue|Dh7{oRSJPjViYUp$m4`5j$sGsz%wC-NCz zVlo>qKp$I)+y+HqQ>TUy0R_VMG5YPvPD3QtHh6nWJ{VY;%LthJKHiS%WbHo2EWSeI zTPNt*yw?HjeR)4ilisc5z~Hp$H!d{KB=S)Qv*dCvI_8=@wyqwDYv^DTa@*-Hqv>do z<WUUz!o=p9lmI-ud~jWr=M!& z!tF7uHD;uUt##1N)SgrFvuT+CW%?jat#IeqqQq}}*65AM+GH%IEVb4^nup74Q+0X-%0jo6Mr}CMl z%OSo7wY)CgM(1QFdrYBAbHl#nYnH7~U60n6tD!9&VqABz-%3O*maf~(8?%~Yyrn)V z9Gxub=j!Y7=TZLfuAMjx(qppLVSmXa@BUIUl%RW(*LKqb+aO8Hq>(JkvaN5TDZ%J& z6-c6=!iFDYxu_<5VSWK_A{wkD(Ecs^WrcMpCVf&bqNU55kt5T@46U9Q+3gPpXYGD% zi&SsJ77>fmNZVB76o+vMPU$Xrp@%iGf{z1<@V)Rar0-!aXWMUegxB z6&j-X08fA4<5Gs=u}Q&Rhtp^C_62@cxq3%5A34O5QXZ*7@=LT4VkY`dXrqUCZxvBs zBBG9GPMxrF)vx!?q^C(nV?&`-8rk}$bkR{g*TT$ty!3o3ne?UL_Pa{9xiwcmuEh#s zTJ0n$V%!SQU}`<-!->=7bae!=lvJa8SPwTz%uZZ@!Puy?t3-PGmR92TMtB;R`47Popni`eH8w+JA>>2(#wHx^b z>l-ww8k}%L-bc^pZms-Y_ucKP5|5f&Pa!Zs6h3RR-3i#4&lHOO{5Je6U}v}n*qP4? z5&xSV;|)6?aPrspFBW#KK?gSZ>$>p^3lRvEHx)!VEw#2N=Oz zpba3HbNTuH44MIc%wK?^D@<|==gI~j7Ug5ioFNOfdgYz)} z`1&6zg9+$c^8fQ3D2s1?*}m$3y=#~oo&)7Hu;)M=$nBV4VO#n;aOf@1ujyXhjyb~x z2xPqqIRF6yFZnHKdrJxnDCAcV^^Q@l`we*Q<=z7J`&JeMMf`%uqh|(q^lt%Y0NPA< z1e^g7V0@-4w*d(F?{44RJ3ww<7F96aG0F|MuaNl}i2>~PEkhu;FLvXZ+qeGc4kqK8 zhSnX?1~4}G^jB`*TJGD?zPWLL+`cTCV7g?$})vgR^fxpP0%W|AseqU4Gx=yE^=`1q?q_xhD%Cjec_g4#gv2W#RuKN!x z#C4{#45-aGv%J{Z=f~@xS^Qs-~f! zIv?Vk7rNL0XAgk&JtKc;0jJ6N10YF&S)l(Wt;Ik`ccThq*nC77*|}fohv~qhA&%H; z7OXrE(O0;AGOi$xwD72iLd+h2zW2y6T*d5y1uAGwSjjJp;>2r*38Gfu*(WDHM=jJ8r<5kAY^O5W0C%WTKXUbZIxiO(NpF+GD z{R@P#`bMhR4wjP)>?})cg2k+krdtgvyn;TgGI0)7yBiL>)Jqp0quG8rJ?-5vaD-!t zv;I^HC%_Jy_Fjr{SX1hG7B#f&>W8O7^(69ghi#F=^JHN*>J$}w%SBO09n*H=K3`3T z7?_^dLi1I)ef_B>k--9EzKSHw@{Lvx#RI{ik~Vh#X$2H3fnZ@OPKt8@EX~74UwfE- zW0aQ^>X!9WV3|{W78Fw?J-AzHn=*d(go>5IqG&4UA?4^O>>-RxMjOMmL`#&09~+DM zE!625?^FNjcYI|t)VrLAOU44Mw z^r7RRW6h8Q*7;~h^CKT@LlL-@Bwc4<6MEmH1xq6fhY{7bXrmYFRYEMm-8=q8h-lFp zp=SFhqqEe5yq}rFn&t27tGtzr<&Up)v=}Sq3H!2(q`M{x8@vKGcsQaQK%EmGuhev+ zj+nU;YP!d6#yk4jPRt30_jIU1Os{ufOMx5-WFeF3K(v#_cC9IAyzHnn?}6>mi}i}M z?w4#suYwibZ7@&lwFUR57FiR=Q!EPTW0Tx%;N88sRxOKdd1teFJ8kyuFl8TtwJB;7 zJfH8|=xwllfpo@-ErCD#fyYm(@s<$2P>8tq2ScRvx2jB7N2|HFLr3_b%s)cJZTTEN zeqkOs33v7SzIyDLomXWMosZ{{|6-ZbmSf!R*Br9#sns$Za-jC0|2rmB+fqwM&=%Nr z51XdAkWLbbGU+FfN52`z=x4!O72}#Iu|elY1ElflI}x0I5pQ^GDf8F~@me`077KcJ zLf{G09K+3yf_auHLovk8QwVYwC)Vn);}ehcMR7Goz#%BUTI4BF85qbl1L<7%glto} zkHBG;EBWBw>#zB23SYAx$ich);@hd?ierkG}m!{31-umAu43`14n;It=;*f zE|}a@ySx@+BEp8KY%eqgg{3gl*EWz8Wi*;chXDpg-TGVPe$$ zRgRWXBsH&#*nm5lN*~@%?cL~zon)B{Va&}QQV4tSR;<(iM~Oz$a})*tQd4()#2$;7 zT&U;)Le0i|nMNzv2RSH5n~yea-hprR!tb3axnVvoZxOI#MWjQtY;Al-iK~SmPdDxB zZ=y)!@%mjPPuXNSOy&*To($XX zdP_gVP;i91Bt#yPmnvF$-(z>|_IYg$Lb_g^qW_SWd&0^?LdIs)HkPUa`{!pf|1M~Q zA_+tDNsM^tHH`RxmVMpi8DubqM+wnbNvR*eSA4{tmSiSu_||u$^VS*SQ?qm;kUeQu zP;4(TsZ)Q{q)MS@7!h17C6`Sz*Q{D)pCy!bIv!YDNMu%%{(ufA$u`hc4P=$wBfN(Q0aFU#nNTU^d|7FY4I04UzY>9MypZSRGDLlcXhjU zgK*YIY9}-FiytI6=&v zSJ@?yoJB1E{w%R~B%ZpdfltuCj@MzSzzV+5P-dMLXLL|M5jKj{m|oJE+V-cQV1^p% z3OTpXKrXC_FM-$5jBu}y_GepaXw`BpZ(Jt@SjuAYR^$Xy-xa}P#j1L$IYq@LFj?3U zQzfKOs|9dP#mTOCBG2!!xhXQ@r7V6+NJ-jE%vy}7EsaL0L?OdbQ~eMu@ybfSIouu7 ztQuh#qomP^u!WJwP#6P6r2{QIUo7sfzY6$PofYH6xf+$wK#p3eJ&zI1TiHO&ZynfH z74g|AUPOu;X|_wj8m_mEq}3Cin-dEEc*6BJ{^#&?Fdf)ujJ8ZkX?@^)&sfHV?zbzY z>&$f+Rxj`>?#Lf%CzRJyVut<1nF;TJRa73ZL2WhmW6I9Ut8RsTjBTOh=f$L${dNGk zdz!!YB~?;Ll5B%?6?vN`%V72qq69lvnc@%nfSm_WZ6DrEcPQV-MVy|CPsSyi{B5vj z)d^0sh4>nsgja_eWw$=BGpc$ru+fZ|J%4oveUwwY|8cJO%Q!kO(D9mz5q6X{BG0e=m|C_`cUqHmcaO})tE_u2;Vpi2v+b4Hi*K!sZNWLI9e_fM$k zewRN<$o?8G&GF#4pC8(M*)(IRNWbVhZ5%*OVr_?)-N}P@INHkr-1KR6~~D853#mxHwZt=9+SY$ zaeCKNhK2LlY0@}u6wXA1?&(i%`9{e1O|J$8PvWwa@%f6vU!Zy64Un6 z92^q(5JAHgKI92v!cxVwSTh;8sYFIn>r|b+Zts(-KuvTgKU*mnGaX=&4#b0U{pJm( z8_qX?Z9vK}wA9q#h;^yZ{AdGNzyG|g$hl&wA*%EjBU)&hSP%(ZWo$^Y;;%~FIVRy6 zM3PqxK4K2Tf|?2CRuNkgy{+te;OJZF>q!YKQ!N6bLT{QiD06a*pV%MPGA2BbM2W4( zu1o*6!0(kl-`_Z zN&TFNi32^U{D;42z*{eJ8=OQ<{U_`MLe9;R2kPJOn(dy11*<$`G)7VqKD#K9QUZRF zPLINB?RBaUwguG-M)I*Noe0LgcnZO_HK&{kN4vp$n!gE>PDS*$u^ZJzca)UxuhP>H zO(>vL!H)Zd@vZYNb$|N8#&DA1R?CT(2LfhmMi@_J!D;gKk(}*!8g39*BMf%r-zF=v zZb=`!bO{f7hL1aTWIy=-LYorvSr(E zCbf6ersU$dRql|_=2$Uab38kHc7(iCaW_%5LJ7G&8j z0rqZk5m-*{ZzLM)^=cqyMxYPYf3stwy-vO{0^!`h+R@#x1A?}HwWGgb2ZUIGAn^q( z0}v6Hm=G8eU$8W1m>7U(f&c0bD&U$*+-)l0f|~*&`|d!aH^{zg%5hgk4Og`#cbH!X z!2p`z62P8INVC$N7d2c_C;x7KPJdjQpQ}+b0~FunX#P>7rn~G)0XTjG-QSoB5SIfa zN6ku0eb(~u7dh&4^=UD4J$-ZQvvs4RW?{MpuK_E1h0y;gQ@H@xz`+6z=@pB4*Q9UJ z9M@#!Zin=uw(QTf%NMK%@QZJ;9DrI9pqQN3nOqh?-DQ1a6@gM85YY1*u`e0G|6mQY z0RZv5EJQoYiOb%Ve;?zfrW`BNc}iV2TKxxeAcFt@QMmtMlyd^;at;4Urn3vU{*p-Y z*4ma=nZ(8h$U30hdUEkk*OChm+dGo$9}4*Pd2!L&ceYdhq0s&iO}BCj&?$743U}nz zC53iLbTI-rqQB-App)uqz{}Hu{z3!sF6-;L1!xKbGG=8yi|i%e_#do+4s$?eGMrgo z_5=P0Yv8=TPW|Cuo_7CX5TNu1KHqPx8_;2J#p?q#ZT~y@)u=%HE4e9O@#&7*;htC`0261w1_2s6(%dD0&monwkq`pg;M<_);d>Jt_SU9-2xPv$2mE!qI zoV^c8lEi^2rp9G2qP>%5O!KswSkuM%^)3S2{*EiMIO?>Znw0q%?(gL&s{2y&Cv+q% zJUH!hR_9pfSCy%E6Jf}8M($?04VmLRZ7TG|cXo05%sDD957&#Z&5FjJA_Kr-bE z_K3&|Jxh_T6pWa<`^)=9Y{*(;a;X5`eh||~-t;KXJ6yc;*gzabJR^Q}^i4WGvG77O z;v9J}0XvEioJCQ)O7x1zLZogB$(3V>aSyDNfC0RA)u(DttbMWulP_IsD3IXi%7b`y zE7b1!<}C4oN=q5|4=Wa^@eYp|9)ay+|koKks>A2-do50I^B}tjNCTmr`Lwsr*Ml8R}<5J_FJ1*Dui42CE zGB(cD2Mz8;BTh`VVLXtm?l!2mvimO7@yj;RaW0}peP*4xX^jX24%b9B5o(&UkD7Zs zKu{*t*2q;8{3&hZ~?In5W{~@a3Hg8{u>aHMN)I;<}it9&JRZcYTd8&J58*FIg*V za&L9Z%wJ)WY{(iaA)JS)d=B+C3w6+TEtBl6AF|-hinRq=d&up;H{`G;AfS5skXgab zM0JF_`0nF5LCTxH6PBT`7~x zT8qfSRLCVU$rZTF&!zED{BzHsRRJ~USUg;Zo`!GbDTymg0FxV&+O*Z{r|gifJ4Hka z`Ti@Y-H#fHphZ5t@u9;MnohU;iMFhyAi|hO$q(gpsM&ACjPL-Bv|Ja_tHf<8ZLnXT zs;oiGzrvflxK}mBIE`E~M+v1Vd$_JwKsP3i;BzWTnzf1A~pnV@eh|Fod>A# zv;#!+oyNm|v1jd%EYxVb6_RiJBho78Q|5%0p=v`pAUco84r6^{&quW*N|unxD!eDj zU}nKzfjgH!K?VE4jsI=`E1A7{F!Y6OPh;LDgv`ZHenko1nnE9C>IOz#zXUm9rHz3~ zWT*H^3s)huJrYh^exwZneOR#=orbjy-`<HS^HBeD_eB{>td=eN{)m0Rs#xIm2NwCqgeV++Fs6Y zp-?2!if=22+d>)nvzubJwh<781T{CFfW?tjKs1qwMz~)Mz7PEl% zaFnhH)!G;3%N`DT`BL1&MJWvQCZE!ae<^465nTw}UAP>s0($uq3A#(3s_rc3A*iZu zA$u(EMvqs+J0(H|(G3$FGv=qE^eJXJ$&OLv?P?0f%Fed$Er%)I9yPzPEOL|i_>ixa z4@zZ(m!KoTom+D;XiS<~X@0M@V{>V9s-wHZy{BiHrv=WOsp~y7sUKQyi`mJ^s2csz z$yD0suV2sZIOj7UYn%NV<5F|{?ySiEIZb4LP2~_Rcdedjoe>7!GxAT~0iy0kkjvi`|Xl zE?{}Pzs~bUaTh?+{=dBMMsXLg3=1$G0OCC^epdtGfj`AvKze(Z*x(Mn=axFl^(K}J zsrrBT9sp7HcR+AUsRgL^Nm3(@b0_&)_qw-h$F@8!A!F;R3(|3Yg5vr%U?Jb*j-&grPTFWO@U zEbkrRy_FY08~UQ+jGmblKqCR?{v9V7u;|R~@UmPMD*b8fy{N#t81t(B>Sla_z6zWZ zLV$j{D{2EkOv97?I;>`L&arbIF{JS|YpLA}1&Qe}+oIuuhZzi^zxek;WS4`)> z4Z`xLr&x`i5wN;)_-7B7m0yg24r;)^T$~qY{|OK#AaaHUxRv-XPpF#TiF=Y3t8HF&t$L%H+y^2hEL4~ zw&v#_(hRK3tJJ}!mT9G;udE%f;7Jd@wmnnjgs3>uE>X|cA}A?$Q~UhI;^mI!esK0l zhrRac$v0xPQ95589#@{&wn|1=cXT$Vy`Ghw-v#7?B_aG+F0CmQ_Jyz69$S(isBOeP zWKydN$n~*9&rE+->bbm8D)&nc4vA)3Lp!sSKcgW9QTU6F60+`=$r*3?KHq_|ghJOW z^lcUSrd+sRP(NKVVr=t*yI^pnYSUAdcV9u7)?~m@#i4?#(w~rq80HYtV}?-JOwxEU z+LZpxw2rhDdOio?j!oaoT&XyzUpK9nj6Cv@eGdh zdDK1oPh{V}5xx=Qou@15en#a>Cuy0_%Q9WcszPB@t0I z(Kt~@8gD{BiRZ>*qKrYMDcyo{Lyh4h3L1^sZ<~kZ6kdeK)DJTwK{;>;C%yeTob$2E zznKOG?E|BNKp#6*)z{(uN4bP5&pPBCAemqO>U&07Hw;d`3~CQYuvz}p!bYqWHmkcl zG`n(&RGl)TSyll?DA7&^)!Kb!Z=*Ytf0pE)Bn7gz)-x%&&KXbAqT!fhT~fxE)!A5^ zKi_W@MPe4r_@sI}mvw5#myDwc@hL771%_FM(B6-c%isz#zQ^oQIl&$YmWRZq6#=_u z3?KbOkDBj3`&gI5v-IpvX2MQYmBuQ8e5@VBSDJhv@941A1En@?Ts}dYDw@c2>U8vc zOlTtqYknMVVuQkt^SQ$+UxP&cy*|85otcuXaFkFxYNpYLWO>XH9T9m3NgTL^d__Xp z_fpl{%mld-UkJu(U<=G?n|%wdXuhE!Lfc@bAU0D|-;pw{0Zm`^f1rJIL}vH-pBYMuucoWlt>n zA;6vfoFy$}6Ai5+r?W>GkKP!J9#`^Xn))d5+ws%45gHG3UjqzVXEzwHAKY{lwE2>T zjOp{A;feKEaVhM7r5tNON5g!97>U+=5aH9?zot825~1BN{f+DqB(?Sqk0F>HXsa)2 zK%5zCmPL@Mo32X)fhxCH-RQB&$IzqTjnt4WvJh+!`!v2NGe)(ZNJKBgSgk1r8u2|7 zukjN62J8Uj9y=`S3g2OymxLdFeKl}Ue<+X2>@6Al$$RrK_l0ESE(g`XXR(PP^Kxjj zhQsJwWjAnf$@R#oXALsi3{|zm?OOpI}ighN2D? z;L0}CWPeDs1o6T1g5BdSk8;mgbNfk*G+Uk|Nt7HywVQF=1tYE5ktkJjn0KNSW-=DB zR0QSPqoP5FL8v{!-Bw9BTxTWnhBK(&m1HF$Fp1Oq^r-o>4Lpso=e*VzlAseZCDO%L zHhFA<>P#UvBT6CzVdhSJ$Btm*9B=>(tf+US>kC>hZ>tEgfrQVRcNxrn!QifMdGDp9CM&qt z2TbYL^{m)^yDYNkX`+QL+bMpq9U7X3z*I6fT>a?$sM`f|JRQ2{# zq^h{;A+K?n{)&xUSVz!d*iIE^m^Tb}%?O z{cy`la7(u-1}|k|U2w~zA@TdMLel61n3`o>&auWOW!O@2or9`?{FKbNNejqtD)CZ8 z9-JPwrV-G=jg^E}`^3s22qRQ;nq{bzdoe|k`G|X%VXp)EWcj^RvFqazC(S8K^s#Cm zrOzqYtU^48tn7$=^N4uGh&0WHpWVCl*HSoos=$7%@Tl`M<~IrM=}gcZR;%kHNopW^ zbubCT?nft#3l&x4nBc2jbmSPJ3BN#7+22jduX6>qUb%P`T>NFes1?%5Ex%-g9+KeqeFP>@tKP14FLn~NxY2S2MH!O82cgpfSqoFH&K z4I$-<*5%$0Apo^mFP+nAuZ)lx0ql!zJnsWbn065v z%#wee(7d%kY24kycpIt}#9o;SGYmUOl$m^Bfdf$#6y7VAIA~Y}lg!R{-x@5}LttQnmFqGRo5k~9x{UNM$fsesz3~!&Z<7X%>y{BOU`7lAsB7yO4 znH4=`7d;te-20Vs*<1>lSK$evXSt8_7QJo9hY#r3W6BXC(LXCdQ$!aQa^}qypoj1& z1jqbK4MMy!c#T;aL62e+pB#M_R?4gGoOvwVqv2fh{eQaw-Dy ziJ3Di+*3U?L+!|%4+m{w&XUFaYzFV)RFFN2Y8KI)qi9N`D4=RN+dIVY9|SkN5-{08 z{gy)b>&yHLq2lioRrL3N8VPwvcQd%6Q6w@s;*w8yA{qE-!=z->k42ajKwH?d|6SN;i`~c=N#e-1B5vi&M$uSRaMbq6vfd}7L#lEk=801c? zXEc9$?4WPSbgZ614b>TLuwC|EZ^Pnycx4c23zKh2KUvGm$x7Innu?O6(ZZT&~+mJ64bcVl*Ma`t(HinC3{5gsQm8OchR0ChQW`WaZto4Db$IPSH z44%!r6DD*kD0QnPfTUq9g#hc-B1ctnUyr37sopa(s-%wb?MXL;WOkAP83^>BE0gLD z7Kuw)xK6!_z1%rkFWUR{+O})E?0hl&20Z;7oGP25ww5gBMre4@@-XVx&Rr#e{~z@u>cxP zF5hqm&byQ)`J*p%(Q|Ws%VWQwM)-I0a};-FeuH}X!?ykVDCbJ~0u59IeH=frX$djq^UcexEr0^F*PVW9&c=06REz!iG`&uw5@;6}VJ zDWAJWx#2btI{@r90LTM-1myN*Lm>;GfBWB}4ct6^#~!5zP!E3^3K?#__hyv|3;p?W z0H+TSpK-a>?i%H~+kn^Jk>!9O{2#Y38wyzf9{sD^K-=gJw;3)NM*545L(9PMPnuoI zS>5&<=-9uapy)3NoV(0#IQ*AAa!Dlt4RWc(c7v#7`O{{7#sXasapx@1Wvvb)fW`!{ zK$kIPyx=j<{|4YLFdYPFJ-!UUU+5r4mK$`C#!IYbH0S$neAyQl zvchcF(ZjZu$Q47+W>R79_0Mtani9;i$qVYs{er5TQ z{dQ!iiGy|Z#upWvy`CY0O%w|UQ0ANy4*0RlvDs9K#@ zhpF8Ms#b$I#%FL0u5WXUiYQ)Aw&KUa6FnnvV#%X6e**9KeA+;~kaebhfH6!pC830{ zYM3tCJASIDRA0iN^&!Y77}GpxTea#eE#veBHaZ#fx2;rMsS}H_4(~R~Q3X_5v0xsn zNHJKGbQnXcrUqK|q!`OBGR}-_Pld)|_|m*2kN$>5um99WQl97eMH`^)kqefEk&C+i^ErIjQ&N%{$VGa7KC2c1ceSL=F$0V*@-ko~Yu!xtf?y@G zMixYGM2t3Ys}KZ;6!^s0%3#~?E4n>+rp@B0mEOLQIm=MVQ&i?C)|vdCXgv@^Gi$@b z*nutXo@KJSzQ(?N4AfehX*m>Rr@?Ms-Udx!^qSu3?4l89lbB4X?@YzlE<2uy=FZGTAv=_7>!`o54!fdNHt z&}JXPnNlCy60FTbj5C;P<4|dbyCs$Ie*XZ*LRb5Q!ly1Q)C{h+eo3ms`Wv&-JN3Q5W{sojoc=({)4M+PE!Q0@Ds^?q@B~)B z$`ovUub{rzr9Juj(8 z1shEM)L#y%;q!}!TF4VRzq!Km-#Mq#8&_~5SOpZ!}WmRirq&mIP5kozNNmzfza zia%RPRe3kVw$|R9!9j2!=a|SC?IgkHft>EI`yZL}>2q@IW~PXPmmLjZg` zB6bkP_0siNF~{|$2R7GGsklaAL=g1@r+Ae#C zONyxZS)xtKA?AbGko9G6@Xp?^asDztmLBia^BDE|)%bM{mDl?|;{}uAwpCBWwitO4 zNgR$&y6nxD#Z~Iua*Eg%hSIdvEUfW@3-v<|%l*VQLa$u7Po&6W#6J@bNj9m$M99Na znLGVc$t@_W9nd=jBewckQC`o)HF8_cGh^Zsd?U{A-1xSMRFaTN_sft%>D8{O#K1_$ zmV-TmH{U0xEs-Ub2z_1mtRTYDW%kZ3BNDQ5@$jfDr&P_<)o(0vq&{-EPwzoJb&}dI z5f{<-e3%SxKZVN-{gZ)t1=N_-oEGfYZ&5xS4t^r z`|R%_@S>hpkS)5rKcSI096o#S>>ihle3S8WtlOnP;BZxMk*q?upy;W#f-Tis5iPkj z0tS!=O$d2hBOrMcw!E-gdQieEyzgHKS#v16`$DWzxw%YGxnboIJarvSwLNm1g82Bm zHgXOs1kPzjjI>tIYT{w?8pzf##EM=tba$fscbsywpLiP$hu{`g`P(lHurv2s31T_T zd}=>o*M|u3Mn{_=c}6&@dG_F-gYN4E^OiiYpu)suWGw?*+q33Er=6-`VD)+I!+}N2 zIS^=i%1RCLkZa+HMtni{$!ic$<+;rXhcQbpJC);SrEB#}#$3~sT;_0%sA~Ah+{sVy zXB6d1yk!~_sE(b`#AtiMGZxzgv4i_mS=W@uxAN+rvoaazqdnB|BzY(Kxc|gYq#n#& zh}$1^dj1m$+8ftxj`Y4g%Dx8I;AYWx%p?Ne+l)_tSUh5{CnMH3uWAtj&0Ci?j&&0a zS&`&Q%HF0DbCu?zQ;}szi=uL54He4lTUykwU>RLu@dTgmdn+2Y#sOw+1oM=GFnNe8 z1ayAUuj~`!C*kB2+_xBV;4{=`}oil;#ATsHW{m zQ6FoqdgrC>Y$TRKHNKZ5m2(ESxq@#Stq5f6*%l#N_aVVrGepDayQ`V%;a8jWG1s^p zveuNgZC9|q8m6KE8+pz7CbX4*ZE}(!t$V)+eVOgmdc+v?Oy5y*gHK4kg<3`l2 zkR5)$aA`8Bgf@&*z>>u?#~iA>)HPa&`wN6dvTTSPW&#mOW0l8xq$lRW@mXD2hG4JS zM4|a~V@=)K1|6Y!zr+$Pk_W6{mWcfTe76PbD98iDP)d7z9lQLXXZ`A0a+E6F<+~kS zy~#&`HEHyY;97XMjDDZY$GIO| z*m^(M?9>(Kqv>3U*#hW5FOo1u!YP!V@H-{Ln6{_rmD)xA%+Jw4Ff>inf9HZsF0ml&d_?F*lFw{XJ`9b8zw!k4NF<+1Inry{q5XZRu*5 zqKt^ZfA!aWNDzU;H65w>y||zR3JEe4iWzt}Q9=&{SpG&_u-qUL0OC5AzZL&#cfBNt z1z5S}uXfi?kBYW`|>y(EYQSd-?jcGpXSSb(Kw{%Uuj=89msLaYC@ znfx)oj$!~1wZf-<~l`kQLu2xqJL4{pAFxlr z8Fz)7f#hobg!fj){gIftLzzS3ja!n=K@9pzxWnx29}<=<@goy1;Eqm!`yHj z2tEVTB>xmn+z$C=vn2~q-OXS82BM$t*l8F2LiksAtpQ0n{TcFRz;Dt`KmotnF#nVl z{Tbzk+dvxz*zH?}K=Hmf49-Gz$8NqIZlJAnhuarAOMeQnF0{t3$LWUKx0+Ug+`eQ| z?;7R0+rWLQz;5446Ck%Q3zS%Z`u+Ya>MgggwX)vk0xz1j@aeAV?g0Nox?r3x72$5B zIY2rL=wt*I{JzWlhQmPI(s>0M%jMLsw5HAostXeGyaw*i6mEr(QdsFIf2hFbYuS|5L?A$IS8{`zg=dr)Hu7Zl|PUJTHI)Zl}Chpv(3C z=Oql(tSmSCe;LmHMVdxJ+u@~+H4Sj3-0db!7J$J1`Kadv8(@>2k!OHQ0nd50%R1Dv z2f)@k{};d#pFaQ=6qsNGZf*T5!A5soc>Tr8ktU>*9L;=1kXdq{$~fm)FiXV8ojw?_ zA&F4i9{Q*Sx@jiwLO(z6Dy`wJ;5cgH*lY%t%f9!>;@uv@2?O~Ha4K$A3Hf!yPr8c@V;+SWpiJP6(P7jZ)2f-a3P(Pi4o+9%5j*jW$JbWk~%djby}+WM{F2MK}PL3Z;{mD z{b!=#)dh;S5??CG-gj4-!5c;H|7Mu}#ma18K1E6*v6-#EnO*o&V?XB^5$ZBqBpsbO zB%3*rQRm|}1A5-qwDGl^u#n_|Iv_nyyrM$Pi{s3V)+5ZrS2H1#37Je+<_X3Vk>plX zczE!XnE zfszO97ZP!t;u`{q$ycsmyb<&5s6W1*kV9~CTbLNfZ5{t6GNxu3)-*q2GxuQ5W`dLx ztt$H3meiN?PVa#XM`@c|m|1UdMV0TAKZ^l~EVeZVPhx3^S2H*gQ=5zfvEWWa8M-*H zCV^vIq^~$GTMDDsPtppK#PoeVUmbsD6W=6HN-gW$vc`LlN3hc+4G2;nmO@( zFRBlQyQj9lh?OVTNDi!rxm?XMn9UFJU4mc6+0=eoC7o;z1MTamy$>d9JJ0cMcQL!p zVKU1SyFUGR-GSF<8)5=Y&C_d^y~camL4ngs)UVh*;qfU-f4Cv|%io)lv-z-`eM&Un z;-Z8~STjJ%Q%$_#Oy7O6TI8A-#uPw_tAq%sPC|C6+!*LIq)sX>SwbCrXkN%O(iGl^ z^L5j2_q#pzNT1jvuh(s9%UauyvZ2Of9mZq$JW7;kGMPUH!B%Xfj2eKZSSd2sAqL^^ za6C+|&sboF0FTw#rN9N<`!sp~_uD?JG9BO6yy$$!I=*^j-Aoq9lxUvdA4`ZfTIDiGsJ7AYX@2qSL> zCGX}yLK-vBOF$5x7U^fhy8|L*8NY}sPV=1F8S*GItO6erONCw!ou> z8X8R=+wlna9VP9)m0~ltmW#5o{-{vQKanqlrAPFeX~qc&^1)|C7aGE$)C#tyR(Wg` zA9-Bx@%baR?{9XKStRVWiG_I|O`Nts_MW3;%{Jo+eOk*sgpjp@q!RlWUNE*y} z`3D1Ex0UQ|MOVt%Z94l%;A5XDP6i@ISNv)wL+e@VhZvU%RKwD_Z!AH?uVvpJKI34C zfWVOFEZ^}ph-6`c1(Q>Zq2<|;BxgbKI?;S&N@L$JU2=iEMrThH8TFR;LKlnFyR-sy z9P;q#m4J_h=ynQ4-Bv#_58tN+jO_4A1oH;IGJ=1H&(P>^&{a~P4xtL2Bij(*j{9xB z%#L3wAX)?5bSMsdT%bLV|79WrlSEZ225wQXgK0^RShR!P8Z}2z8+v0EyzD|mQ~-nM z%(?5kT371C@>S|+vhby)%mq8I%`(+U& z6H3J2A%SkL0!rR#VUjv%(=Opy3 zUv4`G*6Xh}=H>-F9)>W;R~iJ3BV6^QrF&{6%Hd76hwT&ea{bAc2H_exU25Q%me|Z- z+g`_W2}lm^lPpb!cPE-l{mSgek`yw1Y*}FR93rgZ}r4f^*R)77)0>xl*bgfX5r;}rIGG*;KvQk4PhxdKoCrUTg z;t73?#ZA=NM@4J!3iLbDl&4dn=M3~e_@e5+dE5QqmwIq0%WO_~HA$c!#+B?)M)L4`-iQbIuuN ztyz2Tg2NwpQZNCT%(lXJ6lPIkb6V3jO@A1zH9PM`q9G*OWlW{^qM>uP`RnH=p_w=Q zI&zTt>bq~duRdb2M8Kjw!Yoec@cLavH8CcqU2!4JFS-}jcg%)GQeWFwH1m@weOGkf zlcPLm2CWgSO)xVty34)0p`OI~RX9+RHL8g*ZR+4N%v&V+h(AaWnqbKAih z*^>uSM8HB6^XIfK^c!)1N z4|^#d=o}|AX1n+_ebv*ES<6HozwsV#ld_QceprY{tW8zA9s1%ffuD9r)hjeFej7%w z$rrN0c1m7Ex!>H;)oTBoa<#Y7$kKNO+z7l_{pC&`DMiksvdRA9uqo~&H+S!?ka`<+ z;=v+532VSyCJ1ISqL~}imSb~kc|0YVjZuki0}VmF~LYkj?Z2;YNmn-kN5|YNvOFKdT2xI%QxY)MR>^$Zm(mi z9p^oa`e&A?v|A=|ot@27Dk4|s)!b>0c%5mp?eU^aK5?YkkJ_5MQAP47^){A6;UirC zD&%V1T{nH(?ora42_5=uK4c^YD%PFZ7jm?3rV5a1wb9EsGial&rG!UG$roPV)jWLz z(uz6J*W7OvyzCc4YFvrwSRXN{IM|yZRzH5av$bu;0^4 zNr39t|H9;el|g{W0rVF6{al(Bp6A}`_wkn&4#L&z?86EU*^3e*4H zMCWk>q^VOo45YZuWuwo*1;|bytpc3fdSbVONYVd01Tb3`90IJ6{JEAB@7YNxh|2aK zLj4&DIko?239QV_phUWpTWNUT(A3!Eq-Gc^<4Jk3zhVMFqPSR1j0>1H3ygYRp8!S# z$`k)Pk&g?sYL`4B!NSkw#|4s@%LU4x{$INWBz*v%XJ>VAhzSy^iAq(&3=NsT6Ds)pn@Qvx5Dp!C&BexW~yBQo*ir}h%*NV^M9LK}ss zx4-nnd?n|HgM`e3hrh^*-d5$TI~q#7qzD`Nbcw+Vsr0kxuE+SJnfx}@}#vH8}TR+HVqv1jj} zd-pBCJ+ge%P}SoxBUG}_MKOAOgu+rXMlL!Dw|6(dEQ94S7FXd~-1~32b^6k|<9H;= z2&%M#1T;;QxX5i~(*9*koO1a{%~eqMZdkVo;+YGZ#m7ge^!PMyC*Y_3j|Np~D10wMIJ>E-G8ri;>BXZ&zxaLSgk8s?Q^wrWk5o`=$x?>*-;pI8NWUsak zG(L}X%za>dSIz!5oDaqtA&hAD1LQsXVDzJ+AFY;^GLmICO`n?$=5N|h6n5h|KCW5b zxW=U%=A1A_^K+;qH7E?{NT!CWY1lLk zQx+?fjX?$0E$RK&k_5!gh)$?m4Q%}R{JNF^m^$)+NsC+vW7%& zY>bXDm5KWhpLvcv|M3{k{t0h?=no`w5$H4tH(>*L!`l%os=*c*d%76U4sSDwE*4#b z62~yO`(PTc?|_zO)s{LcZeU4SaE)``qS=!3HT#B7rCIx^ePdDkYt&A%IePw+rt(PS6dhF-i5-s>CYraj zZXT8O^g2c_s(eE=`0+CMC@$5S%Xr!yo~vwU_h-)T6qkqdHDjL%qREM%B@K6mCngN5 z2HnXh9*DVln#vEGd&DPyXO>eu-pzcEES;63QE)uxj!~6d|E%z((-&WSP zp2_2N{@G{c*s!7VZpxJc?YEEQ&MisCoUPcIeQjTgq-pud@_?=8fekCN(!&C)=PmrDF*ql1DCtqFYj} zk-zELaBnZhT5Qp02spqCZt$7r*9gX0TBEk(X}1jVrrv#WUzjI?Wa0L`3QcLZeyz%{ zxDGLB}Kv;~tl3z7Tll@b}Dy29E8OiJ<4dfSB|-^h%OZt%ivbbI~_UAn+4 zpnRX5^rqCJhA6>}1I5}vVz(aMg6pl#gLol07@uK0)QxChuXA^cFW@g{d42eW3uh3HqVa-1=W*(bPCH>kz$G`~-$G$D5~>wmIVv91yR3ZAIh zn!shv(hKfdVJ6S50C599*+qd{&?$Y)ecVO*>w3g&41#Z?WA6m=EpsJ7k93gciUTVmw`@{<`#<6+RN zOR6h&Zow#55h?ukcab!Ft{yc|dXsno>TSQmTRwu&^!vLeCD${DehkGmz`W}ICb{Cz zbTil)6L+~W9NqF^Y57o=O(IWY4|Xt(hG=-vHt71;ABP)KXup3*w6aDmV|?keHq;%C}n>) zS(d=WkY!q>bu50L&+}B16&66}+jbaLNtqD6D|J%Q#~81QJAWnVRxljb7ZuK2(#Q8_ zNgeN}yGs!2dCkJ#^!g@8CA}m;!V}@j$r9!n`7!Ap>lUgHhZN6vDV|C)Q)PMwCEYJ^ z*}y|RbIl=&QjwPwvB{E?&S;a?nC^yxRZZPy_GIMtAH^E6!X9YoQFOd4Bc4OO4UO*d zd2zU_zK{MI`MT(+de#@aJd-Dm+_xvECpY(>_r$8l;>l<{LsK8~_qLH3s$a}XV~+?D zf|6KXeunuIo_KxDI21n^HJma<|r>ZM(BXiM>eamp>uKV>EI$lDCvn9Fu9;s}gcXgukCs_*+1H&g&F@2$;8 z7^g(?4pXO&=dk-_U&n|d1bzE|Zktx@kgw;VX7--PDqlXYguguDyrkd9*sF-hVV zT`J_)SgL(Fz{{btq_K5Of({={Wekn{=%wC4mDyzG19xI<%MgAl3o9w%stDY}4;+@FrF6h=F5)_}->a%MK)umGx_SJg z{m_eRLS@v6EI5@g>+q+`!-rWlmUan+B{oh~WBLdpfuv6AZqQEGzZYB4uLe6OCaoH9 zyNBac;u+`)wv#^<(kEPlA0emQ5s}&7z|OQTCbk*7{VGvNU{b zuUD#xDY^ptaM~$Km<&E(v)lzH;0- z9S2y{M7 z0)IdT(~(o^aDk5S0LjAzwT2r~to3i#KR`b{hzxdtj$B!jctZd?hX1kNe_?!_b&&Wn*|_g zonP%!HTJ@yowEaRgQmT>%OP4F;C=yML&R8aKutQBUmc40SD0Zrl%CR-FhV1ea=R^Q@2P z)}3}C7{&Yi;TO6t3impcb2zO2E%TKRy6>uW(dl$j78m(=h){p@cgk*ye$1@Ot^D{y z$@n4eZsLhbGeT(RUR!yh(uDGtMKj9=>UrVOc66!yUR@z9uB>!-+AToY|FzZiRwwek zPA_$;7@KU!{M>QRm=H>WXDo(x3(drBEU}3NLIv5VvNnO zyyM?UV7W=1MX{w~P@+<+yxKSri;*dwtCYzOtCY|xWmIWH6H_=7snj&96a^>T(P)T( z@7XoV+^VUIqM(S4kz1)LGMh=eix{ZLCePjQ0U!2mP-;%JzI_*QN>H3(jXJE4DSlSr z+?(J)$t(@mP8q}iGZey3_7w%Q4%SgKer{abJOknv7@3CfiktFOVZtr&-yaoOF-HjG z5za?_l0Q0fWxeaV$eL0jqmP}`dWXgtW8=Qy5G+soTU~ilAGs#wWN*3BxhSIh5BfBo zkVMLf;_neJM4hC{g)#R#R?-Q3Vo2W*2o)C{rT9pK^Pua8i_)#pFllU`*RwCzWmTk{ z^rRhp#XeFk3U+LcDEaLq9g+MBO{+suQ@5?llCjq~p9l@Sai#Ih{jD>*g!Ycf;N6$Xi^YNNq87zGcWzF7vA- z93k_F%%l;@p>&j(dv~w|efU(2 zT}SfL-T79(=DXN>53;v;>{R=MS;WT3(pup0ux;i(V0=KF6EAwryGN?{fCd&h``)2S z9+rWR%g#hY-k^I>9_B~(V)4q~YL8Mkeee`2oWu>K5a?F(1V&%(zRl*%n|HjIazqQG zsa>3E7subVWSESt#pOv~QgRQa7YRE1byBC+?4t7<_bl|c>H{M9RV&;6_a6=-#L*0r zG90e|pcz1U65o+YOA|Z;^N=H=?B?j#O`O#`l>GG`f}y|Vr(PQkI`NU=U>v^kn2d`= zQt^DC2|Yj6PyGtF(N6nX^gO022IF|KrmL4z2-CyRGQZ-;Np3E$9(5udRp(Fi+7Z66 z36A8dRdQhx3f**@*KN6y_r*E*XP@97w55K&%}8Xny!9Q&SDC=|&CSgR5lv}LN&3Mw ze4%$AT4t?knx>5*%6E#6Fl#1F+M!|76j+T2-FXz05Z5FTQa0=eOC+8vz>~tBs$KEO zPG^!|cEkp;oc{qQo$v3TD?7ZtahQ#4Y`8imzi!xR7v|WN-xFGF&^7AU z6CYM1jK9q%TwxmvJMCL!^Xf74bJEJbV;X)7X=?Xo-J`FqYa{U9AA)YVDz(~j=_WUp z2`4Xz!-O9>lyR#we}Zlh-i4V~ETUE*3PKIEr$rUK-MREruechC-)h5kf2+qpH=^|8 z3n7d)o2d!QpW34*9Ts&DQfL!#cfS8H=*4;%sSe-r(zH=e-ceb!Lou_DyvSylQy=F< z>()~*tnU5dj_pIYxQLiR*iZ6=%MRWj$K<$3%`t(bySH5_FYXuFaIWKeRQ`yG zvtMXXvXyein+-aI|-_>fyjK~XRvM(DkIcEC=59)GpEt!K`7p)z}}@t&=tEI#X@ zvtt59cW=iFN5heKqdy$QsbQuzxT{3bMzJOC9L7-aHx`EQlDu+nJUw8wqw27_CjFr{+!Cg6*v`_&Y?8>2AM7CAXNIB6^c9uh7jQX*;%@n$ner zTHrMvbQ|B(&L}!{9}7m+o`Z0&{3+9Lb9O|ZrtbUu-MYfX_x&3!8bwROwZn}S&4P4< z`>3cndxT!Ne?iOqMp>(C%K^8v#tyeiDej399uq-gHXBo#=(~Q)L8OmSjH$L@1eLE$ z$neP6%!{LF>h>;cRiVDQ)_}r9Y#Tw`@OJqxR-Z4*qhUq4 zJjOWo-WA4uoZ665S6nOb z_o$0P=qkTIPkG&~ajMmcc;{t>9HkoKdzF{Fv$(sR{g1M(-)`qAu}7_0s=18WDzeb( zOQ5FJ!Xw9vJxvtR7Qw+X`J5#dVK0yBF&QQ=`Nm*lt1ViBT85nuT5rT==m&vOaNiDz zM23z`oV(E{mVw{R&}IBoN6(74ac2aI3J;xVxJC-NWXqVC*4!z3D>$0(Q`G;|+=$FOaI&5bAL1GjntWHlRpw+~Tsdm-PUrXD zg3G3>gLB!~?7Z?%9tN^^ubBqWiFq|~lI%P!veChui^Be&N zCVie~f~TFf0EJ}!hB=4)as~{roU&1J@`5 z-th}e5R|6^ypwHFWEeFiqfYSqDL!>=!fY0j+*Z?8vGT2~}cxuZ5 z@zbj}Ixr{o{BlEtz00DUgALG%fUrU5?q6U-bUkiBYTOmDPdW0bTkPyMhoqhTtHvAl5z@r{yX5u;V51lgpe{|5lfXyzSP zU`q?|0zfDD#Ep111Tf(g9OAs2iS<8+0!Tjq-w`X@NxQ=d#F7R3`r)iC)})6H-s)6p)qlkFN!ipm*{ENNfJ{8}O6y zL{2$1!GP_6KwSlxih6~v!ohOR`!aFbpNzi#b869hw>48?7HJLl05TXJj+Mixx}?aJ4(Fx1 zH*-HnqGTo-MKfx=3dYOUwGT=6?u~miEUs?ViG}}+WnR$nL~E7K&%afv@Zt7~^__x; zxY3(tmiZy7c{4vEk@5%2(gNcOCUEbVYj6#ObL8TG$Z(5`V;PTri}Xe=srNjRjjr`^dW5?72V8?^a6$j_+uEH?g^XPSLZCN)ZZY-Emc8F9c* z@ik$4EPP20@Ahy>90MOB0V3rn5@ue3`i#CU;WVlwxWJNEBxqEToyx)uoy!cK$h#r$ zoSg>ZdukS5-O@tnvcuiT;!0ye*-{`}lFB9cdUYTJn2qP|e zncRHhjXF1T(@}^UP50?|8pRYrV~e*#FyaOt!sGf5C4}!mL&Yu0oQOiDcZ7~%@4fBm zUCrAWMDuV*75Qp=164L@>!u*CEjKQ{9^OiHKSMVS)r_Fw9u~i=qSAhI#&1vSo<$3K zl;K3UPAFLn8^-r=$8E^vIck`S%(-{4?SCu<#q~8RL!skqy6hezb&B1(YesJYYf4u@ z$nEIJ67PsJJ@X>ZowkQfF zO8pCAcPdn|aypJ)LZ#~(_z!!@P1QM*#&42nA9lwer6@t$Thc`>2CD8J%FHX)uFNnB zG7XNWGS4`S%1aJUv0`@3Z*?#w)Ii~J%cD;Gz#4}MBTRj#%9MMXVHNl3%u+4qp|A1# z8)&vE^DX*TOp;8dt<@sVqvf0Ki4r&B{o0ptS#QsabZR3n9LqmCUcoKg33Vy3i?5qZ z`4BfU;W1}BJ7v4{R`!wR1iCi;UKu&lclyFHhDx5E6YawAk#TMJ%F{2gxAjm()>uum-?3b;Knf4A0e_*rBI zHX=#Rt@+5J~FpD#cyKdglIh3)w zI~G%ycAGnoN^C+N#?Jx4fZ9X7;?7GO#vi5+Nio~#bPWlyX@f|%=U0n$_FV|qf@YYl z;uVP5p4dx2sLTj!@L!)5$&};3xcLwl9bNs+x=g*bmjkENMi2X`#J$m9Q<~;c&VSdZ>t2V(4Vd1=uqUL&HvruxA zw(l`b2|x9BsUnMABqsA8xZX;GHN*4eCdsq;#9pdF-D;-@{ytrB^_a>(%mL$4j3*XmU%%gICn3j ziRo@X>Y|-)XS7*JxAeVfrLvp4l~u(f$j^1hog7HMx<&EYaVEG-OBV&k>xDYNHa^X7 zlJD6v508IaX)&_*QhSi(E`UeJAN3w7yR6{VOobYYbCY=k`|DyIlR!klQ-L9}JJ&v0xV?#Hg!`ThBw;mYH5F5Tr8YcRp%AY&=RCHi zsiT(Sfg_&g-f|mt2q}RZ*En;bZ*lqm);Kpwxye#bkGJx z4MSi$$c9m56!krYj@&*v+l2q?^-+a96?7*|fsTO8`(cf4&ZOT8w-#pUJk~0UmcC5% zV`9z@r^f3Oa}SxOOR2#(rwfjVwW{@ryf-9&&J|%TZf2D6VsAm5KZ&Tv9ZP~c?WmmC zAmSEsz}q1X-Z#r%MX_w@Y?vD|FmceaQpCOrjA@j<(g|n0kDXbw0XnT4G z+Xkm4K=sv-#vq$zlhsgIlyd5t!6z}i}el#vM9b;nIrp-Yv7)PT{ zXIfaUT<^C>ZQ|%+(b77WN4e%lxS}udd2D6%U~zNhBlP-72D{T{kmlVGDz686E#}3h zLT;{doI*Os&uVHWwWlpQ7A(rDTn~45*V=P?_Is?HwkDPkyBi}v_==nVV6KuR+`CO? z#@|%;>X)1+G}NBaOwHwj&wp)M&v8x=0dW$@yYW>*3ddPT4flU-S?=y%ON2V}C0Yfs7Ck$>iUb96;YsGnr0X*k3mMEMQ=r z4-j()_*rOU?^0d-akh z1w>Hz>oobt8}oO`&grVawAS-N+o|E?k|^gE{_@iTXcu|$IdQ6_gAkqD*%uDW)hVvr z5V7P`NC(@ifT#4rQ{t)&S4e%Q%c7ix{VxfwfCSEquuo-lKz{4rrMUq6>ikyj(}t3# zX`Y}y29R3`_WoVKeI~#4R9}QBgqICJ2N)ppf(|&?^mFo%IMpcsLkz$X0X?R;|IsLc zqfei5=dJ)C>4LW_@bM1T7XL#O!2bxqgMfwmlDbPLO5fj1$^YNO0A!v0^9cJR`JKvn z;F9Qnl)h6>75G8>=QkjQ_RkL>xg03@0lU3kA^EYhbDpzOSrKvFbQ@9a<9wa;u#e4P zV;DA?>|wM&2N78VY9U%I#{JS56&!r$7{r@vBmTRLvN~-E(92|KKkdufbG~LPy$#C! zhBi?(vBahM$4XUR{@c5nHJZ6IFdU^{I$|Vu$N%JIb#Z>j|8Tl=F1LV@v5x%CZ@yHY zn=PIuFmp3g9d*6!3v+rWsX?3TgB@lyrGD)P!|ob&MbpD|6TjOJRL!T3j#F%k-N{1s zQGWWf)F`*Ay|p*pJ+j+0vlXXN{=h;Z$RfU#-p?v{&6-T;MiS1tgm2r(5-uYFPFm5h zq0JAHkgZGtU;dn&1;zetg!)-Z`6QC~FSPs;vm04^?1gg@n3)Ni>>=MUZ3swxp~qXz z?xrPt>ORIRc29J&lYiEBUybpp+DC$Fe!iQ^RG-Qn5?&9;9MEQT>ZC^a{_xus8%QWc z{(jqsMz=Wbm&*OAXZ_S%A7p&O1@4$&qUDA5A&gTXuqn}p@@oWT4oA_Tnn;pM^#A%U zHg-P?PO)h~bi#Oo;ieRMOM61Xb9QP5X$Hf=@C2p`nO^xvbIOk_o)Px987F;TmaC5y z_KiX;5ze7W?iUayxD|k2$bJ`Ax3WVE@p-fswD=DHI|TIh9#10Xz|7nj?_%ED^IvAo zOK05F7Adkakng6Y!*=}~k0ST4AH3F}0gdaof&mv9wpkL8rm^juGEH1=;N197FR zUX$tlL{P>*b=8K9m*_PgvW;ghCz93^)D=eW>zR`oD?^qKB7DlD1eJ^=J^$^r# zoS6y_+f%Q{(&Ako9=;{{x>J|k5b?G%Q#!+(8~xe(k8QZ^)FkfK9WJEA;iPd7Ow8209NVy19aKhMm>esu z3sGIAdQH3Fl7UbsOs9&?_4$4NUG1TsuYn%=?g9l`wq9BG8Y;mp*}vPxRdU6nZj7tX z$A}8fu9dPjME$<6k}>r)7(F5&*kRrQ$|RtLSJy&>VyKC*R8PB7XRKv;erll(pYvhk zu$-0V>YIj!paP zf!8Wc`laMzle&}*D+%*IsC;WruIM?oNhP^9?T~|#REiz0aNEh1cLh~2YUjI4*(fhu zzH3chf;}f4l+i|`mHs;{Hrff3fYJ|!P8xpD88ZD)ZxtRiVl*Ca6;isQ4Nuq`YTx&} zm-B4xlNfxw6x2t=C%->#v1lO{wIBsIc3S3I*f6!(EkY0J7}G9>BtHpe9fBUN)pN--d2R+m zjrIV3(Cr-uO5%R=-;7`zkIj+ zfln^I-V)n4OK;OJ-J;kpsWoJMgaosNtLhl{7+I|>k$JxcBxEAq(W4>on9=akt=g^S ztfGMzx0Z&Jd;h7*ema9q^H6XToyct05SeF9dA2mh^K0=`IR8PX2=|NumR6(TX5P2F zu#Ww_oZnd-OE7Yj%g?xnrEQS8H3=w?&3XKC#3#D#uXPwdrZhBfMDPFf1+QK+UGGDADU=_jMyJWNtHm3Vi+Pp9?PEUYduqd_^eh;BT z8?=$35{ptFR1)-IPxgf!!!c{>{~KRnNs{0(cm zAQvt=IxTRgovD&dokfI|*TqL{l|i|4hQwGxb0V1m-CgWH;*0nS$tZmi{sK57SuVcU z&aBoU+=tSW67GK9>dkaW@6|&-CO0;cv`;)JfzoT;s6(sMxqHkhyB@Ycvr6X=UK;VPV~zu(!S-0b7S*MI)K zBcn~hBh)`pW(jZpt+(;~^<;Q%{a!=f-pJ37xfQG$;;!raU9V(<4_iUs@b^v~Cx+)0 zU3{(z@F6^+vKOt`2|Okq02yT#2NU ze;3m>8jiZUVgzD7LyO$`SfZY)Td`p4N*47Uxlq`^ZA`pU!Pv{3X4d1XqK`6qV@hslE;=WEEXQw>RCq`Y7C~c2Rd7Vt zw2+zBMEDy5ff9wdn~lg;ME>w{+xPL5HYTm#Ar!o=>>3>6dAus`mm?+#q%~20W6(D77QQ`|hMl8d^gtk~}_) z6=4?foe-^HIl{<$IvfahUio|7D;G<4(EPaNzcRJ5lbE00($aE7I){xXQ$qF%QE$(@ zSi|G#@36euy5k>KPiktaPHb9RD?bl(V(P~e&aG`@?-PiZ)y$o=2-xv=KI zl+jDp9Nd-aA2%DQLE`^F{^yDy=kNk@h~9Qtm~+ShR2qmJ4EORiKXtQ#FrB-|i@?vb z?KA!+9!SO}co#9VfpY!Mg*>M=0h3ctHA+bO+GV59!3C&HAoT&<9sWcR#AY=bvOeS0$xFvh^;Da%PFZ(_R7_ zq=^96762QPtp`SQZU>&<)I3+Gr1C)eMnXQ|oZtpLN5KC^F5(6rlk=k5CBx4F28dDT zp9QDN93TjI8O|B+ctHOk{@k?_tqJt)=a0P%^4;j<2hh#?^Ba(=_U8xihn15bPMv3< zn&FB7(TNA7qd`{U3eky!i|wrFr1__}p8H4vUX^EqgRtF4EhngjnD-5&asX-lhj1)nY3_xCrye*G!8 zIWB)K1mnT={@3k^^NX|oy9WD4D-V1#^N#BE}9A~!MJzidu>o{1} zn}4Kax4SiF_d)cofkSA)!?pFPMV-ADdB-B2s}P<(K- zyt5psIMiLC%r59<^{4drU^?Op>xWGF#_P$@)uz90STuy*?ksHNG+(Hn^`2oD?0mR? z&m8qcQ0mr&?u#6fGreOhX^p?pb$z!hn)7jhYC9$^8KiM+qR|bidR8vM; zXdnjkBa)Cl&%6iC5d6mX`COF@PR8O-fwrFrV-ayDO@N?=-UM{sFrv1%*L?nCg|o!Z z|DJ@~T; zXq62p?sXdl&*>5q55h*h$eIu)w4{8xpCi;PHOILYYwCy>bMJ2jXs$T{1A!*{r ztT1`>&Tod(l7nGOLYt3gHiTOX2-&#z(0pD=!@EgGIY5y&?;bJ^iQI7rk0wD^Xux$q zp{0M@22GEa7SL6SD?at90a@xr!rKq&>OM%kA!&m9FX6jbg56tB6(; z_&(X^AL2rXh_n5Crk<97kdk&Prp$bJ_wM|J30M1(BE}V|=_kDZQFnved)~tZ&FU&fovA#J_q$Wpb;lD(%d+JI zU*|tmzF(b`8Ebr5TAk$Hua+Xs?nyq4t&{x5_}7=c2IDTDFsxQI(s#o&$lsCE!=Siz z)>%EJZgd`~&5HE$D$7uN9j>q9?~=0DYxE)9^Txq3~$LTFjh+@_H`mD1_36`J= zClXSZgB3~&3u$FxcD2LWI`@7Cv`(@-7GHNQ?30w2T`#&MGOf+6AAT~-a7Gwdudxy6 z+>pR+80LR1)_bhSH8IM_#mU?0;Jx^E>U|fRMeac6`qQqr#Jp>48fdjVPinbp;A{;Z zaaeZu41K@#?o()r)-Q`A;~e7IT1VJHp%)Lo5=?fb(jXCDOJxl}w=$Y?SYxWv{IRGK zEim`3XM8B614^Fyt6i0jUXWB(K~Y5A_y~(C<55iSw2QiNn>eXs=Ww~CEpA1U$RW19 zMG4n;woPCAHX(J2G|4lYewFrvaH$5b zpN*D-eB5na*5N5a>HP-=RC%UTuimXj-$|d0=gEaOpCySUT4$v&$i(akHh=wqYb6q ze`2R=u694Iz-*-d^t8f7uZn}TkN0(Y%R8GF*(aS8%%_=sQra8u)eOVg2D5$-u<;R- z@GV&~PIf3$wp%SSxiwJ5WH4|%SN`$CD)08%gUG&C4U3;aw-#p*K41~)vAmI&T2S0( z-QrZN?_hMmc1ro8i2JP1ZEdeEODHRA&HPAU%_G_+5P2Mdm!g$$8}ZiEbn^2k$L^0x zpHw+_$SU-usy$aq1Yc{q9jkS)x%74|HW6>U6q?zIW}P2lXsK^CXNg;B&~SC;qH1+5 z!NWa9t96FksC8s<4mEhdR+ErpfieFxqDi4Ta9le{wZ9W~{fL&XHH#kCUNVM(x~ql2 zx!{vvG*?7hi6DY8tY1J z?>5&4sk!Q@=;P$_n4Nt3M4=LzJ6M%BS8<-zJauAt@f3a@+FG)@szrp1IB1sXV3P`g zbU=dV5n=p*zd0q&b_BK31ZbU=)(Smm&1pY(3mh( zATBmx!8w-6I876YrF=6yx?n-d<2zwS?Msh)HqYA){FZTcW-5E-Jx~|FQSqxyZ%YvE z>G!UUrT7@-@!+r4vvA`ghD_901()*rm1+QQ;W zwYM&Q(p?ny-i7Y*+WfM|dbJ{Shl;evylIXgaoWx`lDqJ7Z*yN$9#@N`Sn{rK2Y>Ol zAC+Z8$|aYYa2z>ETzEMA%~uTjmaHV>2J=&`?KLIQp}R|~TU9+hJ402WnLEM36G9#4 zM(q7wHt5akT%hve0_yHgJ6k;`<;9;=fy;|m>3sez_K1neiYswqdK#G;IzbDMy%PN) zV%p{xQdPnHBN2CxpQI=4`;cF6+h3}A@qoUoLtZPd(stO+YDql6;v!d$JF6w}0BeX` zIqs~M!~-lFa@9EYvo<;&U^S2{$DOs&@qn^x{=9$E0=^hiyW9M3q%ee*WehyHHTy-%oD75SyI7a6=bNyrWsQFp z{f<*tGBA{LV-4qi|62T_XSA)h-@TsT^?=?P1qA_glP`hsj<4U64R)nEDVKd|R4>=! zZ)U))MhU_Y^|^;z-4gY*eo;gU7kF>^!%vLg>G@=_H51uqIlsd26M zHuNZ|>hySJqJQ5&?taiqeA6!uJ=w|iNVi0Lo@5cpAiv3w7gI#PW$~revl}W_SWBJs z(J!s6kKMw&N;7o&c50~W1c|OWK`-X2)fs+X|C|@`-U}Z~=^o8=7OwpJVWdwt+>t1Z z6~hRn9;Sz`9KMkq^;t!dy+KH#kk=N9)IfMA?2{juqC<%5!@&@aCQ zLs33xf2kHP$R8X?cw+rA-4pH|RyH)+4R_sEgqI$NGqOf(t9G~zmOQ*puJEi%F{s5~ z@}0aYw3yXKb=VP~el<6aFyu|a8G|{5%fqI2Q6F&G3B$VqlN~yujTa2dlC#2vZyQvE zQg7v(8}KnfwU6Y+lH6n#AzXD6r&|zFXS4kg>J)Mle01p@Tq0X<2@6riw`Bs$6majQ zzBW+CAx;{Hh%wA*GLzOlMze`;#hNE#?QsP<@w^J``533( zZSSrQd~7Y&i-A4l%#&rS>uqJzC66-;;p*EKn+sFn6gWb3yT@n46I5n z4`!)FlEFHY7#ivx8kJzkv9 z>U63t=oOJF)T!C)*)Z{{3KgwDzEEtw(L z@TKiQk_*+f0ZLgB*OVotBv(e75k*!|Y zo~9_ZB^nx^zB4|X`odHC4h7X=JueETf1;n-cuID2VD7%L-fg|ol6wi=^n=azHTNHe zD$g)I$4R-Rc3)8{JB&IVmBFaP z!tI<|*>(*$CL!UkzhWo)&GREu)lkA&q32&J{+yP5R27>#xG=}@?&i?gfas8HoTdIK zdMSOYzLdwWHyZDyiXIT$nMVJ?9XkdySb^-FZ#G9%K7Mzh?f~(*^R;oZg%3}Dn0Tv11`kC?XM7cK z5J4TeetVv?a=ly*_tRtT`~0IxjPgRgc_T0aVrXg{L7}PeJ?`)F1KLvS4@Zj4Cl;kE z9*De8sNTwY}YwyHhOh_=7 z28que1U9#ZR_cjJ-wu?Oj!B$Dx=P*R348Hu8v&GP{R2snYL0y=j2) zju%djHQ1*IOGlW@ab#;aK-XAcO||%UhC!XS)GJLRB(_&6J@)snJH4)wS4Lu5BmOmt zA7n)ORE`?6=Gp`gNBXzH1h-VBzEYG!+3gyRESU1!zjD5FdIhlg`<3I)=@ow~Xq*&VxpLfDuM`ikT*j5-&U&SI{%aZ~+gYy^59mGg zqOJnT^7z9vA@9O~m+(^$5)a!yO#JT~^99ZYOt`%4Egbx|ds=Un73@y|v7Wy%&%K2M zQ!&r84~VXEX_&KbH;u@^AhCXm-)ZC3M;5)JDB+V z8**TB=LO_oUFFg+XOROFIDyFj;hUGN`Khh~CMCf8a~bmUj-j(w9LN{`e{_|990UJ~ z96%N?AP0MpSOG4fzhTZH2QWe)a?l2MN`(ii|xcuhCbccTU}YQc5pphUF_7@8Zu|Y@Bq&-ttr`v{p=H$0?Sshw@l^B}U+v zv0NfcNYX5^?9u>LTvp_16w+1r&S$KYOsT;_d%v+y$G`W16h6}cEsoMxd%0ZcSJY&2 z>JA!G;wmo~zW4>qs`I><9leW{75f~h)^IfuxL0yuN{QjGjQk?Q8N+P(;DTz{<=ZYrExS*yADZ{w#}aLRqH>LPL{ZIxu#WWO}flZdE=$YffM zdt!a*ejMG%o-4Dia|^Q$#V_QlNPyoX5+*}m2%1xgwyvbsu`t zw0c{sR-mMvkGnl_DXpCJ!$KJVr~P@>SG9bcYb@`zJUE@T3F#$WB1{?>u}d+{R{9_%-&5um7

    GSkyd)U=W9K% z=W$`{OOwIeZz$dKt;#m%mMIte!KK$a$18D_YVRES0u#-ks|&Sv4syh*?5d5s+abL? z#D|p<>{%8f$64mgVjqc)dsj;Z@H}!lu#X2HOVo$HPHZ?VfobFJ1whYB%tnU05>cE-x{LEx7?ydJ6O+(Ak5|fx ziTB=*9$WC&L-+v0_J1wH_YF9=2Itl#47ns2 z@@}Po<=Od3+%L61Pd$<*V-cKh?r!#5J_)pDPI~HAiuck++Xbh!isH`XQfD8T38Bdv z@^NnYN!*9=NLkX*#dBMsGX=v|P-R16#_rglt4gDRzv8)Ab0REjZvW{F_R3G}~g*HNKnbE;jb$T6V?p)b} zz7-FClCmMl1M0d-FZLwN5o3&IE=~Lu!F+#<=K`nYsdFB+g9Ois+2Eyo63#dG409y< zFh{-<=b(1XRdko`%O~MHGB-h|`AN9brIo`s3X|qee@^{_)>2~m(%oH;(?@!PM0MQh|SjRpJL|LA5?FcxJ0wneh zmd(VwTF5(kS&>KLxil8%EjV=Uc~Lj;p+qk6@(^p47aRSu2ylE}!Ngy_j^%$v5O{xk zYQf8Ko!v(U-sSg+iTDkAeer(;lQuGb`8{KL>pJ2b8A8BwMgY#-ULR*hM}A4P^*rqB z(Qo6PiXLH}AB+1oJK= zK6B4w2kyfdn>WeX?t>cV32VyP*ZUj({E)X@2SMrYA#eM_^*GD&w%J>$9^mgm&Q8kq zjVgTHHK+V79VB~m<`wS+R~5Z=EmgGSd)AXV6`M24e$QGePXi8;v)M-?EB7)vo3&J< z*56iuW7k|kJkF!A0@p&1ktThR9ZRR=RBQ7IPIsEi`f3uH=yzT4#z4s#+a#Q9ebf#Wa-uPhB#w8KW zT__3Uw{(meAsFOEzB|B#$q@dYg)~JiF?D$Pr-$eL5KOZl*|h zcHT?mp(~H+TFkMl-57SML@D`3DlFf7kjF0s16-9pv+qpVtLWXCRC)7)A&1pw8J?X4 zg8m!K^GzXSeW~4?QL?h*((3li6HuYGH^ws*ULuX>HU%%m(=hKbFy!`Q zVa%INmHj5eIZhe4lqApN5e2?DgMO)yrta>!3C$K39n3(#SQs6mpXbtp}O4Zu!3Enj3jid81$&jlkoBD-?R5T zlO;NFX_e4M-Wg=f#8c#mqRg>hrQx8zMODapc>~aOFC`Pa}H^uV% zqRpV)eu*4gi5c|ED$l~RuXh9MtFh|d={%&+eHG%-CCj?=d>`U1GRN-u<}oZW@c;S! zg;TFRF&MEu7h=8m3)W+{-^=|rXVjxbZr_DsFYN})aEBTNjSLe#BrIh<4s`$k|5>kU3&H?4$Gm_L0krIl3S_$CX6gIZmb9 zIjZBjdTpWc^xZ517r$gMdSV7cFT3d7wRr?1&b&Y?djABYPeU;3+y$dAVQV-l-v@iM zygk^%ncIgbMf~B+?Pc0H;#7l?7Z?{Jj`28?wA(%6JPMuO`%yJ>?qHsdmA#Yxh>Z$H z9l5O3z8{GZD+@G^c!6N#K$l&Mo)QduY_JY<&b%nleM6%@{1w-IVQmG$yysb^+(#^X zc}be?>Nq)Tu?+|F%&U*I@OL9nvCz@QDN?CNKkI zMx$Med8Fs9SetJ!;;ze{PLSR2WoTfI-XqSu@CeT1l+OKLwqfSz9x+Ga6?0^_Wsc%# znIkcRITA8=jwD;=xcUq`N8xMiqjZ}IhW#p!7yg-GTOkljAPFwO1OAeH56+ zKFV=ldP!B=7>A}Uxqk6tZK@pQzA1?Z8w=Jr`SWXY0U~hhC8ZEimn2vl-u3n7?cR#* zMt;7y>%IHMM6a*yb#chNQN)Qz?|I1Iu-tw2Br<5(UcBvFZ;;Mp?$6SDaTGO0ITnO4IoE82Y1;KNIagXw` ztpB5V$)yNJ9CtA7O<8T>ljp)%9$U7-=DYL+;5QA{gSj}kL|kCnmO62Gds^t)m79aO z(qIK3FbDZtjjNOAj!W!h&5@Nb;%+XDZ*9ZDh`R}<9jUG;;yEU}_qUTo9}LEwE`1Pw zn%@dts4nU2Hz>`Jy!T)kj2BliCupM}C1E+t`0c};skT4o_Lll)twk9#OO^Mni_W=a zS{GK*%C0ZMe}G9ZA)md~_X}K=lj%6>nI|?;b1GO;$p6;&+lL>2`TI{FUcPw${*%A_ z@}HkRN)mki*(X2z`s;5Wr9C(EM?ZY>$AA3%>+k<)();t#zUt-MeqU>b8Ad9$L<(&%XZjyU$;J_5Ir~ z|MtnBKm7Esk8(4g4e`q_U%vR~Z$Ezc?cX1M`uXLHllc;^U%vSG@6HEoGn}}+$}sUye)h!{4D}4f-OQ@gk>WD Dq+}0y diff --git a/SecurityTests/PostSecurityTests.sh b/SecurityTests/PostSecurityTests.sh deleted file mode 100644 index a2d7898d..00000000 --- a/SecurityTests/PostSecurityTests.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh - -# PostSecurityTests.sh -# Security -# -# Created by Fabrice Gautier on 6/9/11. -# Copyright 2011 Apple, Inc. All rights reserved. - -echo "PostSecuritTests.sh: post-run script" - -echo "Killing all servers..." - -killall openssl -killall gnutls-serv -kill `cat tcprelay.pid` - -echo "Done killing~~" diff --git a/SecurityTests/PreSecurityTests.sh b/SecurityTests/PreSecurityTests.sh deleted file mode 100644 index 1178c6e5..00000000 --- a/SecurityTests/PreSecurityTests.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh - -# PreSecurityTest.sh -# Security -# -# Created by Fabrice Gautier on 6/7/11. -# Copyright 2011 Apple, Inc. All rights reserved. - -echo "PreSecuritTests.sh: pre-run script" - -# Use this for macport install of gnutls: -#GNUTLS_DIR=/opt/local - -# Use this if you compiled your own gnutls: -GNUTLS_DIR=/usr/local - -# System openssl -#OPENSSL_DIR=/usr - -# Macport openssl -OPENSSL_DIR=/opt/local - -# your own openssl -#OPENSSL_DIR=/usr/local - - -echo "Starting servers" - -echo "openssl s_server RSA/RSA..." -${OPENSSL_DIR}/bin/openssl s_server -accept 4445 -state -key test-certs/ServerKey.rsa.pem -cert test-certs/ServerCert.rsa.rsa.pem -www -cipher ALL:eNULL > /tmp/s_server.rsa.rsa.log 2>&1 & - -echo "openssl s_server RSA/ECC..." -${OPENSSL_DIR}/bin/openssl s_server -accept 4446 -state -key test-certs/ServerKey.rsa.pem -cert test-certs/ServerCert.rsa.ecc.pem -www -cipher ALL:eNULL > /tmp/s_server.rsa.ecc.log 2>&1 & - -echo "openssl s_server ECC/RSA..." -${OPENSSL_DIR}/bin/openssl s_server -accept 4447 -state -key test-certs/ServerKey.ecc.pem -cert test-certs/ServerCert.ecc.rsa.pem -www -cipher ALL:eNULL > /tmp/s_server.ecc.rsa.log 2>&1 & - -echo "openssl s_server ECC/ECC..." -${OPENSSL_DIR}/bin/openssl s_server -accept 4448 -state -key test-certs/ServerKey.ecc.pem -cert test-certs/ServerCert.ecc.ecc.pem -www -cipher ALL:eNULL > /tmp/s_server.ecc.ecc.log 2>&1 & - -echo "gnutls-serv RSA/RSA..." -${GNUTLS_DIR}/bin/gnutls-serv -p 5556 -d 4 --http --x509keyfile test-certs/ServerKey.rsa.pem --x509certfile test-certs/ServerCert.rsa.rsa.pem --priority "NORMAL:+ANON-DH:+NULL" > /tmp/gnutls-serv.rsa.rsa.log 2>&1 & - -echo "gnutls-serv RSA/ECC..." -${GNUTLS_DIR}/bin/gnutls-serv -p 5557 -d 4 --http --x509keyfile test-certs/ServerKey.rsa.pem --x509certfile test-certs/ServerCert.rsa.ecc.pem --priority "NORMAL:+ANON-DH:+NULL" > /tmp/gnutls-serv.rsa.ecc.log 2>&1 & - -echo "gnutls-serv ECC/RSA..." -${GNUTLS_DIR}/bin/gnutls-serv -p 5558 -d 4 --http --x509keyfile test-certs/ServerKey.ecc.pem --x509certfile test-certs/ServerCert.ecc.rsa.pem --priority "NORMAL:+ANON-DH:+NULL" > /tmp/gnutls-serv.ecc.rsa.log 2>&1 & - -echo "gnutls-serv ECC/ECC..." -${GNUTLS_DIR}/bin/gnutls-serv -p 5559 -d 4 --http --x509keyfile test-certs/ServerKey.ecc.pem --x509certfile test-certs/ServerCert.ecc.ecc.pem --priority "NORMAL:+ANON-DH:+NULL" > /tmp/gnutls-serv.ecc.ecc.log 2>&1 & - - -echo "tcprelay..." -/usr/local/bin/tcprelay localhost:4445 localhost:4446 localhost:4447 localhost:4448 localhost:5556 localhost:5557 localhost:5558 localhost:5559 > tcprelay.log 2>&1 & -echo $! > /tmp/tcprelay.pid -cat /tmp/tcprelay.pid - -echo "Logs in $DIR" diff --git a/SecurityTests/StartTLSServers.sh b/SecurityTests/StartTLSServers.sh deleted file mode 100644 index 7f8c95bb..00000000 --- a/SecurityTests/StartTLSServers.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/sh - -# StartTLSServers.sh -# Security -# -# Created by Fabrice Gautier on 6/7/11. -# Copyright 2011 Apple, Inc. All rights reserved. - -# Use this for macport install of gnutls: -#GNUTLS_DIR=/opt/local - -# Use this if you compiled your own gnutls: -GNUTLS_DIR=/usr/local - -# System openssl -#OPENSSL_DIR=/usr - -# Macport openssl -OPENSSL_DIR=/opt/local - -# your own openssl -#OPENSSL_DIR=/usr/local - - -echo "Starting servers" - -echo "openssl s_server RSA/RSA..." -${OPENSSL_DIR}/bin/openssl s_server -accept 4001 -state -key test-certs/ServerKey.rsa.pem -cert test-certs/ServerCert.rsa.rsa.pem -www -cipher ALL:eNULL > /tmp/s_server.rsa.rsa.log 2>&1 & - -echo "openssl s_server RSA/ECC..." -${OPENSSL_DIR}/bin/openssl s_server -accept 4002 -state -key test-certs/ServerKey.rsa.pem -cert test-certs/ServerCert.rsa.ecc.pem -www -cipher ALL:eNULL > /tmp/s_server.rsa.ecc.log 2>&1 & - -echo "openssl s_server ECC/RSA..." -${OPENSSL_DIR}/bin/openssl s_server -accept 4003 -state -key test-certs/ServerKey.ecc.pem -cert test-certs/ServerCert.ecc.rsa.pem -www -cipher ALL:eNULL > /tmp/s_server.ecc.rsa.log 2>&1 & - -echo "openssl s_server ECC/ECC..." -${OPENSSL_DIR}/bin/openssl s_server -accept 4004 -state -key test-certs/ServerKey.ecc.pem -cert test-certs/ServerCert.ecc.ecc.pem -www -cipher ALL:eNULL > /tmp/s_server.ecc.ecc.log 2>&1 & - -echo "gnutls-serv RSA/RSA..." -${GNUTLS_DIR}/bin/gnutls-serv -p 5001 -d 4 --http -a --x509keyfile test-certs/ServerKey.rsa.pem --x509certfile test-certs/ServerCert.rsa.rsa.pem --priority "NORMAL:+ANON-DH:+NULL" > /tmp/gnutls-serv.rsa.rsa.log 2>&1 & - -echo "gnutls-serv RSA/ECC..." -${GNUTLS_DIR}/bin/gnutls-serv -p 5002 -d 4 --http -a --x509keyfile test-certs/ServerKey.rsa.pem --x509certfile test-certs/ServerCert.rsa.ecc.pem --priority "NORMAL:+ANON-DH:+NULL" > /tmp/gnutls-serv.rsa.ecc.log 2>&1 & - -echo "gnutls-serv ECC/RSA..." -${GNUTLS_DIR}/bin/gnutls-serv -p 5003 -d 4 --http -a --x509keyfile test-certs/ServerKey.ecc.pem --x509certfile test-certs/ServerCert.ecc.rsa.pem --priority "NORMAL:+ANON-DH:+NULL" > /tmp/gnutls-serv.ecc.rsa.log 2>&1 & - -echo "gnutls-serv ECC/ECC..." -${GNUTLS_DIR}/bin/gnutls-serv -p 5004 -d 4 --http -a --x509keyfile test-certs/ServerKey.ecc.pem --x509certfile test-certs/ServerCert.ecc.ecc.pem --priority "NORMAL:+ANON-DH:+NULL" > /tmp/gnutls-serv.ecc.ecc.log 2>&1 & - -echo "openssl s_server RSA/RSA + Client Side Auth..." -${OPENSSL_DIR}/bin/openssl s_server -accept 4011 -verify 3 -CAfile test-certs/CACert.rsa.pem -state -key test-certs/ServerKey.rsa.pem -cert test-certs/ServerCert.rsa.rsa.pem -www -cipher ALL:eNULL > /tmp/s_server.rsa.rsa.csa.log 2>&1 & - -echo "openssl s_server RSA/ECC + Client Side Auth...." -${OPENSSL_DIR}/bin/openssl s_server -accept 4012 -verify 3 -CAfile test-certs/CACert.rsa.pem -state -key test-certs/ServerKey.rsa.pem -cert test-certs/ServerCert.rsa.ecc.pem -www -cipher ALL:eNULL > /tmp/s_server.rsa.ecc.csa.log 2>&1 & - -echo "openssl s_server ECC/RSA + Client Side Auth...." -${OPENSSL_DIR}/bin/openssl s_server -accept 4013 -verify 3 -CAfile test-certs/CACert.rsa.pem -state -key test-certs/ServerKey.ecc.pem -cert test-certs/ServerCert.ecc.rsa.pem -www -cipher ALL:eNULL > /tmp/s_server.ecc.rsa.csa.log 2>&1 & - -echo "openssl s_server ECC/ECC + Client Side Auth...." -${OPENSSL_DIR}/bin/openssl s_server -accept 4014 -verify 3 -CAfile test-certs/CACert.rsa.pem -state -key test-certs/ServerKey.ecc.pem -cert test-certs/ServerCert.ecc.ecc.pem -www -cipher ALL:eNULL > /tmp/s_server.ecc.ecc.csa.log 2>&1 & - -echo "gnutls-serv RSA/RSA + Client Side Auth...." -${GNUTLS_DIR}/bin/gnutls-serv -p 5011 -d 4 --http --x509keyfile test-certs/ServerKey.rsa.pem --x509certfile test-certs/ServerCert.rsa.rsa.pem --priority "NORMAL:+ANON-DH:+NULL" > /tmp/gnutls-serv.rsa.rsa.csa.log 2>&1 & - -echo "gnutls-serv RSA/ECC + Client Side Auth...." -${GNUTLS_DIR}/bin/gnutls-serv -p 5012 -d 4 --http --x509keyfile test-certs/ServerKey.rsa.pem --x509certfile test-certs/ServerCert.rsa.ecc.pem --priority "NORMAL:+ANON-DH:+NULL" > /tmp/gnutls-serv.rsa.ecc.csa.log 2>&1 & - -echo "gnutls-serv ECC/RSA + Client Side Auth...." -${GNUTLS_DIR}/bin/gnutls-serv -p 5013 -d 4 --http --x509keyfile test-certs/ServerKey.ecc.pem --x509certfile test-certs/ServerCert.ecc.rsa.pem --priority "NORMAL:+ANON-DH:+NULL" > /tmp/gnutls-serv.ecc.rsa.csa.log 2>&1 & - -echo "gnutls-serv ECC/ECC + Client Side Auth...." -${GNUTLS_DIR}/bin/gnutls-serv -p 5014 -d 4 --http --x509keyfile test-certs/ServerKey.ecc.pem --x509certfile test-certs/ServerCert.ecc.ecc.pem --priority "NORMAL:+ANON-DH:+NULL" > /tmp/gnutls-serv.ecc.ecc.csa.log 2>&1 & diff --git a/SecurityTests/StopTLSServers.sh b/SecurityTests/StopTLSServers.sh deleted file mode 100644 index ab7add28..00000000 --- a/SecurityTests/StopTLSServers.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh - -# StopTLSServers.sh -# Security -# -# Created by Fabrice Gautier on 6/9/11. -# Copyright 2011 Apple, Inc. All rights reserved. - -echo "Killing all servers..." - -killall openssl -killall gnutls-serv - -echo "Done killing~~" diff --git a/SecurityTests/clxutils/ChangeLog b/SecurityTests/clxutils/ChangeLog deleted file mode 100644 index 3d677618..00000000 --- a/SecurityTests/clxutils/ChangeLog +++ /dev/null @@ -1,40 +0,0 @@ -As of April 9 2003, the clxutils directory will be tagged -with the version of Security.framework with which the -particular version of clxutils works. When a change -is introduced into clxutils which prevents the tests -from building or running with previous version of Security, -an entry will be made in this file and the whole directory -will be tagged with the same tag as the version of Security -needed to run with the current version of clxutils. - -Addenda: tags are now of the form clxutils-XXX since the Security reorg. - - Date Tag Notes --------- ----------- ----------------------------------------------- -04/04/05 TigerGM TigerGM (8A428) baseline. -02/19/05 clxutils-111 New tests for AppleCerts, AppleCodeSigning, localTime, - iChat policy. - Support for SHA2 signature in signerAndSubj. -12/20/04 clxutils-110 Updates to smimePolicy for radar 3880193 (iChat TP policy mods) -11/01/04 clxutils-109 Fix for radar 855635 - CSSM_CERT_STATUS_IS_IN_ANCHORS missed - if cert is from a DLDB -09/14/04 clxutils-108 Radar 3722218 - CertGroupVerify can now return - CSSMERR_APPLETP_HOSTNAME_MISMATCH. -08/12/04 clxutils-107 CSSMOID_APPLE_TP_CODE_SIGN trust policy testing. -07/21/04 clxutils-106 OCSP and major mods to certCertify() and certcrl program. -05/13/04 clxutils-105 Radar 3537553, SPI for ASN.1 encode/decode. -05/04/04 clxutils-104 Mods for AuthorityInfoAccess extension -04/28/04 clxutils-103 Mods for Radar 3636036 - errSSLConnectionRefused -04/20/04 clxutils-101 Extended Key Use testing per 3622077, 3628039 -04/20/04 clxutils-100 Tag for just before changes for Extended Key Use in clxutils-101 -08/05/03 Security-132 Unnormalized subject/issuer names, 3347430 -07/16/03 Security-119 Add testing for 3300879, expired root handling -06/16/03 Security-114 Mods for updated SSL host name checking, 3093245 - Test resumable session SPI, 3260631 -05/16/03 Security-102 Fixed corner cases in SSL HostName checking - SecureTransport vfy via SecTrust, SSLGetPeerSecTrust -04/24/03 Security-90 S/MIME policy testing -04/17/03 Security-88 Support for buildit - Was nssOidToAlg, is cssmOidToAlg - Run cgVerify with DSA certs -04/09/03 Security-87 Partial DSA public key processing diff --git a/SecurityTests/clxutils/Makefile b/SecurityTests/clxutils/Makefile deleted file mode 100644 index f6d1b5ad..00000000 --- a/SecurityTests/clxutils/Makefile +++ /dev/null @@ -1,92 +0,0 @@ -# -# Top-level Makefile for clxutils. Allows build or clean -# of all directories in one swoop. -# -SHELL := /bin/zsh - -SUBDIRS= clAppUtils anchorTest caVerify certChain certInCrl certTime certcrl \ - certLabelTest certSerialEncodeTest certsFromDb cgConstruct \ - cgVerify clTool cmstool \ - dotMacArchive dotMacTool extendAttrTest extendAttrTool \ - extenGrab extenTest extenTestTp extractCertFields findCert \ - idTool kcImport kcExport kcTime kcTool keyFromCert \ - newCmsTool ocspdTool ocspTool pemtool \ - parseCert parseCrl pemtool secTime secTrustTime \ - signerAndSubj signerAndSubjSsl \ - signerAndSubjTp smimePolicy sslAlert sslAuth sslBench sslCipher \ - sslEcdsa sslHandshakeTime sslProt \ - sslServer sslSession sslSubjName sslViewer \ - sysIdTool threadTest trustAnchors trustApps unBER \ - vfyCert vfyCertChain -# krbtool removed pending new kerb changes -# krbtool - -# note the p12 tests removed - I really want p12Reencode back in...p12 we can do without -# extractCertFields idTool kcImport kcExport kcTime kcTool keyFromCert pemtool p12 p12Reencode \ - -INSTALLDIR=$(DSTROOT)/usr/local/bin - -# default SRCROOT for clean target -SRCROOT ?= $(shell pwd) - -# -# The "if [[ -a $$i ]]" allows use of this Makefile on a fragment of -# clxutils, e.g., the SslExamples package built by buildSsl. -# -first: - @foreach i in $(SUBDIRS); \ - if [[ -a $$i ]] then; \ - echo "=== Making $$i ==="; \ - cd $$i || exit 1; \ - make -r || exit 1; \ - cd ..; \ - fi; \ - end - -build: first - -sphinx: - make "SPHINX=-DSPHINX" - -# architecture options - -64bit: - make "DEBUG_CFLAGS=-arch x86_64" "CMDLINE_LDFLAGS=-arch x86_64" - -64bitFat: - make "DEBUG_CFLAGS=-arch x86_64 -arch i386" "CMDLINE_LDFLAGS=-arch x86_64 -arch i386" - -fat: - make "DEBUG_CFLAGS=-arch i386" "CMDLINE_LDFLAGS=-arch i386" - -install: - @foreach i in $(SUBDIRS); \ - if [[ -a $$i ]] then; \ - echo "=== Installing $$i ==="; \ - cd $$i; \ - make install "DSTROOT=$(DSTROOT)" "SYMROOT=$(SYMROOT)" \ - "OBJROOT=$(OBJROOT)" || exit 1; \ - cd ..; \ - fi; \ - end - install -d -m 0755 $(INSTALLDIR) - install -p -m 0755 cltpdvt $(INSTALLDIR) - echo "** BUILD SUCCEEDED **" - -# this module doesn't need to install any headers -installhdrs: - -installsrc: - cp -R . $(SRCROOT) - -clean: - @foreach i in $(SUBDIRS); \ - if [[ -a $$i ]] then; \ - echo "=== Cleaning $$i ==="; \ - cd $$i || exit 1; \ - make clean "DSTROOT=$(DSTROOT)" "SYMROOT=$(SYMROOT)" \ - "OBJROOT=$(OBJROOT)" "SRCROOT=$(SRCROOT)/$$i" \ - || exit 1; \ - cd ..; \ - fi; \ - end diff --git a/SecurityTests/clxutils/Makefile.cdsa b/SecurityTests/clxutils/Makefile.cdsa deleted file mode 100644 index 73b21dd8..00000000 --- a/SecurityTests/clxutils/Makefile.cdsa +++ /dev/null @@ -1,165 +0,0 @@ -# -# Common makefile fragment for dmitch's clxutils. -# This is -included from project-specific Makefiles, assumed -# to be one directory down from this file. -# -# See Makefile.template for sample project-specific Makefile. -# - -# Defaults for variables provided by buildit -# -# Object files written to '.' unless OBJROOT specified -# -OBJROOT ?= . -SRCROOT ?= . -# -# Executables written to SYMROOT if specified, else to LOCAL_BUILD_DIR -# env var if specified, else to '.'. -# -SYMROOT ?= $(shell echo $(LOCAL_BUILD_DIR)) -LOCAL_BUILD=$(SYMROOT) -ifeq "" "$(LOCAL_BUILD)" - LOCAL_BUILD = . -endif - -# independent of SYMROOT -CLEAN_DIR=$(shell echo $(LOCAL_BUILD_DIR)) -ifeq "" "$(CLEAN_DIR)" - CLEAN_DIR = . -endif - -# -# DSTROOT only used for install -$ -DSTROOT ?= "" - -INSTALLDIR := $(DSTROOT)/usr/local/bin - -UTIL_LIB_SRC= ../clAppUtils -COMMON_LIB_SRC= ../../cspxutils -CSPUTIL_LIB_BIN=libcsputils.a -CLUTIL_LIB_BIN=libclutils.a - -# cspxutils headers and lib come from ../cspxutils, or from /usr/local if DSTROOT is specified -ifeq ("", $(DSTROOT)) - UTILLIB_HDRS=$(COMMON_LIB_SRC) - UTILLIB_PATH=$(COMMON_LIB_SRC)/utilLib - CSPUTIL_LIB_BIN_PATH=$(LOCAL_BUILD)/$(CSPUTIL_LIB_BIN) - CLUTIL_LIB_BIN_PATH=$(LOCAL_BUILD)/$(CLUTIL_LIB_BIN) -else - UTILLIB_HDRS=$(DSTROOT)/usr/local/include - UTILLIB_PATH=$(DSTROOT)/usr/local/lib - CSPUTIL_LIB_BIN_PATH=/usr/local/lib/$(CSPUTIL_LIB_BIN) - CLUTIL_LIB_BIN_PATH=$(UTILLIB_PATH)/$(CLUTIL_LIB_BIN) -endif - -OFILES= $(CSOURCE:%.c=$(OBJROOT)/%.o) $(CPSOURCE:%.cpp=$(OBJROOT)/%.o) - -# -# Assume final load with cc, not ld -# -STD_LIBS=-lclutils -lcsputils -STD_LIBPATH= -L$(LOCAL_BUILD) -L$(UTILLIB_PATH) -L$(UTIL_LIB_SRC) -ALL_LIBS= $(STD_LIBS) $(PROJ_LIBS) -ALL_LIBPATHS= $(STD_LIBPATH) $(PROJ_LIBPATH) -PRIV_FRAMEWORK_PATH= /System/Library/PrivateFrameworks - -# -# Override this from the make command line to add e.g. -lMallocDebug -# -CMDLINE_LDFLAGS?= - -ALL_LDFLAGS= $(CMDLINE_LDFLAGS) -F$(LOCAL_BUILD) $(ALL_LIBS) $(ALL_LIBPATHS) \ - $(PROJ_LDFLAGS) -F$(PRIV_FRAMEWORK_PATH) -lsecurity_cdsa_client -lsecurity_utilities -lsecurity_cdsa_utilities -lsecurity_cdsa_utils - -CC=c++ - -VARIANT_SUFFIX= - -STD_FRAMEWORKS= -framework Security$(VARIANT_SUFFIX) -framework CoreFoundation - -ALL_FRAMEWORKS= $(STD_FRAMEWORKS) $(PROJ_FRAMEWORKS) - -# -# to get to headers in frameworks -# -STD_FINCLUDES= -F$(LOCAL_BUILD) -F$(PRIV_FRAMEWORK_PATH) -F$(PRIV_FRAMEWORK_PATH) -# -# the common headers for csputils -# -STD_INCLUDES= -I.. -I$(UTILLIB_HDRS) -F$(PRIV_FRAMEWORK_PATH) -ALL_INCLUDES= $(STD_INCLUDES) $(PROJ_INCLUDES) -CINCLUDES= $(STD_FINCLUDES) $(ALL_INCLUDES) - -###WFLAGS= -Wno-four-char-constants -Wall -Werror -WFLAGS= -Wno-four-char-constants -Wall -Wno-deprecated-declarations - -STD_CFLAGS= -g $(VERBOSE) $(SPHINX) -DEBUG_CFLAGS?= - -ALL_CFLAGS= $(CINCLUDES) $(STD_CFLAGS) $(PROJ_CFLAGS) $(WFLAGS) $(DEBUG_CFLAGS) - -# -# Executable in build folder -# -BUILT_TARGET= $(LOCAL_BUILD)/$(EXECUTABLE) - -first: LIB_CLUTILS $(PROJ_DEPENDS) $(CSPUTIL_LIB_BIN_PATH) $(BUILT_TARGET) - -build: first - -debug: - make "VARIANT_SUFFIX=,_debug" - -sphinx: - make "SPHINX=-DSPHINX" - -# architecture options - -64bit: - make "DEBUG_CFLAGS=-arch x86_64" "CMDLINE_LDFLAGS=-arch x86_64" - -64bitFat: - make "DEBUG_CFLAGS=-arch x86_64 -arch i386" "CMDLINE_LDFLAGS=-arch x86_64 -arch i386" - -fat: - make "DEBUG_CFLAGS=-arch i386" "CMDLINE_LDFLAGS=-arch i386" - -install: build - install -d -m 0755 $(INSTALLDIR) - install -p -m 0755 $(BUILT_TARGET) $(INSTALLDIR) - -installhdrs: - -# -# Executable might be in . if no LOCAL_BUILD_DIR specified -# -clean: - rm -f $(BUILT_TARGET) $(EXECUTABLE) - cd $(SRCROOT); rm -f $(OFILES) *.o - cd $(LOCAL_BUILD); rm -f $(EXECUTABLE) $(OTHER_TO_CLEAN) - rm -f $(CLEAN_DIR)/$(EXECUTABLE) - -# -# Make sure libcsputils.a has been built... -# -$(CSPUTIL_LIB_BIN_PATH): - @if ! ( [ -e $(CSPUTIL_LIB_BIN_PATH) ] );\ - then \ - echo === You must build libcsputils.a before building this project. === ;\ - echo === Please cd to the cspxutils/utilLib directory and type make. === ;\ - echo === $(CSPUTIL_LIB_BIN_PATH) not found. === ;\ - exit 1; \ - fi - -LIB_CLUTILS: - (cd $(UTIL_LIB_SRC); make) - -$(BUILT_TARGET): $(OFILES) $(CSPUTIL_LIB_BIN_PATH) $(CLUTIL_LIB_BIN_PATH) - $(CC) -o $(BUILT_TARGET) $(ALL_FRAMEWORKS) $^ $(ALL_LDFLAGS) - -$(OBJROOT)/%.o: %.c $(HDR_DEPENDS) - $(CC) $(ALL_CFLAGS) -c -o $(OBJROOT)/$*.o $< - -$(OBJROOT)/%.o: %.cpp $(HDR_DEPENDS) - $(CC) $(ALL_CFLAGS) -c -o $(OBJROOT)/$*.o $< diff --git a/SecurityTests/clxutils/Makefile.lib b/SecurityTests/clxutils/Makefile.lib deleted file mode 100644 index dd14859e..00000000 --- a/SecurityTests/clxutils/Makefile.lib +++ /dev/null @@ -1,113 +0,0 @@ -# -# Common makefile fragment for dmitch's SecurityX-style clxutils, -# tailored for building a library. -# This is -included from project-specific Makefiles, assumed -# to be one directory down from this file. -# -# See Makefile.template for sample project-specific Makefile. -# - -# Defaults for variables provided by buildit -# -# Object files written to '.' unless OBJROOT specified -# -OBJROOT ?= . -SRCROOT ?= . -# -# Library written to SYMROOT if specified, else to LOCAL_BUILD_DIR -# env var if specified, else to '.'. -# -SYMROOT ?= $(shell echo $(LOCAL_BUILD_DIR)) -LOCAL_BUILD=$(SYMROOT) -ifeq "" "$(LOCAL_BUILD)" - LOCAL_BUILD = . -endif - -# independent of SYMROOT -CLEAN_DIR=$(shell echo $(LOCAL_BUILD_DIR)) -ifeq "" "$(CLEAN_DIR)" - CLEAN_DIR = . -endif - -# -# DSTROOT only used for install -# -DSTROOT ?= "" - -# if DSTROOT not specified, skip the extra -I to get to cspxutils headers -ifeq ("", $(DSTROOT)) - UTILLIB_HDRS= -else - UTILLIB_HDRS="-I$(DSTROOT)/usr/local/include" -endif - -INSTALLDIR := $(DSTROOT)/usr/local/lib - -CC=c++ - -COMMON_LIB_SRC= -I../../cspxutils/ - -OFILES := $(CSOURCE:%.c=$(OBJROOT)/%.o) $(CPSOURCE:%.cpp=$(OBJROOT)/%.o) - -PRIV_FRAMEWORK_PATH= /System/Library/PrivateFrameworks - -ALL_LDFLAGS= -static $(PROJ_LDFLAGS) - -STD_FRAMEWORKS= -ALL_FRAMEWORKS= $(STD_FRAMEWORKS) $(PROJ_FRAMEWORKS) - -# -# to get to headers in frameworks -# -STD_FINCLUDES= -F$(LOCAL_BUILD) -F/System/Library/Frameworks/CoreServices.framework/Frameworks -STD_INCLUDES= -I.. $(COMMON_LIB_SRC) $(UTILLIB_HDRS) -F$(PRIV_FRAMEWORK_PATH) - -ALL_INCLUDES= $(STD_INCLUDES) $(PROJ_INCLUDES) -CINCLUDES= $(STD_FINCLUDES) $(ALL_INCLUDES) - -###WFLAGS= -Wno-four-char-constants -Wall -Werror -WFLAGS= -Wno-four-char-constants -Wall -Wno-deprecated-declarations -STD_CFLAGS= -g $(VERBOSE) -DEBUG_CFLAGS?= - -ALL_CFLAGS= $(CINCLUDES) $(STD_CFLAGS) $(PROJ_CFLAGS) $(WFLAGS) $(DEBUG_CFLAGS) - -# -# Executable has to be in build folder for MDS -# -BUILT_TARGET= $(LOCAL_BUILD)/$(EXECUTABLE) - -first: $(PROJ_DEPENDS) $(BUILT_TARGET) - -build: first - -# architecture options - -64bit: - make "DEBUG_CFLAGS=-arch x86_64" - -64bitFat: - make "DEBUG_CFLAGS=-arch x86_64 -arch i386" - -fat: - make "DEBUG_CFLAGS=-arch i386" "CMDLINE_LDFLAGS=-arch i386" - -install: build - install -d -m 0755 $(INSTALLDIR) - install -p -m 0644 $(BUILT_TARGET) $(INSTALLDIR) - -installhdrs: - -$(BUILT_TARGET): $(OFILES) - libtool $(ALL_LDFLAGS) -o $(BUILT_TARGET) $^ - -clean: - cd $(SRCROOT); rm -f $(OFILES) *.o - rm -f $(BUILT_TARGET) - rm -f $(CLEAN_DIR)/$(EXECUTABLE) - -$(OBJROOT)/%.o: %.c - $(CC) $(ALL_CFLAGS) -c -o $(OBJROOT)/$*.o $< - -$(OBJROOT)/%.o: %.cpp - $(CC) $(ALL_CFLAGS) -c -o $(OBJROOT)/$*.o $< diff --git a/SecurityTests/clxutils/NISCC/TLS_SSL/CoveringLetter.pdf b/SecurityTests/clxutils/NISCC/TLS_SSL/CoveringLetter.pdf deleted file mode 100755 index 67fbdf56..00000000 --- a/SecurityTests/clxutils/NISCC/TLS_SSL/CoveringLetter.pdf +++ /dev/null @@ -1,3314 +0,0 @@ -%PDF-1.3 %âãÏÓ -9 0 obj << /Linearized 1 /O 11 /H [ 25659 1176 ] /L 278516 /E 275492 /N 2 /T 278219 >> endobj xref 9 1261 0000000016 00000 n -0000025569 00000 n -0000026835 00000 n -0000027049 00000 n -0000039688 00000 n -0000039738 00000 n -0000039788 00000 n -0000039838 00000 n -0000039888 00000 n -0000039938 00000 n -0000039988 00000 n -0000040038 00000 n -0000040088 00000 n -0000040138 00000 n -0000040188 00000 n -0000040238 00000 n -0000040288 00000 n -0000040338 00000 n -0000040388 00000 n -0000040438 00000 n -0000040488 00000 n -0000040538 00000 n -0000040588 00000 n -0000040638 00000 n -0000040688 00000 n -0000040738 00000 n -0000040788 00000 n -0000040838 00000 n -0000040888 00000 n -0000040938 00000 n -0000040988 00000 n -0000041038 00000 n -0000041088 00000 n -0000041138 00000 n -0000041188 00000 n -0000041238 00000 n -0000041288 00000 n -0000041338 00000 n -0000041388 00000 n -0000041438 00000 n -0000041488 00000 n -0000041538 00000 n -0000041588 00000 n -0000041638 00000 n -0000041688 00000 n -0000041738 00000 n -0000041788 00000 n -0000041838 00000 n -0000041888 00000 n -0000041938 00000 n -0000041988 00000 n -0000042038 00000 n -0000042088 00000 n -0000042138 00000 n -0000042188 00000 n -0000042238 00000 n -0000042288 00000 n -0000042338 00000 n -0000042388 00000 n -0000042437 00000 n -0000042487 00000 n -0000042536 00000 n -0000042586 00000 n -0000042636 00000 n -0000042686 00000 n -0000042736 00000 n -0000042786 00000 n -0000042836 00000 n -0000042886 00000 n -0000042936 00000 n -0000042986 00000 n -0000043036 00000 n -0000043086 00000 n -0000043135 00000 n -0000043185 00000 n -0000043235 00000 n -0000043285 00000 n -0000043334 00000 n -0000043383 00000 n -0000043433 00000 n -0000043483 00000 n -0000043532 00000 n -0000043582 00000 n -0000043632 00000 n -0000043682 00000 n -0000043732 00000 n -0000043782 00000 n -0000043832 00000 n -0000043882 00000 n -0000043932 00000 n -0000043982 00000 n -0000044032 00000 n -0000044083 00000 n -0000044134 00000 n -0000044185 00000 n -0000044236 00000 n -0000044287 00000 n -0000044338 00000 n -0000044389 00000 n -0000044440 00000 n -0000044491 00000 n -0000044542 00000 n -0000044593 00000 n -0000044644 00000 n -0000044695 00000 n -0000044746 00000 n -0000044797 00000 n -0000044848 00000 n -0000044899 00000 n -0000044950 00000 n -0000045001 00000 n -0000045052 00000 n -0000045103 00000 n -0000045154 00000 n -0000045205 00000 n -0000045256 00000 n -0000045307 00000 n -0000045358 00000 n -0000045409 00000 n -0000045460 00000 n -0000045511 00000 n -0000045562 00000 n -0000045613 00000 n -0000045664 00000 n -0000045715 00000 n -0000045766 00000 n -0000045817 00000 n -0000045868 00000 n -0000045919 00000 n -0000045970 00000 n -0000046021 00000 n -0000046072 00000 n -0000046123 00000 n -0000046174 00000 n -0000046225 00000 n -0000046276 00000 n -0000046327 00000 n -0000046378 00000 n -0000046429 00000 n -0000046480 00000 n -0000046531 00000 n -0000046582 00000 n -0000046633 00000 n -0000046684 00000 n -0000046735 00000 n -0000046786 00000 n -0000046837 00000 n -0000046888 00000 n -0000046939 00000 n -0000046990 00000 n -0000047041 00000 n -0000047092 00000 n -0000047143 00000 n -0000047194 00000 n -0000047245 00000 n -0000047296 00000 n -0000047347 00000 n -0000047398 00000 n -0000047449 00000 n -0000047500 00000 n -0000047551 00000 n -0000047602 00000 n -0000047653 00000 n -0000047704 00000 n -0000047755 00000 n -0000047806 00000 n -0000047857 00000 n -0000047908 00000 n -0000047959 00000 n -0000048010 00000 n -0000048061 00000 n -0000048112 00000 n -0000048163 00000 n -0000048214 00000 n -0000048265 00000 n -0000048316 00000 n -0000048367 00000 n -0000048418 00000 n -0000048469 00000 n -0000048520 00000 n -0000048571 00000 n -0000048622 00000 n -0000048673 00000 n -0000048724 00000 n -0000048775 00000 n -0000048826 00000 n -0000048877 00000 n -0000048928 00000 n -0000048979 00000 n -0000049030 00000 n -0000049081 00000 n -0000049132 00000 n -0000049183 00000 n -0000049234 00000 n -0000049285 00000 n -0000049336 00000 n -0000049387 00000 n -0000049438 00000 n -0000049489 00000 n -0000049540 00000 n -0000049591 00000 n -0000049642 00000 n -0000049693 00000 n -0000049744 00000 n -0000049795 00000 n -0000049846 00000 n -0000049897 00000 n -0000049948 00000 n -0000049999 00000 n -0000050050 00000 n -0000050101 00000 n -0000050152 00000 n -0000050203 00000 n -0000050254 00000 n -0000050305 00000 n -0000050356 00000 n -0000050407 00000 n -0000050458 00000 n -0000050509 00000 n -0000050560 00000 n -0000050611 00000 n -0000050662 00000 n -0000050712 00000 n -0000050763 00000 n -0000050814 00000 n -0000050865 00000 n -0000050915 00000 n -0000050966 00000 n -0000051017 00000 n -0000051067 00000 n -0000051118 00000 n -0000051169 00000 n -0000051220 00000 n -0000051271 00000 n -0000051322 00000 n -0000051373 00000 n -0000051424 00000 n -0000051475 00000 n -0000051526 00000 n -0000051577 00000 n -0000051628 00000 n -0000051679 00000 n -0000051730 00000 n -0000051781 00000 n -0000051832 00000 n -0000051883 00000 n -0000051934 00000 n -0000051985 00000 n -0000052036 00000 n -0000052087 00000 n -0000052138 00000 n -0000052189 00000 n -0000052240 00000 n -0000052291 00000 n -0000052342 00000 n -0000052393 00000 n -0000052444 00000 n -0000052495 00000 n -0000052546 00000 n -0000052597 00000 n -0000052648 00000 n -0000052699 00000 n -0000052749 00000 n -0000052800 00000 n -0000052851 00000 n -0000052902 00000 n -0000052953 00000 n -0000053004 00000 n -0000053055 00000 n -0000053106 00000 n -0000053157 00000 n -0000053208 00000 n -0000053259 00000 n -0000053309 00000 n -0000053360 00000 n -0000053411 00000 n -0000053462 00000 n -0000053513 00000 n -0000053564 00000 n -0000053615 00000 n -0000053666 00000 n -0000053717 00000 n -0000053767 00000 n -0000053818 00000 n -0000053869 00000 n -0000053910 00000 n -0000053960 00000 n -0000054011 00000 n -0000054571 00000 n -0000054621 00000 n -0000054851 00000 n -0000054901 00000 n -0000054951 00000 n -0000055002 00000 n -0000055053 00000 n -0000055104 00000 n -0000055326 00000 n -0000055377 00000 n -0000055806 00000 n -0000055857 00000 n -0000055908 00000 n -0000055959 00000 n -0000056010 00000 n -0000056061 00000 n -0000056112 00000 n -0000056163 00000 n -0000056214 00000 n -0000056265 00000 n -0000056316 00000 n -0000056367 00000 n -0000056418 00000 n -0000056469 00000 n -0000056520 00000 n -0000056571 00000 n -0000056622 00000 n -0000056673 00000 n -0000056724 00000 n -0000056775 00000 n -0000056826 00000 n -0000056877 00000 n -0000056928 00000 n -0000056979 00000 n -0000057030 00000 n -0000057081 00000 n -0000057132 00000 n -0000057183 00000 n -0000057234 00000 n -0000057285 00000 n -0000057336 00000 n -0000057387 00000 n -0000057438 00000 n -0000057489 00000 n -0000057540 00000 n -0000057591 00000 n -0000057642 00000 n -0000057693 00000 n -0000057744 00000 n -0000057795 00000 n -0000057845 00000 n -0000057896 00000 n -0000057947 00000 n -0000057998 00000 n -0000058049 00000 n -0000058100 00000 n -0000058151 00000 n -0000058202 00000 n -0000058253 00000 n -0000058304 00000 n -0000058355 00000 n -0000058406 00000 n -0000058457 00000 n -0000058508 00000 n -0000058558 00000 n -0000058608 00000 n -0000058659 00000 n -0000058710 00000 n -0000058761 00000 n -0000058812 00000 n -0000058863 00000 n -0000058914 00000 n -0000058964 00000 n -0000059015 00000 n -0000059066 00000 n -0000059117 00000 n -0000059168 00000 n -0000059219 00000 n -0000059270 00000 n -0000059321 00000 n -0000059372 00000 n -0000059423 00000 n -0000059474 00000 n -0000059525 00000 n -0000059576 00000 n -0000059627 00000 n -0000059678 00000 n -0000059729 00000 n -0000059779 00000 n -0000059830 00000 n -0000059881 00000 n -0000059932 00000 n -0000059983 00000 n -0000060034 00000 n -0000060085 00000 n -0000060136 00000 n -0000060187 00000 n -0000060238 00000 n -0000060289 00000 n -0000060340 00000 n -0000060391 00000 n -0000060442 00000 n -0000060493 00000 n -0000060544 00000 n -0000060595 00000 n -0000060646 00000 n -0000060697 00000 n -0000060748 00000 n -0000060799 00000 n -0000060850 00000 n -0000060901 00000 n -0000060952 00000 n -0000061002 00000 n -0000061053 00000 n -0000061104 00000 n -0000061155 00000 n -0000061206 00000 n -0000061257 00000 n -0000061308 00000 n -0000061359 00000 n -0000061410 00000 n -0000061461 00000 n -0000061512 00000 n -0000061563 00000 n -0000061614 00000 n -0000061665 00000 n -0000061716 00000 n -0000061767 00000 n -0000061818 00000 n -0000061869 00000 n -0000061920 00000 n -0000061971 00000 n -0000061993 00000 n -0000062835 00000 n -0000062857 00000 n -0000063389 00000 n -0000063411 00000 n -0000063966 00000 n -0000063988 00000 n -0000064532 00000 n -0000064554 00000 n -0000065091 00000 n -0000065113 00000 n -0000065653 00000 n -0000065675 00000 n -0000066579 00000 n -0000066602 00000 n -0000068220 00000 n -0000068319 00000 n -0000068424 00000 n -0000068553 00000 n -0000068661 00000 n -0000068778 00000 n -0000068889 00000 n -0000068997 00000 n -0000069120 00000 n -0000069249 00000 n -0000069357 00000 n -0000069483 00000 n -0000069603 00000 n -0000069729 00000 n -0000069861 00000 n -0000069981 00000 n -0000070110 00000 n -0000070236 00000 n -0000070356 00000 n -0000070461 00000 n -0000070566 00000 n -0000070668 00000 n -0000070794 00000 n -0000070902 00000 n -0000071013 00000 n -0000071136 00000 n -0000071265 00000 n -0000071397 00000 n -0000071511 00000 n -0000071607 00000 n -0000071709 00000 n -0000071811 00000 n -0000071910 00000 n -0000072018 00000 n -0000072114 00000 n -0000072222 00000 n -0000072327 00000 n -0000072438 00000 n -0000072546 00000 n -0000072648 00000 n -0000072747 00000 n -0000072852 00000 n -0000072948 00000 n -0000073032 00000 n -0000073122 00000 n -0000073200 00000 n -0000073284 00000 n -0000073362 00000 n -0000073446 00000 n -0000073536 00000 n -0000073623 00000 n -0000073719 00000 n -0000073812 00000 n -0000073899 00000 n -0000073989 00000 n -0000074082 00000 n -0000074193 00000 n -0000074295 00000 n -0000074403 00000 n -0000074502 00000 n -0000074595 00000 n -0000074694 00000 n -0000074790 00000 n -0000074907 00000 n -0000092433 00000 n -0000130129 00000 n -0000132807 00000 n -0000132903 00000 n -0000132981 00000 n -0000133037 00000 n -0000133133 00000 n -0000133226 00000 n -0000133316 00000 n -0000133409 00000 n -0000133514 00000 n -0000133613 00000 n -0000133709 00000 n -0000133793 00000 n -0000133883 00000 n -0000133973 00000 n -0000134060 00000 n -0000134138 00000 n -0000134222 00000 n -0000134300 00000 n -0000134369 00000 n -0000134483 00000 n -0000134600 00000 n -0000134714 00000 n -0000134834 00000 n -0000134948 00000 n -0000135074 00000 n -0000135185 00000 n -0000135296 00000 n -0000135416 00000 n -0000135533 00000 n -0000135641 00000 n -0000135749 00000 n -0000135863 00000 n -0000136055 00000 n -0000136235 00000 n -0000136364 00000 n -0000136496 00000 n -0000136669 00000 n -0000136801 00000 n -0000136927 00000 n -0000137056 00000 n -0000137173 00000 n -0000137305 00000 n -0000137422 00000 n -0000137539 00000 n -0000137659 00000 n -0000137773 00000 n -0000137872 00000 n -0000137980 00000 n -0000138073 00000 n -0000138166 00000 n -0000138274 00000 n -0000138382 00000 n -0000138472 00000 n -0000138550 00000 n -0000138631 00000 n -0000138709 00000 n -0000138802 00000 n -0000138889 00000 n -0000138976 00000 n -0000139108 00000 n -0000139222 00000 n -0000139327 00000 n -0000139453 00000 n -0000139558 00000 n -0000139675 00000 n -0000139792 00000 n -0000139900 00000 n -0000139993 00000 n -0000140086 00000 n -0000140182 00000 n -0000140278 00000 n -0000140374 00000 n -0000140461 00000 n -0000140647 00000 n -0000140752 00000 n -0000140845 00000 n -0000140935 00000 n -0000141049 00000 n -0000141172 00000 n -0000141301 00000 n -0000141421 00000 n -0000141508 00000 n -0000141619 00000 n -0000141733 00000 n -0000141859 00000 n -0000141967 00000 n -0000142045 00000 n -0000142123 00000 n -0000142213 00000 n -0000142297 00000 n -0000142405 00000 n -0000142531 00000 n -0000142642 00000 n -0000142750 00000 n -0000142864 00000 n -0000142978 00000 n -0000143071 00000 n -0000143173 00000 n -0000143281 00000 n -0000143398 00000 n -0000143527 00000 n -0000143644 00000 n -0000143761 00000 n -0000143860 00000 n -0000143956 00000 n -0000144070 00000 n -0000144178 00000 n -0000144301 00000 n -0000144400 00000 n -0000144508 00000 n -0000144625 00000 n -0000144733 00000 n -0000144832 00000 n -0000144937 00000 n -0000145033 00000 n -0000145150 00000 n -0000145255 00000 n -0000145375 00000 n -0000145495 00000 n -0000145609 00000 n -0000145711 00000 n -0000145822 00000 n -0000145942 00000 n -0000146044 00000 n -0000146140 00000 n -0000146269 00000 n -0000146392 00000 n -0000146565 00000 n -0000146694 00000 n -0000146820 00000 n -0000146946 00000 n -0000147078 00000 n -0000147201 00000 n -0000147371 00000 n -0000147470 00000 n -0000147563 00000 n -0000147656 00000 n -0000147752 00000 n -0000147866 00000 n -0000147980 00000 n -0000148076 00000 n -0000148181 00000 n -0000148295 00000 n -0000148502 00000 n -0000148685 00000 n -0000148862 00000 n -0000149069 00000 n -0000149246 00000 n -0000149432 00000 n -0000149630 00000 n -0000149828 00000 n -0000150005 00000 n -0000150191 00000 n -0000150371 00000 n -0000150560 00000 n -0000150773 00000 n -0000151001 00000 n -0000151196 00000 n -0000151400 00000 n -0000151598 00000 n -0000151676 00000 n -0000151778 00000 n -0000151904 00000 n -0000151976 00000 n -0000152055 00000 n -0000152124 00000 n -0000152193 00000 n -0000152363 00000 n -0000152555 00000 n -0000152753 00000 n -0000152963 00000 n -0000153158 00000 n -0000153287 00000 n -0000153460 00000 n -0000153655 00000 n -0000153856 00000 n -0000153988 00000 n -0000154108 00000 n -0000154234 00000 n -0000154345 00000 n -0000154462 00000 n -0000154585 00000 n -0000154711 00000 n -0000154822 00000 n -0000154945 00000 n -0000155115 00000 n -0000155238 00000 n -0000155364 00000 n -0000155490 00000 n -0000155622 00000 n -0000155751 00000 n -0000155868 00000 n -0000155982 00000 n -0000156093 00000 n -0000156266 00000 n -0000156452 00000 n -0000156581 00000 n -0000156758 00000 n -0000156890 00000 n -0000157067 00000 n -0000157256 00000 n -0000157439 00000 n -0000157568 00000 n -0000157697 00000 n -0000157826 00000 n -0000157949 00000 n -0000158075 00000 n -0000158192 00000 n -0000158362 00000 n -0000158479 00000 n -0000158649 00000 n -0000158763 00000 n -0000158895 00000 n -0000159018 00000 n -0000159147 00000 n -0000159327 00000 n -0000159540 00000 n -0000159744 00000 n -0000159951 00000 n -0000160124 00000 n -0000160304 00000 n -0000160484 00000 n -0000160661 00000 n -0000160847 00000 n -0000161027 00000 n -0000161207 00000 n -0000161393 00000 n -0000161573 00000 n -0000161792 00000 n -0000162017 00000 n -0000162257 00000 n -0000162476 00000 n -0000162701 00000 n -0000162818 00000 n -0000163016 00000 n -0000163220 00000 n -0000163418 00000 n -0000163625 00000 n -0000163823 00000 n -0000164027 00000 n -0000164219 00000 n -0000164420 00000 n -0000164618 00000 n -0000164825 00000 n -0000165023 00000 n -0000165215 00000 n -0000165395 00000 n -0000165527 00000 n -0000165641 00000 n -0000165811 00000 n -0000165943 00000 n -0000166109 00000 n -0000166232 00000 n -0000166346 00000 n -0000166457 00000 n -0000166559 00000 n -0000166679 00000 n -0000166796 00000 n -0000166916 00000 n -0000167042 00000 n -0000167147 00000 n -0000167246 00000 n -0000167372 00000 n -0000167564 00000 n -0000167756 00000 n -0000167942 00000 n -0000168134 00000 n -0000168335 00000 n -0000168551 00000 n -0000168749 00000 n -0000168959 00000 n -0000169154 00000 n -0000169280 00000 n -0000169409 00000 n -0000169538 00000 n -0000169661 00000 n -0000169781 00000 n -0000169895 00000 n -0000170015 00000 n -0000170126 00000 n -0000170312 00000 n -0000170492 00000 n -0000170672 00000 n -0000170855 00000 n -0000171053 00000 n -0000171239 00000 n -0000171425 00000 n -0000171614 00000 n -0000171740 00000 n -0000171926 00000 n -0000172133 00000 n -0000172328 00000 n -0000172523 00000 n -0000172748 00000 n -0000172967 00000 n -0000173174 00000 n -0000173372 00000 n -0000173542 00000 n -0000173659 00000 n -0000173770 00000 n -0000173875 00000 n -0000173998 00000 n -0000174130 00000 n -0000174259 00000 n -0000174391 00000 n -0000174499 00000 n -0000174694 00000 n -0000174886 00000 n -0000175078 00000 n -0000175258 00000 n -0000175387 00000 n -0000175567 00000 n -0000175737 00000 n -0000175863 00000 n -0000176064 00000 n -0000176274 00000 n -0000176484 00000 n -0000176694 00000 n -0000176907 00000 n -0000177102 00000 n -0000177303 00000 n -0000177507 00000 n -0000177741 00000 n -0000177921 00000 n -0000178110 00000 n -0000178296 00000 n -0000178488 00000 n -0000178710 00000 n -0000178914 00000 n -0000179106 00000 n -0000179313 00000 n -0000179511 00000 n -0000179634 00000 n -0000179811 00000 n -0000180003 00000 n -0000180186 00000 n -0000180384 00000 n -0000180579 00000 n -0000180771 00000 n -0000180966 00000 n -0000181167 00000 n -0000181365 00000 n -0000181554 00000 n -0000181767 00000 n -0000181983 00000 n -0000182175 00000 n -0000182373 00000 n -0000182574 00000 n -0000182769 00000 n -0000182951 00000 n -0000183152 00000 n -0000183347 00000 n -0000183558 00000 n -0000183765 00000 n -0000183969 00000 n -0000184175 00000 n -0000184378 00000 n -0000184582 00000 n -0000184785 00000 n -0000184988 00000 n -0000185189 00000 n -0000185391 00000 n -0000185592 00000 n -0000185789 00000 n -0000185988 00000 n -0000186187 00000 n -0000186386 00000 n -0000186588 00000 n -0000186791 00000 n -0000186995 00000 n -0000187205 00000 n -0000187416 00000 n -0000187627 00000 n -0000187839 00000 n -0000188050 00000 n -0000188260 00000 n -0000188472 00000 n -0000188681 00000 n -0000188887 00000 n -0000189095 00000 n -0000189305 00000 n -0000189511 00000 n -0000189720 00000 n -0000189928 00000 n -0000190134 00000 n -0000190344 00000 n -0000190550 00000 n -0000190757 00000 n -0000190961 00000 n -0000191169 00000 n -0000191373 00000 n -0000191578 00000 n -0000191781 00000 n -0000191986 00000 n -0000192190 00000 n -0000192390 00000 n -0000192587 00000 n -0000192787 00000 n -0000192983 00000 n -0000193182 00000 n -0000193373 00000 n -0000193572 00000 n -0000193769 00000 n -0000193966 00000 n -0000194168 00000 n -0000194370 00000 n -0000194580 00000 n -0000194785 00000 n -0000194997 00000 n -0000195204 00000 n -0000195407 00000 n -0000195618 00000 n -0000195828 00000 n -0000196032 00000 n -0000196239 00000 n -0000196444 00000 n -0000196649 00000 n -0000196855 00000 n -0000197057 00000 n -0000197264 00000 n -0000197474 00000 n -0000197685 00000 n -0000197903 00000 n -0000198122 00000 n -0000198343 00000 n -0000198566 00000 n -0000198786 00000 n -0000199003 00000 n -0000199221 00000 n -0000199441 00000 n -0000199660 00000 n -0000199881 00000 n -0000200102 00000 n -0000200321 00000 n -0000200542 00000 n -0000200764 00000 n -0000200982 00000 n -0000201198 00000 n -0000201413 00000 n -0000201631 00000 n -0000201851 00000 n -0000202070 00000 n -0000202291 00000 n -0000202517 00000 n -0000202746 00000 n -0000202968 00000 n -0000203187 00000 n -0000203412 00000 n -0000203635 00000 n -0000203873 00000 n -0000204113 00000 n -0000204343 00000 n -0000204572 00000 n -0000204803 00000 n -0000205033 00000 n -0000205264 00000 n -0000205496 00000 n -0000205727 00000 n -0000205957 00000 n -0000206189 00000 n -0000206415 00000 n -0000206641 00000 n -0000206868 00000 n -0000207097 00000 n -0000207324 00000 n -0000207550 00000 n -0000207770 00000 n -0000207991 00000 n -0000208207 00000 n -0000208423 00000 n -0000208639 00000 n -0000208858 00000 n -0000209071 00000 n -0000209289 00000 n -0000209504 00000 n -0000209726 00000 n -0000209948 00000 n -0000210168 00000 n -0000210392 00000 n -0000210615 00000 n -0000210835 00000 n -0000211049 00000 n -0000211261 00000 n -0000211476 00000 n -0000211692 00000 n -0000211910 00000 n -0000212123 00000 n -0000212342 00000 n -0000212558 00000 n -0000212770 00000 n -0000212986 00000 n -0000213208 00000 n -0000213429 00000 n -0000213646 00000 n -0000213862 00000 n -0000214087 00000 n -0000214322 00000 n -0000214554 00000 n -0000214780 00000 n -0000215008 00000 n -0000215235 00000 n -0000215460 00000 n -0000215684 00000 n -0000215909 00000 n -0000216132 00000 n -0000216353 00000 n -0000216575 00000 n -0000216794 00000 n -0000217013 00000 n -0000217235 00000 n -0000217472 00000 n -0000217706 00000 n -0000217939 00000 n -0000218177 00000 n -0000218413 00000 n -0000218649 00000 n -0000218889 00000 n -0000219133 00000 n -0000219378 00000 n -0000219617 00000 n -0000219849 00000 n -0000220085 00000 n -0000220318 00000 n -0000220564 00000 n -0000220804 00000 n -0000221045 00000 n -0000221288 00000 n -0000221534 00000 n -0000221773 00000 n -0000222017 00000 n -0000222261 00000 n -0000222508 00000 n -0000222758 00000 n -0000223018 00000 n -0000223277 00000 n -0000223543 00000 n -0000223813 00000 n -0000224076 00000 n -0000224340 00000 n -0000224603 00000 n -0000224858 00000 n -0000225121 00000 n -0000225384 00000 n -0000225646 00000 n -0000225910 00000 n -0000226173 00000 n -0000226438 00000 n -0000226714 00000 n -0000226981 00000 n -0000227251 00000 n -0000227514 00000 n -0000227769 00000 n -0000228018 00000 n -0000228266 00000 n -0000228514 00000 n -0000228763 00000 n -0000229008 00000 n -0000229258 00000 n -0000229508 00000 n -0000229767 00000 n -0000230030 00000 n -0000230308 00000 n -0000230583 00000 n -0000230848 00000 n -0000231111 00000 n -0000231377 00000 n -0000231639 00000 n -0000231898 00000 n -0000232158 00000 n -0000232420 00000 n -0000232682 00000 n -0000232943 00000 n -0000233199 00000 n -0000233457 00000 n -0000233718 00000 n -0000233977 00000 n -0000234240 00000 n -0000234502 00000 n -0000234762 00000 n -0000235023 00000 n -0000235274 00000 n -0000235517 00000 n -0000235755 00000 n -0000236000 00000 n -0000236247 00000 n -0000236498 00000 n -0000236749 00000 n -0000236997 00000 n -0000237249 00000 n -0000237499 00000 n -0000237750 00000 n -0000237991 00000 n -0000238235 00000 n -0000238481 00000 n -0000238726 00000 n -0000238973 00000 n -0000239220 00000 n -0000239446 00000 n -0000239679 00000 n -0000239912 00000 n -0000240146 00000 n -0000240385 00000 n -0000240624 00000 n -0000240865 00000 n -0000241099 00000 n -0000241328 00000 n -0000241564 00000 n -0000241807 00000 n -0000242045 00000 n -0000242279 00000 n -0000242515 00000 n -0000242745 00000 n -0000242978 00000 n -0000243209 00000 n -0000243425 00000 n -0000243641 00000 n -0000243857 00000 n -0000244079 00000 n -0000244302 00000 n -0000244529 00000 n -0000244757 00000 n -0000244983 00000 n -0000245206 00000 n -0000245426 00000 n -0000245645 00000 n -0000245862 00000 n -0000246080 00000 n -0000246296 00000 n -0000246509 00000 n -0000246722 00000 n -0000246936 00000 n -0000247152 00000 n -0000247376 00000 n -0000247593 00000 n -0000247809 00000 n -0000248026 00000 n -0000248236 00000 n -0000248449 00000 n -0000248660 00000 n -0000248869 00000 n -0000249076 00000 n -0000249285 00000 n -0000249496 00000 n -0000249704 00000 n -0000249912 00000 n -0000250123 00000 n -0000250344 00000 n -0000250565 00000 n -0000250798 00000 n -0000251031 00000 n -0000251257 00000 n -0000251487 00000 n -0000251717 00000 n -0000251942 00000 n -0000252168 00000 n -0000252394 00000 n -0000252625 00000 n -0000252851 00000 n -0000253078 00000 n -0000253305 00000 n -0000253526 00000 n -0000253741 00000 n -0000253949 00000 n -0000254153 00000 n -0000254352 00000 n -0000254552 00000 n -0000254755 00000 n -0000254961 00000 n -0000255168 00000 n -0000255381 00000 n -0000255594 00000 n -0000255812 00000 n -0000256034 00000 n -0000256255 00000 n -0000256473 00000 n -0000256694 00000 n -0000256917 00000 n -0000257136 00000 n -0000257353 00000 n -0000257570 00000 n -0000257784 00000 n -0000257994 00000 n -0000258206 00000 n -0000258421 00000 n -0000258639 00000 n -0000258855 00000 n -0000259075 00000 n -0000259295 00000 n -0000259508 00000 n -0000259717 00000 n -0000259935 00000 n -0000260153 00000 n -0000260374 00000 n -0000260595 00000 n -0000260818 00000 n -0000261042 00000 n -0000261265 00000 n -0000261486 00000 n -0000261713 00000 n -0000261938 00000 n -0000262162 00000 n -0000262379 00000 n -0000262601 00000 n -0000262822 00000 n -0000263040 00000 n -0000263258 00000 n -0000263483 00000 n -0000263703 00000 n -0000263922 00000 n -0000264145 00000 n -0000264369 00000 n -0000264593 00000 n -0000264816 00000 n -0000265035 00000 n -0000265265 00000 n -0000265492 00000 n -0000265715 00000 n -0000265939 00000 n -0000266163 00000 n -0000266391 00000 n -0000266619 00000 n -0000266854 00000 n -0000267089 00000 n -0000267323 00000 n -0000267551 00000 n -0000267779 00000 n -0000268006 00000 n -0000268238 00000 n -0000268472 00000 n -0000268706 00000 n -0000268941 00000 n -0000269178 00000 n -0000269418 00000 n -0000269669 00000 n -0000269913 00000 n -0000270151 00000 n -0000270385 00000 n -0000270621 00000 n -0000270864 00000 n -0000271104 00000 n -0000271343 00000 n -0000271579 00000 n -0000271812 00000 n -0000272049 00000 n -0000272290 00000 n -0000272530 00000 n -0000272771 00000 n -0000273009 00000 n -0000273246 00000 n -0000273483 00000 n -0000273704 00000 n -0000273922 00000 n -0000274144 00000 n -0000274361 00000 n -0000274571 00000 n -0000274769 00000 n -0000274961 00000 n -0000275152 00000 n -0000025659 00000 n -0000026811 00000 n -trailer << /Size 1270 /Info 7 0 R /Root 10 0 R /Prev 278210 /ID[<60fee8f0a7aa5e5930d8ab5a36aee088><61d6746a07d1d4e2932a4e5f16fbc432>] >> startxref 0 %%EOF 10 0 obj << /Type /Catalog /Pages 6 0 R /Metadata 8 0 R /PageLabels 5 0 R >> endobj 1268 0 obj << /S 49 /L 2745 /Filter /FlateDecode /Length 1269 0 R >> stream -H‰ì“ÝkÛeÇ¿Íêy#¾]¸Î /½Ê."“a¡P- @ ,½ð/ ô¢,æun}¯iÓ¦i›µMM·ôUV­[…Š­/àÃÏ9¿0-(EñÂßáœç<çœçœó|Ïó“tJz뢞{AOé×Ïô3ðãïϨñöë -Dó{Rj=˜ï9ö3/¿©¶‘Î6ù|ÁzöÄþ$ûŸ¢Ðvb÷÷óý™5°ºú²5§«*jUƒÅöÙ¼¢WAé<9òØ -ø2äԐÏѺMR!í̺f53ŽjœÈô>,}äîGÏxwiüYç„w˜¡v‘ªœÈAA79—óZ֎Ë$Xg¾æé!ÐmR†{ù.ÙþR>«´Ï=MLžlv¦Ô¼GºÙKÊçoVìÇ;]Å?@öAh™êV'ë¯9ʙ1|ùæ;ÉáM“½àTt„FUwL­nÅ;¶,ÝÜ.ïuìô ßÂp/9ÂCX>p9Eô¨Æ5‚†4 _× §a·ˆšÒ4\@~Bô$Ú8Ú$Ò4Ë1 ?Æz“ 7õ®Áסa¨€ošØÏdsƒÆñLx2,ê–4‡¾à»E—ö%Í>´®èSl6­[Úbn5ökÈ5Ýöõ6+ªb­².p¢ä4eòT -y­zšÅWÆ7Ï: W81Ǻ¬uϵJžeâ­Þ¢WžGn‚üêo@;ÚÕçÚ&zÛì?Ó]Ömì»ÚÓ}éP?è'5ô|7tìú÷z Ýs {úºG®ûС-ÒÏD48{Ìþy¬oõµ¾AzŽ#´}ªmqjmŸ _qzŸvéÁ¬{ÜâT§£mìu°Ùð3uÖžµ&FîXåÆ+ŽÎ¼Ï¢6E*á2ç¯oŠ0O1ûI¤MËj¬¯V6ƒ5ŸCϬ¿¼‹1EŸ…!]ö©[¥9j|Vs*’¿ì³äø³˜kž-³³>Í»äyjD»Uhª»Ve:uhÉí€ÎnóöwÙmûÜ6AÆ&·…¶éÙ+~Wûû¯éCý׿Vµ^x†5¿ñ‹<-=; endstream endobj 1269 0 obj 1056 endobj 11 0 obj << /Type /Page /Parent 6 0 R /Resources 12 0 R /Contents [ 429 0 R 431 0 R 433 0 R 435 0 R 437 0 R 439 0 R 441 0 R 443 0 R ] /MediaBox [ 0 0 595 842 ] /CropBox [ 0 0 595 842 ] /Rotate 0 >> endobj 12 0 obj << /ProcSet [ /PDF /Text /ImageC /ImageI ] /Font << /TT2 296 0 R /TT4 306 0 R >> /XObject << /Im1 858 0 R /Im2 859 0 R /Im3 860 0 R /Im4 861 0 R /Im5 862 0 R /Im6 863 0 R /Im7 864 0 R /Im8 865 0 R /Im9 866 0 R /Im10 867 0 R /Im11 868 0 R /Im12 869 0 R /Im13 870 0 R /Im14 871 0 R /Im15 872 0 R /Im16 873 0 R /Im17 874 0 R /Im18 875 0 R /Im19 876 0 R /Im20 877 0 R /Im21 878 0 R /Im22 879 0 R /Im23 880 0 R /Im24 881 0 R /Im25 882 0 R /Im26 883 0 R /Im27 884 0 R /Im28 885 0 R /Im29 886 0 R /Im30 887 0 R /Im31 888 0 R /Im32 889 0 R /Im33 890 0 R /Im34 891 0 R /Im35 892 0 R /Im36 893 0 R /Im37 894 0 R /Im38 895 0 R /Im39 896 0 R /Im40 897 0 R /Im41 898 0 R /Im42 899 0 R /Im43 900 0 R /Im44 901 0 R /Im45 902 0 R /Im46 903 0 R /Im47 904 0 R /Im48 905 0 R /Im49 906 0 R /Im50 907 0 R /Im51 908 0 R /Im52 909 0 R /Im53 910 0 R /Im54 911 0 R /Im55 912 0 R /Im56 913 0 R /Im57 914 0 R /Im58 915 0 R /Im59 916 0 R /Im60 917 0 R /Im61 918 0 R /Im62 919 0 R /Im63 920 0 R /Im64 921 0 R /Im65 922 0 R /Im66 923 0 R /Im67 924 0 R /Im68 925 0 R /Im69 926 0 R /Im70 927 0 R /Im71 928 0 R /Im72 929 0 R /Im73 930 0 R /Im74 931 0 R /Im75 932 0 R /Im76 933 0 R /Im77 934 0 R /Im78 935 0 R /Im79 936 0 R /Im80 937 0 R /Im81 938 0 R /Im82 939 0 R /Im83 940 0 R /Im84 941 0 R /Im85 942 0 R /Im86 943 0 R /Im87 944 0 R /Im88 945 0 R /Im89 946 0 R /Im90 947 0 R /Im91 948 0 R /Im92 949 0 R /Im93 950 0 R /Im94 951 0 R /Im95 952 0 R /Im96 953 0 R /Im97 954 0 R /Im98 955 0 R /Im99 956 0 R /Im100 957 0 R /Im101 958 0 R /Im102 959 0 R /Im103 960 0 R /Im104 961 0 R /Im105 962 0 R /Im106 963 0 R /Im107 964 0 R /Im108 965 0 R /Im109 966 0 R /Im110 967 0 R /Im111 968 0 R /Im112 969 0 R /Im113 970 0 R /Im114 971 0 R /Im115 972 0 R /Im116 973 0 R /Im117 974 0 R /Im118 975 0 R /Im119 976 0 R /Im120 977 0 R /Im121 978 0 R /Im122 979 0 R /Im123 980 0 R /Im124 981 0 R /Im125 982 0 R /Im126 983 0 R /Im127 984 0 R /Im128 985 0 R /Im129 986 0 R /Im130 987 0 R /Im131 988 0 R /Im132 989 0 R /Im133 990 0 R /Im134 991 0 R /Im135 992 0 R /Im136 993 0 R /Im137 994 0 R /Im138 995 0 R /Im139 996 0 R /Im140 997 0 R /Im141 998 0 R /Im142 999 0 R /Im143 1000 0 R /Im144 1001 0 R /Im145 1002 0 R /Im146 1003 0 R /Im147 1004 0 R /Im148 1005 0 R /Im149 1006 0 R /Im150 1007 0 R /Im151 1008 0 R /Im152 1009 0 R /Im153 1010 0 R /Im154 1011 0 R /Im155 1012 0 R /Im156 1013 0 R /Im157 1014 0 R /Im158 1015 0 R /Im159 1016 0 R /Im160 1017 0 R /Im161 1018 0 R /Im162 1019 0 R /Im163 1020 0 R /Im164 1021 0 R /Im165 1022 0 R /Im166 1023 0 R /Im167 1024 0 R /Im168 1025 0 R /Im169 1026 0 R /Im170 1027 0 R /Im171 1028 0 R /Im172 1029 0 R /Im173 1030 0 R /Im174 1031 0 R /Im175 1032 0 R /Im176 1033 0 R /Im177 1034 0 R /Im178 1035 0 R /Im179 1036 0 R /Im180 1037 0 R /Im181 1038 0 R /Im182 1039 0 R /Im183 1040 0 R /Im184 1041 0 R /Im185 1042 0 R /Im186 1043 0 R /Im187 1044 0 R /Im188 1045 0 R /Im189 1046 0 R /Im190 1047 0 R /Im191 1048 0 R /Im192 1049 0 R /Im193 1050 0 R /Im194 1051 0 R /Im195 1052 0 R /Im196 1053 0 R /Im197 1054 0 R /Im198 1055 0 R /Im199 1056 0 R /Im200 1057 0 R /Im201 1058 0 R /Im202 1059 0 R /Im203 1060 0 R /Im204 1061 0 R /Im205 1062 0 R /Im206 1063 0 R /Im207 1064 0 R /Im208 1065 0 R /Im209 1066 0 R /Im210 1067 0 R /Im211 1068 0 R /Im212 1069 0 R /Im213 1070 0 R /Im214 1071 0 R /Im215 1072 0 R /Im216 1073 0 R /Im217 1074 0 R /Im218 1075 0 R /Im219 1076 0 R /Im220 1077 0 R /Im221 1078 0 R /Im222 1079 0 R /Im223 1080 0 R /Im224 1081 0 R /Im225 1082 0 R /Im226 1083 0 R /Im227 1084 0 R /Im228 1085 0 R /Im229 1086 0 R /Im230 1087 0 R /Im231 1088 0 R /Im232 1089 0 R /Im233 1090 0 R /Im234 1091 0 R /Im235 1092 0 R /Im236 1093 0 R /Im237 1094 0 R /Im238 1095 0 R /Im239 1096 0 R /Im240 1097 0 R /Im241 1098 0 R /Im242 1099 0 R /Im243 1100 0 R /Im244 1101 0 R /Im245 1102 0 R /Im246 1103 0 R /Im247 1104 0 R /Im248 1105 0 R /Im249 1106 0 R /Im250 1107 0 R /Im251 1108 0 R /Im252 1109 0 R /Im253 1110 0 R /Im254 1111 0 R /Im255 1112 0 R /Im256 1113 0 R /Im257 1114 0 R /Im258 1115 0 R /Im259 1116 0 R /Im260 1117 0 R /Im261 1118 0 R /Im262 1119 0 R /Im263 1120 0 R /Im264 1121 0 R /Im265 1122 0 R /Im266 1123 0 R /Im267 1124 0 R /Im268 1125 0 R /Im269 1126 0 R /Im270 1127 0 R /Im271 1128 0 R /Im272 1129 0 R /Im273 1130 0 R /Im274 1131 0 R /Im275 1132 0 R /Im276 1133 0 R /Im277 1134 0 R /Im278 1135 0 R /Im279 1136 0 R /Im280 1137 0 R /Im281 1138 0 R /Im282 1139 0 R /Im283 1140 0 R /Im284 1141 0 R /Im285 1142 0 R /Im286 1143 0 R /Im287 1144 0 R /Im288 1145 0 R /Im289 1146 0 R /Im290 1147 0 R /Im291 1148 0 R /Im292 1149 0 R /Im293 1150 0 R /Im294 1151 0 R /Im295 1152 0 R /Im296 1153 0 R /Im297 1154 0 R /Im298 1155 0 R /Im299 1156 0 R /Im300 1157 0 R /Im301 1158 0 R /Im302 1159 0 R /Im303 1160 0 R /Im304 1161 0 R /Im305 1162 0 R /Im306 1163 0 R /Im307 1164 0 R /Im308 1165 0 R /Im309 1166 0 R /Im310 1167 0 R /Im311 1168 0 R /Im312 1169 0 R /Im313 1170 0 R /Im314 1171 0 R /Im315 1172 0 R /Im316 1173 0 R /Im317 1174 0 R /Im318 1175 0 R /Im319 1176 0 R /Im320 1177 0 R /Im321 1178 0 R /Im322 1179 0 R /Im323 1180 0 R /Im324 1181 0 R /Im325 1182 0 R /Im326 1183 0 R /Im327 1184 0 R /Im328 1185 0 R /Im329 1186 0 R /Im330 1187 0 R /Im331 1188 0 R /Im332 1189 0 R /Im333 1190 0 R /Im334 1191 0 R /Im335 1192 0 R /Im336 1193 0 R /Im337 1194 0 R /Im338 1195 0 R /Im339 1196 0 R /Im340 1197 0 R /Im341 1198 0 R /Im342 1199 0 R /Im343 1200 0 R /Im344 1201 0 R /Im345 1202 0 R /Im346 1203 0 R /Im347 1204 0 R /Im348 1205 0 R /Im349 1206 0 R /Im350 1207 0 R /Im351 1208 0 R /Im352 1209 0 R /Im353 1210 0 R /Im354 1211 0 R /Im355 1212 0 R /Im356 1213 0 R /Im357 1214 0 R /Im358 1215 0 R /Im359 1216 0 R /Im360 1217 0 R /Im361 1218 0 R /Im362 1219 0 R /Im363 1220 0 R /Im364 1221 0 R /Im365 1222 0 R /Im366 1223 0 R /Im367 1224 0 R /Im368 1225 0 R /Im369 1226 0 R /Im370 1227 0 R /Im371 1228 0 R /Im372 1229 0 R /Im373 1230 0 R /Im374 1231 0 R /Im375 1232 0 R /Im376 1233 0 R /Im377 1234 0 R /Im378 1235 0 R /Im379 1236 0 R /Im380 1237 0 R /Im381 1238 0 R /Im382 1239 0 R /Im383 1240 0 R /Im384 1241 0 R /Im385 1242 0 R /Im386 1243 0 R /Im387 1244 0 R /Im388 1245 0 R /Im389 1246 0 R /Im390 1247 0 R /Im391 1248 0 R /Im392 1249 0 R /Im393 1250 0 R /Im394 1251 0 R /Im395 1252 0 R /Im396 1253 0 R /Im397 1254 0 R /Im398 1255 0 R /Im399 1256 0 R /Im400 1257 0 R /Im401 1258 0 R /Im402 1259 0 R /Im403 1260 0 R /Im404 1261 0 R /Im405 1262 0 R /Im406 1263 0 R /Im407 1264 0 R /Im408 1265 0 R /Im409 1266 0 R /Im410 1267 0 R >> /ExtGState << /GS1 673 0 R >> /ColorSpace << /Cs6 293 0 R /Cs8 281 0 R /Cs9 290 0 R /Cs10 287 0 R /Cs11 325 0 R /Cs12 322 0 R /Cs13 332 0 R /Cs14 329 0 R /Cs15 310 0 R /Cs16 317 0 R /Cs17 316 0 R /Cs18 244 0 R /Cs19 242 0 R /Cs20 252 0 R /Cs21 248 0 R /Cs22 230 0 R /Cs23 237 0 R /Cs24 234 0 R /Cs25 270 0 R /Cs26 267 0 R /Cs27 278 0 R /Cs28 275 0 R /Cs29 258 0 R /Cs30 334 0 R /Cs31 262 0 R /Cs32 398 0 R /Cs33 396 0 R /Cs34 403 0 R /Cs35 387 0 R /Cs36 392 0 R /Cs37 390 0 R /Cs38 421 0 R /Cs39 424 0 R /Cs40 409 0 R /Cs41 416 0 R /Cs42 350 0 R /Cs43 352 0 R /Cs44 353 0 R /Cs45 339 0 R /Cs46 344 0 R /Cs47 358 0 R /Cs48 371 0 R /Cs49 377 0 R /Cs50 363 0 R /Cs51 364 0 R /Cs52 365 0 R /Cs53 381 0 R /Cs54 346 0 R /Cs55 408 0 R /Cs56 384 0 R /Cs57 85 0 R /Cs58 81 0 R /Cs59 89 0 R /Cs60 86 0 R /Cs61 69 0 R /Cs62 67 0 R /Cs63 77 0 R /Cs64 92 0 R /Cs65 111 0 R /Cs66 112 0 R /Cs67 115 0 R /Cs68 96 0 R /Cs69 93 0 R /Cs70 103 0 R /Cs71 100 0 R /Cs72 28 0 R /Cs73 31 0 R /Cs74 34 0 R /Cs75 16 0 R /Cs76 14 0 R /Cs77 23 0 R /Cs78 20 0 R /Cs79 57 0 R /Cs80 58 0 R /Cs81 64 0 R /Cs82 51 0 R /Cs83 39 0 R /Cs84 49 0 R /Cs85 45 0 R /Cs86 191 0 R /Cs87 188 0 R /Cs88 199 0 R /Cs89 195 0 R /Cs90 176 0 R /Cs91 183 0 R /Cs92 180 0 R /Cs93 217 0 R /Cs94 214 0 R /Cs95 225 0 R /Cs96 222 0 R /Cs97 205 0 R /Cs98 206 0 R /Cs99 209 0 R /Cs100 136 0 R /Cs101 135 0 R /Cs102 143 0 R /Cs103 140 0 R /Cs104 124 0 R /Cs105 121 0 R /Cs106 131 0 R /Cs107 146 0 R /Cs108 162 0 R /Cs109 166 0 R /Cs110 169 0 R /Cs111 150 0 R /Cs112 148 0 R /Cs113 157 0 R /Cs114 154 0 R /Cs115 168 0 R /Cs116 126 0 R /Cs117 145 0 R /Cs118 211 0 R /Cs119 220 0 R /Cs120 175 0 R /Cs121 189 0 R /Cs122 43 0 R /Cs123 55 0 R /Cs124 33 0 R /Cs125 101 0 R /Cs126 117 0 R /Cs127 75 0 R /Cs128 80 0 R /Cs129 351 0 R /Cs130 359 0 R /Cs131 341 0 R /Cs132 347 0 R /Cs133 419 0 R /Cs134 402 0 R /Cs135 264 0 R /Cs136 273 0 R /Cs137 229 0 R /Cs138 243 0 R /Cs139 311 0 R /Cs140 307 0 R /Cs141 301 0 R /Cs142 295 0 R /Cs143 285 0 R /Cs144 292 0 R /Cs145 323 0 R /Cs146 330 0 R /Cs147 309 0 R /Cs148 315 0 R /Cs149 250 0 R /Cs150 231 0 R /Cs151 239 0 R /Cs152 272 0 R /Cs153 276 0 R /Cs154 254 0 R /Cs155 261 0 R /Cs156 404 0 R /Cs157 383 0 R /Cs158 427 0 R /Cs159 418 0 R /Cs160 415 0 R /Cs161 357 0 R /Cs162 336 0 R /Cs163 375 0 R /Cs164 370 0 R /Cs165 369 0 R /Cs166 345 0 R /Cs167 423 0 R /Cs168 83 0 R /Cs169 91 0 R /Cs170 68 0 R /Cs171 72 0 R /Cs172 106 0 R /Cs173 114 0 R /Cs174 98 0 R /Cs175 29 0 R /Cs176 36 0 R /Cs177 15 0 R /Cs178 21 0 R /Cs179 52 0 R /Cs180 59 0 R /Cs181 44 0 R /Cs182 119 0 R /Cs183 197 0 R /Cs184 177 0 R /Cs185 185 0 R /Cs186 219 0 R /Cs187 223 0 R /Cs188 201 0 R /Cs189 208 0 R /Cs190 134 0 R /Cs191 132 0 R /Cs192 129 0 R /Cs193 164 0 R /Cs194 171 0 R /Cs195 149 0 R /Cs196 155 0 R /Cs197 153 0 R /Cs198 158 0 R /Cs199 156 0 R /Cs200 152 0 R /Cs201 147 0 R /Cs202 151 0 R /Cs203 159 0 R /Cs204 167 0 R /Cs205 172 0 R /Cs206 170 0 R /Cs207 161 0 R /Cs208 160 0 R /Cs209 165 0 R /Cs210 163 0 R /Cs211 127 0 R /Cs212 128 0 R /Cs213 130 0 R /Cs214 125 0 R /Cs215 120 0 R /Cs216 122 0 R /Cs217 123 0 R /Cs218 141 0 R /Cs219 142 0 R /Cs220 144 0 R /Cs221 139 0 R /Cs222 133 0 R /Cs223 138 0 R /Cs224 137 0 R /Cs225 173 0 R /Cs226 207 0 R /Cs227 212 0 R /Cs228 210 0 R /Cs229 202 0 R /Cs230 203 0 R /Cs231 204 0 R /Cs232 213 0 R /Cs233 221 0 R /Cs234 226 0 R /Cs235 224 0 R /Cs236 215 0 R /Cs237 216 0 R /Cs238 218 0 R /Cs239 200 0 R /Cs240 181 0 R /Cs241 182 0 R /Cs242 184 0 R /Cs243 179 0 R /Cs244 174 0 R /Cs245 178 0 R /Cs246 186 0 R /Cs247 194 0 R /Cs248 196 0 R /Cs249 198 0 R /Cs250 193 0 R /Cs251 187 0 R /Cs252 192 0 R /Cs253 190 0 R /Cs254 46 0 R /Cs255 47 0 R /Cs256 50 0 R /Cs257 48 0 R /Cs258 40 0 R /Cs259 41 0 R /Cs260 42 0 R /Cs261 60 0 R /Cs262 61 0 R /Cs263 63 0 R /Cs264 62 0 R /Cs265 53 0 R /Cs266 54 0 R /Cs267 56 0 R /Cs268 38 0 R /Cs269 19 0 R /Cs270 24 0 R /Cs271 22 0 R /Cs272 18 0 R /Cs273 13 0 R /Cs274 17 0 R /Cs275 25 0 R /Cs276 32 0 R /Cs277 37 0 R /Cs278 35 0 R /Cs279 27 0 R /Cs280 26 0 R /Cs281 30 0 R /Cs282 65 0 R /Cs283 99 0 R /Cs284 104 0 R /Cs285 102 0 R /Cs286 94 0 R /Cs287 95 0 R /Cs288 97 0 R /Cs289 105 0 R /Cs290 113 0 R /Cs291 118 0 R /Cs292 116 0 R /Cs293 107 0 R /Cs294 108 0 R /Cs295 110 0 R /Cs296 109 0 R /Cs297 73 0 R /Cs298 74 0 R /Cs299 76 0 R /Cs300 71 0 R /Cs301 66 0 R /Cs302 70 0 R /Cs303 78 0 R /Cs304 87 0 R /Cs305 88 0 R /Cs306 90 0 R /Cs307 227 0 R /Cs308 79 0 R /Cs309 84 0 R /Cs310 82 0 R /Cs311 397 0 R /Cs312 386 0 R /Cs313 391 0 R /Cs314 425 0 R /Cs315 414 0 R /Cs316 349 0 R /Cs317 335 0 R /Cs318 376 0 R /Cs319 379 0 R /Cs320 366 0 R /Cs321 367 0 R /Cs322 368 0 R /Cs323 360 0 R /Cs324 361 0 R /Cs325 362 0 R /Cs326 378 0 R /Cs327 380 0 R /Cs328 372 0 R /Cs329 373 0 R /Cs330 374 0 R /Cs331 342 0 R /Cs332 343 0 R /Cs333 340 0 R /Cs334 337 0 R /Cs335 338 0 R /Cs336 354 0 R /Cs337 355 0 R /Cs338 356 0 R /Cs339 348 0 R /Cs340 382 0 R /Cs341 413 0 R /Cs342 417 0 R /Cs343 412 0 R /Cs344 407 0 R /Cs345 411 0 R /Cs346 410 0 R /Cs347 426 0 R /Cs348 422 0 R /Cs349 420 0 R /Cs350 389 0 R /Cs351 406 0 R /Cs352 393 0 R /Cs353 388 0 R /Cs354 385 0 R /Cs355 394 0 R /Cs356 401 0 R /Cs357 405 0 R /Cs358 400 0 R /Cs359 395 0 R /Cs360 399 0 R /Cs361 259 0 R /Cs362 260 0 R /Cs363 265 0 R /Cs364 263 0 R /Cs365 255 0 R /Cs366 256 0 R /Cs367 257 0 R /Cs368 266 0 R /Cs369 274 0 R /Cs370 279 0 R /Cs371 277 0 R /Cs372 268 0 R /Cs373 269 0 R /Cs374 271 0 R /Cs375 253 0 R /Cs376 235 0 R /Cs377 236 0 R /Cs378 238 0 R /Cs379 233 0 R /Cs380 228 0 R /Cs381 232 0 R /Cs382 240 0 R /Cs383 247 0 R /Cs384 249 0 R /Cs385 251 0 R /Cs386 246 0 R /Cs387 241 0 R /Cs388 245 0 R /Cs389 280 0 R /Cs390 314 0 R /Cs391 319 0 R /Cs392 318 0 R /Cs393 313 0 R /Cs394 308 0 R /Cs395 312 0 R /Cs396 320 0 R /Cs397 328 0 R /Cs398 333 0 R /Cs399 331 0 R /Cs400 327 0 R /Cs401 321 0 R /Cs402 326 0 R /Cs403 324 0 R /Cs404 288 0 R /Cs405 289 0 R /Cs406 291 0 R /Cs407 286 0 R /Cs408 282 0 R /Cs409 283 0 R /Cs410 284 0 R /Cs411 302 0 R /Cs412 303 0 R /Cs413 305 0 R /Cs414 300 0 R /Cs415 294 0 R /Cs416 299 0 R /Cs417 297 0 R >> >> endobj 13 0 obj [ /Indexed 293 0 R 17 814 0 R ] endobj 14 0 obj [ /Indexed 293 0 R 13 578 0 R ] endobj 15 0 obj [ /Indexed 293 0 R 36 776 0 R ] endobj 16 0 obj [ /Indexed 293 0 R 12 576 0 R ] endobj 17 0 obj [ /Indexed 293 0 R 16 809 0 R ] endobj 18 0 obj [ /Indexed 293 0 R 24 819 0 R ] endobj 19 0 obj [ /Indexed 293 0 R 26 821 0 R ] endobj 20 0 obj [ /Indexed 293 0 R 13 580 0 R ] endobj 21 0 obj [ /Indexed 293 0 R 33 754 0 R ] endobj 22 0 obj [ /Indexed 293 0 R 29 820 0 R ] endobj 23 0 obj [ /Indexed 293 0 R 10 581 0 R ] endobj 24 0 obj [ /Indexed 293 0 R 23 822 0 R ] endobj 25 0 obj [ /Indexed 293 0 R 18 808 0 R ] endobj 26 0 obj [ /Indexed 293 0 R 25 811 0 R ] endobj 27 0 obj [ /Indexed 293 0 R 24 812 0 R ] endobj 28 0 obj [ /Indexed 293 0 R 12 558 0 R ] endobj 29 0 obj [ /Indexed 293 0 R 39 779 0 R ] endobj 30 0 obj [ /Indexed 293 0 R 19 720 0 R ] endobj 31 0 obj [ /Indexed 293 0 R 13 472 0 R ] endobj 32 0 obj [ /Indexed 293 0 R 20 807 0 R ] endobj 33 0 obj [ /Indexed 293 0 R 24 452 0 R ] endobj 34 0 obj [ /Indexed 293 0 R 12 577 0 R ] endobj 35 0 obj [ /Indexed 293 0 R 25 813 0 R ] endobj 36 0 obj [ /Indexed 293 0 R 41 777 0 R ] endobj 37 0 obj [ /Indexed 293 0 R 22 810 0 R ] endobj 38 0 obj [ /Indexed 293 0 R 29 818 0 R ] endobj 39 0 obj [ /Indexed 293 0 R 23 571 0 R ] endobj 40 0 obj [ /Indexed 293 0 R 29 791 0 R ] endobj 41 0 obj [ /Indexed 293 0 R 29 790 0 R ] endobj 42 0 obj [ /Indexed 293 0 R 35 793 0 R ] endobj 43 0 obj [ /Indexed 293 0 R 25 457 0 R ] endobj 44 0 obj [ /Indexed 293 0 R 29 729 0 R ] endobj 45 0 obj [ /Indexed 293 0 R 20 573 0 R ] endobj 46 0 obj [ /Indexed 293 0 R 42 803 0 R ] endobj 47 0 obj [ /Indexed 293 0 R 44 802 0 R ] endobj 48 0 obj [ /Indexed 293 0 R 30 792 0 R ] endobj 49 0 obj [ /Indexed 293 0 R 20 574 0 R ] endobj 50 0 obj [ /Indexed 293 0 R 23 797 0 R ] endobj 51 0 obj [ /Indexed 293 0 R 19 569 0 R ] endobj 52 0 obj [ /Indexed 293 0 R 28 731 0 R ] endobj 53 0 obj [ /Indexed 293 0 R 33 817 0 R ] endobj 54 0 obj [ /Indexed 293 0 R 33 816 0 R ] endobj 55 0 obj [ /Indexed 293 0 R 23 460 0 R ] endobj 56 0 obj [ /Indexed 293 0 R 34 815 0 R ] endobj 57 0 obj [ /Indexed 293 0 R 13 579 0 R ] endobj 58 0 obj [ /Indexed 293 0 R 17 575 0 R ] endobj 59 0 obj [ /Indexed 293 0 R 29 730 0 R ] endobj 60 0 obj [ /Indexed 293 0 R 32 796 0 R ] endobj 61 0 obj [ /Indexed 293 0 R 31 795 0 R ] endobj 62 0 obj [ /Indexed 293 0 R 26 806 0 R ] endobj 63 0 obj [ /Indexed 293 0 R 31 794 0 R ] endobj 64 0 obj [ /Indexed 293 0 R 16 570 0 R ] endobj 65 0 obj [ /Indexed 293 0 R 21 627 0 R ] endobj 66 0 obj [ /Indexed 293 0 R 14 643 0 R ] endobj 67 0 obj [ /Indexed 293 0 R 7 564 0 R ] endobj 68 0 obj [ /Indexed 293 0 R 31 774 0 R ] endobj 69 0 obj [ /Indexed 293 0 R 7 562 0 R ] endobj 70 0 obj [ /Indexed 293 0 R 13 646 0 R ] endobj 71 0 obj [ /Indexed 293 0 R 12 644 0 R ] endobj 72 0 obj [ /Indexed 293 0 R 33 773 0 R ] endobj 73 0 obj [ /Indexed 293 0 R 14 621 0 R ] endobj 74 0 obj [ /Indexed 293 0 R 13 633 0 R ] endobj 75 0 obj [ /Indexed 293 0 R 15 464 0 R ] endobj 76 0 obj [ /Indexed 293 0 R 12 645 0 R ] endobj 77 0 obj [ /Indexed 293 0 R 10 567 0 R ] endobj 78 0 obj [ /Indexed 293 0 R 13 649 0 R ] endobj 79 0 obj [ /Indexed 293 0 R 27 636 0 R ] endobj 80 0 obj [ /Indexed 293 0 R 18 449 0 R ] endobj 81 0 obj [ /Indexed 293 0 R 9 489 0 R ] endobj 82 0 obj [ /Indexed 293 0 R 24 634 0 R ] endobj 83 0 obj [ /Indexed 293 0 R 21 785 0 R ] endobj 84 0 obj [ /Indexed 293 0 R 22 635 0 R ] endobj 85 0 obj [ /Indexed 293 0 R 7 490 0 R ] endobj 86 0 obj [ /Indexed 293 0 R 8 563 0 R ] endobj 87 0 obj [ /Indexed 293 0 R 16 650 0 R ] endobj 88 0 obj [ /Indexed 293 0 R 19 648 0 R ] endobj 89 0 obj [ /Indexed 293 0 R 4 527 0 R ] endobj 90 0 obj [ /Indexed 293 0 R 19 647 0 R ] endobj 91 0 obj [ /Indexed 293 0 R 34 780 0 R ] endobj 92 0 obj [ /Indexed 293 0 R 10 566 0 R ] endobj 93 0 obj [ /Indexed 293 0 R 12 557 0 R ] endobj 94 0 obj [ /Indexed 293 0 R 21 631 0 R ] endobj 95 0 obj [ /Indexed 293 0 R 15 632 0 R ] endobj 96 0 obj [ /Indexed 293 0 R 14 555 0 R ] endobj 97 0 obj [ /Indexed 293 0 R 18 630 0 R ] endobj 98 0 obj [ /Indexed 293 0 R 35 778 0 R ] endobj 99 0 obj [ /Indexed 293 0 R 21 626 0 R ] endobj 100 0 obj [ /Indexed 293 0 R 17 559 0 R ] endobj 101 0 obj [ /Indexed 293 0 R 18 467 0 R ] endobj 102 0 obj [ /Indexed 293 0 R 19 628 0 R ] endobj 103 0 obj [ /Indexed 293 0 R 17 560 0 R ] endobj 104 0 obj [ /Indexed 293 0 R 16 625 0 R ] endobj 105 0 obj [ /Indexed 293 0 R 15 629 0 R ] endobj 106 0 obj [ /Indexed 293 0 R 33 772 0 R ] endobj 107 0 obj [ /Indexed 293 0 R 14 617 0 R ] endobj 108 0 obj [ /Indexed 293 0 R 17 620 0 R ] endobj 109 0 obj [ /Indexed 293 0 R 16 622 0 R ] endobj 110 0 obj [ /Indexed 293 0 R 13 623 0 R ] endobj 111 0 obj [ /Indexed 293 0 R 12 565 0 R ] endobj 112 0 obj [ /Indexed 293 0 R 11 561 0 R ] endobj 113 0 obj [ /Indexed 293 0 R 20 624 0 R ] endobj 114 0 obj [ /Indexed 293 0 R 33 775 0 R ] endobj 115 0 obj [ /Indexed 293 0 R 17 556 0 R ] endobj 116 0 obj [ /Indexed 293 0 R 17 618 0 R ] endobj 117 0 obj [ /Indexed 293 0 R 17 466 0 R ] endobj 118 0 obj [ /Indexed 293 0 R 20 619 0 R ] endobj 119 0 obj [ /Indexed 293 0 R 31 732 0 R ] endobj 120 0 obj [ /Indexed 293 0 R 29 832 0 R ] endobj 121 0 obj [ /Indexed 293 0 R 20 552 0 R ] endobj 122 0 obj [ /Indexed 293 0 R 33 835 0 R ] endobj 123 0 obj [ /Indexed 293 0 R 33 838 0 R ] endobj 124 0 obj [ /Indexed 293 0 R 21 553 0 R ] endobj 125 0 obj [ /Indexed 293 0 R 32 833 0 R ] endobj 126 0 obj [ /Indexed 293 0 R 24 469 0 R ] endobj 127 0 obj [ /Indexed 293 0 R 31 582 0 R ] endobj 128 0 obj [ /Indexed 293 0 R 31 789 0 R ] endobj 129 0 obj [ /Indexed 293 0 R 38 727 0 R ] endobj 130 0 obj [ /Indexed 293 0 R 31 834 0 R ] endobj 131 0 obj [ /Indexed 293 0 R 20 551 0 R ] endobj 132 0 obj [ /Indexed 293 0 R 29 724 0 R ] endobj 133 0 obj [ /Indexed 293 0 R 39 826 0 R ] endobj 134 0 obj [ /Indexed 293 0 R 25 721 0 R ] endobj 135 0 obj [ /Indexed 293 0 R 20 549 0 R ] endobj 136 0 obj [ /Indexed 293 0 R 19 540 0 R ] endobj 137 0 obj [ /Indexed 293 0 R 39 824 0 R ] endobj 138 0 obj [ /Indexed 293 0 R 39 825 0 R ] endobj 139 0 obj [ /Indexed 293 0 R 47 831 0 R ] endobj 140 0 obj [ /Indexed 293 0 R 25 550 0 R ] endobj 141 0 obj [ /Indexed 293 0 R 38 839 0 R ] endobj 142 0 obj [ /Indexed 293 0 R 37 837 0 R ] endobj 143 0 obj [ /Indexed 293 0 R 24 548 0 R ] endobj 144 0 obj [ /Indexed 293 0 R 43 836 0 R ] endobj 145 0 obj [ /Indexed 293 0 R 23 465 0 R ] endobj 146 0 obj [ /Indexed 293 0 R 23 547 0 R ] endobj 147 0 obj [ /Indexed 293 0 R 35 753 0 R ] endobj 148 0 obj [ /Indexed 293 0 R 28 545 0 R ] endobj 149 0 obj [ /Indexed 293 0 R 42 737 0 R ] endobj 150 0 obj [ /Indexed 293 0 R 25 546 0 R ] endobj 151 0 obj [ /Indexed 293 0 R 35 751 0 R ] endobj 152 0 obj [ /Indexed 293 0 R 38 752 0 R ] endobj 153 0 obj [ /Indexed 293 0 R 35 747 0 R ] endobj 154 0 obj [ /Indexed 293 0 R 25 568 0 R ] endobj 155 0 obj [ /Indexed 293 0 R 37 748 0 R ] endobj 156 0 obj [ /Indexed 293 0 R 33 749 0 R ] endobj 157 0 obj [ /Indexed 293 0 R 25 544 0 R ] endobj 158 0 obj [ /Indexed 293 0 R 38 746 0 R ] endobj 159 0 obj [ /Indexed 293 0 R 36 750 0 R ] endobj 160 0 obj [ /Indexed 293 0 R 44 741 0 R ] endobj 161 0 obj [ /Indexed 293 0 R 44 738 0 R ] endobj 162 0 obj [ /Indexed 293 0 R 29 542 0 R ] endobj 163 0 obj [ /Indexed 293 0 R 35 743 0 R ] endobj 164 0 obj [ /Indexed 293 0 R 37 726 0 R ] endobj 165 0 obj [ /Indexed 293 0 R 37 744 0 R ] endobj 166 0 obj [ /Indexed 293 0 R 33 541 0 R ] endobj 167 0 obj [ /Indexed 293 0 R 35 745 0 R ] endobj 168 0 obj [ /Indexed 293 0 R 24 446 0 R ] endobj 169 0 obj [ /Indexed 293 0 R 24 543 0 R ] endobj 170 0 obj [ /Indexed 293 0 R 49 739 0 R ] endobj 171 0 obj [ /Indexed 293 0 R 40 725 0 R ] endobj 172 0 obj [ /Indexed 293 0 R 42 740 0 R ] endobj 173 0 obj [ /Indexed 293 0 R 40 827 0 R ] endobj 174 0 obj [ /Indexed 293 0 R 34 848 0 R ] endobj 175 0 obj [ /Indexed 293 0 R 23 454 0 R ] endobj 176 0 obj [ /Indexed 293 0 R 21 536 0 R ] endobj 177 0 obj [ /Indexed 293 0 R 29 736 0 R ] endobj 178 0 obj [ /Indexed 293 0 R 34 846 0 R ] endobj 179 0 obj [ /Indexed 293 0 R 33 847 0 R ] endobj 180 0 obj [ /Indexed 293 0 R 17 538 0 R ] endobj 181 0 obj [ /Indexed 293 0 R 28 842 0 R ] endobj 182 0 obj [ /Indexed 293 0 R 22 841 0 R ] endobj 183 0 obj [ /Indexed 293 0 R 17 539 0 R ] endobj 184 0 obj [ /Indexed 293 0 R 30 844 0 R ] endobj 185 0 obj [ /Indexed 293 0 R 29 734 0 R ] endobj 186 0 obj [ /Indexed 293 0 R 35 845 0 R ] endobj 187 0 obj [ /Indexed 293 0 R 34 801 0 R ] endobj 188 0 obj [ /Indexed 293 0 R 19 554 0 R ] endobj 189 0 obj [ /Indexed 293 0 R 24 459 0 R ] endobj 190 0 obj [ /Indexed 293 0 R 35 805 0 R ] endobj 191 0 obj [ /Indexed 293 0 R 16 572 0 R ] endobj 192 0 obj [ /Indexed 293 0 R 38 804 0 R ] endobj 193 0 obj [ /Indexed 293 0 R 31 798 0 R ] endobj 194 0 obj [ /Indexed 293 0 R 36 823 0 R ] endobj 195 0 obj [ /Indexed 293 0 R 18 534 0 R ] endobj 196 0 obj [ /Indexed 293 0 R 34 800 0 R ] endobj 197 0 obj [ /Indexed 293 0 R 31 735 0 R ] endobj 198 0 obj [ /Indexed 293 0 R 38 799 0 R ] endobj 199 0 obj [ /Indexed 293 0 R 18 535 0 R ] endobj 200 0 obj [ /Indexed 293 0 R 33 843 0 R ] endobj 201 0 obj [ /Indexed 293 0 R 24 723 0 R ] endobj 202 0 obj [ /Indexed 293 0 R 35 840 0 R ] endobj 203 0 obj [ /Indexed 293 0 R 40 852 0 R ] endobj 204 0 obj [ /Indexed 293 0 R 32 851 0 R ] endobj 205 0 obj [ /Indexed 293 0 R 19 530 0 R ] endobj 206 0 obj [ /Indexed 293 0 R 19 532 0 R ] endobj 207 0 obj [ /Indexed 293 0 R 37 830 0 R ] endobj 208 0 obj [ /Indexed 293 0 R 22 722 0 R ] endobj 209 0 obj [ /Indexed 293 0 R 21 531 0 R ] endobj 210 0 obj [ /Indexed 293 0 R 34 828 0 R ] endobj 211 0 obj [ /Indexed 293 0 R 25 470 0 R ] endobj 212 0 obj [ /Indexed 293 0 R 36 829 0 R ] endobj 213 0 obj [ /Indexed 293 0 R 35 850 0 R ] endobj 214 0 obj [ /Indexed 293 0 R 23 533 0 R ] endobj 215 0 obj [ /Indexed 293 0 R 35 855 0 R ] endobj 216 0 obj [ /Indexed 293 0 R 33 854 0 R ] endobj 217 0 obj [ /Indexed 293 0 R 20 537 0 R ] endobj 218 0 obj [ /Indexed 293 0 R 36 849 0 R ] endobj 219 0 obj [ /Indexed 293 0 R 29 733 0 R ] endobj 220 0 obj [ /Indexed 293 0 R 22 468 0 R ] endobj 221 0 obj [ /Indexed 293 0 R 41 853 0 R ] endobj 222 0 obj [ /Indexed 293 0 R 19 528 0 R ] endobj 223 0 obj [ /Indexed 293 0 R 27 728 0 R ] endobj 224 0 obj [ /Indexed 293 0 R 34 857 0 R ] endobj 225 0 obj [ /Indexed 293 0 R 20 529 0 R ] endobj 226 0 obj [ /Indexed 293 0 R 36 856 0 R ] endobj 227 0 obj [ /Indexed 293 0 R 26 642 0 R ] endobj 228 0 obj [ /Indexed 293 0 R 28 706 0 R ] endobj 229 0 obj [ /Indexed 293 0 R 22 451 0 R ] endobj 230 0 obj [ /Indexed 293 0 R 7 526 0 R ] endobj 231 0 obj [ /Indexed 293 0 R 23 768 0 R ] endobj 232 0 obj [ /Indexed 293 0 R 32 709 0 R ] endobj 233 0 obj [ /Indexed 293 0 R 27 703 0 R ] endobj 234 0 obj [ /Indexed 293 0 R 7 524 0 R ] endobj 235 0 obj [ /Indexed 293 0 R 24 711 0 R ] endobj 236 0 obj [ /Indexed 293 0 R 24 705 0 R ] endobj 237 0 obj [ /Indexed 293 0 R 9 525 0 R ] endobj 238 0 obj [ /Indexed 293 0 R 31 704 0 R ] endobj 239 0 obj [ /Indexed 293 0 R 21 767 0 R ] endobj 240 0 obj [ /Indexed 293 0 R 30 710 0 R ] endobj 241 0 obj [ /Indexed 293 0 R 31 661 0 R ] endobj 242 0 obj [ /Indexed 293 0 R 11 522 0 R ] endobj 243 0 obj [ /Indexed 293 0 R 21 461 0 R ] endobj 244 0 obj [ /Indexed 293 0 R 13 513 0 R ] endobj 245 0 obj [ /Indexed 293 0 R 28 660 0 R ] endobj 246 0 obj [ /Indexed 293 0 R 29 662 0 R ] endobj 247 0 obj [ /Indexed 293 0 R 28 708 0 R ] endobj 248 0 obj [ /Indexed 293 0 R 10 523 0 R ] endobj 249 0 obj [ /Indexed 293 0 R 25 707 0 R ] endobj 250 0 obj [ /Indexed 293 0 R 14 770 0 R ] endobj 251 0 obj [ /Indexed 293 0 R 25 685 0 R ] endobj 252 0 obj [ /Indexed 293 0 R 11 521 0 R ] endobj 253 0 obj [ /Indexed 293 0 R 20 716 0 R ] endobj 254 0 obj [ /Indexed 293 0 R 25 756 0 R ] endobj 255 0 obj [ /Indexed 293 0 R 23 691 0 R ] endobj 256 0 obj [ /Indexed 293 0 R 22 690 0 R ] endobj 257 0 obj [ /Indexed 293 0 R 18 702 0 R ] endobj 258 0 obj [ /Indexed 293 0 R 13 519 0 R ] endobj 259 0 obj [ /Indexed 293 0 R 23 687 0 R ] endobj 260 0 obj [ /Indexed 293 0 R 21 686 0 R ] endobj 261 0 obj [ /Indexed 293 0 R 29 755 0 R ] endobj 262 0 obj [ /Indexed 293 0 R 16 517 0 R ] endobj 263 0 obj [ /Indexed 293 0 R 18 692 0 R ] endobj 264 0 obj [ /Indexed 293 0 R 23 456 0 R ] endobj 265 0 obj [ /Indexed 293 0 R 20 689 0 R ] endobj 266 0 obj [ /Indexed 293 0 R 22 714 0 R ] endobj 267 0 obj [ /Indexed 293 0 R 11 515 0 R ] endobj 268 0 obj [ /Indexed 293 0 R 20 718 0 R ] endobj 269 0 obj [ /Indexed 293 0 R 26 719 0 R ] endobj 270 0 obj [ /Indexed 293 0 R 9 520 0 R ] endobj 271 0 obj [ /Indexed 293 0 R 26 717 0 R ] endobj 272 0 obj [ /Indexed 293 0 R 19 762 0 R ] endobj 273 0 obj [ /Indexed 293 0 R 21 458 0 R ] endobj 274 0 obj [ /Indexed 293 0 R 24 713 0 R ] endobj 275 0 obj [ /Indexed 293 0 R 12 516 0 R ] endobj 276 0 obj [ /Indexed 293 0 R 19 757 0 R ] endobj 277 0 obj [ /Indexed 293 0 R 23 715 0 R ] endobj 278 0 obj [ /Indexed 293 0 R 12 514 0 R ] endobj 279 0 obj [ /Indexed 293 0 R 24 712 0 R ] endobj 280 0 obj [ /Indexed 293 0 R 32 663 0 R ] endobj 281 0 obj [ /Indexed 293 0 R 0 512 0 R ] endobj 282 0 obj [ /Indexed 293 0 R 36 684 0 R ] endobj 283 0 obj [ /Indexed 293 0 R 27 682 0 R ] endobj 284 0 obj [ /Indexed 293 0 R 24 681 0 R ] endobj 285 0 obj [ /Indexed 293 0 R 20 742 0 R ] endobj 286 0 obj [ /Indexed 293 0 R 34 683 0 R ] endobj 287 0 obj [ /Indexed 293 0 R 13 510 0 R ] endobj 288 0 obj [ /Indexed 293 0 R 35 678 0 R ] endobj 289 0 obj [ /Indexed 293 0 R 33 677 0 R ] endobj 290 0 obj [ /Indexed 293 0 R 7 511 0 R ] endobj 291 0 obj [ /Indexed 293 0 R 34 680 0 R ] endobj 292 0 obj [ /Indexed 293 0 R 21 765 0 R ] endobj 293 0 obj [ /ICCBased 509 0 R ] endobj 294 0 obj [ /Indexed 293 0 R 5 672 0 R ] endobj 295 0 obj [ /Indexed 293 0 R 16 445 0 R ] endobj 296 0 obj << /Type /Font /Subtype /TrueType /FirstChar 32 /LastChar 146 /Widths [ 250 0 0 0 0 0 0 0 333 333 0 0 250 333 250 278 500 500 500 500 500 500 500 500 500 500 278 278 0 0 0 0 921 722 667 667 722 0 556 722 722 333 389 722 611 889 722 722 556 0 667 556 611 722 722 944 722 722 0 0 0 0 0 0 0 444 500 444 500 444 333 500 500 278 278 500 278 778 500 500 500 500 333 389 278 500 500 722 500 500 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 333 ] /Encoding /WinAnsiEncoding /BaseFont /FGCMDD+TimesNewRoman /FontDescriptor 298 0 R >> endobj 297 0 obj [ /Indexed 293 0 R 4 674 0 R ] endobj 298 0 obj << /Type /FontDescriptor /Ascent 891 /CapHeight 656 /Descent -216 /Flags 34 /FontBBox [ -568 -307 2028 1007 ] /FontName /FGCMDD+TimesNewRoman /ItalicAngle 0 /StemV 94 /XHeight 0 /FontFile2 508 0 R >> endobj 299 0 obj [ /Indexed 293 0 R 4 675 0 R ] endobj 300 0 obj [ /Indexed 293 0 R 7 669 0 R ] endobj 301 0 obj [ /Indexed 293 0 R 14 444 0 R ] endobj 302 0 obj [ /Indexed 293 0 R 26 676 0 R ] endobj 303 0 obj [ /Indexed 293 0 R 23 671 0 R ] endobj 304 0 obj << /Type /FontDescriptor /Ascent 891 /CapHeight 0 /Descent -216 /Flags 34 /FontBBox [ -558 -307 2034 1026 ] /FontName /FGCMEE+TimesNewRoman,Bold /ItalicAngle 0 /StemV 160 /FontFile2 507 0 R >> endobj 305 0 obj [ /Indexed 293 0 R 15 670 0 R ] endobj 306 0 obj << /Type /Font /Subtype /TrueType /FirstChar 32 /LastChar 121 /Widths [ 250 0 0 0 0 0 0 0 0 0 0 0 0 333 0 0 0 0 0 0 0 0 0 0 0 0 333 0 0 0 0 0 0 0 0 722 0 0 0 0 0 389 0 0 0 0 722 0 611 0 722 556 0 0 722 0 0 0 0 0 0 0 0 0 0 500 556 444 556 444 333 0 0 278 0 556 278 0 556 500 0 0 444 389 333 556 0 722 0 500 ] /Encoding /WinAnsiEncoding /BaseFont /FGCMEE+TimesNewRoman,Bold /FontDescriptor 304 0 R >> endobj 307 0 obj [ /Indexed 293 0 R 16 463 0 R ] endobj 308 0 obj [ /Indexed 293 0 R 35 659 0 R ] endobj 309 0 obj [ /Indexed 293 0 R 20 766 0 R ] endobj 310 0 obj [ /Indexed 293 0 R 13 505 0 R ] endobj 311 0 obj [ /Indexed 293 0 R 19 471 0 R ] endobj 312 0 obj [ /Indexed 293 0 R 28 654 0 R ] endobj 313 0 obj [ /Indexed 293 0 R 40 664 0 R ] endobj 314 0 obj [ /Indexed 293 0 R 34 666 0 R ] endobj 315 0 obj [ /Indexed 293 0 R 16 769 0 R ] endobj 316 0 obj [ /Indexed 293 0 R 12 503 0 R ] endobj 317 0 obj [ /Indexed 293 0 R 14 504 0 R ] endobj 318 0 obj [ /Indexed 293 0 R 45 665 0 R ] endobj 319 0 obj [ /Indexed 293 0 R 37 667 0 R ] endobj 320 0 obj [ /Indexed 293 0 R 30 653 0 R ] endobj 321 0 obj [ /Indexed 293 0 R 28 656 0 R ] endobj 322 0 obj [ /Indexed 293 0 R 17 501 0 R ] endobj 323 0 obj [ /Indexed 293 0 R 15 764 0 R ] endobj 324 0 obj [ /Indexed 293 0 R 39 679 0 R ] endobj 325 0 obj [ /Indexed 293 0 R 20 506 0 R ] endobj 326 0 obj [ /Indexed 293 0 R 35 668 0 R ] endobj 327 0 obj [ /Indexed 293 0 R 31 657 0 R ] endobj 328 0 obj [ /Indexed 293 0 R 38 652 0 R ] endobj 329 0 obj [ /Indexed 293 0 R 14 502 0 R ] endobj 330 0 obj [ /Indexed 293 0 R 18 763 0 R ] endobj 331 0 obj [ /Indexed 293 0 R 35 658 0 R ] endobj 332 0 obj [ /Indexed 293 0 R 15 500 0 R ] endobj 333 0 obj [ /Indexed 293 0 R 38 655 0 R ] endobj 334 0 obj [ /Indexed 293 0 R 14 518 0 R ] endobj 335 0 obj [ /Indexed 293 0 R 23 593 0 R ] endobj 336 0 obj [ /Indexed 293 0 R 24 782 0 R ] endobj 337 0 obj [ /Indexed 293 0 R 20 610 0 R ] endobj 338 0 obj [ /Indexed 293 0 R 24 609 0 R ] endobj 339 0 obj [ /Indexed 293 0 R 13 485 0 R ] endobj 340 0 obj [ /Indexed 293 0 R 17 599 0 R ] endobj 341 0 obj [ /Indexed 293 0 R 16 462 0 R ] endobj 342 0 obj [ /Indexed 293 0 R 24 588 0 R ] endobj 343 0 obj [ /Indexed 293 0 R 22 587 0 R ] endobj 344 0 obj [ /Indexed 293 0 R 13 494 0 R ] endobj 345 0 obj [ /Indexed 293 0 R 18 788 0 R ] endobj 346 0 obj [ /Indexed 293 0 R 9 486 0 R ] endobj 347 0 obj [ /Indexed 293 0 R 17 450 0 R ] endobj 348 0 obj [ /Indexed 293 0 R 17 615 0 R ] endobj 349 0 obj [ /Indexed 293 0 R 22 616 0 R ] endobj 350 0 obj [ /Indexed 293 0 R 14 475 0 R ] endobj 351 0 obj [ /Indexed 293 0 R 17 447 0 R ] endobj 352 0 obj [ /Indexed 293 0 R 13 477 0 R ] endobj 353 0 obj [ /Indexed 293 0 R 17 476 0 R ] endobj 354 0 obj [ /Indexed 293 0 R 20 608 0 R ] endobj 355 0 obj [ /Indexed 293 0 R 20 611 0 R ] endobj 356 0 obj [ /Indexed 293 0 R 19 614 0 R ] endobj 357 0 obj [ /Indexed 293 0 R 24 783 0 R ] endobj 358 0 obj [ /Indexed 293 0 R 10 493 0 R ] endobj 359 0 obj [ /Indexed 293 0 R 20 448 0 R ] endobj 360 0 obj [ /Indexed 293 0 R 7 596 0 R ] endobj 361 0 obj [ /Indexed 293 0 R 7 595 0 R ] endobj 362 0 obj [ /Indexed 293 0 R 10 590 0 R ] endobj 363 0 obj [ /Indexed 293 0 R 11 497 0 R ] endobj 364 0 obj [ /Indexed 293 0 R 10 496 0 R ] endobj 365 0 obj [ /Indexed 293 0 R 11 492 0 R ] endobj 366 0 obj [ /Indexed 293 0 R 17 594 0 R ] endobj 367 0 obj [ /Indexed 293 0 R 11 597 0 R ] endobj 368 0 obj [ /Indexed 293 0 R 9 598 0 R ] endobj 369 0 obj [ /Indexed 293 0 R 21 787 0 R ] endobj 370 0 obj [ /Indexed 293 0 R 22 784 0 R ] endobj 371 0 obj [ /Indexed 293 0 R 12 495 0 R ] endobj 372 0 obj [ /Indexed 293 0 R 16 583 0 R ] endobj 373 0 obj [ /Indexed 293 0 R 19 586 0 R ] endobj 374 0 obj [ /Indexed 293 0 R 21 589 0 R ] endobj 375 0 obj [ /Indexed 293 0 R 23 781 0 R ] endobj 376 0 obj [ /Indexed 293 0 R 19 592 0 R ] endobj 377 0 obj [ /Indexed 293 0 R 12 498 0 R ] endobj 378 0 obj [ /Indexed 293 0 R 11 585 0 R ] endobj 379 0 obj [ /Indexed 293 0 R 18 591 0 R ] endobj 380 0 obj [ /Indexed 293 0 R 12 584 0 R ] endobj 381 0 obj [ /Indexed 293 0 R 11 487 0 R ] endobj 382 0 obj [ /Indexed 293 0 R 13 613 0 R ] endobj 383 0 obj [ /Indexed 293 0 R 22 761 0 R ] endobj 384 0 obj [ /Indexed 293 0 R 9 491 0 R ] endobj 385 0 obj [ /Indexed 293 0 R 23 697 0 R ] endobj 386 0 obj [ /Indexed 293 0 R 25 640 0 R ] endobj 387 0 obj [ /Indexed 293 0 R 17 481 0 R ] endobj 388 0 obj [ /Indexed 293 0 R 26 694 0 R ] endobj 389 0 obj [ /Indexed 293 0 R 19 651 0 R ] endobj 390 0 obj [ /Indexed 293 0 R 14 483 0 R ] endobj 391 0 obj [ /Indexed 293 0 R 22 641 0 R ] endobj 392 0 obj [ /Indexed 293 0 R 16 484 0 R ] endobj 393 0 obj [ /Indexed 293 0 R 22 695 0 R ] endobj 394 0 obj [ /Indexed 293 0 R 20 700 0 R ] endobj 395 0 obj [ /Indexed 293 0 R 22 693 0 R ] endobj 396 0 obj [ /Indexed 293 0 R 18 480 0 R ] endobj 397 0 obj [ /Indexed 293 0 R 24 637 0 R ] endobj 398 0 obj [ /Indexed 293 0 R 18 499 0 R ] endobj 399 0 obj [ /Indexed 293 0 R 18 688 0 R ] endobj 400 0 obj [ /Indexed 293 0 R 25 698 0 R ] endobj 401 0 obj [ /Indexed 293 0 R 19 701 0 R ] endobj 402 0 obj [ /Indexed 293 0 R 21 455 0 R ] endobj 403 0 obj [ /Indexed 293 0 R 16 479 0 R ] endobj 404 0 obj [ /Indexed 293 0 R 26 758 0 R ] endobj 405 0 obj [ /Indexed 293 0 R 24 699 0 R ] endobj 406 0 obj [ /Indexed 293 0 R 23 696 0 R ] endobj 407 0 obj [ /Indexed 293 0 R 18 601 0 R ] endobj 408 0 obj [ /Indexed 293 0 R 7 488 0 R ] endobj 409 0 obj [ /Indexed 293 0 R 15 474 0 R ] endobj 410 0 obj [ /Indexed 293 0 R 19 603 0 R ] endobj 411 0 obj [ /Indexed 293 0 R 23 600 0 R ] endobj 412 0 obj [ /Indexed 293 0 R 17 602 0 R ] endobj 413 0 obj [ /Indexed 293 0 R 14 612 0 R ] endobj 414 0 obj [ /Indexed 293 0 R 23 638 0 R ] endobj 415 0 obj [ /Indexed 293 0 R 23 771 0 R ] endobj 416 0 obj [ /Indexed 293 0 R 15 473 0 R ] endobj 417 0 obj [ /Indexed 293 0 R 17 607 0 R ] endobj 418 0 obj [ /Indexed 293 0 R 25 759 0 R ] endobj 419 0 obj [ /Indexed 293 0 R 17 453 0 R ] endobj 420 0 obj [ /Indexed 293 0 R 19 604 0 R ] endobj 421 0 obj [ /Indexed 293 0 R 15 482 0 R ] endobj 422 0 obj [ /Indexed 293 0 R 12 605 0 R ] endobj 423 0 obj [ /Indexed 293 0 R 19 786 0 R ] endobj 424 0 obj [ /Indexed 293 0 R 17 478 0 R ] endobj 425 0 obj [ /Indexed 293 0 R 23 639 0 R ] endobj 426 0 obj [ /Indexed 293 0 R 15 606 0 R ] endobj 427 0 obj [ /Indexed 293 0 R 26 760 0 R ] endobj 428 0 obj 762 endobj 429 0 obj << /Filter /FlateDecode /Length 428 0 R >> stream -H‰””Mo›@†ïüŠ9.Æû½KNUªJ¤V­‚z‰zp‰ÜÚ bèÇ¿ï°8¶7Ñ®,yÁ¼3žwfxÞVÙ¢ª$¨2!Ó‡mKô`$ -ÎTÛl±ÜY¨wá9‡]Ýf‹÷7wG4uV<]þÊزkX B^}Ë$–Î@!P¨.3>‰y…ÇT€ž (¤Aá Xʤgí¿Ù§¿²[öq5¬»vµ«6·hØC¿Ú ýXçÆ>œMN1%ƒ›¦ûõð–]Ñõ÷ë6òi‡¾üku}Ú -ñs•ä -¥§-r;÷B8tž~;º6øìP,Îî„G®HMµ5ÿdJS¬^m›¾kû7ízW×øØýÄñ{ˆ+”U»c7Ü8× ænÀ§¾»ërᜨٗqÓ6ýên½!ßyá¨E³ÑÓ¤ûR)§”3·ìê]=6Û¼¤ &W”F‚‹óè“^ìÛðBÙÂ=[‘[V5› à’ƒ£qiæóB0.Åt J…Íïát¸1á›bBAîiVîdT։螯Úóéj.Bˆõ4œ}ÈÔ}ܸ}Sî¨T—Óz2çËp–2Þ«òÅöœýÿq¼(Ý¡9áÿh­¯n–Ë oÁ¹Õ2l±~=ùY^£­žž²ó-šÃÎ"œšæ¿ßq“›­s ×ã†^3Çh•,•dÜÐ8è™ -ßs•ïªìGV–¨ìL -¤NzB ½@D7M¥&˜\m\vÙç×ÄF&ˆ¥Os-öèy‚ØÄô¨â Ò¬â :ôñÚxƒŽ~M‹xƒ–Ž±7hQǤåŽ7h°Œ7hÐÆ4¨ã ”ñ5–ñ5ºxƒ„åxƒšnÄ<Þ JŒJŒJŒJŒLŒLŒLŒLŒHŒHŒHŒH O O O O€Œ) CâxȐ82$Ž‡Œñ !q> stream -H‰”Ö-Ž1Ea^«¨xì÷ç2˜5FÙ?‰¢º ¢S­M.yú¬£:Öj^gÿûkçµÚu3«¹u?}Ÿ_ãüñ}ü<~ÿ÷ëñ8ÛoŒ«¿1özc<žûïq=?0Z0almÝŽç}àÄqÜ^8¶ûÀ…ã.‚Ö£M!$ÃÑR)¹ŒfòJ‰|´.ϔ{»äJrì-åJ‚ì/­!Éþ ŒõR°Ükɍe,퍁å^Kp ,ãÒâXîµ$ÇÀr¯¥9–{-Ñ1°Œ©Õ1°ÜkÍYN펑åÔð8Y––Çɲ4=N–¥íq²,“ei}œ,Sëãd™Z'ËÔú8Y¦ÖÇÉ2´>A–¡õ ² ­Oeh}‚,]ëdéZŸ K×úYºÖ'ÈÒ´>A–¦õ ²4­O’¥i}’,‡Ö'Érh}’,‡Ö'Ér¼|öe×ú$Yv­O’e×ú$Yv­O’e×úXúÒúXîµÔ§Àr¯¥>–{-õ)°ôKëS`¹×RŸ˽–úXîµÔ§ÀÒ§Ö§Àr¯¥>“,ç¿úü`gì endstream endobj 432 0 obj 475 endobj 433 0 obj << /Filter /FlateDecode /Length 432 0 R >> stream -H‰„Ô;ŠQ „áü®â®@£’Ôç‘;™Ðkp< Þâ3`8¥¨è é¦ñÁÿúøüšxÿú~ý~ý}ím9ÞþóXÔ{m[ë=sÂóýçëõ³±çu×)×£îºäºü®¹Æ¸ë!֏mºrÊõ +—\]¹å:î•Ëźlß+—²,›÷Ê¥,Ëê^¹”e»V–eNW*Ë´IW*Ë´‡®T–iAW*Ë4§+•eغWneöÜ+·² Ë{åV–a~¯Üʶî•[YÂ]©,qþÞµ²×g+Kçúleé\Ÿ­,ëW˜Îù ÍØܸàùTazæŧ -Ô3>U¨ž9uª19D€R\"@©NN T'·Pªƒc(ÕÁ5”êàJup¥úp¥úp‘N@䜒„Pª7 ¡T‹£„PªÅUB(ÕjY -¥Z-K¡T³e)”j¶,…R͖¥PªÙ²”J5Z–R©FËR*ÕhYJ¥-K©T£e)•*Z–R©¢e)•*Z–R©¢e)•ª·,•Rõ–¥RªÞ²TJÕ[–J¨b·,•P=sÎR U얥ªgÎY*¡ŠÕ²TBõÌÿgéŸXùèô endstream endobj 434 0 obj 464 endobj 435 0 obj << /Filter /FlateDecode /Length 434 0 R >> stream -H‰„Ô-ŽADaÞ§è”3£þ¹‰¡Ï`¼Zíý‰kXzj0R+¤>õ{~ýùʶßßßÏßççÙ»ÔñÆç)jïÚe­wæ*-¢¾ÿ¾žÏ¼ÎsØ˖ͅó±l^qޚÍÎå§v˜²ýԁóé§Nœ7?uá\~*©Žvê Õ^¦:Hµ—n§RíEvê Õ^ÂN¤ÚÊòSIµ•î§’j+ÕO%ÕVÂO%ÕZ–ŸJªµ ;u’j=omNªµ¤:IUçÇ椪2ìÔIªº²4IUW–&©æ•¥Iªyei’j^Yš¤šW–©Æ•¥Eªqei‘j\YZ¤W–©Æ•¥ª±¯,-P=sÏÒÕ3÷,-P=sÏÒÕXW–6¨ž¹giƒê™{–6¨ž¹giƒjÌ+KTÏܳ´Iu^YÚ¤:¯,mRW–6©Ž+K›T‡gé|¶8·,)Hµ{–¤Ú=KŸ?Òܲ¤ ÕîYRjó,)Hµy–¤Ú> stream -H‰„Ô=j%1Eáü­¢W Q«~Tʝ8ô&6ÆûO¦ ®:47)>8×Û×ëãõý:gX^óç˯:£êÊçïYÓ®¿Ÿ¯?ïŸkí‹æYm^8woóƒó5ç6a^ãd›ß8ßíT[8÷vªÎW;Õ糟0ßc÷SçÑO%Õ=V?•T÷˜ýTRÍQíT'ÕÑNuRÍaíT'Õ³ê¤£Ú©Nª1²ŸJªñümsRq÷SI՟§ÍIÕGöSIՇ·SƒT}ÜíÔ U“,©šd)HÕ$KAª&Y -R]’¥ Õ%Y -R]’¥ Õ%Y -R]’¥$Õ[²”¤zK–’ToÉR’ê-YJR’¥$Õ)YJR’¥$Õ)YJPýyú© ú<=KTëH–6¨>OÏÒÕ*ÉÒÕgÞ³´Aõ™÷,mP}æ=KTkK–6¨>óž¥Mª[²´IuK–ŠTS²T¤š’¥"Ք,©¦d©H5%KEª!Y*R ÉR‘jH–ŠTC²T¤ê’¥Cª.Y:¤ê’¥Cª.Y:¤j’¥Cª&Y:¤j’¥Cª&Y:¤º$K‡T—déêêY²Iª«gÉ&©Þ=K6IõîY²ù_õŸ6é endstream endobj 438 0 obj 460 endobj 439 0 obj << /Filter /FlateDecode /Length 438 0 R >> stream -H‰„Ô;®1EÑüŽâŽÀØ®Ÿ;'!d ÄOˆù'ø :lu`©u’Ò’öëy†å{~~cûû<ãœwž5ܧ½|¼¾|û°éï¯?_ß_¿^ÿœïÙæó9žlóÄyí6/œûióƒóÝO}p>Û©kþ^ϨvêZ8vêÚ8ßíÔe8ŸíÔªuÆ駂êG?TïÜú© z糟 -ªUãôSAõγºIµîß6'Õ«ºI5ïÓ椚#Û©›Tsx?•Ts¬~*©Æxú©¤#û©¤’¥Mª!Y2Ruɒ‘ªK–ŒT]²d¤ê’%#U—,©šdÉHÕ$KFª&Y2R5ɒ‘ê–,9©nɒ“ê–,9©nɒ“ê’,9©.ɒ“ê’,9©.ɒ“ê”,9©Nɒ“ê”,©NÉR€j>’¥Õ;ïY -P½óž¥Õ;ïY -PÍ#Y -P½óž¥Õ;ïY -P½óž¥Õ;ïYJP͒,%©–d)Iµ$KIª%YJRMÉR’jJ–’TS²”¤š’¥$Ր,%©†d©H5>³ä礒¥"U—,©ºd©HÕ%KEª.Y*R5ÉR‘ªI–ŠTM²T¤j’¥CªûO–~ 03*ìí endstream endobj 440 0 obj 824 endobj 441 0 obj << /Filter /FlateDecode /Length 440 0 R >> stream -H‰”—]oÓ0†ïó+|™ Õ³$\®Ch€Æ`áCb\dmÊm"²”jÿž;KOéMZ³ìññyÏk½r£³Ë]šIvÑFQžóÔ21üp¥Y–ó,cÖ*î”HÙjy\‘¸Îž’¸ÒBO¸&q!PuCà’;‹pKâKu$®°ÔŒÄ…FxNà‚gâ8™\¸ARsÊUÁS$5§\\ ©9᪁$5'\Ü"WsÂU3¼E“!\\b©„«&ƒ„®n±TÂUÀõQ*<’¸´'\5Žç -ᄫ€Û ᔫŽkpÊUÇ–J¹jyŽ¥R®ZKZP®ZKZP®ZKZP®ZKZR®K”§‡ £H¢aH¬qÑ°™/Pã(¢a1_`Šcˆ†QÑ0Š –ó*?4lç T8zhXÎwPâØ¡a;_ Ä‘CÃj¾@ã††Ý|G £ ¡a1[ Îÿ#dž2Ï€ÿ™ó"’0ÿÌÓáI«&¾ØE‚«á×!ŠYR|À^w²…ç¤cÅE$w™Ê.fžYÈábãr¶\št€üÐr_kx2¾àõ[vþö3ËRå— Ïkgž(3mþ%~Ó6ë6h–|-^ø±¼œªk_ý擼fòüeh{ìHñÔï~Òö(ïÞS®Mz ڎ=†Mǁ¨0@5Û …mÞɚi ֗»¨ÊÎÿ»x†7€¿ÂÃYQhš6ãz;­w½ð’]˜Íûê9cWUHàî·Ývݵý0-¯@MÜnÙMµÚwuÿÈ>î·MՕwõ¶îëê!/ã0ÓETh¸(ƒ$•Â­P_XWEj&ÅiªàȬBBü㼀 d,I5֚Ƈ†3 à8¥ 2 *‹ûŠ}hê¾Z³×uómÝî¸ÈÅìªìë¶)·ì²ÙtåCßíWý¾«‚" —7¸ËŠÉÇÐÛ4‹e»h»uÝølY5=¬¼¯.o–ËÛd<¡Æ©‹rêo8×C÷åÌh%¶ì®ZAƒU2,ŒYy(“……§nxïY»aO}üÚoC¿–Ã×5qzXü6)ìxø-ÀvÜo endstream endobj 442 0 obj 1538 endobj 443 0 obj << /Filter /FlateDecode /Length 442 0 R >> stream -H‰|WÍrÛ6¾û)p$;+REMN§¦Ó$X´“é"! 1¨(G¯Ñ'î·XP”l%›¤ÉÅî~?»¾ù”ÕÉMºÈÊD§“¿ZíµrBáÔA¥ólžté é?ëßnª¬XŠ©X¿¾™fÓét&ÖõÍd¸|ºIZa”²Ý£ØwÖÛÚ¶îV¤ëÏ7“b‘åGä‹Ó×súäSò묘݊ûßê/i•å‰Jq•àÑýïBšFü5ŸN3!Ö;%ž瑗Ùbºˆ™œ’È9à£Qш/é2«8N-’£ÀE‰‹íV՞ÒkúÚ;áwҋ£íEˆ;‰)Ñù"FG]üºÊÄZ9¯ÍƒðV4Ò+±“NtªÕrÓC¡ù<«Î:4;Ë­­ÙêŽJ-¸Ô*i8 )œ~0z«ki¼0=¿³Q°Û!=Š~ÙÅj<¡âBËdß"üò­2^zmÛÎò#Àܨ½Âœw *Îhž˜ÆvÜèeh¯!N)Ði=8(Ñè-ïÛ@Ÿ=bÍ@dºLl 8À¤sl• }µê¼ÉbUáSY\LN' W A ”@ï¼H -bj§ý‘Úäq`(³¼<ËûÛ]’`>t}½#VlZÅpâ ;*flW$ÍH1‚ò ©‚ëÄ߃¢veø -i‹7f`ËjþA}JX’5aŽ¢–Dí}Cï7J±µ=ÎÂ!'¦ òUòü*ѽ -L\%Ú›á(*16> ÇæIÛoÁr`¸JA ðòYV•W…˜Hbiنöªî I@â©[*}••'S½ÅXzÁÉõ]1KÞ(¡¾î[«=Ԇª±Ôb–ÍËÅ3Y¬Æp+'Q•F¦ÔLª×{Y?* "­8GQ„èYŒñ"ñ?Žlß6¢ÕŠïv²SÚl¹…³$h¾ÅH=i¿ nC¼€äå·‚ìÀ0¯ã=õ7pyȋ^Ž ŽìØö]BضÒ=†Ð”‰~€—‰A¡ËÆòÙjžø!·è¢E¾ø®[qúTþG«šªu!96(É&fä½2Z¿¦˜õ¡oÃüÑ> stream -ýýýþÿþÿÿÿ†i{º©³ÇÇǜœœ¯¯¯ìì쨨¨¦¦¦§§§¡¡¡ÒÒҞŒ— -endstream endobj 445 0 obj << /Length 52 >> stream -ýýýÿÿÿù÷øxYlÏÃËööö»»»ŸŸŸ§§§®®®ÇÇÇ¡¡¡¦¦¦ñññ¯©Žu„þþþ -endstream endobj 446 0 obj << /Length 76 >> stream -ýýýÿÿÿ¶¤¯atþýþþÿÿþþþùùù®®®¡¡¡åååóó󞞞ÆÆÆÞÞÞÔÔÔ¨¨¨¦¦¦§§§¢¢¢¥¥¥°°°öôõqQeÖËÒ -endstream endobj 447 0 obj << /Length 55 >> stream -ýýýÿÿÿöôõrSgÜÓØÖÖ֓““©©©§§§¦¦¦«««¨¨¨žžžéé麪´€cuþýþþÿÿ -endstream endobj 448 0 obj << /Length 64 >> stream -ýýýÿÿÿéäçjL^òïñÛÛۑ‘‘ƒƒƒ‡‡‡¥¥¥¨¨¨§§§±±±¤¤¤£££µµµüüüþþþÜÓØrSgöôõ -endstream endobj 449 0 obj << /Length 58 >> stream -ýýýþÿÿþýþ€cuºª´ÿÿÿéééÛÛÛ   •••›››©©©§§§¦¦¦¬¬¬¢¢¢ÖÖÖ¢›–Ž -endstream endobj 450 0 obj << /Length 55 >> stream -ýýýÿÿÿ¯©Žu„þþþ¬¬¬¥¥¥¨¨¨   ÄÄĤ¤¤§§§¡¡¡¶¶¶ù÷ùwWjʼŠ-endstream endobj 451 0 obj << /Length 70 >> stream -ýýýÿÿÿÜÓØrSgöôõþþþûûû   ºººôôô»»»¥¥¥¤¤¤§§§ŸŸŸÌÌ̽½½¡¡¡¦¦¦õõõéäçjL^òïñ -endstream endobj 452 0 obj << /Length 76 >> stream -ýýýÿÿÿéäçjL^òïñþþþøøøØØØûûûÙÙÙ   ¿¿¿ÑÑÑÌÌÌÝÝݖ––¨¨¨§§§£££¢¢¢¡¡¡êêêÖËÒqQeöôõ -endstream endobj 453 0 obj << /Length 55 >> stream -ýýýÿÿÿœ‰•¡ŽšÚÚÚ´´´›››œœœ¨¨¨§§§ŸŸŸÌÌ̞žž¢¢¢ÖÖÖþþþv†´¢­ -endstream endobj 454 0 obj << /Length 73 >> stream -ýýýÿÿÿºª´€cuþýþþÿÿþþþ÷÷÷´´´öööÄÄÄÅÅÅÈÈȘ˜˜¸¸¸   ¨¨¨§§§©©©£££ØØØöôõrSgÜÓØ -endstream endobj 455 0 obj << /Length 67 >> stream -ýýýþÿþÿÿÿ„hyµ¤®þþþüüü¬¬¬ÏÏÏììì¡¡¡¢¢¢¥¥¥´´´¦¦¦¨¨¨ÅÅŧ§§¤¤¤õõõžŒ— -endstream endobj 456 0 obj << /Length 73 >> stream -ýýýÿÿÿøö÷sTgÐÄËÊÊʕ••ààत¤¥¥¥¨¨¨¡¡¡···¸¸¸ŽŽŽÚÚÚÃÃݝ§§§   ¼¼¼þþþ´£®Šo€ -endstream endobj 457 0 obj << /Length 79 >> stream -ýýýþÿþÿÿÿ„hyµ¤®þþþùùù¡¡¡ÇÇÇÈÈÈÄÄĖ––éééëë뛛›ÔÔÔ···œœœ¨¨¨§§§©©©¦¦¦¥¥¥¢¢¢ºººžŒ— -endstream endobj 458 0 obj << /Length 67 >> stream -ýýýÿÿÿòïñlN`ïìíÏÏÏÇÇÇñññ‘‘‘¤¤¤§§§¨¨¨   ŒŒŒ×××òòò¥¥¥¢¢¢ÖÖÖÏÃËxYlù÷ø -endstream endobj 459 0 obj << /Length 76 >> stream -ýýýÿÿÿŸ˜™ƒëëëøøøþþþ«««áááîîîûûû¬¬¬¶¶¶¼¼¼   §§§£££²²²ªªª¢¢¢õõõþÿÿþýþat¶¤¯ -endstream endobj 460 0 obj << /Length 73 >> stream -ýýýÿÿÿøö÷sTgÐÄËôôô———çççÇÇǕ••ÈÈÈÌÌ̑‘‘îîî±±±ŸŸŸ¨¨¨§§§¢¢¢¥¥¥ÍÍ͵¤®„hyþÿþ -endstream endobj 461 0 obj << /Length 67 >> stream -ýýýÿÿÿĵ¿~`süûüÚÚÚ   èèèæææ~~~¢¢¢¨¨¨ÜÜÜÙÙٛ››§§§ŸŸŸ¹¹¹þþþôòópQdâÛß -endstream endobj 462 0 obj << /Length 52 >> stream -ýýýÿÿÿʼÅwWjù÷ùàà॥¥¦¦¦§§§¤¤¤µµµ©©©¡¡¡ÝÝÝòïñjL^éäç -endstream endobj 463 0 obj << /Length 52 >> stream -ýýýÿÿÿœ‰•¡ŽšØØؓ““¤¤¤õõõËËË   §§§¥¥¥®®®øøøþþþŽu„¯© -endstream endobj 464 0 obj << /Length 49 >> stream -ýýýÿÿÿ–Ž¢›¸¸¸ãããüüüººº¤¤¤§§§¦¦¦žžžÈÈÈþþþŽu„¯© -endstream endobj 465 0 obj << /Length 73 >> stream -ýýýþÿÿþýþ€cuºª´ÿÿÿþþþùùù®®®÷÷÷©©©¦¦¦¨¨¨¡¡¡‚‚‚ÆÆÆ»»»§§§¤¤¤¥¥¥²²²úúú¢›–Ž -endstream endobj 466 0 obj << /Length 55 >> stream -ýýýÿÿÿ¯©Žu„þþþèèèÐÐÐõõõüüüººº¤¤¤§§§ªªª¦¦¦¢¢¢ù÷ùwWjʼŠ-endstream endobj 467 0 obj << /Length 58 >> stream -ýýýÿÿÿʼÅwWjù÷ùôôôœœœ¼¼¼þþþ»»»ŸŸŸ§§§¦¦¦¤¤¤¬¬¬øøøòïñjL^éäç -endstream endobj 468 0 obj << /Length 70 >> stream -ýýýÿÿÿÜÓÙnObõòôÔÔԕ••éééÅÅŖ––¤¤¤šššÈÈÈÚÚڏ¨¨¨§§§¦¦¦ÃÃޞžãÜàhI\òðñ -endstream endobj 469 0 obj << /Length 76 >> stream -ýýýÿÿÿ™ƒŸ˜þþþùùù¯¯¯ªªªøøøüüü¢¢¢¥¥¥«««ÜÜ܉‰‰¨¨¨§§§¤¤¤¦¦¦£££°°°þÿþ„hyµ¤® -endstream endobj 470 0 obj << /Length 79 >> stream -ýýýÿÿÿóñòlM`âÛàþþþùùù®®®¥¥¥öööúúúµµµ¦¦¦£££§§§¬¬¬‹‹‹ŸŸŸ¨¨¨¢¢¢¹¹¹°°°¼¼¼¿¯¹}^qüûü -endstream endobj 471 0 obj << /Length 61 >> stream -ýýýÿÿÿ«˜£’{ŠýþþçççÃÃÃþþþÎÎΙ™™©©©¡¡¡žžžåå姧§ÜÜÜüûü€buÉ»Ä -endstream endobj 472 0 obj << /Length 43 >> stream -ýýýÿÿÿúùúnNb¯¨ôôô¡¡¡§§§   ïïïýþþ”~Œ…k{þþþ -endstream endobj 473 0 obj << /Length 49 >> stream -ýýýÿÿÿðëîZ8M”}‹þþþõõõ¢¢¢§§§¥¥¥²²²úúúþüýx[msTgüûü -endstream endobj 474 0 obj << /Length 49 >> stream -ýýýÿÿÿ¼¬¶J&<ÐÃË÷÷÷¥¥¥   ›››žžž¶¶¶úúúþþþ¶£¯P,BÖÊÒ -endstream endobj 475 0 obj << /Length 46 >> stream -ýýýþþþÿÿÿ˜€[9NðëîÙÙٜœœ¨¨¨¦¦¦¤¤¤õõõÜÑØR.Dµ£® -endstream endobj 476 0 obj << /Length 55 >> stream -ýýýþÿÿÿþÿ}arrTgüûüÿÿÿööö   ŸŸŸ¶¶¶ÃÃÃüüüþþþðëî[9N˜€ -endstream endobj 477 0 obj << /Length 43 >> stream -ýýýÿÿÿÜÑØQ-C»«µóó󝝝§§§   ôôôþþþ›„“\:Oðëî -endstream endobj 478 0 obj << /Length 55 >> stream -ýýýþÿÿÿþÿ~btgG[ôïòÿÿÿóóó¡¡¡íííüüü¯¯¯   ïïïäÛáX5Kœ„“þþþ -endstream endobj 479 0 obj << /Length 52 >> stream -ýýýÿÿÿ·¤°G"8²¼þþþüüüººº¢¢¢²²²ÅÅœ““ôôôýþþ§’ M)?ÑÄÌ -endstream endobj 480 0 obj << /Length 58 >> stream -ýýýþÿþÿÿÿ‰oX5KäÜáþþþüüüººº¤¤¤£££îîîÕÕ՗——óóó̾ÇK'=¨’ ýþþ -endstream endobj 481 0 obj << /Length 55 >> stream -ýýýÿÿÿãÛàU2G“zŠþþþüüüººº¢¢¢¬¬¬ûûûÀÀÀ–––ôôôüûüuWjdDXóîñ -endstream endobj 482 0 obj << /Length 49 >> stream -ýýýÿÿÿãÚàU2Hœ…”þþþ¿¿¿———×××ØØØÙÙÙþÿÿÿþþƒgxdCXòîñ -endstream endobj 483 0 obj << /Length 46 >> stream -ýýýÿÿÿ±žªM)?ÑÄÌööö¨¨¨ÀÀÀ¶¶¶ªªªøøø·¤°J%;Ë½Æ -endstream endobj 484 0 obj << /Length 52 >> stream -ýýýÿÿÿþüýz]odCWóîñÒÒÒ¡¡¡žžžäää¼¼¼šššóóóäÜáW4J˜þþþ -endstream endobj 485 0 obj << /Length 43 >> stream -ýýýÿÿÿŶÀM)?ÏÂËëëëÑÑÑ¡¡¡¼¼¼¹¹¹þþþ»«µS0EáÙÞ -endstream endobj 486 0 obj << /Length 31 >> stream -ýýýÿÿÿðëî[8N§“ þþþx‡{^pÿþÿþÿÿ -endstream endobj 487 0 obj << /Length 37 >> stream -ýýýÿÿÿ§“ [8NðëîþþþøøøÑÑÑûûûàØÝX6KÎÁÉ -endstream endobj 488 0 obj << /Length 25 >> stream -ýýýÿÿÿ± ª[8NïëîàØÝX6KÎÁÉ -endstream endobj 489 0 obj << /Length 31 >> stream -ýýýÿÿÿüûüpPd‰•þÿÿÿþÿ{^px‡þþþ -endstream endobj 490 0 obj << /Length 25 >> stream -ýýýÿÿÿº©³^;QïêîÔÈÏU2GÚÏÖ -endstream endobj 491 0 obj << /Length 31 >> stream -ýýýÿÿÿù÷øiH]¥‘žþþþx‡{^pÿþÿþÿÿ -endstream endobj 492 0 obj << /Length 37 >> stream -ýýýÿÿÿðëî[8N§“ ðð𣣣úúúþþþ’{‰hH\ùøù -endstream endobj 493 0 obj << /Length 34 >> stream -ýýýÿÿÿ»«µS0EáÙÞâââÍÍÍÆÆÆ¿¿¿ÏÂÊP,B -endstream endobj 494 0 obj << /Length 43 >> stream -ýýýÿÿÿùøùhH\’{‰þþþÓÓÓ²²²ïïïÙÙÙûùúnOb†l|þÿþ -endstream endobj 495 0 obj << /Length 40 >> stream -ýýýÿÿÿòíñdBW Š˜ýþþÎÎÎÕÕÕ¯¯¯àààþÿÿÿþÿ|`q -endstream endobj 496 0 obj << /Length 34 >> stream -ýýýÿÿÿ§“ [8Nðëîòòò“““èèèáÙÞS0E»«µ -endstream endobj 497 0 obj << /Length 37 >> stream -ýýýÿÿÿðëî[8N§“ þþþüüü®®®ÄÄđzˆqReüûü -endstream endobj 498 0 obj << /Length 40 >> stream -ýýýÿÿÿ§“ [8NðëîðððÖÖÖ©©©øøøþþþÛÐ×W4IÎÁÉ -endstream endobj 499 0 obj << /Length 58 >> stream -ýýýÿÿÿóîñeEYoPcõñôþþþüüü»»»™™™›››ÍÍÍ÷÷÷ïïïáááëåé^> stream -ýýýÿÿÿäÚàƒbwM,@K*>`>RŸ”äÛáÞÒٔv‰Z9NL+>Q0DŽpƒêâç -endstream endobj 501 0 obj << /Length 55 >> stream -ýýýÿÿÿäÛáŽoƒV4HM,@N-AhG[•wŠÁ¬ºïêîêä軥³Œl€^=QL+?_=R¢†— -endstream endobj 502 0 obj << /Length 46 >> stream -ýýýÿÿÿðêî‹m€L*?M,@tShŲ¾þþþº¤²hF[J)=U3Hœ€’öóõ -endstream endobj 503 0 obj << /Length 40 >> stream -ýýýýþþÿÿÿ¹¥²S0EN,A—{÷óöñëï‡h|H&:_=RÏÀÊ -endstream endobj 504 0 obj << /Length 46 >> stream -ýýýÿÿÿèáæxXlH&:b@VƳ¿ýþþþþþÿþþ¯—¦Y6LI';‡h|ñëï -endstream endobj 505 0 obj << /Length 43 >> stream -ýýýþþþÿÿÿ³«U2GJ)=qOdÖÈÑÀ«¸gEZI(<_> stream -ýýýÿÿÿ÷ôöº£±~]qR1EN-AO.BM,@\;PqOd‚auœ~‘š|}\qpNcY7LM-@…dyÇ´Àþþþ -endstream endobj 507 0 obj << /Filter /FlateDecode /Length 17434 /Length1 31492 >> stream -H‰\U tWþö9ÿo„D4"ñ¾q%‚¤!âU 7A„ÑŠˆ%‘‡xDS,â1JÐÖkšM½:C…éÐ5¹*ÞEŠ©NÅ»Œ…Eš(ʚŲܾĬi;ÿ^ÿZç±Ï>ûñíï@ø`4RGü&2jâд À¼\MÉ.È*|æÝõ20‡S©Èž=ˑå[[ÃÉuÀË+¯pRÁçIQsͼ2iÚܼþ}F1݀ˆ.ù¹Y9§vø­¢½*žé™Ïÿ!Í*ß/8ï˜_0«(ìBä:Ϋæ›§½™…ëy¼bçeYE…>鲚ç9‡czVAîÐQ#žEßҟw ߜ9‹~ó+ª¨ß/œ‘[8µdäYÀ¹hæ6‡ö氆¿^‹Ö€u‹?}µj=ÉÖ s*œž)Vµö§µŽ/ÿÿ~!XŠŽ¨E)Žb¶æáÆMOW  _â8îÓZ¢ŒÖžV -^èŠÞ´ïà/ÌÜ1Ê i*Á2„–¿”rKO×wiùOxˆ§ø—„ÉdY¨¨b3ªn±µ¡Œ0Ž6†` ¦á3 •8dz›ÔµP½­÷êëF˜ñȊµŽÃ†Hêcã:ƒ‹ø;ë•(Ãå²Z¨w›ïXóéo$òÅRlÃ<SIi.é!½Ù|©”[ª­rª4=Q—›«¬¹Öj+ã‘Ë“S°Ë°gq÷ñPZñd$OTY-ïË uVÑºÔˆ3JÆ1ã…ÙÌ<æ9ï©fÖëítÃpÊxäas½ŸrWEKkiGKý%™–&Hž,ùP¶ÊvÙ+'åœÜ“Gòo¤V©µêú«:«Î鶺‹vé?ê*#ظjüdϪkë9êyd5¶ºZ=¬k“uÍzØP…6Dü "º¦’ –¢âc漧q‰¸»Ù 5xÌü$6¢©%=ê Né$áŒnŒ¤ÉY!k¤L¾’[R#/TՁÒEõTÉ*C«ê…öÖN¯‹ôGú‚~nÌ5£(;Í=æc[=Ä«êÅƺx&{J=­bÑFäù³ç¢1˜Kf•sðef“–æQ–‡å”Ïq_£Š¹?‹kd¨zëå+ñ#êàÅzšâEyé{7Vfђ)¹¬íK™/Ų\ÖQ6Êd ó{^.ÈE¹)wä c‚ŠPñj0#JUãÔxÊ•­«•ª‚rF]V×Ômõ\ûéfº½î¤ô$ýž^¡ÝºB«/¡F¼‘dL5Nçy’9Ĝ`f›+Í-æVó˜ùYcZ¶5¶Olûmµvo{O{ª}´}¹ýÏöCöëvË«ñ4œÞwÆÏßgDª±Ô~Æ}DÍÒ§ÔZÙù ˜+èA&¨ýú°úxA‰¾­?SŀájØîO«Â¨2/f-NªVø|¸Vg©#j½ -’žº¯±Ì¨"ëÌ¥Ÿ[ÕMeWåÔ¸ÏjLÀëÒÿ4ÞÀ#æÿ¬¹‚9MT7d§úJ%ÉWP¦a=6#WzÑ»ìÁs| ´Cöwoã úgoÈºj€-HͶõa…ÈHë¤êlÝg×ߒe¸¦ŸûoHŠDb;î°ê—$ZÚ£5ΓùÚa#Qûìf~ctd=Át£š5¬û›ÇeÎÒK䩊g9˜{D=“ƒ×‘«êyÔåDY¤¡£ïã´t`/Ú®bÞÇA€½M-R–þÚpà÷¨ÖÃxëoÉOm$š– -0™q8¬»ž2Z˜‚XÄÊDI‡‹;IhgÐóíä¢8+ÃZoŽ5»âŒ “%{1‹¥f#ÏCjV°¯!IVb·'•|W‚$D¢ˆ¦‡æl³ÄÜaV˜GÌÓ¶î(b×ndoãG¾Éf.¾Ç3b} »'œýO/’ø†MScõa ’V($†‘·2é¬äLZ)Æ*öÓ6¾!gðXü$Gp…È>Ïæý^´3¯³ê3±ì¸Dvs%íЅyz.¾«fñ¾zž-%ÏVÒ§ë¸Kæ°ü -—¾âbõ²ñ¬¾—yCO¤Ê.$Z{‰„¸t¾CG¾®Ù£e<—Ilø¢-z›wD!ܓbŪÉú°´àkèKTæËÞ_Þ¢MGdb<ƒÑ›oì"¤šÛââGÇ x­¿¾}zÇöŠ‰îÕ½[ä«á]»tëÒÑÙ!ØѾ]Û6­[µ -lÐÜÿ•f~M}}š4önäe·™†V‚ðgb¦Ãšé6BIIõsg²~±évp)ñ×:nGfƒšãךqÔÌû?͸—šqÿÓ?G?ô‹w$8îÓ.§c¿¤LãxµË9Öá~Ø0Þ0.iûpÌŽ„ |—Ã-™Žwâìü ™.šÛÕØ{sP®wD8vy7æ°1Gî@gá. |M*0¡Ï./:ånåt%¸[:]õ¸uHBVŽ;udZ‚«upð؈ðÿ°^­±Q\WøÌcg×tÁkó²fü\øUÊâµ ¶yùÙui»~@‹µ ¥4ÄI¡˜Á4 QÒ"‚¢¦ӆ±%¦¢ÈQ¤¤ýú£2J“GMRA$©’ªjO¿swfY«Ðª–?Ÿ{ϹsÏýî9cKŠtíUVzH ¡ˆØÆÒ"–Wl£oçÓÐ1} xØì -P{<äï4:Û6G-¥-Æ{d„°oµ5ó;ïͺÕÅ♑è‘Tk¶bÖÌÚ®s×4è֙Æhª5Èc1¬¹rnmܬÅÖ}bC³ŽÝäñ¨%Ɩ:Ÿ„O•8ߣ†5ñº•fTÛÌq\ÍÓ¢¦ýÁÁ9sÂçíwhNn¶D µ"ۈµUç ÜCfÓþf‡õÙã-%ŁŒD`¦¥; ÿÔÔƖ¤M´Äpn54%#+±GFaé:<‰8SÿÙRFfG†á'&a–Õ‰Ùn¥Eâf ‚õ<ßòä ÝüŒÀãÆõñš6G£å>#n2O’TƒÝm[¡UTÄñFp§ðñK¢¿¬¤xߐüŒ±; C |´±m‹U,DøƒA¾àcCajGÇêiŒ&ú:µgRxa(fÉq¶ »–¬léq-ÉéqL~‘ø”,˗—üM̘^³­Â’fü󖄽¡Ùhhlê5f܉mC˸^Â^–´9-kz$ªdËNKÎV„¤Üœ̝¨ßRsñ« Rwy}`¥ÐHz­ˆ¯NüM ïrҐý1ÏâÖ4ÇM«"4¾_9®?Î=¿©Àa5Onhi5Í)ãlµÈ@¦YkèµfÜl²{Ú =`˜çñ¹’o»7:dÿæX¶UÛÃ!¶I`«LU†ÔÛ8–z›[£çø·«·%:(Kr$^˜[ô¼NZ9©åžÎ=üã¦Ê>aÊ>&êVU(D¿cH"¡ó¹:‰:†ä„. tø)á»÷ÇjèÁýëèXS F°!õ»§@+—r¸%»è§sê²T¢`½èZ?5ÉåÔ'³ì§ÙÐS}Œ -0¾ -ýŐ­°ËÐ×G€Å@XÔk¹XÁ{'±F!¯#$ÑCÞ=´Ùó:<›(Ùd£]¨¾K ´rjBʽbì ´À–ç=N…w/ú0n)KôóÔnÚ{=ڋxMœ#r }û_fŸ!#êÏè •ìhçaí͘RŽÓ:Èõë¡¯‚~-úµ˜S$÷Û¯£]v±YÃzqönÊÖaNülëuÓ -ئcß È…@ìYJ>='½JÏ@~Y-$¿87ƈsoºu&ÈU§IÀ>²©`Ÿärûàmà]Ç·ºÛÀ~¥‚¨CYB•=€Áë˗pæ&’`¯ðü“*>²?ǹÞf¨”Žþ5øÙèy‘–q˜&Àß©§àÓ§´¶ö$-€~©|?8¶•È?¥2-—Òp¾VŒ­º÷˜ Ô‚û°!§ªïÓØæy¸ÃsNœôù~q>û#øqcfæ–àW'°?ǜï>CÚ4nÚ×`û -ð5œ«xöo€Ã11ó±n¥Ãä˜{)(`\ð=¹Hp„²€{䯇€ÇÝÀVƒu‹0žy҅5kПÇü`n`-¾‡z‡;àw¡àXâÍüq¬féޖƒ©›Åï…9+Þ Þó‘¹Åœq%ó[ðþ¬ô2Ÿ“ï'_´»D½/¥båW¨!Ç¿ >̦år•É&•©iø6û"Úߥ2å—À Äà€=ªÎD¯†þ'ÀÌû#â™Û'ó ðàæއöÛQ^¢2Ï£è炫¯AŽÿÀ¼/PŸò<õi:,wØ'ÄúŒccðz<XèJöÕŤ>ÿœü“ú[}ËϤ“øÇkðºb)µG‰ì?¹ 9Ö(§³ÀùM̦ƒÒ“DîIz8åà×´ZÈ wxPê6ªzNC–@~Œ§€ ÀMubqœ^|Aÿ - ù"EYÂþð[àŠkKï5™>ê_i\ß³˜fÈÅø&,¦Ûǟ¦¥ê·‘ká[Pöц6vy}´Kþ ô›0oBßS@O©»è¾;ùs'H E"† „ïæŒw þFãúüÿZïnû}øºˆÿZ 8tñ÷Ršt¾*½C+•S´†áôã"ž§i‘{OÐ÷ -ý„ûWPš(¶­êŠßljã<ÛIúEÒöÛ ®ÓÔæ%mºh$Ïý¢cs›NѾèšLBFÖÐ6ѵØeÓ>¤Zê$HК@ÙÊ­É}luBýÇVØJ†&%-¬éÖVP$ë]?’îwïsB‰Z±IÛ?“õ;¿sî=÷Üóλ¾ïÞ ùž„S®±eÊÞ%1mÏÌ{#´‘Ôi=˜¨56ËÆò –‚ý8‘ëüë3vÎUmöú”@m·I †DmwK vD¾ß•¸¦®_’uŜr,™~?Óë|öû‘y9~¿3$½j6ϬïÂ~ñ±5¿Ù^ï3¶ÜKÎÎòùè?ñÑÿ•Åüþ;¿^Žý¯ç¢Øäá“û„<£nÇYu+þ¯‘B&ӄ\>JȬŠÉ+àap/¾Uà_Q´áë0¹¼øú.à;‚#ûTÒQE+œ+Ñ7µ ~9;ÎÔ<èuˆÿW`?ðC´Ÿ’€~wðúß´ÇN} üؗÀß^EVô•]П¶@ø'°ˆÚñ.Ãïò!y¹Î=ô¿Ë7¸ü»lß7Hdšgß!þ#ÞþÉ<ûÎ1ýþ?‰§ï×aU‡Â½éíkî>7ºã|Œ±~\×gé ΔyŽ–gYy~–çÇiV÷6ì…ù+¯a<¿Ê³³<¿‚kÁë‹ÎaOÿ1Y5×Òv5ïàÖºu†™×.W,ÂKÃ²CT-4œu‘[ˆŽ*æU«"V¯.(+Wي©3Æâò:10qP¶GYáåÆÄQؔO/¥²•_±|s0Ÿ´¼•†÷ñ‹Èí"a¤÷“<ÀH'ÿ€¤÷ƒ¢îV9?h•z üljȜôBRe›€ô·*çÉðo o¹7&b ¶bù­ñ9üMäó;þ: ÿ¼ü2xø…h*ϧ-¯ÏÈ`¾ýpßÏ"KÑý3¾ƒàgøäZ¹{žã"1â¥üß©\ä÷“ð}ü^aèþþ425ù»–Ë-ó{Wøæƒü®ysàu^óuï ßN¢€|’œåҌl¼Œçð˜9”EGŽ”ô(iò×a¾_𠙇¾!¾›Ì?Ësõü¿ Ü>”Q0ßS¢¤^’¥yŒ|܅ÕEQñó¨øy5Û?¬šU‰×ð‘ÀPÔÓÐNCóázZN ôØåø{èy>Q~’¤ø$ ô@w äC<¬”PØ8Ìwñ¨„oµ£h}Ørydf;EE¥rÛi•yŒ–A>‚ a1M>jÍ_`tðGÕ£d­ÕrÀ…« ¥û¶ý.0p‡|ƒ<ÃQ•Ø­*Ð÷LJ¼ü;jðU«¬ÜHãí·Áì„Ü ã€nmx†6Òp¸·Z¯áà_Qƒ?#<õú ߀Gß ªµAÌ ¨œo· làŸÅ"ÙÄ7Š»t$¸Y`°ìÝh­j2b|£zàBÚÍ¢ò&¥¬.{ñ¬±JËåtk•c­(ñ¨æÚÂÿŽG¬9ó ‹±I=R½üŠá‚ëb@-²â†å«À¿‹*mƒt½@àÀ‹4ànàEä”jñò•x¦•ø|­Äc§ '†ö[I °8 -œŠTkÀÐà Y€!b¶Ò:€ Ð ä  ˜ ñ:ÌSïdèÆ^È2ä± }ÜO&ñ}ÖqÒí2›hš¤iš¥yڑ.JûÒå%æŠ%Ë ó)–K†hìp¥\¹LW«‹û\~Ë]͋â¦zYálª?‘x'q)Á+³Îl1Š—Ñr2Œœ Q,,Ÿù}>Ô<Ö<Þ̇c‰ñ:9vrü$ª«¯ãf¢ºÉhl§4M÷P‡N£´…n¢ŽvÞÉÓ|wè<Ê[°î”;ãæ1·énusŸÛïfYw¯»Ïw»‹úœyç°ó”sÂYÔêìp¦œgÖÙëtêÅÑâ–bÓ阈¯ao ¨½}#ȬÒ|ª'9¬ì¬²; SÊ6![•„ŒI ª .EœqBùI;“6Ä~m)È,ÀØqsa 2CÌò‡ щ -±¾P>Äòñ&6ª²E–£*ËQŒUs".4 ˆlG”ßüF”ßü¤v½¶ȔÒLÈV¥!cRc#"ØèÏgO b;d0p…l:•¥Kö¤Éº­[–™ë5ØA›Û´P‘uS•Ñ÷²n„ìFÈn‘–´Hëjžu‰µÒ·KÜfSSýX¼ŸJ™JîR]HudÒ¢-J;¨|¼3vä)¥¥ {gƵ+M‡œËY7~]мlZw˜nFæá4I*ÊK*rìˆØV¡çØ "ìY6 IñJÆQ{¾¯ä/•ìQò'J~QI¯éjƒÚoƒÚ /ewš'”<§ä=¦'¤½Ҏ…´ý!í©6@O“:n6«Úـö§€v( =Ðö´-ms@û\@† -?ÑØ")éV%šóýÚ¿ög¿öª_{ů=é×¾ìךüp§çñÑÔpבò1%WjÐômQƒv„ag¢w -/q 0Fï$/‘f=Ç]ŠØÍ"±´P$â j‘ø<¨J$UŠÄ^=îb^ڏ‰Î<´¿Dr™ˆìF·Û¦Ù -*‘Oé9:%"AÐe‘\º$’‹AŠdèI/Ò¿“$Cú7‘܇ðô–aé[¤†=ΉD ¼Ù³ÓH3]‚fAL™}^D}FD "ýܦý"¢ƒžÉå }"¹ôS‘<êáûd¼.Vq'5Š‰jtß/2BJ$¢ N‘XºW4¿Ú&šÏÈ¡wÓ~Š•M“$¢2ýšHFÐÝ^x¯’°êÞBV¨È·‹„,Éz$®Ñu…YK×ȃ]MûUSDbpk‘Ðmvå>-’µ U"ŒÓFއʭ,L°T¾ŸiiÈ@AyNºH.-Éu j9IUf­ Í*©r‘^>ñë/Q7Iªˆ¥¤†vÿZŸDÜËÍ9ú¡_2s%TèÂÿ"¾êc›H®øÌúc7vl¯Äv¼^Öë79/àÄ !‰mb;Wj ¡œÍ%G’Sr È7JU®¡:à(¢G¯R¹Jý8U¢¥­¸[ -Ü©PU×ӉüQ¤~‰¦í©íåt¤´ÒÒ7ëôÂIüÕ:ë™÷vÞoæÍ{óföÈ5á£ô€ðtÒZáïp„vMø@ïG€™…?ò ¿"Æ ï7 ·å!_sS˜Kor°0uh@x{H›á-†].Õä) £ßÚ)¼T„ rž¬áuŸ&:`¢“Áákò a -Ba2}F˜òÂhÍ Â¡¢È% v Ã`ÈK0fpè%¡?ø-¡/¬­ø…àBwX³!5¤Y´#¢ ¾0Ô%tÀ -@%XA Äe†n -ß$>Bµ8>÷ð¥¦w(ø -ãY¨ã±Mô»ôËô½—n‡ïM5 Ez]Î8–±2¥Œ‰a#£g(1ˆ*ϯ.Æ·W¹‘%Ĩ'­^ãYŠ´Ðœ„ …¾ˆÔ2]ŠJu·«MJ*O¯v©[•”Jï~>“ÃøYœR /¢Ô€O}Ø-å±iÏ~Õ µcՑB©½ín«Ô«yŒöfòx•Œ8É©Žxfa¼ñä9ŽÐŽ“ç²Y䜎º£Žˆ½¹#ñ”¦o­M&”õâV”Ͻñê·SÝõ§|V f•Ï¦Ôgº}=™yê0u(™˜§FÉfæñ0u8ÙEúñp" ° †"ÔÀPš€Q=(B`Ðßó ç ;‘‹DŠ ]8G@phvi ýEPüIî,Žk ¸î¬ú~QaÖ -c„Ìp5…AÃa æ&°œ,ÃLC2äB2rrHïY×ŗ‹âËDœÇx]–‹«­A²¦A¦j£üË`ûÿ0ϵMÉ$¥dŸ”„Ú§žv«³>_îÈ4øTÜ7ðâ0¡ýƒê´4˜PH _®-óq†ˆÛ¤De’{3¹Ll0q¥-֖”úÙ¹Î[Ç>§ëÌgº¶žxÊd'Èd[‰®Î±§ˆÇˆ¸“è#ºÆˆ®ÎX§¦+ÕՎS»39µgã=E:G™MpZú81ÛîdG#ÚÑiÝ/s7ô_Bf%«–Jíª*Õn¯ÝNDp¤‰È -ݶ5‘ûå‘»/­‰Xè¶Kíhҝ<˜€ß”ÉÉ)(à㉉¢¯ÝEÁ¤’Ôä˜nR+€žÔ ­wM>‰¦Ö‹¢±hB‰grétÒ}0ÁA?Gòn%;¥¨PQ諵Dß©%úf£³þ^ú/é¦u-Ã_€º¨eøÈî .B†¿AWˆ,D#ºBz!½Øû ÷ïë -µ µ‹µº¦µUY +\¦”‰)Ò­`ÍZÍnxT&bò}o -é%^Rì×Æ)0‹òÙXe™( -§´!Åމõ†{îW<` Ú¯Rø¶‘Îë˜X2èo됉Ößƨ’1nSºwðvT‚xr+ìÃÖG­ìrkúQ+ŠÏ®@³¥N´‹ö4p‹£Ÿ®°3 O‘O_ ×x¥f¨èòÄJáòp¥þò9·ÒÉ>`ÿŠ6§—¶Ôa1,R3æ©gñÑ»ˆä·«âÝ-dF.šG•°•Ž²ãD—îp˜mº%Q+*Ý¿½KfZîM/“E-EÉl -9+ʍ’_74–=Áã}Éþþ$ÔDGÿ¡º[Ú+ÔGãEn€¬zÏêŸ ÏFà -?œ«³s%¦o¾HkÔ4–¦ÔSÂ5–¥=§œg=¯qg¼Ìˆ}Ä1cŸqœ±ÿØxÉrÑõ+×ûœÉèDrܹÝ;ë<é:Ž⽮¿¹Á´YŽ§-ÓÜ©²6ºÉjwTñh?ÅcœÇå1`şØVÃ!^g=TQ‚l¶c»gTƲ#pd‡1>ž‰•ØL‚‰2¥++—ÓëåæŠÜR¶“í}؛~ 9ÆÞÜüÑòf—–—ûޖºT÷L.ÄÄgbUN¯ÑR*»L ]B9Ùâ4Ñ Ùm  !€!N!x‚ŠrâîC½cX» í’,K~#m¬(w8ëCMFðunpTՇ\Z—á¹êŸ¼ñÕßl‰öÜùîì½éñ]üÝã·¯¿³·^ûAO¥o3myÌßy}úÂüµÇ÷¾3zfêØÈ[¸# ÷"U›ëɎ<añ±a'ä _ÕŠ±&oÔäã)¿ßãã~?çã±_2ûx»_rØ!Ÿg<6Nà(.b6‘Ãì‹&\gŠ™FM“þ4”©Ò'!Çñ ‹" "U'ÆÄ⬨‹±mÜÛ;6®@|A qßK?ÚJL'q¨Ãõ¡¦Æ¦Æ°½!…Å -ÉOwØ˝ÎzêãG-µ-U«Ùo®¥~Ix›ÙoV¿{H÷•á†ê5~åàÁRbïX*BæípÀ -ÿ}ÅÒLHìXi3ëõÚX/ÏÛ,ÛxF³Ûå÷SÛxÚ/Ù}¼s§„DV¤DÞNj¬×…m<A¸Ès~d·Y1æ]"ÃÐ4¢\NÆV‚©«Í‚X°åøn K¬½Æ‹8¼›Ãˆ; -þ;îלÀ.õŽ“sŸ&5^¼ˆ'XxÍÍØîhv4CsÚºI9­?~A§›…h+ôgf[ß9ÍÞÁÄo$ýB«jL) #kkBã¾QqÖ7+~·÷¯¢«¢EïӋA}µÙ_ôÙüêóWÊÂ@~+s?l9fÙóøM¯Êª^<Ö«/×ÏY¦œ‹²$Ï,q¸£ˆ±–EQ~õ“µ7[yԖ_ýp0@ÅêŠââÅH®hlo¨–iØF+Ua—0ìb}=lr#lpµ,W‡ñcê{RÝ.ìký+##Ißca4Ã+íÃΕëÔ³_V¶Q€YÚÕ÷éýÁ•NuxÿaÝ»U~*7[Bú‹°»T…îÎ#ìîØ.ûØ&Î;ŽßsgûÎñÅ÷ØñùÎç÷»œ“óù%ñÅI.vœ£ o³ÂxWªRåÅÑ -+Ú¤¼ukÑF£[5ªݺ" -¦t¢[Ñ´uh‹¦M£ŒUkÔISÃ&-cªXž³£½H³uÏóø¹“-?ßßïûùýh=f©»É¥'À$Ÿ»ûT´%©èRV±°C”­H—‚/– …M^œtP0âwGü‡üçü„ÿxùBQ€ƒt#FC/Ó#4Nï‹c½€DŽ¡®š­IhÖÕš1kAíÕ³3píEdëÈ"QÉ'ð\€Ã’/žQ "ۜ1.’Å°š)$ÆLÔâYn`=:®\çBBäã1Ë}Iᱬ ߑp%¸xÓÜðcýÁà€‰j×æùï¾´åOqÏþññçð­óGwé¢,KÝ»ˆ=Öjê•ñwD?=w?yzò‹ D¯Ð J¨ù¢Ñ·VN³%ñÒ -aih©¸%ô¸Hzßж¶ì“Á}Á}âQévðÒT–:ãÿð)ÿ ð@°g)ºŠÿöJíŒk ë˜ÑÂЭ£± D9–DŸ$‰¥.aÉPù|t~üÕ¸ö¥—?_ŠÎç7ø£„Œâgæ~ Mì8û ‹£?´Å£u6t¾m²/N8ÜÀɐª£g85ͨPñdŘڜêLvªO*ǔcÉ ÕäÛMú¿1»Ü`±Lg´ï¼ÐG6ÆÂÑXD«(º–D6bp᫨ •`\ r…Û^f¯r–9ïzËu‹q¨ -ã²Iö|;!åYç0Ø vƒƒàE`ë°Là‰**Ý^¡`¸; - ¥p -m]‰¶g=U ¿¹¾f±CÓ3æ*¨ÞG 9m֑Íé´HR]Çà'æ쌹€ok][¾éÀû׬7b„‹`pYI¨£®íÌ~×3ÌóʄzŠyÝuÃõ¾ë}¦{C{›…m4ՙÍú8ýÍúl¨>j©\òhþ…TM´dÇ;-Œ×8NüÄ¥„?ߺ ً÷ýÌü?ncŸm‹ -=^YN=8¹gBÛ6~ýÕu÷Þz¤”="ìŋ¿Ú¹4-e3ñ5OoÛöüÅ¿ ;VÇî|´uÛÆՋ>wè[›_†ô¢X¯¥*Dô»\£ª¼$D硹cJšm’Å¡º9 sÛ¹ \•³ù9Žå³ƒ0@©ÃºÃ4å -Óñ Q}ø‚ÑɑŽ…‘ÄI2Í¡?ͱv‡£•  U€¥H‡¶Å±”ÝNÆi ùªSBuÁµôò‰ãìmÁ8ð¬áÑÚ¡¥§â/îä« 5QóSU ÍÍñ«?1ð±Z³ÓbÑËéI‡D<2”Q­|´ÉðÖ¼¥ -:ŸŽÏg×èÃøqÿú3 è6,ª.µ¯”éþÜõ³¶Î÷œ²ìgÂÞös&¾aç ÉÐÙrÛMÿFÜ%ÞÃÚ±">h°u[ ê9£8Ðq"ÿuòlž(YEԖù«:ø -ùZúõâµôOÓwâ¿KßÉœvæÉÅä`Ó ·<¿žÛJÂÎæσ«à*Ek$8T:cûfú•vV*—÷”Ƹ—Ù7Àùž›àÃRå/—¾P –Q8ëeñ‚õ+·8ý/Ó('Eª©V5%«)¥¨]Ònh„MëՆ´ÚWµsÚ÷µi¿Ô~¯Íh®=Ð ->*N=A=MÙpª@­¤öSǨsÔkÔϨ(§‹ -R{(Â祾1UÑ7*[³…exn3³Yœ7µƒá£üf~7Žƒ¿É“à?áÿÉQëz*êÐLe¶¢þ؄feÖDXGÀ¸o¹GŸWW³è>‚Å,Â:œ›†u?óZƒ§^´éðç,º‹E]`¬qWh>Ì㘹¡†Ž\wOHj€„‘ɸìJè wÄÁè˜3‚jî¢+‚ÁPc4ˆhè¶"X­«Uaq¡ã<Œ^`¬bbè« =y¡#“-Ÿ©/÷Ÿ> yŽeK5Æäº8«¥H´xõ§´¾üÒÑòhä9£uQR%–ú֎ÝÞ5q–s7ø…`$·c ¼±á™BK<ÎŸÜ>¼ãÒ×íRÂ^žª­í‹Wj˞[Ry$99ʈC™ì_q -èKWwve¤ ÷êÃi[ù‡µ€Õã]BaäpÀ<ÍQ® -îA)1N‘„Ëåcèâ0 ¢JÀ ¯‚Ô¼¼"oMFw¡·£¬L)x›b(eeòmå‡Ê» -©¸Ýˆð@Òã5 hƒ,ÃwáªZ­«*5þÿ‹êòmâ<ãø½gûìsî|wþuþygߝí؇}.q~_ύ6I™ÖQua”2&¨H¨F¬ -¿ -m¦ :1i)ÚèF‘Â+4]ÕTZ*uBšÙ$–uMQÕ²¥-DS7Þ÷h—?ÞçIôÞ+åyžÏó|ŸAk ó÷'ÆÂI,i'ÆB Ë^å -„±¿ ú Óà«;uݺšm\Í.\Í~åêü‚ÎãgðhÑm¾\FÕFŽ#);ëHiéh$!):H¥ìJř°D°Ù ¾J¥3(ÂJ‘tI™ÿ˱µÂª¾ä ÃÚ)׎s®+v××Ë49lvËéSŽÓâa°Úœbœp+µ0uJ y-øÚžGht×7žß¸çÚÁž]g§[oA‡(wOW˪GÚ2Ýk=õúžÁÚџ~q°Øö¼ý—ßðÅ¢dªþ‹{‡Õ®UK.Lÿeõ'M’“꺅þN:Ý.´ˆÌùŸ–·ÐߑwÑ»Ü;¥Ó¾ ¾ þ«ä¸ÿ-i\”þ˜ð6O¬FLCÔÐ4"íÈÚ-éƒIú\@Â?Bé&gòëö&X¶<:‰X® kѤ…‡Ðº_DFS·¡Gp19FÆ;îaûV³^ª9vA.zJΰÖqÜR:¬9½X$€lŠzgvZ2av/Ïp݉å‚TÃzŠ# Ü¥,~`’·ã˜7ËXÓ¾12p¸m¦Ü=¹ãé-{§N¾¹¢£«—¦DQ.*¥§Vµ?ñÈÚ;¡ìF‘Þ;9úãuËû6WÂá–ÞŸºÓ¥0+O++€ ùS}ýû6{%h÷zÛ]„ÄK¤(çiWè¬,Mªœš¥ø¹ŒÎR28미ôC Lm\Ì°¸;™ö;á)‚pñ “rDˆ‘¡œ@DˆCO"ò"B(b4(Ãf ÃÖôC¼V5ƒ0F Ґa#21/fú€²oçŎý¡‡MÇÒç¿ÍV±Ô®€À^fù»³ÿEw« dBÓ¬äXŸ–RS$åM7g²’ò¤_:CäX8RB2ƒ2œžYX“€’œE‰1Àø”ÜEc <ÃÞ]â°:Ý›?,˿ƞžYt.øæ¢ñEž}Ü+‰³Xí·è6t t tã×û-Mð€¼iŠϵõ·[—mí¢™b÷‘Ç·¥B)£”›×ö9zþsí2aOöþdÍґ½§ôŠl Æc¹úáã~ùg¯ÿæ|Úw¬Q¶*0 ¨Õ\KyŸðWý;ü[χvû)÷ää‡ÂuòºmŠ -üËöoÖ=€~é ”ÖضØv(C¶aå í°çûI€Î¹î‘‹¦u\ —ÍUu$‚Z¼Šš/GÓ>§ã*’Ƙ&:ˆ³ÛÙ ša¥ü. ÂÉìqœš<%l͐ÐJD ¥¢lPn+v%‘m,]‹ùò,+y6],YUÃ@9Õxć“ Vq¿ë­Wg0ƒºŽ‹E×Ë…su¼™ÍUgÿá U!0&ã©hK’Šye‰ˆøƒ’„¨„čºÈéûQUÇIDɍ‰‡è…ü9K` تõûôºß.oêPz®î®m[S?üúgj* –’]èîøöo.{:xfÿÈþ÷n¡À§g_ÿ¾ìmé?£B(º ÂÖ ÛRéæ3¦(Ÿ¬‘E8eŠwÚs:PVàY†ñBÃ×yŽÑd礂4™f£r´µ‚4Yœ>@yÏÁEpæ±Û0EO…3dã¦a3@,£[1-…¤¬b‚UNdnæQþAd‚žcjânÔ CÞ`Yo–Á1‡‡°5ìâR‚©1$H ¦ÈìcN0# E0<³ÑrkÌ猓 'Œ¢AŒ?$ÇÑfD°ê‚܉Û"̸Á™AB–÷1?¯Ï½ÙÃâ¼ú@÷ցïYÜFAjCæÊNlNŒ8Õ@ªÖÜ¥d« ¶¶´fJ_6QÜQcŠ -ˆ–ºéO¬©ÿµÒê?zýùòÞ¡Ç-= -ë/Æ3ä1ۊúг¡”MÓP´ØC¾²i…qb♎|w[’Ž \ÀÍ[G‡6á~šƒCul'šˆñ73(íÄ -'^"& ¼—Q¢&{q UXM°£†49öú !Jm¥Q -Q&˜åÜ4l þÚP ¦-Ë0+³$› ‰&×n×4RŸ#pSPãË Â~æPýÓ\F&o“ïz¦ÈOÉ/XGœŽ4¥cŠ¢¨í±o±›ÙÙ!aû£èIöwŠÿuä{™›â?áý$gãéHÄÛìu4䰙DR.ëÏ $Å9{ʕ— D“K¦)¿¨¤d-¨¹á_ã듓“•údeÏ_KZõrÔ|‘Ј¯ñ…¢ê•Ç$Ƀ §ìö4Éî`L”ƒYMÖT…&áÕï—²&«ªšÓ䂪Úï“ÀÌ|µRòøáCžãžÇüðÇJñÏyHä*ÊDpÓˆQ茗âë%è”fHÓÔ`À}³x»HQ ,w£` ˺‘û*½äÙɏ#P£H2ƒ±Õ\\Ž“ñ!I’9BÆ՘ËYB–'K(×Zv:kφâH}hÃìéå^@Xš¯ÎÔgææªõù¹> Ý Vžår¸—Ÿ› Õgp!X2Åu¤ {^âo?RéUìU ¡^ãg?AXçW}ÞUv•X'Âë ‚‡aoÚKok2@Qÿ#»Zc㸪ðܙ™Ý½»;׳³»Þ×ÌîÌì®w'›u’ÙØNÖÙ릉›GM‚ È“BH)M€8D©¶Ô@¥u@MD¨U+Ú? qã8E¢ŽR% bїRP% -ªy(U¥ -bsîÌ:¨Ô¶î™;>sçqÏ÷ï“å8°(+¥µ ‚œøÿº|ssqEϵ>ÿØCü4¥|!_»ÔêÙ´”ߘîªlwþçøC²Y;X* ë&¿²ôÛWºM¨¶îXjR6þê@S¶m©< Ì<âKLa:€Yjp4•!öAS‘"rG ‘H„HèÔÃ-ðªèáh–03‘´àJI s+‰*±J¦ë®‹;èd‘ZÏsMaÄa‚y|ÌPŸQÏ©BCm«SêœzKU–¿ÆuYœ©¯v»ð]T6-Uš)¢:™=Û+Í¥ŠEá̑‘áý;ž]zê \JïCÏ|«U<¶„¿Öï£ð O|òÜvР¡£\}†v_Ë J©Ÿ ÆÊQÄÉ©² -â< ¬x‰-;®@Œå{ / û¡í…éA—Ejƒ+›³æ-ž³¨õ ÅEj=mñ–¢*¯ÒyŒpGKz–fq$$N›°Æ䋕fÿ8ãJó|×Á 3ÌÏ-rþµ=ýx/*°ˆ†^ÐyI‹'â¼$•³¹L.$%ªVà-ó:J†Të–óÔ‰U.Ät§t.'¦*œ×nßÔ‡95=hmCÛȑˆxHšˆLCéIi*2E&Ó¯òWð„ E™èž’'£“ÊTw¼äØø(Ð-´lèÙ²o(ՔÉü˜ð°¡l?Ëhéè￾ÿè[¯-üõƺm©¾ou]¯Dµr)#\yô½'®}ÿYÔså:r†ïÿóïŒ oO›ƒ{Qñ…‰|‚1ÉЩ߀¬¢ - ã2ÀZ„øàñ/ÓYÃu:Ìqò¼Ñô¦yÝ?­/Ҋ–t‰ƒNáÓÑ.WɃ­¬y¢“ª„ÉTŠ3Á“z„œºjä=B¶l£Ê9o…×*ToA½çúÚÊWÅpUIχ•1.üÚËÐދ'äyù–,€}‰b®ª¤ ÐG5Ëô«Éô¸Àu½˜-x‘jjҝ3Ñ!q&1yóíÚÈg•W:çâ"YðõԂãÀŸ#{æӦ갷ã0áƒÍWR¾S`^!å›A@8@€Úõ±õoZÝ‘ÃÑ|¦š( 9Òè_’`¸Ü+œyýÇ{·´7o¿7 %Íö—¾ýVÿɦA²ŠGyqW2—™ÎÚ½¼À¿{´–œ~÷&H;@¢Uä«IKjWKWË7ÉßÈGD®’R­Ÿ¬¯=ŽOZ'íçñsÖ,~ÑÂbDŒ«‰È0Þ‘(¦^]kp§y!Æ:ˆbµý4£r´…ƹÓjN¸ÛN·‘>52+H9‘A™Yt€ZéÓÉÛª*–YÕË*Vý&JՄ‹P¹")òEÏ%bÅõgfŒÍWT ð ÅE ÷Sî^÷›î„{֕\U A>HáÿÈÌT{VŒeêñH€Ý“^ÇÍ VpÄí8é…`82ȒRpAjÅv°•°`H–` -Þ¡M†ÿð; ðúð¬·hV(~®fO> xÖð",Ãâù»+9£ Þ -4hO7|Á\ $ C,C4é'Ž‚Ue7Òu]ië³ËšŽh~„ ÏCº—èå]âDè¦*äŠ:$Š:d‰ÚJ -yŸézD?XäÈû»½Ò á®vƒ†à]XKò³ØKux4Àñü´áU¡«”êÐ_`ö ÁA©-§4»ü¯é”ÁâÂÅîB;’KÛÜÝÞ6ʍ€‘ÆÆq«ìù0(úƒ`Áƒ‚%¬cìäÉCøm2û–b'úø§sð±¡ê­€Êc#OîÙ|HÇÅd‘˜õ_líl=ü³ú='´s8Û¥&»…ËK—Ÿ|¸ÏΦ«×~°gäÔ®^‹v?¾±Ö»uø‘þOï;x¶¤(`£¼|›?¸Ã¥¹ŸÒØžŠðހ#\zÍÀö4MH<Æ#©€{1Å>Úü0‹b4/â™H&‹N ‘kñd∦Å)|ü¸/ÂM·Ÿ‹ÏDžx:Øj>/ȀZ¾únï_„)×¾³0ÖnÝaç`ŠÈu¦˜¹qÔµ.aAf¬òIƒ™ÛõëûÐì;ï(e2´Aß=3z¬+|ôÑ_߸³ô¾;/ïnä÷%çö š§ÐGÖè+GW·—k„3œ‰~r‰³áé~ ZϞ·ùP$©E¶E‘ŸçžÏÍæÿÿäMŠ£n‘  Šã ‰ãwe´,#&‡-K±¸eé¶aZ–Z8½?„Ø3Mø'Õ:ÒX—˜t“@ËI ß$&ß$¦Ü$&Ú$&Ú$¦á$¦Ü$¦ÜnHH‘PAº!ñœD$^b2.l3Ehƒ‚³; -Îî(7»£ÜX<_óÿ +ÛÇâÙ¯ÖØ(®+|î<Ö3»Þñ̾fgvÆd_xÖ3,±‰—¼íń;e ´6†`ó²ò ÅªÚ¤±P+%J¥&RÒ -ñ£ú#MJ¨,U¨TE‰”QþõO#¡ŠÊ*AÑÒõöܙ5¦­›Vʯ¹£ïÞs»{î·÷|SÑPÀÏ#óf†q2G3L_ÚH¼£ž+gqa©©ß¤¦~“¼ÅÜc'Š2îŠDé¼ô¡ÄJÚ=MA·,ɇ© [Ö´]«Ýéѱè*:¼\½àª¹Ú1W¿cI ÿ‰ã·T<ý+äržÖjoîú†û\—ý °iéÙþçwŒ|»#¿™ÌEצ2« =TuÕ3ôgntë¾ï!³T^Õ¿;±1ÕGÈ5WlPù_áî™Gގ€BŠ •ŸGb]ÀJ„TdVæZœ˜“pÔ¾X_¢O‰$FÔÝüîÈxz†ßœˆJR'Òû§äoEæ'ÕÙô ó™ü ö+օÀŸà’t¹x®¯‡>—ns` 8™W¸tŵ÷Ú"!L$¢D£”CF0™ÖŒ$—'y«`äA”EFäCT£&~³hÂPsfÖÈUOUXõílå EÓ*«†3 3 -" öitÓ+²„Ý£È1E‘‘ÀT•Ú™cN,¦£%d’?›7MÆ´ò†e8«È ó¹¤E–MÕJ±Ûv¹ÑÓåŽf»;V’šÞeWBRàob~i[Uõü“¦±@:]Ù«Uå7¤L1:Nëø±!²ëĊ8*²¢Öi/0ãgÛ·+¹@ŠßG•I ¥kÈ&=Y×µzrûàäÀ¥šG$*4)y°EÔ2Q"åríZŠZž¶-aNþ=?o'­cÒ-jX–žy‘ÈçÝÞò†óµ»¯Ÿ—…^¡—=µ’Ó­*éÆ'g±vÉ ·ÆX7Ê !VVÄ;áyÂÞÃÒs»»=îžíѨ«cÚãÏsu×m!ìÅÜìúkO^»—\X—1O=Lw:ä=éÕÏ=£çî#q{ƒµô·UÌõ1æg¯:¦”Í®Š(»–~Df’ÛÖ -Ù,«©‰mèŽéù —ͺOÖ5zÎ)KUv™îožk a¦•–­7¢ñ͉‘áÁðþuýÑÔnû ý‰ÔûTj!õ^J*D ±èÑ«P O¦Z¦Z_q^‡×õµ0®v­Žhm1q-aÄežð„3°ºFXG<_ÈX’ãTu-¦ëZk8œÄÒÞ$a iwtM -·BK<ï@†š„çõÌeëÅt[ær:ÃÈtí-}RºRbK”dáX¡«„¼j‹;q&¾@؊ʯ]kæ»òy6ÿ~»ü‡Xu´u%¼çRÉ¥Ñðµzí"—@ÖqW˜ÒÃgX^ì[\T(m"”Cj9RžlËeȼԤ -x7Ëwòån†´²ÇJOþí3ôÅÃ+âør©zG¹ºôÑÀ×lòY©°þôÌý¥Í¤loXº>Y<°cjK×úM„B[2UؐcÎýd÷Y“Ì]z‰¤^¾?[d²Y~Ó[õmKïÝùxÿƇ*ý¹PhuǏáV›þ?qæ˃¬YÌÛÿìO¿þ¤‡À;„w‚¯ÝFkñ¿G[@¾ -ˆį¨§o#yÁCj'Àª1é?˜¯Ýƚ -@ö1€Ü@¡êÁZ硳Ç>|øðáÇ>|øðáÇËЖZDG`ÅÆÞéÈw:«—œÛiW‚{¡{@ùvØÀ`uËÐV€‡`û<<°kü‘Ýð(<¶òg%ƒÓد-ûNØý°¶Ã(ì€qØaŽÀ“ð4œh40öî˜1ŒÙ‡1‡à0÷bŸþ竹+5vÅ¿iÆjؓæ/ÒðòìZëéŽs"ά‡mM› æš6‹ó?hÚÚ¿mÚ´ÿRÝÒ?<8hí<839»}òé±#3û82=ñåo@¶`چa/ vbÒf`f1“˜¸1Lò ¦ò0Ré´§aç&a -S?óÇÿ‡ç¿Š'h¦ù\…^ æ1³28°  eÙ¢I%/âC‹zË#ìg"øø­öÏÛۇ *È·]æ¡›mî2siêùoŒ_y¼­÷º  nô™O»«t<÷þ/Œ›§ê?”…nté¾»+ÿc ‡õ -endstream endobj 508 0 obj << /Filter /FlateDecode /Length 37604 /Length1 58304 >> stream -H‰\U P”Gþ^÷ß3ñD„x10r(ƒÁ aÅÌ!Ê%Ȉƨk¢ Q)ðH\¢R¥D×HȚÁ¬F»A7º1Ä+*kDÊÛ]]ט”[Âô>ØìV²óÕ?õºûu÷÷^¿þ 3VA"eÊôˆèÌä´uÀõáÜ;9«Ðᴍ­Ì®ÙZ‘µd±å‡âËoòØÀ|,ۙSøçûñ -¦¨œ‚eÙsn=¢]ÀÖ¦ÜyŽ¹'gÊ~¼^)ÏšËÞ»7].r{@ná⥅%ÑmÜnzî((Êrˆ÷Ü@#û÷ü Ð±ÔéUE¿åù~ìoYà(œç·=öE åkæ“â,Z´˜y󯥶}ÜY<Ïycxs±nºz« €šþúÊ -ôt 7ø»ãž [Õ|XÝùúšôæÙ¿ÿù‚°ïcRŽ ð!^@ -*0§ð)º`5€ ¨EùC ¾¤P‰Kx Ÿ‰kE2®R^Ç'za„¾ËÿÉ(ÕØËñ؍ƒT@ÓÁv’°Qï¼Q7À¡ú„¾È­í¸It=’غ…îÁJ¼‹ÈÇ7ºµ=ƒÈD ­ »@ʍ£LÏÇHìÅyJfk–©‹ö¢€gí"_jÐÍú6þdæñJo¡”ïAƒ,ãÕXŒç1ý .‘7EÉ8¢ÇêJî­Á#&ŽI3óÃxÌÁzìäl4á~$/BÛ©Žq†¨öÓMÆ«XÎuµ³WƒOp€¢(Jø -_Ζ/"•Ç6¢š÷ÿ §)™Ò©Ëjé£{j}[k B3|‡yÇÉ>¼ƒ ”‹þÆbÝö&G8Ûpg˜ÇUÎûxBƒ-â ±RÏÒµú&sñ€?†c*f£Kð~ǧz_áŸôTtbÏSÆQµ\=ԛ8·ÁËܧ°÷t^»œOiö3š8Êîdá(†ÓdšF9´‘6Ó~ºD—„Iˆ…âžtÉFyŪ”Žå•z¡?ïkÅ,äò ¼ÁÙÞÄñÖâ(Ž“S8GÔÄó#Ec—8%®ÊÕr£ÑªÖ¸¯¹ÿæ~ªË`æ*ÇyxsþA½˜Ã@ʧEt™¿#þ »ÈnÒ*‡Èä ™.Ke…üZž4Š:㲯ªÎìp/pŸÑÉúmÎÁļB`C †qýds5Íg~NF1VàM”a×Ë&ì@Çý%Žã<¾Çßù@Ì9w/äª[M•ô ¦£tœZè§vˆ@F¨*ƈx‘(rÄjF…8-šÄÙWfɕr£J †¡U4#I•«S£9ԜdÎôø¶õ~Û ¶ô¶«n¸{»_tovvßÖ3õ2æ„p f¦k™e%×`5ãc®Ä}8†oq¡ƒë#¤¸âýÈÊÕ`ãSCãh§ƒŒóÔL·è=\ÄBr5‰!Fp¤ñbœ˜"¦1rDÃ)ŠÅ>¡ñ™8 š¤· ’áÒ!ÊJ¹[‘çä¿ a،c”1ÓÈ1JŒSÆã¢ñTù+»ÊUUꈩ)ƔjÊ7m5}jºcj5›Ì)æLó -ó9³öbµú ǽ¿üE˜NÑ"ÕÓX*šù^øI§ZK©œ1“˜! äùÊ¦‡ÒB—©LæÉùz—LOdÍ_R ôW±2ë ©N´ˆÇâ¶áC3Ä] -5Þ¥ÏE‘Œ¦öMÔYÃÇ(Qwq±âujGe‰,ÑD¬ª¢fU%ÎÀb\Þhæ[½VláI'Ež(Gš£ž"óþ‘ZÊù-Ji-—èLÃø:!èœôDz;G ->”"ŠTyÈtZ!b•øËIR$×În,àP!BXÓì¬&g)~ØÂzÿØ}¨]±ÕEUÎu¶SÚ0 ‘xY4"–ïÆMFÖ ¹K)¶b…^EsY÷'±~ -ì§|D«¥/s[ÉïE/ÈZ8‡w}Âúÿ «~2=Àkdá›Õ€P£}dageÊ`ý-gÌÅËÜچM¦½ê,¦/`XÜU\åWð -¿9×yÿÞÅüfc§acÖV慽ŸõóíÕÓ»G÷n]»t~Æ˳“‡Ù¤ )6»51Ãâ -ÎpÁÖ¤¤ðö¶ÕÁŽ_td¸,ܕøk—%£ÃÍòkÏ8öÌþ?ϸÿxÆýϓºYFaT¸Íb·Z\'¬–ý4{jÛë¬é×ý{R‡ýN‡Ý™í€ž`±ûå&X\”a±»—ä–Ù3x¹z/Ïxkü<Ïpê=½ØôbËåku֓ïhê0„¯=¶^À£3“rõ¶&Ø]ÏZÚ¸dÝ1ו25͞Ð' =Üæ¢ø,k¦ Ö±®®a.ÿf½Z€£ºÊðϹû(MÈ&¼“@wsÙ`^„‡<V6» ÛæA؍©n t€h‹Ã£¢¦ дTíP†2 £†h¹ ­&:Äq:Œ:X'0}¨•m¡Ã€3Ð1×ï?wï²Ù¢ c&ßþçüÿyüç?ß9ÿ¹VӘî°éQÓø7ðjh¯¿¯r(¹oÀGk9FgG{̔qž#¿ó֙“¾ñÁäÛU ^ŽíδÉddò?W“ÉÝ~óhc,Óàßxc˜"M$£˜xBØÐìÇ\¢'3µLèçuðšìÕ­3"¬Ilô›÷ˌõɍ lLaÒ¤¦íþÂÂРõFüɖ˜0—ñŽºâ¾ñ”lÚ~jJÈ?e´¥ª²Ï—o‡µol^ª“›YX—¶©’jÎ¥†¦t\5öÈX:˜þµ~x3°¦…ü³n!%×.D3üÅ5ô2;±Ìû‰¤¯z÷7]AŸáOÞ ì¿ñч£5);è»A\d–¤‰»S6+*Ìòr&ˆ'Œ…KT}^Uå¶a›|~„Al;âµÕ~ ÀÛ»w DkP1»cvÝOkŠú)T]7E‚-CŽeÂ*¶t;–t÷„¿Fü}1Áô–¦ÿó|ÇEÖךÚÄÿ`^gÛš†Æ¶˜?’L¤bÛÐ2ªfÛ¦m©’fpS"RË P¯©-Æ -ü»‚Q#²!Q£Íqá˜,q»$Š¤ -ümOÌ•X¥݊ÿ/¬4š?júõöo|L p¬¹—·»¥ÖdÖVŒ®/Uå^NRÂa½T4´´%“cFÙ¢¸¬’ɨá&Ɏ«{á÷ÉA“±ä¦HÂÙþë§{‹Ìè¾8±^«µ-ë3´=}!mOs[lЇO¬=-±~¡‰pbY¼o:l±A?îg¥¬e%Wü\A~éè^Õ¾h0DÔ­¬ºR¨úڍ”Îëè4Z; lÏÑ èt[R:þã›"ÜËä€:Xñ*õÀj`$B«}ôɖ‘&_­¢ZƟë3î­˜KÂ^زŽzt|_qŸ zw Vñ5j„­˜ ýý -¢ýã¨7C5$¡_| T̀XĀ•ÀS@#ښÀ·x r?µ{¾D®³äsµR °eCŸÊõÍ@¹žë˜o®œJå(—ÀV晊¶g­KlG»Õ®ý6S7ìKP¿(ðì§"È<`ô…ç8û Ù ÏðZ­«(oƒËQþ2 -_ë WBÿ0ʋ\ôùœ¨±Ö¢œòbÄ&å ‚~7¹ÚçÂÇNØÇ£.¸-æͅ,ⶳL^Њ´CxS] >½…ÆÃ>Vëæ5;kbÿÙ§ƒ(û— Û?öUÜöíSYX'窽ڙZëaqŽ6É£Ö5” ÷xŠ0<hÖ÷!P£wÒÏTë¯ðq¹ë5š‡º˜¬Àc¦]ò:…`«p¿ÞtÒ1†yÖ-ñMšê҃X/âM3à{œ¹.LG»fÕ¿“¦é—¨åÃKôçtœì}dq¿â%ë#Œf`œAà úOÂüÕÞw­u¤m/Ãö$°™L‚}¯â0úpÌóyžÃÞò)Ì=`ŽƒÔþ8¸ßŠÿ …‰À$`Àó¾ü xø.·Á¸Ñ~üxš9ÃÜd~07ÿÁ'ÅYÞÇ͈ sÌ>3?Ñ`rò"ëe5>c‹õE…cțS}SP¾:¸“ÏÛñ¶»ƒ¿Ê×L?ÙÇ;øÇcð¸ªÚè:åYïA[Ž4ŠýÔ o£íh»vÏüÃÕ.‡SøÕ+Ù4âŒÍӞfêóè'ÀN”+!O'í:Þz0öÈSn|*0Ä2ðº#ÀAàWŽ-<םô™pÑèúëÔÍЮ[ÿdd·×wÒ|Ì7__LЗéy†{µy¶Q›Äý OØYuÌ3G6Þ͟»A{“f©ÚÝËï|v9?ÿ¿Æ»W`w*®à>¶94V;O%­­r+}zêq'žÚupqœ¾£ôéý³õà -IÎÙYúìzö¾Þ­.N᭛‡i>¼@Ï2ô¥hÿ/î«6(ªë ŸsÏÝ»»®—]‚p€Ý« kÀµ?¶Ù»4|LÀhh'KµÆ©Ñ«M¦)ÆT-45ÚICÓ P–»jµ•IÇdÌd”Ît¦þPlí¯þ(IZ;iQúœ³»ˆF'éLû§»ó¼Ïy?Î{Î=÷Ü{ßÜ«;.‘´‹ð]ü¬®¾õ9hDr\ΉÈ=v®Õ’íŠs͔}LêWpÖD¬ì¯“ƒòÙ”S䛓þ¥ä%)ëúˆXWŒ)ý©û“º/÷ÞÌÏT/¨g/“ðZp8œû;ù¾¸kϯIì÷I]¼Kþ|O̝gâγgåA9ÿŸ€gçà}à½ÿõXïñŽð²F]I*´¥¨=×Wo}HÈxx&¾ xòÆGÑþ-ځ"´ßíxiÆoÃ>ï¶Òí“j&êwBöÈq»%Ñ÷ÖMà¹DŽ[çù×ï“Ø•è?~Xváø)»wü@9ú¤òüú寧NäGûÖuà@5p4Áã?„߉1~'ê‘ûœCÿ«ü óÇåä9#˜âϜ!þ^ù…ø®3Gêþ§Î÷a¹ÉùkSæó 3Î]Œý㜠-ÔÒ^QSŠ:ZÔ²6ÔÏ¢~œdqn{\òÌdž»Å7PÔ΢~µ-AͬÉyM9Vœ%ë&†ÙõXEEÀŒƒ‹–l†„Ãʜø%»®ô‘„Ãp͚%=W­²²dã‘e‰Flá¢Àµð4v•üPØUv$zÅ -Œ…u(ûqSJ8éF½b²?Ä|ó]؇ðÀ.‘oÈn—,}F ßgïtÔÕgØé¤çt,mF€„wâR(†F1@%Íì-Òt -=HµÂÂzY/æكþnÈb èT²Ž½ û3B²Ÿ³­$}°Ãdø%vHò›àLð°ç€_‡.¸+©Ÿ ÿñ¤ýUè³Áǒ|ö,ðè‚_IêÏâÓ#úíJr7ÛiåpO8þ\ `hFë0–î°¨ )û>Û&GÀÛŒåj³ò¼òµÅš胶aéÛ°rmX¹6¢Â՚ŠiMÄ,b­ˆiEL+bZ±*%l'ÆÛ)6)¤ÈÖ}'Ö]Ø£ÃÀˆ´¿Ù t =‡u,Ĭö³­VÇ&Û[nBçØÓXj“=››踣9§‰NK²[Än–ÞÍ1çtaÝËÌN0¢ž §±M什B2 }À—€r@e›,_1?˞ ÛÄLãíJ;kWÛmjI9M¿À¤opNÒÙ"D@!ii“³Å¹ÛÉ<Î\g‰ÓtÖ9mͬu0ÆY1 ±Za¶øÄ°e_±d®ÖV,étu»¢®a׈ËՆµmTÓl¹Z‰fjuZ“Ö¢íÖ:µnÍÙ©uڕ&W‹k·‹y\¹®—éªsÙ¸v‡÷²âÛéZ€N@ÅG`ÏeO܍–â)QéBh`íQ° šqnĹauÃꆕ@ -Oд$½Ú¤'ÕGď  Š¢4XÓ°¶£c¢TAÓ¡éÐtD(㘡2¨˜´Ø5)_IÒßhÒ?&cR>SôUÆͯ/.¤ÑBÚ]H; © …f>DzzzÄ1"‘µÙÛl44÷¨µÞZ£¶ ¶G yCF¨ Ô£{‹â‚â•{¹Á xÚQ3Ps¡æJ©i®i¯a¥¸u1«¨$ 9ß|ښ›(u‡WâJI² ¸0Â!‹Ð ¨Ê$Wúa퇵ŸÔÀ†ýâõɓ>aï’>Ñ~å.?Å÷Y+–Ô†«ðʍ]Cî>øûdt¢5 íQÈQi¯MÆwK;‡LõaxÁ5Ê×\#¿F"@ `#WØr @fH´€ÊñßÀ6(ýø÷)}Ìoê‹gq2{6 -¦ôOØ£LÇÐQd yLÊýR†¤ô™iUúÍ*ýWUú‹Uú4”†ã°”y¦+¬Ÿ -ëµa½0¬#ÛC$èÊ,)5!é_¤|BJ¿™‘§š§’§”§¿–§ïÈÓ¿œ'úÍó«+Rº„¤G¤¬’r¾éâú{\ßÀõR®‡uz’btR&eŽ”YBҏO¹ËÝÄyŽ~Lʑ‰ZÁBWˆ$:aàÛVp5è–< ú§<ÄÏÓO©ü¤Ñ›–ïÏ¢£•ªÐ?IòG´’ô‚ÇÀ[À?#Aj€ß´‚{DüOÑÿ8ô7H¾CÄ¿Nêd¿.Z)í¯%ûýÄòoĨ',ÿw0êq◣µü7`=dù÷ƒ^¶üÛ@–!&¸Õ -.äát ñ)"v11“šäˆ#ó6ðêDç -Ë/z•‹âô1Ë»´@Ìò<õ’:9·¼ò"³‰W¦˜G¼rÒYМFÝrò:ɗ찼{E;eÜàÿžNþNÝÖIþ§ó¸¾õPÿH+­^þ›!±\¿âSã ¿ì=Ç/úât½Å‡ýqüq…žæƒXä(bz†ø·ð~¯ôöxáÅ­î -.â'¼üUºÅ÷øϋií¸âõp7øå5Á^¾ÊˆS¸Í 3§ñÞoñå0/‹ÓÊX/_싋©” Gï¾#Î÷Ê©|¥ô¬²”Øé·M¿}—}£}½}}¥}‰}‘=מmŸgÏp¤;<Ž4ÇtÇ4‡Ã¡9T‡â ŽŒøĨ‰C%šG¦ -©Ê¶GB¼õêPðìDg²j¥zm¦W“êueÑÒ¢ê¸}âÉ貢ꨣî«õƒ”þ¨ZTÙ§d]=6¨0í͊¦?V?D(-Þ{0Kpëރ ´::¼‰To̍Þ\‹ë˜¶¦1jó–Í!³Ÿ Í ¥?:cùªòûˆ¦¤,ºó›S4õ7';z¤zm}ôíì†h@4&²ª£«×æ~­~HÙ¡4W”)-‚ê‡èóʎŠ'…>_Þ0Fò•„¡âoI„ÅH¾#ù4&Ãjd¶i~Eù`~~"è]Z)‚°}ޕA[¹|¹ê!LÉ!>™Ë§äˆ0ì‡D2÷ÔdÓ uËdîéD&›'‚ !~C„ –4J¥»÷ŽÛk$¦Ó@ 9ŽAä8ÿf½hc›º®÷Þç÷^^œÄßö{ $þˆÍ’WB>lƒÓWòœÄ¬ e±$ōóÅÇØHƒãN£Ð„N+ƒ B·µ°‘‘ì+ý€)NR¨ RÃl¥ý‘Jm'ub"Ú2 ­Š¶F!Îε£¢jü™´§wι¾çøžsÏǽça|_æ+Ȃ%’2òÿóé®ý„ñdûµ®ÎP·+u…º¢‰<½CL tØíã]×(Þ`<юΔ¶w'®¹ºë]®zûx{ç؝”ÝîªG¡ÍÍãjwýD»Úrµ×·LŽöׅ¿¤ëкêú°X?]¬Žê ?€¦ìQª+Lu…©®Qu4­+¼©‡76g¡Ú–º­:I´ÙPÑGK­UÿÔÚtq<ìŸ-˜Ò ¸¶´rK"ÇU›È ¬•Á•Aʂ꤬<˜Ö-±ÄgvLáW–Xz˜6¸j‘ŒÄÐÎú/ÞX,ÖG!—÷ÅÅô\­£)œX÷µÖ愒PB 5Z߂i8âKO]³ªŸVfÒ£ô+ƒÊ°2¦°ñx L§3NÒæìqö;ÃÎ1'G[›Ï©Ê°ó'‡lÂ}ð„êÓ:ã@á¥?ûâ1ú PȨ“ãr]sЉ:¡ÛÅЙ¯D&@@‹~ø=€¿ü @ƒ¾ øÇ¿˜¤3ÌJfeHÜYO5¶ÈôЙÊÉr_åš$ÐömÚԚ¡¡ ª+E 5UÙA4ÞM~àÏÿø€e*™ÊôâñLÖ¶ÄPLÆ`>‚}Åä>,ÃSw÷ÅdQ  Q9ïŽÅ¸„Ò³1ú·8¥÷á †³˜MwˈGã_ oB›Ê“é Äj’äÍ×”ÍÓÁYŒ¤,Ž>A .AޅŸD¢¬¿¥,(ôŸ* -ª±þ Šr‡Áap‚Ãݳ3ï©,º‹ìš‹à‰Í©²=ŠL¨Zu½dxÙ@žÏ9d Ù':M`U¶ðJžs#‡¹óæ'©’Èü‚¢èAÃ|Í|E9Šà¶xVxˆOV[8ŽX̶BBöï>6„+o=sjƒ#¿aªÇ½~Û øðû؏w—ÖœzéʟÆ¿ü3°¡ lؒ¶! —hJ³ePn#Lp›Ù`@æ{†á,Í¿þo#pÄä³Ú¬F‹ñ>¿ßèó®(#e'º‡R3·ŸntHá}lWixۏRßþ õv -ïv‡>»®|8Z5˜š"›GaîÛqºò ‹s¸]BZ$«ËÊiUP«}‚Zãkð°0&á{9ßØK×êÝ#Ëtoåî´õ™`´J –•ƒ—Ò¸l•J×eçÈZˆ(ƒ6©bß)Úî‡@&™j.ā€ÙñZ”ÄEªÙΔ3Qæ)f„™e8æþ-yG“Ä=ãשÖùO©C•å [&ï×_®(—1va²6eو?b~¾…} ÖB ‹7˜7ØHŠÑÔD{–º¿ –µP’››ŸÄ:Õ(ä#ê!ª'êñÌz4ÎkC=¨ ¢¨>É=… ÁµKќߠôÞjœ_J³ºï¨ëq±«ØYL8‚L8Þ½¬`yAaÙ<:·Ö#J6‰p¡qù؜#kŒŠ±½d2ê-HÊ”¾)*MCié“׸²Ãf5˜ xx…gµÞf­ªô¯ö 2)D~Ø×Úwòûïu\:ð­Ë¡@¯¿¯°¬¼8PR]ï{ÔKNÝÀo -_I}œ:÷âßw;ucüÅö=gpàÆÉX¹ã‘¦ÔÄè&5x̊Ž«fUŒŠ#⬨A¢*’§ÑóˆäMx'|£x9ᜡã,» ÀÿF:¼YaáªÐ}ëˆ@0+dåMáÛ þ˜jÌËÓ©_¹®_wL7¢Óè$Û)ÆsKΕ•Fýü-aˆ®L}6&ËéS¥7brWÌV«Íâð­%>êºÿ›¸ÁaR¶¦Ht5›wç»k5üÅ݃{Ö·›,¯ØK®ý¤Ô^XDóð!ØãiØc!Þ¡>NjڀM\öˆWTIé -­Ö^áã_å9Õþ„¦5ë [«¸+«ÏÐgÒþ<阮3Ú3yWÙ«¶·ÄmŠ³ö;š;6 |‰h$¶À"Y%Ûr‘lZQ»Ü+}U:d´ó¢Dˆ-_ʑ¸\F",'Ú ^x“&7 f‚jΩ°dªÔ=›?(áaiL"ÒSŽ;2‰INaQs÷×ÇMm¦S¿IcJb^5©°©|dWív&j±»t߁:ËŪjn#=¤Ÿ ’i2C®“OH‘Š¦ðÑûù<§d2:Òe¥§…5¿éUjzÇ9R·¹ùAO 3A‘ÞyŽaéȢψ¼¾_:"¿%O9¨g÷_΃’Ľ{"1z‘ɘqøòy!TïògŽ:žã ï¨ôûW3§ÛîÍâvl?µ»kØã–fNþæ/å £wÖâŽo~}]>fSwݸŸxõÀh¼÷üÞ?¶}û/Ϧn®ÑWÐÆ¡ ª| ij¯?²g'rBrñ¢ªä‚B({6ìÔ̸¤dM‰êzg¼³ÞÛÙ<òâ ÐïÚ[öZñù⩲«e×]×ÿCu¹Eu_qü÷»ï}\öî.ì² »îe¹{Ù]`Ñe1FPµ1c#! ±AR…D”²¬0PmZ[\«Æ×dAqEG›NM_N§ií´C,MB:ô/:mSÁž{w-3÷þÎÞÝÙYÎùžÏùåOşäÍ(æ5B0‰Ç -$”¤¦Ç]‚K’téš•ؑÄ'¯xH8RêÅt\ƒ×q3ÊDê¯Ä´j@ ë5€JŽš±9‰‡áyQ¼ˆ.JQEðüÊ&¾þ÷$õ7b$¥8Qú£Rª¸·ü*±ß²SvWTÎǟH¯Îl}ûœv›†Yè Ïv¬˜­Ÿµ•GR *+ŽxF ÃåÉ~9_Vd†c•Œ@Àp‰0EØkH6©Øh(æJñ"Ñ£ÑFªH;”Ð>øÓ{¬µ‡Ãö29P'‡^,9=¤œÐ|}b:{~¿Ö‡Zeùæecý§k«&{â;Ž.üýЖˆìr[w;•PÓwüîEáãë|5'Wïk8ÑÌ|éб–šç_Y<±gtßù•ª§P`Wp¦‘¶šµOx -*½Æ¯ö×lí}Sc¸ºõT׈Dt—8DXš¾( M,8dÆY<Ó–ÃŒÙ$"Æ,2œY„®Ê%6^ÈäyA ž3 h‘ˆÅëøûàŸLø$YÌŽXÆlf®Ã^GɚˆÉ`°Ðø$ý6MÑIü/’WèíeÁ À«) máyWÆc=Ô^¡W¨Â%Íi­(H0a¥Yi¾£ÂZnÕæ@q˜y¥…‹ˆÖF©½gù­~«ÃQ80}mâìü©_?»ç^[ønŠÓ}©Só›4~5‚Þ»Øj$c/ùÂÛê¼Û¼½l/×ëdŽxø“Ÿ¥ŸõÕÊ­¹»Ø®ÜÔa÷áÜÓôyCÂ?å· ?¶HV›=Ëá2aòÒZª¬>F.ã“Ý9¹4ŸÍ°ðôä¸Ï'Û'$Ù´@Nñ}Dݗe0Œ“x9ÊÁ«®Äù„¦cüOбƒŸòCƒügB¢2–µ/!‘%¹ò&ñ1<£glº0/ÕkÙÑ¥= Ёæ©.h ¾F™Bq˜…t!íE -4DìÀT‡¯÷Q}>ˆ£8k1µ2Ûm_óî`wxØú:0Y¼Ì3š‚9î1•/hWÅt׺…æ:l8±¿¶ÿ™—»º·ûÝjdíÓ;ÇF^º¶úâ„:r0Ù:W—nX’–äÒ±Þ=¿_VÄSMÏA-Æ@Ù¨= ¡†]ÆΌ>Ã=eFá8÷ÐÝL·c¿“© -8–ö» -\íÛ$`Ø1á à@ÀæìÈx6b5s2naÁD«±™Ü(DB 5„¡©r¥òo!»d÷ÙKìÄ>lOØy»+øÈ¢<Ã9ö(:*èÕúÙH#~”ËË&.‡£ô? -sƒÍ“ëÍ¥8«"ƒ!å4"9¢|c çÚ|(Ï 7ô™GÑ ¡#geÐüg\×<ŠµÔ–_Å\VæçøÓÇûϝnÍþÖÀ­{ï l¾y[þÝ:Ƕê©èšÚC{µl³"Öü𧇶L^¼øÂ8öLàÕ Ïͯ<°¡áƒªÈ™7.}êƒ.¨~8MŸ….0¡w¯!æáÔ¸=g9›|8E¸ÌÒ!C"bƒ˜N½ß§¦DH)6a$‘¦X巉›¦2išbh‘%«bì}ÌÁÁÝ×ö¢$þîD„M.3;I}Œhê#bFŒÄf=“`Xæõ!2§ó®mÓ:®ç´ –fÃ)z £ç'iñ^a_áúÙ~ŽI &dä8ØWl¯þŠº»P±[h/ùrÔÃV>½ÉÜÎ)n0i[à^ÐÛaЛ Pw“É:X…¢‹¢!u{´;/nŠ›ãîxNŸŽ^È>ë>§Œ›/»¯®«··MwEŒ˜)·AuˆN·"*kñ ~Uܟqe<‰–áµh-^S° E}!ڂZð6jk EmŽîÁ{Õ]…{£CÌçãBŸµÏ6”9äxƒ9.¼n=n;áx3ð–úV4ÉL3¦OÌ33ê̒ /Ôe¨?±„]) ³[eô›äÔ½8Çi‡]ôT€ëP¾v•@,‹%#1ŠÄb‰ØTŒ‰ùoÀ4ô@zÀXâ$Îa'ít•Nâ¤Á¢Ùó9*³Ós)‡® k[ˆ|I8âͳ:!K‘Y?ØqÞӈ 3C¨Ø1éÕìxØQԈ"Ö¢”ÔÓZ×棛v­jG+ïp¦vU{¦”¥µ®)ßÎiGzZâC§êï\8ó³¶K£åÕ{·mc^¼›ìjjŠÇ—mX䥶¾À*êRbcÿ­w:ªGZ®kjúe×旟ûC[OͶÎ]5¥Í‘…ž:Û°ïDwíêò`Ð3Ð çAN¤b3‰îQï±wóî©L3ÓÅö݆Nón±ËÞé^µ ÂPzR`ÕlYÍfi¯Â žÄ[P6&—Õõ0ـLÄQ¶+àœ‘W+O Œ¼ìt"1[#[®"›dóÙh[¿4 -’`Qq•SJeô‘±A ).à Œpà]Á-­ßª\OÊJAAk®2Fþ¡“vT0÷µãdƒxU˜~UwéUÈß]üCƒ9#˖‡¬¶ºTwCfp>¢”ܾ֮ îê«4mƔ\×±iåàúoV;بîÇ î‡)ëƒÃékiLÓ ‡¸íž>wÖ³ÙÁBÂWÀ§éóK¿hgúûÛ;Þ_Êøûü‹ýKVº˜ðCÊË{™uàa4èÌã`'¸“ÆG éLF΀Þ%u™4L9ÃÏîMˈi@g#™ ç®m°Î¦2\G5È°ž7p†þ¾€çO.ü~ƒØáÌãÅJÛQ›h([2È4ÕÕe—–wÌnåíâ‚"`_ÚÜÄut¡®—+Sþ`<¨û‚LН]š‡ç&Ï=äÊÃÆ'#‘EjˆÐ½^DA¡f3ºË±ÂEÐz£@!R¸D.¶¶ÎÏ -µ`)Å ½‰œ%æ-næÌën¼WŸßÙÑÙމõsR-)¤VCöjÈ’ªÃ´ÄÏ»·kt7vy>ÆxážòaèðQIùèpyyj§ Gpó$¤ú/0×Ð;:SmÃpAÓB/ÐÅY/(‹°ÃÀpjO¹=%k­â¨„³¸a*#Ž|­Íž]Jªjkj¢ -âÿ¦Lk2¤ª ƒì6+#ûA¥Œ@ (¡$±¹ž±Ò`¾Ûú’µ6jü®‘U éݗ44ªÁ®y4í‰ø»Nï>TüóÑËÅáËïÁ,|e8µ¼X]ÈÌÌõk0VjdÛ艄ö:™3ǙH™hôõôv®’ð^<.¯>ÿò­ñPR5ñþ„f#µšŸUrû«Kn^,¹š{Ü®åg¤2aâÊé˛¹\é{˸HÖÖ/®çÉ:q3aFÍ;¹Q2jÝ!n÷íçö“½–ýâ47MÞä§Å÷¸Sä]ï)ñ¯ÜYòw…\oq7É-ï-1jäºä£ì‹nðŠ¢Çh.ŒSp+ì›`ß"rÄOD'h!6ËF ´ÎlΣ“Š‰6„DŸ÷¥ËÃI¥Â@8lw8 £Á“‡·#GŸA‡ÌŠ%â½"óèšbö+æ>ó?ÍØüKÿ#;µüíæi̺xUǪ̀…~èxƒŠœB˨¹¤dF̵®È¨nۉˆ HÞúÿq”l;ѶЯ&m¾Š8D5M@õÓHR`7B:J5ݖ#üJá_+‚s¾QÌfÝò\øQ<ÛÎ×÷LX^Ãî£GXtŠ½òviŸtNfý)%՗ZƒÖàUºUúUìªøfý&~“°Q–6Õl ÿPÿ”ð”¸KIŠ}ûLº-¹—8Ÿ` ‰Opªd `& -’Ÿ„ƒ³š¢2® †“I£cVØét Ú°Š”g¨’SaŸJj&£š‘‰ÖtBN´uhV±Qÿ•X&Æ=ȓe"¾¦hz´'­ -U´ö¼Èœg0£:ËL–` ŸT¦œQBQ}e%ÊF+8NM&:)–9‚²œ_rÏ7§~πX ]”SÐB‰´ôÌPìr‘\[ÿ4¨Ã÷\43³Œ¦ã¡C3À†JtŒvµâÌhE…ö’dŒD´Â’Ž%ªÂ.²¼à^_-Qš(W‡]Õ2Œ±u2¬«eœ€u2®fÉ0®«•AÈ”X“2UJ´´üUS$-4ï ¡ÜWtPKÄZ_HÊõ4‘[TNQ• P&§úC-Ãkl›µÜ™*¯cñøÓ«G>¾X‘³!§·¦GF ^Z³çùïž­lÞýì¢ã¯¯íÎM[z|×Ü~ýN̬xòáél¨¡j뻁hÈ%M=öÍ_p,ÛúƒžÇ^vÜù¶ppKïîû ÚsÁ—Ÿè8š«%ˆ”ŒQŒÁŠá˜o·W<È´妬å‘®nÃOØ·8žÆ;ð~ ¿ØÌ o'^†u1±H”c@Ý$ |²î£þ}º°Ã<úxÒy@’ÇéÉ]¦LȔÇ1%f3¢1!¬'c¿µ@Ÿ¥Õ‚,¼Bhlñ» çò¹Kƒ‡«+´vÆÜ"C=”N |1”£„"§2¸Ü—Zg®Ý )GUL'µãýÝÕÛÄu‡ï½³Ïç¿9ŸÿžÏöùÝål'ŽãKr1+qÈ¡Ek²-ÍÔM°Q¶®T8a¤Ðj -•º¦0&"­T0©[Û©Ú¨Jǟya…°i•XËFm×­™ÔMeÀÆ(ƒªÅÎÞ{I -tª¬{~º{—Èß÷û¾ßïK…dÎãÐciw:¬s²3ÏxBxá%{¸"Þ<™²Á­3öÈðhtÒ¦ ‹"œMK‘($֓™›0·Èöº¢,ùǏÆÿôíÑK{ûÝVe}íòÑڋ¿Üqt½üý]¢Œ¹íÔÚþpd{íì¹JíÊÄðóÁÃÏ8uãU0pte8 dªÕp—ÜŠÝ)ŒÓkÝë–݉DžÝ‚}T Ž {{C'哉³õ‹ÁD’u„Àxì‰$Ìòœ"ãùÁ¡È^¤E¤d}>/”²á0ÃÇK}"˜‹4†h‰v±2û×#CñNhqIW»¥”ÊÚ>mFc5¡jŒP5F(ܲ}är–íenÌ1Æo³oãv9vñ¼Ãål„äñT@Úòò²#¡È¤rBr§Á.s>ê´IEN#-הuñ›B a\#yFK3Y! ³xÆÒ3™4 GøL.»ŸiLƒ£g'Î ŽS ÏŽÓ{Øjf|”"eÃG)ò©É¥(Ao&(E‰Éæÿ£è*f¨„{ú0ͨ˜Ÿ á.Ž]±T-ѐJ3*&C¸t‘ª ß-ƒõ€½ø‰ÚüZ3Ô4?N™Xm¡[\lŽ®yž¹~OŸW×A¦gùu¯+Õd´T§ŒtÔëRpE°ÿñj±žû¾i‡Õ «6ÖÚûîÒkƒ_G’Õõ–ÔÃ솹}íÍÕ÷f _+±7ý{“ †¬—mE3”2±,¢‚SE«¸¦¸…/GËҖƉè„t z@rç £îq7-6Çú‹åâNÛ ¶™¢ÍÃ>îž.²+yÌKô}U$¬i&u«ƒÔ­ÀAIANrä¤ê÷÷‹"¬ûDH”6&Ί6ÑFرÜÞ=DåVXnW©? êÒJâ¶yÙȟI äyúÎöu;æ¹Âò©^Ër”*Êæ -S’°àkóš2S9‡ÀëÙLC¦1Ãrܶꐿ¤ÁïȹòŒWːòu0Î —nݗgn‹,s†‡Û¤QÛÃ,¦È@6ç{~Ò|ÚQˆ¤Þw-j‚Øüh*¡Glç1í[ÕªãÃO½¿mÕÎn¥ûóÐ+ݝnšÙ^{èµ½ƒë¾ûÕ»¶nüL ³Øö}nó©þýëÚôî´žX߅ÒiS°¶vÉâ/_?øìoîÿb´!¤µaæ‰7>•ÚšË¿èµhŒ^™½v˜0¢›•Ù–H¶&­}“Rdð+@n€J¹S©^ÔÊì{ŒJª±n玾šðUÀW3ãÁ«_]ø*áDâîdêë›;asÜ™®Í!§pü¸x‘. @ lúTŽ|ÿ%7Ýbädk¸Ü»¯÷tïL¯-Ð;·Šýx qŹ‘ª*r©¦"7#µG‘— *² iE–‘¦+riíŠÜ‰4Œ€V_//éìt»]°9ŸÇe^ ¨ÐRÁ9¤TC-«ûÔÓêŒÊ©˜²bBïšÞé^6Õ z{tµ½ß\cBsrÅÚw¢¹Ï -WG°”„ájÕÒ͙æ¬`a†ÁƒúPñü¦¶ià:ø¤øѧÛÁü+à98Š} gp¹aäRlM†Qý•ñ…´TÝAµTÎ[~{0ˆ¸í¿ûƜ1D„îu7vßt ðtík·xÆ·#žÑ†[ë\9 -sÂڈ,B8¢¥ƒ¬l»„Öú×yE†H*²ˆTI‘ҜŠìGšèÇFÍG%HªFâI•H6òª¤:Ëü6~†ggy`ðýüž]ÍOó§y–·‘c<­@¾2ûÁ!ò.ÞÔ¬ù×üÚTmC3ˆ5P?ZƒØitABÊݘ jÓXôÃ#ó^M zŽ²êŸ‚ëpË' Ã RHõÛü”ìoâ5¶¶?\<îšòò2@´õ4ã,Â{à}pÜnMÀ½ÖAï!ßTÛÔ²7¼oµzE7`}ƒöÖï2㭓Ì~°Ï÷z+ïÆs2ířô62:(8»œ}ΝÌ+æÛ̳Îé–Üh‡mÖR«¿ç'àøœuqXzŠy‡9 ÎÂ7Ù Ìpü×uÙsÅ ·…M³Õ0À^æIïS­»MçKqZ êÔd)Ù³<Ą è36 Kr”‹ò i9ӑÄ>ª¿¥ ÉSԈBµ$[wp^‡Ì‘.‹Ô‚"g‘Zêî”Kv›M¶×Ñ®«(riæb¹0ŒêóñèÚÍ0xÒ0Ì a˜ ðšÝöƒé6m‹½zÜ®ÿ^5°M\wüýßÙñ±}¾Ø¾³Ï‰ïÎßI|w8à|à£i, Ðè€P¬ XÚҒ¤á3ëU ›h¥j£í¦ŒUV%„•L*Õ:* MSÇG¥1©t u«]Kâì½sR ª´$wïÿÎÒ)~ÿÿïËa³¹»ÝçÝ؝°Yl¶@ x\hinN¥’­MMétâxRàù²2k[í-/[ܺ®Y¬Ðmëžo”®.<à‚.páύZÍc:*©S!< -{:3bobºjøÑÇÎA‹Dƒ³AtÖZSÕKâ¨É¢,Qì<[*§ZØû¿¥ 9¡‚FΊü¹ÝjÍóì;dè* –hü8Qhº<´é$„LÌ1êém[c8´ºÌBí‘L›¥ÐY¨i[·Æp6 -WÞ)ùrÙ±éë£lÎ`Ý9 Z7âÎ!òdÄ܍°t7~’,%š'n “†âñ à ј‰3 ÿ—Ò½óÐ<3¨Ògnl+³áp§ÿW«§ú›ê*Šµ&dÔ©ß>@M¨ZmDðm…ô±:Ok—t- œÆÿ*zú;Ëâñ¤ $êáÅŽ‡Ü "”˜ÝØX\_±Ø'RU|”¸Ë@~‘ï,A]šøù3u:aˆ,bABÊjü¼I¯JG¥³R9(cpÀ¨solü^W… ×3²˜'z[gDd娑Ž Ä ¿‡½,G1c'°ÛŒÇð;†øºxäp8ÍQqšOæ¨8‡åõ…ûæ»ÄVwîÐ\DcÑGJVT_{‰¾ÏÈçbFbÉág-?–ûî}\·*î7Ϧͫ%¶<»gÃO¿×Ûmŗâó¥>æivâPmìœ<¾2â÷©[K\Tö)9Þ3nzp#;ïºRž´§Ú¢Û¸VhÕ:…-Ð%<£íÂkÚEáªpn .—N¾L_¤3B£¾X`zRHèL™`Õyž©Ai²kFM|Nh6èùìòlڅ¶ ;ƒ}úÚ/¼ ¿ŠêGÑaýPöDö}þ=a<û!E¸”ào ·‚׳wÑügz| ´ó‹´µÐɯҞâwß.èè7„º›0…CV¤ˆ’Õdâ“ìr”5³•l2µé|H" -¥ºæÓ^× 4ò¿ó¡`Ç»!]O¦ìúÄ5U‘$ù|B¦Z|].“‡,dÓW¸Xäñ.žkŠ4é%uN$æÞ-Ђ¨ŽV$ wÉ@H{sƒvµÆJ!m'¦…pßO…ï!.PÀŠë+ÏCéÆæÁ›X.‡ìBŽ›¾tšÏñº/GàYƒJW'“M\>ŒJjÐp| Ì¢©;b|…^Lé«bŸ»c% À?á#ÐVÇáø -mj\_ LýDzurÛó‘êx¼^êe¶­MU&ã÷®YÌíäЗ ÝûѹéÓ·H"[Š’ð;£cˆîEl,oxW‰!‰3ó+vT¼‚ÿŠ§±­BQ8–:\E¦Wah_£>Ú×(Çyc…S|§„¾nx’ÇÁépCvÎÁ˜ý(çVz½«³Ë°„ÎÞò’æ°³6ƒ£zìpš°›ÁæŒ4Hi8”¾žÆé -}…_–uÆ’L÷oF0…†1§™ ‚©õ¯Ï¢¶ä2h»{zkLÛAꏩ_Ηz=11Xj3âr3[lc[æê¨@é9åà‚\ò(Ç-GßྍÖr[ÐSÜ.î'pކÓÜEø¸O0ÐäՉzj ‡ŒÄY„§œªâò˜|‡S„ÍI„¼9J†Êçh92³ˆæ2̏Jˈ‡Ëq.‡Y?¹‚9}.Ìɑ×\*-ÿ=íËaÃ;Ëù”ôÍ:U¨À¡ªÈUF¿:e Jý"t3­tbà2¥Øä÷ÅÄr2Xtš[›+›­K'mŒ{vTîí·<:ù›/çÍÇj+£%Ó³î°>Ê‘ˆNsrGlGGYËvØi„}6K›Ý•BŒ?UæZ"ŒÆ`Ä°ŒÄèŒÁX™öJÚßP¾Aª4*q¥·…uHìqDØÑÞ¸Ál`¡wÙÄ2¶§æ.-ˆMÌO˜Ö0 ¢'>'JT$ÜåÞ AȀÏFª€•T¬Ó• &7ÎîÏ ÞBnVÍn`¢,^Éô>¯‘'‡åe©wä¼l2'À{Š»Š·‹7‹{><ÿÙè³û±/üÝT·ú£°m§p&öëÔ5ñZøj¬,˜dÕT"Ï%›Sºº6ùd²[P缋 N‡; ^­GRð‡ØþjìJòrêv¬,lD+Sv7¥R"¢MŽ¢õËQT)ÕVW¦òÑåQÚüÕ©@Àí6;‡BlH¡î5Ô®Ò,È7  õ„Š¦Ž«—TF­S Á”B0ÛD›Û|è6õÑ=œQÇ`û)yý†¯ø¨¼–µ0$˜Ì?Ds™è4ó;A̓V˜ “+)(ij8–æÃB<•Hó‰:ˆ…É-¬®ƒ¸­C3ÍÛ½µ?N¢A¡Ÿh³E©’šI #(iì6 P/ôR8Ö| ÃRhdÉYøhdHÌ°POxW±ÁáIJú©·‰>ûD¢ÏðïÑ?½tí÷s{6|³²ëà’½×­ÀýÅ­¢Ïó#}ÌfZuŒì:|ɽØéüùÀšƒ¤óQ’ºHçS¨cc$&Ð㊛‡6¨÷BâBôB†iý2ƒ…¯nŠ1pÄñÅh lÁ[býЏŸ‹<'mSvć`Pz%s ŽÅÏ$Îe¦cþ2i/ü0¶7ùZìð>{3s>sYÿ$3qq(!Ì¥Hwç6©Mú¦Ø“š³ÚŽÃaðGD¬ xJD$ÿ¹Iò‹ˆa9jàÚx,¦`ða ÿã»Üc£80¾3·Ïۻݽ×ÞË·{ëó=×¾[ûø.`¯”B 8ب`LJ©H)Tؖ‰F.(¤q“V -¤iJ]©¥)и'@ E…$¥R$ªöÔ? -T)MÕ¸qTWjElwfÎ$}Hµt;s{g¾ù¾ß×2 ãËe_á°&‚øçr -×Çíà‡¹ãä¨ètSi±åŽL,ÖeIBõ…÷˜E·•ñ`¯í-SÆiö¢0†Æ9¥ìÊHåzÅQ)ñDQ¶P5M¬¦BCM…5­„öܜ‚äT+˜˜ÎÃeî‰o5ZAosRa&~Ùn…°ÞÚÚµ„žlKŠ ]C—|sk‘J´XñŽ" L¤'@Ɛ¦ÆHÔ_ ’ˆ¿]˜¿ç_÷W3˜ÏýĨÑtþœRµY3h82ŠyÓ4 @¤öÿ¤Èa^+bDZdv/½¸T.ÆݚҔê)Qh½ñëç^~„v<»ïÓ5¾&áí«ÇÕv¯C–ÿOivŸúÚÄlj鉧·¹à àä“Žùp¯=¸|›fkw­vØû½V ŠJ¦3T–1{A/<µY°Î¾^é¬DQz84Ž GYÆÍHTîJÇÝãÒãòˆ6¢F¬gø§ÅI÷¤ô”!O¥/§ÿ‘bWK(¢ Ñ¬ëѰќӣÀHøôhÈH Jˆr -&3n!‡ºÁ'gñª¡ÉRȯ`7ExÛUåm„—¼ÅCÕ -Ûã÷ãì!9Äâã»çI EÈ/ýBwY±ÀˆuÜ:cݲhK“ÍŒ“ÍŒ“ÍŒ7{½|`ŸøHvù$üšOïù……Ï{îd“6!"Íì0"7ñ¹&ÑÕ(”7ïŸYÅ££›22NO³‘0 +'ÓÉ)ÞF)ž”+ÛD§¡$Û¨Œ˜Ä4 ÈAEÎá3ŠÎ"5Š,øŒüý,ɝʚ/~rþVÈñ>¸Uì3›ç®ýþŽ_û`n(õ·„c=ÏíþæoD‰Ã¤“ÉûõÑÅß]»ýÒԓ‡Þ‰MÉd¹elq¦÷Ú؆ñs7`ò@¼éÀ‹ÚÀkøtAïY§ÌêpÂûû·U¦¸gxSÒ¡ÊI$ -ÝÞj·²xýúPh·¢¨*Py±zJ„&B„&Þ(–Kdl-Ñ>O”þ潫ÏŽ‹Á ¡ŸGÎÿä˜SáéÈ%æ<{C5ö{Šûià„Êü;,öN©‡ æ±ÀÃÁqz¿ó Á ª[ƒ}Æ#ìcó7À?äÜ. Ûè£ú[™/±LÜ(ѝuÔ“d³\†Ï2*ƒÓ°ŒÆuƒ™añ?e7Q’wª5§:T΍ÿŨ„rœãu âóWW¯^½Š(·Ž\»ZÚ~ŠQJ(QYâћõ Õg—'mÊ±qžã ù 0,‹\VƒèYP—fQc…»Aü“¥Úêau^¥Õ­€è œ ̘x`G`$p0@fá_ÎǍ=φ°yÔà õêTh¥é®ždفÆ™˜(E0ýïuÙÆhýó?B4ˆ¨Ç°å ΐ·*ÛÞ*Û«Råy_aãó¾ª3ãÃwoÌÈÕ{mkq°ZžÀ&”Fbdq:Ђt™ym}²œ]J'—è´~  æ¶wæÁ° µµŒ‹éIºöGî~ƒ>2è×L2)ä[:¾òéžñ¶XYD¦€(º|››@ -¬:´†öÎ  3›ò{úlÙ[…iØ$XQZôB‘§ -H†Áj7âgR ¬›sñNs:-¶Êy¥¯êB("/”ÐxMh´?D“ŠP.lèm M±ÿb¼üc£6Ï8î×ç󏳓ø|¿|öýðùr¶“;Ÿ}\ΗÀù -Ò ’RX- èÂ֎PÖ JH…¦)•V­l‚I[«UP‚*uƒ,MáŸHk·N€´ý±‰J¨›4¡1‰U‚‘cïë;X¶iÒlÝûø}ýÞ+ù}ŸÏó<ß<]` ÎR—Ümè¥>ґzìµäjjˆ]'o"G¨zK`„‘FìM¥=ä.êvL“¿Už &È j"p€=Ä’ȇ”—­ãÄ[ô›‰7¬7ìéÒ÷©Óì;¡wÄÓÒ)ù¤ñë¤}Ž>ϜgÏKçä™ÄùäÖEê"ýq`^šµmߥï²÷“w•'ƬÝöXiš!*ò ©½éo›Änj7=Æø†˜õéuƐEl‘Ÿ±ž²}ÃÔ0½•õ€eV"ju'ºÒ%Êa™–×'1¡¿*ÛL‚`ƒÍ•šbK;º€Üúý€çøÈõ½‚¹~I$h† $`ݕJÑ AIa9dX]²!pp=¥ÉºSªÈÎüƒñ‹2PæìuÃ6M)˪2œ-K‰DŠ 9V’¦UÛ -Û¶U") -½IØ%Ø-…Ý0 ¸Äp6 iŠéÿ y¦Ïì‚Û[B!¦êW3í»4Yz»äÛPÚQ-{¥Û%ºôgúOÌFVþ…Ä^ÂL÷\Ö冹«œû Ú?ób´¯¶ÝºçoŠüâO¤ä¿|¤K<Ó$oªýp“¼=Ї—°ø¿a\ÚR|û oŠ@Œ>äÆüQՆ F´­–BbÃ&- -l͛€DÉQ[8¶ˆl¦ɐ®kÍ{É`‹Ól/u¸÷±T8ßxÝhü¶q¥³ñ¢É…×ôƒ¯ÄÞJ°_ -Tq¡x<ԅó•/$£Ú -H°Ö“=öË¾÷L<$¦år9[ÍY¤ð©—ž]¦…Úš„C]壋iü/¯Ú1ƒn÷¨îÀ0ÿGêš¯ÐÊ(A‚eÈô,Y]näܼÌ`EB‹Wp Ó$Õà…\ÐK3üýG€óƒ -ÎhUpûnÆ/À|Ãmïp,>ìðu7ïÖ}uäßKg{&°ÁWÔñü+æÔÓÙ³à,?“™Qg²gÍërörî²v©2WûœÿLþLùÜY¨_®+wÙÛõ„`ñŠ *y£hY+x[°•þLŸnç×bmVWêvýjø• ¾c¾jÏO[ĪünKÆÇdãÙèÊZ}HZ¥“B¸:‹»3g2gŠD‹@•ênWP+âA,S$äÚ -Y"%m…¬U4„¡‡`Ë Mx˜ƒ†ŠŠ̌bñjW…L¡Fò”LJ -\E7 a­*;~@Èþ¸ ÊqME«ZË助ò¼ -Ì0&Œœ‚m¥b…Å*f‚á5@u*è@¸“¤Ÿ«ZPb*ÀρQ0~À pÀ<~ÏíX­<­ìR|Ê2L}OÅÕyü—sný‡Áº³ J!˜Ââ„Z/²4…GR{ ©ÿ Ÿ¥m¼ CØ6XE_€;Á@(}«Fæ,Ð¥Z+}Pë  -{OfW~¯5ZGÚæÀ<æQÖñ¼¾§‚w‹°,ßæà0º!ÎɊ¬S„¿ìº¨£ÙQ4¾0uT#Š2㍠Q' Í눼€^ÞvYÁ1iÁQÁ©ÀE.t8zÓ0“B£4M¾iVþ{z}ta^ë}ËXæ÷-‡Å¬õt@9÷ÑØr–dâP¨9«9‚$o5È|yëâ¥j""3”ýeã¦)ô­o¤Ë¹•ãë€Ûøû‹§vâû‡ûí«ëqÅuà §³oëFü¯'gwÀ X&ŠÅ‚kÁs“U=¢tûr9?/< N‚©wwž¯˜È­mü”úŒH„êˆ=¹q‚ÜÏxºâú¬‚W¡Ÿ«õºövq{|Ø& -±C±ƒÚAýDlZ'ãþ8‰cv„ŠŠ=lûý~øF'2˜:)Cï4rEÛ~¸öS`„Úš1†íýä~j¿±¿{ܞ“ä1ê˜1Ù=i¿Ûý>xÏþ4y=yÃVŽ“SԔá.ƒ¦ LkŠœÆŒ¢Œ5¥aJLÊ©NMŒÅ Ì C÷§há¡ê좳 ʦ J×Dš–N§”ŒEçܛE>Üñd zp;<%¨º4ƒ{2Ž}ì)Éí‚ÐÖ«è¶îêÃú¸>©¿­Sú<~ꢅ ‰ów¶å%¨1$±¥4–rƒúM­Rh¥ 8-€òKi>7ƒÏlU«ê8t-/íìۇAÑ^…O0? -£` Lƒ¹0‡êBdCÿœs"ÇE%¡—]`úEŠÜò¿r”*WÁï%i×ƁÆ' mcaq)ÔÆ[YO„5|uÊÚ°È 0ì냹¦øµ¯/.6>|(WA¯ìZ– är…BçöÆøéöb¢Ç0|pË7íû[†­ð 6ó‹«Ô\´Û5LD¦Š9šeñÍ9Oæ0®ÜdVÀ7—£h -ìÿÑ£etxtdeonÙ¡Å3Á @?ùÛÅ:Äâ^Ñg‰GE\<1A_l¸8üìqsÒÄÍ^¸oó¾ÇÝ ÁL`Žæ°rÇõôÀ¿O€Ü\þ'×UÛÆUÇß»¯gûÎöùëâ8gß]œs>.‰“Öùp’.îœ5]¶64iKñjuS‹Ð†bWTt áҕ*í>¦UmGb•hÖïn <Ö­]!R™Ð(ˆj -6Œ‚h§J% ÿwÎVå{ïÏïù½w÷ûø¿7ðԀL:£'LÍ,™3&—1L¦dbS¦Ì7˜,"(i –]À;2±ºdº“dÐÓÛÝËN‡ËÁF½^Ï]bZG¾h@Eþ€Ws«¸>ÞϧUÔëHé¸+%úUYŞz(ú„•R -´‚¾VKK˞={€™ÀP\("ênƒ~Û,DÏog:a§íԊd»:çI÷èê2”©:͈Dp']L×À¥R´GD8ىéž&Z» vAí„Ú™FÿgC›aŸ&ˆo¼>ѕ¢Fô×!T¬¶u¯\Q£Ô(!p)å{B´½ÑGm jå -føنîU[¿kþõ?6Žš &™0“³Gž\߯ú]5^Y - LmïìÃßošì}øé'|µßúr¶sèk“ ÓÛëë[ûÚW¤Ú&gšµû­}Ÿ¼»·?Hܽ‡†^À¹ÚÖ|zíV`þÒÝ¥yö"ÿRP~¯Êü×bxbìǓ^=¬¶xp måé-‡?ÖÕÕÄ||ñ_¿½õ½R_{ö¥µ9>µØ´ø§+¯üröuAÈQֆFÀ= |û”ƒÃŸú$Š A¢lÓë$ycÊ` x$g)žŒ((þ™@™€àê9ê(ÑN$äÛÊ ^ªØ@™»DâSÝÙҖBqúöjÜyF làÆùqaÙT·I%;ø]| •Œ3p ¹¦ßDá=xO†'Ô­ñ|8¯î -Õþç3¾™ð+ø8s2~¿‰/“˵wÌ«ê·pX`Füýµƒz)¾'>ÿ|é&ÒáÒ@0PQî\䍒Á C6tcÌ ûš1Ž³FÙ¸fÜ4 ·±=ú{/+¦“DiæLÓ*ÓëOÃ&Eã7š„G¥ç%FJʨePM¡4‹Êè&rÒ½º3²7ŒEð‘Ž\ÀRÆ¿ `$Ȃ.t²õًÌw ¬ba]%W,,róV–5X©léž÷/SÌ5}4º3ʾ=.lnôööâ^\ÈQØ l*H§ë@÷ÎÒ¼,§11¿ï±UŸ;6½m}O -ñì[Xøà:ö<¿.‘L„vi±‘mǎßͶï†Ý-Ís<(”†Ú˜‡–±•Hf(²š…° *G`6ؐUlÁRDÊ’âI—(Ðt»7´ÞÉؐÔÃt„®¾ÎþE©QÃ]TóSé’§‡™‘ /®µ•µ3ª\I¸ðr†qò‹² NÈ1>•¯ÏûaÒE–¥CÕ©(ÎDóQ&ª‰ð7¢bk˜ÂQÁ‚i­s^/” ý…$›í>öæ„ AH¶Ûª6gUÅÍ*ÏÁ)‡.&—›¬€²À7.¢äRùôðp*I)r¿ÕžÊ'Ÿâžâp¥äÉd9I2ÉR’AI¥%dMðŽ Ö!BÖ¬'{\îI׸Ÿ´M’rrÁbtéÆë€v\ð}TDßîz\R?‚Žè¯’‹ä1á4J«ý±ÀP(Ú¨¬VcÑ! †‰\kÈ~jZ+nmÕXQC¢!é4Áð‡òJI9©°š2£0ÊGÍc¬õtS{ŠÖ燻„l{ö›U}„,c±˜X ÈÞA+Te[‘|O&# ‹s4š G³Ž,Š&b긅oµ…W%1×Kø.àb!þ î\5b?q×=e¬Úq ïòµ3Ÿa˜¹œ-ºyç­Ý£ ˍ}m^C©k?YhMnz`Ëìã[v¬Yu÷í·ñ𺟶…òîcê/^x_šJ~éÊÕߢ½ggQEÙo,#ºÉ¡€ßI^€ òؕÇLO¨#ƒ°ÒÀ $CÊÖJd|>DH¬3}™0„þLG[]¡á.,½o€àêyÊ®Sma 4 ˆ¢*—ËÙ°;NΕï™q4TBGAŽXÝV'¶ºˆêŒ:I¦BX&:™%,"yHŽ|—{™;űt*[£LLP8ƒZ öICØ-Àžî*85A“Ç£Åþ×­¹kÔÅs—r9k…½VX)…{¦Ö¿5œ«Í£|ð}–¯ÕUHÓÔ´’QÓ]•+;’rhÔ"4bM)»y¼¥=U'Ô:7Q¶Ö|!¼%B0ëˆÓ!ñ¡…iæa¿t@Þýs"|6ð;æÞ?Ê·˜³žäS°»iç›äŠw€Ó÷Ó ë¤<€'#ÝÎ5Ì°sTÛÀlpncŠÌt`ºö‡ãÎãÿ¥ºúc›¸îø½;û|¾8çóÅ?cÇöŸĹÄ!¶c‡I`™CH€´$xQAš:iJbV!M¤eŒ±NJÄÔuAé?eS÷GSjZS‰’MS»fD›4uZ¨„:i%뚶öý>›©sr÷}ï{ï½»{÷ý~?ŸX®XWÄß²eoÛî‹NaÃBˆ…C‹{·›¶bá-ß39™”Û…Ú¤ä•#®S®e×-—ÉåòÿÑDà n€˜¢6¡ùÐRò¸Çßðü"–wܟ·»ÉŒû”{Á͹ï;óI ‹›„[' †o"¬·^xMr™˜sW\»¡¤$C“8F’¥°Äݓˆ„Ob…½”‚uæ`dkiËܘMàù2MC*YvÀ'®=ã® ò   †L1¹37E&*NÄû}—/O\™{f¢7ôtC¡h‡¸Ëíݺ4¿­=‰>Íê;÷îñA=̨ßijêú֟ú‡ ü˜'îáþœ|óuf’{ÙxAq½]ÊrŒ.—Øm'²LßÁx1l*ôŒ–fzŽGgK ¦óiÏ÷½ ™í<½{aø£/y^ò.VMWÍOÅû^ú½áÕÒFévé^ÉßvuËg6T2ÿB(f ~ÆÍeÕ¢Ÿñ (Ù.5ÚD«µ©Éiæ5¢hÕGŸTÀ! ?‡ÓV@k4( …eíuíºÆiUrñÊDrÄ 5q¬²¬¾®^W9µ>‡Z˜¢ÂXûX$E¼E\ÅvLâ˜“8«D0šfrJ€†–2üÒ¨r]†ÍW;}dÌ7ïc}×Ø?0<$×Ó—DÞâÛOö··ÛGÞåR€wA8ç™.e„ä™I-¤–S\ʋøš²aJ¤2ùn~œŒã»5B¶BãýŠì¤O*8÷ ±i\ ÅIœÆ §9½'£ñÙøj|#nŠK8.ݯ`ÊCã#~<\J•ŒÒ+°çæN 4ØÒ%iá§{È'íé -»‰Ý=ë¾ Å¾úè ÁóÜ6$núŒî*{ÍhZ*BWŠãØ1Ž0œÌ±n¥¯%M-¬Êáí‘&cãm|Gî™Ã¥wÈs ëÄ7Îy“ɘPË7Ë[´±™,ߑ“sh'YÆꟜ“ïwA+oÖAaë3„ˆ‚¼YFÕ;ÇÃ`@‰ÊMõ–ÊN”ïo)K¢G»¥§Œ‰çr ‚þiƝ>Ô»;’ ´x¼ÄÕ¶wuw¥»8~Wt4Ú¡µEŸÒÆ$°#`†3#a¦ŸÂÌæB€ÓǴäx˜ z÷ȓ±CòÔ¡–^? ÷ï`övÃd¸˜Éì@êøNS_€ìëÜ`&ö‡™ÝžCDîKâã=>Ñlÿ߯ ¤<…`7G¡Í;dˆÑŒ¬ä; ÞP¨~š$Q  Xw°X‡ZëŠGæé¡ô -ʪLÄT¶‡Î"Û`…¯L:%üW{Ðό^åôôo’Ǜ9{ò»¹µW¿ÖRSÙß?15óíŸÿç×g†ˑt2O\Åcƒé±½Oïî~ø¯ÎTï±k•_u§/|Jö%~2ùÃ5ÃÌ[=Í¢™šËÍ;a‹‰3[gÌ=h{ÖëÕú­GC]¡Öo²gOœ¼x¨¿|rùpÿ—ÏwOh©ÈÎSCi·Û Ï4Bqú'¨¹,»PÇƖœ‰+‹‘¡è`ßی/ˆ5šиmP…ç•0H½QDË:¢j:Ӊj²ÙØ'Uº†ª{q ½úèßôBãA/ès w ;eºžN@…íj848âpĘ4¯=cXan&ËÄ-í& „ug'jA@Ý»w!(ëz’VyíÆvy-Yó¬ƒ@\ûŠ6œH+˜’z†;ÆÒ°(.鈉~E -¹"…eÑK]^êòR—×›ë!*u«Ô­R· -osVh|QÁ Ðøòm¼¦ë¹ž:jSЮ·×‘tÁ[€Œ\wм‚ ö9£-#榁7Û5{t>·˜3­äVs9.ɓ±Ütn]FŽ„o"è¨rvñMOcÅmb"([ÕD0Zå$££5ëؕfI8–eè[­r8dÑçXE²"»8+.‹7E“ˆEJÓ5ÒÒÇôi}V7Íë‹:»¢@,}UßÐMútÏ%P‡ò$”È,·jp3ޥϑÏSaˆ›OK…³9`xÍ ˜}bš--ϐ´ çẾâ•DˆF<Æ4D¬v×±ºÀšŠCÞB¥!x·÷d;A1’‘™ví›õ7IbÊxø_®«5¶më -óReIW"iÊ&)Û"eӖ-v”ãږ+Õ8v›ª‰×DNŒÍ­Û= -ìÇÀ€aÙÖìWþ ‰Š¢Ð ˆC±?kÝ4q± 5Š ؏¹È°­{`‚nÈڦƂ!-Š®QvΡ”¦%¤{¼ßùÎwîëöÇc!kvl××öw—æš»÷ ¦ ÙJw’¬+|úÖßÝ·øEÿÍ_±>ÇÉ +Øì-Llö=êYŽ£Å¦C{‚ìQY^†"þďyEp ô#œ»÷DÖ@$g DvV3BQˆ Äå`\%àG1 Än0^¿€££ £Íø`¼u¾ånWÛîöÆËämö&x€~0{,û„ácàÃ+“HÉ¢"¿ˆ H’jð õíeåÍ •%¸p¦{ 1Öö„„M>¥×9ÿÐC-£Z ß,¥º/1AZ—D|¨ Øفˆ†ÛûÀïÙѨ3˜ Hˆûùî,ðŸüZ..ä ÞåAŽ ïþæve{™ò‘–+˜ ‡­8«NÃYwn8aÛYpD æøøÕÓ»ƒúscA=8Dµï™é pmÿ@b4Ón‘3«v&;ËM®5`+%Aà­+ֈ²h cðÆÞI¬|¹2ú:ç 3á¾[2°-=µ{¢a°ƒ­«FÃX7naccpãgäøÚ;èzw™ -‘¶¦´œ¶@}™­ÖÇ[²âˆv×ë\×£ù™™|¾<ósWµ¹w¯×dÒ}#I– -ŸÆŽr>?ÓÌÞ²Kät¹Îö۔UA¼ý¥æ;>¨e—Z<Ñ( Ò,<¿›ç‘ ÉhÁójžñµŸ¶c؜°6o7i -ïÑ0þNS,œÅ)– æ¯|@>öô¾®…í²õÛ-Xºn˜îeÈ].ü4Í$“¹ø¥+ÅɄ»ôç» nÃ}>ù|ÿº+ÙpsÒ )ÐrÅ ¥;Grv5—™5qKR]KGóf¯=Ê#=›,é'Aàx²|NcÚ&{Ò/çƒcöç'Cž«ëi8ßµ„ÚNB­cY ›É6[±×ívȶqˆ½yû}Èa€½‘wŸÅ3wÜ$%V~XA)V> ìûÊ쵇oÂéƒØ‚øT©~ö‚´Ý{žð¶³¶¤A–T’R]nI lI*}™¤Ü?Ô'[},“ìE•ÃÚù „ H`>˜–…éKϽŸÁ͈[.»“¿]ÿÂÑ]Ùt¯úxÖðz>AÏêλå¦ýñW¯ÿëþÁÁñDäÈБ§ÅýÄÍ‚˜  -BÞ+†^máÇMSø7©´9B@¥’Q -ˆ€,A¼MAÃw‘0•ó,֒D” â¿×ƒàòÚ:Ák뙣é+Ô¤0ÕêŽéé¡zJö_Z&{]S¤¦ŠÂ°ÉéÕ8@òB”'Þ¡·^ŒIpBîŽÛ·Ü­­-”ºwÉwë2°&à\W\9é¹d•Ä.Iað{&úl¬oð³òsêÙ®ç¬s¥—b±’YJ?¦<¦>f}C9¦³ÎŠÑë™K<ýaòrè²üŽøŽ¼£þ§«³¢VŒŠ5mWJsòZìÛrgAÌ+ö=\(M³i%Ò­ÔÙ#Êa»cP9ŽÈה÷•ðƒêÖkÑ×bÿŒ…õhbõ[Ö>ñ~YŠ«²–Hó~9“´¤C¡zÇ¡ð’rX=¬I¦Üߟ±‰-Ú/L„i¦„b¹IøFß㌟߈IfŽsxtKÝpR7ðѯ£h&ã#âqÏ+M¢kHÖ žÙ†D’F'IÓë×™‰j—¦)¦•Î˜H•Ü@LŒfb¨TrƒS¹Bu235+„8ðŽc[)›‰¶ÚpŒ‰)ÆDf ¶¥±Žœ(ÇňAßdïù5ƒÿ.I€|Ó4bñ1~’‹78»Â¯rq•oq‘týœÁŒ´Ub%6‚S(žâ½àmyW¼ð‚ÇNz OôV¦K›ì;/eþ-ríãkËàØ .(k ysÏ™SÆ®JÙÄ-cRÀQÊåSIÏp“ßW.êl 0Z@ÙaÊVPžÂ¾K‘È|ŸµµãǗ…å5¶L—p\8ÉÊ+‚n“‚|ÅÌ þý>oD.‰§â¥8VjIªhPq¨^vA°¶!»Ä€:TÌY&'†s“ÙnIŠD4Êi0âLa²Â0þ聮*Þ-¬¾³Ÿwf‡ÙéG¾Y½~ý‰1Ǽ¯¹w¸w¤ùoÓ{¸éÍ vÇ夝îΫL ŸþxõO³]œ§úEÛ½™¿6ÿ|"[HƇukú½ìÉ敥iƒ9Ž׳ŸÝn¾WD¦Ù -K¦éfO·õ•ò‚ôUŠK,ˆ3q#Î`e6ÒïR†ÁÛŠ£ÐBÂã/ãþ C'ü#‚×RÄ©nh@ -ÇD‚µ3såò]YCN#•”JQ¬i‚a$t9 £ ‚/ˆèá\ïù”𯀏:çbCßÒoè!ÕKenkwif‚é‰/O-èÌ×ô}Uoèë00ÂG3‘ýl4#åS¹DUˤfá•"RL`N‚·–á$[&g&œ-p¶ÂWyƒ¯ó<Ì7zî’-|¯”?*Ëì8C¶#òimÒFÆ sb¾Y©xé¤e¤GT¦†Oÿ¯º8ÝO:$䟝Ô3Ei,ôKáHè­(¢/Q¶¹äãYé*­Z¯µù~ [|ÏxÌ¥Qî®â\{Ô\{¶øY5W¯Ò¸*¥J@©ÖRø´Z{^­_jíÀøÈ7ql-†ËÔ\šîÒt·èDZ¡¨à4¸ÿ£ÇyÅ>\îßõ-Z©_Ä5Š*­¡Òª1Ö°Ç(PnÞ~-XÃÎãpÿ7?ŽCm±Õÿ1`Ö±{ÌÂø¾PPÙó‡ë>Ž)ÔÙÁú±úSõP}Qšße ݏ”ï GPsì0¢-/ƒ°ºµ…W; ÝQ\Ÿ2[P‡ðîR}™²÷òË°<¬„#‡ë‹c×¼JˆWí -#®„0w©Í-Vé®JwÕìã]¿m…ïô!¹8 -ŒÿRo±x´†1kmãCê­Õ–Ž¶G½S*ðæô‡-´çíJIÐûBâ¡ÃG_æn¿-üŸíòmâ<ãø½w—óùGîοÎÎÙ>Ÿç|Iü+—à„5—ʸ¥„˜64­¢±&’  0J¢ªtk×­Ñþ(“VA'mêT$¨BµvQ·U«4D4U“º?ªýQiC%í?•640{Þ×q`Ú,ß{ßûá÷ìïó}>ÏvØr°åïÿãšìƒ[š¯zÈ -÷ÚÖê_ÉÌ"H¼> ¸i´£¥:ÒxMWƒ+ôÝ«ñ~]-@`9ã»uut,îÖÕÀ -#\Mºš_aÚ¯&†uuÖ#‰}™êðê¾m¼Þ_µÊz'OÙR£ûñ“êr9œ6Žm³î(äƒGèSr'cy ÍjË­­ Óûõ#¹%ߏfû—ûé~<'W÷'wïŽVkUz±ºT¥©ªT¥«×ïúäÞêôd}…>5k!¸‚fÎ$Ý RèC ¸÷ys·ufSHrü"ï*)`yàÇ¥6rß ½à¨/žt‰í©D:銅‘ ƅT,AÚj4¡”š20iA½•ÍQö»}¦]”Zµ$Ž%'ðÀG6§mœíÿw>%T›ñt«4qÆèG•]s1¹ÝÑ÷ÆVï`,à`C™ óðnšöìhv—m±®ñ>sowG¡Ò**„s3"òôí1yúùJeßÀ™Æ‰ MŽ&“)ᮡWg{,s§ÓhTöÀ$T¥Ça®`Eºúþ}¡d24¸<ßÕâaE1ÿ'+ћNf'Ë.QàE9-¡JD’:O,‰'~À?àå$¾LVðمó\nÙŸW‚àK+O—©¹8Bn!·ˆèA| €³Þd½‰h$hšœŽ½Í¯Ð©0Ìc#±HgV(¶Q‚-[ -IŠÉ¢M颉—ärPoߖA"ÿÆù‡„ Ø56mã`NÆYŒn_Äd…æýÅ$Oª'Oœ‚'®ÁË4ž’É”Ìã)Y6{©93B&"ä`„<(žÕ[v¡c3ÁgèºÙûJ›TºYssðX˜L˄L1ΘVÖäMœÿy³fN›³æ’ÙÖÍ"‹Ä‹ðiÙä–Í5“^6Ñ4L¬šL„—uU\aDË×u59çuUKDt5aõ$ -™ìp^-l S‰b‰€€ªüìǕ#š,8 6½VÉÁWOžp -8}; -b´•‡ëV&¶žiœÚí'“™´8ŽN¾0÷b#2%G ÓFgЗv*8Ïh0íϙëg"¡]™ $Dç"8×ìé$§F…ŹƒâÀòâI–œÆR¼SJQÍÊHô{ƒ¸«¥S;>ŽÏSðÅ!¬)…õÅù\!8‰àK8‡,«º\Q ‹”",.¨EäKàÆÖvÏ¢ýR~WþúØþûȧvÎówÚiß.ï÷ŸC¯Ù_? Ù¢VÑd£# »‹Qô‘ÿc…¶¢hßZ‡Åºü?RdÑkì4;Ë.±Ë,ÇÞvYpÐr]„gD©=Ò×óFu} -3]e¹soe¹ö؁+.uו(»ëñ“ïS®û« [ôþ*.#“¿¡¦H±”)ޒn…úÕ¡¾ñ@ ¢>ñ¤„4 -§).í}AŠ†d;DADÞvIC!¿3 Qm04Í” „yT‡F&-÷qú8wÚqZ8íy^><æ§êÐAócÙÒ»‚Í?úgß©-‚>}—ˆgÒfo__ Îq~Ÿk*M­=|âæÂÍӇ^øÓ^óð£_|æì·G™Ë¾wù»w/ýà³wN]8óÇÆgoýîëצ¡é¸§1ƼZËPe:¾¡5}ЮZtdñÎÁa)9‚ÞJct/ñ`¯&8s½Úâ5â»Q;;¦Ó𰧼ÞÀ-àGOJè«s¶ qaŠ¸0…@à°@nëÄpIIÎ5vuUúŒ5GÛ²ÖëTñþÝkXˆEÖd‡Ç଎èÖK<Ò«5k‡õ¥"°¦ÁYœ¡P‡‹qâÕààzHj:#j:&˜çZÓ6”ÝbŒK–bÅƳ;I±¦ÔÕZì@öiã¨ô¬òlìhöŒ4§,¨s±ãœòCãMñ åMõØO²Œ_É¿P~~Ǹ.+ø«qÛø·‘Õº¥Žu¾î=ï=ï[í¶íõ¢8/èª-GºÊe¡ ¨F™„¢#üX‰T$h³qB(DE£–]ŽŠ¢%DO£Et1ˆÇO¾H$ÍOÿÖÓÿ•ŸñKxÖ?Ò5²@œØ˜›¯®ß3¦pyÆI„õ¸u}èÖãø.ûØ6Î:ŽßïÎïgûÎw¶s>¿Ü¹~9¿ÅNâ¦é•2_·¾wU†„h3æ%,b¬¬i -lÓ(µ@l«˜h • T"H i-ÑJ3PX:,ê¼±ñGDU‡ê1ª²?V%å÷<¶³UHDºçyîÅÏ=¹ûÞïûùJfכ•tNîK÷eu&'c“ §t0‚y½£=‚ÙXQ|‹Ì4©€°¦µ!ª5R ±2”¿G¸Žö°"¢ð6pO*ÕÝ«CòÆxPùü‹»¾ógþޜÈnþ¶q 6uægG>õwöÎ÷Å2‘7}ŽÞºôdt=–^©ÀËè׿»øêR•Aòõ¡¼. ²rp¾««\ÖH‡Ö0(œŠª¬{’¯ÖãZ­G¤©F"1-HÔ§Q„Õh⥂È)áÈoQt -“EÙùGCÆ1ƒ3rNÅËa±j‘„ÛÆ|û?T*6ÿÐ#ў¿§ÈtYüí!÷17ëÆ ®”ÊM°dÑB‰ƒÒJÈ9M+ä?†IœŸ©ÔZ­úCF­C߄!vH°XKø–Íi`¼©r4/>Ÿ2 }K6ale<|!ÔE°) 7¸MÑ Þ1Žcœ˜Ç`9ÀQÖ -P`iMÓthè3:Ëè"&Ä%ýŠn×'ò?ŠŠk-ãM/ž¦ÊÛÓíz “åL¦Wðq§‘ïÐ8CîÐ:Q/ÝÔÕå¹^HëÖù½Ž˜§ôƺ?¥\1.”báx$-ͺg=§õ“©“i^*úr¥Ý¥Ñêxõ™ü3¥çý¿H­Þà®Ç¼y×`‚Yd AXX€â<³X^Õ -”Dd1šP5DUÇ'GNFÃää:IJ§|¼M0hgOÀ™r¥0È0䡪ߌD”n» Wȃeߔ¤ËÉw“ÿJrÉ.hñSLSŒÀ °ÁŠj¤¬¹ÀUš3`˜2§kütfô_íé}{ÛÓ·i8Z©?°þnêcf¹rþ.àÙ ½ŒçѺHlZ;ÈE¤Ræ´´ú|ü þrÑTlŽ)Œxóv»> bûv»3¦ÃŽˆ^)ënßz¦8Fkz,—×t1àpjd yW ?áDŒqæì1èv’½ð^î;ÎÅwr¶úL3ø©âÁÈ̱sÜÿcßLhF‰ÎÄf×ý05×ïE<.Âabx_IUÒß-NŸ.Ùëcš9=bºs,ÉâÅ1ï1U’$"³Œ‡Jts›^1!Õü:i!ç£&í"f¡`^6SÎ‹Ý¯e³¤È¹¤Î\‚„·ð’YÒ%ò›,AÀË“}x™àKòá}|x nJ€nLñÿýá³£å*ê:Y_¸¯¯S·(E¥UBUUÙ4„ÄHNeg’Ù§Ùþ9]ÿÁ¥Å¯}ö`2ÔçK&c?ylÛ¾/¬þ½¿ÿôsöV¢äåή¾qòË»û7æòå“?=:›ð¨°ã¥ï}ÆÜöèÌ&sßáõ ~kXðî¿ÙͶ‹LVº5,·$¬aq‹(Þ«÷ò†d°Ët(S#“‘›¨áÉÄùhX ÏÂK~#ó®’Ú :πlåJ«Ònv=ìÒ~åÞúéó -Ó6ô‰1¾¯Pœê "„ç‚d4Å/D!ôDvÞÎB)â½ù(Øi8°»ˆÍÙ© ÚqïÓ)ÈJ©ÿá࣠4JÈñØÇþW¼Ò"™påJ½¾$¶Äf †®_kôUƇ Øâ5ÇaœekñÙÀläµÐká…ȍˆs.ÇUõŽúƽã¾ÿ(v‡R … ‡”ˆÊi‚Ñ3À…º«åXÞa²èðåл”±Fßdø¸i•t4Ïr%~.Îƛ͞>$CCFåsò’|Eþ‡ì'b¿<ދ+äkß,Öo#;´±Nlfj+ËÄ:Å6žZ´O†ÒÙàÂ>eþé"c5” -P¦©RâÊRÃÐ7G`÷Õ«Õ\ò¾€‘jl-ï/|äH_Þvqõ/ÛW^»/Ÿ{l²:>É~)~bgöqâŒìÝen…;Åd؁®ªÂ†EÔãêb9¯çÈ®¾ÆCz¢›0—-™K•^¨J1rÔ“›ÔË¢8¸}ž\(¥{ÑÓ¯d¼îWñ’Ÿwºð>O¢§ËÃT®[øF;³£ÃV‘vK׊Ÿä¨}NË5ášrq.¯óŠ?éÃY;Sò]&öí認쩱T9¦J.WV§ÊÓ4˜êY\í-ª=‰ð!9ET{’dd»Ú ±…;´Y"B¬¡)ˆ!¶ˆ£ƒAR…n8gØÖó#Ú&}§¶S·«.y”$Ïäh"c¤\lq&\[u>w-À6Kö0™ ZùüÞÃóI°¿Ÿ9 ÀÌÁe°Á»he¤ˆš–¤‡ä™m`sNæˆèô®ìPtÙ׏ÝËihE(?TCôVë±MV¾Fjhb4&b‚cÄ@TŒÇ0Ɖ›Ñ-0Ô©ƒ4RöÙSÃ="·9‡“]uâž1ÌM -É°føWßïÿú7¶í=\Šì„-cµâWö˜s§VޙÛ ¤¿Þ¸ì¥Ìþ—íj‹ã*Ãsö6—½Ì™½ÍÌ®=;ëݹiwg\ï®ãY­´ƒÚ$5$UÔ@ŠV) -/­-…ªR,›jçYBåJ Ò> ;±ãZm) ¼¤äFi¤„Bi……(D•þ3cÓXûœïœ3÷sÎ÷ýßÿ•±"Ò¶6?5~(D?³/¤Á``ª¡+Á]eYªŽe߃ý$@Q¡„¾@„ [[="‚ °»Wž8¶È°ìH®‹gód}³™˜àçB:òG€ßªßPÉ}®×¾øOû>Ö¹sßñ—•Mû¦ô-9 wk9Þ!QèÛ¹vVÎ*ìWÔtUReµÐa]®“v¥¶Ü)|•™dŸâöKûåÉ æçÌOÙ_Þ(žy‹z“ù%{N>Wx³øs‰]åV¥5ùÂFqsäCé!÷Pú¼Ð8Ã"ò”•±Z>֞P±ы¶ô± {^zPœ‘Ajâïu¢® ZˆÚ’ߨ¯ ¼ùx \ûôž#ð·~ ̀¿¹Ä©ùdÄë“5@¶ -~’p)€Çe\F›‰˜‰cÇ2å\`$2p ؊v9ƒ U®º! ß VîÛ"i¡Z+[ÚÙ°vÖófI ¿®éjet'JN §X>®iA9ðèïá踃Yؒü×ÝèE`K=|}—-zYR¡úe¢¼«KLÄÔJ1>F¶y¯ç8¢‹·oÀoó1άS:DϧˆîIC~Jáא'A˜ –t6B™þÍ_­£:uRCZü¤‰Ìxp÷z½Q.Û BÐJò¬^¿×ÇwúþÃ?ëðgµx!m“M:Ôkç H0ÍPíãö öeûSíSó3í33ANXδýó®K­²m[ß–åR±‚í§ëuÝ՟ϋç¥ó:×öU÷G¨Cè0=ɬ0›‡­EzÏ ?ÒÍEkÞ~¿NNÖ6ðº¶n¾o_Ó®™i™7ìÐ±\Dd5Ú`͘ÕŸÄO -SÑgé£Ò³Öéø^”N˧+‹Ú¢>o‹ ìkâ‚N²ÇÐ+ø!œ€ÕÔ4ÑÀ -, - -V+eE¥¬ºBñ\JáK²¢”€T+Œi@0õ(Å I!ú5¢:Î&z$1Y̝vÅÇ KàÞ²èjr~ïB.ò ”#‡At"=!Ùí£J8Б$š‡0|õ·-ÉÈwÑŧ•,sãJÖpQùÖÎÖ_vþ©íÜžè‚žD”¡R}ûè× ]1Ö´°ˆ+ÙÜö}ôù¸šQBš–<ñèo¡Éíµph²™$ž±HQῂÂL„ïïzƄÎI-=Ò àVèÌÅF‡& ±J5!Ç!*³éW~‚KÄÆ[HïçÐRr)µ$,è ­›ñ›âmãv“åmÓâÕÄ w2þñ=Ô±ùçÇ#v/ÚÃ=aBï™nk´3?‚”Iýùµ–×9*Õ¦:'é¹øžæòsâOè3øŒp^ÚЕT”ǼÀ×K¸$”êg‰N‡ÃçØçǧ:‘]§P…÷~uMù¾ƒ[oI\„²É7(öð°kÛwOЧ×#_â+ÚfP“o:§7Å|ÞhµÚ\<‘h‚ý iYoµ[Ͷ–^Ê;Ú`Kó‰áYyJAŠ£½T™«„*KT‘5Ûv›û–e4§`¶gÛ¨ÒšLÓÕ¶–m·µDÞ0F›‰l³™€•—Ø„Ø449>áèN´è6?„†J°ŽM–¸ ¨lG¨ÑP”a.óÒKy”·µË(µ¢ÊH&ºšÀmO~[þ“|OŽåÐ8Õ¤hôÝå¶m€¬PMÔÜ]¡\ª:¼R¾Ô¬=ì ðv­_›@>p¯¿mÁjúîö‰‘òB½”][HÍD# $¥ÝYGÚÂwûdŽïúvûNF°ßŧ¶ E3¸›ê.¤pwöêUW™«4£Ç€3ý> ÕÓÔ4oŠ§87©É늪’îAû“ÀIRÙ!¡—ôŠ¸'‘Qèô2bªõÒñ-A5NZbE-“'w»·Ê»šÊ“€k™wiBdÞXM¤?âñiWWI`L ׁeôMÂr:!° Ť‹a(¢—v1æ]JÝ˹™@ò¤I(̹èy™œ;Îä\s4ëZP&ï²þÍò®å Prî)ðd‘< -¹ü‚ð…¶|ùGýW}é€/C¾ɋâ>"<{þ…Îäób®Üþ7ûUÛTÅïµÝÞëF¿ö¶ö½®[·vm×ײ­Ý÷R¶É¾Ø,Ȁ9'tñ1>¶¡‹F…@$BPŒøE&\"%ûË@bLä/ &QB01È:Ïë:F$Lˆ‰É;ͯ÷wOï}÷žs_Ï='¤h½^%4%úJYZ¡ä9væLaž+-kIsS¾‡)/q—¬›Œ6UÅWŌú}oD‚Áø·n»gͧ—w,¢À”mµ…Lùë¥L…%[þÐûññэÛ-¬Öµf›—u»u‚cxúîæ -ú¯¤Ç4·)2…Øüdd¢ìTök0âe¼ªlJ!*(Éœ f…² Ê*4” ¡ñÙbB¾!ÿBŸº¢Ëݳ!+)rxÁÌî 1!X(<¸ö(k! ”†ï%=ßwOP]˜ˆ J}URü±©9ºú3اÿ€8}z½©’¤Ë^Š7Ñëe²¥ ³6”¿¢Û›Âò¼Î‰œÄ˂äáÝ·ä‘+™rK™½Ñ2Àè7Š}Òzû@`„ՏŠÃÒNûHà€þ€xÇù·¤cò§øºô§å$²ðûõL"S•ô>J¦÷Î)JR±_/Ѐ€,'{ÙOSü¯ÕsjEÊ48W2Å÷*Ã@»õ¹ªÆR«U•lÁ~HÏ\ÕßÔ³Ïê·éÓkôcu|;ßÃkø1*l õùŠÑɝ'¬óPO€) -Ô؀.ý0ï=ªRå6ÊÔ['»·ONÝî¾M7éTÛ²Xä:êZ§&å™p¢D"|p÷ÝÜÔ*¡eދzîrf¶+¡Až/Oäâ‰r¶¬´<²&*Ù -Ɠ¸tәS™Á`ÞÕËæT._fü>/Æ_+?ÓQÓRQœWåÓç4º—Ä?1æ‰&k˜Þa¯Ã»,bîú,|ÚJÖmy†º»[öîüá,ã⮓ìÙ܅®tS:½½_jbÌ-Ý&Hh¯wð"yYgâœ_P/h²É¿ºj£5×ú’UcgügM¢=ûãG¾a!á¹Ö©îsZ«›3”¿¡b£+?uÆ´ -²-+SHMùµ¿@JK7¤Y$³oq®¿z馮M¬hQ™§,×hLåkƒ¡lÏöèîÞzÌÊî;”0¼0V"ì$\¢b1 Ýè¢@ªàY@/iï hœÁ˜Hoþ°T܃Èü° öc€ƒÆç¼<gÈî> `?àùðwòœŠâ@ ­fPv¨< TkÚt`ñëÀ€†u@ÓÅFË Líxˆ«ikÞzhýçh~Ìô“›>OCôÜ]dÿH%ð<­7Fó^¤õ^¥ýíû8Ðܦ=%/UñŸàŠ -*T¨P¡B… -*T¨P¡B…ŠÿÀ‚"4 -c$B -*šd›–MfK†™eµ‰’=ۑ£è]~9\XT\ -£¬¼¢²ªº¦691²¬¡±éÉåÍ-­mí+::ŸŠ®\õôê®5k×Í·âù‡oêqŠP¼b"Sµp¢5ˆ`º0Š#Nqzš~u‡êрNôÎh§¯Ýÿû‡·“þ}P4óèç„C_r¶†v‚$×’<…˜O99-Oj“œ…’\Cú¡$×?‘ä)Ä/64.mDäèÆÁ؎¶ØpçÖÁÞ-ª#»±­ä—dD±ƒˆaÚè{˜|²•ú½ØB,†~ìÂfê =ò¬Ç=Ž<¦óáùh+tä!Š°Št_ÑYj¨OÎaÓ/œ–˜Ò›mÑÇZÈù÷äïÇTGBoG8å1—8ƒfGò´Øëý?64_ë1ÖþΉ\bô»×•vüعµîœ:hªæ ÔUÎ/ñä¿*ô -endstream endobj 509 0 obj << /N 3 /Alternate /DeviceRGB /Length 2575 /Filter /FlateDecode >> stream -H‰œ–yTSwÇoɞ•°Ãc [€°5la‘QIBHØADED„ª•2ÖmtFOE.®c­Ö}êÒõ0êè8´׎8GNg¦Óïï÷9÷wïïÝß½÷ó '¥ªµÕ0 Ö ÏJŒÅb¤  - 2y­.-;!à’ÆK°ZÜ ü‹ž^i½"LÊÀ0ðÿ‰-×é @8(”µrœ;q®ª7èLöœy¥•&†Qëñq¶4±jž½ç|æ9ÚÄ -V³)gB£0ñiœWו8#©8wÕ©•õ8_Å٥ʨQãüÜ«QÊj@é&»A)/ÇÙgº>'K‚óÈtÕ;\ú” Ó¥$ÕºF½ZUnÀÜå˜(4TŒ%)뫔ƒ0C&¯”阤Z£“i˜¿óœ8¦Úbx‘ƒE¡ÁÁBÑ;…ú¯›¿P¦ÞÎӓ̹žAü om?çW= -€x¯Íú·¶Ò-Œ¯Àòæ[›Ëû0ñ¾¾øÎ}ø¦y)7ta¾¾õõõ>j¥ÜÇTÐ7úŸ¿@ï¼ÏÇtܛò`qÊ2™±Ê€™ê&¯®ª6ê±ZL®Ä„?â_øóyxg)˔z¥ÈçL­UáíÖ*ÔuµSkÿSeØO4?׸¸c¯¯Ø°.òò· åÒR´ ߁Þô-•’2ð5ßáÞüÜÏ ú÷Sá>Ó£V­š‹“då`r£¾n~ÏôY &à+`œ;ÂA4ˆÉ 䀰ÈA9Ð=¨- t°lÃ`;»Á~pŒƒÁ ðGp| ®[`Lƒ‡`<¯ "A ˆ YA+äùCb(Š‡R¡,¨*T2B-Ð -¨ꇆ¡Ðnè÷ÐQètº}MA ï —0Óal»Á¾°ŽSàx ¬‚kà&¸^Á£ð>ø0|>_ƒ'á‡ð,ÂG!"F$H:Rˆ”!z¤éF‘Qd?r 9‹\A&‘GÈ ”ˆrQ ¢áhš‹ÊÑ´íE‡Ñ]èaô4zBgÐ×Á–àE#H ‹*B=¡‹0HØIøˆp†p0MxJ$ùD1„˜D, V›‰½Ä­ÄÄãÄKÄ»ÄY‰dEò"EÒI2’ÔEÚBÚGúŒt™4MzN¦‘Èþär!YKî ’÷?%_&ß#¿¢°(®”0J:EAi¤ôQÆ(Ç()ӔWT6U@ æP+¨íÔ!ê~êêmêæD ¥eÒÔ´å´!ÚïhŸÓ¦h/èº']B/¢éëèҏӿ¢?a0nŒhF!ÃÀXÇØÍ8Åøšñ܌kæc&5S˜µ™˜6»lö˜Iaº2c˜K™MÌAæ!æEæ#…僰d¬VÖë(ëk–Íe‹Øél »—½‡}Ž}ŸCâ¸qâ9 -N'çÎ)Î].ÂuæJ¸rî -î÷ wšGä xR^¯‡÷[ÞoƜchžgÞ`>bþ‰ù$á»ñ¥ü*~ÿ ÿ:ÿ¥…EŒ…ÒbÅ~‹ËÏ,m,£-•–Ý–,¯Y¾´Â¬â­*­6X[ݱF­=­3­ë­·YŸ±~dó ·‘ÛtÛ´¹i ÛzÚfÙ6Û~`{ÁvÖÎÞ.ÑNg·Åî”Ý#{¾}´}…ý€ý§ö¸‘j‡‡ÏþŠ™c1X6„Æfm“Ž;'_9 œr:œ8Ýq¦:‹ËœœO:ϸ8¸¤¹´¸ìu¹éJq»–»nv=ëúÌMà–ï¶ÊmÜí¾ÀR 4 ö -n»3Ü£ÜkÜGݯz=Ä•[=¾ô„=ƒ<Ë=GTB(É/ÙSòƒ,]6*›-•–¾W:#—È7Ë*¢ŠÊe¿ò^YDYÙ}U„j£êAyTù`ù#µD=¬þ¶"©b{ųÊôÊ+¬Ê¯: !kJ4Gµm¥ötµ}uCõ%—®K7YV³©fFŸ¢ßY Õ.©=bàá?SŒîƕƩºÈº‘ºçõyõ‡Ø Ú† žkï5%4ý¦m–7Ÿlqlio™Z³lG+ÔZÚz²Í¹­³mzyâò]íÔöÊö?uøuôw|¿"űN»ÎåwW&®ÜÛe֥ﺱ*|ÕöÕèjõê‰5k¶¬yÝ­èþ¢Ç¯g°ç‡^yïkEk‡Öþ¸®lÝD_p߶õÄõÚõ×7DmØÕÏîoê¿»1mãál {àûMśΠnßLÝlÜ<9”úO¤[þ˜¸™$™™üšhšÕ›B›¯œœ‰œ÷dÒž@ž®ŸŸ‹Ÿú i Ø¡G¡¶¢&¢–££v£æ¤V¤Ç¥8¥©¦¦‹¦ý§n§à¨R¨Ä©7©©ªª««u«é¬\¬Ð­D­¸®-®¡¯¯‹°°u°ê±`±Ö²K²Â³8³®´%´œµµŠ¶¶y¶ð·h·à¸Y¸Ñ¹J¹Âº;ºµ».»§¼!¼›½½¾ -¾„¾ÿ¿z¿õÀpÀìÁgÁãÂ_ÂÛÃXÃÔÄQÄÎÅKÅÈÆFÆÃÇAÇ¿È=ȼÉ:ɹÊ8Ê·Ë6˶Ì5̵Í5͵Î6ζÏ7ϸÐ9кÑ<ѾÒ?ÒÁÓDÓÆÔIÔËÕNÕÑÖUÖØ×\×àØdØèÙlÙñÚvÚûۀÜ܊ÝݖÞÞ¢ß)߯à6à½áDáÌâSâÛãcãëäsäüå„æ æ–çç©è2è¼éFéÐê[êåëpëûì†ííœî(î´ï@ïÌðXðåñrñÿòŒóó§ô4ôÂõPõÞömöû÷Šøø¨ù8ùÇúWúçûwüü˜ý)ýºþKþÜÿmÿÿ ÷„óû -endstream endobj 510 0 obj << /Length 43 >> stream -ýýýþþþûúúʷÛ}zXn_>RM,@O.BfDY‚au¡„–ÖÈÑýþþ -endstream endobj 511 0 obj << /Length 25 >> stream -ýýýÿÿÿãÚàű¾É¶ÂɵÁɵÂîèì -endstream endobj 512 0 obj << /Length 4 >> stream -ýýý -endstream endobj 513 0 obj << /Length 43 >> stream -ýýýþÿÿýüý”x‰G%:cAVÑÁËÿÿÿýþþð½Y6LM+@¨Ÿþþþ -endstream endobj 514 0 obj << /Length 40 >> stream -ýýýÿÿÿìæêeEY];PàÖÜßßߖ––öööÓÆÎQ.C{^püúû -endstream endobj 515 0 obj << /Length 37 >> stream -ýýýÿÿÿàÖÜ]:OjJ]îçìþþþñññÙÍÔS0EmMaôïò -endstream endobj 516 0 obj << /Length 40 >> stream -ýýýÿÿÿüúû{]pS/EØÌÔÏÏϜœœ×××°»J%;•|‹þþþ -endstream endobj 517 0 obj << /Length 52 >> stream -ýýýÿÿÿ×ËÒM*?”{‹þþþÉÉɵµµœœœÄÄÄÔÔÔ¥¥¥÷÷÷üûüvXk^=Qëåé -endstream endobj 518 0 obj << /Length 46 >> stream -ýýýÿÿÿ³ ¬D6­˜¥ýþþþþþ­­­¿¿¿¼¼¼›››ôôô•{‹J&<Í¾Ç -endstream endobj 519 0 obj << /Length 43 >> stream -ýýýþþþÿÿÿ•|‹I$;ȹÂÛÛÛÑÑÑÅÅś››àààýþþ­˜¥E 7 -endstream endobj 520 0 obj << /Length 31 >> stream -ýýýÿÿÿÓÆÎQ.DkK_îçìàÖÜ^;Pa@Uëåé -endstream endobj 521 0 obj << /Length 37 >> stream -ýýýÿÿÿàÖÜa?TK)>­—¥þþþþÿþ‚“G$9uViïéí -endstream endobj 522 0 obj << /Length 37 >> stream -ýýýÿÿÿïéívViF$8ˆj~÷óõéáætThE"7Šmùõ÷ -endstream endobj 523 0 obj << /Length 34 >> stream -ýýýÿÿÿÓÆÎT2GU3HͽÈýþþ¸¤°K(=iH\ãØß -endstream endobj 524 0 obj << /Length 25 >> stream -ýýýÿÿÿÓÆÎQ.DkK_îçìàÖÜ^> stream -ýýýÿÿÿȹÂK'=lL`îçìÔÇÏV4I_=RàÖÜ -endstream endobj 526 0 obj << /Length 25 >> stream -ýýýÿÿÿÓÆÎS0E`=RàÖÜͽÈT1F -endstream endobj 527 0 obj << /Length 16 >> stream -ýýýÿÿÿÎÁÉX6KàØÝ -endstream endobj 528 0 obj << /Length 61 >> stream -ýýýÿÿÿõóômM`×ÌÓðð𤤤©©©“““ŽŽŽ¯¯¯þþþ»»»ŸŸŸ§§§   ¾¾¾·¦°uUiûúû -endstream endobj 529 0 obj << /Length 64 >> stream -ýýýþþþÿÿÿ…j{¤’Â¡¡¡«««‰‰‰©©©öööøøø®®®¥¥¥§§§¨¨¨šššÀÀÀŠq£‘œ -endstream endobj 530 0 obj << /Length 61 >> stream -ýýýÿÿÿÑÅÌkK^õóôñññ™™™£££žžž¨¨¨ùùùþþþÝÝÝ¡¡¡§§§   ÚÚÚãÜábCVëæé -endstream endobj 531 0 obj << /Length 67 >> stream -ýýýþÿÿÿþþ}_q­›¦ÿÿÿþþþ¹¹¹¡¡¡———àààØØ؁ÃÃý½½¢¢¢§§§   ÈÈÈýþþ“|‹š…’ -endstream endobj 532 0 obj << /Length 61 >> stream -ýýýÿÿÿ¤’…j{þþþÒÒÒ¡¡¡ŸŸŸÍÍÍÔÔÔÜÜܱ±±£££§§§¦¦¦¬¬¬øøøøöøoNbÁ±» -endstream endobj 533 0 obj << /Length 73 >> stream -ýýýÿÿÿ­›¦}_qÿþþþÿÿþþþùùù«««¤¤¤ªªª   šššÏÏÏöööŸŸŸ¨¨¨§§§ÐÐÐõóôiI]Ì¾Ç -endstream endobj 534 0 obj << /Length 58 >> stream -ýýýÿÿÿíèëcBVØÍÔïï¢¤¤¤§§§©©©•••ÀÀÀþþþ»»»¡¡¡ôôô¼¬¶rRfúøù -endstream endobj 535 0 obj << /Length 58 >> stream -ýýýþÿþÿÿÿ€dv¨–¢½½½•••´´´¦¦¦§§§ªªª÷÷÷þþþµµµ¡¡¡£££××׊q€š…’ -endstream endobj 536 0 obj << /Length 67 >> stream -ýýýÿÿÿÁ±»oNbøöøÏÏÏ¡¡¡¨¨¨ššš¶¶¶ðððôôôƒƒƒ’’’ªªª§§§   ÈÈÈëæébCVãÜá -endstream endobj 537 0 obj << /Length 64 >> stream -ýýýÿÿÿÝÕÚeEXíèëÞÞތŒŒ§§§¡¡¡›››¯¯¯ùùùþþþøøøØØب¨¨¦¦¦¥¥¥ñññØÍÔóðò -endstream endobj 538 0 obj << /Length 55 >> stream -ýýýÿÿÿøöøoNbÁ±»êêê¡¡¡§§§žžžÊÊÊþþþùùù¯¯¯¥¥¥¢¢¢¼¼¼§•¡†k| -endstream endobj 539 0 obj << /Length 55 >> stream -ýýýýþþÿÿÿ”}‹ÒÒÒ¡¡¡§§§­­­þþþøøø¬¬¬¦¦¦¢¢¢ïïïþÿÿÿþþ}_q­›¦ -endstream endobj 540 0 obj << /Length 61 >> stream -ýýýÿÿÿóðòeEXØÍÔ¿¿¿–––áááÈÈȗ——¶¶¶ÑÑÑ©©©¥¥¥§§§£££ñññÀ°ºxXlûùú -endstream endobj 541 0 obj << /Length 117 /Filter /FlateDecode >> stream -H‰f™ÿýýýÿÿÿãÜàhI\òðñþþþùùù   ²²²úúúªªª‘‘‘¨¨¨¤¤¤¹¹¹¿¿¿•••œœœ©©©§§§¡¡¡›››ÌÌÌßßߞžž¬¬¬ÅÅÅÆÆÆÂÂÂâââ×ÌÓmM`õóô ƒñJù -endstream endobj 542 0 obj << /Length 105 /Filter /FlateDecode >> stream -H‰Z¥ÿýýýÿÿÿøö÷rRf˽Æþþþúúú¦¦¦ÐÐÐûûûÎÎÎÕÕՑ‘‘¨¨¨›››ÇÇÇííퟟŸ™™™¢¢¢˜˜˜©©©§§§¸¸¸½½½———¶¶¶üüü¬š¥‡l} Ž`Bé -endstream endobj 543 0 obj << /Length 76 >> stream -ýýýÿÿÿÀ°ºxXlûùúèèèÜÜÜþþþúúú´´´¥¥¥§§§£££ÙÙÙØØب¨¨žžžááá¿¿¿¡¡¡™™™òðñhI\ãÜà -endstream endobj 544 0 obj << /Length 79 >> stream -ýýýÿÿÿóñójK^ÝÔÙÍÍ͘˜˜ÏÏÏèè褤¤©©©£££“““êêê½½½§§§¨¨¨   ¥¥¥°°°ùùùþþþ»«µ|]pýûü -endstream endobj 545 0 obj << /Length 99 /Filter /FlateDecode >> stream -H‰Á+Å À³öõM¨$/Tn¼„¿+ª -‰%œ€›°»ADb&¤cÛ_ÿ0ózï­5­µs.çB0ÆÌ9k­Þû”’RJ!¥Œ1ZkK)k-"úÿà>¯O€*é>m -endstream endobj 546 0 obj << /Length 79 >> stream -ýýýÿÿÿž‹—•€ææ梢¢þþþüüüººº¤¤¤§§§¦¦¦«««²²²ÎÎΪªª   »»»èè裣£œœœçççþÿÿþýþat¶¤¯ -endstream endobj 547 0 obj << /Length 73 >> stream -ýýýýþþÿÿÿy‡£›öööœœœºººïïï²²²ää䖖–ÄÄÄÎÎÎÖÖÖ¤¤¤§§§   ÉÉɎŽŽ¯¯¯úúúÂÂÂÜÜÜ -endstream endobj 548 0 obj << /Length 76 >> stream -ýýýÿÿÿ¤’…j{þþþòòò‹‹‹“““ÜÜÜ©©©ùùùüüüººº¤¤¤§§§¦¦¦£££¨¨¨ÆÆÆ×××÷÷÷ûùúxXlÀ°º -endstream endobj 549 0 obj << /Length 64 >> stream -ýýýÿÿÿ̾ÇiI]õóôÜÜÜ°°°üüüþþþººº¦¦¦™™™ŽŽŽŸŸŸ¨¨¨§§§ÆÆÆëåéhI\ -endstream endobj 550 0 obj << /Length 79 >> stream -ýýýþÿþÿÿÿ‚ew­š¦¸¸¸™™™ªªª‰‰‰¼¼¼ÜÜܘ˜˜ðððùùù±±±¥¥¥§§§©©©———‘‘‘ŸŸŸ­­­þþþýþþy‡™„‘ -endstream endobj 551 0 obj << /Length 64 >> stream -ýýýÿÿÿ¬š¥‡l}þþþ½½½“““¿¿¿óóóÞÞÞää䛛›ÃÃߟŸ§§§¦¦¦———ðððøö÷rRfË½Æ -endstream endobj 552 0 obj << /Length 64 >> stream -ýýýÿÿÿ×ÌÓmM`õóôþþþùùù°°°¤¤¤¦¦¦öööØØؚššÊÊÊðð𧧧   ÎÎÎãÜàhI\òðñ -endstream endobj 553 0 obj << /Length 67 >> stream -ýýýÿÿÿõóômM`×ÌÓÂÂ’’’¨¨¨¤¤¤ðððÌÌ̛››ØØØêêꧧ§©©©™™™¦¦¦£££¶¥°z[nýûü -endstream endobj 554 0 obj << /Length 61 >> stream -ýýýÿÿÿ®œ§xXlýüýþþþòòòõõõ±±±¥¥¥§§§¦¦¦¤¤¤ææ杝¢¢¢ÖÖÖõóôiI]Ì¾Ç -endstream endobj 555 0 obj << /Length 46 >> stream -ýýýÿÿÿôòôbAVó½êêꗗ—®®®ÐÐÐúúúæææ××פrRfüúû -endstream endobj 556 0 obj << /Length 55 >> stream -ýýýýþþÿÿÿ•€duþÿþþþþûûûÙÙÙÄÄÄÜÜÜÇÇǾ¾¾ÔÔÔù÷økJ^³¢­ -endstream endobj 557 0 obj << /Length 40 >> stream -ýýýÿÿÿ¹¨³dBWöôõÍÍ͜œœºººüüüþþþà×Ý\:OÙÎÕ -endstream endobj 558 0 obj << /Length 40 >> stream -ýýýÿÿÿ©˜£vWkýüýÂÂœœœ¡¡¡‰‰‰ôôôôòôbAVó½ -endstream endobj 559 0 obj << /Length 55 >> stream -ýýýÿÿÿà×Ü]> stream -ýýýþÿÿÿþÿz\nœ‡”ÿÿÿþþþ¼¼¼   ¸¸¸ÙÙÙßßßÞÞÞ§§§ùùùþÿþct›‡“ -endstream endobj 561 0 obj << /Length 37 >> stream -ýýýÿÿÿÙÎÕ\:Oà×ÝãããÖÖ֐ÊÊÊȹÂb@Uïêí -endstream endobj 562 0 obj << /Length 25 >> stream -ýýýÿÿÿàØÝX6KÎÁɹ©³_>Sõóô -endstream endobj 563 0 obj << /Length 28 >> stream -ýýýþÿþÿÿÿ€evw†þþþù÷øiH]¥‘ž -endstream endobj 564 0 obj << /Length 25 >> stream -ýýýÿÿÿœˆ”uViþüýõóô_>S¹©³ -endstream endobj 565 0 obj << /Length 40 >> stream -ýýýÿÿÿýüývWj Œ˜ÚÚÚÑÑÑ···­­­þþþþÿþ€evw† -endstream endobj 566 0 obj << /Length 34 >> stream -ýýýÿÿÿ¹¨³dBWöôõ÷÷÷———ËËËàØÝZ8MÓÇÏ -endstream endobj 567 0 obj << /Length 34 >> stream -ýýýÿÿÿïêî^;Qº©³óó󛛛ëë렌˜vWjýüý -endstream endobj 568 0 obj << /Length 79 >> stream -ýýýÿÿÿÜÓÙnObõòô½½½–––ïïïþþþ÷÷÷åååãã㤤¤˜˜˜¸¸¸šššŽŽŽªªª§§§¥¥¥°°°ùùùãÜàhI\òðñ -endstream endobj 569 0 obj << /Length 61 >> stream -ýýýÿÿÿ÷õöjJ^²¼èè蜜œ¾¾¾ïïï   ©©©¶¶¶ÅÅÅzzz°°°þþþ¥“žctþÿþ -endstream endobj 570 0 obj << /Length 52 >> stream -ýýýÿÿÿš…’Šq€þþþ¶¶¶ÆÆÆ÷÷÷©©©¥¥¥œœœçççÔÔÔöööüúûtTh²¡¬ -endstream endobj 571 0 obj << /Length 73 >> stream -ýýýÿÿÿØÍÔcBVíèëþþþ²²²žžžºººüüüïïï   §§§ªªªŒŒŒ¡¡¡¿¿¿òòò¹¹¹‰‰‰………“““¤¤¤÷÷÷ -endstream endobj 572 0 obj << /Length 52 >> stream -ýýýÿÿÿãÜábCVëæéþþþ»»»¢¢¢§§§óóóää䟟ŸÖÖÖÌ¿ÇeDYôòó -endstream endobj 573 0 obj << /Length 64 >> stream -ýýýÿÿÿûúûuUi·¦°íí훛›   §§§¤¤¤ÛÛÛ÷÷÷©©©¦¦¦¨¨¨¥¥¥žžžÈÈȚ…’Šq€þþþ -endstream endobj 574 0 obj << /Length 64 >> stream -ýýýÿÿÿž‰–†k{þþþ¸¸¸žžžŸŸŸÈÈÈûûû¤¤¤¦¦¦›››‘‘‘   §§§¢¢¢ºººúøùrRf¼¬¶ -endstream endobj 575 0 obj << /Length 55 >> stream -ýýýÿÿÿÒÅÍgF[ôñóþþþúúú¶¶¶“““ÔÔÔûûûçççóó󧧧õõõÞÕÚaATëæê -endstream endobj 576 0 obj << /Length 40 >> stream -ýýýÿÿÿš†’…jzþþþôôô¬¬¬ùùùœœœ¸¸¸ù÷økJ^³¢­ -endstream endobj 577 0 obj << /Length 40 >> stream -ýýýÿÿÿØÎÔ_?RìçêÇÇÇ¡¡¡€€€ðððÒÆÎa@Uíèë -endstream endobj 578 0 obj << /Length 43 >> stream -ýýýÿÿÿ÷õöiH]½­·øøø£££½½½åååöööþþþŸŠ—€duþÿþ -endstream endobj 579 0 obj << /Length 43 >> stream -ýýýÿÿÿöôõfEZ²¼ÁÁÁÏÏÏÖÖÖ   £££ööö¨–¢€dvþÿþ -endstream endobj 580 0 obj << /Length 43 >> stream -ýýýýþþÿÿÿ”}‹‹rþþþÍÍ͜œœÛÛÛ···üüüüúûtTh²¡¬ -endstream endobj 581 0 obj << /Length 34 >> stream -ýýýÿÿÿÒÆÍeDYîéìÆÆƗ——õõõØÎÔ_?Rìçê -endstream endobj 582 0 obj << /Length 111 /Filter /FlateDecode >> stream -H‰`ŸÿýýýÿÿÿŠ–¥‘žÇ¸ÁM*?N-AO.BF#8v†¦– C5þþþ´£®Q-DM,@J)=kJ_èâæ´µ´¥¥¥©ª©‘„ŒÛÏ×µ¤¯G$9iI]÷õö¼­¶êåèrƒ½­· ?6Ä -endstream endobj 583 0 obj << /Length 52 >> stream -ýýýýþþÿÿÿʹÄhF[B4•~Œœˆ”ctþÿþ÷õ÷hG[¸¨²Í¾Ç‚avbtýüý -endstream endobj 584 0 obj << /Length 40 >> stream -ýýýÿÿÿüûü}^q²¼iH]½­·ŸŠ—€duþÿþñìð]:OŸŒ˜ -endstream endobj 585 0 obj << /Length 37 >> stream -ýýýÿÿÿ¼­¶ðíïÕÉÑa@UíèëØÎÔ_?RìçêäÛáðëï -endstream endobj 586 0 obj << /Length 61 >> stream -ýýýÿÿÿéâç€`uL*?L+?cAU†gz÷÷÷ÛÑ×_?RìçêÍ¿È`>SíèìýþþÈ·ÂäÞádvôòó -endstream endobj 587 0 obj << /Length 70 >> stream -ýýýÿÿÿöôõeEYG%9cAVË»ÆÒÃÍȸÂøöø‚”õóôèâæ]> stream -ýýýÿÿÿ˼ŏn‚cBWK*>P.Ca?UÛÑ×ëç馑Ÿ«™¤rQeüúûôòôbAVó½ëæé³¼ýüü¦Œœø÷øèàåöôõþþþ -endstream endobj 589 0 obj << /Length 67 >> stream -ýýýÿÿÿÑÂËôòóøõ÷›‘R0DL+?Q/D¡†—½¬·Ä³¾nNb¯¨ýþþ”}‹‹rþþþòïñ¯»öóõ•yŠ -endstream endobj 590 0 obj << /Length 34 >> stream -ýýýþÿþ÷ôöÏ¿Éÿÿÿš†’Šq€þþþúøúpOc³¢­ -endstream endobj 591 0 obj << /Length 58 >> stream -ýýýÿÿÿž‰–†k{þþþùùù°°°¦¦¦¡¡¡˜˜˜–––   ÏÏÏÁÁÁŸŸŸ²²²øöønMa½¬¶ -endstream endobj 592 0 obj << /Length 61 >> stream -ýýýÿÿÿüúûtTh²¡¬þþþùùù°°°¥¥¥§§§žžžÁÁÁüüüººº¤¤¤¨¨¨···ÚÚښ…’Šq€ -endstream endobj 593 0 obj << /Length 73 >> stream -ýýýÿÿÿãÜábCVëæéÀÀÀššš¨¨¨§§§¤¤¤¸¸¸ûûûþþþúúú²²²¥¥¥òòòÇÇǞžž¡¡¡ÒÒÒ̾ÇiI]õóô -endstream endobj 594 0 obj << /Length 55 >> stream -ýýýÿÿÿØÍÔcBVíèëþþþúúú›››‚‚‚¾¾¾åå墢¢ŸŸŸ×××¼¼¼wwwûûû -endstream endobj 595 0 obj << /Length 25 >> stream -ýýýÿÿÿ÷õöjJ^²¼¢Ž›evþÿþ -endstream endobj 596 0 obj << /Length 25 >> stream -ýýýÿÿÿÒÅÍgF[ôñóÞÕÚaATëæê -endstream endobj 597 0 obj << /Length 37 >> stream -ýýýÿÿÿ÷õöiH]½­·þþþùùù­­­¨¨¨ŸŠ—€duþÿþ -endstream endobj 598 0 obj << /Length 31 >> stream -ýýýÿÿÿš…’Šq€þþþ¼¼¼ÕÕÕúøúpOc³¢­ -endstream endobj 599 0 obj << /Length 55 >> stream -ýýýþþþÿÿÿw†Šn€äÞâ´¢®þÿþ˜€äßâct›‡“ñîï’vˆäÝá³¼ÑÄÍðìï -endstream endobj 600 0 obj << /Length 73 >> stream -ýýýÿÿÿÑÄÌN,AP/C…eyž€“˜ztQg¸£°ýþþþüývWj–€Žþÿÿÿþÿ{^px‡þþþ¶¥°z[nýüýŽv…†l| -endstream endobj 601 0 obj << /Length 58 >> stream -ýýýÿÿÿξÉZ7MN,@¢ˆ™þýþþÿþÎÁÉX6KàØÝÎÀÉZ8MæßäåÞã¾®¸õóô];P± ª -endstream endobj 602 0 obj << /Length 55 >> stream -ýýýÿÿÿéáætThF%9nMaâØßþþþ…k{‹s‚ù÷øiH]¥‘žûûû÷õöÀ°ºS.EÒÅÍ -endstream endobj 603 0 obj << /Length 61 >> stream -ýýýÿÿÿòïñ†gzãÛଡ଼§X6Kôò󺩳^;QïêîÎÁÉU3Hß×ÜØÎÔ_?RìçêȹÃ^> stream -ýýýÿÿÿèàåȵÁôðóðëî[8N§“ þþþx‡{^pÿþÿþÿÿñíðùøù± ª]> stream -ýýýÿÿÿº©³^;QïêîàØÝX6KÎÁÉýþþ‘zˆ„jzŸ‰–³¡¬ -endstream endobj 606 0 obj << /Length 49 >> stream -ýýýÿÿÿ£’œxYlýüýù÷øiH]¥‘žþþþx‡{^pÿþÿþÿÿ÷õ÷hG[¸¨² -endstream endobj 607 0 obj << /Length 55 >> stream -ýýýþÿþþþþœ‚“D6«—¤ÿÿÿàØÝX6KÎÁɹ©³_>SõóôòîðÑÁˎu„lL_ù÷ø -endstream endobj 608 0 obj << /Length 64 >> stream -ýýýÿÿÿüûüz]oH&;K)=eEYöôõ•€ÿþÿþÿÿ÷õ÷fEZ´£®pQd§• ©—¢_=RÚÐÖ£Ž›ýþþ -endstream endobj 609 0 obj << /Length 76 >> stream -ýýýÿÿÿðìïÑÄ͸§²s…¬—¥O-BàØÝõòôa?T¾®¸¤œwXkýüýýþþ£›É¹Ãsƒ}]qíçëöõö«“¢ù÷øþÿÿ -endstream endobj 610 0 obj << /Length 64 >> stream -ýýýÿÿÿƵÀɹÄþÿþýüü„”çáå÷õ÷uViÖËÒ¾®·eDXöôõà×Ý\:OÙÎՁevÎÀÉ»¥³óðò -endstream endobj 611 0 obj << /Length 64 >> stream -ýýýÿÿÿàÖÜb@UD!7Ÿˆ—þþþÙÎÕ\:Oà×Ýó½`>TïêíûúûwWk§• ÕÈÐN+AŽoƒsQfºª´ -endstream endobj 612 0 obj << /Length 46 >> stream -ýýýÿÿÿõóô˜}Žóðò Œ˜vWjýüýïêî^;Qº©³ýþþ¡‹™R0D¥Œœ -endstream endobj 613 0 obj << /Length 43 >> stream -ýýýÿÿÿÝÓÙȸÂõóô_>S¹©³ Œ˜vWjýüý¹¨³iH]À¬¹ôñó -endstream endobj 614 0 obj << /Length 61 >> stream -ýýýÿÿÿìæêÑÁËûúûþþþýüývWj Œ˜þÿþ€evw†íè뻦´þýýúùúqSeF$8[> stream -ýýýþþþ÷õöûûûÿÿÿ¹©³_>SõóôàØÝZ8MÓÇÏÞÖÜ©”¡ÑÀËúùùÒÅÎjE\¹¦² -endstream endobj 616 0 obj << /Length 70 >> stream -ýýýÿÿÿ®œ§xXlýüýÄÄȌŒ•••©©©§§§¦¦¦¬¬¬øøø“““£££ååå¿¿¿   öööõóôiI]Ì¾Ç -endstream endobj 617 0 obj << /Length 46 >> stream -ýýýÿÿÿÀ°ºxXlûùúÍÍ͟ŸŸ§§§£££•••ÒÒÒØØØòðñhI\ãÜà -endstream endobj 618 0 obj << /Length 55 >> stream -ýýýÿÿÿž‹—•€ÆÆƝ§§§£££¦¦¦ôôôàà॥¥¤¤¤ÝÝÝþÿÿþýþat¶¤¯ -endstream endobj 619 0 obj << /Length 64 >> stream -ýýýþÿÿþýþat¶¤¯ÿÿÿ®®®|||………‚‚‚   õõõîîœ¨¨¨§§§›››¦¦¦¥¥¥ààà™„‘ -endstream endobj 620 0 obj << /Length 55 >> stream -ýýýÿÿÿéäçfHZñîðÖÖÖ¢¢¢§§§¨¨¨žžžŠŠŠ¤¤¤£££¸¸¸þþþ×ÌÓmM`õóô -endstream endobj 621 0 obj << /Length 46 >> stream -ýýýÿÿÿ­š¦‚ewþÿþþþþ¼¼¼   §§§¨¨¨———ÂÂÂøö÷rRfË½Æ -endstream endobj 622 0 obj << /Length 52 >> stream -ýýýýþþÿÿÿy‡£›ÛÛÛ¬¬¬²²²¡¡¡£££§§§¨¨¨–––ÐÐÐþþþŠq£‘œ -endstream endobj 623 0 obj << /Length 43 >> stream -ýýýÿÿÿøö÷rRf˽ÆÎÎΠ  §§§¦¦¦ªªª÷÷÷¬š¥‡l}þþþ -endstream endobj 624 0 obj << /Length 64 >> stream -ýýýÿÿÿõòônObÜÓÙþþþøøø®®®¥¥¥§§§¨¨¨œœœÂÂÂÁÁÁ“““¡¡¡———ááừµ|]pýûü -endstream endobj 625 0 obj << /Length 52 >> stream -ýýýÿÿÿÝÔÙjK^óñóÍÍ͟ŸŸ§§§žžžÈÈÈÄÄÄ£££˜˜˜ßßßãÜàhI\òðñ -endstream endobj 626 0 obj << /Length 67 >> stream -ýýýÿÿÿºª´€cuþýþþÿÿâââÒÒÒþþþººº¢¢¢§§§–––ÓÓÓìì죣£¨¨¨ÃÃÃõòônObÜÓÙ -endstream endobj 627 0 obj << /Length 67 >> stream -ýýýÿÿÿŸ˜™ƒÒÒҕ••ššš×××üüü§§§¦¦¦¨¨¨›››ÊÊÊÁÁÁ¢¢¢ÃÃÃþÿÿþýþat¶¤¯ -endstream endobj 628 0 obj << /Length 61 >> stream -ýýýÿÿÿóñòlM`âÛàââ⣣£§§§   ÞÞÞûûû¦¦¦©©©———°°°üüüþþþ¿¯¹}^qüûü -endstream endobj 629 0 obj << /Length 49 >> stream -ýýýÿÿÿÜÓÙnObõòôÊÊʟŸŸ§§§¨¨¨›››ÃÃÃþþþÙÙÙãÜàhI\òðñ -endstream endobj 630 0 obj << /Length 58 >> stream -ýýýÿÿÿ¶¤¯atþýþþÿÿèèèÀÀÀáááêêꤤ¤§§§©©©–––œœœÍÍÍöôõqQeÖËÒ -endstream endobj 631 0 obj << /Length 67 >> stream -ýýýþÿÿþýþ€cuºª´ÿÿÿþþþùùùªªª¤¤¤§§§¡¡¡½½½×××¢¢¢¦¦¦‹‹‹ƒƒƒ˜˜˜ßßߢ›–Ž -endstream endobj 632 0 obj << /Length 49 >> stream -ýýýÿÿÿ™ƒŸ˜ëë뢢¢¥¥¥ñññººº§§§¨¨¨™™™ÍÍÍþÿþ„hyµ¤® -endstream endobj 633 0 obj << /Length 43 >> stream -ýýýÿÿÿ×ÌÓmM`õóôööö§§§¦¦¦¨¨¨———ÍÍÍãÜàhI\òðñ -endstream endobj 634 0 obj << /Length 76 >> stream -ýýýÿÿÿãÜáfGZìçëþþþººº¢¢¢§§§óóóÙÙٞžž   ŸŸŸ¨¨¨¡¡¡ÒÒÒÁÁÁ£££´´´üüü×ÌÓhH\ôñó -endstream endobj 635 0 obj << /Length 70 >> stream -ýýýÿÿÿ­›¦}_qÿþþþÿÿÍÍ͟ŸŸ§§§óóóâââ¡¡¡¥¥¥¯¯¯þþþÜÜܛ››¨¨¨¾¾¾õóôiI]Ì¾Ç -endstream endobj 636 0 obj << /Length 99 /Filter /FlateDecode >> stream -H‰T«ÿýýýþþþÿÿÿ…j{¤’ââ⣣£§§§¨¨¨¡¡¡©©©èèèòòò¥¥¥žžžÖÖÖôôô———›››°°°üüüÑÑѝ„„„€€€ºººŠq£‘œ ‘8<¥ -endstream endobj 637 0 obj << /Length 76 >> stream -ýýýÿÿÿøöøoNbÁ±»ööö§§§¦¦¦óóóþþþ¸¸¸¬¬¬üüüÅÅؘ˜“““µµµ÷÷÷òòòÖÖÖ¢¢¢çç礒…j{ -endstream endobj 638 0 obj << /Length 73 >> stream -ýýýþÿþÿÿÿ€dv¨–¢ØØ؟ŸŸ§§§¨¨¨………‚‚‚ÎÎÎèèè»»»¤¤¤ÝÝÝïïï¡¡¡   þþþŠq€š…’ -endstream endobj 639 0 obj << /Length 73 >> stream -ýýýÿÿÿóðòeEXØÍÔÄÄ🟧§§¨¨¨•••¦¦¦“““¥¥¥¢¢¢ÖÖÖÒÒÒ¡¡¡›››ÀÀÀ¼¬¶rRfúøù -endstream endobj 640 0 obj << /Length 79 >> stream -ýýýÿÿÿš…’“|‹ýþþÕÕ՟ŸŸ§§§£££åååÊÊʲ²²þþþ×××ôôô÷÷÷¥¥¥›››úúúóó󐐐˜˜˜ÐÐÐýüýxXl®œ§ -endstream endobj 641 0 obj << /Length 70 >> stream -ýýýÿÿÿÁ±»oNbøöøøøø¬¬¬¦¦¦§§§¢¢¢ÖÖÖÙÙÙÄÄÄòòò¡¡¡£££êêê÷÷÷þþþëæébCVãÜá -endstream endobj 642 0 obj << /Length 96 /Filter /FlateDecode >> stream -H‰Q®ÿýýýÿÿÿõóômM`×ÌÓþþþùùù¥¥¥£££§§§¨¨¨ŠŠŠƒƒƒ‡‡‡©©©———“““²²²¢¢¢ôôôÁÁÁœœœ   ÝÝݶ¥°z[nýûü šü9è -endstream endobj 643 0 obj << /Length 46 >> stream -ýýýÿÿÿ¤’…j{þþþøøø­­­¥¥¥§§§¨¨¨ÃÃÃøöøoNbÁ±» -endstream endobj 644 0 obj << /Length 40 >> stream -ýýýþþþÿÿÿ‡l}¬š¥ÈÈȞžž§§§¥¥¥òòòýþþy‡™„‘ -endstream endobj 645 0 obj << /Length 40 >> stream -ýýýÿÿÿõóômM`×ÌÓààࢢ¢§§§   ÈÈȶ¥°z[nýûü -endstream endobj 646 0 obj << /Length 43 >> stream -ýýýÿÿÿ̾ÇiI]õóôïï¢§§§¨¨¨ÃÃÃãÜábCVëæé -endstream endobj 647 0 obj << /Length 61 >> stream -ýýýÿÿÿ×ÌÓmM`õóôçç碢¢§§§˜˜˜¥¥¥¿¿¿   ¦¦¦ˆˆˆ£££¨¨¨òòòãÜábCVëæé -endstream endobj 648 0 obj << /Length 61 >> stream -ýýýÿÿÿ§•¡†k|þþþËË˞žž§§§¨¨¨   ‘‘‘ªªªœœœ’’’£££¬¬¬õõõøöøoNbÁ±» -endstream endobj 649 0 obj << /Length 43 >> stream -ýýýÿÿÿóðòeEXØÍÔÔÔÔ¡¡¡§§§¦¦¦ŒŒŒÏÏÏ·¦°uUiûúû -endstream endobj 650 0 obj << /Length 52 >> stream -ýýýþÿÿÿþþ}_q­›¦ÿÿÿþþþ´´´¡¡¡§§§¥¥¥’’’°°°ïïïýþþy‡™„‘ -endstream endobj 651 0 obj << /Length 61 >> stream -ýýýÿÿÿ¹¦²N+@K*>U2HÎÀɧ“ [8NðëîàØÝX6KÎÁÉþþþ†k|§•¡ÒÅÎ[7N¼©µÙÎÕ -endstream endobj 652 0 obj << /Length 132 /Filter /FlateDecode >> stream -H‰uŠÿýýýÿÿÿ¿¯¹Z7LèáæŠq£‘œ˜ƒR.DwXkù÷øþþþûúú¿«¸ôòó·¦°uUiûúû÷ôö¸¡¯™zŠi}ɹكª—£ùøù«“¢ÚÑ×P.C¼¬¶Á±»¢›ïíîdGYòðñòïñ¼ª¶ÑÄÌÀ¯¹ þ R¤ -endstream endobj 653 0 obj << /Length 108 /Filter /FlateDecode >> stream -H‰]¢ÿýýýûûû÷õöÿÿÿùøùhH\’{‰Œuƒz]oÿþÿ¢‘›cAVèàåýþþª•£V5Iíè밝ª«—¤þÿÿþýþ~`r¶¥°æá䛅“ïíîlN`òïñþþþèå矊— ·ãD­ -endstream endobj 654 0 obj << /Length 102 /Filter /FlateDecode >> stream -H‰W¨ÿýýýþþþÿÿÿœ‚’¦ž»«µS0EáÙÞ³¢¬O+AÝÓ٘ØÏÕîèìȵÁÐÄˤþÿÿñíðüûûôñó˜}ŽúùúÞÖÛnObõòôŶ¿zZnûùú 0ÂAœ -endstream endobj 655 0 obj << /Length 132 /Filter /FlateDecode >> stream -H‰uŠÿýýýÿÿÿ¤”žgEZ§Œïêí¬™¥©–¢÷õö_>R¦“Ÿ÷òõýüý·£¯¢šy‡™„‘ùöø®•¥I%;®›§þÿþ‡k|À°º‡j|jK^È·Á‰j~ØÌÔ¬›¦«˜¤êäèbEWñïðþýþŒo¬“£’õóõ “™OŸ -endstream endobj 656 0 obj << /Length 102 /Filter /FlateDecode >> stream -H‰W¨ÿýýýÿÿÿ³¢­pOcúøúýþþ‘zˆ‡n}ÜÎ×tThüúû¾®·eDXöôõþþþ¦ŒœÊ»ÅäÙàxYlÀ°º×ÌÓpNcʻĉp€ Ž™¹¤±^;Q~`sûúû Þé< -endstream endobj 657 0 obj << /Length 111 /Filter /FlateDecode >> stream -H‰`ŸÿýýýÿÿÿãÛá|[o—yŒ€_sI&;š€þþþ£ŒšH%:›€‘åÞãbCVëæéÒÆÎ_?Sòïñýûü‡j|±ª×ÍÓqOdŲ¾tƒ«™¤Åµ¿dBW§ŽžôñóÔÈÐðìï Ü?c -endstream endobj 658 0 obj << /Length 123 /Filter /FlateDecode >> stream -H‰l“ÿýýýÿÿÿêä蝀“äÜáèãç”xŠ©”¡K'=ÕÊÑèàåŒmT1FÏÂÊøöøoNbÁ±»ÙÏÖV4IñìïgG[tSh˹ij«uViÁ­ºôñ󞋗©–¢ÔÈÏZ9MÅ´¿èß垊—‰i}ïéí ßòHO -endstream endobj 659 0 obj << /Length 123 /Filter /FlateDecode >> stream -H‰l“ÿýýýÿÿÿ§“ Y6LéãçùøùhH\’{‰õðókL_fEY–vŠ¼¨´ýþþèáædzÀɶÂȵÁ̺Æúùùþþþïì•öôõá×Þüûû²Ÿ¬çáå³¼eDXÚÏÖW3I‹r‚õóô¿«¸ûúú É­OŸ -endstream endobj 660 0 obj << /Length 102 /Filter /FlateDecode >> stream -H‰W¨ÿýýýÿÿÿðëîZ8M”}‹þþþ¤œY7M³«U2GK)=pNc˺ÅýþþÀ«¸gEZH';dBW˹Ū”¢£ˆ™…fy÷õöø÷øqQeÖËÒïìîhK\ðîï kÍ6ç -endstream endobj 661 0 obj << /Length 111 /Filter /FlateDecode >> stream -H‰`ŸÿýýýÿÿÿäÜá‡g{š|ìæ궣¯P,BÖÊÒþþþ“w‰«”£èáæxXlH&;_=R¿ª·ÿþþ¯—¦Y6LH';‰k~÷óõ¶ ®‹mþýþòðñfHZéäçÑÄÌoOcöôö KÂ?Í -endstream endobj 662 0 obj << /Length 105 /Filter /FlateDecode >> stream -H‰Z¥ÿýýýÿÿÿ®œ§yZmöñô÷ôöúøùiJ]~btòíðäÛáýþþ½ª¶U2GK)=–zŒñëï‡h|G%:cAVÑÁËþþþø÷øÕÆÏÝÕÚjK^óñó·¦°uUiûúû v‰>õ -endstream endobj 663 0 obj << /Length 114 /Filter /FlateDecode >> stream -H‰cœÿýýýþþþÿÿÿœ„“X5KäÛáðëî[8N¨”¡æÝãðêîq„M,@L+?oMcÀ¬¹þýþµž­fDYK*=U2G¢‡˜øõ÷âÜ୛¦À±ºìèëÿþÿ}^q¿¯¹öôõrSgÜÓØ ô‡AÞ -endstream endobj 664 0 obj << /Length 138 /Filter /FlateDecode >> stream -H‰{„ÿýýýÿÿÿðëî[:O‰n»«µS0EáÙÞîè촜«àÖÜþþþûúúʷÛ}zXn_>RM,@O.BP/CiF\…ey§‹×ÉÒýþþ¸¥±Ê¾Æx\môñóà×ݜ€’‚cwnObùøù°¼P-BH%:¾®¸Ê»ÄR/DÚÐÖ ‰iM* -endstream endobj 665 0 obj << /Length 153 /Filter /FlateDecode >> stream -H‰Šuÿýýýÿÿÿá×ÞνÈüûü«—¤A3£Œ›ø÷ødBW¬š¥÷ôöº£±~]qR1EN-AO.BU4HpNcuSh˜yŒ›}š|™{ŽyXlM,@Z8M‹k˺Åþþþóïñq„qƒýüýþÿÿèà屛©~`sþýþòîðbBVG$9¢Š™°Ÿªe@W̽Æ –SÇ -endstream endobj 666 0 obj << /Length 120 /Filter /FlateDecode >> stream -H‰i–ÿýýýÿÿÿôòóY7L§“ ýþþa@UǵÁwUjO+A´£­äÚàƒbwM,@K*>`?Sš|ÝÑÙþþþÖÈѐq…[9NV4I›~ðëïÀ°ºŸ‹—øõ÷üüüˆm~¨” ÛÍÖóïñÐÀÊûûû ÆSDî -endstream endobj 667 0 obj << /Length 129 /Filter /FlateDecode >> stream -H‰rÿýýýÿÿÿõòôhI\†ey½©¶ðìïa@UlJ_¥‹›˜„„iyþþþäÛáŽoƒV4HM,@cBVp„»¤³êäèåÜ⺢±Œl€^=QL+?_> stream -H‰l“ÿýýýþÿþýüü©ŸzYnP-C²Ÿ«ÿÿÿöôõfEZ²¼…j{§–¡÷ôö€^sƶÀª˜¤rQeýûü±š©¹©´ÚÏÖE!7“|Šù÷øpPdÆ·À×ÍÓhF[ÚÎ՞Œ—z]oðë±Šnºª´ Ï1G÷ -endstream endobj 669 0 obj << /Length 25 >> stream -ýýýþþþúøùʸÃçàåÿÿÿÀ¯¹Ã²½ -endstream endobj 670 0 obj << /Length 49 >> stream -ýýýÿÿÿ¸¥±H%:X5KÏÁÊþþþÀ­¹S1FS0F½ª¶Ë¼Æº¥³ýþþÐÄÌ­œ§ -endstream endobj 671 0 obj << /Length 73 >> stream -ýýýÿÿÿÓÈÏY5KÑÄÌõóõ^=Rt…øóö“ÕÉÐþÿÿÿþÿ{^p‡m}¿¯¹‚dwþýý¡†—ÙÍÔØÏՏu…þýþþÿþ -endstream endobj 672 0 obj << /Length 19 >> stream -ýýýÿÿÿÏÁʬ—¥Ä³¾íéì -endstream endobj 673 0 obj << /Type /ExtGState /SA false /SM 0.02 /TR2 /Default >> endobj 674 0 obj << /Length 16 >> stream -ýýýýþþúùúëäéýüý -endstream endobj 675 0 obj << /Length 16 >> stream -ýýýÿÿÿ¾®¸eAWIJ½ -endstream endobj 676 0 obj << /Length 96 /Filter /FlateDecode >> stream -H‰Q®ÿýýýþÿþûúû¬“£×ÊÒÿÿÿȺÃcAW§ŽžóðòÖËÒX7KåÞâöôõÕÇÐýþþ—‚„iyŶÀuUiüûûù÷øaATˆm~îëí|_qöôö ¬< -endstream endobj 677 0 obj << /Length 117 /Filter /FlateDecode >> stream -H‰f™ÿýýýÿÿÿ²¼“{Šïêí_=R¾®¸úøúpOc³¢­± «]8O¹§²tTh²¡¬íçëqQfæßäƒfx±ŸªúùúnNb¯¨ûùúat…fzûøú‹–š‡’õóômM`×ÌÓÛÎ×åÝâ ñõEE -endstream endobj 678 0 obj << /Length 123 /Filter /FlateDecode >> stream -H‰l“ÿýýýÿÿÿ©–¢ž‹—‡l}jJ]ùøùš†’…jzØÍÔkM_©“¡âØޛ‡“x†Á±»Šmÿþÿ‡k|º©³þÿþ}arŒ–Žt„—}ŽÔÉг£­öôõmM`×ÌÓhH\ôñóêãè[9NrTfûùú I"G, -endstream endobj 679 0 obj << /Length 135 /Filter /FlateDecode >> stream -H‰x‡ÿýýýÿÿÿÁ±»oOc³¡­O+AÖËÒÒÆÎa@UíèëõóôlL`Á¯º—{a?Ty‡þþþʹĉg|˜}Žüûüþÿÿ—‚…jz©‘ N)@°ž©º¥²–~Ž‰oöôõmM`×ÌÓÙÎÕ\;Oëæ鼬¶R/EkG]²¼ ³ÿL -endstream endobj 680 0 obj << /Length 120 /Filter /FlateDecode >> stream -H‰i–ÿýýýÿÿÿúøù‚dvÖËќ†“Š•ÞÕÚaATëæêŠq^> stream -ýýýþþþÿÿÿ…j{¤’ëæédEXØÍÕöóõĶ¿fEZöôõª˜¤rQeüúû×ÌÓhH\öôöøö÷sUg£‰šìåêñðñoRdóðò -endstream endobj 682 0 obj << /Length 99 /Filter /FlateDecode >> stream -H‰T«ÿýýýÿÿÿ¬˜¥c?UàÖÝ®œ§xXlÿþÿýüýuUi·¦°ÎÁÉX6KÏÀÊýþþ¾®·eDXöôõêåè_@SæßäþýýyZmº§³äÚàôóódGYïíî ¡<1 -endstream endobj 683 0 obj << /Length 120 /Filter /FlateDecode >> stream -H‰i–ÿýýýÿÿÿÛÐ×~\qßÕ۟‰—¨•¡®œ§xYm÷óö÷õöa?T¦’ŸÁ²»oNbúùúüûüqQd¹¨²€cu•}Œþþþëæé\;OÙÎÕöôö± «‡l}¬š¥õóômM`×ÌÓÕÊÐ~`súøú ^Ik -endstream endobj 684 0 obj << /Length 126 /Filter /FlateDecode >> stream -H‰oÿýýýÿÿÿçàå~^rgEZoOcëåéþþþ‹r›‡“»¦´úùúÚÐ×]> stream -ýýýÿÿÿÏÂÊN+AʼÅÏÂËL'>Á±»þÿÿýüý”x‰G%:cAVÑÁËýþþð½Y6LM*?­—¥þþþàÖݘz}_qù÷ù¤’…j{ -endstream endobj 686 0 obj << /Length 67 >> stream -ýýýÿÿÿØÌÔU2G_=RàÖÜ÷õöûûûñìð^> stream -ýýýÿÿÿÓÆÎS0Eb@UÕÇЬ”£ùøùþÿÿþþþ›„“\:OðëîÖÊÒO+A»«µïêí†g{vWjúùúpPd¸¥±Í½Çüüü -endstream endobj 688 0 obj << /Length 58 >> stream -ýýýÿÿÿÓÆÎU2GP-Bŵ¿áÙÞS1Fµ¢®þþþ›„“\:OðëîÐÂËÇ´ÀÞÕÛaBUæßäïêí -endstream endobj 689 0 obj << /Length 64 >> stream -ýýýÿÿÿñíðcCW];PàÖÜÁ±»J&<˼űžªO+AÖËÒþÿÿ÷õö»¥³îéìÆ´Àüüüĵ¾Y4K¾­¸ -endstream endobj 690 0 obj << /Length 70 >> stream -ýýýÿÿÿôðòÊ·Ãðëîøõ÷|]pH&;xWlŠi}´ ­ýþþ±žªM)?ÑÄÌ·¤°J%;˽ÆÏÃ˪™£þþþöôõæÞã -endstream endobj 691 0 obj << /Length 73 >> stream -ýýýÿÿÿíèì~^qÁ­ºðêîöòõ­“¤”tˆÉ¸ÃýþþãÚàU2Hœ…”þþþþÿÿÿþþ‚fwhH\ôïòÕÊÑ«›¥­—¥ÝÓÙ -endstream endobj 692 0 obj << /Length 58 >> stream -ýýýÿÿÿɺÃY6LÜÒØþÿÿÿþþ‚fwhH\ôïòäÛáX5Kœ„“þþþéå財¬íéìR0E®œ§ -endstream endobj 693 0 obj << /Length 70 >> stream -ýýýÿÿÿöóõ¶Ÿ®¼¦´üûüþþþÑÄÌK(=dCWëåéþÿÿÿþÿ}arrTgðëî\:O›„“®¨sSgüúûúùúı½ -endstream endobj 694 0 obj << /Length 96 /Filter /FlateDecode >> stream -H‰Q®ÿýýýÿÿÿ™„‘š‚‘ýþþþÿþûúú¬”£ñîððëî[8N§“ þþþx‡{^pÿþÿþÿÿ»«µÖÊÑåÝâÑÃÌtUh± ªüûûŵ¿dDXµ¤¯ <=" -endstream endobj 695 0 obj << /Length 70 >> stream -ýýýÿÿÿ´£­I$;°»íéë¾­¸§“ [8NðëîàØÝX6KÎÁÉÍ¿Èñíïöõö™}`@Tèâæýüüš~S/E¯ž© -endstream endobj 696 0 obj << /Length 73 >> stream -ýýýÿÿÿâÚßW6JO-B‘s†Ê¶Â•x‹à×Ýðëî[8N§“ þþþx‡{^pÿþÿþÿÿúøùjK^uVi÷óömM`ˆn~ÑÃÌ -endstream endobj 697 0 obj << /Length 73 >> stream -ýýýýþþÿÿÿžˆ–ÑÅÌúøúsƒìé맓 [8NðëîÕÉÑU2GÎÁÉ´¢­}[qÀ®¹òì𢏛‚fwòîñÒÆÍÐÁÊëåé -endstream endobj 698 0 obj << /Length 79 >> stream -ýýýÿÿÿìæêiI]J)=I'<~`süúû¾­·‡g{£‡™À­¹Ê¼ÅN+AÏÂÊ»«µS0EáÙÞþÿþöôõàÓۈm}žŠ—ÏÂËM)?ŶÀ -endstream endobj 699 0 obj << /Length 76 >> stream -ýýýþÿÿûúû‚“½§µº¢±eCXC 5¬˜¥ÿÿÿæÝãø÷øþþþùøùiI]sƒûùúnNaŒs‚œ‚“T0GÏÂʜ‡”F!8± ª -endstream endobj 700 0 obj << /Length 64 >> stream -ýýýÿÿÿ¶§°ãÜàÙÎÕhH\òðñóïòiH\š‚‘þþþþÿÿÿþÿ|`q°ž©eDYøö÷ÓÇÎ_?SÜÓÙÌ¿Ç -endstream endobj 701 0 obj << /Length 61 >> stream -ýýýÿÿÿÙÍÕË»ÅõñômNatViüûü»«µS0EáÙÞÏÂÊP,B­œ§X6KôòóöôõhG[ª–¢Ä¸À -endstream endobj 702 0 obj << /Length 58 >> stream -ýýýÿÿÿ«—¤B3­˜¦Á®ºÙÌÔþüýz]odCWóîñãÛàT1F™þþþ¼«¶˜íéìȺà -endstream endobj 703 0 obj << /Length 99 /Filter /FlateDecode >> stream -H‰T«ÿýýýÿÿÿñïðmObêåèñíðdCWW5JãÛàÓÆÎQ.DkK_îçìàÖÜ^> stream -H‰`ŸÿýýýÿÿÿÝÔÙjK^óñóþÿÿúùú“åÞâÑÄ̽§µ«‘¡•xŠüûüØÌÔS0FkK_îçìàÖÜ]:OjJ]ûûûº©´W4JèâæõôõdFXêåèÓÈϙƒ‘tThüúû ›zD… -endstream endobj 705 0 obj << /Length 76 >> stream -ýýýÿÿÿßÖÛZ9MôòôW5Jª˜£àÖÜ];PeEYìæêÓÆÎQ-CrSfõñôÎÀÉ[;OÛÏ×ÎÁÉgG\ûûûÒÄÌtTgfEZõóô -endstream endobj 706 0 obj << /Length 102 /Filter /FlateDecode >> stream -H‰W¨ÿýýýþþþÿÿÿ“z‰µ£®ÒÅÍJ'<‡m}úøù€atÐÄËÓÆÎR/DhG[ãØßS0E`=RàÖÜÜÐØÕÈП‰—rSfɸÃóðòŒtƒš…’»¥³øöøþÿÿ $@:â -endstream endobj 707 0 obj << /Length 79 >> stream -ýýýþÿÿÿþÿ~btgG[ôïòÿÿÿþüýwYl}`rïéívVjE#7…gz÷óöéáætTgF#8qƒøõ÷ûùúnOb~bsŒtƒ‰n~þþþ -endstream endobj 708 0 obj << /Length 102 /Filter /FlateDecode >> stream -H‰W¨ÿýýýÿÿÿáÙÞQ.D…”åÞâo‚ìæêá×ÞeCXK(=­—¥þþþþÿÿýüý“w‰F#8z[nðê—_=RîèìþýýtTg ‡—úøùʸÃ÷õ÷þÿþ u]=£ -endstream endobj 709 0 obj << /Length 114 /Filter /FlateDecode >> stream -H‰cœÿýýýÿÿÿçáåwVkÐÂËûùúpQduWiª’¡ÒÅÍôòó[9Nµ¤¯ÓÆÎS0F^;PÚÏÖÈ·ÂR/E`>SàÖÜ°»¿®¹ñìï•y‹eEXÀ«¸úùúþÿþ´£­I#: ‹™ýþþ ¤AÑ -endstream endobj 710 0 obj << /Length 108 /Filter /FlateDecode >> stream -H‰]¢ÿýýýÿÿÿçß䝀’£ˆ™ù÷ø­š¦N*@ÖËÒæÞã÷ôö¯¼ÔÇÏX5KS0FÈ·Âýþþ¸¤°K(=jJ^èà幨³€`tÀ¯ºûúúhH\µ ­þþþÚÐ×O+AÀ±º (§?v -endstream endobj 711 0 obj << /Length 76 >> stream -ýýýÿÿÿ÷õö`?S‡•þþþ̼Ʋ¡«îçìjJ]]:OàÖÜÒÅÍL)?dvýüýôñ󧎝ÔÇϦ‘žbt̽ÇgEZ§Žž÷ôö -endstream endobj 712 0 obj << /Length 76 >> stream -ýýýÿÿÿõóômM`×ÌÓ³ž¬N,AD!6¨” þÿþŠp€R/EÞÓÚ̾ÇK'=¨’ ýþþêåèaBUíèë÷öö`?SȹòŸ¬ÞÖÜ -endstream endobj 713 0 obj << /Length 76 >> stream -ýýýÿÿÿöôõgEZȺÃƶÀpƒ÷òõ§’ „hzþÿþ¼©µI$;ýþþ£ŽœK'=ÑÄÌÖËÒuViýüüß×ÜfGZòðñÙÍÕ˻Š-endstream endobj 714 0 obj << /Length 70 >> stream -ýýýÿÿÿüûüvXjeCX¬”£ÜÔÙ«˜¤ãÛàU2G“zŠþþþuWjdDXóîñþÿÿöôö¿ª·Ê¼Å…hzýüýíéìȺà -endstream endobj 715 0 obj << /Length 73 >> stream -ýýýÿÿÿûùúxXlÀ°ºßÕÛ¼¥´õòôóîñeEYoPcõñôåÝâ];Pbtýüý÷ôömMaÍÀÈtVisTg»¤²Œoù÷ø -endstream endobj 716 0 obj << /Length 64 >> stream -ýýýþþþÿÿÿ–J&<ÒÅÍÀ¯¹ÑÃÌüúû{^pQ.CÓÆÎÁ¯ºF"8•|ŒvWjœˆ•È¹ÃeFYȸÂóïò -endstream endobj 717 0 obj << /Length 96 /Filter /FlateDecode >> stream -H‰Q®ÿýýýÿÿÿõñôŸƒ•“uˆüûüîèìgG[S1E¤‰šª  †—þþþ•|‹J%;°»ýþþ­˜¥E!7·¥°ÐÃËJ&<¼¬¶§• nMaïéíûûû õ{5Ê -endstream endobj 718 0 obj << /Length 64 >> stream -ýýýÿÿÿ¢›w†þþþ×ËÒN+@t„þÿþüûüvXk^=Qëåéþÿÿÿþþ{]p©—¢µ¤¯F#8I&;¾®¸ -endstream endobj 719 0 obj << /Length 96 /Filter /FlateDecode >> stream -H‰Q®ÿýýýÿÿÿôïòvVj¼ªµíçìŒm€nKa¬“£üûüþÿþ·¥°E!7­˜¥ýþþþþþ•{‹J&<;ÇóðòoPdäÝâŠq€zˆüúûšþýþ k¾9˜ -endstream endobj 720 0 obj << /Length 61 >> stream -ýýýþÿþÿÿÿ„hyµ¤®þþþöööåååÐÐВ’’¡¡¡žžž¢¢¢¨¨¨§§§¥¥¥¦¦¦ÖÖ֞Œ— -endstream endobj 721 0 obj << /Length 79 >> stream -ýýýÿÿÿ©–¢ž‹—þþþÿþþ¯—¦Y7LM,?O.BC5¦– H&;z]oÝÔÚS1FM,@N+@̽ǭ§E"7I'> stream -ýýýÿÿÿ©–¢ž‹—ñëï•x‹Q/CN-AO.BC5¦– H&;z]oÎÀÉN+@M,@S1FÜÑØJ'<¾®¸þþþrƒ½­· -endstream endobj 723 0 obj << /Length 76 >> stream -ýýýÿÿÿ©–¢ž‹—ãÙßzYnM+@O.BC5¦– H&;z]oɺÃM*?N-AT3GáÙÞC 6 ™ÜÑØS1FM,@üûü€buÉ»Ä -endstream endobj 724 0 obj << /Length 105 /Filter /FlateDecode >> stream -H‰Z¥ÿýýýÿÿÿ©–¢ž‹—ìæêmMaK*>O.BC5¦– H&;z]oÝÔÚS1FM,@N-AJ'<¾®¸µ¤¯G$9ǸÁM*?L+?oOcž€“atR1Eþþþrƒ½­· RÏ,Á -endstream endobj 725 0 obj << /Length 138 /Filter /FlateDecode >> stream -H‰{„ÿýýýÿÿÿž‹—©–¢þþþúùùϾɵ­™zŽ—yŒvTigEZO.BC5¦– H&;z]oÿþÿôóôZ;ML*?G&:ctþüýǸÁM*?N-Aòðòv†F#8I';{]o§Žž¸¤°P.CM,@Z8M•wŠéáæ’y‰½¬· ¹C  -endstream endobj 726 0 obj << /Length 129 /Filter /FlateDecode >> stream -H‰rÿýýýÿÿÿž‹—©–¢Ç¸ÁM*?N-AO.BC5¦– H&;z]oÿþÿôóôZ;ML*?E"7”~Œþþþòðòýþþš…’D!6M,@N,AÓÆξ­¸xUkµœ¬ÒÁÌ£ˆ™U3IT2G‹l€ÑÁËüüürƒ½­· h¬@… -endstream endobj 727 0 obj << /Length 132 /Filter /FlateDecode >> stream -H‰uŠÿýýýÿÿÿŠ–¥‘žÑÄÌO-BM,@O.BC5¦– H&;z]oÝÔÚS1FE"7­§µ¤¯G$9N-AǸÁM*?M+@T3GáÙÞèàålL`J(=I'> stream -H‰T«ÿýýýÿÿÿª—£™ƒÒÂÌkJ_K*>C5¦– O.BH&;z]oÎÀÉN+@M,@L*?Z;MòðòF#8v†þþþÜÑØS1Fb@UàÖÜúøú~`sÕÊÐ }-« -endstream endobj 729 0 obj << /Length 105 /Filter /FlateDecode >> stream -H‰Z¥ÿýýýÿÿÿÕÊÐ~`súøúØØØÒÓÓÖÔ֑y‰Y8LM,@O.BH&;z]oüûüçàäV6IL+?F#8± «¸¥±K(=N-AM,?[9NŸ‚”êãçðíïoRdñïð ì'3ü -endstream endobj 730 0 obj << /Length 105 /Filter /FlateDecode >> stream -H‰Z¥ÿýýýÿÿÿáÚßtVhöóõÜÜܵµµÎË͛‚’Y7KM,@O.BH&;z]oüûüøöømNaJ(> stream -H‰W¨ÿýýýÿÿÿîëísVhôñóçççÞÞÞÏÏÏáâáÚ×ٙY7KM,@O.BH&;z]oüûüv†F#8K*>aBUõóôþþþ­—¥O-BN-AV4IŠj~ÝÑÙ Ó4i -endstream endobj 732 0 obj << /Length 111 /Filter /FlateDecode >> stream -H‰`ŸÿýýýÿÿÿÕÊÐ~`súøúòòòÊÇɓ}‹X6KM,@O.BH&;z]oüûüǸÁM*?N-AQ/D¡†—øõ÷äÜá_>SK*>D!6š…’ýþþN,AƒbwÒÂÍôñósVhîëí !*8‡ -endstream endobj 733 0 obj << /Length 105 /Filter /FlateDecode >> stream -H‰Z¥ÿýýýÿÿÿ½­·rƒþþþ¹£±R/E{^pã×Þ¶¥¯G$9N-AO.BH&;z]oèâæV6IL+?L*?Z;Mòðò¦– C5F#8v†Žqƒìåéúøú~`sÕÊÐ .®1‹ -endstream endobj 734 0 obj << /Length 105 /Filter /FlateDecode >> stream -H‰Z¥ÿýýýÿÿÿ½­·rƒþþþôðò°–§ƒcwoMbqPdN-AO.BH&;z]oÿþþúøúmNaJ(> stream -H‰`ŸÿýýýÿÿÿɻĀbuüûüùõ÷œ„“U4HM,@O.BH&;z]o­§E"7G$9«˜¤þÿþ‰oF$9F#8v†þþþ÷õöiI]J)=L+?fDYµž­þýþôñósVhîëí 6Î -endstream endobj 736 0 obj << /Length 105 /Filter /FlateDecode >> stream -H‰Z¥ÿýýýÿÿÿ½­·rƒþþþ¹£±Z7ML+?O.BH&;z]oýüý‰oF$9V6Içàä”~ŒE"7F#8v†öôõeEYK)=M,@Z8Mš}êãèôòórTfèãæ 1 -endstream endobj 737 0 obj << /Length 144 /Filter /FlateDecode >> stream -H‰~ÿýýýÿÿÿž‹—©–¢þþþ¿ª·[8MkK_¦‰›Ç³À˹Äþýþ»«µI%;N-AO.BC5¦– H&;z]oÿþþù÷øiI]J)=K)=eEYöôõ¾®¸J'> stream -H‰‡xÿýýýÿÿÿž‹—©–¢µ¤¯G$9N-AO.BK(=³¡­sVgJ)=F#8v†¦– C5þþþŸˆ—H%;L)>lUd§¨¨§§§êêê©©©¦¦¦©«ªŽ‰ïëíU4HqOdrPeb@UoMbkH^¦ßÔÛT2GM,@D 6«›¥z]oH&;¤‘œ»©´ …ECž -endstream endobj 739 0 obj << /Length 165 /Filter /FlateDecode >> stream -H‰–iÿýýýÿÿÿž‹—©–¢µ¤¯G$9N-AO.BL+?\•~Œá×ÝT2GM,@·§±G%9„izÿþÿ¤‘œ»©´ ™ÿQÔ -endstream endobj 740 0 obj << /Length 144 /Filter /FlateDecode >> stream -H‰~ÿýýýÿÿÿž‹—©–¢µ¤¯G$9N-AO.BG&:evýúü|_qH&;F#8v†¦– C5þþþþüýctL+?[9NÛÑ׺¼»¤¤¤§§§©«ªŽ‰ïëíz]oüûüþÿÿþýþs…J(=E"7š…’ãÙßS2FM,@·§±¤‘œ»©´ ƒIâ -endstream endobj 741 0 obj << /Length 150 /Filter /FlateDecode >> stream -H‰‡xÿýýýÿÿÿž‹—©–¢µ¤¯G$9N-AO.BI';ƒgymM`K*>F#8v†¦– C5þþþóîñkK_J(=L*>~lw£¤£ÎÏή®®¥¥¥©«ªŽ‰ïëíJ)=iI]÷õöÀ±ºëæéÖÊÒQ/DM,@¨˜¡z]oH&;G&:ctþüý¤‘œ»©´ û¯H© -endstream endobj 742 0 obj << /Length 64 >> stream -ýýýÿÿÿóðòmObèãæ¹¹¹}}}¦¦¦˜˜˜ŠŠŠ×××ÜÜÜ¢¢¢§§§¨¨¨¡¡¡~~~ºººÉ»Ä€buüûü -endstream endobj 743 0 obj << /Length 123 /Filter /FlateDecode >> stream -H‰l“ÿýýýÿÿÿž‹—©–¢Ç¸ÁM*?N-AO.BF#8v†¦– C5þþþL+?Z8MßÕÛþÿÿ°°°¥¥¥©«ª€ˆµ¤¯G$9J)=iI]÷õöÀ±ºëæéuUiŸ”š|—xŒª ûúûrƒ½­· 1Å? -endstream endobj 744 0 obj << /Length 129 /Filter /FlateDecode >> stream -H‰rÿýýýÿÿÿž‹—©–¢Ç¸ÁM*?N-AO.BT3GF#8v†¦– C5þþþQ0Dszäæå°°°¥¥¥©«ªŽ‰ïëíµ¤¯G$9J)=iI]÷õöÀ±ºëæéF$9sƒÑ¿ÊnNbH&;z]oýüý’y‰½¬· X·@ -endstream endobj 745 0 obj << /Length 123 /Filter /FlateDecode >> stream -H‰l“ÿýýýÿÿÿž‹—©–¢µ¤¯G$9N-AO.B·§±z]oH&;F#8v†¦– C5þþþ¾®¸J'¿­¸üýü¢¢¢§§§©«ªŽ‰ïëíüûü«œ¥íçëT3GM+@·¦°‰oF$9¤‘œ»©´ úó=] -endstream endobj 746 0 obj << /Length 132 /Filter /FlateDecode >> stream -H‰uŠÿýýýÿÿÿž‹—©–¢ÖÉÑfDYL+?O.BF#8¨” ª™£D 6v†¦– C5H&;z]oýüýE"7”~ŒþþþC 6 ™µ¤¯G$9N-AJ)=iI]÷õöþüýctG&:M,@O-BÑÅÍH%:°œ¨¤‘œ»©´ é;N -endstream endobj 747 0 obj << /Length 123 /Filter /FlateDecode >> stream -H‰l“ÿýýýÿÿÿž‹—©–¢þþþÀ«¸gEZL+?O.BM,@Q/DÖÊÒµ¤¯G$9N-AF#8v†¦– C5H&;z]oþýþK(=ó½J)=iI]÷õöS1FÜÑØ­§E"7K)=Šm€üûü¤‘œ»©´ NÌ8r -endstream endobj 748 0 obj << /Length 129 /Filter /FlateDecode >> stream -H‰rÿýýýÿÿÿž‹—©–¢þþþÀ«¸gEZL+?I(aBUõóôv†F#8ǸÁM*?[9N½©¶¤‘œ»©´ î|;& -endstream endobj 749 0 obj << /Length 117 /Filter /FlateDecode >> stream -H‰f™ÿýýýÿÿÿž‹—©–¢µ¤¯G$9N-AO.BI';vXjûùú¦– C5F#8v†H&;z]oüûüL+?X7KâÚßþþþJ)=iI]÷õöM*?ɺÃctG&:J(> stream -H‰oÿýýýÿÿÿž‹—©–¢µ¤¯G$9N-AO.BL+?V6Ièâæ‰oF$9F#8v†¦– C5H&;z]oüûüG%:sƒÜÜܤ¤¤§§§©«ªŽ‰ïëí©™£Z;ML*?¶¦°G&:ctþüý¤‘œ»©´ «!:ó -endstream endobj 751 0 obj << /Length 123 /Filter /FlateDecode >> stream -H‰l“ÿýýýÿÿÿž‹—©–¢µ¤¯G$9N-AO.BH&;z]oýüýv†F#8¦– C5üûüõóôaBUK*>Q0D—y‹ßÑÚÉÉɞŸž§§§©«ªŽ‰ïëí¸¨²Z;ML*?¶¦°E"7”~Œ¤‘œ»©´ éú< -endstream endobj 752 0 obj << /Length 132 /Filter /FlateDecode >> stream -H‰uŠÿýýýÿÿÿž‹—©–¢µ¤¯G$9N-AO.BM,@S1FÜÑئ– C5F#8v†H&;z]oüûü¹©³I%;G%:sƒþþþJ)=iI]÷õöK(=Ŷ¿qSeI'hG[š{_>SL+?O-BÑÄ̤‘œ»©´ 8– -endstream endobj 753 0 obj << /Length 123 /Filter /FlateDecode >> stream -H‰l“ÿýýýÿÿÿž‹—©–¢µ¤¯G$9N-AO.BF#8± «v†¦– C5H&;z]oüûüÑÄÌO-BM,@N,AÀ®¹Ê·ÃsTgI(<þþþJ(> stream -H‰f™ÿýýýÿÿÿîëísVhôñóþþþöööÎÎÎàààÞÞÞßààÚ×٘€U4HM,@O.BH&;z]oüûüâÚßX7KL+?I';vXjûùúÒÂÌkJ_K*>b@U³šªøõ÷ÕÊÑz[nù÷ø YÉAÏ -endstream endobj 755 0 obj << /Length 105 /Filter /FlateDecode >> stream -H‰Z¥ÿýýýÿÿÿ½­·rƒþþþÉÉÉ¿¿¿ŽŽŽÑÑÑ©©©ªªªööö»»»¢¢¢ììì¡¡¡ÌÌ̵µµ£££§§§šššŒŒŒ¨¨¨àà຺º‚‚‚÷õöwXkÛÒØ A# -endstream endobj 756 0 obj << /Length 79 >> stream -ýýýÿÿÿÏÂÊ}^qúùúçççããã²²²£££þþþÄÄꙙïïï«««¦¦¦¨¨¨žžž©©©§§§”””¢¢¢úúúóðòoRdîìí -endstream endobj 757 0 obj << /Length 61 >> stream -ýýýÿÿÿáÚßtVhöóõÞÞÞ   £££éééÓÓӛ››çç縸¸¤¤¤§§§¡¡¡êêêîëísVhôñó -endstream endobj 758 0 obj << /Length 96 /Filter /FlateDecode >> stream -H‰Q®ÿýýýÿÿÿª—£™ƒøøø£££¦¦¦ÊÊÊ¢¢¢¯¯¯ñññ§§§ää䨨¨¹¹¹þþþÖÖ֕••´´´ŸŸŸœœœàààüûü€buÉ»Ä Ɗ;ñ -endstream endobj 759 0 obj << /Length 79 >> stream -ýýýþþþÿÿÿrƒ½­·ãã㛛›œœœ¦¦¦µµµßßߞžž§§§¡¡¡ÓÓÓûûû¬¬¬ÖÖÖ£££©©©“““¨¨¨šššÒÒÒ¡Žšœ‰• -endstream endobj 760 0 obj << /Length 92 /Filter /FlateDecode >> stream -H‰Á± -€ Ðop¯-¡nñK”ÁE\ý"îì=ff‘µÖ¹í> stream -ýýýÿÿÿ ˜¢›ööö§§§¡¡¡³³³šššÓÓÓØØؤ¤¤ÒÒÒ°°°ÐÐÐøøø¬¬¬¦¦¦©©©óóóþþþ‹q¹¨² -endstream endobj 762 0 obj << /Length 61 >> stream -ýýýÿÿÿðíïkN`ÕÕÕÁÁÁ¨¨¨   ËËËÝÝݝ×××ÇÇǞžž§§§¡¡¡ÒÒÒÕÊÑz[nù÷ø -endstream endobj 763 0 obj << /Length 58 >> stream -ýýýÿÿÿº©³†i{þÿþØØØ£££§§§©©©———‚‚‚ŒŒŒ¨¨¨žžžááá÷õöwXkÛÒØ -endstream endobj 764 0 obj << /Length 49 >> stream -ýýýÿÿÿÏÃËxYlù÷øêêê¡¡¡§§§ÆÆƸ¸¸•••ºººþþþòïñlN`ïìí -endstream endobj 765 0 obj << /Length 67 >> stream -ýýýÿÿÿèãæmObóðòóóó£££™™™ÞÞÞðððàà॥¥¦¦¦§§§¨¨¨———ºººüüüþþþâÛßpQdôòó -endstream endobj 766 0 obj << /Length 64 >> stream -ýýýÿÿÿ¥’Ÿ—‚þþþûûû®®®öööÆÆƟŸŸ¨¨¨›››¦¦¦§§§¥¥¥¤¤¤÷÷÷þÿÿþýýƒfxÄ´¾ -endstream endobj 767 0 obj << /Length 67 >> stream -ýýýÿÿÿöóõtVháÚßþþþüüü³³³¶¶¶»»»‘‘‘´´´ÜÜÜ¢¢¢¿¿¿ÒÒÒ§§§±±±¿¯¹‚dwþýþþÿÿ -endstream endobj 768 0 obj << /Length 73 >> stream -ýýýÿÿÿûùú{\oʼŝûûûåå域ŸÅÅÅ©©©¨¨¨ÝÝÝ¥¥¥§§§¢¢¢žžžŠŠŠ÷÷÷¯œ¨”|‹ýþþ -endstream endobj 769 0 obj << /Length 52 >> stream -ýýýÿÿÿŠ–¥‘žçççóó󬬬¦¦¦   °°°¤¤¤§§§¡¡¡ÔÔÔþþþŽu„¯© -endstream endobj 770 0 obj << /Length 46 >> stream -ýýýþþþÿÿÿ‹q¹¨²õõõ···øøøÖÖÖ¤¤¤¢¢¢¾¾¾§§§žŒ— -endstream endobj 771 0 obj << /Length 73 >> stream -ýýýÿÿÿúùú}^qÏÂÊÊÊÊ£££©©©¥¥¥¬¬¬øøø±±±¢¢¢ëëëüüü···µµµ¨¨¨§§§¦¦¦¯œ¨”|‹ýþþ -endstream endobj 772 0 obj << /Length 117 /Filter /FlateDecode >> stream -H‰f™ÿýýýþþþÿÿÿrƒ½­·ûûû¶¶¶¨¨¨ÉÉÉÇÇÇÞÞÞÄÄÄÜÜÜßßßÕÕÕÖÖÖÑÑÑõõõÅÄÅlUcN,@O.BM+@Z:Nš’—©«ª£££˜˜˜©©©§§§   ÏÏÏ¥‘žŠ– hF| -endstream endobj 773 0 obj << /Length 117 /Filter /FlateDecode >> stream -H‰f™ÿýýýþþþÿÿÿv†´¢­ØØؾ¾¾ÀÀÀÂÂÂÇÇÇ×××ßßßàààËËËðððÎÎ͞žfWaP/CN-AO.BM+@aCU›”˜©ªª§§§¨¨¨¢¢¢mmm›››©©©ÖÖ֞‹—©–¢ ·lC) -endstream endobj 774 0 obj << /Length 111 /Filter /FlateDecode >> stream -H‰`Ÿÿýýýÿÿÿž‹—©–¢úúúïïïææ毯¯ÚÚÚ¶¶¶¨¨¨´´´ÜÜÜüüüþþþðð𥥥ž Ÿ¤˜ …cxN-AO.BeI[Š{…§¨§§§§‘‘‘¤¤¤ÛÛÛýþþ’{Š«˜£ dzCÍ -endstream endobj 775 0 obj << /Length 117 /Filter /FlateDecode >> stream -H‰f™ÿýýýÿÿÿüûü€buÉ»ÄñññÏÏÏßßßÔÔÔÜÜÜÚÚÚÓÓÓàààÈÈȼ¼¼éééÐÐВ’’œœœËË˚‘I&;O.BL*>cGX¤¡£©©©£££˜˜˜§§§ŸŸŸÊÊÊ©–¢ž‹— ¤fFí -endstream endobj 776 0 obj << /Length 126 /Filter /FlateDecode >> stream -H‰oÿýýýÿÿÿóðòoRdîìíþþþöööÎÎÎàààÞÞÞßßßÛÛÛº¹º‹uƒ[9MM,@O.BH&;z]oüûüýþþ¥žG%:N-AS3FiR`lL`¿ª·Ç´ÀƒbwQ0DgEZoƒÐÁËÕÊÐ~`súøú Á&E‡ -endstream endobj 777 0 obj << /Length 141 /Filter /FlateDecode >> stream -H‰~ÿýýýÿÿÿôñósVhîëíþþþöööÎÎÎàààÞÞÞßßßÕÕÕÊËÊÒÏьv…Z8MF$8z]oüûüôïòpPdI(cGX˜˜˜š•™u]l`?S{Zoš|›}˜yŒuThiG\oMbm¨žÇ³ÀéâæɻĀbu pVM® -endstream endobj 778 0 obj << /Length 123 /Filter /FlateDecode >> stream -H‰l“ÿýýýÿÿÿúøú~`sÕÊÐþþþÐÐÐØØØßßßÞÞÞÖÖÖÏÏÏÑÑÑâââÆÆÆäää½½½›››ª«ªž™œƒv~§š£¢ˆ™L*?N-AO.BK)>u_mª««¡¡¡¨¨¨ÃÃù¨²‹q [þI -endstream endobj 779 0 obj << /Length 135 /Filter /FlateDecode >> stream -H‰x‡ÿýýýÿÿÿ÷õöwXkÛÒØþþþôôôÉÉÉàààÞÞÞÒÒÒØØØÛÛÛÑÑÑ×ÔÖ©Ÿ`>SpNcrPe}\pž€“€`tM,@O.BN-AP.B”‰œœ£££¨¨¨©ª©–‘• ‘›Î»ÇɶÂȵÁʸÄôðó½­·rƒ ­OL -endstream endobj 780 0 obj << /Length 120 /Filter /FlateDecode >> stream -H‰i–ÿýýýÿÿÿ¢› ˜þþþøøø¼¼¼äää½½½———ÇÇǧ¥¦‡{‚{ˆ ‚•‡g{gG[bEW[p -endstream endobj 781 0 obj << /Length 73 >> stream -ýýýÿÿÿîìíoRdóðòôôô™™™¢¢¢óóóÃÃښš¹¹¹¨¨¨¡¡¡òòòÅÅŜœœ§§§¦¦¦¤¤¤õõõÜÓØrSgöôõ -endstream endobj 782 0 obj << /Length 76 >> stream -ýýýÿÿÿóðòoRdîìíæææëëë®®®ºººÍÍ͙™™ÃÃ󳳞žžÄÄĨ¨¨§§§£££±±±ûûûþþþÏÂÊ}^qúùú -endstream endobj 783 0 obj << /Length 76 >> stream -ýýýÿÿÿöôõrSgÜÓض¶¶¾¾¾Â¡¡¡ªªª÷÷÷ÔÔÔ   ¬¬¬øøøþþþóóóÀÀÀ¨¨¨§§§ÒÒÒ¾®¸‡k|þÿþ -endstream endobj 784 0 obj << /Length 70 >> stream -ýýýÿÿÿÜÓØrSgöôõóó󜜜ñññþþþûûû···¤¤¤ÃÃÃ¥¥¥¢¢¢ÙÙÙææ槧§£££åååîëísVhôñó -endstream endobj 785 0 obj << /Length 67 >> stream -ýýýÿÿÿ©–¢ž‹—çççÆÆÆÕÕ՗——ÅÅÅþþþ§§§ÈÈÈÍÍ͟ŸŸ¨¨¨åååþÿÿþýýƒfxÄ´¾ -endstream endobj 786 0 obj << /Length 61 >> stream -ýýýÿÿÿ¹¨²‹qþþþêêꞞž»»»õõõ¨¨¨¡¡¡ÔÔÔüüü±±±¢¢¢§§§ÂÂÂúøú~`sÕÊÐ -endstream endobj 787 0 obj << /Length 67 >> stream -ýýýÿÿÿÕÊÐ~`súøúñññÖÖÖþþþøøø­­­¬¬¬ÎÎΣ££¢¢¢×××±±±§§§ŸŸŸÊÊÊóðòoRdîìí -endstream endobj 788 0 obj << /Length 58 >> stream -ýýýÿÿÿ¾®¸‡k|þÿþõõõ¡¡¡»»»óóó¢¢¢ÖÖÖÝÝݧ§§¦¦¦ªªªòòòôòópQdâÛß -endstream endobj 789 0 obj << /Length 111 /Filter /FlateDecode >> stream -H‰`Ÿÿýýýÿÿÿ©–¢ž‹—ǸÁM*?N-AO.BF#8v†¦– C5þþþɼİœ©N+@K)>vYk¢¡¢¨©¨©ª©‘„ŒÛÏ×µ¤¯G$9J)=iI]÷õöÀ±ºëæérƒ½­· 4–6T -endstream endobj 790 0 obj << /Length 105 /Filter /FlateDecode >> stream -H‰Z¥ÿýýýÿÿÿèãæmObóðòÜÜÜ×××ßßßÞÞÞØØØ¿¿¿ÏÏÏ÷÷÷ÐÐл»»àààãØßjI^J)=O.BN-AR1E“ˆª¬«§§§¦¦¦©©©áÚßtVhöóõ .!? -endstream endobj 791 0 obj << /Length 105 /Filter /FlateDecode >> stream -H‰Z¥ÿýýýÿÿÿÏÃËxYlù÷øÛÛÛÖÖÖßßßÞÞÞÓÓÓ»»»ÔÔÔàààÈÈÈáááØØØåÝâdBWK*>O.BL*>dHY¦¥¦¨¨¨§§§   ôôôñïðoRdðíï /I@1 -endstream endobj 792 0 obj << /Length 108 /Filter /FlateDecode >> stream -H‰]¢ÿýýýÿÿÿº©³†i{þÿþþþþÆÆÆ°°°ÈÈÈáááÞÞÞÝÝÝÚÚÚ¶¶¶ØØØâââÃÃÃôïòpPdI(> stream -H‰l“ÿýýýÿÿÿóðòmObèãæþþþüüüÇÇǺººÚÚÚßßßÞÞÞàààÒÒÒ¸¸¸···®®®ÆÆÆõõõííí¾¾¾ðêî~_sK)=O.BN,@]>Qˆ©©©§§§¥¥¥²²²úúúɻĀbuüûü ÷{N¥ -endstream endobj 794 0 obj << /Length 111 /Filter /FlateDecode >> stream -H‰`Ÿÿýýýÿÿÿœ‰•¡Žšììì¾¾¾ÛÛÛßßßÞÞÞ×××ÜÜÜÖÖ֛˜šƒ‹‚‹myw_mxaoybp‹|…Ž€‰˜•¨¨¨©©©———ŽŽŽ§§§ŸŸŸÍÍÍþþþŽu„¯© éA -endstream endobj 795 0 obj << /Length 111 /Filter /FlateDecode >> stream -H‰`Ÿÿýýýþÿþÿÿÿ†i{º©³þþþúúú¾¾¾¹¹¹ªªª¨¨¨áááÞÞÞàààÒÒҙ™™ïïïìììýüý»¥³€_sZ8MM,@O.B_ASpXg€r{¤¢£§§§ÃÃތ— ë¬Bb -endstream endobj 796 0 obj << /Length 114 /Filter /FlateDecode >> stream -H‰cœÿýýýÿÿÿù÷øxYlÏÃËþþþûûûÉÉÉÖÖÖÊÊÊàààÞÞÞÛÛÛÐÐÐúúúÙÙÙåååëë뺤²^;QL+?O.BN-AQ0DkPa‘…Œ¨©¨§§§¤¤¤ºººüüü¯©Žu„ Eç -endstream endobj 797 0 obj << /Length 73 >> stream -ýýýÿÿÿ¥’Ÿ—‚ãããÙÙÙÞÞÞßßßÕÕÕØØØýüýƒfxH';O.BM+@Z> stream -H‰`ŸÿýýýÿÿÿâÛßpQdôòóþþþøøøÊÊÊÔÔÔßßßÞÞÞßàß­š¦cCWM+@O.BC5¦– çàäV6IL+?G&:ctþüýàÖÜb@UK*>Y8Lð¼ýþþèãærTf Æx=< -endstream endobj 799 0 obj << /Length 132 /Filter /FlateDecode >> stream -H‰uŠÿýýýÿÿÿÏÂÊ}^qúùúØØØÚÚÚÞÞÞàà྾¾ÁÁÁâââßß߯œ¨eDXM,@O.BD!6š…’ÖÊÒQ/DN-AN,A‡g{À©¸_sK*>J)=iI]÷õöôïòpPdI(> stream -H‰i–ÿýýýÿÿÿ½­·rƒþþþÞÞÞ×××ßßßÔÔÔÊÊÊÕÕÕÞßÞááᰝ©eDXM+@O.BF#8v†Ç¸ÁM*?N-AM,@V3IÈ·ÂøöømNaJ(<˜K*>cAVÖÉÒ÷õöwXkÛÒØ ±D@ -endstream endobj 801 0 obj << /Length 120 /Filter /FlateDecode >> stream -H‰i–ÿýýýÿÿÿðíïkN`ØØØ®®®¶¶¶¸¸¸«««¦¦¦ßßßÞÞÞßàß­š¦cCWM+@O.BC5¦– õóôaBUK*>F#8± «àÖÜb@UN-AS2F|gtš˜™ôôôÕÊÑz[nù÷ø \À@e -endstream endobj 802 0 obj << /Length 150 /Filter /FlateDecode >> stream -H‰‡xÿýýýÿÿÿŠ–¥‘žàààÏÏÏÞÞÞßßßÝÝÝ£‘vTiqOdrPesQf\;PM,@O.BL)>yerª«ª§¨§§§§¨¨¨£¡¢‘„Œˆw‚ybpt\kcFXbEW_ATiG\Z8MM-@N-AT4Hybq˜•¨©¨¤¤¤µµµúúúþþþŽu„¯© ƎJA -endstream endobj 803 0 obj << /Length 144 /Filter /FlateDecode >> stream -H‰~ÿýýýþþþÿÿÿ‹q¹¨²üüüÑÑѸ¸¸ËËËáááÞÞÞßßßßàß­š¦cCW@2¦•ŸãÛà\:OL*?O.BN-AT4Gw`nkPa`CUkI^uSh–x‹¢†˜Ç³À˹Äôðóþýþs…J(=gJ\–Œ’©ª©§§§ÆÆƞŒ— ‡`NÔ -endstream endobj 804 0 obj << /Length 132 /Filter /FlateDecode >> stream -H‰uŠÿýýýÿÿÿöóõtVháÚßþþþòòò÷÷÷¼¼¼ØØØßßßÞÞÞßàß­š¦cCWM+@O.BC5¦– üûüz]oH&;L*?[> stream -H‰l“ÿýýýÿÿÿûùú{\oʼÅþþþÉÉÉÖÖÖßßßÞÞÞßàß­š¦cCWM+@O.BC5¦– ¤‘œD!7H';yYmçÝãïéívWjJ)=N,@]>Q…s~¥£¤¨¨¨§§§¡¡¡ÒÒÒ¯œ¨”|‹ýþþ ÒBr -endstream endobj 806 0 obj << /Length 96 /Filter /FlateDecode >> stream -H‰Q®ÿýýýÿÿÿ«˜£’{Šýþþóóó¿¿¿ÛÛÛßßßÞÞÞàààÐÐШ¨¨ºººèèèââ❝¦¦¦§§§©©©›››‡‡‡£££ØØØûùú{\oʼÅ i=ì -endstream endobj 807 0 obj << /Length 64 >> stream -ýýýÿÿÿ–Ž¢›¾¾¾|||………„„„¨¨¨¤¤¤ššš§§§£££˜˜˜¦¦¦“““ÅÅÅþþþŽu„¯© -endstream endobj 808 0 obj << /Length 58 >> stream -ýýýþÿÿþýþ€cuºª´ÿÿÿþþþ¹¹¹¡¡¡§§§©©©———ŸŸŸ¨¨¨¦¦¦¤¤¤ðð𢏛–Ž -endstream endobj 809 0 obj << /Length 52 >> stream -ýýýÿÿÿöôõrSgÜÓØççç   §§§©©©•••¢¢¢¨¨¨ÖÖÖºª´€cuþýþþÿÿ -endstream endobj 810 0 obj << /Length 70 >> stream -ýýýÿÿÿ¯©Žu„þþþøøø¬¬¬¥¥¥§§§òòòüüü­­­¤¤¤¨¨¨žžž•••™™™ŸŸŸ¢¢¢¼¼¼ù÷ùwWjʼŠ-endstream endobj 811 0 obj << /Length 79 >> stream -ýýýÿÿÿøö÷sTgÐÄËÛÛۏ•••ØØØþþþúúú©©©£££§§§ªªª‘‘‘–––¨¨¨€€€ššš   ÷÷÷µ¤®„hyþÿþ -endstream endobj 812 0 obj << /Length 76 >> stream -ýýýÿÿÿéäçjL^òïñêê꣣£§§§¦¦¦ŸŸŸðððÃÃé©©™™™‘‘‘¡¡¡¨¨¨¬¬¬ÅÅÅ«««–––ÓÓÓÖËÒqQeöôõ -endstream endobj 813 0 obj << /Length 79 >> stream -ýýýÿÿÿʼÅwWjù÷ùåå圜œ•••¥¥¥¡¡¡ÈÈÈßßߚšš¨¨¨§§§©©©™™™”””   ¤¤¤ºººüüüþþþòïñjL^éäç -endstream endobj 814 0 obj << /Length 55 >> stream -ýýýÿÿÿéäçjL^òïñëë륥¥¦¦¦§§§©©©˜˜˜£££¨¨¨¡¡¡ÁÁÁÜÓØrSgöôõ -endstream endobj 815 0 obj << /Length 120 /Filter /FlateDecode >> stream -H‰i–ÿýýýÿÿÿòïñlN`ïìíþþþÒÒÒÕÕÕºººïïïøøøµµµÀÀÀàààÞÞÞßßßÔÔÔÝÝÝÍÍÍêêêÊÊÊËËˑ‘‘¤¤¤¨¨¨§§§©©©˜˜˜£££   ¿¿¿Ê¼ÅwWjù÷ù ¾Q -endstream endobj 816 0 obj << /Length 117 /Filter /FlateDecode >> stream -H‰f™ÿýýýÿÿÿÜÓØrSgöôõ×××ÑÑÑààุ¸©©©ÉÉÉÐÐÐÞÞÞßßßÖÖÖÕÕÕ÷÷÷ËËË¿¿¿¼¼¼þþþùùùòòò•••¦¦¦§§§˜˜˜£££¨¨¨¬¬¬øøøèãæmObóðò « P– -endstream endobj 817 0 obj << /Length 117 /Filter /FlateDecode >> stream -H‰f™ÿýýýÿÿÿĵ¿~`süûüþþþûûûÅÅÅØØØßßßàààÎÎκººÞÞÞáááÈÈÈ´´´ÙÙÙÐÐÐñññìììââ❝¦¦¦§§§©©©˜˜˜£££¨¨¨   ïïïôòópQdâÛß ë¬Pš -endstream endobj 818 0 obj << /Length 105 /Filter /FlateDecode >> stream -H‰Z¥ÿýýýÿÿÿøö÷sTgÐÄËêêêµµµÀÀÀöööùùù¼¼¼ÛÛÛßßßÞÞÞáááÈÈÈÆÆƟŸŸ»»»ûûûþþþ¦¦¦§§§©©©•••¢¢¢¨¨¨ÍÍÍ´£®Šo€ ëE÷ -endstream endobj 819 0 obj << /Length 76 >> stream -ýýýÿÿÿʼÅwWjù÷ùóóó£££ÍÍÍ×××½½½ñññÅÅźººéé钒’¦¦¦§§§©©©•••¢¢¢¨¨¨÷÷÷òïñjL^éäç -endstream endobj 820 0 obj << /Length 105 /Filter /FlateDecode >> stream -H‰Z¥ÿýýýÿÿÿ¯©Žu„þþþóóóÇÇÇÐÐв²²µµµÊÊÊÞÞÞ°°°ÙÙÙßßßËËËÑÑѶ¶¶õõõ¤¤¤¦¦¦§§§¨¨¨£££‹‹‹âââù÷ùwWjʼÅ §ÁD' -endstream endobj 821 0 obj << /Length 96 /Filter /FlateDecode >> stream -H‰Q®ÿýýýþÿþÿÿÿ„hyµ¤®éééàààþþþûûûªªªÐÐÐÞÞÞßßßÚÚÚ¬¬¬­­­äääÅÅŕ••¨¨¨§§§©©©˜˜˜£££¢¢¢žŒ— —­=± -endstream endobj 822 0 obj << /Length 73 >> stream -ýýýÿÿÿ ˜¢›ÜÜÜÉÉÉàààÞÞÞßßßØØØÅÅÅÝÝÝþþþøøø®®®¥¥¥§§§¨¨¨›››   ¡¡¡¿¿¿Šo€´£® -endstream endobj 823 0 obj << /Length 126 /Filter /FlateDecode >> stream -H‰oÿýýýÿÿÿª—£™ƒôôôÃÃÃÍÍÍÆÆƯ¯¯ÖÖÖßßßÞÞÞââⲞ«eDXM+?O.BF#8v†Ç¸ÁM*?N-AJ'<¾®¸þþþ”~ŒE"7H&;z]oüûüèáæZ9ML+?O-B­—¥€buÉ»Ä ó A“ -endstream endobj 824 0 obj << /Length 135 /Filter /FlateDecode >> stream -H‰x‡ÿýýýÿÿÿîëísVhôñóÜÑØS1FM,@O.BJ)=iI]É»ÄM*?N-AF#8v†¦– C5þþþÙÍÕË»ÅûûûÑÂÌÇ´ÀɶÂ˸ÄÁ¬¹oOc÷õöµ¤¯G$9L*?Z;MòðòǸÁH&;~`ròîð[=O¶¦° î¸F² -endstream endobj 825 0 obj << /Length 135 /Filter /FlateDecode >> stream -H‰x‡ÿýýýÿÿÿáÚßtVhöóõÜÑØS1FM,@O.BJ)=iJ]ÿþÿ Œ™E"7F#8v†¦– C5þþþÙÍÕË»ÅȹÂP-BG$9«˜¤µ¤¯N-AL*?Z;MòðòÖÊÒQ/DG&:‚fxóðò[=O²¡¬îëísVhôñó 7 Cg -endstream endobj 826 0 obj << /Length 135 /Filter /FlateDecode >> stream -H‰x‡ÿýýýÿÿÿÕÊÐ~`súøúÜÑØS1FM,@O.BK*>cDWñíðtVhI'cCWðë¯G$9N-AL*?Z;Mòðò“{ŠòíñY9L§—¡ðíïoRdñïð ä>B\ -endstream endobj 827 0 obj << /Length 138 /Filter /FlateDecode >> stream -H‰{„ÿýýýÿÿÿîìíoRdóðòÜÑØS1FM,@O.BJ)=iI]ûùúðìï[P¿¯¹J'<ÕÊÑz[nù÷ø =ÙA} -endstream endobj 828 0 obj << /Length 120 /Filter /FlateDecode >> stream -H‰i–ÿýýýÿÿÿ÷õöwXkÛÒØÜÑØS1FM,@O.BJ)=iI]ÑÄÌO-BF#8v†¦– C5ǸÁM*?N-AL*?Z;MòðòëåéeEYK)=µ¤¯G$9\>PíèëlM`¶¦°½­·rƒþþþ µ³7| -endstream endobj 829 0 obj << /Length 126 /Filter /FlateDecode >> stream -H‰oÿýýýÿÿÿôñósVhîëíÜÑØS1FM,@O.BJ)=iI]÷õö­§E"7F#8v†¦– C5ǸÁM*?N-AL*?Z;Mòðò÷òõyZmH';µ¤¯G$9\>PíèëlM`ô¾K(=ɻĀbuüûü ^ã;% -endstream endobj 830 0 obj << /Length 129 /Filter /FlateDecode >> stream -H‰rÿýýýÿÿÿóðòoRdîìíÜÑØS1FM,@O.BJ)=iI]ù÷øctG&:F#8v†¦– C5ǸÁM*?N-AL*?Z;Môòó‘v‡H&;µ¤¯G$9òðòK*>dEXíéìgH\K)=ȹÂÕÊÐ~`súøú ½Ú;º -endstream endobj 831 0 obj << /Length 159 /Filter /FlateDecode >> stream -H‰oÿýýýÿÿÿÕÊÐ~`súøúǸÁM*?N-AO.BL*?^@RÜÔÙY9ML+?F#8v†¦– C5þþþË»ÅÙÍÕôïòpPdI(aBUõóôõñóʸħŒ‘r…uShcBVE"7š…’ãÙßS2FM,@•~Œ›†“D!6ôñósVhîëí v³M« -endstream endobj 832 0 obj << /Length 105 /Filter /FlateDecode >> stream -H‰Z¥ÿýýýÿÿÿ©–¢ž‹—ǸÁM*?N-AO.BF#8v†¦– C5þþþÀ±ºëæéM,@V5Iš”˜“ˆÛÏ×µ¤¯G$9J)=iI]÷õöË»ÅÙÍÕûùú{\oʼÅ +¶4• -endstream endobj 833 0 obj << /Length 114 /Filter /FlateDecode >> stream -H‰cœÿýýýÿÿÿ©–¢ž‹—ǸÁM*?N-AO.BF#8v†¦– C5þþþÀ±ºïìîìæëa@UK*>O-BL*?ƒt}­°®‘„ŒÛÏ×µ¤¯G$9J)=iI]÷õö¾®¸åÞãrƒ½­· îP7È -endstream endobj 834 0 obj << /Length 111 /Filter /FlateDecode >> stream -H‰`Ÿÿýýýÿÿÿ©–¢ž‹—ǸÁM*?N-AO.BF#8v†¦– C5þþþ½®¸íèëv†G%:L)>r[j©©©©«ª‘„ŒÛÏ×µ¤¯G$9J)=iI]÷õöÀ±ºëæérƒ½­· JÐ6 -endstream endobj 835 0 obj << /Length 117 /Filter /FlateDecode >> stream -H‰f™ÿýýýÿÿÿ«˜£’{ŠÇ¸ÁM*?N-AO.BF#8v†¦– C5þþþÀ±ºëæé—}H%:L*>eJ[ˆÜÑص¤¯G$9J)=iI]÷õöË»ÅÙÍÕÖÊÒQ/DM,@úøú~`sÕÊÐ u½9. -endstream endobj 836 0 obj << /Length 147 /Filter /FlateDecode >> stream -H‰„{ÿýýýÿÿÿɻĀbuüûüǸÁM*?N-AO.BL*?dGY«˜¤J(=F#8v†¦– C5þþþË»ÅÙÍÕþÿþsƒG%:µ¤¯G$9M,@a?TtRgrPeqOdnLasQesQf\;PD 6¯ ©çßäS1F§—¡‰oF$9ôñósVhîëí FC¾ -endstream endobj 837 0 obj << /Length 129 /Filter /FlateDecode >> stream -H‰rÿýýýÿÿÿ½­·rƒÇ¸ÁM*?N-AO.BM,@_@S…jzI';F#8v†¦– C5þþþË»ÅÙÍÕ´ ­I&a@Uêã赤¯G$9J)=iI]÷õöÜÑØS1FuViŸ”cBVL+?ôòórTfèãæ OG; -endstream endobj 838 0 obj << /Length 117 /Filter /FlateDecode >> stream -H‰f™ÿýýýÿÿÿ½­·rƒÇ¸ÁM*?N-AO.BF#8v†¦– C5þþþ¾®¸åÞãóîñkK_J(=M+@bCVÞÕÛµ¤¯G$9J)=iI]÷õöË»ÅÙÍÕÜÑØS1FM,@úøú~`sÕÊÐ ¯ø: - -endstream endobj 839 0 obj << /Length 132 /Filter /FlateDecode >> stream -H‰uŠÿýýýÿÿÿ½­·rƒÇ¸ÁM*?N-AO.BT2G^=QM,@F#8v†¦– C5þþþË»ÅÙÍÕ×ËÓU3GM+@K(=󽵤¯G$9J)=iI]÷õöÐÁÊ̽ÇÜÑØS1FF$9Œr‚ϽÉèáæúøú~`sÕÊÐ ^@Ó -endstream endobj 840 0 obj << /Length 123 /Filter /FlateDecode >> stream -H‰l“ÿýýýÿÿÿúøú~`sÕÊÐÜÑØS1FM,@O.BJ)=iI]÷õöF#8v†¦– C5ǸÁM*?N-AL*?Z;Mòðò¾®¸J'<ó½K(=\=PïëîtViI'<w†›†“D!6´£®Šo€þþþ “Ý8] -endstream endobj 841 0 obj << /Length 70 >> stream -ýýýÿÿÿóðòoRdîìíôñó–~Y7KM,@O.BF#8v†µ¤¯G$9N-AS1FÜÑØJ)=jI^ãØßÏÂÊ}^qúùú -endstream endobj 842 0 obj << /Length 102 /Filter /FlateDecode >> stream -H‰W¨ÿýýýÿÿÿîìíoRdóðò÷ôö¨žZ8MM,?O.BF#8v†µ¤¯G$9N-AM,@S1FÜÑؾ®¸J'<þüýctG&:L+?\:OÙÍÕÜÓØrSgöôõ «¾/É -endstream endobj 843 0 obj << /Length 117 /Filter /FlateDecode >> stream -H‰f™ÿýýýÿÿÿÜÓØrSgöôõ÷ôö¨žZ8MM,?O.BF#8v†µ¤¯G$9N-AM,@S1FÜÑØǸÁM*?üûüz]oH&;Q0DŒmŸ”_=RL+?I';vXjûùúîëísVhôñó iZ6< -endstream endobj 844 0 obj << /Length 108 /Filter /FlateDecode >> stream -H‰]¢ÿýýýÿÿÿöôõrSgÜÓØþþþùùùÉÊÉáÞૐ¡Z8MM,?O.BF#8v†µ¤¯G$9N-AM,@S1FÜÑئ– C5”~ŒE"7J)=€auöñô¾®¸‡k|þÿþ »®5R -endstream endobj 845 0 obj << /Length 123 /Filter /FlateDecode >> stream -H‰l“ÿýýýÿÿÿ ˜¢›ÆÆÆÊÊÊÜÜÜ×××ßßßÞÞÞâã㸩³eCXM+?O.BF#8v†µ¤¯G$9N-AM,@S1FÜÑئ– C5H&;z]oüûü̽ÇN+@J(=…gz÷óöþþþ‹q¹¨² s.?1 -endstream endobj 846 0 obj << /Length 120 /Filter /FlateDecode >> stream -H‰i–ÿýýýýþþÿÿÿ’{Š«˜£ÚÚÚÖÖÖßßßÞÞÞÜÛÜ´¤®¨“ qƒ\;OM,@O.BF#8v†µ¤¯G$9N-AS1FÜÑØ ™C 6H&;z]oüûü¹©³I%;K*>dBXÜÐמ‹—©–¢ ×;¼ -endstream endobj 847 0 obj << /Length 117 /Filter /FlateDecode >> stream -H‰f™ÿýýýÿÿÿúùú}^qÏÂÊÜÜÜÀÀÀ§’Ÿ\;OL+?F#8v†O.Bµ¤¯G$9N-AM,@S1FÜÑØýþþš…’D!6G%9„izÿþÿþÿÿ¦– C5L*?ƒ“þþþþÿþ¯œ¨”|‹ Ê:Ó -endstream endobj 848 0 obj << /Length 120 /Filter /FlateDecode >> stream -H‰i–ÿýýýþþþÿÿÿrƒ½­·ÐÐÐ¥¥¥ÂÂÂàààßßߤœX7KgF[¤ˆšÏ¼È‡l}G%:O.BF#8v†µ¤¯G$9N-AM,@S1FÜÑØH&;z]oüûü± «U3H½ª¶ýþþ¡Žšœ‰• £Ä<ö -endstream endobj 849 0 obj << /Length 126 /Filter /FlateDecode >> stream -H‰oÿýýýÿÿÿÕÊÐ~`súøú­§E"7O.BF#8v†¾®¸J'> stream -H‰l“ÿýýýþþþÿÿÿŽu„¯©ÜÑØS1FM,@O.BJ)=iI]÷õöçàäV6IL+?F#8v†¦– C5L*?Z;Mòðòª™£D 6N-AG$9µ¤¯I'> stream -H‰cœÿýýýþþþÿÿÿrƒ½­·ÜÑØS1FM,@O.BJ)=iI]÷õöµ¤¯G$9N-AF#8v†¦– C5ÖÊÒQ/DL*?Z;Mòðòþÿþ‰oF$9kM_ñíðN+@̽ǥ‘žŠ– Ô­56 -endstream endobj 852 0 obj << /Length 138 /Filter /FlateDecode >> stream -H‰{„ÿýýýÿÿÿüûü~`sĵ¿ÜÑØS1FM,@O.BJ)=iI]÷õöv†F#8¦– C5ǸÁM*?N-AL*?Z;MòðòöôõeEYK)=G$9µ¤¯¹©³I%;L*>_ASðìïtViI'> stream -H‰~ÿýýýÿÿÿž‹—©–¢íçë‚bvN,@N-AJ)=iI]÷õöúøùqSeI'b@UàÖܒ{Š«˜£ I;>f -endstream endobj 854 0 obj << /Length 117 /Filter /FlateDecode >> stream -H‰f™ÿýýýÿÿÿ¾®¸‡k|þÿþþüýctG&:O.BF#8v†Ç¸ÁM*?N-AM,@S1FÜÑØC5¦– ÷õöiI]J)= ™C 6ìåêŠlK)>L+?hF[ʹÄýþþôòópQdâÛß „è8 -endstream endobj 855 0 obj << /Length 123 /Filter /FlateDecode >> stream -H‰l“ÿýýýÿÿÿ¹¨²‹qþþþîéì[ -endstream endobj 856 0 obj << /Length 126 /Filter /FlateDecode >> stream -H‰oÿýýýÿÿÿ¢› ˜äÚàƒbwI';hI\÷õöýþþž‰–E"7O.BF#8v†ÜÑØS1FM,@L*?Z;MòðòǸÁM*?N-A­§µ¤¯G$9C 6¢š„izG%9K*>b@UàÖÜþþþrƒ½­· ~‹:d -endstream endobj 857 0 obj << /Length 120 /Filter /FlateDecode >> stream -H‰i–ÿýýýÿÿÿ©–¢ž‹—éâçq„oLbrPeqOdpNceCWN-AO.BF#8v†ÜÑØS1FM,@L*?Z;MòðòǸÁM*?C5¦– K)=€atðèí¨–¡D!7qQeíçëüûü~`sĵ¿ [°6€ -endstream endobj 858 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 281 0 R /Length 15 /Filter /FlateDecode >> stream -H‰b`V ÀÏ -endstream endobj 859 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 287 0 R /Length 34 /Filter /FlateDecode >> stream -H‰b` !`dbfaecç€N.nF^ZZÈ`;֕ -endstream endobj 860 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 290 0 R /Length 28 /Filter /FlateDecode >> stream -H‰b` 9`dbfaaecg¤½U !" -endstream endobj 861 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 325 0 R /Length 44 /Filter /FlateDecode >> stream -H‰b` `dbfaecçàäâæá>~Av!ašÙÉ`v¹- -endstream endobj 862 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 322 0 R /Length 40 /Filter /FlateDecode >> stream -H‰b`  `dbfaecçàäbDˆqóðòñó "‰QGW¶ -endstream endobj 863 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 332 0 R /Length 37 /Filter /FlateDecode >> stream -H‰b` `dbfaecç`Ĕáäâæáåãǔ¡ -00| -endstream endobj 864 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 329 0 R /Length 39 /Filter /FlateDecode >> stream -H‰b` >`dbfaecçàÀ*ËÁÀÉÅÍÃËÇH› 0{ -endstream endobj 865 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 310 0 R /Length 36 /Filter /FlateDecode >> stream -H‰b` 6`dbfaecg§‚ƒ“‹›‡‰—êv3%Ùc -endstream endobj 866 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 317 0 R /Length 37 /Filter /FlateDecode >> stream -H‰b` 2`dbfaecdÇ«ˆƒ“‹›‡—‘Ú–3(¬l -endstream endobj 867 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 316 0 R /Length 36 /Filter /FlateDecode >> stream -H‰b` *`dbfaecg"¨‰ƒ“‹›‡°:@€ ÿU -endstream endobj 868 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 244 0 R /Length 36 /Filter /FlateDecode >> stream -H‰b` &`dbfaec'F);'7;/Uíg0'5j -endstream endobj 869 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 242 0 R /Length 34 /Filter /FlateDecode >> stream -H‰b` "`dbfaec$V5;'7±ª‰„F -endstream endobj 870 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 252 0 R /Length 35 /Filter /FlateDecode >> stream -H‰b` `dbfaed#Z=;'7#]À`K -endstream endobj 871 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 248 0 R /Length 34 /Filter /FlateDecode >> stream -H‰b` `dbfae$E#;'IZ€Ó; -endstream endobj 872 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 230 0 R /Length 30 /Filter /FlateDecode >> stream -H‰b` `dbfae$U;éšð€9) -endstream endobj 873 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 237 0 R /Length 32 /Filter /FlateDecode >> stream -H‰b` `dbfae$];'éÚp€1 -endstream endobj 874 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 234 0 R /Length 32 /Filter /FlateDecode >> stream -H‰b` `dbfae$G#;;9±€T- -endstream endobj 875 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 270 0 R /Length 32 /Filter /FlateDecode >> stream -H‰b`  -`dbfae$O+;'yZ1@€m1 -endstream endobj 876 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 267 0 R /Length 35 /Filter /FlateDecode >> stream -H‰b` `dbfae$K+;#'7yš1@€˜F -endstream endobj 877 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 278 0 R /Length 36 /Filter /FlateDecode >> stream -H‰b` `dbfae$O+;#'7yÚÑ@€QS -endstream endobj 878 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 275 0 R /Length 37 /Filter /FlateDecode >> stream -H‰b` 021³°2’©—ƒ‘‘“‹›‘‡ -.a0uT -endstream endobj 879 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 258 0 R /Length 43 /Filter /FlateDecode >> stream -H‰b` 021³°2‘¡‘‰‰‰ƒ“‹‰›‰‡—‡‰›r§0* -endstream endobj 880 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 334 0 R /Length 44 /Filter /FlateDecode >> stream -H‰b` 021³0²’®ƒ‘“‹›‘‘‡—‘r§0({ -endstream endobj 881 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 262 0 R /Length 44 /Filter /FlateDecode >> stream -H‰b` 021³0²’¡ƒ“‘‹›‡Èáåã`¤Ø- 0• -endstream endobj 882 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 398 0 R /Length 45 /Filter /FlateDecode >> stream -H‰b` 021³°2’®ƒ“‹›‡“—l ¿€ Æ €=¿ -endstream endobj 883 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 396 0 R /Length 44 /Filter /FlateDecode >> stream -H‰b`  021³°2‘¡‘ƒ“‹›‡—ª™‰_@IˆB×09®´ -endstream endobj 884 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 403 0 R /Length 43 /Filter /FlateDecode >> stream -H‰b`  021³0’£‘•ƒ“‘‹›ª›—‘_€,“@€,òŽ -endstream endobj 885 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 387 0 R /Length 45 /Filter /FlateDecode >> stream -H‰b` 021³0²’£“•ƒ“‹›‡—f¿€ #^=„@€4<£ -endstream endobj 886 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 392 0 R /Length 42 /Filter /FlateDecode >> stream -H‰b` 021³°2’©—ƒ“‹›®‘—ŸQ€"÷0-mŽ -endstream endobj 887 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 390 0 R /Length 39 /Filter /FlateDecode >> stream -H‰b` 021³0’«—•ƒ“‹¡Ÿ‘‡—\Ó  À#—o -endstream endobj 888 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 421 0 R /Length 41 /Filter /FlateDecode >> stream -H‰b` 021³0²’­›ƒ“‹!ÀÍÃËÇψ[ À'³} -endstream endobj 889 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 424 0 R /Length 43 /Filter /FlateDecode >> stream -H‰b` 021³°²‘¥•ƒ“‹›‡U7¿› .b09¯² -endstream endobj 890 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 409 0 R /Length 39 /Filter /FlateDecode >> stream -H‰b` 021³0’©••ƒ“‹›M˜—ŸL! À(6} -endstream endobj 891 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 416 0 R /Length 42 /Filter /FlateDecode >> stream -H‰b` 021³0²’©—ƒƒ“‹M;#/?#ùNb0,³Š -endstream endobj 892 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 350 0 R /Length 41 /Filter /FlateDecode >> stream -H‰b` 021³°2‘«›‰ƒ“‹]?/Ùf@€&Ét -endstream endobj 893 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 352 0 R /Length 39 /Filter /FlateDecode >> stream -H‰b` 021³0’¯›•ƒÝ.Fn^òMe0 ÷h -endstream endobj 894 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 353 0 R /Length 43 /Filter /FlateDecode >> stream -H‰b` 021³°²‘«›ƒ“‹›‡—]œ_@ ]x`;?º -endstream endobj 895 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 339 0 R /Length 39 /Filter /FlateDecode >> stream -H‰b` 021³0’«XÙØ98¸0Ìåæá%ß\€t_ -endstream endobj 896 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 344 0 R /Length 40 /Filter /FlateDecode >> stream -H‰b` 021³0²’©b;'#¦07#/¹†pa -endstream endobj 897 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 358 0 R /Length 37 /Filter /FlateDecode >> stream -H‰b` 021³0’©¬Ÿ•«Œœ\œd› `WF -endstream endobj 898 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 371 0 R /Length 41 /Filter /FlateDecode >> stream -H‰b` 021³0²’§b;'#6.nn.20#¾s -endstream endobj 899 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 377 0 R /Length 37 /Filter /FlateDecode >> stream -H‰b` 021³0’§j+;'v).nrÍ0ôS -endstream endobj 900 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 363 0 R /Length 38 /Filter /FlateDecode >> stream -H‰b` 021³0’¥XÙØ9p˜ÀÊÈÉÅM¦é‘L -endstream endobj 901 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 364 0 R /Length 36 /Filter /FlateDecode >> stream -H‰b` 021³0’¥n+;.98¹È4 À_= -endstream endobj 902 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 365 0 R /Length 38 /Filter /FlateDecode >> stream -H‰b` 021³0’£ÉV6vrŒœ\Üä™`O -endstream endobj 903 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 381 0 R /Length 37 /Filter /FlateDecode >> stream -H‰b` 021³0’£XÙØ9XqšÏÉÅMžùœK -endstream endobj 904 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 346 0 R /Length 33 /Filter /FlateDecode >> stream -H‰b` 021³0’¡hÀÊÈÆÎÁIŽN€0 -endstream endobj 905 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 408 0 R /Length 30 /Filter /FlateDecode >> stream -H‰b` 021³0’¡XÙØɲ À ª -endstream endobj 906 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 384 0 R /Length 33 /Filter /FlateDecode >> stream -H‰b` 021³0’®ÀÊÈÆÎÁI†F€0 -endstream endobj 907 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 85 0 R /Length 30 /Filter /FlateDecode >> stream -H‰b` 021³0’®4;XÙØɱ À ¡ -endstream endobj 908 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 81 0 R /Length 33 /Filter /FlateDecode >> stream -H‰b` 021³0’¬‹DÀÊÆÎÁÈIº>€ù0 -endstream endobj 909 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 89 0 R /Length 25 /Filter /FlateDecode >> stream -H‰b` 021³0’¬‹N¶ » -endstream endobj 910 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 86 0 R /Length 33 /Filter /FlateDecode >> stream -H‰b` 021³0±’ª‹dÀÄÆÎÁDº6€C+ -endstream endobj 911 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 69 0 R /Length 31 /Filter /FlateDecode >> stream -H‰b` 021³0’ª‰ ÀÈÊÆNº=  -endstream endobj 912 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 67 0 R /Length 31 /Filter /FlateDecode >> stream -H‰b` 021³0’ª‰ ÀÈÊÆNº=  -endstream endobj 913 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 77 0 R /Length 36 /Filter /FlateDecode >> stream -H‰b` 021³0’¨¡™•h͌œ\$Û`Ï= -endstream endobj 914 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 92 0 R /Length 36 /Filter /FlateDecode >> stream -H‰b` 021³0’¨¡™•h͌œ\$Û`Ï= -endstream endobj 915 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 111 0 R /Length 43 /Filter /FlateDecode >> stream -H‰b` 021³0’¦E;+#;'1j¹¹y‰R‰ µ] -endstream endobj 916 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 112 0 R /Length 38 /Filter /FlateDecode >> stream -H‰b` 021³0’¦U?+;‘0rrq“j@€ -H -endstream endobj 917 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 115 0 R /Length 45 /Filter /FlateDecode >> stream -H‰b` 021³0±’¤ØØ98¹¸yxù˜ˆSÏÄ/ H¤R807«¢ -endstream endobj 918 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 96 0 R /Length 41 /Filter /FlateDecode >> stream -H‰b` 021³0’¤Y3+;'7Ñ0òðò‘h@€%o -endstream endobj 919 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 93 0 R /Length 37 /Filter /FlateDecode >> stream -H‰b` 021³0’¤Y3+;')¸¸yH´ ÀðS -endstream endobj 920 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 103 0 R /Length 44 /Filter /FlateDecode >> stream -H‰b` 021³°’¢°±±sprqóðò±©ƒŸU@Dë ;K° -endstream endobj 921 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 100 0 R /Length 43 /Filter /FlateDecode >> stream -H‰b` 021³0’¢°²±sprqóðò±m¿€ iö6O¢ -endstream endobj 922 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 28 0 R /Length 38 /Filter /FlateDecode >> stream -H‰b` 021³0’¢U7+;')ú¹¸yH³ À6T -endstream endobj 923 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 31 0 R /Length 41 /Filter /FlateDecode >> stream -H‰b` 021³0’ ];+;')p1ró0ò’b@€“a -endstream endobj 924 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 34 0 R /Length 39 /Filter /FlateDecode >> stream -H‰b` 021³0’ C?+;')&0rqód#@€ùT -endstream endobj 925 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 16 0 R /Length 39 /Filter /FlateDecode >> stream -H‰b` 0213² M7++;'#Iz¸¸yHÒ`Y -endstream endobj 926 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 14 0 R /Length 40 /Filter /FlateDecode >> stream -H‰b` 021³0¯C;+;#'iš¸yyIP` Fa -endstream endobj 927 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 23 0 R /Length 36 /Filter /FlateDecode >> stream -H‰b` 021³0¯S?+;©ú98¹HÑ`= -endstream endobj 928 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 20 0 R /Length 41 /Filter /FlateDecode >> stream -H‰b` 021³0±­0±±spr‘f7/ ê $yi -endstream endobj 929 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 57 0 R /Length 44 /Filter /FlateDecode >> stream -H‰b` 021³0­ª‡• ¡…‘ƒ“‹D#¹yy‰W`#úi -endstream endobj 930 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 58 0 R /Length 45 /Filter /FlateDecode >> stream -H‰b` 021³0­ XÙØ98z¸¸yxùH4‚‘_@-7YŸ -endstream endobj 931 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 64 0 R /Length 52 /Filter /FlateDecode >> stream -H‰b` 0213²¥’…‘•¬…ƒ“‹›IŠ‡—8#¶òñ 0V78˜ -endstream endobj 932 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 51 0 R /Length 53 /Filter /FlateDecode >> stream -H‰b` 021³0©”•¬”‘ƒ“‹›‡¢‘—_@€Xë† -1 -­ ÀQiß -endstream endobj 933 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 39 0 R /Length 55 /Filter /FlateDecode >> stream -H‰b` 021³0¥’•ƒ“¤‡‹›‡—_@_ˆCXDTŒWœ8ȳ ‰õL -endstream endobj 934 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 49 0 R /Length 57 /Filter /FlateDecode >> stream -H‰b` 0213²£…‘•ƒÌädåâæáåãáæA¢L@µWHX„‘hÕx3< -endstream endobj 935 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 45 0 R /Length 54 /Filter /FlateDecode >> stream -H‰b` 021³0¥•ƒ“ ¬–‘›‡—ƒŸ‰2Ý@!aFbnŽ! -endstream endobj 936 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 191 0 R /Length 50 /Filter /FlateDecode >> stream -H‰b` 021³0¡Ž••ƒƒ“ ¬–‘›‡ °óc†Í|üDë0fG -endstream endobj 937 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 188 0 R /Length 51 /Filter /FlateDecode >> stream -H‰b` 021³0VÆÊÆÎÁÉÅÍÃVËÈËDžøˆ0ÓfA!a¢õ€D -endstream endobj 938 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 199 0 R /Length 53 /Filter /FlateDecode >> stream -H‰b` -021³0¡Ž‰•ƒ“ƒ‹¤˜‡‡— ð c:àa"Z@€ŸD -endstream endobj 939 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 195 0 R /Length 52 /Filter /FlateDecode >> stream -H‰b` -021³0¡Œ•ƒƒ“‹¤˜‡‡— ðñaC…ˆÕ`y‰2 -endstream endobj 940 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 176 0 R /Length 54 /Filter /FlateDecode >> stream -H‰b` -021³0¡Œ•ƒƒ“‹¨˜‘‡“—_…ˆ0›¡Â"¢Äê0¡p— -endstream endobj 941 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 183 0 R /Length 54 /Filter /FlateDecode >> stream -H‰b` 021331VÇÄÂÊÆÆÆÊÎÀâprq³!^&¢,C|ü‚Äê0a¨ -endstream endobj 942 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 180 0 R /Length 52 /Filter /FlateDecode >> stream -H‰b` 021³0£Ž•ƒ¬–‹›‡—øø¹¸ˆ² ÓTAF"µoÔ -endstream endobj 943 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 217 0 R /Length 54 /Filter /FlateDecode >> stream -H‰b` 021³0£Ž•ƒ“‹›‡‡—_€…ˆ1«©ÂÌ"Dê0„÷D -endstream endobj 944 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 214 0 R /Length 55 /Filter /FlateDecode >> stream -H‰b` 021³°VÆÆÎÁÉÅÍÃËÇÒÃ/ ($ B¼"ŒDY…ÍvQ1q"5¼ÆÑ -endstream endobj 945 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 225 0 R /Length 51 /Filter /FlateDecode >> stream -H‰b` 021³0£‰•ƒ“‹¤˜‘‡—…ˆ2‡õÂ"Dê0“Y -endstream endobj 946 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 222 0 R /Length 49 /Filter /FlateDecode >> stream -H‰b` 021³0¥•ƒ“‹‘Ìááåƒ~¢ôã2VPH˜8ý{%6 -endstream endobj 947 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 205 0 R /Length 48 /Filter /FlateDecode >> stream -H‰b` 021³0¥•ƒ“‹Âááåƒ~¢ôã2VPH˜8ýz¶5 -endstream endobj 948 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 206 0 R /Length 51 /Filter /FlateDecode >> stream -H‰b` 0213²¥•ƒÂæäbäæá…>~Fbôã2VPH˜8ýkF -endstream endobj 949 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 209 0 R /Length 53 /Filter /FlateDecode >> stream -H‰b` ™˜YX‰PÇÀÆÊÎÁÉVÊÊÍÃËÊÇ/‚BDéÇ„YED‰3 ÀHk -endstream endobj 950 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 136 0 R /Length 52 /Filter /FlateDecode >> stream -H‰b` ™˜Y‰PTÉÊÆQÉÈÁÉÅÍÃ˼üÄéÇi® 0Q&m° -endstream endobj 951 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 135 0 R /Length 54 /Filter /FlateDecode >> stream -H‰b` ™˜Y‰PTÉÊÆÎbp°srqóðòñ €€ qÚq›+,"L”|: -endstream endobj 952 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 143 0 R /Length 59 /Filter /FlateDecode >> stream -H‰b` ™˜Y«becç`38¹¹yxùøøø@@PH˜QD”° xÌ—`$F!@€ŸF’ -endstream endobj 953 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 140 0 R /Length 62 /Filter /FlateDecode >> stream -H‰b` ™˜Y˜+cbecçà*dââæaâåã€A!avNQ&1ÂFàâL’D8 À¶Æ -endstream endobj 954 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 124 0 R /Length 55 /Filter /FlateDecode >> stream -H‰b` ™˜Y‰PÆÊÆÎÁ TÈÈÅÍÃÈËÁül‚BœD˜€ÏpaQbL0—àw -endstream endobj 955 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 121 0 R /Length 52 /Filter /FlateDecode >> stream -H‰b` ™˜Y +cecçàä*däæáeäãàG‚D€× BÂ"Ä` Ê‡ -endstream endobj 956 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 131 0 R /Length 58 /Filter /FlateDecode >> stream -H‰b` ™˜Y+c`decgd`áàäâæadäáåƒ~n~AF" Àg¶°1F‘šg -endstream endobj 957 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 146 0 R /Length 56 /Filter /FlateDecode >> stream -H‰b` ™˜Y˜ª&V6v&&N.n&^>~(a'ÊÊ`¼â± -endstream endobj 958 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 162 0 R /Length 71 /Filter /FlateDecode >> stream -H‰b` ™˜Y ªb``ecç`dåäâæáåãaqA FVqaQ!I)iV"LÂê -YF"ô¢ -endstream endobj 959 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 166 0 R /Length 73 /Filter /FlateDecode >> stream -H‰b` ™˜Y ªb``ecç``ääâæáeçãçâaQ1Fq 0[PRJZFVŽãÐ]!¯ H„6€3‹ -endstream endobj 960 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 169 0 R /Length 63 /Filter /FlateDecode >> stream -H‰b` ™˜Y ª)decdçàäâææáåãá†~AA!Fan8àå#Ê> stream -H‰b` ™˜ *©caeadcçàäâæáåãçæ‚AF!a.$À-"J”‰È@L\B’M×Ù8 -endstream endobj 962 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 148 0 R /Length 64 /Filter /FlateDecode >> stream -H‰b` ™˜YX )V6vVVN.n^>~A!(àBâ’Rĉb¼´ Î0Ft5 -endstream endobj 963 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 157 0 R /Length 63 /Filter /FlateDecode >> stream -H‰b` ™˜Y )+decgd`äàäâäæáåãä‡A!~T ,"*FŒ‘(ƋKHv@€U¸ -endstream endobj 964 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 154 0 R /Length 64 /Filter /FlateDecode >> stream -H‰b` ™˜Y )+decgdààäâæáåãàà>a4 "*ÆAŒ‘(ƋKHv@€7Ù -endstream endobj 965 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 168 0 R /Length 65 /Filter /FlateDecode >> stream -H‰b` ™˜YX )6vN.Fn^F>~A!àB"¢ìlD‰ê1q F‚ª "Tß -endstream endobj 966 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 126 0 R /Length 64 /Filter /FlateDecode >> stream -H‰b` ™˜ ©V6v JN.n^VF>~A0(+ 1f"1Fq Â0´ -endstream endobj 967 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 145 0 R /Length 63 /Filter /FlateDecode >> stream -H‰b`À™˜YX ¨6vv6VN.n^>~^A0DÂ"¢lʉXÅÄ ; À+”è -endstream endobj 968 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 211 0 R /Length 65 /Filter /FlateDecode >> stream -H‰b`À™˜Y ¨V6vN JV.n^>~A!> åáCÂb¬¬Ä˜‰êq I‚.0 ”¦ -endstream endobj 969 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 220 0 R /Length 59 /Filter /FlateDecode >> stream -H‰b`À™˜Y ¨ªdec©dä`ãäâæáåãA!A ÌCœ‘¨æ‹ˆŠÔ`÷`x -endstream endobj 970 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 175 0 R /Length 59 /Filter /FlateDecode >> stream -H‰b`À™˜YX ¨6vN6°.n^>~AâÄÂ"ŒD‰êQ1q‚Ú _¶ -endstream endobj 971 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 189 0 R /Length 60 /Filter /FlateDecode >> stream -H‰b`À™˜ (*daec``ceçàdäâæáåãA!~L ,Bœ™(@TL\‚ 6€ý@– -endstream endobj 972 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 43 0 R /Length 63 /Filter /FlateDecode >> stream -H‰b`À ™˜Y˜ð+V6v BVVN.n^>~A!a Æ⠬ʉ˜$% : À9y -endstream endobj 973 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 55 0 R /Length 61 /Filter /FlateDecode >> stream -H‰b`À ™˜Yñ+*dec+däàäâæáeäãÄü"D‰a…¨£85ǐ -endstream endobj 974 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 33 0 R /Length 60 /Filter /FlateDecode >> stream -H‰b`À ™˜Yñ+V6vV°N.n^F>~AAA!aA,@D”(#1Ü"&.AH#@€À® -endstream endobj 975 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 101 0 R /Length 53 /Filter /FlateDecode >> stream -H‰b`À ™˜Yñ+A×ÁÊÆÎÈÁÈÉÅ <ܼÜ€‡Ÿ4#a&  -Ò`§ ± -endstream endobj 976 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 117 0 R /Length 54 /Filter /FlateDecode >> stream -H‰b`À ™˜Yð+ÁÐÂÊÆÎÈÁÉÅÍÍÍÅÃˍ ø8H4j0¿€ #5 T -endstream endobj 977 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 75 0 R /Length 50 /Filter /FlateDecode >> stream -H‰b`À ™˜ñ«À¢‡…•‘ƒ“““‹D¢n’^F>~B: ~æL -endstream endobj 978 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 80 0 R /Length 50 /Filter /FlateDecode >> stream -H‰b`À™˜YXñªÀXÙØ98¹¸yxxùxy°~’„,(DH'@€´ïÉ -endstream endobj 979 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 351 0 R /Length 49 /Filter /FlateDecode >> stream -H‰b`À™˜YñªÀ¦‰•8¹¸9°^’„ÌÇ/ ˆ_ @€‚€^ -endstream endobj 980 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 359 0 R /Length 52 /Filter /FlateDecode >> stream -H‰b`À™˜YñªÀ¦‰•ƒ“‹›››‡—ðñ ’j$Ô`!a®0©È¾ -endstream endobj 981 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 341 0 R /Length 46 /Filter /FlateDecode >> stream -H‰b`À™˜YñªÀ¡•ƒ“‹› àá%ÇD°©|üôrg. -endstream endobj 982 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 347 0 R /Length 51 /Filter /FlateDecode >> stream -H‰b`À™˜YðªÀXYÙØ988¹¸y0/ é&B]Ã/ Ȉ_ @€—»Š -endstream endobj 983 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 419 0 R /Length 48 /Filter /FlateDecode >> stream -H‰b`À™˜ñ*Àª‰…•ƒ“‹››‡ðò‘n"ð3 -Ð `‚fU -endstream endobj 984 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 402 0 R /Length 55 /Filter /FlateDecode >> stream -H‰b`À™˜Y˜ð)À¬lìœ\Ü<¼|üL‚|Bè€_X„4‘“¨(ÍñLT -endstream endobj 985 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 264 0 R /Length 55 /Filter /FlateDecode >> stream -H‰b`À™˜Yñ)ÀÔÁÊÆÎÁÉÅÍÃËÇÏ( È%„„EEI2Åt1qº ë†Z -endstream endobj 986 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 273 0 R /Length 53 /Filter /FlateDecode >> stream -H‰b`À™˜Yñ)ÀÔÁÊÆÎÁÉÅÍÃËÇÈÏ%À……H3ÕtaQüÚ §_¬ -endstream endobj 987 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 229 0 R /Length 57 /Filter /FlateDecode >> stream -H‰b`À™˜Yñ)@¬l쌌œ\Ü<¼¼|üŒ‚¼@ˆG˜1Ü#"*†_;@€ÎÓ -endstream endobj 988 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 243 0 R /Length 56 /Filter /FlateDecode >> stream -H‰b`À™˜Yñ)@SÎÊÆTÎÈÁÉÅÍÅÃËÇ͏…ˆ7ÃaQüî0ʑ -endstream endobj 989 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 311 0 R /Length 53 /Filter /FlateDecode >> stream -H‰b`À™˜Yð)@SÎÊÆΤ88¹¸yx¹ù°~FâÍô@PH¿~€¿çá -endstream endobj 990 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 307 0 R /Length 47 /Filter /FlateDecode >> stream -H‰b`À™˜ñÉãÐÅÂÊÆÆÎÁɅ ¸yxùH7øùð; ÀƒU -endstream endobj 991 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 301 0 R /Length 45 /Filter /FlateDecode >> stream -H‰b`À ™˜Y˜ðÈãL¬lìœ\ܘ€‡—óLæãÃo@€„rH -endstream endobj 992 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 295 0 R /Length 48 /Filter /FlateDecode >> stream -H‰b`À ™˜YñÈãÐÅÊÆÎÁÉǺ x8xI7Ål>~F| - uà. -endstream endobj 993 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 285 0 R /Length 49 /Filter /FlateDecode >> stream -H‰b`À ™˜YñÈc×ÄÊÆÎÁÉÅÍËøøI6Íp!a¼F¦t¨ -endstream endobj 994 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 292 0 R /Length 51 /Filter /FlateDecode >> stream -H‰b`À ™˜YñÈc×ÄÊÆÎÁÉÈÅÍË -øø…H5 ÝpaQ¼.0¢Æ£ -endstream endobj 995 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 323 0 R /Length 46 /Filter /FlateDecode >> stream -H‰b`À ™˜YñÈãÓÊÊƎØ88¹¸yÈ3f,/?^Xýí -endstream endobj 996 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 330 0 R /Length 52 /Filter /FlateDecode >> stream -H‰b`À ™˜YðÈãÓÊÊÆÎÁÉÅÁÜ<ì¼|üŒä™3V@P¯ cÏ -endstream endobj 997 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 309 0 R /Length 49 /Filter /FlateDecode >> stream -H‰b`À ™˜ñHã,¬lìœ\œÜ<¼h€_€,a@PHX¯› ¢ -endstream endobj 998 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 315 0 R /Length 45 /Filter /FlateDecode >> stream -H‰b`À ™˜ñHã,¬lìœ\Ü€‡—L!€‘_¯})H -endstream endobj 999 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 250 0 R /Length 49 /Filter /FlateDecode >> stream -H‰b`À ™˜Y˜pKãL¬lìLœ\Ü<\¼˜€›ƒtQLçãÃk@€¡o‹ -endstream endobj 1000 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 231 0 R /Length 54 /Filter /FlateDecode >> stream -H‰b`À ™˜YqKãÒÅÊÆÎÁÉÅÍÃËǏ -x…„EH7ÅtQ1Fq<òÃ@ø -endstream endobj 1001 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 239 0 R /Length 53 /Filter /FlateDecode >> stream -H‰b`À ™˜YqKc¬lìœ\Ü<¼|ü¼¨€W•Tã0Ü$$,"ŠG ÀÀ…ï -endstream endobj 1002 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 272 0 R /Length 49 /Filter /FlateDecode >> stream -H‰b`À ™˜™qKãÒÅÂÊÆÎÁÉÅÍÃˇ -øH7 ÃtA!a|¦šÓŠ -endstream endobj 1003 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 276 0 R /Length 48 /Filter /FlateDecode >> stream -H‰b`À ™˜YqKãÔÆÊÆÎÁÉÅÍÃˇ -øÈ0 ÝpA!a|¦š@ˆ -endstream endobj 1004 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 254 0 R /Length 57 /Filter /FlateDecode >> stream -H‰b`À ™˜YqKãÒÅÊÆÎÁÉÅÍÃËÇ/ (Ä/ ‚"¢bœ$›†aº¸„$>7ÃÍø -endstream endobj 1005 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 261 0 R /Length 67 /Filter /FlateDecode >> stream -H‰b`À ™˜YpKc,,¬lìœ\Ü<¼|ü¼œŒ‚B À)"*&Î(!)%ÀHšn’–‘Åg@€Üè= -endstream endobj 1006 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 404 0 R /Length 64 /Filter /FlateDecode >> stream -H‰b`À ™˜qËb×ÂÂÊÆÎÁÉÅÍÃÉËÇÏ À(ÈÉ|BœÂ"¢||b⤉f„¤> ¾ó -endstream endobj 1007 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 383 0 R /Length 58 /Filter /FlateDecode >> stream -H‰b`À ™˜qËb×ÂÂÊÊÆÎÁÉÅÆÍÃËÇÈÀÈ/ Ȋ ¸…„I5ˆ0ŠŠá3 Àƒ»\ -endstream endobj 1008 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 427 0 R /Length 60 /Filter /FlateDecode >> stream -H‰b`À™˜Y˜pÊbL¬lìœ\Ü<¼|ü|‚BÂ"¢lb(€C\B‚DCQm”Âç(€7º -endstream endobj 1009 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 418 0 R /Length 59 /Filter /FlateDecode >> stream -H‰b`À™˜Y˜pÊbL¬lìœL\Ü<¼|ü‚B<Â"Ü¢<È@TLœTCQmÄ§ À×W -endstream endobj 1010 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 415 0 R /Length 57 /Filter /FlateDecode >> stream -H‰b`À™˜YqÊâÐÃÊÆÎÁÉÅÈÍÃËÇ/ È#$ŒD€Ò$šŠbƒ¨£8ni€úB} -endstream endobj 1011 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 357 0 R /Length 56 /Filter /FlateDecode >> stream -H‰b`À™˜YqÊâÐÃÊÆÎÁÉÅÈÍÃËÇ/ ($,‚ 8DI5Å1qF ÜÒ¢£ -endstream endobj 1012 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 336 0 R /Length 57 /Filter /FlateDecode >> stream -H‰b`À™˜YqÊâÐÃÊÆÎÁÉÈÈÅÍÃËÇÈÏ! ˆ „„EDI4Ù1q <®0î©n -endstream endobj 1013 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 375 0 R /Length 55 /Filter /FlateDecode >> stream -H‰b`À™˜YqÊâÒÄÊÆÎÁÈÈÉÅÍÃËÇ/À#ˆ „„EH6ÉQ1q<Ú è0Z -endstream endobj 1014 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 370 0 R /Length 53 /Filter /FlateDecode >> stream -H‰b`À™˜YqÊâÒÄÊÆÎÈÁÉÅÍÃËÇ/À'ˆ  “l,’"¢bx´ïf -endstream endobj 1015 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 369 0 R /Length 54 /Filter /FlateDecode >> stream -H‰b`À™˜YqÊâÒÄÊÆÈÀÎÁÉÅÍÃËÇÈÏ+€ -‘l,’Â"¢x´ÖÔ, -endstream endobj 1016 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 345 0 R /Length 51 /Filter /FlateDecode >> stream -H‰b`À™˜YpÊ⌬l윜\ŒÜl> stream -H‰b`À™˜YpÊ⌬lìœ\܌<¼|üX—#Yæ‚ÍÆ£ À»Yì -endstream endobj 1018 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 83 0 R /Length 55 /Filter /FlateDecode >> stream -H‰b`À™˜qJbªfa…«fdcçàäâæadäåãÂøI0 ‹ˆâÑ `Ÿr¸ -endstream endobj 1019 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 91 0 R /Length 70 /Filter /FlateDecode >> stream -H‰b`À™˜qJbV6v¨rFN.Fn^>~A!aaQ1q I)i–•“W Ád4{•ðh09ž9 -endstream endobj 1020 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 68 0 R /Length 67 /Filter /FlateDecode >> stream -H‰b`À™˜qJ"V6vN.n^>ˆF~A!aQT &Î%! RÒ2ęŒÈ2ÊÉãÑ `q¥ -endstream endobj 1021 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 72 0 R /Length 66 /Filter /FlateDecode >> stream -H‰b`À™˜Y˜pI"&V6vN.n^>ˆz&~A!a *&.!)%-#+'-O”ÉØ­SPÄ£ À{æ¯ -endstream endobj 1022 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 106 0 R /Length 70 /Filter /FlateDecode >> stream -H‰b`À™˜Y˜pI"T±²±spprqópñòñ31220 ‹ˆbbâ’ìRÒ2²rò„MƘñh0¥)ý -endstream endobj 1023 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 114 0 R /Length 68 /Filter /FlateDecode >> stream -H‰b`À™˜YqI"T±²±³sprqsó°óòñ  - 32ŠˆŠaâ’RÒ2R²rò„MÆi£‚"ÍË2P -endstream endobj 1024 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 98 0 R /Length 69 /Filter /FlateDecode >> stream -H‰b`À™˜YqIÂ+;''7/¿€ °ˆ¨˜¸„¤ -#+'$/¯ HØdœîRRfdÅ) `#! -endstream endobj 1025 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 29 0 R /Length 73 /Filter /FlateDecode >> stream -H‰b`À™˜YqIÂ+;'''7/¿€  °ˆ¨˜8N !)%-#+'¯ ¨¤¬¢JÐx¬îRSgdÅ) `>€ -endstream endobj 1026 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 36 0 R /Length 77 /Filter /FlateDecode >> stream -H‰b`À™˜YqIÂ+;'''7/¿€ #£°ˆ¨n .!)%-#+'''¯ ¨¤¬¢ª¦NÐ4wih -áÖ`VB -endstream endobj 1027 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 15 0 R /Length 78 /Filter /FlateDecode >> stream -H‰b`À™˜YqIÂ+;''7/¿€ 0££¨˜ .!)%ÍÈ -ÖË*#+'’WPd!dÂ]JÊ*¸Ý`ãÜ -endstream endobj 1028 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 21 0 R /Length 72 /Filter /FlateDecode >> stream -H‰b`À™˜YqIÂ+;'7/??¿€ #£°ˆ(?> &.1•QRJ&È'#+GÐ.˜»äq«0Çe‘ -endstream endobj 1029 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 52 0 R /Length 65 /Filter /FlateDecode >> stream -H‰b`À™˜YqIÂÔ°²±sprqóð‚¿#£ /^ ," -2UŒQ\BI˜GJZ†mĸ ÀŸ@þ -endstream endobj 1030 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 59 0 R /Length 69 /Filter /FlateDecode >> stream -H‰b`À™˜YqIÂÔ°²±sprqC/#¿€ 7^À%$ 4U„QTLMF\BRJ„€… ;¥edq» ÀŽ¸! -endstream endobj 1031 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 44 0 R /Length 66 /Filter /FlateDecode >> stream -H‰b`À™˜YqIBT°²±sprqÃ/#¿€ 7~ $ 4•QDT SJ\BR -¿• [¥edq+0—Á/ -endstream endobj 1032 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 119 0 R /Length 78 /Filter /FlateDecode >> stream -H‰b`À™˜YqI‚°²±spr!7/#¿’—€ 0£ˆ¨’¸£$#/76 %-Ã(‰ÏVFY9yÜî0«vs -endstream endobj 1033 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 197 0 R /Length 72 /Filter /FlateDecode >> stream -H‰b`À™˜YqI‚äYÙØ98‘7 #/Š?#ƒ£ ’°£(£˜¸' )%-#ŠÏ^Y9yÜî0†Á/ -endstream endobj 1034 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 177 0 R /Length 73 /Filter /FlateDecode >> stream -H‰b`À™˜YpI2°0²²±s N.nF^dv>~F RA$1!aFFQ1œ@\BRŠ§ÍŒÒ2²¸e d¦É -endstream endobj 1035 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 185 0 R /Length 75 /Filter /FlateDecode >> stream -H‰b`À™˜YpH±²±sprq£^>~Ad!aF rQ1$1q FFa!tÝȀKRJš—»øedqÉ10ãFé -endstream endobj 1036 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 219 0 R /Length 78 /Filter /FlateDecode >> stream -H‰b`À™˜Y°I°0²²±s0rrqó ^>F~Ad!aF I¢bHbâŒ,Œ"ÂB> stream -H‰b`À™˜±Š³°²±s02r°s¢.nF^>d~A ¨J…„EEÅø8 6q ìöKJIc•€’3/ -endstream endobj 1038 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 201 0 R /Length 76 /Filter /FlateDecode >> stream -H‰b`À™˜±ˆ²°²±³sp22rr°£.nF^>d6~ ¨J……EDÑuc.n1,``—À&Y~‹ -endstream endobj 1039 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 208 0 R /Length 76 /Filter /FlateDecode >> stream -H‰b`À™˜1ÄXXÙØ9888¹¹89Ð7#/?²¿€ Ð T¥@½ Œ‚ü„»0†€@„QT ›8€Ù -endstream endobj 1040 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 134 0 R /Length 79 /Filter /FlateDecode >> stream -H‰b`À™˜QEXXÙØ98A€‹›‘‘›‹ ðð2òñ ‹ -Í`Aêe`à$DÅÄ1ÝÅÂ(!‰E - w -endstream endobj 1041 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 132 0 R /Length 82 /Filter /FlateDecode >> stream -H‰b`À™˜QXXÙØ!€ƒ“‘‘“ƒ pq3òðò!‹ð Í`æGˆõ20Šˆò£ë1q I)~Ýè@šQF‹0’ê7 -endstream endobj 1042 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 129 0 R /Length 92 /Filter /FlateDecode >> stream -H‰tŽW -€0CG‡Ûº÷öþGTP°}yB~€aB–MÙ€àì…ãÂ󩦂ðÜ@ËG]‚$•ìƒ,/€²ªïØ´úaœæEy²bÛõc*‡µ$' -endstream endobj 1043 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 164 0 R /Length 91 /Filter /FlateDecode >> stream -H‰b`À™˜QXXÙØ!€ƒ“‘‘“ƒ pqóðòñ£ 2 -1 *êE6 -ðó 3Š0ŠŠA¹â’RÒ2²rò -ŠJÊBPg1ª¨2b: - ¸N -endstream endobj 1044 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 171 0 R /Length 98 /Filter /FlateDecode >> stream -H‰tŽG€@B?:ö±½wïB5: M|+ @ôdšn˜–íp‰ëžË?øAÅâ%izWÏ-!/ÊïúBÄêFú¶ë Ã8q>ÍËzßaØvü¦C€»Ì -endstream endobj 1045 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 149 0 R /Length 101 /Filter /FlateDecode >> stream -H‰b`À™˜Á FV6vN.n^>~ddàGBÂ"¢bâ(B’RŒ ¨Jz¥eøø±Y9yFFE_IY…QUMÌæSV×;ˆQS‹—£ Jú -endstream endobj 1046 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 155 0 R /Length 95 /Filter /FlateDecode >> stream -H‰b`À™˜ #+;'##7/ð 02 - -ñ¡aQ1Nq! I) F¥B‚(F¡iYFF9ydí -Š0¥ìJʌ,@‡©¨2âr4@€_ -endstream endobj 1047 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 153 0 R /Length 96 /Filter /FlateDecode >> stream -H‰tŽY€ D;Š -.€"î»÷¿£&ÆLxíÌkJäAbˆâ„s‘f ä…äJeŘÚÚÚ8+Ù´·èT«Ò9åÐõ´zg1N˜—/_·ý–¾§é`CŠ -endstream endobj 1048 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 158 0 R /Length 95 /Filter /FlateDecode >> stream -H‰tÎW€ PÆv{ï÷?¢’h $¼¿-³YB `ـãzTb>‚¾XÄ Õ¤YŽˆ©=.P¨«eõœª›VOK]?ã4õ²nüŸ·ûñ„Ï ¦§É-À.é -endstream endobj 1049 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 156 0 R /Length 87 /Filter /FlateDecode >> stream -H‰b`À™˜YXÙØA€ƒ“‹‘‘›‡ -xùy0À/ ˆ!*$,‚¦¨Wn.—`dà‡ñÙ$¥¥eÈÊÉ32*(2âr4@€ù®l -endstream endobj 1050 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 152 0 R /Length 95 /Filter /FlateDecode >> stream -H‰b`À™˜YXÙØA€ƒ“‹‘‘›‡ -xùy0À/ È($̆*("Š¦¨W n.—ddà‡ñÙ¤¤edÁL9yE%veFFU5F\Žf0¿ô -endstream endobj 1051 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 147 0 R /Length 95 /Filter /FlateDecode >> stream -H‰tÎW€0 Ðè`”²÷æþw©ï+²ä$„XÀq2® ¿‰#þ#c…$Í̐åEY՟àì6ï^SÛõ€ŠåS¦Æéšf}Ym‡íir0‚ -endstream endobj 1052 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 151 0 R /Length 94 /Filter /FlateDecode >> stream -H‰tŽI€ i•MPÜ÷ÝÿÿÑ  uêLÒÕCHD1PÆ-B¦Pšhd9÷Ò (+ïÊê¦íúÁ2N3¬Ûyÿ)\—.dÝÞ´Ûý㮡§É#À)âÉ -endstream endobj 1053 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 159 0 R /Length 96 /Filter /FlateDecode >> stream -H‰tÎç -€0 FÑ~ŽÆYÛº÷|ÿg‹Šˆž_!„KûË—“áùˆN±I/J§x]²EYuÓ´ïîG!Õê^Èýp Ü!b¢i^°nø{ší 7? -endstream endobj 1054 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 167 0 R /Length 95 /Filter /FlateDecode >> stream -H‰tÎY€ Pª‚û®¸ëý﨣‘„÷ÙLÚ!Äž”qÑBòGIÊ-wš!/˜³²ª›Vëúºûíý“BêÛáé8͋Ù_±íæâ8ázš\ ß -endstream endobj 1055 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 172 0 R /Length 97 /Filter /FlateDecode >> stream -H‰tŽG -€@7¶µ¬½÷^ÿÿ@+Š‚s -C!äp< ˆ=‘UcW¦º˜ý°YŽ+½çaï$i†cûÙ}ÁòeU7·h»~÷ ‰rv6æ§É*Àhöè -endstream endobj 1056 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 170 0 R /Length 107 /Filter /FlateDecode >> stream -H‰b`À™˜YXÙØ!€ƒ“‹›Êfçåcdä`G@QAF!at Q1q I)iY9yF°ÙsQ€¢’2#ƒ -£ªš:ÌH M-mƒU‡QI‘]WOŸÑÀ—£ ƒo… -endstream endobj 1057 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 161 0 R /Length 99 /Filter /FlateDecode >> stream -H‰b`À™˜YXÙØ!€ƒ“‹ÊfçáedäãgG@QFA!t vaQ11q I)iF°ÙsQ›¬œ<PPTRVQUK©k0jjAlÖÖaÄåh€…×¹ -endstream endobj 1058 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 160 0 R /Length 101 /Filter /FlateDecode >> stream -H‰b`À™˜YXÙØ¡€ƒ“‹ÆæáedäãgG@Q >A!atvQ1qF I)iF°ÙHæ"Y9yF$((22*)«€¥øUÕÔÙÙ54µµu±; #d3 -endstream endobj 1059 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 165 0 R /Length 95 /Filter /FlateDecode >> stream -H‰b`À™˜YXÙØ¡€ƒÎæäbdäæaG@Q^F$MpÍ|ü¼‚BÂ"¢Œ`³ÅÄ1”€€„¤#’ ¤e.•“W`gWTRfTQeÄáf€ÙJ -endstream endobj 1060 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 163 0 R /Length 87 /Filter /FlateDecode >> stream -H‰b`À™˜YXÙرNFF.n,¢<@<Œœ:xùø…„EøÁf‹Ša5W\B’ÉRÒˆËÈʁ¼‚"£’2#730Ü'c -endstream endobj 1061 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 127 0 R /Length 81 /Filter /FlateDecode >> stream -H‰b`À™˜YXÙرNFF.n,¢<`¼|üZ…„EDÅÄÁ*$$±š+ %͈äY„ ¸¹ 2<ŒròŒ˜Î…€Ã*r -endstream endobj 1062 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 128 0 R /Length 80 /Filter /FlateDecode >> stream -H‰b`À™˜YXÙرNFF.n,¢<`¼|ü˜Ú…„EDÅÁ*Ä%°š+)%͈äY„ ¸¹ 2<ŒròŒ˜Î…€½ÿh -endstream endobj 1063 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 130 0 R /Length 80 /Filter /FlateDecode >> stream -H‰b`À™˜YXÙرNFF.n,¢<`¼|ü˜š…„EDÅÁ*Ä%°š+)%͈äY„ ¸¹ 2<ŒròŒ˜Î…€¿i -endstream endobj 1064 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 125 0 R /Length 81 /Filter /FlateDecode >> stream -H‰b`À™˜YXÙرNFF.n,¢<`¼|ü‚š„„EDÅÄÁ*$$±š+%-ÈäY9„ ¸¹ 2<Œò -Œ˜Î…€È‚ -endstream endobj 1065 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 120 0 R /Length 77 /Filter /FlateDecode >> stream -H‰b`À™˜YXÙرNFF.n,¢<`¼|X5ò  - 3‚Uˆˆb5WL\‚É’RpsAe¥ed1 £v) -endstream endobj 1066 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 122 0 R /Length 82 /Filter /FlateDecode >> stream -H‰tŽG€ » bïõÿŸ4!LÀ9nË -ñAQœ¤²¤ò¨…i–èÚ­5m×cÃèݝæ…σuƒý8¥¤u¸î÷®å`¹Ï‘ -endstream endobj 1067 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 123 0 R /Length 82 /Filter /FlateDecode >> stream -H‰tŽG€ » bïõÿŸ4!LÀ9nË -ñAQœ¤²¤ò¨…i–èºq{m×cÃèݝæ…σuƒý8¥¤u¸î÷®å`ºƒ‘ -endstream endobj 1068 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 141 0 R /Length 91 /Filter /FlateDecode >> stream -H‰tŽE€0Cäww¿ÿaÚ PxËÈ$ŒýM “8Y¶ÃŸ¸à\UCьb0$iöpÊ ˆDY‘b^ÔM‹Ûƒ®†QŽOó²Êî¶øø+9Ý) -endstream endobj 1069 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 142 0 R /Length 95 /Filter /FlateDecode >> stream -H‰tŽE€0C ҏ¶¸»ÜÿŠP؅·È"2Mûº˜#Ûq=z⤺Ṍbš¤ìÝ ,/ e¥fuÓâö Ž€®·¯h§™Hp,ë†Ïǒ]€é£d -endstream endobj 1070 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 144 0 R /Length 109 /Filter /FlateDecode >> stream -H‰tŽÛC@„ÿ¡ì Ejk«ŠÖû¿Ÿ»V|7“Ì!‘à¸x¾bFGÅN1¤äÆ=¯Ë,‡H²úoU‰Â6.µÚf¤¾6ÆÜÚ»±<žš|uý[¯Q:`œ¬$ø|g읖E€yƒ| -endstream endobj 1071 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 139 0 R /Length 106 /Filter /FlateDecode >> stream -H‰b`À™˜YYÙØ98¹¸yx9P?#£€ †¨X§°#ˆGWÂÁ.! ”c”’fǐY9FFyE%e°U5u M°”ª£¶‡ £®ž>#.G3q;_ -endstream endobj 1072 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 133 0 R /Length 97 /Filter /FlateDecode >> stream -H‰b`À™˜YYÙØ98¹¸yx9P?#£€ †¨X§°#˜GWÃ!!)ÅÈÀ(-#‹!rò -@I¥0#•”Åa†«m`TUSgÄåh€DVN -endstream endobj 1073 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 138 0 R /Length 95 /Filter /FlateDecode >> stream -H‰tŽE€0D;X?îZ\ïChx˱ c?@Q5è'Ó²—^x>„D’Í8Á5‘fü¢¼C™W’q êæ0ÛîiõÃ8‰{|öˆÂ˺áï4Û;ÑT -endstream endobj 1074 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 137 0 R /Length 98 /Filter /FlateDecode >> stream -H‰tŽW€ D+ì½a÷þ7” †÷¹³SÑô`;.õ|!£_¢HRª ®™tæ²²ª›¶ë]õIÄ À8±Ÿ àó‚õmÛöãäOø%Li"wéF“[€rî› -endstream endobj 1075 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 173 0 R /Length 94 /Filter /FlateDecode >> stream -H‰b`À™˜YYÙØ98¹¸yxù8¿#£ ‰ -‹ˆ"ÄÄ%$¥DÑT±KË )C>Y9FFy¸$§¢’2ÌpUQ!AF5u F\Žf0‹( -endstream endobj 1076 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 207 0 R /Length 91 /Filter /FlateDecode >> stream -H‰tŽG€0Ãfٝì=þÿEà€¨õъ¬bŽëÁBŠҌšäÀ8ýp[!Õ+tY¡n>+%ÐvŠþ ËÄl ã4/O|½> stream -H‰tŽG€0cꆞBïåÿoD‘9ŽlˌY€ãzðƒx#IÉ$ˁBЇËJ¥QV5š¶{§´’@?húá*0s£§™ßã˪IØö¶Óì`që¶ -endstream endobj 1078 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 210 0 R /Length 94 /Filter /FlateDecode >> stream -H‰tŽI€ C©'pž½ÿ!Յ¾eÓה±àùˆ“ˆ=$)'‡,¤¢gZhs¶¬€ºi-£  ë }p -ÌÝ°Ã8‰k|>$%±¬ØþN³]€Xwr -endstream endobj 1079 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 202 0 R /Length 94 /Filter /FlateDecode >> stream -H‰tŽG€0×Ô%Rè½ýÿqH„Ä-e¢„â$åLHH‘±G^¥âOªuAU7 ´õ[Öh ì×v‚·QÓ¼¼ã+¶Y•8N\§é`PTg -endstream endobj 1080 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 203 0 R /Length 93 /Filter /FlateDecode >> stream -H‰tŽÅ€@C§ØîîÎÿ!Mx§¦’”è(ªÝlZ6à¸üÁuÏg‰Ë Âè5â$!ˋo+*+©&êæ Û®Æ[‰i^óºa?ð÷™è``‰¿ -endstream endobj 1081 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 204 0 R /Length 88 /Filter /FlateDecode >> stream -H‰tŽGÀ 7NM€ôJÚÿ_åÄ -‰9ZcÙD 2äÊJi®ÀX§môƒŽøÓqR!˜—´a?¤å¬‰´¨ ·ØŸž… ®ϋÔg¢O€K¼ -endstream endobj 1082 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 213 0 R /Length 90 /Filter /FlateDecode >> stream -H‰tŽÇ€ Ÿkv»þÿ?*!aŽ›™d‰<#ÄIÊx–EY±QMËÌj‚®@„q²-©´£9´’ï0/ëÆ-a?N\7|Ÿ‰AP( -endstream endobj 1083 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 221 0 R /Length 93 /Filter /FlateDecode >> stream -H‰tŽE€0»XÑâÚâþÿ—–0ǵ,!@Óa˜µðü€)ˆöáQÓ,WBQV¸wꆾR”  íúo[ ¸Ìã4/Ê_·8Nü~&—6DÄ -endstream endobj 1084 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 226 0 R /Length 91 /Filter /FlateDecode >> stream -H‰tŽG€ Y»RTÀÞËÿߨ^À0ÇmYB| AÅIš!GA™… @pæð©eU[A*w§i»Œö€VÒm›†Ñä§Ëjìm?pâºáýLµos -endstream endobj 1085 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 224 0 R /Length 95 /Filter /FlateDecode >> stream -H‰tŽÇ€ D{©*öòÿ©\À˜ð.›}›Ù !1¤p#ˋ²ª›–XtŒþp– „Òæý€~øféh£Õ?퐂ƒÀŽ^Ló²n~ُ÷z^7¢É#À­³Q -endstream endobj 1086 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 215 0 R /Length 94 /Filter /FlateDecode >> stream -H‰b`À™˜YàV6v8àäbdäâä@ Qn^„¿#P« 0²2QFF1q tÝ ÀËÃÍÈÀ(*ãKJIËÈÂ4ËÉ+€LSTRfÄéf€îœ -endstream endobj 1087 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 216 0 R /Length 92 /Filter /FlateDecode >> stream -H‰b`À™˜YàV6v8àäbdäâä@ Qn^„¿#P+Š‡ #£°ˆ(ºn¸F1qŸ•QBR -Ĕ–‘e”9D^A‘§› ׶C -endstream endobj 1088 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 218 0 R /Length 93 /Filter /FlateDecode >> stream -H‰b`À™˜Y> stream -H‰b`À™˜Y„¿€ ÐF!a>te"¢bèºA€O\BRBJƕ‘•cÄp•¼‚"† öC -endstream endobj 1090 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 181 0 R /Length 75 /Filter /FlateDecode >> stream -H‰b`À™˜Y‘ù¬lìœ`ÀÅÍÈÈÍʼn@¢<¼|~A ŒBÂ|èÊDDÅÐucq IFLWIIË`ŠÂ@€Ëó¦ -endstream endobj 1091 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 182 0 R /Length 70 /Filter /FlateDecode >> stream -H‰b`À™˜YQEXÙØ98€‹›‘‘›‹ €Dyxùü@PÅ Ê°èƂBŒX\%"*†E ¢) -endstream endobj 1092 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 184 0 R /Length 77 /Filter /FlateDecode >> stream -H‰b`À™˜YQDXÙØ98¹¸yxxùùxyÐH”_@! $,4€QT C£¸ºnt )%͈ÍU2²Œr8ÝÌ`+ê -endstream endobj 1093 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 179 0 R /Length 79 /Filter /FlateDecode >> stream -H‰b`À™˜Y1YÙØ98¹¸¹¹xÐH”—! (ÄÈ Ì("Š¢LL\B’QJ]7*à—‘•“Çê*EFaœnf0'L¹ -endstream endobj 1094 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 174 0 R /Length 83 /Filter /FlateDecode >> stream -H‰b`À™˜Y˜P…˜XÙØ989¹¸yxùøр0“ˆ¨B@\B’ hŒ°Š2)i&&Y!A|@\NžI««˜•˜°J@@€Ø#5 -endstream endobj 1095 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 178 0 R /Length 83 /Filter /FlateDecode >> stream -H‰b`À™˜Y˜P…˜XÙØ988Ø9¹¸yxùøр€ “°B€OT h“¸Š2I)i&&Y~Ü@N^ »£˜•pI@€Œër -endstream endobj 1096 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 186 0 R /Length 80 /Filter /FlateDecode >> stream -H‰b`À ™˜‘¹,¬ŒlìœÀÅÍÃˇ -ø…„"¢b@Å%P”IJI32ÊȊðárò -Œ8ܤȨ¤ŒK r¹? -endstream endobj 1097 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 194 0 R /Length 84 /Filter /FlateDecode >> stream -H‰b`À ™˜V6v6N.nàáåã@‚BŒŒÂ"¢Q1qF FI)eÒ2²ŒŒrò -8€¨¢£N7É*«0â’€Òé -endstream endobj 1098 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 196 0 R /Length 82 /Filter /FlateDecode >> stream -H‰|Î7€ бvÀ~ÿCº!ƒò¶$Kˆ~!IÁ|à™yQ -îUuÓJõÒÐcÐLóëTÈY†U«oÛ~ òé¼îÈLže’ -endstream endobj 1099 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 198 0 R /Length 83 /Filter /FlateDecode >> stream -H‰b`À ™˜Yሊ‰KHJ  iYFF9yl@QI™·“UTÕðɳæÐ -endstream endobj 1100 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 193 0 R /Length 73 /Filter /FlateDecode >> stream -H‰b`À ™˜Y¡lV6vN.LÀÉÍÃËÇ‚ŒŒBÂ"ü€¨˜8ÐTF I)L9iFYÜ.j““‡» 0‡8 -endstream endobj 1101 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 187 0 R /Length 76 /Filter /FlateDecode >> stream -H‰b`À ™˜™á<V6vN.nnTÀÍËÇ/ BŒŒ"¢b‚€¸ØPFI)t¥Ò2²ròŒ8ÝÖ¥ ¨„O@€±• -endstream endobj 1102 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 192 0 R /Length 78 /Filter /FlateDecode >> stream -H‰b`À ™˜Y‘ø¬lìœ\Ü€‹‡—_@@@Pˆ‘QXDT?—€Ê()%,!#+'¯ ¨ÄˆÝ107)«¨ªá‘0Ž ‚ -endstream endobj 1103 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 190 0 R /Length 77 /Filter /FlateDecode >> stream -H‰b`À ™˜Y‘ø¬¬lìœØ7/¿#£ ~ ," -5”QL\.,)%-#+''¯ÀˆÕ-p7)*1*ã‘0,]Ž -endstream endobj 1104 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 46 0 R /Length 80 /Filter /FlateDecode >> stream -H‰b`À ™˜Y˜> stream -H‰b`À ™˜V6<€ƒ“‹›‡‡—_—”’–‘•“WPPR–QQU…u M-<.ÒbÔÖaÄ#Ï`ž;> -endstream endobj 1106 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 50 0 R /Length 59 /Filter /FlateDecode >> stream -H‰b`À ™˜V6|€ƒ¤˜‘‹›‡7àã„Eq;ˆATŒ[Ÿ<@€îØ -endstream endobj 1107 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 48 0 R /Length 66 /Filter /FlateDecode >> stream -H‰b`À ™˜Y LV6vN.€›‡›—_€Ÿ¤IPHX—Ä ¤¤ñ¹HFVŸ<@€õ· -endstream endobj 1108 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 40 0 R /Length 66 /Filter /FlateDecode >> stream -H‰b`À ™˜YalV6v€“‹›‡—Ÿ¬˜Q@PH—À $¥q;ˆQZFŸ<@€ªqî -endstream endobj 1109 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 41 0 R /Length 67 /Filter /FlateDecode >> stream -H‰b`À ™˜YalV6v€“‹›‡—“¢˜Q@PH+—À $¥xqºh´´Œ,>y€¡=Ö -endstream endobj 1110 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 42 0 R /Length 72 /Filter /FlateDecode >> stream -H‰b`À ™˜Y!LV6vN.n,€‡—_@]ˆQX„ ª˜QTL\ ”’–‘ÅääXñ¹HQI™<@€Rx’ -endstream endobj 1111 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 60 0 R /Length 72 /Filter /FlateDecode >> stream -H‰b`À ™˜Y!LV6vN.n,€‡—•‘Ÿ—•Q@ªÈEbâ’R҄€Œ¬+>É+0â“g0ñv• -endstream endobj 1112 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 61 0 R /Length 74 /Filter /FlateDecode >> stream -H‰b`À ™˜Y˜`V6vN.nTÀËÇ/ÀÄÀ$(Ȅª•UHXDTL$$¥¤¹d.Y9&tW &yy¼ò Øð[ -endstream endobj 1113 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 63 0 R /Length 67 /Filter /FlateDecode >> stream -H‰b`À™˜‘x,¬l쨀“‹—fn^>~A!aQ1q Iq)"€´ .ã@@–QNŸ<@€- -endstream endobj 1114 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 62 0 R /Length 62 /Filter /FlateDecode >> stream -H‰b`À™˜YàV6vNÀÅÍÃËLjC/¿€  ‹ˆ"8ø€˜8ã fJHJá“g`0ïA -endstream endobj 1115 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 53 0 R /Length 69 /Filter /FlateDecode >> stream -H‰b`À™˜Y¡lV6vN.n^(àãäaÄ¡UTL\$¥¤e$ˆ²r8̃*¯ ˆOž À¨”í -endstream endobj 1116 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 54 0 R /Length 76 /Filter /FlateDecode >> stream -H‰b`À™˜YalV6vN.nnvàåãÁ¦OTŒC\B8¥¤e$‰²rŒØ „¹A^AŸ<@€«4 -endstream endobj 1117 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 56 0 R /Length 71 /Filter /FlateDecode >> stream -H‰b`À™˜Y!LV6vN.n^>àáeÄ®MTL\BR - HËÈ¢ðq9yì& VPT«€ Àâû~ -endstream endobj 1118 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 38 0 R /Length 67 /Filter /FlateDecode >> stream -H‰b`À™˜Y¡LV6vN.n^0àãàÁª‹CTT ˆKHJ‰¥ñºGF–«•p`˜ñ– -endstream endobj 1119 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 19 0 R /Length 69 /Filter /FlateDecode >> stream -H‰b`À™˜Y˜ L&V6&vN.6n0àáåã`¦‡APHXDˆ‰K  a’Ø̈́&))¼ò \¢ - -endstream endobj 1120 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 24 0 R /Length 63 /Filter /FlateDecode >> stream -H‰b`À™˜‘x,¬lì ÀÁÉÅÉ͈] /¿:ÄÄ"¢Œ> stream -H‰b`À™˜YàV6vN.n^>~AVFZ„„EDс˜¸„$¦(—Âa(ÔhiY¼ - MB -endstream endobj 1122 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 18 0 R /Length 64 /Filter /FlateDecode >> stream -H‰b`À™˜YáV6vVN.n^FÜZXùø0 °aÀ/(ŠÛ\Ñbâx00°É~ -endstream endobj 1123 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 13 0 R /Length 49 /Filter /FlateDecode >> stream -H‰b`À™˜YñªÀ¢‡•prqó`Š¢^>üv1ò p @€‘' -endstream endobj 1124 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 17 0 R /Length 49 /Filter /FlateDecode >> stream -H‰b`À™˜YñªÀ¢‡•pprqcF\<øíbäåãÀo9@€®`õ -endstream endobj 1125 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 25 0 R /Length 49 /Filter /FlateDecode >> stream -H‰b`À™˜YXñªÀl¬ìœ˜€‹›‡‹02àãÀo« !ÇãÓy -endstream endobj 1126 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 32 0 R /Length 55 /Filter /FlateDecode >> stream -H‰b`À ™˜ñ«ÀÔÂÂÊÆÎÁÉÅÍÅќ¼|œ¼<ø¿€ ~«„…E9 Àaß -endstream endobj 1127 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 37 0 R /Length 56 /Filter /FlateDecode >> stream -H‰b`À ™˜Yð+Á¦‹•ƒ“‹›‡xùøy9ð!aü61ŠˆŠ1° ÀÉãG -endstream endobj 1128 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 35 0 R /Length 60 /Filter /FlateDecode >> stream -H‰b`À ™˜Yñ+ÁÔÃÊÆÎÁÉÅÈÈÍÃËü<‚ü|8‡¯°ˆ¨~sÅ%$ ¹ À%fX -endstream endobj 1129 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 27 0 R /Length 61 /Filter /FlateDecode >> stream -H‰b`À ™˜Yñ+ÁÔÃÊÆÎÁÉÅÈÀÈÍÉ<¼|üì8€¯ °ˆ(‹ÅÄ%¹ À‡A -endstream endobj 1130 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 26 0 R /Length 59 /Filter /FlateDecode >> stream -H‰b`À ™˜Yñ+Á¢‰•ƒ‘“‹›‡øøyqA!aQ1‚Ö0ŠK0JP`ãý -endstream endobj 1131 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 30 0 R /Length 56 /Filter /FlateDecode >> stream -H‰b`À ™˜Y˜ð+ÁXÙؙ˜88¹¸yxùøA€[@à"h “°0A5 ¢ó -endstream endobj 1132 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 65 0 R /Length 53 /Filter /FlateDecode >> stream -H‰b`À™˜ (Á¥“…•ƒ“‹¸yxùø9ñnABÖ ‹ˆt -@€±H -endstream endobj 1133 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 99 0 R /Length 52 /Filter /FlateDecode >> stream -H‰b`À™˜YX ¨Á¥•‘ƒ“‹xxùø¹ñA!FBÆ ‹ˆRÃ`ÈãM -endstream endobj 1134 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 104 0 R /Length 49 /Filter /FlateDecode >> stream -H‰b`À™˜Y ¨Á§•ƒ“‘ DãÜ<¼„laäã è€yÁn -endstream endobj 1135 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 102 0 R /Length 50 /Filter /FlateDecode >> stream -H‰b`À™˜Y ¨Á§•ƒ“‹›7àáåã h” 0A—„Ï• -endstream endobj 1136 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 94 0 R /Length 49 /Filter /FlateDecode >> stream -H‰b`À™˜YX ¨ÁØØ98¹¸yXyù¸p~A!a"¬`%¬ - À«Ñö -endstream endobj 1137 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 95 0 R /Length 46 /Filter /FlateDecode >> stream -H‰b` ™˜ ©Á§…•‘ƒ•àâæ!Æ^F>~Âê vÒb -endstream endobj 1138 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 97 0 R /Length 46 /Filter /FlateDecode >> stream -H‰b` ™˜YX )§Ÿƒ‘“‹7àáåãg$lŽ€ aUœ"Ï -endstream endobj 1139 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 105 0 R /Length 46 /Filter /FlateDecode >> stream -H‰b` ™˜Y )"d+;>ÀÁÉÅÈÍÀŃÏF^>~Âî0jáM -endstream endobj 1140 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 113 0 R /Length 48 /Filter /FlateDecode >> stream -H‰b` ™˜Y )ÂXÙØ98ñ.n^>~A<1 - ‹v@€•íÜ -endstream endobj 1141 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 118 0 R /Length 56 /Filter /FlateDecode >> stream -H‰b` ™˜YX )ÂXÙØ9888¹¸YYyxùøñ>.>A!a<±Šˆá €øý -endstream endobj 1142 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 116 0 R /Length 49 /Filter /FlateDecode >> stream -H‰b` ™˜ *¦…• Ø98¹¸9؈<¼¸-âã$ƒ-‘ -endstream endobj 1143 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 107 0 R /Length 48 /Filter /FlateDecode >> stream -H‰b` ™˜Y ªÂ¢•88¹¸9؉l¬¸íaäáå##¡ -endstream endobj 1144 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 108 0 R /Length 49 /Filter /FlateDecode >> stream -H‰b` ™˜Y ªÂ¢• 88¹¸9؉<¼ |8Mã$˜FÅ -endstream endobj 1145 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 110 0 R /Length 42 /Filter /FlateDecode >> stream -H‰b` ™˜Y ªÂ¢•4ÀÁɅÓ"FnF^–(£ -endstream endobj 1146 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 109 0 R /Length 45 /Filter /FlateDecode >> stream -H‰b` ™˜Y˜ªBL¬lìœ\$n^œöð1ñ ã€ÏZU -endstream endobj 1147 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 73 0 R /Length 44 /Filter /FlateDecode >> stream -H‰b` ™˜Y+C¬Œlì$N.nFÜnàáåÃ-‹«}ç -endstream endobj 1148 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 74 0 R /Length 42 /Filter /FlateDecode >> stream -H‰b` ™˜Y +CÑÂÊÆÎFààäÂc #7/1n0…¦{ -endstream endobj 1149 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 76 0 R /Length 40 /Filter /FlateDecode >> stream -H‰b` ™˜Y +CÑÂÊÆN"ààÄg#71n0“ϝ -endstream endobj 1150 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 71 0 R /Length 42 /Filter /FlateDecode >> stream -H‰b` ™˜Y˜+CL¬lì¤vN> stream -H‰b` ™˜YˆP,¬lì$N.nF|.àáåÃ'ª}Ú -endstream endobj 1152 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 70 0 R /Length 41 /Filter /FlateDecode >> stream -H‰b` ™˜Y‰P‡ÐÀÊÆNààäÂg#7/Q.0–Ÿ£ -endstream endobj 1153 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 78 0 R /Length 41 /Filter /FlateDecode >> stream -H‰b` ™˜Y‰P‡ÐÀÊÆNààäÂg#7/Q.0–Ÿ£ -endstream endobj 1154 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 87 0 R /Length 44 /Filter /FlateDecode >> stream -H‰b` ™˜YX‰Pl 윤.n^|ð±ò ç€Å$ -endstream endobj 1155 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 88 0 R /Length 54 /Filter /FlateDecode >> stream -H‰b` 0213²£ªœ•88¹¸‘x<¼ìh€_€¿‚BÂøUÀ@€¥>Ð -endstream endobj 1156 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 90 0 R /Length 54 /Filter /FlateDecode >> stream -H‰b` 021³0£¢š•pp"󸸡 ^>~ÍÉ.@ÀpFA!aâì0¦Ð -endstream endobj 1157 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 227 0 R /Length 65 /Filter /FlateDecode >> stream -H‰b` 021³0£XÙØ98‘;7/;˜ÍÇ/ aq -q ‹ˆ9bâ„Ìf””"Î~€çä‹ -endstream endobj 1158 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 79 0 R /Length 66 /Filter /FlateDecode >> stream -H‰b` 021³0£˜XÙؑ'7;/„ËÇ/ ad`—db$d½”4‘ÖDZ/ -endstream endobj 1159 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 84 0 R /Length 59 /Filter /FlateDecode >> stream -H‰b` 021³°¥¨–pr1¹y <^>~A!!NaF"Íj#R5@€£«· -endstream endobj 1160 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 82 0 R /Length 63 /Filter /FlateDecode >> stream -H‰b` 021³0¥’•prt2róðòðñs22 - p‹ˆ²gH¯˜¸‘¶¦²Å -endstream endobj 1161 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 397 0 R /Length 62 /Filter /FlateDecode >> stream -H‰b` 021³0¥’‘• pp‚tr1póðòñ  - 3Šˆ²‰ŠiØHq F.├…§ -endstream endobj 1162 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 386 0 R /Length 57 /Filter /FlateDecode >> stream -H‰b` -0213²§’•pp2‚Ź¸xxùø…„EDʼn³¬S\B’Xåš™¨ -endstream endobj 1163 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 391 0 R /Length 58 /Filter /FlateDecode >> stream -H‰b` -021³0¥•pr52ró02òòñ ð 2 - g+ÔHQ1¢ì€š} -endstream endobj 1164 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 425 0 R /Length 58 /Filter /FlateDecode >> stream -H‰b` -021³0¥•88¹¸9xxù€L~¸FFA!va¢ B2RTLœX-…#] -endstream endobj 1165 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 414 0 R /Length 63 /Filter /FlateDecode >> stream -H‰b` -021³0¡Ž‰•ƒ“‹›‡—‰Ÿƒ]@®‘IH˜]„—ƒ@”ILœh‹|i -endstream endobj 1166 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 349 0 R /Length 58 /Filter /FlateDecode >> stream -H‰b` 021³0TÄÊÆÎÁÉÅÍQÉÈËÇÁÉÉ/€ÐÇ((ÄÅ%LÐTCEDňÖ`v5 -endstream endobj 1167 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 335 0 R /Length 59 /Filter /FlateDecode >> stream -H‰b` 021³0RÃÊÆÎÁÁÁÉÅÍæóðòñs°³ ô1 - - ‹2ÝTQ1q¢µ€íM -endstream endobj 1168 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 376 0 R /Length 59 /Filter /FlateDecode >> stream -H‰b` 021³0âWÂÊÆÎÁ \ÜP…¬<¼|ü\¬¬SùØXqèÇe³0#ÑZ x& -endstream endobj 1169 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 379 0 R /Length 53 /Filter /FlateDecode >> stream -H‰b` 0213²àUÁÂÊÆÎÁÉÅÎÍÃÓÃËÇÍς_A{… ª‚€SlÏ -endstream endobj 1170 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 366 0 R /Length 47 /Filter /FlateDecode >> stream -H‰b` 021³0âUÁÊÆÎÁÉÈÅÍà SÇÈÇ/ ÈJ¬ äڋ  PY® -endstream endobj 1171 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 367 0 R /Length 40 /Filter /FlateDecode >> stream -H‰b` 021³0VÆÊÆÎÁÆJ¬¡ÄØËÉÅÈM´j€KQ -endstream endobj 1172 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 368 0 R /Length 36 /Filter /FlateDecode >> stream -H‰b` 0213²¡Œ•‘h3‰0Žƒ“ó ­3 -endstream endobj 1173 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 360 0 R /Length 31 /Filter /FlateDecode >> stream -H‰b` 021³0­šZ€‘•[ P -endstream endobj 1174 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 361 0 R /Length 32 /Filter /FlateDecode >> stream -H‰b` 021³0­šZ€‘•‘xå J -endstream endobj 1175 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 362 0 R /Length 35 /Filter /FlateDecode >> stream -H‰b` 021³°²±°©œZ€…ƒ“‹…õhD -endstream endobj 1176 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 378 0 R /Length 38 /Filter /FlateDecode >> stream -H‰b` 021³°²1«œJ€‘ƒ“‘‘‹›H‹ H -endstream endobj 1177 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 380 0 R /Length 39 /Filter /FlateDecode >> stream -H‰b` 021³0²²1©œZ€‘ƒ‘“‘‹›‡H‹ ¯U -endstream endobj 1178 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 372 0 R /Length 45 /Filter /FlateDecode >> stream -H‰b` 021³°²1±s0q¥žZ€‰‹›‡‰‰—_€‰( 0Œ• -endstream endobj 1179 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 373 0 R /Length 45 /Filter /FlateDecode >> stream -H‰b` 021³°²±sprq3£žj€‘‡—‘ŸQ@PH˜8‹ AÄ -endstream endobj 1180 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 374 0 R /Length 50 /Filter /FlateDecode >> stream -H‰b` ™˜YXÙØ98¹¸yx ©§&àcä`d"Îb€Xø -endstream endobj 1181 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 342 0 R /Length 54 /Filter /FlateDecode >> stream -H‰b` ™˜YXÙØ99¹¹yx i "`äã`d`— B@€_è4 -endstream endobj 1182 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 343 0 R /Length 53 /Filter /FlateDecode >> stream -H‰b` ™˜YXÙØ99¹¸yxù i "`ä`bd`a#Æf€_X -endstream endobj 1183 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 340 0 R /Length 50 /Filter /FlateDecode >> stream -H‰b` ™˜Y˜˜Xؙ٘88™¸¸™i `‡XÇÄÃËÇÏ$ HŒÍGsÌ -endstream endobj 1184 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 337 0 R /Length 53 /Filter /FlateDecode >> stream -H‰b` ™˜YXÙØ98¹¹yx ê `äãÚÆÈ+($Ä(,BŒÅW û -endstream endobj 1185 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 338 0 R /Length 55 /Filter /FlateDecode >> stream -H‰b` ™˜YXÙØ99¹¸ ê `äáåcäg— B @€T{5 -endstream endobj 1186 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 354 0 R /Length 51 /Filter /FlateDecode >> stream -H‰b` -021³°²±32r0sr§…bÀÈÍÃË´™_@IH˜Q„=A|à -endstream endobj 1187 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 355 0 R /Length 49 /Filter /FlateDecode >> stream -H‰b` 021³°2²1²sp2©…RÀÈÅÍÃÈÀÈËÇ/ ($,B”µ;EÚ -endstream endobj 1188 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 356 0 R /Length 49 /Filter /FlateDecode >> stream -H‰b` 021³°20²±s0«…2ÀÉÈÅÍÈÊÀÀÃËÇ/ ($L”µ3üÉ -endstream endobj 1189 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 348 0 R /Length 46 /Filter /FlateDecode >> stream -H‰b` 021IV6v¢õPX88¹XX¸yxùXø‰³ À-²² -endstream endobj 1190 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 382 0 R /Length 42 /Filter /FlateDecode >> stream -H‰b` 0213IV6F¢õPÙ98¹¸yx‰· À1c -endstream endobj 1191 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 413 0 R /Length 44 /Filter /FlateDecode >> stream -H‰b` 021³0)V6vF¢5‘98¹¸yxù˜ˆ· À#vs -endstream endobj 1192 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 417 0 R /Length 47 /Filter /FlateDecode >> stream -H‰b` 021³°²10°±sp²«‰ÀÆÅÍÃÆÀÆËÇ/ H¼}> stream -H‰b` 021³°²120°3rp2²©‹|ÀÈÅÍ´—‘_@‘hm7½¨ -endstream endobj 1194 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 407 0 R /Length 48 /Filter /FlateDecode >> stream -H‰b` -021³°²±ƒ™œ\ŒÄé¢0róð220òñ3 - -o@€:Ô³ -endstream endobj 1195 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 411 0 R /Length 52 /Filter /FlateDecode >> stream -H‰b` 021³°²±sp2r10róð)Ú>~AF!FaQF1q ‹H`hc8 -endstream endobj 1196 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 410 0 R /Length 52 /Filter /FlateDecode >> stream -H‰b` 021³020²²±39œ\ŒDi#0róð‚¬âã`&Ú:€?ÖÉ -endstream endobj 1197 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 426 0 R /Length 45 /Filter /FlateDecode >> stream -H‰b` 021³0)V6vF´‘89¹¸y€Vñòñƒ1± -Ǫ -endstream endobj 1198 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 422 0 R /Length 41 /Filter /FlateDecode >> stream -H‰b` 021³0’¡XÙØA6p0rr12róm@€(V -endstream endobj 1199 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 420 0 R /Length 50 /Filter /FlateDecode >> stream -H‰b` 021³0‚hV6vFô‘ 89¹¸yxxùù…„yˆÕ `:í -endstream endobj 1200 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 389 0 R /Length 50 /Filter /FlateDecode >> stream -H‰b` 021³°²1‚X윌Äk$0rqó02ð2òñ3 - - “`@€:èÇ -endstream endobj 1201 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 406 0 R /Length 53 /Filter /FlateDecode >> stream -H‰b` 021³°²±s0™œ\܌Dk$ð0òòñ 00 - - 󋈊‰“`@€W* -endstream endobj 1202 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 393 0 R /Length 53 /Filter /FlateDecode >> stream -H‰b` 021³02²²1‚Ø윌Dë$0rqó02òòñ  - ‹ˆŠ‘`@€H- -endstream endobj 1203 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 388 0 R /Length 55 /Filter /FlateDecode >> stream -H‰b` 0213²°²±s0ٜ\܌Dë$ð0òòñ 0 - - ‹ˆŠ‰KHJ‘`@€cög -endstream endobj 1204 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 385 0 R /Length 56 /Filter /FlateDecode >> stream -H‰b` 021³010±²±3yLœ\LÄj%0qóðmâã'Á"€T¿' -endstream endobj 1205 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 394 0 R /Length 55 /Filter /FlateDecode >> stream -H‰b` 021320²°²1‚8윌\Dë%póðòòp30òñ 0 - - ‹0’¢ ÀLœÿ -endstream endobj 1206 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 401 0 R /Length 53 /Filter /FlateDecode >> stream -H‰b` 02132²°²±3‚yœ\ŒDë%0rópMfäåãg&É€C\Ô -endstream endobj 1207 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 405 0 R /Length 59 /Filter /FlateDecode >> stream -H‰b` 021³°²±sprqó00pòòñsò­™xÀ) (4˜‡SXD”“SL\‚“ݏҙ -endstream endobj 1208 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 400 0 R /Length 57 /Filter /FlateDecode >> stream -H‰b` 021³°²±3rprq320òðò1¯™x[øæ - ‹ˆŠ12ŠKH’d @€pFO -endstream endobj 1209 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 395 0 R /Length 56 /Filter /FlateDecode >> stream -H‰b` 021³°²1²spr12póðò±2’ ›H;øÙÀ,!aFQ1&nR´gL -endstream endobj 1210 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 399 0 R /Length 49 /Filter /FlateDecode >> stream -H‰b` 021³°2‚l쌤ê&8¹¸y€¦2òò1ò  -‘j@€5¦´ -endstream endobj 1211 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 259 0 R /Length 54 /Filter /FlateDecode >> stream -H‰b` 021³°²±s00p2rqó0’¨ ñ¼|ü@3…„…EDÅÄ9IÓ`_”6 -endstream endobj 1212 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 260 0 R /Length 53 /Filter /FlateDecode >> stream -H‰b` 021³°2²±ƒÙœ\ŒÜ¤é'd<//#æãd%Ñ|€T| -endstream endobj 1213 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 265 0 R /Length 50 /Filter /FlateDecode >> stream -H‰b` 021³°2ÂylìŒø”“ 9¹¸&òðòñ 2 - ‹j<@€=äÚ -endstream endobj 1214 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 263 0 R /Length 50 /Filter /FlateDecode >> stream -H‰b` 021³0Ây¬l윌x”“ -¹¸yy4?ÐXFA!RM08ÿ´ -endstream endobj 1215 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 255 0 R /Length 57 /Filter /FlateDecode >> stream -H‰b` 021³°2²±sp2r¸Ü<¼Œ|$™€ð  - 3‚ÌR|ŒbâŒ$`ke, -endstream endobj 1216 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 256 0 R /Length 52 /Filter /FlateDecode >> stream -H‰b` 021³°²±spr1rƒ¸<¼|Œ¤™€Ïp~A°iŒBŒ"¢bd˜ `bN -endstream endobj 1217 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 257 0 R /Length 51 /Filter /FlateDecode >> stream -H‰b` 021³02²²1‚Øìœ\Œ$Ã`n^F>0‹_€‘QPˆ ƒ ?9· -endstream endobj 1218 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 266 0 R /Length 55 /Filter /FlateDecode >> stream -H‰b` 021³°22²±3‚yœ\ŒÜ¤šÃ`^> ¡ü‚ŒBÂ"Œ¢bŒ¤`U¡ - -endstream endobj 1219 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 274 0 R /Length 56 /Filter /FlateDecode >> stream -H‰b` 021³°²±sp2r¹Ü<܌¤š ð2òñ €Lbc— Ã\€j.@ -endstream endobj 1220 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 279 0 R /Length 56 /Filter /FlateDecode >> stream -H‰b` 021³0²²±s0‚¹œŒ\Ü<Œ¤‚Í\^>~FCPHXDTŒQ\‚ c cÚ6 -endstream endobj 1221 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 277 0 R /Length 55 /Filter /FlateDecode >> stream -H‰b` 021³02²²±3Bùœ\܌¤š‚i,/?ØFA!FaQ1q2L0Z -endstream endobj 1222 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 268 0 R /Length 51 /Filter /FlateDecode >> stream -H‰b` 0213² óYÙØ9H6ÍPN.nF0“—_€QPHX„‘ s @Ú -endstream endobj 1223 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 269 0 R /Length 62 /Filter /FlateDecode >> stream -H‰b` 021³020²²±spr¸yxùH6ð3 - -1‚Ìeg”`“”â"à €}Ey -endstream endobj 1224 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 271 0 R /Length 59 /Filter /FlateDecode >> stream -H‰b` 021³°²±sprq3òù<Œ¼|üŒ¤›ƒŒ‚BÂ`EDÅÅ%$¥È3 ÀŠ -ƒ -endstream endobj 1225 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 253 0 R /Length 55 /Filter /FlateDecode >> stream -H‰b` 021³°21±±3xLœ\ÜLdL<¼|LŒ`+¿“ °™ÆQ×í -endstream endobj 1226 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 235 0 R /Length 56 /Filter /FlateDecode >> stream -H‰b` 021³0²2²±3B¸œ\܌d™ÖÎÃËÇÒÎ( ($,Â(*&.A¦ibµ7 -endstream endobj 1227 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 236 0 R /Length 56 /Filter /FlateDecode >> stream -H‰b` 021312²°²1Bùìœ\ŒdÔÌÍÃËÖÌÈ/ ($,"*&.A¦a_Ø8 -endstream endobj 1228 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 238 0 R /Length 60 /Filter /FlateDecode >> stream -H‰b` 021³0²²±sprqóð²øøÉ3KHX¢U”QL\BRJZFVNž<³ ³ -endstream endobj 1229 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 233 0 R /Length 60 /Filter /FlateDecode >> stream -H‰b` 021³0‚hV6vF°'7#9Fñòññ5ò 0 - - ‹ˆŠ‰KHJI“c4Ÿ -endstream endobj 1230 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 228 0 R /Length 67 /Filter /FlateDecode >> stream -H‰b` 021³0i&V6v&&N.&&n^>&’Mbâæjcfgb’”’–!ËU@`“`¼ -endstream endobj 1231 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 232 0 R /Length 67 /Filter /FlateDecode >> stream -H‰b` 021³020²²±sp2rqó0…xùøI5GPHX¤‰QTL\BRJZ†QVNžQ> stream -H‰b` 021³°2²±s0rr1rs2‚„xxùøI1D€QPHX¬…QTL\BRŠAšQFVŽ$CP@€¦Gæ -endstream endobj 1233 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 247 0 R /Length 60 /Filter /FlateDecode >> stream -H‰b` 021³02²²±3Bùœ\܌> stream -H‰b` 021³°²±±sp21BDظ¸yxù؈ÔÏÆ/ ($ QÍ&"*ÆÆ&.Á&I¾{@ ÀŠÐ -endstream endobj 1235 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 251 0 R /Length 59 /Filter /FlateDecode >> stream -H‰b` 021³020²²±3„88¹¸yxñé‚>F~A!Fa¨Y"¢b⌒0>¹ À{Wb -endstream endobj 1236 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 246 0 R /Length 64 /Filter /FlateDecode >> stream -H‰b` 021³°2²±s0rr1BŸyxùøYñjkªg””b”–‘%¬/0Ÿà -endstream endobj 1237 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 241 0 R /Length 66 /Filter /FlateDecode >> stream -H‰b` 021³°2²±s0rrq3rÂDyxùøà\ì€SPHXDTŒÊc—”’–a”•“g$ß= `ÀÏ -endstream endobj 1238 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 245 0 R /Length 66 /Filter /FlateDecode >> stream -H‰b` 021³0²2²±31„X98¹¸yyqjbeäã‚©`e—d”’–aÄ©‹(`–Ú¿ -endstream endobj 1239 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 280 0 R /Length 67 /Filter /FlateDecode >> stream -H‰b` 021³°21±±s0q"D™¸¸yxùø™±ëc‚+—`’”’–‘e’“W`ª‡h`½' -endstream endobj 1240 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 314 0 R /Length 69 /Filter /FlateDecode >> stream -H‰b` 021³0²2²°±spr1"‰sóðòñ 2¢k`å—@V,)Å(-Ã(+'¯ ¨$D‘{ ß²† -endstream endobj 1241 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 319 0 R /Length 72 /Filter /FlateDecode >> stream -H‰b` 021³°2²±sp2rq3ò Ëðòñ  - ‹0"ÄDÅÄ%$%¥¤eb²rò -ŠJŒ ŒÊ*ªŒ ”€Éó -endstream endobj 1242 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 318 0 R /Length 83 /Filter /FlateDecode >> stream -H‰b` 021³0²²±3rpr1¢Iqóðòñ ð - ‹ˆŠ‰ŠK ò HJIË0È20ÊÉ+(*)«¨ª©khj12jëè2bµƒ`•ÿ{ -endstream endobj 1243 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 313 0 R /Length 76 /Filter /FlateDecode >> stream -H‰b` 021³02²²±3rpr1¢Hqóðòñ  -A€°ˆ¨˜8·X¤”´ P-£¬œ¼‚"£’²Š*£šº#V HN/¶ -endstream endobj 1244 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 308 0 R /Length 70 /Filter /FlateDecode >> stream -H‰b` 021³0²²±3rprqó0òb*àãAˆˆŠ‰KHU2JIËȊ32ÊÉ+0**)‹`è%÷§È -endstream endobj 1245 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 312 0 R /Length 66 /Filter /FlateDecode >> stream -H‰b` 021³01±²±3qpr1qó0Ařxùøx™°ëaâÊ - ‹ˆŠ‰KH210IIËàPK0§sÊ -endstream endobj 1246 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 320 0 R /Length 68 /Filter /FlateDecode >> stream -H‰b` 021³°²13³sp2sqó0CDy™ùø˜±ë`bf—`–”’–ab–•c–¡Ü% ¾1 -endstream endobj 1247 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 328 0 R /Length 75 /Filter /FlateDecode >> stream -H‰b` `dbfaddecddçàäbd`àæáåcädDR#$,"*`—`””’–‘•“gTPTRVaTUcÄa6i À òô -endstream endobj 1248 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 333 0 R /Length 72 /Filter /FlateDecode >> stream -H‰b` `dbfaedcgäàäâæ ðò12ò 0"«ˆ2Š‰3JHJIËÈÊ1Ê+(*)«¨ª1b5™T`Óò -endstream endobj 1249 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 331 0 R /Length 71 /Filter /FlateDecode >> stream -H‰b` `dbfaddecdçàdr¹¸yxùøQ - B…EDÅÄ%$¥¥eeåä•”±L20êÑ• -endstream endobj 1250 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 327 0 R /Length 68 /Filter /FlateDecode >> stream -H‰b` `dbfaecgä``à`ääâfäáåcDQÀ/ `fagd”d”’–‘•“gÄn(É À»b -endstream endobj 1251 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 321 0 R /Length 65 /Filter /FlateDecode >> stream -H‰b` `dbfa„0YÙØ9™8¹Qpóð22ðññ 0 - - 3ŠˆŠ12ŠK0JJIË0b3,`™Ù³ -endstream endobj 1252 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 326 0 R /Length 69 /Filter /FlateDecode >> stream -H‰b`  -`dbfaec‡pØ98¹ØÙ¹yxùøÙJ؅؅EDÅÄÙ%$¥Ø¥edÙÙåä•”Ù±›I0àÄ -endstream endobj 1253 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 324 0 R /Length 73 /Filter /FlateDecode >> stream -H‰¬ŽÅ€0ÀÜ݋KÙCŽë -Í/yE#`Ù8®‡?‰â$Ír -ʪnÚ¿v=Ã8ÉyaÝvŽó‚ûQ/f4Ÿ)„ -endstream endobj 1254 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 288 0 R /Length 72 /Filter /FlateDecode >> stream -H‰¬ŽÇ€ Àˆ‚½wE,°ÿŽzºù%¯á‚¤Šø$N Íò¢¬ nÚ®óÀ8Á¼¬›DïsœpÝÖáçàç`ÿŠ© -endstream endobj 1255 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 289 0 R /Length 73 /Filter /FlateDecode >> stream -H‰¬ŽG€ À6öŽ`/€þÿ“êŒO §LN Q Išñy^”PÕ m‡ê5fx3ã4³¬Û~œXçñÎ"\7a~ÿ„ -endstream endobj 1256 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 291 0 R /Length 70 /Filter /FlateDecode >> stream -H‰b`  -`dbfaddec±Ù98¹¸yxùø…„E€ÂŒ¢b⌒RŒÒ2Œ²ròŒ -ŠJŒÔ±ï(c -endstream endobj 1257 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 286 0 R /Length 69 /Filter /FlateDecode >> stream -H‰b` `dbfadec1Ù98¹¸yyùø……EE¢b⌒ÜRŒÒ2Œ²ròŒ -ŠJŒT² óŸl -endstream endobj 1258 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 282 0 R /Length 69 /Filter /FlateDecode >> stream -H‰b` `dbfaecd``gäàäâæáåcä`eɋKH2JIË0ÊÊ1Ê+(2*)«0RËn0 -Ð¥ -endstream endobj 1259 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 283 0 R /Length 53 /Filter /FlateDecode >> stream -H‰b` :`dbfadecçàäbäæáe䃈ò 2 - ‹ˆŠ‰KHJI3Rß^0•« -endstream endobj 1260 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 284 0 R /Length 50 /Filter /FlateDecode >> stream -H‰b` `dbfabecçàäâf‚1ñðò1ñ  - ‹ˆŠ‰K0ÑÄ^€wp7 -endstream endobj 1261 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 302 0 R /Length 54 /Filter /FlateDecode >> stream -H‰b` `dbfaecçàäâæaååcàg``deg•”b¥‰½ ”»~ -endstream endobj 1262 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 303 0 R /Length 49 /Filter /FlateDecode >> stream -H‰b` `dbfadecçàäbd`àæáåcdäàf§¥o¹& -endstream endobj 1263 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 305 0 R /Length 42 /Filter /FlateDecode >> stream -H‰b` )`dbfaed``cdçàäbäæaä -òñ3ÒÈ>€0Õ -endstream endobj 1264 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 300 0 R /Length 30 /Filter /FlateDecode >> stream -H‰b`  `dbfa…qXÙØYñ)¦É' -endstream endobj 1265 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 294 0 R /Length 24 /Filter /FlateDecode >> stream -H‰b` 7`dbfae¤‘ár -endstream endobj 1266 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 299 0 R /Length 23 /Filter /FlateDecode >> stream -H‰b` 7`dbfa¤•á¶ -endstream endobj 1267 0 obj << /Type /XObject /Subtype /Image /Width 207 /Height 1 /BitsPerComponent 8 /ColorSpace 297 0 R /Length 22 /Filter /FlateDecode >> stream -H‰b` 7`dbf¡™á] -endstream endobj 1 0 obj << /Type /Page /Parent 6 0 R /Resources 2 0 R /Contents 3 0 R /MediaBox [ 0 0 595 842 ] /CropBox [ 0 0 595 842 ] /Rotate 0 >> endobj 2 0 obj << /ProcSet [ /PDF /Text ] /Font << /TT2 296 0 R >> /ExtGState << /GS1 673 0 R >> /ColorSpace << /Cs6 293 0 R >> >> endobj 3 0 obj << /Length 950 /Filter /FlateDecode >> stream -H‰”UM£F½ó+êØD¢0`8n&Q4‘²ŠvH¢h7‡6´M'L7¡ø÷[ýaãñnVŠ|0Ÿ¯^½÷ªø¾Ú6‡ Úc”åâÿê†Ö5ì˚6Uºƒö%zxÔtÚ=‚îdôðÓs'¥ÐvQ’Ò4MKh_#òd@h0 -¤2¼30‡-ä Þ?=?>‚áqûw”•´Æ×ã‡èÑù£Ü‚}$Ú@—´$,Æ"{b¬jqW€ÍØÉϜ éŽNqjïa}_¨SIüWûs”„ZIF³òZ¯¸²Ï*Ç^ͽÌX¢fà0ó‘3Í-œ=uœ3º«n(gWˆÜCœ¸ä3aZ£è(´êqz#§yúöÚíîeG+ ®îQÍ/ ŽÀƒ$ßÑê‹Vv^0×uòÛû§8ÙÓùðî~_FËè FaVxן…Vó -J‚S&«iZޚo¢xÌ×At¼ZöHKÈn\z£ÿ8£Ñ‚Èë-³ý†WxÀ‰™nàšÂqƒnqë-šæàYF#÷DĈRÔ ñmó.F½»Çü †‡ª;9³%;nyÛ¤tJEÏmJ*b<j;û» q.]x¼·]lªøl’‰Ï—†¸ewæ²W³5šõ«UešÕÙy]Ð"»Qws:sò$ËÔ3Ãuș˜íÛýÒ+2§àm÷H+7+ÂÝo¿ÃŽõ1³ƒç[ôSpH!m–â=­ ï/â•ù ¿·‚ŠÀ4h…qÁÿIi-#Aõ%®7¿ˆƒÃ~«c}Å߅È2cœ-51BÙÀ³¸°ÙÄ -âÎg{žîš ןlÊâ¤W»ò«-åûP²3Ëm’FX¤FĆ`.ûeÄ­5ùì »éÅ»¸…4ºá%ua½®[ð¿VKÞ8“p…í‚q“+‚êII ÜûŠ¡äéèâ?°³é߅k«:á>r>Â÷Ÿ_N­óò>mÛZùHÐ œƒ€µ.óÖ5>‘8©°au…ž&Fí§ã ÎüSL7[m•k¿É¥a[àQ-cïH»‰›-^N°ÛŽ‹ÉøAæÀq‰(½E°nnHW÷_Àé`pÌq.ȊKÍGêv˜ý5$‹»£GUµåëÆüìžã·¼›oÐÝF÷ ü‰‰ÆÀŇëb\¿å×ÿ9@­˜Õ<'a }Àgœêı¤£}¡u¿€pØÒx»àawŠâ‰4a*ÐåÚáÝQ^崆¢jh>ò÷ýüØFŸJÀ!l -endstream endobj 4 0 obj << /S /D >> endobj 5 0 obj << /Nums [ 0 4 0 R ] >> endobj 6 0 obj << /Type /Pages /Kids [ 11 0 R 1 0 R ] /Count 2 >> endobj 7 0 obj << /CreationDate (D:20030702131359+01'00') /ModDate (D:20030702131359+01'00') /Producer (Acrobat Distiller 5.0 \(Windows\)) /Author (uniras) /Creator (PScript5.dll Version 5.2) /Title (Microsoft Word - Covering Letter.doc) >> endobj 8 0 obj << /Type /Metadata /Subtype /XML /Length 1089 >> stream - -Microsoft Word - Covering Letter.doc - - -endstream endobj xref 0 9 0000000000 65535 f -0000275342 00000 n -0000275492 00000 n -0000275629 00000 n -0000276652 00000 n -0000276682 00000 n -0000276724 00000 n -0000276795 00000 n -0000277038 00000 n -trailer << /Size 9 /ID[<60fee8f0a7aa5e5930d8ab5a36aee088><61d6746a07d1d4e2932a4e5f16fbc432>] >> startxref 173 %%EOF \ No newline at end of file diff --git a/SecurityTests/clxutils/NISCC/TLS_SSL/Makefile b/SecurityTests/clxutils/NISCC/TLS_SSL/Makefile deleted file mode 100644 index 04d3e1fe..00000000 --- a/SecurityTests/clxutils/NISCC/TLS_SSL/Makefile +++ /dev/null @@ -1,39 +0,0 @@ -# -# Top-level Makefile for NISCC/TLS_SSL. Not compatible with Jasper tools or -# PB project files or Makefiles. Doesn't use SYMROOT, DSTROOT, etc., though -# it does require the LOCAL_BUILD_DIR env var to be set. -# -SHELL := /bin/zsh - -SUBDIRS= certDecode nisccSimpleClient skipThisNisccCert nisccCertVerify - -# default SRCROOT for clean target -SRCROOT ?= $(shell pwd) - -first: - @foreach i in $(SUBDIRS); \ - echo "=== Making $$i ==="; \ - cd $$i || exit 1; \ - make || exit 1; \ - cd ..; \ - end - -build: first - -sphinx: - make "SPHINX=-DSPHINX" - -install: first - -# this module doesn't need to install any headers -installhdrs: - -installsrc: - -clean: - @foreach i in $(SUBDIRS); \ - echo "=== Cleaning $$i ==="; \ - cd $$i || exit 1; \ - make clean || exit 1; \ - cd ..; \ - end diff --git a/SecurityTests/clxutils/NISCC/TLS_SSL/README.txt b/SecurityTests/clxutils/NISCC/TLS_SSL/README.txt deleted file mode 100644 index 5a58c9d9..00000000 --- a/SecurityTests/clxutils/NISCC/TLS_SSL/README.txt +++ /dev/null @@ -1,214 +0,0 @@ - Testing the NISCC SSL Certs - Last Update 12 Nov 2003 by dmitch - -Introduction ------------- -Per 3479950, the British NISCC has discovered a vulnerability in almost -all existing SSL implementation which can result in a Denial of Service -attack when certain badly formatted DER elements are sent by the client -the the server. Specifically the badly formatted element is the client -cert. NISCC has provided a huge array of test certs to verify this -problem. They've distrubuted this set of certs on a CD. - -This directory contains some of that CD, plus some X-specific tools -to test and verify. The bulk of the CD is in the form of 6 large tarred -and zipped bundles of bad certs. Those .tar.gz files are not in the -CVS repositoty because they are so big. When those files are expanded, -they result in hundreds of thousands of (bad) certs. Those certs are -not in the CVS repository either. - -Details of the failures we're testing for ------------------------------------------ -As of this writing, there are three specific bugs in the SecurityNssAsn1 -library which can all cause crashes when an app attempts to decode -certain badly formatted DER. All bugs are in -SecurityNssAsn1/nssDER/Source/secasn1d.c. - -First, when doing an SEC_ASN1_SAVE operation (e.g., saving the -still-encoded subject and issuer names in NSS_TBSCertificate.derIssuer and -NSS_TBSCertificate.derSubject), the code allocates a SECItem for the -whole blob solely based upon the length of the blob indicated in its -enclosing DER sequence or set. However when traversing the actual bits -being saved, each element is copied to the pre-allocated buffer according -to the length field of that element. Corruption and crash can result if -those inner length fields are bad and end up adding up to a size larger than -the preallocated SECItem buffer. The solution is to track the allocated size -of the buffer in sec_asn1d_state_struct.dest_alloc_len, which gets inherited -from parent to child state as does the dest field itself. Whenever an item -is appended to the dest SECItem, possible overflow is checked and the op -aborts if an overflow would result. - -Second, the sec_asn1d_reuse_encoding() routine is called after a -(successful) SEC_ASN1_SAVE op to "back up" to the forked location and -resume decoding it "for real", using the saved-off buffer - NOT the -caller's input. There was a bug here in that a "needBytes" error in the -sec_asn1d_reuse_encoding()'s call to SEC_ASN1DecoderUpdate() was ignored -and thrown out by the calling SEC_ASN1DecoderUpdate(), and processing -proceeds, with possibly hazardous and unpredicatable results. However -a "needBytes" error in the SEC_ASN1DecoderUpdate actually -called by sec_asn1d_reuse_encoding() must be fatal since all the data -is already present - we're not streaming when that update is called -because all of the data is already present in the saved-off buffer. The -solution is for sec_asn1d_reuse_encoding to detect the needBytes status and -convert it into decodeError, thus aborting the caller immediately. (Note -that this generally did not result in a crash, but in undetected decoding -errors.) - -The third bug involved the behavior of the decoding engine if incoming -encoded data claimed to have a very large length. Two problems can occur -in sec_asn1d_prepare_for_contents() in such a case. First of course is the -result of trying to malloc the large size. If state->contents_length is -2**32-1, for example, that malloc will almost certainly either fail or -take much longer than is appropriate. Then there is some arithmetic -involving appending subitems to the alloc_len which can result in -integer overflow: - - for (subitem = state->subitems_head; - subitem != NULL; subitem = subitem->next) - alloc_len += subitem->len; - } - -This bug is avoided by placing a somewhat arbitrary, but perfectly reasonable, -restriction in sec_asn1d_parse_more_length() - the routine which parses -such a huge length - that a 32-bit length value with the m.s. bit set is -invalid. - - -Testing overview ----------------- -There are two flavors of testing provided here. One uses a custom SSL -client, nisccSimpleClient, which performs actual SSL transactions with -an SSL server. The SSL server uses a good cert and requires client -authentication. The SSL client uses a bad cert. Both are based on -SecureTransport. A failure is indicated by the server crashing and -failing to respond to any more client requests. - -The other method of testing focusses exlusively on the failure mode, -which is the decoding and parsing of the bad certs. (The gross failure -mode in an SSL server noted in the previous paragraph is always caused -by the server crashing during the decoding of the client cert.) This testing -is performed by a program called certDecode which simply attempts to decode -every cert in cwd. This is way, way faster than setting up actual SSL -clients and doing SSL transactions. As a result, the entire suite of -"bad" client certs provided by NISCC (about 200,000 certs) has in fact -been verified by this program. Resources to perform 200,000 SSL client -trasnactions have not been marshalled as of this writing. In the opinion -of this author, simply verifying that a process can attempt to decode the -bad certs, without crashing, is sufficient for verifying that the -problem has been solved. - -Building the test programs --------------------------- -The nisccSimpleClient program requires the presence of both the -clxutils/clAppUtils directory and the library it builds. The other -programs - certDecode and skipThisNisccCert - just link against -libCdsaUtils.a. None of these build in a way which is compatible with -Jasper Makefiles or PB project files. All you need to do is to set the -LOCAL_BUILD_DIR environment variable to point to the place where the -executables go. YOu can build each program individually by cd'ing to -the program directory and typing 'make', or just do a 'make' from -here (which is assumed to be clxutils/NISCC/TLS_SSL), which builds -all three. - -Testing using certDecode ------------------------- -The certDecode program is a standalone executable which uses the -SecurityNssAsn1 library to simply attempt to decode either every cert -in cwd, or the single cert specified in the cmd line. Build it by -doing 'make' in its directory. You must have the $LOCAL_BUILD_DIR -environment set. - -You need to obtain and untar one of the NISCC cert bundles. The two -of main concern are simple_client.tar.gz and resigned_client.tar.gz. -Each one of these explodes into about 100,000 certs taking up about -200 MB of disk space. To run the test, cd to the directory containing -100,000 certs and just run "certDecode" with no args. THe result will look -something like this: - - % tower.local:simple_client> certDecode - ....00000001...00000002...00000003...00000004...00000005... - 00000006...00000007...00000008...00000009...00000010...00000011... - 00000012...00000013...00000014...00000015...00000016...00000017... - ...etc.... - -It takes about 30 minutes to run thru all 100000 certs. Two things -will happen: either the program will crash, or you'll see this at the -end: - - 00106148...00106149...00106150...00106151...00106152...00106153... - 00106154...00106155...00106156...00106157...00106158...00106159... - 00106160 - certDecode did not crash. - % - -Test using nisccSimpleClient ----------------------------- - -WARNING this hasn't been tested in a long time (as of 7/18/06). The -nisccSimpleClient builds as of this date but the status of rest of this -is unknown. Stick to the certDecode test, above, which was verified as -of 7/18/06. - -This is much more complicated and takes way longer than the certDecode -test - so long that I still haven't run it with all 200,000 NISCC certs. -But to get started here's what you need to do. - -First you need to build the sslServer program, in clxutils/sslServer. See -the README in clxutils for build instructions. - -You also need the cspxutils/dbTool program. Your PATH variable needs -to include the directory where its executable lives (generally, this is -the same as your LOCAL_BUILD_DIR env var.) - -Then you need to build a custom Security.framework because certain errors -introduced by this test will cause the stock SecureTransport library to -(properly) abort client-side transactions before you get started due to -badly formatted certs. The tag for this Security.framework NISCC_ASN1; -that's a branch off of the PantherGM Security tree. Build the tree and -either install it or make sure your DYLD_FRAMEWORK_PATH env var points -to it for all subsequent testing. - -Now set up the SSL server keychain using the (good) NISCC-supplied server -cert and key. In the NISCC/TLS_SSL/testcases directory do the following: - - % rm -f ~/Library/Keychains/nisccServer - % certtool i server_crt.pem k=nisccServer r=server_key.pem c - -Run the sslServer app from the NISCC/TLS_SSL/testcases directory: - - % sslServer l k=nisccServer P=1200 a rootca.crt u=t - -The "a rootca.crt" tells SecureTransport that the cert which signed the -server's cert is a trusted root cert. The "u=t" tells the server to -request client authentication. If all is well, this program just keeps -on running, serving SSL requests, spewing forth to stdout (do not have -an unlimited scrollback buffer in your Terminal window or your root disk -will fill up.) - -Assuming that you'cve cd'd to the directory containing the nisccSslTest -script (clxutils/NISCC/TLS_SSL/) and that the directory containing the -untarred simple_client certs is in ./testcases/simple_client, just run -the nisccSslTest script with one argument, the port number you supplied -to the sslServer program above: - - % nisccSslTest 1200 - -This assumes that the following executables are accessible via your -PATH variable: dbTool, nisccSimpleClient, and skipThisNisccCert. - -When this is running OK you'll see an endless spew on stdout like this: - - cert 00001012... - ...DB /Volumes/Data_and_Apps/home/dmitch/Library/Keychains/nisccClient wiped clean - Starting nisccSimpleClient; args: localhost 1200 nisccClient - ===== nisccSimpleClient test PASSED ===== - cert 00001013... - ...DB /Volumes/Data_and_Apps/home/dmitch/Library/Keychains/nisccClient wiped clean - Starting nisccSimpleClient; args: localhost 1200 nisccClient - ===== nisccSimpleClient test PASSED ===== - cert 00001014... - ...DB /Volumes/Data_and_Apps/home/dmitch/Library/Keychains/nisccClient wiped clean - Starting nisccSimpleClient; args: localhost 13 1200 01 nisccClient - -...again, do not have an unlimited scrollback buffer in your Terminal -window or your root disk will fill up. diff --git a/SecurityTests/clxutils/NISCC/TLS_SSL/SSL_TLS.pdf b/SecurityTests/clxutils/NISCC/TLS_SSL/SSL_TLS.pdf deleted file mode 100755 index 0b988e4f9d73d77e42909eeab13ab1e12619615f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 110436 zcmce-1yo$iwl0jjC%83E&~Bh{cY?bGcXxLW7Th&xAdsNJHMjrgK zd!Kv%ao>33b+TBss%Fia^3AVmbqI};xFj=(g&mz{ZGHSJItn{G00?j}wnpdY2cWac zS=pNzIa_&~nF2tNM@0ZT7;=*a=mNMofB<$jE`Z*X6aWMQa)g$z3G!`!2jvT)7i`%9bzFH5P%N+^8?}p{AvO0(NX^F;^N@? zdmjkI`OiLfHqbxh!2i?-;$r`&91oc1?{nEe-2aecJ~qvH#r`E>0fcKYRl|<@;~8fIu97 z@y*rQ$ja8t8G;*hR#gaM0AO}>RvCM92f$PG04fkLs5m&d0@xvb{(4e!Hgo@l4h{%9 zSY^a@`OQt(x!E|lP0USrI6xpS4j>oEl$*`eh})bU4B`NB2=cRoc(_eCjZIBJ=ImxB z=3pK!Q)4p|Hg2Ga2`4*`8Hb=A1ZU_ju13zTzpw&Cr=gKhl>CJ_^j|Cg3)*U4j%EN> zF(X$aTL%k>0ZK*|W-b7Bh?l>tlQ(lUGKCC6K>piah=81tv6-z4fDIC#C#k<+8vNws zpUPQP0U#a@0HiM1z+3=UNh@1dGiS)%*2vXN+|0zm6tb|KnZ1RpB>?<~_9sOyuFhsg zcIYV5k;aCGh6t3H2zUqx8ejww1UM|XsA?EcKRlMh8_y8w5TuX;1Oa3j@-e}gO5tjD z3x%<4DD_e9;!zr-EVKB|NJH&*%d#-lZzOU2ON}olsd{Btb<8Hj&DX7l#d)c>ZNc2- zjz%r!?{RdSKVT}6OGzPq@khmq95GLZN)#>#>Vogtgkp=~L82xk$Z`v;gTg`$ zk(eU9Cd>ulR&hESVEKGmaC~2#8x+JEGGX76GMyZw;Wh!)2bLp$kQA;P1_D`{5Q{Pb z=ZFEFP`SAv|)>>>F1ogo!7 z7Y8?Ilc%IXVE8L(Vh;AM5E&N$$8V6yo0(b}i8^>f80%>sCx{Ke#l!ZCwZxnq9RKr( zii0a8QxNgLCivGP|3Z(FvxAAMnJYvsD}+D+tZHVSt^igUJBX=bzqCt2OaVYRlvPcQ z4e(Su5Cb7?4gkj=)c|R80yzGieO4_+V{0>$Kjz5TfdJq?<~$*TRl?I%O7)jbPa36E zK>&`YIH>@Bjfy$gIykF38kv~=T2RadqWFo${}}!YM%f`0_#30YgZpHsxS5NIvz4Q( zgEM3;5f_uEFmv-f5x$s_qqLcog{3Qi6Z}N)Pm)ig%xn;vM1MlG1tk2C^szqa5&a{a z%wSG#05dy~3&PWE+>jE7w4Sz!ClLiBI|%q?rIe&)q#4z$?95yg%sf;a?2POo0y2(-H6mhmPvSku=ur-A!_|HCp zAOJ;Y)%r8GV9=9MPbUBA<5Qmg=HnCN{J-##6AbZ@4g9avasCG%B_;mw@xOHsLVo{) zcYjvvUo!ZsKK_Gu5G|^1#;(6uK+W0B>{o6fk+O1jaTT*Pa(*Ib$nnGI&nFP)(~(2d z%GA};1yY%iy%!QRAOH-3E)c-Y{S-pTp#^e&c)Fh2PZCeC41{jU#yZU0vN zq~z%j=hNu|z{Lh(7s&PW#0dfcxF9OgpE`c&hHT?c15awWA#45;h6wz7>c6J_se%Ur zlBYiO-=_Xy@E-~R%)bG$g-62u={rK1Ef8^jl!|6Ag zp5&h(hW@{U(jQ>^>teqk{-o*2lHd0y2cFtb*B?-S8hvU#RnhN}CpGMl=U*y*Pk9pj zw_E?awEmqt|DM}_Qva_F^#6Wtf9<`0jnco{zj6y1|068_?*HBTqyK-z`)|>|-k)On z*XRGDfCEAVPv!X6`;#5NOZ2xbPxmLzdFn_1J@_Z%LGtu8{JZxFM}O4#|1L%UVb}h9 zmj1bU{W^_2Wl0xOK{8@uPsMBs;P|st^?tt=LcILf9{2lv%+3AZ9H5_ekAI(-W7HSy zr+`>~B45CPN$_7}NMzcO5b}ETX>Ozqnru^=lMlDEnlee7gg4-i8 zXC-4F_H=MW_Uve>zaNK)v?OZFs12^JQnWOaF==CZ4h>e>*S_~)6mb{RaO~spDAKnu zqGePOGCNnTJ;SP5NQ~OJxT?U)ESroM1sX~FB{{hY>vBM$@fxr8Bv(vXy7AT`8}u5Z z3FMvfST1_%S_rYB9@}kV*=w`WM7jpgCu&h>X(xgmoBgmhN`?h39QNQ{ig}XUYhVxQ zuw;rvYbK%4#u#qshI)jFG*Spy#;nh;ZOVKHgJeSz!q9Qo{e^_A)7Z2tpL@EICyhWiXN8`deU7?CkkZ1snhf_<(C zJh4QZl{altN9+paHA+`hRu*` zXuhA0c*Skrg=wsH>wSS;e!-&o2HAUrLg>8x!td;dBe~i;7eoo^dm!02y@z`LJY;Y} z6uX^>zLIvj(hGb~y}jofonEJ}-7nsEC~UE1n8hod5KYCuX;O6`ol>PW<#%j9^D-h~ zuj{Wa64N0!gp0I7q;f^FGpdtQp-hC9Mfgc+XQq}fVDRYiEzG#QTwFRXHN{uC&9~Yu z@>B+FiC|S-!si6<$=MeQ9U+p#lAqZ-FJP#jn;zx=tq zsbBjiCYPICwvfqU)!AsoBh?2J(+*_51&ju7wyjQuFMepTGjS8GjEbKc zbARR<7SlGo77|_VZ%IoYP-TxVW&mw~mLl!58V%uwapWqaF_Sgy_xy}3>U)bmNtHc^ zfjt=KK6fNu`u?0^FOd3Woy012#aHDj^u`fNT?TW;EtGjV+P41nt}B8ai;svvvJ1$NHx) z7k(dk|HpS|HZBgxH%@;t2ISR<69{3F|H==q)R0}(HgO*gA3M07)nEhT(KqGEWN4y= zvF0bSq-hN)gz;QOMcA~ZgQ*EMp2afNgknSw1Wm!2V#fn;4UF@HM5Ci-@I>huqUvpp zVaZbKwgDQZ`bTKeZ;x`XmX{hHAMoJ-NYMb0lc+*R5los1@v%OOOFw=ppPmujz7S%J zN}vwP_W1PPtJ1C71Dnptfado_KRw;_VGYqun+r_MFV6XNd0Aj1%Y=I;CygzXb-!GU z9ylN_@T(8S9BwWxZv}$ou3j+b>0ZooZCBZU(Ezyaj|_>H?)Zi6#!6)@D<4)kyETau z&ppV@%raze_AV$~wV`m(vEPThcOH8+mX)`quis?jUd_1Ra*l#ED)>|W0zi2ktL8x= z8Y#hT=zi=oe|MFfk=EvXWZ>IBQ+cJIkA0*>xZIU@4DD7k-NGG+=Nk+xGI?fQMOI&B z$mZf7VvCS+v;U&oRz%2l-S^YmShu`h7!q+s6t0hk6sd!X^VWnOyhKzW>=Z5e^%1Z1 zV3#2rv_5XNPKju_h^D?*7Kfb*B=LFa9$10W&)MoSW~W(4KPC*|5i7;H)O{EhEOJhk zsJKBeFBDNwA7BCnY@peC2DvE3M{@E~uFd;^c_t#Y%M`wt zwo0VX+BmliZyPJav@lpkUfqC0NQ@rA5XYh=n)y+tp$8^B?9_zjGf9}?;jqoJ{W{gF zeCa)@XFG%wnrcy_&YVBF*Py~Flbt#YERHN*yu-?Pd#j8n*!%2MC5El%bHeVhg3WP{yW0=n_1zICGHod$PlnT-0 z#p(zHA8I0Ek_tD~w3)VtthMRTyetLG$G=w9K+Ji0&$V4`#@Bb-%skycZ@}(J1P@fO)V0?HkIord+ zlTf-^l~}-Qn3PqeIaZKXtvKh!w{)r7>%yPAyww&jD{~&gLDB1(ThMh%%+z(ZCi`mL zrxm87n6eno1{iPsC8*(A<6NDQ$tjiW9ACMlv6pHJ=Iz1OUbqT*qBVW$q}se;6UCSz z**DyP?39l6gN0uGj562qd9@*~RWqi3CKph-dW3V-OTaE+5B;`R%k%(sZ{K5Bt9r?? z!oqmN9pES^fh~#WJ3r65CkyRKxTT?I&Q)mlGqpaCpW4gDbYF}IaVzPSLn0e6@=4B2 zO=@oN_C|5k()Z&B?(%0UjN)Ri@jezLqa6q)B8dTNX5^i@3XKteB7?uiWpPTG<>@Byf`b)Umq^N>(0g^n zW17)2vb+(e;zCQiisi1O&Ruy@W|ibDRq{sq#_aUiNGt-4?0loM2>Sj`AR!%#eD>v~sGsZyE-oQ9*-Wj}4%Jdim@7I43fl3}nnnG)sOO<@Ex8FF39E0yao)!f zChZiv(XnS^0#DInwFxoz33S>O<$bi+Q^2KX8&kJa%ct9ex`R4&#OLwh$A0m-0 zPcaQS0zp)A9$;lHlp8E;bMhJLRs0?q!UXT;rPp7+wh?(8W>Kg}( zScQ29LHi|7fR{^yISdFsCz@;d8P%~lfVIlNG$c+Rt0=Y^eLOR^XqFCjM&~j&J(aA_{LfD35Er7-V|+ajBJ_LZ zNwNx^II5Y(jlQs9lzB0pXt*`B8!sJhZj674VY#Jmn-ZYPi=&;i1GIdbAtB80?&Ob? zZrK`h+u<}3PtM(zJDPru;^BVbgI%W6^Et66v?Si%gLvWj;sqHF!8t(1*I?_j@1DM` z?dAPgA{W)Y6&aEk;}rL^h%qqwiGNf?ryh6c^z|UsC$^|-@u3(NtDD1kBmMT-WhE0) z*HOP`{Lr`c?=fAnueejw(9ik`nELf}#6;BCABO#=5hdL8PR^EFj(%9z zeVD9Q?n5ewlvGYWiMH03ht7!kD;my_!nj~CHfK0Kjh zD3+8NjJ-Z3z6()!OaI!Rsqb zDmt3!SSraj=%HeHv?UD)Tgp1i)kv8l=1hZDNv*O6Y(Y1Z(c=Npe0i3*E z_`dX(-A|iM^4Y_AS$O4|M|f=dEw7)LEtOE!BzsVMDZaAwysS}uhC8qh`8gKdu2G#` zcq^Q5_+5b?)-_`l5v4KFV05+nhTtUo1;_cjEHf(V7cau{IErXWtrx>yd4h^)?U@0Q2+0 zoh}#l+r;=}&w4n|+T~oTR!{9(@s0*u)sl(8tWC= zncV?1ITdD(>8TZLXRp>=r7~QE)CePua5}AN72TNi{CeN2ErKIF?e+aRzF{?eDL5W? zPCLJ0f+96&8fRfd&?$7Up0N(fO$dl#OuBi@rQg2S&mnt{SWK*HNw;Q0*tY^t(wiQT zcA}&ZmL5RMt$IE{P!3}aob4bHs&)Vzb+>=$eU<0U6P{HD)rfkB15IY?1AJt<P$m0U!?@nFA|kr7 zZb^o?!R;^;yiaw!CTAII=}uaG9`OBbr_djhOc=(veG1YJjfpo1#cg>;wlO%*ytv;X zlo9zNIlUSL4PWw%_1^BVc#Hxwh^~-uh8T@xTYM-+9Bv;0&`N9PJKl= z(Q9oB5GU@vtCP!;WWPY$sUoY3Eo-ZriT2>RJS7`YY-xP+eOH5XKS#>~_2<0&cxUMf z_R=2pMCFcm^vwr_A+I(GzgMY<)xeIkVI}zM|6^3j4%BNR$ra}KB7jT1Cz}P89DXi@sxD~B%5J&DsW&wSh|3KUJZhBI1 z!tOyiQc3(r2}4{S=jxr+^YLQ+f|m$!n9G@1Qn1Ejq_P-%Cwt~&H|}!saKzjJ__nPk z>n5vIJrjz!Hg9gS^EU4TNzm1_PptK0`?tM#F_w>dN*NUxU!CxDlcw3HdZ3=RxF{I) z3tHS~lk@aDz1iUJ_v*7c+6sM8t|xRF@w!$=S=jbYj8(5XVZJ+{!ZhiKmj5~cRwS@9 zPvY#eW!uXCi73paXt=bn?qNM}&~WtCYD~|1cNcG)Y?|FFI%oXNpzj%l0L{?^rPT^> z{rQink47sAu*Gc`mxQ50Mjm1GVdI#}=rbUNh3GRRfvPutlvlw!8twSk3R4)Jn$HzQY zdCA*!d4Hn%2&)4pX#H0A0?Aj4VzymQi^rWckGwL&ewzS<0l+--S%Z@3b=9#~Q(|_l z=RKv~TEbki&t5^xUh>-!niyLMZMqT}_p7~O{_FrJ$eIg9Lx_EY0kDGYPz82evVbk$ zzaw&L?eT%~pA*|{WPRSVY}aXvs^Y&W84F)_rd?5FE$A(`$G!`$*KUD#8uqY^n3KSK zO_^CZTH<8PQ5?PUy~1BKqF%X9zg09sf^WKtDbcb#T(fy5yn$w)b+WBO(;(!Plu0659phAC^iz@y6W@+#jarla{Dk6z;?u<6sXs^5@U{8`;d0RJv~j23uE$76+*BW-L~Akc8bflh4Vj(pri-5}q^6PFayPB~CoE~5Kee%PNjtI0I$KRDBt zp)L&%YF908S_0p)6nl+)A%))yT;X+#Ty3&1QVh+NgWcSw?^gPd?uX{#bL~a8l|_g5 zIS19XfVj_fFx}#f=NnE;vvDOQ7M1Yxw_(C-L^=0Rac#)26jq;` z-`QV_Uiy(426(_2q&?iz-TWZ9O>~Z=4T|oR_(oNi1Im^*=PK#efSB^o<0#%^fNJloQHKp zkvz4@2o3So>KNSAV3k|zf$Hbi!}w0A(DsaXaYZ`e{4IgsBr$<&7cL1ML2w;oCLP8K z+D8X*wXBEtL4MFq&`9ea8ifg0VUBSk)=%uVqoF~04!u6Fwq8xHTf5xLy%HkEzxmK~ zlK!aJIqwC(1Ec?7Fy5;j?h+bz)??NxR&(;^pzm%&u$+2NjOE4^@0fk#t?2Rom+zN{ zc?dD$UL39~FhXLkKd6$)!`l~v%c4xn8&*=*^Y4n6W^Lj$4KF$_i3{Gpe)qn#;$b#3 zXp}wxia-1`ugjv#&GM1#_6I^4j-yIKJO9wdno;=F!PS+Ty>)*-sRoC;X7pKEd zaG$u}=)fX?QvA!o=Pc)*4#JNQbF?4$9+vs~Er@ONp3!k$uko$VF@tCf4P~S=vqRV| zD_NjbUe`i>m*S9Q?Am}Uk|~bhm@4?Bg zEuq)jg!fLT_lzriXZMWP631UJQEG+a3JhRd4GIO8r*J5Qw*qkhSn!{qcVOJ1=mN1j z6OwyEZ%nD$ZI-wk)sy?^C9HC4EZ3oo`La&}7Xuzm(!nUHnqF{tV-$5Wb z$l=d?Q6qcf8If3S6kv)k0~K%>@vGqgyumGO^LiF`ShM9B03WjJYE?g8FwP^8W; z3eO;dr^NZ0!5x4<9ovn1tnRw(E4}kGp$8a#`!ykNJTk5maX3tGc)2dLzG~uV%d$~Q1viP+}#^Vq>8P;2ZuGf;lN~-Gx#cq9=m*z4d(t5^` z_+dP(FQyuFH#cpP?o^5AI9Rg#Owwt|VLAEpt>g-=)YxKCS|Mr2Fhog*eHlo)N3(N{ z{MFlt_$lSb)Ih|!(Zdnwm;+Xi6L75w`lf=%2~JjD6P!h;M4gUID$XRr_fWYuqi?t@ zVcJw>T~g3x=RCd=dt`Ut?nh_s*W`HSo!o<`)l^~?TE+RbS~Rd2XRcCSrfDQFYftL-%1mKLG1 z=aS@Qrsn+fBUR4)_PSQt3Fmh%a#m>#jFqX@=pE*A+CePTObui?dJI{ylAq1P;yCek z_3bh|UmoDL^f*MyIAsuE<5p{+Mfyt>i#dCeppvpgd^Yl!BN-7Pc`)8BPwnJPzy5(k z_b~Z6?ai)ij4pwTULl4g8LebWyivv|DTj&N584d9@{{Q;%Y5|gV zmM=}CjIEL;(gz5PuRMIDUI^q$Oc^TTzu4Vnp2Wc67f_D zpG9v%H(@+)D$}zAAJKod5PnWqM*sJ68#vLa@r_N`H(GG1k@>rJ48-#l126#T`J|&I#ZDeo(2bl~*e(pMLH&}c| zi{J-v5lT@Y-W$-XdaZbpjA-P*gUi2&gDn5WAXOEoyWJ8|1`T~XT&C*m&T2pHbI_MB zKyt@nTIa`o;SXQGxR)%_FL-d%JKwkd(5i!Z4Iw08Lgzk^Hc}fSFSW zPiB784eyBkvthcQ{@WmqSC>QUKsEDyhF6JMDybE`Gg;`mLeJIrD`$?R4L%7vzfYPkB7l<^oTyvc0gry|=TeAB29o=vCBN_O?p zZm)nWR}_ugTZy+N8Nf31XD7Uk=(KaBq<;ZYC8<&^z> zsV&W|IqC4cMqj#y)btfLsr)qUM8_>el^7ycF z70{CTex>^c`~!UbHd7D0)Zqu$a=tQM$2vJaUD3r(HZksf{GD_0OL)r#ou$p!g>UB) z*H!JW)z%R5yPBu4R-lnGzSr!DHPJ`G%iCVmc@IXReH@o^u+wPh|L*RyC|EkZ&Kxs` zAcI)7Mo682F*@QYK!zZOL#O!mUSuavlGmFy>psMkH4170WpH_YUMkA#_8`=PQO>I1 zMpso$)q zlqXv?f->zsnz1_EcrNs^Carvst}I@9S<~0xcL2l~cv+EywN83-T`V3rpk;yNacC`J z|A7R}#4bx|$oL?}y6y6=qeN-ibNnzulHTjbm`c7c?QKUrGn#SVPv`61FaywulI~}= z^HyyT-MfTQ(MIxfTp)zed>_E$Q~ub^aMj8ckLeC22)~3-tn?E5<{A;ow&qP-JG3p;0@%rT8DYSZUrK!>Q0qt_> zCj{kE@4wJaA*+9}5^N-X{sDsr(KQfRlbp)*vb#5P2fZqr z3NV~e;<*jvqYg^3Bp*UteP)PLMcz!c0(uCrAPURyK!K5c9C%`v&dyFk5zqTKy_V z+O7jymxHrx7lB$o)E~0hvizvN=%OKBW%oQ5A=@ujyldVV*en~`efL29F$8}_6WO*$WSCpWk;$zNB z!`jr5Z(56OA~I^KKG?&n$x%D1P!5anO=|lvsLZM?eYA)-sk|_umsL0RG~XYlw}iKLZ^F*MkkNOVk*d>o}x`nTTzP4?fN#*v+=i`ZlypzBohXJ9*)6mWZQt zeWluv0JSk5Xz(n56aDo|gmKK9HjIvytnXLBI;NiYF(gWB8(&WP)hha`TjCC(2zRTD zDI?`GKF8Y)x$z5g7GkM5X3&=Tr4;2>P-Y>?-VVY#5__I$WgeV|#wmG$KD==p>;F*B z8O4;2H(d7`zKFK6&awbzNC~aKT~n8DJ_DBpzDITkIxETUwd3t^7;Fr_*7q}&M4p>| zABTI}aa7&Q?@5;}0VM5bv3U=-IW$3shuXNZiXE<7-%i8H4;SnoSI4wfHt z8V(gqxy``KMXr8xS{)&4kUTrOq>?KmN?3*7-h5r7UV|VG8Yeui4dNF{quU-xT!8I2 zkbb*?iEI=_=_in_I8B$J*fF4?uZVjD}kHs#+X#olx$D{M74f`ZCTn zhyKn;UIQr1_yrpPx%nA2avfYs3NAC}ojXz0xi2L^Nh2CLz}mz!SL(&ve7-ls-u#~% z$Usswu3pUG_2HSAp$nMX~slQa2n$4UCE=iHk{Qx#O-6%;d2OozZF?AC7F3? z8(oY$sb41B3~)M2_d1Q!>O&xr!Wl=(wls&M7OBPrG5r)VBqYR^F^4w~M9W9JZkZ~J zd~Nm}mxH>-spcnKf8@6!!vyZPp~km{Y}p9`U-g)Um2)i40~VKBhL^Y7wdXdw8G`9m zpxxN1mq)k<2@1aufoy8UVl+r5P>d62q$pBfW5(>8)-w5L-~ zXQoemQz(@!0P%b~E;!l%Wt&5o|Uwf|?dN+O%o> ziUv&qV_q-(wIrG-vQN4IEFJ990im@ue?f7A^CrA$FRy3C*4&SlV6y zUA(cwF9vNzxOE4Sy!hu8XmK&ru|(%G5c_adG(2gc&Dk>iF$Pn~C$hN5iO4kuhL1xtynomEUPE~)YPj+p zn^KQ!b!7UGATTq^+S}1urBn^t!1NqiogJN1piNS@3~aRk7J*H?=8^eHa03=PDV14^ zBOYUKBq{Tx3$)fLbv_M9pxO4XSuB)|;d!}=WMGMgV~A#Ils~QU$~1_9lEwGcnImjt z<((z$E2ru&h`u6Z4Ffp+tp;9~OeyrIKz}*|a^Acf@TPWPL!4&W>&F~c_WC~Cn;BU`aI55rg&m_YQE$Ut&6li2&A znvJkUXGx^OY9brs#V#v~ygr7V^~~*cjIp#D-TSoL`m3)gF*J4U1n)O`n&tS#I0V?) zEC^7u6$#v2s~hJ&jWo?^+4*qZNi6go41bc<*W;MOizD6&b<02 zZJDAoWJkE#F(mOGkg2QOE+IdLX1Gmbj{Ai3`<8sN*}1{geaIy7bUVW*)r=_7Xy>q) z-bbAIz{4=2o|-bk;HKTVYA<q$h}%DGYm2~m$JIlC})`n0q}s|?dNBwr#gB)(iOc!B)xljNO{63tY5_?KNrt;noS zeshKw&&PxKr<6cID`LOV8@C|6Mrc1qG2Vs4N=HUIe+y)wup|i4!x=)sWsij;m)yd|=W`L$ zkQEtt5pjS6ODqe$#4qu@jLCqFpxkP`N8wt2TJh`mq>>H^sa4s2PwGoI%tr~#h>zR) zI*me6!2Xoi;*vOnF9fk|yeVhCN1`2@7L7Dv`n4D-mvA2<&2xzVpdtEOPp4+%KrV(=}!p#47=K1u?~#if)_$#KjD)w zPfB`a9bMgerLkkCPiEM`&2<53t3QiVQX*%e$zclQQ=!Kp%{Ww~sOa1h-)m+(T zIH#p{J;i~;f!muq$Bd9xEI-PjbnnMN5FSt?0s%OHI>ZaDNhcJ|4PQ~(FC}We)4lhxA`&HLDQk&pUZ!8sjc&=q2(xrGyYYl9BWTrtf(M; z=IfH6xGKPVOS&19APvL!@gfYJvjF2x{ey-dE9i_c8o>Kdj?Vqg-BkwG3nkC1%d4xe zmI04BV)ys27fD42aNr*qDB)+_O(dopm47xfx}BmUQW_26Z5H&v_jL==S<&cJ+Lhf~ z**%N3>8Q?b$o<+rNx~`nTr-Kmu57*0UACEKMdcuvdLUSol+ZmIAlzJ~EukFjlBJFV z5(UPTvBgk`B`-QgD-C_{ngd%SB@*Y>L@?p$4!o=sC|a(g$~rHW0aBD!!y;`1a}tC6 zsVB+Rkjar|;fV07zJyfozDpd7oTVm8tLk}}RXc%A;D{Wh#5T}i4d8Fp%{UHEBX?(t zFM~$;`IQkSau*g?2S&d#b*+H%SfR4l-+vrNmbJ@<(R?p9|iACqGwYAZ6X1TdTetn5J$AYVhzZwCqC0NraPaSDH7Fva; zKUo3K*I2Od*-2wgjFRYV3nuN#oe$;B$+F3{P_m|{TEFF5 zKa17;xxP6P!J%^Mx=?N>WigOrnaq@A)XQP1mqJrmbSUIeD%g{$IAECQlCCZjw5M19?Q;6!`u*B_M?29K<(JNo=4XIY6ER2^m+JqHDGkZ1J@g*zj5iGgBTOPqE^bkyn1GAsum|%@rjx zz(;#vB3Or|jEkTZB3xa;E~|7wdTU!@S6O;?odEBoTIF>S%;?X_$#nB!fl~dQoKfB<1d=k^(iF3v%FE9*-<7mf7>a7RF>VcCR}FDv><4iN)0e2!u6p8GY{Rd~n|-eV zB8jb0)kk`&%G#iQw9Y45zdH`_Z}PU;R?Q;6T|WG}a4O~GeKk&envghd{NJ_{5Y|nCX|5-`w=tn@{X=&LRiRM7MI9GPCbG8On6UcL|ATf zUfB#WYnoLCle^gjTflnon?S#9D?x3w@yN(0us#fK@J#OTYyM^@5Ez#ue=la#1W`Y& z4|N;5$=*0GIrF;koS*b?nAM-k;lk;;2zF{i5GK)WP!^8hfyzlT@oM*b3@0?vf2eW~LE}z}a*O`Ecq=wd^pGV((iaX?9QA#knF{hqI;8L`&ImM9FO?A$#D8&)Lu`r_;`qpzF#6^tcNAHQ!$t!t#C zL1h{jfL>QLMuZ#IJU&X2U%F^)XV~4*!cP=qRTOMDM;ZFzereuCuEp=5ToP(4`RcO} zoeaw&#oMDK8%Bo0l+BbxW7;3$RyDkXIL*`Ko*T;p;)>@FGYKPlWETN{N{M7w`y zB<694pBLb{{m^jM&^%ke26fPH(@778LEe5tg<3#{p29h-BKOtjoSk>#1qA{u9A9}k zn!NtA6NGhM2XGgTd}TL{b7<+CV6WFHwhdv-#-7^!4Jr|7%VM|HqPOxU*^bZxZ^B3| z4O=SEQx|6lgO+Osgy0cQFG0O7SjTnTuqZlTuoOm7gl?Mlx-BP|~ z{w?do=jYD2;$19LA#VU)EY8Y^w~Rz$96Oz(Y4Ox#_z7@f+Y;Lby*sZMCAUj#e4<3f zw*!4Yxe(p3Xt(T*+Q*~MkHu!OHQ9owu|j%DqRwFGq`Z(3$aU!+DJo&fVRzzf0#f+j z@=LTAAJn-cJeOa!>s)mt?pB_SH}RL3-Q$%ddL@3Af*is+a6BhMpg*zYu?SoNQSFCT zJ#!W#efuGvq+3RRJUZF4xUq~JkK4@4v1(^fov&r$?DhNSfveNcnaIrq-lF(ozDag0 z%e3XIu=n(xPhywkQxx#n<2Z~w_YWA{s+_!tJbk+&;FWu}MmDg6%U|fU94iB^v?^h) znB8V%zTLiHm0c*lqH&9U2s(#;PBDg4z%iE3I>h?LU_g^#+Kk^oknve8T|Hh5mn;Uk zFvoe;E}&xpbG8CF?E3-dOgaEKa+K$RpYqv(7AHDgL%$s<|NSn}*D~s1jA>c=Fvh?n zm_4NlH}S}rNNZq^Ya{`|pqS~~eTV$U2(q_S=P)U|urVv_L}~|t-}nk%?qSUzW`>_V z;uY?DL@BeTMTe0D3mUDff2iZ3GUN7TBlL$sb?(|(4^9X+PVQ35$T1>}kHC(Pzy)AJ zegpAzF<9Xv^aj4ky?J22%?LBBShZh}x%u6Jd8}?T`ke6ckvqx~HO7E3SN^o{qIp`W zng5Jh5j4p*;%CF~uPB)BvE^zr6YCCAi@eg~XgZnXOAkqMe)f81r61b_k(`E z4-zQcAklF77{5)ce7Hr>89?hLboD;6ZR0eh^}sBaAGIdD;Nn9hG7um!@_jOk#Pyyb z;jrm^rB#;Yg~wp=u=d9-AFSB4?$c%1^oJHqe`8kBC~^(sq-cFH9}>_iR9F0n1-!T$ ztTPlWrR!);7c={SP>H|lBo?h4yYFi&ajxed5d3+SHZ(tX(} zQHX}7H#O}MbTOyKVhREJw1hFV=D5FC?~;llpaBgT7a5!KFIYE8guV+59(-SYq_ABa zt<2169)nnssVfsDFNMi@*DEZKY(y^2hVU(hZ)}AY?IiJ;DGiEfg+{Z6NE?0car7+Z zh+h*3-&rp?EM{BoQsJ<;)wRMgPo!u3r8Im}L;Aw#iYWc4*%n&|hpK{Bt>611@G0It zUppxtJCd2z``#;{Hp^0JbH&naw&IGce!}HDAFYqBO6tKqM`vIq7)!d5x(bA$PSY)v zN0bB6_xaW%;Rw(mFjsZ?wuMdigEkj3a{&s%th}XXNEi8`2NI| zQ{2!b8~a%Bx#8o{gJ{2EapXzyDPP0(FuuJDupLFtU=$bVe{1=Leh&=~^mzk2(j(Ey z9t5MVWhUGZ^DeQ6BLhp`tY(8Ag?UDom&WQ{1T_|gy;_mW45-S)l|Zi#p>QD|0T#?G z9t$tz?ogxCt~)C?xM$VNpCXS;Q+v`^nk)xI$Kl9XridnGz^UZ$`p&$nxz!m6m*K38 z>;vpvEVgnCFm<%bY?9BNPu2+1L$;W524?XmtyJQc*i4nE8z5&>`1_dv;mlJkG=j8m z4Tj#saYpT-mLVAtIHvcu< z7Lf}BGogZ3wa{kMx-f~2w4V>Ji6Vh9J=aU+eBC6f5v>kBR_fD~+#0q6mF*hSNFG(B zzAbfH`dhjMEMLh`8>HOdBUV3;nykZdJA)QLD2aH7rUF-5nF(k#JE>0E!ASH&I@AhX zr8bMyoqBf2D%o40V7-$rPWraMeqldQ%(6O#hNo%-T1o0d+R&zRn_y(rEU+h2C)2N4 z+{~K332#3Vr=0kQxZ6>FNnVE)Mw{FG|Hs!k@Cu_tZT8rsh^l_2%w<_DztYmC^=3E zZ>PmTZ)n@_=&>P)-(jqCf7XD1O9P=~ZH!fMEfPIyjuJ*Te^!=u^-T4(*2@&3+rvjp z!!Ao!FU`5(_@ky@nd&!J-%%b5+Yznbj}CUeFHZj@mJU@tL)G#a$Hx2wi+Japd9m*i zj&TB5eQ_G|6-h0o!>R4)l`bPwWjwOAc|#6JtDH2v%39=+2&H$2gfC@*2H>_`^I`V> zycHnV2HmaeNpz``jt-q`R4_&cA=do3HLB0*hJKU`N!DUG5sJH=qE1KAI=dp((0OO< zA73N3bh$@>bBzz{-%H-06$9TxPPhfNy8az z8d3;RIy?roLTW7)%&H7gtaRbl%*?0@3Wzjk`0jGFW&?#tPU!Q#3!wN$9R7u-qn3o3 zo)`*Ym#i*J7TnE`jZ~OSfiCpFF0jCMVZT5 z%CME7FXqhF9=D@U;}%~Fv;{Tel2j`l+s}eia?jro$bRb~M@aE{B9UJ> zSISk(vXq*s(nav5YGiAj{N|dMy#4cwTRq#o-k`BdVIx^9ah>nl2F}$zgkF3-ZmRIf z{W<&PqtuvjeMuGGc?Rnv$Xj-JEx9M!OM(tIxH^=!JTec(h1=(9tWKRKP57s6(fxBUXNj zze@?R-p`4zjenJ;qhuRL4K!WQI*A(Bf>3p%Zvn`$?lt?6*?;QORPiO3KV5XM{l?nZ zA+!f!NR{jgsZV;J+Xbfpn|+gwJCwn*wdBoMeX(qDalsTQxm*r-#0BibGEsppHc(CS zT(g{Ogx1dc+!$=F#XPM9mFIi-sq=Gw&f{K3e0XnQk2SekAjkd5a@+QL>Gt>{=p?G~ zDEL`$iD}A}DBq*Y^KCw>(64iU+_Bx=p|{iC%$%sE$@yn>6gqXaxU6S&I&RDE6y z1_K{e6z>4_ILq|SpvP{pffg*sZ3Lmd7#{kL(pVl4PShp}uM>dX+iE*?#wHoPQEYGu z%JLybqvQ;Qk{b4q!H(OlKi0}Og!~C3Z8Df% zZ;)V0@7O>P3Az>N?%`lt&o2Sa>p2~w(~9G)>3rUJF>gvd!YUX>S871{=zN};FRV@{ zaJ&J`MKiZ!lbV009Wh=7Shba+%$b}3O=W;3LFmT-A&`)9QbaxNh2LYptIN&x^}ZSx zww};{tUl9FL{Bsa+v#$BtXE*fn@8iiLVb&*`9RF0Gi4ZID|r_MpWjkL{JAlnb)>clYzQszP8 zpAeX5V<7-?c5jP5H^#9#_m2h?VW1k{I5kXsC%mIS2Zz|i zyH*`Vzoi&<~lXz^M4NW}&dt)ls)V_g+BQYoF_N49%SMrWkL)K)8L?dKgVz3}f zYe?phJKyrZzzFbU7aTuFR8lfT%KMe1o}dYUG1y`4?k57U5>(rYCRlK%Uu$pE5|Swa zH`ftG(i<{nFg|AAJ>Vvni#LUtI%WJiJp^m9c)nqsF; z>A6;FWm1z=4qI3z?VO^SHLgn6c0sfCBK0=45n+Oun9zZOM}BGzD%OUWp`HO^mxKnE z#y~BC8rW*nRR}F$0xZH=r9=I4z3NyfSd~@fNG{2TVkV&9xr5N7uD{6c5vu6GopQ2( z!b)@h{ZB>^P07eO1qBmk3@KneK1vj$I|9E@@~EQ@Oa2Eipe&+0AC>}viiseKapH9v ziRJ;Q9CUpl%|K@$WkWMr1ks!mPAI2kB+(QKy4p(pGejJk0;80_4**+`(L!K>1`Htz z6l~EB`Qsn~Ivi_UP!0}!*l0_tCU49dIZJ>oc?6#STha||we*vT)5jffb@5rxVuw?G zmd9)?*YBUrMnbKOWnk_m{qn zy0wGK2`1m3+ib3r>zwJF=^f|9gsGD*fdEp{49zKpW0E$F2vjGj1|kwgJVE{qd_5GA zMFIbPSTrd0W~!1vM+q%$#SBAHNFJOw+|dzA7? zhme}Dl4kx~OKSXxP*=B%4_o%GW6Z7%_*s3LOrU5umcjj>pClBa=w1l|l-I z=_`s8%*{WHMNNUGJ^6g(2ObtI?s97^Mwppq8|?t@qRhc6R{_F8L0iB6R%lNCWqy8n z)*6Kq;mS#2(L)a@TUae#a`iAtjCsv+Pb$@}@j>H|fSZ6@0Q_?zU2(Knlsr0m0=(B~ zv!mt#Y=#MF6vqdJ_aGt~z6#Bt@C}=4e!h6zaiM;LtRDC_`mfs{im)=tvLHbbQ?c8Q zH`eIM+z**`I4@ksGJXcZD*t@dL(4!Tw$wB*$;Xc`4@<9i(tcLF8R@AJ56f|%w=X%Z zp~p)uOYC5JczxM85$0CZ2)XzHLKAmDqIcbF zSCmnPLWG^N0p;UdjAV9{DJ;h}rQL$yyw$U1X%dDqlWh^D--&qyS=}jHr>M~or>zUx z&#&!MR@s@S@zH{ew%Y%|e7a78u?D0&nbt*&rQ&2>lmYUHR`0_oQ1nL7TOAEUceW!Ji))AFbHI-B~ya=^(*43G6DJzYtH(J`N zSL?K!rIYML+{k_NgQym33bM(>+UZqZ?7eM=7T;~CybnvLesFnp@%Rz(Kq`%7k+4%n zN?DM%T-AWI7#)i2saUG2S!jzzrI5EUZf>62Kl0lCgrk9|ktj0>a zmYm%(i;LRZ!tT+FN*WF?k0BqLC3G7kiwk4PQB}9&Fou4@sqDb=6ndO_YAyB;58Fez zmDo~l0Epw61XA;XQ{-d+^tKlBQcwEUnLg66&3hQAi>)I}EDc7^A)mO7 zaJ9?4qVRB^wp+5W$ywr`P-7Jtn>?+qkekS>fko_rM7sL1f~Lr^yK{!iz><2o_DJ&T zCV0=4)@WU=vcqyzZ(Y@Gnwb-1jKoaDh^Wn5?7^E7?npLIPBs_!BgZ2}+P11*MZXUH zn(9RAhWn=b_IF*6LV7O^Tr8^VD9=C4K(c)1-ajAv(CjcO5m!MI96jKcQw7!+QZyc; zg0O6VT7RqAqRj5K*8{E9x560CYy$<4=~<20y0vt zdXpFJfP5XcR2Ef*UFjbuxz? z{)_dJN^~1Y{rHpuC@y4VSi%fIXiRhkO%wEw$uQTz`2dkQ;)*J)%iPC+ve-C~j-2qU ziva+&OZh`#{xl8c-0`~P4^8>JbRA7u*iOZ*-FlhNZ2I)>!T9vpzP84xozja?btd@Z#?fyI_viR={nN_zCT8#jD#^!ccAR@N(6^6w@_*s$_$oNmEgxH`7rl#*vO2Z)8k5CK_;NoCYVAkseCPBBeNI zlYlxT4o_CG(ABk?5BCYFg-+z%Wb>7oa4p4wyc`Lf8Cc~f<=~Fnl~%=Ei@qCd)@#p_ zD;~3%uWH42N~ll`*}y8N&vmEyx%lbd^5^`ypQz_`fFE9=+w69omAv97#4H$>N%BEn z6F-Ll+n>;C|BlJe`rHd&GbRz5>jMzW8kj`2kqdyWaGB%fV85$b#5M)< z-DqF`*_E$cxXyj@wakru-Tcn4ocA66M0+5v$&$v`E+LQWTEfU$856}c%Vo)tTP6uF zWqSmSwUBD{xl=j@!CZntK6M&_1SCY7I0{JWMXVsyF2kf^jbbKYl$y6@V$0-{85yPL zmxfF;YAy*?W)cyNn*@g})EQ81w^tm+4E_C?(S+<{-x*HFepILM5ay)z#@k5)m0Gk8 zOM}8VR?A6)4k?&e8rw=5?TAOBFSG3pHQS6$2NZZorU8<3CU=B$PVK+Z&GkdNqO2Iw zh8po?GwkC)?wnxm)wi4flv!`i^{)TNxhg0a^s!#;eR{&@d0Q>b>-K!Q(GA{vTo+d9 zW6aRP_j?XY^1**Im@O4XrTuRRo6y{;yL^h%aC6Z7Z_1@*RP3MbftUF$&+T-qxhpUC zkx%+g3+7h+7Rvg_s52@&DVtQFZGONZN|^%QfA>2BQE+@b7Aa_D;-pX{)~1SUCKPGK zBF321fT(GS$VHx7XsZgXq(6lnh-Hq3?PcJA>s*g9GJ7M>TLU+<*Bs}bTd(|O@zu-C zA>9RHr>=TYHT0wL(6IiPS&F1)%_3=TnLoRC^Svfng=Oi=Td+@ zb?`w>yn<+o!KOgHS_VG(p()ogn_UeH_WH$mK&#lhGl8&wP^)K39VREVpHTgN2M29R z7oC_=jx(SDQja+u-Fpd?oj4nqx41YL&0I{Ij&yByCes~|xQ-#f)y@AkR*k~~OQR#t zcL&{OgrtW&N-M0ZF~Lot&o1ASQSq@Pe;rT1RLD2{?277y+UqZY_4d82ACnr|T5N>k z^L#+ae?bT$ZNz`dEvvNU|mR4w(Ah|U&!Zhf9wA*VNW>7Uk zK}{4UfIv-|0R`b|xSu1;0?EBHAZF`pS(JmP1Jp38MV$(I!#}^Kj^*vPc`6%iB)Yu) zS2*)?uC`RoKfa95HK)$(ak+Yd6C744TaUy6B0kLveTVmHu90$=dA(ZoY@}M6Rx_2Y zt#@3C_3ZY_+c&UNV87&i2EXQ6Z0N3ZY<5-M)#~bQC0$KXzGQrY%66djkS=xa2TTJ) z_tx0V*yz@CuH|&8c+oydzLd2Xt|b(eg(wHPOgM(PAyLPmJ@75YNS*Uw1TGB<`b8wm zWNJC7G8JL#M@Bx;wd(BcT)TFWfD@vxo^jN4WUp>>H=jCcIpO|dnh@u+zS3sY z0BbpAP_)OP_H?Zc<5fz{@SDSBsZU!b6;G2j;bP&6M`N0IuvV=vO_O*fPISy1Z<~!a zcJyG1*&E37m$l7_)zC9+ACGgSr!F9d<{`2%oh@#F%1*f8vLnQ|_+t_7bE5Oa%!pci z;52SMboQE@>;{QbPu}K8ad_NMr0H|l|DD79lg`QHplAQrUFeyi>8Cd zI@*dKU3=AY;}r*Q(vT*zV&wFsS;5dTJv*pd|>w5$|_-YlZpJS*Z$S&+OXT8qa=$0(0NGr~3Kp~1yMadhINHZ;%j3gmkkopwoC6B8T zrHx}CB1k4Z)f17-PY!xIlG_E3#aLX|1T$l2n6eFua71Am5-e)KNM?PGoZkeTGh$g| zozMpUG$rmWrO@hU#zi8e6a@tZ9peuTwG|ehu9D`zT;$2uj7)uG5T6(B$&ko@LQP1A zkxr|G{wd{84 zb>QL)jO@?3zHSc?#v(GH26z|>Qs%C@REB*C`atFHP1EUf zI5T*8UF0v7q({`X)e?J=$Arr&&ap%AMvxOfJ_MA7El+YI;OY8 zZW$XEZ;?I>Yjji^U2%*#tcZDJ+B9j##w`}!Eq9&|I{tS7;v@b`{1L@Nq_6%vTQ&2Ib5nptI2Y-MVSh~(;#--sB>4`2M@K(#dPCj?HRKi@}@6~aAB z;L*tvZy8LI3Wmd`gIAArVz6I@fG>A3FtY(i!RA_o?~!M);<|6!s(XyyZta~Pxbr=y z9I=1Z-V`Lw&USU^9rA>sZVZYLso%r*!ocU|aXE4)Dcm-9_*>zVv=zJ@P+?!+>5WAP zi&KZ+OZhJ_F+JK!Lv7#K(2{{p3ny9?58nrVGlsIHSnncIWb=TDEP~RqZJAb98f0Au zdDwq{BZ*@{TyW!=NCzm3a@zC@JFm&-1g90=5%-+YMJyUL88pd~4qzVlR>=1FuOli! zoeg^){ch1K&=xJD47{WuA~ge#YR%uQa-2*w}NtJ~Al3<%=0YOfL-G%h+G@iXA- zt=U--OCGv5v$hm9f(3Qt(nFGSk|ZSXw-o1MI3i62IAhss3i*;4j z<#yf1b(}%Cc?u2-t=;~J1*~!YIM?(r)+_5DWBU@ksyi=a_I{l7cic^7fbC)D(cA4T z-(J{_d7e-2)CcrdLl71#smfA(LQN0aQpubc^VPLdd+>zs9#*V+Q90r{BGg-KUSA-Mb?{ zKdu~^u-QJTjeBRVf0DZWOBdpFz%fUdw@yl?8DjX*!wIOlC85co$CDpu)^e zc!P(-YyHQa^-@X0a9kzWaMx#M0~O_4=^*saXckQlg?DQuW9is#eI9~nwZFXSbADb9 zj0c{-XZZ0wU4M{wSZ&Pp_ejmmkbb^0ZN?TaHz#V;_4b0Dy`rL`#O5!{0@_!2b zb0|0ZF-$+(?m@nzKhnITI*73~X*!%1LN~w$v>ilxO6AI{_m1m1P`D>``peTnn?xIf zRT7(25<5f^TmM_bUzXA&BnZIAaNUC>wh<(@1y6scfT)t2NdK^i9Vrq8$bp`bu2f|@ zk+Qp&wW)eEZ`9)|hp4KUoJ*7mx4W55nocs_{(#f&CH5OpLFrr*BZeryiU4bOLGMf& z;Tc3}x@Cpdh1D1KFqDk5hvLEa|lBx1Fd zc%n8O%~e#ZtO-@~<+W*Pqqnm4TT*flXU3NoDC%zLR^%* zD@wBMKcEYH=F5((b98vTtRd|FEhfkSM8^PELI55i7%x~HhJjPSIsV2On!ypp3aF!h z0Yhe1u!U4i1a0ea6*B+tbRc`zg6Q>FMfxc~33PyxjX3cyHA^L_Y-l&bBLHt|n9h+Y zg^*sxBpr)iF63j2vW>E5V7b47xpGJILhcm}U4dYkl*}ZmY^SWmb$@v-6WH*5YFT(_ zcmwy+!{lkLGLKIcEOxtk=XXT6`-N~1`1tO4^5gZnrSZ(qeK2!{5}KFu80b`~11THu zsE2Em{8Qw=d6G{F%x!1B)jZ$0-n(I6X}5Ydtu_6$TEe2dk-DNSjZtE@aj{(v`$@x5 zU#TKZ>t4fM>sk9o_9Y!3HJH{MS?wR&Fs(=YRqnpP3@e-&q_AUG^BA#3q>MttLIglj z5=xpUt@i~g$m@@A+=@vK4?tO-c zbwJq$s)i>Sfa(Xhb`psJR5TV?#)!uSBHm<6lnADt_l~MkMW_mk zgJ7KA>HW>0nK40(luV3>SXIKb$yQOL3$HwMo^LORSx+Z=_5`zf_5LF#rqvc}WAD{7 z3;;n4l1d^xn8bW&rhWO0Wc|&G%liUo@(a{PLUBh>97L0I?t(5qNDlse$r%brU7e zyPZp9-T}wlwpCj+G9b;2-6KIPJ`m?g!!3UhVg;NbMCS0%U6;cIrR#OhUar=|?sqW6 zDc8w;0Ks5k10N0!T&+$C} zTkazdllhKHQJ490lK&s3^CxCz=s$vTOXW;?XiG-gk{Q}kv|dpQMD1d3G;RrOxCQU81H3jve-YmIkj4N7W~1%Uzxv`B>l ziYd3Sq_=${4GN)561g~QGXvkkPsfN^ z`SD5;MirIArStOFU>pl5us*@xt`jK25A6qt3)6GmGc5wj%HJP3@K9(8^;t=gWLZYS zj+~ixQOk}H01yh7y?05qXY=$;Np9Nv;r*kML-7ak8<7B86UUl9$x#pOCgq)ngn|W$ z3K1}9n_D(zu8So?5hut?++lu%pI6o7iI94eV`%9ohm9$qkFpYtHNUPeK4!rp*gS-@ zaC_!+-Aoo3j&aq*+<=Hl4rEX@pwNOkue;>hpsxs%UyWK&j zo$PJ46u9ZjQ%BQW*XVcEPNQfyegiw1dK$UTU&n>Y9S35akL-KD=uRyy4z0PY+_M}N z{rvKf=J8-ck$J>i0jWA!1OO*!078`r@SC8p}Z%UBT_hq8qMP;|mYNNJh z8c?L}uTr~BJp4f%S5hk+%9`q<$2C43)7*C)y253i|7n#0L{zwHdM#4NH0 zNQ=3ky??!3qJV8EaH$}gAWIabGvC4!8xaDUYeJSpCr^Zn@9<|Rcr~fzBfSyP@<>T` zq^wW?BPg*cix!YtaI+fCD^BK@l=M{pB`JY1m-k1|z`Pl?HWo}>91u(C=2(Tfj0+|@ zQ#3--_e~@saE4~Hk+9zx*kQDV`FjlCh^wn2{Bgd#Gl}gik^&Mox^~#>DJqfz8rJQs zh{x8Dba_CnAjJlGS7h?lY%|Df9L)>b2jym%dxGvuu`}uAQ17w$wfQC4$Nv}MWx;$y zej)1m>^ym8PEWYcNPV94mF|?vPD@V zPKPUz)N%TRjj5PJWmHH{`J_5JvQr9X$i-l5vlfkj%^@0147$9gO4`A71S$!_I2|G=aikS;pmd}>w0_~#sBI(mDE+o58186V!RDGd9Iz+dOfotv2fHuL z0!yAr&dc#2M9N6%QX;H|-_C+hN~0tQr~03h~!s1#jwQnsBp zL5B81rrG$rX`-gDJvB>N-~H|Rn61au=udcyolhti$N_*$COBHzKUN`6Rdmb}WpYxb zA+92Lvf3j$DyX)M&b|?Q>{DkY9n{zj-n@d?g(cmKeQ~(8e)5^emI9Kqnw# z)_LGqKn6JnUqeHfsWMZ$`OdA8=hfzv8b z*FL&pSj%+pP@lB6<>)GxS4~r39g6kf*GJDmS`Ga=d`Q>y&g$CD(kTQ#X0QEjsfYNn z;;!|}Q#Y$kRBGX@L)lO9P8shV-hlXo;u-lZ0+(g%d);N)4FBTQr^~OL`_ebMt+NcL zv3g5@mCuUfN+|2PS^C@y0_0Ys6WZLz;^;@}sUiCrth{b4H>tFTe=q1{l?R7Z`ZOYK zH38e@TO;_eT7x(af(!$0Jw;nlC*vQii)c!VZAjLA%F%x2x5^5BZwALA3^2qL6NNFG zI|>>E;CHWUzX0JfP1Oh6V-jV! z0rj#ioz9-}5_G_r?N+17WpMTvpV2~1{}8+Nc7!%>C5e@WTa!{nSSMI7(*)Iv{hW!K!dL&|KiaEc zE3Y*ljsreVAeGn80nRD-)G6WDlZMy#Y}hRDp6V>pI+++jS?`{c0i`t+|GG>+R;m)rO=kKt+l#74+O~zP=d{YwRJfRX;bBS z0#XwbF0;(=_?+~mcF0Rd!8Fw7h(3Vl!So*dJvT>^3?XTQfswlT6$4RItc_k(B}p6A zK&Z_mViYZRTG|C1A$5;D1QzJPiJ6Bl`rRb zVN1T=oj#pj4gb8ptN*R?SoaK2#wC?Br{=rpah>;1Ws~0%j@d!;*QC`nHf{Lfy*2Qi zpZ2%zA>EX?F%Rh@`yVDn>h|@I^gA$k&F{!5sI)L=DgLXIkk+t zu!>cbA|hw|UlFb19y+wNt=XD=H<9gNGb@BDH+aN#%q>qFHWIxyZR#ycaFUeGdDPV?XxSc+6m)It=>d=A>+@F~kGpd> zN!dA777q}Pk!MN;9J{Nj56;MvVzH-|qL%4=KvDUF0V)VMY$_{xaut9x4B*`5@qDMH zp|R3U!*+9i(EP5hP*0Kli9NbM2Bk#Z+4S*V$bEy=QOc_s=*lKtwe$gtExzZmMo$|d zuHn=)1ca3ulO4vJ=d91H)-TShN$AV2#g$?Mc_j8@sy8NJ?#HB0iSle~Op0f{Psv2} zV6c&7>FdCl76EhW${%+g)-T_3e}$UDQ8+(@Zp; z2sfI3xX0SkNQ;RL1TKS<@d?2kDD{H@VJI8LE&@Q3CI!JQ5idI*DlM{*0VdAI2Tx&^ zngmKhvLsm=CApGWhJuv|!?)$cW?3$3T)vqoS|Ep7{#ltdKia>&x$@t6eff0l`R3WM zWjSAhj3+p{o6c5o@|cIO<<%$B5w#NTVlu8wA!g7g>8Et?44dUOHv+M=M_(!kX(P6E zOm5quaZUeYW=|S!kfOc_UBh?laEmu4Igx!;?3Bm~KW|sg#F$DPE%Z6skhA0&*jGUg zv*wm6&Jn3mZXjt}K8pAe)|(UB9hKZYWto1cVi>7w#P*4y{T-OtjBm(iGbvDZ9mJEO zuMbP?3gdwtVQBVYid?~HQ~S|{H$1N_?Hz}kC@Z;zAHb8g2vNlCcJEcG=x7%R4TOz10k%v6=i zY&{;2CsSo2ok+HP zG^dzF6jB;rG4frp)ANj6Sa!luju4y7E>MI+Y?ViG(woS9t(m;Cv$(9OOog_xQU;>2 zSCl5RzDMGAsFI3sLx=YS3R5KP%9WMFi<3E7qANNUp$)MScMUg+zu!3|*MDsGS+H+R zZxG&23&R>+O|G}~AOP<*tS7L1tIOqa_a^km#0cVn-?Gk1{JeHT9QR3l`^T}**zfhX z`z&~VmjgM66_zafD36lD@Xe=%cic zW5UQ-)T1|CUW3Hh6y0MQ=%b>xh-&A`sUY9fL%j@e0}XFOX5ytc+OzDOxLD?~VF!?^ zYtj;MT59DL<4cU`TCFb4WF>3k&M0dLs2*NCEu&eq$f!}Y||*+%BU+D7LAIJmJrK2EeQmvcB} z5V+>ae(|x7!`}Lcc&PfdPTtm{uY8!`!;)3>X(C&?Au=8o=CY=S91@W$7{x zT8eMfub(7;^_d^)#@jG{ly}m5 z{rFi_6@?FSh6NHqZ$7>eZUPUPw~%24q#+nxa6uj&8nE4{M(RgDFyxTfg^q0e%V2q) z3Op*Nlg`U)yFkbEC?8dI9X;`W+txFe&p!r@uA>%jQ%Mg70*l|@*QU6c_NwNIhG_3q zm5U!Ehbffcq_qM_q}@I^Tk-?&U^hTrVgkoOaDPdVX?&$u2JCuYu;M=8ad<#i%yE*A zX>+^SYVNZ5AB=rZ=V!qKA=ZSyEo1LCmscN%==e>kspBznS2}Kd~YA9wirOw zJ+RV{fXfqqKNN_?E@2OL12-hUZ@1t%0A@c35ib7?tbI67{UBhALYmf$UG6i={1E4b zO|a$`0NgEq55)YWRlYy-eqQN-kez-dVuTuiTOVYNUoQjH3oBNitxbJ^tI*zT4Zrt4 zlr;XhI=)09D9Yma|7ROa1Kc-Ih=L8A)L;_~(?$cF7X*

    !&K2!er|rUdl+hnViT$ zx*t^6QPL_+-cwW5WUbkZ6R3CfEVlz=Kt{y+lM*&oe#%bmaBFRCaoc9SyPf@jzSV5E zct|W+$m)I|IVhQPyX$yq`;`|BDyyLL&%!9{L=dGA#WgDchHd~+v>DR##uwklysdW6 zHYqcaQjlYEGtd(%y%NiKPoe)zDAjp@r{{P15LiTNqZ*_o71>V9mIl}$pI{xHk*p;? zRiUkARESIJHH>u9K#+3`_|#6+5$@)ma2al!vAwjgvr#a!)!AC{Vvg;wAhKmGLWEV2 zpvG=UWm%N&)C^f!7pji>v?F`jdtI7rCRJH625oLef=tm6n35yDf_RpRGT19YR1}u+ z>0CYJqf1KsRsB`Yc~P;L>-;C8Qs$w|0xeJ0GRglllbNTp*)xsxn{|$ayf~*rNvFJ3 z@EpdQhnJ&6yAn|etHMie_In1rc)tGsW-bN}PPYGR=3@RI%v|28 z&?+gaXuq$VXMN}h2&f^@7JnyHoIsh$_9}Sj$&832DBiH@{Q{yC6N;rIiea6L#gcMK zr{$KJai`)LEV3h7ozvdKi_DzvSp495vS)NPSaX zUBJEv{;w-d%xAJqdeFR}JR7JIx%w*SRPQ{EL&nv0se8|~Mq*#`TexOHwBEN`DoT89 z$0rYC0s9IB&NI`C-smN+-k=ovb7wE4wH>Abu9c^6)$pG*>XHY^!s1}Sw|N-yb&ZP~ zC(&7HU&(L1*B^t8CSHI}g;xRbO1A8U-g{yq6&NCbry+mdxkgWcZ?j+eI;OTccRp`x zt~Mj;%Q?>1`P>jgwvCGRCISa&+TYMx4`f1&Xw>DrorTD`f?$-X5u&g)ENAKJ3>fwX zIUPxr(=*%wTvdo*I`B15!BGfSs#;evF#BWj~4(y&$> z*XaQx?ol?62+H<1+U2^ISX3Tdl_j4g5b{PG9&Fm zJ{HC6`9L#-r?IAWXTt zI0-VX%&5@+0P+s-+v%ugq+rC^wD}}*B+D>j-z^Q1pGLerka#z?CZb|6`H|rwzM-*gIv)90gfq&ABJJsfDE6AELo+v?{Djm)lg(*$ zPzC)Zuu{QK30t+tYB_gR%Drys)f!f-$W^_|8Zi|@I=Ljxw9_={qFjnJdAlFX*esZi2~3hYRFk~nLV!rW3k7+2dJixw3>iZ?mXGl60> zLKVq5f$e~3?Mr8Q5hgQ+c3B4ag7i{6g@cr9!bU4t#3@JNSRQj3NX#F!5H%-#Fq8RdVnJLKS zq!4mn{wW020JLvt_2wNNMM@q?dXLBztCyaQx#%;vBf257+b$xQ|IjGos*P!LyGtau z&j7ikklQPo>Ha|7!^-vCP9W2Knwc}^DaBeEuHmTL!EX8ViIyIvklBz#@)Sd#o65z+QM`|CBbu1x&w2z+n zX8pcGjTm^wDYBUIZ7w8^5yGFt7D(U#K$o*0G7x zck$yX)m9g8*7d8FJ}V!G(011-i!H$2Y=gGM#z9#p>))HRT1Z9-Zf6nq%(WXn#-ti$ z^mgxlyLMn4dO;wbo6ku3EsriZ`xt%}Cr#3D-29Uu+ewn~B#%@xGoa^JTKwn3b*Xa!9TY=5S81>=i!}^$WuO+n{sOG>|_J1h+Q7^ zf9F^RZ8mI#RTfJxs*W8DjgLbxv;@8a`3}TLMm%sR#bgUxit3NwS=0d)TRqQaF)!Z9 z#l|;RuhZTpEmWxm&oYU5yD{;Dq1X?D2DQ(gg2A-C2Cv zzOd;G4dNiuHn%qVXBR6NwNZTgGJLhd`v-+Mo1*<7B};6J*FTbRws?Qk`CpT@yT^P(Rr(g{o$Vr;ms{*D_#4I4-vz;Vd4Ei zPTXUJR|TRmo=9qUI1Z)`LTGN?U)EP8d~9Xs;aQK{o|klSC#@{h1cY>(Brqf_LEgZm z5E)_?7P7=38AE3x`1f?;lox~J-0EkpeB$)>LIDS;YjS{zLeZ{OrwJ`3O zkY#{CS*(IBkjGEX*RD1jb+T32pEG%1w%1(G*{;*v&yLew5V;`#Doe~CZI0N%$kIG) z9~G!t0_l3fNdh5gK|Ookiw*t)bC0k7J5&JRuQWQiH5w-t@sd|a`#4X8GVF~VXJQgE zCU+{O5t@Pg!4YpGpNEc}u1e0K{>_UZfwxNJI$h=DobbDN+$pSGBv?6EiiEJ{eC<~` z*%1QhqhlqJRk*g1owOBb8%sOwzo&S789tfsa`_nd#zQ|h_oYx&zC?V*#b4PcrLG?L z+`jhz(AU&3VcF|wY4DXBH%o`Ma+FNf1m&jXa*{LiCe#ug47(ZB0|kf)5&Xi5o{}QK zlqEtBsG{8koUebC$qPmHR>-WpkYb8gcQ&LWF3e+7627zhpV5LZg1fM=*7xcr6(c7r z2M&|@twbdG4(;Q2)KFoAQH5&4F?(k(VR7Z)%fJUKA%t$iMXS`ZmX-M};@xkjyuhR?`z5`-0ZjGHHyB5Rc;b`H&4bsa_C|C-u0T=#H=d+70$X&(Tr2f>PPT&> zzR7OFeQOqFv=nXmJ&|8h6R#=Hw9RLQ-LiGfG));Y=MX2>^JRv=HP_50Xs30kEvux- zV@B6s^Sy|TK#kiEZtXOAhS(iydPmASV&0bpdqC5mnf{>R@LO?VI~2=VioLMDumLzw z+jRE}k$i4PHUD)v!#<$1U6ORzR}uA*zti}3FmRSMBmCvNYo7$z@67`3CoJ%SwYsTp z6Til+e}Nc;Z%Q}9rvU1t`K^7X?-6>UTwDOTc8idCOj?HKGCmEh1bv7c+C*q63uDwQ z(;C3TF1|+PJ}IAzV8oNUwuj5FL{_q%Sb2L8|+= z$+tQF*(l@%`M?(5sU|;^myr9PgbPC7V|;~uJaL?^zs03Y2B6Qs0Z%JW_h%Q8)Vq4= zTf$!Vg*BjX#`VCrg3R{vra-Ndu{yg<4r8gRV3;d2<5 zN5HjPStObmCb9KEj$dj{1ZcdCs>4lUU*)IrPF(|BH3<%aH-9gT-xQfJB`0kR$Hc8Z zD&J>-pK!YZlk>a;Zt7?%O{sGr8&omjU$r2=2y+23F2>|Fc&L*~)dh6C?zO>G!U2vh z0Mn@qSQHBt0PM$uy8ByIkGG~Uep=_HrdDgnr3769f4HOZrA`#vdX({2v-R@#6~oO)_ehi#Yh@{$d}- zYWa}eIawj`PZ{ZuNp)*-{QiwVPf&bVIxbE=M>%60NlrMsKQ_O|nEHIc9Y*kt@UDw3 zPPAeHhk@NO4oVZm+8axqF-;#c?~<2{ryJWF6I4>_Haw=a%)3l*n%8Tu8Sl7RO-`8j z#7&csilZ&4AV4n897;hVYFUvvOQdJyM z(M){JR{IYHPYP6yAQ#jrH{m*VpXwfyr@1nsFr62D+OvV)7eg8<^DK!iVQ>}r-q4I- zcbl^*V=s_9ihvg~eDo$!AsK*^v3!?-UO)OeS2UknqS2$I4Ln_sQF{lj(fNL!#QulU@?|`OtsHf)P{zj;UybSzCz#Y$tR)KVO z1aS)m;+_+w)Hg{fReBTM@!+fi^7YHcDl~Ot z+*E=y#sE7*S%v&9n+tNtc8>cPu%S}$&tNv2RHZtzV-hS;hfWb zX1y*sIEemCxHz=eC;#~TXM(7H1DMu~L!p>a2E1C6-OtS<`ZO-fqq1Hq&I#Sf>Gtnf zd<`;D{$HsomcPQEFpqU`PPluZS>Q%MG5?Zno>;Q*k$<5h#Myo-Vnr|qE*i!jW=S4c9@7#M z&b%2e;mR!cD&Lz>bqn1mJc4bVUAcJ?WqDt#_9^&_lj6y zoLSFl2YGxG5o=Now3Tfh68u-`ObJ2;{jT-F48&j_y#xLstPqT#I@Z&+eH`5Lxcjcs z-(f#~FmF#DC1%qce7f8Z5lpA7dBv`9rew;T|9|rr2Q@qP!w)0}H@W{oukFu@qkZxo z&fXEv9ojZFVyALWAN%peqO?=hztSI!xuwv!P_jSW5Za*Q>T&o$19_To;Txs+G#yZE zaGkJDz#k%Dyw{!7V!1kI8#FpzubN1*wN zF9w2w>nPo>E-Mx=&5#P-H=Z*OpM0)8C)e+#T^ zeLWDksvrO4I6}XDzxXrx`6`GuoR;7GQ?^;8-%}L_ ze!M#wlCGKF-xruC$%cGC>PsK9G9#1kp{t5m9{AB+mD`RLUxrIhJ|EUyIfWi_>dsLm z;{`fbSxeuj-$JiWQ>=%MQC^ttxPRTh;$a@}5#Wo2E79Lx9Jh;0lTKz%c(4mpHYaih z=zAT55Hoy(Q3yq2?rjq!!U%Z?2VO*=%i}97!#oguV^U{P1|`r)msZdU_h*jSnoEy+ zNO`eYTqQ+4sFE^Q&}D`*UfCgz3O*_4f6LVTY=iOrTl(N1$ip;G%#V1sPf^}4gxv6L z$+FyVM(`M*@OLvLD&VkFV3T}?jm0RiY7XG-a^UXl*w6esS_upKwf4}MnqJqmuC%Fo z8s;}}x+Y871kw>$gG*)l9n)6+*@$QX9Cf)_Ja9(6W?ozKp|7Hn z-T~YYAcpDxC6~_-o|-U~&lqBvGO#dVWNjEVK-*#OH@!6iW8C^A8M{R`!qfP(cjq`Ptr+^!5z_&;n)OA#hhccSvug=_8wxkW9$bCjPb#&{wKN))g?(7;4}P48SN5Rg~0ok zRf`{xzV{~dN6^Mo=un*xT+lW0TYxz|_cNw-0{sd%m85@`)|W(+JTfELzRYQF3eRf0-& z%%*N!M<0FEB&eGPIK%#>NJ}sDwlbG@+^2uoD8npjr4D}%#T#Ehy}me;r5=AG)xt=p zIz7Mlc&+m&Qr(BziuOK?A1Q{$VZki6vx-N6hT z&O?6nGWzo$EdK!iV@_D~g%6IB2=+g!!db%pMg5j42i&hu>J%2k40gmUlfqh zAfSUl`{#cLNZ-Gf<#+z5rHA?bhZzyjf8>Wlgh7Obkx3(vK_CZ}K_Ul1_JinK{7wJ^ z>mKNTECr$ehbpoTFaJRt(Kx|>q*Da`hh;v@FO#w~4+@{o1f>5XI??YxSQLPMDerzy z{gwO~GXu&9D#jT^>itJL?fDTa9OW{YeqgP@YWnXGSRpi%Ss}1NXd~*c(ZbnUlRrI1G7)tS|n;tgrksuP^;V;Vk$f2{-2#09v2R zer6=nQi@0=-wu%LMR>$;LecR1^~}fRS+3;v{JF3yY1-Oj42c3Y9BVaLq`@=}bk7u; z20e*?h-fewQ+Huv-X7n4=Z=trc2`MBps*EuMHE;ovGlG4|9al#?m+(WP>XHa(|#}s z(}A9&CTvH^p9wMROy(8GeU~zg#}L|QFk z?E$0}ik!uy029e$I1CNyMi=xNU)QmAK!pKh=^k)r>XyAC!Nnc4<@OG;UNa5sVak%mHDn^Jh{j~n0TsSj>^ zON;2bAQomv;naHmakoAGB4H1p4=*(bc@f{|7Xg1iiF6B z)=d`^9y)knki&5};!TN%T0telB&c}VPx?f980&p zV%~zVP~;E>S3_7F08bw>`_ybkKZ9$xLh%g6_l}pRTUqO~{rfIA5N)>O}R1Z#Q>^_45nThvKu` zhUjH!d1Xs9$>qYwl$avuvHo?RKak~LwsCFi`{-?NEJIc7iC7B*Muh zIce088;KsM0UYIhpkBll8O;6jO_JOLAZHuglUynr_bD74H8vUCK*P)Q81;t)Zi8Bb zUN{0Ag4PyFA}&#rTu-UrC4;9?u#3s->!f7kh3KP7T_omW{>$cLAJ7mocO_lV`F ze7zR&Z1Hhx$=AUrk9_O2tNLWLRA09{Iy~G}*OLyL@N`HB*AP&|l7p?47R`dM{4St` z@sXSO}BeNMPft|4{PguH?y2ENaAoQh1W%U>eei`wZcLo7ct zDi*%()Tr*ls_`e!C5MjHe(yR`^4fQUIQt-|BW2YfOG&xy`xZPU6(-zAU*$?QfV5Jo z-j?N8AAp8)Z_Z;)<=ujv1Vawld zA}qe<*YHVlO>sH%%`->Tz_4FQ3`xx*id9ree@Y5U3knPB8%i4r8x+6`fYmV`jn3rP z(Z`ueIagVLL7Xxc0NAV|&po?p{*F;z7iQ@(;9B)_c7Eeq@c_Tm)XFSWu>Go5vKdDg z-H_8g+$1rq($W^0cuC2v#$?7QgJz)#Qv>n6WX|U57eFkzz6ioA*aqvc0;N4v21d{%c~|{$1nzXKh?*5}VoAvjDB!&B2$l8}at;$Bas&Rv;(4Uyg;Is$5zuoB z6MF--{JV-nVJww?N-{u2)`CnI8J3e3E$aper49-5O@_@oIGG)%KA zgH@4@3vPwwZrX5aD){?_#=UpvmoAq~fK1ukJ0_y4rypG9c?xxqb_fzdKGI)=nCgqd zU1BOHE4@u7)po()8D8G|_E!pnn-B&7$Tqr%fG*|@NQEqF=6U-JXw#i-& zL>H+hMCyqn0JHO<{n?P*^`skjRv0#+MV*;FXtFlCz+y{h0Z|eCdf64bW70IbhaC&6 zurbqx)vZ}_4IX(NIjKz^$4fnt}Y@bi7C=lfsO_GV2as{K=!X??=yvbs;t$G}}B9-4JHt*lsN zsJ=~{6^A8*1IC@G6QC>^kc5pWD#xIQ8vVvVedU4^p6i}0i*dJFJQFSWr<(~47M%!Y zj@(awskZN3{*l0ft?cW6wzU1%?X@ zcc^v~<&ahhLL{xT$!IK|#by#fmqa(X38_`SyLA=bh_W0)c>K_ddp2b0O#OQg zsP19gr zC@&Nr2>Z64!(n#ensbly$bDkK-R4Z}9GGJlYMdCf$_<1QeTr-0wUHYTxX6rx*&0D( zZey5Hx-UvrNKzj3FCbrH9qN%6b!c|CLU!<-1QMX!WXpwdX`HVQLAZ$i%eiw^M~}Sx z$yyh?a>ss$`+CsF8uiEb>-_Qsc#L_@*PHegAK&H1^JX5pOK0j2WrO$Dio(v?XOUgd3!-r()j^aTj7={WLZ*a@gULQh#c#`5$ZGcq1(1|WSI@fs+heuho0Ug&>- zaB&O3VaEDE0Wh~LD>nUP77!H>Ygd{cqBr$}V*-L<3to7>xHY5hPi6&f^a&t4#WA>{ zLPkW$1qd1ioG?}LSO)50b!d^sA?>7}s&6De;NQsELW+f;Zh?05i3edQV=q!_{fE7S z68HOA{(x82E>QHXBcJDcA-?A9qdcF#O`I4lco?eF#)NcX=Z0VnDK(ADYL;32$U4mU z4cjc(Rq<2j37^XYDiC6741iE75?CZzF`NT)h7XCVh`|!Fq5Sa+aBP{B)D!Q&%2`-p% zX!7@Tbf88Y)sONcUVv22dd3nlo$4=*QXx|TneSJuFp{$=j#xs28M@^va;PwVfjn`0mxw~cScvN}B^eUM3>G@8RfL8Rz zE&bhm!hq|B3#+ZK<%P+q<FTIJPVE_7s7FpYqt%Sc zjmixL4aZiOQW0)DB3@tk%_E7&?UCb!fZ+RqH)$XK2IS#BKdKF!KGw5e>xwCttlSAI z|5XqOKlH0I{{eVMMLMb@1#{+@(Y&weyj&)ay;xCkrx^z(IX8Kc$QqgMVzSC>Pei$9 zqWEtkVuCa6R0sN4K~d~%iq20^dj31a>)z#M{%+zRME?4ivGMV2Y^C9PZ%o^Wqfh7I zauWZRy81?^dZhM`(M3nJH|t)+diuS4({%B93f8g;eU0JO+s)E-kBjwBeavRR;syVb z&K81oyWfd2ZFw2g%HnWw&DYuR@DaAFLMS_OdqVu5N8=~41sdaIF2jaZGCZQt!RkUf zOZam`&v*~ok;;==?h4?OTz}ah|LH|mrP*XtM z`7=Rq^}h27YWg9!MV6p!;k>|0ASuuv2W=@BWJHEYj5NYkn4B+}>IJoIUL$0_0pSg$ z`zr0w-LDx9x%x)QJCLI5+DOw=WGXxzlAj!CN zAZu+HES-j!`t7#(&D`a%*PY5ugvy(pdL+w(=UsO$dnR47)#dqvo~<@@5Bq z-r^gKF~bkf%<~lvl!WyibyO@N!_nB>aqptRS+z7)chLCImb!eEYkZhw(TexHmnEAH_I<2^h;bvw&pLHU$ATh3Fd! zHk!)r&!VVP0J|XD@B#o|W_Ub`*b&J^P>t^bdH&j-|!@VOamYPy7*^pX>LJy~gTO zlO2V7QC7F&8O0kEs%UjC@4)=d(S`zf9R8T-z1!YAqo~Bt@i8*|{Cfv?=W^_$o>} zDypC|eT@5lykuU_;(zX(Yb&H#naaYXlT<*<xS|HT6Ia?+a2rgjfbLa zDmO(jp+>+G5nWuhkG7!lftE73;htiks^t^8v*-HGJjgkm(ne*TXHVLaZRt|!j3>uM zr^}F&QZwOtNWzx&^0&Fn#xy)*+7`@E^Icd+fnqPQz7|!Ja-%ZQx~(~Uj0T8Ts=`0k zF%dLs<3OMAXc9pBx-nB0SeC6777*AnxAMW}+%3eJ#ohf>r>ok~{u%J?luHS#VupGt zG)(r7)?pI>F!Km7hQ4#=(A8Jr}5U1ZDblv<(!{&;#^0t00OOusU%}JPG3vw%_%rwT~3|@d` zYPc2W8Kl}he;;nDBfEUwmAmnCH{(1|KUI%6G#xR*yT{e&uSuHAmHaxzLVlO@v^O`l z2M;Ue!$#m;dl(0UIZH11c5=|bASlsfxt{Vo6i)=iB&9eshXe%nGE&P?f;|lg3i1J> zfBHXBh+GjiL@s{kj56m;od>fP)pm_(u;EIAMT^VJ?0*_rx^Y+K-tlKbIJQBbaR_=u zKx9<2P=UPJz}sVmV>m!VaHU|nZ+o0lpnnUtFh^WXUR+#E@LOJd-u9nphr=Es4X@rs zR?$ZEw0akLtcqePg@*@~gQJ1ik{Ci*hDnry`FbT242sOn2w*W<{I+s2kVJ@*pe!I_ ziyLJL0gG6b5c5Iy9Zi?n;FY%)rZ;0$IzGG~ynk+9V0kk!%%3+&4-{ivD&aaMuW+5a zyldY1Y2MAD{sLefqhK@}r{z#iC7RnpmL9ZQXUdx(7F2HbkC2OkmzaD!MR~PLf+I>D zLVcqnf=GwKn?P_)laNiK!f5@`*wx6xY>9_krRkJ~xWcfj5u?ep%Z>x}jClS_cU z&9}qTC0f~a-edj*mFKo2cgMR%$sYN&_=cSynXFPZ?lu__|1Q=f)rgh$vFbH6qAwt! z5`d-xj01uv#=Kzf{vrxTNdSljBZw-}T97%T^wELlC6-cB#vC}~NjAk>j9J-LE*dSx zThWfhul-5UsdIi7OLhYbL_m}^@Mp^*Qz~_;Z)Xn(VEo#|(9G5T+mz=$LGTt%%KrG5?#Qk=Yb zR-1zmyB;WZ0BJ+&V6>RsfvqcC%6J~kpI6j4EpI3PHg%EO<`i`N2;n~C6Z#V>Jwqg@NnIS$%-?dubi}$NjW&tnjYAvE=Luq_%t{2L zY!8YI>#FMM{xUJ8Af7@Zl=spYX=unUhx^z%S4y#&tG7wF^Sm(*gK{PdLoC#IMoePj z5r#-CaM-l=NlLBV%_VOoy7=}ZqLEtnIWMX5g1|`ld&=$OV5)CWjm!5U;(28quN;2j zFOhxN?mzXf4(4f($UZrXGx+gv4>ywcBn~sQ^|`z&0@w1IwBqWsdcgPSb4gun)8j3> zP+T0Ys=Ow%)Lh~SzYBaJ3iRV#2M%=FV77NUt>9Yx;aQ|t5D!dTVc(#XU1v8~Z_pzg z4rp4@tWxwYP?2JRi-ZMmc3ddfOk_xDA-@uMj9R?cdGuj$Gl0W8{H?0}owxRQMs?t- zk`*&vXGg|sR?j1y6`eAL4QI;1JmyMDL=IAx4vq} zO?jXSU)-IbeDD}3w-}%{`}}l`ge^n~SfkfO-5*bOk#oIEE_xR{Q<}5+-q!P?p|drV z7H_cNOtkqLzg`=%dtX8Kl-enO&TN;fl_9+uD{dPF9RTSfI}B~9omD$j3sl;aIsINN zzmDavh{*Cu;^Rifz1*>VWU~C%=L`hk)Fi7_K4tL zYW9}S>tI)*>obkI=5$kkQG3d%Y)ErM0@nDp;L|_9d`@2+MbRA5owfWDSe6Nn?aHeK zpR{O7ba`lE!c0X3Hn&ZH254CF(oo%2EyFoycy7~?p$%KGMv5`_0ok~y{-EZ{Z&dcc z^Av5eh&Qn_g%;!Z=Ib#WPV7JAnS1cScUoNgUwpsWzmz4&WN3mf^ziif3@KVt@x8S+ z8LZ`F_H-O$={)Z>>*|hDoN=apgQxn|5?X$u`kY0*+tT_d*w0a?EQHEux%B}`QxtIvdIojW$rQJ%;Y`ByHgkYP(|nC(!&f4 z)TTwsqbg9m4*#K0w&<0aIRq2E|K>q`V0C^1&eWc-4Z7M^_+raSxKMvs%kErC z?d0ODk<%$!vQcQqp^^UUJGdXK=$o09UW0R&L{{o~DqJIre^+18(7d5pjzbm5tneFww`LGUcHdn%(v1^qDDZ@`r8 zGIMuZ#`hl|Je}#~^;Y9%d5rtRgsQbi$5j`ru1{$*zhWXqQ$6&u*UzAow(l1n08O_; z85!&xj%Xu1Gqhda-_!CT>sIWWesK`GRN7kvdnCBv{C+eQTY+pDVIx058|VolkF&id zja9IYJvxfsFqZG-#cG-wd_O1EOg^j505~}oRh_K)LMU*4^F0a!ZH!k>kMP@qM}@t` zEbbS)65S_74MvmMng~1kby9Ibj58(STS0R|(TY1N@7V5@1@u=DyB;4JH^SRAH_b$4 z5kMT_HNMKx5RVXnqy^bQ3qu*kZrWwsK+#HuWqj;#NX9>H8(}D-qC{RnkOGfC&B%r^ z7#tYa6Zf;Ukl!iiRQ}QXTmv^#oo%K!jxJr(bm~@_MHrWN{xbc!Sl|pHvls_MTO>Ap zG0IJ~=A`N6fawm07LL0PYluaA3V#cRV-A|46@{_Isg$b_h=N&2%Q!3)D*l~2K)7uF zOwoWWFMsTKJ~VRQ{Pg_%^vpGRcGDQmTeTfAAC+biQSAxuk>ChD*olv-1Xscfg?bR?BxQqMtidgUpyNb zYIvn_jLAIUkaY5$yz1vp<27P$kwZ~0ygec!U62dMuFcIO&<&A%9XgfwK^6XIoXR2U z13@=~gmmJ@KXPXk^A?kLo7)I+OEGCjEDcT+7Y1M*yenhG-1di$Jm|32U^HWO>Js$X zk>D$?BG3-V>;ysuVZaGv-YTk&j7PpSW6B+tiH13Ctgs*1RsCr2EA!rR*vYHc+ObF= zSAzCWF*BNczA;On0!FF`kfKRACMkb7`Y!%HomR>ZJ-fpN{GmPqpC1e$;hu51>}}$n zOdTa(wGtHwP8r572ObXxKyuf}v!!zHPc?=DN$~_0%y|}SK6T9UfD=P;0tXBb1ei{A zuAfp!u~dJnmq-`gR$@)XCgru^TcQVE7NEC-N>>D(#Jv1HnyV6DX-qtzjS`*`KhZo5 zQ#5tTfd&0q-_v-Hg2>1HP5A2Bt~tFcnNlK(MYQYz3~!4tE{`U3Nw~Z*Sn@sEjhkj>$i)9&kXW8GF=-OH~y0eNaL=Ngw&d zu>5jRc_9A&@~}Q(V@`EMl7Hx+{?vYh@#M2ggbxz}-iNnVLNO19O2Yo3>VT))H}6{=V~s zQhEEprLQ!jyG_Toc5kL?!7%|nz3^$?#}W@W$EI~Td79i73QL_M<4V?AW1qx?ox81ob%af1rjjcXw-dQAuMs_&affU;`l5!p}0P@Ks_(aIP3&zh0+H$uwxKBn^u9kG@9?|ol7^^Jg?5jeFfWc|(7+u(f1fRXsq$8L61mPtMU>3gg2G0ebYm3sZ2`8V(}Gp+<G0bWgDAF+JnfWyB|A z@!qrTgXeAvy4+XfBvEWGxIF0eZ>A_>U05V2u~dF!1e)B>qIVy$vSsvodAw{@g^}hM z_Ik`{-l*N9(qTdA_(RN}xRrn+FLi<{YrSU1&{u(PlA3QF{u2{}u?WuWw3xzw=|$wx z=FEDt2Jh{MS0o8mQFBbp8)x(QG5RQuBR=RIn8bCf(pup#t3~Ny0@TQ&|4e=Q!`k&B z#2$rX-sT7pl|p$ERH)rd)ZMJqIT(>;F+y}HvlWSwC75x}z!$x#9sm{%Q7b~2ODp~z zaV_TrNPm!8qa_)KlMB5HLeRtWVrrlp2x%C<1Oxzig5{=VjnX)pRu^3^iBy~bt>zvc z_5J-esk=>#p8LMXm@X#2ZcIE}yvs9_ww0)sU`kWMT9<$V8s*wz>l-zp(3A34k&l>u z56lBG*5HAU&Zw_SKgZHs)-MkM@;SY#Rn`t(ku8$_IZ~?*kCtVxp|bJUb|P@pt899S zhEL&Zt}X-Rm-l8>Us$en(l64~|K_x`m3to|WPTZ6E)ro)UtL}O=|9(HL6wO`uToR9 z&3;x1k~&#xQAu1RSqYeE0mky6K~)Rd#u42v!yd*lwvl<9qd2fW(mYz$v*gfr(%!8Q z?<&|o>H^p`uO!_JAd7Ubj^p)Bp{@VLA|bJZp-!BSh2Bz>qYlj*&Ml6lyymI8u3VBVyOdfv&}m(I}Pzp=YMZSB}qihG9#2j{s1FDVP1 zC%l1mS)~L8PffLq~%DR4HAM^3g0aTwg-gEZGcbz6ItKW;^{*#n^XfT|KQE zZ_}KJaVq15gQh(4DY9E7r2s2pF!J#o3W#99aLOIglGzjChs zKPLF5>$fR&hHt}_?_?lcVn5QbRKnVfS=u{}B{)yOkIj;4zA#BV!TXQ6nEr*ISz%%< znkY3NmV$VNbs-iq1xj+QGJ!L;be58eFsrkn61HaPGDN$)p7rJB&om^Aa)R^s&Pa#n z%@@DV&rZ!B6ks<%_n?}Tlpyde^0x#~(<8@m@O%8Ejegpej#0(J4L^kTDhtY39}QnQ zQzvrle$0__f!ae-&AZZWuqGMO^0NZ0C!M55tNi-9B$g=mOD)MU!&OaGe9QX zUz5FH5jA=oHYxU)DCoJlI-(Ey3PoERBK*&&w};bdUD7$q_?(GhrV zmu5xaLCZK@wBqp{=uSkK;OZ>e1rZyE(sY{oq^N#g{tr?M$Uh{ z)<|2k;=QJ3dS)|#zr31;JM%Rf#EVb~oG;R3o;JD7GDyC(2k7}FJlvif>Xpey%Wz9BdM{Fn; zwbCv@oHK7q&gxA$XaJIDLfIi{FJ+Q&UMt);*Hh^N7^AvtW{sl<6ryuQ_aqhgDel*m z${%4a?$K#82ze<_qS7)@o{H!F73izB(1Jx^v6`Sz$GZzQ*%rvbPIx`QeK4t!X05o4 zzU~A`J^vY1&t!f>02z_cm3GI@Ckn(%tdVJMWreeG=K{_`l^a<<$b!svX(KQNDS7{< z@v9vJft!vn158Rx0+PQ4zcyHVx#g*At+!tSM)i3aX2!R2gF0B~IqT~e((c(z`dHB& zVQ=B>a<;%#)=x0g*@s zZnq*hj4#MHN=Yt>k#rO6M{30sG?1p2`x?bzkVtXgB3Y5P%Kx)Ci@O?72h7!7ZODr< zd5GIn%$@zM!3HZ1V#-clbN`OKIDqlWaym=Rc!jWwCJiZ=dKx!QS+aHai1K4~u_5DqbkYMV9q%T55%)TG%3iO#;|1(9jLgpUIETq~PI{*sTGS199dKh#DEtqc|b* z-#rR868Vd>D?Vlk59YL#Ya)60mOZ~V3r@}MUmKLr)r8ckXx}?!w)de>ggk46Je6{c zxgIeDX8W^N%?Spl7}z{aO8+}1pY8bdw}N}~x6H@t&paA>({+q}H0iSJpY~UpnXE** z2E$8^56l@_G_=U8Pq1f^XMl~Fr#o-K9Ey}$KECPUHmYvPQY7SSkxL?3Fj=axcnZh* z!Q0A6L-$ouhc;mW6Qi{uxP+TkP%XhqO2pdQc^NJF%|JUy8jeDv?2N)yryatZDONHi zlqC)de2G_iXCc(+)a-IHll{#&6u`O_;lK@`(rwtN^!nb;al}Szjv(~?<4wFzuWR_W z88*j~VcUIENB&Vhe|qZ)T>r8gQO7rk{a!IfEU9XLV%|;0YZ%w;j$wOJE$o(XY(H!q zt8hTcVPVGf2rQ^N-H3Ig%=kA9`x3sI&^9)r!5eU;Uwb+tN??no9^I*6#5A^KghV(c zv$Bd99vVK|#dx9u8KNd#(~yTjr~&^mJT$+u>@9hsVckPrtN~R7sR8WmuG6JMRO}k4 zNEwXQ3kN(WVLue;P@^@>nBd?UUgho*OGRxdg~eE$2cGR>$=X!II!h-Ol6mUlMs`5I znLXmBrgqRqgdO6hX9W>f6U70R;HZOmSYqCCHta>SUa9d+ATg|1TT=aH&7=%zUoSn&Y zXAEYWJX`y(*cRXOa&8&b`J+Lm@M+ik43zu%7@~}SmZz)xW$BV*(28AzJ1or~ZmoD1 z{yk#|?jNoRqws_#`La9TvqLAab$V{Q`_K_kxuo6VAGk(B9zgsz-&wMb{0Paf3m0lv z1lhioyos$yyO@%05Qn$^RD-sEo&;0&NWW1*iP*Hd8V$D{_5e^eBf-htq@*NXMn{3L zT|#Y0Z0kQN)?zn~C@aZ;zE^=+?E+Vq4d_}!1^cwWo@`#JYKKAeeL*Did$xD%Xfj9q zwV50A7s`Qok$dv%nRyZ8MC_xQ_O8$&*Rh*7*TEgCO$~eO9crfZgy3odXL&zVAXY&E zO?_2DN+se`Jok8XclUX|rLRI+TW-5&*@U6Sr#&>^aqta64*(Dy_r`tS_s#mNwQo6l zs+SHqo$0Oh7^#MYF(M#!B5i_rBWL*uc6L<*x6ro6bQdSSwG26fXB5I}>;xSx2Pr#g8Y zRj=*q&Fib{EAPvzt?jJntBnWm*Xdz!S5wE~G3!@5WNd7qT)pxEv|v$083klS`9zR; z6??Pw;&31idFs~!B&zbDJ`%ljQJYAl_+~1ZaA8D+s)$B;)C!v;1*N_=TNl_Wr6k|> zdrxM^7Cg^w&j-(*90Jp@!<74ZRT8QpII|HJ8#V6Sta&<1rH2HR+bDJl99M)GVDPy= z#!%;D+UB10MeG%GKA{o%bc_Q>N3s=Iq~6HG1>VR-up7loO~}WIVqO&btTht6CfCx@=7#T)$152{ z(~BB;VrR-LA0GP^(sNd_C0x8kZeuj0l2iEv9Y6{^`Nh1&=468=3l`q%4RSvgr)kMu zYbk;|qurQXnY@<#2tf=71x>U^SKc^m? zUmS}(L{JXO#7de+(cEh&=)t(on^pAYL)5RB)Q^fjSNG}~R+_0`(x4)n{wRxGNsRBkFbjiEWU*36i(ghZFXSXjlV zhv{`=zzm}qZ0_%gIX)2c`7ah4mPgR zw5Nh+yc(nDn@d|1ie2=13_hvxcDRx(eva+ET`swod7^whn_YhE`Mic}JYln$UTk3x ze*Ci&nB#kpapQGzWDH+z0Yi=@_@sM&<$2c>OLqGkujw`3b^gw`zh6_COcro2Vsq#0 z?%5^8$B0FQ$cIA|g0|Q<%YjSONiv>K-rs*kJZx{+zbj^!%H{@ayq<<|3K5b(LJ|gp z(uF5tk+K0vRirNrNp{GD$Y*SpA%yys>LYm~_89o?`ZV#Lc}>)=YdinIwNy~&J#xdg z*c~oA7@ib{tSGFTs>66#+WBVD;=8Tl-XKoYu~xxen*;_GNmTz?!SMKi zXFURMv-`+%f>`T8)97S%(#6ZRpLyYun=EKsFB?w@kh98YQg{=($T7(A<|N@*H&=Lp z%xQ*!_7FQIMCZQC1Rkg|bjckfC0RzHjJxjL?pAg~zf^hzlRYI@IF&@aazvpNCUHEl zgsJgg-e;W%BNR#mND!g~$s+89Q76MTEmL!-e`Q2cNF)A!j%AhgJ7J5a5fSU9$I4Pg z<@$r44k9|S!k;`TEhytjs2X_}lydZT?j)4pv^gchxsZfGp`|B8%PNVes&w=GnnSY6 z(QuVpO~&IqMx#q^bzJ1;6oK|X=+55<$ZnJ-!*D-~We5#uv=Tq8Y`YwJD_F1F0 zv-mrk*fy7kSveS=^rXcuQ)4vgO$VhCvC&I*xx8qm%jjA#3J?j2o#IiiL-irDgS+xG z12R_uwGH4OBM!!C_mU|{%_S$tMb=4cih=KE$~?0=!{Nrb&yer=++=DacdH`?FjIaT{&SFNA$)T)I!#>^!^W|$ycx_Y$JI;o6c zCYQ~&RHy$JwJlPL6g#E&7}%r3FEqb^c$}?@!o-!V9cuP?X*ywe6odW<7A0twh%!g8 zE$aM~@s!!Fvl#`;+faD|%YpfUMsa~h(FrD|_2n%O%-#z3r7eY=E*~M|*qI>K@m~QJ zJ(`3?Xz&PY(&28aK3~~fMbA`od}r_w|LQ5D?u2@lWS(Nv)gBklXwJ;M_~-XZ_G?TF zk6XO`Oej>JgHAMHy!UErbE^w=A0y)dv z69K294|-eA6T$Q9*n#5B$cl|_@R7}0VdtNn4|rZ>p7Ey3TDt;VrfMO|ycK48sHS2G z-o7H98bB0@3y4b{qyJc=x82BAuyRCIl*YXa8Rb7B2`>W08Ze25$^38?%}f5)oor&c zLSIX=k@JS6syX*; zVAT?A=O&%xGD59<-LA8tX?$_TlD`BELRCJG&%zdP>D*$D&0UrL%sz+8*_YYZPT*9eLDA`_be`$b}B*fmd za*LPn=DnxP!e%{cl7!A{kIA$GiZT?c@>jxFG@rAT6%EwzeYQ*7K}VyMbx#Y7P*l5U zkI~_YA}U+ExGj!kHKn8?>WCoGzoP70>B8zC5KNL6%y&|-i>3g<&C+OL4r8u93T!)M zCS0c%zhRcAIbWC4nI6JFp6&Ms0wg_W&mM-Scn$tQ43Jl%Uh>z)L{P#1&sq} z1*n-L%hWeJI1B#Vbf2Kt)Uo}%6^91tz2e{BSN;KkGJ#<#NgRb~QyPT4-eC6tV+@rt zKW&V_gIO0s?{2fp-&sjn^9c7>s3Z6jbqR*A|4Q$s!l0wqUFn@8jWerzG1#$)qn)6k zeFg|ygm|GS-C35%G-Xef1v6Q>5$0mmpmJc>7le@7Oft?FOi)*~QUo>&Wt1qMS}$SJ zp*-Mo3)&d_Bs2~`l2j4!A3n6nJ`aQ(eg?WFUzIz{iTCg`8)L1=*?5U4Iz2k$aO#F@ zh7;BL;9KH4U4F*RstS9pe*QT7nE;?(#cx=xx)bJT?aX=lKHf}^j-D7OY(KkPE|XrxTH)6px9*KTs;l!aYd22y1iZ9-u3!_vq1?;(1wU^hE66fY*b=D z1-bEbdVI~0gg+&CEd4Q*!xt=N!A#K(pzLhQ8LtC5HQ}1uE)wwD4%fJUhhl`Eq0>!y z>a&-JEYb_~Q{J^5uSr%hBhHH zkglc#!=SbgP(9W>f37Nf^ZLPgZJ%>Pn~f95et=NK9`{|$8GVw;CO*2UJrsxo7v!DV5f6m3lYz63Sn3;(*f9j zDxjLZO4}Q=us%GcmWXf$sF)0(A=W&%h{dn81bSRoPTC#Na2c^ zKy4axn-^lT-xGT*k?cyn$FRK(TXOBG^@ok?s%vw4wXa9~aU?M)C|x+ykrgTgj>0@;Xjhh8bNfbhdH2H$Ga@c1$3S}G_8uz<1~uL(_|Wm!pHjH3 zY1s)bUvjn#V@z*R*L|4l^#;pZa6hqT@ys-uoY6$Ac;$+8wIy&Z3H8dRhseH0d7Tux zOp|-6AaKLtPEx%K818I_S&tu}dqy|(=O0!NDC3e5!BxN{mS>&`&Ou{+I>n72i zbG^-LTn#*aXTMd`hiBB-qn_?@_)loRLcAHn{Z$2@E_lp;>fU>=$+{)8@yHC4R7}fs z>8g(nj-}L!E?3Y^S`HX5XA$0X->`G5_6~HBWM^o=4k8AT>hkgG%D86cCn*O}XeGF) zJM~vha4)%TML6SN-!THtP=P*J&U|-!BdYDe)tK3r#*q5 zcOKkc{KWc%d^UWx+hwwR!ftBd6S(;vfh4Ri|9KKJR8 zhzG-LOwgSbA`umhGQzVe!Xp0@Ar+&mG~*bB(io^vq3%on8f|_-7h)RfI^pHqyiFcI z@$_gQUEzpcdAO{aT0ON)v=XV&6P9A#C*D+0Q(7@5MW2`ck;65+*YPeqhN_MlSjl`x1f&ZLyJ%f>oOiKk|{ z1v(@#9?f2+jGJQCD*Fx8EY8x7v37z`chmDM{_F5U-Iz#`i}q0j@}H8>Gs<`FlVVJG z?hUFj3o!juh0|Ul_a%sE1zJ4@jZ+LVT5XKA(tOyaY_MJK<+unbS-^0ivk6(mttDeJ z>f)|jz}A7IWQ>}2 zZpIqz7JzqEKEO{cNaoe3t(~!@?9bpG0kk@V-E)Py`dhE{qH+POPeHR+BOY4SmdG|W zH775tI^R4ekJD<IqGm+xam6+yEXgLFZHP7taX4&zE z#K;to68etJFa{rw&;Fm2QizE`6fq_W4+)uIwco%}(owO1ZeZ_ntzF?xpD+Kd_4)jE zr`9HYE|;7C>||qb*p~S}7o}r29oO_F%$#$jp^mh)sLs~uKEgNycayIAt@KZ8{B+jJ zt@(GW1&Gh-SH8ti059s#nUr3QQ$#dW`=*`xS|nMv8=+i&#^CEFnNHb?TmKHhntlJ4 zy@%=6UOt89O`n&PI;NS{P2DlL*U4)QnSR~iG|NI7=N1bI9(D$BK0@7FgA>5yIu=Th2Duw6;Di)J@0 z%I~aqE0Ba+>cMZG%bQYGf}AIXpohzbp?+vMFFRBXSvNe`)~V2XY^6PsYoKNHaB)#C zO4-Q*c#Gg7YZ&yAE0$XWx4a=hk%o?XQ#c&hqQInXFW`39tXWKG zT(<9f{^R%QeLkSi<;P`(wXA#Yxx(t}%8RXKZBK(OV>|tE;ZoF0KYd|k1DVClBIk^< zW~ArkG}OVD@xdKE1aoE7-9kskl$qJ7H@|xF*uLMZg(}Ss{@#H%j!70d=1-E6Y!4!_ zt?h#eeIpA2OKWb%zxk_uwvB2X8&S>V^?i;zmNcBJBwUpBjKdPC*)5Ro(a{6oD?aMD z_vBh8QbT$wro-Hq?D|@vdr;ur-QG&ZTJh0qtEde(fm-^Daz{C{Z8YdMIPNqjnvKOHP39d`2+uE^ zhqqDAC7rYnhWl7TR4ok~>!aTguUb0?TPB?BO_Lu<=EOKVldFglV$(mX`Ed$OX{-NHUlF(uAOiNokg+CIp z4Ps7O{}a_Sw(4=fv26qvxV0!nuQ4On_|g^fAFe#d)L-c{C6Zk( zuIW;)0A!_zOP{&9;?zn(>zui`f^hGw{!NYheJ`u9i8XT(#INye^#CiBO0zd&QXriCv zN)AE1M8af+1_-`zs=#!CgqrXpf#?G&f~cEW1MQx0kj?^bo_(UZb+iF+#P74vtcO^gU@1Kpmoa@iVxub29T zQog6dZt_7ssqH^ssUq-dQeBqyZzStq8aO3zPn523rowz^#jx^VS<$aPk)SU0SSMLV z0W`k4r{1xrMYrI8sP8kvtZjq2QFe3Q#MLY|3Mqdk{g-w7;k zgJ75b)rq~_6;%Srsl~Zw?oqzEP$@fcN153Iktkc%Zu; zwRRntb_~O>WDU@GnP9Ske)Wfp0LOrtC$GHWUC2i&1dtg%!?uv;AI^@wpr~KyzYhao zhWrCheNbO;o>1@f?Smah3;xt!o>^SO+ot}E9B99T6r)51l2>hmzt4y!%$MfKYW?!Hvhg?Ig<6GCxv+8|fT)M-wbtEKq+y zyzd1)k|sPM=aXK->96!l5Ju#Z@rJ1W?LBV(RF31FxQDaCW!xn))+);{PEWx@DFq~) zI=^VA>-8R5;mULAoC@Q%*wJEdwEe38_6z2Cyeyhf{?4+QY5|aX16z~M?lxry?j+AY zg9r+SbSm+m-EFAmr5}Sh)`BRW8T$-|Sq%tF$N`*gx55AFN7mWAIp{t7`nTCsX=lrr{q`7^2LylPz?j+sHgjWfdJ7Kf}R4tfI;kS~6 zb8z4N)jxukcXZG1*@manD`j^l4lNKAn%_H-zI{7;W|E4v%3NgnT;vxlc+YV3`@0CY zmc5kU@NB>3KXo%N0)mwfLto;$!snH`UFw3g1d(3z%kPl4hu0nEGCyk(-jdbBb?w~@ za|PV*!g|beQI=}^WaZ%(ub=hQuaA}ElCSXO=8hML_;UK@gL4#KjwTM=3Gj;_&kQV! zuClte%xMBX@E);i275X1y}k%n>3Smw(&v$-a%5IRNabvodRgUvpgnG#H)-QF`;#G; z@zD~8(b7{nhtH!kFpBMuaXIBJUcac&%H*07v^^`;rC!1MS*#Ci2V$$s1iN{e(^w|pf zgB^bkFm_xtUr}q&Sna5O_;*j8dDY=)m+qq4x-6-BaLpQ?L)b!BrPUkePz+S-Q1)AE zUHaYoP#<>|#+U6;e90qS_IzP{`wOl3j;%wcI;`i5>~Cd11D%P^GmSW+-xZ_+$&?4zBBoiR~Bp|4d@Tr?m*)5 zo(JjkQ@Xa#(ah6|3u~wOZ16F@g zcXg z4LM%=J176w;An@Yp?@n#A{Ft!dD+6lsm(1{o?xF~ z@BG_0C)kVg(t)aQ!`(5)DZi%#nEBc8cKl0rc8%v}&*x!qr;b^Ezd9Q{90EtEUtoa^ zKxu(=zS<3NGH4Z2(zAHa@wwgIaqGQ~vP267z19cU0^>+tTtED$#j(+lNJAuOW(Xe99{jnj87_QO~xpl z=jw*FbWNIT3FzXP|IB$i>N(qXneTn$OP`De*(86b_tVzc`+{RF66Yd56FnyAmRPf% zlm{LS?=+v{hXnugQq5@tM56w>Hc1TpaSbwM_2?EP_3QlDG|=MaCt5=@mh!XwEwz*G zbBB0pQKbZTU&Bjz_KSLd z-GkTz+4I>?5PkSfw2Mq2xLQ#y^|uYL^-MhY=<)^;3VR-Ce#`?{VfUSKvtP`IMKSbs zs{tSK4w7{C9e|>M+C9i zAEw6>fH!=L`vswt$XCrH6y5{>VS8?k)IGA?>jU;htbm9k_x$?&uUMFA>`s)=Ip5_x zAeGSd=e;L~*8)uCtCD3TV5nLEbI+KhkT+PD z*bf5JJyw?-ELyKQI2_d2fB6%U{r8L@(J|wwqf?jwsF%` zIuAp1;B#%46xRiyZp z)MU6C<@Ncu2d@Rk3W^^n&EC*%7$7eB>e7~bTzn_w9y$ZuKZ79S51Iq*kN=8yZ}Sh_ zgZw4g@IWB3r60tP{@pVvelQQ5A4cy!J{i#b{v6@&le9hSuEVvBIu|5>NePUlE%A># zxRi&)8borcZ`yq#5n>Sdeh$p!zde+qE2TjAJRW~`0M zB%?`Vtc|=Bm7!iE4ZRin;2tdpa{=rO9Okwc>xTJCdCbU2a>F3(4zeR`GH-+r%Tx_& z+pRXxIN3I;o)z@Z>y582$0TzDT6~%1 zfVJ(fFRr2_LDfA}X?aM7Rga#P#f^2h9355p1*TTu@&Wvu6t|9W zFcjr+A`zXPa~tOycjkEJ6|Ga&9CvwbW@|IT7$=Q6vHCR03`Ray+jVtX&`j%Qm050` zy~Z-zHICCp(PjgCQLME|7M%vof^4n4&7yWouXg!rEf-I#eD~t9wbP9oQ#{R@+99)^ z8$E9O((OHeo0e}j5uYIJKj;e0BdF`nYbv7PZsb8_UUF(ZNsw94m;yeSHX#?%xmZq) z8hg#11{BGIO3$f*2;pIEu_$KU?yBrK_T9g zRJ?>}v6$T_JN7jAl%RE0$7UI0`L%-BVFC(0)O*?3p;1X!al6==fx{E{PKn1F!kT_n zw^oUiZIbHCdYoWc^>UL61I>*CNHW-XeweQ2q9aMaMnA%}UdzBf5SkasjO2#13RYevEtz zLNAebev?J@P1XdUPT+++}jA&{aL=}-3h zpHjkK{?hmlIll`$`O`VE!4&@K18AR=%ym%iC|lxq885-9gcN?3TIqhZ(%&lSfJ$kD z&@g4eAxFGK=6Tn@FH1(f>@}ESZl*pF$H;n_q@{nzzN1qVBriBv9-kE+pW~mN5uctl zo}Tr*0GLmr{otPNZsa1;=?TvjDQe2}ta`cu=~vku`cp3r@(M~Z@>3-L)=xN&g|kK9PH)K3ZM+vwG5Bpz$l4 z=~8O?moCOT`2D0}oc32v6H(^}w180S2fqMe8VPmV9vt)Op0+FY9SynrFIH5Bl$`U( zc%m1ir(KcD-xJKjd+FKa<1B%|*FLcnZQGYo8VsGSmbiYY#})Fx&7*%y?q)ZedO}gM*Y5JOiUFjp}5^u^A+hA05gtU{ht-wsiIP`6{pXU zW9o(tWyy*t3~#&u-WgB2-1ukK zdtr<{5r5C;>czY_+tY6RHH`CTB&fkDXT%+a0@gqBrn?L}K_3KDqC<)v>^82An2^6! zL&zCiTWPsll_K>gjWSyoA>^OjGsm^= zD1p?j*O}|SOuuFp2lL&Yn`~wza0N3-@CnP`d7GxQ0Hm?%BM(IR5(?0ZMnP{BL)w7T z*7TLHAsPL<$HDHHgISjs69&1Sne%tkAA3XQQ~@kWuk>+>yum!f>jyz=Y`K!~uyl%Z zQ){!FxN^{=%9+bW-=;g*F8P2m8m`}%$&ZnN1{ps@qHN zzmQLeuyh(lg+E?~$#p1`U>}U?SJTg&DaGAWlM5#*@oV}_MC)y2bjj(Ud>_(4V=!*v zUD&Wq$&FQp>t89Q1b2@s`h%ExP5)UAz`PT}mY-=V=YN`;n_b|Xx!~`0<>}&Qg%$x2 zpO5o?W~Q9=XD_aKaiz=|bP~50sd!~mY~OylvKLPP9RSyN(cGCcHddSdQ~w=B@ekE+ z&oA9C*RNQAA`=3fK^cJSSKvz*p$K|@FjYR)?KE&GpKtEOeB-a+AniaIH(fb-c=xv@ zNS7X5t{2n>5C{-*pb!wjH_ZJV&=1Hx0}v=T@Vi~02ax&()PM0qtCv)?|9WmU7nC|z zS57r;B!JJ~3+1>uo1~U}*eiE;szCIlL}ho(Eqj={K;Aik0)XCe2PlAe*QQ$2DCX_N z?aVP|t+DtC2Z!-Qnm6%Q_aRt3=4Y*Oj0ZsQ)PY3VzD7GFJlVqs&>M&Z1uJ;Dr}d|q z0E9vngNo4~&h0T^Ek2q1)yI66D&Wp`;16LSUUw+rvLM}Fn8jHzqyg~nU``#tk?&AH z)XHopCcPzhN~?Y z|A6u1_D~gqy#BLhSeuD;k~k3c$!Brac$lA{69HDB`;D}stFsWQ%=_0r&S5qFU(R$E zXAD@@ov#sbzyHa>zbXHh$~X^52BVW#^H7v;S{Ht+_lg>^oo+R!o>)8zEK{4Dr8OjI zLG06ur|}nr8v)%9$Y$!h3%+Uj}Sl55)w(K^k*5auy z+{+MCIE;4>5q?a->I{m2nADB*mh>HpOW9*Y5BZhc*T+xbbbeKTKiwKU_-Y$Lq4w}8 zI#0Wqfv5u5as}PxZ~cGw3%St1vbn0z6}TmMB2L``kPZ2E)d=zI*lSd?=FEdB=>h-p z;o{DX&gQ7zpzSE1WxriJM}r`Yt;PrBRJ6a>F1AKP2pN7WK8(}XYb`Id(`p=ex}{jz zhGNVT#Dgu6QToC6YuJPs$6u7oXu$1NOVUOHT_|pXX`e-k~>vPX3nG=I;dn z(|nvE<7F<>gj!oY{y_IS^_x9f=hC*=a+JGs?{p|xcvvNeP$m=fl&?`edR8!clISb= z^bZsXm-4!&Bzbk}bu?!N6z}f?iVMhgjSA0`UI{I3B&->AXjaB=4@u7=nvlJSh>448 z8Hp_QQWtj^-9Qp7u17^S^kkEf{;0K=DxFM)^gp`uSP02p(TA`yv)Tv7YU1``@@O`K z{^Ff6BTve;)Yev?EO(Jk7hGYT>Qa@Yt50NOeA{95dWyb;4kCSaC-qrxIQ(c|%>N?% zBQb9366Hynl31b|0(%a!K1)A8@>!gE8b(zpJrjG;pR&Em4mI_B8ynqEViygr(!5sO zRGHy;6nG=aSaJ!CQBYBra`1)cYL@@Z$Q)|)FpeJGspwg@+Fi%cyafNC{mYo~nm%UR zAiA#iSfNUVt$w0biuXaAp|xMFlpnY*F8qrGJv!h3e#>ReBq?V@jE4hT zBw0!;QM~^?-T*S@msoub6dWvTqJ{^~H~4qo_@7`1Vu&emLL}_tvx4ZtEDgB^*1$5vBzN_cX3m||ySLz5 zu($zwiP)VA|Ea&dOFK{pMvMHS(KrT`+Z-&G!Ir^P!KlX;0$TmB8(1vS*r#=TbaZ@Z zwdWs~Z@*fO#k6w~%7^VM-8nUJ+P5~|*YDUV zE6mDrv_5K3`-lvUqUl;0jfIc!(=M5l8q8i=>bVnwqB=pJEUl_4$RkxZ73`GKeQ?NA zxI%|{5Xk#6N6vY>ORFgcB8zQb*_YPwv4OVd==oAgktj|P%BGT0TUAPeLW0tZ{}o1nK;X4rmL8}@k-rr# z3yF20tLY@rNc@F~?0SC7W{Gqz-^twA+4z{fe*5fm&@MtxShw>03soQJzYh7iI^m3? z3T`QSfe0I+4|n#1Z7XtOaCV=xl`H?jNi2An-pI}*unUF&3A(=Z!pc{cqc*mF6G~Rj z!}l?24#+-azu-9}xZryTo$A8YtAeoMqXA(XtaD7wmQ)Hk$M|MV`U~wPiUH#+#ZMLe zh~Ey(-9B)$%IB9SG#?>BJ!rK|iV}az#7Cz{=ktee26Q99-YdI20q~;2o5<*uR=;}2 z=yduhf*y%?d9QYIJNuQsdsL}}$s~p;lWiO;Rh@f)6&b2`n*mcBYMRM<7&RuT8<`cl z)d2U0Sk?U&YyfoZ$rXyd2#7^dOMOt?28T&ATl@Hl_#9*2B#C~@?>=^~zxhsduluUU zoO88cL2#+a;g}tdyQQ?YR{nkdoua?{b9iyF^l*Kvy6WY4Uw3CapHRp3M5DMr20|!V z10>8_kdM~;E`@qQ0zj-vV?Po)RhI6}fJ+4#av_%sbK20b_05%0GToKtxTOE)-@ZS0S@L(i zL=a*U3Y*-FSq{%rh-kcB{jLfFP<3%&t?ic=e3Yd|spLAUs*R?Tm^#Pc8V9>ail-?u zy2A2Nc&N)1P(5LkI_WwygU02y_c&jk;Ueej;%lS(C4~3h(Lvx`+}oSmwnWkuLkyA< z3numKNDtHF!Jd%p#wW4Rb3PGsl7EFhRE!;{nMe)9P*|Hvo8{qZsBBGRi&^8Cy`G%4 z`SL12$=7^l0gIcy@~%61jH*NMd%18RXP~txosa*SK+REJ(H7vwosD28v;1t!?R_m| z@#LQ2w>GSk1P7N&BsZk;v@UI7C#v3ya$2BF19W6aYQDW6YStlJLQZ%%=}P)f_J>us z*TF?H%jnu@Y!~xa`jB$@Ulhfcq@MSHyQOddk)-nd0S>O%EoVY!ljA?Ha3|0&vCI%u z-Z4@DAdAo&d5Jt~osAu<+`R`0^AH-dXUxnIfrX5WHi9vtl*+5u5#v72$~^n(gT>cb zy1&RYo2y#Rl=?W0N@1W3I%M*Ug4;ZBBXFOHV@&GR=)={+!v;g;I6CumRrpoyLd~mQ zbt-Qrt$AiHtqEij2fk3Yf4jbJwr6skT732z#iHFM_lfRe9A2WSCMS0ms!U4u%1^Kx zR`q`J#Jv6^=cDII>h z5abAPn=#=CZn1doBk??c!PJeLw6e9bMcW}M2CSSrjoB(>dm=JXoswxU4hqs2^Fomc z5de3oi)<_a<+NonqnUU_&9!lAgTX)A;Mm!`{B-*KjoAJMBBE}=yS#SX8e^G!70^68 z^*Fl`M8Of$*KzPSHC~{@Gts^N=Ym*11<@YwChj9?bnjnf-JtH>TD|T!DiL6MAl=4L z0iDe0q18)ttrFrqcMBGY42OYLK0~`=^v^PwH4@aq0T}FPCkjp5{8c*Y!9 zSbHPK(KXCG)5X_tyeDFXE?@Wt5uIx%CsRQP1Q>DE;|Fgz+k}&Q(N`wcxCps3*tsMt z7f)m=5jANQXGAX$am|0M2y{g77`5Qd|a8gH>aW(YP~o z%+$ulQq>7hG)o2JIMHic zic)=^=qyT4YFhAm%xvOxCF74t${5aqLR1FNbOC^uD^O{4Kmobh6U?auxQteTz98h3 zTbJ2%o`pLHxv<8b_uCwW1)_e|mPi1}RpM;)+BHg=p3le0>>dol@88AvJH^+nBN<4H zmMxw^#1|BjzW=N!%)#9GJC%RxH00Q)|Db(rw; z*DVO3@Fk=5jMIJ8OxruQ=m=9R+pNObieegmS@hf*&6MTP=8|r4r7udZ=}p^ z$LGl851p>b_9qdku8>fOkOtsOuBBJ()kYh^YCS107W?f=<)laJDyV~1Q>AZ)o3xre zHOvatRIO;tg#7kPgG{k5MIxag4 zH^31tmoG*xN~D@Psfo8r*_ENSs%vJU+QZdFJcP>ptn{(67G|PBd+5L$a!aoSjh%WO8qi;PPkrs6t>)gksvJMLz5t+wR2_zaOfY z0*I>E#a9G%jg9@qNZeM0DvkC7|4bf1mb|b{aSzZH`)t1OHv}$&F2+@^G6p@_T-%VX zk-Oa`-h|^nB<^o+K4eGN6A(&KR(ysHJ_cV=j(=3OV?>dCJU0 zy1wl4>(8wQ3%93<*ZHN{b*%3LB{BxGfSuMQD@ zX^rRJ6womN^Wrk2W=~Bg#!HAJX5ZyL47WOY?+eQ(Wz&bLl~o_0GNqLy{y9IMhxQNt z4^9tSjip?R>lEidvK^KmwY3S8?Tot;6Kz}@L%Gls??lcP9Kg@GUzg_Ii2b})chs-NSmGg;PH(j;auRI zN(EscOkp8PU~(mMhg$OAt4GY=F>H^6;Xx32$I4tZ#3wCNZO;yA-B@_QHJ6p4jmWeK}rGQc;F1qMl zFT!OG_HqT)B7K#Tyj$H@1gj8vn%~P4Eym!)C3B7%sdVm&k`8dq7O)em~uQynT-4kprfrS0KR9D&f|+(m*#@F>D;hZr09{d67- zx&cG7LjVJ?LDiP*hCRp?9{H%;v)JUCLyf>!M-DZxZRM7b^QI2BOtNDJ>9$EfFDDPf zkGuD;-aYn^k|*g(z?UCqAKBsAlTRpwot>if$)+{GlcR@F&vyp?!DPEBt^dH0lQ7t( zExgPP20j@vSBReEeO20mUV{g?Tj3Ca@=l|_4wF~W%z#NV?aNSYYD6+v++IZ_PWSYxGTQWXj< zB=hgtK{fl-s0TwLG$`Q>H*S|Ko!##S8>pc7bkPHf@aSC@$R$#;6l{bEyfq|m2u5gK z<3kJ2wLtwY_V}lMVa2GD>E9LAG6+U(;LVLez8$UMSUaDy-Qn)^qacMjt)=Pl$g}aX z7vopULR((4Na1seq5rw^`|~~=2@!A4mn(lNX>yR-`1~Bi@(FPNS<1!nJaIpH^Sdzk z$;G>VAC1hf!Nr){U7peD_%1Dd`(DV|Lv75`ir&%U?sbirP7*2C3lhCtES=i@~e)>pmP zwjF~-p20Z*1B-{hycfj`R*fmr4r4-2UGkPCZQ3|s#816oF_jy!uv|I&tu@35u7%nC z=gtK&s4^@kmdUR`x<3@=m7vXlM~&yiX)KEqx>k$pu32r7kx|~dWDBn8;ZckUw&Djs z6V!SOX|Y0I{oSUip|Ht>XN#y5XZMk}YVApGaZAio=n4$r4 zieAWNL*dTP4e#5i?JAbpNUix0f3<)0Pm^;t<>tw!Gn$%6ijcd8@~W!Yx^J<)uISfD{|;8%oCIb$TNAPwgMi_M%m; z8k>;T(9B*vZA~)QUsPvZf{zU}w(@BG%+kuf>qod%TptQU;hDbKgzAcs4ef>Va_0K) z7&~2FI{35NGU!stYRgoOZ_cGQ^jRM ztCB6$)*-;013E5ImcEDIw_*9v<$=oNKWt=Sy7{0{b>8Oh*!KI}K%RU5IRXcVdw0az z)3a+_GyKwue_mrx%N^L85$Ufvm$1drDBgu?-72m2i4&ORvRC9ccR za8@cZ)mfXDJa)Ue)>?0Xp;YT{N6 z|MqSg@qu)=o|T6(Kc^g&55)=SZOs@Ya-_lsXr>Mu4Al*TW5FrYL9@X2gu{%IfO5I8 zqZsj%w3L=o9o0OVjA*91EJPj}+RW}QD}FO*tCGyhn0soRxJCmPJlF&JW)40v!#@%X zytvR~CW(IsIzhF^SY@+DFJ2$$JdJ0HA#37pcyJ#27X2rVoFVdJtVvwRF0+|I&ry

    h$@0!Ql%wfOf8ye`JY*6~UaLMD z>EMX7bgWp*dlK~OUZ#i4t7*k?VRrJ29~|SMu8s+lK_*<81R47Ny}UTUps%cRSd1wT z^C28{Eo6^O@UmC0dtaVhpX}io;WbZKE|_ps^E!D6o#%Z-Nw@O46p-%e6J%!3&!E#3 zJ`@BUlrhz@Bjb9}n^j<}PzOgrQyvp|Azfpdmini=0|se2vz}i6cXYrY+_npB|8pf0 z%rPz?ncJeN4s~>>{+NZPvIW0>*| zggU-CMDHk>DnE0!NC(LeYc1+6yweLh@LCiv9#>P{7wEuj=rxtGyAQSFgPoMB(lrtp z`{uU?I=Gu=(y4a!$ruDW`Rz2>g0**y36q&{_Oync5?Rr^SH=_;`}uqp+I`TBsw@Hz ztMy>z>A;J^%LScu*g}=}_)`aT(2Am_P?oDn=uk(7L8tzD$-oOOq?(s3#cbYe@S8-M z7h}rf-;8wVqZOUJWGO!LUJG4~>2h6V#LPekRJ3&#%lp~LfI(!TvqLiW*^Y}Cl#7)) zlsUXLEIZ;VobR17yRo|(H$D(S-7{)?F`Z`iH3Bbe9DNcv%z6=n6|?9R7yd56WG}Rc z8di10AnT=cjAgDr8yhglOzYE&=coMs=7`C!4#}E+?@uPwKj5)h^HVM6Jqf~e(Vsc| zk%G1A@+@&V@m41fMU-7`_&xHMfPvxFb13URrw=OOM|Arb=|~@-5yq}FHPs7|7rsMc zdM#hLJ_>3>!Ob(ZzeMN1yui}|24=id#~9N(zh8o}?;zD*_<#|-@K4zU;q}FHkq$m= zVMS>5+}>^w9sA9%`b&31gvNy|t|fE*rC)c#4Ai>e#{N>22jBTox+<8_J|Y60Zgz{ziZmeX7;dmsA{VBJI`Tp)~^CDy3DM`#df3G?6rV_udXq?->WTGNHJPw zv4{WX-2_}g&NJ9ze=e2C0SN%gA(`VU_S=Vf2_}nR*=82EiW|iks^A-IT7I!Wq=VKD zrSoFPzF0WHWOY-A>5*b|gvOX^?{ADX|yz;9&lA!+~i0+!s1JR2;*56vhlTbAJ>u$owdbti%N~A_fHqwb|Jq zwEnS1z@Uds2M)Xv%|d%e42}!y;I4Z1PB6Fy(J8ZxYe8{DY3#V;r*j)zoF1}lB!i(_ ztm^x`VWB!)W((zgKdLP99iPbA-)F0p{=FQQW^Tfa+V6lezv(d;o!&%x2u%G z^U%wwQnO(?bThG294UU7iK4hJ5Peq54O5;Xvr@J~?1ub+vaST6pT*DMowO zyjrcVk4`YzeK5u}ORnuObWtEP@j~a)hav`7dey44%=I^mMhp__=8`Vz<>8A0X7^09 z=$(NME+OkYCd*SlD>>zU{34Ux-B`Zi4JK*?$P%cdOX$p8Gx93{DdzkF5J9i$n}|sWs2d((gtLx~3FH#x-z6z~DV*+dUc^ z#|4aO5z5!Sdqn-1_JxCHiEjfhoN;Eos#$1M#9$V!Ic%1FJYeW?RckGpWu;pV>yB^< z8KTa$;5lrT_11?l**Dl6=DNrWB@%U@ILx^TCaY~Y%<%~Z*$piZ&g~uN4-op!h6ULv z>^7kRwi{Dui zObkI1Gn0lq;*S=K5@S7;nlhQub0iQXRjt|EIzo^#%oZF|Gy1&*Vr2Sg_Vy2ufiM{+ zqj3=ePtFo|r)MJs-|ev`uh@0oh(SuxQmkqTe_Uf7VNleV#9#h&Nk@k=_Sq+-`2Z-t z_wEBS+pA^Yos|XOeZ4>jjnLYdvJ#iGCPWO1?bf*J6TI=F8w;5)EJo+V?iYZ=#Sw&J6g0Zjq6pJhscu|jq@(sl0>9tbC;EuP#Ft26>Nv9Go_^`V8 zCi3*&DAK_*=W1MH2v&F@!3@$@78p|xJuzYs0$E0|{MK&?Y+(FYyvika^>lF9WCmBp zzG7H+V6v)^$h_j+kq*-ON*=~kD@(Zo^FyJgt@A&x66o+t=bhVF=5QWwxZ!qV<<<6b znCBBZsGk^gTIU}XF+`~oBQp2iCdKGzK`^U$cNp^E7GY))V8Mz>2PSlIkFb-M?7<(x z9>hvyH&vZHUj;hU2&Nn(#?*iJjtCC5yhn%Ur|$7dpo6l94mKqnHYBbo?n~+Q65Z(S zor6K>2tv-jb6hM>(|bF|3zmfx(ZVd|4+)|aUrb`o5GjOelfj6zr8IgJ5h5>^M2&Ua?2L2~vkV8~{CDW-M zoft4kVQ5}5u3w%Y76~7*u_gZZMr@nDaq^p&mtR4x6>_4f3G>Q0tGlXfO0iFxicNnV%Pi zB$%w??J&+dlRP+Yt+7`xY!K*2w&VFG3CfN5=<7h@%*&@xVpz+<%j67P2^d}x!o{Nl<-$F%ltg%PB_Bg6HS)>H0%1k z0}MKDl(WHf>RS$v^5E%m6Z6>%0Ylx6=KQSYoFB-8C)xFWmwmeLI*|^(44~*Rrd%)R zDp+NGrxJ3sU2Y1z=whWByI|InYZKTPa8>P+K>5JXAP?SB(|LOKyN_%~2OS7@WA4$!z`Oo&=Lch_by_@<$5# zdvV06`4Lr}>eYuZ_64!}N`J%=#%^pX2hQo`!4}L~{zZM({W)Ub@~X9vb${OL26*M) zNo6|qV^;(^*caLnm33b*tOX$1TOmC5VrZB{%F$>KlIaxB?iG3ALYC4))}Piif27bS zWU^YUtm!8HNCC#Gg5h{?Hi>hHoou=r#n3+mdC=8uI_k}E7l|X2(H|Ec)jW%C4EH9J zzVbat#~*?j632xw#wv{zL0f4_{V_3V~_Tc+xEvG`s)#LoAcA27U>|6QTvqVr@Uav^t=>fx<5^y;{t|a8B52S zP2>E)YM5?9>%RR19n=`iNUwB{g&@@c2O#^1uGpUky*)&|7T&WumStaT@%O-s9@Wa+ zOhjlq#p!`b&_kE3&Xti0n5kXiq**>-u;_NqaZ8tOz^HINOs}X&yqUL#D5hD}9h&eNI1EmlZtbf*K8+aE*OdhqdA1&vVEUPb`nty{|33`VY2E9RXLJH0 zqo^zbW2!e@zK=0k;2`p>>>Ws=GuW27_m@!~oEE00ZnK!jkOyF{SABEOh(Xw7?ygN; zPM=Pkes+IdF>Rwjhx{?+)yc_y{~HklA6$7PJoaMC=OP9hUdh9l`u=wU2CX3GNm>8J zdxt2b;!>NrbNYDC2CtXlEg%bwS6M;1{YoJ{6^AL;5D-~~<9`YegBk$x|uwuD@h z$!oK>1214~kL}k%H;9h5;j*TmY$tT+`2}2JRl31z+IqqTxxi2)qt;7g9^+0y!sO4y zF`eRpr2{YO0XEm-?ZXmG)(FEgH#-KIX)Uy_iXJX|m#0IKgWm75FD^YaU_i*8!<`q3 znANiYmU-1x6)@QCrdL;fvVFwlPhHAdJR31|O-k)S8P}E%1Uk5>Xzz>i_K3k#DazI{ zuc~wbJ}CyW_i9aLo;RHu=pePB&kMnfT{L3w8n31E%~*F9fEUu8`t0U$Rcp9&5E!J8 zbh1ulUc)6|1*3J9lL6;VsdnEIUI3C4cCq}eUOz=2fTl<73PIkyGl!k2cnSrzr!&E-uA zgUg3 zFAj?s+#^@KMCLw0H(*n;LtVjZZgr3?!nI`tW@$VM1ATFTIg zHctrSqAaeKhv%nw;NM;z3a7OL!12(EeglFP9s;oxteN2LHIvS^VO(h9wB)HL z_)W?fy`)a&>mx5b5~t{h%)j|MU~pO1++EGY6$6IaYLsfYd7dr7AaLlML%~dR{t?s% zcOC5AK5>Ug2M_j|+hXFu0fSh_K1;{_Gh&e6H{}`k*NA~}Hs@!Y%lMIbLNUP{`?zBQ z9m ze%9ElFJF%sv?W;ktGwy71Y?_))~nwom@XN=ZLUr*_6I|ntzA6C??$0P-q5jPl#8nb zqxTN$VY$`TffqGXC^|ep#YPK841GSKlb6ilUYkcu{;Hqs!IfMl6OR?qcg2)$Fs6R* z1y2VUe5$&W7h}rxyd5Jth+#W1Y%-S}8Oh+5i)C7x^{mf{_a6{L^_xtrOG_4Vv={(KnKTwGCeF$afmA=&o1uL(d91@A zrHtb%Gfy;!ll>eLCM(9U(b)T9M+RN}=oD0BWZ8dxQpDioQmP@t+Q)klbUPrsipH3- zI5*J238;O2v2%;Rm|(KrMy69O{;vd+wPT1pyKEIPUApMYBR@zmL$t@s&3mifA0cpx zGqa0XF8=)cfI&2%-xHOgfAx5R$*!Hsux{`N4mE(=p;>jqe>@#PkcsNlW*PbslOm>H z_FA7{wpcJ=sEf<88qEQ_S}2AZL?nKxi{kdG_yd`|xLGTEd@`CJVW z8stBAE(K3dbCgfS0E1GM+Uzo}w)a!%iOpNlN z!B5E}GH-Bt#PrLaY!N!gJQ6Wo@}>26mj(=~>3U6>PIb}(5tD!Gnlbe(*ZF~uDTI>=p{X{cte4;_ZO z?)z##RCw+6af&h5y?E2dlc*t3pks`^Ir05K2MUG`DLP^8mIN5=KFUw3NF zhZQ$4&G-i+9T;)7Ph~Bx_I3kNAkH0yk+qoWj~$8>yX1xr9Ta#Wnlzo~YMkE}pp)BP z@ocv7UIGqoxa#H{p5S$Z4tHdWjj>n9`7;g}j7!ZSkG+21*EN8_tzkUPC_*<#*|Op9OOYI z#&*u>Go1Uw7zDzd+mz+0mT~R|W6&4WiD5eBuqi=i z`cR`auIfg2q!1m{;1ovG@TS=!9eCktE6Y6Z_D00?A8e27tIA{OcsJLyIpd!ZLwmV% zT(Wge-Zo&U_sW{X=459!V4m=CDQ%)e=9BhM==9Sj++hw)Fvur#%HuG{rx;tFGo35S z@?&6A+_#|srtE06l3iE^s3)0Q69VqX~|r^``dt_{Dzum=2gDCZ;CO; zRU8`j1x%g&!P(+a7j#2rU`+j~7uYBA!rKX!j@9!FOffp;&N9~v?3H5dIUEs89o;q2 z=1}H&gmZgIW<)90{8XDB9(kd~#*}&PcOxcmR2E)CqR!Lyvev5_a!*1hJ9ZqMcM{A% zeY`u2b2DjNs4iMM)=UYu1qWsJTA%E}vz~Cga1jumjTL^?f4(+g@Wim4`#H))mKG2c%f3w zA=~Hj*pB1N^yzN+uFk=2~pw(!t0- zBEP8ZD)VZ_&hqlW)yf)Hd47sD`u_hgLg$>b5{&(hOfj}cz#x^W&u-DN^QJ`%^`myq zkLbo)S26~ggQOo!eJ4i3xbd>T7=tj@TGMh>apxUIm;88K#fP%L7=tDN#Y^<(_*H{E z2xW9>RmOF}H3`Q4mQ~~4(I;ML%rnbO)ze}V7=v<*8kfw^(c?0W~d<7lb-EbwKh65yV!4O<7 zw^XCra2_WP$m9+4!s@d10tOd5%oC-a?~DY~&*rti1aTw}5*K>eh1bPTMmnfeD$61} z`GDIZCa*6toofF}A_fPFHTLH4HzEd2cSVc8 z%Wq|1a!*U>TqzzK(ZPoi^gKI^c;SLE-jAYW-55#M5r(`>%Zk=PGHE zBs%cvv^=t2S9vQ>7~4x|PT4W?!q!o9D0Ie4qcU>$c;cW-*WLDyI6A-}?`5v(_}u~q z8%KK*Jcs4A5_u9YE;|@zqnU7Cq=VOMEOS^tHYQ>)Nv5g0`u+ryy{j!I;qr?D23JJP zan&d69xzDFYk7DM>l3``#fnl2#28n#oFr{%?9gY^%-1J~cPN;wnkoBhxyex;6ao}4 zndf~ZI%PU&pjBRrBuOUwlN<8jiEgHYtG1R+C>Hg{1<}dA$Rm5_k6(D1 zIqJ4#ZmwN2V(21d=Nt;1YY$H_*`rsY&)1GhFoU!gCG&HCm}jyqc311Q{z#z*O>oVq zQyy9OMZGsh-9=rx7p~hg$U_fNDO)EpU*|nY>|~q;YMvQWE+oYitOeiaw$`h;?$y8x z2XlT@;%M6JhX{e!qLxC$nYvQI;A3Cfp>>$?0Ye`{HBG|Qr#*%)w(2RAC7t?gz#!dV zZj0u+bsdK9f7(IiauPJ5VuMpT%Y`$q`W%0p5++L&h&;!7j|3RH`C~2n;@<^%=rthA zL^T^O6frpB)E1OEy#A?xL6u0Wye#{9=OmaRIuR#yZuon|phe4a!kaVvTA=T&i)T|^ z=Ytg78$;RH(v9l6e*|7=#U{$S`Jq9KU7X~buTQgFOHmfXiwfmnFO!ls$tk(szMGWpHTD+QTHVqi0 zhxE}cX6)9rA_i?^Y7a7|b^J>SCi|ocV~RsQO)yTE4AdE+8(eI_^M=)pmqZ^OFu0BX7WCU|^8F(Q_YtxzL-Dl`2 z+%Ze%o8c!1I=Gdp^_h7U=lgLX!4GEES`@>*c}D*uN}kpcR~~$#<3*V4z7F%M-903V zKj>3B%0_YRVzqxqGAMyq;xxB5d(d=QgkMxO#_U&>YvXQu4$U()$i(+j#4Y z4+Ad*M7cWSG(CJ=0vV`JN)c!8n?` zEYsO(S<%l|Nif-S0jxaz{obPcglLuQTu>%c&#^=#gUxR3^=hes0Yf!NYaxm~y+1+$ zfxTG8k8?yiXyCWb+wu_ah7z5u_l1YGiZ}5Du|L{Z&Mu`x(hKC=P5o-U^tUJuJZDRs zVv`{W#`sn&7HgG9BLse*MW*%AUlL4q$%a>=+-ti8lYPXTG1Wpo=Y98jw9aLJBNo7p2M~bmOYh3)x<>0^zXNC6CB?!J{|G*0d-ZYoZ4%;Re z1R$Mbm-V{C1>D37&(>QqH+NhW=)mvMyoAo3E>H%Y!Ts%963tz`0v(*$+6(3Rsb_5# zG5FAz(r4yX&vFp~cu||ST6e}&#mF@a&8?}sIy!{OLUP6wZ(ScT z-9Cpk-<$!1&;Ho1?A&Q` zYp0I!{i0=73}g^8*k{fZ=Z%00@fGA{{iJTTW=pyBb6XH5=>5DIf9205Fs~Gv)bp7eSY)`E4c9y&VE8GtmM zlG$Ng4jl5Jnq|5yRXrur!M0FzWL%$0(;ccTNcq^;QJM$+)f3Uq4^PU*;BKhN>k^+C&pW1}UR8`I;m&$^~uugghiZl-|6Qsd2$U1f8Far`y zm-hy){Y%8)%&}Iqy7syhW83(LrzRL;_R>djHg4chCWMW3Ln`g zV!B+nsNXv{V&KqamIbS|u0KvNY-*#h7X6Wb1u{@~^SEsubr~@-m$<^F=&%wtkFFi* zSZ^d?dg|}a4H#mjjyI-LthHFcpnF!wFx>W0K6S0bU`$B0hCIz< z-mO6^1~#E`M`S4;`%k2U@}p%8o5#F56P+wODXKc%pKsLmfh>6ETJYHGwFXCCeQ`sr z6C-pESs-BWx|%jV&W-S1D9juTxHZJ5+RDwAeIq7+&qLaVw)8Orv=HB5RJ?dCS~o8j z=+JW~O24T_O>6p4AGxsEN{AuJQu! zfukE5g%68YdBH=04l3Msi1(EDvxrU?^|>vW4SKv-ZylNDr?v>ZaFXi24_4LI6-zq| z5-k{(+RCymp77p2FxaL_}0k!lWQdrk78J?P{&aYde| zH}Z7&WHQz8nO{TG-05g~#;4A32@>9_T6dPG`P*1Whc0E}HHFUg63i(#MhrfXq}Eh0PkR3vzAVz) znHhs8vHrY)46;W$<0UHgUiQMu_I5rcw-HLPOi7a|5ZXElW)^79WT7`tJ! zJo~_)V=+?`hOmtVUOP2S^Fh2-_v%5@U#%8*D1U}b`o(1j9 zv&^lTJ|jpNBeWou-}A*FGfcSNIwJFW-pfRF8-a}4%7S_66h{Y5LqJ)W!q)?FFL)5F zi^8zX%_BZp1q|-bC@+e6m0x-@hC7FdVAaVj^8DZ3K_0Y2X?+&V%b!IIUXoVp#qt!# z`n7=Rp_EqVb{Bnq#nr&+OU{tm+V0f~-edv;Z^JUHRdrX82k(dKV_9S#>AeBthO zz08<;#5SG|w*)D9#Ph3HO);j|TeWY>7lIG;!g%TRAW-}<1juz!|STJVWebs z7}t-mI$;njch0lJyqoZ{ql>ct*8xKvwn{gcPTBwE1Y^HQ(LCeq7{-K8rEA@gwOH{b zp~DzEE8p~4Jz|iAQ)XVq^~@~^roZiF_Hix}@j~yuNvF@qgie+s5ng@vj2KLi<@z;! z4oomv^+V`9ctnE9&H|aAJ}w$0nUQ9)Y(?ADR9n+O)`ur3zaFLWv5P4QzA!6Vn zne(%vJHH?gteB1*m`<_#rI8LQKZ=g*uUT>Ih;p@U5qXx`KhUA-kR@}m+phwKK6s<% zM{LV$E(-ve31iu)X2xv^9lJBXbyv_s*bO8qjr~E`3JwprWO09j`?_b4bD~`>w34*DmJ< z47Dno^6YX(iqUCYrcaPZ`)>F4fI>=a==f&GDq{g`DOEo6uttQYx)<%y@=5XmRBL;1qY7Rwz zwmjWqtaDlB`JF)#gB-uPm*3ee#h9U9bIsuaLuzlyQ}5_}0Jy3slbCj+-oX``7=u^M zjCroU-#YSwFKX?J>ia!XjE+-yev12l6ER51D7z|i`0j=QgM@;4akIYErSBm#_J#KS zgw8)cc66x2FKelnHGSWoxhTKpNn@r{&hqO;*EX^@-z6<^i_2=!!)N&Zsx?35&W8kf zkkit>pUCsps~$u4*^C{^Q*VeE#LH^k-ME}TMvtt)_NsYiOm)*Pkq+KvP%;ah53dLq z>O;0L^_bNn240)mr;g68DMn}X1aseR0fV=;Z6DyHQ4WK?=`L@77q^rFgT69ze-*dP zn_#j&Q_0k$DbqVHG z5BDB6>LPsfDB)_Aw$7qsFP#~A!Anqd zWPYZ7o?yBp{cduZIO2t#LvvhT6bT*U!BWcFoa&k>KnLy4X0t$j?JoiyWCnFsLXz0y zABdPP-*2jJ_0|Wx`r37yVzfV*fWgzJO6O$`=YBNuLO`u_OmyS({Sr)8?v?fWJgygB zZ_=htPUW|}w?S>w*#m__=PMswPzx*_auNibR4z0>EVBPPFlFLq<6^CAWxn?Pk zVO=$OO$}ow`)p>%n(r5hbOxZ|)L4u9-WLLfN*rpxvpm(+a>ij?sPkvfb~%h>6C6fo zB^XmYDmpKiAzH^AMj{!9G3hivh+QQNx@fg-h#vm1T^JX>CaN*Q>!~=;SW=yhl5_C) zwWEXfJbZ#!oja@>^?4G(k}9LGNBgVHt64L_pn_=4bF=1pffsI)+CJ^M%S8;fmy(Bh z)#t8|V6yXF)F0V{LtjoX=$7cj@cdM-?4M$EG{|(Srw<7j zSPs2j4)aKY$s&Bg9QTI=lV#ahH|nJpiWpS3)E*T5`AN=7T2riqxi9Mf$~h<)`(2pk z(q{uN)PGEWqq<0Z38vE}W~}-LnQ@wCpMQ5UOCflgo!6^){rHGMLeD(o?!7HyFm^>p z{Dgnq6)>n(Y7EO$JSEvWkU&h7*#xH3u1=10=-R3=uIA1?A_l2$OXli{LlcbM*wZd0 zL&Wl+$w8gDGKY_C9OyuQ^#0=Bs9j!6AX$@xOwXC((h@6NHql#I)aSd8BOMfO)V2_D zHk8Dv(8+p#9Oghz2geuuUSkUDQ~g$k|45gi+R)IokQ5QggTPbI z53gzc^JjsM@oJ!`^K4S|BsvJp%{gq(wo{shW68vk%y9W_3;yxG37vsROg= z)ca0PFxl4OIcy&Arw+!23%QC8d;IOW;#$xrc9qw{I##}TW#EObOYN!4R-StYhk@6J zdVw-^vX!^mJ7VwPu?e#)E?gGYfC9ofor4GI|CPcZ8n?RnP>82YG`I&Gp@4T}$)X(1m9pCC5JzTYK6hx{W5 zt>&4Ry_t4$#K7TK7%@>juZkG@yqPi2&BRF&gSHhDGt)W7BoDkFWx{3bD{LOR!%^A`H1(onvQS&FS-bnSnAc zI#6Qy0_TZBQ-RUzC3F^*VgWfD!035)7BzjuEEI9JUvJEXs^rf-=3V z8||Lb-pca8lTa>+=yOjgX7q2@={;^qyUJSYf54=s6`Tm9alHY1#0 zo%$o=TEfpEFtAaU&bOEJx=NVrJ#ATw#dnVKV1HTrqPg{-0fXX&Ifw0DUqwt8+fuy# zR>V-gu5(;GKXtEdA_o4LH9zeoKa3dbAqX57i#g8*{wy9EKYTv z^CXB4?6VR_RDP+0A{}&7sO>Huzze5D3|ei}DacFFdg=BA14Znd9#Pdv-aMlV3!18? zP)zSKF382j9y;Qb8jAYN2eYsoReRA>Bc>ncT9#j}N4wgt zSC4wW9`jItEyr%SQAi!ebJA}Xs;fB*;c!d8_}8$v)@a(xJ{2%Hi*@#&XRh_4%i`hp zbY80sEC=nM21h#mvcpC;%oG3G ziTb4F{Z(wUUf@OhOW7ah)w=kTh{0*B)`BtZ75#n(FZxnV=h#`E)}6~mI$f&QrMo+Y zR~^Z!YI&GWxq-KMKGh%SxLXC^luG@SY zA^3o-njTT-r6&dqUL7_u&0*3QLr+@b5Y)b#j2b20px=L)pqF_~Q#LwwPw6hBEek{zxGVjAo}ia#T*aCGtXgTbW*_Q|&Wbg2}Ef zFs7OE>xeIlX~Pr7DPi0K)8ePBfuQ)TIxRr#2ANI(V!9pxB14Qod_l=3o$RZjO=D$t?t z)R>rg6FT-zE~hUTFzDpb7Rt%9NP@8+b8ip!PB=e)-9?@`5<0lHSlT?Ey@8#YY6?1M*aj zC%FlVvkFJqq9~Wji zP2epoA*R%OD)vl)6_7&|@Sth`K-dD^syK~SJD zEOYDDrxFalXJ_oMX3ReW24!ijV-hf~dAP?=e}wM$VN7$}oe_hipPC;z3pVyq0V;H$ zWO+#K#lt)UV_#%1H|`O5As=H_KFXJU(uR0JKRU-Q@=To>>A)jVYr&ZIT6+f!I?Bwq zb=qqO8wEE44p1jA(Ze;pJgC&r`(Fm8IQUY>i+u3x{Nez1=&%Su(q4%ytk$_IVvylg ztYlbgdQ}B0dQ;L6r0B^b* z^IY~nEnr~iOb@c`e?p3})o`8vMhuk=J9&wT8vR*<$=?3paaE(AOEG%g1vC4N3C7N8 zRkQnGke))$0%4|8{;rC2kULb{lrimf5002FH|B~vM@CHE$Ha7+*?!|O@GG@=6Bv@Lv|5vrWzMxn)z;WbQq(PKY|(Sj|=qsP(e%U zAtDF&5F{?$(`jmoQ!eN|eqgW#Ep=|)=skXZnn|Zk<@6f9WDpqzN|RS}g^#DD-N*70 z$}L-wPXFv8vZ&bEb4Ltbv$LkKy{V5bsBOqLtLDVr*%=3X8<0Q>RfiF)4J&;k3o(EkFj@R zm`-u6&#hwQc=*+dD%-=oSp^1<)mn7w3BL@ykovJbfd0D#3=+or*x@xT`;SX7_^5QJ z%nmat!Psq!%~3~248kv^8=^nopBpgr&ZF|89L67m^gxeodW#D`5<2u=M}F+cnr`vi zfWa%6rf1yT{=LIc84@L+&av})RbL+wF-Rw?5_w)4 z8!+@S7Bw!WQ@`r;5HiDR=p$F?{KiGggvm=yGOo4H@w~9V>^9u`Mwi3JJK4aP>s8#e zSV9NRR_D4iuVR*S4~Y&ck;*18rhd;w1&qmVCGfb4?Om>yF^XA=a*e%HKY?4#cdbdWzYZC%yFMQETy+d}PA8P_6P zL^|lbvevyl|B!&ebCEh4lyR;8n#16-AWDOZ7h~EZ9uFAA@3uR(gNp`nzQJiT+ZT$v zT?j%LM6k+k$R6}jE@ASsfX801`THObtg~)$U`+Fqb0LXN-u}Ylss}F_=^$lg=~#2z zY5{}U(dQu3X^!*ukS^Y3`-?Hvd6Od@d@@muoukSXPLB|Dr<=#l0bUKk3cJe``G7Mb z9kealbX?K~(?bQr;%&5Z>OxD^cD%R5_x)JHX{n2#*IhIGc2$nGPQbZ>&#?&*;^1Oh_x1pZbAdRtaOe3H8Z)1bOIVDr)SqUb{V;V6qz` z4&z-3$dkVV#hCV(H6xwA_KU66Dc=179lQmg=GoDi9_e)J*x6=8z))|C(pA=<_D&l_ z3|cqTdNHs1=dB$EGe~b!bl(F=6^)^gQLei<>?Iwt0Qmn0#1aQ{k;OXhh#AMFq(d;48X z%Q7<}FWkFR>s76WB*_HtWP(h$&n7+kL?DB3P*1anGutT<)8z(#>#=~r$&@t<@D$c7 zd50DzwToli-ts2T3r@Iw?YBI_J5iLN&EDUWC4F+gK!-F#?Ft@O@$}LW(>ME~CS#iG z{7FEG-oE-Yb*kY5PjY#)SB}_XR`Z2jijK?dD}^%8d%7eN?#kh%NPSv}Wm(hZJ8?A) zJ-a%%5X?Bg1*xABSCy=-yt(&~7-ROsl|B3%0)vl|C<|Umr}z494hh57Fz@sxS0RYM_HnZl2f0UneFQx)#(*iaeM9FJLJ9 zuWY-V*K@5AF}T%ej(y^=h{4Om%6KuaYSpVf2D=>DBV!KBZ;nYY1I^S(5&RHzYoI$+ ztvkzH?|NIL1B~*)Se|-Dm>VP=-srpeYlAnMeB+9WZDvvi3#s??r+0sHF9?A)D;HC*CyOPJ4YPwI=5U(yy*u;Y(9W0m9L($dO1}B*8-89yp z_MTTpOkT1O9h-c2#NfJ=vI#uT&6__43>q!9|H*V(fAqdLd{~rqtof-=+c46B@1%Ii z9QKUk8Uimvja|ld(94ky(xr-yV8+Z!Fxg4VnDUAPJciVI>6DXaj~G)4$F*{ zr-UV?i<{ac$hekk2VO`*=_wS}in>($dP+;`u2q@+K1@G8D+7 zQ+)Vspo6v;J4`t`m>&wY&1y~i7@ta~a2%DoPSY#nI{2H&t4rFo8oF7;TMNR#Wm97p-Pp}-3&P}2&oQR{*PD?S7QHI>m=?2YIMHO}Qs^kj;S-2R`>dy*|~-N??p;?iC=WnF&u4pEsAN#>P|+>AmQm6V+sqB6=(M!2ENHIvM& z5Hk9`o^zh@{+#E0|0w$Q>YVdD&w0*z&hxxG1q`0z)aE(c-I_WxuK1ED$&-z@X@SAu zX<1F5>)%)#MHrmsHIAM4;HbGlo=$qNch=*&fI&GyU9atIxM6sq`mfD%dX)|52@`#? zmFM}=9u;0uuQ%()fH@UR^r>DNSMtF?kHIsx>O3c_*^nRdAmCS1kYp$8DjA~|eUiU^ zA9$Hd5XwAfcZL0h$9YwGvb(|@0wZk#ulrqt122TDf)`=(aY4uMkbrF7V_iM#DMtrx z8SgqY%1oI2pSuMNY?Mf;dA&y1f){)j4iR)-BWy?u44O=2DTU=p{rs3>pY%<Fj&kKi`Dkj-~X22jE)#xN+kM|e^qtYG{uVSS2 zr|>ygQQ28#G1mt==%P?lkRzTC7@U0w9pm{K`JKZ+52KHk@z@vG7zsg(x#cJ5usm&T zdBb3Em?y?gywWS*3A}I~q3xaGqJS~|=>o%a-gNc{Dv!qLXzVy6*l&zyWop+E1eJ^A z;MFP^y=ftPrGmjTZrafEd7pSXXqA)hlvRFv+mwjuF?DiHp5mY9csls3v^<6)vszr` zw?&hmajuP6Ky+}%iSVa`4E<=ivZtqe48AZU8+BObA?$Ju9elY$%EOpz4)%1Af#{~? zYOX93ohIh6unnS&iFmP!UBj-4F;TM$V~(5b$i(qi%)_MQ>wXwOZ+ z8usP{mc&6>S=3{QOm@|PKnCYFLgi^GlA(OI!*uk+^xBw}9Ubhz=*w^{@~+PMAb`RX z<3h!F+1I%`&;drs%$T!>Rxo(xK-*p$vSWhGs8i~^(iQm3ficl*oy03`$$d-~Bey%t zv*(Z?558n9EDJB`4O2a)BaVxO`mmM1fs;7H3*BJy41{@&-5}60Fm3GD-RvVL z_Xg*^a1MY&J#BvSR&GrVCVF+4c;)-9;due0x|E{k_Nl4O>)%}}YJTj%;43|f{uDLm z1`VC)IsuQp_Mnr;V5F+q< z8C$_L@nFEHx2qUg=O#MIs5h$^nJ`++YZXj%PGT`HRx#?>lTrVvV$`uGqu#Axy2zx- z^5W!z*FE}ngT=CLDb5 zn3Pxx!qn`Cr@;#t)Tnh0@>|^C5 z4{E()?2P$swLk|hSF8npFkp{96%0N+sf;V{u&>A9q)FGYTT+ifW0WjP(AbL>E+jFH zB$3PIIh^vCr-LIjsq;i9+p@jIpyq{3nL=jLvEZ*C%3I& z^jG?d+kWyGv>?m<#bdv7{R$@ffC0~Q(0SCb^_x@09nM#x=mmcv><`<7wVbU(r5CsJ z1cr31xZ?pUk7-Sa`kjeRdhQbyjQ+}avFhakgB(rRF&cZ`axITR)m@*T$zKHwj-Q1d zl03y2XEV{_U~X0wT@F&Kp>7VnY&UWD%L5D!3ZxlhUO&$X znD`ip_2<@>0Rzh-wkh$-o?hEy@SLR74R(X64KpDR9)XhPkY(QWyb7J@n2qGg-#s8; zkQ9h{=C!!xh=A!7b<(mKd+Icg!OcY3k;`=MJ0@W8?tpLw7Bj4h(JNo~S#yZ7BX^fY zS{hd|WIIR4ti04`;+2dW>oHJ7^_VspcT)wUf0;75@zg3t&LPQ@+;~nEqv~pMqYaI5 zD2kf8Ol6qPc)L#-qi4(G`ThqA^M;OUf07%k<7%Q}b>ozZ%+aknmS;j$9=&3fjK8Bo zM|bbZcw4n0nVZO#$G=jcgVd?f71;TCzlxFRj+NQELE?p8NR7^fM=EsmR-|Nttt=BA z*fNDqao^d24qgrxI!}8isc-Bt*v;zR$1NM5A#S&z;h zV_uXLHj^AB8EnHskKb>aH>4V^r&3CIhS^{S8Gs)9jPPr+o{-|aEx_N$PG z##KzMdyHv=(Cljdvs+Wse1}#Vg;z1vRz*=sK)^3kbDqNu$9P`mFh%Gyuj#w?V2kdE zMlE_Q^TQJ@9cTvPBr$f2c_?5|1`y+-wa8k19x%9YBi5AZ+~dZM&gl57?Y!=f*oqZo zHa1WF4EoXTX4rHb41%o5JE;3pEhkW-s>-@zW!sh$3iPj>Wv7K0)Y;&7q!yzWmpod*UjJ3?m0OzIZs;2>LDi~JvN zdJOiUJh`#Feh(N}R?TkYmpH#n$+;}Aa(*$>%`=^T$vBF5)&FNpJLaWlbB3tc%=#>6 z$AE!-RxzJF>SV?q#2r|T&O5fr!SF(BotS4@uVmS_o(|dtQ{z=U z{H>>hC6%R0p64f5^%!(n%XKGS#iR>72A@`tr9qzO89!MJ_6=Sd(c+f+mp1>xm`qM2 zVgRC3|I+0kgpp-_!elS5>v@^BW|hvtM+Xc}Jq3owp46vRFkRGJlj*r`FVk%Z-PX-? z_R!P{V8k2Oop@!V{`9=?ogKMPc`YV8T{YGx@)v|j&-u5f11l!WY=o)5eRTyBz3{+g zn~t*r2IW;TKWsNTR4`aC)z%I9B+x;vNnm*F&7D4*TOLgugFJnOqk|eqG(W8KD>xf& zJ}TKnlg!f#JRKYW$=savdG)RygXmc;H5Jde{bjBw=r?MMXC?$XsQ+klSWN$*g25*d z72PPFar+d_lJEs$@6a6Py=?4<@Wji-2 z;|ZjPV{PtjH6C>ET#Fjn6wf^2>7djr>CkEw&%YBeap9eLoo%x?@WNur#%HGUob9`-j9UNjCHHAivjpe`ddBF{U{>Iw)azURXU~@K%easYUZwJqF)V zmk}iIisrUjXH*A=m11`>re^zb2%}d?irUQ;Ug(=^oFAf7|G~B%5}j!5G_Gt?4^IdE zFVZWsJaak*40KHBA$#08*9Qz5)kQQ$nDoq(90pc3s`j$3&Urgv@Hrzvhu7jo8yTbc zWA42R-C&ttyvfr+@FQCWEyh-nKnDqtl$kM4TJLT!s7q+_B)9dmyihsCp4Zl*c>v8K$cKEHy| zBmQjc(E)==)W)8T4fBIX9;J=qvA_J+3LRaav*!N@7#!w`J;?TO@;@Dh?4iIAuYB@O zRg8K;D&5783pO)~4v9{>i(df%U}MPn;k~oAvk6c{R6w+O zF7_Da>6n_i&<)-@U59#%IqX*L&)il417D!&d@;8}1%vk)8|@GCn)`>v;IbAnPc6I1 zj&kN6bkF^`&EjwXi>zB#CD^vS>UI;c7tVp)!90OiF#lO zlb(8^mj@3A%gQ@N2`8=LAx#C(`P{E6n5bRJiafQ7k-->momXuDiJ>DsQv;;rgdZw& z^ddmy&t14$-w5?Et%61q@Kynij9R{e@Z-B5Z*nUfKT5 zJsq4Q$+|LOlAbGB40H!)Qes@ZPk(9~F!A+y8hd?-i&jA=t_M?l$L4)J8KqN;gSwYr z4;VB#3UOF9rhODJNEpSkv&i-v^5!jeJnbn{Wmb*(>jpY#LKn-wB&?YKLki#9iuO~ybF~vgVOUr=4Wk|t_M9yZP z6EJvrLTC@iVwW9L!61@QcolEm7BDDfsupw8c>#m3+6Z}gn(rM{!9)#}G==H#zXc2| zxR8gJVxEiTF>YwQ7Vj6Y9aW(dRl;fP_0hIM+X2m_h}VS2C7J6VY~$#d8?G`)U^*wx z@)*37tyimFwUu!2!YjRU2NIq9n@v0&bC+MJJgeA$AGH`XUE*{{cpaLb`a8dSj8QUy zp>btBU7!V@gLq$C)1r@C3&h{%Os`Qlh*v)SVb9CF119JYuXMs$0fU@UV0c{bTwcYf zkwpHftYi;swwZU;VuF&nCL{9)}natUCRp?9O!9tSRA;Zijlb&@v1F$wigy02Sh@D*lt|n z^cfhKA59PQYn*NvPte5e@bS(b0)r!A;ZAui-XGv)hNF}b5@Sa0Q^Dvrq|@oHriI;w zhBz@lyk67)&(lE%h#J|X)8|w%vi4)?JX66masTioS0^y?=qHTHOS@O-;1*)zz93%7 z>tPPfbz0#oS)Tl{3Z3YID$<{P=~n@Ry0W^aOWi(&%($bd$&=5R8|dKnyjW9`C!g^` z1rueSJg)7URWZ`1u>IMo2pH6Z#n?$#)16&S0w+XB(ZpURURmMyATm$*6=j~YqLt%i zFw$-io#I31n_zcgfwZv~A0FW8;B8WsPFnlSV^ATHcAm%H$=PR|Mj@;d1Rne7GdwTT`7B}*Ueh*R0tOImerg|e za~Sv(Sm?&J;BhUO88GoZPsV)g$8J_a4YBjzhj=>e(abJ%p6Fz)ZTw>%n!zVE#Qd=S ztb4Pk1GAymU)O!Af{9*?wsbzPU~tX8aqNs~U8`W4s4KU&nXr)=4or#Jx1C z?_%s^$BIub@ECK}E#{EN^~r|;gC|)8hV-X)G3O3uTzEB7#(sn;KKUZh!7+eXQ^qXX zrGi1itmta7h|fHU7Y+vn9g;ci)56igsPxNoX`f#zm@fJm(ISp%!OJ`pB4ZnpIsNoL zPX~wmQXX281xmYYg${vv7eC#75U*r2 zJ_sN>h>vB%4jH@Y3fw*^J|7rqe`M*k%)}bku#3Z1zCFz~`zqb4@oc zb2BXJdSYAmtn&rt>o596tNOGBmY3=5#j$YXzMwfQR)4XAiTVY2?{wpM6%}mIiMo~8 zZuIyh(1|O9#4GK+c?A>Q%HcJg+0$e2>W18>#H&8@gkB09;1 z7X~`$v=Q+S$67tOhDLPI$*;vxd5;|f9dy!aYnrybw1SB`tavTj{SYwmMLnLw_8gCq zJkTFap0xe86*>sFly%R0b1q}(nCwB5Iq&WK1u&RHF+U_vZOLw)7w&$kbZScutzy*q zsVxcPLbR@ya%)TeUZI22BxPL1qVWNPI9y=ZcYnB*!@$RNmAxCJ8?{$lOoCGzoIeXX zgvoF4`@-~G$m%>{iqD?&yiCbKqf-n$(_>H+mhzCy$r;aDjOn0`{IZRIxQ1pv7m62R zr2is$viJDZ!C=sVFKfAkNoFtcybx+e9 z4r*j_LJwKyE2cR*IK61%rsv{8Rg8@Nh)%KC#T%%jpjSfm-K%rHjB%M)^rX#XI$yXo z#mQg%Xr{%?u<`(dQ%`N(>ks|KW6-gq<~w-n_FxMUb9S^6S6`KKd19XL~2J|y+&;g=n^qwv{>MsY~w zbkggVjCo2WIzMEq`rS<)gOdPR5hgnM7#AVo+z$01s#&7_;RF|86PH-mX3HOi#Bl>ELU`Qm+AcAJS9$m@XC%@Ql7(6 zE^`0|4>gLh6R)hB%XV{@13oaVBfuI;;^sHLvgX~X>3 zaXUku=i)S%U4Ra9Ms4iHX)fCV1{OibxF{SLRBm*6Tm{5n^lE1DW8KP(6Cyn8E6f<{ z^A}bg6R9GR6TBGn^uL%6FnAnC?k~dRUAOlbg zLsiwby#fZwyO4+0B3n8sVB!Zud0cI|aEg*U6_Lc)sZFHKKRp>Z9l6^{HIhx!3MRVw zM4fd>_atDN$n(-Et9y)jqe-X+4J(~utusV6515ObiFenR0fVSl#>G7JWrIC0bV|tD z57RmAG>^d~%N&JO^$hEokj23IN(;_(KD)-!0S3IpauJ>E_5CWC=s|wM)DK$QWANDn zb?c-{*9(}=c&kA1OvUf*Jq8t8HGeIBf7)SST9n7;V4*hI*h7$?NoT=B|NUr>!Eu5- zmLN>}W?*I73RRK6x2YFY5NarQJE>v)mp?o&(|#}L(5Gt-dB#KVs+6i3$(~MAP1QX* zspMh(>4pwWXZ;j1pJ+2&oT!_oC!x)(JxkZO@&FS*2So`6P!){7-D)vzcbUpz)U8CAV%aN} z7b=J7GuC!{vf;ph>C{C{7xUa!^RPovsgt_ODu1fm$)*YyJ(I?mgU)xnOvbIoy!C^e z6U2QJWaV1AnD&1((82wBO`p^LZ&fjJ3)1|g{g+oT%4Ih5uK#?S!Xdhbzg1;U=JySB zuuau8c=?eQW0JTi&Z51XWVSMf?mXqj0PpvY-VSt7AQ4`NbtBoog27{Rjh2__)a{os zQH?O(La*w)WOF8iK_x-x56iq{mgi-j>x&#W<}jP*f;!}Rs7?zE$(-DAfTx3tg=!#? zJneMD?7&DK*7?&XdOCRPT6#FPKc8m~17C>{pmBb94zqha2H(I_y>eN!@fdS}uZ^qN zw0XcZ)dc$FNgiYDk4C2~oZCT{1a6^ed1rC2tui6^fd7{m+Jj~3JU2=f_ym_0)TLkk zY~?XsbJ2+~@8#{k2pHr{nmsH_o1Z}*-11cCu(;I)ex~(TKW(Yq*2VEM!K%~^UauA0 z{z7<-H$a3@k=i86wfR(!U-RFz9{}`<>_KI9tJn zJm|xg`83&ta>X!q^e;*sBRa*a>w8|P0H{e^@$3%)6L;|uue|Rm6-*PKUc1QF8z8g! zs-rqTzdQZGsWMEIu;I*Wb|=frbo#*&Hm(I>ioKmb1qPiG!nTkemd%`fM)w^wT3~2? zlErRZIJ1H4QDt6ywwDJOY3GSf-h8uwLE@nC%4=ITV1#X<{hl|swK1H!n>X3S{1C6S z<$)DCdKXRF(q$KhPITv;=#(qEFdP-XxIE3ghAeTs5QIndA+~iZz2Py4j%D0Jbc$J@ zcnqFQQ0F;YsV8G#;&Dc++UKOtIUa)-^kl7t$F=h0fWfC{h3#c|KC|Uu@WN|H@jgYi zv){#@j5*j5OG;{(+-bvbkb#+(*$$iVi)}5zU=TfP+dbdhmXHY3Syr%FHIB-HJor+T zkcXFI6bZ~$s)R|;1SDE7JU}MP8kGIaM*0g{Q46l@#>8!e4po7FyOfzrOlWbkb zT=+*}M}$bU6nVGDEggi0m_==V>X%v%zM3}Ye{d@xmI76PC}6YGV~wG~n0i&?s`IdFhj?BHRn>&CT=U9+fjnYK zNi}N!ea&KERPbK7ND5eCNjKp`dMdT=wLC#&LK>) zt4+QPCO*$&d46-o&|soZEi>j%XMGGNx^&8z-_H*+BY+h1LzwjO_dNz~N41z)Pa7CR zX7l|>F)p$`*|s(jHW&ncVxAeZ{da*E#w9Rpq1N*9!2L%L#PJ+nYXc-a6pD6SDKlTQ zw)qDjCL9q<%4DW&>cl}(6}^kYnBzaIV7kd%kTA73yow?7LOWceIuoXNd{<8gX|UWn zj5*fEHINzo)2ccbPq`&UcLN$<#MWUt^PN#O82nP?DO0}HWNvPtuq>C0jr^L<=@?9O zm_V3he;Y#?I;iw&jv#+>2Rn9POzEOg9#X@yg>!Ax!atbMC;Pz$ny^dA*D(3JPX$a9Z_Spg+uRG|Lcf8oKfkxC(82Y(#&OYFlr0Ab3~n`PDxZzJp@Pv5 zNs`f{E12kWjWqV`6K66ZbA0jA&hrdM2U{n4b%JD09ZKv9>*T2QSp!<$94k`KHb@0nk|U@$DXPkHREoJ}y_ACEreNtk?+3&wzfYG`_xj9%T#gZCt449@bb;M_%Ld}T5E zG8ALhIoQ%Moj9Fk9{|goJ9l9^ar6%BGO;yU-04O?v+BNzuP^hw;NqpL?)6IqODsnMvX+vHJv-fy?EnN8+lQC%tn5i%{G;+Se({(`su+2lx~p3 zDc5su2W2RvxWXjx^t{~1(=lzmV(aiybQ>2iI8G24qLXdp+&evxFV&FcS%09XV;*(U z=#*=@aWeF6sCLbz_0xlIp`LDQj{S0!h-{0x~_6PNU| z`HKP_9Eyr@kt?Xb?xJwe!BTd=N`jExgSvNNL%43iPs~3sO z4UY^MBt;sXq|5gKgIrLA8@$~&Tu{MumM)iMF5a+ZCiFJoOH9)35GEbsB7Sr@AQBaG z$e8_|+u<$oZ>oyfU)**8ANV$5Cs=md@Eq=(<{F}MpLb9bUsEPO0r;?owwWWP91 ziPHqUA}iz}Udbaa@-rt6(LFU<_WBOaQv!n|MW`6@N+vkd3k=FJLVZ}pwsBFfIh8<3 zz0rd6*jILS0$>n@3sog~vfo@ZW-v{>B)_AJ)Pcb_I5l2n8|MlT%OeriRIFUrCClb? zBf5LYYjM*5{92%-CD)6$&g(8~GIUU;Y#cjblA)_s=tSQvr1{C~u99i!ApdHlL-Sk= z@fg^r$X)QKsK2%qTDtGA_k`!~t>EOLrXJyOY3%887im$evTj!Y<}xdj4@LK1Xk5h; zH+o+97OXU5G_LY*pD+e}FUT0>ol4fjKgI+M?nVijX`a)GuU9dW7h_(u?i9Sti}XS_ zNS^vW))knZAA|rRyRb5!?0LZ=$gGmaUT)eyVB+ErulvjQIt(HSu8!94E_V z+uH&Lm2gd-a&sH4f|oe}5oVrvB{y38Oqgg~By%$Uc+U&%f^xlh4!`Anfm3dCZ&zk1 zgsDHd645ajilDW%nDT1C#3vvu&!1;_3{H_`p^5c*JI*c)FPyDPpThI}SFYm{2HncS zJ`=C((z%Y82@}-y$}VL)208|#&QE#=`!B}e_r|dkuk_Q)122S!nyzNUc`b;Ju~Ln6 zXk6*1tYeIUE-IMpgS`ST=!V#*L?`=TzbZ!UkjXwctcp?BJ^SE@3PwL}$v&uz3z?@n zu8|i7I&mjEkNwKusu)$CQ07&uF1ev;Qet72q`M7)Y!IIN?2hW*j@aZWo zJU`8L@^p|e$~b{A<(3C{3_97=P`%uetDt_h2)FleOsV>6n_H7#HzM2ES)9=4?LtvIgtVpj`t7ea4YKBmLTq zi@iA0GKDzVWJKbW9nK15(1az-JTGa7Z9E1|j&T|XR_pMYgJFeE66pzecK*FtAcL3N zgckBFci?D@=pf+Nw5N8Z+sWVsX(BohXOCS1t4`6e1RZ9!<`M~ULODj*c#=3h)%h;d z`5Sdo*va|av%)JP>I5c>u5}nVTm7wwWYKjMjBYQJMNS71jKMaGc!YIlA1-ZRTnHd> z;-c)oWFIbjF{Xqe})L1@y;FT&yjeW{aL1uVKb>|e#FR^q`ScU!wpTpz&=1q@5p;wI~vTtTr zF}e+#acRIHA=2h2v0v6QoztlPNZ-Z!GvkU19la4C9r;iN(?o7M(&Zn9S7hjz*PMBQ zPTW<;m@m1aPBPMuZ9wxvh%$jgFIOJWaeexAT+$_J44F8D7*CVbPyv* zBTsaS9bIf_`kA9k&4kIn{Ls=tIXFJ#XF5Cl>@lVdN!SE(DCwk|1ExcFnWHe~1J0*W z(ZX48^qwEfbJ&TFj)@~=e$Vnu=vBc)c7q*U_x2ux@KNqlvf;`1-*}9Ux6ku7tnh*kDY}}Tw6(|Jn}#}_leP~S_zTT$WkQ%+qO)u?ySF zvHaF9zc)2MbRtQ45ZP>eo+pDN;}`-~#jj3eG}^-Lh!l=l)t6a1z@QsWbGce3-#I^pewMv)1VpXx$YbQs~FKvToAWfvz8ra5}HjAc&TlA4ED^aK3- z{<{O6Cd!ocKF&3v-w7QBnu?WM{mawAQmATJZhK_Fpfs<};kNHE1`^|}MK8mxX3Ho> z!H_PBIi#&zc9`nv;ABue#4gUXCKFXAB*8kJ?QALtUftt^cQ(%#Omw_}YN9b=``lxY zb*d${a{Fl(W6HSDvqs(EakY5TVX$?gOHHIdY3*Q(LD+&UPi!5cQ!HHIFbI32OAc%f z?^#~KL?J(8?o9&*w=OlaQ7nABfYGa5~LjpHJDlC5nDVm@q#r;apC+WLG?2bp=?aADj<>ocktb-mKoZZDf_ z8PP=%k|)2_tvfJ4X|^}Nbxh!8P|CQX4|=t6x}m0Mz0wuZytAUC>X&hnI# zJ;rFFCQrGx&3CA&8P!u|y^1^SF@R}CMyxJ$jQ7QH+gM)4HzAR0q(e3{wI7DUm(q;? zQukm!=#M}LeooV$yzT83OjA1M#syxefQTG~*L~N=JRR71S%RfGEStGKXxd-Uo1l!V z+|`z8O=}CrV})iI$7>#-5%RKGdM* zR`sqnmoaqWPw6nP9eaB^C=RNn)3V#47K1zn?p@nEWw)IwnCLDItwlEb8jpbumtCp6 zUa8HkaAOd8x7=TZskgk-(`oASto6^`UPktXy)1NT56b2j$`9ehPd#sD-w>92=-I>5-7gfPW1eoak}wX{Es>GWWrgZ0wa z;yRBp2M?MZ%m1)*Xg;5S`>Ds$lfkCOyi=y*Ozz&HjRyrE`U&gVl<<$4Q>DKEz|t#wSaIv|dU7e*_E^ zNQ~X`vif6A{t!M38%2%$|6&u4ZyK61fIKzk4#qp)BUXgLsi#mwVwIkJiO1kwR~bt1 zu=e7Tm7&wUiSKKcd(8@TPyrDlvx(a4*$O7Ayj#qF0tSuYVq1_r#bdmcArG8jWS)6j zWE{@pwvs8G%90GxssGAlNW!2LC)^;-Ptl%38;jA?rvGCXN0``klRW94XW4O?E2U9r zOqlX7oGu$W=EL(s9+EkIpUtzu;Bux~8cd&G(eZ+LM!BFd1Ymg%VDkeys4MI8qzCYJ zw-~iNmQDNF^D;G9u?2}&Htn}6Muw1#na=42@xrnT{jnH7cG%tMOWlOY-{*AD&{4jS zY%!~Pd9an`z93BfYz`p}9o+Ji7}AaUihFxHsK81L%RIHS$KVQszFw=cse}86uA=o> zTd!50vvdd}_bKrz_nG7|2v=1)Ma}JZxFw8CvkB#1ivk@JA~woHdYJ#v++%Q^M0Lx> z(%}vRJ#3;JzTej#gS!WM*s|Z<9)pK2Wf;z5-~UpJF=f%{x;n{R9&o+KnA`kfTudir z_k~khqt0>;na+WGIy&ZI1({y(J{>aKVoX^yO5a&G#yVc+vJvhUG|n^2bCBDoIEgdu z$Qov64*kp_5mE;kk`SHROHX-u(6cMU1d_R!#797e4uVzbQ^@UX@qs5}ys~DVvl}J^ z4BklmrZAIe;3Gq|4v+7#vl~=!fYn_wxhw!6VGda@Fr173iS4s*ODvIly9&4I(fWQ3B7; zLCXUM@8gM#k>;m%HD?!CE6iXM+x@WA(=pd7wKXjdJKtdtl0=8X#H&2)!U`sO+r(mS z@EAPHp>FqLtxXt%V9Z=;*T!BO+p2bgvp=nkyFO@ly4)ATO+~Gr0x&1%&?4dez^!(eg4F{Q;e1+!_^(-WXOMX!pC} zg%(du$I7E@=w~o^)mN-LkNv2(951sNYPg!+VMA;rXV~sClwdvlzx6yFkkR)}AFf;= z*hdv9+80(Hx2C}0gjLAQybeFo@-olW=vBz<2dAsRm;z#>4W~3EJ9~tu1DWMMB~0Gs zzzQZhZDPzhZoSNzUi5KMPKj3dXP|??R|^xeeq#d$jVnTC9(!MBTg;QI(VbG7!}Q=C zEFIHa7o|Ici-TuCu>kjlxuO!DL{w)S+8bIVI+ zG(W|Cn+6Q34q|@TCiMHEg3&+HRrYiH)VzEXUC?A5>-T-2(?pYg{@yJPW2$4)w$NG> zBZgHl*kp}5#=P2{T){-)Dq)IIHkC0}3}!>@WyXy7DbT@1D-l96uf9D42BER4KmDCP zBeja>ndsz$Z2ARxa4k*^jkDQrdS1BOBW)(n&-+{@F;#9;5f(8Ct!XjP*?C}^xTsgI z^_Ay^1Wmr2#Pf4*FN;BH6~7}#m~`mifWbv!EhZ_C+bv+4c(=Yh&e<{W!qKQ$FB*Hg z_cxvnB5ZxVdY=<8cz#=xCmZ`(1rzyG9@py5=OP_Mf4$H{k|%%4rk>_$6MTqCtOd(_ zd)Qz{TP!D2oM82AFAV>E}!3eH9$qQ#{NmCoUZ z2RiZ7?5u~EP4O60))Vm$=}+?C`zx3zmf$rVz^8f`yQ$>LlXV(beffVK9b+?PY|Lvq z;AxM6XO?5<`5ADY#h_S#V_{)4NuGRoUynf(zKkV!4!1nkV-SVQb*DQnJGc-DiCjkn z^vbf=e;n<}n2%YBEl8~DPyOLA*cNbejdW;O$trJDFj3`#mZJW!tyr1LA(|@1(0L0E zdnC|-ONms&TsGR@Lrh>NtRa!fnsGZauJ*zgL`61U^-~Y!Op?yMWf6#uHw-L0tQu4fuS#$Y+ffo{UG0nWY zzOhMxp#xnNyNi}I{WFXUkFu&Q1$nO(JTJW8B?C4d`^%?z3?BWF$qtYGj1wC$(Hvs8 zZ+dxv;G{tFU3uRZ0tQAyOf!j-Uu2CB@&RLggvJx5+~QqF2eB$5fX3zGoxFv$@t|W~ z%Mx@f#@5dW6TKG7n1M4quTJ;?r=Y{rbEb`<;3x2~n>3g#^Ork}c1g?8%sNgU}upxsRV7bE+lFlstt;wsv&j+Pmny`n>8fAS8_; z)9GVRPEGS2l4Y?2d77K?!7|#)3`U;puxj*K5O~3|h$*zZY&dJ^#HDA8vEdqFaC^Q{ zoh@cb;DxfFum~3Oo5vtvQBUjAzE^t;+RtS8$m2TJ(LrNJ+$=!rRl8snO9!bAN~_u& zmgoLGVDN2dZQbj`Z1{*sAMI5#z2|Wqxw)rfN~>A`P@cPYz?i_VaSmC>iVFhB2V$Z zAdfi)(9CLi?wkr8d`D2BQy%%3fQi4pLGmPfIIoOGCEPa_^F#BTEn6$l>5Q+=D!kI? zY-!#!`r(s~Vl9YHI_3&T$814q>PT0!#kYG5!VR^_DEoSg3P%5IU;du+?#RuMDvQ0$ z`{KMFo=(TOk(PDrOj}05xJ=PTjEm+lf5WDf27~t^1TVs*6Z&{w<{1o;2Giroo4P;? zcTVugp4b+=6j$166&?#kw~o3L#nbkr$zV`e6|7j~&H7n!PzQ%u)p!*@%nX?@8(AVOk9|8s^m684+5N*>XKw|4m!^-!znX>7h!KbVQ86NsL z=Lvv;ZU~Wi3NLcI)ZDn$Z(5g^^s@4p>o)irkv8;8+;X8@gLqcMWXqoMbf6s46Ht2A zcBKF@I^W2OHRDGYM1fVjyV&@QJS5ODotcevc(pDW8!(-sE74RmlMp<=QvE12j4Cy#yo zb^#M-(`>-c|6jm#)(t{=sq=v-)0sDhm2oB0ylNoNLobek$qv8N@j?n0m2i3Ni_Q-i zJZmddp2n5_#liGs{xy?7`8>kLl^6$z@(Z_rNPu)7l zx>z0>O*1aH$tCI8hgC%K9^6BP+APM3-#{lMHb2HID9)qX{dA3U%}`_uk@-Ps~DLRu>M@_oFHnmFss^Hq*r&W(1|Xl@;nc7g+oIJnM~ul zGq1m1Q=x-iQWX={0(7MQSUNXX=tONBjA^x66(j8!V>WvvV9*XH){8N1@2+5??+6p7 z=yi4lqaR5Wz0R#*5N2v)@9|g#6TSb+^7QzV;0UdvA?$Ub<9alHRwqTR6sy%t;`!DKJBp+3_ z4nB0QEot)6m>^CQcTSVVQ!AM0)SZTvEOse3WbO>VqfB$M_=zeVwaipr=BF7UZ*;Ga zTtV6{cXZIsgiy4R7tK$7y5H`wsW6%fCjF@Jbj(Yzx1e|9HMdh`)>i;~(JYb<> zF8REILFHK)S9#gX0fYLQ79SOJHmP8c!!^?34fwO0XSCtsE7U@Ncujw$0tt;B5u2Q6 z!Xz_x_q@;&rPfT-S^o%_xIRnU>*%j5km#N$C5!7(UTUPlugL6@H0kGFVql`PGamWv zJ33ZSj3~M$O!n@GfI)+wSaqJAqsS|fJg^5c!sOYx`DRZCZ85Th!kRI9V~a8074IUG zV8Ya|q3XUFH}dW1gO5ySU$+v##NW`NaV1+*g_7yOX^WlAbWSJFZZT1rg)sS{J9(MW zI3%MH=5-}iiVO)5Is>%I*{#5eCVk96D`^ zz3C{AAm$+!5!3L{TV3YG!PnbmK1rDJBN^B6yLxFy^UZp5%=jHOb88M-+x zmRd-d;@g_%g%dUz7xGfPdQ-sQUcJ~AL?`Wfy2YSQ-jvMaDFuc+z~JJPP%$3+iBygt z3~F%F{j)rWP@Kvb9J7ddCVA=??&jseA%a{lUeoa}dW`AH6XRmcjak6NPwbOCwGTH6 z7?eH)9g?SZ?SBF${<;#;Ne1p+#mHj~#yq+pV2}@pu@k18(B5IN649qHXk57ueY)V} zHR|rObiT55%u1k$(x_v0e&|#lYhg+#(a|Df&ZANTV{oh?LJj8C?|91#yDNS)nK7f> zS^$GnA3=w#*m3IwGFWy|@#3v>C1uhi4ve$zmnPof=^)ZjEmS%2$$;tDMb^N1=o6<0 z3>npvIz9p^#Vfv~Cgu!#RR9h9pipX)u#vjNDx` zgPYimV<522LK>RE`ju1yhjB8P=&BcCiru&Ntk6OsH#?7N<%a?WilHf3@^jr|OpRBI zFVmY&2^c((ArymnWxGuX7(9L9L%68kaf{Cs>5uNNis)3vNLGBS< z$KX}J^%X}47#vY*o9osA0fV*Bv?pKL<^zUT+!jmAo^SlNr-KAo&NIoA&b}pJaBEXI z6qfn6-W~&8R&$v8Eki8^H6iG#SW}`?EL&c|M0GsYpFWENCf zzlUbv(wL&p*~qzp4y>V&ndwaKafRPz%=O(o#(WM+H3@gz z$H+&24vJkhVwDY)UA1TgMGvxECx<3y=NpZl2Anlz8P)Q^Ws^uww@% zKGGqXvw>FyOcQTBmbc#PF-k&7<4S+Jr-DJ@RgtIM&zS_2N6?`pFqERKLucujW&_b{ z4ds1j23F|B5Y~{Ur#SOnk1^FXf#Dr^hfN8<3pGQT;8Kv#$&cKKB)buK2G{u5u>wZF zGoG!vWd##uRlK72cD5Mv*;4Xj@zNh zcrzF=otQ%2I1jGuc$wyGY3F!)&a}BS296sGatc|+9(1aT$wBle{0Z@@@A8f3h2AxF zn#+^AT8!zt>L$xIEb~5N0tT*BEIX^u#Gfh{{WEjP+baeP+_tdsyuHTk8Zc2pfT_!`;eKJWwpeMgPMJOssZDCESeRC@O+1Y&KlHRf2hDB5lk(#t*KO)Ca7$8scn-gC*)6){Q0CN3 zSb5#wDs-Z5GNO~6d{DsP7+tI>uf>krRxlAAnxEv|(E)?3RL~(_NjH0{2;Jz8*6YYE zVOt!rdLV;_b1^ImQ#Wu46?*OPG=xT_-4>1tvWlpF$%C3P#A6UX$ryq#>B%ldHiz-i zJLEK|a%Y!QnCGnUIA-IfVCC7_FBUNRRn}t0>s}t*mQoM#%Ez{{7;~5kEo|h)@;qjX zia0DZA(rrw7IUDdW6C*V1M*_^bcu(l0V|7Ta<>cJ{1{C19zKn|Hv1oe7s|xKCs|&D zE0`w2-N&4QfftVK)s6g^Gc2ejqxDZ6*9X+20D=IfWaxCqQqJ6n*#r!V!}Wr`_%eba(<+u1q2CyC;Tw3|>oDTQABd#sv(n0BQTBeBySGK}ktE zEaH_ta(}=erqpE49`VYDf$Mof_Q*?~4qU8s5X7tgg3CAHs9}?Z4J51G!NnH_(!>+p zPrMaaA(c|i+Y|QK$&|N{tZQ4dxTSfZgUd|9+*>gtZ5^Lc%@g3^mK5jBtv1sl(S}4 zFnFL-p;JCOEnv*G$^BQL>5C(&St>DGc!%VAUz#yxW28yGH z-|S9C_klT5(>zu>-RlM_>^T2yl$qyex^2`09e`vr7Ga9%e(b>L&lD8XA9V9$FtSWY zbn1it=P|e#FXxBHeq9+b+Nn2;b88#Sn8u6v$uTA~?odw#A(5VCK5C6B@<;PHg;-Kv zu1BoXHyE4~YKAT!V1puq!SkHjQse`6xAG81st@t1J$R$Xm~#W6&XoIYbz}t+wU4ta zt-TpANHYZ)9#-w`3P!JaCo>mTFi|~(=p<`jTERs9DP8IBb3XZkfI(g-c=1}a9^^2v2$Az5Oug&N0fRV9%rp7Y z^($mxoP{`Se4bt4$sprU#mUy$(PL0-l&pAqo^?xs_rx*FVwxGV_vMz3`3#=^Igsq_ z|9A|ZUQjFJWw%!X1|0~37f)gDpF9S2Xj%0pdFs8o1q>X4P#?BFnX?GyZSqKFqEpPa z)gU-z^F43PQKsuT0}f2*=(!q_IsLG&mj?-lY#}2|Idq1@P&g~pkmSjGxL^a#g-wLB zvg8!#*;9TDM+bo(+4e-LQF+hP^Ur*o(u5%^uM2=u>-awUzl#hb>Py<=BCJ zk3PBop#EE)Ft|s@Zr!))drF&*{dUKXccve=>CkTf{)2{`aLx(%zkcSoo%;_Oe8RCO z^ga5V69%5rA3x||ez@PB?b>fK@C^LhUZ)H;KlQM|0|%Ku_v=3Zzwdv->4W>9e6;y{ zL;mOi{kIqx@!R>-9k=LfetN+6eI2vG{rBrX1fmWG(>+0CSbcfBRf-kc4&QC~&#Tny zd0tB|tk-LM-gv~!EoPqD{pGWEpLt4`1tZs3u)OQn8$8`__L4#GY~5kh9)G@n{;^m5 zcJ4aIf8VUxq_qxtci8L8Z`%IC*VgOs=Ay&zefH<}XDxWL{`n_MUmJSIMy=MnaQ_YV zop8hED=+AC0c3I{NXQHojukA6H&Ibcf$Bnzw9?jW+2v@{NCddG7jC@0>R2odZ7Y zeC`=1PJVLPod4c@{tByZeA+Kxue5ZJlm3|TueILm_iS?V?3aeFwdr-=E*vpn{tcgY zzIJx&$FJD#_E-L#HSLNOrayE0r}a;^*mt{I7W}!a`TDnZKl|tlmVa`_VV!1A+O^~0 IQ8!)i|2=L{WdHyG diff --git a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/ECCCA.cer b/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/ECCCA.cer deleted file mode 100644 index a75af24207a7470db720bbbc2e08c792e3d8b4e1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 386 zcmXqLVyrW0VpLne%*4pV#K>sC$;PhL=5fxJh0(ykkQ>Nl4rO5zW(o~96foceakzxp zgHlrzJQ7O``3-nMBFw^UuFlR1&W;8O;=BfC21W+PMn;B)rsh!+{6+?*W(KBk0W!>t zG!TY5iHVVo1MD_tMs{W=1{T%(fAqyyyj?5pxohRpdEMeFma6~nI?3-_T{+YLM6O1* z0GnLsS0UYLvem3J%WfUNvb|oSQ$2sF0%uOqk7KN71s59_=otvIaVE5RFt+`0Vq|1t zVP;}rH{bz!N>-SK)qt6i@xK8#h{q3-VroGO9cFh10~aO*15WAuhnr^hUToR;X!a7; z4JVCdKQ(oQ^E`aA?8Ig+PhBPjx7J0n2l*FGY5mIiJviz{qt@*D7iM3{xyT%Da2oE;71#CZ+O42%qnjf@PRIUofJvj>BLE0ZF_gwUpzBEfb}R?SxL{}v{NSd)S~srwGMS-s Oxyn>nnwoCA?*jmGacxxq diff --git a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/ECCp224.cer b/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/ECCp224.cer deleted file mode 100644 index 4d47ce45b9c18c1dd87cf3356545bd99065e61a3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 388 zcmXqLVr(#IVpLne%*4pV#LCcEo4M71lZ{=g&EuRc3!{O7AvciA9LmBb%oG}IC}6+` z;&2JG2c@PccqEn>@*D7iM3{xyT%Da2oE;71#CZ+O42%qnjf@N}jZCA!TvIsLAcT;K zf(HB`6S;*sKqeL#8JQR=7|1~^5zopmN=eMqD^5#Ftkf$?P02_s(M!(HHSjYKfI6Cq zk&RWmk%d8#*@}T>qvQPKS--U+h;{?3YN zU#fCXo^kHE`=ygbLRe(xGrK4(7Bvty5M<*_X!Brf`{BgM$il+R#O8n$GR&R~25wA> z46n{i-~9QL^2gN^d`pNl4rO5zW(o~96foce zakzxpgHlrzJQ7O``3-nMBFw^UuFlR1&W;9h;=BfC21W+PMn*;khL%xat|^>r5JJdA zK?8n}iQK{*AQKCWOw9}x4CEk|h-c*&r6lI*6{jU7R_Ya{req|R=q2ap8blfhLmkb; z$i@M7Ju@Ravl9agQ`}K|-Ob@b|8Ci8JygHCYi8I6S$Es8*R|`4_SC+zKOKFee{s?V zo~t6Eu%_R$)+sla eIj5UDWzMhJ9IO{)eOG>9Z=SkuJKwy0$4UV{A#g+h diff --git a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/ECCp384.cer b/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/ECCp384.cer deleted file mode 100644 index 3049d0a88114cf612fd0521989561ead39968ba6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 427 zcmXqLVq9*}#OSwxnTe5!iIt(THY?qLlZ{=g&EuRc3!{O7AvciA9LmBb%oG}IC}6+` z;&2JG2c@PccqEn>@*D7iM3{xyT%Da2oE;71#CZ+O42%qnjf{*8Of93pTvIsLAcT;K zf(HB`6S;*sKqeL#TbLLs7|1~^5zopmN=eMqD^5#Ftkf$?P02_s(M!(HH7GL>fI6Cq zk&RWmk%d8tIf;SAIfy$%Lwzgj8^&tmul;tJ-+xW+b~_|!q|v z+wJ{$cjc2qEA+0+m>7RUQCrqxOYV=CtTAp<+8!(W_a49bwDgKp^~7GYcORDRsJZuU z_q;Dn$!nJ%mR>AsAZ#GW#+lIO!Pxf0iII_og_()X0VxETJs1pJnG_l394HeN-{G>; zgQ;W#lgU0`w&$$OIv2jZc8zskQaSfs8j}JOYs=L;^ShS5=8WLm%2XKp{l43}EYS^T NYCd>}{Z^Rj2mq-JgSr3! diff --git a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/ECCp521.cer b/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/ECCp521.cer deleted file mode 100644 index 77e2e52ab759ac13e4326fea7a34444967628cfc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 465 zcmXqLVmxcm#8|q3nTe5!iIt(THfy^9CmXv~o5wj@7DfXDLvA3KIh2J>m?<>aP{4o> z#NiTV4@yl@@JK8%; zg$x8hCUOgNf=nzh1(~8?AP2EUJS)E_B{5I0I4vo$Qm-gAB_pv!FF8Ngpm8=(8^qa6 zjBKphjVuhx%#CdfER2O)BwjWr)G7DhcUUyF%znad%T<{!((y}Xc)fWmcyOIaOMKzB z^(9RCsfL{T)26Y#S>93TwI`v>^ZT;Us4vg*|14lEXq)`#__r-H%2!QX{c1yjUE`6R z?&&+u^m-)CvwnQQq4w*RO!>vHSu&<_IUQK@^1R-gWe$#61`3_wK5vc|2F#ahUo2`M zY#_+Snb79J*!IJTk&%UknTgE-DWI9%84O&Q6mmWIGjHwi2z36+bYse||0k8-|G&2C z$b{Pumb}_>KIH9RCWX)~2X&Hy>I&R`rN7^DWy*WaJB4ns9*I-5^HwCu{uGu60JLSC AnE(I) diff --git a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P256_Specified_SHA1.cer b/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P256_Specified_SHA1.cer deleted file mode 100755 index 83e2f29e4d06ecd7f9a397ab55ea55b5831a6310..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 574 zcmXqLVzM%5V!XD1nTe5!N#M!dMU_f!>*snE-rAF4P>^gO!p5%E=5fxJh1r0Uja8eE znMsP3!9dnf+CY+xIh2K2PKY6h!5;`i7~&ZM7>pQ98O#ji#CZ)24NQO-45Gw&4Gj#9 zjA2{@OG9%5Q;2pw23LkWh7^QmAS;-mfFYG3nIV%Q4Tw|0vcU`<42}$j29XBBP!};V zvT=Z&#>~jh?8Ly5b2jGq*+-SeSIrHsr_OrqDiD62EpW;2Q%p%anyhyHmV&My0#WHRX5OIFn%{!^>O?LnYj$E= r_p6gk3ew@TYuO7+-sml>|7Thy~B diff --git a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P256_Specified_SHA256.cer b/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P256_Specified_SHA256.cer deleted file mode 100755 index a2c474e8210a8965b22b90ed81c0a6306aa3c693..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 589 zcmXqLV)8U-VtlZGnTe5!Nnnzcd12)0yv-hS4%(eo&|Y95!N#uD=5fxJh1r0YjWeOm zgE5tvg^7`s!9dnf+CY+xIh2K2PKY6h!5;`i7~&ZM7>pQ98O#ji#CZ)24NQO-45Gw& z4Gj#9jA2{@TSIFDONe$O23LkWh7^QmAS;-mfFYG3nIV%Q4Tw|0vcU`<431FaBMpS1 zE@NV3;{ZF6nUS5@iGd~OY|Qbqk1CC?nj2hCo%PyPApAUA;F8~`n38rjNBr8ng|XFl zUw^Cf0{Mv!{qsJYUG_K0ZsvP`iFx*1d_sJ2QPPVWFB>#oFlao>#;?uB$imoUF5GlK zy=`$YBTM5>gT`$vLe8m0C7EfN$%!SY!HKyAIjIaRQm%O^@c~ArX7RxVsmVae)Rg#O z4@aN?0}~?%v52@bI5W5a{pE<{PnHZ<=U^iR1_lO7U9G=T*ke_2jl4qp$@NnLO7E=F ze#5b~LQU w60dkwD!(}ZmF(Hvdp~B{lMM>H)zAI;4Bf`{h;0Oz%~`v3p{ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P256_combined_SHA256.cer b/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P256_combined_SHA256.cer deleted file mode 100755 index ac61c0195e1fb57ccca571bab81c9b5d62c442d7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 557 zcmXqLV$w8dVm!ZqnTe5!Ng(Xs-9z>_YZiO(&2uYVXJ~1_#m1r4=5fxJg_+4f)==6& zl8rf(g;`FBA&9{r2tyd+83GuL7)%+=4CKUl4GaxTfEWy-#CZ)342_IoTmx&Mapn;1 z1`MtYc?>BC%|MnjLq0<;LlQ$KP$m^D7tG+n;0QH5(mF8O_mDQRbO#IMa;7+Zb!^|v}Nke}$#KkviYWq*_G zX1@2Am}k$$C&U*QCB3-ul0oBngT^y#{Mu}cER0R&!cF(n+ZG2ivNY~6Xxz#o6(`kA7Er^7N4A-o0OTCni3!E;Rxh2FfoDL{m|F5@& gpI_bNn^5BTx9WTQFN^<7KR$lbvqx z2sx(~m1L%6CMTAp1}Ekg#r2{SQT6&uh4#S{gi;xJFB$caBQuR6zfnq z(_MQ${}yt*F?%o=xH2g+w66?!GB+@+U-KaUUV&U^X90oF9CI4Pq@w1_O)Hj}7Q&<; mtMqWTYM$a2u9VM5ZkI2K7mZrGq%mV-=)W7!yie@(nF;`o*RhoV diff --git a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P384_Specified_SHA256.cer b/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P384_Specified_SHA256.cer deleted file mode 100755 index 8c3692dce0c3a229c303db0971f6f6fcc1ce12a9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 668 zcmXqLVwz#l#AL95nTe5!N#MF?YW8jm#*NN*5A8I+p&e!*!N#uD=5fxJh1r0YjWeOm zgE5tvg^7`s!9dnf+CY+xIh2K2PKY6h!5;`i7~&ZM7>pQ98O#ji#CZ)24NQO-45Gw& z4Gj#9jA2{@TSIFDONe$O23LkWh7_=7V+IQb6Cf*?p@1QkA(&9t@69 zoZ+gXyLhn-1;U>`^`A^^&p|SzjWlTT_QN2E^g-LvHL25EkGBqVW*u&At)Qo|N5rkMo zTp64hT!7woL<$C$#u={8!6pU_3=FjPSOg;AW0Uku8O+^Ihk?um7}uZ}`*aPgMB< D*o5BN diff --git a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P384_Specified_SHA384.cer b/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P384_Specified_SHA384.cer deleted file mode 100755 index c87db9fc44894a58aeb9918bd0f5c033e585bcc5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 669 zcmXqLVw!2t#AL95nTe5!N#K)KyLN4`@M5ozrZu;f^A{UPu(4~kd7QIlVK(4p<4kDt zU`%CZVPaxsFpxErHjrdv4rO7M6JiKr@CU*WhIobm1|tSj1~UUWab5#M0}~(ygD7!c zLjyx2V;I-K*3jC(5~AIR!IdG8AqA}2n8AX<1jq_zC}2osNM^`nNCVO3XJn?^K^wNTbu9uV^EdvVZ?b=J6C4=zYe21=%;#0Psg0tFbD7(s|d z#FfFB!3F4TN2Fk2X`JEe9Bg91z`#Ijk3}%@u^6luepDE;Wl3dGXBE-(w}B?~8{vo;;CkmuKIIJ7F+;G8niqDKhMsC%xUryyJr7w7oq?t^}U= z@%oX2v}lIehN20~)is|l1C<<$@VJ7#tZ44ay7zppIZ-WMkECWMNQZ zPGVpQu*|)~)VaiEf>oZ+gXyLhn-1;U>`^`A^^&p|SzjWlTT_QN2ah nhCkQ7+s*5XoE)>tagoZb`FqUQxz^a!{6GHBJJDnIi)R)9;?La{ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P384_combined_SHA256.cer b/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P384_combined_SHA256.cer deleted file mode 100755 index bd0f2c7873feb94c67485574e97080bedd61a7ff..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 636 zcmXqLVyZA`Vv=9L%*4pVB(UPZt4e{~#I??87w)Xl3uH6kV&l+i^EhYA!pvkKYbb3X z$;KSY!Yn7m5X9gQgdq&^3;_&A45kcb26E!O28ISEKnw;^;=G0ihDOFPu7S0orGYs_ zy8(kMLmop4ShF#M1%nBY<;;-Jkjs$7kO`DY1v~ROV^^Dg`=CWAKySd3H_Hlj^hZ4ul#p|4R zY)#dT-`4)pk-K(@;Czl#vn^ZhPFtgKV1ayK%SI`;_s^4yR$XGPJZQs~wys5>Wd6qg z^G)_IZenCHXkuhAX#C5@ug%8D!q{Xk+;l&^ZE-LoOXEv}#%C--&Z$KunQ58Hi6yDQ ziMa(isSGTVu6Zf(0mc?4@yYqQNtt=6De=J`jz*?t3`~q5#3JGf^sfs;FwlRX0EC1A zOXCbz=U@{91_lON`zwNxkHuiU@T0cS{vIn4 zeP2AZ@#KkQyFB|w^!IdG8AqA}26sX-0$O>jCU`S<1X2@hn1L9P$Y%qfdgCm2XLE~%# z0jQIh7=aFIWMNQdZfs*+mFagemb+QV(Clm|AxDt`zY^R zGC#U1G~|b&Z_3=VmorpO?aDK1FI&NJwzP}6Hd*K5>5Gi4B0uz=YAA0jKOcRdY17@N$6o9?H#Ee>X6X=0QIN=UN^Ij0ttWTs^%CzhlJC*~I9 zq%yEbxaOtA2bdZe#s?RqCIcl?Q{sa?91R(m7(s|d#FfFB!37vHjz}TJ(s<6*IoQmJ zfq`K#_?{t4?6g-v-7@7{8?Ka<>7|KR7Pl%*T$lEG!83;W(esimW1oj}ua>=+X?pp0 zT}?PgdY)7BitJS@Bx{bIXYB}|vt|SK)W+<=VBpH6z|C->-6L;eX3pM+A%2&d diff --git a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P521_combined_SHA1.cer b/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/End_P521_combined_SHA1.cer deleted file mode 100755 index daba145ab3bd7be454246031174969685a1d02c7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 725 zcmXqLV!CM1#8ke3nTe5!N#Ii9McXEa$17db?T<;!@^dlZWMkKA^EhYA!e}6CC~Y9g z#vIDREGNVe#NZEvAq?>h0SrbArVM5Va^k!Oh6W};3 z*Jfj6VQexNZn~e|wm6uPrHN4vC?UlnTLR z>{TlyYmT00?FgTbqU48vmv2In-vr#m1r4=5fxJg_*@b)==6& zl8rf(g;`FBA&9{r2tyd+83GuL7)%+=4CKUl4GaxTfEWy-#CZ)342_IoTmx%EO9OL= zb^``ihCGH8gk~VinIWGcmm!HE6DX4kmJ4R^U~mK)ZOC9`&^X&bfQ=pO6edPCR_#U> z24&{PHU<{P9@qb_<}K-y?h`i*dGutYbzSRD2xcj+}^3EmmqpLzgei-_u z%q@F4L*>-2Jfrrq6&zly7agQdXvyCSF@}}n+<4fa@qj_& zUN(MhHbxf4CUfDY`{`|qgBe*GR~j@fV-a#rEh@=O%S=uzNexcSEyzh_VBre#_Ya8= zFfuh`U}6Lz77T%CiB6c`v7D0OAx^xD?_b$(Y1I6l4Dy2mnd zv-0%#E2oo7c6Q`m`?5n}1@4Gpc4shfVN!58vbXA9zT>irroTqpLr*sJyaNc|CDoaoPGmGZWq@{dL}d>vR2+zMQ3Q`%@Tg0e!W%tN;K2 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/msEcc.scr b/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/msEcc.scr deleted file mode 100644 index abdf4ca9..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/msEcc.scr +++ /dev/null @@ -1,83 +0,0 @@ -# -# Verification of ECC certs created by Microsoft -# -globals -allowUnverified = true -end - -# -# some with combined digest OID, some with specified -# -test = "RootP256.cer root" -cert = RootP256.cer -root = RootP256.cer -verifyTime = 20060303001200 -end - -test = "End_P256_Specified_SHA1.cer" -cert = End_P256_Specified_SHA1.cer -root = RootP256.cer -verifyTime = 20060303001200 -end - -test = "End_P256_Specified_SHA256.cer" -cert = End_P256_Specified_SHA256.cer -root = RootP256.cer -verifyTime = 20060303001200 -end - -test = "End_P256_combined_SHA256.cer" -cert = End_P256_combined_SHA256.cer -root = RootP256.cer -verifyTime = 20060303001200 -end - -test = "End_P256_combined_SHA512.cer" -cert = End_P256_combined_SHA512.cer -root = RootP256.cer -verifyTime = 20060303001200 -end - -test = "End_P384_Specified_SHA256.cer" -cert = End_P384_Specified_SHA256.cer -root = RootP256.cer -verifyTime = 20060303001200 -end - -test = "End_P384_combined_SHA256.cer" -cert = End_P384_combined_SHA256.cer -root = RootP256.cer -verifyTime = 20060303001200 -end - -test = "End_P384_Specified_SHA384.cer" -cert = End_P384_Specified_SHA384.cer -root = RootP256.cer -verifyTime = 20060303001200 -end - -test = "End_P384_combined_SHA1.cer" -cert = End_P384_combined_SHA1.cer -root = RootP256.cer -verifyTime = 20060303001200 -end - -test = "End_P521_Specified_SHA1.cer" -cert = End_P521_Specified_SHA1.cer -root = RootP256.cer -verifyTime = 20060303001200 -end - -test = "End_P521_combined_SHA1.cer" -cert = End_P521_combined_SHA1.cer -root = RootP256.cer -verifyTime = 20060303001200 -end - -test = "End_P521_combined_SHA512.cer" -cert = End_P521_combined_SHA512.cer -root = RootP256.cer -verifyTime = 20060303001200 -end - - diff --git a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/nssecc.scr b/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/nssecc.scr deleted file mode 100644 index ae606f71..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/nssecc.scr +++ /dev/null @@ -1,41 +0,0 @@ -# -# Verification of ECC certs created by NSS -# -globals -allowUnverified = true -end - -### -### certs created by NSS -### obtained from http://dev.experimentalstuff.com:8082/NSS_ECC_Certs.zip -### -test = "ECCCA.cer root" -cert = ECCCA.cer -root = ECCCA.cer -verifyTime = 20060303001200 -end - -test = "ECCp192.cer" -cert = ECCp192.cer -root = ECCCA.cer -verifyTime = 20060303001200 -end - -test = "ECCp256.cer" -cert = ECCp256.cer -root = ECCCA.cer -verifyTime = 20060303001200 -end - -test = "ECCp384.cer" -cert = ECCp384.cer -root = ECCCA.cer -verifyTime = 20060303001200 -end - -test = "ECCp521.cer" -cert = ECCp521.cer -root = ECCCA.cer -verifyTime = 20060303001200 -end - diff --git a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/opensslEcc.scr b/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/opensslEcc.scr deleted file mode 100644 index 03ebf715..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/opensslEcc.scr +++ /dev/null @@ -1,46 +0,0 @@ -# -# Verification of ECC certs created by OpenSSL -# -globals -allowUnverified = true -end - -# -# obtained from http://dev.experimentalstuff.com:8082/certs/ -# -test = "secp256r1ca.cer root" -cert = secp256r1ca.cer -root = secp256r1ca.cer -verifyTime = 20060303001200 -end - -test = "secp256r1server-secp256r1ca.cer" -cert = secp256r1server-secp256r1ca.cer -root = secp256r1ca.cer -verifyTime = 20060303001200 -end - -test = "secp384r1ca.cer root" -cert = secp384r1ca.cer -root = secp384r1ca.cer -verifyTime = 20060303001200 -end - -test = "secp384r1server-secp384r1ca.cer" -cert = secp384r1server-secp384r1ca.cer -root = secp384r1ca.cer -verifyTime = 20060303001200 -end - -test = "secp521r1ca.cer root" -cert = secp521r1ca.cer -root = secp521r1ca.cer -verifyTime = 20060303001200 -end - -test = "secp521r1server-secp521r1ca.cer" -cert = secp521r1server-secp521r1ca.cer -root = secp521r1ca.cer -verifyTime = 20060303001200 -end - diff --git a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/secp256r1ca.cer b/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/secp256r1ca.cer deleted file mode 100644 index 76b4842f8f4b793bb6213bf9114e020b65fb1bfc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 825 zcmXqLVm38sV!FG4nTe5!iId@ILwumv;}t9hoNVk`Z64=rSr`o(=NNJW`OKj#Y{E>T z!7vU750kT_p_qXPNQRw<*Ehd3uOu-uPa!NbwcJq6Km{bu#UmSBny28KnOu}#Tv=R_ znp>>klbDoWlvt8ql$ly=C}SW6Qpe3B9FkgGqTuYPpi!KfTwr8sR%EDYsAQl3l4a(R zOi3-%ORXqKEy~PI1zM9+TvD2rrk9+bYal1iYhY?93{?cXkcJyXaeO9 zcIQVL2t$LKiII&19Olf7?95IKEO!p@_kMkAH#m|lHut9d93k;tDm!YV#l$b~ ztkBmxBEy(b{@{3}$GorCHdklWuMyfS7_Mm5zUG0G!yjIs#Z8Q?22G5N2C~2~l;vX) zV-fNAev_+e!orIQFFPGiDmZQ0ap9eqLE}Y`yfRDUNrT2?4OrDIY+SUYasD6=$|j`b z%LDR~Fbk^zGb7`Fq{PhZ&S2oeq)=J(qWscs=2ACz{_h8lzMd}}!u)8*Y4Zd1!ArUI rZEsgHDP*m?|K9OgSb}W!@y>*lzL|_GUobA8UHZ0X>Vvfo`r_;Wr~3Fk diff --git a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/secp256r1server-secp256r1ca.cer b/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/secp256r1server-secp256r1ca.cer deleted file mode 100644 index 33971fa1e41fdbcce7923652ace2c2dfcffe2ea2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 578 zcmXqLVzM)6VtmTP$*|zAKTq-2LskZyZ0uTX9_MUX7!4Zd7;*#o%%Lo7!c3vTFb)R~ zle43tn1KjLhMkAkH@`HmBr!8jAuKbs+)&Lx1tiYJBO6?rr{J5JT$Ep2SzMBuTdd%d zn3P|XSdw3qnObZpV;}`m$IT-gl3HA%;OwZNQJk7wU}S1mWT%FIm#T9Z>;Qks^gmzW~! zs$q`PdXCD%)qJL2NHNRo!C>IZq)@-lC?zU+lj2Err5A~+8B=iN_xxmL_v^!?G{T>wTMwiN&X diff --git a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/secp384r1ca.cer b/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/secp384r1ca.cer deleted file mode 100644 index 0c1ba66f280f9d2251e619449b736dfda33ef5f9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 887 zcmXqLVlFmlV*0g!nTe5!iId^bN{8cL6}^}YIN8{>+C0wLvM?Gn&N1W$@|i7UP)qRoh_MI3%^WM8VlnL8CY|xxm=Mq{vXyP{}|6B+JYr znUY$jms(MfT9lca3bZDtxTG{KO)oh=*Fa93*TB@!$iU3V(8$u%Bubpu(7?dZ&;-gI z?9MMU5P$|X6C)d|b|VXe5_1v*%dzQ(JyVk=S2?EddukPIe(G=U2L1r&{Yg*C?i5dd zvTAG2U$zDDRXb}c@79W5a9&>c|9RGzyIMnCjV@Q;uhQIMca8y zepR&Y@GY!P`m+B>yyJd0%%J zoA{WYFf?eq2$EN3X*_Arc&q`dnuU#vmNd>EHxk8`#xj0TN!47q`P=1>+kVW!Yv7>9$0 z$=T6R%s>Pr!_LF&n_rq&l9-vN5SE!*Zm4FU0utxqkqs`*Q}E49F3K;iEG|jSEmrVJ zOv*1xEXgm*Of5E)F^~eOaCTJCC{9f-Ft#u$GSoCwGEe}?GV@5Lq?YNW zRurTbW#*;=t;s1aDNRe$OU}@T-D zDkz*hTbQ?acE;)BFJtc~w5N$W-?^A@_05#?qGEB8SD*IuIPs|%Ke2HAvH~gEnKKy- z(wGbxW|iIg=4JE#Xw}WE1Dj-;q*k2vdRL*XBFeDy?vIem21dCS9cPR_8y6THW>S_Z z(zgU^*|W5A`K{IVQ`%$2qAKF%&NC1^xOU!Wtv8pune&>rUC5HXwj*HX!HI&7i|6-V I%3t~t0OUZ?7XSbN diff --git a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/secp521r1ca.cer b/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/secp521r1ca.cer deleted file mode 100644 index cfca4889cd02f8e84db1f8add18d4fa94f48a3d8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 962 zcmXqLV%}%a#H_G@nTe5!iId@?b{PMP$txNRIN8{>+C0wLvM?Gn&N1W$@|i7UP)qRoh_MI3%^WM8VlnL8CY|xxm!Ou*gu;P{}|6B+JYr znUY$jms(MfT9lca3bZDtxTG{KO)oh=*Fa93*TB@!$iU3V(8$u%G)kP;(7?dZ&;-gI z?9OkTZ6E**YbHiER_#U>24&{PHU<_3A(@GUYvSf{r^;n*hi;+@Yl z8gfh9BJyI8*UGc9WL00_q{q<)f7=z=kN$S~GH2v?G z<>sG%;=pmUPtCIIQ;r0C=%)%ZewjSo`^JpDPES^9Ci?zcA?oV0E9%`NwaL-u2bolS z4L^x&Ia=rSbM{542hRV>EWRVtiWqZ3L4oq4LAD5-cKD=@9Ra`G~m#QY`KV2V| zTas%R<*lwd+Xghl#?rBvaq|M3kOwLP`M=H=1oC9?c|82(R;nDarOA0>aq7;%19sm3 gcC1fbC#}5eS7@HxuV2aL?AIPVwA%IKPqfBe0QV?3761SM diff --git a/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/secp521r1server-secp521r1ca.cer b/SecurityTests/clxutils/certcrl/testSubjects/NSS_ECC/secp521r1server-secp521r1ca.cer deleted file mode 100644 index 2ceefe0c716984d661f78b2081ae78053bc46c7b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 714 zcmXqLVmfBf#H7K*$*|zAKTq-2Lp}zaZ0uTX9_MUX7!4Zd7;*#o%%Lo7!c3vTFb)R~ zle43tn1KjLhMkAkH@`HmBr!8jAuKbs+)&Lx1tiYJBO6?rr{J5JT$Ep2SzMBuTdd%d zn3P|XSdw3qnObZpV;}`m$IT-gl3HA%;OwZNQJk7wU}|JoWT%FIm#T9Z>;Qks^gmzIZ#=ydG zvVWh(S@iZi;`Ud&yR zz-d>aPmc$&T9QdhmjHob7K#KL1PD#6QlN#*RRfP zdHeL?>ykRjqn$y3&^UM`j^TlU;(&OW|HEFAYeJva3Ks{#O48up|B diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/Certificate Path.pdf b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/Certificate Path.pdf deleted file mode 100755 index c1bfd04cb2a4fc4cc46bb6b2918d7bd396eab318..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 729713 zcmcG!1yr2L5(bL92G;-~xH|-Qm*5s$26wkWa0yOucPF?z1b24{7Th&&CcD|YclW;Y zR>ng`Js&go(t~&;ps4mjszn7GPsy z-~jM2F(zRKzABIa2e1Jvk|f$BTx?7vTcCQrh} z1uRrZI5@dk*@1oh{3OUGHpU?8B>yiyZVo1<$iF0H<|IL8`t!rgLGr6cVuOtEXA=iE z`#;;5Ik^8dj+u*{>!0ITm^l75j)jGt?O)^ASpUU?m5GJvpW|3rn1CA!`us;eR!%0) zf3~r)Gyh8#HZGQb@nz#?X8z|~b|#j8(PL-+HxDMziTy(sW)4o)|Fk(d7yztH9Drw! z%%}`Jb>MNca3eEH*_he_t4u)7B=3PI`rg*o38V?YnZMo@9ZXz)9Won8Nu)%zc}&V>B-t(b!N zFU0{V0f_fsYO3OHXF|d#V&G(8Worf$LD9g>#1SO%ZwVEgoveVW3~Xa&1McZBsTJ%@ zY=n%Q0Jb(jW&Wktpms(LO)U}|XDh3}eStI_L{iSy7|2G|(L~^ zAkveA$OBHe$5FtCWRW??rhBPy9~=C-E&TYi&0$GeokC%@$Q;imyU4)-Dh^5r{{9a; zfg$QAjzQ7ugT**j-oD#FU5$DsI`d*ji9J~*1$NGP9KOI;U4+z}@=wW6y3|xPF(Y!ZJJL$mi77MW4pcd#01C4S^fxgWAEq%W=^POj zd$%o|x)pcWW&kAWU5#U5{PeV4{0ft4Oju;$c^bK}B8;Rb;QBmlHemgqNJ7l@?ckxO z0B9VTq#9I&Z;htmNHUcmLZGvu;$R>lxn=|4Oc8Mr$w#QD62ZUQ`#}pW>5B&y2;ufi zs^w}(^S+UZH3#@D;%uH-tf9;OEfi)0jg&Y6|R&>I)R>r`YQb1$} z7zx>!S^e67Mr9`xYc&#P*8dJFfU^G$g^?Nmf0Lbq9Vj~sa1)t;t6*kg<@{f=|DTHe zF9iaf`v2H)AOU4(L#JQ9O~t|4n6 z;QaM)vH;Bq_#ppk0BQjzkUFU07Z+eC1ZoEn9$dfA$CBhWxjU2g(bA88I7R6acU>BLSY6jgXBa;I9T`MqvX-lV33L zhY{I7P(3>b->UFMC%v2RNB1+5&(^3B)@FZg!y6GLtYf zFmZ7MWnq*su(mb;X$%8URv<+FvjmANXW--j_yv~?Y|J3gVqjqgArJ!-GdED57+BeX zrp&~^$@~je7=DF6ObpCiKu*9hpk4fvukNon2U+(&2>%P_{y$KEpgsN%_5aVY{O1h* z(4F6^{~wL{tq8x%e;EL13W(ruh5ti8erYgpg`n~;-TkGa$iH>)R~Jxo|F0DuMBwlG zj{Khm{NfB$ACL)vMEqTXqyp7{o5pXZpppxC#K^xpf0wMlMi7DD6G8R=>;e!bfc<}b z|3B2!-*EkJbp~#(y3>HKsY2nqIkqboz&9_a| zX7&n6tH>jTXBBeVu4Tf?FUId}t@UJsn660e`&v=ATYfNe)zeK;wY-g3?sH(0Pu4x= zboZ@6&dy&L)(-NgC40%{r!}WmYSMT$Bi|-%HZtQ~tA5XIHyp}7_j??VRmuJ7<`s1G|@ zlN~|6vO>URk>wfi*MRgmyhL;A#%&6QV@vor6u;=3POp7o7O$NIQL)^5m=yZ3@6>tJ z2q&#%H`FY4tC=GMp8s|+$P6lxBgnP7x=iPWj}sHh)kRW-39AAvR}HT^9LyRoFW{@Y zga~C@H#4h~4vteH^#pr^Afym_OdS2=4{aA4*QOWB~>pBTjv5 z7*G6R!k>gHuBtCt9c2)STEYF|eN1CM=w%B8*SJ$nv*IW6kBrdWNC-$Nmhb88P~T4y zM(eA##!a(3?Qm#pe=NV4JCjpfku=|b{quo%)A&Pc{!tPbBv>0nl_tXf3XcDFEAv0i z{ystik8>zkFWNp)tjN5>AVm|p+p9IQ04Zh85@Qj+?v`GuKy%^Oa z(lQz$*9lR096u%-%TNC2yyT;k?4@IwI^tQyktl^5DS}8gw>Gr30ye4Gs@ed4T?qik{h7)9H_!h{F#ZT?{}b^884Hn^8dy1kQX*wJ zkh=v29E>W!G(yT47>5I#-2b@-5E%c)-9O0vPA~owaQ@0zK*0$xoFrjo;wEAIGsNct z0<t0glV@S^Ge4zT}FhgVeA#Ez`jGO^^& zpPh?0vTRa=Gz`~g4GA*`rxBs$NToxl;L6GIFQ-FT;)tqmB#DnG-(U+{9wdQCT;j@N zqpu}E$<2w5jQ#{ADNN$oop#odi7MK!L|xkNOCxrE($X|M%y-*9zc%Iv4he&V%cS4= zUzOL?5#qVxxn1k1L~xKWwvch+^9~nbPA08R?rBb{UPp^hE^!AUu-9vf@827mnFV)v z8$5LfB7%d19~>Nb8>E3l^0j=wdJv!Kj1TA*c;6{I!|x*q*&a;{3q)0KAR)ipr65r20}vM z`*E3>>#htrxw){Y#B@a%SLui_uPNhwTl!5$C)6+ZyZh@rxiiN&>Pq-kR8G;M_-t1i zCtVpVEG;(;A8(Gm_qz3&2)XP!r>7kkYfNrWRy|*ynmRgu9?q8b88W-j($L(Ttd^>k zQa?`)GqeI&E+x`w zRaH=5fVqt7ZH1bI0+!ZaR!7mvr>eLn{m=SC$OBXgXc|kod_KDIB|CYj8WfY8w=6h{ zY?nYiBl16omprv>y+ucEkFjq0`Qy1Re=jr@LwQCZ$<_6_O6wIqU8QvKA!ht-o7 zETWH1;6!DnzkMy5&t)<8W&D4uXOx3>R7DoRyl$?kNei_BLxvc3@fY+e0xu zZLD;Drk~&ipQyX@;AAqKckFP!xMwb~3b(rDZo$bqM~TI0(aP|W+M!Iw^9x&*SiYUY zvS%-&Hf*r#&h0ZA7zw1Vp6~xoBoQe`pEsjF6R#?*e%ud`fyiZdCBAmZ^Q-z0(zLy~ zS?zQ%6^_F=)lgDWGFPr0Y;kpSBQGPvI_X2yq>~XHt*D_PDJ9r8vt1l7@9gYsXh;?; zk^%qyJ5c#*YHGH&wpLbF{QdpI!ov^Rjae3fBybpX8cj#>Lq*?fX@$ADoU9bjT2y-; z&6V%$826O+%$u_@WyHlz(Au)-VU6%aSV){r*MSS&v~?`x(AZ+^4$Y<7LaDS8CeB?KnN zM7C{7Wm1urw@#)h?sY*X<=%Jk8aJ}a*qK8_Cx-6MGwftFDm>F8_PZY%~do)S)ELc*mVC<4PUHE<8tTl?Ib;-9*UZ!Ha zN7jkya}zX^>b%jKQ%Qr7SKT1&{rVw~p~-gbJ>Zk0S{QHl?xRBZ%6v`myJFi_&()Z@ znVE%!g{&gMu#FAoGe9L&;{0gbGq(3U!hBK zP^S464awYXU2JBrih_i=6b ztqqDp=Brexi5N-LQkP?xCwn%%KdD0H)2}+F+lnfZa#XaYM%w1{W@%AO4XM*Gq^Ej~ zr!ENw3H8pHFpcet^9E{$@V(F-v9*34V;6egl_g%ADDMbK8(JvOFFu@EwML902!PpCAjyGJ+VXO+;s=PR<-bPrzB++(jqq1eo)@9Hd`)(DLmz_9Z*0L!b zudI)AQZEng-WFPDa9DFUe3R5#`ZPwGW!w_;1BtA`F6QWPjO+Nx9fJ?4a!kni8OI5d z25gk^vtA9wyxgTwlAonWI_`kvc$+q_HMbah*|&>;!?*XgeNGukJ39m6QMCh;(#5#PQg+)ZDEx$Nz z_ebX9&Ky^3s;LF#fBuY`4d#;TB(xUKQRM zwzvW;L-g?eWNuq)E8X|UC_z+v7Z(=?ha7Tq^DFF_^z=xS%e!+UX&_Wwz+5@iYTQ@m zQT&2*I(L;44=(-Ju!B`m)64v}<$D zW-YlD<(J%j+1Z()jhnszLA~GoRwmKUuh;r3rBE|- z5dojQW?$?JT8}qYY+fGurII8$m6gi7>e;2GFnZakdAtTmg;t(Pg(zY^9^*kYopMis ziq-gnIQA=lf7je7te{hF}VHR?au;N<0xc zy^TJq9RMaPt!lPqQ7$#lZC7`jDJ5*g-ILa6q|2N_pFznyxwXCRX_GGCORTM4p_7e> zO2h+|tzp$3)=I=TJv~kB%_~EyS#1bi&Fk_5*F139!QI`xEsI!ta&j`BrGP`cTv|*% zIb%)e4E>Gx#u3!CJzo8ni`dwLvq24mXW+h?$a#!E_Qr2XAY$I<|Y zMdIPnuXzLTC-^HketKCTYqk-Q9Ndp`NH>|u4Yj`uEkwKCu%HZ|P&-eOZBEL#vI^rF zA?OI%srxoV=t#J}C8v?am1t6w^xlF9(w@e7{+I}R-@OfU@to2fxC5Kn^XKO{URZg) zV|@%KBNOxSnpE=s8B+=H@x3g30HZcUzDNp1)XNx~uiM6DCe_9arXEZ87*{I0SliO; z4mrcAk})pm7&_XjGN$U9qc1bnfTL`et&$(FXuhC_5U3`(eRyU=){}S%ex?BrI~>Z< zMUhRIbV!d+P?G73LB|t9n}NXVleAhvvwLfZWQwL9fr5{v=^uqpj_r@w7%kjy?KH!T zf+r$sg4@t5l*5$s>?yJz8MH2Ux}3J&abFurA|zLPn0c6Uce?s>&HHrS@wBP;-A69K za4}BkGZ_}G3)h%K&X;}W#C2CgBdv<+l=U@le>i<`p00Xj^K~ZYhbzEdS6LYyjz@oA zAM;l>zT~ybrmKOH&wL#`^#dI^l7uNJ%U0-bhq8 zOumNW(~z@@9x^20%&mWrDaWcN#ImfH3+wg5hSjlovxKQJE%GMXD zwgTk!viCJN&DXDXvjS|V$BZJtn+g>tY+2se!f6zlFP`f3+=*sk~v#7G=!|verj^Z@!%*R^7nKTQ};;XxpQsEc7FSH zZs|uRmcIlc)3^?8gEL&9@MNJvW>r;Hy)rP^6{)S%{Mzr1mS8xMB@`l?nod%L8KPjy z@%F6=F#eal{)Eztu&;3-k&*$6QtJ~AjLe(uqJyOK{rN@HDz)mu@K)M9IaN$VL?EAw zCe8Ibo!Y4s(9(#BiEGao7#RA820pt=$3Bx6%~}}eO-;RjKp#LwK`}Lr8Lg^pXt+&( z=W2CB+x?SiKg%OFS?|30K29@`>TO9{oUwe&_bv8;>?@dR1-4Ul{-M0KqH+$;Ik8w< zexGFb)%?wxMec6bRKY7amEClsnfUaKm+=Y5Y5q;cihv9S3-mN(OIPk2_AhDbx%UYBxWWHyL)#W95!RG5ow1?w|2aAZBUFjD zm0m5EtT)-ea{|%ZQ9YFXi4-o>#t1rq0x;$kt_Aq2u_F^3*x|ii;(R8i>y%uQfai`P z5mE3^w*9BDBxBqIcT>sBI195z5!&92s`<2 zMok&5tBi3!F7#N9XYipC^THX$eZ$1U5>prHWkR~RxHxk=PIl)8 zdNqsDf1KVt+zCQgr2$~1G_>nbeb66CkgQ1#6+x#}Yks!TrJr9|NJ*@$to%+R`jD>$ zS_3~NgVl^JR6;DwJJ)icFGPH_1TpOGNEnVPJ>3zi3Bhmusft&w<9J3Eb;y z#2FbZ_K?ztZ}vF`n-Jr-vl1^hU&A@C)RwTfmVa!iG3keitZ3086V#CO=P4Z-BXSA_ z0mc#)gZW&Pc=-`jWv^QBoU>&xOJAmhNEWpYk`H*z6KReplnCSdywt|!NPLL=$a_Xo zETGJ{?w%>6yVd8Sv_+j>7d}(w^C=EM^9eJNU8KCZN!5PG4-?$Yr*VxUmdDrC$kw;eN~;Yum%VDNq6y)NYb|?E3C(HtX6^?dIqz4pP-C0<$^Lq-Jw$) z^7LD?MSt>_7L2}+j&i-q{ls#?Pr1fE>-z3q&2*-$PL+1J4N)!eBm6>-0ajT<)~cz8 zB71NRU|w*GTlB)8s~)86Wl?kZ9Wv}tqwO$us_p2S0qUhNcHq*pz^ocwEIT_Jj@#AM zwIFSluUsS|J6j|YOx5%DgwN;6ErnBem5M@R#^ zo3b~W#|zaxP46KA003@rS((-824ld{e5LJjJ@PkFPRfR+CRH@D20}g$%s1+lA9R6H z-%tXrkVbP>11!rP`P*bIEgBp@MMVkhw^HBJ6wB7uzO=svBxlqVu_-piE?VC6QN-$D zvK`Y;thXve(n_hW;ax=py)MBFT?XVNi@kDw;f_=6E<;L3I_QIDYM4$- zm!(Crnnffz#jQpHfbbFs|~h6)OjkkMRKAi%|H#$E{Oq?GY_Ug;7 zXN5rFiL|DiHmA0GtLjZ3Wbfm{+&x`=nd7s2f>9Y8AZO7G8?Sxn65}Wpa=84fl9Q9+#Nw4|J*je` zp`lCFE9DgwDvOHrf8@WXws3NGW{;=j@VDy!V4dCsOu>VY3943$l?&4bl#Ii}!q5(J z2U?`0q{fWtXlaMX##|^MEY91#AKhA`P+lkmo%e026#6B)aZ>qFch3o=RmUw9@4jK_B3nC{sW<-bfvs}9&Vnk`o2aLyiIzzz@b0IW2wH{lrBvt8SF z9jW;n@1uP{nHxDu#QS4`XG3LdTT~K$vD`PJZ%o626mXC;NeOR+o@=2(isaiX7%Q`Q zlH`|vs${`h$u3tu7PLY_o_}!{MrGLj8Io++0d06n^+4xO8mG9@(r6opU!MP?hhEqD zsV|ygg$f_*zGNS8*DlS)8}U>VzGreC)NNILh@|E{jQX>KqoNI4!&5zL~L6OsyTwPg0Zlt3b4@gQ>r z#T2nark4qEqMZn9++H9L`?`;dF=1|GCmxSSRA+BB-*2#G^CpZg3}vG>Kqg?uuv!%y z0$LSwrr)a-$5I-*=~M{osVFXKsMK?v`?h6oQ;#sszzYE-U6@ z&$g@mA{JZmRaA8TlgRv7M&8g5vshJo;Uj3wb3SVPSKVJEy1-&qdl|YSePw4k*idtP zM+_55(er4e6bTa|R&Xb?IWx#&np7{yc5qIa0<#}f$)9J~i2t}y z9S)`KKl`FNVu&z#n1b@8%4Lt<7xEG9t2Xu#P3TekYH7JG8Pt>m&Gz$%$;M1pw;AHaiqavwMg)^vYge6g<=M>&PG)enrP9p6kHVrI02Hon z-NPeeQm)hM#(|~f<<|l}PtUjOg@uJOO_i}B7Z7-T1Oo-NZ!27^a`@wi6#&p=InVG4 z(Xjfq&(7?g zpy$WZ-$|I~6&C}3EL2Z~MMOkIMy^&Fh{(z!O)-a_L=teCgDvzOOc#O&ym&s{*>}$Z zsHv#@5=%>I-*}LjOz)6AwddwS668I9bv<3PoUhnq`NSh`Wo;d!0DsKuegQ=T%vwD> zPL>-!ueoVx;F8Af@0)WW+pjk{QeqB765M_tB@hOa6{9aHzlsq2zzR;y|Gr20tnaB_ z+dYV>wq`D+kKm4C^ScDD&I^^z@H(Dx=}Coh>Gf#{7n$?jnZYYDCb-wj3kxf)?$dU> z%*^Q9$_29Ma8TqfDXFRUl)yM6<;+t=v(1BjZmAX!=L0p1FYe{#g>*YxIRU%2x|)v8 zS8Z=juT>jTl>z(uye&PQXe!eOO*R`Ic&9TpHzywDve_MY)lB77US1CHfPsca_vfSw zz@gIsTMd9keRat4N;kN~=J>U29H&5jP^z0e)l@#Q)OLkY!MD`R?lZJSXqWhQf-Hig zqoWx9!Jb;rTN^JzeEcPALZHXtEH3zx} zu7tfwN8Toki0^d0!&WkGJY20*3@_qTsNY6eH9@s;l*#%2!o;Cg1Bc@rrvXDw77;N# zfmS_syD&dH`(sp6%>JU+9W4LAY|*o+9_kILq_nDBddQZg`SdLY@g`7FVDgg@r~IePLLi3N)r2w|YY*@%sAu9)wgpdg3y;o)+F%+%?#)-=xXO%Lf&+ zTh2x2>eg9cAz=CX`hM}gJ0sFnTet8?KhUOIn)qP@fUNNs!(XhDV+z#j<6kEUcJLP8{EWO`(r zoSgOsq*J3ag6tLKZ|UWzvwXJM=icLX0a#=bD;*4HN% zU&h78X0^DT8`fz(ODSq;?~SF0Q%A@5jtTBdamocA2A*Er0yy8txxPN=zMiXt=|011VkA<&gU02>#p;lE z+2#U+H0dHikc>g2Js1%?G%T-U9;=Fq;0%PRC4+HA-|P*xxSn=e77g_GOOwCyKqJD& zr$QRb;A<%^4(*L%-iHq$zk(`Hp>}_`qDBD%ptrLs`wQ9Sp;NQZZ1U9Q;#V^c4h}^r zSy>>~Wy1~+4=WW+;SgmLMI)Z%98DPwMB(|9=20$z_cR)<0@L%W*AW8jUWR zmYkfNmNs06sBP`x`Y1guZ66Y{9Tv zq7N{7Pft&ZMz@yW?DR8}ojLfoz_k17s`uSeHSq3s1MIdmBQq2AdT>y(Tulb$@&0np zoZ!F`Ij?i7aq;lz=o>wWaaUItl?^iEl*DIZ@R3CNyd>5kEt2^GA{e~B=gX;=Ru%n8 zXM9+@Sa+(37#kX{io0D$UKmqr5~kL>v?k0~_%N;{Ftl6@$jhkA*OVx%Q^?<9PE_r_ z9MC8gtJEk;C?WUR@X>|(We;Wt{SZ`Il7|Nd@XMYU-6-*DW-}Fs(2L18xTG@~Q^ycO z_<^XZG+4mjKO#K!$R3B^PJ~_Ki7!E;)9ihc64^eQdueAN%eL^ry!!yWQ%@!sCGvnU|~sTps%OOACnGM9tVtSFeeY~GN@^)-*ws~WNen3u{vA- z>}YhNsk@l$cq_DA?7xT!z(frF0g;N5KFL9_qH7^1F==^ls5_YLl?aHZt^H8M;3)uQ z&m689JwTh^&G@v4^^xjLzQOqtYE63t=kq}xJc4egV2(=CtyE4ThB{OtuZySXMMAy~ zQ`G6GVWN*{@~tq_R4{ZvG^ZuDC;`Rjhut3A&u5DTrYyL`hI{&Q);)U$gD+k&x`7k3 zJ~mSLyuPV@bV#D-%Ge2NU#6zDxz;M5zcD^9&2tRVm<6A4XY^-Neij%~e%Vg&s z2?!CNV>6+7`YxkJ*>Pm4_$uQ)c zbv?U$F*zM})K9koEit(x)DSS~!rXV^0B0*NLn;fo%z6TCp0E#ft79UA%^VK2IH7`X z5~DR{CGpRgZ(an}N}(HzSrE;#m@vh0afx78680`?DtW2AqY)Ak>uYPuhD&*|EewQ+ z6R@zNg@+La)rzzPV>lD$!+3QOSx8Dls3OXEF_$Pfr9@&W08_lFuD2_mah^X@SI9Z> z&N6*@(pN4se?IM{ou-{`@C&$qd$~rf2-Ya%Y%N}irTl*Vr8cGhbEmD26zS8p0t%!+6;y7%yRr*U% zS*1n_liFcN)aQ;`8J-2Ooepag^|1M;}w-` zM)8&G*3f)iU0@vOeoFmWcGM&Ax%>7(Y_`UXLK0&t^y{Z__l-+g)iJM2%1lqq5?uGwrxb?h*(|EmcM-TE3ik7$1DrC{snbNNI>&iQ_b1aQ z?reE9w50YdTqWb@+xf2gMII7teE|c4ir0h0BAteDsB|P{(gh-rX~^ZKHlJe!($BCM zCI$)0^qy>XI_-7*9vU~2jVs>0XdvCKVw3xoora%xvRdO)x_PulSBv^heUW}Tj%d^p zbwFKhbrr^{wOy0x^Cy|TeA6?%W`}%~E*1Scz8dksXOx8Z%`%Ne(btKs>NUe0zpC}! zM9ZCLN;FA>Dhi|7fjqy@Yt_xw8uKf@adv3l|#m^1?X7h&4^4XURD(aENTXB6vCJa5}j&_OWrSBYJ-u6qi zMPaoCj_A#~jfiUcwIrkjYZ~XNOp8gcyp3`~j%NDUK4fn3_h_iwJTPuVYg%|u=`vic zJX{XV8#ZH4nheR+ey)n2-8tFy8Tf2D-P82ywBpzz?1CRdgKI2#R6L)W`MIeYH`eMC zmiMeWUpCli13SXPUrJOjkqc{U`O+$@-JG)8eH_f)J#AKB(s!wJ7fmnz?(#UQw4v3M zKxfY;zO-f!y=xa@yd&GS=|rZgcSNz^W6#$IBk2*3T5u_1{u!vEj}Q9f$fb8oIBcZN>jwq9(R0i*M)te9Q1#^(pz`OoZJe9S z%;%VGl7?-@Epr|RhQ1OouU{Phsm^L5=12cX6nKr%a>6!M-SP}(s{J0Uo#sX5$Jc4P z)kYgihro~uF-P+kqj#?Cf`#V~S(qbW%>>*ATnx(xw3r8BCgJ3|cZtttxreR-@dn=g zQbu|4)t!{zG@58j@II6aG3Stfa&eeie;6WAx;`2zox}r|uB9>J7;!a7>n3i|cl%BU z2di)t8vZJedV~5lV!`98l!W=&GPQW7d-MMDaV*i;-ZbMv=TNa=sKF|V zbf`pm66&CcB3-wKu|eo!#OfQwNPe6Cu<}~GDGAY}LUzgKJiN8CV`KVY;@3;)Jnc=? zCL0X-Z+Ed=zp`AVRXb2hv)b8>dWAnA2nL1UThf}XuRt?>cIpCs6Da< z^TrFp>P>E?qy;jVd^Nw}*KuLX-}@J{546g~p?(Xl!4_(oH=n~~i0PHjFk%(~>#N!x z8kPL)$}g$V|kes%dul!2vpe zfdY>1aqJU9ju_<2B%_2KI+VhT6GBFmt#9I#a;oGjD26=f9+tADwULcZhXVdKj|>Iq{@9GKOlXZt+zsa|0+-;lWw5yXLYzoTMERWNZ31g<7YkpCE?PNg)pu| zXys9%jwJkDQTMKQZ{pEMcXsm>{QDLB1agraG9GgnD%Yq8n3&s7f*eDY-V!DG8qOlU zDJ*cqTT;%z6`nTs9ju$nl%U3_tY(4wNk9*q6AiWeO@<2c;~l=5FQx?D zmor&Qsa(WYKSjm7g-Yp7wL zJV8!WEAZ*$Z-;3tL4lW9R`2m3lv5X+E0e=3Tdj{T_AbyU$pO+dWP{6NzO)Da{Z!vt zFQKky9nJ{*rtBr?7d8a2^vloCa80cX8Dv`S&19XPtkQ*5WzaL29_1a~AqJr7QZ&Jg z0)lFfaG$qak8vtncJXl`!B3+ITq93U60b8mrK2;Dgh?@CwF}#A1UzT273EXFRhM*J zF%jUHbNd41cnvZ}#fIsQSZ3$mpkNv*L^|?yZoz$WpNEIxH4ry?;|?@vxWu=4B#@4H zrNXPFs+$`J?s;+7qws-+$3IkQl+M?c3+ika8Ij3dsCd2QlUR%xroM>Qv@;4*^bjIw zzdVu8WS;SC3kc+oFY#dZgok!b=$Wy(hjTv+-B0sb=wH3db})l-PouxWRJMb0e->UM z07{>yTYMfz0>y?#5puu@DGI6uOHh%BZ6AlqZc-XJHbYfRsX9cG#CW zq!Xfcc5?L=Xy3mCxPRa2NbZrDAO1C9_=f zDHl96eo#tq-iz*+#I61;s8+0H#gNR7tJS6gcs&COpKpEw|4r8p(*#@otsppcR#g?9 zOM^-tSn>*MoS-lT95}?JARRcVQZzY9VOB^P8aHN)k&wnmXczEZ4Ri>9!r?ZD5R&d8 zPk{Qrt1PnZ>&x zgr4s@I8xEPJ+P^kh1%ghg#pGa;`y+=CD@yJ&;7F9ga$*v^OFo$yG_I&eddY~lTDX( z&~MbnuRZ4?JwLAMe{^t3@Az;_(!x87*T$=5vaCVu=Yl0yVt~FtRbg6B#`az= zft5CmWKLeUY*oejc9VT3G1(`Q)AaSs0PBir^)K~cNelHv4#aJOAGE_i+s_TbiG-|> zXo!BQWjI8dpa!6hl4~v{v(vBg}DaX2P{UMJy~)H;|rqHBot9G!8cj#37xcpeLj{AhulI4 z4$3#w#ro_yv2f3~IvwN5e5051oK@@E)B{VX`lA`s{1Tjvj5=nDft7%iwxO3%bbK`P znWhPAeS(P0-aGNnnFY6M8k}CiwFSoVh+$#SE5vg0@GN(=KOWvV!MC&VBVx*v?{nXz z8^*>xSOiIh6TtecUGbb5u}V%Aw~TT*LN~weC7)v^FvwTI8U!>HD(Ml@D-234ehnCW zhsPpqipw2)fwVw4)XQo9{Vff1$o4F4y_7j07%VczkO=DGx>kre%)S*KRUapmRwNOH zXb>_upWI0c@{b1fH1Q5}q1|QFuV9nO#^cBZ5`&n>A$Sk)yE77`Xea7~SC7T%&E2=f z9^^|)ov(}zUN!UH*Nkz$!0pUo;9eO|`3gPbE%VAu=3fdTJDm^rCY0-mf|CJBUObw! zm2jN%qOTy#VMJ@;@{d1_Ahr7mriszf+ER-T-_(kAF+JEPROk)g< zug@2~>_|f1?UrG3=VIX%5>JMK_FGXVG}Et{@ltg~+C(%jTojHW^-TB5cWv$`z~5XB zr6#`1N!Z${q>+Y(9^{`vzP|dRmyha=!l`X=vGo$GoiXxCdMR)5me9#n0{_CC)sFQ@&ymwJDz zPC7LgTMK;}2u(>Nt}g}`6pvkk*j^hj;l5SqH(w~tXu+LN?`K$Tvoue&-|G6d#s*Sp zpCo^i*m{kP1n#zvU`^ZbZod6C&wdU;>{PuCmFY0cS_WG9wU;D-F*$kd@%@ivLY~`C zu?uXE6-FbDg0Rg`nyO_K6n;xe6qs{m>&Lv#eU97U#+BO>zNG>`ll+tPE*osQQ0CP$ zpqx?YL|h$)rWKoO`O*9gqiN8x9#)=&aHV9EuTK>*y_MRa8oxDv|MI=eg^(9k$<5bu zpXWB*Stig_18)%KsthnEeL?5QBsQmNOufFr>%Mr|0ed3TvFJkh-VB>{>r->ue%l38 z+r0Bb7@Ha{83{ZySO(K_mhCW4t|5H!!@=+oA}h^zUI!t3N;vQ4gCsQkB$G{;A>`Y- zcN(1Ne8X%<7V%|bqwSB4dB~Z^tVs4!qNDxSJv>N$zNF)%vi7pC2l=?R=972$#Fa$TZH?hD8I&#%?86i8Ejv#>Q3O#?Hqj@PXqI_n&qZypG-lI$H*ubWifXuy zFBDu-+u-&1h=o(gJIr5>3O?|W)i_`aiNdQaZqT!(q+J<2N#d4A){*fmZM;JN7_4}Z zMqV|ZqS_e`b|(C+7EWLnghRM)wikS)UoA3NM)yf_@sx|#Tt1gA*<%@g%jpU* z>DJ2zWtQ05E(OyM!Q*HMq&*%uej8;Us)>>*KE0wsHa5IgEv~YuWPQ^uQ6W4$@As#$zl*6(s@QUiseHd?m#4%$yyYvITFnNgJ-SgND5(Snch=TDDj`?1 zaY;Shf5&uv`f=>}l794zdP)O4nJNC#IsC^lwP=HFrsi{>3mtz8O#!NxxyII)q?ttw z?gmxgdR4;dxFx|enX*prO_=7cpM&~o)jBWTiWl6Hrz-HbO)9aKo~fpl;;1ky#A2Bc z_Ogr*4u?MNk5A4~s8O$dJ`I2CD~)hh(rc~yct)RTg*k8~c=7|$UbS)s9o~s#7%Mc_ z@3C{!?qiB&_gRo3wlA8!LIL?`#mfe!6`7MDvT5$d6#iamNB)NyN?b zjTrftgYGaG9@>mz?hvp|!I~a&M z9k)L@7nmX_WMGY_|A;KUzzP6o79(2`N>-rb^sSXo6(E9QLeeA23*F;E0aGp5`8*k! zYPsx#+pl_q*I_bAA##wjG!G9uWU1y&gdcue|HUcxOh~V}vwk}m2I6)t37=x#hGPEJ zK5^sZD^eS`$kpae?bR>0*$P9=s1){Z3}c+XDP0j26Y*nt-F#!)%xtG*AN`Q;p8u(n zmp`?e5UQ2Mxwd^@Bzj*k>a%m_Vx4kJaJTJXsLKJm+H30s9F!z>G zaV=XHDDLjTo!}ZY5Fog_y99^e?iM6C!7aGEyL*7(4#8c5>ubpQ?z{J#^WL~4$r-oV zB78hL_>1sVr^mL@*J(QCNk3K{Y>LGxnN{Zw?z>9oRRoKah`M~;Me>m%r~0hyaenFv z@w$cLeW(3y#XFIp7@2Np>47Z%iZ{pW+yMz&#ofbGdHR#4#Zw@g=c={%qwAl<=FcHh zL_bkITDwt^n#ARa=}>3u6m3L*tZP4QTz~?@gB&r1eW#--kcA_PTo)1Sngj7w)Ig2`5hWff?+3jU0jhTP&Mf~h zP@~UW%g#qi30v;@c$|U{aTzE+((ND75GtcvrNN}jE)oU+)kmeuV}@y%R@avYkmxCl zFhcD*V4e>T&es=%UoEV>R40iyz4K6uV3_Mibk9}T))no#b1A7kG+TuiHG&Wx?jLV2 zK+AZ*YZTHNv$!MdgxGy2Ps^272Ft#MyN7sc)mkoC3r%Jy+6jfM%NQeOBKrAh-017Jr4FP~>+jz6SLe#nsgsQ-Ra zc#s1W3qJk(JHgkEg3wKg_)P!wf)3?fKn5y!*qKLf|4Ys8>B+w00O)8uwL8Fg^>gT+I@&*i4uI%Mq~r{ zh+p&F6FNXNc}BTQ<@oUfasb2u%@H0F>to%uMPf_a6@Bl64DLVZUJV3N~Qa^e|2beqjB)Y!~ z7XYo(-+_+h3E@+(W%$|g_<7d!7vKE`bWcMb3)_!Dg#~cCKk2-`ix|Av{=Gd{q)_!%Ey z^7@nb{w`{;{-MPBOa24&43;P9tEa~cn9TnqyuS+@zXjft`yT%BY(MS3zY83{4774}c!`@87D3Yg*k za`#|-@*hAt=@}m&2>c|zzg=$tV)<{u$He|)-p35koBT<9e-}NT^~irm^ko7p=%4(@ z1Xz0fB)-3k9={LYs~_VF6M(q-Nqm17K7J2AK>K3?5J=Dd1CTsFhwque`t#(E;}2f! zm!j`e|6l@8Y0vnWe|GlwOs)MHA3&@A2jleX02zKv|DHrwf6{?}7eE+Ue^(EFl7)Zv zAj8j&Fwbn{Up&YG=yktkh+zb9Xioqc0aK2j^x)rx5GKYy*wkNo!~jf;03P!hAK-|I zpTzffA>?;3k$^$(H!zWZA3%Qn;R1a3>rCV`-Tmjr_d9&|gzlG_NWiG{SJvQnq5EYf z@_BRMFTVQ?-4@`xUuPnp_bmPibO34h-#|q^@1^_&-tXWdpWyv67s>K>Q3EiN{`!#o z1n-y0$mgx6f6RNoOhy8>9{#4^{suDgIoSRx7x}zX_h;w*4la@%fb5sK$mb2jzo7dK z>mh)6_^)%3&-(ftomkpQ;gul?eGh>CpPp#HP}{)ec@=biIE z>dt%5hpAq<+_WK9y|2yFWaM104b->4v z^1LOEFpB%M@{s-rD8=}6f=AX%wG3q<@F*rEuv@~u&^7;J9Z5sX+e>xD#kcmhB^F6S z=3d_-x;Yo^r4~yrmERm(QmxHCTvC?=%Ndg0IUf1Zz|vL}6a~x8QO$d{+?ZHT%#KHf z4(wmqosS=c84-jjS5~|fT`M{i*!pMSjEWvdx6(!fj{w$;M?q`6F6IhQvfRjq+8Uq)iQ4aBY;713h;W{Bs4B^zQ}AlNl9qG9_i zJl+YeNDTG}x}Ja5W6B5d&~y?hpCh7gT`#S-i6ZNOVh$QU*g}+cS&vU3Tyea6(6enF z+T2U}0t3`403FD{H#Xzv^*P4hbS<_=aP`K5r;zY!5Zu55I={gu*?--=b{`{z$v^nW z(Yah=N|;zyia;iz8gEqijd>>GafFPNK`3-{##{U^gb{%bfpZ58xq`Cg+GW{L4v66} za&Cy=D#XqxE%QZ=zWMlVkDBt_v^in@a%c`8L|+XUP>wsnA!RhAo_vUOfGB+}wh>mP z`Wnd^!kH!B^B5}MKRXe$__oO>uqay4a%0wF(Hqlx?)zt@1JDnfKzojZuc{%1G+8oD+=6gdwGD=TLL?7?5i`{M~tBe@N(GbwVmKS$2MF%hA9X4TSrztdw)-q6Q zq0>>eb`pWpw?j`)KvekZHaazR=NxL^%W@y_MgGex)7Mu)z{jhlPPzrqs|3cQba&f% zQX!sRk|$P)R;st{_wW5yrbnUD-WaI6*j`;~A4bzdO3Vhk^So{)#3MWV20IGeKFv_I zGq%z@jd&4Y4Z{-COo;|}#w!fWDV9aphCtniZ(#X?9EcQz%!_CT=fYd7lIvy-?jf4m zAYjRpSe{T|3UhTW6sJgRZGp6>d;IeN|1NYD91DvuEa$Fq=G!W;nfodO%RSdFLFvjk zVRJ2ZK`qwZ{Pv^z`xT@NaD(qM`?tFHNPPHTH`|e_Y{QNr;^Im8%^g<`u5o4UansLq zRa?{#l>8`l?Y1FMcm;|%BRs+)6h2zRMjGoNBN$hA%E8VexWe#msCd_24^?P4GMc>r zJM^&)R?d8(s2@(FP)kFTrDp;wt4c*M3YOwL*!&9IC%w25*Lq%Qy zeWzdAOOX32swfgN&C2?3T!|bOFgS0=i$WH>hr*_pZ-H_3l}BFBB^JpR)#vWGb`J-a z<-b`WCQEQtt2^4fmJlh@8@6&0BM%_riE8Y1*GS&`>|PXgyIHnK^NCA4h1MPnn4)f& zEHsw8Oh|WPuIv_SN-~*NL!Kcko? zMyb>p;n#^5UOrjG_BI8gUkKAX>0{0Gd@DCFs6k%>3xOBm>153en@TYitLRTsh`eMZ z=k(`tiFxT`7IiQy+khhY;V6nian`+vUAh1}iI19JgEfesFj=;x$f~hCOTlQ}aXkQx zDRh@mU(HfP9`kOWM>`2OT@cLud?wO4I)R`w`IkdAC~-aC_93{Rs3jkw?1Z?w%kFgNEAkJ( z2TQbFz;IW>V=3#@8AC2jfWV!r=VPrASDqw52pg>{FtWpoy##)Xt&oW=fEa`g$J_X7 z8*Z-pT?=Hr$%SqB5}`)yhlNJwML{fHonlUgyOJuqX07shcf_!livr^vL2+;L294NB znd$d77L)BDhSzf-g>0#sXya9e8*(5VJW}#)9169-Y=AjjDMNzf4#y_i9)O$WZCX9^ zBJX{p`%o^z+c+QsVLroFyuarx8VgJsS#nV^%ipaA z?_3!0zfoUNsy9UBU=_^;PQHY3p86J)1m9R;nqpf`Aq&*O03M z{3|Up8zA}|8X=32j(wF5VZ6Vq&)+BI@j`{b3UA{#ixX@IE|fJkrov?HerB?WTCh6N zw9o*dsc}qKIkWaDc0Qi3JXLPc{y5Dm(#UVOz<`g_Eeg$Of!Zr%Se_|NxU2+{Y08$! z%?)!%?|@=fbKWh5h{?5sQ56(RcebFpqn1tH*zVw5VDMlipJ3_JQKvrYOKnbF5OJvh z)42;3D;{&srdaY|L!O`fQR+LBimANmiz0&0yLpB#HnhxDrex@qKvj+L9KH@pL+)}z zw}JU;f)9%sdJ$rBpK5s%DIrDDyx;cM6uN>Gd6{aE(x_j;pCkvrgJmxc^e_@&q1g6zB#qmTTnGG&9+%9_hPYnmd^Hwd4WRW&6A-?w?NCi{CEQ=P8d z3oo-Mi}1hBI}L+kR@+XD-QTR(ztELumt_9PBDsrw^YL9c5>R&-*0na_3=fjY0L$nUhnv!_7lBOV%*2&*$SUS+1BIN6^^N_=+ z`C>VO3W1X93ZyhnluO{Ov+AQGh7 zfYWfLE$w>Q3OWOm2MLL?>_W5j5J`M4pYV@FHQs;Ymy3*-&w>rQzr#|J${2#?8f1K% zyr$y>)n}iTGA7s>YT|hvAA+LC?QJHdK6^=_5{`lk$>y)4OO!4Tr9=W2oyp?!c7F$q z%c17X1rnM(BUYoJ@SIWZBclz*M?Y^Zg#s_|soq8o!j48Y>*cjR}={Q$BDFzCzphnir9koAH531M|p+mLP;e!Fehwkqu8ZDjqR$k)EJ3toAQ0&@YSGKD&`fjfnP)?#q;hhR{ zMD)$?goW)BSwM`V0ystAa+nZOMr|YQqxvZzCHZjQ)7xqjY0u#hY6ou{N2wuc`&^-f z(Jx{VYHPv3T%(ZXcUF>hU1ER7i-aI|drRgP+V?V;Qosh*q9KuYeI{Ny>}xz+IkMUu zYIKcmh0no0JHaEqv6FZD7($A(53uvEj;`pV}IK@b*+Q>gYXuG2C5khs1E|%7v%)kb|OHQKtcs6>&L2pty5KOY4w)k zQW|hn+WGy=k|HB#VKi2+8%I#lXz)5kA#=5!O^fmvA3Z9Uh*)eO#gMVks7FS4m1d3= z!eVmE8M6o4U@HQ$XgX{3?L4y#_E6+(@I1egHX7gN`^+L@j|`?@dlEAGkf6x|x^-UQ zmpR6m*=Ff|X#${as#700f*ts>CIcaChs__VGo_Bdr<%6T%Tsvy%q^xV)87TNF8{S4 z@;OQ1UkkAxb!Y!YMI_sgn!10hhynmvS;8U)I?!LTXFU@>R6x;Z*hycN?bjchgvvk64qs{N8=vpn_B8 z(*wC$D`jGEmMIx1qZxYVcz*aLJI6r)2}@bK`L;KA^mTnr^#WKS;fJ>kRRg}n9Z6};qYJle*Hjlvx2sfVtORe0JR9fxmLMM?5JDf1 zhTq7pGSuZ+f9g<1@{7(YGY~bz?j|K~KHTFL-q0gwtP^03qHah)*&` z7X;VPV6J_sYsnW8vV`+UF5q9wgJh5@m{V>v<)DoxBejp`cxUFy!}VD*(g;G!BXVPo zZmME8<&~#XAK}TA2iRlaIYCQWk=#ht7Z!(Q_~m<$PZo~?1#Rsq1U+q^Np1!>P?HL* z1S%U598tbA@Ho(-PCdZOC2G@D>b>zg*HJ-9EehAKZh@M0`5+D4bIH?%`Kq_u8$NGA zwx#E$kAfr;Z=wxH4r7vvy9(Knz@r}W`?f9k?pr56pnKemxRWR{p?BOxV+ZVbXS{&?GSyH_ zcf5iXS!zTlmAM@Y#Kmb} z(q*$`^ca;Ul4*!QI}WD_)j;vfPho)6m0syPi{X#VtnKu#b&bmG1HZo-Mb5@e65g1H zYX)EL3zjU}O$0@8mYkdx6Wiz%O-c&SAZvkgx^y_xQ}Fo*^} z%>{HAI9!GVP8rWMpb4W<~3N5NlfWI5bd8Eql8ln^8wwS&1qrj}( z08_4YuSexQa$r38IUx;Z5;0_jO~1UNVII^7DGZ`g^|$6QNj(xUE)*Ddw)d^$oi5!* zmDs}rEN>=_8M9SbOUKZ zm{A^;CHqwt#j$Z%qgrTE5Pj)`Sf5O}e>_YKzet!M;GJwpwCqm?dab*BH&=ij_QAwd zkkXOB(|+`;{6Zs;qZ;nYK$K>EF@q_Rj+ezeP8b|Z#gffek_a1-Y_Z$|)u zwp8e{T(ljH7v>4TK=Y1K7EY(9VHVsDcP7cBR9TheABb(7<9B*zs9`yD=--Cf!!%hI z)dJPf*Z}K|O@Q0%fVAGSkwwV9+tk92;h`&ahIW6^2Ftz#J6nA{%et@!izxIJk|%(% zA7`6*+AMhBWjL_3iPxqhzl2}KFw7pP9(^)}mR_83ZBf$xL9-;MSB%sohY3K0N9`@< zEqv&V5S>W0Dl2>PVk1UmFKvGq1NT5%vRNl54QC-tY>A;xI*|{GP=R1>SCtR0ES~Na zJx7ubIq(U_8wJfzy(W<^7Tk+bJRgn%Pi;2tjy2l8c#}D@x~JmHuDTiL-;Ios=1FLHFa};{h$vk5o;j9v$YED{QN$WEh4W2$VN7*+tV`9G|Xyd0SrrIE=3k z-EJ7xm&%#p9im4k#Y(2(ZFcWQ>NuIT+$9u5>L>M_nhID-^=&8|*Kc(jF^G-@YyNwt zIzteqf$-cZnfhe@uiIas(`>w=@ZKr5_|&1WEKIG*d^%A)#E->V6l8Lx7&$YIZcG_^#a*G2 ztQ2Xhw?!jjyJ&l-Hy|Pka-Np5#SFJ!AeRTWulc=`fEQl{PG+c!yYSL2qEdI!{=R)M6XjY-cojBZ%| zkmT`HacusoSWaKZ7u#8gREBcn@C~EDyzd4;?q@G}d5~e?O^5}gnKC=T2o2E1iPc0- zMOmOM_s=A24?3_L#+V$dH3RSsx0ZPFhmKj3yly6Qy%5641h>x6`kGYQZl>z3Yu}vS zO`N`XxAd5Nu)Lt2tBhrjXJV|$CUUz5F*TT3$ZyXMc^T467A=Ys>*9+WnUhx`WW?A8 z+dq`xD~evf4$JK(cH+M@Ie7jumwvhaxTPDVJL>+n$s9=I8{xI?RQR`i2Y&bj;9(Ls zIvIJx44+hJBDM*~o?|SVhVF02Ha=D|D3Gl~@+2rbGO-h36}BB-gM=q8?|0aiIta6< zgsT_^H@dRFg{LqXeQRXfg;~N7s$G+7YrFky=X&==XcZNR?NFp!-3fg3bYXH3W^ios z?1gwMRt81cs=vx7V*W-`N9IFD9R`;pg5t14!kxbEb@%OnU2_cxK z)E`xri;&0@Ac?z6We|(W6<*?tvnzmaf$T@=VqKbGtG2QgNc-II62lyXfrk$PGqWo3 z<+k{v6$mtI(uNI>kc1@GeYc^Q=?U%T89R1qUlk-lxZx+$9=!u;IS34)jj-9P6qb)< z_eftip~($72x!jFaxqNrHqyg_*7&@`qMa%SJJ7LjU%sJ{yiy$zDQ^EN>Qged=DdUk z(0AMvUB1B79HmmQH5%9qK3Q7+_Z%|RBuqyMb)J0ik^KX(<9i_=Elo+mbC)9tTooL7 z;NNi;5~{!4y}z2NuI^jcqlUgqXh5#WH3w88y5V8ElJp}N}CTW}(yxpW&@%hos_DyOMLL)4J zeG1vKMkLwVWJQ7nDrrufr|%(T?p9R-NykjLwb#8Vz2}P#hKq`ajkXB*$T`i-Zb&&+ zd$=))(;;i^`V@S1`sQzxoN&>zAu>?h2?A=Aw}CVSkdVUmAccA-l5~~zxiT<}`38Y< zun)xgp5LZo<6ZRg41)O=9R!@p?GDIOE(&djq8$y=m zI}y=aBnNC@r@tEuq5KDa^dPC--t01bL%TXg{km=jy|pxz+i z=}y~dX1TQq3>UJ#QkG!MR*t)fY@-Rz<~!0BVZp>69ize#uhFvS|8Uzy8EL`V|NH31f{7W~kd*;b^ z;s7q;;Up0KRcvGE%aHi^d)0$s&X_4mH;4+CN-qr;O_ zp%TXaWP~fyFklO;CZ;bFvso5ThnORy_e5RM;_T&iN={J&W;&>sV$uklCdC8$Qk3Z4 z!qNgcB0;DnZeJ2#G*R5CX&$Q(o@e&V!eq9&!w08_H$Xzzc;N+rc=5T~d925A3}QrDA@64dL+B0^Q2s_Y4P+Uk6;T`P2Ntb zy-wRWu_^(LQnSl>=j!U>YDAt2o)-Q$_BkU{>BnPgDHz4Wy}Y75IXo%Eqts1}>Pqf% zW!u~1Ln{Kka}$r5gUov#(a8*VhE}n!7w4<`@1Y$H(IAD3JDdn6Pw&YV&}C6*Y*hsP zX$s!41XiSTOKEq6vQA7hNM*8YcajdIlth?sc+VB!ze-cu+Hl@hKR2t(JR%)Mx_W1k z56!A&TuDl~T$<#O(+-lru|RfaZy$%-jj+5$uZyi%s(3;2IJLBc8nahoRYsRPG46`~ zuyuSH*gV%Qo7{~yML-!()2n8weWY4)Jv5i-vEM6g$4Z`{oMHNkdSje>ij32}(c0o2 zJpB@v4cZld(rqWVLt+VQ;b3_rR*i>DJgJ@_s}@=@ady!w&%GuF*|%Do zboBD;hRFHv<0z~ZARuv)z`{PgXMrxc45j}1M%NaL9H)LJ#{m1iPCv&z7YE?9PBy$P z4{Rf`NXr8UG0V#fza zrB|pru5U~wJv>-B`N**_>1|1GMO`f{T(mew&_jwqVt-r*;r&{)WK3G)4Ee4yHa$M+ zk_PlP*!!X>D3T|EmOOZhiA^L7?S-_L%O=6+P?UVAoWrq~^7pUlA6iTyW=@oZv5cgv zu#?7Ns!xIDBv$q*1WTCcsxIo#o3q*K^VyhN(<5L$TAg6CBUcV})9{VXFf*0R^-qZh z-(`LKhHZgWAFUI{p14~IOHYf$m_jA|9u_U;_S<2*7%ia$l8ZM?cR?8Y@`#dJ!d*{2 zYD@^`KIrWt?=FttHiBDllh(8}@gZ-cM&Fwbd=`eip#&BD2S2EuY=N>qWWJ83xx8H0 zP11#n%5ExOeqqU0=d?JlAYI%fFRYc1We<>}&BN!X!3zX8<=~vyeL!9H0!=bOQwxW- zILBV$dV+;@B`1{%DGt4PYYKAIdqo0uDjY{6<7I@jveYDm$;h!6lZJ9G+tM1cnc4|o zY)4M=C%-R*tK5PKTKSe6Y7+RCY?a&*o9ow75ps)_8e+dq>E1h#fUd&NzYXOQsis*J zH?mCP<1S8exM`l?ySF7)nvzeeZ2mgNv))~xxK!ng2%{;bBoaa>(@vdgm@+YxBzd1d>?R zh09WZ=5L{#gVpH=aX_-=vJYB*$zZr=m;${Skl&NE`8SzZ9Z?1~K9nYNFq)I^A;ed- za}F0W%dp$R7KybjSPV2VdZk+;`c3J=(@)=R+LU@1;$=BE$dgmFaVyxE~g_v z)XrX#{&3%C_1c-9pOKWN^x6X)Dx1t=Qd@?# zk`L#nc(=(MLrQlFurt~<1xA=E7!9;B6eS`cSr~Q%9X&?z^6z3`oUuwzag&oO>ZrN} z>Dl(3TeTRslt%V#_GLPPZH^QrqI}-uF*}@E1izgDn|T;QTFKlPIE$elH7JBh9-5g` z)lZy1x)w1p`I-%Ko+l}I#Qts`C9h&&rutm7Q{`amUJDz^1go zPPtOkPS-{=>n^BVNtu}u(06DM2cu`TZH zYGH2`Ixij0Z}UEg*p<|2n7f_MRZ1|YffbL4QHVMcy)3@9OJcKHkDB^U`E#>Jq>3?P zczT$)KFY+wMvG_h8+fLjni{`KTcJ%iXv117O*N~{#JN{C_>5}rMd)-`6)G|`;OZ^d z-ZY?7ovWS@O;#{X5p%-lYpx2?;<(L)re3I;1|kMDYHCaru7HEkT%zyde2VLHjAkju zak?p}4(GpSh|X$H?AQIW5LRTqh4BV$scYwZr;YP^?17()IbDIpJCnohBuaAh0y)*? z2#yg^&Wj}bjI>X)rt=I1Q-2L z0(FHuca~H1hv+I8`A(}QDc*MA&D%9<#Nr%;2gLaO9EW!4RnIO|jtewRd1v?B?k-3E zJBPBA4D-WmoR9I&26STe+}CtVJ78}-ogT@11%^GcUI+?hh#J!gy+~T7%e7$oz6dYg zKcv);$-SZqt;cDQ~{ zZ-=*(WIa`9ZK;$(jc_&CuU3c|Nuu+5z>3QkVi*c|_gf3`?(X2g=`cQhZHsXB^uB{- zE;F+~u@0wuG?kpUm@4`OeomgB%<|fp;|)AnCpKtFG-)QU2i~_S`1TB57&MWZ;`Uw} z>o{tn%9lEveyx4qHzgH4bn`ad@JnWmY&WQxDs!RjxR2zrS)_vRoo}uQPLt>bm}isL zXJuoeC}F^RSujz{i57G_vff!KUb2$MfZul$E`VzXL`OuZxHz&K1V^oGWQ6VVAMB*v zM;aJbl`15TEyy11wDr$Pp4bhc*u_U5wa!1%15OJ*F14LrQ4e_lyV+6Q5$gf+$ad}M zgTokTV8J-lkb{TkDz#Qj#Y8W~$6;nyT3Y+whBNOxSw;`4hg7uR=%}3XioD&%Kln|v z(=uR3onRTn-+=q1Br*Ml)u42|Wt_G;Wwr(5YZG7Mn3w)QY8iZ60fy;i8k8`3pgumm z`nXwOzm45)i5*qr=d-Ui>gg!&DQ9=QyA8k-wUzQEs)G2g;Ro#KODlZl95dvoE(~Io zMe7FuQ=zneUT*`YHxCR6HdGCXlQv8TAB9dgkFRy(Hl2bGqPt>!TYb{NXg*lJ9b#aU z8CvdrAC5C+DLRhA=#ath@9j>)q@6~>hA!OOGOKSo(SW)W6nio%!(84sI!`rEGJFb> z?E>H7Z(=Zg#|+E#Vr2r(x02nVLvzz4(_h1^DOOqO@Ksm`nQc$$yD0C~O5#B|-4`@n zpN?2*H*Cc;_i0>}zYJ2NrfrUpoSA6hkux(S_;5(u-C8MW`egpCSDs zxVH6P8CW&+MO|;;241_8*opb>p(MCTm`rl_g7xMLazr@ozLEy`H{w1HFL+7v)(=1q zGp}}B9a9!L`I91KS~sa*c|bW&n%oksDUPqzAiq7jN9QyR(d^8mFZChhjku6Io1hs5 z;-E2bjVd@63j?=`^whRlT2s+4W#gDlT#dku`hLaU?FkCj67Mt$`Iw58Vjd1o=`sqn6|@32Icw3q)X7Dno!d5D zlyP~pt-3yvd!TN8pANs}7?L4~VPyv9Q|0&JE560vSMN|)U0xpowkKjwm)Lhe9_jOs za0i{c7cK9kcY)pR_LBUBG91MB#2oyoCq1E|{a6E8j2ZSR@uFe4-+FEDY|L}Ng+Y_f zbwnD43l+msv2yVcuo+M*kueY)7ejO|eo-&v_Hb>fKZYk$R?g+Nl#^yL|3ywg9BO(d0tDl zL8a0ORyAWK_YW58m^3`KK(mFG9g7vqe)n&jv)k?CW#$S#X?S1-8kK%oU)Z*$>Js7N zO*F~B(Ua9a4pgiZD`Iu-*6yWy^hmq|c3YV!%e{&LyB(ZLp_A{)T~EKvT=pw)U{`*J z1x3AjgZ`j{QgGY^ugf7a>C^5*S>C)yiq`fSO2er$6O!hncWu3jAdps4hN64xN))c( z)N0iqwmD04{^KU0kmMN^oTOpf0H-wG2v5I;FJwmHd4>C|6Vhh-N|pO?dIvC-mUqb& z!x8c!q6kLFBYtwxYDnZlq=P8x6pn}oSC`1{ey=c*F-%44o$V;H8_j8+T4siS{Qa!7 zh7Y4VS(HxV2|MdS2J1xs4!eTyIEo$>dp$|`c_Et@v8s3 z%>@N^q+ZiUn=-u$qAA2yt-|eLr{)D0rGDj{Vgi~{l@(-Np2`lxt>RPr);-Ecyz}fX zr&CVQ09(-%*>#=D@j}H=&7{hJs$ipoNkL2_3O#LZdXv5?)wtJh(=1$@LblQgw5+nL z^x2Dw8ZkeNZMmJIaRmk-AV_^m?K}oxS@k;tlGG?w$1!1T4 zaq$pnItNm&Vh4kAWOym}K+}qs?oteSUVD*5Ch{o?=4kDVH6LtdR@L8Fj{O%*rE7aXF5{0=(+sKa4Rey|4I&(fO5RRzz1zeXSzRBDVO+bnq;Rvt z&dxXWTNUtix9$&7G5;o>v=>z(C3f3$cGg z`22_3#D7ot{Ky~pcf#jK+0$>$dwBYh->*JAr}m|yPeU{r?a%+-GROf)D_$-a(xLNBcx|{rs85H}sG1_u7g&6g=TAdDV)f zfy+egnBTa^C_2Jf+T8oI?OfKTL)kXhdNTQ&LMYn1l@tv3lsgkw0~r^hC1pcf`V6Di8Ul#r!NlMzJ5LP~>3l3QQI za7rn_lZ;mY5dZHx6R}b&O#M)x_i)gU0D~vDoyrl?#<7*6xP)jW^GUjSK)6~)Mo}Pv zUCaUb^}Zj0gMwcnaiH*C6t!+?M(0_eI(pF~GcBm@rw%i6Qyc4`uC()%655S(U_Hfc zlB@KUOC4f2{iY)7&m2sYW;UpN=t1JPsq2)LOY%IV4W+bK7EclOv9&dDYC%SGb<;dFW#_zQ1CEoX!-^CCZjkr^vcNM68$!?PAUb_Sm z)qssv$Znp1%O|makLn$(6h%3<2&y86HZ4v9-{j{Ewq_H$a&W-pWgR04&zfCI_C>D> zow}{XD(OaDroyFeO~1?syr)eDtnCq++o%2=8RVIdUMnqnhz)ajhd}+ycc*rrvEpIT zm3NUik?#_AQ%L2L0}5G!C=(cD-BpvpJJf6Hw{zX?D(T z6UZ_{`c0YqEMxp@*L8?&^YY9KbVl8}yPD4y5Qvnhimxt;G z7ggy=f8mrqbZT(MJ8(Eu*-?fPV5(e%dM(rk`MHjKnfF3ByPr=27@w0#a-2JlaD?Hm zRXt~`BgR^HAe%w7KIqCi>uZ*G`-&?zsgpw2Ak=E7xJqm5rNz8>a@ocBd`MMzN`+$c zclWntZ+H1&++D?OYPd^2<|F#yk-P7Jt_$_ z_;M(K6-cbm0PZ;jg5)rz`nfA6gg7TRoMseOPLi#XKX1c^n>+CvtTSy)8NQZC4z6Q_ zpE2Wu<6^Kfs2lw08$!?hwWh9hn%5R1Y(&9i&8!-VX9NUgN?~s_W5wM9XZYn1Y@>Rk zKXCB30!v%&D0HoS@7rE&`<#}CxpUAJ0XjgWq3mKkkl;VUgn7{Q0W+Ba>hd--Ug@J4 zjxd#QQS5tJ$jHhxhT?vs-Z2yNJ?qt!IL1}gHJ6C0Z(-dk(++1^IqvyK{2;|fltJ2Y zQIt8P?Me{kRzRD`Ia!2#6KgKuP~~ZaTC26_L^u!=Ak_zgG!G(=%az~0Q%R=w!xRmF z75P@aQ{>5G#yMM%?9ds{*XufU*}FonoBT7P#0Kk>gbmJ!Djq38HkzwW#0_MwaN;Y?QPH4fVA0_Zk+sJu_Fi?Uze zn{ViTljvLF_$s$yOQAv+-Z?A)4RKgc&Zff@bw7$}UDeOBm9=GHVxExiCk-J+Cc#oM zb}Pp>h_^>-qwN%#X1_>)5vIp{;a+PYFy}kLdP$nA^s#vp-tqz=Rh2OeU7jt|laII< z!gW(}`Q?b4ntC^ACgS$HO$c3kNsuo%u)}#ODj6r@*?oTQEJ?!5+|a5-M7EXND$WP% zbZHUDWZ?8^l9^==YQhYb}i;fova?^LlTM)N-1bO*gqvPZIQ?^?HikfCPWclT9-^c`p>J(1AFt{S( zp+(N7oZLTK~0iowp)Wm zzB~D~UVZMB)_WH8*JiXqn7HNZ5LCLFk%0y?UZ?2>&1XI1yc??Np$0wBGB&?;0?fr{|uS(L7W^+E@ zQc$ndWjhD%?nw&mXn6{ZZR62(HpioY9!9uE_^LjyLI*9k5;ewM34WbaPE%4_GmR{@ z#=L@P94x078aLcYK0 zgA>ZZ`xrR(zMko5Bz%w^sJh#iur`&SxH2>}opy!xxy;b4&f@?}AD>U&yJ_1I9qrM& zVQ;|*k~!mn0}@TS&j$mDHX%^d=$a-d4_UOgh8uO}GPkfS*e9#;;tx~91u|+3k*Z?W z&dfKjM8ib;J>Cd&Oy-y*y{I6bVV=1mMbn!~-i$4CinpT#8>1##(RtU>K^|3k^({l& z%^Fsd^?6+ZAT8~Z3T zbY?!d9jJIM1OwX=gdxvKkL3pZNWyQrHW{v#b4nIPp)6Z12Blp~)IH~T-;8Fo5+q6B z%I^wTi|zHHUi$NGq}fq4QfxY^7`BjP%sGqYMYx_e7^D4oj7cqh_bB1|vWqeEOyU-ErNg93d`aumZO;5< zlvL1AY#r^XpLyqOI(L^*CWP{yP$Pj3;CpuK&lgd+{|%`NTS{Z z34_cIFKMZ{ z7PDLVPP66J1&+bGQL{Zvjs6QPXH;e%ZDww5*GRpNDN8BD&{>oO5R`+dXzVqr!4^|? z6kR0!i|`LNWu*gj{Olo~5u@KiISBTR5$?J?5uptIt7LXh zw)2LfTg5r)D>*WrrZmNC!CAbC8pq+)u?#0Qdx=$Inaf2Q(&G+@F23~#HIT3SDIhU2 zGCCZbG%gc?w;dWpuK6S8h5FU$#bN9lxbJQ}Vv}D78PXAH`p_|VYnifdZ8)jE%eEBd zSnG`#v5}V>{h)OH$XWVnlU0|{4X`u%!N|0S5bSGt%I1u`?Y4xpSFGPeJ3g1_xaYFF zp21t@@#qt=x!4wW_rm?p;mX;m5VUO+R2QmUWKrt*1B?1L*2r^s%;ArfB}?5-EQG{c zJP$xuIp8Cf55{}xQ||x;O0YK+<=P@>KvUsm9|n2?pekp;&J@WkQcvUmgK5`*ye9a?M4^D&C{ z#&%;!W+oSo7tLQZKAhsP-l-HfyYySWHhaq#p+J(RkpJ=|^adOpdIJReWjd7YKAPJMR* z?74+MB7O}y4)`RFfCOP8tAKx`Ds)+-bGGn^(IdI8GraE=3%*41LhG}-RFFzH_4myj z3+G#vx}6D}MKAj4ZN>7J+vU2hQj|{}@3tSWKf_)~wM}v;ISkKWdo$1W=&lMc z@RY&~oqgJmGjWAG+lV05G0P;LDl(`l6Iu78L+oe6SgBUYp?vS^xaO6lEUM-0JD5cy z3DE@%SGSI3d1yb${~n#@OGpu&6Qd)-cK6o;+Vo7?5|8>MI07%EVf-Y&*4J(^tkfSN zu~Nxm08{q!z{^T*cqG6-#;(faqA}T*rQ+nJSD+e<=wDi2AhazVxlvqWVpfK>O zPh-H0TH0DF-77&PAw8kgwceyWLXa-lK4kjI;I*5j^7M_P_6G0E<$h)zfqe z9nTg?)>f?AQU*Tch_FS>4&|Fl$HBiBDS9sa9(W?%Zl!&$S>4jAIE&~*06bBnqBu8w8SSXunpl4r;G%j z6fxSnDW$NuIByN#Hz_#VYr< zCv5ox-wNo|cVHA_tI@g@&G23?TqNZN9=-=DM0?|q*4LEV5Bhk3$i5(Ua_<4fe7i>f z`RaBze7lUyliE64TvPe|5-peRD72zl;Y?7go$x{hCAvAK<#e5LzM*oPTOiNQT*24A zX_h6cOD>mhf_M$O8|8Hs$B>(@>}6-Cn`<}68905}%cU4gpK>tl%?6cV%_Q@iz5KOs z8@uV$aAx9#V(D=tS;3=|l4Ysm*b?WqK1%uCa;!P7F4^;FBE4HsnP zy@c{JDZu7ec{R=Q4(-i$K|xzdmC5S#BDNK0m*>?>OP&j~(KKBUFj0Q2OYxH$E=|9A z2t9_n6$Nz@+7gBQBBrgz3uN{We8-2kmRJpBmSAR99+a=muYkXJ!>{YQk7Lrle!X(e zDz|WcDV^)?xk3$Q)b#yh9eY=(0vp@}V%?j4$XgKBTh#l7(xYw+LX&lDsr-$w0BN5C zcP#WSmYXbS{)M%!&N7Hn5r@SK?t_YJRiLW&R@0k@?eOerid+YG+0HwC;G?-V>TeEv z40cph&d?@nNPf6k7`(Z%pi7#(i7Y}Q(LGQmU$KZJv4Ov$B?8V4XQ4=xmMx%&aS5ob z(2oCVWWp#Htcrm0b=>=O8J)a-8azO*B-~iZW;rN{!Y#n8%H~4|IWIfA&Fg{}psU+? z>A=I-$9$m7cPAFO2Ap^mYyK!+qf>RrY_acvl~T@FvZICBRPyj}ZN0Z3Ha-PB zf_ql2pJM$~bMO#p(xY9afTE;ACZJMl{r?ODUX&7^1+0m(V6& z<3`5}HIN&Lxh94X-_2_idEBhI@U|>jE3y`8gIQTL;spXIHtQ`Z((0i2cfu2H|Mf373JbG6h6k$hgc4%V5mr0Rxub%sqC zQ|R4Vx~1c#OVe^V#b5jb##TJFehJdM*ozn8Yc-O|RccICw+L#WMGp+Nw7hn9%;-e^ zY9$99kJSK;W-E1a3f`yz5IC260; zSK#OFG+WaOmO4KvG}qa1FEmHdIi25o!fDC-!R7VVdHXAzwP7hDlu@mXe#_xgHn-O3 z>Ds53^G$S)2wb-6IK;fQ`$Y_IyA`tB3`FcvGuelruV1EIp!RAct%t?A4T8RK416@p z{M<04M%5WtAgw~x_0wXz#0w$yJxpRbrz^+u&gLr!)p=~jaj;7?cx4O$E|s&{Hvt8> z2*K|~-ql8Za((KDErh2~2Y{f+A?w%2QB6i58J&QAF^%UVt4$tdW&tf#)c5TOP7Sz` zJO-}%+8*vyyXL0Cnt0BDc#!Zl#Fap`Zt7=?sfd`m(B4!p$dnjj{g?o3z2&}gj0@Gx z8SdKtVlBsQ)bV}=6*ZZzKJ#7;O-5Y$B1$8Q#Igb+1$_G$ImQF0zQvZfk^=VJ-M>D)-yS_gN|jmE{MLJ8l^t@+ra@ z4tlggTx_FhlGTM1hh<1tT2&6i5W3`)A0gv*sUj#2I-Q!4v!!zaR&KxK;i?bA6ymN7 zKoYg#*Sj_lAZ)%EGv4Ng%E&YPT$pSk(t2pi(v#DfV;`#gjL9Hk1?DY+@#i)6<&X5~ zAByxUBAWc1=&B;}M5@ONlWHaT&l64f11M>xvc0g@98}bYnKQl5Ir8^1^$3I}*vrJu zIgDf7vuudze@0?KPOnm$ER7X+#B|Y==demMn1!Ls;IX0m#f&zVg|Xjc9Vx8?L633C;p6C%vuWzMjVw&1nERQ2|vn( z-%Ud_WYqhtqvY25_qaFa6Nr&qoPEVD9S!;h#mL0KUm9#n`Iy#1My?1C>{UITQi4XV zDxvz)?od2%s_vJaOHbf%ASN#eHvUu)nRqTm3#_HcI)RZcVnt{TDDi5;xqbzPs86-} z-|NZSGj;!O&Gx^qCx0EG{qO6^f7K&D+$LP^e^f@_tNQq%cijSyo&T@&6FV0-$N#c` ztOTZ?W_!?@x7ClM#rW7$$ZQsdSu-ZcK7t!S2z(MML?s0VxgAEDsLdTl=ndeQkg9wDa}C zHExyZJ6)Jvt;!iCYWa`OYK9t5lX(ZEs}Cf$H&EN1(VVhFoRU>WrZ|-w?Sdofvl6OI zHjGR5&TVZ!wYVLJnIz>K^GK`x@OVDhw<}uYyldDJ%2qq(GJ5F%M!2qsyeDQoNzdG= zO^^^AK4$%L@P+8(D*lBe^ismBw}s*Ij?u>E7vvt9*u&su4Oe^!q{M8C0({V3eI-9M zlFPgItc|i2_jGl9k~ypQFW8+fK4iV#)_7vui7Cop{3A#;-%`mq&sWL^Jwk?PnM`Y} z#GOZws6it22g;k+1ET5?dOrNik*L?Qj)p&CZ2-0;1Ovkj^(CW`+=J!hlCobCWx4!5oDaOwxW5q*g>{KE*F_zn3yUQAI3<6kUr!}b zTrQ04lUW=W+I;>VawAF5c@=~~x$BH)#)bzDPHv={{*d7M?^*czN)6 z8LKG1{0KvB(ry;r=Uyi~wkDo@_Zs{I?4}g`;kKeyRYGAcVdh9^G4E9VB3xG|l_Q@{ zad-*#{fI*TFj4+*i{d=e5{omvBXV;6j0;Z<{hrnwI`A^P7iLEZn=NhUlO<#s$IS9j zx)7mB#WY1IJxMT1oJI{RtpxUn!MfCqviW-IbYK>?Si2~xmvS*j0+LMEg5<T(8g7^swJn`4)sF|mNSuzGLc!N6dUY}tq6{oq+kjRy_DAOQodPR( z!Uw^;YC$b99V})0Q<1;~D(%*3HnT>?!c-Jx%h*wIj#(%|b*F5Kns z;A>Kr;@qD^=Z;*bgtfJvE&Ws>>Y!!UJrqtNd>rh0P<~IL+CR*aCR~u|R zn_Lc+1-_#e6pg0Z$8Re2 zxXxFO`0I(|g4yN9$HBtK?R4+63h8bn#R_8&dc z6t>==gKd5c5zHed`K|Fo2=a-4giAA{%JSKZtksq00#}TW$75{AQz7F33OI#H+VnP< z4dVuJ?cbC41cK!zKMYiKsG1C7qc-?D)L<62TsrLzA~sZ|j6l_6HesYPduu`{>8EQr zJdItnr)LuUkw_&}Or!Tz-k)AxyJwK_y+tq2MiXb@!878>!U7-2q1Z~pEsI*|Po^sr zC5xZ8!wH@o30Ne2tf0&z@#4^Fdu;10isU|d7*6Pzw$Sq-d5x$+w{5az4vk>AHOkF6 z)5lpDf>JwmSg3n$(y(PfNYRaFxG<=bi!!9)k$wJ>PRc?%RQRhD_^puP!`J;#MLG7L z6irm3!X{Lu@UbsBvf8B&F|XEoOIu$`wZBhoZF)Qptl?Y3WRJTzIwE(Lc-is3=ro}O z_IO+;-?|RgR3|DV+JtS@SLoE-x*~)&-~@t*w75P&XGhyO76AU zpzCe`|4KmkeUK?EZ|6(vp4aAq%ThALMw$|F7g3?^Y(@Sm3_EOpx zSzqqQBKq{FUcY=7am*N`9hgoIfv%sH`PRJviV>=CiwH-kMU?%rt*5uF+MmTqaTM}} z2fibAJ{_|5G~b(@6Va|C@`dxywhKKI)8JrpyN7jQ{nuw zEnAbNor~cjoaW07G*+(s1u=hoM3j`YYDA3QkYt@T0IsdWMh!5&H3vs~(|4_vHC;1Pre0EMY>M>Hi)bw&r)cpkA#SjMHjlnl@E6+kUt_*45Pz^v5a!eC1J3tiwO7& zn5MSmof23EfOYrw;HvUh*)^DG#4d&ro<0md`Wke zR(jNkyTMJ;R?tYzHQ|P7!Lylh(f3T7k--8C(}F6QS+dxqUugz;7(6m4+o0YWiekz& zeLuO0d@#v&h&3&uRW|q{4qNJwL$P?V$`j_fFMzm}Ovo?Tc7~N4^}B`K%gAm#-#2&) zvgwsEEc1KoG1R4UqoakHKN~7~eR<;rBEPtqW>TVE3whJNN2c)jwD4+ylDqg5C4HW7 z{{$}lWN;)&2~LWPe1xwpn-b1`BG};!cu-)*bj|x%6mJTb*@K*eRH{AEx%2|JZpQp2 zU0fondF}2Q%7O!&junfZa!MGYhGy_BRs+R&zUXf%h>K}P{DyB7D#fvqWW?i@CUXV* zRGS{#{%C4o1&};OHLuH&W-4pa{Skpg)np*{{Mq<^@tAvI2xGf@viX}lyfL$+95pc| zq*#@93XT<(R@^c8rvbScM$RR&_C~nN$L{hAtP_ zjwU2URH$eDX|j*VX~`)ZvUO?|HwEz_gTn|AhB-x4G{EGMiVQwes2Z%dYxq>Z`|AGf zsh5CU5If4db=cG-XBnFcrEduk5J)Dg)4sYX%2;@g^U3F?IFn9hwqK+_P>D3Z<=$JG znlPdtw*WJi-dNRWIz@W62jkq2I14^ay%3cc_f3|mb)(ze|9u?08sc(y^p#AvahEqM zWRKECoP5P2l4nt)%p40z{ejgTp;s8p%;Y=SlxD*d&r245LR2IpPRo$nw`CgPTvOsF z*X=nshBdrkojL5Yxj@d~@ZorSlh>%_Jj?03$gjsL3D*O^oZ=|&yW3=`WKdN(ZjMX9p8+LPkQA{N=2m1ue)MH~rn(?M~lxK1Y`5Qvo^H9=l zEkf$mUZn0W`>4@UCAyd@)r@SVpF)Ptyx|TD$*&k8HcSU*5wa__@E;LDmpgsT(jC)# znZI{_-dscU_Wc6viYZEM`QwyFTw)xSB25tWMQMRQt*YezSIt?p}Yn1r`Mv6vpg*B_C{tXR0~Z(-VR1StGy=t8R-v zATwiR7yKokvx=wr)lnM*JgL#)%xlR?0^2N<&9I;OWJp=18~wIhS$!>0$(vdvkv|zW z`m9yRhRAJNiK-Ym9Ow-}yE zwK$UxG(gV@hBp9xqu27wQ*R-n-B-+wCLXKL1_3nh89Bu$>)a%Rn!YlY!631Pp2i(} zi6FRXR+PK&!q<@pEb{vL#VyAkzl0Ny1Xsm(BM>0P-5T|GXMv7*IiOu>+xcze14|fo ze#P>uzD;j<^bKdC`XNKeZ)JKYCq|!Wi#Qji4S?}EE)qN(K7yZGET_!XJL$Z<-S4@fS=_ zl9dALpIg=`@foYAbNG05J51Y-<9>YbWNUpgyE`3Pq=rZ>#B|1Dgg>+j_|75@GqwTU zp)Y&LKbo~!YSm(851Y|5zt!b1kDo$5X7wW?B1M!%rc!=!fsq39Bz4D_I+TazD2UJW zLP|}xnly+^rtG~6fHscS0&OXQzN`@wZpx>3zsmo}NCE<^I_QGcp=^x4uFmItE{~37 zRF1GX_nK2`&=qH6CH{*NozUrAMk*D^%+*~MS zlJ(IrF~vl5@tsf(hjger(M2WZlv8L0$C~1q5NIb=oOpJEKL@U)Zi3O@QzCE(*CA_* zg*9r;a*r>taQ zI2}j7EDm@nHtB%;MHP8(*`ua3vyPc1{Ttrw^IwoB*75x0Q2JoyTTDc^;P;K=M4Rt8xvb%;D;xd&B0GizCjnX)nCm1ALAO^TX4Dlk@ z8HWC6G4S2YPrzehtDbq7Opz|}k}Q%&9&3#1HKJ9Y#JN9J>X~7TILs?>rYLM=kc_IR z2#Kexj<|ZfF(kS7E)X)F$hLM$2c^a5D+_;yw7<8jFiHOIwxdu?>MiFWKF1!`3jaPfG6>6KjVe*Sm}#J> zXvK4I(k+|^((w_CkI=isM7BJUUfS_tFd93oA>p@1Xlrk^*`36|FNwiWGzWD<%qHl% zN65PAX|0gkYphzwoa-v=_cR>r5AD^5r#2NO*iuv#hFyZ;_B$O{2@KNRUc^T;yemCf z6dV@D#pjXbu){@0q?ayT&N(a>t?(&Lq<5`#-dz|oz<-X(@eVy)eSPA+P zX5wrW{i)con$=)efh=Z|Ltp-d=qycu%(}=*4mo`z2RcuDSV~#(kz=c-LXR^`Wy_Dp z1ewv!PoM`hE~@y_U0E#8^d(b$9bdG(X8p(!)sC`T$YFQCuJU)hbXy;68`9%=4)*;8Ri5CeJ)UsF-q%WKn zgn*n<3ggG=)tQyPBk>c^D}v&e<0)Az7m#Ehx&C;TnxxEsQ2cbzAPasUX5=#^_znY!4za9v zY$YRDO-pnq%x5UCbDa>VFZ8bQ!D11uVSW=b{I{+4z|t)@TVoRD z|KZ#|;5EAcabN-Wzbe`vFl6|T+WP-*g$)0#wEkZe>#Q8W3mg82oO7yrul0%qYST9T z`4l2U@_??x5rwd~PEb#0j}IAbFh&xl*a*apr}=iCRPQMTDv9-6RkOS5Rh0(+WAWlJ zI%j&LOAYNTLV>7zDQmrwkVnu`xT7*zWVBFz@(MLfeK^@$ zrON882`?z`bRl+VT%aZh~Ze-3bW~O>=v`R zk9S98+nC22Z+b9UJH2li04hye5?AWX8x(}bV&_dEu{Wm|Z=xI-b7!=xtLk7DH{M$X z?F{OZE;aggew^n_bSM^to%)>m{8>Yl8VU5-gq{$|kus)~8@$e;u+@QQReYp6i2(~b zKi{?uW6+BQgZ)op{O&#(XcUNia}{k=k66_cS&+x^`{C2!g#GcfoS7hT+NPzH{qvKR zY#lpX?W0J8F$cv^=6S_7M2$(T?cwXavS%=4qIdaiD(Pr=yhBE_N+@Df-HN-6Xt!sY zl`BlUZNPH&aP1TAK9h%YWMHU0ew_WL&e>_X^NL<`Y9bu(T+y-sPZAchl9F^bUYUn? zubd@ADsPuDJ?i@w&#bghXlBJqHxIvN{!^st!;|pBo^=?wG#&U^J7r|1V#7EFYnU+T zI4QlzIPs$C3g3nj5!oe?$H80AkYTpFuhWuqKB50eni5l%5)E{kDNj$uh|_Rwgq1#{ z451QLnsY%3<@Dtd(i@4=P=C|^EOde7HA_G7bmpe(Ay_#c73q;@Clqy@3G=muY zxWg4D+_k$Efd_Z+>SFw_&iUhd19fu;)SB7{ z*uI{5%!k$A<2?dY@kTIDT5;M9UfKI&&73DqPPwMnL{2^lxB7|&yQT~`O1|1yRZ(F@kISBs7&6ufV>+#E_W@@+BaNoH;M@dAtCsP0y!T?(*YLh-w3x zGRZ3!m201K;JlrNXk^16sImtfc(Z99w>;Ykqjxq6Z3>z*5LjCmX?uCisnHj%6X&Ve zhh=Dn8X5%imGsfht9M|_IjA@=^ocdvP}z-OElB8aU`q3jL`qMsuog6O`o9L8}I_rd+>n<^RMu+0k4(>@qyUx!3TQC{t6#(WY~ZTxgB2M zqx^@%`;VOWLq2_=;RW&C4)34y{afN2iTNSf)($p;!##|FHj^B#Qv=A=CA@PfJzc=0kw9c--Jf7*Tjux=09 zeIRuJ`9SKp2j6dP2jG`IW7g2rBC&R|wEVZfKu^&x5Bk=~0$(XR89Ls&)UsyQ7Qoj^ z#zr6mbgK@~#nnJ{{5jt*llxz@-$MWb#}@!x3f#&A$oXgT__Y-HD|{e*fBOs1jqqgKi&uMw-)3f0D%$# z-3|x<#(Y4We>%dyH6gdxswadQ3f2>-*1+$)F)yrJ@M?xXqTBi_x|{|agXxPjg9KLj<$)MX+^ zdmhjKD9z91C(9$M?*I0Iq@B<%-~;LlR`m9^U7TgoU9nx{m)BRR>Z+;7emPL+`MD9g zP99r)El1;_ot>kdZFJd>iJ1#!*QMKu`Ny=}j6PO;QDgkTls?!kQboRN!BLH^aN}w^ z_WnSmNIdkW`8frh?q&G7{ekidk>3sPEHIf zw$|#3LHh$|iLP-=9bFCTF5}H&NKYybykg~}y>qHGto^CiZ}lF(R36rk30xD)Q#MP( z)=X-wo3EVXKFsrA_3)j02bqFBM?)MoV%Zy|#+IVF;!t&_Ygs%cQ6dAk_^2&gcz|yF zX^`Ytuz7>U8$V%DY3>$V*?jerP#92{T~LEg#pg)=e6 z27~r@!Y>P&4_Q68+Q_CcJ!9y~c|TU$M+Gk`Ki`!xzm_nUCesI~D=zz%Rgr?FU#VM4 z2xis^XgU?*j>4znlEU&_ez9-CRbgXLt^Dezoynr0k*M~f#;Pl#BwaH$uKv*61fX2s zgvJVoh0nV4fyLL!{;Td0L}5uRH4Y3-s_|qoE3a{zVq2=l2h3T$ELu**r7Garke$?- z#j^RX=RWEJid>0eR%ch)sl%RG5bXyy!}wStL@_FMq;HjAja>tltDcgR&51(WM|Fz9 zO|(;2Dl(@ORm-V7MM#=rj_VQB85JO+56_}SsY{}G7d9T{Ky{v_`#pXxKlw!K1mYW3 zjBMQp8sI$->X)O8ugo_t1V%2NgO}#_H%w1X9L&jAQ|+*SFQa9L>nW$1YehCv6@A#z+0gmy5_25&-V)a zTFs?3)1-tQXtf8$gbkQu!?0urndu3tePqrwV4#R^(p#5@FrP52B#2C+6P;1Z6tEi1 zcq}gbEVS?;pIT*$ge9Yp4MzQFZ}+lgWC=RwGIng91zMQ=noqG zd;DpdfQE(|IC4v+aVxQP_oKM}=qF~dj2PeOF&9YDpBrLTjj?lor+qdnDtuzy6mPwj zhivtgS&=drY(JEZTi2$_g4>a@pG992=|179Q>O zl(f%eKqS;2nW6ftR5p>K9{I*+pM=2M3e%4qJA9QK0!Qga_Q73Eq*#h^d4H@eKVm|2 zgEJLL!~LA&d%U()-*D!7U}(49XTZ_BN{LFrtp3inj?6*k<9e&YhIQ2sMtXa7*_UPX zzBX|)7lBr<23B55?)o;9MxuQmyWF*KMh=GKS?}f9a@GnR)ZG25<2>wk_>B}s_c`D6 z6I&bU!)%x5jj!Ow*{F4flE8WPyvQl~U_V?8^KhD=5#~Z+JkO5&047yEBB_5-?>^N% zD;oCwRO$PbvVAZbSTc{0B}8i@$6QN*)TxeG#R7OVa%~$chfdFIUF-+ew<=*uZej(g z&k7M~)*y2)StY>NDRvIR5Zyizfe}HL#-sJK1qwvOVYx$vLss|AMI}!^BkenB>lVowNCxy8e{1JbF^PMNTS*BKcUMx}^cx8)2m9!%VPMAU!SlQlNHZy!9pw#E|BLOSi1~!$ z78t#QBdQMp{Sr-pfE17(g~3x~;R)xJUXej>Dhi*S+h_!p@` zY_kdifb5_N@R0b{ehjKSddv8Ql{E-*4D0&&cBHkP=*>aGq`iyq&%|=e?cRJ;>y9aD zVNzR`fzCX^NlmpL+*CzZiK(`3*ZWbW-yh*)m*)9ZtlH7nd4I7eI3_d2z9NOxaev_g zJHk(Xq^A3Wd`QsTDC!_FHAHB@w^xSt>uBIoWD_B`?h93?35^arBd@e_8sv1|$Hbd+ zr7Vx<4m92lr?NgK#z@O>W2k>hKZQr7;5MjJ=@gxGPMs0D_mT;kOMy7drT%AP>qgS7 zpn~u_>G|A`czx*9dR-rfD0alaM=$+D^@vtX-tWJ3t&AhUqlq+W&<*nbniG^Hv>S*c z`e-G5D==C*U|llZG4=w>O!N3IDuKZg&rpZYxdG%cE&9^1B5#!66}%pkvNg2UwPL92q_EcJy$)k&@)Ce)ao zOBOd<8Ho>@zJ7n#CeL;ul>BiZeWc3kg`mbTQC!bd%>gKTi+6pDw*5S8(J!K~<9S4V z+!`oeIUFw~|CsQkRv5+f4KYC-Df=Yt>+2j8pAhUZi^L@yHEX-H6Cv2|YSRXXOjT1r z4)fNs(G=%~t?IL#hth_YtpDqZx9Bs`Tt~uJaXD;YW?RTFn60#^Gscm=mul2UPquui zlsbK-A7tQ6fd~U=;`8{f@lvJ2V<5=s)1tWv6ZFp+yJ%*wC(#?h5!&38T1?JwXr;uFY?d$uvp5~AGUM2;IyNFIJS-#gQ`_v}vvkSU;_wjq!6LNA1KwC5q}vN7ZdY^& z@kYcXun);(7pjeu^eL_7*TaBTR2NZ^0aRy19XBZQy5;te`en06-5ozk%~E;1i7fNr z^z;XDwg+UI6enM8x-pmNDwnRj^vTQ9o6dPHRYzjq$oNG$HB%d`)`2qmg z8v7jPIY9)nLI3fA>goF0#_C)!YwOYBdyxQ8e zbC2zIyOw*WDI`#Cx@Vuv?RWyV8yM>!NGLz4-MERRoZ?du4!q}rTcsUvH9LP$%Pdv} zn}NouNmbaJ?j+tU##%ut!P(J6H2wq!Me)(Kif3p@0)-KQcYhKZ@A@<+Td#1N0u9V7 zN8FDv3FV$BZ)YKP4&XSVjSvJTmMY4WgCcpz=lBw<;Z*tj;GiSz8m$xt225F5xW|#1&4e_?(UzjS!$MnRndM-sWCC6P zodaTJ{YMP`f3DDA1$y?Ne9FHkf$qE_Bi0C3kJ;I2VnCjB zc9%#3hInp2z;@Rl+Z`d>U4v|Q4FY{!(C3i;btfapU;FigcMY=NHOPL~Ap2c|>~{^a z|7sA4mHn1TcO`M#6?5N&80e^)L zl&k;&f`U!=0R)ZHe*r#(rw@w9f&fAB*!uv2o}a%02pVDFV+)GMa&r7}JoZ-0e}xYe zj|BmO;<5Ju1c~9l03S#q9Kb7TK@#Br?nM2=Xx;7P_gDBp5&;2%Byu0Xe*~NUl~Q>q ziGTn>61fN9t-1KG9()KuphP%;F=LQKK%9R#!naoJzxcR*8H9UH(jbX|06`MD4Atwey!@;~js-)1Zx zLc+IIAwa-eiQEJ5w^rmKM))@I4FtTE$e#n=x(I*e5d=zv4OrWLoA?G+w*BD<-?}b; zg%2bV5a4a%`yPOQ(~1B%en|wt^~Vyq_4WR%10PBvAV82r?gRKcE5dzO19`7?0!Sht zK#)Z41Nb{D@*sdfi2#5eGDso-jz5>k@2tp!@PQ-(0t89qK7fDIim(E!9zj-w6}W5W zPv@AwYDGYRAc@=u@OM_^K}HxP5fC6qBKH8ijSKzfB=aDEK#8z|YJ-6i0dfA}2;au5 z{t6#RA|ODJMD7FlH?0V0ngJ;USpV~<{r6X05ztBjB#?XX{nm!u#ZT{TLx6m@`nU(* zZ%xQU@B!KGif@76{pslb)_^<&9Y`H_wYT@c`-l0sSJ}@)A9u!j8*aIqSpKihhZ8v6 z{4aGr338FsQh43pJ>ZG0%xrbOI}e$C!7p)+6J>8trE(xyL=J-`Z3M z{nTBgC>L61tl=4|+@@q%%Xcxob5aG3WlzChUzX6tJX3MYEd(Ta;5F6H)xN0C zf)lSu3V(ie!4>B*8`dTM91|}-F?>IzG^RIUgm{xeS^RnKiAhShXL2q6dDMFwKwJVX zfBk?X(H9pUk02irEB>>n(^!HO|JE_C6PuZj3lmE_DOIaVIS(p%4Yvumgt3pZF%oHiroWCtYh6T zVjz*p{Iy_5q3ov<(i6XnJz{`@V%u7Ma4zD`o?F4EUe!fF*~Mz9Gopj8`D`;BDJ8CF zRpT1GRX1XkhifK9tZC>bFZgILbe&+&hyl87G5w z`fA{X|Fw&)vu&0VChq0+v&cP(QtHUrVua+Cw4wg40i^~B_r&-M~PHvS?`v-Al-+K#gi_Q}feo4hcn!%VdW&wg?nwS#^l-?C%XnDGVjJJ!q zYlwx~xdSq+hv})Y=2{d2BO@GL1v;Bu97KmI87|>|CQ$9zZl;zbEOGCS)#NRX(c@Ah z<>@N9&5%@)cOl(PKP_LVjDF|2((`3}T%WNXsH|VQ?AFVObR~VW@CDNC7`bufOJk;K zvg!JzwZ{Yhq!w05D?>OnWnpu_oDAzEcmK?1W5;b>_!mQNXFEvv5AhGh(pp>1acX9JB zvShhL6F&?A((qAh{lJ+bPJ+Nt5N$`nW}hZtds~2Wk1TV4l7X%b2BV&;1e32C7|?Y- zmsaRp<@~f+=A=}*Za=0u_fAQalsnI6komK9Ao)jrzy)7PNvS=AZZ=rQ+2isP@Cr6t zh+^bL=a|xc;WH+M#Ti-!x8Uu1wzDpQWh{c6aY>p|l5xZ5br50M@bvaOxFPr_zzMM?Gu=AM?~FXurVyfk_JhM40caR>dj$Llvi zS*SJ4Fw4Ym#yVCsIVW68XGBxt=f$5B2k^@ktP6H)FQ!YXCaiiCSc=Y8k(*=bUYM${D%v$Exb^LtYnHC`(lERF zxm9>ZrM=hYwtq*bzHk1Wji?qnOJBwh>4mpaS+3v2jp17ncHl`FwPW=OBv_V`bYhdo zlknJX>&aEVRtb;jsGo?@YrK_T>Z|hIeHj4!wM%TrK6`1k!YH3i!mm9mS#0)GgPrnD z*P}1~UL(l?W`J+pQJhOyTh}koK+>`LCgWRK5WuHJzn^;;zPSX;RsQ1%Sjn?B62#(> zD2WACde=S~ok{*ItVUnI#Td0DHaBrCpIHv$jCWS6HIXODyym>Rj5m^^Cwyi)0a-a} z#mW1`{yc&4qU7#bm`x<+t=(XcSaj_$s^%gk`Pr>^&PAW;>34gv=0`%GieCjxG(nCv zAa7+`KxbZ~f7fB#(rv($b_Mt!=lP>1(o;8WM?EjzK{?M>JB9ExPFtA4-A@zzq6bJ+ z%xf`TfscvNBK@e7Yw0JGb&!^Q7~G)WxZm5!IKP{hAz1pZWiiC1MPA^5(yAMSQ`?(T zkI2Qoy(j?TfC|>7s$IrF=Yj#xiG)~G-G^=_dxR*;PDXdgR~?aRXYMhYrm#A9<&C0c z2)sr7gc0(jnoWZrQW=aaCikY8DZgi#_5x!!JF>&__ zY^h&*Rp@kEJ#Mrom|}*$h<`u1vT287D0Ui&#a-bYaR9sb3P8ts#0I0m0UzpHtjWTI zcnHIbQ5mS3s&$0(I9Va~?Anp>sG20(X2vrSHwYuhtFgk-5q5*GHm%O0&*PMUrl^n~r4@YTaevjsc+M8bvCL&$M~D*ORz zwRQn6DghCAp<9IV3<>s#CTmZ)ccX0QK4;Hn8ONLBIszvu)2_kjzUjAu%{(n-4Y(0I zr#*W|W7W-lNbD%)rSE&v&}t&zxJ=2Vfz`$ah7<20e(E0XlTi=sF04WOK}ulTXvzH? zJ`G}X3jXzw^D%Avp-%}ea-Z^Q_-SqsySvJWYO2@hlDl2%#!#yrmXIG}Yc0HO>CSWQ zQtTB&J%tcG^I4h9+P!Bwe51t6*gWgWq#tIS7Ee%p>1~ddXE4^>;66Noq{hEkxyTP6 z^0nc>T=+)0d;wvfoZuNU@oH?eqKML&D{U`W@P;QCpD-Q!rC0LG9((uNNhc;Zk({8U z0|Rb==PG9J55!4foIU;Q6DrtGJ|DqHsH`KU0k0i1FyvYdU88{9t{N75_@`Wwh1-M2maFl>aM6|aC(av=|r zAxzjGHZfKjyrZL5y%vZqLCJ;K2dD^5WJbz=C|KXFp| zsm{w88C3KT`|EAmpxK-ib(hL88%3VO76R5OB$=Jch$==A=0T>6kD@0)ywXt?Iwgzr- zX8pfgG5&w$E*y8YAixO1ZH)-WT`dU5T`dUEA^!C~$oB#6V&?dj`C|np?tZ=gSG5W- z@^$+L=Usz9Z~E8ky9R;VLVmrzYmoDQmRpJb6+V#T{{U4izyh6ro5B87 zgz*r`3t$Jb11Fr@{3CEa_`}G_?VR?X9rz#;zD>~s0dMn<_W=Ay?BuQkA50>k9=y#z z-UIM=v3KsfI>LKJ?m#09%1nV$^gzx(9pQi2(0_H{L-2tl0s_2E(f>Ih@F)MCMA(29 z5hM}N`2&C0fw$KDuSo<12$INs0Dl*He~>5eHboBv1WDvRfWHgAKL{XDB5c6b)oqF% z$oZ!u3|dD0=LkOtA4nn~z}po4Jpliv6#)Q``?-|}P$qxcfxnBtKbRE(0p3dF9)Q2K zA`dYM-lph*fVUF42jFk5$ep8bUn>FtF8^;+^uSXR{&a+YYegP{4(F=c@v}sCyN1=J=f>R9%t$`E8*7#@eY$zD(D!t%=HV*%#p zDXz=pxdZg)acec@@*!{H2MuFaN5mfu?UPn5wJymMH!Z3=F&!G#4oT?!%x+|S5vg`i zI{KQ7sy$JOW8~?k!~49~t#0a#&)_(N1Yac#LrN4NLI25D$?;9_Gf~o`#=0gR)MsnFc*J z4{t7l$!S&F*`g+_>M6mzT+91%#-;UkIX{=Jm*UtvT}tuw9q#DGG7;}F10MBlzK?F9 z;#2@w@YTzic4f}&y(w)*ds}EoPR0j(>N3Ca~IC;kAN2ryg{%nnOIf#c+NphEI%*%L&s2Q zdW9_m)6F(GhqGY&Wbt$Z>Zh3>V{hufqLp_%lx4u2K3nECe3hgB04gVoqtN@o`82lL zN3wE@_K!^8m2rBrnGJ3Mgx+9?IlyK*ea#*LZ$#r&Mod2n+arF{CrP*=O`Gh%*tYM2 zs)4DO*l)$*!O$CvnMhzl)Vh@DLaM4@pv| z1#IWX5!V@`(3Qw(BNn|4otED~X%fw^M`+uxLw4DbN9D{zS)^=2 zi8kIm-1z$39gQ1#%K9szxdcz?y$p}uF=+thi{&~nHb(Q~^wI?$kG3~Q@O%wW4 zJ=n7FiE+cxXHO&7-yMAMRI46t5DMJYt|!n;-c1!(zdQ>5iD$G{)|6IWqw%UVrmPML z&yQ|R!qYVyb|?t`OKEA6W#$A^-5JZL;DC)&ofg8eg9gnH&5jF^I2|4M1en)frkMlb)Eoq1DT5sI9EoiMI065EVem$3U4*+<;Gy3{CE zrbgerLyAu0CQ4!|$Y>2GhL~xa)QYws`L~pW#`_+`qw#5Q`ZWiWom~vTx+U4z8`5Oi zGfEkm+|m8E_yn#ii{VEO2!ZS*8a=M7kGXH~^MykZM;r(lvZbE~tx-uWiD*Md#C%^( zXDO*)Ob2*$9h`1q1d8DH4lMZ=rdWwV{In9-?MM8g;mjQ<%t&2>^c=uwWFTYUYb-L4 z!~2#6UhqjD`l6*}r+QJKm&I6nrW!PvEt;qZnAzyGwe;Q-+t=r*73OlUMU}IvOE=Wx z7rO9RM!(=9#bKk979gM``)vk@4c7Inl%4kxuUV14I=+${6EK#gWOJS}(2?d?hpz;L zu5nq*Y7b9K5IWIpENl;F46eNp)cb(VHqK}>hSdcXTC$zjU1{%=H6gt3qNS?0`5wJI z^znN>;(@?Dm($q#w1N5%I@iaK-A`ALA=J3cs}ZT=xd<3ayG8(b8pXI36_`d%kz2^T zHIuB;+yOY?JfwK7)DiU}h)FLr0wM5TwN2X4!kzt+o7pOr%AJS%GN-cJEhXpYL3`xKuP@KaMK7_k z&+ewW@WvoM)Zv1UF6)RNGJ{QhyM`;-ijfv&lRwrY4uA9iwm7v?A(=gcyL-x;Q-W-| z@gzUNmhYMW2csg|EW3SuQ*qs1TN>B-SUdgCj7fMejakA6*eg6(!nvlT3E1TVtG@CN z@?s!F&{oaK(XabOE0IfV8SaSKkT|i*sAu52XN=rDF4Gs!BuqS-8Xp#LlE|1Jxp9~# zk-^qaV~|$Ta%gAh!02ejdKJzfF4x285B>2M0RSI>ty6 zNf!p5WMa{XhS6;m^Rv|V!nnASvu~VKB|1NaN7RnMSXcVsqX7ON=H5E0s;-Y3rMtVk zn?rYZHz?g89Rkwb-Q67`A>AU4q;!XhAV`P6ueYY6{`D$&$9dxW;&a!9y8qmp?O90^Syt@^ub-?D*B>x?Pe?)xMuj zescZfhqCb4`Jlc$Da|8!9ZUj%gkHoejK zZJpD&WAm-x$#so#5f$J&q3cdfdIX?TIQbYDQ#`n3goe45(u>Bpk=w-{{7LpO_Z zxn(j56OdSl6{nhde~?mS6Ut4U55%38?Cq({nte*u)cfJF3sSK zNe*3%t#L-4Pk!15rNcbt+&`PHrGnC_gt7a>b6w0DYrlM*75`G|(P@fUt3@<1Irn&W zL9(i<6ustqSs%y(oTB8VjJwu~%;)Y`fC`eLuY0`v1Smho{Y+c*UbYo{D17-7 zhhgs|*Brpkq9fflr7?eilLBZ~oRH&iBVQ7}p`!`v0TeH_u)og zm2daiPUV|zhUy3NWru~WfvmILwGmCX^qhklYbFOQ<@bnOxPB4%c_{0#U_VaZKxa6s zkZA`d5rQ_!_~~ewu(XTrIVc7CPcyvPrGbJnuU|MZG6cO;hVr3k{nXuUm+IfoF2!XR;A00}U$58pU1z-G9af7;3xq3J7tl5JOZ@y6q!d{|SsyL>3Rbfy?!7ZMX zVk6!;9^>dPnuAIeg%Bz8MSsmlpJ&5K6l#+OG~g}lck;rCDD2VF-TQDg3&BmUe=;X?Xxd%B;>&D;g`VhnjAIQ&^p zdT&huyaoKtb?LEwGYhP45ZTFwars~pWBU*E%@@`kcZUK$3TO}w#g4M5)X}%e}4ZN+5pVR`1$=Q5aGdwdHnt$x%~Y68QFjc zlsA6<@N~haa`UWD_2yZh3eK}WRh(yiNF4n6?|)tp5%|jY7egB!@9Upp&fk&~|3YZP zf48aryXBn!QfR~DgYeG*@293ec24{6Y`>q_`go4}=Lr54fB>!s$Lt}! z4e%iA1A+eTBJ-_kd5u3_SpZDU8uEUzub)KdtuNcRenTACZVc|bP?x_+>dF6N^zsy?S@=OVZqgu z5;be*^u=K9imbTNWWe#+IvlvZBR9b~!lx}Rq3RF%RdbqFjh%wiyd%}a8?jw`y2&2d zv#m8V*AKl1`?uBkP{nFW&iDJ*R;|u_c%Sd+*D&wRL$ypx(F9Q|n*S4rr*30*KTTF>> zTULe}ReF5uJ4IJx0|kc2q9O3EQaQhO9NLCH|Tqg}oy zS8tM!+iNqfq7+zu@OO}Zq228&;iUXJda~3Gq zs|!^DqZ2qnbOVRpzAwGcr?2%3(z4v!Pjob#>fTY1x(ZN3S7c;Wy4)HWJ>Rw2FvL`F z?s;30X8WMO5j8fLW|A(gV+OeHZ63VftO0{gbfm`~ZRk4y_H zHDWn*AyQl$W&6%uNvW&UeUo8ia03OBydnd{yHY00uZ*|83J9XFz*ik*Qqac$ZtpG9 zcT>v^5noAQGqD+jW0-^uJa^~QN?pTcV8xV`3C<0TAzG~~r_?ZZ2W31&GApw+4cyBL zr+rZ9An;Qr#nnDn9ZkxEr>Gmqz*qoo{L-&%NEW!bv{_gN95U_;wdCWIif6o(Q)uxP{3LS)H+u8|jI|VVQ2H ze#lz;uyU6jYTN0U)$yGt;+ef5|1NU9koXZUb1cuUPY`P9WnA{I^;}n?J@203VaFnp z8^q~^kCOTVoc57&w@l_i!xz3U>mgsWqDA;Tn*%5d5Me&+ab?42)kbM`hmSSb%wtuA ztD{P#ODc}^Yd|yLbBK#7aD#LOpGsADA2S7?`N*|_$FEJ_pJ1@2v=;OWshX^RLOcQ! zYM=26DA>65ko}M!!;q^rhgrQ1G1TT9bzVPzNt@gdND+jkM7goi{tU9Sjio2aeHY-7 zESjL!be_&n_W^gBq>YAj1&#D0(OE==h^c#x zgJRVY+vN7c*3|shu*p9}Fi36Bd6h~?ZZNATQY{aDvF$V8wfxrK{A+$LCv=bm4U5@BQqmoK%MBe z5QN0dGfg_5Sx%DQr!6OOSU-|pQ_W-Li^Kb32iSMU0^;(VeEfo%)lo zMh&bwfU>p30S~%k9nb#glgb?T;LCZR6gN#setE>fEh4ZMXzD(9IS{4-PQB4U5G@Zv z&cYrn#P@Iq?m{R^#sa>_UN6|c&;Q8WUBcAF{Gk06Bh>eV=IiAEzi*Ov9_gf4=8weI zvBB;)yVi%OEe&HcCT1Z-9r>X!p6sb1z2Pkx(A~6`BSv+2qW9Ajq0)ZKJ)dJFKIj!g zaKx}VgU~ldm6935!Wy4sBC!bSdz*)U$I$YrHQQrttmr>O7d87REZzXWQiXT5-Pkah z$QM{VErz%$nDy=bIn7`#F;aTBL`v%sIcHGYx^|KqYB)R`7W#Ec-X0j|b5t5HgZHa> zUepK$=@Mh=bI|f1GQG|ex<7{bhTee^_`h;P_f7@L8sD`;)Hn=%hn6=TzJ;SB z3lMlLIKVY?^M3BW&$kbEMUs?!x4r_v0QX}0hMW~{I&Un-bhh zL^AEukk-$Bskvj6_|jO?V!W{y;-CGuzzu3P#$egPrNa1)5;kAplL$+C=@7$O*nI9M zOA}B^RVG<9k7Mp08_0uE;pKiES}9vT zy>zRhs<()jiPL*N2;j1Wyiyd?v_(SkjRJl(Pkg&MaUTlB6tbC2lyz$bus}K%y}{4S z;>Khc&3G9-LAnJ$HZi4*_d*GM%^YiqK3u9xr{a2opuSDHn?$u08KRSuB;!Xoc)>j} za@fg!KK4VcZnlAVOC@}dv90{bEmAII?Dt~$17f$I-7UA=KexnN5g}(sh32%yq<)_m zcDL+vFSFuDz|P)lBLst=e)IBLJisO0b= zy}?w)9fDXV78h zBakoe0Y&pB`MZ5AL=(pF3h92AZ>Ul)esuZ?H|b9foAaDo=Z^ zs;a8ysp~YO(vbSSm#RSR&o!Ym6D>?X;y-i0n37G1vC_|7c@96Y1*?@52gpeT!*9G@ z`2=2QVylnlvin_P*Z@asp2dqZqPTug?*05k0~D!ra#!$A(ua{Ot|PAKiF zBpVFRF;t087n}X%7Pf-)3oVtSyxaCL?_1byfr+@30jgv$>4K2E8f564k{afgpsNJ* zrp~M;NJv^-^%92=%@nbIk^nS#G?_-$loks>1)BII7|EANiRW=SDGhJQ_DmB_lb0hr zzdArd#-g`6eHGDKJ85gTq<$^+I&VXL9W2;7LF{5?p(Ua1yWBjXT8(_C)TC2~& z6>K>^%!-OH-QPyb;?6c8erWN3UTvhE^=2XoMz=zKskF`tBKBoQT4_H)mymgHxr2@U+mZQ>`Zb9ze&wHSEg13 zNdliUtP^n7l=KDVfD-wIc>{QCoco`5yZ<=>76AC^j{LWI^Hfs(zswuJlMDbg!cL(raeHQ@&1XAQr0RF4H2oNBUB7Xw#m%GSA%kDousyy62nCQ#I!o`jO+8)Z*ORVJveS~q|~redHuoP z%!Y7Y^PqdD-+LeX2$CAt3X)u?nalf>!x}Rz&6#&VrrOV#3z37nRbHW$M!?1Og zO0(RI$tmjVJ7Ij&J#ua8IY&`v$itW`h7SuObQl^$_)$sxZbZze3YlGAs z65tM(D0u`;G*qmQJmF%@yYP>0M6tS|%3|F3%^?*qd~nno%EPD0%B(~ZkHdooZL{>0 z*}h;>+=3j-_oi_*TJ2{!em<&j(3!v}5uYZrP?*Lk`nJ2iP|uJ*Yl)c5Au+|)tq(Lk7J0po_+qK`3$Kn%R}aPe+4e7{ z&r1g*1Zt?Q;S9~7h8Kvc$3Uvj;I<@UHI`v%H-~8Y*@?AMXN-yD- zrbPl-<-Ug}L@FmFUOMrv(im}GD|7Eo=B_%`j*9sf-||hC5uc~=>?UQ8%g2*YC&)Ah z>ma}bz=^yqwIdtuBzs;Lo0^#p5%oI0&y9{m9ZQ~M=bVE5$U}X|s^I#8CMhk! zx=kL2B>@tXM>3c}xeG%FA#(|M)v9F`AgxWTJmH- z%qU{IGbD_T1h=qz%(q})HO{CQFg_)FB7Uy8?*3uC&}AF>6B|l25t&% zJ?~;_b*a zAH&5<5tVtqvu+aK87ZnzsCFiC% zzRwQwt><(ij4sq5K9%;k3wNkJyw22xCq)VH8*(K$#Ac?QWnFf-<)E)v#5xFvn7;H) z2!ef;gXvn=yE{teUDzOpMxlZjgc;wt3ucBO+Tl@#6TpfD4>?2-McL-cq=cF(Ru>Zc zMhFU!TomzG=MFr4g|ONXj4`_7`bhyLr3d1yq8xVo-qq>A{nJAk&7gJkiL$aU{>Zm) zD4UU+?V$RJGYAX#9E}q|Q!8I9$!UM=kppO}&IknR3MrWPFL|I6KrPTavK=Fh2vc-rX$VX<&#v!-ZzK>1o zRJ4t-q%Mq-uM@$vxdk7=XBON+JG)13ZY$lgQ5*SS>J|@`LRYvmUOM*qC7tY~;PVii zh;tFLq*vhK%9bLP_Em&)-)88)3b0Ej6098ZIABhRi{`JqRbx0TuDSTpCg|`1+P~|& zAhYZ12$pC=K^{pk96c$_fk2~4KdEWMTVibxyo)pF9~F?GR^RLklAH@Hh_wB;_!-ZV zUA+)7kzlg)9_EzsTIO%T?NmqZ%xLa_brP_>EZx)A^xoXQ|%vl6s) zE5q!p=@G&2SjFz2x2SLXp;fm&>s6~*$x{-}O$E;#P?pM*JGgrWhV zF0r}aFGiQPh`htjF{hX(D!`ibWVm5&Om#&1b|!u_q}2!#<6vfg8d|gF-Kppf0j(6R zmJ?Kj6Q?5s6MY)*)GjOJG=p#B%e+Arwg_@f z!6_K3vh<>-8#&6QfGihLza;4&9v~|PK@S;ZwW5+_DaP6GX0JwRpgn`{fH)`t3t)dk z-7Pl>MSy~WixtUmP+^31GZAcXK5)&QZ`Hz{Vno(9x*#siEC)-;2@rmn;}^>=$Bb9r z6q~>#DSJM%*i1+7tl0vKXMg5uib^b47){4CjCNCuVb;xeQ<^;2Z`WirC5{O#&2MH~ zQLOwD+R#eZG{#fk3Mw1-GG0X6Nu;m{EigJQZ0;uQmFYr)(7U*xG*o~l> zI($T4)nrqjET>3EVz#ExE3W|Hi7r6(gIMz$c%UuF2wXAVVPdLZPUJSobHnDD_=(DH zAj{;Si0)lK>(vK4WpJa5l$I++q(%;{?%&EnnG&X{g_hN~50*H1Sf!i-7dU>%tv$Dc z(^zYN=A8t^RborMs7SiS=5@@$!0Qbg`S!K(q_2L)eXfK-NbKyUBib0LhaB{2#fFPS z0YYikx4<#wgv~gu8AXVAlzkLqLyCNO+M$z*lr0Kc_z+{e8p}0%{zxV|aj5W<>qSqg zx;&|#IQX9LNGpD7nKd3u)P1m8ubnQ|w)Z|3Ya1GL&sKw{ISV0bUBC$@R(5H&<%U%* z4Yag!&DXbFSIY0Uv=&|62URXnH@7m9xakXjw2gm%K7%5}qtm1m?`mIUQGXU%ed_e~ zjvyrN7Bs{#cK~I|f&~Jf;vgT%mf1|aVmgd0snf?jV*P8Za?p%gkXnH7c3#P`mR!r% zX1wdjSa~FZ#K2Cv>Tt{ntUSol9h+Gg%A-vrPuMN$R4;5XoXm*J`}MG^?3=ndTO0_m zqe^!hY}EcMHH#j4>|&X4j3YuRS&~5} zr^_Lf_w&Xd1Y%-@u?s&nLSsVUbeG_0K#XE`oe!c&vO}Pqha1y?sU`_k;H={YRQI^g zXJC84d0IQMTJFAJ8=-R}^DW@LAM#-f`6v|NgH9sjiE}FFoxHvFY}s*W4RbryMmy>nh>;9TW&@{<0jLHC`caa<$6uv$cZWwGw^ zWncJS5_|Xr(;e?ySmDjc$?YuTMQZr>>B{!Ha2DyoV7Zya;QJ0iN$_<%&A9s#6%vT} z6AXr}x*48bdNtPl>RqXZCTY(Y(OtRSdDU_K-B!z0SzobJgSWJYIC$L$0`#=3xR;cf z9qnM;?kUl&Z>Z9|EqjL=&smi~?iL*gl;Xf%NEn&84q!q)j|gC|TE%$VVDq}fFtHw$ zSKP3XKB$v$n3F$~ZeA3#NMg3GcCoM*)9~CL6bb|va*5*qo4^S8zZ?Ah?;iM5Yw!Q| zz@KEN|MtKia-klr>Zi`)fTzylfTzylfTzylfTzyl0JfhF65y$^IDqZ{SlCaU#Q{&9 z#epx|f6aPfq4;sOr=OY3hhwop(2NX(y0D&sd@Au>WIj{c&$n!T;44_a7 z1PD}t{siE!bhN($5IDn+4a3;6rjGWwa{O}u{|dfGyX^tsqnGdp0RJx`?J4TzuRMW|cH0BMM=#+I0RGC;=Xucn z|AtTscnDH@wA&s;y5F4PUp5i^EBJsE0Rnuq+x`IHugn<&dB173BbKl#Kl|v<_ayk3meiARS+rD1SYIQNZUS&vCv}$bcn&Oqo zmfeWWtx(6bN>*>Bn?3%%H#Qbm{))t39r0{7)7NWiuXkxWL0JmXh-FS@E{K3%Pm zDG$Zh7_39Q+XvCHX%oAWsTW$KIogLdZ`@TVI9p{dxj1M{$nN)QW}$glLf|7m;~$PJ zrSvChd{5mGnxyHIEVj;1q+`x{cBjYAQCOls2}z(KfzLnO6YdfnVfCGeGqNb^)#|d{ z&EcE3M>FrKh6=xdo^!0WKljg;Xox=yQShCwnVpkF4CQ4K>F3qQQFq7rJWK2~Z|6G^ za4jiB-%_TxZYF~ceX}6VO5>br{JnRCHh#l z@hrmZQmiq4ZbKT{iL*u9;=1%Io3azg{hohGzYfN~1GJ;{yi@kBWqla@wBJPUhV7l?+xSJUg zcmFE!>Me~dk@!f{o!B|l3~~x|3njB2PiudSK5gmfG>S9t>j)%ANM=Je?Xp$Zvl8D3 z#;VFpUp3q$6*%Hj1o`#R4wINkKF{cJsp#&N{rmxjLMrzgB0o=Th)Z2dVX4X zrtfbWWL9(&JIkzHsyBBI{cUA-ZJ_K6txT>`U)GJ)zJ@yjESe8;j?%qRT=DwR{XSWH z%Tib5y~@h;qGgs0yk;t51Eh}gxbWAy+_y-h@KtPAI6MO%J1i=B1uxZ+USUO_8(ghK?T_j&vJ5hb#DznfH(-Q$!EVMc%(tmpd6oBRuoTYJ)dqzUFvvSv2a zJg#ETiND-KqaEpQWK$GN^lid^!$f`EQp=eo5^4#r->i%WCE@g`JFg;*CxC(eL$M-~ zAc30HbL8Mw4Cdwc@JDP#NFRNOs(bjQ&j{*6v2tJnVYj)-NjT&o??`DslLgJtcO3|2 zq6MeyOo;2N#RCT53j?F_BaRiPJXCc-P`>U*>Sqv$-=#~x?@cSBqgPnhp0`Gdahq(L zClU1$rPdflq_~mWfbw(qHA*!&c=`M@&N9S}qJR^zfOOYVWvPzTZAZC`x{O$mdBl!> z`;0^%79s|zWko?~MrV&2UkZvO%UgFeOa-qmG%tMyifd~ z3G``WEOL8IPPYyWjkc|!xb_wChblOb8yb?Dyj7oXRWymP zqrjDmGZ|Ay;5#IuJNza(LGfgunHgrly5S{;tZtlYF7{E0E6JxMb))nmR!gWCJy#DB z*zVJ}Gwizk0=u-j?c4+v7Jc5+`vzE0$vY3|j#gH!>$dl08<;RQPzUH!YW4^{TX+7f za0Plqx- zB^;@)0)f=LJ4vV5_VI>6 zqW__UUOM?hIaU%SBFY(Cix#K&-J%SC0Ag%_3vO=SM}a(|IeS>UHy@G?KgWymPo0V1 zJ4vcU3$L?cga;%*58_A3>_8`GIi;;yIna?yP9@ZFqsA9vq({>hiSOc5A#ydbDiYW) z&{)4qXWvA?d*eGXwd_0UdVkMadf+ro!{i-GvHT7ojmt7g670*oHkK zj0Jd%pfb?x`>8Gmr?%!z-h1MFG~Hv>1yG@_P(fz!a2Iq&H=vE=*(k+Mn9$>L;pacE zt>vlnVk+aLk1{<^@Kr3Igy%koR%nl+5`u}CG17iRi`*-SF9P|Qd^U)FO6DawK|G4P zF8O-2_GPw8N%TROr9(1Y&h2-LB|ln_u4HH4H#}|uabaPMW3f1f1k~ff<3DWR{lZP8 zFukpb!wR)&N>B8awB{6|tGdLn9ka-;zkbO{W( z=+#7>GPnG;uIeImbAXOh3=0{Sdf5O!65Ga@$U0Ly2Aw;%JeMfrC<@x*7ChIi!clTp ztYc!P{>E3EWxFDuVH2-Yi=453hOq>=sXma(VX0>YY66IHXME`-27|Q-#}nUSw{YNy zPu5#%^Ke~OMzYeSVW2FePQ?@mTDhh2zJxj(zsC*zRJJ)0M4^my@WFGCH?yeN2~RPH zU)(x&HsTf#Dd^MLp&lg>F^!y!iBU*S6Nz@7HiY)v3jg@9T<3e@?u)}_`dhq0!l{C| zwA5ppJZ1PUqwTq=O>7^P<;-DtodWpo4%MFdq-H~FIlc8jUs7WpkdO}$eG|2s^Rkhj z^IO(2P4eInbM3&x@YuvX3*hoVgF^(M#nMrkblw;51NL`WU`L}botq;Y&%&=^;*j?d zXEYt!n_+sP2-Lm!CoC^)q}|M1C>Dw*GBibi4jspBD=}&A_gv)H%KbZHse)GOeEo4=iBN zmjIARt}(8~x`^mc(NvLUGSAV7S{e%|MsDY2S#BhpQaoUD14&_YCi42u zO*Ib|JFZ9~8S9!LmmMc74M3gV%ZX1d=iL^letTam%?ZBnHj()iJ6v#Rj}Xhvq;wyu zru&(wR4t|}1oZo~Pa-0`U{m7zFOU$DwJlOj^vr{>-P;8tuMuBiP8?t~eYt{WJk0p2 z#xygg|4ASaRC~P8-E%+R$~Kl&GL{f3tTL8BSzc{%+UhHXNNk|e7c!QeFNbL^V=9^j z1-u!h%LYl!d0@;i`b1^oA1e;umc2P9KCkaf&MJ86-0ya~?%MSU{?*6Z@Vacy&U#6F zy6Cs7WkW%RFS9w8Y(_!8E-<@3#~zBEhylGG$e<<&431ay>9v|uOh_ZQBXAeNv2>DS zfmWy|ba%5nm;Lw(3%rRvT$*rJ7SEV1K*&s^k2JJT{<~(5>DP1LDy=cQC2o|?3tIOi ztZ>qVYg?u2NwGIQ#_JvNSiONAS@9A>GH~q17wXbv zW7lKh`I0nQX>AtQM<}C}It}J}wu}i434o#HqZ83a=s;w}C{glQ8}7&y4KNJ60QC@Q zE3l#;1O}zrZr$ps0{2}zLSk7gNd6q$%bV^XS;@%6xC)_iMPP%ND+WQ{)7YwZgejtZ z5NAonDTWx%w4t~vtx~d4ST})=s#<=D9z~s-AmEe;=pn9B^NPETjx$oja2c;~2x_IN zuc^z-z(~{EEM#++>>vWr%zgbPX?O1>*g2)Di6NOfEHZ@Qwy{^$TMcl%35p&X2XEBt z?fKBg2`h8>*6C35^gA}=>(tj;sf@QyR_(ea{9vzi$jq8?ohMQn*ZO2-XoOA4?+{UG zkWRpX5OaV$9s!l5xLwB(mH8o9*J&f7l*#9+{wiI?hbZ&)*^m56OAk+Qs82_|rU10C z$SuYw^Di@|n};p+IBF64c%VZdttMPx2)$rS&BvjOBP?B8QNvB52*KsSLAvIL18HJ% zZLjrwA;o4u)BA{^#+CbLGnY3Nb&j5sB*6p^~zSZw)v7K6KI zgEa>bL@K;zB63CF1Z_;VO=D4DiZpIQLq5K^wkU0+_9|Ha^e3c=u;W8K|t6wzFs#S%0KJz131fjJcO zA_@nchch?d;3>bgsfp5Q5S|bdTOzzXwwU~eL=o$Slh^{U59ka4L z3dy7Ax_-!+i`aoKVXu9Wtw`&W`mjE}xDM{+EV zraPAsLh_kZzIcT_Udo9Mn}p?vP*Ikq!8Kr<#uOz4v{&Wxdf`h?(+@K}8i5W;*_!X+ z@kpo2>By`NX%D4-Bgitm2vYB?h@KFV4EBEhWWMs9*^d<3bqTCt8U55|MDcG>gWW zW68xT$qHwvv#_C^=Xj=61us>V%`%D${zAa4kLSHHsaal@E7CIsX`MP+Gf?r;@1TRS zQ4EcgocYXbDeb-1VrRT041zw=(P6b-G4WXqNm{Y;ibupA@i{5jmYjZYAX=Z{M4VCG zAGR)uCgL@N?HS>L(RbhSgv8Dx6lg z(T-I5alKC@Mf-I!`W4xh{s&@XTS9Nfj3tp-1~vplvxHQ??SvO!jc~5kpi|;1W7$O= z<&*j9k=@B(%~rgGY|pjS4e!ARt*O?&V&<7cSy_b?JgYQ!h{>%P;h|}LW*4CPE?*5q z&LPU0)hH$ka^nr8bsfJje5^eD4(}xPs%EL96;eA&m@RX6Ap}@|oQ4pG;m8sOJjKp#i38)rBy5p=0I#;U`K9my-MSv6YTCJ2Nho`)RNnT*q_A--M2F4i~N7D_DubHHvPIUDbfPC~Ls7$JAb>=b8Oj<@YV} zl7kKTaDkXu${nBAOJ<2*a_mS`v=$!^DX7%|UbX~33jU)tYrm~VY7@mfnnRE~IE#kd z=Q3IgyVWzEQL)*ru1O5O+^4Rk6bsgAox%D;*ykyU@VLUc;TsI>w3$6xsJmzx898Z7 zt>CO)mwDMY@uN^LUSqhuu3n!;Cf(L+#w1cepv+gB-PZx{i`hNPhc z_?8yHJ?tpVuY11i6fZ2sB;dH^>N!(6bh7LmWr0T8y;$)qEPx!W<3^HG`;u=5qZ6$1 z_+ZsBX!63H40>2Ce&=B9NTKEGpbHd)V_KB$7k=Jj*QNhxeE++j_t+;6*y!~?OC`db$z?5FpUZ_!EG?bX)!gzz4sN;~}*hXl4L${;rwvubC}CGXn?^XlDEY zz<;&-F#Chy4x|YC!)o=L1NgYI{3{d&QUnMPNRdAQ_^Xazf5ol>QUnMPNRdAQ_^Z?x zR+gtK0)OOJJ#d8mq51%jBkT{c3%@(Xzw+$=4nQDDfCzyk`4fb{N`Cn(rt`xHKKjiM zBw_pQ=C6Q%xBoB@;Nzb^0QjqY|m%5yNgh3TEa* zpP0@ief}l8=qc-)4biU@W9o4Cms-gcWYq};6>yCmo$fC=cxR(1;ws*>xS!88J@Y1D z=Cn#Ed0%ep?B4}f`BuoFJ#w`_lkCl;kV&?wN-un>Cf!FXRf*z#99=wLyY1IIE5z=U zTKe8`JK^`=Ox#<-o~39UFgwCBXD|Bfhv>T&>IObdleTPh_r8Q&POhFfIAAvZbz{dv2s0R$LHh9d($% za=fK>JuZ1OF%jubR;NaBJiJ4SW+0Po1mik*oQgrn>{if3e2tj=p&D-+JHy?Cr6hDD z*(0B>Epd-TrJlDC+KU{*!`}JBC;iqnBmCtGUOW4PCBE0(`vYtlLzt53Bjx&Jv?4ki ztmdsz?Gw;0H4$YK=9KT=KcmY7v|{A9u6<{8jb7YqiRw++m_`*VY%0LN$EIz`EQJ=o}GFQ2cU_kYbdP8&(V>shDyB%W_XDX$Uv6?;P?KFkZYArI3usyE$ zrfS1%+Jt3k%C+=mXTV3$*G}o=Nn!(Ae4pNq6up5bT4U9SBxu4<5scMVbU#vw?s|`D z6Rp3^D+%i==DUbfS%+J@$8sZ3-KOMHO!(&GY&=Iesn~Rk$;k6Uv|`UzsdaxB8AG#WeEe^g- zO^+@M^5#1p%sV!)?_etTIiLl7AVVuQmTeRUsDT7T_<1!hLB-ZV*y`#pGOR%1hiqna z^Cc)2sY3F|nGOLNh{JFiIpsBARPfhK9q4h{mdBrCYTxV?Pu}_8kW7UHS>jp*nS~?+cy}?>VGD8s(j=U%s}>BU zK>g{r92nKSNJko=iPFMiQG5`GlG=O}nuFYKp}I(#U zJU7sNPK3|6g)|59`-l_gtg7oBF?xn6Kv{AlfwP655 zwbOo_XMKZ&_|b;t+>jrx)|Cwb5;!7x2{zMSdV>+@oM45M^D^?MJ|y>3*mBZXTf=FX z0(HoQ-FhvC#_#C2b(8|yQ=!}*aj#hH;RXeV|_e_mnGZQ=)j7Y2)`*7mQ|gK{O>6${u6JyI5FWKRB`c?a_N?{_cI11>tyRBBC{B|xFnqQ7m`+R zDE$@%6!<0y6;-E+X)nWllKe`7~}*J zf?QFbXmr+TjH?kD`Wdt%Ox&4ikQPqUu>0HDPmAPF6lXjt0y2h_6nviDFXzlMeI6bT zr%$l&H*C2`iRdtiUTx8b8QC7)ryoC-3e@qrusXy!PI>KLZ~Bo$*&Ebi$OcOJWXu8U zaGjiIM6KiIB~PS|BNlP3lyeGo@cxS(2J=;XydYvF9RN66?_CdVq>c(!_+%mO$co5y zEDKiV9nyPa;sNdbz^LF+wv$OlY5HzU?DcMTN@Vta6c@9cl4fDG(Toxli5{MHmbDOv zmqnEHf@~s=^2!jp8~JtvX8!MjFh8IoP_#60d-wzE5 z?Z$bRvFl^5p4ZW)wQJi=6kG^rwzE<&1vD743*791u4q(Pw5bvPBOd@Q5qp8Lj3~(Ei)^$!i$Te3x z);lHRhs(#1KFBlK)%w-;b!AV`v4IfyzG76k;M;9o6pMchC2 z&!?rK-T4obk$5#vox$^^C~`0&6>i!|v{QtbxUc)QZt1pJwgtjFSbCc}_tcwz4rfeJ zSvk|YR~fP~C~p`jqnnlRKN-1HtRqdYi`r~R4@ zekfC~UhC#n`#?gdJV->J>RpRwW7kCd=YRl|z&zcU<8}+7;M5Fgr4n*TC8f!&br1R; zNuvhdquO#gx?a~yDWL|?svwV@?jQWK^MOSKFZA$G>W+6^+lRvL^WLmT>7P}8)M;uO zr~j<+@jyuGjliw2T%%$BD`Gz5G)hOoA~p5)d?v?bM2eGIE~rmAI_}ORxcmCp9ancd z7FAq2P=%K%XZ)>&L8WN!wY!#0*4KxDN?ck4&bgXSF`+V!ZhDN&F?9qj?Ip~~VDvOI z4xOzBU)|MJW47jHtHUAW={?>O4Y1v}r&w=~&_}aWezOa;f{M_eo$+a3W?<*+tK%xd zY*X6Sm3w#3ePU&KiC)p#L@ZxMe;>}}%^`4_O=fFNey{UM2(nzq*QDdwt4yeXqilnX zLi*sc^P22t0u^Lwf|g0ST0P@8?=%RpgAG3Hd$F1D#g$15P_7Q}cV-W81tW?kRoxn8 zTV{GCf!gw*ep%6B3)2S;6JsvaIIh~lGpM*J28G65^Qpf(4~XD8u_`Xy4JNzAc3TOK zW5E4Nk_+zq0m6)*$pII->jzUkTyLBuLs*6Kf?^8;qAmO!+^l1O4L$+a`_Khi3yO?v zG~B*UVzI<9w8obR1LX&_j;luX@P*mt-|53N>S>woH}04HK&9yjhuA7%X6r^Y7I$8< zcL8M0t_7j^nr7rP-3j!H@zswVq0mMh5GFtB8{A|SS)^)cWkx zR)agf1>LPCHOJyI)3B-8CfDjkq_I$UFZH)bX3+$LJ+Tv}=^}xxrSa&4a#y66$^NhZ6HDBP|zKJ`V zvmWS6ka=_dcrH=s?+yW1s_;Ce*Jqv8>HiOPXB`!F+wFZ?x30S>=iK-6u-^As!oAjc|Cog{jKBGC#ooW!-+k@vn~II* zYnlc5`6KH0t5&6tNlj23>G)kiub8cwdi3A!%am_hGMz=V$m}krg1Ntf;J)lqZZ|}O ztX}_MK|q%A1n`D@X%c-S=Du8%$!U zG;}?8PSGSyQyxHO?%+(Ueh6tF6C^;3&Pi)O7_K~mR4X!hxy73OwQQzt4|blXCD^b( zehjK9LQS0P8IR5rY3uQUSOI8mj^hgor^!9b*Fulv35-QGl7+fAb$04&&Pf}<2Kd!K z+#&q1{w?14p9?=Xt*`$s{M@$R_^a^4dRu#x^;WmJZOhKYdMgC6-U>mtM}C-CZ-pSX z-<{}~*lx8XPzL*r@B=Il_WS4U1=((eAYe(K->=_ZknL6o0`@}zy^aLxHv;+xC|dG> zC%|t0zWpx^J=zfJdbNbOi6x z)gFZJCc6L#2-+nq_W-=xmpp_a1nm;g5Q28eeF*RNCI6cU?^f3SHxb^gto?5yyvv_^S{X=0hZhU!<~F{FZ>VMLLec?7P8!f@Ne$q|E>Lr01vsc-1Z{?)(ZqZyKQFx zdY)cBD{AY;@P}d<&&)cffnwZ-EW2YrWhRXM5Sh#@9tZ z-L=xA3aGCwWEBT|Y~s68%FK}3NXy+A=-Q#5)_DKTSQMM#jmzFL{g>QtPw5SSBH?t` z1j2=!vcZ+r9>=F209gf*2}k8;_N5;L6qs89gj-$J_SJahMgI1-_6grhn6gtak)P2O zKg%*@z4~!s`FLmLv7S_1Bs7lU$0`P6d3}Qk%}K2b20p-4`ZE9vU%EL%d>1XvSa60& z40+=90ZC;Pxzn=kuTR(F8l6KG9fYp7uQ#ysy4u)8>&TpTdo zL+7v+1|6_Od6pyxI$+u2)q*ieO{x`tEF!lO*fQWr>6*@h7ldgaH~N!5%y7syU4b7_ za831#IHnnyoFic`QI9O==(%ty*h$hLLN0;2$2<|AgF2e*lYGBlVTuSj1d!k7zJv@A^J5Z%^@V`jEo;cDl(m>VrwU0sR^<<4 zB7${Gv@@72886>zWo#XsF8-y3^)6ZI0OQhFXe+1###yTDZ7|=H+SSo% z_dJrCPzGg&kZ+J7V?;Bp@?|tqx+DW7!RszFtga#~0sed$-dW(IDBbhB*N$WdNV$z!!^C{(>xTHAQYrMHhce6_V?KB0>k~v>m)9qG^ zZiJK}<_&0i9Pn!qlq6xR_o<%z&&~B=4sCFBORHR`RkJ0H(>}p)U!)SoQKM_el5{4y zpjqy4s2Zbj?%58yU!e9fF|1SW?Z!#OZL`{XJ_PX0~N-Z{xv3BV;rn6e<_Y~FDvLcWy|})4){p7FJ9uk z6vIe>8jeiv6fIJ;*CqN%RsbUz=0kTX23gQP9$=C#*~pzPNt}#M2zMAw0~eE>wHj8M zL)DWyIcVAyCLh>fi_9aFEB`u+yf?{4Cz{Yv$*CuYdyh(N4gZ~6l&n6#3DdASiVqd( z5R_TAEDoex(ttjlZ$Rh)ekIlwL-kgoJ8Gn0NupI++#}XFgR5(SD4W@IVW3F&{H>Dw z_>Lb{wl{s6M8VPadAh`v50!C)mQ<7$RN*${CcI4 zsIb2eqActs5jnQAMQ9|opx8SfL;)ENazVX-JTI~q@Xjy;+J(q!90n&q?%6TI;FqPi zc<(^hy|W(FT53gy$lkpHnyMqzRfIqqN97bYt;c(bKN;cFI?dH(7%O;%PJtE6a!XKJ zDM~kNQDI8O<1nqV4Dh&M=!DaC@4zX<21_mq>)K3N!IkZw;e{1qfd4aQLej?K9x%Z|vSvCvqd zZLHQlBS2-f59^8HGTdnia~*M3qh$XPH}6Mu%_xuaP?Ab=c(WkA41Pd~Vkw?!s}4`y z5LdR-HC|N_*oy#Rt>w(f!10r}^?c^qoD9Y@9^&b*2dcYasKT6HcusMCa_QmwJ}Ljb zG3uzWIjcnU)pK01JkB#VC(ksDG?yuLDS$@OPEy+32mwiMI1=T^Wn0kV>eI303ffEd zP30eq-LuB<-W!HYMfGbcwRmW$;IYUfQi*aHHlEgLnGGJ8QismY@E$6Cwv|=-%u6^+ zIHVfs`ztnWEnhxUCuJzkU)BKkIO! z!AYixHunp&+X%0W8RRjF7nwwNuqE>H*_55Fu`|fqr2c6>L`sSD>HDi*B`;TVW055H z9O$8E!{Uwh5rpedSS*dq?!*oFh#^!(vqO@$B{Mwoa57;P{si;21d#~7Z84aqkdV$^ z?Ih{k z9Jv56lu>jnT}1UGpLEs1am1oCzVah>5bD);buhtO=5MV z{RH5a<*|;(lmn+XU{uDOUsRgS{rIv{jis1h1`l;_5tEkKSZKM#Qkln=F18hnn-T(r z>z$7tR{syUUv$s|vQLVkE(${wJNdO=vF0w=#uyaEV6{WBmFAjjuR!c zoQW=T)H&v1%;kv#&Cp80q%gr}w!Y9wm=wQv5oaBShm;1_Sqw|~gGLf9GE>e&P89J| zVu5LLRc8w;Z9pYJ;-x7Ttfj z^-?t`L^gEQ8dxgRS`5a`o)3xlTf;@;3wUE?5npKuWp(^AMVy~g9^k8JU%o~qYvoQY zrI+-`Ohzc@jyY0TbdLoQDrzc+Pv$K5D=Xwo?sP>N7X{hFO%q>`8G7}qcVoxO}d&e@=kNiSh%Hv3+OTct1Is@ZZZw2L&sVW^YO z8u+o*6Ttkncdea^46-;E!&_8%Iv4EmaJr$|gIo$Hq(;0(1f4aCW+1&9AK$EN@k$uRSvpXe zJ2Y)4?XwBxiSTiL1($kS`h_hn&D-iN8fB@?s)U?BFyF+gmyA_Tyl#&=FLsZN6ooV3 z1!urZbgcJXaaIj_7_b!6VjCZt6qeB2E@ck56AVer+l%J?Lizdg#;l{m#WCB;4kABu zX9hhl>q(3z?*D4k5Kj{mfe!PH6a$S+Bdc6y!8sLuFPwytH=R_)U)zW^z&C9`t8)sLz z8qkKYX?BjRU&&!A4q>(Q`1@Kpg0Bn{A-N7Ly-JK#PfRQ(oX#KW6KCQ-%O>y5M+hBj6QO zA(Wp!5qP|qY#GnBW2Pt>*g2_PSB3UoTq0~2MYkAH;>(F$dZNX-_`67JF3LVw%`a5~ z{)S*eVvlpaA0s5 zB5yAJ9v{6GB>ovN(@MMg(NImUFUO)UcXn5s!BkYI7m8bUJNBEL3k>FR!D{}>> z$$bjMUu*@oUp{@4DH$*=m;EBL<*_kolCj2p8Ba$m+Q9VdBaWuov{-WUo+}rA=@yfO zea92>ON937hz$|`L1Y7jG>;fAlxLhak!n2=8kxkqtsX!ShkZpRU${ou%)XFUCAgOpxo|?PpOHQ+qZ#f1;rsWA3iVX zy?~)3aOM#Hh;+>dS(+2~12xRMwG|- z@&wN_c(#hnk&+ba6)i|p`2k+%tG7Ijc{~Z*Ostc~E?4?njRbZS&hv{E2XB)ta}H^_ z3X35%dpu8qk7h%!SBxT3cO2>~9#@!?U8*pXe{hjp&{Y1~$-ZIxj93+oV2UcHE=W{m zGrRmGrq!59Fd8r~CshqBZ}GFYL^gw4LdjhYvCuh>7(L2oza9&U`^rhYE%@sd@g%Xr zhFclbliCX{ggrHhXv_VB`I2vG!>yTd?T|+XPhA>>U`gj%$AGx)}$CgCQpWQO? znvD4uN1*i8w*fCE2;Mbed41<%f0cKq+(VW!(JGJ@m#5C^M2CaH8Vl{o9T0O#f$S;M zM?_SSsr=!%Z!$w5<2C3`gv0TMa_u1C88~!sKl+7KZQK><&aGRm7`$gA62Jo z@6m?rOC2e#F$9~vnT(e05@^?omy;SP+`9U4CS-;{&@T*C({dpF|vUk-0_{MOU|s^PQWO6}~o zQai9S7wCU6vENGV?6*?;?I}4XpxSWrdyd;foWKHfH=n}9@msqG1uY*?g1^E0*I?#@ z$P&Om1OR;8oHzrXjQi7I>s_kEgYbc56A&OsHetR8;N7AG+XKk6H-~9}ge<_WcK0E? zTaZ*O zPVm2#CU)RC&i_DZT2y&eFu{uM&R6gC0TcB(iLiujA8i`Vw^lX`zT!LSd4xi zyovV7j(XIE;Ss%EXW%QP<(vVJ?wlB1>bMT&d_wd$vZLOi)mO2RYUx~q8VeS1<(_8} znO*&d=bq(_m@&Au247(}C*JSkJ1bT%m?yL1z#+irfyc-XGL_ow8`*XF_FjC~RY+~O zJgSaPXt7d^TM&a{ZuQ18j|fgFr7XrvkbY@UQx=o|Gai8MkztHN!D!dJUGwOOC=2*K zMpmIGkR1*y zv-2yqQ5o}zDK@C3E-njdEi)^6;_N<__z~fQOyF~{#0}DwWTlgf{e~vU29zS-Z^}Dh z@jI&R`R|L?;^bITv=&inF0Ih=k3*E;HqIiz!NunBlnKTG6)Zam9)yq65|&Bty?PikLX5O*|jjh-BsuF%-(~j(|f@mb_A(V4}W;H}H(IO4(Ln?Ngaq#iWYgvofoU_2Un( zBy)K+PA113s;?9(Rw6v5Td^7;?5bo2m=fi))|>tyNpAQG+Ql+R_m09 z#ONkEj}eUXD6nF5I*+|7^w5<=W9h-{d~T`wA%+|Zd=Ud4rh0`ADG%*KzviOyC8bgk zoSDZP$i8|=Eu_>@dPu$5U4BWLW=b+=10^dk_tsEdN~&=H8A=#V`0HWs*fBN|ZbVe- zek*#q!ec+_nAD{0M4Bpwz`4>5Y~c_cTFnz2v>06zKmRE>%NLNL$^p^5a7p%^E)qs> zyC#tgRp%WB1tN+wlk(Ks#2(H5$Y=Q+Zdy3&5-qUGMEbhU;|BnZ?;Nd@kMJp*tO{Wv z?0ZF>Bu}C&c+T?u^!7s7ow0-Q;FZ?Fq74kMWWIq${{*`Y=|m*0T&(2GNI+!GK)sm;b;XaHtUOj*%1T$jcC}CM*rL zJDuAt#5D*zkedzx^()Y=pDz5IWI4SCGd;B*5*bDALUPbT+tk!dM~u5a-EPMBW07TLjT%F+|7$~9;@Bl zXL;gDAIs5vHx9(?Ad^SCKyOzHmY*JyOe0*CO!>S4i<}?BL|;hJ=Zmh}I{Va{WT=t$ z(OP5sdD<1YOl9+M>ExSNO(tMTkH8{)8~UTf6vq+`QbQ`kqB|dz_C0-ng~$_D$7?h+ zCx@l!|KpJXYMKfa)u*mpS%+^ZAH#8XaH;~(3M3M(P-goma};Bp-8UU87DNSeckMlG zErLiz`}}Z|jVnEP7Ep#wT($P`iHD4x`jEJ-`k<@>McOJVf{jYCcuCM_k08Pj6dM=0 zS(Bjz^-t6x&S#ZmKJ)D6u%cSBi@3rBa*Jq!1ZdxXC3j|e6f<-&2`^Qcpg*&) zrV_YD3~toq|H8Ayf=rw_JCBYm@Hoj1&L0Rd$IUWtmH5P(UFJRe=S;1IK4_fejcY7_ z3N4gOOf+FoYK%eGa=N2~`%IaNp85juhrAF6%4W4+1dqnlO| zt)Tl{<`=F_gMkN+?=RE{mLoLSER1NrZzB;@ex>w5K|}aO>n4|;gh-cPB0h7{?Fb08 z%BOjzC%wq+8y}4Pc14#gqfzpSUFnvw$x5}%GD*Ad5k3{WM z6KVMetqXjVo_uq5+IFl5u8pofmLi@EL}}8`Zy>Mo$tq#MiW*U+kXct_1Kt%xL{yu3 zT(cNQ|19i(kx0m<4i@;TZXvHd2$mQ&5Q{{wLpWv60S}7)H6Oic-WS+r#+YJxOoUm%Pov(N|ktCe#^Pt?#vPW&8#Z%R|1cz_wXJ zohMgRbbmwbJ6OOwiJJQ4iHH;K1ymT?l2W&$hJY8bA^S)a^9b~36)+ju*xr+F&397p zpY^mR4aDIA-+BbVz;pr_x8nkk3v*$elp|kfw?k-|9yz5{9XBt3SAfbIM|EqQAxePq zk6a!9NIk=}1CNr^&qC;y6I^0BiWh2>PC7$#>Q@r#n5k9c)ZH`G$IgVh2xC<2|QG4Z$LK}M?A#dxZR{!v6qAgz=CS{Z* zpCJ9H_p~a<7tbP_g8k*opR00WQ#Q+zh)`4k)Z8YBFX!N@7@5;shExO>k~ajcFY;H@ zpr655xUA1*1n^8oEl63AiMSYzG6a;fYhs@{&I~vUUgK9T6b2q-1wm%)WP2SZLMG3`sM{DA; z;W8gp&R;gMc|V)6-DiZ!2pfDQcF7rd0*TIe0;eR~`jq42ON~V8)Fc67PBS=Y?E*yb zuH0soOT;J13nH=Vv6}4BG!uE%lB-NIM*#{+%sE>2h?i;fwPq;?9+W7X;!2{ z+11L!ue45#Ugf<7y52{E7;KLAl~UXIfb8m{A5aq-Imfjr$-fZthMaNK&B$6{{a=!= zWW{VHPg(MRTUT4tD%GTVTum=RM>les#&VgM8cf^}oc?A5VRfqX-J+SChTY?DW3Ull zN1<5xAs!)aK=xRH9PjttUH(q+n)mW4hRV<`R{;0eCtn|J#YH@V%@gYr=@23KK3Zpd z8UnsxPfx&LDhS1qJy9Wp%@gZ`y2q#Gyx^&*B;0*uP`SKxPm8aPjRTMuAvDY^$1^1<|lwi z1&3b@j9OLoqk&I}9Ix-E-;V3tPYH8~s0*0y>9R3cDPBnu^BZ_0HWq|5lt{VnwvpBA zsts?1nVP^fhY7V%ld0CwcxsjUG}UOyPr8>eG`;rZ6-+6ar>=XxhwEO}nA!~eM+KX=RGX}6IH@7o_v=#T#2-$1O31w}fF$R@;2f^L?z`Z!X9z89q!x|E?BM_qeYLW>f zBvOmJ6-q}GmmVIX8~o~s{#Uv~@A|ZF&3Z=d&o;4sOAM0l*sQ^C=UdeW^bTyJq5LpZ zBT~Y6tZ9S0;kZy`I>IkkU~?%ABgwwEea0ZwJ_KCZUIeCeX34{6S0QQ|x%n;ONm_AAfieF?s* zd8fG6tp?twGtV6jpJW%4PQb#ux>*W_ou&?UFd+Ls4|&W6<}G3OIFoS-Ayy={M;FI? z7(eB!Hczp59HaW)JF^FVW-{@RS@5pmYZEN}AWlW)L>DOG==1n9RlLO4&juYf8M(m) zYmkCA@4ky*aPM1u>WO$hAkQgKJZWVWMWA8aF5=q&@Amd(1dpYuIWJSIVMe(+JVLn= zM{(Z8AS-4^Os?Zo;fp~^qu$JUF$Y#xtQSO3A{sSeZa z=&PQQ`v%`2nB$H5riG5yd~{r==;Xi>&$OMO8T>QYQw1|+e(h<|$FbpdNQz9fEt+tsC_&4@RB=mu`1nmvh5b7LdeVChgqTX;HFD5ZN(_p@fw*z8{oGI7 zYqMQ+TH-KuRbb+gJaq~vab>@F)bHak1^K+2w={9|-WB;$JZGd4`l95rKPltA+o=)5 z>q-vyWji`N^o0(_rP+;gisJ08BKXD%(kuz_*wdo96P9a>Sj)i_;+WWV@ZgWD(eL;Q zUmS*`p35ill+t6=k?MDcatV-svJN8ET8HZ79428L8Z)*sx=NRSZgifkc=m=8 zz~OgNT{fWk(w(k76Tl#?fby&8tME(T$a5dARe5ZAwD{feN2d4-si+Kek542v{Jr9k zewiiepc*j2(&tvwP%gB&%AwOBF;4I<_nrG$RAz9&^S{^Fi@#FnKlf4Be4O4UH@|Q7 z!rb@3y)Vz_$Q>)Z&Rnhecv9{WE6ViO!{*sCNbJG!8t|8z;+&s9S1#GjHo_&_t=b6A z=+&8IW5!eD3n%eLQTGp3xY*>uictNe#Te(WAKRn*N!ylers_8K#i%4$>)L=iWlQV_DpQUN%2?tk70SQnmWfio%1io_PeQ1*7|m)Pkgt!g&9W0y7sQ*R^m`C zg457Tm(1||lo@iN09rHbo$v3<7Wnn;t$8d1(&&S5#Pz5!jR?gQbc~~@6SGj{Zt-&#cs}|Dq z&-OYq4PCuuAEJE1??V9%4z#&ni9VebEyX=iHXz?z71LnhL~o$C$S5--)7jr-f+7Z1 zR#=$}QGY_z)I={Q$&6CpXv{FLgnly8zuEUQ@^Myo%02Rx79lXU)SaRJV0 z!5u$HS-PG?%IF6DdNQ7FT{`r3VEp+xd2kVgT_dpy!~I!E8jb~QY)@dCaFKZY z$1|)b?ig+|?nZ>3$d_aa(ir+2a>Fenhn~b0e7dQp_)cuy20_Z&UF1vp?Bx<4@=Aq} zgkiiWHlO2|WUSEUbw5&Y)irspRQOsg%3FUaGg_VaAR4)|HeCkzPo9HlJIdf`6aDU2 z9eQ$y);)RrJUljr5P6@Pu=SRKB~a01M&#~L(K!C5gZ#%T8i47y&h?iPr~sy0$%|gV z!ot$dmgp4`6YzY{Z&mD8E#vroFcrY?TP*`H{Jsi+;rD+90QDTu`vJhP`tP5&!W@9% zxBLdUJw68jhPQve;r4>SBT_fdfhSdd|Gd2*FexAO90>r7GXMU??<)d;)hK^I|4j(E zO`Hb+>)hSEew#WE3i>{vY=wfOJxL#5g^b%6C{4`xqk+b5!f{C z=4>xeEx!-potn;rOfnNtp9c{#1J8)xhwx5O=RpWTlMGyepl+`q&_A8zziB%Er8+$b zAgIqQh!6lQqHrI=e=I`)ID#y|&W<++KY^vQ|8xZZ<`{2B5VT}K?%`gB=H}oh5b);U z=RE-L%nx{wDZV-Q2_yuWLY8|F-sMdm%oMT!yLf_3A!x4ubdLWyZvrxfAVMafDZB^a z&3(vFay8u{|C89xhfMD3nJ)lBPxe)065m8Z<$7+V%fc0=q_G6 zmhpQu@=`MM4D&}rDI|7UE(R-9SjdH%b$7wQNEPLLRa;TCw;!Sp9@}VXqDsZC0K8dm z&4Ic4r81H=XlK7(m4}4Cg$);h!^(kTM^oJ5B1-ADJ!R~&1@;TUF40aAv zJ~gw7^C=#vzCA1QN;p*QPMFSNi@&lsm*r4Zd8}g3B4eNPlp!mRH7#~T>Zrb@-q7+f zz=nM2xtDFmc8baRaE`x@1J}9!-s2H-K~9B}r|8}jix$j_^i^NAvrYDNlwY&h@6t6) z%&T}}GnEhH7pmAk4ElrCewL)kSAyb4< z7TDoGo*+)KAZB=0rr`5srHWSL2iyo+<+evQPd(U}UlyyBJ*VvZ7lVrY_}mOFA?UG; z%|3)_iiJ-sO=b*gTB|t|#px$t5L-DKwBvM&l8!M36PXbCw@=^Oye!w^#u z8Y5RYzwi6wuTQ8I&A-BKZ-c8q?4q1N*3R@@V|^dnATuQ*$`O{)3|swlr5)i_Oj6}# zi^F_fF!og^oVcYb`A5H;F?deqp!kYJ0cpbM*?49>pZ&CjMI9ps5sLKZcN?5E47jo8 z4AJy4lcTa|?9jO!{3JqF+0J!}E7*gtLhXFQ2$RMjXtk+e05&)$j;oE zyLibuU2If4?XGS*ww7-v3@6IA5F z3m3i624$<}1K-w|N`wG*v{48dgk#pX$?aGa1#J_d8L0qf>K0AnYL*uup`A;(lp{Hu zLaRLSejGc88R=8q(?#=d6M1CYM!P>?BG%a;us=!LIdo>bN|(~Q zqZU`ah%PK6%_NS!WC*3M5qbroxWAFOB)M4^vc01mKZo@r47RDoGgnCa_^B#0Z@%!` zTz-AYPZc%$dND)n-K&ZYU|ec)UkdRdLT6Dgd9#+-Uy3$V=_5#qDW{eEoU^7laMgN` zHyUaplZigaf|ZQuqgs{3`Zl*!jP1(rLx1QK6~`A?9tGZP`R-QTlZJU4cFJiIY9|H zlp27KQ-supR(bRKmC>VBa+@h zp~{RjVJ4r6ecLRVmtW3rnVlcqRc?Ww@3T$nQSEN`RB0<@vY9|io zcd#{mb_@Jc4V*7wFOPGdk%vG><04&Da!_epvwgPkg2~_SwK4pdhmn(|;$mNxUL2<) zjoA-JmLD$*afzM~^K?2$N8X8P6xWhE7&9sx@{HR|`E`WXY3G7k6CK!<+~bCUzNWs` zoIdgfh;|x=qng6tUIhHZ*j{)y=SHSq$4_V>AZLr4!B1Cy<8k{ zrg~jW*4QPP95q{~$?ozMO8&xF`nn9d?mEIh+W9HgukgzFn&F2(MKTJltjQN7H!r(orJC6->s1*9vO@}A zj=wxm&lWsHDTmOlIEnSYw(aHbemd6xe%c1GEAZr{;#~LfZktU=y63Pe-|qP%_rl{k z6IC)OWI17dF8MICW&s;?Qc1>Q>FW?ecAukHX3t77c0wWH+NxI|aWRlf<0@%N*p~tk zmkT*Z1ND&)#1%}Nzhm>-m{EyajboCxdK-@r#4lrV7_Yyc@qSLQk!>uU^f5!M>i~J> zkkhy$O86`^^9`DmKk@e}fYUS1L?7gmDZAkWLVbOc11O(bqj|bqZ^`NfR@gJ^BZHqa zjd@#z*R@IgkK~gYQ{L#93AfZ3klUK>mis-0FUHw8@3b`)DVrx~31S)t5xc1}%=m;i~_t%w-zVe*ae3RJ^jjixm@ z3vq|V=1H$VgI`49Vk4OF32Z%YuC#o~JlXSf-I3>6C(k8)rGUhmZ*Z{(X~81)A+uZm z0#B5Z|LQ@+++`<8Emo+RVO9#fXyCNgVw-0%~ZQa*#dOrsXE8dSXQutJZdkQbJS= z_5w7;Kk!~DLKAH{);M|0pozOSd(VMw&E-u zJJfHObWYWRF)vuXPK#$=II5**68$K+Oi?!;@>nu_xuJq1U2Nx|9W65Sh^*Mia{r_$q(7lzL;7Mr*qQ-!yZ_?`78D(_#%oe|bq*l$ z8s|>kWIOl5{9rb=qiGpX)WW5u{Qcv*Py#Wk!&aStnFcc2IDBXow#1LloXH)K1B$isB@EBCnxaw__fF|9r_ed-SevNa?PTHBxP@RVj2AFyVE=Tlv0 zfdyk2kj^~Do+k!E?(9$U9jWa#XQLKlnWm{ z8#FSOTLs!dzN?Pwvjrwn)mcKhW%-c_R`66y4HuJ~IQ7W|>q2md$<(SCf5I;&bA4*K zkEStX5w0}&_;LjN{HG1COz2UnB!ysin|=7x+aL-&>1U(JkXK5dtjePK1@jCa!OakVm%bGrylbH|xw#`nazmu^=r}U>Uk}!r% zm{E@7qT3VB-sOB6RIDvZZAoA~ypPcH(?Qb|+fp_-1wc`gH)yK=yw40>oIgkZ?C&z8ajRPuF_ z>n?A}l&sfRE`q9$i_?@(mZ)qx(xCx#b#3PqP65a1xk6-6;&ScjoHh{}Wa9guNPlqH z)Hw_(mekl)~5wq&UF?-3IX?);j6AbLBak^Ia zGVQ-)uk`b_6;|(T{Pq>?EgAoe6|;N6Ae z!8SB8<~I;W(n(4SX+OU(v?_GBq#z6Bf4PV_$^~4FPkQpb8#d?NVCURW?ORMu71itM z6g6MUil56OmEqF-=AaqhEbveHwtD4L)a}VNJ3>o$Lim-d9;bPzG z?4)&EmW$&>+@b#V>?==zdh#C2>ROXSo=jJDkEqhOE=Ob7N}_x}@`7Gq5Bk%${@mVC zfqr46L(M{>DJK`_(O4l0{aniv`!1x)Q2{j6(~1|d8dxJ}2C$snw&^1!p^w%=uOU`1 zY)0Kl(LKE5&Uaizp~<0_spfEGq9#?X(P9xcby9`=^U|9K+LS6H)<*jnKEAN!C>>O! zAui_A*2@LIK2^KUUX6)x4xodtIqG?=^ejsDLWq7j&qBC8FStHfZ00yuCw&`Pil5W@ z=UHRpu2n`@^mfpPQU%gSoAR_(_#$$NoX0@sZJt~o~{?*W0#6Te)M$h|cD(;bl zZJouh4;E$-UN!kkTvb_LB&ll0@DJoR!Em8lE2R5fu=2IoGp!XD+~voasNyB9zB%3I0?|B$1{S@R2|G zG;7E3=M1s(=Mg_)m+wy+D~#LmP}cKm00tp`myZc*Irj_s%=7^zYfHTfiESHx$m-|L z0&6(>V)6mh&II&S=)Ifp1z>O@&3zMjUQ;hd7fKNAJl1G7T%*!*H#btEV2H}oyR%nJ_JI2b4=pMzFtdcWkbu}6TTse#ZrH%kq(2# z8aD#JgEcR9CeR6jyVC95M)w)_b2(25Of|7U8>VPfg-f+=1>;inr(ARg3CRMOmq;hX z22EobRK|J8yai+j6p3iNlLtpB6QnYekGs-Vn@0<4+t}RZ;=by9UQo2YA zQn_r1SvjUwNk+C)7y{Vy6Y?~lqz%85-#AGb5ALBr3;H^q?U~HNHGZjXQ)VSCtBf~P zzZf$asu-&#qpC`uXy7-9DZ%4!*{6$BF9`#dk4~?%h?+HZh@bRPx zHu%#TVerLl0x~k53Na(_NtGzBU%b!v^4IayM>Z^_*_@QKl2c5JczIvao;6*X=Pszc5LFOXp>dXji|$V*cV#x5QVe+!Zy5R8au_$ipin~rkPi=Pg4 z5dxeJbrQ;KvcQPEFonr)_heg75X;)Af{Dw6JqTAFcHC4d@@)gLje40RyO2y>_QvNu zRT-D)@ zEVD<)cA-wY)^x!{!UebnqpfNyb-R9yG(N@oV!O7gJ327!>+1* z7RmLLV+dbj1M*_S$hSe(kMhCt2H#la3(q#ed)3#UO)HB7bIxmXcNU9u^cAJ3-cy5T zD0OSNY9AsFA%m4;UadAqH_0EUWQ54;a9!j(8D2iY8hhf&OH~XOplx>Pk@+$KyGEcN z@RWcVE^ z70!*zwAUP9esL?*|DFs702bT+i&XfZC&S$~uv!0B+CS z0)V0UoA)vQz913+sF?qL;rA5*w`GI@H~r9o>36^~w!eRWO9)iwen0nRY zgG92MH{7-^2i&$U2WgMLU;lkUkZkdA*>t}L^k3zS2hk;gatkZ4@&`yaWd-KM{i)mn z`m6sDK9Ft-0tD%%_W`_Hm3#<22(%mAeF*r?&Ki|L30e;#vp$O0{zoDzT2BT1R%)Yfe1nV z?jD3Uce(%WO&)>}c-QIIC{rNrD zO&sChZ1sZxg1iZc5adnnL3k74_;NPyRnjExrjQ->%O8PAvwlr~e?e_&YGQc#<96ZKq&1 z6{-?zkIJ|Zz~2goUDDh#G3186=ed|+=u#4@=E#&iZ2ziTbehg^mm4eDZJ%@Ef1>euQYS2 z-Ic$#pkKRv(WlaOP3VU=lKuLP?g?Ryx@&BAX9^8%T$89$>Sc^sc&|1p(MsfY@lCm?OOg%hS;y2$Kj%B6`h`GjWY3`Co?R^yXgaQ`3b z-ZHA{cia00N$KwH&P6u}NQ!iKcXvy7E8QI;-3<~V-Ga2FfFKeo_gct4_daKHk8y_Z zALDsmIB>D>$H%MYT-W^0Ipr^x#&2=T8j=_K?ar;CTJp=jaiT%%P`(BzM zc)mi2X%lf^@t))ZcR7=3`>Rid9>1ogD*NIsNG_ZDUW!*H5;W_-nc=brG&Yo2=d(ul z?5c0V6*oOou?Q-2A?jKtTrC6pxgjQVh=29Do2T_4jS(eos83#Ja@_3dCLAFtK9@dB zEc@gp&@7q1V5pjA*9?s=phS3A`HSLP%5<=UX%(d#p#lij4eCWyIa&1Sj-cvyAHF~j zz)WbQ@=8;Fa*~y3=x)Qj^o))Id}$XN!5#|z1|KeA6tkSG{^VGc>qIPuCx0s!A5R1v z3QZwwpddqd_-O&bPR&nr5ngq0qhJxvoSW0|MF@-E;(3DE`8v@DKcB@A*_<^H{1SB} zp5r1R6g-#2nu{mE5VzR%<%41@G7c%03$L7Vz-%hu39{>ye>FVju*EgkajcT_45GOb zS3eDseHMV1{OO!82sXiOi}@R+7_pObyfYhjKuR)Z+Qq>W{Jlhm;CE{^cKj5Tm>M{< zlM1E$c6lLLmrsY)NP-X^;^oO$Yki5^GGW?kaf<_4ao-HVK zyR@fCmwg8BK8f34+}34G{GlGISgvja?GhP?$zEbh3y3 zRVLPy$n&}8zbMMGT4o3%14Z7l8MNy38x>jH?8eev_A3=>*=29GlNMZA_m0IFu)pXQ zIrQ5;rP}K?>#!bl^%C%eTRv4X??~1(>^(GD`q7uTTD5`oO|u27_S$w?w`5oIa4=u8 z^unXSPgDHI?#Z(xRs+E$Ehq{$aLm^^;giK3r|A{12CukSKE0?Zj@IY)!b?N6h)NKY zBMw96z``d+(h<;f^c0&@%BO3(N^*m?d*}XZjupDD>at|TsmZn*U3nji2~KW;q*Eb{ z=fi-10ko?Tmpg)5#?Y)n;|CXV0sZQZOuUuwwM6SY5!=%Z$Jpz2FGP&>>yrol69`000$b9t4E>X4SATag7{+BN8}{~s6TKvg z5O9y?jUr({UL#HpWwRtvlj6dN8y9;8{hXI|F$g^$E8=n^zlxV*PK?pZ8-q^sIpUgv zDU15&6wWQ^Mn8cDp$0T4`i@t8zcs#X)XQMA|1Qy+v01V2;BXL)z3NFLm|JUV)n!^b zM9~IdimoJ?oMU6)%pN1VC(bMkBCsJmr=BCdMy#N>aVS+=@@fz|Ahv8<#s-VCh{@`t z>M7MqRG|9eXRQ43=GdJ7rZ@lOCvxn-sSrQh7a;)`Z#rB-7q}Gn9TR?McclITD9h|gpZMTD3sa1@A?ak0xT}oXvsNm{ zk+wKJRr-<=rdU(m?TzMZ;NL}Iipf~t6UJQeawktkVi4h>!-Yo!O)d|lG6&|6&0Awq zu^DD$e$mk4mjb@8RJDsZ?5*io%#vVHaz#R}IbP32( z!Ey+UFtGAhK?bjl?M*V?plfRI?hEu=_N_J}x~zNng+a!C8v$Z`dP| zIy6Z+v@^Z+Jw<4yuB z3^P|&oaZcXMjSnCgSksLdbm|TEGO*k10*e&wu2$|b17KDAxcK}t^hDJ;b45QP*JAZ zsygrL2v`V(%HCx?(GMi_F&G<^(yGBdat%8^)t(FAXIbY3o0Id7fh-FQw;WYggP7qC zOZkQ)5^h1sA{O+N*f^=$vX~VHR`<{v_2b~kbQaPE!m1h_1I4s$&|-W~lY2jwMFrI= z7BCMd2wy@gI^a1%3-xKPTUVRDTo}v<4`lOlfS8N)A(W(IDObo` z@`)+&uk;g@xT#(3u70;so%-+zxT(Ne4w z!a|tplIEGUpu>km#E@Ogc=662A1Zw>U~W@oFlEhba?dz)5Q|bd4|W*y{T5uC?b=I4 zgXthR;^=s~#F7YX02aT-($U2wZ1J~9@1gPc1V=`@#==ji>8$`K3s9WX)EaObVrOij}=JVS!X3B-sTajZBDDs_92K&3GRdgmbEn%pC`( zQ<85@n0Vi})IRS%$v$&)-0W?gQ6iK7cYWPxk zH#?%P{YGb>+DOdO0NSr)-308Ep0B2-4ygDn2MkZ#4RD^uRp#Xi003yLNe8K)2eH3Q z=U>Lrj?U{sLLl^4m6;02t7Wr|V*A>hOY}E}CYH!VmmvKd{%Y4ui2YgzHv3TS3sq^G&k(fk1fcixS*SpP8s*C-ipIfg6F?b zEussf59$3lxpmQ#&qx;AynfD#xLLTY#jiDIt&O+Y@NVWrvqVr+uMZQ%7ua~?^P`03 zolCvrcPnoX`h{9(IquS`uFZK}oW0JaaNROEu;k;WI9wrxI3)7s^x|EYWZ>r;X*HK; z;?G4@Yi%1-t1q<-PRr#luS8ZF-@i>5q{KW?HaL6vJ-0MdpMMvowA;Yi_e`b z*%fI69LqD?w)aaoDVcaSbfRw@CQH^)t5vC2<{TyXh>%YD4)rftcAV1Jf75w@mBoE( zLI|}X2{Bt)RjZ^|nD@(|_f_mq^j-a3`fE~U@YVZx1yFTJz=tP%^}od{g=k)5WR8(x zsMIS#h*`PT@LdrNu{2FohK$Jkiu5gA&TnZ79pKX|6jOtGvDg%wYhCQUyx?5=tCikPdm^`N-7lzPISO^}AxSnI7SlxC5~i|ZhR zt@zJa-fKxH3wVm(uCqQWrhXb!MWgz`rRB)ykdznTVki%0^h4j{P09|1N>1>_`#ObS zmbzeu)+laHctSQ8aZPNsf(|6L0uPT-PJa@;l)#}paSRzkGBG5b?NF-tY`w%$vEugz z)Li!Tv5YR2Ylk$*r<2~YR=cfCcxR9`!UaUvgW#X68|ApN*f{$a+%!^tO4FQf>ya|pk%jNHVmli9Z@H`|Aq&^wRyU&)yJypGh2;9n7EfHv|>;3F8YbQ+j?iUb&g z3^`azAu8C2BAC9as~W_4YEmY$Oob;_c^1~-pqTV%W(ip5I&6n*c+ThSXY!c!vnE6B zZGI`C=EPI7%A#?ig`c|NnUY5ely&L1niM}$zukc_a_D?70ndM8tNSsk)+;xo>f@XX zD+SXqfr*kyj(}B~8;nfl_nJ~C1H;JJ4{}hj*s}YMhMHGxmI6%gDsbkk`=C5jSDETn4a)|m9EpNP)Zb(J zMyHEI@dtGt->}7s1*AOu@cf0qEYb8NMD-RUmhvyI^m0!qA0taU|Zr~7{Jk( zQgS#`?5j}Ne9KJ+K3)ZR31!mUwGxop=$NzYm))5jnbr^r}0LjG*nE` zMB-5TR!^dojWR01Bh77R;S79tQi7`LML!Wl*X~Dg7JSNUX8+W#kSj#3-@&U-?k2RF z)Wmoqj|og&*8qyQmhjB@#l{D9FO8a-o9aP3u?TIO=4j~%Y5KX7WQ?ugjf~&VBUGDC zr1i86I%g%RvXE1UKXv(A&~TGgBv8F;4f$+$;TK8wDk(g~9;h1+lFUQ?c|%B#Q=IqX zL+93wW(6CnhN`yN&o`OqU7d!jNiR6G$9QA7FZ>`0iU^f9X~?!ScL{{gp4c9c5R-nH zah{Yg-a-rWmJ^Vf`c8nNvFj$3&IFD811lt|aK)3N1mijU=XN*R?~xMExEM$;Fc7lI z=-6%H2IRV%x)WYYMzJ>baB)l6r%{tpocSwiT+2oJw(#+3+syo^`!W>jTOr^F(e(M8 z3oHiXmu`+r?#;93o*lDQ!C0;Df?$Z4`py?i>4F9r`rYI|bnQ4AIMd_L<}x&mV3>0m zy|IO5|As>rEH!ni0Mqs5>&=yncxNFbnNHFwppK$kijsnPr@w8ga>sac2pe^GDTX6M z*uprghh$_p7AfS^L6xRJ#@3=(@nc$Zqn-i5<`Yl%PF$@66@0~9Uq+kFp3O+bezAT5r+m8~C)iZ}~>JpaV0 z3ZY)rfKgv}EfzoZV2axacLk$}X&$+(Y+%71y!$yv!h#A8Bx&sPSZY zw&h9iulLRC)GGYDFkiD5nRSBs#{(2WHci2`yg+GRZ~E$031{A^Mo?avtEImAsJ!cY zR8rh+?!Be1%qwi*|4Gutj`D5G?kZqd1!1WVq((=?0NS*WCIC*9I4*8HVUcF}l+?up_C*2o{Plm(UbpzGD z0WF#vmkjlH|8itnJQ|8HR#QlL&JE$C9R}2!ZlP@3he#c*1av&3Me(iXDHNP0!& z22YK&*K^ho+dU(S3Y>s&!(7QOQUoVobF@pIcNRpv0!Vz#J(?cYCTvz4?E`;|+L>ia zsR%P-RqpBQq5m*yNBCDAMK zi{_aeqU(4)HsU8jGoy!PdGb0~^V%dg#aAP2cx+Dx%HFe-D?35`D?@8qLP5^o`N`WYCA0r~y`$uhQo&!m$x8!0;GO0-AG^{1&R2Bzs%Z z@aX_phyt912<6tcCDj^$0&i_+71Db1izBd=IxEb36vrI@EkgIdR~!SwsvxbvzblTp z{>TUZU2)8DC({K+5^rU=z(C!fuXnm%;D!31*MI&gJ16K8AE^K31YMPbzW&kuBC-R6 z_J6){_rN>xAUoIH1A!Vq(EFg+!6WK>Z}I0* z@Baz-I6;|5()R*&D)%W(9wTf7n&XG-dvCYMe-0t{p9TM*`0pd>dx6p8`-bo_2p>t` zdwZ<>Gh+yvWZ*Ugg#{m=O}#zu{u#hW()Zq;#QzN8Bk6l@O~gM#2%2PIaQ{}R|MyxG z&U=-MY>%-|Zg(<}5L9LQ0s7ustNPCjA*il3Xbf+a`hP!$xAy)&2>%q1d!TX=09-(~ zgusgA4;jOI4a%bsf|eohoMF9Nj(;hXxb@urYX~1CLwM|litM*8VWGWs#G88fdMjjqdEIC(}PzM>*}(A1h%C0(b!F|M%!fy%KZe^ zD9A9@uCN1JS2vYRUYEV=h0QH%(xhinqO|Czeh z87?$=NQw8mMkawGH}mdfsoeQq>!@M9k2GUcd26EvFJmp;(AujH6lqu?teL;v&fgC0 zFF;lu&}Um9Q*}+~ZfR^yE3tdL@fPA^9p9`QP*W-DA2cV>ncH8f!1LiqIksom}%r&xoDc%A%myI1dkN~+0*G}}iC0|q>^ZwYTlpcfM=nvHW@`fDp8 zPN8R0*(9p;_kD%SBa9RG_!mx{5_=Z$4qWViNk)~tNHgJ!ovKz|=6JzRo^JyuUzP~N zLO5!JZ2_hC-Y%)=Z6LCBF1t-0a@0`SUJWt|nn`?ff=<`$h56<6CZpI$Kyj~_K%bHY z`Q?=LagiOgTtsqkes)6JJ>j{d}SPc6&Q*Jizt2)Z<{$5%guHPGM8`V4D?iEG(;aWZS2bJ`JoKqp$XKKuCZSnDlzX*tbCGq#FR8`fRq8FU?c(=JWUy z6XQL`O@sL3o2brV59z5MhT`m(W$unpqQz|z?J2YF$MPz(GuhyTgQ zm?NDn^*dlPlV89n_mF?lH@4cWTz#vhUy%Aka83`Bcpdvmv_#A@xjO$vFx`n!M8?GN zbb=|0a2D8Ruc2rR^`^Th5`xC>rxLvL;7-BOz~TjS;VodrnAFdFGV^tUS1ut41h{uR z2oA|MKY%%gkW!x+;W%cIsIhE9JDcD*a()9qF#ATSzakFQ-K_de4rAZD2&@4>buob8 zjn19<>y_}U?2!a;SN@G`BEH7Lt?>ElfUU)lx}_{VyjdrP(=M@BY^tQ0onB()LyNj! z<1h9{>*CT;LiM*13*jv;36QFmcH!CkL`O+{+BJIm%S50r;CyHs%ibAlkAf+<^wU7d z_W|3%A&B}zDpMkCktyWC;$ZmVh0PG3_0oisaCBASJ=?~N+KHG&I9lX8D#7(X?{V+~ zw`};9qer@;Ahb_@?wjrX8n3S_cDF9X_%h`Z7X^v4|A6aYsl#jyE5E|JQ|I_KaUBj% zlNF{6aYw1`2r{y}Lh#4F?ASL>T`sHZPb?G!zV!wOea#`rdm=VdxUJKuGcKHN2)SJ& zneV#f(s~hHG|fD{wzJ8i*Vx7*5%FYhkhZNnq1Jxx|T^vX)GBZF8Ha!|Dbhm-@7&^?4btH@VP~ff^Zpn}SZO2Er34?B7u27)x<+ z#@#FS5}%{v>|6{!JWb%zdI@bwowpu7!H@?*j-dARn?b22D&5|UpZh^_i&p+57#BT# z1GBACgS!EKkfbd3kjQEkL1OF83tF#)g#H|%w6zoQZ)t4tlas-o2+O5Uk$K%I(ZEfq z6t-&7mRI6-e0(N+imW8)+|qZzKRUfPM`0}C8MEmz;K=xLVZRzX5guk4nOaBw{<^w1 z<@NC!?^%eaka1BW!;acI-$W9gGj6guT61T*X(J%%jOh01s5E^oTR4_tiJDwRhw%kY zJy;j1M4=0}(u>8>vUWSMQFUn#1|Tt-nS}KXD_I zRT+ny(DoER{rjNV^EP=1j-=$#n-U24MZ2kYel&duvbmU&b?ZID@6?|~pgOV+(a$Ce zvlgEzW}s#}hnEPq%0>s$OMS`bB+OnpoH1NMWd~3E%(Z_g+1#UzVVA!?f0m^EnRfC#WK%bx^EUW0W)~AR-_7bB&JSp*Lx- z0^P^VZi&EF7;}~|XkWiLMEB3tgh!~=@0}KisgKfemWWu-S>InxilZzB*f)}V;&~-j z6o~Fi`E1O?(8nAyEy0qs_lIT2S~2AZ+p6Nt;?w}AaI36=H0oCPOIVAFZEsqU0D*7q zh5P|q`-N9JqjOfN2Z;%8!P6Ag9nD=9qj#j1XSh z!Oh4Jy5g$!B_8|9r^bkMR^)UlkBd=UB<>WVV8&1fiziLazZDB<0Si?RcE83%f%Nlm zG|0RWYv^!MDp=M5`y^eNJ{qd8%%B#0^$YMjf1Mr<_9eAuTqGE2^n`IDi;MnC*aHvb z`XKIkDj}s^W>`iFT;x_}h@=s?gQF)&>$Uc1QENuOuioHtM2vMsT`SQI>mjm#wR@Fn zP>$V29@bnq)QW)J(ARI;i;&i))V~m3;Ds}!H<8r-0a)Q8UN6(!3SQ7ad^A1miIK<$ zGfte>Rng9{WXhy&}jPE`>>|U zRl_KxRU3WTMh7b~Bb;JRO|mLF#>%K7iV_HdYo%j=xOd@e{y=7OkZi>=g->Ug@MhCaqY=@c>^{I&#QgUtsU2Y z6TALDZtecur6DpanmF0HI2xHa0Xy3NxmWvdw{~||Y>#L)395TK=GY>J1<#Njl*Qu|H1|hV^_?Q#1sCiy2w0|Q5>yk6W~YD*;wmz zJU+v1F-gJ+8MgWL!vVo(g6k2-bL-})B-N4h)Y&XzT4LX`hGUgI=C)v6W6S1L0k4UE zx}&6{eqWZ$qi+kfdY>&_mPWTbzFdn`q+9|^#Qmss`#3oxyw&DdkIgf-?C~VFoPI2` zSa;_lz72Btm(gYV3>AruH^P$+N?L_vW`ze%YsXhdGE0%9mnKRb{qf6#d$Kvq|n9OzAmOj*6 zVb?M#iy&Wl&xhB~C)FFQvTHE^G}efEv_~>9^Mb&+$PtX+`x|y3_2e2dc-GFlSJa+Q zVxeAOnIOZw@NTe*w(*oB;MkQ5d+OEq3?oh%MTtumY@QUoAu1EBy4TCf5cL}7z!;|& z>^TY_t0A@HvrQbnUvvZ7$Oied+#wMIx5Jkv2#N>Df}>C zSs5Nhm%g0iQ?))9@4y6p?Fo1CYltDEtYCU5y%ok31sA;wZL!6H$i z>YCh>VjcvM8E+R^YKucI5BCQzP=EEi7%OIfj;0PZuzf>)ZAuh_Xg(F+ z+&#S>lIzUhM@^6%f5j$i9r~2Fc7b>vuI6fSqj%lH+dX5W_eawCZ@;8-ZF#@ry2ef> zp_H2;nj1gYS19wJTTY=$&N3!<;L5>O0tQbuY6bkXl_XsBhumu0HxKbVn@M+^pxcTe z+1!- zMltgFD#O|3FpDt{AjDJ)WVpb+w6Q^h!z!_u?Tf{9SEMsny4n56&KEPw!xjft4gIZ1 z6{kI{(;*TwZlns5bc@9NqqMV!dyf7%{UDx3)2q`_7pGW7xY#Hn0$1Y-LW2{zsZiA3 z6Yoiq^EkSC^&~h7&-^qd0D(zJslP4U$;lQ3s&rd32c2tL!v)usH?`$_3OTK!oeJyP zh9r3y{`X?|nPeATg69nZxgU&d&e@<|ITtwQ*+G1>IpI3)qrj*lb&>r2E>ovo{fD6$ zdzTQJv_Um*cji#u;nq>z`D8zRwC76^1ZD2sjbBofs0L#$)l35!8YFe6(-ckKk}{jz z90G)8R<^tq9rpDtOl8{w<@y)$Y9+olzSjN~5njej$4&F4%FT2+#o-dGmV#yUHo5ac z*@CU`3;LGh!Fmy%HY7o_FX|@IKS~mgZML<&^4RagH8#%v)W&b?SSrjLzf3rUaxjtg z<7xi3n3kNQ>qm-IgX|U0X-k?O)>M3{{O~~{I*;QnoRClEPb>h|Orx<+Iq`OS7|}U+ zMj%8vhFjcP&o`{B&8_<3c)!q>7bqC=R?Z$CkVgcRi?xFjQ?a}u`5*;=N4QiQiLDM{Z% zbPG;-rfkyK@VvM|)JW0wfMGV;C>kA;_&wv0eeWy0*52^GLt$3>&57L+tqX& z#xn*S6roI>%8uzF{)_gD>#uqlmXX$_d?aN6&~^rLb;o!C^d|P;(c%=`wt>|csL-Fx zDGyxQtQGM5Ff0q6Dg_EOXsYYW)fsqr(P3H6#Rs|ptj}k@e@85D9s{$l_cV(!x7_Ho zgxi6q2}54YYWW%j`62>uys@=%UF}R=f63YM%ZisbjwYm}9?A?+y$W%=ly*K@hQVk< zaJ*B zKX$IWz##Wsq!F06cpEUhyIp1HzKb++-$fdM!M8u}-$fd^{}pNEzKb++-#rj`*>?Mb zz+AaMU;hMN*m>?A2yBt{=lgf)?6(aKfw9ZGd~f#KmUf`me;x?9Ydr|KYdr|KYdr|K zYdwev0A{U%o(N$1^F+X1Z#lqS>n8xP6v3bO?;d#9dJu5edJqwmi+1}1cfAJzcdZ8j ztalFt<`@5Y|Ihy!aMyYeaMyYe5pdh4;nAb1w^Q_AUg2Xlv;xi%2k=@G6iwy$`|1(5 zOXnZq14UCofS`QehX8_>;Qs_K!l)t--i%_cK<&^2#ThH2thHJhY*5}k$;8|w2^^9qT77czYh`tC*Yp~ z1VvLpgrGAPG?ah44FByzC?fN}Y7srkP6kC&L4=_E%!d&EH*5WMOd5jqbIW-`{+mcuhAiUq4JO&|f?SbxOK}R77^l#_*erxg=fFP#^L2=BKhk3k5UWZ-dgyOV({@oy&?bgA&qO!Dnc1|5h%r-uCj zg!kE#$61CTrv@~Jw>$X(g!dbi$CzZ0Q*%oQbZQ)KLH}}&Z*MdIxuXz7cw3q60fhHj6HxU=(CzAj>>bFd0TF_Z zLeOOY?HJx`P9B92G|9jVQ_xKfEATVW-vZuiO&$dh2=BEfk3tA?YCwb_ zr{*Dq_ga%jAp}h_Q1}mWYCxcWJIVK16JSlXN7yGIrv^j_a%vtzc%MCa972#&10n?N zv*U%;-PP>qj93Ekj@<50Fy>0{zQncpFFjFTe-s-kFt^ zfgg!kfoI?CNw2I7JY#?_L90lSN%uF%~R(?h5ZM=mRZhzo0+sL zR%0$!%CAdX(Xr5(k)JuWKtg{?FCteuNKO*v;wy!7d_#&Rj0nR?bf1Up1HZ-%16s&e(ZB^{op$xKPLorCFd zRWdpp!PYCEl(!0K_qvdy89Lkp;J@p}(5=Z-U8GCZXrhIxY~2*y;HJvL6;UmUh-6|S z&{}clI(4o}VIc*nfXS@INAQtw=B(rajyu6ABW-X4(mzP0+RWNYa~&{A19Pl(-CgN} zyf5;UYMjo?>8Y4rmmhhPl~4FUw^YgI&R(uElU#@yXh9TvZN&7Qf<~=!g+R$@p zJ65r8tP7&tJxzH=9NPp`8$1RqT)svHoVf73_RnT13s2!D5#We(CLq?&{lPsKPDC`z z*9eeoa72E;sQZYi1&(Qnq492zlcG-KebkY%GX`8qj9v3yQh_g z+4Bw$yaQ>qvO~J5V`xdcXD$I*<}BUd2X3E&K!xj1g}2j$%0IP=!n?3uLLU;KS8pS< zWsWX>k29r!8?xJLxxh3CK|H~C4O5Sr2dJ+3l!~3;HR0Qwl$f1*Z3|TqlePOGfQbrxy10Eb;6FazH|zT>ZROV zEl2bGVe2&J991$~#KhV5dl-3pC7GkveJp^kGzbPRxs*p)mCS@jaRBS>351yaO?VWf zd%>~+cdo9a8(T(wF*H-m2;kK&1>kTk(v%|A$VYh^M<^jUmLLKSB_^`Slp<|C*IZ)g zM`Av2@pqTxS`x z!kx_(TSn(6^5GWe&d-KD20LpTXicl3hO`?H4bC@OLATa*~8|5?x7wHE1_Uq%U z=w8&MD62tkrOoygZU|cWy_$fAwWdtgao(HW*#Hl6U`>;!09{@d%`N!02K}#`m!6?U zArRj?4W5Zje8g@Pz*V1Vb?wDi2;P4kuZ58YANio=Tqv{OXZIMR%=y zSv-2n^OyM^oO~PP*a%+VVY~qWU+3lvJTPWCW4Ef@RBWysaO`0Ds>{2r78+A#ov!qR zGYo`{kg^hkkgL3&UkTqFg^S>lE|0T(yup;2k%jA1pE=`xj=4hZ*Pi0u2IK!* zW;_?yI0~58Vi4eoK&su9W9={K|1n~xB012b$ zWm5Gg7s0$Ijc8U9BLzG!QG^4)Fxc2hsZkuCkis-D2-U>PPo0rU^n^KeKZA@5UNZMo zEMcBAhZkV_nTRKFH6A;&v!-ey5yy_eLn{TMmKa<*X&rPL~TV0YEs9{b<|T{tgY5$g2U{B!-tD_E{}@5n_%n@ ze%@hRiMF!LWD53)^`{6lKQ1&Rl^hYIxqpOWt~PR#FDwp+@8V9Y&}v@!L$ZjV?d2>VET??`_OPUts!C-Nv0oeMrijVxoM?#Q%@he(G(HG7|!zfl$J zqtPc@*Z2hf&f^?hkHl_LING9-6;t~;N}<6RF6LAhGJ>R|sn{i-fH|$v9Tzf0H1;cy zTI1tj+!PMPguiFxx~k9lKP_QVWD4yxFY!-t z3L(sr^@RDw8067UzpyWrek)1wmM@f{PaftO?aP}t>M~;23OM;st2PZXlF-ZW1d57) zj}sY?f{&LX`wJKN(4fYV)>$QpxP1o}BJgDu zYaDVtm3uyxgR{kaQkDet&sn`6ktg3;o+%5CU*id9oh6sHQTA_|3T zyE!24KH2?XqadmHF?PQ%F{EHtnOeBgW=ZNuq45)cOY>p_A7v~3E=`AGnOig#6dIod z$GA&w@6~YM?|jzJ9`z|`Hz9oUcnE+CZN(ye{)?xoyzV5>tm_{5gzN9TdbC+5q+F}j zJ`u9{Vhwm*c5P33Z1wTkb;IYS(vZZacnPg;EcdA!tE<0)L}TD6bqH2iJ8#2Ttk*izEM|0jN ziypw3hrr82r9X=6&X-=lPdfS>BjNM3%L#qYhe=4JSdb0GTK%6kFgqXo92Kl9l?5v6 zi9ZK_b}y%@u@kI6x-xi|gC+F;{X++~%5uOW*m8re$JiRbBz>kd-Y4c*GgQDh+7MlYii^67bg!V%jZO@&w4SIA zK@-#Zzyylh@fWD!^RK%av$S~w^Hn|xCu$yHXSNgJ&tcI@po)(Nb89k#hAj#hB!^qh zv9G!?J{?U=fTT~K5oR(y!r)k_e8lQ5K-dv*_{_czP^2t}yOO^%bGtDjOj!!E|tXV^vw@O`y zT^Tl@`9GAqM#SQemYPntDsbd8Db+AF4{=hW`O_{9JRNpu$JkFRf5Bx);Gn=+Wwv3R z{w2bpVgItpGG~7wO$nNpc*TbBLwQAQF!GtmK8psX=APDKW}B0rq%njGtQ!Gp^kI{> z57P*WP1OLk#)QV1p6U_}8}@EEj@X0+f|UtzlRgc#DY1V^q4OdPWVmmWbJ6wz$NL0M zEbs)06kY3R>K5@Fq_xS+fJ6rdCBMVC-mz<5OuhHRbEq9e1&w*&$@BF;GZ=5Cn`i_NzJLDy_#~gzE1sgg#m!Orr`q@P={Yh`2;{c6} zj4mmdIJClto~Vq$!SE;oSso8#@^*u(T#3M~4Ayus426Tx_GdnVk}yo0pX2k(k=vOi zU$iGzl9)j`rukL~GqC|%)>cWYsgit=&ca&7H0i-3LTFEDrJ_V`dU<#j$d>M7ME`j+ zgXuSEj)Ry(1e^YQ^53b|rwvxklIOnYEe)n$8xp%|yyeY__?44c_tq6!)zd0Rotfb- z(?2*jrH6@eo+1`TPJUx0$Y^9oOU$ZffqnjVPKKajPsLmIK!#^V7;$F--`{_sqXXQ_ zSlD3FjI0Zi&LZR+6iqOsa&R`a^miD)H#%e#lwEkE!}ieRRPSVcW`{i9rhz-7>bAgE zFJP>}?mbnQq5834Xs|sRQnS^x9H05TT<~XsU5j&jj%;C~VRl~UAvbpDIRs)F{&GZB zuH8)vCE;>yP`tU^C=wT=Sb=l`viUdg4Hj0f#UC-Qj*jF;9RnC)MDMj2D}dEEepRn+CxchZpO1dT)Rdm|tn=Ea!+IbhJ`PDi1 zd12wt)mWr3=_S1g7Q*u0-gd2>EgUPaS9jZVj!nOwIgETRY*ns!fVH!y(73AL%(1)% z_9honn3T;|3&D|__tdps!!J&xS2gl95|Vgm=P4_J%m>Ugh{lMElSnBNSgZrAU(XK^ zdei0O%Zk=4P~WhPH~#k2o$1|&%Ke7lDfGk`0%|QKw0v1o_mje;jE!!e21GpEo}aF6 zw?np*7B4w5)3k@-TM~}g3~Kv|!=~BA3GbBkcez>{d}v~O=OT$_(k9|MnovTLE-yXEYDHLrZ(e*XVBZ$dk}cV>et7b zSFtg@XOa0cm+Tx+`4ig4sHY%yj5ZgqN)~Tk9=^~l5#KInh$z`B6%}(TTKwhFZH;bI zS|~GRd**$qUG^jIeQR81`Sc4qZBsielG+$EPFmoNPs@=kenMaECYOBsP?5HF^mI4B?0n3;y5o$B7g+Xaz~j z51u_&>BEwZA6UMbYSf;yHC4#1Dq`p)NUSQ}cf5V* zN7D*~}dr252o$htJb=d(9QY1v&g1xtgg2jd{L&!2Y`ljfb&I_LN? z$&QE2H2lztFDjoM((y`2eftgNa5)b>7lmNx=j%p1S_$a7Nmqj3@XQBzOE{2AXdb`C z1>vMlbw^3kT8qDU&w5O+iEyu}Pq(8n$tvMBoR$!4%#;x8j=mIXOUw6l=aBq$OqVAZ z%K>aGJ{$aPN(;$lUEv4Mw3KMHW+hT0zh%@RMV*vrx@LUQc#(!VkDcV#5{61re)$CY zF9bpFNx6S9lzh%*M>bo8r`Fzx4V_vePuzfZ(YAZ~qy^Sd$=DQR*lbFYPEwnzMAyQY zc77J{6*SvI4;$!&W>POtkGil&A?+u)#boomI;gHHNFo0T6CF`cQ&07S@YL04Z?b9Z z`Sg22D@i}I1bPg@{@qlOh``{;m7gsg?Mu&<7PXTHlsr|)4~svhmIc=kMu1zhemcoK z$hCgY)*yz;`qq<1&=ye4t8gSb6VUPjXhEr#k_5nttkX@Fnx03vjLsC}v&Mu`kg+bMsOYt06cGXgLiFf9Y+leC3hs(h%n_XnsOjE-EuB-J0lTyBB8QPH+=IhPUL< ze5IX2x~Lufq9(7_yrtq?-k50;eIh7t3TJj$&>lRf3yU}hx&Ua}{DW|RZm~>1Yo}73 zY$X$(Y@duQKQ@M@x)#hq<@rUqphYMXtO!8ZDZ-M7x;t+W@2bSbjU#Zom z)>&MdAz7zNQd!f(v9ahH@a(vshP4m0j<`eXazeok@cg@NJFCZ59A`bDWIOJ<>9?(5 zYfGXYhaBI+(8}Rz6qi4@wq_UCE6O|2qw-MpHii+S<+v{SG9g8LY2IIcbUXoNsec4b z&M@EfVbI4x#S9*uim2|Dj)03XGI{LlpPix^!NVSo@bR?CV#Sg&*%vnwB}p@du^)Q3 zZWQZyH6j??7fy^^RTQ!_go}kLR{6)E5 znv%^4K_bU`P-{WYE+Brb?MLr#!wY*~gK?bUcYIG|g7liugcxYdqH5|kF`pl;oVmFCw<2Q2&UF{!|!s>AP3>m3K^x0A=~n;KWSm%Ika?v6&?}M^%#I z-S=>tWMWLPn`O=>P>xlb7T~%ssVdgG$LX7`6u=2o96zj!nM+OaHvH>H+~#D8Ygwu=Z?;muhpEK7iN zTCO*^G%2{s+Lv&}U){u}uW29!gE%vbnO+*EUR5NX>T*ErkhM9Z>etfdSt`EpFXL<; z!-8kG<4j_Fe;9M{O!NB*wa--HK9mVvCdM_!FPkq?6m`VrRsv&8R--*ZIiz63+y_{oSUM=%%H?Wy+~X15GMg27~KJ#WrL$QviFtgYlf+wJ@cV(+$$us? z0sdD_+W&+G{yq5`aMzps-;%EZcV*`Otz;tLt_dUHu1Pz9?N68taMz?A!1gD~0Jv+? z4!CR54!CU*49pt(SCe+YU6XdeU6XcD!@k?BpSvdQ0ANt>&+EGf-Zg0l0OO{h?;`?$ zU5{>m02pKY^Yu^06X32%JK(NKJK(lY9`H8tk0pGZj`2m2+1<-3y z{O0kBH2xW||BCB8c3KfIYIK`c1RTY`jXT{JL4Gu`3I`DIHm&FZfd5DZ@csbu-I??t z!rQbWAR#Ek{Q$!Io3KC17y>65!1Je#AZW7xa+2?F!u}|LAh8OF@HVaJ0fhG}k{)A{ zL1GmU;cZ&c0|@U|Bs~TpXp(^fJJ3!B0Hq9nJIVJek{$yPw39)EAhF6r2=B8etbn`3 z<_GO$kXQvo2-?XHA-vz9JO&|1ta3{ToZ*KM-fvJIgAlX~fps)NVigeR-!8-Z49cT8 z4L~k-ptcg^)UX46&A;Wl&zw98-)&kE5D?_lJOJ?4i~UcF{1`I~a%wumue*Zr+grK7kM0lH4^Z>&9t;u6dGRUa`5rU3F_6HE& zZ%!VA5H!g^pAe+L1%dwUB>!{P1mx6!2tiKGLkRD+CLDLgEFNUioLI_%hz-k8|r-tpXi*Nk-r1W1y`2QmX?(H?*9r(W# zxWGyKUp2r!P}7QCYQpr**6Wsh8pc5(u4p`gH7E}w9>I@Lvr=qL4BbHGusUCLxcl+v zbr!yf2gAYwg?X#6eixbt6YuNTF9g2jZh=a^(oDg0$?li( z{q#(=T0&Oy`g9$gn_p)6f(KP~X&;Y|8p}nKr(TpygbhDylLBc$pErENQjv2mbUC9? zvoIoq>txn_ov1L=UzC9pIY!yGQ$~yREh8BnCidEgCtT&AVea@WnNf8Q8l(&D-CKKe z@`^=p7^dO%8BiDMtlz)h9}L?-S*SE$zFSU(QlbDP<}4;Xr%~0gpZtx3NqZnoYEF?~FN68ib3wpY z13^wou%?XR1XvVVcxtMJD5$C%s)Bhjp-YTfitZDbg-QC^Y-QC^Y-7R=< z3GN!)EkFoPaCdii3GM{=AT#f?=iT2NJT-E#4;EGYp~#iB?p}9Q|GKXxv|SV!b*G9l z^WOS|uw?N4c3Ir)-hV{dL@4<)wy4>vN==}ELw^Sj85A9OIA(HSPvnrG5!f!l1xNy$ zVD1mY%YrOZ88ltYgxS1;N#kI^Yf!aj(^A3!jmN##CJmpQ!lnEHJNU&e((U9WJR{7E zdd!oq^-nA3zzr}#o~^GL3J(`A{6eTZaLUXsp{1BD-7_$2hDVT|uE4=}uP|*&bRT7a z)<0=?_~Cs9;qj|@``T9$xr|u0;TA;Ih?@&#CtgDDcuX9W#||l=?N1{w=O>LUpuI&3 zlpDwn@7fwpQ57-k8RG|pL951`N8|C#p??l7fJsLfQXT0sS4&T;3w$9|*BNPG6b=uF zO__$EKu#mf@EQ#aR%+Dv)NH4*iq@a2;l0%#`EplCws3`qCzBRrAy8(?V>Ph^Sy#U` zZW?$eMnTcLKb5xw7Fr6HD}gQ=|3K|fI%TOF8(wk@isu8g5qTe|<`pq7$1ygw zlS5)e1Bb+n0uD(&7K316GbXC%{F&Z(GsdqUEJ*CB`L2GsUO|`iHL6#g5X;?t8F|zJ zH~HJ#UC<_Te{H}X;^NG;i84>}r~!U*rQnqy+mZ32H(H1(BiAUPd`t zsRlK`G99I!ZRtKb_QP2Hu^BC8nH>uH76MnC0HD5RKIfs?MMXPk#$sk<^*k9y!y*j1kM&DdW zaE9eHk7%9eGa3$J>qGq^)Ba)$`$1ADAyWEk*7~N2wZt6S zP-5^EZ)aNZXZllars}c`x8b)k-l?$Z3E;-)Q>or#lSIN&oWLdF;96anib^9MeBhuU zz^^1AZG%ebx46Q?s0{go5y#t-!jQpAz}=&u9BJw9kNVh9_q!VXbaT1r))x4F5j~F3 z7&gMWY&b`I2v#IS$ zza4wLRq}4^WT^+$NJP(XaJ+o*1y0)7z4!IQcArJG(d4d2^|^4;R!VT9o{@&wGzt;cqJYaO7p+s5ayN$&bM0zQ+P)!WU{bmJ&Z!52Uq%mt z708-w)&Ss`EBCW$hGh}SQVs<~fdC+QL}maoC{tj-zcL+vQPSMvCjzNa!Rf6z(%dl(=-YGNOcU{hJ5AYvqbI>hNW>0)Si!m7 z&{5HeK#^jC-rPV>z^7pO1ieiZ6kwRzA@mC=rkEXcr8orh)0-}is=Devad7d&%HK$i zr|akz**e7bgjk8t2GGIB(Z@H4i~6$MKto;gF243ts;{3V`L$k^a)*J$U;)ms&ISi#%32@)bTAcpIQ zn*^9AaS?s5jq)}f%oS`BqL5E^-HlL5UNgp1e3bH1YJu-*x*9BeqStbxb_7tNq3FB6ZOnSd9K$q%ue?`_~Esn2;a zw*7!I+ymfI$D(E@@~Bm?J{UQ~lbt$HK|~G&btfbLWGpG#sddkm)1VRIvsmRb#+Sjq zSxE6Ca*c59Yx)UcNwq_YG4oy~DK$jL_l^dvX%m1{7{7R}#pXyIN`Qp#?tQ`$^j>Nv zkz5CxGa+k$_n>Xgz0u`(y`;5n-mfcQWl zpol$!ej=TxvXKlcD0+CxYKk3BQj1UEK>^z#BQSMnB8Ta1V;3!_a% zvp%oEnEjs3R{W&`kn&l5S#9p7EV#9n{jN@)f_dGY#Swk;(q|W`F6u*~8(M8r>LBI7 zP#}@mW8t}h3$A+{pJP=ndtwLUMK_Kzx^e0v#WaPzB4kNmFEA!H77bEtL=mM>HH(zIe${vYJVw+SbBm7%1Qv+rgW-uZ0gc$pU70_OvzOobvo< zBI$Zs#PUBPMt;)1igSG?%xF&fA2ItrF~KsAbUEUCILR2U)LR|XYisd`--XqDYphDn-G zhW7+lR*G3}1|eG(Z#<^Yv2CrS8b5?71`=|@n_j0-Lpate6s|FGf=6QC&!^(i;*iI3 z{Y5Q9S)~xT8#xI|ex+5LpC{MKD^K|B%sdf%N>*5ObX5aw#F=e7z)s8r(yLb1(w&z4 zhjcd+-U-~U2y8CDPUacb4}9t8^C-cbu)e0%Rs{+Og}lcks3oCtX`I@muc~u z$Vb}x3gh7w*(~a0&I$SNbQM>)8BT*-1%dc%u=T1%O-gqyIXB5NLRVmRhvdVXw$UJWmWF)>kM}8`mS@)2PUZj(2$njDD*m*K&MV_2W>)saklFa_BX3(Z*b5 zY7DAy>jK0oYEpU9zi&v5QWZ;{0!q(uQ!(7F!%Wh3e;bgD;Fb2N_G8+PqGQ}KZK0y8 zqIn^XzJnq*?!$Gcj!WpL`G>W+XOhyoUgaq2x)hCZJTuoB-!>YL){S-4JerXMoJ%ieIegq_)!v< zABJIGWDGC~z?;-dezfbN#ul1%oG38-pp?={PF~X%nrg zjlLm~KDoAT12sV2Z4F`q#j<_yw`eBTVau&ICC`GnUiSo8swtKzI@l) zFj5_#>g)NQsC_dtsB6qX7eKd^-kBK-5-gbl36xM)Fj!72K)I7c1j3`J0qEX)fGFAr z^_ctuC1&$h?Nt?c6|Dt)jZ%4ylG8wW`?JrO=oPQ+;)4aSV;jHynI}(jLwvKp!-9(5 zNAmBuSg3X!j}oMW_9@S(QcCq%OkAi-QJ+d>^NK3uP+j zh|baP(g%{TF|W3emBl$DXRkfQ$xj=x{o`>SSeoa=RN%IaRr-R`G|CigsY}Ed+Ki=$ zzk9;|oTlEehkkj&dWGVr{~m$)s%TJ9asc}3e}NDBtVr+!^XXbnOU!o!yEG4~^y8do z7#$ui?Lf?@r_>~fhtEXq>O16u-@nA_S5+tsnbV9KHsG+03nOLX|D zUNS+N=K4K-5od=7*Iv|yhqEzWOn&RBmh?$){`%6x-6TUy;1Zt^IiLHZg7x^pXFPTe zqc+ZFt8lr~^928k3HM*y_OIxB$D{88f4MIH4T1k2viN0?^`?;Zz0Bcn zDE#-B#akBp{egWOEck0H|LPh4d&q+6trqHC;k$*``(gh@h5z1o=(inYe77`wDz0PUE{%UJO5O#&N6Ft2_^0($?{>EDciP`VkMB|PuJAod{*J;wCE)*v!uK;QtR%sXq>l{tuO6eJd^aFMMI%sMOme zE3~&sR;l7h5SC-XDUi*eQzRNLap1(|K%k#|6fB3#2oeG)<}cO{=uewqMF$H4Wxx7R zpn>tEbE0Pre;CVrFl=kq`to_os!iAOvzeUfd4Ici(a=b--jh`2nYy}tsLm`fqls0C zy87$S2DOH6s=+B5X0gg+)EBDRN5>oKx@gyAHAQBe?E(qc0-YNzU&uqBifN|!?&D(? zxgm;j_sM~H@h=Yfd|_o6-*@uXQ%PEI9W_v2&7bM7d#mZwq+E_7rb=(P85!_l>ufeN zR^?_#0o%`rs%vFzXZn@`SeH2_Q7dfQ5QPHuStk+5!T73{<SAk_f9tfp8b2U(}E9Xpi2EUGYX3{GJ{kWXKps1CI8lTm3cCg6d zHusJSR>U1?+xb?lYXc;q;vX17*1{0fql`QTbTDR;fh*_Lz_t*jgmjDzJ|}|5$>WI= zr>RZ2a;5#-Ie{d*GQ53D1O|XT?Q8(K$S(j*cz|I{5CUc(J6alg5$+}Ew4mFiWo=Z$ zGo@X-rTKZ}`(+ATTIxz%7`)g&Hi=8T;8jZyBP%OhGdVQaOl(;3@)bEj3YG0QQ&Nx( z4(j(K8@lcZ@HxCC^)q+q8W0p~WME=Jfi* zcgf+2#LbWpZ$YCMvF{z7)%ZRx;qqVXr5rq)KYlXQq*fB0!JB108thLXUm9KLDm)=4 ze5mPWqRYot>$Ot?p4N!;v0)IYIC}O}?TS(>0gBa79WtaQgbr<{+UaSqJ!*6Myy{$`#05Eo@9ym))yXxbU5LX@;J8RX9KlP^&3$gG9ZMt2 zNY|-%8zVOj^fB}*IW&^LTykF%5OC>|1YjOLLJ-g@6Ej_!LMw0>2_^R_G_v~^Ce)b( za1(}-z##->gIySEA%hU`d~7qh^M~qBRELaf(xzG9IVp)Aa|oV5*bgA=SWVHP;AW{^ zHcM(Uh{5+E%C#c>Pa+ zrSLMl_BsIwkB)Z90;yg@k3euKB{039WjT)iRDL=+P-N&ODb*v?307C@T~5NwaMCSY z;#l$!>R+DX+P_ar&&mia zg!pNOQ(A<=F}mZmDi=L7=F~WfFx6Wl-F7F33jCm7`Pe9$%xUl;n>dHP;dQ9oG|}ST zuq09p7(lD{gSmn00METi5Cou`e~ELT@rfi$j;r2WsyC6&5wvFKWk3ZzdF^+u6j+Ju zly5l?B-*C?wYhM6Z=`XUEtD!PC77y7>q}Gs)It?NFoV0n=sA5hCAix1N{R|A@fLyX zvHTlo6dv86@#eFP%{@*=6}E!)2+iF5rZw^H=pq5H zX;fQGu-2FYXPJt#4$u;@@%-54y;gKZwYY%lZuzLV8cslUBIOO@)7^ociPBuA?^GP&!F2-S1>ehUEt0D+ z%w32Hk8+$lS(Y|5Ec3g4grBe<*8|w$$f2^-FM5f+k7(ogre5KDa;gZaJc3>$C`Jz| zj80MXrA>Rx%}o^qF0}etUzHFswj6_{zYZ(J>d#6uP%1q4j>t2_eHeN=CELRkMap*G zVgy){T7oU`K@OD!4NtvG{Y1VS7&)lAkoBo+YE*8m%g3l);S!MY>zZC&O;5*H=1@V$ zsh(7z&y$YkJ8vGO^IFW*SK*S@B?qWGKwXQ(c2XB zK~N1tM}O`kS^N>!eaY)#wQ7<>&w$@4z>Y;B;PZ94G=18b6F6iF7@8Dfnz$dO16&3R?m4KrTm9@WT;kFel zfc|I!#bJ@J{rzb5G?~KZkO|w)B7*WmmImAG@mZ~L9N&6(+HR0N_Yp)viKqN$!Sx2f zWB4q3&~`_=0ea8y5ILC=!m8;VM%FrFGJ@6D)tk4;*E&p}HLHx{zY(c!L|il%Ly~0j zOxpFK(K+)&Ldpm#Y>`It7JOPQ*ej}0c*5v!@9w=C>w30H*8A|WTHlu2Zdu^EO+Qz> zbO4KpQc-CF4PuH1Wk49=I#(b|=S#zJmo+vucgp$!`iHR*1@;IzH)l&l6zB?3xX>M# z{gF&ZP*9~@Txj)I!&kHfsZg{yEBLpSf*NOqj~XY1zq`)_68ANoJCEC!W7!2nX>dBk zN&|XI!d=35WCEX59J8UnJd$CeKxfbWNLY-)f?|ZGX*Nvw?GGi)(=L`GPcy?FbnU8`?=3{!&O^^gIC*RSLYHT?Hu_4_eM$18pP;W$a(GG(G_!6Niv} z2N!h-VN{4iDjXq%p`?!FywoP0n4B}l5V#2 zhbLlygUQq?joPG(Lr-G-nII%Q7~%Roor9*pYMiVbE%3T}xKY$OLJBL$PXU2I(s|zs zPUA%>8`jsQ?apzGW=0ZA``$*}mUE5`&G^=M{zytjBqqtnVn6s^O-Vc2mLQAzGwR&d zCjQ`zYxvNrGP=rTQqQ-ZsU+4N z4!9>mAY&y#1CcU_w;lIKEG1$fA_a+d+&>&WdUa&)T@{vQEHazu`%p$ACSBaRiFZdi z&A)5j`x=9JRHgF`M=e*$PV<5`!r*?sLupd56icuag<=+}P%2l2DG@?K+@N17|7a?K zP77Fr?K1$RVw$*hnk%ZiDU9UXKV_+h70W^oE0LZ8Mlvcr9&3V4lnTEaA&qw$OLxpD z%3~Z|6Z^`9YLu?=3XHmi=(AD$c}k}B=Hm8Kaj}L2OaKO2i45X#go`3$sga=`Ry6}X ztVU`I7|n?Ecy+9D-&i{$8r~{jl+$e^`Qv`x`bV>qr%)$U8#HyfnJR%NtpgSE%CZKF5n+AAP+TD=$VUqyj$i<`z?T~*wcR4>@xK}EFe zq8@9F=QkGDv@!m{U4h7QKEssU=ALx^j%dn~=ts@~djZtgxK3tsQBGoOe9E1r-W8Z( zP`-^r6gBL&rtWrS&=u%>q6mk7M8Es~&}4U`)KK%Gh5Kd;mdUI*Hx(r)Q?{UDW4rd% zefq0ClS_oOCZUenJn6XRb^2@j4(K4YlXTivyZqbO=-FD&I7ZxLPHqt(&O(tK6re|G ziR#wAM3f9=`)bRZLWPTk@9;@uut~{V=q=VOlP)p(L)+cpeTUP^h}yKKX;2rpn8X%@ z$W39#3@4G_==NEPz>w`7@cn%uQZ)m;v=>!|{DXG{VriM?ob<|drk7U~cc={3b5Oo$ zpXv@=GJP!5r}B&gJmR7hlq00$hm#(3ew#)PIGCV@}18l*@(&jbJh_lo9F?POZw{J&$S$P z{ui;w{Nom*;ZkW)(ihg)buB|qL4dKg6Z19QXn29AAYn9{AEAKb6+*?*@)?7uq+ zyjA1>_W5sch~?Kf`!{OzmP&sA9F~RsH{A4|bNmOL0)EN+SMtqoxzhK}=fCL`!1iZE z;U8XZzP2jKA z)4w6`e*uO6AdlZKxxY<~-nZ~QN|^tK!ar}R`zI8>pYeNh=UbG#3;nBS{J&mP|L7LJ zN6EXw_bB;03g7R%|HSeCL)7SxQ@H;_jX3^GYJ@%*y*zNUrmrZDRDGbO(OX7<*D-Aj zf;`gcz#;%Z3@$o)noKAiki77W{jk+qNueY=#C&TK3nBm3z`Z?+%L;c7Fmp zv2-yZ+9}B@&r*?Sdqh;2HBWJQ=9SkmB8IP{e;L*+(W#*}@7wwS%kMIaLj6EDtO=Xl zTa(#KY6MA5-ShwUb6ssBc1Ep zUqZX>Z9tF@^%;Spm6`Xnc#2>|%l!$_*Ix8HP09psxH~f+)U@0IFvIbJ39Nr`Wdv-5 zWARY?=&QGJ8xVC`&K`dbdYxqtKGxX;ehU&%C(tp3P?h@ddoPnxXtFO(S`;IdvtdIB z9nKm$f4-TkKa*;REs|!*z$JO&x(Go0xKa(_`n`;k2??Pg??yVSKYm`si>!*|XR@;h z_UuE@;Y2wLp&G8ThJoG>?D8(2WZ;>wZGcsxel8o#b@||snS}6I3V`AOsmGgy@C->b z5}+%)&gyF66sxfe8onv+r+?AZoqghJeEnB}4YVNjjn*BJv8 zaQ;O#=AnS$hNGd7a(n-9-B()bm^fh?E|Qk6T52n&V9F8aZcBcKm0jg3sn2T`wA=Tk zPokXC9lo@t@I%3_Di-v5etZbo7iYE9ETvG6OfB9$D;YyokR>Mb94zMlXI)FVdFU?Q zbDO6)w++n;pSUXT?| zJsu3Gx{5rZ&p)pD0Op3lyw5+LDZe9=@oh1@E&BWp>O&)BmoLuEjaBj%%o6Bw$zaRf zi1LY42V`y-!D0D=u+zO15ZOk~AHucAaC%1TW&D_h%*4Sn?GJSY%}}Rdz}d}X$qkMO zOaI> zE$2TjFyv7rhKM2c*U&8<<$te9xmu^UW_9sl{9;(wbm##abT@sq1fnu!jFW!#wvbJ5 z(wR+gpeUJSU{(dTA7W%8?JaoRXXV2L*&pyF!@qlcr=s+Paq==+?lr%FuRRzH9}=!^ z9t^jF8oJ;IOuEnZllmzyK>9+SlX7up>}Pl}Kc)!HWjDd;$ic;%QSt&CA(a~aBh|Qt zF>oO{%@U2H?(n{c6OvF(xY?wj(tAEE@`*;YKClDjC(h#fSaD5rBR#TZ5hmhMb!lhh z4^fau6?I1^o(otR6Xoqe5QQy!l+^CGmH)N^?NRP&Zh>S{Ha~o7JJ+6_I@iasC7I5W zlotXje5hS}0AuqT^gV0)QB_%5;oeYluj~iLw{|Px%n&`Tb?nu1J`$^D{kyZVSv=?MH90UG*r}_%T-b-dDTH z&#u7KxpoLe1=yoC90sO8W`49}YcxTW3JkFpWYS*h7H9TKGPpo>4MZ&IC{N73lz#)h z@myM5@Sv-9u1Y=-f7io_Y&Sz9DU=@X~6xBA>?2>8YW`U zx*w{I@?lY)u)z5OcRgQg3a@aV_5Hb6qhZ1nyE5t#cwD7(K3u<&3n|!l(tPiD%`IVB z7456aVfW*F7`tH>?5+s#S90Fd9|n=;z~d;CwvM&B&?*5j`3RRZ1{1|H$ezKSIO#HW zcj8^=@3`d&U8T>E4lsE~YO2tSp5Dob&uv~Y)>rs-Y_)n}X9aw$x^hbhQNh{%g`geex~NAbMHl=VBhy8=HXHB4Od zy*MRroSb!+!wT*=Xaecaywi%@Wgy(xGsPEC7s0AZe=mfU0F+5geYH zrIL8}i66$)#a=wNqRBV6(^gjkptwfv4HQ?2lRGK1t7>a&HZfL?9AOkFC};|$bM!M# zEr*C-n8v4Xd*;EDC?N$Q)#JrT@)fOT@dk3N7`C1JYS(3MwIxm(@t1U4nua|)G`jLS za$I)MM9VnXh*s#BGik{~u6w&7lk&JiRLXyZ6q1On@qgtFw=PHH#yR%{c{Py(XLva! znLmhL7_4oh!s0(yUyxz+N9a5zsb1Z>=h$9Yj>}m#_2Q@yNdY&TX}}WmnLpwxXEpj3 zW3dbBMz2nTuby!moJT^I1~Zs=zR25)qK_+gybTx`zd$BCP8L%xTr@sVcQf?)G03zN zz5GV&85iaQhj@Oc#VQjl7zy#zR6x_5&Z(DDTef*?oC?+nFza&UI3`dRS4=M@Iepjz)gFoXc^UA*voDXMPcHgq{SR>Q|(8r#jJ3+1{gt2eu zGyDkRGvF~}(-bx^JT~e!TB(7r#HW+1ev#0@!c=l2CB3NcnFN|AkAa3#gO?Y^u$MJ! zWbK_;Zub=%wTdJdL9LZE$t4=jwutLY3-(TSxEK~hZ%iYMkFCaY7)|epX_>@5r&fJ? zg-^KhOY4(Lk+T3c^fzdylUj1LrHO_jjXU(LY7m@EGuA2o$hz3hSEnB2)2TChg}Nms!n8z zZNYy=0zJ3#L+z*L-Jmm1zhrl>94xP*ZENeqcNcjO`Y z!mu)xy;d%+>Bs!Ko}-#_k|a`dKsCqfHl_h>qZ1spz%$3|6yYtM zQKF{vT#HP{7}?~8S;dNChQEQkSBEf;6Br{LIN8;3$kB>{|L3kT{1 z5r9T9kzj0%46e6aeM0tx<+C-0Uy3iSN3segN}oKKM##Ct&b)4+6zSYNZ?Cm~5ecws z`YiEe3N=+jM-yQ+<2&it_I=hNdF}>F4%<=#(Plp*7TgA9l3hwZnTph_*w^zZ{WG)z z&S2B0%zU?my?E!MlKaM!oXUZWjAzrs?@QbcU-oeea_^nGKzs$i@SI0#Ju+e#T#i+L zo*wAsb!r)POA2CbGjTSGld+G(0XG~at@Gx*j58@{qzrBs%>mtlXrS7j)c|+tEGWMK z6KDSdb_osIKff~8)z!UFwjQTYb3=KN-lGy*|2Y@EES7woon>v}3~j}KX%I`NO9cL& z{nOginYEIFeHiZMm+@rKQP4TPJrzQasuOV`%NjEaZKs{}Pawivekp~n`O5_JU9=_c zI^P4OnnTKVtlht@Z(zE5diTfZD`im0!|xck8L=X6E$^cUN@r1M;A}B)TGQ0zA27_I zJxLshcgS#guZAXNLZJ82@qXvn`vxUxdA&%IZG2));~?v0=2@2MLH8MR zkjW3Hs&fkie)Nqd7=iLDza~jOuB8TDv~E{XkG6WJ8+gG8^#fXS9w>dDBjPtZ1~cCE zmLhS@%dZB-&AMMiCh9==zpYA_Q(xg@VXj}?cMPB9T&YyY+D6L2Wr(k2lH6iIw`YF7#;uHr(UFlj-;8&p^ye zjVo}(fetzQM0gj5Tst0o29c{uFv%qYM-Q5KZeu}PwzmVUfkQX+JoNu}4du!8SYuYd8%EQWk%^fL~Pwf}@(4c&V<>!q~k7eC@ zU%OnhBsjCYZ?x8}U%@`lDU}f(J;4!b$#5G;7>`mJ?Dsqn#*d`#ej31RuC&lm>_j zjBGzc`X-4VB`{r}&}r+S2%>-9#u8(8>5Up17ZCVx=0(*-&QVo$jUOT7ybSmXk4wQo zRM5DP`@^H&|76Y52bY^sASd|f@JdQ%u7-qs3tY5_eE;=u`y#tpiCo@~+#8KdAX&|Z zr@qV{uIJ;{2yj%@Sf@zqsV*1;14J$q1v+gHoD$nKDkLs1J$2h&y^ z;o9UG{(iv<;h01rcxIeb3OjKUpPkr{PiFQIi~zK7IPM~ETY4$77wS@du+S`#aWI1d z|IR{oDRa#76%qKsJZ6%9y5~Stu8i%5-c63lBUM1bwj_Yz63E;z-+ovFab-|Ul$YRC z+c0IbAECKBTrLOWXy@siR0LBTtj~P2=R!L-m@x?hu2$vzXq*r(<)H;Q1Z3Tz8wUMp za%|}q;zUcldZ9FvyX1u@jJ~|&d_J?+51CD{F&%r=;;*sbwX@JLQZ^K4af(4F3%j%f zLkMvGUOt$|#h+79KI@YQsso80Pv69XK+`Jx+4Xpf1a?@c(d zHJcS6=}u2!{9$2Ff_~YIu*cDzyJgZ(Am)9F>m#uVjL%+PQH~qi)^tjDNm`uL zjEuDLAJ%@p*!+2QZUk1wkZ3NrVmG6*VG_r77!g=aCq=G%P0u`oRh?Gnj4$)tD0(ti z0#?)Ax3mZJPpRlrd0(WF0D)bgGk>yB$n^}yc2GR9ao(C$MxrSm6RhKo+dq6IGYz6Y z%9}0ouf@ByfuGWh0RC_1OJ+s#XD!u1X8Y?eEze*k@vuiBx|+OAyfY@4!*0~_ z`y!9Apv3)ag7Mj&PW0#moRdP%PDRgh$ouO~7vWOajUq;RRTRJt@>)P8NzEUSY5~jp zLEwi7&)X+bi(^J)c-;tVD&upOw&jHxmDA2jott$mTMk-SjvTa69GS^_n-d@spVsk0 z&|}5e=;}!ruUse zyt4!Lw^6fyF|Yh<+x``O@9f}R;5$3`I|Ba6Pfwdo*hs<4n-DdxH7&EfH-3@i)BZ|1e>DQ~2(w`Rj4{m&bSidW--5|M(x^#?1aU zEd0N0)52~-eQVR&AT~FY4VfoIxApJAMxnekD4xZ(DjNKu7!G4PHq9bv= zh{RbQb*s_EI1l65kKMoh?0j#=>sy^k2HCQe zdIj=6{@Pc^Ts9jW=|0P}yHAc-G{mlp0@LxV#V{;$yvtk+_TyZ*Qae1_cW{-LPJqo~ zO}nDtkAY3~YL{rhOGBqle6&3haVK*!Qp;CRnJ7D`VPNM|-fEx-^g>$!#Al|+2Y#(x z!A02XKFr@!ramz(08PGD1M#KqJ3sPjMCY@^3npV%?BibM}%rpPYq4 z?wvbDw6~Du;j90~bqkh;CRg~WfBQqJ(#nLETlaD==~0Q)IW9Q9PmT;!TgZfb8Z9E@ zEh=HjUR1~+A$>&65(~ziO|_lX6~wi2*EM$Q*Cd(XCG)1+sBfj68c}g~fS==S=X&=d zeH2&+?7oV6bvl{*%CsXL+6F7gXJqcgZvDI%*xJFQ>v?iPDGEz^HB-`BMF>UQ3Db?T zQ|LUHeAN`xMwxj^QXjPDft-Zg7djf{>amB4EduBa6$%2BT3!vAQXD}C+BGt3Kb?B~ zG%wBfbILy`8PfD9nWdm)fD14kSF?W_viOG*9_OlL_N&F#h+ODBw*6dxAQn6PSKg>b~Q9g1|XAF zoL0IR26oa1w%7^$12hUm<3 z*J}jZSID4KUB!Z2roAUW!)jIUcd0-$p(pd=O;KVbrBxWXh!yX`@zK@l6Xx9e%=8Ys}k60!_W4W$V57>Jw+f$fUv8H^r; z_nAnQd@*{D?-y#k;63l{e=3jjSbZTt9!7O30d6Tgmnc_4pR~qbQFwI9e&;SZ_`;Z3uA-YV?XeQgJzMIl=Wk zy^5twf2vXHaw*C(2@X?$6Dn{>NBW!{j`aQmg2J9t9Joq)$_vF8;L5M5JXy$-0dv+b zv9O4?3aLsc4G`Oief_3!w9KT4^`P~OSoe+|ekJG`$afX~Y(H69wc=SNp~$K$8#R=8 z$GPuxR`HLz4x+v2{1L%pSG#0{#cR@3rct(>H8&j^(3+GRK4G!;pp$7vXh2PrY~r(8 z6>(W?r+;9*an0KdW0HyVO|>xi5NolF96uIfxP|SB`jBZX(H)fhE7=K~567Hf#bQ|8utl%rXyV!4U(@U4qRJB}v= z-QG{kT@|s)U?SX%glQDF z!=i8?krl`dHC9IDO<<#0wS!Jds|7_Y^<@{*YuQ{R^YhUtl&nOdFHVc)B0HjU>UH-W(J~o zov7!Q>Qz~r%M)JeXKA_ROah-N9+dcd5x z%nTq2tRki)@Jvtvpq0=R04t%T-y?t|9>)n@yoz8vUpk3#7ZQo3raDxDSKbbJ8C4bfn{8VCqO(2SCKkP;6J+&KV{C^F4l zH);+HUnYQeV_|n($#{>GZ2Kd;g2iT;{+#!?S@ZDItA5Yd-8fnG`U~%i?3`}FB2AA7 zNOaP6PzEz&RKq7c=x^~K0nfzlg)%@o@^%}cb&;H^lU5PSD&cP!N@TTLIvHKU(gjxK zM{`b#%@ppGnM1gA6=2HG+FhHSZn!8vT76QC*F7a7f!!8Z7!8_y z3z5vzKonv?(z^>3;kuC+hC)v7TvX@bWdQel#(V1vj(m7E_1Yqvw_YK~1GIg$7L-~V zTL65(R9Ok09Rw`Wr^e4HSe~64J1Z~KaYWA7k<@SP>!b60@%>3R=MWpuuPC@w8NREp z3!sJib&Q-y$Bc?%+X1eeqNHd_O1vB>|2AnA~*^?=3W@`fMXs%6& zO*@UJxyF9vfv=|Db@`wO^ntv3EHwupLC1r-O%P+V8eKhzV&IKSG zF96Dm#k38lKM>?*7bVEWM|DED94#yg$S>$$t<&)VkN44CS^ID-1OP6@5RKQAIT;lw zMcJtC74G2cF`R7z?85pts#Qih+GW%I+NcH+%*E?x$FRW5jnaqfLBD>Ly$S-wl&V)G z@0g^~CLiN(HQxrB0c5Ho-L4z)>g8CitDwUkAYPONj&dEZhZ|Y`Di?~>bp7ZRs^&p4 zi7qE3L-A+3M|#E14ZwsB*?YY~Kt z;LABxwyrS_3aPHnHfxn!bDzI90{ZyH*n)t8jC9h(CQiyw62I?6o3=oAt;Q1yTjq_e z__6dOKe#hZw97!J@`o+teUV3j*LCE;Mt}y6@Yl8q>?P-xVzx<$HCNnFLB_K$rfP}PwfPjFcbc^J> z)|UJEJ@@@^z1MxgK7X8RpB=38IdiNz##rAu<{bDpxwqqxt9v52I?HUC)PyLTx}$&k z^X&hr3YJ%Y_-;%vOt@Ao9^Y*_teml&?oL4C9k`MDL3aLmlMfo_fjgGt&&giDYATaK zdVo~2UuNGed^aSgDhXd+5%F&1!|~_4zv=krElp6Q9Lg$iSYwk&?8~tV<9@i*y^1*v zCPI(J*{svmu$DuQlYp=BXXc+SveeKt(EY<$vy`C8@K(1s7}(jEEf`+z;ZQ4$``A%K zvW%5q+tm7@ELFbo&KGJ%Vp=lkHlf*m9N-kU-7XuiT@%?|ypp=UhS`3SL^Jq-UjY-$ zX3w6;U@hN|?|%J*Pl16=*E~$7f`fu1Yr>sr)jx793a@E?47o1QVd-0=;8{V`##>^JVqy|#kuaNrgqScO=v<$AHFB8K({z{(<`qg%vIBiN7tey6byiV6hB`r6!`{WWg za|Z|KE#D#=RrY@qF3ipCL-q)r3y!W6LZenO=ZFZ_BZ$SLg1q?6EBQ0z<>!uqxq{$| z?I+^+PD>}X_>Uhx3VYQ~Nq!?Ii zJm%f{Mt}Gy!B2(4WjYgMx6M-)-R-#4vpkVhaVnF#U3QOu#+LN;AR#tc0-xG@>$2v) zs^ax_z6AUi;;yWQy2U$gbfQix!Y}RTa?md=wK^>-KEH%&Q!hs3V5d^ZY3T z$4H;Mw{VXe;KU*LVTUw5c_N%F;1WOdZ0FcrL$y+Ol(J@cBkqvAMObf&0f#Z8di#8^ zP}l#~lj(Rf(iy37nPCBE0ugbc~Hj73tnc#Bh5V?xL5--u(Y2T>jUx zH{_yi<^S4P0{K@5OEz(9Ya2iZe+($$7xFgHfDC+O2RlFgeZ7#k0kz@p`@ixwg#E9& z4PpN)mqXYulynIDU%ec1Ar(Q`|6UNn{`Z2A3lR=1qX#btVZXQ_$KMNLK>$4i`UTL_ z7aE^u*0K*WZA0qlAB`+9LfXm?TIzkJaL6mroA z6at8%;P0>?7mYw67mYw67mYw6fa(JN0LF?wbmad>g@L6O2&%ncr8r;;o~u`iL+^-x zgb&mzK|oN^zYZX1xBmo$jnD>al^`M5i0V3om&v`bAp~s<+@Bmk&sh-ks#+yDcmA0n z3StgrJdu6cTiWV58it8u{{Q0t-OU6@rAIE4&6FG#&n@Tp>5- z->eYqSbxP4gl6gg2p{MQK|s(IUI*~9Si-?`ah&qC!ZGLyK|*i^`#OY|MHAQ%0<(l0 zxPv%>M;mV7ap$TwzC4=1VhB0Gdl{bLAqu=88}No zLNKkq4&mjo1Qvv#jR8>)OshfAtJ?VTSON<`Fs%j&!L<51gqOt<4jxz#f@w8K2&UE7 zA-pV_z=jYoGPLz9kXD1BS2gnG(F7(#$OSyv0hG|R<{E^TM-x~Oas&OcK|%-z;B&4) zczHO11tDl;;Fu|JCUXGA@K-c4R0aP}Zw;Hf5S+;%;onZkS0{vBU89Hya6p!ntD}sX z<5NcyY9S$NHW@X*Q~ztx0Q$Xzjg^hPn(b4gzdw+00P@CvtwMl50RJ(uHU`J+@6yY~ z=>1QvB0I1K@ZZ!b#>(4FJh;`dd4~TY3z?(UD>7*!q(i%>C6K!CaT!WzTN}C+V`)-+ zNz?v{X;fs9Or$>+F}&f2RE_iE;-me|q2Q{ad^H_KQ9W}#O(l)3x84=+3JNQ&oF?*q zoqnDu4At7j!pa*q_1Zo#I3HZuUHn0Q-!#>rc>jOnOVlY6CI!Y zbnO=bUV7i}ckPvMZGB|59ud~b47L%n;j(BJUQzXSvfDxk!Nf`zo#BSrb_qrX}{`g>oFKtVi-=uyFJea_yCFgVQp72TA5+h$ zUZwN0@^JSTShX4$^f|M}UFI>j6cXMOGercW#GDr;xkTa4z6klZeJy(Q z3Yf@pDQkn3iJFwFB0uJvE7)RND?B#JP(n-S!Ae+@QVZs_uY>`6E3x%d7< zgH6DuHr7$5O@L>sE8*tw$T68S_5%HqrF|d%hkN{H1qr<-D9;st2rZ;Joml}5X?yC{ zm(QZ!dcNz>4N*l|G=opB<=82%MR=$XF%p=N^XMVMDnx(^!k%N5kPB%JFAa~9ym658 z`$S?pY}J%()l~2e!%)nRyDHn^-@kv2^Q@xf+gQo#p^EuVo9~e=ZpK9G))nDHN5F-i zY}rdNTKHRi()tOP{l|9d)_0DYw><(Y3gsv=hDePM0$Cp-Mm=lbz?RW8Q zEHBT1LmL0!Kktu-F7(f)r~L$bLV+;r6xOk zVYoGOM;*<_vM$nFqKW+OaN5p|vR$IW@JDhV9Q01oP{i)4p3b1ay^frjUJp1I>OZBL znU)xQrR#O$#N%b9P80FrTWm_S^CkD+MYE!ow&W)s2uqVGaOd=I8PecYPF)ZCT|5}K zY^1l?lv3f&1slBnfN!Y$`6CF~jPhj24dFEGYB`x!)U}$_J*C2p$8VodBDvBgbx01D#qCF^oO7xC zAPFvYx$#ACZq}!sI2stYpdDb`bX6Klnka*ZZvM(7gg188L4Ujb#JSM!W>NDUEV_I0 zS#?x7-u6Ppe9}~Z3NuyS!8I+3%Dx*@v}-OtP%`9hebFZ4b8j8qo;#qOPi1I)h}>@o z`^R1`md&kg1zuH_Vusjz$vh0$&38lk#M~aJA;4)Q_*(y%%S7GJ4?4d@gufYcX z$=AB=LhChVFJb1BTP&`hOHu<2h74$b41F$YMXkMI$*%HpmuS_X9L@=m^@Aw8EiT=@ z#E^Tq5-A!h!^>f1a)elhnT(KW>si9Jn_5#!rD(R%~A+LS$04 zs>D0;vkVdgqxTIOs_&b&6<8Z0$lyL2``AXV9U#%Pb`*%db@KSs@BzC}ILCUN-AZ}c z_nYj5J)U<>b>Qdni1rtPXph2?Nq+4E^MST232c?*iR8`)K z0S|vC?BH1RSL0xlq!hk&V6O4W$tQU-RY`#&><7)B?P9<{N$fD$&@^h)E#BbZ zD0l9?ozO%9WC`g|3hme4Pk-jj1vL+1l+~Cf(iz9)j2X%h8Z8nfn$#)vRc!P-nLiNH z=+9jVNPe)zov34?^~&{8VE?zFarEY61h4(I9$w5Z6)X+m)g@e`_0`|ntJx%DC_W@- z=Lq$P`|h?T&^_RdC|O|nJoydJR1(<9PnC8UCxhZG7R04G%jXztFR!)QkrL5c{=_&l z-8IRl6Zws8DI0Rc=O!AoKe|gP7`LA#K<*etG&e_W!I2mVsizl7!aL` zgb2*MNQ`u;JCm^%L#guVs-%4aZcRNlbNyBsV`=b8L#d_~7}t_Ql5jw)l^RWTmHB z30}3;!;K%YA7C&RRX(>@;~nh1d8g1^kqx7CnkMJ?KKNGbqx@jkx@IkfJOxE6F6)n2SgR|lf$#U@Sv^X~frNl1^$&Nsr^liMmukENX zNF46+`P9dm27l&c^pW^hIG!x0e2?FG{Ez+}1i8NE|2N~14-92y;Sbls^m6^ zUer}=8#XTBnUSJ|pYoC9{rY||nK2D%Q*<`bt#y8iBT6`F$2h5vGW#fKj5yW z(Y~I}b@Rzb95kipnj;7!(NY<8ZRNWSaH4wm1=u!+QkYMWBt7ApbsHMT)qMSFg$2$= z0qOSttrLTA{hJi@U)PE8TvT%XuR1ZFe-(B8zdAAS;87X1e2fJ?2cGEuzFrhz0W~V%dn^byhzb7S;)2{47v#RUAfVX&{r=*D+!q%Fq|m4}hJbe_t;y2yNR5To|Z$`uq9C1tAv~ylAkA1-a<33As>eA<$-dz#m?8*n|Kr z*`OD=Xs`*n=<5mjS2Irt^r&a>4=xa)rwaq`FAimfTpY>_xj2*=a&ag#1bV(II0hG+ zjv*JPGD9v7Wrkdw1r51402%__@eW)Vy7?P?{nsE~Y)%JTl0i`~Hm5@_Hm5_N`%J+< zxFEbx5g>pP0RA2ea> z1T_WNohSYGZu?KI0VeAwzzBfX0hQ~kZ`FoCXTd+h2P)SfAgEkl2k=tKkQZ3I1nqzA zRZx%+RIaZ>c&TOx6GFho;9hc2?*c)us&|2N=Ra-C0TV!IZ5%)dD%aN`yi_uT2_dvL z4j=@T>uV4~qrg8ihM zxdsVA<@!2=|CV^bbPPcw1JMX zAee_h3m}0k;i@BeSvY|S9~kdIKrr4xt^s&?G`VQ9e(iV%5<&|guR(ZuIDrKrXk#F$ z1!oBedQ}@=9!+2Y2+k6a5Ly6vbwcPP!2g}cupopMKmvr&0?2C+ULHOfdwIGWFVn|&SbzL zUUdjBizdMO>fZLkcD2rr8#up#6E_Jx6C2%X8-AiO-Fz+w!!0bv13 z2t0gWXACb7D6k*|Z$scwkpqwqz(?Jy-iDV26qqCp03SC{xCbUR+*hwKgz7*4=?h`P z2PQQjAehu#2k`P}0t*ZOEoBC(guw@tYYgG#4=1o71Z@mB8PFAiLwUt}5US<ybXaB7%-^;L9cil zLf3NsGoZjEX#n^*frTJwO+E1MSLM4boWO(+T2l`ILTl=;0eERNfr*8oHT3`?nAC7y zgYcgVC!mdii2}Mp(AHPA@#WD3@^{_xTJa8ag&-lcrv4g)mq!y=5JGF}0YcCfUS|w1 z4=1o71dR;nEMQW@39KDo(a8UP+WEg!bv{@Cf=LZX2(78V2I1w=1Qvu~QUek~YwE8- zczHB|1tDl;U>Kn@834VikuMdyU}9wGOa`-8@Db%2gqOt=4ww*vNewuL(3yMZz;4n9~Af;I-GGUy69fK5VI zya%BbN&gHW=n6qXFsZo?;pNc;7DEUoH6S7A3a>+Wc{qUuA!uaaNH;L4;Q*9|s~Y+8 zXaWmBXfy^0!KCIogqKGXSP+6q4LF8iQga=`%cBV_2!U$=kq$bM0nV%1__AOE8&3mH zWB?FMX~2QJD&VCLC;S)3177R#2~24~0R)`J*8sdUn!p4Q%xFMB(9Bl`{9E+-e|$Ae z0D)T&sD1_W836HW2L4;o{6Bct>Tdzv=Ly4opnprNFWCOI4-}|G=KpW@fo5rS+fVQj zPOUPR(&pX?aJ{vr_dPiwfsswudR?GgMgC28^u27B+}&db12}Pc&gZ$hCK0YT`B0Yh zla7xK59~g$%N2eejsK>&s*d4(GF(;g>^NujSm_?6DOE|B{`)W?F$%5nx94YSg>`dQ zKX{%$8!?2m2C^1>?jJW8$w+B6t6lk!5|~rsHN2I*qTT;|KTBj?YogWYdAgq76!(7p zGsBS@=+}F*vfa#aW#u5@)8}^1 z>agZ`rV0~V)}f)-rjeV^6TkAxVunP3 zB0^g725(!YX@(QMzVXiowM#`a-}<3o%kB2CNXsc|7%+JcOvSb@gI=^7jJi{oGY-i7(|`-2aAg-KXDH!@z{ z>B&+~BrV@CQvAIx5o$kfJDT9`Y`f}bDcjFUY>!$w_4WLjb=gUjn85m7R$^Mo4n#@( zhq;Mk``eEMQu^9%I&LlS8vis*A2smP zCRU_=N`#*TziE=aqQdgW4USLsc zwpMu-a_0C?>Eo9{tjU3`p=A>*a_4!4_W}%OP^;c$IOJhZx_Wyb2Hk!>6OFm}MKA#| zpUTUQY?{Aau|fkUiP&qa$B1I#$1A1%-}H)U8VILitp{;TXW}0V zjW|an$i*X|Y{o*=!f7H}?c*W8bth^cBK_n_ZyJ~9ap!OU;~( z(zx%AvuK_&1Zm$~H54Wj?uBkAKXX5Ic33E4D}t{_1-(sx+Rg8#ZKkMXk@uE6ZSnY6 zoX~V-W)$9i=j216V|^YA|K0lQzV^~|=tlh1#!lCt7Hf~P2^I=j6Jd)X+aDOd;|H`2 zRuvKnk|Oy;sm8Z!#UAB+akv|U;$R_cK5mSSd8#ljPt{zBf#ly{Mbb&~cKn??x^cVy zCP(*({t}0Q);6}=w!-H^u0eh_Jv-?}e=_tU0hV^tsAu?E@A&QELcZbk@oU$@_LVt4g2J&dsZ$#Zzhdr5m|DaJtQ-&Lx{7yCXrn=p`p2osx}j7ow{r&=BVH z$w|ApQI064-4!M1Xw->Am%O(5{UcIxLSlqYpIk(I^ye%NyjV(%ojDe?HwAUKPUK=! z-tQRaIk?rbXY)r2$wU^a&QX()MHIC?8dWmAIV$}o+hD;eoaiPJ{!{uF--lm$(oa?4 zK)#r?>OET-|MVWO8Bxu8@l&`&>3YnWfkV_nD&kiQ8M{x^9@7e9lDLl^l%2|gt|HuE z_RK?qo|VvDi@vd_)=ln#ZxQ7q8@A3cr*~3Ek%;3WI4znRp+Dt=lK4GB4_Q1rla|)r zZx@v74fyK~tPypxn)4vu`~CKOzb&Q zLG*&CBcr4PrQjajMtePKIj*9Q&2r@$mgG|OhwNnPRO}uNh z#qTxtExJZk3ctg{tsz)(R3Mgkkn-5bt(5-;@!NgV0jS497R_R|s81(S61<&F;rd!v z@WqUl(>(*EhO<`TLszzjfT-J6qg&4T8@~|r2Qv-BSN)2MJe5{BMM4pHe@s((?c83s zWNAKd;YJHqBHaD$X#RM=+3eWYEbNUG=%T2Rsy}|`#U$8XPuHP?FOp$+KkWZLW$o!C zHo>~y54|^wM(#TnSixpd8Na1e;}FEzkq-^A1n&yk7?td#bc9!XNlh#a2A^@Dr~UtW zrSzJ~_0-{43|<7b;yk~zBRSN5qP~%;)h%&}$0fHPW7{Ms3cr!uNW(1pnsep{>Fju? zW=AI5P2m(bzX~}y8Kr}oAqM5fDb(bj2UWU-p7~w9Q5-~8JLTbc{y{PvdxZ$bs*?^K z9?tpN)hd|LpZ$}b@g}Xh()>~vPAwpFY55`q?1$Ch8~iEgS((yTscM4djH{K*+89RD zqb2xfPsh>V8-L^8%}jwnY{Tsm`6>iz@1{5s*Dz7+b`#C-4pOVq1bqF7C#G!t%L|>0 zM4T(C#}Q9l_<2f1vT5l#6=K=-=o&W5C{YTDx=&a-#w7HSl(8R~VNd2MACDYtq2^=s zt*!*byf$WkLZ^tJmdI)?Yc@dfEYzh{a((zKu~`~ixy^6GzM~d{=3ud4=a;5@OHcd* z2QbAYQjo|;0{rf^aNMj6D+LoEtDJS$I=_DBAYO83vQe2MCs?A6LIk%kuj?W?I(e zs1c8gQm@*>Zo0Rm7BD91%d^X}T=i`2#@^2#eEv!V)J6n19z2~h7OoAH<|diR&bp5w zI~?uC!EpzpMSeN)jKE2rD5uRfCZ@*!^bV0fzoGm6oDPE9%i81-bFwVCreQ)3^MQAP zG{z-FNFMDcadpo3P<@$*ftK$j(f-*SaG8Tgu_he4B%o&^A;%|%2Rzd}9=ZkSnKb8q zDwKp4|^0XO5eL@)9kiT=_UnyAK-+&m=^_#!n&AWFAiiF%+y9Z212$7a12 zibU&tGk1M@v#0(x-6LmwhFHEkQW0F9yNeAk1$InG*Kp@Lt9kg%oFLs)jh0!_jS1zH z`q6jgaLbn`OmU^u2xc|U@=6_5a_pew^0i@GkDvu&u>Nf;JY5<8+S(w zb$l+ii2bBc?HUuHC*fM}7Z^zP;!R+G<_6RDL!3gbnRSXWcrB8wP4SzmH7L%rY>25} zs~6X3W*qizdkC1tek<%!{e+q2^Gfq({u63sCMDmXJk38-dBg?`$DOY#)>#%(wTI58B$j%u}`Vp?s>W z0EK+tsvWrRK|#*Tsf1y_aD)hXk2G3Vo8o4@QystgVE(Em>>%hElC~Z+JLX||>r3*? zUZ#EYw%_xbj`^XXGtpY+T6X7Kbuv!!#?%$5HcrXTN8Y6&$?@`$V$+8nYDJWkJZ!S4 zMISaJWRl1Wr)5z(vqTnq>m+dZ1ThXETvTKouhY~Ek_0$)EhyJ_?%QT{W#le9*Gh=2 zxf+ap4a!Nt|02)i|NMiViT82YefTVXbtJPJb8m_H61>6}j;F*sDiF1%Hr|gJ&9e32 zKg8HH%io;Ab3aaCO5I59!-q%|?$>rhdP~+^3K_mgvzq@2+h8Hy{+cSiZMBy-SJkib z*>&O70jcRInT!5F@ZJw=?qsHwDqC7nqC4NEyq{Si+}&ooCzNOHJ%(qr6aOq}oI%-E zdKX97@5i&L>D5E(Uz!NkBX1cj%!*7j4%bWX*X|9DDYEM;j6DPW0C_DX0; z8jEKiMyC;^A+kF^=C@UwPetLnfn$PPo*Sqk{hcGD7q=vCFMHUCr>^2G5Vh5!c~%^; zMn?$VDz~C$qUqs-(dh~Z-QAo3=I5DMPVL5Qs|mMBRy8WyQtt_q6KX}L{yg4zTIWrt zpD9?^`0gGlF5bte2%@1l5=Y6$qgFRVXQkPVqM6(}z8N#NF0^#lvERhoOZxyReyd0l z!yjQ(ev6FZaV8$k-A^2+a<&zSX5HK|zU3OBb9cnF`Z46GL@1^rs7rQx{a;bz7$U$^ z(3NVI=35FKSPG%;l_7;#;EMMw=13;TxP6XsQ+#TyK^XF?)XD+7$Yh@@cfhJBmQ}$@ z*A5g+#zqv(sx4bhq=5|Gq}j~d;>T0*dqM1da0Rj zGYLy(a~e^VCJaXJy-p*Vi_aqIr4z+1;j+S z`mS>H?Zv^W-aBt9qpgqYRh;_Np2h#lTavuh*wW(~PwdyRF~5lwK<=d)^20SBJ?H~g zcRVVIxL@)Y#cJ1-fEP|^C^*i4@KI7xCN(lLC?A%*{4V$!A&XOFT7qic{;kD>F$~+- zyGgeWaEJMi-Uug`%C8O^zk7nr^hu2VwH*5ZJi$`4q9^yA1!=-jSGEbIQ$8`27*+Kbp*DHdV z(LILKKF&EtuZG&HZZGqG0&y6}pkjlub3XeGbasrFQgA)*ENs<7V{{}2r56i-uYQPd z2?$(|`nDurwzYniLWuvn$*b;X-=hjcD$>5foL+9mHsYvu9xD_cls9yxg&`Ztr^>lr z;b$D#*gw7?#L?5|q(5MG%@*C#o?O;K%R4s=IDhf=5ynyGoDR8`rxIBWUF!M}y8t#% zQ5OZVLEvG<0%er4^6~j{!E)o6$QtDcO@!0%S;L6a_wn;joCn6NvT!fvHWfd(yN=ao zwKugl%52!$7kM#IP?1kZ$KwA@q1g)qeRmt3YRkNfcU zgjt+n{f?LiR{3hEV9AWsGaKFnC5`RJuHmT|4}aaMhE&2wAI1_=s^^KW1>O781L<3f zLgS;^3Ct1Stk~Fe@(gz@gs)oZi2BH-*`2phyAn`|=t4GcE&p+i9dGoGQzfYe;TI)Q z#ivRq^2AJj5#ABO)#s<=)r>p+z9g>#Ieo{6TA66pi3b;7YbhM5T5=>#>6}aW&2rCd zQKRb$C&N{CSGb+()v5YCwfy*%^Sg?f(82v;l3O42jpQfCzqUTLld55C+@!2L*80g^ zTeA9iJOdX=T#&?#BQ#!|i#tr^esZ@hUYwoOyLzKe@;^uR6$^UAuTk9x#z;pya@M|h zc7Avi6pHtLFz8p*Oq@GiwT@4@32FDI@q%_c+_b`_ku03lu#E>kqkk4##C%Y;Jzs`K zYB5)-B7?O%$*{XVhaEUktxb%tk{{(;nL;9-Spc`LnzF8v zzgUiDAYvz+a?g{q8&zDB>uT0Zapn9&r2=34zCgYx_aDjz^(i=FVK-)`NCrgk_-6Q} z>MrBQ^H+ub1;gFN{sQoFj9hn${$tOtjBh>q1b}vIU zQet9*Kj3k}yk!7E| z>%)w@QaxEViBk9`jHd@~>EDxbzi|#d91WuN@K4<4v_pM6)iq6q$$yeX-LS2C6SWL* zO*hdb?=gn5Kb?DY#~Mxf;07h7)h;8c2u@95o3wC_K76GMJBo^lUt^$X-U8)_N+}Vw z@*{GRW7IA37ab`*W7*l3Wvc85*-xkmBpHd#U%iQXatB?*i?^VC^k~9P`ySbctlkgN z_KbKghc$zLT8OGx;uD0*h6&z@Byta!fzByM0r!0kPN{nm!f1_x)c1Mfrwcfoswa1d z)b@(Z_PEzsI#e~dO~L1P2M=(na0Ciiw7>=YKU{Sc;cCBlRduraif5GbAjL9c4#e{Lxe z+Up%C3xM`|zXsuDYl$$q3xN^j07{skr9HsWI9D7&s5ALTW-+w12LObY_FMz-(ke%o z+=I~49)J*9+H(!UOY2f#LI~OzES>>NdjQa@+W6nX*S|_x`7cg%y4Hd_2XKG~NXP}m zp6d`^T9*P7La-zNB;*Fh?>dB+MH3E~5OM=2WI+kR@~CTA`SNfA3oC=SA<&!=C?bJ^ zUiCKow`g*$vH&)9b-;0Pa$KB#2JqmApu;}AY0zNOfg-YOo-epk440bFtS{+!K~VI4 z|Bs^4c-fw#1D37~J}!=vIRg!=H%xDTeq`!B+F0xL?^c|9P0drx@3EV^+U99z7R>i% zjux`Ii0Qph^T=BmP&esyqwUBwKCSH7H0k?c%vk!mJk@9(JZddzid%Kk9=jV@zQFm# z$H_dC^KiA|k)A%T(_%i`bmG2Ab>7QE_ZQDw`d39We`?|@*Z&M+(pP^NU-~mERb&4R zU11e6E=T7?fUS)$PgY5wZG><0w_%j&L{^2bd8pQ{Qn>f_mAl`*d(-6Zb<|0V+*B~5 zB%9;%_>7dN5A#IrFu~&~zmUKD;n4HiGmN`Ql0lqF-Nt3FL=$ulU1kPN*!SAI#D(#i zT=u?Lt^BF@^QCgfp@eyR!(Hw7qEU5oEUv+V9UTrM`-ev_Q)-Z6n^0tU5ytcpe;<$(+xLQ63Eb5i4_wqBiRq%nrjJ@+bh#!zgJVZ#N0=Xs@6dCeO-*@ z_V5m-6XJwr#Bf5Q^NxV@sRo?4fP0!*V(052?;qXcDZeDchz(Pg9|_hu%(i4ONw6)1 zr#W>>m{`X*8l{`IN+P8491A|I^(GI-CK*+ru8cSz^$xGp_|vFTHd@y>zRvreUkARS@+u6QoRK;qfh{V;D3H7_!T}XB|qA+VvP1nPA zbtL*gQ-wvYcDe4*0cD;CDwqkid1d6}Ta9zOfrOEq2t@0L$7D<@d74y*;hf)3>SGOO zTJ_>GREe02gvfN`HJEuJyVNwa8B%EkAFPvgt6Ouh4#qm^)jZ7oY|WJTzVS0C1T@@u zRz0I2U#*z+m7b}`t478B3uE`u{4ga(m^P)WPKY)o=1InqeEDjUZt!C-jIkSezo+k? z@mJ0Sg(Pb|rTMK-SL>4Hn^faaZgKpn>E`>UvPVU6x^HOe&y95+o4@4`5!%DTEsPvJe5 z3Jaa3U7rVqqe)KjMDv{ba1Mzi(;UbSe`!eMv0V6Owc6-l&rLE17a2^Hu*0wsMb(PP zC+~~gMte(+U$(}?d$DAYf9(CJ&j}pb)}IbEvYut3YMaEcw3qZLJ;uTOpPw_gX3Q2o zuJJ*9)jldfqg;(z>gBi9P(o811c zXXxwYjqX$=@n*}!Tv?;!+>RA)7M(n$jV5HQ%kAV;psGgsYxKf7r|o7mn!ak)y8$DN zlRK|Lsz7wV$)l~NLo3D5u^j~ngrQryYIhI;)vHIWx4!ROG{wQ;`AO8bEe^{_5Vi0 zz7;k~3~#QYuKZEE^Sd}Rs*dgvogC5I52#EmHyEDbnv zX8O8w4dtK;S0KN==#2VtR8_PB+^agJDnYkG75@;|AHpK1anj3!9s~t3>v{~`X#z{l z9-e3-MVmQiHPh2#rG5vgTihBnbjW;7eg}3hQ9~M+TBZ5A3XbG*1)8>$0#&2aUlqC1#y2+{S_h_ z-Wk{ z&c##KaqBz{GDE-7y{gbVD_gy)(iy!FW`A%^AeRdIy1=h_n4E+v$tWmVxlkM|v5bYt zk5ef>N70ApAN$7AIb62s8eyGd6pAF2(S$&Bq zUpD)p?z7ykiCryc;$cLUy(Ni{d?aZ~`MrFiJoTHIExuWRW2ONQeFAr1Cf|Fp&w{E# z(w}8V?~w3*bMPfwHP?gYAABCf;^j?+<%I7lG7t0bl3e8qUZvyLL8hQ7;QMNy?M2^tqq{ujy z{+JngbJld{2G{9p!y}`3fuC3}`*V<y@wXwVC72K~hw~`H&%U3>TXGR#$@u3sVP%-VzVSHU} zc0T&q$fZ|yM#*Z0{b_RLhorZ=eyT$G^ThCniJvvzX6-5LN|{qWT5Qg3uV`t#Ij_=| zeEhDR8ow98%~>ofuMty-$ZX@!5<=ql+DdQ4;d{R;nkl@!f#LIs!;iu@DQLOka|HM$`wd5|Q?AI_E*-Wl4GWXo*xEuDkPoHv*t}u=foqm^-!$wxD zXkIT;BHlqcu{a&o0C%>+lPyHSV7IE1h$CRhZNu$rzEJi}(}L+&OqNk!ZyAui#;>)c z{xxGhQ5*lA3%7+}U$`Kjg7G-N-@$PYQ}S!Sg7iF%GQwmeVOfFVt@L4!$VU7`&fXNc zlE*ajA>_;h)-MerxekSrO+&2kKX+IEHYrVPB3;Wlhm?B6wLIIN6<^LV*CI^l$(#y7 zFHrfI$Ta4OyShlZswx$$Ll@%sB51fJGQyha!RXwigs?^_{r-TmJwEmO#EPQP#pC>= z{`y^GLp7c5Fs*@u*z$68rL0>%{*7PS)mt(L8|Wm2jqgwKE_~_Cky17>?cBW|vKE&> z^O7J-@3w~5QqBf%|CsJTQd=COK);)M=SF;ipEv)nFDdC&f%xhCMH&li6IGV8xRRn2 z{^tmisq<-O2Q+CST@EiT&w11Iu{`OD&l|p-)}5AhDH0=RY-!lT)3&Fy&GJ2<{*YJu zba0jHd`$L@gceI}W|^L8$`8!xWBg(iw~85;QEJ@Do)X9tdFrPpdAEj-RmcWs(k7}{ z>iuLEz1vth@5c!4^F9xna(akP^iKCzl9Nv8n{w>uMM#e+Z#yMTP_lQ)c;73>q~|}R zEJ~qUu!P*E%Hs^XHA8_ZA5c<@}`t2gPLs;ue(jHdFSb;@{k~r)X?pY{L7# zCz77+f_kq3)9KvrfZxxwI$I`8`N-P*ocjT(SJIrjc>tv^=0Qg7J;Nan{d{%4$-dtN zqk2tjnjNf`coZj1`a$~}>&)xNCj_EZIN2phHJ8ZLKm*w;$<)BcHK>66zhr9Qf%)%8 z|4*idcC!QI=8I!JcrMPe<+-Ta=ivmO;lb}ORA)fh`}_W{2>!2D!&qRSYUmfxhDN|2 z0L_j6zW=LZ^FR;M20y>J;Kh;GJb(xS{tk=h;;E14;>>ICaTJES_CMOSj|Vt<8dU6f zfCBp~K1TnuUHd>lP_erX;N^N4EQAP9u>%P~UHdwO|C}HONF_YLp-14RP#)lT@vGYS zpVPxYT^l3>b?xgAUZ#h^O4kODM~BW5V5VGk1TRy=V8RFL+8`iwmRtky-_)@G5oLih zA3!H}Em0PnB_JVmmRy7I^2HTc5CXFVJY=5}aP8m`_*b>@zr{P44k5Uk5hUaSG}&tq zUf#2h9~MK%1w;^#5CRCH*CD)Yc?Bl(1h6q^UvM6Ca$h;xaa|TnV8RE^V-OIW$JYV8 zJeI)3#K1fT38CldTw@3?4<@i61Z@l+R0*D^1Aty}9s_^*zw%a?&SP+W3MAwNI&)ly z@Um#a0h4(Q9+U(Uas%y8u0wcPIN@Z!s3o~pH~|5{)fT`^oItXFRU=;(O<)5EI%|-S z3pfP+I)wigPOh~+1@i?d==0crE=chLWeNXH`%*1v`_jf$t-T0DmVjRRapT44ZPH*C zPhw-l9yoDq?k>rsfvhKTZfhme?oPpx_qw(>p0GE!y!`B?F*;XRP~xqBPyfAU&{xZS zyL2b~T&4igGbSUGInFW@i;)$t?G^Vg>cWEo+KT%>M?}3xR)#)mw?8Cj$k!RcI4KL# zd7)R26EO9nx`zgDvI6HRsmUu+l#%C|wicPRD(PXFUr*~#@0JhcysuLsI}BjdL(~fv zR2a~uNSfF&pDM5{|5aBT8HBwtLowt&xgSc_SvEm`{~aEl4^~a;l)6_6gZArX?d`>4 z8#1TSZ%^TKH0ts-Xf~a5)C)>n_Z_MgGVt3xwNIbn7G{Sz7KG}YO6V>L#S*RY-!krk zC$x@SrD`!j7QLsRifABak0xj#wz!1r%B(OWdgR6zeVdHqripETX2&H*_F5P&mYDlU`qe^*fXvf*YF(8pZudjSEZj7f|$VS@P6H6o?^I}NV}L2`5U}T zq4I{^D`l_RBOyze+!hChtIhTCPC@$--D9;?<{E_5wl##tAwiMUDTwOs)R~FJJKd!k zdQ~{}cgo@V{L~(2)=^@{cI$Xc$Bl3xmrRvE<>kIk0fHRky3;6b7&bB;VB2J3( zo6G0-o~!JN;}5-^ox;tf?x)*T=)`gtBkN3?zfVv5k)gjluhe9l<_BEf{7k2VN=^FF zyo8N%Kx2Y0+8t3Gh*zSFow5S?ugS!MbSB*g?olzhic^nerSF?5)o`(W5|7@}9z=Hx z)GoxB7POB&AZ1n$reJH$NSYYkp_AtwpmC&*+Psf9DV=od!#0)fT#0L*wUjBb1SE&x zWX%LJTU)n;tM1x8nRA@B#$1x3p}$d=lrT)CmxyF6+tu&WNR=;6Y-t_7lbUCq+okr1I&X6C+3y3xYB8PMy1n_-M11i%jV?ph>evzK$ z5!8EAv}$-q4W)tRI!EbGAyq=^g&q5P0UHQN~eRU3)PxY{9!-N zB~2jG*MGa*bsw{&%XplzO!jRDX}F85`h4a2{`_s`^rz>jE}e4APK!3J6m5-Ws)4bj zzpK))7hem!ewNZpp5oYt5!Xsbb??RLE#B8SN&;wN>A#+tp4Gb~@c(#DvLKg>oVe^( zPxd{EAUxWefOc)@n|-{j>48Wk!5sp+&pkha582Y5(|IQ}hy|hcnNOS(_Da3N)W$>- zQO75mAtz$M5^fDl^TVg3KE$PB+U_}?QH*=ydrE-u@RM#XT(K`9=LCFvf{1UG&`PN` ziIL}T%7b*!WxR;;KV#DM8~mgwN7_e~r~XrV|3LED#Dgk<6<>q`qRZ=Ba26Ks+XU(1=R(gZ6PMX0{NIRoFxa%~2cpScu#4UnZW)b0ZmLA<3<%E*3oU<_{eqSKVA1Ds>F+7L zdoJT45el;R=#K9O48%_|Dc(nGDQdr4a~}~$zb0(~um0&g{NbI*%(Z8%Yu|#12*&r- zZ>LT7eDYlUAVr6S+ZD-{-h*KEQ%+yFTGBY$omWHz!(~$T^f%+z?dK{b55$#Fiqu%F zI|ROvEr;=L_oDFqXbr`EuIM&w!uai5g%n&Mwsp(AdbtzT(Hqg>d(BZgj5R7K4Lu#o zRVI&andno7^B{yQm5)_Ubw2*dI=-ax68um|=1oPsgn_7CKZ=My&aC7r82Q_brys zdXZ`$R#^SgT_{NxN?y0i89pqUp|Y?aQ!=A2ZVjn_)sWeQwvEMQMb$X8*2{Y|Ua7km z5EKAcFWAly)v$;b7PYOmiaT^qXsGv5U9WFFHN!mLOQxTm{O*JpFM|3SV;H`{ z-`(LXH{)CrMp$!U!j3$DKub)fX^LsI?pwG?|7y@?_A51`{;r{*n0s|tt6zwW@JK>T zjwek5T}ii?&nInpqQu(SsKQS~ZZZA5qT-(+yio0uY z4HgLQ?jC|maCZsr?(XjH79<1>?jGFTEfAbnu=Cw}&bfK*p0|_zeianOYQ5%MV~n|a zAJQR|Yn12HU(-ig=9@9jqnE}DOVb=lppRx`r@Ep({sCsi7-Yyq%Lzg+d+p4kLlD#})x5WXC0`f>ZDqt{<#lZY+^a78-^;5b`N9r>l`l z*_qg9>j2OJFKO^9f3Z#h2>J%xLnfqeSDV1cki_NP7<}Z#h(no0^U!w!2PBAIrBtL~ z>7eXRB?Q9!J(TS~yvtJ1Y_l0VNYa z9tS0h;Syd57lKv_TxZlrkDwU!)QKE*r`u3`pnSADHs|+y!Xx|x{d+~m_ z6uDy+Yp8$biYwDbtIv5e5^FgYvvNx^!E!g991zDyK2brcZSgRD*_Y6CYanI}^QCR} z$!saxH+sLhA*KD6Y>EQDs~3f6M|mgC<9+}kvFi+YscLYBCo;GJegh+`tN;(T+>8v{ zry(7cO6L^nb+minjfIbh&)j|9b%-GMQa3|cud|2J5}otTTZa7x;_0wq zrD2LOz_TG(3k;A)WaJ(uYd-i}#9ITOw>H6?aRK{o%zh0@1K}CPkY>d^Z`gOW>+z-x z_M~tKRulC{&XQ>f=9m-__a#Zi=0Xh36?B$=h0g@1@mq`!wKs?dfWlKDxaY!C9u6`7 zgX;7ph5c*-ewaYCaoho9V9vk-8qO23`pu?Jqm@TPV4%Tty_v5ZX*92;e7I zs)vz!@DcWtDt!Dr#m(0@E~UPoimz7jn)PZ{?7?I3BM=LU`TL@5-!=tnHcOBSbnDGQ zb#PJX(gj7YX0xn02)cs%nO*H{SG%cieFnm;kR{ZX67WjjVspxg_t-P~*ee>Gi#atd zzDEq7W06TZc)cO_c609mcP_C;VkAc@!9{90YC6K@L+N@;iFg>jr30P=p;hZ~Cnkxe zQ;DKHh9?Ij`wgz`JMJ8(;wS$do8ozYiH)<@In1McS{mHw;I6!vN#e<7j{Dhp;Besxrwm2Y`a+-qaH?}iq1dSy+0*Ct8-hT36CCi6EsthWA zO2>-~x*7TH$etspCLn1={N4ypifS>>+UPKWIYG9AjPe0Pyd;{*2&EZZZUVdCrGBZo39yU#)NUP8$aEHdVu>YA(g&m}x|mhn4$xXWACd z%Abnn(pOh3OQvUr?2SAoi3YPaqiyum8+$N(i0i-=rn`2$CB_-%X>xzadB7{8Z8Ty& zNX6@g2A^^4H_WPhU*Ws#_c89j*L$Gfkj18Q>P2EckXzXEF|Dmz3u#|3&J!=Ip|Vp@w}t87z&`qJkqfO5hb@i{ zXwwTso?i4~;_bUE4V{O}CQ{jd+dsY23u|A14VqA>!vzQ107*3|r* zZp-phoPuWoP;M_D0H`B>z5cAJ`8nN|<>z!;mY>sxSbk2oW%-}!wk&|jOE3QjXhHVZ z>(2}RoNoIpz5Mn5U+U&FoAL+6%a?WdN7DHLEYPzu`y$H#R`YMNKrj3AkKlWzbDsge z$TGhH@Kv5dMlS{WA!k_ZT2AzlfIr_5JVe@vq3zKLhYZyaXV8 z5ifrO;jhTjKO!msR*(shDgSIGOaRXA@2=plxY9p@@7YS80X|#F?*RNas`Mvg|7W)N z*-D-fK8qf|f$+tl|EHt*GYFse7?6MPEP6Zx{hNFI5@`NUfIpL5ev7bw7CoL3K8qf| zgYZ|<8w1^+K=>?rJR^J-J$?t_ue7&6gYX$3fL?zVJ)Zl<{@qRfbu{@SO9&7>o)JEa z9>0U|SJC8;xEjC;G6MAPXIIDw2>X9`1%DMx{s_KjSNII@*%kf{z+c6ZKXVU0yTWIL zFIBw1v4p>hCVvLu^Bx0grJfHAjDR%0zq`l3jwU}(%D?3bpAQVr2w$pr|31Q(!~B0b z>pyZA0#@+35%9B>{QaKPEC3(ye=6vI1mCljJOg~TlHURN>saz9w)ojfo)JD<$?qWi zbu9T42myP{{#QyMJwT8Dn??d?9Q}W8F$3M7!1rt<0D#Xn@;dq*qn5%J%Nl z_HLIO_lHYv$MLckqehBqTU5Thw?zz!Nz^oha2O|}%NmwGYUak=@~Pc(Uov@KT^?*x zOV$oyn6|Q|t`%OGK3*Q?YVwjg@7w)&os3>QW4}JBZWWvCotXf^ORmJb?70qnqJ)WA z)tT@AC@=Sw(*EHBm;Ae;+-~OSipBZheWlUKqppg9-o#L>$h|?i@RIPESBO!OT7ZN} z{E%nrYC0CIk^1{Ag)LC+Yeqe~*XiDsTt-Y6V4EM7EP?oeE)_I2`Vy%%Ub8T(ky)V@ zT21IDfYwlVA*On%#q;cBHz6mB7qp$ic)T^3rV`=E{P2y1g!$qtqNy6rG<8k_V~lNL zdlRG$9gJ5B8E>aw*(i6-9#EP~CXrI7J|L5VQeVe%=k2=Ln zwK`}0>`>t^bL}|j6b)mMvb&Bc@>;uv7}0}oljBbpsy6Fy_|MS4xb%b?G^$+Q3)kAu zSPA7eDO;>mx%W|#Wl`oR-fN=|8mfLmG*%GxXQhIDE z1cU8vx}cdLPF#ZExP1#-Ug>no`MC--X{SV!0jhAWnQ-&XN`%snP8v74Y2t^BOZ4Fs zCGLu8pJOCa4ZoVAMBiL4oSq7*i82M}Q@Zu{1$6d;Dqh|(Ks9t=Z(95)1RZC2+zM3z z(!~i45u+Ej=tF=92Vdhsv5fCTA`5(iB9tPs;whTJtxryjgPvOQ=cs^HyjC;Kb$n-K zRxUGkmoLDyB(VysKIm{P{css_Ehm_crGZ@?%}w_oLVBp|1Lk^71#vdgh_))XjiOFI z?#M$Dh7q9_~l8bHzm5K4&g4Z}Zo+M2iT5UHfZcO)cU#jCy;( z`CXJa78@Y?NSw1|tb5RtV4aWmY4#$$9^cp)A+a$EvdXr?1xd!Ex#lTi^X!+%leFu- znt{v_f6#>E+^%%I(UTr#_t#etG0tqt%l~leDTp&=7iIVz)yXjgx?qgUs4!Z)BY8}g z(C08%tm+eaVCH)KHz4Kyj;LPstrDvO87*A5TbF&Q)APx~o|CE{$KMQ!`yq=UYQ6?% zIks}ZUD6GE9q}9Yyc1zW&$uaCA;+K`gM^!pp%j9q4Z2PeYKPsT%>p&lrkRdIj8oUd zolz}gIJiWCtKVvdzWE>?9+^MfnVc|sA0RQure+?W=0f~YMXl+OpYLFH`TLs+1Ox4O~!^t)*J1n>&5d#{jQaJ+rLgr=%u=Z2pkZND|u7 z%7&lAvw74^1U0;2M**X6ir}fl#e>VIn)<04*R+i z)c9WShUo6x7Gfm0H8;K&d>EH^#v^|x8x*yXZm_Ay)?Rgc0awy>*E^_%==fJW56FnG9!9}%(&HeBO1qe0l5N<&-(uny zcM*XX*jN5i~flu^P1q_E4wLl|_`ztB$^#visPRT}6UzMHqE}d4Tw|ZSCYdER zkMN_!e7M#K!LC3|Djj~j0Y5_Il^I530LD{is*`D7|teTr@9GCP`lxJ ze#{PI&fl#cr73Wn!8w(UvXDJ)@>*xMc_(KkyibaO4zYZ7M^0%NHlzx#jIO+6dQ#Kz zJISGdQgfqv1;vT$N19Wu`t;7*5Sh}G&9tclk2?Py#Z*y@CKYSuY$`dvNkW0PN!+<+ zzSP)0gI;cd&X|R5$ZqAseJt99H6KPvLYc`IM|pcwGj~ay?muyWQ}82T_d!Ud?2yPZ zcP`=x8UA$!4{o$mlO9ce1ZH(ar1OXn`Ye?0$x5I{LI8Xy54r4Rj1>f=5@#es9g4mX zusrLyZsftMnvb@H1Bs0QdCGk+i@-VltslYhjwo~zj$Bu>PeZEAIzsP~%^yj+AG zsJ@NQZNMQS)CM{H0K5Mou!7m9Pq)aT8#2FsT5dsYm(7SQJ*WZvqop3)+@3Lc%s9SP zM~v03T69iiITRe&hdmMV1T0(z%q~M{oTl6?!GZQwx_T&e{?)PwTTr%C^s=|0cHr6U z%btF$xu8y>IOS%Rk+&u|-FsNUg;Gq2&}Y*xrF65k5txTj6WvAE)lEg=!RoY zQUIq$M{f{~VmsJ-d(K2_4@}lSE@8t&t3h%i0zHtE+zv|ytZXnPS;e0f4>aO9MaUD# z4Y{Z-l`uLFdKVtm30`P2k*Wcb-Z3%LMWmf{@)_jT1ETxDz;e|%a?~y5$%eHLvN2;# z6S!rw5Uq8;xNlH!evQcA_Z7`apKa`nU6kTr(4Yc2V<7A_zxrHI5K#D*vmyUDN<^D~ zRLTsh+#R-n>646DB+^8^RY9H|Im{1^FEh+4cj375qg688?&gmO-#_f|F)L4GS3C3f zDYvF`4mpK>kE#<({3gd_rly|(+awrehdi*3cHn0%Rx78&{Pr-;IYndNx!Z0Mc8NO4 zGNw0eJ(XwE4pmd<-MO?FKhjEoPX$c3XN)yRVs=g?VcH1rM)9K&lo8mqz}FikyC)jI z3kua5nIPj&(v}mb1<=-JRihtvNLhj4VdbT2QSh)#4amgznq=ta|2=fLLOrF)3yB!` zTop^IHRV6Ce&UygG!fxtKY2&*4J2Q{&KVBIM8N?w{&gc-+a$6!Dn!#HJj{85UKx0R z&i!_Mb#g}D$R{zA=MsUjh9tBv3QeepkL2AY#E5cWHhwm81gJ-(h=S90u16-&c;Dqq z*bsOL8>H>9=(H3+^a7Y-;rhFM1)*B9H7gUNje*BCFD0nhL}V(I9}3KL`Eg-Jd{k1w zGS*=B{1_Bm&@gGUFA{P&-ro#moPbWK2KEL~mR+kXpx!HhXHZGDj}RcbC^Vp=!uVg)Br(FpBS) zhRPl=f!CmR8@-izl6IZ`&IS)U-nOo%y#F@%0-oHDjj$YP9u;MMj0G8oGOtv6u(!>K zCj*b1NCTrQU)tR05UVZu2iYBH@WfS*xOWdO_SS<@aRLT*{@hw^MLg#)%knvbT$hw0 zqyuAMZAI@7X-|g9^0s$Oqv0dq4CVqmgU726Mgf#Ayk$VZr7dquw|EAm*IiYwr)M%E}pexj99@iDFu;UVj zhrq!@%cq;p5D2*YjiYdjgkuuOcTZC)ye}@HlSB(e2VS0Iw<&gobm&D*3luYXqm9BJ z4!(h%Sui%INpp%r0Iy3q(JLX9X-?Wse15>bn7{|?53=`Pds;0r!X{d{Lj!*UXSfoGqbXnZ6; zF}HYi2v-ft>$o!5)@mvtzOI;fzF2MPM&E!yL!ZwOogc5zeADak)0>mHQAe#UO|{2% z=$<-Va-&|edIq(~SJ{Q!STT4`VcMg7iJ>nx{i~WzVWc zR$BOj*aq&%Mj%lxb)L7DzjQa(rH1!_(@@%V;#&6omk}}j0clUWNmn-n)}acccDgqs zhoeb;>|n5@L)|?%DR@j2$-zR5Si$P8jUBRv&K3E2VkN4S(N}biAaOBq0)wov^a?O{ zC^AVdZ-gOy9hITctlovpaCfSblpk=i?Q(>pit60P#7 z^fRDWKsz@+B5ACv<|P4S8B*aq#jLuLYY~rXHb~CIg~Jaa`wL^5 zCd_(ls9~2>4pZb2Y~pMfv3sk*p5*jQNmNngC*r!x=;JrG&t@|$g*%)PNi5!p0w-S2 zE0N_|DVf0y%3ckJScTy@kq4pdG~S2W`m>RP3-vVHCX7(_DniBzG=JXI7I>IiaS=WC zKmT;fnpo_3GW$ltz{lGVcoV-?W?zA;T4U+>o{5Ip3cJWNET*EW=+&X6YvVe?S5LiT zg+W7H+HZKAHE3io|- zd_ZRe*|Ho`Kc$eSj(>f#)tUeiQ#UzgBjs6&rGBc!YoQ zds*IgwrsE(8B(8kW^|K7qaGix82MMUz*`ntftXrln)h%0P?lVs#_!dsEtklq;I~J{ z8+FC+gai~yBO-W0LiHbKfV`r5lYfzz!18Yd?th<{0I0uuCM*6mF#*sY>#w)|chxk@ zU!P)O`I#2*GNc|*+|2qjEr9iBp25pp^XK>fN(*={a(zh?0MwAaT$1Hyxeg1U3DsYJ z_<6yXImLi~1juDC@3Z~9AluJ813&@WUl(Bec}0LI^w$UfN`-i)qyAt5!prylr&q{w|I7E3WyEF{RG{UlI`hKERh7YrJ{mjna=!j}Yu-$3{)viXnPg@6@g2HZl=R>BN$0e^P| ze?>O`5q!^j!ZW~UEBPIO|3)_duLOjjzU{Xpqh~95M)+(czk~2s!X@C_|K)vu3*qw~ z1M<$Et>hW#-`(SXi+g``37@Ux8R4^){0_qBQ1_p9{73FWzzQ+~x`(`I(}3;%yDRvQ z#*$}%FWU6q2l#R}_|FCWGxy+M+BCqH0ao(-^WR*;ms86>gYbEe0ljGc(x(4*{rSsr z>YoAlY$eYKpRMG1v;XcA{*$rfrGENZn+6;k{w}_MG?qLAe9@+V1K=-X$@4hy=X3IJ zdFp4&ct-f5P5%bMU&fL@f)HRO&(rOnt>o`dw`XDdWi0t40H3Yo8R4^){0_o@izWYe zb^8BLLHgyf@u!dZA3>Ut70^-pzYwHfx(%~oc#KxAlGGI`MxzNAUrZT>@MAi^%EQ<8 zsz(edXPUQv-C47+_jt?AI#9F0X3_vF1?V>1FL=J#7FoHCIl6P9j>X*8LPs|IF}{Pq zQ!yDvHD0NJYWjY%`(m)8w3`nk85;w0)YH{$s&`E{Az#&y&(OwOOE`O5>+SNMGf1z> z65N9R_GFf#HSMNkf+qR1JY0!dSUI7ul;=Mpa9^*QBfz*G%$8jh@lol#`vb=Bb-6C2Y^$Y`s7K2RGsZH3Z9VprqT z9$%ed-d<8GetjAM)6~k{Rtv2y+LZKi}$#a6}VzF1{8R5gMUC1{1E8s6W&BAt5MBR z`lguFFPxmHM|OhxIgOM-UBXd0>H|95D#K}$%N)(|t@Qd>8l;M zrAHSJZ<{M;H36xxY`FFlXzs$!$9>aRhfWsh0cRN5XJf@S%I=J6GS7n5A7%&D zIBr|uptI6Vhu7QW`tSpy+{Xiivg@;tzqEg?__>1IXRmXs0~;)%X@lA|^kfTEYm^2W zrUnhZc{T21*%@U@PeV7CcKP+V@K&4Uyq<_w$}IGB$MC=pE!;byC48V{{3*VaTr95gyd!-;u zgn58S7OHgdU!>gjoA$+iW zkQ_9PDHIDrt09nmC5T%p#jS{t#>0FW@pBPdeSkKf zWN!Ib8!6piF-o?hjA>1;N3Hl#+9}94X=WSn5kG=H`W>ne3-SRo)pZ#jQkoPE7iE0t zp$P>-xTTIiX@ifri^}hAXm3PBQgBol_tbiYd6yBizGAj0T^Z)}ZA25}KWPb|ORX1ei)tnntA$+e=_rN~Mc zHXRgTmLYswx0|81?Hbp!Y+0aRsV|p@Bi80HXGbhmr*Zt6VyvpV$Myy!i{2_0O9ToG8ncd7_!j1?$e-@rrSUrtC1*c&&BToHH2c3( zHAc}4JHRWQ8c;-a_95ph0F755FNJkV`j#gsi8z5mQm=B95MHAE#$n=~U}YN|qdc$` z)xsqV{(e0ew@5BBwJ0J-e*Wx}$W=Y)^lUfd5| zP7aSE=Q>0iZffu*=~Sb zDB7lM`A?(+m&JyAq+BWbrA?Op%k*TpDfZLH}*=Fd`~`B z9SZ50uiDL~GFV-Tfpd)plh{_|G@jk+3a$?_kK)rDjNPhD}EN*gwr&~2s*1@ z1Lm+F`16meB(O)qM$9@EcjWPGo{MN$&OFpH^c>!s8KZ zAfT3ZDNJ8IW6AR|y2+pY$5c1@>SHl1Xf=E&=X`+od{yKaAR?{VikIc`MceFpFuaYj zQR@9X&IUV*rJxLF=UvAB)OxvMftSQuJrY3wF{9koSBbuS6Zawv4t=ZMAO@nb%KWcr zB*mSa-^=gD!)K`n4b|4pEn!?Gx-$j}DHAN8Yn2vQuOqsGHda3JrKhueIpYc;B{>n1 z!w4dAR{Ja3s_~%8_hfVedvR|(L~2BpnM`bK+C5KL*^z7lv_(|L3fegN#7}n8PnBYP zFEaCMKopAOzgXmdJxk0y28pK-<(`K^-OmPlQnSC%3|uVdMKYQ{aA3&}@9sqR{gNpe zt$Kxi>RMwt^ou>#{3~hZF?4)Nmqca6)TV}*utmW^I9wrc&qxCWIC5IlR6)76?i`wA z{x~H5Pm%0kLPahhIBXt($ztUZ$u2EDj_9@4qz@n`HH+1!RV1E+zI2(bj=}hu9w4WI zhg>%(S!_C}v8?U*^gX3Klc9pkRI)OsBHmLD(+Eubc`2D>eUcc>Mnc!Ix9R?FVlFsb zS&#U~>^uSlUbCETsS{6ltRGg9+XlE6jXu^a={bOag3ml6*c&j*j*2$&DUBggA(5%` zF|`N0q3>2sZI)jzm6r1x?hJAT-TMfa`NO1}vnPQURWRKP0v|P8S8hPc=Cq*hEYXNJ z&2_K-D=bpMZuuT@cGS#vMxyS*Bkhhs!vYx`_^R^R>v(KG_@o*Q=?}ETm%95nbXhoZ zF!JxIE{_~N!c7EnF3G?aW_NHi+aft*@wsevZ)NW=4^_X0Xga7j&`zj!5%SR>9g$PK zk17NOU-f9ZA?BOfvUa>&g8~YNr?c@!qayNelTIt<8i@W>=o^uf6crf^Vm;3kwRVaZ zR2*9+1^wNe0Y}0Xkva#nm`lu`z`9UG3E~K`^9=#rE`r8lxAW8}nN7Q*TOW?QOzoOo zoHGnJ%R-wJ8Hdv4uJAElEAOc$N%$_=xtkGigUffu02B6U&Z8^H9<(h?aUx)d+c~LR zx?XO?ZcHWoB2$md&tqq`JE#+dnvGtCPq_YBQ(y ztzKxnHGmCj_{N)%-;CMl9>eYJxZ(uygs=Zi^Q{9uV`7su@?uXn;9+Wy{mrKM;a788 zL_ZE9*nWG={_9j88c^q^&B(6^Ga}UVZ7z(NPLuUVM$LyYC+#}itKlmqQ_bVK(H4lH zN>>bfc0XG0OuuK-VMIqEpl zc!a(3*3c+I5+~-KT8!hY>KG0iPWMcr(r8qkm%`vFuHz|R(=*y-r}31jNqcjYHz-@2 z;1&lOk6LR*>dSh>f(xtJx1|!i(#M?qZE(gnuZm7uyM*0Mk|+_fOf<*n7qw$>;98N*0SQ% z9Aj1(eIH#z&IxA(WZ8ir;o__Cdot{$?9>1&uW%5|@nicii4GQL=;eJMi)Lx7qyj&A zNyj-3RyONIU%&YBb*O9^fr0_j{u5C{&FrNOGno^-2ZXNA@RfW^RqbOO7wH8Vdq09P zlCED5@5)~6qjh2?h4v^#ukJHJdiDo9Rf_uLGP48*T*IMPegIYP_9d$PJg_m_t*m9C z>5j^Yy6EOMeci_M#W7KE|D0bDR&`BeY)81Id_U(kB{bwcsy2|r(b)Je&Hhum{Fgd!Kv&Zj@eLr8(qF zO~AiSe0m-L1<(oUf3^Vs<23>=x88qJGR%N#h5v$*$@@6~YNj%&S4W2)ciDsxu|B?l zvR;+sTMnP&9iOaT=!fL*E~KuLZPjBl*Lx$xFE=0gQsqwdR1mtBrAuuHSo!XjS0;ow8Qv8$6618+Qp)Qz1wqqKQ z?a3x}RTa(%AG1u7H=t>CTVUk~6Kh-LJ&%+3qaQIXW8!x^wv(hIrnnF`@<2c_b+uVu zB~^J7>>K7fQ1Fan+KB_~tHw;fqpfrQK>Vi`46w>E)X?m&cY&71cLJ-3cu1n03^TNlm~d-?Qos z-mHDo{`g7y=t$=Z*8XCP(~)S%z5xS=Vi8FnHD!u4kPwGpvw59xX5>W?2(h@fj>n3ByN^cCWq;gF~v8SzyjE4hr-cguMS6;6gN%_u(S_L78+q99` z772Bt3Am6iQ#@#$V+7wc2mn65wq?~( zk$*tu|59@-BsB?(!{f6Iz2`v(Hc>vME76!@qutXpj)-6)^f%tkv{Jpl!@vZI(jK=?t+14rSE%g zLu?mFr8~nlC<3eg(81lakwh6XI5Nabb;;C?cfig33f3?Tt_wDh_4&QJxwi9jeH$? znk57g^+VL`-$hUpf3NelqRhIDp|CFf{5&Xpw?o<*sndAO*JmDTnT6Cq6h1+Ny~g-l zBa{g1luPV9%I&kKBq*|>zL=0-DLy&dL3BO1RGF*BMPnj zl^nK+!zsf!ua{u5VOZSxW(2Sc%G~|7QdJRKh^H7$O)fp+<5M{3BM*mQlK$3} z|Ka7kHsI)@G!N2Sp9S5LhFv=W4fHIbP$i@c?}ij|-3I3}ZOL~zd5oo8#~2ge=)hbew>@IK8luW@Kx*?kdPO(T z@FBpA0E$hp_EPKzT}r;wB%NezSm+Np{iiOzPkP2&?IvIIV%#D@`erPKcQPcF=)R$U zr_sKlM&L2rMw4jNLtkvuJwhza7DYn}SI<|u86*ApD%Nw1GzN@L6B;*4W;-%P2-h}B zBtI`7JcD%p4Cgc!J#F!9ER`GggT)cB@@AZ|ZNwV~2mUB8Zf#^$8C7s=={3^fO;qaO zSotFGSMh4v*}Y+Jlw83e9V4dq^cx;fU&r50RF<{3F3lA%wg(AlgBg6% zaRlBSyYenSiQh+(+h1YgQ1qlly+D1^MP$A`rrI2hxEbfB3B&Zz^6nROhE{>+7pGnw zp5Z!v)z{+>TvBnD5kHcAKt;#bl+ObEK8wWq3==NxNk<>J=acA_zMe|ouNs4UakyD~_ zUTc>qzr+FetI(wiMcR;~$~=k9*^xDu>8~m5cwVNk>=cJ1sFjKf zcqr*Ro8NKF4g^TG3$ePwncwSV7d71tc-$pO97ynh*us0!M){WGX$&-Ky*}g%sqhEQ zVHk&+QDoN*%9SXp5$drbD@K)PKrx0XL0fq62~{jXtSuQhjczl7D49#kHtk{l035b1 z(GKR&3xzo3P1s{_-Xn79=!IUSeuc%UW_#~&ImJ2i(e6U9=B}lSN>u=RS##5EH1JYM z2bA)`vS#VS7W>0Q!D7LR)l3dNcFO4hM;D^u7l?tT4V(;H`fo{5AgM{Pl+)1KufnP| zofi6o%fyUuX2)h>RW)s>W#l4I5H2lUO;bJ%3j`|8SSZ74B0JG9lS%>;zJGNr@Y%g~ z?b_hb^04@`Ai}KgYv_LPD-4cVmEI%}mv|tknHpwXlB5l=>Kkr^pdRm_#CC-w@sPX8 z~p@}VPOqOl=O8N>RM$c7J+!SA$uV8G;@*yw~`ZOp%GL_`-2JjIqCm5TfX z@1igP4IDs`UjJHfT&9S|UA}Yv9er>wJ;{xQ(R9Gdq8KapDXV)g$ZoMVMo{gYAvrfB zwM%wpifR_|q9?EDLm5!md)_+>FdS$;72IWd3zh1V0;~pSwu31;!=4NyKRBkmbGq>n z>Lzm6uIUv1PhjYUy2F#Plg#9eq4Xags^pL=lt*LTSK}8-Hp1VRb$%zU8l6+EoEd`@ z(xBB9@kol+@~csDZTnWn%^nbBh$QuK$Er}T+nPX%IhUec=AJT<8RwpN3Z_zRRiu`a z3i?r1g4|aiVMsoPK1MdiDCXVyuHab_Uf~ofTp^8F41qXv|C~!&@1mOAUI^hPE0G%e zg7n0bV-BXgJIupMJS$<)Ybck=5AQ(S!fnAnhP6?u>I3ORDsW|)?583<6k06J!V_FA z)R8-4N+F8(I!d=Vl0)6m;la8fcO4_440=MV4vM9G@rc;%SRf{Yn(C>F^EK~T!Zr22 z$XVoIkIAFviqyU&Avsw3OwBAP-=ANc70P-1B^Cc-Ov(r&hdxD^uGS|+`_?vU4Zz%V z?+F;k5vIes!xDU#A&SJ6IXLHndtq0mn8Ns@UJBe*z`%bdQ9_uBl-^ zT)?}E>654Xl^%{`uT(v-*eY>RUb&9bG-2YSIBz374W7b!ZSSmjl=u~%)roNj!o?3h7_$?_gfQ;x$KzfX6Uc`{p?MsUS{O7wK<|jCg|BzTSSdLtq5_)y ze)j|TIOrbD&l*vkjc`7KUK-pNye(R9oYw2&0r6EqjI3zIiNIy_lP)@~xB2HDGm^Va z#XPgEM)90BTL;uZG6F?umP3f98^krm$ut%~AH91RybVDtNljG;BNwsc%?ZiE>=s{d z1iUOMucwuV7+qA#meaNAfzpQ39}aEzZuHaVGL+z-@Hw!iT5U5ON{iml+&j-AqDMNd z(6OyYC+xYv)Md`d7p?T47@=47#s-zE!gpR#um9NC8c(w_bBjf;ah&MCCLMxD7FT*# z{e&L`{?4!*XJzovuyn%h+I6`kPAlxVX0i%qp8AP73DycVUZp+Jcg1%l9HLelJ9hh= zn+#hfO$pcGIJl>qay6C?3Uy@CL=R(VD_AFKu%$*vOnq5YCkL5s8Cgor!ew$pOl3o( zC)6fxt)|epO3M9!@2m5&)ftU9X)4EM__og3fXokNYBcS6sGI{9_%aNCGN$lVG|7m1 zX$o!vB^Awt9w0HxUB!kDA#(oUK+XO3H030Zas*aIyIQ`t`!>EC)io&`2b%$tKBZR` zGJ~p+c4}s4@9H3cLMs@ZGDey$jX3MB%DFxYJ?UDr`4Kv?OAfl~Q@`IJjIVRT+_lCU zoOzvJ?4Fp9a9LiCBN4kw z1CaM8JInE>d+!yuh+4C3Q2owXIw;KK<7!yCDa{0jfPk^xH3P7S(Y-VcG<;p&9RQ=$ zK+CkBvjA^t5tYw*J?eFc<%Wq$kT$tDQgp!;w;yb>`W|cu3!>GI6S?3Sdu1T7z>KOQ zG-})Np%eEMtig5mqaOrhO}=G1(q&H zwH|6R`d=IBP+4{Snp3w^Rv`Hn+SsWy^zle|4ucd}J+kG*znx?PfdVNqcGvuhvLL$;q+cpn#+TsMe1A=@`Lu*j;G7R^~*1B<`yexeT*THU8cqI?^dxXUCL9Y@7K52 zd;7Z&`h`GD$yhP3F+8)Ov$66H&s@%}iLPJQe?eTp>Yp@%5 zRW09Qk(hpDzhL*2aqo6ExtU{}z}mvvPrNV)>KdmHJE(m>2EKymR4HA_)zOn@6;DLy zQEFcao6#gFdO>cj#F>q_h`vdoo_t@pAMCTktQUVNq&+NsOXsX>cY=Ut(~5W_4=r;a zO~QFG`8DT;jheLzaev_*TT9{5?0XUgUWJw*t!+^H09^bV9qS~AoxszUV)htirBUzZ zaSoBCI|Ii(B%9P53(*;8$bfmp3#@1g*XegRHy$|3!>I_VW?kgG%d5o}k5kUn3TKLL z#;0}1(&|wdm92Pv{if$DcNe&5HJAm~as&Fb!aq5g&^RKB zW97s&JhWhBp=c;t!CgVtWA5f546L(!Sb0mo2@ihsJ7H2Pu}5c`E)P03UCNe^SA%Rj z95mDD&QLg@GA_~HgZo&Hqw1=DAi?4=j0gWUA58zBFNklVqkb2UcNk zu-o_zK4Q~}25$p@z0Wr-0-Y&e4{LZ&MZ}gPVO*fRR`8^&^_xi@Y68RdloqF0ZFb8} zPC>L9a0-$SW@bZa_cnsCRQ-wUoPaC$Nq|GYa5RGzf88e5q88`7Fc-cz=d=)2X}5G;^3XssM}!enihsz5KSsIc z%Y}q_geMD&ni-npnK6--nI1~B12=MJDf1&z`M6itBesUvS>;neN1e+KH)xE|$>4$% zFe~`^Ar5q(CNet-l8H-qzYq!tR)BfNq03K4po0vN4j0KU+ZTJUI9a#qV9zh`Tk5s9 z*r;5Ok;TTeAKYOD24fcUV)N5CekMXlH0hAUd)spY%4Swa0?z%Dk8SJZNk#KpVMpDn zcUO_`#tURpyEo3ShuYt{7kCRUE8{qWON%OrTtvr@yXhNzzwT>~!^TTKJL~(z&%90I znnD~Te*TIM`GlYyWhdfZKXlOMt@PN_JS=ZW&eNXq{; z&ZxYE0c?$2NtXB{>D@>&Os18#l7s=O3T1q@UcS&)eMQ_lew_>8uEPe{P=Enbp$-P*F)@X{H^`cRr#{BqG?xJwPVVXcYwSu?;x0AdoC+edXG9-&Jrhogl^HGOHm)}dJb6yQFCj1amdNA zaFR_n4&pReRmZNkhWg+T7&Gq1i~8`MrDm+CUvARHpF8ST4{N!<#(}6Gs!bLAZV+UC z<44U}iO`*tkQ>8%w>F6`o)gvLc}X?K^eWw&lU8MNBCzdhs?ov>e2;oMWSfRH z5*%)vkcu<~YN2Nk-$w*hos3dUENonUvO0Fq#0{1l&XLW-6hE83vmz;keps)vPX(1` zaqN1)g$@a8n3zXCJiyaUm`K%$!4>RhLM{p)0aHXiB|;ONf(-seF=4h}jBYE)(~YgkMF>%9*Ug z8j2Ylk{A-BC@HYCGU$C@x9Ig9OtJOTv@9Oc@ljhrc6;#VaoWY*X&`xgdr7z(ZR&mY zb{W40D%Cz+c%xVDyIAt{SQo&12qlaU>0@zceQc+)A@rt^)E3IYAUf}31P*A152qyD zAH-llR|5l2DS?oIXm!t#LoqhpoE|(FmDd!Sj4*3BgVmLXr^n5|dSt@au~l4GJEC+n zJyYRFjW%FHRTW{3Hn5W-bt_0x0A`A8)DMQ4C|i*gUymzZL>5nvNP$2t4i*cB3WtJ% z^&x9)%cYsS;^uK3bR-2vY>fIkSs- z{C%G=O$fj-w}ly=0~~W(7)DYRf6^bWCl|uZiWdg~}6r;e8Dvr(+t-v3d$E1(# z6byF;Mv+tE4Z})&xei?b9jAxwD7LSGpnlewr3Wm^NlC$d>#TYd-D5^28sAr(9URAy zB2Jl`9LL~7l`^dD%DgUYybTTxDvM^~jl10eOp;(`6dSQUAj!tZCEkY;f^DEX1!j-J ztRGT=%0y8jT~}0`6`aM80!@{hoWL1Q{oh_>gP8{eg_qOH&ngn!@S-koz;8W+Z z34iCCaD?4ZP}sNlSP+F1r`l<+#gUq`wzt)iD;YGW$6e24u;+DOJ%+6?FX9C{%(0#; z2BHL@y~_+(-54&t7m4OOJJRA1Cxc10nphs@jM*!A01q+h!^b6fEyk!wZ<&_ESlaCZ z@Z_o@7qSWCZgB>mkPf;4_iuikUCJj&o}JF-qc~lQp|uvUZXVvUAT98(H+%RX=~Uh8 z*(B*vm_+Dt;hkZQ+f3+bd2)&yh!>?57s~voo(4=8$|8)O2H)Ax;d1oTU<@;17;1h* zpwT;`Ak~E>q9*~-%X>6x-CMD`7G0&xM@D29G!{U0ZGaxMH2TQtp9b~|*ydbP=kwZ= zPR(4m-Fb1Q-tgWiPA;;16gs&bjhVhX%S`@)J~?f<%qbvk- zFe>O>4+V2;MYtA)>v~2iw^v08E^yPNHZ4W<{04nssDflkuNXRtNwbW@R|HU|_T5tv z{WK1jqHNw9bcvw8W=UbImd%v{p-Hu(f)?{=y6@9z_Of}u)hmL^%aU?kJuZ#~2U;S0 zQI5`k(WU@a_tv7-pBTu*(gF@}F8A3GM?{z5DB|enpN>Uv!QIP-)Ej=1MFJbLs9-`k zHAQa`Sj(2k3@5uaXBs!kofO(_QvL7*e95=_p(HnBl1>J^Vad6OV^}11(wvEXSY%K& z5cKeAg%3DRwOt#uSE)$w|6%SOgEI@mbwfO*7Rqpap*udNN8|0l$K!=_C7#|Q4_4vs$Cy~ zLm|8;TZz%Y>p)@gYO>UhPstr-lu9U$V*#duuXQ;wu7D_ zv#q1Od7fYRej?bZHG$TdhLrjcdlss_(76HsP}0xPlk{P5#aVJx6ZKPZYbbkG>OGclBA!3!Q!9p#PZL{Z{d(^48{OSeR? zqu%^Yr}6%<2H5|?&Yo{Uzr9RqpmJ?nsZEL`UsIOo(nl5m>BzqY4RU%oyDjFRYa7f< zxjuj=s=p#3qLP*vCX}cg1JqGJHJ&uQah4#P=ZA{p$Ox~U@W!$;3D)74L2e3aL+l|J zG=7K!rpT0|gcYCiMf-#yi0TCY!hrS##c|#unyCOkVX8B4(crz|pFO~`g>^i28r+@u zbaROcB%s>SfH+djiA|zzqD&kl-S|P(-_$UIlL%Q%kCK|}oUtx{$~Odynr-4APb-M%G4;JY5;fYB1A!ZtGVXo{|A!7(-#|#|A)7s;qHez1y>y49DVu$?TG3Jzx z)FV;i-Z{zfA+gEGC~!_T_Yye&(Jnh{W;ki7Z0nq<$S7!LHqIF%>jKm=ZRi{i*T#7P zmRcY)peeFwplNo$wbptT@OUIT`_fMxkW*&hZ_-s17o2L=+W8_pSeqZV zDr|j5R?A_1Wh8UMVbQK}>Tr-V78^+#WyNe~l#k-2%LdiW<0rUMu6;tq47O!|Sk?*+ z#U*11`3LpvR}lRf{>j+-Aq%`Sq28Fk#~CJ%l%r#mDktQa+O*7p7^M?h_yRcHH18Z) zl@W}e^>4hSNvu3{RX0+j_DIib#hldzAz*>o4R?Swl$z`1ccm6$P2)Do9~EMC=SE%t zscg-*&>(p(F@9n>^}trpG7Jq?LTZ*)`BjQdo|KzwDk1{YY;zE(cwH`eB}COd8T0pF z^Vm*skTSL`Ka&>nyv8hXI7;%domF1DY=v=F=plpd596@FX#A97+|@{Pk+6ik>9=e8}~%U+xTdwn?-9%z;V zX*NgU^Jxw`^~z?A*$0}#;mx)l{)HnKu9wcj$@Yfb!)fqthC;3y?3)wO>&L@1c*<4M zlor-r;YMiLar*8)rn`-;&_xc1KS*dyxjj(>9#HmOt+QN^_?P``~?oc{VkD~?|qF0+H4wgRaOi= zh_@#f%vh`pIXmMvp+)DA%pGzOmQX^ZVu3;^?Qm3-uRMHcCMWjP2LuX=RHdb8%L@|B zF?*GpX5<9;^U$QbJ2}{htZATqqDsOmCB<9ixh6WCWlx=$b&DP>@*{YmPq~1j&p|_+ z(0i%_7E%_4Q!jTIn=D77S-W6OsrV{x&j>iRKk?7*;tUL10wRi3oMSir4r`1VQP}C* zRQ)_2!a*J-A?F84B>j;S_-fd!yplm&=p}GZ^0P~$T?#=s5K&UuRykv~!$0G85ttKq z*(I+5CDywOmWYWzo#bV{ZkmdFAj#Gb$}`ElgE~ zXp@wd488|lFC}Cz2uK)EQ%F&1BDI_`+-uf9NM7sd+=i=Bt;%e-E^U{;F~km|nBR`& zMjgq@=t3?EqdH1&3GrqefaB@#$mk-UH{SefJ~m^Q`9w4`52-~tW2B3YT-J7;nAdie zpOk+v88a3_jHIH8M?9PK*GU_AELKA1DlsX-W+kmPSZ!ITxmYPlXn8c{umhUKwJgdj z5V@sNd9b%F39&c;nT@}D#zf<6=vrADc9-X`#zt`%?L-A9a8xVeJ54!Gm?}R~qSioP z`Z)PR-x%y8Mf@55mBvg2KgtGgS3B9Zf=N9hAuxM68x7#>V7i*=phR@|wK-Ac>0(#^ z{lZ~!+vRP2nxIQ^3S@Hm(|f?7>cQmar}h@F0W6goU+v%H`miCZgBrGiBjJqY5)Lx@ zKau@THG(X7ymhGRpVwxwKS(Z4N2t4n%h)6$nz)}-tv<=c+i~a7yX}83jyMz&$kpN= zqluFmEeddRlnlj37P;2VqRO$l&p^|QD!%g6qBNjApo!%tO1uj>U9vlZI^O%rYK=sP zv7PwOYv=`-AAlfHNyRs`^L8wtm4P3h=ksRHNg|6G|cV=@eSYmc{E6XuK#lh(7(5Wb7SW!#9rC7gU6ohevMI5s}2x zfv}sCHp`mExF)J3x_;6i^j#od|2RWQ(C}Kau!hiXZ`i8k)b-)yi(5HAPyHPW;7aN0 zsRud_Pdk&yufO}*l;9MkDc&9vc}2kLUOd8V4O7u*>lI{A*lOWB!MN7k@56Xm%7g!E zDa0K}^taGnH4CG{k+Cz*hs?}NNR+!kJ>+l4a|$bqgK_m;T03w^=uNRn;^d&#)wlS& z_!2fd`IwdR^Y?kuZORc`g42Dfe-L-&i(!-69Z*>pj|ih?hQ8f{DNWVI?a3Su#4(_B z0w72ZOpUo?^IT%}5er3OsrR$v1;S3fG|;#f7pon5LJhEE2^6A~bQ8=nRS12EPS;#Y z^7PkgZmBdgN8;Kxa6LdbzA?}YGJk(`lo6`LENpF2v#p}#RZshf+~g{bOj^`yS3e7| z9z$Y$m9}d-<3RZCR6j!{Qx**k4L60ANh%N>BIY$fN+qHss(yS-)tnF2?jnN+4Zi(d z1=$EuP=3}bJe+=}U}C6(E!{HH{_>WytNgg~m|K7S1=LQ#wMl%ZU69Cf8C1f(`wFg{ zT&}JheE~ZrPJ~=gL#uAv%Q)&y#;IAQFRgbGU;+`JPW+*`c-2rs^?N)D7QrG6TeFE= z`~;M|BLy-M{Vu1@5MP^l{TIKjB3!9JKQ@2jYt=GQMz+;il!~!d$Hv6nZjBUblT4|T z=sz#xPAw-m*WEC9V%M!6KLm=uaY@`I=A-^;N!%^sQo+ef(tgikCWCw}NpkF@hwg$d zm3H;cR^u#DfZ%t0-x{G1wGl6Xf(Ez ztBcb1Y9{&09wxLtLB6W+n*LYH)qnB9{y$Kz{u4L!KPXph^#7S~^uJfR`Y%X@|BiC? zU%Ao$-|1NY`TGCUi0F5E4E$LdfUwZ~;c?!2Qq3*mHx*2OzWI7~b+&%En0`3-!y?H=?N9zcHbcMj*BQ7W$G=J0RgR!H z5}W3DK_;Pklefv`1PgMN(3vXd=meLG$JgsCkrvyAY>gI?=N)a||202dUY^R&4;N>< zPTEhx&Am)%;p$0KDgQ3H2!Usw<2n@Cx)rqj6tfp-4;P}brOYSJJcDd}pP`NG+-?qE z0e6a2yXZ-=nOq4)e~c|b>G=^yX{PU!k?O~EAf z%2%4Aj3nKkYw#zj7$ZQ=ers>Aj(;A3)+-6O~_;5s8 zcxL`qBg^NUvs@zg%u~i)N2r>~`74~$SkTaJfTweZ9)ZYTD94ZJCG#&jgj)mSNPeOK zekKzpM8PVGzxM>(>(&5r!GV%L=fN3!*qFzduJSR{HzY_P>>@Y^`822$nn_W9&gT9Al7kw3e_wP`D zEw7J5wfQlZ5gQ8n5-j*wQ%C*%CrwO3JM6 z4~VFs548YYM!r9L!%wWi#=jXJ8L7P#`;ocS4LeU1K{Z!)XU7ntRh?ZOrx3VFGHOwz zohi8ZNl2WRD3*zLn6(c`JEdtFn#TYJ(g4CTpXP%<>0-~?InP4E5L%s-7UOP-^$F}G zTQNA9Xq}S$ur}P9Zu_%iIMGvXLWQslcR}~rsm~6pwLxtJp?K`3bd;LVG#58!#=&A# zT-@%ccV>WH*#i3Rx@0&r9zUO1XLFw=sjUi^U}y!XMLRL9snT0#p{>v$@}r-7~Inj({O0emNtV_i6;0LAlX=aEd|gZr z6X#Q<^3`fH^FhlKr7dZEEtcIQ=&+QrL3C>~P&ca4J_cAT65s4>wbKu~HcR*twRz4? zrO+sgZBk<<;BDS8$#AyKUBY^@+POg&iuqaP$n2_MM1Ra(IuHJBf^$Pg!W>ya#H2p} zP^&*FPOXlD3_Dfl#Fv*4oD8}p(#Fx9}ffrW@ZV5t^u-8V z7sfdNojr>2*~)#!DhpIk1Njt+@dhFO9< z$e&0G(e~TC2bKRAE_GvpA0JiZ(|Hpj>{RHnCT2fd+&wrXD#S=0bXz%?+s;Sb>X-?` zya>d2i{!RwT_iKAf?&ZQ_Bgq7?!K>6;ZUm_9e@37zv6wiW7+S@tZVhK5-#>O+mUMI zj8ig}F89#dwLup#dI@K5)`4X%|9XH{uT=Ea`{E*;Bw9z-&?sCoyu~MvHCK(pIB00e2m46T}{( zENYfxy}Ex|ir?v(xXsCN%1?7qPskQv2cY~))ev8v+E^@}q%2E_c2FPe>q zWU$4EsN1&Xahkd&OGeWPqazLeMkPqz?us14B)oMDW?)HAV`AW;9OBvhH9u zjoQtTHW8P+rZ_Cg22_@_Me)u>na}U_#f`GN$_E%a1+3C6k%bI<(YyvlL#L#GU#u>P zS7hux#|R{N>}3vR!4P+o1c>s(T5@Y@eD7K8XhuWmyG~xD5?D}gXril(g(%h0u)s$PV|`)f^Z2=~Sxe1Dlu_ob$^Ud=?PbM%e!cmr5jc{9&0Q^eKgE`)mLO!H)?sSFO2q!McF^iqitA7RnYmJfaS~*R zB<{0t#>`85U#>NA0Zd6y-#Z1Vsvw=JAyWJDJ^d^ zur^_bG&}gainR?AEtg9o#mZtiYs3?kqhxT49fdh#c+qj!f$_3IMHxBPX8Eg)p(Ty&3ck4fD&jM=Wg7!}}q zh3zWTa`#8q>|2gG*xayG`8)or;H_r6vH6v6y(3}L6Ft3p*JO+fH0I|kT?Ases&Gu1 zNFJ*5mmf)=SdKBc3@j)A=?zni0&hTFwTG`JAI^xZrW)=5Z^VT)E3F;uT2A;gE9YsC z@{ak~eSKTzt7J$RQ?Qw7mh9yi{XlvErF*zs_JoH-Jn-@)VvUIN>tPi4dRYe1N z?~RAr$xVg2@#^y8g@1Ncm5`OcHTR3SOFp*<+Cf(pBZhhl40i&!)SQ<=7T|Rj!^=`x z>h7xIOGr{p+6{?}?V|TFY*8o6+fLqI!O##{XRD8QlmBa3d6)rPm9h97iK<8kA5+5I zq4%MXSXbVL{_~jGl}|;GNF%pwc%4uQY1C8FrE|GF*&YF8bRMx8mB96cZO-8>v~uLC zjMD#vdu79>cbZ*@b1836m=Ah&7lO}F7#>{RwY644@RrVPvm>UxSmBFu%-UwJZo_Z3 zBY9Sf@Q6dGB~(NO;ME|yq_21K=sWOtS$~JLn3}|4ru;kLcK-YEq_rqBhMk`I@4%S4 zR9v=xrJ^cn3wcV6^&SORX=Xq)Py|7#6KO=Y%la{$%1u4LX_#C5iy%!MwIr#a^_NE+ zX+~fw^_Qa*)tqKVxx^y2A!9jqC%W{|)@f5*10y&YSbeeP7e zPZdYcv6IZWj=|Chmd=;_kg0=&(a{@>ni&E%F9Du3t!|N@MQ{J5_ThJ4>Kh~vr!ws^ z3XeFt5x>}SIUj+W>-;*}9hh411GOwAhT8TTQ79&HIW%-1@=Sd|3rC)QV6o^zoIN+2sY2Q@dW{JOjVIp_fI;;)QnfPYj-$V2eMusUie{2Dn2( zg`6TR>Uz0SU!>7Xa18UMm=g65@`04Yn}s+?NkS+bl0Sd$A1VoA?Q6l*bMP-+IXmwX zJDaC9*UfsUXN!LVV$>l(BTP=-M>Q?HoSQ~(EuKReO$cjx0UJa9`p^yDsvUa11C;Z* zz29P5mX1jIfweQ3)Z~^jSd*GcqB51fPbXd)mXc1c1AJ!U8?9UqOoK0B=)dy(GH*Q< zitIu*mD#dq(BVhtk{Hv9h)RW$lI~GGYzzC#Rw%P;fK-vAM~%r<>c!(3cM8K8*jTOGE?*61T4Pkc(^gpkkAGI0(>}?koiR{bLf0dG^v{6VI`D4i$)x!3kmBGp77Ii z>qUC-$M#Y_wh3BI9XpRGW|sQ08gR=V;y^it&Q@_b7J4apcxLFFylIrlpt<|aJoABg z<$3=2okQXlejF(Q-J;0DUv=zBv(y$8JyQ4AFCZp_RKdSN)q`XK2%$Dq8MFpEB49lD zQBG*%W?f;%_u9MMvc1!&RS)rmPVTv%xgRZJNYX;Lh@N@yQP64A~eSzqo=+ni4Qy z+d9433!d=4U^8%?cW*q>gZ%SGWG03S3ghG#QIO zaXU`Cy$DiZZd;v{OWY{Gb6#fuDpF#bNs54ZC4|)+*ZO1Q-qpn8qa!Z~{tkR(iOT^? ztqkG1C4x%TS4<<2fH5q|>}8?OKY>=`KJLQylQo-bcX-`$e#IGrlkVOGcwGblcjV z*nzBBzg<`hsjw-9x4UWJ>Q-aa_vqGJ5W-168|Sf6R`cRGxxRGo+IYBbjNmh7f3c=tX z4`QM89}bw-VNgZye`l(CjqftuFphW_S&MSLSFjDvlV5X3F2R zEZU*F`H!KgTg}5~v&OLzD^1U~<%2`}N1bI6Y7UnFD0+HNjA_>%STyVm?5QS41Dp)_ z?r!mSt^mbW)$_mhV$)8<_`X490>zwn>S~}f`TRIOe_z|a>1XTYZCoK*Ac8N(`D2Yc z?FH~M@s5GhPn@5Fd!ILESRd2opC)giX%Pl2Uu6kB1K_URt;KPfhmozaPXJgoy4twp zG=$4#3|a^RN4e)rPmR%JHY)3s#XVEejYADREFrpB__|5mr#UJuA;G3M4D6lt?jnS_ z$%TJs!7estjYA!-C~F+|DZqF*6tUqA1^gdE;R}uNCn)aX1-3u z8d0;pPTA+^Ifr|Ay^<$+*m3TjnI!WTmU7Z|YFDDT))V=f9woT+c4e+4$Zh2V)n)NF zWx)&0}g?%0H5szcP2cg?;pzdKg7tp zPtl@=+1&rw*`+g8rNxR&{l|gTsBF4$LQo(H1W*UZ9BZ88P`6XWgXw~0#&9n& zs+<2W&nw^F6K(2w*O-Q9)?XXNn_K>DrijOr)bk?@Fef5F;l?^5z3Y0Sd41%+VfA{Q9T; zAhIbk!|Q2fggV3WUbzVo7ox`ZkFOt^5Vi4Pivp%Gl6>Omf@)suQes0JE6k4{6AM`; zf3QeGMMxafe=-G%*iQXs9hZ*ipDl?I9u=-xgtsO_!WR*TQ)UDpp}Kpb!SGNx+S`dC z4<3=IehF~EEYdNa7IOQyWdWWWGaw*+P!r_ZPeZ+OtCU^v+|#yWU@A0;#|EJfSMq@- z+7acw(i@E8W8vaO9Z)7?;rhPz>Sk>DxV12c^3l9XQ{)n@buzbG{@gWfNy%EMFFgyW znix(YM(^X+^_$gh+CmSzs=aKQWVMQyW{UEcTGSsDD&ifHULLw3Ey+toO-x*UM8cY| z+f1e4{j(J}yDt!Rz{x5o-D2^(VvPF<2Oy5rmHlTMc@59uES$qjxK zc^50u&APQ9S8v|C?PhTk%eD2u`6OK#|#VLUTV^+a!jzv<06;{*1>wCaaHhE;_AVz`j z;YDRpIk-BZ)QC_#^9yViD)?^F@h5Z{P)bu+FtN9$3kgxSh)Niz6T#8W+(bNS!JNQK zAQxOhKtisxIM!r9!mJ;(sKD7rYz8|2sZP9JXk zo>-dyDX`xp!Rv>tUn+Ci*Y%&euko4YikJPFnykUGL%rhe&jXJ;zDNBupRb`Wc*S3D z7VVlX7>(z)E*R!#>#|S?v=%fJE)%rNmoHQdFUp zlc8rid>H5F-)IRv{Bb!s!TN|)-^E2sL<#cV;xbOnlS=aAH^TC*MkP1T?vUrtomQ@s zpW_+&ag-B}O{oA*R@t?guGES9cCX^JN9euX45}C=Wu-viGD{Q~XlB4W$*nmYUg-;z zL6OO|^Eev8Sq+Wm>Uzht_lY^^DEDkq7@}Drl6w{TqY?A}UD;uy|1Vhn|F*Kj_MIX9 zKY>@+=>Ja^%l|&M%6~rQ{{2=PRM$E3;!PMqXHr$Xdo-#qeA%TQ(Vxv0Abj>vIac44k|S`~9zNHA8}ZQ1TL zy^fS=AfWu^GO+sRrzb#U8C&Z?u_+TxhsCGE_228N^7wHLzw-2WIL39Ak<*hWp(Y`x z-efXHms95Q;`?&A&r!5)7(mN4uhCjxVs z4dBVY`iOW77aiIbLn7T5*B#RS#&^+C>SAJfQhK$ioFKhRm!+PUe$O*lEk_Us*t?hj zx4V`F=yzx97_u?<>VpXOLx7OEZ#>f2%(MH)1(Us&A?5=YNCJW zN?mp5fMoa$y@Vp6xJ*S~PzaxExad}*zTF%J7=E}9f<{9C*pJDRewQr!u@h(xFJq73 zN+KrV2>n?EY~m8la$a94iuKL+*b5E%clIVY#+d zht-oKtcx{vkT@%?i83_)A~#%TSv+ zwm)EyiUhHcp!&u1-J)Z#u9(Ga$s#XKA5q*BE3^OkJpTYj)EVG3Z?Qmdsj}Ul<2|ry zqAaV0H#lZr!bv60c%L!M=ZMtv$fs@3i5?cLZ%bYzhpw{fx$22z z-s?{J{QKXsznNrpeIA}jc?sH?fx`EW;uuJq9}&9z(6*7JH&~f*$i}S%D^!|bb0?0o zzlBUWN|Ac`5meIpm~%5p!KSAe6~z15YM6$td1G?&e`g$JYgmqkckm2-Y-vz8&JjP* zYKIk?t83EVeyy0Y1pfFV7_4ilfl6t5U-|PP#?}}txKI!Ho0C+8?2n%UHS>kf1monf z{)WFL2b}vo!m|CC*;Fs1I}wvVcXOtBBRjfmW?<2|HnIvqtN^SsJ8GMl1t0q1gb0Xr z{tvyNWB5cCJs*^`xpVniUB$^u3#?d;{M<>RTOM5s)E0EFjRmtSM~U;bcUKJ-`L3YX z<;P!7nM%py=<>C~huSt*dyvTn^(p(xyfVuwD+(6tYIkh43}!i!|ACAlKyT(M8vGDUMKF8G?=ynD3p1qQ(|rSHFT9OSX27#Wx6{1QO(!k(@)4 zi5=zAs7hdNmt;K4(ria2{kAMP1EM(nmXz1EkWo{u7>YQS_I?Za*NzIB+1tN+DW{iP z;MjOawpqvPvMuDhV08cmmn)05Y1P{AE%4~f4cs+pk=ranrJYC}97DWl4Jhd6&t(+} z`6SdK3Ik|_I1I+kWLFqDQ(+m9v!J|)Jl#N`=ft9X%*fptkO<9Bzf|)5UZI3$yAe-K z>LZr##na?TWJ+Mujzg~Z)UnuM3j zY9IPRzaG!^Kn?Eq;BN(&&yQp1?{E1Br*|fKdf5n0{fCEwj1Y}&m*6?&Eea)xp(9Mp znRO!oR|P`0ch*jSEv<&jFoZJbTPOD=t42zqneK|~#7kuY&phywMR$`+Ia z-7I4{XFLirAf4t9M@PdV>i2&|ns^83LL?3af9Ca2dZC9IG0{28T>FS!*ptty2Qfw( zGtaAw4m0l!phk9bpP?8s3KNqv$s$Pi0emH(P9{iPm0fXMl?U?SQqMzaic8);;U^`Q zulvPp`goqtW5>uLNol&^$u}>9xDtF_l~{(-A!$wY@%m^_H)2)+!ORuy`auSa~IIz{t)aUIP)B^eJ zXW+prh?GA<&sWVJnDtu@_00_qJ~?1(*o&?CSvEG{Ev}V5lK~NIm>tpdXoh_s;Ftm{ zcSR`+b zkXT}h6OZrLsm9pzMyjjGq(qNxBAWJvc>Fi6sh66{bfks0<(USW@qHtzAvl}-_`|(D zwJjKx@ETt@@yEN}O=gr*bfO`em1eyD2$SRuhT6%!gyha`2#Qe|mP>&0vBh zuJoNYtZr7~Z^PCbUM20njNRa7ifIjO^yULrauX2d04G%y9+<)1S0=pF0Mw6dr5txf zMM6I?4(vW>yj?^nExlpHU#Xn3?LkDZ>IJ$iq!WbLLQ*ptiz;m|2K>BT`Aaz`RNGVv z-4JyELK&`VoY%`qCYs*mx3_11l{)rS=Gt`L(kvo~!jiLd*KC>MTk&b~n1WHrb2&U} zzXW~U3LagD)`7pa_E-|uwEm;B#xY9UYZP^_C0$~*3aZ;_Q-xED&20IiqH$Q#ACMWZ ztmeSv?LLWmUKk*Eu03U%OW!yh(){Q_MNX6kN>op-0w$T`uleF)ns9T@npz)aX@^H) zhRIw7Ld2<2!?u`~{yD!`J(40Ul(-a=nSz*lU;h-^|6IuNDJIgt87BEr7%DsSrltXA z8~zl1xZh1nDGZC5%p5Bb?W1tw!k9mJf*bF>C^dDUnKaWSD?`Cws1+Cc%zi{nV)^Z+ zq41(0NZi6ehJ(^v1cSujFK>aiPT}zr+iw3N=~Yr!tIYDEwfO!nKZVnN>XgZFLK|G# z9DSb9S=L-{0qshSds`6rT7zN3p$7d#UFD&E02z#Bc=no4GYa9u`?mS}K9MDL% zD1=Do;owZWXC#j#fM#EckiEEt>HAZ<#-fa$d?K|B`(p!V$j>@xWm7d3liq_GSNaur za&Ei}elAF^trciVk2OcTvhbx-HTH}o6DaW4*na&~oqS!`2gMFlx909?P$lg$~ub$oD9$!sgqlrahU4QIBi9Km>OBcT|dj@R02^pWVx7&u(5Er zB@=#%TV8vy&5a2w-7zx68f#eZt&w9YhvSvRyCFkC(nN^-<Sr&^IL6Pr!aPV)#$>Q1 zpVOoQ?mi_j9BzEyVsO$F$+@4VlJf98ak9{HV`Z);Cjv5Tj+(m7HY>uj^|ZI>{Sch2 z<1ifRd2C*7McIZzLXzl%@w9zLR@(EIa*4x+^7ZY@= z`o+AmD2+=KA2%fn+)we`klc*BuOjVX|h)1Qkq);J^ z^H$^~QE_BK4fB;`%2!5<@>oYn^%lxh8Evng*Jan=)K~<^wcX#F<^CO*$y=M@oL%r5 zX6X*rD7JGhCI+15Qt~13NG`oZS&i-mwcUzICSl}TBn6kD;voV`lN9!b3q^OP%aiV| z$h8o#7s*AOQE7?m_7#a4)mk!^6=w@{k@lr$`MbeG;MJ4U8G(>17T(4p44p*N(z{!+m*F= z_S?&g40SmuuXByYf{>NIZAx{s97;}L-lSnkA!k$oi%tzC9ZJWnI^lW)jNwmX;nO;< zPV7=6FK0|PcaIOEsbBgx9OcH*_@)SwQ&!}5Ci$UEIGGMXtm?8HD5?G-jZPC))#f+a z3(q}0qHaaXLf$rorqS!cryZ|cU5Iw_I_Cv$KZ3y$RmgGSa0bn&vU@0JjNA@Sb4X@_ zkbPOxpc-a5d;!F~Na~1^`kMi~Nn|Kx;|Q;I@N>@`N6g7uN9yT3F{CW)nd}MZ)JfVo z%}XS|CKXSqrUMU!kp%CdsKHWi8D|6}a^L}=KxQPfdG^-5@~=HqhTS=ThYXiy&@44Z*xY*M6Te z#SUaalio_(PU#@Y_7lX*HGnW_p2#iYjKG#Rn?CeS8L2gpCmyI0pQ@Td#=_AWcT+*0 zx_}rp`mbKoJH7hrbHIK6KKc85T$D(I6?3$%7fa(%9v4zzv_8&=u!xq~4q?EP-`9*0 zjvM$$NJcO={<~v=rAVl5Zoyx{Kj$)4qvqnx)I(W5f~zh* zyhk1t7)^l(3|TQVnB+SQ=~su3U}|>Q-~4eC!1bo><$mI2LXb4EB4_xMABu&O85Itg zpgbN}jts|i&w^78Ea69jb!g>^I1#Z$)ms@Yqt@MIBxGR8+YFAXyNP;Ax2jis_tfan zJX_qtq1`9V*qsw{l8-nk50aYlH0H^kHG7cCr1|zN_Hkyrps{aoWOof3Xw;z_G#U!xKjLv~WPBBbuS=LF}8Q9_`Y0aCHhjsIjz4X{rI4Hd#k4yj(gU z=E}IAQ#}7Y7^+Y+aVaODI^CCz=#RF=yojz$Ybs)C$U_->41}0(-J= zo6xp?V;)orR=dI?!7Ko_vH9FK z&8*fQk#z4Ziv{`9p;d5rvIKNiKY4wo)xe)7teK?u3dOzMYmp=e|trLRal)!~pA+(1p<`ae#)~`=Riuv#d{5VoJ zTI+)$)3hzxb+PAPI^+B9gIp)`bd%?c%KG4QBRl%=Ei z_iv1dt5cIqYIcWj(>seBu=a zg|&<5VFvH^Pb#u;twn~DMc>HZ6#7!7xg-3q=&p=j0#G6f+_m5$Ef*WD%y7GNi@1OjX<>zrkIB(9p%>T{ z@*7{N`}zBTTRIQKx|&Eb?Ld&ZD~Cm51Dz_X80}Q?y|JGtYNYJb6|_0nNBDSQs)f1c z+I$gbhP+I{&xbnrH$GRJUx^rE@m-ry=N^Dd@i= z@UCZ;gWG6q-!}kNR;wFY+aYSMz5*h!kAyuSG09xUoCG54480DE zc3dhkuxsg1qys^qx?Gg+oDgJq`iO{by=#Q`Jz~_k2Rg}ByD3I3(C1EHvg_7s%TO4u z7;PDO?`NY}#ixY}{Xy zq$ryp5z!D4D&NJY7h>){9?F(!5`6a1KOJenpnmWd=fe$tB{50Da2PQfN?hO=^J~8& zBI$g<1LZu_;7Yx$J)bHk9hScWL@Dw` zU{u)(Oqy|O27NV&m^R%wJe_h9PKiaOj{hj5!(0+F+43l(ORrICeo^C@evhTSu)_A{6N~CZ`xQ|^FRbUtKy*|uA$K9IRniOTh+$0BvD&-)a;Z+ttj6-Y91Ru3 zbFUIZPwuf{&&x=kDtZqer3%G2-~~GR%hH^}FAcq^wdHhaImq8e0}Y`7Z}>!upW2+Fw&P9Q5r7+x4FeXO_WGx7YtlA8WY zq~ressp&r>$p4Fp=>H_*{qK~T{tKP&|KBE}|AEx^e@RV@9PIx+sY%CSy#>wdsk-Mr z^gC?RO<`zRSJn=YD(ixvx%;3>(s)Vtxc!psYZ7^U>>Gapp^Wpe+-r5UH%J?p?t$JF zA?H8#=HXAMa;IkELCZd*t~D2D_d#Eywi9f?Eg%9c1WXrPm#^% zJgELF`gv=%M;A@{c}t$coCCZk&=7goSj5a=Dipx#{F^TP%wI2nuTL`NV#s+2P_h;i zb9*xe>!WeiT1GBy0WXAc5jM}G!+}*lmw_3clN9YGAKguqH$KS_R(5E3NrWSIkjhoj zk1qbA9THDhi|TVXY!7gzx!%mWl1=oJ7Ge_cCg#P>W|Ubw2Mbf-6P4j2RS*<#3>`Eu z+vUgP{Y9;zc)3_V%-~vbO21)cVKm>AgsuU;=$EImCxuA}rFC1wH6|+ZDgp-TiIT-a zM?gB3K!m7TI;;9Kbu+(TQW3knh>pxHg&45@+44GzAv=?D;KmGa!21${YPU-IM25FEk2|+>{K^he0{xqj+Pj~(a6!$x~LXP)${FvT*gmJUW!6e zBtDa@bE=X~Y<9iJRa3j_GC?D1ArnsdO``qe$(D1AyC0Mr6b!Tj|6|L=g(A{9{@An_M(3e{1 z^98Xb<_PKIebkbyip51Sr)5iiQ1FfcVLEtOVq%OQI5iqE7NyAWyG3Y(ZA7)9vaz-v*13LVsG8kKRCx6Vl&ui1;FNHLSzv|fm6 z>sseAhS3hbYj+r^<}kI@uhL4)s>D?hH9pW$5Jb=>&kS_Q-o+es1u98t9n=w7qq=eG4n}+*360J0G zsL$?Y!}Y%=9@YOq*U1~nQL_tOC1(Gc3L$HRz-+oblany$b=hHfKxKlO_A zkMJ?Olv!lDOfjT^LA&5u#z z3>_%O(Z(_P;eP~XC|jxsV{PH3+xo-6`?0HrjHd6?v@chw6n7Ykri_~OzYV8-Gq2EK zkKLWtyGeB4HE^V|ku%Wf`>U9zY)a|sHZC!4rya}t53Q`yq0O!B^$xIxka@H@6{~kC zolhCYtG}XzC?X=S<$HE{EAlM&Ql;Jz4r=z?oZ1qzVqU_M+FuKA5RZI z;D5L1Es0@FD&ap<8Pj-2ObqRN^86dD87F#!+K2+Wiz zWZCSujyNAbQz0lztIM7oE}R9_%c*niwjJp*CvUFS#CH=^d@3WND%)mH&m2~b8Sb&c zm!w%6>9E14t;09NYnVQ;2(5C<=+FDg_Ap_^umaW*c&V+@TlW2K)bN7V z)9+N>{99~H8*A*za-8q?f$!-Hee(ElsPE1B;SinAzu1VUqM97u$#?fG1j>7tvI8r4 z$g_Ffwa|9FJPO3nFFV=*gTu%Wnk~_vL5X&-p7*mX+f2iQ#yN_)zJ@4;yEVMO2gPof zU1m9big#KgSKPMQ&nPv057zSgCaR*K9JEQECA@x{7-m>YSw$LI1h@ow6swzQ<2X2% z=)-wHj%J)A4yU+3A;q>sUHv`!#>HN~^!CiD<8e$?HT)luwe0az%F1z~FV8xu+L0v@ zGL8klk-Lw6i`??*5kZ39`Z8CKa z2)H#fbUfeI;tZ0jymx3pXDRfNq;5Jk<5&Eogn3_Xz_L?OlG`T08oa(APSfVFSnjuD z)-RYZddIi$@mxTBY<;{>j!NL7X}9ANBIYPcRE=JFw^_Q5q`$Q|ZC8s7~)tu^-Nwv}TkBHf@gFq2t{$e>AOP(Lv4o8*iy zX9~q{Kr=5=_@Q9GO)g%eLOi2j{*6<^r~ymJw4Cg>V@CGu0hcVunWe@Zi-xQ8(1B*n!_;~ed+MJy&K-QpR!?tL>oj0tck$VQ}jFXAv?z@5H(etDfDc38w6U-HY^ zh=4o(K-lLz*dgz@cdi?5u{}9D0q3n8Bd3qSOLl{&tI$fV!(Ilj1ubgDxJzOSzP@EH zE@|e3`^G*l+pmz}fAR$poZTFRf$msJNz>woe)9F6Phac1+4LfswD2X)c#6S{fF({f z({K0L!*>*slV3)BI^^YegJ(L|^Tc8|fCG`}R|j%3KmIrG1l4ceLAGj5*y?E$)M>y4 z@hHphm^iRI17HJW^nc74)uAUHwP9E8G6ZQoDrUOg8 z3EHh}B4g}xj4h~Nwyzfk#}*Wtod|4D@`H7g0wWsL53P8PJQlf2-?nEu@)>LX{-G91b5v|_sFe=p^hGr?KUc6k3TD!`9y|OYxJ{ zYZ10)gG%EoYf%V{ZAVyLN(r_X6Ulp|7t)TiSN zOB85|zsz!|5^rINYt}PTJDU^_lY}NBeD>2bm9IJ^u~GBPA9Ec~T+LVo69m68;tB*O zyji0WcU@EsMbEcYd>?{8`|jHt?;*9*MdiaD+4?sBOlN+Khf6JmQ}3BLE@)s!;J?rC zE9Bu=f(*13P6;1TA<2)3M&l<>D`(klr=2M&;!G3g1MjSw4r-9(k5lT8$#wVK$s28j zQ_Mn(N1@6SlVr4(%L?%t8!cg$Q83X-$sa|;P&8dHqbi!AP`CF^6%@?XH}f>DM#wcZ z^Gp^Sb>Tr9dd?FO0k5di3D8wF@QO5i(O3jbTCU?xdm|Z>nkW8#=Na~t(-C^U-z6TS z3QBoW@pGHrKg(tKl94k|*HvS4q-S8t=*sdg-d>l{)#II5;zU}1euKmjao`b@qV)G% z=TYH-NNyM0EsNmNUj!e<>%|LCU|?nia)RZEc%pd-m|)z-?;gsMW5mB@x^QH#vZU@g z7&b%h)<8do&euASJ%|sD|L6)v&nF={kjNd}CwZ7}pRU3xn?FjTkY}mfV(eEtvDFQ#!+0Cih8-zgUOA!)~+&TMyw`pN?u;@?BiMw;I8aUhYP1F8#^x1rc36j zzgV7mTj(CVjJ1pytb%x6s2b&wEOi$5roncab64m>~em5qqxFdyywTEWptT%q9>pfm0%CSxCc?qwr=?qzh zn}eew`kzXb8rIv(g7ANQud`0@B?F`Sq(vY zqjJI*y(}NMKA%xN6jk8CwfvN(QaTS+!F4QZ^NpH`3oD7mAatRr{bB>20#PhjecC1H zB|7SzA`p@dNU5Afq}bq7_clOEYj!Ipgy7c*0S zQCJaZ-Gf}1`@&Kr=FOuO@4mP9a2V)}8*2%T&z3vk=LKK4aOCA;#0$K6Ytk~@ zdpXkRqmpA22nx&NH;hh0+;Hd=twDA8mLO3wRh z!lc2-^ddox*$+NqNUNUn=eSI;?7hJ$O>UK=_yH@Ua>8pccPHAOfRn1x1Ws{|8~aDR z)B2!a;w!w&+6T=`7xcOLq)n>P5{#~1yXZAfOl2|Pz6vW@E#1>+CsUpC#`QK8PWRzF zFbQ&Mo=B*wl{p?wdbcfaAhDLOm+i;!W!gK+;0`DRuLs+K@IE&(*W5)*!+E<3t=#jl zWNC^xy^|F%_F}RZaUgCx%5Ei5$X6OHI-+3S4JEpdxZmCOqQ-UU+G|;3 z(269*t$Jm>xfA0Yq!~&JC%h{qS{q;YyoW)DZ%L5>|Cn4%<;ZNEheoav%zY&L2>#j0 z(&x0QFNagfF?tkyuMFK+K~YazP-f(Ydg!P8dV&xOy1#pFyUMU9m`aiF#}R*K8jf*q z@qCu3*Ly-y>99xu%lVh%H*92+!=#=cvJnp-7OV;&Kh!&6LklaLrKANbXr@X%8er2hjQfV zGpMVW(h8bipI6i6Jve_+z3osYIo_&s;!}k;yPR-La^(+@YK2$CBY@IhWH+*71 z`NTi|KR zD35Ysg>_hkgCSws3)k`eA>nqSd$OWwOUSBY`lNeF;Ubm`WQr!Fq@S3!%1%Iw5xCw0 z>bu;ZL`>YYM%Uj6@rq~3+9?#Tyg%k0i&DXrl!wmmCC_D%#LLNhHFIZ3#tS1p7Wh{6 zNe`A0#ZZsmfJ`%DOq}m`#weWAu*aKQ$m8dSUn|bRhX;%b1Iz+vl&=IB6+BJdzvr&x zgsQoJU+0_~-j{ndkNgUcjB>J#C7T96ylpeg!YB+hz_KfVZK$Hs-sS{P9)Kt^`%5OXj>u_ zDuxlyWF{(+A4LrwIKLAKeh}O!v*9LYqg`WTAq1Ok)Wd2A>82*OShix$h3P+f3i&JGBZxHZ(|X1PUp2sdfGE1A25$ zo2B7>wWs1=@XpM5?p9Z^Zli^S$kV?ckTH*CDVQ^TB|QHQrtS!~ZfWL`4CqA-#alOt zyDu45+B>5jUu%f3$#)rfS< zcob~39+!Pr?Bp(dfP$hV5=RyElOC<$6^3dF>$~bL|Nb_IoY%OGd7fSHo+#wZBU^^M z=~SBh$i_L8%<~%jxa&dSo$ovNBG36X9FLjvP@VM(5!}~m4BM6kiPm>R&im($Q(P)y zho)3qw&ZBTqNfP&A!vh->%Pc}ATSw{ve628X73Fp4{_i!K3(%BDQ6yR&o#EiH}d=9 z1{K&&%<;Q=(I1}t0V-k6)&_+1GP*_v!0XL2x;6%uc7!0NXa6Y#$r;#M+1uzD*b=gU zu3mfoW4#FUpW8~jmX=m_wuI`0EYBbuM!yBc5JYGMJN zVZIt)RijuKuK#5ghO4KTSQxG+WVoIXbT#4aJ~n*?`@a{W1PpBLfDdzPk4=M_7yzNN z0B<^jFJH;#2PTJnjAxf4J}Vo21Dij6ON5YKiVzv{kg|cLJ_Od4JpT%i<=K_==v7qJ z2rcc+&HwN}h=8t?d#M~?Bya!1?o!(lCYENvSk6EX@+l#&VS@p+fdGkv0VPBJ@CE=c z75#UBS6ci>06`!yAtM_TAtNII5CD2pfPcD@cdcTUXSV>50eGStaw84I%0|e@a;4Op zND#6${wl#+TZ4=YjF%6dGlH0JEWtlq#Y3jQZ3%){fi(z`AaHl`rYinZDg3{?_{xI( zqcsTGBp@*GB0I2NKukB6;Gc@&w<$r$CIJC960%7^jG!A!@DC;M+gC9I@FG1##UQ}H z+*HMX@?QUy;4Rrf1~32)u!9WDH<#d_db<7>;4PRLh>95)0aF8P6bR6pO7KrzU2hX0 z#11lmfK37hj?V!=ZwT<;OO$_{8r{xHuBcGdRM=|Z_5Py!gX*2 z`Gr3Q4VUrRwIu&@palfkfd9kY>2ct7$5|0nw-e<;g~dla9yI31;gs<~~@+b|`KrL@qaMoYDfV%gKB^iK#F zRna%bYiUaC(+mZtO`jW^sU1-6sj^d|C2VpYoVLLo>^-yiZqH5$O3HQAZ;>n$A=loh zOEZe?HxNy9kj(axFsrxUEC-pGY+D{o6}m+KV*9zD_C}#sM z?(_?O%T&{#DK2`#$J1j0W!4W7G$<$^TI4OtkrLiz{%9+BR`qp4f~)eU8m%)eX0&Q} zF4K>m&=2a>txZVJk=-nkmA;Wk8Do7xdtOs6{HZ<~w&<=eXk!fVar<6d;E!qc`~7W| zLR`lKe4KSZ33fA=zJy2W`VWm+B^fa+KVDSSD%XiDY8&#@9AnX4pR1B+M0&3iZ=6Hx zvw$Y`!@I_Ge0!01j#)BiDbG2YE;CKbZ@-|Gl~wsS9po z_3Vr!*S=Y64Px3h>rVN=f;(Z{J!g2n&3c{q=z0=@0QC^Y_Xa*=M2{@xI>>1wtdM`@ zI@Xwkt3HF-vf$&lJ=e}T%$8Gja;2-&`bJXja9%0(QbkgK=w(zx5lej4)1C2i=p2R% z+o$sLn%Y_QzIrM0Y!|y@_i))iP%EmWC`Nr-T-FR~`=(6U0Xw-S(OkjS}^9EXvo!bVX8K0qV$J z4d5ze-wK>dxPZ4SN%M-!2h*A&b!O$xMJ^d+6+2vcSCY?!u%R_PT;{>K_|-6z#5yoN z{Rq!epcBt1TiLmgQla{1Nv!Rx-AX;VdwSA-txf9N~#1r zgK1s8j_uSvIP(z$9FTJK&a2}*E^PK!T2f?Edm_u#7*kjkpk#qp=2pR)?(Vb)Jw@c)jUCej`E4Q+g7BxZ53Auewa+0ajwtf~VN?|Ap-rJcFH*Sj#ljb4K8m^s}Q z_J~RLzR4Gvg>3q>UT?bSf^hBX^e51r;Z;q_2zvV>4)24PVHew-jR^GnVcS4gkI>OtTcgJBo1GOxaj=QZY=dY7I)*2 zz!{O=60B;UJ{FxnG8iRL{avUPi38e7b;5H_I-Cd06|Z;Lm~Aopd;Kt+nLg<@Ml-e~ z@qXgdm}GrQ(9|)qf&H-GGvSfT*ubuQOvHzYFg71j7!H3n&0IAj0d10@k@^L$thfWH zoDdS^69&xa3IFo#E&+}@uV519B@HFg1E&6&HwNElF=^}&NBK4GDme^^>LWdr|5Skb zAdHANaoLa9?ragIbC1#swp$oKL^wOQ>FyV!H|-A^>9=ITrDt?~&e25TZc-{KzK>Ih z`W}S5v%y+TN{33>EH8gs!m`>?Hq-2p`4*Omqy8E1#=WO@O?!S@!9oJa5ipuS3S{C4NDs9D^!Afr6ZWV^7=Pf)+o zhZJT$D^#x^7U3FG7;@@!?XsQB)p;{ycBF}~WP%@ak{2B>+@91Q!`d-k%5SPb#H7%; zZzGsx6Z|Fjbk&F3>g+y7^b}j?oS@kOgOrsK3QK4|Lc%B1C!C+{*+NL=VO!xq+o%Kg z4W1t+HAiz4NYxvrS&HIp%OX~dt9rzX^%GI)&-Oo3mfpLQmAK*Atj-zmJUc(PP_-wi zE%^hBU5@4|Nq68B9k|8uUf?5pB~zzQ^gCVjpAKEkT?~36zy5lPN$a!YO8d$^_OY^N zvBBaLD~02PT$}-HMc-7T1t>?suT`bHty~kDmJAvxX)V)A+Aq^ufrb{Sr49MQvBMR) z;-Vg_p-gK;c_nl>p`g!>hcP?J;O!*~0T&QIJzK0QmAtU2BnQnJ?ahz-cWZHchJ8Fz z!V`|xm|{LvgW<_W8DmK}CRQUIm z8eqQ2@6%Up;|O94q53kuVP~keURd}_8!X%9)3-ouq&Vv{p?lse%eB?P{%A@j)@ZAH z@zrUF>8qpQq_rZ#+-Iou4g?#uw6fAca}1G3qKR^W-=h8 z#84wUO`?i6?{pIe(N-vDCO?(Hg14}ub$JWlU@ePkN~@|R#${HN0cC;(eb!T>@Fd8g zS~0^5lQcdgiE#XjjzuS#%+}o_r@dh`eP`n*3BO9^DUll~lM!l*0QtY)7&4p0c?q|c zoU6+J*k!LFfz8qJ#~S=<=Z>XfGR6*@a!sFpC)?wIp$iYFu+Zn-zv0P%K=u#m`2Wt6 zf&asu@mpEi0dyKboq@07J7oI*mnQ>a`AgpGI<#W}vhu6()vvOEu4ymOHSNWC&7(11 z^JqYd2l;(u7RGBLjq!Ry#%m%Ch`%oX6Aq__woS$iEdf29hR0CW53%EI^=r(=h*EOVuH15;HT9ssk!uX1#Hu zdAVZ#DnVx8v^qq4|CsDxhHwdh6q#?%C4eAH`L6(PO~uRrhX5fvAV6=b;(skwhp3o| z`HIhCV!bh+b-DTfF2P$OJ0NK#gzR7fOv4Q&cxjdX2Jq5y{=+p0*~Lsiu>i7*AwX{m z@K4G5f5?v800>brnC)s8LxA2C;J-@xf|&pnGXp?@wRls2e{zGjDM5&e!4OUrP%-%C zoa&|H`&ZWBrHY>cg$KY;gMm8KO(pm{PjYL9ni25Z5JSxfsQRV=|25JVqGCqCNI(oV zBcSS=0{quJ2}H$^4RXm!v)tH|Tn1NvTZ6Y%odW?p9>h?CfY|P)68tUcdmDBTqGAxh zVluJ;0D%c_2=Fo-{hI`D10Y1j3;;OBOK$(h@!(~c{8xatwu>2%WbF_vIcJhASAH*8$iIe{_}_$Sc5EAOOWm6EAV%I zDFE#n`gqj5uvc{C;-&7(7*q5n6H-_fy#*?S@{3Xfah4J+}8b zDnVxiktqhV_Opia5*g@Qg0iu^TJOd44CE#3O;-5#4zp^r1MVf}W>L7md!90kX#F$4 zu#)8)vq#^nRg0+ajpZWHo0G7A)a{v}!5EXtF>F$eY7=dQJrZJLB};ZoW${54zeH>oDd%aE568I8o>pOvGUtAX zl;}UuDUMJJBCq3;#@t!!bEc4c>dRX|3 z;4$%sg*e>6FWAB(eaq8g{es|vL*^E{x7qHMiKmz)4|%)6ZDEVy z3EX88`YQU!oJgGdQ950Lin1^I1Ft#PAc-i&uK z1sGbtLJ9cE6sc8{fR~a@oBebQ(^d7%BEf?s!3wjI+WR=>JMxpez6djKt%Z;a# z{ZX5e@kX#gtNC+ryxkl+ceNcRo!i^3WSV-RL=h)1M3lT8Zjz7Pyrl*f0>ezdJpKCE z-*$NIqu)W0_=z29(zDI(>=8GYilJLPWQp7#dF~bA~qmLKoC(oUJ zh225Xqn&;Q4{Uk6Zi<>Y%eybDI59;6UUSJj>+qXg&NHGSbR*`JDV@kj`x2*#;_t{a zSc4lQ`OUN#g*kd_y1w;Ioe5Im;u9J^Y#m?D5Ps_TZaGW_cBh9_s>shvHh{-9_MNve z1O@V@v?84Y!UKKoY15Qg(+zTcAz1n}y@mCvV;$L_)H;Gs8PD+n)B}wLWRkAjHrQW* z(LWQ6_r${{9i-J>=}cOuKhrh&%CN9ZF1~ef0XH7H0v+U$;a_=2 z8cc`EX110o^0>O=u)BIc=W|hiM$hf|@6Lf5R!uhEv=yl5B}jbn9!NRmUDVwgz2G8*T7*s$UmsW9B(m+hKgcE8a#gblkUBatj-K|pG`R`yN9ohT1Mi7(Qmi`8=f!JA|{gT>8OlZ zo@>z`=5A}MMU0G>)6n;G)0bwdM|6p7Y z-exStHg@#;Je(X!Yh}r3TaTd(G4f%Nc@gnG+S*wTU!bdDVZ-4tMsX+5@_xk@25HO?-3gnf(iC( z?29T#<1OxU7NiK!oexD~Yg%D(ME@k7uuW@OA+^)|$eDuhhS_9@hIZe3X-~MfSamzs z|HLBFK_rVaimCU@SaJj4ZAja`O2xNfs}pQMiN50$Cgg^7A`Ht{*)o8N;xd@8U5%b!&Vvkqm;Xt~@fngCGY-wOfb!`N%&WI^B2d>HA35 znbijiR7^5?x}{AREcXNU__CM5v-`NbiST0!@&mi7PvSI)2Z*Y8{A0q?@D=4lrr^bR z9(SiHVgFi8-rf&2F*|r%d8GX%-NUHT+j>F*_I(eHSUnO4t|pr9`oiu*GMbAusIB98x!=?cz<**D z|M$89%N4En$Mdx;SJe9->jpp)bIHy#UDpGElciVVYxW+^;B=T#c{G0l+au z$QYT0>AD`kbUh*S^@PmV69OloF8`4EdP3j;+|~FR6AO^3Tz%teMizi#x*A_k2pojG z9J5?c$Z|a)%hiO)kTmBO3ksKl`Frqwh5Db<;eaY2DL6C0RoyT@yVTg<0Nz&m!wl#N zlAkdHq5Mq&{;OOmGq6%2DLC`Z&p z{WlrzZAcK3f-|u}4r&8y5J;JCx(5HX9QU>W{wd47O*$O12AP2JE@YE10mavwO7OQ_ z>20X^wgCRgKVD1l)`&DPkkmuyaPZ9!cwTzMzZvS=pn)K35K@Y{yvcC$vf!nw{#O7( zR15|x9uPYGA5=UpV~D>4yd_`E2v{+QFJ@%Ev6;CHZvF=FGIG0xy5(g_1_%`XK}qH^ z>iSmzLR5TNk^va^e^8RS3kYi1o(d z)@A(sR|(zdM-*;4UD#l-;VOpGc*POC${9E5qL8qKGk)10H zovTmiPmNDe;zI@Ll)CKbC@Z7yr8V1Z^I4-}ek?U>sL=(v)Z`3HB2se%=@&H2$_2ir ztafSlSwg2Gp}wg4RaP@GR^Dh`tsXO)leC@iHD|dvb`szEO8J{kOP%WQ-xp^troX;JWywkOnaDi^Y)*eF zChQtKj`m@u=4%-@6h6G!Lv}w;7dZ5^u}<6LP4Z(lDc9BjnTLjRlhj(G1up8!%|Cp< zl8*4962YU`Y0C4VWO*Ha(ksW!wvNo1&hJ`>9mpJUqr~8Z+X};=v1pk){M@4;u}AqH z6E$%}Nz4}67=4z1Y;p4a3$etC#{IN-U-ieu)J}Kzs>PB@dt_=AhQ9v7QsEN7 zkZjW1^`I_bNcUCGupp2fBg%L2r!ozK3#EF<;7R(z@U8+LZ`K}er&88911Gm@YAv`S zr|#}cnA(fn^jC22d{M{q?^L}B6k4F!mJ`fvmoVVp(#fsB8BQoLhfjLC7~C}KPSfzV ze6N0*Hw_Oz6$#cH&oftNt0{pNGc#BK=E;f4GAkMjKE1Kf)A;;agtU&15BNcu2JL+E zJESX;-Hm6p=S~f@u}JRBD0NvwwZc5Bap*AWdhxGt5A(e4z$m-W@egMziC&POC5DG0 zhn417ha!Lbsai{KGbAb@zgO9P(h?&c7MeZ}vuD@oy}Us-VgNYiKi`d^Ac*9IzvZQPxO0ROt7FccVRiUl!@#=w>jGoIicVQwu(v*81 z!VKgv?Pvx`<${6-kzt=gNV{xR2MArWAYutx7X}u%eYAxxW1HhZunF6SmOLd#fl@HILEj3pcX~OQvJoggk*qvq>VfjF;cs2%RSv#+kfkk$1dAVamfy0c_HM-EVz%OK%KtSj{BRdivv>) z?3je4#ysBq)t)3Yx-3d4?ZQSvSfqO#?zx4O6g?SOpxSBxB@fNSvOmFP%3gJ3C#A*0 zQ5nj397l5`=qvs6gR3?NT1G@6V^#pFW{1se6U=n9{0lOj}Zj_+Ff3B@x=(ge+*p_nGXQNUnFr zz!n`@sODcLr8IvB6*evW!O8t?GU==KFANpJ84Zk2ga=)8@V2U@DzukeDsl#CYkn;z zu$fTOO&{(ik7M9&=Ap|8nd1UE#~d{6}8vO|Gi&Y z02I{lV|#1)nbZIcK1wY=sK_q&Asy%{Ro-vk7TSz$;7gW8Zt8Ceq~llsC=pq~+x29ew)Vg2#$xNI0z zLdo+zrw$LtzD3}8AbZ9qk4`+w z!t>p2=1heEwUc1~XQ#k>N3rZpq0=9DodbEt%HgHNsN3} zR4#Ud6rX7C*((1>-!z0uo%u$ufGL3^7;vo+x~;=CqU}-2eto~CB2g3KQCti z{L*D90RVf`$o+S@?X4vim&F)h4gG^^(d82U*Hp~J3OUXPT;O?ju;0W+W-jJ#gN+_5O&}n z-0rwElYf`sEwKZaw>toO;2+%X0C?8FuR)eepK}XD_$}P-xb!Q3li+Otyi_sdZUV52 zAwX}s1|k0GuK;h22xkO7Kg3Wo0&DT60DtF6ZcW9E*F-o3=uH9s)|1?piWwny695%6 z0wvHJ0=$e}{;uL%GSrvq1#A}R=GRXygQ~v*ytSkMAjsVWz)(Yg-c*9WJ-KmPh8hGk z4ZOU-1KgLqDZt-*l3Oy=48R$vOCA^S2R8)>f$}#M-^M1nWa@#MH-yM#0O;(S0{quJ z$rV$76>c#AweOn({8J)z+YvRxGvJOEut69YZhS`zVA20Y6$3`>Qp3+~ZU+D4Nd9ke z^_Qvb_4fELR}TVC)BI0dy{6S{7pmLGk||-}g2zv-QC@-<W;BFVffeL~DMrIR6h)PZf%T@-VrePE%j3X7r$oA@`w~0fIB!`ONZc ztsrUbgYsNZ_=VM;C1#74RjE%!*Za98rk2jEk8u1Y&Iv>Oy5(ekXJKF0iwC1=?5YRW znysg4e@zu?S;c^p(>nx<@6)7a`_-U#S3HUTaX*M=(Xj%D>pU%0Tr|`yUfP??a%JE} z_G@}{K8(NxpZ)r~YCY+dFVu&)hX%2T^@Ayc%5gnsy{L$xY8|1>_SVdc^Z8=K0@-*> zqIq+T5kN+iwzl%d^abucHMaZNszE_64IgN~yzsV;g5udVta|g6qc-%e-&>y6$9ZG$ z1K4nawtTxm>+Yn@HjD10tM2LvhV~WOA77$qlE$^+sLPRd98#<8os}2C(?7x7q~r=L zH+pf*r{UhHxnhg_T>L?P1G=-kf|}E*S0x4IJ;rdLA4wW5=VBm8VMQR&ZV`C$#3RSP z#w?@WwAh#Z)4ZH<@4NC#EOPGUj$FM|>jku*A$xNy<|TSG zcK5%CKGKR&OYMKi&yT$PqCL~3HFl{k#|ii43g$?j;LhiFY8`U2xe__E#cY+#{#A}p z!R{)yQTQH>-aB^k1JG8EJVeWVEO=BJB42-vrJOZ(7?gMh*7LP-w$9Lcr6W?@2~c5b z(V>pprt&*9w2;(QN0LWpHiAPx5^j73LtL<}CzR%h-uJm7yJ2y*V`WQQeNWly{@vUn z=VNgVtEOLZwsvriduSGlikh)^=Bc>v+TWWVD-Br*Ha@Na?^C*CZ4u5V^Rl)6AY{}q z@WbHjDyv%#PCUSrySL9=gV@FDOjeAU3o{MRwEmdO%v(W@GH}G2)&mW(*zr^QfID03 zvY7yHZpsFR+6>PDCsf0Nl?}c^eHi#x#IohihHe;apPJZMd75h34BB31FjE7!iiVwk z*o3D2ujH@H&e3y|bwk{%!tdR7A~yOw*-!8G+8HP+Y=&VxJTDhU_S?^8^773`m$2uA zwh~>6PgD(wvX*Lfo_e@o_$Y~KYbBz?8oN&eX>yw^U1~(O`C} z{r0LQp1`C?_|ykK`uH;6FhY{_OuLmZHn( zl_!Z=_~%spjsin_w;ED})vlMVYIB0xe9+I(9#X<<@yEzFEwzH$(1xkUj!{{=oLQ8H z9~F_nA7!TEQJ22n3{l8E;Q+YuUp?z3=sp7waNiD9z+85ONWu{{uoU>g0$~?$KfEa4zI+td1E3bPe#jr`l$l zBHES1Ygf5s#~Gcn1~9YzHpaO| z*TwG3zN|8oG7==wJ$7F#mHb>KC%p}1>CSpRguudAFVB8?;uIagv1M=C*+5wn!fy55 zQ87pjm5C=XirRVm0%ee5l5Y^-R-kN>H{xRN(Mnz2^H;5WlTbaO3?7r~>4_cciiGYm zFGGpbta83cRtP09>Mr+u$78Yq>rFr5hHg3xH42w^n%ZS}3En6GrFw-lI8{}hbfjD5W`reKb{ zJUwROjaoX6$PRK+#?PlSR;>j32k;nI*eYJW7;S)_-T(5gHhs){FfM9n-Q<~-7}fD8 zPVtIWlCrxnozwJoENt5aPE)AN^D%0L6_SAiPnrISbL6~H`0l1Jwa4ErJt_?Sn#HNL zb~+5nV`z2DP6HmTuSbn^4mH1R(&%1cQ%ml%WM19b~Yn70{3F^hJ@s%g=yzss-awv>*t*(U8DL z3AR%~no;&ibTAwa#W?(+o17waOxmM?GCu6qKEmR!smkr@D-c=LlOjXEq*zhkJd4_G zOU$Ozxsy)+(KDvP$;Q*&b8Jdri`Dp!Q|t4EFHrCD6CL%6ampl6&7@z-fS-^MRF?c~1obtMY2N8V0gR?6C$a278f-Ewd ziOr$EcyPqgLe{^u%}#>tLD4d2pK9xVDz8ihk~`h<#R==m=#-xds!yg9Ui&>7MRfYc zmxsO?Z=aA<_C7cI!~iYW)l}>1!4pK)N>*fzDsRuu2E`iY1w&xfu3+QY%E!jMGIYZF zMcw?1!2U>gv`2j3lr zFUii4ykiVm|BvxVGsG}|F(@d!H?c!K&XCY&7a1SkQr&mad{p+a!rQx~;lzckp>M>m zipj@9=o z7y#wHo8K{Dy^K}M8m*op&PEi%k<~J@cvJ++E;nlHMak<+6+KL-v5c!mIPRB%(*S)ej62q ze%DC5JS3R#UpAu`6^sX@?NPT2`$LWi0k_r4rZ0qp4Pag2rn;CQ!}JTi_m%jc@CV#OkfW2uFL&FFD)1b{y6p z;_8m9Jjn!lv$X<-?!I?tp+J#n{?Jr`pIoo#s+L{a*q>mo#zTeEFXBZXEN$n~PQJhY zfL>~{;OKR?d{msl%u@JS_mhyI3bW+)s90-F`a92mg&hAg+4YEf)sXIn2G^zBS)}a+71iiMCE6@k$J^7@_h71 zV{dpPvePbbPd<;YlH~?2(U>3UxXcq`lP=^hd{Z}13w+6^0*i|!WA8s_IuH&g{SuwZ zkO{@Ade}YsZP~}4exwtHZ@unQhfpV2f@3?A1&{siM$;ermA=xL9N2fL$=^8DS%!Xp`0XqejaTUAD%d^?~AV;eGGXvE?b#x zcbQAx-tAh3uO}^O6VauR_R$S&+?R;^(Y8JT7c0;s2|qVRjmTc{)v4H@v&M23FBxjs z3R4w+t-f73t83VL>fYXFQ*BOwSt9l!WmJJpb*S0M*G1=0Hl~JUvU{ij!qpe0{3O}l-r-;_+aMDvv*G#l6B>GM{K?Cs zO*iUaQ<-zd@jOT6AsO21@LLl(Z&O;@)}+abI$1=v46@4*BFZ1E+*6KSA}%k>p=t{@ zO8S*HOlE(MkR}Ne|0c#qE`cGf=tsePG2+*>{$sdF1`Qd|K#Xqu#WyF?uSS~zQFc>l z3JgAi@BsdzY_=lMLJ=i@mZn8BL-k&0Q( zhO^?_*u?r}i^tbeH?3CCx3$V3pHcwBBbqCYj?UFIlD@vPC967I)$5TEPR7#`ipohbwob4<0-) z6k^+oWH|bCMde3>JT#bio1oEDCZvD+kA5vu~@?PAElp``>yEHbq8eB8S zPATT=cqb+`KM%#}%!D75Lg?O<9}a1>kNc9iA#dB}!nbI@qYsnsa9jWJo?RDQ^N*N^TXZu^R6Y*b*U}uBoki}dsbAQ^Wa>PaJZe+>sU+| zN^LQV%jXo+US>Lz&KqV~jtUO-qJPPi*oZHAXB|D3q2YpJ(L;B^VQ4OdF!1K4zH$0f zSuyJOb~n3ji$lfmeNCmW3zclDV=CjB5B6JY*M^O(U;Ol4CK#<)cwa;MB^3*^%#ZX~ zj$5p;?^-NIi}3k#JyCFuFi~)72ts^v?+PbU?FGJn4KWsji0;v;;X;^ryp7+iGt=|F zS|SY!&Aj8uWkHr4BG+?U4R5w3Ld3R#hmtXIjjGQp!_j_O;qtD+=;M4WjVM3JL7*YG z%8M8;(Y1tjwJ5Lccc#}%Sg)GWxvt(OsFY7<&68=(59snWAzK&mpR<`#ox43=>zBsv zXZ3&<|5Lq12?I0+cRfsjQQU@iCDAS|%f&%Cu%a2qj1t_Bx|+t$-)LoY&L*%O9OD&u zk{^l@KVge_PLzHpFWYI_f0~&3@`QwVg6Fj*Jgg8ISC{Rz5Heh4dZKWx#G-+>{ibM- ztKE5)SA3hpoGe#f8Ohm2us`D&N{S!V_R7yYDl5%|n$z`Jd&Cp-S5#6}KU6dDI}q=| zwLC|8#3Fii?=w`f_p5nekVRWxC6;I3hmG)1&JD5^gJbl^i;S-XUs&$?Nn6cDuqjknm0*#@G~m5rkwk_E{kp4KnW2gv@!F$)3}$fC4~V_@~n~Wt(sf|KWtA74l6Cx z#D%^O;`3v8#9oVsl!vd%qO#ZT;e_4J{PB5LXP-w>>ElPr+G*~d+XErKiXW8*uHfsC z)_P-<&;-8uX}`DR_{>~6?}L3fgz`mXXE3u9W?A7 zNmf5drVKAv;f0E$rD1?hW~Z>A9BbUorRDBae9c3AG`wJsZMH`9eUe62%qE#xc(TTKBOC3Zo9~!72Rn z-^Hf>BR%;qT~RoR`?o@M2wZpI@BA}tQs_Sl)gkZ!77*as0i%Th`tRfuP7lL|%>%SD zTsHv%*G+%`1%9x92iHx&g}{XqAaLCT2wXP-0@qD|0MFHv|8N2o0@qD|z;zRFAwaYV z`v<_I2mA!XP9*Zru;25qaP+S#6(rS~!T4v8-bGk;;KTsG0z?XX3Zr*{`BX4^7hxGq z2yAEk5rE)(1022s(z}T3B0x?RZa^AqAON3KB>>QCh(3uOg=PrT2sdk|@?0VvN5vId~+AA&0gbBn(MM9K<+ zCI*Rdn279rI9{M?8>Dyn5FX!g607_Q5GjWQM(+Xz z>EJ2m1@du-p5i}tlYk}$eISh9MYwYQB)a=`1(D{cVZsdnNW_I3PQuP#0V2=DU~>d$ zVj%29(8REC_>TYtO$_6ofggc*-8Tdlr~e8NX^t8ooEf_pAONXo<~OL|rx9cA~uC`RMsoaNJMg*CG$UcCh*3CZ)x9A7Dk6ls#fbY2gn*xBE`I_gc1 zM(wb_jQnp_m^ImQRXWgpM% z`Ob(2+{8&j+t91Iu3}hc8*fw7h$@&;MW$3W88n+t^Xb-)_{s_N$k`6f9_jIy2YDBd zCvwXJ=Y5O2lOczUlodKh@!uf^6L+=6hSbCeUgmOePjROTe0KNZ8lA96-zR+~_4Y#0 z`~7A9Z(qLC^hVu!e#8)fYHC+aM04Dllhzg;*K0Cp7@jw!`((A@bzc^r#z-E@!&bR( zt&&nnnB3`34eX4@@2vQpb66~rG%yL;*gUW^*6PpWtVJ@-C9mF*ZzpZEyLT(r&i^`w zAI8O*TfvX=i_El*?z9mT5ec)HC+0IXoq@kT8;8{t`h+t~LDPjk4s!2YXKMr++-S{7oc-=0nu$3%ikL z#$)NOP$oy9MXcn@h1Y+zT>R>~*olJbp)&8 z7}d*-8T6*#GjB=?UM<{|kHn_bbdP`fLNv-G&Vr1nN37l}&Z24;s$p#K+MGfVT`)!Z z3@!143*@QF4USm_m3`;)H$2#=sn$s3np!9cm51AgxTaqeEe{G#bU-?3P%gc6;-rha|)9MA=B}b(|v+GTn+$=uCSXDx)9gT-g55J;$&$(tg zg{{s8$gFoL%(CWYJ)mnCdc8({mN{MCc6KB=oiY9{BZfo=4NbP^1zkUl>jBj-&Lxcp zT%x*$JMyz3RO#WXsM6*5;dT>OV^SZ9wsy~XZrOGRxBREyG5f9fBF;c4uqI!U>iJiC zJtoo1F|#_7<#=TVwfo*#Skj;t6irTl<3rH5@KOEhZ`8@spQVLw-k30ozVBi9#%n(8 zI7bN*SCF|FImrB;eCW)!&kIhfx1ucAhCJq-mj0INi<&q)p|c|AjHNXbc{*@5_^SZ9 z0gO75pF)&A3>7xnh8YAy+;O)%LsDESAAI8O=umg+tpE91xs0HqRh5tqswOEIEgCV3 zBWb1e7%iyKB;oEYtt&TT21l!PcZCUtba(k*+x9(u)@=@bvWr_W0?0U26sbY*vJ_TiwNWc-jPO`>>juZ%h%nD=hO~xbRj13u?F*G+2H1I> zZExIIb5Y;KDBbz!hZkPbVPkKLaVs|&^+G}+Bst2aHc~Low6urCtX4rWa5$(YgkC@Vth% zGeu139>;n}2^4xU4rvTc&9W?hy#yYCCw!`Hcc)!z!)J*p*j`_uO}NcKO3Fx0fxoPV zS@*@9Ydi36-Bf<@dVPfZIfhFkXH&$wBD!zPabSggRBUw%4U#C$+Di!SG zk=FV2H%?rMZ`MoQ?$_zDqhQ|a6g9Z0)fDhO{{z?j_>W)*t#2duhH}>!K6RY4rzz}t zZRg;WS)9Sg-B+dbV%i_S#)Ea*JO7n!eecmwgA{u|>tPoLdu;niOsPog{iJ#F6Z5>S1JXb50QnWLM^yL|cNGEWLtiz zq^)Nu%ifVXsjc|gBVq}hT8S6Zb>_6sb@}wqRJYhYkku?`b!BgP?&)tw9U9v%7=*bk zb}pN-FkU74t0*2u{*y9-E&`5SBNe9<>Z!N7{%RW75=Syto9qe-7k+kh_dglc`b0cE z6yX{m4GnvUeZI8P8prk61I6|M>dq;gG)%+xuh{CpuZf0@Uj+&1zchRy@cH+D8=eAz zE8{}oioX!J%r68!Mg#(sX2FXb*FH-{#rpKF$iD{G{_+QMzJ<*tNyxzNPAwwinW2~+UiKvPH(b4d~#r6JO z(cv$y7wqEruee^I*jR?}eJ|^s`UVQbo0o-VPXj*4cKymK2}QE>cpNIHfjJIO4<9v^?a}Xd~2K^PxE9 z(qq{J42(C+wTZg3+kDRZ(xp~27Zv$+iJN+kM6xbU9Xu=Qp1RH7I47b%v`*k2Nycub z&{v`G(Ag!BW4ku-s@js?_PytIh7MuIshXD@aMuW&tqw6qSLbbKQibsJOXcI5T`jtF zPjyR8H?LWAo2v=VCagRkHtWPU z$rH7#)%&h3*k~`byu8_?=`}G2RHQ0DZist6x#+vPDcLehd3B5T>ad4Z%8FTWo18v< zvTpg5=i_uAm5H^WNzdGu)*Kk`A@@-RTV~MD9X_+s@z_oxY+WuhD30`LrHia$O(gXc z&d``M&2t^QO*p+o?!_5r8yBv?nuqbdqg5sOzG#BJ0mWDK;*z4L`P6Uoj8&A?WTUcsUUbOf8i?E?L(Yx6$XnKr}WC#gVj^1ovPcw3U#MNjfm%ej% zi^IbTJuQ2uV~pw`Q37S^Okjt8fd5_GWj1WG`vS$5K^S^yOFN zq9lYqs87c4ByMiKTAkDyC~xM{elNVHM~23GJO=7R?dGkt;;LQ9uFyd9nOYTl^TmCp z$1`>mmflf!@fot3@ZNUYW63_R4-B_$_7Tg$IL5~~FR#d~g;5tR9lGfF`h4O{x_07TZL=4KdrR-9IG3a`P|RfZ?Ij@f+dU&EQX_^|jDj+-^J`3S#;rwgqu zh8G4tkg>R&_CDY$x~k9qMW4LA7uNOm&-rs2woA9>ckqktEyprh6j_4O!_@|~?mdjW zX0QHSIJ^2Xs}dSR^;}D8TT^cav$BJ*BzbRT(3lcm?F)S-lyX_oG$N(wT+ERKMw6-e z!Z${UgLW=%HKxLPr8)Gz!y z?evm9T0@^q}|xc_rkP>~32`Tk zN+y=B)A3_uUwl)}@+v$Qr~e^M&Rdl2iM?62^;wx|!kWpEF-qb(Zq*Oh!~z;|Oy5mC za9uMACM5Z`8Aaq9@>;J&X2bXX*%uW-Z#K|AgtAaqYfKzQ2mP4jK9)0%$sBgHR}Y|$ zIX=s8lbX1BX3KhMkma6;Fof5gUar)Y-_!7hc18<&{$!V8b4ygJWpf+WwkkAaxi+(`dzLO!ZH^M$h8;EZ2P{j=1)kH&$ttUj|UcOI~2&y<01$VS1|;-_%~) zG>+f#MJt0ozM>;V|9<<>*K4U?{Tb+tOu~CHF;OtnH&9!R9-qamt1SLGd81w#)8g8Q zNQ(BmhUEOb+j>8vg5qVbeG}+gjtX9jY7pOa!{iJ+WT9cEopJ08Q<=KGeNNz~Ptnra zhYOv)U&K`h)EIuWsNQq@*+>zSFhNK>7$OnAKe{_i{=_1+v-c)#;%f@p$}ma_ywOP% zmIwOG#8eqU=LeyN?;Y-i;@5YItBzE)Z9?APV4=0BXH9m}?`f7A7+EI$!I0dk9sp$% z(jM#9Gk;{*);At&C*Gb|a!2ALkNT$Rc0e$*oaOk}=+~~9_Ad%4SZKP7xmQCmU6(|6 zGrn-q(L`G&XHF7-oToo`pgehIP-qdIm9nYex>MGyO1`*ZLrhx6xSmtg%zh?R>RPW@ zJ?=zbk2GG*=Zd${(HNE%&otz^2u$`6z0P00NwZg1{PuAR11&r*rI zQg(-#zJp}<+kuENm3V69NKg-Zib9~PZA49;4cUHRSd&n}^g1+T&*8NM+PnRyZR`#k7&G`llZ{M|Qx+F1QD%dr2ODazM@p8ES=__xaI zSQ{h;F?M}fB;)H|6&lBXV98wx%Fnh!dH#eXrdNQ}r=dulah#&b=o$4r-t7dB<>ze& zrFn+;eR^C9utu=eueV(ZH`4MX<5{f5W(vpVi=ru;RzAj!t~-O}wxfA7ko{c@e=Xgb zP!zAf&FA{_)VFj{*ago;2fjfc_J6_}N*kYZV zS0rNk9*&Xm9_z%tZJM)T=#JhTI~+RbIMl=_DPA*00zQo@kGQ@+HjVS#zG4?D|F~&T z>Zn`hEg|+9e_=&TFCEl|v(BEc{ZKQmh(v7A2yy)hE z*3YkbKi#q{B*S-*9QdC2=0-TfKflym1zzSl8HHCr5!T zT0!Sodg9!Bxaw~ALw(bZg-|ec_M=asqW`H!_1{y`{~3_|H!2!FD*NwLH1IS!VT9p~ zF}61%u-`U^98aFPuE?A;5zTh5)D&JNbko1fIhue};cU_<(R+2z){~1R$2c ze*i|>NUX1hE!4lC2uNZgKzUe@i4X$Dr6Br5IQ5|qJz2%y;&Q-8mLOnXkcmKC#})$H zTEDI!1h&1AK$Rc^;HeLNWB`Ow#z1ZeMi~Pq1VIy@s=5V1hKZ2{@YLel|D_c?ZFB+B z$R=2gKj0{SqsAZRSO3T%0Zl9bYKVfQJHi^GCl3E#0Fku^kpU3&c>e;3tUZVffTvN$ zNTcguO27bvkGK*rjbprHy;KX@8tj5N9qR00O+y5E@60}FP3 z-GfN$)ZqtK4-6Lg5f(szoT_nww7ZxeFf$k|fIty6@u?aYNC61?L4II}9Owr@pojwe zqc;gCQ4Fh62MmQMz<*H2|LJu?mLCM055N`V1NI@J0KwS#*F%CdKgbKLAegq`{f!ko z?IuBrn*seGIGqRdgCI~uSMao(1StT)L-PC6@gacL&A&~IG(QL?d_X_QgLrNa_L%&2 z44h2qlZNzbFwH#UAsP}3+-Y@#$2p~17u zubS>)%j@bgC-&a_sIF6(T&1FrhI`#eq)Dg2_JyfGt6oHT`tc7%vnG!6;;Q13?w~u~ zPvr%Fd|$r4pQ1A@mr<@OEdPo*mc{v~zAvvQ&!%;DKqU)JI@`cSjo)p2J=q$&JbBrX_V<#XvK!AyagXgExV;d&|~hV}n6L@*X_})f)xd zxjkXi>sp?kSJPNZD+P3y&gXm}kYu>&3DvC~>6zdt-+SPe_kx8YZNGsf?!CU$v4+l= zZNH({iw96)F>N+IP3JEZ8pZio0Zzg8&qin*Y%g>%4F=(5r+&OrD`3DmyqZlKAe{0T zB@J_BPZ!nI({}UH$Wx;#D86T|ACt*Ps+XKL?3K>Z5lzw2ZTH3Ahl-JjAt<`ueHvspw`y5 zsoPVGao&44()tlaFC4R_WiC8bv6H7Rz9sI+G*DkWo8_+5g?lN|1-wkkPtR=cbf5_^ z68YGh2|K&^ve7>Nv=g#>Am5Dp5c|oRfez+$%&hOz{6PT|d$vI{)7KjQ3c76m`;iB8 z+qMrY^hz$o;G&>V3ZQ(l4rdXj8V%=m3KGwJ(v^RSjOR?)t8*?(( zc|u7HH;ep`|CyMuOBQ{R?T}}Oc zZndkO!= zOBZ?y`9Vi9_Iz}nH*HQor*}=nw#%vfH5w9WWh$?*1!OX=QjvNKH|7@#?t7@~CvfTU z=!GN^R*MTaMk_B|s&02+e8YFBk4Icf;V)DG>t+4v%pXkrr zn3EER-w!Gn-dF1unDQ*Gxp~y<+vOD`pV?tmpcRp3|Lt};p+@JdwEoK&vxFzv#JR&H zWm$T!-;zrz&UFfl8lgvf%4!hM#r))_n0$Xp0-wiB->_)SOiu!hTU`#lSvi=t+oP&Y zMI!55d_E0##iQ?QzTffiV?th$WJhAH)Azf!h@%eJT8hpIWy-`I=XRcxQh<2gGah@n z(${$Dfx`#Z-4EFT1d!Jx^;di^KJ&SQat#_)7N9>xwXxl7vQ;8vNDU z>{4CNp3(Q@sr&3KkzX#~I7?*EwDpjwq(wlFIU_4#$+GsTkw&pm^+U>f>+`Im=UK0k zi{~fF7Xscyy#eiP&i!mBI;G8PM@@Nj2?w7^E~|FkTH#1ZAkt7T6z*nApH{8$kP(+} z6mos;F>Z-V%6E_0eYwWLSE#c&8N+6K9|MPE`E|;SSqOoZW7Sluj!o)dGKBJLaTkr6 zE8#QUde)-x{QLpl_XTVsIv~)XAHKN zUir~OL!&$>vAia)Y?O`V%<8kt-;7NS|HO>PCB`*2%=0C-&d#=`F`{z!vJ#p@M#>#R z1}2(P)u46WCmRCpw={?uJFPf3nZ>`Ui$!cd!aL_w+8Pr@aQ_W%+gV(*O0@iiOz!6E za(*Mq#;i;asuaC;bOeoz(4Ssi7C1*Ks9n}(a&?x;tRM(8gP18!*K^nUXj#Wpe7enM zv!QFUV`(zZO6a;=hyKntej zW6mOFQb|jgtv$0R!AN>mFokn=Fs6u(z87UQ9+zxb}iPXbxZn+^8$$U0{v+nuUw|6AdHXM$q4`@!#$Y?cv*tzK)KQZZS ziV&SvGeWjznMJQ*{#(RTAJwk@C~BSN%$LF^CL4atXO?tH=cChOs8QG|@ugMC&{31a zb=rKVxqGWEY#oa&YAU;2DYs7T5HwI8zOQ4T+Ar0%GCrX=F)EXZ#( zMDB3tp`)w0IB(_P^vsV*2_Et5cHSS@8`3h2u1k7QZ|`}LS9Y6#-k4SdhtW%YLsjtE zxDe+fzo$|Rw$kXktMu_fb+$W6uc7*1qf+B)o)UGFFo7+x8 z)Mtm(RLJTnu11)>Sbl%U0Nwr!FVO)RFZIkb3@f`V&!F&voRP8%nnf3SvAbSr=(%a? z6&jMGK23^)ogMVI)BSji6)m$7#|~DVd9R+IwMwlb^yvP=xN%uS*cy^F&FpjdCeWvO zGT8LZ53hT!jW?@UNu8pfE*{t1LxJq`)bX7W?&KZ}b{*|@WRHjFH1w9}Di&)}MiA@H zM-~}}=9TI%tJ|v$*xh?Z$AbRE>b)BOvjWVd(LPLJbJxx#x&GIY40IFJxGWUs=5ET! zn59&$ou$;zvuPWjwOl+Dbr(sAGF^TWK+g~vCP8*r#lldGw(37u&4gFP%PXOTZinNP zF%>-fmT{_{fb7D!(}t1C!_+VIk>qFY%kFN=k;-@wWl3U522pX?#XMP1Cv^Vx`zxDJ$ z|B^oVKb-@(>@Wl-#s#D?;WEk)n81`OEfl7*0DhiKe}cmG5TLNB_u$u0GKsiQxF7-) zHY*+ci<7)36fTGWg$p7;;d%&AxE=x&u7`jNg$p7;;erTIxF7-)cmRNTQ7G_YKKVRJ zq=JtEB<4wB>+shqBb#;-1mb;=b^=KbL|-$faS}+Qodm%-Q~)?Z#OF}KcFwOWh!j=_ zmdFK~vq0KO5a}15BnN2Jqyp{d)zGl&c5FJAt$l;&Z4@ zoWQRDk=8W;n?nWAPKeK;I`K|_1R!W)0bu{Z(vS!zFiza&uKX2B#}3JFD>y@8(s_RbA828qL>TmfK%x%OBm9qR}OPHC6#riR;$PbAla?0je zEBhK=ZfjQ_cZvebluPrU?rN~hX}h)yJf0c3oZjQ4=J_U=b9vw7*7uPxssxD^RO}O;*$1Qra zZF1+OzGU)Ob?LW6U+Fah-)Z!ZT)8sAN`1Nd&F$>0i*6O@vgPvf4OruiQ_q>a*x3{O zR5`+9OW)tB5yjke@8=g|9FCSQk(O4xw8mRR}CNY`EV%;|`j&v!~uM;(hW&dXdZ zbippfY<}Jsr_jeY5w9Hwwb3!j&>#M$eBmxFIXfHK_i(lEbrJXHE0`<^Ke0B?3Lp7| z$}zov8R6W_RyEw8ddG_%I^FyMFZki8=*o>k5m6s^OnhA7Obdm;q|tQBa}ZjTEp{yv zW+;kY?^DBjG#I#9xV2U9BF@|iG5+90ucophDM+RyU<&126s|E)*SO#s0^wg)oO!M1 zNs6BD?-x9QTeFqbH$9oNvqDA0+eLS@lC=|#EsRt2vJ$0aQ~BOuOW*K4r-sy=1~O%b z+&#f%A>B$@LTVIalLIMCjSrR6neiVOm^}uWIjOJXS;)i}CmJr07$O9@H59V21F^{;wI@rSvz|-}pJoqHyME5K#mPqaTsn zIoR2A4)we_v{=>Us2yK7%s^hLwdJXo&9Nrg+Cx&{uy`o!Egoc%Cx*M5DjoUh>GPXc zw63_iT+1e`4{eI|em=r$du$!a+`@>lq|dTt(?p6c%GZ6h!ZMz3J4^XcFISMK>QweCJ}9<6P@?n z%0BawRAFG<;De>t^IY0%_fSj~(lndezMHQyKT?ob7gf)lP{+G2tYmq1dNi1+CVCvd zXb6u?Mz&u9NBU<2&nDNoTk&S9qydL_!bo?>&){4mM3atJdwAqLkb8&L7QM!#NrIKB zDa4;;=#~DX)T$iw>fDj#&g+d|Yp%8Bpi!QWE(y6#^0>7qQ%6}rj8Qlp zTNe48@s)Uc^;-8y@CbXmNfZi~^iqY|?}n1k7137nB=ws)~A@19xtS*%O2G0Fc`>c(7MX)NIsD@Ubw0I9v` z66#FWLCqI$?QN^pVXDCThd=S@-}N+bUy^Jc*XTpRmrLxP+NccX)-oo4C))bs+upg= zia1x7TuRBH=fF3&?!Nau zY*V(U{p@=dZR2hf6KZp+*6~;CMp-S)mR;2$RMtD(%LXc5D3)%`CVlpo{PEmOX*d?y z?1Qs$8;|)=2(w(S|2xqDg{dI_6)pYui3YeZ#NQJQe`#F&m1uy%r`1DYf)4;`^E81z)d4WyA5AU_Y17l;d5oSda!R}g93 z08G#VI90!qNPr#kKLQXmu>d$H4xk_f5Ek`@!o1JF0V3(?4Qtf^p5BPJYMi*mUjd%D za3pjk@`DXmz$xZOxZ&!=U;hz+pox)?NPyiVzXC*>qXu;%U@SAjf)*zi+^+zUW@4D2 z1z=*t1uaf)-ai5mG%-x^8F18y3tF6n1iu1Anxp0ga^*0V8E64V@T&WNC~llYEWefM zfF%-uTsf>&1L%TB6yWI;BoY9ECgugMInYt_0);7v0tBJ_YGUNIY5>s;tW^U5izvX; zn*NY>ig|!kG#{}4cmSY?0{jOH2@hD20uVGY4{!&ACz%Hr28#UP7cC*6rnl+AwhPqbnZ9*a z+opHEI$dehw+^LS9t5Tu0maxR`(``V{ZJKGQ#vWF_l7@LEf~Gm%~jcLe(aX(Fm2A$ z)aA`{EadkYYMPW`n;Cb{H;(9&s9Niy;=gJ$YcdyF)n!j!<$Nv`XSZ3;)wSZir&{i^ zKi=XI!=@7;&n`+V%;5E4iY)H+6@ItP$oWak0*}qhGVAHWJW9O|qX*x;C;G_FVF>54 zlvFalXu;OMK;-emWk`U&0XO0R=g0X#G@m#Y9LRMozwv_Ms~I+XI#M}7fRb`=tdLY* zApWZg-=x^UehHF1;xTiV>mH55VPQM9eI%N(fw+{3qO`$&iEIXtQnYD@xFsb!b!@T1 zJxEH~*lY1GzP62BY>@W}bFA!wBQ_grIc~Y39;t=&%_53sDy#)$SEN7gPFDPQyj$02 z&hbW;$B<+<_`7*XR*SRSW8Tw@OIoDmFVXPmGqKMy|LNKd8OV|H&X(29#1 z9;N+AjfP^$R{n_F?*)skm6IuLsNO~)Be=B%E;-Q!$$$zS~I?O^Y0?uXsSruqJ>`E9owii(@o>8Qz{qfpXCkPGX2k*pq_j~su3 znMkm8Ku(D6QX4H~baelrctg*66z;d_61$HxYm-x>DiNb-5;H;22>0mr%3$ne)Y1o+dwd9b8^P*F`h^1EcHFJrKVrf`NF6bF==%J ztf}_B+UGFe}ysbDKAQ)&dBckktUFQ6{Yxlrr>Vfx|gDT#ovE~PoY z%W9Ws@dr(pe9s#^&N+UVCyAzk=ZFg`6x@+@y`~!Veg{SN<86h&SOQ?HP2cSnCUAJ- ze}3RP4hszm`Zzxd#xs?8wM!jYMd)vY27FPcedh^`J1ApFC;4V~i3rGyc5zuUp3ChUfHqC zm&ZJKxwthd?@vGaLS-1{97z_U?Rxic+Lzp}NO=Ytnst?i5{0s}IX)Asfb}x3HggZY z!i0^rS7uQumr9I&R*@Y__BAx>fqKeJpOO-Wqcc8AV!W+Qc21ZHhcd^xg#s8{L%C=k`CT~Q z?V@C4d-OEFd(le?IKbpYt_U~)CschDkQ31pRI?R~JXd&mkyxM#{oteWhfaR)b-&3s zjZ&f4Nzso&`O9U;4-Ln^ULxK-z3T<)x0U!u#PzH4`4#3-D2~?h9m+hBZg0Az zCT)Kxlrp?H8!Hy0JxUip>;5TVjAdqokC~eNkVwe81aMw8!d*$ze3iMFY4n3CN`$U5 zMxH`=@4^%gTM2C_O)rN~8SLEpu%o5lAb#GgUO;tFLIpjKk6L?xT|oJ5kS^mp8q$Zw zGG+E_vknSOYzIx6D83F2>ym{!oc zE^MD9zz`#bR(Nz<8wHgclL#-wa>eLM-D|(k=s)SsUoXX#`x4GjCEE2w{Rl0g$?$u} zX2Ao6X0m~V>-eRY46|ToZihOVIe|m9UhC)U!X5WAFS8w62Ey-=)-?5(kH(pd3B0tTJ?>_b6hXYHCyo{m2%cX1 zk%^fxn&y_@=4}HN>D6(%YM_pD%QN(i zWsm8y*9H9f(X)5uXM#egBSO?2_^5RUgjGaHNT@GY35}eb%;@^tyh1m=u%ljHLZi-U z=aO3J7?i&Ms_v&_bA4A#fD7SqM&x%$AvNl#`DYzB=jRM8xWIS>`Amq|GTO7TqIl^nb9KDz>!p}2HplWezk6-DHYvDC zq@HC!?->88dS^4xibK}nlAX5OO|RP*_xs0#EH3Q$j_XBU67^Gz@{kbvK;Zg>^IGoZ zK&J!VOx#pb677oQGvpt#OJes)q?c767Se4iM|u;lvdFyE@UHKx}_eclpM`^ zhLE8DLOxZ*1+0BrZl`4bhm?YN!;Tm79+F>puh2*`j=ncor7EL>7IZ z&3%m#G-jDwFIW~vu-$MEin}h&$A0#k0O;>S>n+by=NHYiK}$xE@AQ!!Tqv z?DzjQh)2pR1AOU%+$Q)8LR?$p#4vvZAP>kk1B2=KfL;p3g{V(<%&!2EMrH_tBin&h z6hwGr`^i@R6(G`BXF+geJHR@FKoNbYo%R$*3PA9sD*zl(80!oiAVdM4_7q1NnIQnQ z;J_LH5FXin;+1|iF%&Le|J!^OKPWBKoJG_N2ez6 z1Fi;SGx&j90#Sgc)s-U8#6ac;G%*MiQGln_l_CWoXktFFbR9G?(CCIJz|-nVk>;rR zfGrL>YChn;Mik&5BXz;Mm=DOWgN~XH@P~*3Je|}%iEMt$&A?0y^fH2unh)qSL=@oZ zHwlu`gSV!0f^?nQw#z{5FjiZ{bP=r7bp$^PcbhLZX*it zAFM92>o|CT%p2&ac@Z9*dlJ9@krf0@%mW*o3nUf*pop&EAG=AwQ;dYf!rv7@{!*($ znxp0cwblSf&4aMk+R0PwR}&*8U8*X3;*LH`QOTXz~12SwfkG<m=@&+-CXmgq_xW?X^xOe#8t3XSmd~MtXyn@@4ZJsduE=L)nwB7I<@I`bpwS z0@_W`(PN>)l)b6l>pvD&op#LY2PH!1JCalbYb07}jtgooiNB$5BW>HfyJOxDskHBu z2s0P)_`aJFyO)>LV@8+f2mQ$RgX>1+kM$L!ky@*rA^9W)7Z8(g1onM&I4B&X<04$70J()4|4P*RL$6JS-2`EBV^=)Lux#8n z>se|N?yhvLoi{sZ-MQ3BSkbj?%^>;%KmKZ$p&rCWA4uO=wbHrMIZx9q7)w98w=zkD zE0xqeYs)~ASP-9MI+7R@%lAnY19SZ7!QKp=4~vHgqjlJ&T<#o~Y3NM;sPlo*VF*fW6X(%IV%98~7%yCr zRj^pxH|kqJKaCOO@*c{rW-%7I>JFP2BE!Vueb*WIAN*%*8K z2YG`-uBWc**#fl95o-Ntfqi{+>Wp@Umq%M>9rv|=#Q1*Et*U3J@_%h?F(s6DpROA# zm`uykk@O6`;D40!_EVz-2Cg@haBgRN&|Xy-CQMroGI&U; zBuA*!=t5vB)*BS=^<>w+`Ov#o|KaZ1GxO|5^(_|S>m|vn4>t1b)9>n327b5JD?lBm z?3EW9eA>UpZy#yv&$t8B|1~tyHJ-#asS%Kwn_Un zp9W&#_nTao>8=OZPU1WYOmHbSRsZ%$JC*NjiENQo=OW=&VvvwN!Jui6b|OjC z=%bawg{{#Se*0tb14VLH4>&sRUE>*aGJf>wzU>=HiU*1cm>%5ts$)DO=mzT>Pvq>{ z9rbtyHMN;Es@pZ8-Ye@WIR;(A#TaPK!9dNA9*T)f-$? zhmtD^)hwEf#6_*19;|G6Bi2z_9f>RWMnVxI*VUHv!Z+8xh69_LvI7oXt)>!ZGTGXi z#r1oXcI?&$dJ=Eb2io-l$MTQrZ!EuH7HQlN?4W#lZI9b7N?LZhIMw8))>3k(|1@zPpIzIoN@nt)5- ziB%lz-Cg%Enx=r%j>GiOJW*w(P0fAi!zF5QaaI9?(1tUQ(TbR}0ty0a%|4~G)Wl%j ztyk0kuvNE`R3B6)|5EOvw(j<7(mUq#V#V;+?@u=4ioiQV$rZDW%d#pPq%S==4kBc4 zY#9iT)6l6lszO5Pu2K;>@?SvJ)asO-z#u)Jw_lc1;9Mj6p?~zM@JMQD&NEyKN?XH$ zejjR{!brzlTvG4Hq=Vls=C{$BOOeIxlaMlWrQ8V{qH;^*m&v}2suArQc9|Bt z+5g9PQb@oBx^vZdH_wTQetoR(e?1nv7&C3`fh2D)y?*^GmRzPl{@Uj@D>+PhBF`_7 zX5SLOb1w5sZksCfF&q9WmN0eJm;52hkQ=3~u7+MB<*Lv$e0E}Ex)=g?T5 z1SLZYKG~+@v2b-t3tnQUpz3^cv@xspjNu7$`l!x^u$lnZdC81z4gKpIoOA@;Y;tYa z>9^zP%-lt{;{v%At@^0Po|zjlT=x&98dtz{9gazkXUwH9l9f=i0G;w>em#olq;uq? zCP!b}d=!2JTRcroOL!nA!>eA2qj6cX9x<_Idu=Btg!VA--8kOt{O)edUJK=J^WEgKdB`NL2l|t=_{-@otMr||!nh*`^z#PTS0H=G z=qP>oGv22pKmI9l@!!|}!zShaGx-5L7=BHDz*SkGFd+yaR{>XLfx=Z;pm0?dC|s2V z3cNjFDG4CVKly~`Q=o8F7ARbm1qz!74tzt{*lq9=WY@q?cuoT@$^r%2tznp;a8(vC z-bG?^1NQsHNMf_sPQl8z7SSir?4eKG_k!0z?{LaiYu3_Zzz0CtLN80EC$s zd@BNc1>(BgCuitafJm#7`+Z&Rlf(ThK%|*i07yc>atA;j6v5Xl%MA3c_yOUjag4;R6!-PQU{Kp5ouA`9D>G z11SK(Qw-_@!$1N+5naJQngQemLL(Tl4D3Zj0iMd+BFn@eI9Tog0E#HUQ!{|b00^3x z7wG*0P0S1QwIT}ek7fXQz`-LRv5ffS5m*@f>nTPWvCIQhK){$~04Sm>_>TEpL|uFH%of7 zKRY*6az1;FS>jPy`iq0`l^Dq*Go9Hua)%T zceA-WOH6s@5jhLCrx{pWSeT33J33ffeGKtPnAjY)#ct=WvLl(9<{H&F7L3JuG^O#4 zvw4DB?z2)1X1aOAh~KJ+GsWGBk2IP#y+T}0JJntJ_1LN@)0kc}=Au0A>P%szavEZi z&8l6@{6~gDF}pFt-~IC|rLw|_d4!5PyU`BK7cVKCe=X4Re4$Ap|IJhFJrkj|WeBqY+qEHc)!)9#{ef(3uNB+8!8zr6rz2BpQNwz$7%$S0&uqeK( zBIMlNI>w_p%VO`YY=vF<^P`l*9R%+Qa{kxwnq0YWu>5=};-9 zr8^`J-6=?SN~e-i5+ah)B_Q3Yl!VeLASDWd0us_7A|j%s@a=to`(C~09pCT8bH})U zINa{TSv=0Q=9+8HXU#c{Yrc0E$w;S>DXb)T#NKzn%pg%n7Fxaime<_fmmi-&NLwn^ zp-pj6uVDDLzu_k&;~s4i;@91ukRV>O*n0;~`u*kJQVFzfEOOU_B0DC~G_W}=x?6YU zOIO;x?>Y@O-)EV*)Ho%K&-dkg1c#7(@-vKUO?DNe7&bWHeL8;xb8#eUAL+d$jW+pK z&7+dcS4W8K5S~4q#VbkUPKvt|}xk35Ji^Oaw+mZ_t%#i?F`N=8OEw`SoUI4s-aMx+k-F)L}v{gtxfXD%`Uv zmPi+9>ZdKW@)!5r%FHVI)a-b^*M#Zu=Tp;A+Y6CVp9`0hjKztrM?h9*OeTL{Z$pH@ z7XKqb=G8cO#3**zr*;@N^GKtDqp3Y6&s*C>jFTc{BIq+A-zr9cC zc0;`-aNv4HGFiEoPq0;t-FscI&MBP#QtfX zdWdt~yn2VeW1lHzx1FfsxunS$-Qgv9@fEq{xN3dz6)D6WRgX{DwFdq7uO41Cc^}_+ zxkq#@S@|`?o7i!>5*vD)D=WUF3K#nFlj}mt%Gqp(=Icy{{BOjU3+V+H2 zp`rBBW)`(1V2O6Jew38bZ4Ai>QVV`bJ0D0~PW_qcAYW}QveTyKOGJj(51Ec`BrkL- z&O2L9qzGCVS;$|bt{cXx8X(bSc6{Q>^=EV243foAK?vW()IhqSr>41*)l56_xP#P1 zi0*J z7=|jt-wj`R?C(jesVH8|diRrt$uACzd|$s1XOozu6=gWhg3G0C3rD-Q^hQa|#7yx` znvJM_zA5+41KqnFq>10U74Rz)(KRX_y+_3fb$^C;JDm1iv=6S|xB1GlkWBn26>IhU zfKbw9mrc^IvpFpyk)rF1Kx^!F%~!47>XO2p_;0zARHwv(Jb8=!5*A)OB;4&xc3!QN z@y~WG&|R!E`CiIy;@n3(S?De-g|BZ(hKU#UjGp0h48?;2j3^84^s6&2sz+Zo)aA_Q z_3X*Qur6OycD&dv(t20R(FN;ZsHkboB~8Rh2}Nc9FKZ$g%k zV;jEB4L-XkEK5d4dr)l=e>nk#Im~3vF9X$xTy^W+ zHiZS9Pn(SNq1yt=wB?x5X9?k#+&$90UsD%6u>_5`8VzbMS6a$RUX>Vg5|G-u^xz&9 z0hue}j~oV0;RM%V_MT^V5~YIp2!;#H6Ms5H)wK884$u2$J<9IV#+S82>9xrXr@*sB zq!@}i7pmQ!dT?3OM^ICL!)AFnA*$d_-lBl4CdbXl4-X*gKc-4&D{O>fd|pty)|rNo zwNZb`d@9Ccx7o3VuPoHSJGCt8l+bOzs_1Fz{nF|%qJH}Q#peE9!&~I}RwF){{of%T zi*4T>XZ9-Qg+=$}rCZ_+iyn$pWEU+6?GtaN%ZYGyx|qh3>BS*?>R6?}ro;5w%nufQ zEQ#5pe=%SIuS1jaZIE8@!I4vb2rh${oS)tHOoBu|(;dqm+<9I)dX&fb;RA63uYQzO zaldW}CLY9HL6hiOVeb4Wflf%pp&1>H!E*8u(yNMU&xH5k5LXY{f4Ar zj_(hZTSc!NdcMY1U^Js=TwuZ6AVE}7BfLn6Xr9M_S*#sQ%-;8n`}yFr*$U>6DQoOQ zoUQeJN`|3x!`>)&iay@Cv)t&@OZ6Ox-m8APhlelG8yx-f%5F$RT&r-}0cEkH{%akF z+IH=stERL`4h^5>E|l*CTd^(20A={uaPm#npPi?`{cKCSihu1Y#Xc3na<_#6jwmx} zMpK>~Djx5v#RcBE4rw1RV(-cReGmS*mEf#TBVRVcE%I~bvfnRSqUEl!5K4{OjS^6A z4M)eOn2pMZ?ukl^4sY0ALzYnE$jAw4i`f>Pl~$#?Xo=Z?l{W(xAxwGC(W@1PkLhu zp7h2Rgtl}7;=3mu!39tHw+ce5w}bDGJ$XT(tmbjN_oR$HaL3{JK0WYoT*w}HIF1zq z568h`;NdtP3OpQ#i-Cs|Xu#9)$iTz#(7*#I0}bH%#7RYa;Nf)WlbZIxo716BirQm= z$6+`Io?&(|gUdM{^n}2Hz<9+3_|AS=6T0O80T8Nye;9B9rx>h)13J4P&@;Mfe{W^>*DWfzNDy8CVSD3nDksf* zl0eP}D9c$T2rI5D2#+ZS*C5z58yXo0fSwiLFW&fRi2!&6T;K%|R$Lb@5(L*Elv@Cl zg!k;+0@M!uLyO@dLHGa!%o(T;zaxa(Wk?=C0AS3D7ch-yTZ8~YST}OvV(h?G$OFX0 zpzOk#3-$mAVTE?#f)Jc#u=_KVUI5UZS%$D;yKu9|+~AF7kY6}+Y!{Fr%-}A(HbZW( zdof5boVj~3fDo2Ff!k&S_D_H^3}^1203iI=3<|go;ersBMS&Yz%?0=YP@Vxenx9!y z{xy>V?lxS|9uL6j^~?<2|KmQ@X{1`AcT5GzuOeJX$rIr1xVDKxdp(9%l6+! z2+O9x%`QU#O#$sP*B@vK)XDu_hH$ZZpr$~8J6upQ2|#*QU50w!{|Z8IKZF1w0njc( zfC9Q_M)-?O`A_j(fRg;pocu+2K>$noKM`L2j+X@qr#`XPSz=KY?pUKH-_NTO+Hqm?m@{b? zuTK_van;*U{`{#fy*MvM ziefIBHuQj5#mF}w>-?Vdqg-lIs8lGLzo<}0Ey`zAfdoA( zNQvgrzBb3kE1X4qqGOy5RC_(2eI(WOefvI;3MFkEwJnpp?o@-`plWxCkK< zMM4Krc0&Cs>ip&byJuRx!h(bQwO>@;u!BPx=(+1 zttR-kEnYiUZtylIX@Y^{$VAAzdat0(y{8uuL85k88>f{-z$W)vP+*6S%WmV?nq&Pk zExAaq{YD}|vWHQN=*z`c&ZiyZYSv1uY?c1B>xSZ}q z#kJT72Uj(Pdeiy<$9hAI4N~)qEJgO=%<GqMpV`qCsj#i$iG^*AO#K zLE)Zx#$6mqb^RgEVJWeA9%(~Qwy0Hg$@Ay8a6Y$${J6k=;WJ`(M&hUJ41*9iNmJEp z7d0v3-rTz?0dvz<4Zm&e`^j$cC2%)TSO6{Bcb-jZtOi404*K+PYI`${qaO zxA~vWr=rcQMBmoTk5BsPB2MtgjicvBYT>sg#XX-sXK%^r40guQN6Vx9otcS06xWza zHA%bYIvx#(8;ZGnAGMsHZ(v-$R&R&XpN`{RJjSgn6ofVCdWVccSz(9gz8$kT%L)(1 zHp+Qlbp0Pl^-qzjE+_>h_QWLwQ$PJeq3Hkd;xotL){GhMq7QZ|7a6Yh2i*+A)&G=8 z=U1uvZNXK24kC(6|7vLz$Fo0J?oEE@aVARa`(TA#bv)#)i}63dZh9>&&a1ZGE%hM2 zzYP3^!xFU`T4XHdYrDIy+UxPjuQO};X5yE3h)Yqz@16RxBRu8?nNW$vy;P z<(Y^{{`xd=+Q5S1U}5 z=8@e_`ir6&&P+n(ZtYz4>6IPiY-4OS27i=$h+-tTd+ql)#F}$$k0gqlMHAkq4ixTI z?u6dG;o81A6?m6Y3|XAt;NquJtK0W<`99AhiKa_thcKeEFZhNF z`b;yVH~svIG1L}cP?8f~WRZNK6^ouXM|g8YON}0 zajZCc%rni`Je}@N#1g^@F=*~61>zb4#w1R}evK3!#8go@hs3$YcvCmDq=`t%i|pOC z+h{lO)c8qsh)0n9gxE&?g=(?G0!%Zb>DFtesC)dlUn!!Q zDqKt2e=LD|SF&c5Cu7;@%@@sAljpy$y9xSS6>V*y)_L~S#C+L|U|1lLLDuDPcJuKS zPx?eLSyY#M35`E+QFcs=vZ-8|f{^eeV=Ri~sd&amB3DH|CsV`-;JY6lAtc!jPyLgl z0*)=e_?Z6}lInyg;?S^iy>;8g!papm&i%8Y0r2jaE&3Zt1^j|jD(IxuGKBM_!7}i0 zN(G&?JpkUEQbE9(_Lw(1>3o0%e0EGT0S~7v(@FOO;LRz^bkhF-=-PEU^hpB*;LY*S zz(6NG5P*kM1`F_yj(;0)arWfl6!l3T1mOR690~`|uJGfgPQ>%iQ}^+I|BtULgB=jS zSQG!5Gw1Fc%vn8`U%Q6Y|`-`g9yvCz|A~!ozw>9I&*DMz#)NcT8^EPKXL{@W#Kw0 z4hkYYv$DV<{NQGuA%If}B?*AA`I!;IvMg{T?}0m%pg#pUbMeg+NAlmXE8r}HOc21` z{{ayM_3Zxw_#dNLpdp46aDUM(;FSDNGz(C%N`Mq>xlGIJr*C{U{6YmzSsIBY-UY(w z{ioG9X8Rkg6yUE0P zZp=IfUk%>mzLBSo&()h$H6FOmp~FUUbEur*$-M^dxl#ArhwloAA_$so7zvM34m78E zWYi?Z-fcL!7!VhgHgS})(0i2G+^xQ%gi1TE@-iGHM)2qKTx`-@u<%2MORq0!LEa9| ziS@@v__7^FqgUOf+A$xLSBg52=lKKK`PPcuElOv zK|1^$DeG?9bHmO0HP4aO-03J+viItSn=sWVl6m?bWkFEurw( zNG@jWm6_?vJGJ8P$DV3D4#&nZZ+dp4=9$ez(H#RNR_0WC0XDyGvl_&t4ok)-ofBDI zjHEk$$jtkt;&-(0#2^94QI_3aPgS~=U=DLJbjf8Ofic`o*eAR%Ht@F70=Sgo0^m%B;OMrmp*fhNwZ z7y6B7Rb}J${no()h5Su@N?+q8QB1C+0m(V4JDr~o-o|{_dHLaRGCaib?Zu4AcV4@` z!-Su{bD-8pXI&2Qx}ky7OQK|h8S@BzLd9h_W8NqI|7CWsOy;P zK7I=kCWzZD0l9p6;|+oPxQHmK&wa3w+nYblPUGa?=#6_5yG1u^L+?>)lMr;{hIG}X z9Q1}{JbP;t#YhB;{(zq;`Z;}7BNbP8=@e54fM{{IqKQHRMG`0EDtn#vlXRCM7lJ9* zUfiX(oeWwU=HfU_tJGoW=)mfH5u0?^8fB1UEJC3#Nv?>1QpdU2-nRJc z!)xcdEyBFWwTTJxamyA0TbW+HeiUqcnJ=wsTzPh8n|RtNm>_r?VMC?=_QtC+pFXO# zBDSy)hgwW%wW51?2R~)n#WPTjq{j})t2&+Ms1ay)bUUL!?gVvIa+iR9tpi~cE6#ws z&8pJ=9T+qo_Pf{_p7>gm|H3y`0i4h7Uy;95(#dqT^l0d{$#Sww&D;~UK(^kzA=O1P zKS9VHB!>E(?Tg;0i}iw@Hs?BnSt;<(uRe1*T;J28at{~LE$bPl*7-Kk*i@c(yO&=t zpC{VRA{+Z%3j!u3k?3wsoa*O$QQuy?(!NvJ^F~rgk}XC$FDjdfO{sz<`kas^7jI@g zp0Wp7wFk%Q_eyu<+zUzp(V=l$_X|o_*cJUBUo3E(`j9aLDf(bQwwZE)JU)k(%kpuF z{E>Oqd~Z^2hlMSbQ2M|v9D)8WiL3b#x#fAJ7PJI++)N%8Bfsm#E5__%^F)*$PG6n1 z!*VRT zj&LM*sI>lrw9+0dW|xt9VO|POOAJXAiDaj-yyV)7ZmYEO**Nt6BoeP~S2JiE(L8mr z(d0D3wq8wTwKQf-f~pz8Sgy_pX~}|!2I>q0#^s)`H*U(5NZi-uQ2UOhR-hR9Qdfdt z<>x{xL2*l-r|-47<|*AtK!J8&?Vu98UJB3_Q5c+c*sy4(A9yA8ZsC*F)II&85XIH4 zY>rZ#qe#zN?HRApy)VbTvDkE_;zF;WWJ$VX=^e$#{vvjV}*-7OH)kPAq0ibH!fOWvqSLS?6Q_~;%z!#A+6Z) zMMqFR&u$BgrTL%QZopz`PKreRl1c=4d?3m33rlm-c>_3|o^m25y*Ge2r<}-1_YL69 zDcy3?e*?k^ttbx+2|OKBK)}N(m2=XA19)>f^hp;E;LYjKKo7=a-sPkb2QUz{_A!__ zbkd3gcsL#Uq!|bB<~ZmEJe&>g`5%J_+mnYEodPCIfpp3r5I#_) z`FDf}I(dJdG6l>tELR>r^9(nLuzY#=Km_An(28duvj>pOXAL(%x4?gAqTvP+c9i&d zTl}M_5(L?2$dg0sv8l#&1q3s|o0 z%m`tTk8mSYAb<}BWmEv(;>-wP-D-i)t_>O%2;h{08x92U63-0r-!m+5g9yv8{KusD z?^za5TOdHp12oUzgr9k$VOth>7(aMHgoZzU-xT39(QtzZ+p@sP!3XXVLJv6*V0S$0 zJVPT!|Betrg$DL)=#~Q@Ju^aBmIXf33@?PREX#ij;V+iuKSqTEJJw&tDE4lK<7 zi3(S~H6e@J{7HAsSzqG9b{fy1bnc`3=ku8CcSp9e)!g#<3bBS9ANYRQ)ze6@46Cvu zV7iC`=~{HE-?v_BuKi-2$6uX7sPNKJR-qt;faGA_M8O-ciUvytuXD|P%leIgIv@Un zutKut-LDE^AJT>d6swgY^aY<&iV;<}UTf{M-u31RPDv;&xxceR-#aW7zEC@^O1p>l z%2e}4RAA%yzJMaX@{Ingc<0#LNH}G8+dgRLR*m#(bNzUnSnH`?b^Xe+$Sa6>924>_ zt%JGnyp{2|tjV_bQmOq`^}96F_y=$0b2T|M4^q5ZoF3&WE8U5>cPovKt;iJE--(G^wX zwkbEp3jO#HvUWy#P=BJzoonmpe=9AeuRq;shZ*R)a};Zdi@tM5X+-cv5lN&sg*=`j zhx64g;^$^Y5)5y}Se=?%oXj#btEb1S*u}-!S>DU)qQ>G_xRxU+G|wqFrSU&Zes>=7 zSSL(bbP+>0l9>l`U&h;j!2&DE>q2n@omV{JbAX60x1`3+M;XvEX$ z3p9(gv#*%dyf?c1R@5DP}Hh zgx#yHTfb~Q#m=c6b-$Q|qr(W7&irP*#g*Gi`@|cII|Skp^Fbvv$*#rmyGy0b#{LFt zgwj(;Ns+B9yZ7BIK3y)uVrUm`Q=)v!U$21Nf^gm?&<9y^dTS!MeUn^|k85PUTRhGg z`+S+g3Q>n}bpnN6op~wQe3JCNzP)|RH7fDZ3VpV;@D3faLIL}`ud05H#pr;l)nOhOuq$`KJ;<@LLA8`Ir$2x!?;k8|fg^rUa)N{0t_ z5xN}ekHpl9Y(5~&>?d|YGkK%oIrVPBoz1sva^393yh6g`Db^%gZna!Hq%ZMJIE6Qv z2UDYmj8M+^k~txrE1FY7LwL@z;EyUQlP`5SFj935Nm^-7D6WO!O~{RJL6s4ml*vEL zFv2L=DY`>SfL=C04qx4j{ZD+>B zjm41Ysw6S*@8RA0v^hK#ZezB2{woo_-|D@sFfs(>Ngf0=jpRjXqdCqI|EH;DZGPHR zoB2v&ITUv;KlXZQwjAc)+K5t4d!N(ao60G*oZhKr0v|Qk?Rs3D$+L)T1fKjiOt zxKI+cq79`TE?n+$)ZEHaqYplh(@Pj87Q5#){!$-VNpa$aR>ig`wl0&&?U=x>CgY8= z&<+pLJtBH#N)sclf~1NpQMKe(hYLf8p~+P0#>R#ZWM>uZR`8?x^LP$6e$3gj{Gizo z(x{zqd|E<9nKrOK_nl(3lIbdTBr8SV2q)`Dk!vQ4Tr1t2W0t0+t}`e8NbG|nYO_93|#5- zwc{^hN3Xu{rzS)qzb_Gw+g9!MoJkgfF%-e_BR9N>DZ)Qq#N2cB(xdjw7xZSK4m!7Z z)a|v`GYlN@a~s0129Yucn}=O>8FujBS{m1gc}Zg-8H}b%$>7SwgI3&op}}xa-ALlr z0spE$z1v2tY#EtwZ~ryFt9(o)YT}oRYNVHW={(rn5E*eLuI9~Ct`H`zk{NS8rgXa& zTl(C~L&GIY?R>K~8Q)UHx6ZZ?Mk@Rd6qAQVoq(=rEJ`jyG$`eh5MEPiUuunX&gQZTsg*p` zN#n{6dYM3T6kADKf%y<~*}Ut<#;V&nH9ux6ZDdNZK{e>|!WvLyGK+cRntoZchIbn? z!J~E=a}iVl!sYwqwp))PNC&aTRy#%>xpKy}VP*H44ZdJ@IuOKYM>Heb=3xjf?e`CQ zvlaBF8iVwrf(t=vU#=*vSE7PjowkQ%KtKJ@=C*6>;W=gy9=hN)C+@0d0qdQ`W|x)o zM2Gju))kO@XBRfj6|1$>k}q6i*mp8Uu*PgSp0Zq<^6d0n0~@0KCIr>|9L6Yy5s z<7tOTpa?#BeR#Ct1KMliE$;Ian!)&2QG!rIXqnFwMJE%xBK^prQ4{S;d3WCBE#c#b z25E6N=3Eg!YOa3dbvYdTaYU$YMcQnhXckY#z;f&31vJM4j3sB?6#mBl&*GDa<(v(}v1nkLhB2_&-v5D4Zhr)lv1Y{Kx2)gq`K0p_@aB|e2BID(KYTJI@ELflgMR;%9Y1Ln1$=Zm^hxPY z;2P@b&_FQs_**B{KLG|ET5}K_=%fHB@Nhaba69zmr;k}6;G>hFfr>fD9|1HQ^Z^U_ z@1BeeTu_F-0zDFVlHyR&{X4!C=#cUOf`F3ZKrr#l&J-w~|29OJO-JB%y`2xFE&u`Y z{Q-3Wv+D?4Vx6Ev$_LO>U^Es)de&)%D(LUi3>SppLgWRA6)4U32YD9Io#USfkGGLO z;?SUEE|7^0Mq_z_bdEF25Vltj-GJeceZ~tEVd4fl>hS{kpl62oi(CI!3g7Xj_-8@{ zrkMvU7X_q?gGkSe@Nd5TUulqlZTT-j1hM?S65&Qf@&Nb8phP5~GiMeetZ*@0v>DuQ zcz`Je7b1xC%m`td6?jZDydeI&)w8*Q;Xz&D0ge`D6(Y>?+3?d9xIhF?Q2*4G;gR3Qg#GuN4`ke@gJzpq31s0z5>Z~--1z%7vrsG4$SA;K~%@SA3!4kNhV zfJo1b5SCeij}W0N5grg>*%i3iW(aVT8nn$2KxfV<#A7$}_mv2jX$BV}1h~irE<_ON znGwR`AmKC3aDxcTtiVNx;6el<381O~H|WnULs(V?J~D(C!e6Y)e~aNejx(Jo$zKc~ zn11m;F?{`w6SDX~O;KxkLV^yjc+>{D^lT?Q{D6|u_w4xL<=S)!)O|h&KCd%`^O<@t zW=OH`VO-E7dlksNo$385MfY28#I7MG^HS|4=IY5%GT#HbhnK`SxJ?p`Uy7?38$Q#~ zav**XQIp!Vv*gWu&yjIhq~BFP+>1AdF=VJ!`JUYSJMk(GI&>vkR#sIzRH-2`2TMK~ zePpf9ZMu(pwP?~WeN_E+i?KerPl@z#*8wj_`QEdLx*w~{Zs87n`Hz$4ep1@_bGTJI zBfQV-Egd2(yZ7*3N?pe%x7BzCnIid`EwUOb8w2didvfAjkCRGJTbChoEDuS!Z8Pg; z)pKrjiPny#6$R?A#M{pwCf>_uwRd0FvBFrY>wWX4NRQnxLgU^pyx&Qf6cJ6j7`RbededulFwfesO_{C>&{ z1iHMf)As(uTwxZsLZWQ_1=+)pyX+Ic?i>EV`FUtj|52&FDIaBLa(s$fmt*Z7Dy5>jG^S3aMzzCs11^=Fk%))BSwe9w$Gh(cS(CfY!DOo zr!``apipMf!W@Rcn(o|p4|8%M$H()b?BS(7Q4}xUZhxpaz>;;i;*}&qMTfv)iqR9A zq9TYFw6`#Lcr^v`bkCV1pp|9}$-t%^e|-g89aXfmwlx^*T|cE}@QNB^Xcu;Phzj#=f;M^Y z-Ts>x7s_a*lgP`JM~x!9=eTLO)YN}^?|j}%b${jv)Rxt#y~c9ZOdFcl{BK`lUdHq34f~47Q7zM;EKxR zjcc_&9yab)gr>19`DW#2;gk0wI-hUHU;J+WDIxnAHIHUNv6|49Ey-SQr6&?$YmgQ5 zSJz92tp)5OgBP4-yMo{JxlnL)Y($y{zQ@A4_uYQ=_R9sy=5ohr3b_kZS8XZ<3s&#C z;5x+?YvZn{)1nY=+&@f1LA%Wv~{`~lXLr%G7e;@!<$*x=Xd&4WYFSoG~;e=Jqi$3pS(eV{CfR@ zOq!lmCl>w!ni6LAuKE%)cfpS#pJ=aF#`V)YikqRd6v;l{o;~9$#3#?TbaA# z)@d*ba{Sox05KwLhg`fLJZdqw`bxg!4z}PTNjdrh5+*x|IC&{V1r^r?X`1ta>1b4f zi4j7NoZ58B6#T-R)X5FeKCSgX;Y-F8w|()&TBz17s)K|}*jAoCyy9vvS=HFLo?DJv zyR7z)Hss{ly(Hw?m^I_x{1pCNKXC<<38|15RbDE@nTV8`@^T-#cvoEk%4fYBF?RC- z7w-_zZCTNUGUKEb#Fdv^+k5PpF!pgd)_r{yt7P#+eV+Bs_t{viE}0mraP-ID8K)h1 zDBYZYsqR(g`$vf_tO+gN*@-e*{kdN(p3(7M=>GD(D(h$H-hp<3Aew7vnJUG5pS7y! zOlc=AgbE&gVdic-V*=F2K{VU~j`hw&Ol?kqO6i&iQQzkWo^MgT78Z2SC?0Xhh#MGF zE5{gPp^7qQlNM)w%&4`gh+z|!m9}xjb{o;9I-zv)3KibEKxC4cr!0X~gFIFjs|e9J zX-J&63WX9*kkj^W5TM7+ z$(s`{407834fvU3G7NY){w=`6>CmU;L?J+px#RDjmJQQ)KFp+PqTj-=SJFn@QD z;78{GoFW)9`h&ut$Fux9Lb!Mzpnn7{3<}aYXD6nGq1#79O2WnZ@35%ZV+L`SK+oLg2|WQmdJbdY~W*i_3y1j zXoEOVSpcYKp67oxzRClvLU1MW0GU^3MhG*$3b&OA7l^Rpt8mMS0+TPnZJP%;?3`7I zFl%DNZ%^a~?i+#I_8;Vl9-r5KR~ESKiO@7ra5bJiO%wvHOaD7U_y`f)6X608mSKTg zq#wLC1xETol|J)Igk@OZGR>fI<_3=V;6enEo*5x5y8@qSh8x6Rd^dRCSm6SaM!+cs z+u5C2h_LJme1r(<3S1z=9JoH{Y6N7KeA(Qb#3r34drjogHzJ#~K{2TNhsx-{yl3jirzUTHzefT0v z(o_nroTgiK>~WsB?O9l6!i?7MjoPTyGr7J#gJ*T`UnWVS8ATOC0Dn zbO++~fP0Afl0t4WhxPJk(K9B-ELlwAJ_E%(yI9#H zHy_5G4-II?=U915mc!Xx4EaD%=5SevL(-zb0wZ+fF5i?uNSv1-3BcX4%t|H9pb*Cn zVcreGE4kywcSmfzxTL)Ff@B@WMe{AKiSoj?%InM@Ap(zcYl1H76*Q#Z*1eVWN%U5# zU0)lKIfRXtXuRnC%s_)DgK-mH|5In#%at<$ZgprREP4BNd+Q{LS&;TTglZFr(s(|%t5y={QUb9W{Xu^~UrOy#e-z(hr+og)4M7h#) zlN{Mv;sc#Uqa_dHuwmGuF&N3wGc0<cTN@&!T% z#oBQ~Tw&4;K}DhGg%7lOR+i13ecE-Wi*5{Y<}Y%yXM`Ni+TpHZOU-oLIJhTxS&o+0 z>*k~O&B0{%M#7~2Z@X(B;v|T^i+}WOti8F^FB6QI^7t{4-L@DrZ%dxul_#B7rjn3u zLvB%ure%uHW|`}JEBnOZ@y7dy%RQDC+{yTR)l zO(n!HdR0l9$~mcttPiP`FX2b*X*Csj*UG+;vvb<Z&P1$IAk#SiiiIiaK{E+$c9huZGdwCf7XA`OBCHQOh3s?nY}qjMfzKhMeAvLzqhT ze%giW1)0{Oc@i{j0|L$mKX_dQ`n7^Pza%i2P$x~Aq}JF7$zN*jZMZjvKzFVtH*Sp` z2`M7dCXm67Qw`-x0?r+~IGj8Ry`_w@y>Q{!rBue=O}DN9?;4J7uQX-368>G5sz?Qu zpdRBJi62$)ulCD4X-gESD-tCga({r2Dk5iv*2y@BD`W=I!g*dcsLg~v@p6~5qqVE` zNuBI@hTP~%#~u#v^o1?H`kmxnp-YpQSFuy*Rg+D#>4{hTGcaFVFC`Bw3n_ij?qcR; zAA673{_1nHEgy`f38(&5W5?a|%pVP$`U%m;QhX+>=mkmmd_`*ydOSp1N?4w|P_~o| zCgIFYEjPAciTaJ}d3^=Vs-0#hBCRjX|8U+80-CempR+K$J13tRK*< zP;?w!d!6&MY0qB#OYV1*j@OqH*s5c)_zB+44ZZ%5d&^eugPWG+#UF$Gd;ABxZbdCV z9tXK%Stf3B%FXEQE7^3N(idM^iyE`5^yb77#n`t>Z_Z88csWOW3M%Kg&PXBfbt}+= zXZCTpw3@ z2WpMVSC`!L9I$Ple$O!eI^^^143+)<`jrE9FKabS9OEfM7{-?cC4x0|(D;zGK) zdId(1cFg>Av~5aPvyV{LMnjRSdi6twCi+$~?g-0&v%mhmiNVOeCzNVGBCl(0KJKA9H_WHZXp_sYKZ>J96<9%_ZRvr9 zt9y}@Ziw?Hl@poIp!mCPQhVRhl&BcqM>H&h6d!DP$ZW^TQ`j1RWRP0aO%SJH-3imH z_epoY%0(_qYUV`T)Wx6!l5zS74yi+OLq) z+OJ@?%JD#_wO=7XoZ{ro@zCJW5}u44RJ^~RiQ(oxf;`usGIG#){~aNG4#l8j0j1=C zv-_V=a?lm|ABPBw@q(L+3$liw^YbUH;oqBJ{GaR~xJAg}0ufeR5^fQ4co3VgOEE*B zyEHuV)ZjpDLU-ifl?84q5gx1|)KdJ85V#Wor$7N*Ac9zahX}U_IY`BU5%ND_4PjPd zhRZaAyEZ&XL#WmNU54^Uh;V}lD>4bUBMwLwf=8S` z;WeRW%io0vmuUtUB9ztyHm^USHUBS#nBlY|f^}QL2st-!qCRWv6nYr{rwri~A?E_p zpTP(@_u12*kG+K75yI~v3-VlGgq%z8>@)+kcg61z;j$1xWrhdc1-lM2+)jybfe4H5 zg4=!r4@M4l8D_W$5!`T~lpMGc&)$;}0`-!AUx{#37O-vPpF)IXSKy{BAZrNalm37; zgvJ&A9U+4H3>S#7C@;9VRPZ1+p`n<63K1UO0H`eRAU2^vqTeCHZ6yL~@~6Zmv~khz z0O51g1{Wec5dLzF;y*@gLgS(*;`@u(9w~`wyYk0 zkYGs6FcWi6roAatq>p%P?e3PPhC$7vcz@IH=35KP9&tXU*DTuat5tNF2elenR*PS2 zC3w8Y;dlZwUxrKSrMMPe>5je+H(Ik>!w=pX3gV6Hxe%4zs3sb}lp!L?7`|xh?0#FL z(&dL&f}dn7FaLWK;%BUe^Nsuq``^5bAP8-)$Ovt`bPd6I3x){z7wSBtbzMWBA5hbgvxVkLgSt)JQMrGH!arftv{-};?FT=Yb<-NO109ztHHC+ zxXJ7jk8}8?%51-;E2Wsejf%fPEs5WzxAMHSJ5?H2 z`I$z{JIr8A>nm~PE{TCr#&8nO$19};Ja<#M{3MIr_&x-v)#56=zbm=jKi#9{oNkN# zje9iRrjXUWQp|w;kR8uW=jX#ie%F#a^~P4j*_ChK+S+}d*XST0xAo~Iv@zle8nKHu ze)*bWSheQS&5u783p1)m`!DI}dIjX%wtxBVX`)e07bC((gZC)pv$v$Cmt>V4?#MMs$*}TrG-em; zz5r(;7cy@_dXn<1ew9kaM=mSHD*9`cdTR|&>Pc@B4N~Bf*?LEi$2yr#F(aqeGc11P zRg}ltua&ELIOl^duPPVZnZLpD-57Jw^uFm7?qV+Wj};?fKCk`Mo59IE(sMCYMd*|* z{-WC{bd`+LmT7bLu{{PlrgG6}lJXs>dT3Fr1&kQDOq5&3wRNK?MSGa98hW&erJM-+ z^N7|1Q9QnoMmBf_RuY;M1@jQwA#eXQ^_31BkLvD!i>aW6KmTCML(aU3oDPB=6*u@@ zhPDe?F!SDEq@;+pGZ9o6lx**VPto)=Bi{MtG&s2v4D(>qE4bGQCZ9OZ=7T zfZmE!x$Z`LjgI`$ps)Kr4gwn*radb@Q6P%D?w#qvwnJXbH6gp%Qh)lCs3McWG5zO8 zc59aJZ`zYOe330qOEj`C-s@MGzz^x%aA0z%rNyJ%`i|gJhTZIc?MdepC2Kil@l%squP;(Lbw!%RsTOfuJ-iX^LVg^#ngIwh~WaVSl5PbC2ouD-D^n zVBROOICl6{gWt!i-_8xE?j$M~VoBC0F*hnb_WOySOXcr0JK##j>7YJLYx1Ktg6jH^ zkay8lLHVn@N^#@KFAEET9{VIdwd^X_=ZdOSay{8_1F^8rR zzNUSMO3XN2D~ZW2tpf3lEp^4Ub`P3_bsnU2JymDAUaw31*_jiA^1eqX*61Sx~0%jB?#dDJmfX@ zv4kJs1B*;v>%vxSTPzt462kdr&H0H}KTr`@htQjKhqw2d8MZ&zxi2>t1}r-ExGJN* zHfnX@_U`+fS#0U0M?aBqnCs_-e$#T1jp(Nw@&)YD*24M&exB+*b>314Mdegs|d*@DU=o65#?7)G|RdI|;sIJC6D zf1MN*0{#W;F1#njgv7*vNQR83+cix$GdC+L5fLhmYnnjfA9%|P{4Vr!>09=@E;M}O$ZJr z@Qp|PF<3Y?XvP%q%G-8(hDG5M%`;?H{o12@9wG{fYh&TVg#&MBa3Ec@UI(7rJ|3!t z@gc*Htpk)*8KpKfsxKa{=rX0SBID3_^8MuW@*E-7;T_7hROa>C`9vAe?7$$?+pke& z!`n_t7zxyRw0cd*xc11{XdyMkK9eYMf9q~-Iox%-jwbxcvVN@+N5Kt_sA9;z^E`xzxxz5Qx>JgU26tp0FE~J)Fwr~BN!c&|XB%>SC zJV{OukYbHqZX#^&4mO;N(EbrB>eHU+JcrLHg;dwk>xy#?S0$+Q(<@H57p{gkt5BOR z}bzY%&rL0=&A9L(%!jb1-&3#Zzl)ifjwcaFxto%Vv?OQ9=2%> zmaAhz{k$kumqHhfo3sZf_4H=z-7P#7u^J8VzP^(xtK=jn46nG!{-Nph`Iyl%m$B4I zT|6K48q=FdJ%|Ty=WZw=#Q#jOpyTCDDeF;+)yJzw+LreSp$yKk0#bS`8|a4JriDqd zJS;e}T5i6n`ldZK@^Sye(D2^E?aVa|4Ex|D45NFEZbp;OCE{MW-fb8sF)+NB&2ejP zTuc!y#+->Ww10XD`HFUkl|oneL42bI=ZkCSAy;{XO)>{cd|j_*y*=tY`aGGN!a=kq z;((!Ra^am=55Z0kVgGrZuG>Sn<`tq1sTrc#S*67`9|!B_r^owuG3{1)9&D)O(U)0~ zo3%|TzuWR*yZOO2RpETYz;G!Qagq3Es%h&(LQ|yBY8jvB(=+eOMuJfW`?fT_KVfFZ zE1ushaJ}Q>D}%^p;eJb`8?RZnVc!21^CdOrO_|HPxk=xV-jJ`nRS2|<(0{Tf_s(tx zYX%cDBz34%_fx5=jRd#dvwTjS3fB;`Ywdh)#MkTQXkrYlF>z2m^~^1lR~~2wwPRlh zV}&rN%laf$`m4m%+oojNQPv}Jdc?Z$}CipP^d_zD4COa%q((E6`AL` z$UJ2zivRn4j&r~F`kvqVf4--;wLWXzyY5+Mc-wbBdq2V63!A=a&`j8T3ipMegStf-fEAvJb5=3>r7e)l$`eer~B+Plq@AL9}{vRV)` zf29ozOSYAwwblzCa1k)KHx}YIEGRK=bm5KN2>H5tyC;G6^{Gq^UlZ=AX|c4h}6vu1^fB2jmObjn1TfL08sWK_Z_50~PY>tfJzRTI4&avP9A-uZjtWQeX*r-Zipq=ohPX`ZWa&DH;T zHuKl*Y=!YFIzrg=q42=3@_{4_$(`2+3sPdcy>)8iEI!McxJ^`2HZgsmnn`5h|Xaz@jqRhs(i!H?YOD%fn2 zdr!2}aO0BHvzm6?tTF!nQVTnH39CkX1>QLlyDW8An`8N^Hph~Zb`h zWx^c}@|qPohorAB9g?hxbljv#@Yk^oSE~aD1-QR@DY5$7Wouii&CgI5Y zEcjmLx2FaPhh!{sw=B~K!J8?8T4VMk9FcVfXA%RC5eMwvBJt3!c@{Br--rua$97qZ zByH&`3CGR18ZT|jWRA$6mB-7WlGzcP;9}evd8PvV1N%Ly;0_~In!AfL*f)(%%G6(=(AWw8M;1v=k z0AB2)1R}ukjCiyNipNj{#bYRf;xQCK@feB#wC&)Rfd}mq83Hem&jwzg9u1@}$S0zB z3`I~ph9W2)Ly>(RL&#AEgrfdliNCWmsLIbkK@3bR!~nDe!7|6E+*oYXQNDP&TH2Q-QLKn7+fi)o@niT_T&=`w|E<1xH_dzT(;F}0b1SG{+ zLUh>~G)ja_M0DvHWGSvFa1RXugaAH+u@e84o$YTp|6LOPBP;v6kq#0=L_jqlEhFG6 ze?ZHKJc|y`n-L9Ge<~vSsvkt>3LI!%2E7>$^i^PNh=+TwKp`SpB3Q_L1++rYo8g!< z?jR$cgO&)HufTw78;A)}K)i_QG9yBzprjZZ;^7@DP>G0^1{M+}f`*6~ z-U#xzVVv?Ilih=>49$K6m4yFFR{o1I24r<)UzdMl3}=Cw$$x|~sJc-pQ05Se{|-6Z zmfl|Yy?Q?LL~SfJcZe&!i~os7#f@yXQ)?ese{RhtB+x%jRV*Y-woJSoe)U_{>z$4H zKJ`oY6+W|5Il2o|CTGL5#=~~0j9~hrHo8R}O?4?>M)O^kzw!2l9SQTj!_mLvE0p~q zQ!D6kg8t^d~09u-oGf7_$#6-8(gKiRtk zQ`M%sbRKWKf3O*>?#z@1rqw&M|5BcCKNp*Q#t%D!^mwM$U}oK|Kw5j3gu9ZztQ^*B z8AsK}=;T(C$4w_ta*x@f4%HNBOwqF5(XNia767GZ} zH(ybS`TJlkL%paHTk*wl%N6Tlg41cH*Vy^=ZPFMX0DwUz?Tp3o$|O8-1B1s2Vp_>z zb_B_pxP*n~=3dVjxvmMha83^`1qi3|rlpi{H z-*o(C+mgJHbNSHX!k)BH*6NvAPOOsnv*VOzD#b2ODH;itaIKb2>6o9ub|-dE#udz{ zw@_T-?&PGNd88#tU92uZ`2NKu{#B0j7$arD%h`-Pk1V(^Nv1|VT5W4HwB@y83OXue zCRQnHge`$vV8~)!%A1PA(vLNLccn+<3cZyw>(&IXRW1E=(a#U;S2CmxN|&Xm>lt22 zY!>nm3a-~=B*WaPEfpMxfBO?z{cvHm7_n0Q7*xDaOerKkoWypM>vq|dhEZ1|@f4S` zg~Do!tLj%a7q&S^r(f?_a&<&a%)c6~^;~<)642C~m#obG+~WSHnN>m^sxF*Up1utg zLt*PvFW-^4wNQjf;vDbpU0C6u<9tGNbq{+&A5X(tE%kQOmHPA1TisUQBFaFdFmu;2m@U;MUVZ9k2n*!I~}4If7)QcKb;Im^qpg>lSj&%CgT z)s(rXj{nXFe+GYdx;RyWqN~*T^-Y3wy<5~z80y$=w-3xeQ&qd7K4q;SKHoMtKNPE0 zTV1ro#p!hJN^P~XlwnEB&WA1@d^Qcq`_;P)K~HOEyfcL;iH>l-s{O*h+}Jg*@|hR! z+OKPsKaWZ=xToAbd7=Kc-tCW!+6(hhr`d9!rnRlwx8~*clQI!E6J&~fRmb-7+`aBg z(Q)bJ+jaiQ!L(!F1>23gh`xA!UQ5_M{n2nIX790^DTM_QJr@;E*XV;l94ppnw=fk( zk7l?TS@Uhhy+RiO-3XW010zMV0UOt23CW343^iDkHoWM&zP%-%9d?K#X6&4>&~pr# zyvaXUyqRW8(UC5y_~IqaXkXD(NDC72eb+OG&N6*)*j&8HPFI|t5V3S zVqEBy&Fp%p7I|Bgf>&_uUd(N=MuJ+d=_(y60v<*ykY@K{rnAIZ^r zpIH&|ZKx2&p5t7Th>nxO8Yti=j(N1h9 zaC*0YhEKkbd<|@vdXJ9V>V1VP>z$~@DsS-f5I<4t*RD=VxABEC&idt!5hM?HR77|X;7BV1P<$~WU_Vyx;-$oK%xjFe=Uaeus+KaZ+_fI(_l~)@-oxKi8}!%raeKNHRBPSq z?+PZJKlvHQF~8qNo_Rf7hrB`9-a7olP}Xf+B|^hwY1&2i(r%K+zpjh3Te`_j>JbrC zS#H@YrUuw8-%zZjqSd=gUia(5;IW_8Z#j~4t3K4+GG?>)ri=QmI~1`~fAjtJ`|2ZO zL`NouW|tq|-kPdp_<7w^)HW?kDe67HsA#0p#gFIOU75Nbxe7Vinb_Hx#I_94KOKCY zPZ9szw&PQo0dcy!jh)RJdB9yZ3EQN*M13!8`>u|B>{J^ommc}iQN-sHjay2(r7a5A zVOOlNSS=9aAMDc8-Hegk+f!h6vQ-z)T*L z6k`d|-IRxBnIRMLUuh`R=q&_9Ysf?3;4(v_M9^0t5%FIq>fcI)sQ!xJf&+H#Kj4Bx zo|}iGM9>l;AcGV6CwDxwpc%N#@H2orgLn^codaWcMpxW~&JrOJ5glj-*{%%-q9z31 z1JLbati(e-SD=s(Etf20=L#G+w!m`*loV4PBEs22^kyhTJk)aq29ies-VDQ>-wK%l z9F7vf4F?ht(VZ)hc{74(4T!=1U_28tX*#Gx$b3Zv;O+*|TToJredW;ZVt}g*5(OY8 z3jtk=7)yxmSb;3(69)2P5WNKn)iIV3-Khf2!3RbU!a$t>0h$4sJH{fSJ60euM8q-! zw=lu|29y+23DGjiLZd{;MEqC2^52X}A<9ns`_4ZwDfoYeNsT!Hm{jy2(D$+Rucyt2?_WaZBrh+tNFSxBE(RtIz;@L zv*_qA8Fa|PEOd;0R1Gv|FA$JO=2yz8^FjOr(?&iCrx6gypiZBcxoe|7eI zT#NSku2MeRqV4#^^;Tui--qG{dW?VGagW9UK)Q)(Dr~`txHT|seL=d zbF$036~7A4*ZD|p>(#Eci=587>;`iFRD-h3mv9Dq;lw;WYnL)coK^A|u8))TaaB^> zNE&yq#~ls%$U#d){Dm;YVwb$CDRZF`wz;`Hc%6-Si|38XMVm{JbPrwaNmL2V8xxyp zEI5gDj!LI}YYAcMJ5ifRZ6`u^?WWo-LgDE+7J)0Y#g}4dHSyx<%-y8vGY6ytC2)+F z-dumfVj9kj%XB@M+tZIs@p!&KNW5n>AKXk#B*xkIl1SgXReB}ddz&6y>~a~3(hVBC zT<^oPagN(IgcH*+o0-b-SMnGo#DosODYZU@zlml4;hZ6mA4}TwF7%O>u^hgKOCwtaC(UDowz(==le&3Wk?|FQYv`pYwFzL8l(nUVYIz#EZ zy?dm%OqOSJ@%zt5Sc`EMJ&UWS)eO7beM)%AykS(wx-`+FYT?e!2DMjJ$NQ&rEBGBL zHVjxIR%c(;)h#Wks^TXcduOI2nMF;d`@v6PrhO$ge-?k4bn|TD~MPe(eix ziYxb=@6TTyxkr7cye#&!b0Joj``y5I*YZwIhf2N2suFYm{h^Y=-rTXdbuzB?{VkX1 zPhCAlvkkc0Ew)o-Ep0EUZwgLdb)128A8cx%Eb!YW^w zzxd^T;l}e`X{M!cm#h*8zOkW&J&WPdl7yJj-tV-QKaTmB;o2~I_$BnMG%e7?1||p& zOjag1x$fQWx*n>*EHv)U8@I`F{)*P#mV(gQCSJ-5`A-xq$MH{=y5@QD5^>UQiHTeXG;(}chTS9ULO!+6ndYRUEFRQBwH<`-` zwx;D-dnJ8koW=+FQ4z^5M_N{C-fsVLHMzs&TE&<7nYC##?#ZXBW9q+fT?L+L=+bmn z<(SpYrZc3&vDpKYCN5`Bs~80scgMf^5B2t<85m zbho&&N@)b|Q{_yU*7EfCv%@6cp6MH>kfkbf2jhJnA8{tDe__6fqixq5j34t#b|ro8 z>i3UZ_w+JSSJnHjoU~|9WRSbv!~M1>+w-s3tlFHwhaQjFMH{jvvcCHBQ)*;5n)9f7 zxn^8tv?N)kbSV4vq20oCNYdPOcI56J)5`DDZ*|-Dj53sB-|ey_aVClV_D$l9akCB8 z_-OOuXWfrSC%o{R1D{?a#3$l9&afRKbSjIo%1}7<=_AqL$u`}NwJH-lm#bQr67jqv zZZeN2U%fW_mPF!9$?wL%mwv%_{j#a_#258B=Z!dSemED$#uHr37NJgb92y{z0V}C+BU& zYk9xZ{O!c8_fGuu-HZWy|MNc#g1qU2(3W;r44v+_4R<#nNZY6J z`WGmLni(X5ni(X5ni(X5;M@j5A=JzuFz-M@NT``XAj85w1caIyB!Ze5B!Ze5B!Ze5 z1kz&d{~m=-?GIZ50!ZYe0W1kYlm`A;6rmZI<{*EDA~X|05t@mh2+c%*q+|a($VY<@ zLV;@ggl1rb3MD9omU}%Ci8#5BPN2LdL9y*4bT!1L}EaF z^ACu`keltnb%rdNhXV0I90CU=gvOmgON2y3biHPf?b;wH1wsLT0!ksy&4WsWWSODD zq|h_ZL*^?`z-EWbJP*NuA`$e|^N=VJ^c6@%L|5R1tON^={Q-CFKNwJi3>y#n3N#xI z=q!i{MIb5#h>B_a@NeSZzfo|A;s+QI+#(BGztdhV-@kFVeCSFj= ziwI`wkS9@tkrp5B{Mu<-;Nw<)!VU}8?h|%riILceb+WDbxqe&3=iGBU&i=3N?0AB3 z-f;z|B=cNC$%o?uUoF?y^M$h=lV$4ST-VpX>HAkZUHalr7Z||*;b_f3E$7|Gqt@@f zT78t$`zHT3pfCGForaBm`IJ~?b5q>M?6}qz`?ydXsV%Yr3;C0I(dE-pD$%ch%babX zF|lrmRPwz2=~^!3dJdCM^q$mDn%_}h^CmlK?>)vZtve&;{Zvx3gUX#PzHjR1Mz-b8 zuk~Cw_kDSDqc(-+^!j^mzHZt2)|GCF<@bdF%g=$(olK$QECrXH^D0iB?a{zlU`|Y) zv!hX$w*YmS1TAxTTuj$vU`|X*i=sipee2#M0(?|PE9Uekk_L1Ub7F=cX7P}2B@D2X z5!P8aR>souj-_;2S(KB0U{QXrIPf#O!mE;c*}Kam<%odQ2AqQ0n$8M0RM)fCtjap{ z3@|5#HO0@p%x7uhp;T_JM7{gjDJ*bKj1ZpPL%$EA(p|uu7*BcFEUz@Ll>loQ&%L3= zW+69`PpPub+j>7}ow#ZA{Yr~WZH$IG@&<$iCh)Z*EjXwEU` z^bb8+poObFc&V$u@U`J%kf~Y8>xNm*lPUoscYedn^5d#ox$B3Toou5BnL^9Ha@?@6 zY_R$({abcTO`_oPq@jU|ix(x#?`QkiZ8F&&87{l;5lb;uM++v;^qiQ!nt66aO@G1F zMM`k51soH@^lH&$aO@Vtv4)NK9mVC$j+50#B_Z>z5d}tNObO% zrLvowmQq%#QJlw(9`riOI1Ci>*5F_{ZQo?-s)>O|(YnXKHk1)k^Hm)8xVOqJ^nDA9 zO8P}l&!g)45^)}eH8b3s)Dp5QB&KiDE8Szve!emg*$ioQKA}|=5r%8UeN3Y%@_TZt zcL%R0wk~rhPa() zXJVbTIvuF+)eIXkBu3+-yxi9rRS8e8HO3P9xm2QKrA4>StxUiwzO||ys|2RRR5#EI z<~u#dkt>7|YT1#CiiMr+? zsz<_<5*Gr@AFU2A9@&8rPWux2Y$*Bf!nkLp2z_wz9XBXtocuNx%U~;#yY?Z|cv-FO?b{$$e04d>s!S z%(^J1TbJuu$$59l=yR6wyf;8{#^7TnH`FP&UM0Xn8|Jfn>bL6RvJ;OYH4*MMqtxc! zox#B|<`eHShQ5cc3BNf)`DiU7)Hw#Ph(0XECy1D)#Ea$UVhZgtfo3SCLw4=8?qIK`Qs4P}5C@Wa}bZF)Qk1 z5p{!Jr1gsCOA5)NKzEtG6wbHndNJQW7BzpkNcbaTZVLMx*>kGjAJxLibl=uD0oELY|(`SF$HfZ71KB#7J-{NHAVt~gmMW<&a_o9kjrEJ#A!6#)JrOJy8 zq6U#i1&j-?dU(HOdE7)EW~|x!2G*eu^!eOt#G^uIp4M!ZT20X4ViekF*i)s((Bmg=o0_-&9Ru@ zkr||1mt~T1%nSX7=R>-)3%^$`Q@P{`a*G{XSB*c;Js&p}%QnjTx@cYA(Zq7NGEkb+ zq_Tm@M0&T6P9u9N^6n8VeTGhdbPx|>rpn(3`F{@a!1nph{@Hf~-mXL7F@iETZa4v; zk1+`QAgR)T7szre@B-B?1l;~bq9&+OEh0dneE%I3*0VpV1prh~vsy$@vsyrs4&=A@ zXSD#|K|LBs1@=Ee22H?6$VY<@+J80-#T^GjamT?>+;K1zcN`4G9S7UzjuVFMQ^%13 zulAn}LvhE!P~36gJY2-zhoQLRU?}c5*gkihFl?VX4r=ZhWNs4OrO`1M&roB|O|*Pz)Re0NAJ)=A!^a5Z-fW%Pa=mPy};9P*RMQ zc(}PBBqAPaE(jt*;4UEs{EM*?4>cD=%)kK*@lUWT#1?(f5TQx=!E_Z85z*BcAt^o~ zfFa`X+_m8V zT8r^IqdQn2vqU&JtN^e?IOf9&L=d6V;V2QbL`XzLcd$TK!GnQRN5GB^{{yO{!{gsY zl#;>09>6-mFdyuJjDinmnIRGp8J`~%5i(za0Uha}ufTxTG7P;LnK&Gj5SpV8^c6@% zM2B5LwrhjQ2Dod3y9UNeM0c)0qeRdW!7F{Bvw)&vEF$`Z1)2Z-@hvRy3KeLH;GIK^ zB}8|wK%+#^5+M;09e4%Vt_`wTg1a_IG=Z@a(VZ)hY&Zx*1j-BuLj)wnSVDC93N*_M znTUs$uz-dLcFcjk0uBkoREcQ$ccD=tWFn$ZSRks92!nnC?ApNi1I(3(?p%RJiJ&Ed znKQ6ygOXyr%;?S)NW2+bWpH>bV26O57|Vz5P=Q8+5DECNGv&V+cF#YhR>mhSMb+fkI*|BfbJNK!3Ls@K4KIW~CSgz0rPTRCrAjK|KhLP+7~ z7{1lBsug@hYvIr2mA)#ho%)#^cRq)w1uyH#)%}56G2zkWBF=RFRz0%|voa0_BbS0B zN;Vc|1>ccuCcUKL5L9W&^a;9wht+!$Tawm%dnwx^F;Au? zR!wA*)}cxcoa~IY;F8q~8dX-%tC5{Def!B`>?$LC;Hv7ABSjuJ%w6K>I31qQvY+`} zkAK#4Wm^0qzAurdS2Gp604^CDr?I}%Mqyo9j+wo~S4+cJFPKC-l1HzEIN)g zmEM@mix%6%PZv+!=5znYK1UkyCoW%PGXN+!m{)FtMt=O*3%}gDF|u=TYwDucGXkM% zFK!MkB+AT+E~e&%nkb&Z^C6_j$;dofb5dQ+B*v{MoNe1szgKnn>CpO6f3}aEJGok7kJYE00NVdxn!>-8V5; zH1Vt?8I*h2(TBIXlAkF0{_?A1{gzmsY{#=C#qr)U1Yb{M3Na#MczmBs(IC8ryl#Ef zNiHlEUoOU*lwBo*OS(ae$L@W2D%){Sg>W1isa$c&k5VcTP4)8U!vZ2Dtzn!*Qp3FX zcjlu@6_hkeD!4jvl|zzJtz7+s7>z{#DveFBKYdE8VYFNmHI~f4Mq-+U0r$>^v>c>d3&3y7xrK zFhiNZ(cq97xkPp$t=hAG@62`y@tGc-ZRTh`AH%K}-ftmb9-5)x(Vf!1!qqTp!(N)~ z;j>^>Wb0&Bb7SC}$ClCXjqkE-k+bu!H0!2kOx3W}67qamhAxi9_jkt^d$s=sSGdrs z-oLgGSyL4zXpYk`1+#DUpYxx+o%o?fBel{&E96+Pf#GSrP19&iVp;avW-s~d`8X(h zTCc2LSmYaOuz#K%MClYiH9q{z#KKEZpHZ&~_U0JhOpA~28v8VnXyob_x=yPGjq@Yt z-OhOVmYlIS9CB=XWs-C^$&uZ2r`#cjwVd?_7CBL5O{;Oycg5OJ+~m9Vf!W zZE5tFR4zbQckr{Nadb~L*BB9gP?M|wX%cYhuV?IUf*WM zt%~m1RV_MFwzEl{_)Q;I&D=C*mc*-Pe$O_jMOD5s4m>32NE6IeEBR*#Nz5FccTzKlzo`_L)KzJh!QLB$5NvcXU!j<9_aN8lag zqk#vZNE~4(5=Za`<^Jzck4BL=g0q*AAMKMk0{`P+oC=aK!cZiRFcgU+3`ODyLyH*_bRgXTJI=r+La;Xuz^$%5ZH@>O*DY>f{kaGE;GW14@Ze$Xb*{q=&~co zsxgR$Gaz^SgN8HYws%m8kogLtn+v!F`v(J?V2J(rP$UFb84h5A;7tor%-cVZ=fwY( z5TZH)*yV%3>@XifgFL_vN(kM40|%QcfGrUe6=QEkS9F8K5E07^_5}dafs$e@A-ZD) z8YMy{A|e_&xXzI6H;67DV7~!drZ80^B1}3cAtcKT9(*t$asUkxloVqL54Yw9iHPWq z6-bl_8X_3ng1!Pqn;0wcaLaCxi1@F<+ut|%AlkLT3z$gE4)Zt`kt7`S6=*gb&{+^H zh=8;F0ShA7;c`f!HfV_m7DVv)!~D7m43SqIjuIgg5#7N8*{%)FN=9OKnD2>)OAHGR zkw#*6m>n-;)eaU^C3RBSLk z`VfVf!%-r*YYPMS;1Qr5AS%WpqPrvjnI(ep7ifr>k48n7t`0|s;HC|Qg#Suc{{LY+ z9UUOg6x}aP3hL+p$FJyqSyD<0sL;uKxhrV9Te#b>NJ_E@Drf_C2oj8dbw9-Ca!!s; zuG-EPR>&{NxdGvY=zf6{`~vu|%?)c%XF!?o9|y|cNSzo^c>Rx%I@4!eV$^p&=e4J_ zQd-{oK3Y6Awxz7^xnNC|M>m7lZxK|I%=>e0X4LJ; ztEnOd?>3@SKc^lE$0&py)gpQAh*&Z9OseM38U#N@WboN9T;)tX86Sjk@R871m>SJh z&T+x#Giv+>x3C*0Tr$%KYGtPV9IF+XUVO8P=i#Gmv0D2@V;B^ya$$n4mPswzDE-W2 zKy%y@6Y&7yU?UuXL;5#?AOz+O4mpZQ0LIe>|vFPXEW9 z$$^QwqbFx0#EF6ggyA*I=br>sKJEK_Mbu@$-c-!y*YD-Azk6jAzJU@n(=e|>w z%pJp_45<9BUs}etF@0)xO{{8&Q+V8k3x5)RBjLjF^=o<9B%eY~+E;1N@aJnZS(j90 zhN!=3dJ(x7^bY8`)cF{fJsIRY?vuZ1K|F<{UsS~@Z$O8Wv^JD^h*@5@MltcAG-`S!nOdX==qv&dD7w-iuO5Yg=S zl25b7r$1v!7GJ{d`JTc}826L88_efS-ttteZufi1;qXW&^fv5p%n6>AaKbOrR_oPQ z!@68Yj&+>S*;WCI>Vs8QWSZ>>p+u&%9(|g&B9<5G^g*q{3z9ZMJ#W&NzEY($>xtHv z>9)E)W+*o*bt37))?Hx{pG(`$^tnc^waeV(E=w4v$2ULCaBJlBOTNr=#gRjpHyG#~pf^QCy!dK`c%sFs#A?x4WgYL)wmxnDZ)WnJan@a= z#D@^G-Pu&#F}f zCA;VG-1yJ(oe(9UYTfWNQ>!=mF7bT+GkdDGP~UrkxOns2z^TacE|I=5@)4rzlEJFu z64jk-Wtz45`?v+qg6Jej9| zXxt#{*^*i(u$=z#*Qa|YPv?t>huA(du{*i29A@%ku?2tdq1q&E?oa-jJgEo9YV`pj zCwl^1okJ}nh^A^%LS;qFN-9dFc*JzdB$(4rizH>wT0}C-i}JF#?9u5-S&{W z;x*B8G9t%s+YUGlJ_&hNl=28>f4X0jz}jkgafXbVzmYr6=E)j2X{-5P%VgI|4TclU zP7DuIySi-BzA`*gjz79HhSi!7`yL$t_-{J!|3^0@c!Ghr-ai4rzsW8Chwu`HXstW| z00OtykODa}-5}2}6-#!uH89g<&Wz zOc;s_69#}+$iIr>!UQWli2n)T+bEO|MTQC6C&Ltmp|~(%C@xGGiVG8l;=+XOb72A! zp~x^{Koo=gYvQO!qqs1^+86SpeS%OhN`w*sM5y;*a0Xer3IQo5?4KOz&<@l=plg55 zIEggKgF1w+v;zTeC(>08iU?Vf06||N(uWU92#pfKECCV`(Pvr^6&b;XLa@mA2d$6D zZSQcD2s#S{jfKb!`Jjl9St0^O1u~{TK~WJ0#X$+7vqUIFL`!}O*|iNYR|T(ahyvwS zOsf)zv-O}7Az5aGA%Zs!fW-d~XgiUI{y_<$S!T#YJXB~14y+LZMg<}gjF%Z*1rHh} zg1a^(BBFzaAd7I|z>bY*eFV^2jFpJ~T!G+r4rquV7bXbp`~htzGUPqzE0B0IxXK_l z30~U(V*reG_^%Qk}Y7%%go9V-Y!1R+WgiN<`WAu>lk zoMnbgM0CdrWLu&zPzgZbF2Ge>jF%bRu>zg1Kq4ag8wU_&Q~-8@1OS1{(-bPzx)^$05U{;aP%ucWN!Zr=@bV%)e!i3f~1wqad zi_mif)Y)c_%zmvDnO~XfC>xh&wFqq>ygN{9d-t(#>*zO-k#$PmljuT`$OGx99Ji0x zJrlx2V+_3uQ!~5;h`ol%te-_N=L)*D-ic;Yue{%ILf`pmnnwD7`-f|}`Rm#A#L;_V zJ4e4qMgD`4^;W!yrZClIHew)YV&R|I zV<@+bwEJV{Yw=Ra=c|RL8e6>!O|EUuk?UBvek4dXB!0nOSZ=YiDanmbFgQJYuT7sOf%ltTumS z_;qW{l|)RCtaD#2jfbD=bkgV$FyGvjCA*?wyHw)r32%1rz7Gs9Sl>ou|_ zE~b}SU=xvaFy&vHHZo}JyIg4)_I9w%Biub8HOwCCF56u~KZ2}BC8q~!rN2I3JR|n= z$Gwb*ZWfuzC2efa0U;i&1nXz%WX|_&(rZIbWZ$EXqhp@DSE6%;Eb;6M{jks!j|&Qn zf*Laf&c&<5zuO8<{C@X^?)UFsmX70{6ccp!lYX0z`CoZEznXhaCMM8VBs_4vL;daj znbTyCPE`mv45z;S>kCEPQILZ4zGg*Q7(C($*^!bR9))`R%-j#t*FznjhQSROH599u z9?Uk`SHUj%H*ej#81BP8Ott6uox;)li1$U@Y^Rd}3comf{yH~MZv6!>@bPQ${)<6R zSu5WL3l|pz!v}{SKRU%xMy3(h+gP^jtwfpZHy55>d-ygYREAj>S3OvUS=6JQl}s~# zZ&%Dqog;Hiksw+_(=UYMTvq_AyhmIz5qsgi2bvFVBiuDZ?(LiKz)RO7xv*{n&idgu z!&jDh<1(XbLjs*lXG3yQPu0CA61=7pVWSYD%Sdf}X*T4_9d2p~&W=pS?X;rL>9*G% z;+!PafA*jznu~PsJXsHI^;=nKk|SlXp}t*TcvkydqHXIWP2Xc2)16VD{aBH)sy!MCFr_dG6S(_T1>vpIW&)T^oAw023$om11@jD(m`yB|&` zRFZWjBDue0@-LT^GgEQvQQsH(=&47Vu5`EdkTYq6AnEIHzh;QocZyNByzC`0Ajid-hPR6Zhze z?<2+9b6WwP^6Ym9A|>?PURph~nt!%nF)r!(-u6WN?O)P5>h{q$3MDeko9@alT71ti z_li(`{2N>08yUnxhIyLoQ7iH{2BQB|*8q^wteWna+fCGMr6 zpbtl`$^~{3E^ZBJB#lQ)4zx377;b78h5PTYe&REKdABfW(ekX{m5|yg7N2`hB}X5= zkKbd$DtKyHj1H4T5UBng5dG(vBpk&r`j4hW_}{Fp|HIGLN>%Z$ooRTM<{R*s6p&M2#iS)-`NLN zh2bb-Ryc~76^YbY^EgnIv8zx{9#vJ4suOcJr~2PK3g;yCL+43B4oQZi1dMV&p*K=5ohZ`B|@^y2t$MblSHtwACwT9Wrj>d zbX7%2ln5Fk9Ka$Gm?RKKVOp|7#7T#vM94%$S5<^;*MDX46$nx)&=5rc%o)5%A_82z##lmh=L#g=4DN^^CJEjo z5yl)gMb%B#|YegCat=%zutaB5PL%C4@$a2up-Q z#DASD|6Q0QvM#!>zyHA`fkWUw!X$@o42x0T83Qp%Yx-3+f@Zlwq7Z7Ce8p0A)std{ zFC6V1MxsVOj@=BBYZ;8!P4k>+yyWM_P0ro+eB!KvAlnLYihw$ZQJh#`?6 zB*_CnlGj~9NKzeuBs~g~Gi*RelES(ug!zU55|Z4x?;6Zo)~v;)?I`sPu5aMeOV07} zuHi4gpUNNfU9N@Jruz?>pD?acex4Ca#Q8L5Zf#*M)$-@$M|Pb1-l!pwVmDuNZ^e8> z4T-cOyiBGb3=WA@Ts;v642hhw!T))~*>SL4SAaTIf`&QVDC*6&tkJpKK1=_~jyPoqd@6YLwAIlnowLLSFR z!YkQ#gV2fS4r|UsFNdVu0wE^akbJvbDc_dY%w7C${c%t7*tXlbi5_*kkdF(_fBV@j zEmCA6J4_;Pp-mkB4JUp2g_u$>?`6qL1r+oRIoDp8ZI%z_Z{>}OE?9Qe@T-ac)B#vC zXO~y~dRiX5I9HYP>xO=Cd%;5$!%14sQLpU&wMRYr-`2lc-KHB&J9C>>!jDM0s&t1o zXk=RIdd)T-6PBi->C61EyLH@K702vfC+&rr`qnBxG}C|2Oz2)w9sCr&VOlZ!bUAvx z>aiuPY>HB&W0I^PZGfiLB7X9Y(usCszH66LAB1U*T+Fk;cjpnhubWW6_&!Ki4lju* z$cXH;$bB*rMT3V+_f%nh??tL@2N!+ZdpvU=q@H5Gql5c{>ZcqQ+`uOLdwRrxP)zckU}ZK?A?v}4tM}f>KVwAZ zR=kQ6cmq#?F|U33HowAMw_nM-XWt!XEL*qw(O^C!)W7F{W$D4`9*Ul44A=7ME_rF4 zs?(A5>CBsw=&yaUmP(-0IC@$=^PQ%;J@b>(OiA>E*Oo4MYmt$R>*_UVF~M43iB3Edh_#-PbrDI7kRCxj#!@ezf!9^qnV&XxAINx{OpbMW__n;3ft8Q z3d5zgTW(PPPQB-HvCk$aem&CbmkjLKYUF^akn+3rr_JPY2$)!S;mrZu>IGnBT28J4*7s=!8)*87or z$K{Hfxi+6}R9Mo@7wHCH1R&7g^m}jJJc^9^vdykU7`Cx|@p0I|9^1}`UnB_IvJD90 z`dX;TEULT12_m4YL0)nVncx3~fNl(?ko^w=x^o{uKy$(aqpwFH5KyK}3Ad6?Pt(*} zuGGd#3jTpqW}O*qAD>WXz2$lv(n<4fTZ_x{aNm38I{_ra`t>YJz%U3{x?&e4&uni(uJ zKk9xa>_PnAE!*12iDOt@A(b+W1P#QEaS}Z*47*>@`M*!67W-URY`x>3!WCjlqIROx zU;DbEnSj{h(4_lCny)*F-LVU?e8V9#Ww^h51FW`rv~uS;i7rMyp2}3KpZ0qnE_JW% zL`UrDvl_zo8ua>&iMqTuI8qBZ-WGlwN~@yBB0L$N6LJentak66%n=nklgs?Z*E_w< z>Q@U%d+3xss7Tl;vRhq$L$+*}1mr#zg|{Qh2O@LHzV@h?~a&$=#_e)F!27FqeG|$ z!+AWf8^StxShO=bTr9ydrPvJPRXzq+>GTFObeQn#(; zr%!2{9v2Tz#jvetN-;cFB)1y*-eJ6sy5vaBN`YIj+pKEcZBhOfFTh*m0%m> z|FlNJ_uC-<$&CuuP>?ttiX;_|B1wg#NK)aztu5qtP$a2v6iF%^2=(?szkO~3VK|B; z6^$UlN2Nrj_GQsF3)R5*$x6^)c*5cDJ>{rjMV&?pg1V;~U` zU5OF0gc<^f61gQFjuJsjgaD#MZq^4ygv=5lfGFXJL*$@@&{-lRBBH~tAS>WO08t{( z-GfSmWSJ3$_~#HMG9Wl8AvDVjnTUs4V}t;rM8;5uqeKKS^yerl{Qtr2ij3?27#M;8 zqC|$BhoeN$5}|-75%KUr5g~DB#4UgU}>` z2N`olZe(VEI7$R95rLwD-KT$mq9SSz2StR$ok2@Ppr}Au;!jXiL^0%`gwVJ%WFmq# zcThygC`yFEhJ1uIVt#)JEw?Kq%M2Q#FmQ_<(b)+|is^=fC~O_nAvDVjnTY7_L_nfM z&=5hi9Ne{qG4J372fP1oLxe_&kco&cVSy~d0q#P80gf={!`b2gX8HRsL!$plVfQx@ z4OWN$BP3c?on4%=`g7h&fkfx=yLYoA<@|JuHH&5A+qmQFh2ZgqGDUGgw}0*Eln<+Z z#u|cS2ii~`Y4jZU;6O)S()syLpB-^Rw9`)F~ zLv*2)_3Y+fkW!FFTtqjcP3Igub=K z^7}@B<>#OXz|h>~SX{>e7&>p7GO)ph>}RfvV`aN8w`i(F40gB?Kb`S6a}lSk=k9R| z4JHpw&T&5e+9CXdxW0E|!Ts%(k&Gv=-BSMqH&FYy$rm)vWu@Tw;tD+(=k4k0N>^j|L{U>@fUD%;+baQw_o zfyJ7N7r-HHg`;yFD=sGZQbU~H8lQC5F`zN_W!<8>^)ZEJ_K7pCL?aV9k<$z-n@iI@Nq5qH~##%o6)yWKd}>i z$MEJ@bo7vGF69TwovRh*ch(BngKkER*+xC84*BtdgV~}hv?+wY&A`n=4c0VUxx$|| z5&st!r~L7RntK*^y_z57Nnzu%WZKP9dH$jpUL)X5@+9~n_;v%Em-R??0E}|xmroHJ z{iLbytkNfe|EL0C3ky1&R7rZZIn z?AgpzgkOZa>C2unaqzKBu=rq!<(P;^|19ae(VLR@b_ShMxY^)|a=G6_pXYy1s9}DiDMU zTKVrbW0^miyz_cjGMWFE=)ik1iL!-Z_Q2M#8!kblr>tBSNww|1kzOnIX7H9D+_W(* zE!~mRCaoS0Hw&Ajo_eXa+UV48Q^8{R_}5oQ-+MJ(ZNBBUR|MMhR3d+A?wc;e-Z%c{@u z>W(rqtT?k@3u;fvz!t8MK6WDZay1uXYf`Lk_9$_Y?#*SC#{xGdZxQ1xlg}q%c1pn) zIfMCzS0XNndV5A1RrU5r%xerA`FjN!+YO3JvR51X;##lmh#W3i=G@$JU$wB%D zIz$JuKof6+%Pb1kwt)m+6!Q)tr0X8qGK=o>DuR+?yv&E2v_K-_p(ZWhbPZ&`ALe}- zXjxJr+i$=jlL$iuB*k=@5y!(pLxj**pb!x~dJjQM0k|cC=PIJh3OMO7RwB9vA!w8c znTY6$VUX?GU_$_+-w)UxF;*hFa|IeDg1a^hV5J0|1r!xy5z!qikhn9r%pjKs0wBPg zKNF6K+YZN_ArleZ!2(&S31o6bfN7XBxgsOogGz*CnGuEv&cg)z{QyZZHAJ*DsSx@K z6e9kM&TjvHA|y%#4N(Nh9Y9|Z0f-YYRwBA{1sWwnCL+3n1+raR1gLEzz_dT8Z6gxB zgT4Zd5CEK(H$(%St3AFgs?M5h?XZ65+#C$C=5`7fxaRP zP?}-7%>N&AUmaJ~+NMpHlt_0-2uQO@k&x~N3F(rSEPRemoDK z_G)iOc~U{wl%@iOnOXH7N=R{sO6zdP=BFh6IcY;Y0#VUlQu2_Z;gGij(gabrba^siJ8lt65&Fj z7aT+A(JP5!dJcFt(M9vMB?|tCl_`0&t6w{fQ7WwOYa&Pyb13fi1%B&V2!b2g;M*bP zHoVneY@TARp8r|^3E|7Y!DmV5+K%CZ&t=z<+wqs<#@QB>v;lBB3{5g@2%SQgV zSiDs7GsXr>M}((pO{U&mO5BStsI+v_;2#aBTI7pXJ^a>u zqj}Grafip`laXox>AI>gQZ6|Of+wO(;r)>H*ds+DF7G3{Yy{cy@5h_@y`C*zupCnoWI(+n%@PcpeF*170oCqJF)sfVmw%c>K+LbjZ|-Rh{&_2V*J zd8Syu$)iObFM65f5;|tr4fhla&hT~nl%CkDLW;@` z(_z{A)N$UIM@452B9QW8u<>kFzM<@u!r2jN=O~C_(FS_=%EC}t2`QUA8F3dvbSW3bU}FDtw00eI1>7br zZyP;p8KT?{o3C4eSTZ{0erV0MMW3wA_82Y%o6#|2s61O`nhP_2o>FH1ggYuY;?1jj zH{0(s=on(6&I;qIy}?Cmh+3H@f4OSFx9^pR^wdXN(o0k}E765NZEBkNesSkZ58>hV z)z-k8sPBecZ4t84YHpicI^PJ#0v-gD&mW}ZRHL_|jaJ#0eHBIjW>eSfx8;MX?h#Ga z?EZ$9C>Wa%#peK)t4e%{ZvZx^LO(Zms%M z2KlSbpX-rp)0RlhOv{ftUokWb-w!doR+x1Zlej@l>Xk=NS$`3$VK6qpRN_dbF~PH1 zbo}vhBHnhjsBa7K;6RAsJ5fL6aB_}ZP0J_^OxYhayB!=x zH)zDZ;fy|r<;i&dw&*~dF|XBxipB+x*Y<9i0B&tTFPjZg-AY=GYIH+ToHt5zgI{TM zLpe&f(G64fC#HTHrgvxRcqh?wl4DJGl!y^=MUt1XCr1`L21am77O0~eYAWfjLAJh- z{rudf>KHy1A3dno%v+g5y61xV8FOjBA5Pej%Kt3J>sLw4f1mN5l$$LS7dSmbwCIqMe zKJOr&DGv&hX@)LD;9vj)M-b_`5uTMxgUvL<4B{^_53JLDyeA|LSb}%%K|Cv$2Ae?y z_XT&~)5R{4oJd<-H{Cj2voMy14G?W1Wpq?AzS!M-h(+u|725mEl z^qdHf{m9?F2iToAFoAfMU4hwo!wnQVL8&-k&zyS@|C(8WE<~^-3$V=~(sLvHdu9b@ z5YI9zFxx9!0DA-_K!D3G=N`nf%nI!G3QQoLZC79vQE>s0C6tN-Bzw+1h-cXq*bE}L z5B!9U{z5ZD_$0NX4C>6h6*w{EiSN z(+pjRf8Me1IPLN~LKyB9SU~*6u>9X*k&Y91C*$`Iiv$5qhkuJjQgj%T!fja8UW#LV zg0=0(2MI`=0GSPPkQ(wENB}iC3WK=Mux?n>$5oMN_nTvnVK3>qT9~ktqm7o+II=l^@ES zRi_?UeEU{ko_3F>VgJJ}PI5!;5W1Tn8my1+Cbyb@ zX2$;@=S}RY%rsDT`K?^W)sM^;_ip)cK1M6?i0#>H3I-az9hFPHvGT#INEe3eYh%FbWrNb_38llp0`okI!1RNOO^=1R0e#3!^K%-%g2N1YFy zKI1WpOC@j0Z+~iGM3GM_JqjVg9}vAL8Iae!h;e~5GblxVKRb9^;v&&FPpT$yL-r$= zmwmxOq0~6jG%srPF(*5D?xP?>RHm@)t`KPZS5@ju6bLrwiD16O07NvEJxa%kKdH5h zK}9s*>$s@sD62f*6zZg`t0-a{8GCi-RV0&-HVgL+jm@wK`0RUC!8AzaCU0j_IMk7f zqcR5%*dltJ;f++#F@wA9tMUbch;J+6;!wTkkxHJ|LeRr(BJ}5SsSL*6Myev6x68}Y zSE0Nh^zouPIUHGRIqo$p`xM>Ew=NBF!S}Y8pLRrkMYw6_is*}0LjSRv99zy-7V%41 zsr-eGN7XAHV%(&FzGG5mqVYUkOzv|U)w(ig9@h1upvRJvw0cW)2!~(RZtM3mo++C9h|utBpVMQ@{z9+rRU3OG0F``XgR7qn#~5Gm&Iy zFoO?y<}HYF`H|w*o%_-6wD7C4ImC>IT2YEk5eZ&sQnxyAVHl`c?M---+BE{n_(RiF z$~r?$y9YmxE^ZU#8yv=rvltxFN3NUAelXi>;5Ld2^ziOC(9B z@rQ^3TWQ~1`~wM^xdb69A8*}TT#7@Zpbg%5ItJsVL@x( zb)O81B|*IWIp(6csj$0=%UH=~)g)a|TPe~OzO6(|RxmxpbB0UagQ=+nkLd( zP3_zPdhJysHDRDppkfkt=v3y=ZeK~MWJ*y+4pzLfBn&p&OAg5%xykvZTD`|ca?hh- zp^>nFuGr}Mp(cxBm2&S7NtSWKu4NT@c8^Sh*$Qh1t4Pz*(QNy{a(d1UUD6z4+Jk%5 zmt~ib2i!Oh*r`=D zMC#Gy>2_V2N_Tlu>}LdZ90Aculdo46q5|$)ylNg|`nu^V?9uwDZ&Ns{66KD!V&}o! z+z-F#(b}b|@lP3v@3RzBc$8TDv2U8B4d-s_%Xq*oKo)G{_JkdG4Enr;9{9-`@wG1T z8N4v%)E01qYzbLYps<`4POm<&XQa_D<6JnpK*zS7K}T6ZEU%)YvwhKo)pg4LofUQ)zw0Uu z=Y-V;`}eKct{PumrXNce?Qh+~s8yBbar`Oa|H@`F;mZQ!J^sP(k(u{he%|71?o?(Z zhUd!MeeNI{po}$GX~gQ)RqSMezOZ5b(#!Q`PNV>hZ&Zm2~`1RFdv1Y1)it zTf=wlwuDN&*$J;Nxn?t3u4aWFlE6K|uPHc#`T{RU{7e1z|A6{Bk%jz)`U2c4kRJM1 z8BJcOPAAA6o$6_VwFk!}(y5*%@2Q?9@2Q?9@2Q?9?}?r!Kr{hv`tjFJ^)z`;^)z`; z^)z`;^)z{bOPc=p0$|wT+@Z1Q`N(sVd5TPp(77)+M3BoM?g-T@tTNzaKJog~}61u^X3KxC#SI)94uo*;{K|IT_z|6yesyqT7&Y!TJXR3L^WSYUf0&SHC{3rgPo8NIP z`ukpi2|{p|K}He02g3CSr01Dpo-nh`uwWF=)bixyI1zC9BMD}3nxTv$V3+@dQG})y z{@OGj({&tw(#`KU-|;&_*bE}L5@7=Itat@xwi()R5U|aE!YD#hM86LrOm;JLA%b)r zun<9{=QS&5YI(wDnqda<7qjwzj8TNGigm zd6TRl{K)R`L|ywE*mw6YKe!~q&UFjlkX1w}qmPv3O$e>?Kw?6{nirFOXMdyPn z>3cnl>%E$SSL0ooX$to*n6y?=3~IPWdC`*2?P5vY-f8j@Dsg*OaIvU|W~a`@W?Gs! z?y!ExIR3(ZY}`#&!`9iCCGG**lTYpj>^cg#zQ9|a9^x0dAA)a;pkNVQ^>)ExzyR;E z@|}Q1e*v|*mtBnZn$=7#)&pJA`>L`pZnE$ClF?gSv6YeF$C_}`UoyBeNzXdi^5*?) zZ*#<$iAevB=8uo4@?#z~$ui4a^Fb`EhcfKk-*03f)4741rH>OFhMkWEL6my7hZ$&J%ssnyPn@S`(tHh0iO45AvCDtVOy;7A zTTw8|deXEq(@+TaN2N)(MNX^|gkY&vURZ z337i7qGWi!vJ*TV}rJ+UvnaSU!2+|{c0xC(ja6i$IUi(3KL@rfOE(zj&`d*C(Ao3uC^ zl5u46EO_EK5ThJ}pATI$tQ_+srSa67|1 z&80YQiDpSWATE48;KG7fDYQ#~8zmBGlqebWSb_sXL@;BCojMu&sC14iyjHCM>2ine zKrBH=o)Ld2xn!4PpePD+J<=*?p#-_-s6(PWZLWtnHgfo2sBg^|cf0jzCiI{N$+&q{ zJh3hnr`H(Qok~m^+t%I%uC>0t+&Timzj#Sr?S;pDFSnTxnHk|df6}f9PMH}(2|ND) zXG}aiYJJgO;kEJDF6_rzv zx{(&Tk;FR+N$pWXcIw9rRTQwr&UnkvbFFrkGMcP_X_ald8tdhk4iOEZ)vs-f3?F4$ zf(zqOdYJRM8V>>qb)HV-MXfa2Mct67OH5aE8p!A256+9|xTI$ozPCsB%2Rpr_08Rv&)z5KFd4qSI1 zUg1??Jse1M3+x?7Z|4u*e#(v3&VMKL!iOZ>p5Ap2-Lkh9Sy`+j5-41W27#FL$+!DT zm2V1>czoGtx<(i$!=vNrE|Q9N7|LFj5-rI(f+#x4nSM zfE3PHUjchOvBd`)G5dEC?lxJcRw`t78D}2_$@<7MJPY?@+vD#t9@@S5n2Do8W=kYa zT<>w`(`nl!a?cSrZQhRYY)_q+Ov<%wfn;{F7tHD|%J;QnY+QAB8-FljU;3V2%}?gW z<|Dtc##&tm8&wC9XAVk6%bP|UaaZpe*knI#b{3FOe2(n4m6Ml)Blj&oW#)^ZbF-RC zffctYT2aje*4&&GoJ-Ciz37Lz%CbE1 z5(zKNc+=mQMUAa?vrQ#P)=YEwUM^q1N(D~^qHRy-6XF*5ayv8*1i8EKG-aCX;Dgut zWwh)!p2ok(tc5&c1{p8f?P}xtN**n3=TVP zWONB3jtmZJvc)BM^vQy+Ju-JPWU*77M}!}|9Y$BOqB2Pwxq$sbuer#Lm3_?MC+|Z3 zlY2f?4@gtf@B+Q#NZTse8wJ{WSUD_lZ5TP(e)#6M$ZOkry(cH0XlEChNNa42e7w=O>=F``GhgQVX5GGq1$&MmreQ7d zLUn=s2V=!SH(%#*O!-)McRd;@boEU6a)v7%Me@P^?u_OUJu!85)hI~R3woEI+@*=2 zspcITwxPVenXS~ds&$3(5PLObv#8K$WjJDQ0L4St%MYC`)BiEw#u0&=*lZ6?ze<6I zif-R(z-w+{okATOnT+XNi<;Ma>~Eh)95VE#GCSQ7ZOdU4hV?UDiViFG=mC_hpadQn)_hkg$Qpl8{_(zZNIP%Hu1*YsQpv!czeoDVd$k^Tcy>?T2$4%Y0y52TSMAE%yR2_-~-4+faK_@S|{(R zS|?Zya`G$C=>l~xc~9j!c~9j!c~9j!c~9gzIYCvtyF2 zuiz~60tW|}`r!r0kMjnL|AopcjL3BGW(P>ifT@RbBRn%p3bWJ?cqaplxIw7rhWJZ3 z3v+@HDDei*8}Lrfxe=blzQOLi0jtpe7~)y<8_ZHapddArmH}+exd-vDv2Wmc19t2M z7b2*beO`o6>;3zQ2%Bk!8N{>93QY26;E~7;cpKnCcG$4e)O#*TsRq0dsnKRa`^_2=FC6T%^@qj9tvBg@vivrPYCJwqTcN zFl_++y@Z3UgR{D$vFY&x5_fpP*Bz%kzz4v8%*GNY{)(za+Bl+zFOyy^V}{1lkKVTXIBpo* zhGS>5mJG4KklCe9_B>rld1+>!@RfFtoG7<8& zuHS~D8Uyj0n-akQyoa0P`?aJ|{VVq3G^6DD*11yJsyH|LRAwID`gAc++v77_-z7(J z{^VfX8-VcH*wo6&8BF?8o9^94k4LuDQp_CLb~*WJ{FgtBU^< zae_x%3EzWFTj#F7zlevCdeXA}2TfsnRMOsPNEQz1hk*9CHIK_uA|z*s`Rf%5I?6n9 z;R^V0ThPdf0xD67D125IoLNx8O zk@uz8AHR7{FRzyS_Go%dCbvV%S3+gDi85_Z_-|e@deL)9jw1z2ZSJ;YLZ#(jm`D(D zUe7h&@_iYS$NP{o2g^LZ+rF7zH=&09$ND76q#coTEL4O>xK<3>2Ct5VvF&$jkW&9ExYr-6HRW<$C2vm8aTBCu~?{$jdGdR^x{9=?Bic)*4lsZsiA)4c4+vcSgGdJD( z-|#b}h>;G)&n}E7U7Y97&7^rXAX0_-((OY1!JKg4P4u-sPB z$YfZrefVTEHJrohmCSrsft9mSq|PoxSX@=GgP~~ert&^Z!LD|&e~+o}%;Xh8&QHjN zkcM1h?aAG&SlJDc~IwVsHmlIi- z4Pb4S?rq%ie;ik#t`*x!9z^ckTZ~MaGj#uZk_JCr4T=W3P>-{3w5%&WwQa3Oxo5$u8 z+N?3|kqpFeQp&IR?sg>KBTDG|vEDD5Dw0`zL{q$%-_J$e*=gIzPqUODD1i1;MAu;G zgCit`hA0;y zxhv7lN!MAyY3SW}lyM`hoJ-e?FuUa8NZckS5`Xp^)$x+-v@j$2{IHB5ieZxifEJRr zBB8=<>>|r26s?BCLT9T=5JU(o^WWdKbP3|9UDlp_YHS^CuHY_V{k1~RQTBai6GCUX zrK@MdxGF_WW^2Wx*m3z==>9F4s2KG~V({9v;rbPvNk~j#)}ipIy6#Kmq3;lgR4)i8 zm_6*g6DL0>NQjW~WJC;YLtw7Z0`nd zby&!d(fEbol5omAm%(#{oW6nnpBR*+xCk6=OIn=c<<=BGRrNd+6m5{KRhzzW9lmO3 zYwDuyi0r4$r~BlZ?Hl%$+#2BllAjf@{3E_$EFMX<30WNJtg^A)ig^>yiiy&Nv45S4 z+>yWinSY@Y24Nwk$Xt%g&IsE}FPEAJ@DVvR+p}6IXitt}yT8+MygrhSUc9(2L-e+b zDzlw_ZkuD?QP(jKuXed#xWII+!Z4>a?QL)Fi)D?zcR2~fcafCBr<1PH%8rFZ3u46N z&dqClirlKa@hH1;xUqNP;sMhoDsk$G{`Hu^T2mF@PtpW|5VgU(w3(dn%}5J}`-q8U z8@IkbM#X=3{f5~1hHkrAe9za&ODTf$34!@P5{7wwu`KBxD7M(UY2LZ1n~HxpON3Kc zaP4->#y2=uexiZ1xEW~kuYcUbf1jIyoCq%dD>nl<(O&$ea1L;^j|q^|o?^VGJ;iuW zdy4U%_7nrlC5|6H>A}Xyd)jyn_;eiJ0Uu6zn^P4^u*=iQ*Ny{y;F(iK=v0N0_e6yf zaFI@AD1i^4R|j%Krz(`Zrz(`Zz;*PKU!A@h==gE+ljB!oaY9aHD1i^hut5hHmTV1l z=>C}-SZ7Zmz+i(B8srbEXrOcYJ3`oHgkS>ktS}d57j>Z(XCPbi2Nh>$YR7kZ-oju19m1&nf`tS~I=dsvfecnJ@p+VW2^OrvUs&EW*b{HlQ&&r;{EF%P#`5dz~f3OnI&Ym6{ zxCqe!H-x0#jHiJ#Pz#|cadhS6y%dEg;Aws7a?BNBRH-FH> z>o{ckJA()_h-a~KFtg2InGck$0gknEPxD_hD^Mx~xRwZIYtG-pix;RP|A%1s$4P|U zUV*k51NO=vv>7{&%YR>qFxxAfKxYgnvk4TwoO7Cw69&H{gv}s=dj%#Ce_`eRd&=v7 zljS;2G@Xp!f3RE}{Qn-yr3Y3b`2m$kbeamR%h?!9S&ETa5}d@3em?)v{Nh2oBps?& zMfa;o0pUc}(YOb0T^yNW{yLX&9KNmjQr)_0(NA=t7hg}mClPOu3;pg!-gC=fR!P-| z$a?y{8IO7IKTWZs(XC9mb~LZuCc;~(k8$ONMdUE%tEQd)Q3oH*?-idev^iANPo*l5 z81G6xED=X))V<10ADq)1Vc_t}R_m^%7=D`O-L_k#AUk34!MdopXkntBii=LJZ{a(Z zUYo#x!a9~+%}u{u`0FFZ*|Gcg6vT@PYeXIx{S@C5Z`LYMN#X3#E9}G$%p59V zAEdi22rnake{U-i@VGhR!*Ggk>z#+=wrK1q{TPxGB zmB~d2pXVRp+|-fLDGMG{h%g#0O)=;(ym~+WV=}diKZ(}Jy|vnI%TZ*^v==+V-Mp-1 za>F=RqeTaFm{Zy+fv>&-6u*KnA148pT%kTR)wMgT{B!Zw()Mu-~dRd5mDO9H7{+=Ui9%*|jb=01pD$ zNN9JLHJzU*d#KoE@>PfO_Jaki1f(+jsVzbi56SuH@H>cIYI#0#`N`B*uDPUAHn@JA z^Jco+D;)H$x$OyF-s7-F7h2JctM6WQYUCFwEePOKdM<4yT=Mc|J55yI}h90@< z4+NCF7O(DgHyV}QH6G)43_z4_Bfb&)e&gV#i#PvA(~B%0)#yF_F0f52KD@0!vQ=Sd zU_bCInNvgPzWlK7bIKu7+WvaCIljE-vBt&v`m97)p&4$(O;PJVh#%jN&8s=sA<4qW zgA1rbL~*(GWP?zJ)D^*qZF5xkaCkEP*ED0zS@MnhuNTHx7IulZ zUz>#W65$IXmr}NP4DG65?eH2%Uo1>%EjQQWt)lqh^hB9_vF@2j_riVix|+^PdD)!Tqf-9^&BeEq`yY)O$X;e)V}3Ptv%{Y#`F7jsBFO+7CR53@(ucs@#OR zsM&A6EJS^{x?{)9DpfmP6t95)HA2TqPBAbU8{WE)Ahy+}g5fD#>4gF&*2zk-+xN69 z4Tj%n;k+Xe?^k?ayyBkhpi?CH5ZmqP7k;?_1PSHzOeDD-ftaJoY20^j$@eh{$mHc^ zDsTq$jf~=Uo*7#QcbJr!UXEFEbvyjwZ;}R297-*VIXpk*-vY0Z9&nSj;2xsuO{6;- zi!l-$<&xKfg`P7`YV9Wp~k&gN)w3pHNHWZLqZI+7yOL-8JvLl&kVl=nx5$W0Rg8PmnvrcwpNV z9cihoK>X-!qQBbo?c}!zv`Go1`is8vF&tTGUz=VcIlH3JCc4`uB@nHChgW(&SM2(^ zmHy(yTYMUBH|4mZ>yml)X(AWq$6v+Hd~}~T^;RIg)48VO7=e%mhdapq{17%XZzUYt-E{dOb3sS4_#P&2L^58+f3?8d|u?@51s_;J_^U zMLKoox}GDtk<9&f0zNGnUJbOy_gbDv4P^PdPk-lD59&bE9OjGeP7=s1xHjBa&??Qc$^>wKwTLXhY-nfUg619h%`E+ z^V>ZV`Sz*#juPUxPRHf#G{{uAwW{U)8{^wW+2b@T{-1acZ)-e%Pd)WUcIHa(`Ep3yF5SQsB&Fu@ST3vXAYmyfeBnc4S0TZ zk-!g;kI>?_AaZqZPxzmH5dCVUDGdJ>9`4HW=fKYyaJfECF&|o);I5sluh3uDm-N}| zODkvXhb;Zw5;;m?NTa)&21Z81t(I^M`lVb_)Z*_PMor=6>(>$CcC<@xoo=D-6l1;?sZ58yGdM;{mSCLU|T|aXR-j|8i** zmUJ4FX94PVpgha@>voRK&EJ`3m_hujc~9<>Tk72BzomX`q5sYxf~Pi2Af9DcU}l@4 zQeYs@0-S5--YaL@m1Cdhk2y&$U>AdTAV8$&MtGK8f!U!AQUuVdnDbKvkpDut7)G|4 z6O>W|c^2T}*LlYf>Yo0mt#a(Bt5N^)G(&Z^04@gtK&0nJ zc$QfK?x4Y9p26HPEFgkdexGNUoj07oLI-03PC)qn+=KYn%nFoe0m47;EcL*tX#{wEm^H1huUlJW8}V^Vl15Wa&5k@yRhy$eKjh%-jrU9Tg> zsC$?T%y24NSDA>_5mgg<4}U&guu)5#xoBy^Vo2Q%N9X3gnPYg%chgJ6Q{XWfyonz- zd~DuD`omRiCP_^c5^4|5BMwgiyQex;s+suTo!8c=ju2KG)A93I<>|k6qx%4?2=TlFwx^65b#?jPi zqnf5`Z1VR^APK^^_I|X4?@zAZjW3SS99FC03PZ@fP=&Y7CyP$;f*QHPwX)t@XPEZ! zkzhE4=D`b|j~?WkLiz>n<~qwCBC7}sedw{6ab&$oB_9aeIOH;XPj|^ZFwxF=s7E@c z$1y4bx-MxrQ;D;RWDn==+`UVfj|3~tUhIKp2J zQi;>^c7NzSo->HdUv#g^jJ{lMQ}FhjEB2H1T01Hk#OHpMornvY0T~#%T$vS<5q#Gp z6!ojKf@7aac-48$%jbl;J>3&xo#gDufqOAoF-`gQvTiC-gt%0_&BK>uT&$9qyRXFc z9=^TnLa2^$ja`2>w>cBgYrAg3VV5T!sA-sD^UlZ+WpTs^Wy6qUj3r0+(bn{MndkHs zxQ7Ciy`{qgKB7)kEp)*O!CQKeNmauUTOdp6jm)Z5KEjHsZ_>cq;k)n1O7GXDW8d<{ zWz?>L;DdvoZQDUr-BmW}l8;Z6DqppszAw4uj6Klj+F=Zz73$AyEh}x*WX#X9vHMwx z2Zzezt3iEaJPr0M^A7=9EkiiABZvxuK3&USo`j(XmgOcE&50|K^c6fI+)l0ATzgfB zCS`Tty+8XP-@qZo3=Z={l|9N&!t`R5TbSJc zGXEk|JLN~!=oCTfW-)0Q-A&A z=Fc#-Sl&&!`kYFo%s!dhE6tW!Z0))au00R!Y&Ukso`j3Tk`LI_(y~G(E<=0cjgH~2 zQBjctXPLXMbA(dV&*F`zx+KpMyQvza!F>(sAv(e&L|}TSw4Ev%J#bgPynq&a;2m>m z8D|{JYt{^W^(VA~b@z|TtkB`DL)@fxA~O=`yMHpVb+w@dIZf>Z$*TqoRS*|7ZR{-+ z8tSpWGaQK*cAem}a$r>uh1!_LzN+;Ulzr!zsAh$8K@RB+gdCNK>`{;UCYM| zzwJX8HA)%-5oyYUn+{^DH*c~bF8A6&U>JJF>>gzN!jK%_lZQ2r(8Ve#!t18NI_Vfu zZH2&y@S-fT!*+cmBe8T-VA{Zq+m{NXI9QZ>-o%?qV_}OiyAqEp!)3($ocU=X>EoUI zc#3jn;Ql>reH%44xGMt(98GZ>wmyZX+i>2>jDweIr{m{R`v~jUN^k}`G-Q61>oLhk zY_IQpDPJP~6hI?5adqmM&VyG7Z!f};kae~zBU67V=Z|tDjX`*8xy0iakuD_^L^2b^ zs?{ShXnWbO!T}Ou<=UOoGE{vqWw$+6d*IP+%r@pcS9Y~SrrYVwi&rm#Q))wE)^ zOWJAcg5Hx?!xr~S6N+_hhSTx5T{G&_2**a&az#?=8&q+ccXovG zFAn3XO0nit**nR72zN5he?{0Wt2A{ zQKxl4@o;%6j5i9E&093VXoT=af!k-z%KCBJ8YE>Bcv~&;BhJgJRvZqU82-lL4WDEN z_2j%}ISbpdLX51_uT2vaT$vbP>gKU|?4^*S<}t^1&70J`;)+FFmmz#40V|~YnVOk4 zI(z)YMx1koKw|qKc?X5uJ3R{p1xh^8+f~dVx+w=&MaoT;1-+vteF(SAD8E<~;|M0* z`!Swvz~1IO^jyfxx=M#n$jdm)>gy%Nh?x|IM@$V<0o5^XZsVV?iqAb4LjU4+_hGfA z7zP{FyynYtE3Nv=$?vv8zjxtA(^80+JdoX?`}#A-e49u5^Loir)-?rmzqd85GP5f4 zBiZm#65(qZa`}T{csW=oMyc}`b5P{g-!vBDdn<_KGBth}#Oe$ti@lIk%jpsy9h}cG zvof55j2`zoAT8PO7AJdCouxJx3DP36u;CT`@?l1e2=#YS5AGQ{qkY4bTli!vi!HE> zz{7$-jI{JbiUd8|es)vV&;X@pHKI~-Eqrsp*;k=khhFzk;Ds7o45~du8W}zsi@=NO zC~2U{@`891*5!!3MO8wpWCnvUx5bGk92_i;7MFj*<#-jRc9j+vjOQnrd`y?S|DCk$ zdF@wTdnF0W*=CC=PTfZZav}`9?g6;N z9UYQ%l@O!{9`eBv@1v=n#SB3EEB)i2p3MxLkCVY0XnMxOdBi{YG9%T4D!I(><`q-j;H%~ zgs_XvU;+`G(%&J%tWpA0F9Wj#f1q9lf$oss5yEB=p+pU^sJVeG!5_$%9q--WA;K(6 z04*v4R^lHN6&)WczaxarAcC6(CJ@hx!C`hA6D;ZjGx#7Ud)^ovdJg|Sh%lLEa3Mn5 zSOF;ippDhBefS+AY^E7z5dT_g7fNaZwhlbCc>&{d?rAXPFh49NOS!<_1g(c;0|W&yDbx)b5EN z3!6cN8N|QJ7=mq$!1IP1*fZxI#J^@%pbHTQ|G@L+4;nB*pyAZ-XEw|hA{W5>gA0)h zxYcvsF+5vr8D>-xOd$T%aD@xV1VBm6Ke){U4UK=FX4vdza3ykq*Lgr+_7AS}{9UzW zus0NRB?3s#y%PVPT>+0om_R(suE5L%14KxUNzFgF&I8TA{Js)la^Qdq5$p{GE<|8y zpMRRqGApp#D=>lhi(UEedDs8dx+iF^@nnWisa8%t;28h+)cx$oq;P#dXfM%`XpsHz zwa&x|H^ILe_1ZD9ARnjV2BRFs8{DUchmDqQNj&DGwZu*df>Qo(>x9UEq&*V2v*9J| zAwVh5FtTGpjl|Bwvci5ypKD&qRKp_Q(f$~fT{_x$h(QPc$s=sT!ws!+oL(cHmF!qs zVT!j@?<-et1x{929MVv|PUu{)0g|*`*Vwrq9*G>9<2H&>^6=dxdD89>Pc&TXL|eNn zKqa^q_vMq>2Pe(h>?uLLuM*vwTaPHYN-Wl8KLKS$Ohgzcnm(Q+-v{S~GYqEUvH4P! z9bU11PD#&Lsn)!~XZ>m%pCi&x>Y2OQ(SEZ%mrb#W8t?~IZaFT@p2A*B7flV56YZ!VAI$TCdR>Upg}zqc4y zS(`lKcAjq;f8yL{CR6eLph68xTX9|AKPAk{1hTecH$of^DhhF%ssL^(WJ`?Q4aGeuT1?aKHA=NlP~0fHv~C9!LL zp-k2Y1X&}t4>OurH0~0-r-u*m+dx9!yBKy+BZPX9y`al0KBJtFaDv%Q?y=LTtaJa+ z1xYUa@emoI7%|NQ6O4Tq{rm3v9nZ_RLbgo51gJOK!$-u5nZEI7iAEHpW4byZU<>@^I&BIR%F~zn_xz zE$0_{;sJM~cw^qI<}|IA;kn}Ej9T9p?}MNl{*Yh!{^7NgD1o^f<7`PsrjI-Otb3k? zdQrM^%5I_}k?S4B?QVv3!F`3RPImEWPxgd_hb%Pt)+G-l^vg^9OYLy3XJ~8|ZU)&j zthSYA(>zG*=Qykll)V-y&DuBGN7Ak5Bv*n=kF7({RZV5Y939$M*4u~n!F{w?*CEIw z%kF#Z*KnveJ|1GAZ+irIER%AnL4$MQc$^^j)hj#tF0IU$%JDv4sz( zRsQgGOyGF&C5^@Uy~EtbYWan3J+)iA{#)>Bw>)K%(*+j{i;iYCN=B4lz0vc@VYQmW zJt(&A>J{5_z1z5Jv!^Mt_@UL;O4>WtPjk@mC&j#WP3bKHtgXO}l5C8_hZ`mPANO3< zZ~I-OUtGrZ>YtfpygUC6zK1=1y3Ias)btQ(5AyX^clQ@&#ogX3idW=Kq7NSAYxpne zT2JKg%!P@8L zOkDwag)VovDTAchRK~(jW;SshkFuhLY9|UM#!XhXQJ!i!i*?5c@wzBJ zvR5+c?<5z8f{DB7jC)@vs)q@xQq`p57Sh)FL?RICNGEv3-`B2*u|g`nCRaMwL5l3M z^Avf8LHiwg&#Kf9Dd6(00%FhN_I_3R{~vIB zP|+E%v5dLfdEe6@zW9q5CTiD(K`x0NN3Z zLmWqLqK^4Ff{{K&7B+J zS+N{U5Q4MJ3uJzvg;v07Iyb_za)dBT1%pCoVBP~%jXO8Ovtv2v`3r-~+&n-Em>W2d zK&a=2_)9DY>k9)sU=s#FRgvfXO&E@Cz<)k(U@?f`N`wW(|Dwggu^IcLJNw{Ob0}>B zSjj)3P0nm_05c*PCJ6r;^#o>Sc))ZzuvI{$=iMq$N8|4-M3_PRYi0%9D&PQuyP5kB zs$+i@Q~rn8fz@t?3B%gHiHY18%U!=iJkK|-aB@) z{|Z8IA#wp;JhT)Hkls7@Za(Wq1I)Y!Xt5gLJ^X>5-Em;@`xpW-5e({g!D;3K1?_+x z{Re_}$05`25MiPKgu}h=IQ??DdfHX#BIgk$L^t|+WvEWmE`pL zTD;rjPZE<9fj&iJ{9`nGlCLI^6}s!mMdnj(Rd}GsP}u2Q%bgVx!G2;k#@e<^#Xsb0 z6swTP%(mUnS1TB;PWY1!1{U+75wq{#Q6 z;-~0?AYqdp?p|-xg?J@M03~yb|k8o{&p3 z*T^bZV$n{1zw@{QLv5fv-V%H4TF;aRyk@{9e3zbvpefNOANLmQM^}nM@hfU7OFt=P zapcBEh8{kjBW?DaiIuJvreGg!Yh}8K{-Hp1isvJ>E2$FEWU5+iZUu*Lh3)SA9qN(# z*AMWh(LSjg2FKy6h_K81Ox-cncCUS<8atzzccI}a+yjIW09`skbX&88P~bPC--qJFJYdy#5v&sot4*@XPD(^HS4 zjg=gnci8UrE_Dr-S)Z34Td_`rGmC5cayE% zZ%Us&ZI!I@pbmF2L?5Q|jj*D}6&(@N%-Q(Q(5A=hQ%}bBXzWI^3``hw#N9EBlnbbn zUj6!9ecyj^vB^&JPu)Zs^X?+jb(lj1xrOw_>ALAK$K5jF9NG$X@ zB!_ITt9vN_+K+1&jjbIJ}J^@pvHiI(T2Pf?RX@r-tnLKT*ss`+Y&)Os$v zMam*nB7OEseTG!~)g(+pK7$dG^-0OCmC?##e>*YX#|*PS>S7q@h@tdh*vtHC)5@Q= zcf0C{Fx@o+Xi*L_;0IAKTDz7ng=nR4#tr4UPLym;S!H`lo_@DB0w0;Q93Se<+X zL(WgG7ijq3?j~fIzuccNV~b$rH;1bo`ToAkEAFPwZNd;ZW>$5$qU@i-zM1h^lqgGm zLMwL7HbRlaSxO)2OEigUma{I0jiH3V^WP$MD?d^c?SiCFR`3G!W!$`LTQxy9TgD~xDLnX@+>MAxAb4&e1 zFZq3g`wXY&ypDifep$X_bFPHne{;@}k=b@$wOcUZ9g~4zkt&9j(N!DW$U!}SJDG5` za_cF#gjKszHZ{E#qqvJ{%n^RiP11{X3vLb;1>CSnEDR`4wI%oTV-NNUvxqwC4|CY3wq9?vt3*Q5A51lCK) ztfV1(6FP6pZof0V???g9J%Wx95~X2UZSQN3%MqzSfss~_Yi>8|(Wg?S;qS`S#>W5f8F*@=S~g}cA@m?p zvo4E5iy!Wa^1yzd9jWa{`xo|iqbQtOoUjjOX03-Pw=-g2ZbR4j3^RSFL$c2EZhm^& zZtTAQ$K0ETQ@MWs<7SyMRb&cWlrW~iZW)( z6d4OCD&+e-d)w!Cj`#ju*ZFLZ>pK6rO3!(nb+3EfYpvJ4UbjrY)wTJ&IZ|q|AJQZG ziaNnf^&9+CdgVG~_FO9JGHJA_xWe8{(&YC;&iRj4ybajo!+lsVPILBF=*P+Ex-<3e zMAnv%lnzi@n76LJ=87F|jiM*)h}cdx+oZYCx%~F1FWmo&lgT~T>tPc7RqxhZZbV%; zWcnGNob$50?dNql&=#A5-k-k`*HcyC)7u^ z{5UtGKI?6#li$9{ z3a?AhNJRw<=`@tj9DlOLLhU6+Q&Vj&zRj5CCeb=7BRbrCqVnkM3B-1gNuiJ-NkFI) z>950NgoAwST~BG4 zt7O5se`MrG6QP_=`9&`w%0FWLf!h^1&1rT=%|6MV5T}z=4Yzws!FfKoS?SQgw@Y%N zU^<}q=IDcpk?}!$nc)7b%fDDH?B#hkMA9yAOW@cm!1XavddSC|{wl=&J*5Xuav>?Q zzfpRy9f`buPe4*Us<+oJ$}LXmsG4?Dae46P^#1L{W9hju0u zgAn+%sPXix9D+Y;CDWR>g58zjQTWKjzUTMVSMHR{eQN% z4l>X$0ek3RAuSG6!`K$m7@v87rhWknX-FVqY9T{brXpX70%hQhGJ|C* zl9&W(zdaC>$UXd5Ac2|>5(D4n0b&*So)y+M#9Zp5V$a^T3P84ibRUxT!~T&dRMgvT zL*VKFDs=1#BDl=RCzybB+6yy@jK{knLgI+vW=0Z|;KbP;h)Lu*u^S;YMuZF^rWP_} z@do(>6A*7iv8TvUN9%4QLbA-DBZ6cac-?sq#3bs>-;EHOWrhqQreg&XBZ7{IWURnx zDeOr#RGPFuMuZF^W@Zwis11^8VAS3NsfNld_s58!Cn8xjV6%Wwu{`=vDerEG(0L+K z6&LVC?8j(OSau_XW;-K25ekTyZoEJiwUGl|K-AvD%o(bD*=TyQV>NEJAJR%WwP|LUiB7RgsD2S!87B&v;Jp=A5cCUH+?f;;95Llq9k=~~z~ zq)rLO&ot6B_Au#GSbsanE2=;AYMjS|g-h#jP4?o{dZYL1=DYcF-y0WNpWTmFFX;9< z^f7p}&5`jzGvSZcE{h?9;4Pbhvx=*ZK@B2__QmDu*<(8E9(3hv-U-te-kFLwaNe5# z7Oga)d0$V|E%dgTeObGts=QUFq4si`LARLQZDBP=y#*DQxu5(M_&K>YZx$Did%naa zns|ESsBL5!{g0~ICUN~YHu}xOrHAkoai3hdP%i3to46u>_Q?ygGe?`2$atOa5uZt@ za6R&+d+|i){R|dZLT@?Uv12Pgc_tl>&d?oGx;0(MAio5E(Owx%C$CDpd5HGAloip8 z|HD3Q8mljew5eB9fdXW0pQP@{;`n$HYxZr_t8(X)ozf0-Nj!J|k>&{@1_rrDx*a0- zyZ<;P&|X{Rbg5&T>Q>Lki{)nwMx1{);Zca|$Wed!nAz%?*Y*y{$ztSkKNHe5dmF+o zX*)*_>SITdI)7Li>U}t?m-7{Oxq5 zqD1L@6;@iwJBWFPBQIK5!>P_6yP62SPF=4fd!6@P<5eBJf6ysgxLSb6zVFANhmmK3 znA7;E8+(@>tb=hq&3nqR0@{ka_&Vb*BwoOt|hvHUU132}Yv64HRn&OLDD zU_DV0=Wp{$%~EfVWCYIPWVgnD|FLwd-t2O~xh}Fok@`|FLlgY40p^uA2jdooD1S$O4VqHztbq<1@LUb zHg}@%*Vx7vkHpYjRPrbs2t9qhmTrTJg1bB{cP`%Bs5k1D+--nU%9z zKYFTl`rKs$hJP=<)Zz1S{iA1kPdmgZEZs|?G6{YSH(6cNu;QT(8SY_Q>71&vd$R^z z8#52Ii^B5;E}rqaaY&{yC`efJ(BR4m2Ab7aUgyQ}sgU=nBWZu)Q>6_G6D0iTGAA}% z0-T)5nSE_vC=4I*oFFguJ8uvB*-fRU6?kfOxQ=+O=Dii+cT;)BiR$8`Uk8Y77X2+4 zJ_-&k_0T?!`1DMW(Ws7NGT5lJflz%(R{E#%yg(727&|F{nP0xDYj=X!RZn*wv8-+z z%f8Vx1~sBh7rfDNDa{*|qx@Ie7@uDn^iHq{g2iohaOAjCwf=rg@PqzDjt~cI#D18TmJMlHRnZ*uB+Sc;oU}Zamq($n8r(nn-nN(ji(F2$ z_t;{WUC9H9&AMOSC1o$U#_lDKT(q(ZsPr_?OS)Y1xWAt=t@Lb6DvN)=hW=7|NnE+^ zrs`0NtXB(54c#hthVxIi)x&XR-f0TMUgsZ6o$E-twc+iNO2e_fVQw4fyM4^cc57C& z-0{JUF}>T0Gj2t9KkMg@agDit=a0Oo-7y{2E#S;z!RIrQv6_40M@-MiZ*R}z6cKA( zBQ&-0U-aW8OgHpA(~G?D)Ok{*<3{CFDKAkUBCwq0{PdkbpKT*Ske@`*!pI=JIxh7E z!Qi(-<^J^V0j1<&hvONWT|>TBNUD&@2*+*_C)9Y7WNRxwuTu&B0&g*=-I&dAU^{4a zmFqO)k4xokmK=#DR}W;DRbA?MVn)tO_O*;eV(||kXM9%K2?GHLL%wG9SAO(=AOLqX zD*ryy2iuXW{5t^%L%)&*1F~WiC${rSmJn>`F)-iZ1Y2ZU>nNJvyM(_MH^rz7>pD?t{Cu~RN6Oa@@5r|;E2q6=Qvh!aH z2_*po)-zz)0T%yzQ1C=Kz;1-l75|Vx#LN*vRQw~kO2Ak4K&PVi%>Eb=EV&?oxUVG_ z1avCwpCZLj?-dB>R8;)iz08o+{t(cqsKETc2q9|mKtQLW4vgIhfujW#(~{i?Az5b75uu<{k@?bY zgwQNAWDqeOE07owbVMlVRN#Wo|2iTxMuZF^re+@cmfW5~BG}A>f=*E6o3u#wK+XwG%d%K)?)?!biXwhwEdqq^Zwdel& z$CWA-fwtBwS_(wDXA*F3J$YPrXN69_J#l%&ZAsHj3K1_B#20^qO|$qB)7BB!3;(5$iB5?abge{&8k~#B2sWeoy_^p^CQTqK5^8vYPO8!jz)T zci%o-g5&-YaK)9I%=A3EUWZ@mFmKG+oYGqlaal5iqr7QcB~2o(W(dkik+Hlv6HC3xp-4%ddi`yrvv_M9tpBN;c(@R z>Vp2oj`j}}8zuSiJZ>AjiJ96p9TvG&0cx6ZZTzQ}Z8ZCz6}AM{=jJcRN+sMe`7!O5 zh@jwl?ioBGa#2Y&(>GP?<`a)@x zey1jso1%hy_!4nFk7f&XmTOoC^?i8WBy)Q(KYx;;k5ez^T0-?hb*AE2jush5eEXWD z#q7h0(>ETMCi6I|mRg>nEI#Nu;aQZSdH7*Nytl?DQisSWUD}wm_d@(MK`#}<3Q0On zbG;T-P7M++<`2*qmo%u+_cOXw^WZV$xUZ}@Xa&BnI(=1_S8wE! zrNC#UCL-a4$hUHd;z1oR&liSyyv-5)UZ>Mg{ZZ`zo`9CG-3^X-uaZD%g@U)8Ti%Ig zY$fxb=3h!)9!V#Ec;=&Qf*$(`tr!&!m%$*(0=gxE{`(SUToZ2|Jy@K*m@-Q(m|E+j z&K)M{%H7B@N%&LMW99s$(A?)UM>^i&b({?bhhVu7{Q#G};(W5Xyee=Sheu;DGPi)` z;g4_~t=b$!g5_7o(cB}}_E%txr!B+{`WR0?X~ro`6xP_HO}2QEozN${Wz1Blf_rnA zzvgWIyw(Cq`&t{_#vzKVvM_QF!*aobhxVaO&xaAlqTjyE`dtml9HiI!)mSaj|26VJ zhSQ*Fu@~;-9~V9U-g6OgOjRfAyeIDwe#?Cg6Ll$EXE%2YuY8prc)5VS!sdifTUvPc z+V2;UUW2mN^u`ar4JENL&E~FcR~J3;XGO=^dhPQg!6&2(B+`oq*VbyrGl@rQ1r{Al zX2~3*ZN7=OFldMzKgs5jfnz9JBTQq}@kJ5WA(yweQ|z>B5+!WT(?e;7(Xf%L`&N>j zOnsC7`;F7JDv`llT858IN#kV2yF)xe zJ?fWxR`fW4Zmwm+2nK`c$n{FG&*24r+UOIEu=7Z}#9a=CHh87Hkp#?)>;^kbf}t>=6hRSyXuVJvS}zoa)(eI0=!F6wLJNk%b_7GArUH?s+nq;3lIenlEBK+k zQh~@d-Hi~sasd*Em^)<(&i{6(jtBJiG@ z%A&ws5b(CQ=pF`OkY~XEZWZJq28Ez1I6?&6jt~WIt6*)!eQlJ93WD8vKu{GxiZwz^ z1PpLKqt3p)tuyF}P(Z}gD1$8ChyaNP@@*|(&tPrDeLGf=>;|yJpd*R^nGv=KF^bYc zv&@h|#B{7c77~SlA!l%}hyc?{SQ`;jp9~r!f>9e1h?vh6h@!SI(1-)0HaH%EwGlC$ zE6^Ab$-saUFu-O3p<)ejUoVV-Z>WKuD2)9ZYN*m=e~vz+Cqe-c)4>8+)D{9NPGnaZ z=q_Wu%$UvPlUvXpd$(aV?f|u5dv-n zV{1fYVZIw7G)9CBBBp}{GAa-}T7aMp4DexX!hf79|1o;w?|QU<(Ho%b%D)R%>Z>*Q5>UqjxE=fscGjGv2}hBypwZqy92S+qr+;x1zRAcWUES}>Rd6R~44 zP?8hiq~(i!lo%Bo9eSAL&x(P9#6*nl?=$O04npolV^7n}8=_=Hn`WB|niV{)95<9tQ)_me)F1f;-LlE@vjNg`wSr>a*1)c8@;qtqh|?k#D9FUwK$Yaz+2>~h0W8hx^~5-fNz)Tu9|6_ zYU`St?VCFCinBRXJ;1{xW}K_?z-7)9Ib)k=8n+ngxO3i$v6o$x5n=D>Yt3*?yx%UH z=rlS+z#?`V$O~VhqCdczW#WPV>y$%jp?{FK@ zch=y4-L>EnS)uD#9yra((!*>jv2oq?24aJ1wIcki+hfa*9$DWy6=!q=T4lmmue&<3 zD7};Qa;g{Mn&2nBL;sbHY`j{b@BMGmpqI_}BDX`C1QRnz^f!(ceDCtmok}zNO&y-S zdNR9@E+oWox0~G1ch0K)#tV z5zYQJox46KZPobci-t$#y*`LUmyAd9%qPQya!MXNU1FYDxX zWR`G&ZZjwMp~nO zAw);p9Kb?H8@#w;M8pd-wvf6d9> zTa4Gg(QA#~BC_M_A*zDsO5A1FsH4;g=7RNNFC6o}X%c15pyG8*D7tc(>JI_)sYa6b zEpnkatWLJw!=~G;4X29CLUNXt51?=vg1>wk_CuX~=@? zxADnr9QxOHFAyE)tJihGH@nJ{ckPpMEw$jX(o1bY%4b=<8u4x0OQLc5ifdlomEv>C z&z00ejPzlO?iQkX^BmQJ!T7!MGQU)QepG(ogwL@eLiyUXZqOmtjZn=6Uf|4qlxyo1r&QD-WkqEgLQtk>^)jsmv75z{l@oYLIQ2 zmLIxY`Q)?ZVaEltrhsp1w|>v@s+T5R{Q)E4Dtdah?0U91Zm{iZ=K5AX#}Ql4)sL|` zHFVRzBZ0xQ*c^K{LTADn&WxM2Z*dn z-06sktDPsS*sAbSow=7HQF1QH-}f!QO`%fqMfR#6=`kNqi~W=vJmxudJn|Ds`X29ozp8j{Q#+)S|1Kist*%Wp=r7gEa zqSZDIVUc3G4l7Fe#^bqY{m#2Bfltc0|Har=yX`96WL>cQtE}^|Q`#Sk)~`p(kCjvM zUEWWf||GO3+M{4F84km^M z&>jEVZPb6y(7<=33jfZ~!2gna{2N2F^O70BXP}zmzz=9XWk&%(2!@t_grVghVQBeB z*pB=oz=r@e7>YeX>p#MPBYEdf(4R)jKf=)Rk8rg7BYa2xkwOTL)_;Vf^&jCtPYL-U z_>TS~@H;!7h69b`oxj>a4d0P}1U`h;e}tp;AK_^INBEBZBk()uPow1@;b{3sIFLet zp9VjK`ZkzNK{@P&H2wZ0s$f9^Cgppjc#ux98zN-cKByTAX8Yg=u})Pn6?M>M`;b7y zRMkON8H)oK&cMo893V@vHRApWkb;f~YG#6t2qMKAA*N;_G|LPbM9f7UDvIp6v5tJz z57;Yvc-0RTtatBbXp9I}#*je7)GdUpG8O}_#(|}=7;t9*Yft>giM+#;0jDPT#}Kek zV!+TcxLL#iMh0t$`^rLz0W;iS)D{D-)?%jWbsA>d@UBp5=F5WWkwZU zyNw9hUJ(KA*dZSt1dw9AS1=tbkRSwC8Js!%;YB`|?cs(N>E0!7?OaN91l)%&YYf zYiVf*X3Huy(bDD)?XD9iHec*dd^j*(PS zZb7S~WpNKJ{|S}qhGyDY7RuOeUEcBON|(#-)J0SEg|dT-DBYF@0kpz+$H z`>=28&&C^>ST9{}9L%l%nOf*JhxAKcHn zGdPGVQ2nV}=(^VLMZ#D0Zi2WA-zWKb^^Yzb|Ej@#{!}EZ&1HpzC!gCwdE(7aQPQ68 zcFd>dHy(-&7|OD?BKEgg#`b!08Jz;(TuA*%{uC&l zQ%rk2ysjVcICS62>sKb#l;!Narigf#TjykD!Lzei#JcpTzg)duu3^C_&zSfRC82W_SiVy(R*)|4k|wq zKO1);yglMx*mGCI=t059Ne^f=LPM|J7s#KT>W^zi__OFUY5e-YCbiOx$VRGq2;ma7r#l3ML&@4ZLoOF9&+| zUrkfUs5qo%BTL+uV{O)+SWgM5x8R=~W(XLHx$%WF;axgo4#$(qvtyc(x0x;#(qvx! zMV|d#-1m39f(5H8hkCo#AG`wkEhp>i1oYp8s7_>^q`vlmRmVoT_{WJmhJ5KG{x_P$ zS;EBl-mMbcr!f66ar>Rn(*;XGS#S4`Z_|jxMr^_ZdlRo}eQ0`0_R>j1q+TuUQY@XP zb5Hz*e)_kW6<;5wk!macZsw9*pA`E4vU;uE# zR5tbA$2@on9KLT3T(}sktcP0Rr~dTd5cIhg zS2iY(PnLe&{>MiaEsY4{sF`byO%$x$+B|8lJ%w}~-?#eMuQbn!az^MmFmGv2yWt#} zG(N|EYK3Kh;!zos3J)_?)s`^nYvbGVOyQp|-v4aSVj_OoEQ15Da$xFbp+K{MOL!x- zdca_HZo%F5-`>0nF6U+(-Y2OH{fbp8h+m6W*1r5%$+JYG0*6FZW1F_NvekXbzoC%|6#q^ zc=LL0M{G#Ok0zz6WL%4FJ-2(jAsX_R?!8>RdGN4wi9GWe>BJ=^f|fCy z21%Gc(VS`bw)kfyW1+S!JKJnUB&VEoD7X9NN zljCref z>rnXn4nB^*Mr9`kx*3jq{O_+r`u{*T?3cFtRNN# zhFXy{Er1qlBko%*hvYy(A{j{X_dq10w(kBcGh`4k*K(*mySEM;u(S|xpr~lKKSl)i z3M3FQQBVIRnih^cAO6RPr~~f5LDQm6uH6tJYt2BwfufGo-3WnG7JS z4C20?E6Ax;kRAj06ReGhsa}D`h+x2h1R|z$1+p9rsdx$O<~_V|h-$#>K35>yD?&h{ z3cR`kBE@!@_gB~ySZMI(3iczRaAbq;FAM(1=sRSmaR=OA^c@_~i}{!I9qlD5ul4KS zKan?de6Qx}mXZ$9s0ve!eUxE(EO8}(KH5Ik-g#oFoL`bw;!ROx3k~ae^O5rTe6@^h zW&KDZ0lDLRvGhq4vC)Bt2{%6(D0onZT@89cZsdq?EgCz0rL-iS%0|p}Wh0bkX}G@d zp6rvROonmFV@LDOY0@uE{csYUUE=j^jq{+0A%cVXsLa87Tgtu82@(qOfw;(TYtK&Qkr^Eb(Ke+L()Y#DJ~;kf{!6%nJsG>j#`{B3hC@>!!>>9e zebPiL?mV_?=(|a)ec`0!+a8v>BAK`LlkUlCsu?%ubn1hIHdAH@iF{p1{F|d#Kl4bO z@PFZRv?+(i_xsUKnURYJMrl_1DGdCYT`JB!x|}dSX?B$sM=~LzE&i~5gbrn7`>V9o}#$sHdF?iJ=Y>5(y6$-@S>d^Zv8@X z<#*(xu7;!hxh58|)cF;3ANbgu$St&qZn$mpFFR=SD72rylw7TJK94O6*NM1r_DghO z04<9$J&uFg5lh}uybQXl5!6MJ?5E>u6M86r38uBHvq&t7HsLVI`#c?*VmqL|sw3q% z{#NQ~T8BQvsQ8r4MTE(PH*xYeTkRvGdiYoPKY59;WVClKSlMs>R^rXiuNpS5>88uQDYFTj3(u1}<7duLT@T1#I`WQk z!K}8JAh)uVBj5G-3lTFXoprKLW(|sIc@HB7ff@UlH8Bhm{d-{iSu|#uit=wjr7sbXb4XV7tT~-!+8*3?p^I{TxJ2g z*F5mi#T?d&*C!rUQ~Kp|2JP_Yg|)?i}W4hME z^n%PTRKwyAx~*fq!i_wHC{wbJHQ4ya8FCfbuz55Z(+sb9gnv;t+~hMU7pP%XPC4CT zL|pWyz2X9X5s~nB;v>0hT_hT6mbtHo$u!jbs#N@(lv>M%W36dPzA!74g{EpH6Ik6D z@Ybsol9DeEzadr=`_-3#*Du>qJ~exsz8By68TC2!0Y0udGFR#iD~5*$=%E zrbidO4OVe1SJK>W#tW;@FMCpGb1TN3eFw{;CZIwAQ@%!fDn`(AKqeUTE;nVaI+!YS? zY-aLD<@GaLqmHJtn&Qje?Y!j_v30-fP4BaBFNnsuo;(PM57W@D@>f-(o-He4zA)Ss z=n^jTlDF4~q`jBtWi5UJlYRV$N@A)IsfU%EOjn*wFr1$$>K#8c9%LEGnLmRdw0D0{ zqaJnVqK&mjN)-u+s=z7wUEiyhiYlm9) zm)!O=5Kk7r?RlN#-J7p$^D5t!Vw`&XJY75S?PX_w+pcUD+OA0`4&=J)oO*fYndOO& zKE4yxgomF2`}`UI133|LrW@0>?;~o0nLzyqnYc5I`VTU3=k-D%_|B7szz^uT zP_*zU94$NwM+=X_(ZZwf9pO=cx$vfdwV_A++!)94$Nw2ePxBze2GP;D^xEAzFD9zN0)U1V;;x z!gqv6fj>cidPjm4_!AUr;6unEQ}92#Gv5p5r%+Ol$Tj#YFZ_#ogy?FVIA9~Nrz8%z z1lF1L{#Kz#Vh^OvfK|jA;=Wd)$O%!P3f&8_hf$3dx+)YBi2GWFiUT9(Nd6WWtjBtp zF|%e6P>*0cL=4&31RN2lm9a&LjE%c@Gc?N#8AMFoO-M?4upNRNzXbNm9>y)IN(u7-JYmN&=Zlw9LI#HdFLi4j3Zgo2VnX6*Z8M93gwV$C3n+91;dM(w?@X2>FEe~buvA}Hp& zS5gXDe(i<`nI}S^>5HlhcO!%@YC{4MQ^5jR)CRSD!Kl3l*H4UgSMgk+gPM+CKe zK}Qq@%3o~H6=aFO8zD5y3>n0ID_Fpgh@8L#GMv3kU}BV`g~o`GLBw3JK-3`-0{U8D z)CS&N!P*m%jimkaL?PfpJh)kefa((4&4O%k?S=@+b_SPO2$&QAZ{2`Mu|~Lm1q);l zF?GTqi`syQ7#OgHfVpa{ZMd(;3KRe_S1YK2kv$cq;LF=k0Q^U>@*kt=kv;sKP5c*4 zFA6jX{v}O63y7BnQJ1(6fAv4kn-?xel4~Mxr&a`bn6h$E zA%@dD66eXKg95kBTtA!FCN9Q3GpTFqA;F=GC)o_ImDc_oFw^PL+*aH=nk$xT=^uE* zMr?57i)7*5FEWKM((Y_u7Jl$B#X^y}JduY#Z`qoZ>5#1!%jM^OWNhJu1a}aM3xD2v zzsrak&TX|HHGTN2*GO$ftwp19LQ0}NgCW7aC?aTe#Ms5W*=#AwflAlRb!~;3t}dNB zIb~b@kI?e>-x|uAx4n3szO=l^s?p_}A6M}SVA25IIJ{Ay^CWe>@#5LF85?HX^IR+s zXn{8lTXTzbt;`6B+X)0jb^2m@TD{%KoJius@#qfeRvqx9{Hc`MCAma;c)Tx_rK10Z zO~L%($@@h?sl^1DpQutl@pv>I9DT7WXsBA?iomCd%Iq6$GozGTG4~E&|5x%*t)$w87glfZI(2D$aaAj;5 z?`x(f7gOs)eU>kz^4{e=l`r_}R*fsYBk)9~W4tQts{ZkAT%+&<@>QE5EUD`Ky=2bc z4D?6dr~_|P9-Yi~*ERIveVuV1C#`}F?{wM&pE%qB_^4LVQM^zhC*4RM9Uf zBWGuyw~~~%pDsT@+EOPdJZ@Pm`{?*dK6`Qswy0#m4BtLe7QdHglx*T?k7>P*9N^Lt zy3`&e^!XlhAVp;zbx3idkBnslwTkmQS=Dj_3)W1&lLJRzublG9v;r=OjwKNf7J0%iRv`VQe@Vn zqTgfhpVz;%csSGXuBee8?^RjCrsFkOu`Soz_=V~LS<$D9r(V3w+X!_l4pGa^`yg)I zyQ;U8$R2!Sj!m1J+k0d(n1%YCjlpJwoYz81#ZQWuwZ~0mBihzFcMp2v7um?vd3zMu z1WXx446s}sb1|@+68|Ab7Zp!Uc#$qSCo;`W^HzWK?<(5iZ}y()NuO;a2Kp;HB})gC zIR!Y&`eH)96r9NXz*<(?VAC98lXpTuF7ylYuaE3!bt6no$bVfLIn1Kutx{0dN0$9X z46%8FW`qCIZ?6!WicdXL&3xW%r)}Sa*qBPf(qB8bB?pJ4G<>POKcG>dY|Z;rT0+j6 z*P`NM=ogRq$f4(>Cyj!x80p-f9}4~AUF6O*CU0Q96-WDv=&UU4&eWMGJN?Vn3rPb} zBV3W6-6IAbyh%GIQM4sC#YJr^p-bC-*RwZx&px zP~pTum_i}v$T1#Pt0!*y_1OkVHwZtGtbHNm)f{h9E*xzfbZ6`&iaZ!albb4uS4o@u z(P#@^gBz$HNu8T2`2F1pO_FQ(_*;mt8Q8H2*IUX z1%f!XmY|P3TJO}t`>Cc_NHxy9d14efyjmiC;=(MkCxhF;Yz9uX@r*_@YSGNkYc;wd zAH(Kfwte>M&MS_;m_q;lL(qt{<&m)nGku4uOCghAw<&Q}9Fp@fF}%Qm^*0&6f6wqD zb|y&v&hR33MnnI>@S+8W;lPD$6h*otI4lGQ63U%FK{K>yy(%?Kz&(642YXZ+7XZhz#1W@ju&uzKv3a<%Pa<*C}2ngp<)RUb%O2NGK&Hc z7mPO`QmheT>Ucq8M9>o_!NU5s{t<1w>2-3uI9nDNPH~ zj=;9Y+K8CW6-bsD42ekHSHKbXAWe%ZMfYc!A%lpCN`b_Ppd$(c1v|J`gn@f4csYpb)f z4=EEpv(re@BQ7lq-Ccg@bYer|_i_Gg%b0@b(8x;&MJBP8!{jILu9`GtMU35xaWR>r z>1}SM$|Hhp$_*^HQq3q2ul+o1aLxYlEuyFoh6I0(Dt%Hx?x_j01f}ji8IgG`9Bxiq{svcAtatf^a!>mo?UsTbt2&DRUG{X z+7~KJSrp@WUbLl$&%%d&ub*}`W}G;p_4(6lD%_aG+oIHAqzBL8-_o^riwv=(rpCQ* zdHWCI@l*P5XD%ho2E4;1P{n7*mnVuA6u6_n$>8@(l6twk&3};R(aH^R-%S6M)6Tv{ z9v8j|9emy{n7>~2_WIOTYgL%1-n6>D$3}a~NdwQzw{nL9j5W1G#7}*VFO0}*JWt2) zLc5Mz@65*ewhr}2h;^~(BwG$cGgy-k@Qw1sV;3a zd%e&p_MmJfQW3FuQ@@bB)z>&oOvT=Wl^11{UM*W4Nb_~G!#{9ZhLKBS;dMrFMP|xv z!AJGmP7PFlZpgxGoQVcMuVlH%AAP%AsBmFAouV_yp~6ftq)RZ^kUrx}x%x!c$+lk) zJJ{Eslslcsisq?~>5aOnu1qAHK=L*yQ9P()=)7R`>6V=LKYeu0C(Usa5IsB<2ur1L zI%b1=ui;Yl?b>4*T7n!^6+_OH%xf*190f~hp)j0Fx*W9UY+iBNwf~xSI9y@u{@E_V zw&ma*$50lWPd^`CP=8TEERdCj^9p{(L_lBq%*z_YUD;JNl~p@8!32WhVuE@2=!7c( z*0VUlU@i50+{c#R-|V% zXnmC%X8OyR{$2sg&7M>G$)Bf7RtQWzzJz;H1ZnD6kXIM#J&Fr2lsVsHlSIu_X;$+3 z5T2#e*>>*=m*$~r>OUpoqt}M%SQqbn5X+PZ5%)V!H~lIFE<<{Tcbr0&Z>jnK=?I?E zXxDkp59A}F(Nv~Gau%n(1_NrW@w59^NvC8s%7m{x8k40azkg@s0rTUUv$B^98&2a< zy~MAo7SLSuU0))rVw&5)OEyV(B~}=8MMmUu%SUb;P2YkNAMIi`h}#uID|IYN8rWrs*?(8aZ+t;@iBR;KB5L zBNnc0;MBMYPw=d<>mHL=eRr;cXF8K1T_=u+aG;>^^vfS{n>8F~IVhBxZ>0d}1!l_~ z#{M)FxUx)^>u7sW*IMvWQ(pL%%_wzP-*zb`>kj#n7Y#@G@a?7H-_PB3^Z1CYY(BC2 zETxt{qq!E*HFUMU&$Dl+yo6Ec=|}mAcTm`chD9U{7qXsE4ammHJvQk8T(v`TWE$aB>5;xj(VYZg_Ev2%vz zw%+)*0_DV{pEH@$D+$RLw>59K-^{42>^iVxu3ZIQx=?&VBV88Dv&sd_+HkuQ6?YUm^7O@A#-)g(-h|jb zyxPOHUAF;9uu=~^y@i2OL;O=I^Z&r90f_`iAN_+<+Yui9JEw*K>If9ggce*ypaoYE zXu(wkT5uJyBe*JrK{uK%)@B@n6 z0zQNmTt%P-R}pBzRRmga6@eC9MeGQ!0{;q3a6tlYM{kt^Oy(hE$54j)D=qk|TMYrR z0~ShP7P&`u41rw1-3Xyc{vd;hxeS58h+r)T0riA(`u#B?WDqg+w;;Rt4{}amEeF2S ziETlQj1&7~M9>qF^cYaf?SURcMX=ovA*96@lAsMbq6m<=BHtVYa!G6v?ynxG zFxc$}Ze4(O#2O(c)&#QbK^Rc31G5KVKsyC%gqT@fmpXNkl2WTkHupD06D4< z`Jdek2}E!=3j;Zr2;l4>RIIIt>0E*AwOt`V?glyE0qDt(u=y@xGoDFn+c+i_C^!*yJOi9WLKh_(@X?rWJ?b@H!?;F%#aJC-4Ea|E@cdxgq3wkMrS70A_ zEGV}%54V|-#rIBnyLA$=CSm{O(`G-65DU-y+&b2*l4I7}N8Cq3`AXX#tPbX@OuOZd z>RB0!)s_Z1dm@+-Go>y**PnzxwKhDUs7F+qe-V~m-XrPiMQE_dK62b@Hqlk4&gA!k z`J$imk%JUysOtNJ8`m5ujHd&)eqeu%LTvEnl z){D4t)Q!9IVXgELA8;1s$BN3pw7xA7v;W=3k?&q77Fl8S#CUv$h2%0V1UO-V=~Gkd zNpYuxO%~G*4URY!D<(HyYs$WVjoEY2Eh4L}fV`?`Q(xaU=EIRo!%wef3mT@xy~15f zziQ~Db!~cOq%v~1jhB(yjhZ3(#W|~r3GWf*P_u{D}j{64S(aYlC zQ&BAA$P7}2W(*an&BR!}#*Jnt4@2OxFn!`XZtD`q1FuV0?V*0yvH8{TN{`#`spZo@ zRS!lRr!b9m4#hin2eP{9;imCV9%qPX?m7TxEa9HOm-lrIld5}ua!X&&Yc-KMxp9yr zyR|ytMNH(-uXoQE?V@ZOZgxld5`CvB6H?BIDZC>!ta<&w^RkeLIS%J;8llpGQ*_@5 zDo(CjFQ+9T7rp_jJPL;wkl2?86%=~I5A13wNiRH*`)*GDd^dmFZ za^gbfA9EyBm=tLmTz!5QE-1HrjprnTUJ~m$JDhQv8l0btt#5r!WT%GwdFQ86#JWt@ zu!YAEf$QG49qkY~mg!JR9A`DA`1+UKJ^bX=LyzfnF5UO?3B20hS<&7S%3jgD`R6tM z=_8&W`YCD$-Y@2AEvt64#y#S*I70K~>-$QtJ72GsJ-^o3Tbk-TGqHKzZ`L(vd1&#g zu6O0eU)q{`lEZIqo%1<2=kw^< z1G?YeRZXft-=-RSonNiYF~fW|XDpKgZWeLizI345W8+Ej)#(hKG`dH%GZ#NvcP?kD zK6A{rj&AJoEc1B5*1)!wGyJ`G{{FAm^)=gXY1K(Mh52X_@~Z`QM2JRY?HauIW0JOE zoAgn9iHn`|WKBA%-)9*=x4zhZnpYGOYW_!@?)AHC*0>|Sx~?@QWT|f^Ti=jVv^+i( zTyZl^O;F}w>(qFlVA~hI7Lo2i$`_^bEzjuMOGmaoGm2NVGgBXrjo0NY8W!lSWnuLg zm*cb$&RR12MtJ!k3EMZx7audjJB{S%+LdEN-v)e?`05p0Re#tnzm?)5rCZARFg~ez zoTXyV1SOf6URGxc*+V#IZNEJVo$gqh@swLr=QOkQyV87=s`pzXi$*MA(B}n>Se97Q zsd=(P&nN@=!yle(`=mFccv69Olj=j7!3BQa#H91gB<|0}PU(bMr`K40F3%C;4O?}& z##=-y`_nj+2v?AD8&{CkEOq3Q&#%lUJahI8f~;+i)^I%th0I-Ej|b?l8NL6Jy_`eq z|23|v*IS#!SE{5+>vgQ_sfSOkDtIOd8;5%OW)#Lvi46`7HOI6b8jnAqE8_F`X4#=L zquq~w1ckWfBrQK&X=qf65-ZNSO+J2_tM9hTrN)9IqIdP^X)i3Ml3b6~{khGMAp`KolS-^g_WlbGwxe_&0>yg8#YxwA6FIiFu%tm zpe(F0pLDt0BU=B-kwgJDmpG-6Eqix9|Dbr6`q@du`LOQsxJ<*lPYWJ#GJd|nrZge% z$NycF53ejkgSs&P_^l^bAM1T%V*BW{UY`+@-15t~c~$4?9T{nU!_QL0Hk1<$ls-W$ z>0Z(u@(c2V*;!fv2SoB^3R{+wFXkvu-fC;5JN7V5cZf+uk&lr>z;>`k#QM_utz~KP zPI1a4u2O4+kMa8v)!~hg8H+vB%@OgJ@8=x}aOA#D7^|+&ptZPEb%7=>H|?#*hO}Icg_o>z`;l;hVk!O=6-gV-E z-|Bt)E^&VzNj?d08#!@rL-mm;RZDV!K%4PJ<_>C?6Ew}qukHQTP5is*h2GFfuOE6n z9eHNvhG4tUp`hcw8f}v|Q*!pSw^h`_`Y z{Zlgh|A#38Yd??_x@vmc&dI^p^fo}4>v$eHzyv?cu{NB!^e!veq z(^rTc`7Pj2&?FLCdJ}<`-bA3KHxWD1n*hOs*4{**wKowv+M9qdKKj#W=}iP$dJ}<` z-bCz3Zvr1eYi}aZ+M5U<)km>FXz5J^T6zHBz z5L{(&@&`Eqw1?Ud872M~Au5{eZCDP78{mUtU@uAxV2iPB0AN-+MeMxXxhIIo-Z$6) zK!_osVhs^f+ZMVW1#(CUDB|}rq=bz4yVn^w2q2iFLb@V2N3}yUxf%@_&tpydeTXTNF8^1h}H;9;TF#$M^m~1lL&<7^Oz?FhF+?Yb#>fH#T*(%`Kht%~0c^CjH*2|1>Ko_!u1=ONL z@-TZCq{66m3faLT1k^Vu9tQi6h*|3tLLLSnEI}Rydrdl2@%F#22t@*cqKY7ZxW5OB z5FnC*qKfvg(3lPu=+ZDqApYZI`H!(h$gaqa7oyoBpnoF%uh^o8igv^DG|fxD4^b=z zGD#MyUou%)gnyX)NNlfy4}+^7 zPTO2xG&rt}+nHi=wX>mbk-4_<^_Ik$T4N$Li#bwPB_B8EXBx6*yn8xq9^a>hv})BbdYH@}ofTEF=MGjx_Z;=_x-IEPmk`t=iIyR zI&1B{*Iw(h*IJ(O0>SY)+V$JdO!j1R-QB%s2x?e}h9-DJl;s8<@3w^Ow5lb0ZzK?= zg}c@ertD!o7m0Zg^Fe2vgJsy9)vco_%)wKmCySmuuun4RN}3-JYbNHd2^W)stxV{( zr`nl_5J8grm-PA9Ffxj!cqjrN20m+PeEq{HK-byJFsCl5`da+CN?U!j)rvPpqmuHR z;?hMKMMM}Jbw0)TF~w566ZbmG=r{`OzHTC&{=E8%jYxo5_f%ly<;kKOiOS3sWg-`J z8a?FFi3C>>(i<*FO;1s)f18MYfAfoZd9L-&&cwAj)~zgp(L&t(DW6x5`CnALuB$Y; zhyOm;r}<9sS7+N|)TpiNwRufJ!7IA&G;-KXu!=|OmS-5&O0Q#RYU1fmeZk5Q&PIDK z@%>aX0>!puDT+1oLf8Fem9CGeU)D}B;*i!ZQerfH<_I&{&yp^R%!p!09c*UIqaaj6 zZyLh)VeGsRWb#U`Xem_y&w|wFM2n=a;lS+`6`a#-!5oczh?2af}rBss-Os&#FML&TH*#Q;W|^;58qH{ zotJOVp1PDadAe8YZYwXhfHXJv{p!!(9vb9-ma{_Lbh>ZuXBqpshbS^SNteN$qQgdx z!7^fvE^dW#;uaDO(X95yx$-J1$$4f4-bL4qM!Quhh{r1fllT%g(Z!S~FXydF34Igl z7IXj22wFPs?Rr{LpEScDRzk0_dIbZnj4L>=K6g9bHY)zyhN`Kg+g@&KM=9Nc8aO(j zXnb>BjnS`#Tx7CtI*|UgyuFjuk37x{%0TKF=I?Zvg1Af5MltTuQeA_ec4aav=ZfDH zf0c$Li*?UTyG?h`xJJ9Sy(4>B^U|}T+?iu!B$#-4X^#_Oz!2Rbq&aCF#V-&ylkz&9 za4z3WAv+h2O1&q=D$ASIm+FJmWu+9(%df9@Kfobxb#v~oD>CkMi@In}lD+-b&$H<1 zS2AmLREpLYb$ZWpOhl5+88Tm^vH9RdQ3Ph4dR|uo3=aI$e7QpMYC8M(6oZ}0_Pb?= zmIR(l6(Ps3=5U{F&MK^3BQ~KR`+P=7L7FXSxn|rrPWk#-9AxXlC4Vaou`S}JA3>b^ z7p6?wE!19mc5aoih;Y_oJsv?G8!7MM^dvI-Mzu16JiJ(Cnc-cnE}eYm>x{`TCkZeE z-74t5F)=z1JfW_W!JT=ea7tJZ>-zKCBiys+3GklMrqzBEOq%F_WY3>t^K|89qtZ~n zdFn^mjhTpy*X40M5gMnbqn1)bHRzarRKKCdRqD{P;vgE)<%-X~g7qGgL&+1b1*`5G znFz{A>-u(3C|W57$@35zLBb~ff& zr}CGdjPujk#Mbn)xgVzMS=;3E?2x3zel$-)-Wm}JRiAxy&wWr(nu+wf^!*t8r3TNb z_Np;29>DaO%*z8QvI~1x@Cu8aiz2CcT`{C5N2V@K$J@^L zB9q)=kt916dWU$w-s~)W#rDaAl0OEo6?`@nTP(gN=IGlisy7+tsw5{D+}-Jv#3oyk zf<0jpwYA?uyZOVX0XOtpeLC@U>%xXA>vg*b_C@3I{cdNy$RAB>&4x=soDN)^3`B4J zQf*T2$~;`>7sP*tBZ7GP+#=>ZLAu^x%*>Zr!C3mQy)gK#%F44;d_+YfA9~AIXgfU# zxV`vX5vNJdeO}3ci;*Wp-?>FQ9pkHaWgXhvvun0(yHoQSv=w-InS=o)ucS~@1s`7Y zTX5L1rs@^i8@m*1%h9fIr?>V=*?tc%CR<3=9y)VdiTkej)q#E&CR3~qi>W!}d;9oB zMPF84&&Op6mhQW*Ih3q~U3xI9GrYI%>mnX%XDi{ZLS2rA{WJ~d?C1S)gxWle&f{>F zqp8IIG0wup3Ckn*3(f*u1GhUMAoB~(a#-w3@UYmI;9;>Z!NX!-f``Sv1P_aS2_6>v z68u^0OAy#|AAljSVqXwJSSdB2afp+^QW-%64|D4Y9_H2)gyq%)a2DXy;Xy}$dkEGz z?D{ado*hMDi09*s~ocsx{ z0hQ_Rh74T%5}+N!2e_-DdBXss^Q0#Au{qS?LLulm;RBKwLa`wrT;x;Y$2vKQ$C;~e^N{fX z10D2`@c`@GiJ5rBT7}`L@RKtSfNO(t=J|s|wooPT_n`<6IfE+>Tu3}FqZIty5;Rdq$LTAg#>&zYO zg8seP0v8hhz32!iv;o3Hz-;0E19%9!bNqL>2saXs(=Bk@DRP4WV_>Wk5GQ}qB?r3K z{&$!NF5KLJIRXXQ08&p(;=cy6!HvS>RSUekqcUA4hV}sG29C?g8v;7!8P&EYZk$* z^Z#)YkF#3fwrm4F6mZoBd>SVnh)2}Q{}g-$$oCg(>JEx20R}>+80TWxCg)BASGe zsy?!}sI}j+gLsu_pSv(*A{uias{!RlPc~kAcmQ!RhK-}Rm-Emy&9WYe!m>v--`gx( zYfHK7&(iPh_{0@?e<8Z<+^Wx6IKOMdUV&E}dV$l4Vrehgr+p@3C$|$-YltsJm!g;% z-86x>GB9Mv+phTf3+gI!c2uPZ>>+d6cO87?I>mY`A=6yL#5!E211SPE_%A67e^7?M zqQMB0=++awnu=~9FyfWE{-O1<{)Z(^jju%AQk*>eq#|c`i1OEl&VT(rR-AWEV7U^p znf_&AX4Wj;R`mJ&9_MEA?b=bz3Ddx?GVZZYs(~@iBnTCkD@6v;AAc`=sF3BE_HZrW zd}w}jwZmyKV{NsL{u1}_bfX)HEojmz{Wkr@POs_-tQ)$Vp zgXCkMBxX;NsDIbyCwkt+aj&7NmCf}9+TBiqJfSBVB;N|gt6Ncp{7px88iASKji zVnHI0snQ@;J@V9r`^?E^?cV)zLM2GjPGT4ctbH#xC?43+U>HpW?kQKJ8;d19qhvz9 zs+jG-RwNaDwG$_puI57P;zO>EfD9x2``NQ}%)1e+7X=r3$(!es7IP3?5hw+&3Z()? zT~6Qj(le?AD*KEsQM;b%RS$?RVkE+%Vt(X8vO{i$uN)L%j=MqJKe!H;`q_p)mM-hop*RCrMypF<_y6@hg#95svNJA-0R$0&ldfyt5|vv;;nH<$pn> zLv?XXGQHjO;Z_ahMZu!Sr-Sc$yGM(@M6Brv4Q@9GP&H|v_LJ+4PP?f(NFRLH1@AeJ zXq*T2yCJ6$q7B5IZc$B4e+|dvTV%1%{E2S2wep=Sd!e|kwI^6Fo|-Z$l7-9XkWv~` znDQxw_Oq2czu}r^opZeB?6xFPAl{A2DQxCdEKOjNkUw0s@2*bBB`?0)Nte*E*_gUh zpUu+O&5YYRA6J%hI71%1l)=t(75NZGDiHH{-YpVK$j+ZP{GNsXJ&SuCES;knT*_#~ zkiEXD+Om-GRJ(hRc5}a7K`t3={f4(J(Yx@G%(ZK?eF$Fw$!a?kBR(~EZPxbz?b#xk z73x)aY8-ZxEgbyD1*1~Lt=`L+7)D9W+IIbO$1;`JMfRUC!cCx&{3 zl?6U3l?o~B=NImc&oV}GxL!Ra)@zm*pJ}!hZXAJR^7`|eiY9qGzF;#j!TYvP$6f2FVNc^Qc;Y1!R(=Ky4c!gt{ z`F_ur%`Qk{k-TAR5Tv0%d>>N3eJB(xs z>d#|MyDi#?r}|Bk?~H~qkPuL5@)8ykor_$PL@=sXW!edHBk_2PzWaD~B~@4K{sRW) zu(8dyrwj3>4^#5lm7YqhG}z!U65ccqR!3wDCC(O|5iIT2CdZuBR4JpveAX4Y!ic{v z_FNXJCWp#Zw2&Z(2ccxLq2L^HqG8j1d>!VPlJwmY)D^5c6Y`-3j8yT>q62V~*()+pUpWAJTCs*BNTkE1KE}m109`%wHNu9yWxJ_^$Ci zHLy1wyo+Krmh4Q7wK|z|3(sxe8R1P7d*t8IIbe@-#3cPM&^cJLx+CZuEN|T}=p66^ z2Q~%JH~_qW#v$MZtN6sl39I-7G!F4DSj8vc$^n#y4YUrhG@x;Sr2&n@u7RKc5FG=q z9Ci&&nhRcmmC6Dd2VDal!47}}jf1{{#$ng6RDQsf!>(be{D3QmUBgoO0Ug0|`2meX zvSF$Gz}+zXU^*BN{~bdEG}l1m84Rj8d4v>9y8q)O9%q)r$LIwu%0Ex02aMk%72$q* zeBoi2!;Qp$6-@l|WO@J-k9YXOgNfj5IY_3*`v=MN01}Tg%i%Z_|2S10K;jY09R5QQ z9wh!^pJQ{tNQ4`L17_0$y@4msrUx+bh<1f56TzW)kgN`fh6CaPPwIhzD$##$;f4!| z|1OyL=K*_wp#NRn0uK`Z-8uq1K)5>S3*-TUBThOLp?kI8hay}&``~2Z0rTkrao`}O zC#LW?)dCj^LG{c7@DD^scmPqIn8M>U3*4{=ZXnG7h&^xv)Sj5a;}i?9fjrpN|53Oe zC}wUTn*fMva|5A!CnoVY#R4A^K{;~)$B>{=QYSt!1(+kpX%@KYJ}xj49K`BQ90?9H zp?;su@L?h-XD%=j9FQ|e>WSrioMM3wiJ+Vzz=8*Z%!PaC){58hs)&`4DFu6cOQG?RCtK*>UKR;d-CHnx%=>AI7+XNiDQ z0b4HXH_=f~%^uM&VG}V;95FeLy=FoL69P-6W1fw!6p+Pe3$M*fLLFb;nkSZ*a}y$0 zNVtTWGoWHf>G&ooi|Sd#k#6~#58Ax7a3-yOP%U3wQ6C=jV2jDPO72!9nV;XnqGcbddjTd`}wTc@sX`5wi?J7n`_SpF0(Ij6+t0X1(V*g#oiqAOXw7p z={1}`*0)KoAe0YO&K16 zFoPCKQWpZ+Wm`(yOK2!1mkk6w@dTP7GfI;*l0;@E#?zfi`i&*IGaYwp5~j>2G1}=K zHlMS;EB^96cC;hTQlrhS^Cg4pUj>jY9X#C4DulHdy~~8-$HwgS<5$X`huQT_zE-r< z|Ip9`;i%Q&BYK>%;fp}SNpmhz+`yOY0KVNV;PQ}(@MJ;Mm z5{ZYm5&gdD!$2gX(R$*__H}Km(&!J3-dl=NA#^Bn_xipfo&AcF@zMS&_n!Q;@w*w) zwr<>3ms?M42(5JJs)~zLba1QN^F4AC-(^0jvdOX9H&kruqH`!f;tlPxa42v(B`9`! zkX*;qhk!UOOX`#sLWoRD$@fWRt5~AmvwG3Vk`34~E{~Zjw40~ZIv49SGNzcht`Oyz zRt|CB)kCNtA-rQEPuJdr*=hQk_MXRu1yqZgu=P*hmE5W5aLf>+5Gw;+cu(W4DkNhO zBV01YNSLR(j9BUNFg_mt%(TsTflhhIjOf|e?Fcn?I$eiT?iD&;>GJ2lPC7Q+<=RQ+ zYL&j=itB@q5F*&gcttULF@)SA4Fxr%(lUea;`7yd%AQa0eSRd?bs9FpSvGuG^`?kc zB$f;aJ{NBeUiGaye>p}A(So6=?!wIMc6g}2Faxil{OJhe7se5Td^?OL(`2tzGc3{Z zdT)wsC?#LQ9t?DSZ{>-tMCL@5m>d~$ebFjl)2X&5tvEVpfso*Hjw13YGV4BcsnfW5 zRum6#uHr9A%wkHN-Fwx zd@Oy^ci%ZU@aPO9P?NJ2`oH4JzP3ktO(eS@a@DJ$P$qM-`kNA|>}!eT1*Jz8vbJ}4 zA_6`dMHGJ?%oZFAqk6VA{24)P=UWq*`d~luWoc!UEfVU1(bm)Ag}sqC$7IOXL;b5i z6h(v?jH~B_1ntF2DLJQ#cz>rv^KaH#_eFE*iLfylLS$#0klK`CA@QKg`Wj$E#o|JB zVXp-@Nxi8nsn2P{zkydbh0QwhEh>J(=V1Ce+`NsO-}lD&(7s1t-MzIE#L!aBDs;pKAD?f}Urdlx!IzOIP+QVrv7@`Z(KZ79YPY4KYwcN1~0lVgR6kLdd?mvv&I zcQVu7c=akjaG1k} zt}myZkFxH9=4$)~bC?SWn<;V6H$r-uz{uJyExJTytTpGE-G?;y`P=yxRIG2m=gq}{ z(3VcTb;o1DnksPAX55z2)4sLOS2HM&Yk?#4!OQ>&pEiq{5?AXkLK#^tg424skfHqJ zp^w2rzE4MA-bO(=OJWoAHI46%rP5**JJmR$=h(YN53`oMbKV{Pru`DKcMIr0-vef6 zp5HP{O_2j@+5;&>Qq7y$rx0$xxkmD)jT3pYe@H7woOT0EV$1t6|3&fib?`Gw-LVVMTHo~1RNWGJy8aBNx zwijnqs05)2Lk`fCnzHP!zq)Tx;1#;rST zycY&ye6Bw?&}OET59Xtw#hwdEJ$DhAQv%0|GXdoZrL=U^Q@^0^H%g@hg|msU-r5gv z?Vq)NbX~E6OJi28+B?+$h|B+$w$|-n#Xz_%0=T`&M&dSVw=^kQ{#76kZ$+ zv8CVXx@M2%1hQ=b+6fkZO|H6m-_r<|wjGa!QH0F47qMISU^6{@&6VHK)?#vx(`t55}8IRN7TSPfR93TPYxeXtT$z?H+U zVU@YKIAIwrfW|@49MCxE8t4d?ZV_l4^bIr)fj(HeMc~RI)v$Dnz?DO)p&72=p6(FF zsGpL6IfdcoqTz#uWAXiga{(&B-zkKTH3FJ+e1I1T#2fkkz>5SOTYo1JRxs_4Y&y^& z;RQ@3Fs%|;m*}Kc=dqWxqk66dBB?o>(kq3x@24@QhQ=E9V{JTC^xR7|9&lPS9H<(Wl8ea)0*Ap`l z)MkGlittz!!G)U#=m?xGAgL!N@pzvrJV*prMIPXE4>%M-Qcq0cabO;xx8Z7ra zw&!<2!_EEA4TR@_?tgAzUZ0eS$0l`#4->(m$PFbAz)?;dNd)Zlj(57kL(Xs`@i@0D ze7Fb>MQ-3!8#r6I0X2JKK_9PM;K4<>k$9YLf!j8R3rHRTf+$=-Zjlo+@p#n&2lqNS z61iY$Es$wVurxd zT!5sWRLoGL_jknt9}>aY3aA&;#|0z_|Ap&;uZt{|M;O2O`GK z`fL_ZadPw`SbS%L)QOea70uExp3RxDwxA%>wHAqC^q+RA+P}4ePT%JABRV02@vNku zHVucum(d1i_VLSd_D|JlOCK8CD~)@53f1>V#$~+Vu;S1nymuo#NeWX<)oB>?iQi{C z#KmuX$s}QdJf3>Bf0rv-WxtMzTt%>~7lo)v`;x8k+qs<{ZG}vw4C+;NLV@LhMN=_$ zv*`DN>+wTEl;~SIPGk@BoNzhHzYkizH)-`R5m|1$)7s>jPb6mT=*X@SMV4FI;+wMf zynLX;orrm>!+oejGj8L@XXC3q5g3G{#Sc1Pp7}70ujwv)r#i;H4GXfE-4m7T1Fh+d!|l#1Ucn}O=8G( zR1dQ!7gv#xt|4fmBzJT+?x=i>5Xvv4wYaNOzM&d7ob;jJpJItLKVAl1A%iaWd)~*` zd?)nhqb9Ez@0FD4DltbGIvQR#{5p_p30oN5>C(?OkS?k30KYl2hZ zBe~Du$uts2WQXN}T@~qvx=hK4X=H@q=Lfk_$0Cu~*(fTW>-69@zu+RxrCnaRa%(bG zGkzbbiTS84g^gG}Z@cvPk|Y(}*vTk;r~aLsCXRmd=(FG1rpkEQT*C-2^Xu9fy%@T; z#k4W{WrYYAZ>cUXxc5`rO?k1z;^tb!$Dcyj7e%T$eD3|+R{x=De245#jmeVEtqz5DV>@~3X!L;!6dY|U z@dk@Ds~`^)60~Z4t_8P1%XSRCn?QFHUbeLCZfsa zMJH2I+w*nd5I>y=!K;tX+&zO9qF-0&oT&Wl5od!~D~3tCyuRqB{dlm} z)~!6#VBo!?UiE(8qH{vu_5-oPYlVTsHYty1^HVYB5+&Xven2Y}3e_g>vmzaI(s5jh zMe6iJE%ag*Ft|76=U5?sT5L=}Z@qWhl0Ra_8Nwqz+SFainBv6YV$g7{VDokJ`{74V z`a5YNQ>gkoU$aM=)N1AKcLlxqA)5wi9B06|=kM5Mn6_LLhr5BqQs5e)r6Q5;x9cA1 zoRMk2l3+e8{0*;d*58ZAB+W46O~&X#^1}?3+XS(_1%j^L605mS2L!hZIxH5xS=nET zVpH%bRrL_U3BQ7HUphdM@k8Xm-HSJ4a2lUuVr#VAmfB``f0s{Y&Nnpi3o$cpQthDj z(_1ZXh$Ca~A<>$aF`eH@bnSR&6W099vs&GSLzg*DWM_RwYixP0j2HjZ&6jq%6{mwg zVqE4wbI<&8Vo)*WD)hvFbx)bJoYM4uDCITv6fOZg*0NGxkzMSgqy z>B#4Y4eZ&DTARA9L$kLG@8|P}jptt+3u5kGyoy_>OVORxRN^5qI>XuZ39YL1TG2%j zo)K1)29d_hjIN8wdH!t8xG7ARa{PVJ)MsXG(HaF}sdyRA4ltp(fA+4DGmkkvAV`tm z`T+f_Kyi-l$J6|5*_0hPp3xuc7HAx?_ESvb(H$?_pW`5EM#qeo*T8yuo8!Vb=QOIi zyOzJaD+BQivUOiD`nljNq#Xw*mzNYo#R50y5K&nacOC~hUeR9R+@d8QsJX3DW;ql} zqE@-WlanO+;z4g8W^!OwtbX%_fjJ8l-KK$WgcHtIhV7}P{q+;Z-H7Ykq1AE9X9env znH+PAl||02j=8-|KQsTFdD9`|)#s>pXJl{<_ZsOOb^`WPBshoTG?+yYkh(ns5bVPI z#rv&=128WQ08Ne)%}t7d{($(B=T)Ch!>MpTJGf zVe>l^;X@*5bMOIh7HD+v0WPT%bMZLq7j7N|5M=^A2z)?X(1|HL-ui`;2LVj(2u+mv zCnNDVw<_E`2)v;C95_4==6XCS520(*?*kET9t2(hv;rOcynwIc#1tN}et!Zvu?%<~5^Pf$JcyPV_4|TuX+X~0CoXCPaPc^=D%@6W zXht|-)drK-op`bwr&r*zCW2z-0+LiibJhX5>rPDJzou6}DRTiQf}jcEfFn95rto;Z zaEG4DCl$b@N>pWbsWKo9&A?>SH| z=)Bw+zm*?EK96)BF5T)X4GaKyDYnlk7p`5J4hj&rlcmQbGVd!QT-#|~(3xr~rbeVs zoc^>Sz6ZEsJItPCs0xLBcM8b668hbjLEL<0;lV?V5&h+o%VOBYEn*uT(G)}PRngNP-0#QeetpN5_dAcLusEdnlrkxURG(_Ic50e1@^b@XRg-7; z)-MugzxejX<(lpo>8sG(&ZpMjQd>$}WNKPyXPw6>h{Vc<9(Zg9dZgY_5x|e}7Z!d{ z9K<%LY%}y^q+yL>U@NWbdIdvST=RRP+~Bi36{db0&)-}0CxGnd!Bv^QJw$X&Al!{OD|B<|QM&tw`dGnJjPG?e4!z9eP|= zqo8Mbrs0D1H%i}*Ec#@xgehEWxWYH;?fi9mu|1qDkuM4i zH6^!ZV;G1XI<^PU`_GZSchy3$Yn{rAeK^1z~0amvT=( zoOA7ImD+ao{635=E2QKTG|N-86&%C2#Ui()Q1@L!XE>y0F4#$UeI=6nfkfmsN*k<5 z^H7vZTQ(YTyOu~cUcQej@6zdhLCjN%m%7`mNg7&$SvXnsDv)-UtYk2HWjqL)R~F1^ z0-U~?$UJ;U;Knw-iLrntZ63YUm~^x9)gTC@7Ha%r^lMW=O4=an#km>qDt=%tLKQd;Oco$Ro8{<1$ zw}_Wruh-X=XMDXh@270{##I*D<-jh_RdvyMsVMR| zrt|XbE>hzZ`opicnFd^HHB^ThKL};XWWPm5WekICeqt6Wed2jneHKRn2T6l2{`Eek z!&~I5YPi#xCf@@Z>2GESw=^=zu26CK4XZ8VUAK&CB>&ni%}hY{V?sl}mJIL|)v+MF zwt9v(%B;A9KDnxrL`57aMRdlDm^^X4jlhgJP+dha3OD<@a7+dl3z57G|c#4y4T0TGtudAQJcVj+PAQvZsHr{zP zIa!rV0NoQfLr#$SM%8GdJ059Zx^dE{=5^4P$xA~6#ZAwPS=*B~BA7kIhQyJ#2h*rx zBTmm^vxV@TCadO`@t$WV(747)9?X6|J?Qd88jUJPb3Vc&_t%nfADaoVkT>(f?dunm zR*TK+UeC4##s`Uh>nMlou+u@jZRBiWGukAh5PJ2{yj)l?KzGNk834aP3 zt%qjh4*!PJZXHCr{np~d9^>>q&K{}-YJxXU>_07eSSxNJE!&J5Nsv+g2v@yzG1fO- z$L6gGKaWS4M}z7UxgSx23lz&hMA>CcRDLhQ&6yiZT2tJA3J3y>hyza#PXZ)1h{-px?U{Yiwe{O5hPGaPtsN3jhO|p>WaH;!xPcvrQZlJ1neAiTXz}&DP zl;vIc7P-k9^Tp;mtA~~B+PT7>jTo}V1^F)Yecw7J+%L2nR}7frIOO%7gzI2*4?;Zm z&n1^<3n1%YvU0bW* z8iyu1#gd&`W?U+7e|X|dlanvipk0excE|`+{*b&e;^ryp$9RXJkUG=b9M}YSo znt&bj-U}Z3>S4u>fGdYx1O5i6KOX{kJYfx3*AQ5(BW%FXg7po7Re%Dnz+eCf?A$kS z<-oBCG+ zlT2+;G5?Q~c$`HKAA1=zMxmM7KtKRMhfZop9b22@e~iTAOnSI^zrajwP|V`Q1&e@X z;W&#PZr(3wqBbBZ4W#tMVm{8GhYN+^K;(txWdNg%PE6quiyq$5WMF&@6tnn)_!y{O z`1^tbRcwD)ISX79d0~lQKvGZ4#3M=;uCNLyXC43#hhi3hBk;r|9_J|rl=gwH{WCWw zyhuFGRSY-p7Z}+Ag;o9_vIDyP`1??V2W9~dMX=}-sGfO%_6g;Durc~OiSUp!+(;QL*Cy(qn*na;$6yc)$z>&xe z7$Z<{3Wz~Dv6zoL+yWO0!DX8ZIAR0^rvUTk#1tNSf0fD6dN4XS6ZlfxprnfH>NT<$S!!0*_@IUL+oyTpDib z83LqChoVzJ*!xMD2({P$9XW$T5j6UtI4MBtiAntT6bsx)JWjE|Pdx(@2AnK_ljy`e zJkDf+&x!-i6*v%hM6LX9p`-^sJlG`piIQ>xr{4Y%N~&W&auKh2e1qv*H0!gD50_rf zN+ryt#aZ>{3{U&_jm_4L+Mt%GoaYN7!&{|Kui9UwbQ4c(2eX#) zcPG92NV`>Z|x-gu5B&p%X_B(PiZ62?>3M}wL%xG}_Q>086ETdi=U zMuRn@(`RW>%=bpjFvEoxFcG8QDUbNb>k*%6ptg2f@omdOy|u~JO!@V7_XR7|&Z|nS z%}jOdtPA#QIq~dOZ?S*aGxLoUCs>rsO`mUF$R6aoE78WaBWU_gm+$fl6pGZV^&Sb0 z9C?=0oA~OTyT3`tx?<<1Kxyagf2+LRc%^Q(!w1-MUoaGx!dA@tsF z)@6aTy`Xo#DbU2yVdoKXpC{95zh@WcOGETb)!20cjbM7#9aHZy^#Lh2@kpbv- zjjqNguXypfbDLioT)s~Y&Jc$`JrgSvQHRDp>KIAJi~&M47`$(Z#uH8Q=^iEUY292X z&B4oMy@&B;3ilC?&h2RRD|kBcsL0jdOuKs}6VE8O?K=A;UrT#Lo=fB`G@4Jpj|2Je zNey|&iy?WSZG&y#G{kG*wZ8j3v1w`}4?Jp`i_c6JXFaT`3`lP+T2&(mh;5Zf-MSd% zn?D331B~bKQ1WQgG*Q_SbL#ghE4NR##$+}dQWzdt>-~_D@U20(!fc`e|u0)oF5{Utk(BKPTjyYLO3}^PS4;X*Z3VKkujuBD+SOlIeTw-z_YY zUhYRZNEfWjTP=v^km_Gfg)BEshR1sL8@KMDgXB2)!(OcFLDY9OC z?>>veXVuMEFnC@jj*sC7!n(K!8>%g-P?=GPH!y7qndabNt6Vw zdN=ckc~!Dh^p<wxcbZ>ZJ508Yg1I*3`r6@I7KQs=;%CL2nhe%~}?_@0&MZ z)Zde~%39`fd?MRXWAf?rgL4957_F1n3H?TKlKt+H$77;>(`}|@zr`e{7eV&ne3)D; zEyk1ebYtH_GSRfrS2WT6>pG^~9TxA}2*SkE+zPgKTCS~ed5szJW@*$47re!_)cn4$ z;WvWeNlbz4fK`qw&a9O}I8l($;F`bstovi4RW<5+LnAu!H_=OHA0dU@_MU)nqb*2y zKEWZhl}=f5GnR@M&(}g@ymMc#r@A?U{9xo0JpjPTenMvuoUH8Cohj7RR=XeMHZ`F5 zoT@kq)8ReIKsV{S;i;_YH9h^RqH;rmPJXIkh~M;OP5EQ`e#~U$C7f|DJSZtc1-39x&?Hl_bMP2)j$t z6HvB`1p2U~36~9hy%(qnJ#GVIUOhk;?*ZpCDgIap2-oMDKO}0!QPfdL2;Lu`ARO%& zrWn4|^bIxPl9D>si*VUyF_q4`QPVv*2l z7>g5}-G6cBrNAkzsO~p)O&3I@q|R3?3|=+<+C^U~AEL!dP@iwOI}~E0!Jjm;O@kj_ zdu#8#^mMgu?vB33Kn@;9MQRtLKw+Nkdqdl}a5JZog73s47sQGMaRc)6V~VunpBSA&@j^u-2-Ri0CA7fFvn@s0X))qnIm-Til+3lz2Q7#b4flL|bi zw9#qF)ZFiUzh2U$-_|QVdxLRVSZ6+CBVVxl!~tQ2 zn!wE|9Fe^P(to#2;O4FY!)HJ=Z3(fR+g~&<8|Q07_4~@jtc%1zacu z_x)g;59qG>gE*gqQTTTr9t^-gbFu?xiFpCA9CX+40g^s3505oK52h|W&=eqa4z!U$ zQcq0cziWU(bG88%DDTNJse>iucR2$G1`bw}KNB=C6yZYR5hE1dp@lr4OAZWDIe7%g z!6N)OCc-5G1YB`=0CW_JrkordJx~vSBM~lgh8u~;p=R)N*FbZ&0kh=~a<)OBD)ryt zBDiqFgT$j%DE`M>HqfmQjDLqN8({YE{v(%-)@2|q3|`HS)~Y-k)osHkEeKv#kBoX` zuMpp*%LY&oWe=Cs5fp~Q4Mvsci!4b9h@$9TfuINtS zs}3gy#SfOMR<*5Pr93`Z80BsWIdginIJJ$K%elEerBf2)Gh2&$I*^n*(fZYGbGWZZ zY}M?|*?|DfiH~!#MT=eY?u|L8vhasn>zwHI7$=J3gCvqd5jeW4YAeUtb>lP)EqbU! z2QY5rhV-llpNGW9aT@kXw;^~iu_9<;7)z&PU^tj*o|9P)l3v_+ihB138F9LGJQFgN z^K`wVzMA+DdcB?o_w-$iL_x|RCnX*F08@t`^946I;i_z$kJfY^{oKT{SEyspy<>`V z3K0$Hd_W-d5UC~uGmoMD;^l|P#>=;j!!Z;)w}r6$77z=b;T0nl&MbZ<*KG>c)x&s% z#P$6>7DwLD<_*EeSG!4wY%&pc6UoX^<5#KMcpKdtKCE|)VUj=h=U72azA7=872jie zP5M&;%j3d2kIdk81~LoGw0h%A;xdsrP7bNb7Guo>@^ixeJt!7~AG}+gaNTbtwMRM* z^!VV-%iv1KI!?TLx=*BI_g&=O>dwVz9c7Df0Z%ron3kQb`?-S*%5E&ASq;m>yt;a| z=LZKiJg(_Q7@#I*4!!z_Ix?Mg_l@ana_>jZUGz~TwaUO9RD(9U+nS_L|-t?!Ox{q{La##>~ z8BynIR*8xi2Vr-Y;#ES1RR9>%$)CZ5R%?Oj6zl@j2b}_1#j(nNBJ>hbaF~R^9 zJHi+0`?sIQIo2S5rH0%mPm+E^Q@OfH8jpEpfJe%Ux>ZcZ*5;wGqkQEd=vI~fiwu5&dhwNMw$HkF`TdQ-D-h1LFr*an`qks&BF={-`sG zbbP%a)H6|9T^w7Rt3c}JyU|tKUbfqvx4o88`Q_Vt4(k$yrng^PE#48N4{zY{c3lnR zd9`@E!dZbGwZ3ZT%`^{INR6SZ59#A~fj;*x%!RvI?O;FOF@K~)9CGgsIq8)y;-CSg z*wv;>TDQLHZETKnp@?@~k<{|wT~`^~XsAx673LkwqYIe$i1$h$OL90TEG~{i%%G;& zi4x^ITW~?v8NrKjirVYRkDtvJKd00XlSk;SQ#T~I)O%g-1_b}j=Nl{Un$#`lrX&`s z5_c-Z2+_`rHJR1Ph<&i}E0+vBZPqild^)kVH^_&N>^UylH{VKC!;MRel96tMd)gtF zS(slea=g98lqR}OJro(O<#jD3|MZ#ofC5H`KK}IBr^bOxcPBS2)IT&6z1}{gmMw;-ZFsae&i|V7`2}q`R6YU# zqWurxf=8N{)kZi$-80KbZbGLM_lfqNHA8T((rTvKO^kX8p(svAtF~7w`EIsUyHrbN z7mCDkee5@v)IRVGNxl;>mT`VS5`Tk%$9p!X_qCRJemHaJXLjLp?wQ&y)`4foXoNl7 zEgD_p@44i^2o?=jnvo1)Ok5eVoNH>8x#w-rT5>Tvl~=^anl{3HL@2 zCB5aTL1rxK0T##N#WJs`y3|mzHZ7qWOh3-Wno_astG#e+dq2DIR0$EuuP+hf6$hr` z1HAUK*`b$v^vM@HYqWj4o-*$uvz#cG!5QQ;qgj;hhE zZSoSWh(>iyE2FCs`Eu7sN7T&@54U1;&3C37@11i)3G=Av3zX!MCm1p+x=m_*IFjW* zGJPtH_;{+u!|M7bOPK=l0O zJRM13V0b>Tfm2OWZlKjQsevqV_CCTut`v%qtC#rrmD^_~B%(~tNTY=N4^kNxDL1eT z)6ADq1_UAOJ==M2dG3vJ__sMWrB*hfoJm%WtemKV8&A(wtae1VbH2^@LI})7Ab%<( z$a~hml8qyqo0gA-(YtauES-{hy_D9eF4I|19(OL>Q^+ZvjMOjZ2e)=(xFXW9uMR#| zJU-9u#VAd;{+3^<^WQ#Cx`hdb5(ARte$jK3J?h z6RTc`#PUo{MT!qDw?)2%>eH}cL(ebyvq;#E+23V68wX<0jwX)3lFxj!T+GY z3V3f0ZwkQL;Ct|coY1d=Ek59@;8pNX5byzjuh_tC=;?t2TEPE#fLkCAm`6`LRS=I{gH>mgN#9|W&KDFR->HrP4nCXux>wKuc2v!nu8YbR;vZ2j{BHiwk4 zvpG~!9O~A#=FZCI?yB~-#&*EBz^i~^Z|Y?2;9~CtxQ1YbGO)$OsIblL%s{0FI8u)s zA^HQ!LykxuDyF~K^=k_%ap--J-^cv{PY>L|2LJo@i(va#DTAznzK6-?U~C+G8T>3L zHef&;@bvE@{I%aW=cw*I;7jx3?9pbU?lf*{xaCcPs^^!^X&0eTdiVLzAe|G1t@ z+q*hhn>+nBN{-fj`RjLnS?K{#%-Iyc$$(Q-;IBy=JII?`TUxmQR6`5dL+`P10ViYu zC1GQ1=?t9X1)G4rkdm_Z02DVHSeBj*ns%I%O903T0fQ94k0=}4f}4Tgl+D3dm$b9A zF^B$)nv1!uCfGW%PC+X){bp?arlx)pF9?L?{RiT~Cp#b>2nhU*c)-!l#tp!Ez|l@F z;6GS|&R@j;w#NQSI~x$#2<&-|r~U{y@}F7%2h;;evf02A*g%XWP?(kz7I^YI^+y(% z|LX}Lzy$wI0!Pr3|NIPpFnoY)>9FAg3@tzc2MNFadWIvz=WwF^`V`<$J&?jN&+v=Q z37X%oz)@mGt|Jg?{L-!D#IQ3|&SAWpz~*84YQ5 z1r=o`=xlKT<^wFPCDk?5s8nT@B-LeQsK6)t^+8~f!v8HVd48rd zJs1T)d3*REAUgKzgZ%X#HVS@!jH9aM;4x&3U5u#?7kz7cJF1KJPPWD_e~pEIE(e(C ze-2tuF@tP{%_bgLcGJVz^w;|Xa=CsZ7b=$D$L#OqI{!uJ{|}=7Yrq^53L7x6qI^FI zg&Y>=JDm2g5`8}h2%yT24v?c|WYl2;+#Fa#R7|d$o4Qabm;n>p+5%9+a3GimmO=LC z2tORaM|9-Tx-l@CPQb0h&S7HZf?7hqiuGr>K4`v!xzY~VdmvW8y#9?@M^y)G7+O04 ze6sPRQgC*5H8-QW=xSp_C9SGNrD|?t>;ha+2e}DK|F1`Y2*M8E{C{WG&u2K4_~H6` zxX{B&E*=g|2%rUiT~C1}{yAy<+TQMWtkJX9>LgC$jlq83X=XvVl@)Fsfh+ z!q0IDdkiih@9D1#0@q=-0@%t1AnCt7#!+|8fhZJ!!%Ia{oxpKx3bs|1 z{$Fcn*CWYw-uL?e`yJ-SumU9F^n15q7?3F{CL-GeMZg!1FV@_lya~-sc9)8oPoLkZ zu2WOz|2sY1Jt~0!hmWeOo_gM2PyPCF{p-iot2i*mx}y}W#v>L2ot~Ha>ZfeqZ*ta^T<%ge>ks&1kZYb0KaR?ii* zXaz49L$78h6}^#)EqXl@e}R|lIWMp5Enenjb)6Nfk%%o;JxkvbZPZJMwG3J{Dye9V z#B0&IZu-s3WzY*3fU6!nd5d1p1zh0e%u8P#)4I&du>3XlYq9EC{!6@E1g$ZRp5ou} z`wgw>Z;wgunttpim0jaM4XxZ85aM1=O$qGxH38sj-fcmEu}yZTWeVKR6qWmU4dvV&MTZPVn#e+JpY8Pr05i`8{!FloYKh=miVjj0x~o)c)j)Z{*wLTo$)b_yeh^Fz}Q zw8vrIk`gS2UigDy)_<~oo9Q<x^Pw{QUC`OrbPo&#tt+RV3~JyaribFZpO|LEJtQ>iD*HlAA@2=;tI&qMv$ z{hNwaID+vI?ZE0LM^JQgDYT|OUNs$~Bb|%exs8^lqg2&N8Uw8Bsp-QRNIq=oe9{+C24>mo@y&kdFJ*>yhc(C*?_pmU6 zt$SFHXZ#0(*WJSqiFah~^^|K<1Zw;}miF92s|+)lTQAGn)0XY?E9qVl#eL>$?zw)f!g>JLMxLC$Az1<*IR8 z2(fSr<9A0w6Rx|38RZs6FxKeFVp&y6(1f<5^$Nc5b9(gJ63`)aV{ASl{E^ z`o0>g@CoD5WUZ%#`mExwXVKQ#ZAQo<6JfScscik<_D7P?z;U31569d7Xd$?eI4>Rlg zYJr6nr0Zed2bg%J$*FwUoi z%=O&E1?#(?Ti-FjxnEVoCvd)NhipBc&?fkE8?p#u^&pJNhVv0{h=p6Ilx$R#k3!v1vsoCy$QlMBWpKW|?jGhgWEskZTNsEW z#IC!AnaoW#WElj*Jq$z=f<5gIM;)w*Hb3fxUTVN%g$5DTAB zSI%3+?(zu>BN#rRQnE#`=M!XoCly_Wa^V(wtLN+Ob+<6ngk=$&wob>aVcT;L!$mJA z_;VYw2<4`Q=ZaX*Ep&I9Tb9l!H`$P75DfQFDcQ(ecft9B4cX3Z$hh-%w+)%LM@O<% zGPYRVhqs8hbe=rhj z8MMM1)OnT`t-HLzqUeP$=q)O*heh19XczQyKE}8ot19>FWjF$kyK$7eyY2|)QSKs$ z)#ch6bo5q~*TY3gu8Ved@=(hl82Q0Kq>R;WSXQ2UsAUif2T&>5=mB4oyCXlCJk&A> zMt;!SSY8h+w8`2FnlPWXe6=QU*2W(p8(HfOfbv`frL8W9Xa5wpbNzfKSY&z0o3_1oPiKX{>gcoNVPdB$H+Y!g-Q*%a4 zr_)Nt5ywqkn;AzOH+4&;p1YJ2j>AY~s?SBs_{}$(Z@hI{GY?kT^fr&q6PbyQv>7Zo zt6`o=-#TUajKwIEy$#*<4QtJ4Zz0BFXoQoflc|kr@Nwchbazqo!d3LC)^imXcsI{r zcH@5NwV1@b3;!_CC)IXX+f9jT1^k(p%b-=w-l(I!b>{W3wEHqzv&?VgMx^ZUM_=P6R-a7NT zyUu)pm-86>)x4bIiP4x{%$aF!y2=BxeR*Y0xA_-s`YY&3%s0% zxw~-?@@~DXd$&~qYHZkIbv;3N*2`tk3e(@)UtSN}xi5>DdASUF;Q}fZTdMVvgB~wA z1f=oeujXY~{@(WTdRWkXnP~8mVH6_S#SjbQ-`id;-{!PSY90BEo690t7jP#n7%AEC z^M);EC`S`$LCQ_%4Ode;QnE$tt{k9?;C587yX{9^!mX66lxz{~WdSW~p&W$;Q||SM zg*T{_Y!NFLy{rr~nOhja@CTKWErLCNAj(nsSdwy)4D>dd*Eei5&nUMrg5ex`yUpui zT{l^K!TQeQ?$--k_=Mg<^Lkj z-cIv+IJov@1n1Vbq1-DG+f0?T(fZbv@VSbfFM1iV8RaJHy9|PnAM{T5-3*n?ml2#> z-(?VMi$fD7TgqK`3p2`1)^`~MTla7#Qq+ky!@BNO%1y>?8N^z*u<7kIZ-#37%ZSY= z*GF*NOuAQFH+2(t^!R5YiE_P+;ez#@XUf}GW7YbEGlhgzx#(rGp$U_5TL!V#EllKV zHKCU(v~FR>&xH|e-NUB0(7YLTb+1xxGH%OIu5}CLYc^^xZ-yP+ml2y$ZdnBDChnvO zovdMV!$R}i`YuAbx`{g>*2x++-9_e$GB;V@We^PaP$}6c#jyDNGHapSWZdS6)fU&? z#;tDRR?1aMwus%8H7tx^xQDtO-Xhq`8ZKDhd2Q?UWNTA~O(kQCRnI510ynq5%ODnR zp|{Aq8GO#mf;O`ull5H&!Eg_~h33r-3(Zh&GH%Nt7H*-p$h=vVi*Bae!U%?Y=q)sF zhIQSS5u97!hH^Ka?v^dcP2I$uY)H>7bQhUhWthp_WPO)Gu+19IM9Ns{ww>n5xGjTN zxP?l|#*7TxEHATkM!AI%jI5!z)4UnhbrZo0)^}cw-n?4i!YA|=nm0ErG|#Q?GKhs+ z=q)mr@BH0iLniCH41(bvdJD~)VOKZ#*{bT?`ZkD-M(OT2q^{pq8`4{3-V7JLjMz*Q zChNNlg5e%|3(cEhu=HgF=hk-_#KJ99O13tnT=X(xGs;cYcM$~ZCho-Ao_n}$r+G4N z%ODnRp|{h#xo@X=VFbfHR7y6i?d~-9tS@Ks&Ch2#2U*`f+^wp04Y%^Mx6pk4Q18nE zH(B36Y&|xL??)`$LT{0IGwkTTjMz*Q&enG^1j9X4O1AvG?j9!VyBK2O7J7@!n_)-y zX3Cwd?_vl>*3esM-VE!yFC#cv-^CCMx6oT;-fYT6FC#XSxwG|M48d>@y`ARGu&(7>k+?GPDZsJa6q~{jy+iC72c;h*AN^9yS?u6h-$wphdJIxoY@BCnu^{cT8pHRuz zVpT4>%Fjtfmq9F2g-X5_vAZfs3nLirp|{Yy8P;{LQf^YwWhfVJp|{Aq>3{tB(%C8t zBN*Pa$_2Dx5uxWxK%}aJI$NnqL&eyS>J^b4ENC6Y2FMYritJM z8!|s0Wc_Ngg-@ttY*qDo$}o>Z7D248-%kAO`Gn!3Bv+fB&iFamkYx~zlwsKV&Pvh^ z3(fO5WEsT5EmTT2EbT5bU!>e*L*@wbsS#YuE3$^VjaymU+iBhm7ro5dc^t9~V&N8g zTg{tcYxiZuW->R~kYx}I_fRR>vbL8sT(BYYouSwBGkijCuX!`9?Y>O5xeZwcu}Bqq zo6VbHbN6M$X8fFNNQ2`{PCXAG9`FTBMnA?zL5DT}^TW{Xnu--hQ++;%* zL9j08PL%7pha1+M=Qd;+#KJA~)|)pstT)dnH`$P75DfQFDcQ(ecg^{N4VlkxuU@MO zbvd{4v$xy4>FzeSPHV0S4Ps-md$)?#rQ8Xzk$f$=isQK1hD@5U41(bkDkWP4dp<#w zn*?nc#KJ99O16lVi*Bae!U%?Y=&d<#hR+Wtf)_MlJ_NUVwZKK5(EIMm=7u%pxh5=w zSonnAhnY9SqHdC_6||XUn>1k&1nU;=q^doiFkJL9f^(nHAa>(NCRIMFi?|bFBPAP6 zxNneXb6GEyaDi`Dfq(p(dkK`iow-bVB0zK!Nd z6P7_Rd_r%hdDGo#ZdG-z3CkcBKB2ePyt!emd1gZvZ5itJ%b*n=p|{w)xnZ$+#?2+stGl@q)q4J*yWo6* zm-ANht9e;hb0@5N&Y-*3e2JG!ptYX91$W-}*i_;*#`cEA<{2-){xVNTx%Hfv{B+&6 zI~v&CXHM1?B-rJg8;8fSs(v*Ws1eQ=qZ;-$aW@0-s@g4zMp*aW-tuNx%e@t?#u~hu zI$_)U)VeF)AE~wsdSTgnd&`?)J2$CzL8KbBdo|G_+VAZxZ*JRL9*NbUb?Xe4Bt0y9 zZ)**%w1EqWnt57QJ4Se}R{cwRklzBgF4*C~t=4+go|L3|e9Od;7_o`}UJZ zQJbN6y79p4XD>ba$GTlx6`;4Ayt!#Pc|>Yv%U+LE*!|va^5(YP~|Gll`O?NA~r<2>}3&5{s^xXh)5lXgC+M^F>Ls9wYf;_N?4=dNoq5#XnOgI_KNl_KyoAm%^&G z_!H?`Qr%VPUlP04@Sn*enw5)gWaKR3c|9ZBh=1GrlJa(_{v}e~fCok{f>mqqw{>Z| zWn{VNWvoIY1G`rS{M-8F-$^4!8n)Q=4F3gwvP#01WW7TEC5>DJt1$Sz z&EoBSUrQcM>mt~N;jc7oY1T9RJw{Snog;PQ!NwU%PX(`uks}FPqL<)WlnkC9Z77C|a(cqL(rRL_RDj11Xd3cCp2d%M8f?k;eTWTb|(L9o|L zSp@IB{on0v`@coHmclB6_ulgF_P*ucC9xZg)})!e;Jv%~dx4R&L9639essUN2)p0g z`rQr-t*MZ$>=V3?q*?;2x}Z9ds%P(SSoIB!M9db!E`s;ozVEiX?|Xrfv%1Ku8CjQ9 zE6FMe8za`;@x8>zMX(Bc-`nxs4(qEgi2zFukD-Bzk^$h<7M$Re_uV-Y~``&Wz zcGz2enPkrzxd>Ka@OzuR+xs?qM|&~HZd?ev+ltj?)Jgb98n%q=Rc$UXau(PhUyW4Q z``$|L_J)<-XGSi9RT%tAx|USsqL;bwa8a z=yw-*FPYXwuxdNA+e*5Ik@tO(c+|)_c4I7jw?>XNsQR_~ZKYw0-K~NCrs*9VUyW4Q z``+g6c94>nWq;JjrLYQvUrE=Js$BFkR-utgVHbvfRHC*p(B0YXX(UL^?ft768G(Lp zUw3=MzV0(47r`nFes4*4+g;La?SvV*2zFukd&|1p?$?JeFmi71$M)*oW}>c_R@2)1 z;_&u{McrpcE`n7A_`U7i?G4+xX5=E+h2gI>Z0tpMMfUd(&5jN2F%S?dusC_P)1;yS-rxcQmaqatW;J!e}-4 zb&0t#UN@}XhG|_2yDPZSj&2D?E`n7U{@yO_w!2IFqFY)DyYK*&hOI`Hi*D4&xp{px zBg6dnHfql^Pl;4JVD-$%C9taBKbXX;XY{*^w14~d)6>Im-+q4k@Q?rcKcBw;{OLcx z`Qo=vOoILM!+zXDy6S>zm22F>T-8#}h|Q|jDZcpK`;Xjty`45}fB*LU-_`bh`QhiE zxZt6!e0Fzj2gK(zy&v&yU7@XH>wWch+g+(0o*wq%&p}``6O}NHhlqWIz7$@b#xp zKR>;D_}$Mx{`l}E#^BqhAK!ik@Ey80*TG@S;`$MO6Sl47lvff8U;XaufB5>lumABM z{xBojSp)AS+Nw4MCJh>$Z;M9HMql(G-+cV={nMvU?|=GZ5@S6s%Ur|qEHsRJR;+pp zmD}!e>^E;e|J%dwpMLry|GL1EYBg@hVid4076UL@^v#DK-+%wh!wZxcbM3ovsC&4T zGUFm)Yj3+7uz&mZ`~UUFkJ#sT&r&nS$k(t)DcRLUu|`U|3$DNY@cqyK{)A8X_UTXW zKfV9()5G7r|MdC8$6sbhoYnAlBq}?`*t$icS4^3Z`0~R~e*ziMn5pO(U*7-xYJbL2 z?Yh7^*_*lt`Ne2&>IUK$XM3{?d(+)@{S9X3-~V@F{D@h&#irCq`b@EjZB=-ByRF;q zZYyY%V&ZG)wyjT@p4y9Tx;v}ImJYGaOjyo^m}|^>erOez(K)oj(lf8+p~ZIn{^?Io zKhDMEwNI{Ir;14}B~>q8_ZcTKY28wK@$R>DE7IRS{hy!lP(|aGK)uROMZHVJf^HhX z@4ou0F(X|4mop_F=3(-!r0hKJEX4V|KYah;e?L9E{psBp1;78((@bVwr!L#NCqD`9 zsPJF?%x0SBcL)^`S1hF8UOVDr*|LzZ{g3E zAD`Z03?F{=_wTv<(}y2EKm5~&kMAB%zkcNZ{reB^2<)F8e)ZeG;=r@j<7s_dt#+r! z?SFmT{^jH2UvkNBe*Rq6J%07g(`TOWcevg1-rv3d{3AcZ+VQx5fBVz-PlG2eQvKnF z;ue1?e}41!vZ`|(VX(G9NZp3}c@&oStI zm&MzjiCy+IAh2kXKmn*v-tAISw8vWtmFJ~)?MD~EOT%8>-=ud z7=nA?Q=afF(LH=>?7texP$Q}JIKjFeCr;L5T(KTw@$-kuzkN7=HjIdBGxn06(E-z| z1S@a;GJ@x`&Unyxkk)prn4KHP-#(nn&-{B#*{Xrwjgy=E%BlUZKlAOweFzqgyo}&} z9Io1r_1>D*>_;!XAD7(^gF=7%a2WYs_ofcx3%#iY@%s>LJx!0rwe@uzgR45gRYxo9 ztZZFJs4F?AaTKcV7{96O|Mwx-hWI@MSC8Yq)2bftw5msRt?CJct9mHss-9E3s)t^$ z>IwR9R`q)vtNQh!`%rBiP8Zesy`@$C?A@whR&Y4KPMkBNv55ZdPYVNq& zjU~0!ew2s1P>t2uE~@)so8jAs)qd<*uJ&V4zdDSgU#r8|EMFZ)`-dGko0ZkE4n(Yu zV}7zajiP!Vs^xw!tI+B+PSL>9(egc3TlhE*?yeulhTZycJZNc+C~)g=T?2M3jldSRdMsQE*s7SlfDK;lU7T|JTZZrr+xZ#vCw<+qXhC~FqCnAVhx+Qejpc8*EqWXG+ZO{Au%qQ~ce4EL zF|_$xY>e>R55v&yGxocZj0EgZLWY2yO2N8?;V31OI8EVl=;+&FXPO=k#d^jwj+VdU zqxp8k80K$}!>3=``@u@R+i_o-(sA9f80mnWN)Xz@PD2?lV8iF_12#0i12#BLOHjiu3YJ=lWIoLezWDhp@_2lJ-Q$CXC8#Z^7zZnEegd5E(SE z-F7Rz+->(|%Q&t($Vcr6RP(vJ{h{nKwZFwQC69K8$1;i7UUyi_SL_a(l4HenLnt1w zy=br_1WDTOj*pUq-Emc#-R=F3!xugSHssj>+n1J8z>b|~*ykb5C8cP83ok{N(~z3P zb^8(l25bn-19mFmP6OMcgXz2XC{p6G-`LOWIc+}WZ_oLnDKC2ta!R@&E~4|EZNcOb z=DrjtTb#Gn4?K_LWlva=^n*i^Nwl(LQ|&W$!ys(H_9Z3^*r5cK0Xvn|uNJm{ESXxs z*0Lr0J&s@3A*q5LN@f`MJC!W3g%SRVegx>^?_tO^;ppv;jtANby;VY@OL-Mkwn(KvHjZPMz%!C)z;NRZ<81M8DVa~sF7Y^cS#I$!Y^OeDpqGLn$F(`_f|# z7}yAQl3o(gl%odP->%o9!IAQxuiGoOJ+2SRdyZ=qIG?e3R8Df-kc8{Ht$gy4&wYtj z8|QDw!%Fem@!(hw4OHBDJP=$YE{9VoJ+`zuQuYzd_Ud>XX8hx~j@ORm!Mfi`{^NL} z2$0vEhT3fVjMGpi4cJb0_lWyV8+JUMBts|4F)3Fk$`Pq=MB|bn?j{*JJ)&^&9w+KL zg7La3LnjJV zb!;7(xNIF7t(fq%x2-#MY~2aci>BDR;4hS4rAz`FrZ?v_1-4J$2<(vY8ZfBU@_hBU zS*33Tw$6AB*fxD5uwBM$!0;-1#wp`9>dcSnw}7qFW&@MG2ewOH0Cq@S0CvnAd-X`u zCuC#wcsypEi=_ z?``Ci4siNu3L}bD@W=#b@ms!sp0P65sTKt6n0ZubxJeE+)WY-K`229@IQ(`Pr)b`T z&)R0}&2`7jKY*PwCtmRt(5#gLvwhy|ZJ#$hHsy~`6-o~1B*;FKN}2{Fwkdyn!A!cq zx4EPXd=5)?jjujQ7pSR94yeW|X5foDnS&81?<_Az>jIxj$((&fML+ATz-)Inr{T+E zEq@8(Bpa0VQl1gX%$@1rs`d)(khND}C&|keyOI2$L@Rlrk}KOu*-Sb^8lQE?RcRlk z9mndHCF6z$geB#G(|`>hhzi(F{)6=n`HwAjL(lEl4aQ@19b+!#oWkb0gx(pCv+BB& zUw}oDD=bOowJTI#zKniu#=Bg1kdNPOPV#v>OuKL-7z%;-`rA^!& zR1;)qg0521;4q8;wQ_}7({m5%d2zo}=8Y@*3t0;Xh6m2)9=FPSAgO6^JV-B*NZB0b z?@WV}bCTU@IIO>YUs5a49$P0G&|1tGY0o@E%J_b7eS?*vJr!T+IbBZWLVNg|xa{Gt za5<0=2A%hZVUMwSUs7Gset$TK_PABa-yZ(zxwK*RT;`+FSL_L!QvUW7l9Ki%tP>3W zre2bsn+AkZ89x&WNd9Oong)z$C4PrT`-KB(Mbh9v?IxdF+I}hbwBzL$C@F{rblGKx zN@-5_LuFDnP+#Reuv|Q%glGKr9sFRN=mHUvAB+ZwM+e9({0_q$W+Rh?QrRzCVRGcV z5A-zierSy1Sn8*W6R8v^Mk@8wq$%m3^7v9eO&T0&*Cq{)d>l?N(r)3rUCWMR62&7* zpwgoweo*&A3=DH#L29ZvmRh9ZSjL$ZZxBvqFM(nr1}1FIi88fdn8d`7h(S3WwMg-Z zTBPFG6T^3DUrsyMGEPjermj*u%--0FvX64Q6OGf94Qhvqazq-^Om7PCTT2E+dAIX-j~u)0O}u^U-g2nKzb^#mpOl9W!sFyDC`&#y|NC z*b%hiBE|Q>FueLL+Mh762^nV)eU)^kTBo>^p!hNSN5B{k&1dXYkKj5o23+~X8@9NWd4@+s^po{q4-e@n|_Ot5bTt?wWgJtz5=^^HLX9oFOY3 zaBNu0fsC{fN1OgVe$6v@^RjmsY~!IF6+(-s)$#F^&1U<8kP55!b7Jq>5q zG;+X}R>t?RjQ}g3OD`~WmD%5n?+JF5Cj(QS3`}`4Fxz(0naqUh?|i)!WE7cliX*JO0EIn@3$kK($mY|e&yN!pDv`X*VUULyXIgrzP} z`G;S-%-vS0<+PP1J_H|d}vkvm*^#PXH1Ft%cMs3{kYCDgonz04`zt6bnv(I zCX&CT)5e8@Y|@#2Mdn9?sY^QJ8Z$py)33-p9@sYXBVg*20JEOc1(R*3Um@R3SwMQk z#EEQsG0!O*NWE-35s3W9ZlziaLZ$i@W?c0lVAlN|lArQS9bK_4b#&!SuuVAxq?aDi zT9gmvr;>v`^B^fhWpp9+qpT(5b*1K(GE~e)${*a#IUY77w5wI3$*dm$Q|}m<=GK7? zTeOWYqb?=gr`;&sXJ1@CfV!0OJj|8+{*eY;(%{J4diu*FbL+`-uv1*eMuT+l$ihbI zAms?-NAErDJt2c+<49~FoDpZ?Oq)qKABUaZmd<5xF6_{ecq8?V>`3tyUR63sHBr8d zFh@BA5wPNC>U#2J)b-@csOx1tY)u6(>tVo#<>uynslH_Yjj3?W9syI|1sEC}w4$yj zeLGQBPTJGP5zk4J6*I6-qC5rCD|TdiOFo6!M){NzMl9uuR=I2m9Fk9=0-)HD$WgH) zslDtPHA}_Hh>LP!YL?0esacxN^qKS?^qJCLo#->Aeh>=CHc@p{TtdxKaS1ERS=%fj zwQLhLOW7uBmeLuvASv1V+@H2W3{EXfMKNE7m{pjB5epvj35fth@ z@H2W3$gKCk<AP8Yn4~=6w)S)zW~emR3@$)EQuS?|cttdqgW{dqgW#OSHn-idLTO zVF*gIm%uc8SvCPuXG%JlIs;5Qg}_v|1*W5|lYRuyxL}7K@lM2r!Bn zfiq@2=Zv@x#mwvIeI`H9)XeENrI?%V!L(l1Zn#c6_`sBdu?VGJ8!*M_z!akcQ;c3V zjZD)Wt~KA67(Hbiw`H1A-W5%8t0^0B$TZz+evOGX^$~&XOjCwp(jTq&>LapAp*|uo zot*$oeMDgDBLbrcm9#o&ml5NlT}EKESo60ee|is+Ch>#SAn}9cs>o|M1o)YE1H($h zb4i^u7iY0q^-f@_g8)+<1ekhRz%(xkO!J}}%H!E11*Y9YU@WcVdoaYTcf(yK{WuXu zF-SRgA?a7nT}XK@bKEJ6Y3s@yx88#}ZoP-+xM}`sjvE-$YDpIc z_C$jn(R^OVERKFlkwQ4*D}*y6MZ%eoRnH~I)-y;ZMSDspqCNE-(VlvaXpgDWyHP^U z_n=%N8QS7M@;%6OB}0gdWQd4RGDHR|8KQzG8KP<{8RCQr`Oqy*w4@&u0PzE@RNPK0 zP;onTTgC0HtSD|T;ZX93l5ghIsDkq8q8^z~15-W?O!+i0<R<(M(7rG+svoAPWd!2_4t4hIK};V3&}=V-AtX~@I=X4Y2oUA zETW~(a2lBG6(>o`UQw!-y~2bk=4UHkF@G83PPt-AOEG_`E2r+4wzJ;Dy;(Adqhfx- z9L4;!7qULi`pj^&T@#OE?PVvCWQ`K4Vd#c);hAU#&t)W^rdPZ4BPTe}`EG_~w?P)S#s9Gs70;0GdU7@T=bDe6XrQ@$0tn@YVeW@x-w>a-c zHIE`{!i8pKzVCjcd2}XIRQCo(=Q-aEXQ5|cc=Zg7nBIdGiS%VmMM@4(57niRQt1Mj zkntl=P8&g_A~`KH{=$WvB<*QA??(3{CrSOq8c0s*hRXkzF%;2?V~ZUOmYBcfDWV^#M(P4BX4!G7QnClM2$VzMQsfsH@AUmhYtz248ZN&; z+AVz}l9HdMTcP?DWnkGWP?o)-ts%X{4JuZ_(y4~bbcygQtAZ&nrBskSFK6l`4LGGz zeyfzOGk1Z^>LpOIR4j$-R*f64FS$BWK21AW)}nrQH4q0VNyW8{>YOgCf(_nMuI3 z^8?JeE}6J|DE(>m#+YnWJWlkNeNM)&h7-1%+<=afVr9@%4961`!|}GNc~Ay1ex(o> zJUZcLl9yz8sz+dnjUPj3se@&$Quo8pq@EK}E5;;SRg6jLM)?epyzBuzdifc;$;vfo zc`1fNN)^MERnU|*di2JRa}CmV5}g`9LL}Xf_GS8Hdi3&noJk~`SoU%BTn0T-2bqMG zPoX8EniiuZ@+l`CEWR7}P0UN$cHrIvHeM_GL3@@eMGL?`p zmIi_bWx6SA9>9i=nYYiS!461yi zS!T?4qrM^8U=UBd^bR!l(>WbPC5jn3^=H628_aY(4NJetebJ2zCi(u>|VbeK7!NIiYA7h zL9t%HODNMwS7|ZJmQX#Au2R91zhs6W^HnA*R0jd3el6LmdQZS? zOPC>$Eg=*zevmKyFXxeE-pDg-OQ^2NmM|>%jV!{vR1|Y4$2`gVzN0HnC$hU zS*ra5qePVWQIiqQ)MUgXYBHiJjMM!fg6>x&I-g5T#`j|pP1mW%T-Nxqc0<=sXOIBX zeoyHRX3ZSfUbdvnJ)~}xxrfw`GH#pplvDSmtDF!oU8US4T_wdfeiRf%7t$!V@f_ht1d=^Su470&P;?I|_O&v2}j{3S>E$X}LK)uaLCy6o+s2|7y@n0B0s#>iim<9w5* zL=5srjNJJ>7)njMMy6~0N+&1m3nfO?1R24Qzoar^{LpmY&ox25#bo@-fL-E3Z&CN7 zx0wEym0;rs34A}zY?l>s*$rk>WH)Fp7(aT88Do|sDTQA-^fBL!eJ05yB|O9EFywEU zDVO}6DD3Gv_Xy}>%Lg#)qL`H#RH!Z>c<#Sr_Rb zvo6xX(wa>=V-Z#NCi;_%lU7Ivsf;d;`k(5jG`{Sg|vHB+t5E*;)zy zGV5aesN3qga)5FE76+0t#Mdh%Lquz`orIH;A+`+^N6_iD4Ea21!c(0aN_eVsLxJhc zM_~FcBQVXW0@I8GFnxEEBO7S8C9UX9h#&MOMCURLq2DstEErAtgwdPO{pd~Te)J|J zU^#$r>vrk~O+{ssS)NqZ$C3C0V1bA$w2NNA*8uNz8Nl5UC5L zotHc!#8h5JQ0dq2n>nOv?UNI6VpU0ex z@#9SVw4I#opq#y&J)8EAmRIf=Q!3E8F2Go@2%AkwLG{ye_N?TTG*oiR@TKpkZ+)=% zrL#4G={yu*I;R|%=E8w#E*uyqX5_nZ2#MsBvo(ctM^~ADQO$#JQudkgm$c92YmjN5 zfoWHjY(d|BEg3}GE6OyQR|ckgObbNO~d@QtKaHA`TsSpw5u3^3I!fw9<|&t*p}3PBScAhiTJw+AZZeeTN*F>MCrLXg?1a#f*FgrQDP& zQo4+X_^r+Y2Bw|}oAv6608>u{n0g|>^gTmh>WKieePPxmV{caWY+q=_WKXjk1!rE8 zh>GXLNa7Lwt(5z+!Xcg?lxt81);u*Z%~JzYu2D+JeqRDb$vp$h;yJBF;Y>i3x=QOQ zV+#^1%~JzYt^rK*)W9@P4e>Nj4NUXY#d2m%3z+t2fa&{}z;rGhrFBl330+{6Bx9el z)tj*oF!j)Ysn!gPf!2HmNGF}?YDk6{LCYF99cGG$c|Y&qa~+i=T}K9zFg&&Hhh(MP zQ-PO$Kq=Wev`w~zj83rynx#YAG)o6evvj~TO9xD|bij1RFEE|)Th_ZX7Xqdo z)KdA+Svp|aK?SB<1DN`L6iRjeJs<6J%(}spq`oofqL`KQhO=+L{T#E>c2UfV*;UM1 z!i}_voHwkPnyF#y0loHe7(;Ry zqcg)|{1}vFsd?%3+cI@L9|UoXPzBEVRXJrgYmAHm zkgX*ytaIvq^t**0-LDiQ6Bi15 z!mkv`bRDU;U^?>xj_Z7HU^?HsY-%aS#DXctEQN-oX-V1*)A#Pms7B6XGNhohMSy8e z5SZo!foV<c@{)%b zKR)d)Iy0Ez`%&%7cf%CxeMygWKX&JIKbqUVpKBhJf{b7Js9xeiQ&acDM5KN&o@4xI z)cJm{6OsujR)$o@kLHeeM59E{U}0BuVIel@$4P7QJ*7pO@5Y-c7h>vPbsyG5lna&5 zJL`V*2-22Ny_fvaWfySR{X?t*iHC$Uo`A42$^742$^7>ZbThY9;<6ea4S~ zO*EiKApFV)nM3|cD>~(m85ZNmbggL0=z{M@pp zK=wlsNJ@(N+)_LgOnWRGIi)j`fH88Bza@XuyLIw6+FOc&`5dWYV9JxSVT@(ShOr@= zvr$Z@=u8t}I@4ruA88LLjTk?lAykgtGVS-yA*cc?MlYizqCIh}Xi6L_{CMG%XH?bn zduTGMl1zqnDuj;kQI9TEZzqWj00kD*=Ak17=f9Kg^$giz11pj4tT8FiF4l3}hJ_ zRt*JB$k|J-)BF&dOAO%Wdk`K77mgznE{vm#rVIjP+)fK4XB=>XIv1yWQBOH6b10$} zC@V)Ka~6J-PlX>RE(<^AP>dg?=6qk;E~*t!`8R&VnCTaoLs9$;nU%w`!IrbNRN-`{ zEHKxz(Mr{aIBG+^G0r7X-GXk9Vtzsf#ax_ABHP61f?`5eC>0ZyPtByPQHE1YUA`S6 z+7n=kGXiLrXwCbCe~v``P@ zN4Y)i3o|FikHM&(@YwuCkIULR!*(We2e2E6{`T#yA8)m2CabU-GJ%cfa$zf z(nft302nuH?G-SFLHIZdoG_KY zErle(G>1ato%T*%N6TL@WHNMyv|IC{z!YNw>+sDo$#osRStd#CRc9y_RpVDaPL%J4 zvW8BVQbFeN47i$aq!6hyT&EZlm|{#|iZOwiZs+-`7&VI9ANs^B{21bfvFc$$|~tE%NkJTh`{unM_`)Y07hC8{4JjVO}VGT zoG}+0CW^U$=^J>!RBr;NGedx>&k0O@PCS`*zlwL0?$eFWnlI%h1|#!*3D{De2@leL zFmbF|l5%=P<_iP@>cs$)?*^usa$q_m8H#F`2bj*$1g075!VTFb&gsawiR*Nx6Um2i z2w>X707i!)XbO56hjATE3|*%=C`x$hBLbtFn!hbuvVwKqw`@e{I`#AD9$AlQi)YMV zwkl;0AbrLWr5h!kVWvZVfpbYRm!txqe6^e`oV_Ao+RF!qSmyguOiLTaOowHI!jFE7 zyVP%~*BPe#gEA{ssKkY}?ew)wEoF{VzMz^rcEEJ*QTg0w=4!xrbUv3gQoS34`e_g7 z9B1BxP-(uYl#6AHne&h>p-P?cB)`?(4xJ92IR#8{J22%!z;F!lz8pD_eMzq4AVbJ6!G#s)>M`S(|#?# z)htOliB*2Ee1JxD=8F?4Lrm4n*3lNvnl#VQ&R&@=madkNTJPq$Yko_IFy9vwk^0v8 zu1q-&UNI7t+{_!fjwRlFM(HvOrg|*Db&dlkWjo7yl-{>kzH0ijwa} zUqkQ4@fH~)G20^_z~+~H1+zWY84~aGA9z*yRc3p#c1UYXJz-$#`vD__j(0<~WDgjB z&b|gxr8*`s$93gQnP$6<8_8<-j-njohb_p!O#2Ah|s&S-Xp#da;42FWgpoH zpQT(*NwD20%YumuMPI#}XB)YnYQw;Eo(%1H>mZ}&Ss&**G&pd<8Yqrn5lC@FNqf?- zBKFc5qO08JSF5qPB1IkgIsh5BhM_?uuN0g(G^uDD6lQbowOdVvvL^g+xoNNy5 z6y?dxhh<-gXi_~~U^+7d7+=Oq{Al{89U?ka4FFA5tipVlY)%=a6Aj!eXEH!%Xq2%V z#VVy)DcPmeXBbMI@5XGmuhVy583=S7Muw=K2$afshH|ux;>pq!$(XA&9a3iyA=wB@ zmXdLb=JE>^w8bMT@XC)$kyg)T@5wNVK|wz}qjaGZC{r&Hd(|=s1r#@x;#}Gs3TMi( zOVKEKNwq{atQ0tszZ4KmQ*2_&cu8yx)BJP!;(=mTk`l#X1oN`vCH2#Lc-MmsC#JTO z_K2x?M6hC*<|jEFN$0Bo(|NwYv?p9nR+6owQfe75AInRe$&=I8m2Z%V=cPiKzb#pl zU<@t^rg>#7r}p14rkV=}=6W5~7un*nGMaXBUk>C+To@`cOuGP}=Qt75u6h#{c+(y` zDLG|4!Z7vOd9KdTAlauNmha*3(v}lQWKXHmsOG`io%)w$T|DKq%mf;yxe?f=oq1sT z9sw}T<^hAK@oq%a@=;VfMf>tyx70z>ik#^{gz!lD3_|bJ1x^xBoK2ZVwC7V0s^wD7 zR&2&uSE4=Hs(d3BTY6Mh9z~Zas?bC$-LmaF(nFe+TIlcF<+LmH+tS1>R7CK50bkd!q_ z=4oT8+M4HhF5yRt?cZwGgHDWQynwmJO{Gfl1{P7a9W$A`8QjmY6x|QY5JQWifxlV8 zq0?k_Nh^*()caD>7cad-#KDG*On(0O_Wh4fAK(1-U%&a{5AXlq(?coczxm?p-~RJo z|L~4!ajf*yY4!H$^u)RJ>wkU6gz-Cuem3vkz5Sc(SNzMHzxkUtpFY3+`1wCRKK<|p QbModd{^F~D{N0=X4`&KY9RL6T diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/makeCertScr b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/makeCertScr deleted file mode 100755 index d33f4e7d..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/makeCertScr +++ /dev/null @@ -1,22 +0,0 @@ -#! /bin/tcsh -f -# -# Generate a certcrl script based on files in current directory. -# -set dirName=$cwd:t -echo test = $dirName -echo "dir =" $dirName -foreach i (End*.crt) - echo cert = \"$i\" -end -foreach i (Intermediate*.crt) - echo cert = \"$i\" -end -foreach i (*.crl) - echo "crl =" \"$i\" -end -foreach i (*Anchor*.crt) - echo root = \"$i\" -end -echo end -echo "" - diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/runCertScr b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/runCertScr deleted file mode 100755 index 1f2f875d..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/runCertScr +++ /dev/null @@ -1,11 +0,0 @@ -#! /bin/tcsh -f -# -# run makeCertScr on test*. -# -foreach i (test*) - cd $i - makeCertScr - cd .. -end - - diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test1/End Certificate CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test1/End Certificate CP.01.01.crt deleted file mode 100644 index d7e64d6de14e15ff446e6b7579cd0e13aeaf6a06..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iILHOmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPUF%&T1gYeixQj1G6^U@7P4TM1= z%)&e&MWw|h3XXZn8Tmy9a^k#}76yg}hK5E!(jZEl*94hskU%Z_#SKIu_Va}nrxqFN zItS<(7y^+&<9uX4GqN%;H}*0ZG-En=&qMl=y$p-FYc<<-9enI@TiB|#Se%Zw+KSb$T%LE_ aS^9zF(~m_J>$YY#Tnj&^;=NrcehvVq6xFu? diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test1/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test1/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test10/End Certificate CP.03.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test10/End Certificate CP.03.02.crt deleted file mode 100644 index de392400383e0f533b7dfca9e248f27fa8126953..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iBZIWmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uC<0eS|;dIm-Ya^k#}76yg}hK5E!(jZEl*T4XYYmh*W{VrJS7dH@v*v}VQ zoLYqBg2wsCer9B4U~cSXFlg*#YHVaUoVgTPxbykzVKhGLXFXny)>@z zU;Uo0qmQ`N7xMUVX!AXpa(eBSoprj0tgO#G=dbsiikznLjr^Fwgc6JKLAG zTY2%J&N~~8O@DM6-OD(VzCzN1`Tdv3zxy7>99p$sDojbqdG|KeZ%Mv+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zUFQHj17ke{BXM3!O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aTf1 zJju0c*DohD7c)0DGH_pfZ~FS`>(86-vnvR0c#zuSr7E8N;OP#ba~B`3NIqZ9{v!3} zm5P>r*?o08SAN*6)5^#EODfsTJ=^1_#+7qYf4?v#i@lgT*RXGz!R2*#5A0n1e0`hE y1jEVZLNkJQzRH_yH=I<2cJ_ccRCs&dN88(u;JmY<7xX956)him-+ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test10/Intermediate Certificate CP.03.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test10/Intermediate Certificate CP.03.02.crt deleted file mode 100644 index 2d691abcee2895447f470d89b440eaad4d5b530f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6Qi&JFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%E5)Jr)K_@HB$oQXy)qojDfkRi8A0)s6j5s!MtjH>`@Eh@##aN!>RGRU9(o?qj~oWTSZ4-$KAJ1O z{T83qkH1Gswwyg~oaw~w=at;#YpeXq#VvYEy8mjqUy)MmJFGrCi(Qs^XrbGZZdAI- zpktLn-^E7b{5K{=e7DRsO&_l{S@dze!H;Cuxa;dwVx;#PWg8yvW_w#Io|>U#@%`PO e%1yT6#W^i;s#o})#|4?ooh)N53i4UVE(`#Bm(0`v diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test10/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test10/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test11/End Certificate CP.03.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test11/End Certificate CP.03.03.crt deleted file mode 100644 index 6e14527d24ab20c6a6d5db795a4c361e03fb1f43..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iBZgemyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uC<0eS|;Kx7~%&TDC5U}#`yXapn;qQrSk4GhfTT!RF1?03Opzqo-Y#D2ce z;?yD}7c|aC_A?_Z19M|9gF#~_Q)45;mJL^Yc271eK4&cSsO8eyiT}S(_L13>8>lu_ z;=ra$YZvK$ocaFxWbd2v8dOLCMKA%dzyGzfWJyAWc zDq+v9gF?KlIgej0Rh#(xRAKtcf(kjyZ9b=ii)U7_1uaRQan<|sKk4)r?0ZxhM6*oR zC##=jVrFDuTpVN&01i%Ben!UsEG*1StPjA^AgjQ_Z@_E7&BmF~=E0cC%xJ)9APDrN zEFTLO3x~LG#e|2CCVdBoyR0$`FoGI5T9o)sn_nuLfb3;pG&2MJTC$nvO!E0XLJw?r zq~E%B>;J|_nbT&SC^Gb|Tp8`u(DHvzJKIVt?d&ZZ`wuP6J<5A*p|YgPXJ*dOHEV6p zrRDCHUbA-9;>eqmcYJl&9nE6#)il+7e@OS0NCnA@=YlzSF0DEBO0iZYQFO|a$Xo3H Y_4TIqt2`D6ZjG1w(2}sV+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zUFQHj17jc(=e4vnFf=eUGy;+aQR2KN7D(I$$_9#HV`W8Hm_d#M86m680<^1vqeY4D zwE3l?31}{6Zfs=hQ9p*@jh44za^zRt8_a8RySX1IaJYQ#E{2;3narW%cw3YwQ zC9Se;-6gPk$)1wHmv>A9pUeL+dG70GEzBTxeN)Y!;77lIH>_AE@G#DH@4<&X2~G0q zrI!@9{NCVy%;M+tii~W(znga+GVMRBV?Oh;P)D0sZiy~eLsQSx#|sMiqT}y>_d$4=48z)T0&kEp8aw! z2@`m7Ot11(L)p9y3sZR=Qez(!o}W?85M8`-Iop>LI~0=6bA(hpE4jRNY1_ZVb|sDl dx$y_ST9waL6xVi2IHT%uyDouc|3B#q&H(mv(H{T+ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test11/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test11/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test12/End Certificate CP.03.04.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test12/End Certificate CP.03.04.crt deleted file mode 100644 index 158c6ae019c76327e96cf4438d304e9e5bc86b14..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 652 zcmXqLV(KtxV*I#(nTe5!iBZCUmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uC<0eS|;dIly23gWz$76yg}hK5E!(jZEL-^jq!07<|gfgBgOU~z%CfhfcU ze4)juMM!RFoR92lMpg#q#$E=4#!jZjMuweAf49hbMlbRYcsu>@k~2xp*B?h_?=Iv& z*{PAl`soqJrWYGmtlXiy$?;x`?Y8|@_oJ-(%5O})@gZsP?;FBBN6tHbnSV}pSwa3H zzJ@EDF4r$VagHwRH)4367@#O4SUdNR?&_ru?k6vkK?VWf0F~uuWc<&xW`W2jGiF_sVa`ro(7u)T3olR0>h^Q|Z}URU#?xyom{t3kBbpIr;K bJy-p@acNZg<#3+hYN=g6>}5OF*=Pa)s_54h diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test12/Intermediate CRL CP.03.04.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test12/Intermediate CRL CP.03.04.crl deleted file mode 100644 index 7ce6928bb68dab8b652e28fb8ff93558af72a1b4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zUFQHj17ke{6LDTkO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aPDm zm@kf$d02_&V&=w12BW6Rod=;k~z~ zpIu^MTbN19IQ-hRDJcE43{Q8Swz|2);g#IL;d0OQkWnE(I) diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test12/Intermediate Certificate CP.03.04.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test12/Intermediate Certificate CP.03.04.crt deleted file mode 100644 index a55333b634aa3dff08c5e2b2e3c6d4272ac47589..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6Qj5RFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%A$F zO;Sj;vbgnPOF6gg?M-1a*J}^`%s-=1%z5d0{#Hvnk6EwYMXmXz{XhSYJ9njhgT;x> zOw5c7jEj>E5)Jr)K_@HB$oQXy)qojDfkRi8A0)s6j5s!MtjH>`@Eh&!sU&;OPE z{^yHijq4r@<^Dc;axYFWfANu)3+m@pmL17dRx<5k;;2*%6Os&Swf-1o@?yqBLHC1Y zu4Z;$SMQKEe)xf5_iA%z?LS8uu9~d0*SpaY^u;r4J9p_D?(d=MbEV}{uKm0?=jbl+ gOY-g&3k#Q*7FqV+4SHR+@cf#;md{o)aa>Ua0CKj|FaQ7m diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test12/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test12/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test13/End Certificate CP.04.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test13/End Certificate CP.04.01.crt deleted file mode 100644 index d1ddf4b4451dfe7c2ca5c1ff50bec09804fff605..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iBZacmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uC<0eY5}Kx7~%&TDC5U}#`yXapn;qQrSkkhum46ve=mG6)oR92hMpg#q#$E=4#!jZjMur~^DNE1ytXJNJ=4b-s$=Wk4CSbzq3mDy7qRt{vLsl zDL!|LPRnF2l#+YU6c*pJsp{9uBUA5WO_kut>wEd<`pcqS+l7TX%+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zUFQHj0~0+1Lvdb9O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aOOx z-(MytvilmEix3ePie@ue5+lDOl z6E{O9TKwDP%(~~<%~(aJ)+wKD?zB!!tvYJ7lC4(LGx%cT#EZ>$%=xeWo-eqlbXr}i wxpBh#2&?N2%G2%gw*Fw#di+v&F*n<#(`gllewj-gKARQK#AI(Y^;Pv*005n+a diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test13/Intermediate Certificate CP.04.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test13/Intermediate Certificate CP.04.01.crt deleted file mode 100644 index abc6fe537f3ea7d5fbeba95c2ab4ec6443b3a005..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6QiU7FB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%A8JHV;84MabnHn1zb_UGvGP2iY%6Wa~;SBu@A<@IZ^(U76oLV?_@l}bM zNm^zCER52XKjNDwzqz?cZ-tD+#NDoO45)W*`L)U0HsR01GhU*ub$OtH8oapl-4jvWa)i5zXUi|Xf^*EPbAqQGow+FFO5Is)b{^X+423_uRbHHn(%|+uklfSI zIxjGO$t0CEwKdgzDfX!)nrpVlY3cdCoY3EMk)xk=rl`MM{o5;L2Qu|cmQ0PP+pyr( dZq|*)OWu7nin_9Xb%NYI=Hi9=+oM9$q5;LP$|V2* diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test13/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test13/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test14/End Certificate CP.04.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test14/End Certificate CP.04.02.crt deleted file mode 100644 index f43e03826174bd41f8cfeb0be4ba64c4e90333c8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iBZOYmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbVklt12a@3yW)Dd%F3HSGH{>zkf`~A?J+am|E(chK~}e66I=QP z&VNaDTca-S(avAG{o9^wt*C$NJHMBNP88#cSQt<+@sS%(HP6X#q0sbNwo77%e z-Sd%&nUR5Uagad(IB;e885#exurM>RJ^)99tO5(a0j~i!8)rhB2V*KTqXDCVAkdSt zd@Nin9E-Q?dZ@SdSv5G^WtCZg0o1?|WO;1)y+vD{k-ZFzW@eyYmt6Uo{NA%TU+pQ6 z^6dA2JXYG=Q|O=5x}EKSzN15JRC?(zXUTnwK6!FHyLQ1b_u!13ih>4nTeeSM;d|*X z`$D!GY7ujOt-JQq#5a0@yR@~!%pL7>ei$gJ*Jqe&T9+^!l-kI;E7jsRPp3+7zofvT X^9uy0*VyNN?T?vx<7;(DKwbv`_Girn diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test14/Intermediate CRL CP.04.02.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test14/Intermediate CRL CP.04.02.crl deleted file mode 100644 index ae372f38b5606cc0841b4569e427cc68336bd1c9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zUFQHj0~0+1BXM3!O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aRS1 zk1fBqXsa`ti xfzQYYSjP$ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test14/Intermediate Certificate CP.04.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test14/Intermediate Certificate CP.04.02.crt deleted file mode 100644 index 6e97ee2b80bcf50b5894ba6f7d879389e9611032..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6Qi^NFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%KOd2c?Dsr2|Dv<) zj-xj=3UU-Lf4U%D;oyySt=~2_%Mb3pbUb~*nS@;j()XtAdUWM2|Fy}yNo)4*l3L5nWca!9nsDQ_i)~kTT(@6P$sTX*IrW`;(X2xpM(Rw= zj0}v6lMNCL_<=zuE6m9FpM}+c8AyRcSC$_nzygdoHgK%SDzNYy@EUNlaVE5RFs3py z8Za6Nf;956aItU%Ssq({Z_!p~a5Ts&vjF3(fn)Wo*FO(E59vn^17NH(13mA){F(Xt z%qOgy{;pEKd5Z|?J4~Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test15/End Certificate CP.04.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test15/End Certificate CP.04.03.crt deleted file mode 100644 index a2408315c5195bdd40c68bc3089f15e7cf853f68..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 654 zcmXqLV(KzzV*I>-nTe5!iBZmgmyJ`a&7D}zCjA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@6^4a7kr z%)$c6iG~Wg3eEv~1}1t2#tI4sa^k#}76yg}hK5E!(jZEl*94hskU)+bT(G!7+&~oK z2ENeZ)FMM&m>Ucl=Og=@k(GhDv6sQ1v6HE>kzt$bT~V!)6Kf7yw_BwzX+9Q{dXvj4 z{#i)h^*is`OXsG&?3TPE!dm6wX!Z2j^%)KOw%JYIV4`0hDCR8aUAJzP*1q#BZ%(=1 z>0at}tL#Vp$LvLl_07vBF)dzF931h8HTH?;qoWB?4}TRcv3rs9@8Y+u8=sdJ?Ph5- zIUw1bD5f_rpNW}~fpKw=K>#>NW%(Hy|Ff_#GqFAZM}@2c3%>!c0XG|GLYoI;Dl?-2 zqk$mMld^m)Tr3>I1svhd4Ifq+2!n)_S%8t$z%gIGMX&ekn#sss21YeA(60i@9zU$V z_bdvx4_tYIW2r(LX@RhGo@IH#sG&OLTf=GxG+qMy7!IfzTY dxn5Yihim---DRqiBia@hXRith>;VeC7F5YhSCO-AQ5I^Aq53z zM?(c&1t1-uXJDddU@XpSX=z|+U}$IrBn_g(c}*;kxC@jG6v2keim)()oG1)5NLHBz zXk!D%eEAl=-mhyWqq&>8v5{fV48Hi)afeExxi2jI5xzsqlJQG}V)eA;4h!ecF?^@{ zL+ZsuWow)HZJpOrUuCLu-&hu#ow}P#K{>PKz?1Utv!W{hINve3xuRmSk@SV#o7Y^( zJ~lD`3xiVW$0;|%TQ9LBUCwyRI9svNIeP7deTzQW%;0A1;@Ky2=1}+AxD}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPUF%&T1gYeixQj1G6^U@7P4TM1= z%)&e&MWw|h3XXZn8Tmy9a^k#}76yg}hK5E!(jZEl*94hskV20ADOl{6HjsqaFQlO0 z>}aTk>TrAhM2?6-`1MS+ofGK?V7vT zfoJA{@?>d4WxKTMFI$z9PwHJs{IdA>RM)bL$}D0By|(x|{l2{0!rCuD$>IM(rpmHU z{kcLpxh}U_v{PTG6xE$@FjbiMeD2wc$&Xy_?d!D4>Q6j*!fxfWZ2eVoEVk1f)NAK0 zRy!xL(CqyMOU;+hnV1O0$oQXy)qojDfx}pqA0)s6j6ODS+{h}h z@EhT3WR+QfvDUz`de-Zohn|P@ zBZmPn?wNs}U#G^iP~fG-K rx&QJTpK6>>yY}u3+a1*-MZ9x1ZLld~xLTveRHVyT#C==wqM9fGLlMiL diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test15/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test15/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test16/End Certificate CP.04.04.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test16/End Certificate CP.04.04.crt deleted file mode 100644 index 108a75d738119ecad9aea86ba2af7399308f72e1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 657 zcmXqLV(K+$V*Iv%nTe5!iBZ9TmyJ`a&7D}zC*A-4f18*?ZNn=n&ou%V=Z zIEcd~ED)*}tf!#ho?n()l$V>DS7OLxzy*@x7G`$IcQF(&;DhkkLsE-NGV{_6r41xO zBFw@<&W?r(K%lFj;2fZ5U;;!2a^k#}76yg}hK5E!(jZEl*94hskbvq82?H^RGx)*I zAi)*l2BHvG@P!tq78&ZoUC=lm+3Sp~49tza3bk~ON~t@$VRYF?^T#M4fv$fDTw0-|fw_g+0`;d*j*pte%(Yu=896SoT6 zznN_z__u7ybKRpa=L60-aW_deWIeE?WKD@T4^U|**Fv0 zJQ!1%84VZ>1c9EE#LrRx8$MpKSr7y33Di&}%crrs_qkN1=amAskYV#GE$|BObJj%1$ zxovbaWqA)g4ZONW?IV-l^3I==_7$~8lpL(P=C<_9u}NER2MW5rZu!q4$M<9E>#Gk! kq{MrjUH<6DT`}X>zCe&y%RnfqD*4!lZ%&(+%X{4h0M60NdjJ3c diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test16/Intermediate CRL CP.04.04.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test16/Intermediate CRL CP.04.04.crl deleted file mode 100644 index d345a338e92c591759c3b3cd8dc2029828921c75..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 337 zcmXqLV)Qj=+|I>;VeC7F5YhT;aIAQ5I^K4(Wm z1ziQ_06hZ}AQI=bv@|d@Ff=p*k_J)Yye1Y%+y%-8ieQ6fMOc_Y&JzY2BCE^-w5@^T z(V~5?xE>vxhURAG#zqE@u+YO#B2RR@*UkEL^3y8&l@ie`H$-v*Vwo5uUaO{yT>h1C zPs>j8Uc%=p)7bE`#m;MIl$jg0pRK*Y*Bi3`P6KO5iP_gf8HdE4|GKquR{f&7*>+F3 y8>a6K(&n>Sz5MKp;Mt$ktV6=S-VwRK)tKA$c}UIFt_fG${SL1+Y7Dx<=?nmc%xRzi diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test16/Intermediate Certificate CP.04.04.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test16/Intermediate Certificate CP.04.04.crt deleted file mode 100644 index 6f2a332ad9bf6ed6ce7527ce33c6150f0d300840..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 667 zcmXqLVw!Hy#Kf?GnTe5!iBaBwmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPUF%&T1gYeixQj1G6^U@7P4TM1= z%)&e&MWw|h3XXZn8Tmy9a^k#}76yg}hK5E!(jZEl*94hskU)<8DOl_mHxPx`&*$uD zsGzIh9H3`l0z?Ll^O60`$jZRn*vnwh*vZt`$nY@!nbZ&WLt1|G%2%>1V(~a9%6s8X z!<@{Ybs~G7Y1ep&EfnlmJ>Yia%p-;i-!;U*OHK+{34CKJ@Zc;dpdhN6OTcs zMc+H^IPtVAN12!z85kEQ8zdU=1063b%*gnkh1Gx=NP)vwmLDX*0*pE~aJm=W=`FgQCx4mphvB1yj(|^QgFWeG)LSnkkwuRrkN?XG?L)L0Ai#^p5 oz0I)G<hnF;dd09rTCAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test17/End Certificate CP.04.05.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test17/End Certificate CP.04.05.crt deleted file mode 100644 index b9034087266a1717666a8854ebaf80fa406e7b7e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 652 zcmXqLV(KtxV*I#(nTe5!iBZXbmyJ`a&7D}zCTA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@8)4MagA z%))%mj)uC<0eS`|dIqKn3I=lGyp|RQh6aX)MnKXaN}SgOnM}4=$>||lmDM<8@NO5iHr|644n|^K64L@P{^RC^;OtB|=d**To zty*ceQ|0B}X&*1{auC{R6c#L>)@rET47mLi^hk-$nXd^ZIPH6P;fy z+qKok_kEbO&Glocyt@3p&VS$bc%M3=ygK93-}`^3#ASL{^Gx|CvT5#)#?mi)a+#PJ z85kD_83cd>RFykqM$lcb9)aKcB#pvRl!>;VeC7F5YhT;aIAQ5I^J_QA5 zM?+ob06hZ}Jp)s5UQ0^@LjyxYBOqxICC+PNfy7;)Y@i4>SXP9E8RR@+pdqr#EI`{D zIL<9tnfXKf*h(}vGdDIeXue`PRPx2(O~smddz0?69e$HDd*z2;`O&5qQp}5g{QN4$ zTpgJ5c+2X|w^aXbTUxnVtoL~Cha*dU&+XFsv^U|S!;1EZ1y6T~sb{JP)?Yn+sW`(e znKkFg&g)wHozy3PdiKGI%SvBSqPyIRJFPp;VxfmXrRdvu(Hl>WX7gl5-$>~I05$<@ A)Bpeg diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test17/Intermediate Certificate CP.04.05.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test17/Intermediate Certificate CP.04.05.crt deleted file mode 100644 index 25e7b48e5375b4acd9111dfcede4da3b754c3778..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 667 zcmXqLVw!Hy#Kf?GnTe5!iBZvjmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPUF%&T1gYeixQj1G6^U@7P4TM1= z%)&e&MWw|h3XXZn8Tmy9a^k#}76yg}hK5E!(jZEl*94hskU)<8DOl_mHxPx`&!?c^ z>}aU#9H3`lqGw=g&^RC2&y1`L%#FPa292Fejg1Tka-y>CXw-6k-N|v^@NMf{q5F3& z>dVgrs;x<$wepS1giFV+`!oN2yjz~((+<8Wl0JP1fQ!C6nu? q9)Dr+Zegtb>|oR91r~e%M!r9L*W!<Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test18/End Certificate CP.04.06.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test18/End Certificate CP.04.06.crt deleted file mode 100644 index 2edb51394196d5d2df64dce06ad3690a512f4af8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iBZLXmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%wMWktf%1aALbh5=j-YhV#s5_1(M+wW_HPUF%&T1gYeixT!TYA{oD;j4TM1= z%)&g$iH5q)0eS`|dIn|&a^k#}76yg}hK5E!(jZEl*94hskbuknP`zNF{rP37MR~cY zc_p~*Pc1IV%u6>EHxPx`&lg&pT7=|+#`(y8W@KexZtP_+XzXNaY-CuqXASf9O>YCk za^L&!l6|9adj3g!?wayL-#;(RdKT@jHchJbsLamn!fPE9g!#`jY4&DrkWgRqD*yg& z*{!ZW>@($GuV-J|JWHzg*V9k^m3Co$8Jd?SecxErYj$9r%J=dE3&bS~l&;E0t(_QQ zcc^pf7uDkK?VWf;FRTOWc<&+uo}c3Rwf+LK zmx0mD4D{>bgYy^+GE@RN+|B*&@1C{kO$VF6QeO`vF+r}XWJdF4^QN{hQaSodbQ1R+ z3rWl4JIeTOHW#S;XQ-Tg^rDoJK|0?a3wn^D<3tqH~?tE9G=$lp{ q>^Q5iPvKU7d&A??t2BCYo<~P<&*0mC=|;rQcMbQ2H@dQ>M*{%FfXr_I diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test18/Intermediate CRL CP.04.06.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test18/Intermediate CRL CP.04.06.crl deleted file mode 100644 index 2948246d79e252f502e5ceab6c389b1c7cb9e204..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zUFQHj0~0+1GjU!^O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aOU+ z&rk9ET7Ln}#mtS33<^xv(TjF{yTh4Q`0<4nhtat@`wOqtbGqbar_H(mZL``Q5qs>uLf~@-#;Zp}vS;39WS6-M0IP##@c;k- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test18/Intermediate Certificate CP.04.06.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test18/Intermediate Certificate CP.04.06.crt deleted file mode 100644 index eac3e8693adafb17bd6285413e5545549763f053..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6Qi;LFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%dhZza!2kwm^C{<#Mb8gynBZa z+HSa7!~A}6Q(*IN4}s(j+n9O3GUcZ)`MxShyW{0~MXUc!d|N-yuHHQDmqPH@2F9o9 z(|&5M7kF|a{!Pa9YU%TvO%H&KQQQIg&7(Dv#=U411WIm%JPE*Sb!17296b31r~k-UIT76&V)7( z##ClT14aWukVZZhE*6dp-1AdBzt&#>M}w>~3oyPKI9AVk{qxZCkbdMa0LD5q(DS)J z3U^$H=(dSBoE&pXx$2tzZr!rT#U;xOeYXZBFSHSPR%&))(o-kpho!x$b9a}wd5QX} zS3H}f?!2$#%`LL59mLzZsv4WSwAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test19/End Certificate CP.05.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test19/End Certificate CP.05.01.crt deleted file mode 100644 index a9c7a1fc6a58ed944af8f396aa5fdf4db7a081a5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iBZjfmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uC<0eS|edIp9Da^k#}7C_q2&AKA~0tPISJy$lA8olK354DbDTc+13m_8Z=F5ZEbY^?3t(ZOGJbS$7o=Sp7Ch zZjM;Mcj3u`69@AJ&5eaLY`>hJ8#;}-Awx9qMbV2_J7pr|45U=61->t>W)HHwX?>&X zd7|V?70+!N-rW-l>Kb1>nEWd0@PT>#!aD1|{F>HWV{a?HMQCH>g87q5PMj<)ayq5T z#LURRxH!ll034jM{EUqMSy-5vSRa6+K~{l<-+X{p5!v}n02ti zKcL##@z2D!n?6+Pu3Fc3>{NODkza8JbCl1i5-H{pnRJbSa6j79z|yLI2*|MFU3U&6!bxNnbdw3p%W?MhpJ Ux+Kl)6Z-GGcutaau^vYZ0C0cIB>(^b diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test19/Intermediate Certificate CP.05.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test19/Intermediate Certificate CP.05.01.crt deleted file mode 100644 index eff60dd15751da6eebfa8e557ee621f29a92b7b6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6QimDFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%A8JHV;84MabnHn1z*0i;AZdY7$^r7sn?y0^(D}Pikd26Ux}Oxk+(6@T!%L>i|BuyQ-t(kl z|NPvni-vUz!?yNczw@p@L8s?Ywb=BvKO;Q1%`?q3kSTvF>G^2R;&&#=W^3Q7tZ`qr zmWi2>fpKxNL81XaFz95385#exuo^G}DRAh@@`D6efDy+Ajulx27JdU>18z3Xgft7pCbdFXjaKXMoVW1Si3`3RwV zYH?aqm`@!`@OjEsrrIsd8GDuW85_eAy9fL3wd!pTWoA0iagd|wmP`_Bjn=#ZM#L?7U diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test19/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test19/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test2/End Certificate CP.01.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test2/End Certificate CP.01.02.crt deleted file mode 100644 index f97da05098103782d905acc23299f725645a65c2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iILfWmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uC<0eS|8dIm-Ya^k#}76yg}hK5E!(jZEl*94hskU)<8E?DdrHxPx`&lg&p zT7=|+#`(y8W@KexZtP_+XzXNaY-HHOxpvC0oT(S)&bf2%luY{1-VJUG9*EpMm0z2p z{O!)iH9qQBZ`=J_-f*v_F?;^!`t0!1d4E>9tqPF%YV+!5DQ5=j){=c^)OC5~zS{4b z-Ft6S<-h#n;(mV>JY32z_!--X7X<5h9s2P#^*P%u-GkyTPr}zkAKZ81%c3=s5A-E1 zchoa6GcqtP4l)P;2d6AQBjbM-7G@^a2jFOsRbb&a;5Fc8<4kDtU`%CZG+;Ck1bR}I zkA;hcqkiV3zQ>81e}KbXR+$ADK@A+w`W$Ba`%Za=>}6myGXwpqy+_tq>8axU3!7Ga z|HFGM>#pn*;fY&9ZpypHP7U>oxa-L|CwrcGhlqTc$(<`M&zBuzC_GobF5=44q;O3? z-+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zUFQHj14BInBXM3!O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aSTy zIn4I=o$?IL#mtS34Ab+bH3zO*T~d3u_;Hf}V_3U;PyaIM@izkO=CiozZ{ zovmMTZkFub@gS>_FWTZkgQAw1Ud-KPULCQkS-JDocVsar)W!aelPK6Aa5$)&I)?JwqiEl!|MxA_e%ABEAsFwkqR$={IDT=g`YM6Jdb8Z diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test2/Intermediate Certificate CP.01.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test2/Intermediate Certificate CP.01.02.crt deleted file mode 100644 index 0aba75048feb53b03423a62b6346b10f9fcba912..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d5E<~YacZ@Bw0-AgWMpM!Fo-kcHsEAq4rO5zW(o~9lrRtj zakzx}L-m676x{R6Qj79(Q}ap;c?`HfGTg$!1F3(azl!uc6wy{pp!o^_P!xY9+s1 z+kauj`(5X4eupyeY}WMS>umY`C`n9yZo7k6_Kz=V77-=sSGF#+^3E6b<}kOiO5tMb zTU0I5vHi!ntc$L*Ehne%=URQ+eD1GvA^he|oc+AUPj=+F9X#XT5Vd8mWP`dxizgE^ zBLm~&WP?Nleqhka3NtePXJIv922$YAmE{KsumB^D4IC@73M~8vyawECoC$3njH%3w z28;%RAdP%1Tr3>V`W$Ba`%ZZVjs{s}7GQieaIBv7`sbnNA^pf<0E~5Jpy%)C-Kd^_ zxjK$pnaf^h?fiMOq;na}%Y>Id_0UQ`>6OcWJUrmf->0@EYu7(x-Ep`2=;|ItZPzXx z>4Tytytd5`zRLQYqjwtDa!+@yrP)iKI33yk(zg0PkJ)^it)J)KX#H@*?1bFY(mjcj eAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test20/End Certificate CP.06.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test20/End Certificate CP.06.01.crt deleted file mode 100644 index b26e77c19938e3b27650119bcbae36e06db95506..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iBZFVmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uC<0eS{zdIp9Da^k#}7C_q2&AKA~0tPISJy$lA8olK353@@su`tZ2EuHOEEQF-Nx+Z)!*mAUY`_2b*Wv8$y{ zn!TRnb~4mUY}$N|HaT;<=U*Q^#qwN$_F>%}tEOI- zIJtC*W8-Oy-F>d-KJ(QbT2cP{i0fJwdWMEtzWDo!jPFa3N#{VoV%uK8gz|kP9z`}39YrxIMnb79Jn99s(z-S-{^rS2w z3l|GVw!#*hueRs4!Qn2e%mR#{1`dt}wdr>IIL{(`85qsXK)>4C-46QJ6294}PkfKg ze9oKy3t$cm4sb)%1Tkm^DC*6;NQPTrk^Y_kqJmG?ryXcus zCl4QIwl7<}HEqt5vf7f%Cnx52wZ|^~#+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zUFQHj12a7XLvdb9O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aOx_ z)TZ0*<2;MzV&=w1hCHXZ-tVUCt)22N>^d^7ymKNm&(Uq%g85coHnb%ywp$u;FY1uZ zl?i8WJX`rHX@TaucbyOHA0A-d;q!LqKCk9#ZPQabzgTl8_b%YkU+^tqUdP<#EujKB xA?ymj7-nyItX_6N>4w{c`QF*iTZ#E{2;3narW%A8JHV;84MabnHn1zPCPhzlii=O*74)w|36&c9XReaZ9;|7tFnK8%etKt z3v744%%8cWWk(k8grNAM3HokI>ZfY1-JH8ug#FL9qi5^CTPz3;{94(SX7qi(!;Op5 zkGfr#FJ$&QDcN>A;_ls!vrbG4RHwuV&z_gbuAXtE_-u3&V~X~qN9!Z^Z&|fX;qg&b zCT2zk#>L47i3a?@ppzA5Wc<&ap7r|Yq30p}$YB7Cb!MRFFU~$8 zovuE)cIB%#SD9XiYNX!_uN1A@SMHXyW{z4 gwBN>LDo%0P-|*_`QM+Oh*1L6+pD)h4yvObq0Kv=E(*OVf diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test20/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test20/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test21/End Certificate CP.06.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test21/End Certificate CP.06.02.crt deleted file mode 100644 index 798e5cf17a5409a01bb1e1090934159ec7a0db27..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iBZddmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uC<0eS{zdIm-Ya^k#}76yg}hK5E!(jZEl*94hskU)<8E?DdrHxPx`&lg&p zT7=|+#`(y8W@KexZtP_+XzXNaY-Cu+{H31r=p${h$IFhp3r%R__4cYRFln56-15z} z?Y|?fr%d=g!#~n~{g1cZ%pq%MAABd}vtV-EkU;=AIA!@68UM4eFf*|}07rwY0t>$ZuK_n3XF{6?V=6PF0i%H+(37%! zELG7B(*8aOg)!YnVo(cOydWneTj1O2-A$LtwBxmDUly)$#p z8O-^2?vwFfojLpdEba2KoO}MJ@u`U&WqxvY?EIW7YfFBd|9l`I`H76RQqCbo@k@6S z^R&`Mixm$(c;;<*L~?6s!-wRV-`n(~)&;XPr-og5=yZFHlWnDj)Ha{VzM?+OOT_a} V^;$9&>bUl@=d|d(oZ;)-3jkZL%nJYj diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test21/Intermediate CRL CP.06.02.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test21/Intermediate CRL CP.06.02.crl deleted file mode 100644 index ea3cbb9d8f4ffa3fedcedc0bce4f085729c85d6f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 371 zcmXqLV$3&ayvfAKXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zUFQHj12a7XBXM3!O9Mj#Lqj7VX%HpOYhr=KHBd58U}DrlQe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGWYmONUVNjw70p-7jg1TmX$@ziM9M;D-h0^9DSTgs z(PP1q-`|A&_FdkXkzkV1zU0fBm3$jsC2-Vl&Uh265vT8!{qKL6OXK@3+SRA79zGhg z{K1{%rN4i(Iq(>%%ar<*TGWOLg<(H2o;GtTa-G*cmVjYYR3Qo diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test21/Intermediate Certificate CP.06.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test21/Intermediate Certificate CP.06.02.crt deleted file mode 100644 index 9082c4d77e3966e98440cc65357791394d717e71..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6Qia9FB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%=2m^(uzWO{#5uHc^-)yj0N#w-7d(3DpPXE3}jD%||pwB+wuPM&R3 z?zJq~7$}zFD^x8I8ntQ8^oZXF?h5V}mSdXxX# zGBGnUFfL9uNHpLF2A!-hBjbM-Rs&`r1rA+VevkkQFyh$2u_CL$!f(K9z|F>)(B{FI z%FJlMXdnpE$j8FP!jVxEW_j_A?pAO#$SSh{p0qb_5B#qM8Q1b*d;9BouRXFJK{ z9p}>p5f%D1Q-fSNN`E`}8-={$XJxNk!@qjH9XtOO4f`FcN3FVpm)!Xp82d}Db=hjs gtr}(dg5TJ#GTvZGsNC{o>f+R=!MAt&Zz@g#0A63uxBvhE diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test21/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test21/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test22/End Certificate IC.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test22/End Certificate IC.01.01.crt deleted file mode 100644 index d130c75063caab35448dbd74708d6611615de721..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iBZRZmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uCP&UyxhKx7~%&TDA_qzw&?fTTf`IIjsZ*C2r$`(3cuFK!?Tv7axrIJF4L z1&#BO{mjV9z}(o&V9?mf)Y!=I>&ew$I&5zhtCF}H4GvYtUtAD&dsD7ieAE53&g+^F zCrY-3pYP6$VmrIcsBv}p{+pZot{5!;($8_r<9+JoC7C-d47RUxv9jN^(s%Cd9ZdTw zFK0O{ZZHdX;dXCgmSM`^o0IDi^-5s#qHcwaU*3mazq6rwRt!tj#}L=%m6itsADm=j zW@KPo9Appx4o+EqM#ldvEX+)-55UnNtH8ot8ay$p<%+YhM+8aW5;*sohgg@>&EU6HjUvv0vahrs*cN{jdJ(%;_@HgCtH z6F*p9L+m%}{7QcyHk+?XwSo)5XL3P#Y{>p`?dgQYse;=RY__mO5 T#k)1NIo>4}r^EVm=AQ=u!4=Xk diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test22/Intermediate CRL IC.01.01.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test22/Intermediate CRL IC.01.01.crl deleted file mode 100644 index 07e18398d45ed79ccd41ec09502d75ed3123fb63..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zT~B8{14AGZ=e4vnFf=eUGy;+aQR2KN7D(I$$_9#HV`W8Hm_d#M86m680<^1v<4cj7 z%GBSjuhCr0+}Owv-f%{IhRBCwRl+})_pna-c}Y;y!81H?ruqxNQ^%uctWD(iT>RvF zD}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPUF%&T1gYeixQj1G6^U@7P4TM1= z%)&e&MWw|h3XXZn8Tmy9a^k#}76yg}hK5E!(jZEl*94hMp8Y9!?RR!G)b(`MGcW`q zgU0#DK4xTPU~cSXFlg*#YHVaUZ1vXjZ;)}0oM@qL^TEIKHxw^ZvVD|w+2-`x&^KCV zU38oxjY_S~%l%6Xv(o=;{#L3^=fFjulf348^xyAy3;y+?G2zMVZC0YM9CVN8x}`bq zzW0qqHq!jv`YIOHxczahE)Ns8D4sifZQenFYu|NU{(U$U>$yvK4~GJCz#@yj&8|$$ zj0}v6gA4+|fho(+$oQXy1sG3k;7E{FVBt65HQ;9BOlb39Ol4*?U^EZ}2C*z33l|H= zmm)WnslQuagF{_bnFSa<4IHayz5aRVc}PF9mw}PY4D{>FH1&&O-(FlMqYI5~u%=OlIpL&zD&t?YaVup;#+3)|v&o0=u*rIkO&rDyw$xFmm>V&d? zAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test23/End Certificate IC.02.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test23/End Certificate IC.02.01.crt deleted file mode 100644 index 787941b16500fbce62b8a7781dff64d73d5d6813..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iBZphmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uCP&Uyw$dIp9Da^k#}7C_q2&AKA~0tPISJy$lA8olK354A(A)J}|UWJ78VZwpu3QZd6x{)!!|Pe1B= zYAH!8ZR2|_6qcvCuYBgW<TP#M+b-^yfBF@}HhW$=!WBTu|5DtgRBAzzX7iSHydX{n+IbmGot~cfgsS6vV1ID zEFAYZ8O{1HDJp}*T~?U|7(opjt@duc%i8%;FuYs%k!>;10YALaSzK-erMdCq%Vtv!#1 UUpC6P5wW~Er|@|9v2BS)0N0byn*aa+ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test23/Intermediate CRL IC.02.01.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test23/Intermediate CRL IC.02.01.crl deleted file mode 100644 index 2841be769083c8a3bf1e8bab2fad0dff1b84cd19..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zT~B8{10y{HLvdb9O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aP_* z-Fla`_pe8DF>_-hgW8Gv3w4iPS*%$Y;Kvq8T@b;;|PCg{KIZyP5x~5-wC( z6m}_a?z@FAL#irRvY&W<>tkHJn%i;bcaFn?{Y~91LXQ{EI3vy;b1?i#VcC&W`%X`p w?^HAO#SxLvNJCYL2OEuECo_LjU8cse{+#v^slR~xW=eYJ=S0Ae#_#E{2;3narW%A8JHV;84MabnHn1z?#-AXIp@uFYi75V0_Jh+ql`9)Ir?dcy$BN6&64=( zro`LlTO>~EEm;0*x4D=}t@%Bf-D@wGJ#J`P8NOpq!+7B zy*w{=qsy5wDQ5lobZMQYm{XjUi~F|OtKGP9GcU3!?YG19sXUf%tnVaRr%ylf%i7^K z6Ehx?#{!HsHgJ^4DzNYy@EUNlaVE5RFs3py z8Za6Nf^_k*aItW-+Pn2GYwuqVjssa`7GPvGaIBv7`sbnNA^pe!0E}{GpwFX(I)h%E z&YF{X{=*CYKNcT~jVJ7z;-C{?^FaA9#BVY z%BwbU7jm=QT>I59M>(ry$(E@z7IU27HE&AX{`f$8?%Ffn2JZ?sbR0IDA8}73{(Ign eWAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test24/End Certificate IC.02.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test24/End Certificate IC.02.02.crt deleted file mode 100644 index 0d145b2fac60ad34b45c3723c7521875db028f86..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iP6A-myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uCP&Uyw$Kx7~%&TDC5U}#`yXapn;qQrSkkhum4>DlC6>(uY7Y+_vS(0SH<-6G+GYL9sC zF)fIF8k2IS^;!Dt+4GO3zT~kod-LJ{=bY`?)80CNQ432sdd{?CZCUiB=FAlaY4;B5 z_A)UuGB7RaJb7Vvj8KgfkRtPBHwzO?J{I91EZN4=+{GDuKkPF|9H-|*4wYC z@UP=_#|s``7Wy?l|L5K&{(YJPzt+uEp2~+ocFR}(s9^Y<^-pVt$V)Cmk&v{u#jo6! zs9for#(hyqMSe$+!v2C)x-%cHKNle?d8(;1FU2==b;1X V&bium$FXl_l>x!iSI5tv004G=&}skx diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test24/Intermediate CRL IC.02.02.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test24/Intermediate CRL IC.02.02.crl deleted file mode 100644 index f608de6bb01cc4e935f44acb2c6f7c7d7f6ac3c9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zT~B8{10x_3=e4vnFf=eUGy;+aQR2KN7D(I$$_9#HV`W8Hm_d#M86m680<^1vLt9QF z-+G(vGBg)6H#Ra@{+@nN`o|`>^C@iS4H?_nuSbz})mX=4D>9zc+0b`{XXQ z{Oxz<6P2r)Cw^x<7h)C6?%wEA?eOwv_l`Jz!{(Zcd;Gr}|4Tk8#4VArdr?G1mnWZr u{gi3jH*NZ+A6VNH@;Ax&R>Q=K8sU@wbtkDZ2$xA@vI-pWQQ_#E{2;3narW%bGv5)Kl$ne)+R=e@?Cw^4S-+ zqwr{+vf;)vFYhHC-k;jK>F&g}Q?z(erlfnHeS6qrN$~9p!3+g&3}tF1y)`=}UY~k- zdva;`B$vKQ_rp)}cW!r^)Oqc!v#01bQwiQ3>Xk2Uq`7x&eh`&7`C%u7bhDe8t?;yPF9$a@jnZz0W**ShpsF?NPq*!z$}GV6YT#Hs>-En=&qMl=!vGlT%s|gCx;W1y z=Gmm%caBY%STwuArBeS|=sw*S`Z)&a9>0&x+gry~pPhQTd)Mqe)pAqSH%;5d+PK}^ zuPS`C^_sP{DOT?uXZpOJb5Y^$Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test25/End Certificate IC.02.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test25/End Certificate IC.02.03.crt deleted file mode 100644 index d1267018896f12d441990afce3693b7a9e584b11..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iP6Y_myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uCP&Uyw$dIrV@a^k#}76yg}hK5E!(jZEl*94hskU)<8E?DdrHxPx`&lg&p zT7=|+#`(y8W@KexZtP_+XzXNaY-HFtd-0u?U1qf|p>|<8(a)b0UJdt<{(I#AjPUS3 z9v0C%X1L#I&vtD2yGr5UH_crauicpT>>l%8gGS?GFRfM8&$*Izy*qMm-J)4{Gj%sk zyIvfs|K7B*b^095&vJ7jdXAh}wP1-&gPcYFB$l~84KC68j~%B!;JTZ*!}p2Je!kZ? z6jw7bGcqtP4l)P;2d6AQBjbM-7G@^a2jFOsRbb&a;5Fc8<4kDtU`%CZG+;Ck1bR}I zkA;hc!~5fHh5jYoKf&QHtIPt7pau@R0}0Q~J z$x~mN_$;(vky})8ga6u#%{|ITetHJ$#408*MQu7P{G_r|pfBk}{Tu^Mp$k(A1B7;Y zpMM#2G9%*CQRi7)^Ex?0>$Xc;i^&T8_4=N!v!-sI_q5=z%Yqy3+<$VVGHIGs$+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zT~B8{10y{HV{u+fO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aV6@ zBz(Kfz$Sp^V&=w1hR`QUTWwuk-8!dX{rzCbi8tv+Ypg_lO^#uk!u-G&{~;xSwn9dyZKj wc$3}KeNy%;Jv3K4Jkw-BdSWx5^d;XPbzcA5g=T;4;aH@nd0UAwF(T_B0DOyQ8UO$Q diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test25/Intermediate Certificate IC.02.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test25/Intermediate Certificate IC.02.03.crt deleted file mode 100644 index 5d06aac4a7fc4e9ad8ddb787e616c3dfdfe94896..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 659 zcmXqLV(K?&V*IgynTe5!iP6x2myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPUF%&T1gYeixQj1G6^U@7P4TM1= z%)&e&MWw|h3XXZn8Tmy9a^k#}76yg}hK5E!(jZEl*94hMp8Y9!?RR!G)b(`MGceLK zFg9qMkL+VcRtDzAUIv54PNv32hTS^RbtjT^9ik=){Md4*p=14=xlx7w4rQ?dhx2Y- z3AtO*xAfbx>zpOW82BY51+@3=vHUT2$^S>!BqS{TA8mM0S+2mn@$?Djt0$#{r#Til z>M^b3+${9;cXNwy)PohRJCdc<>#y`hPuyUim080UxcbiHy3T`J-1p|QE=p@mY%^_T zVrFDuTpVi<4UPd>VHPF>25`8_@-s62XJG+G85=l0WEEKW4R{T>**Fv0JQ!1%84VZ> z1c9L~%g4gS!eMtH;oD^fHUV%1$SSh{W2%8;^{m%F4?Pd*NA^81zL|mEHk~eY(&YM& zz=c~yIe%8qVBT@@dPArFs>w3H?|PhIH|I~2EV6%hc&Bpr*S%}{INAihMK|u-a%0Nj zXFFf~`MJaAW6OmIdAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test26/End Certificate IC.02.04.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test26/End Certificate IC.02.04.crt deleted file mode 100644 index 5abc96600e158d82f2c04db6fd349c21b3abde60..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iP6M>myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uCP&Uyw$dIly2a^k#}76yg}hK5E!(jZEl*94hskU)<8E?DdrHxPx`&lg&p zT7=|+#`(y8W@KexZtP_+XzXNaY-BjPpYV){)3qn*v-3y0KS495 z@9{jimHB1$Qw80IjnkL~vW|S&tp7TWMO0^A`nR~_Hvg8e%f9~o=-Jv!F2P?Ph(bT*EL$_mWFnocXn<9j2)zOZ(@` ztzXH+%*epFILIIX9GtTJjEw(TSeThuAAqAlR)K}zfY*SVjWeOmgE5tv(SXrF5a>x+ zJ{B$(4&}AJbG;wzGXsaatTGEQf*Lq_Eca+nlaXAB>}6myGXwqF&%ym_vHHBF`evtc zc$aC~@?7Rx`efCK$hI>(rGK8DymqVnH))g1^z>zGWHOTz!+6eF&Y7=Ub$aF7uKxix zayJ%jFuc8W^1CVgVqtq;A#S^AUX$B&@Y|{Cad?=6+)qrr%M_F^*n)FL7Ub Yb+7k(WgExz#4Ujb4p~piukNS-0Iz$~LjV8( diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test26/Intermediate CRL IC.02.04.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test26/Intermediate CRL IC.02.04.crl deleted file mode 100644 index 9f2f1b0a8871077f1214bd06608191b88cd9d444..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zT~B8{10y{H6LDTkO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aR3^ z_h?U(kz9%9V&=w1hVW_E-)0McIy#TpW5V0`f2oW@{MMgj_-=MtZ|RiQ_u2Q#GO*q( zF8{Z&^Uultt(TlNob8=GT{3uPS36qYxvXX!H8DOsikZ>wm*Kk!@xg|VQ{T^JS6#B} w^~PVlC+@jzyrN?8+G&wj{!l08yWCM{Y90Ly}9QUCw| diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test26/Intermediate Certificate IC.02.04.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test26/Intermediate Certificate IC.02.04.crt deleted file mode 100644 index e9c273a05285fddce0b3e1e19f192cb15cd7d88d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 662 zcmXqLVwz;o#Q1vwGZP~d6Qi*KFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%XhzVdrodz?8TU+%eJkbwf?G?QTp~t z^O*}b+zwn?FzrW}pL5sI{T{dd4Qdj%&E;rV`{u-<*Qt!^zc*%?zHq*^EO9PJ{OaZ5 znLW%0gPyWUAkKgX7<972EUX61jEw)mK`YA-WU;USV~q_QC9(=E{06)R+-#f)Z61uN z%!~$%27(}6d@Nin96gqMw5Q2Pt^~({tTGEQvKly6&wBmy(DRUfAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test27/End Certificate IC.04.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test27/End Certificate IC.04.01.crt deleted file mode 100644 index 2147dbd3a69da6b32dabdb27daf0ac6cd6b82e50..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iP6k}myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uCP&UywWdIp9Da^k#}7C_q2&AKA~0tPISJy$lA8olK353}@#`dEL@T_vl_IeuR71-S>`_xS#rcb(pK_;o ze>Rc(ddnx!M&a88L*JVpzh&vGbyoej-(z?1(X)>sypN3B7I(fmB(mlkse?Cx#l&#&xL9)`p0!`{xUDFXKTuy>Fd4Hud8hmX<7Qo+ghOe;jD8{9{!WQ z*3T-e^mE-Z{g#gCxpPj1bM3Op+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zT~B8{0~0+1Lvdb9O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aQ%J z&wO8{zH>I3imo$!iZlKthJy#}9Uj8Q}DL`j~KL+RIb%toD_6%c}(g2 w2B8$qY`6T2Z#}J+WZN~!`>kVN^ZepIfr7SA6U?q0Irb{-k3(L$D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPUF%&T1gYeixQj1G6^U@7P4TM1= z%)&e&MWw|h3XXZn8Tmy9a^k#}76yg}hK5E!(jZEl*94hMp8Y9!?RR!G)b(`MGceHu z+SoWB*~g5m49tza31c@M%hN^JR`|^B<1qS<}C5iRix$lyW zOw5c7jEiFpq78U}K_@HB!fL?G$oSuY8^q&hVF5-N8#q2>6_SUv0Y&qL2c`jLGPjBjS3w_BH7D$a?j zz5L(tc+c!>od33YK4W>nDt~EO(u9L|8;b&O<>a?6HcxnXeJP)HV6387ay4s&V5DsL z%5`$W--{Q&Xmxm6$E@^Jj%`-Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test28/End Certificate IC.05.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test28/End Certificate IC.05.01.crt deleted file mode 100644 index c72c97b81b6a0e66aee0ab7654ed7743370011a7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iP6GD}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uCP&Uyx>dIp9Da^k#}7C_q2&AKA~0tPISJy$lA8olK353_D|juFLHf_&o2E`O;wP#OwYA!mG`Go!d6M+j6b9 zp1pU)#b3Vc%P+KK7(`@$3!&-R`-HSFI?|fP| zL${G9(!+GJf0pQ@2{06)R+-#f)Z61uN%!~$%27*9O%JQ*r zv2b)&XuF8U@cspdyR0$`FoGI5)DwOErl;o0O@gN{t?=9R+SaS>b5qHVIjdQtUR_aQ*f(p^?nz-X*zg#WOV%jT9qdFV8O&#wnf6qVk^6TbUj_TJYWfLYH V=y3mHbF6!g?fN|%RIYm20RXKI&5Zy6 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test28/Intermediate CRL IC.05.01.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test28/Intermediate CRL IC.05.01.crl deleted file mode 100644 index 35e87eb0bff68fc38e506d70cb68d71861f640c3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zT~B8{15-T%Lvdb9O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aUJw zj&7F{m|KbFV&=w12JLNX$(J9;PgoiHM(&2czq!Qsl5H&0IHH`@RwlLPnyr1zx9CjN zsn{9izNOD5EUZ?ZsuXu|&YmM>`O7pnbpAY=J|pX~LeZIu&nBm0m~&dU@%C)_+9ss7 wk1cIx;*9O_o`FA}EYzCpEqacrHrPHhaaVLg-js?Hj24lt7Uny}m+)Hy0HD2N-T(jq diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test28/Intermediate Certificate IC.05.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test28/Intermediate Certificate IC.05.01.crt deleted file mode 100644 index fee01f21e73415a4f10c1381d3206359ff1f0863..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6Qj8SFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%A8JHV;84MabnHn1z&fHzPtg-go8MememFZDduFkjTR~j$Mu3xI?wftvS z{F8_OH(&R5TVa~6dG&6S$Z4}qoBubaI;yRch*PUQ*w4E&r@TY+hTQwAc){I`OfRGZ zj_iJ7uEQF4v--lnjWITdKfU!Y^Dp{r9%j9x{JH6auKG_Cwm!2=aQIOW$}<15?A4o0 z%!~|-i<1o!4fugUCo9az_@9NB|H-@NbCg{3`)Q7GD^GSG(kq{- zG*_ktw*w;|#}stE1+7J~ID#w>7`!kOqUs*=48v epHJ;cYwJwNFa%8F985bFxEK$ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test28/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test28/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test29/End Certificate IC.05.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test29/End Certificate IC.05.02.crt deleted file mode 100644 index e4e2dd07218757e58ad452c22252b6573477af38..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iP6e{myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uCP&Uyx>dIm-Ya^k#}76yg}hK5E!(jZEl*94hskU)<8E?DdrHxPx`&lg&p zT7=|+#`(y8W@KexZtP_+XzXNaY-Bk6CPMu3hpJf}J6{AS9}ufp_1t$w$v(ZXHRr4) z4XeK8_Q{>ihz#s|rtH^#car@HCJyUqo{WOIw|15`2PM|*5d6Ph?)C+acQ<~YX(|#8W1h1m XT$-6}UbmJ+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zT~B8{15-T%BXM3!O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aTfE z`{TO$U1UC*iLm}ZnI|nz+KY%*W{A>obM&iS^wR? za%o1$yttFE6#pje*!mo){^xJ#a~cIsH??}DIrYrxoD#E{2;3narW%4Pgx$|)F}xB{>e{_x;gb3n z?~J>A7Fzneom0staj;Upp(}Fvhl5e~#cs`er=@x4UV~pF$C8_#x-r{}Y%7>QF?fav zd0dQ>y}aW=d#P!Lf5)2grHd~|o%9jBG$H&#YV5uTyH5oy`!zZH@1K?{wtH_Z{of*) z%f!scz_>WUAkKgv7<972jEw(TSPhtglmRzLfS-j06l>rpkyT*fH{b<|b0)NTFs3py z8Za6Nf)w$waItWF`S-_l^}EP?a2&`gvj8Kjfn)Wo*FO(E59vn^0AQ3e1ATt!0L#pT z2+uWFvi?on_Skjn4BmAiX5BNk-alIGQpNhuYd^R6#D77&PAfQD)KY^gbEbOtd|qK= z$+*=0$fS$eN*9hhIcWQHEHG=;PW6}fF?v&`IDu`k;-?q?D+Bzq6fPdAZ3{^<-n&k| ds@}Lree$MTPO+-#iK5j(?FB)WZzcJk0RX=^(b)h1 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test29/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test29/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test3/End Certificate CP.01.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test3/End Certificate CP.01.03.crt deleted file mode 100644 index 9b0463a671c7af3c992a4785cdf9824d56dfef23..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iILTSmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uC<0eS|8dIrV@a^k#}76yg}hK5E!(jZEl*94hskU)<8E?DdrHxPx`&lg&p zT7=|+#`(y8W@KexZtP_+XzXNaY-G5=eC>kK?VWf;FRTOWc<&6>s%j7C=Vrt#DNz=HWDVA z6t*a+gfuexCFM_B(JxcKHhdQ6p0@QrBL6IMe7Wn3ok7a&Gb7hb*WwE>K*aT Xe;+=Xy7=kf+ho diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test3/Intermediate CRL CP.01.03.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test3/Intermediate CRL CP.01.03.crl deleted file mode 100644 index 528f3237cc0c9b350dd3b517a3300268ba81a8af..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zUFQHj14BInV{u+fO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aU4T zi?y6`yD=Nh#mtS342zZbA3f!H;o0LyTdubh#=b2!-V|N^t>TFgd%?WUzpTp`?~5#( z;CjfI>CCQOk3*Ygu`ij%q`0`(@L*ukYl2 xq^GygYDv^&srTy^NUD^dog~NG)-oe9wBW6Jsf_jClMdhBOg(G1`QjrN2>_BOYO4SM diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test3/Intermediate Certificate CP.01.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test3/Intermediate Certificate CP.01.03.crt deleted file mode 100644 index c8cfc05505090a639b40ef1f93e5c5f970657cab..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6C;ZOFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%x9+`aL7rp<(P zn<`dq&)>bXX5ZTU?Oj44#+&Uqt9yQ|QFx*ps~`UKOXxh0ClT?oR zPbOwY2FAt728jmzz@U>AW@P-&!fL<_q`;vo%MTJ@0Y)4fI96m8SojTi4Y=7j6WTl& zQ<)hJ7!3qL8u?hbSUAr6i?y6`yD=La4YJBC!1!w5SUv0Y&qL2c`jNu`80*YH&pW?Z zH6{A?9`nW4KliyPKD_BYCF`y04hFwG=X1ML-hWrQw%24DugrpyM;F|byEj>Amlog6 zv0fXJ@pOumu=#P>^Ci=Iw4!Fsu=J5w!n7yN#EplS`}C{Yr4!xdwh9F{@?B2YeYF4n hq?3oH*PL?-EHL8yF7lU$xk)0j@q8`QgPU8X0|1%4)LH-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test3/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test3/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test30/End Certificate IC.05.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test30/End Certificate IC.05.03.crt deleted file mode 100644 index abdc0381f931d29ae44b26db4075550fdf14c369..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iP6S@myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uCP&Uyx>dIrV@a^k#}76yg}hK5E!(jZEl*94hskU)<8E?DdrHxPx`&lg&p zT7=|+#`(y8W@KexZtP_+XzXNaY-BiQSgMxwZi!>b=glwbmtIJ0*sj?SX{}g0&1vVx zQ&Tx^hpn$!_1w?(hm++DzSCzP|I0GdV4uS#6LmyBf_a8Q#07$$mA*|bg89$+o~QPMo6CN`??r91PN+^0wP1Tw9yGyT-fwtb=f{tcUdKg->_ z;2{$;BLm~&AcFvKaLV#CGX7^_VP;}|0FDM(1r~k-UIT76&V)7(##ClT14aWupeJSd zSh!d?8m*gjzg*3J0uFasWfourHE?|QGhL*kFLwgj%fM)62Kv=ex@iqh?Ro3H&djU6 zv-fu0_cvp7XPad%C7)~?#-?UG;pmf9tGahyu1Wfw_&vIo)&K7i59Qqo5%J6RzjK`G zGSfwUkG1H*P3r}01H^AF@tfD7=le&|$g}a=zl~SA@9q|+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zT~B8{15-T%V{u+fO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aTfD znJ&`Nmpg&xV&=w129=VRlb-}`u$2w^SF0X4!7$^3pK0;^tG5=_lx_0;6H%@$BT)Te zuh>gX<$ZT;Zv2sKu3eMAF@Wvb3r61a3ai463ezW9J~_ECscq+((r;TbH}r4iaGhSW wI{S^?)wL7(Oc+xh&s|-UDthSAx0ja_yVR<;Px@XX)6#u5A}ZlPoWs*H08hkesQ>@~ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test30/Intermediate Certificate IC.05.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test30/Intermediate Certificate IC.05.03.crt deleted file mode 100644 index 26fd2cb6a50c41233312a360ec7fafc5e2b45fda..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 662 zcmXqLVwz;o#Q1vwGZP~d6Qi{OFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%FcZ^boAv;fa5?`nFSbG4IHayz5aRVc}PEU005($8R+w5#u*28 zGyL<3NXfrw{8E2G{j$JkuUW$a*(F}=?Up!m=Q)4g{7okgivE~9i|0ei^kZ+11#V)v zDU_HRDB+AqgDULcjZ^@2jzIeuq7hs~2MSt4X&p1yihr2Ja{ eu1MDA4x6U1U=jOg$9=s2NN#Ppa=+`WX(9mh+R<|W diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test30/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test30/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test31/End Certificate IC.06.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test31/End Certificate IC.06.01.crt deleted file mode 100644 index cd766ef7f3c448f612b70a16f7c8ec15ff723a8f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iP6r0myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uCP&UyxBdIp9Da^k#}7C_q2&AKA~0tPISJy$lA8olK353~xiNVs{#ve|dfAT(ji_tDJ=&j=q~Cb>Y#yDM=5N z<#+#E%u=graDC~Y)3(RtC(1XBTu|5DtgRBAzzX7iSHydX{n+IbmGot~cfgsS6vV1ID zEF2;eY-7@E1E+$+T~?U|7(opjR|IPN7ZuIdL-sN-nwf!qT`Iz4X=++{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zT~B8{12a7XLvdb9O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aS>9 z)b=kbny-iEV&=w1h9hROo!#``ywNoFj;!0F zS-+oJzI&wn_2OOrrK*olsy6k=vfIo%ST6HKTV!>?x%|TYk9BX_+AS9GuGMILlXE=A w>xb{3B}TEjbt*Y?kGxJ$I9a(jlGFLSH1p&wXX3dx%G$}t`+bqww=^ON07b55DgXcg diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test31/Intermediate Certificate IC.06.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test31/Intermediate Certificate IC.06.01.crt deleted file mode 100644 index 396947b15d9e01bbc91eb3e24f8e0049804a9635..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6QivGFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%A8JHV;84MabnHn1zp6$By*S7zlZuNBohYPx#*Mzq_S)Dp<_9Gk*AfuobE{32wJEbCo!GEP$Lmfil=Ftfg`I~Ocf@HTiZTXgAI+x1(8 z_nW3J7MJHNhLaSH7}a3n;qf)DO&FHi>Ia*vxQf@*mttRhhd*d$D>O-)-zQY zGchwVFfL9uNHpLF2A!-hBjbM-Rs&`r1rA+VevkkQGZPaFI96m8SojTi4Y=7j6WTl& zQ<)hJ7!3qL8u?hbSU9c-)b=kbny&|r23chmV0<-jte*Ay=b`5z{m5YejCE$9=d(s99&)<8)^}(}g=_f81n1?5&esb-QdTpDia3^es$)N`s zM$^)csaPI3y!eov<9^qT{@%+3HakbpR`A}qdr^P<)o)*0L)SIid%N@8S hb|!Bqem1#M_rv}kw{M*lPfG3u&OV^!e>Uet7XXd$+dcpQ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test31/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test31/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test32/End Certificate IC.06.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test32/End Certificate IC.06.02.crt deleted file mode 100644 index 3804a27b44c5cb9fffaa98144b4b62e7798af3b2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iP6D;myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uCP&UyxBdIm-Ya^k#}76yg}hK5E!(jZEl*94hskU)<8E?DdrHxPx`&lg&p zT7=|+#`(y8W@KexZtP_+XzXNaY-BjeaW1~jRODv;pD5;&FFHzcUr)<;Ijiz*_aRO9 zeTl!AK6&x1j_qONx^tnYqh^+tfFVzfZCIXmWJ#KjvR+#X~9X2Cq++JzLR=U0d6K zGBGnUFfI-<2mlACEI%XTe-;*ICe{bwXpmK4;Wywl;AZ1YX!Br9Wo9&BG!O)OQkIW} zi-jY>{Bn!OS^a!)xXUWD03)b@IYozZ?ax1gNqis`RoQl8!{_u3=Ov24eb8PkmWJYLkdz4!j=&vP?T z`2uI=jXBYW&OF%rYPsJ3#5m^i5BphWC8{r%EVN(PyTq$P?}1~)nF{^q%ih22*}>6l U{#!;*EU9eLJ^75JSQ&$v00l6}&;S4c diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test32/Intermediate CRL IC.06.02.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test32/Intermediate CRL IC.06.02.crl deleted file mode 100644 index 2e2e505a0195a7b1c71de49e18d430955bd22f67..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zT~B8{12a7XBXM3!O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aUqB zc3TI`+2DufV&=w12Gtk8Z&yv-&MC7;<$V6K`F`CJMx~iczFy0_{c65*3AT{x-ytc`w#wD2-cbz*OwU5tbg8RfBTorHacNb0v04*kFivR!s diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test32/Intermediate Certificate IC.06.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test32/Intermediate Certificate IC.06.02.crt deleted file mode 100644 index 6df3396b79ab1172d12c26692912fde73d2690f1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 662 zcmXqLVwz;o#Q1vwGZP~d6QjKWFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW% z>R0RYvn^k3o$b?iH|W3O`r88M@{>;a-?_MM$@(MN#vFwqtcNOO3_T6l6Jx$gcI=rR z%EZjbz_>WUAkKgv7<972jEw(TSPhtglmRzLfS-khnTd%793`>}Ec^z%Kyl85HV?*B zW<~=>13{1?J{B$(j(4`*)&X-i_<`d{k3ILzHg6d2u4?BHN7v%$G&P z54}|@zHo2n_qjJ;&bI#}b7`sDyB)u$i)y`^D`m*!JNH7tqkONanvctE+NLwwF1cRD f#wf=>w@N+Jy6luwO2LPFi|(!O*rwXWv^Wg_mN(Kb diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test32/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test32/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test33/End Certificate IC.06.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test33/End Certificate IC.06.03.crt deleted file mode 100644 index 6ef1d03a8a388f3a3f804f65a8bfbde065b73661..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iP6b`myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uCP&UyxBdIrV@a^k#}76yg}hK5E!(jZEl*94hskU)<8E?DdrHxPx`&lg&p zT7=|+#`(y8W@KexZtP_+XzXNaY-HG0@FOd~EWB-6dRF?MBi0F5q+}GnCrG=4gAl=<%9A9>}6myGXwpqy63B#R&@00b#LV7 z-*{QtwT>a=sh*(iq;Eg=E;5Nb!K9L1wKdjVE=6;v&|R)olUG>mSofhN&qVCKHcL!; zM@)$8`=?ucRxUoGolp|C#UcFD)BXu|E}6eho{cPXier_?@H*B$e~w~J!>o>}zxpeE Xmh~U%I1<{ie?iJtbI(hw_Fe-3@+j0c diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test33/Intermediate CRL IC.06.03.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test33/Intermediate CRL IC.06.03.crl deleted file mode 100644 index 4008e3d4680ec259e5b4de487dc6a497a5f8cbf9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zT~B8{12a7XV{u+fO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aS4- zsvgJ<`*j%2#mtS33>sS1VQQv@E3PlyaY$+To>TpQKdJ~SO9`8CRSUY!3XeNlQC9h_ zDADaU>($EB_U&Akf)7qum?*P$`Uyj^;~8Fe>u%l)Y1md<77^rb@h|w9F7wRxGpY@& wd5;fYn8FgFY@XSzkXtl6C-5t)OQQboO?OvaW%#E{2;3narW%(wF1xB8vL<*a3*n-83vGx>O6 z@&VO+cY)Tr@)gPdPFcSYzyDxSVEkruFUjxJ^MYd5T~yc7 zI+OqLrhsUGPW^%W+R#$xH1Wz5R!8Y1rwK)B8x!QZ*Izz=R3R?2o8`QA%BA|2+rjKi z%!~|-ixUju4ETXTCo9az_@9N`aDxQ+Sy+Iv#s-cOSp^n;174swXF{6?V=6PF z0i%H+ND&_k7YoO7R@DQ!VZRQ8<3LuK1sGWk9II!&{(0zmNI!A_0Hd54=<^jbLh9I7 zUw41{Y~j8IwLdn03cBaLrBrf9p^5%VXTJ!32fczsFVDVZ%{*tSS-yl`FPv+AbG?1# zsr-(=7V$IJK4s}%`=Y$%Ykp()S3R}bB$plOnKJ9&9y`A0@go)m|JlbJenl$?=&}m_ dJaX|wBDcyb=XtkZSLeIf+{}FZ(aU&V3ILv?(CPpH diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test33/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test33/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test34/End Certificate PP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test34/End Certificate PP.01.01.crt deleted file mode 100644 index 695de1cb44a45593b6ed8de1c2a8fef4fa8fa56b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iP6P?myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uAc0eS|8Kx7~%&TDA_qzw&?fTTf`IIjsZ*C2r$`(3cuFK!?Tv7axrIJF4L z1&#BO{mjV9z}(o&V9?mf)Y!UPvpj@Z%**qy*zMV1*CpCIz^sYA}^}MV_)EcC-b!5I?rWd zW@KPo9Appx4o+EqM#ldvEX+)-55UnNtH8oP^&L;%q%6yUIs=pGtjSl=Sg`o^G<(a_rty@bm8jX zb=TE(avp0LJbf2oeChi9s76K=JBjPBY_sHU9zJB-wD^9`y6G~lLQmY+?#L8m-#2g5 zG&SbE(P7W(IRyALzkMs;ucE>~-ST01A-~v%B{M!f_g6~u*iyxwTDY&=N8&xF;EwMa S>OZeN{~lJb-^sRgW<3B#x5-BU diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test34/Intermediate CRL PP.01.01.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test34/Intermediate CRL PP.01.01.crl deleted file mode 100644 index a8d11e78881ff65acc0000de2046a881ca4c4b5f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-GBf+14AGZ=e4vnFf=eUGy;+aQR2KN7D(I$$_9#HV`W8Hm_d#M86m680<^1v!#dRJ ziySjc37U(U8ygwqu3b0ul6MMNo--psm&f*%HKW^Gu5$T{lbfy`al7g8v^T@<)-DI3 z9`9dw?`EYmJXretUBH#k&(7YMFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%5S1vVJ z|C@V4=_(Gc75?(?x{9XXpYoGu(bW{?%MlVU%fvHuQZ^`*Sgk30Uw8K{YtO#e%2Fm~ zMh3>k$p(oA{J@}-6=r1o&%$cJ45YxJE6WcOU;#!P8#q>E6L#@8ZF|(9_qd``g1sGoq9II!&{(0zmNI!BI0ArmQ==p-usSo*# z-{^O6w_R&!|N2Ab$!3GzA6sTWn6=J*;{pXmp?tI dp~QNzUTDVz;}|2yDZ$Lrp7I}37Un6X0|5Li$x{FT diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test34/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test34/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test35/End Certificate PP.01.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test35/End Certificate PP.01.02.crt deleted file mode 100644 index 26846be188667b0d0f044d6849ec10182ed812f6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 626 zcmXqLV#+gUV!Xb9nTe5!iP6n~myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uAc0eS|8dIm-Ya^k#}76yg}hK5E!(jZEl*94hskU)<8E?DdrHxPx`&lg&p zT7=|+#`(y8W@KexZtP_+XzXNaY-G4lFq!3A>HO-q4u&rjR>qzWesJ`!fBog{i*9f2 z_o%G#_?lZ;S-C%J)v3;k5FPmy;`d*fK2^H;L3gc7xILw~5n_o=8YC@sannHOh1qc=_5xZ1Fq&f2;Is$+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-GBf+14BInBXM3!O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aNgj zO`SSlf>Qv^#mtS34D;{lZM2t6xN~2oJ^i@<{BVy4Q}%Mr56?UQe4$2_!B4?e@{ej4 zO_tbM>ilbKz?|)o(g^PNt0TvK(;zunFi2sy=5`^v>d+JA+`cZ#Y8e0k diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test35/Intermediate Certificate PP.01.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test35/Intermediate Certificate PP.01.02.crt deleted file mode 100644 index 6a66418230a27039b45b37358b87913f9af100ac..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 641 zcmXqLVyZQ0VtlrMnTe5!iP6=7myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPUF%&T1gYeixQj1G6^U@7P4TM1= z%)&e&MWw|h3XXZn8Tmy9a^k#}76yg}hK5E!(jZEl*94hMp8Y9!?RR!G)C~yGGceRM zFfwSIkL+VcRtDzAUIv54PNv32h9!=y7p*urTse!ZYUHboDjnwhEb?v&dXnSn>W+{iiCI0g+a^zIBUwOsCc~5rkge2y_8-L(So(BBDppzA5Wc<&ip3l|H=LZhiu=Sy%3 zfP-6BnFSax4IHayz5aRVc}PF9UxBg94D=+Qbb9%U`Ri92)#y0~W;ev_&L}*r{9)R< z^?xJ$10Kw&4bPEgshp$sWv21^uAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test36/End Certificate PP.01.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test36/End Certificate PP.01.03.crt deleted file mode 100644 index ee6ec5f4bc2f3b9cf5560eed02c3c629e0ab6a22..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iP6)5myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*jz+ox0eS|8dIrV@a^k#}76yg}hK5E!(jZEl*94hskU)<8E?DdrHxPx`&lg&p zT4acDLF0U6KQpp2FgNxx7&LY=H8wIF-ZI^P`YZFxACFn^yU$b-tI*)QyP_J=UW=jc;+}q~0rw%PpsDe(G}U<~@n`%rVcBWM8iBJlF2~O>zRm z+Hg@OW=00a#X$xE;NX)DFYntvdS#L2x{Qal?XWKbmzo3WG@4wnHlKUE>;(@fCYI>-R>8| zlyub3huyqzXic5W+GznDzYI5CcjbC1>c&cVSZvMX{d&=<$3vD^2Pu!e;onPBc)Bj%)x8pchgx23%vEPe@FDv>l XnZccP+L>{WQ1_#G+n+xcQVak9n5NDT diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test36/Intermediate CRL 1 PP.01.03.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test36/Intermediate CRL 1 PP.01.03.crl deleted file mode 100644 index d4ad1013d5729dbd068eaadac60d34b9cbf07de0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-GBf+14BInV{u+fO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aRAT z?{wVxl`9X;#mtS33@1--TyOp9M#qerNa4d<6r>&`9%WO9a~lpstyi0R_>E|D_N`C}^9hR|NccJ^M^0BLc(dv5SqbCpdBtIt xGbWVID_2Xq=X|Yto5|rbF@KBnyDOSj#fbi_w=7~jtGeprokWS!eK!`J0{|-RYD544 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test36/Intermediate CRL 2 PP.01.03.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test36/Intermediate CRL 2 PP.01.03.crl deleted file mode 100644 index d45cedceef685ee994b5cf04bab7138bb27057fc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-GBf+14BInV{u+fO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aQ+% z0uDOeIq?n6#mtS347n$+{61N=RAb49?|RCn%S$-y51*b`!y))IKhak8CYNO4yT^8q z&v1P|a7?gz@`UNql_w)R*Y_+_s@z@GcHJUFKdgQIldKc79(N`+J^po=?ZuSI-`@t$ yQ(N2lW##MdnHu;1B)wgFV9x~I2g?@xyY2S=$c}^3r7>S;edPOdzyCP%mvsOmM{;=p diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test36/Intermediate Certificate 1 PP.01.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test36/Intermediate Certificate 1 PP.01.03.crt deleted file mode 100644 index a300e8d67e12164f5203f53e2240305720d7b923..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6QjEUFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%FYD}$E6R7zownZk>Xx=c z@7k5V(<9C&tZ$lP;J&@K<8ax5>07cQ>%O23chmV0<-jte*Ay=b`5z{m5YejCE$9=XYp+ zj@|g+^X3zYEzukr(>075?i`*YuzKT?Ym@SBZoOe5wygT|%tbrr2>ch^squZoq<8Ow zm$U8mOZn7YADwJwQkELE=tA?^FO!$sSgj~a{m-x6sXs?+uUc2;;b$xGa*1e>7XT2j+gbns diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test36/Intermediate Certificate 2 PP.01.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test36/Intermediate Certificate 2 PP.01.03.crt deleted file mode 100644 index 87c8253c3c68fcd3c0bb803c3038c8c7b456963c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6QhR#FB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%~EZp>|;h&2Ij_I z27|^nk`;Yt4jKQ;72s;rNi6zEGXhsShwff6sz><@}DFO z>}r^oHr*3kwegU6Mc!M(Yk^y9orIX(A{E(MDz0?a-Y9+2$*`G;nUR5Uak4?80Y5P4 zWQ7?S|Ff_fFas%Y=*seg1XzF(#|DlSSp^n;16~7eHqL}L55`nxMgv9zL6Am17A_VJ zU5S8$PIpdx14o0bG7B)i8aRAT?{wVxl`9W941lrD4D|dISHG3zvX!RR2W?eBnxoP*~#m7N07lfqm?OfEkOS8dEwIM-IS Sx2J3B;%m)wy8inZwF3a5)6a$g diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test36/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test36/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test37/End Certificate PP.01.04.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test37/End Certificate PP.01.04.crt deleted file mode 100644 index e5c5ae8c784b6ddc26a6831bfe077b76eee06d09..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iP6V^myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*jz+ox0eS|8dIly2a^k#}76yg}hK5E!(jZEl*94hskU)<8E?DdrHxPx`&lg&p zT4acDLF0U6KQpp2FgNxx7&LY=H8wK5j(g3g)yE}XQPdiAc{%M?Pcx7gSvqGw> z-R>LACno;vatYdBA{}&?VX8!#+k-O+0H|1aF*p<*XGo<^yUGe?QYw4SB?DRP2 zof5Jyds2L^iJ=CtAM$zbQ0;S?%G8&!Qf@lMZlu?_6Hz zr^j|@R)S^TxiZZp&)T)>d5kMVmkJs22TgFC^!?tsO^k*Sr*E`g^w6x#dMG1PxZYNd V*KKNf_R+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-GBf+14BIn6LDTkO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aNuS z>VBzHdgX)WV&=w1hKaH}DmTsFNl^n+BR zPd%1Zedp@`{9gMe#@QQn6a)-i&Py-NdU$!=$AYb{eLs$L?pbzDP1wir^Uo8{+~&%< xG}~R3Y`Jsi)9rufw_lMIn<}yI5Q|rqg3biZp0(UOMfE*-H@d2?`fS_w3IP28YH$Dm diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test37/Intermediate CRL 2 PP.01.04.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test37/Intermediate CRL 2 PP.01.04.crl deleted file mode 100644 index 724051124390034d35b75627d5a4c4ec008597f6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-GBf+14BIn6LDTkO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aO1^ zyx#sq&_ol>#mtS341H5IVl}?V)?J(3V=AWN$hzjloaBX`tbarPwiTrPocim##Oms& z{Y^jgv&yG_dt#cx+-%zL!Ry!4#~w#CWH?*Z)fF9bx34`oXNOVhSz)8P&xgdX`$=q! wo#ox`)tBh#Gh?&l_3-0jI-P=7SdHzjO8ZRu+k9W}&m-3j3Q2bQji=WD01G5#!2kdN diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test37/Intermediate Certificate 1 PP.01.04.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test37/Intermediate Certificate 1 PP.01.04.crt deleted file mode 100644 index 26b6b96053ecfa7dda9870551ece15646a54faf1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6Qh>_FB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%Nl?+T*-FL5tB+Ne{iwq;i@Hzr40Y?eBf8h zqqHs|J-zR^V{{LH*cZbig-@NmS1N42=~{4i+OO;;>HParOGE_hUC+gPdYpeNeDr`e z6EhYQC;*kIQ5;*@>AZ;JD4+j_{QHqs g5$Z+%_wDVD+@SGq;<6cK^IVD&^LY-u<$Y2L0J9O+=Kufz diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test37/Intermediate Certificate 2 PP.01.04.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test37/Intermediate Certificate 2 PP.01.04.crt deleted file mode 100644 index c0e986a08e0184b8cba0176bbfb5355169d2d6b3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6Qj2QFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%~EZp>|;h&2Ij_I z27|^n7fkr2Zq@ z&bUq4GFk7{o9%9!%?k719@{CqU$?sC@6~4=uk~t`%-*hpy0ZKr0Ty7yv4LYnR)K}zfY*SVjWeOmgE5tv(SXrF5Tuchg^Ptl za?R`QPXtXg!O@+r(>^OgPuM&g}uC+3$&0+oKMDsI|O& zW?e6HYrW{wzTPuRKb`Eh{OMELJZ+!6h05o2l?sOKi=2<=2Ft#cPbrBOGx0r?HS_(u SU5{24Z{N>Y@Ns{Bj2!?B3D39y diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test37/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test37/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test38/End Certificate PP.01.05.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test38/End Certificate PP.01.05.crt deleted file mode 100644 index 9331b90a2e65f6bb50fb9036fe6e381c28eda96d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iP7JHmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*jz+ox0eS|8dIqKja^k#}76yg}hK5E!(jZEl*94hskU)<8E?DdrHxPx`&lg&p zT4acDLF0U6KQpp2FgNxx7&LY=H8wKrX`G+fwXdmH_VjiJr$ElFeJ8z~ihrr^l@e%7 z$v)us-k|S&-^v&6C#RPtTzmH3S?qo2vuXcN6ok!>dD#%yJ7?Fc`6pH%luvreziQe$ z)tG%@UK?JqE#x}3xsm6GO1M3DnRUIqUiAv^C9JF7FX0g`Zat#%LG8$`+Y64jad>_U z)QDzcW@KPo9Appx4o+EqM#ldvEX+)-55UnNtH8oymoTS3I@+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-GBf+14BInQ*mBPO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aVn6 zES`1d21hZPi(@@;++)7Re|8|px*3yIO){pI zF82Irx65+R3d=;h&5wHjJYPHQ;e)AsuU`u8`owr+>$D{6m1@V`LQ;gA3@shcXrE)r^8K1*vS_-C}PI~v@nCYMcN7 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test38/Intermediate CRL 2 PP.01.05.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test38/Intermediate CRL 2 PP.01.05.crl deleted file mode 100644 index ae1d7d5e8fe0aecb105433de406e4fb13785302b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-GBf+14BInQ*mBPO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aM)2 z)^{{D&X|GbV&=w1hN*L{+LQi&zPO(2s;PEpZcgzT^G^o?o3bNI w!C3Rkt!YQ4?cbG|^-c~pv{=jIEPVB=e7mfx=pvJJh8F#)r#AjOY#clb03ujr1ONa4 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test38/Intermediate Certificate 1 PP.01.05.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test38/Intermediate Certificate 1 PP.01.05.crt deleted file mode 100644 index c8ee614f43411d66817d982ecd5a498d6ba6297a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6Qi#IFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%iMTt(~7mG89!b8iFG@3{Q({W zWy>u-zx(TB>chX?-Y&h?oFUWwhB&8ozTd^*w#(kB|AG@#-tzgmy!p9qn`7Sb58^fL z?TjC}n7VuS7{9UaQ@tF&e@~gLxXQuLB9oGT6nJ+kG=J!in8&(XJxD)xVp^O%XU#<> zW=00a#mNSV2K>OFlNDxU{LjK_zzn3op)1P|5?}#F92+=RWEEKW4R{T>**Fv0JQ!1% z84VZ>1VI}4Sh!d?`VK6fb>;>~F*q7zm05uC)xfcO*6W{#o`>`!hXF9wnSq{#E{2;3narW%~EZp>|;h&2Ij_I z27|^lSU=E#ziot|99qWVXmQ>V85p>lMHFxl#N_rtwa)nf!a&2EWb? zie71x7wyQK>(Wx6Hn;Uo;*PAlPu(?Nl{B<^CPD`S#6etTbuNmC%pfen_9MHsz>hc*QVLdb7Ff;#h)@UGcqtPPBut1;0Fes ztS}?ve->5)W*`L)U0HsR01GhU*ub$OtH8o{SG;96ft||j2mrd-f9Q`T$i^>f8l}Cy!>rjT)t_p zN{^eAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/End Certificate PP.01.06.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/End Certificate PP.01.06.crt deleted file mode 100644 index 57263d4cb1b865e793e7a2a7d4d28c84d3f32805..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6JxLeFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%~EZp>|;h&2Ij_I z27|^cq(k96)gmUBFOSPu8~gjXebPk1fQVj)qs?T>R%d!_5| z<*6Mq(vGsrD^E^%#xFN%rI_iyolACBxhT6$s`gxZd(YvC)AE^^85tNCCmSRh@B@QR zR+y3TKMSh?Gmrv@t}H)DfQ6Zf^#M3mWEEKW4R{T>**Fv0JQ!1%84VZ>1VI}4Sh!d? z4FBJAS6iaZ0geV)Wfow3HE>+&G)ffX;9ra!2EbTn26~>4%iYDo$nMdO((}u1&E*i- zc!go@tBqG~o)LYM!K*#V(==1!#0wL%Rct?swuIa}70}qj$h~Po;{Auq4?VfQWBSYQ zq5tn_On3O`lMyxJk;A1YsqfcI9Td>6Z)XYcblsVJ_Ji#Q75CFGL>IU|<&5GN{Zgn~ T_Vs2O&r$Oa3uGk)ZVCec!$Zq1 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/Intermediate CRL 1 PP.01.06.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/Intermediate CRL 1 PP.01.06.crl deleted file mode 100644 index f2a01385e5cebba4c715db163b62cb2df7e97a2c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-GBf+14BInGjU!^O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aQgZ zS9=8=zTAlBV&=w12A6$$ytD5YGTg{2xqs0AVFZ(NiSh2)y9849Y+vkrd1a-_jp=3k z>w9kciXGILV41J8}QHO*i00L7hXoB#j- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/Intermediate CRL 2 PP.01.06.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/Intermediate CRL 2 PP.01.06.crl deleted file mode 100644 index b6672d85a046c2816274b562480e9ae30aba85d3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-GBf+14BInGjU!^O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aM=w zr26>GTzVDF#mtS33`iWL~7q%sG1xsBC1f z=O~>P=_Ebf*LeD^mV|TB|H^CQ7evpjy}4WIhW%3}hx?}P0cCoTOBwf`&Uxs=b!EDI w@%2a3Cj~6JkzpF2yP*5IM9$iU^_Er>F7{vhXO?I6MEoODu~pICccyDR0Q@~?6951J diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/Intermediate CRL 3 PP.01.06.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/Intermediate CRL 3 PP.01.06.crl deleted file mode 100644 index 453420be8d2426f5aa1c81bc9ffeb1898ddfc315..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~m z-GBf+14BInGjU!^O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aOU> z8YPNx@GnMlF>_-h!}970ezon~>w?8n7N7g^&g&BAf$5@I!ZE%XZDrRlXN6@O-ER8! zRl#X3*HtE|x6DpobRRm!+VY2=-I?eS!;rtqGNzAFx_(B?Ru3ji|!Y6k!S diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/Intermediate Certificate 1 PP.01.06.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/Intermediate Certificate 1 PP.01.06.crt deleted file mode 100644 index b7003f7ebd9a6325a2a9fdd249d5f7457ba9848e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 706 zcmXqLV%lfW#H7A}nTe5!i7~){myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPUF%&T1gYeixQj1G6^U@7P4TM1= z%)&e&MWw|h3XXZn8Tmy9a^k#}76yg}hK5E!(jZEl*94hMp8Y9!?RR!G)C~yGGceRM zFf(YJkL+VcRtDzAUIv54PNv32hQ$>V3^M1+9A3QpmGsu9WpfYAn7pAWCU%Y+gUhQA z^_d~FttZT=eAo2S`ls7x!#!VF_BKZuA6?eQn=N#*n)%${xD}?6%|${^@1_?lciw%_ zppoImT}8GDa~nD@=2cggOz;u>{_5?fr(Wfs{{?I;ZB5rWv7vq=!_V^v*DEQUIw_DO z&cw{fz__@v+n}+-fFBrmvcimv|5;cKn1K{Hd}aAT0xZC&V>7S?DNtZBGcYmWX5&m~ z^I%M6W;9?#<}e|1n2|Xw27(~%d@Nin9JSr6y@C#3ZUo1dtTGEQVjDPC&wBmy(DRUf zD}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uAc0eS|8dIn|&a^k#}76yg}hK5E!(jZEl*94hM8~cqA_BYN)_Aw(X19M|9 zgF#~_Q)45;9^PFu0{@x6yCpVNlFxz9e_GcJC({|rRI1)9PU>ZR+5hor*^?WhdRnz^ zr@0J&tU4Sbe`W&TF9oF(gC}P_9A1ksE#5V=v9NEcSmEiujFMlmU!|-L9G2Vv*3tXn z`J$8S)jIT)pPC+F{m3z6*^4vRUWd9XX3q3F!xX$e(xLY5`Hz82%!~|-i)#(44fugU zCo9az_@9NWDXNDhuJ_7 zq=S!zi-kkrNUD#|%%xYs5hSb30*uK9j@s_kUO|U1HzJ1)Fg-8>gN0k|@~h<86D{U% zb8NXcsr*vlSq1JL-~XO`p!CPhzuxkQ(dD)GCik{1`W?G(uir(}yJr+<8DHzWxHLud zh2GDr*?wZrk~+&Lyq_D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*jz+ox0eS|8dIn|&a^k#}76yg}hK5E!(jZEl*94hM8~cqB_BYN)_Aw(X19M|9 zgF#~_Q)45;8mC2u7uRfD(r9CPd(N~^TX$|dJF#Z{dKc$ag?)=v9-la!URNWSdoo2t z*|BtGWK#P(-{dcAU#(w}wT8`pqIdPIa~}?_j9h+UE`y{*x5Dmavlv-jW*K~FC~dvn zoG{DTXye7DUti|rw%`48_GE8&c?SHz zppzA5Wc<&ZRtL<^4*EIe$O~8p5FViRPhR9K>EEoU+Vu&JD7BYYke;J z{-etzw)kt!6U!8wuWi&gap|5NI{NX^OFBgDJdTQ6^hmwA%MiqN`t%&`08T{JX#fBK diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test39/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test4/End Certificate CP.02.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test4/End Certificate CP.02.01.crt deleted file mode 100644 index 75d2fd50e37df29eefb90e7329023a77ab64b768..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iIKyAmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*jz+r90eS{TdIp9Da^k#}mO$Fj&}6myGXwoPF{al0?-n_&KPyh& zH=4}m$IP`beA=Rjk6roZO3pb~tL9y6IwpIkIe>51j(7t*FX0tg_j$V?u&(pz_ULr+ zJQLM1ZIAkn*ZaG#?p?6$i=$C|bfLtLi@Wbl^A(%l={UVKPqS>b{bUoHB|j~*&)z(I X+Vtu1y>T;@HtblJv`taVBeo6zbCuLb diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test4/Intermediate CRL 1 CP.02.01.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test4/Intermediate CRL 1 CP.02.01.crl deleted file mode 100644 index 2f30c77b538a33291011b469476c08e0e810b7ab..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zUFQHj10y{HLvdb9O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aT`j z#T;FbRrUhS#mtS33{%9WhW@&_>d(ZM)Uyc@ORld^XQ}9|Syk}KH=-dxpyHbB%rA3R z2er>wbGYqH?L_XlVgv7Y(fJ)q&fZa4nwoD`9Jj3Yo>8)_>a&|7pFImS6fXta)ZTuz xdT+-iqgQo#OV)HBN?ak+SikIx>ZbXp<;uh6m|EyOKDO1p@Z+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* zUFQHj10y{HLvdb9O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aNj8 zs(B?mJ3AH4#mtS33@wc3ouy*dnw-6mde54RC+>;Jf@1w@Lrr6c2+N?)%0;tXOJ{vk zovCo^@7E&%`#R5TdAOvd@q4F^km+va8S(D%Q}xZQUer9DwRNfgue3Q!w0ozl<@K&9 vR5O|w@t~GFNc!E4NnTsD6u!%}1y=2A|8#@ti2hQY>`>v*X2mmU>Y-Bsj2~n+ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test4/Intermediate Certificate 1 CP.02.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test4/Intermediate Certificate 1 CP.02.01.crt deleted file mode 100644 index f4e88d58cc91b46aa1abe84f839a3a4008b1095d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6C;}eFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%E5)Jr)K_@HB$oQXy)qojDfkRi8A0)s6j5s!MtjH>`@Eh;*U)WR+Qf@zubwde-Zohn|P@BZmPn)|r8xw`Bg_ z>H1sjQmX#V_q!YGKJ}k{_UoU8>>jIQH@4~~^5@ckHj{3ZTBi#JN25S{@7qbgzmFF2H f6tmm#+27Fabz1AOJABC&mc37m#E{2;3narW%Du|VR|#(pD&{f+aHeay(pz}(o& zV9?mf)Y!gzq3ugtA~VPZJ{mv7Gxyxw6JvLj2P!|g!vH{ZAN zd@_A^=l#!Q{jGn(vwC*I)dkzq?cJxV8a^(a6MfZ&U#_L&)QP>jYr>{{N%-}@P4ZJW z`z`NF`9f*()m{~HYbTjL=6mm~t1_|Xk>u*2B~s#BlhZa7`R-(5W@KPooNSP2zz+;M zSz$)T|17Kq%s>hpy0ZKr0Ty7yv4LYnR)K}zfY*SVjWeOmgE5tv(SXrF5Tuchg^Pt_ zL9d!u!n3ne!Ot{PSb1P-kyD(}Ayvl{ z((y-Lv53Ux3ZGtAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/End Certificate PP.01.07.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/End Certificate PP.01.07.crt deleted file mode 100644 index 24ce9e4d805e725778b358dc5d5b08e252419f78..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6JxjmFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%~EZp>|;h&2Ij_I z27|^U8(rObHatyXMfF`8T)FJ&|SmR zm6CDa7kIKg-M9SRjqm@2Onr9LGZ$T0vc!)ettj`FZJi%~w*Rj1RZIUmr+ZCj&^%pV zU!-3oxZ+!ZTbX{8@QZ&(R`?h%v^i#5r+V(@Wtrb+{OneW-AiR+W@KPooNSP2zz+;M zSz$)T|17Kq%s>hpy0ZKr0TyN^)(7BNkyT*fH{dnkX5&m~^I%M6W;9?j5Cm!DW8q@q z_^(%eEBxY#I&d_|DzgCNtAQiHXx%$G7w5gmVE~MEW}xTI;)_cT&CXg|Ve!w>_R(Jc z_P3VWOFMJtc1JbD*Rwjc_9tw5kzs1$9PjbG`Ec@A30L`K4a?GqAE7S~{ChopR@sfd z)TsaM0kfh%e)Nmd*lk>KKITx&f!)kvUW*@c#B8pq@3C%KbTo+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-GBf+14BInb8%ivO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aVW; zggg~;BcQvF#jC$u*0mrg5f(qBrrNB3!KO> z?5nc~2{mS1-F5qU$nIT>v=SAo`ZvVtR@O#_crM)j#HCjE;(_#?>J!{;?@Zd3&Gq`z w(Y@yd_P)&hD?eHSf*yZ_!<5&QI4mEbR>#DzN#JUXfi01CHe_y7O^ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/Intermediate CRL 2 PP.01.07.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/Intermediate CRL 2 PP.01.07.crl deleted file mode 100644 index dde5a124c9d4ab9279ebaae86c1a97ebd5a9eeed..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-GBf+14BInb8%ivO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aO=X zF`8bSaLxtI#mtS34E07EOsbw z=&QNeO1@IPS60_I^i7|8dAYa3UN63B`~ny+_ZPG;-1(tuuA@=E@$_`ncBjoYJpmr6XRZjml=ESI`ihmQ)459y0FXdruK)l5 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/Intermediate CRL 3 PP.01.07.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/Intermediate CRL 3 PP.01.07.crl deleted file mode 100644 index 713fa4bbf1fcd5c90a3bf892fa3ccdab0cadb423..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~m z-GBf+14BInb8%ivO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aM)s z*1eN+ao&sOV&=w1hW`CMf{)~`WOgpy5+b(j>>BIK&n`aJWacg1zBBn??QK`f?H&uR zdR1L=w{AOkT7KT6m-4T6d|r7fZLd(j-+CZxcGb*rR(g=~^bd~n xCOrA^KzhF9^mNXy%Mp7rc5e-3Tx4L$sa&lgY}7Sl);H~sv#;%+7UaK{4FDfHXz>65 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/Intermediate Certificate 1 PP.01.07.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/Intermediate Certificate 1 PP.01.07.crt deleted file mode 100644 index 5a8ac50060f0c3c96e00c5feacceffa3fb18e5f5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 691 zcmXqLVp?y|#3ZqRnTe5!i7~{0myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPUF%&T1gYeixQj1G6^U@7P4TM1= z%)&e&MWw|h3XXZn8Tmy9a^k#}76yg}hK5E!(jZEl*94hMp8Y9!?RR!G)C~yGGceRM zFgIwNkL+VcRtDzAUIv54PNv32hBtTTAFX5ZJF%*c@4R6rgU{u;ccL{Ta_krUww}gs zdv}hlocO-WI-i8~cN8f5)!5a(jj7D9dekGf?ETqP1<|s`1(nO(Iz0NrSJg~WoR-wx z7c%37a>X&BtKGXFybntjy^?axpGP?GaNV?TkyX>%FMV=tv&sLqO8>EYb?_D5Ex$yW zm>C%u7uOn88}I{zPF9$a@jnZz0W**ShpsF?NPq(?ER11)4jE*!d8*FJAn7OU&rtE|^pbVA&n&9dK{|F}Ed z^u^ZWcZF3h8Rpsw?Q!o@yc6;{V)Y;9QNb&vJXjR%JPo|B(e#M=eP l)`^AthD}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uAc0eS|8dIshOa^k#}76yg}hK5E!(jZEl*94hM8~cqA_BYN)_Aw(X19M|9 zgF#~_Q)45;YU}?shwn8uPZRdbjxD~;{eiiGC0*k9q#EHc>pvMGw+^Wn|M*gNAzIkw z@q>jPT2sCGJ-5xYX%A6lxcr5!Q#W|^g3mLj?hmhPny$8;tM%_1lanXix#VW3Z;h?3 z3E+BuY{_P&rjq~3J-ed4P8C}P$^1$U`z5K|%zL)znNoM_<=zu zE6m9FpM}+c8AyRcSC$_nzygdoHUnjl0tFTs11SS;HqL}L55`nxMgvA<4wHc(ND&_k z7Ym2yJVw)t6VADS<3v`O1sHh^9QswlA2*s`VnGfNU=m;khD82_{cDv^bj~YveaqQd z;xxt7^zBT2=_|5A&o&<@om;Tq-F)}iKR=5(HaXSrin+VG?HOySF|$CJvy%Bdj?Jl4 zzb$`|%1|n}cEQa13pTgug~+?+`k9_LDHbm^wQ*l9ymr;pxeKPS%s*>=G3k}V2PUEO UHnB~O>ApJR*J8c+@>@#v0Drv6O#lD@ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/Intermediate Certificate 3 PP.01.07.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/Intermediate Certificate 3 PP.01.07.crt deleted file mode 100644 index a0c673453ea66a365f6779510ee8ee3b9a34cd42..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6JwYGFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%~EZp>|;h&2Ij_I z27|^>vS0|ONIZE*8g+5PV}(9{U?oo^B$h*Se5b8 zq4mNm=b}o^Tix%Cj#-wl{S?~a{<>9q&PlI4j&!NNI$`R$U9*@zy}NfhOhnn>P+8j9 zz2*-WFA~=_{8RP+zxG4V@~Xxi3!i>_+ckOqqNX#me{R0idGGFDCT2zk#>L47i3a?@ zppzA5Wc<&usmGoul-Er$%kh6+jOzq7SOVJ+`hN?*}0@l8-~Yge}ueT ze)6q_vrEXC$!*?NE?>RAq@GIJy)z^E>5h;ly-9(*-9cG5ZVB-|Jo0+ISw27Sg#Sx9 TcCAV~sd~hs;Pg{FpBOIymwVQH diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test40/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test41/End Certificate PP.01.08.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test41/End Certificate PP.01.08.crt deleted file mode 100644 index b88e38eb9714f61d8869462d04709275ca3bafc3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6JxXiFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%~EZp>|;h&2Ij_I z27|^4m_?#GR9{4psj(_bd`&Xi?pYMzGFnKpCILbn<()8fZ z$+nY^tUYV;=lG*DN7l_WlW>dO+Ts@0X6*Ou35VRq+VFpTeqClA&)?YIFg!G6#blnC z=^HvvE-wg{2;^<(ZdINb*U)uE`9hkF^sgtz@9+CP>$!a~)i;renUR5Uak4?80Y5P4 zWQ7?S|Ff_fFas%Y=*seg1X!4vSRa66MOJ}@-+F@?QC$np>TPRvG*`WwY+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-GBf+14BIn3vpgcO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aQII zzx`mnAASnW#mtS33~fHb!XMcf-+og+Z@x0>;dREHM|sZuNu0m@&pY16?pwaa={c|7 z99yjU=itK93wM(rKD~14+L@h;r@gQ#+_H>)3w!@JwcpL5dgb5WyEA-SzR@{n&C$=6 yI}@%hS1wtdH@Qpb!zYOe=bz^AZBmPCbvSlc=|+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-GBf+14BIn3vpgcO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aVWQ zibNYy9y~{LF>_-hgZYAh4KBh@8`f{W{WMVB?GeZ2hMPu?26JaB$?W{)_2A%srq=yp zb;YVRNyduL_S)Z_P$L8E(b^WmBQ_|Epo@dc*d1vnOXxkR-c-AQZ0G2OlbpQYW diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test41/Intermediate CRL 3 PP.01.08.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test41/Intermediate CRL 3 PP.01.08.crl deleted file mode 100644 index d26dc1b750579935cf36212393c7512bb82060d9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~m z-GBf+14BIn3vpgcO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aNI_ z$ES$z*IJ6^V&=w1hDiw@x4-)NEi!Y-%4OeDCNKP7&sw|MTyd}NC-(O|atkc>=DuB@ z@aWTptELm?%isUGPMCN7JJIHKnzk;F4vUrj_dYBUYODHa&oVcuoR*KJJC2-7OFtQ) xemVZeiA;^+ttxX?9-L(Fwq4NuFn^rjb!EL<(^C!3{+t$QGBx&H{r4$mdjZCoYi9re diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test41/Intermediate Certificate 1 PP.01.08.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test41/Intermediate Certificate 1 PP.01.08.crt deleted file mode 100644 index 4b96b2afb80c3ee53d02499846ffc3bab5abcd64..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 678 zcmXqLVp?R-#KgUTnTe5!i7~=}myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPUF%&T1gYeixQj1G6^U@7P4TM1= z%)&e&MWw|h3XXZn8Tmy9a^k#}76yg}hK5E!(jZEl*94hMp8Y9!?RR!G)C~yGGceRM zurO$xkL+VcRtDzAUIv54PNv32hQrml?0V}ie%vb`Y0c7cwLE>2wA1mK9~q|o4wrtd zY{#^zTgCGF@iWhSO4=Q?3hv~6Y{@oc4tqP>U5I<~|EqiKCxou?*b;Z+qU)=sDZjVd z6)}kzNE)B4w3{@w!BOmY>#?7gl;&zg`+Z{Ol{jEHrNra%{I6RrikQyl?C29-FLLQC z6Eh#$HK+J5tIGx2kZUtQ{Xs}Rb~N3UIWMKS+9Q{dLGh`93a3Xzzhrt zvFUHkr+Rjp8IO5By|@2xS!TyhwVuDty4|9(Jimfv9{DDi$AzEE z|IMFKZSH+@8be0r?``2uulzN3t^d{Xu+7tcb4O87qjB>`S4W30{(BP*ni5Vd+xdBI jNb#qQyLPQsjk(dtSG#E{2;3narW%~EZp>|;h&2Ij_I z27|^fKlC z*ERMp{r|Z3+rLwLBqJkMFPzNgEc~h=(fGf|<2RA-8F(j}b@FLiMR|QPS+!-#T#E{2;3narW%~EZp>|;h&2Ij_I z27|^$o#9GcqtPPBut1;0Fes ztS}?ve->5)W*`L)U0HsR01GhU*ub$OtH8oMeT&Pp#Wm+xDred|^|&hC|P;N1JoaDveHb T9Mm{DXK(!1wbx3Ie*OUfa(UF3 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test41/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test41/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/End Certificate PP.01.09.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/End Certificate PP.01.09.crt deleted file mode 100644 index 9815c5d5c56e0b274fafc6e7a3aab32c96c327de..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!i7~-|myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*jwZSR0eS|8dIpvTa^k#}76yg}hK5E!(jZEl*94hskU)<8E?DdrHxPx`&lg&p zT4acDLF0U6KQpp2FgNxx7&LY=H8wKr=0Y35DhE55i*HhFmUyTmoV#S2#%n17N}l(;Dv7`)UsclAdtc16wa z4W{?kiM8kYzBqK8VbkK?VWf;FRTOWc<&TI6lbxuYBJZ55qgq4MD(*EPo_ueD4kdw)55+UTLwf)gVQV$rctQ@C4iLC(u9k9$A diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/Intermediate CRL 1 PP.01.09.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/Intermediate CRL 1 PP.01.09.crl deleted file mode 100644 index d4f21dbe3274d46e315fb6394f367fe5a6925409..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-GBf+14BInOL1OHO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aSr9 zoVvNA#5xSk#mtS33=`a~RuuL{PQBsF7r!y5v%x!0U9)D#`~`+5mK2;``&5b3*V^y= ztL+C*M)1DA{MpvWI4{NYhQTSeulbB;8S**ar+4sOoUgZGp*XAgs@Yc!4fi&DLW_?N08bxj2><{9 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/Intermediate CRL 2 PP.01.09.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/Intermediate CRL 2 PP.01.09.crl deleted file mode 100644 index 32906057a382748cd5ebf18e7299f4a92ff7f13e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-GBf+14BInOL1OHO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aS90 zXC&ABTKWRb#mtS34B?k$KYZ(5&>8$T$zblwthIY|+}EvVT=M5|h2F=48*%S@EL$Gd zD+&hvc7MUDEt~$x?Q6@KmB})-2OVT3H?EI7Uus#f=Va09EZ(!J@^fz~@blC~-8YQ7 w;Ssmz(b+v>nligQ8=l0N|K76QXKsz$x|dUGgt^p1`Pa1FpOItFuI#rF02uOTGXMYp diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/Intermediate CRL 3 PP.01.09.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/Intermediate CRL 3 PP.01.09.crl deleted file mode 100644 index ee2b2b18c06419cd14ee2146d98624a6c004b1fc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~m z-GBf+14BInOL1OHO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aPhP zimT7+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}r z-GBf+14BInOL1OHO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aS37 zofFce_qr0z#mtS33`^&x9-h*<(BHUXjrcRG&?rS$vCig()x6U@#h)eCe2Qg!abiYJ zR;N-Ar|b8Q>C)#d|8D6@u1-H${=p<%bUCxbKciv|kb(JmvVUiHXT296S4OXXD}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPUF%&T1gYeixQj1G6^U@7P4TM1= z%)&e&MWw|h3XXZn8Tmy9a^k#}76yg}hK5E!(jZEl*94hMp8Y9!?RR!G)C~yGGceRM zurz3#kL+VcRtDzAUIv54PNv32hLbB*R!LcK+?mQ*!+(8J6oVD-gssyXq~L@sck+{>ZGGJ9p31?pv*Ex2?9`ezHcQcHMbkjtfSZjoq0NIa zm6_3i5t+k;%waYV1nJ;o;bP&K>T>GljuPuIa0JOJvjAhVfn)Wo*FO(E59vn^9bkH3 z1_sN#t#kIOoVgPAeUgpue8)a{*MNnmKFNG5XnD-`xveDizIh%?X2U_l?6+6KJVKre zt&O?4ukl$?F1O{{2d{4}{kL~Rr_bh!sn?e`vWHGKQL{-3(3zK3z50XTrMvp^FA`s} mR-L(5xay^!ahpxiF_+^dVd|#!dWM#VcXsV-KPc#>D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uAc0eS|8dIpvTa^k#}76yg}hK5E!(jZEl*94hM8~cqA_BYN)_Aw(X19M|9 zgF#~_Q)45;wLr_@&R0rr7aa?1ZfIJ{bYuQ6)m7&rfB)Fm_VSPc1E2K;sTKATYW{B` znE&sc`LKO{$|4uhDTn8_KRcbZ@RdTu(bK0l%)(B{FI%FJlMh|FO!5CkdW zW8q@qU{;)wT=Q$`3vissDzgA1uYqH#%c+|?O02_>0|b}^n1La&IeC%eYQNGoc6DCs zg7-C-)NEnw`R)|JXZ|{CPMGn_vp=tjhF+ZVns+6`1Ff4L@h3I#E{2;3narW%~EZp>|;h&2Ij_I z27|^usyn~gqQ=Rw&wQTp{aXUv?K=d6eFN_wI#f7!cJeN3zp}V0_OmH- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/Intermediate Certificate 4 PP.01.09.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/Intermediate Certificate 4 PP.01.09.crt deleted file mode 100644 index 5b6ffbd4e542ea441bf15b1e9174052ab824ab6c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6JxvqFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%~EZp>|;h&2Ij_I z27|^lUB#{nK6MXK!n$N_{$iTQb*&xw?9~gA9 z!i$ZuK_n3XF{6?V=6PF0i%H+NFyH$7YoPI zqjN%<^j=qjqd``g1sGoq9H(Z*)#vujGDHpoV5~C(JzwM@dOg_rk8OU3i0(zq=71AT{BQ-Tg|tpVA7= zU3N-oS@)j?70pmrNBG1%(wE#e Qd7&bdZn^sGHdRMo03K7zKL7v# diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test42/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/End Certificate PP.06.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/End Certificate PP.06.01.crt deleted file mode 100644 index 9465ea5bf8c1866522d21cd4c6890ef6705a133f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 626 zcmXqLV#+gUV!Xb9nTe5!i80lHmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*jwZSR0eS{zdIp9Da^k#}7C_q2&CNcGW&$5Mb2_MhLrbc4gx#qkotCiCVN zvEF84W@KPoY-L~p4o+EqM#ldvEX+)-4-5o>o{{Ba;bP&~@1gK!kF)V>aQMn9vj8Ka zf#c+CZnHm|6el8k4H%uwKtDBG7P2Jvv3>k-+r96swt>;A^+BaiEP_W9uCn+80`UcdhHW08_g-r5I3X8`;? B%9sEE diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Intermediate CRL 1 PP.06.01.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Intermediate CRL 1 PP.06.01.crl deleted file mode 100644 index 4ce26fdb9cead5f64d4e9f03e5fc005322a5ee9a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-GBf+12a7XLvdb9O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aUeA z^d;P`@3BX7F>_-h1NZjzcFVWyeJcLju=48tvmJR;4>1~8{B@sh@PFfi=YPV)y{=r~ z=i)dK@htt$mlGR1GJ{O5FNB2{Ob#wP6ddl@yw-7A?`!3fr)DeL*0zLr%(r~YY+L+s w-~Xp2G4qc%w3mPRJ-__Qi~P8fn9DlfWcl~4c$j3kHHXE=bv-A0(_~gZ01FjqS^xk5 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Intermediate CRL 2 PP.06.01.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Intermediate CRL 2 PP.06.01.crl deleted file mode 100644 index 9820bc6f6b44f6db67c4302937695ce2af2d4ce3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-GBf+12a7XLvdb9O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aPyb zSFKp?TG@!^V&=w1hEBIfD|xT~6M4`l6(C`j^nasz>ZwUh3am!kr{4E}mi4!HYrzR0 zf9I8R4td`x-BXbHKp@ANO?2PX_qrhq=AF|NXQ{iG5%cTvi(B?Vg^yp|JH)hUWn83j xDc|oE_O}jJpRrzIT+#Hv^2@S&livM&qRjBL+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~m z-GBf+12a7XLvdb9O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aUGL z^i17l$kB-AV&=w12D2Xh`rk5{PBtCGV=l4O+V^=9^CG5-+~rFyn@eP{(YeSXra_g(rQuC;mykQ?nt<%od5W!^0M`=UDokhul94kpT~b9`OfLB=Po6-a#&ab05Mf%TL1t6 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Intermediate CRL 4 PP.06.01.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Intermediate CRL 4 PP.06.01.crl deleted file mode 100644 index 4b4136209a8e53ed951386e3d5f9c924a13f042f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}r z-GBf+12a7XLvdb9O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aPhQ z<~IAYNpT{Yi{2t!sy6lll8rbKQGTw)8;BE}z9O xwm(t8pLPF}t=Rco4~lxVr9GXO-NYqS6W diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Intermediate Certificate 1 PP.06.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Intermediate Certificate 1 PP.06.01.crt deleted file mode 100644 index e18a4e1688ab3ef3948c8ffdbb33a7a1c83a675c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 679 zcmXqLVp?p_#Kg0JnTe5!i80ZDmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPUF%&T1gYeixQj1G6^U@7P4TM1= z%)&e&MWw|h3XXZn8Tmy9a^k#}76yg}hK5E!(jZEl*94hMp8Y9!?RR!G)C~yGGceNw z+SoWB*~g5m49tza3 zvz6zCjXf?4${*EDPw4tlT60w8SJKYJRO1Wz_LaBRX>Lli5xE>SUt`(9%|0w|e73Zl zbDAA;;KJwb++#aDqoS_5Md_tl9)42A9rSx~a-;0Yn_ZhMeg#O^Z%O(ouuAq+I?Hw@ zW=00a#f1j>2K>OFlNDxU{LjK_zzn3op)1P|5?}#F92+=RWEEKW4R{T>**Fv0JQ!1% z84VZ>ct9FeK)MJVenURaM`RGhOVzo}c^WUfpE72Y`zbqfsiEY@lM}qBzc?@t0I)~WG5`Po diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Intermediate Certificate 2 PP.06.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Intermediate Certificate 2 PP.06.01.crt deleted file mode 100644 index 1521fce98b72caace22e15dab50da6483a7e368e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6JwGAFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%DLFUrNej|kajq{Ox%*e{X+}O)t z(Ade;*vPPL-RwLUpNEnkIq&*&=zPffZL9Nh*?gl9fpW8!bWM1bqxb&1RY7ym)(>$! zNeaSCKCskYlv}oG&85`&Wv^Mk7i1WSrd`)Hc4N30aJ`6qVypEDo8LLT0`I!-Z#T8) zI-^&8GRtk%!EMhEh4U1w_Lgh?`t{HHN*0AD#>pSkxzcR^zGq@)WMEvJY>;Tc4-7h4 zVMfOPEUX61KnfhXviu+c7GT7&fn!Bhfra0I*MOUiGoj6cF_oFofYCq@q>+z>i-kkw zch!pJu9c18XpmKA0mfGYN1L0zgxmE!_Q+uXjCE$9=O+ZYnVawZzfAnC^dC|AjGVv* zj;3m>JPAjZu&>FsOB^0(MO!yt`zsXgd1O=H)GWb;Z60ekO3jYXUAxfCy1a0u_#E{2;3narW%DLFUrNeq)6Fjq{Ox%*e{X+}O)t z(Ade;*vPQ?=$}Q;GYtOE&VBtq%7pc9a*bp{ty|}xV+-!dG#}Re{jPAPd3JGv?f+?y zGEGIfed>+kmd(CrV#1$h{82;bolsfvx1!BX3W3+m!i?`8%1xNJXN}j9;3r#}%A^t{ zHkf3DF5$TPBlz%o$AwMvvJ?5XR((*MDc#EuBeC$P!Dq)^s!Ys`42+AD4H6Cbfk7uL z%*gnkh1Gx=NP$CFmLDX*0*p8|aIDBGu<#r38gR35CbW4lrZO`cFd7JgH1e@6yCAkfRYC4YJBC!1!w5Q2AZ8V!3N&BXSr3W1Si3d7qmX4LR5Qi^O;w<$g46XYPx4 z@kxfKKhIBTP*u&YW&CvQ*2QNfY;8*n7y1;SFrES$2zwa=;jFf#^BA&=P-@kArZ~U5qiwl(JTo0&R8J9SpgIV}PQJQR> PWvYyOx1+#E{2;3narW%DLFUrNeiMZKjq{Ox%*e{X+}O)t z(Ade;*vN43^$PEF*)Yiit7g1$*Z%clYw^m$Lje}D-S@o0?1RnHRM*vd=;`xW#%jc_ zdi&Liv+c0|hi@+oPT!m5vVU?{^y0@7Czyqtvi`-y#4~SCG<+v;Tc4-7h4 zVMfOPEUX61KnfhXviu+c7GT7&fn!Bhfra0I*MOUiGoj6cF_oFofYCq@q>+z>i-qIl zY;LnZn-nL4qd``g1sGoq9O-v@rtUK2XhaSJV5~C(JzuMU~q z7_DLay!rJ6AtrPFdr}W)%?$E!b7Qiv>HKhYM{ob@dYMz&8dur-A zvfxF>z0DPWw!Vn`ec^*3*TtVH@_(1RE1gOIUuSJlb;%*_kh-Dm7VcdPuXo-H+Nk^R R7x%vi<+Y`Y_D+}{1OOtY&Y1uJ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test43/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/End Certificate PP.06.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/End Certificate PP.06.02.crt deleted file mode 100644 index 5fc9bec784bbf17476b7f271a5855847978c7182..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 626 zcmXqLV#+gUV!Xb9nTe5!i80H7myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*jwZSR0eS{zdIm-Ya^k#}76yg}hK5E!(jZEl*94hskU)<8E?DdrHxPx`&lg&p zT4acDLF0U6KQpp2FgNxx7&LY=H8wI_(0(MCvb)Txr++>FqF|SB>y%A@xAX+RIknI6 zz}>Zi4?J8S+Uz}J{QrAO=$-5ui?zj5LU|fYIq#fi_PO^)^{ss}w=?rCr&_ziZVr2A zJ06+UTk-m+oyncAt{d0QT(eo^l8nYoo{{Ba;bP%1kiKBwVskhZ9KN#3EWn6p z;P`uK*^b`47rn?{14bt^&`jwPb>nU98!< z{v)nuerPtfE>4{jCbNDk)7Arj;@Orh{nPh6JD+jt&WR~pn`KrUjLtcBM}_IeufM;u z6<;q^ILmll;#16Q#hD?KpS@d+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-GBf+12a7XBXM3!O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aOJm z^4Cr(&wY;OV&=w127$SInrCb}T;{jxT26s%dFQK# xw|}P05;R_B8^tR>eST%N@V;xu9pwtXPx`j!ddr!KM%Usl{X4cM&`V(7G5`S$YkmL# diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/Intermediate CRL 2 PP.06.02.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/Intermediate CRL 2 PP.06.02.crl deleted file mode 100644 index 780ef7c0f57d6d8a3b352d9ce5ca33dfdb64d9e8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-GBf+12a7XBXM3!O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aOn< zLLdFOZ}9}p#mtS33`;g~#ed^W5}7}LPqz=JS6@Y@d_QHcb z#p~K6|*|m2;ceTR)=~ZGz wHR0S{iD_o#Y`&E>suBLzF3FmP-gkG5p0g#U*l|%nDMM5_|Mk_@r>E-x0NJ%>q5uE@ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/Intermediate CRL 3 PP.06.02.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/Intermediate CRL 3 PP.06.02.crl deleted file mode 100644 index 5e5267ed9953f5995cf2d61496cacb251048c93a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~m z-GBf+12a7XBXM3!O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aR$@ z6uOusn#zXeV&=w12H{Dy2PQS-SKkwFTqygBqgk(W&uQ(xe|O*B2>v;VYxNs`GvC_F zSO2H=y2T3x^&IPIa(WuOR=|AGTaP)>CyqF2D#fof>Z>*k@7h*v;9~M1eGX7yyW2c*flqAdd$q&sZFwA)h0F26L!~g&Q diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/Intermediate CRL 4 PP.06.02.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/Intermediate CRL 4 PP.06.02.crl deleted file mode 100644 index 5d775f551545e503ca27eac40b637c1297cd9443..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}r z-GBf+12a7XBXM3!O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aV!5 zTDGG%??o?~i;WkXZ%Saq4~~g v2iLgE%1W|2NzKz*q4)Z&Lqo0k`^kClWcp>l&$!nU?D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPUF%&T1gYeixQj1G6^U@7P4TM1= z%)&e&MWw|h3XXZn8Tmy9a^k#}76yg}hK5E!(jZEl*94hMp8Y9!?RR!G)C~yGGceOL zFfwSIkL+VcRtDzAUIv54PNv32hR4nGr$^2ayT)|DDm=&SL^NmR6t3*ju=6X@PJfbr zH}}RLuFYrWuD4&o?|=AX+#T2IIsLnK7fk7HaWg$IOW2R=TBU?(E5{1Pn)A_RDVei3 zx6RmBpfxYuxN^?#SK9GxQNQAAu3ZTXKeuz?=QEWHXGsX0oYpJ7$^FpOp6jkWXO3;K zW@2V!U|d{ikZ-^b3_4k1M#ldvtOm?L3LLt!{2&1qV8pS3V?|bhh2MbJfSZjoq0NIa zm6_3i(SQe}Q3a%{fsxff5X9qS;bP&a%*tOosXX^NI8tPlS%9(Ez_EJP>z{|7hx8+d z2rvyW1A~I~l5A48Ok~hJb0*`TjoP=P7sZQ;?%&1u*VFTRbwJsd&FpvL&**!+2owJJ zL`igMoqFvu#E{2;3narW%~EZp>|;h&2Ij_I z27|^Hn(Ht z-E%Fv3~?Dj;?I|>t$ld$)}|v@`!65q*s(4tySSrrb?Q|QmQyeFn5s_iXt1^k6<|n9 z13{2RJ{B$( z4vnzTM?dacJOM|8tTGEQz8W|xv+~zYD$jk690tHxX9jwHmp%V8wmotG#E{2;3narW%~EZp>|;h&2Ij_I z27|^XuuB) zI$2>x#{Vp=2FyST9J;dnAORL&#Ib>6MOJ}@-+i4_br|vhXF9wnSq`!Wp8G9ShV^7x1){)Y?_Iy z_I~?kQPF7ss9z*m+H;MjnfT0fCa3?wvremRY1ZxLQD@gk_PxTeqW%l#aoTmD=~ zKNga|a?;u#Uvf8|ayc5a`&i|(8wWgm&GvnlWMZz{+N*GWuJ94dSzIMY0?*vM_V8cr TY>&Lo?X9L_obUA+=Trj#mkiJT diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/Intermediate Certificate 4 PP.06.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/Intermediate Certificate 4 PP.06.02.crt deleted file mode 100644 index 76d6111ec16845f38c9cbed0dcc52d4a240c8969..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6Jw?UFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%~EZp>|;h&2Ij_I z27|^>c)fn8kmfKtu3_ipD47iVqRvFF>X9HG@A$3JPh>nvNV%~YTGBgTdONQ8}| z&cunW^KPtJz31qeo6R}}nXh-wu2&UYbi!S2YHi5s!$%jI_xz}4VrFDuT%2r>XuuB) zI$2>x#{Vp=2FyST9J;dnAORL&#Ib>6MOJ}@-+tZ-?jGO5Il?=G-)iP`K3cFeqW*8_$thE` SLj;Uo=d>I$s{XHVat;8HuFdNJ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test44/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/End Certificate PP.06.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/End Certificate PP.06.03.crt deleted file mode 100644 index a2ddb0430cb006d8c615c61db2a43aea4d5ddeb9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 626 zcmXqLV#+gUV!Xb9nTe5!i80@RmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*jwZSR0eS{zdIrV@a^k#}76yg}hK5E!(jZEl*94hskU)<8E?DdrHxPx`&lg&p zT4acDLF0U6KQpp2FgNxx7&LY=H8wIV2(nzR9mMDUT)V@|Ynj>;8SS(cKia;CC2?^* zU-Bt)n~cZ0;ghoz_ zd25-N85tNCTNzk@gHx8Dk?}tZ3o{ez0|P;zXJq+UxL7zcr%UL`h9KN#3EWn6p z;NY{${>&@uwielI!02QK`f1KJuHvj9(fR&c+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-GBf+12a7XV{u+fO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aP}p zsotCw#I+I4#mtS33{D$Qg~s-%eDXHE{6gqeYplqTqL5`tqGH@Lb6eJO&RHtW>G7@L zfXePvS@YR~je%Pp?~9F%UB0g(@3?-4V|1m({C?B+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-GBf+12a7XV{u+fO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aU<_ zK1lw*V%|G67c)0DGVnZ9?2Q-wtXn-JT6bcMQo{qTK(R;f4t#qk$z2}8c0uynl^GkB zInMYvPrvGl=H{p2&(Cetw)wSx$>N_zDfi5eb15=RUbfq2Phep{Q}>$PmvWA<=%~N^ xveU%;<9RU&J+6Iap-SOg(>GM=2z@oaIWKnEqldYU8|AcSow;b+wLVk85dcN+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~m z-GBf+12a7XV{u+fO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aRsc z*v>jz{n?G?V&=w12JJtO)^8AMy4rAAa6;Iwg>pxaf88F{|1hR9Z_&Qi7x(Qpas<6U z_jX-Xq24ooi|@}kE-coVQO(TQ9sX(Y_87Nr$rI5n?Vk>@gz|;7e%AKU5(@VA3;g#j xD221Gs^$9({W7T?3pd{VuybdT>AYLzcX!(BzYv>y@)!G*35x=>pM>si1^}MZYkdF! diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Intermediate CRL 4 PP.06.03.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Intermediate CRL 4 PP.06.03.crl deleted file mode 100644 index 9e67a4a91d8a79651cf7b65685f115641377f548..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}r z-GBf+12a7XV{u+fO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aVi@ zvOn|6x~)ZXF>_-hLxI?W&mpb}2OR2;O|+jHZhQRQg*ORmUtMlbbC=k#M8{6pW`Veo znU8GN{rmkpMe}ZTF`T>F;l})SbJ*47Pkvwd)D=4v+G4qnKX=d)WABZ*Vle;eoTdEQ vZtl-cNyZd@@A+}&xN?M&JO9PL54{(!pVYr$Uc4(V`l*vvy`_s=>D+e!53ppI diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Intermediate Certificate 1 PP.06.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Intermediate Certificate 1 PP.06.03.crt deleted file mode 100644 index 90ee8e3fe9df723e264d214d48bdaf2536214cbb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 679 zcmXqLVp?p_#Kg0JnTe5!i80%NmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPUF%&T1gYeixQj1G6^U@7P4TM1= z%)&e&MWw|h3XXZn8Tmy9a^k#}76yg}hK5E!(jZEl*94hMp8Y9!?RR!G)C~yGGceOL zFg9qMkL+VcRtDzAUIv54PNv32hSdS5dXCQ1@!I%n!|HFRSKiQE!M)e^N}SXfQR`p!vrYHSFa3N<@cksURdvg}qJlS#SmS;WR zvu~46JujP=v0<aVcb11-__ z3z?W185kEA8sr=B1A|Uhn33^63#$P$kOGIUEI&wq1sHK`;8>AWVBt65HQ;9BOlb39 zOl4*?U^L(XX;cB}YG7nB5Crk~Sh!d?Tra8KoE5~i5gaM9$}GUxYv5Qt>-En=&qMl= zLj;%xn1MmDEOX!Ug)fbcPx*X=YuZANrmy<9QfBAtdADDiv?#4y)o4n-!d|D4*GncF zT}~}C5j@a7w|c6Sjor7OiyRZ%4xg^_NtnL)!&DN1k6Wj9DXOt@~!*WnONr rV}8nC-pd4kIU03BG5V6??k!W5>IKy@)in;39dlAFFyG^SJnc9DkI>jq diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Intermediate Certificate 2 PP.06.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Intermediate Certificate 2 PP.06.03.crt deleted file mode 100644 index 7fc0467ca80842274239ddffc7978bdcfedc1887..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6Jw46FB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%~EZp>|;h&2Ij_I z27|^t*9BN ziqb5keywGayt{h!^(no)t+BHiz1aW9Unu#OC+4oD!DLz`%e{hpW^n|$OR~k>9Sfa|r%*epFIN2c4fFBri zvcimv|5;cKn1K{HbY=NL0xZCYV*|&EtO5(a0j~i!8)rhB2V*KTqXDCVAV?!03l|H= z+`iz`WSM)w(h8mFaKi)=V@%OEv)x3%KS6P!;bKRkC_dd@304X*2FDMaUr+I)CoZW4=R=7N?C(?Fd#<&c1b Sg$sm_e%QL~YUd`u5J>=P8_l!; diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Intermediate Certificate 3 PP.06.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Intermediate Certificate 3 PP.06.03.crt deleted file mode 100644 index fb9500f12733c416623dbf5fc675cca0c870e821..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6JxFcFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%~EZp>|;h&2Ij_I z27|^-w({%A{rYK?zVI4K1YeK zJ6uv(a$M diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Intermediate Certificate 4 PP.06.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Intermediate Certificate 4 PP.06.03.crt deleted file mode 100644 index 60b6c913336fb57a1192423784c0e7569051af2b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6JwqMFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%~EZp>|;h&2Ij_I z27|^6}ZQ`EyFMJvIBdr8! z55ew~JG@^i7A+Ug7gOB)l)Xyml-K#txL6}GHt{=atZr2tRuq=Ib9cYr@lz{(WFGW) zM5X3)T=DAF6KDx-)P1@`DCt}0<)tV8zW=esduxty=8HvLQj3|G85tNCCmSRh@B@QR zR+y3TKMSh?Gmrv@t}H)DfCU(FY~WatRbb&a;5Fc8<4kDtU`%CZG+;Ck1Zm`B;bP(7 zv&#O=E9xJL_!qXE$;f0ArmQ==n8%s{&3wj#H?tSkWMQ-eo#( zY|;^ibvF+?upgDWvXJj(VZy4tzvg7D*HiI1Dw(1b^L7mjcWiFStm-2Z=PWbmoZe)1 zK%BipU9_l1pv$V~eZ2pw7Os<54}LkaI&S5Z8#=Ql>Kt6U-z=<4)LfP$y`p4piI8w< R$x7AhoQu>{4|hnM0ss{h$3y@C diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test45/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/End Certificate PP.06.04.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/End Certificate PP.06.04.crt deleted file mode 100644 index 39ebf20a38434208cf2245b98f715e773b50e649..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iLu0hmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*jwZSR0eS{zdIly2a^k#}76yg}hK5E!(jZEl*94hskU)<8E?DdrHxPx`&lg&p zT4acDLF0U6KQpp2FgNxx7&LY=H8wIln5veY9eu1UB5|Ubp~9)Ty=t|E8LiHTV!R*d zss}K?TpZf-Z`*1|Gr3;d8H*2o|7spsr=Z%zSmJbC?qdG`tm~UTrf-lsm>T$US9Wvj zA>Qy?0=<8fyDvW2k-f5D;^nScD-69=dm|rhj1@Wa`JseE`?B|^XT0GT-)$N)<5h8D z7B>?!BLm~&AcFvKaLV#CGX7^_VP;}|0FDM(1r~k-UIT76&V)7(##ClT14aWupeJSd zSh!d?EbdLQoZB*44;=2Y$}GSLYT#&8Gk?EOY9<%5mx0mD4D@SUchr@;A#2Vg-(3H` zq{;SX#-1JSYYVDu_hod3_7vDeYW`Yfy87<5!$;KX=6yW7tU!-7Bj5q+N0*C%k)Kz! zY?vu^|Ae#rI`+kPUo`d}wL7byW)@RB(^W_>Gvc?fT$RmK9?iFIbu&~`yQ_|7RRk|S WaeL$U{nzKDeD{wrQGX-U_6`7n($J;= diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Intermediate CRL 1 PP.06.04.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Intermediate CRL 1 PP.06.04.crl deleted file mode 100644 index f9a2236bcacda946d81a0ed3d41c657bb59d45af..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-GBf+12a7X6LDTkO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aPA` z)+|pjnIVAYV&=w12D>0JZyB*08*NsLH~%=_erj?-mfqv9H6hH&imV%_&O7x`{=upE zsc|R%KR-G1TZfcZIIB$0I wO%^wGem-ewYwnO>>o9L!pgwbRuhxmu3-9ip(|O6f-y$^IB-ZuiJJn280AYb>g8%>k diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Intermediate CRL 2 PP.06.04.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Intermediate CRL 2 PP.06.04.crl deleted file mode 100644 index 02e82c48ad5a422739aa0ef325b6c4c698087117..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-GBf+12a7X6LDTkO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aOtUQY5V&=w12H`onr|TDoRsAV_f1}&!>U;0+Du$0{Gj3bTuE#48c;(Xh^<7NA zvo{*8F$_0%S2VbNU&$=hJ~K@C>Rs>apQo)iykPQY&Md=}F0*NuvSi~-KN}c`neDeI wb>9AS{=4Ie&34L}#%~G)?f&TK{EzMLobhJW?p?~QWhKVyi>~$MYYChN0L$lP$p8QV diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Intermediate CRL 3 PP.06.04.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Intermediate CRL 3 PP.06.04.crl deleted file mode 100644 index ddd59a80c42de9faa936a3ce7c69e6e349d7432c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~m z-GBf+12a7X6LDTkO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aOf- zl_LLfF8zY$V&=w12CLlpvx{U4EKhjft=!^P%$FqX6MS$&=a)mK+Le=Le|uagoVG_z zC+ny4w_Q3jqEwf~mBfa~x^3JgUp)O!(d7h>ufd)TCBf5HDz2X18*B77S!B)TY@V>4 wvu_saO1OUWz8WPI~BZ*y#1WlT5!(u(U0leelO`0BtR2P5=M^ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Intermediate CRL 4 PP.06.04.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Intermediate CRL 4 PP.06.04.crl deleted file mode 100644 index 3dedfb11ec3318a1b6f4911fe68f638b375c200c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}r z-GBf+12a7X6LDTkO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aNu& z%-=7Rn#qOcV&=w1hI2)GtGrdFcTWp`JAKvM^ZjuKd#g9se9#gLym-m7l3nle=cK?+ zv0XZ;zx?l&?>%FnA}t{u;j^MDA+MB;{Q$r7GTxZ`yVJbqX5`H`4E>d(_2;bp@=%T6 vHbq=F19P~8GG|X&;c)Qy3&W)Czu33s>6XUZ&3om;%K0_zPJkS%hD}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPUF%&T1gYeixQj1G6^U@7P4TM1= z%)&e&MWw|h3XXZn8Tmy9a^k#}76yg}hK5E!(jZEl*94hMp8Y9!?RR!G)C~yGGceOL zFfnMHkL+VcRtDzAUIv54PNv32hNBDRZ}`k~OMLn6MoW&L%CCMVhWENy#gYm+)>W_IbZ@ z;mgp4y&(dVwKZ}LJ=`~5w41KWzu4A41Due&y$M9a8tQne@`aFy(Vq!6|hn zW=00a#f1j>2K>OFlNDxU{LjK_zzn3op)1P|5?}#F92+=RWEEKW4R{T>**Fv0JQ!1% z84VZ>ct9FeK)M^(<=OB|PH z&ayZ1KEKL)TgIOUPdsK`d^1mVNmX{+A_Z03^B*5o-L0J=SjBchr0lM|`nK+;$p?xX pykgzXnciDJkvad#E{2;3narW%~EZp>|;h&2Ij_I z27|^HJeJ;b2&SB*)h&5UvXA*zpc7;%a#ur`(1s`ozyxgvATD`p@U6p zJ9ji!Klwkwxz=l4X6_sJ!X>vE+9#}G((v?bE9JkkeDRHCVPE>0m>C%u7bhDe8t?;y zPF9$a@jnZz0W**ShpsF?NPquzPn_E=;r(P2 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Intermediate Certificate 3 PP.06.04.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Intermediate Certificate 3 PP.06.04.crt deleted file mode 100644 index 6e33faaaabf6508071e9f5e7c7155d296209c9ae..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6JwD9FB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%~EZp>|;h&2Ij_I z27|^OF zlNDxU{LjK_zzn3op)1P|5?}#F92+=RWEEKW4R{T>**Fv0JQ!1%84VZ>1VI}4Sh!d? zG8mO2|8Xw;0*(e*Wfow3HE?(=7vNj&Sa}pV41lrD4D`IrZAl*0wN|UE9|v)o@cSK_ zv&@H HSZFS3@jGw<-+;7cEdcEyNd8C-n$I=x6+uWn|8kG}seGM#xWi_30HIt(X zesf(YJN!oZ)%KR-mWRbf-u}w}yI@7trf=KrH-)ZKW_#=Z+lBkF%Il3SjHbPI>Mv~V RF83y$xhs*wSGFLv1_14V%qjo? diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Intermediate Certificate 4 PP.06.04.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test46/Intermediate Certificate 4 PP.06.04.crt deleted file mode 100644 index 1b3fc57263eade24d53601f4c890b07edefa2e18..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6JxOfFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%~EZp>|;h&2Ij_I z27|^>GW>vD<1dN&K>VRXj~?+yWp^>^7>C+ zyX=_$_zCRc^ILn(WVZhi(X$H|9Czvouc}(oESnjeVr7~fxWD^S>D9WeH8-=jhMb_i53aCCafbGY?BMF*7nSE>1Q`G~fpY zovbh;<9`-b17;uv4qaJ(kN^uX;@H5kBCEi{Z@_E7&BmF~=E0cC%xJ)9APCaP$HK+J z(WqwrexcM%E^su+DzgCNtAQhfQ7Q5t=h838VE~MEW}xSVt@CH3Or2xcR&mo~q5Otg zVVk*^GMc^`>WHO1xL-BHtTy>^_V){~_VX_@=sg(hxrlitv-P#sHH#D$^WIsudqw4q zbXIRe-yhkg3tbM)?{jtgzBTjrMjh|El1H;!vre!0FZh+~hRTiAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test47/End Certificate PP.06.05.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test47/End Certificate PP.06.05.crt deleted file mode 100644 index 7337bc5b57f552c36ccc817dfaf8f2446ee8b120..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 626 zcmXqLV#+gUV!Xb9nTe5!iLugvmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*jwZSR0eS{zdIqKja^k#}76yg}hK5E!(jZEl*94hskU)<8E?DdrHxPx`&lg&p zT4acDLF0U6KQpp2FgNxx7&LY=H8wKrnQG+ezrT8e&!5xMdv#)ZxIDb8o@-2bA2C~A z!~MYgU!^tMW!6p+v=n4ncO_JL#%fZznnZ5aGT9=o_dr>W|sz@oyD`Sxo>+#%!(;u(*47AuUXnOj=mdST_ z|Gdk@%*epF*vh~H9GtTJjEw(TSeThu9~cM%JtNDDYl=?laWg9Zl^=RIcq6exkkG)qcKKT1>ZFuhE{)JaI2NiDl6#1ofiTB6A zEbm`a?Edu!&pk8yu=@d?)XaX7qFAS*0_R7j2~X{+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-GBf+12a7XQ*mBPO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aNcQ z53Z8jymbzmiDLyY)aejX5#@N4nc`eU0r#mwvt2qqa@p;~lZSyJ~T7y0f-?abG8EXE$|r wy^#M^D+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-GBf+12a7XQ*mBPO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aP6h zHO@TywOR+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~m z-GBf+12a7XQ*mBPO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aU2A z`29ww)Lyf@pj z@>j}N!KB9d?^dRhkp4~5`>tDoCgKJ)LGZ+yqEMUg9H*`lw@1?qmO w1kdY}XMgpC^NG7AclsvTz1NuR=RG-9b=EZYXW3!NINt4leq~p^Tx#VA0Cl%#KL7v# diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test47/Intermediate CRL 4 PP.06.05.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test47/Intermediate CRL 4 PP.06.05.crl deleted file mode 100644 index 925b78324d09879ac38329c52c1ec8591943fa2f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}r z-GBf+12a7XQ*mBPO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aNJR zZK->~5$}oSV&=w1hPh^!3`93A__k*1qL&OOJAc?MnU&N~DyFxFS7W081^c&RKb!r- z8}9BrAP``)hl}^(q$ysv&9`LUtnzi;(|q<}|CQ?=QgyMjr|vgjZJ=?kLTceAH{S<) w_FVUkOiNZPZ4W9gKGL>Qt$M}Gb2f}=T@2>w9!b`X{o$tn?q$iJWins_0Ff(YqW}N^ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test47/Intermediate Certificate 1 PP.06.05.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test47/Intermediate Certificate 1 PP.06.05.crt deleted file mode 100644 index bf3e222391acfdf3f54cb5e5c4243e8d4a8bdf1a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 679 zcmXqLVp?p_#Kg0JnTe5!iLumxmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPUF%&T1gYeixQj1G6^U@7P4TM1= z%)&e&MWw|h3XXZn8Tmy9a^k#}76yg}hK5E!(jZEl*94hMp8Y9!?RR!G)C~yGGceOL zFg0kLkL+VcRtDzAUIv54PNv32hBJ!Z0e>{~$^{P`U{L>Ls#C&dvwLgvrr@SW#nDl9 zPFtEDq-VG(&TyG0bN*+*)KBhv&g?SftySa{V`#Rtj5TcNN;H&-{(r(eammz{d5Z<7 zSu)8BKDb+G`nW!8*M-=b*~fxHTrY`emtV0D-1X1S(Ad6gi=gN9#hY&IWa=r1W_rxT z%*epFxX>WqfFBrivcimv|5;cKn1K{HbY=NL0xZCYV*|&EtO5(a0j~i!8)rhB2V*KT zqXDA<4@jd5NLK?RyMZ8x$H&6O!l9UbaFyidt#iPUBCE^-jJ*bq)w5pzJoG%IA2~#T zX@D6R6fDvcw%Z5T8+Q4sd#&%zTYtH+EimCir0CYwcgw%0zGN1-yMHGi?_bw|Q}Jxm zMe@QH9NYTaYD}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uAc0eS{zdIqKja^k#}76yg}hK5E!(jZEl*94hM8~cqA_BYN)_Aw(X19M|9 zgF#~_Q)45;_E)wN6U!pKd0#oMalXXcShs1$(pOKUOdV?W@NIeHc!Bpyy=)6t{FxP( z*LQyrn`+5*sOr^Wx0X4!J3DoqMb0T3PDm^LlbKrxwYC_={oC`tbUo`mutqU# zlE`s64i3fM<6p1vHL%Zch^r3WtF(K*o9)jVD({Ux&MK5>lj&t*W@KPoTxgJQzz+;M zSz$)T|17Kq%s>hpy0ZKr0Ty7yv4LYnR)K}zfY*SVjWeOmgE5tv(SXr_2c%I2q^p6E z$v_aq<744s;RspQIP>h+Y9Vl>$SSh{W3PcjG5g>u$<15mAcqJr4KM?PLU~Q#XYN4n zeWy8nzg8w4oPT)JyZ%Nk9TVA?n-#W*Y_KbRWoXKfHsOfB`i#9Ncz*0%n{}Y<#gR=f zx^q2NOQ}sf&+)%e>8x^}Ug4tCP4NrX9Ozvj{OPgyx$NGVPs?^Xd&!twv5c9S8FuJ- c()J(otoMc&pV%VasOY)mifV1yvcB+10Kdl2r~m)} diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test47/Intermediate Certificate 3 PP.06.05.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test47/Intermediate Certificate 3 PP.06.05.crt deleted file mode 100644 index 62eb3b220c6c1806fa5c74ee2a00875168f9e436..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 679 zcmXqLVp?p_#Kg0JnTe5!iLu;(myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*jz+ox0eS{zdIqKja^k#}76yg}hK5E!(jZEl*94hM8~cqB_BYN)_Aw(X19M|9 zgF#~_Q)45;(I|n1w#=@HT;6P{X|al}x8`g;c>G}+Ti&|AEKfLCSm!V1tqP zF%Sgt_*l4DIL-Do;>xj*;A?k-h6?-}nqIbSx+ypv+vy?kAf2}AXilRZ-(`dy!p cGx@0RY-47lgSqGWN#E{2;3narW%~EZp>|;h&2Ij_I z27|^zdMoy@WC700V}N6VK+wzRqlJF}fN^ku%nB4F5G94mQ5aZ~%vnMw10 z+niqL9NV$KtU3BpuiswVA2kcLx0idqd%LjcLyupk*8PTuvk!_gF*7nSE>1Q`G~fpY zovbh;<9`-b17;uv4qaJ(kN^uX;@H5kBCEi{Z@_E7&BmF~=E0cC%xJ)9APCaP$HK+J zaVTp`-3yL*PjEEIDzgCNtAXR}gWqpt`|FaC!vGlT%s|iQuw7iV@Emg*A3pu z+!4O#zAs;dUEAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test48/End Certificate PP.08.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test48/End Certificate PP.08.01.crt deleted file mode 100644 index 933f279129189d90dbde8d14b3cfb418bd5d9224..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iLu&%myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uAc0eS`&dIp9Da^k#}7C_q2&AKA~0tPISJy$lA8olK354A*qm-AXuev+kQ=xzAn4uUlFq*_D1C;nSL!Gi$di zvql@cP@fs&q((*89YKmGgl39Q@yl5H)&69Tlh@06Z)OMS&-}u0_f%VVfWiOsKQ*5n zpUpUX@r-!(u&DMVJMYceYTg%RJ?<7ae7UahznpPZ*ov$voE!Ig zGBGnUFfI-<2mlACEI%XTe-;*ICe{bwXpmK4;Wywl;AZ1YX!Br9Wo9&BG!O)OQkIW} zi-jZ2oUfc$(nk#(?y|}(zzAyKSSY3?b6r|@IkK05(aa3=Yu0Y{>-7&VeeOE0t1;nK znQEbq?QQ0-4O7rH1bJ4|75p87ReD*6gTf#AQ& zawQS-3#{LI*qpvUI?eLeTJn3=|2%;LO>y?;?SEh73PgIoFgaZj{5Sbl((>AcN$aAs T1itEh%l;vzVzT7Q-xIX}1(3^W diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test48/Intermediate CRL PP.08.01.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test48/Intermediate CRL PP.08.01.crl deleted file mode 100644 index 89ad99cd17e8ae7e01608426e623a09210193d1c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-GBf+0}DL^Lvdb9O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aNh; zX~|rd)?JR~V&=w126xrJw;#QTv7N8Lz{GO+aN}*O*@arWA4naF`ZDQNrp-H}5><;y ziV9l;yMDP@N*n*G^>WZM*fUEYd$E;r3)>Ubm&^<9GAhh7Q(X4@V&vS&l7N=qB77nS wLihJpY8d?}e#E{2;3narW%A8JHV;84MabnHn1zR^Iw}HQrzS#PWUKhy5p9@=L$^yg7GrZtKH<>hQyN z)~6*uag$+QJN=+;Sxo7~q+{wSlXahPTmNw`>p$_K$T-Vb{sFtXAx}QX{C4dtIm|KM zk8(Fx=A@LZHs4y*S-kJV+`g?{)4#2GwuZS~D!lRLp^PQ&Y7ED-&vBQkblHAX)p^Xs z%*epFIN2c4fFBrivcimv|5;cKn1K{HbY=NL0xZCYV*|&EtO5(a0j~i!8)rhB2V*KT zqXDCVAV?!03l|H=LNP6w>(aW*!O())@gLgHudF<|vpFZF3 e8{5opOV`-%i>T0kz4p?@fExmeDAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test49/End Certificate PP.08.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test49/End Certificate PP.08.02.crt deleted file mode 100644 index d0e4a26e66c3fbd2f32ad0cb456afc986e604db1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 663 zcmXqLVw!Bw#Q0|cGZP~d6JxCbFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%5$WP@pa9DUWU=PEiRkGZ@m$~mv z6lPzV-{sNXxS`Z$_WUE(a+_a&iLm>@CFYX-OJ>V;9?(g#zC-*7WzS(m( zeM|qz3vc*dW*rdRyMbZ#Nyqlpj5p@GJ+@jc-177&`;i5I6x*`7BAL3?Zg98X;_BUV zyOW8Tk%4h>yg@8DIA!@68UM4eFf*|}Fi-}1Mpl7E#z4w|n~gJ}&4V$OnbCj|nZslt z2vWqy!o|YzqDRMf>9e<0;7E{FW&y@l1ILTVhXSfA66YZM9~kG%K#zz2U{O1}_4bDO zlhh}E&lTOmw@UalQ~l41j>6W6klkDEO-%Vc>3UQsW3fcww)Xf1ag6>yn-;6WXx-{>%^CXk2cTc=r{!3R^*z@DY+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-GBf+0}DL^BXM3!O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aQ4= zJ`_-0kvIp<#mtS33>+IjbQlPVHC9Nj?vSgJociO}yx?|*@Uxy(TV6&#eII*!Q-hMF zYTYd^$zH)-x85XXWx4!fm>Vyfen@D-Q@Lb|#J*!pZ&`vP53Fpyu%g*g`@UjO$;5^^ w8FFe~xl;dk#c=$3Ej&wppXcQ0r5h)IZDo9`}unbUp+0Efh8kN^Mx diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test49/Intermediate Certificate PP.08.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test49/Intermediate Certificate PP.08.02.crt deleted file mode 100644 index 037f68d8b0aebadabe7abba5ff45c5310a6a313c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 678 zcmXqLVp?R-#KgUTnTe5!iLu6jmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPUF%&T1gYeixQj1G6^U@7P4TM1= z%)&e&MWw|h3XXZn8Tmy9a^k#}76yg}hK5E!(jZEl*94hMp8Y9!?RR!G)C~yGGqBJz zFfwSIkL+VcRtDzAUIv54PNv32hGk654zCX|26$x}UtV#Kdy&)+y?wW?Ia>=TOh3c6 z(c-VVL2*mJcJm_@`z7Jr;a#OKLr*#ya>!lxp85D>kgCPP+SxMdyca#Ht1r|sE%~DM zxJBsAzxz(BVp5jn8)nXU!LQu+_I&H^RW~y@IeH4i`E6b#doY&n;cj!CS+Mw!Vw*e@ zGb01z;sS#_1Abu8$qF+v{%2t|UWaiU;5d<0W&uWC1IOxFuYVqT9@38-AiyNR3=D}x zQIF@mnch1u{%dGR$UPs-Tq@CC?JxGP=8#z}*Y&SjYg(_WZ<1)-+&y9Mosyazwl^Pe zD@sqdtmNjZEs`iZvzOo3?dr8h9;~_FCY^QP!5ScHmUY}?-J)rhOiP?p15R#lJow~O iUq0tEozG#Nhb+{dt-N0G-}mH)E6%@#cmA?`aR>mB_0P`$ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test49/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test49/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test5/End Certificate CP.02.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test5/End Certificate CP.02.02.crt deleted file mode 100644 index a3a65892327e819ad6d70735af61551933a183f1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iIK~ImyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uC<0eS{TKx7~%&TDC5U}#`yXapn;qQrSkkhum4`f?d^SS&_yT1LNW#g8*=F%JMTZ{%2ufW@3E+js{r;7JdU>18z3XgfdxfAX>v9PYBpEWikA;9&d3f5op~N*US9z-VR$`c+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zUFQHj10x_3=e4vnFf=eUGy;+aQR2KN7D(I$$_9#HV`W8Hm_d#M86m680<^1vgY6gp z6~BHdWi%HvH#Rab>~yFvVvc+hQ|2rnn{rq3VcgG+J4>Xm+U$!w$!hS$bhbX%#E{2;3narW%N*GL85jYP zLF0U6A2YHtFgNxx7&LY=H8wIFSIZ34+`p{%+}19ww(1*(e?xh6Znmv0oS3j!Em6nM zc{ZC~&)f3Uw?f>J0)O<+-uKd3*nhWjf!}rumMq0pjTzEcq<{0yl!y`K&TU)zWJT=x z&RcKS-h1Me#P&jNLW!E6S@Y>hG`GcSr2)y4uTc_S$h?;aaqF%ACdb)^BBE zW@KPooNSP2zz+;MSz$)T|17Kq%s>hpy0ZKr0Ty7yv4LYnR)K}zfY*SVjWeOmgE5tv z(SXrF5Tuchg^PuQ?HB(QzkVrYa5Ts&vjF3(fn)Wo*FO(E59vn^17NH(13f?EP3!9H zn`@n&LsMc-o9U-Xo9^T@Zmf=9Rea=PY^@vHjM@*YJ(O%-+ohZ^HA-hY#vp9Sy0lQ3 zul&XFH788&rd||1ywdlnNba%y_7NVFAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test50/End Certificate PP.08.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test50/End Certificate PP.08.03.crt deleted file mode 100644 index ed9b0a3ceb86c6f114efbe30e67b89f17f375ae1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 645 zcmXqLVrn#KVtloLnTe5!iLu^*myJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uAc0eS`&dIrV@a^k#}76yg}hK5E!(jZEl*94hskU)<8E?DdrHxPx`&lg&p zT7=|+#`(y8W@KexZtP_+XzXNaY-HFiF7WG6^Ia#)El;1kI<6q+wn>ONj;nE&&Bxm0 zQ(baGzUhtC=^Y~PGcB&(F`k*T#d}-K27mh{jE2r)R=W~aU%XZ?Z+57*xZHMd-u+7J zKc(;Vc0EzcZH~CIs(I^#2Yy_g8*ebVrT0xN5j4#GUb59XRyI4Z<+Qrv36G!IE~mO< znV1Sb$6hh!7tO7Ym2$%n4I& zIM@6H2f3^=3ovdPII@G+PBKVryp8NzU<@+@y;-UB*XpI5(zK?Jf^FOr{yknLQ|23Y zO5x`Zwva#{%N)+HyLMz0&As~J=5jUHM;{8Kcc$h^Pul)U`lfN}L>ZOU=EwBkezY{| zb>lgFV7k)uV@tS$D|d*$UCU`#vG28U@V&DsK5susFU$U!rrr^DM%U+K+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-GBf+0}DL^V{u+fO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aT3p z*G@7>Y`l%;V&=w1hC;^|{J!Gr7f4z~x3WJ=oFvP- zI{D4&-%rA)s9)7wp{jhOLbk(E^z>R@-N62vA$jVNd-i_#{7HJJ?TV>=J)g w$5!**&ZNc1+)-lEHF<@`)Lr$_`CGb{OKNXS`|{33zxj&w5{^R;f4^D_0G)bfAOHXW diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test50/Intermediate Certificate PP.08.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test50/Intermediate Certificate PP.08.03.crt deleted file mode 100644 index 74c41f0216ba253f244a639ded0e31b0cac05e52..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 660 zcmXqLVwzyk#Q1XoGZP~d6JwnLFB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%q;FF)f^rNtM}jY7jr%?oKX3l ziJ6gsadDhMi~&C|=wyW%8UM4e8ZZMXaOleNg9KQB5yxgA2vVTH!ezi=z{bV`WHLa6 z_*l4DII@G+PBKVrybX>4S!EVrR5fs{p7r|Yq30p}$leD=I5W`SXWw40@l@M3v17u4 zgA)r|jRT+WH88v~u_N|Vq)M)pq5g*}SH=2C3h*7w+@kUc2h^YYUE$weO#aSRK)0f3R(iiAAu_f)v*e_rI)G X5$o~%!?@A*TCRe_-W!HNc_EAd*_Y9m diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test50/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test50/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test51/End Certificate PP.08.04.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test51/End Certificate PP.08.04.crt deleted file mode 100644 index 12ebc74c72af2ddde995831401244a3c9edfb5db..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 651 zcmXqLVrn;NV*IdxnTe5!iHV`nfR~L^tIebBJ1-+6D=ULRoFTUXCmVAp3!5-gXt1G# zff$IxCCneH7p$k?o?n()l$V>DS7OLxzy*@w7G`$IPcalQ;DhkkLsE-NGV{_6MGb^O zBFw@(&W?t<0Regj7J3FI26E!OmKFwv28M=4K++&eoYw@IYmh*W{VrJS7dH@v*v}VQ zoLYqBg2wsCer9B4U~cSXFlg*#YHVaUubQ^MK<--f?i6Xk#A2Q-;Ri*9<=frfu9Don z+~kYoKRb&++oo4LOApS`Yfv-UD7P$D{`{XS)x~D{%`I|=9f&pbn$sr{NFl0dxoF(Z&wyg*>d*e(zlvinR_|9Zg3Wz zcV%K`WMEtzWDo!jPFa3N#{VoV%uK8gz|kP9z`}39YrxIMnb79Jn99s(z+xZ>^rS2w z3l|H=%DoD2`ivv$z~L^d%mR#{296mG6W@5f{%(!zWneTj1O4jysVwBl#A!3MSBt1< z^j9cp%8Tuu&oh=Go3=0K|>NMF0Q* diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test51/Intermediate CRL PP.08.04.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test51/Intermediate CRL PP.08.04.crl deleted file mode 100644 index c887c9a2c8411392ca8a71a91da574bfb8db666c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-GBf+0}DL^6LDTkO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aQS& zOnl?@`nxrniS>gTJ0i7pul(L{);aI)zKc1#jqR0wv2NC)dOJ%&^yS7iC;w*c`JYm^^yPSOb*-uZd`YXIQBK~OBryskn<}ZkU(j9lS0ss`$Y&8G? diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test51/Intermediate Certificate PP.08.04.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test51/Intermediate Certificate PP.08.04.crt deleted file mode 100644 index def7e90d1fa9c0a2f5409c7f2c3b7a88d30ce13d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 666 zcmXqLVwz^q#Q1*!GZP~d6B9#&0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzIna?_wxmzz5;6holylWagzCiW&%m zM3{wnLW)X@OB5XQk~8v)4CKUlEiDWT4Gay9fTTf`IIjsZmpuDZ@Y?U}Xs8H7@E5Eu@Zjq@YO*kB zhW7TWjL(!9g#N_v+AvRhc4Yr|&K`5t{>zo`x{IT`GUq+{cJ88u%gZIEdkythZ@GAV z(sjkfF)~J1@)JI8V=iGmrxyKXo8dXOrB6?+;+d~+#`3`X)^DawH&z{st#GdYz+zi) z`!W+VBLm~&WP?Nleqhka3NtePXJIv922$YAmE{KsumEF@4IC@73M~8vyawECoC$3n zjH%3w2FwP6AdP%1Tr3Bmf2=w3?^%CwmCT;MWfT diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test51/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test51/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test52/End Certificate PP.08.05.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test52/End Certificate PP.08.05.crt deleted file mode 100644 index 0bd19185fdf8105e0c7e83c6496d88d21ebec2a8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 651 zcmXqLVrn;NV*IdxnTe5!iHV`vfR~L^tIebBJ1-+6D=ULRoFTUXCmVAp3!5-gXt1G# zff$IxCCneH7p$k?o?n()l$V>DS7OLxzy*@w7G`$IPcalQ;DhkkLsE-NGV{_6MGb^O zBFw@(&W?t<0Regj7J3Gz26E!OmKFwv28M=4K++&eoYw@IYmh*W{VrJS7dH@v*v}VQ zoLYqBg2wsCer9B4U~cSXFlg*#YHVcK!8$Scz^jhmd-Ff2Cnav*ecWrt-p7@EMMGGK=2!ymz_qE$@Tt zIgK6nBECLT<&>5E+}!`=_1cs*Yj0^!-)-G^wIv`jx--iJ6gsadD7A05~{h`577iv#>BTu|5DtgRBAzzX7iSHydX{n+IbmGot~sfgsS6 zvV1IDEF1#2e9O*W4{!vByR0$`FoGI5Oy=#D`XLx0h3sWuG&2MJni}PBJNCg2jnFA} z!Mdql`_?Stli!fG!ePS9qF-m!8CM#_vZ@_iYq?kOR{94y-H5owN1rW=xY2hfbdTs( z5#!wI<&$H+-ttvae9g19RlQj3zlXFg_f}u;gJ;w7<2JsZVZ1=*Q{v+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-GBf+0}DL^Q*mBPO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aPbm z?Uwo>7$Jq`V&=w1hW!)Y%x%7D9e#}aTiKMh+W{+1?Dub6EAO6@Kl}X}@ro%|kA6Kf zb^4Z~$rJx9`1ZwSqjKR6#pmwsI;TG=G)J}__`Gbjx@D#0q*4RjhUe$jo7Mk1q%rwb y@%N4s-_HO1w0Gqn{aP*)$-N4u7leh^*<7?g@N@>dj8h+9<<(!|HIr8HbO8V^DQz$S diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test52/Intermediate Certificate PP.08.05.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test52/Intermediate Certificate PP.08.05.crt deleted file mode 100644 index 3429d7cf765d1e24c9e70c8c415b7d0a2c8b1f6c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 666 zcmXqLVwz^q#Q1*!GZP~d6B9#|0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzIna?_wxmzz5;6holylWagzCiW&%m zM3{wnLW)X@OB5XQk~8v)4CKUlEiDWT4Gay9fTTf`IIjsZmpuDZ@Y?U}Xs8VFLdWU!7a6>k4C&r}$~I9PBmu zR4LMuc2Z#NcPGtrN&AIfO@5^^Gx2_+f_y=Cya~H<)tgUS&v$0%1dHgWq~)eJhy`wX z`jFLHPxkTtta`mpjyG>F8ZAt=$eXZLOJds&9+S`eDz6;(vU$1az0_K+XXl#Tf{Tj% znV1@mjqZ6XyNlCnB*NaWPi8+;+?2>GJU?f}1(&^T`xmSaKbGqmAKWI$to1KzLu!Rp ztGe;hH%Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test53/End Certificate PP.08.06.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test53/End Certificate PP.08.06.crt deleted file mode 100644 index 9b99dc56259d7e7bc7c07fcc0dac66e224a9a00d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 677 zcmXqLVp?d>#Kg6LnTe5!iHV`rfR~L^tIebBJ1-+6D=ULRoFTUXCmVAp3!5-gXt1G# zff$IxCCneH7p$k?o?n()l$V>DS7OLxzy*@w7G`$IPcalQ;DhkkLsE-NGV{_6MGb^O zBFw@(&W?t<0Regj7J3F|26E!OmKFwv28M=4K++&eoYw@IYmh*W{VrJS7dH@v*v}VQ zoLYqBg2wsCer9B4U~cSXFlg*#YHVb9p4ndH+XSe(Vg|%DKcnX3e(yA{BT;iCsGE)4wlP$+z1ue$> ztGk()85tNC=NM#xgHx8Dk?}tZ3o{ez0|Nt~XJi#vG!4`ZxY;-p+B_IjnHdcjkvUAr z9A*PSkPbc;E*6e9`BPo)T+AE6F(RwX0*tx_j?ZU*t0Y$MIe;7(zy!by427Jc?bEzw zOY3c&_CEG@cHfQKhv&H;&kC1G>(^Y@rCr_^d#l9bIPa|H_ModRu4|uPEf>qxd{X;+ zmfcqF{F&y=mal&7UL5)FXsA%g?W^}@9lP|UyIpP7zuA&$EF3<%hmw!2U|YZZmVcUY dV4j29>01j!u3WD%kyyfSbhfnbzo_+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-GBf+0}DL^GjU!^O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aO_m z{jHK%z2^X$iXZduU4eZ#zUyDS7OLxzy*@w7G`$IcQF(&;DhkkLsE-NGV{_6MGb^O zBFw@(Aw{LdB?^vt$r<@Y26E!OmKFwv28M=4K++&eoYw@IOP>8Hc#ll+gRmKc4*C;{Nd+QIH?d&(d!J*8VQg~|V zQ6^?a2FAs;2Gs`qz@U>AW@P-&!fL<_q`;vo%MTJ@0mdAgfdNQ?0*j`Bx&b#EXF{6? zV=6PF0V6Vp37NxeAPCaI$HK+J@%ij;mBi{j2fz^|tIPt7$p((qvtIu^^gN^=Idp*O zff*PqS{c&EO*>x3u07cB^7X`ZpDq7YY=ie(n7kitv&)IhHZgil*=~YtGxK1Q(Fx>z7 p)XV*M|5%^Q>vS}jc1!ill3PF38D5oMa=LW+L0{j!ZAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test54/End Certificate PL.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test54/End Certificate PL.01.01.crt deleted file mode 100644 index 185f019cffd5c7619bbb78d4d399c0fad273ba30..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 651 zcmXqLVrn;NV*IdxnTe5!iHV`ZfR~L^tIebBJ1-+6D=ULRoFTUXCmVAp3!5-gXt1G# zff$IxCCneH7p$k?o?n()l$V>DS7OLxzy*@w7G`$IPcalQ;DhkkLsE-NGV{_6MGb^O zBFw@(&W=X90X}*LhCpN>C(dhW0i+ELjew*}4=$>||q9kzIr9DefI`WYF4T|fHSlWt1Zy>_{v{juZ|dyKSrQSq(%Q>vEo3jDA1cXX{> zpP3(h^9Aq8dAU|usek!hJwj)Fy?;JIsOPE1|Mhz>ZsFfwByO>5?Yk4(mw1Y>wFfIz zGBGnUFfI-<2mlACEI%XTe-;*ICe{bwXpmK4;Wywl;AZ1YX!Br9Wo9&BG!O)OQkIW} zi-m)u`wkz|#DzuRaF*$IPyKhQUg4OOd?{jAmw_UuV0|xSY>*|I3cB<7Hp< zxgNx&Usq`S6@1cVNBo%w1sl$b?y(B{`s>-tzO?CbDSZnMp1SvATU48dh`{gb%VypY zc=n_+GtD&J@YSRdV-vrO(z>ZHkQw`m6+Wj706 Vn#%R8BGzB%&~u~KT;u2AI{?N_)Vlxx diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test54/Intermediate CRL 1 PL.01.01.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test54/Intermediate CRL 1 PL.01.01.crl deleted file mode 100644 index 5b1c4439c375ad33f5c3921e6e9c96a5dc8dbf78..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-2fjw14AGZ=e4vnFf=eUGy;+aQR2KN7D(I$$_9#HV`W8Hm_d#M86m680<^1vLn`_5 z!#S&KSD?9=xv`O<{Fvk?i`nbXEG|eB;#23`t*S30mcG?A;M(Dzv5{*zr%MzvOzqvU zCF_~6z`vZiWyfsuvMStW#Rw}_IcvY)x6r<6={-J%KJM1(r57ZR3Ql8={jghj$zfU3 ugx&F68WypwXCe+?+r5QVQ7m)MHIr*os~+>@z3sgeZe?PW@1oB=NdN%+EnyP? diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test54/Intermediate CRL 2 PL.01.01.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test54/Intermediate CRL 2 PL.01.01.crl deleted file mode 100644 index c531566a933ff6a8483c120097b402c25b8b151a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-2fjw14AGZ=e4vnFf=eUGy;+aQR2KN7D(I$$_9#HV`W8Hm_d#M86m680<^1vV`kSq z!(gSjrD!f@Zfs;o37;c%<6PZ*O@Gg?B?s$|-~4lWw$G2;(|Tq3JhL@*&%asm_sAXj zH!>27HlK~j@Dy-hp3Lf(uwX8iMSzIqN39>NKX-jj-0^$Sd|AGYYD<16sL%Vc^|qC) vAydCuZk}OuS)~nTX2j$dbt~yU-o)$y)_?hyNS)@omC0|hUsPy diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test54/Intermediate Certificate 1 PL.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test54/Intermediate Certificate 1 PL.01.01.crt deleted file mode 100644 index 140ef06691fb469c0b20771fec0acdcf90071e7f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 669 zcmXqLVw!2t#Kg3KnTe5!iHV`jfR~L^tIebBJ1-+6D=ULRoFTUXCmVAp3!5-gXt1G# zff$IxCCneH7p$k?o?n()l$V>DS7OLxzy*@w7G`$IcQF(&;DhkkLsE-NGV{_6MGb^O zBFw@(Aw{LdB?^vt$r<@Y26E!OmKFwv28M=4K++&eoYw@IOP>8HczH55kg!R@2NwZEe>Yb1~Hc=v@`pf1Wd|4}; z9`K&}bSAc6b(iDCnJr8IY*E&l7yR;za`e(ZT}QqQUrozpcI^kag=^B84;H2OEZuk| zsCtd%ywv$JH`d+y^ow!&!VH_tKO86gE@t+8@tOVa!xh^LGta6^|F%DP)Lit6@X@lh zOw5c7jEmC@QVfKEK_@HB$oQXy!+;G)F)=cL16YIA?Y33UExwDzgBitbt?otk*veJrC(e4hCSvGXwoE z|99`h*Aup{`($Yl$HBRstKTnETR~j>*PK63L@o)M$?3c~`goQ4mtNqUj&OD;1@KuVrbDP_?Gj%H;C|;d$PiUfyvsQiQ)frg_{|R)rC_Hoc jdbY@0$o}5noAqXsB=wayu{2NEP@(p6weYnRo$I9l&*9Zd diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test54/Intermediate Certificate 2 PL.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test54/Intermediate Certificate 2 PL.01.01.crt deleted file mode 100644 index 506761d71dc09d527b508e3709d9a8f5322a53f2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 666 zcmXqLVwz^q#Q1*!GZP~d6B9$b0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE;5y1AO!h41vf%PMp`$0!SMg8UaazC~;mBWG-#&H$vFoI3L-^jI0dIjlB#8 zjh#%5jSP2WuW01H71-D6Y&Tbb#VW5q52Q|R730f0vtE6fqgHdeRKU51I~(I;U$4HF zy{luzM9YKIKTb1T^JA~oj`FXq*KW#B^ZqI@u79c+a=dYd z$D*WO{`GHDwwgT;_w0zs2w!&ncy`A6v+pB9{f}pfmQOnURF{dFk%4h>vO%H&KQQQI zg&7(Dv#=U411WIm%JPE*Sb#Cd296b31r~k-UIT76&V)7(##ClT14aWukVZZhE*6fN zUH1%wmEx9yqd``g1sGoq98$@bAI@1_y8<~3fU(XD^t`2nu7!nLx$qLkw52|~Ba(ae zHHKcFd3ce2sl}PZqmj~*iY7c03%e`)HIH90`}67IMv*|XRhH$^N?zPPdB07~Rn(9xdrxJw3e;0N)4B)&Kwi diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test54/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test54/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test55/End Certificate PL.01.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test55/End Certificate PL.01.02.crt deleted file mode 100644 index 923d4c5a84a3e3ada34672fb2870b294328d970e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 666 zcmXqLVwz^q#Q1*!GZP~d6B9$X0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE?pH1AO!h4D}3*4CKUlEiDWT4Gay9fTTf`IIjsZmp1krBkXUSkL+VcRtDzA zUIv54PNv32hReUMTh0-w+!7^w_`K+&$?VC~l#Lh~SHH@icyG-Ix#DV0&dYut+f6KM zWkq-9EWUTm{q(wuc#pU2ZOvtyoNNwE5)Jr) zK_@HB$oQXy)qojDfkRi8A0)s6jJapvSdmp=;Wywl;AZ1YX!Br9Wo9&BG!O)7uE zT=vyJoL|@RJ`3sD8hApgN>uNCZP~9EZf~2d4<^q0H#Kdteo}+XvqpuWHMQ-$w`=vU zn_rxs`B-O@4e!6jR?`jE>^Zobhd-x&eqrxFiQBJtXxhws@I7;8+L{W3lh+xPS`Ck6 TwLf>fwj%KRM<*W3zytCC)o#(_ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test55/Intermediate CRL 1 PL.01.02.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test55/Intermediate CRL 1 PL.01.02.crl deleted file mode 100644 index 371821e5e217e0ba942f1f80fa6b65a2973ae2d8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-2fjw14BInBXM3!O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aOho zSD4*qV~Iv{F>_-hLyC8um`Pq7=eab#FO9DzJrd0k4-Jc4qskb#tmn71OWkV*)AIqo zvlI4J9N1p4{ojOS##g74HgJBguyS2;sJ`$(%8vf02f6tp9+h2Fexto{e%QMo(iLq} v16?I|ugK`Cbvw4Px$xVWpF1MXGB7mU>{3imRqyuVPwH*r<(fJ9MgLC#5r1XN diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test55/Intermediate CRL 2 PL.01.02.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test55/Intermediate CRL 2 PL.01.02.crl deleted file mode 100644 index 9a242916e1c4c47b906b29b83ef2354fb4d42956..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-2fjw14BInBXM3!O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aRHM zaK~~vY|BG)F>_-hLp+<`q5WxV-faqarLpA39mNB0HmIs>Y}dH*F(F#s@1NkRZ{D#B zve*h7+FEb2`)uEqx%Zk_eDc}c`e{CE_%Eg2jkrB`i{stP7p85Q-}UcKg3$At)t|&a wY;@xPz;$)SDS7OLxzy*@w7G`$IcQF(&;DhkkLsE-NGV{_6MGb^O zBFw@(Aw{LdB?^vt$r<@Y26E!OmKFwv28M=4K++&eoYw@IOP>8HcmURhyN%HzI4*r~qs(Uc_po{N#aq5P%#tY!=Lb^dq0zE1Q+it7GPA&d4OoAyVv zUQ0LNsj1zP&0-rEbX%U)<=K_5CeP#kXb!w>Po0002Lm$2|Z5 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test55/Intermediate Certificate 2 PL.01.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test55/Intermediate Certificate 2 PL.01.02.crt deleted file mode 100644 index 982235a210c86c30e16bb716e98d55b2645697b8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 666 zcmXqLVwz^q#Q1*!GZP~d6B9$10WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE;5y1AO!h4D}3*4CKUlEiDWT4Gay9fTTf`IIjsZmp1krA?$CQkL+VcRtDzA zUIv54PNv32hUp(4$#vZ)EHb*Z;fm%_vFhoNriE$NNl8K8N|od?JfDXDBil zl+Ctz8#woMzS}>~l$glm8z+JazSTM~pEp(f`|#|G->WYeyjEV##LURRxH#D$(SRQq zbh5&XjQ?3!4VZxxICN$CK>{qmm}3LSimU<)zX7iSHydX{n+IbmGot~cfgngD9}5=? z$4?XPST2WcdEjV}Rb~OkR|7|;^$N4wY%I~pVE~MEW}xQ}Rs0YOI5sD&<=TsnyWA#j zyQ69Qq-L46oZ*`khC{!9FsQ0}f1W3OHPvfF*4M-X)33XhN}ihiVuo?Ie#2RzhXpeq zY&JK(z<2uCX7(RJMiI^r(uy}ZsO@3@A3g6xZH{h&Q0g(u=&-ydRttBxCPC@hA9?5U SEdEh;Vsgbp@e+yLiUI%=AI&2G diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test55/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test55/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test56/End Certificate PL.01.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test56/End Certificate PL.01.03.crt deleted file mode 100644 index d1dc821862c6442b0f76333ef6b4eccf50aaea9c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 651 zcmXqLVrn;NV*IdxnTe5!iHV`tfR~L^tIebBJ1-+6D=ULRoFTUXCmVAp3!5-gXt1G# zff$IxCCneH7p$k?o?n()l$V>DS7OLxzy*@w7G`$IPcalQ;DhkkLsE-NGV{_6MGb^O zBFw@(&W?t<0X}*LhI$6Z26E!OmKFwv28M=4K++&eoYw@IYmh*W{VrJS7dH@v*v}VQ zoLYqBg2wsCer9B4U~cSXFlg*#YHVcKuzf*o(}d6e<=@Zi5w8!HoxprALv`l8X-boL zTvB$O+4a&jqc?=Fz_?L+(!RzcpIyBqR$Q92=S2MF*4h_Kqi3B>VSSOdBf8~6U_ zSXINFk#V_nmE)PI&U_5N`8>b>;)>w^9lcpIYC`tq;PQzFDvn3gcAUxnen+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-2fjw14BInV{u+fO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aO_h ziKwp)eRUJf#mtS33@;)N>Xxp3Apd>AU;Y@Ei1uxv_wTIxcXKaKL4f4JX7NKFo2FWe zzij{i_IL2l;1?o>OBSzec)?cj^RnX;WAodB8*5yxb0DS7OLxzy*@w7G`$IcQF(&;DhkkLsE-NGV{_6MGb^O zBFw@(Aw{LdB?^vt$r<@Y26E!OmKFwv28M=4K++&eoYw@IOP>8Hc=xb;Wywl;AZ1Y zX!Br9Wo9&BG!O*oB0WyBF)~{O+4x|Kxb=oSjv< z{&%-b^;K2$J3pO&b+kyRjNjHTGnrC1iBzAkKXB=glN}YzCO%#r kerx{?1-8O>vKjlt&d*b>ll`6;)%oe*Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test57/End Certificate PL.01.04.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test57/End Certificate PL.01.04.crt deleted file mode 100644 index 2f939384ada16211fa34834f5f35b4435b9e187f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 666 zcmXqLVwz^q#Q1*!GZP~d6B9$f0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE;5y1AO!h4D}354CKUlEiDWT4Gay9fTTf`IIjsZmp1krA?$CQkL+VcRtDzA zUIv54PNv32hU;zDi|fNXvu{7zn|yWy^SNE|dAu{e9c-NV{E|a8kK^1Rmo3#h--PjR z*5mD{NNw=`nfx$gQuf`o$#a-ApLbM!%2zw6Th7PzktKG2+g2~3d=Hmw(|b}p4^BK@ z#Q9(EyXleL2cL!O%9&-GiY1@gU1zu8@T_H74a&<3?6%rT-DhfKVrFDuT%2r>XuuB) zI$2>x#{Vp=2FyST9J;dnAORL&%sm6gimU<)zX7iSHydX{n+IbmGot~cfgngD9}5=? zhkRljQ~Vj}%iw5`Rb~OkR|7|lx23?%D~o!O!vGlT%s|h}vNx#;y57Gi7=Gu8`ErFH zKD$pn3Oys*Xljskn<;ABf*{eCT(?io{PSZ^mg$;hQr+pPTSI?k<@fS^uG}g-$Jp&X z_enp_^N(ylSyrZe`l?hmU;54US9>mBNxro6#aX@IK8-eO>@IwqDtm8nNQaDUkCe=} Tj5W>5)n~nzHn+-E?tTvd)4b8q diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test57/Intermediate CRL PL.01.04.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test57/Intermediate CRL PL.01.04.crl deleted file mode 100644 index a0be908ae3b676ee61550a208dfea524702a1185..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-2fjw14BIn6LDTkO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aQga zEd_2~S=5W>V&=w1hWwM^*RL!Mxsp+Q*@pM?}YF;5WSt~tK4^!4pk zZys20(5tmx#8(%&@?Gbv_Tc?XvK_@&yly@C_|eB(Q_oc&yD7Nm=48kBXLi=|8CRc| x>1_)3`cYnXRL{u2E9c>d*uB-)7z+(wn7@xGJ0@bqeslGT8A_d7RKt%b0RXGEYv2F? diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test57/Intermediate Certificate PL.01.04.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test57/Intermediate Certificate PL.01.04.crt deleted file mode 100644 index 79f6d6b8ab260d0269cee9f45e73e699fb5aba2c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 669 zcmXqLVw!2t#Kg3KnTe5!iHV`lfR~L^tIebBJ1-+6D=ULRoFTUXCmVAp3!5-gXt1G# zff$IxCCneH7p$k?o?n()l$V>DS7OLxzy*@w7G`$IcQF(&;DhkkLsE-NGV{_6MGb^O zBFw@(Aw{LdB?^vt$r<@Y26E!OmKFwv28M=4K++&eoYw@IOP>8Hc4QwtY&NcAY-3U0^OH&4#r$$j@k!qN9%Qums2zCC^H)Pz~@^Mnqtxuv<>f0AR^WE!JWX6Y9C zZGz?AeU|t5jsJY~{rP!U!_6rL$0XvkUEG#O>XlrvJe|QHv8*~#-NeJ$hhLN-d*PKy i^?`ML+VxYpcO-kJmPp>Q_WuAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/End Certificate PL.01.05.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/End Certificate PL.01.05.crt deleted file mode 100644 index 674009c8367dc0fbe0a1182ba6472729037c7434..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 651 zcmXqLVrn;NV*IdxnTe5!iHTvd0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE?pI1AO!h4D}354dldmEiDWT4Gay9fTTf`IIjsZ*C2r$`(3cuFK!?Tv7axr zIJL+S;ey8b$bM#IWngaXWiV*$WNK_=I21GEvqn1iiO0bwp6%Mm_+DX|2a~L3nk4px8!jP zc13{oC zW%*dRSUB=I^nz^{Eh_+ryR0$`FoGI5I79E{Tu=D34%y4VXl4fbHEz=JvUPKRsPko6 z++2L_j78=BrIRL_+>XEYEa1+9J1y+f|9)(ZTI{`Vw$ZA4Nivo5jJa9wodp)yO_1AxX0|2&Q({BI( diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/Intermediate CRL 1 PL.01.05.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/Intermediate CRL 1 PL.01.05.crl deleted file mode 100644 index aa9dc9d7f3584cc19b0b0fc039bfbad2e71d519e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-2fjw14BInQ*mBPO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aU?t zpXJ@X!-);e#mtS34A1l|8(fYu^DX_tBX|4~LrB*QAKuux8$PXdV|KlB_p)5yQRQ=d zpW_{Lv<`)wjNACAMETq&lSD(cn6mmaenE1w>-q!*V|rd}u$n%(>AK>+DR+5K+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-2fjw14BInQ*mBPO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aPg_ z7Tf!!*5@XgiIf?n!28)uHnJNXO=q@^sWh50|2=@Yq|gc diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/Intermediate CRL 3 PL.01.05.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/Intermediate CRL 3 PL.01.05.crl deleted file mode 100644 index bec634480e1e6617fbcee52f425636bdeb66fe7d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~m z-2fjw14BInQ*mBPO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aOyZ z@8w)i__Gep#mtS33@h6=iY_vmILq|S+bM3dT*ACgmMYbw>AEI?1rHR%*;YggYy)%II(QdA}YYNV^0sxg=YHt7l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/Intermediate Certificate 1 PL.01.05.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/Intermediate Certificate 1 PL.01.05.crt deleted file mode 100644 index 42e983122fc9bb50110fce4989842e06736bff8d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 669 zcmXqLVw!2t#Kg3KnTe5!iHTu?0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzIna?_wxmzz5;6holylWagzCiW&%m zM3{wnLW)X@OB5XQk~8v)4CKUlEiDWT4Gay9fTTf`IIjsZmpuDZ@Y?U}Xs8?Dqi0~K zXJBg3I3L-^jI0dIjlB#8jh#%5jST;`Itrv!^r;!UTk^X6pbRh+$(!BHqNC0uQ) zt5xk^C*cqBiI=baJ!!A7lrPKOzmxZHJLji@WgQHgl{~W-@I0IU>aKa~{o4y_gQso( z&cw{fz_>WgAjLok7<972jEw(TI1Jc;6cZyGIDlpOL1HYx$YTRXjI06+zX7iSHydX{ zn+IbmGot~cfgngP9}5=?$Grcuyt{Wev4LYkR+$ADWepswXTAP;=y^y#axefRo*C$W zgDuQSJ%%dFB>FQyPi=c!7HS~+|LBDq7R6htizoUD2Ho@cyJp#zlOA`j)~~#s!0^e{ z$YNK7(#v>0#%DzCXi;ZTO> iLcYd-?jj4)MI5X$-L-!;+>mts=Xo}E#$;vIyl((;n9#2P diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/Intermediate Certificate 2 PL.01.05.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/Intermediate Certificate 2 PL.01.05.crt deleted file mode 100644 index 08eb808c4fe70e3b19a594a3008c2422ebba8596..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 669 zcmXqLVw!2t#Kg3KnTe5!iHTvN0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE;5y1AO!h4D}354dldmEiDWT4Gay9fTTf`IIjsZmp1krA?$CQkL+VcRtDzA zUIv54PNv32hILv$B$w=3@ACf3XX%WmH%dM=@Z1W`nZEl=Uhbc`jc;wfu4fhem0KeG zDC?`V=+CeAbA3MdOg*0S>E_&DvVoy#Yb%WR^4qZ|SM{m)~6jRyS??bOq^OaudLDZwGBRW z{Qt7zeRVqdbKAqGO8;7N)A9ebUESucr>CEGP-cr;@NHg$2!qo63?U0=^YCk17O7ai VYk18jE1&AW?^M$#UbE0M%mBOK&0_!n diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/Intermediate Certificate 3 PL.01.05.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test58/Intermediate Certificate 3 PL.01.05.crt deleted file mode 100644 index 6c5e6efaee70a159bbbe742865f8186cdfb37ad1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 669 zcmXqLVw!2t#Kg3KnTe5!iHTv70WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE?pH1AO!h4D}354dldmEiDWT4Gay9fTTf`IIjsZmp1krBkXUSkL+VcRtDzA zUIv54PNv32hOGkI{(Lxg&!z^4HvYEWz z9-qVXXlh8}*VRlW`&b{(UUw#`z!T{rGzs{0fIE z=RZ}BezTCBqa;16IK(q0{=!B9tv6Rrm+gvKcQCAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/End Certificate PL.01.06.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/End Certificate PL.01.06.crt deleted file mode 100644 index da5ee9e694334535a867ab56f87c50b641291b00..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 666 zcmXqLVwz^q#Q1*!GZP~d6BEO9170>xtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;KgCeMfDgiB4@oU9$;?YP6g3bA zi7*TEI6E5a2KeY180s0A8OVwAT3Q$w8Wab6Q-E^X{LLD=6oAKAx@tPISJ zy$lA8olK3540l&EteCDGSHZGd**>~{GK2qw^-Z~^?geZ&S1-xTsNp_YmU^5~W|8@~ z^p_fYa*}MK?KvOzcTeAQx^%I~g99@cuP8`Un{ddZHv3szftL3&Ym3>&LiKZwd$Zi= zEb7U&Oq-L);TzMXm!PDp(^mN?-(qT3SpV7761T9(<@RE(b=*wMj0}v6lMNCL_<=zu zE6m9FpM}+c8AyRcSC$_nzygf9XW&?oRbb&a;5Fc8<4kDtU`%CZG+;Ck1Zm`B;bP&~ zmgl|ii|K(k;AoIlW&y@m1Bd*ogrH<0r%L270LD5q(DTWrAD5JMpT2aOTdeiaYnQv> zMV|F?3jSs@GIBqy5R~JU&W{l@<#()kH_1dsEq2Zn*0Y?^F&h@FNEH5_=+nTyK=-${ z%C1M@TU>UF^qjf3yFO^brDxuu+!czyELfKO@KM;t5fgJGIU=dfE2{DHzFF?tZ>8FU QtKFIQb#rFCS|gtT09|RqCIA2c diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/Intermediate CRL 1 PL.01.06.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/Intermediate CRL 1 PL.01.06.crl deleted file mode 100644 index eb7f0e883d2c9f88d6b185937a04df3fb63fad40..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-2fjw14BInGjU!^O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aQ&D zyIwIIjGKk#V&=w1hK^#>BhfRquXf&eYV#pmHJ#$)0Xr`~?tgEte5KiGdART4^48lT zHDAQ;Fl(^}v(7hsulDkD^=y@Dmw)rsZSzvh^THfnMogT=P;km6&gAp7{+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-2fjw14BInGjU!^O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aRC4 zdN)YSW^+b!F>_-h!w!?y=%Bvho{B4l>r2Hp{JEX9#CFqblZE%P0~hsOcrmwe&+K>e zHD{XmJX&nv*Xber*;pa>+Ovm?j~oiTnAPO}`OQX^POprzy|U+SoNwtnsCByY_-~RyLDuerQc8vw-OZkqrA diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/Intermediate CRL 3 PL.01.06.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/Intermediate CRL 3 PL.01.06.crl deleted file mode 100644 index cb7885c171d2beabbf32c89f6830648d00226aa0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~m z-2fjw14BInGjU!^O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aU)v zB?Ki4IaQ*$n7Of$q2T+upAz4+lDBe8ywljIWa+@MdYYPhtI3OYCYEHwY1`dH3(ws9 zzLI6Bs)5<$hmLcmK43KX`d8Wh`?dB@abfkfOnwW^axW-Zdpy1%JS`>YNI8r3l$C$$ wHs&xUE4WYEu=mLf&k5(aYf^S<$7j~fRlc}G@63hi9wNbYCNtahO}3r}0KeH|PXGV_ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/Intermediate Certificate 1 PL.01.06.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/Intermediate Certificate 1 PL.01.06.crt deleted file mode 100644 index be0ee21f2e38efc8f52c5687ccd5616a6e02db1b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 669 zcmXqLVw!2t#Kg3KnTe5!iHTu~0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzIna?_wxmzz5;6holylWagzCiW&%m zM3{wnLW)X@OB5XQk~8v)4CKUlEiDWT4Gay9fTTf`IIjsZmpuDZ@Y?U}Xs8?Dqi0~K zXJBT~I3L-^jI0dIjlB#8jh#%5jSL4LG;}!j=&P$Oyzx5VkeGmDPMi0`_^iK|8JGV4 z6{5J_*YnD^`)0<%tr{P?O;7Vo{n`G$QFdGZmvHeFe=OEdPe1Xr@yAskj%2QqYsr@m zyYFf^-k@x#P|NE;B zFJxk7WMEvJW{_ea1PnS^VMfOPEF1=GK#GZx4IIF-{2(zFVC1oZBSuz%h2MbJfSZjo zq0NIam6_3i(LfNSmyd;ug(KIw>lMSnxLM$skX2>@Mp*;L>RGRU9(o?qj~ooZh-U`* zKYvR^56|IW^9xq5WV&=t%Ihijmfd1IU$BHLEa_OK%NIC7@7r&tcwzmF{EJUFsvgq& zl-pLR>C*e-=iynQhLK4>754?EUVYHN>Ce5MZePyXJg1*zueuabVW75NOEy}yO@8Um jX21OQ&zsNG7F}4q`9nf)y}^VhnT|Ua1UrPN-xdb|pn%t( diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/Intermediate Certificate 2 PL.01.06.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/Intermediate Certificate 2 PL.01.06.crt deleted file mode 100644 index a84a7ba5e0e82c6250b28ae97dbfe2e8f41c4c55..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 669 zcmXqLVw!2t#Kg3KnTe5!iHTvV0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE;5y1AO!h4D}4m4CKUlEiDWT4Gay9fTTf`IIjsZmp1krA?$CQkL+VcRtDzA zUIv54PNv32hJ*il>-|^1nSJDi@D9Tbx4lEYdgwfVe2 zRqkzh7Ta|lw~{6MZ%#@vm-=NDBv?@@*)-2Ex_mm1zlf-;*N0|BCT2zk#>Hs{DF#Bo zppzA5Wc<&3zr0W8Z85@P{I9ve7fWEEKW4R{T>**Fv0JQ!1%84VZ>1VMWF zSh!d?eBXLENX%w)2FHY~G7B)u8aQ&DyIwIIjGKiV48VwI2KwKe(P!Di;+?%k6s@(BYQ9TX$keq^|I?3=MmO z;|#8C=lhh!x6OR@z~RrXp6ZPYRh8_mzH^4&3_4s`z2m#$A@7x&N}qbQiPRM>le?7N WruJIy$GeQym-#7kZYmeco&o@Vs?K5n diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/Intermediate Certificate 3 PL.01.06.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/Intermediate Certificate 3 PL.01.06.crt deleted file mode 100644 index 0b13f9f9b180ffb90de25efe04e1fc60793567ed..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 669 zcmXqLVw!2t#Kg3KnTe5!iHTvF0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE?pH1AO!h4D}4m4CKUlEiDWT4Gay9fTTf`IIjsZmp1krBkXUSkL+VcRtDzA zUIv54PNv32hC^#-Offnh-?U`Q%FjA#%JY1!zcf6Ean7D7ke5<&P?2ZmA_ez{Q`^@* z^V(eW{#@~&o$56ePJbpoE_m=q^5v4RI`Jphe^p%*!aHx$XUEVF5(#?eq+L~8QY}AO z7N|uqo=TptD*7OGpV1q}vaaTnhm~h7(*J+JX5XviEb;qA2@YAOnV1_362R_WfowRHE{U8^=^=u&E||848VwI2KwJ(`r79XTvq~oV<&5I z@ANSDpL*u;+hdUdES?>c7P3n~#H;NBrvkzyzT=r;kTI9o$d)2cx XRNc6kpLp%1<+9eivrC(o%N_s#BFoca diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test59/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test6/End Certificate CP.02.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test6/End Certificate CP.02.03.crt deleted file mode 100644 index 1e68f0de17cd1e82529d3c50fe2c36c841114867..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iIK;EmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uC<0eS{TdIrV@a^k!u<_3lahK5E!(jW@RwLsz;B#>jj3l{su4MZXK^Mw|t z79qKyaXzx28Ce;a8+#cH8atU98yQZ9y$J3;B$A^!*=o6u!9zx|UY^Ix%oMe1zOxm5 z@Vq#4#qk}7&C+?(?JvG*wm2{;u}I8G(%EQ<`fY=$wi`~JIg(Q1KGEx=Rg*-7{g3o} zTFKrFf1KG?E&QWbAOIYkviyvU|5;d=nOGlyqd``Ih2MbJfSZjoq0NIam6_3i(LfOBNm)J? zE*6gBufHbEdt0Fb4tH5)7GMN5aB!#m`yz>% diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test6/Intermediate CRL CP.02.03.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test6/Intermediate CRL CP.02.03.crl deleted file mode 100644 index d87cd7e26c1526f3061765401d842c59b70b981a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zUFQHj10y{HV{u+fO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aTL9 z{{4|;`(A+NV&=w1hADy(d;TPfb}NfKl6P{iHfHMR-u=LiOU&nA{7+7gOWGRqXZ|p+ zx}o;>YpYqHtMK11(_*S4B3?{U+8?}j(!|}NUpU(KvNGfZn=W#G5w}`*<6`OKQp@|N vc5V!)pCP&5^+K`gjx0ANw#E{2;3narW%##IH+x(!n(fTfI~e8uJo}BY`tlsp!jQhl%*{dn znV1yBI0E_w7lmGw# diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test6/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test6/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/End Certificate PL.01.07.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/End Certificate PL.01.07.crt deleted file mode 100644 index 8741105ea83d8c09df9e4c8f74928e8de394422e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 651 zcmXqLVrn;NV*IdxnTe5!iHTv30WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE=Sc1AO!h4D}4m4dldmEiDWT4Gay9fTTf`IIjsZ*C2r$`(3cuFK!?Tv7axr zIJL+S;ey8b$bM#IWngaXWiV*$WNK_=m@B_ljpb~dQUTMR2Q~MNUT;&Mz4}6BfTROs z$ewS{nGfWY$~-D)=QLx=erUccVu!gMOUyg78|;g$W_nl!8t}djJGivrrR2TC6VCl{ zd|zYtxAYljS3!Ye_mXvTP4U`S7tfgOmiFLHR+Mnw_XjWDRh=w0INg2HewDoaPw~6k zepgIpVrFDuTpVN&01i%Ben!UsEG*1StPjA^AgjQ_Z@_E7&BmF~=E0cC%xJ)9APDrN zEFTLO3y0^_UEAv3x*i3GyR0$`FoGI5Cb$&N=5brsgzRNtG&2MJ${feI`z1pS*d zQ~H=K_w7u7QCXk7^Em*#DK4(=Fzu`yT%$X`A{t)=J^d z+t&+E>3f}f+4<}doetxy7|ZExfeZAW7=_JunRwXbjOsd`C+l|~lK-($`PylrMLQq7 Yx*7Uji9ud4V2|EEi_PMEWlv@T0IFQgwEzGB diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate CRL 1 PL.01.07.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate CRL 1 PL.01.07.crl deleted file mode 100644 index e778e911d1c752b1536aa89b7cf06dbcf809e232..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-2fjw14BInb8%ivO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aTF0 z5vq&**s}r6#mtS33~JX}l;it3E`9yGgC%6?6lLy*&rdIyn^AanW7sQU&jS~YzyDeL zBj{$$t;>IWUaY$(8p`PH#P?6iX!V5d#VfyfN;h3!TOj&zw!X*j4JY{*8VAmmNjTqT yU--gOS?sl;YAeg;3B^?rYir diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate CRL 2 PL.01.07.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate CRL 2 PL.01.07.crl deleted file mode 100644 index 4f4ac6bc01669f9f36177a9e37c44edcf88a8782..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-2fjw14BInb8%ivO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aPz` z)fh^dZ=8kZV&=w120hg}mZe)OM w7Ux1e>e7T}zWj1|^|kHqwg)!5+n8*fzr4l%yoBiuyY~}p>lSzE>X%dj0F^vung9R* diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate CRL 3 PL.01.07.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate CRL 3 PL.01.07.crl deleted file mode 100644 index 0b568e7cc87c4edf36835bb98ffcb0b25215c8a5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~m z-2fjw14BInb8%ivO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aUS2 zs0E(c8~zT>#mtS344!?~%kL=*$-Ab9ytdUho13sbeVJG3g1<}MZmCU4XK1hd%I=t9 z+jMOGq?)tG{bK$!ZD_Drqc`oxVLs7^%NzgCUVGu+r07$zw{y;3F}|lPq1@1CS!lB)64cE0LoNkTmS$7 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate CRL 4 PL.01.07.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate CRL 4 PL.01.07.crl deleted file mode 100644 index 4cf694a9873121d2c36b4d68dae84e6ac571eaf8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}r z-2fjw14BInb8%ivO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aO7n z6wc;xTi1l%kY<@k$k?MJY=6bvp!#_T`Ffyq}v@Y`pM(o8c`P%YE}Z v#coGCFsl9$e00n+TSV%5&s~v?iA|kb@1*NW^uD_0H~&-ND+YG^%b+!5 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate Certificate 1 PL.01.07.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate Certificate 1 PL.01.07.crt deleted file mode 100644 index 01d844201b8ccb3dd33574838146505f97efcfd5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 669 zcmXqLVw!2t#Kg3KnTe5!iHTu`0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzIna?_wxmzz5;6holylWagzCiW&%m zM3{wnLW)X@OB5XQk~8v)4CKUlEiDWT4Gay9fTTf`IIjsZmpuDZ@Y?U}Xs8?Dqi0~K zXJBs7I3L-^jI0dIjlB#8jh#%5jSNpJg&t4#-nD9PI%D{A0O9z_V=QwD#=%}jf*#Do~(Yhn9C0J%D z6EhOLqv{D(5vm?JRzJuWaSoZ8L7(pZ@xq#Kh_p)4(&6 z%Ud2!_^F=FBUyR#_Qt9HtNHb=Wm!*pAg6z6HJ5Mgw@*KE;~AQND$C3lX4W$aFsN!d jxqEuYpBYXY!hJ8xMt!~-{rUNY332v|Ha`4y(%BCHpJL3M diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate Certificate 2 PL.01.07.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate Certificate 2 PL.01.07.crt deleted file mode 100644 index 0054dc62264963fb5e2774865cc4ba503e28c123..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 669 zcmXqLVw!2t#Kg3KnTe5!iHTvR0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE;5y1AO!h4D}4m4dldmEiDWT4Gay9fTTf`IIjsZmp1krA?$CQkL+VcRtDzA zUIv54PNv32hTZ!WX4<(QN^lo^-}Uj+>4voarKi8%o$N7m$+eBAIyPLb7S<2G{faA{QA@__ zuHJ^VOLry-_g&mmvEbLu*dXN-`SR`UJ0lH^CR<;Lm@k=c()ndJ6EhrOY?Z0>^}`G7B)u8aTF05vq&**s}pS7=RJa4D|mkul4u&I}2nBE2A4V zlPT)H9P(oBDTo@I+at+~6OcjCeB<=Zq-@N|vBo&#jk;3y z2SM56c@d@4of)>zKk@%Y;tJ)u@9}yS2Q4q0)G&_W&po-?rL!Pn(>N)Gf_R diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate Certificate 4 PL.01.07.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Intermediate Certificate 4 PL.01.07.crt deleted file mode 100644 index c5eebca96031569bad4b3ea8d3ed77b8fdd5b827..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 666 zcmXqLVwz^q#Q1*!GZP~d6BEO1170>xtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;KgCeMfDgiB4@oU9$;?YP6g3bA zi7*TEI6E5a2KeY180s0A8_0?CT3Q$w8Wab6Q-E^X{LLD=6oAKAx@tPISJ zy$lA8olK354DXVIK3?2>iBp_+L*SXeo0eYo$r6e-E*CN=-qPBYzEfH$CRI^Emg`|^ z^nAOu>o?wMuUWcf9sAYZGTr|&F^{qmm}3LSimU<)zX7iSHydX{n+IbmGot~cfgngD9}5=? z#{`$c**tFRn!wQ@tIPt7uLh1aHfn)q_J+Sh4g+AUGXp)Zep_Z$p3BUePhCwmY1FvA z+0g1`CHcBw`md_G6MNpXalDSoPujh&El=>_1D>=W)lrKcANOW0Z{~`WG`U~0MzqUR`#euo T*|sg&tzum#r^Y*5#HIoO7J$*z diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test60/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/End Certificate PL.01.08.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/End Certificate PL.01.08.crt deleted file mode 100644 index 7be023cafeb9026ed967cc78bc57cfe9ef880ee8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 666 zcmXqLVwz^q#Q1*!GZP~d6BENi170>xtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;KgCeMfDgiB4@oU9$;?YP6g3bA zi7*TEI6Io?2KeY180r~V7|4n9T3Q$w8Wab6Q-E^X{LMcCgsAKAx@tPISJ zy$lA8olK3542PIgTDk75%6K@zWf#u{v3pOrHJa{-MIGJqGOWh<#XQ!}9LwjGpG#l1 z=$}wc#-l^G)_80>^x*Uw3;uc!uDMe$L`ZIqjF{Q>AW@P-&!fL<_q`;vo%MTJ@0mj@jaIDBGu<#r38gR35CbW4lrZO`cFd7JgH1e@< zv2biZuw<_7>2JQ^XpmKA0mfGYM=Sfbtt?@?rK0yVhdmd9+XEWEys4k} zg1xv~JEv}c}^ UT2waAJKOVHdwGG=s_E8~0YLxN2><{9 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/Intermediate CRL 1 PL.01.08.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/Intermediate CRL 1 PL.01.08.crl deleted file mode 100644 index 05c2809aaea2415bf84d741a094d0ec25a8dcc53..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-2fjw14BIn3vpgcO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aO_S z-A(4-y2=2}#mtS34AKc&?oo2nsxCLlRn1YSaJ# diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/Intermediate CRL 2 PL.01.08.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/Intermediate CRL 2 PL.01.08.crl deleted file mode 100644 index d74b9168c218c3ef3a5f463f16d6938fcfb34d9e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-2fjw14BIn3vpgcO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aN_8 z8keNx?(ju(F>_-hL;U{^J_o}$pDuUjRAsiE&OCfE(`B(y`JM*{ZV9<5F|QL{T;Ba6 z>{NA}@vVd$+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~m z-2fjw14BIn3vpgcO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aNVI z6CZiBZ7D``F>_-hgEw#8tBuWCTp?S_na-&&_3Nw21bjOixAD)f!r6(7FZ%DSh&+*V z_}TiFE6MDaEQP0>JguZ!e=YmqkzGqWTiRnb6f?XvlfR@gU3-2tTg2n$#`>!g#+SLe w`+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}r z-2fjw14BIn3vpgcO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aRSk z*ZnAK<*h+;F>_-hgG|xf;E*|m)?D8&gz)V?`n^`J=ZeFg5}xnUe=f6&FzePFe{%YO z;GaDv&+Kzc{^&(cz7??f)oI@A8IEk%)V8Rct7*LQr0b%cspfp|i;i|liEe5(Uu=AC w$i{LN&wKprxwY7dJ#lZhBp-_NU6dp0dUey!L%UiwCgn(6{k>K+@uc(?04h6ZtN;K2 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/Intermediate Certificate 1 PL.01.08.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/Intermediate Certificate 1 PL.01.08.crt deleted file mode 100644 index ba03f6c24abd60f26ae74d8f3f5834227b702949..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 669 zcmXqLVw!2t#Kg3KnTe5!iHTvZ0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzIna?_wxmzz5;6holylWagzCiW&%m zM3{wnLW)X@OB5XQk~8v)4CKUlEiDWT4Gay9fTTf`IIjsZmpuDZ@Y?U}Xs8?Dqi0~K zXJBE_I3L-^jI0dIjlB#8jh#%5jSQRiFZxoGV7=(M<+_a)<@dgbcZXV8bWX2XH*bpX zSu<{DwT&9@l{mi#scj10wnFyE@lO}TJ>#P1J9Nl5RJ>aBY4-mY!s`nn8+z5HRRug&7(Dvv3%&0VyU%HgEvT@`J=!fRV=rju=@57JdU>18z3X zgfPMm#gn z|Fyj@^%EL@PE_-GxcTfli?6q2;8%$ zRB4I1;N{&lTiUmnow&GYM)l7R26?89wVPs3-n=VQxbcb9wC1Ca9vdc#-s>rzyi4QV zjn&dN)3Ouye{m?;$I_+sxBN!dCa1owOtW=!{;}Ks`*KHKC+EYN?@Y{$42+A@3{nh) zfI%lK%*gnkg~NaiNHH-of&*BVA0);Cj661Q#K$(o$fDP)h;LeDf&0<7$0w?wIf>% zmqY%s@Rl`==U=azXl%UWs4Kh3ncrJ_|IE7i^-s!$bPtOc`+}?XrMYj@)ajGk)n2wG XGkT5C;|VdgdlxYaepn3gR8ef-r?rQxb%}CMiq`3*=8d@~!7~eg7G?M!?<${FD0*Sm zMdj!JEO`~S#$ZuK_n3XF{6?V=6PF0i%H+NG~4? z7Yj!MYvLo1wk^frn2=Rw0Y+H^N5n_tl9b#XzGxB84D`R?ty!wOH+;JAx$^qbOEw-$3GvwCUdE(=~0I RPQMTeaye1uI%h-eDFA?J#{~cY diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/Intermediate Certificate 4 PL.01.08.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test61/Intermediate Certificate 4 PL.01.08.crt deleted file mode 100644 index 5962eedfade82d7605df4374c2fefdb53954bfd7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 666 zcmXqLVwz^q#Q1*!GZP~d6BEM%170>xtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;KgCeMfDgiB4@oU9$;?YP6g3bA zi7*TEI6E5a2KeY180r~V7|4n9T3Q$w8Wab6Q-E^X{LLD=6oAKAx@tPISJ zy$lA8olK353`Zj#YXv<`H=o(Mvfnz{d9HMrag=g{fS&FgkPWnyMzU|gJRkZ8aU z3_4k1M#ldvtOm?L3LLt!{2&1qV9c?BV?|bhh2MbJfSZjoq0NIam6_3i(LfNSk&lIo zg(H}C-H)}wN86TSJIGSgu{v$EiwyIq_{I};Xt U*%aTe_}0&4{Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/End Certificate PL.01.09.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/End Certificate PL.01.09.crt deleted file mode 100644 index bff8ea4cbc80ff731c8f1e9ce76970ac3e61ab9c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 651 zcmXqLVrn;NV*IdxnTe5!iHTvE0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE=Sc1AO!h4D}2w4dldmEiDWT4Gay9fTTf`IIjsZ*C2r$`(3cuFK!?Tv7axr zIJL+S;ey8b$bM#IWngaXWiV*$WNK_=*w-BVZk6S~KhM8E%bFVM^{Ak=^7yltsR9iR z0uMvm)lx!FvwwZ=djDCX^%hq-4iER$+>vU}ZXBynE}LBJRyxP{KcnI|NA8aqOT1PU z2C6duxqTroV)MhlHw2XKEV+8>oWuIf=8aD$wr6{DCs>%TU%TP-+oD^$W7gCh6>4T} zs(ihhiJ6gsadD7A05~{h`577iv#>BTu|5DtgRBAzzX7iSHydX{n+IbmGot~cfgsS6 zvV1IDEF8>k1$&oFZT}4pcUff?U<5UAY`^kGdgIyhCS)%IqnR1#*UEkWzF3C~ygpr; z)wO83S@S}MlFN!-iKdAaz1IU*hMV8$Rt{Z0IrrcOj+XeTlKZE6rMi8+esq&dZho45 z<$WI&m%y7lzDYb={M&fLj|YnmW(Z}sXqG(WK3jh}`@+P1_I*n-EDBZT`tQ4cP(+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-2fjw14BInOL1OHO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aUp) zUES`3x9=Y4W&J3j@OJK!_w8N)6Le$p diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/Intermediate CRL 2 PL.01.09.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/Intermediate CRL 2 PL.01.09.crl deleted file mode 100644 index 61e712f0d8a9ab65035cdd6d220375f7ddbb5624..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-2fjw14BInOL1OHO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aNhj zaF6|G{~;C4#mtS346BzfkGp-MO#X1^$IVf-rEQBm(uFSYBt_aas~uGCJ|Wk4?(l0R z-ogn_XC^qe=$h30TKuajbK?(#S%O=c_3XB+J7v-+!o<${p;Z3IkITakb2gm* w$$ICF1mlF9Et8Tj7H(VKWc#gZQQ)CYCyk}oJX8Kl?n#>Pl5v(%(M$FH0HBIz`~Uy| diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/Intermediate CRL 3 PL.01.09.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/Intermediate CRL 3 PL.01.09.crl deleted file mode 100644 index 09707fd7bb11bbe57fd5b2c8a6f3609d1bb0e26c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~m z-2fjw14BInOL1OHO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aO^O z^yHhYcFaI?F>_-h!`cNK*S*PD5_W38@Www%tdA<%Zf{^@Pb&ys`NKqThFovNmmBX+ z-FR#``$EsbPYc(qT2@%;!Hr@|NAbRH!sxl-?`+_SHb6sJe>kkY740dH4pYybcN diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/Intermediate CRL 4 PL.01.09.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/Intermediate CRL 4 PL.01.09.crl deleted file mode 100644 index 997a057f26d6ea18d179c6bcb0b494e4711b5136..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}r z-2fjw14BInOL1OHO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aTFJ zc_Y2?YV7)RksYrT%*dhIAle)Axo3HFWnb>?S;|=qN=5s%dJ-^@c zn*AzMXJ0yx{ErJ~4Dy;bKUom`+R*WmgAUv6N5|NNRUiNHN&F(lzK=^ZOYnzj_QKhV wPM9AFE;w*tOBP!~uv<*_}azn^v*g#Xh}u z(cmIivc=sTyGyfo%>DUh{_1GUqM2*6Gac1u2xsU=*ecJsl|4uDQ0c5^#wE|K+8-a{ zxXi@N$iTQb%^<}<2pDv-!i!c0XG|G zLYoI;Dl?-2qk$kuFCPmR3&*>+tJ^)f4=(`6gsd_PFv=P@R?m9<^U(8PMm#gn z|7CC69Un7ma4byCK0iN_<>ydj(WC`>A2=TBzUcC@-fZo0 z=lRj4-*yQGCv~S+Yi(cQoWF8vxR#*RL6)47bt=-aGDj6E8HRrD9R6EVY diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/Intermediate Certificate 2 PL.01.09.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/Intermediate Certificate 2 PL.01.09.crt deleted file mode 100644 index a62d9a02625b90f7b371e2b2c302ec76fd23034c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 669 zcmXqLVw!2t#Kg3KnTe5!iHTvc0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE;5y1AO!h4D}2w4dldmEiDWT4Gay9fTTf`IIjsZmp1krA?$CQkL+VcRtDzA zUIv54PNv32hWFmTSz^-s+T6t_n|+zI%iQtStGaJrPk#-*TQ;NK&(!Ac*5$W;S^tRM z`PlRHw<}7~W}$q~b~=b2c^ca*^6lFz8SnXRcLbeQ?EW=VKKqfv$33dI*NJ@Cm)(@I zK4q3mm(u)6iDmBgb!R?5l(V$_IGt+&yHU&Y$k$G*W-goZ*ECmXJrgq{1LNW}gA@ZH zV9?15Gcx{X;V@tWQcR32-~g882Z^x&BaaOnF|rCQ{06)R+-#f)Z61uN%!~$%27(~H zd@Nin9E&%&$NsbbkP40oS!EVrlr?a?d%L>bll$-j`Nr0}Y?)VDNm?qu#pLhJGta%cc>jLO?Jp`%4t)3T zJSY|SCVraBY!%V+nT`QhM46|n3GZC=XQyrN>+pnQ_W~PRPDmZy{y+7#+t)YpcN4r6 ZRSHjuoHAPOc=Y?inJpD9w_nt&0RY^S+;IQ^ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/Intermediate Certificate 3 PL.01.09.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test62/Intermediate Certificate 3 PL.01.09.crt deleted file mode 100644 index aa91f3427c0b98654fd98c0ea78725185bb335c8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 669 zcmXqLVw!2t#Kg3KnTe5!iHTu}0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE?pH1AO!h4D}2w4dldmEiDWT4Gay9fTTf`IIjsZmp1krBkXUSkL+VcRtDzA zUIv54PNv32h69J5@txbArT6Hu!2WB`&xockYM7v!v$SWM{`m^0MQ=95n@qTv@qX*X z>$@DfO!rADYTZ&Xd!JWb62CZpqtvs|MG_ZtDxYN~sy)el+$FximV=E`{BT;6v+~6= z`3zAPMK@fzzUG+*N0@n#EK}d#l6TW%Hi;*^yT&B)9?Lw!+KZugCjX%QfD@4gq zw7B8IA2l7V-1|8n7=AClmUu4PKC>+Oc(umtC(8q83Le})*KEl$n_%b30twN4veD{1 W#+x#y>96?Rvz~Fr#$O`YFxtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;KgCeMfDgiB4@oU9$;?YP6g3bA zi7*TEI6E5a2KeY180r~V8pw(BT3Q$w8Wab6Q-E^X{LLD=6oAKAx@tPISJ zy$lA8olK3542zroI(Thfof>}5&ExLrE0J>fuYTRrSi)a3`Mxl-`MxH zGf8=)^aK8LDoH0!@mtI`dHQ1N_X$}N>+j!IKXHzKm+uSBHq@7?QCorx@xQIB0Vq%tuxGB7SqHb^w! z2L_$2FeBrC7FGjhAO#LxS$>cJ3oz!`z_B8$z`}39YrxIMnb79Jn99s(z-S-{(#Xfc z#lo@u${Xp8XUm(w(IBhL0*tQ)j*kpI`6jC!Gmygo80*YH&r427dHum{YL1V+Ubgv# zC7VLhyeDVPAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/End Certificate PL.01.10.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/End Certificate PL.01.10.crt deleted file mode 100644 index 16c1c687de91bce595b70a4cafc9991695d4d4f6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 666 zcmXqLVwz^q#Q1*!GZP~d6BEN~170>xtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;KgCeMfDgiB4@oU9$;?YP6g3bA zi7*TEI6Io?2KeY180r}s7|4n9T3Q$w8Wab6Q-E^X{LMcCgsAKAx@tPISJ zy$lA8olK3540rdGtd`e#I9u+e#4fXy+yYDab($CYMEw6^QN3CEh}`sLY$1>H<}RA= zFXk^O{jFY!p>>_q*{iGa&9+?#n7L-L;?m}4jrJ_Q8sXpfUb&$EcZv6=@ZVvVXTSQf zNATaW9S@Y1(?c>HemOi&S>=>Ccka)7Ps(*?zF}|>`_XyNCec?QlZly;fpKxNL81Xa zFz95385#exuo^G}DRAh@@`D6efHC(B94oR4Ec^z%2Hb3%32h#XsmzQ9j0S=rjeIOz zEF4`b>?ikx=?Q?NK~|Xs7+(z>TOK4^OyIur3^@#dvCa(i`~o*;wg6qm@cj2rdj1tM z-P(6;OYYj8Mcb_M@4Yy=X5rWUsgAebM=y|-NNnu%*PXV@R+7b8&fl2tLzU`-Q+t<{ z=|3@8R#)bGC%U=whPvB<#l~gcZ?22S%=O^>nuuuA}f1WI! UmOq(i;laC)&lL8v%q#r_0H%-8Y5)KL diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/Intermediate CRL 1 PL.01.10.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/Intermediate CRL 1 PL.01.10.crl deleted file mode 100644 index 40c4afc45008bd687747357d891daf81f110aaba..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-2fjw14BJS194tUO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aPtY zzn;`CIw*_gV&=w1hCVmTxfQ23-Dfhkl|SKZEp~VASK~g_(h8pg@*d289W)+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-2fjw14BJS194tUO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aNEi zOH7}5Z~2JkV&=w1hO#MFj-J`TX8LW7J=^XzPxw|k&zycSrr`Xx@^3D3(lR#H?;MVF z?prRu;Mjucga`py>ai`j0Fw@vqJTHpNJ>Pqc_T#bA?mhR7Wi8|KtW%BCRd(Tdu xF*$Ypug4STHYPbIQ!VaLEfwAe}+CQ%XxFFvgjbeTj{fRY+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~m z-2fjw14BJS194tUO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aT>0 zF7Mc}n9Bpr#mtS348Gyt3LM#%Npn;?=&ZO@xyISM`oKLN)*AQLLz>t7pRH`4v03fw zJk9uHCu;p}bG1G)>0#T`YL&&9CiB@{$nHxaW9SOi|0ynWE@vcdf4t@!-^-%7H(xmn wLLGWiFDw%OztY32yh7>cmME?nY;p4?xi2i9v}0xCxmOdn&Yqtq@P6hV0BlQU#sB~S diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/Intermediate CRL 4 PL.01.10.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/Intermediate CRL 4 PL.01.10.crl deleted file mode 100644 index 71e6229074370b337663c8073c3cb891dbf58e1f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}r z-2fjw14BJS194tUO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aTE* zNVb^3edigPiRP2RQN&)2-D+oNUSibW{)5wczrqIYpoTv7L#Xx`J~P*TqxTmm*3xHBWf?s+(sq0QG8Ui~s-t diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/Intermediate Certificate 1 PL.01.10.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/Intermediate Certificate 1 PL.01.10.crt deleted file mode 100644 index 6b3f6eb4b2b21df2b8a191338f438be8b6d00f7d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 669 zcmXqLVw!2t#Kg3KnTe5!iHTvk0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzIna?_wxmzz5;6holylWagzCiW&%m zM3{wnLW)X@OB5XQk~8v)4CKUlEiDWT4Gay9fTTf`IIjsZmpuDZ@Y?U}Xs8?Dqi0~K z2ehzpKC+J)Ss9ocdl?KGJDD0A8P+#F+w~)8*10cS)eSO@AI|s1Y*>BJHadpSz;tVJ zv`P1SlY-(?_u4-CG5H29+YlgWZFNoc<@Wqi!T1? z<|#GH0+bi?y?el4&|Lt!7(AL%mR$E29DLUUjIDwJft5v7=RJa4D|n{ zeb<&PoxM5r$0v9Hn-_G0%GW*NWolNHzkc?4iY@De)%QK7ao%rhW#V_UiF}Z{qUYqR z+?*RuXFS}KPnU#Sd2?J?w|>zLm;Jhr4{u#`q4dg*$N$^x|F7bkY-_Zt{Li&}SB{_4 j6bOF4Yr%T4J(aFW)!G`G&%|G=Xl5U~m0#6-;K^|S|3KER diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/Intermediate Certificate 2 PL.01.10.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test63/Intermediate Certificate 2 PL.01.10.crt deleted file mode 100644 index f2e88f9fe07bef2679af1c3fbc7fd837e08ae3a1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 669 zcmXqLVw!2t#Kg3KnTe5!iHTu_0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE;5y1AO!h4D}2R4CKUlEiDWT4Gay9fTTf`IIjsZmp1krA?$CQkL+VcRtDzA zUIv54PNv32hU2q+bmpFRm)P6GbI9YS@@JdX9&crolHKZ;IVl^8gdci6v*JPLv=_D( zwYn+hvyL|F&AD|n##u-7*xko`pS3MsnxE7>v8k$~@iY57lVmQ&<7%JYna7!~xw1gk zOjAs7_R54GvNQP07D|Q|R4Ynfer4akk$JUI+3fA%@w_L$ZJA%p#LURRxH!!q#Xtxc zbh5&XjQ?3U4A_7a6C(>afMxkXVl2SOV*^KwtO5(a0j~i!8)rhB2V*KTqXDCVAV@DC z3l|HAp?Qhv6Ynh_!7(AL%mR$E29A{UuP3#O4$2}212E#5f&Ta3Q>;A2dC!il>lSQb zzG)wOUFU5t-Pp`=wn6F25ypQkKIik_nLP?jd9-HEil~DdXQy`r`G)>*+F0~>yI8kt z;Jc^Zs}pC2S6MbsihgV6TFg5sa^-fTy~+h#ypt0@XD`sXvwH1aD^`sb{;Zk3qT{aC>#o%Qcoue+gZucljYl`HcHPGMxV!Sl)rK45Qb#}4 z?AYty)M@jlZNo~B;FPi>YZBxV__qHpc=1g9&$E`Av&o%2x1L2ZF*7nSE>1H@F%SX< zovbh;<9`+o12!PV#K;H^U|D{U7z;4+*uW7ZtH8oTLa;FyqAW&uW71Ban`iRlyXEgzAC0T}VjK>x4Zt}S1ieDSS_Xu53b ze$(G)*Y%xvnp2;msqyNi`|NY9HXIMxtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;KgCeMfDgiB4@oU9$;?YP6g3bA zi7*TEI6E5a2KeY180r}s7|4n9T3Q$w8Wab6Q-E^X{LLD=6oAKAx@tPISJ zy$lA8olK354C@%ubu?coFPZg@^-0R>6B>0a`ZKn3HSVfN+~$6)VUj`4`$Jrk9e*49 zUc0V1ps5vq{m%Q^qkDd5F!EUZWNO&->cMlChGi>n?`w099AWa1-VfA3P=$yKk9 z?(e(TS;fL;%)+#~X{S#6-rT2V8|(yCo@-ZIhj%(Ic)#LVn)A!sOw5c7jEj>E5)Jr) zK_@HB$oQXy)qojDfkRi8A0)s6j5#)NtjH>`@Eh&!sU`_vp_NM_><`F`p};dL(t zr|FaK@t9k^3^=v>iN5=`>b@-zJh$5HEp)2hE(`MUO8mOQO7?uuY0<`Kdyetn_;Px4 z_r}#MUs(U_vq}wGS8`}=Awwivci{4sLi;V>9rj*Q_4+BRZ2or*_TK7yvodD)6w3;` UZhs=Vbt|LFqJKI*Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test64/End Certificate RL.02.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test64/End Certificate RL.02.01.crt deleted file mode 100644 index 771423ecaf466ec4ad84a6f189a0dfbfe8a3f6ec..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 651 zcmXqLVrn;NV*IdxnTe5!iHTvY0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE;5ygM9Q1jPwi)4dldmEiHhwp`j6wG>8)CH9_VYB#>jj3l{su4MZXK^Mw|t z79qKyaXzx28Ce;a8+#cH8atU98yPlD6r7{5dSmB0>ywh5{zqS$+}NgTay!uFZAC*S z?}YgCiH4O)uXnr;oFD&!{UiVHww1@b{;uU+D|Pzy|6LOjpKyK5yQglJuwO8$w69v> z_!YCY=|UA>(tb}{^JM;y_4zMCr$6mocXG+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-5?)510y{HLvdb9O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aPrf zT;8>aY4tZW7c)0DG924*{LIQ1*D^U*e0i7eZtK^#n7g3OPc!t2Z`lG{6){Wk75hwn z=I*?<#O%Oq&j`spy^^PX_kKlLb>Ug_e`hbBQ$4&_XTHfZO?gZHgLXD@PZqFt xaNc`uaL9ixpMuqcJGU)nt=TM-C@Q7$xtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;-^EbCfDgiB4@oU9$;?YP6g3bA zi7*TEgcOw)mnb;qC1>Op8OVwAT3Q$w8Wab6Q-E_wE+;I-e`(NH(YN6)}W z4`^fKd}JRpvNA9?_A(eWb}}_KGTdRVOD=r+|7yvcrN^DRqyHW-3;h=J?AOKJ&yo+U z;CiuajpPf4MVlu1tKEqIemSqK|F9;r?UywLoSzxcJ3oz!`z_B8$z`}39YrxIMnb79J zn99s(z-S-{(#Xfc#ln$#;qtCUOsl_vqd``g1sGoq9II!&{(0zmNI!BI0ArmQ=y{{H z=EZ%P;*K_V3*aP7^Lz+}&aLK~=8c_MUrndn!IoPhEYwatiwewWZ7I z{2p<%ZgrS^x^VJ}oeAe}>O1ATX)H()RPf~Kn~;9Ddj4_OE6b#v_|9JYvVkYGYW~jS iTenTC;`{aR^~Z1Vr%oFB?&Y>N{@x$mzB*<@Q4#?BX5X>^ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test64/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test64/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test65/End Certificate RL.03.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test65/End Certificate RL.03.01.crt deleted file mode 100644 index 29d51a7f9224c4c94e135759613262686ecb91fb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 651 zcmXqLVrn;NV*IdxnTe5!iHTu@0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE;5ygM9Q1jP(o*4dldmEiHhwp`j6wG>8)CH9_VYB#>jj3l{su4MZXK^Mw|t z79qKyaXzx28Ce;a8+#cH8atU98yU_^Y=89m%g^O&@8l%fe#+{58uO&0H~aSA$$H#3 z+$Mc(Ke3N9jB8=-?~^^evH#mAR3u+{deY<8v-ju9i*7d8XO!0cy?^~xryifEYs^z2 zMs2foKP=_0>y}o(bL^WXvGNw5qxe*>ss*zBUQUYxEmHztx_r#~?{Ijgden=g&KH(7 z?M%#!42+9|3IjbiEA;Bc2!W&uV}1IOWF^^%n*9(_diGBBE%fqo6hD{KAYJ8A!^R++V$ z{2#boyZ*(z<^CjeV}a4Llao$6L!epC3n^@!E_YYu-d*v8E{yIpAh%!<#PQ|Hztom_jLi>uUr*QJRJ X&n~j8nB|kU_5G2SsNX3ITJHh?{W{pk diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test65/Intermediate CRL RL.03.01.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test65/Intermediate CRL RL.03.01.crl deleted file mode 100644 index bd2d906ff9cd2b70076ce57852dff0c7d221a211..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-5?)517ke{Lvdb9O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aP-B z7APNGaXJgl#mtS343l{pl%rmsU+p);%TdPWo$9X{x5}<_v>r8I9=dZ;Z))Pnhm$>u z``_NaI_pV>c+%GJlO-`R|KB}xc4>L~?av*i*{e@~ejPKl`R9sHuiHO7dGz=B-XlkK y7OXD{kgji1y=;EQS$?8h@lKmx{e16|u3bES;I+d?{uS1HQ&W8Sgxtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;-^EbCfDgiB4@oU9$;?YP6g3bA zi7*TEgcOw)mnb;qC1>Op8OVwAT3Q$w8Wab6Q-E_wE+;I-e`(NH(YN6)}m z4`^fKd}JRpvNA9?_A(eWb}}_KGHjf<=g`q|tygw^H%}ee#>VzQ%b8X2g|>B9!(~%P zj{t*{mxBARlm;6JSo63W`6#ZR%WGER8oEP0meoXGdP;uu#@z*qV)wTTJzxL*#BY(S z8~zu~J#=mI$z|QkFL&Si9AW@P-&!fL<_q`;vo%MTJ@0md8~I96m8SojTi4Y=7j6WTl& zQ<)hJ7!3qL8u?hbSU3(BtCy@i@#rHs8f2AOfbrG9v3l0)pNF1@^dpA>FxHuYo|m#- zuyR6IgmQO{>6VWOOm-dreqW7-S%kZL6+dTsT*vI9+um01eI3kN^Mx diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test65/Intermediate Certificate 2 RL.03.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test65/Intermediate Certificate 2 RL.03.01.crt deleted file mode 100644 index 57c2e5914b9e25790100b511f444afcfec3a2154..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 666 zcmXqLVwz^q#Q1*!GZP~d6BEOF170>xtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;-^EbCfDgiB4@oU9$;?YP6g3bA zi7*TEgcOw)mnb;qC1>Op8OVwAT3Q$w8Wab6Q-E_wE+;I-e`(MUJQN6)}m z4`^fKd}JRpvNA9?_A(eWb}}_KGHl<|yE;U2W9-W}PiodNzf0az&Gy@F&W{*fxz8dm z1b@v82<8fNPJX!CBrY^g*>pA6mP>mLT31xY&kL_|={jY(aNFM>GV5E{y1wF+FrCc5 z`I7$U<(wX;GY%DdhNL>^Uvyd4{?%d8%XjY2FCSE%)VNGq-}1PAp15}GO?~yJmf38} znV1Jn^~syY&-f^qgeiR^L`D+ZZFvg-jaRUo7VksEclrnr|CTV^>fqNTiw6>`+D_( zuu}umq6>4iUh@lR%}X#;^S>##f=~YK;UA%=j~$Y}6v~ui_n=&7?Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test66/End Certificate RL.03.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test66/End Certificate RL.03.02.crt deleted file mode 100644 index ccdb0e0862749e83426735b0ff8460e43beffe5a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 651 zcmXqLVrn;NV*IdxnTe5!iHTv80WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE;5ygM9Q1jP(qR4CKUlEiDWT4Gay9fTTf`IIjsZ*C2r$`(3cuFK!?Tv7axr zIJF4L1&#BO{mjV9z}(o&V9?mf)Y!;yHhRJ^)99tO5(a0j~i!8)rhB2V*KTqXDCVAkdSt zd@Nin9KFX*yF7?F^#L62vdS#L2x{P1?G*4b&EWSgWG@4wnHlKUmI+Ssb#LsJPcHO+ z+QN5Ut%OzaLXuUqV$2ftN3S0l_-iXJ;99z?Z)tDy)*lBKRKJ>;VeC7F5YhN1?-AQ5I^9%n~G z-5?)510y{HLvdb9O9Mj#Lqj7VX%HpOYhr=KHBdHCWMX32grv#GR@%kE;Mg3H#RabN?xe2+OT43OncXBvkPlh z`xu)R-&nWjr&jNk4a!rl?%MtEl3##+s}QSo;QOaDey`lT?e?nEM_1d&r(TPjtUCJ~ zugrbnhu1xtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;-^EbCfDgiB4@oU9$;?YP6g3bA zi7*TEgcOw)mnb;qC1>Op8OVwAT3Q$w8Wab6Q-E_wE+;I-e`(NH(YN6)}m z&%nr_aXzw-8Ce;a8+#cH8atU98yWVsyem$+!SbTGLww84f32V5eGbG%eVziVFk^JFRj>!{MX diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test66/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test66/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test67/End Certificate RL.03.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test67/End Certificate RL.03.03.crt deleted file mode 100644 index 85d5508dbce7a968795683b3fa58a20019042ef7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 651 zcmXqLVrn;NV*IdxnTe5!iHTv00WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE;5ygM9Q1jDg5NPMp`$!obkL(9j4-8bpcnnjmux63DUN1&jUS2BHxA`9h0R zi;!Hnvx=!#P34>5iJ2z)d%GXpzZWC>>;VeC7F5YhN1?-AQ5I^9%n~G z-5?)510y{HLvdb9O9Mj#Lqj7VX%HpOYhr=KHBdHCWMX32f~3j-sLB9hm#ioYGZ!P{ z0-z$W-LfJq%pf0t?2%Pw0V-3@#~zq$Vld=Rb;^8X6W71mJ^$0;IIVR|!XC;l#r^6z SCsyk|QLm0nkP2>k!v_FwtZGgG diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test67/Intermediate CRL 2 RL.03.03.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test67/Intermediate CRL 2 RL.03.03.crl deleted file mode 100644 index 15593fa840e0e7c1508b7f45f56bfc94b8e269f6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-5?)517jc(=e4vnFf=eUGy;+aQR2KN7D(I$$_9#HV`W8Hm_d#M86m680<^1vqfGby zr5h!lU(j64+}OwvJ7wlcZRWRrE&lqEZW&zxNeqhnDQuCTyCwlfT`FlS* v>Z)73OoL9$|5F>AZyx_PZxtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;-^EbCfDgiB4@oU9$;?YP6g3bA zi7*TEgcOw)mnb;qC1>Op8OVwAT3Q$w8Wab6Q-E_wE+;I-e`(NH(YN6)|* zhzuI%Bm0<R52 zTXt^ycIiWnME$2YKW?90u`ep8%lGPDU%E-n&E?vxsMPlUOG!`TRu@J6*;wKnWD|Ei z=X8}U+t0Pab(6k-b~pSgq`Q)*;p&v6fIG`(Ong2&_Ti!Jzjc1BcE8}W?#^WYM2@?M znV17Mha7{oM|h;CeaI7GA9v9)Ff@5NJ@ zndSGM1zdU|+I{o#i*?f51I4dvy|-XA`XH5@xMIVN_ZIbMexKfwyR6%+M@Mhw!AUV!Z diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test67/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test67/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test68/End Certificate RL.05.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test68/End Certificate RL.05.01.crt deleted file mode 100644 index bddd72da6190ee1400179f337cbfadeb3db187e5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 651 zcmXqLVrn;NV*IdxnTe5!iHTvm0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE?pHgM9Q1O!W*54dldmEiHhwp`j6wG>8)CH9_VYB#>jj3l{su4MZXK^Mw|t z78xR3&^RC2&y1`L%#FPa292Fejg1U@O*6&*Wz4$mZrO15@X{l1SX0h&f3N3i`)3(- zX==|}BcmN{m$w_PzP0C=ug?Yv5!Gw0^QSESy@(-Jw#1J;Bgo?V@h+7klX7|HmAf2! z>R#~g?%me*?lT+JLeFYn_S(7sLASzfCQ}BkjIY&KyFm8&zfx!+STB>e3jqNoF%~kf;Q1X diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test68/Intermediate CRL 1 RL.05.01.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test68/Intermediate CRL 1 RL.05.01.crl deleted file mode 100644 index fdbf8ea0caeffe5cf4c5760f8554725078a7520c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 393 zcmXqLVr(^Ne9y$lXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-5?)515-T%Lvdb9O9Mj#Lqj7VX%HpOYhr=KHLx%+V`5_1hNQ{>sLDVQY?rJk3o{qc z#lmcy32h#XsZ5MKKo9(9VP;}vSfC73Bm&}t6fuX&DzgAx*}(CylJlG#>#;p(er0ZK zWN7!x5P!+wG)-^I`l_kPlS_qb+~0Wo+w{xPXL{|8c-@+#-dC4wTP^i&MlX|QoYKEt zk^B|$!i?t~vbHMkG5<30w5r1Eax-zCqjL7*Yb*H9zqWCG^YGmBM-EH&aJn}Ct?g)x l<6N`+c+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-5?)515-T%Lvdb9O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aO5| z-p(iyel-Zq#mtS33^kAEswrLJ2wAs=ZN7s;{1JbzupO-2PxsDVCo{t(so-sZ{_z6u}>yI}2 v&-%k$%)K%F?`QtdI5|cRt^T}5$!p>Vx7o=}iuCd1G74BCcTI86+{H`)ZJS@q diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test68/Intermediate Certificate 1 RL.05.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test68/Intermediate Certificate 1 RL.05.01.crt deleted file mode 100644 index 4bc8127b322d44fe0ad8e1ee96c1f1c378b98dad..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 666 zcmXqLVwz^q#Q1*!GZP~d6BEN$170>xtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;-^EbCfDgiB4@oU9$;?YP6g3bA zi7*TEgcOw)mnb;qC1>Op8OVwAT3Q$w8Wab6Q-E_wE+;I-e`(NH(YN6)}i z4`^fKd}JRpvNA9?_A(eWb}}_KGCaS1-1nWs7k1&>b4i|km+OZ)U9Pn>{u9{9bdkTExi@iQ#8iQ$A~WX7n1?b=TgtvwdeM;w zZAXonm|h*;?ERZR>8|HD=}kVjS~u+CGIpx}+HUoYOJkc)LzT8mm{#*awQth`U4s7P zGchwVFfL9uNHpLF2A!-hBjbM-Rs&`r1rA+VevkkQFy`36u_CL$!f(K9z|F>)(B{FI z%FJlMXdnpE$j8FP!tt+?^PC*(u|42ukX2>@##aN!>RGRU9(o?qj~oWTSZ4-$e(TTg zJv(>A32xu8!lk?`eMXIw;_jK}mpB+JXR2Cg%;60U`Z8nMT8A9l%Zl-Bzp|$>y#4CL zuy113`58tVcRiLZiV_k{jeTLuKXcBpLqB{9Wj_8}5gfR<*8Y-(eX7%z{}Z2n=f4>v g;x^feV~b2%bw&_pQ|scG_`ee_`v`E`Y?$l;06zxNO#lD@ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test68/Intermediate Certificate 2 RL.05.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test68/Intermediate Certificate 2 RL.05.01.crt deleted file mode 100644 index 1ca8d5c3229d9053bcbc84ed1e45a1d0ee0e4f9f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 666 zcmXqLVwz^q#Q1*!GZP~d6BENW170>xtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;KgCeMfDgiB4@oU9$;?YP6g3bA zi7*TEI6E5Z2Kne2nCclA8pw(BT3P^ULqj7VX%HpOYl6(Bjr~Rl`y1yY`K+rIZ+~`&HGSO}3nOZcb-Zg`f7nUR5Uak4?80Y5P4 zWQ7?S|Ff_fFas%Y=*seg1XzGE#|DlSSp^n;16~7eHqL}L55`nxMgv9zL6Am17A_W! z$&0r$N`zkx0!M?aG7B)i8aVz{a-Nf8J+=oq41lrD4D@{16U*-}luRep3+ic|d7-^A z`S!;9&n!c~=VZlQ@D7wXE2W>zv6Un63iq7Hkvh{f-n&)BE?m5XX{*pRuh4Ac>p{+| zr!NqWIV-6D|EtZPBi5d8wrgF=QLhXvoFU!aENSo{X*NsH=If3b9{;YYrp=4?H;HCi SzWiQK^~ANQ;@e(3mjVFTcg>0b diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test68/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test68/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test69/End Certificate RL.05.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test69/End Certificate RL.05.02.crt deleted file mode 100644 index 00fc716dc15e4145547293021679cff67297f8b0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 651 zcmXqLVrn;NV*IdxnTe5!iHTvS0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE;5ygM9Q1O!W+m4CKUlEiDWT4Gay9fTTf`IIjsZ*C2r$`(3cuFK!?Tv7axr zIJF4L1&#BO{mjV9z}(o&V9?mf)Y!%P)I7ASM;Wz5g5STcLn z27|9<%{Mzvp8sSOzjV6j{d>+YY^V0#>%2T&%|kU&N6c7M^mR%|>c&m0OiDNPPhXa1 z$jQXa$iTQb$RGe5oU;6kjQ?3!n3-4~fTKZHfra0I*MOUiGoj6cF_oFofYCq@=t)^V z7A_W!O}BU4nL5d7FF4#~m05rh)W8w3=f%PP8K=dOy$pDq^_dvYzO2RO~;QguFcC)Ri8 z{twOdItFh~)=b}I*xU2l=0@&Y`RaY>;VeC7F5YhN1?-AQ5I^9%n~G z-5?)515-T%BXM3!O9Mj#Lqj7VX%HpOYhr=KHLx%+V`5_1iKNN^sLDVQY?rJk3o{qc z#lmcy32h#XsZ5MKKo9(9VP;}vSfC73Bm&}t6fuX&DzgAx*}xI8=f%PP8K=e3{L0+e z$Pmo?;_Kq`X$P)~6nQp>m%d%CrKXbFp_q5&M;GrVo(W!7%Flc6)b;IXRTrGG?B2n> zhYJhLAN3{Nyn3>D*(Uw-p03u53^sC1+p@>+e8Y?WMcWwccPmS`=^mdImpyx*p4`h& lr~9JEHa(uP;Rfru;~_C^o4fbfRXkUIcx$x``^r4g%K+a2bKw90 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test69/Intermediate Certificate RL.05.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test69/Intermediate Certificate RL.05.02.crt deleted file mode 100644 index 6c19ee09e9306290605686f77cf5d5500dcaea33..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 666 zcmXqLVwz^q#Q1*!GZP~d6BEM@170>xtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;-^EbCfDgiB4@oU9$;?YP6g3bA zi7*TEgcOw)mnb;qC1>Op8OVwAT3Q$w8Wab6Q-E_wE+;I-e`(NH(YN6)}i z&%nr_aXzw-8Ce;a8+#cH8atU98yOZojzq@5u+C3v*bM1Ze^r!!S zx~s9;v_4b;y^{1NucdUx8`FH>HJsXC*Kf3R^@0`fHAo;QMY~6V8CD)U`eBQEc z%XcPbMh3>k$p(oA{J@}-6=r1o&%$cJ45YxJE6WcOU;)M)8#q>E6z{|7hx8+d0Wj8?fu0YI z3_0eqacQ2u*Yqd5Z6Cj>X^>Ps^8I7u$DO(l0&jnlS((3^OAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test7/End Certificate CP.02.04.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test7/End Certificate CP.02.04.crt deleted file mode 100644 index 0f97e6f5a1c9ded1df1c8b1f7558876b203b38e2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iILBMmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uC<0eS{TdIly2a^k$E1_p)(hK5E!(jZEl*Te#eYmh*W{VrJS7dH@v*v}VQ zoLYqBg2wsCer9B4U~cSXFlg*#YHVcK5dI`dVA~&^gE>4r#?O}tsa)F>lzVD-hi16W z*_KJ%2Y0`Swl@2+|K{51PMz#~gCi!)KX`nqlj@y2nRbb{*Y&X7bPajp^89bW)8?<+ zUn}phd!Au2>+JHkuMb(*-u~s-Qr~29y(jhKCFiJ%r@lyJ|DLzkH9z>wTPwwC%u7Y7*xfP+((pONuD3kx$7>jQ8!$SSb#8}J%%vvDT0c`&9jGa4`&2m(DR z%g4gS!m(rN`=^;Az6s!PmsMr~Mo+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zUFQHj10y{H6LDTkO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aN`D zmrtlP@Qg%rF>_-hL)e8yO6@A!O8X9G%(6W9*4HV2PhFj2YZ3d`hciyNzCCbTKfkP5 z>-jF(y8AEP4^CmUYpk7YShDZxtb-4C&#=CsEy(Ne;O;W{t3@>{8$DWmQ-T#fl%|#+ w@;N%AK1C=i%H74JVsEsT_&yuQ?QFs~XP^6Y<@{o2=BM$W84XfjWO*0^05Je&k^lez diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test7/Intermediate Certificate CP.02.04.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test7/Intermediate Certificate CP.02.04.crt deleted file mode 100644 index 5c1ddd3e383a73b1f209a704147804f4e4effab8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6C#E{2;3narW%OkkN9yLWQO_0K!LP72HAiP~3u{u$$o%X#~33Irr1_uQEJ zk%^g+fpKxNL81XaFz95385#exuo^G}DRAh@@`D6efDy+Ajulx27JdU>18z3XgfAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test70/End Certificate RL.06.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test70/End Certificate RL.06.01.crt deleted file mode 100644 index c576960be17ad3e3d5eb65036c1df9ff116a110e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 651 zcmXqLVrn;NV*IdxnTe5!iHTv40WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE?pHgM9Q1%=8Ql4dldmEiHhwp`j6wG>8)CH9_VYB#>jj3l{su4MZXK^Mw|t z78xR3&^RC2&y1`L%#FPa292Fejg1U9LxhX@H{Fb0*>odicF2#H1@qoSw9MGBcb?qR z+kbv<+`4&r#fuxOW!WnBXC5(}%SspbN^jeobpfad?GBMJMD0M@Jr?exAe6Imq++JuZUheXTSD}nJ?EY zmtdO8#LURRxH!ll034jM{EUqMSy-5vSRa6+K~{l<-+%X4AdV6=qF=Q_TqnR1#*VvO{V)xzmC`_KU{v3&vmNbdyUM1AMH_>6ZNLq$~-#5Wo&Jcv@J>F X$I<#JihF*Uhi-|G(^lvBxb!ywPkPXQ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test70/Intermediate CRL 1 RL.06.01.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test70/Intermediate CRL 1 RL.06.01.crl deleted file mode 100644 index 77dafb90941eb47ddd8448006481fa3c610d48b6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 393 zcmXqLVr(^Ne9y$lXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-5?)512a7XLvdb9O9Mj#Lqj7VX%HpOYhr=KHBdHCWMX32jikx|sLB9hm#ioYGZ!P{ z0t*8(u-&pEEX*Ju2(xh}w0SV5GBNT1x&J|e3}DM;m05r~8#tcqh%bHBt`vdhSLVh> zhAH!o?h@l&)g9Wms584Jwa)F(;{qPxQumYx#`oOc%vx;3C1$YS=Ix~=x4SAT7BGn% z?NHNCKXhtt`j1kv%MX*LtWZB$v#(ES#-Y`}t~@uYU^bh~lk&yLwbwyA;?kNOE?eD` kJG`@fyN*3y;=8@gDClzG(Vr}*vOlOx_Wf^@VYYt?00&udS^xk5 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test70/Intermediate CRL 2 RL.06.01.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test70/Intermediate CRL 2 RL.06.01.crl deleted file mode 100644 index 4e22f3966592aa4e298bda725905872cd414eaac..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n}* z-5?)512a7XLvdb9O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aUQ} zJ%9D~?u=t-E@p0QWKc>;n18`~xqRG_N8S(B_x2rWKRfpg!F!dwR5i zi5!=We_!S9VxcxAZ`06&Z|+XZ3)}cCxpsTWYTul-lPp9ZFr~h)?GRb1tvOd)#;j5L we&T#dW5!JF%n7TntDRy@e_qjd;NRmr3+<*wCRIi6-q_PJ&ofExtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;-^EbCfDgiB4@oU9$;?YP6g3bA zi7*TEgcOw)mnb;qC1>Op8OVwAT3Q$w8Wab6Q-E_wE+;I-e`(NH(YN6)}a z4`^fKd}JRpvNA9?_A(eWb}}_KGR%_6et1&kiSCi-yJXWWWRAsIrNmAM*YEngOhf14 z+FhSvLXxPN?pz>uVtb*JtVo9Thuc5xe}Z>zIEy=mI6IEmR6ZpM?lB4U&?m)Fj_^mElw$#+~yoNqEh znV1xtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;KgCeMfDgiB4@oU9$;?YP6g3bA zi7*TEI6E5Z2Kne2nCTf98pw(BT3P^ULqj7VX%HpOYl6(Bjr~Rl`y1yY`Ghp4IcC4si5z|Qa0SzcM Tz4XTNYXTp4vhaU6c5^oXk@(g| diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test70/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test70/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test71/End Certificate RL.06.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test71/End Certificate RL.06.02.crt deleted file mode 100644 index 0cc1718ee3c3e750611189704b4a587728e4ef10..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 651 zcmXqLVrn;NV*IdxnTe5!iHTvK0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE;5ygM9Q1%=8S54CKUlEiDWT4Gay9fTTf`IIjsZ*C2r$`(3cuFK!?Tv7axr zIJF4L1&#BO{mjV9z}(o&V9?mf)Y!=IJ=jKjKGVc0e@*P_Y&&{?di!wC-)^d0^=7tt zT0+E}syptckGo=am~z~WUgdT`{c-u%Pm9-iuUWZw@=w{%Ev%Kgk1jv_b6d7ORJ^)99tO5(a0j~i!8)rhB2V*KTqXDCVAkdSt zd@Nin96z$&&wQc(J`5c0vdS#L2x{O6jxy@E3Ek&|>}6myGXwqFYW8%~^*?u-xsQ7V zixh;_YZRC9I~i>`TR1mpZ>8e?Il5PhL<80_>x7m~x&QaHUgNs8e1hwIHk5u!Ir8^| za;x(qE#+?hl{@VBo$X)u^v0D(pO+-fI%J=|>gUg`=2ur_Pdop6(!M{RpZ{3kB;l{z YS$Rr%!&E-$s?FM$Dlcgp7sVt10BvyAi~s-t diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test71/Intermediate CRL RL.06.02.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test71/Intermediate CRL RL.06.02.crl deleted file mode 100644 index c34a95df1cc72084b6b37b1548ee24c6161fe972..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 393 zcmXqLVr(^Ne9y$lXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-5?)512a7XBXM3!O9Mj#Lqj7VX%HpOYhr=KHBdHCWMX32hos5?sLB9hm#ioYGZ!P{ z0t*8(u-&pEEX*Ju2(xh}w0SV5GBNT1x&J|e3}DM;m05r~8#scajQVXt_xYgtmASEz zfvLBDPTCf~4`<$HKGRTQN@xyWv@YpHKO^&T8;8_c{g(T!ukFvs6uPnCb6-&)k0W&9z+Fr_q|A#yRZ*A<1Evd)v@g=Z-P03d2^6aWAK diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test71/Intermediate Certificate RL.06.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test71/Intermediate Certificate RL.06.02.crt deleted file mode 100644 index 07076019cf9ba033e9e977f0970d1d2003624b31..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 666 zcmXqLVwz^q#Q1*!GZP~d6BEN;170>xtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;-^EbCfDgiB4@oU9$;?YP6g3bA zi7*TEgcOw)mnb;qC1>Op8OVwAT3Q$w8Wab6Q-E_wE+;I-e`(NH(YN6)}a z&%nr_aXzw-8Ce;a8+#cH8atU98ySwA^t|-#iJ{=;9S)ayvioN=ty z$Nu%qzRx(V*58zvKIP`ef5CY!LUZ1HYB5cW?&{~)ecO*NJgk!~cp=ccBiL3l!q2kmlUnNw$yrkl{hA%EHo?K?b$CnItjFu$ z3o|h@GB7SqHb^w!2L_$2FeBrC7FGjhAO#LxS$>cJ3oz!`z_B8$z`}39YrxIMnb79J zn99s(z-S-{(#Xfc#ljIBWz=sIy3Yq34YJBC!1!w5SUv0Y&qL2c`jNu`80*YH&(Bs? z$+Hg*p2jix;I(&G_)E@fO7OYg2!0lO`b>=FW``E3yNy-6J9R#`NS^w#!98PR2*Mju>-5E#4RvbBXdlr9()|UMT hHN-yOeP2G~<;1TU`zB_FTXvT8pV17y-tT2_6#$Wg*319^ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test71/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test71/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test72/End Certificate RL.07.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test72/End Certificate RL.07.01.crt deleted file mode 100644 index 6c61375d8775b9f5219d33cb04b29f044b897d02..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 651 zcmXqLVrn;NV*IdxnTe5!iHYHW0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE;5ygM9Q1%=HWm4dldmEiHhwp`j6wG>8)CH9_VYB#>jj3l{su4MZXK^Mw|t z79qKyaXzx28Ce;a8+#cH8atU98yQy5{uVd;%G;Yxt^vy(T8#_#3B9;n-Ip!*BaQ89 z!j(fymbXN?R+dk%<`vj6L*@E)jT6)Ox*o+{{&mDnx%EJSNkYQz6(@4Tzt0!vESanD zzx^#%%s=`<*?;?5~z=mStMt6IJbJe^^eD zdo>d?BLm~&AcFvKaLV#CGX7^_VP;}|0FDM(1r~k-UIT76&V)7(##ClT14aWupeJSd zSh!d?5(7V;TkX0d1|06P$}GSLYTzh7GVzhlhwKf=UIs=pGtjThk-i~ipHFrzG59?D z>P^G>b=r~q>CY!5)~^qGS$Zvc>fyWt3KJ)O2>W5vxb*P@?tM$mO_~3{`d)YL%WlOV z6JM>nrK|hldaPrB26L;C!}2Pj#j&euPu1NpC^fz!-?!Oz&I+~mX$RFbWYw8`q7NR| X)DAJ&UfBF+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-5?)519LqCLvdb93j;$SGy`ITC>Yn!2+UoeY@i4>R#t?C8RR&S5wglGK)V_^ijPcu zr1K$r1DcDO8ygv{)w1iO1LwVYv3h%gQ~x~6j_4xtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;-^EbCfDgiB4@oU9$;?YP6g3bA zi7*TEgcOw)mnb;qC1>Op8OVwAT3Q$w8Wab6Q-E_wE+;I-e`(NH(YN6)}q z4`^fKd}JRpvNA9?_A(eWb}}_KG8{Af=qbb53>>Lm%GFsk?Gx=X0&y_vp{6qS-wfcW1Kr$teBPcw;<;X;%s7 z43~)#HvK6x?zd*V;C|`UyL0n~husD)FB=tkPCqnSSSiR=v@G^ylc7F)&#qTxHA)ep zOw5c7jEj>E5)Jr)K_@HB$oQXy)qojDfkRi8A0)s6j5#)NtjH>`@Eh=a>Tb@TZ?-+agyWhTWj<@Le)^CtEE gO|TVQ;(o&Cga0iH559+td;ZpV0G0OA+yDRo diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test72/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test72/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test73/End Certificate RL.07.02.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test73/End Certificate RL.07.02.crt deleted file mode 100644 index 9bae5325f1b1fc0af414851d02db9955a7a6705f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 651 zcmXqLVrn;NV*IdxnTe5!iHYHm0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE;5ygM9Q1%=HY64CKUlEiDWT4Gay9fTTf`IIjsZ*C2r$`(3cuFK!?Tv7axr zIJF4L1&#BO{mjV9z}(o&V9?mf)Y!=ID~VgWH{U~l|0R|uUYibvq=*{Mitbx3XbqdTni?`@O`zGhz6lwefscbs?W#?}0V+YEjxJjhz%*Q*_z&zl(Y_@RzgQcJhu z)`P#cOl?dzG-EsYyQem1?Ty02-tNKI1Y(M>TvusPIyiG*rgEeCg996#7rz&IYo;9U zdXR~kk%4h>kU;=AIA!@68UM4eFf*|}07rwY0t>$ZuK_n3XF{6?V=6PF0i%H+(37%! zEL2kE)1c$q0i6X Xk*}$&X|~ZN7O6)G%UM^+_DBE#*tyR~ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test73/Intermediate CRL RL.07.02.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test73/Intermediate CRL RL.07.02.crl deleted file mode 100644 index 6b76dc0b8a32102600dafe687a35cccea4df8a6b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-5?)519LqCBXM3+0|P@KGy`ITC>Yn!2+UoeY@i4>R#t?C8RR&S5wglGK)V_^+I}jo z+n{;yEt-p&8ygvPL$&T^?YEl!@|*fI=hpD^?Fl+p>Ym*BKI>71>+DMRX+PXcBBn(o z#9TAD;dUfMF?sIKz3=V5YrZiKji0~x_fE-OoicalFb1+`ZC;sm=;KLET@zlXL+kwf uO<6Bqxtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;-^EbCfDgiB4@oU9$;?YP6g3bA zi7*TEgcOw)mnb;qC1>Op8OVwAni?1w0->3Kfw4i9IIoEXh-+vBBn_g-vp)r|{mzbt zxt7pCbdFXjaKXMoV zW1Si3c{UbVHoNq$^$)jk&%D3pd|R(Ho9mm9UnwmXcb?44e_hwP>G#^X;+OS=IE{6# zB``j2Vt6T-w=TU&%vUw@iqrf8)1ym0u2i~L)s`>%bC~&-f_}ra+}8J;-v7^)NSq9r nz-hF>|HRa+d_(VG9TW8(mrqRX6Nz_Uy;n~6tMTLeKUn1eAUo0= diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test73/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test73/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test74/End Certificate RL.07.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test74/End Certificate RL.07.03.crt deleted file mode 100644 index 93e05bd1ee72d00e74a6466fff42f06ff96c2b7a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 651 zcmXqLVrn;NV*IdxnTe5!iHYHe0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE;5ygM9Q1%=HY64dldmEiDWT4Gay9fTTf`IIjsZ*C2r$`(3cuFK!?Tv7axr zIJF4L1&#BO{mjV9z}(o&V9?mf)Y!;yMiPv3;&9rPV8l}m&jjk2=dGAZJYytNbB07B8kWB>pF diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test74/Intermediate CRL RL.07.03.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test74/Intermediate CRL RL.07.03.crl deleted file mode 100644 index 8733b183c855873ff3279790589e1655f34755d4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 337 zcmXqLV)Qj=+|I>;VeC7F5YhN1?-AQ5I^9%n~G z-5?)519LqCV{u+fO9Mk7Gy`ITC<%Te15*Q#fT0msV1crMBG_PA5f)~U^FW5kDzgA> zYv71cy;+qgI3)HO=ZS)9v5zs6Pq0GfYc A=l}o! diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test74/Intermediate Certificate RL.07.03.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test74/Intermediate Certificate RL.07.03.crt deleted file mode 100644 index c9258148d991908a45e70af6a7144ad281805a74..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 666 zcmXqLVwz^q#Q1*!GZP~d6BEN>170>xtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;-^EbCfDgiB4@oU9$;?YP6g3bA zi7*TEgcOw)mnb;qC1>Op8OVwAT3Q$w8Wab6Q-E_wE+;I-e`(NH(YN6)}q z&%oHAaXzw-8Ce;a8+#cH8atU98yPcT;*?uyDIlV}e)?vURT<9`X1qJx zQl9vQBgVL7_Qi`gCarv$G}+UA?#%2*l6q%zQa0<#{d@6}`=FMg`Q<0f-_K0yJ9lAe zW9{vQ`zk)o3OJLW*q-8lLoW|_n-vFslYjRZ1+1T8YZ zJ2NpeGB7SqHb^w!2L_$2FeBrC7FGjhAO#LxS$>cJ3oz!`z_B8$z`}39YrxIMnb79J zn99s(z-S-{(#Xfc#ljJzdb27~a7qw38f2AOfbrG9v3l0)pNF1@^dpA>FxHuYo@e_h z;gXOTxXyClw#G0Ari#4DlXi1xilsg0+rOgY-2?^YCA*jX(wP1|Tt-*-9E;tblX{V- z{@u>BKe_JyFO~V7T`GMgDot&yNxtVN+4RNmK09|Vt0h+5;$PdooF7?-dzoL&^jfxK gnT_k0m4Ect$$wYhBv^T8QrhRTw8snq>noY~0S_wDUjP6A diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test74/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test74/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test75/End Certificate RL.08.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test75/End Certificate RL.08.01.crt deleted file mode 100644 index 7d8179be08ee4a024ea09b5eb699f89ca3e6694b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 651 zcmXqLVrn;NV*IdxnTe5!iHYHu0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE;5ygM9Q1Ec6Tv4dldmEiHhwp`j6wG>8)CH9_VYB#>jj3l{su4MZXK^Mw|t z79qKyaXzx28Ce;a8+#cH8atU98yW5koSJ5|(%fzP&e=`eTbYa>Px6@c)%^Vh)xUac zZ|h$^r`cKD`A}hr=4aQa6#fT?-XAXdtf2DQP9)}M@T`jy%w{lZ%iQmd3~*_EvSC;1 zZnu@6YF{+X&9Z(Xv77xw-`$O`H)Qg%PI)6UW3iC?`5J>{-<&m34wsI^9b!E-#d*WM z&UPkdMh3>kK?VWf;FRTOWc<&MzcJN=Xeq*KhjZJ4= zX}d(vssiQ4kZz@J#j{ND#wMYS8OCORuX5*T2deL3KCE#~G$i!3{szX7rX8(*?KOu* U@~XTdWP+dP{pcu}6Mxzp0GIj4?EnA( diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test75/Intermediate CRL RL.08.01.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test75/Intermediate CRL RL.08.01.crl deleted file mode 100644 index 19f472c7f9c2759d2f520a9305be72fd315c9bf6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 350 zcmXqLVvI6qJi^4tXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-5?)50}DL^Lvdb9O9Mj#Lqj7VX%HpOYhr=KU0`Hj05(=ugoPR6IOb4UX-3BX5H83> zS!EWW)eRhS2G!>mD(&P#^8j;WBf})ak_9fgPfNFT?^QT;Dn+n~{X|0hyp<0o>lN*0 z5pvrZ_U^8}xtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;-^EbCfDgiB4@oU9$;?YP6g3bA zi7*TEgcOw)mnb;qC1>Op8OVwAT3Q$w8Wab6Q-E_wE+;I-e`(NH(YN6)}Q z4`^fKd}JRpvNA9?_A(eWb}}_KGHgy0^zkg`4tX}Kyz|A{(n}=`T=iY?B7HsyZ02+F zWAlDq)y@>oXmMz}81hBd*m90zt#lFpwWYW29r&VJemSrw;&<2my$M$o-+kt4ouk3< zi+R?U=e}2t?2MJU5_FX}A}NF6uf~C>habFMznluUFlO4n!fesQ*=3C7NntJ(b~XG= z%!~|-i<1o!4fugUCo9az_@9N-En=&qMl=!vGlT%s|hJTu?r{ zj^m8L!yO_~`%|-7I-b}}Yc85`y|Cih2GtpB=1k(e_f_#WM}7Cc-0PE^w6xOOYvx|? z{dar0-8`Y4-?>GyrSd!@cg7@c4gPgEQCTDYB^N{tEyEKF%fp diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test75/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test75/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test76/End Certificate RL.09.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test76/End Certificate RL.09.01.crt deleted file mode 100644 index bde477d893b7ad653e2c0a11d3aa32188f46eb23..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 651 zcmXqLVrn;NV*IdxnTe5!iHYHa0WTY;R+~rLcV0$DR#pasI74m&PB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzInapJFIrzz5;6holylWagzCiW&%m zM3{wnoE;5ygM9Q1EcFZw4dldmEiHhwp`j6wG>8)CH9_VYB#>jj3l{su4MZXK^Mw|t z79qKyaXzx28Ce;a8+#cH8atU98yQ}n_YdW)InYvP-}zbPqJVLRR3~RyyW9d<>o3<{ zy*?Lqv#uulTAb)JPlYM<7M4e(<_1>1D%SBc@O@v#Si0k3G@yj3;t(toK;a=LC zY>gi$`S!njYhj$1?DYIph@FS-u_9Odp4DeA)QU2MdH#HyHs`{GEmPjt_@dOEFJqEBicQSply*XFL6(iOQ_7 V7hmTIiP?XzJNEROY+K3dDF6kq(7XTu diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test76/Intermediate CRL RL.09.01.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test76/Intermediate CRL RL.09.01.crl deleted file mode 100644 index dbbbd43bee3b10761f08256c59c66acf4833310d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 352 zcmXqLVvI3pJjTSxXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G z-5?)514}&vLvdb9O9Mj#Lqj7VX%HpOYhr=KU0`Bh1U6PygoPR8IDViJvNDW}|5;cK zn41{?gUysxW&v8>z|k_};qGGw4#8+%U~X(=;PNd~SQY$l*F=v4Pga&L_2RXcS`l;O zTS>=e!3R&%Qy-UFFYn{t%Nh2uXyM^~8cwk;NBwf%CEOBPP@>XhEN!{MTxpHa4l#|Z z`=(8rbX2bHisL!<#Vc;CSiIC)Un1(bi00AD*Z-<6xn(FMZWZzI-e$h5ZaHxtu~Lg@4SqRtgH+MafaLmoNUaYENsF|p}~d{ z24Wx%moR^*Ua+2mdwyAJQC@CpUWp-(0T)PyTbS7;-^EbCfDgiB4@oU9$;?YP6g3bA zi7*TEgcOw)mnb;qC1>Op8OVwAT3Q$w8Wab6Q-E_wE+;I-e`(NH(YN6)}g z4`^fKd}JRpvNA9?_A(eWb}}_KGHm*(ulFzBAWVOe*mUb-yQNqy))?OVru19qZ)n9; z1&MY~sl`X;y-;xeq1U#-J@ezjE4S08xIMF(C+2)VmUZ)S*~fb}epoOmwdtZ(zl9aY zue+~QJmqiO$3`_M^~VLq{7gE{R{T?Mw%>IY2NstTB38!dkE@^k;96C`Lo3$i$;ObM zOw5c7jEj>E5)Jr)K_@HB$oQXy)qojDfkRi8A0)s6j5#)NtjH>`@Eh-` z^@g|2vzb3v_%iOao10S5U*}nB?7+C0Cn7vDh^5N>_2%Qzzq`+^WK7j`neUPCLu4Ue e<}CC0yV6_dZMyGv&uIBeUfHZFh5i4G*?9o`aLy|L diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test76/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test76/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test8/End Certificate CP.02.05.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test8/End Certificate CP.02.05.crt deleted file mode 100644 index cb99c2ac554c44e8ca22f34faf6efbde384b947a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 652 zcmXqLV(KtxV*I#(nTe5!iBZ6SmyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uC<0eS{TdIqKj3KINAK+3?-z|hbLNE$?m^O{&7aSam4ae)gK7l<2(LR`QX zTAW&hmDnd;#};S{z4>Y zmg((pGuMhVt=xIEYEQA3c3%1BgIaalYHp?p?$j`jTt9#FJ+DKP7Pm=TPuUyvs$!16 z#qQl|XLh{LJixrawVnOu+ER|65w_x8tv}oMT+=?hw$(u>Z7J7;O)?L-%KoSvwmf0xhk5s90s)~D)ad{K diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test8/Intermediate CRL CP.02.05.crl b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test8/Intermediate CRL CP.02.05.crl deleted file mode 100644 index d5ee3c3ce3eb7dd3bae060cedcb703d3f4546263..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 335 zcmXqLV)Qm>+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zUFQHj10y{HQ*mBPO9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aVDf zPE>xPr`(0+V&=w1hRCTLHv?xpnzrPU6O+Z|{~W7t&1}qhcE__;ZZCsguE6}()5Xs` zA3o7_i~rYdTYiw`)Lxzq9T(+{E8?5AcAQLk5dJjvxQ*n_0PRC}V}y3_>jrfe9(a;a w9vq<7Y+x+NxIt1Z{cQ5jUz@6)y$avw&5*2oVb<=6#?Cu8c*bn``HTG-0AQeJlK=n! diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test8/Intermediate Certificate CP.02.05.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test8/Intermediate Certificate CP.02.05.crt deleted file mode 100644 index d26979cdd6f04e0c115f14ad0a0a390f7d6ef106..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6C=L?FB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%3ndec#JADOJsL-dkp`;yt&P&fgst!WVr)dU?FY)QOHv z%!~|-i<1o!4fugUCo9az_@9NNJ%Mj?CaPuW*vM~xdpb^HY4M6+=i8}wK8vvb z-T(Y(>y}RkCh4%By?7*VQ_Hl2DHFGR-d2D86ZeNKZr#RPF5DuQ&#?J!>$zBqXyo~b!Kb8GnSf`3`p8I1toAr&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test9/End Certificate CP.03.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test9/End Certificate CP.03.01.crt deleted file mode 100644 index 4dd2352b4e5a95615f79fac3d8a2d245fa390cb5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 650 zcmXqLVrnyJVtl`VnTe5!iBZUamyJ`a&7D}zCtA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HO>F%&T1gYeixQj1G6^U@7P4TM1= z%)&g*j)uC<0eS|;dIp9Da^k#}7C_q2&AKA~0tPISJy$lA8olK354D%1@E~_)VT&Q9AC@Aj56;AMu#;sfW+%dVUJF>Xx71RM9b; ziJ6gsadD7A05~{h`577iv#>BTu|5DtgRBAzzX7iSHydX{n+IbmGot~cfgsS6vV1ID zEF7P67j5GIV50>NcUff?U<5UAJW8^%vNl;%jqGJ$G&2MJ+7+a3VXNe{>9wpR-(#!4 z-dDpJrk)J1tUdVcG&}or+{(nrXu!+HsnzDu_MMlJk(HIfAkL86fRl|ml!Z;0DKywn!axkf;S%N# z)eF{BaL+GGEy~MH%_}kFG2jBpa0@fL>;VeC7F5YhN1?-AQ5I^9%n~G zUFQHj17ke{Lvdb9O9Mj#Lqj7VX%HpOYhr=KU7&2B2sTz$goPR8IFJ#t$}B*;8aN&$ zSy@?|EUHFxF>_-hLp_`PBL}uerw-nX3F}JAxl$wUyZG>;_N7zVRnuqq|MAT8-z9gs zequ%V{8vwJ%iaIzdVSVH4o_*7{*PDZzjTt;Kf5ARO^ZuNpK-#kv&K?;JcI;o`KNkw wU0ulIH<@M2;`fyogDj05GY;n)n@rn2r(oC4U-#Bb_j%)9-?>e{$L5zV09o*4rT_o{ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test9/Intermediate Certificate CP.03.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test9/Intermediate Certificate CP.03.01.crt deleted file mode 100644 index c107dd756ca2c1518020f2bc979c49234b011f71..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 665 zcmXqLVw!5u#Q1LkGZP~d6QiI3FB_*;n@8JsUPeY%RtAGOLv903Hs(+kHesgFU_%K5 zF%XAKm_Jl6SWm${zbv&VFE=%>#E{2;3narW%YYDT&4D53&t6Ms)lVXxdz< zl_AbDN9juVmo@1=tw&fb^w|9FIeJT*pIP_#{+Vg(ECo34%~lI!%{eWyjoU_D{qmh+_lCimU<)zX7iSHydX{n+Ibm zGot~cfgngD9}5=?$D<@GD{GTQ)!=B5Rb~OkR|CiDS+9Q{dLGh`90tHxX9jxSFmQA5 z@*fEgU&@8;OM2MUQ#>WL>%f<}JEcom#hPE=nC2q=F#4HDK#-i!wWR`@mA}fS=4HQ{ ztYT^I$J_hixra>tgVP@Q3Dt%z8z%8Gj0h diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test9/Trust Anchor CP.01.01.crt b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/test9/Trust Anchor CP.01.01.crt deleted file mode 100644 index d7dfd9d48f0460a72466c63c92a3ca4f8ce85c70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 624 zcmXqLV#+aSV!XP5nTe5!iJ7r&z5y>Ar&gOs+jm|@Mpjk^gE&KO15P&PP!={}rqEzR z2?H?@hfA10R4-Uh!9Bk$wJ0w)HLt{w$AAkY!!6A0lJ8^^Tkg-6(V)r2(@D`ahOZ->w_RB(EIHoIWyO8^g zqMcjA8s1e*m5}<9T%cw-TT-E=cXv|!eVv82f21#1?Y?nF+DvHC>a}*y9tLeG6&8G> ZK6P30`O9a%_}$pGW9`~AQmM>;VeC7F5YhN1?-AQ5I^o{*x_ z;t~bNyyT4hB5__zO9Mj#Lqj7VX%HpOYhr=KHBd58U}989Qe*&BWB{>BR+NRAi;;1G zvVkJlYFQB$W{?L!*2pTe02MWGte*Ay=b`5z{b;^oZfs=W-kFuozF1Xsx6_~F*W-T| zwsYUxHmBi?`<*XS{yl$xVyAVMNZn6q_pCkpBOk1Hy|a1Fjt&ccNj43=sH^^~4i{~> z`8#5lyhCf$?=Oe%+Apm>9Ku_Zm$R{WNiI&Ts22MIDp6 Tx^k7bFjlxZtkivWmP-r(p|o-l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/x509tests.scr b/SecurityTests/clxutils/certcrl/testSubjects/X509tests/x509tests.scr deleted file mode 100644 index f10f96ba..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/X509tests/x509tests.scr +++ /dev/null @@ -1,969 +0,0 @@ -# -# script input to certcrl for X509 tests -# -globals -requireCrlForAll = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -allowUnverified = true -end - -test = Test1 -dir = test1 -revokePolicy = crl -cert = "End Certificate CP.01.01.crt" -root = "Trust Anchor CP.01.01.crt" -crl = "Trust Anchor CRL CP.01.01.crl" -end -test = Test2 -dir = test2 -revokePolicy = crl -cert = "End Certificate CP.01.02.crt" -cert = "Intermediate Certificate CP.01.02.crt" -root = "Trust Anchor CP.01.01.crt" -crl = "Trust Anchor CRL CP.01.01.crl" -crl = "Intermediate CRL CP.01.02.crl" -error = TP_NOT_TRUSTED -certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_CRL_NOT_TRUSTED -end -test = Test3 -dir = test3 -revokePolicy = crl -cert = "End Certificate CP.01.03.crt" -cert = "Intermediate Certificate CP.01.03.crt" -root = "Trust Anchor CP.01.01.crt" -crl = "Trust Anchor CRL CP.01.01.crl" -crl = "Intermediate CRL CP.01.03.crl" -error = CSSMERR_TP_NOT_TRUSTED -end - -test = Test4 -dir = test4 -revokePolicy = crl -cert = "End Certificate CP.02.01.crt" -cert = "Intermediate Certificate 1 CP.02.01.crt" -cert = "Intermediate Certificate 2 CP.02.01.crt" -crl = "Intermediate CRL 1 CP.02.01.crl" -crl = "Intermediate CRL 2 CP.02.01.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = Test5 -dir = test5 -revokePolicy = crl -cert = "End Certificate CP.02.02.crt" -root = "Trust Anchor CP.01.01.crt" -crl = "Trust Anchor CRL CP.01.01.crl" -crl = "Intermediate CRL CP.02.02.crl" -cert = "Intermediate Certificate CP.02.02.crt" -error = CSSMERR_TP_CERT_NOT_VALID_YET -end - -test = Test6 -dir = test6 -revokePolicy = crl -cert = "End Certificate CP.02.03.crt" -root = "Trust Anchor CP.01.01.crt" -crl = "Intermediate CRL CP.02.03.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -cert = "Intermediate Certificate CP.02.03.crt" -error = CSSMERR_TP_CERT_NOT_VALID_YET -end - -test = Test7 -dir = test7 -revokePolicy = crl -cert = "End Certificate CP.02.04.crt" -root = "Trust Anchor CP.01.01.crt" -crl = "Trust Anchor CRL CP.01.01.crl" -crl = "Intermediate CRL CP.02.04.crl" -cert = "Intermediate Certificate CP.02.04.crt" -end - -test = Test8 -dir = test8 -revokePolicy = crl -cert = "End Certificate CP.02.05.crt" -root = "Trust Anchor CP.01.01.crt" -crl = "Trust Anchor CRL CP.01.01.crl" -crl = "Intermediate CRL CP.02.05.crl" -cert = "Intermediate Certificate CP.02.05.crt" -error = CSSMERR_TP_CERT_NOT_VALID_YET -end - -test = Test9 -dir = test9 -revokePolicy = crl -cert = "End Certificate CP.03.01.crt" -root = "Trust Anchor CP.01.01.crt" -crl = "Trust Anchor CRL CP.01.01.crl" -crl = "Intermediate CRL CP.03.01.crl" -cert = "Intermediate Certificate CP.03.01.crt" -error = CSSMERR_TP_CERT_EXPIRED -end - -test = Test10 -dir = test10 -revokePolicy = crl -cert = "End Certificate CP.03.02.crt" -root = "Trust Anchor CP.01.01.crt" -crl = "Trust Anchor CRL CP.01.01.crl" -crl = "Intermediate CRL CP.03.02.crl" -cert = "Intermediate Certificate CP.03.02.crt" -error = CSSMERR_TP_CERT_EXPIRED -end - -test = Test11 -dir = test11 -revokePolicy = crl -cert = "End Certificate CP.03.03.crt" -root = "Trust Anchor CP.01.01.crt" -crl = "Trust Anchor CRL CP.01.01.crl" -crl = "Intermediate CRL CP.03.03.crl" -cert = "Intermediate Certificate CP.03.03.crt" -error = CSSMERR_TP_CERT_EXPIRED -end - -test = Test12 -dir = test12 -revokePolicy = crl -cert = "End Certificate CP.03.04.crt" -root = "Trust Anchor CP.01.01.crt" -crl = "Trust Anchor CRL CP.01.01.crl" -crl = "Intermediate CRL CP.03.04.crl" -cert = "Intermediate Certificate CP.03.04.crt" -end - -test = Test13 -dir = test13 -revokePolicy = crl -cert = "End Certificate CP.04.01.crt" -root = "Trust Anchor CP.01.01.crt" -crl = "Trust Anchor CRL CP.01.01.crl" -crl = "Intermediate CRL CP.04.01.crl" -cert = "Intermediate Certificate CP.04.01.crt" -error = CSSMERR_TP_NOT_TRUSTED -certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND -end - -test = Test14 -dir = test14 -revokePolicy = crl -cert = "End Certificate CP.04.02.crt" -root = "Trust Anchor CP.01.01.crt" -crl = "Trust Anchor CRL CP.01.01.crl" -crl = "Intermediate CRL CP.04.02.crl" -cert = "Intermediate Certificate CP.04.02.crt" -error = CSSMERR_TP_NOT_TRUSTED -certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND -end - -test = Test15 -dir = test15 -revokePolicy = crl -cert = "End Certificate CP.04.03.crt" -root = "Trust Anchor CP.01.01.crt" -crl = "Trust Anchor CRL CP.01.01.crl" -crl = "Intermediate CRL CP.04.03.crl" -cert = "Intermediate Certificate CP.04.03.crt" -end - -test = test16 -dir = test16 -revokePolicy = crl -cert = "End Certificate CP.04.04.crt" -cert = "Intermediate Certificate CP.04.04.crt" -crl = "Intermediate CRL CP.04.04.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test17 -dir = test17 -revokePolicy = crl -cert = "End Certificate CP.04.05.crt" -cert = "Intermediate Certificate CP.04.05.crt" -crl = "Intermediate CRL CP.04.05.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test18 -dir = test18 -revokePolicy = crl -cert = "End Certificate CP.04.06.crt" -cert = "Intermediate Certificate CP.04.06.crt" -crl = "Intermediate CRL CP.04.06.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test19 -dir = test19 -revokePolicy = crl -cert = "End Certificate CP.05.01.crt" -cert = "Intermediate Certificate CP.05.01.crt" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND -end - -test = test20 -dir = test20 -revokePolicy = crl -cert = "End Certificate CP.06.01.crt" -cert = "Intermediate Certificate CP.06.01.crt" -crl = "Intermediate CRL CP.06.01.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_TP_CERT_REVOKED -certerror = 1:CSSMERR_TP_CERT_REVOKED -end - -test = test21 -dir = test21 -revokePolicy = crl -cert = "End Certificate CP.06.02.crt" -cert = "Intermediate Certificate CP.06.02.crt" -crl = "Intermediate CRL CP.06.02.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_TP_CERT_REVOKED -certerror = 0:CSSMERR_TP_CERT_REVOKED -end - -test = test22 -dir = test22 -revokePolicy = crl -cert = "End Certificate IC.01.01.crt" -cert = "Intermediate Certificate IC.01.01.crt" -crl = "Intermediate CRL IC.01.01.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_TP_VERIFY_ACTION_FAILED -certerror = 1:CSSMERR_APPLETP_INVALID_CA -end - -test = test23 -dir = test23 -revokePolicy = crl -cert = "End Certificate IC.02.01.crt" -cert = "Intermediate Certificate IC.02.01.crt" -crl = "Intermediate CRL IC.02.01.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_TP_VERIFY_ACTION_FAILED -certerror = 1:CSSMERR_APPLETP_INVALID_CA -end - -test = test24 -dir = test24 -revokePolicy = crl -cert = "End Certificate IC.02.02.crt" -cert = "Intermediate Certificate IC.02.02.crt" -crl = "Intermediate CRL IC.02.02.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test25 -dir = test25 -revokePolicy = crl -cert = "End Certificate IC.02.03.crt" -cert = "Intermediate Certificate IC.02.03.crt" -crl = "Intermediate CRL IC.02.03.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_TP_VERIFY_ACTION_FAILED -certerror = 1:CSSMERR_APPLETP_INVALID_CA -end - -test = test26 -dir = test26 -revokePolicy = crl -cert = "End Certificate IC.02.04.crt" -cert = "Intermediate Certificate IC.02.04.crt" -crl = "Intermediate CRL IC.02.04.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test27 -dir = test27 -revokePolicy = crl -cert = "End Certificate IC.04.01.crt" -cert = "Intermediate Certificate IC.04.01.crt" -crl = "Intermediate CRL IC.04.01.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test28 -dir = test28 -revokePolicy = crl -cert = "End Certificate IC.05.01.crt" -cert = "Intermediate Certificate IC.05.01.crt" -crl = "Intermediate CRL IC.05.01.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_TP_VERIFY_ACTION_FAILED -certerror = 1:CSSMERR_APPLETP_INVALID_KEY_USAGE -end - -test = test29 -dir = test29 -revokePolicy = crl -cert = "End Certificate IC.05.02.crt" -cert = "Intermediate Certificate IC.05.02.crt" -crl = "Intermediate CRL IC.05.02.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_TP_VERIFY_ACTION_FAILED -certerror = 1:CSSMERR_APPLETP_INVALID_KEY_USAGE -end - -test = test30 -dir = test30 -revokePolicy = crl -cert = "End Certificate IC.05.03.crt" -cert = "Intermediate Certificate IC.05.03.crt" -crl = "Intermediate CRL IC.05.03.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test31 -dir = test31 -revokePolicy = crl -cert = "End Certificate IC.06.01.crt" -cert = "Intermediate Certificate IC.06.01.crt" -crl = "Intermediate CRL IC.06.01.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_APPLETP_CRL_NOT_FOUND -# for the issuer -certerror = 1:CSSMERR_APPLETP_INVALID_KEY_USAGE -# for the leaf -certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_CRL_POLICY_FAIL -end - -test = test32 -dir = test32 -revokePolicy = crl -cert = "End Certificate IC.06.02.crt" -cert = "Intermediate Certificate IC.06.02.crt" -crl = "Intermediate CRL IC.06.02.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_APPLETP_CRL_NOT_FOUND -# for the issuer -certerror = 1:CSSMERR_APPLETP_INVALID_KEY_USAGE -# for the leaf -certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_CRL_POLICY_FAIL -end - -test = test33 -dir = test33 -revokePolicy = crl -cert = "End Certificate IC.06.03.crt" -cert = "Intermediate Certificate IC.06.03.crt" -crl = "Intermediate CRL IC.06.03.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test34 -dir = test34 -revokePolicy = crl -echo FIXME: test34 needs policy work -cert = "End Certificate PP.01.01.crt" -cert = "Intermediate Certificate PP.01.01.crt" -crl = "Intermediate CRL PP.01.01.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test35 -dir = test35 -revokePolicy = crl -echo FIXME: test35 needs policy work -cert = "End Certificate PP.01.02.crt" -cert = "Intermediate Certificate PP.01.02.crt" -crl = "Intermediate CRL PP.01.02.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test36 -dir = test36 -revokePolicy = crl -echo FIXME: test36 needs policy work -cert = "End Certificate PP.01.03.crt" -cert = "Intermediate Certificate 1 PP.01.03.crt" -cert = "Intermediate Certificate 2 PP.01.03.crt" -crl = "Intermediate CRL 1 PP.01.03.crl" -crl = "Intermediate CRL 2 PP.01.03.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test37 -dir = test37 -revokePolicy = crl -echo FIXME: test37 needs policy work -cert = "End Certificate PP.01.04.crt" -cert = "Intermediate Certificate 1 PP.01.04.crt" -cert = "Intermediate Certificate 2 PP.01.04.crt" -crl = "Intermediate CRL 1 PP.01.04.crl" -crl = "Intermediate CRL 2 PP.01.04.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test38 -dir = test38 -revokePolicy = crl -echo FIXME: test38 needs policy work -cert = "End Certificate PP.01.05.crt" -cert = "Intermediate Certificate 1 PP.01.05.crt" -cert = "Intermediate Certificate 2 PP.01.05.crt" -crl = "Intermediate CRL 1 PP.01.05.crl" -crl = "Intermediate CRL 2 PP.01.05.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test39 -dir = test39 -revokePolicy = crl -echo FIXME: test39 needs policy work -cert = "End Certificate PP.01.06.crt" -cert = "Intermediate Certificate 1 PP.01.06.crt" -cert = "Intermediate Certificate 2 PP.01.06.crt" -cert = "Intermediate Certificate 3 PP.01.06.crt" -crl = "Intermediate CRL 1 PP.01.06.crl" -crl = "Intermediate CRL 2 PP.01.06.crl" -crl = "Intermediate CRL 3 PP.01.06.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -leafCertIsCA = true -end - -test = test40 -dir = test40 -revokePolicy = crl -echo FIXME: test40 needs policy work -cert = "End Certificate PP.01.07.crt" -cert = "Intermediate Certificate 1 PP.01.07.crt" -cert = "Intermediate Certificate 2 PP.01.07.crt" -cert = "Intermediate Certificate 3 PP.01.07.crt" -crl = "Intermediate CRL 1 PP.01.07.crl" -crl = "Intermediate CRL 2 PP.01.07.crl" -crl = "Intermediate CRL 3 PP.01.07.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -leafCertIsCA = true -end - -test = test41 -dir = test41 -revokePolicy = crl -echo FIXME: test41 needs policy work -cert = "End Certificate PP.01.08.crt" -cert = "Intermediate Certificate 1 PP.01.08.crt" -cert = "Intermediate Certificate 2 PP.01.08.crt" -cert = "Intermediate Certificate 3 PP.01.08.crt" -crl = "Intermediate CRL 1 PP.01.08.crl" -crl = "Intermediate CRL 2 PP.01.08.crl" -crl = "Intermediate CRL 3 PP.01.08.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -leafCertIsCA = true -end - -test = test42 -dir = test42 -revokePolicy = crl -echo FIXME: test42 needs policy work -cert = "End Certificate PP.01.09.crt" -cert = "Intermediate Certificate 1 PP.01.09.crt" -cert = "Intermediate Certificate 2 PP.01.09.crt" -cert = "Intermediate Certificate 3 PP.01.09.crt" -cert = "Intermediate Certificate 4 PP.01.09.crt" -crl = "Intermediate CRL 1 PP.01.09.crl" -crl = "Intermediate CRL 2 PP.01.09.crl" -crl = "Intermediate CRL 3 PP.01.09.crl" -crl = "Intermediate CRL 4 PP.01.09.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test43 -dir = test43 -revokePolicy = crl -echo FIXME: test43 needs policy work -cert = "End Certificate PP.06.01.crt" -cert = "Intermediate Certificate 1 PP.06.01.crt" -cert = "Intermediate Certificate 2 PP.06.01.crt" -cert = "Intermediate Certificate 3 PP.06.01.crt" -cert = "Intermediate Certificate 4 PP.06.01.crt" -crl = "Intermediate CRL 1 PP.06.01.crl" -crl = "Intermediate CRL 2 PP.06.01.crl" -crl = "Intermediate CRL 3 PP.06.01.crl" -crl = "Intermediate CRL 4 PP.06.01.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test44 -dir = test44 -revokePolicy = crl -echo FIXME: test44 needs policy work -cert = "End Certificate PP.06.02.crt" -cert = "Intermediate Certificate 1 PP.06.02.crt" -cert = "Intermediate Certificate 2 PP.06.02.crt" -cert = "Intermediate Certificate 3 PP.06.02.crt" -cert = "Intermediate Certificate 4 PP.06.02.crt" -crl = "Intermediate CRL 1 PP.06.02.crl" -crl = "Intermediate CRL 2 PP.06.02.crl" -crl = "Intermediate CRL 3 PP.06.02.crl" -crl = "Intermediate CRL 4 PP.06.02.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test45 -dir = test45 -revokePolicy = crl -echo FIXME: test45 needs policy work -cert = "End Certificate PP.06.03.crt" -cert = "Intermediate Certificate 1 PP.06.03.crt" -cert = "Intermediate Certificate 2 PP.06.03.crt" -cert = "Intermediate Certificate 3 PP.06.03.crt" -cert = "Intermediate Certificate 4 PP.06.03.crt" -crl = "Intermediate CRL 1 PP.06.03.crl" -crl = "Intermediate CRL 2 PP.06.03.crl" -crl = "Intermediate CRL 3 PP.06.03.crl" -crl = "Intermediate CRL 4 PP.06.03.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test46 -dir = test46 -revokePolicy = crl -echo FIXME: test46 needs policy work -cert = "End Certificate PP.06.04.crt" -cert = "Intermediate Certificate 1 PP.06.04.crt" -cert = "Intermediate Certificate 2 PP.06.04.crt" -cert = "Intermediate Certificate 3 PP.06.04.crt" -cert = "Intermediate Certificate 4 PP.06.04.crt" -crl = "Intermediate CRL 1 PP.06.04.crl" -crl = "Intermediate CRL 2 PP.06.04.crl" -crl = "Intermediate CRL 3 PP.06.04.crl" -crl = "Intermediate CRL 4 PP.06.04.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test47 -dir = test47 -revokePolicy = crl -echo FIXME: test47 needs policy work -cert = "End Certificate PP.06.05.crt" -cert = "Intermediate Certificate 1 PP.06.05.crt" -cert = "Intermediate Certificate 2 PP.06.05.crt" -cert = "Intermediate Certificate 3 PP.06.05.crt" -cert = "Intermediate Certificate 4 PP.06.05.crt" -crl = "Intermediate CRL 1 PP.06.05.crl" -crl = "Intermediate CRL 2 PP.06.05.crl" -crl = "Intermediate CRL 3 PP.06.05.crl" -crl = "Intermediate CRL 4 PP.06.05.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test48 -dir = test48 -revokePolicy = crl -echo FIXME: test48 needs policy work -cert = "End Certificate PP.08.01.crt" -cert = "Intermediate Certificate PP.08.01.crt" -crl = "Intermediate CRL PP.08.01.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test49 -dir = test49 -revokePolicy = crl -echo FIXME: test49 needs policy work -cert = "End Certificate PP.08.02.crt" -cert = "Intermediate Certificate PP.08.02.crt" -crl = "Intermediate CRL PP.08.02.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test50 -dir = test50 -revokePolicy = crl -echo FIXME: test50 needs policy work -cert = "End Certificate PP.08.03.crt" -cert = "Intermediate Certificate PP.08.03.crt" -crl = "Intermediate CRL PP.08.03.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test51 -dir = test51 -revokePolicy = crl -echo FIXME: test51 needs policy work -cert = "End Certificate PP.08.04.crt" -cert = "Intermediate Certificate PP.08.04.crt" -crl = "Intermediate CRL PP.08.04.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test52 -dir = test52 -revokePolicy = crl -echo FIXME: test52 needs policy work -cert = "End Certificate PP.08.05.crt" -cert = "Intermediate Certificate PP.08.05.crt" -crl = "Intermediate CRL PP.08.05.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test53 -dir = test53 -revokePolicy = crl -echo FIXME: test53 needs policy work -cert = "End Certificate PP.08.06.crt" -cert = "Intermediate Certificate PP.08.06.crt" -crl = "Intermediate CRL PP.08.06.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test54 -dir = test54 -revokePolicy = crl -cert = "End Certificate PL.01.01.crt" -cert = "Intermediate Certificate 1 PL.01.01.crt" -cert = "Intermediate Certificate 2 PL.01.01.crt" -crl = "Intermediate CRL 1 PL.01.01.crl" -crl = "Intermediate CRL 2 PL.01.01.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_TP_VERIFY_ACTION_FAILED -certerror = 2:CSSMERR_APPLETP_PATH_LEN_CONSTRAINT -end - -test = test55 -dir = test55 -revokePolicy = crl -cert = "End Certificate PL.01.02.crt" -cert = "Intermediate Certificate 1 PL.01.02.crt" -cert = "Intermediate Certificate 2 PL.01.02.crt" -crl = "Intermediate CRL 1 PL.01.02.crl" -crl = "Intermediate CRL 2 PL.01.02.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -certerror = 2:CSSMERR_APPLETP_PATH_LEN_CONSTRAINT -error = CSSMERR_TP_VERIFY_ACTION_FAILED -end - -test = test56 -dir = test56 -revokePolicy = crl -cert = "End Certificate PL.01.03.crt" -cert = "Intermediate Certificate PL.01.03.crt" -crl = "Intermediate CRL PL.01.03.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test57 -dir = test57 -revokePolicy = crl -cert = "End Certificate PL.01.04.crt" -cert = "Intermediate Certificate PL.01.04.crt" -crl = "Intermediate CRL PL.01.04.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -leafCertIsCA = true -end - -test = test58 -dir = test58 -revokePolicy = crl -cert = "End Certificate PL.01.05.crt" -cert = "Intermediate Certificate 1 PL.01.05.crt" -cert = "Intermediate Certificate 2 PL.01.05.crt" -cert = "Intermediate Certificate 3 PL.01.05.crt" -crl = "Intermediate CRL 1 PL.01.05.crl" -crl = "Intermediate CRL 2 PL.01.05.crl" -crl = "Intermediate CRL 3 PL.01.05.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_TP_VERIFY_ACTION_FAILED -certerror = 2:CSSMERR_APPLETP_PATH_LEN_CONSTRAINT -end - -test = test59 -dir = test59 -revokePolicy = crl -cert = "End Certificate PL.01.06.crt" -cert = "Intermediate Certificate 1 PL.01.06.crt" -cert = "Intermediate Certificate 2 PL.01.06.crt" -cert = "Intermediate Certificate 3 PL.01.06.crt" -crl = "Intermediate CRL 1 PL.01.06.crl" -crl = "Intermediate CRL 2 PL.01.06.crl" -crl = "Intermediate CRL 3 PL.01.06.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -leafCertIsCA = true -error = CSSMERR_TP_VERIFY_ACTION_FAILED -certerror = 2:CSSMERR_APPLETP_PATH_LEN_CONSTRAINT -end - -test = test60 -dir = test60 -revokePolicy = crl -cert = "End Certificate PL.01.07.crt" -cert = "Intermediate Certificate 1 PL.01.07.crt" -cert = "Intermediate Certificate 2 PL.01.07.crt" -cert = "Intermediate Certificate 3 PL.01.07.crt" -cert = "Intermediate Certificate 4 PL.01.07.crt" -crl = "Intermediate CRL 1 PL.01.07.crl" -crl = "Intermediate CRL 2 PL.01.07.crl" -crl = "Intermediate CRL 3 PL.01.07.crl" -crl = "Intermediate CRL 4 PL.01.07.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_TP_VERIFY_ACTION_FAILED -certerror = 3:CSSMERR_APPLETP_PATH_LEN_CONSTRAINT -end - -test = test61 -dir = test61 -revokePolicy = crl -cert = "End Certificate PL.01.08.crt" -cert = "Intermediate Certificate 1 PL.01.08.crt" -cert = "Intermediate Certificate 2 PL.01.08.crt" -cert = "Intermediate Certificate 3 PL.01.08.crt" -cert = "Intermediate Certificate 4 PL.01.08.crt" -crl = "Intermediate CRL 1 PL.01.08.crl" -crl = "Intermediate CRL 2 PL.01.08.crl" -crl = "Intermediate CRL 3 PL.01.08.crl" -crl = "Intermediate CRL 4 PL.01.08.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -leafCertIsCA = true -error = CSSMERR_TP_VERIFY_ACTION_FAILED -certerror = 3:CSSMERR_APPLETP_PATH_LEN_CONSTRAINT -end - -test = test62 -dir = test62 -revokePolicy = crl -cert = "End Certificate PL.01.09.crt" -cert = "Intermediate Certificate 1 PL.01.09.crt" -cert = "Intermediate Certificate 2 PL.01.09.crt" -cert = "Intermediate Certificate 3 PL.01.09.crt" -cert = "Intermediate Certificate 4 PL.01.09.crt" -crl = "Intermediate CRL 1 PL.01.09.crl" -crl = "Intermediate CRL 2 PL.01.09.crl" -crl = "Intermediate CRL 3 PL.01.09.crl" -crl = "Intermediate CRL 4 PL.01.09.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test63 -dir = test63 -revokePolicy = crl -cert = "End Certificate PL.01.10.crt" -cert = "Intermediate Certificate 1 PL.01.10.crt" -cert = "Intermediate Certificate 2 PL.01.10.crt" -cert = "Intermediate Certificate 3 PL.01.10.crt" -cert = "Intermediate Certificate 4 PL.01.10.crt" -crl = "Intermediate CRL 1 PL.01.10.crl" -crl = "Intermediate CRL 2 PL.01.10.crl" -crl = "Intermediate CRL 3 PL.01.10.crl" -crl = "Intermediate CRL 4 PL.01.10.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -leafCertIsCA = true -end - -test = test64 -dir = test64 -revokePolicy = crl -cert = "End Certificate RL.02.01.crt" -cert = "Intermediate Certificate RL.02.01.crt" -crl = "Intermediate CRL RL.02.01.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_CRL_NOT_TRUSTED -end - -test = test65 -dir = test65 -revokePolicy = crl -cert = "End Certificate RL.03.01.crt" -cert = "Intermediate Certificate 1 RL.03.01.crt" -cert = "Intermediate Certificate 2 RL.03.01.crt" -crl = "Intermediate CRL RL.03.01.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND -end - -test = test66 -dir = test66 -revokePolicy = crl -cert = "End Certificate RL.03.02.crt" -cert = "Intermediate Certificate RL.03.02.crt" -crl = "Intermediate CRL RL.03.02.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND -end - -test = test67 -dir = test67 -revokePolicy = crl -cert = "End Certificate RL.03.03.crt" -cert = "Intermediate Certificate RL.03.03.crt" -crl = "Intermediate CRL 1 RL.03.03.crl" -crl = "Intermediate CRL 2 RL.03.03.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test68 -dir = test68 -revokePolicy = crl -cert = "End Certificate RL.05.01.crt" -cert = "Intermediate Certificate 1 RL.05.01.crt" -cert = "Intermediate Certificate 2 RL.05.01.crt" -crl = "Intermediate CRL 1 RL.05.01.crl" -crl = "Intermediate CRL 2 RL.05.01.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 1:CSSMERR_APPLETP_UNKNOWN_CRL_EXTEN -end - -test = test69 -dir = test69 -revokePolicy = crl -cert = "End Certificate RL.05.02.crt" -cert = "Intermediate Certificate RL.05.02.crt" -crl = "Intermediate CRL RL.05.02.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_UNKNOWN_CRL_EXTEN -end - -test = test70 -dir = test70 -revokePolicy = crl -cert = "End Certificate RL.06.01.crt" -cert = "Intermediate Certificate 1 RL.06.01.crt" -cert = "Intermediate Certificate 2 RL.06.01.crt" -crl = "Intermediate CRL 1 RL.06.01.crl" -crl = "Intermediate CRL 2 RL.06.01.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 1:CSSMERR_APPLETP_UNKNOWN_CRL_EXTEN -end - -test = test71 -dir = test71 -revokePolicy = crl -cert = "End Certificate RL.06.02.crt" -cert = "Intermediate Certificate RL.06.02.crt" -crl = "Intermediate CRL RL.06.02.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_UNKNOWN_CRL_EXTEN -end - -test = test72 -dir = test72 -revokePolicy = crl -cert = "End Certificate RL.07.01.crt" -cert = "Intermediate Certificate RL.07.01.crt" -crl = "Intermediate CRL RL.07.01.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -# FIXME should be CSSMERR_APPLETP_CRL_EXPIRED -error = CSSMERR_APPLETP_CRL_NOT_FOUND -end - -test = test73 -dir = test73 -revokePolicy = crl -cert = "End Certificate RL.07.02.crt" -cert = "Intermediate Certificate RL.07.02.crt" -crl = "Intermediate CRL RL.07.02.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -# FIXME should be CSSMERR_APPLETP_CRL_EXPIRED -error = CSSMERR_APPLETP_CRL_NOT_FOUND -end - -test = test74 -dir = test74 -revokePolicy = crl -cert = "End Certificate RL.07.03.crt" -cert = "Intermediate Certificate RL.07.03.crt" -crl = "Intermediate CRL RL.07.03.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -end - -test = test75 -dir = test75 -revokePolicy = crl -cert = "End Certificate RL.08.01.crt" -cert = "Intermediate Certificate RL.08.01.crt" -crl = "Intermediate CRL RL.08.01.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_UNKNOWN_CRL_EXTEN -end - -test = test76 -dir = test76 -revokePolicy = crl -cert = "End Certificate RL.09.01.crt" -cert = "Intermediate Certificate RL.09.01.crt" -crl = "Intermediate CRL RL.09.01.crl" -crl = "Trust Anchor CRL CP.01.01.crl" -root = "Trust Anchor CP.01.01.crt" -error = CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_IDP_FAIL -end - diff --git a/SecurityTests/clxutils/certcrl/testSubjects/anchorAndDb/amazon_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/anchorAndDb/amazon_v3.100.cer deleted file mode 100644 index 3439c8215e0c9d7296db295c8c85583d76bdc054..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 945 zcmXqLVqR;|#4NRdnTe5!Ng(W6jeXp#a`tuC-C8(TeDgElW#iOp^Jx3d%gD&e%3u(0 z$Zf#M#vIDRCd?EXY^Y!$2jXxEiw6ZeD!3$;Bq{`_CYKgvmQ?B}c;+SR8R{A6fK+e` ztAZs`f$~LVsYMFTsYNB3X_?81C7Jno3XY{E8TlYx26E!O24;qaM&<@!5C!C#gSbY< zrk19bQ3mO#4iGjF1R2jE%oUzkoROKAUXq_@C}6+`5@Z))4^B-iDalDSlrRtjyHkYU zF*mU)KTj_?KNsRYaRX7146_Jdd3m{BB3#y>aXzx&8Ce;a8+#cH8atU98yPMh?3LN} zzTD|o`uq9*;cK;~gfp^QB|3K)PtKVeSC$zfeIm(QYSS%qhn$*QJv{pjh~j> zZT|Lj#@$V(SJo~&K3gNI=tg?`tVkWh93K0?qBg(feiK?B9oiG{=G~d~tPF*PtYFkGO&K(|dhqokz3N?$*@C`S(%2bsm0>EMvi2Sy$wb|8_X z2UK9-0@AI(VryV+V9Cav(B{F|_QREtU7XoK%RqyTLz@kl9@v=}#biK+76VNMg&&Hk zMFoilvLI7bS;P!PU|N_N;VdQt6BwJ3kwwEm%|HdlH(+d&fVwt6xwrtuV1rzkDn=fb zM1%N+u?wONA`QX~Ld7^Ua}(23_0u!c3=|FI4cOUOwfUHtq*z4ypI(+~ThrT@efWGs z))fy4ooY!v1646)s2w@^>G>#j=$93P#Xu&ZW&!3phU7hwe~)~)tHgBh!0#!-cj~)V zF18Uh_^vF{-g-#Pr%>ck0b}6}FLBG0r?y_mP?^&2`XD}RPyK}bkv%qLrWSY1CT$RW z;PCR{&qlXa4S$RHY), -# we are no longer checking the CSSM_CERT_STATUS_IS_IN_ANCHORS bit for that cert. -# -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = true -end - -# Note the amazon cert expired 11/27/2007; let's just keep using -# it by specifying a verify time. - -#test = "Baseline, implicit root, no DLDB" -#cert = amazon_v3.100.cer -#verifyTime = 20071120000000 -# CSSM_CERT_STATUS_IS_IN_INPUT_CERTS -#certstatus = 0:0x4 -# CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT -#certstatus = 1:0x18 ### not in anchors any more, so only 1 cert in chain -#end - -#test = "Baseline, explicit root, no DLDB" -#cert = amazon_v3.100.cer -#cert = root_1.cer -#verifyTime = 20071120000000 -# CSSM_CERT_STATUS_IS_IN_INPUT_CERTS -#certstatus = 0:0x4 -# CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS -# certstatus = 1:0x1C ### not in anchors any more -# CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS -#certstatus = 1:0x14 -#end - -#test = "Leaf is in DB" -#cert = amazon_v3.100.cer -#certDb = dbWithLeaf.db -#verifyTime = 20071120000000 -# CSSM_CERT_STATUS_IS_IN_INPUT_CERTS -#certstatus = 0:0x4 -# CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT -# certstatus = 1:0x18 ### not in anchors any more, so only 1 cert in chain -#end - -#test = "Implicit root is in DB" -#cert = amazon_v3.100.cer -#certDb = dbWithRoot.db -#verifyTime = 20071120000000 -# CSSM_CERT_STATUS_IS_IN_INPUT_CERTS -#certstatus = 0:0x4 -# CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT -#certstatus = 1:0x18 ### not in anchors any more -# CSSM_CERT_STATUS_IS_ROOT -#certstatus = 1:0x10 -#end - -#test = "Explicit root is in DB" -#cert = amazon_v3.100.cer -#cert = root_1.cer -#certDb = dbWithRoot.db -#verifyTime = 20071120000000 -# CSSM_CERT_STATUS_IS_IN_INPUT_CERTS -#certstatus = 0:0x4 -# CSSM_CERT_STATUS_IS_IN_ANCHORS | CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS -# certstatus = 1:0x1C ### not in anchors any more -# CSSM_CERT_STATUS_IS_ROOT | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS -#certstatus = 1:0x14 -#end - diff --git a/SecurityTests/clxutils/certcrl/testSubjects/anchorAndDb/dbWithLeaf.db b/SecurityTests/clxutils/certcrl/testSubjects/anchorAndDb/dbWithLeaf.db deleted file mode 100644 index 856068348e1aad06dfe8e7819554b02a1c0a8f58..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 24060 zcmeHPYj7OZmF|&7GkT5Q55GOeGRU^DT7Ccqvq+X?B-@g0jbvj7kVm7jJZ3D3nUQSs z9D^|?Yrp{~usB&vaP1mm9!UYAww#JdAdoFmIK)Z3Taa={Qp;wkg-vAxWZ7iDuerA|XT@SlvysaIEeOA+4XvcLu^Z@h} z^qi(;xuI>)BT(>ZjTYAQ&NA>Z54ylItC|CWj^38_y)CPI1I=x%9ZkLMoohB2XIt=> z*var&I5%q|zNx#rt9^A(cWVIW$-#P)aj<;)M2_~(me%VG0-Q&mwCoHVJm;Utv9YNu z(B64%Z^wp~p7pJ$QwzlyIs1~t2}@Wn2kPi^((DhbvYrPzSv^s%qmCEKaj?rg7z>hG zl4YKj)vKdJeLOVAEEk{bmtBndC@6;7$Gxkyc|%uA@5Y|h>)V@q*R^iN`8H@Cl>N1f z;J`Z6X4}S0aCEhAZt8BeNKl77`B09BT?9`l3g=Gb32g1?XvH!R?r2!cS^<>fU>AcY zX>1+sqKQ1$t^#_c zu=8N&!On-B4?7=rKI{V61+WWX7r-urT?o4nb|GvZY#(eNY#;0**hR35U>CtIhFuK1 z7@wJ8u*+bV!7hhg4!az7IqVA96|gH{SHP}>T?xAq zb|vg8*j2ErU{}GehFuN28g?~otr1G$JlN$@7!A-B(3Q}ullVgkhC&JR$iOt>m{@6i zd^8kJ!#l;7$=c7h+81rIeW%zm8QyKRZ^vUyr2IGbzeE3>VvSS#27WZUJH7u-F=$eJ zu)jZ+Hh$cbGUIQwACE@{((v4mviKZ_@n@Wp#e1y&+sB{rNfz(5`ftZGF3I9^t^V8b zA`XEjB~IgSwBa!SKA>dUH|oUucMn>v&~AhlLFMtW(e(M}^+Xy!oCrlxpCa1lwL}^p zOzayr&|`RBL!|M;L$UPuQKp0sCU&N^U#@`9by&a1#iaeuv*wTe72{W_fX|Pc^Jm9b zDc}pN`LpAz74U`D{MqryU#0u+v*yo^pRRx}8aC(8j-LU1dag8K|Dg`oIfe0(LXJl0 zOsEQ8fCNJogUc4Y2}Whhxr*U7X?% zualJY_`|v?`1JU*L=m4Jf9e(S>G4Nb#HYs}-Y2N^KRx~|Rm7*qpJj^p^!T$}0nas) z9)Ea`B-?+d_;Z;8-YNcEu7IbX>G9_Z1-w)I;r*d(|DEE`l?r&L_;Zy4-YNd9QouXK zpQ{z{PVwh&fakc{#VP(U&!(iupKDO2f=`b>jf(j6_|v3_Pme#V74hlur&$r79)DUC z@#*oWRS};af7U4Ao#M~63V5gZ)24uTia+fNc>YRsru6f7U7Bo#M}W1-w)I=}^Es z#h*?Eyi@$ypn!LZKO2D;F#(5$Oo%^8^BJ!ent1=e2?%L?Bpx5J+7S6ymkK^U*cVH~ z^F4)Z`!36Wwk_K4R={Tkqmj6U75E+ne0F@KZ&wlE;w z_)U@iH2=3M;JrJCZ`x?P%keEg`EdGA9g?+vR zh0yDvC!wF(19J)5xdiQ8asrBawWwEn1p1DqEkrvD;m^W1 zHEj{vS+o;+TGJMnK+(?PQ_#;et!^XqI28Cxfxq-H^t`4m@k66fVCsRXM?3Xsr~V^N z(@{@90(}RsL2981DEwJEOVc#)8Nxke7v2Z)UV!;9b3zKQ4R*=z3P*#9$k1SWi&4xq zPd>39?R7KpiM9&`UuQ7&UV(h%6?FvXWPGeEWHSGF-B;lgbqksjiCCm>BoQ_{%(gJj z#{Gh*BieTIkFk{);bVDIxQKE}8?+QE!`F&>b$gvHPF8ekaY-jMtRBjj_mJV(ene@#H?@JE%{AQ*xT3ksxmHy8X~dJiUFskCMg@$A;3^mR|*Lz0alpV*KW*;H~e2*zp&s;0MBkV*Et= z^A+$}4zZy|1@90W7O3DIV#CEMc!$_(u4zXdO3f>_$ESdr@_Hswk z+&5FjhQ*S6j163enPNlT6kIrM2={iDLu|MdXJz+hmP2gdyDDkCLu{y5!8^nTT?OwD z8yE+r{kOiWWRDF?Rq)n#J?!{pDtPO=9>h}{q06Dt{#)ObvbWFsQ)#^QT`4>MG6lTL zA-3^dm2CSihuC(73f>{MtyIA~#5TUGlJ?&rw((t+G~OY$tx~}|#5TsROzqoa8|zIK z+xYHEhL5q0^)kgazQ@YMh0}&Gwz(W)TO-a&;~ipKlM3D;wyjpdJH)nT6}&@iYf-^l z-($1y?N%kc`8_r}evJy=A+}wsg15fMW^cbu1#f+ijd*G!v>htFeys1YiS~I9uolYu zN4wbbZn3x64)41u#OJOH?`w_*N zePf$4T*5cjHGK=?aou2ekO{w4M!)#}ONLMQ#`}Eod2uf`8cgukFg0!)a4f?me9N)0 z`FNfY*%1l$MGZQGkG`?LGJL`}-UArpwm#Swj>3SjtQ)!sD#OKkoKwbLauqcV4@V>B zv!(9f07^_w`ql-N;S~L4{3T~T*IX<#nC&tic@p)SZ`5e(;vwd{!>QC4A%aLH0K<5FU(2 z*k2eBF@9TdEW;<}gzJ#l;-=`H;J)}cR+iJpZBQ9b;bRHv6I;-_HxUbl5@OQ{A3rC_ zCwwfm_)0p%qv6?amMNErN^)@@a1La0iQST%qQ6t+5{xM_b1V9rhx*1`IOGyTl3b#{GP%UCBBx9) zakC_+7{fxV&y(d641OwO=(G5oatWqVGF-y9sd5Qk6lM6toXF%7Ba)oLM-g8p%Oyr7 z`Gk+9sLwT+DVNwI$tl)#rd(pLB3Gtdf>&Od`4E0($|Y`*Zl} z>_@o_7w3RnQ{@tON%FCuha*5ANa*6)R zneVala&=7(*ZG8)NA3T;c&qF5%l$xx|B#d}2;ya)~37oWjSc za)~cU@(CYHQJ>?NDVKOil2gn{rd;A-MXpS_#8E}AOu57tCAnHrk7G7jF7YKv9x+y# za*0PIxy0I-DwlXvl25D+nOx%UBss;nO_obMCdnhlEmJOW3|x%=c4>eyA(u!ZEwujE zf_oshIUGw^4~S`Rgnk(+!_{GMg$MbZhS)-K;kg{1*bfd^W#sz`RGKe}r;ZkOvgaIs zFUi+V|E&KDp?~SQ$$FGMuEJ&gj|jQE_zvPOJh;YT>iP0RkrLZlwL%%o|JkEnM z?;t0y>pmz294X(3BZk6q_LstPUMDCl7yV;7V?KrD;$D&E6)c3XoVh23<&4D?mW#Gn z&e%#}xmZ6eXPl(4oc*A%oHm7@>>GvUj9CN- zcScy3<*EHYR^R1MnmnxIx75}?n=tlu8$S0!k3dgC&p^*ZKLVWlUWZZ$@EShhcdz(; zIDYSg-`(K%FRbrSupa#(j^ax5GZimvzn#VUsd!<1&yHA@GiFj;)^|*J%yPz2ip%yJ zRxB5>)n)r_Dwgw}h2paLc_uj)XZ<)wwT+Jv_ZdG|LAOKqLd6)>;F!WOakG#7ej&f3 zXZuYywwsE-Y2%QJzqa3yWBpVdu)gnyqVeN7#-Cfm>m!6d_|a4g4T!LXkJeaaf89Kt z{a;u{{|)^Vu4BC1^PpdV!lvZ-^t-a3fzCLdo#o2PD%t##+pf9su|3{rf4b&C-pSu} z>ON22qJwP*KlZs?IXRl%+fbnAd9r)lp7N}oK!abOLnFVux+~D+$4l^_KM)R$#3G4( zb^i9j(2|BFdL3&NlrJz&gmFHGcY}WBf=Cw3Z%6o>MiM)Rh|=d&`}E5i8kSzJ8?p`N zG}ut07qQS=;SJ!M5{YQIVVYiL_*qfh zv^#jq(BP8L&~DSeYQ2(YvMY-A?Afy~JGMMt-|a;^+EA6oWs^eZ=xM!ILd(YJ2KH~#hV#^`N(|4>?W`L_E8 z7VZDdiFfb*-LD>f_ZutDJ@XH*AFJIKJ3nymV_WMQqJ`INiXH6y$Ic`7y!V~c8$bBZ zH=o;6^V&Uk|04ObhAXFau3dZLfnV=>>XBo|{_r2|PcMHx-1cr(wo7w8d6%nSzst4V zn2*`z?kru?3(%L@#cp?YR?cyK6^*&>75Xy0;duS=OAjvInMe#@SzjNDMVDX>BKS!` zV~yPp+!eKb~K4?>*nCT7PrJd&91q&#$ds`Tc)>@$Al;qYt)T=-qt!&LiL6dU)07 ziYwl^?4jpNFEsx9&p&-=VfVAg|9IO|Z(aZOw}0{2kuRQk>$A1Hp8ocRyDzMLqvxgX zeg7x_l>geXPrsX}|3S&>Ay@6SwGX`g9$9{&keM6_esi(Vb z15su>69N{BD?U9o)BD~7AH4p(6W`pJQ`33q%6~im6vF=noWr#$CyJC9@z>J`MV$8{ zW_llmo`t@TI;Wr%V~lw(%zLr1|G&>UYM$1TR-OOPzSdek&?Vb%BzUf10mKbuKWL}! zGsb=k!LuFZ6y8TTtsC|=m4{gOx8U<&ybKw}-@o+QI*c~iFN$mIcNM&KW|5Iw{iWuF z6d`{C{9ZaK8>?8&Cf9!Wks$AFsT zgj4u=hM&)U^WnEjZhh_37plHC{ab<3_g;A9`MI}0(Xt@$=7-Nc@y1olzS`USn;(z7 UIQMkd+^sKu{L;^X5o1vJf7UU*r~m)} diff --git a/SecurityTests/clxutils/certcrl/testSubjects/anchorAndDb/dbWithRoot.db b/SecurityTests/clxutils/certcrl/testSubjects/anchorAndDb/dbWithRoot.db deleted file mode 100644 index 888a8b2f21e965a03c9ee85e662ead316d80f19d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 23736 zcmeHPYm`*gmA+N|epJ&h8j)A=e%L@YLI4HqS7DdX4Rm$$lCdeO3n(eN+p6k@R)Yni z0~rR@3d6|jHH=9EhSC0! zVRWF*hGT}Y35PllLO(H#u3Mm&4ddQ7P`4fjD8#OZJII$M}^Ex}-WPwV=g*5;mIOPjyFsVC5}c7u7e6@Q7% zhIixGzFLro)(>GEyun zY;A6i_3z@YIcCM!vR`&F>!V;C)IRQ={+11$tvwsNo7V?gde-^3;dmRg1j_!}MRH&r z8dGdzCOJ9-o141)f&_KQQwrsH*hTVGp>W!0p5V6jc0ZPZbcbu%D1&kw>|*ky%u~mh zF`8%VGT+Lc7Jp|~U~QlUj+s!74dj+`{Bc3IV{;U??5nU{Z(_(%=5B=^g~HB*od-J) zb{_0}*!i&YVdujxfL#E)0CoZFLfD0{3t<<+E`nVIy9jm>>|)r(u!~_A!!Chc0=oou z3G7nXrLaq3m%=WCT?V@hb{Xt)*yXUxVVA@9!1loQ!1lndfL#H*0(J%Laj?h19tV3I z>`K^`uq$C#!mff{1-lA%73^x*)v&8!SHrG>T?4xYb`9)W*tM{0Vb{VQ4|_c9@vz6k zu7h0%yAF08>yP(tBw(%LgIjo2qv8J`#m zM>6nE@g-aPd7^#UCfj$4E!pt-qJ29aW1{50dHy@}-znBOwQu5wV*4}u?-YZw;zPZ? z@r?1~IjJ)KX8VambWaAJ=c6jVz+wCur&RHUqW|{sXM9q{7m5Dc@r+BV_+rt2J6^^i z(4@s_{LMBT=HCO9O8aJ=MDPAS(F*NGXa!UqA0Nt`e_l_N@dL?l4D~6peO^nH@uB4K zfQcT#^BSUzALx%~#*b<(d?>j$qx~8Ue6hp&MJ}f7e~Fks_E(PIcny4M!kRxjzD@&Q zCg#tMpP+#+7xQPwBY#!yzemiU9Y0Y6Uol|KpB;ZI@R_;NsPhkXxXvkzmlSd|LMK6W z@G^&y_{o}hk-wzdpQ4FpyrjtXr($2nf5uCS#81P%4xaInBJp1A>);tLDH1;&`#N~W zONzwLz`iP;7hjl|E^z%$p7@kZk3XyBP^$ao|1b2acB zI~i{zex3%N=Z=gw59BYbG=P z@E%FE|4#Aea~gQ3__JICPd_u`&k7B^Q~crmp=$q~;?Er#c&GStrv~0B{;bl#JH?;X z8hEGpvj%vMt6iMp5A$qFX8gGeWjgrG_|vF~&x}7!n)uB4)2xZlj6W@!_{{jzs)^5x zKYmSoX8c*Jfp>~OcWdCC;!m3f-YNbBH1JOG=N=8bQ~X({fp>~O>oxFB@uyt_?-YMJ zH1JOGXM+abDgJB(Ud9CMnldW>q^xJWMtJo7|0W=m@zF$LP_!ZQuTC9&qHk9`1JCyq zs_nak|7=^f-=%?fhhou$z)F0#20kw_xaHyP28CS$yA*aQ?9%V!xjuX-lSb_MK;%XmzIcE|NX&p|)HbA8yAuq$C#!mff{ z1-lA%73^x*)v&8!SHrG>T?4!3H7ixCMgMA3Q1pYhe&b<}hdmxPZ{_M>*TJrXJ)s=B z1Nsv56WnUGLcavPirc28(4)||aSMbtZaoOSgvTefP_#Gc4ZM~rh5|ns_{sl)S4`lZ zat!*8VN3;PDlk*g&NQ?$Z7US@rlFp<6?zJacBW%2r>CH3XU1gc0Q616n2B~~?u5Q- z7_;)BT~Od>0YAGDdII{6Va)MDftdr$T(mP6?aVy~MZI~bH}4emieb!0JM-bs{GS-c z0<^PWFZBC{aa$!6?c8=Adc!d4H$u-sfnNyx!V}QThOx*CjX{A~49sG*vl#6x{+(g? zP|tS?dIhgR=0THC__JiPVHn^uh3Al6cpt=j0p`QZ2`Rib*rl{H5(_1x{e6K}vzTk1 zeDZv>*UiNz+b)-U9ijAl1@e(s){&gq_*hp;Hvf3t*Wr_O%bJqOcy!lbGGcX@ZDE|v z`vqA?w(aB}V=FPz$C@-BJG{0(zCVPiv5t3P%ltrvcay-dUlh+xyjB_il9M@u4re}r zka0J0TKy*%Ig6k=oa`56g!AUUbIyyQDx6%C_Igfpz8-a$YuM|-y!o9V3n0w@SWnh1 z3iS0x4vx$>ePiAsk7L&qr}>t?$@z9#KjdQ$ufr$jxy1CXYj_}H`5@P0xgsCeBiog8 zTx0S@dRs%u(E9$cd1{lHy!6upRrOQ)2#Db{C**T_SCnlW?dPo1IC751K~?+T#4+hP} zM_+laRYO&H7!$}N&$Wu+;I2d@J`@c{(hG*1jnEosE>0XaWpxUhaIYDph$VL;v=*w2 z-#;49L_ite8%cywpY3z58lg-al=0E<{v_(#@$wlkiqm3WhqBP>e>@pS0rAvE=q*s? z_HoO>)76fjsDn?0;{yWEHn~>iGhpnd#qNLl`kk^4GhS0lHpZiU$&rgK$CKv~-$CW- zkK_xaP!YmdO(|%KMMJ!yfXKOFj**MYtc*YA*hc$?qS)uy5Yq^qBKEOKi@k5M(8Tve z_JmMi$Mb!Za{J-IL}vSZAEk^Ri1%l%Ew2tfpnpV*~PS<@Mushz;{~@D8zI!5DaXF1M$w z^Jc8raGN3@V*}S=uGmmN1{V&S!gJg05E~ZasOq`tc8CppSEY=1hz*N%@D8!Tr-OHh z4UB`z{)=yw?6F~q4qklgVaMODgBRa=5KnD{E`=)lFTRzsx6k`iWxV)S%8vh>2Hxcm z+xV_ZwSAXEY+Ip&cZh8(b?^?cjqj?I{db6Md{?E6cZhAPbnp(bjj=0N`}WwzdSk^l zzPnQ4V{Bu+T(OPsv2tj!m}Ddw_eOynnQd zJ@1z17Te){H--4(b&=tgSSZ2U0NT7i;X5rAu6ERu_wdAKyFa0SDtyv6a#1tyPv{%l zRN<1ov99G?1dr?bB7IEwMH&6#`!5wf=^O9!$ybDXv7u0sw}$C)+kkx)F6mo=z?R~9 zMs#;Hv@2%PnSAt({Z-+UzVRNw9JlqMU6B|J2+O*lo1iLOtj9TJ>?K!4)4)J1YCT)( z3hhCO#Yx{fp(>oRzl^`+EajSuM?%Sd-kDo`>~9dN!YBJ%g8JrMfKNUoq0RnMRk&n- z`HYZQ54eKS2P1*L=4evf8%s_;f79XQb3$S({kwNZ!pZ1RM39Sej^Spg3a1>ya)B)g zCPVQgp8Q!$#++x4A>YTT@X0as2)-hJAD<(dY+N(+jnB$exTJ4C4DOpT-kDoeTsb2 zw_LeIOp%M{0p~y^m)Nh!Df>HCF2R_hGPkn7C8%%Cg+ngUugE3)tCC9$XmYCL5)UYH z$}ub#ea@CkF!s`J|6k zsLwT+E0;K+$SK!#u3X}vCReUpf>&OZ`H+6)$|W9D@RxnhW@#l(satuAFZ;qkEbBU9RT++9(a)~Dt`Q)6aZ_z6?x>i<;o?V0~h1JT^eAF$|X`r3&n3Ocn%b| zMB+*DfSC41=ozRASG&m->Em-6V#~>e=W=*r-?vAUk?*TeWxg1mItpyI=Nw;CPx!8AJ)9LFm=vn9+(6^xjfL%jLZy%WGK(VL5Y83d}VLAIjVL5FIx9l5*<&0Srmb1SUmNN!H%yF-@_6;w#)IW~9HC~_gxL0AUDPEy} z9QRLs+>KNUgDu31E!8&e#!lEgpBXzCzxP5XLn$t(o8N`l{>K{6tMvIVz8PU%mZ#7E zk@_xg%Hm-iuTWe2Y{ERR+ps+dJq3LUdJ%dV`a8gR-us{w0*XwZ@PDuPJsiLL;I|w6 z{z801!Fu$EIEpL7&vd-7{qHQ+Psa=KogJ|(XUwFy#5X3~XF202#bx^+RxFpX)n)tN zR4nH`3&myg^I~cw&U$f-Y8xLj?lXR_g6@PKgvv3Rg?$RgB%gic_l5jM&-Opr*ls%h zW{g8R{@VVB9P6j!fcV}IMK_P<2!G*KULPU!!HcDV`7%Y?Zwp(@g?oi%y9d$jVd&?f z-+=xS*wxS%t>bwYd`H|%eMekhcUQV!-hHUU|3CL_>0fnv;(hO3^mz(P7Chee_{ScX z%UxjjdK$`nC53t2`Gqy^?qGx0HRo#0uyw4uSb(r3!{37!U@ufex`$?eNl zE?c?%(|6$TbM`*F3XHtN#|_`%$J~dEr+)U}-@Wqan(f~_{^*wTvt2{wFTZlKe)-RS zyX;_ZSKfz58#lf6gC~lwec?#)&+8sv-u;_zO?SUMwD<6{1<$X0Yu)VKGd9PL6+Q9s z;cfem7DWbX9vE8l+=2D~yz%(v(`^@~{MGzhYZl#8we8H*@xKgo)hF(V9{JWYE6?m7 z*wgmmdkg>R($t6Cc`jriH%~|2AtUnMq4)ph`m5LOxO)A8wa-qhdgB*AI{R8);~e*z zk~8mD|Ls3+|F7jQekYXo?R)E@cmA-oxcpeKeBU#HAFWw-C3fL^-~9EC@7=NZi#xyl zjdkt6_kR4-o=18gI(fy|@$MfE{KLw+ZT%Jh`is{eeWbm;dGpX~Z}sGVvf`89{=8?f z=cfY02?`AICd4 z`#ZfO|H?G5p~KtM-PN{%D9fkMs-0117@Dum+wj5*`+j_Vf6>kfvFp$NV9(z-|NefQ zr#!!LF6Sdo@c*Nlzn4aAD!7Dn4!LUK3FtZ0Id65rnhV~y@xEc?x8nJY;&=*M&e#8E zU*`!QurX}E=gke8~B&2?}nCqwIJ}{$tSNiUb^$>>F>V# zt4Zy9|N6(isjpnV>o;FEp%%H>0EwU%xec~%|H<5c-}38m$&2&Cum9)y&DWk>{q$cx n-w^q3?A0SbEE--HY-*nxldiq@9bk%~l;ZybEpBc7 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/anchorAndDb/root_1.cer b/SecurityTests/clxutils/certcrl/testSubjects/anchorAndDb/root_1.cer deleted file mode 100644 index b76137b1ca59e37a3febb8a4a766b20e83587d96..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 568 zcmXqLVlpvkVqC~1z_d24&d>E0H&pbJ3joReFS?(y`l?zIzg)lAHc z42;N514ajP9YgBfx`&(IYm&zE_vGHrM<5I)#;OIT_FL!{W#5OYx=gXRH4_?Q5v{6951o(Z^c= diff --git a/SecurityTests/clxutils/certcrl/testSubjects/bmpSslHost/bmpSslHost.scr b/SecurityTests/clxutils/certcrl/testSubjects/bmpSslHost/bmpSslHost.scr deleted file mode 100644 index 8fcf6fa7..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/bmpSslHost/bmpSslHost.scr +++ /dev/null @@ -1,19 +0,0 @@ -# -# test an SSL server certs with UNICODE-encoded commonName. -# certs obtained from https://stone.tees.ac.uk -# -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = true -end -test = stone. -cert = stone.tees_v3.100.cer -cert = stone.tees_v3.101.cer -cert = stone.tees_v3.102.cer -verifyTime = 20061201000000 -# common name has wildcard *.tees.ac.uk -sslHost = stone.tees.ac.uk -end - diff --git a/SecurityTests/clxutils/certcrl/testSubjects/bmpSslHost/loopStone.scr b/SecurityTests/clxutils/certcrl/testSubjects/bmpSslHost/loopStone.scr deleted file mode 100644 index 8ff25b8c..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/bmpSslHost/loopStone.scr +++ /dev/null @@ -1,63 +0,0 @@ -# test an SSL server certs with UNICODE-encoded commonName -# this version does the test a bunch of times, for use with certcrl's -P option -# and MallocDebug. -# -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = true -end - -test = stone -cert = stone.tees_v3.100.cer -cert = stone.tees_v3.101.cer -cert = stone.tees_v3.102.cer -# common name has wildcard *.tees.ac.uk -sslHost = foo.tees.ac.uk -end - -test = stone -cert = stone.tees_v3.100.cer -cert = stone.tees_v3.101.cer -cert = stone.tees_v3.102.cer -sslHost = foo.tees.ac.uk -end - -test = stone -cert = stone.tees_v3.100.cer -cert = stone.tees_v3.101.cer -cert = stone.tees_v3.102.cer -sslHost = foo.tees.ac.uk -end - -test = stone -cert = stone.tees_v3.100.cer -cert = stone.tees_v3.101.cer -cert = stone.tees_v3.102.cer -sslHost = foo.tees.ac.uk -end - -test = stone -cert = stone.tees_v3.100.cer -cert = stone.tees_v3.101.cer -cert = stone.tees_v3.102.cer -sslHost = foo.tees.ac.uk -end - -test = stone -cert = stone.tees_v3.100.cer -cert = stone.tees_v3.101.cer -cert = stone.tees_v3.102.cer -sslHost = foo.tees.ac.uk -end - -test = stone -cert = stone.tees_v3.100.cer -cert = stone.tees_v3.101.cer -cert = stone.tees_v3.102.cer -sslHost = foo.tees.ac.uk -end - - - diff --git a/SecurityTests/clxutils/certcrl/testSubjects/bmpSslHost/stone.tees_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/bmpSslHost/stone.tees_v3.100.cer deleted file mode 100644 index 3dc890606008ba5268943ad713308cc3b4bdfbee..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 894 zcmXqLVy-f1VoF-T%*4pV#LdV60)OvHCphbRPB7MG;v7Q+O4f zL^wd{{pP)Yrd@pbZP|M6E``P}AM0L5cad+sbz5rtZ#1uF`n4;ViJ6gsadBg#LA`+> z8)rhB2V>h0Cq_mV7G@?k2LnE!hh_O08UKU$EFZuTB&*CKVIbBZ;<0{CHjb{ z)dR{R2N5tmF*h+XGPFszd=YZ&Kk#E={i)B7@A_QKWb6g!mo7?nYCH{lvCQe`!M{Ja zUQO5EzW%!G)bkSs(x%0)K73_CaDGib3(MqtHc219J5E_SHTcp+wf??13zK7#@n0q> z9(8QzYzZ+|*<-L<{&9qRPikO7py}p6U4P|EO+45??B6m!Ym@%JjC!5SD;*4WH|kb% cJ4j}(`!WCJD%YLwbBpSo_kY*if7Y870PN;H*Z=?k diff --git a/SecurityTests/clxutils/certcrl/testSubjects/bmpSslHost/stone.tees_v3.101.cer b/SecurityTests/clxutils/certcrl/testSubjects/bmpSslHost/stone.tees_v3.101.cer deleted file mode 100644 index 00a2112f0fa91d47a95bf689f6b6024738b5551b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1051 zcmXqLVi7lJV*0;;nTe5!iJOH11b*4R`}o~}myJ`a&7D}zC$A-4f18*?ZN zn=q4;tD&TUIEcd~Ea0A#pOlyroSB}dkXNQ#oM@DF%e>}VF>&ZixSU8pb zY)Ji|^X;1E^kh|zw-c^){pn=iyXG~sSaQ{?#Xp+bNXPY zBI2=o#s27)OW__*5?@YKn0P~0^?tp9B}iJH#RwR~dJA+GXtil%l#~=$>FXyK<>;k@ zlUy+{$?4^#mgpA%lUXr1ZRr7J4FuUZ6WTl&+kQAPGC~~yN|3V3ED{D{4I&rQn!k3& zUD#Kjcl!$Scz=PBauS-~&l<3$q91=a(orI~qzGNPGw-d9<^nTTROMwtmLDIV!BIoT@*e_$$zg+IJ@k)=*rby zi%zEH+!a`SV|KabyJZe%^-av`7mKrUpN?3nw5-PTS#RvZ;6t;H-irNqgRj( z-Ay*!6YjA7-Sm_zR4#U2((n4mJEnb^ueN4UOv}xtT@PM-otnqOH7&(+G5@^gmC4Uf zD$dMaAU09;gviakciz~P2fK$kx71xre)?Ery^a5Y+AR{_uI~%y?!0~NVDqF&kLMU% zjPzMrI3d1`z2Jr46p@pk{1!JHiV|G;;>DvqOmp^I_*UJr2~2*s=SNLo-GUttJXWq> z%f!scz__?^ra|L0aGcBXGcx{XVF9KkHUoZOILiuy_^bxZK*~TCB*4ca#v*btt@&$b z+=YGhiI?uKIQ2`r%B$Ycz!)Sg&jO4f1C0f03sl;aGD=Dctn~Ghi*oeR!D*}*n8x(- zQcLtfNkNF`=-sz`01N3WI&YGcHdK$io3J-EfhImd8Q&m<>$ict`-)afbgXX z%ulzT?bvo}^MaKtj=YndyMSq3ZMYtD>i>!R-B>mA*B2l9veax&KL2iO)wf>*8K-Ga znI-e})xB#Gsi}tDNt2;aW MouSR|oOSRu0C~iO(f|Me diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/amazon_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/amazon_v3.100.cer deleted file mode 100644 index b62626c195503689b57319f83763e4c1148e34d4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1274 zcmXqLV)V=Ai&BA95m2v!v!jBpg1eD{ zoH(zcfq}W9sR0;70lCINu8EPcsimo9ltDVGw}cG@LFRJ^bA=}sXJqE3m*nRe3K;N# z1ldK{gHsbrN^(*SB@DzsB3vT;j=70d`CwN&)Q1zd?Q>Lvj&6W;G(9^42 zQ=_-I@m{a_&v$wLO~;=Iv4pM<&z#cpUN4|3H<&*6XQjLCdRYi zSe6xLVKQJa;0F3qmY;=%nTd6Qfh&k3&thj_V_>zwVu4wk2`IvV@f92v1POdycO%{8 zq8!x7gUh-b=>a7TTtLPsu-F=a5(0NZn+Idt4_8KZab^Q80}VC~Z8l(fV`pL%lfjo9 zz==#&l|{@z1g3?V5zb;VkOx_!%mR$329c%jxdqQ1aAaQWl{&#=lgxu~-CB2pGMHjU zMwTpt3dKt_^n6r1%Zfo_hI$~QP_r>}6C)$T3emq`cSUu~_;YVYK( zD1W8mn(w@AZ^X|^Y@heD`RPl`uKv3=iPsOj{#a!4#NYn8vBOHw`7RrJ_Zx34o4Pna zvA>^3E}dG)u6`!^e#(ofsoLM>3HrtJNivo#G%#Ze z`pEg<{FOp6-iBR5YV#(0%fvVP=v>IOK04Fzh)=)zKF?We6z#lXA4*)dbV*_nyLINq tTicFH%O0=Ge=WTJV{Y9gCJ$2^{aFjX?g@Rhq`K=~5_j>O2uB&6KmdRaqpbh{ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/amazon_v3.101.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/amazon_v3.101.cer deleted file mode 100644 index 039c7cee794c5357472bf58c309238fde1b756cd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1584 zcmXqLV$(5bVx78xnTe5!Ng&Vv*XEk4do4FA$rANS`U!R&ZYAjdi6Ibu5xWUa(;_Qy}PJ_M$?82p#$q;*sp(!JaalJEXLRKzgoxY zkU%SauUmXG9(5M&{PR7-=7_vy)oJm@&pd1S?<6Kk3vjc@X-X8vC7pJ@x6g1_A(Nz^ z+RDINJt>*Y_vZYq{ac;5=TA#bN6ePP)o|cXfl=sVgh07u5bVsM`PIu4JIL!mfYI&oA`bkp8t{m3FhTpCT2zk z#>GucD-D{MmKvC_acHvv(=P71eLU;+WU9cZIGi>`sTf#w4B1*&bzPzNU$<)FA%zaTl$SU25B4=7>42hzn4 zaytt!v$GlG!fa&ZVM#QIUl_X}+91*(+#pnp6PQKQQ}xp`(+m_1nWR`m z`k!8wYFpFWmwotrL)H}!37u+5Jp)xSnDsgN>G`PkmlcD>KqhH|tQTZaGEi6|XCPxJ zWgr0*048riaH=+Tb~G|DvCuWtH8lcfU|BvEF&2@f@3{rf9dKk`?3FsfW0TB-aNSyW zgU06|qm)@1?;AAUS=e}dN#l{>P%t$K)ZYBZetw1Ac7e+D-^)8qjv;4fVCl=;*vODv zqHi0#N`LwrHNiBge;@BTs!Lv~zj09J=Oc?SEBOiQERQObuKtmun=Y?;Nb$NzN3!>Z z+3Lv?e|%WXsIu*M|6^Mw?);E{SI*qN*1ErDs$5)>;K7@mbDVZ=y0S`lhLv){nMJcc i=Dj%IcTvhFPV(sW*`^zqlvSRx?zr0V_`$E8U*Z9tfd`oY diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/apple_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/apple_v3.100.cer deleted file mode 100644 index 9fec8a21cbed06e88bc03e781a609afaa5955e5c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1746 zcmaJ>Yfuws6wPinfrLkdgrEYlzGy&5z6}J3f-M0o6bfo2(m*L8E@5TejY$BlIMvwV z1GUvM;3&3OtB#dAeV~X)p-`x{$iv6bDWg@;`oPu)qf(35T@c5}O!wE`bMHOhz31Dr zz|QXgcHZ$SE)2o&B(I!-%#C+O+M^%6ej*?H@hWiR3xY}#N*=pG5RbwmypfPl|U zL-=AiO^bO0FE$X0-F3Ky&=Mvp7)_*%a?Bt2u?ZKkbUcABu@qQsXbNsCqAmH@JfI#c zP%gnOE37D;ixyaM)L=vNY&NrXu0l~%R3tBCSgj1J+(@rbSj+}gW()-3SR@E%o4I1e z3-(yjV6~#5X#6T0PA$Wip*jOeEHl^$nnJbOWK{cREE*dFrg^(z0E8>U!04lALM0Q1 zDnnIjm0Az%kUu5{9(CA|b{UmimJ^7101=zyiJfBsGq_5vbkxutxUzW<2~Vv8SlHXlc*p&o>Ahz5^GBZ&duml~; zq*5e7;i%R|TW~a&%63uw|vw(OUt{oC_7+eV3A&9fP zu%%>sK=m0-)3wyrgcvw$$BeuB(mQ`|y~Vo^|NFCVd*G=S(kV5vZfbe>?xk_F@8xwr zet6lbFDg5fR~YxM=0N4(RsC0usaYouS4)2xPASW4sBGIZ>+T`=J<$`d+ZR4va4x&` zSJ!~b8%W&eQ3q2h1~we_6g90Mgqt3kzAa0%`jF4gqY~98!5Y8TwPD%2(uO*#Uc1?< zY5T1|S~XY`dMsnHF7X@Lt@}TPbBkIo2#JcGkk07L0YUKs%aPj4;5@GEX_3gf$~GSd zN4Q}w3)jRq_b2tPUKme(c~Y$iyE)%y{=RG5d!MFfw54AB(7N=}#_HX3m952lFSIWT zo(FRw4z%A6=KwpL1xQA7KMw>4M!T3Q$`5%(O}p4wV4eVa;--lhWt@ObxEt1*eqsa$ zoKgSzxg%0U0t>an55U`gl_U2X()$n9HEmlv7r3yMA_U>WyecrC4g8S^paP*)Se2qA zgf$`K!FXLFWg|n37Shp*W4MxWlAOtbIJO@}q5&Qdx4o*5rP9K%N|JKxb~WPDLiRIe)U7^WX=d87N* znJ0=r7*I6ycU`%@EANrg^vp!Ir&XYp&&Vr|tVQ;`gK+*~wn-kH2q8$PMYc709i{m}Da2=4d=jZo z+caG5TeEeuVQ=lC{90XEbK}l4%MW@C^!Qv!Zz`u3pY5y999eU^wqvN-xhkr7b&4$c iJN1^yP1{BqyKK?2-W$zoSy)@Rd-T&7j!<|M()|b5dP%+j diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/apple_v3.101.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/apple_v3.101.cer deleted file mode 100644 index 78e8174fd34066eeb7414c3a8d85f441d9648982..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1570 zcmXqLVv{pyVr5&v%*4pVB%tGQcQWtS$iAO8GefEp-Z~rbvTc;+SR8Oj^Tf+VMECvRlUUGh}eo;Z90x)EN4zw^ZgZNe-!?&&# zC8>ESz@Q0B%*jlFcrrNHMpy1v}#`z2_Oq z#J8{0TD3xZk+ijda=h@yyBs}!BDb0wA8+k>obgsA{ao0#HM5JSx!msR*?jFo;pD#C zg&|(AizBo83j%eR=TEy)P*eCd6#Gax(9F~6;l&x6t(mSui_VH#z)t+Ka4?d$xwzsyGuc90pBHEZ_ty%f}+dBI4(KLbmL^d2p5gr-=M1pDi9;-Fx3a2p9>n z!inupo9S*$aa2^i&%iUm(4(s zjWeOmgR$+06C)#3C>Q1yMjn<#gZPE93!)7o4Z;mV#W;Z(Bt2C>Ju}Tf(LmmSosCtS zkC{n|MWp}fWvR9`y?xn-&o^XU@sQA|meey)6;p;fEhj%cAJs`^#b7azNtz%R39={| zC@hgPkTH}pkN^q*^Qj;>dm1}C8X1^a=o;#pSQyBIlq$1G7>G59)L%|re(3I--5(4% zKRa9gVp?x(XbcP-XfOgjV`!jnpbO(0Ft#b8hf{uXaRG{}3`{`gtFq`CXv0H=g^`U5 z5pIm=P={X&tE*3Vh)A8Nmi_aMYrfgSOPs}pY12vrP4>?;2uzPz(}`=4x3KDeniI!X1qoxl|Uz?lz3 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/cduniverse_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/cduniverse_v3.100.cer deleted file mode 100644 index 7f4673521e12b4c34ec0d21b8040b3a4f0ce1bf4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1344 zcmXqLVzn`7Vo_PZ%*4pVB%pn`;CCnF=T9g@_nVzSk;F*`KXDDwV3zFa#7K2GBgcOw) zmnit9mXzlgWgA)>SV9ySg`^hc7AxeZDU=qcDkPRDWR#Q?6kF-*mzS68l>tpH2AZmu zoS&;-RFJ5kk*sN8YN%zP0n*GYtOz&VIVZ8WSix8!I5oMnC>2N*0re_4I~vG|^BR~L z8XB1!fI*Zvuc3i~p@FH9v8ko0WfX>&L=1#LW^)L0JLl)+r6!kTCYP2NLPgm{xWf~3 zax(MM)AEZ_V4_?i+|Divp?R4=D~nSNc@4P1UK3&Qb2KnCG&V4VaJA5VipPi229jVO ziU@%eC8v}^4F?5;LF0VncwuB^U~cRM#!V+vVG=J2|70Q!bGo4KG918x_BgCGPcZKc9wSr z%LgakbI(>xI{KZ7nUR5UaTDVugC@pv;G`le%)(^A01gvbeijyHCe{T8Emu(=0m^qnHf7Bn3{WvZ^d%1|l#m%#3grlYu> zD9RDx0`j~rNIE&S$RHPH2qOxzejPPL?-fvT7?)CoEH>G`NOmlcD>KqjFU2Fy*2 zj0`!e-vmspW=cJ|D|0%RR7v*RSBEOZHos6v*LUguA9 z8x&7g1~^UGTDvvCY?+kIq@Lha%Qu}pDe$7l?@v|d+>+PaTe;K28ZTdavH8ZW&pcnV zPUXL3ays*Jk>fh$OH;2YGwiv$(f>T-!c5EgJ@xOGONFXQd^eD@Sr%Cn{BBLy$_*yY zMiUNBeE#&zqJ_5SFLG;cXng9`BY#$H;|}Xz*E*gtN!%^|m+E5sNpK76Ip-u67b_Sm z1e7M_WF{*F6lLZn7F8-ZrxulDre!84mSpDVDL9svWaJlRmQ)(ZiSrtm8W zj4z8zn{u;QCqhzb$H_lcmJ_tfi)v);zTXIayx!?_y8+Xk=rsk;cDQWOHhn$$k~nMK zX}4=J!3&H6=a!^I{N$O%@G8#5Go|RuS%F8bTt7|TZSF{0xpYa?1-=>e5xm+#yW3XQ z>HXT|QPX={H=eO{Q7@Zy_m)KVllzor{*b=7H9U>Q*YwN8!f9J)a;VOpe!}Xr!p6Jv zX7G3=Z(nw91LL_Lle0eaj6a# z_&{3tL5^Vo<_|UlK{if^?M{r0P$5l_5d#AN85K^Mn+av27|_phTI06Y|No7Y{E>T z!G>Z6A|MWzFt2M~Nl|HWiH?G2Ub3E{rGYs}oLktSyu4g56(XmXms+A4l`}Ga1il9%xY8 zdF}RtRIMWKMR7cpPR`*98|wDl()lX)xZ>z#=q6Fdovkm7^uOtGck%u zLA7H^#Rl>q6O>sb48$5l;5PvcfD(1`NpY2h3&6O^l2T38w`jl{0g;{7~L(yZGf~+9+BKv5S9)n#`c~DuC-*zbtb4bwwBu2M*P;89wp10@txzcWAbUdX z%AAdLKPnUYSa-=OnBAM8cdx&ypjz#%;KS(9gK}JEBF>$=?6u70nwhq{Cf?Hx(tcFt z6PhL;7L>m9*pBI6(pK=!dYFIV(GtP;J49buDLlNiL9FV*i}*jzEBZJVJXcffJUyRd zO}~)Hji)MGzG!?C>{!R!_xD&v_X6YaQdOIe9+#Yc%z12+|62A)2-jg9&Pl%y9BAXw uSlwB8Y%P1q9);%Bm4N}dIgg&I{_AgDcXZ378Oz_4FW$Li4(Gc+W`6+%=#dcs diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/entrust_v3.101.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/entrust_v3.101.cer deleted file mode 100644 index 5d16f8d329d31f0969cadc909b4f868a42c5135e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1270 zcmXqLV)XDOu`!3Ta0zp} z=9Ltc7MJMdrIr{v7}$YCxkb#&%ggmr5iG&V2Yn15S{+Y{E>T!G>Z6A|MWzFfY^+9R<(4WIaPm19ONQ4bXjARFJ5USq$}Keo-RO zsZfum7NzDTry9x|$U?M=fxKsAU;y_X)NDNi9gqTMVO6M|3b;I_tKehkY|zB0gd97J ztPIRejQk8haW1ANMn;C|i*;@0-DABad`Pf&Zr|hjjV= z*>H*f8s`o?<71l`pxJ!!(_yXKH*Wi}oMCv~y=~f^J*$2Nm9reYE%{{KoWC~R%*M9Tgh4N)OvIH8IWEc`&uSOvPu$_gq7Z-?#tWHfJhZC^3E6 znR^PHo@OeUPT!uGCw+{}U1{^yWX|Hg+jp$4f9J}7uXp3>(*7?^%Lrv+W@KPo+{DNY3=wt%K493&@-s62XJG-R zZZ-pc5MLO?XEk63QU=Cs9NKKaG|tY*$f9llN{mpx0b`qZMoCG5mA-y{a&ZB2+BPr( znIg}kZJ=qOzCd+>a+@MlWpYstvO;}OGE7d?0}2~hgY+n{m;lqF0UHaD$zY&ipa!#z ziBU`nY6g}h22Mk=d@N!tB61&Bce4HPsIqJV+vX3Ni~d*WmB+X$ r-gIFw{JhV||0|af@1H-r#LB`pUGtdqse75-_BAn?uej~gTz3Kh(9g@> diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/firstamlink_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/firstamlink_v3.100.cer deleted file mode 100644 index f0d60b2b99d0e9565de5bdd976dcd50f4a8fa70c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1647 zcmaJ>drVVT96t9!g;tb$S#k2ZPQfW_doIWn9dWfxX&l3Vu)zqUz1-HTw~yUhMCKG* zTpgK=;kGP`54woLmP}y=5_|-SIu|oXvhjz`DN*7w%sO>GFgoJS0ZV{Anw)db_x--# z>)c;2^s6>Pe?(!BA_C28N>vA|e7nJEwtB zDyoQ9F=SC8_Y7n(P&3nWM2Bb=WG`!R@!Yd84$~SYrnD=DG8uTclS_f~u!&+4 z#yxUH$9mSJC{?o6#S5(2q|bm!anT%v9G4D9f29bf!%QwSJtH$KGpiK(-kV&A7S6l4NxVTmqbfZEA*DCCZAIH8}-YZQG7`wD)`4m(0I@CFfA`h- z2dR$E+P$lL&gxX}LQmEG=7!@H*|A&V_wByW{{E1ApzAm1w${zE$rX&)~N@ zeoX#_zl@NGChj3E)2z258fEHfJ2yyBTOGSD)vA_Lh^Ra586 zXg1;LQ;gxM!b3GaQ+T8dyzGTDa1%2L;t5StWJC~7$C$yGga8T{CDY}w489Ot6ns9A z`ZOCaOBs`DGV<08eLCb|B?>G3Q@!~A)PCYyoQS3U#7XEUy3y)XX(|G_L|{ZBC_o^h z1uhGBO%gi8e|4=WlAiY{dRg$e718UKYmn55{42-3NrZ}%{6qmT0T-wNET{qs5YW>N z>}dCb^*}@n3(Sa>5f%|I0v=e=8S8kYbRh+{c#$_|vEGU-JUV+2V?_#lo){IQ9OUCb zD;yhVSqqG#d*Nsd7pO!}Tm{w_pj|>$iYT4~;k76-t_jy|LX3>;0&t?`LM#iaN2}-2 z<e%S#XVGXDhHFgxN8FTqDkfBjQ{*2kuQq9pHVeU#!5jU=3EVC<@MwvHdAO)~jLc zFOx#+U~KrhDPsIYPW&>UZzts^2vFMD)SF$*-ZFR%y#sgF!DVSu(woET!lI?7Yi}&I zUHjgCauX=yY$LyoT8)Cp_sI3=PGrk2S_T>ia5SGpEP(Y_DyC&E*?@+V)x3!DGUn cKF8c6&8hp(B&+zxj>TtgeW6=XB8}Yr8z^-3u>b%7 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/keybank_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/keybank_v3.100.cer deleted file mode 100644 index e97842ac173383def835942c5e9f55dac4673a21..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1278 zcmXqLV)d#AN85K^Mn+av27|_} zhTI06Y|No7Y{E>T!G_`nq96{JFke_|QD$&vdY+DgXI`?Np}c`CNP=5f3?`uvQdC-8 zqTrWWQl4LwZD?&^2~l7al3J8otdO6kP+FX-kXWLSQBqP+Y^ASXUS6(O1~j!8XsTXv zey)B|L85|2vZjHhp}v7GNHepr8r*c}oW$Z{1!INa)a25lR3KFZ)T`j^sGzIhZe$=Q z&TD93Xk=sn0Z~A%A&_fqWNd0_Y8hpagX%3_18$J{9KtOA8JYQpLIwgLF1rY)b53em zYEEKailLwZKS+#Agu^?vQo$)PFWZpEfD0tVEyC;^>})7$AP(X&iwGnpC+C;ul@#k` zr&fYIV$e7rIb0c88JHV;fnnRp)Y!O;1f$=ihin1#uJ0URQ-{46ZYOsoqGT!CJbm1nUturaV&V6nig z%>)!{z(@-Y3xdReuDg+La#0Ry48mpIjr4$$1}-3D6j*ExK&gQ{q0NJ_?T0HPyEwCf zmVpKvhc+89(Xlfzipk(h6X294tI8r~AOh3E%m`;O8OVbyQD%`a5Ni-w`kq_x+yO`C z#a^isJT}QZ2-mH3Hz`kBxa}wG72>>GdD3ZGL$fR z)auQ9c=e})(d)M}*PmO&rdzvqmCwc94>r53oOpZ6|6AJ~YB*o+oOW-XD;^dxwgX8xR<~Ej^e#`{`I~kk&E*bP0Tj`oyU6o4y#eYOqq{ae|AkYVNN}ga_fBQ zuWKyV9yu4yEBY{5Vc*pi^QN|G9_nma&p3C(MW)xkKCRKd%NBn7koxYWOVl!xvd$!n zzvAXC>xp<6<(^%FV_kYSFHE6S?r2eMgLxjM7ZCx4ONN^LXfC zeLQ(%^o_=kMyl#Z#op%@vDR)i+*se6ww+i0PI;+pi}3w|DQgcl@Xy|B8u(z{gPE7# N9Wa?PvFy_E?*Lmur;Pvr diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/keybank_v3.101.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/keybank_v3.101.cer deleted file mode 100644 index 039c7cee794c5357472bf58c309238fde1b756cd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1584 zcmXqLV$(5bVx78xnTe5!Ng&Vv*XEk4do4FA$rANS`U!R&ZYAjdi6Ibu5xWUa(;_Qy}PJ_M$?82p#$q;*sp(!JaalJEXLRKzgoxY zkU%SauUmXG9(5M&{PR7-=7_vy)oJm@&pd1S?<6Kk3vjc@X-X8vC7pJ@x6g1_A(Nz^ z+RDINJt>*Y_vZYq{ac;5=TA#bN6ePP)o|cXfl=sVgh07u5bVsM`PIu4JIL!mfYI&oA`bkp8t{m3FhTpCT2zk z#>GucD-D{MmKvC_acHvv(=P71eLU;+WU9cZIGi>`sTf#w4B1*&bzPzNU$<)FA%zaTl$SU25B4=7>42hzn4 zaytt!v$GlG!fa&ZVM#QIUl_X}+91*(+#pnp6PQKQQ}xp`(+m_1nWR`m z`k!8wYFpFWmwotrL)H}!37u+5Jp)xSnDsgN>G`PkmlcD>KqhH|tQTZaGEi6|XCPxJ zWgr0*048riaH=+Tb~G|DvCuWtH8lcfU|BvEF&2@f@3{rf9dKk`?3FsfW0TB-aNSyW zgU06|qm)@1?;AAUS=e}dN#l{>P%t$K)ZYBZetw1Ac7e+D-^)8qjv;4fVCl=;*vODv zqHi0#N`LwrHNiBge;@BTs!Lv~zj09J=Oc?SEBOiQERQObuKtmun=Y?;Nb$NzN3!>Z z+3Lv?e|%WXsIu*M|6^Mw?);E{SI*qN*1ErDs$5)>;K7@mbDVZ=y0S`lhLv){nMJcc i=Dj%IcTvhFPV(sW*`^zqlvSRx?zr0V_`$E8U*Z9tfd`oY diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/keybank_v3.102.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/keybank_v3.102.cer deleted file mode 100644 index 642b24a6ea071acc21607ae6211338962062ccfb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 774 zcmXqLVrDXEV#;O`sJ;1*{rn2K?E;nQzn6EK95di$xRnxarzoT`wYms4pdZy*cND+be|5K>fHT%zEYT2h{0lx-j< z&TDC5U}|V#00vRwyhauV76yh!#-^60mQlmPkB#$@V~&xPfw{347<-*ejg1Uv;w}ot z#$;YteR*e=&rJEq83uh~tqN|r?)Fz&6bDMk@49(;j>dR6MxK>mFe`4NoQhaWMD*g9x!1s1Kkzqdv;&U=^2u9L^m;7 zR_OWirxz5=JSGq|Wl6AaNUrvJ-dKn3l*`xO-3v>c6u<0&m*J8)R@J%8;|tTpRn=A`$9B8M&46fU30ng67aZS$_kaJ5Q? VZ$Ee!85?L^SrxHh?%d3Ye*uNI2VwvK diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/netfile.state.co_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/netfile.state.co_v3.100.cer deleted file mode 100644 index 514939bca72459f54dbd5342772e661c316095ab..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1462 zcmXqLV%=oW#4>9EGZP~dlYmuRx)F=}*D0zt&+cu%ZU4}KmyJ`a&7D}zDf z9z$*ePB!LH7B*p~&|pJx15pr%OPDV#wJ0+ZAHEh*10$~Lq%u!JZu3P~->Emp`+Qz$J?RY)vR$S5f(D7MnqFE20GD+8KZ3^Y|Q zIX_pws31{6BU#hXz|hRV1f-c+SQl=(b53G$v4Szs_L9`1yu^~s{Jg{*h2Yd8pb-kr zjtaU8?#2dk;=DlJMur9u5C!C#0Qm++#-^60mQe2A?vk!rDi>enXUKqzWv_Dm))0-uZUdB@H5#Z23H>|iutzrewscrz2|UqtvWZ)f!ntZuK2WQ;)mk4AfeQKTYi=Y zI?ODaFsWUkeoDQr~Q@zO)BK!LK+yF-Xk~x!3>mN2;TX|cX(>8y{JMNq- zf4;FXB5PURYOUg!)^qOj&bLSOoZRMCn;ji?G3#b46Q9QB&Cg`pZ#Rm&dSB4X zx2`^!Q_(H4?aGJVl}yZx42+AL7&ik$WIZ_j$_leE888@d14C4npM`~)iFJX23y7n@ zVru|Oo7@R)9*k{2Tp8KLnGLiIG}t(_*??JqorzIQ244y_a0Hnm&thd@VPLkvWPwqe z0Z2J8JqL#c0TXAAuDh{ra#0Ry(uT^p8|wk3fR+J`P-RgxkcZjI%m`;Ov2jA2=ETBi zPy`cZWMoM*NHI`>@eLT;B%t=@Cl?o>*k)h@SH*Vb?xErNgvn~@>n=8k98^VX!z67$-BZO?Vv z8_yOji{Df%Gkr&$MB=4mlN6QKx$o;XU1E8)@b=oD4&QDV&a!>8*?3jt{p~v^C3><& zu2d?xq?s%K@z=ukv##l?!jt|7Z2Nj`(mwl_3rsuCh{%=59~BP0%k=a$V|c|4nVBDd z{M?bP*`ob7d27uV&4bfZ?rwd(>0et$!34{29vh=OoL}th_e3B(**LY@JlekVGBUEVG8ivxDx#B112j020G3fpO$BuU&+&`jm?D5)4d3AvqJ9aBfKd9m2$p32PilFnp ze$w5$w;n0Gc_xhQ-R4jQt$U)qg{MPKDRxLt?9*!53Sh8JCk-i$j*pStPqJsM(6$ z?T9r~nBx9Vf&Lek&9r>EZmE6e>^Zgnd=uDJ6~6Djp4qJ3G}+nwX0xMoHuq|;v=)D_ zzI$~hGy5{Gow8(`?X!87hp({PmIy_bBfl5;uF>;O5_6vK;iU#rq>};&se9TNzEF%3+FH5zp z>Fvute7+&;iid#= z#t8`mCl*FFE?8)AFamW!gMyKfMZ-YNKn2D(U~H3sTAQC-T!3ON#4dS|T?U#9)EB6> z!CaVJl!KyDzaTl$SU25N4=4c)cAyIdS%6+%B5NRRC}|)L6abb40KVY~|3hEA;FItjdBwI> zhx}{IZLYXgtc$J4zql)EkHG2(v!gvpqOJ+zijS^3ttej@dc&C|@LS$4k7uzy+g&c( zExCHlc-DO0XV?9vxlE19xwcp=m~V#jxg|Rer&Y1WBniBb7P?)lR~GR9{`G9>GhJs2 ze{FUMt1+%BpA!9*JNP$W{GN>8>$Tn)m{*ETR;~9H_#ggzf1b6m;=Rf{ZQ_x-&MDiM zrM17>GtEs>s;xW!`gTu-=-Z3;YtDN2{j%}8#b4(6oQli5BE5F|gz~H#k@=OY8GnU- h=u%93nws~w=JI{H*LC)66Mjo_UuI*Hu5g~Y0szx?6951J diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/netfile.state.co_v3.102.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/netfile.state.co_v3.102.cer deleted file mode 100644 index dc95f4e75c1ed7179d3fd1c466358a791072696e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1236 zcmXqLV!2?@#A3OCnTe5!NkEn7#RG#xz4_Xm-&uWYe*87yW#iOp^Jx3d%gD&e%3u(0 z$Zf#M#vIDRCd?EXY$$FZ3gU1H^M$1rWd>)a=jkYT<|XSHnj4scB)En3oO2S3ixrF& z0!ou|GLsboiZXK(iz*eIQ;SM6(=wA2OEUBG6dX%SGV+TuODYZI#CZ+O3=It|48R~t zoY%+@$Tc@IHnlXhj526EMWhSl4P+rM5Q8~QA*86ZxJ1D(wWK`1DBIA=zyhMcP$OAW z!N|bCOaZ16;t2&^1-JYng+z$ks!~%FN{dq!^7C>k4P6bKL3){mZD3jyNb@JqYbbYI-<_I0Hm)+ewIBS`WcnG- zu{fnwRQ>D6wI>WaW0hWLty<=^x&Oz`(Cr(ydvE^NU&kK)=DqXnv?S5Q^9j65ZruCv z;BXR$ZHVw|&r^{ht!huT`=#f<{t!aTOFaF;#`1o`&L<2{?pke?{Li%Oi_N(QiKIu(%@36^iKK;*quXdgP(W&eB z=3cqzd?3B}u?R=qQ~UYFJB+!`$J(2;PwRRY{6bZfiJ6gsad8vlY+#5?H{b^bxvVfF z<9`-b17;v)U|u7XJggoV`h?K5$S(=S*mSKZ(sJ|^9@;7JS23gCG`wc z#gw5w%gImAM|DP7F<1;_k_p^8MiyX@7^uMb28?YIPy_OliwjT;Ft7s!fhr3q$3nf$ z%m`;O!CA~~oC$3njBP)hSQy#3AWTcAv&KAH*E_?QmE||@dtt>9x#f+k>G!Va|7qs~)*s6a@0G0BzH`yV T@K^G)yw~qK*(X$YZ0~;n-&vrF diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/one.scr b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/one.scr deleted file mode 100644 index a115d007..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/one.scr +++ /dev/null @@ -1,18 +0,0 @@ -# -# CRL verfication of certs obtained from SSL sites -# -globals -certNetFetchEnable = false -crlNetFetchEnable = true -useSystemAnchors = true -# alternate these two on successful runs, flip either one for failure -allowUnverified = true -requireCrlIfPresent = false -end -echo "=================================" -test = "www.amazon.com" -revokePolicy = crl -cert = amazon_v3.100.cer -sslHost = www.amazon.com -requireCrlIfPresent = true -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/proteron_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/proteron_v3.100.cer deleted file mode 100644 index b39bb4f9f2046a117249b0e2d88a9956067a1605..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 842 zcmXqLVs)FR?K>|cBMU2oLE{laZUas>=1>+kVWucY zLs0`^5QjsUCp@*dB(*3{!8x%Y)lkSl03^&V%n9Nugyfg!8Oj<+gT%OmMM5$X%S%!f zob&UFOLIyx^U@WPlMOWt)IieQ!t&0kMJ1VOnaPPInfZAN!Kp=MnaQce3ND#tnZ-a6 zLrDX1kV< z!rb18dBusv3eK4&m4;#lA|O#NVcvkEd|+_o=jkZ;_&6guxxBnwuK+3sc1q)XsQTFGFs(5TkoxyWtgC9$?nSKcSA2=uH752>+|enHq4%*obhd@ zIn$r(*7uxGzk71( zgd84EsY$AfO{c7%Cip2V_f+WzwrdCP@;FV|H$CQ`df1{Fxt>3K&Tl*%?dpA+t?PWt q|DIWlA}TAzZ4>8D{cGDIFvEJHfj`U6EyoqLOZvV)n;dAJ@E8CaH4I$< diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/puretec_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/puretec_v3.100.cer deleted file mode 100644 index 55867c92a1c8803ec48d6f608ec2c0f84d513e29..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 769 zcmXqLV)|>)#FVyxnTe5!iJ4U)&48DUQ>)FR?K>|cBP%O|fuA9_0Vf-CC<~h~Q)sZE zfB_$f!zIk_T3DKymRMn^YoHAh;TBebiYNr9CYKhaDmbSWm1L%6CMTApDma#wWaJlR zmQ)(ZiSrtm7#bLv8X6fJ8X83bxu!tc)X*5rH7G^0&&AbH!axjUI)^ZSP)2HIUQS|O zif%w!VosHzkbwY5hFzG`H$Sf=F)6XM$WX>W3gS9pLxs}36a_;C&%Bb)+qJ2 zUY=R9rE1P8=g%{(pGOB&>)-uXc}mqUX?Kdr>5rT?99uYrJ-;8hux`0(f#NgOe9aQ! zV^eGewrzKcR*<}Y{LhQK3sx}jNZn^*W@KPo+<4HSai4)88)rhB2V>h0Cq_mV7G@?k z2XKVQ@-s622k}`x7{~%WDa*$q#v*beckS=IXVKikE7*28t~{L*y?X0g11pfUJd3e` zp@IGa-38ihni(Y}1y=g{$wfJO>8bf8MWw|hddc~@Ac122VsK<8C+Y!t2J#@i$}GT0 zX%O*vmhn^j(x$1`-ESx>2>2V%m@xke#BNmAUmBDt&qXB}x8UuSfAD$u(&{+__HX?N`-V%oHTnTe5!NuVxyufYHM+BS=4M~d54$V(gWvT8uPey$-3&i+9GdWNzF(h#SL6sIPa7NzPX!i~sFEiq`Ej~pV5 ztPISJy$lA8olK3540mPQ&vn0dX3u;1`=GH~xR-C-$$NQsKYvSDIrq|)4yj7@Z$ICO z@IC+dzUrsq1e>OHKKuFVK0Q?AY+vG@^!P`Lr1=GtJsowi5i0I0RTP#SS{M}nkAG8p zZqx#MWM?`l5Tq29Nc>1a&r;edL@Ru_)o^%XyXgOw5c7jEfte z8#F#K-~oCJlJ(5 z$Pocdn#{l$a9yivyKwnK;|+Hf_k_Kd>r_u%+?YAR_RcqBSvFsue7w<+?PTs^raInh sg88`?-#(=U_x)X59=ow==k)uX@1|@oD!JD4Vcwyv7e4#e80?)30JF~)8vpm?<>a zP~1Qi#NiU=3rj7^49-l?(^2ruOV%?qH!uZBa0}}>=Oh*vD;O&TlqTh5CMyIKW#%Rp zRVp~A7L{bCWhN(L=zfI*ZvuOWzQWMph=X=)i| z;Dh9VC`Ut817(Nk>Sea^b5VB_3O?W{;QRpxX_-v&}Pk<6Dhxw z{}_3*PuZK_uuK0T%j5&be>jbmUvigd7an0gcIoUR{jZ$KXa9RFW!V4V`R9)9x<>bA zm_6fK%TRqJ#ml;-l=)M^q*}hDuZpWP%~}jgC;ZrdJf}mNZEDTQrz`H2F4U>YxPSGO zOnXFvBoi|u1LNYxe+G@e4TONMmlbAY{LjK+zy_q47#R$>L1O$YEWpTOGZ19sOlb39 zZ2RHF$OskE0LcroC>qEwku{Julr#{B1c3lB3d#~oQhgGWQge)T4NVOUK`P~0vdsFtF3>9hM+-=^feFYORTfdxL z0GWXi6S^k()xCvxFHMM_&wZ|JpKxIR-N%g2**XjD#`79T6kCrU@ ozNn@;!KVBy-#HJadPezRV0ej&6*#H0l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/verisign_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/verisign_v3.100.cer deleted file mode 100644 index 149e878fd6cd13dc250c0a03ddf4793c399f8c61..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1788 zcmaJ>Yfuwc6wYoo0SvE@5I~?Th{!X!%Oen>v^0PqNG-t>8Hc(io46XXn5Pdw2$D)8 zLd9XmS}@k4Qy)`xtV(^f9R|nJg4Pxsv}3V4R_ib*jusW$?t(Cc&UAn6cfNDZJ?A_3 zTwvpl0~=@9$%Y{q_ElWF_&oAZWO;orbXRvc(h9t|9ZWmu1;1KE^A zVhLfWFrt(OH5&;OH=%1yrb^>tiNtEPiY;_jBb`;OqADbYN*s+=#Q-Um2Bb_dTOgUq zF4y5kBbtQfY%~#iHK9h8xQTNTFARW`L@Aj3%4nEK!<59N z6j_R_4A`I;OaS;?UK|%fAX{n%46!FW4FUnPjj+Hyo6zA_+(2N#Ac(2PN8qQ##2_A} zOJQ0`5l63y!F+)?LvjReiOI6mv^1%!fZo89q4`3NEEyyxO`c6-cfmY4UB8Ah=t&$C z0U_h$CiGfHne`@|)T2t0uwoGaW$YfppyaevGzX{UT}Gn=XEO6FIoNXwZ=D`yq^%RYSs1@#|%6@jWa9C-*(I_^3739)@{1!x-nnJGJ%3w$R{kec)v1LN z{`Va7IM{NH>|u3vSDkg->H0B?W$)P-bMJ-kP~)!hfG=Zlk7qAOc+PXZui75QMpa85 zZORJSa)W}|5DPkBgKfYD*MK?)tz#%3sjCNdwYLALY4e1h9}IEOB^adV8EK()KG6kgb2rKE90Klt%{PDC4}mShu@0q-M$O( zn6iBkgbj0?Ad>-MNGeDHNlwfuu_rL=N^fh9GGA}fC8!KK*QK4ZCjuZ9(;UcV;!)&H z!0bP7wLK5AkLN&c0bCFZqPgz$)^Rv)FeD23zgK|vq_ZqU!a>+{2pgLDgSj44dEY@G z+JW|5fCK_jt*}UbIn*+ms@VMQSShvpN!srN7k&el={N{N)`7JkZW;r~9_HE`r7~8! zG)K4ax?%v&6#^%57vI+cO$k95fPOj@@d&}cut*<%=2 z=cZlm-uwvj_d8n=8|V0$9KLzF)4p<;yw=heG4c5sjeO*ez~e&4vo7A>4=VmV`C@;= zNB!=lgWkrvUg_IV&!(<#mWq3?xMd6p;)`z`%Hw_EKX{AlHDu|1PZd9!c{^%PV6b2U zM@~4}t?622$-?g*i#v|)cqMrDYxTf=_lXuujr0ct;@o@Xyzopx#|J*mE%K&InZXB_ z`jkCLxVgvKG3(%AB<`z4^|{@evLi|d=36nk@3TSDZ|lpxZ8uIY(>k8Zc3}Tx HJ+%J|DYQ_` diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/verisign_v3.101.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/verisign_v3.101.cer deleted file mode 100644 index 78e8174fd34066eeb7414c3a8d85f441d9648982..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1570 zcmXqLVv{pyVr5&v%*4pVB%tGQcQWtS$iAO8GefEp-Z~rbvTc;+SR8Oj^Tf+VMECvRlUUGh}eo;Z90x)EN4zw^ZgZNe-!?&&# zC8>ESz@Q0B%*jlFcrrNHMpy1v}#`z2_Oq z#J8{0TD3xZk+ijda=h@yyBs}!BDb0wA8+k>obgsA{ao0#HM5JSx!msR*?jFo;pD#C zg&|(AizBo83j%eR=TEy)P*eCd6#Gax(9F~6;l&x6t(mSui_VH#z)t+Ka4?d$xwzsyGuc90pBHEZ_ty%f}+dBI4(KLbmL^d2p5gr-=M1pDi9;-Fx3a2p9>n z!inupo9S*$aa2^i&%iUm(4(s zjWeOmgR$+06C)#3C>Q1yMjn<#gZPE93!)7o4Z;mV#W;Z(Bt2C>Ju}Tf(LmmSosCtS zkC{n|MWp}fWvR9`y?xn-&o^XU@sQA|meey)6;p;fEhj%cAJs`^#b7azNtz%R39={| zC@hgPkTH}pkN^q*^Qj;>dm1}C8X1^a=o;#pSQyBIlq$1G7>G59)L%|re(3I--5(4% zKRa9gVp?x(XbcP-XfOgjV`!jnpbO(0Ft#b8hf{uXaRG{}3`{`gtFq`CXv0H=g^`U5 z5pIm=P={X&tE*3Vh)A8Nmi_aMYrfgSOPs}pY12vrP4>?;2uzPz(}`=4x3KDeniI!X1qoxl|Uz?lz3 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/verisign_v3.102.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/verisign_v3.102.cer deleted file mode 100644 index bdef91b6b947e0576eb26cc7c15420003e5616aa..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1226 zcmXqLVmW5e#G=1|nTe5!Nx*cvVf*KHD|Vy0a}hkV>uwqFvT z0i{VfnaK(PMVYyYMU@K9sYNB3X_?81C7Jno3XY{E8Tmz-C6xwp;=BfChK2?f24D~+ z&TC`{fHT%zEYT2h{0lx=8bU;$BJsFAFx zU}RumrT|k3@q~h|f?Ix(LL$U%RjDZorNyZV`FS~&hOP$AAid1OHZUy;r1=wQw!5i8 z6QdGx05h^OFgG#sGXTZ8n3@HbnTf=c&k$R<)R9iv%hUFYmM`4!Ws&Nq^)i#vC7ym^V|hPe=M#n}cdfQc{%6|t#pd0E?$_qsZ@ye# z^Xc0M+x2%#CmKu2$~c@ZQIS-fd{gA#8m*w?{a0B$pY$fXci3b$pZ@2*SG&&t=+t$5 zbFW-`7=i@kS+oo^4Ad5=EKq7w$S5f(u+rC0F3Qm>1188~V1m?3&d=2^NKQ1? z1Bx2(fwb_0%wPc~cs2uD5MP1C%)rFJh>ZovWH104$Ht+}22AekOpIbOAR~)`W|o(i zqnepqPz+9DvV1IJEF$%nQhz}go<$j^G#51((yy5b?BQ!S}ypem*e4Ue4s^n6sumlcD>Kqi^M ztz%>X2Bd)sjBmi$CIK}dKe@O7#Q@}F3oI9y8ygw;Ro8jEl{Rkm;n{lV`aj=m%^E(A zsR<0+oV^W%j7SoS;ciZ Nb#;^9e^cYG1^`%gm3{yK diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/wellsfargo_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/wellsfargo_v3.100.cer deleted file mode 100644 index f95af0a019c93b52c2d16a6a8937eeca94efe99a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1147 zcmXqLVktLhVt%lInTe5!Nx<>w*$Go^7J47-ayhzp(%oA5TXoPan^aNClq|7d?$+O-pkHm}LfX z;=G0i2BtuFfI$?HYY5^R8Jk*~T1FW(wi|LAaDr@O6J`nxHWW4x1aUZoxttSoGSl*l z@-h<*#SBD1g6tx^!HIbaZbgZC$(hB;`GyJxav*Uo5%KWUoSb3>x5T3Ke1*ik6b0w} z+=9fsN<$t4E|3at5oXU|cSC6dNf3`&LxPn2RtJy19M|9Fz`E> z8XFl-ZvJ_|%W0p~5v~PWAIz!j3~Jigxw+|%F0-~=`C*^h>E=ntstvbht6rX0SI0iJ z?%V3Dn2tB;u@nXfa{{Q{+@#Qr_6W?`+=_;Y=2c#U5}-i|Lj{>gT2 zEwxy;*_w0dE%#q$#zs8Om;d%^Y~ajXIlphtUmKl^KLweX85tNCH!-d?XkuIm4lY?? z7A6A*18$&yWcgWGn3-4?7}$U~@+_tXz(`-9zd*N5JENqez)D{~I4lSl={dT|MLDRk z36;&|u@xW&6(L{SX)H%KBmwa6e3rkRn4CCMORVcdckgD8UtgD^49%-qEERQ>eK zGy|a14cOUOwfUHtq*z3}vv+DtW8>LnI?mR&SoW3TIEj^p;XVpgBF u>su8mvMthbyZZ57t@NoTI^DIQ-`ER!9M64AVPHJ17xPQaqII2{$p!#~hi7#F diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/wellsfargo_v3.101.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/wellsfargo_v3.101.cer deleted file mode 100644 index 62dbdbb2b3b54e2d3e508afa213fa12628ce40c4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 903 zcmXqLVs18QVtTWHnTe5!Nx<#T>s?ze=<`oXn4xSxnZ4hDmyJ`a&7D}zD2 zA-4f18*?ZNn=n&ou%WntD2T%)%omnglo_0vo~NVWnU}0*Xl`H%lHeBBbIwUDE>DJm^4QSeJGDbFv;hPjFx!&Sxxh7eb2 z!F77(m82HsfnAZ9qY#{0RF+z#;OwZNs{nPlp{Id6M3X~#dAS}?I4)ylU@SgI~c)qc4D3hU)P&&;e>eelVN-u8TzO|fg}rjL7HO?P@b z%Y;kx%F39p4yt!=vL7_sRGM?-)b7Rq!qf|$S0#Tnu$!#$^w&pD>(ASL{Vc!7ct-6w zD0_KR*S`XTsZOW=X$N*k*;xHl@}IDYX?gG*f0O5{SvFPYGchwVFfMLjO>hz23iIhY#iEbz{J7M#3&|{ zQBqP+Y^AS{EvO7kK&Gg&=o)Clv@kQmSxju45ObYa7}>aBR&X#HaD#O5v#zI5Ry@A*86ZxJ1D(wWK`1DBDonKoq2aTbK`~Ku5tdFImsf z*uW4Xp#_rwikGAoJjSXtUB@E$$QqT6OYRkCv>O~^6)#v&^sRTdapLQYsis#NX4;(I z_Kc-VO>%o2(^NABbp?Gdw+z*uFEyRyMs%%!~|-i<=m? z8#FO)28Xw-Fbk6bgMkasC$b7Gwg%P)mTcS!Z61tmKU^8v#hDGX3^dp{wAp}3ke!K9 zOeUkGq@dVJUmsgw8gPS5;b&oCW@23cjtN;+7F`2vHcp6vPArUUTtK5(7@N$wn3-Y5 zGBd(iOh8>w%NQA1Gz`=XRA77q#x@C%qfYNHaIIOiM{iO*S>QG&4y}OG`?! zOifNQNHZ}rPBt{ig}INBhb7SHdbvu zW+o{Xk^ZNbrP|i?_GKSF-;j01LqexoQqMqDOd0Croc#2BR5zCugT+85p_U2Ez$6v- zdXk&cJHy@0sycgRn)+4*YAlhzw=VL^RqM1P`P^z-XJ0wEXKAE##nrOARf}3~NnUhV zS#ru~HLup&lwzs%nkoEOzU*7(b!o$|sl6TdWlV3lwDkSH@LWAx_^aZ6*7WatN;Vyz irp&(Wd|iBR-kY<9*ZG~oX1~=oNYCHA{pZRa{R#m1t$Qv2 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/xdss_v3.101.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/xdss_v3.101.cer deleted file mode 100644 index 1c84d8b541b4514e216e61d43a5e7f5644757ded..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 903 zcmXqLVs18QVtTWHnTe5!NkG-RtJT8k%;Sh3NAIpv%3ET<%f_kI=F#?@mywZ`mBAq1 zklTQhjX9KsO_(V(*ihU+6vW{Y<_k+L$_&m-&(l%x%uCiYG&e8>NpK76Ip-u67b_Sm z1e7M_WF{*F6lLZn7F8-ZrxulDre!84mSpDVDL9svWaJlRmQ)(ZiSt^T8<+qM0D~xT zUPD7e10xe7V^d30%P51!U54@ovJgwfV3sO`6qOd2DEOt8l;;;^!(7FU;VNSTLx`)i z;5t3?N>YpRz^+KlQ3y^gDoZU=aCTJCRe(C&(9^&jqRFAWyj%|`ommX@r(SY?uD)|X zFvz?4MFo0El?p+rX?hAio{mnQKAs_w3O*q&dK$@^mgWjD%M2RlBZns=D+6<5FM~m2 zCsSi1!;Pkf7uO`2YUNucEL9h!YCqh6h4u2DXJ*!`KKSHBZ+pJVrr0%f)5pE9raQfz zWx^$TWo67)2i3bb*$*0RD$O}^YWL!QVd{m>tCGJO*iF`W`s*X7_2=!rewN>3Jfn6T zl)b#E>tBJvRHxJbv;(`NY^;7N`A^uyv^;o@zsd8}ESswHnV1xVpxIw!3Sy+Gxl+8d8 zu8NTnDg=sBS$P(qLk!dws4P%wQvf*v=!WE?9MtG4NKQ1?1BxO?0x(fC14EyK@y(Nr zDa=kEi$5wavby*3*MN0jZ_UY*afGG6^^4vPr885{S{j{K{_?=-a!KPl>Ud3$k< z0;lf7Zx1C|EjHNl&#(V6kLgYuQ(K~+T72C6Npd_YOTJzx5I(PV*xA-oc3zWSQ2ZXd dV`-X$paKSB z1|m$1jBte(29{ujX!bKVHZnBsdw*J~_Gt4aiGMox+D|T-XdJ;|u2xX?<$dfygCvIZ zl}Ua6D!q3r(;SZmKaFVG=%W4i{>DO$OO`u@e0lzEX)GY9gdepi62}X}W@Q zkdH!1YH^8zv!kK7fhb6hi-*s#pdcqz!8t#-ptK~l$Ush<*TBrc#L(Q(($K)fAWEFq z5X3csat+K4WelVs#tNeuo0FQDhTGuA`3AfQ_c5|EFgNxx7&LY=H8wJwFzYIw)#Ish z#g8%XOxX>I|MR9_5B(@8%e1NJ(0o4UKRHRRHE-l@6*wPad%sL?(cdCP!+?ewRY9YXnjTTvSnXcvs2^Gir$Q#b!_(8lbx?k z0&Lc9Q{msUre;;}y@yWK+WV@C1e7FszO?X9x%KwyFEjNosmztncX+?O{Z*S?DyRIL oyT$6oAy0R^=!opD^;Xo7`eCWGz1e5g8|H=O?{|kE>-e_|0H8s-!~g&Q diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crlTime/crlTestRoot.cer b/SecurityTests/clxutils/certcrl/testSubjects/crlTime/crlTestRoot.cer deleted file mode 100644 index 712983e69ec16a4f255730d868a098290b4824ad..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 517 zcmXqLVq!FCV$52=%*4pV#K>U4&Bm$K=F#?@mywaxz|>I6K!S}ql!ci`&?PmgG+n_t z$VZ_hwYWsV+0jtkKolg$#lz=VP>_?V;GCaZP+F2&WFRNbYhY$zVrXt?X<%t;5+%-S z2;!PRx#Sw#INyL5;W|cE2Ij_I27|^(7a;Kcm~dj%LTX z{r}IWkYF*1dF}~&rl}1#wydhW$KdI_DMjOl#h=~J?z%J2K4NZEmiR>e?AE59JH=<; zyJhRo@p|-O%Co>kC+*KnJ8xaJn)UlB&%@>FLQ9+8%f1o$Bz{`>uFv-w-0911`9*k# z#cf=vCx1_xiJ6gsaj~+2q5(fJOk{-_8UM4e8ZZMX13r)dKS+QD7|3nNeqaUpp^+ic za*6-j4ToO6+Wt_r_u+4w>oca=e)(wPCAcg+;f+;WiEQtFrU%#g*9TwL*E^o!#k5*X z{Jh${+g@{Ie%qEXG~7s&;!F^h*s$%XOzw&*y@#u2B-@q0+9~8wrm(4|*oF6VX`*3k ix!zH&HCv~5FTM3w fail 20060418090559Z -# Test cert at revoke - 1 ==> OK 20060418090557Z -# Test cert at create with CRL ==> OK 20060417191040Z (before revocation, before CRL) -# Test cert at create w/o CRL ==> OK 20060417191040Z -# Test cert at create-1 w/o CRL - not yet valid 20060417191039Z -# Test cert at not after w/o CRL - OK 20160414191040Z -# Test cert at not after + 1 - fail 20160414191041Z -# -# Certs were generated from CA in keychain, crlKeychain.keychain, pwd = crlKeychain, -# in clxutils/makeCrl/testFiles. -# - -globals -certNetFetchEnable = false -crlNetFetchEnable = false -useSystemAnchors = false -allowUnverified = true -end - -test = "basic, no CRL" -requireCrlForAll = false -cert = crlTestLeaf.cer -root = crlTestRoot.cer -end - -# -# This is a handy place to test the corner cases of notBefore and notAfter. -# I don't believe these have ever been tested right to the second. -# -test = "basic, no CRL, at NotBefore" -requireCrlForAll = false -cert = crlTestLeaf.cer -root = crlTestRoot.cer -verifyTime = 20060417191040Z -end - -test = "basic, no CRL, before NotBefore, expect fail" -requireCrlForAll = false -cert = crlTestLeaf.cer -root = crlTestRoot.cer -verifyTime = 20060417191039Z -error = CSSMERR_TP_CERT_NOT_VALID_YET -# CSSM_CERT_STATUS_NOT_VALID_YET | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS -certstatus = 0:0x06 -end - -# -# Note root was created before leaf so we assume it will be expired at -# the time of the leaf cert's NotAfter. -# -test = "basic, no CRL, at NotAfter" -requireCrlForAll = false -cert = crlTestLeaf.cer -root = crlTestRoot.cer -verifyTime = 20160414191040Z -allowExpiredRoot = true -end - -test = "basic, no CRL, at NotAfter plus 1, expect fail" -requireCrlForAll = false -cert = crlTestLeaf.cer -root = crlTestRoot.cer -verifyTime = 20160414191041Z -error = CSSMERR_TP_CERT_EXPIRED -# CSSM_CERT_STATUS_EXPIRED | CSSM_CERT_STATUS_IS_IN_INPUT_CERTS -certstatus = 0:0x05 -end - -# -# Begin CRL testing. -# -test = "CRL, prior to revocation, within CRL validity" -requireCrlForAll = true -revokePolicy = crl -cert = crlTestLeaf.cer -root = crlTestRoot.cer -crl = crl.crl -# One second before revocation -verifyTime = 20060418090557Z -end - -# -# This ensures that we verify the CRL itself at 'now' instead of the -# cert verification time. -# -test = "CRL, prior to revocation, before CRL validity" -requireCrlForAll = true -revokePolicy = crl -cert = crlTestLeaf.cer -root = crlTestRoot.cer -crl = crl.crl -# Leaf create/notBefore time, definitely before the CRL is valid. -verifyTime = 20060417191040Z -end - -test = "CRL, subsequent to revocation" -requireCrlForAll = true -revokePolicy = crl -cert = crlTestLeaf.cer -root = crlTestRoot.cer -crl = crl.crl -# Normal revocation case. -verifyTime = 20060418090559Z -error = CSSMERR_TP_CERT_REVOKED -certerror = 0:CSSMERR_TP_CERT_REVOKED -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crossSigned/SOA1-SOA2.pem b/SecurityTests/clxutils/certcrl/testSubjects/crossSigned/SOA1-SOA2.pem deleted file mode 100644 index 071f4e6c..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/crossSigned/SOA1-SOA2.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFGjCCBAKgAwIBAgIUb912vFD5/QTVUhe9LipdbaECeGwwDQYJKoZIhvcNAQEF -BQAwgakxIDAeBgNVBAoMF0NoYWxsZW5nZS9SZXNwb25zZSwgTExDMR0wGwYJKoZI -hvcNAQkBFg5zb2ExQHVub21pLm5ldDEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czES -MBAGA1UEBxMJQ2FtYnJpZGdlMQswCQYDVQQGEwJVUzENMAsGA1UEAxMEU09BMTEe -MBwGA1UECxMVVW5vbWkgQ2VydGlmaWNhdGUgU09BMB4XDTA2MDUyOTIwNTAxMVoX -DTA3MDUyOTIwNTAxMVowgakxIDAeBgNVBAoMF0NoYWxsZW5nZS9SZXNwb25zZSwg -TExDMR0wGwYJKoZIhvcNAQkBFg5zb2EyQHVub21pLm5ldDEWMBQGA1UECBMNTWFz -c2FjaHVzZXR0czESMBAGA1UEBxMJQ2FtYnJpZGdlMQswCQYDVQQGEwJVUzENMAsG -A1UEAxMEU09BMjEeMBwGA1UECxMVVW5vbWkgQ2VydGlmaWNhdGUgU09BMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEWDBaXgzDJTUFWkXxx76N8kMMC4 -gJNxrQ2khgx6X3WosaQjjTl2ELyU3vb5j97xQKD6TgIXJ5h8ARXKPTg1oDFCnVV1 -HPxeLRZw5JE+QPfNfBEXAKKBN8onezfqn8GuR8B67WsDQ9++HEsfwa2Ezu76fkjB -iN3TujqB6xbwlyYY3nXkvvETEXQ3Sdqzuj6MpX1m/WeNNJAMxYT8SNN3fh1/S9+a -gj/35twKYmoXZnaWpoxryoef9j5vle/onU6Xuk/6FQZ3iqJ6ux9a1f9Wm4KluYaO -LnnMAF3e11YPJVKP9I/ou1dA4CCRiwxcPBrDNK2ZaSK9Kd+vXj192JpxrQIDAQAB -o4IBNjCCATIwgeIGA1UdHwSB2jCB1zCB1KAgoB6GHGh0dHA6Ly9jcmwudW5vbWku -bmV0L3NvYS5jcmyiga+kgawwgakxIDAeBgNVBAoMF0NoYWxsZW5nZS9SZXNwb25z -ZSwgTExDMR0wGwYJKoZIhvcNAQkBFg5zb2ExQHVub21pLm5ldDEWMBQGA1UECBMN -TWFzc2FjaHVzZXR0czESMBAGA1UEBxMJQ2FtYnJpZGdlMQswCQYDVQQGEwJVUzEN -MAsGA1UEAxMEU09BMTEeMBwGA1UECxMVVW5vbWkgQ2VydGlmaWNhdGUgU09BMA8G -A1UdEwEB/wQFMAMBAf8wHAYDVR0RAQH/BBIwEIEOc29hMkB1bm9taS5uZXQwHAYD -VR0SAQH/BBIwEIEOc29hMUB1bm9taS5uZXQwDQYJKoZIhvcNAQEFBQADggEBAGEP -LTA4uwlmXus311kXXuVuEIr1oUwhXhVDnE9hricbme1UQ5/NkI1yVEzbxKyPtUtS -EO9yu4TWN/q3OMcQ2Zv5ga5l41AxVeVo3zqU3K5AX81YkYKMKSfBEi+eW0lzy+eI -KhnWjoAuaYXdz6HbDrOjUmmQw+8Ix47U+Amo4ObeUkTa7GzLG6IomfCHKP7+fe5x -ehVT4VDmnJ03H+M2hAnpjRLrPs5M5JtlFcAHrKbDARhbN/50SUwu+8IqfI9ovWc5 -TJxSXC2qoc8QKgSjCw548nM7Da9NmcahSE1a4iGkzRilnRgf+p87BtD1SaYapnnt -hNtZL6VNsUU2f9XlDns= ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crossSigned/SOA2-SOA1.pem b/SecurityTests/clxutils/certcrl/testSubjects/crossSigned/SOA2-SOA1.pem deleted file mode 100644 index 1d540e11..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/crossSigned/SOA2-SOA1.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFGjCCBAKgAwIBAgIUYrQuUHm57gkeYEDPwn8UKLjYrI4wDQYJKoZIhvcNAQEF -BQAwgakxIDAeBgNVBAoMF0NoYWxsZW5nZS9SZXNwb25zZSwgTExDMR0wGwYJKoZI -hvcNAQkBFg5zb2EyQHVub21pLm5ldDEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czES -MBAGA1UEBxMJQ2FtYnJpZGdlMQswCQYDVQQGEwJVUzENMAsGA1UEAxMEU09BMjEe -MBwGA1UECxMVVW5vbWkgQ2VydGlmaWNhdGUgU09BMB4XDTA2MDUyOTIwNTA0N1oX -DTA3MDUyOTIwNTA0N1owgakxIDAeBgNVBAoMF0NoYWxsZW5nZS9SZXNwb25zZSwg -TExDMR0wGwYJKoZIhvcNAQkBFg5zb2ExQHVub21pLm5ldDEWMBQGA1UECBMNTWFz -c2FjaHVzZXR0czESMBAGA1UEBxMJQ2FtYnJpZGdlMQswCQYDVQQGEwJVUzENMAsG -A1UEAxMEU09BMTEeMBwGA1UECxMVVW5vbWkgQ2VydGlmaWNhdGUgU09BMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5i/VN4QcXCrDemAaFo4bRlAazVD6 -1daCxzISk7NF4ELpkN+aSJumKbz0OdoE+gOc4Fk1MSFswFXcVjgowPsT/dt1L6gV -AaEpYLbOLHf4dVb+fWJYI/AOM5JP6RaMTP3w57RNp8Gw6EZBCXFE7lQVzmipNwVt -Dm8yZ8vHv+m+h1MnmM8ehX3OUfYqzTcg1uMsWLqDA90UUglkdAjtYW4feL8+2zdb -p8k1BkHJ60X3JgHKTTZx2JZTqouabPEk8TgO07Yffo4FSzOLNYUtWhFsrzKoUWEz -cz3z/9M+BoQxal0WoFAmMvpWesbIg86ivThCyM3njNK1plG6eOPHnKoUcQIDAQAB -o4IBNjCCATIwgeIGA1UdHwSB2jCB1zCB1KAgoB6GHGh0dHA6Ly9jcmwudW5vbWku -bmV0L3NvYS5jcmyiga+kgawwgakxIDAeBgNVBAoMF0NoYWxsZW5nZS9SZXNwb25z -ZSwgTExDMR0wGwYJKoZIhvcNAQkBFg5zb2EyQHVub21pLm5ldDEWMBQGA1UECBMN -TWFzc2FjaHVzZXR0czESMBAGA1UEBxMJQ2FtYnJpZGdlMQswCQYDVQQGEwJVUzEN -MAsGA1UEAxMEU09BMjEeMBwGA1UECxMVVW5vbWkgQ2VydGlmaWNhdGUgU09BMA8G -A1UdEwEB/wQFMAMBAf8wHAYDVR0RAQH/BBIwEIEOc29hMUB1bm9taS5uZXQwHAYD -VR0SAQH/BBIwEIEOc29hMkB1bm9taS5uZXQwDQYJKoZIhvcNAQEFBQADggEBAJof -SEKxyUaCjdA3HQ55g2UbjvgPFJoduAv/z2WVfBE4enIzQoEl+j7vRJ5YvmB5doeC -1Shz5/qEr7WBmN4RbcVTMoYEEXwi/NvSgqqQ2ta6fO8tRhzPhH4hhFZnr/LxkkYp -/2cVuJWp1VS5cZZ521BFHXc+ERsZiKPog9CEV5LkAYwCdJUTTH2RENagdCugDRUX -wX1AkKod+mrv6dxXrcmeARqAr7lBgnW0AN/3GF37IG+syNEo8P5Y7YxcCmjiBO3E -+eabGjVlTRTDVyXLUWvAswBEX4Ousk2c7cY68sWw76iNjjdhdCfAIeLrEYcVqg5r -cwAnKtpeo50GXUmtp20= ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crossSigned/crossSigned.scr b/SecurityTests/clxutils/certcrl/testSubjects/crossSigned/crossSigned.scr deleted file mode 100644 index 0b4b9c0f..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/crossSigned/crossSigned.scr +++ /dev/null @@ -1,44 +0,0 @@ -# -# Test for cross-signed cert detect, Radar 4566041 -# WARNING this results in a hang when running with a Security.framework in which -# 4566041 is not fixed. -# -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -end - -test = "Plain in-memory cross signed detect" -cert = SOA1-SOA2.pem -cert = SOA2-SOA1.pem -# specify verify time so this test will always be valid -verifyTime = 20060601000000 -leafCertIsCA = true -error = CSSMERR_TP_NOT_TRUSTED -# verify we got both certs - IS_IN_INPUT_CERTS -certstatus = 1:0x4 -end - -test = "verify with DB containing one cert" -cert = SOA2-SOA1.pem -certDb = crossSigned1.db -# specify verify time so this test will always be valid -verifyTime = 20060601000000 -leafCertIsCA = true -error = CSSMERR_TP_NOT_TRUSTED -# verify we got both certs -certstatus = 1:0 -end - -test = "verify with DB containing both certs" -cert = SOA2-SOA1.pem -certDb = crossSignedBoth.db -# specify verify time so this test will always be valid -verifyTime = 20060601000000 -leafCertIsCA = true -error = CSSMERR_TP_NOT_TRUSTED -# verify we got both certs -certstatus = 1:0 -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crossSigned/crossSigned1.db b/SecurityTests/clxutils/certcrl/testSubjects/crossSigned/crossSigned1.db deleted file mode 100644 index ceeeaea105d13f2314c7e7cef73448ebeec22f19..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 24768 zcmeHPdvsLQxj&QlBr|zGKmrU8oqbMb{f4%6noXl*LUZ*aZS_8UI-v74ExujT#`I`f-7!sDf;vmL zXxfE1)zA<9LerW?L0{LjmIJ6e11BiN*212wTVY$<3j3g@+0c&d66hxAe&``hi%Wo3 zLw7*Irr*qVoH8j>NxuB(P zX=QV573xfdVvMYP8NdlcST7N3>GMFSKdj1nNziEZM7bMvlB3rfz$q=Mvb?;byOoFf zn5E!T;PpcMnE>UyWkAj2-cVJsw4t)4zPY@%rlMtW)e4-ihT5UgIIs@2v8FK-91S(g z%9^SS5`!l-22U2wjX#~IaYbES6_$Z;hih3&gK{mHMeoyqe(7ivPv==a$GxDXqN<^( zW>HNA9Mhp38^|aJ{;+>5@v#Xu=aypFwr9{B%Hk@ao1n1cVaLOchaC?)0d@lH1lS3% z6JaO9PK2EZI|+6Y>?GJpu#;gY!%l{s3_AsO3hWfvDX{IZ?Xc~z?XXi}r@~H!oeDb* zb{gz7*lDmGupO`+upO|Su${1-u${2eVW-1Rhn)^P19k@N4A>d4Ght`K&V-!_I}3Ie z>@3(>u(M%j!_J1C4Lb*R4(uG*Ik0nK=fci~oeMh;b{_0J*m3<5({={=~vNjXDB9Q2|ek_`VeQNeXy=2a9+k@RJqr%r!*35%@C|@XR$tyb<`b z6!6S7M7$CBDGGRworpIAKUD$GYe&QzfuE*;=d~l^jlfS=!1LM>@kZd!R>1Sx5%EUg zXGr4tJxPg-KV0kNGK8dGYdc!d}RD7Qp88bAGabtGXC&BLB;>b_*0^YkBmRx zQ^ZHcpV)RrTg9LG3V5sd!}~+o{#(VLa}@Aa@#kCx zyjA=;PXTWge-t>Vx5l6dCXl*st=eU!p#7D-Taz%V({HajH zN5-E@MSNuZsZzv8#-BwBc+PWV{JB5@Zxw&474TN^r$zy96@Px9fVYZ2ixu!z@uyY+ zZxw&)6!2E@XNdydD*h~0z+1(idf>S(%yL@(G7#G1)!I(K|GyAGX}m8G=rtPRS}uh) zK&A14u2w(lQv{yRDP-|B!+&B0zDWTe=jreT46ML6E8yb;y{(r;;Fl@j6O8dQ`+t!F zKG7IIGk&=OJ}I!?*B;^j3I%-fx}NnLOnBqFq@>^A*o&#$uW2PcuqlQecLLkIxK87D zLjQ!l{z~W_P#hojLFfVO?Po&K&y@X8VC<-8?|{O#!%l^r z3On@)?CZm)G{nTTEzsw&uMgV++X34F+X>qV+X>qVI~{g9>~z@auVb45?Pjz?_d?&p zzCP?s*qN|1VQ0b4f}I6B3wAc_Y}nbbvtj4J&Vilt%h0W2F8Y@{07XA|>z4;R4|X1G z-pb{}&WD{3yTAdx1iBCU1#Yz}p|?Pf;I?TtbQAO-Zh_Fo8U4`bv3-&YMSEi&#bc=y zDDZ{A7ybp0n7}=D3-pktjRR&JFyqk9c(gNqITZEAqn@i0x&w-KCSWWl3_#JoBf z^chW?gmxyahW<>`CMQ6fpukTC{>)P7R_Gy3JIe(H<}6^Qpq(jbXUbkE>P#wHC8e&ry|*KDQFBexw@j!E7w4Ec2neM*;EF zQs^kCbo;pF;N@z@k5<74+Wb8Ro^5iiialT)hQ;iE`1^Yxbei#+Vz2l6x`M-Bwj57h zM^?|EtoUjMP#MBlO-U^4@OgMc0TFY<97B3+d|iD$)aTd`Qwp_u9%c3gRdmtkrpvq5 z1IvuJdL9)O-_{$5Y~Sj6R8)MAzdLemx!{j<|BdIl^k0nM1QopTK8P7VQ3b!&+a<F8Cad5rV#Ap#c#GI@mI~e?HcU~$x1AmvkZ()Rf1E{Zn5Kfahz-+6z?)+O z*Ud<=;cQ7h#s>1miVZVH;KFHLcx}g7#DClS;PjbXI0Uz?Kq3rP^8knMQm`Z z;4NYUeUN%E~3vgW++iVuGtrTZt^-TxkkB+y9ZDlHWi`Z7K zg13lm6)Jd(*jA~6H{N42U)xnm_|SW7X8a-*yhUugKm~8S$7XK7S_N;s$3{H06v}&C z>Gfm0$0pk6J-`n}z=y8|)Z=|Oh4_@k-VGHUo&awHX!HKW>Y0}LS`b`ys4MQ_iH&xD zLjPj*P4ICH$VV<}!H9k*khfb&S(Km9+@Cn~|51@}*t*6!70RzIaCg_Dw z87|i295D8hE4{3zr^6T8TWa#GMM;R0zBNE)IK^Br{*p75YtHZW1iN`>9^zwv8=*3M zqQ7?3*XII!Vv~e6`%9JK68+^KA+b(yHTpJsYr4vPLF3+7aEkpmR11sMS`nPwCnPqr zYRwvNThQ0%HOP%}j^Q$>jGtl*9R}9k81(pq*!c@B8GW8PhI}3;!zaejY49aib#Wh2 zXXBcoZ`>=F;S#=ae~|sPH+s7QKK2&|M2z1G9Lw;D@e{Eiqpaf!&xXJ$tmLGRDsjEJWLvob!Bi`Nr{ zTvoZn8kEa$aSq7Ey5x$MOYj>=hEMoLE~-^7u}+dp_%>25;gjSOzQxKVE|cUEz9phQ z`xz~lSTD&Ze2bM!bVzdXI^dkjbj3;FqEdpBO)xT%uQ! zQ~1cW&GCztOY}+d2_LfzzF4`$6_T7{PGaQ}{fb<%atVI(%FKuGD^@PCQId<_iJXII zxx|%{Ji@0~xx`hHTw-mEluKMK$tTu^OfGSaB&Qg+Xt~6-l00JEV&xJ83S36;t?WoUnVwFqWAju{AE0at7NRd+} zm)I)FDaLT5Twg!`@u`h9>B$x1Qq+DXVB%hcQnOtIrB&YCkq+H@ANj~9Y z7V2~SV&xM5F3Bn8BvvkQvm#flT;di*u2{Lmt&&{)PUM(H%O!4;PE0?%kl1r?O zk#dPUB>BYJkjW+Pl;jlS7A=>!OOi*7TdZ8-Zg6o;o23}W9OwdQ_&LG=(n8~ZEm%LL z!s`zj8^pBhp*x{6Ty;8^w~PBUtnVNf_T{i+-^INM!FP`eUk7#_jr!5{Iesk3S401d z{|link-14N%66%68UG_fu4KG}co{aXaTwlT-i>3PGfUJtF#cbJ^^u`rO$!!zay;gXvAKhr(;QPXRFT0{9-xuUP-=Yj+yblB;?CA`iWcrnsz)P!n2q# zZxhbnC&_yud5!-uA+NK(w-wJ$KwIqzaI*M>!5{DiVYga_d-m+vBv8veEl2mjIb`t z!`J_CeVc0_#KSr+Lrv|o3H`dR#%Dit2Xr6w0Q7a}r-1XicS9)zB_A6kCL!;do*C?JU+0#|z^KST16# z&Gg$;EayE7#b)yJz`$^vb>SS|K;BjUTr9Na@O=qJNLx( zcetHN_UW6eH-GN5*%A{q_ux;8UG8y7@y!XTj)IDHo{kQ0*II8;gE!FA-4*c8aMjjU z6pwX}38U<`{PaM#r?|AYtGm-TtIHcK&UfdMASK6HhZkr(ZR>gi-e53LobAqJd2)`u z!qeI6_qDI}7N@!GEKACXYi=xdy3=UH=Oi>PEh{b_=Psm~mXp^^ZWmKb z_qYP5d#-y<$$}F19CvZ?N|^IZ<~Qz3$=|&%B_sA_$TrbD6}Chze#n-gxrc12aYHtn z_Gr})6YoFrVo76t^WK)iE04W1*?r*AftxRX(7AWBV`EG2zMt=%v~59O<`cIZ{_B_9 z5C6Gz_wglh1yk<0%9i)S!ufM{7nk4D+*^2J)y({!_ij4B^z)al$|}(A9h~>Vlq=`` z@2;mFy5PXZkJiUmyz}eA#p9oPaMQ~lAHSyhsV#56^4K|pALf60`&pw7_rCY*Kj&lx z=heLNi^tC2djHjH{>ZBZY&uc>$`#j)y>{_CcMX02^P_L2wq91Srth`~wyuBS z`dxoLzx&otj@`55_Q#eU&r7=EhI=m_7HH^(-0j{J$UUjCG8akV8K5KH?ytZ(eV{O?qPsU95{KxHUR(&|{ zwG{=c-tWr1;j=xp6ISI_>|E-3Xv&y7KWeJj_0o=Q{-)YDpV`0tk;M&}pZFi&^!s_o z|6~4hng4zFmxB*^|5#t#{QkOk&bj5She}&sT7J{e)@f6o$}alx#WjK7ez0Zw=-=Ns zFw1w{+rQiMX8JGgYw+!O`jeFBZanmbeczFzhZ`#2_*2Jk$J{&h&QGtO`t{dWe|-7I zyvBFykM6u@-uOSx-DLltZP_25|8nhncYE^=B=3LVY1^oa=Y1Wlsh#!Je@?$@`?@FB zE~wqvaLLS{?)hEj^o0A;()<4}aIW*=x;vlUQ(d?64-@vjH0u6)MvXtd>)fP+pVd5Y z#seEZ+Vtj%qWkN9UN!gHSKm+PQ;<;1Wn5*%DZyvNsIrRo&6ka7e#}v^tg*4IqPn@U zs;Q~b92Lvz${T7bFQ|$U6;FvIOP1EvxJU;sE z*r4&;_uzf^@NX?75AY=9MJVfh^LhT~8n>xNfAFE1ep@4@hXs%XDEm7f8ooar{tb=Va@VjKQF5BuIw(YNf=ce6g2 z?}qc%;dP(dZ}e#tKBHZGJQvPwjXfd4$QjOUhkrLDmDdnO=d`|VHRQPiti!eEf*yfV zgndA_LN*Wg@z3$Y$++ib6+Lg?caeSPz+QXs@aXcR`?o*y{1KkO`5CNn@Y%W7|5x?e zZD}8L?jCwKaNTpgkJNVeEydim_5`&U)x9sKOprsdb4yy5I^f#hp$PCR(o TMm diff --git a/SecurityTests/clxutils/certcrl/testSubjects/crossSigned/crossSignedBoth.db b/SecurityTests/clxutils/certcrl/testSubjects/crossSigned/crossSignedBoth.db deleted file mode 100644 index b9cfbd4ec7104e97db92ef9705985ae6241d0d30..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 27292 zcmeHQ33L=yx~|T?b@qiNK-d>qIuQss$|NMgWJn++0YTY1NdpbpNOvGGph<|xQ$Sot z5fl`W@qp-4=OLm4qmC=WjNmYWz^J466v26}xbVKOx^5_%>dq~2#xv*4f6kxo|JMD! z``@Mh`s-HF%v)43N3kfBSZJd9O_|$@&nV~!MG34_l+JaEQglL5#-Yym6^b$ehe{fu z-zZ912k0S1ajrw%fgZeyEri|cd|O!wd%vPs(2iv)6zy2HLJufPKoB$^x&{h9B}>D4 zywePPbcgoV%;cQX(xMr;g)?$T&nV5w&nwEFQ7~@Ic=c#5{u1j8AAn=27vi(a%1R1G zPb|wT#c^`5o-YoTcf63JU|eqAWR(EN(I+L)4+oE>UC2?KT~b;w?&=vu<8vn#=AlkM zD8|UxmnIz0g!O`De!6` z{&a_O-eREoaWBcs8DEk+qj=)z!h)O`WAmoqcs?{7>Wc&GQ0bx@Gr>_(Fe$q%Pb1NI zBK+{g;aIl|c}k}g73E z3gy^9Iz-_Q`*$rqT48f;DVlA05zV12AQ##Sg&hbx5OyH!K-fXBgJ1{24uTyFI~aB_ z>|od-utQ*nzz%^O3Of{bDC|(!VX(tshrtem9S%Djb~x;C*b%TJU`N1?fE@`t5_Tl) zNZ3)ZqhLqDj)HB4ZG~-xZG{~TI~sO0>}c3Auw!7yz>a|(3p*BeEbLg=aj@fH$H9(+ z9S=Jmc0BBO*a@%`U?;#%fSm|C5q2W%MA%8NlVB&oPJ*2bI~jH|>}1#}uv1{Cz)pd! zWO2YD-s@}-%F?03pd+DIHQ^7%UQyxpd{Z%5_)e@e-nF2@;e|JfFTUCj)Y=zqvVEi2 z;tL<7wXerxOr-o**Sa`zn4xRke5jjbe~byuGrr-fR4fVv|q2%jKNyg*S>- zzVN{Y<8KtFeBnd1{_DrzC_eeZhid)T;~AG|>%|v7OzXcMFXB*pc(o0K`L_Zn)4p2A zRasr5HAFiL8V!}l*Dvs%e_l_d@pbNsD%7Wl_IWLl#@pSC>QwYOJg*_r_`2G9@AwgK z3U7DM@oGQ81U}4Q{UR5W_CH*kKlWFQUy=!Ygv&F3dVI18e55vidVGore3UkSdOY%1 z>Hb@_`P1V&n!rcbdFD@#?<9jq9jD#!HI8chkPBh1wr~c*aYLz^7^7Sti6Ep7D|* z@ZGiVYN7VWAKt3f5%?Y^@WhDgrNH+zf#)??#2bO{WdhG!L&O__?`;ClTtmbgf$w7i z&s;;q8-ed@0?)A%@kZeLnZWbh5%EUg`%=qsee=>YouHi0*aKlvu`M)9Y>1l}nA{K^F0DE^E!fj5dj zg(mPu@u$cH-YEWzGl4gXKjTf{jp9!+@LU&qxgdXO^6c>{6&K$BPXJIF?{v8uw1&8r zv!EqVX}qhZydL!_0?+3ZvUrQ;Kd}N|W&$5zuX4IHtiVq+fe&;wl+X3TPcnfI(#B8k z|1~D?!P@xg@smy9LtOKmm0tc&F@X=AQ#Wss4zFEHG8#3GO_<89ijq+Wo1)nP-(#B> z=V{e63eSP>8iI^C<0{RN}^}c50hp^3nc4I1` zo1h{!^bu;XCI!H$C+2Rj~iJnVSb@vswMC%{g4%5$rji2fxuLD3K1`X#|m zf}I4Lw{pp_lVK;rPKkm}g>Hd=0(X}c&;yFn6_~ETbVWPe&`!6>P}J*&dTF`PHBhwE9b?(O35s@l zq(bYUFDgn;w9|7Y^l?S$6$CAV0^bYx-dWI<&;yFnCk+ZrA7J{ToxW(N?3xOp@$S@a2m7< z3d|5-hM=7xXlKZ2MX{ltZ4LAY9)t9Qx}oqVBUMop@TtOcNH6IycrUoV(_yxSaaMvP`9y3LJ|?vBvBP6(>#OaU8c%=A@X7o@w9RsgQNJgkoSf_z z#d;pEr;LBeDe|pzrT#hDH%iQToSy!Zi=3fQGk&sPlyjWt_nmVd29@FT&R2})ybxT> zHDvfi{wL~&7SvQa8qdu)ePiAsj^nE;M)M+k6Z37fe#plh-VC3Z=Wx}xvPE?cj}Kx! zMoIEU}>gpZ0! zHAoRl?ks2`R2pA>A)bkVG``Z|sz80V&$-HiGI5Z`J1eT)sISM1Jzx~KiGCf5LQnte z-SsFSo|*;i0F`bZw;ViO_4tlv@UDvbIt|Y@xmLvcF8(qrSSS>Qx{jtwzcP^0HjdS6gQ z6?JZE9JB4P^mwD^Q9kh%4KDBYjh;vO#Mjl=datcC_#@qa?RhT!7vtC63|@O5M33)b z20zz#umCGJ`jW4ZY3a4PrwdGkAm8(ANyU;=g92Cu!xra!myOyNE6vFY(+%-{`T+tp_9+IwvJ_Vdl) zwfESFr)EKUk1M@?wD;IV`@9GERXg~$a{={u-%TMtY^-BZPL0%+yLoG<+VpKa)QoSz8a4v^8O~WwdwG>gr}EJ^a?0=t-*^w8j$5I< z+))Js!m={x1gH!b>v0Ykd&w1@T~}A-^z1E_*=M7~!%5#tpfa3dE*O8w8NoGI@36aT zd1vn7V}DDbGJK-H;i#|91^C1!32pY5D#IoE%RNG3t>7wkE_M{ujCQ)Udt<>V_TNyg zO^nux;N(6bv9WoxW;rU{&IJyQTr1}oPJ+t#DaJ5L!-ki-?e%W#{CSp)I?o(KK97^( z6Ju!A_(Jn)xR0o^am~;-?v=}M3E#Ls$o__xI%-@__7?_3jNcS|m*ErRCt^WNcGW`r zBG-AWj$h<~(y}iOMPCDV^b&`C-$2g5IcAR5@qyBtSa&k_lN^*)h ziPtzWCl&RJ>ePrOxTcxpN)TMRjtjV^o8(H=xI%Ir2!7{c6|a3WB)RfXkMqhsMD{7D z)H$2`uA+Z4@m*$(h_T{cBC#RZ!gbDCgl`_3Yr_te;Sy_u`-q)#P|idxJlOtp;h zq#P>4C)Nh{8Odk$_@-m@lyls;H!8y^#;v2q8FWp(y-xeiHC8FfBgTz;km|TitXb$` z^4R3!%*yygE}l;mav9|kvrsO>#W^4s>ypb?F2O6144?3gTvVf6VvZ!2@U6XE!YRoo zeDjw}%$4L4z6GN``{^r}m?z06eDjw}R7rC2Jm8$lT~=; z4RVQENiNY}nOuVBu8e_ zzWK`~Zj|H_zO|Q2ESKaHzWK`~Zj$8UdB8c4$t6}ua*F=8mrMMYB%kPSIO=nq808W- zOLB?+%H$HanB`Sbc>Wmn0Xji5xRuxy0R) zJYuZ;?CUVTQe@jBX zM6I8=^)INz6Cyl|Y2z)!@rNXNCy-bBHzwq@7B`gR*$HU#?JjOMLFg;<4N5;K^FT_P zrd{wUa$K#Rr4ePk=1|f!)z!1G@4Tkd*A>tW&>hhI&=VdyO9y<~p!v|5C?5)?ur0Pj zznEL`dpMMN2RV6Nw?Zl4X!DIYVkj(Ue<>{Ib%Mfj(La_m=2KYCe3ioTMD?4eoVh23 z<&4D?))#HDoUxU{a{5eRIpZXSVL-FGhYAfagW1TQ_?j3&$$27$6aY^!eDEXhEJ+)+?AQIc|J3CFn-U0ra~zeXaL^} z(f!66&#SicUwdbSby?na{-3LFNo(@(uuht$y7t+GdS2(_vk|%mx&^u$dI)+NaGv)z zD20Gf)hGP!72k*BdmnsvgYREx?@+KF{UMHG@$$1RUg&;1i}l;$h4!8uu`FlIq*%0f zO!%GUjH48b?l-JhE@G=i_uEt~=RFI>qVsci)44dChGSIS_^5H8@$*XPOlTuij8QLq zr*KSy*hju!$anN~zsbgS+v2a+IJCuI-EYXTep?*S-uFY%`Qv$xKk-FgA0fO}z#slL zp(>gkiggvLRzRt?Zi2gdssvAiYj&suS`BT+B>{Oy$lpB2L%y}O1b4Ev1O;pe46pGRXJ*AJBE}vTy?cIF2}&M!or;NF1F5XsBlYiw5!&hp4CuOTkRZN<8Y@Z+Y(6- zmS8QyOEmV1ISnp{+wDq^x5ctNG$B04UR_@AteovgkFXdVrjb77D*#8A*ghG zc6xeOTPn@Sgrte&PGg#hJOnRZIMPtT)-}ay8*UqxF*3t8%$A;hEzC@vdC`5z_{sZ{ z(QaQ_EIss7VF^|OTP!h(t;G@%&|KnQ;LreeYRfNqX(75yLj5k6u5qA@%#| zgOck$xNTI{*L#=5r6>*uRlBzQ9d_i)`Gh?ublVVO%HrEs`jo^C)SVq&Cc;>l0p{V{NUneyIp(m?4cNZNP^KOI%cPjzCAWTY>xpNt$vU2P+bvO3uk7@~&~5iRdpy_w*!JmHEj_e$ z{CY|VeMH6PfJwxR3t)H!Z<-4#QIRMb}uZd;5) zur>#y)j6$S zTR6?Jwk(Q0W{_>fv*EL*f0Fr^DJj$cUK4xsmm3SaPfyBOH{SkO-_G}*EX#Rd@0wNh zWrc@d+^ko&JIaJ~M~iUA$pUfndkLHXe?C@}Uyvnio!my}bIsH{n~3e|WSc_nl9x zUhn*1zk5&L)bGb1mwq;XaZ>5uia%VpKC|2V!&}2YUKRhzs5c8gxX+QaJ9O*j7c3pF z%ly$@P&oLzKMYuM>zwCik1SkQGIh|S8~4Qy2zn?oy73>bUs$&n-TTLl`9;^h*L~C8 z4iB&I(Cy3vzX;j?Wx?i7n-`sIJv?Q|!$nWz4Zq>w-=p~?#1s1&R~d0K@aZ+GtfE}} zveC_tJ}PFHmS*SVPb|$VD=XDU#q6TdB?Y-x=lO|>=S7lnQ>B8 zV=?zFe~%)z%?Ue1WW;6-s|%b(Qo~(+x4r1$6kKRup0+m8&|bGW6K2l<*uv#@9bNnLR!=3PD|cU z+$ZDAq{V-HW!ak#J~v|YD|$qgO`QKTUk`td!HqR zuhU$;98Z;(#U+eYV zTPMxl{*TXZAJhNr?4%uc{q|tlGxP6WbhtRL%feA{ojb00=)|)9t=HWCfn{ZY`>uq- zrMJbty}^Ci25VBvo~2o99_?~w?x~NDT(j-f`z@WCwm*~I((sgW?CTEGzDuj!`pTdB zo&It1$(2(h=DZhl^2KjIysy(RM^WMn*YtjU!o1y2D!DV3J@(&4>rVdhihsQH_^BqDj$Y;yaXsW7rdMvyDwl9Q)XmSo z@cQ!acKuE?x-enf6Nl~F=KgYc+7A(@4kVt8nf=Tafm>(dey<6~aIYSX{qtDd=f=9B zZ(z%DDz+Ct1*{NSiK*R>dK7hz`7D5Y(dYJ%qt{_e6&$Lt4mi}h7e9VK&wTsJCoa7| zx(M5#m>b~+LAM0U+Hb0y&@jF`BH&B1uNI#FvlSID6&&g2kFHkJ!o|D94{$rnF znR*0^2A@XfzbMy@1`!tSt7v-^isjrhlh`lt7?FEYg7r2cj5Mx75W zN5;R;^Zd>m=AHj{MFQ6jg>!OgefxRN@k{ghXPFOWCdRsLFY#R5O~m<>Xw&8bAL?GA zuWJDJ7k$My9&6i^)Sl&$Zzi;DPx9QexWtv9(w~dR4aM^ewWty1mhXzE1Q+$po>Tj2Liy9V>0hx9jt^vw#=;qS zt1eqHXPUq5s)S{BiynI6u10j$Y7Z0~%K|xNc zj)G@ivYw%=fiy^zn@1!#HMz7Xv!qhNH7`9gFEzC&GcVncA80#Jnwf{KB(=E2+0j5w zoY&CQz}(ot$k4>V&@2kbH8U_bvV?LC(ur^#SuWu-;DNY=732~lgC<5L~}0u33|R|3rb>E7^$fm2yR`k~70R6Ly!LnUH_$ z$uaM!*&anglE)iO`?tK9vsgoIpIf8d%pV=TQVbu=59~bpa>e9jx99zjo#9foO7=28 z3-3FF*TsGvcimv|5=y}7!3G;;V8=w;;}F@ zu`VzW2Jux{cnrAMIJDV-X^fqj$v_q)$j2haA|iK9ZKqf(cfWD#_$yWe zd62X+i-dt#gNS@jXiyn@_Qbm4O^>`+?>*9f(AC($3T74~Ba5Daj)4}8Z@}0lmr+tu zV5P60l$2PUnUkuQ2uhE7$@#ff7C@kn9Ie0v&)mes$dKo$(YE+Xx{ha`ECnerMgcFcS}6q{%%3{$~^fjUTf4iyHDL&@IA)r=#x1q zcZKJ0hfOO~^xTl(9)Iv}Wa%!EVL(=ItV{1dM~8RJiB-r!!N_eC3E+(>81v| zEP5%IJn>k&Q`4iHZqxPGZ_ly`Z+bCvU(hmbr@v{oU}@#3LO^i{?MAQbU2hX#Ze(c1@M5^yRykaqZq$UlrWrVzbEK7S<9H+-T*qCP*^I z_R$HY^8ZiGt?aFf1-{V@e}AftyLwr4^5#cJ-&$RDoK|+< zneD~Ay}eqGSAJ94+HPUq5s)S{BiynI6u10j$Y7Z0~%K|xNc zj)G@ivYw%=fiy^zn@1!#HMz7Xv!qhNH7`9gFEzC&GcVncA80#Jnwf{KB(=E2+0j5w zoY&CQ(7@2lz`)qp#5fAbH3M=@pd87gG}>Bg5l#ivow0Qa;;msa`$w zL-&Yc+tCxfu?y{e^Y7iCyz;$t!0Wsf>E`BDyp;7w*=~B76BD*#> zZu~NhR) z$uq>KPRu*%n|S%bYnERv-B#=~?3YfMUEItqS=hp!&F%g(;f>AngK1xuRqvSCt}RjI zVd0@J+i|-(ZOewH3q@{IJ73xmHN;OJaVnVot<0l%)`8jG z=B_`lYpsbY^WP}eJ6n@y%1g~eml}&CFB#XeXII`n`>lDe=7)lLN51E#vcym(W=00a z#f{AdjSU7oz%Z2+W@P-&!eqc;zz5>-gLo{=OsoqGgh6~&79ImGHV$nzVDe*UW-^ck z3G%Usv51&eIrzCOZb%jG^3nM`&+@~*TF;#Z@*rtt76}8f1`+w5(4aE*?1^>7n;vDwy%B<8IWhROh6;=rD_5as8cDH4)OOm!HSV^A*2c_ObHJ%+)W}{Wo;% zefmLa)5Z1A*1S?EC|qzWx~PLw%ev;-SAmaL8b0vedb)=FGv@}0>krn?eUVa+i>;YgKd>6!pAO|o%QF_pX;nP>p}J(ng2Ejrkr;-jhUQR=h3D@T>UZxjW#| z$=-)|j~Y0&ZhX*|%Cx{NzVu{zrty}`^ZI9Y7${Wy`tnH2{9Hft&ns6PI#;}3!fVye zJ6|bpvykP4u6^52CQGh2wRoSnUoW&FX>w0_{;tsTOb;!Ye%~mLRbK2kY4x|JJt8Of z9uX_(jrkDUpZVm%?cKW^8GWN~zt)`Art4hVu3)Id{{N7SO0mjKzX>-dUAJq!rSiL@ ythO|Gna?zZ^AQod6VnpUXmd2!&Y0I4Uby{w(v`yGm4>?eWm#?Sy0k2_It~D34*+QZ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF5.der b/SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF5.der deleted file mode 100644 index b445dc588cf92d96df8745be9703c0a7f5cf4f84..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1356 zcmXqLV)Za+Vm4U7%*4pV#L94Q?Y^%Dylk9WZ60mkc^Mg5Ss4s!47m+B*_cCF*o2uv zgAIiZ1VJ1Q9xms^oXoWRqP)yRLm>kJkRUq`r*mmRYEemMUcRA-fe=WHi-+5>pdcqz zN5L~MS}Vh- z&TD9DXkch&Xklb-WElnIngO|{P_98^BN5Ic%PATLY7nQ$yOrkTZl`k>SNHF;kAvZ)q)_-!88& zycyKiKd*N~^sn1u>sxsL9qGSlzp&$De!uXkJ^yZP{K3F@@Vv>YJ2QV-vaHo{-Eif{ z^{*S;wobTXzWwBs6_3MnEf2pne%hvTWnZlRGRc+IE2RH6>&LIFQC_>ZYh7JqfBo8( z@_Wv<%LXv6kUO(A_Q8M8`gz!p?RBXC8GRX5KW_=P@Zk{T4Q|H@KwO8}wm&yhxB(9^Ol5@`8UM2|888^|fq48N9t$%Q>jDE|5MPyr$AF8CLz@kl{Meb9 z3}iuqd@N!tB6Ahg_f&71I=9^UxWmDgUyE0NuKr>m50X}9kuVTz5RvZ*4Ju>Lo>*7B z>5=#9y+_&)x*8hcC@oM}AlD|7QBqQ1rLUinUtFS>T9KFwOrHA5MLC9g zK*B(If#L%BHd!P!Mwp6F^9XYj6C;CAj6#F1XSC;QAtuI^4IbMxqVhDq&2xDBxj-oP zLUDX_-{QNice({~($uEiT_Lmd=tTzhomDUQgmXQVdowRzZ1Ta2O}p-G+t_qQD|lOk z<*uV@PlcQm&YtVjNi%!)F-k^RYVPaL4{SI7oo&BS^Wnltl~Md_t~*%GdtdqHQ>oK_ ze`C4+#wT02d#)s$(%_w6y3o6E^ZlSG+hm@rXU#S*V;0w+XWGxW?vYkQo5!7**Mz*z z#$An;6BcCr_r;mr2Vpd}+m_qO+a*YhSOZ_?9{2O7@AuU(4s^ zyNP^d{GYkuX0EH#rivA({{H+?#o2eRaq>T9+k5MduV|L}U>vUfJ(**RN3q%2o}GL4 zHNP^RcA(PCYF0(+Lv4+jTPK>IsOPnQZ+JB~_|>ZC`<`kVzO(KLnOf^G{mmi6^By36SBJNzeqP7kx4U@{luRRL~Qz6M~V%bA}MvEi>6W1H^ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF6.der b/SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF6.der deleted file mode 100644 index 05184b73da7d9743fc1059d0d1160b6f3e56f47c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1323 zcmXqLVpTV2V&-4K%*4pV#L94Q?Y?gYylk9WZ60mkc^Mg5Ss4s!47m+B*_cCF*o2uv zgAIiZ1VJ1Q9xms^oXoWRqP)yRLm>kJkRUq`r*mmRYEemMUcRA-fe=WHi-+5>pdcqz zN5L~MS}Vh- z&TD9DXkch&Xklz@Y8VCNngO|{P_98^D-q5k%PBerS`eowyOrkTZl`kzsr66SjEo5)Zkl zj_oVuqw9<79=z{((Q1(O;`v|0J*V#Qyql%^rm&;wX+1)s4r+%}11jFf!3|NPr$q3o5jdnZi`%Gl2?pniB^@1$q8$8^8? zPcxNjW!Smya_gygI{Cp$TP;-`BMx^T%jo6!-zJ-K?VFPbZ|Z*`rYCzu40kK7yI{OF zXGz2H=dU}epVU<;vuv~A`rs0FN^Jd|m8#ltS<>e6?C*TqSB6#l>m6KOdaeKZhows& zyKJ0P*N~XXHO)%0kx~4I(Oveo@4-Lk3+TtZ|F`DD_vKPHtn4axYUet?m!2c+wfagm z6EhY(MzpJ%mpS<{p6w? zLp>mY9FxE-z}&>d$RHq;{q~R3#4zb=_bkk3dR}`i<^94uHR$nt4ST+oeL9mnh!>Zyj=HqTutbQT7pa>LDrf@2*aWJlvDiSiVVm_L9rYBC^w+*EMRhX?!`h zdUM^G7cYIk=oH+zD%5zc<^Rmv4<^DBngOCGLTIms(6`r1~b)%(nI zg!7Yk9M*U}EptxXH1p32C$;8Z=sFW)bu;Qf_oQaShNL@NCO?c>dQ0?s(hE+lG_$Lz zwvDMwyLO5GcwSU=_(S`XexbD!_O0qj-Cv>OqqO?gNjc7~hb1N)uS7KA*>M_{{4K2NqVgG-w@p_`Uuu@9M%c>D<3k zm+Y{dyXBzF2HtPdr+fst7ngjJ_B*xyH}|sT5BAT{t1#r)U?~3ixj;n!k6- zdFhdpF#F&l(TI+Yx#gt~>h5>$)>m)%eOGzM{&itzeeUPx>zd8~WqP2l`2WmPJu{EV pOnk7GTY5v3Mf^1Rj%M#|@!lPc6X(2qlXdTg(>|-8=2z}=003OH4;cUe diff --git a/SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF7.der b/SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF7.der deleted file mode 100644 index 9543cd7dda9826107f71e1de8710322d1769a78e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1354 zcmXqLVs$fUV%A&0%*4pV#L94Q?Y{2@ylk9WZ60mkc^Mg5Ss4s!47m+B*_cCF*o2uv zgAIiZ1VJ1Q9xms^oXoWRqP)yRLm>kJkRUq`r*mmRYEemMUcRA-fe=WHi-+5>pdcqz zN5L~MS}Vh- z&TD9DXkch&XklV#Y90mTngO|{P_98^D-q5k%PBerS`eowyOrkTZl`k>N{>qRp?YWow0# zV6*@Xbnn)-LzcQ*H9I;I?$r zKXOa9y6>2gq4{^kb=@Cx-hU`#-spBms3)ebF(8U^;v;ZZR$kOxUCvq%_-HHgUfga(zdXHTpv z-t@?O_1+`x2VIQ~d_W51SzHaA4ICHPFR*Qs$tWo)u+rDh$S*F@ORY%E1twAbB#@+ojs>Re%q)XU1%%NyZXnEy4p;I z^6=Ko&AL&>uXeng!)D6wZ4CMb#2uJX5UjzHri9K3RnavnJB3#o#~sgN>6mN!-69R)~16t}!Q@7v2Q6K+iTKh>kTEdJ~#x9)5$#pSg>Sxy|UmoNEPbLz!j z@jnwMaDEOjcr$6PT;Y~as_uU`ez-T|;;Jw!hF^TXXVi|jtp55`oUzaMc;IBmqnCKU z)QCt)y}HZJT>GO~H{<}H@He5kKhLx~<>l_X$-nB z<=oFJ`Jb0p@Albc`%h5|P}&Whf}dEM{6-&VUbQAQaJ1~cZ0?Gbu>MRxkC z)7Oo5JYAWhdDHGqaLvVzE!}S~wryg}TjsF(yUD%9GUCBIqTjHxve?AEJFI4u^C@#d tffS$0xkH5!TbYWF&iB3BJk2U?_ocNT*UbClmyxD6<>wY7iMI%GnZWz{|#|)#lOmotKf3m6gGu#*o{9lZ`o) zg-w_#G}utsKoG>?;Nfyk%*jm4FUreIG!!xr012}5a5|S3q!yKA=H(lT7zlyHxOli7 z3kq^lbrd}FlJyK_4WvP$+&m(|smY~9nI)A9u6gO1d8w&InR)4k{6O1*(#$+;C8@4iAf1LxENU(n46gR84Q}3xR{!l z7#Ws*II`vM7x9l#x2?4KT`zK*RS3u>iQHE`*wt0u*|nUr{PNbC{>Ud*T5J6t|I{l8 zTP%2dbJ@KGOLy38Ub^I+YW5EGb<+(wpI(mFF=Mzjv(q<8<1Uxe3(KkRcg=i~Wj{sa z&3>r_&s)cp_s!*5HFvtbnJ9-`aoCEQ1rn*;PVU-^PW)>uS?w`-^8^1A#TVJb<$8|` z%T2k#({aVrYp?T%z>-@FRFs+D)V;a;$oO=%^1TzM#oXsiQK?wSx!t59^lPCKr|6uf zvmcLluS;z^BluZOxOKLu*O}DB3i&`O7Lx?t;Hcui$w@C}N{`u~qEr zME%Z-n=k9XzqjII{q3xqm9jr;)qn2c-t_6V+&N!^Uz_&1@AX*lf?bd8Swfv+d4a%fo;m^Ql|DUwe^Y*6O}yTC|CU&0npSd-tC#ni->=a;x9-=T(g<>APLd#`7t( z{dbK@-Ki7K{qi5@lxCi@r6NBR-zk}L2o*e9x^s%gssg8+E6MJ^6%q~@#!I}Idgj%~ zOPjir6(1(**Kl3De6fY6d#5+!!Z#Lm(fcb{)0{&~Pv7vm<0idxPlaFq?2`{(I*0Z% zn$Kb>Tbp_?TtF(F_hz%or1|{9=}gRw42+9i4V=MwK~|WN@jnZP0UMBFVq`Yp115D@ zevlXoFb}dB$b$HMEMhDo@;#wJW$f7#>xwr$@?O37Nc%xoW8{Pe%$LA~#>gOP?EfQp ztxdphGyVvrkYwY0?RiPI8uu8(OAL>2B{4NtwSE6xsWz?dokNi5rA<=1&c5%Je0QQI zf6v001rw@SQkTrsj+LDgFe~X(jOfkXDRvge7kux!W90BOH}H8m^LN+3tYPz_rf0K? zhwbQC(4hUUbglm9RcpS))z0s5`MK%$x?b0^nNimw6qonbe)*v2+}~bT8GLqyaH@Vx zb<^QRyINGH-Mg2{-~RX-@7auklOA!$KK#{rog(z%!lreJ3yY0TUu@JCvVXAOH>U60 zs+o^JPma=G+!puul(q7;z;984tBp4}7_W<#Ef8^vJ+3xg_({8hSo-Y}@h_3>6FbFa z-FXjw+;A`{Uv~1;dv7?co4S2W?7nfj#RxRn?YkdyZ^N244PTc#A0FLO@viQfncRG{ zch%E7g>3U)H>NS~{+u(ZR%z4j)AFC2zi%-}nRE88{;uflZ$C|YqEVV%qgHzU?34Y; z4NC$pI4P%ZT`|W~?98#>dxOPmT>?2L8M2--^9-=xw}m5*TYOm=uM~r+z-6vq>FN$D zDz;qfU#xiIcDXKK?$fpX2OhlHsKsz%(!oR1{O|MG++_afZ~T-k?%1gXm$O)PiZlO9 ST0AEokc#-1TxaIB)Cd3$hg_ln diff --git a/SecurityTests/clxutils/certcrl/testSubjects/distPointName/crl1.der b/SecurityTests/clxutils/certcrl/testSubjects/distPointName/crl1.der deleted file mode 100644 index b22ff9210b31f5e614931f386ed9ca4dc60540fc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 868 zcmXqLVooqQkWIjK4do_Wc7hO!3I zAW?1}k>J$i(xS|gN(I-v^vt}})S}G1bVGii?LcW}9=4Ly;u2>^ab81HLjyxI10Xgw ziGpyAU|a(q0~ID#hI?!Gy$8t{m>U}!8JHTG7)2TI7;pg%k`-lP=3-=qsrm?4Wo%?> zY>29gae^z}3Hi%axUD-v^op3zS($}!Xf z5(Z)*^&%|%OuRxSNDwU$nVXmx8J0+htrEAW)7Y}GynEeIMsMev>=uP??|=E6*^sj8 zjOYKi))S*v<;#|5$iIJY5cIBR|M?Q{y-FoLZPRuZwLfM^Z1_7*_{*Y+&*q#x5w>jk zw=EeG6M0HDrmvDYv$9J3z8zD0;J()~7tZ!`Stc&n#c3$TP_%IU?~5t@;vz*)Oul|! zdC~d}*T%AJ|7CMm>aV~2QlqKotLxgI5&wM)SAUzN9v8l?Xl~Trdvju@KepTXR&ffS zWBaT5&s)BCJ$0JDcJfrw>x+!-R{vSNsmXgmQN^xr?jcT$4{^ykokoI-aTELQ7!5ztfVNysj2R_gJW^eUTHfE(rJD zS1#LhzL#fdr(RLjRNn9twYKwj%|2U^x#!d|*4Z<%ye|mvnmYaDT5e5KrTyyL?SqSx zSvq!eyZ%4$K4>$a?xu1xUcXx;rqE=PmRN4%<6(eejc-=a#!aekgeT znBm_3-!e-c{NS#6#-@EizWIlhOnl(Xg*>%Jeo+tRO`r8E`pv}Jx6)THp2*7AWPIQkWIjK4do_Wc7hO!3I zAW?1}k>J$i(xS|gN(I-v^vt}})S}G1bVGii?LcW}9=4Ly;u2>^ab81HLjyxILklAd zQ;R4F*9gWn@G($fVr96ucHeuDjDfkap^<^9k%>{10gnL}&>&e+7G^F+W|*pva8<@e zrpAV-su&k!8l)Tef^^9+GX7_AHgH^EzreOlCZnXJz)D{~Bfq#rFSQ~u7w8%Ncp0?|V z_Md-#uVv($`)nrkuXY!2+Qh5WSIJ@LQDacAt1(Z@Iro8fN3{~?o(=uq4;2(}vz!bl z`S;<=*R#7Di!2TcuS(;ef1##IeDg}z+054*ckJ1%_vXU7=f~wUcXLdLe*F87e@4XI zs;NIW&N50_`L|lY^~K#^J0I(0?rINOd?%SX-E?;0q#Ol4yH^i$3Ot?|+NM}dbZc9; zIYK-C(^hxhTjobHPsEoUX)B0dY#qb9BQDm^^4QP*L(6*_zMZ;eWT`VB_5l&6Ob)=E`pbO+cKX)wN=*;CT- zruDGTk!!#n&uysVdc8C#A1LSd!VtC~L=tEw6^CVctnJEIr? D8cAPp diff --git a/SecurityTests/clxutils/certcrl/testSubjects/distPointName/crl3.der b/SecurityTests/clxutils/certcrl/testSubjects/distPointName/crl3.der deleted file mode 100644 index 98ed0fafbe19dcdaac3a8947bc12339690600d03..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 899 zcmXqLVy-u6VoYaZWHjJqQkWIjK4do_Wc7hO!3I zAW?1}k>J$i(xS|gN(I-v^vt}})S}G1bVGii?LcW}9=4Ly;u2>^ab81HLjyxILkklV zBa0{q*9gWn@G($fVr96ucHeuDjDfkap^<^9k%>{10gnL}&>&e+7G^F+W|*pva8<@e zrpAV-su&k!8l)Tef^^9+GX7_AHgH^EzreOlCZnXJz)D{~Bfq#rFSQ~u7w8%Nk@uek)>VoN9q~J1|7CN^q@~V*lQZ{BF+FMV zX4^lfSqh&lXLTg~*%|nEpNepVNb7kEv+{?M7XHFZ9$YjDYB9-N%x77z_gjHcId!+S z?~pv)b4TTo zP7=co;Un@r4|EzY`7HL@&hqxo-3L1k|I$)QTr%P3W))i-GY8+lDX(wE9a;9W^YW{2 zU8+0T?&jS1T_W*Qko God*Ejzg9*7 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/distPointName/crl4.der b/SecurityTests/clxutils/certcrl/testSubjects/distPointName/crl4.der deleted file mode 100644 index 7d3c551cf28a7c51bfa6e0c9b829f77c6e3c4fde..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 853 zcmXqLVh%KDVzgvpWHjJqQkWIjK4do_Wc7hO!3I zAW?1}k>J$i(xS|gN(I-v^vt}})S}G1bVGii?LcW}9=4Ly;u2>^ab81HLjyxILkm+g zL-QyI*9gWn@G($fVr96ucHeuDjDfkap^<^9k%>{10gnL}&>&e+7G^F+W|*pva8<@e zrpAV-su&ko8(131gLKI-GX7@~H4t7PxDeez24WxuA}st&yh0`jD2f(p%uP&;3?iz@ ztLJT8TD#t1_8~q_ogaY<+V0-<`~F*QztPH1)hV%YD_{9K%-+B3q(a)sK*{JCpClS5 z{?cdIwlIDvtG!i5fYv+zSC_baZR;M#vp<|;Bdd1V@<;djeY}?!hR0OikQEBKxy4)8 zSo7gs(J)5dm{Z2u%o%py*PBZvfx0nCf zm|b64EMX!Mc!_g=_7B-ZqR%=$1fF*I7C))!^OS!R3QBnbS$86(ChI&snLWAwlYOUOSI^evf%OaTS2#U;EMU0u z<=MEax9#W6|LjxXCLi;vXpdQ8+r%5kOa=C=U8A_Q^;Y8dd#3gNzi#lKQEZ$QB*FKo Uxi+%*vayO*lCsC&Bm$K=F#?@mywaxz|m06K!uGtl!ci`wkSWpL?JD| zNFg(~ASW|9vqT{=FF6CqFG(#fF%<1*zlW;d3k~$VpXj&d)6UPChjQ)2@t*TCLT#Xt#Sg|xFH85T6oH{eCMnUR%&xv`hQps|ywv5{eJ zbQ#|?bA~xz^Uoc3e9#ng?WUx<;qQyT=Dl9?^tiNPlD-K~pz>Z@_jOwvzojhCv|M{I z?sC`W6RU1 zbR{A!p6P5=mYlHb`qd3*8th&_I=cM(!&fIaO?=G6%*epFSlB?&fFI~ZSz$)T|17Kq z%s>j+&8#3dH!@_@2dvNdF{S2!>BW8ia>J@e@ov@8$wl|N6%9J) zoEEEOD|cd!iWGmseq3*Yq1*bzDAm84=kMZQxLbj1$}Z6}yNYXhC+|^PVRCGn<~4nj t{HwFqBxctbs&+rJ{@3@{)_Oza-0vQlMYiWP&i#_g5D5OlvhuHkDFFX7zykmP diff --git a/SecurityTests/clxutils/certcrl/testSubjects/emptyCert/emptyCert.cer b/SecurityTests/clxutils/certcrl/testSubjects/emptyCert/emptyCert.cer deleted file mode 100644 index e69de29b..00000000 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/emptyCert/emptyCert.scr b/SecurityTests/clxutils/certcrl/testSubjects/emptyCert/emptyCert.scr deleted file mode 100644 index ec4c6404..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/emptyCert/emptyCert.scr +++ /dev/null @@ -1,51 +0,0 @@ -# -# Test for empty/bad cert handling, Radar 3116734. -# Without the fix for 3116734, this results in an assertion failure on -# debug Security.framework. -# -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -end - -test = "Basic good verify as sanity check" -cert = leaf.cer -cert = CA.cer -root = root.cer -# IS_IN_ANCHORS | IS_ROOT -certstatus = 2:0x18 -end - -test = "Throw in empty cert not as leaf, it should be ignored" -cert = leaf.cer -cert = CA.cer -cert = emptyCert.cer -root = root.cer -# IS_IN_ANCHORS | IS_ROOT -certstatus = 2:0x18 -end - -test = "Throw in text file not as leaf, it should be ignored" -cert = leaf.cer -cert = CA.cer -cert = emptyCert.scr -root = root.cer -# IS_IN_ANCHORS | IS_ROOT -certstatus = 2:0x18 -end - -test = "Empty cert as leaf, expect error" -cert = emptyCert.cer -cert = CA.cer -root = root.cer -error = CSSMERR_TP_INVALID_CERTIFICATE -end - -test = "Text file as leaf, expect error" -cert = emptyCert.cer -cert = CA.cer -root = root.cer -error = CSSMERR_TP_INVALID_CERTIFICATE -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/emptyCert/leaf.cer b/SecurityTests/clxutils/certcrl/testSubjects/emptyCert/leaf.cer deleted file mode 100644 index 88dbb9aefc7f5a1dfe4fcebab6016e16fc76b746..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 523 zcmXqLVq!OFVk}s|%*4n9L^LMdN$}UWA(&Ss9ocdl?KGJDD0A84hnL z6t7=d=*7C^%;Nk!pXTsKe$Fpmtrp)^*_1Fxdi`aGZ*Mjp)QYITnCb-|M{k`arpduS?WEFyLms*h_O#DpXJTe#U|cM0AZWl3^rWmXBjbM-Rs&{6 zMh0Xzvx3~*$iNp7t!C+SvBL4qXRFWt>W@NA%VueAd-894x_wpE1rc4#Z>pW)KSOLh5LOaXKs!XN+u diff --git a/SecurityTests/clxutils/certcrl/testSubjects/emptyCert/root.cer b/SecurityTests/clxutils/certcrl/testSubjects/emptyCert/root.cer deleted file mode 100644 index de72763fd4aa5bfcbd79c3c58a3769b1362cf823..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 525 zcmXqLV&XJtVk}y~%*4pV#K>U4&Bm$K=F#?@mywaxz|m06K!uGtl!ci`wkSWpL?JD| zNFg(~ASW|9vqT{=FF6CqFG(#fF%<1*zlW;d3k~$VpXj&d)6UPChjQ)2@tml{?y&NtvixSElbfw{4l!Jx5|sj-pa?8|@k=XqDlxqbEQ z(bgE4n4j8Wm!`Ao9$=YPo|kcc#)tPB zA+C2G@nj!~6)5xF)24mgY%vovBLm}NVFN(}eqi{>3NtePXJIv922#jwW(B#qkztj^ zj7LkqR7|+D=kCp_Rs9*Ara~`%v~x87&8=IIeSMYOr|sEoF@b;0wPbAh8M_&^mh|mR zT5&e?*6Epsi$zKkBMVnnZE4@q*7wmMZl2SD1AS73wG%QWm@2MJkg=QfKwz=>15WiV g%S4k?GM{bnXBVrSoIES5tMX68Ik$=_C5~Z70R%0&k^lez diff --git a/SecurityTests/clxutils/certcrl/testSubjects/emptySubject/ca.pem b/SecurityTests/clxutils/certcrl/testSubjects/emptySubject/ca.pem deleted file mode 100644 index a1a5c38d..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/emptySubject/ca.pem +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBcTCCARugAwIBAgIBADANBgkqhkiG9w0BAQQFADANMQswCQYDVQQDEwJjYTAe -Fw0wNDExMzAyMjQ0MzJaFw0wNDEyMzAyMjQ0MzJaMA0xCzAJBgNVBAMTAmNhMFww -DQYJKoZIhvcNAQEBBQADSwAwSAJBAJ0sp+KTHpPYnpUcN89mMwTr776Shn+0Y+yY -dM2vjiosW6rfFsrdD08SnMYQ8Ionxol6MAi20z6Z3AMjfjDKKa8CAwEAAaNmMGQw -HQYDVR0OBBYEFMNr8lZYoti3GlgWyMHOf2QYVPyRMDUGA1UdIwQuMCyAFMNr8lZY -oti3GlgWyMHOf2QYVPyRoRGkDzANMQswCQYDVQQDEwJjYYIBADAMBgNVHRMEBTAD -AQH/MA0GCSqGSIb3DQEBBAUAA0EAN0fMcyqsfPey1v4WiqJ+ePA/RQ4qf8wS1PNO -e0l2V2NqKCeLBaBIS2BAat1Ml2939ju7HE0e8zd3XzDZSdI9Wg== ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/emptySubject/emptySubject.scr b/SecurityTests/clxutils/certcrl/testSubjects/emptySubject/emptySubject.scr deleted file mode 100644 index 6c901844..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/emptySubject/emptySubject.scr +++ /dev/null @@ -1,21 +0,0 @@ -# -# Test for empty subject detect, Radar 3901386 -# -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -end - -test = "Empty subject detect" -cert = user.pem -root = ca.pem -# specify verify time so this test will always be valid -verifyTime = 20041215000000 -# IS_IN_ANCHORS | IS_ROOT -certstatus = 1:0x18 -certerror = 0:CSSMERR_APPLETP_INVALID_EMPTY_SUBJECT -error = CSSMERR_TP_VERIFY_ACTION_FAILED -end - diff --git a/SecurityTests/clxutils/certcrl/testSubjects/emptySubject/user.pem b/SecurityTests/clxutils/certcrl/testSubjects/emptySubject/user.pem deleted file mode 100644 index 4d3fa499..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/emptySubject/user.pem +++ /dev/null @@ -1,39 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 0 (0x0) - Signature Algorithm: sha1WithRSAEncryption - Issuer: CN=ca - Validity - Not Before: Nov 30 22:44:32 2004 GMT - Not After : Dec 30 22:44:32 2004 GMT - Subject: - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (512 bit) - Modulus (512 bit): - 00:d6:a3:b4:a9:dd:5a:7a:e8:d5:94:da:c9:fe:9b: - 02:22:b0:d9:18:0e:40:74:32:e3:65:87:fd:87:19: - c0:bc:54:09:10:68:3a:ed:b2:0c:ce:aa:e2:04:85: - 54:ed:b6:fa:51:19:ee:10:56:d4:e6:84:fc:07:f8: - 89:19:2e:be:3b - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Certificate Policies: - Policy: 1.2.3 - CPS: - - Signature Algorithm: sha1WithRSAEncryption - 7a:0a:79:3a:ce:ff:3e:d5:da:3b:ce:e8:f3:54:52:8a:e2:b9: - 32:0e:0c:3a:11:5c:06:ed:35:d0:8d:6d:66:85:46:31:47:e8: - 97:40:d4:02:26:25:f3:a7:d5:09:bb:44:df:05:54:9b:0c:e1: - 94:70:61:cc:9c:bf:66:bb:88:a1 ------BEGIN CERTIFICATE----- -MIIBIDCBy6ADAgECAgEAMA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNVBAMTAmNhMB4X -DTA0MTEzMDIyNDQzMloXDTA0MTIzMDIyNDQzMlowADBcMA0GCSqGSIb3DQEBAQUA -A0sAMEgCQQDWo7Sp3Vp66NWU2sn+mwIisNkYDkB0MuNlh/2HGcC8VAkQaDrtsgzO -quIEhVTttvpRGe4QVtTmhPwH+IkZLr47AgMBAAGjIzAhMB8GA1UdIAQYMBYwFAYC -KgMwDjAMBggrBgEFBQcCARYAMA0GCSqGSIb3DQEBBQUAA0EAegp5Os7/PtXaO87o -81RSiuK5Mg4MOhFcBu010I1tZoVGMUfol0DUAiYl86fVCbtE3wVUmwzhlHBhzJy/ -ZruIoQ== ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/.gdb_history b/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/.gdb_history deleted file mode 100644 index 3a71f49e..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/.gdb_history +++ /dev/null @@ -1,12 +0,0 @@ -b parseLine -run -S expiredCA.scr -v -li -b 232 -disa 1 -c -p bytesLeft -p cp -p cp-1 -n -p testName -q diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/AppleDevRoot.pem b/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/AppleDevRoot.pem deleted file mode 100644 index 8f7e9f9f..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/AppleDevRoot.pem +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF+DCCBOCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMCVVMx -HTAbBgNVBAoTFEFwcGxlIENvbXB1dGVyLCBJbmMuMTswOQYDVQQLEzJBcHBsZSBD -b21wdXRlciAoRGV2ZWxvcG1lbnQpIENlcnRpZmljYXRlIEF1dGhvcml0eTE3MDUG -A1UEAxMuQXBwbGUgUm9vdCAoRGV2ZWxvcG1lbnQpIENlcnRpZmljYXRlIEF1dGhv -cml0eTAeFw0wNTA5MDcwMTM2NDdaFw0yNTA5MDcwMTM2NDdaMIGiMQswCQYDVQQG -EwJVUzEdMBsGA1UEChMUQXBwbGUgQ29tcHV0ZXIsIEluYy4xOzA5BgNVBAsTMkFw -cGxlIENvbXB1dGVyIChEZXZlbG9wbWVudCkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 -MTcwNQYDVQQDEy5BcHBsZSBSb290IChEZXZlbG9wbWVudCkgQ2VydGlmaWNhdGUg -QXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwP5eK/7c -bk1SWQv/rjRAbR0uL6KNun+PZ1FaFHkxxEj3Cm4zhSO1vzyMeUmG+covjSctbzS7 -bB5K/8v5cp5Hc3hcPn9HYEfeDbhfht2ZFZ3/YGhrfeMyMioOwZg9MPRfjXC81rJd -BjBMTuQjdP+XqwTj2mGSsxxZEHl7HD1MAOMlZzLUnSPl98PcfKo5RnNfORjciow/ -erBn9GnBMmj6eoHbpnrp61j9/UEEAoX+dwcl9k95emzRzCBtj33Dk87l9R1GOapq -ubEZIofDAQhd/OYoW7rB6fbZR5mYJptrdeGFbxqapko7FNS8h03DpxiglxzLilk7 -p6/FKaaLJ/IW/QIDAQABo4ICNTCCAjEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB -/wQFMAMBAf8wHQYDVR0OBBYEFFRX4ZVu29bx2jf2ZgFdtnB/PKi9MB8GA1UdIwQY -MBaAFFRX4ZVu29bx2jf2ZgFdtnB/PKi9MIIBKwYDVR0gBIIBIjCCAR4wggEaBgkq -hkiG92NkBQEwggELMEMGCCsGAQUFBwIBFjdodHRwOi8vY2VydGluZm8ubWFjLmNv -bS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS90ZXJtcy5odG1sMIHDBggrBgEFBQcCAjCB -thqBs1JlbGlhbmNlIG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFz -c3VtZXMgYWNjZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJk -IHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUgcG9saWN5 -IGFuZCBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMEYGA1UdHwQ/ -MD0wO6A5oDeGNWh0dHA6Ly9jZXJ0aW5mby5tYWMuY29tL2NlcnRpZmljYXRlYXV0 -aG9yaXR5L3Jvb3QuY3JsMFcGCCsGAQUFBwEBBEswSTBHBggrBgEFBQcwAoY7aHR0 -cDovL2NlcnRpbmZvLm1hYy5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvY2FzaWdu -ZXJzLmh0bWwwDQYJKoZIhvcNAQEFBQADggEBAGuUY1JhGll0A+awe3i6IWvEdP3N -ngmA4WZNbH/8mbYgLfG/JPF/gyzTY70tGZSw+m0x+vjWbIzHVmg8A0wuvEEtx0IE -y7GJjJ0cOTXpUQJ9AaV4nnRmbhe/Z6RZd46bBAEPERJIZjLfzFIrYjnKbEpgAjrm -t2kw6Apjp3MkhgduYcBYgZAYAw6oKaU4k//aTGjwD4WJBSXwmRpyLla1sUnNTZcR -tK6hwoJ0L2mygc1KMhDyvdvrWSM0ZsyxDXh3bkMk4NoUx94CQklZLoISbI7f87cQ -AZXm9pMRSXAWInzjflb2EZ1fgAgftELOuu2hUQkNqUNrjqRuUSx6tvWoffI= ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/NewDevCAIntermdiate.pem b/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/NewDevCAIntermdiate.pem deleted file mode 100644 index f6a2129a..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/NewDevCAIntermdiate.pem +++ /dev/null @@ -1,108 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 15 (0xf) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=Apple Computer, Inc., OU=Apple Computer (Development) Certificate Authority, CN=Apple Root (Development) Certificate Authority - Validity - Not Before: Sep 7 23:25:28 2005 GMT - Not After : Dec 31 23:59:59 2008 GMT - Subject: C=US, O=Apple Computer, Inc., OU=Apple Computer (Development) Certificate Authority, CN=Apple .Mac (Development) Certificate Authority - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:d1:cf:99:37:47:10:29:47:01:1c:cd:a6:a4:4e: - f5:9d:1c:b1:57:f3:8b:d0:45:ab:98:4e:7b:79:23: - 57:e8:4f:69:66:ce:3e:35:f3:b3:6c:09:ac:f0:1b: - 25:46:b3:0d:c3:f3:59:62:66:0c:69:c4:fe:44:98: - cf:2e:1b:4b:90:61:2a:b9:07:9c:6f:75:95:07:f9: - 8d:8b:0c:df:85:98:b3:3f:94:e1:f0:cf:fa:94:fe: - 3c:c9:8b:cf:a4:a5:f5:e8:95:f7:59:35:0f:3a:f6: - 70:85:a7:f3:19:ff:a2:8f:a7:0d:fb:a1:4a:89:c0: - 70:7f:5e:50:81:ca:9b:5f:62:17:88:b9:be:46:2e: - 4d:3e:bc:1e:6c:d4:6d:37:3d:0b:5b:9a:95:c4:ca: - 44:1e:75:7a:94:98:f9:91:6e:c6:09:08:ae:41:8e: - 5a:30:49:95:1b:14:a2:3d:aa:4d:b5:d1:fb:af:ef: - 6a:ec:ab:79:0a:65:46:90:4e:55:c2:12:d6:4d:45: - eb:91:13:19:66:86:67:f2:f0:de:20:02:1e:68:f9: - 44:9b:5d:72:e1:cf:80:c7:bf:dc:22:8d:a2:41:b1: - 15:46:2e:3e:60:f1:b3:9b:51:af:e1:0a:6f:19:04: - f0:98:c4:7f:54:a9:e7:b9:59:75:35:ff:fa:64:bf: - 71:91 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Digital Signature, Certificate Sign, CRL Sign - X509v3 Basic Constraints: critical - CA:TRUE - X509v3 Subject Key Identifier: - 36:11:78:76:AB:3C:86:69:DD:E8:0A:67:A4:FB:3B:B6:05:0B:19:F6 - X509v3 Authority Key Identifier: - keyid:54:57:E1:95:6E:DB:D6:F1:DA:37:F6:66:01:5D:B6:70:7F:3C:A8:BD - - X509v3 Certificate Policies: - Policy: 1.2.840.113635.100.5.2 - CPS: http://certinfo.mac.com/certificateauthority/terms.html - User Notice: - Explicit Text: Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate policy and certification practice statements. - - X509v3 CRL Distribution Points: - URI:http://certinfo.mac.com/certificateauthority/root.crl - - Authority Information Access: - CA Issuers - URI:http://certinfo.mac.com/certificateauthority/casigners.html - X509v3 Issuer Alternative Name - URI:http://certinfo.mac.com/certificateauthority/DevelopmentRootCert.pem - - Signature Algorithm: sha1WithRSAEncryption - 7d:ba:62:fb:05:85:52:b2:2d:8a:ec:6c:48:c6:f8:cb:2f:12: - c1:14:a7:46:44:72:99:c5:1e:fc:1b:a2:77:f8:05:7e:db:1f: - 59:c8:02:0f:30:58:06:2e:d0:35:b5:ac:6b:8c:64:88:7b:d5: - 57:86:41:5d:f2:cc:e1:f2:6d:32:fd:cc:d8:c2:55:ce:e5:67: - 4b:c5:f6:23:d6:48:a5:66:69:02:1c:fb:33:d9:14:5f:75:10: - 44:52:90:b4:c8:2b:5a:28:0f:50:12:db:06:a2:0d:d5:99:d7: - f7:f7:2d:1f:90:7e:e2:06:73:10:86:6f:f7:f6:21:c6:17:05: - 2f:c4:61:63:ad:af:9f:53:37:66:c9:7a:f5:a7:32:a2:33:95: - 0f:e1:26:8c:a8:26:e0:91:5c:5d:99:73:c0:05:72:37:3e:c7: - 3b:5f:4b:14:87:39:c1:68:92:10:40:7b:a4:f9:1a:20:80:bc: - 52:83:8b:f5:69:05:1a:ed:dc:2e:56:be:2f:1c:b9:40:aa:e8: - 3a:8e:4f:2b:52:2a:a1:fc:94:28:11:15:3c:d1:da:b1:f7:5c: - be:3b:f6:c1:20:70:ff:67:81:9f:ab:f3:d2:06:63:14:0d:04: - 87:a3:96:6b:18:71:df:b2:15:6f:d3:1b:d2:7b:fe:59:02:51: - cc:0c:05:2d ------BEGIN CERTIFICATE----- -MIIGSDCCBTCgAwIBAgIBDzANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMCVVMx -HTAbBgNVBAoTFEFwcGxlIENvbXB1dGVyLCBJbmMuMTswOQYDVQQLEzJBcHBsZSBD -b21wdXRlciAoRGV2ZWxvcG1lbnQpIENlcnRpZmljYXRlIEF1dGhvcml0eTE3MDUG -A1UEAxMuQXBwbGUgUm9vdCAoRGV2ZWxvcG1lbnQpIENlcnRpZmljYXRlIEF1dGhv -cml0eTAeFw0wNTA5MDcyMzI1MjhaFw0wODEyMzEyMzU5NTlaMIGiMQswCQYDVQQG -EwJVUzEdMBsGA1UEChMUQXBwbGUgQ29tcHV0ZXIsIEluYy4xOzA5BgNVBAsTMkFw -cGxlIENvbXB1dGVyIChEZXZlbG9wbWVudCkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 -MTcwNQYDVQQDEy5BcHBsZSAuTWFjIChEZXZlbG9wbWVudCkgQ2VydGlmaWNhdGUg -QXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0c+ZN0cQ -KUcBHM2mpE71nRyxV/OL0EWrmE57eSNX6E9pZs4+NfOzbAms8BslRrMNw/NZYmYM -acT+RJjPLhtLkGEquQecb3WVB/mNiwzfhZizP5Th8M/6lP48yYvPpKX16JX3WTUP -OvZwhafzGf+ij6cN+6FKicBwf15QgcqbX2IXiLm+Ri5NPrwebNRtNz0LW5qVxMpE -HnV6lJj5kW7GCQiuQY5aMEmVGxSiPapNtdH7r+9q7Kt5CmVGkE5VwhLWTUXrkRMZ -ZoZn8vDeIAIeaPlEm11y4c+Ax7/cIo2iQbEVRi4+YPGzm1Gv4QpvGQTwmMR/VKnn -uVl1Nf/6ZL9xkQIDAQABo4IChTCCAoEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB -/wQFMAMBAf8wHQYDVR0OBBYEFDYReHarPIZp3egKZ6T7O7YFCxn2MB8GA1UdIwQY -MBaAFFRX4ZVu29bx2jf2ZgFdtnB/PKi9MIIBKwYDVR0gBIIBIjCCAR4wggEaBgkq -hkiG92NkBQIwggELMEMGCCsGAQUFBwIBFjdodHRwOi8vY2VydGluZm8ubWFjLmNv -bS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS90ZXJtcy5odG1sMIHDBggrBgEFBQcCAjCB -thqBs1JlbGlhbmNlIG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFz -c3VtZXMgYWNjZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJk -IHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUgcG9saWN5 -IGFuZCBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMEYGA1UdHwQ/ -MD0wO6A5oDeGNWh0dHA6Ly9jZXJ0aW5mby5tYWMuY29tL2NlcnRpZmljYXRlYXV0 -aG9yaXR5L3Jvb3QuY3JsMIGmBggrBgEFBQcBAQSBmTCBljBHBggrBgEFBQcwAoY7 -aHR0cDovL2NlcnRpbmZvLm1hYy5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvY2Fz -aWduZXJzLmh0bWwwSwYDVR0ShkRodHRwOi8vY2VydGluZm8ubWFjLmNvbS9jZXJ0 -aWZpY2F0ZWF1dGhvcml0eS9EZXZlbG9wbWVudFJvb3RDZXJ0LnBlbTANBgkqhkiG -9w0BAQUFAAOCAQEAfbpi+wWFUrItiuxsSMb4yy8SwRSnRkRymcUe/Buid/gFftsf -WcgCDzBYBi7QNbWsa4xkiHvVV4ZBXfLM4fJtMv3M2MJVzuVnS8X2I9ZIpWZpAhz7 -M9kUX3UQRFKQtMgrWigPUBLbBqIN1ZnX9/ctH5B+4gZzEIZv9/YhxhcFL8RhY62v -n1M3Zsl69acyojOVD+EmjKgm4JFcXZlzwAVyNz7HO19LFIc5wWiSEEB7pPkaIIC8 -UoOL9WkFGu3cLla+Lxy5QKroOo5PK1IqofyUKBEVPNHasfdcvjv2wSBw/2eBn6vz -0gZjFA0Eh6OWaxhx37IVb9Mb0nv+WQJRzAwFLQ== ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/OriginalDevCAIntermediate.pem b/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/OriginalDevCAIntermediate.pem deleted file mode 100644 index 834b5c4d..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/OriginalDevCAIntermediate.pem +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF+DCCBOCgAwIBAgIBDDANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMCVVMx -HTAbBgNVBAoTFEFwcGxlIENvbXB1dGVyLCBJbmMuMTswOQYDVQQLEzJBcHBsZSBD -b21wdXRlciAoRGV2ZWxvcG1lbnQpIENlcnRpZmljYXRlIEF1dGhvcml0eTE3MDUG -A1UEAxMuQXBwbGUgUm9vdCAoRGV2ZWxvcG1lbnQpIENlcnRpZmljYXRlIEF1dGhv -cml0eTAeFw0wNTA5MDcyMzI1MjhaFw0wNzA5MDcyMzI1MjhaMIGiMQswCQYDVQQG -EwJVUzEdMBsGA1UEChMUQXBwbGUgQ29tcHV0ZXIsIEluYy4xOzA5BgNVBAsTMkFw -cGxlIENvbXB1dGVyIChEZXZlbG9wbWVudCkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 -MTcwNQYDVQQDEy5BcHBsZSAuTWFjIChEZXZlbG9wbWVudCkgQ2VydGlmaWNhdGUg -QXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0c+ZN0cQ -KUcBHM2mpE71nRyxV/OL0EWrmE57eSNX6E9pZs4+NfOzbAms8BslRrMNw/NZYmYM -acT+RJjPLhtLkGEquQecb3WVB/mNiwzfhZizP5Th8M/6lP48yYvPpKX16JX3WTUP -OvZwhafzGf+ij6cN+6FKicBwf15QgcqbX2IXiLm+Ri5NPrwebNRtNz0LW5qVxMpE -HnV6lJj5kW7GCQiuQY5aMEmVGxSiPapNtdH7r+9q7Kt5CmVGkE5VwhLWTUXrkRMZ -ZoZn8vDeIAIeaPlEm11y4c+Ax7/cIo2iQbEVRi4+YPGzm1Gv4QpvGQTwmMR/VKnn -uVl1Nf/6ZL9xkQIDAQABo4ICNTCCAjEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB -/wQFMAMBAf8wHQYDVR0OBBYEFDYReHarPIZp3egKZ6T7O7YFCxn2MB8GA1UdIwQY -MBaAFFRX4ZVu29bx2jf2ZgFdtnB/PKi9MIIBKwYDVR0gBIIBIjCCAR4wggEaBgkq -hkiG92NkBQIwggELMEMGCCsGAQUFBwIBFjdodHRwOi8vY2VydGluZm8ubWFjLmNv -bS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS90ZXJtcy5odG1sMIHDBggrBgEFBQcCAjCB -thqBs1JlbGlhbmNlIG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFz -c3VtZXMgYWNjZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJk -IHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUgcG9saWN5 -IGFuZCBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMEYGA1UdHwQ/ -MD0wO6A5oDeGNWh0dHA6Ly9jZXJ0aW5mby5tYWMuY29tL2NlcnRpZmljYXRlYXV0 -aG9yaXR5L3Jvb3QuY3JsMFcGCCsGAQUFBwEBBEswSTBHBggrBgEFBQcwAoY7aHR0 -cDovL2NlcnRpbmZvLm1hYy5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvY2FzaWdu -ZXJzLmh0bWwwDQYJKoZIhvcNAQEFBQADggEBAD4AeTcmbgTUe5Wxfjn4gNMSfVyw -/QEOVqeM+LKGjXBjEGwZT7tuRmOCL9jTot5nZUuHxTmsNTCDYZ3b1wy/AC5zUCtj -51YsqetA36sFNeu0SxyGfuOJc0RBCZJ21XRIP1TiO9sNn4wyOuhpXBhm/YZIiBpz -awFeTK0NID4fvRvqLlJjfYbkSI4VwI5a5GNHwfes4UttlXp6QMQldbFpFnTTJio1 -R+eGCAyTPmNB9JNHEfcpYNtmPB+hU7CtXNprHYPNIaUkkVdjUwbz9AsuLH6C20Wt -44I+pzkuBjIth67FHQ/E4wExcNtWPtp8mzWkMEgP87QYzotifH9hKMamSKY= ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/appleDevCAs.keychain b/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/appleDevCAs.keychain deleted file mode 100644 index 4d833ebd5c82c83db71cfddcca04f28cec2a2e0f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 28012 zcmeHP3wTuJnLaa_Oss ze3|q8=YQY-{+;jq=ge&C^K4Ws3MB_xpdKmRZTQTDUZ^NZ9f~q0pePN;6{Qh*nzkv* za-3?}0zIWDZ6l#CD@s=v^3IIlRct-%$!FTicG%A=iUs9Z)ZWt*s5~s_NHOEm_xESzFyuv97MMrb#_ph5y9H!&`A~?AiE= zwzihKB`eyhTXCKo%omS?>7&l(sB5gMzC{ae0FHOd?MY2JSp+>_2ZOcuUfLCtEZiZYM-Uz zQ{dG^{F?~nxMf52{oYbt+0;_Cu6f0h`nt+>%c@u7d@VE$8jl0>P#LG|Gr`ePx3Z$G zS|ibT(i8CH;@pI@d0JODG*n|6i0UYq%Sr~6b3rd^oBGwIqnvX#&n0E9dFv{xTiWVs z>MBt&70SMWjLgJ8wr>qSZh+0PrD(S0Fp5K(wF-Iz6m}BqB-lx?lVICm+hE&Z+h8Zd zPKKQfI~leewjH(|wjFi~>=f83uv1{C!cK*q3Of~c8tgRKX|U5^r^8N%oen!4b_VPW z*cq@hU}wV4gq;aH6Sf1k1GWRU19ledEZAAFvtVb#&W4>0I~#Tm>>SuRuybJN!p?=A z3p*Ef9_&2Wd9d?f=flp2oew)7b^+`H*aff)U>CwJgk1=`5OxvlBG^T+i(rp{Jp%R! z*dt&o^z%=wAs)y=sf7ce*B}jJ)UsnNX3-nm{@6iXtT!~gE#Uo@ybuq$`@s_ zd?Viy4{y`T*W=MAQuSBozCrtqe2r20Dt>cUcWnEOd{A7xyQ3o*(|<<3DK0(~@@e9tSWVRaCBi$jJOY1?2|O|4dMWUeOyGG97XC)yC!4@C))4+i;LkOIXRIOojlfSa zfoH5C{Efh$X9CZ@6aGfvr<%ZX?FfG(@Y77-xpsuV5%}pQ@LW5>-w6B+6L_v2;cooe3A~a2X)=K~@;}YMb6)7>toWrrvd61<&c6R&4xlvN7Yg-i1#vEy zLtCKI_>jLni2M|R=W_~KyhW=&u>#*_0&jJ9`9d02;8&QyCxv?3FN?viG=aBi{im=0 zDiio*t^f4+OHAPHp-sMynEJ0aflt{O*wm-PYuA#}EgHvu4CO&ZDGk7;XtwnuZ1ZBB zCVd_H7WVq9pnIS=PA-S;fW8XXI1_p`^a%F%Cqu)~L)hETfufzM2cf{EAzxY-6m}Zy zblB;z(;vsaKI)VKpO~=?`V98^#_cu=8N&!On-B4?F+S$gN@l+E>sIMLT%wR|vZh zb|Gxu$`!#bf?WiAL?(1C^Z@h}ZndhQyP$92w&{H64bbOt3xqO8Z-G98?UMp1${X{2 zJeEp@0zVe`vG3v$6S&81gC0?o@xY7+W<1K7fN~~W0!6+F$mgtr?tr44iRjCT{ZN#1 z&RA#wdRS2=p`1zUp${p_WE->%3jAc?&n<^;haORsDNZObQ-C=S<(!9d&f5<~zNyGJ zbqDlSMVW?jrlCI5o>i3TC};Xc=;MkqBL|9dW*mfmq$o3+p?5-op9TD^?a-GMrPvAW zf&x9@!y)}uaeB0f=err>LIN1rQ@kGvv};Eczo_nqX;wpV}omYg57QmO{BeT_+)$_%4RynsNKtvPENLq z;y8mhlE(k!6!F$jYGO{djgox^XQch)B4-NJOg-5y$`I$7ZReP$LS;B(;}xSZuLl=n z4H-TW|B1XQb^Z?TmZ9-x-57U>^Egz+Xk0|y#CRLcAM!DVH^V2!IZdrwTVKE%se_o0 znUZ{*k1SV=alXpu?Wl5x-Ss^lb!n5CysW1KDqBxcM?e&#F(IGPv!ZzYs9&>2{m3!S zhRW2BV@y6VE~yPY9lc$VMa?5^$j|aQR^?Cz4$^p^r#p=Ndc4>JMsig2^H3y4+8+!D zkw84P96AyzT|RC(xLo!4QD*QVPcWe2StjSI*aOC4RP^hfvKhRAZ#dTs-oQ6ZF@rbo4d~qi0p|=8wg|w_Rwad;{M$&kWwcw;4UFid%mJ-)8izDlXo@w=FPJe*@n} z-<4?m^}dbyhVyMk&#v_C5q$J*dyh?Deyth2_8uGY z)N&~Aai!;v_8yxkpZ5S44}*`c1?1y>H--4rW!}EZE_aBx0knC4V)RT)zZL{n1M-S{ zcw*z-pRj(3+9vqe2jn9cHTM35bz_+_T%vBgr;gOki|snU*Ux}oOJlu^o_`s&Rn(35 z`Q%H%z1U`Vn74+i&AK%~&D1Sf!=__D!`JC^w|A*@Dj(}cP8mK?H{JuN{Z{X8_jbX6 zFs%)`94f=bd>jM%UUFqs1Oi>Y$lg+$djnD;oUB_5REATG1^q8M(>dpYUU#^Mcjgg3 zwzm~3!zbFChWzSSfKP0a&}Mt7GF+m)+#@8`0j^fxmEJo45?@%mHx`^?{|(uqVl-C- zC-(`7&8hC}^m@X+&0dXMOJ^Uhgv!)Y^kJrkO=}IigJJCaMW&28&g?@zkCWjOedy5m zQmXyjM^xE3XIMAxmCJC6x^aJy?M-X-`a?dp7Y0Q1-)bDo@QMBtz974z>k4;Y=nPhJ zvW{ycIYk|Fke}F$>Mh}*+Y=UxPSo*pl6<0$xf)+iqj$46cqS=1IVNi*ImMXdX`C1n zPp~hbdMv?psY$MU!Byowi|g|yxe7EcdzBZ?Z^&2i+P6-Us~Y(@uG~Xpn{2JV4cvDX z?OTsynK>f*ihGH~+OdV}>+Hi(#OB;^LuI(c+~B?P|;S~KgO5?Px3c3T@G3Qu^B#-Df?m?>kw!(i!gehW^iz6#j zCvtH;QOIQ!OLQV#hKplBF6JdyyjX%)AQ?VUH*!&pVu_8CT%vBn#S%VAK2f(svBYJP zT%vBt$j^4hizPNm@`<`7iY2-vxwsBErZTZaw!Nv=e(1h2d@<00ymD3-WV zl8e_wjzPRw;wniVQKv+)#MP2qVr~oPSM`sVu_n2`9youke~C!D3V+iCZQ4L?1ekU+qJKeTmy7xkTNDizU7&$tT7{CYIPC$tmhM zTr9Cul26nz7x~$LiDHQ_NpgxYNfb+b*(6t@SYnq+u0*lKZb>d)6WM3+Vu`Ov@`%1l z6ia+nl1t2u;bMtBl6+!r$ixzRB{@aE#fv4rCdniEEm16SJGeNf^)eeq8FU^r`W&Gj zVWIY23+7L)^ajJ)1~Khs=+~h#Tn#Fh*Ux<#=FcP-_T{i+@8@2G;QNLdzAo%KYWd^s zbNq`WUmfeGeJ_M{iH%L_k#>g}F6}!apJj+2+v}oylpstwQN+}u_uM;^u-kB z7iBS>zLmms)|tX|`bi4Y*$xWRX;b*gwo#Z)pG9Fh+e=|OeGo+L_ngSF;>0KQvwn~C z*FU@8bJ5onr>39v`#-(kmHvKowkA$|Qg!{VtcT6@Oy5EOy%9PVO0ht#d@n@z8*5xw z(e&Nd&h*wOs5~E zSaiQ(#dP6YExO;PVmj|xC>C8k5A_fEStrg>b^W9IefrM@(Dl$QP|-(|aZF*K*w{wC zU&wd#bic{Qa-;q?rXQmISN9uo%pdgw+WUS;I6&CYP8*^^e-?D^Iet+U6u#?VO5FW?&vUT0-bcL3iM3(j=b`8~z6 z=ey?dbVh#ZnWvpotMH(=t0&NnKw+Ab(ICPFydU9pR`iB9_5^+5zS(nKWdtYX7e~M? zJw0I=plkdHhYP=2>6%+Qr?jl}!Zk4G>da5H5ycH|k5nTDEa&Ju-;%5(4Op@j*MKG6 zI$*IVzj|)(+@(3wmRiRC;@dl*@_hCEdm69mo3!e9ldtoai^@(s(v^1b z?J?)pJmPrr#On6WOyA*;tM)usJZ9Mr_w>h7zTVTjJLQ90Z^?Z9#yyWL-gWHl=l;6u z;{`vv<+=U$ymx%}$<<}q7rh_2@xBwIPVf8TeU1yGo+ZDI1anQHK%p_#t*7)zchI4x&EL2_|*AOYa$Fdwb8}>)O8g=3}dS%TE8b`KCiYaA1@Y(=($3v#z?zJI}>?{~-3H|+m#{`ZnIM!oNv zz|)g#BV9%P1#PR2?e-si=`XL$eZSLk>GuNHEjaK)bo&fuaoRX81D5g7(c04RbR=70 zX1FTtsWa?YCMi}+(cF#UaNwen5)Y@gzq6;f+wCd#^mIoOB6Hm>rg{lhOn0bwW4OD^ zwe`s;i`BLDd!x5Lg71g=+Dp z2Eq|cCoo>B-|3FLgoGEQoFSa;a0fe_YRRDJaC&b_<|KV!(J}vP_e6qoi)L>*tO6#|IT@L&K)c>)gM7D^`y!+*)xhJQsKiauq!dS-&$ytRaT+eQ zdS!KeQ*%RgV;e3gL%&z-tXR=j+tgCmwpxEdQNhIx6_qkTwRy@XTi2GRrZ)MyTC_mP z(Al9mane(_;hY-VM4D{pz6Zp9GxS#IPUut64-hxpgLq*%bT#yH*MPkiv4cyC8?yD6 zu1|B^aN+FIIruA^S2k}=qPhA{4}N5qA}&Oq#SJoX!;Od=wtf~j{6CEww%#iO1q2RT z_qw)z<^L{pSjN~UZ?MW#_@TSs;e8D6c!~qw?ifF*#v#}Ip#8(-8(Y3J>kDsn)joad z-%IkID7detD!BKl@gI%Zcg3mXYmZJ?{fsr+b&0+B`LgdG+_b%8+f^^F8mzeVooA1| z(_Q+vXJ7uwieLW6hGkE^Kk22~dpdpAu^-O)ZNa+UoT`=`k3KVF&D8AXyrcGgju-d- z=H$s)6LwttdwVEnu;=9a6Q3TDTyog$dEmi2TIY8D?8^7HKxe3T~SB#Kte>lwY;~gVE0Z$6KzyK}Pc;$~u#y(d5t>YKn z)-@!}BsLue}Yl5!Eovq=*`a5B z`3DhNWB*MRwgdJjJlD+K<9y2MtB!*$(%twzY2K^&z9BS+1rA1l>ZI?@qVRWa5!=B1`P-~ozO#23T?^({`>1|DR@4oCb13&Zgx#^ zFWx=pTRGdu{eIjlcegMP&d+3y-#s=^v!dwci@*BuQ})Wt7ymo^Ki9f{_T&ZY7yaw{ zU)OxQtm@s2#p@T(yJqi$udF`4&%eJ?g+|ClnHJ^r>C-g+)cx8I>hpq+-u-&R4;BtQ vxySy_vspcLhu?gubIm%l1GjeO$3BvMX~)IR>PJ3 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/dmitchtread.cer b/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/dmitchtread.cer deleted file mode 100644 index af2a56b01236a0face3fd9e5d2620b2174eac665..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1483 zcmXqLVm)rq#Ik+?GZP~d6AQzWH=PE&Y@Awc9&O)w85vnw84Ma18FCwNvN4CUun9AT z1{=y6NP{?B!Xl0Z1v#k-&iT0or6s9FItre7$$Ey?29_XcZeb%-X$1|J)Uwo^{DR!n zyb?_X=hUK-%(Tqp#FA76$I_CF{G!Z~N<(u4Q;=q6VLgauJ>SG+Vl*1aiSrtm85$T^ z7@8Rx8W=}GxQ511u0b_Peh@I=gZP0xH!)c+IX~A>#6Sq*Fz%Gx%#!4clA_ea6hl=5 zWsoSZuuP_NMq-JAYhH3uWkE@1ejc*_3>xPnhbbc~19M|9FkCyC8XFnzR0du#WUXJw zKl7@eo=#zHRkMA^u5BT6PbPTII^wuGI{M(_z4a>m{_)>LV(Sj^Za=#~X_{NZV&g_T zH?R0Uca7KK9~Do3emYlot99e=e6PsO-M$Nx_CEUFvys;@yjuNlkcbV}2469MuiH{j z_)HsKeQ|B?JzpO6`_kOXh6i)pOqrM&85kEgF|9RdVp?gy1N4rpFeBrC7A6A*a3IL? zgLo{=OsoqGG(obeEJ_9nY#iEbz{J7M%mhs<$tf&IOlAW?HqL}L55~41PK=Bo-Runp zvLM}jEMhDo5%S>$7Oq>q*Bk9fJo#wn6NxSSvIg=XX=N4(1F;4XGr@|o)i!OJcVBR& zFZpe~jg?#Sn?d7Rn5{q~8y6Tf&Na}0i5M`p$z+t26j;Ib+u zzXX_IogMXnjxcCq)Bq`0U}<8M2Xdr=SR5W&tV}>Ihk*mkSxk&#Cd4}nnA>upPHH?1 zH-gEaahp`*=AhJ^%*4FpR0UuvEXl|$Rse?xG^-_5DkSDrDikCZl>k}A#ihBa#R`eZ z$*Bb;5It!?J*gm^rvM5YUwC!1_gVHLMF%y zsS2riWtm0!c_76Ko_-;Qn#lPHSVl27F)}i6WfWSi{d-b)zss~cIb}S5<5n%~jjesq z(lkquWyy=3?oZ|NfJF?$O5;s&4T)p*x-odj+M0Y1KDaT!yHq|PebHV#v z-getwbk)6PG1^=IASqkpP0yZ^#%eOA|G-D9xZ$$E^<}; z`7d*i(<&u8G83POdU@FTTPy8N$tn=t)V6Nnr&IL>nlcjKX0~1O4SA-~o#%Z%hcB3U p*$+lf5db4k^=JS9 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/expiredCA.scr b/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/expiredCA.scr deleted file mode 100644 index 839e13fc..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/expiredCA.scr +++ /dev/null @@ -1,112 +0,0 @@ -# -# test handling of expired Apple development CA certs, Radar 3622125. -# - -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -end - -# -# Original Dev CA expires Sep 7, 2007 -# New Dev CA expires Dec 31, 2008 -# leaf cert expires Oct 13, 2006 -# -# After initial sanity checks, we evaluate at a time after the -# original CA expired and before the new CA expires; we assume -# that the leaf is expired in all cases. -# - -test = "Old CA before it expires, expired leaf" -cert = dmitchtread.cer -cert = OriginalDevCAIntermediate.pem -root = AppleDevRoot.pem -verifyTime = 20061201000000 -error = CSSMERR_TP_CERT_EXPIRED -# leaf expired -# IS_IN_INPUT_CERTS | EXPIRED -certstatus = 0:0x05 -# IS_IN_INPUT_CERTS -certstatus = 1:0x04 -# IS_IN_ANCHORS IS_ROOT -certstatus = 2:0x18 -end - -test = "New CA before it expires, expired leaf" -cert = dmitchtread.cer -cert = NewDevCAIntermdiate.pem -root = AppleDevRoot.pem -verifyTime = 20061201000000 -error = CSSMERR_TP_CERT_EXPIRED -# leaf expired -# IS_IN_INPUT_CERTS | EXPIRED -certstatus = 0:0x05 -# Verify IS_IN_INPUT_CERTS -certstatus = 1:0x04 -# IS_IN_ANCHORS IS_ROOT -certstatus = 2:0x18 -end - -test = "Old CA after it expires, expired leaf" -cert = dmitchtread.cer -cert = OriginalDevCAIntermediate.pem -root = AppleDevRoot.pem -verifyTime = 20071201000000 -error = CSSMERR_TP_CERT_EXPIRED -# leaf expired -# IS_IN_INPUT_CERTS | EXPIRED -certstatus = 0:0x05 -# IS_IN_INPUT_CERTS | EXPIRED -certstatus = 1:0x05 -# IS_IN_ANCHORS IS_ROOT -certstatus = 2:0x18 -end - -test = "Old CA and new CA in input certs" -cert = dmitchtread.cer -cert = OriginalDevCAIntermediate.pem -cert = NewDevCAIntermdiate.pem -root = AppleDevRoot.pem -verifyTime = 20071201000000 -error = CSSMERR_TP_CERT_EXPIRED -# leaf expired -# IS_IN_INPUT_CERTS | EXPIRED -certstatus = 0:0x05 -# IS_IN_INPUT_CERTS, !EXPIRED -certstatus = 1:0x04 -# IS_IN_ANCHORS IS_ROOT -certstatus = 2:0x18 -end - -test = "Old CA input certs, both CAs in DlDb" -cert = dmitchtread.cer -cert = OriginalDevCAIntermediate.pem -root = AppleDevRoot.pem -certDb = appleDevCAs.keychain -verifyTime = 20071201000000 -error = CSSMERR_TP_CERT_EXPIRED -# leaf expired -# IS_IN_INPUT_CERTS | EXPIRED -certstatus = 0:0x05 -# Verify !IS_IN_INPUT_CERTS, !EXPIRED -certstatus = 1:0x0 -# IS_IN_ANCHORS IS_ROOT -certstatus = 2:0x18 -end - -test = "No CA input certs, both CAs in DlDb" -cert = dmitchtread.cer -root = AppleDevRoot.pem -certDb = appleDevCAs.keychain -verifyTime = 20071201000000 -error = CSSMERR_TP_CERT_EXPIRED -# leaf expired -# IS_IN_INPUT_CERTS | EXPIRED -certstatus = 0:0x05 -# !IS_IN_INPUT_CERTS, !EXPIRED -certstatus = 1:0x0 -# IS_IN_ANCHORS IS_ROOT -certstatus = 2:0x18 -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/one.scr b/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/one.scr deleted file mode 100644 index 16622629..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/expiredAppleCA/one.scr +++ /dev/null @@ -1,35 +0,0 @@ -# -# test handling of expired Apple development CA certs, Radar 3622125. -# - -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -end - -# -# Original Dev CA expires Sep 7, 2007 -# New Dev CA expires Dec 31, 2008 -# leaf cert expires Oct 13, 2006 -# -# After initial sanity checks, we evaluate at a time after the -# original CA expired and before the new CA expires; we assume -# that the leaf is expired in all cases. -# - -test = "No CA input certs, both CAs in DlDb" -cert = dmitchtread.cer -root = AppleDevRoot.pem -certDb = appleDevCAs.keychain -verifyTime = 20071201000000 -error = CSSMERR_TP_CERT_EXPIRED -# leaf expired -# IS_IN_INPUT_CERTS | EXPIRED -certstatus = 0:0x05 -# !IS_IN_INPUT_CERTS, !EXPIRED -certstatus = 1:0x0 -# IS_IN_ANCHORS IS_ROOT -certstatus = 2:0x18 -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/bothCAs.keychain b/SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/bothCAs.keychain deleted file mode 100644 index 40486135eafc2ed579d8e76175315019e6e5681c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 24188 zcmeHP3vgT2nZA-OTecLu3bomgP!VLLS8mB_Y21deSiIXD!G zOhO0{LbA{T1)40dES+Y%KYm3_Cc3fRvxye^jlWz zdzQ5Zb=K~+to7K{HU$0HvN|R~PgvHKH=^#M6yCN}6*pEJ0c{w<^FF2NCU42`7 zc+Kj~t!o=Mv^1g4JSfIU?Mo6ngs`3ms`NRT>JO{3UI8>)Jy{+?ox<$(lGtSxG_G9P z)7QyOd(6D}mUz1mA2Xqxw=$@6+}oNO*0wcnUbkUoOSob4B~6>KzZqHt&BlRsXiamB zndE2-Us~VMBuE5LaSomU_RSc})4r*-wF%2Wx?^E2TP0Ag1*h13O4^5xb>>)}jpv4z zZ*FL6>j~h%Uu*+eW z!w$d>zz)C;z^;H@0lNZr1?)=Lm9Q&eSHiA>T?M-eb`|UiuqVKt0DA)LYS`7Vt6^8e zo(Ov)?1``^!nW!-;E>F9wisnK&~u^7p%*0aL5XyAB~n{9rViW0YUATOx}q6)ReZ_T zex7Jww#oKYu_YTmU$pPUV@$OCx7WU+|EgG{YTw51=-Hmxe^m_1ijQ=64`hs=DmG=s z$K$c9Gw`Zdl@0GvjK3;QWy2SU{yWEC6`!)<3q}8(c*Z5#PRWM%ivBzCG7gQ0x7$$6 zzaK!I_U$_H?(MyzA=-7&Qm8(DU`OWs^L(O>?@x5~pgu*m&vS`3K9bnkZ=*->JcnrG z`}+nm<41)NK9bm$(SD@?-m6%@$i=k%FB0>|{>t&2V1O@RzuQtG!i1~BkCmP^= zV*Z?XlONwlNy4bc0#Ye98880akKSONWh2kR@p7D|*@j{!9ZrG4gyV@v{u@JO|5oBk{8h@XR%2ypi~`4Die~WW161 zIR<#<8ZzEU{9FS($4jl|D4!1LIV@kZho7~pyA$ao|13k~o*c4WMf z_(hs{o+l}p@rP@jTuxD~e~HhGKW77Ig3pXUOAPUu@h4=6&x}93PB8I5Gyc>X;xpsV zIfnSm__Ndi&wggcA6_Hr_Fol$&NINP;?HLc@T&N;%mA;7KfFHF?Y}DioNs_v#h=d_ z;8pQwg#lg_e=abY;xpsVN<(~R{An=6 zXU3mKLwsiZX)?rT#-CLNc+PWX{8?>)SH+)Z1H3B!gbnbj_;axVUKM{XF~Faa*2T-3P@qA99i+2hCiIw;c1H3!Z6N?M1#BVUb=fwv*ugSn)YJkrdi z7(XX|qXE7ker>Ef!~abN_`+@d*Y0%S#kr(*NN_xcsXSs?wf(Ru!gim=ZC)Iwc@II~ z$G!eW=>1S^d+MMEpl=~GE`r_&eFOLRXG0UvW4O0p4n;q`N1(tIp_P2Ve(a2Ve(aSHP}-T>-lSb|vge*p<(uE)}cLzp5k@{otkF1lSW`Pk_x! zxoX(eu&ZHD^g*wHJ^}q0ms*X`d!fI;Wz$mVZs>7b0-=pFhM+Iu_DK~K?M*p~$5LJ> z@Kb@G`dd6=0{67N&^Ih=Ixy3LnT~d5pq&{Tp{O?l^@5Gi15mUx6Jt3u2}L_+PKEYE zU$CrMXlK?I=#!Q;J0IEs1%5X0XVpRXLEo^fIYB5ebAXwPcIKj;xsO3nZyxH+I{^ea^BLmP66b!XwbrmbGXd^e`0o#lSD#2R&g~X9uA@P+*n- zvjpudK|4!6u&fa3g$_X9!efwm&;%6z)K0Z53w*Zl7;;Jt3|LyTjZ!v>Gu3}`k+TqL;wSq>8Q~n=ch0#Ns>7L?uc+p{1zgNEbogZc zC+il5d%L4UBlAt)n0Lti*tA78FVZ(T->UUPKIZTyd~%+PY~MO|_D54b$o1&cFcr&Z8DRWe)^%heo7w!u~c(HKGn0LY~$!WW>w?JIWB|h_{TXW zpPUzOYhU+ZPwJrNnx=2%P#rGLF}Y-aef8blvEECg198MflvA3a0jLgN6Y7ym&PjfI zyS@16E047bs16Tf0(s=IR@y$;8IKO^h;>EN3x=F^&`M}7PVBbjf+W7Wy6qrEEV=8T zRZwmG_OW;-0^0cQXuJ#c**@p04$8zq8z1Z1o7a{OkR;KlnOPW+iB_^YG6a{Ofb zvkdTVMQoUDf>*?bvrO=c*f7TguZRtEP4Hb~V*~PS?fG{rV#9nBydpL%7zgi+4O}*=_ z`l{W3@vf3HHq@Hn#k(F({5d9g@vaB))H>)=sJ8#&T`6b#ygt>&i+81*`11_#E=6op zJ*&#Leq4&!w#=k`MQmGcf>*>g)w8Os{wrde>RDA*ydt)(F!5gz+ZelY&A&6YvEF#G zP4(=`*&oTr*haowu}$?H%gF_}EsSk0MQp3X-dugN!T7N8ir7|ff>*@0l_q#aY-=#V zD`H!t30}O%<~+8WjPR-V*qr!PCU`|`TWx|D@3A@CZ#Kb;_t=Q1)pdPQgDa3m(iSBIZiNtvsK%3Vms%KixV?lDYqOQD#CpO#l3H{5}H_68_ zARoD?nb#-ujcw|1N#A%)o$@V;+jYIsUMBpajDD$}f2sN^edBdL`3i9@wj+|@rJ-%p zx3y3c-#h|ajQbg}t+7aFk4Mob zuEQmLq<+sPK=6zS$zb)9-StD|+crTII z0^GulZQY5jl+Cpff$DI{wZZ#}3JO2JbVH&!6(m!I&!N zxbfbo4yPQq$$~Tga|4lnvCTEst;r+DjrSn!aof;)eTpe%lZ!K};}f}fJWXYX!1!P1A;GCE^)mkr<{{qxx|nmSFT)wXI`E8kbdRLC2r8<;yICXkS&+^ye5zI zDOWCWqb8SJ8{_2?H)-<8wV{(sd_j{_j$5`|;$}@AIc~XfiKGD+*FS~Flq#1PM!C)! z;~bESb?x|;<+YLq{$=4DpxLXpC*@F8{_2?_iOUW zwV{(sJfO)b$1Phf@nuaOIc~Xfi3h>OHSLrd80SKlL(|U@l1K~1Z!K8g+YlW{h#SPT z*FhhG>TtE%T+v?Mr(t~`xo}?&ckFw4FGBJ?Y{J)ryN;rMw)-4k(c}x$Kk>T|`jVNO zw4m&e377bd2)PRJ4&pVqagELN{pG{h=02xnodfZE5!NpV7qads0}=SWIDk*%r$gTPZB3&lHw3PEuIT zeo$CWo5FAQjly!qEDFonUkb|^gCO>}m#4O^Aik-89{1FE{i(-2fU%|oh5mWm|K#It zC6gFzAwhgo9pi3ofz9KYv4in@8+0m^;)1&QUWnsA)_7c{kALyb2vAX#0f!z2f_DeD8zrZt(pJ@eT#+ z(I4U{t_(lZ@xt-nS*)Lq7veoTVp-0ZNpXpHOt{T*#!-sP@gG(!m$B95_-`tf^O}X? za`<^HITB}s*hh7Yj~(|JKUYAvK!>1mjAmn-!ZFEbANhVE-_djYCmY*M$KQ-`NXK8t zf5@?ZIu3~U{ZKS|JV*GwkMaBn;kg3-c=pkN2%G;q>V76wB-f4Whbh~QadIOjxN%N! zFNQWjw?n@u_CFlD#q|nw>ES%L%k6gMg-QyF7VK%>^E+khdW}ud=#n zs6RFk?G7@N3wA`~iC|k_Um|qoq_Wyj=)9UxO>NEcnwoP%myIgGzRN;0YNmyzq-d(f z(lpeEh7X1OBkj68R^ISkR%rNk_wcaw#CgfPUw+>5Jnz5f9}8+1?VmCK?kAu7>P0_K zHk|j=+C6uCrtIT4Pre%N`e;k{>mNS!`@lP=_I-EG+V5|@-?#ec(+j>Ch)sQc&ttFy6p6ncb|FSv+G-<|Nhj&U%&0>g5O;5?A?!et_}5l^5Yjz z)*kw&N1l3TMZw>EZSa z-2A=APy2V(|ET-;uEf)xgBLAbe&30fL$i)ge*IQg-KhnfR<2dX59LtjD4#ico;I!v zw>32e`A?uh{IP6Du%RAc$gI)JVobfZwQD`?z9dZ2nKztowgy&DLNMhn9;)JbEm~EdBpaYqtNy%igzs@W9IEpMU#j zubnu%WbcmM=eHgEyXHF!?zp(E^ZLIHtp0U)_lE!YiF^8sM-CRuF7OWD_SFwRnftpx zeCvgezV!UJmaX{YKhTEUrbjFt1%P;?M-Pe9O@#Xuj`TB;Mc-5^Fn{R&joL%Ss zb$jEcBOC9pId$sF8SnK*-`(@zWxHl?3|;qXU?E?x{lBwjMM9os&E_$7ZWsvk@ez5|Gh!% zW8W!QgO*E7guN{Wjboe6ImER(>u-UkbB>W~Z7F(^g){{)TSzg>vj#4Z|w`NW&ak_o-no&W2fPJiJ=*I(Vl`!5jJBG&ka zhZp|KuU`A~Yaivk-T%jlML*bo-|67{Gk<#Un?DK+Cc9k!_Kvmg>A%1Clcqm@`uH#J zPk!L+lWf!e=0~{o?fU^vuK>a^rsV%OBW2yh diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/ecExpiredCA.cer b/SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/ecExpiredCA.cer deleted file mode 100644 index 74cbc5d09b1fc9acd855ed5c9f14666c39a2a1d3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 463 zcmXqLVmxio#AvdBnTe5!iILfWn~hVe&7IR2 zf^%w7i9$$fafw1uetwC8k_5kzfq|K!fuWJ1rJZR})yasHZLHTePM8Udb*o!M`_-PWLd9 zW@2V!U|cM0AZWl3^n$D~BjbM-Rs&`rh3sZlkeeGBCRZ)enHTrpvyV@(X0PUXVb%*T zO?*-<{zyOBGSfQHH}&bpx$D|@XuY=G-M@%6+aUk%wWHsR=AT-$@sSPN+Rf38ue)PT zpGloxqrtP|2*WqG_^TUASTyY9l0?qdvAQVR>He-iyzCEev*V?d3(X~)SSQ+>SWds; PGhg|FWME)sXkch$XlZC@Y7m7Y0F;X|P&AY`kcAi`hG~dTYGRr} z<9q{NguRTc49tza3g6#xfL6vPVaZVxN{+!Y?I`CruyF|oBf(kAG=Y? z#LURRxLDXg(10K430YxA#{Vp=2F#3%49IR~1-ZGAp?%x0mbFKdyylDlF!inbZ@tST zb;XUO2^JjZvl`~kaViLW@FIEdWXBoeUw&xJ%70q7O7y344cEz|*B5+V$T81VVcw~_ z>>ghJ(y1mtjHG?pS8e3n(P$?7m21&op(za0kBj`TD+_Fu&pI!4OswtEt-sI3nu3bB QthYEOE&rLXx#(LD0OrlFX8-^I diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/ecExpiredRoot.cer b/SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/ecExpiredRoot.cer deleted file mode 100644 index c269fe3c29cfd28d6ae6ca7e873e5f948f888cf8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 465 zcmXqLVmxcm#AvpFnTe5!iILHOn~hVe&7IR2 zf^%w7i9$$fafw1uetwC8k_5kzfq|K!fuWJ1rJ}4=$>||{?%msodw(QH@z$K1b?&%eh|rx%`?eLc z>m^HjR%xjAYNx8`L*p3p zY;w(9zI3(1t-{^ABMdkA@g3|_T6kOcpwX!uTi+#N^&8u2zjMd6GBGnUFfJB05H#Qi zhJ~y!BjbM-Rs&`rh3sZlkeeGBRIinIuAfk1!dxi5?_>EvpPwy799kiJGIr#;Z0p~B z@bbNBjsmAPv&e03_WB?5^Hg8Fec^_Lm`YaXqPxP{_xG>cy1?x6Nu|b+i_V97CwF`F zDzN{acZN^=o8^WrA2sC8p6Gq@_SLzBs@98l;(4#sJX~_+{+;f>yOg^C)v8W~y|8k!nJfdmYJ0tS{)0RwqMSp#W^F(R18 zI6E3N&Ntvi*vrVuz}(o&V9?mf)Y!{IhUmNtXOea9xPt%8{{=OWzpS@@<27?!%v z|FZGQ(d(PsZN9zz)*E9bbb@Jza`OknH$UgArB+-`VA-OcwxDm(mhyWgyTkWAVdr)RATH7pis75Av0Yus$QJlG|2O~eetpFd;eU*x4e RX`3C@tP){Rct%j$8UP+%t6Km7 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/ecGoodLeaf.cer b/SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/ecGoodLeaf.cer deleted file mode 100644 index d77ef42eb7ef39ffa786cfe8e30741800394890b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 463 zcmXqLVmxio#AvdBnTe5!iIK&Cn~hVe&7IR2 zf^%w7i9$$fafyPnqk)nHzmb7~nW2H9k)frbp{YR>NWc&%U|_^fe$i%2{v+v|j?#CsHal&cqHE%O%Q^Sks{X37 zCs(c<_g%Urr@Phr!r>$P9ybTxdf^iEkLBe_f4LPKq)zX5zPNKCn{1Qhe5U%}CY$}5 zPanHc%EZjbz_?i0K+u36=m}Y2M#ldvtOm@Cj10(bW(B#qkwK;^-EwaImOv5pZL*h6 zE0Gr2m%O}=|63}vR^=A8BYT(L0|3ZwuNwdW diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/ecGoodRoot.cer b/SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/ecGoodRoot.cer deleted file mode 100644 index 9d4453e48e07342c36ad98096e767e8baa93b3bf..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 465 zcmXqLVmxcm#AvpFnTe5!iIKs8n~hVe&7IR2 zf^%w7i9$$fafw1uetwC8k_5kzfq|K!fuWJ1rJ>95GY_^2^Ap5n8x`Aya<~a zSs9ocdl?KGJDD0A8Ft_JYv=SPcFKQ1@7!^%Ow5c7jEjX0 z1P%CsVIeEb$oQXy)qojDA-kCsLj)s+fd?3X~%7Cm(I|Zc!+B^q;?(3;FLd{)RRd&Zeq_k(+oAK-Sqdnd(P^z zI=edOkNlT!=G(pBx##yg-+A2ce)qAv??7a)<+3Q1&{})T+Ws`YebCjG<>|Mq8N-&< z@xEnkLY>ZImbDqXy2qd&TUPHh=yl85_7dtYOXF>9JM0Cw+SYN{S1ikgc3eB4hoLV* zuUVGc3vGp-go4j%6xg(P!ob&D=C z&4qVk-^_{lrrzG}w)Iq?JcOY7>Y4c`;x*AA*@#bRr;Jt_lH$kuMnE6o-7ZdPEqc9DeSTeL+jTM z4E1r-99s)uVowdw?a#xxi~7ZZG&2Y?ya%>>eeE4Ahw&UwCY|br3*sj;n9Ln4w=wT>q4{Q%?4{Q%?FKjPt zFKjRD0@wwx3t$((E`(hOyAXCE>>}7ju!~?9!7hef47(V1G3*l9C9q3im%uKCT?)Gt zb}8&K*k!QGV3)!6!S=!S!S=!S!}i1W!}h~2hg}Z49CkVE3fL8}D_~c^u7q6)yApOK z>?+t*u&ZEK!LEi~4Z9k4HS8MLHLz=7*TAlYT?@Mwb}j5Fu&2PD0(%PVI@oov>tNTx zo(g*^?5VJ)!nPVY;E?Qfwj5>k&^w`PpzBijpoAllWO~cSG-8`rZG2)h63xP^;!Cdf zJ)(WtCfirVmRxwRXy1v)m}vQLuYE=TRk23ZzKtIp*q_~hRSe3B5BK-Sv&K&qn{wh4 ziP)Yjyed}Z!WSsUUlpfv;R{9oo#U^HPr2|#qW?}j;}UJBSip0+p z+jgP&$cGpCO9ns75YKo?k?qeG+jgP&$k#sOB}L-rh;6%2eB{G3UQ#4JAhua1B_E#g zk|ObQ#kO52KJwxHqK?GRGr$ug&zBNE-vG~Zu#7hnzrX;`TtmhiiND2Dj5iX$ zOcT%ZBqclkaIKTeDXR4^@!9d`GXR?4v*XVSLwt7p2^!+F;}5SBO#IJ|KMjWX?D+Fp zLwt7pS!sZ0KeOWxuaR{7uZlmb4DhP>^Em^&D*miCz^md9uMc(muZll+8Q@j%=ko@5 zRs30NfLFzzbq07<{JC2b&pexw9e?gYna=o2e0Kb4G{k4epC&_mcKlgyh|i8c&4&2w z_!Bb3XUCrwLwt7p*u_A8<2XYq?rU`kN0WB>}g1a>LxQrM*z zabF)kl_4gU9fMxReSO$I*gn`k*nZf4*nZf4*yXUxVVA=$zmD4sXt$yt`U3RlxUUbp z5_To*O4wDft6*2bu7X_+yBc;i>}uFGuxnt~oKIgW)}nv4DJc5EOTQ_wr@)>9o0oER zulpN!Wz7a=HZZf%&K$HeXDbx-=Ad361U(5wJ99CXb5l^XGjAqz82Y+p z%||=)cR^pWtOZ_ZFBJF%z~9~oJr2EQSqlSDU={+i2<rnqF(SM^j$m#Sqx1=;ZMU%%d)^{3y&eE)WhJl0P|tygcP0|oKo5y9SA35 zLxXK0yO?o{eDZj7*3HK!+xAJmP2tRQ1@e(s){&gK_?)pbmw!C(oAAlHWlhOsJk~do zjHWxxwlL0?SCdc1R_S9+hL0WIFcjY(#?++y+lz1J2eNIJQ&j!ljB;|aUlji>yy-H2 zl2hheQKF zqPD^Q=-Bvt(>LZFaz8e0QO%3=P0qJ!{g972ya}J2=Mvku-UGwYv=4GU`ZW2t9@(y( z;~JYU+8+uh!|g*6`_LvcdFiJgs_Uop5fDo?C*)H-E6O#F&SO?Jj-2BPsE&V}WAe#) zDef5R9~np=)Lhf_trDuk#W^OI?60q>zdts3e>9#zTtqpg6+UI_Vn0` zkG}F)tA^_EFeZ>k9&6=2BYlZzd^8q`W)=)N8=*DOe4N;A%eoZ4BK>xdB9`2Z&|0WA ze*Z)~69H{}e>4$6eYVfJYJ@Uz(8k9i`;(~e#LIiYD9(s;9m>LV|KrIx3W%pRLZ?Bs z+s7pb4_7CCx(PlJi4O}r+vHl6_kgjP5vTu|^LHw}oAH`b(iM*lCdW^<98Vrcs%KCt zzP1!9Ll~7a5RSc92;U9p{nOmPG3;P7JF_6qkF=zoOspq zsGRu7NFuv^)$^#F_~H0a_Sy=-AMO5&=ehJ>j^A7pym%kPiJxbJ-xD2_<0spnZ-93z zV#5LxydpN-Zh}|DhJ_}0MQm7Pf{#p$4am2(=ijY}4NFY$irBDp61+1uaNSH68}88L zV{9N_zSyvA5-#kvg~zsA5gV3cukNwsR>TI?v#MOjwp$S!R+zM}hz&s#ydpNxSMC0b zca@y6p}_<%-t}r-vKcvs4aUuA%IDPo)ISyis} z<5I-7)h6vLV%r)Mydt)#o>k@aUlH3>&#H3b6|rrtiT{e&#@Ll_{++Rn^(KpLs%KZu z{zyK?HuB|*ZK~&3PA^g#1KIKj&R+PpqdJ=1a?3zDk?b>%fYvAM2K=wH6RNj{DN`N&1h zzCNLEY*U9z`o?SOv~N+|t{aRFGT|3x^h@>pOVwBD8?W=pSA=V^(QuNNhPF-LI-w@M z6$or8?q|ey$HILBHl58!-^i)MCw=2JfIV*Q;lAhq3<%45p_`#PT&%}AVC*GVdDHOl zKrDT4sW-d_C23Cj)(zF+lykxOOU_cRxp*|39O9LEnvebMf$H$d{+6J=Js04UH%Vx- zzf>JA*4^>|V(c#rh#bFd*w*2b<0oT5Mbp4T;RA_VSjkBrw`+1rA1hIx*s_+fWIP;6 z%7ae&_(e@V>0_1PtK1YFjmB>!B`4=(hbE_-lWM_NfMJI4Q zV8~S~xC%p21i$fE#dF_IO|BNy>HR`HJS?`k#`-mRf{oCsL3hE z(1-f$bFN&1!B59Wxn}%=PnAnBmD1sozD<@(@T922C&y1Gml)CHlsDE^$zk zORkN{a)~c#^2xQKlS_PAlT(gcu3X|Pnmlsc^5qgK11_$A3XdsOE^!FuI%|w`KrYs` z<6DmBrjKayv7hqTB%dmmcvO>1`ZifEaafa2`j#)3IHJiVeVZ(oII77fean|id{vW+ z#{uU+Czm*;$tn9gSuXK4O+MM*64d89QRNbkX>!T_>f{n%H{{gGC5~%y$}yZQmv~&0 zPmZA<_3bfK+?RMllS}$GSuSxxlTXfxPA+j$lT-RQSuSx(lTZ3sh58)7e7VFQYjVmt z$(Kt!X~>l?m-vPuSH4{0o0?oaCvwbkL7#={ zaCO*R(Lvs)VSOLDa9<90><4)-Lh?Ol!Z(1sj-r09`y9_}^0m=F@w*WElAW8hqwKT^ zm-vkcxr*=(;)A$xjm^ycI)za3$H zUk~o}g$Fi`?C-M~nO|&$p4H^r!Z8!SB_Us}=qE1y+xqc@2+v|NyuH}}9ZlZN3A&&o8<8hTa{>3{ZtjqGu@jqVQ6-cFdSSKLV z(LS57kLy-^k3mmD&p|IiuR}iqoX33-N+F=g_6h%c#rNU(-Ur{^;QJTi9SYW?Kg3a7 zS$<~Xh2y`oSU(dl#CvwcvYauK;u7zeaGT|fqZF6pKde|TW2?*Y-&8E;H4DY%@bgk? zJkAENkLnm7JMJ@nu7&P`jzQ%ZExh-S#9zmM$gzGV z4v6>tP;~2fj`Mr3^ZW>*4*_)L8V!iF&!Fgo_mF7Nq8yU#pv_WVOXP5ymd)u-3r zc&fEwhTG$^T;Hh)Rs}22g;_N&*KfTAK@Yy1J{QpEL)McIpI!F+1HWy1qP*(h_m=#q zrr^qdt!$63{$$3_&p-3|%^lJIc=@@%`s#(Hzg+hZC(ah^3l4qy<2PpR|jD|-6iV&8?=ts5J5zVlMjyZG+eeYOAc<$}=syO;m(SN`$4pZFhb zy4ru`(c~)yr|wy~=BexLr{`ap{`L`9uw1J_%EOV z{Hbhjpt%WP$oyNE#e{m@ot?d`=Mn*|_Q1uXr=I!Vse6CixZ$=NZR;YfH*a3X8e|+p z?67|$yaO&DhF-!UhU4A46$;z?Eb8onQtW>5+Jw3B`0t@T^7v$IWgS!h77HA{EXVK6 zJqK9;p`YYk3(e$eD$J9F}xG+DNd1U`Gu}oY8uo}lD6U)YbC+@w-oe+Cm)N8|e$j zr?!rTmjA$KeRy>5)n62r2bbRL`o)p3>#>TffAQ)M|NW^G*T!xf{XzNsXC5zUKXLWJ zzSnGMn%r)HL@eXS)pK|47(Ey{`O(cU{q=i4>723Z_5W+{`m-aej$S;n;$NHBe^9pg afx4Cr|9Rv2@7`1S>4$$80EFX5@%%rzJJ(MD diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/expiredCerts.scr b/SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/expiredCerts.scr deleted file mode 100644 index fb7213b1..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/expiredCerts.scr +++ /dev/null @@ -1,147 +0,0 @@ -# -# test handling of expired certs, Radar 3622125. -# - -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -end - -test = "Basic sanity check" -cert = ecGoodLeaf.cer -cert = ecGoodCA.cer -root = ecGoodRoot.cer -# IS_IN_ANCHORS IS_ROOT -certstatus = 2:0x18 -end - -# -# verify that each of the three expired certs really is expired -# -test = "Verify expired leaf" -cert = ecExpiredLeaf.cer -cert = ecGoodCA.cer -root = ecGoodRoot.cer -error = CSSMERR_TP_CERT_EXPIRED -# EXPIRED IS_IN_INPUT_CERTS -certstatus = 0:0x5 -end - -test = "Verify expired CA" -cert = ecGoodLeaf.cer -cert = ecExpiredCA.cer -root = ecGoodRoot.cer -error = CSSMERR_TP_CERT_EXPIRED -# EXPIRED IS_IN_INPUT_CERTS -certstatus = 1:0x5 -end - -test = "Verify expired Root" -cert = ecGoodLeaf.cer -cert = ecGoodCA.cer -root = ecExpiredRoot.cer -error = CSSMERR_TP_CERT_EXPIRED -# EXPIRED CSSM_CERT_STATUS_IS_ROOT CSSM_CERT_STATUS_IS_IN_ANCHORS -certstatus = 2:0x19 -end - -# -# Verify expired cert recovery for each cert (not leaf though) -# -test = "Verify recovery from expired CA" -cert = ecGoodLeaf.cer -cert = ecExpiredCA.cer -cert = ecGoodCA.cer -root = ecGoodRoot.cer -# IS_IN_INPUT_CERTS -certstatus = 1:0x4 -# IS_IN_ANCHORS IS_ROOT -certstatus = 2:0x18 -end - -test = "Verify recovery from expired Root in input certs" -cert = ecGoodLeaf.cer -cert = ecGoodCA.cer -cert = ecExpiredRoot.cer -root = ecGoodRoot.cer -# IS_IN_INPUT_CERTS -certstatus = 1:0x4 -# IS_IN_ANCHORS IS_ROOT -certstatus = 2:0x18 -end - -test = "Verify recovery from expired Root in anchors" -cert = ecGoodLeaf.cer -cert = ecGoodCA.cer -root = ecExpiredRoot.cer -root = ecGoodRoot.cer -# IS_IN_INPUT_CERTS -certstatus = 1:0x4 -# IS_IN_ANCHORS IS_ROOT -certstatus = 2:0x18 -end - -# -# Verify recovery from expired cert in input with good one in DLDB -# -test = "Expired CA in input certs, good one in DLDB" -cert = ecGoodLeaf.cer -cert = ecExpiredCA.cer -root = ecGoodRoot.cer -# Verify !IS_IN_INPUT_CERTS -certstatus = 1:0x0 -certDb = goodCA.keychain -end - -test = "Expired root in input certs, good one in DLDB" -cert = ecGoodLeaf.cer -cert = ecGoodCA.cer -cert = ecExpiredRoot.cer -root = ecGoodRoot.cer -certDb = goodRoot.keychain -# IS_IN_INPUT_CERTS -certstatus = 1:0x4 -# IS_IN_ANCHORS IS_ROOT -certstatus = 2:0x18 -end - -# -# Verify recovery from expired cert in DLDB with good one in DLDB -# -test = "Expired CA in DLDB, good one in DLDB" -cert = ecGoodLeaf.cer -root = ecGoodRoot.cer -certDb = expiredCA.keychain -# Verify !IS_IN_INPUT_CERTS -certstatus = 1:0x0 -certDb = goodCA.keychain -end - -test = "Expired root in DLDB, good one in DLDB" -cert = ecGoodLeaf.cer -cert = ecGoodCA.cer -root = ecGoodRoot.cer -certDb = expiredRoot.keychain -certDb = goodRoot.keychain -# IS_IN_INPUT_CERTS -certstatus = 1:0x4 -# IS_IN_ANCHORS IS_ROOT -certstatus = 2:0x18 -end - -# -# Verify recovery with both good and expired CA in inputs AND DLDB -# -test = "Expired and good CA and root in both inputs and DLDBs" -cert = ecGoodLeaf.cer -cert = ecExpiredCA.cer -cert = ecExpiredRoot.cer -# throw this in too! -root = ecExpiredRoot.cer -root = ecGoodRoot.cer -certDb = expiredCA.keychain -certDb = expiredRoot.keychain -certDb = goodCA.keychain -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/expiredRoot.keychain b/SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/expiredRoot.keychain deleted file mode 100644 index 67ebd047e16d5eb3671abaa3cba8d9c34bf1aa0b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 23232 zcmeHPYjj-Ib-we^TcfvSJARGd@+%%W#=#AbktG=oNPbANV;cu~B#rHXu_R_jvP2+^ zgK?Z-6VuQng%C{Rwoc=;hNQtMw6Q5Gr7R$rc(L5ZNk|u2xHL4-W)bqB^!x6dGrAs~ z8J+VZ|FYNGGk2eRzVGbwxclz=n7M7NZ?EODC{@rpd&}B!65r*}t1ZjZZ&@>jEUV+P zWoMq9)3bF057uZ(DwvNDl*|J<{$F&oB5PAxF z!Lr<5XdCnx6ns`tVAI|S17CBY3x!$V+|||5)6(A4vaYAAxvjOMsVB5y{YHCl3qFa> zg?D4$%!&A>?(WXex-H$UUD!_!*2~4g^63*fLK|9Ix7h^Pk3LzRJRIETpUAPPsk1Az z;f9`$jV)W+TT!P0iZN3AlEMxltXBY4`kYGlhgDgx5Spu=EDxYgQSN#v?6L}5)~$;T z_Hxr6vtoQpyj_ToxlqnqCDb|YovqCqJ6n1-ZCTeIYVNtIbvyRAK}(>yIIs?_S&lK2 z9G#)9P2H`6MDUd6;i<;HITLxhws&;2Vi`zxxR$LlDA$5h>^`OJL&usok!Ragfweu& zt)1PW^`T}sWmY2-Ek)R_XVDzW+%3?9P}m;W9@rk(9@t*kUf5pP zUf2b&3t$((E`VJKyAXCE>_XT@u!~?9!7hSb47(V1G3;X4C9q3im%uK8T?)Gtb}8&q z*k!QGV3)xzgIx~09CkVEa@aoDKG;6kKG+qoD_~c^u7F($yApOK>`K^Gu&ZEK!LEW` z4Z9k4HSB8GHLz=7*TAlUT?@Mwb}j5$*mbb$VAsK}gFOZI6xdT>Pk~(zyB>Bu?0VQ! zVNZoU74}rvR*(Y@$zEqGP}T^&3c410Z3-Wha9>|Cy=7y9*d|sRpBU+jWZ_luC0F|% z(Y|bx?W-idDJr1&Z-k#i?BQLeYQc_^aYmE_{*bzZ1{6MB6F3@WrD4PP~jmli}?)6!Y%` zP^W#nPNIL`fM|$z5LyA%$Hzyq=bz^jZTwKOFNXRQ**?!D+W2sCY{*8B<9QCz#t#j~ zv*SmN5k8#Uo7H};0lrwVevyl5`(GmFkNuV7H^l&7nn=%|6JKwDFB9|U#7{NAmy7vx z;*q~<_unVx&xxOIfUg)z&z}?jAssyGaGg^aFDc{*LT89=d}U<9@sB+c&v;3Z_?cqc zE)*a6@FIW7;Aa`)880ca{n=vME)*a6+Go6^Nc_0JjYJP8;Nf)!1LIV@kZj87~pyA$ao|1OAYWmc4WMf_+DLNc?h5 zJkOJq?D)gAPA;dY*1yDO$Da=aXoAm(`JBI#h;J?UKM|CG{CFk&rJq+Rs3l;z^md< zhXGy{e>NE4RqDZ+OD9=CaMoO-?j{RQsz zw?MxP#dbjudJK9Ap>a9%PUr>P-(LVtLeJvfeian`EItJVrUdm$Vo=y6uuEZ=!Y+Lp z_x0gZ8De7DVd!(XuMfK%b~)^F*gn`k*gn`k*cGrVU{}DdxQN>fXt%N-dII`7?(4&@ zf?Wl>3U)Q@YS`7Vt6|r`u7O{{5h-%ejD)}eoODJc5EOTQ_wr@)>9o0oF+ zu(3HS{3#Wn2QGjSr1NpTq5wIw;zkaR!g2ilM;I z1b*hP@Q4ZAvkpTqSk`P{W&<-D?aV(Fdt@4Na4A`DW#o}SU4FS z90;}8#f)3zlgFd8ZazNQcDdx+5Y9YTARl>U9m$!C&lx*&`N#9V37@Q6)|5=fqrJn) zNV>yp3*&5gHTh(0l|I&H_}Jm~gYkV~OijAK-S}pHAlqg+Mb+=kC?_ZTMe$w1n=a!g zIc2^zUYehieWO%f!I|zqxyV@rHSv@EqKtE1*>}!)F;s^$J6}=Fc{{k6Yv}OF{7=>` z3Jvr}M#txyzA^8R`>|<@YF?yoa=umThkVT8P59(Im)O2_j}1lAKFIZ0uF1#s$adu% z*V=rM{+4hu+&0(7+W2VSz9i~9@$w!piZkL|hq5r;|9CQv0^+Gb=rpKy z`?%!b;p)UsH^C?R;zI(@Hn~>iJz#8R#OZ(L{GCegX1u19Y>Gz*lH(^^jwg>J)iWp+ zUnqsj5XNdsK~pRm<^=^r&JA-6?Xigtj6_kNV?#_3s(K#f^aWLHvFBzWvL_77iB~<3 z%8BnAPGq;QdLES%KNKI#UR!?nquqb;JeU5<@tbRc7w>~O@$*dZdm;mJ{ABy{4e)M7 zY*=7|SHy;eCU`|`SY(1%#D>Kt_`Zp;0r|G}{JRygVTlP|5gV3Hf_KISuA9kX!!k`i z#s>1`iw(;s;lgfPcx<~Bv0(-F>KBDSfXRpnYg zE=6p++N6C&Y+GxBSHw2ev#Ol_D`K1KSyfKFBDP&);=dxcF?Qvfe`joCy~$#m>e-dE zKa!8JjePlHo9a21lM8TL7~5Qm*cQaze0{UQ_^|Pc*w$o%SH!k;CU`|`Yc|0vVq1#| zUcATVJhoen@agy1ocQ%7ctvcx!2~bfV{^9OW`Y;*u@O%VLV1m=y?(@dY_fe`1Kcl6CMHg&k9Z@i{X`xe3Nx`D_56Mj)fzf{k^RDG4c@j9P;MYt9l2`71JXxsE{Bhod-3-;?Vm;0QV=uWXnudmA z(e%Bg?(iOzq&ewZCsc=1&IRKyIZL_b;*oH2kXPnuKK8c@s>3JyTY~!bT!2sBB%#gz zQgygwe|e9PSRc5$qIX0>1M8wmacwL)<^4BQ%ZO^NNKW1-B(|z`_wGnvGCC3w*I6C&$ny_=;KwcpuSbvwyjQNnC4J-l zLH4(#D>9IXvcE7Oa{RVqTZd1MpNs{SO|kvqvBVXuTzwubbb6<}pS1amqUU?6Zee!li_wc@}?B6bI>#PwuR=k%;Y$0ypMt6^4 zD{XUagrPcIa&7RwBDu=wQ)i@a5HkwXE@M3Dh3fFhwZZ$03PA zZMxv}emou?65Cv3{hB;-+;|Vt9=9z6`_oKmn_Qe(9iPa>G&wuj8E{XatWqVI$YAX$#Myv6m|II`03;l!%Oyq)x$@-_JoD^Ts>9bx_Q zF5K%2$2JV_>$Mq~Uu=W^g(lw?j+yu^3Hjc}>h z$DwDSFGDY<>0HzB9e}n$ccFYWl)|>y4*g)EdIASO)XMZUy z=Xrv{a@jwYGv-rR&U}@^@;ZAfUC!K-!g9u93hT?ZSkBl=VL5%Ku$*y{!gBV5!gAUa zezR{BmNRBiSkC@ZSk4#(vB$kCy>0pNP5tAzr^o9LJ?_;QYl>g!AIJR_C|HmF5Jz!k z`I(6qj{nYL{Y<h)GOT1&kZI&~RQe2MzuwuE4tuDuZQ?Z=aEEJc+&$FrV zIP1qgs$+cYxX<``4RjZD6e`DP0k$a|6EFM7_Y3)sp5s5+*ls5NW{pE8{yP3cj`cHf zK)mmVqASO9oZowy=SK*A@S`iQ;hQ4uv$mC4Gp_S#+l^S@#<{?ac6$RM0Lx<+TqXFM|%dP^;bKs~IIPh8b zfdkf47vH~b-7h}z;F&iL?D)5t!|$KD?!Vu9;2+=X+u^(OrH5Ynm+J1COJmm`I{EP3 z(}$1zO~b;Y%OVSw@96r!h7T$$nqF#4ekt}}+kdv`S8qM^#{Yc(;y1S}-Q~IYw|A|c zbN3_hX-~99|N1Y#;s5vBpL%LrkLcVk~CWx?CT43j!W|Iejjm&j+l9uO>r(cPzQubNh^cdT0N+_TL~Gz3;|Du`^Zfli*WZ46*Uqtm=J=0mm;Lm6fBW~x z*ZlBb=N;%i-~7zcFWlF5)L-=&Oq`ubaMzO?I(d(U6$@m;v{ zXD2TF^wNFr|HJ(I+Mby4%J%fvQuO@JahhGt^h`0vKOFK{P>xE$-ix}367tiv((LtleZqd}jrW_P+ O>mJzN4+zJP;`x6q-srgi diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/goodCA.keychain b/SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/goodCA.keychain deleted file mode 100644 index 1c216d4ceeb8bf74cfdfad212a75b4c8e762f9ba..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 23216 zcmeHPZE#fAdA|FhZ>>HTf%(z`GT)dL1_BOlB(wr8AS5JV3qlGjX@RwcB=4?3ByPRL zgkT5Tki<5Q?LZyRluVh{_Baibk_`3ODQ=y_KXAfKN$Peoji-}#?1mC>?P;Iq?m4T= z>g?*AANiMe^zPpG-19u=JsOqtNrv zE0*QTqyncI6Yd7|jgY|N8u>6jR9O12@)?S+c`_U)MlZS)*0uwnpo4dNh zTQ}}*?+9(*(uz6@p%^2zFDdL0!g>WzrO&B!e^{0E3Zc2`$?_oT6y>g$!Y->Yw0`~I za344AF)PNm#M_1Vm;>d!RYINP-qqUD(G}X=xqbbXaLew^tvj&44O#-t#ZiTQvm9e4 zIl994HTSd%62ViNho>6*>L>Da?`Ust#WIlYSXj$e8I)_mDR!Sy_Mv0VoygO>D!6uc zOKVq8ctf}aj@eL-4P;t5KG?sV_&N%kb4wAn>rFI=GIt1i6bjn|+XLGJ+XLGR+Y8$Z z+Y7q@b^+`H*aff)VHd(Kgk1=`2zC+dBG^T+i(wbTE{0tUy99O#>=M`|uuEZ=!Y+kf z3cCz;8SFCHWw6U(m%}cHT@Kp^+XveR+XuS>b_MJT*cGrVVOPSggk1@{3U(FjD%e%9 zt6^8eu7+I=y9Ra*>>AiLuxnx0!mfo~3)>Id58Dsh4|@viDX^!&o&viLb{*_G*mba{ z!k!9yD(tDSttJjQBzv7LLs=tq6?851-V{D4k^cT?<>qKzLJ zj%UY@8Y6rpxj(D@S_6EsV*Mf))Aqka%pdzJ$8U-OzBG}ZKPSG<0AD8N&xxOEfG-#G z=fop_)$YGf%%2l~hXKA~Bt3sl{B#{W>TsP?7%wU0XoAiV+xW`JgySE3B%bk-BJnfD zwp}Pb^5I4PlEKe1#4}z}Wc#zlwp}Pb^0m)+Ns;(^v27QMk9>H>ONzt?#5T*MdF;q|Bk@ZN@H}>8ypi~& zns}ZkDcSLdYn@z9QLTT8&yGKL0ce8Hjz7x{@!9bwXo$~_KfF#b@jpBMtT4o9$Dg|m z@!9cbr2(G(%#J_2M$+xSD*miCz^mfVXAJPF__M|UuZlmsKGf~MD*oJKfLFzz&l=!W z@n@X@UKM}tHNdOl&!1@GnP*e7sv;V`6@n@?6UKM{j4DhP>(+ND+g;OTvFRAoBUaNoN_5U^iwehh;VpKH5wcG^lf@Fu)h>A9?Vw124`cE5-!J%b3dZmbGF8HbvO(PjH(T$EoK9=x=ea zKLkAu#dbjx^d$5eLgP~C!_X_Zzuy2&LNDRoeian`EItnfrUdm$2BEM^V3)!!g|+}DR) z1-lA%73^x*)v&8!SHrG>T?4xYb`9)W*tM{0Ur%2u`q4js3W|R4(r*gvDX^!&=A~R6 z>^j(Wu&0(ocR|lVZ{kub1pOxTeOxxJgdT;yi%TH1F?|er8MjaTP_#GW0v<~hLxGmftihV>d{VpFBJ9aQ7;gJo`j;EIT*`1DJa^RI}vX3$FdfqoyGg17cFZ^6%_3(IS>8BvX*v2&q9G;2K=%U(5sepR{%N)1!g%g%hAqq zw6pv}%L<}i@Fesa9)m1|CZX_W#Z1exz-J4OA*VFL;I#nrVdjJso*SG}+7%s)BxA!v z;gDU-xJ5pBJUZ*<X`8nA)O66^w>Hd?8oJCL*KiMzJIOpws=bRTqbvU#071f+?0T*)(9X^@=$+|`1 zp@Hbw_SOi}X#-w`%>6k2$;vpPc6s+qa&>Bhj=Eay^!7@^L+~T{*|K zHeYlg6iG(54ENiIHkrvwKYdVLKc$a=SgJW8pXymru5ol8v#N3A99Keh{No&xPtHqm z`|!Z%VEUlunx=16P#rGLF}Y-a%bN!VVng>u;|at?lvCQE)leP2R@5VxoD*+%x4ro2 zE047rs16Tf0(s=IR?$7$mx#s>#`>d~1w+mzXe~4!CwAL%Zwg=i19p%imfTHHKU5ok zU?QH0fHr<0n&?M;w$Hh0f--T?#>e^(BvIdqm-m2CoDt_bl!fX3$CGgs5KnD_PJ?Q< zk4p|7u1@?NCip~ud_>^cCfBOG2aL^(IQ`F@zfJ%dv5 zg;S^uVXUSUG!Moiyr6){xnYi>JvOnSgE7?S*bvhMRXvY#`hqI9*mE-!-4}u7#H*f1 z<;3@oCbHXCJ&($XABhiVudM+5(eA%^o=gAb_{}lFi}yjC__-$debFH~ezN^}26(q3 zHZ+*v6|vz?6TBie%s0U+V#5LxeE-DQfP7nf{@se$u*d|jhz*M;!8>CE*UeT@NSzZWFwC*MoR!6Lck1+kf${l(T(apK9a9yHZa4Y6HAW5!+PHs&cI# zmm;>UF=<~B+t!-k6|qhAtSYDfirA)lR+SU4h;8dk{8z*_#;$zx?~HA%H(6{`J-c%D zNAfYYkuP6tQ$5FWash4&W1CA6+nTU9U*BvnK5V=qwl$mJ6|rr-30@J~T1@bY*cLLu zi}%=^$9Ag`KK&k>6TiU(uZV3MP4MD9HfQ^7CV2548}Za8D6es~*N=FQO}5W#fK8L& zGsgnz@w%HreDUV!;g-Qjf|mibd3~aKrsX^qBv(7?%4>LHb6ua%zkGd@d>jMvk&Bvr zeL~;ZrVf|%jn~v^-=er(HxwOW!Y|6`m+JYKs;|;FUgwjq2-jioT-3Ha+Vm;0QV=uWXnny+k zW9fTKJ&}DVNpsS-E~pNtoD0TZa+Y$<#iNnrFt5zheC%&GREJOYw*>X=xd5NMNkW_b zrRs3W{_-9nu|9Bh$G#X153P?S#kH~Il=t6IEhDP6A~|`Vkl3o$y?dkm$=JcDAQ$Bv z!~38*e#$W{7ub^SWF(%%oxk*wvFDj%$mel7d~ytZg0HA`i1!g~Hm(`^#(U*DT+%n* zA7p<^x}!sh82bwYBFAqBwsrXA_{msM**thCayW4tD>>=oPEAhfV-@NXTh=<3j7R#D z@}QGGeqNJL`dBUas$Z_L6NPFD24;@M~rEPL?W_5fb7mp_jxm3BtUX<%_aSq7E zy5!20OYjV&!zXt5tFJCTkNRv~}NxocS%#bTzF2OUe&U{F}^5qg=)a2qhk#mqMm-vzDF7dD? zms}f@81nw)ana^(__X!6K$%a==}47j-dDLkfBxx^8a>#Q-(0l8S$ zj&C`hn|@i7kNuR#Cizsk#G{&A(znTSiKCi)(zkrM#8))Aq;Heu62~<8q;L6hiLYvM z@i^cd=;RW|H92K}C(9)s)8v!=EkS**6ICwpxF(nEuTC!UHA7CFT;hZ#ryRq{a)~E2 z`Q#Y-P~RRy#eIniOqNTW*5s3GLnoJb zPLorPTdrK%V)98eNM?a2jcf4tX~+$Z*S7K(`+uz!Cydixa>I)za3%y z@^0MgiwtfZJwont0`OF}-s=qE1y!vlCigl91s-X84#jwbIm@`~S> zkk{8a+J|Q+plypJc(VyYUzu-E7DAZ^QUXF};aldoqMmCEWjyCl0zw`2TGbtD z^eprO^j+u&X*$<5d3{ZtjqGu@jqVQ6-cFdSSKLV z(LS57kLxykk3mmD&p|IiuR=croX33-N+F=g_6h&@itoemy$`;-!S^r3I~1%(e~6>F zvi!`%3&;P?V*O0K5bxO$%W}p{ic7p>!flo_j#6BX|6#>)8CzYB|4qemUb9eK4nHrY z#^Y=N`>2lbvEx4D=Q`*f=onOvQ3JLq91}15$oC8Rj-KOxva#Jv{LLDNO#F5H4>{J) z!~yZXABt`t&vAb5Rh}Oq^dW$*T%iGx_Uma=t{Kz|-2&wAW0H~xZUg(ZuRwH^Dt&*drz&S|U<&MNe5_j+pUTE|9W@#sK+SzMqe znn(t^hKG~Exzj3F1cR#^gN-X1*ETk;3hrbaaM3fn#MnorlmP}3LbgPedLIBZguLZx8JY|-tc|n?+aHfeX@ShQ?Fe7?&p4)YFYhi$Favh zQ+e~f8}Eesf467grysrWarM95I`O0V9Y5ZCx_sk>*A{=TIyUpCy&HbCrhRW!_;UJOK%b9TBUj%pzV;8#t#A9~5B~Wl zSMMr2e(>l$U6=m0?Q4aPZ|dqh^f%QT|08^K`)_{Xp8eMOQ-uwM#YevS-H$$9@caM$ z{+qvh=8f;KS@-G5*qNm*kNw?_>3bU1e*UA*zxvmyZ$JCMUvF?U5JnestAe zc87MH?>*gk>(&?QKNyPs`q=Y3A8qIjKJ-rY627KruL;Hu>^>&84T0;T; z7tjFysccW6rJ3ybA?WSPVnV&Hj*cGIbBV;pfB53DQ_ubI)TW;|ZJ2%|d~bi-ty`C| z1{uc?JM7;G??Sjc3cZ9w49B~-7Yf_^0_yC6Qn=PVyf$HOJpOxVk32pZTUp1{zl8#a zFU#>ebI-#pfY49!u7hTBwejDRdtOF4g~xQRG3T{JCZ3Dy1aNxZM>&N)=#D?R=o7^? z{=0JT(sYr{r8@@1Wa8HNn0m(q7v?83kL+J2mWgWsR^zy2V%hlb#Jv}}6Jn2xdJR|~ zq^uO{aC`&M_n{PNU$U*V&CPTC`1n^vh-s{1$LVw4iu!@;KdUeKN6%*iGtNHm=ML;& z${HmF;kPU9{^3P`umAloOx-)#Hwlb?kDr|-XR ZytX8`d?0!4_~r|xXC8YA5RMTH9-{C9%5_5``is z#&sG4CUpuSBp5?elQ^yEWCpj888br(vU5m6tQ|PjIR^d6vbtwOuUgig%cxs}6BJ_GU@x()lx>}YeZ{g|Xveh=dK`KI z`j%z6z0eluX(;%tdVx)PCk%Wngf124%%-lc_TFGyZ?LhqtEr{Ay`i^t+tv>IY!H8m z&4hR3+`OsyhVJgp*2bRh<}REk2kT|xVELS>9Ie}e&AV*^oJXH5PZkcI^H1g2-q6|A zy6v{!_KsjrTQllZLor5bUnX!u2R zp*|kkW0sFkiMI>!XCajHRtj~FduMY~M`y5idrxCqYg6wX&3kaZ1zG^j#DR5a&3BBM zrt<7wAK28} z)ZE$Ky0x_lj@eL-4P>SuRuybJN!p?=A3p*Ef9_&2Wd9d?f=flp2oew)7b^+`H*aff)U>CwJgk1=` z5OxvlBG^T+i(nVSE{0tUyBM|)why)swhwj*>=M`|uuEW=z8cT=q(fYLkacwCz3}trXI({YUAUh{oypcD!ycD z-y_2_S#qUUlnUq?c4a#=+X54t71?_d}v@GmNtH>*pv|; zk4Fxs;Z?CJ6Fx^V{;D{Y37;$a?;L+se9DB+6a9DM8JB1~B@;eh^xuh>acDZc-G*ZR zeE{mTZ`X+r932!5(XNMo{;J)7pO`-p0PW)UQJnC?rQy4EP`5i3djl?f8z%$p7@kZj88sM30$ao|1 z%M9?$HDtVz_~iz8j-8A*5?^hA=d~l_jl{1o!1LOX@kZiT8sK^D$ao|1s|@hGc4WMf z_!><-zb7f_@rP@jTuxD~e~C|zKWhLq!KcTcwTAfg_!BV1r^g@OCz$x39)Ic#@#*pB zCPRFB{8?v!XFt>95ATt5`>%>W8w~KO`12{Ml-N=RBv!pW6)Zs`%4lfLFzzRs*~${@iYWSH+(@4DhP>(`JBI z#h-Qqyej@|Gr+6jPlo|s6@Rt^&voIHDf!Dpa*x;QpL+kl13+zjBpx3T4RI~kLp!0` z`1oL74D~4z&*v1nc$e^>Sc&g8z`H}yNL*kgzQ+LXiI4OhPQ&jszGZ z`h(ENp*YT|hn|LBLujml-UodP`}<3v3Fu|)?UzB(&-@EeU;t>McM$e-L^aigp%aEEi5d(axfI&|&B+ zmbDn|EZz^jXjx0V&~7O3OMqWm4?P8a%d(dFp};HyW;xnfj&_zm3q`$Z)T=%Xy=GY} z(9R0@v*Np!wG!>DJOq8ovR0Kr(ax$1(2p&vW;^sO6!_J^uRaC6YFTUi&?pp`wZN=J zJ8RL-+7B!%fO>(`&}(=MQVmT&;ZNN>%d)^{3$G!k)WYDs0P|tygcN=^IHj;N91SHR zLxZhByO?o{eDZp9*3HHz+b))T+d`@53gjcNtRp!y@i}8>Cja=oZ^9?*7BwUiu}I%Y zBAo0n+rl_oUQIq3TcwYcDL!_1>rm`y2vd{nZ#O=fAIP>@PEqxH2g=FGeo=ha@g~do zmz*-+nk>!E$-Yrauj5SipIqe3gPQoseo-blukSnOJRhpVnVzqx=DZDD%r$iQWd0}X z=CuwEgvTc5o4zsckmqq|i)vn^Z*sm>>xX>I;Z6ADJQvu$b&n5+lRn7xSggs%^~iSR z99PxhcSUX@>(nD8tIFNW22G&aB9JjvmROr&Blq-w%js-kNyEWND)i!dT13? z8-H{vo{4}qejpt0M}4->xvGaUanQy``i~}1--(xdz$i|Ma~;aUWdCD{7z&7|)rXH$#9_91}Rcx{6W-xp(1j~t6 zJ&($W?;nY$x3790l@UK28%keWe)yx^fAKt*{>$-OXo45-gE;YvOz;Q8gL3?2`-=_m zZbfWZVuDx1hNUKWMQm7Rf>*?b0-kw zO+Lm3@@0z+HPdk6v@N{0-HO<-8fSH{Ew>^zsGe12y0+bl*s#{5eMM{tnBWz$fxc?@ zU%ad2j16@rc=4`>6MvHlUcBo;JhdLW4yx_Hcvs5VKJQPp@#0-6Cw_wg-ld3bs%KT1 z){jdO+cuiCuZV4%Oz?`>rg~PD(SJp3Q$4H7h*!k6%_jaUVjE*uw)uC)HrAUiwyB<7 zIr}5|7~9B~Ew-tiV>!71w}r9IrHF0yIGe3+HW+_wydt(WnBWz$tI8wW%Nt+{7cnW=^O9!$(M(FvC&Y1w}!S&-#VZs zzU2sPA@(yO2O^=qs7+_{(KmAH@JZiz4`7d5Tc|G_g#lq%H*^P7hl}+%2aLVsDrp!V zjz*GuOWmP^C`oeCw@#=Ir<@DMUvd_5&Bel@#1QYylYH!N7gUE&_O}4_?YRJ-+$5pR z{!(?gWPiCwNURTBU6Fgkt%Hq`gt#}BoO1sS)l#BbE0UA@gv6FLA2<;1Peew;f?Sky z40l3x{FGx@EU*P#iBK$ooxkLgvFDj%$mel7d~ytZf-kRmko$->8`lhd<6gNAm-LPM zgY0iXS9mZUVSiyj07w#^cwql9N8})#Q{umZ3heMa^T0Sg1cC zFFNVtr#1PckL7}|Y+HCV9J`*BoSc(=nw)Y@Dg-Cyq(3%3Y)34~b*CX$rQ`~Rr*Pe6 z$Wn$boSj zC2g*a5LAatt_|)hlBD;63S$6R9rnmlscxCd#EThHJ8CB_W7vgH!|=GB=G=~uQ~;$BTIekXDcGUXC~s>vgL%9cyqr^zMP z#&o&F{hEAoZRq3@f2PSP$1PJX@qi|e9Jg$_#DoDC*FS~Vlq#1vhH{-X#yKDt>)P=x z!*kQmX!5b2^4cVyDwp`ICYSVWx?JM8CZF^zTQ2dSCYSVWx?JLfCZF^zTQ2eEnq0gN zI0rhp#7Rv~+284MiO*^B$^I6gKG%sVm-q`!F4q5lZ)Sp9J5Th#9wLh$g#?nOFX8@CD+Duxy0j|d~$8*OUra9S%VEcUkb4o5?<*#JQS3U3`kD4QzN*RBO8>;~Lg-6+ZqkObr%brS zZ$!wIhj$PUW8)f!sr}`%IOaL0WSj%>dlA;pZN+bIlG|xE7w6z+fszg6=>)$$nCq#G_lj7~h`DZkFcaT^7#)Q1S z?IV47b^_X#P@J1h5cNTKNb<0bU#O#f zHep}aE%+RRo`#->UWQ(UegHVH`v8yJ2`;4EPq5Gj@P&r0Ra7^Ktc-cq3U&wd#9RHJz?WW>y+Bl@*uj7Bnv3@EJ zi1+}m@!E}C&%FaW4t-jj ze=hJD*Y}_s&U)M~x7%d}igF89o@hDo8=uRS6IfWgATU4I)8qA2&TJkVj>N(Per9q0 z?r=Qe?;ILR1QyLMtqTM;)COwnYB$x^t`F>GK`jabn?!*Q&9SEfzR8wdIhNuwqXUF#b`@E4)E^Ya*_aFWCNBw(!_r3AN8{aAKuDCXS>xuJU zeqheXsjpWreP~s9NzLA_|EvCeX-UHyEs4jXzu5EBWgou(#Lxcc)vMp^S-Icy>EGSI zZovaziOv4|=E&dt^*8)Ky8Fc!ch_FrR`T-0i=KXa^~-ht9KEIe*_{tOf8ze%6y5cp z+vBoa&r}A=1Em;?`IRo$@4Yzz4?dhe=g{Y4)~dRnA2@ON!`TnM`*$~Ae6jYwYqsY7 z?UVnpwEOid&;MZ0S6_;5_{YKO=Rf$~uPzsijz6;GC;#%o_6r|Xe7|q*na{rc$nL<~ zH;=FRq$B6`uYLdB1+gDL)s*+}qO)f%?c2EgT+5MfjDF!z@Y>vupZZb9Z+n0Ei+`wc zz1sN0^DcM(ardS7Kl!IGuE{(1lf%K}#ByCQeq@+6yHd7ui?5%v-P>C`n}dG-M^Hch z!ECp`v!jD4lciga{!pr3c;(IKdJ69v+V{fk%UXW*^4B(B+!DfiWDJ3NsE44q_B>Z` zxgkb+VSCR&FQCqTD8=p{?^Bp3PyROA6G)y;y>DykU$x-2+nD^#x#y(d^@{WL_)O(( zlfNzZTom;f+p~>t8_uWVySQ&apFAH3JpIu1om}*b;+p)OxtFnwV!~B}`l&cJIj&yW z|9qU6bIBN%if!Va07Z5TO~tm!-;H~}%aah|GOPpZy$NfAb=Za<`VN#L?aQ_`>BD*2 zzx#0>;+*Z)7|iqcf2YaH+wi5aUH^LS+vfA^yEuYP{y z`G0$++_9%^Vi|^3%1<3>qz%a%L32c8-I+zkK# diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/one.scr b/SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/one.scr deleted file mode 100644 index b11b232e..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/expiredCerts/one.scr +++ /dev/null @@ -1,25 +0,0 @@ -# -# test handling of expired certs, Radar 3622125. -# - -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -end - -# -# Verify recovery with both good and expired CA in inputs AND DLDB -# -test = "Expired and good CA and root in both inputs and DLDBs" -cert = ecGoodLeaf.cer -cert = ecExpiredCA.cer -cert = ecExpiredRoot.cer -# throw this in too! -root = ecExpiredRoot.cer -root = ecGoodRoot.cer -certDb = expiredCA.keychain -certDb = expiredRoot.keychain -certDb = goodCA.keychain -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredRoot/applestore_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/expiredRoot/applestore_v3.100.cer deleted file mode 100644 index 9fec8a21cbed06e88bc03e781a609afaa5955e5c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1746 zcmaJ>Yfuws6wPinfrLkdgrEYlzGy&5z6}J3f-M0o6bfo2(m*L8E@5TejY$BlIMvwV z1GUvM;3&3OtB#dAeV~X)p-`x{$iv6bDWg@;`oPu)qf(35T@c5}O!wE`bMHOhz31Dr zz|QXgcHZ$SE)2o&B(I!-%#C+O+M^%6ej*?H@hWiR3xY}#N*=pG5RbwmypfPl|U zL-=AiO^bO0FE$X0-F3Ky&=Mvp7)_*%a?Bt2u?ZKkbUcABu@qQsXbNsCqAmH@JfI#c zP%gnOE37D;ixyaM)L=vNY&NrXu0l~%R3tBCSgj1J+(@rbSj+}gW()-3SR@E%o4I1e z3-(yjV6~#5X#6T0PA$Wip*jOeEHl^$nnJbOWK{cREE*dFrg^(z0E8>U!04lALM0Q1 zDnnIjm0Az%kUu5{9(CA|b{UmimJ^7101=zyiJfBsGq_5vbkxutxUzW<2~Vv8SlHXlc*p&o>Ahz5^GBZ&duml~; zq*5e7;i%R|TW~a&%63uw|vw(OUt{oC_7+eV3A&9fP zu%%>sK=m0-)3wyrgcvw$$BeuB(mQ`|y~Vo^|NFCVd*G=S(kV5vZfbe>?xk_F@8xwr zet6lbFDg5fR~YxM=0N4(RsC0usaYouS4)2xPASW4sBGIZ>+T`=J<$`d+ZR4va4x&` zSJ!~b8%W&eQ3q2h1~we_6g90Mgqt3kzAa0%`jF4gqY~98!5Y8TwPD%2(uO*#Uc1?< zY5T1|S~XY`dMsnHF7X@Lt@}TPbBkIo2#JcGkk07L0YUKs%aPj4;5@GEX_3gf$~GSd zN4Q}w3)jRq_b2tPUKme(c~Y$iyE)%y{=RG5d!MFfw54AB(7N=}#_HX3m952lFSIWT zo(FRw4z%A6=KwpL1xQA7KMw>4M!T3Q$`5%(O}p4wV4eVa;--lhWt@ObxEt1*eqsa$ zoKgSzxg%0U0t>an55U`gl_U2X()$n9HEmlv7r3yMA_U>WyecrC4g8S^paP*)Se2qA zgf$`K!FXLFWg|n37Shp*W4MxWlAOtbIJO@}q5&Qdx4o*5rP9K%N|JKxb~WPDLiRIe)U7^WX=d87N* znJ0=r7*I6ycU`%@EANrg^vp!Ir&XYp&&Vr|tVQ;`gK+*~wn-kH2q8$PMYc709i{m}Da2=4d=jZo z+caG5TeEeuVQ=lC{90XEbK}l4%MW@C^!Qv!Zz`u3pY5y999eU^wqvN-xhkr7b&4$c iJN1^yP1{BqyKK?2-W$zoSy)@Rd-T&7j!<|M()|b5dP%+j diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredRoot/applestore_v3.101.cer b/SecurityTests/clxutils/certcrl/testSubjects/expiredRoot/applestore_v3.101.cer deleted file mode 100644 index 78e8174fd34066eeb7414c3a8d85f441d9648982..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1570 zcmXqLVv{pyVr5&v%*4pVB%tGQcQWtS$iAO8GefEp-Z~rbvTc;+SR8Oj^Tf+VMECvRlUUGh}eo;Z90x)EN4zw^ZgZNe-!?&&# zC8>ESz@Q0B%*jlFcrrNHMpy1v}#`z2_Oq z#J8{0TD3xZk+ijda=h@yyBs}!BDb0wA8+k>obgsA{ao0#HM5JSx!msR*?jFo;pD#C zg&|(AizBo83j%eR=TEy)P*eCd6#Gax(9F~6;l&x6t(mSui_VH#z)t+Ka4?d$xwzsyGuc90pBHEZ_ty%f}+dBI4(KLbmL^d2p5gr-=M1pDi9;-Fx3a2p9>n z!inupo9S*$aa2^i&%iUm(4(s zjWeOmgR$+06C)#3C>Q1yMjn<#gZPE93!)7o4Z;mV#W;Z(Bt2C>Ju}Tf(LmmSosCtS zkC{n|MWp}fWvR9`y?xn-&o^XU@sQA|meey)6;p;fEhj%cAJs`^#b7azNtz%R39={| zC@hgPkTH}pkN^q*^Qj;>dm1}C8X1^a=o;#pSQyBIlq$1G7>G59)L%|re(3I--5(4% zKRa9gVp?x(XbcP-XfOgjV`!jnpbO(0Ft#b8hf{uXaRG{}3`{`gtFq`CXv0H=g^`U5 z5pIm=P={X&tE*3Vh)A8Nmi_aMYrfgSOPs}pY12vrP4>?;2uzPz(}`=4x3KDeniI!X1qoxl|Uz?lz3 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredRoot/expiredRoot.scr b/SecurityTests/clxutils/certcrl/testSubjects/expiredRoot/expiredRoot.scr deleted file mode 100644 index dd02f036..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/expiredRoot/expiredRoot.scr +++ /dev/null @@ -1,79 +0,0 @@ -# test handling of expired root, per 3300879 -# -# This uses two certs we got from store.apple.com and an old expired root -# which verifies them. -# -# The leaf cert is going to expire on April 1 2007; the intermediate cert is -# going to expire on Oct 24, 2011. To replace them just grab new certs from -# store.apple.com, or any other site with a cert chain originating with -# Verisign's Class 3 Public Primary Certification Authority. -# -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -end -# -# Simulate pre-3300879 failure, expired root in anchors -# -test = test1 -echo Expired root as anchor -#cert = iproj_v3.100.cer -#cert = iproj_v3.101.cer -cert = applestore_v3.100.cer -cert = applestore_v3.101.cer -root = iproj_v3.102.cer -sslHost = store.apple.com -error = CSSMERR_TP_CERT_EXPIRED -# EXPIRED IS_IN_ANCHORS IS_ROOT -certstatus = 2:0x19 -end -# -# Simulate pre-3300879 failure, expired root not in anchors -# -test = test2 -echo Expired root not in (empty) anchors -cert = applestore_v3.100.cer -cert = applestore_v3.101.cer -cert = iproj_v3.102.cer -sslHost = store.apple.com -error = CSSMERR_TP_INVALID_ANCHOR_CERT -# EXPIRED IS_IN_INPUT_CERTS IS_ROOT -certstatus = 2:0x15 -end -# -# Ensure that this expired root successfully verifies the chain -# -test = test3 -echo Expired root passed as anchor, explicitly allowing expired root -cert = applestore_v3.100.cer -cert = applestore_v3.101.cer -root = iproj_v3.102.cer -allowExpiredRoot = true -sslHost = store.apple.com -end - -# -test = test4 -echo Expired root in input chain, should be ignored in favor of system anchor -useSystemAnchors = true -cert = applestore_v3.100.cer -cert = applestore_v3.101.cer -cert = iproj_v3.102.cer -sslHost = store.apple.com -# IS_IN_ANCHORS IS_ROOT -certstatus = 2:0x18 -end - -test = test5 -echo Expired root in input chain, should be ignored in favor of system anchor, Trust Settings -useSystemAnchors = true -useTrustSettings = true -cert = applestore_v3.100.cer -cert = applestore_v3.101.cer -cert = iproj_v3.102.cer -sslHost = store.apple.com -# IS_ROOT TRUST_SETTINGS_FOUND_SYSTEM TRUST_SETTINGS_TRUST -certstatus = 2:0x310 -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/expiredRoot/iproj_v3.102.cer b/SecurityTests/clxutils/certcrl/testSubjects/expiredRoot/iproj_v3.102.cer deleted file mode 100644 index 3ed890b9d9a6ea0cc02bed7a23189c33f3d31c2d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 565 zcmXqLVlp&nVw}aq%CwMyfzg1MjZ>@5qwPB{BO?0D~wX*V53)7>G_GwiRS!BpB!%WdfTKI+Za#vZ0~d4;+gu> z?%m!}H@%a8RAW~h*YBR)pK*T6oaqt=eBaC8T;H_$S;~%wE o^he5GRBvgtjr4>!9hy%f#eSY+U;F0e-CLIoyZo=+crV@y0Pq6NtN;K2 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/gipCps/gipCps.scr b/SecurityTests/clxutils/certcrl/testSubjects/gipCps/gipCps.scr deleted file mode 100644 index 86185ac3..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/gipCps/gipCps.scr +++ /dev/null @@ -1,28 +0,0 @@ -# test verification of the odd cert from GIP_CPS - it's an intermediate -# cert in which subjectName == issuerName. This specifically verifies -# Radar 3374978. -# -# This is suppoedly a CRL signing cert, and ideally we'd actually use -# it to verify a CRL but I haven't found any CRLs associated with this -# organization. FOr now we just make sure that the TPO can verify the cert -# with the associated root in system anchors. -# -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = true -end -# -test = test1 -echo Verify the GIP-CPS CRL signing cert -cert = gipCps0.cer -leafCertIsCA = true -verifyTime = 20061201000000 -# verify leaf does NOT appear as a root (even though its subject and issuer -# names are the same.... IS_IN_INPUT_CERTS only. -certstatus = 0:0x04 -# ensure 2 certs come back and the second one is an anchor/root -# IS_IN_ANCHORS IS_ROOT -certstatus = 1:0x18 -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/gipCps/gipCps0.cer b/SecurityTests/clxutils/certcrl/testSubjects/gipCps/gipCps0.cer deleted file mode 100644 index 4d9d663b0a7609c1705b0813fc419d58a04a9773..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 690 zcmXqLVp?a=#5ipMGZP~dlc0ftfguo?7@8TFSO7T;2E1&XT5TR}-+37sSy>qjYW;3>rI`8XFmADlO<_Q?kC?EtSHuo2@pwy!m#}e%vj@gTQ zcytX;emHqg*ZqE5=k9Z|_kFG|cZvD7S%z=&${kzsXS_eF{Ob4P%O#Fa9cTEca62+F zGcqtP&NN5|ds~*Dk?}tZ3n=6aWP!mT%f}+dB9if1#a7$3i1VEu(-AS(DGiLb)g=t% zLDI@B5(Z)oBF|U+?X~3;o3`#xX|nnR<;u9|n_CP-K?)RD_zZXqxY#(f8mk!Hnc10< zLjoB3%uS4p3~6en-rrVaE}ePq@hR~Q*Sf{BWUHjEF|Pb^OWy1ApKCQ!ysl+GH(USv zRnD^CTh3^e&ua6U>zn7HWt5(Oq47`N;s)`nvIk{1CO=&IkG0P5eK*ffgRu3Ryx$ow z>VCv@;ii#z)}Adkt3OqmC5HZyIPRHk9bMbgksOl9+1LCzJ^gXTs}C^`6YsF)ZJruq z?{R!CkMV1!4Q_ff(|Oz=S;iFd}R|?)y`@E|C#=usj~QdoX)NO zR9ng5o1#96o}AiS9gfZWvO~IH&bc$b&yzj=<=%AsvUQ0v`)g`w|5gKF+3wFG{`uq`d#9 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/hostNameDot/hostNameDot.scr b/SecurityTests/clxutils/certcrl/testSubjects/hostNameDot/hostNameDot.scr deleted file mode 100644 index 97012dfd..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/hostNameDot/hostNameDot.scr +++ /dev/null @@ -1,65 +0,0 @@ -# -# test fix for Radar 3996792: handling of host name with trailing dot ("www.apple.com.") -# -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -end - -## -## common name testing -## - -test = "CommonName in leaf, no dot, no dot in app-specified hostname" -cert = hostNameDotCommonName.cer -root = hostNameDotRoot.cer -sslHost = www.dmitch -end - -test = "CommonName in leaf, no dot, WITH dot in app-specified hostname" -cert = hostNameDotCommonName.cer -root = hostNameDotRoot.cer -sslHost = www.dmitch. -end - -test = "CommonName in leaf, WITH dot, no dot in app-specified hostname" -cert = hostNameDotCommonNameDot.cer -root = hostNameDotRoot.cer -sslHost = www.dmitch -end - -test = "CommonName in leaf, WITH dot, WITH dot in app-specified hostname" -cert = hostNameDotCommonNameDot.cer -root = hostNameDotRoot.cer -sslHost = www.dmitch. -end - -## -## SubjectAltName testing -## - -test = "SubjectAltName in leaf, no dot, no dot in app-specified hostname" -cert = hostNameDotSubjAltName.cer -root = hostNameDotRoot.cer -sslHost = www.dmitch -end - -test = "SubjectAltName in leaf, no dot, WITH dot in app-specified hostname" -cert = hostNameDotSubjAltName.cer -root = hostNameDotRoot.cer -sslHost = www.dmitch. -end - -test = "SubjectAltName in leaf, WITH dot, no dot in app-specified hostname" -cert = hostNameDotSubjAltNameDot.cer -root = hostNameDotRoot.cer -sslHost = www.dmitch -end - -test = "SubjectAltName in leaf, WITH dot, WITH dot in app-specified hostname" -cert = hostNameDotSubjAltNameDot.cer -root = hostNameDotRoot.cer -sslHost = www.dmitch. -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/hostNameDot/hostNameDotCommonName.cer b/SecurityTests/clxutils/certcrl/testSubjects/hostNameDot/hostNameDotCommonName.cer deleted file mode 100644 index ba06417af0975c353e2b8049397da1e5407faa71..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 564 zcmXqLVlpsjVw|~vnTe4Jhzz*dIJMe5+P?ELGO`+&8A=;SvN4CUF!KlnC8i`6DHvN? znweV~DHP@Bml%p0h=L@!c=#L(3UX2vobz)FN=s6U4CKUl4NMJ;3@nX|Oihdpqr`cQ zjSS3;%%NO^I749rL5R6r<>lpiDY=;?$r(7!Gt@KC0jcKZQAKq{a(-@Zex5>JVs5HJ zPHJMBLSDW?N`8q!<9q{Ngg+Qr8JHV;84MabnHn1zK4m}8n;Gb`eC^3M*8LpkRe$O* z&Qi-)pZ7_m=lzYwCGzKGZt63Z@`UJ0b3U3R;vDll;{SzhU;dt7@#=JIqyEw7Y;}Ft z_E>My*ncN(wnDG{`UcOY5~*qI+Zz5Ct#}%$kznm`rohW2@7KyQ?UkSR@PFfWSv-aJ z)~J!sb6Vw+!gc(;kxO5szc6`>o}uzZ`- zRh@nG%;uAe{WDH$U!P)WRIs3O-+7-cjnCJFXc~Qb*3I@LP*7q@Vv&Ne zrKOph&@@V% z*VxFw%*Y(dHHa}3F%W{7%Uxbxu9uRVS(2QghtohqZ39h^a&8_aRA(gT=jP_;DdZ*Q zrYhv5CZ;K*(%y2%8tC77TNP>AAiil+H*2`^C<_TO=ZnUR5Uv4(+~0YA_~vcimv|5;cKm>C%v41_@fsw_MPTx=ZLY>cd| z?97bF9$^J}q>*8AdWyL&?-8?-1FV`M@h>d?&bYh3FGujonwMwHxfyLQ-_tNN|7#-6 zAo*_3-tOXXWtlfK_y5}4+2XrDU;f0q*q<}L1%H^yZguaF+rz2eJ2Tw<-~Zl~FiYKY u-Id@(*YkhAiK%Z}yz_C&&oyBR6|ZXAlQz4H_e)vz1kbv(_|72%20j3jgThV# diff --git a/SecurityTests/clxutils/certcrl/testSubjects/hostNameDot/hostNameDotRoot.cer b/SecurityTests/clxutils/certcrl/testSubjects/hostNameDot/hostNameDotRoot.cer deleted file mode 100644 index 093acc832d545cb5de0415e6be68e35b91ac9a0a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 503 zcmXqLV*G5-#2B-HnTe5!iIKs8n~hVe&7P*7q@Vv&Ne zrKOpB2)w^1kK%W?x&@O@3^XD#}sST%{QI$FH@~`0>)di>y;86+QCJ`fEPr z#qJMWulrRye@Wb0HfbIcZ*J(pSH6!tRc`A?zL>h~`}Zf` zuW)Nvx;XEH<-5yF%!~|-i-ipY4fuh9A}h?u_@9NFm<-^%4E&_ azjl{*Uo4ZDGSzuQ$m^W7D$++xEfN7B9lXQ< diff --git a/SecurityTests/clxutils/certcrl/testSubjects/hostNameDot/hostNameDotSubjAltName.cer b/SecurityTests/clxutils/certcrl/testSubjects/hostNameDot/hostNameDotSubjAltName.cer deleted file mode 100644 index 77c155ef481b907ca30d62779f108e7cc54798b3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 571 zcmXqLVlp>qVqCC*nTe5!iILfWn~hVe&7P*7q@Vv&Ne zrKOpx)GSJz z*VxFw%*Y(dHSoi!)zH|$5M(Adj~1$h#idDEjyWZMiMgo?c_1PuH8D*gFJB=gzr>(% zz5y@7-HfaZ%#FPa292Fejg1UfKVG}&zV;=%k8l4Lp=zT)Q>tYBUmFIeb7~jP-;)&j zWk<8R`k5>9GaM@R2hOj)8+Ui@rrwn8hYp;a?-~)|)tOQdGMR6$%N5sympWAUubt-0 z@?xFZo0ZGIiR^ni*_37Bi}u-1r^@DXew9&UPDoch!_d2SZ<=3f+)41_`IR9Sco zxY#(f*%(<_*_j!U{l^OOUn7HP+ov^5C#*#|h5U02UkEA8)8p7~|4sI!>;F$LzkS_) zdNIcpcG+3CQ^FE_5{iypGI36sBq)2K!o)c+>}~{ zc%z%n{_M}+sqJ_in{2H$d&1!xhbuoV(EP3w5iGv?S32*{_xma~T9tYQ2fjIZvJ3z} C^28GW diff --git a/SecurityTests/clxutils/certcrl/testSubjects/hostNameDot/hostNameDotSubjAltNameDot.cer b/SecurityTests/clxutils/certcrl/testSubjects/hostNameDot/hostNameDotSubjAltNameDot.cer deleted file mode 100644 index abf2ad97827675bb495b4dae7e6975c6e21585b4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 569 zcmXqLVlp*oVw|^tnTe5!iIK&Cn~hVe&7P*7q@Vv&Ne zrKOpp&>%{j z*VxFw%*Y(dHSor%)zH8|4`e1ck2c+(dSC%u z7dsf(8Sn#rB`eIx_@9NTNE69V54AXwD*>A5fGxmUZiJ!XgbsHBWewH(Pw-o$8)LM3LYPi$q z+ZvB$7rX!M(c?VzccSZg_4a^5hYL5K{M+q&Y)0}@-!jebhYL)Pna}+b^!Kd8n$G{+ z7XNoGj(+-ETwtzRt4C(c7XJN#ll7eoe7?7T`0~z#^PZQEh1-cMo@zg~&6^#z8~_Ll B#<&0g diff --git a/SecurityTests/clxutils/certcrl/testSubjects/implicitAnchor/CA.cer b/SecurityTests/clxutils/certcrl/testSubjects/implicitAnchor/CA.cer deleted file mode 100644 index 9199a301ba33b94a9c071ca5cc2cbdab533e706b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 523 zcmXqLVq!OFVk}s|%*4pV#K>sC&Bm$K=F#?@mywaxz|m06K!uGtl!ci`wkSWpL?JD| zNFg(~ASW|9vqT{=FF6CqFG(#fF%<1*zlW;d3k~$VpXj&d)6UPChjQ)2@t*TCLT#Xt#Sg|xFH85T6oH{eCMnUR%&xv`hQps|ywv5{eJ zbQ#|?bA~xz^Uoc3e9#ng?WUx<;qQyT=Dl9?^tiNPlD-K~pz>Z@_jOwvzojhCv|M{I z?sC`W6RU1 zbR{A!p6P5=mYlHb`qd3*8th&_I=cM(!&fIaO?=G6%*epFSlB?&fFI~ZSz$)T|17Kq z%s>j+&8#3dH!@_@2dvNdF{S2!>BW8ia>J@e@ov@8$wl|N6%9J) zoEEEOD|cd!iWGmseq3*Yq1*bzDAm84=kMZQxLbj1$}Z6}yNYXhC+|^PVRCGn<~4nj t{HwFqBxctbs&+rJ{@3@{)_Oza-0vQlMYiWP&i#_g5D5OlvhuHkDFFX7zykmP diff --git a/SecurityTests/clxutils/certcrl/testSubjects/implicitAnchor/implicitAnchor.scr b/SecurityTests/clxutils/certcrl/testSubjects/implicitAnchor/implicitAnchor.scr deleted file mode 100644 index ddf09f0d..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/implicitAnchor/implicitAnchor.scr +++ /dev/null @@ -1,35 +0,0 @@ -# -# Test CSSM_TP_ACTION_IMPLICIT_ANCHORS, Radar 4569416 -# -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -end - -test = "Standard verification with root in anchors" -cert = leaf.cer -cert = CA.cer -# IS_IN_ANCHORS | IS_ROOT -certstatus = 2:0x18 -root = root.cer -end - -test = "Standard verification with root in input, expect fail" -cert = leaf.cer -cert = CA.cer -cert = root.cer -error = CSSMERR_TP_INVALID_ANCHOR_CERT -# IS_IN_INPUT_CERTS | IS_ROOT -certstatus = 2:0x14 -end - -test = "IMPLICIT_ANCHORS test" -cert = leaf.cer -cert = CA.cer -cert = root.cer -implicitAnchors = true -# IS_IN_INPUT_CERTS | IS_ROOT -certstatus = 2:0x14 -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/implicitAnchor/leaf.cer b/SecurityTests/clxutils/certcrl/testSubjects/implicitAnchor/leaf.cer deleted file mode 100644 index 88dbb9aefc7f5a1dfe4fcebab6016e16fc76b746..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 523 zcmXqLVq!OFVk}s|%*4n9L^LMdN$}UWA(&Ss9ocdl?KGJDD0A84hnL z6t7=d=*7C^%;Nk!pXTsKe$Fpmtrp)^*_1Fxdi`aGZ*Mjp)QYITnCb-|M{k`arpduS?WEFyLms*h_O#DpXJTe#U|cM0AZWl3^rWmXBjbM-Rs&{6 zMh0Xzvx3~*$iNp7t!C+SvBL4qXRFWt>W@NA%VueAd-894x_wpE1rc4#Z>pW)KSOLh5LOaXKs!XN+u diff --git a/SecurityTests/clxutils/certcrl/testSubjects/implicitAnchor/root.cer b/SecurityTests/clxutils/certcrl/testSubjects/implicitAnchor/root.cer deleted file mode 100644 index de72763fd4aa5bfcbd79c3c58a3769b1362cf823..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 525 zcmXqLV&XJtVk}y~%*4pV#K>U4&Bm$K=F#?@mywaxz|m06K!uGtl!ci`wkSWpL?JD| zNFg(~ASW|9vqT{=FF6CqFG(#fF%<1*zlW;d3k~$VpXj&d)6UPChjQ)2@tml{?y&NtvixSElbfw{4l!Jx5|sj-pa?8|@k=XqDlxqbEQ z(bgE4n4j8Wm!`Ao9$=YPo|kcc#)tPB zA+C2G@nj!~6)5xF)24mgY%vovBLm}NVFN(}eqi{>3NtePXJIv922#jwW(B#qkztj^ zj7LkqR7|+D=kCp_Rs9*Ara~`%v~x87&8=IIeSMYOr|sEoF@b;0wPbAh8M_&^mh|mR zT5&e?*6Epsi$zKkBMVnnZE4@q*7wmMZl2SD1AS73wG%QWm@2MJkg=QfKwz=>15WiV g%S4k?GM{bnXBVrSoIES5tMX68Ik$=_C5~Z70R%0&k^lez diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ipSec/VPNTrialCA.cer b/SecurityTests/clxutils/certcrl/testSubjects/ipSec/VPNTrialCA.cer deleted file mode 100755 index 65c03709789e346d0b4b7e9dd68a9a33bd9886dc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1156 zcmXqLVrejFV$N8=%*4pVB#;^!u%g`g?F0v{Pczu({x3G*W#iOp^Jx3d%gD&e%3$DT zC~P3e#>F{Ft#k4xofJk%G3Mm_Ttf*1F%&_LvVy#lqRhk`Ls0`^Hs(+kW?`PN06&Eg zkeGtAqk)__uYs9?rIC@LnUT4vWt2Ftp&^88Y-DO4MKybx7?qH{z{twL+{DPwV9>{4MS8PwRaYN)G!TE7mP?`r!T@ZcmK&Je!vPTI}52qtCaMoX+GB zlh0q2+~nwy{D@COB)0t7@m??Y@Y%dOeqK7B;o5Gr`fiZPJd3SIey;W@YNX-in9K0Il; zIbA^I@#>k|%~f}lni?}PGcqtPZeq*;hDeG5H!!MX`B_+iX`#)4AH)%6Wc<&Wnv|273{>Hr zS_veBQ;W(nlT(X9QpjxQ{JgZx^wOfllFa-(9T#ViQQ(vZVgr+=eR671NoHDRa$-qp zP-&0UnTuJLu( zTJsyFFX9>_*0#KnQ`_5qghO6v(dD4b&cD9`TZQ&}DHkTx#B=5Q1$9^^37pbr+xY3r ztoxJxJz%j<)tqp3&c?c=O3~o|RkF*DmMuK9RQ_h)IpzcFZ~AjE=6R^COq={?^79=G z)6?yi9&LHQ)9iYoGPlp$or+r4Gk0X^XECvAzxC$7F{@|(;#1!lude!_&!nVX@uXr` z=4r9dd(ZHF^?qcdF)1jZ=4io0?LSpt3b;R}SXDQ#7QRtZY^f+Gx41rC(PG8ZxoLtG Pcel(v`D^`GCW+kurAw#Jp@e}LiXcZ>L0(BwW@3(^sDUsWb0`b5Fi%*3pF#*oOu^aFKu(<3 zz|6qX$kfQtz|hb#3dpqpa!sII13yDW19^x>37}cJ>4_z&<%yMgFmv@lwrU!v!(GS8 zC?=JdlAD>ASzJ<-Sdw4lfUMM@aXzw77+D#Z8+#cH8atU98yQYq(cLb$dCn>qwa7I* zU;o^hCf?D;#mwMRf3$49L$syM{DoI;d*4mqnR_MW-riN;Y@>I+tlVxc9M3LNRMfDe zp1VJO@v45|gJ(9jH5}WyIl4h3_IR*{L)^2?$vFaNVv7Uj+gaOMt({&awOc)I+s6&d zO;yrUD%GZMICuSS(9f;z!c5GJ42+ALn1u|QnE4F2fxedIXJKJxVqIV$3*zvxh_Q%7 zOeuPQ=JgETJI;$e;wDEYC`SfwGO%Og)MjI3VQexNWoI!o&}UPJaXDJ%Z;EWY{>!iB zVzWrglRc)*D_=V_3O3z8U)cQbx;qnN3NWI_N+PBo!_#%HMP} z(qR9L*rNtbjDjE+$g?ytasW9jK+Le9@$Z7hUu}&$b5arutn~Huo&9WqajR-%0FGTC z?d+%n6az(DNosKki0$kW0HOj)lX5bXfhxRHD}iKiYEfBca%wS13YqPkpO==IUJ8uH z%=|nZ7iW-B;M4?S10&u(Ikl)HGc7Y2m?(l$%kqIVP@xYn=IxUbi&O3Mld@8iOPq5O zi;HcOgM3^-Ng^|;6r?C1KQphS%_gIy1mtv>6H$_tzBABt*SwRYtZfp4b`mFFib!!8kp@`N7I<+q`C;ShOJPWL0rQDR023>~DRp z(;heKI4n7`UH7lYwnhJ1`NP}3O;fE=;Z5bbTd7yIzZ_%V=yTA!|Gker?E>8UB z*8J_wgZ2;(sqUTy>mK=vlxV*4loMN0=%TTht>|RQBW}fuxA=ZvvyUl1uldMGsr1h7 gMGJ0;uG{|k+RTq1idM2uH$G;5)br?jmG^Vm03ciQ8vpV=Ai&FhkOB9?P6`XSti;EQ;4b;R1EiDbqj13?_+Ym^L3mRA& z8W@@y8Jk)f7=VSyG`)#Y3E7#9tPIRejQk8hZ*Va+F)}i2kzT~L)TcPvEzqMRdBv6< zvD;rxq~BZU!Sw(1;`7Vz-`r^U;IW=YAy5Hb_@TFWnyMzU_=ff zU_=5#h>;;~gN;&V^v4~e8vF0q=hyxfvP;AZ?!Itdvn}oU zTbZ^c!QlmCCOugDY&i+go)ySjJXhDX_(X1Y8(^UV3@x7@Jzoa`RH zmo>L9nIPwS`uWreGEACNIrux93vW(jc(UnLPp(#ZfLVg>`|F_(l5>O{SaL+Zwe8I4 z70{J@CBL$As{4aIjg_`PSd$LEUv{gadxcVk%dLM2rV=Ai&FhkOB9?P6`XSti;ESU4AjI0EiDbqj13?_+Ym^L3mRA& z8W@@y8Jk)f7=VSyG`)#Y3E7#9tPIRejQk8hZ*Va+F)}jDf1o;%pC$az@tBRNOlkZp z{@yU;%Wum0d01}4;{|&yT!N1GlnGV%)E(09>3Z_>4%dUJuJ>Qd)m?J=!7R$~=Ez2y zs%^g8rg4?;VNZDfVY~Ui&cB;(u&)mK*JQuPG~M{-Z=E|^BN7+!Y^2Um+Q_?()Ktt$PmLwzU1Vdc%j4 zN}N}0+%j_X^yGi6=n-64W*Ri<`sxnFJ9}Twx%tEHo`InclahXT+U~F-OY?x4>%%X6 z@xG$@c4hvt%bVIJcFPLnW{9PH2y4HYtm%zKTQrL=VnzrD?6JNG}+nH|D~VS zN$+GS_o>oPrEe|JdGzk~CV{AUcR3l=THP5ob1IqhRrR`$zp-7qzItNjm2{8(2G6_A zIVDyLa_S4io^{^-kk*{)cInS)ai^n4<_4eJDL7@_7X38oRH4ROn&B!*)iZHR?=UI~r1GWLD) zH@7lvS)p@Peu>wOOShyuG~V+(H9hq8%N2WBh40Ll*XjEEO*LiwaqNs~RML}~c7Kc? Wy?N!o@W_!b?9HL4dS{qClLP>sR4tGI diff --git a/SecurityTests/clxutils/certcrl/testSubjects/localTime/badCert_3 b/SecurityTests/clxutils/certcrl/testSubjects/localTime/badCert_3 deleted file mode 100644 index e1e346cb70df06b1c3aa28c3b71f091e07afdde1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 805 zcmXqLVpcS0V&YuD%*4pV#K>U4%f_kI=F#?@mywZ$mBGN!klTQhjX9KsO_(Vo+fd0s z0mR`FmULDNSMcx-Q3y^=E-gy+OD$1wc2o$;&o41h6Bo3!G%zzZfB3eR;+Dh1XS|CZm@|6#o-2A7Gx_r2pObi1-g}&L*E+p+lGUnf zQ#XB*oM$(+raytHWU`n>=0EFqu@#eLs%(^BCR*kkHPDrBnZ#Q7yyT#h`%8n3i^X}& zlFtWRFj~>R)FDYk(Bk(w{a)h@-7otJes7p}JeK+0x2L^DHYfIkOgevR!u=Ds*Ry_n z9dPO*>l)TAjH1)NzP4DH`Mufsh0U_qr8>J*#Pomj85JxOx;E47d$#oA=YNh%pSYo4 zdeLPs<4qspb0ERCkLz;<+uzLH$CAr=n@taN>vZQ?Gvc5Xk`OF`$j7ie(Im!-c_&F5K zcaUXSzc^sK#2@Bsd1r1e<=y@D?ZzO7Y=*R#r+QzS-IJI7pBehuoj*=k$XwBE#}Aba zZ{jq*-dwzbyX0nrFW;4<({GH9gaicN2x%*hRJgF~{xOY5p`6pcOMjcY<8<#819tt3 zvgsctn$}%%^xtiHG3DsA=-wNwrHzGWZ53LctetCd<5e2Z9?2rD69&O&suboX|IvQy zc84W+E8p3*eNVKHyzhUsJ19-ndYatBB~5v+m(MxTvgl2+W{%LVaP@}M{2S^@AHQ6p bUB_&dXYt_86~{m41oy38_@FLz{#geASp7f~ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/localTime/badCert_4 b/SecurityTests/clxutils/certcrl/testSubjects/localTime/badCert_4 deleted file mode 100644 index 384fb35d8194eb7450cf37227b52993e3b740c30..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 751 zcmXqLVtQ@R#CUlDGZP~N5E<~YacZ@Bw0-AgWMpAwFfcXbHsEAq4rO5zX3EGmR5MTk zakzwKoz=n>JiJ2`f>V=Ai&FhkOB9?P6@uNJ6@v2fOAOS+1uZQN%!~~nK-&;Viwhc9 z8X6dy8X22f8W@0u$Thx+Q3=_hjI0dIO^o~uK#y=SH8Cprs?_}lr}pS8sr<}T+AFm-@Ok0)tz}m}+nulzyx?0sQ%++0yt8(R(yoHu z(Q0=zZ5Vt7Z^`!0lP|d^>afS)B>(*%x-~a?=Pr0Kf5Un8g!2}H9PiEaYy8Y))tHul zxf0;q==u8Y_Guyp$wn8M&noUQpD1USx=yU=n`nY}p!Kw;k}nQ@U&h*KwW3}k!mj*q zBt!F;ua%w&%k`M;82`3Dy1#H%=gl7}T-q&XozJS8GQ=6Al`K5YQM$%cz3KXfsit|d zGaFt{TA&+s&0_afclFg$XZ8mNA9UN4|KhrDxZvFlrXKRE)n0}1?%*=mcAJTrk%198 zgn&^A3?W7a_o<>cUZ%}{ac$wl{OfgnHaE*>_&?}Mw>T54C-6tCn5Ada<(+%;a_1k< z+9T|vds+C?_gwogQq!-tZC^jrGt?$dz0bg|Qe{@PL{dh8xs|5lstd8H4<_H4KhM{H z%Dknz%6F^V#HSu;2si8XKe*3gofHFZ_l+Sk>W7Pa(P%LGpeCEhv8TXUu~ z?~W@d*{;CxV=0fyqjKq1yST`SX=1aBjGk=d5IEv-JXXxzs!@Eartq9^DfhcMjLxJ? zsG6E_DoN@2ac6IKZY#qF8r8ZQ-;K6R2%KdlufW>zHLh>PM3z@qzZgj}-e#K<5%Tw| VjrNt?fcX56YriX>|6}TO5&%b2AHVKyGGnazK7g zW^!g~aZrAKiJ`cGC`gKnhtIK~ASYG9IX}0cv?R62Ku(<3z|6qh(A>zt)Y!-%N}Sga z#5DnP4Wr03wQ;@yFT!n%tPISJy$lA8olK354D0#?)zXtIVmk$mo*Di+>Bwwl$uT)^ z($9dH^fha5^03ZxoTaB1(6!?3H~WLH_HJ}Own#@riE+x=ys|?bzaP(PJ$lDmA88^ zMu+N_e7+UBOw5c7jEjX01P%CsK_V;6$oQXy)qojDA-kCs$0!|eiW`W6q_}wa9199^QWc!@a|=pKQi}}a#CZ+O49pG9jSNgp3@xL?c@05a z6DZd}(~!@A2VyE~UcRe$C~l(~=Ns@M9K^`Vz}(o&V9?mf)Y!;y&O4%~K;uyJBm;>z zv#%sIE;zK>k1zbd-AHAZJd>*`*CWI42RffDbG|t>XWvJM^~KwR%%9&WwRQd*`cvNi zbDpo@OI@Lxi_X}pi3`mY(zG?5_vY2T1*_)Q39r0rmuus`YpUjo?MK#2U;IDsyxQOC zAB6ayJ@S%#C9zBH{DZPrGDnk{m>C%u7YiE*8t?->BP-0v_@9Nz5plP|9mNOLn6*tt{tWKc1w$woB?e%gp+UJ=>0CCN?quW16<|QA(j- zip9$6rwe+wIKOU|5O5Mz?);PS;$q^y*j2425C1FgIl;$~&KqI5)oy3Yy=xguxhi+* jt#oaka<sC&Bm$K=F#?@mywaxz{F6}K%9*^l!ci`AUCr(IUqkL zGdVN0I4D2A#8BKo6ePvP!{=B~kdvz5oS$1zT9R61AScdiU}j)$Xl`U+YHVr|CC+OI z;+jCYD5e&r7U!21C8q{wrsw&jCZ^#wwQ;@yFT!n%tPISJy$lA8olK354AYIZ*q>yD zbFVluqq6+Lk(Zk#D;K`?$!u*e5KYw0sb0Oe$mDa;zx)?bUboJzDt^RnbbRGj`S+T$ z7G8CYT)g^aO!+F-%HPIm46feB#Zw<#HJ)M4KKIhf?=jm!R~i|Vw5t=ZR<+0m?4BK3DR3mrEaOb=ncoX_LRggM za&~|C!z?&!XX8G`$S*|))y}`}j}Oi}xBcs{n=`)NlF6<5Txpnn*~rQM_w@*C)%j;H znx?lbE#Vk7b#vn5%$aSamgwc3jw*-%)U-Fb#^Z6yPw$> GuL1zpLAR;^ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/miscPolicies/rfc3280CodeSigningLeaf.cer b/SecurityTests/clxutils/certcrl/testSubjects/miscPolicies/rfc3280CodeSigningLeaf.cer deleted file mode 100644 index 44b18b39cf5d96d87b276f91b859829901af8a37..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 526 zcmXqLV&XDrVk}<3%*4pV#K>&G&Bm$K=F#?@mywaxz{F6}K%9*^l!ci`AUCr(IUqkL zGdVN0I4D2A#8BKo6ePvP!{=B~kdvz5oS$1zT9R61AScdiU}j)$Xl`U+YGPsEVU}mBD~0xVv0o}wUvVL+!-;JfPe9wpupKWZ z1i3NSJooJu&#&|NGI_$R7cM`~iy5mPw0sun%}}}YM(tGIf-`m>89wqT_Ir9Ne$sJ$ zcGCE)kHXC4=hMRvtvx8Io6Rr#Gvv24)5=1xGmj5V-nRN{CKEFw1LI;112qGFpzmab z85#exuo^HkGBOwlg9KDrcnrAMIJDUqSy|bcnUOuh3i3!J1LKu-o|A87+eKJ)ld0O1b09RL6T diff --git a/SecurityTests/clxutils/certcrl/testSubjects/netFetch/JITC_Class3Mail_CA.crt b/SecurityTests/clxutils/certcrl/testSubjects/netFetch/JITC_Class3Mail_CA.crt deleted file mode 100644 index f537ab66e3e6721f308f21a04ae7986fce6bba69..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1055 zcmXqLVv#mzVs2T$%*4pV#K>;I%f_kI=F#?@mywZ`mBAp(klTQhjX9KsO_(V(*igbi z48-9Q<`2~i)>ClLFH0@T%T3KIG2}7e0?BX-GrQ!wAn^jcJq=Y2ltFUL!ZKc-AEagO#LOI! zTN>vhhXf-l19M|9gF#~_Q)45;se6^`We!<)>$zZZS`&<2!qBfv>Q&CF7R zoXp}9>!i%Q#G*?TG@cvGYbh#fm-O4Jk@EhXpro~+_jGY_GKI5!h z_qEUZ>pH}@ZaD}zCnA-4f18*?ZNn=n&ou%U#3 z7>L6q%pa;3tf%0fUzS>wmz$bbV#s5_1(M+wW_HPULE;5?dm5@5D1+pfg=M@vL!1?W z3KW3C3eGu+#l;H73PJh#B?``t26E!O1_lPkMuvtKrWPg!QR2LYK(3)BluK8)G|op3 z2}V{1=EhzIgT_v##zuyV0S{UvyZeQIq}2bddha;niP^29EcV{xS1p~Ld@%RQTC#?+$+PDZU0Kk3(?@He7glZly;fpM|E zfv$lpFj!^zSj1RFvgiN!X1n3VD%*}v$+8OX@8n3A`x)?nq=i{n4VW1j|0DYc7_-bk zk4*W*WF3A)^iZ6tkz>Dl$tCI1=5fnG`^mk9gwrL9bs-e%F zcj>PC_HX}#$!W*WOnEUolh1J4pDJ%=M!htPX*QkvqE@Usf9V=e>LFc~-ErI6r>X8r kVt&#r-nMXN>cKm#x>M}?r(X}2_I~%^gX1>2*02qa00)H0`~Uy| diff --git a/SecurityTests/clxutils/certcrl/testSubjects/netFetch/c3MailCaCrl.db b/SecurityTests/clxutils/certcrl/testSubjects/netFetch/c3MailCaCrl.db deleted file mode 100644 index 52ea1431b59c4e7081e78e9070d6964db812db1b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 45988 zcmeHwd6=D5k@vmbeS1k~=_H->UAyn?C4wT{wHH7nBrQZp2Us^-*jm2Yfb>QxFzs2sj96#G|9}$Z++#icAe>@f&x)=AO zvDnC2vDneyiN%iH7>nJ0GyZ))=;RXmO3H%iK{^jTaEWz!M zf79riQ#Y;Mx^c@1r>tAE_2kj#9Fp&F~MG(tS8CY7wZt+q@OJ3j9PJI>zYlcI2Pf@wX`4q zi{m~XKeBkn?JhpYUkLnK+>b!z__qc;H{iJe&y9F)#B(E_8}ZzP=O#Qi;kgOV2|Oq8 zoWOGe&&_yl#&a{CoAKO&=N3G-;JF3Qt$1$5b1R-(@!W>zHaxfCxed;W@Vp4mi}1V{&x`TA7|)CGyadln@Vo@iOYq!* z=MFq~;JE|Oq7!$`wVh`IE#a==9>M)A++s&^iJizrow}d(@QZ!OW&ARi_3(3E1AgJH zhhO}XT-LtWd_DXN9Cye+-`YEr{@Um8i$3dVAAZwa)_>7wJ^YL2@QXg9@=Kf2U-@b6 zi$0_B%Umy;!!P=b$}e=w=kSX@qw>pKON{gTFZztiFLS+O4!`I#D!=G%Ndzc${=376~Pr2s$AF+pe_~-f` zv4?v2=lUP9hkE$u`X8}}didx1AF+pe_~-f`v4?v2=lUP9hkE$u`X8}}sQmN!pG+P6 z^Z6gd#K`T7ozL|@xjOh|oOAt8cOCrm`JbLT_~-LK`8xRL^FM_;_~-LKy>;-<=YRU@ z;GfU`^n-tHzB-@(5kDu_T>mowtRDWk{%2L4{B!-!)9U1(>wgZblYg%NIlNB(x&G(r zb@I>kKhLO>f3E*Iq7MG~{Eyg5)cK#!{~TEd|9t-Es5@!sIEquf_c+)B_u9 z*@ycZsC(pb!-iY$M$H4hyzLC!x8VLQY91%yeh2QKpxyzV_RCrKI1KfU^KswLng{q7 zfq!u;ZnWv@9gm_!0iGq`S%P*t&`!q`ZqO|S-O@8~qi;*m&a&fiUyU2>EHC1I4eswC zHA6d{v$*ern@i$87dQA^-1~7qiY-_bH+Z_hlSDg7w3GYS$NdYG%Br~c;Ra70 zJbAQ}M>~Zk+@LGmjQjCetoK;lXs7oP%pK_ZW@E9~M%;3Vt@xMtYw=mKZpC)xTCYEX z|1a1yF*QCrxodjeT8D{kh&;2qfDpeNN}jd7(By3x-#I~MktcGEhVVh<39VfR>z~BO zdgK{x`|8=*naOQ?W+!yO($*Qcq31~Qwt!A}tdGkBc{1SV?3&p*E>q(E9rNbmg|#iX zT=VJiG~gmr#wFLH1LP_u{}-7OTkDZ2W0Pyi0Wx*`B1>e7U#mx^#lcYKfn%3BhmA*) zDK_c1J>Q(40vd_QJ{=zC)#Wsgga_K zt&hS#-<*g%scF?C&uHhSvGd}67tTn5P;@9AsZ;Yqm zUqz0swZ&t5w(Xvn**m#?A}|<{DSDGyh4ml5x@$g}qBpDW3vcVm6Bn$R8sEJezss}e ztrK??S)wI$%MP3WWx_5lmty*~&y(Mu+k!5|8c@^FTu-(bCC&#x< zIdKk?zDd0;iahI^=t$%xP8r`eF@;}n2_`ltwYMm;#O7p9B_4>Z#jDRdZ)#Hg$ma2L zfP`})^|&Z9ZM+f>+<3+2W+ujGcS(k-@?^YO+)?D&c-ufP@>(Fz7KA*@c%@bsMV5_M z;(_okf~>L0S4^y%K4Ef}wr4V>epio7i3!5nF?#md6WeDe_fAkaaj_Yx=|z!gI$TKJ zwz1jqnOS&wH5oV0qQiVdd8Wffl-DvkEiuDMv$a-;D9idLu|US#Ha0Q6ds4=W2VADV zUi=|4OW0U7djJ5F{j^FFimBa(#ZAQ4BJo^It zrq5y>!HXWF5$yM#&|lHX22yjrXZ?38|Gvk!Ry= z1HGGzd2)&2h_YsNe5+~Ft>rlDGnuxL_CdwQfESFdtQI6^AP`QM(6=g2XHl8Y%cuqulW*bp*i4!Br zG`$@xmyo<9%2-Wrhsq^{Mq-nHmGCfME+O_Wm#nGza*5{xk0MLvKx92tE^%^1c`^o( zC;gIpzFb1`rh5AJRJnwVA&NZfo6MK=ZN6M$Lqu7oH)&U79W0kPHKIK0+o5uajS*#? z20EF8D7l2tM$w&(_o;G;O%dhUc-uhl=3<^)Vl1L88*h|cLiQ$6#%nU8s=oDor;=`Tty@%)G~t&dNYOPm=|p7n7l=tX~r z$|YV9QKrqwp>l~A)+y^yxx|a=ly#_F;>8hVje<^ecCcJxYeYGwt3%}yXGN4{w((TC z#CSw`W*bp*iER;On%)kUOKguQ$MklnTw(`giU0Sn5+0tEOYFlL8lE3MwCUpxidr}Yr*DoCwFf-Z-*7EB_|NQy`(;Q z?o5r7w_)P^**WqgZ+&S*d82M#_sqz6L|)^TP3!O@7^lon6#a9Y?yQc;X@h-i*t2sR z)#hYNeBK#R-f7Y=p4}07i`Py}&5j=^RB*{zZ~o5g=Y-*Ur0%-o5ehvT-jCv#B1JrIlS!WlN9*>wwk%9@p2 z4cD~P&E)4rxG%;1dOp7szyAUB@FlxMhP#RvPajjfc<0T-q5h>asETK zTrLe&N6vKMV;(qID=GLZ53JRS3jSvZ7KdwP1%K{=Lk9lL1JN_3d^7+{wUOeWf{z$j z8mSIfhZX#;4;HHmemexwBX<5<9$2jnIm&_GI*xDIuv{+F6yNKCrHY#3z*ihtDi4-MYPFIoWI!j5 zV1-(Gcfek*lx^O1HXWrbBelAld`gae;EQ2H=)0<}Ul&5DI9x6jt3`H6=UrqDm4+*{ zy3Ymd0LyA%{kl4oy-aY`yV!aK)>$^2zs3j4+ED*bR3=)-Y;fNDe{3KWGFYN{e_Fxv zNU2&X7CFUl4`r4HtJkE6mj=|lNm-&SFES5^8YH@@k>i-5C8Y)*xWjfUXT^(evYD0a$_u0*C z{v}|C12PNIbtLR?sWzJrhLq)zGHpp07b(lyQ2zrVWo?iR4d^;@ny(Jl)CmmeI#O_` zM5BF=vZHnQr5aUtvj>*VUA)?X=plm7NSTZ4RX$jyV|gXP3MQjgqbc4P$}Cl=&sG1& zr=$xS*zZ%)RrYgn72)U6QCji^Av@+nhuO~+2g>2nkh%2pJxYu~t?s&@p=uS;L&0l( zu)@yk+7!)K%T*d!-@iLbtUv@~iNq3N`|nkDv<~NMK}uIK**P73x{Aq8v+4hgv14f$ zt2#%0y0nWh!;xB*OQ!Ef+PVWPres~((ohB7o5R#qOwhu_F2|1LRvIdsh4lVSz~V@y zST5Jlk}Bj1?GhqvtvF;ZeKKGlEER2SzS*Z_msXv703|KtoDhUt;%uHBfVG;fxL&R! z^b^)(t#1!0i#E*O|8^k6Ax0F7j7Qr-N;p8ewebL~mV;n=mJeFs+Zuuh6YS@UeUMY! z`)dJ3b)`yiu*TK#qJR?S$yMC@ghx3b3MM#ob4OGsHO(y8`oFm;rrA^MO$4WkRp`?;~KjncHF75s)0TB=2fZ)Nj^ZhUNL3)P5ca$B|QLJG~Tt5fa zI!c6B$QYtyDSX?fBzyi(1dG`9*aoNYEu+NJ9^@(>IKh``d#rg@uH8K0dIwqHFh#$FmM!$O_Re)Y5p4x2F?>)3Uewm%wBW8m1i5PIDnK_(7v z0qK#>rps*%KgF!ZbtggaO~1~#8->& z&-1`R%lymQ5Y}6Cj;w z?z7t_w9#WnBBR4}-ka>^1oGb#O4lVo%&7AZ2O!kR&KKOigX~2rq=)&EOb4cjbM#%0 zy~5SeqwaTDYB4ozM^ttH>QUNmw@2NtQjX9w6mZu)>EunSq6 zDvrSJkX&$S52z0j%0XmIbU|)^ zXuVV&rqLEY;89v$mv?(E*H1(VT3!D!t|4d%8XaQhpMM~fi9MHgzTm1HY9Ywob;4 zCvcHZ$!x9g9t9zDI7knA_mL8rcX7~`;msi>7BM62g&t*)NW43wlr6Z<(M=&(95m1H z1qGqJ5%iu4xzVF6Goa+@R6&XOOdpb`|5VV}=@l^|L=OwQ*99`gY*ZmV>g&XJ4`Q>d zBkEDNMv$HFol$nI;t^Ob`|0vJH}6B0vPEr|!VxSn6DYV84xpq5HMZWnGmtri)SX>Y z7bGhVJ1+XVf=l+uZmD~ZdK;xgvZ+dbOE64q>n&e$`#9GnWT2eQ-j}d-@fqe73vVVn z`YD0e$?SDIKCB|4G`CiGlSgTpf1ch3(+fXDmtMHsqr^hgg+L$TD1&(PMvoGvtdt*8 z5R^zsO(AbEO6-d(=B(6*$i!7@Wow8&#IX;v%29Z|$BwSLhPvG@Qg&OIqe14$JzsZ} zDzm~=v-@`nDy5nCYeSipAx6XQ{|YH9!%WNymxYw&VOmJ{Z+%Lx&FDa1Qu*uL7{n}&42GN0qOG5UdIhOuTkG*R3rR4-AWCvN$G9P5niT16F}Vt#VO8Fk8T{0A*1ww7c8nzdIm>{8mI$%KI3GPl8Y;U zP0*!bL_XU5JAIJ0)TddH)GknvrG55kZlhq?jCLmIdYC$;T?uKKuvha&Xl9zHaPGh!am4MwVN);u@BlpaJwE*%0|#$ z85HPk1Vo&rDble3luZ+tq2@M-*O()u9Xgw?l;mV$)5P?k`&&9prDWhMxJ@W2%Up(q z391ea!KrdKH9bH>m}0~Ponp-d6bxdA+smlTGIpVkGJh#Gk2I!gxp%>pl9UqRREL@8 zf<;4v*s^Ksg{@(iz^xY2t?2<=5MoTQ+kLT5$xNX8eg~40+pEHhNGX~_kkk=lJl8uKs#H;VcQOml3mbx8qJ?Y@L2PVQ$$2^f$8JUY!dO5# zT(x~%?xzH$j#i{T^K=)e#$qc(4_4R|u){O(MLoeQJKaM;TNL8x%z8SPB4~_qY$*LfA!iWVHzIG=^9}i4B`M)vFvhESnMd zC3b0ADbXc(4DOG5-s({fays(#b+Y1+n{dI>g9&@^V!F4WG7(?l8QA%rD?*vb{&f}i z<~>Rj&fOgKyxF51v80r44GrN9p%pZGj2#(EnYFdvZVwE$LiAvGSAhk~wV9^}Q;-p% z=XF8r$h^7UdsCrIbU?@6oAg1}RJ-4=>{y>Dh|s)yG&vE?qnqX~jwL%5EVe>)R{!X; zGhZsWO_Qu*gi>_hX({)BqlD7ne@AFbIrVh}nLOvzt;svK8n%pTbvgB51kL%sm#xDR z@FIo#O}aH`33XO#DNhgPK#a+Csatm_vW_rx^I+9rm`HcHihG^2!iZ2nMdexNJ^PDb z?C2>Io^IXXP^K-JiZ7FyYVTr#A`?Yf*QM-#dNKzY&T?OHAjXbmh#j6%{#-#s*RbT3 z`@BbKS$g(o0i{$mRZCedB@M}#Dmdn#GXFy<9f+J-!JkqlC?)PIsJ?Cp$v8kR?VS3h zAxW&@D>?6xM9{^mf`NHN8Dq375O=B$Krh?~&NUjs^H$p-$#2Q7s& z7X5u0V-(a=x)vHhLOhLofOx5w{EWx-;f$1_t(}hwtg0|3hBWz zk1Ggv!AN{lW2&ffq6(y_i^xblALgkdQR1`J4&l=<8*CGMPNEbiO`RKk2oGnQfTA<(@p?d%=ekenb25}ur< zG0JX~d36`cZYRgGw|nf^>+8IqtDvY3MQ(!Uc%WsfIWAb(90o+E+P%Y3%Igww462ZP z+JQ*PP>!~mK=y+w6H10c%%yW_JDFCy=-wX6EZcg|e!yqvbmZs+z+Q!gP<6?$brdSJ zOS#L)E|eoo;qqM`C6Z02kldxDguzO(sg|r+5MGgCwU%i%*;|!T-o**5?CMx>-bL6c zGo$$u*_qp9Z}Hi=y~@5X0EZDfnKQiC1Fa^IU*^DJ#5Ww|qlM&``XHTu?m}gkF5%n- zbB1>ZGT{iA{pQp!xz3|zsQS#(FJYLVWEPaYF<{5;ie{7D?}1j($o(H{T{0HSmu?6t zt5~6`I(1fPT__1=ulFgbx|}*I*H0uTT!y-f9Fk)&a@a{_(l5!_D|TR}drW02r7f;& zgNBB~8g;7!Mafd=P*0nEmrrS$Z}BN@i}7>?v4&BfB74u_K4?p(iR{SKs;I!a&gUC_ zkUlxL%Yl+n4R8||;6U&KPC@ky1ljp4Qx3?) z`v&@u9(o3h2*p0e;_N={r=vs}&&lkeyKt0Ne8}9)v7<{kN3CPesJoEX+a(BOJc{RjIgZVe7pWnM>6*zFZej;q+QV{tpm z?jw~F8L6yU?Puzzq0I6yHJ|<`2V!d@`HlsYO-c!wFd7;|_cMK&%$L&ldh9TI*LvtSYO?XPi&73ADFj*vUNQ1QV&+sX2cc#e+DQz8XU_)Ss&Fk3HcRLVe9Bkw4 zxMOa;Ps#0n4;>3U1J3>0g1yUQN1E=slzo}9V}kMe-g27;2M#McZ7F-6PigFQR_JIkoi?QGw&zk0Mt1IDQx7{zGy?}{xnk8QFSH+PQR>Py+se}df{;2NLZEct|>p;8TRI9)%Je{|rW$b?tZ5#?5Ul-TzXUd!7uE|84;4)8=~__HZ4r3_ZA3m7`cN^Yp$s5b~+{byP$PBCcp)&j+*Q&Q)KCr zVe?o<+&CnE>#<`8@A{cNONZ$w?TAJ4Hz6h7O=v?IO$)_7krrF=VQavSHxtbKb4M!( z^Tt7aF4*L+Lz#F1M6Y;>f=(t5lxde<9Lj{Rqk)ZhGVNS?@`+HU)MFfb=HgH$PBL@e zANMHn21zM3^tch>6peb?ZVf#{;?D8Pfb;%Xz#g7T>ekRBlrU}@ZSq$kW$?;1ZJ`ID z3`v|uuH-L0N>g%9Yk)9r*&EVA(l;q3YzZg!n7XIFsGvYdnRG%6D#^C=nlazzJX6I2>TQB_mo)aL?9lrI^N(i&k^X3h2pjIc0oIdRQ? zwy8|XvBO}h$+NN#a(k6!Fco%~w@zG&aZ`4D=#*Mr^53;fPzW53C1x#NL-yJ+^_iga zIQT%#Cx7CzGxJZ~LrQ6Agk`kkk3&jqaCG8QpY~+dxU`c$@+r*){hJ2{+W|&c$*fR# z=ZJpjQ__ECPjR5^iSgMy^YcFlD3Kp)am5C|Fxm)Y!BR(b5 z*Ib`RX|XtcrGkhCcx7Qb(-R3I8sd$uuHsy8z>c6zub6&|$BwG9x**0)WR=Jj=^1hb zpPdRxU*SN6e7sSz4-_Q-RY6%DNRG7i^qWJN_yHP_Z<$jmtUE)l^yQ4T(;^#@*4^|N)&F?RqAF$TqU-q=Ij22 zl#*(espKvTk@$QEY(W=n`gLJH<;|n^^XneFo#E-S5b4-0ay=Aw3I0kQb(coN8p5u7 zBd7h`rj%05!SYtGn7+(!ol~5A(3eTduK#i%W!l)sJ()Njs10e{MDC4-;6xpmJ;qT= zVuFel8_KOz5awM5Hv^x>O=Y(;d$|=pB|TXB63WEpT|OM+8tT$uD*eRCFKRxcans2R ztS-yAsa>*waU#(wQDuwYLM$ z_d%9Ab4whElLs)lVa|K%CZ%*y(-Pgx86JC(RWinj6F}J3g^<%2r!vidrWoU#Ogndx zEo8DaM_a18pLvw_383sVDN|~M`<;yE{zD-AK(QLwztZzbsMsChtl;U$4*LSzuCjtCCQUv zp~`-k2ck^lz+8iZGDq^-z=2)r{GCk1Q))i$Q*ym`X+%&;3`!dsU_~@MKvxcB}8>=s6y8{qwm|-IM5eG`P=HBDF5oJyYC?)1|I&uM6t=MabY}SEN&Bgl$ zi!!>s!X8RKcEQX)t2-%DQcLL_+B%FI@3px@N#3TQva`&a-tJM_g3TODPzppAJJRNU z>VA{4!xRyWl~Q*TSpV*r7Gs<`RX29*5x6$hsmiNi?08M4 zIaRn`)bNzOOE(TqCiV#G88Yf=MdlzP53OzyJ1;V=?31Ral@Ao)AtegJ^dXy+QbrVR9Ig%7QJzxOrBCxIxm``|RZxNiJ~hnQe3!>=V^1-l zILctfT@z5E+(ujK`iui*M3_r^8CQ};*w(RU8+~@>V9B>ByUaU`K}|99GzHzC;25+zm2#!~9Efd$ZU~g}N{`Ya zY)b2ON{P~}SXgrej4!3Gm z&2xNqZvT_q%jgudve%`NOZ$n8-gQ2sK}u!XRw$)=8R!$c8`y|y{*7Um@Zo5kxULU7 zkTNaR)D4cZ+gak|8$xze@^zS*w1OBB(k(lklJY={hRN5GU0y8&FBg)ege_s-)GMYL z;}Ew{47U);Z3~?AFphe1>|Gwa4KsC?1M#UVtPXryNVT+*l=5}}rB(-~wtAHIsg2AE zkJ1hUr(UcecCZ+!B@&k?C|#2Bn9AfHK`E)v%rZ|V3{R(HU&xNLiE5vjr5wNj72V?9O7Q4YrkuVls3$TK|gW8gGp(o-2;bto*^}+Aku7<@R-wfT^Gp2 z!3idiDGMkBV>(rfGSW}` zn-9s|HcYf`8Fk8{jH5J#%y^W@tz7G=lY@TZO%o$**FQKA{Vd|Ia#&gNxjrQ~P03vf zVj&>L(A#uf?Xz1b?^jA!;x8*xAA^^@?iVLFboiLlXE< zLZHlxJ(-qKr|BvsiNct;ad=fgi7hCjOxG(t&^$xue>xBaI3zq)iAt3mh-#f2zM`v4 z6@8HDLFdmx_NtvVO1CK`v<5$GZwFdK5XbYlaZqm~T0-!#cRlJ@R3o= zyGV5xq_l<_*-yzT1I_CycI>c3`Vc02qB?w>fvS6%V;4&3-O7@>UMEphEW@DYM>DMzE6N@kv{lnlF_w}&!u;E>KrvtOJckxzbEL@-w= zdqX%j?UI&gTtk>+4dqGmpKce)0Nr_8*bssrU8Ooz*AU#dnqpGzQ$QRAu{xOAr-DI& zNFAVpBMd!B^>t2W@WJq;+NXl}h=wXe?UU@R9wgOlbUN_oxE$s3`?T}0WE{e=rLDH4 zl=cQ^`R6=JtWa%84a_wJQ{*t!z!WT57IcJT*Dw*hgQhKE+ajOSQubxv(1rxWff?23 zvVZYFJ2j8-JB`svxLmr57lSph zYcofw4Xs#5N&&5EwBjTWw3l=pnlm6zlXoq&`Hnw0N`iE29ls7h6yX>VI-c-ATQVKL z3P3sQq$BG1r3ae(T}ca(um@6IaVymY;ZuR|p4hZG)vZ()q@aCnV);v*OnjOie!>3a z&hnRdpna}qg)T1n^F#27bU`b0aVa>+u)Fkq+E1jK^075Fo2BpdLDnvozQ+UYY|PS| zJ>>N=lBN&&6F z-l<6`UgTji>||r7I#q&P2%Q>w9EcJN9iX}k1+7fcsS^j+DW6#8#C7V#DQLCdPMtW( zR8frPMyylUJ3*E@m!7E#L8^ty9+%A0=ldWVTB<$-#*HyqmcH~Eq;w$56zz{Fh%y@H zlL>kI!#>Es*Z!>lM9x4@+x|@twDWcC>X%?j;;dLTYFEFcAav!XxLutp@*2Djv+ZiT z`cHz)0NXVh3J3$GvueN7wXUF*dD}k{fY@^}&2Im&2U_8}T_cxk2xm3b&$nxkBFLrP zetj@Z9H8Wg+J2xi5fSkB5xF~S`+f-GWR7~91-hw66ox|VG)23n*?1)m?~NlwP9Y0) zQ?Hcv_iYyZ13QoG7pM2t&o8*z1MSpD%i|7|Tnm3Ng2_pnu1(Y;VDadwYpCThpOXHw zO&6?E+TS2*(*^55>@AfH~l(yWZlyaH?Z#Fnb zpYlPr-f{;)!~?`1T}Lgq`ylIJt#5RobO>(@nDDf|!3SAAXuXu|h^{ys$kuNqD4!9q zM7Q-dA*FmOKu2_oM+uFpmM#e>;V2nUT6JfNK#Jm){eguRwK}+cyz;c2ev4Y215q`n z=Cw2@?D7G0T{5j&a3e^YZ`F;hfUsF+l`U$DK&0GfUD9PpO0M@7U4}|&b?=rNI3i)k zAJfsXt7mYOVdt+4DRIm|19Z!^KFC+tE${L`i`p&M_#o>xEwno6d~m|8nU?JKQ570P z^Cy(uf%Y1r`QtvwyS-0UcYMt>MMr6e9NN}8nQ~4E zuiCkTPW&?)f+@=Tf2X>HCXg^sAN*=SiLDUFp3t;VC;{?aPeRi|#~%EZ)WnwpcC^nJ zm-xH~+FxBrd^P})j@#l=cOkQhB$B~2VM@k=Lxo#caWmbo^L6$zv1OOaRCfB1giVLf zp0Mc<(EfUJ!lvT@P=k~V6BA6gmiR!>dE`LsQp<~j*0Fy!t9y|LT3(mXh~Q)*qt?aM zWU9kz!`mzM^G#o5LjszCHGM%r_h|_G^izV1OZo}-t?5=1HGd!_7nh^7x7AJedNM7m zZ2HVRVB)HvOZaFE*HIHy=Ndxo*%?^F-^eZYn4eMkuZ8^aM?L9)1<{|i82|OFB%-SV&)bfX9WUsAVYT~>fNU7di zDea?$O`5TYOdOhH=t;aj=%@T4T#bfJA5`!F%0}HA%HJW!>t4Fb#OpkEyp(eNYA@!F6Q`H4FJ#AQB6PuuVtvP%ii{yId0VFF`Erp)Z3L3dK}X&Gd2jGGC@4o7J# zE^$%V5JC#){Z~OlsKRlI8+3amGNm-fSX@y`nNISw2ALBGVgflP60 z>R94`K7dl$8#PNeE$MVLa&?H7;Ay!!CPJAwg{X5B|3e@XonV&|I|529ccwA%-}{uz zSQ6Vq%HTa$Bb_SVu;DBPgH+@Dl~O?)kyx@DJ5CxQ)pq)fi_scrUu+S7!Ux%UBi%1# zqE5?xHoiM(C=5M~H+i7_b+W|i3PMZpRon(9w#);@e*{pvgdHE!EvoL{JkW~v@gI7i z{guCjhH{xBlyc0H>FW*v8=VJ}wS`@zRf!YF2VFvhWB%FbJeW~hD1Wv`iDH)8=WqyO z0BTDy(;?_vCGyUf9XzTHc03((EcuQ!#e{IyAJx#n5qtG zA<_s`8gz;!%BVh}cdm}O&ay(xncm){l?!OfGADcLU>yUqD!ifn2rc;0e%VJG@`9v8B!vgsY{RPFqP8& zU`1SlskV;#8ogpn))9ic$i!b!qt!{6P)h6@IB_vqTt;bUp5qcbLP~8teqjj0z%-+d zOXg2XB*mQf=P8KRQQx7K8f3|UQbB4dCRw_$qxc}7Aa!GpNtPafrg`z++7Mhiy?1=C z2ij@L_;~I>8;6mTCG7Y`=v@TvHd=i-q;X;$T+yT8sk35 zRopNDQ1yug%f%IcE~E&u4}!a5K>BAQ%Ce1kJ5_F z4SA2!{$gZ&lpxYANqJOePe_Rk9~{fFhWMnz#E?wGH zid&*O8?qi~IcZ${A7o09!SQ5W*$t_X5>+p??)Y&YrMcvWq)$l?)X+sxK2?cRRjQ<8 z0(L}vPJ6>jpOTgsKiZ?TcV7)F0!sW9GIMn!9wk=1Dx}k+w1XrK%R>-+JJP;qD zSN665#7=}W+|cTQmi#ufgdhx2&9k971f>S5G7~D)bq@XFJgOqq3hw>2p^b!xW{4vfEVYy=^Fw2f}L<(9%vNXj)5Xterg2o_A z(?ItD^aH=6t?{CZVkcjH?xo+n;Py9u@S7j|>OCjE>eV~$>V4~RpM2<%m3!{l^7RLA zeDk+1xazMRy&w7IoiDm#{cnEr^>dF~^XKNPPPk^j!QaI%!~RfBUVYm*0Qug7@CN;*#m{4_v-+@S@v3z4BiZ&w9tR7hE>*x4-=4 zPiHRv^T{u}^^3oon!H)QLoSY6zGKq+k~e{4XBMC0OXN;HeRR`?^`jd$dtV#3_S8dv ziQMXSr{GKEoczUdmJm8au?EHV;R7(78x62argn^UDNnl+1X>ZO-_%`T!79sdR5?`EFi!6)%n-RlMk(bHAqVCI2tJrf;Cwr(e^TeeSx=Yw{Ry9^=oi znHt}{J739f+O=!ezPL|fEdE1`gl$6k?l`9lnNPOOXK#PqR~{Jo{B6%~IrHbM{`%M> z_m6D+<%b?P_XF80K0A8D=uf(PH_SE+KlH%> zbn;!6vQ93?E%Wz3#g9neq(A>tZACnw^iQsM`2F3p(EaQbFw?8(R_OTCu>{{89DaZG zEXE7h6!M*g-~ZloaURcE0DgSQD`IU_N|)KW=&W0X`u~UX#01e!(TUeNSwh-+?Xoqx)j}Y@aw&%{@zje)B&%C0oF!|l4Z~kHD{-wXT z<;%+Jgu4dtY<-FU;)&{Ut6w{PbmMC-O+I?$)%hE5n{EBco;$7^yCL_o@5X-j{+q7* b?VBEt-}38y|NKPvXSXhXIe6`RrqBAn;}3a< diff --git a/SecurityTests/clxutils/certcrl/testSubjects/netFetch/ghoo.cer b/SecurityTests/clxutils/certcrl/testSubjects/netFetch/ghoo.cer deleted file mode 100644 index 6d15d25fb4fb57eec55ce85d94be36d5de950c80..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1134 zcmXqLV#zXSV!ph9nTe5!iAida0WTY;R+~rLcV0$DR#pasEJJPsPB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzIna?}Ee&@b)xRHBbi0F$>Fhd4@PE z02L?zg%zB05{ru!j1_znGjkN29S!8fc@2yVER75d&5ex>4WfWtQv+iopqQb#p=p#s zF*V%6YrqY0CrfCsv%8_Zfh@#nVj-@so;#|Q zj{l{W%&OK24Owd&d+OSXq!Sm;w4}-=-@K!0GxgTZhYyV2exA zK@*dJ0UyvKviyvU|5;d=nb-~($b0- zb6GwXF%}Wdb!n_U{>HZI?B99oetmXwo02UHj%is17JdUzkZ~roc`&9jF>-SnG{P60)?s*wRO!hs|(%7G*} z(t)%w5Q8EfB;=@Sl$>7*R1a1HVS@D}=K}>nDGjI!k=B5!lR@Ia28~-lPLXG6Tw~C< z(x7qKg2u%Q8W*%R&K*cs*(awKm1L%6CMTAp7NwTu1L@5CyqwJ966>VQyu_kP15J>t zRauk_6xg`5*%(!LJYO`t~a|-5IWiN{=ehvli$ef zn-w!ZXXf?ip~eAbY^$QKY-3VMqNGt diff --git a/SecurityTests/clxutils/certcrl/testSubjects/netFetch/net.scr b/SecurityTests/clxutils/certcrl/testSubjects/netFetch/net.scr deleted file mode 100644 index d243b210..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/netFetch/net.scr +++ /dev/null @@ -1,80 +0,0 @@ -# test variations of {cert,net}fetchEnable -globals -allowUnverified = false -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -end -# -# everthing supplied locally, but the CRLs might be out of date -# Enable net-based refresh -# -test = test1 -echo Everything supplied explicitly, enabling CRL refresh -crlNetFetchEnable = true -cert = ghoo.cer -cert = JITC_Class3Mail_CA.crt -root = JITC_Class3_root_CA.cer -verifyTime = 20030601000000 -crlDb = c3MailCaCrl.db -end -# -# We have local CRLs; ensure we can get everything locally -# -test = test2 -echo Everything supplied explicitly, disable net access -crlNetFetchEnable = false -cert = ghoo.cer -cert = JITC_Class3Mail_CA.crt -root = JITC_Class3_root_CA.cer -crlDb = c3MailCaCrl.db -end -# -# get intermediate cert from net -# -test = test3 -echo force intermediate cert fetch from net -certNetFetchEnable = true -cert = ghoo.cer -# cert = JITC_Class3Mail_CA.crt -root = JITC_Class3_root_CA.cer -crlDb = c3MailCaCrl.db -end -# -# get CRLs from net -# -test = test4 -echo force CRL fetch from net -certNetFetchEnable = true -crlNetFetchEnable = true -cert = ghoo.cer -cert = JITC_Class3Mail_CA.crt -root = JITC_Class3_root_CA.cer -#crlDb = c3MailCaCrl.db -end -# -# get everything except anchor from net -# -test = test5 -echo Everything except leaf and anchor from net -certNetFetchEnable = true -crlNetFetchEnable = true -cert = ghoo.cer -#cert = JITC_Class3Mail_CA.crt -root = JITC_Class3_root_CA.cer -#crlDb = c3MailCaCrl.db -end -# -# get everything from net -# -test = test6 -echo Everything from net -certNetFetchEnable = true -crlNetFetchEnable = true -cert = ghoo.cer -#cert = JITC_Class3Mail_CA.crt -#root = JITC_Class3_root_CA.cer -#crlDb = c3MailCaCrl.db -error = CSSMERR_TP_INVALID_ANCHOR_CERT -end - diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/amazon_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/amazon_v3.100.cer deleted file mode 100644 index b62626c195503689b57319f83763e4c1148e34d4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1274 zcmXqLV)V=Ai&BA95m2v!v!jBpg1eD{ zoH(zcfq}W9sR0;70lCINu8EPcsimo9ltDVGw}cG@LFRJ^bA=}sXJqE3m*nRe3K;N# z1ldK{gHsbrN^(*SB@DzsB3vT;j=70d`CwN&)Q1zd?Q>Lvj&6W;G(9^42 zQ=_-I@m{a_&v$wLO~;=Iv4pM<&z#cpUN4|3H<&*6XQjLCdRYi zSe6xLVKQJa;0F3qmY;=%nTd6Qfh&k3&thj_V_>zwVu4wk2`IvV@f92v1POdycO%{8 zq8!x7gUh-b=>a7TTtLPsu-F=a5(0NZn+Idt4_8KZab^Q80}VC~Z8l(fV`pL%lfjo9 zz==#&l|{@z1g3?V5zb;VkOx_!%mR$329c%jxdqQ1aAaQWl{&#=lgxu~-CB2pGMHjU zMwTpt3dKt_^n6r1%Zfo_hI$~QP_r>}6C)$T3emq`cSUu~_;YVYK( zD1W8mn(w@AZ^X|^Y@heD`RPl`uKv3=iPsOj{#a!4#NYn8vBOHw`7RrJ_Zx34o4Pna zvA>^3E}dG)u6`!^e#(ofsoLM>3HrtJNivo#G%#Ze z`pEg<{FOp6-iBR5YV#(0%fvVP=v>IOK04Fzh)=)zKF?We6z#lXA4*)dbV*_nyLINq tTicFH%O0=Ge=WTJV{Y9gCJ$2^{aFjX?g@Rhq`K=~5_j>O2uB&6KmdRaqpbh{ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/amazon_v3.101.cer b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/amazon_v3.101.cer deleted file mode 100644 index 039c7cee794c5357472bf58c309238fde1b756cd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1584 zcmXqLV$(5bVx78xnTe5!Ng&Vv*XEk4do4FA$rANS`U!R&ZYAjdi6Ibu5xWUa(;_Qy}PJ_M$?82p#$q;*sp(!JaalJEXLRKzgoxY zkU%SauUmXG9(5M&{PR7-=7_vy)oJm@&pd1S?<6Kk3vjc@X-X8vC7pJ@x6g1_A(Nz^ z+RDINJt>*Y_vZYq{ac;5=TA#bN6ePP)o|cXfl=sVgh07u5bVsM`PIu4JIL!mfYI&oA`bkp8t{m3FhTpCT2zk z#>GucD-D{MmKvC_acHvv(=P71eLU;+WU9cZIGi>`sTf#w4B1*&bzPzNU$<)FA%zaTl$SU25B4=7>42hzn4 zaytt!v$GlG!fa&ZVM#QIUl_X}+91*(+#pnp6PQKQQ}xp`(+m_1nWR`m z`k!8wYFpFWmwotrL)H}!37u+5Jp)xSnDsgN>G`PkmlcD>KqhH|tQTZaGEi6|XCPxJ zWgr0*048riaH=+Tb~G|DvCuWtH8lcfU|BvEF&2@f@3{rf9dKk`?3FsfW0TB-aNSyW zgU06|qm)@1?;AAUS=e}dN#l{>P%t$K)ZYBZetw1Ac7e+D-^)8qjv;4fVCl=;*vODv zqHi0#N`LwrHNiBge;@BTs!Lv~zj09J=Oc?SEBOiQERQObuKtmun=Y?;Nb$NzN3!>Z z+3Lv?e|%WXsIu*M|6^Mw?);E{SI*qN*1ErDs$5)>;K7@mbDVZ=y0S`lhLv){nMJcc i=Dj%IcTvhFPV(sW*`^zqlvSRx?zr0V_`$E8U*Z9tfd`oY diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/apple_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/apple_v3.100.cer deleted file mode 100644 index 9fec8a21cbed06e88bc03e781a609afaa5955e5c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1746 zcmaJ>Yfuws6wPinfrLkdgrEYlzGy&5z6}J3f-M0o6bfo2(m*L8E@5TejY$BlIMvwV z1GUvM;3&3OtB#dAeV~X)p-`x{$iv6bDWg@;`oPu)qf(35T@c5}O!wE`bMHOhz31Dr zz|QXgcHZ$SE)2o&B(I!-%#C+O+M^%6ej*?H@hWiR3xY}#N*=pG5RbwmypfPl|U zL-=AiO^bO0FE$X0-F3Ky&=Mvp7)_*%a?Bt2u?ZKkbUcABu@qQsXbNsCqAmH@JfI#c zP%gnOE37D;ixyaM)L=vNY&NrXu0l~%R3tBCSgj1J+(@rbSj+}gW()-3SR@E%o4I1e z3-(yjV6~#5X#6T0PA$Wip*jOeEHl^$nnJbOWK{cREE*dFrg^(z0E8>U!04lALM0Q1 zDnnIjm0Az%kUu5{9(CA|b{UmimJ^7101=zyiJfBsGq_5vbkxutxUzW<2~Vv8SlHXlc*p&o>Ahz5^GBZ&duml~; zq*5e7;i%R|TW~a&%63uw|vw(OUt{oC_7+eV3A&9fP zu%%>sK=m0-)3wyrgcvw$$BeuB(mQ`|y~Vo^|NFCVd*G=S(kV5vZfbe>?xk_F@8xwr zet6lbFDg5fR~YxM=0N4(RsC0usaYouS4)2xPASW4sBGIZ>+T`=J<$`d+ZR4va4x&` zSJ!~b8%W&eQ3q2h1~we_6g90Mgqt3kzAa0%`jF4gqY~98!5Y8TwPD%2(uO*#Uc1?< zY5T1|S~XY`dMsnHF7X@Lt@}TPbBkIo2#JcGkk07L0YUKs%aPj4;5@GEX_3gf$~GSd zN4Q}w3)jRq_b2tPUKme(c~Y$iyE)%y{=RG5d!MFfw54AB(7N=}#_HX3m952lFSIWT zo(FRw4z%A6=KwpL1xQA7KMw>4M!T3Q$`5%(O}p4wV4eVa;--lhWt@ObxEt1*eqsa$ zoKgSzxg%0U0t>an55U`gl_U2X()$n9HEmlv7r3yMA_U>WyecrC4g8S^paP*)Se2qA zgf$`K!FXLFWg|n37Shp*W4MxWlAOtbIJO@}q5&Qdx4o*5rP9K%N|JKxb~WPDLiRIe)U7^WX=d87N* znJ0=r7*I6ycU`%@EANrg^vp!Ir&XYp&&Vr|tVQ;`gK+*~wn-kH2q8$PMYc709i{m}Da2=4d=jZo z+caG5TeEeuVQ=lC{90XEbK}l4%MW@C^!Qv!Zz`u3pY5y999eU^wqvN-xhkr7b&4$c iJN1^yP1{BqyKK?2-W$zoSy)@Rd-T&7j!<|M()|b5dP%+j diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/apple_v3.101.cer b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/apple_v3.101.cer deleted file mode 100644 index 78e8174fd34066eeb7414c3a8d85f441d9648982..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1570 zcmXqLVv{pyVr5&v%*4pVB%tGQcQWtS$iAO8GefEp-Z~rbvTc;+SR8Oj^Tf+VMECvRlUUGh}eo;Z90x)EN4zw^ZgZNe-!?&&# zC8>ESz@Q0B%*jlFcrrNHMpy1v}#`z2_Oq z#J8{0TD3xZk+ijda=h@yyBs}!BDb0wA8+k>obgsA{ao0#HM5JSx!msR*?jFo;pD#C zg&|(AizBo83j%eR=TEy)P*eCd6#Gax(9F~6;l&x6t(mSui_VH#z)t+Ka4?d$xwzsyGuc90pBHEZ_ty%f}+dBI4(KLbmL^d2p5gr-=M1pDi9;-Fx3a2p9>n z!inupo9S*$aa2^i&%iUm(4(s zjWeOmgR$+06C)#3C>Q1yMjn<#gZPE93!)7o4Z;mV#W;Z(Bt2C>Ju}Tf(LmmSosCtS zkC{n|MWp}fWvR9`y?xn-&o^XU@sQA|meey)6;p;fEhj%cAJs`^#b7azNtz%R39={| zC@hgPkTH}pkN^q*^Qj;>dm1}C8X1^a=o;#pSQyBIlq$1G7>G59)L%|re(3I--5(4% zKRa9gVp?x(XbcP-XfOgjV`!jnpbO(0Ft#b8hf{uXaRG{}3`{`gtFq`CXv0H=g^`U5 z5pIm=P={X&tE*3Vh)A8Nmi_aMYrfgSOPs}pY12vrP4>?;2uzPz(}`=4x3KDeniI!X1qoxl|Uz?lz3 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/cduniverse_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/cduniverse_v3.100.cer deleted file mode 100644 index 7f4673521e12b4c34ec0d21b8040b3a4f0ce1bf4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1344 zcmXqLVzn`7Vo_PZ%*4pVB%pn`;CCnF=T9g@_nVzSk;F*`KXDDwV3zFa#7K2GBgcOw) zmnit9mXzlgWgA)>SV9ySg`^hc7AxeZDU=qcDkPRDWR#Q?6kF-*mzS68l>tpH2AZmu zoS&;-RFJ5kk*sN8YN%zP0n*GYtOz&VIVZ8WSix8!I5oMnC>2N*0re_4I~vG|^BR~L z8XB1!fI*Zvuc3i~p@FH9v8ko0WfX>&L=1#LW^)L0JLl)+r6!kTCYP2NLPgm{xWf~3 zax(MM)AEZ_V4_?i+|Divp?R4=D~nSNc@4P1UK3&Qb2KnCG&V4VaJA5VipPi229jVO ziU@%eC8v}^4F?5;LF0VncwuB^U~cRM#!V+vVG=J2|70Q!bGo4KG918x_BgCGPcZKc9wSr z%LgakbI(>xI{KZ7nUR5UaTDVugC@pv;G`le%)(^A01gvbeijyHCe{T8Emu(=0m^qnHf7Bn3{WvZ^d%1|l#m%#3grlYu> zD9RDx0`j~rNIE&S$RHPH2qOxzejPPL?-fvT7?)CoEH>G`NOmlcD>KqjFU2Fy*2 zj0`!e-vmspW=cJ|D|0%RR7v*RSBEOZHos6v*LUguA9 z8x&7g1~^UGTDvvCY?+kIq@Lha%Qu}pDe$7l?@v|d+>+PaTe;K28ZTdavH8ZW&pcnV zPUXL3ays*Jk>fh$OH;2YGwiv$(f>T-!c5EgJ@xOGONFXQd^eD@Sr%Cn{BBLy$_*yY zMiUNBeE#&zqJ_5SFLG;cXng9`BY#$H;|}Xz*E*gtN!%^|m+E5sNpK76Ip-u67b_Sm z1e7M_WF{*F6lLZn7F8-ZrxulDre!84mSpDVDL9svWaJlRmQ)(ZiSrtm8W zj4z8zn{u;QCqhzb$H_lcmJ_tfi)v);zTXIayx!?_y8+Xk=rsk;cDQWOHhn$$k~nMK zX}4=J!3&H6=a!^I{N$O%@G8#5Go|RuS%F8bTt7|TZSF{0xpYa?1-=>e5xm+#yW3XQ z>HXT|QPX={H=eO{Q7@Zy_m)KVllzor{*b=7H9U>Q*YwN8!f9J)a;VOpe!}Xr!p6Jv zX7G3=Z(nw91LL_Lle0eaj6a# z_&{3tL5^Vo<_|UlK{if^?M{r0P$5l_5!Sr7pQDabrZ|EX#wu;4SnHdLEyYKz+Pg?aXX;FU?A-m%{m!}P zJNKLm1(^m4#Df+oj^Vge_S06Vk_Bizb3M0J80P0Eflg8h17y-dLZ-%zd1M>}B2cKq z3vG;x=2Rj)S+b9K+X< zkuY2&O4Y$*#5{T_Z3QnE0YeUq2~)ugGF1;D3DcmyEKEg`2$EwEx?7*lECNmzgUQuF zMz)6KTr?;%Qx>+;#?WLCoG9-3tK}va<)SIZ_P>NA!fB6$JWBz1iCN0nkti|*29HV! zQEGM6sA^rU6$)6~ll8>>BvJvJC_#1wE?}6XFUojv*EH#yLup0ZUW`EL*SagM=#jv9_@cGO2AWkPa!5l&B~CjS7slV(jQzRCq)Pyo1zw;GM)308OpL@vgj2{#6y&0OKeNDC(^?6wKGyuD9$?G11Z)t9WubOe`O&5*I?eb zEQonR#~fM8UOVoInr}=w#2?3YI-TQ;(bzPH+G(bk3m^n64FQP0WSK&{+Jbp*IdPmo zI10_=STr2dgo_8-QL0aeGZ;dPfZefZF-`GwB|xtRZ=r!9w_twZt546C!pNB^o}p-9;>|o=L)&6z>T4o^4ItsuJ75gvo{jsx5V$r z5t{ZJUcb@xi}NE{gf;WK=Isl;H+`m~Eg0MAZB8p+a_877e{wojACO)Ua)>g1sbaXa5<;jP*mo?vj01 zOLM%%^(Xf||4bg{8C6MUiz>lxmC^~hGu z?Q# diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/certum_v3.101.cer b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/certum_v3.101.cer deleted file mode 100644 index ef36759a27a5cdc087a1a034e8a40cda860e3d0f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1081 zcmXqLVlg#nVwPRN%*4pV#LQ9^V!+GBsnzDu_MMlJk(HIfz|N4{fRl|ml!Z;0DZs~2 z+CUP-;Sv@K&C9GxEy-61F3?k`QpnfK*E19{5CBOs3v)WB7L}CdDmXhD$cghBSQ;1` z7#kXyni!cziSrtnAaM=KQO#E}P=J^(2{S(=H8~?MKPNvuGqqSDSkF<B5OBoQtW6k&)qv7({niU%H=LLT^3mp7I}Y}w9ol_ zOaC2n{O(^6{`aU}np?s;xyfRG8T$kHGL3J&nsV9oXyEM^(-%7KRsVg)+2EPV4J)2v!?ZV zfyLOs&_JJ!1;}JD0Hq@iZ8l&sXJ=v*lLYB525K)aFGteu91x70On_Mem`oTMJT+bZ zT~wU$i9ya$ZsXJCuat_}x3C)B@pO2nf9}Bbl&h;UuIazI^hG+W==!!Bvo>73#W>~o z)i@K*z08OH&u@NRYjpMa<=LO!pJ*~zym+;7xlF|5q{Q3v4b%?Z{;d>wfl2w)7asGN zk3XDQU(bFW?ILY>;la#@_a9sid#e(ea*JW>|7|<^KdUa9;(GDwm#YQ=k&27v?LHy( zHezi=oPFe19+oWcR}YT2c`dV-<0)~p5^CDxnz8s!GM>IQ>)FR?K>|cBP%O|ft?|@0Vf-CC<~h~Q-F`5 zw1Fgu!zC;fnwMFXT9U62T%e~=rI4?euV*M^AOMnN7UpzLEh;I^Rd9ARkQ3)MFfuSR zG&D3YF*CM|66ZBCN8(a!eiNe-vXdEE8JL?G`5Azo;$muIWMnwE@u1#i|C+O^=Opa> zkM!g>WEG!?4*W6u(w*H5F&h{BDP?}w_@U#Sa?s0XqQ<>zbUBZf{nWN>=zKEWd&1Hc z6+eodtCu8hxDj#YVNP1zoX?zbp~)>*SG@ncQO_V_^AVdHYw~($MosWDxnnk~zp*1= zd+szR&d=AUHuE}qZ^+92@rS=IX@2^Vw`%bMYWy7jAC`n`oa^85*7aN7JJr}#d6xU0 zOxC~YzM$y!uVvBePX*gQ;yX4iOfc{J%e0khH|nPbzvXJ}*yXRe)Tt+K+n-hihE*Bd z3#D2a=NxfMZtB>kwDH})Rc?`W=S_94Zo3ux-NRTUWZUbT`RC4dTw5)DYnrueBq&lD z7YiE*8t?<-Mpl@S@jnZz0W*+74mMy+1A~o`VMp(|_s>OkoqxB%Wm3)-OS?rad24ql zmS4J3-qij~!Ljk(qaT9XlP`*!?~^Q3kztYYd2PEYJzw|A*?*~q1xKZqF>&omsLqWz zG|Tf}vJrRoW2*yeR$Fg)ahWr)N1*wb$%CWX52Uswh^XfnmG|t~R5auK*)#S#PpCMF zTnqp6OwD}4GV?`03C1d#AN85K^Mn+av27|_} zhTI06Y|No7Y{E>T!G_`nq96{JFke_|QD$&vdY+DgXI`?Np}c`CNP=5f3?`uvQdC-8 zqTrWWQl4LwZD?&^2~l7al3J8otdO6kP+FX-kXWLSQBqP+Y^ASXUS6(O1~j!8XsTXv zey)B|L85|2vZjHhp}v7GNHepr8r*c}oW$Z{1!INa)a25lR3KFZ)T`j^sGzIhZe$=Q z&TD93Xk=sn0Z~A%A&_fqWNd0_Y8hpagX%3_18$J{9KtOA8JYQpLIwgLF1rY)b53em zYEEKailLwZKS+#Agu^?vQo$)PFWZpEfD0tVEyC;^>})7$AP(X&iwGnpC+C;ul@#k` zr&fYIV$e7rIb0c88JHV;fnnRp)Y!O;1f$=ihin1#uJ0URQ-{46ZYOsoqGT!CJbm1nUturaV&V6nig z%>)!{z(@-Y3xdReuDg+La#0Ry48mpIjr4$$1}-3D6j*ExK&gQ{q0NJ_?T0HPyEwCf zmVpKvhc+89(Xlfzipk(h6X294tI8r~AOh3E%m`;O8OVbyQD%`a5Ni-w`kq_x+yO`C z#a^isJT}QZ2-mH3Hz`kBxa}wG72>>GdD3ZGL$fR z)auQ9c=e})(d)M}*PmO&rdzvqmCwc94>r53oOpZ6|6AJ~YB*o+oOW-XD;^dxwgX8xR<~Ej^e#`{`I~kk&E*bP0Tj`oyU6o4y#eYOqq{ae|AkYVNN}ga_fBQ zuWKyV9yu4yEBY{5Vc*pi^QN|G9_nma&p3C(MW)xkKCRKd%NBn7koxYWOVl!xvd$!n zzvAXC>xp<6<(^%FV_kYSFHE6S?r2eMgLxjM7ZCx4ONN^LXfC zeLQ(%^o_=kMyl#Z#op%@vDR)i+*se6ww+i0PI;+pi}3w|DQgcl@Xy|B8u(z{gPE7# N9Wa?PvFy_E?*Lmur;Pvr diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/keybank_v3.101.cer b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/keybank_v3.101.cer deleted file mode 100644 index 039c7cee794c5357472bf58c309238fde1b756cd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1584 zcmXqLV$(5bVx78xnTe5!Ng&Vv*XEk4do4FA$rANS`U!R&ZYAjdi6Ibu5xWUa(;_Qy}PJ_M$?82p#$q;*sp(!JaalJEXLRKzgoxY zkU%SauUmXG9(5M&{PR7-=7_vy)oJm@&pd1S?<6Kk3vjc@X-X8vC7pJ@x6g1_A(Nz^ z+RDINJt>*Y_vZYq{ac;5=TA#bN6ePP)o|cXfl=sVgh07u5bVsM`PIu4JIL!mfYI&oA`bkp8t{m3FhTpCT2zk z#>GucD-D{MmKvC_acHvv(=P71eLU;+WU9cZIGi>`sTf#w4B1*&bzPzNU$<)FA%zaTl$SU25B4=7>42hzn4 zaytt!v$GlG!fa&ZVM#QIUl_X}+91*(+#pnp6PQKQQ}xp`(+m_1nWR`m z`k!8wYFpFWmwotrL)H}!37u+5Jp)xSnDsgN>G`PkmlcD>KqhH|tQTZaGEi6|XCPxJ zWgr0*048riaH=+Tb~G|DvCuWtH8lcfU|BvEF&2@f@3{rf9dKk`?3FsfW0TB-aNSyW zgU06|qm)@1?;AAUS=e}dN#l{>P%t$K)ZYBZetw1Ac7e+D-^)8qjv;4fVCl=;*vODv zqHi0#N`LwrHNiBge;@BTs!Lv~zj09J=Oc?SEBOiQERQObuKtmun=Y?;Nb$NzN3!>Z z+3Lv?e|%WXsIu*M|6^Mw?);E{SI*qN*1ErDs$5)>;K7@mbDVZ=y0S`lhLv){nMJcc i=Dj%IcTvhFPV(sW*`^zqlvSRx?zr0V_`$E8U*Z9tfd`oY diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/keybank_v3.102.cer b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/keybank_v3.102.cer deleted file mode 100644 index 642b24a6ea071acc21607ae6211338962062ccfb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 774 zcmXqLVrDXEV#;O`sJ;1*{rn2K?E;nQzn6EK95di$xRnxarzoT`wYms4pdZy*cND+be|5K>fHT%zEYT2h{0lx-j< z&TDC5U}|V#00vRwyhauV76yh!#-^60mQlmPkB#$@V~&xPfw{347<-*ejg1Uv;w}ot z#$;YteR*e=&rJEq83uh~tqN|r?)Fz&6bDMk@49(;j>dR6MxK>mFe`4NoQhaWMD*g9x!1s1Kkzqdv;&U=^2u9L^m;7 zR_OWirxz5=JSGq|Wl6AaNUrvJ-dKn3l*`xO-3v>c6u<0&m*J8)R@J%8;|tTpRn=A`$9B8M&46fU30ng67aZS$_kaJ5Q? VZ$Ee!85?L^SrxHh?%d3Ye*uNI2VwvK diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/ocspssl.scr b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/ocspssl.scr deleted file mode 100644 index b5aa5ba0..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/ocspssl.scr +++ /dev/null @@ -1,137 +0,0 @@ -# -# OCSP verfication of certs obtained from SSL sites -# -globals -certNetFetchEnable = false -useSystemAnchors = true -allowUnverified = true -# alternate these two on successful runs, flip either one for failure -requireOcspIfPresent = false -requireOcspForAll = false -cacheDisable = false -end -### -### all these (until further notice) do OCSP via ocsp.verisign.com -### -echo "=================================" -test = "www.amazon.com" -revokePolicy = ocsp -cert = amazon_v3.100.cer -cert = amazon_v3.101.cer -sslHost = www.amazon.com -requireOcspIfPresent = true -end -echo "=================================" -test = "www.cduniverse.com" -revokePolicy = ocsp -cert = cduniverse_v3.100.cer -cert = cduniverse_v3.101.cer -sslHost = www.cduniverse.com -requireOcspForAll = false -end -echo "=================================" -test = "store.apple.com, allowing unverified" -revokePolicy = ocsp -# leaf has ocsp accessMethod in AIA, intermediate doesn't -requireOcspIfPresent = true -cert = apple_v3.100.cer -cert = apple_v3.101.cer -sslHost = store.apple.com -certerror = 1:APPLETP_OCSP_UNAVAILABLE -end -echo "=================================" -test = "store.apple.com, require OCSP if present" -revokePolicy = ocsp -# leaf has ocsp accessMethod in AIA, intermediate doesn't -requireOcspIfPresent = true -cert = apple_v3.100.cer -cert = apple_v3.101.cer -sslHost = store.apple.com -certerror = 1:APPLETP_OCSP_UNAVAILABLE -end -echo "=================================" -test = "store.apple.com, require OCSP for all, fail" -revokePolicy = ocsp -# leaf has ocsp accessMethod in AIA, intermediate doesn't -requireOcspForAll = true -cert = apple_v3.100.cer -cert = apple_v3.101.cer -sslHost = store.apple.com -certerror = 1:APPLETP_OCSP_UNAVAILABLE -error = APPLETP_OCSP_UNAVAILABLE -end -echo "=================================" -test = "store.apple.com, require OCSP if present, disable net, fail" -revokePolicy = ocsp -# leaf has ocsp accessMethod in AIA, intermediate doesn't -requireOcspIfPresent = true -ocspNetFetchDisable = true -cacheDisable = true -cert = apple_v3.100.cer -cert = apple_v3.101.cer -sslHost = store.apple.com -certerror = 1:APPLETP_OCSP_UNAVAILABLE -error = APPLETP_OCSP_UNAVAILABLE -end -echo "=================================" -test = "www.verisign.com" -revokePolicy = ocsp -# leaf has ocsp accessMethod in AIA, 2nd intermediate doesn't -cert = verisign_v3.100.cer -cert = verisign_v3.101.cer -cert = verisign_v3.102.cer -sslHost = www.verisign.com -certerror = 2:APPLETP_OCSP_UNAVAILABLE -end -echo "=================================" -test = "accounts.key.com" -revokePolicy = ocsp -# leaf has ocsp accessMethod in AIA, intermediate doesn't -cert = keybank_v3.100.cer -cert = keybank_v3.101.cer -# -# This one is the root, which SSL server sent us. -# Leave it in for variety. -# -cert = keybank_v3.102.cer -sslHost = accounts.key.com -certerror = 1:APPLETP_OCSP_UNAVAILABLE -end -echo "=================================" -test = "secure.authorize.net" -revokePolicy = ocsp -# This started working on 10/19/07. -# The intermedaite has had an AIA for a while - maybe the URL it -# pointed to just didn't work before today? -# OLD COMMENT -- leaf has ocsp accessMethod in AIA, intermediate doesn't -cert = secauth_v3.100.cer -cert = secauth_v3.101.cer -sslHost = secure.authorize.net -# deleted 10/19/07 certerror = 1:APPLETP_OCSP_UNAVAILABLE -end -### -### OCSP via ocsp.thawte.com -### -# proteron deleted -# -# misc. others -# -echo "=================================" -test = "www.wellsfargo.com" -revokePolicy = ocsp -requireOcspIfPresent = true -cert = wellsfargo_v3.100.cer -cert = wellsfargo_v3.101.cer -sslHost = www.wellsfargo.com -end -echo "=================================" -test = "www.certum.pl" -revokePolicy = ocsp -requireOcspIfPresent = true -cert = certum_v3.100.cer -cert = certum_v3.101.cer -sslHost = www.certum.pl -# this, because we don't have the root, instead of APPLETP_OCSP_BAD_RESPONSE -# which Radar 4158052 causes -error = TP_NOT_TRUSTED -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/ocspsslNew.scr b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/ocspsslNew.scr deleted file mode 100644 index ed8a5f95..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/ocspsslNew.scr +++ /dev/null @@ -1,144 +0,0 @@ -# -# OCSP verfication of certs obtained from SSL sites -# -globals -certNetFetchEnable = false -useSystemAnchors = true -# alternate these two on successful runs, flip either one for failure -allowUnverified = true -requireOcspIfPresent = false -cacheDisable = false -end -### -### all these (until further notice) do OCSP via ocsp.verisign.com -### -echo "=================================" -test = "www.amazon.com" -revokePolicy = ocsp -cert = amazon_v3.100.cer -sslHost = www.amazon.com -requireOcspIfPresent = true -end -echo "=================================" -test = "www.cduniverse.com" -revokePolicy = ocsp -cert = cduniverse_v3.000.cer -sslHost = www.cduniverse.com -allowUnverified = false -end -echo "=================================" -test = "store.apple.com, allowing unverified" -revokePolicy = ocsp -# leaf has ocsp accessMethod in AIA, intermediate doesn't -allowUnverified = true -cert = apple_v3.000.cer -cert = apple_v3.001.cer -sslHost = store.apple.com -certerror = 1:APPLETP_OCSP_UNAVAILABLE -end -echo "=================================" -test = "store.apple.com, require OCSP if present" -revokePolicy = ocsp -# leaf has ocsp accessMethod in AIA, intermediate doesn't -requireOcspIfPresent = true -cert = apple_v3.000.cer -cert = apple_v3.001.cer -sslHost = store.apple.com -certerror = 1:APPLETP_OCSP_UNAVAILABLE -end -echo "=================================" -test = "store.apple.com, require OCSP for all, fail" -revokePolicy = ocsp -# leaf has ocsp accessMethod in AIA, intermediate doesn't -allowUnverified = false -cert = apple_v3.000.cer -cert = apple_v3.001.cer -sslHost = store.apple.com -certerror = 1:APPLETP_OCSP_UNAVAILABLE -error = APPLETP_OCSP_UNAVAILABLE -end -echo "=================================" -test = "store.apple.com, require OCSP if present, disable net, fail" -revokePolicy = ocsp -# leaf has ocsp accessMethod in AIA, intermediate doesn't -requireOcspIfPresent = true -ocspNetFetchDisable = true -cacheDisable = true -cert = apple_v3.000.cer -cert = apple_v3.001.cer -sslHost = store.apple.com -certerror = 1:APPLETP_OCSP_UNAVAILABLE -error = APPLETP_OCSP_UNAVAILABLE -end -echo "=================================" -test = "www.verisign.com" -revokePolicy = ocsp -# leaf has ocsp accessMethod in AIA, intermediate doesn't -allowUnverified = true -cert = verisign_v3.100.cer -cert = verisign_v3.101.cer -# -# This one is the root, which SSL server sent us. -# Leave it in for variety. -# -cert = verisign_v3.102.cer -sslHost = www.verisign.com -certerror = 1:APPLETP_OCSP_UNAVAILABLE -end -echo "=================================" -test = "accounts2.keybank.com" -revokePolicy = ocsp -# leaf has ocsp accessMethod in AIA, intermediate doesn't -allowUnverified = true -cert = keybank_v3.100.cer -cert = keybank_v3.101.cer -# -# This one is the root, which SSL server sent us. -# Leave it in for variety. -# -cert = keybank_v3.102.cer -sslHost = accounts2.keybank.com -certerror = 1:APPLETP_OCSP_UNAVAILABLE -end -echo "=================================" -test = "secure.authorize.net" -revokePolicy = ocsp -# leaf has ocsp accessMethod in AIA, intermediate doesn't -allowUnverified = true -cert = secauth_v3.100.cer -cert = secauth_v3.101.cer -sslHost = secure.authorize.net -certerror = 1:APPLETP_OCSP_UNAVAILABLE -end -### -### OCSP via ocsp.thawte.com -### -echo "=================================" -test = "www.proteron.com" -revokePolicy = ocsp -requireOcspIfPresent = true -cert = proteron_v3.100.cer -sslHost = www.proteron.com -end -# -# misc. others -# -echo "=================================" -test = "www.wellsfargo.com" -revokePolicy = ocsp -requireOcspIfPresent = true -cert = wellsfargo_v3.100.cer -cert = wellsfargo_v3.101.cer -sslHost = www.wellsfargo.com -end -echo "=================================" -test = "www.certum.pl" -revokePolicy = ocsp -requireOcspIfPresent = true -cert = certum_v3.100.cer -cert = certum_v3.101.cer -sslHost = www.certum.pl -# this, because we don't have the root, instead of APPLETP_OCSP_BAD_RESPONSE -# which Radar 4158052 causes -error = TP_NOT_TRUSTED -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/one.scr b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/one.scr deleted file mode 100644 index 9f8ca7dc..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/one.scr +++ /dev/null @@ -1,19 +0,0 @@ -# one OCSP transaction test using amazon's verisign cert -# -globals -certNetFetchEnable = false -useSystemAnchors = true -# alternate these two on successful runs, flip either one for failure -allowUnverified = true -requireOcspIfPresent = false -cacheDisable = false -end -test = "secure.authorize.net" -revokePolicy = ocsp -# leaf has ocsp accessMethod in AIA, intermediate doesn't -allowUnverified = true -cert = secauth_v3.100.cer -cert = secauth_v3.101.cer -sslHost = secure.authorize.net -certerror = 1:APPLETP_OCSP_UNAVAILABLE -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/proteron_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/proteron_v3.100.cer deleted file mode 100644 index b39bb4f9f2046a117249b0e2d88a9956067a1605..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 842 zcmXqLVs)FR?K>|cBMU2oLE{laZUas>=1>+kVWucY zLs0`^5QjsUCp@*dB(*3{!8x%Y)lkSl03^&V%n9Nugyfg!8Oj<+gT%OmMM5$X%S%!f zob&UFOLIyx^U@WPlMOWt)IieQ!t&0kMJ1VOnaPPInfZAN!Kp=MnaQce3ND#tnZ-a6 zLrDX1kV< z!rb18dBusv3eK4&m4;#lA|O#NVcvkEd|+_o=jkZ;_&6guxxBnwuK+3sc1q)XsQTFGFs(5TkoxyWtgC9$?nSKcSA2=uH752>+|enHq4%*obhd@ zIn$r(*7uxGzk71( zgd84EsY$AfO{c7%Cip2V_f+WzwrdCP@;FV|H$CQ`df1{Fxt>3K&Tl*%?dpA+t?PWt q|DIWlA}TAzZ4>8D{cGDIFvEJHfj`U6EyoqLOZvV)n;dAJ@E8CaH4I$< diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/secauth_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/secauth_v3.100.cer deleted file mode 100644 index 643c3cda0a3df332ef8521637ff2eba4203e1c6f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 845 zcmXqLV)is>V%oHTnTe5!NuVxyufYHM+BS=4M~d54$V(gWvT8uPey$-3&i+9GdWNzF(h#SL6sIPa7NzPX!i~sFEiq`Ej~pV5 ztPISJy$lA8olK3540mPQ&vn0dX3u;1`=GH~xR-C-$$NQsKYvSDIrq|)4yj7@Z$ICO z@IC+dzUrsq1e>OHKKuFVK0Q?AY+vG@^!P`Lr1=GtJsowi5i0I0RTP#SS{M}nkAG8p zZqx#MWM?`l5Tq29Nc>1a&r;edL@Ru_)o^%XyXgOw5c7jEfte z8#F#K-~oCJlJ(5 z$Pocdn#{l$a9yivyKwnK;|+Hf_k_Kd>r_u%+?YAR_RcqBSvFsue7w<+?PTs^raInh sg88`?-#(=U_x)X59=ow==k)uX@1|@oD!JD4Vcwyv7e4#e80?)30JF~)8vpm?<>a zP~1Qi#NiU=3rj7^49-l?(^2ruOV%?qH!uZBa0}}>=Oh*vD;O&TlqTh5CMyIKW#%Rp zRVp~A7L{bCWhN(L=zfI*ZvuOWzQWMph=X=)i| z;Dh9VC`Ut817(Nk>Sea^b5VB_3O?W{;QRpxX_-v&}Pk<6Dhxw z{}_3*PuZK_uuK0T%j5&be>jbmUvigd7an0gcIoUR{jZ$KXa9RFW!V4V`R9)9x<>bA zm_6fK%TRqJ#ml;-l=)M^q*}hDuZpWP%~}jgC;ZrdJf}mNZEDTQrz`H2F4U>YxPSGO zOnXFvBoi|u1LNYxe+G@e4TONMmlbAY{LjK+zy_q47#R$>L1O$YEWpTOGZ19sOlb39 zZ2RHF$OskE0LcroC>qEwku{Julr#{B1c3lB3d#~oQhgGWQge)T4NVOUK`P~0vdsFtF3>9hM+-=^feFYORTfdxL z0GWXi6S^k()xCvxFHMM_&wZ|JpKxIR-N%g2**XjD#`79T6kCrU@ ozNn@;!KVBy-#HJadPezRV0ej&6*#H0l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/thawte_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/thawte_v3.100.cer deleted file mode 100644 index caa65ced4ab857e702346512a3d3f293389762e6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 827 zcmXqLVm3EuVp_0(nTe5!iP^4jvH>p}r&gOs+jm|@Miy2E10O?f15P&PP!={}rYJ{4 zRRd)Zhf7!{BqOoBBvrvVKd-nnrzA5kT|pzDq*7DCrzAzsP|QFCq>NdZ7pg4S-C4oe z(Lhd|*TBTU+|bOx(%9I*G788wMdBJXcA;7)Y9I_UheMbrJhiwawJ1-)Ik6zsP{=?4 zB+M?%3F0b*tI~hp(vEHU5#xmB2v z@jnZb0RwVG08=G1Fb3wN`MtOnAem}7gxaf-h&|*GQ=I5#WS^H<<4)0}@95^ra`Y3kdRv{Ka9(Qm~f{Ri8d{FGWOf25U^y#)YDBn_qj diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/thawte_v3.101.cer b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/thawte_v3.101.cer deleted file mode 100644 index 14dfab308e727031d1a16fdce96388a53cb51805..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 807 zcmXqLVpcY2V(MAI%*4pV#A3j}z+}M7#;Mij(e|B}k&%^^!64p{+klgeIh2J>m?<>a zP~1Qi#NiU=3rj7^49-l?(^2ruOV%?qH!uZBa0}}>=Oh*vD;O&TlqTh5CMyIKW#%Rp zRVp~A7L{bCWhN(L=zfI*ZvuOWzQWMph=X=)i| z;Dh9VC`Ut817(Nk>Sea^b5VB_3O?W{;QRpxX_-v&}Pk<6Dhxw z{}_3*PuZK_uuK0T%j5&be>jbmUvigd7an0gcIoUR{jZ$KXa9RFW!V4V`R9)9x<>bA zm_6fK%TRqJ#ml;-l=)M^q*}hDuZpWP%~}jgC;ZrdJf}mNZEDTQrz`H2F4U>YxPSGO zOnXFvBoi|u1LNYxe+G@e4TONMmlbAY{LjK+zy_q47#R$>L1O$YEWpTOGZ19sOlb39 zZ2RHF$OskE0LcroC>qEwku{Julr#{B1c3lB3d#~oQhgGWQge)T4NVOUK`P~0vdsFtF3>9hM+-=^feFYORTfdxL z0GWXi6S^k()xCvxFHMM_&wZ|JpKxIR-N%g2**XjD#`79T6kCrU@ ozNn@;!KVBy-#HJadPezRV0ej&6*#H0l diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/verisign_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/verisign_v3.100.cer deleted file mode 100644 index 149e878fd6cd13dc250c0a03ddf4793c399f8c61..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1788 zcmaJ>Yfuwc6wYoo0SvE@5I~?Th{!X!%Oen>v^0PqNG-t>8Hc(io46XXn5Pdw2$D)8 zLd9XmS}@k4Qy)`xtV(^f9R|nJg4Pxsv}3V4R_ib*jusW$?t(Cc&UAn6cfNDZJ?A_3 zTwvpl0~=@9$%Y{q_ElWF_&oAZWO;orbXRvc(h9t|9ZWmu1;1KE^A zVhLfWFrt(OH5&;OH=%1yrb^>tiNtEPiY;_jBb`;OqADbYN*s+=#Q-Um2Bb_dTOgUq zF4y5kBbtQfY%~#iHK9h8xQTNTFARW`L@Aj3%4nEK!<59N z6j_R_4A`I;OaS;?UK|%fAX{n%46!FW4FUnPjj+Hyo6zA_+(2N#Ac(2PN8qQ##2_A} zOJQ0`5l63y!F+)?LvjReiOI6mv^1%!fZo89q4`3NEEyyxO`c6-cfmY4UB8Ah=t&$C z0U_h$CiGfHne`@|)T2t0uwoGaW$YfppyaevGzX{UT}Gn=XEO6FIoNXwZ=D`yq^%RYSs1@#|%6@jWa9C-*(I_^3739)@{1!x-nnJGJ%3w$R{kec)v1LN z{`Va7IM{NH>|u3vSDkg->H0B?W$)P-bMJ-kP~)!hfG=Zlk7qAOc+PXZui75QMpa85 zZORJSa)W}|5DPkBgKfYD*MK?)tz#%3sjCNdwYLALY4e1h9}IEOB^adV8EK()KG6kgb2rKE90Klt%{PDC4}mShu@0q-M$O( zn6iBkgbj0?Ad>-MNGeDHNlwfuu_rL=N^fh9GGA}fC8!KK*QK4ZCjuZ9(;UcV;!)&H z!0bP7wLK5AkLN&c0bCFZqPgz$)^Rv)FeD23zgK|vq_ZqU!a>+{2pgLDgSj44dEY@G z+JW|5fCK_jt*}UbIn*+ms@VMQSShvpN!srN7k&el={N{N)`7JkZW;r~9_HE`r7~8! zG)K4ax?%v&6#^%57vI+cO$k95fPOj@@d&}cut*<%=2 z=cZlm-uwvj_d8n=8|V0$9KLzF)4p<;yw=heG4c5sjeO*ez~e&4vo7A>4=VmV`C@;= zNB!=lgWkrvUg_IV&!(<#mWq3?xMd6p;)`z`%Hw_EKX{AlHDu|1PZd9!c{^%PV6b2U zM@~4}t?622$-?g*i#v|)cqMrDYxTf=_lXuujr0ct;@o@Xyzopx#|J*mE%K&InZXB_ z`jkCLxVgvKG3(%AB<`z4^|{@evLi|d=36nk@3TSDZ|lpxZ8uIY(>k8Zc3}Tx HJ+%J|DYQ_` diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/verisign_v3.101.cer b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/verisign_v3.101.cer deleted file mode 100644 index 78e8174fd34066eeb7414c3a8d85f441d9648982..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1570 zcmXqLVv{pyVr5&v%*4pVB%tGQcQWtS$iAO8GefEp-Z~rbvTc;+SR8Oj^Tf+VMECvRlUUGh}eo;Z90x)EN4zw^ZgZNe-!?&&# zC8>ESz@Q0B%*jlFcrrNHMpy1v}#`z2_Oq z#J8{0TD3xZk+ijda=h@yyBs}!BDb0wA8+k>obgsA{ao0#HM5JSx!msR*?jFo;pD#C zg&|(AizBo83j%eR=TEy)P*eCd6#Gax(9F~6;l&x6t(mSui_VH#z)t+Ka4?d$xwzsyGuc90pBHEZ_ty%f}+dBI4(KLbmL^d2p5gr-=M1pDi9;-Fx3a2p9>n z!inupo9S*$aa2^i&%iUm(4(s zjWeOmgR$+06C)#3C>Q1yMjn<#gZPE93!)7o4Z;mV#W;Z(Bt2C>Ju}Tf(LmmSosCtS zkC{n|MWp}fWvR9`y?xn-&o^XU@sQA|meey)6;p;fEhj%cAJs`^#b7azNtz%R39={| zC@hgPkTH}pkN^q*^Qj;>dm1}C8X1^a=o;#pSQyBIlq$1G7>G59)L%|re(3I--5(4% zKRa9gVp?x(XbcP-XfOgjV`!jnpbO(0Ft#b8hf{uXaRG{}3`{`gtFq`CXv0H=g^`U5 z5pIm=P={X&tE*3Vh)A8Nmi_aMYrfgSOPs}pY12vrP4>?;2uzPz(}`=4x3KDeniI!X1qoxl|Uz?lz3 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/verisign_v3.102.cer b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/verisign_v3.102.cer deleted file mode 100644 index bdef91b6b947e0576eb26cc7c15420003e5616aa..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1226 zcmXqLVmW5e#G=1|nTe5!Nx*cvVf*KHD|Vy0a}hkV>uwqFvT z0i{VfnaK(PMVYyYMU@K9sYNB3X_?81C7Jno3XY{E8Tmz-C6xwp;=BfChK2?f24D~+ z&TC`{fHT%zEYT2h{0lx=8bU;$BJsFAFx zU}RumrT|k3@q~h|f?Ix(LL$U%RjDZorNyZV`FS~&hOP$AAid1OHZUy;r1=wQw!5i8 z6QdGx05h^OFgG#sGXTZ8n3@HbnTf=c&k$R<)R9iv%hUFYmM`4!Ws&Nq^)i#vC7ym^V|hPe=M#n}cdfQc{%6|t#pd0E?$_qsZ@ye# z^Xc0M+x2%#CmKu2$~c@ZQIS-fd{gA#8m*w?{a0B$pY$fXci3b$pZ@2*SG&&t=+t$5 zbFW-`7=i@kS+oo^4Ad5=EKq7w$S5f(u+rC0F3Qm>1188~V1m?3&d=2^NKQ1? z1Bx2(fwb_0%wPc~cs2uD5MP1C%)rFJh>ZovWH104$Ht+}22AekOpIbOAR~)`W|o(i zqnepqPz+9DvV1IJEF$%nQhz}go<$j^G#51((yy5b?BQ!S}ypem*e4Ue4s^n6sumlcD>Kqi^M ztz%>X2Bd)sjBmi$CIK}dKe@O7#Q@}F3oI9y8ygw;Ro8jEl{Rkm;n{lV`aj=m%^E(A zsR<0+oV^W%j7SoS;ciZ Nb#;^9e^cYG1^`%gm3{yK diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/wellsfargo_v3.100.cer b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/wellsfargo_v3.100.cer deleted file mode 100644 index f95af0a019c93b52c2d16a6a8937eeca94efe99a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1147 zcmXqLVktLhVt%lInTe5!Nx<>w*$Go^7J47-ayhzp(%oA5TXoPan^aNClq|7d?$+O-pkHm}LfX z;=G0i2BtuFfI$?HYY5^R8Jk*~T1FW(wi|LAaDr@O6J`nxHWW4x1aUZoxttSoGSl*l z@-h<*#SBD1g6tx^!HIbaZbgZC$(hB;`GyJxav*Uo5%KWUoSb3>x5T3Ke1*ik6b0w} z+=9fsN<$t4E|3at5oXU|cSC6dNf3`&LxPn2RtJy19M|9Fz`E> z8XFl-ZvJ_|%W0p~5v~PWAIz!j3~Jigxw+|%F0-~=`C*^h>E=ntstvbht6rX0SI0iJ z?%V3Dn2tB;u@nXfa{{Q{+@#Qr_6W?`+=_;Y=2c#U5}-i|Lj{>gT2 zEwxy;*_w0dE%#q$#zs8Om;d%^Y~ajXIlphtUmKl^KLweX85tNCH!-d?XkuIm4lY?? z7A6A*18$&yWcgWGn3-4?7}$U~@+_tXz(`-9zd*N5JENqez)D{~I4lSl={dT|MLDRk z36;&|u@xW&6(L{SX)H%KBmwa6e3rkRn4CCMORVcdckgD8UtgD^49%-qEERQ>eK zGy|a14cOUOwfUHtq*z3}vv+DtW8>LnI?mR&SoW3TIEj^p;XVpgBF u>su8mvMthbyZZ57t@NoTI^DIQ-`ER!9M64AVPHJ17xPQaqII2{$p!#~hi7#F diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/wellsfargo_v3.101.cer b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/wellsfargo_v3.101.cer deleted file mode 100644 index 62dbdbb2b3b54e2d3e508afa213fa12628ce40c4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 903 zcmXqLVs18QVtTWHnTe5!Nx<#T>s?ze=<`oXn4xSxnZ4hDmyJ`a&7D}zD2 zA-4f18*?ZNn=n&ou%WntD2T%)%omnglo_0vo~NVWnU}0*Xl`H%lHeBBbIwUDE>DJm^4QSeJGDbFv;hPjFx!&Sxxh7eb2 z!F77(m82HsfnAZ9qY#{0RF+z#;OwZNs{nPlp{Id6M3X~#dAS}?I4)ylU@SgI~c)qc4D3hU)P&&;e>eelVN-u8TzO|fg}rjL7HO?P@b z%Y;kx%F39p4yt!=vL7_sRGM?-)b7Rq!qf|$S0#Tnu$!#$^w&pD>(ASL{Vc!7ct-6w zD0_KR*S`XTsZOW=X$N*k*;xHl@}IDYX?gG*f0O5{SvFPYGchwVFfMLjO>hz23iIhY#iEbz{J7M#3&|{ zQBqP+Y^AS{EvO7kK&Gg&=o)Clv@kQmSxju45ObYa7}>aBR&X#HaD#O5v#zI5Ry@A*86ZxJ1D(wWK`1DBDonKoq2aTbK`~Ku5tdFImsf z*uW4Xp#_rwikGAoJjSXtUB@E$$QqT6OYRkCv>O~^6)#v&^sRTdapLQYsis#NX4;(I z_Kc-VO>%o2(^NABbp?Gdw+z*uFEyRyMs%%!~|-i<=m? z8#FO)28Xw-Fbk6bgMkasC$b7Gwg%P)mTcS!Z61tmKU^8v#hDGX3^dp{wAp}3ke!K9 zOeUkGq@dVJUmsgw8gPS5;b&oCW@23cjtN;+7F`2vHcp6vPArUUTtK5(7@N$wn3-Y5 zGBd(iOh8>w%NQA1Gz`=XRA77q#x@C%qfYNHaIIOiM{iO*S>QG&4y}OG`?! zOifNQNHZ}rPBt{ig}INBhb7SHdbvu zW+o{Xk^ZNbrP|i?_GKSF-;j01LqexoQqMqDOd0Croc#2BR5zCugT+85p_U2Ez$6v- zdXk&cJHy@0sycgRn)+4*YAlhzw=VL^RqM1P`P^z-XJ0wEXKAE##nrOARf}3~NnUhV zS#ru~HLup&lwzs%nkoEOzU*7(b!o$|sl6TdWlV3lwDkSH@LWAx_^aZ6*7WatN;Vyz irp&(Wd|iBR-kY<9*ZG~oX1~=oNYCHA{pZRa{R#m1t$Qv2 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/xdss_v3.101.cer b/SecurityTests/clxutils/certcrl/testSubjects/ocspFromSsl/xdss_v3.101.cer deleted file mode 100644 index 1c84d8b541b4514e216e61d43a5e7f5644757ded..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 903 zcmXqLVs18QVtTWHnTe5!NkG-RtJT8k%;Sh3NAIpv%3ET<%f_kI=F#?@mywZ`mBAq1 zklTQhjX9KsO_(V(*ihU+6vW{Y<_k+L$_&m-&(l%x%uCiYG&e8>NpK76Ip-u67b_Sm z1e7M_WF{*F6lLZn7F8-ZrxulDre!84mSpDVDL9svWaJlRmQ)(ZiSt^T8<+qM0D~xT zUPD7e10xe7V^d30%P51!U54@ovJgwfV3sO`6qOd2DEOt8l;;;^!(7FU;VNSTLx`)i z;5t3?N>YpRz^+KlQ3y^gDoZU=aCTJCRe(C&(9^&jqRFAWyj%|`ommX@r(SY?uD)|X zFvz?4MFo0El?p+rX?hAio{mnQKAs_w3O*q&dK$@^mgWjD%M2RlBZns=D+6<5FM~m2 zCsSi1!;Pkf7uO`2YUNucEL9h!YCqh6h4u2DXJ*!`KKSHBZ+pJVrr0%f)5pE9raQfz zWx^$TWo67)2i3bb*$*0RD$O}^YWL!QVd{m>tCGJO*iF`W`s*X7_2=!rewN>3Jfn6T zl)b#E>tBJvRHxJbv;(`NY^;7N`A^uyv^;o@zsd8}ESswHnV1xVpxIw!3Sy+Gxl+8d8 zu8NTnDg=sBS$P(qLk!dws4P%wQvf*v=!WE?9MtG4NKQ1?1BxO?0x(fC14EyK@y(Nr zDa=kEi$5wavby*3*MN0jZ_UY*afGG6^^4vPr885{S{j{K{_?=-a!KPl>Ud3$k< z0;lf7Zx1C|EjHNl&#(V6kLgYuQ(K~+T72C6Npd_YOTJzx5I(PV*xA-oc3zWSQ2ZXd dV`-X#JP!ppPa-cA> zGB7tW@-rATF>*0AF)}i2a-G@9V_@{_sOo87hD!a`C6Aw7=E!I0>TsGmH^4S*y~FNw z%cQb3j}nEW>h?d=yfgKY&enymK5fbE-L*Y!4hvgh$eMjz+vcq{I~BxSKGpH}eI z>l@mZZvMN+f7V;&ABXtYXC4x^UpZMbVbzMbKbJq<$Xj0&a=c-p>t{`dssm|J_3KvY zP5dYxeb;20aISuq#y71x*6%+GV$UD=@$cyzIhSqE6dNY$|BRW!T4=|1FJSAI6Luc_ z%XaKgJW-c|AC%hdI$3(MXAm3ZH_wv>IlK5<`~ zdc8>E1^=W6Ui-h43OkFm#dKd(_;g9;A2Sm(BLm~&CdLwAh!hy`10!Enn33^63#$P$ zkTT!~3GlP90Mpkq16dGdk8gV6Euo5A>N(9+B6WTl&+kQ9!vllQ-7}yPL z5JJ2x`eM2v8JWcj$%q`KP@Y(w zY>Fz6e@eo0W-Sftj5h^QlAoSTKP19o;l=%CN%)**M;%U)N7lDR4!M*ZIraXdkAeSk z^P5~tIZV_oH!ibleDS2LK&k4OrCai8ezm*bE*ut3kGkHpcY|OR!_Q-vF6~$(b-tSQ z#@eX%bg47fLY4^a`KoDlivPwzt?3s(`sG)bOzvI$o1xWrVnD;8`%kq_)m*A*0RWVLyYK)2 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocsp_openvalidation/Root_CA2.crt b/SecurityTests/clxutils/certcrl/testSubjects/ocsp_openvalidation/Root_CA2.crt deleted file mode 100644 index 6160a38e57f34af50800d0fed929151053182ae7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1285 zcmXqLVr4XFVt%=RnTe5!iIKs8myJ`a&7*0AF)}hN^}pE@YV~z*isibC*E>X*pPzb| zJHI0@aQe>D8Ib3uso_=<3=eAYvF3KB}Honv_xUX{Z{)L;od549+f8;-RyCqI0 z!R7qb>kl_hoi*`rLG>OBi|ZT*cdfVoEe7k$3$i^@9z{zb=>^ z61)7oqTOXm%8V^qzU5hMmlyP^+a>H>cvxwQbRUbEmf|E;ZTFwYR1f~$p?WQ0Q|PP3 zi$a_0e|sE!HM6(j&mq=S=_|r)YcuEM&Uh)EouGIie2v!H&v3C1Re{>xxHm#W@KPo+{D-h z43Q=SeqiE|6=r1o&%$cJ45SRWK?3|NEWq^l%s>{z;bReF5$WgfpA&pA=EO6e>%w}c zgKU(iF^L#7t_H~~votO?Xk5^MRn5Z2mL-ji1D-0HfH_GKuSsgS@=@!J8$`XFTKbt?tB-9Cd6637bp3f^mcW%gcE$OfFUu-B z<7#&6{7{&hP_}-_$%+?CPIQKUXJ29Zv*vrZf1UST=g8AX?zWWf+h%uty~u! zr=58adW)Ao`&{$E)9y$1-*d5=e)+M=e*Flh1EDPi4?{&8mja6%f_kI=F#?@mywZ$mBAq2klTQhjX9KsO_(Vq)lk7e z4#eRS7Wd36PE9T?N)1UZE^$sRD#=XCOinCGH54}x1*u>b=5xz0QUJ*oEBNQ-R2r%p zD8r5BWE2z2gc{&b0#u_1;~B__^BNc$SQwfcSeTd@nM47(WVpiQi~Ko&L-Abjq{O1hLM$lxv`hQps|ywv612GexCWOYRn&3trt@1d|=kx z6CCtte{l1=7jxR`;`gW?`}wL(aShx5&r^2TnQwW{TK7YJvr>1-uBA6uHSl-cU0Bp& z@~))$e$%UW%Y?HJz1}Vqwq_E$i^v4d>_y!XJ-2SWn519sEpIX_NTT0eQ0tvTF5B9Z z3fH#oG7emIZHcU?H7gS{BLm~&CdLYbCdLv2ZlG^v`B_+)nV44?2!lAPEIbBWY#iEb zjI6Be%!~%IAVEGBF%}UflSe1nzCGCD6ugh+!0F{pR=Ha_4H{>H)V^djGMS;@}%5Ly*v9_79X$UMC}aL zIk{7w89Au#+GE|_aKFXu{;6|ctR{A`g)S@R-@VZ8!$QUBcTWagPP7*YJMfF|x%lai z_dZ?b+#cLN&H1;`q42(K4CSZO)gP2|K5D(0@%(A&N~e%ljXGznG|i3~>0S`E?Yxw= zrtOWlqpsBjL&wAQr!TLNt%{M#zW>zHMN;WQZkay&&1YMBp2a&ncevz#Mf3jS%PYM$U(-)%D~*%%V5yh z$<)}$u;`w4g8AX6_u2X<9&tE4Gpl^{#S15HcB@%er$|56dZQ(#cg^UcmjAD4*3;YO zev?pVdeV^n=+gDIY#D;$FZyO&(vizuV|Ffir`_j|AK2Ayh^#r^baUmLKQVugcSTpN zUs%5~HRY&Z;H8l5Zil8!yJ@I&<7cVM-BTF|RPt0C7}V6b1(uq}0U7V4w(ctRRb&fkY#&1P4|kgjb0m8)rhB2V>h0CtxN4h9{eYfek{4 zmqlMpHzXsoSRomaFBHlXixo19i%U~e6w-hh1C+=!^U@XafmuTlIRybT9di>SBSX{v zs0ByjXWd%h<6PLiP03?f+QKuXi=rCT{c@_qLisH}Ib8iXQSk4iXPO^3Cn$Q(oOC0= zwf;%TrKqBbH=p*%$nHI-yL6@f3d^VWciVo@uz3<2ShSNV>5sFW=~m|#MN2}n|F5{N zzC)ycO7zh~z5I8i^wbJ6QV#AqUAykfy7TJCQkHD)_6%6D+ z94=vT&%EN)}4=$>||BTv3xL)1#wha#0*5(IJDUqSy|bc zncyrIh%_II7>h{9yt?n2g>$Pl_|2r&s8btO7J2zEa zn0L70sdV}&R)+gKJ(`y;EM8Jb_jJ<4$Y7uda+)BElz~JeuG9opB7|3oARA{wn+Idt z4<}%X2L>7I0s|X_5HE|qm~Kc$X0bvtB9SYUCl)JY78jSMrYNKVQ#mLFXXd3VW zB61=D<{;)KMn;B80hdDgkITEfE)H>UK5{{7*>MlPO^sKdGu)Z1m}2pv zV!4Gup3jdE%hm&vKe;UWz3lY$37+mcJ?wqo-dqXdj@W-QQgWu_!ZzOn?pKvJ{W`?$ z%iQq0y_EU2vSjTKrERaZ9Q<@{KMh-XE{m}^p}sVIYWt(k98U$m=ka3pHGC`oOj1?P zTXyKqWB%;uMb-8iRr?iRJTS7-e0JPzZLig&r^?;RZ}%;a%rq!gTzKG3D`WFAO+&C#UtM)WaD!|T?z=lO+Qc`-}Q Y-IHGNym`y)$;}FW-bHtht&l$l0MTlN@&Et; diff --git a/SecurityTests/clxutils/certcrl/testSubjects/ocsp_openvalidation/User_CA2.crt b/SecurityTests/clxutils/certcrl/testSubjects/ocsp_openvalidation/User_CA2.crt deleted file mode 100644 index d382ea77b6ffae702679d2746459126edb4e21dd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1160 zcmXqLVremGV$NB>%*4pV#K>a6%f_kI=F#?@mywZ$mBFCiklTQhjX9KsO_(Vq)lk7e z4#eRS7Wd36PE9T?N)1UZE^$sRD#=XCOinCGHB>iH1*u>bmUGK5QUJ*oEBNQ-R4U}9 zR+K2Dr{<*=C6;97=NYORD8sGdWE2z2gc|5j0@R}i;~B__^BNc#m>U=xSejax8bkrP z<_2cQ22id+1*r~%dVv|?1%=S!RESd*Kt3VXWsUQZ1B;QBfw{4l!Jx5|sj-paW2Hgh zZcpRs?_V%ay#H;kb=`5{3H1qL|I&LmM=0cRDt3NW{mgqmbAxeVQ9=6pAb%07yl=UG zcOLF5Og8-f#VU_Gq~raC@b+2PUS6%OSjN00q@3l8`eK%~8-;v@g|L zj#r%IedbjrvGx5;o!k{R0(n=?RZT3=k`&hON@x-Z@7b_-9WS>F@2=y|r!gfq9%nyx zruf(bQJF9Lh*qs{N|j=DdD!0{^;*G_RIS2#LsCL;sP$q3M>s{K2mjOOFZv#lcVnG?+*1z zwHwGM>^4w6cP30)Nq*BQIq}p;3(HULTN$xDN7wiV7GMfI?A_ z#{|s*E0e@P5RF9bNp(zJMgsr>0RgRXiXaLJ^MWHWP%jeB1T@|N*yf$CP98)e)|0`C z#(KmAMKiEu64og!nh_Pspa%tfWuh%s9|!7apg~K}3beqPnOm4z`e~qXmY}66{vQMh z|MeS#Mt}Pa{>N``k0mmqqJsj1Xd4IgEkJJhzyAdg5EwTb0&@9KE*J7-s*7(WBDAr# ziGA|zR5gbSEm!sgu874hCjAjVnmsL)9%uJfoK2?$c~5T2T9MiO5|(0fIdUCmeMW_* zqQ`6ep#;GRT{dm$n>ZM_&qeeAxV;h zn>S(%0Ib8IAOuv}Amt5$!=Q+XfA{;k2aE>?Ahb==gx8S7e50o7fpWc5rFhPQ;Gk4Y zOQUCJACHjgQ@HLQF19Fr{A4!y{Pn%l!K-g(Ti&a4PUL22P%rcdKNL3 zPV z&Vdta&o#C#BQCb)>*-@OwTf>BvvZWGc^%Ap_M+Oz;R;c9jc6fW*MisY z+{>mu{?77Lh)E>29|+tgJR#S^fDix*Jat)^J-otbbOT za*MXh0&`K6oXA?Y4&P6nJqh}v@A`^NfViP3!p%~ksU?71o|dGoD_yr~ zjeVQuF5!keN-Ex`cfJv;RJ*0qiIwlz^i(%388y;TIU6XBhB?0PUi%lI>qTPp;eBf9Ij@G#yH=+U4>iiC zC)eJ7$%1!Wjk#(vykuFeuvF^k*}oU-ccgD| z!A->4$A=(-)`1K0vcZvXRk(_xGD1ZO>A=gT_**LeSHd;_H&FpD_n$<`|4Xzq5i!CO z+#cL>!+GAmxPaCX5mSUmFpB=OB!G?v6v4<&bKx@qBWM9M$f#HvgJ)}tPY-%)x>+ED3MYT8s1!;EHDCz_Y zB*Ha0z}Er?3F?l5BcQ%{1P5>#xUGpPB}{1(y{q3@!#EX}=gdA{@1lH!G~cyE z3OM(T>m_ZDhqrz>O4F$UO95-+Q7<6(wM-?$h3Wbgx>n2SZf_gL&b3PBMqtwJL=_zQc}UGk(@C zJ<<`VAFFU&r#N{q+|@%DFCl5!^)wyw$HTpQ*sO-kqoSOJyF3*0*e2OG18sgmGvCes zLd;bBC|sNQ)kQwYeUr6fqn9lAyqNi!vLTOVai1RA;+>?9bXu7PQlecHTOyTVPWYmt zR+j96&-D0v(b)uvbAWhkoK`(Cil1?C8Q0ecNy9PUEIIdVv&|3*3FDR!KL4SIe4OyK zWpP5|X};ZZ*mbP~OR&1V@4rOIf*P}(D`Bix;GmOzrqh&rPOrwnD*n=-WPfKQD^a7esEl7&MxWrQ$fuX%KB*E*B?SD^FJNW zi;JNf#l?ag4`a_Ulr_Ai;MeNig)w)b7|ux?P&CNnd_R0z=neuyX+4UYK2PQMmd_Ba zmB|&iQzi+N$t9K@b;M7|@9wVxR#sqohtLf3&O5xr2?8xAre9n@ETLP65n=&99*02F zbNK?Q?=F1H>X8;&sb(|iNDGeW0wn1UT#BiLJ_7fcw|~6M0ba~8-8L5IW~)=!;9=P< z0NRXxUh1Y>+Q|W#6mM`gUOWMsAdU~r?xLwsm-UTT<|+7jZ01h3MDb72E2*ZRwR(}T zI2M0Pm;4y*C;V&e51hM=M&#&$JD#4l+>_lYKj>%RaaA+&|9T0QGmF~FSEjhV{#88s z4Lf}9g?3ist5oILvMU^Tac~}lZODA*cutME?DY3{gNQMg5MSJ0C5xsTx{N`0I6X3E zhYn;PeWNqgY;GObF2C^b>xv-p!Ev&&bt+%hI!&hESjzERsLezK_29%F*!7TuG#k{D zbT~q@TAm5+t&HLehN;<-@ZSug#bxqz+UG>jE*(y~&zCjhOa!6%H_q<=crFDJFeEgQ z5nFW5PnwBV7;oTF`EacGWtBVZ0Iywf!M$Z%oxMl*u%AHs>s(%X%u!{~JVeAH}At%vG&{%w@Nc2ivKzHy_@Rqe;O>$5ouc*3i> zP>nTRslSRcuNgWM^{+5|NSXgb_<6t5!>l7M9M7M)VufwSoas`hDfd^|wkZf^nYP}9 zFh60Ns65ojgjh&aVu0Y6p*;tPA4)zq;8~dpx>Wdx*I3*Ety-mokaEg)nsAkLu1IOC zB9-Llx8uSAs{UH?gN!v}_8#s{7V87XFuvkT7d1}#mWXSXQQ}-@lp2mFb^Kte3Rw_d%p8VJUR#A zF44?4WduZf3dQ;9jr#+*3Vem2iXE+s{Knm=2ec{-dJcQetC;s1E^h_5HuJrtSJ{-B zh~^fvFCmaLrMG**Fk7=Xvj*FaJaiN`M5ogFB;K-J5A*KaubeK4W?h0)=|Z3@zg8y=cZ7|5s~nGq6KpAs?_ zx$ zr4t7ynO&5#V+*$)ZPB>?V^Xtcz@>giG|^vD<7auPfsZRCO#_xYa}`)%SkPgRU#sh_ w-)30<3{rRY>*2g9;YasUMQgt7owIbuboD;h0Mie=w$}Y8otH4c^BM=0@FXXDS;pJwb3ea=$oCoUs&^rt@=3zV$oGwgL zQTCBc=Yja`wyipD zsoizVR5N6oJtp&%s6Box4BOYf?l-5IJsP=RJf^}B8;vkN5fC|d%XB(h9M1#D-82yb z;sWYERi&7n+As0xtMzQKyHY0-G2+}!&O5~J&KkLAP&ON1$kRlQ=+l6`!}*m#u@EQ% zvWq>I8gM^MCV(FW$uGp@s|8`|NQm6OC5{Tp2=Y%*_1pSYbeJPt*D^2loiXAcmq(t= zh4$|(0}fg03+|6Su?O8m*^IXXVq0qEK?DD9ckeIwi$IvsGX9giE$n)Cr^93DgLS&X z4#ue7qEy6KHSZQ_b_;eL#JN3(rWkA_C;y^`55_9_kEj!gU4;WqoF8{Q0Uz9$^KR4p z>9~MyJ43U3Z#Hrf0P_lcq>%F1LN#u8`nmaH~vb3tZ%{kQs}>SMF2O{=X{Ez;{N7FZ#1F*Y?fC#s!Nd zCQ!tYml{@i@oin3wwn2-o!(~_?oNofEUn7Eb9mbFPP{bQtn{Vj+WW+q_Moks<5NVB zEt97Tk~2saKBve;Lr=RVK`NE1JT@i2Azi2_nND=;H8`q|Xl|Nl(%)Z8He^~FXy^T} zgh`9qT42*gJbjg93R$TCX}(mMAbo!oB_IFvL^gbkk-Fd3JdvYU;(t3o_D~QySaIMW zm>fLY!sCCkQXPkwPn|=>U_J|pO=6uiwov5U*?^YJv!!Wkn)SL#ESztoW`YogcYo|y z8ZtOk&3Z{WxN9~7gMzj(36S^ZLw+AbxZcI+x25ec_q`}MLPQDk zisiwkYjgG6ZWD7bWSX7tiTc!}vDiIQ`SWpg8t$rf{nMd}hXv4Nhyz>qi2qgYDInz4?mS|CAYQE}0>+E1)D-Gl?6jEsd)Az>C%{ z@AKpVzs?j95Z|3l>PjRP4YM!j77OpB0#ne{;l%~v?41Kkr{@y4 z0)hkpcoD-2W+9XvVCLtaPLOWhU7GBiC8ziyB9u(kKgTvFiVJm6V55gXgc;?(a$m(s z&n*T5>}hFK71za(^ak26im%!(;GPgIO@-;BGwx-g`=`+GUCsY%Lti);t~VCxSEb69 z_WyWYwwk+J|MiCyUefYMg3(}oab)qX3qEB-ss}>NmxG7w1p`=yMZ%O#+~#DzF5Y?V z;~ar<`j1Ldlo*@l0Ge~rkovV9Q`Um@_WW1^#CZ{k+jz!~_s;<2tC|qUu7wzSCpc7z zZtzEjBrBmozuX{0V8C8Nlj1&#OB@}eMgDN~lPCilNOZWEH0cFjgt>uHRcr$JtIdcc z6g6WG0c-Ch9P#30vsfOqpl8)SsCVD8%PKS)ALrTd$iI#O{MQhaE6`#c-um;Uzp2#M z$@*G*!Hl8G4TdIY?iDMj{8p zklj`vlgTo9oB2Ov7HVXtFX{-L*{NRGW}lo?kTeP_zQ>Gzb01TMp*_#mBYlO9b{y-> z@md;lJuaYjlBzXBsUP_lN+eoCH?J}@C|;ai)?y}KtdPF1iKwHazhr;`H+4TQ%LuX2 zSZHRrPv*)>Cm5#>fUpz&7~z5CP=zED{_e36gtHkCP~MQ{HVN-yuZ~A}i35Hh2Q*y+ zez4a24{3RiY%J{96QLD*kRPjfxmTb4^)n@kSN$ku>~5-4RT2@7HMXV*GhO}OD<)~b z$BIhPg>?L{U0X+2DIuvV9)$*3MhQw9GP@D_-P~zFzRqj5e}Mub0=5u138{hG9-ANWf_JCl93Rx=~A;zU783szp zb`zv=9vv~jz26y1#XWKaH3vjm@n7Us!8~BK9O>wzYbxXoGPr?GPurdv8kI7&@p>mz zO|9EU>RZOSFmbFHReF%Qi^S|D_Ye%|{vMM1eA9h5ar%Q7K0l2Z5>YLXyAoWC z8g^z7!i8dHxd4dNiF4nzp_EBXnzP-FT9lZ%8DT4UI)~QF0^GYF78<``$6TNjD@-KE ry{Aqtj~86%?S{qn)-&q}TEk)PHc=HYexr2CnXHLTbdBVZbeZ217(n-u diff --git a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/derCerts/uee8k.der b/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/derCerts/uee8k.der deleted file mode 100644 index fa886f1c296c7d7ce22e103aced7b0bbc3644c5c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2718 zcmai0c{J2}A2u`g85)#*7#d3nzp)I-zGTVHT%y4+BNIj#L&~0g?WVGpeM^bT)+;;N zLdw3}>|{x{$ntXUd){;3bN_h%e7?_fKHtyh`JD4P4-m?n281$0vLIj(7|cY|ugu-6 zARUAUSm>E9M(9QCvVcHzbTmLHh#w6FnCKx`T6zvJ_8R&EAa)8MFr=}*g_ai5lITrA zTKJGCM5I2MLiBPc5=i(HprwIE0m7$JMi}2;BFgEzhZoY+%Y#ZHI}wq_cy}V258ydf zF~HdWR2h0W;oV4-JAaYF0P>V%hVlGKnt0vBlS%$~3dw`~rvP~#jsE`{8MG*XI;{hR zA^uSZ?}o&ZNtD0-lLjRJJ3kYM6G=Ilj_8gjx#0-}FQT`%I@!b5h3G|;B9W;lZ4v+h zE*1a-C;;+kSvgrW#)gXpjR7#Sz<(g1{J-u=0urZvKwzkUxMzAzM+d1z^rDcQNlvFu zoks(qj6#232#Agb63WPWvK2-qa40Q^=6Qor@_9IIgY;}k#n(CKZ00`ijSPn6gT5;; z`FXrDTZWXOh1t#n!-bHatCcU5$TNq5M%xa%L+AO;BICdLV-DRLb|eW2onqoH)_u8F zmWQQJ@=O;)t`txBbX&?2(p5w^lZ#XWFTuu!-mfVXrmFDP*ee$_!TI6=RW|r#-!6)h zEq^cM!-O0gcpAK{ip@{S9F^W!dcN)U>Yce5J9>KD=;M`^wU4|tH%&2o_8$hc6BY-8 z>zel-X_Ujo!4QeHprzs8Y@_p*<2;1#z^!HKzeN_V8Vo{u!&D(my9^;>Sf+ z(y^z7l3)3b`gfOQ%C+=8gZkF>*fLqK1q$zf8^YD9E=_OOG!8%6*`y=uJn{}VoBs`m z7BiQoL^?!7+-vLxwhP-xFMEELvp60t%ijebQ%BffRrwPNj?$3TYgW`iOPQmG|B_ts z_bqI8S`724ZDMUJn#{3mv6f%wBvGMML`#iIWC6DuO6)i%;!NAcy~HApXk0kNI784^ z86-HKvPm8|SgH;tU(tGf*8}6lMzhHrkeBphSW}+tyI-@Hmf~L(eLJUVE8cuJ=ZmWR z8~XOJko~Sw0Y*kIp6KztuHKwNH4Hf_W*HJ@2fZ;{mc$d=V6|p3a8!S>x54*nl=S{< z^w3UEOB-FRh^T4HgD1Sd-Pv%*rB|ly6=Y7{IU+K}BvY%^K@}Qpb*Ti=I{mxX_@QM`=9g5hgHn?Ha&fK*Gha22eM-#>G}v! z5Zm3TW9-@-*_40v)%s+=vp^*K5CJUY=W@ImJR;yEhh3}Niy1ji=5dos6{?WPLRra1 z^OZ=(m+Upf4oah}}zwpdBi9CTzTgeb9{3#@yZ1_d39U~S4^)YqG zja0wSGgt3r->Tm$Ne^Bjku1**wI*%Rj{-4eqf&o7g-aTRFXhUv5p#YO_I=0o9J^}S zD{{Y7;9RoG?|i&-?1!sNduMyR9eLL7(+}Oyeun^0!p2LeDp9M1L9^#cSmX*F#5zK! zDcNXzo=`6}d1rNoKg4T4(ZD>JJAIxe&AUHo|1H8|Fm!w8z#80ghb?-{uPtG>muB{P z8od2wIJdu;qGdGsyKV$ZB3q+=9I55dV5j+TS~cbxKO$G>==Rn_aR{Ftr8-4!iO&9h zO^6xR4ZQcfCkk~|-ia0Dx{l)Cm?pfo7I>3&^NVVc?^H$CMLAxJvZ*L-1sY zK1aml{$_rC@#mqAeVe0}IA9l#xN#9c=aNZ&mN-r~JjuhJsJ3q^?Op;@kc;6lu%Q6rjtqY7^Zc{ zvIJefXhPCuf|tM@=@o}^ONk4Hd{Y~q6Z)JQJHZYS z%-1FOgxc~^JoE+~RE|7P0R+0CZi>gCRmF=|oPzaqfw+kH>A5 zt@VDyx~-=aKbPF;KXQwMKNeHzTGBl5Ebh29yz(q5wq-?R7Yk5sf61i?Hu12)(49b3Ev}wk#Va(0}fw`2<)Y51pO8o2tO6n9x zt{R{MAWl*Rf|Zt&_H0^RV^x83q^G|D0RcbfA$EWA0xbYLr8z*LV_Gmk1F)W=GpC3a z0;c=p?+N21@W>8duFEHgpa?AHuZbvfg-Hh^0yOky3ER+rY8zSi&MTZz@|U q)3;(RfNE#fL^#Jjr 16K (RSAMaxKeySize, RSAMaxPublicExponent in com.apple.crypto). -# -# The easy way to set these is via the cspxutils/keySizePref program; compile it and -# run it like this as root: -# -# -# keySizePref set keysize 20000 -# keySizePref set pubexpsize 20000 -# -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -end - -test = "locally generated 6K keys" -cert = ssSubjCert.der -root = ssRootCert.der -verifyTime = 20060726000000 -end - -test = "test1, uee8k" -cert = uee8k.pem -cert = shintca.pem -root = shroot.pem -verifyTime = 20060726000000 -end - -test = "test1, uee16k.pem" -cert = uee16k.pem -cert = shintca.pem -root = shroot.pem -verifyTime = 20060726000000 -end - -test = "test2a, huge pkint8k.pem CA" -cert = eepkint1.pem -cert = pkint8k.pem -root = shroot.pem -verifyTime = 20060726000000 -end - -test = "test2a, bad pkint8k.pem CA, wrong root" -cert = eepkint1.pem -cert = pkint8k.pem -root = root.pem -error = CSSMERR_TP_NOT_TRUSTED -verifyTime = 20060726000000 -end - -test = "test2b, huge pkint16k.pem CA" -cert = eepkint2.pem -cert = pkint16k.pem -root = shroot.pem -verifyTime = 20060726000000 -end - -test = "test2b, bad pkint16k.pem CA, wrong root" -cert = eepkint2.pem -cert = pkint16k.pem -root = root.pem -error = CSSMERR_TP_NOT_TRUSTED -verifyTime = 20060726000000 -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/parasiteEnableLargeKeys.scr b/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/parasiteEnableLargeKeys.scr deleted file mode 100644 index ee3a5982..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/parasiteEnableLargeKeys.scr +++ /dev/null @@ -1,71 +0,0 @@ -# -# Test for NISCC Parasitic key bearing certs, with the RSAMaxKeySize set to > 16k. -# The easy way to set this is via the cspxutils/keySizePref program; compile it and -# run it like this as root: -# -# keySizePref set keysize 20000 -# -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -end - -test = "locally generated 6K keys" -cert = ssSubjCert.der -root = ssRootCert.der -verifyTime = 20060726000000 -end - -test = "test1, uee8k" -cert = uee8k.pem -cert = shintca.pem -root = shroot.pem -verifyTime = 20060726000000 -# bad public exponent -error = CSSMERR_TP_INVALID_CERTIFICATE -end - -test = "test1, uee16k.pem" -cert = uee16k.pem -cert = shintca.pem -root = shroot.pem -verifyTime = 20060726000000 -# bad public exponent -error = CSSMERR_TP_INVALID_CERTIFICATE -end - -test = "test2a, huge pkint8k.pem CA" -cert = eepkint1.pem -cert = pkint8k.pem -root = shroot.pem -verifyTime = 20060726000000 -# leaf is OK, other certs have pub exponent too large -error = CSSMERR_TP_NOT_TRUSTED -end - -test = "test2a, bad pkint8k.pem CA, wrong root" -cert = eepkint1.pem -cert = pkint8k.pem -root = root.pem -verifyTime = 20060726000000 -error = CSSMERR_TP_NOT_TRUSTED -end - -test = "test2b, huge pkint16k.pem CA" -cert = eepkint2.pem -cert = pkint16k.pem -root = shroot.pem -verifyTime = 20060726000000 -# leaf is OK, other certs have pub exponent too large -error = CSSMERR_TP_NOT_TRUSTED -end - -test = "test2b, bad pkint16k.pem CA, wrong root" -cert = eepkint2.pem -cert = pkint16k.pem -root = root.pem -verifyTime = 20060726000000 -error = CSSMERR_TP_NOT_TRUSTED -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/parasiteErrDetect.scr b/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/parasiteErrDetect.scr deleted file mode 100644 index 3247c904..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/parasiteErrDetect.scr +++ /dev/null @@ -1,70 +0,0 @@ -# -# Test for NISCC Parasitic key bearing certs. -# This version runs with stock key size limits. -# -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -end - -test = "locally generated 6K keys" -cert = ssSubjCert.der -root = ssRootCert.der -# leaf cert has a bad public key -verifyTime = 20060726000000 -error = CSSMERR_TP_INVALID_CERTIFICATE -end - -test = "test1, uee8k" -cert = uee8k.pem -cert = shintca.pem -root = shroot.pem -# leaf cert has a bad public key -verifyTime = 20060726000000 -error = CSSMERR_TP_INVALID_CERTIFICATE -end - -test = "test1, uee16k.pem" -cert = uee16k.pem -cert = shintca.pem -root = shroot.pem -# leaf cert has a bad public key -verifyTime = 20060726000000 -error = CSSMERR_TP_INVALID_CERTIFICATE -end - -test = "test2a, huge pkint8k.pem CA" -cert = eepkint1.pem -cert = pkint8k.pem -root = shroot.pem -# leaf cert OK but subsequent certs have too-large keys -verifyTime = 20060726000000 -error = CSSMERR_TP_NOT_TRUSTED -end - -test = "test2a, bad pkint8k.pem CA, wrong root" -cert = eepkint1.pem -cert = pkint8k.pem -root = root.pem -verifyTime = 20060726000000 -error = CSSMERR_TP_NOT_TRUSTED -end - -test = "test2b, huge pkint16k.pem CA" -cert = eepkint2.pem -cert = pkint16k.pem -root = shroot.pem -# leaf cert OK but subsequent certs have too-large keys -verifyTime = 20060726000000 -error = CSSMERR_TP_NOT_TRUSTED -end - -test = "test2b, bad pkint16k.pem CA, wrong root" -cert = eepkint2.pem -cert = pkint16k.pem -root = root.pem -verifyTime = 20060726000000 -error = CSSMERR_TP_NOT_TRUSTED -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/pkint16k.pem b/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/pkint16k.pem deleted file mode 100644 index 1e317432..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/pkint16k.pem +++ /dev/null @@ -1,97 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIRtDCCER2gAwIBAgIJANE8GM83L39nMA0GCSqGSIb3DQEBBQUAMDAxCzAJBgNV -BAYTAlVLMSEwHwYDVQQDDBhOSVNDQyBUZXN0IFN1aXRlIFJvb3QgQ0EwHhcNMDYw -NzA1MTM0NjIyWhcNMTYwNzAxMTM0NjIyWjA+MQswCQYDVQQGEwJVSzEvMC0GA1UE -AwwmTklTQ0MgVGVzdCBTdWl0ZSBQSyBJbnRlcm1lZGlhdGUgQ0EgIzIwghAhMA0G -CSqGSIb3DQEBAQUAA4IQDgAwghAJAoIIAQCYVGftatQBrlQl81v6/kJwEi+uafjg -PTILVWcH3pQPTlYzfAuQ2CcfYUsE1WTsiKWUsy43Z8BaGRwMoyAeOzY5FeMdU9Ry -VLYLfDvPTZJGCwmKCFfpSZsif36pRcWQQOEuwPyptK1uzNVF66s/ylTiSEw2eryw -0+uyR+/fgVu3yGZO9kxYn8lPdQs8Iav4LC/3KOR/WKMqZITdQFMn0O1AXfh/I24J -GT6lW1GCKE3r69FUUKquH4+rsVDD1npEBBCZxWScwLuox7SbJ5p9ZIwIS8Vzl054 -zzxOBTQGC6hJJ5Jf9aziVgFMq2iHKRa3QYgvc+OypnXN9afmFSYvHrp3O0BZ/0O6 -otQZb3AIL+Z+10dXtWdg6BZNP4G2UbeSYNE4N5w9apEmssj2vm9IcI6hNHggUcPT -f9Bz+qC+Tzq+ShLnQYRgOVMY+/ankkoz5uezwGKCJU5PTLXpqQpvJXdipUFA9iLl -KENDZk7pozsZjcZeUY3KliOBwTE4/sGFTI6u/UJ+ORaMl4559b2vcEHMjTLUinRH -IQMdagxs88vRWU9vhmAP8kuMReEUfjIwaVF6B16S6f0k9ozPhRAedWoZYjLvB9+C -rfZVWLxUAx+4O1L0OSaYEvwIAUGz4VzcR03T65OIPS0QTEoSLRpj3f62isp4uIDt -KjPYX3FSVYXW5oeEIJT7qpv/L+PGXGVcBHjsOFNQboPEXk8EtpVxwOID+oDJiIuh -0YayD9g2G2fp7hLtUsILz3dIpm9/CKRuVfyyZUKTG9uQ63a/UT+n92lHgRyEaySE -N67GxKINApbMctizqZ+dScYk3QUEGK3459W8QPw6hrwFjSK5pGYnew4Dx42eBA0S -yMEm5dBp+QZ+1OIFIx+AXO2kjT7XUs24yGb2UWrGvxpLd1MTSNEE9AAtrB8TbeNU -wjaDpJplDHA0DPUIcqKFJwGpqGjH53vBOpGebcGRp7AQ4AA/9MuEKuAp16e1TwRB -GD6IduvhVAcL91xYXQXhwOGztaf5hDPnCu0N8MreAojxazKoz4QJfqUdBHZ81s2u -q/O6k2uBPqrjy6IFbK9kxINrOLs22ApvhxmjiIyeZ8RJjIpQaGh4KPRnklJBMHXw -qmGmDxHWkspXMkzQmQL4nen4dmGaG1kecgmfPMqOvQFinOqwdBaltLEn0RL7eIZI -Q8MT+KhgHknwHw2nXyou9GbcNKknpxPwxjAtTZ4cOVwPPCsy3XsJ6fgMlWHpyTS1 -GCJy5fV1rC7qMXgEzna/+7CkCWf6I60m6bOzv/Pk3XQxMct1GeYY94xU9JrVai1B -HuGk/U+hWtkn3JN4hHgMwDLO9mHydvsEj8mXkqbfY96If+xzmLjekrguszR05MHp -9aQVtAyBI9NEcJXEfguSKZOidUhswxwH5BA18B+pvujErS1wMvy7QopA/0hx10tM -/gqGV5oa5HI6pjy4DfEk6UlvecIVrAKOvSWi3Hm4xVbFBcyHNtHeQuljcueeQXUE -pOfvGDF8x5E19KSJ4m2kWqquYrKY7/Py9qhhKFrotDn5sm91ZvodX4DbatkGo5Ju -Y6LBmwcjL5Z95XheoFva9fin+AOJvYFzdrA1V03Lg4sTKuaemgxFIhp8Iq7aJoUD -xP2j8BLo9iwQDtmKmL0DBK8XJgBhV/5UIgy9nWoczORo8wkl1rXNWNXo8Us+uyoD -tvqxeVmfA1cm7SpwKT3YasuRx+x4R3YQiKrk7CLh+cXMnxbzimTiKl+F9pQGK072 -eFl7EoJXFEQJEzpM6HHKhHcHh9Bn1sFAStoaF1VWhaW0QdjyVIFn/G7kh8zQMwfT -VVbxPKQJ0php/aounhqRB/+tr8wMUydDekXnkdgs0BFxXaz1mz+g257c6gEsy4V7 -Wa72JsIX2U0TAy94+GWPdke62VmLAUIeuCq1aqS6YboCBJmc0ZS1Cn0M15Sr++eX -eZM40shuj2pbORRZRmhLBKOsAQVmYx0A2IGi73P/xRSd5WWVmpC3w5az0A+qr0sX -ilnub4mebaEc2+QviDEXckG+glDOM0PI9ZuwDTQ1TJw4XHQn3Ju1R3IWvdfl7G8E -rsHeLyRD35v7P/FFyXUw3Az8Xm+j3q9sLv2fQNmptpp33Z+ZQ1OgHh/dlYoTnGLs -PZYGpf/rG5YoMhWi22xZGF0Q68IE8AqzIBFICPHlk9Ci7hUGgcPcHVmCHClZKm90 -lnL6x+rbzOcs362fTjcX7wQwH7bXY6XhYAlWfFJ2fM2i7YVW7mxKiu8J3mOAGPVP -nfnCO5udkpeOS2F7ZNaAsAqQH7py4y9Ke0adMQ/Dr6E5V7EIZN2TxGKWrIDaiy5o -gPSGOK8Yl8iiWMvpIkOY8xE8SCXgsiUGiF/MVKi6l2xFbJ+nHCsRmnvyIARTSksc -D/+I+nPA8T+Z6RxH5/xSskxVTW7mnGc2VSuS0Up/p6prF/EPv4OBWqA/shpJOpIz -P19jGiYsE5+cRFxWL1ZamNR0NEccYPj0oKksD9BdGCKDzbw+cnomzhX2+MQRVQJ3 -+f0H6klqq3f7Xvho9/d1V5dAwrYs7Q6fZvzK4yYRRQ1m8fj9sQAPxc5yZmqkL4oK -qzJFvLmkbBB1B7dObQjqpEf6vVFYcAo3oodpwTie220LR0z8l1bfcyx5vl79WanX -8ItzYbuNX9NFUuDqotGDbScE14sRG8DPd3fqjSzPJ77ZQeZ6JIBWDoizBYM01Osw -Wg8h+QeXOYrpZQKCCABjcr/Jmf0ItXy4TB/3mHcDBMDSoRKlnFaaNG+t1tvcLzz3 -l4e+DPiWliuOLz9sr0yMwcEpHAtkA0GNCz0ysMQnkE95Gner4eIHUIQNrbHKbWxC -xNUiDZV3PDnQVhGEPm2gxDOEfLGjCBaT/VKn4t7raKjJdOk/D05N5ASY3e4N76TU -XnPIgGvG4riw4BNiXRmR4VOozHPXVxFcNHp+Dhfg33wmDo0tqpofdAW/cZcQ0h/d -xqLPJJwDKYMgwfUZvCsiTsckzm+/sSM1O4ATy+D2N8LuhDdkWo6c+26faDE4ecRH -LOHacFnllD4VO1RiyGyDuUD8ICKBI3Cp8ACbWjd2MCKDQh4ZHCCBvrZqlAiIsEY/ -i9GXq53b4nC1ubCRGzAFkRzqOB8ilOHZuO+7vUwC+fqXdfaTnZO9gGiil76greyl -nlKfZ2e+B4hI0b9aJLb3J6dkM2HpEPwFuoaw51oQmCymb8tXSegnKIjNcUBqwdjA -2K37xlKcXi9yX6l8PfkEGEQgcKfZEPfJY4t93l2Zvhrb7gvPPxcabHh3mZXMij+4 -6LGQxd9Lo3m5oo+Tgw2rpmgbFiYV4B6ZLlJInqdjmLcnYm1N6QP4Fsd6PLqf6idG -r/jndyKkX4MB5DqvgT13u3J8W+W2GEJKwa0emNWbWd/As7Fj3GSsgE/e3Bp3H9nT -nGBO4+oQ5znfEoPQL4ISusCYOGZ/JP6g+ZQ9hEYAiU2vzKJ2RubmHwvV3bo9lgKY -8l4oxTsuXE84OfVREtiEjaNnHqJyI5X3NCN7Xusz18DIXhErN4m3vdt9e9KCudTD -KVSiVGnAhzPmP6mbnJpb+dv4Zag/XqfysLFHODLYZFpi+qInbTvd40qbsFIb8HF+ -l55rRNkbxzccmqVegSfZ2FHALJ8ErlUNTyVbP3Ju9cpkLzJwwQX8BwqYHi58ekk8 -rQwS3hu+xzO7FxCC/j0Gf6mhOuZPwf8GkDROweJQYMBBX31TFWxp1ADKMjiE9PCE -50OJojdwR5PLv4lQ71lNwB06VZWs1biniu5nY3Hda851UC1iZzLlZhap2zArdjAF -KTkPox4KQ9JCe3vWauKlF1wxKAc1E8JnnfCvwOEzaT95NxUTdp1FyxBSKoTE3R74 -1aZ/CfDoKxr3OM7MiEqjeGYM7UuWmKGEklTfeS+9YbZFwqxRwygxImilGQJ5wRlS -EKFWE9D0W+KKgDWWPZW4Q2KY5NqSW8bVEWWHbenxAVaDNSQirDyxtsaIrON0QgNj -tvVAlqzf/qKGJGI1Aa1cUfpJ0H5EALLatK82uv16bbu1VHINd6+4usqvrqn4VIvo -q5x+e3uHkYPfTGCSuUnknLZstlOPPmZUQTwwZDYnohDKq0dKS0n1G3Y/RDRRWs6Q -WYLl+cxEJi3bT+tdMWNzcIN9dwVutUty/FSrB4vsVJteRlOvEpvr8XmKXsEQRHMO -g/FmNfQ6NR5c/7S4TuMD3jH53oQApmvFbFqsF/ZnDxoUCBR8daG1X7OZxMG+85xk -QHf9p3ZTypwkyEBLYzdIhGxOAwvwqcvPw8lpMm83V8kjibHLToDSdloIkXqwj0nS -Fiik4ZqOIJljctNuftYx8N0q+DrAzeB1LDzpznhfAH5PyaEoF/CqivWsAubwe1GY -+dSxie8XHiGQlcmLP6KCAo6V3Kk+2UTcG8yWlHnpjosk7QRL0fGXYYQZ63KPpZS1 -uRH73EtBRl3PtOUEN4OqU+xhop1G7hvsW+qzTyVAHsobyvtWRy+0gzjdo+NXyPCx -vuFIF36kEhe/uHTnVbESVOXQl9qkhdaoZOcKUGK7QF/DZ5rUSuqd5K0B19TnkG9n -Vj4SCzXOAtIBJkQwtIZwrZuV39q4OtcYnelsMF2+rYoN5zg1wHWKM7gVq+Oljk02 -hJ4A6oF3PpUvxIsNfiywO1XjGnpCUly1c1eAHOR3u8ViWxg1yxStt+ij0VXvhRSs -x0+0cYYD91aTX+jawNplDmgZQlW9/wGve60W8YSa46qZCtWquck1otBjeSz79Bit -T6PoGQc8Im1mOHntp2NVuJGhKhoOPeFeb75wMvRB+witggSUGkI3FaK3ERNVlVTU -PLA6bQUsBqQvIXUeXW+qNcDuQ/6Yp0hncYjhPj1reJ8omGh7KqaYIPwD1n4TJAzD -OL8IfKBYSFSq37Hfc3Fdkd4q3ZdOGdXB7w8cYXAolA44NoNiuKpr9Mt7uQmH95AU -WItTKSYoXEr+Hrrz7bIzr4JK/icKOBKP1BaLu3J83+HJBjYAs0VS8DSiKe+Bh/um -5XwzLNZKOZ3qZEts2UhuYn0KaoEo7LuAqFB3ZZxYiFTYLvZwNSA0Hok0ti6TI5pS -8bQyZ5wKxCOquCCE9GTjg2CsTgikGLTXR+Rvtk7a9i3Jn910g8kVdo31L08NIcKc -I2c4d7I3Xt5K6QFpqu4wAWi8yMbm2gEbg3I8vS5H7xWHaHsXe8DY8PZ0CG+tmVga -7LSM27f69KXWYsTsEUBWCW6yeY2tmuZfzwx+4lX6yulLBA7GcJpvsKqzF7Hz/eSc -+AFuPsEdaYtVlHw20zAh/hP5jaMbzmqR9T+3gf1d4dSlIP3QsGVX4HYjKB7Aj00T -ZPgexCagdRIwzDxhV7FTUH6JUS6FJc5eIwCZqIhjeWoN5Ey7c5hEyfhBlvd+Ssu/ -K/EmyJHtq4UNuH9OHGMrV0MBbqWoupLgiBfmwiiuU3k+PinKtpVofZDZARfERaNF -MEMwHQYDVR0OBBYEFMA/cZmTnmOgF5Xq6PZTeWLcVtAaMBIGA1UdEwEB/wQIMAYB -Af8CAQAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBALVmp1gSjjtF -LHSmHi4P0vXxnbU/duEJkzUEA7DR5vEyqTsta8ey1XjfievSnb2UfEZ/Y6cM78Iy -P1dp7n072wN0/G284jP2siCetkk5+PDfcnwsxk0Snp0FWKC5/cU47z/3VAVtbeaD -z7CtowYF61a2kCaZZ85XZjpS9Ceef6Xz ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/pkint8k.pem b/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/pkint8k.pem deleted file mode 100644 index e8606d51..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/pkint8k.pem +++ /dev/null @@ -1,54 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIJtDCCCR2gAwIBAgIJANE8GM83L39lMA0GCSqGSIb3DQEBBQUAMDAxCzAJBgNV -BAYTAlVLMSEwHwYDVQQDDBhOSVNDQyBUZXN0IFN1aXRlIFJvb3QgQ0EwHhcNMDYw -NzA1MTM0NTI2WhcNMTYwNzAxMTM0NTI2WjA+MQswCQYDVQQGEwJVSzEvMC0GA1UE -AwwmTklTQ0MgVGVzdCBTdWl0ZSBQSyBJbnRlcm1lZGlhdGUgQ0EgIzEwggghMA0G -CSqGSIb3DQEBAQUAA4IIDgAwgggJAoIEAQCrwE2UIxAEwC/kqrLh5WahCtBz8ZwH -6vzQOww15mE8EZwuTFNR9pFM54H47batOm7j/X5N9WD31yMcUYeN63o2/W3A9i1k -jsonKGhY0KNXVP2sl6RQ6IE7qd11zFQzZJs9JvOUqD1+LAzb177uN6eZPRq5Xzym -whAbjTA+ERA5d8t0OlsczwPI3TQRAuIC6j5VpZid2i/x6av1bLC7UicSMeLcTc47 -xO7OGrlnUDYbX8jTRI7o04C9w/mVQbEQKAKyiz2WGnA/TCaAHwXJL8TkqwVh6kiI -3L8ljgrKCPJPUPXb+lV0mCNc1zIv9Z0x4h+XR57MhfbvLAMOWeoL7o89sQfdRNmM -twNiW2rlQQP/b3fvL/iLQJjR5SZPeBduOkVfBAtusHfaesyvnTTE0J8Ld73NWwlY -7n4i+uvXXbo+6eL1ucHYl/bzBW5FlXOFUeZWXTEnUi90h2CGhnzBzDD1p8Zprs34 -sQ1i/uo1ewL/dtkRDLel3TdiLwPtS1d2flQy/pO8Lex6d6fDY+iDdbrCDsao3qJU -xFg17xZpdgt2HcS5PYemGGwkJ/+ihg/GKvmPqBOJXYUDTpwfdzwBH9yY827T/Om4 -gG47Q7N7bzZyEQDzCn2kkPLYQjVud/q5+ZqYereJcKLC9I1S96LVPjW0BseDgfrL -rB4ICHIZidz5y8+ipz82boiK6gODXgtc5K+QGYvAV+5T0/6/Ks/Ad0aIL/qzMdf2 -zcTGBYslJlDEkZcaVnnxbV2btpr5pp3eZxbuToi4LK3KvnN42vJOvDTarPSl5dr7 -xJj2oK2b41NEjy2TpwqSM0gWPqfIRENPuyZBKpWqPDYlvyFdqCiZTnTrNTiqj2hu -mmjS319LNmRaGmjn/a+ESYvaWmDTRjx9lWQKWaj/ab5UmSB9fxUlH//0RDZ8jJG6 -39Y8kaNX4n87P/ZQEDpYceAgmBw828Ljf7JSHYeYT51DxWA+C4lNYp00tlDk3NmA -lsyzpWlrmvW6SSycb6RmghCGd3/sWBoyOFTNekk5uGs2AoOCtjEMB87m04gR+hKZ -rLTplkmuQ34fRLjexei3pe0w970oOEJECfOK5cGma3P1224TczBkmp3vifrUpLHY -PVL583F1Gu6qdf3ToYqHBdBkiANb94j/Ve7lblAc7bDv3tFmHocS12QCIXho//OA -2R5jNFXuvfmK2f+UGWwumSGyK6AkVzOJG6otjar5wIvWLu/z5AHj4ydE9x2ZTsJj -F82MG7r8TOtgAwt+6feCI3b0fH0dl6AYdrBn3vCbxioe47ANR8CVeoLEAY5Cyg+H -rh17EMZOv84UERDfnUzqSiQVDbMv5xYL76QCU9DV4cUF4eydA0un5xK3AoIEAHgR -wwpmIZQdYObnn06Qbt1dmuycJaf4ISKUTNU/xzYnigt1UGCjh0CEGeW/cl/FSc8t -BgLsaWlUFdfFkPQG2jCKr9ou4J4QLU2F6aMz7mWi+6fQ8F3N/2tDXzgYrjcW6Vel -ypb2/3hdtpq7W//1hxRe0vJHgtFgfXFk8a4LPmVDqgdCzZeDh+wFA1iGRcKUTdzm -ZL8u3nnt4xyBcvqPSlKUGJvmAJpz0ZD6tR1T1oL19vxYAsR5EYnbeMaO988A5Kua -EMeuhRh6JzhUiW7wR4YkK6FBv9wgQ2DAXkKT4j6KSxwdo0X+cPSTKAMbSHS4mDTp -BV+EuYFRVWwC+avNiCQUNWMOAWvvJBzx4mSzWB60oGfVPqh337LLKjQaH+fZ8Mi/ -jgH81xCUK9BiHd7686W/qdTXyfpae8GMocrkzbZA5RfGvUgtQk9d6kEiGKYnqBJ3 -QF0JXTtENw5tEBM5DthzNF71C8fFQwVVQcT4e7lK9bQdRsLSSYwNWSQ4cEq3QSlA -fGG0nBGkFoCwEz23scSU+6aaOUhfgUYiB8OQ3VYfk8kyeZv5P2QWamSnL+oIndmp -Xthmn5xUkDQKK77HjH9zH1OFoT3P1iN9hY12HOvM8Voacz0uoHaSqjVDqR/5F0ok -WkM3rzI0KF6cXtZiJl+skL6viaijo79kgAE3dT8uywix0VhoZrhP5spKJxinD4Cw -E/0Y4YHlUIUkE/7usRGEsxkQUN6Q5jYJ72Kvjkd4iQN+IAc0XQN+sNb7D2l5j2ws -7NgToRV7kB+reLlXn/31MyWKV/0oZexuqlNVEhGONbamCDNd/d4rJmm/x4pK0YV0 -/K9dW0dXKSGpKx6FBllGCUoaMrsR+t3caUC+zmu2f4ECIgK9g0hvyd7QnCvHnswN -ZEEkPUtcm+cp2DyOULeA6QLJm7L9NOmP50wb3/Fx3UkWQfaAYIYKWSsbIcalJBkG -Ssl2E6RxHh0xwL3fGUrFPXIENQdEWvFf5FXBPGC1HOnoo2sq5A0yuIFOT9ueGhqV -MrXxeidUTa3bR+pbxrkwcawYVXqQueQwy/UOQI1MSDh/yCdV7tk2gQTJOmVVmAzv -bSy2faALSrr5VYeYrCAl1H+v3lE1mwdCE6hoDXAAAYkc6Fk+TlvNIeIXDl1tj4uW -3Fs8WEjyi2zvmKmrLfbR/myMEJYnPcvpQvxxqclq2OyfkIvE7CX3EAzo/h6S+3zT -fTdx+oMXPj+NGBJRLZC7ElyMGnZmEMKFYma5AIjUiXPftaGUSUyas92NWpSYuRlh -K3g6h9bLAty7HxYav2DHXKATK0wkx72nTi6PF1zo7YbF9tYz6whaw2HuNlEVMH6j -dMqZrIlNdI3kkXSZ3xOjRTBDMB0GA1UdDgQWBBSavcG3pmaHcXpKZB0QFW8nhN4p -BDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0B -AQUFAAOBgQBz0En8ukM04c24yHquKRKYQ0wgp/woNl0O5GgJV54jkYvh/FpeK+89 -X1u6FUQEptNGfIm5aXYPyVtDgXUmPPirqUdvYu6VPCeg2ikCpEikwEejskJsRr5I -tJIas/77ed1MdPTF4ay9oyxj/pdblzrIYnZMwxdUUslDOoGyWGvMsw== ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/pkuser.pem b/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/pkuser.pem deleted file mode 100644 index 7b581be9..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/pkuser.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDW472JN7o8tXMZzViVQhIY1Zk2+Spm+c3NTS/KcGwz15nkXHbE -oHuIV2lW4QiM+fM/pm6FP6Fx/zE+eRBjECKCrV+cBXpt9zKxyOBAayYb/aPTOayp -o+K5NwUxB9lSZdVlnb2h6KINJJ7dZEsehtP4NYLmqdhDCJqFhHYGq+3D7wIDAQAB -AoGABxG+7oCy08R0YOjsfRyLU93TCIfx6SlWp+ZeKB7CsIHrQiP4lEdjSPz3LjCB -A4JFilaDVEbfnMx0ZkW9UET7nZl4rsWG2kkTQKR0Vb4ZS4e/2RyrnJKLrDY1B1aB -fyu80++VIClzozL2SW+PjfjaMvVxfrKK5Vy5vEf1SkyHSAECQQD5KEK8LYYFavSe -P3Kc6fRH0K2KD6Bs1mjB9IQnbVQcoWu+UktKRR2fAP5oMPHVIwxAj4hiZSWOPL8h -rAlmJwDvAkEA3MqOOAJcURAz8JFYM/1EjvPRFSrmSYrMrAMxcaiWmXhofPpUaarA -MV+a2NaMlh+bu21qJgODKbs4pgu9aa9tAQJAVpnK0FNWYO2zBonxEV8z+/4pQ3J5 -BTtk//04LegPM0BcDbPW3YK2b/zNcHOKqtVavdnlwqV7bzvoBxEf1zS5WwJBAIsX -N7zlD88pi+7zQUOPO89qnb7eBbEytXlvkYhukmEgT4LcGK1wmh8AgYY0suAoDW1n -okVMVSbHAQrpvmuDzgECQG7KZ6wR2fUq7lJyak5maQp22f4Ds2fnyDw6xDJvpjEh -D7r2zyO0ta5hj7OKNPT158nN29mo5l5PFDC+DEJosao= ------END RSA PRIVATE KEY----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/prsa16k.pem b/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/prsa16k.pem deleted file mode 100644 index 6a68e435..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/prsa16k.pem +++ /dev/null @@ -1,238 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIsJwIBAAKCCAEAmFRn7WrUAa5UJfNb+v5CcBIvrmn44D0yC1VnB96UD05WM3wL -kNgnH2FLBNVk7IillLMuN2fAWhkcDKMgHjs2ORXjHVPUclS2C3w7z02SRgsJighX -6UmbIn9+qUXFkEDhLsD8qbStbszVReurP8pU4khMNnq8sNPrskfv34Fbt8hmTvZM -WJ/JT3ULPCGr+Cwv9yjkf1ijKmSE3UBTJ9DtQF34fyNuCRk+pVtRgihN6+vRVFCq -rh+Pq7FQw9Z6RAQQmcVknMC7qMe0myeafWSMCEvFc5dOeM88TgU0BguoSSeSX/Ws -4lYBTKtohykWt0GIL3PjsqZ1zfWn5hUmLx66dztAWf9DuqLUGW9wCC/mftdHV7Vn -YOgWTT+BtlG3kmDRODecPWqRJrLI9r5vSHCOoTR4IFHD03/Qc/qgvk86vkoS50GE -YDlTGPv2p5JKM+bns8BigiVOT0y16akKbyV3YqVBQPYi5ShDQ2ZO6aM7GY3GXlGN -ypYjgcExOP7BhUyOrv1CfjkWjJeOefW9r3BBzI0y1Ip0RyEDHWoMbPPL0VlPb4Zg -D/JLjEXhFH4yMGlRegdekun9JPaMz4UQHnVqGWIy7wffgq32VVi8VAMfuDtS9Dkm -mBL8CAFBs+Fc3EdN0+uTiD0tEExKEi0aY93+torKeLiA7Soz2F9xUlWF1uaHhCCU -+6qb/y/jxlxlXAR47DhTUG6DxF5PBLaVccDiA/qAyYiLodGGsg/YNhtn6e4S7VLC -C893SKZvfwikblX8smVCkxvbkOt2v1E/p/dpR4EchGskhDeuxsSiDQKWzHLYs6mf -nUnGJN0FBBit+OfVvED8Ooa8BY0iuaRmJ3sOA8eNngQNEsjBJuXQafkGftTiBSMf -gFztpI0+11LNuMhm9lFqxr8aS3dTE0jRBPQALawfE23jVMI2g6SaZQxwNAz1CHKi -hScBqahox+d7wTqRnm3BkaewEOAAP/TLhCrgKdentU8EQRg+iHbr4VQHC/dcWF0F -4cDhs7Wn+YQz5wrtDfDK3gKI8WsyqM+ECX6lHQR2fNbNrqvzupNrgT6q48uiBWyv -ZMSDazi7NtgKb4cZo4iMnmfESYyKUGhoeCj0Z5JSQTB18Kphpg8R1pLKVzJM0JkC -+J3p+HZhmhtZHnIJnzzKjr0BYpzqsHQWpbSxJ9ES+3iGSEPDE/ioYB5J8B8Np18q -LvRm3DSpJ6cT8MYwLU2eHDlcDzwrMt17Cen4DJVh6ck0tRgicuX1dawu6jF4BM52 -v/uwpAln+iOtJumzs7/z5N10MTHLdRnmGPeMVPSa1WotQR7hpP1PoVrZJ9yTeIR4 -DMAyzvZh8nb7BI/Jl5Km32PeiH/sc5i43pK4LrM0dOTB6fWkFbQMgSPTRHCVxH4L -kimTonVIbMMcB+QQNfAfqb7oxK0tcDL8u0KKQP9IcddLTP4KhleaGuRyOqY8uA3x -JOlJb3nCFawCjr0lotx5uMVWxQXMhzbR3kLpY3LnnkF1BKTn7xgxfMeRNfSkieJt -pFqqrmKymO/z8vaoYSha6LQ5+bJvdWb6HV+A22rZBqOSbmOiwZsHIy+WfeV4XqBb -2vX4p/gDib2Bc3awNVdNy4OLEyrmnpoMRSIafCKu2iaFA8T9o/AS6PYsEA7Zipi9 -AwSvFyYAYVf+VCIMvZ1qHMzkaPMJJda1zVjV6PFLPrsqA7b6sXlZnwNXJu0qcCk9 -2GrLkcfseEd2EIiq5Owi4fnFzJ8W84pk4ipfhfaUBitO9nhZexKCVxRECRM6TOhx -yoR3B4fQZ9bBQEraGhdVVoWltEHY8lSBZ/xu5IfM0DMH01VW8TykCdKYaf2qLp4a -kQf/ra/MDFMnQ3pF55HYLNARcV2s9Zs/oNue3OoBLMuFe1mu9ibCF9lNEwMvePhl -j3ZHutlZiwFCHrgqtWqkumG6AgSZnNGUtQp9DNeUq/vnl3mTONLIbo9qWzkUWUZo -SwSjrAEFZmMdANiBou9z/8UUneVllZqQt8OWs9APqq9LF4pZ7m+Jnm2hHNvkL4gx -F3JBvoJQzjNDyPWbsA00NUycOFx0J9ybtUdyFr3X5exvBK7B3i8kQ9+b+z/xRcl1 -MNwM/F5vo96vbC79n0DZqbaad92fmUNToB4f3ZWKE5xi7D2WBqX/6xuWKDIVotts -WRhdEOvCBPAKsyARSAjx5ZPQou4VBoHD3B1ZghwpWSpvdJZy+sfq28znLN+tn043 -F+8EMB+212Ol4WAJVnxSdnzNou2FVu5sSorvCd5jgBj1T535wjubnZKXjkthe2TW -gLAKkB+6cuMvSntGnTEPw6+hOVexCGTdk8RilqyA2osuaID0hjivGJfIoljL6SJD -mPMRPEgl4LIlBohfzFSoupdsRWyfpxwrEZp78iAEU0pLHA//iPpzwPE/mekcR+f8 -UrJMVU1u5pxnNlUrktFKf6eqaxfxD7+DgVqgP7IaSTqSMz9fYxomLBOfnERcVi9W -WpjUdDRHHGD49KCpLA/QXRgig828PnJ6Js4V9vjEEVUCd/n9B+pJaqt3+174aPf3 -dVeXQMK2LO0On2b8yuMmEUUNZvH4/bEAD8XOcmZqpC+KCqsyRby5pGwQdQe3Tm0I -6qRH+r1RWHAKN6KHacE4ntttC0dM/JdW33Mseb5e/Vmp1/CLc2G7jV/TRVLg6qLR -g20nBNeLERvAz3d36o0szye+2UHmeiSAVg6IswWDNNTrMFoPIfkHlzmK6WUCgggA -Y3K/yZn9CLV8uEwf95h3AwTA0qESpZxWmjRvrdbb3C8895eHvgz4lpYrji8/bK9M -jMHBKRwLZANBjQs9MrDEJ5BPeRp3q+HiB1CEDa2xym1sQsTVIg2Vdzw50FYRhD5t -oMQzhHyxowgWk/1Sp+Le62ioyXTpPw9OTeQEmN3uDe+k1F5zyIBrxuK4sOATYl0Z -keFTqMxz11cRXDR6fg4X4N98Jg6NLaqaH3QFv3GXENIf3caizyScAymDIMH1Gbwr -Ik7HJM5vv7EjNTuAE8vg9jfC7oQ3ZFqOnPtun2gxOHnERyzh2nBZ5ZQ+FTtUYshs -g7lA/CAigSNwqfAAm1o3djAig0IeGRwggb62apQIiLBGP4vRl6ud2+JwtbmwkRsw -BZEc6jgfIpTh2bjvu71MAvn6l3X2k52TvYBoope+oK3spZ5Sn2dnvgeISNG/WiS2 -9yenZDNh6RD8BbqGsOdaEJgspm/LV0noJyiIzXFAasHYwNit+8ZSnF4vcl+pfD35 -BBhEIHCn2RD3yWOLfd5dmb4a2+4Lzz8XGmx4d5mVzIo/uOixkMXfS6N5uaKPk4MN -q6ZoGxYmFeAemS5SSJ6nY5i3J2JtTekD+BbHejy6n+onRq/453cipF+DAeQ6r4E9 -d7tyfFvlthhCSsGtHpjVm1nfwLOxY9xkrIBP3twadx/Z05xgTuPqEOc53xKD0C+C -ErrAmDhmfyT+oPmUPYRGAIlNr8yidkbm5h8L1d26PZYCmPJeKMU7LlxPODn1URLY -hI2jZx6iciOV9zQje17rM9fAyF4RKzeJt73bfXvSgrnUwylUolRpwIcz5j+pm5ya -W/nb+GWoP16n8rCxRzgy2GRaYvqiJ2073eNKm7BSG/Bxfpeea0TZG8c3HJqlXoEn -2dhRwCyfBK5VDU8lWz9ybvXKZC8ycMEF/AcKmB4ufHpJPK0MEt4bvsczuxcQgv49 -Bn+poTrmT8H/BpA0TsHiUGDAQV99UxVsadQAyjI4hPTwhOdDiaI3cEeTy7+JUO9Z -TcAdOlWVrNW4p4ruZ2Nx3WvOdVAtYmcy5WYWqdswK3YwBSk5D6MeCkPSQnt71mri -pRdcMSgHNRPCZ53wr8DhM2k/eTcVE3adRcsQUiqExN0e+NWmfwnw6Csa9zjOzIhK -o3hmDO1LlpihhJJU33kvvWG2RcKsUcMoMSJopRkCecEZUhChVhPQ9FviioA1lj2V -uENimOTaklvG1RFlh23p8QFWgzUkIqw8sbbGiKzjdEIDY7b1QJas3/6ihiRiNQGt -XFH6SdB+RACy2rSvNrr9em27tVRyDXevuLrKr66p+FSL6Kucfnt7h5GD30xgkrlJ -5Jy2bLZTjz5mVEE8MGQ2J6IQyqtHSktJ9Rt2P0Q0UVrOkFmC5fnMRCYt20/rXTFj -c3CDfXcFbrVLcvxUqweL7FSbXkZTrxKb6/F5il7BEERzDoPxZjX0OjUeXP+0uE7j -A94x+d6EAKZrxWxarBf2Zw8aFAgUfHWhtV+zmcTBvvOcZEB3/ad2U8qcJMhAS2M3 -SIRsTgML8KnLz8PJaTJvN1fJI4mxy06A0nZaCJF6sI9J0hYopOGajiCZY3LTbn7W -MfDdKvg6wM3gdSw86c54XwB+T8mhKBfwqor1rALm8HtRmPnUsYnvFx4hkJXJiz+i -ggKOldypPtlE3BvMlpR56Y6LJO0ES9Hxl2GEGetyj6WUtbkR+9xLQUZdz7TlBDeD -qlPsYaKdRu4b7Fvqs08lQB7KG8r7VkcvtIM43aPjV8jwsb7hSBd+pBIXv7h051Wx -ElTl0JfapIXWqGTnClBiu0Bfw2ea1ErqneStAdfU55BvZ1Y+Egs1zgLSASZEMLSG -cK2bld/auDrXGJ3pbDBdvq2KDec4NcB1ijO4FavjpY5NNoSeAOqBdz6VL8SLDX4s -sDtV4xp6QlJctXNXgBzkd7vFYlsYNcsUrbfoo9FV74UUrMdPtHGGA/dWk1/o2sDa -ZQ5oGUJVvf8Br3utFvGEmuOqmQrVqrnJNaLQY3ks+/QYrU+j6BkHPCJtZjh57adj -VbiRoSoaDj3hXm++cDL0QfsIrYIElBpCNxWitxETVZVU1DywOm0FLAakLyF1Hl1v -qjXA7kP+mKdIZ3GI4T49a3ifKJhoeyqmmCD8A9Z+EyQMwzi/CHygWEhUqt+x33Nx -XZHeKt2XThnVwe8PHGFwKJQOODaDYriqa/TLe7kJh/eQFFiLUykmKFxK/h668+2y -M6+CSv4nCjgSj9QWi7tyfN/hyQY2ALNFUvA0oinvgYf7puV8MyzWSjmd6mRLbNlI -bmJ9CmqBKOy7gKhQd2WcWIhU2C72cDUgNB6JNLYukyOaUvG0MmecCsQjqrgghPRk -44NgrE4IpBi010fkb7ZO2vYtyZ/ddIPJFXaN9S9PDSHCnCNnOHeyN17eSukBaaru -MAFovMjG5toBG4NyPL0uR+8Vh2h7F3vA2PD2dAhvrZlYGuy0jNu3+vSl1mLE7BFA -VglusnmNrZrmX88MfuJV+srpSwQOxnCab7Cqsxex8/3knPgBbj7BHWmLVZR8NtMw -If4T+Y2jG85qkfU/t4H9XeHUpSD90LBlV+B2IygewI9NE2T4HsQmoHUSMMw8YVex -U1B+iVEuhSXOXiMAmaiIY3lqDeRMu3OYRMn4QZb3fkrLvyvxJsiR7auFDbh/Thxj -K1dDAW6lqLqS4IgX5sIorlN5Pj4pyraVaH2Q2QEXxEUCgggAeMDB5e1Y4HC7biJf -4+6TqImkhnasTq0UycGWs9ZEPQq6IY0wxisXNHjjccB0p2xtqYxeg2GEphIky8za -O+wGqQ7wmZ/7hnqxnTqI1EsjuNENUO4pOfuhdiYBviaQqYBsY6sMwvgBRI/nrI6Z -zgkhL0bz2cEPY4Lcddu93euJwZGEVbP6gsdbQxzGxPyDQbs22Lg47WGMP4ga5gu/ -FUySuD9d7h3tj5IwcmB7hg+FleeriwglfDFQsuCwnrR6tAl5coNOTcGRgDRjb9vB -f07koY3yZmvtj8WkMvv6v+gnGiORv5jysM4NiI+se22FCxT+Mtl2xKUtBK3B1qLG -OyoCUUtVxfvCmeNBCcAZ6VIPTojHoK87z2KXq6b2RVqdqGUlwQl+ZOLrJpAfzFYP -03MGGbZ8XDgllUWTBiKILin8dXgqSd65LsmjzkiNpYSATyERi+npStGnfy+QoL+g -MeBBVYeJLS5FQcxGQN1n5aeJ1xPJ+0T1ZHBZ0Y3rZttHNZGLJcQPcze3X2kZDJgc -gnMS6+tKyAWykWK5QCJdPfCuXsF8isIG31MsJ8DDJ2ZjgT0l+IQoNW9HA53pTMl/ -NvKsfEPM2mD6vGs7KpJekiSMui8ERNatBrg2L5ROBykwncwLi4Q33irrVwtmM4Tt -mtn5eUCp3gH5cePZ5I4QDaNg2bldYZUXVxZoOfLp7JV12Hgi/T8zQ6M5fDdg1opJ -kPiu5IdxkDv0TZ3gTnS+cXgCVuhSQ5+znYnpL6U+CEULTgimbRL+kj39EZII+bRl -c/bthIq9j2Fe5x/AO9OmW1bo4iL3o8WCbv3cfZkHzwr9IeTttQwBdi34lTjObbRZ -p34horrY4QJ3m9AA7TWjyrqyUn0vl/7SClhLvIfg1Sd1lqZE9yFSXC36TULXL4pL -aLEXyVtrDigz0zNVgXZNzQ9JjyEwRVg5G4M798qu4eUiv34bKTbeflCGM57wpAmc -wtQ+ANWvqE7k1xKoHru26FU9Vnki7W+PnlG16RfqAo4jpbIHDUMF+bxG7EuOc2AN -m3hFQwL0i4tK13uF/TdPpINpUGZpMtjKQsFEH+wPDKOxe0sdGrhAhwE9mU3Z431x -G2Q+PkZjbKS2SJ1B6x8yWqJuHQ+gFeBFIZKg94ZtAQPlBmAFSs79oHZbe/KPGSta -CdKvBwfqNdWrtiS5yLKRHfhSwZndLlt3b2pEbZopQZLELKcdnKviqYTGj/WazGwl -fTY/kqelkCxyhAxMF1ON/rao+WVmCrpYtZ8crczLaFJNx44IhNrQU47b61Bs6tD9 -SmOi74N9vHLCu/psQ4IIHcng+keXJmDMjVMS5Au5gcumbnhib3/33o+YttgRs97n -FB3JSjRpj78aK6T2b+umb4Mpzu32pgkY/0geHnkoGmDB3xFqS4Fd9FcIbv8CpTvL -+O3jXEgQ/4tiQdTL7Noudlb6MBRtOsAx5BgpmRYYz3wQlK2k9rvstAz+OaIfhjGK -xrPrfgKBh4Tr+Xa7SprSVS1AV43fJU8udV0NFlcRiai6xA7artmiN9Pyychm9FQB -GUcJvnp0HmNOqQyEUNakaLg/7A64vW3QH8OcbMe1sY/RI+DE4OCOSPazdbIsCuYP -GaFjY6nHW39n9WInBsfmVG6Y+8h9hMsDLZedK4CBPSpvIaieFirIEhLRnk/TQCu+ -Wvdiw3+m0/4DgEd5zxX02VEU45KevFl4849eJWQwtmcj2gmllBzqGAyZmvJYiZ9L -caR7wX2Y3Z02U93c533AOah7oWRjSxEPIEq06BufR0uP4j93+I439LGeeqZRJuu4 -4EMNACBeBgdaungSyANOlGxxHR3PQ0i4PxmeSkICZZUPr12GUM5hNFGMFPuLQc2O -w3sn8yEqDh4pMhqn1roc7FPQ22Sj5Dj5yg6eqknoJcHNl34csoXuWXZyXFti4r0z -pj9sPi0kuuFsPTLd1/Vr285ffLjsEoE67YoGWXB1PoPnFa3ZLWxgCo2UoW1wVf0I -6a3YrTGx/vnitFj8bPeJpDzA27FuatBy7CgolZc4v5/W1jySissloppBMQNF4uG+ -aPxjJyqQytBOid+wXElHea9xTtBgOTatUyW4ocQ2tvcHQ7FIIIxTsJcBPUmhb6Q1 -MosQeU244EO2qB1rw0D3uG6x1aYMlNJXQXrd8r3TbYD46Pz4Mhhj4hb+KvWFcxdY -/ZfX5FDbGA+K9a7XYNCQzdvdNLcv5+4/nV/HvAJrIU+pzlvZwUNJdwKvcNMVpy7a -4Kk+PzjXOdTEGLsw3lyGn/Ej5aBf0eb1ksSgx8hMO0Xq0EuScLtnuujmIjGiUaEN -7u8et6qPfvpbENSp8d5VJy3V2emk/RsJNTZtZHE7CyDY/KqVq2ejrKCwDQulQoEY -ifrBjvnwiyWpOYYEkuUooqXKtgjhRYu5Ydcfh0wuccpG3JaJpe9pHD15PIA7G2wk -cbcUbdGCmh1johQPS6YyjSP+qdac7Sm9DAfw1OYolojTshQ4xFOO1UHlMVxAg8FE -d56bFvPKFti4hglWrs7CdJefWYfDKh2HKs0TDGbTiB5sRUo4N70XACQVatUturxQ -DfdrMJNunLPTfQkqc6Nxn6XXIhLDrh/Wbhxw3347onEZ1Zvxh3FqplCH8XoQoJC5 -Em0VHM2oxDs63YhsZAAJzFfYmEf/ePEjOez4rV4o4Ub3vFTnNQGPOR130b3M+e7j -0ToFPU/Vy6b8qbxiy2cq5PhwUI0CggQBAMmnkpNasJsZ0IOAdjiwF/GsJ/Ufg6y1 -yVj3V+4e0kR2CF4euge7yADUfSE9ciebUt6E2L6Qjk3Z/Mqok8dJEcXVtb0Bpp3i -+oJaf/lQSAGYFWnpd6IMM8SgD+2LVQhMaUgY4kCP5zVBP0Lwmw/YedGyt0iytWIU -zvTNohSfkcNQVqjOUQkDH3VIGdvipuphjMzYVfv3x1lUi6haSKnFbu9/sll9gjbR -6DJID/Nn6VW9Nz65wWc/QYTiqRL6BmK9iApIq+05/kWRDKBuItyNKdUx82FYvHX/ -I2nLxnlyVo3mm9uazA1MEIjyGomM/djyjzx0X/uyGc4mXuEaEGLwKjBFa8/eb7Dn -OlZTUsdJu0nv0CBAWFUfUYXnf13o0WdFUF/cQ/H0zk1Gqi/Ey7TQ8IyxdTBSaPN3 -P9RJoRhjxQT65CwoH7l7ns5h/JdOMYOM6IUWhoygKhlkB63SR0/sTTGGyLQsj11H -2/9bIqevpz8qEhta8e4fP8PYGTwQ6SmXV4a8ToxjbRmUzijeh5+8iDEGl6nFMUIW -+yIw+t+Pc0IeFxfD/WmbpqgNZhveQuezDB4BZWFPVsxa3wZEjsUFiErDLTmwZluD -afn7orGoXEx14sOi58vWGEvkU/GHxv8UsPHoyYZy5J2SBC/Gq5cTtCSDBE+TEpHG -YXjTAaoXOOG2q7dfzro2viEu74yAlhnPMP1x24xERldUsmGZcJ/V+0e0Jdb7NTzJ -CJF+Ig7wlXqAILFyXFzL/xeD6GN5bCo3QCwPAREcDUWaHPFT0og1yKCnxxnSh6jt -oaUaGVC7ouWBVkxKjC3ftReJ57HOkTxzowRrVe6dLcjfZVHvT1ZLrNVe0AW6W+5x -4wAwPjz5thHAaqgH7hAgyYuaw1OIjgeYr1y4nEFr7lwUh26oLx380ZwO+00eVuP+ -0SSWnAZDBx0012ROfm9Ml+Vd1tK/Izj9ofBv3mTm/67ellT+DgVSwVC1Kr5A9t1J -3JxXyfy22QciNlLCfz2Np6U3cJR7L9yBEBEEyUiCkUM+n0ISJbCoJi7E50+wq5cQ -rcQXdQ4SfsFo568kXuf+SWD+I0aB0TX6vNsF9xI7dVthr7a+FeB+o3Erotgw9Vvh -p5RPPp6h7jZqDwk0c5nwADiff2tDdNuDdMaWJrHt69i8MOpe+kc3Efw1vKNutPHz -qc+uOc/FSB04sYsmPrUyX+8mmb2frOBwNCwDj7BwAIk4qd7TkTZ5SRGqLgBsZWZf -IfGkaKfLeWODywPnvK94Re5DLoBs4CsrFTjFZ+pLBnQmJT6OIWXRBaIFVtc6L4wi -ARXWGbTkp9Q2LK5Q9D/EepgT2DVtBl/Jg+iO/4KCinWaYEmMRWDJveECggQBAMFh -17lp6G6y883Pj7qV1SRJH6VfTW25E/u+060CYKsxIO3c/bzb9Q+vZy1N+rWmoCJb -GX7NKNr4Ahu+0+En8E56bZ/Hio8yM+alJbYVm92UReNpz4/RhiyArGwUm2PZks0J -fk1Mhz9ro0JcwnklYmnO9+91zpM7Vg7RDuYdJhNN1euzt4EQkzn7taaXat6Q32M+ -0jjluM+uyP02Bnw6BM0SFyfOaCekzr0mjdPtoMMHtId2/sQIQADz3p/3u6TG/mCu -BBr7XU4orPyMuYf1NnzFMbzN485KZNQJZ9iKIiAowFrzUaDskUsKXddrEwh3Q0e1 -Ia8w1Vev/MV9hxP2Huo8QoFcifmv+lZ2m0CubzFkJ0so/Xw/tdEia06hnI7tHSHO -6Dr+H65uWrWQa7Fq5aVy+WLT7FKmQpF4x6/j7oFgjy1tq6xzt0KrOOAM41JyTfSi -f2xQkthjze23Fc0mA+jSg6JowdMQByhkUTK4ZQW1womNPG6biyRfc7ahZEcqoEFd -KuKviV3K8+QfHcD6xAq+VeaGua57Rm/bA/Usq6b01vFef5V9vMbcOBMABm73YJVN -4ySeNCQwiLsUTUePKn5I7/KoxA7LoI8pLj3VrCUj3xh/nmEo1QOCc1JpURPndBy+ -hSVjTOXt8aHUP/5MZ/3ff8CTFH8mv06rRRxEIezNXY2qdUPcaccqP/Z+fYE6Fbni -k2GUa0AHBqfBWkDAuyRlSwotZIhXm3WhrmqHactQOf+ael+kn0OY8aW3YUA9V45Y -GtIl7LiqnjN9GvBOjhJn5+4nDt+x9Dyxpb8g5Vo8ryWoHjW9YnVjwHebvkckVbLn -Iz+2Efclaw3PPSElDIp+k8oS/VaVF/NIwZm/HjjH1njrjICjC9dxyhzI9LoWzDgQ -nDmk2aU9QNyAcZUuNol9yMkOqa4Q+8TO9vm7B0zjHAqtvY2t470O/QSj+OwKMRpq -U7O3OV951lW2F+VB5foVN1KnbecmaY0zOckudJG7d05sWmd3/pDKnWJ1NWUy5+RZ -rmb1vzuT4Auxf/K7hnxQ4w6c4b2K44BIrNCxOx6lhdwzzTpvFE/Ll69ZE7398Fwu -WhK7rVE1Z/oAh3ahgWpoatDxwAEBeCXPitI0VmoQu1bRv4r0Nps7Ak//kT8lN92R -zEa8+99mQSv9mxi6K5ltMFQZf1fq8dthEx3iW4Dg2c5NlCWSy+kwMc643egaQca0 -wjPsUK3r1U2thVu029OPmgwS2ZM34o6bOo6zOMMuMbX6ijb2KWF/0BNFzS0Jyztg -gntZAGBqNKICsZY7PbL4d+9/eeyZJKIkrxj4nfVqWMNlUBtwvFg2MzsyiDje0B8u -yJUjdRXeVoy8tI8YtAUCggQAVxcYqE1nWN6dCnmgKx5VttiJgczj2Fq0bC0zrEGW -t4e/hklh5FWgPA8MBIxA8JbSf9SPgt8VcOBKMu0mQ61FJyN/1pd5l4AtSGZvO72W -eZhSHXrBh/pstu+oYWTNk8XLW7oHSiqxSL/2bM5Wpcy8CBiTC97b/Od1Joq1Vi1s -Ttj15Yi6IcsOEWuXS0yNNFY3zftPUwnVXqDa57StYcsbofMG54zvxIsK1LGN2NYA -45Y7a+ghZgfHc4XY5ZmF2zI1yeQd1uXI6IVLEYgc3/7N8WxLlGQJVtHad7bVVHGM -xjfhIYm0ZiTkVwPykWWiPUTT/u2lNT3EScZ22VULkEHEkysZlWEzv7rWozajOAJy -nxkIPm7j8bzcs8/lBOvh9iB8OqysisrytHCZ7MyYlXrbPtEzXCOr7JlENLN2J+1t -o6/ay53kwldGOlmGa++TulV6zml3OkE6Ukd94Zg5Nc6HBJCrbSwZfMCJJU7SfpK3 -CU3GQfzkdHByTwEwk+GTBha/Agq0x1zPkXoMt7G8zpwzOogSRiwdHNwOC5BSRGGq -b1v8Aht8rcyrdIIA9R4v6//b0KEsND0DOGbXZUmcufZog9d3zsw1rT94YbNoU2Nf -gEq31URDJnm6Egy4DI3SIpDCB//qxZXxQ0/mbnfqI9cwGVKyd2QrgsDb9+SQK0NB -dBzW678hR/2JVA8QIm793xfotTfZgq2zvoAf93NmVMD6gPTTuevSnOvHGHL6qnS4 -WcqDZ2JM5gLfENIVFpaca8Anf+DEm+PaT0eABYog/t71yQof63PUDW+d9EKbCoA+ -t5pXPi86D8PN/nRBc3nwch/XlUAJwD/MHpJ2N/PJ84EwEQvc+llKnKAA9U0xYCy6 -57IkBJ3LvYTlotFa+LpQtjdHDltZ6RkO1o8MjZRtG3wfrSsIEplcr8DZLTKlvK+t -0h/8z8h/7Mq6xKheAkl/uFl9XxMd8A1Jai+rvAqGFThqvCs8/dELkRFRCC3xNdeM -o1lqTCOSrEyqWQ4/KQeMa56uyDT3qE+jMdbYzuxP3GepP71aTA8Xg72Rjuyo8FOH -UpZWPhUCm5uOGNS2+6hJsFzSFYj9MD4SJFifz3vJjTIgfZwPTVs2d6/ej/dGcJ3X -Gs152cRpRhmLLAcUew4+8UPW7dt/DNBOV6FKwmq6E7bGuuP8XM9DOwqkRY5hN3TY -Ad7M1c1GA0jo3uF9sbNfe4OFbQC+MlvNFz/bU+4cZu2QPDfpvejverCYMUF545hJ -zk9eDchLxmPGD/wT5BEZKoh3drXGf/HoZgKgEEF3idJ75Nik02/Kwjws60j3S+ZG -WjSq/WE5wE+ge3lUOlou6vPTvgrQwu7A2vFQcneoF4hN7QKCBAEAtS41nl5KUQcX -Xjp5YpBAM6ggGVE1fAM3kmKvZY9q8wXmOQ5FNxDzCw4MlDSYLSz8yUPOqLB2u+kY -FHRBxNn4Tu9hS3/j6bqfuPfaKYQ7n0knZmmeVVLoPQ+5CjV3ATDMN0SznnAFWaLc -wVM/vZBHbcS67U0MJvu7dGKv22WpoGVXuo/Q5gPwJhseDyJ/rJ8RxDKWO1BPYwQF -xM81CLFuTVdyBngC6nsmTu9DFqAR00IFQ01L7cJGa20937YLdkilvnf8TonUCE28 -zGO79AI3lCXxzdBVEx6N2zghkwRlQ5QOGAGvgoy2FnduD/frJ+6l0vJFvjmydX9/ -iKqpqwsThJKO00Jnr25S16WcxwFD4eJ4pzQlsxFZ99JTPsXOTkf3Paw0693EQozN -YHkJvNoPZY5cgD+RusTqTz+UHllDEapWS9Dz30TvsboA3QwkcrhZKKnfn7l2qxgF -vrMqoVsHnWdo1BBipwwEdQrjQjqJ66KXunBs4GF6Y/LldqsVKoPKzLYLLmidPf6v -fEWjnka/kr8c6iHxyaeh6/EpsXA8cF64ZI091cGz+xGGhrEsysUsv+x3tWyknyTk -JpbyCGwKck2bm47tnNZBdWatV3Ky4/WEXDcjK2YP3byE6HNSml7wK2P1RIcLGa2M -l7gszcaJYQCF2CwiKMBcANkKnHuSJIMl1YWfVxcK/whdMOotcO2FGpPa2cDtryLf -IvByVtxuStBao17O6FD2XadJwpHv/aibALiACY7qkmqMVkpxzFRQsOhM29Nvqc5C -q/AcRlez2KRgHETdwKZ384f6SIEEO5b0JDMfyz7oKPVYZhT/tx22Iysniefyydjy -Kv/zbShduPRzz7FqlaVI656CCGQKkO/ysPQ91kunFYXHR2W6SDRXzjiV55qBvXdN -/gg27XpywJBLek6BtAljW9M48SFbGU1ONvEw0oq0+7wT6IsB5QYrrF6HXywtJl/v -oHVTi3nCFeX5a4YqazEogBlkYHqGpcELm9PeS/e9wSLhPqSMZ5jYoVxwIRbES6iZ -nku9X0LZlipCa+iLRmU2eh0WWCTveOQNnYHgAWcestTqtIJUpBARvl9zWIa0uCh4 -VE67gjGuAy+7ouyeD/5oVAesmea8DGWDrhzF5H5XKLM5mE3tWvxdhUMy3DAEAtdm -3n0g1b+aD8Cn0F3N4PeGhLzbDI3lZhA6micyKzyiQiATtLix2z3x1LiBR/mL+X6i -8UJ8FAzP3t8+yQgHOE3D954z/F15Ec8nQ9/hiEVk7wv3BsLcoZk19uXSIjbgawK7 -0Er0g6u8/DYEqV58JLIRnlPCyEhBCUrFAyNwujHtYx5Ic5+rOBQl0zEUMkYKwnFA -dxbL//IMnQKCBAB3nbaSs6YNzEolRYF/ha+PtpvwMSsLf7HV4ug/CTSYYsgHOXYq -pOCuQXDEv799yFnNmPuHMF68a7P3Ut/IJbakmLoAw8kcarh3AhSh/fBNRaOqGsJu -2X4t0mNfEqA6C0FtD67ykadsbKOryVvc9GNxVY5TxfdJtU9mo2Yl2GmwU8VFpQz+ -N6wZtiKElKPyaryN8uQg8IHPNgEuMMNvwTe8WUBPxD0qQBhLj8P3+9RqQQSfSzU1 -O7TW/ZX5842nwAzvQ3pjheaXMqyLLMQdK6LwheC0ZQngJZju/n/KjIrObf9SExtX -OsHtqHZFW1nm2zpYsVxYhsxObLklBGRuJLM40tS3P8yiuzNRZBh4J0q3Kt8oJeYO -ACHOhPwfDNpdSOAqKH3AWsGmqTTKBoAubECHhGjtTX0er/Z1ZxkNwgi+2nbV6qRj -+B0PcvnWA6kcTW3iRSOYMJzgT8RhMaVjl8cwm2uvzm6R8fWj+ICPrc6Vr/b7+HOQ -+7kJdW3hEC9xDa1LUv1S7JvJSxhfpqd1YJ5JpW1P5FNDHdgJpF9GADagdQiSUmuK -96PlLMyOEDebt58aOtjt+q0PsNFtZBB3h0Ec2KASAW+VYfU+ELoa8UOO+BhE0KF4 -A7knRy9Wl16A2tOw6O9n0F8SFVvLhIi9MjLJ5du6L0YsslEXxs4UT+O/U3dhO5po -d+ROi1QU4HuFiX/KFdEAnglFwkov44l+r88+H+2wd42lUDTC8qwpI/v4iIaorom2 -C/zoKsOZ/VhkLMi4BvDopBBXlUL5iGX3OE4YK+pnb/Zkum5YAR/LMRHThKIEPoS2 -wORHPzqAkQK/N6x8or3CntEzBn6pk2vw8MImsx+pqTgt6U4YUtNb7J+8ggw0vqxN -6uMzCCTSGRUXj2bjcS/TfyUqE5hfxSYYsaykmmW4GKcQMZNbxPq74dfDCAvpOK0U -AhO2cqpyCRpHhnkBFi6xsTsUnuzlLsQKPSdLVMo5plRnbbEjqkSfWf3rpjUSJ3wQ -4zJ6PTsoKfbNMqoTnAGlLL2FKxLHs48E1Bf3oa3e3tqUklfq657/hokDMGo+aVY4 -nd1vhm47836lvHej7bbdnFKqdf6U35LvfrWEeXX2FLERmj7nVAmWr0YVLo2JUGpF -2uKc+nkWWZul/U3E20TIRfIhABmhuaLM9rh+xRrFNWrdPqIOHZlHLHCygGqT6S9p -Cy112F54QHvAqsgEl7UTrwP1B4GHH2Lw1jMq0/G0ynLN1DIAPb0OJFUu4uiGH53Q -SNm9MK4c6QZM0HxFSw8T8FjZ6cQSOr/jhyAeJl3jV2zxgnBx/a2ZSYyVpXEoR4bF -daIteqTVeQyC3yDk/uXh0HxF9cDFv+wAa/KW ------END RSA PRIVATE KEY----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/prsa8k.pem b/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/prsa8k.pem deleted file mode 100644 index 757ad960..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/prsa8k.pem +++ /dev/null @@ -1,121 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIWKAIBAAKCBAEAq8BNlCMQBMAv5Kqy4eVmoQrQc/GcB+r80DsMNeZhPBGcLkxT -UfaRTOeB+O22rTpu4/1+TfVg99cjHFGHjet6Nv1twPYtZI7KJyhoWNCjV1T9rJek -UOiBO6nddcxUM2SbPSbzlKg9fiwM29e+7jenmT0auV88psIQG40wPhEQOXfLdDpb -HM8DyN00EQLiAuo+VaWYndov8emr9Wywu1InEjHi3E3OO8Tuzhq5Z1A2G1/I00SO -6NOAvcP5lUGxECgCsos9lhpwP0wmgB8FyS/E5KsFYepIiNy/JY4KygjyT1D12/pV -dJgjXNcyL/WdMeIfl0eezIX27ywDDlnqC+6PPbEH3UTZjLcDYltq5UED/2937y/4 -i0CY0eUmT3gXbjpFXwQLbrB32nrMr500xNCfC3e9zVsJWO5+Ivrr1126Puni9bnB -2Jf28wVuRZVzhVHmVl0xJ1IvdIdghoZ8wcww9afGaa7N+LENYv7qNXsC/3bZEQy3 -pd03Yi8D7UtXdn5UMv6TvC3senenw2Pog3W6wg7GqN6iVMRYNe8WaXYLdh3EuT2H -phhsJCf/ooYPxir5j6gTiV2FA06cH3c8AR/cmPNu0/zpuIBuO0Oze282chEA8wp9 -pJDy2EI1bnf6ufmamHq3iXCiwvSNUvei1T41tAbHg4H6y6weCAhyGYnc+cvPoqc/ -Nm6IiuoDg14LXOSvkBmLwFfuU9P+vyrPwHdGiC/6szHX9s3ExgWLJSZQxJGXGlZ5 -8W1dm7aa+aad3mcW7k6IuCytyr5zeNryTrw02qz0peXa+8SY9qCtm+NTRI8tk6cK -kjNIFj6nyERDT7smQSqVqjw2Jb8hXagomU506zU4qo9obppo0t9fSzZkWhpo5/2v -hEmL2lpg00Y8fZVkClmo/2m+VJkgfX8VJR//9EQ2fIyRut/WPJGjV+J/Oz/2UBA6 -WHHgIJgcPNvC43+yUh2HmE+dQ8VgPguJTWKdNLZQ5NzZgJbMs6Vpa5r1ukksnG+k -ZoIQhnd/7FgaMjhUzXpJObhrNgKDgrYxDAfO5tOIEfoSmay06ZZJrkN+H0S43sXo -t6XtMPe9KDhCRAnziuXBpmtz9dtuE3MwZJqd74n61KSx2D1S+fNxdRruqnX906GK -hwXQZIgDW/eI/1Xu5W5QHO2w797RZh6HEtdkAiF4aP/zgNkeYzRV7r35itn/lBls -LpkhsiugJFcziRuqLY2q+cCL1i7v8+QB4+MnRPcdmU7CYxfNjBu6/EzrYAMLfun3 -giN29Hx9HZegGHawZ97wm8YqHuOwDUfAlXqCxAGOQsoPh64dexDGTr/OFBEQ351M -6kokFQ2zL+cWC++kAlPQ1eHFBeHsnQNLp+cStwKCBAB4EcMKZiGUHWDm559OkG7d -XZrsnCWn+CEilEzVP8c2J4oLdVBgo4dAhBnlv3JfxUnPLQYC7GlpVBXXxZD0Btow -iq/aLuCeEC1NhemjM+5lovun0PBdzf9rQ184GK43FulXpcqW9v94Xbaau1v/9YcU -XtLyR4LRYH1xZPGuCz5lQ6oHQs2Xg4fsBQNYhkXClE3c5mS/Lt557eMcgXL6j0pS -lBib5gCac9GQ+rUdU9aC9fb8WALEeRGJ23jGjvfPAOSrmhDHroUYeic4VIlu8EeG -JCuhQb/cIENgwF5Ck+I+ikscHaNF/nD0kygDG0h0uJg06QVfhLmBUVVsAvmrzYgk -FDVjDgFr7yQc8eJks1getKBn1T6od9+yyyo0Gh/n2fDIv44B/NcQlCvQYh3e+vOl -v6nU18n6WnvBjKHK5M22QOUXxr1ILUJPXepBIhimJ6gSd0BdCV07RDcObRATOQ7Y -czRe9QvHxUMFVUHE+Hu5SvW0HUbC0kmMDVkkOHBKt0EpQHxhtJwRpBaAsBM9t7HE -lPummjlIX4FGIgfDkN1WH5PJMnmb+T9kFmpkpy/qCJ3ZqV7YZp+cVJA0Ciu+x4x/ -cx9ThaE9z9YjfYWNdhzrzPFaGnM9LqB2kqo1Q6kf+RdKJFpDN68yNChenF7WYiZf -rJC+r4moo6O/ZIABN3U/LssIsdFYaGa4T+bKSicYpw+AsBP9GOGB5VCFJBP+7rER -hLMZEFDekOY2Ce9ir45HeIkDfiAHNF0DfrDW+w9peY9sLOzYE6EVe5Afq3i5V5/9 -9TMlilf9KGXsbqpTVRIRjjW2pggzXf3eKyZpv8eKStGFdPyvXVtHVykhqSsehQZZ -RglKGjK7Efrd3GlAvs5rtn+BAiICvYNIb8ne0Jwrx57MDWRBJD1LXJvnKdg8jlC3 -gOkCyZuy/TTpj+dMG9/xcd1JFkH2gGCGClkrGyHGpSQZBkrJdhOkcR4dMcC93xlK -xT1yBDUHRFrxX+RVwTxgtRzp6KNrKuQNMriBTk/bnhoalTK18XonVE2t20fqW8a5 -MHGsGFV6kLnkMMv1DkCNTEg4f8gnVe7ZNoEEyTplVZgM720stn2gC0q6+VWHmKwg -JdR/r95RNZsHQhOoaA1wAAGJHOhZPk5bzSHiFw5dbY+LltxbPFhI8ots75ipqy32 -0f5sjBCWJz3L6UL8canJatjsn5CLxOwl9xAM6P4ekvt80303cfqDFz4/jRgSUS2Q -uxJcjBp2ZhDChWJmuQCI1Ilz37WhlElMmrPdjVqUmLkZYSt4OofWywLcux8WGr9g -x1ygEytMJMe9p04ujxdc6O2GxfbWM+sIWsNh7jZRFTB+o3TKmayJTXSN5JF0md8T -AoIEAQCACrA1tH4VjfVL+fV5ywrIJ7E0SvzLn6tQ3r1XW4Otqj3OrOoONh6IWICr -Mi/E2yiyn9XTaSo1byEDTEgANZQDQIfJ09YJ22wzDT+D0oNJiPpbqV8g6FJ9Lq3f -hTIdzOlPl9RVUTpmcOoEimuv8Lg+Zz0pfUMADCRW+jOcKFTUy6MDLfBZNW13zDy3 -2qGYYLJ+7Gu2rtFJaqhHIHD+rfiIhU22Tat3ZucoKpWt8DzAIrdjXkQAutL09CwR -plaJah2zwLRhPsGLuohgy37rDnV5qqHo3JsmjBkcqd1wY0YWri22DVtsnreBgz3U -eXvYC0GhbKryrWjnrOYHDuzNwWx8+g4eZCM8WDoK1QY3htlMFDLbi2k9NAPSCjyM -jRLJ1rC2lURGi+wv2UE5imLRy8bL3jArKo73PKTzzfr+YUFEU6bPXdueVBKnLzhv -ukL9qpOW95GYExDqHZULAZft3dVbNL858NgeHpT37W1N+zGDgePhF8ZN4h4v77SK -pcQz2tTzUPyn5VWJxyU0EKYhAV+oYre4VNNVEMfr0X58JnqoheY/PKZLyRZkhXLs -PT3D8HxuG+cxRKU3DD5URwjgmlCbUW3v9pe8Pe8QxONf9KMPzynfDt4MZPLjaJAL -sNv2wEoJQqkNbBo5cI/Vbwnz7GNSfeXqRI/987qa8iO16TOmCkF9W8SbddW3JVRn -+gSeSityUK9C2sCUm9vZ9ROVrQ7e3+0jlJZCIxX0j0uoFov6VrbPgchaH7oxRK7e -bekR4QrOCVmVBkWH9/gdsFeKLj2bkMbs+36p4PSuM1gXDeeA1V7LPqJySJwibWRH -+mmQjXlv+zBS/9jj4Ow9FlI4ygqigN5uT9CqifdKjeNH/giCQYR6arJINl8avK80 -OVVvrODXNCvZz6nboIxU7K1RL/KPJYItYl9j8eac5xFSegrSKcJZeix5nmhNZj5d -a4yaW5DVwaRwoxdflC9+qULdzrzN+SPxrtOBd3qm2LcfuyIQal7dJoZjRa9lz8uG -j/6eJNoLnhgQlEw++yPRtPLC/QzHs6/KMHKAMjBfBeKha4EDX06jb+EkMlKG3X80 -Nw64DeBngCkkNhNuDBGMTL9kWI2JOfb+7Z0uyWn3X5GCJvZ2KHaykK3Y5wRLTkm/ -1yrdBJUhE6SzBHjKHiPDq3fLkPEwmmRhFRDenxWSSqidTphO6+KIVgahMxBNePET -W2Y8g/dj5mvxQL+UOKRA1DVMyHR0ry+MsmZ6alQoKP86fWQjOMnn8G8GGQCzhPEs -qrRFobpoC4NAr8b2wK0t/75vyknMw/V1Fji/qdvkkzSEM61HgPJ4wczuXOexKv8A -VtToZyhHd8uOjt8a0YlHxm5MB6HLAoICAQDkbPadfxru1juQ0lbwElQljp+XcvLY -RaDpUmM8W8yPK9zYOt+lLzdpZzqWJRHZXO1J9jhCmW3HIeNDsh/Shb56kNFlsTBA -C/FJ9SgeFghHznAcHnhivSQUqepzd03OCZssJwZPIP5+bx7HdS9pGuTZuju50Ff5 -ZRJOZeg0TXbFwmB9Ym97e81zIlbQ1Ul94IYmxRHurlu5jAyOSHaz6mGcloiOVu0L -3zGn3TTp3Qvhl5p6GQUtHdi/NvU7MDaaRtIMPXYjJWlmFJL5jxX8FFng48y/pqKg -F77Sc9ZQnQTkEE5bdeccWoFVQLP5rNrgfT078i/eB9tgMUrpOb2R08oLigj6cSg0 -JjYm3DfnSqPFHmTL5IuB94xfP+ond68bc+9ru9KMp3gKE5yK9ppICQ8SFQ7cYli4 -wcAu976ke7QHL+RKTxUGXZRvYrAXCanPvXqRFXDUiLCSs8CKGJNYLo+gGbmldgkm -kB+KJrEPduiqJ1RwHTO0/K9XM4h98SyKM8Ee1pzDpkEvtYR6YbOfRZ7Vomt+iN4l -nxi4q+jUSVKCaP20VoTRky5f9fSzc/H6SdZVSk9zZ0kbbQvYiSBD7qOyfyXJsuBq -+fv8baZgNmo4MuQQE/mHlZOg65n+66oUiuENxhakW1kQ3eBByiO9t8LUnLs6KhX2 -9iQ+AaC83SW6lQKCAgEAwHvt4xwp2nZatFcK5GnCAokFV0klfspIw1Tt8oAInx3F -nKU8kKl+myv8FXU8E5zrV7+0fWSAVTaOiC90b3dF96ozMPYk8UyQ1GAWtlxIqfW4 -hw0LSBzxO/WaAkIoGClIdNFuo2hdofRtuofnUQAZzbf0bTlFLWxjQNQLXlOw5RtY -6WElkd8y4idOmEIDanNk5yfe8UxHlTTIGs7aB6Y8zToFWuhUDHlf7DflbxYUGqQz -k+k2nAm0oxhsBxcEWT0h0EEPtOgvHGysWIe7Q7tUrBk1eNSJsnMg1mQop4cQE0Xz -9GqXpui9QsPd1MICmzPFf5wKjMLyij6R/H0ptbfsNRy+nLWG5iOU1N0ANtzhxO0T -WqxqnO/tOoGNjAHjxm+AdMNPUOFySjrKJVewHhsgEnd/nEPuJ9RAXNxJ3T31xu/h -zKOmkxnHVhTFOm2HPkxMHGLc1nOdBwtnyzi5Q2iU3WVoENQLfLzVcgnMkjWprKXT -BAgwU4LgvlfunJ5vF0iEAlw2iv0kGzGFqZiWJokR8036rGz8t9PWPdKBgRyU17bT -8iN8+9368e6YatrBlpY0OhqDngxVJXzQonCV/c+1E6TVrjw92veZ6zA6F4mI8R8A -cHNqgm6Qlp+vEPwE2SDvUJgoLHG0SinWiK9hcCK7gclaeVLJLrG9dnR8rkvGkRsC -ggIBAKc2yOPExTsWhNzKOiloAy5CB4s+ZjcqLBv8YmVBhcAyoeLKfXS6iN6sSsRs -ZZQVr4yBHConwWXD/fjFydXui7fn/UzwDzZAcFCU4KVKeeCLO5fcbGSTe+KaukU1 -JFDEFXgHNsyC5bUPu8naPvxdlRU876GMej/isjk6Ipiz7P2rMozNVclP6QpIOMdn -ZiypxC0/WqJ6kG11qHDSejwJvS1IgRFp7qwZcGpNrPkTncAWYpnPbFxx/sLRlp9z -wu9/Yj2qVm+nD6ZY2edMHIxz4UfaUrfsiNitLomPoqOuBi03HpGpO/exLWpRVF31 -FYdntaewW2IDxnZrHjFEfU9CpWIDSd6lD9LuRNoNJGfwTS/jJ8ktHGKIGISylc8Z -1bg3tlvyWlQK2QkTwoIV1/PQgQInT1lZmSEpDE88/H5nwEz3Q6oyrHZaNElTVQZC -A4wxOPlVPdCzisH9sZqBUWI0e2bz4S2UjTWhDIwih37sVbhALisv3nDxjdfOvTSe -+Emyy+edZFyJ2nM9VeTZ720Z7ghwfvpvuCiIeA5Pz7TiU5b7gspkSgeu+UlNo1Dy -7SH7AV0L8vNZPJ7Q4/OHKhor9W4WcEWeVfbjxen2Ch+JFFwhVZqGVKbyqZ/1yDRR -nmD6x17gefO9g1kgyZbpC4f5eircIdqBZnkbRKxZM/YloRkTAoICAGrtwCs9lgHA -qG71Qluqp9n6tvhVjJMe+A+gOx5OsCfT0SbuTQb+dA3J8l0mFCIxSmW0nfi1HPN8 -7LoBxQQKvo6YbdBAXi4Ul4OqKWgswsLTDKV04FUDokYW0/l96OheGbAY0UHRShzM -ENDLiWKOPulmU7i4Tc5XfLz6GqMrreFmOCuRZVrUCkl4VoSv6yBNzJLtciGH0tX/ -vd4YcEYF2T75i4E2OyHoKsEoEDF5ZTUoDX4pb5qCOkuqe/2EakdpOPZz+dC5AvqI -THnojrSRlMBUDALqskwWQLBi5OC74IS/CD9oBhQH2JGFyT527x/lTaAUZDQa5hum -Why9wXSInjM1Xd3b2HZFq9Ni9pDa6v1r0f0xHPlekYuKnHJXa69IgTJ4fEZ5qBGz -Mk2qnJN+c7HLNWMcfEo62vIcjyVYoc9w/KdJFApNu/1L1BnKeitcpNZzKU7iXLZb -8UuimHyYuAujD6qc9kO5scOiujeKwltu4xvD86V5lb7dDxTNjsXEoGKoiLP173aG -f8aA5D4yqxONQjNXHueXhxoB5oHQj4f2UbWnZkg0SR9riyo21LU7DH3nc2COaFKF -4cVUsqfz733sydLLRit85vnSC8NZDXEUJYLNXq1Gw/hMBKy60DPkSeqMc9rkKSQ1 -qJnOB/6ylm9UKovK4rpxDU93VW6R3qinAoICAF8JSjPxZCDfJq9q14rZcIaJrw/z -+V0U28IMD2BCTqLwYglQEXD9aONdDWbQJlC19IWUuQAyIu5GTi3DA7sSbYdXXWMf -EV418orFrerds2AENx0GZ/cRNkJ6v3so2oZndNMY4FnPk3OO7Jor0n32X2/lS1ZG -0ZtBV4XDLY+FIKEyKHYCYz/h44GVrL7biR1nqM0cWDRelgIOabzoCndyP/O5IPjp -WDCx2jZwI7s6T7FEp3CB87/4T6Dmat+PPlbAnJaQtqClGTbekFFix5jLsUxvPDBI -ePpGSVmyw624fFdSXy6NiogPjHNUMKlBjC93aZGM1hL3IMLhc3JoRD/nb/bhPndF -Z5HUVveNrZHBJqp5cDOoy0REQmg+ckkHI1AjrAtt+mwqFpNzqibqRLSRDoCse9PQ -XNxi6TpvyrqFcM7DNc/lEOAJKCvyHtFJa5nYo0Xfm+bUAgQXEfE3Wjnu8V+SInMH -I9m41ty/qsUtsIf7UdPF6Io4E2BkglzuZW7CIhzHHczD07+FKx3Qi60t2WGZoaEX -/xmm6WJ/33p2vMhzb7rX+pA4LV5JvSmB5hhOzIXID/TvMFC3fn7qevZHztzlKkCu -WRWNgGPgFDE5adPTysZp0/o0HULPZ2FbOLrSajSAleef4OowVeo6YPIPyyTc77wd -7PV6VCK5IPzFauTz ------END RSA PRIVATE KEY----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/root.pem b/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/root.pem deleted file mode 100644 index c72db0c4..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/root.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICazCCAdSgAwIBAgIJAIapODtu4lC7MA0GCSqGSIb3DQEBBQUAMDAxCzAJBgNV -BAYTAlVLMSEwHwYDVQQDDBhOSVNDQyBUZXN0IFN1aXRlIFJvb3QgQ0EwHhcNMDYw -NzA1MTMyMzI0WhcNMTYwNzAyMTMyMzI0WjAwMQswCQYDVQQGEwJVSzEhMB8GA1UE -AwwYTklTQ0MgVGVzdCBTdWl0ZSBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN -ADCBiQKBgQDGRDXC0puY9VW7WGUMrlbWebp6w7NZ1gkaDueFndEZMmOhy2zKJ63n -XbhT+lCTPOuRQggRXxOkMKBp/bNjr9B+gDBX7ZXoqXpfrOW5Bq2QVdACmZoCPlKu -qBJUbVJYnmTmFVqCcDSDp8ur8bTU73zPnad82Si4cRzHDeNbc6qX6QIDAQABo4GM -MIGJMB0GA1UdDgQWBBTvK4IKCKTCXimA0jEm8P6Yb06bPTAfBgNVHSMEGDAWgBTv -K4IKCKTCXimA0jEm8P6Yb06bPTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAs -BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwDQYJ -KoZIhvcNAQEFBQADgYEAmxMB3REsGZTsdQGCwTCRo2TaKdv7bVt7LTxsrlThxkQx -YMCD5jQqS4OIgb8BSZ33U4orw/1yDdeQaJMPvLIh99Kb83tSmxBOKC2M1zOSo5dc -O9mKHisxF9Gd0a0kRSVXkvxEpfiZUf+KiuCBkBMA9+qYnflrXYW8K/EpwZrTYYI= ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/shintca.pem b/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/shintca.pem deleted file mode 100644 index f6eb5a30..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/shintca.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDETCCAnqgAwIBAgIJANE8GM83L39gMA0GCSqGSIb3DQEBBQUAMDAxCzAJBgNV -BAYTAlVLMSEwHwYDVQQDDBhOSVNDQyBUZXN0IFN1aXRlIFJvb3QgQ0EwHhcNMDYw -NzA1MTM0MzAzWhcNMTYwNzAxMTM0MzAzWjCCARwxCzAJBgNVBAYTAlVLMSkwJwYD -VQQDDCBOSVNDQyBUZXN0IFN1aXRlIEludGVybWVkaWF0ZSBDQTEkMCIGA1UECAwb -VGVzdCBTdGF0ZSBvciBQcm92aW5jZSBOYW1lMRswGQYDVQQHDBJUZXN0IExvY2Fs -aXR5IE5hbWUxIjAgBgNVBAoMGVRlc3QgT3JnYW5pemF0aW9uIE5hbWUgIzExIjAg -BgNVBAoMGVRlc3QgT3JnYW5pemF0aW9uIE5hbWUgIzIxJjAkBgNVBAsMHVRlc3Qg -T3JnYW5pemF0aW9uYWwgVW5pdCBOYW1lMS8wLQYJKoZIhvcNAQkBFiB0ZXN0ZW1h -aWxhZGRyZXNzQG5vd2hlcmUuaW52YWxpZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw -gYkCgYEA5GzD9U999DVDSodhjSe8zA0ywb+ILPJbdMY5w3ezO2nwT9eNXeMHEaZo -ZTf0hCRR9SSItC1VdqWtNxTH3FU4UJ+G+7tQ88EbfZeC4DUNtiBDgDPbv7a5aqaX -uWAGoh8rOMVtXOU9iEtsykCzmXzPWZr9GVZYx8dpPamqcmSwPTMCAwEAAaNFMEMw -HQYDVR0OBBYEFLkUe+/fyTGRS+KvoSBZnTYTw9LuMBIGA1UdEwEB/wQIMAYBAf8C -AQAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAG4u4Y0RV5X6DkG/ -Y6INtyh5ZSpyLXNq/qaZVRqU9MR6vOmCPcYWhiwk5qZZmSc3LrMu8iFwFUM9xGg7 -cXftVLjPGNvP+pID750yGaYB4dW6Qz/kC52ocrnYCVaCuo330gohjlEvP2nZXOaP -if+dafdaxox9HciEqdofNaTeC3+J ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/shroot.pem b/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/shroot.pem deleted file mode 100644 index c929e1de..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/shroot.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICSDCCAbGgAwIBAgIJAJEbu0HhLX7VMA0GCSqGSIb3DQEBBQUAMDAxCzAJBgNV -BAYTAlVLMSEwHwYDVQQDDBhOSVNDQyBUZXN0IFN1aXRlIFJvb3QgQ0EwHhcNMDYw -NzA1MTM0MzAzWhcNMTYwNzAyMTM0MzAzWjAwMQswCQYDVQQGEwJVSzEhMB8GA1UE -AwwYTklTQ0MgVGVzdCBTdWl0ZSBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN -ADCBiQKBgQDGb6RviUn6PFdaRSnHm01Uhae6AYxYZrPw4MMfEo2YsgtSl4jFALjJ -/n1yKktD8E2m+Yd9c5EqBNNptdtptQ+Hw0wi1eXfTWszD4vuN4TyPWwzu5AqXZaU -0c0cgA+yxl4zs9sBee9S3ByG+iinNw66dOdOKiMnN1KlIbL1tlBzxwIDAQABo2ow -aDAdBgNVHQ4EFgQUiHYOIAYFenwAEGRi9uN6bUJF+eowDAYDVR0TBAUwAwEB/zAL -BgNVHQ8EBAMCAQYwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl -cnRpZmljYXRlMA0GCSqGSIb3DQEBBQUAA4GBAKdcrK9KxfAA2U121VkIPl7m0iLl -wVdrvWGw29HNCkylL9Y4IBc+3FYbnR0rXEIghSpJHUe0UxGEMVV4swWj+G9FCbKn -WmLZRKDQ6mLsJiW+jNOO+Zv78Ok3uTtHz8ro3+7YtfpMwp8QGx1Zw850pbMlZoiD -rj2vxXQ6sBA8CQl0 ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/ssRootCert.der b/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/ssRootCert.der deleted file mode 100644 index 53767b1050f7c564d52df81c1c9a7fa5d1b26321..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1767 zcmbW0c{J3E1I1@EHI^nL5+(*In#Xs>nyn|h#0ZU);g!h{8Dyt2p@y*x=Gk7Q!N{|Y zHO-5V@MJBF{H$4emWFI4%j@?$=ePX*`|F;2?>YC}e?9;W{t=)-$MT>MFa!caX&wS zG>8Dy-2K?hG|M%KOF|@9j0GAJSe5Aa4^*FBRVv}ZtBs3E;!3jY``bvk)1IbLcjkC5 z2&8prF69o@h`a9H<(3q@>VVtP7_3A)jNvdvye4sCEM52RlQ+83CEDVRoBIK2E2`u! zxqL-Eshj+H*&X9EPAbJejhF1z-}Gf)dxGBPV}A)%F_4=92V|I%o$bNna<5En)qYMf zvCj(Ni@F4Pe|G}w$Jv19CqTWa_Hx*&pqkSOXkFpc4Uf}aN|dckA|5mp z2Co{$sE?t8hMjidh=w^@ZpZs?)o32OE`32`U)f%j;f{a)=r~2cp;|x0=JlM0Z*XXb;qS|9 z8P@ex-c~#~b0GKHRGg}V?6C%LNAZ8c^E8ovN<+6}80`{Ep8lkVAw(9cY; z-C6jY>9m)uC}q#eksa|koNm!+zO?4qk3(?FUkio|ZY@p#X^bfAFMjypo7uk(3ramW zDWA&E^EWNxh+!QoRv$QL)onE$^?!ujrd2|p23I>7ml>p2SV4==vBn$?HKxzQgKaB(!ybn7F zz<=&XurL?Cg8>bI&FdU$kDnO4jrUQvcJEgt{)pno>1n9juERpi2(cIEr*!4S;M^9y zxRPusj4AIn_=enaBdd22QU~0)t;o(qZ8Hn?iz%f+y2@otf7=BY{fqv+%T4T=hoe2) z>P7Hk_v*9^pJPZ6T5C>pI3hHF4=adRxE>;ajm6HUhyHnxr(UaMHx~2UwsgzYM8@I% zBPKna5%!qx9#cK>z~lXPNt|=#2}a(HLDGRExwtxsXI8CwYg!fN4Q@%@K9rev6Z4OJ jj|lRoR|=fJSMH0S-J~^?I@_GTSLNk+_B?-tibDJiQ$sD% diff --git a/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/ssSubjCert.der b/SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/ssSubjCert.der deleted file mode 100644 index 258178bb9c039a7ec184567a94e9473e86d0ec60..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1745 zcmV;?1}^z9f(Fenf&<5(0|Eg80s@C+Fbf6=Duzgg_YDC71u!x(7cdnD162eH6AnRe zaBO8DLvL+xb#!HNF&8iu1_MB+?HZV6bH8L_X zI5IR^7!NWqFg7qZGBz+VF*PtWS}-y(7%&zF162eH6AwXfaBO8DAVY6$aCLNLaxoS# z6b1uT1OpQdL~nIxAWdm>V`yb;Y%qcY5HJk}2`Yw2hW8Bt0RaU71A+qm05F0A_yU3g z?*QGBA8yklNq>#U6rQK#62V?Cgn$n+3dkm3m|0_YjE5WYiKUARs-_l*f2E;Yr~8p5 z-uOFYVh4Fh!B*M)>FhwI9b+iX?Ki6&Kgs;40=9C@#hW)~z;~biT{SGd*yp{wOX)@S_=V z1!NSbcY_nl;aXGYQ3gtJL^zdu)A)PXQtr57oA#ZsE7pV=f2vBU4fEb8^Qu8v+=W*BS}oR5mbS(fK4tYEcUc)}|1?oA=AC0zd&h4p0Oxq;qmm z>+I3U8UK;?f7BX@jhKSm1FJbH*wgIQoMC>wHP`b_(?58o*uku!+`x{Q+>+u32fl(i zra)Gsy4-W`q@Phcvt8N@Z^=@!a3w+tLKg{DY+|8{a%)u#%qZF(`a8}rTK76u+M{mY zVP|gCFLNX3+jzMUFfIP(fu2sg7IC~D-W}w`ndG3*yk(9)!ri`(;qhL*=HiW&Lrcbx zBgn?CVBmv#cHjpV!Ui=*>aD26x?$0TwRP8UKks?=zJk+hIwD!B zBx$5@)yB7m4p^4XM>S{+53WA)-%NpxmRZqZUb9HIC^;ID_DI8dBZP5rvM(ym)IU%Dy(*Y*O{AYrI1mq z@N8S9o0evaz)Q^|rHa;ZS&L zNQUe=@Go_k8SthjhaS zyiw`%EV~bDpi=z(L0jDFX`$^&o&H{2;p)94Io~c@=`8fzgh$~gCdU)}!=jMxO;lJm z2R?nbcYiAqmZ?Sr(TpeQ^$8MXH10m>!s7s7a7r9tnY!}Kv#_|Ht${R$%wwB%Uw>0N zJ%~6k<-6yiW&xk+P1nbjCsQ^uM<1N4?p3Sn`M>V}ep1X2R0u&uS2cVnC%H8rh^ zR!3pHf}{xmW?>Pt1ihBc2j|_9m^j@8l1^2|@V>Rk z+{E#%lT`Y+jj?tCy!S5xlQqW1paHCi_%9SHd_xNe!N{kKvh6ynBRIa#iy6JSo{VIB zIoIPcm2%Qc#0CqQG1%MqX5t-o%Qp%;Hz6S(W3Q+i?8y6L9nN}pg%)oeBY@+i2PjzJ~9@f>U&Ft64Vng@cZAFGrPkT8Wm n7zsu$MER%@?D$b{6dd})<$|i8pC%u z7YiE*8t?-{N>-SW@jnZz0W*+7b~7u;&5aC`kFv2%nZcmCOu)D) zMmepXuVCMs_Ic9LmuXCfL4G%jE2b=e1>?6v;oNgH({(r;P0Mt0|&tovhQ z+IN4hkH|iTO-DDaE|{k~Jtj$b%EQE~KJvHf?>m>d?T%kQd3(~DlKS*5T&*rL95YpI KxlTuj-v9tHA+2Ko diff --git a/SecurityTests/clxutils/certcrl/testSubjects/pkinitPolicy/noBC.cer b/SecurityTests/clxutils/certcrl/testSubjects/pkinitPolicy/noBC.cer deleted file mode 100644 index 2ba5da33f640b8c1487669e52be52cdeb08a245f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 480 zcmXqLV!UI}#OS(!nTe5!iIK&Cn~hVe&7U~y_rnr?As zdR}UZLSDXtle3|?fhb6hi-*s#pdcqz!8t#-ptK~l$Ush<*TBrc$k5El$iUFpFbc>u zN8*xeY~y?bUWDrySs9ocdl?KGJDD0A84lN6|E=?N%65DA@Ra4cELWFs_j8$+a^%)8 z+PXC9c=_J6m$JcTKNvGtHwgxYzRNUNaMo2@(qT`R3*Q6{{vDEA9UFdcd%0|j!=cix zc{6u1uqaPE6>x)L`Hz);KKt2QvMR2MdFRF?M1( zRl(CQ1c|OmYxZS&ly>&&Tr>MaTpj``<=o5fiIckl@d&Kf diff --git a/SecurityTests/clxutils/certcrl/testSubjects/pkinitPolicy/noCA.cer b/SecurityTests/clxutils/certcrl/testSubjects/pkinitPolicy/noCA.cer deleted file mode 100644 index baac59fd1026bfa7a2efd3b377c72692cacc554b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 501 zcmXqLV*F^(#2B@JnTe5!iILHOn~hVe&7U~y_rnr?As zdR}UZLSDXtv!kK7fhb6hi-*s#pdcqz!8t#-ptK~l$Ush<*TBrc$k5El$iTqJI10!$ zN8*xeY~y?bUWDrySs9ocdl?KGJDD0A8Kwk2VLTKel056Z*?*5Hw#Pf-)OSpq{MU@r zdUoQqz}IRQ=dD=K6~IthGE2pMtH)74zOde{504(xP(IwOl;QIw@ujMwQe5h%Ckif{ zD@;?Cq~!Xvl^?vi<4gGcC8aD`iz>BBITTNLcs=-8aVkvp@GdElO#yOSl#D$-M=Jc- zzB?_FiJ6gsaj~$0paDNHOk{-_8UM4e8Za|5G9bH|73Ahd2CXM^WEK^sy!^C-?ZJAX zUC~`(!J0>t64@mCn?n*FKjKw*XmI;)>B5uW=DYT6tZd!IJw5v}^If$q@lapNY_p4yxa7GtGVSxB!z-1OH@aO~ Vx;K5#Xb`O5yGLU)M}T_Mk2Y~Y!Wgmk_@5_ z9<@-U`iH~fL18+gw4h?uR9kesQj}6#&{k(E9%!vdGb7!VlG2Xt-~QTt-|u~&@7Z^s z_kj+)9y$c&H7Fn9^Rc99mm8rF_nKL@xNJ~}AOZmoZkG8#FC1Nl;Ua!gx-0|+ae=oe zAj@pXB~%&{SfbHs7)m7zhts(uAJOD&gMk6b6wPSV8j@f%20chLGX(}(!`NgJIGZa& zMd2QV|Eh;mgM=^+%4M-~*_=4JJTFKn8yiAq48i2ZvQP*{2!?pz|0FmYBvG`^tRiGl zFk*!1G=<4z*67#%E7>3zI6~IXgQiGM1ToNogpQpQBH*D8#Gl9Jz4;CV;hoGnQ`hG- zPMsuAdHj4q03rxhN+P4anTbEJUOHh3A~rnjsNAL~684Gfx>~yOCizrs*%99~oGGxR zn~GYfA(yi_@X3rm?UJ>o=f-ktn4rTF-`*4Wyy`V&+bQ~s(UL#?td3+++_Ks{M*kv!wOv%_mwrn zs^-|_rKo#y+@>?d)#B_8r?=_WG@Wkjiux+c$2s$gpCBWF<2kkGR-Hm&(95JM01&>WUg!c2JeSAK&x4mI+&8D;(LQhhF6*yBs z0gp!hA!rKZ+W?`r0V6>(>>DdO9c2OpNm52;1VH@?fCbS5!f4d8Ym={~fQda-5wr?0 zta8}~y$X;9y-LHalnEHrz-*#kW&d{jUzwfa}YK$1aaO8{w^ z>5D*`)~2^mS{2Bo2nM7Rv{geEf<*?3R#94t204k)-poNy$LtNzUSBe?JWcn|HKPp= zc`$eG;eoxS>n=X-t+kgPu-pH4D{^27t(oO;0mpY577t@#OpUBYS{D7985-1T6Ki;s zgf!@+B(3!*QVXYW{eGAjn@IlPnqN&0WK7QON>y$zeOKCb`}eV~!ul`kDhN+?_)%5x z%E!Lf{jOSHmbM+5-oLT}Nh`?6b>GGMWf6~Rmwm5&t8&h@mJ+B)7@VT?3ij;|h>jHX zce^J9bmLXW(@uvp-E3anel_=s;$ZYfiE?V#a(czjMx`L){oK!<6lLI@Gj3PMxBIr0 zTrN8}&=7ge{k(nOg(3xgQCRooi(A%DOwGsZkG_W<^Zj6G*{P#-?lX6f->Cr3*6StZ zPQGo|{nZ^O3VCyOMz&@*oXlxx$?EwvAW9m1TjU? zkD?+~W*MCO1~lFLm;jR>Yw>C{x3Hocr?GL?=9PDwGPm?k~j{;zWNQ85Ec zNf|Uc9~GjZeN=$fM^Ty+MX_J~kkPiX#DDwfgWQ2(_tt3JJ%5!?c&q+;)gAulbuT&F zKeN{!_=$Q|=uX`HO3a-%PtL0=F)!=MUO3-pF_G4&o^ef@;;3D_n?C?O&vwl;I$l2aAC8)|DG`jy=r^-a&g z!t*WXwO<|%4O-q>e`(Vec3Zk->V;KWo#xomZ9ZKm?bF?$hr-(%6Gl-_^nSDvK3Ymo z4_0jJig1!$ZB5nX};TTvDi0aaip=2=2yTjwQ@v z76B!g3jhZ6|ATTMTmr%h(3SxYrV6M^L`AR@5IDCFi&fb}ro94lgcn4Rf$0-lm7+JO zDl&{LcLm{PcLfwdJpo`2vQSHcT(Vp#O-)X&s;WxrA3w=ntOb9zA|(M6tK zQP4kT6vz(uX_@jXD*sMYwpZwRP16TWFw-?I2aq2337pORsxWWB)N$l!4{*% zZp?uLYzMd|!DWJMf+!NHQsC_j??ja%<55vq;_XLrg7_j>?MUDO%tCB#ksu4>4`U-J&SJ@)5#I~1vcNnTF>gmQ#B)mo2@Y7kz#9XQZxp?&-JqczJV!c5GZ zd@(>?-t89?fKMGKzAcrGyEEFNceXWlZEW4twE0AFcvefy)Z&aYM{5qH?Pz%|`pWN= zCT#uc9k3*fft+U;gdkooT7-J~yOwnLY_* z<5wrv{WAUjjh&0G9pa`WuDYOK{NQ18N7~0{%zHy7?K++tzVMu3>E(>v2Zhc2#39n@ wG1E#Hv?*mNwGEk86dTPx# diff --git a/SecurityTests/clxutils/certcrl/testSubjects/qualCertStatment/badStatementId.cer b/SecurityTests/clxutils/certcrl/testSubjects/qualCertStatment/badStatementId.cer deleted file mode 100644 index 248d08c38e51c429fe9c742b9cc8e1fe8bedf94b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 515 zcmXqLV*GE=#F(*wnTe5!iABgHtiphsjZ>@5qwPB{BO|MUp`o~eC>wJq3zsmTV?jYq zs)BQVZb4~DYLTIsfe1)~S(w))zcgLJH?t%;BQ+<-KuLn%$iTqNz|7Fd$k@Q#*fa_* zU~FJ$YGP;_MUJtJ^9^_rE@Nb6U~cSXFlg*#YHVa!V#9N_J^0#}xZQr=w>-7JBb6#3 zF#lYd+|$<$SNC79IB@Tf+a_H@oqyBjq*zZVX6t|YR#{Tvp204U)tfV?aUBS?;67+0 zvdp36XQck+hhGm{ZDg;FI&bM?%lzL`_xSlsi)Srrp5Uf3Y1OZ*5nkq1?|)ZX^a%Wx z%@*(tc_<{T7Z}XM%*epFSjj-aK#q+=n~jl`m7S59k?}tZzX2~&c(OAhdw~_?g+_*~ zNq_#E>E7Kx;i<&qyMpP8f1bT9eI(1KJR`8?;tkb3wO{|ed%rDm;aa8J&aCsYT9y=g z^=GjxNoTt}TQP6S93}S|&*n|NAs8yNf8EK?mx_y7uS)Nlbbz~L$*~{aon>W>kJNX? jYn(CulCb9D^Nt4z@x}7XB^GQ^m}A-c=)(3jt}`qFd`rAS diff --git a/SecurityTests/clxutils/certcrl/testSubjects/qualCertStatment/qualCertStatement.scr b/SecurityTests/clxutils/certcrl/testSubjects/qualCertStatment/qualCertStatement.scr deleted file mode 100644 index 79b5af7c..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/qualCertStatment/qualCertStatement.scr +++ /dev/null @@ -1,32 +0,0 @@ -# -# Test Qualified Cert Statement processing,, Radar 4449558 -# -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = true -useTrustSettings = true -end - -test = "Quo Vadis" -cert = ICA3.cer -leafCertIsCA = true -verifyTime = 20060701000000 -end - -# we don't know this root as an anchor yet, so use implicitAnchors -test = "Netlock" -cert = Netlock1.der -implicitAnchors = true -verifyTime = 20060701000000 -end - -# this one has a bogus statementID and should fail -test = "Bad statementId" -cert = badStatementId.cer -implicitAnchors = true -error = CSSMERR_TP_VERIFY_ACTION_FAILED -certerror = 0:CSSMERR_APPLETP_UNKNOWN_QUAL_CERT_STATEMENT -verifyTime = 20060613000000 -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/intermediate.cer b/SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/intermediate.cer deleted file mode 100644 index a09d0c437a0168dba834df9e31d2a36320fdca07..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 508 zcmXqLV*Fvy#F)5%nTe5!iILHOn~hVe&7Gr3tDh@)eAP!gZt0U*tF`(n${f~*3W#m)9ZXCQ|%pPt`D!p zue8@VJS=&)ymk566*XG37%qHyJ6U^+=F7v6#o}8{B^9*OzA?)7?CETu9U3e)aBG4Xzbmr%yFse!LDP9yhnbV7d#Z>YI4T**EU|p=(;UAJO}Nf z_Ui6^x$tOxw(;UAb!VU6R*vo8U1Alq|Jn7ht5Fs&S&wG-o{%c%`E|r1uP!+3i&sP4 u;YF8UyiaFmagOWa^!_~0kR?dZUx)4KQ|1NJ6tabX1UzBy)YS7VZ~*{bIkYVR diff --git a/SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/leaf.cer b/SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/leaf.cer deleted file mode 100644 index 4a13b6757a5d51c02c36d23b1f9185364d4d5dbb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 540 zcmXqLVv;auVr*Q%%*4n9LAk+PJ)=I(fA0FZ`*u4jym3hT&~Wp##{!0RQrQ8n`p%2XlWmk%G;#%6uE@OF z^?QGh#`JejypCtA>D%v85U(9Pa;JE!&y)=AS$A1B?BCPbHFsLy zYCmtgG3r7xS$blGn0n&oM@Y16z8 V!K7nzWCfmVIxJ%xYI^bZdjKFsynO%w diff --git a/SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/leafBadEKU.cer b/SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/leafBadEKU.cer deleted file mode 100644 index c63a7d5cd30a03fa8ceabcd1ed7086154fd9f0f4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 558 zcmXqLV$w2bVw}8ynTe5!iIK&Cn~hVe&7kc+ERsJnuv zUx;gvud9ovV~DGvxPd50l8cAWv7jI)Rlzwwx1h8nwa7qDoY%nA(9qDt$iT$X#5@Yf zHACVWcp2&&=t9g@gP0rS8tfk$t?CI{OpsSFVuTWH6l&nyknVzTM>K%&PuEzNW zya+clvNA9?_A(eWb}}_KGJNq^)V$}-2ZI@fTls2(B4*5DyZ7Kzi|wb(%+(eLUq{5h zVKLsB^WMBI=lIpXKiIbBaGW@kbE>2GKy#$yFO8xV4>xt2J8V55&}f-gEMwkvTI1-Z zb!-9?Cwtv`-Fe~0`I)~1O}!qgAD!agR?2_K#D3;3bTdW{& zH8L=Znp(A(m+xI#r2FppY)4(*<(-{VZ(m$){YX>h<*HPZgd5M-`~8@8vW|Jh-J(6Z z@tg~%b5Cc&<$#l5MwkpT%lkuD?0IHcTpYdue{#uDbE?i!=aiH^=h; diff --git a/SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/leafBadKU.cer b/SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/leafBadKU.cer deleted file mode 100644 index af6ac35adb51a13c61bd0e6251b4b3e0b50cac39..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 550 zcmXqLVp1|_V(ebP%*4pV#K>&G&Bm$K=F#?@mywaxz|2tEK$49)l!ci`$i>wu)Lp^T zFT^#-*VV<-F~rqS+&~m0$;HFxSWu9Ys^FZTTToh(T4W$6&TC+5XlQ6+WME=xWD*7B znjvuwoDDS$)F9@{L(C0w4fYQWa&}b+_H_4C&{fFGS18U*SMUzSZAs&N173t<8Ce;a z8+#cH8atU98yW6jud!{Jly>Vv_r1r{V~ju6+vai`>s0@ciCY!Yarkfy!w+ZUnTieb z`#-l#dysAZKvHu%%cYBQVdqZn7ihQQES;vr=I7J&`f|HN>oJ2VW~WjQPRnoH)^z*f zPsxl&ZJm`_X}%_TCU1k|93nZyrk{N?b#3IS1+6=J!^|2_R>By?dFI#`imezle>J)AAd8KKOTEZ7k%SpF->zo?C f>pbvX|8Jr7p8UY=zf4~LtbL&ye6^at`bZxDTZOx{ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/leafNoEKU.cer b/SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/leafNoEKU.cer deleted file mode 100644 index b24dda08215bc696b69f2bea0ea9305c81d1ec1d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 536 zcmXqLViGZEVys=j%*4pV#K>yE&Bm$K=F#?@ml4P@Gn6)vWMd9xVdfEXadirHSMc-; zaSifyb@6lzaWxb-5Cutc@$fko6y&5TIOpdUl$N9x8OVwA8kiay8k!gxm>Qc}L;<;G zNL&LiLwy5Xh`DMIbAw!i{X>JCT@`{o-Tf4F74q^Gii(Sp6^b*{^AudYLvh>HINyL5 z;bulw2Ij_I27|^+Gt#D;*PNJXeJqJ}cEOYt z_4QK}B^6SYygOg&TqxIa&(mmSnfC5w$3X{cvF>2OKfRx?=DDYCc=sXouIq_ag2yKL zcP+|#d)znqVK3te#>=Zi)F%oX^1kx_*xjb5WUbg3HS1KHr1O`JwM{2mI-Hr985tNC zD;UTb@B@7-E6m9FpM}+cnURqJ7|uWeeijyHCiVto53qtf(8y596f#@tT46=^nF<{< z)fD!3j%|Ngr}J#tyKQyYB^fQtr0CR*dWvff*IsKnDV-6c`_bo++wYt0_p;5Wb$T7U zzjW)ggXRafN7&n~_OG9*`iiIa$&WW|dT9=u#RLCEeEs!ws=-d_g7zu<R8R_<~AmxW4EPp%athynn9Zn)|I diff --git a/SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/resourceSigning.scr b/SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/resourceSigning.scr deleted file mode 100644 index d45d833f..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/resourceSigning.scr +++ /dev/null @@ -1,51 +0,0 @@ -# -# Test Apple Resource Signing cert verification policy -# -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -end - -test = "Full Resource Signing verification success" -cert = leaf.cer -cert = intermediate.cer -root = root.cer -policy = resourceSign -verifyTime = 20061031000000 -end - -test = "No ExtendedKeyUsage in Leaf" -cert = leafNoEKU.cer -cert = intermediate.cer -root = root.cer -policy = resourceSign -verifyTime = 20061031000000 -error = CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE -certerror = 0:CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE -end - -test = "Bad ExtendedKeyUsage in Leaf" -cert = leafBadEKU.cer -cert = intermediate.cer -root = root.cer -policy = resourceSign -verifyTime = 20061031000000 -error = CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE -certerror = 0:CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE -end - -test = "Bad KeyUsage in Leaf" -cert = leafBadKU.cer -cert = intermediate.cer -root = root.cer -policy = resourceSign -verifyTime = 20061031000000 -error = TP_VERIFY_ACTION_FAILED -certerror = 0:APPLETP_INVALID_KEY_USAGE -end - - - - diff --git a/SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/root.cer b/SecurityTests/clxutils/certcrl/testSubjects/resourceSigning/root.cer deleted file mode 100644 index 9ca08c081bbd3054f195b9bf67cbb9147a7aef28..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 466 zcmXqLVmxQi#Av>NnTe5!iIKs8n~hVe&7d!$4zORXG+|YHW%rHObL7-lGn$IcJ9d=iob#Sz zma*kMPiyxUNNjasv%4;Gr~9K|3#0DbovIeIvRyt)RBws8#_fEkBRSZ3aop!muP?3h zSRAm&|Fgcme(*M7b5YNOi{}XlE_}1+|MYp9agw*o9n?f8Cp?(kk)(Qb+ws;7vzeF~ z85ohB#|m;@BLm-p>5u+3XU+HH;T_XNq>j<8fMn`IsU}`^AW>d7n>hEJ{(jZwR$> z{WNOzdYZhg-i{vB+Od8IH<+=>Iq$rCNAK+%50FEk5l8uZYTR<}r4tfCO+1&(G_hpW@m{X8Vj|9AJ8 zRzoCCEBil*ClZ>AY2Cteb0r^*ZNE058(~|PAH8&RxNhkB_h)=JJNJz~`RsN2;K;{6 z&JP@~J)yZUxfrs&scU=f#reZJ)47GqgI}z3T%G$`?s{wV)=WP}5R0GP7M=<$aOak( z_^I;)hJ^U}2i-zl1$MDLdGnp|rBTPd*(;8QikaVvreEkbq)*}mroqOO*n7&#CRP?! zVkU9WfKf4D@(4*1xHb*VYJkXX&mb$wO%d-*SfK8OHl2R@@567&J1!XxJ zYjnB(=hMSBwMiN22IY9uu5?wZQe`V--~M)GtKllY6wbZMRe)9is8FlR$;Y8At4CmK zZ#bpT4An$pa5$UBFp>j5Y|O@hrHWQ1MSm=sqXk>nSa{0y&|oaj=8)GWRslaJK_pv@ z<&!KNeEUH98R&s7=(Otj2piyB0lpuU(IJo0R+=1O?w^EE&S>YH(Pwh^Zq3(B?fH~C9x8pX=(%tAhQ||k z_&-i`SsrK`{dQC5>}=^zzgoYMe~{n3f1`Y6Y`FII5$nd6w>S3KCvG?|IsS3pdgCvH z|LWwIuD#*!UK*P2mTm2~cgP>+EnTTyo^~$%Srj_(_tci)R7K0!h25jZWANpK76Ip-u67b_Sm z1e7M_WF{*F6lLZn7F8-ZrxulDre!84mSpDVDL9svWaJlRmQ)(ZiSt^T8<+qM0D~xT zUPD7e10xe7V^d30%P51!U54@ovJgwfV3sO`6qOd2DEOt8l;;;^!(7FU;VNSTLx`)i z;5t3?N>YpRz^+KlQ3y^gDoZU=aCTJCRe(C&(9^&jqRFAWyj%|`ommX@r(SY?uD)|X zFvz?4MFo0El?p+rX?hAio{mnQKAs_w3O*q&dK$@^mgWjD%M2RlBZns=D+6<5FM~m2 zCsSi1!;Pkf7uO`2YUNucEL9h!YCqh6h4u2DXJ*!`KKSHBZ+pJVrr0%f)5pE9raQfz zWx^$TWo67)2i3bb*$*0RD$O}^YWL!QVd{m>tCGJO*iF`W`s*X7_2=!rewN>3Jfn6T zl)b#E>tBJvRHxJbv;(`NY^;7N`A^uyv^;o@zsd8}ESswHnV1xVpxIw!3Sy+Gxl+8d8 zu8NTnDg=sBS$P(qLk!dws4P%wQvf*v=!WE?9MtG4NKQ1?1BxO?0x(fC14EyK@y(Nr zDa=kEi$5wavby*3*MN0jZ_UY*afGG6^^4vPr885{S{j{K{_?=-a!KPl>Ud3$k< z0;lf7Zx1C|EjHNl&#(V6kLgYuQ(K~+T72C6Npd_YOTJzx5I(PV*xA-oc3zWSQ2ZXd dV`-X%F(s zF1n;m)@ck`RQ#Af6k;;njKM{WbI$o=(LW|e*@rV`f2P@nA3w~@WFZ*OZBr;F-sJvx z&-v`UTvgI=|K!({rvB&i+ScdKzKyE2m2J6!+~3s{RbF0( zG8gFWs8OpP(Nq~s2e8Nn*a;qjVp5V}2+Ju!oTTf}Rt2Cp)D!_0VEBlYwj;XWXe&C% zxr{|VB(nk^;vj&5SDJyZa5=m)|2=Na0a6kzxhzV;r z4Sqas1s~(u$M~4wli&+_tSymNXEzj+p{BZO)QP%mHkAJk60?h#T{gSJ>2MxInftUJ zRVvxE230>pZ$X-51o;q#dRJ18VP0k~m6Yuwny zri!L7e_45|H_`jWU(ePZ`T!lnX!8{u3CSz`;yuG&D>8r_pHY3El2JQdAwKe-G5^tb^SHl z3v74O59ZCU+|X5=oX}mK4t})Q`rNB3HC0Bvn^he`S=DHsokoL3h02JzopjWw)?`&C zV$_nqhWu4p{o&jIm0R{w6%>WC)B{tNdM_AbC5T{AX231AgiwVcAd}#6!W*;@ zrM8m5Qz4cMg*k=z9*D_uLh9-0*rJy zMPN}Eg@v<#&Ed3zTL_WubWLHa1qKC0oh%OrSe&vbo9669opu-rxFCo*E9|79rIU8F zg0qWm-?ht*$n`{8WG7;z4Wdih>FiqTypRUK#c|+QAQIU^Nm=5k72IBb(8UbFsLStn z4Fwr*06a{e)7txiR`PiH{bLv@Sh#6+j08J$w&6a zni{fc&&vGF0vfG3w(L6h`|NpK76Ip-u67b_Sm z1e7M_WF{*F6lLZn7F8-ZrxulDre!84mSpDVDL9svWaJlRmQ)(ZiSt^T8<+qM0D~xT zUPD7e10xe7V^d30%P51!U54@ovJgwfV3sO`6qOd2DEOt8l;;;^!(7FU;VNSTLx`)i z;5t3?N>YpRz^+KlQ3y^gDoZU=aCTJCRe(C&(9^&jqRFAWyj%|`ommX@r(SY?uD)|X zFvz?4MFo0El?p+rX?hAio{mnQKAs_w3O*q&dK$@^mgWjD%M2RlBZns=D+6<5FM~m2 zCsSi1!;Pkf7uO`2YUNucEL9h!YCqh6h4u2DXJ*!`KKSHBZ+pJVrr0%f)5pE9raQfz zWx^$TWo67)2i3bb*$*0RD$O}^YWL!QVd{m>tCGJO*iF`W`s*X7_2=!rewN>3Jfn6T zl)b#E>tBJvRHxJbv;(`NY^;7N`A^uyv^;o@zsd8}ESswHnV1xVpxIw!3Sy+Gxl+8d8 zu8NTnDg=sBS$P(qLk!dws4P%wQvf*v=!WE?9MtG4NKQ1?1BxO?0x(fC14EyK@y(Nr zDa=kEi$5wavby*3*MN0jZ_UY*afGG6^^4vPr885{S{j{K{_?=-a!KPl>Ud3$k< z0;lf7Zx1C|EjHNl&#(V6kLgYuQ(K~+T72C6Npd_YOTJzx5I(PV*xA-oc3zWSQ2ZXd dV`-Xc|~`~NBa%z z9PYlc9fuEZ-TXL|qx7m}nZS{Xz5nNKXqj&Q=}DmU)+e0PVm{YJ-)0hJc;voJ$~A3= z@UdI{JIocele)i8KFieDpk{GFq|<1XG2s7UnOQP7wlDyl z5%YLwRH?``?v+({AKR~dvnKA&-tEGICdsPoFb=h&Yn(h!rhCiRzS_s88P zS1wI6|CZ>!>4;IwhdM`xzi!Ku{fs{?ee~s1^V1!R8=DOp8w?bH5h^RlB55GrD4Gb4 z)Z$`?)QZI1f}GT1z2y8{10IkHVMfOPEKCLr;6x+K58|;fGqD{okO#>svq%_-HHZ|r z*fr_px8L)+T>98nVUM%+(jOJiQ|Vn>QG6vaxFOF*C`sG8hOM3K;OQ zF^94+3$r^X7Ucv5I~vG|^IBROSQ=Uy7#diZm`9288e19~83U22rKx3+ay@d;Hs1->E%bs>#c$mn(FCS)1CGOZlrJH2+M0^Q$S4-=JaN#(;TlE+2Jv-!M9V zEF+)&=7xkd``(#wW(j}&&dNIZe%vn8u$zhhCF@T%KKqgLs@oP7|4TU zm02VV#2Q3iKA51srb3}=)@7ehPUe0}>*iVPHjo7=;A0VE5h=g4<>GdquCB%BT<4y9 zW3#~O@&5p%aAgMidcTR$vp-oKjVpd$h%*4pV#KdsYfRl|~tIgw_1q-u*kfDG99~*Nh3$rl0b7E1BOK`A( zoH(zgrGbT^xq+dfg^@*+IIpp#p^-5VnOd4!Mi~eg@)__z^spx7C%JeSG%-0DG%;?6 z7;DGG2;{6{YHVb9qjPr2`&nxGNy~RD``*`9J(zK6-b&YKvyW3crPkL9s?4?BX`}h# zx^jc@vU#pdyH}l=r@=aP!DjKYgWpw66PX+*sq@6G^LY9>&*J^Wi|5V%&2pH2Lf3TO z+{wp&h_1K4RbsXM$mFd%cbDbJuc+H&waS^RG38J4hw8!^zYbVb3P>4)+^~!LdWr3G zlczqy%coA;{qaenImd6I*4cJj#4@7KPtNcK*-*=3%Q znI8K4Q#POb(P(aOJ{hU*>eB724zIfY+WMAOFH^g@d-HX}EvhTl>=x_@mJyt^E%UkF zgo9Oo+P{3eE@dFaEXuI+zszKpbn}aweuU35@;d4D-};Rl6QeA1V+#XQV?+LxZ)c~> z%3B{DEiSX^&VYak0uSF(aEVg@3OLZGyj;gDL9m|KvO zTCA6xp9@ZQvcimv|5=y}7{CcvmLJ4pVP<0HFpvjnR%Vef5Ni-AaItIB%WuEub-DDh zt->B>?a3eIA*S=Oh_Q&M{g?DO9BG^p)?0U?AtUCzP0?L7qS@+>y)HMK!24G?U diff --git a/SecurityTests/clxutils/certcrl/testSubjects/smime/BobRSASignByCarl.cer b/SecurityTests/clxutils/certcrl/testSubjects/smime/BobRSASignByCarl.cer deleted file mode 100644 index ab5d69255a883b852722785b20b41f0a27658124..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 516 zcmXqLVq!38V$5B@%*4pVB;aO}eY}AoY>(jOJiW8Ag%=Ds*;uvtn3-f*84QFB1q}Gu zm_u2Zh1s1Gi*ka39S!8fc`YpsEDbFU3=J#|jH1MOjV%q0jDg71($q4_K+urifES{N z%_%<#q@{5_P=r&f&7`Gb01z;sk>@10JBGWrZ0T|FbX|Fo3-+%MaqQFf*|#7|4TUm02VV z#2Q3iKA51srb3}=)@7ehPUe0}>*iVPHjo7=;A0VE5qa@tNBWJ;)0Sv`7F?xyd1_Rf z*cKI}P-O=Cno}{$Iw|0Ol4G2Z1EH9P7YgVf+*?sGgRO9xYqMLJWT@=1LpZ}_NRd2|Rs5|V87g-&7xf0zQK9=(TP?8Rq rWc-hVH6XW|nSuGEuJ=EMq~i+ZtWL_eR~%n^uTc7;*3715sjuq*LRzzE diff --git a/SecurityTests/clxutils/certcrl/testSubjects/smime/CarlDSSCRLEmpty.crl b/SecurityTests/clxutils/certcrl/testSubjects/smime/CarlDSSCRLEmpty.crl deleted file mode 100644 index 42af3a09a7e82043f0f8525db2da2692e5827f3b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 111 zcmXrWHPAEQWMkKA^EhY0!fYU9C}6Xin2s1G;oPY`&!GuAAC$R}$#wK_Po8T3wpb5-Ogu|Hi84ProMCww5%8dV+6pLT{ mKJDj%D>rguYHgWBn5v?;UyYVHc)tC8-7S^RTFrAz7XkocSU6b# diff --git a/SecurityTests/clxutils/certcrl/testSubjects/smime/CarlDSSCRLForCarl.crl b/SecurityTests/clxutils/certcrl/testSubjects/smime/CarlDSSCRLForCarl.crl deleted file mode 100644 index 2a4e7949952048bbf8217d7db21238d75d8bd11c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 134 zcmXqLY&LK);ACUhYV$Z}!NP1HWGG<3$HpAW!Ys`0oLH3O5*#efYiVg5cz}3IC=ui9~fDZrPL8 SF1^39DVi&m{oAgUteODqekH2_ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/smime/CarlDSSSelf.cer b/SecurityTests/clxutils/certcrl/testSubjects/smime/CarlDSSSelf.cer deleted file mode 100644 index b47c682fdb240bf6db799e9fdefaca87578ab952..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 671 zcmXqLVw!Ex#1yrFnTe5!iILHOlZ{=g&EuQ}3$uZcp@0D&8*?ZNvoO1JVo{DuaIk@# zIIpFpfrX)&k&&r^sX>%Dud$_}kueaNTAEr$Vb#;bxZR+MQ5$A3BakD<)Y!3eavSw-xN-^*Nj&-o+$J_?s_0VHFnOQTTgN?KWg)6 zX{y~NI@L?;o7>yF-)3CeUDw6cwM(peX8@zed+jBYD8t=@`uBs+ahoKR+c7QK-xWJ!r@&RF z#s;2u;j_K>-rB~VRbuWRT0i&gotnVxJxX)uxU_R0Kl?%E=2pMh;(P1)PRd3Fe)V^$G>s}=RqqxkztTx;j>qe+ z%ET>K^@EjMlI7cWERJAP{h@i_{jLY4ADoUPrv}aDVs30@0EN)Z_7ZjGv;`Xvti7XC zy8B^{%bZ(^xxVhX8qyfhVbeTl5SAOuTimH74bDypDNjCGB fg5nE>fpO7qlBw0b(T2Hlijl97{JGBGZkwzDPOS%( diff --git a/SecurityTests/clxutils/certcrl/testSubjects/smime/CarlRSACRLEmpty.crl b/SecurityTests/clxutils/certcrl/testSubjects/smime/CarlRSACRLEmpty.crl deleted file mode 100644 index c3eb30466a936293eb279bdd22a60e5d2f55f565..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 202 zcmXqLJZ@lQz{|#|)#lOmotKf3g_XfT$WXw5kBvE$g;|*0Ik6}wDA-Y)*V59!!pOkD z+yDro&~z|2HZrU{s<=bArsVTh!8a_Q6ul7EIgMXw{H=5&-)KN$3Co diff --git a/SecurityTests/clxutils/certcrl/testSubjects/smime/CarlRSACRLForAll.crl b/SecurityTests/clxutils/certcrl/testSubjects/smime/CarlRSACRLForAll.crl deleted file mode 100644 index 3708ccbf5930b76cb2c7428698839ab416b63934..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 311 zcmXqLVl*~roNK_##;Mij(e|B}k&%U!!9d7Rz<`g9Ih2K2nB6(CC?_b`QJmM((!j#V z+`!xb2%-!!4HTIK+)T2MH!y_l5xktIcSK?Uuj|nd|T(md}zE9w>j@%M|RJZxTC(m z-Q&_e$F6?5MZzp$h3_1j&Nun$`%ME18xQStiB9U26f#^{J?rwBw9|q&xdq(I*ZM2n qd|GetDf-Wpz@-so*77UdmdSrxcrSF}Tf>gb>HHj*uka*9%K-p=O>W%) diff --git a/SecurityTests/clxutils/certcrl/testSubjects/smime/CarlRSACRLForCarl.crl b/SecurityTests/clxutils/certcrl/testSubjects/smime/CarlRSACRLForCarl.crl deleted file mode 100644 index 2ce8e4db5a8fc8d8d5f3b50f92a1fb72cb5de0be..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 239 zcmXqLd}9!9z{|#|)#lOmotKf3g_XfT$WXw5kBvE$g;|*0Ik6}wDA-Y)*V59!!pPLX z+yDro43rHNnFQQSvX3_~gzXW$oToScQ-A_gkr7N0sy{g9c>gqG)sV%*Ho%7z!=FvaL z{(bSq>{cKC|IhCJxpTHyN3QnHhQgyhe;D(E!ZYP8lkW>D85|c5ox+-@#jrB^h*sK^ Vq;qD*hqRO3Rp)-bSMZJ@3;-IpSj+$b diff --git a/SecurityTests/clxutils/certcrl/testSubjects/smime/CarlRSASelf.cer b/SecurityTests/clxutils/certcrl/testSubjects/smime/CarlRSASelf.cer deleted file mode 100644 index ce6737d90a804bead6c9319ce0430a4ace09d048..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 495 zcmXqLVtj4T#2B)GnTe5!Nx;n{`*;IG*dD>ld3y6d1t=KsvT^Cxo>^b z+`WNv;#Hr@bhO(nm+!saD;50a3B%PFZx)$teETTikr8K?{rs7#{X6_t@2tH#E%lbz zf}{KR*11H#kNdJ*^K{eQH7+k#O`f93_e0{^iSW2jWk)^-{ zr{T|^*+Rh!zKSHwu03Vhd{-wD2hx3YSJO(d8AiZi=- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/smime/DianeDHEncryptByCarl.cer b/SecurityTests/clxutils/certcrl/testSubjects/smime/DianeDHEncryptByCarl.cer deleted file mode 100644 index 1b5ad08b52f5127f82ea74685eaa5433589cc5ea..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 873 zcmXqLVoo(^Vpd(i%*4pV#KdsffRl|~tIgw_1q-u*kfDG99~*Nh3$rl0b7E1BOK`A( zoH(zgrGbT^xq*?PnW=e{IIpp#p^-5VnOd4!Mxp3&$xO^kb@4E0VsbQSV%!EX*p7)2 z$XUtM*vN1yZ{nd1dsjq!GE^+tE&oJd?}f>W>JlH??owtEyO3tN*ZM4LiN{Cgf~j9v zlXLa<&)WWf`hUya$+vx%6yBIJYs;rD+xgpLdrv)Dzm@+yYid(Qp7W(IEb+|UKLfs= z$YE96v)_zA=5SzE`ioMdw2FzzFaDW4m)us6Q(^G2BcXG&x=ILq90*51e}UM%jDaD0&T{r{`1*=*_?)nvBwED+(8j#c|xXx#H@jbk0} z8q=v0>Xxou9U9Q^;nGemLEkdhGJ772bw!cK-t2w8qI-tC$;G7=Qtl5SRBpF|^!%ZkC|H zm&+%26fKbNy#Hj6;@>Cp1FrS={Y;-O^1wv0-!>vh?oKSLpZ~Fr)`~TZIi}~@awm94 zcvHL1TZKK&+LJ%Z z8_0sR^RbArh`4|DKU-S6B1myXqFMOXAG6-wHgH4A8_fC)20Bb4wJCD)-k;y(o9JwM ll2Xubmvx|M5tE4btAjir&wj6(TXsr4@4~)MH)dz$0sxK~WF7zj diff --git a/SecurityTests/clxutils/certcrl/testSubjects/smime/DianeDSSSignByCarlInherit.cer b/SecurityTests/clxutils/certcrl/testSubjects/smime/DianeDSSSignByCarlInherit.cer deleted file mode 100644 index f323fc707a1a1ece2efc65e0bce15eb45e08a827..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 446 zcmXqLV%%lW#8|n2nTe5!iHYHo0Vf-~R-4B;3l?SrAwvNJJ~rl17G_~~=ft8Mm*8Ln zIdNV~O9Kl-a|0tFX%HpOYiwy~WDG>6mZp|b2EvAd2K*2`94?uOd8r^xjgt|^GBP)| zGB7nZGAv*auh4l{*BGp)m&n1taCTsj)UC)B#ri_3+c-|2davbD))mD0YA>tORsL^( z-L9{nX~D@SeA-{m}#s8t{Nr2s1MNXJIm600)RHKZwV|%*1xUKprHk%pzeR z)*w>gV%MaX-+s^Qa_M7Rg+0#NlRwHE$buB`v52vVq!`Ssjk)8>J<}>kUu=Iwz}<7& z5{Q6dW(JzB%Oq0A!_z3fWmd?h!v?Rrj@TRuGMhJ*NtEH(eDOnt-fQ$Mdu;{eXKnV~ I_ET^%0HW8CasU7T diff --git a/SecurityTests/clxutils/certcrl/testSubjects/smime/DianeRSASignByCarl.cer b/SecurityTests/clxutils/certcrl/testSubjects/smime/DianeRSASignByCarl.cer deleted file mode 100644 index 8eacf0a70cd605f418a4f1f184fd79c7de416904..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 526 zcmXqLV&XDrVk}<3%*4pVB;aO}eY}AoY>(jOJiV*43?>-xvTsO$IyL5%WpmHJS)fxe?NhVUw=3HN%Rwiaf2FAq+25|;FKxfMeGcx{XVKQI+@2$Tj z4{`ti!43Fl(w#dGyZ$Zzv-JA(+p0C64UQ%+xA0o6s;JU%{6hZFkyezPPU3V7zRe zE7R^(XXa_JPF=8ByzJn2RntT!$4TluaqB#ue$KOaKk?#u^MA7(rk~I?oi}&#u^*!A z?QfM>Z9g)3>(1R}Ir1y&_E@cQ=4wp&ll-B&aK^6#7L@{0#vnKB;=W#D``qNIkMQ!T z({_J+l4#EHTj==jITOp-W}1HRP?=^d#8}t+hWp#51If!pkH$@HTU311)6Kjx;cq!B zr^oDqUK`eL=UjB^Yo)bC?|x?0-`A?p-}`gR0@o7lFV=INl1$Xq8~gJ44c0BIzk(^hbm2Yy&yUqA=E^_C#b1$rpN&JW`m!7%d z)|~@$IiIZmnK)6${fv9ueQo2i&*^WRdJLD;7N}FnyJGZ(e|5_DjxNs#1)7kN>O5lzu&YF6!&N*2RsD2K5H=zyu*H z$Rc4N)+mw+j^GT3)QZI1f}GT1z2y8{10Ik9VMfOPEKCLr;PfNQ58|;fGcj{Ov@3(O zH;5Ft*fr_px8L)+T>98nVUM%+z-}= H_#y)UWZWwy diff --git a/SecurityTests/clxutils/certcrl/testSubjects/smime/certsParsed b/SecurityTests/clxutils/certcrl/testSubjects/smime/certsParsed deleted file mode 100644 index cdb0e9f7..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/smime/certsParsed +++ /dev/null @@ -1,320 +0,0 @@ -AliceDSSSignByCarlNoInherit.cer -Serial Number : 00 C8 -Issuer Name : - Common Name : CarlDSS -Subject Name : - Common Name : AliceDSS -Cert Sig Algorithm : dsaWithSha1 (1 2 840 10040 4 3) -Not Before : 01:10:49 Aug 17, 1999 -Not After : 23:59:59 Dec 31, 2039 -Pub Key Algorithm : dsa (1 2 840 10040 4 1) - alg params : 30 82 01 1E 02 81 81 00 ... -Pub key Bytes : Length 131 bytes : 02 81 80 5C E3 B9 5A 75 ... -CSSM Key : - Algorithm : DSA - Key Size : 1024 bits - Key Use : CSSM_KEYUSE_VERIFY -Signature : 47 bytes : 30 2D 02 15 00 98 B0 C6 ... -Extension struct : keyUsage (2 5 29 15) - Critical : TRUE - usage : DigitalSignature NonRepudiation -Extension struct : basicConstraints (2 5 29 19) - Critical : TRUE - CA : FALSE -Extension struct : subjectKeyIdentifier (2 5 29 14) - Critical : FALSE - Subject KeyID : BE 6C A1 B3 E3 C1 F7 ED ... -Extension struct : authorityKeyIdentifier (2 5 29 35) - Critical : FALSE - Auth KeyID : 70 44 3E 82 2E 6F 87 DE ... -Extension struct : subjectAltName (2 5 29 17) - Critical : FALSE - RFC822Name : aliceDss@examples.com - - -AliceRSASignByCarl.cer -Serial Number : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E C4 10 B3 B0 -Issuer Name : - Common Name : CarlRSA -Subject Name : - Common Name : AliceRSA -Cert Sig Algorithm : sha-1WithRSAEncryption (1 3 14 3 2 29) - alg params : 05 00 -Not Before : 01:08:47 Sep 19, 1999 -Not After : 23:59:59 Dec 31, 2039 -Pub Key Algorithm : rsaEncryption (1 2 840 113549 1 1 1) - alg params : 05 00 -Pub key Bytes : Length 140 bytes : 30 81 89 02 81 81 00 E0 ... -CSSM Key : - Algorithm : RSA - Key Size : 1024 bits - Key Use : CSSM_KEYUSE_VERIFY -Signature : 128 bytes : BF 34 32 E6 FC 6A 88 41 ... -Extension struct : keyUsage (2 5 29 15) - Critical : TRUE - usage : DigitalSignature NonRepudiation -Extension struct : basicConstraints (2 5 29 19) - Critical : TRUE - CA : FALSE -Extension struct : subjectKeyIdentifier (2 5 29 14) - Critical : FALSE - Subject KeyID : 77 D2 B4 D1 B7 4C 8A 8A ... -Extension struct : authorityKeyIdentifier (2 5 29 35) - Critical : FALSE - Auth KeyID : E9 E0 90 27 AC 78 20 7A ... - - -BobDHEncryptByCarl.cer -Serial Number : 00 C9 -Issuer Name : - Common Name : CarlDSS -Subject Name : - Common Name : bobDH -Cert Sig Algorithm : dsaWithSha1 (1 2 840 10040 4 3) -Not Before : 01:18:28 Aug 17, 1999 -Not After : 23:59:59 Dec 31, 2039 -Pub Key Algorithm : dhPublicNumber (1 2 840 10046 2 1) - alg params : 30 82 01 AA 02 81 81 00 ... -Pub key Bytes : Length 131 bytes : 02 81 80 6F D4 F6 CD 94 ... -CSSM Key : - Algorithm : Diffie-Hellman - Key Size : 1024 bits - Key Use : CSSM_KEYUSE_DERIVE -Signature : 47 bytes : 30 2D 02 14 15 EA 15 43 ... -Extension struct : keyUsage (2 5 29 15) - Critical : TRUE - usage : KeyAgreement -Extension struct : basicConstraints (2 5 29 19) - Critical : TRUE - CA : FALSE -Extension struct : subjectKeyIdentifier (2 5 29 14) - Critical : FALSE - Subject KeyID : 26 FF 19 48 C3 59 33 68 ... -Extension struct : authorityKeyIdentifier (2 5 29 35) - Critical : FALSE - Auth KeyID : 70 44 3E 82 2E 6F 87 DE ... -Extension struct : subjectAltName (2 5 29 17) - Critical : FALSE - RFC822Name : bobDh@examples.com - - -BobRSASignByCarl.cer -Serial Number : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E CD 5D 71 D0 -Issuer Name : - Common Name : CarlRSA -Subject Name : - Common Name : BobRSA -Cert Sig Algorithm : sha-1WithRSAEncryption (1 3 14 3 2 29) - alg params : 05 00 -Not Before : 01:09:02 Sep 19, 1999 -Not After : 23:59:59 Dec 31, 2039 -Pub Key Algorithm : rsaEncryption (1 2 840 113549 1 1 1) - alg params : 05 00 -Pub key Bytes : Length 140 bytes : 30 81 89 02 81 81 00 A9 ... -CSSM Key : - Algorithm : RSA - Key Size : 1024 bits - Key Use : CSSM_KEYUSE_WRAP -Signature : 128 bytes : 09 21 6A 3B 62 50 DF 62 ... -Extension struct : keyUsage (2 5 29 15) - Critical : TRUE - usage : KeyEncipherment -Extension struct : basicConstraints (2 5 29 19) - Critical : TRUE - CA : FALSE -Extension struct : subjectKeyIdentifier (2 5 29 14) - Critical : FALSE - Subject KeyID : E8 F4 B8 67 D8 B3 96 A4 ... -Extension struct : authorityKeyIdentifier (2 5 29 35) - Critical : FALSE - Auth KeyID : E9 E0 90 27 AC 78 20 7A ... - - -CarlDSSSelf.cer -Serial Number : 01 -Issuer Name : - Common Name : CarlDSS -Subject Name : - Common Name : CarlDSS -Cert Sig Algorithm : dsaWithSha1 (1 2 840 10040 4 3) -Not Before : 22:50:50 Aug 16, 1999 -Not After : 23:59:59 Dec 31, 2039 -Pub Key Algorithm : dsa (1 2 840 10040 4 1) - alg params : 30 82 01 1E 02 81 81 00 ... -Pub key Bytes : Length 132 bytes : 02 81 81 00 99 87 74 27 ... -CSSM Key : - Algorithm : DSA - Key Size : 1024 bits - Key Use : CSSM_KEYUSE_VERIFY -Signature : 47 bytes : 30 2D 02 14 6B A9 F0 4E ... -Extension struct : keyUsage (2 5 29 15) - Critical : TRUE - usage : DigitalSignature KeyCertSign CRLSign -Extension struct : basicConstraints (2 5 29 19) - Critical : TRUE - CA : TRUE -Extension struct : subjectKeyIdentifier (2 5 29 14) - Critical : FALSE - Subject KeyID : 70 44 3E 82 2E 6F 87 DE ... - - -CarlRSASelf.cer -Serial Number : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E 9F F2 50 20 -Issuer Name : - Common Name : CarlRSA -Subject Name : - Common Name : CarlRSA -Cert Sig Algorithm : sha1withRSAEncryption (1 2 840 113549 1 1 5) - alg params : 05 00 -Not Before : 07:00:00 Aug 18, 1999 -Not After : 23:59:59 Dec 31, 2039 -Pub Key Algorithm : rsaEncryption (1 2 840 113549 1 1 1) - alg params : 05 00 -Pub key Bytes : Length 140 bytes : 30 81 89 02 81 81 00 E4 ... -CSSM Key : - Algorithm : RSA - Key Size : 1024 bits - Key Use : CSSM_KEYUSE_VERIFY -Signature : 128 bytes : B7 9E D4 04 D3 ED 29 E4 ... -Extension struct : keyUsage (2 5 29 15) - Critical : TRUE - usage : DigitalSignature KeyCertSign CRLSign -Extension struct : basicConstraints (2 5 29 19) - Critical : TRUE - CA : TRUE -Extension struct : subjectKeyIdentifier (2 5 29 14) - Critical : FALSE - Subject KeyID : E9 E0 90 27 AC 78 20 7A ... - - -DianeDHEncryptByCarl.cer -Serial Number : 00 D3 -Issuer Name : - Common Name : CarlDSS -Subject Name : - Common Name : DianeDH -Cert Sig Algorithm : dsaWithSha1 (1 2 840 10040 4 3) -Not Before : 02:16:57 Aug 17, 1999 -Not After : 23:59:59 Dec 31, 2039 -Pub Key Algorithm : dhPublicNumber (1 2 840 10046 2 1) - alg params : 30 82 01 A9 02 81 81 00 ... -Pub key Bytes : Length 131 bytes : 02 81 80 60 5E 6E EF 61 ... -CSSM Key : - Algorithm : Diffie-Hellman - Key Size : 1024 bits - Key Use : CSSM_KEYUSE_DERIVE -Signature : 46 bytes : 30 2C 02 14 7D 64 1E 1F ... -Extension struct : keyUsage (2 5 29 15) - Critical : TRUE - usage : KeyAgreement -Extension struct : basicConstraints (2 5 29 19) - Critical : TRUE - CA : FALSE -Extension struct : subjectKeyIdentifier (2 5 29 14) - Critical : FALSE - Subject KeyID : 47 F3 4F CD 75 7D A8 52 ... -Extension struct : authorityKeyIdentifier (2 5 29 35) - Critical : FALSE - Auth KeyID : 70 44 3E 82 2E 6F 87 DE ... -Extension struct : subjectAltName (2 5 29 17) - Critical : FALSE - RFC822Name : dianeDh@examples.com - - -DianeDSSSignByCarlInherit.cer -Serial Number : 00 D2 -Issuer Name : - Common Name : CarlDSS -Subject Name : - Common Name : DianeDSS -Cert Sig Algorithm : dsaWithSha1 (1 2 840 10040 4 3) -Not Before : 02:08:10 Aug 17, 1999 -Not After : 23:59:59 Dec 31, 2039 -Pub Key Algorithm : dsa (1 2 840 10040 4 1) -Pub key Bytes : Length 132 bytes : 02 81 81 00 A0 00 17 78 ... -CSSM Key : - Algorithm : DSA - Key Size : 1024 bits - Key Use : CSSM_KEYUSE_VERIFY -Signature : 47 bytes : 30 2D 02 14 7E 0C 0C 81 ... -Extension struct : keyUsage (2 5 29 15) - Critical : TRUE - usage : DigitalSignature NonRepudiation -Extension struct : basicConstraints (2 5 29 19) - Critical : TRUE - CA : FALSE -Extension struct : subjectKeyIdentifier (2 5 29 14) - Critical : FALSE - Subject KeyID : 64 30 99 7D 5C DC 45 0B ... -Extension struct : authorityKeyIdentifier (2 5 29 35) - Critical : FALSE - Auth KeyID : 70 44 3E 82 2E 6F 87 DE ... -Extension struct : subjectAltName (2 5 29 17) - Critical : FALSE - RFC822Name : dianeDss@examples.com - - -DianeRSASignByCarl.cer -Serial Number : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E D5 9A 30 90 -Issuer Name : - Common Name : CarlRSA -Subject Name : - Common Name : DianeRSA -Cert Sig Algorithm : sha1withRSAEncryption (1 2 840 113549 1 1 5) - alg params : 05 00 -Not Before : 07:00:00 Aug 19, 1999 -Not After : 23:59:59 Dec 31, 2039 -Pub Key Algorithm : rsaEncryption (1 2 840 113549 1 1 1) - alg params : 05 00 -Pub key Bytes : Length 140 bytes : 30 81 89 02 81 81 00 D6 ... -CSSM Key : - Algorithm : RSA - Key Size : 1024 bits - Key Use : CSSM_KEYUSE_VERIFY CSSM_KEYUSE_WRAP -Signature : 128 bytes : 1D B3 51 B1 99 96 F0 44 ... -Extension struct : keyUsage (2 5 29 15) - Critical : TRUE - usage : DigitalSignature NonRepudiation KeyEncipherment -Extension struct : basicConstraints (2 5 29 19) - Critical : TRUE - CA : FALSE -Extension struct : subjectKeyIdentifier (2 5 29 14) - Critical : FALSE - Subject KeyID : 8C F3 CB 75 0E 8D 31 F6 ... -Extension struct : authorityKeyIdentifier (2 5 29 35) - Critical : FALSE - Auth KeyID : E9 E0 90 27 AC 78 20 7A ... - - -EricaDHEncryptByCarl.cer -Serial Number : 00 D4 -Issuer Name : - Common Name : CarlDSS -Subject Name : - Common Name : EricaDH -Cert Sig Algorithm : dsaWithSha1 (1 2 840 10040 4 3) -Not Before : 02:17:16 Aug 17, 1999 -Not After : 23:59:59 Dec 31, 2039 -Pub Key Algorithm : dhPublicNumber (1 2 840 10046 2 1) - alg params : 30 82 01 2B 02 81 81 00 ... -Pub key Bytes : Length 132 bytes : 02 81 81 00 D1 2B E4 1D ... -CSSM Key : - Algorithm : Diffie-Hellman - Key Size : 1024 bits - Key Use : CSSM_KEYUSE_DERIVE -Signature : 47 bytes : 30 2D 02 14 3E 51 42 08 ... -Extension struct : keyUsage (2 5 29 15) - Critical : TRUE - usage : KeyAgreement -Extension struct : basicConstraints (2 5 29 19) - Critical : TRUE - CA : FALSE -Extension struct : subjectKeyIdentifier (2 5 29 14) - Critical : FALSE - Subject KeyID : 8D 53 1D 61 55 7F 60 35 ... -Extension struct : authorityKeyIdentifier (2 5 29 35) - Critical : FALSE - Auth KeyID : 70 44 3E 82 2E 6F 87 DE ... -Extension struct : subjectAltName (2 5 29 17) - Critical : FALSE - RFC822Name : ericaDh@examples.com diff --git a/SecurityTests/clxutils/certcrl/testSubjects/smime/crlsParsed b/SecurityTests/clxutils/certcrl/testSubjects/smime/crlsParsed deleted file mode 100644 index 1b5b6b90..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/smime/crlsParsed +++ /dev/null @@ -1,89 +0,0 @@ -CarlDSSCRLEmpty.crl -TBS Sig Algorithm : dsaWithSha1 (1 2 840 10040 4 3) -Issuer Name : - Common Name : CarlDSS -This Update : 07:00:00 Aug 20, 1999 -Next Update : -Signature : 47 bytes : 30 2D 02 14 62 3F 36 17 ... - - -CarlDSSCRLForAll.crl -TBS Sig Algorithm : dsaWithSha1 (1 2 840 10040 4 3) -Issuer Name : - Common Name : CarlDSS -This Update : 07:00:00 Aug 27, 1999 -Next Update : -Num Revoked Certs : 5 -Revoked Cert 0 : - Serial number : 00 C8 - Revocation time : 07:00:00 Aug 22, 1999 -Revoked Cert 1 : - Serial number : 00 C9 - Revocation time : 07:00:00 Aug 22, 1999 -Revoked Cert 2 : - Serial number : 00 D3 - Revocation time : 07:00:00 Aug 22, 1999 -Revoked Cert 3 : - Serial number : 00 D2 - Revocation time : 07:00:00 Aug 22, 1999 -Revoked Cert 4 : - Serial number : 00 D4 - Revocation time : 07:00:00 Aug 24, 1999 -Signature : 46 bytes : 30 2C 02 14 7E 65 52 76 ... - - -CarlDSSCRLForCarl.crl -TBS Sig Algorithm : dsaWithSha1 (1 2 840 10040 4 3) -Issuer Name : - Common Name : CarlDSS -This Update : 07:00:00 Aug 25, 1999 -Next Update : -Num Revoked Certs : 1 -Revoked Cert 0 : - Serial number : 01 - Revocation time : 07:00:00 Aug 22, 1999 -Signature : 47 bytes : 30 2D 02 15 00 B3 1F C5 ... - - -CarlRSACRLEmpty.crl -TBS Sig Algorithm : md5withRSAEncryption (1 2 840 113549 1 1 4) - alg params : 05 00 -Issuer Name : - Common Name : CarlRSA -This Update : 07:00:00 Aug 20, 1999 -Next Update : -Signature : 128 bytes : A9 C5 21 B8 13 7C 74 F3 ... - - -CarlRSACRLForAll.crl -TBS Sig Algorithm : md5withRSAEncryption (1 2 840 113549 1 1 4) - alg params : 05 00 -Issuer Name : - Common Name : CarlRSA -This Update : 07:00:00 Aug 27, 1999 -Next Update : -Num Revoked Certs : 3 -Revoked Cert 0 : - Serial number : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E C4 10 B3 B0 - Revocation time : 07:00:00 Aug 22, 1999 -Revoked Cert 1 : - Serial number : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E D5 9A 30 90 - Revocation time : 07:00:00 Aug 22, 1999 -Revoked Cert 2 : - Serial number : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E CD 5D 71 D0 - Revocation time : 07:00:00 Aug 24, 1999 -Signature : 128 bytes : BF B3 97 AA 53 F0 32 21 ... - - -CarlRSACRLForCarl.crl -TBS Sig Algorithm : md5withRSAEncryption (1 2 840 113549 1 1 4) - alg params : 05 00 -Issuer Name : - Common Name : CarlRSA -This Update : 07:00:00 Aug 25, 1999 -Next Update : -Num Revoked Certs : 1 -Revoked Cert 0 : - Serial number : 46 34 6B C7 80 00 56 BC 11 D3 6E 2E 9F F2 50 20 - Revocation time : 07:00:00 Aug 22, 1999 -Signature : 128 bytes : 21 EF 21 D4 C1 1A 85 95 ... diff --git a/SecurityTests/clxutils/certcrl/testSubjects/smime/smime.scr b/SecurityTests/clxutils/certcrl/testSubjects/smime/smime.scr deleted file mode 100644 index 800f35d4..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/smime/smime.scr +++ /dev/null @@ -1,436 +0,0 @@ -# -# certcrl script to test certs and CRLs from S/MIME examples -# -# Examples obtained from -# http://www.ietf.org/internet-drafts/draft-ietf-smime-examples-09.txt -# -# This script tests every cert and CRL from the examples package, ensuring -# both successful (normal) operation and a variety of error cases for -# every cert. -# - -globals -allowUnverified = true -requireCrlForAll = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -end - -################################################### - -test = "Carl RSA root, Alice leaf" -revokePolicy = crl -cert = AliceRSASignByCarl.cer -root = CarlRSASelf.cer -crl = CarlRSACRLEmpty.crl -# note none of the RSA certs have email addresses in them -senderEmail = "alice@somewhere.net" -# Cert has DigitalSignature, NonRepudiation -keyUsage = 0x8000 -end - -################################################### - -test = "Carl RSA root, Alice Leaf, bad key use" -revokePolicy = crl -cert = AliceRSASignByCarl.cer -root = CarlRSASelf.cer -crl = CarlRSACRLEmpty.crl -# this CRL revokes the root, which TP does not check -crl = CarlRSACRLForCarl.crl -senderEmail = "alice@somewhere.net" -keyUsage = 0x01 -error = CSSMERR_TP_VERIFY_ACTION_FAILED -certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE -end - -################################################### - -test = "Carl RSA root, Alice Leaf, revoked" -revokePolicy = crl -cert = AliceRSASignByCarl.cer -root = CarlRSASelf.cer -crl = CarlRSACRLForAll.crl -senderEmail = "alice@somewhere.net" -error = CSSMERR_TP_CERT_REVOKED -certerror = 0:CSSMERR_TP_CERT_REVOKED -end - -################################################### - -test = "Carl RSA root, Alice Leaf, no CRL" -revokePolicy = crl -cert = AliceRSASignByCarl.cer -root = CarlRSASelf.cer -crl = CarlDSSCRLEmpty.crl -senderEmail = "alice@somewhere.net" -error = CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND -end - -################################################### - -test = "Carl RSA root, Diane leaf" -revokePolicy = crl -cert = DianeRSASignByCarl.cer -root = CarlRSASelf.cer -crl = CarlRSACRLEmpty.crl -# note none of the RSA certs have email addresses in them -senderEmail = "diane@somewhere.net" -# DigitalSignature NonRepudiation KeyEncipherment -keyUsage = 0xe000 -end - -################################################### - -test = "Carl RSA root, Diane leaf, bad key use" -revokePolicy = crl -cert = DianeRSASignByCarl.cer -root = CarlRSASelf.cer -crl = CarlRSACRLEmpty.crl -senderEmail = "diane@somewhere.net" -keyUsage = 0xf000 -error = CSSMERR_TP_VERIFY_ACTION_FAILED -certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE -end - -################################################### - -test = "Carl RSA root, Diane leaf, revoked" -revokePolicy = crl -cert = DianeRSASignByCarl.cer -root = CarlRSASelf.cer -crl = CarlRSACRLForAll.crl -senderEmail = "diane@somewhere.net" -error = CSSMERR_TP_CERT_REVOKED -certerror = 0:CSSMERR_TP_CERT_REVOKED -end - -################################################### - -test = "Carl RSA root, Diane leaf, no CRL" -revokePolicy = crl -cert = DianeRSASignByCarl.cer -root = CarlRSASelf.cer -crl = CarlDSSCRLEmpty.crl -senderEmail = "diane@somewhere.net" -error = CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND -end - -################################################### - -test = "Carl DSA root, Alice Leaf, full DSA params" -revokePolicy = crl -cert = AliceDSSSignByCarlNoInherit.cer -root = CarlDSSSelf.cer -crl = CarlDSSCRLEmpty.crl -senderEmail = aliceDss@examples.com -# Cert has DigitalSignature, NonRepudiation -keyUsage = 0x8000 -end - -################################################### - -test = "Carl DSA root, Alice Leaf, full DSA params, revoked" -revokePolicy = crl -cert = AliceDSSSignByCarlNoInherit.cer -root = CarlDSSSelf.cer -crl = CarlDSSCRLForAll.crl -senderEmail = aliceDss@examples.com -keyUsage = 0x8000 -error = CSSMERR_TP_CERT_REVOKED -certerror = 0:CSSMERR_TP_CERT_REVOKED -end - -################################################### - -test = "Carl DSA root, Alice Leaf, bad email address" -revokePolicy = crl -cert = AliceDSSSignByCarlNoInherit.cer -root = CarlDSSSelf.cer -crl = CarlDSSCRLEmpty.crl -senderEmail = bob@examples.com -keyUsage = 0x8000 -error = CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND -end - -################################################### - -test = "Carl DSA root, Bob DH Leaf" -revokePolicy = crl -cert = BobDHEncryptByCarl.cer -root = CarlDSSSelf.cer -crl = CarlDSSCRLEmpty.crl -senderEmail = bobDh@examples.com -# cert has KeyAgreement (only) -keyUsage = 0x900 -end - -################################################### - -test = "Carl DSA root, Bob DH Leaf, bad KeyUsage" -revokePolicy = crl -cert = BobDHEncryptByCarl.cer -root = CarlDSSSelf.cer -crl = CarlDSSCRLEmpty.crl -senderEmail = bobDh@examples.com -# cert has KeyAgreement (only) -keyUsage = 0x4000 -error = CSSMERR_TP_VERIFY_ACTION_FAILED -certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE -end - -################################################### - -test = "Carl DSA root, Bob DH Leaf, no CRL" -revokePolicy = crl -cert = BobDHEncryptByCarl.cer -root = CarlDSSSelf.cer -crl = CarlRSACRLForAll.crl -senderEmail = bobDh@examples.com -keyUsage = 0x900 -error = CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND -end - -################################################### - -test = "Carl DSA root, Bob DH Leaf, Revoked" -revokePolicy = crl -cert = BobDHEncryptByCarl.cer -root = CarlDSSSelf.cer -crl = CarlDSSCRLForAll.crl -senderEmail = bobDh@examples.com -keyUsage = 0x900 -error = CSSMERR_TP_CERT_REVOKED -certerror = 0:CSSMERR_TP_CERT_REVOKED -end - -################################################### - -test = "Carl DSA root, Erica DH Leaf" -revokePolicy = crl -cert = EricaDHEncryptByCarl.cer -root = CarlDSSSelf.cer -crl = CarlDSSCRLEmpty.crl -senderEmail = ericaDh@examples.com -# cert has KeyAgreement (only) -keyUsage = 0x900 -end - -################################################### - -test = "Carl DSA root, Erica DH Leaf, bad KeyUsage" -revokePolicy = crl -cert = EricaDHEncryptByCarl.cer -root = CarlDSSSelf.cer -crl = CarlDSSCRLEmpty.crl -senderEmail = ericaDh@examples.com -# cert has KeyAgreement (only) -keyUsage = 0x4000 -error = CSSMERR_TP_VERIFY_ACTION_FAILED -certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE -end - -################################################### - -test = "Carl DSA root, Erica DH Leaf, no CRL" -revokePolicy = crl -cert = EricaDHEncryptByCarl.cer -root = CarlDSSSelf.cer -crl = CarlRSACRLForAll.crl -senderEmail = ericaDh@examples.com -keyUsage = 0x900 -error = CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND -end - -################################################### - -test = "Carl DSA root, Erica DH Leaf, Revoked" -revokePolicy = crl -cert = EricaDHEncryptByCarl.cer -root = CarlDSSSelf.cer -crl = CarlDSSCRLForAll.crl -senderEmail = ericaDh@examples.com -keyUsage = 0x900 -error = CSSMERR_TP_CERT_REVOKED -certerror = 0:CSSMERR_TP_CERT_REVOKED -end - -################################################### - -test = "Carl RSA root, Bob leaf" -revokePolicy = crl -cert = BobRSASignByCarl.cer -root = CarlRSASelf.cer -crl = CarlRSACRLEmpty.crl -# note none of the RSA certs have email addresses in them -senderEmail = "bob@somewhere.net" -# Cert has KeyEncipherment -keyUsage = 0x2000 -end - -################################################### - -test = "Carl RSA root, Bob Leaf, bad key use" -revokePolicy = crl -cert = BobRSASignByCarl.cer -root = CarlRSASelf.cer -crl = CarlRSACRLEmpty.crl -senderEmail = "bob@somewhere.net" -keyUsage = 0x01 -error = CSSMERR_TP_VERIFY_ACTION_FAILED -certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE -end - -################################################### - -test = "Carl RSA root, Bob Leaf, revoked" -revokePolicy = crl -cert = BobRSASignByCarl.cer -root = CarlRSASelf.cer -crl = CarlRSACRLForAll.crl -senderEmail = "bob@somewhere.net" -error = CSSMERR_TP_CERT_REVOKED -certerror = 0:CSSMERR_TP_CERT_REVOKED -end - -################################################### - -test = "Carl RSA root, Bob Leaf, no CRL" -revokePolicy = crl -cert = BobRSASignByCarl.cer -root = CarlRSASelf.cer -crl = CarlDSSCRLEmpty.crl -senderEmail = "bob@somewhere.net" -error = CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND -end - -################################################### - -test = "Carl DSA root, Diane DH Leaf" -revokePolicy = crl -cert = DianeDHEncryptByCarl.cer -root = CarlDSSSelf.cer -crl = CarlDSSCRLEmpty.crl -senderEmail = dianeDh@examples.com -# cert has KeyAgreement (only) -keyUsage = 0x900 -end - -################################################### - -test = "Carl DSA root, Diane DH Leaf, bad KeyUsage" -revokePolicy = crl -cert = DianeDHEncryptByCarl.cer -root = CarlDSSSelf.cer -crl = CarlDSSCRLEmpty.crl -senderEmail = dianeDh@examples.com -# cert has KeyAgreement (only) -keyUsage = 0x4000 -error = CSSMERR_TP_VERIFY_ACTION_FAILED -certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE -end - -################################################### - -test = "Carl DSA root, Diane DH Leaf, no CRL" -revokePolicy = crl -cert = DianeDHEncryptByCarl.cer -root = CarlDSSSelf.cer -crl = CarlRSACRLForAll.crl -senderEmail = dianeDh@examples.com -keyUsage = 0x900 -error = CSSMERR_APPLETP_CRL_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_CRL_NOT_FOUND -end - -################################################### - -test = "Carl DSA root, Diane DH Leaf, Revoked" -revokePolicy = crl -cert = DianeDHEncryptByCarl.cer -root = CarlDSSSelf.cer -crl = CarlDSSCRLForAll.crl -senderEmail = dianeDh@examples.com -keyUsage = 0x900 -error = CSSMERR_TP_CERT_REVOKED -certerror = 0:CSSMERR_TP_CERT_REVOKED -end - -################################################### - -test = "Carl RSA root, Diane DH Leaf, no root" -revokePolicy = crl -cert = DianeDHEncryptByCarl.cer -root = CarlRSASelf.cer -crl = CarlDSSCRLEmpty.crl -senderEmail = dianeDh@examples.com -keyUsage = 0x900 -error = CSSMERR_TP_NOT_TRUSTED -certerror = 0:CSSMERR_APPLETP_CRL_NOT_TRUSTED -end - -################################################### - -test = "Carl DSA root, Diane Leaf, partial DSA params" -revokePolicy = crl -cert = DianeDSSSignByCarlInherit.cer -root = CarlDSSSelf.cer -crl = CarlDSSCRLEmpty.crl -# this CRL revokes the root, which TP does not check -crl = CarlDSSCRLForCarl.crl -senderEmail = dianeDss@examples.com -# Cert has DigitalSignature, NonRepudiation -keyUsage = 0x8000 -end - -################################################### - -test = "Carl DSA root, Diane Leaf, partial DSA params, revoked" -revokePolicy = crl -cert = DianeDSSSignByCarlInherit.cer -root = CarlDSSSelf.cer -crl = CarlDSSCRLForAll.crl -senderEmail = dianeDss@examples.com -# cert has DigitalSignature NonRepudiation -keyUsage = 0x8000 -error = CSSMERR_TP_CERT_REVOKED -certerror = 0:CSSMERR_TP_CERT_REVOKED -end - -################################################### - -test = "Carl DSA root, Diane Leaf, partial DSA params, bad key use" -revokePolicy = crl -cert = DianeDSSSignByCarlInherit.cer -root = CarlDSSSelf.cer -crl = CarlDSSCRLForAll.crl -senderEmail = dianeDss@examples.com -# cert has DigitalSignature NonRepudiation -keyUsage = 0x01 -error = CSSMERR_TP_VERIFY_ACTION_FAILED -certerror = 0:CSSMERR_APPLETP_SMIME_BAD_KEY_USE -end - -################################################### - -test = "Carl DSA root, Diane Leaf, partial DSA params, bad email address" -revokePolicy = crl -cert = DianeDSSSignByCarlInherit.cer -root = CarlDSSSelf.cer -crl = CarlDSSCRLForAll.crl -senderEmail = bobDss@examples.com -# cert has DigitalSignature NonRepudiation -keyUsage = 0x8000 -error = CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND -certerror = 0:CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND -end - - - diff --git a/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/buildAndTest b/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/buildAndTest deleted file mode 100755 index f324cad4..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/buildAndTest +++ /dev/null @@ -1,39 +0,0 @@ -#! /bin/csh -f -# -# Build trust settings needed for test script trustSettings.scr; -# import those trust settings into current user domain; -# run trustSettings.scr; -# import empty trust settings back into user domain; - -# This requires user interaction to authenticate the trust settings import. -# -if ( $#argv != 0 ) then - echo "Usage: buildAndTest" - exit(1) -endif - -set RESTORE_SETTINGS=YES -set SAVED_SETTINGS=/tmp/savedSettings.plist - -echo "Saving existing Trust Settings, if any." -security trust-settings-export $SAVED_SETTINGS -if($status != 0) then - set RESTORE_SETTINGS=NO -endif - -./makeTrustSettings || exit(1) -echo Importing Trust Settings. This requires user authentication. -security trust-settings-import $LOCAL_BUILD_DIR/userTrustSettings.plist || exit(1) - -certcrl -S trustSettings.scr || exit(1) - -if($RESTORE_SETTINGS == YES) then - echo Restoring original Trust Settings. This requires user authentication. - security trust-settings-import $SAVED_SETTINGS || exit(1) - rm $SAVED_SETTINGS -else - echo Importing Empty Trust Settings. This requires user authentication. - security trust-settings-import emptyTrustSettings.plist || exit(1) -endif -echo == Fine == - diff --git a/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/crl.crl b/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/crl.crl deleted file mode 100644 index 5e9e307494cb14fa19098a4232d2c8bbffca1a54..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 282 zcmXqLViYrIY%t(u$paKSB z1|m$1jBte(29{ujX!bKVHZnBsdw*J~_Gt4aiGMox+D|T-XdJ;|u2xX?<$dfygCvIZ zl}Ua6D!q3r(;SZmKaFVG=%W4i{>DO$OO`u@e0lzEX)GY9gdepi62}X}W@Q zkdH!1YH^8zv!kK7fhb6hi-*s#pdcqz!8t#-ptK~l$Ush<*TBrc#L(Q(($K)fAWEFq z5X3csat+K4WelVs#tNeuo0FQDhTGuA`3AfQ_c5|EFgNxx7&LY=H8wJwFzYIw)#Ish z#g8%XOxX>I|MR9_5B(@8%e1NJ(0o4UKRHRRHE-l@6*wPad%sL?(cdCP!+?ewRY9YXnjTTvSnXcvs2^Gir$Q#b!_(8lbx?k z0&Lc9Q{msUre;;}y@yWK+WV@C1e7FszO?X9x%KwyFEjNosmztncX+?O{Z*S?DyRIL oyT$6oAy0R^=!opD^;Xo7`eCWGz1e5g8|H=O?{|kE>-e_|0H8s-!~g&Q diff --git a/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/crlTestRoot.cer b/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/crlTestRoot.cer deleted file mode 100644 index 712983e69ec16a4f255730d868a098290b4824ad..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 517 zcmXqLVq!FCV$52=%*4pV#K>U4&Bm$K=F#?@mywaxz|>I6K!S}ql!ci`&?PmgG+n_t z$VZ_hwYWsV+0jtkKolg$#lz=VP>_?V;GCaZP+F2&WFRNbYhY$zVrXt?X<%t;5+%-S z2;!PRx#Sw#INyL5;W|cE2Ij_I27|^(7a;Kcm~dj%LTX z{r}IWkYF*1dF}~&rl}1#wydhW$KdI_DMjOl#h=~J?z%J2K4NZEmiR>e?AE59JH=<; zyJhRo@p|-O%Co>kC+*KnJ8xaJn)UlB&%@>FLQ9+8%f1o$Bz{`>uFv-w-0911`9*k# z#cf=vCx1_xiJ6gsaj~+2q5(fJOk{-_8UM4e8ZZMX13r)dKS+QD7|3nNeqaUpp^+ic za*6-j4ToO6+Wt_r_u+4w>oca=e)(wPCAcg+;f+;WiEQtFrU%#g*9TwL*E^o!#k5*X z{Jh${+g@{Ie%qEXG~7s&;!F^h*s$%XOzw&*y@#u2B-@q0+9~8wrm(4|*oF6VX`*3k ix!zH&HCv~5FTM3w;I&Bm$K=F#?@mywaxz`{`0K$?v?l!ci`#5q4DRUtSt zJx{^K)hX0nAt*n;#8BKo6eP{X!{=B~kdvz5oS$1zT9R61AScdiU}|7wXl7^vf>GkU zh9EAO1LPW*8A=;SLQEDyH`&<{x4Dh;4R{eQWMpMvZtP_+XzXNaY-E^Kd1bNJyoaaG zo~aDqXm3)xsb2Ni@6u(P_Z-WZ)Nb|o{ML`WMW+sC9GUrBs*Mlw5nX@-$j3K&gcu(&ppC-vh{SE7(6~SJ-n$j)+#DU;^7SsxxlWR z1!bvc^P+6Z@*-u+!w<*nUaaTZ$;8aaz_{4Pz{)@f=rdViM#ldv90qJaiiwfIfDa_b z4-#VmhIN~P2#BxB!V3@a#vG72fxLB|1$Z&{(kdQ2G<2wzA)RH zldXOr^q+>E%Fir2y+Ss>*)CBWRTB1Q=G})XPHNQrJATt9^kl#K`?@|3ug|VYXUfy; KZyle!?*#znX1sC$ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/csLeaf.cer b/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/csLeaf.cer deleted file mode 100644 index 23bf9adae0ffa0b8c944af01c0efe4f55ca22dd3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 543 zcmXqLVv;s!Vr*H!%*4pV#K>X5&Bm$K=F#?@mywaxz|2tEK$49)l!ci`$T>eHRUtSt zJx{^K)hX0n!P(JJ+&~m0$;HFxSWu9Ys^FZTTToh(T4W$6&TC+5U}R`!Xkut$ViqON zYY5^3Ibg1Vg`up0G{jsHbaQ=D6Vq^;+&JHW7vVxiRtDzAUIv54PNv32hC>-=mbsV~{_eS-D)Hj1 z^`z4o-Tn%v)!t5EJN|Eh8HbhnR1f>FOw5c7jEgM|%nkT~ev=huWc<&RHyDV3_^K?t@Ze5PVPQn}87s(VjSRM1{7UTKA1_%P9i!dj^d?Sd^6hSY z(ZUHVTR$A@5)oik|GanA#*CJz%d7U@bh*mOW_I(0^}eYpzCjz=r(HZNrXbSzaN`WW zCL5#08IfYl?ZLO!U4&Bm$K=F#?@mywaxz`{`0K$?v?l!ci`#5q4DRUtSt zJx{^K)hX0nAt*n;#8BKo6eP{X!{=B~kdvz5oS$1zT9R61AScdiU}j)yXliI~Y+z&> zCC+OI;u=A@2F`{W25JzK<&jJd1(}?anwX|goRMEtqEL`nl7ZWj#`y-k2R*+8`8G>uRf2q^!4yoqb{C?fyoVEF( z?w_7nU)ZZZFAuRL_{ME%EyiCLhqd|sZ7MBWrmDg9&A9GC PNXdT{miU{N7q~+Jlp4KT diff --git a/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/csRoot.cer b/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/csRoot.cer deleted file mode 100644 index 34503798030d443b034ed2588eaaf5b1fc5d6812..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 523 zcmXqLVq!OFVk}s|%*4pV#K>mA&Bm$K=F#?@mywaxz`{`0K$?v?l!ci`#5q4DRUtSt zJx{^K)hX0nAt*n;#8BKo6eP{X!{=B~kdvz5oS$1zT9R61AScdiU}|7wXl7_)Xl!T^ zCC+OI;+jCY6qwvN-+&k4Mn+Z!=EhzIgT_v##zuz6KJ%kmy7hkTv%TcRs4}N4I;NB5 z{F&MH*+2cH_h+p6TAc7dM?xo{t!S10uCLoo%G9S!^@%<%9@SPAQhHZ>X>z5iw@=p0 ztGP?-yf+s`l<*3$`1oHJwa_+i4tgiBTIXEYlQnxPl+~{k9@I$Zo$)9x-TaFA{}grK ztiGQAhcXg2GBGnUFfLX$P&D8N28*mPBjbM-Rs&`rWxxj#;0Fn?0E3zh*$=EBKQuC= z?b>g6*6ezbtbx}n?M9~X;G#cg9Ze_yj=x-a=}&G-+VtkfimO*yKF_+YG_B~kn0-Jy z$Fey~qwgP>HZ$d z%8Sn1N%$v@$7d5?j~$MutKe^!b=`7>*!=Oe~M z&lQ|$FP7|;X4IZBw@3HVa~~U7wrC3$hG*>e#CC4mv((Y6d)c#PnVIjMKdCRZ7i3~) zWMEtj3?Bo2U|`4!Gcx{XVKra|Qpj#*1-ZGAq2{V|yhlx@_mwjF^Ub-F3R|A2JPBEG zKkklZ(k@e<<;LO-i7!01+dMW&URrZw#TJ54(bl2(QUmQ7exGbNMr3HO~p(hddki#4i`Du^Gb Lmu|hZX2K=_sbj26 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/dmitchAppleThawte.cer b/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/dmitchAppleThawte.cer deleted file mode 100644 index c0bed0075b5e30025f9970d5b6291619ec269f9c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 721 zcmXqLVmfQk#ALRBnTe5!iJ5=rV*_3`POUbNw(q=*j4Z4S21$n82Apinp)72|Oi_-8 zss_p+4wtY@NJe6LNveW#eqM2DPDy57x`IYPNu{QOPf3cNp^kwTNEx%RGE`YWYEf~1 zUSf`dTTyCiZenJRf@g7YDM**Iqk)__uYswdfsu)!nX$2{X%vuahQu{+GL$!vg_tJ> zH4ko#Z)$E*Y7tlg%-x)fVgf0-nI*{?4v7T?IjMTd`MCy7j7rE}V`ODuZerwT0E%-l zH8Cemp zR!_5tTU)E{-Ymu)^iJu-?THrZY&A9W_e|*fdW_L6;_`~*2!)oZ8&A%Qt1K*e@vElS zMNwf&(YlYnf^AsX6Bj89bA^X&zgxP7%X9gpg200*f)4Y$|F)SrGgb4Sn3-A9J4;II z9YeEk`0}+~ua{YyecGM!C3KTo6w6_Lp=p8pp6omkRGQc_<%-G*bD6%E-C_5(U)=g= z{i*6rhglL&lzdUxkkQs5xI!o){z-@Ot_>1_UYlk%XKU$KoH=at=4*Y1P^7kSe*F(; z`GYx2dhPs|yP4cu&cw{fz_?h~K-)kX7}BzWEFuO%jhMm61CkVGWc<&Sm(@3Kczp>HT$CLh^>p#9kO`ja)ef#=aaQ%7 z>$&vCO5U=Ple?d7&$U_CxR+hVRA%A>;M1& diff --git a/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/emptyTrustSettings.plist b/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/emptyTrustSettings.plist deleted file mode 100644 index e2b6ee1e..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/emptyTrustSettings.plist +++ /dev/null @@ -1,10 +0,0 @@ - - - - - trustList - - trustVersion - 1 - - diff --git a/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/localhost.cer b/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/localhost.cer deleted file mode 100644 index 12a59c7435744d68bbe88c8970ff0c2096a50592..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 486 zcmXqLVti!K#OS?%nTe4Jhzz*dIJMe5+P?ELGO`-z844Q+vN4CUF!OMwq$ZW7D-`AD zml%p0h=K&Uc=#L(3UX2vobz)FN=s6U4CKUl4a^Ko4NQ#;jSNi9qJUg;B(8z3p^$+9 z#5~TN{N%)(jQnCe#x>42;6*rxk(GhDv6sQ1v6HE>k>Nm;zVZ50mJ;DBCwKj3%iZqK zXPI?t)|{2a$v$^vH!C*_*A`T5Qf~d*-@S6q;^}TjH|4zlp3uPhG^z4Hc#p#Vu<|tl z{pr5?oKJ=L`kt$W27g)gz2WKemzkC3&nj})ul4tR^iK1N*w=PVjVgiS3yV579eA~o z{rSb6xu=WlpNIcF$i&RZz_=I~JO=zg56KEMGX7^_HDG3BWI%Q^E6B}_4C;=%v)Dr? zbg#afIYlqb{%#Sgec;9!yisoNu2q`f+^YOcWD3VimKcst)2m|z|4!z4_n2Yp=4gNC ztJ9}nSP&c7@x-mMf2%cP#<`NSE@qKtUBU`1r9b~KoWJIqn}F~4o2#Zi*c$S4cGapc duE$>=P&72zGWh|A?8@l#sSp24F7YeU2LKm8v_}8{ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/makeTrustSettings b/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/makeTrustSettings deleted file mode 100755 index c6806a86..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/makeTrustSettings +++ /dev/null @@ -1,51 +0,0 @@ -#! /bin/csh -f -# -# Build trust settings needed for the test script trustSettings.scr. -# The result is placed in userTrustSettings.plist in the build directory. -# -if ( $#argv != 0 ) then - echo "Usage: makeTrustSettings" - exit(1) -endif - -set BUILD_DIR=$LOCAL_BUILD_DIR -set TRUST_SETTINGS=userTrustSettings.plist -set TRUST_SETTINGS_PATH=$BUILD_DIR/$TRUST_SETTINGS - -echo Creating empty $TRUST_SETTINGS in build directory... -rm -f "$TRUST_SETTINGS_PATH" -security add-trusted-cert -o "$TRUST_SETTINGS_PATH" || exit(1) - -set SECTOOL=security -set SECCMD="$SECTOOL add-trusted-cert -i $TRUST_SETTINGS_PATH -o $TRUST_SETTINGS_PATH" -set cmd="$SECCMD -p ssl debugRoot.cer" -echo $cmd -$cmd || exit(1) - -# allowedError = CSSMERR_APPLETP_HOSTNAME_MISMATCH -set cmd="$SECCMD -p ssl -e -2147408896 -r unspecified localhost.cer " -echo $cmd -$cmd || exit(1) - -# allowedError = CSSMERR_APPLETP_CS_BAD_CERT_CHAIN_LENGTH -set cmd="$SECCMD -p swUpdate -e -2147408849 -r unspecified csLeafShortPath.cer" -echo $cmd -$cmd || exit(1) - -set cmd="$SECCMD -p swUpdate csRoot.cer" -echo $cmd -$cmd || exit(1) - -# allowedError = CSSMERR_TP_CERT_REVOKED -set cmd="$SECCMD -e -2147409652 -r unspecified crlTestLeaf.cer" -echo $cmd -$cmd || exit(1) - -set cmd="$SECCMD crlTestRoot.cer" -echo $cmd -$cmd || exit(1) - -# default root setting for SMIME : Deny -set cmd="$SECCMD -D -p smime -r deny" -echo $cmd -$cmd || exit(1) diff --git a/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/one.scr b/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/one.scr deleted file mode 100644 index fd184338..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/one.scr +++ /dev/null @@ -1,57 +0,0 @@ -# -# TrustSettings tests/ -# -# This must be run with trustSettingsTest.keychain in your KC search path -# and TBD.plist as your per-user trust settings. -# -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -end - -test = "dmitch@apple.com Thawte, TrustSettings, generic" -useTrustSettings = true -useSystemAnchors = true -cert = dmitchAppleThawte.cer -cert = thawteCA.cer -# IS_ROOT | TRUST_SETTINGS_FOUND_SYSTEM | TRUST_SETTINGS_TRUST -certstatus = 2:0x310 -end - -test = "dmitch@apple.com Thawte, TrustSettings, generic" -useTrustSettings = true -useSystemAnchors = true -cert = dmitchAppleThawte.cer -cert = thawteCA.cer -# IS_ROOT | TRUST_SETTINGS_FOUND_SYSTEM | TRUST_SETTINGS_TRUST -certstatus = 2:0x310 -end - -test = "dmitch@apple.com Thawte, TrustSettings, generic" -useTrustSettings = true -useSystemAnchors = true -cert = dmitchAppleThawte.cer -cert = thawteCA.cer -# IS_ROOT | TRUST_SETTINGS_FOUND_SYSTEM | TRUST_SETTINGS_TRUST -certstatus = 2:0x310 -end - -test = "dmitch@apple.com Thawte, TrustSettings, generic" -useTrustSettings = true -useSystemAnchors = true -cert = dmitchAppleThawte.cer -cert = thawteCA.cer -# IS_ROOT | TRUST_SETTINGS_FOUND_SYSTEM | TRUST_SETTINGS_TRUST -certstatus = 2:0x310 -end - -test = "dmitch@apple.com Thawte, TrustSettings, generic" -useTrustSettings = true -useSystemAnchors = true -cert = dmitchAppleThawte.cer -cert = thawteCA.cer -# IS_ROOT | TRUST_SETTINGS_FOUND_SYSTEM | TRUST_SETTINGS_TRUST -certstatus = 2:0x310 -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/thawteCA.cer b/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/thawteCA.cer deleted file mode 100644 index e7133022d01cc80687d5338b5ce1bffab47184c6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 835 zcmXqLVzxJEVp_3)nTe5!iILZUmyJ`a&7D}zDfMMG`_PB!LH7B*p~C`Ut4 z17Q${LzpK#wYVg;C{MvTu^`n@$Up!j%r49c;wpsXm**Ku8AyP{xP%2mG7`&6QWc!@ z^NLGzN;31(4K)nZKyuu|^3JJ6C7EfN$%!SI`FRS#sYPX($*IK(E}3PS#Xu256$2%Z zN@ihcs3`%dMaB7fi8%^xMX9N|iJ3VH&W?uK2AXhpb25s_6hIZ}ra=`slz`o!mzJmQ97NX1$}oT4i4t zc6z-HH~aIC@)ONew1m%VU;W%vZp*w+``>N}JNEq!4NNK5moM8rKlS2Kt&moJ50?7n z+b-H9vN*`4NERh*|INhA$iTR`af(6XL<1q9pJas@8UM3z7_b2;CPoGWXONgYi;aPm zfyDx|1tx7q86_nJR{HwMMLBwiaMp)}11!E^(dF!@2UKUk4KjqEg$0=I*np7-#H7?5BV9vd3*=A(rcY*IaC!7x3}}AEt#^iZaoU=6 z{`&Q6_8k&m=sa!8+qc)qp8U$8W0_hO748T{*|HuSdZ@HGb-?@88?69pms@_wAL*Qvs=HQ{VE(VTu(^ UcN8T}@2PCOEbI0^Ha^uK00|fm9{>OV diff --git a/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/trustSettings.scr b/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/trustSettings.scr deleted file mode 100644 index e5a64fb1..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/trustSettings.scr +++ /dev/null @@ -1,176 +0,0 @@ -# -# TrustSettings tests. -# -# This must be run with trustSettingsTest.keychain in your KC search path -# and userTrustSettings.plist as your per-user or admin trust settings. -# -# A script to recreate userTrustSettings.plist is in the makeTrustSettings -# script in this directory; the result can be imported into your user-domain -# settings via security trust-settings-import. -# -# See the buildAndTest script in this directory for al all-in-one op. -# -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -end - -# -# Note: with TrustSettings disabled, we pass in roots as root certs; -# with TrustSettings enabled, we pass roots as regular certs if we -# want success. -# - -# -# debugRoot and localhost, with allowed HOSTNAME_MISMATCH test -# -test = "Ensure localhost.cer fails with TrustSettings disabled" -useTrustSettings = false -cert = localhost.cer -cert = debugRoot.cer -sslHost = localhost -verifyTime = 20060601000000 -error = CSSMERR_TP_INVALID_ANCHOR_CERT -# IS_IN_INPUT_CERTS | IS_ROOT -certstatus = 1:0x14 -end - -test = "localhost.cer with TrustSettings enabled" -useTrustSettings = true -cert = localhost.cer -cert = debugRoot.cer -sslHost = localhost -verifyTime = 20060601000000 -# IS_IN_INPUT_CERTS -certstatus = 0:0x4 -# IS_IN_INPUT_CERTS | IS_ROOT | TRUST_SETTINGS_FOUND_USER | TRUST_SETTING_TRUST -certstatus = 1:0x254 -end - -test = "localhost.cer with allowedError HOSTNAME_MISMATCH" -useTrustSettings = true -cert = localhost.cer -cert = debugRoot.cer -sslHost = 127.0.0.1 -verifyTime = 20060601000000 -# IS_IN_INPUT_CERTS | TRUST_SETTINGS_FOUND_USER | TRUST_SETTINGS_IGNORED_ERROR -certstatus = 0:0x844 -# IS_IN_INPUT_CERTS | IS_ROOT | TRUST_SETTINGS_FOUND_USER | TRUST_SETTING_TRUST -certstatus = 1:0x254 -# Detected and logged but not a fatal error due to TrustSettings -certerror = 0:CSSMERR_APPLETP_HOSTNAME_MISMATCH -end - -# -# Software Update Signing with allowed CS_BAD_CERT_CHAIN_LENGTH test -# -test = "SWUSigning, normal, no TrustSettings" -useTrustSettings = false -cert = csLeaf.cer -cert = csCA.cer -root = csRoot.cer -policy = swuSign -verifyTime = 20060601000000 -# CSSM_CERT_STATUS_IS_IN_ANCHORS | IS_ROOT -certstatus = 2:0x18 -end - -test = "SWUSigning, normal, TrustSettings" -useTrustSettings = true -cert = csLeaf.cer -cert = csCA.cer -cert = csRoot.cer -policy = swuSign -verifyTime = 20060601000000 -# IS_IN_INPUT_CERTS | IS_ROOT | TRUST_SETTINGS_FOUND_USER | TRUST_SETTINGS_TRUST -certstatus = 2:254 -end - -# note no per-cert status of CS_BAD_CERT_CHAIN_LENGTH, it applies -# to the whole chain -test = "SWUSigning, allowed bad path length" -useTrustSettings = true -cert = csLeafShortPath.cer -cert = csRoot.cer -policy = swuSign -verifyTime = 20060601000000 -# IS_IN_INPUT_CERTS | IS_ROOT | TRUST_SETTINGS_FOUND_USER | TRUST_SETTINGS_TRUST -certstatus = 1:0x254 -# IS_IN_INPUT_CERTS | TRUST_SETTINGS_FOUND_USER | TRUST_SETTINGS_IGNORED_ERROR -certstatus = 0:0x844 -end - -# -# CRL testing with allowed CSSMERR_TP_CERT_REVOKED test -# see documentation in clxutils/makeCrl/testFiles/crlTime.scr for info -# on certs and CRLs. -# -test = "revoked by CRL, no TrustSettings, expect failure" -useTrustSettings = false -requireCrlForAll = true -revokePolicy = crl -cert = crlTestLeaf.cer -root = crlTestRoot.cer -crl = crl.crl -# Normal revocation case. -verifyTime = 20060418090559Z -error = CSSMERR_TP_CERT_REVOKED -certerror = 0:CSSMERR_TP_CERT_REVOKED -# CSSM_CERT_STATUS_IS_IN_ANCHORS | IS_ROOT -certstatus = 1:0x18 -end - -test = "revoked by CRL, TrustSettings, expect success" -useTrustSettings = true -requireCrlForAll = true -revokePolicy = crl -cert = crlTestLeaf.cer -cert = crlTestRoot.cer -crl = crl.crl -# Normal revocation case. -verifyTime = 20060418090559Z -# IS_IN_INPUT_CERTS | TRUST_SETTINGS_FOUND_USER | TRUST_SETTINGS_IGNORED_ERROR -certstatus = 0:0x844 -# IS_IN_INPUT_CERTS | IS_ROOT | TRUST_SETTINGS_FOUND_USER | TRUST_SETTINGS_TRUST -certstatus = 1:0x254 -certerror = 0:CSSMERR_TP_CERT_REVOKED -end - -# -# dmitch@apple.com Thawte with test of default setting = deny for SMIME -# -test = "dmitch@apple.com Thawte, no TrustSettings" -useTrustSettings = false -useSystemAnchors = true -cert = dmitchAppleThawte.cer -cert = thawteCA.cer -policy = smime -verifyTime = 20060601000000 -senderEmail = dmitch@apple.com -# CSSM_CERT_STATUS_IS_IN_ANCHORS | IS_ROOT -certstatus = 2:0x18 -end - -test = "dmitch@apple.com Thawte, TrustSettings, generic" -useTrustSettings = true -useSystemAnchors = true -cert = dmitchAppleThawte.cer -cert = thawteCA.cer -verifyTime = 20060601000000 -# IS_ROOT | TRUST_SETTINGS_FOUND_SYSTEM | TRUST_SETTINGS_TRUST -certstatus = 2:0x310 -end - -test = "dmitch@apple.com Thawte, TrustSettings, SMIME, fail due to default Deny setting" -useTrustSettings = true -useSystemAnchors = true -cert = dmitchAppleThawte.cer -cert = thawteCA.cer -senderEmail = dmitch@apple.com -verifyTime = 20060601000000 -# IS_ROOT | TRUST_SETTINGS_FOUND_USER | TRUST_SETTINGS_DENY -certstatus = 2:0x450 -error = CSSMERR_APPLETP_TRUST_SETTING_DENY -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/trustSettingsTest.keychain b/SecurityTests/clxutils/certcrl/testSubjects/trustSettings/trustSettingsTest.keychain deleted file mode 100644 index ff99148a8a228306c6e49c79eaeb1df1637c5e99..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 30020 zcmeHQd3+RA)~(K-kU;i?0MhJ1whl>H6eN%Y2qX|l!XjemBpnE3v(pI#7$+zq3Mzvj zC@`Qb1Be@LEILL;6dh59Wkd%Nkj;Gqaly%VPIbLdHr1UfaQ^%5kDIRh>YelUTen_S zH#2Grr%5J>5(hSce!TA}ZhK`ocqE0f_9o`G)TVIVIoSQo~ zV@O_ZdJfK$gZbQXFumo~92uk1(kI9SI6oZf?SX^m%vW<{4<4J7F=|+T*66gn%yi^o zpZK`rsly3Hn9mogS?4-udzh8^{GjggiF6C{_`A4~GUq-EoBCTpLxN368ND;|AxZDM zLpi5{q3lz&2rjl+qkr;p(#PiKj?K%-#d-EGq-AUTVgB3kfwj{zlBp2IHXTNlk>-^P zT?U2i4ci;GH*9a%KCpdY`@r^r?F-u%wl8d7*nY76VEe)LgY6I7AGSYif7k)A17HWh z4uBm9I}mmt>_FH-u!CR+!487m40bcv&0sf!9Sl1db};N<*dee(V28jCf!!Q-bJ)#c zH;3H`oV7GuB3Of{bDC|(!VX(tshrtem9S%Djb~x;C*b%TJU`N1?fE@`t5_Tl) zNZ3)ZqhLqDj)ENxI~sO0>}c3Auw!7yz>a|(3p*BeEbLg=QVItE!f{bc4;Ts1WN3fr zz&iY)SPKgs&LbI4-uCd=3ISMKmWO8IKMmY>qX%j-#_ z{aXIZExx9-%(eYme$6f3T2y3r=|3%h=N4a8RWj8DujT*T;e9pwU(5Ho!}}@iSNFe` z&vS?OSK6<})7Q~fi#vRP(tb6b{!I^F&Z9B@Ax7|3MP=nmMah=}Z4T94ewDq(b^Lja z(v7cl6qX`CMU>C$lWx4#QClgaui$xI(v7dIu)F$?a6@>jW136(5eD!98uK^O06tI| zKeku&Uz7oSkTQO1e6#_4GiChL_!tBDU}gN&c*MB6$1g+~KQ+Fk0etgH=lH4daeDB` z!+B1jzod{O1=>nE#z&)Ewf=EN;6*GW@FFg01mnOHUWsQK%Ws4HNev@9KYepJ1f^uKuUDLALe^*>1l@NB26|KUB7-u7$x zpFRfgTK=c60lb#~>1P11<$rj8sJH!E{^uqGcrE{PvjM!8|G~bX?)q!_pMeJOTK?x2 zop{FC6j%Q<2x)ryU*KK+Pl`djtN$5n5bx@Lh8V=V`kz#Tcvt_EW)Sb{f6@)&UH#8c z19*VjVa*hyR9;9g>td3&#}2_C`K$jFb0f=udd|fi>&10g7W^_%Gkp z(DS%7^n)&hoe7(oW?c_ z%56~zeHQvHo^!wsg&hhz6m}TwFxX+R!(fNQ4u>5MI~;Zd>amoDIbom{CqU^kuun zP?Xa?9y%9#K$1EjV~0}cE0WYP6gmY8d?(;LWkOd%Pe@Yd?oePl1JecNbU`^?o^?I~ zjYq!t)zI^j)D`7)MSZ#+m82U{&W#S}K1u4<8j5nd?U1DI0npo^+nifkJ%I1A5_(#a zdUl7-f&$YEm|iHS7s}~%S&}TsXITwBkHoqI7kU_T6vupaE(_i=6b`M(W9SQLb?QzU>_I z0H_{L*Vs*K%&`_UpYLn+rHF+^+5Q>jMYdU2#+!9x3?|OwP!=sNQ8zK(TJwi|yq__` zC&oEYu3K(xrOjCfF&~3<@^L=0TrtKGGM}v|&FZjbRusxho6O{8Jwu>+>nZ98h@>?p zgS#eO&r8%5125(n1dsIW+OQpA!w1sVzU)Ha-!MaGw1jgP`v-S{F~RUz`T ze2!HLRP2Z2uuc0J&|gymv+X72jw=^i_9xeo*7G=Ze+a&eI%I~>S5tfkmzG$0 za|ID&gSbS0-;|WslpsI*hHXoMGKkaNx8=5}R^(UXwVutX+k)(}IOleCm23H0&*t3X zEA17obIS~N-St!CYdyDfH-07!-=_84&MjWU zxAiknf0Kr9>u&_F;oEL9g4ghETF>p=wqL`y4KPx^hHsfXhPPX43F&DLCt?Z88{tWW0uN8*Bux;oF87!E5-oR3mr|-y5 z;2YNh^6|c#LVUnTTWxBowTia^w0VD`^?Xmg76exo@``(SV%^=JuzsG}CivI~oyu{ zq;9?nHVFF}CB-Gyf>N1I=40K+sfSP0jrRa@zhznrY^5+DOv{Cif$HI6K8^u>FS(iz zuBfsaZ4McuWQu=D4fGV(aH5BY3T51;765QWb_y`1}qG8^X%>&Cru zJzS!0+#h6n19NQURV8dM42bBzi8$87C;CtLf);~IXIg8ke#c5q*6~)IoT84Q$WLsu z^jQwOwa_6Jov0(9Z5pX#n8Fu2%2s2u|DKeb9FyC0a*8ntS2!^yh4$J?*<%T=$p*P1 z1Xr5vDz4iNaz!d!erYy1zbn3q*S>t6T05Oe5RAhX_Jd1tEW!n;(DTxODmQr zM!Fs@jsdxtmt5{*30{Hp@QJ#Si>eh%Ow-9F>ef^&QKFMi)Xh^YFS{54{U3Y}b{y?SB^u3bI# z6P$Wti92+1iarcRezw_NEJ5d|r;cLIgeZJku>?aYJzS!0O~n$tDC*%8{ii3EsMg6T z>d3jx{&N>g)ac|BbqrJZJjD_-b#jU^@f1tUGRWmAmf)3F&v=M>d5R@w>*V4!kz?R4 zmYAcHN7TtvEP;1$bhS^+jizFWKk4KXb3;!oai>mB(Qoczi9hS)5&h;VmZ&qp#raR+ zn$n6T<{@3r9OD>}i+N@L=H|KST{`*LPO&!0rxi=wt&>aCt*KaIzD_<-H&3y|JvzBW z-I|Ie7U<*?b@LQU+^ds|>wsgRCze>KlT);}saWDZoqVFbfymE!q7_Truair(S5GXl z$RMYlSYokGPSJ-=#S#zb<$c&6HCP1Ii$(P4IQ@&S2zDT8=xb@E{ z!V@Aqi)rM|#rgF*dB>1f`MwQ#L$a$2@azP%!>v`^Y=VfoZon~P8MSEjBkL-@14GX6 zTzhqu!&by;hFYCGys)v_#H7VbXk?X4PW>=ubwK8SnIBn9&$#F6@F}E3O zQR1PDfhlH1+u&2g_ews~ETr*zOED{|%4g!ZGoE4F7ed!TcR&w7&pYYl-xRdqcsO(l z(vzSRmc??|ckDAB2SOQhk&`h^2$T{F6?Nk$F%+h=|0qo7HIl+~(LSd0dPiY8V|5DC zBjqD!y03D~bY6!j%rDAfIi_qh3dD_ zm`e5*=Pfhk?&UW{Y2Go^Re7U|Lf8Zjs92lTY}8r=m(T{9g+0={=CB9%EH(H zLN3gqaK?WW#pd@-eUHIKWBh`%amky2<{oxt5%b7&)@gfn!nv-{9?*f%Ea*Jwi^};| zEq9qtK}W9h_A+_lpQV{!;EfB0FSrz9GWlA1CPY}m{Jisgyn};^Yz5U*&Gw24M?#Dx ziittN@+%)Ub81CdCB8amx7-jDV(DW^wj}pX=xs^vb1TfgD$~*0z`bUr9$USo zsxb3do98>+9r35i+1oqZ^V>s~3r`Q7_t1+so2I?z*q_#CVxRjX%s$mWH$1*}+mAy-vo3wOb@_=GbAMhn zd+UYtx4x)vmyqM^FFHon4;q@ahH3QO;?39kKu%o^yWcn$w?RPG>4}+Vls` z>BQc@o6|6jHr(QAQa`=0YrlUEeP_)-f4vwrWVbc>LU4Tk#>IYdd%M4L+%Lte)s}zV z{7q-m$v5_P88~cH?4^;hcV^65{_nrs`S8Y$75j!Cdc~6T-7^ml{JA#f^ySC4WSlZt zGd2enpWpCmD^s_XYZmu7crJ558^1~Ye5AAf$D?vz=WhPw_G4WOb|q*2EitCfdVcuJ13pcf zBIPbw`q7k%;{#6aYnk=nnW=tHT05;ytRHaf_>t_XpC*pEJk&q;`}t!&-?DDwjcxAQ z=0AF8@3wDkKq-7leyrIpjKMy6I2+01+`#hjKtByX5` ztR9b@ketvr(b78^vpWF}JfXK@T2d3@EuEdrZB@*9WG=N?i_KNj5G9y-`E`F;@HFMm zN)J5xZTQmDJC5D))A}8C5ka-jKK^pE0skn!XT+0h9xV4+);=lq;vLJ^M|A5pXWth& z?}sL|PxT$ScI<>L2OCNUv@A^c+oG9k-;I8$_|Bhm5*GH{HaBS3BcG3(9NE9s-ul#k zS2gVYD(b^0w*Kv#~Xz1vZ|6%_F{0(f` zPjVeJHAb9Hdh(?IAp_6SBY3ABn=P&B{%ijkc9AfIYx@OXC_xZg4?y5h}_<2;T z*QRZ|ST&`gG`4&80{hlpyDq+*RMTbI^2|wZ#oW4Jc5d~@F&hhOJB`eo{^*gijdzZG z-af$*66%vV`h%!`-TK}=_Uq6myT3Q?^tM-Kb?9>Vj@RR-hO9hw`_#UN`!*DH$(sJ) z;)Xrbrab3dNF6NgTo+Pw`G;x`UM?#tUUB!Q?VjA)|J?Ks+CO4{D|%4&y#bq6Z=Cc={UeW#soxly``)6P zy8UP7t{+P8eZ0kwhbC7a3GT4`iC=$6srazrRJXemW}Ww&QS#1nyK9oRR-cP{_N|N& z4fC_V``$d{^}q%9J+#)j9n5*bd8Fwqeb>?H*&FI>u56mj47AqOjC6MO#p z?W(N@Ck%UY)%hKLpMU!=Uwf@fe0$D)lb5C~T|Q~p{r~#v!I4us+`Ok-Z0BQZ+{RT} zHw(9%{>PhxPEHF6^`G<7{!=eKv;66Ip4z%)Qm=L~HJdK_&amb0kNR-ZV{fk7|Mq=f zBxMhH>ZOh?UfDKxYtHeLL*{h*`)qq?`C@$c&Aay8j*(ye=VCYi zxYC(F4(s>i`rI?S)4E6Q{?o{I@o_)(Z~yY$nOnc~ethOPyT`w|@V~p{NrFFI3tB_K z^X}67U-S5pRg!SGcumua*v8nae%yQJSI=z?c>Kii<3rzAm1%u1pa{*0L>|Un%ASOm zh{4h^=f$wi2U%mJK%llsZdD6Wj_RhF{XhTDD^OSx|z1Qp;UVkf*^h^LuX>|z?;7jrw)W&u21x|^GefFg@t;;sg?s;+8WP zv5pj3xG?Ti^2dWd8-HN!8t?c%%YXO>e^)Bt4b&Oe2mYTXksI(R0cp{&V~%3me3-I^{VVE%wG^14HseDA~lOM#N> zdhW5Vi$mFa7_QXgkLcq+gi9H)Or>7e9UFj$@`v#$vBoTLin%3zw-Kizzl2_ZUdCL) zc+0;DN54y9es(*@pL2o!m!C}6`w4!T10UEUcK+TY%8e?5)AbJ>S89Y7lUiegfpwWF=k+0cd1dgr6O zm^6ICmW6#O+Da_jo&>#?Jw4*CWql3+?t0c!3h>t(N08%s*ACarA9x>Zst2DBlwwle zcffeYnxPY*OQ0C@mZ8vGIoFl7!7&wU=UT_*T5;Dqp4W>{LEEo)EdK}&jE}sw@PYN{ z{H^yH@r4vlt&)CgAV?s7_KT zxRqv0;=Li*@_RBYeE1(&Hrp@em3WtkWxc_IAXqb!OP@*S>zrN0I+~#;pcG-(%hr`P zY^MFoaeurM!7TD~-OYz4f0%J@;^pXlKfKrSli#Y8_a#i-nPdFHY58*|UpVy0nirOs za%b#)bIF!=fBm^%#?F0#H|J*T?EcWFiw_0uD=wJ$aLnJ|ek#3)q!2>o0_4wzh6Wmo z - - - - trustList - - 1A6EE3F34707C575104855407F11366F252BDF4E - - issuerName - - MDUxGjAYBgNVBAMMEURlYnVnIENSTCB0ZXN0IENBMRcwFQYDVQQK - DA5BcHBsZSBDb21wdXRlcg== - - modDate - 2006-05-15T22:49:41Z - serialNumber - - AA== - - trustSettings - - - 2B2B62B84C339912D385727CDC9E4A325E66B848 - - issuerName - - MC4xEzARBgNVBAMMCmRlYnVnIHJvb3QxFzAVBgNVBAoMDkFwcGxl - IENvbXB1dGVy - - modDate - 2006-05-15T22:47:56Z - serialNumber - - Ag== - - trustSettings - - - kSecTrustSettingsAllowedError - -2147408896 - kSecTrustSettingsPolicy - - KoZIhvdjZAED - - kSecTrustSettingsResult - 4 - - - - 3D73463E8C498EF68455B2810A9C7143F7FABF14 - - issuerName - - MDgxHTAbBgNVBAMMFENvZGUgU2lnbiBERUJVRyBSb290MRcwFQYD - VQQKDA5BcHBsZSBDb21wdXRlcg== - - modDate - 2006-05-15T22:48:53Z - serialNumber - - Bg== - - trustSettings - - - kSecTrustSettingsPolicy - - KoZIhvdjZAEK - - - - - A252844C7A99EF1CDB285486B87A0775DD9452FF - - issuerName - - MDUxGjAYBgNVBAMMEURlYnVnIENSTCB0ZXN0IENBMRcwFQYDVQQK - DA5BcHBsZSBDb21wdXRlcg== - - modDate - 2006-05-15T22:49:20Z - serialNumber - - AQ== - - trustSettings - - - kSecTrustSettingsAllowedError - -2147409652 - kSecTrustSettingsResult - 4 - - - - E9A8529BA7C348D4909F90EBFED6A5D8F586B069 - - issuerName - - MDgxHTAbBgNVBAMMFENvZGUgU2lnbiBERUJVRyBSb290MRcwFQYD - VQQKDA5BcHBsZSBDb21wdXRlcg== - - modDate - 2006-05-15T22:48:34Z - serialNumber - - AA== - - trustSettings - - - kSecTrustSettingsAllowedError - -2147408849 - kSecTrustSettingsPolicy - - KoZIhvdjZAEK - - kSecTrustSettingsResult - 4 - - - - FD43367F400AB693F86D3E08C4D94CE4F4DFB587 - - issuerName - - MC4xEzARBgNVBAMMCmRlYnVnIHJvb3QxFzAVBgNVBAoMDkFwcGxl - IENvbXB1dGVy - - modDate - 2006-05-15T22:38:25Z - serialNumber - - AQ== - - trustSettings - - - kSecTrustSettingsPolicy - - KoZIhvdjZAED - - - - - kSecTrustRecordDefaultRootCert - - issuerName - - - modDate - 2006-05-17T17:40:36Z - serialNumber - - - trustSettings - - - kSecTrustSettingsPolicy - - KoZIhvdjZAEI - - kSecTrustSettingsResult - 3 - - - - - trustVersion - 1 - - diff --git a/SecurityTests/clxutils/certsFromDb/Makefile b/SecurityTests/clxutils/certsFromDb/Makefile deleted file mode 100644 index 9db0fe52..00000000 --- a/SecurityTests/clxutils/certsFromDb/Makefile +++ /dev/null @@ -1,54 +0,0 @@ -# name of executable to build -EXECUTABLE=certsFromDb -# C++ source (with .cpp extension) -CPSOURCE= certsFromDb.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/clxutils/certsFromDb/certsFromDb.cpp b/SecurityTests/clxutils/certsFromDb/certsFromDb.cpp deleted file mode 100644 index 7dd39b23..00000000 --- a/SecurityTests/clxutils/certsFromDb/certsFromDb.cpp +++ /dev/null @@ -1,210 +0,0 @@ -/* - * certsFromDb.cpp - extract all certs from a DB, write to files or parse to stdout. - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static void usage(char **argv) -{ - printf("Usage: \n"); - printf(" %s keychainFile f certFileBase [option...]\n", argv[0]); - printf(" %s keychainFile p(arse) [option...]\n", argv[0]); - printf("Options:\n"); - printf(" R fetch CRLs, not certs\n"); - printf(" P pause for MallocDebug one each item\n"); - printf(" q Quiet\n"); - exit(1); -} - -int main(int argc, char **argv) -{ - int rtn; - CSSM_DL_DB_HANDLE dlDbHand; - CSSM_RETURN crtn; - char filePath[300]; - unsigned certNum=0; - CSSM_QUERY query; - CSSM_DB_UNIQUE_RECORD_PTR record = NULL; - CSSM_HANDLE resultHand; - CSSM_DATA theData = {0, NULL}; - char *fileBase = NULL; - CSSM_BOOL doPause = CSSM_FALSE; - CSSM_BOOL isCrl = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - int optarg = 3; - - if(argc < 3) { - usage(argv); - } - switch(argv[2][0]) { - case 'f': - if(argc < 4) { - usage(argv); - } - fileBase = argv[3]; - optarg = 4; - break; - case 'p': - /* default, parse mode */ - break; - default: - usage(argv); - } - for(int arg=optarg; arg -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define NUM_CERTS_DEF 10 -#define NUM_DBS_DEF 3 -#define KEYGEN_ALG_DEF CSSM_ALGID_RSA -#define SIG_ALG_DEF CSSM_ALGID_SHA1WithRSA -#define LOOPS_DEF 10 -#define DB_NAME_BASE "cgConstruct" /* default */ -#define SECONDS_TO_LIVE (60 * 60 * 24) /* certs are valid for this long */ - -/* Read-only access not supported */ -#define PUBLIC_READ_ENABLE 0 - -static void usage(char **argv) -{ - printf("Usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" n=numCerts; default = %d\n", NUM_CERTS_DEF); - printf(" l=loops; default=%d; 0=forever\n", LOOPS_DEF); - printf(" a=alg (f=FEE/MD5, f=FEE/SHA1, e=FEE/ECDSA, r=RSA, E=ANSI ECDSA; default = RSA\n"); - printf(" K=keySizeInBits\n"); - #if TP_DB_ENABLE - printf(" d=numDBs, default = %d\n", NUM_DBS_DEF); - printf(" A(ll certs to DBs)\n"); - printf(" k (skip first DB when storing)\n"); - #if PUBLIC_READ_ENABLE - printf(" p(ublic access open on read)\n"); - #endif - #endif - printf(" f=fileNameBase (default = %s)\n", DB_NAME_BASE); - printf(" P(ause on each loop)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -#if TP_DB_ENABLE -static int doOpenDbs( - CSSM_DL_HANDLE dlHand, - const char *dbNameBase, - CSSM_DL_DB_HANDLE_PTR dlDbPtr, - unsigned numDbs, - CSSM_BOOL publicReadOnly, // ignored if !PUBLIC_READ_ENABLE - CSSM_BOOL quiet) -{ - unsigned i; - char dbName[20]; - CSSM_BOOL doCreate = (publicReadOnly ? CSSM_FALSE : CSSM_TRUE); - - for(i=0; iDLDBHandle, - dbList->NumHandles, - CSSM_FALSE, - quiet)) { // publicReadOnly: this is create/write - return 1; - } - } - /* else DBs are already open and stay that way */ - #endif - - /* - * Pick a random spot to break the cert chain - half the time use the - * whole chain, half the time break it. - */ - certsToUse = genRand(1, numCerts * 2); - if(certsToUse > numCerts) { - /* use the whole chain */ - certsToUse = numCerts; - } - if(verbose) { - printf(" ...numCerts %d certsToUse %d\n", numCerts, certsToUse); - } - - if(tpMakeRandCertGroup(clHand, - #if TP_DB_ENABLE - dbList, - #else - NULL, - #endif - certs, - certsToUse, - &certGroupFrag, - CSSM_TRUE, // firstCertIsSubject - verbose, - allInDbs, - skipFirstDb)) { - printf("Error in tpMakeRandCertGroup\n"); - return testError(quiet); - } - - if(certGroupFrag.NumCerts > certsToUse) { - printf("Error NOMAD sterlize\n"); - exit(1); - } - - #if TP_DB_ENABLE - if(publicRead) { - /* close existing DBs and open again read-only */ - - unsigned i; - CSSM_RETURN crtn; - - if(verbose) { - printf(" ...closing DBs\n"); - } - for(i=0; iNumHandles; i++) { - crtn = CSSM_DL_DbClose(dbList->DLDBHandle[i]); - if(crtn) { - printError("CSSM_DL_DbClose", crtn); - if(testError(quiet)) { - return 1; - } - } - } - if(verbose) { - printf(" ...opening DBs read-only\n"); - } - if(doOpenDbs(dlHand, - fileBaseName, - dbList->DLDBHandle, - dbList->NumHandles, - CSSM_TRUE, // publicReadOnly: this is read only - quiet)) { - return 1; - } - } - #endif - - /* - * Okay, some of the certs we were given are in the DB, some are in - * random places in certGroupFrag, some are nowhere (if certsToUse is - * less than numCerts). Have the TP construct us an ordered verified - * group. - */ - crtn = CSSM_TP_CertGroupConstruct( - tpHand, - clHand, - cspHand, - dbList, - NULL, // ConstructParams - &certGroupFrag, - &resultGroup); - if(crtn) { - printError("CSSM_TP_CertGroupConstruct", crtn); - return testError(quiet); - } - - /* vfy resultGroup is identical to unbroken part of chain */ - if(verbose) { - printf(" ...CSSM_TP_CertGroupConstruct returned %u certs\n", - (unsigned)resultGroup->NumCerts); - } - if(resultGroup->NumCerts != certsToUse) { - printf("***resultGroup->NumCerts was %u, expected %u\n", - (unsigned)resultGroup->NumCerts, (unsigned)certsToUse); - rtn = testError(quiet); - goto abort; - } - for(certDex=0; certDexGroupList.CertList[certDex])) { - printf("***certs[%d] miscompare\n", certDex); - rtn = testError(quiet); - goto abort; - } - } -abort: - /* free resurces */ - tpFreeCertGroup(&certGroupFrag, - CSSM_FALSE, // caller malloc'd the actual certs - CSSM_FALSE); // struct is on stack - tpFreeCertGroup(resultGroup, - CSSM_TRUE, // mallocd by TP - CSSM_TRUE); // ditto - #if TP_DB_ENABLE - if(dbList != NULL) { - unsigned i; - CSSM_RETURN crtn; - - if(verbose) { - printf(" ...deleting all certs from DBs\n"); - } - for(i=0; iNumHandles; i++) { - clDeleteAllCerts(dbList->DLDBHandle[i]); - } - if(publicRead) { - if(verbose) { - printf(" ...closing DBs\n"); - } - for(i=0; iNumHandles; i++) { - crtn = CSSM_DL_DbClose(dbList->DLDBHandle[i]); - if(crtn) { - printError("CSSM_DL_DbClose", crtn); - if(testError(quiet)) { - return 1; - } - } - } - } - } - #endif - return rtn; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - CSSM_TP_HANDLE tpHand = 0; - CSSM_CL_HANDLE clHand = 0; - CSSM_CSP_HANDLE cspHand = 0; - CSSM_DL_DB_LIST dbList = {0, NULL}; /* for storing certs */ - CSSM_DL_DB_LIST_PTR dbListPtr; /* pts to dbList or NULL */ - unsigned i; - char *notAfterStr; - char *notBeforeStr; - CSSM_DL_HANDLE dlHand; - - /* all three of these are arrays with numCert elements */ - CSSM_KEY_PTR pubKeys = NULL; - CSSM_KEY_PTR privKeys = NULL; - CSSM_DATA_PTR certs = NULL; - - /* Keys do NOT go in the cert DB */ - CSSM_DL_DB_HANDLE keyDb = {0, 0}; - - /* - * User-spec'd params - */ - unsigned loops = LOOPS_DEF; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - unsigned numCerts = NUM_CERTS_DEF; - uint32 keyGenAlg = KEYGEN_ALG_DEF; - uint32 sigAlg = SIG_ALG_DEF; - unsigned numDBs = NUM_DBS_DEF; - CSSM_BOOL allInDbs = CSSM_FALSE; - CSSM_BOOL skipFirstDb = CSSM_FALSE; - CSSM_BOOL publicRead = CSSM_FALSE; - CSSM_BOOL doPause = CSSM_FALSE; - uint32 keySizeInBits = CSP_KEY_SIZE_DEFAULT; - const char *fileBaseName = DB_NAME_BASE; - - for(arg=1; arg -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define NUM_CERTS_DEF 10 -#define KEYGEN_ALG_DEF CSSM_ALGID_RSA -#define SIG_ALG_DEF CSSM_ALGID_SHA1WithRSA -#define LOOPS_DEF 10 -#define SECONDS_TO_LIVE (60 * 60 * 24) /* certs are valid for this long */ -//#define SECONDS_TO_LIVE 5 - -#define CERT_IN_DB 1 -#define DB_NAME "cgVerify.db" -#define DSA_PARAM_FILE "dsaParam512.der" - -/* - * How we define the "expected result". - */ -typedef enum { - ER_InvalidAnchor, // root in certGroup, not found in AnchorCerts - ER_RootInCertGroup, // root in certGroup, copy in AnchorCerts - ER_AnchorVerify, // end of chain verified by an anchor - ER_NoRoot, // no root, no anchor verify - ER_IncompleteKey // un-completable public key (all keys are partial), DSA - // ONLY -} ExpectResult; - -static void usage(char **argv) -{ - printf("Usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" n=numCerts; default = %d\n", NUM_CERTS_DEF); - printf(" l=loops; default=%d; 0=forever\n", LOOPS_DEF); - printf(" a=alg (f=FEE/MD5, F=FEE/SHA1, e=FEE/ECDSA, s=RSA/SHA1, m=RSA/MD5,\n"); - printf(" d=DSA, 4=RSA/SHA224, 6=RSA/SHA256, 3=RSA/SHA384, 5=RSA/SHA512,\n"); - printf(" E=ANSI/ECDSA, 7=ECDSA/SHA256; default = RSA/SHA1\n"); - printf(" k=keySizeInBits\n"); - printf(" d(isable DB)\n"); - printf(" P(ause on each loop)\n"); - printf(" N (no partial pub keys)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -static int doTest( - CSSM_TP_HANDLE tpHand, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_HANDLE dlDb, - CSSM_DATA_PTR certs, - unsigned numCerts, - CSSM_KEY_PTR pubKeys, // for partial key detect - CSSM_BOOL useDb, - ExpectResult expectResult, - CSSM_BOOL verbose, - CSSM_BOOL quiet) -{ - unsigned cgEnd; // last cert in certGroupFrag - unsigned anchorStart; // first cert in anchorGroup - unsigned anchorEnd; // last cert in anchorGroup - CSSM_CERTGROUP certGroupFrag; // INPUT to CertGroupVerify - CSSM_CERTGROUP anchorCerts; // ditto - unsigned die; // random number - CSSM_DL_DB_LIST dbList; - CSSM_DL_DB_LIST_PTR dbListPtr; - CSSM_RETURN expErr; // expected rtn from GroupVfy() - int rtn = 0; - const char *expResStr; - uint32 expEvidenceSize; // expected evidenceSize - unsigned evidenceSize; // actual evidence size - CSSM_TP_VERIFY_CONTEXT_RESULT vfyResult; - CSSM_CERTGROUP_PTR outGrp = NULL; - CSSM_RETURN crtn; - CSSM_DL_DB_HANDLE_PTR dlDbPtr; - unsigned numAnchors; - - memset(&vfyResult, 0, sizeof(CSSM_TP_VERIFY_CONTEXT_RESULT)); - - if(useDb) { - dlDbPtr = &dlDb; - dbList.NumHandles = 1; - dbList.DLDBHandle = &dlDb; - dbListPtr = &dbList; - } - else { - /* not yet */ - dlDbPtr = NULL; - dbListPtr = NULL; - } - - /* the four test cases */ - switch(expectResult) { - case ER_InvalidAnchor: - /* root in certGroup, not found in AnchorCerts */ - cgEnd = numCerts - 1; // certGroupFrag is the whole pile - anchorStart = 0; // anchors = all except root - anchorEnd = numCerts - 2; - expErr = CSSMERR_TP_INVALID_ANCHOR_CERT; - expEvidenceSize = numCerts; - expResStr = "InvalidAnchor (root in certGroup but not in anchors)"; - break; - - case ER_RootInCertGroup: - /* root in certGroup, copy in AnchorCerts */ - cgEnd = numCerts - 1; // certGroupFrag = the whole pile - anchorStart = 0; // anchors = the whole pile - anchorEnd = numCerts - 1; - expErr = CSSM_OK; - expEvidenceSize = numCerts; - expResStr = "Good (root in certGroup AND in anchors)"; - break; - - case ER_AnchorVerify: - /* non-root end of chain verified by an anchor */ - /* break chain at random place other than end */ - /* die is the last cert in certGroupFrag */ - die = genRand(0, numCerts-2); - cgEnd = die; // certGroupFrag up to break point - anchorStart = 0; // anchors = all - anchorEnd = numCerts - 1; - if(pubKeys[die+1].KeyHeader.KeyAttr & CSSM_KEYATTR_PARTIAL) { - /* this will fail due to an unusable anchor */ - expErr = CSSMERR_TP_CERTIFICATE_CANT_OPERATE; - expResStr = "Root ONLY in anchors but has partial pub key"; - } - else { - expErr = CSSM_OK; - expResStr = "Good (root ONLY in anchors)"; - } - /* size = # certs in certGroupFrag, plus one anchor */ - expEvidenceSize = die + 2; - break; - - case ER_NoRoot: - /* no root, no anchor verify */ - /* break chain at random place other than end */ - /* die is the last cert in certGroupFrag */ - /* skip a cert, then anchors start at die + 2 */ - die = genRand(0, numCerts-2); - cgEnd = die; // certGroupFrag up to break point - anchorStart = die + 2; // anchors = n+1...numCerts-2 - // may be empty if n == numCerts-2 - anchorEnd = numCerts - 2; - if((die != 0) && // partial leaf not reported as partial! - (pubKeys[die].KeyHeader.KeyAttr & CSSM_KEYATTR_PARTIAL)) { - /* this will fail due to an unusable cert (this one) */ - expErr = CSSMERR_TP_CERTIFICATE_CANT_OPERATE; - expResStr = "Not Trusted (no root, no anchor verify), partial"; - } - else { - expErr = CSSMERR_TP_NOT_TRUSTED; - expResStr = "Not Trusted (no root, no anchor verify)"; - } - expEvidenceSize = die + 1; - break; - - case ER_IncompleteKey: - /* - * Anchor has incomplete pub key - * Root in certGroup, copy in AnchorCerts - * Avoid putting anchor in certGroupFrag because the TP will think - * it's NOT a root and it'll show up twice in the evidence - once - * from certGroupFrag (at which point the search for a root - * keeps going), and once from Anchors. - */ - cgEnd = numCerts - 2; // certGroupFrag = the whole pile less the anchor - anchorStart = 0; // anchors = the whole pile - anchorEnd = numCerts - 1; - expErr = CSSMERR_TP_CERTIFICATE_CANT_OPERATE; - expEvidenceSize = numCerts; - expResStr = "Partial public key in anchor"; - break; - } - - if(verbose) { - printf(" ...expectResult = %s\n", expResStr); - } - - /* cook up two cert groups */ - if(verbose) { - printf(" ...building certGroupFrag from certs[0..%d]\n", - cgEnd); - } - if(tpMakeRandCertGroup(clHand, - dbListPtr, - certs, // certGroupFrag always starts at 0 - cgEnd+1, // # of certs - &certGroupFrag, - CSSM_TRUE, // firstCertIsSubject - verbose, - CSSM_FALSE, // allInDbs - CSSM_FALSE)) { // skipFirstDb - printf("Error in tpMakeRandCertGroup\n"); - return 1; - } - - if(verbose) { - printf(" ...building anchorCerts from certs[%d..%d]\n", - anchorStart, anchorEnd); - } - if(anchorEnd > (numCerts - 1)) { - printf("anchorEnd overflow\n"); - exit(1); - } - if(anchorStart >= anchorEnd) { - /* legal in some corner cases, ==> empty enchors */ - numAnchors = 0; - } - else { - numAnchors = anchorEnd - anchorStart + 1; - } - /* anchors do not go in DB */ - if(tpMakeRandCertGroup(clHand, - NULL, - certs + anchorStart, - numAnchors, // # of certs - &anchorCerts, - CSSM_FALSE, // firstCertIsSubject - verbose, - CSSM_FALSE, // allInDbs - CSSM_FALSE)) { // skipFirstDb - printf("Error in tpMakeRandCertGroup\n"); - return 1; - } - - crtn = tpCertGroupVerify( - tpHand, - clHand, - cspHand, - dbListPtr, - &CSSMOID_APPLE_X509_BASIC, // policy - NULL, // fieldOpts - NULL, // actionData - NULL, // policyOpts - &certGroupFrag, - anchorCerts.GroupList.CertList, // passed as CSSM_DATA_PTR, not CERTGROUP.... - anchorCerts.NumCerts, - CSSM_TP_STOP_ON_POLICY, - NULL, // cssmTimeStr - &vfyResult); - - /* first verify format of result */ - if( (vfyResult.NumberOfEvidences != 3) || - (vfyResult.Evidence == NULL) || - (vfyResult.Evidence[0].EvidenceForm != CSSM_EVIDENCE_FORM_APPLE_HEADER) || - (vfyResult.Evidence[1].EvidenceForm != CSSM_EVIDENCE_FORM_APPLE_CERTGROUP) || - (vfyResult.Evidence[2].EvidenceForm != CSSM_EVIDENCE_FORM_APPLE_CERT_INFO) || - (vfyResult.Evidence[0].Evidence == NULL) || - (vfyResult.Evidence[1].Evidence == NULL) || - (vfyResult.Evidence[2].Evidence == NULL)) { - printf("***Malformed VerifyContextResult\n"); - rtn = testError(quiet); - if(rtn) { - return rtn; - } - } - if((vfyResult.Evidence != NULL) && (vfyResult.Evidence[1].Evidence != NULL)) { - outGrp = (CSSM_CERTGROUP_PTR)vfyResult.Evidence[1].Evidence; - evidenceSize = outGrp->NumCerts; - } - else { - /* in case no evidence returned */ - evidenceSize = 0; - } - - /* %%% since non-root anchors are permitted as of , - * the test assumptions have become invalid: these tests generate - * an anchors list which always includes the full chain, so by - * definition, the evidence chain will never be longer than 2, - * since the leaf's issuer is always an anchor. - * %%% need to revisit and rewrite these tests. -kcm - */ - if ((evidenceSize > 1) && (evidenceSize < expEvidenceSize) && - (crtn == CSSM_OK || crtn == CSSMERR_TP_CERTIFICATE_CANT_OPERATE)) { - /* ignore, for now */ - expErr = crtn; - expEvidenceSize = evidenceSize; - } - - if((crtn != expErr) || - (evidenceSize != expEvidenceSize)) { - printf("***Error on expectResult %s\n", expResStr); - printf(" err %s expErr %s\n", - cssmErrToStr(crtn), cssmErrToStr(expErr)); - printf(" evidenceSize %d expEvidenceSize %u\n", - evidenceSize, (unsigned)expEvidenceSize); - rtn = testError(quiet); - } - else { - rtn = 0; - } - - /* free resources */ - tpFreeCertGroup(&certGroupFrag, - CSSM_FALSE, // caller malloc'd the actual certs - CSSM_FALSE); // struct is on stack - tpFreeCertGroup(&anchorCerts, - CSSM_FALSE, // caller malloc'd the actual certs - CSSM_FALSE); // struct is on stack - freeVfyResult(&vfyResult); - if(useDb) { - clDeleteAllCerts(dlDb); - } - return rtn; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - CSSM_TP_HANDLE tpHand = 0; - CSSM_CL_HANDLE clHand = 0; - CSSM_CSP_HANDLE cspHand = 0; - CSSM_DL_DB_HANDLE dlDbHand = {0, 0}; - ExpectResult expectResult; - char *notAfterStr; - char *notBeforeStr; - unsigned i; - CSSM_DATA paramData; - CSSM_DATA_PTR paramDataP = NULL; - unsigned numTests = 4; - unsigned len; - - /* all three of these are arrays with numCert elements */ - CSSM_KEY_PTR pubKeys = NULL; - CSSM_KEY_PTR privKeys = NULL; - CSSM_DATA_PTR certs = NULL; - - /* Keys do NOT go in the cert DB */ - CSSM_DL_DB_HANDLE keyDb = {0, 0}; - CSSM_KEY savedRoot; // for ER_IncompleteKey - - /* - * User-spec'd params - */ - unsigned loops = LOOPS_DEF; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - unsigned numCerts = NUM_CERTS_DEF; - uint32 keyGenAlg = KEYGEN_ALG_DEF; - uint32 sigAlg = SIG_ALG_DEF; - #if CERT_IN_DB - CSSM_BOOL useDb = CSSM_TRUE; - #else - CSSM_BOOL useDb = CSSM_FALSE; - #endif - CSSM_BOOL doPause = CSSM_FALSE; - uint32 keySizeInBits = CSP_KEY_SIZE_DEFAULT; - CSSM_BOOL noPartialKeys = CSSM_FALSE; - char dbName[100]; /* DB_NAME_pid */ - - for(arg=1; args zTk_pg?`{jD)3y)IZjotNvX91rg6Ud!rw<8MY&0zm+Z zf94C;9Pq^S7GN1poM&qy&;B;DwUrC)*+Ur;(GZL}w`a`LX#xpu&h9 O?j%}%aai~eLZnw?l~APs diff --git a/SecurityTests/clxutils/cgVerifyParsed/Makefile b/SecurityTests/clxutils/cgVerifyParsed/Makefile deleted file mode 100644 index 2c01039e..00000000 --- a/SecurityTests/clxutils/cgVerifyParsed/Makefile +++ /dev/null @@ -1,54 +0,0 @@ -# name of executable to build -EXECUTABLE=cgVerifyParsed -# C++ source (with .cpp extension) -CPSOURCE= cgVerifyParsed.cpp tpVerifyParsed.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/clxutils/cgVerifyParsed/cgVerifyParsed.cpp b/SecurityTests/clxutils/cgVerifyParsed/cgVerifyParsed.cpp deleted file mode 100644 index 875390c7..00000000 --- a/SecurityTests/clxutils/cgVerifyParsed/cgVerifyParsed.cpp +++ /dev/null @@ -1,699 +0,0 @@ -/* - * cgVerifyParsed.cpp - basic test of TP's CertGroupVerify using parsed anchors - * - * ------- THIS TEST IS OBSOLETE; WE DON'T SUPPORT PARSED ANCHORS ---------- - * - * cook up array of n key pairs; - * cook up cert chain to go with them; - * main test loop { - * numCerts = total # of incoming certs; - * test one of four or five "expected result" cases { - * case root in certGroup but not found in AnchorCerts: - * certGroup = tpMakeRandCertGroup(certs[0..numCerts-1]; - * anchorCerts = tpMakeRandCertGroup[certs[0...numCerts-2]; - * expErr = CSSMERR_TP_INVALID_ANCHOR_CERT; - * expEvidenceSize = numCerts; - * case root in certGroup, found a copy in AnchorCerts: - * certGroup = tpMakeRandCertGroup(certs[0..numCerts-1]; - * anchorCerts = tpMakeRandCertGroup[certs[0...numCerts-1]; - * expErr = CSSM_OK; - * expEvidenceSize = numCerts; - * case verified by an AnchorCert: - * n = rand(1, numCerts-2); - * certGroup = tpMakeRandCertGroup(certs[0..n]); - * anchorCerts = tpMakeRandCertGroup[certs[0...numCerts-2]; - * expErr = CSSM_OK; - * expEvidenceSize = n+2; - * case no root found: - * n = rand(1, numCerts-3); - * certGroup = tpMakeRandCertGroup(certs[0..n]); - * anchorCerts = tpMakeRandCertGroup[certs[n+2...numCerts-2]; - * anchorCerts may be empty.... - * expErr = CSSMERR_TP_NOT_TRUSTED; - * expEvidenceSize = n+1; - * case incomplete public key (DSA only): - * root public keys is incomplete; - * certGroup = tpMakeRandCertGroup(certs[0..numCerts-1]; - * anchorCerts = tpMakeRandCertGroup[certs[0...numCerts-1]; - * expErr = CSSM_OK; - * expEvidenceSize = numCerts; - * } - * result = certGroupVerify(); - * verify expected result and getError(); - * delete certs from DB; - * } - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "tpVerifyParsed.h" - -#define NUM_CERTS_DEF 10 -#define KEYGEN_ALG_DEF CSSM_ALGID_RSA -#define SIG_ALG_DEF CSSM_ALGID_SHA1WithRSA -#define LOOPS_DEF 10 -#define SECONDS_TO_LIVE (60 * 60 * 24) /* certs are valid for this long */ -//#define SECONDS_TO_LIVE 5 - -#define CERT_IN_DB 1 -#define DB_NAME "cgVerify.db" -#define DSA_PARAM_FILE "dsaParam512.der" - -/* - * How we define the "expected result". - */ -typedef enum { - ER_InvalidAnchor, // root in certGroup, not found in AnchorCerts - ER_RootInCertGroup, // root in certGroup, copy in AnchorCerts - ER_AnchorVerify, // end of chain verified by an anchor - ER_NoRoot, // no root, no anchor verify - ER_IncompleteKey // un-completable public key (all keys are partial), DSA - // ONLY -} ExpectResult; - -static void usage(char **argv) -{ - printf("Usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" n=numCerts; default = %d\n", NUM_CERTS_DEF); - printf(" l=loops; default=%d; 0=forever\n", LOOPS_DEF); - printf(" a=alg (f=FEE/MD5, F=FEE/SHA1, e=FEE/ECDSA, s=RSA/SHA1, m=RSA/MD5,\n"); - printf(" d=DSA; 6=RSA/SHA256, 3=RSA/SHA384, 5=RSA/SHA512; default = RSA/SHA1\n"); - printf(" k=keySizeInBits\n"); - printf(" d(isable DB)\n"); - printf(" P(ause on each loop)\n"); - printf(" N (no partial pub keys)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -static int doTest( - CSSM_TP_HANDLE tpHand, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_HANDLE dlDb, - CSSM_DATA_PTR certs, - unsigned numCerts, - CSSM_KEY_PTR pubKeys, // for partial key detect - CSSM_BOOL useDb, - ExpectResult expectResult, - CSSM_BOOL verbose, - CSSM_BOOL quiet) -{ - unsigned cgEnd; // last cert in certGroupFrag - unsigned anchorStart; // first cert in anchorGroup - unsigned anchorEnd; // last cert in anchorGroup - CSSM_CERTGROUP certGroupFrag; // INPUT to CertGroupVerify - CSSM_CERTGROUP anchorCerts; // ditto - unsigned die; // random number - CSSM_DL_DB_LIST dbList; - CSSM_DL_DB_LIST_PTR dbListPtr; - CSSM_RETURN expErr; // expected rtn from GroupVfy() - int rtn = 0; - char *expResStr; - uint32 expEvidenceSize; // expected evidenceSize - unsigned evidenceSize; // actual evidence size - CSSM_TP_VERIFY_CONTEXT_RESULT vfyResult; - CSSM_CERTGROUP_PTR outGrp = NULL; - CSSM_RETURN crtn; - CSSM_DL_DB_HANDLE_PTR dlDbPtr; - unsigned numAnchors; - - memset(&vfyResult, 0, sizeof(CSSM_TP_VERIFY_CONTEXT_RESULT)); - - if(useDb) { - dlDbPtr = &dlDb; - dbList.NumHandles = 1; - dbList.DLDBHandle = &dlDb; - dbListPtr = &dbList; - } - else { - /* not yet */ - dlDbPtr = NULL; - dbListPtr = NULL; - } - - /* the four test cases */ - switch(expectResult) { - case ER_InvalidAnchor: - /* root in certGroup, not found in AnchorCerts */ - cgEnd = numCerts - 1; // certGroupFrag is the whole pile - anchorStart = 0; // anchors = all except root - anchorEnd = numCerts - 2; - expErr = CSSMERR_TP_INVALID_ANCHOR_CERT; - expEvidenceSize = numCerts; - expResStr = "InvalidAnchor (root in certGroup but not in anchors)"; - break; - - case ER_RootInCertGroup: - /* root in certGroup, copy in AnchorCerts */ - cgEnd = numCerts - 1; // certGroupFrag = the whole pile - anchorStart = 0; // anchors = the whole pile - anchorEnd = numCerts - 1; - expErr = CSSM_OK; - expEvidenceSize = numCerts; - expResStr = "Good (root in certGroup AND in anchors)"; - break; - - case ER_AnchorVerify: - /* non-root end of chain verified by an anchor */ - /* break chain at random place other than end */ - /* die is the last cert in certGroupFrag */ - die = genRand(0, numCerts-2); - cgEnd = die; // certGroupFrag up to break point - anchorStart = 0; // anchors = all - anchorEnd = numCerts - 1; - if(pubKeys[die+1].KeyHeader.KeyAttr & CSSM_KEYATTR_PARTIAL) { - /* this will fail due to an unusable anchor */ - expErr = CSSMERR_TP_CERTIFICATE_CANT_OPERATE; - expResStr = "Root ONLY in anchors but has partial pub key"; - } - else { - expErr = CSSM_OK; - expResStr = "Good (root ONLY in anchors)"; - } - /* size = # certs in certGroupFrag, plus one anchor */ - expEvidenceSize = die + 2; - break; - - case ER_NoRoot: - /* no root, no anchor verify */ - /* break chain at random place other than end */ - /* die is the last cert in certGroupFrag */ - /* skip a cert, then anchors start at die + 2 */ - die = genRand(0, numCerts-2); - cgEnd = die; // certGroupFrag up to break point - anchorStart = die + 2; // anchors = n+1...numCerts-2 - // may be empty if n == numCerts-2 - anchorEnd = numCerts - 2; - if((die != 0) && // partial leaf not reported as partial! - (pubKeys[die].KeyHeader.KeyAttr & CSSM_KEYATTR_PARTIAL)) { - /* this will fail due to an unusable cert (this one) */ - expErr = CSSMERR_TP_CERTIFICATE_CANT_OPERATE; - expResStr = "Not Trusted (no root, no anchor verify), partial"; - } - else { - expErr = CSSMERR_TP_NOT_TRUSTED; - expResStr = "Not Trusted (no root, no anchor verify)"; - } - expEvidenceSize = die + 1; - break; - - case ER_IncompleteKey: - /* - * Anchor has incomplete pub key - * Root in certGroup, copy in AnchorCerts - * Avoid putting anchor in certGroupFrag because the TP will think - * it's NOT a root and it'll show up twice in the evidence - once - * from certGroupFrag (at which point the search for a root - * keeps going), and once from Anchors. - */ - cgEnd = numCerts - 2; // certGroupFrag = the whole pile less the anchor - anchorStart = 0; // anchors = the whole pile - anchorEnd = numCerts - 1; - expErr = CSSMERR_TP_CERTIFICATE_CANT_OPERATE; - expEvidenceSize = numCerts; - expResStr = "Partial public key in anchor"; - break; - } - - if(verbose) { - printf(" ...expectResult = %s\n", expResStr); - } - - /* cook up two cert groups */ - if(verbose) { - printf(" ...building certGroupFrag from certs[0..%d]\n", - cgEnd); - } - if(tpMakeRandCertGroup(clHand, - dbListPtr, - certs, // certGroupFrag always starts at 0 - cgEnd+1, // # of certs - &certGroupFrag, - CSSM_TRUE, // firstCertIsSubject - verbose, - CSSM_FALSE, // allInDbs - CSSM_FALSE)) { // skipFirstDb - printf("Error in tpMakeRandCertGroup\n"); - return 1; - } - - if(verbose) { - printf(" ...building anchorCerts from certs[%d..%d]\n", - anchorStart, anchorEnd); - } - if(anchorEnd > (numCerts - 1)) { - printf("anchorEnd overflow\n"); - exit(1); - } - if(anchorStart >= anchorEnd) { - /* legal in some corner cases, ==> empty enchors */ - numAnchors = 0; - } - else { - numAnchors = anchorEnd - anchorStart + 1; - } - /* anchors do not go in DB */ - if(tpMakeRandCertGroup(clHand, - NULL, - certs + anchorStart, - numAnchors, // # of certs - &anchorCerts, - CSSM_FALSE, // firstCertIsSubject - verbose, - CSSM_FALSE, // allInDbs - CSSM_FALSE)) { // skipFirstDb - printf("Error in tpMakeRandCertGroup\n"); - return 1; - } - - crtn = tpCertGroupVerifyParsed( - tpHand, - clHand, - cspHand, - dbListPtr, - &CSSMOID_APPLE_X509_BASIC, // policy - NULL, // fieldOpts - NULL, // actionData - NULL, // policyOpts - &certGroupFrag, - anchorCerts.GroupList.CertList, // passed as CSSM_DATA_PTR, not CERTGROUP.... - anchorCerts.NumCerts, - CSSM_TP_STOP_ON_POLICY, - NULL, // cssmTimeStr - &vfyResult); - - /* first verify format of result */ - if( (vfyResult.NumberOfEvidences != 3) || - (vfyResult.Evidence == NULL) || - (vfyResult.Evidence[0].EvidenceForm != CSSM_EVIDENCE_FORM_APPLE_HEADER) || - (vfyResult.Evidence[1].EvidenceForm != CSSM_EVIDENCE_FORM_APPLE_CERTGROUP) || - (vfyResult.Evidence[2].EvidenceForm != CSSM_EVIDENCE_FORM_APPLE_CERT_INFO) || - (vfyResult.Evidence[0].Evidence == NULL) || - (vfyResult.Evidence[1].Evidence == NULL) || - (vfyResult.Evidence[2].Evidence == NULL)) { - printf("***Malformed VerifyContextResult\n"); - rtn = testError(quiet); - if(rtn) { - return rtn; - } - } - if((vfyResult.Evidence != NULL) && (vfyResult.Evidence[1].Evidence != NULL)) { - outGrp = (CSSM_CERTGROUP_PTR)vfyResult.Evidence[1].Evidence; - evidenceSize = outGrp->NumCerts; - } - else { - /* in case no evidence returned */ - evidenceSize = 0; - } - if((crtn != expErr) || - (evidenceSize != expEvidenceSize)) { - printf("***Error on expectResult %s\n", expResStr); - printf(" err %s expErr %s\n", - cssmErrToStr(crtn), cssmErrToStr(expErr)); - printf(" evidenceSize %d expEvidenceSize %lu\n", - evidenceSize, expEvidenceSize); - rtn = testError(quiet); - } - else { - rtn = 0; - } - - /* free resources */ - tpFreeCertGroup(&certGroupFrag, - CSSM_FALSE, // caller malloc'd the actual certs - CSSM_FALSE); // struct is on stack - tpFreeCertGroup(&anchorCerts, - CSSM_FALSE, // caller malloc'd the actual certs - CSSM_FALSE); // struct is on stack - freeVfyResult(&vfyResult); - if(useDb) { - clDeleteAllCerts(dlDb); - } - return rtn; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - CSSM_TP_HANDLE tpHand = 0; - CSSM_CL_HANDLE clHand = 0; - CSSM_CSP_HANDLE cspHand = 0; - CSSM_DL_DB_HANDLE dlDbHand = {0, 0}; - ExpectResult expectResult; - char *notAfterStr; - char *notBeforeStr; - unsigned i; - CSSM_DATA paramData; - CSSM_DATA_PTR paramDataP = NULL; - unsigned numTests = 4; - - /* all three of these are arrays with numCert elements */ - CSSM_KEY_PTR pubKeys = NULL; - CSSM_KEY_PTR privKeys = NULL; - CSSM_DATA_PTR certs = NULL; - - /* Keys do NOT go in the cert DB */ - CSSM_DL_DB_HANDLE keyDb = {0, 0}; - CSSM_KEY savedRoot; // for ER_IncompleteKey - - /* - * User-spec'd params - */ - unsigned loops = LOOPS_DEF; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - unsigned numCerts = NUM_CERTS_DEF; - uint32 keyGenAlg = KEYGEN_ALG_DEF; - uint32 sigAlg = SIG_ALG_DEF; - #if CERT_IN_DB - CSSM_BOOL useDb = CSSM_TRUE; - #else - CSSM_BOOL useDb = CSSM_FALSE; - #endif - CSSM_BOOL doPause = CSSM_FALSE; - uint32 keySizeInBits = CSP_KEY_SIZE_DEFAULT; - CSSM_BOOL noPartialKeys = CSSM_FALSE; - char dbName[100]; /* DB_NAME_pid */ - - for(arg=1; args zTk_pg?`{jD)3y)IZjotNvX91rg6Ud!rw<8MY&0zm+Z zf94C;9Pq^S7GN1poM&qy&;B;DwUrC)*+Ur;(GZL}w`a`LX#xpu&h9 O?j%}%aai~eLZnw?l~APs diff --git a/SecurityTests/clxutils/cgVerifyParsed/tpVerifyParsed.cpp b/SecurityTests/clxutils/cgVerifyParsed/tpVerifyParsed.cpp deleted file mode 100644 index 5eb22641..00000000 --- a/SecurityTests/clxutils/cgVerifyParsed/tpVerifyParsed.cpp +++ /dev/null @@ -1,178 +0,0 @@ - /* - * tpVerifyParsed.cpp - wrapper for CSSM_TP_CertGroupVerify using parsd anchors. - */ - -#include -#include "tpVerifyParsed.h" -#include -#include -#include -#include -#include -#include -#include - -/* - * The main task is converting a set of CSSM_DATA-style anchors into a - * SecParsedRootCertArrayRef. - */ - -/* raw cert --> SecParsedRootCert */ -static int parseRootCert( - CSSM_CL_HANDLE clHand, - const CSSM_DATA &certData, - SecParsedRootCert &parsedRoot) -{ - try { - CertParser cert(clHand, certData); - uint32 len = 0; - const void *p = cert.fieldForOid(CSSMOID_X509V1SubjectName, len); - appCopyData(p, len, &parsedRoot.subject); - - /* skip key and times, I think they are going away */ - appCopyCssmData(&certData, &parsedRoot.certData); - return 0; - } - catch(...) { - printf("CertParser threw!\n"); - return -1; - } -} - -static void freeParsedRoot( - SecParsedRootCert &parsedRoot) -{ - if(parsedRoot.subject.Data) { - CSSM_FREE(parsedRoot.subject.Data); - } - if(parsedRoot.certData.Data) { - CSSM_FREE(parsedRoot.certData.Data); - } -} - -static int createParsedCertArray( - CSSM_CL_HANDLE clHand, - unsigned numAnchorCerts, - CSSM_DATA_PTR anchorCerts, - SecParsedRootCertArrayRef *arrayRef) // RETURNED -{ - SecParsedRootCertArray *outArray = (SecParsedRootCertArray *)malloc(sizeof(*outArray)); - memset(outArray, 0, sizeof(*outArray)); - unsigned len = sizeof(SecParsedRootCert) * numAnchorCerts; - outArray->roots = (SecParsedRootCert *)malloc(len); - memset(outArray->roots, 0, len); - for(unsigned dex=0; dexroots[dex])) { - return -1; - } - } - outArray->numRoots = numAnchorCerts; - *arrayRef = outArray; - return 0; -} - -static void freeParsedCertArray( - SecParsedRootCertArrayRef arrayRef) -{ - for(unsigned dex=0; dexnumRoots; dex++) { - freeParsedRoot(arrayRef->roots[dex]); - } - free(arrayRef->roots); - free((void *)arrayRef); -} - -CSSM_RETURN tpCertGroupVerifyParsed( - CSSM_TP_HANDLE tpHand, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_LIST_PTR dbListPtr, - const CSSM_OID *policy, // optional - const CSSM_DATA *fieldOpts, // optional - const CSSM_DATA *actionData, // optional - void *policyOpts, - const CSSM_CERTGROUP *certGroup, - CSSM_DATA_PTR anchorCerts, - unsigned numAnchorCerts, - CSSM_TP_STOP_ON stopOn, // CSSM_TP_STOP_ON_POLICY, etc. - CSSM_TIMESTRING cssmTimeStr,// optional - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR result) // optional, RETURNED -{ - /* main job is building a CSSM_TP_VERIFY_CONTEXT and its components */ - CSSM_TP_VERIFY_CONTEXT vfyCtx; - CSSM_TP_CALLERAUTH_CONTEXT authCtx; - - memset(&vfyCtx, 0, sizeof(CSSM_TP_VERIFY_CONTEXT)); - vfyCtx.Action = CSSM_TP_ACTION_DEFAULT; - if(actionData) { - vfyCtx.ActionData = *actionData; - } - else { - vfyCtx.ActionData.Data = NULL; - vfyCtx.ActionData.Length = 0; - } - vfyCtx.Cred = &authCtx; - - /* CSSM_TP_CALLERAUTH_CONTEXT components */ - /* - typedef struct cssm_tp_callerauth_context { - CSSM_TP_POLICYINFO Policy; - CSSM_TIMESTRING VerifyTime; - CSSM_TP_STOP_ON VerificationAbortOn; - CSSM_TP_VERIFICATION_RESULTS_CALLBACK CallbackWithVerifiedCert; - uint32 NumberOfAnchorCerts; - CSSM_DATA_PTR AnchorCerts; - CSSM_DL_DB_LIST_PTR DBList; - CSSM_ACCESS_CREDENTIALS_PTR CallerCredentials; - } CSSM_TP_CALLERAUTH_CONTEXT, *CSSM_TP_CALLERAUTH_CONTEXT_PTR; - */ - /* zero or one policy here */ - CSSM_FIELD policyId; - if(policy != NULL) { - policyId.FieldOid = (CSSM_OID)*policy; - authCtx.Policy.NumberOfPolicyIds = 1; - authCtx.Policy.PolicyIds = &policyId; - if(fieldOpts != NULL) { - policyId.FieldValue = *fieldOpts; - } - else { - policyId.FieldValue.Data = NULL; - policyId.FieldValue.Length = 0; - } - } - else { - authCtx.Policy.NumberOfPolicyIds = 0; - authCtx.Policy.PolicyIds = NULL; - } - authCtx.Policy.PolicyControl = policyOpts; - authCtx.VerifyTime = cssmTimeStr; // may be NULL - authCtx.VerificationAbortOn = stopOn; - authCtx.CallbackWithVerifiedCert = NULL; - - /* here's the difference between this and tpCertGroupVerify */ - SecParsedRootCertArrayRef arrayRef = NULL; - if(numAnchorCerts) { - if(createParsedCertArray(clHand, numAnchorCerts, anchorCerts, &arrayRef)) { - return -1; - } - authCtx.NumberOfAnchorCerts = APPLE_TP_PARSED_ANCHOR_INDICATOR; - authCtx.AnchorCerts = (CSSM_DATA_PTR)arrayRef; - } - else { - authCtx.NumberOfAnchorCerts = 0; - authCtx.AnchorCerts = NULL; - } - authCtx.DBList = dbListPtr; - authCtx.CallerCredentials = NULL; - - CSSM_RETURN crtn = CSSM_TP_CertGroupVerify(tpHand, - clHand, - cspHand, - certGroup, - &vfyCtx, - result); - - if(arrayRef) { - freeParsedCertArray(arrayRef); - } - return crtn; -} diff --git a/SecurityTests/clxutils/cgVerifyParsed/tpVerifyParsed.h b/SecurityTests/clxutils/cgVerifyParsed/tpVerifyParsed.h deleted file mode 100644 index 85225802..00000000 --- a/SecurityTests/clxutils/cgVerifyParsed/tpVerifyParsed.h +++ /dev/null @@ -1,33 +0,0 @@ - /* - * tpVerifyParsed.h - wrapper for CSSM_TP_CertGroupVerify using parsd anchors. - */ - -#ifndef _TP_VERIFY_PARSED_H_ -#define _TP_VERIFY_PARSED_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -CSSM_RETURN tpCertGroupVerifyParsed( - CSSM_TP_HANDLE tpHand, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_LIST_PTR dbListPtr, - const CSSM_OID *policy, // optional - const CSSM_DATA *fieldOpts, // optional - const CSSM_DATA *actionData, // optional - void *policyOpts, - const CSSM_CERTGROUP *certGroup, - CSSM_DATA_PTR anchorCerts, - unsigned numAnchorCerts, - CSSM_TP_STOP_ON stopOn, // CSSM_TP_STOP_ON_POLICY, etc. - CSSM_TIMESTRING cssmTimeStr, // optional - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR result); // optional, RETURNED - -#ifdef __cplusplus -} -#endif - -#endif /* _TP_VERIFY_PARSED_H_ */ - diff --git a/SecurityTests/clxutils/clAppUtils/BlobList.cpp b/SecurityTests/clxutils/clAppUtils/BlobList.cpp deleted file mode 100644 index 53bd05b4..00000000 --- a/SecurityTests/clxutils/clAppUtils/BlobList.cpp +++ /dev/null @@ -1,92 +0,0 @@ -/*** BlobList class for managing groups of raw certs and CRLs ***/ - -#include "BlobList.h" -#include -#include -#include -#include -#include -#include - -BlobList::~BlobList() -{ - for(uint32 dex=0; dexLength = blob.Length; - dst->Data = (uint8 *)malloc(dst->Length); - memmove(dst->Data, blob.Data, dst->Length); - } - else { - *dst = blob; - } -} - - -int BlobList::addFile(const char *fileName, - const char *dirName /* = NULL */) -{ - CSSM_DATA blob; - int rtn; - char *fullName; - unsigned blobDataLen; - unsigned char *blobData; - - if(dirName) { - int len = strlen(dirName) + strlen(fileName) + 2; - fullName = (char *)malloc(len); - sprintf(fullName, "%s/%s", dirName, fileName); - } - else { - fullName = (char *)fileName; - } - rtn = cspReadFile(fullName, &blobData, &blobDataLen); - if(rtn) { - printf("***Error reading file %s\n", fullName); - if(dirName) { - free(fullName); - } - return rtn; - } - - /* convert from PEM to DER if appropriate */ - if(isPem(blobData, blobDataLen)) { - unsigned derDataLen; - unsigned char *derData; - - if(pemDecode(blobData, blobDataLen, &derData, &derDataLen)) { - printf("***Error PEM-decoding file %s; using as raw data\n", fileName); - blob.Data = blobData; - blob.Length = blobDataLen; - } - else { - blob.Data = derData; - blob.Length = derDataLen; - free(blobData); - } - } - else { - /* raw file data is the stuff we'll use */ - blob.Data = blobData; - blob.Length = blobDataLen; - } - addBlob(blob); - if(dirName) { - free(fullName); - } - return 0; -} - diff --git a/SecurityTests/clxutils/clAppUtils/BlobList.h b/SecurityTests/clxutils/clAppUtils/BlobList.h deleted file mode 100644 index e30770f9..00000000 --- a/SecurityTests/clxutils/clAppUtils/BlobList.h +++ /dev/null @@ -1,30 +0,0 @@ -#ifndef _BLOBLIST_H_ -#define _BLOBLIST_H_ - -#include - -#ifndef NULL -#define NULL (0) -#endif - -/*** BlobList class for managing groups of raw certs and CRLs ***/ - -class BlobList -{ -public: - BlobList() - : mNumBlobs(0), mBlobList(NULL) { } - ~BlobList(); - /* blob is mallocd & copied; its referent is only copied if copyBlob is - * true and is always freed in ~BlobList */ - void addBlob(const CSSM_DATA &blob, CSSM_BOOL copyBlob = CSSM_FALSE); - int addFile(const char *fileName, const char *dirName = NULL); - uint32 numBlobs() { return mNumBlobs; } - CSSM_DATA_PTR blobList() { return mBlobList; } - -private: - uint32 mNumBlobs; - CSSM_DATA_PTR mBlobList; -}; - -#endif /* _BLOBLIST_H_ */ diff --git a/SecurityTests/clxutils/clAppUtils/CertBuilderApp.cpp b/SecurityTests/clxutils/clAppUtils/CertBuilderApp.cpp deleted file mode 100644 index c3d33060..00000000 --- a/SecurityTests/clxutils/clAppUtils/CertBuilderApp.cpp +++ /dev/null @@ -1,376 +0,0 @@ -/* - * CertBuilderApp.cpp - support for constructing certs, CDSA version - */ - -#include "clutils.h" -#include -#include "CertBuilderApp.h" -#include "timeStr.h" -#include -#include -#include -#include -#include -#include -#include -/* private header */ -#include - -/* - * Build up a CSSM_X509_NAME from an arbitrary list of name/OID pairs. - * We do one a/v pair per RDN. - */ -CSSM_X509_NAME *CB_BuildX509Name( - const CB_NameOid *nameArray, - unsigned numNames) -{ - CSSM_X509_NAME *top = (CSSM_X509_NAME *)appMalloc(sizeof(CSSM_X509_NAME), 0); - if(top == NULL) { - return NULL; - } - top->numberOfRDNs = numNames; - top->RelativeDistinguishedName = - (CSSM_X509_RDN_PTR)appMalloc(sizeof(CSSM_X509_RDN) * numNames, 0); - if(top->RelativeDistinguishedName == NULL) { - return NULL; - } - CSSM_X509_RDN_PTR rdn; - const CB_NameOid *nameOid; - unsigned nameDex; - for(nameDex=0; nameDexRelativeDistinguishedName[nameDex]; - nameOid = &nameArray[nameDex]; - rdn->numberOfPairs = 1; - rdn->AttributeTypeAndValue = (CSSM_X509_TYPE_VALUE_PAIR_PTR) - appMalloc(sizeof(CSSM_X509_TYPE_VALUE_PAIR), 0); - CSSM_X509_TYPE_VALUE_PAIR_PTR atvp = rdn->AttributeTypeAndValue; - if(atvp == NULL) { - return NULL; - } - appCopyCssmData(nameOid->oid, &atvp->type); - atvp->valueType = BER_TAG_PRINTABLE_STRING; - atvp->value.Length = strlen(nameOid->string); - atvp->value.Data = (uint8 *)CSSM_MALLOC(atvp->value.Length); - memmove(atvp->value.Data, nameOid->string, atvp->value.Length); - } - return top; -} - -/* free the CSSM_X509_NAME obtained from CB_BuildX509Name */ -void CB_FreeX509Name( - CSSM_X509_NAME *top) -{ - if(top == NULL) { - return; - } - unsigned nameDex; - CSSM_X509_RDN_PTR rdn; - for(nameDex=0; nameDexnumberOfRDNs; nameDex++) { - rdn = &top->RelativeDistinguishedName[nameDex]; - if(rdn->AttributeTypeAndValue) { - for(unsigned aDex=0; aDexnumberOfPairs; aDex++) { - CSSM_X509_TYPE_VALUE_PAIR_PTR atvp = - &rdn->AttributeTypeAndValue[aDex]; - CSSM_FREE(atvp->type.Data); - CSSM_FREE(atvp->value.Data); - } - CSSM_FREE(rdn->AttributeTypeAndValue); - } - } - CSSM_FREE(top->RelativeDistinguishedName); - CSSM_FREE(top); -} - -/* Obtain a CSSM_X509_TIME representing "now" plus specified seconds, or - * from a preformatted gen time string */ -CSSM_X509_TIME *CB_BuildX509Time( - unsigned secondsFromNow, /* ignored if timeStr non-NULL */ - const char *timeStr) /* optional, from genTimeAtNowPlus */ -{ - CSSM_X509_TIME *xtime = (CSSM_X509_TIME *)appMalloc(sizeof(CSSM_X509_TIME), 0); - if(xtime == NULL) { - return NULL; - } - xtime->timeType = BER_TAG_GENERALIZED_TIME; - char *ts; - if(timeStr == NULL) { - ts = genTimeAtNowPlus(secondsFromNow); - } - else { - ts = (char *)appMalloc(strlen(timeStr) + 1, 0); - strcpy(ts, timeStr); - } - xtime->time.Data = (uint8 *)ts; - xtime->time.Length = strlen(ts); - return xtime; -} - -/* Free CSSM_X509_TIME obtained in CB_BuildX509Time */ -void CB_FreeX509Time( - CSSM_X509_TIME *xtime) -{ - if(xtime == NULL) { - return; - } - freeTimeString((char *)xtime->time.Data); - appFree(xtime, 0); -} - -/* - * Encode an OID as a CSSM_X509_ALGORITHM_IDENTIFIER. - * Returns nonzero on error. - * Returned data is appMallocd's caller must appFree. - */ -int encodeParamOid( - const CSSM_OID *paramOid, - CSSM_DATA *params) -{ - SecAsn1CoderRef coder = NULL; - if(SecAsn1CoderCreate(&coder)) { - printf("***Error in SecAsn1CoderCreate()\n"); - return -1; - } - - CSSM_X509_ALGORITHM_IDENTIFIER algParams; - memset(&algParams, 0, sizeof(algParams)); - algParams.algorithm = *paramOid; - CSSM_DATA encoded = {0, NULL}; - int ourRtn = 0; - if(SecAsn1EncodeItem(coder, &algParams, kSecAsn1AlgorithmIDTemplate, - &encoded)) { - printf("***Error encoding CSSM_X509_ALGORITHM_IDENTIFIER\n"); - ourRtn = -1; - goto errOut; - } - - /* That data is in the coder's memory space: copy ou9t to caller */ - if(appCopyCssmData(&encoded, params)) { - printf("***encodeParamOid malloc failure\n"); - ourRtn = -1; - } -errOut: - SecAsn1CoderRelease(coder); - return ourRtn; -} - -/* - * Cook up an unsigned cert. - * This is just a wrapper for CSSM_CL_CertCreateTemplate(). - */ - -#define ALWAYS_SET_VERSION 0 - -CSSM_DATA_PTR CB_MakeCertTemplate( - /* required */ - CSSM_CL_HANDLE clHand, - uint32 serialNumber, - const CSSM_X509_NAME *issuerName, - const CSSM_X509_NAME *subjectName, - const CSSM_X509_TIME *notBefore, - const CSSM_X509_TIME *notAfter, - const CSSM_KEY_PTR subjectPubKey, - CSSM_ALGORITHMS sigAlg, // e.g., CSSM_ALGID_SHA1WithRSA - /* optional */ - const CSSM_DATA *subjectUniqueId, - const CSSM_DATA *issuerUniqueId, - CSSM_X509_EXTENSION *extensions, - unsigned numExtensions) -{ - CSSM_FIELD *certTemp; - unsigned fieldDex = 0; // index into certTemp - CSSM_DATA_PTR serialDER = NULL; // serial number, DER format - CSSM_DATA_PTR rawCert; // from CSSM_CL_CertCreateTemplate - unsigned version = 0; - CSSM_DATA_PTR versionDER = NULL; - unsigned extNum; - int setVersion = ALWAYS_SET_VERSION; - const CSSM_OID *paramOid = NULL; - - /* convert uint32-style algorithm to the associated struct */ - CSSM_X509_ALGORITHM_IDENTIFIER algId; - switch(sigAlg) { - case CSSM_ALGID_SHA1WithRSA: - algId.algorithm = CSSMOID_SHA1WithRSA; - break; - case CSSM_ALGID_MD5WithRSA: - algId.algorithm = CSSMOID_MD5WithRSA; - break; - case CSSM_ALGID_MD2WithRSA: - algId.algorithm = CSSMOID_MD2WithRSA; - break; - case CSSM_ALGID_FEE_MD5: - algId.algorithm = CSSMOID_APPLE_FEE_MD5; - break; - case CSSM_ALGID_FEE_SHA1: - algId.algorithm = CSSMOID_APPLE_FEE_SHA1; - break; - case CSSM_ALGID_SHA1WithECDSA: - algId.algorithm = CSSMOID_ECDSA_WithSHA1; - break; - case CSSM_ALGID_SHA1WithDSA: - algId.algorithm = CSSMOID_SHA1WithDSA_CMS; - break; - case CSSM_ALGID_SHA224WithRSA: - algId.algorithm = CSSMOID_SHA224WithRSA; - break; - case CSSM_ALGID_SHA256WithRSA: - algId.algorithm = CSSMOID_SHA256WithRSA; - break; - case CSSM_ALGID_SHA384WithRSA: - algId.algorithm = CSSMOID_SHA384WithRSA; - break; - case CSSM_ALGID_SHA512WithRSA: - algId.algorithm = CSSMOID_SHA512WithRSA; - break; - /* These specify the digest algorithm via an additional parameter OID */ - case CSSM_ALGID_SHA224WithECDSA: - algId.algorithm = CSSMOID_ECDSA_WithSpecified; - paramOid = &CSSMOID_SHA224; - break; - case CSSM_ALGID_SHA256WithECDSA: - algId.algorithm = CSSMOID_ECDSA_WithSpecified; - paramOid = &CSSMOID_SHA256; - break; - case CSSM_ALGID_SHA384WithECDSA: - algId.algorithm = CSSMOID_ECDSA_WithSpecified; - paramOid = &CSSMOID_SHA384; - break; - case CSSM_ALGID_SHA512WithECDSA: - algId.algorithm = CSSMOID_ECDSA_WithSpecified; - paramOid = &CSSMOID_SHA512; - break; - default: - printf("CB_MakeCertTemplate: unknown sig alg (%u)\n", (unsigned)sigAlg); - return NULL; - } - if(paramOid != NULL) { - /* not-quite-trivial encoding of digest algorithm */ - if(encodeParamOid(paramOid, &algId.parameters)) { - return NULL; - } - } - else { - algId.parameters.Data = NULL; - algId.parameters.Length = 0; - } - - /* - * version, we infer - * serialNumber thru subjectPubKey - */ - unsigned numFields = 7 + numExtensions; - if(numExtensions) { - version = 2; - } - if(subjectUniqueId) { - numFields++; - if(version == 0) { - version = 1; - } - } - if(issuerUniqueId) { - numFields++; - if(version == 0) { - version = 1; - } - } - if(version > 0) { - setVersion = 1; - } - if(setVersion) { - numFields++; - } - - certTemp = (CSSM_FIELD *)CSSM_MALLOC(sizeof(CSSM_FIELD) * numFields); - - /* version */ - if(setVersion) { - versionDER = intToDER(version); - certTemp[fieldDex].FieldOid = CSSMOID_X509V1Version; - certTemp[fieldDex++].FieldValue = *versionDER; - } - - /* serial number */ - serialDER = intToDER(serialNumber); - certTemp[fieldDex].FieldOid = CSSMOID_X509V1SerialNumber; - certTemp[fieldDex++].FieldValue = *serialDER; - - /* subject and issuer name */ - certTemp[fieldDex].FieldOid = CSSMOID_X509V1IssuerNameCStruct; - certTemp[fieldDex].FieldValue.Data = (uint8 *)issuerName; - certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_NAME); - - certTemp[fieldDex].FieldOid = CSSMOID_X509V1SubjectNameCStruct; - certTemp[fieldDex].FieldValue.Data = (uint8 *)subjectName; - certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_NAME); - - /* not before/after */ - certTemp[fieldDex].FieldOid = CSSMOID_X509V1ValidityNotBefore; - certTemp[fieldDex].FieldValue.Data = (uint8 *)notBefore; - certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_TIME); - - certTemp[fieldDex].FieldOid = CSSMOID_X509V1ValidityNotAfter; - certTemp[fieldDex].FieldValue.Data = (uint8 *)notAfter; - certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_TIME); - - /* the subject key */ - certTemp[fieldDex].FieldOid = CSSMOID_CSSMKeyStruct; - certTemp[fieldDex].FieldValue.Data = (uint8 *)subjectPubKey; - certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_KEY); - - /* signature algorithm */ - certTemp[fieldDex].FieldOid = CSSMOID_X509V1SignatureAlgorithmTBS; - certTemp[fieldDex].FieldValue.Data = (uint8 *)&algId; - certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_ALGORITHM_IDENTIFIER); - - /* subject/issuer unique IDs */ - if(subjectUniqueId != 0) { - certTemp[fieldDex].FieldOid = CSSMOID_X509V1CertificateSubjectUniqueId; - certTemp[fieldDex++].FieldValue = *subjectUniqueId; - } - if(issuerUniqueId != 0) { - certTemp[fieldDex].FieldOid = CSSMOID_X509V1CertificateIssuerUniqueId; - certTemp[fieldDex++].FieldValue = *issuerUniqueId; - } - - for(extNum=0; extNumformat == CSSM_X509_DATAFORMAT_PARSED) { - certTemp[fieldDex].FieldOid = ext->extnId; - } - else { - certTemp[fieldDex].FieldOid = CSSMOID_X509V3CertificateExtensionCStruct; - } - certTemp[fieldDex].FieldValue.Data = (uint8 *)ext; - certTemp[fieldDex++].FieldValue.Length = sizeof(CSSM_X509_EXTENSION); - } - if(fieldDex != numFields) { - printf("CB_MakeCertTemplate numFields screwup\n"); - return NULL; - } - - /* - * OK, here we go - */ - rawCert = (CSSM_DATA_PTR)CSSM_MALLOC(sizeof(CSSM_DATA)); - rawCert->Data = NULL; - rawCert->Length = 0; - CSSM_RETURN crtn = CSSM_CL_CertCreateTemplate(clHand, - fieldDex, - certTemp, - rawCert); - if(crtn) { - printError("CSSM_CL_CertCreateTemplate", crtn); - appFreeCssmData(rawCert, CSSM_TRUE); - rawCert = NULL; - } - - /* free the stuff we mallocd to get here */ - appFreeCssmData(serialDER, CSSM_TRUE); - appFreeCssmData(versionDER, CSSM_TRUE); - CSSM_FREE(certTemp); - if((paramOid != NULL) && (algId.parameters.Data != NULL)) { - CSSM_FREE(algId.parameters.Data); - } - return rawCert; -} diff --git a/SecurityTests/clxutils/clAppUtils/CertBuilderApp.h b/SecurityTests/clxutils/clAppUtils/CertBuilderApp.h deleted file mode 100644 index f02fd109..00000000 --- a/SecurityTests/clxutils/clAppUtils/CertBuilderApp.h +++ /dev/null @@ -1,65 +0,0 @@ -/* - * CertBuilderApp.cpp - support for constructing certs, CDSA version - */ - -#ifndef _CERT_BUILDER_APP_H_ -#define _CERT_BUILDER_APP_H_ - -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Name/OID pair used in CB_BuildX509Name - */ -typedef struct { - const char *string; - const CSSM_OID *oid; -} CB_NameOid; - -/* - * Build up a CSSM_X509_NAME from an arbitrary list of name/OID pairs. - * We do one a/v pair per RDN. - */ -CSSM_X509_NAME *CB_BuildX509Name( - const CB_NameOid *nameArray, - unsigned numNames); - -/* free the CSSM_X509_NAME obtained from CB_BuildX509Name */ -void CB_FreeX509Name( - CSSM_X509_NAME *top); - -/* Obtain a CSSM_X509_TIME representing "now" plus specified seconds, or -* from a preformatted gen time string */ -CSSM_X509_TIME *CB_BuildX509Time( - unsigned secondsFromNow, /* ignored if timeStr non-NULL */ - const char *timeStr=NULL); /* optional, from genTimeAtNowPlus */ - -/* Free CSSM_X509_TIME obtained in CB_BuildX509Time */ -void CB_FreeX509Time( - CSSM_X509_TIME *xtime); - -CSSM_DATA_PTR CB_MakeCertTemplate( - /* required */ - CSSM_CL_HANDLE clHand, - uint32 serialNumber, - const CSSM_X509_NAME *issuerName, - const CSSM_X509_NAME *subjectName, - const CSSM_X509_TIME *notBefore, - const CSSM_X509_TIME *notAfter, - const CSSM_KEY_PTR subjectPubKey, - CSSM_ALGORITHMS sigAlg, // e.g., CSSM_ALGID_SHA1WithRSA - /* optional */ - const CSSM_DATA *subjectUniqueId, - const CSSM_DATA *issuerUniqueId, - CSSM_X509_EXTENSION *extensions, - unsigned numExtensions); - -#ifdef __cplusplus -} -#endif -#endif /* _CERT_BUILDER_APP_H_ */ diff --git a/SecurityTests/clxutils/clAppUtils/CertParser.cpp b/SecurityTests/clxutils/clAppUtils/CertParser.cpp deleted file mode 100644 index ca46f8aa..00000000 --- a/SecurityTests/clxutils/clAppUtils/CertParser.cpp +++ /dev/null @@ -1,248 +0,0 @@ -/* - * Copyright (c) 2003-2005 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - * CertParser.h - cert parser with autorelease of fetched fields - * - * Created 24 October 2003 by Doug Mitchell - */ - -#include "CertParser.h" -#import - -#define CP_DEBUG 1 -#if CP_DEBUG -#define dprintf(args...) printf(args) -#else -#define dprintf(args...) -#endif - -#pragma mark --- CP_FetchedField --- - -class CP_FetchedField -{ -public: - /* construct one fetched field (which will be stored in CertParser's - * mFetchedFields) */ - CP_FetchedField( - const CSSM_OID &fieldOid, - CSSM_DATA_PTR fieldData, - CSSM_CL_HANDLE clHand); - - /* Free the field via CL */ - ~CP_FetchedField(); -private: - CSSM_OID mFieldOid; - CSSM_DATA_PTR mFieldData; - CSSM_CL_HANDLE mClHand; -}; - -CP_FetchedField::CP_FetchedField( - const CSSM_OID &fieldOid, - CSSM_DATA_PTR fieldData, - CSSM_CL_HANDLE clHand) - : mFieldOid(fieldOid), mFieldData(fieldData), mClHand(clHand) -{ -} - -/* Free the field via CL */ -CP_FetchedField::~CP_FetchedField() -{ - CSSM_CL_FreeFieldValue(mClHand, &mFieldOid, mFieldData); -} - -#pragma mark --- CertParser implementation --- - -/* Construct with or without data - you can add the data later with - * initWithData() to parse without exceptions */ -CertParser::CertParser() -{ - initFields(); -} - -CertParser::CertParser( - CSSM_CL_HANDLE clHand) -{ - initFields(); - mClHand = clHand; -} - -CertParser::CertParser( - CSSM_CL_HANDLE clHand, - const CSSM_DATA &certData) -{ - initFields(); - mClHand = clHand; - CSSM_RETURN crtn = initWithData(certData); - if(crtn) { - throw ((int)crtn); - } -} - -CertParser::CertParser( - SecCertificateRef secCert) -{ - initFields(); - OSStatus ortn = initWithSecCert(secCert); - if(ortn) { - throw ((int)ortn); - } -} - -/* frees all the fields we fetched */ -CertParser::~CertParser() -{ - if(mClHand && mCacheHand) { - CSSM_RETURN crtn = CSSM_CL_CertAbortCache(mClHand, mCacheHand); - if(crtn) { - /* almost certainly a bug */ - printf("Internal Error: CertParser error on free."); - cssmPerror("CSSM_CL_CertAbortCache", crtn); - } - } - vector::iterator iter; - for(iter=mFetchedFields.begin(); iter!=mFetchedFields.end(); iter++) { - delete *iter; - } -} - -/* common init for all constructors */ -void CertParser::initFields() -{ - mClHand = 0; - mCacheHand = 0; -} - -/*** NO MORE EXCEPTIONS ***/ - -/* - * No cert- or CDSA-related exceptions thrown by remainder. - * This is the core initializer: have the CL parse and cache the cert. - */ -CSSM_RETURN CertParser::initWithData( - const CSSM_DATA &certData) -{ - assert(mClHand != 0); - CSSM_RETURN crtn = CSSM_CL_CertCache(mClHand, &certData, &mCacheHand); - #if CP_DEBUG - if(crtn) { - cssmPerror("CSSM_CL_CertCache", crtn); - } - #endif - return crtn; -} - -OSStatus CertParser::initWithSecCert( - SecCertificateRef secCert) -{ - OSStatus ortn; - CSSM_DATA certData; - - assert(mClHand == 0); - ortn = SecCertificateGetCLHandle(secCert, &mClHand); - if(ortn) { - return ortn; - } - ortn = SecCertificateGetData(secCert, &certData); - if(ortn) { - return ortn; - } - return (OSStatus)initWithData(certData); -} - -CSSM_RETURN CertParser::initWithCFData( - CFDataRef cfData) -{ - CSSM_DATA cdata; - - cdata.Data = (uint8 *)CFDataGetBytePtr(cfData); - cdata.Length = CFDataGetLength(cfData); - return initWithData(cdata); -} - -/* - * Obtain atrbitrary field from cached cert. This class takes care of freeing - * the field in its destructor. - * - * Returns NULL if field not found (not exception). - * - * Caller optionally specifies field length to check - specifying zero means - * "don't care, don't check". Actual field length always returned in fieldLength. - */ -const void *CertParser::fieldForOid( - const CSSM_OID &oid, - CSSM_SIZE &fieldLength) // IN/OUT -{ - CSSM_RETURN crtn; - - uint32 NumberOfFields = 0; - CSSM_HANDLE resultHand = 0; - CSSM_DATA_PTR fieldData = NULL; - - assert(mClHand != 0); - assert(mCacheHand != 0); - crtn = CSSM_CL_CertGetFirstCachedFieldValue( - mClHand, - mCacheHand, - &oid, - &resultHand, - &NumberOfFields, - &fieldData); - if(crtn) { - /* not an error; just means that the cert doesn't have this field */ - return NULL; - } - assert(NumberOfFields == 1); - CSSM_CL_CertAbortQuery(mClHand, resultHand); - - if(fieldLength) { - if(fieldLength != fieldData->Length) { - /* FIXME what's a good way to log in this situation? */ - printf("***CertParser::fieldForOid: field length mismatch\n"); - return NULL; - } - } - /* Store the OID and the field for autorelease */ - CP_FetchedField *cpField = new CP_FetchedField(oid, fieldData, mClHand); - mFetchedFields.push_back(cpField); - fieldLength = fieldData->Length; - return fieldData->Data; -} - -/* - * Conveneince routine to fetch an extension we "know" the CL can parse. - * The return value gets cast to one of the CE_Data types. - */ -const void *CertParser::extensionForOid( - const CSSM_OID &oid) -{ - CSSM_SIZE len = sizeof(CSSM_X509_EXTENSION); - CSSM_X509_EXTENSION *cssmExt = - (CSSM_X509_EXTENSION *)fieldForOid(oid, len); - if(cssmExt) { - if(cssmExt->format != CSSM_X509_DATAFORMAT_PARSED) { - printf("***Badly formatted extension"); - return NULL; - } - return cssmExt->value.parsedValue; - } - else { - return NULL; - } -} - diff --git a/SecurityTests/clxutils/clAppUtils/CertParser.h b/SecurityTests/clxutils/clAppUtils/CertParser.h deleted file mode 100644 index 0bc6fef2..00000000 --- a/SecurityTests/clxutils/clAppUtils/CertParser.h +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright (c) 2003-2005 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - * CertParser.h - cert parser with autorelease of fetched fields - * - * Created 24 October 2003 by Doug Mitchell - */ - -#ifndef _CERT_PARSER_H_ -#define _CERT_PARSER_H_ - -#include -#include - -using std::vector; - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * We store an vector<> of these as an "autorelease" pool of fetched fields. - */ -class CP_FetchedField; - -class CertParser -{ -public: - /* - * Construct with or without data - you can add the data later with - * initWithData() to parse without exceptions - */ - - CertParser(); // must be used with initWithSecCert to get clHand - CertParser( // use with initWithData - CSSM_CL_HANDLE clHand); - CertParser( - CSSM_CL_HANDLE clHand, - const CSSM_DATA &certData); - CertParser( - SecCertificateRef secCert); - - /* frees all the fields we fetched */ - ~CertParser(); - - /* - * No cert- or CDSA-related exceptions thrown by remainder - */ - CSSM_RETURN initWithData( - const CSSM_DATA &certData); - OSStatus initWithSecCert( - SecCertificateRef secCert); - CSSM_RETURN initWithCFData( - CFDataRef cfData); - - /* - * Obtain atrbitrary field from cached cert. This class takes care of freeing - * the field in its destructor. - * - * Returns NULL if field not found (not exception). - * - * Caller optionally specifies field length to check - specifying zero means - * "don't care, don't check". Actual field length always returned in fieldLength. - */ - const void *fieldForOid( - const CSSM_OID &oid, - CSSM_SIZE &fieldLength); // IN/OUT - - /* - * Conveneince routine to fetch an extension we "know" the CL can parse. - * The return value gets cast to one of the CE_Data types. - */ - const void *extensionForOid( - const CSSM_OID &oid); - -private: - void initFields(); - - CSSM_CL_HANDLE mClHand; - CSSM_HANDLE mCacheHand; // the parsed & cached cert - vector mFetchedFields; -}; - -#ifdef __cplusplus -} -#endif - -#endif /* _CERT_PARSER_H_ */ - diff --git a/SecurityTests/clxutils/clAppUtils/Makefile b/SecurityTests/clxutils/clAppUtils/Makefile deleted file mode 100644 index 84d858d6..00000000 --- a/SecurityTests/clxutils/clAppUtils/Makefile +++ /dev/null @@ -1,62 +0,0 @@ -# name of executable to build -EXECUTABLE=libclutils.a -# C++ source (with .cpp extension) -CPSOURCE= BlobList.cpp CertBuilderApp.cpp CertParser.cpp \ - certVerify.cpp identPicker.cpp keyPicker.cpp printCertName.cpp \ - ringBufferIo.cpp sslRingBufferThreads.cpp sslServe.cpp sslClient.cpp \ - sslAppUtils.cpp timeStr.cpp tpUtils.cpp - - -# C source (.c extension) -CSOURCE= clutils.c ioSock.c - -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= -fvisibility=hidden - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.lib - -# some crucial dependencies that must cause recompilation -THREAD_OBJS= $(OBJROOT)/sslAppUtils.o $(OBJROOT)/sslClient.o $(OBJROOT)/sslServe.o - -$(THREAD_OBJS): sslThreading.h - -$(OBJROOT)/certVerify.o: certVerify.h - diff --git a/SecurityTests/clxutils/clAppUtils/certVerify.cpp b/SecurityTests/clxutils/clAppUtils/certVerify.cpp deleted file mode 100644 index 40954256..00000000 --- a/SecurityTests/clxutils/clAppUtils/certVerify.cpp +++ /dev/null @@ -1,692 +0,0 @@ -/* - * certVerify.cpp - execute cert/CRL verify; display results - */ - -#include "certVerify.h" -#include "tpUtils.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static int vfyCertErrors( - const CSSM_TP_VERIFY_CONTEXT_RESULT *vfyResult, - unsigned numCertErrors, - const char **certErrors, // e.g., "2:CSSMERR_TP_CERT_EXPIRED" - CSSM_BOOL quiet) -{ - if(numCertErrors == 0) { - return 0; - } - if(vfyResult->NumberOfEvidences != 3) { - printf("***vfyCertErrors: NumberOfEvidences is %u, expect 3\n", - (unsigned)vfyResult->NumberOfEvidences); - return 1; - } - - /* numCerts from evidence[1] */ - const CSSM_EVIDENCE *ev = &vfyResult->Evidence[1]; - const CSSM_CERTGROUP *grp = (const CSSM_CERTGROUP *)ev->Evidence; - unsigned numCerts = grp->NumCerts; - /* array of Apple-specific info from evidence[2] */ - ev = &vfyResult->Evidence[2]; - const CSSM_TP_APPLE_EVIDENCE_INFO *info = - (const CSSM_TP_APPLE_EVIDENCE_INFO *)ev->Evidence; - int ourRtn = 0; - - for(unsigned dex=0; dex (numCerts-1)) { - printf("***certerror specified for cert %u, but only %u certs" - " available\n", certNum, numCerts); - return 1; - } - str++; // pts to actual desired error string now - - /* - * There may be multiple per-cert statuses in the evidence; search all - * looking for a match - */ - const CSSM_TP_APPLE_EVIDENCE_INFO *thisInfo = &info[certNum]; - char *found = NULL; - for(unsigned i=0; iNumStatusCodes; i++) { - CSSM_RETURN actRtn = thisInfo->StatusCodes[i]; - const char *actRtnStr = cssmErrToStr(actRtn); - found = strstr(actRtnStr, str); - if(found) { - break; - } - } - if(found) { - if(!quiet) { - printf("...%s per-cert status received as expected\n", str); - } - } - else { - printf("***Per cert status %s not found\n", str); - ourRtn = 1; - /* might as well keep going */ - } - } - return ourRtn; -} - -static int vfyCertStatus( - const CSSM_TP_VERIFY_CONTEXT_RESULT *vfyResult, - unsigned numCertStatus, - const char **certStatus, // e.g., "1:0x18", leading 0x optional - CSSM_BOOL quiet) -{ - if(numCertStatus == 0) { - return 0; - } - if(vfyResult->NumberOfEvidences != 3) { - printf("***vfyCertStatus: NumberOfEvidences is %u, expect 3\n", - (unsigned)vfyResult->NumberOfEvidences); - return 1; - } - - /* numCerts from evidence[1] */ - const CSSM_EVIDENCE *ev = &vfyResult->Evidence[1]; - const CSSM_CERTGROUP *grp = (const CSSM_CERTGROUP *)ev->Evidence; - unsigned numCerts = grp->NumCerts; - /* array of Apple-specific info from evidence[2] */ - ev = &vfyResult->Evidence[2]; - const CSSM_TP_APPLE_EVIDENCE_INFO *info = - (const CSSM_TP_APPLE_EVIDENCE_INFO *)ev->Evidence; - int ourRtn = 0; - - for(unsigned dex=0; dex (numCerts-1)) { - printf("***certerror specified for cert %u, but only %u certs" - " available\n", certNum, numCerts); - return 1; - } - str++; // pts to actual desired status string now - unsigned certStat = hexToBin(str); - const CSSM_TP_APPLE_EVIDENCE_INFO *thisInfo = &info[certNum]; - if(certStat == thisInfo->StatusBits) { - if(!quiet) { - printf("...0x%x per-cert status received as expected\n", certStat); - } - } - else { - printf("***Expected per cert status 0x%x, got 0x%x\n", - (unsigned)certStat, (unsigned)thisInfo->StatusBits); - ourRtn = 1; - } - } - return ourRtn; -} - -/* - * Ensure that the policy being evaluated is accessible via - * SecPolicySearch*(). Not really part of the test, but a handy place - * to catch this common error before checking in TP changes. - */ -static int verifySecPolicy( - const CSSM_OID *oid) -{ - SecPolicySearchRef srchRef = NULL; - OSStatus ortn; - - ortn = SecPolicySearchCreate(CSSM_CERT_X_509v3, oid, NULL, &srchRef); - if(ortn) { - cssmPerror("SecPolicySearchCreate", ortn); - return -1; - } - SecPolicyRef policyRef = NULL; - ortn = SecPolicySearchCopyNext(srchRef, &policyRef); - if(ortn) { - cssmPerror("SecPolicySearchCopyNext", ortn); - printf("***The TP policy used in this test is not accessible via SecPolicySearchCopyNext().\n"); - printf(" You probably forgot to add the policy to the theOidList table in PolicyCursor.cpp\n"); - printf(" in the libsecurity_keychain project.\n"); - } - CFRelease(srchRef); - if(policyRef) { - CFRelease(policyRef); - } - return ortn; -} - -int certVerify(CertVerifyArgs *vfyArgs) -{ - if(vfyArgs->version != CERT_VFY_ARGS_VERS) { - printf("***CertVerifyArgs.Version mismatch. Clean and rebuild.\n"); - return -1; - } - - /* main job is building a CSSM_TP_VERIFY_CONTEXT and its components */ - CSSM_TP_VERIFY_CONTEXT vfyCtx; - CSSM_TP_CALLERAUTH_CONTEXT authCtx; - CSSM_TP_VERIFY_CONTEXT_RESULT vfyResult; - CSSM_APPLE_TP_SSL_OPTIONS sslOpts; - CSSM_APPLE_TP_SMIME_OPTIONS smimeOpts; - - memset(&vfyCtx, 0, sizeof(CSSM_TP_VERIFY_CONTEXT)); - memset(&authCtx, 0, sizeof(CSSM_TP_CALLERAUTH_CONTEXT)); - - /* CSSM_TP_CALLERAUTH_CONTEXT components */ - /* - typedef struct cssm_tp_callerauth_context { - CSSM_TP_POLICYINFO Policy; - CSSM_TIMESTRING VerifyTime; - CSSM_TP_STOP_ON VerificationAbortOn; - CSSM_TP_VERIFICATION_RESULTS_CALLBACK CallbackWithVerifiedCert; - uint32 NumberOfAnchorCerts; - CSSM_DATA_PTR AnchorCerts; - CSSM_DL_DB_LIST_PTR DBList; - CSSM_ACCESS_CREDENTIALS_PTR CallerCredentials; - } CSSM_TP_CALLERAUTH_CONTEXT, *CSSM_TP_CALLERAUTH_CONTEXT_PTR; - */ - /* up to 3 policies */ - CSSM_FIELD policyIds[3]; - CSSM_FIELD *policyPtr = &policyIds[0]; - uint32 numPolicies = 0; - memset(policyIds, 0, 3 * sizeof(CSSM_FIELD)); - - switch(vfyArgs->vfyPolicy) { - case CVP_SSL: - case CVP_IPSec: - if(vfyArgs->vfyPolicy == CVP_SSL) { - policyPtr->FieldOid = CSSMOID_APPLE_TP_SSL; - } - else { - policyPtr->FieldOid = CSSMOID_APPLE_TP_IP_SEC; - } - /* otherwise these policies are identical */ - /* sslOpts is optional */ - if((vfyArgs->sslHost != NULL) || vfyArgs->sslClient) { - memset(&sslOpts, 0, sizeof(sslOpts)); - sslOpts.Version = CSSM_APPLE_TP_SSL_OPTS_VERSION; - sslOpts.ServerName = vfyArgs->sslHost; - if(vfyArgs->sslHost != NULL) { - sslOpts.ServerNameLen = strlen(vfyArgs->sslHost) + 1; - } - if(vfyArgs->sslClient) { - sslOpts.Flags |= CSSM_APPLE_TP_SSL_CLIENT; - } - policyPtr->FieldValue.Data = (uint8 *)&sslOpts; - policyPtr->FieldValue.Length = sizeof(sslOpts); - } - break; - case CVP_SMIME: - case CVP_iChat: - if(vfyArgs->vfyPolicy == CVP_SMIME) { - policyPtr->FieldOid = CSSMOID_APPLE_TP_SMIME; - } - else { - policyPtr->FieldOid = CSSMOID_APPLE_TP_ICHAT; - } - /* otherwise these policies are identical */ - /* smimeOpts is optional */ - if(vfyArgs->senderEmail != NULL) { - smimeOpts.Version = CSSM_APPLE_TP_SMIME_OPTS_VERSION; - smimeOpts.IntendedUsage = vfyArgs->intendedKeyUse; - smimeOpts.SenderEmail = vfyArgs->senderEmail; - smimeOpts.SenderEmailLen = strlen(vfyArgs->senderEmail) + 1; - policyPtr->FieldValue.Data = (uint8 *)&smimeOpts; - policyPtr->FieldValue.Length = sizeof(smimeOpts); - } - break; - case CVP_Basic: - policyPtr->FieldOid = CSSMOID_APPLE_X509_BASIC; - break; - case CVP_SWUpdateSign: - /* no options */ - policyPtr->FieldOid = CSSMOID_APPLE_TP_SW_UPDATE_SIGNING; - break; - case CVP_ResourceSigning: - /* no options */ - policyPtr->FieldOid = CSSMOID_APPLE_TP_RESOURCE_SIGN; - break; - case CVP_PKINIT_Server: - /* no options */ - policyPtr->FieldOid = CSSMOID_APPLE_TP_PKINIT_SERVER; - break; - case CVP_PKINIT_Client: - /* no options */ - policyPtr->FieldOid = CSSMOID_APPLE_TP_PKINIT_CLIENT; - break; - case CVP_AppleCodeSigning: - /* no options */ - policyPtr->FieldOid = CSSMOID_APPLE_TP_CODE_SIGNING; - break; - case CVP_PackageSigning: - /* no options */ - policyPtr->FieldOid = CSSMOID_APPLE_TP_PACKAGE_SIGNING; - break; - default: - printf("***certVerify: bogus vfyPolicy\n"); - return 1; - } - if(verifySecPolicy(&policyPtr->FieldOid)) { - return -1; - } - policyPtr++; - numPolicies++; - - CSSM_APPLE_TP_CRL_OPTIONS crlOpts; - if((vfyArgs->revokePolicy == CRP_CRL) || (vfyArgs->revokePolicy == CRP_CRL_OCSP)) { - memset(&crlOpts, 0, sizeof(crlOpts)); - policyPtr->FieldOid = CSSMOID_APPLE_TP_REVOCATION_CRL; - - crlOpts.Version = CSSM_APPLE_TP_CRL_OPTS_VERSION; - crlOpts.CrlFlags = 0; - crlOpts.crlStore = NULL; - policyPtr->FieldValue.Data = (uint8 *)&crlOpts; - policyPtr->FieldValue.Length = sizeof(crlOpts); - if(vfyArgs->requireCrlForAll) { - crlOpts.CrlFlags |= CSSM_TP_ACTION_REQUIRE_CRL_PER_CERT; - } - if(vfyArgs->crlNetFetchEnable) { - crlOpts.CrlFlags |= CSSM_TP_ACTION_FETCH_CRL_FROM_NET; - } - if(vfyArgs->requireCrlIfPresent) { - crlOpts.CrlFlags |= CSSM_TP_ACTION_REQUIRE_CRL_IF_PRESENT; - } - crlOpts.crlStore = vfyArgs->crlDlDb; - policyPtr++; - numPolicies++; - } - - CSSM_APPLE_TP_OCSP_OPTIONS ocspOpts; - CSSM_DATA respUriData; - CSSM_DATA respCertData = {vfyArgs->responderCertLen, - (uint8 *)vfyArgs->responderCert}; - if((vfyArgs->revokePolicy == CRP_OCSP) || (vfyArgs->revokePolicy == CRP_CRL_OCSP)) { - memset(&ocspOpts, 0, sizeof(ocspOpts)); - policyPtr->FieldOid = CSSMOID_APPLE_TP_REVOCATION_OCSP; - - crlOpts.Version = CSSM_APPLE_TP_OCSP_OPTS_VERSION; - policyPtr->FieldValue.Data = (uint8 *)&ocspOpts; - policyPtr->FieldValue.Length = sizeof(ocspOpts); - if(vfyArgs->requireOcspForAll) { - ocspOpts.Flags |= CSSM_TP_ACTION_OCSP_REQUIRE_PER_CERT; - } - if(vfyArgs->requireOcspIfPresent) { - ocspOpts.Flags |= CSSM_TP_ACTION_OCSP_REQUIRE_IF_RESP_PRESENT; - } - if(vfyArgs->disableCache) { - ocspOpts.Flags |= (CSSM_TP_ACTION_OCSP_CACHE_READ_DISABLE | - CSSM_TP_ACTION_OCSP_CACHE_WRITE_DISABLE); - } - if(vfyArgs->disableOcspNet) { - ocspOpts.Flags |= CSSM_TP_ACTION_OCSP_DISABLE_NET; - } - if(vfyArgs->generateOcspNonce) { - ocspOpts.Flags |= CSSM_TP_OCSP_GEN_NONCE; - } - if(vfyArgs->requireOcspRespNonce) { - ocspOpts.Flags |= CSSM_TP_OCSP_REQUIRE_RESP_NONCE; - } - if(vfyArgs->responderURI != NULL) { - respUriData.Data = (uint8 *)vfyArgs->responderURI; - respUriData.Length = strlen(vfyArgs->responderURI); - ocspOpts.LocalResponder = &respUriData; - } - if(vfyArgs->responderCert != NULL) { - ocspOpts.LocalResponderCert = &respCertData; - } - /* other OCSP options here */ - policyPtr++; - numPolicies++; - } - - authCtx.Policy.NumberOfPolicyIds = numPolicies; - - authCtx.Policy.PolicyIds = policyIds; - authCtx.Policy.PolicyControl = NULL; - - authCtx.VerifyTime = vfyArgs->vfyTime; // may be NULL - authCtx.VerificationAbortOn = CSSM_TP_STOP_ON_POLICY; - authCtx.CallbackWithVerifiedCert = NULL; - - /* - * DLDBs - the caller's optional set, plus two more we open - * if trust settings are enabled and we're told to use system - * anchors. (System anchors are normally passed in via - * authCtx.AnchorCerts; they're passed in as DLDBs when - * using TrustSettings.) - */ - uint32 totalNumDbs = 0; - uint32 numCallerDbs = 0; - CSSM_BOOL weOpenedDbs = CSSM_FALSE; - if(vfyArgs->dlDbList != NULL) { - totalNumDbs = numCallerDbs = vfyArgs->dlDbList->NumHandles; - } - if(vfyArgs->useTrustSettings && vfyArgs->useSystemAnchors) { - /* we'll cook up two more DBs and possible append them */ - totalNumDbs += 2; - weOpenedDbs = CSSM_TRUE; - } - CSSM_DL_DB_HANDLE dlDbHandles[totalNumDbs]; - CSSM_DL_DB_LIST dlDbList; - CSSM_DL_HANDLE dlHand = 0; - for(unsigned dex=0; dexdlDbList->DLDBHandle[dex]; - } - if(weOpenedDbs) { - /* get a DL handle, somehow */ - if(numCallerDbs == 0) { - /* new DL handle */ - dlHand = cuDlStartup(); - dlDbHandles[0].DLHandle = dlHand; - dlDbHandles[1].DLHandle = dlHand; - } - else { - /* use the same one caller passed in */ - dlDbHandles[numCallerDbs].DLHandle = dlDbHandles[0].DLHandle; - dlDbHandles[numCallerDbs + 1].DLHandle = dlDbHandles[0].DLHandle; - } - /* now open two DBs */ - dlDbHandles[numCallerDbs].DBHandle = - cuDbStartupByName(dlDbHandles[numCallerDbs].DLHandle, - (char *)ADMIN_CERT_STORE_PATH, CSSM_FALSE, CSSM_TRUE); - dlDbHandles[numCallerDbs + 1].DBHandle = - cuDbStartupByName(dlDbHandles[numCallerDbs].DLHandle, - (char *)SYSTEM_ROOT_STORE_PATH, CSSM_FALSE, CSSM_TRUE); - } - dlDbList.DLDBHandle = dlDbHandles; - dlDbList.NumHandles = totalNumDbs; - authCtx.DBList = &dlDbList; - - CFArrayRef cfAnchors = NULL; - CSSM_DATA *cssmAnchors = NULL; - unsigned numAnchors = 0; - - if(vfyArgs->useSystemAnchors) { - if(!vfyArgs->useTrustSettings) { - /* standard system anchors - ingore error, I'm sure the - * current test will eventually fail */ - getSystemAnchors(&cfAnchors, &cssmAnchors, &numAnchors); - authCtx.NumberOfAnchorCerts = numAnchors; - authCtx.AnchorCerts = cssmAnchors; - } - } - else { - /* anchors are our caller's roots */ - if(vfyArgs->roots) { - authCtx.NumberOfAnchorCerts = vfyArgs->roots->numBlobs(); - authCtx.AnchorCerts = vfyArgs->roots->blobList(); - } - } - authCtx.CallerCredentials = NULL; - - if(vfyArgs->crls) { - /* cook up CRL group */ - CSSM_CRLGROUP_PTR cssmCrls = &vfyCtx.Crls; - cssmCrls->CrlType = CSSM_CRL_TYPE_X_509v1; - cssmCrls->CrlEncoding = CSSM_CRL_ENCODING_DER; - cssmCrls->NumberOfCrls = vfyArgs->crls->numBlobs(); - cssmCrls->GroupCrlList.CrlList = vfyArgs->crls->blobList(); - cssmCrls->CrlGroupType = CSSM_CRLGROUP_DATA; - } - - /* CSSM_APPLE_TP_ACTION_DATA */ - CSSM_APPLE_TP_ACTION_DATA tpAction; - tpAction.Version = CSSM_APPLE_TP_ACTION_VERSION; - tpAction.ActionFlags = 0; - if(vfyArgs->leafCertIsCA) { - tpAction.ActionFlags |= CSSM_TP_ACTION_LEAF_IS_CA; - } - if(vfyArgs->certNetFetchEnable) { - tpAction.ActionFlags |= CSSM_TP_ACTION_FETCH_CERT_FROM_NET; - } - if(vfyArgs->allowExpiredRoot) { - tpAction.ActionFlags |= CSSM_TP_ACTION_ALLOW_EXPIRED_ROOT; - } - if(!vfyArgs->allowUnverified) { - tpAction.ActionFlags |= CSSM_TP_ACTION_REQUIRE_REV_PER_CERT; - } - if(vfyArgs->useTrustSettings) { - tpAction.ActionFlags |= CSSM_TP_ACTION_TRUST_SETTINGS; - } - if(vfyArgs->implicitAnchors) { - tpAction.ActionFlags |= CSSM_TP_ACTION_IMPLICIT_ANCHORS; - } - - /* CSSM_TP_VERIFY_CONTEXT */ - vfyCtx.ActionData.Data = (uint8 *)&tpAction; - vfyCtx.ActionData.Length = sizeof(tpAction); - - vfyCtx.Action = CSSM_TP_ACTION_DEFAULT; - vfyCtx.Cred = &authCtx; - - /* cook up cert group */ - CSSM_CERTGROUP cssmCerts; - cssmCerts.CertType = CSSM_CERT_X_509v3; - cssmCerts.CertEncoding = CSSM_CERT_ENCODING_DER; - cssmCerts.NumCerts = vfyArgs->certs->numBlobs(); - cssmCerts.GroupList.CertList = vfyArgs->certs->blobList(); - cssmCerts.CertGroupType = CSSM_CERTGROUP_DATA; - - int ourRtn = 0; - CSSM_RETURN crtn = CSSM_TP_CertGroupVerify(vfyArgs->tpHand, - vfyArgs->clHand, - vfyArgs->cspHand, - &cssmCerts, - &vfyCtx, - &vfyResult); - if(vfyArgs->expectedErrStr != NULL) { - const char *actRtn; - if(crtn == CSSM_OK) { - /* cssmErrorString munges this to "[ok]" */ - actRtn = "CSSM_OK"; - } - else { - actRtn = cssmErrToStr(crtn); - } - char *found = strstr(actRtn, vfyArgs->expectedErrStr); - if(found) { - if(!vfyArgs->quiet) { - printf("...%s received as expected\n", vfyArgs->expectedErrStr); - } - } - else { - printf("***CSSM_TP_CertGroupVerify error\n"); - printf(" expected rtn : %s\n", vfyArgs->expectedErrStr); - printf(" actual rtn : %s\n", actRtn); - ourRtn = 1; - } - } - else { - if(crtn) { - if(!vfyArgs->quiet) { - printError("CSSM_TP_CertGroupVerify", crtn); - } - ourRtn = 1; - } - else if(!vfyArgs->quiet) { - printf("...verify successful\n"); - } - } - if(vfyArgs->certErrors) { - if(vfyCertErrors(&vfyResult, vfyArgs->numCertErrors, vfyArgs->certErrors, - vfyArgs->quiet)) { - ourRtn = 1; - } - } - if(vfyArgs->certStatus) { - if(vfyCertStatus(&vfyResult, vfyArgs->numCertStatus, vfyArgs->certStatus, - vfyArgs->quiet)) { - ourRtn = 1; - } - } - if(vfyArgs->verbose) { - dumpVfyResult(&vfyResult); - } - freeVfyResult(&vfyResult); - if(weOpenedDbs) { - /* close the DBs and maybe the DL we opened */ - CSSM_DL_DbClose(dlDbHandles[numCallerDbs]); - CSSM_DL_DbClose(dlDbHandles[numCallerDbs + 1]); - if(dlHand != 0) { - cuDlDetachUnload(dlHand); - } - } - if(cfAnchors) { - CFRelease(cfAnchors); - } - if(cssmAnchors) { - free(cssmAnchors); - } - return ourRtn; -} - -unsigned hexDigit(char digit) -{ - if((digit >= '0') && (digit <= '9')) { - return digit - '0'; - } - if((digit >= 'a') && (digit <= 'f')) { - return 10 + digit - 'a'; - } - if((digit >= 'A') && (digit <= 'F')) { - return 10 + digit - 'A'; - } - printf("***BAD HEX DIGIT (%c)\n", digit); - return 0; -} - -/* convert ASCII string in hex to unsigned */ -unsigned hexToBin(const char *hex) -{ - unsigned rtn = 0; - const char *cp = hex; - if((cp[0] == '0') && (cp[1] == 'x')) { - cp += 2; - } - if(strlen(cp) > 8) { - printf("***BAD HEX STRING (%s)\n", cp); - return 0; - } - while(*cp) { - rtn <<= 4; - rtn += hexDigit(*cp); - cp++; - } - return rtn; -} - -/* - * A slightly simplified version of certVerify: - * -- no CRLs (includes allowUnverified = CSSM_FALSE) - * -- revokePOlicy = None - * -- no DlDbs - * -- no net fetch - * -- time = now. - */ -int certVerifySimple( - CSSM_TP_HANDLE tpHand, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - BlobList &certs, - BlobList &roots, - CSSM_BOOL useSystemAnchors, - CSSM_BOOL leafCertIsCA, - CSSM_BOOL allowExpiredRoot, - CertVerifyPolicy vfyPolicy, - const char *sslHost, // optional, SSL policy - CSSM_BOOL sslClient, // normally server side - const char *senderEmail, // optional, SMIME - CE_KeyUsage intendedKeyUse, // optional, SMIME only - const char *expectedErrStr,// e.g., - // "CSSMERR_APPLETP_CRL_NOT_TRUSTED" - - /* - * expected per-cert errors - * format is certNum:errorString - * e.g., "1:CSSMERR_APPLETP_CRL_NOT_TRUSTED" - */ - unsigned numCertErrors, - const char **certErrors, // per-cert status - - /* - * Expected per-cert status (CSSM_TP_APPLE_EVIDENCE_INFO.StatusBits) - * format is certNum:status_in_hex - * e.g., "1:0x18", leading 0x optional - */ - unsigned numCertStatus, - const char **certStatus, - CSSM_BOOL useTrustSettings, - CSSM_BOOL quiet, - CSSM_BOOL verbose) -{ - CertVerifyArgs vfyArgs; - memset(&vfyArgs, 0, sizeof(vfyArgs)); - vfyArgs.version = CERT_VFY_ARGS_VERS; - vfyArgs.tpHand = tpHand; - vfyArgs.clHand = clHand; - vfyArgs.cspHand = cspHand; - vfyArgs.certs = &certs; - vfyArgs.roots = &roots; - vfyArgs.useSystemAnchors = useSystemAnchors; - vfyArgs.useTrustSettings = useTrustSettings; - vfyArgs.leafCertIsCA = leafCertIsCA; - vfyArgs.allowExpiredRoot = allowExpiredRoot; - vfyArgs.vfyPolicy = vfyPolicy; - vfyArgs.sslHost = sslHost; - vfyArgs.sslClient = sslClient; - vfyArgs.senderEmail = senderEmail; - vfyArgs.intendedKeyUse = intendedKeyUse; - vfyArgs.allowUnverified = CSSM_TRUE; - vfyArgs.expectedErrStr = expectedErrStr; - vfyArgs.numCertErrors = numCertErrors; - vfyArgs.certErrors = certErrors; - vfyArgs.numCertStatus = numCertStatus; - vfyArgs.certStatus = certStatus; - vfyArgs.quiet = quiet; - vfyArgs.verbose = verbose; - return certVerify(&vfyArgs); -} - diff --git a/SecurityTests/clxutils/clAppUtils/certVerify.h b/SecurityTests/clxutils/clAppUtils/certVerify.h deleted file mode 100644 index 7e047acc..00000000 --- a/SecurityTests/clxutils/clAppUtils/certVerify.h +++ /dev/null @@ -1,148 +0,0 @@ -#ifndef _CERT_VERIFY_H_ -#define _CERT_VERIFY_H_ - -#include -#include -#include - -/* must be C++ since we use BlobList */ -extern "C" { - -/* Display verify results */ -void dumpVfyResult( - const CSSM_TP_VERIFY_CONTEXT_RESULT *vfyResult); - -typedef enum { - CVP_Basic = 0, - CVP_SSL, - CVP_SMIME, - CVP_SWUpdateSign, // was CVP_CodeSigning - CVP_ResourceSigning, - CVP_iChat, - CVP_IPSec, - CVP_PKINIT_Server, - CVP_PKINIT_Client, - CVP_AppleCodeSigning, // the Leopard version - CVP_PackageSigning -} CertVerifyPolicy; - -typedef enum { - CRP_None = 0, - CRP_CRL, - CRP_OCSP, - CRP_CRL_OCSP -} CertRevokePolicy; - -/* - * Since I never stop adding args to certVerify(), most of which have reasonable - * defaults, the inputs are now expressed like so. - */ -#define CERT_VFY_ARGS_VERS 5 /* increment every time you change this struct */ -typedef struct { - int version; /* must be CERT_VFY_ARGS_VERS */ - CSSM_TP_HANDLE tpHand; - CSSM_CL_HANDLE clHand; - CSSM_CSP_HANDLE cspHand; - BlobList *certs; - BlobList *roots; - BlobList *crls; - char *vfyTime; - - CSSM_BOOL certNetFetchEnable; - CSSM_BOOL useSystemAnchors; - CSSM_BOOL useTrustSettings; - CSSM_BOOL leafCertIsCA; - CSSM_BOOL allowExpiredRoot; - CSSM_BOOL implicitAnchors; - CSSM_DL_DB_LIST_PTR dlDbList; // optional - CertVerifyPolicy vfyPolicy; - - const char *sslHost; // optional; SSL policy - CSSM_BOOL sslClient; // normally server side - const char *senderEmail; // optional, SMIME - CE_KeyUsage intendedKeyUse; // optional, SMIME only - - /* revocation options */ - CertRevokePolicy revokePolicy; - CSSM_BOOL allowUnverified; // if false, at least one must succeed - - /* CRL options */ - CSSM_BOOL requireCrlIfPresent; - CSSM_BOOL requireCrlForAll; - CSSM_BOOL crlNetFetchEnable; - CSSM_DL_DB_HANDLE_PTR crlDlDb; // obsolete: write CRLs here - - /* OCSP options */ - const char *responderURI; // optional, OCSP only - const unsigned char *responderCert; // optional, OCSP only - unsigned responderCertLen;// optional, OCSP only - CSSM_BOOL disableCache; // both r and w for now - CSSM_BOOL disableOcspNet; - CSSM_BOOL requireOcspIfPresent; - CSSM_BOOL requireOcspForAll; - CSSM_BOOL generateOcspNonce; - CSSM_BOOL requireOcspRespNonce; - - const char *expectedErrStr;// e.g., - // "CSSMERR_APPLETP_CRL_NOT_TRUSTED" - - /* - * expected per-cert errors - * format is certNum:errorString - * e.g., "1:CSSMERR_APPLETP_CRL_NOT_TRUSTED" - */ - unsigned numCertErrors; - const char **certErrors; // per-cert status - - /* - * Expected per-cert status (CSSM_TP_APPLE_EVIDENCE_INFO.StatusBits) - * format is certNum:status_in_hex - * e.g., "1:0x18", leading 0x optional - */ - unsigned numCertStatus; - const char **certStatus; - CSSM_BOOL quiet; - CSSM_BOOL verbose; - -} CertVerifyArgs; - -/* perform one cert/crl verification */ -int certVerify(CertVerifyArgs *args); - -/* - * A slightly simplified version of certVerify: - * -- no CRLs - * -- no DlDbs - * -- no net fetch - * -- time = now - * -- no trust settings - */ -int certVerifySimple( - CSSM_TP_HANDLE tpHand, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - BlobList &certs, - BlobList &roots, - CSSM_BOOL useSystemAnchors, - CSSM_BOOL leafCertIsCA, - CSSM_BOOL allowExpiredRoot, - CertVerifyPolicy vfyPolicy, - const char *sslHost, // optional, SSL policy - CSSM_BOOL sslClient, // normally server side - const char *senderEmail, // optional, SMIME - CE_KeyUsage intendedKeyUse, // optional, SMIME only - const char *expectedErrStr,// e.g., - unsigned numCertErrors, - const char **certErrors, // per-cert status - unsigned numCertStatus, - const char **certStatus, - CSSM_BOOL useTrustSettings, - CSSM_BOOL quiet, - CSSM_BOOL verbose); - -/* convert ASCII string in hex to unsigned */ -unsigned hexToBin(const char *hex); - -} /* extern "C" */ - -#endif /* _DO_VERIFY_H_ */ diff --git a/SecurityTests/clxutils/clAppUtils/clutils.c b/SecurityTests/clxutils/clAppUtils/clutils.c deleted file mode 100644 index 516866a5..00000000 --- a/SecurityTests/clxutils/clAppUtils/clutils.c +++ /dev/null @@ -1,192 +0,0 @@ -/* - * clutils.c - common CL app-level routines, X version - */ - -#include -#include -#include -#include "clutils.h" -#include /* apple, not intel */ -#include - -static CSSM_API_MEMORY_FUNCS memFuncs = { - appMalloc, - appFree, - appRealloc, - appCalloc, - NULL - }; - -static CSSM_VERSION vers = {2, 0}; - -/* - * Init CSSM and establish a session with the Apple CL. - */ -CSSM_CL_HANDLE clStartup() -{ - CSSM_CL_HANDLE clHand; - CSSM_RETURN crtn; - - if(cssmStartup() == CSSM_FALSE) { - return 0; - } - crtn = CSSM_ModuleLoad(&gGuidAppleX509CL, - CSSM_KEY_HIERARCHY_NONE, - NULL, // eventHandler - NULL); // AppNotifyCallbackCtx - if(crtn) { - printError("CSSM_ModuleLoad(AppleCL)", crtn); - return 0; - } - crtn = CSSM_ModuleAttach (&gGuidAppleX509CL, - &vers, - &memFuncs, // memFuncs - 0, // SubserviceID - CSSM_SERVICE_CL, // SubserviceFlags - Where is this used? - 0, // AttachFlags - CSSM_KEY_HIERARCHY_NONE, - NULL, // FunctionTable - 0, // NumFuncTable - NULL, // reserved - &clHand); - if(crtn) { - printError("CSSM_ModuleAttach(AppleCL)", crtn); - return 0; - } - else { - return clHand; - } -} - -void clShutdown( - CSSM_CL_HANDLE clHand) -{ - CSSM_RETURN crtn; - - crtn = CSSM_ModuleDetach(clHand); - if(crtn) { - printf("Error detaching from AppleCL\n"); - printError("CSSM_ModuleDetach", crtn); - return; - } - crtn = CSSM_ModuleUnload(&gGuidAppleX509CL, NULL, NULL); - if(crtn) { - printf("Error unloading AppleCL\n"); - printError("CSSM_ModuleUnload", crtn); - } -} - -/* - * Init CSSM and establish a session with the Apple TP. - */ -CSSM_TP_HANDLE tpStartup() -{ - CSSM_TP_HANDLE tpHand; - CSSM_RETURN crtn; - - if(cssmStartup() == CSSM_FALSE) { - return 0; - } - crtn = CSSM_ModuleLoad(&gGuidAppleX509TP, - CSSM_KEY_HIERARCHY_NONE, - NULL, // eventHandler - NULL); // AppNotifyCallbackCtx - if(crtn) { - printError("CSSM_ModuleLoad(AppleTP)", crtn); - return 0; - } - crtn = CSSM_ModuleAttach (&gGuidAppleX509TP, - &vers, - &memFuncs, // memFuncs - 0, // SubserviceID - CSSM_SERVICE_TP, // SubserviceFlags - 0, // AttachFlags - CSSM_KEY_HIERARCHY_NONE, - NULL, // FunctionTable - 0, // NumFuncTable - NULL, // reserved - &tpHand); - if(crtn) { - printError("CSSM_ModuleAttach(AppleTP)", crtn); - return 0; - } - else { - return tpHand; - } -} - -void tpShutdown( - CSSM_TP_HANDLE tpHand) -{ - CSSM_RETURN crtn; - - crtn = CSSM_ModuleDetach(tpHand); - if(crtn) { - printf("Error detaching from AppleTP\n"); - printError("CSSM_ModuleDetach", crtn); - return; - } - crtn = CSSM_ModuleUnload(&gGuidAppleX509TP, NULL, NULL); - if(crtn) { - printf("Error unloading AppleTP\n"); - printError("CSSM_ModuleUnload", crtn); - } -} - - -/* - * Cook up a CSSM_DATA with specified integer, DER style (minimum number of - * bytes, big-endian). - */ -CSSM_DATA_PTR intToDER(unsigned theInt) -{ - CSSM_DATA_PTR DER_Data = (CSSM_DATA_PTR)CSSM_MALLOC(sizeof(CSSM_DATA)); - - if(theInt < 0x100) { - DER_Data->Length = 1; - DER_Data->Data = (uint8 *)CSSM_MALLOC(1); - DER_Data->Data[0] = (unsigned char)(theInt); - } - else if(theInt < 0x10000) { - DER_Data->Length = 2; - DER_Data->Data = (uint8 *)CSSM_MALLOC(2); - DER_Data->Data[0] = (unsigned char)(theInt >> 8); - DER_Data->Data[1] = (unsigned char)(theInt); - } - else if(theInt < 0x1000000) { - DER_Data->Length = 3; - DER_Data->Data = (uint8 *)CSSM_MALLOC(3); - DER_Data->Data[0] = (unsigned char)(theInt >> 16); - DER_Data->Data[1] = (unsigned char)(theInt >> 8); - DER_Data->Data[2] = (unsigned char)(theInt); - } - else { - DER_Data->Length = 4; - DER_Data->Data = (uint8 *)CSSM_MALLOC(4); - DER_Data->Data[0] = (unsigned char)(theInt >> 24); - DER_Data->Data[1] = (unsigned char)(theInt >> 16); - DER_Data->Data[2] = (unsigned char)(theInt >> 8); - DER_Data->Data[3] = (unsigned char)(theInt); - } - return DER_Data; -} - -/* - * Convert a CSSM_DATA_PTR, referring to a DER-encoded int, to a - * uint32. - */ -uint32 DER_ToInt(const CSSM_DATA *DER_Data) -{ - uint32 rtn = 0; - unsigned i = 0; - - while(i < DER_Data->Length) { - rtn |= DER_Data->Data[i]; - if(++i == DER_Data->Length) { - break; - } - rtn <<= 8; - } - return rtn; -} - diff --git a/SecurityTests/clxutils/clAppUtils/clutils.h b/SecurityTests/clxutils/clAppUtils/clutils.h deleted file mode 100644 index c0cf82b5..00000000 --- a/SecurityTests/clxutils/clAppUtils/clutils.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * clutils.h - common CL app-level routines, X version - */ - -#ifndef _CL_APP_UTILS_CLUTILS_H_ -#define _CL_APP_UTILS_CLUTILS_H_ - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -CSSM_CL_HANDLE clStartup(); -void clShutdown( - CSSM_CL_HANDLE clHand); - -CSSM_TP_HANDLE tpStartup(); -void tpShutdown( - CSSM_TP_HANDLE tpHand); - - -CSSM_DATA_PTR intToDER(unsigned theInt); -uint32 DER_ToInt(const CSSM_DATA *DER_Data); - -#ifdef __cplusplus -} -#endif - -#endif /* _CL_APP_UTILS_CLUTILS_H_ */ diff --git a/SecurityTests/clxutils/clAppUtils/crlUtils.cpp b/SecurityTests/clxutils/clAppUtils/crlUtils.cpp deleted file mode 100644 index e126955b..00000000 --- a/SecurityTests/clxutils/clAppUtils/crlUtils.cpp +++ /dev/null @@ -1,318 +0,0 @@ -/* - * crlUtils.cpp - CRL CL/TP/DL utilities. - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include /* private API */ - -/* crlAddCrlToDb() removed due to build problem; obsoleted in favor of - * cuAddCrlToDb() in security_cdsa_utils - */ -#define CRL_ADD_TO_DB 0 - -#if CRL_ADD_TO_DB -#include /* private */ - /* SecInferLabelFromX509Name() */ - -/* - * Update an existing DLDB to be CRL-capable. - */ -static CSSM_RETURN crlAddCrlSchema( - CSSM_DL_DB_HANDLE dlDbHand) -{ - return CSSM_DL_CreateRelation(dlDbHand, - CSSM_DL_DB_RECORD_X509_CRL, - "CSSM_DL_DB_RECORD_X509_CRL", - Security::KeychainCore::Schema::X509CrlSchemaAttributeCount, - Security::KeychainCore::Schema::X509CrlSchemaAttributeList, - Security::KeychainCore::Schema::X509CrlSchemaIndexCount, - Security::KeychainCore::Schema::X509CrlSchemaIndexList); -} - -static void crlInferCrlLabel( - const CSSM_X509_NAME *x509Name, - CSSM_DATA *label) // not mallocd; contents are - // from the x509Name -{ - /* use private API for common "infer label" logic */ - const CSSM_DATA *printValue = SecInferLabelFromX509Name(x509Name); - if(printValue == NULL) { - /* punt! */ - label->Data = (uint8 *)"X509 CRL"; - label->Length = 8; - } - else { - *label = *printValue; - } -} - -/* - * Search extensions for specified OID, assumed to have underlying - * value type of uint32; returns the value and true if found. - */ -static bool crlSearchNumericExtension( - const CSSM_X509_EXTENSIONS *extens, - const CSSM_OID *oid, - uint32 *val) -{ - for(uint32 dex=0; dexnumberOfExtensions; dex++) { - const CSSM_X509_EXTENSION *exten = &extens->extensions[dex]; - if(!appCompareCssmData(&exten->extnId, oid)) { - continue; - } - if(exten->format != CSSM_X509_DATAFORMAT_PARSED) { - printf("***Malformed extension\n"); - continue; - } - *val = *((uint32 *)exten->value.parsedValue); - return true; - } - return false; -} - -/* - * Add a CRL to an existing DL/DB. - */ -#define MAX_CRL_ATTRS 8 - -CSSM_RETURN crlAddCrlToDb( - CSSM_DL_DB_HANDLE dlDbHand, - CSSM_CL_HANDLE clHand, - const CSSM_DATA *crl) -{ - CSSM_DB_ATTRIBUTE_DATA attrs[MAX_CRL_ATTRS]; - CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; - CSSM_DB_ATTRIBUTE_DATA_PTR attr = &attrs[0]; - CSSM_DATA crlTypeData; - CSSM_DATA crlEncData; - CSSM_DATA printNameData; - CSSM_RETURN crtn; - CSSM_DB_UNIQUE_RECORD_PTR recordPtr; - CSSM_DATA_PTR issuer; // mallocd by CL - CSSM_DATA_PTR crlValue; // ditto - uint32 numFields; - CSSM_HANDLE result; - CSSM_CRL_ENCODING crlEnc = CSSM_CRL_ENCODING_DER; - const CSSM_X509_SIGNED_CRL *signedCrl; - const CSSM_X509_TBS_CERTLIST *tbsCrl; - CSSM_CRL_TYPE crlType; - CSSM_DATA thisUpdateData = {0, NULL}; - CSSM_DATA nextUpdateData = {0, NULL}; - char *thisUpdate, *nextUpdate; - unsigned timeLen; - uint32 crlNumber; - uint32 deltaCrlNumber; - CSSM_DATA crlNumberData; - CSSM_DATA deltaCrlNumberData; - bool crlNumberPresent = false; - bool deltaCrlPresent = false; - - /* get normalized issuer name as Issuer attr */ - crtn = CSSM_CL_CrlGetFirstFieldValue(clHand, - crl, - &CSSMOID_X509V1IssuerName, - &result, - &numFields, - &issuer); - if(crtn) { - printError("CSSM_CL_CrlGetFirstFieldValue(Issuer)", crtn); - return crtn; - } - CSSM_CL_CrlAbortQuery(clHand, result); - - /* get parsed CRL from the CL */ - crtn = CSSM_CL_CrlGetFirstFieldValue(clHand, - crl, - &CSSMOID_X509V2CRLSignedCrlCStruct, - &result, - &numFields, - &crlValue); - if(crtn) { - printError("CSSM_CL_CrlGetFirstFieldValue(Issuer)", crtn); - return crtn; - } - CSSM_CL_CrlAbortQuery(clHand, result); - if(crlValue == NULL) { - printf("***CSSM_CL_CrlGetFirstFieldValue: value error (1)\n"); - return CSSMERR_CL_INVALID_CRL_POINTER; - } - if((crlValue->Data == NULL) || - (crlValue->Length != sizeof(CSSM_X509_SIGNED_CRL))) { - printf("***CSSM_CL_CrlGetFirstFieldValue: value error (2)\n"); - return CSSMERR_CL_INVALID_CRL_POINTER; - } - signedCrl = (const CSSM_X509_SIGNED_CRL *)crlValue->Data; - tbsCrl = &signedCrl->tbsCertList; - - /* CrlType inferred from version */ - if(tbsCrl->version.Length == 0) { - /* should never happen... */ - crlType = CSSM_CRL_TYPE_X_509v1; - } - else { - uint8 vers = tbsCrl->version.Data[tbsCrl->version.Length - 1]; - switch(vers) { - case 0: - crlType = CSSM_CRL_TYPE_X_509v1; - break; - case 1: - crlType = CSSM_CRL_TYPE_X_509v2; - break; - default: - printf("***Unknown version in CRL (%u)\n", vers); - crlType = CSSM_CRL_TYPE_X_509v1; - break; - } - } - crlTypeData.Data = (uint8 *)&crlType; - crlTypeData.Length = sizeof(CSSM_CRL_TYPE); - /* encoding more-or-less assumed here */ - crlEncData.Data = (uint8 *)&crlEnc; - crlEncData.Length = sizeof(CSSM_CRL_ENCODING); - - /* printName inferred from issuer */ - crlInferCrlLabel(&tbsCrl->issuer, &printNameData); - - /* cook up CSSM_TIMESTRING versions of this/next update */ - thisUpdate = x509TimeToCssmTimestring(&tbsCrl->thisUpdate, &timeLen); - if(thisUpdate == NULL) { - printf("***Badly formatted thisUpdate\n"); - } - else { - thisUpdateData.Data = (uint8 *)thisUpdate; - thisUpdateData.Length = timeLen; - } - nextUpdate = x509TimeToCssmTimestring(&tbsCrl->nextUpdate, &timeLen); - if(nextUpdate == NULL) { - printf("***Badly formatted nextUpdate\n"); - } - else { - nextUpdateData.Data = (uint8 *)nextUpdate; - nextUpdateData.Length = timeLen; - } - - /* optional CrlNumber and DeltaCrlNumber */ - if(crlSearchNumericExtension(&tbsCrl->extensions, - &CSSMOID_CrlNumber, - &crlNumber)) { - crlNumberData.Data = (uint8 *)&crlNumber; - crlNumberData.Length = sizeof(uint32); - crlNumberPresent = true; - } - if(crlSearchNumericExtension(&tbsCrl->extensions, - &CSSMOID_DeltaCrlIndicator, - &deltaCrlNumber)) { - deltaCrlNumberData.Data = (uint8 *)&deltaCrlNumber; - deltaCrlNumberData.Length = sizeof(uint32); - deltaCrlPresent = true; - } - /* we spec six attributes, skipping alias and URI */ - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "CrlType"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_UINT32; - attr->NumberOfValues = 1; - attr->Value = &crlTypeData; - attr++; - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "CrlEncoding"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_UINT32; - attr->NumberOfValues = 1; - attr->Value = &crlEncData; - attr++; - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "PrintName"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = &printNameData; - attr++; - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "Issuer"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = issuer; - attr++; - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "ThisUpdate"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = &thisUpdateData; - attr++; - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "NextUpdate"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = &nextUpdateData; - attr++; - - /* now the optional attributes */ - if(crlNumberPresent) { - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "CrlNumber"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_UINT32; - attr->NumberOfValues = 1; - attr->Value = &crlNumberData; - attr++; - } - if(deltaCrlPresent) { - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = "DeltaCrlNumber"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_UINT32; - attr->NumberOfValues = 1; - attr->Value = &deltaCrlNumberData; - attr++; - } - - recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_X509_CRL; - recordAttrs.SemanticInformation = 0; - recordAttrs.NumberOfAttributes = attr - attrs; - recordAttrs.AttributeData = attrs; - - crtn = CSSM_DL_DataInsert(dlDbHand, - CSSM_DL_DB_RECORD_X509_CRL, - &recordAttrs, - crl, - &recordPtr); - if(crtn == CSSMERR_DL_INVALID_RECORDTYPE) { - /* gross hack of inserting this "new" schema that - * Keychain didn't specify */ - crtn = crlAddCrlSchema(dlDbHand); - if(crtn == CSSM_OK) { - /* Retry with a fully capable DLDB */ - crtn = CSSM_DL_DataInsert(dlDbHand, - CSSM_DL_DB_RECORD_X509_CRL, - &recordAttrs, - crl, - &recordPtr); - } - } - if(crtn) { - printError("CSSM_DL_DataInsert", crtn); - } - else { - CSSM_DL_FreeUniqueRecord(dlDbHand, recordPtr); - } - - /* free all the stuff we allocated to get here */ - CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1IssuerName, issuer); - CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V2CRLSignedCrlCStruct, - crlValue); - free(thisUpdate); - free(nextUpdate); - return crtn; -} - -#endif /* CRL_ADD_TO_DB */ diff --git a/SecurityTests/clxutils/clAppUtils/crlUtils.h b/SecurityTests/clxutils/clAppUtils/crlUtils.h deleted file mode 100644 index 6d951b50..00000000 --- a/SecurityTests/clxutils/clAppUtils/crlUtils.h +++ /dev/null @@ -1,28 +0,0 @@ -/* - * crlUtils.cpp - CRL CL/TP/DL utilities. - */ - -#ifndef _CRL_UTILS_H_ -#define _CRL_UTILS_H_ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Add a CRL to an existing DL/DB. - */ -#define MAX_CRL_ATTRS 8 - -CSSM_RETURN crlAddCrlToDb( - CSSM_DL_DB_HANDLE dlDbHand, - CSSM_CL_HANDLE clHand, - const CSSM_DATA *crl); - -#ifdef __cplusplus -} -#endif - -#endif /* _CRL_UTILS_H_ */ diff --git a/SecurityTests/clxutils/clAppUtils/identPicker.cpp b/SecurityTests/clxutils/clAppUtils/identPicker.cpp deleted file mode 100644 index 0b4ad3ac..00000000 --- a/SecurityTests/clxutils/clAppUtils/identPicker.cpp +++ /dev/null @@ -1,331 +0,0 @@ -/* - * Copyright (c) 2003-2008 Apple Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - * identPicker.cp - Given a keychain, select from possible multiple - * SecIdentityRefs via stdio UI, and cook up a - * CFArray containing that identity and all certs needed - * for cert verification by an SSL peer. The resulting - * CFArrayRef is suitable for passing to SSLSetCertificate(). - */ - -#include "identPicker.h" -#include "sslAppUtils.h" -#include -#include -#include -#include - -/* - * Safe gets(). - * -- guaranteed no buffer overflow - * -- guaranteed NULL-terminated string - * -- handles empty string (i.e., response is just CR) properly - */ -void getString( - char *buf, - unsigned bufSize) -{ - unsigned dex; - char c; - char *cp = buf; - - for(dex=0; dexcount != 1)) { - printf("***Unexpected result fetching label attr\n"); - crtn = strdup("Unnamed KeychainItem"); - goto errOut; - } - /* We're assuming 8-bit ASCII attribute data here... */ - attr = attrList->attr; - crtn = (char *)malloc(attr->length + 1); - memmove(crtn, attr->data, attr->length); - crtn[attr->length] = '\0'; - -errOut: - SecKeychainItemFreeAttributesAndData(attrList, NULL); - return crtn; -} - -/* - * Get the final term of a keychain's path as a C string. Caller must free() - * the result. - */ -char *kcFileName( - SecKeychainRef kcRef) -{ - char fullPath[MAXPATHLEN + 1]; - OSStatus ortn; - UInt32 pathLen = MAXPATHLEN; - - ortn = SecKeychainGetPath(kcRef, &pathLen, fullPath); - if(ortn) { - cssmPerror("SecKeychainGetPath", ortn); - return strdup("orphan keychain"); - } - - /* NULL terminate the path string and search for final '/' */ - fullPath[pathLen] = '\0'; - char *lastSlash = NULL; - char *thisSlash = fullPath; - do { - thisSlash = strchr(thisSlash, '/'); - if(thisSlash == NULL) { - /* done */ - break; - } - thisSlash++; - lastSlash = thisSlash; - } while(thisSlash != NULL); - if(lastSlash == NULL) { - /* no slashes, odd, but handle it */ - return strdup(fullPath); - } - else { - return strdup(lastSlash); - } -} - -/* - * Obtain the final term of a keychain item's keychain path as a C string. - * Caller must free() the result. - * May well return NULL indicating the item has no keychain (e.g. az floating cert). - */ -char *kcItemKcFileName(SecKeychainItemRef itemRef) -{ - OSStatus ortn; - SecKeychainRef kcRef = NULL; - - ortn = SecKeychainItemCopyKeychain(itemRef, &kcRef); - if(ortn) { - return NULL; - } - char *rtnStr = kcFileName(kcRef); - CFRelease(kcRef); - return rtnStr; -} - -/* - * Given an array of SecIdentityRefs: - * -- display a printable name of each identity's cert; - * -- prompt user to select which one to use; - * - * Returns CFIndex of desired identity. A return of <0 indicates - * "none - abort". - */ -static CFIndex pickIdent( - CFArrayRef idArray) -{ - CFIndex count = CFArrayGetCount(idArray); - CFIndex dex; - OSStatus ortn; - - if(count == 0) { - printf("***sslIdentPicker screwup: no identities found\n"); - return -1; - } - for(dex=0; dex= 0) && (ires < count)) { - return (CFIndex)ires; - } - printf("***Invalid entry. Type a number between 0 and %ld\n", - count-1); - } - return -1; -} - -OSStatus sslSimpleIdentPicker( - SecKeychainRef kcRef, // NULL means use default list - SecIdentityRef *ident) // RETURNED -{ - OSStatus ortn; - CFMutableArrayRef idArray = NULL; // holds all SecIdentityRefs found - - /* Search for all identities */ - *ident = NULL; - SecIdentitySearchRef srchRef = nil; - ortn = SecIdentitySearchCreate(kcRef, - 0, // keyUsage - any - &srchRef); - if(ortn) { - cssmPerror("SecIdentitySearchCreate", (CSSM_RETURN)ortn); - printf("Cannot find signing key in keychain.\n"); - return ortn; - } - - /* get all identities, stuff them into idArray */ - SecIdentityRef identity = nil; - idArray = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); - do { - ortn = SecIdentitySearchCopyNext(srchRef, &identity); - if(ortn != noErr) { - break; - } - CFArrayAppendValue(idArray, identity); - - /* the array has the retain count we need */ - CFRelease(identity); - } while(ortn == noErr); - CFRelease(srchRef); - - switch(ortn) { - case errSecItemNotFound: - if(CFArrayGetCount(idArray) == 0) { - printf("No signing keys found in keychain.\n"); - return errSecItemNotFound; - } - else { - /* found at least one; proceed */ - break; - } - default: - cssmPerror("SecIdentitySearchCopyNext", (CSSM_RETURN)ortn); - printf("Cannot find signing key in keychain.\n"); - return ortn; - } - - /* - * If there is just one, use it without asking - */ - CFIndex whichId; - if(CFArrayGetCount(idArray) == 1) { - whichId = 0; - } - else { - whichId = pickIdent(idArray); - if(whichId < 0) { - return CSSMERR_CSSM_USER_CANCELED; - } - } - - /* keep this one, free the rest */ - identity = (SecIdentityRef)CFArrayGetValueAtIndex(idArray, whichId); - CFRetain(identity); - CFRelease(idArray); - *ident = identity; - return noErr; -} - -OSStatus sslIdentPicker( - SecKeychainRef kcRef, // NULL means use default list - SecCertificateRef trustedAnchor, // optional additional trusted anchor - bool includeRoot, // true --> root is appended to outArray - // false --> root not included - const CSSM_OID *vfyPolicy, // optional - if NULL, use SSL - CFArrayRef *outArray) // created and RETURNED -{ - OSStatus ortn; - SecIdentityRef identity; - - ortn = sslSimpleIdentPicker(kcRef, &identity); - if(ortn) { - return ortn; - } - return sslCompleteCertChain(identity, trustedAnchor, includeRoot, - vfyPolicy, outArray); -} - diff --git a/SecurityTests/clxutils/clAppUtils/identPicker.h b/SecurityTests/clxutils/clAppUtils/identPicker.h deleted file mode 100644 index 5b137cc0..00000000 --- a/SecurityTests/clxutils/clAppUtils/identPicker.h +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright (c) 2003-2007 Apple Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - * identPicker.h - Given a keychain, select from possible multiple - * SecIdentityRefs via stdio UI, and cook up a - * CFArray containing that identity and all certs needed - * for cert verification by an SSL peer. The resulting - * CFArrayRef is suitable for passing to SSLSetCertificate(). - */ - -#ifndef _IDENT_PICKER_H_ -#define _IDENT_PICKER_H_ - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Get the final term of a keychain's path as a C string. Caller must free() - * the result. - */ -char *kcFileName( - SecKeychainRef kcRef); - -/* - * Obtain the printable name of a SecKeychainItemRef as a C string. - * Caller must free() the result. - */ -char *kcItemPrintableName( - SecKeychainItemRef itemRef); - -/* - * Obtain the final term of a keychain item's keychain path as a C string. - * Caller must free() the result. - * May well return NULL indicating the item has no keychain (e.g. az floating cert). - */ -char *kcItemKcFileName(SecKeychainItemRef itemRef); - -/* - * Safe gets(). - * -- guaranteed no buffer overflow - * -- guaranteed NULL-terminated string - * -- handles empty string (i.e., response is just CR) properly - */ -void getString( - char *buf, - unsigned bufSize); - -/* - * IdentityPicker, returns full cert chain, optionally including root. - */ -OSStatus sslIdentPicker( - SecKeychainRef kc, // NULL means use default list - SecCertificateRef trustedAnchor, // optional additional trusted anchor - bool includeRoot, // true --> root is appended to outArray - // false --> root not included - const CSSM_OID *vfyPolicy, // optional - if NULL, use SSL - CFArrayRef *outArray); // created and RETURNED - -/* - * Simple version, just returns a SecIdentityRef. - */ -OSStatus sslSimpleIdentPicker( - SecKeychainRef kc, // NULL means use default list - SecIdentityRef *ident); // RETURNED - -#ifdef __cplusplus -} -#endif - -#endif /* _IDENT_PICKER_H_ */ - diff --git a/SecurityTests/clxutils/clAppUtils/ioSock.c b/SecurityTests/clxutils/clAppUtils/ioSock.c deleted file mode 100644 index 1a3d5e98..00000000 --- a/SecurityTests/clxutils/clAppUtils/ioSock.c +++ /dev/null @@ -1,480 +0,0 @@ -/* - * io_sock.c - SecureTransport sample I/O module, X sockets version - */ - -#include "ioSock.h" -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -/* debugging for this module */ -#define SSL_OT_DEBUG 1 - -/* log errors to stdout */ -#define SSL_OT_ERRLOG 1 - -/* trace all low-level network I/O */ -#define SSL_OT_IO_TRACE 0 - -/* if SSL_OT_IO_TRACE, only log non-zero length transfers */ -#define SSL_OT_IO_TRACE_NZ 1 - -/* pause after each I/O (only meaningful if SSL_OT_IO_TRACE == 1) */ -#define SSL_OT_IO_PAUSE 0 - -/* print a stream of dots while I/O pending */ -#define SSL_OT_DOT 1 - -/* dump some bytes of each I/O (only meaningful if SSL_OT_IO_TRACE == 1) */ -#define SSL_OT_IO_DUMP 0 -#define SSL_OT_IO_DUMP_SIZE 1024 - -/* indicate errSSLWouldBlock with a '.' */ -#define SSL_DISPL_WOULD_BLOCK 0 - -/* general, not-too-verbose debugging */ -#if SSL_OT_DEBUG -#define dprintf(s) printf s -#else -#define dprintf(s) -#endif - -/* errors --> stdout */ -#if SSL_OT_ERRLOG -#define eprintf(s) printf s -#else -#define eprintf(s) -#endif - -/* trace completion of every r/w */ -#if SSL_OT_IO_TRACE -static void tprintf( - const char *str, - UInt32 req, - UInt32 act, - const UInt8 *buf) -{ - #if SSL_OT_IO_TRACE_NZ - if(act == 0) { - return; - } - #endif - printf("%s(%u): moved (%u) bytes\n", str, (unsigned)req, (unsigned)act); - #if SSL_OT_IO_DUMP - { - unsigned i; - - for(i=0; i= (SSL_OT_IO_DUMP_SIZE - 1)) { - break; - } - if((i % 32) == 31) { - putchar('\n'); - } - } - printf("\n"); - } - #endif - #if SSL_OT_IO_PAUSE - { - char instr[20]; - printf("CR to continue: "); - gets(instr); - } - #endif -} - -#else -#define tprintf(str, req, act, buf) -#endif /* SSL_OT_IO_TRACE */ - -/* - * If SSL_OT_DOT, output a '.' every so often while waiting for - * connection. This gives user a chance to do something else with the - * UI. - */ - -#if SSL_OT_DOT - -static time_t lastTime = (time_t)0; -#define TIME_INTERVAL 3 - -static void outputDot() -{ - time_t thisTime = time(0); - - if((thisTime - lastTime) >= TIME_INTERVAL) { - printf("."); fflush(stdout); - lastTime = thisTime; - } -} -#else -#define outputDot() -#endif - - -/* - * One-time only init. - */ -void initSslOt() -{ - -} - -/* - * Connect to server. - */ -#define GETHOST_RETRIES 3 - -OSStatus MakeServerConnection( - const char *hostName, - int port, - int nonBlocking, // 0 or 1 - otSocket *socketNo, // RETURNED - PeerSpec *peer) // RETURNED -{ - struct sockaddr_in addr; - struct hostent *ent; - struct in_addr host; - int sock = 0; - - *socketNo = NULL; - if (hostName[0] >= '0' && hostName[0] <= '9') - { - host.s_addr = inet_addr(hostName); - } - else { - unsigned dex; - /* seeing a lot of soft failures here that I really don't want to track down */ - for(dex=0; dexh_addr, sizeof(struct in_addr)); - } - sock = socket(AF_INET, SOCK_STREAM, 0); - addr.sin_addr = host; - addr.sin_port = htons((u_short)port); - - addr.sin_family = AF_INET; - if (connect(sock, (struct sockaddr *) &addr, sizeof(struct sockaddr_in)) != 0) - { printf("connect returned error\n"); - return ioErr; - } - - if(nonBlocking) { - /* OK to do this after connect? */ - int rtn = fcntl(sock, F_SETFL, O_NONBLOCK); - if(rtn == -1) { - perror("fctnl(O_NONBLOCK)"); - return ioErr; - } - } - - peer->ipAddr = addr.sin_addr.s_addr; - peer->port = htons((u_short)port); - *socketNo = (otSocket)sock; - return noErr; -} - -/* - * Set up an otSocket to listen for client connections. Call once, then - * use multiple AcceptClientConnection calls. - */ -OSStatus ListenForClients( - int port, - int nonBlocking, // 0 or 1 - otSocket *socketNo) // RETURNED -{ - struct sockaddr_in addr; - struct hostent *ent; - int len; - int sock; - - sock = socket(AF_INET, SOCK_STREAM, 0); - if(sock < 1) { - perror("socket"); - return ioErr; - } - - ent = gethostbyname("localhost"); - if (!ent) { - perror("gethostbyname"); - return ioErr; - } - memcpy(&addr.sin_addr, ent->h_addr, sizeof(struct in_addr)); - - addr.sin_port = htons((u_short)port); - addr.sin_addr.s_addr = INADDR_ANY; - addr.sin_family = AF_INET; - len = sizeof(struct sockaddr_in); - if (bind(sock, (struct sockaddr *) &addr, len)) { - int theErr = errno; - perror("bind"); - if(theErr == EADDRINUSE) { - return opWrErr; - } - else { - return ioErr; - } - } - if(nonBlocking) { - int rtn = fcntl(sock, F_SETFL, O_NONBLOCK); - if(rtn == -1) { - perror("fctnl(O_NONBLOCK)"); - return ioErr; - } - } - - for(;;) { - int rtn = listen(sock, 1); - switch(rtn) { - case 0: - *socketNo = (otSocket)sock; - rtn = noErr; - break; - case EWOULDBLOCK: - continue; - default: - perror("listen"); - rtn = ioErr; - break; - } - return rtn; - } - /* NOT REACHED */ - return 0; -} - -/* - * Accept a client connection. - */ - -/* - * Currently we always get back a different peer port number on successive - * connections, no matter what the client is doing. To test for resumable - * session support, force peer port = 0. - */ -#define FORCE_ACCEPT_PEER_PORT_ZERO 1 - -OSStatus AcceptClientConnection( - otSocket listenSock, // obtained from ListenForClients - otSocket *acceptSock, // RETURNED - PeerSpec *peer) // RETURNED -{ - struct sockaddr_in addr; - int sock; - socklen_t len; - - len = sizeof(struct sockaddr_in); - do { - sock = accept((int)listenSock, (struct sockaddr *) &addr, &len); - if (sock < 0) { - if(errno == EAGAIN) { - /* nonblocking, no connection yet */ - continue; - } - else { - perror("accept"); - return ioErr; - } - } - else { - break; - } - } while(1); - *acceptSock = (otSocket)sock; - peer->ipAddr = addr.sin_addr.s_addr; - #if FORCE_ACCEPT_PEER_PORT_ZERO - peer->port = 0; - #else - peer->port = ntohs(addr.sin_port); - #endif - return noErr; -} - -/* - * Shut down a connection. - */ -void endpointShutdown( - otSocket socket) -{ - close((int)socket); -} - -/* - * R/W. Called out from SSL. - */ -OSStatus SocketRead( - SSLConnectionRef connection, - void *data, /* owned by - * caller, data - * RETURNED */ - size_t *dataLength) /* IN/OUT */ -{ - UInt32 bytesToGo = *dataLength; - UInt32 initLen = bytesToGo; - UInt8 *currData = (UInt8 *)data; - int sock = (int)((long)connection); - OSStatus rtn = noErr; - UInt32 bytesRead; - ssize_t rrtn; - - *dataLength = 0; - - for(;;) { - bytesRead = 0; - /* paranoid check, ensure errno is getting written */ - errno = -555; - rrtn = recv(sock, currData, bytesToGo, 0); - if (rrtn <= 0) { - if(rrtn == 0) { - /* closed, EOF */ - rtn = errSSLClosedGraceful; - break; - } - int theErr = errno; - switch(theErr) { - case ENOENT: - /* - * Undocumented but I definitely see this. - * Non-blocking sockets only. Definitely retriable - * just like an EAGAIN. - */ - dprintf(("SocketRead RETRYING on ENOENT, rrtn %d\n", - (int)rrtn)); - /* normal... */ - //rtn = errSSLWouldBlock; - /* ...for temp testing.... */ - rtn = ioErr; - break; - case ECONNRESET: - /* explicit peer abort */ - rtn = errSSLClosedAbort; - break; - case EAGAIN: - /* nonblocking, no data */ - rtn = errSSLWouldBlock; - break; - default: - dprintf(("SocketRead: read(%u) error %d, rrtn %d\n", - (unsigned)bytesToGo, theErr, (int)rrtn)); - rtn = ioErr; - break; - } - /* in any case, we're done with this call if rrtn <= 0 */ - break; - } - bytesRead = rrtn; - bytesToGo -= bytesRead; - currData += bytesRead; - - if(bytesToGo == 0) { - /* filled buffer with incoming data, done */ - break; - } - } - *dataLength = initLen - bytesToGo; - tprintf("SocketRead", initLen, *dataLength, (UInt8 *)data); - - #if SSL_OT_DOT || (SSL_OT_DEBUG && !SSL_OT_IO_TRACE) - if((rtn == 0) && (*dataLength == 0)) { - /* keep UI alive */ - outputDot(); - } - #endif - #if SSL_DISPL_WOULD_BLOCK - if(rtn == errSSLWouldBlock) { - printf("."); fflush(stdout); - } - #endif - return rtn; -} - -int oneAtATime = 0; - -OSStatus SocketWrite( - SSLConnectionRef connection, - const void *data, - size_t *dataLength) /* IN/OUT */ -{ - size_t bytesSent = 0; - int sock = (int)((long)connection); - int length; - size_t dataLen = *dataLength; - const UInt8 *dataPtr = (UInt8 *)data; - OSStatus ortn; - - if(oneAtATime && (*dataLength > 1)) { - size_t i; - size_t outLen; - size_t thisMove; - - outLen = 0; - for(i=0; i 0) && - ( (bytesSent += length) < dataLen) ); - - if(length <= 0) { - int theErr = errno; - switch(theErr) { - case EAGAIN: - ortn = errSSLWouldBlock; break; - case EPIPE: - /* as of Leopard 9A312 or so, the error formerly seen as EPIPE is - * now reported as ECONNRESET. This happens when we're catching - * SIGPIPE and we write to a socket which has been closed by the peer. - */ - case ECONNRESET: - ortn = errSSLClosedAbort; break; - default: - dprintf(("SocketWrite: write(%u) error %d\n", - (unsigned)(dataLen - bytesSent), theErr)); - ortn = ioErr; - break; - } - } - else { - ortn = noErr; - } - tprintf("SocketWrite", dataLen, bytesSent, dataPtr); - *dataLength = bytesSent; - return ortn; -} diff --git a/SecurityTests/clxutils/clAppUtils/ioSock.h b/SecurityTests/clxutils/clAppUtils/ioSock.h deleted file mode 100644 index c01f8f11..00000000 --- a/SecurityTests/clxutils/clAppUtils/ioSock.h +++ /dev/null @@ -1,88 +0,0 @@ -/* - * ioSock.h - socket-based I/O routines for SecureTransport tests - */ - -#ifndef _IO_SOCK_H_ -#define _IO_SOCK_H_ - -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Opaque reference to an Open Transport connection. - */ -typedef int otSocket; - -/* - * info about a peer returned from MakeServerConnection() and - * AcceptClientConnection(). - */ -typedef struct -{ UInt32 ipAddr; - int port; -} PeerSpec; - -/* - * Ont-time only init. - */ -void initSslOt(); - -/* - * Connect to server. - */ -extern OSStatus MakeServerConnection( - const char *hostName, - int port, - int nonBlocking, // 0 or 1 - otSocket *socketNo, // RETURNED - PeerSpec *peer); // RETURNED - -/* - * Set up an otSocket to listen for client connections. Call once, then - * use multiple AcceptClientConnection calls. - */ -OSStatus ListenForClients( - int port, - int nonBlocking, // 0 or 1 - otSocket *socketNo); // RETURNED - -/* - * Accept a client connection. Call endpointShutdown() for each successful; - * return from this function. - */ -OSStatus AcceptClientConnection( - otSocket listenSock, // obtained from ListenForClients - otSocket *acceptSock, // RETURNED - PeerSpec *peer); // RETURNED - -/* - * Shut down a connection. - */ -void endpointShutdown( - otSocket socket); - -/* - * R/W. Called out from SSL. - */ -OSStatus SocketRead( - SSLConnectionRef connection, - void *data, /* owned by - * caller, data - * RETURNED */ - size_t *dataLength); /* IN/OUT */ - -OSStatus SocketWrite( - SSLConnectionRef connection, - const void *data, - size_t *dataLength); /* IN/OUT */ - -#ifdef __cplusplus -} -#endif - -#endif /* _IO_SOCK_H_ */ diff --git a/SecurityTests/clxutils/clAppUtils/keyPicker.cpp b/SecurityTests/clxutils/clAppUtils/keyPicker.cpp deleted file mode 100644 index a8bbf5f0..00000000 --- a/SecurityTests/clxutils/clAppUtils/keyPicker.cpp +++ /dev/null @@ -1,365 +0,0 @@ -/* - * Copyright (c) 2004-2006 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/* - * keyPicker.cpp - select a key pair from a keychain - */ - -#include "keyPicker.h" -#include -#include -#include -#include -#include /* for kcFileName() */ -#include - -/* - * Obtain either public key hash or PrintName for a given SecKeychainItem. Works on public keys, - * private keys, identities, and certs. Caller must release the returned result. - */ -OSStatus getKcItemAttr( - SecKeychainItemRef kcItem, - WhichAttr whichAttr, - CFDataRef *rtnAttr) /* RETURNED */ -{ - /* main job is to figure out which attrType to ask for, and from what Sec item */ - SecKeychainItemRef attrFromThis; - SecKeychainAttrType attrType = 0; - OSStatus ortn; - bool releaseKcItem = false; - - CFTypeID cfId = CFGetTypeID(kcItem); - if(cfId == SecIdentityGetTypeID()) { - /* switch over to cert */ - ortn = SecIdentityCopyCertificate((SecIdentityRef)kcItem, - (SecCertificateRef *)&attrFromThis); - if(ortn) - cssmPerror("SecIdentityCopyCertificate", ortn); - return ortn; - kcItem = attrFromThis; - releaseKcItem = true; - cfId = SecCertificateGetTypeID(); - } - - if(cfId == SecCertificateGetTypeID()) { - switch(whichAttr) { - case WA_Hash: - attrType = kSecPublicKeyHashItemAttr; - break; - case WA_PrintName: - attrType = kSecLabelItemAttr; - break; - default: - printf("getKcItemAttr: WhichAttr\n"); - return paramErr; - } - } - else if(cfId == SecKeyGetTypeID()) { - switch(whichAttr) { - case WA_Hash: - attrType = kSecKeyLabel; - break; - case WA_PrintName: - attrType = kSecKeyPrintName; - break; - default: - printf("getKcItemAttr: WhichAttr\n"); - return paramErr; - } - } - - SecKeychainAttributeInfo attrInfo; - attrInfo.count = 1; - attrInfo.tag = &attrType; - attrInfo.format = NULL; // ??? - SecKeychainAttributeList *attrList = NULL; - - ortn = SecKeychainItemCopyAttributesAndData( - kcItem, - &attrInfo, - NULL, // itemClass - &attrList, - NULL, // don't need the data - NULL); - if(releaseKcItem) { - CFRelease(kcItem); - } - if(ortn) { - cssmPerror("SecKeychainItemCopyAttributesAndData", ortn); - return paramErr; - } - SecKeychainAttribute *attr = attrList->attr; - *rtnAttr = CFDataCreate(NULL, (UInt8 *)attr->data, attr->length); - SecKeychainItemFreeAttributesAndData(attrList, NULL); - return noErr; -} - -/* - * Class representing one key in the keychain. - */ -class PickerKey -{ -public: - PickerKey(SecKeyRef keyRef); - ~PickerKey(); - - bool isUsed() { return mIsUsed;} - void isUsed(bool u) { mIsUsed = u; } - bool isPrivate() { return mIsPrivate; } - CFDataRef getPrintName() { return mPrintName; } - CFDataRef getPubKeyHash() { return mPubKeyHash; } - SecKeyRef keyRef() { return mKeyRef; } - - PickerKey *partnerKey() { return mPartner; } - void partnerKey(PickerKey *pk) { mPartner = pk; } - char *kcFile() { return mKcFile; } - -private: - SecKeyRef mKeyRef; - CFDataRef mPrintName; - CFDataRef mPubKeyHash; - bool mIsPrivate; // private/public key - bool mIsUsed; // has been spoken for - PickerKey *mPartner; // other member of public/private pair - char *mKcFile; // file name of keychain this lives on -}; - -PickerKey::PickerKey(SecKeyRef keyRef) - : mKeyRef(NULL), - mPrintName(NULL), - mPubKeyHash(NULL), - mIsPrivate(false), - mIsUsed(false), - mPartner(NULL), - mKcFile(NULL) -{ - if(CFGetTypeID(keyRef) != SecKeyGetTypeID()) { - throw std::invalid_argument("not a key"); - } - - OSStatus ortn = getKcItemAttr((SecKeychainItemRef)keyRef, WA_Hash, &mPubKeyHash); - if(ortn) { - throw std::invalid_argument("pub key hash not available"); - } - ortn = getKcItemAttr((SecKeychainItemRef)keyRef, WA_PrintName, &mPrintName); - if(ortn) { - throw std::invalid_argument("pub key hash not available"); - } - - const CSSM_KEY *cssmKey; - ortn = SecKeyGetCSSMKey(keyRef, &cssmKey); - if(ortn) { - /* should never happen */ - cssmPerror("SecKeyGetCSSMKey", ortn); - throw std::invalid_argument("SecKeyGetCSSMKey error"); - } - if(cssmKey->KeyHeader.KeyClass == CSSM_KEYCLASS_PRIVATE_KEY) { - mIsPrivate = true; - } - - /* stash name of the keychain this lives on */ - SecKeychainRef kcRef; - ortn = SecKeychainItemCopyKeychain((SecKeychainItemRef)keyRef, &kcRef); - if(ortn) { - cssmPerror("SecKeychainItemCopyKeychain", ortn); - mKcFile = strdup("Unnamed keychain"); - } - else { - mKcFile = kcFileName(kcRef); - } - - mKeyRef = keyRef; - CFRetain(mKeyRef); -} - -PickerKey::~PickerKey() -{ - if(mKeyRef) { - CFRelease(mKeyRef); - } - if(mPubKeyHash) { - CFRelease(mPubKeyHash); - } - if(mPrintName) { - CFRelease(mPrintName); - } - if(mKcFile) { - free(mKcFile); - } -} - -typedef std::vector KeyVector; - -/* - * add PickerKey objects of specified type to a KeyVector. - */ -static void getPickerKeys( - SecKeychainRef kcRef, - SecItemClass itemClass, // actually CSSM_DL_DB_RECORD_{PRIVATE,PRIVATE}_KEY for now - KeyVector &keyVector) -{ - SecKeychainSearchRef srchRef = NULL; - SecKeychainItemRef kcItem; - - OSStatus ortn = SecKeychainSearchCreateFromAttributes(kcRef, - itemClass, - NULL, // any attrs - &srchRef); - if(ortn) { - cssmPerror("SecKeychainSearchCreateFromAttributes", ortn); - return; - } - do { - ortn = SecKeychainSearchCopyNext(srchRef, &kcItem); - if(ortn) { - break; - } - try { - PickerKey *pickerKey = new PickerKey((SecKeyRef)kcItem); - keyVector.push_back(pickerKey); - } - catch(...) { - printf("**** key item that failed PickerKey construct ***\n"); - /* but keep going */ - } - } while(ortn == noErr); - CFRelease(srchRef); -} - -/* - * Print contents of a CFData assuming it's printable - */ -static void printCfData(CFDataRef cfd) -{ - CFIndex len = CFDataGetLength(cfd); - const UInt8 *cp = CFDataGetBytePtr(cfd); - for(CFIndex dex=0; dex privKeys; - std::vector pubKeys; - getPickerKeys(kcRef, CSSM_DL_DB_RECORD_PRIVATE_KEY, privKeys); - getPickerKeys(kcRef, CSSM_DL_DB_RECORD_PUBLIC_KEY, pubKeys); - - /* now interate thru private keys, looking for a partner for each one */ - int numPairs = 0; - unsigned numPrivKeys = privKeys.size(); - unsigned numPubKeys = pubKeys.size(); - - for(unsigned privDex=0; privDexgetPubKeyHash(); - for(unsigned pubDex=0; pubDexisUsed()) { - /* already spoken for */ - continue; - } - if(!CFEqual(privHash, pubPk->getPubKeyHash())) { - /* public key hashes don't match */ - continue; - } - - /* got a match */ - pubPk->partnerKey(privPk); - privPk->partnerKey(pubPk); - pubPk->isUsed(true); - privPk->isUsed(true); - - /* display */ - printf("[%d] privKey : ", numPairs); printCfData(privPk->getPrintName()); printf("\n"); - printf(" pubKey : "); printCfData(pubPk->getPrintName());printf("\n"); - printf(" keychain : %s\n", privPk->kcFile()); - - numPairs++; - } - } - - if(numPairs == 0) { - printf("*** keyPicker: no key pairs found.\n"); - return paramErr; - } - - OSStatus ortn = noErr; - int ires; - while(1) { - fpurge(stdin); - printf("\nEnter key pair number or CR to quit : "); - fflush(stdout); - char resp[64]; - getString(resp, sizeof(resp)); - if(resp[0] == '\0') { - ortn = CSSMERR_CSSM_USER_CANCELED; - break; - } - ires = atoi(resp); - if((ires < 0) || (ires >= numPairs)) { - printf("***Invalid entry. Type a number between 0 and %d\n", numPairs-1); - continue; - } - break; - } - - if(ortn == noErr) { - /* find the ires'th partnered private key */ - int goodOnes = 0; - for(unsigned privDex=0; privDexisUsed()) { - continue; - } - if(goodOnes == ires) { - /* this is it */ - *privKey = privPk->keyRef(); - *pubKey = privPk->partnerKey()->keyRef(); - } - goodOnes++; - } - } - - /* clean out PickerKey arrays */ - for(unsigned privDex=0; privDex - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Obtain either public key hash or PrintName for a given SecKeychainItem. Works on public keys, - * private keys, identities, and certs. Caller must release the returned result. - */ -typedef enum { - WA_Hash, - WA_PrintName -} WhichAttr; - -OSStatus getKcItemAttr( - SecKeychainItemRef kcItem, - WhichAttr whichAttr, - CFDataRef *rtnAttr); // RETURNED - -OSStatus keyPicker( - SecKeychainRef kcRef, // NULL means the default list - SecKeyRef *pubKey, // RETURNED - SecKeyRef *privKey); // RETURNED - - -#ifdef __cplusplus -} -#endif - -#endif /* _KEY_PICKER_H_ */ - diff --git a/SecurityTests/clxutils/clAppUtils/printCertName.cpp b/SecurityTests/clxutils/clAppUtils/printCertName.cpp deleted file mode 100644 index 2069ed11..00000000 --- a/SecurityTests/clxutils/clAppUtils/printCertName.cpp +++ /dev/null @@ -1,186 +0,0 @@ -#include -#include "printCertName.h" -#include -#include - -static CSSM_CL_HANDLE gClHand = 0; - -static CSSM_CL_HANDLE getClHand() -{ - if(gClHand) { - return gClHand; - } - gClHand = clStartup(); - return gClHand; -} - -static void printString( - const CSSM_DATA *str) -{ - unsigned i; - char *cp = (char *)str->Data; - for(i=0; iLength; i++) { - printf("%c", *cp++); - } - printf("\n"); -} - -static void printData( - const CSSM_DATA *cd) -{ - for(unsigned dex=0; dexLength; dex++) { - printf("%02X", cd->Data[dex]); - if((dex % 4) == 3) { - printf(" "); - } - } - printf("\n"); -} - -/* - * Print an CSSM_X509_TYPE_VALUE_PAIR - */ -static void printAtv( - const CSSM_X509_TYPE_VALUE_PAIR_PTR atv) -{ - const CSSM_OID *oid = &atv->type; - const char *fieldName = "Other"; - if(appCompareCssmData(oid, &CSSMOID_CountryName)) { - fieldName = "Country "; - } - else if(appCompareCssmData(oid, &CSSMOID_OrganizationName)) { - fieldName = "Org "; - } - else if(appCompareCssmData(oid, &CSSMOID_LocalityName)) { - fieldName = "Locality "; - } - else if(appCompareCssmData(oid, &CSSMOID_OrganizationalUnitName)) { - fieldName = "OrgUnit "; - } - else if(appCompareCssmData(oid, &CSSMOID_CommonName)) { - fieldName = "Common Name "; - } - else if(appCompareCssmData(oid, &CSSMOID_Surname)) { - fieldName = "Surname "; - } - else if(appCompareCssmData(oid, &CSSMOID_Title)) { - fieldName = "Title "; - } - else if(appCompareCssmData(oid, &CSSMOID_Surname)) { - fieldName = "Surname "; - } - else if(appCompareCssmData(oid, &CSSMOID_StateProvinceName)) { - fieldName = "State "; - } - else if(appCompareCssmData(oid, &CSSMOID_CollectiveStateProvinceName)) { - fieldName = "Coll. State "; - } - else if(appCompareCssmData(oid, &CSSMOID_EmailAddress)) { - /* deprecated, used by Thawte */ - fieldName = "Email addrs "; - } - else { - fieldName = "Other name "; - } - printf(" %s : ", fieldName); - switch(atv->valueType) { - case BER_TAG_PRINTABLE_STRING: - case BER_TAG_IA5_STRING: - case BER_TAG_T61_STRING: // mostly printable.... - case BER_TAG_PKIX_UTF8_STRING: // ditto - printString(&atv->value); - break; - default: - printData(&atv->value); - break; - } -} - -/* - * Print contents of a CSSM_X509_NAME. - */ -static void printName( - const char *title, - const CSSM_X509_NAME *name) -{ - printf(" %s:\n", title); - unsigned numRdns = name->numberOfRDNs; - for(unsigned rdnDex=0; rdnDexRelativeDistinguishedName[rdnDex]; - unsigned numAtvs = rdn->numberOfPairs; - for(unsigned atvDex=0; atvDexAttributeTypeAndValue[atvDex]); - } - } -} - -static void printOneCertName( - CSSM_CL_HANDLE clHand, - CSSM_HANDLE cacheHand, - const char *title, - const CSSM_OID *oid) -{ - CSSM_HANDLE resultHand = 0; - CSSM_DATA_PTR field = NULL; - uint32 numFields; - CSSM_RETURN crtn; - - crtn = CSSM_CL_CertGetFirstCachedFieldValue(clHand, cacheHand, - oid, &resultHand, &numFields, &field); - if(crtn) { - printf("***Error parsing cert\n"); - cssmPerror("CSSM_CL_CertGetFirstCachedFieldValue", crtn); - return; - } - printName(title, (CSSM_X509_NAME_PTR)field->Data); - CSSM_CL_FreeFieldValue(clHand, oid, field); - CSSM_CL_CertAbortQuery(clHand, resultHand); -} - -/* - * Print subject and/or issuer of a cert. - */ -void printCertName( - const unsigned char *cert, - unsigned certLen, - WhichName whichName) -{ - CSSM_CL_HANDLE clHand = getClHand(); - CSSM_HANDLE cacheHand; - CSSM_DATA certData = {certLen, (uint8 *)cert}; - CSSM_RETURN crtn; - bool printSubj = false; - bool printIssuer = false; - - switch(whichName) { - case NameBoth: - printSubj = true; - printIssuer = true; - break; - case NameSubject: - printSubj = true; - break; - case NameIssuer: - printIssuer = true; - break; - default: - printf("***BRRZAP! Illegal whichName argument\n"); - return; - } - - crtn = CSSM_CL_CertCache(clHand, &certData, &cacheHand); - if(crtn) { - printf("***Error parsing cert\n"); - cssmPerror("CSSM_CL_CertCache", crtn); - return; - } - - if(printSubj) { - printOneCertName(clHand, cacheHand, "Subject", &CSSMOID_X509V1SubjectNameCStruct); - } - if(printIssuer) { - printOneCertName(clHand, cacheHand, "Issuer", &CSSMOID_X509V1IssuerNameCStruct); - } - CSSM_CL_CertAbortCache(clHand, cacheHand); - return; -} diff --git a/SecurityTests/clxutils/clAppUtils/printCertName.h b/SecurityTests/clxutils/clAppUtils/printCertName.h deleted file mode 100644 index bbae5140..00000000 --- a/SecurityTests/clxutils/clAppUtils/printCertName.h +++ /dev/null @@ -1,27 +0,0 @@ -#ifndef _PRINT_CERT_NAME_H_ -#define _PRINT_CERT_NAME_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Print subject and/or issuer of a cert. - */ -typedef enum { - NameBoth = 0, - NameSubject, - NameIssuer -} WhichName; - -extern void printCertName( - const unsigned char *cert, - unsigned certLen, - WhichName whichName); - -#ifdef __cplusplus -} -#endif - -#endif /* _PRINT_CERT_NAME_H_ */ - diff --git a/SecurityTests/clxutils/clAppUtils/ringBufferIo.cpp b/SecurityTests/clxutils/clAppUtils/ringBufferIo.cpp deleted file mode 100644 index 8a4b8bb0..00000000 --- a/SecurityTests/clxutils/clAppUtils/ringBufferIo.cpp +++ /dev/null @@ -1,330 +0,0 @@ -/* - * Ring buffer I/O for sslThroughput test. - */ - -#include "ringBufferIo.h" -#include -#include -#include -#include - -/* synchronizes multi-threaded access to printf() */ -pthread_mutex_t printfMutex = PTHREAD_MUTEX_INITIALIZER; - -/* initialize a RingBuffer */ -void ringBufSetup( - RingBuffer *ring, - const char *bufName, - size_t numElements, - size_t bufSize) -{ - unsigned dex; - - memset(ring, 0, sizeof(*ring)); - ring->numElements = numElements; - ring->elements = (RingElement *)malloc(sizeof(RingElement) * numElements); - memset(ring->elements, 0, sizeof(RingElement) * numElements); - for(dex=0; dexelements[dex]; - elt->buf = (unsigned char *)malloc(bufSize); - elt->capacity = bufSize; - } - ring->writerDex = 0; - ring->readerDex = 0; - ring->bufName = bufName; -} - -#define LOG_RING 0 -#define LOG_RING_DUMP 0 -#if LOG_RING - -static void logRingWrite( - RingBuffer *ring, - size_t written, - unsigned dex, - void *from) -{ - pthread_mutex_lock(&printfMutex); - printf("+++ wrote %4u bytes to %s buf %2u\n", - (unsigned)written, ring->bufName, dex); - #if LOG_RING_DUMP - { - unsigned i; - unsigned char *cp = (unsigned char *)from; - - for(i=0; ibufName, dex); - #if LOG_RING_DUMP - { - unsigned i; - unsigned char *cp = (unsigned char *)to; - - for(i=0; ibufName, dex); - pthread_mutex_unlock(&printfMutex); -} - -static void logRingClose( - RingBuffer *ring, - char *readerOrWriter) -{ - pthread_mutex_lock(&printfMutex); - printf("=== %s CLOSED by %s\n", - ring->bufName, readerOrWriter); - pthread_mutex_unlock(&printfMutex); -} - -static void logRingReset( - RingBuffer *ring) -{ - pthread_mutex_lock(&printfMutex); - printf("=== %s RESET\n", ring->bufName); - pthread_mutex_unlock(&printfMutex); -} - -#else /* LOG_RING */ -#define logRingWrite(r, w, d, t) -#define logRingRead(r, b, d, t) -#define logRingStall(r, row, d) -#define logRingClose(r, row) -#define logRingReset(r) -#endif /* LOG_RING */ - -void ringBufferReset( - RingBuffer *ring) -{ - unsigned dex; - for(dex=0; dexnumElements; dex++) { - RingElement *elt = &ring->elements[dex]; - elt->validBytes = 0; - elt->readOffset = 0; - } - ring->writerDex = 0; - ring->readerDex = 0; - ring->closed = false; - logRingReset(ring); -} - -/* - * The "I/O" callbacks for SecureTransport. - * The SSLConnectionRef is a RingBuffers *. - */ -OSStatus ringReadFunc( - SSLConnectionRef connRef, - void *data, - size_t *dataLen) /* IN/OUT */ -{ - RingBuffer *ring = ((RingBuffers *)connRef)->rdBuf; - - if(ring->writerDex == ring->readerDex) { - if(ring->closed) { - /* - * Handle race condition: we saw a stall, then writer filled a - * RingElement and then set closed. Make sure we read the data before - * handling the close event. - */ - if(ring->writerDex == ring->readerDex) { - /* writer closed: ECONNRESET */ - *dataLen = 0; - return errSSLClosedAbort; - } - /* else proceed to read data */ - } - else { - /* read stalled, writer thread is writing to our next element */ - *dataLen = 0; - return errSSLWouldBlock; - } - } - - unsigned char *outp = (unsigned char *)data; - size_t toMove = *dataLen; - size_t haveMoved = 0; - - /* we own ring->elements[ring->readerDex] */ - do { - /* - * Read as much data as there is in the buffer, or - * toMove, whichever is less - */ - RingElement *elt = &ring->elements[ring->readerDex]; - size_t thisMove = elt->validBytes; - if(thisMove > toMove) { - thisMove = toMove; - } - memmove(outp, elt->buf + elt->readOffset, thisMove); - logRingRead(ring, thisMove, ring->readerDex, outp); - if(thisMove == 0) { - /* should never happen */ - printf("***thisMove 0!\n"); - return internalComponentErr; - } - elt->validBytes -= thisMove; - elt->readOffset += thisMove; - toMove -= thisMove; - haveMoved += thisMove; - outp += thisMove; - - if(elt->validBytes == 0) { - /* - * End of this buffer - advance to next one and keep going if it's - * not in use - */ - unsigned nextDex; - elt->readOffset = 0; - /* increment and wrap must be atomic from the point of - * view of readerDex */ - nextDex = ring->readerDex + 1; - if(nextDex == ring->numElements) { - nextDex = 0; - } - ring->readerDex = nextDex; - } - if(toMove == 0) { - /* caller got what they want */ - break; - } - if(ring->readerDex == ring->writerDex) { - logRingStall(ring, "reader ", ring->readerDex); - /* stalled */ - break; - } - } while(toMove); - - OSStatus ortn = noErr; - if(haveMoved != *dataLen) { - if((haveMoved == 0) && ring->closed) { - /* writer closed: ECONNRESET */ - ortn = errSSLClosedAbort; - } - else { - ortn = errSSLWouldBlock; - } - } - *dataLen = haveMoved; - return ortn; -} - -/* - * This never returns errSSLWouldBlock - we block (spinning) if - * we stall because we run into the reader's element. - * Also, each call to this function uses up at least one - * RingElement - we don't coalesce multiple writes into one - * RingElement. - * - * On entry, writerDex is the element we're going to write to. - * On exit, writerDex is the element we're going to write to next, - * and we might stall before we update it as such. - */ -OSStatus ringWriteFunc( - SSLConnectionRef connRef, - const void *data, - size_t *dataLen) /* IN/OUT */ -{ - RingBuffer *ring = ((RingBuffers *)connRef)->wrtBuf; - unsigned char *inp = (unsigned char *)data; - size_t toMove = *dataLen; - size_t haveMoved = 0; - unsigned nextDex; - OSStatus ortn = noErr; - - /* we own ring->elements[ring->writerDex] */ - do { - RingElement *elt = &ring->elements[ring->writerDex]; - elt->validBytes = 0; - - size_t thisMove = toMove; - if(thisMove > elt->capacity) { - thisMove = elt->capacity; - } - memmove(elt->buf, inp, thisMove); - logRingWrite(ring, thisMove, ring->writerDex, inp); - - elt->validBytes = thisMove; - toMove -= thisMove; - haveMoved += thisMove; - inp += thisMove; - - /* move on to next element, when it becomes available */ - nextDex = ring->writerDex + 1; - if(nextDex == ring->numElements) { - nextDex = 0; - } - if(nextDex == ring->readerDex) { - logRingStall(ring, "writer", nextDex); - while(nextDex == ring->readerDex) { - /* if(ring->closed) { - break; - } */ - ; - /* else stall */ - } - } - /* we own nextDex */ - ring->writerDex = nextDex; - if(ring->closed) { - break; - } - } while(toMove); - if(ring->closed && (haveMoved == 0)) { - /* reader closed socket: EPIPE */ - ortn = errSSLClosedAbort; - } - *dataLen = haveMoved; - return ortn; -} - -/* close both sides of a RingBuffers */ -void ringBuffersClose( - RingBuffers *rbs) -{ - if(rbs == NULL) { - return; - } - if(rbs->rdBuf) { - logRingClose(rbs->rdBuf, "reader"); - rbs->rdBuf->closed = true; - } - if(rbs->wrtBuf) { - logRingClose(rbs->wrtBuf, "writer"); - rbs->wrtBuf->closed = true; - } -} - diff --git a/SecurityTests/clxutils/clAppUtils/ringBufferIo.h b/SecurityTests/clxutils/clAppUtils/ringBufferIo.h deleted file mode 100644 index 5235fdc8..00000000 --- a/SecurityTests/clxutils/clAppUtils/ringBufferIo.h +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Ring buffer I/O for sslThroughput test. - */ - -#ifndef _RING_BUFFER_IO_ -#define _RING_BUFFER_IO_ - -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* Reasonable defaults for Ring Buffer params */ -#define DEFAULT_NUM_RB_BUFS 16 -#define DEFAULT_BUF_RB_SIZE 2048 /* in the ring buffers */ - - -/* one element in a ring buffer */ -typedef struct { - size_t validBytes; // bytes written and not yet consumed - size_t readOffset; // next byte to be read from this offset - size_t capacity; // mallocd size of buf - unsigned char *buf; -} RingElement; - -/* - * A ring buffer shared between one writer thread and one reader thread. - * Per the DeMoney Theorem, we don't need to provide any locking between - * the two threads if we have the appropriate protocol, which is as follows: - * - * -- the RingElements at which the reader and writer are currently - * processing are indicated by readerDex and writerDex. - * -- the writer thread never advances writerDex to a RingElement - * currently in use by the reader thread. - * -- the reader thread can advance to a RingElement in use by - * the writer thread, but it can't read from that RingElement - * until the writer thread has advanced past that RingElement. - */ -typedef struct { - size_t numElements; - RingElement *elements; - unsigned writerDex; // writer thread is working on this one - unsigned readerDex; // read thread is working on this one - const char *bufName; // e.g. serverToClient - - /* - * Flag to emulate closing of socket. There's only one since the thread - * that sets this presumably will not be reading from or writing to - * this RingBuffer again; the "other" thread will detect this and abort - * as appropriate. - */ - bool closed; -} RingBuffer; - -/* - * A pair of RingBuffer ptrs suitable for use as the SSLConnectionRef - * for ringReadFunc() and ringWriteFunc(). - */ -typedef struct { - RingBuffer *rdBuf; - RingBuffer *wrtBuf; -} RingBuffers; - -void ringBufSetup( - RingBuffer *ring, - const char *bufName, - size_t numElements, - size_t bufSize); - -void ringBufferReset( - RingBuffer *ring); - -/* - * The "I/O" callbacks for SecureTransport. - * The SSLConnectionRef is a RingBuffers *. - */ -OSStatus ringReadFunc( - SSLConnectionRef connRef, - void *data, - size_t *dataLen); /* IN/OUT */ -OSStatus ringWriteFunc( - SSLConnectionRef connRef, - const void *data, - size_t *dataLen); /* IN/OUT */ - -/* close both sides of a RingBuffers */ -void ringBuffersClose( - RingBuffers *rbs); - -/* to coordinate stdio from multi threads */ -extern pthread_mutex_t printfMutex; - -#ifdef __cplusplus -} -#endif - -#endif /* _RING_BUFFER_IO_ */ diff --git a/SecurityTests/clxutils/clAppUtils/sslAppUtils.cpp b/SecurityTests/clxutils/clAppUtils/sslAppUtils.cpp deleted file mode 100644 index 69b15508..00000000 --- a/SecurityTests/clxutils/clAppUtils/sslAppUtils.cpp +++ /dev/null @@ -1,1653 +0,0 @@ - -#include "sslAppUtils.h" -#include "sslThreading.h" -#include "identPicker.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include // for Sec errors -#include - -/* Set true when PR-3074739 is merged to TOT */ -#define NEW_SSL_ERRS_3074739 1 - -const char *sslGetCipherSuiteString(SSLCipherSuite cs) -{ - static char noSuite[40]; - - switch(cs) { - case SSL_NULL_WITH_NULL_NULL: - return "SSL_NULL_WITH_NULL_NULL"; - case SSL_RSA_WITH_NULL_MD5: - return "SSL_RSA_WITH_NULL_MD5"; - case SSL_RSA_WITH_NULL_SHA: - return "SSL_RSA_WITH_NULL_SHA"; - case SSL_RSA_EXPORT_WITH_RC4_40_MD5: - return "SSL_RSA_EXPORT_WITH_RC4_40_MD5"; - case SSL_RSA_WITH_RC4_128_MD5: - return "SSL_RSA_WITH_RC4_128_MD5"; - case SSL_RSA_WITH_RC4_128_SHA: - return "SSL_RSA_WITH_RC4_128_SHA"; - case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5: - return "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"; - case SSL_RSA_WITH_IDEA_CBC_SHA: - return "SSL_RSA_WITH_IDEA_CBC_SHA"; - case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA: - return "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"; - case SSL_RSA_WITH_DES_CBC_SHA: - return "SSL_RSA_WITH_DES_CBC_SHA"; - case SSL_RSA_WITH_3DES_EDE_CBC_SHA: - return "SSL_RSA_WITH_3DES_EDE_CBC_SHA"; - case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: - return "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"; - case SSL_DH_DSS_WITH_DES_CBC_SHA: - return "SSL_DH_DSS_WITH_DES_CBC_SHA"; - case SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA: - return "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA"; - case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: - return "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"; - case SSL_DH_RSA_WITH_DES_CBC_SHA: - return "SSL_DH_RSA_WITH_DES_CBC_SHA"; - case SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA: - return "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA"; - case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: - return "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"; - case SSL_DHE_DSS_WITH_DES_CBC_SHA: - return "SSL_DHE_DSS_WITH_DES_CBC_SHA"; - case SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA: - return "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"; - case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: - return "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"; - case SSL_DHE_RSA_WITH_DES_CBC_SHA: - return "SSL_DHE_RSA_WITH_DES_CBC_SHA"; - case SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA: - return "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"; - case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5: - return "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"; - case SSL_DH_anon_WITH_RC4_128_MD5: - return "SSL_DH_anon_WITH_RC4_128_MD5"; - case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA: - return "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"; - case SSL_DH_anon_WITH_DES_CBC_SHA: - return "SSL_DH_anon_WITH_DES_CBC_SHA"; - case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA: - return "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"; - case SSL_FORTEZZA_DMS_WITH_NULL_SHA: - return "SSL_FORTEZZA_DMS_WITH_NULL_SHA"; - case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA: - return "SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA"; - case SSL_RSA_WITH_RC2_CBC_MD5: - return "SSL_RSA_WITH_RC2_CBC_MD5"; - case SSL_RSA_WITH_IDEA_CBC_MD5: - return "SSL_RSA_WITH_IDEA_CBC_MD5"; - case SSL_RSA_WITH_DES_CBC_MD5: - return "SSL_RSA_WITH_DES_CBC_MD5"; - case SSL_RSA_WITH_3DES_EDE_CBC_MD5: - return "SSL_RSA_WITH_3DES_EDE_CBC_MD5"; - case SSL_NO_SUCH_CIPHERSUITE: - return "SSL_NO_SUCH_CIPHERSUITE"; - case TLS_RSA_WITH_AES_128_CBC_SHA: - return "TLS_RSA_WITH_AES_128_CBC_SHA"; - case TLS_DH_DSS_WITH_AES_128_CBC_SHA: - return "TLS_DH_DSS_WITH_AES_128_CBC_SHA"; - case TLS_DH_RSA_WITH_AES_128_CBC_SHA: - return "TLS_DH_RSA_WITH_AES_128_CBC_SHA"; - case TLS_DHE_DSS_WITH_AES_128_CBC_SHA: - return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"; - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: - return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"; - case TLS_DH_anon_WITH_AES_128_CBC_SHA: - return "TLS_DH_anon_WITH_AES_128_CBC_SHA"; - case TLS_RSA_WITH_AES_256_CBC_SHA: - return "TLS_RSA_WITH_AES_256_CBC_SHA"; - case TLS_DH_DSS_WITH_AES_256_CBC_SHA: - return "TLS_DH_DSS_WITH_AES_256_CBC_SHA"; - case TLS_DH_RSA_WITH_AES_256_CBC_SHA: - return "TLS_DH_RSA_WITH_AES_256_CBC_SHA"; - case TLS_DHE_DSS_WITH_AES_256_CBC_SHA: - return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"; - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: - return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; - case TLS_DH_anon_WITH_AES_256_CBC_SHA: - return "TLS_DH_anon_WITH_AES_256_CBC_SHA"; - - /* ECDSA */ - case TLS_ECDH_ECDSA_WITH_NULL_SHA: - return "TLS_ECDH_ECDSA_WITH_NULL_SHA"; - case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: - return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"; - case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: - return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"; - case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: - return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"; - case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: - return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"; - case TLS_ECDHE_ECDSA_WITH_NULL_SHA: - return "TLS_ECDHE_ECDSA_WITH_NULL_SHA"; - case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: - return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"; - case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: - return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"; - case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: - return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"; - case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: - return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; - case TLS_ECDH_RSA_WITH_NULL_SHA: - return "TLS_ECDH_RSA_WITH_NULL_SHA"; - case TLS_ECDH_RSA_WITH_RC4_128_SHA: - return "TLS_ECDH_RSA_WITH_RC4_128_SHA"; - case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: - return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"; - case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: - return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"; - case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: - return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"; - case TLS_ECDHE_RSA_WITH_NULL_SHA: - return "TLS_ECDHE_RSA_WITH_NULL_SHA"; - case TLS_ECDHE_RSA_WITH_RC4_128_SHA: - return "TLS_ECDHE_RSA_WITH_RC4_128_SHA"; - case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: - return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"; - case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: - return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"; - case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: - return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; - case TLS_ECDH_anon_WITH_NULL_SHA: - return "TLS_ECDH_anon_WITH_NULL_SHA"; - case TLS_ECDH_anon_WITH_RC4_128_SHA: - return "TLS_ECDH_anon_WITH_RC4_128_SHA"; - case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA: - return "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"; - case TLS_ECDH_anon_WITH_AES_128_CBC_SHA: - return "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"; - case TLS_ECDH_anon_WITH_AES_256_CBC_SHA: - return "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"; - - default: - sprintf(noSuite, "Unknown (%d)", (unsigned)cs); - return noSuite; - } -} - -/* - * Given a SSLProtocolVersion - typically from SSLGetProtocolVersion - - * return a string representation. - */ -const char *sslGetProtocolVersionString(SSLProtocol prot) -{ - static char noProt[20]; - - switch(prot) { - case kSSLProtocolUnknown: - return "kSSLProtocolUnknown"; - case kSSLProtocol2: - return "kSSLProtocol2"; - case kSSLProtocol3: - return "kSSLProtocol3"; - case kSSLProtocol3Only: - return "kSSLProtocol3Only"; - case kTLSProtocol1: - return "kTLSProtocol1"; - case kTLSProtocol1Only: - return "kTLSProtocol1Only"; - default: - sprintf(noProt, "Unknown (%d)", (unsigned)prot); - return noProt; - } -} - -/* - * Return string representation of SecureTransport-related OSStatus. - */ -const char *sslGetSSLErrString(OSStatus err) -{ - static char noErrStr[20]; - - switch(err) { - case noErr: - return "noErr"; - case memFullErr: - return "memFullErr"; - case paramErr: - return "paramErr"; - case unimpErr: - return "unimpErr"; - case ioErr: - return "ioErr"; - case badReqErr: - return "badReqErr"; - case errSSLProtocol: - return "errSSLProtocol"; - case errSSLNegotiation: - return "errSSLNegotiation"; - case errSSLFatalAlert: - return "errSSLFatalAlert"; - case errSSLWouldBlock: - return "errSSLWouldBlock"; - case errSSLSessionNotFound: - return "errSSLSessionNotFound"; - case errSSLClosedGraceful: - return "errSSLClosedGraceful"; - case errSSLClosedAbort: - return "errSSLClosedAbort"; - case errSSLXCertChainInvalid: - return "errSSLXCertChainInvalid"; - case errSSLBadCert: - return "errSSLBadCert"; - case errSSLCrypto: - return "errSSLCrypto"; - case errSSLInternal: - return "errSSLInternal"; - case errSSLModuleAttach: - return "errSSLModuleAttach"; - case errSSLUnknownRootCert: - return "errSSLUnknownRootCert"; - case errSSLNoRootCert: - return "errSSLNoRootCert"; - case errSSLCertExpired: - return "errSSLCertExpired"; - case errSSLCertNotYetValid: - return "errSSLCertNotYetValid"; - case errSSLClosedNoNotify: - return "errSSLClosedNoNotify"; - case errSSLBufferOverflow: - return "errSSLBufferOverflow"; - case errSSLBadCipherSuite: - return "errSSLBadCipherSuite"; - /* TLS/Panther addenda */ - case errSSLPeerUnexpectedMsg: - return "errSSLPeerUnexpectedMsg"; - case errSSLPeerBadRecordMac: - return "errSSLPeerBadRecordMac"; - case errSSLPeerDecryptionFail: - return "errSSLPeerDecryptionFail"; - case errSSLPeerRecordOverflow: - return "errSSLPeerRecordOverflow"; - case errSSLPeerDecompressFail: - return "errSSLPeerDecompressFail"; - case errSSLPeerHandshakeFail: - return "errSSLPeerHandshakeFail"; - case errSSLPeerBadCert: - return "errSSLPeerBadCert"; - case errSSLPeerUnsupportedCert: - return "errSSLPeerUnsupportedCert"; - case errSSLPeerCertRevoked: - return "errSSLPeerCertRevoked"; - case errSSLPeerCertExpired: - return "errSSLPeerCertExpired"; - case errSSLPeerCertUnknown: - return "errSSLPeerCertUnknown"; - case errSSLIllegalParam: - return "errSSLIllegalParam"; - case errSSLPeerUnknownCA: - return "errSSLPeerUnknownCA"; - case errSSLPeerAccessDenied: - return "errSSLPeerAccessDenied"; - case errSSLPeerDecodeError: - return "errSSLPeerDecodeError"; - case errSSLPeerDecryptError: - return "errSSLPeerDecryptError"; - case errSSLPeerExportRestriction: - return "errSSLPeerExportRestriction"; - case errSSLPeerProtocolVersion: - return "errSSLPeerProtocolVersion"; - case errSSLPeerInsufficientSecurity: - return "errSSLPeerInsufficientSecurity"; - case errSSLPeerInternalError: - return "errSSLPeerInternalError"; - case errSSLPeerUserCancelled: - return "errSSLPeerUserCancelled"; - case errSSLPeerNoRenegotiation: - return "errSSLPeerNoRenegotiation"; - case errSSLHostNameMismatch: - return "errSSLHostNameMismatch"; - case errSSLConnectionRefused: - return "errSSLConnectionRefused"; - case errSSLDecryptionFail: - return "errSSLDecryptionFail"; - case errSSLBadRecordMac: - return "errSSLBadRecordMac"; - case errSSLRecordOverflow: - return "errSSLRecordOverflow"; - case errSSLBadConfiguration: - return "errSSLBadConfiguration"; - - /* some from the Sec layer */ - case errSecNotAvailable: return "errSecNotAvailable"; - case errSecReadOnly: return "errSecReadOnly"; - case errSecAuthFailed: return "errSecAuthFailed"; - case errSecNoSuchKeychain: return "errSecNoSuchKeychain"; - case errSecInvalidKeychain: return "errSecInvalidKeychain"; - case errSecDuplicateItem: return "errSecDuplicateItem"; - case errSecItemNotFound: return "errSecItemNotFound"; - case errSecNoSuchAttr: return "errSecNoSuchAttr"; - case errSecInvalidItemRef: return "errSecInvalidItemRef"; - case errSecInvalidSearchRef: return "errSecInvalidSearchRef"; - case errSecNoSuchClass: return "errSecNoSuchClass"; - case errSecNoDefaultKeychain: return "errSecNoDefaultKeychain"; - case errSecWrongSecVersion: return "errSecWrongSecVersion"; - case errSessionInvalidId: return "errSessionInvalidId"; - case errSessionInvalidAttributes: return "errSessionInvalidAttributes"; - case errSessionAuthorizationDenied: return "errSessionAuthorizationDenied"; - case errSessionInternal: return "errSessionInternal"; - case errSessionInvalidFlags: return "errSessionInvalidFlags"; - case errSecInvalidTrustSettings: return "errSecInvalidTrustSettings"; - case errSecNoTrustSettings: return "errSecNoTrustSettings"; - - default: - if(err < (CSSM_BASE_ERROR + - (CSSM_ERRORCODE_MODULE_EXTENT * 8))) { - /* assume CSSM error */ - return cssmErrToStr(err); - } - else { - sprintf(noErrStr, "Unknown (%d)", (unsigned)err); - return noErrStr; - } - } -} - -void printSslErrStr( - const char *op, - OSStatus err) -{ - printf("*** %s: %s\n", op, sslGetSSLErrString(err)); -} - -const char *sslGetClientCertStateString(SSLClientCertificateState state) -{ - static char noState[20]; - - switch(state) { - case kSSLClientCertNone: - return "ClientCertNone"; - case kSSLClientCertRequested: - return "CertRequested"; - case kSSLClientCertSent: - return "ClientCertSent"; - case kSSLClientCertRejected: - return "ClientCertRejected"; - default: - sprintf(noState, "Unknown (%d)", (unsigned)state); - return noState; - } - -} - -const char *sslGetClientAuthTypeString(SSLClientAuthenticationType authType) -{ - static char noType[20]; - - switch(authType) { - case SSLClientAuthNone: - return "None"; - case SSLClientAuth_RSASign: - return "RSASign"; - case SSLClientAuth_DSSSign: - return "DSSSign"; - case SSLClientAuth_RSAFixedDH: - return "RSAFixedDH"; - case SSLClientAuth_DSS_FixedDH: - return "DSS_FixedDH"; - case SSLClientAuth_ECDSASign: - return "ECDSASign"; - case SSLClientAuth_RSAFixedECDH: - return "RSAFixedECDH"; - case SSLClientAuth_ECDSAFixedECDH: - return "ECDSAFixedECDH"; - default: - sprintf(noType, "Unknown (%d)", (unsigned)authType); - return noType; - } -} - -/* - * Convert a keychain name (which may be NULL) into the CFArrayRef required - * by SSLSetCertificate. This is a bare-bones example of this operation, - * since it requires and assumes that there is exactly one SecIdentity - * in the keychain - i.e., there is exactly one matching cert/private key - * pair. A real world server would probably search a keychain for a SecIdentity - * matching some specific criteria. - */ -CFArrayRef getSslCerts( - const char *kcName, // may be NULL, i.e., use default - CSSM_BOOL encryptOnly, - CSSM_BOOL completeCertChain, - const char *anchorFile, // optional trusted anchor - SecKeychainRef *pKcRef) // RETURNED -{ - SecKeychainRef kcRef = nil; - OSStatus ortn; - - *pKcRef = nil; - - /* pick a keychain */ - if(kcName) { - ortn = SecKeychainOpen(kcName, &kcRef); - if(ortn) { - printf("SecKeychainOpen returned %d.\n", (int)ortn); - printf("Cannot open keychain at %s. Aborting.\n", kcName); - return NULL; - } - } - else { - /* use default keychain */ - ortn = SecKeychainCopyDefault(&kcRef); - if(ortn) { - printf("SecKeychainCopyDefault returned %d; aborting.\n", (int)ortn); - return nil; - } - } - *pKcRef = kcRef; - return sslKcRefToCertArray(kcRef, encryptOnly, completeCertChain, - NULL, // SSL policy - anchorFile); -} - -/* - * Determine if specified SecCertificateRef is a self-signed cert. - * We do this by comparing the subject and issuerr names; no cryptographic - * verification is performed. - * - * Returns true if the cert appears to be a root. - */ -static bool isCertRefRoot( - SecCertificateRef certRef) -{ - /* just search for the two attrs we want */ - UInt32 tags[2] = {kSecSubjectItemAttr, kSecIssuerItemAttr}; - SecKeychainAttributeInfo attrInfo; - attrInfo.count = 2; - attrInfo.tag = tags; - attrInfo.format = NULL; - SecKeychainAttributeList *attrList = NULL; - SecKeychainAttribute *attr1 = NULL; - SecKeychainAttribute *attr2 = NULL; - bool brtn = false; - - OSStatus ortn = SecKeychainItemCopyAttributesAndData( - (SecKeychainItemRef)certRef, - &attrInfo, - NULL, // itemClass - &attrList, - NULL, // length - don't need the data - NULL); // outData - if(ortn) { - cssmPerror("SecKeychainItemCopyAttributesAndData", ortn); - /* may want to be a bit more robust here, but this should - * never happen */ - return false; - } - /* subsequent errors to errOut: */ - - if((attrList == NULL) || (attrList->count != 2)) { - printf("***Unexpected result fetching label attr\n"); - goto errOut; - } - - /* rootness is just byte-for-byte compare of the two names */ - attr1 = &attrList->attr[0]; - attr2 = &attrList->attr[1]; - if(attr1->length == attr2->length) { - if(memcmp(attr1->data, attr2->data, attr1->length) == 0) { - brtn = true; - } - } -errOut: - SecKeychainItemFreeAttributesAndData(attrList, NULL); - return brtn; -} - - -/* - * Given a SecIdentityRef, do our best to construct a complete, ordered, and - * verified cert chain, returning the result in a CFArrayRef. The result is - * suitable for use when calling SSLSetCertificate(). - */ -OSStatus sslCompleteCertChain( - SecIdentityRef identity, - SecCertificateRef trustedAnchor, // optional additional trusted anchor - bool includeRoot, // include the root in outArray - const CSSM_OID *vfyPolicy, // optional - if NULL, use SSL - CFArrayRef *outArray) // created and RETURNED -{ - CFMutableArrayRef certArray; - SecTrustRef secTrust = NULL; - SecPolicyRef policy = NULL; - SecPolicySearchRef policySearch = NULL; - SecTrustResultType secTrustResult; - CSSM_TP_APPLE_EVIDENCE_INFO *dummyEv; // not used - CFArrayRef certChain = NULL; // constructed chain - CFIndex numResCerts; - - certArray = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); - CFArrayAppendValue(certArray, identity); - - /* - * Case 1: identity is a root; we're done. Note that this case - * overrides the includeRoot argument. - */ - SecCertificateRef certRef; - OSStatus ortn = SecIdentityCopyCertificate(identity, &certRef); - if(ortn) { - /* should never happen */ - cssmPerror("SecIdentityCopyCertificate", ortn); - return ortn; - } - bool isRoot = isCertRefRoot(certRef); - if(isRoot) { - *outArray = certArray; - CFRelease(certRef); - return noErr; - } - - /* - * Now use SecTrust to get a complete cert chain, using all of the - * user's keychains to look for intermediate certs. - * NOTE this does NOT handle root certs which are not in the system - * root cert DB. (The above case, where the identity is a root cert, does.) - */ - CFMutableArrayRef subjCerts = CFArrayCreateMutable(NULL, 1, &kCFTypeArrayCallBacks); - CFArraySetValueAtIndex(subjCerts, 0, certRef); - - /* the array owns the subject cert ref now */ - CFRelease(certRef); - - /* Get a SecPolicyRef for SSL cert chain verification */ - ortn = SecPolicySearchCreate(CSSM_CERT_X_509v3, - vfyPolicy ? vfyPolicy : &CSSMOID_APPLE_TP_SSL, - NULL, // value - &policySearch); - if(ortn) { - cssmPerror("SecPolicySearchCreate", ortn); - goto errOut; - } - ortn = SecPolicySearchCopyNext(policySearch, &policy); - if(ortn) { - cssmPerror("SecPolicySearchCopyNext", ortn); - goto errOut; - } - - /* build a SecTrustRef for specified policy and certs */ - ortn = SecTrustCreateWithCertificates(subjCerts, - policy, &secTrust); - if(ortn) { - cssmPerror("SecTrustCreateWithCertificates", ortn); - goto errOut; - } - - if(trustedAnchor) { - /* - * Tell SecTrust to trust this one in addition to the current - * trusted system-wide anchors. - */ - CFMutableArrayRef newAnchors; - CFArrayRef currAnchors; - - ortn = SecTrustCopyAnchorCertificates(&currAnchors); - if(ortn) { - /* should never happen */ - cssmPerror("SecTrustCopyAnchorCertificates", ortn); - goto errOut; - } - newAnchors = CFArrayCreateMutableCopy(NULL, - CFArrayGetCount(currAnchors) + 1, - currAnchors); - CFRelease(currAnchors); - CFArrayAppendValue(newAnchors, trustedAnchor); - ortn = SecTrustSetAnchorCertificates(secTrust, newAnchors); - CFRelease(newAnchors); - if(ortn) { - cssmPerror("SecTrustSetAnchorCertificates", ortn); - goto errOut; - } - } - /* evaluate: GO */ - ortn = SecTrustEvaluate(secTrust, &secTrustResult); - if(ortn) { - cssmPerror("SecTrustEvaluate", ortn); - goto errOut; - } - switch(secTrustResult) { - case kSecTrustResultUnspecified: - /* cert chain valid, no special UserTrust assignments */ - case kSecTrustResultProceed: - /* cert chain valid AND user explicitly trusts this */ - break; - default: - /* - * Cert chain construction failed. - * Just go with the single subject cert we were given. - */ - printf("***Warning: could not construct completed cert chain\n"); - ortn = noErr; - goto errOut; - } - - /* get resulting constructed cert chain */ - ortn = SecTrustGetResult(secTrust, &secTrustResult, &certChain, &dummyEv); - if(ortn) { - cssmPerror("SecTrustEvaluate", ortn); - goto errOut; - } - - /* - * Copy certs from constructed chain to our result array, skipping - * the leaf (which is already there, as a SecIdentityRef) and possibly - * a root. - */ - numResCerts = CFArrayGetCount(certChain); - if(numResCerts < 2) { - /* - * Can't happen: if subject was a root, we'd already have returned. - * If chain doesn't verify to a root, we'd have bailed after - * SecTrustEvaluate(). - */ - printf("***sslCompleteCertChain screwup: numResCerts %d\n", - (int)numResCerts); - ortn = noErr; - goto errOut; - } - if(!includeRoot) { - /* skip the last (root) cert) */ - numResCerts--; - } - for(CFIndex dex=1; dexacceptedProts) { - printf(" Allowed SSL versions : %s\n", params->acceptedProts); - } - else { - printf(" Attempted SSL version : %s\n", - sslGetProtocolVersionString(params->tryVersion)); - } - printf(" Result : %s\n", sslGetSSLErrString(params->ortn)); - printf(" Negotiated SSL version : %s\n", - sslGetProtocolVersionString(params->negVersion)); - printf(" Negotiated CipherSuite : %s\n", - sslGetCipherSuiteString(params->negCipher)); - if(params->certState != kSSLClientCertNone) { - printf(" Client Cert State : %s\n", - sslGetClientCertStateString(params->certState)); - } -} - -/* print a '.' every few seconds to keep UI alive while connecting */ -static CFAbsoluteTime lastTime = (CFAbsoluteTime)0.0; -#define TIME_INTERVAL 3.0 - -void sslOutputDot() -{ - CFAbsoluteTime thisTime = CFAbsoluteTimeGetCurrent(); - - if(lastTime == 0.0) { - /* avoid printing first time thru */ - lastTime = thisTime; - return; - } - if((thisTime - lastTime) >= TIME_INTERVAL) { - printf("."); fflush(stdout); - lastTime = thisTime; - } -} - -/* main server pthread body */ -static void *sslServerThread(void *arg) -{ - SslAppTestParams *testParams = (SslAppTestParams *)arg; - OSStatus status; - - status = sslAppServe(testParams); - pthread_exit((void*)status); - /* NOT REACHED */ - return (void *)status; -} - -/* - * Run one session, with the server in a separate thread. - * On entry, serverParams->port is the port we attempt to run on; - * the server thread may overwrite that with a different port if it's - * unable to open the port we specify. Whatever is left in - * serverParams->port is what's used for the client side. - */ -#define CLIENT_WAIT_SECONDS 1 -int sslRunSession( - SslAppTestParams*serverParams, - SslAppTestParams *clientParams, - const char *testDesc) -{ - pthread_t serverPthread; - OSStatus clientRtn; - void *serverRtn; - - if(testDesc && !clientParams->quiet) { - printf("===== %s =====\n", testDesc); - } - - /* - * Workaround for Radar 4619502: resolve references to Security.framework - * here, in main thread, before we fork off the server thread. - */ - SecKeychainRef defaultKc = NULL; - SecKeychainCopyDefault(&defaultKc); - /* end workaround */ - - if(pthread_mutex_init(&serverParams->pthreadMutex, NULL)) { - printf("***Error initializing mutex; aborting.\n"); - return -1; - } - if(pthread_cond_init(&serverParams->pthreadCond, NULL)) { - printf("***Error initializing pthreadCond; aborting.\n"); - return -1; - } - serverParams->serverReady = false; // server sets true - - int result = pthread_create(&serverPthread, NULL, - sslServerThread, serverParams); - if(result) { - printf("***Error starting up server thread; aborting.\n"); - return result; - } - - /* wait for server to set up a socket we can connect to */ - if(pthread_mutex_lock(&serverParams->pthreadMutex)) { - printf("***Error acquiring server lock; aborting.\n"); - return -1; - } - while(!serverParams->serverReady) { - if(pthread_cond_wait(&serverParams->pthreadCond, &serverParams->pthreadMutex)) { - printf("***Error waiting server thread; aborting.\n"); - return -1; - } - } - pthread_mutex_unlock(&serverParams->pthreadMutex); - pthread_cond_destroy(&serverParams->pthreadCond); - pthread_mutex_destroy(&serverParams->pthreadMutex); - - clientParams->port = serverParams->port; - clientRtn = sslAppClient(clientParams); - /* server doesn't shut down its socket until it sees this */ - serverParams->clientDone = 1; - result = pthread_join(serverPthread, &serverRtn); - if(result) { - printf("***pthread_join returned %d, aborting\n", result); - return result; - } - - if(serverParams->verbose) { - sslShowResult("server", serverParams); - } - if(clientParams->verbose) { - sslShowResult("client", clientParams); - } - - /* verify results */ - int ourRtn = 0; - ourRtn += sslVerifyRtn("server", serverParams->expectRtn, serverParams->ortn); - ourRtn += sslVerifyRtn("client", clientParams->expectRtn, clientParams->ortn); - ourRtn += sslVerifyProtVers("server", serverParams->expectVersion, - serverParams->negVersion); - ourRtn += sslVerifyProtVers("client", clientParams->expectVersion, - clientParams->negVersion); - ourRtn += sslVerifyClientCertState("server", serverParams->expectCertState, - serverParams->certState); - ourRtn += sslVerifyClientCertState("client", clientParams->expectCertState, - clientParams->certState); - if(serverParams->ortn == noErr) { - ourRtn += sslVerifyCipher("server", serverParams->expectCipher, - serverParams->negCipher); - } - if(clientParams->ortn == noErr) { - ourRtn += sslVerifyCipher("client", clientParams->expectCipher, - clientParams->negCipher); - } - - if(defaultKc) { - /* for workaround for Radar 4619502 */ - CFRelease(defaultKc); - } - return ourRtn; -} - -/* - * Add all of the roots in a given KC to SSL ctx's trusted anchors. - */ -OSStatus sslAddTrustedRoots( - SSLContextRef ctx, - SecKeychainRef keychain, - bool *foundOne) // RETURNED, true if we found - // at least one root cert -{ - OSStatus ortn; - SecCertificateRef secCert; - SecKeychainSearchRef srch; - - *foundOne = false; - ortn = SecKeychainSearchCreateFromAttributes(keychain, - kSecCertificateItemClass, - NULL, // any attrs - &srch); - if(ortn) { - printSslErrStr("SecKeychainSearchCreateFromAttributes", ortn); - return ortn; - } - - /* - * Only use root certs. Not an error if we don't find any. - */ - do { - ortn = SecKeychainSearchCopyNext(srch, - (SecKeychainItemRef *)&secCert); - if(ortn) { - break; - } - - /* see if it's a root */ - if(!isCertRefRoot(secCert)) { - continue; - } - - /* Tell Secure Transport to trust this one. */ - ortn = addTrustedSecCert(ctx, secCert, false); - if(ortn) { - /* fatal */ - printSslErrStr("addTrustedSecCert", ortn); - return ortn; - } - CFRelease(secCert); - *foundOne = true; - } while(ortn == noErr); - CFRelease(srch); - return noErr; -} - -/* - * Wrapper for sslIdentPicker, with optional trusted anchor specified as a filename. - */ -OSStatus sslIdentityPicker( - SecKeychainRef kcRef, // NULL means use default list - const char *trustedAnchor, // optional additional trusted anchor - bool includeRoot, // true --> root is appended to outArray - // false --> root not included - const CSSM_OID *vfyPolicy, // optional - if NULL, use SSL - CFArrayRef *outArray) // created and RETURNED -{ - SecCertificateRef trustedCert = NULL; - OSStatus ortn; - - if(trustedAnchor) { - ortn = sslReadAnchor(trustedAnchor, &trustedCert); - if(ortn) { - printf("***Error reading %s. sslIdentityPicker proceeding with no anchor.\n", - trustedAnchor); - trustedCert = NULL; - } - } - ortn = sslIdentPicker(kcRef, trustedCert, includeRoot, vfyPolicy, outArray); - if(trustedCert) { - CFRelease(trustedCert); - } - return ortn; -} - -/* - * Given a keychain name, convert it into a full path using the "SSL regression - * test suite algorithm". The Sec layer by default locates root root's keychains - * in different places depending on whether we're actually logged in as root - * or running via e.g. cron, so we force the location of root keychains to - * a hard-coded path. User keychain names we leave alone. - * This has to be kept in sync with the sslKcSetup script fragment in - * sslScripts. - */ -void sslKeychainPath( - const char *kcName, - char *kcPath) // allocd by caller, MAXPATHLEN -{ - if(kcName[0] == '\0') { - kcPath[0] = '\0'; - } - else if(geteuid() == 0) { - /* root */ - const char *buildDir = getenv("LOCAL_BUILD_DIR"); - if(buildDir == NULL) { - buildDir = ""; - } - sprintf(kcPath, "%s/Library/Keychains/%s", buildDir, kcName); - } - else { - /* user, leave alone */ - strcpy(kcPath, kcName); - } -} - -/* Verify presence of required file. Returns nonzero if not found. */ -int sslCheckFile(const char *path) -{ - struct stat sb; - - if(stat(path, &sb)) { - printf("***Can't find file %s.\n", path); - printf(" Try running in the build directory, perhaps after running the\n" - " makeLocalCert script.\n"); - return 1; - } - return 0; -} - -/* Stringify a SSL_ECDSA_NamedCurve */ -extern const char *sslCurveString( - SSL_ECDSA_NamedCurve namedCurve) -{ - static char unk[100]; - - switch(namedCurve) { - case SSL_Curve_None: return "Curve_None"; - case SSL_Curve_secp256r1: return "secp256r1"; - case SSL_Curve_secp384r1: return "secp384r1"; - case SSL_Curve_secp521r1: return "secp521r1"; - default: - sprintf(unk, "Unknown <%d>", (int)namedCurve); - return unk; - } -} - diff --git a/SecurityTests/clxutils/clAppUtils/sslAppUtils.h b/SecurityTests/clxutils/clAppUtils/sslAppUtils.h deleted file mode 100644 index ec009c1e..00000000 --- a/SecurityTests/clxutils/clAppUtils/sslAppUtils.h +++ /dev/null @@ -1,159 +0,0 @@ -#ifndef _SSLS_APP_UTILS_H_ -#define _SSLS_APP_UTILS_H_ 1 - -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* disable some Panther-only features */ -#define JAGUAR_BUILD 0 - -const char *sslGetCipherSuiteString(SSLCipherSuite cs); -const char *sslGetProtocolVersionString(SSLProtocol prot); -const char *sslGetSSLErrString(OSStatus err); -void printSslErrStr(const char *op, OSStatus err); -const char *sslGetClientCertStateString(SSLClientCertificateState state); -const char *sslGetClientAuthTypeString(SSLClientAuthenticationType authType); - -CFArrayRef getSslCerts( - const char *kcName, // may be NULL, i.e., use default - CSSM_BOOL encryptOnly, - CSSM_BOOL completeCertChain, - const char *anchorFile, // optional trusted anchor - SecKeychainRef *pKcRef); // RETURNED -OSStatus sslCompleteCertChain( - SecIdentityRef identity, - SecCertificateRef trustedAnchor, // optional additional trusted anchor - bool includeRoot, // include the root in outArray - const CSSM_OID *vfyPolicy, // optional - if NULL, use SSL - CFArrayRef *outArray); // created and RETURNED -CFArrayRef sslKcRefToCertArray( - SecKeychainRef kcRef, - CSSM_BOOL encryptOnly, - CSSM_BOOL completeCertChain, - const CSSM_OID *vfyPolicy, // optional - if NULL, use SSL policy to complete - const char *trustedAnchorFile); - -OSStatus addTrustedSecCert( - SSLContextRef ctx, - SecCertificateRef secCert, - CSSM_BOOL replaceAnchors); -OSStatus sslReadAnchor( - const char *anchorFile, - SecCertificateRef *certRef); -OSStatus sslAddTrustedRoot( - SSLContextRef ctx, - const char *anchorFile, - CSSM_BOOL replaceAnchors); - -/* - * Assume incoming identity contains a root (e.g., created by - * certtool) and add that cert to ST's trusted anchors. This - * enables ST's verify of the incoming chain to succeed without - * a kludgy "AllowAnyRoot" specification. - */ -OSStatus addIdentityAsTrustedRoot( - SSLContextRef ctx, - CFArrayRef identArray); - -OSStatus sslAddTrustedRoots( - SSLContextRef ctx, - SecKeychainRef keychain, - bool *foundOne); - -void sslOutputDot(); - -/* - * Lists of SSLCipherSuites used in sslSetCipherRestrictions. - */ -extern const SSLCipherSuite suites40[]; -extern const SSLCipherSuite suitesDES[]; -extern const SSLCipherSuite suitesDES40[]; -extern const SSLCipherSuite suites3DES[]; -extern const SSLCipherSuite suitesRC4[]; -extern const SSLCipherSuite suitesRC4_40[]; -extern const SSLCipherSuite suitesRC2[]; -extern const SSLCipherSuite suitesAES128[]; -extern const SSLCipherSuite suitesAES256[]; -extern const SSLCipherSuite suitesDH[]; -extern const SSLCipherSuite suitesDHAnon[]; -extern const SSLCipherSuite suitesDH_RSA[]; -extern const SSLCipherSuite suitesDH_DSS[]; -extern const SSLCipherSuite suites_SHA1[]; -extern const SSLCipherSuite suites_MD5[]; -extern const SSLCipherSuite suites_ECDHE[]; -extern const SSLCipherSuite suites_ECDH[]; - -/* - * Given an SSLContextRef and an array of SSLCipherSuites, terminated by - * SSL_NO_SUCH_CIPHERSUITE, select those SSLCipherSuites which the library - * supports and do a SSLSetEnabledCiphers() specifying those. - */ -OSStatus sslSetEnabledCiphers( - SSLContextRef ctx, - const SSLCipherSuite *ciphers); - -/* - * Specify restricted sets of cipherspecs and protocols. - */ -OSStatus sslSetCipherRestrictions( - SSLContextRef ctx, - char cipherRestrict); - -#ifndef SPHINX -OSStatus sslSetProtocols( - SSLContextRef ctx, - const char *acceptedProts, - SSLProtocol tryVersion); // only used if acceptedProts NULL -#endif - -int sslVerifyRtn( - const char *whichSide, // "client" or "server" - OSStatus expectRtn, - OSStatus gotRtn); -int sslVerifyProtVers( - const char *whichSide, // "client" or "server" - SSLProtocol expectProt, - SSLProtocol gotProt); -int sslVerifyClientCertState( - const char *whichSide, // "client" or "server" - SSLClientCertificateState expectState, - SSLClientCertificateState gotState); -int sslVerifyCipher( - const char *whichSide, // "client" or "server" - SSLCipherSuite expectCipher, - SSLCipherSuite gotCipher); - - -/* - * Wrapper for sslIdentPicker, with optional trusted anchor specified as a filename. - */ -OSStatus sslIdentityPicker( - SecKeychainRef kcRef, // NULL means use default list - const char *trustedAnchor, // optional additional trusted anchor - bool includeRoot, // true --> root is appended to outArray - // false --> root not included - const CSSM_OID *vfyPolicy, // optional - if NULL, use SSL - CFArrayRef *outArray); // created and RETURNED - -void sslKeychainPath( - const char *kcName, - char *kcPath); // allocd by caller, MAXPATHLEN - -/* Verify presence of required file. Returns nonzero if not found. */ -int sslCheckFile(const char *path); - -/* Stringify a SSL_ECDSA_NamedCurve */ -extern const char *sslCurveString( - SSL_ECDSA_NamedCurve namedCurve); - -#ifdef __cplusplus -} -#endif - -#endif /* _SSLS_APP_UTILS_H_ */ diff --git a/SecurityTests/clxutils/clAppUtils/sslClient.cpp b/SecurityTests/clxutils/clAppUtils/sslClient.cpp deleted file mode 100644 index 053f8cf7..00000000 --- a/SecurityTests/clxutils/clAppUtils/sslClient.cpp +++ /dev/null @@ -1,212 +0,0 @@ -/* - * sslClient.cpp : perform one SSL client side sesssion - */ -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -/* when true, keep listening until server disconnects */ -#define KEEP_CONNECTED 1 - -#define CLIENT_GETMSG "GET / HTTP/1.0\r\n\r\n" - -#define READBUF_LEN 256 - -/* relies on SSLSetProtocolVersionEnabled */ -OSStatus sslAppClient( - SslAppTestParams *params) -{ - PeerSpec peerId; - otSocket sock = 0; - OSStatus ortn; - SSLContextRef ctx = NULL; - SecKeychainRef clientKc = nil; - CFArrayRef clientCerts = nil; - RingBuffers ringBufs = {params->serverToClientRing, params->clientToServerRing}; - - sslThrDebug("Client", "starting"); - params->negVersion = kSSLProtocolUnknown; - params->negCipher = SSL_NULL_WITH_NULL_NULL; - params->ortn = noHardwareErr; - - if(params->serverToClientRing == NULL) { - /* first make sure requested server is there */ - ortn = MakeServerConnection(params->hostName, params->port, - params->nonBlocking, &sock, &peerId); - if(ortn) { - printf("MakeServerConnection returned %d; aborting\n", (int)ortn); - return ortn; - } - } - - /* - * Set up a SecureTransport session. - */ - ortn = SSLNewContext(false, &ctx); - if(ortn) { - printSslErrStr("SSLNewContext", ortn); - goto cleanup; - } - if(params->serverToClientRing) { - ortn = SSLSetIOFuncs(ctx, ringReadFunc, ringWriteFunc); - if(ortn) { - printSslErrStr("SSLSetIOFuncs", ortn); - goto cleanup; - } - ortn = SSLSetConnection(ctx, (SSLConnectionRef)&ringBufs); - if(ortn) { - printSslErrStr("SSLSetConnection", ortn); - goto cleanup; - } - } - else { - ortn = SSLSetIOFuncs(ctx, SocketRead, SocketWrite); - if(ortn) { - printSslErrStr("SSLSetIOFuncs", ortn); - goto cleanup; - } - ortn = SSLSetConnection(ctx, (SSLConnectionRef)sock); - if(ortn) { - printSslErrStr("SSLSetConnection", ortn); - goto cleanup; - } - } - if(!params->skipHostNameCheck) { - ortn = SSLSetPeerDomainName(ctx, params->hostName, - strlen(params->hostName) + 1); - if(ortn) { - printSslErrStr("SSLSetPeerDomainName", ortn); - goto cleanup; - } - } - - /* remainder of setup is optional */ - if(params->anchorFile) { - ortn = sslAddTrustedRoot(ctx, params->anchorFile, params->replaceAnchors); - if(ortn) { - goto cleanup; - } - } - if(!params->noProtSpec) { - ortn = sslSetProtocols(ctx, params->acceptedProts, params->tryVersion); - if(ortn) { - goto cleanup; - } - } - if(params->resumeEnable) { - ortn = SSLSetPeerID(ctx, &peerId, sizeof(PeerSpec)); - if(ortn) { - printSslErrStr("SSLSetPeerID", ortn); - goto cleanup; - } - } - if(params->disableCertVerify) { - ortn = SSLSetEnableCertVerify(ctx, false); - if(ortn) { - printSslErrStr("SSLSetEnableCertVerify", ortn); - goto cleanup; - } - } - if(params->ciphers != NULL) { - ortn = sslSetEnabledCiphers(ctx, params->ciphers); - if(ortn) { - goto cleanup; - } - } - if(params->myCertKcName) { - clientCerts = getSslCerts(params->myCertKcName, CSSM_FALSE, CSSM_FALSE, NULL, &clientKc); - if(clientCerts == nil) { - exit(1); - } - if(params->password) { - ortn = SecKeychainUnlock(clientKc, strlen(params->password), - (void *)params->password, true); - if(ortn) { - printf("SecKeychainUnlock returned %d\n", (int)ortn); - /* oh well */ - } - } - if(params->idIsTrustedRoot) { - /* assume this is a root we want to implicitly trust */ - ortn = addIdentityAsTrustedRoot(ctx, clientCerts); - if(ortn) { - goto cleanup; - } - } - ortn = SSLSetCertificate(ctx, clientCerts); - if(ortn) { - printSslErrStr("SSLSetCertificate", ortn); - goto cleanup; - } - } - do { - ortn = SSLHandshake(ctx); - if((ortn == errSSLWouldBlock) && !params->silent) { - /* keep UI responsive */ - sslOutputDot(); - } - } while (ortn == errSSLWouldBlock); - - SSLGetClientCertificateState(ctx, ¶ms->certState); - SSLGetNegotiatedCipher(ctx, ¶ms->negCipher); - SSLGetNegotiatedProtocolVersion(ctx, ¶ms->negVersion); - - if(ortn != noErr) { - goto cleanup; - } - - /* send a GET msg */ - size_t actLen; - ortn = SSLWrite(ctx, CLIENT_GETMSG, strlen(CLIENT_GETMSG), &actLen); - if(ortn) { - printSslErrStr("SSLWrite", ortn); - goto cleanup; - } - - #if KEEP_CONNECTED - - /* - * Consume any server data and wait for server to disconnect - */ - char readBuf[READBUF_LEN]; - do { - ortn = SSLRead(ctx, readBuf, READBUF_LEN, &actLen); - } while (ortn == errSSLWouldBlock); - - /* convert normal "shutdown" into zero err rtn */ - if(ortn == errSSLClosedGraceful) { - ortn = noErr; - } - #endif /* KEEP_CONNECTED */ - -cleanup: - if(ctx) { - OSStatus cerr = SSLClose(ctx); - if(ortn == noErr) { - ortn = cerr; - } - } - if(sock) { - endpointShutdown(sock); - } - ringBuffersClose(&ringBufs); /* tolerates NULLs */ - if(ctx) { - SSLDisposeContext(ctx); - } - params->ortn = ortn; - sslThrDebug("Client", "done"); - return ortn; -} diff --git a/SecurityTests/clxutils/clAppUtils/sslRingBufferThreads.cpp b/SecurityTests/clxutils/clAppUtils/sslRingBufferThreads.cpp deleted file mode 100644 index fc805202..00000000 --- a/SecurityTests/clxutils/clAppUtils/sslRingBufferThreads.cpp +++ /dev/null @@ -1,304 +0,0 @@ -/* - * sslRingBufferThreads.cpp - SecureTransport client and server thread - * routines which use ringBufferIo for I/O (no sockets). - */ - -#include "sslRingBufferThreads.h" -#include -#include -#include -#include -#include -#include - -#define LOG_TOP_IO 0 -#if LOG_TOP_IO - -static void logWrite( - char *who, - size_t written) -{ - pthread_mutex_lock(&printfMutex); - printf("+++ %s wrote %4lu bytes\n", who, (unsigned long)written); - pthread_mutex_unlock(&printfMutex); -} - -static void logRead( - char *who, - size_t bytesRead) -{ - pthread_mutex_lock(&printfMutex); - printf("+++ %s read %4lu bytes\n", who, (unsigned long)bytesRead); - pthread_mutex_unlock(&printfMutex); -} - -#else /* LOG_TOP_IO */ -#define logWrite(who, w) -#define logRead(who, r) -#endif /* LOG_TOP_IO */ - -/* client thread - handshake and write a ton of data */ -void *sslRbClientThread(void *arg) -{ - SslRingBufferArgs *sslArgs = (SslRingBufferArgs *)arg; - OSStatus ortn; - SSLContextRef ctx = NULL; - RingBuffers ringBufs = {sslArgs->ringRead, sslArgs->ringWrite}; - unsigned toMove = 0; - unsigned thisMove; - - ortn = SSLNewContext(false, &ctx); - if(ortn) { - printSslErrStr("SSLNewContext", ortn); - goto cleanup; - } - ortn = SSLSetIOFuncs(ctx, ringReadFunc, ringWriteFunc); - if(ortn) { - printSslErrStr("SSLSetIOFuncs", ortn); - goto cleanup; - } - ortn = SSLSetConnection(ctx, (SSLConnectionRef)&ringBufs); - if(ortn) { - printSslErrStr("SSLSetConnection", ortn); - goto cleanup; - } - ortn = SSLSetEnabledCiphers(ctx, &sslArgs->cipherSuite, 1); - if(ortn) { - printSslErrStr("SSLSetEnabledCiphers", ortn); - goto cleanup; - } - if(sslArgs->idArray) { - ortn = SSLSetCertificate(ctx, sslArgs->idArray); - if(ortn) { - printSslErrStr("SSLSetCertificate", ortn); - goto cleanup; - } - } - if(sslArgs->trustedRoots) { - ortn = SSLSetTrustedRoots(ctx, sslArgs->trustedRoots, true); - if(ortn) { - printSslErrStr("SSLSetTrustedRoots", ortn); - goto cleanup; - } - } - SSLSetProtocolVersionEnabled(ctx, kSSLProtocolAll, false); - ortn = SSLSetProtocolVersionEnabled(ctx, sslArgs->prot, true); - if(ortn) { - printSslErrStr("SSLSetProtocolVersionEnabled", ortn); - goto cleanup; - } - - /* tell main thread we're ready; wait for sync flag */ - sslArgs->iAmReady = true; - while(!(*sslArgs->goFlag)) { - if(*sslArgs->abortFlag) { - goto cleanup; - } - } - - /* GO handshake */ - sslArgs->startHandshake = CFAbsoluteTimeGetCurrent(); - do { - ortn = SSLHandshake(ctx); - if(*sslArgs->abortFlag) { - goto cleanup; - } - } while (ortn == errSSLWouldBlock); - - if(ortn) { - printSslErrStr("SSLHandshake", ortn); - goto cleanup; - } - - SSLGetNegotiatedCipher(ctx, &sslArgs->negotiatedCipher); - SSLGetNegotiatedProtocolVersion(ctx, &sslArgs->negotiatedProt); - - sslArgs->startData = CFAbsoluteTimeGetCurrent(); - - toMove = sslArgs->xferSize; - - if(toMove == 0) { - sslArgs->endData = sslArgs->startData; - goto cleanup; - } - - /* GO data xfer */ - do { - thisMove = sslArgs->chunkSize; - if(thisMove > toMove) { - thisMove = toMove; - } - size_t moved; - ortn = SSLWrite(ctx, sslArgs->xferBuf, thisMove, &moved); - /* should never fail - implemented as blocking */ - if(ortn) { - printSslErrStr("SSLWrite", ortn); - goto cleanup; - } - logWrite("client", moved); - if(!sslArgs->runForever) { - toMove -= moved; - } - if(*sslArgs->abortFlag) { - goto cleanup; - } - } while(toMove || sslArgs->runForever); - - sslArgs->endData = CFAbsoluteTimeGetCurrent(); - -cleanup: - if(ortn) { - *sslArgs->abortFlag = true; - } - if(*sslArgs->abortFlag && sslArgs->pauseOnError) { - /* abort for any reason - freeze! */ - testError(CSSM_FALSE); - } - if(ctx) { - SSLClose(ctx); - SSLDisposeContext(ctx); - } - if(ortn) { - printf("***Client thread returning %lu\n", (unsigned long)ortn); - } - pthread_exit((void*)ortn); - /* NOT REACHED */ - return (void *)ortn; - -} - -/* server function - like clientThread except it runs from the main thread */ -/* handshake and read a ton of data */ -OSStatus sslRbServerThread(SslRingBufferArgs *sslArgs) -{ - OSStatus ortn; - SSLContextRef ctx = NULL; - RingBuffers ringBufs = {sslArgs->ringRead, sslArgs->ringWrite}; - unsigned toMove = 0; - unsigned thisMove; - - ortn = SSLNewContext(true, &ctx); - if(ortn) { - printSslErrStr("SSLNewContext", ortn); - goto cleanup; - } - ortn = SSLSetIOFuncs(ctx, ringReadFunc, ringWriteFunc); - if(ortn) { - printSslErrStr("SSLSetIOFuncs", ortn); - goto cleanup; - } - ortn = SSLSetConnection(ctx, (SSLConnectionRef)&ringBufs); - if(ortn) { - printSslErrStr("SSLSetConnection", ortn); - goto cleanup; - } - ortn = SSLSetEnabledCiphers(ctx, &sslArgs->cipherSuite, 1); - if(ortn) { - printSslErrStr("SSLSetEnabledCiphers", ortn); - goto cleanup; - } - if(sslArgs->idArray) { - ortn = SSLSetCertificate(ctx, sslArgs->idArray); - if(ortn) { - printSslErrStr("SSLSetCertificate", ortn); - goto cleanup; - } - } - if(sslArgs->trustedRoots) { - ortn = SSLSetTrustedRoots(ctx, sslArgs->trustedRoots, true); - if(ortn) { - printSslErrStr("SSLSetTrustedRoots", ortn); - goto cleanup; - } - } - SSLSetProtocolVersionEnabled(ctx, kSSLProtocolAll, false); - ortn = SSLSetProtocolVersionEnabled(ctx, sslArgs->prot, true); - if(ortn) { - printSslErrStr("SSLSetProtocolVersionEnabled", ortn); - goto cleanup; - } - - /* tell client thread we're ready; wait for sync flag */ - sslArgs->iAmReady = true; - while(!(*sslArgs->goFlag)) { - if(*sslArgs->abortFlag) { - goto cleanup; - } - } - - /* GO handshake */ - sslArgs->startHandshake = CFAbsoluteTimeGetCurrent(); - do { - ortn = SSLHandshake(ctx); - if(*sslArgs->abortFlag) { - goto cleanup; - } - } while (ortn == errSSLWouldBlock); - - if(ortn) { - printSslErrStr("SSLHandshake", ortn); - goto cleanup; - } - - SSLGetNegotiatedCipher(ctx, &sslArgs->negotiatedCipher); - SSLGetNegotiatedProtocolVersion(ctx, &sslArgs->negotiatedProt); - - sslArgs->startData = CFAbsoluteTimeGetCurrent(); - - toMove = sslArgs->xferSize; - - if(toMove == 0) { - sslArgs->endData = sslArgs->startData; - goto cleanup; - } - - /* GO data xfer */ - do { - thisMove = sslArgs->xferSize; - if(thisMove > toMove) { - thisMove = toMove; - } - size_t moved; - ortn = SSLRead(ctx, sslArgs->xferBuf, thisMove, &moved); - switch(ortn) { - case noErr: - break; - case errSSLWouldBlock: - /* cool, try again */ - ortn = noErr; - break; - default: - break; - } - if(ortn) { - printSslErrStr("SSLRead", ortn); - goto cleanup; - } - logRead("server", moved); - if(!sslArgs->runForever) { - toMove -= moved; - } - if(*sslArgs->abortFlag) { - goto cleanup; - } - } while(toMove || sslArgs->runForever); - - sslArgs->endData = CFAbsoluteTimeGetCurrent(); - -cleanup: - if(ortn) { - *sslArgs->abortFlag = true; - } - if(*sslArgs->abortFlag && sslArgs->pauseOnError) { - /* abort for any reason - freeze! */ - testError(CSSM_FALSE); - } - if(ctx) { - SSLClose(ctx); - SSLDisposeContext(ctx); - } - if(ortn) { - printf("***Server thread returning %lu\n", (unsigned long)ortn); - } - return ortn; -} diff --git a/SecurityTests/clxutils/clAppUtils/sslRingBufferThreads.h b/SecurityTests/clxutils/clAppUtils/sslRingBufferThreads.h deleted file mode 100644 index 5046d9ee..00000000 --- a/SecurityTests/clxutils/clAppUtils/sslRingBufferThreads.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * sslRingBufferThreads.h - SecureTransport client and server thread - * routines which use ringBufferIo for I/O (no sockets). - */ - -#include -#include -#include - -#ifndef _SSL_RING_BUFFER_THREADS_H_ -#define _SSL_RING_BUFFER_THREADS_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * arguments to client thread and server pseudothread - */ -typedef struct { - CFArrayRef idArray; /* required for server, optional for client */ - CFArrayRef trustedRoots; /* generally from server's idArray */ - unsigned xferSize; /* total bytes for client to write and server to - * read */ - void *xferBuf; /* move to/from here */ - unsigned chunkSize; /* size of xferBuf; client writes this much at - * a time */ - bool runForever; /* if true, ignore xferSize and move data forever - * or until error */ - SSLCipherSuite cipherSuite; - SSLProtocol prot; - RingBuffer *ringWrite; /* I/O writes to this... */ - RingBuffer *ringRead; /* ...and reads from this */ - - /* client's goFlag is &(server's iAmReady); vice versa */ - bool iAmReady; /* this thread is ready for handshake */ - bool *goFlag; /* when both threads see this, they start - * their handshakes */ - bool *abortFlag; /* anyone sets this on error */ - /* everyone aborts when they see this true */ - bool pauseOnError; /* call testError() on error */ - - /* returned on success */ - SSLProtocol negotiatedProt; - SSLCipherSuite negotiatedCipher; - - CFAbsoluteTime startHandshake; - CFAbsoluteTime startData; - CFAbsoluteTime endData; -} SslRingBufferArgs; - -/* - * Client thread - handshake and write sslArgs->xferSize bytes of data. - */ -void *sslRbClientThread(void *arg); - -/* - * Server function - like clientThread except it runs from the main thread. - * handshake and read sslArgs->xferSize bytes of data. - */ -OSStatus sslRbServerThread(SslRingBufferArgs *sslArgs); - -#ifdef __cplusplus -} -#endif - -#endif /* _SSL_RING_BUFFER_THREADS_H_*/ diff --git a/SecurityTests/clxutils/clAppUtils/sslServe.cpp b/SecurityTests/clxutils/clAppUtils/sslServe.cpp deleted file mode 100644 index c529238d..00000000 --- a/SecurityTests/clxutils/clAppUtils/sslServe.cpp +++ /dev/null @@ -1,380 +0,0 @@ -/* - * sslServe.cpp : perform one server side sesssion - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#define BIND_RETRIES 50 - -#define SERVER_MESSAGE "HTTP/1.0 200 OK\015\012\015\012" \ - "SecureTransport Test Server" \ - "

    Secure connection established.

    " \ - "Message from the 'sslServe' test library.\015\012" \ - "\015\012" - -#define READBUF_LEN 256 - -/* - * When true, delay setting the serverReady semaphore until we've finished - * setting up our SSLContext. This is a workaround for known thread-unsafety - * related to module attach and detach and context create/destroy: - * - * Crash in KCCursorImpl::next - * module/context handles not thread safe - */ -#define SERVER_READY_DELAY 1 - -/* - * params->lock is held for us by runSession() - we use it as a semapahore by - * unlocking it when we've created a port to listen on. - * This is generally run from a thread via sslRunSession() and - * sslServerThread() in sslAppUtils.cpp. - */ -OSStatus sslAppServe( - SslAppTestParams *params) -{ - otSocket listenSock = 0; - otSocket acceptSock = 0; - PeerSpec peerId; - OSStatus ortn = noErr; - SSLContextRef ctx = NULL; - SecKeychainRef serverKc = nil; - CFArrayRef serverCerts = nil; - RingBuffers ringBufs = {params->clientToServerRing, params->serverToClientRing}; - - sslThrDebug("Server", "starting"); - params->negVersion = kSSLProtocolUnknown; - params->negCipher = SSL_NULL_WITH_NULL_NULL; - params->ortn = noHardwareErr; - - if(params->serverToClientRing == NULL) { - /* set up a socket on which to listen */ - for(unsigned retry=0; retryport, params->nonBlocking, - &listenSock); - switch(ortn) { - case noErr: - break; - case opWrErr: - /* port already in use - try another */ - params->port++; - if(params->verbose || THREADING_DEBUG) { - printf("...retrying ListenForClients at port %d\n", - params->port); - } - break; - default: - break; - } - if(ortn != opWrErr) { - break; - } - } - } - - #if !SERVER_READY_DELAY - /* let main thread know a socket is ready */ - if(pthread_mutex_lock(¶ms->pthreadMutex)) { - printf("***Error acquiring server lock; aborting.\n"); - return -1; - } - params->serverReady = true; - if(pthread_cond_broadcast(¶ms->pthreadCond)) { - printf("***Error waking main thread; aborting.\n"); - return -1; - } - if(pthread_mutex_unlock(¶ms->pthreadMutex)) { - printf("***Error acquiring server lock; aborting.\n"); - return -1; - } - - if(ortn) { - printf("ListenForClients returned %d; aborting\n", (int)ortn); - return ortn; - } - - if(params->serverToClientRing == NULL) { - /* wait for a connection */ - if(params->verbose) { - printf("Waiting for client connection..."); - fflush(stdout); - } - ortn = AcceptClientConnection(listenSock, &acceptSock, &peerId); - if(ortn) { - printf("AcceptClientConnection returned %d; aborting\n", (int)ortn); - return ortn; - } - } - #endif /* SERVER_READY_DELAY */ - - /* - * Set up a SecureTransport session. - */ - ortn = SSLNewContext(true, &ctx); - if(ortn) { - printSslErrStr("SSLNewContext", ortn); - goto cleanup; - } - - #if !SERVER_READY_DELAY - if(params->serverToClientRing) { - /* RingBuffer I/O */ - ortn = SSLSetIOFuncs(ctx, ringReadFunc, ringWriteFunc); - if(ortn) { - printSslErrStr("SSLSetIOFuncs", ortn); - goto cleanup; - } - ortn = SSLSetConnection(ctx, (SSLConnectionRef)&ringBufs); - if(ortn) { - printSslErrStr("SSLSetConnection", ortn); - goto cleanup; - } - } - else { - /* normal socket I/O */ - ortn = SSLSetIOFuncs(ctx, SocketRead, SocketWrite); - if(ortn) { - printSslErrStr("SSLSetIOFuncs", ortn); - goto cleanup; - } - ortn = SSLSetConnection(ctx, (SSLConnectionRef)acceptSock); - if(ortn) { - printSslErrStr("SSLSetConnection", ortn); - goto cleanup; - } - } - #endif /* SERVER_READY_DELAY */ - - if(params->anchorFile) { - ortn = sslAddTrustedRoot(ctx, params->anchorFile, - params->replaceAnchors); - if(ortn) { - goto cleanup; - } - } - if(params->myCertKcName != NULL) { - /* if not, better be trying anonymous diff-hellman... :-) */ - serverCerts = getSslCerts(params->myCertKcName, CSSM_FALSE, CSSM_FALSE, NULL, - &serverKc); - if(serverCerts == nil) { - exit(1); - } - if(params->password) { - ortn = SecKeychainUnlock(serverKc, strlen(params->password), - (void *)params->password, true); - if(ortn) { - printf("SecKeychainUnlock returned %d\n", (int)ortn); - /* oh well */ - } - } - if(params->idIsTrustedRoot) { - /* assume this is a root we want to implicitly trust */ - ortn = addIdentityAsTrustedRoot(ctx, serverCerts); - if(ortn) { - goto cleanup; - } - } - ortn = SSLSetCertificate(ctx, serverCerts); - if(ortn) { - printSslErrStr("SSLSetCertificate", ortn); - goto cleanup; - } - } - - if(params->disableCertVerify) { - ortn = SSLSetEnableCertVerify(ctx, false); - if(ortn) { - printSslErrStr("SSLSetEnableCertVerify", ortn); - goto cleanup; - } - } - if(!params->noProtSpec) { - ortn = sslSetProtocols(ctx, params->acceptedProts, params->tryVersion); - if(ortn) { - goto cleanup; - } - } - if(params->resumeEnable) { - ortn = SSLSetPeerID(ctx, &peerId, sizeof(PeerSpec)); - if(ortn) { - printSslErrStr("SSLSetPeerID", ortn); - goto cleanup; - } - } - if(params->ciphers != NULL) { - ortn = sslSetEnabledCiphers(ctx, params->ciphers); - if(ortn) { - goto cleanup; - } - } - if(params->authenticate != kNeverAuthenticate) { - ortn = SSLSetClientSideAuthenticate(ctx, params->authenticate); - if(ortn) { - printSslErrStr("SSLSetClientSideAuthenticate", ortn); - goto cleanup; - } - } - if(params->dhParams) { - ortn = SSLSetDiffieHellmanParams(ctx, params->dhParams, - params->dhParamsLen); - if(ortn) { - printSslErrStr("SSLSetDiffieHellmanParams", ortn); - goto cleanup; - } - } - - #if SERVER_READY_DELAY - /* let main thread know server is fully functional */ - if(pthread_mutex_lock(¶ms->pthreadMutex)) { - printf("***Error acquiring server lock; aborting.\n"); - ortn = internalComponentErr; - goto cleanup; - } - params->serverReady = true; - if(pthread_cond_broadcast(¶ms->pthreadCond)) { - printf("***Error waking main thread; aborting.\n"); - ortn = internalComponentErr; - goto cleanup; - } - if(pthread_mutex_unlock(¶ms->pthreadMutex)) { - printf("***Error acquiring server lock; aborting.\n"); - ortn = internalComponentErr; - goto cleanup; - } - - if(params->serverToClientRing == NULL) { - /* wait for a connection */ - if(params->verbose) { - printf("Waiting for client connection..."); - fflush(stdout); - } - ortn = AcceptClientConnection(listenSock, &acceptSock, &peerId); - if(ortn) { - printf("AcceptClientConnection returned %d; aborting\n", (int)ortn); - return ortn; - } - } - - /* Last part of SSLContext setup, now that we're connected to the client */ - if(params->serverToClientRing) { - /* RingBuffer I/O */ - ortn = SSLSetIOFuncs(ctx, ringReadFunc, ringWriteFunc); - if(ortn) { - printSslErrStr("SSLSetIOFuncs", ortn); - goto cleanup; - } - ortn = SSLSetConnection(ctx, (SSLConnectionRef)&ringBufs); - if(ortn) { - printSslErrStr("SSLSetConnection", ortn); - goto cleanup; - } - } - else { - /* normal socket I/O */ - ortn = SSLSetIOFuncs(ctx, SocketRead, SocketWrite); - if(ortn) { - printSslErrStr("SSLSetIOFuncs", ortn); - goto cleanup; - } - ortn = SSLSetConnection(ctx, (SSLConnectionRef)acceptSock); - if(ortn) { - printSslErrStr("SSLSetConnection", ortn); - goto cleanup; - } - } - - #endif /* SERVER_READY_DELAY */ - - /* Perform SSL/TLS handshake */ - do { - ortn = SSLHandshake(ctx); - if((ortn == errSSLWouldBlock) && !params->silent) { - /* keep UI responsive */ - sslOutputDot(); - } - } while (ortn == errSSLWouldBlock); - - SSLGetClientCertificateState(ctx, ¶ms->certState); - SSLGetNegotiatedCipher(ctx, ¶ms->negCipher); - SSLGetNegotiatedProtocolVersion(ctx, ¶ms->negVersion); - - if(params->verbose) { - printf("\n"); - } - if(ortn) { - goto cleanup; - } - - /* wait for one complete line */ - char readBuf[READBUF_LEN]; - size_t length; - while(ortn == noErr) { - length = READBUF_LEN; - ortn = SSLRead(ctx, readBuf, length, &length); - if (ortn == errSSLWouldBlock) { - /* keep trying */ - ortn = noErr; - continue; - } - if(length == 0) { - /* keep trying */ - continue; - } - - /* poor person's line completion scan */ - for(unsigned i=0; iclientDone && !params->serverAbort && (ortn == params->expectRtn)) { - usleep(100); - } - if(acceptSock) { - endpointShutdown(acceptSock); - } - ringBuffersClose(&ringBufs); /* tolerates NULLs */ - if(listenSock) { - endpointShutdown(listenSock); - } - if(ctx) { - SSLDisposeContext(ctx); - } - params->ortn = ortn; - sslThrDebug("Server", "done"); - return ortn; -} diff --git a/SecurityTests/clxutils/clAppUtils/sslThreading.h b/SecurityTests/clxutils/clAppUtils/sslThreading.h deleted file mode 100644 index 24ddbccc..00000000 --- a/SecurityTests/clxutils/clAppUtils/sslThreading.h +++ /dev/null @@ -1,174 +0,0 @@ -/* - * sslThreading.h - support for two-threaded SSL client/server tests. - */ - -#ifndef _SSL_THREADING_H_ -#define _SSL_THREADING_H_ 1 - -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* "Don't bother verifying" values */ -#define SSL_PROTOCOL_IGNORE ((SSLProtocol)0x123456) -#define SSL_CLIENT_CERT_IGNORE ((SSLClientCertificateState)0x234567) -#define SSL_CIPHER_IGNORE ((SSLCipherSuite)0x345678) - -/* - * Test params passed to both sslClient() and sslServer() - */ -typedef struct { - - /* client side only */ - const char *hostName; - bool skipHostNameCheck; - - /* common */ - unsigned short port; - RingBuffer *serverToClientRing; - RingBuffer *clientToServerRing; - - bool noProtSpec; // if true, don't set protocol in either - // fashion - SSLProtocol tryVersion; // only used if acceptedProts - // NULL - const char *acceptedProts; - const char *myCertKcName; // required for server, - // optional for client - const char *password; // optional, to unlock keychain - bool idIsTrustedRoot; // cert in KC is trusted root - bool disableCertVerify; - const char *anchorFile; // to add/replace anchors - bool replaceAnchors; - SSLAuthenticate authenticate; - bool resumeEnable; - const SSLCipherSuite *ciphers; // optional array of allowed ciphers, - // terminated with SSL_NO_SUCH_CIPHERSUITE - bool nonBlocking; - const unsigned char *dhParams; // optional Diffie-Hellman params - unsigned dhParamsLen; - - /* expected results */ - OSStatus expectRtn; - SSLProtocol expectVersion; - SSLClientCertificateState expectCertState; - SSLCipherSuite expectCipher; - - /* UI parameters */ - bool quiet; - bool silent; - bool verbose; - - /* - * Server semaphore: - * - * -- main thread inits and sets serverReady false - * -- main thread starts up server thread - * -- server thread inits and sets up a socket for listening - * -- server thread sets serverReady true and does pthread_cond_broadcast - */ - pthread_mutex_t pthreadMutex; - pthread_cond_t pthreadCond; - bool serverReady; - - /* - * To ensure error abort is what we expect instead of just - * "peer closed their socket", server avoids closing down the - * socket until client sets this flag. It's just polled, no - * locking. Setting the serverAbort flag skips this - * step to facilitate testing cases where server explicitly - * drops connection (e.g. in response to an unacceptable - * ClientHello). - */ - unsigned clientDone; - bool serverAbort; - - /* - * Returned and also verified by sslRunSession(). - * Conditions in which expected value NOT verified are listed - * in following comments. - * - * NegCipher is only verified if (ortn == noErr). - */ - SSLProtocol negVersion; // SSL_PROTOCOL_IGNORE - SSLCipherSuite negCipher; // SSL_CIPHER_IGNORE - SSLClientCertificateState certState; // SSL_CLIENT_CERT_IGNORE - OSStatus ortn; // always checked - -} SslAppTestParams; - -/* client and server in sslClient.cpp and sslServe.cpp */ -OSStatus sslAppClient( - SslAppTestParams *params); -OSStatus sslAppServe( - SslAppTestParams *params); - -/* - * Run one session, with the server in a separate thread. - * On entry, serverParams->port is the port we attempt to run on; - * the server thread may overwrite that with a different port if it's - * unable to open the port we specify. Whatever is left in - * serverParams->port is what's used for the client side. - */ -int sslRunSession( - SslAppTestParams *serverParams, - SslAppTestParams *clientParams, - const char *testDesc); - -void sslShowResult( - const char *whichSide, // "client" or "server" - SslAppTestParams *params); - - -/* - * Macros which do the repetetive setup/run work - */ -#define SSL_THR_SETUP(serverParams, clientParams, clientDefaults, serverDefault) \ -{ \ - unsigned short serverPort; \ - serverPort = serverParams.port + 1; \ - clientParams = clientDefaults; \ - serverParams = serverDefaults; \ - serverParams.port = serverPort; \ -} - -#define SSL_THR_RUN(serverParams, clientParams, desc, ourRtn) \ -{ \ - thisRtn = sslRunSession(&serverParams, &clientParams, desc); \ - ourRtn += thisRtn; \ - if(thisRtn) { \ - if(testError(clientParams.quiet)) { \ - goto done; \ - } \ - } \ -} - -#define SSL_THR_RUN_NUM(serverParams, clientParams, desc, ourRtn, testNum) \ -{ \ - thisRtn = sslRunSession(&serverParams, &clientParams, desc);\ - ourRtn += thisRtn; \ - if(thisRtn) { \ - printf("***Error on test %u\n", testNum); \ - if(testError(clientParams.quiet)) { \ - goto done; \ - } \ - } \ -} - -#define THREADING_DEBUG 0 -#if THREADING_DEBUG - -#define sslThrDebug(side, end) \ - printf("^^^%s thread %p %s\n", side, pthread_self(), end) -#else /* THREADING_DEBUG */ -#define sslThrDebug(side, end) -#endif /* THREADING_DEBUG */ -#ifdef __cplusplus -} -#endif - -#endif /* _SSL_THREADING_H_ */ diff --git a/SecurityTests/clxutils/clAppUtils/timeStr.cpp b/SecurityTests/clxutils/clAppUtils/timeStr.cpp deleted file mode 100644 index 73e5a12e..00000000 --- a/SecurityTests/clxutils/clAppUtils/timeStr.cpp +++ /dev/null @@ -1,290 +0,0 @@ -#include "timeStr.h" -#include -#include -#include -#include -#include /* for Mutex */ -#include - -/* - * Given a string containing either a UTC-style or "generalized time" - * time string, convert to a struct tm (in GMT/UTC). Returns nonzero on - * error. - */ -int appTimeStringToTm( - const char *str, - unsigned len, - struct tm *tmp) -{ - char szTemp[5]; - unsigned isUtc; - unsigned x; - unsigned i; - char *cp; - - if((str == NULL) || (len == 0) || (tmp == NULL)) { - return 1; - } - - /* tolerate NULL terminated or not */ - if(str[len - 1] == '\0') { - len--; - } - switch(len) { - case UTC_TIME_STRLEN: // 2-digit year, not Y2K compliant - isUtc = 1; - break; - case GENERALIZED_TIME_STRLEN: // 4-digit year - isUtc = 0; - break; - default: // unknown format - return 1; - } - - cp = (char *)str; - - /* check that all characters except last are digits */ - for(i=0; i<(len - 1); i++) { - if ( !(isdigit(cp[i])) ) { - return 1; - } - } - - /* check last character is a 'Z' */ - if(cp[len - 1] != 'Z' ) { - return 1; - } - - /* YEAR */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - if(!isUtc) { - /* two more digits */ - szTemp[2] = *cp++; - szTemp[3] = *cp++; - szTemp[4] = '\0'; - } - else { - szTemp[2] = '\0'; - } - x = atoi( szTemp ); - if(isUtc) { - /* - * 2-digit year. - * 0 <= year < 50 : assume century 21 - * 50 <= year < 70 : illegal per PKIX - * 70 < year <= 99 : assume century 20 - */ - if(x < 50) { - x += 2000; - } - else if(x < 70) { - return 1; - } - else { - /* century 20 */ - x += 1900; - } - } - /* by definition - tm_year is year - 1900 */ - tmp->tm_year = x - 1900; - - /* MONTH */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - szTemp[2] = '\0'; - x = atoi( szTemp ); - /* in the string, months are from 1 to 12 */ - if((x > 12) || (x <= 0)) { - return 1; - } - /* in a tm, 0 to 11 */ - tmp->tm_mon = x - 1; - - /* DAY */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - szTemp[2] = '\0'; - x = atoi( szTemp ); - /* 1..31 in both formats */ - if((x > 31) || (x <= 0)) { - return 1; - } - tmp->tm_mday = x; - - /* HOUR */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - szTemp[2] = '\0'; - x = atoi( szTemp ); - if((x > 23) || (x < 0)) { - return 1; - } - tmp->tm_hour = x; - - /* MINUTE */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - szTemp[2] = '\0'; - x = atoi( szTemp ); - if((x > 59) || (x < 0)) { - return 1; - } - tmp->tm_min = x; - - /* SECOND */ - szTemp[0] = *cp++; - szTemp[1] = *cp++; - szTemp[2] = '\0'; - x = atoi( szTemp ); - if((x > 59) || (x < 0)) { - return 1; - } - tmp->tm_sec = x; - return 0; -} - -/* common time routine used by utcAtNowPlus and genTimeAtNowPlus */ -#define MAX_TIME_STR_LEN 30 - -static Mutex timeMutex; // protects time(), gmtime() - -char *appTimeAtNowPlus(int secFromNow, - timeSpec spec) -{ - struct tm utc; - char *outStr; - time_t baseTime; - - timeMutex.lock(); - baseTime = time(NULL); - baseTime += (time_t)secFromNow; - utc = *gmtime(&baseTime); - timeMutex.unlock(); - - outStr = (char *)CSSM_MALLOC(MAX_TIME_STR_LEN); - - switch(spec) { - case TIME_UTC: - /* UTC - 2 year digits - code which parses this assumes that - * (2-digit) years between 0 and 49 are in century 21 */ - if(utc.tm_year >= 100) { - utc.tm_year -= 100; - } - sprintf(outStr, "%02d%02d%02d%02d%02d%02dZ", - utc.tm_year /* + 1900 */, utc.tm_mon + 1, - utc.tm_mday, utc.tm_hour, utc.tm_min, utc.tm_sec); - break; - case TIME_GEN: - sprintf(outStr, "%04d%02d%02d%02d%02d%02dZ", - /* note year is relative to 1900, hopefully it'll have four valid - * digits! */ - utc.tm_year + 1900, utc.tm_mon + 1, - utc.tm_mday, utc.tm_hour, utc.tm_min, utc.tm_sec); - break; - case TIME_CSSM: - sprintf(outStr, "%04d%02d%02d%02d%02d%02d", - /* note year is relative to 1900, hopefully it'll have - * four valid digits! */ - utc.tm_year + 1900, utc.tm_mon + 1, - utc.tm_mday, utc.tm_hour, utc.tm_min, utc.tm_sec); - break; - } - return outStr; -} - -/* - * Malloc and return UTC (2-digit year) time string, for time with specified - * offset from present. This uses the stdlib gmtime(), which is not thread safe. - * Even though this function protects the call with a lock, the TP also uses - * gmtime. It also does the correct locking for its own calls to gmtime()Êbut - * the is no way to synchronize TP's calls to gmtime() with the calls to this - * one other than only using this one when no threads might be performing TP ops. - */ -char *utcAtNowPlus(int secFromNow) -{ - return appTimeAtNowPlus(secFromNow, TIME_UTC); -} - -/* - * Same thing, generalized time (4-digit year). - */ -char *genTimeAtNowPlus(int secFromNow) -{ - return appTimeAtNowPlus(secFromNow, TIME_GEN); -} - -/* - * Free the string obtained from the above. - */ -void freeTimeString(char *timeStr) -{ - CSSM_FREE(timeStr); -} - -/* - * Convert a CSSM_X509_TIME, which can be in any of three forms (UTC, - * generalized, or CSSM_TIMESTRING) into a CSSM_TIMESTRING. Caller - * must free() the result. Returns NULL if x509time is badly formed. - */ -char *x509TimeToCssmTimestring( - const CSSM_X509_TIME *x509Time, - unsigned *rtnLen) // for caller's convenience -{ - int len = x509Time->time.Length; - const char *inStr = (char *)x509Time->time.Data; // not NULL terminated! - char *rtn; - - *rtnLen = 0; - if((len == 0) || (inStr == NULL)) { - return NULL; - } - rtn = (char *)malloc(CSSM_TIME_STRLEN + 1); - rtn[0] = '\0'; - switch(len) { - case UTC_TIME_STRLEN: - { - /* infer century and prepend to output */ - char tmp[3]; - int year; - tmp[0] = inStr[0]; - tmp[1] = inStr[1]; - tmp[2] = '\0'; - year = atoi(tmp); - - /* - * 0 <= year < 50 : assume century 21 - * 50 <= year < 70 : illegal per PKIX - * 70 < year <= 99 : assume century 20 - */ - if(year < 50) { - /* century 21 */ - strcpy(rtn, "20"); - } - else if(year < 70) { - free(rtn); - return NULL; - } - else { - /* century 20 */ - strcpy(rtn, "19"); - } - memmove(rtn + 2, inStr, len - 1); // don't copy the Z - break; - } - case CSSM_TIME_STRLEN: - memmove(rtn, inStr, len); // trivial case - break; - case GENERALIZED_TIME_STRLEN: - memmove(rtn, inStr, len - 1); // don't copy the Z - break; - - default: - free(rtn); - return NULL; - } - rtn[CSSM_TIME_STRLEN] = '\0'; - *rtnLen = CSSM_TIME_STRLEN; - return rtn; -} - diff --git a/SecurityTests/clxutils/clAppUtils/timeStr.h b/SecurityTests/clxutils/clAppUtils/timeStr.h deleted file mode 100644 index 7d1548a2..00000000 --- a/SecurityTests/clxutils/clAppUtils/timeStr.h +++ /dev/null @@ -1,65 +0,0 @@ -#ifndef _TIME_STR_H_ -#define _TIME_STR_H_ - -#include -#include - -#define UTC_TIME_STRLEN 13 -#define CSSM_TIME_STRLEN 14 /* no trailing 'Z' */ -#define GENERALIZED_TIME_STRLEN 15 - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Given a string containing either a UTC-style or "generalized time" - * time string, convert to a struct tm (in GMT/UTC). Returns nonzero on - * error. - */ -int appTimeStringToTm( - const char *str, - unsigned len, - struct tm *tmp); - -typedef enum { - TIME_UTC, - TIME_CSSM, - TIME_GEN -} timeSpec; - -/* Caller must CSSM_FREE() the resulting string */ -char *appTimeAtNowPlus(int secFromNow, - timeSpec timeSpec); - -/*** for backwards compatibility ***/ - -/* - * Malloc and return UTC (2-digit year) time string, for time with specified - * offset from present. This uses the stdlib gmtime(), which is not thread safe. - * Even though this function protects the call with a lock, the TP also uses - * gmtime. It also does the correct locking for its own calls to gmtime()Êbut - * the is no way to synchronize TP's calls to gmtime() with the calls to this - * one other than only using this one when no threads might be performing TP ops. - */ -char *utcAtNowPlus(int secFromNow); - -/* - * Same thing, generalized time (4-digit year). - */ -char *genTimeAtNowPlus(int secFromNow); - -/* - * Free the string obtained from the above. - */ -void freeTimeString(char *timeStr); - -char *x509TimeToCssmTimestring( - const CSSM_X509_TIME *x509Time, - unsigned *rtnLen); // for caller's convenience - -#ifdef __cplusplus -} -#endif - -#endif /* _TIME_STR_H_ */ diff --git a/SecurityTests/clxutils/clAppUtils/tpUtils.cpp b/SecurityTests/clxutils/clAppUtils/tpUtils.cpp deleted file mode 100644 index 1e5e83d2..00000000 --- a/SecurityTests/clxutils/clAppUtils/tpUtils.cpp +++ /dev/null @@ -1,1215 +0,0 @@ -/* - * tpUtils.cpp - TP and cert group test support - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/* - * Currently, DBs created with SecKeychainCreateNew() do not contain - * the schema for CSSM_DL_DB_RECORD_X509_CERTIFICATE records. Keychain - * code (Certificate::add()) does this on the fly, I don't know why. - * To avoid dependencies on KC - other than SecKeychainCreateNew - we'll - * emulate that "add this schema on the fly" logic here. - * - * Turn this option off if and when Radar 2927378 is approved and - * integrated into Security TOT. - */ -#define FAKE_ADD_CERT_SCHEMA 1 -#if FAKE_ADD_CERT_SCHEMA - -/* defined in SecKeychainAPIPriv.h */ -// static const int kSecAlias = 'alis'; - -/* Macro to declare a CSSM_DB_SCHEMA_ATTRIBUTE_INFO */ -#define SCHEMA_ATTR_INFO(id, name, type) \ - { id, (char *)name, {0, NULL}, CSSM_DB_ATTRIBUTE_FORMAT_ ## type } - -/* Too bad we can't get this from inside of the Security framework. */ -static CSSM_DB_SCHEMA_ATTRIBUTE_INFO certSchemaAttrInfo[] = -{ - SCHEMA_ATTR_INFO(kSecCertTypeItemAttr, "CertType", UINT32), - SCHEMA_ATTR_INFO(kSecCertEncodingItemAttr, "CertEncoding", UINT32), - SCHEMA_ATTR_INFO(kSecLabelItemAttr, "PrintName", BLOB), - SCHEMA_ATTR_INFO(kSecAlias, "Alias", BLOB), - SCHEMA_ATTR_INFO(kSecSubjectItemAttr, "Subject", BLOB), - SCHEMA_ATTR_INFO(kSecIssuerItemAttr, "Issuer", BLOB), - SCHEMA_ATTR_INFO(kSecSerialNumberItemAttr, "SerialNumber", BLOB), - SCHEMA_ATTR_INFO(kSecSubjectKeyIdentifierItemAttr, "SubjectKeyIdentifier", BLOB), - SCHEMA_ATTR_INFO(kSecPublicKeyHashItemAttr, "PublicKeyHash", BLOB) -}; -#define NUM_CERT_SCHEMA_ATTRS \ - (sizeof(certSchemaAttrInfo) / sizeof(CSSM_DB_SCHEMA_ATTRIBUTE_INFO)) - -/* Macro to declare a CSSM_DB_SCHEMA_INDEX_INFO */ -#define SCHEMA_INDEX_INFO(id, indexNum, indexType) \ - { id, CSSM_DB_INDEX_ ## indexType, CSSM_DB_INDEX_ON_ATTRIBUTE } - - -static CSSM_DB_SCHEMA_INDEX_INFO certSchemaIndices[] = -{ - SCHEMA_INDEX_INFO(kSecCertTypeItemAttr, 0, UNIQUE), - SCHEMA_INDEX_INFO(kSecIssuerItemAttr, 0, UNIQUE), - SCHEMA_INDEX_INFO(kSecSerialNumberItemAttr, 0, UNIQUE), - SCHEMA_INDEX_INFO(kSecCertTypeItemAttr, 1, NONUNIQUE), - SCHEMA_INDEX_INFO(kSecSubjectItemAttr, 2, NONUNIQUE), - SCHEMA_INDEX_INFO(kSecIssuerItemAttr, 3, NONUNIQUE), - SCHEMA_INDEX_INFO(kSecSerialNumberItemAttr, 4, NONUNIQUE), - SCHEMA_INDEX_INFO(kSecSubjectKeyIdentifierItemAttr, 5, NONUNIQUE), - SCHEMA_INDEX_INFO(kSecPublicKeyHashItemAttr, 6, NONUNIQUE) -}; -#define NUM_CERT_INDICES \ - (sizeof(certSchemaIndices) / sizeof(CSSM_DB_SCHEMA_INDEX_INFO)) - - -CSSM_RETURN tpAddCertSchema( - CSSM_DL_DB_HANDLE dlDbHand) -{ - return CSSM_DL_CreateRelation(dlDbHand, - CSSM_DL_DB_RECORD_X509_CERTIFICATE, - "CSSM_DL_DB_RECORD_X509_CERTIFICATE", - NUM_CERT_SCHEMA_ATTRS, - certSchemaAttrInfo, - NUM_CERT_INDICES, - certSchemaIndices); -} -#endif /* FAKE_ADD_CERT_SCHEMA */ - -/* - * Given a raw cert, extract DER-encoded normalized subject and issuer names. - */ -static CSSM_DATA_PTR tpGetNormSubject( - CSSM_CL_HANDLE clHand, - const CSSM_DATA *rawCert) -{ - CSSM_RETURN crtn; - CSSM_HANDLE searchHand = CSSM_INVALID_HANDLE; - uint32 numFields; - CSSM_DATA_PTR fieldValue; - - crtn = CSSM_CL_CertGetFirstFieldValue(clHand, - rawCert, - &CSSMOID_X509V1SubjectName, - &searchHand, - &numFields, - &fieldValue); - if(crtn) { - printError("CSSM_CL_CertGetFirstFieldValue", crtn); - return NULL; - } - CSSM_CL_CertAbortQuery(clHand, searchHand); - return fieldValue; -} - -static CSSM_DATA_PTR tpGetNormIssuer( - CSSM_CL_HANDLE clHand, - const CSSM_DATA *rawCert) -{ - CSSM_RETURN crtn; - CSSM_HANDLE searchHand = CSSM_INVALID_HANDLE; - uint32 numFields; - CSSM_DATA_PTR fieldValue; - - crtn = CSSM_CL_CertGetFirstFieldValue(clHand, - rawCert, - &CSSMOID_X509V1IssuerName, - &searchHand, - &numFields, - &fieldValue); - if(crtn) { - printError("CSSM_CL_CertGetFirstFieldValue", crtn); - return NULL; - } - CSSM_CL_CertAbortQuery(clHand, searchHand); - return fieldValue; -} - - -#define SERIAL_NUMBER_BASE 0x33445566 - -/* - * Given an array of certs and an uninitialized CSSM_CERTGROUP, place the - * certs into the certgroup and optionally into one of a list of DBs in - * random order. Optionally the first cert in the array is placed in the - * first element of certgroup. Only error is memory error. It's legal to - * pass in an empty cert array. - */ -CSSM_RETURN tpMakeRandCertGroup( - CSSM_CL_HANDLE clHand, - CSSM_DL_DB_LIST_PTR dbList, - const CSSM_DATA_PTR certs, - unsigned numCerts, - CSSM_CERTGROUP_PTR certGroup, - CSSM_BOOL firstCertIsSubject, // true: certs[0] goes to head - // of certGroup - CSSM_BOOL verbose, - CSSM_BOOL allInDbs, // all certs go to DBs - CSSM_BOOL skipFirstDb) // no certs go to db[0] -{ - unsigned startDex = 0; // where to start processing - unsigned certDex; // into certs and certGroup - unsigned die; - CSSM_RETURN crtn; - - #if TP_DB_ENABLE - if((dbList == NULL) && (allInDbs | skipFirstDb)) { - printf("need dbList for allInDbs or skipFirstDb\n"); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - if(skipFirstDb && (dbList->NumHandles == 1)) { - printf("Need more than one DB for skipFirstDb\n"); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - #else - if(dbList != NULL) { - printf("TP/DB not supported yet\n"); - return CSSMERR_CSSM_INTERNAL_ERROR; - } - #endif - - certGroup->NumCerts = 0; - certGroup->CertGroupType = CSSM_CERTGROUP_DATA; - certGroup->CertType = CSSM_CERT_X_509v3; - certGroup->CertEncoding = CSSM_CERT_ENCODING_DER; - if(numCerts == 0) { - /* legal */ - certGroup->GroupList.CertList = NULL; - return CSSM_OK; - } - - /* make CertList big enough for all certs */ - certGroup->GroupList.CertList = (CSSM_DATA_PTR)CSSM_CALLOC(numCerts, sizeof(CSSM_DATA)); - if(certGroup->GroupList.CertList == NULL) { - printf("Memory error!\n"); - return CSSMERR_CSSM_MEMORY_ERROR; - } - if(firstCertIsSubject) { - certGroup->GroupList.CertList[0] = certs[0]; - certGroup->NumCerts = 1; - startDex = 1; - } - for(certDex=startDex; certDexNumHandles != 0) ) && - ( (die == 1) || allInDbs) ) { - /* put this cert in one of the DBs */ - if(skipFirstDb) { - die = genRand(1, dbList->NumHandles-1); - } - else { - die = genRand(0, dbList->NumHandles-1); - } - if(verbose) { - printf(" ...cert %d to DB[%d]\n", certDex, die); - } - crtn = tpStoreRawCert(dbList->DLDBHandle[die], - clHand, - &certs[certDex]); - if(crtn) { - return crtn; - } - } - else { - /* find a random unused place in certGroupFrag */ - CSSM_DATA_PTR certData; - - while(1) { - die = genRand(0, numCerts-1); - certData = &certGroup->GroupList.CertList[die]; - if(certData->Data == NULL) { - *certData = certs[certDex]; - certGroup->NumCerts++; - if(verbose) { - printf(" ...cert %d to frag[%d]\n", - certDex, die); - } - break; - } - /* else try again and hope we don't spin forever */ - } - } /* random place in certGroup */ - } /* main loop */ - - if(dbList != NULL) { - /* - * Since we put some of the certs in dlDb rather than in certGroup, - * compact the contents of certGroup. Its NumCerts is correct, - * but some of the entries in CertList are empty. - */ - unsigned i; - - for(certDex=0; certDexGroupList.CertList[certDex].Data == NULL) { - /* find next non-NULL cert */ - for(i=certDex+1; iGroupList.CertList[i].Data != NULL) { - if(verbose) { - printf(" ...frag[%d] to frag[%d]\n", - i, certDex); - } - certGroup->GroupList.CertList[certDex] = - certGroup->GroupList.CertList[i]; - certGroup->GroupList.CertList[i].Data = NULL; - break; - } - } - } - } - } - return CSSM_OK; -} - -/* - * Store a cert in specified DL/DB. All attributes are optional except - * as noted (right?). - */ -CSSM_RETURN tpStoreCert( - CSSM_DL_DB_HANDLE dlDb, - const CSSM_DATA_PTR cert, - /* REQUIRED fields */ - CSSM_CERT_TYPE certType, // e.g. CSSM_CERT_X_509v3 - uint32 serialNum, - const CSSM_DATA *issuer, // (shouldn't this be subject?) - // normalized & encoded - /* OPTIONAL fields */ - CSSM_CERT_ENCODING certEncoding, // e.g. CSSM_CERT_ENCODING_DER - const CSSM_DATA *printName, - const CSSM_DATA *subject) // normalized & encoded -{ - CSSM_DB_ATTRIBUTE_DATA attrs[6]; - CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; - CSSM_DB_ATTRIBUTE_DATA_PTR attr = &attrs[0]; - CSSM_DB_UNIQUE_RECORD_PTR recordPtr = NULL; - CSSM_DATA certTypeData; - CSSM_DATA certEncData; - CSSM_DATA_PTR serialNumData; - uint32 numAttributes; - - if(issuer == NULL) { - printf("***For now, must specify cert issuer when storing\n"); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - - /* how many attributes are we storing? */ - numAttributes = 4; // certType, serialNum, issuer, certEncoding - if(printName != NULL) { - numAttributes++; - } - if(subject != NULL) { - numAttributes++; - } - - /* cook up CSSM_DB_RECORD_ATTRIBUTE_DATA */ - recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_X509_CERTIFICATE; - recordAttrs.SemanticInformation = 0; - recordAttrs.NumberOfAttributes = numAttributes; - recordAttrs.AttributeData = attrs; - - /* grind thru the attributes - first the required ones plus certEncoding */ - certTypeData.Data = (uint8 *)&certType; - certTypeData.Length = sizeof(CSSM_CERT_TYPE); - certEncData.Data = (uint8 *)&certEncoding; - certEncData.Length = sizeof(CSSM_CERT_ENCODING); - serialNumData = intToDER(serialNum); - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = (char *)"CertType"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_UINT32; - attr->NumberOfValues = 1; - attr->Value = &certTypeData; - attr++; - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = (char *)"CertEncoding"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_UINT32; - attr->NumberOfValues = 1; - attr->Value = &certEncData; - attr++; - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = (char *)"SerialNumber"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = serialNumData; - attr++; - - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = (char *)"Issuer"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = (CSSM_DATA_PTR)issuer; - attr++; - - /* now the options */ - if(printName != NULL) { - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = (char *)"PrintName"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = (CSSM_DATA_PTR)printName; - attr++; - } - if(subject != NULL) { - attr->Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr->Info.Label.AttributeName = (char *)"Subject"; - attr->Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr->NumberOfValues = 1; - attr->Value = (CSSM_DATA_PTR)subject; - attr++; - } - - /* Okay, here we go */ - CSSM_RETURN crtn = CSSM_DL_DataInsert(dlDb, - CSSM_DL_DB_RECORD_X509_CERTIFICATE, - &recordAttrs, - cert, - &recordPtr); - #if FAKE_ADD_CERT_SCHEMA - if(crtn == CSSMERR_DL_INVALID_RECORDTYPE) { - /* gross hack of inserting this "new" schema that Keychain didn't specify */ - crtn = tpAddCertSchema(dlDb); - if(crtn == CSSM_OK) { - /* Retry with a fully capable DLDB */ - crtn = CSSM_DL_DataInsert(dlDb, - CSSM_DL_DB_RECORD_X509_CERTIFICATE, - &recordAttrs, - cert, - &recordPtr); - } - } - #endif /* FAKE_ADD_CERT_SCHEMA */ - - /* free resources allocated to get this far */ - appFreeCssmData(serialNumData, CSSM_TRUE); - if(recordPtr != NULL) { - CSSM_DL_FreeUniqueRecord(dlDb, recordPtr); - } - if(crtn) { - printError("CSSM_DL_DataInsert", crtn); - } - return crtn; -} - -/* - * Store a cert when we don't already know the required fields. We'll - * extract them or make them up. - */ -CSSM_RETURN tpStoreRawCert( - CSSM_DL_DB_HANDLE dlDb, - CSSM_CL_HANDLE clHand, - const CSSM_DATA_PTR cert) -{ - CSSM_DATA_PTR normSubj; - CSSM_DATA_PTR normIssuer; - CSSM_DATA printName; - CSSM_RETURN crtn; - static uint32 fakeSerialNum = 0; - - normSubj = tpGetNormSubject(clHand, cert); - normIssuer = tpGetNormIssuer(clHand, cert); - if((normSubj == NULL) || (normIssuer == NULL)) { - return CSSM_ERRCODE_INTERNAL_ERROR; - } - printName.Data = (uint8 *)"Some Printable Name"; - printName.Length = strlen((char *)printName.Data); - crtn = tpStoreCert(dlDb, - cert, - CSSM_CERT_X_509v3, - fakeSerialNum++, - normIssuer, - CSSM_CERT_ENCODING_DER, - &printName, - normSubj); - appFreeCssmData(normSubj, CSSM_TRUE); - appFreeCssmData(normIssuer, CSSM_TRUE); - return crtn; -} - -/* - * Generate numKeyPairs key pairs of specified algorithm and size. - * Key labels will be 'keyLabelBase' concatenated with a 4-digit - * decimal number. - */ -CSSM_RETURN tpGenKeys( - CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_HANDLE dbHand, /* keys go here */ - unsigned numKeyPairs, - uint32 keyGenAlg, /* CSSM_ALGID_RSA, etc. */ - uint32 keySizeInBits, - const char *keyLabelBase, /* C string */ - CSSM_KEY_PTR pubKeys, /* array of keys RETURNED here */ - CSSM_KEY_PTR privKeys, /* array of keys RETURNED here */ - CSSM_DATA_PTR paramData) /* optional DSA params */ -{ - CSSM_RETURN crtn; - unsigned i; - char label[80]; - unsigned labelLen = strlen(keyLabelBase); - - memset(pubKeys, 0, numKeyPairs * sizeof(CSSM_KEY)); - memset(privKeys, 0, numKeyPairs * sizeof(CSSM_KEY)); - memmove(label, keyLabelBase, labelLen); - - for(i=0; i=0; dex--) { - thisCert = &certs[dex]; - - thisCert->Data = NULL; - thisCert->Length = 0; - - sprintf(nameStr, "%s%04d", nameBase, dex); - if(issuerName == NULL) { - /* last (root) cert - subject same as issuer */ - issuerName = CB_BuildX509Name(&nameOid, 1); - /* self-signed */ - signerKey = &privKeys[dex]; - } - else { - /* previous subject becomes current issuer */ - CB_FreeX509Name(issuerName); - issuerName = subjectName; - signerKey = &privKeys[dex+1]; - } - subjectName = CB_BuildX509Name(&nameOid, 1); - if((subjectName == NULL) || (issuerName == NULL)) { - printf("Error creating X509Names\n"); - crtn = CSSMERR_CSSM_MEMORY_ERROR; - break; - } - - /* - * not before/after in Y2k-compliant generalized time format. - * These come preformatted from our caller. - */ - notBefore = CB_BuildX509Time(0, notBeforeStr); - notAfter = CB_BuildX509Time(0, notAfterStr); - - /* - * Cook up cert template - * Note serial number would be app-specified in real world - */ - rawCert = CB_MakeCertTemplate(clHand, - SERIAL_NUMBER_BASE + dex, // serial number - issuerName, - subjectName, - notBefore, - notAfter, - &pubKeys[dex], - sigAlg, - NULL, // subj unique ID - NULL, // issuer unique ID - &exten, // extensions - (dex == 0) ? 0 : 1);// numExtensions - - if(rawCert == NULL) { - crtn = CSSM_ERRCODE_INTERNAL_ERROR; - break; - } - - /* Free the stuff we allocd to get here */ - CB_FreeX509Time(notBefore); - CB_FreeX509Time(notAfter); - - /**** sign the cert ****/ - /* 1. get a signing context */ - crtn = CSSM_CSP_CreateSignatureContext(cspHand, - sigAlg, - NULL, // no passphrase for now - signerKey, - &signContext); - if(crtn) { - printError("CreateSignatureContext", crtn); - break; - } - - /* 2. use CL to sign the cert */ - signedCert.Data = NULL; - signedCert.Length = 0; - crtn = CSSM_CL_CertSign(clHand, - signContext, - rawCert, // CertToBeSigned - NULL, // SignScope per spec - 0, // ScopeSize per spec - &signedCert); - if(crtn) { - printError("CSSM_CL_CertSign", crtn); - break; - } - - /* 3. Optionally store the cert in DL */ - if((storeArray != NULL) && storeArray[dex].DBHandle != 0) { - crtn = tpStoreRawCert(storeArray[dex], - clHand, - &signedCert); - if(crtn) { - break; - } - } - - /* 4. delete signing context */ - crtn = CSSM_DeleteContext(signContext); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - break; - } - - /* - * CSSM_CL_CertSign() returned us a mallocd CSSM_DATA. Copy - * its fields to caller's cert. - */ - certs[dex] = signedCert; - - /* and the raw unsigned cert as well */ - appFreeCssmData(rawCert, CSSM_TRUE); - rtn = 0; - } - - /* free resources */ - if(issuerName != NULL) { - CB_FreeX509Name(issuerName); - } - if(subjectName != NULL) { - CB_FreeX509Name(subjectName); - } - return crtn; -} - -/* compare two CSSM_CERTGROUPs, returns CSSM_TRUE on success */ -CSSM_BOOL tpCompareCertGroups( - const CSSM_CERTGROUP *grp1, - const CSSM_CERTGROUP *grp2) -{ - unsigned i; - CSSM_DATA_PTR d1; - CSSM_DATA_PTR d2; - - if(grp1->NumCerts != grp2->NumCerts) { - return CSSM_FALSE; - } - for(i=0; iNumCerts; i++) { - d1 = &grp1->GroupList.CertList[i]; - d2 = &grp2->GroupList.CertList[i]; - - /* these are all errors */ - if((d1->Data == NULL) || - (d1->Length == 0) || - (d2->Data == NULL) || - (d2->Length == 0)) { - printf("compareCertGroups: bad cert group!\n"); - return CSSM_FALSE; - } - if(d1->Length != d2->Length) { - return CSSM_FALSE; - } - if(memcmp(d1->Data, d2->Data, d1->Length)) { - return CSSM_FALSE; - } - } - return CSSM_TRUE; -} - -/* free a CSSM_CERT_GROUP */ -void tpFreeCertGroup( - CSSM_CERTGROUP_PTR certGroup, - CSSM_BOOL freeCertData, // free individual CertList.Data - CSSM_BOOL freeStruct) // free the overall CSSM_CERTGROUP -{ - unsigned dex; - - if(certGroup == NULL) { - return; - } - - if(freeCertData) { - /* free the individual cert Data fields */ - for(dex=0; dexNumCerts; dex++) { - appFreeCssmData(&certGroup->GroupList.CertList[dex], CSSM_FALSE); - } - } - - /* and the array of CSSM_DATAs */ - if(certGroup->GroupList.CertList) { - CSSM_FREE(certGroup->GroupList.CertList); - } - - if(freeStruct) { - CSSM_FREE(certGroup); - } -} - -CSSM_RETURN clDeleteAllCerts(CSSM_DL_DB_HANDLE dlDb) -{ - CSSM_QUERY query; - CSSM_DB_UNIQUE_RECORD_PTR record = NULL; - CSSM_RETURN crtn; - CSSM_HANDLE resultHand; - CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; - - recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_X509_CERTIFICATE; - recordAttrs.NumberOfAttributes = 0; - recordAttrs.AttributeData = NULL; - - /* just search by recordType, no predicates */ - query.RecordType = CSSM_DL_DB_RECORD_X509_CERTIFICATE; - query.Conjunctive = CSSM_DB_NONE; - query.NumSelectionPredicates = 0; - query.SelectionPredicate = NULL; - query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? - query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? - query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA...FIXME - used? - - crtn = CSSM_DL_DataGetFirst(dlDb, - &query, - &resultHand, - &recordAttrs, - NULL, // No data - &record); - switch(crtn) { - case CSSM_OK: - break; // proceed - case CSSMERR_DL_ENDOFDATA: - /* OK, no certs */ - return CSSM_OK; - default: - printError("DataGetFirst", crtn); - return crtn; - } - - crtn = CSSM_DL_DataDelete(dlDb, record); - if(crtn) { - printError("CSSM_DL_DataDelete", crtn); - return crtn; - } - CSSM_DL_FreeUniqueRecord(dlDb, record); - - /* now the rest of them */ - for(;;) { - crtn = CSSM_DL_DataGetNext(dlDb, - resultHand, - &recordAttrs, - NULL, - &record); - switch(crtn) { - case CSSM_OK: - crtn = CSSM_DL_DataDelete(dlDb, record); - if(crtn) { - printError("CSSM_DL_DataDelete", crtn); - return crtn; - } - CSSM_DL_FreeUniqueRecord(dlDb, record); - break; // and go again - case CSSMERR_DL_ENDOFDATA: - /* normal termination */ - break; - default: - printError("DataGetNext", crtn); - return crtn; - } - if(crtn != CSSM_OK) { - break; - } - } - CSSM_DL_DataAbortQuery(dlDb, resultHand); - return CSSM_OK; -} - -/* - * Wrapper for CSSM_TP_CertGroupVerify. What an ugly API. - */ -CSSM_RETURN tpCertGroupVerify( - CSSM_TP_HANDLE tpHand, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_LIST_PTR dbListPtr, - const CSSM_OID *policy, // optional - const CSSM_DATA *fieldOpts, // optional - const CSSM_DATA *actionData, // optional - void *policyOpts, - const CSSM_CERTGROUP *certGroup, - CSSM_DATA_PTR anchorCerts, - unsigned numAnchorCerts, - CSSM_TP_STOP_ON stopOn, // CSSM_TP_STOP_ON_POLICY, etc. - CSSM_TIMESTRING cssmTimeStr,// optional - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR result) // optional, RETURNED -{ - /* main job is building a CSSM_TP_VERIFY_CONTEXT and its components */ - CSSM_TP_VERIFY_CONTEXT vfyCtx; - CSSM_TP_CALLERAUTH_CONTEXT authCtx; - - memset(&vfyCtx, 0, sizeof(CSSM_TP_VERIFY_CONTEXT)); - vfyCtx.Action = CSSM_TP_ACTION_DEFAULT; - if(actionData) { - vfyCtx.ActionData = *actionData; - } - else { - vfyCtx.ActionData.Data = NULL; - vfyCtx.ActionData.Length = 0; - } - vfyCtx.Cred = &authCtx; - - /* CSSM_TP_CALLERAUTH_CONTEXT components */ - /* - typedef struct cssm_tp_callerauth_context { - CSSM_TP_POLICYINFO Policy; - CSSM_TIMESTRING VerifyTime; - CSSM_TP_STOP_ON VerificationAbortOn; - CSSM_TP_VERIFICATION_RESULTS_CALLBACK CallbackWithVerifiedCert; - uint32 NumberOfAnchorCerts; - CSSM_DATA_PTR AnchorCerts; - CSSM_DL_DB_LIST_PTR DBList; - CSSM_ACCESS_CREDENTIALS_PTR CallerCredentials; - } CSSM_TP_CALLERAUTH_CONTEXT, *CSSM_TP_CALLERAUTH_CONTEXT_PTR; - */ - /* zero or one policy here */ - CSSM_FIELD policyId; - if(policy != NULL) { - policyId.FieldOid = (CSSM_OID)*policy; - authCtx.Policy.NumberOfPolicyIds = 1; - authCtx.Policy.PolicyIds = &policyId; - if(fieldOpts != NULL) { - policyId.FieldValue = *fieldOpts; - } - else { - policyId.FieldValue.Data = NULL; - policyId.FieldValue.Length = 0; - } - } - else { - authCtx.Policy.NumberOfPolicyIds = 0; - authCtx.Policy.PolicyIds = NULL; - } - authCtx.Policy.PolicyControl = policyOpts; - authCtx.VerifyTime = cssmTimeStr; // may be NULL - authCtx.VerificationAbortOn = stopOn; - authCtx.CallbackWithVerifiedCert = NULL; - authCtx.NumberOfAnchorCerts = numAnchorCerts; - authCtx.AnchorCerts = anchorCerts; - authCtx.DBList = dbListPtr; - authCtx.CallerCredentials = NULL; - - return CSSM_TP_CertGroupVerify(tpHand, - clHand, - cspHand, - certGroup, - &vfyCtx, - result); -} - -/* - * Open, optionally create, KC-style DLDB. - */ -#define KC_DB_PATH "Library/Keychains" /* relative to home */ - -CSSM_RETURN tpKcOpen( - CSSM_DL_HANDLE dlHand, - const char *kcName, - const char *pwd, // optional to avoid UI - CSSM_BOOL doCreate, - CSSM_DB_HANDLE *dbHand) // RETURNED -{ - char kcPath[300]; - const char *kcFileName = kcName; - char *userHome = getenv("HOME"); - - if(userHome == NULL) { - /* well, this is probably not going to work */ - userHome = (char *)""; - } - sprintf(kcPath, "%s/%s/%s", userHome, KC_DB_PATH, kcFileName); - return dbCreateOpen(dlHand, kcPath, - doCreate, CSSM_FALSE, pwd, dbHand); -} - -/* - * Free the contents of a CSSM_TP_VERIFY_CONTEXT_RESULT returned from - * CSSM_TP_CertGroupVerify(). - */ -CSSM_RETURN freeVfyResult( - CSSM_TP_VERIFY_CONTEXT_RESULT *ctx) -{ - int numCerts = -1; - CSSM_RETURN crtn = CSSM_OK; - - for(unsigned i=0; iNumberOfEvidences; i++) { - CSSM_EVIDENCE_PTR evp = &ctx->Evidence[i]; - switch(evp->EvidenceForm) { - case CSSM_EVIDENCE_FORM_APPLE_HEADER: - /* Evidence = (CSSM_TP_APPLE_EVIDENCE_HEADER *) */ - appFree(evp->Evidence, NULL); - evp->Evidence = NULL; - break; - case CSSM_EVIDENCE_FORM_APPLE_CERTGROUP: - { - /* Evidence = CSSM_CERTGROUP_PTR */ - CSSM_CERTGROUP_PTR cgp = (CSSM_CERTGROUP_PTR)evp->Evidence; - numCerts = cgp->NumCerts; - tpFreeCertGroup(cgp, CSSM_TRUE, CSSM_TRUE); - evp->Evidence = NULL; - break; - } - case CSSM_EVIDENCE_FORM_APPLE_CERT_INFO: - { - /* Evidence = array of CSSM_TP_APPLE_EVIDENCE_INFO */ - if(numCerts < 0) { - /* Haven't gotten a CSSM_CERTGROUP_PTR! */ - printf("***Malformed VerifyContextResult (2)\n"); - crtn = CSSMERR_TP_INTERNAL_ERROR; - break; - } - CSSM_TP_APPLE_EVIDENCE_INFO *evInfo = - (CSSM_TP_APPLE_EVIDENCE_INFO *)evp->Evidence; - for(unsigned k=0; k<(unsigned)numCerts; k++) { - /* Dispose of StatusCodes, UniqueRecord */ - CSSM_TP_APPLE_EVIDENCE_INFO *thisEvInfo = - &evInfo[k]; - if(thisEvInfo->StatusCodes) { - appFree(thisEvInfo->StatusCodes, NULL); - } - if(thisEvInfo->UniqueRecord) { - CSSM_RETURN crtn = - CSSM_DL_FreeUniqueRecord(thisEvInfo->DlDbHandle, - thisEvInfo->UniqueRecord); - if(crtn) { - printError("CSSM_DL_FreeUniqueRecord", crtn); - printf(" Record %p\n", thisEvInfo->UniqueRecord); - break; - } - thisEvInfo->UniqueRecord = NULL; - } - } /* for each cert info */ - appFree(evp->Evidence, NULL); - evp->Evidence = NULL; - break; - } /* CSSM_EVIDENCE_FORM_APPLE_CERT_INFO */ - } /* switch(evp->EvidenceForm) */ - } /* for each evidence */ - if(ctx->Evidence) { - appFree(ctx->Evidence, NULL); - ctx->Evidence = NULL; - } - return crtn; -} - -/* Display verify results */ -static void statusBitTest( - CSSM_TP_APPLE_CERT_STATUS certStatus, - uint32 bit, - const char *str) -{ - if(certStatus & bit) { - printf("%s ", str); - } -} - -void printCertInfo( - unsigned numCerts, // from CertGroup - const CSSM_TP_APPLE_EVIDENCE_INFO *info) -{ - CSSM_TP_APPLE_CERT_STATUS cs; - - for(unsigned i=0; iStatusBits; - printf(" cert %u:\n", i); - printf(" StatusBits : 0x%x", (unsigned)cs); - if(cs) { - printf(" ( "); - statusBitTest(cs, CSSM_CERT_STATUS_EXPIRED, "EXPIRED"); - statusBitTest(cs, CSSM_CERT_STATUS_NOT_VALID_YET, - "NOT_VALID_YET"); - statusBitTest(cs, CSSM_CERT_STATUS_IS_IN_INPUT_CERTS, - "IS_IN_INPUT_CERTS"); - statusBitTest(cs, CSSM_CERT_STATUS_IS_IN_ANCHORS, - "IS_IN_ANCHORS"); - statusBitTest(cs, CSSM_CERT_STATUS_IS_ROOT, "IS_ROOT"); - statusBitTest(cs, CSSM_CERT_STATUS_IS_FROM_NET, "IS_FROM_NET"); - statusBitTest(cs, CSSM_CERT_STATUS_TRUST_SETTINGS_FOUND_USER, - "TRUST_SETTINGS_FOUND_USER"); - statusBitTest(cs, CSSM_CERT_STATUS_TRUST_SETTINGS_FOUND_ADMIN, - "TRUST_SETTINGS_FOUND_ADMIN"); - statusBitTest(cs, CSSM_CERT_STATUS_TRUST_SETTINGS_FOUND_SYSTEM, - "TRUST_SETTINGS_FOUND_SYSTEM"); - statusBitTest(cs, CSSM_CERT_STATUS_TRUST_SETTINGS_TRUST, - "TRUST_SETTINGS_TRUST"); - statusBitTest(cs, CSSM_CERT_STATUS_TRUST_SETTINGS_DENY, - "TRUST_SETTINGS_DENY"); - statusBitTest(cs, CSSM_CERT_STATUS_TRUST_SETTINGS_IGNORED_ERROR, - "TRUST_SETTINGS_IGNORED_ERROR"); - printf(")\n"); - } - else { - printf("\n"); - } - printf(" NumStatusCodes : %u ", - (unsigned)thisInfo->NumStatusCodes); - for(unsigned j=0; jNumStatusCodes; j++) { - printf("%s ", - cssmErrToStr(thisInfo->StatusCodes[j])); - } - printf("\n"); - printf(" Index: %u\n", (unsigned)thisInfo->Index); - } - return; -} - -/* we really only need CSSM_EVIDENCE_FORM_APPLE_CERT_INFO */ -#define SHOW_ALL_VFY_RESULTS 0 - -void dumpVfyResult( - const CSSM_TP_VERIFY_CONTEXT_RESULT *vfyResult) -{ - unsigned numEvidences = vfyResult->NumberOfEvidences; - unsigned numCerts = 0; - printf("Returned evidence:\n"); - for(unsigned dex=0; dexEvidence[dex]; - #if SHOW_ALL_VFY_RESULTS - printf(" Evidence %u:\n", dex); - #endif - switch(ev->EvidenceForm) { - case CSSM_EVIDENCE_FORM_APPLE_HEADER: - { - #if SHOW_ALL_VFY_RESULTS - const CSSM_TP_APPLE_EVIDENCE_HEADER *hdr = - (const CSSM_TP_APPLE_EVIDENCE_HEADER *)(ev->Evidence); - printf(" Form = HEADER; Version = %u\n", hdr->Version); - #endif - break; - } - case CSSM_EVIDENCE_FORM_APPLE_CERTGROUP: - { - const CSSM_CERTGROUP *grp = - (const CSSM_CERTGROUP *)ev->Evidence; - numCerts = grp->NumCerts; - #if SHOW_ALL_VFY_RESULTS - /* parse the rest of this eventually */ - /* Note we depend on this coming before the CERT_INFO */ - printf(" Form = CERTGROUP; numCerts = %u\n", numCerts); - #endif - break; - } - case CSSM_EVIDENCE_FORM_APPLE_CERT_INFO: - { - const CSSM_TP_APPLE_EVIDENCE_INFO *info = - (const CSSM_TP_APPLE_EVIDENCE_INFO *)ev->Evidence; - printCertInfo(numCerts, info); - break; - } - default: - printf("***UNKNOWN Evidence form (%u)\n", - (unsigned)ev->EvidenceForm); - break; - } - } -} - -/* - * Obtain system anchors in CF and in CSSM_DATA form. - * Caller must CFRelease the returned rootArray and - * free() the returned CSSM_DATA array, but not its - * contents - SecCertificates themselves own that. - */ -OSStatus getSystemAnchors( - CFArrayRef *rootArray, /* RETURNED */ - CSSM_DATA **anchors, /* RETURNED */ - unsigned *numAnchors) /* RETURNED */ -{ - OSStatus ortn; - CFArrayRef cfAnchors; - CSSM_DATA *cssmAnchors; - - ortn = SecTrustSettingsCopyUnrestrictedRoots(false, false, true, - &cfAnchors); - if(ortn) { - cssmPerror("SecTrustSettingsCopyUnrestrictedRoots", ortn); - return ortn; - } - unsigned _numAnchors = CFArrayGetCount(cfAnchors); - cssmAnchors = (CSSM_DATA *)malloc(sizeof(CSSM_DATA) * _numAnchors); - unsigned dex; - for(dex=0; dex<_numAnchors; dex++) { - SecCertificateRef root = (SecCertificateRef)CFArrayGetValueAtIndex( - cfAnchors, dex); - ortn = SecCertificateGetData(root, &cssmAnchors[dex]); - if(ortn) { - cssmPerror("SecCertificateGetData", ortn); - return ortn; - } - } - *rootArray = cfAnchors; - *anchors = cssmAnchors; - *numAnchors = _numAnchors; - return noErr; -} - -/* get a SecCertificateRef from a file */ -SecCertificateRef certFromFile( - const char *fileName) -{ - unsigned char *cp = NULL; - unsigned len = 0; - if(readFile(fileName, &cp, &len)) { - printf("***Error reading file %s\n", fileName); - return NULL; - } - SecCertificateRef certRef; - CSSM_DATA certData = {len, cp}; - OSStatus ortn = SecCertificateCreateFromData(&certData, - CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_DER, &certRef); - if(ortn) { - cssmPerror("SecCertificateCreateFromData", ortn); - return NULL; - } - free(cp); - return certRef; -} - diff --git a/SecurityTests/clxutils/clAppUtils/tpUtils.h b/SecurityTests/clxutils/clAppUtils/tpUtils.h deleted file mode 100644 index e8dd72fe..00000000 --- a/SecurityTests/clxutils/clAppUtils/tpUtils.h +++ /dev/null @@ -1,181 +0,0 @@ -/* - * tpUtils.h - TP and cert group test support - */ - -#ifndef _TP_UTILS_H_ -#define _TP_UTILS_H_ - -#include -#include -#include -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define TP_DB_ENABLE 1 - -/* - * Given an array of certs and an uninitialized CSSM_CERTGROUP, place the - * certs into the certgroup and optionally into one of a list of DBs in - * random order. Optionaly the first cert in the array is placed in the - * first element of certgroup. Only error is memory error. It's legal to - * pass in an empty cert array. - */ -CSSM_RETURN tpMakeRandCertGroup( - CSSM_CL_HANDLE clHand, - CSSM_DL_DB_LIST_PTR dbList, - const CSSM_DATA_PTR certs, - unsigned numCerts, - CSSM_CERTGROUP_PTR certGroup, - CSSM_BOOL firstCertIsSubject, // true: certs[0] goes to head - // of certGroup - CSSM_BOOL verbose, - CSSM_BOOL allInDbs, // all certs go to DBs - CSSM_BOOL skipFirstDb); // no certs go to db[0] - -CSSM_RETURN tpStoreCert( - CSSM_DL_DB_HANDLE dlDb, - const CSSM_DATA_PTR cert, - /* REQUIRED fields */ - CSSM_CERT_TYPE certType, // e.g. CSSM_CERT_X_509v3 - uint32 serialNum, - const CSSM_DATA *issuer, // (shouldn't this be subject?) - // normalized & encoded - /* OPTIONAL fields */ - CSSM_CERT_ENCODING certEncoding, // e.g. CSSM_CERT_ENCODING_DER - const CSSM_DATA *printName, - const CSSM_DATA *subject); // normalized & encoded - -/* - * Store a cert when we don't already know the required fields. We'll - * extract them. - */ -CSSM_RETURN tpStoreRawCert( - CSSM_DL_DB_HANDLE dlDb, - CSSM_CL_HANDLE clHand, - const CSSM_DATA_PTR cert); - -/* - * Generate numKeyPairs key pairs of specified algorithm and size. - * Key labels will be 'keyLabelBase' concatenated with a 4-digit - * decimal number. - */ -CSSM_RETURN tpGenKeys( - CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_HANDLE dbHand, /* keys go here */ - unsigned numKeyPairs, - uint32 keyGenAlg, /* CSSM_ALGID_RSA, etc. */ - uint32 keySizeInBits, - const char *keyLabelBase, /* C string */ - CSSM_KEY_PTR pubKeys, /* array of keys RETURNED here */ - CSSM_KEY_PTR privKeys, /* array of keys RETURNED here */ - CSSM_DATA_PTR paramData = NULL); // optional DSA params - -/* - * Generate a cert chain using specified key pairs. The last cert in the - * chain (certs[numCerts-1]) is a root cert, self-signed. - */ -CSSM_RETURN tpGenCerts( - CSSM_CSP_HANDLE cspHand, - CSSM_CL_HANDLE clHand, - unsigned numCerts, - uint32 sigAlg, /* CSSM_ALGID_SHA1WithRSA, etc. */ - const char *nameBase, /* C string */ - CSSM_KEY_PTR pubKeys, /* array of public keys */ - CSSM_KEY_PTR privKeys, /* array of private keys */ - CSSM_DATA_PTR certs, /* array of certs RETURNED here */ - const char *notBeforeStr, /* from genTimeAtNowPlus() */ - const char *notAfterStr); /* from genTimeAtNowPlus() */ - -/* - * Generate a cert chain using specified key pairs. The last cert in the - * chain (certs[numCerts-1]) is a root cert, self-signed. Store - * the certs indicated by corresponding element on storeArray. If - * storeArray[n].DLHandle == 0, the cert is not stored. - */ -CSSM_RETURN tpGenCertsStore( - CSSM_CSP_HANDLE cspHand, - CSSM_CL_HANDLE clHand, - unsigned numCerts, - uint32 sigAlg, /* CSSM_ALGID_SHA1WithRSA, etc. */ - const char *nameBase, /* C string */ - CSSM_KEY_PTR pubKeys, /* array of public keys */ - CSSM_KEY_PTR privKeys, /* array of private keys */ - CSSM_DL_DB_HANDLE *storeArray, /* array of certs stored here */ - CSSM_DATA_PTR certs, /* array of certs RETURNED here */ - const char *notBeforeStr, /* from genTimeAtNowPlus() */ - const char *notAfterStr); /* from genTimeAtNowPlus() */ - -/* free a CSSM_CERT_GROUP */ -void tpFreeCertGroup( - CSSM_CERTGROUP_PTR certGroup, - CSSM_BOOL freeCertData, // free individual CertList.Data - CSSM_BOOL freeStruct); // free the overall CSSM_CERTGROUP - -CSSM_BOOL tpCompareCertGroups( - const CSSM_CERTGROUP *grp1, - const CSSM_CERTGROUP *grp2); - -CSSM_RETURN clDeleteAllCerts(CSSM_DL_DB_HANDLE dlDb); - -/* - * Wrapper for CSSM_TP_CertGroupVerify. - */ -CSSM_RETURN tpCertGroupVerify( - CSSM_TP_HANDLE tpHand, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_LIST_PTR dbListPtr, - const CSSM_OID *policy, // optional - const CSSM_DATA *fieldOpts, // optional - const CSSM_DATA *actionData, // optional - void *policyOpts, - const CSSM_CERTGROUP *certGroup, - CSSM_DATA_PTR anchorCerts, - unsigned numAnchorCerts, - CSSM_TP_STOP_ON stopOn, // CSSM_TP_STOP_ON_POLICY, etc. - CSSM_TIMESTRING cssmTimeStr,// optional - CSSM_TP_VERIFY_CONTEXT_RESULT_PTR result); // RETURNED - -CSSM_RETURN tpKcOpen( - CSSM_DL_HANDLE dlHand, - const char *kcName, - const char *pwd, // optional to avoid UI - CSSM_BOOL doCreate, - CSSM_DB_HANDLE *dbHand); // RETURNED - -CSSM_RETURN freeVfyResult( - CSSM_TP_VERIFY_CONTEXT_RESULT *ctx); - -void printCertInfo( - unsigned numCerts, // from CertGroup - const CSSM_TP_APPLE_EVIDENCE_INFO *info); - -void dumpVfyResult( - const CSSM_TP_VERIFY_CONTEXT_RESULT *vfyResult); - -/* - * Obtain system anchors in CF and in CSSM_DATA form. - * Caller must CFRelease the returned rootArray and - * free() the returned CSSM_DATA array, but not its - * contents - SecCertificates themselves own that. - */ -OSStatus getSystemAnchors( - CFArrayRef *rootArray, /* RETURNED */ - CSSM_DATA **anchors, /* RETURNED */ - unsigned *numAnchors); /* RETURNED */ - -/* get a SecCertificateRef from a file */ -SecCertificateRef certFromFile( - const char *fileName); - -#ifdef __cplusplus -} -#endif -#endif /* _TP_UTILS_H_ */ - diff --git a/SecurityTests/clxutils/clTool/Makefile b/SecurityTests/clxutils/clTool/Makefile deleted file mode 100644 index 354e9deb..00000000 --- a/SecurityTests/clxutils/clTool/Makefile +++ /dev/null @@ -1,54 +0,0 @@ -# name of executable to build -EXECUTABLE=clTool -# C++ source (with .cpp extension) -CPSOURCE= clTool.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lMallocDebug -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/clxutils/clTool/clTool.cpp b/SecurityTests/clxutils/clTool/clTool.cpp deleted file mode 100644 index e634628e..00000000 --- a/SecurityTests/clxutils/clTool/clTool.cpp +++ /dev/null @@ -1,312 +0,0 @@ -/* - * clTool.cpp - menu-driven CL exerciser - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/* - * A list of OIDs we inquire about. - */ -static const CSSM_OID *knownOids[] = -{ - &CSSMOID_X509V1Version, // not always present - &CSSMOID_X509V1SerialNumber, - &CSSMOID_X509V1IssuerNameCStruct, - &CSSMOID_X509V1SubjectNameCStruct, - &CSSMOID_CSSMKeyStruct, - &CSSMOID_X509V1SubjectPublicKeyCStruct, - &CSSMOID_X509V1ValidityNotBefore, - &CSSMOID_X509V1ValidityNotAfter, - &CSSMOID_X509V1SignatureAlgorithmTBS, - &CSSMOID_X509V1SignatureAlgorithm, - &CSSMOID_X509V1Signature, - &CSSMOID_X509V3CertificateExtensionCStruct, - &CSSMOID_KeyUsage, - &CSSMOID_BasicConstraints, - &CSSMOID_ExtendedKeyUsage, - &CSSMOID_CertificatePolicies, - &CSSMOID_NetscapeCertType -}; - -#define NUM_KNOWN_OIDS (sizeof(knownOids) / sizeof(CSSM_OID *)) - -static const char *oidNames[] = -{ - "CSSMOID_X509V1Version", - "CSSMOID_X509V1SerialNumber", - "CSSMOID_X509V1IssuerNameCStruct", - "CSSMOID_X509V1SubjectNameCStruct", - "CSSMOID_CSSMKeyStruct", - "CSSMOID_X509V1SubjectPublicKeyCStruct", - "CSSMOID_X509V1ValidityNotBefore", - "CSSMOID_X509V1ValidityNotAfter", - "CSSMOID_X509V1SignatureAlgorithmTBS", - "CSSMOID_X509V1SignatureAlgorithm", - "CSSMOID_X509V1Signature", - "CSSMOID_X509V3CertificateExtensionCStruct", - "CSSMOID_KeyUsage", - "CSSMOID_BasicConstraints", - "CSSMOID_ExtendedKeyUsage", - "CSSMOID_CertificatePolicies", - "CSSMOID_NetscapeCertType" -}; - -static void usage(char **argv) -{ - printf("Usage: %s certFile\n", argv[0]); - exit(1); -} - -int main(int argc, char **argv) -{ - CSSM_DATA certData = {0, NULL}; - CSSM_CL_HANDLE clHand = CSSM_INVALID_HANDLE; - CSSM_HANDLE cacheHand = CSSM_INVALID_HANDLE; - CSSM_HANDLE searchHand = CSSM_INVALID_HANDLE; - char resp; - CSSM_RETURN crtn; - unsigned fieldDex; - CSSM_DATA_PTR fieldValue; - uint32 numFields; - CSSM_FIELD field; - CSSM_FIELD_PTR fieldPtr; - OidParser parser; - unsigned len; - - if(argc != 2) { - usage(argv); - } - if(readFile(argv[1], &certData.Data, &len)) { - printf("Can't read file %s' aborting.\n", argv[1]); - exit(1); - } - certData.Length = len; - - while(1) { - fpurge(stdin); - printf("a load/attach\n"); - printf("d detach/unload\n"); - printf("c cache the cert\n"); - printf("u uncache the cert\n"); - printf("g get field (uncached)\n"); - printf("G get field (cached)\n"); - printf("f get all fields, then free\n"); - printf("q quit\n"); - printf("Enter command: "); - resp = getchar(); - switch(resp) { - case 'a': - if(clHand != CSSM_INVALID_HANDLE) { - printf("***Multiple attaches; expect leaks\n"); - } - clHand = clStartup(); - if(clHand == CSSM_INVALID_HANDLE) { - printf("***Error attaching to CL.\n"); - } - else { - printf("...ok\n"); - } - break; - - case 'd': - /* - * Notes: - * -- this should cause the CL to free up all cached certs - * no matter what - even if we've done multiple certCache - * ops. However the plugin framework doesn't delete the - * session object on detach (yet) so expect leaks in - * that case. - * -- we don't clear out cacheHand or searchHand here; this - * allows verification of proper handling of bogus handles. - */ - clShutdown(clHand); - clHand = CSSM_INVALID_HANDLE; - printf("...ok\n"); - break; - - case 'c': - /* cache the cert */ - if(cacheHand != CSSM_INVALID_HANDLE) { - printf("***NOTE: a cert is already cached. Expect leaks.\n"); } - crtn = CSSM_CL_CertCache(clHand, &certData, &cacheHand); - if(crtn) { - printError("CSSM_CL_CertCache", crtn); - } - else { - printf("...ok\n"); - } - break; - - case 'u': - /* abort cache */ - crtn = CSSM_CL_CertAbortCache(clHand, cacheHand); - if(crtn) { - printError("CSSM_CL_CertAbortCache", crtn); - } - else { - cacheHand = CSSM_INVALID_HANDLE; - printf("...ok\n"); - } - break; - - case 'g': - /* get one field (uncached) */ - fieldDex = genRand(0, NUM_KNOWN_OIDS - 1); - crtn = CSSM_CL_CertGetFirstFieldValue(clHand, - &certData, - knownOids[fieldDex], - &searchHand, - &numFields, - &fieldValue); - if(crtn) { - printf("***Error fetching field %s\n", oidNames[fieldDex]); - printError("CSSM_CL_CertGetFirstFieldValue", crtn); - break; - } - printf("%s: %u fields found\n", oidNames[fieldDex], (unsigned)numFields); - field.FieldValue = *fieldValue; - field.FieldOid = *(knownOids[fieldDex]); - printCertField(field, parser, CSSM_TRUE); - crtn = CSSM_CL_FreeFieldValue(clHand, knownOids[fieldDex], fieldValue); - if(crtn) { - printError("CSSM_CL_FreeFieldValue", crtn); - /* keep going */ - } - for(unsigned i=1; i 0 ) - switch ( "$argv[1]" ) - case s: - set QUICK_TEST = 1 - shift - breaksw - case l: - set QUICK_TEST = 0 - shift - breaksw - case v: - set VERB = v - shift - breaksw - case n: - set NO_SSL = 1 - shift - breaksw - case f: - set SSL_PING_ENABLE = - set FULL_SSL = YES - shift - breaksw - case t: - set DO_THREAD = 0 - shift - breaksw - case k: - set SKIP_BASIC = 1 - shift - breaksw - case q: - set QUIET = q - set CERTCRL_QUIET = -q - set PINGSSL_QUIET = s - shift - breaksw - default: - cat cltpdvt_usage - exit(1) - endsw -end - -# -# Select 'quick' or 'normal' test params -# -# Note that we disable DB storage of certs in cgVerify and cgConstruct, to avoid -# messing with user's ~/Library/Keychains. -# -if($QUICK_TEST == 1) then - set CGCONSTRUCT_ARGS="d=0" - set CGVERIFY_ARGS="d" - set CGVERIFY_DSA_ARGS="l=20 d" - set CAVERIFY_ARGS= - set EXTENTEST_ARGS= - if($NO_SSL == 1) then - set THREADTEST_ARGS="ecvsyfF l=10" - else - set THREADTEST_ARGS="l=10" - endif - set THREADPING_ARGS="ep o=mr3 l=5" - set P12REENCODE_ARGS="l=2" -else - set CGCONSTRUCT_ARGS="l=100 d=0" - set CGVERIFY_ARGS="l=100 d" - set CAVERIFY_ARGS="l=500" - set CGVERIFY_DSA_ARGS="l=500 d" - set EXTENTEST_ARGS="l=100" - if($NO_SSL == 1) then - set THREADTEST_ARGS="l=100 ecvsyfF" - else - set THREADTEST_ARGS="l=100" - endif - set THREADPING_ARGS="ep o=mr3 l=10" - set P12REENCODE_ARGS="l=10" -endif -# -set CLXUTILS=`pwd` - -if($SKIP_BASIC == 0) then - # - # test RSA, FEE, ECDSA with the following two... - # - $BUILD_DIR/cgConstruct $CGCONSTRUCT_ARGS $QUIET $VERB || exit(1) - $BUILD_DIR/cgConstruct $CGCONSTRUCT_ARGS a=f $QUIET $VERB || exit(1) - $BUILD_DIR/cgConstruct $CGCONSTRUCT_ARGS a=E $QUIET $VERB || exit(1) - $BUILD_DIR/cgVerify $CGVERIFY_ARGS n=2 $QUIET $VERB || exit(1) - $BUILD_DIR/cgVerify $CGVERIFY_ARGS $QUIET $VERB || exit(1) - $BUILD_DIR/cgVerify $CGVERIFY_ARGS a=e $QUIET $VERB || exit(1) - $BUILD_DIR/cgVerify $CGVERIFY_ARGS a=5 $QUIET $VERB || exit(1) - $BUILD_DIR/cgVerify $CGVERIFY_ARGS a=E $QUIET $VERB || exit(1) - # - # And one run for DSA partial key processing; run in the test - # dir to pick up DSA params - # - cd $CLXUTILS/cgVerify - $BUILD_DIR/cgVerify $CGVERIFY_DSA_ARGS a=d $QUIET $VERB || exit(1) - $BUILD_DIR/caVerify $CAVERIFY_ARGS $QUIET $VERB || exit(1) - $BUILD_DIR/caVerify a=E $CAVERIFY_ARGS $QUIET $VERB || exit(1) -endif - -# -# Anchor and intermediate test: once with normal anchors, one with -# Trust Settings. -# -### -### Allow expired anchors until Radar 6133507 is fixed -### -echo "### Warning: allowing expired roots in anchorTest..." -$BUILD_DIR/anchorTest e $QUIET $VERB || exit(1) -$BUILD_DIR/anchorTest t e $QUIET $VERB || exit(1) -$CLXUTILS/anchorTest/intermedTest $QUIET || exit(1) -$CLXUTILS/anchorTest/intermedTest t $QUIET || exit(1) -$BUILD_DIR/trustAnchors $QUIET || exit(1) - -cd $CLXUTILS -./updateCerts - -$BUILD_DIR/certSerialEncodeTest $QUIET || exit(1) - -# -# certcrl script tests require files relative to cwd -# -cd $CLXUTILS/certcrl/testSubjects/X509tests -$BUILD_DIR/certcrl -S x509tests.scr $CERTCRL_QUIET || exit(1) -cd $CLXUTILS/certcrl/testSubjects/smime -$BUILD_DIR/certcrl -S smime.scr $CERTCRL_QUIET || exit(1) -# -# disable expiredRoot test since it makes assumptions about -# store.apple.com which are no longer true %%%FIXME! -#cd $CLXUTILS/certcrl/testSubjects/expiredRoot -#$BUILD_DIR/certcrl -S expiredRoot.scr $CERTCRL_QUIET || exit(1) -# -cd $CLXUTILS/certcrl/testSubjects/expiredCerts -$BUILD_DIR/certcrl -S expiredCerts.scr $CERTCRL_QUIET || exit(1) -# -cd $CLXUTILS/certcrl/testSubjects/anchorAndDb -$BUILD_DIR/certcrl -S anchorAndDb.scr $CERTCRL_QUIET || exit(1) -# -cd $CLXUTILS/certcrl/testSubjects/hostNameDot -$BUILD_DIR/certcrl -S hostNameDot.scr $CERTCRL_QUIET || exit(1) -# -# one with normal anchors, one with Trust Settings -cd $CLXUTILS/certcrl/testSubjects/AppleCerts -$BUILD_DIR/certcrl -S AppleCerts.scr $CERTCRL_QUIET || exit(1) -$BUILD_DIR/certcrl -S AppleCerts.scr -g $CERTCRL_QUIET || exit(1) -# -# one with normal anchors, one with Trust Settings -# This will fail if you have userTrustSettings.plist, from ../trustSettings, -# installed! -# Note this should eventually be renamed to something like SWUpdateSigning... -cd $CLXUTILS/certcrl/testSubjects/AppleCodeSigning -$BUILD_DIR/certcrl -S AppleCodeSigning.scr $CERTCRL_QUIET || exit(1) -$BUILD_DIR/certcrl -S AppleCodeSigning.scr -g $CERTCRL_QUIET || exit(1) -# -cd $CLXUTILS/certcrl/testSubjects/CodePkgSigning -$BUILD_DIR/certcrl -S CodePkgSigning.scr $CERTCRL_QUIET || exit(1) -# -cd $CLXUTILS/certcrl/testSubjects/localTime -$BUILD_DIR/certcrl -S localTime.scr $CERTCRL_QUIET || exit(1) -# -# one with normal anchors, one with Trust Settings -cd $CLXUTILS/certcrl/testSubjects/serverGatedCrypto -$BUILD_DIR/certcrl -S sgc.scr $CERTCRL_QUIET || exit(1) -$BUILD_DIR/certcrl -S sgc.scr -g $CERTCRL_QUIET || exit(1) -# -cd $CLXUTILS/certcrl/testSubjects/crlTime -$BUILD_DIR/certcrl -S crlTime.scr $CERTCRL_QUIET || exit(1) -cd $CLXUTILS/certcrl/testSubjects/implicitAnchor -$BUILD_DIR/certcrl -S implicitAnchor.scr $CERTCRL_QUIET || exit(1) -cd $CLXUTILS/certcrl/testSubjects/crossSigned -$BUILD_DIR/certcrl -S crossSigned.scr $CERTCRL_QUIET || exit(1) -cd $CLXUTILS/certcrl/testSubjects/emptyCert -$BUILD_DIR/certcrl -S emptyCert.scr $CERTCRL_QUIET || exit(1) -cd $CLXUTILS/certcrl/testSubjects/emptySubject -$BUILD_DIR/certcrl -S emptySubject.scr $CERTCRL_QUIET || exit(1) -cd $CLXUTILS/certcrl/testSubjects/qualCertStatment -$BUILD_DIR/certcrl -S qualCertStatement.scr $CERTCRL_QUIET || exit(1) -cd $CLXUTILS/certcrl/testSubjects/ipSec -$BUILD_DIR/certcrl -S ipSec.scr $CERTCRL_QUIET || exit(1) -# -# ECDSA certs, lots of 'em -# -cd $CLXUTILS/certcrl/testSubjects/NSS_ECC -$BUILD_DIR/certcrl -S nssecc.scr $CERTCRL_QUIET || exit(1) -$BUILD_DIR/certcrl -S msEcc.scr $CERTCRL_QUIET || exit(1) -$BUILD_DIR/certcrl -S opensslEcc.scr $CERTCRL_QUIET || exit(1) - -# -# CRL/OCSP tests -# once each with normal anchors, one with Trust Settings -# -# Until Verisign gets their CRL server fixed, we have to allow the disabling of the -# CRL test.... -# -if($NO_SSL == 0) then - cd $CLXUTILS - if($FULL_SSL == YES) then - cd $CLXUTILS/certcrl/testSubjects/crlFromSsl - $BUILD_DIR/certcrl -S crlssl.scr $CERTCRL_QUIET || exit(1) - $BUILD_DIR/certcrl -S crlssl.scr -g $CERTCRL_QUIET || exit(1) - endif - cd $CLXUTILS/certcrl/testSubjects/ocspFromSsl - # this test makes assumptions about store.apple.com which are no longer - # true, so need to disable the test for now. %%%FIXME! - #$BUILD_DIR/certcrl -S ocspssl.scr $CERTCRL_QUIET || exit(1) - #$BUILD_DIR/certcrl -S ocspssl.scr -g $CERTCRL_QUIET || exit(1) -endif -# -$BUILD_DIR/extenTest $EXTENTEST_ARGS $QUIET $VERB || exit(1) -$BUILD_DIR/extenTestTp $EXTENTEST_ARGS $QUIET $VERB || exit(1) -$BUILD_DIR/sslSubjName $QUIET $VERB || exit(1) -$BUILD_DIR/smimePolicy $QUIET $VERB || exit(1) -$BUILD_DIR/certLabelTest $CERTCRL_QUIET || exit(1) - -# -# extendAttrTest has to be run from specific directory for access to keys and certs -# -cd $CLXUTILS/extendAttrTest -$BUILD_DIR/extendAttrTest -k $BUILD_DIR/eat.keychain $CERTCRL_QUIET || exit(1) - -# -# threadTest relies on a cert file in cwd -# -if($DO_THREAD == 1) then - cd $CLXUTILS/threadTest - $BUILD_DIR/threadTest $THREADTEST_ARGS $QUIET $VERB || exit(1) -endif -# -# CMS tests have to be run from specific directory for access to keychain and certs -# -cd $CLXUTILS/newCmsTool/blobs -./cmstestHandsoff $CERTCRL_QUIET || exit(1) -./cmsEcdsaHandsoff $CERTCRL_QUIET || exit(1) - -# -# This one uses a number of p12 files in cwd -# -# we may never see this again.... -# -# echo ==== skipping p12Reencode for now, but I really want this back === -# cd $CLXUTILS/p12Reencode -# ./doReencode $P12REENCODE_ARGS $QUIET || exit(1) -# - -# -# Import/export tests, always run from here with no default ACL (to avoid UI). -# -cd $CLXUTILS/importExport -./importExport n $QUIET || exit(1) - -# sslEcdsa test removed pending validation of tls.secg.org server -# -# $BUILD_DIR/sslEcdsa $CERTCRL_QUIET || exit(1) - -# -# Full SSL tests run: -# -- once with blocking socket I/O -# -- once with nonblocking socket I/O -# -- once with RingBuffer I/O, no verifyPing -# -if($NO_SSL == 0) then - cd $CLXUTILS/sslScripts - ./makeLocalCert a || exit(1) - ./ssldvt $SSL_PING_ENABLE $QUIET $VERB || exit(1) - ./ssldvt $SSL_PING_ENABLE $QUIET $VERB b || exit(1) - ./ssldvt n $QUIET $VERB R || exit(1) - ./removeLocalCerts -endif -if($FULL_SSL == YES) then - $BUILD_DIR/threadTest $THREADPING_ARGS $QUIET $VERB || exit(1) -endif - -echo ==== cltpdvt success ==== - diff --git a/SecurityTests/clxutils/cltpdvt_usage b/SecurityTests/clxutils/cltpdvt_usage deleted file mode 100644 index 9d6d12cb..00000000 --- a/SecurityTests/clxutils/cltpdvt_usage +++ /dev/null @@ -1,10 +0,0 @@ -Usage: cltpdvt [options] -Options: - l long test - v verbose output - q quiet output - n no SSL (not even local loopback tests) - f full SSL test - k skip basic cert group tests - t no threadTest - h help diff --git a/SecurityTests/clxutils/clxutils.pbproj/project.pbxproj b/SecurityTests/clxutils/clxutils.pbproj/project.pbxproj deleted file mode 100644 index ae3b00db..00000000 --- a/SecurityTests/clxutils/clxutils.pbproj/project.pbxproj +++ /dev/null @@ -1,70 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 38; - objects = { - 055C346A044F0AF9006A3C68 = { - children = ( - ); - isa = PBXGroup; - refType = 4; - }; - 055C346C044F0AF9006A3C68 = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = NO; - }; - isa = PBXBuildStyle; - name = Development; - }; - 055C346D044F0AF9006A3C68 = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = YES; - }; - isa = PBXBuildStyle; - name = Deployment; - }; - 055C346E044F0AF9006A3C68 = { - buildStyles = ( - 055C346C044F0AF9006A3C68, - 055C346D044F0AF9006A3C68, - ); - hasScannedForEncodings = 1; - isa = PBXProject; - mainGroup = 055C346A044F0AF9006A3C68; - projectDirPath = ""; - targets = ( - 055C346F044F0B1B006A3C68, - ); - }; - 055C346F044F0B1B006A3C68 = { - buildArgumentsString = "$ACTION \"SRCROOT=$SRCROOT\" \"OBJROOT=$OBJROOT\" \"DSTROOT=$DSTROOT\" \"SRCROOT=$SRCROOT\""; - buildPhases = ( - ); - buildSettings = { - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = cspxutils; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - buildToolPath = /usr/bin/gnumake; - dependencies = ( - ); - isa = PBXLegacyTarget; - name = clxutils; - passBuildSettingsInEnvironment = 1; - productName = cspxutils; - settingsToExpand = 6; - settingsToPassInEnvironment = 287; - settingsToPassOnCommandLine = 280; - }; - }; - rootObject = 055C346E044F0AF9006A3C68; -} diff --git a/SecurityTests/clxutils/cmsTime/Makefile b/SecurityTests/clxutils/cmsTime/Makefile deleted file mode 100644 index 54390884..00000000 --- a/SecurityTests/clxutils/cmsTime/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -# name of executable to build -EXECUTABLE=cmsTime -# C++ source (with .cpp extension) -CPSOURCE= cmsTime.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= -framework CoreFoundation -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -# -# Optional files on which *.{c,cpp} depend -# -HDR_DEPENDS=../clAppUtils/certVerify.h - -include ../Makefile.cdsa diff --git a/SecurityTests/clxutils/cmsTime/cmsTime.cpp b/SecurityTests/clxutils/cmsTime/cmsTime.cpp deleted file mode 100644 index b87102aa..00000000 --- a/SecurityTests/clxutils/cmsTime/cmsTime.cpp +++ /dev/null @@ -1,156 +0,0 @@ -/* - * cmsTime.cpp - measure performance of CMS decode & verify - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define LOOPS_DEF 100 -#define SIGNED_FILE "noRoot.p7" - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" -l loops -- loops; default %d; 0=forever\n", LOOPS_DEF); - printf(" -i inFile -- input file; default is %s\n", SIGNED_FILE); - printf(" -K -- set empty KC list\n"); - /* etc. */ - exit(1); -} - -/* perform one CMS decode */ -static OSStatus doDecode( - const void *cmsData, - size_t cmsDataLen, - SecPolicyRef policyRef, - CFArrayRef kcArray) /* optional */ - -{ - OSStatus ortn; - CMSDecoderRef cmsDecoder = NULL; - - CMSDecoderCreate(&cmsDecoder); - if(kcArray) { - ortn = CMSDecoderSetSearchKeychain(cmsDecoder, kcArray); - if(ortn) { - cssmPerror("CMSDecoderSetSearchKeychain", ortn); - return ortn; - } - } - ortn = CMSDecoderUpdateMessage(cmsDecoder, cmsData, cmsDataLen); - if(ortn) { - cssmPerror("CMSDecoderUpdateMessage", ortn); - return ortn; - } - ortn = CMSDecoderFinalizeMessage(cmsDecoder); - if(ortn) { - cssmPerror("CMSDecoderFinalizeMessage", ortn); - return ortn; - } - - CMSSignerStatus signerStatus; - ortn = CMSDecoderCopySignerStatus(cmsDecoder, 0, policyRef, true, &signerStatus, NULL, NULL); - if(ortn) { - cssmPerror("CMSDecoderCopySignerStatus", ortn); - return ortn; - } - if(signerStatus != kCMSSignerValid) { - printf("***Bad signerStatus (%d)\n", (int)signerStatus); - ortn = -1; - } - CFRelease(cmsDecoder); - return ortn; -} - -int main(int argc, char **argv) -{ - unsigned dex; - - CFArrayRef emptyKCList = NULL; - unsigned char *blob = NULL; - unsigned blobLen; - SecPolicyRef policyRef = NULL; - - /* user-spec'd variables */ - unsigned loops = LOOPS_DEF; - char *blobFile = SIGNED_FILE; - bool emptyList = false; /* specify empty KC list */ - - extern char *optarg; - int arg; - while ((arg = getopt(argc, argv, "l:i:Kh")) != -1) { - switch (arg) { - case 'l': - loops = atoi(optarg); - break; - case 'i': - blobFile = optarg; - break; - case 'K': - emptyList = true; - emptyKCList = CFArrayCreate(NULL, NULL, 0, &kCFTypeArrayCallBacks); - break; - case 'h': - usage(argv); - } - } - if(optind != argc) { - usage(argv); - } - - if(readFile(blobFile, &blob, &blobLen)) { - printf("***Error reading %s\n", blobFile); - exit(1); - } - /* cook up reusable policy object */ - SecPolicySearchRef policySearch = NULL; - OSStatus ortn = SecPolicySearchCreate(CSSM_CERT_X_509v3, - &CSSMOID_APPLE_X509_BASIC, - NULL, // policy opts - &policySearch); - if(ortn) { - cssmPerror("SecPolicySearchCreate", ortn); - exit(1); - } - ortn = SecPolicySearchCopyNext(policySearch, &policyRef); - if(ortn) { - cssmPerror("SecPolicySearchCopyNext", ortn); - exit(1); - } - CFRelease(policySearch); - - CFAbsoluteTime startTimeFirst; - CFAbsoluteTime endTimeFirst; - CFAbsoluteTime startTimeMulti; - CFAbsoluteTime endTimeMulti; - - /* GO */ - startTimeFirst = CFAbsoluteTimeGetCurrent(); - if(doDecode(blob, blobLen, policyRef, emptyKCList)) { - exit(1); - } - endTimeFirst = CFAbsoluteTimeGetCurrent(); - - startTimeMulti = CFAbsoluteTimeGetCurrent(); - for(dex=0; dexm&MMbLuzJ{t5Yq70WTdj4fMeX<~-2ft;PNy^d;hotZ-*?Y`yZ794 z?stKnX6>0jC;u4}vV=`~pobv{V*qQK1@9dy>|j9wqX3Xe@1{o#2XyKb93}7!0wvU_ zPPtlz%2aY6wHC!yiQ2Uq!ka#bNKtG514h1v5(->}{(ro=#D9N?P8l2~BW)}&!WYO# zXrjUp3{zQcKLX|m2M|K8IAM?gY79c-z|s)R9k|lSfX?AYD`e>ej*8VPU1~C+RINs* zNQkvl(fNej8=D3^%`hs*br>eWwK}y*mW+mKaXdw)Oh&_Xx>WO9;t=3Co(TjP@b$xl ze7-;+B}3t;5WI^yfk{L4?1t-&l!?Go5^(Jx;Pu{FLv}Xu6eW?U2$pFy$+&l-It3UZ zm(fduEGSeX#G;USI&6d>N^^nU_C^)N#d7x+)a+ec1>1d49}@bUu_CPPx}w{jt|%A7 ziy9Wp2#PTNN?*CREMUdHb(6z#>=+9lx^&(s4wy{K%BncJrRd2SD0Io?`otw@ZfSGZ z&J}Cd5I;Z9DxB?%mS`IvJzpe3EM--$9C~bYYhP*uJ-lwKCaOcu4zAezDqkRmGg+PG zN}_PPgXcp^PDE_ozD>W>&JaF6BJYoB@sJ{?Shi(R$8NWEE=-l>mRxbG_vaSf+r0Q@ zYtO-3P2HI-rw~~u(U0y|njNZwT#6j>MQce4(rLKLXl3-G{1lIcloWGt{X{FBBp=1C3&4InU}j3$)S3e{ks zI5*6+uxK7v{3_wDeDA>WtGjzE?qy!@o!h^VU6m9ky;HqCdP{hdN5>vS>^^Ttcunta zW*X6ToFwv1X>8dl}aFxHWHl$88=kQfHBZt{)OK#2o#L7NndFJ%88pIKVLr z%Zf857S|EDR)vaX8XU6)Hs-V?$J!jC(du*+<^b%?IXZ{^59wo5fQNaG!EqAfT0*%> znJ6QaY8AQ&*QO~GaUD8anWof{8O#m1n2}V@#D8^$I0WN?sUtQd<;>L#+sA9wuziAw zLHi9#+iV{`@W=eY;2`aTnM0v3Uoc%TUHVomY^WH`wAo#TLXz!`FsX?zYeg}-m=_D$ zy33`GiW8}bX2*B;2C5w&v|o4<_t+t=J$p=`?D6rai_n!j5<0jBCrYPn9H%Mj>-vqC zC*3n^&Ej)SB8KHpkDQ8yZl0V=ysN(((`QnT@%}twA7ptvSP#pu)zu!UzoeECeABQX08=WWYvT0J_T&a9=Bj%3({i z$}|~)&zB|O$-Z6~KVUR#q(03Snp4mt$+^$)KF_RP)v%hC-PCaGy<`Ob&` z5IXJgsu22|=;un%k2RuK`+krmoVp%3VSR3M`9#WT2ZoW@=`JZrID2FAnppS3zTKZq zFDgJI@%Ykjo;~~U>oZmh8lT?xyJO=JCx}S@aj|oT@muE!f}3v5mnVe|ERV+{F(ceX zTIe*{{DAUph-awpyy>zgBP1ZbHgcR(F~&$>36TwGWCp?Pkg+$P+HI*p3l9vOoKg|B zKf@wsowNyL(5!hh2!V|LHVBsVHrMe1jWK+Ou(p92Sd!^2ayY7YlNLmb5M|6uePwwd zt1Ld!>DF>@P0+dGnIuHw%+@t*Hj(;sBs z2s*ScZeE>sX|$E~CyvYVi16d$und0g^VQpGYjf9sD6h$pU*VTGRlbZ(vbZ{7=&JJ< Dt{_-E diff --git a/SecurityTests/clxutils/cmsTime/withRoot.p7 b/SecurityTests/clxutils/cmsTime/withRoot.p7 deleted file mode 100644 index 8966e8108df67495621c6246e285efc9ef8c7db6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6648 zcmds6d015C8fS(PoIx%D?xK8xz%VRxMg)~bg<+9c6;Q);ILsX2#LS%WoHGcaA>fvZ zWmkRD$1TmBT)LGRX_{p&WqH$b*PBajZKh?JdEf7xGs6s~PyN#$A;S5#_j{M$`+MIr z5YxPrnwcYK{_HFBmam#dOq0uGIv+ym)hX&4tBK@k#;SE6 zx^D$F?JUjLX&n!bSk~tirBg=6M6vE0IO)8>XyQnNou|#5)@aY9%~WuG0v`n30)bY#frlVq(N`5(526yO~E}rX)n9K=>($upr-QQU_5q zqOI6F?V@O_&Ca6=m}{3ubD*&x$HfI5B;`2N5r2bH9K|EbV&m&jjvko-7Lp}e4Wf8s zEJmG@s-=0g4n$2=sbF3LEn*-F5MnS0#~AOFTwG981irR&$i#^8SF4mp@FHLtJ6{92 zkWTVsv`Wd*&r${+CkLL$rK~Uqpekg{w6Sh9Re@}dCs@#Drm`$4OjjF)$4H1UC?p1n zG-DNT9G&+wEN_Kiwc`+r#FvSvL@6l0BsVun<+?@BQY25Q!`ruEAJP?S$DIgnP-4k& zyj^k;#TQW|Yplwl>Ht@?RoyNi8ad8_BrFP_juhl5jT~nwq*#_=)gh0O2IvzGVF5~( z;_a+en84$yD*XMBMkO{#Wh#&2M65flj&``)`2c>GY;0HTkM(ks>8g{vN`ItICT%6n z5blQ+`jdBe5b(I$g?JW0=2NVML`(yY0r>18XXzPRo$CR&=n>H_I7B>ar=n4~tHfvl zN8-;vX-&rqA7>7RjO%r%e+sGwu!ste0k@h&Gy#DrrU(?K(P+|06LLGH4l_jx{GbM! zi*#MWIy-z4qk{niP@g%PGDDdHnsh=3?{kYZ5CX_T7L0fNplECck~9LcI#8?KD%@uR zvZxjEtv#0k&;kMF=yQR7oH?m<9uZ_Im6~!hQ~vO>5-F8<1wahi3FM(@>ST5hh(L5o zCyhAIt1xlcIf{+pY?Lv=glb5ZCdt{=0ctgjz>G?Yhdp=z z?uMT=(I~{6NGIl0g+xYTgv97XP;irJ-dKh3P6y{eR8fREA`z2`(qSRVGqhT~R=@+e z6{xTpR8T67!UtF>whDv~)|+sE)ed_> z6Z|Os!mQ~`J4e!GU?xZSBs5})pILQEmMuw?Ib{m`lEdYNK)gY$)8Oq2D zV02bQvBE$RlK?G_otSnnd@$YNpyXYBQBj^jpE0`FFwPK946TWS+Nuo4vjy4dhSb8s z+zi7wSTLle7G>-4q7V;^6|L5(o{i`5F)_15MX-Ht)y=ht{Gl$ctmoz!iJ&_k0+!B) zG*P?W3gK|3_g~UL681wk@6Doky`5z#E3cLu<7~)89OIw3>2fV^E?g|Z z+buAzrZ_HCG%j=c!u?L@@EooY)OVbC#C9cg!)mAyDFkk7Ym)_P5+0+X#8d-#{bd^z zO|qW#n8n%+k$NV{m_MZ&P!I$-+X@_A1Fa@yCT$#L0)yOyKtt_jFb0d`wL%P%)Geo= zutBl93S<#mcD0*dU8D$yBH;xR-f@Un0>{xI4`+hZd~=`&$Qy{|X&D<*hgBdB@eB`| zf=^MHU3~ix>OZ)`p}j`oBMC-YWL7Bf8;im(+F@O^a7y8gxfUwFLMb+$M3PD&pQ`c@ zzE(9UGl(YnC-6UEm8V=LmwWo{yh!*uUzKGFcrh*)-jh8`6kdVy(o|g-5$Xj4RbWtY z6*-xQ_Xv1Bz~~3kR2TAfkti45Pj%6R25<8W43)M)r_3?XN1{xYqM++Aqil||<5T)n zqF)bRB3?%f9HdK#i;Ishg<*orkVw-76MaQ_-6eTWF?p1woMMFyj#qr8tosut3$C3b zNSnxM^VV)2vs&K$*$t_g zzxqtf+Ih0-P)}9W61}{rH9u)sUehL{@WmpV8lj95}sTNQBpvDJ$Q7 zasHkCvdnRxZ!nHS(-&<&xME`6B>w8JQ(DsdqlN62AAT)LR(O-ELjzS~i+7y0x2m$& zzhoP=*W^E9<=p!-R;cdAP?}j(YC6Yv;8*&lo>9~4t-}^ z&rwglzNEQYqpkgT-@u!98ma=GiV9>J?&^d0nqO@hR9Xa*V!67l1pYa{PXV*Bd+p=BVj~p3P<-@+4_qx*8e)zYn zEw^^e=&|=w6w%}v1AtyE0$SElMWXSjJD$4{ff!hw1G|i+IH8NvlQv2hKsDrXR$XtRC!SLU`acAHotg;8Yd(R&didmruAq&=hcQsc*&5mit!X-4Lv!$fgl+&4 zf_Hib_IYGx=u>r3M5Hqf0nS12<}Rd9Oofy_BX}YG1ZYG03{4<(@K5-H^chI#2FAg6 z{LuKJrT<8q8&|r54`*{@iwDv8yc{rijQ;Z2wuPqgldff*=rZc9>+FJU(SM&TP1&!NW!Vf|%W=ki+6OzVNXDMMmy7|&``FHOuURznNdG-4||FX}Rma=hV zYk1q}_@_I6O5EG<X8-v zrmy;{eEFrN_XBUQJ2_?h-7|*JaOHw&+-F_;oYQY?4!d<_nYP=Z-`8!P<87bYk95Glo*qJaoJWOyT%->P-9tYqL)+Lv4 zCHL}o9$He`uWFB7VOxIw+JiOyZtnWz&iGrsYj!nsNhEK*H|mJ&*yTbM@ul2Y8vT4X z+x)W!zmJ+xx@q{NF^9J%`*?r-L-2xx0h+*1qmKXBG&#j{chv7~J%@R}H)5LH^yT_> zZ7ZpxA8Lwc_>ELFtbglhGN~BR&(w=8+i_0>aN|OvaRCwFgm7oV3m_~9PSxYNU_~;K zNDNt(uxilEfmJ+jOVnzOtU0!wn6x6pIZD5yWb0F7VISdxh4?8H(0O z`w>A7s`U)?FJ$Q&_%JM&ET_x^V{~ytI^Yx6oRRa67B*k^iT&7jO+{;^U&Gec-S78! zMZb9A@`l|0Z{JM_-W0PkLA&R6P$BxaE&2Xy|0B!yolNZY-1O~B`gnZU+oy?N5mvac z{G-zmlg5U%oZYx===^!8fHEvP_4CiOzS!S6f6GtT2VH)m_xSj{$rs1;uWdThzgPUZ z0oyg6D(z5{-Lfh=oYup>NtA6SF>s)2b z#&2?xH+~y&BcuDfTV`GTW#8cXoj1;%&o@3lWK7w)K5v$lEZfp;;4gg!YY&Vp%t-9a zr=3ObTsSr8oxWY4N^SWj^yAuLr}JlDuUw1#&Q18L;KGiAOuG5#@RS$tz1udgZ*9*N zsruYWOHJNi#MM0i)4Jn_W9s(~r;-|;di&a(JNtbz@}Jv(`NJRQ?l~W~DeYLsSN+Gb zIc+UJTuq}ajBixGEr;ZjhM!&U6We^?LbtI`TE5Kt;J2AKR$F#osw})4E6>~e?Fp@B z+itI(B?m|Ei#We^;flNe@wwZ4WtCiW@xkGnZ~U}`=+X5=-tOxstLJ!~x#zJX{JWdq M4P72wB(}K!2W%#YqW}N^ diff --git a/SecurityTests/clxutils/cmstool/Makefile b/SecurityTests/clxutils/cmstool/Makefile deleted file mode 100644 index 27c9d3cf..00000000 --- a/SecurityTests/clxutils/cmstool/Makefile +++ /dev/null @@ -1,48 +0,0 @@ -# name of executable to build -EXECUTABLE=cmstool -# C++ source (with .cpp extension) -CPSOURCE= cmstool.cpp -# C source (.c extension) -CSOURCE= - -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/clxutils/cmstool/cmstool.cpp b/SecurityTests/clxutils/cmstool/cmstool.cpp deleted file mode 100644 index ac24ef92..00000000 --- a/SecurityTests/clxutils/cmstool/cmstool.cpp +++ /dev/null @@ -1,1220 +0,0 @@ -/* - * cmstool.cpp - manipluate CMS messages, intended to be an alternate for the - * currently useless cms command in /usr/bin/security - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static void usage(char **argv) -{ - printf("Usage: %s cmd [option ...]\n", argv[0]); - printf("cmd values:\n"); - printf(" sign -- create signedData\n"); - printf(" envel -- create envelopedData\n"); - printf(" signEnv -- create nested EnvelopedData(signedData(data))\n"); - printf(" parse -- parse a CMS message file\n"); - printf("Options:\n"); - printf(" -i infile\n"); - printf(" -o outfile\n"); - printf(" -k keychain -- Keychain to search for certs\n"); - printf(" -p -- Use identity picker\n"); - printf(" -r recipient -- specify recipient of enveloped data\n"); - printf(" -c -- parse signer cert\n"); - printf(" -v sign|encr -- verify message is signed/encrypted\n"); - printf(" -e eContentType -- a(uthData)|r(keyData)\n"); - printf(" -d detached -- infile contains detached content (sign only)\n"); - printf(" -D detachedContent -- detached content (parse only)\n"); - printf(" -q -- quiet\n"); - exit(1); -} - -/* high level op */ -typedef enum { - CTO_Sign, - CTO_Envelop, - CTO_SignEnvelop, - CTO_Parse -} CT_Op; - -/* to verify */ -typedef enum { - CTV_None, - CTV_Sign, - CTV_Envelop, - CTV_SignEnvelop -} CT_Vfy; - -/* additional OIDS to specify as eContentType */ -#define OID_PKINIT 0x2B, 6, 1, 5, 2, 3 -#define OID_PKINIT_LEN 6 - -static const uint8 OID_PKINIT_AUTH_DATA[] = {OID_PKINIT, 1}; -static const uint8 OID_PKINIT_DH_KEY_DATA[] = {OID_PKINIT, 2}; -static const uint8 OID_PKINIT_RKEY_DATA[] = {OID_PKINIT, 3}; -static const uint8 OID_PKINIT_KP_CLIENTAUTH[] = {OID_PKINIT, 3}; -static const uint8 OID_PKINIT_KPKDC[] = {OID_PKINIT, 5}; - -static const CSSM_OID CSSMOID_PKINIT_AUTH_DATA = - {OID_PKINIT_LEN+1, (uint8 *)OID_PKINIT_AUTH_DATA}; -static const CSSM_OID CSSMOID_PKINIT_DH_KEY_DATA = - {OID_PKINIT_LEN+1, (uint8 *)OID_PKINIT_DH_KEY_DATA}; -static const CSSM_OID CSSMOID_PKINIT_RKEY_DATA = - {OID_PKINIT_LEN+1, (uint8 *)OID_PKINIT_RKEY_DATA}; -static const CSSM_OID CSSMOID_PKINIT_KP_CLIENTAUTH = - {OID_PKINIT_LEN+1, (uint8 *)OID_PKINIT_KP_CLIENTAUTH}; -static const CSSM_OID CSSMOID_PKINIT_KPKDC = - {OID_PKINIT_LEN+1, (uint8 *)OID_PKINIT_KPKDC}; - -typedef struct { - CSSM_OID contentType; - CSSM_DATA content; -} SimpleContentInfo; - -const SecAsn1Template SimpleContentInfoTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SimpleContentInfo) }, - { SEC_ASN1_OBJECT_ID, offsetof(SimpleContentInfo, contentType) }, - { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0, - offsetof(SimpleContentInfo, content), - kSecAsn1AnyTemplate }, - { 0, } -}; - -/* - * Obtain the content of a contentInfo, This basically strips off the contentType OID - * and returns a mallocd copy of the ASN_ANY content. - */ -static OSStatus ContentInfoContent( - const unsigned char *contentInfo, - unsigned contentInfoLen, - unsigned char **content, /* mallocd and RETURNED */ - unsigned *contentLen) /* RETURNED */ -{ - SecAsn1CoderRef coder = NULL; - OSStatus ortn; - SimpleContentInfo decodedInfo; - - ortn = SecAsn1CoderCreate(&coder); - if(ortn) { - return ortn; - } - memset(&decodedInfo, 0, sizeof(decodedInfo)); - ortn = SecAsn1Decode(coder, contentInfo, contentInfoLen, - SimpleContentInfoTemplate, &decodedInfo); - if(ortn) { - goto errOut; - } - if(decodedInfo.content.Data == NULL) { - printf("***Error decoding contentInfo: no content\n"); - ortn = internalComponentErr; - goto errOut; - } - *content = (unsigned char *)malloc(decodedInfo.content.Length); - memmove(*content, decodedInfo.content.Data, decodedInfo.content.Length); - *contentLen = decodedInfo.content.Length; -errOut: - SecAsn1CoderRelease(coder); - return ortn; -} - -/* - * Find a cert in specified keychain or keychain list matching specified - * email address. We happen to knopw that the email address is stored with the - * kSecKeyAlias attribute. - */ -static OSStatus findCert( - const char *emailAddress, - CFTypeRef kcArArray, // kc, array, or even NULL - SecCertificateRef *cert) -{ - OSStatus ortn; - SecKeychainSearchRef srch; - SecKeychainAttributeList attrList; - SecKeychainAttribute attr; - - attr.tag = kSecKeyAlias; - attr.length = strlen(emailAddress); - attr.data = (void *)emailAddress; - attrList.count = 1; - attrList.attr = &attr; - - ortn = SecKeychainSearchCreateFromAttributes(kcArArray, - kSecCertificateItemClass, - &attrList, - &srch); - if(ortn) { - cssmPerror("SecKeychainSearchCreateFromAttributes", ortn); - return ortn; - } - - ortn = SecKeychainSearchCopyNext(srch, (SecKeychainItemRef *)cert); - if(ortn) { - printf("***No certs founmd matching recipient %s. Aborting.\n", - emailAddress); - return ortn; - } - CFRelease(srch); - return noErr; -} - -static void evalSecTrust( - SecTrustRef secTrust, - bool quiet) -{ - OSStatus ortn; - SecTrustResultType secTrustResult; - - ortn = SecTrustEvaluate(secTrust, &secTrustResult); - if(ortn) { - /* should never happen */ - cssmPerror("SecTrustEvaluate", ortn); - return; - } - switch(secTrustResult) { - case kSecTrustResultUnspecified: - /* cert chain valid, no special UserTrust assignments */ - case kSecTrustResultProceed: - /* cert chain valid AND user explicitly trusts this */ - if(!quiet) { - fprintf(stderr, "Successful\n"); - } - return; - case kSecTrustResultDeny: - case kSecTrustResultConfirm: - /* - * Cert chain may well have verified OK, but user has flagged - * one of these certs as untrustable. - */ - printf("Not trusted per user-specified Trust level\n"); - return; - default: - { - /* get low-level TP error */ - OSStatus tpStatus; - ortn = SecTrustGetCssmResultCode(secTrust, &tpStatus); - if(ortn) { - cssmPerror("SecTrustGetCssmResultCode", ortn); - return; - } - switch(tpStatus) { - case CSSMERR_TP_INVALID_ANCHOR_CERT: - fprintf(stderr, "Untrusted root\n"); - return; - case CSSMERR_TP_NOT_TRUSTED: - /* no root, not even in implicit SSL roots */ - fprintf(stderr, "No root cert found\n"); - return; - case CSSMERR_TP_CERT_EXPIRED: - fprintf(stderr, "Expired cert\n"); - return; - case CSSMERR_TP_CERT_NOT_VALID_YET: - fprintf(stderr, "Cert not valid yet\n"); - break; - default: - printf("Other cert failure: "); - cssmPerror("", tpStatus); - return; - } - } - } /* SecTrustEvaluate error */ - -} -static OSStatus parseSignedData( - SecCmsSignedDataRef signedData, - SecArenaPoolRef arena, /* used for detached content only */ - const unsigned char *detachedData, - unsigned detachedDataLen, - CT_Vfy vfyOp, - bool quiet, - bool parseSignerCert) -{ - Boolean b; - b = SecCmsSignedDataHasDigests(signedData); - if(!quiet) { - printf(" has digests : %s\n", b ? "true" : "false"); - } - - SecTrustRef secTrust = NULL; - OSStatus ortn; - SecPolicyRef policy = NULL; - SecPolicySearchRef policySearch = NULL; - - ortn = SecPolicySearchCreate(CSSM_CERT_X_509v3, - &CSSMOID_APPLE_X509_BASIC, - NULL, - &policySearch); - if(ortn) { - cssmPerror("SecPolicySearchCreate", ortn); - return ortn; - } - ortn = SecPolicySearchCopyNext(policySearch, &policy); - if(ortn) { - cssmPerror("SecPolicySearchCopyNext", ortn); - return ortn; - } - - int numSigners = SecCmsSignedDataSignerInfoCount(signedData); - if(!quiet) { - printf(" num signers : %d\n", numSigners); - } - for(int dex=0; dex "); - /* FIXME - does this make sense? Error? */ - } - } - else if(detachedData != NULL) { - /* digest the detached content */ - SECAlgorithmID **digestAlgorithms = SecCmsSignedDataGetDigestAlgs(signedData); - SecCmsDigestContextRef digcx = SecCmsDigestContextStartMultiple(digestAlgorithms); - CSSM_DATA **digests = NULL; - - SecCmsDigestContextUpdate(digcx, detachedData, detachedDataLen); - ortn = SecCmsDigestContextFinishMultiple(digcx, arena, &digests); - if(ortn) { - fprintf(stderr, "SecCmsDigestContextFinishMultiple() returned %d\n", (int)ortn); - } - else { - SecCmsSignedDataSetDigests(signedData, digestAlgorithms, digests); - } - } - else { - fprintf(stderr, " "); - } - ortn = SecCmsSignedDataVerifySignerInfo(signedData, dex, NULL, - policy, &secTrust); - if(ortn) { - fprintf(stderr, "vfSignerInfo() returned %d\n", (int)ortn); - fprintf(stderr, " vfy status : "); - } - if(secTrust == NULL) { - fprintf(stderr, "***NO SecTrust available!\n"); - } - else { - evalSecTrust(secTrust, quiet); - } - - SecCmsSignerInfoRef signerInfo = SecCmsSignedDataGetSignerInfo(signedData, dex); - CFStringRef emailAddrs = SecCmsSignerInfoGetSignerCommonName(signerInfo); - char emailStr[1000]; - if(!quiet) { - fprintf(stderr, " signer : "); - } - if(emailAddrs == NULL) { - fprintf(stderr, "<>\n"); - } - else { - if(!CFStringGetCString(emailAddrs, emailStr, 1000, kCFStringEncodingASCII)) { - fprintf(stderr, "*** Error converting email address to C string\n"); - } - else if(!quiet) { - - fprintf(stderr, "%s\n", emailStr); - } - } - if(parseSignerCert) { - SecCertificateRef signer; - signer = SecCmsSignerInfoGetSigningCertificate(signerInfo, NULL); - if(signer) { - CSSM_DATA certData; - ortn = SecCertificateGetData(signer, &certData); - if(ortn) { - fprintf(stderr, "***Error getting signing cert data***\n"); - cssmPerror("SecCertificateGetData", ortn); - } - else { - printf("========== Signer Cert==========\n\n"); - printCert(certData.Data, certData.Length, CSSM_FALSE); - printf("========== End Signer Cert==========\n\n"); - } - } - else { - fprintf(stderr, "***Error getting signing cert ***\n"); - } - } - } - return ortn; -} - -static OSStatus doParse( - const unsigned char *data, - unsigned dataLen, - const unsigned char *detachedData, - unsigned detachedDataLen, - CT_Vfy vfyOp, - bool parseSignerCert, - bool quiet, - unsigned char **outData, // mallocd and RETURNED - unsigned *outDataLen) // RETURNED -{ - if((data == NULL) || (dataLen == 0)) { - fprintf(stderr, "***Parse requires input file. Aborting.\n"); - return paramErr; - } - - SecArenaPoolRef arena = NULL; - SecArenaPoolCreate(1024, &arena); - SecCmsMessageRef cmsMsg = NULL; - SecCmsDecoderRef decoder; - OSStatus ortn; - OSStatus ourRtn = noErr; - bool foundOneSigned = false; - bool foundOneEnveloped = false; - - ortn = SecCmsDecoderCreate(arena, NULL, NULL, NULL, NULL, NULL, NULL, &decoder); - if(ortn) { - cssmPerror("SecCmsDecoderCreate", ortn); - return ortn; - } - ortn = SecCmsDecoderUpdate(decoder, data, dataLen); - if(ortn) { - cssmPerror("SecCmsDecoderUpdate", ortn); - return ortn; - } - ortn = SecCmsDecoderFinish(decoder, &cmsMsg); - if(ortn) { - cssmPerror("SecCmsDecoderFinish", ortn); - return ortn; - } - - Boolean b = SecCmsMessageIsSigned(cmsMsg); - switch(vfyOp) { - case CTV_None: - break; - case CTV_Sign: - if(!b) { - fprintf(stderr, "***Expected SignedData, but !SecCmsMessageIsSigned()\n"); - ourRtn = -1; - } - break; - case CTV_SignEnvelop: - if(!b) { - fprintf(stderr, "***Expected Signed&Enveloped, but !SecCmsMessageIsSigned()\n"); - ourRtn = -1; - } - break; - case CTV_Envelop: - if(b) { - fprintf(stderr, "***Expected EnvelopedData, but SecCmsMessageIsSigned() " - "TRUE\n"); - ourRtn = -1; - } - break; - } - int numContentInfos = SecCmsMessageContentLevelCount(cmsMsg); - if(!quiet) { - fprintf(stderr, "=== CMS message info ===\n"); - fprintf(stderr, " Signed : %s\n", b ? "true" : "false"); - b = SecCmsMessageIsEncrypted(cmsMsg); - fprintf(stderr, " Encrypted : %s\n", b ? "true" : "false"); - b = SecCmsMessageContainsCertsOrCrls(cmsMsg); - fprintf(stderr, " certs/crls : %s\n", b ? "present" : "not present"); - fprintf(stderr, " Num ContentInfos : %d\n", numContentInfos); - } - - /* FIXME needs work for CTV_SignEnvelop */ - OidParser oidParser; - for(int dex=0; dexLength == 0) { - printf("***EMPTY***\n"); - } - else { - char str[OID_PARSER_STRING_SIZE]; - oidParser.oidParse(typeOid->Data, typeOid->Length, str); - printf("%s\n", str); - } - } - SECOidTag tag = SecCmsContentInfoGetContentTypeTag(ci); - switch(tag) { - case SEC_OID_PKCS7_SIGNED_DATA: - { - switch(vfyOp) { - case CTV_None: // caller doesn't care - case CTV_Sign: // got what we wanted - break; - case CTV_Envelop: - fprintf(stderr, "***Expected EnvelopedData, got SignedData\n"); - ourRtn = -1; - break; - case CTV_SignEnvelop: - printf("CTV_SignEnvelop code on demand\n"); - break; - } - foundOneSigned = true; - SecCmsSignedDataRef sd = - (SecCmsSignedDataRef) SecCmsContentInfoGetContent(ci); - parseSignedData(sd, arena, - detachedData, detachedDataLen, - vfyOp, quiet, parseSignerCert); - break; - } - case SEC_OID_PKCS7_DATA: - case SEC_OID_OTHER: - break; - case SEC_OID_PKCS7_ENVELOPED_DATA: - foundOneEnveloped = true; - if(vfyOp == CTV_Sign) { - fprintf(stderr, "***Expected SignedData, EnvelopedData\n"); - ourRtn = -1; - break; - } - case SEC_OID_PKCS7_ENCRYPTED_DATA: - switch(vfyOp) { - case CTV_None: - break; - case CTV_Sign: - fprintf(stderr, "***Expected SignedData, got EncryptedData\n"); - ourRtn = -1; - break; - case CTV_Envelop: - fprintf(stderr, "***Expected EnvelopedData, got EncryptedData\n"); - ourRtn = -1; - break; - case CTV_SignEnvelop: - printf("CTV_SignEnvelop code on demand\n"); - break; - } - break; - default: - fprintf(stderr, " other content type TBD\n"); - } - } - if(outData) { - CSSM_DATA_PTR odata = SecCmsMessageGetContent(cmsMsg); - if(odata == NULL) { - fprintf(stderr, "***No inner content available\n"); - } - else { - *outData = (unsigned char *)malloc(odata->Length); - memmove(*outData, odata->Data, odata->Length); - *outDataLen = odata->Length; - } - } - if(arena) { - SecArenaPoolFree(arena, false); - } - switch(vfyOp) { - case CTV_None: - break; - case CTV_Sign: - if(!foundOneSigned) { - fprintf(stderr, "Expected signed, never saw a SignedData\n"); - ourRtn = -1; - } - break; - case CTV_Envelop: - if(!foundOneEnveloped) { - fprintf(stderr, "Expected enveloped, never saw an EnvelopedData\n"); - ourRtn = -1; - } - break; - case CTV_SignEnvelop: - if(!foundOneSigned) { - fprintf(stderr, "Expected signed, never saw a SignedData\n"); - ourRtn = -1; - } - if(!foundOneEnveloped) { - fprintf(stderr, "Expected enveloped, never saw an EnvelopedData\n"); - ourRtn = -1; - } - break; - } - /* free decoder? cmsMsg? */ - return ourRtn; -} - -/* - * Common encode routine. - */ -#if 1 -/* the simple way, when 3655861 is fixed */ -static OSStatus encodeCms( - SecCmsMessageRef cmsMsg, - const unsigned char *inData, // add in this - unsigned inDataLen, - unsigned char **outData, // mallocd and RETURNED - unsigned *outDataLen) // RETURNED -{ - SecArenaPoolRef arena = NULL; - SecArenaPoolCreate(1024, &arena); - CSSM_DATA cdataIn = {inDataLen, (uint8 *)inData}; - CSSM_DATA cdataOut = {0, NULL}; - - OSStatus ortn = SecCmsMessageEncode(cmsMsg, &cdataIn, arena, &cdataOut); - if((ortn == noErr) && (cdataOut.Length != 0)) { - *outData = (unsigned char *)malloc(cdataOut.Length); - memmove(*outData, cdataOut.Data, cdataOut.Length); - *outDataLen = cdataOut.Length; - } - else { - cssmPerror("SecCmsMessageEncode", ortn); - *outData = NULL; - *outDataLen = 0; - } - SecArenaPoolFree(arena, false); - return ortn; -} - -#else - -/* the hard way back when SecCmsMessageEncode() didn't work */ -static OSStatus encodeCms( - SecCmsMessageRef cmsMsg, - const unsigned char *inData, // add in this - unsigned inDataLen, - unsigned char **outData, // mallocd and RETURNED - unsigned *outDataLen) // RETURNED -{ - SecArenaPoolRef arena = NULL; - SecArenaPoolCreate(1024, &arena); - SecCmsEncoderRef cmsEnc = NULL; - CSSM_DATA output = { 0, NULL }; - OSStatus ortn; - - ortn = SecCmsEncoderCreate(cmsMsg, - NULL, NULL, // no callback - &output, arena, // data goes here - NULL, NULL, // no password callback (right?) - NULL, NULL, // decrypt key callback - NULL, NULL, // detached digests - &cmsEnc); - if(ortn) { - cssmPerror("SecKeychainItemCopyKeychain", ortn); - goto errOut; - } - ortn = SecCmsEncoderUpdate(cmsEnc, (char *)inData, inDataLen); - if(ortn) { - cssmPerror("SecCmsEncoderUpdate", ortn); - goto errOut; - } - ortn = SecCmsEncoderFinish(cmsEnc); - if(ortn) { - cssmPerror("SecCMsEncoderFinish", ortn); - goto errOut; - } - - /* Did we get any data? */ - if(output.Length) { - *outData = (unsigned char *)malloc(output.Length); - memmove(*outData, output.Data, output.Length); - *outDataLen = output.Length; - } - else { - *outData = NULL; - *outDataLen = 0; - } -errOut: - if(arena) { - SecArenaPoolFree(arena, false); - } - return ortn; -} - -#endif - -static OSStatus doSign( - SecIdentityRef signerId, - const unsigned char *inData, - unsigned inDataLen, - bool detachedContent, - const CSSM_OID *eContentType, // OPTIONAL - unsigned char **outData, // mallocd and RETURNED - unsigned *outDataLen) // RETURNED -{ - if((inData == NULL) || (inDataLen == 0) || (outData == NULL)) { - fprintf(stderr, "***Sign requires input file. Aborting.\n"); - return paramErr; - } - if(signerId == NULL) { - fprintf(stderr, "***Sign requires a signing identity. Aborting.\n"); - return paramErr; - } - - SecCmsMessageRef cmsMsg = NULL; - SecCmsContentInfoRef contentInfo = NULL; - SecCmsSignedDataRef signedData = NULL; - SecCertificateRef ourCert = NULL; - SecCmsSignerInfoRef signerInfo; - OSStatus ortn; - SecKeychainRef ourKc = NULL; - - ortn = SecIdentityCopyCertificate(signerId, &ourCert); - if(ortn) { - cssmPerror("SecIdentityCopyCertificate", ortn); - return ortn; - } - ortn = SecKeychainItemCopyKeychain((SecKeychainItemRef)ourCert, &ourKc); - if(ortn) { - cssmPerror("SecKeychainItemCopyKeychain", ortn); - goto errOut; - } - - // build chain of objects: message->signedData->data - cmsMsg = SecCmsMessageCreate(NULL); - if(cmsMsg == NULL) { - fprintf(stderr, "***Error creating SecCmsMessageRef\n"); - ortn = -1; - goto errOut; - } - signedData = SecCmsSignedDataCreate(cmsMsg); - if(signedData == NULL) { - printf("***Error creating SecCmsSignedDataRef\n"); - ortn = -1; - goto errOut; - } - contentInfo = SecCmsMessageGetContentInfo(cmsMsg); - ortn = SecCmsContentInfoSetContentSignedData(cmsMsg, contentInfo, signedData); - if(ortn) { - cssmPerror("SecCmsContentInfoSetContentSignedData", ortn); - goto errOut; - } - contentInfo = SecCmsSignedDataGetContentInfo(signedData); - if(eContentType != NULL) { - ortn = SecCmsContentInfoSetContentOther(cmsMsg, contentInfo, - NULL /* data */, - detachedContent, - eContentType); - if(ortn) { - cssmPerror("SecCmsContentInfoSetContentData", ortn); - goto errOut; - } - } - else { - ortn = SecCmsContentInfoSetContentData(cmsMsg, contentInfo, NULL /* data */, - detachedContent); - if(ortn) { - cssmPerror("SecCmsContentInfoSetContentData", ortn); - goto errOut; - } - } - - /* - * create & attach signer information - */ - signerInfo = SecCmsSignerInfoCreate(cmsMsg, signerId, SEC_OID_SHA1); - if (signerInfo == NULL) { - fprintf(stderr, "***Error on SecCmsSignerInfoCreate\n"); - ortn = -1; - goto errOut; - } - /* we want the cert chain included for this one */ - /* FIXME - what's the significance of the usage? */ - ortn = SecCmsSignerInfoIncludeCerts(signerInfo, SecCmsCMCertChain, certUsageEmailSigner); - if(ortn) { - cssmPerror("SecCmsSignerInfoIncludeCerts", ortn); - goto errOut; - } - - /* other options go here - signing time, etc. */ - - ortn = SecCmsSignerInfoAddSMIMEEncKeyPrefs(signerInfo, ourCert, ourKc); - if(ortn) { - cssmPerror("SecCmsSignerInfoAddSMIMEEncKeyPrefs", ortn); - goto errOut; - } - ortn = SecCmsSignedDataAddCertificate(signedData, ourCert); - if(ortn) { - cssmPerror("SecCmsSignedDataAddCertificate", ortn); - goto errOut; - } - - ortn = SecCmsSignedDataAddSignerInfo(signedData, signerInfo); - if(ortn) { - cssmPerror("SecCmsSignedDataAddSignerInfo", ortn); - goto errOut; - } - - /* go */ - ortn = encodeCms(cmsMsg, inData, inDataLen, outData, outDataLen); -errOut: - /* free resources */ - if(cmsMsg) { - SecCmsMessageDestroy(cmsMsg); - } - if(ourCert) { - CFRelease(ourCert); - } - if(ourKc) { - CFRelease(ourKc); - } - return ortn; -} - -static OSStatus doEncrypt( - SecCertificateRef recipCert, // eventually more than one - const unsigned char *inData, - unsigned inDataLen, - unsigned char **outData, // mallocd and RETURNED - unsigned *outDataLen) // RETURNED -{ - if((inData == NULL) || (inDataLen == 0) || (outData == NULL)) { - fprintf(stderr, "***Encrypt requires input file. Aborting.\n"); - return paramErr; - } - if(recipCert == NULL) { - fprintf(stderr, "***Encrypt requires a recipient certificate. Aborting.\n"); - return paramErr; - } - - SecCmsMessageRef cmsMsg = NULL; - SecCmsContentInfoRef contentInfo = NULL; - SecCmsEnvelopedDataRef envelopedData = NULL; - SecCmsRecipientInfoRef recipientInfo = NULL; - OSStatus ortn; - SecCertificateRef allCerts[2] = { recipCert, NULL}; - - SECOidTag algorithmTag; - int keySize; - - ortn = SecSMIMEFindBulkAlgForRecipients(allCerts, &algorithmTag, &keySize); - if(ortn) { - cssmPerror("SecSMIMEFindBulkAlgForRecipients", ortn); - return ortn; - } - - // build chain of objects: message->envelopedData->data - cmsMsg = SecCmsMessageCreate(NULL); - if(cmsMsg == NULL) { - fprintf(stderr, "***Error creating SecCmsMessageRef\n"); - ortn = -1; - goto errOut; - } - envelopedData = SecCmsEnvelopedDataCreate(cmsMsg, algorithmTag, keySize); - if(envelopedData == NULL) { - fprintf(stderr, "***Error creating SecCmsEnvelopedDataRef\n"); - ortn = -1; - goto errOut; - } - contentInfo = SecCmsMessageGetContentInfo(cmsMsg); - ortn = SecCmsContentInfoSetContentEnvelopedData(cmsMsg, contentInfo, envelopedData); - if(ortn) { - cssmPerror("SecCmsContentInfoSetContentEnvelopedData", ortn); - goto errOut; - } - contentInfo = SecCmsEnvelopedDataGetContentInfo(envelopedData); - ortn = SecCmsContentInfoSetContentData(cmsMsg, contentInfo, NULL /* data */, false); - if(ortn) { - cssmPerror("SecCmsContentInfoSetContentData", ortn); - goto errOut; - } - - /* - * create & attach recipient information - */ - recipientInfo = SecCmsRecipientInfoCreate(cmsMsg, recipCert); - ortn = SecCmsEnvelopedDataAddRecipient(envelopedData, recipientInfo); - if(ortn) { - cssmPerror("SecCmsEnvelopedDataAddRecipient", ortn); - goto errOut; - } - - - /* go */ - ortn = encodeCms(cmsMsg, inData, inDataLen, outData, outDataLen); -errOut: - /* free resources */ - if(cmsMsg) { - SecCmsMessageDestroy(cmsMsg); - } - return ortn; -} - -/* create nested message: msg = EnvelopedData(SignedData(inData)) */ -static OSStatus doSignEncrypt( - SecCertificateRef recipCert, // encryption recipient - SecIdentityRef signerId, // signer - const CSSM_OID *eContentType, // OPTIONAL - for signedData - const unsigned char *inData, - unsigned inDataLen, - unsigned char **outData, // mallocd and RETURNED - unsigned *outDataLen) // RETURNED -{ - if((inData == NULL) || (inDataLen == 0) || (outData == NULL)) { - fprintf(stderr, "***Sign/Encrypt requires input file. Aborting.\n"); - return paramErr; - } - if(recipCert == NULL) { - fprintf(stderr, "***Sign/Encrypt requires a recipient certificate. Aborting.\n"); - return paramErr; - } - if(signerId == NULL) { - fprintf(stderr, "***Sign/Encrypt requires a signer Identity. Aborting.\n"); - return paramErr; - } - - OSStatus ortn; - unsigned char *signedData = NULL; - unsigned signedDataLen = 0; - SecCmsMessageRef cmsMsg = NULL; - SecCmsContentInfoRef contentInfo = NULL; - SecCmsEnvelopedDataRef envelopedData = NULL; - SecCmsRecipientInfoRef recipientInfo = NULL; - SecCertificateRef allCerts[2] = { recipCert, NULL}; - SECOidTag algorithmTag; - int keySize; - - /* first get a SignedData */ - ortn = doSign(signerId, inData, inDataLen, - false, /* can't do detached content here */ - eContentType, - &signedData, &signedDataLen); - if(ortn) { - printf("***Error generating inner signedData. Aborting.\n"); - return ortn; - } - - /* extract just the content - don't need the whole ContentINfo */ - unsigned char *signedDataContent = NULL; - unsigned signedDataContentLen = 0; - ortn = ContentInfoContent(signedData, signedDataLen, &signedDataContent, &signedDataContentLen); - if(ortn) { - goto errOut; - } - - /* now wrap that in an EnvelopedData */ - ortn = SecSMIMEFindBulkAlgForRecipients(allCerts, &algorithmTag, &keySize); - if(ortn) { - cssmPerror("SecSMIMEFindBulkAlgForRecipients", ortn); - return ortn; - } - - // build chain of objects: message->envelopedData->data - cmsMsg = SecCmsMessageCreate(NULL); - if(cmsMsg == NULL) { - fprintf(stderr, "***Error creating SecCmsMessageRef\n"); - ortn = -1; - goto errOut; - } - envelopedData = SecCmsEnvelopedDataCreate(cmsMsg, algorithmTag, keySize); - if(envelopedData == NULL) { - fprintf(stderr, "***Error creating SecCmsEnvelopedDataRef\n"); - ortn = -1; - goto errOut; - } - contentInfo = SecCmsMessageGetContentInfo(cmsMsg); - ortn = SecCmsContentInfoSetContentEnvelopedData(cmsMsg, contentInfo, envelopedData); - if(ortn) { - cssmPerror("SecCmsContentInfoSetContentEnvelopedData", ortn); - goto errOut; - } - contentInfo = SecCmsEnvelopedDataGetContentInfo(envelopedData); - - /* here's the difference: we override the 'data' content with a SignedData type, - * but we fool the smime lib into thinking it's a plain old data so it doesn't try - * to encode the SignedData */ - ortn = SecCmsContentInfoSetContentOther(cmsMsg, contentInfo, - NULL /* data */, - false, - &CSSMOID_PKCS7_SignedData); - if(ortn) { - cssmPerror("SecCmsContentInfoSetContentData", ortn); - goto errOut; - } - - /* - * create & attach recipient information - */ - recipientInfo = SecCmsRecipientInfoCreate(cmsMsg, recipCert); - ortn = SecCmsEnvelopedDataAddRecipient(envelopedData, recipientInfo); - if(ortn) { - cssmPerror("SecCmsEnvelopedDataAddRecipient", ortn); - goto errOut; - } - - - /* go */ - ortn = encodeCms(cmsMsg, signedDataContent, signedDataContentLen, outData, outDataLen); -errOut: - /* free resources */ - if(cmsMsg) { - SecCmsMessageDestroy(cmsMsg); - } - if(signedData) { - free(signedData); - } - if(signedDataContent) { - free(signedDataContent); - } - return ortn; -} - -int main(int argc, char **argv) -{ - if(argc < 2) { - usage(argv); - } - - CT_Op op; - bool needId = false; - if(!strcmp(argv[1], "sign")) { - op = CTO_Sign; - needId = true; - } - else if(!strcmp(argv[1], "envel")) { - op = CTO_Envelop; - } - else if(!strcmp(argv[1], "signEnv")) { - op = CTO_SignEnvelop; - needId = true; - } - else if(!strcmp(argv[1], "parse")) { - op = CTO_Parse; - } - else { - fprintf(stderr, "***Unrecognized cmd.\n"); - usage(argv); - } - - extern int optind; - extern char *optarg; - int arg; - - /* optional args */ - const char *keychainName = NULL; - char *inFileName = NULL; - char *outFileName = NULL; - bool detachedContent = false; - char *detachedFile = NULL; - bool useIdPicker = false; - char *recipient = NULL; - bool quiet = false; - bool parseSignerCert = false; - CT_Vfy vfyOp = CTV_None; - const CSSM_OID *eContentType = NULL; - - optind = 2; - while ((arg = getopt(argc, argv, "i:o:k:pr:e:dD:qcv:")) != -1) { - switch (arg) { - case 'i': - inFileName = optarg; - break; - case 'o': - outFileName = optarg; - break; - case 'k': - keychainName = optarg; - break; - case 'p': - useIdPicker = true; - break; - case 'r': - recipient = optarg; - break; - case 'c': - parseSignerCert = true; - break; - case 'v': - if(!strcmp(optarg, "sign")) { - vfyOp = CTV_Sign; - } - else if(!strcmp(optarg, "encr")) { - vfyOp = CTV_Envelop; - } - else if(!strcmp(optarg, "signEnv")) { - vfyOp = CTV_SignEnvelop; - } - else { - usage(argv); - } - break; - case 'e': - switch(optarg[0]) { - case 'a': - eContentType = &CSSMOID_PKINIT_AUTH_DATA; - break; - case 'r': - eContentType = &CSSMOID_PKINIT_RKEY_DATA; - break; - default: - usage(argv); - } - break; - case 'd': - if(op != CTO_Sign) { - printf("-d only valid for op sign\n"); - exit(1); - } - detachedContent = true; - break; - case 'D': - if(op != CTO_Parse) { - printf("-D only valid for op sign\n"); - exit(1); - } - detachedFile = optarg; - break; - case 'q': - quiet = true; - break; - default: - case '?': - usage(argv); - } - } - if(optind != argc) { - /* getopt does not return '?' */ - usage(argv); - } - - SecIdentityRef idRef = NULL; - SecKeychainRef kcRef = NULL; - SecCertificateRef recipientCert = NULL; - unsigned char *inData = NULL; - unsigned inDataLen = 0; - unsigned char *outData = NULL; - unsigned outDataLen = 0; - unsigned char *detachedData = NULL; - unsigned detachedDataLen = 0; - OSStatus ortn; - - if(inFileName) { - if(readFile(inFileName, &inData, &inDataLen)) { - fprintf(stderr, "***Error reading infile %s. Aborting.\n", inFileName); - exit(1); - } - } - if(detachedFile) { - if(readFile(detachedFile, &detachedData, &detachedDataLen)) { - fprintf(stderr, "***Error reading detachedFile %s. Aborting.\n", detachedFile); - exit(1); - } - } - if(keychainName) { - ortn = SecKeychainOpen(keychainName, &kcRef); - if(ortn) { - cssmPerror("SecKeychainOpen", ortn); - exit(1); - } - } - if(useIdPicker) { - ortn = sslSimpleIdentPicker(kcRef, &idRef); - if(ortn) { - fprintf(stderr, "***Error obtaining identity via picker. Aborting.\n"); - exit(1); - } - } - else if(needId) { - /* use first identity in specified keychain */ - CFArrayRef array = sslKcRefToCertArray(kcRef, CSSM_FALSE, CSSM_FALSE, - NULL, // no verify policy - NULL); - if(array == NULL) { - fprintf(stderr, "***Error finding a signing cert. Aborting.\n"); - exit(1); - } - idRef = (SecIdentityRef)CFArrayGetValueAtIndex(array, 0); - if(idRef == NULL) { - fprintf(stderr, "***No identities found. Aborting.\n"); - exit(1); - } - CFRetain(idRef); - CFRelease(array); - } - if(recipient) { - ortn = findCert(recipient, kcRef, &recipientCert); - if(ortn) { - exit(1); - } - } - - switch(op) { - case CTO_Sign: - ortn = doSign(idRef, inData, inDataLen, - detachedContent, eContentType, - &outData, &outDataLen); - break; - case CTO_Envelop: - if(recipientCert == NULL) { - if(idRef == NULL) { - printf("***Need a recipient or an identity to encrypt\n"); - exit(1); - } - ortn = SecIdentityCopyCertificate(idRef, &recipientCert); - if(ortn) { - cssmPerror("SecIdentityCopyCertificate", ortn); - exit(1); - } - } - ortn = doEncrypt(recipientCert, inData, inDataLen, &outData, &outDataLen); - break; - case CTO_SignEnvelop: - ortn = doSignEncrypt(recipientCert, idRef, eContentType, - inData, inDataLen, &outData, &outDataLen); - break; - case CTO_Parse: - ortn = doParse(inData, inDataLen, - detachedData, detachedDataLen, - vfyOp, parseSignerCert, quiet, - &outData, &outDataLen); - break; - } - if(ortn) { - goto errOut; - } - if(outData && outFileName) { - if(writeFile(outFileName, outData, outDataLen)) { - fprintf(stderr, "***Error writing to %s.\n", outFileName); - ortn = -1; - } - else { - if(!quiet) { - fprintf(stderr, "...wrote %u bytes to %s.\n", outDataLen, outFileName); - } - } - } - else if(outData) { - fprintf(stderr, "...generated %u bytes but no place to write it.\n", outDataLen); - } - else if(outFileName) { - fprintf(stderr, "...nothing to write to file %s.\n", outFileName); - /* assume this is an error, caller wanted something */ - ortn = -1; - } -errOut: - return ortn; -} diff --git a/SecurityTests/clxutils/cmstool/testSubjects/ptext1.txt b/SecurityTests/clxutils/cmstool/testSubjects/ptext1.txt deleted file mode 100644 index 9e29cf13..00000000 --- a/SecurityTests/clxutils/cmstool/testSubjects/ptext1.txt +++ /dev/null @@ -1,772 +0,0 @@ -/* - * cmstool.cpp - manipluate CMS messages, intended to be an alternate for the - * currently useless cms command in /usr/bin/security - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static void usage(char **argv) -{ - printf("Usage: %s cmd [option ...]\n", argv[0]); - printf("cmd values:\n"); - printf(" sign -- create signedData\n"); - printf(" envel -- create envelopedData\n"); - printf(" parse -- parse a CMS message file\n"); - printf("Options:\n"); - printf(" -i infile\n"); - printf(" -o outfile\n"); - printf(" -k keychain -- Keychain to search for certs\n"); - printf(" -p -- Use identity picker\n"); - printf(" -r recipient -- specify recipient of enveloped data\n"); - printf(" -c -- parse signer cert\n"); - printf(" -q -- quiet\n"); - exit(1); -} - -typedef enum { - CTO_Sign, - CTO_Envelop, - CTO_Parse -} CT_Op; - -/* - * Find a cert in specified keychain or keychain list matching specified - * email address. We happen to knopw that the email address is stored with the - * kSecAliasItemAttr attribute. - */ -static OSStatus findCert( - const char *emailAddress, - CFTypeRef kcArArray, // kc, array, or even NULL - SecCertificateRef *cert) -{ - OSStatus ortn; - SecKeychainSearchRef srch; - SecKeychainAttributeList attrList; - SecKeychainAttribute attr; - - attr.tag = kSecAliasItemAttr; - attr.length = strlen(emailAddress); - attr.data = (void *)emailAddress; - attrList.count = 1; - attrList.attr = &attr; - - ortn = SecKeychainSearchCreateFromAttributes(kcArArray, - kSecCertificateItemClass, - &attrList, - &srch); - if(ortn) { - cssmPerror("SecKeychainSearchCreateFromAttributes", ortn); - return ortn; - } - - ortn = SecKeychainSearchCopyNext(srch, (SecKeychainItemRef *)cert); - if(ortn) { - printf("***No certs founmd matching recipient %s. Aborting.\n"); - return ortn; - } - CFRelease(srch); - return noErr; -} - -static void evalSecTrust( - SecTrustRef secTrust) -{ - OSStatus ortn; - SecTrustResultType secTrustResult; - - ortn = SecTrustEvaluate(secTrust, &secTrustResult); - if(ortn) { - /* should never happen */ - cssmPerror("SecTrustEvaluate", ortn); - return; - } - switch(secTrustResult) { - case kSecTrustResultUnspecified: - /* cert chain valid, no special UserTrust assignments */ - case kSecTrustResultProceed: - /* cert chain valid AND user explicitly trusts this */ - fprintf(stderr, "Successful\n"); - return; - case kSecTrustResultDeny: - case kSecTrustResultConfirm: - /* - * Cert chain may well have verified OK, but user has flagged - * one of these certs as untrustable. - */ - printf("Not trusted per user-specified Trust level\n"); - return; - default: - { - /* get low-level TP error */ - OSStatus tpStatus; - ortn = SecTrustGetCssmResultCode(secTrust, &tpStatus); - if(ortn) { - cssmPerror("SecTrustGetCssmResultCode", ortn); - return; - } - switch(tpStatus) { - case CSSMERR_TP_INVALID_ANCHOR_CERT: - fprintf(stderr, "Untrusted root\n"); - return; - case CSSMERR_TP_NOT_TRUSTED: - /* no root, not even in implicit SSL roots */ - fprintf(stderr, "No root cert found\n"); - return; - case CSSMERR_TP_CERT_EXPIRED: - fprintf(stderr, "Expired cert\n"); - return; - case CSSMERR_TP_CERT_NOT_VALID_YET: - fprintf(stderr, "Cert not valid yet\n"); - break; - default: - printf("Other cert failure: "); - cssmPerror("", tpStatus); - return; - } - } - } /* SecTrustEvaluate error */ - -} -static OSStatus parseSignedData( - SecCmsSignedDataRef signedData, - bool parseSignerCert) -{ - Boolean b; - b = SecCmsSignedDataHasDigests(signedData); - printf(" has digests : %s\n", b ? "true" : "false"); - - SecTrustRef secTrust = NULL; - OSStatus ortn; - SecPolicyRef policy = NULL; - SecPolicySearchRef policySearch = NULL; - - ortn = SecPolicySearchCreate(CSSM_CERT_X_509v3, - &CSSMOID_APPLE_X509_BASIC, - NULL, - &policySearch); - if(ortn) { - cssmPerror("SecPolicySearchCreate", ortn); - return ortn; - } - ortn = SecPolicySearchCopyNext(policySearch, &policy); - if(ortn) { - cssmPerror("SecPolicySearchCopyNext", ortn); - return ortn; - } - - int numSigners = SecCmsSignedDataSignerInfoCount(signedData); - printf(" num signers : %d\n", numSigners); - for(int dex=0; dex>\n"); - } - SecCmsSignerInfoRef signerInfo = SecCmsSignedDataGetSignerInfo(signedData, dex); - CFStringRef emailAddrs = SecCmsSignerInfoGetSignerCommonName(signerInfo); - char emailStr[1000]; - fprintf(stderr, " signer : "); - if(emailAddrs == NULL) { - printf("<>\n"); - } - else { - if(!CFStringGetCString(emailAddrs, emailStr, 1000, kCFStringEncodingASCII)) { - printf("*** Error converting email address to C string\n"); - } - else { - printf("%s\n", emailStr); - } - } - if(parseSignerCert) { - SecCertificateRef signer; - signer = SecCmsSignerInfoGetSigningCertificate(signerInfo, NULL); - if(signer) { - CSSM_DATA certData; - ortn = SecCertificateGetData(signer, &certData); - if(ortn) { - fprintf(stderr, "***Error getting signing cert data***\n"); - cssmPerror("SecCertificateGetData", ortn); - } - else { - printf("========== Signer Cert==========\n\n"); - printCert(certData.Data, certData.Length, CSSM_FALSE); - printf("========== End Signer Cert==========\n\n"); - } - } - else { - fprintf(stderr, "***Error getting signing cert ***\n"); - } - } - } - return ortn; -} - -static OSStatus doParse( - const unsigned char *data, - unsigned dataLen, - bool parseSignerCert, - unsigned char **outData, // mallocd and RETURNED - unsigned *outDataLen) // RETURNED -{ - if((data == NULL) || (dataLen == 0)) { - printf("***Parse requires input file. Aborting.\n"); - return paramErr; - } - - SecArenaPoolRef arena = NULL; - SecArenaPoolCreate(1024, &arena); - SecCmsMessageRef cmsMsg = NULL; - SecCmsDecoderRef decoder; - OSStatus ortn; - - ortn = SecCmsDecoderCreate(arena, NULL, NULL, NULL, NULL, NULL, NULL, &decoder); - if(ortn) { - cssmPerror("SecCmsDecoderCreate", ortn); - return ortn; - } - ortn = SecCmsDecoderUpdate(decoder, data, dataLen); - if(ortn) { - cssmPerror("SecCmsDecoderUpdate", ortn); - return ortn; - } - ortn = SecCmsDecoderFinish(decoder, &cmsMsg); - if(ortn) { - cssmPerror("SecCmsDecoderFinish", ortn); - return ortn; - } - - Boolean b = SecCmsMessageIsSigned(cmsMsg); - printf("=== CMS message info ===\n"); - printf(" Signed : %s\n", b ? "true" : "false"); - b = SecCmsMessageIsEncrypted(cmsMsg); - printf(" Encrypted : %s\n", b ? "true" : "false"); - b = SecCmsMessageContainsCertsOrCrls(cmsMsg); - printf(" certs/crls : %s\n", b ? "present" : "not present"); - int numContentInfos = SecCmsMessageContentLevelCount(cmsMsg); - printf(" Num ContentInfos : %d\n", numContentInfos); - - OidParser oidParser; - for(int dex=0; dexLength == 0) { - printf("***EMPTY***\n"); - } - else { - char str[OID_PARSER_STRING_SIZE]; - oidParser.oidParse(typeOid->Data, typeOid->Length, str); - printf("%s\n", str); - } - SECOidTag tag = SecCmsContentInfoGetContentTypeTag(ci); - switch(tag) { - case SEC_OID_PKCS7_SIGNED_DATA: - { - SecCmsSignedDataRef sd = - (SecCmsSignedDataRef) SecCmsContentInfoGetContent(ci); - parseSignedData(sd, parseSignerCert); - break; - } - case SEC_OID_PKCS7_DATA: - case SEC_OID_PKCS7_ENVELOPED_DATA: - case SEC_OID_PKCS7_ENCRYPTED_DATA: - break; - default: - printf(" other content type TBD\n"); - } - } - if(outData) { - CSSM_DATA_PTR odata = SecCmsMessageGetContent(cmsMsg); - if(odata == NULL) { - printf("***No inner content available\n"); - } - else { - *outData = (unsigned char *)malloc(odata->Length); - memmove(*outData, odata->Data, odata->Length); - *outDataLen = odata->Length; - } - } - if(arena) { - SecArenaPoolFree(arena, false); - } - /* free decoder? cmsMsg? */ - return noErr; -} - -/* - * Common encode routine. - */ -#if 0 -/* the simple way, when 3655861 is fixed */ -static OSStatus encodeCms( - SecCmsMessageRef cmsMsg, - const unsigned char *inData, // add in this - unsigned inDataLen, - unsigned char **outData, // mallocd and RETURNED - unsigned *outDataLen) // RETURNED -{ - SecArenaPoolRef arena = NULL; - SecArenaPoolCreate(1024, &arena); - CSSM_DATA cdataIn = {inDataLen, (uint8 *)inData}; - CSSM_DATA cdataOut = {0, NULL}; - - OSStatus ortn = SecCmsMessageEncode(cmsMsg, &cdataIn, arena, &cdataOut); - if((ortn == noErr) && (cdataOut.Length != 0)) { - *outData = (unsigned char *)malloc(cdataOut.Length); - memmove(*outData, cdataOut.Data, cdataOut.Length); - *outDataLen = cdataOut.Length; - } - else { - *outData = NULL; - *outDataLen = 0; - } - SecArenaPoolFree(arena, false); - return ortn; -} - -#else - -static OSStatus encodeCms( - SecCmsMessageRef cmsMsg, - const unsigned char *inData, // add in this - unsigned inDataLen, - unsigned char **outData, // mallocd and RETURNED - unsigned *outDataLen) // RETURNED -{ - SecArenaPoolRef arena = NULL; - SecArenaPoolCreate(1024, &arena); - SecCmsEncoderRef cmsEnc = NULL; - CSSM_DATA output = { 0, NULL }; - OSStatus ortn; - - ortn = SecCmsEncoderCreate(cmsMsg, - NULL, NULL, // no callback - &output, arena, // data goes here - NULL, NULL, // no password callback (right?) - NULL, NULL, // decrypt key callback - NULL, NULL, // detached digests - &cmsEnc); - if(ortn) { - cssmPerror("SecKeychainItemCopyKeychain", ortn); - goto errOut; - } - ortn = SecCmsEncoderUpdate(cmsEnc, (char *)inData, inDataLen); - if(ortn) { - cssmPerror("SecCmsEncoderUpdate", ortn); - goto errOut; - } - ortn = SecCmsEncoderFinish(cmsEnc); - if(ortn) { - cssmPerror("SecCMsEncoderFinish", ortn); - goto errOut; - } - - /* Did we get any data? */ - if(output.Length) { - *outData = (unsigned char *)malloc(output.Length); - memmove(*outData, output.Data, output.Length); - *outDataLen = output.Length; - } - else { - *outData = NULL; - *outDataLen = 0; - } -errOut: - if(arena) { - SecArenaPoolFree(arena, false); - } - return ortn; -} - -#endif - -static OSStatus doSign( - SecIdentityRef signerId, - const unsigned char *inData, - unsigned inDataLen, - unsigned char **outData, // mallocd and RETURNED - unsigned *outDataLen) // RETURNED -{ - if((inData == NULL) || (inDataLen == 0) || (outData == NULL)) { - printf("***Sign requires input file. Aborting.\n"); - return paramErr; - } - if(signerId == NULL) { - printf("***Sign requires a signing identity. Aborting.\n"); - return paramErr; - } - - SecCmsMessageRef cmsMsg = NULL; - SecCmsContentInfoRef contentInfo = NULL; - SecCmsSignedDataRef signedData = NULL; - SecCertificateRef ourCert = NULL; - SecCmsSignerInfoRef signerInfo; - OSStatus ortn; - SecKeychainRef ourKc = NULL; - - ortn = SecIdentityCopyCertificate(signerId, &ourCert); - if(ortn) { - cssmPerror("SecIdentityCopyCertificate", ortn); - return ortn; - } - ortn = SecKeychainItemCopyKeychain((SecKeychainItemRef)ourCert, &ourKc); - if(ortn) { - cssmPerror("SecKeychainItemCopyKeychain", ortn); - goto errOut; - } - - // build chain of objects: message->signedData->data - cmsMsg = SecCmsMessageCreate(NULL); - if(cmsMsg == NULL) { - printf("***Error creating SecCmsMessageRef\n"); - ortn = -1; - goto errOut; - } - signedData = SecCmsSignedDataCreate(cmsMsg); - if(signedData == NULL) { - printf("***Error creating SecCmsSignedDataRef\n"); - ortn = -1; - goto errOut; - } - contentInfo = SecCmsMessageGetContentInfo(cmsMsg); - ortn = SecCmsContentInfoSetContentSignedData(cmsMsg, contentInfo, signedData); - if(ortn) { - cssmPerror("SecCmsContentInfoSetContentSignedData", ortn); - goto errOut; - } - contentInfo = SecCmsSignedDataGetContentInfo(signedData); - ortn = SecCmsContentInfoSetContentData(cmsMsg, contentInfo, NULL /* data */, false); - if(ortn) { - cssmPerror("SecCmsContentInfoSetContentData", ortn); - goto errOut; - } - - /* - * create & attach signer information - */ - signerInfo = SecCmsSignerInfoCreate(cmsMsg, signerId, SEC_OID_SHA1); - if (signerInfo == NULL) { - printf("***Error on SecCmsSignerInfoCreate\n"); - ortn = -1; - goto errOut; - } - /* we want the cert chain included for this one */ - /* FIXME - what's the significance of the usage? */ - ortn = SecCmsSignerInfoIncludeCerts(signerInfo, SecCmsCMCertChain, certUsageEmailSigner); - if(ortn) { - cssmPerror("SecCmsSignerInfoIncludeCerts", ortn); - goto errOut; - } - - /* other options go here - signing time, etc. */ - - ortn = SecCmsSignerInfoAddSMIMEEncKeyPrefs(signerInfo, ourCert, ourKc); - if(ortn) { - cssmPerror("SecCmsSignerInfoAddSMIMEEncKeyPrefs", ortn); - goto errOut; - } - ortn = SecCmsSignedDataAddCertificate(signedData, ourCert); - if(ortn) { - cssmPerror("SecCmsSignedDataAddCertificate", ortn); - goto errOut; - } - - ortn = SecCmsSignedDataAddSignerInfo(signedData, signerInfo); - if(ortn) { - cssmPerror("SecCmsSignedDataAddSignerInfo", ortn); - goto errOut; - } - - /* go */ - ortn = encodeCms(cmsMsg, inData, inDataLen, outData, outDataLen); -errOut: - /* free resources */ - if(cmsMsg) { - SecCmsMessageDestroy(cmsMsg); - } - if(ourCert) { - CFRelease(ourCert); - } - if(ourKc) { - CFRelease(ourKc); - } - return ortn; -} - -static OSStatus doEncrypt( - SecCertificateRef recipCert, // eventually more than one - const unsigned char *inData, - unsigned inDataLen, - unsigned char **outData, // mallocd and RETURNED - unsigned *outDataLen) // RETURNED -{ - if((inData == NULL) || (inDataLen == 0) || (outData == NULL)) { - printf("***Sign requires input file. Aborting.\n"); - return paramErr; - } - if(recipCert == NULL) { - printf("***Encrypt requires a recipient certificate. Aborting.\n"); - return paramErr; - } - - SecCmsMessageRef cmsMsg = NULL; - SecCmsContentInfoRef contentInfo = NULL; - SecCmsEnvelopedDataRef envelopedData = NULL; - SecCmsRecipientInfoRef recipientInfo = NULL; - OSStatus ortn; - SecCertificateRef allCerts[2] = { recipCert, NULL}; - - SECOidTag algorithmTag; - int keySize; - - ortn = SecSMIMEFindBulkAlgForRecipients(allCerts, &algorithmTag, &keySize); - if(ortn) { - cssmPerror("SecSMIMEFindBulkAlgForRecipients", ortn); - return ortn; - } - - // build chain of objects: message->envelopedData->data - cmsMsg = SecCmsMessageCreate(NULL); - if(cmsMsg == NULL) { - printf("***Error creating SecCmsMessageRef\n"); - ortn = -1; - goto errOut; - } - envelopedData = SecCmsEnvelopedDataCreate(cmsMsg, algorithmTag, keySize); - if(envelopedData == NULL) { - printf("***Error creating SecCmsEnvelopedDataRef\n"); - ortn = -1; - goto errOut; - } - contentInfo = SecCmsMessageGetContentInfo(cmsMsg); - ortn = SecCmsContentInfoSetContentEnvelopedData(cmsMsg, contentInfo, envelopedData); - if(ortn) { - cssmPerror("SecCmsContentInfoSetContentEnvelopedData", ortn); - goto errOut; - } - contentInfo = SecCmsEnvelopedDataGetContentInfo(envelopedData); - ortn = SecCmsContentInfoSetContentData(cmsMsg, contentInfo, NULL /* data */, false); - if(ortn) { - cssmPerror("SecCmsContentInfoSetContentData", ortn); - goto errOut; - } - - /* - * create & attach recipient information - */ - recipientInfo = SecCmsRecipientInfoCreate(cmsMsg, recipCert); - ortn = SecCmsEnvelopedDataAddRecipient(envelopedData, recipientInfo); - if(ortn) { - cssmPerror("SecCmsEnvelopedDataAddRecipient", ortn); - goto errOut; - } - - - /* go */ - ortn = encodeCms(cmsMsg, inData, inDataLen, outData, outDataLen); -errOut: - /* free resources */ - if(cmsMsg) { - SecCmsMessageDestroy(cmsMsg); - } - return ortn; -} - -int main(int argc, char **argv) -{ - if(argc < 2) { - usage(argv); - } - - CT_Op op; - bool needId = false; - if(!strcmp(argv[1], "sign")) { - op = CTO_Sign; - needId = true; - } - else if(!strcmp(argv[1], "envel")) { - op = CTO_Envelop; - } - else if(!strcmp(argv[1], "parse")) { - op = CTO_Parse; - } - else { - printf("***Unrecognized cmd.\n"); - usage(argv); - } - - extern int optind; - extern char *optarg; - int arg; - int ourRtn = 0; - - /* optional args */ - const char *keychainName = NULL; - char *inFileName = NULL; - char *outFileName = NULL; - bool useIdPicker = false; - char *recipient = NULL; - bool quiet = false; - bool parseSignerCert = false; - - optind = 2; - while ((arg = getopt(argc, argv, "i:o:k:pr:qc")) != -1) { - switch (arg) { - case 'i': - inFileName = optarg; - break; - case 'o': - outFileName = optarg; - break; - case 'k': - keychainName = optarg; - break; - case 'p': - useIdPicker = true; - break; - case 'r': - recipient = optarg; - break; - case 'c': - parseSignerCert = true; - break; - case 'q': - quiet = true; - break; - default: - case '?': - usage(argv); - } - } - if(optind != argc) { - /* getopt does not return '?' */ - usage(argv); - } - - SecIdentityRef idRef = NULL; - SecKeychainRef kcRef = NULL; - SecCertificateRef recipientCert; - unsigned char *inData = NULL; - unsigned inDataLen = 0; - unsigned char *outData = NULL; - unsigned outDataLen = 0; - OSStatus ortn; - - if(inFileName) { - if(readFile(inFileName, &inData, &inDataLen)) { - printf("***Error reading infile %s. Aborting.\n", inFileName); - exit(1); - } - } - if(keychainName) { - ortn = SecKeychainOpen(keychainName, &kcRef); - if(ortn) { - cssmPerror("SecKeychainOpen", ortn); - exit(1); - } - } - if(useIdPicker) { - ortn = sslSimpleIdentPicker(kcRef, &idRef); - if(ortn) { - printf("Error obtaining idenity via picker. Aborting.\n"); - exit(1); - } - } - else if(needId) { - /* use first identity in specified keychain */ - CFArrayRef array = sslKcRefToCertArray(kcRef, CSSM_FALSE, CSSM_FALSE, NULL); - if(array == NULL) { - printf("***Error finding a signing cert. Aborting.\n"); - exit(1); - } - idRef = (SecIdentityRef)CFArrayGetValueAtIndex(array, 0); - if(idRef == NULL) { - printf("***No identities found. Aborting.\n"); - exit(1); - } - CFRetain(idRef); - CFRelease(array); - } - if(recipient) { - ortn = findCert(recipient, kcRef, &recipientCert); - if(ortn) { - exit(1); - } - } - - switch(op) { - case CTO_Sign: - ortn = doSign(idRef, inData, inDataLen, &outData, &outDataLen); - break; - case CTO_Envelop: - ortn = doEncrypt(recipientCert, inData, inDataLen, &outData, &outDataLen); - break; - case CTO_Parse: - ortn = doParse(inData, inDataLen, parseSignerCert, &outData, &outDataLen); - break; - } - if(ortn) { - goto errOut; - } - if(outData && outFileName) { - if(writeFile(outFileName, outData, outDataLen)) { - printf("***Error writing to %s.\n", outFileName); - } - else { - printf("...wrote %lu bytes to %s.\n", outDataLen, outFileName); - } - } - else if(outData) { - printf("...generated %lu bytes but no place to write it.\n", outDataLen); - } - else if(outFileName) { - printf("...nothing to write to file %s.\n", outFileName); - } -errOut: - return ourRtn; -} \ No newline at end of file diff --git a/SecurityTests/clxutils/cmstool/testSubjects/signed1.cms b/SecurityTests/clxutils/cmstool/testSubjects/signed1.cms deleted file mode 100644 index b48b04d2d450f8335c5959a67e8f13dc9f5e4ea8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 23230 zcmeHP3wT^roo~`mn3MuFpgamaEwr7adCau*LHZ1ngvO>x$Rwpuy76Y_Cb?!ZcY5zk z($Hcb@=#Vp5k&kb)CGBiAENj`1QpjsRuDv9@>0-U5CI>^B41&D|MR%_+?mOv>$mFe zM?Yxio_o&!|3Clpf1h)1WY@G%)dlM=cxy(Z;0F6-x}cS=&z4CNddT!-kBsl}Y7{tjS^<;%vxtU8CQ0tC^L~ zn(3sOWLcZ_n#@QuBb7CsH1+JW9hMz18Nh`?ERk~@Go4M1vYczC0Dw@iggpe8U@x<(HX<<=!~&Bch4^9lCs014Tc z>12ao6RCzwrkg{vl3-+ql^8UgG5ff#*FV^&ICvcquPe1I|AF`MmNI%#ArJ6#ui z48o;%anl*L5~f>MTU*!c7(?cW?F_ngF~jM#)6}81Pqo&qGmWI_xOE$hM3dv#jvEB0 zmYCK$Hsm&?6E?b!+o#c-xDVhsqnWIkY&5dQxX_x?!)D6POrqxop$+3g>ogNq#=^3- zr2F#ZFmI-Dt3N#nq`aFmA+(rH3OWJSE+^+^A$G%KPhq_|niw#wbW7G88owt=uGMEH zU;)Mk7vIpbp^09XyIF`mJtF5iwa&~%dHKQS$BU>t0l!w#^>Njkpa;964F8UjQb-`)^k3TgvEa8}B zwWv|>zi@y_GLb)kH!49X9Frln^2UfKL${)g>{Z^lc0RLWG}lOyN`KXWUw_x5jY8jS^Nt)f|q=~97bdp8MU=w)YhD3s-EUHD;thND$Xr0 z&yGUZO(G;W#I~1*VqNV$q-53Nr!)uhiQCHZb6Kpbr#-Wxyj=LqW(%Io;G~d46Z5p- z96i>Q)yQ)1 z8tBR_m%(p4z&T=N2bB9|gD^4;Da&w4e;cw{hZ*?G>diq($v@XAJ#3H1p^!NjLYYpI zDu>HM2|Eo+g<5iK4T3J>MROO})(N%^CK{Xu$1z5$L!nSz9iB-a>6u~D<}he)>uzl= z50O3hO#}_CqO~Jc4=L;b5enH(HVsWieJ=Raz*Mn79s$R%_jK(#3|-4AZA0&gAs4(nVXo5DMh+@edEo3g4(y^rid1l10XfNlJM?=BnW86qJJ2qcMK3_NN^S(S3qNUatObZ@M8Lo@f3UT;E z1%DtO67^PJn0Q@DQXfjV?ofwG4mmt`QrKa4`Dg$NIc7HJr1>)*&mDInc4oBA+?EX! z71b=P;Ubc`TvT$w$fr=5_NuC?Hk&IOq!mnsrT4VSH#zg5J`KH~km5RNAPVV>HFqK= zHC&UELrjrVN!ticxP8zal?j&ug1O&>f~cQFv@4qf@~k-GcXV^9EU6CUT#e{7sS&94 z)#oUh$b-Q*g;m#THedY|qY9R>u8O$>b}p4l+r#7w2IG{Yvt8X;(c z*=}E7&0v-V`2z+-J7x6un@I`4PMZwg5@{8fPAql7F$Rl5vom^AX07N*ob!U9HXE*j zIskqKTp`xfcnib?<5Q56V)KSiG$5BWkL?5$OWAK`S;`)%;X_zg2jliaa#h)ImdyxP zLd?_b8OL^-nT^5F2w{mKviBqlqOAs!P=|unskrbKK+~mIStSk(CJ72BWZ6T*rC2Uv zEFRy`)Y;k7)zQ<^wy~kLrLm`>Ew-+`vnSTn*;UVIe5g=zy2S#3zm9FI=z@9*Gs1BT zDbWzLwRiP&b#}+Qni{#3aNa^G2n1x z9=uR%J85S}M{85hCcNl5wISXTqnAW2?<7bP_zGO4E)#jQ3e36{DTr){17ckQB&(=K z#|)Du9uJ5F329s+5W69kM8YD(#}xzx1Vy}|IzfyA&vB)NG9NBYjw_^vOb0BH2cIT@ zs$Q6|Ce3ZDA}i>hm3{~Qyl|liB?}Z>$fUr)<|V}=<>l1`hJc4W!7nnEF=f8c9t+U; zdl-2pDJn7=WeyPT_6h9V z9Ha?DA-!cF1Xg&&)TIdx`MnEfzmjUX0iOGd>+^yerq!zz4Fp#k#*1H`N###Pga)yJ z#%L~ky!PjdT&y{c%rV_hpuD6lPn9@y4^)g-ecMpq6q3Q;^11UQnF9gL&Cy6CvW29& zVE*3fae^HFsL7{JMquTXbr0}wEaH4dl0mEtGSXih=))Yv1B#>sH~btIRem+2YDQD4 zW`n9fFUx{=4e?k@OQjMoMJ1$)A$>yrj}ihRT*|?Mr46cQ#3-xA8@0?rdVTslmnNN; zA|@zon1%0vg(DS`N)kh;MM=_^7h0E)WIs=|l{o6`1XtFfW0 zfyYTyY39gubK_G4mQxQ28+Igtchn+)=NpnjSpt^@ll#pq=P(gNoF+iLnuZ=8bAz!^ zkU5eR-R1CL2#nH}!&{G4-X9jH7{uY}jn}y9?6iiJ%LMT&wR~9CPAp=hM^w=$*IbB ztyC!z*+e1lfwv85L;wtk@G=Sg1)+r+s;y^+JwR?$$UYQLGxX7cTtnCa?KQUrmKP8f znStb>9|$V(!4xDQMtPISRDx*=_fbecSru&?VFn%|jRXp&1UISDi{9acMN{_tnOGwN z(}n#9@kfgSJS0+}_>Rh=(mgxOw!%y){gagix~@_JD6-kRcagk(w-d zzYQH-XKH?q+??<4xyM3;wwbc+j)u;7Q)f@StFxu;w4Qj&Sxr2?4S6e9tA6>o8@W}= zBc+;xKF$n}8&dI9J5dpDih;Mp9I-)Du*yLeqoZQ6s__~9a=yGo3wS+z8tY^6Wg!1F z_{bg#)Obm1J4J+ghQSjB5+s+_m%k0sMg=UeFdQ^BysxCp35`Y9UQwibbPhP|q6VJl zBC={$lL&YZLe0bo)sqKM zs<-GsHo)VP2xYiZLW;b2r`a*hunanQ9!yX%2vx~Gyi#Gz8X54c;njB;HTauWVqaS1 ztJvA5^D(Fn<4jT-8wE7vM5~WQuzk&Uie0KRn{0$OZAS(W_$^+#WXbZSQQB4Rv$ml+ zff4zku7C>Z_X?hJL7^BS;U5sYVsWsCoX2k~&AG?JSL}7uo;hvL1fo{a2YmbA4S;pl zlg4w-Lqz;2(p#A^B2iDoS%M^^g{p(wed-}>DCsO`Rh6RcTr6kakaon+7=!$pu%bg= zh>DlO&PWC$u%Mk2$zvpr0x#{mBaEg@k{SS&L=Fewg)kS7sY>pr5 zD**=Du@oh5G#C6rP4Rm1)fVglRT3p1q;Lsk@dkM60>Sq@lIjb(cT z$2O2e(Lv9`+^_%}_l1oJy+=&GBWLU*>OQbEy37q)f!)cRG6OtUPTY1tgDp!nZSy%;HF0Ugvh}_dlK9K&<{QsJA7N~J~ z8MFo2f*!4^@VNko!FSuJRI83r9#H8Fy6J~n`Gqfv)rG~@vJ!5!{RH1L-G1jlUZb6b z^}6!>2vr8Ho^I!Oz1{1Q2aVU$3A5x5QtBeU0JJJ&M|}Zvz2;i<`j?W<80;ezL?k61 z^AY$+iY78{V?ff4Z9sh}{`QTnA~)Ywhl`wLtCSQ8+SVr~qHHYKI%$Olkr)r}*qgI( z?h6(l@ifi~*}We%6Ir)j-P)*G%@=~_pf#(>Pa-^5RZ}4{QmmvWCO;?%R{h2hZ?O-N zpfidj)d65wRh5uQ9@fwi$WXyFeCi-k0)#J>f#5(Ar4Kj|!hEQcrcLIUyey=Mlg#q- zS9+`Eu)f4VVKrrpd*vaY5HFb55TR5;W`(cUL~=7RhVdkb^TVdb&bBc+XCWXj03Wh*4tWRs9f&lozD~D6i3Bw*~8sBgGs6 z;=_d4AydUZV3E$F5hwW^dsKB0Spo*AK!%U-52>qWy&t5hu$K_AB56Q=6)$N+VkxBwrj$vDyMX|z}q`AQvEjW6Auhwe@MDrFmlku3BPkpAoO$}UWglS z6d#hO=2C+Vss3ggr7n4O(+w-cbOJ#Gibn};A~Q8Ec->MJm(N2ciAoqy>>r;RLEuQPqa3S{4FCEWK;$kneakp1o(nyd$9c3orXl(NOsP_#s#j;dzU5ixr42^ZS;u`C_)w-LZv4OsIpD)8m(XoTB(cw z3t?*~zcoQSbX=@NzJ&{b=p>?K*c|V&F)Tf=V$n%!FjK|{0)>@s#!>>L1tum2}S^D@6+_mWC`OUtE@?Ek`0MtI1$bXv`6?>edc2HdOu!Rrad#&x3Fj7qKh16xWaiZw* z-pef5-*hkB--T`S#Z<70r$9!MR8)J15L)Hg@(1PAQtq`46j2F7wJyoGP575EaH}nt z3Q?}EOaNaySSR_R2W=g7;TDK|FRU2fj&Cl6^^O$k(?W2tmQS6dc!(KW%sy3PEQys&WAwSm9R>+`D-;bev*J+ z0no1lXm>8ac?m`j`1Rd9G5J1dDox$rX-fdt#M2HbU8KDnO-C!`JP`P9q_4^};LAF= zx+aLJ#^Fk`6eRRQmB%6ucXTDwELaPENp})7QT>P3Qb6aZ{E`r72eqNt!&OYiqXBUu zb`Y~g5rVuO?(#@!3YZTy4^6xaRH$5Cq_#5x2{)fA;^96@DwNz?=1fs_H1#jk9HQ(M z)YLCgQPcf~2VDk1K?JIL6_|y>q5eH^Ts&q9V&YA5+c^L@&ofPGR${SyF6U=qw3L!J zbX-gG;DY6NJ%ZAP$*rmOws?tBj49L-0>NwCIP2_E+{cFpEGP)|Phfcv@a3fu$HqsK z=B0A1cQgxO#@Q4N2BmkL>l$rbwg33&8tLlz(x>0oNiu1oUwPod3zB z4D37r8=pV3vL4+Mr_==vg*PEyC)LovT@T3l3upk_M}eC*6K^nAF|X9C(hnZl;yWQz z_@8}y4tY7Ur}Sa`zkJ`+(vs5Bsnf5#J~G4m9A8NpKEBt>zr{DTyKGuT=~)fYd65&R z;i0@@R@Z}Vxx#b@ZE)sZUdHnrkJ*$rQ7aqTo>XgcJ^zZ=xz zx;Sju&teUc6FxK}a&jcPI1-6QmPHnwg~uh4=%Q2PVmmGcR%yXlu zHy*$I>$5hMe{Dh8+L0$~9)EGw!u5BqKE1B}pj~^veaQE=eCganFTNl-vuAC|zK*6Z z_J8fmS1kMCabMf@P3JRD-mvqkwWqcme95Elo}GF1&ena8Zrt(QV^=-)%wrF4y7Qdl zbM41%e7F0(_`PR-`O^Luzk2xk^o-v={NS_wvtN4doHc_hkIgP=Sj z|Ga9=+B>fN&fZ%eou9e*FXv5}Y41G0=?ho9{_xo!xwCX?$&`|7Ya`W>Szz_?Gs}*O zRO~Lo$3y9DMM=qfWu=iRI!7TbQ+My4(tgeM?og!Swz7jCyv<(iEIVWC$M^sE17Cgh z?DAXx^xW^R{={LoSG_a5JsREr%S*q%^18?Fd;Ex|T|GNqc>AfFZvSK3>Fcij{M(yv z?u=#EPI>p}OBOAAbI#&pFPMJRC7;>-mlv*&r6c>#zpCozPqkcjYW&}(?EKFc_IBUU zP=Dbc=QPC6_^olxQ~z|q88^Kz((jA(|2vVMx&~r>qp;E?Gjy#x2sV26BS9k#%_VDj zNX4ONV9SoGATc9jMn4caf|?Jm2+QqQRs$Bk+3V-3-TkxJc0&%#%JxKF5|eMs^NYqQ*^aC1#Q zVR2+xbQ$h);}3iS{KK;7(nX7xoU-JUv;HQ2Y4&fA?mPK{MFZJvroN8u-PQVht`iHU+_Q44v4&doi%cgV zhnJNhI+%vV!^6z7xe<2V36WV!a;8?y?7&Ak5&yIry=H1rO?2^cookR!@(Sxd^+?CZ zUzuL}?=!CLyS4xDonN{2yWjuNmtvp4Z12w2Ip6%RrL%9Yxn^nIeSezO!9JH+x&O9b z8ofVws{WXdop;BT$4&X+vD5ctub$U&S?`a2v0&>N^Dch&rmIf*^ru+6*>m~RZ@qQl zX%a&t z*55*SL@?!l#dzQDyP<08OUI$9(dpj9!6gW)yfzx7AU z=iO6%WMW3-oN3eLhmu1_lunNh?)w`~M2iZc2W5LorYsNrX35nr7;h|oY02!xmt+W^8)o_3Pg}W%knhqYvHCI(p}~4taKteSH53 zyN*8f#*$;cP`ZC`wDJCX?|CNo(59Q8-TS;XvSsECuivuo505^0`- 0 ) - switch ( "$argv[1]" ) - case q: - set QUIET = -q - shift - breaksw - default: - echo Usage: vfyCms \[q\(uiet\)\] - exit(1) - endsw -end -# -# signed1.cms is ptext1 wrapped in a signedData -# -set TMP_PTEXT=/tmp/ptext_tmp -$LOCAL_BUILD_DIR/cmstool parse -i signed1.cms -o $TMP_PTEXT -v sign $QUIET || exit(1) -cmp ptext1.txt $TMP_PTEXT -if ($status != 0) then - echo ### Data miscompare: plaintext signed1.cms recovered $TMP_PTEXT - exit(1) -endif diff --git a/SecurityTests/clxutils/crlTool/Makefile b/SecurityTests/clxutils/crlTool/Makefile deleted file mode 100644 index fe3d898c..00000000 --- a/SecurityTests/clxutils/crlTool/Makefile +++ /dev/null @@ -1,54 +0,0 @@ -# name of executable to build -EXECUTABLE=crlTool -# C++ source (with .cpp extension) -CPSOURCE= crlTool.cpp crlNetwork.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= -framework LDAP - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/clxutils/crlTool/crlNetwork.cpp b/SecurityTests/clxutils/crlTool/crlNetwork.cpp deleted file mode 100644 index 240824cd..00000000 --- a/SecurityTests/clxutils/crlTool/crlNetwork.cpp +++ /dev/null @@ -1,253 +0,0 @@ -/* - * crlNetwork.cpp - Network support for crlTool - */ - -#include "crlNetwork.h" -#include -#include -#include -#include -#include -#include - -#define ocspdErrorLog(args...) printf(args) - -#pragma mark ----- LDAP fetch ----- - -/* - * LDAP attribute names, used if not present in URI. - */ -#define LDAP_ATTR_CERT "cacertificate;binary" -#define LDAP_ATTR_CRL "certificaterevocationlist;binary" - -/* - * Default LDAP options. - */ -#define LDAP_REFERRAL_DEFAULT LDAP_OPT_ON - -static CSSM_RETURN ldapRtnToCssm( - int rtn) -{ - switch(rtn) { - case LDAP_SERVER_DOWN: - case LDAP_TIMEOUT: - case LDAP_CONNECT_ERROR: - return CSSMERR_APPLETP_CRL_SERVER_DOWN; - case LDAP_PARAM_ERROR: - case LDAP_FILTER_ERROR: - return CSSMERR_APPLETP_CRL_BAD_URI; - default: - return CSSMERR_APPLETP_CRL_NOT_FOUND; - } -} - -static CSSM_RETURN ldapFetch( - const CSSM_DATA &url, - LF_Type lfType, - CSSM_DATA &fetched) // mallocd and RETURNED -{ - BerValue **value = NULL; - LDAPURLDesc *urlDesc = NULL; - int rtn; - LDAPMessage *msg = NULL; - LDAP *ldap = NULL; - LDAPMessage *entry = NULL; - bool mallocdString = false; - char *urlStr; - int numEntries; - CSSM_RETURN ourRtn = CSSM_OK; - /* attr input to ldap_search_s() */ - char *attrArray[2]; - char **attrArrayP = NULL; - - /* don't assume URL string is NULL terminated */ - if(url.Data[url.Length - 1] == '\0') { - urlStr = (char *)url.Data; - } - else { - urlStr = (char *)malloc(url.Length + 1); - memmove(urlStr, url.Data, url.Length); - urlStr[url.Length] = '\0'; - mallocdString = true; - } - - /* break up the URL into something usable */ - rtn = ldap_url_parse(urlStr, &urlDesc); - if(rtn) { - ocspdErrorLog("ldap_url_parse returned %d", rtn); - return CSSMERR_APPLETP_CRL_BAD_URI; - } - - /* - * Determine what attr we're looking for. - */ - if((urlDesc->lud_attrs != NULL) && // attrs present in URL - (urlDesc->lud_attrs[0] != NULL) && // at least one attr present - (urlDesc->lud_attrs[1] == NULL)) { - /* - * Exactly one attr present in the caller-specified URL; - * assume that this is exactly what we want. - */ - attrArrayP = &urlDesc->lud_attrs[0]; - } - else { - /* use caller-specified attr */ - switch(lfType) { - case LT_Crl: - attrArray[0] = (char *)LDAP_ATTR_CRL; - break; - case LT_Cert: - attrArray[0] = (char *)LDAP_ATTR_CERT; - break; - default: - printf("***ldapFetch screwup: bogus lfType (%d)\n", - (int)lfType); - return CSSMERR_CSSM_INTERNAL_ERROR; - } - attrArray[1] = NULL; - attrArrayP = &attrArray[0]; - } - - /* establish connection */ - rtn = ldap_initialize(&ldap, urlStr); - if(rtn) { - ocspdErrorLog("ldap_initialize returned %d\n", rtn); - return ldapRtnToCssm(rtn); - } - /* subsequent errors to cleanup: */ - rtn = ldap_simple_bind_s(ldap, NULL, NULL); - if(rtn) { - ocspdErrorLog("ldap_simple_bind_s returned %d\n", rtn); - ourRtn = ldapRtnToCssm(rtn); - goto cleanup; - } - - rtn = ldap_set_option(ldap, LDAP_OPT_REFERRALS, LDAP_REFERRAL_DEFAULT); - if(rtn) { - ocspdErrorLog("ldap_set_option(referrals) returned %d\n", rtn); - ourRtn = ldapRtnToCssm(rtn); - goto cleanup; - } - - rtn = ldap_search_s( - ldap, - urlDesc->lud_dn, - LDAP_SCOPE_SUBTREE, - urlDesc->lud_filter, - urlDesc->lud_attrs, - 0, // attrsonly - &msg); - if(rtn) { - ocspdErrorLog("ldap_search_s returned %d\n", rtn); - ourRtn = ldapRtnToCssm(rtn); - goto cleanup; - } - - /* - * We require exactly one entry (for now). - */ - numEntries = ldap_count_entries(ldap, msg); - if(numEntries != 1) { - ocspdErrorLog("tpCrlViaLdap: numEntries %d\n", numEntries); - ourRtn = CSSMERR_APPLETP_CRL_NOT_FOUND; - goto cleanup; - } - - entry = ldap_first_entry(ldap, msg); - value = ldap_get_values_len(ldap, msg, attrArrayP[0]); - if(value == NULL) { - ocspdErrorLog("Error on ldap_get_values_len\n"); - ourRtn = CSSMERR_APPLETP_CRL_NOT_FOUND; - goto cleanup; - } - - fetched.Length = value[0]->bv_len; - fetched.Data = (uint8 *)malloc(fetched.Length); - memmove(fetched.Data, value[0]->bv_val, fetched.Length); - - ldap_value_free_len(value); - ourRtn = CSSM_OK; -cleanup: - if(msg) { - ldap_msgfree(msg); - } - if(mallocdString) { - free(urlStr); - } - ldap_free_urldesc(urlDesc); - rtn = ldap_unbind(ldap); - if(rtn) { - ocspdErrorLog("Error %d on ldap_unbind\n", rtn); - /* oh well */ - } - return ourRtn; -} - -#pragma mark ----- HTTP fetch via GET ----- - -/* fetch via HTTP */ -static CSSM_RETURN httpFetch( - const CSSM_DATA &url, - CSSM_DATA &fetched) // mallocd in alloc space and RETURNED -{ - /* trim off possible NULL terminator */ - CSSM_DATA theUrl = url; - if(theUrl.Data[theUrl.Length - 1] == '\0') { - theUrl.Length--; - } - CFURLRef cfUrl = CFURLCreateWithBytes(NULL, - theUrl.Data, theUrl.Length, - kCFStringEncodingUTF8, // right? - //kCFStringEncodingASCII, // right? - NULL); // this is absolute path - if(cfUrl == NULL) { - ocspdErrorLog("CFURLCreateWithBytes returned NULL\n"); - return CSSMERR_APPLETP_CRL_BAD_URI; - } - CFDataRef urlData = NULL; - SInt32 errorCode; - Boolean brtn = CFURLCreateDataAndPropertiesFromResource(NULL, - cfUrl, - &urlData, - NULL, // no properties - NULL, - &errorCode); - CFRelease(cfUrl); - if(!brtn) { - ocspdErrorLog("CFURLCreateDataAndPropertiesFromResource err: %d\n", - (int)errorCode); - if(urlData) { - return CSSMERR_APPLETP_NETWORK_FAILURE; - } - } - if(urlData == NULL) { - ocspdErrorLog("CFURLCreateDataAndPropertiesFromResource: no data\n"); - return CSSMERR_APPLETP_NETWORK_FAILURE; - } - CFIndex len = CFDataGetLength(urlData); - fetched.Data = (uint8 *)malloc(len); - fetched.Length = len; - memmove(fetched.Data, CFDataGetBytePtr(urlData), len); - CFRelease(urlData); - return CSSM_OK; -} - -/* Fetch cert or CRL from net, we figure out the schema */ -CSSM_RETURN crlNetFetch( - const CSSM_DATA *url, - LF_Type lfType, - CSSM_DATA *fetched) // mallocd in alloc space and RETURNED -{ - if(url->Length < 5) { - return CSSMERR_APPLETP_CRL_BAD_URI; - } - if(!strncmp((char *)url->Data, "ldap:", 5)) { - return ldapFetch(*url, lfType, *fetched); - } - if(!strncmp((char *)url->Data, "http:", 5) || - !strncmp((char *)url->Data, "https:", 6)) { - return httpFetch(*url, *fetched); - } - return CSSMERR_APPLETP_CRL_BAD_URI; -} - diff --git a/SecurityTests/clxutils/crlTool/crlNetwork.h b/SecurityTests/clxutils/crlTool/crlNetwork.h deleted file mode 100644 index 592ec5c0..00000000 --- a/SecurityTests/clxutils/crlTool/crlNetwork.h +++ /dev/null @@ -1,30 +0,0 @@ -/* - * crlNetwork.h - Network support for crlTool - */ - -#ifndef _CRL_NETWORK_H_ -#define _CRL_NETWORK_H_ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* Fetch cert or CRL from net, we figure out the schema */ - -typedef enum { - LT_Crl = 1, - LT_Cert -} LF_Type; - -CSSM_RETURN crlNetFetch( - const CSSM_DATA *url, - LF_Type lfType, - CSSM_DATA *fetched); // mallocd and RETURNED - -#ifdef __cplusplus -} -#endif - -#endif /* _CRL_NETWORK_H_ */ diff --git a/SecurityTests/clxutils/crlTool/crlTool.cpp b/SecurityTests/clxutils/crlTool/crlTool.cpp deleted file mode 100644 index 54050bb3..00000000 --- a/SecurityTests/clxutils/crlTool/crlTool.cpp +++ /dev/null @@ -1,232 +0,0 @@ -/* - * crlTool.cpp - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "crlNetwork.h" -#include -#define LOOPS_DEF 100 - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" -c certFile -- obtain CRL via net from this cert\n"); - printf(" -C crlFile -- CRL from this file\n"); - printf(" -p -- parse the CRL\n"); - printf(" -o outFile -- write the fetched CRL to this file\n"); - printf(" -v -- verbose CRL dump\n"); - /* etc. */ - exit(1); -} - -static int fetchCrlViaGeneralNames( - const CE_GeneralNames *names, - unsigned char **crl, // mallocd and RETURNED - size_t *crlLen) // RETURNED -{ - CSSM_DATA crlData = {0, NULL}; - CSSM_RETURN crtn; - - for(unsigned nameDex=0; nameDexnumNames; nameDex++) { - CE_GeneralName *name = &names->generalName[nameDex]; - switch(name->nameType) { - case GNT_URI: - if(name->name.Length < 5) { - continue; - } - if(strncmp((char *)name->name.Data, "ldap:", 5) && - strncmp((char *)name->name.Data, "http:", 5) && - strncmp((char *)name->name.Data, "https:", 6)) { - /* eventually handle other schemes here */ - continue; - } - - /* OK, we can do this */ - crtn = crlNetFetch(&name->name, LT_Crl, &crlData); - if(crtn) { - printf("...net fetch error\n"); - return 1; - } - *crl = crlData.Data; - *crlLen = crlData.Length; - return 0; - - default: - printf("fetchCrlViaGeneralNames: unknown" - "nameType (%u)", (unsigned)name->nameType); - break; - } - } - printf("...GNT_URI name not found in GeneralNames\n"); - return 1; -} - -static int fetchCrl( - CertParser &cert, - unsigned char **crl, // mallocd and RETURNED - size_t *crlLen) // RETURNED -{ - CE_CRLDistPointsSyntax *dps = (CE_CRLDistPointsSyntax *) - cert.extensionForOid(CSSMOID_CrlDistributionPoints); - - *crl = NULL; - *crlLen = 0; - if(dps == NULL) { - /* not an error, just indicate NULL return */ - printf("***No CrlDistributionPoints in this cert.\n"); - return 0; - } - for(unsigned dex=0; dexnumDistPoints; dex++) { - - CE_CRLDistributionPoint *dp = &dps->distPoints[dex]; - if(dp->distPointName == NULL) { - continue; - } - switch(dp->distPointName->nameType) { - case CE_CDNT_NameRelativeToCrlIssuer: - printf("...CE_CDNT_NameRelativeToCrlIssuer not implemented\n"); - break; - - case CE_CDNT_FullName: - { - CE_GeneralNames *names = dp->distPointName->dpn.fullName; - int rtn = fetchCrlViaGeneralNames(names, crl, crlLen); - if(rtn == 0) { - return 0; - } - /* else try again if there's another name */ - break; - } /* CE_CDNT_FullName */ - - default: - /* not yet */ - printf("unknown distPointName->nameType (%u)\n", - (unsigned)dp->distPointName->nameType); - break; - } /* switch distPointName->nameType */ - } /* for each distPoints */ - printf("...CrlDistributionPoints found, but nothing we can use.\n"); - return 0; -} - -int main(int argc, char **argv) -{ - char *certFile = NULL; - char *crlFile = NULL; - unsigned char *certData; - unsigned certDataLen; - bool doParse = false; - char *outFile = NULL; - CSSM_BOOL verbose = CSSM_FALSE; - unsigned char *crl = NULL; - size_t crlLen = 0; - int rtn = -1; - - if(argc < 2) { - usage(argv); - } - - extern char *optarg; - int arg; - while ((arg = getopt(argc, argv, "c:C:po:vh")) != -1) { - switch (arg) { - case 'c': - certFile = optarg; - break; - case 'C': - crlFile = optarg; - break; - case 'p': - doParse = true; - break; - case 'o': - outFile = optarg; - break; - case 'v': - verbose = CSSM_TRUE; - break; - case 'h': - usage(argv); - } - } - if(optind != argc) { - usage(argv); - } - if((certFile != NULL) && (crlFile != NULL)) { - printf("***crlFile and certFile are mutually exclusive.\n"); - usage(argv); - } - if((certFile == NULL) && (crlFile == NULL)) { - printf("***Must specify either certFile or crlFile\n"); - usage(argv); - } - - CSSM_RETURN crtn; - CSSM_CL_HANDLE clHand = clStartup(); - CertParser parser(clHand); - - if(crlFile) { - unsigned len; - if(readFile(crlFile, &crl, &len)) { - printf("***Error reading %s. Aborting.\n", crlFile); - exit(1); - } - crlLen = len; - } - if(certFile) { - if(readFile(certFile, &certData, &certDataLen)) { - printf("***Error reading %s. Aborting.\n", certFile); - exit(1); - } - CSSM_DATA cdata = {certDataLen, certData}; - crtn = parser.initWithData(cdata); - if(crtn) { - printf("Error parsing cert %s. Aborting.\n", certFile); - exit(1); - } - rtn = fetchCrl(parser, &crl, &crlLen); - if(rtn) { - printf("***aborting.\n"); - exit(1); - } - } - - if(doParse) { - if(crl == NULL) { - printf("...parse specified but no CRL found.\n"); - } - else { - if(certFile != NULL) { - printf("============== CRL for cert %s ==============\n", certFile); - } - printCrl(crl, crlLen, verbose); - if(certFile != NULL) { - printf("============== end of CRL ==============\n"); - } - } - } - if(outFile) { - if(crl == NULL) { - printf("...outFile specified but no CRL found.\n"); - } - else { - if(writeFile(outFile, crl, crlLen)) { - printf("***Error writing CRL to %s.\n", outFile); - rtn = 1; - } - else { - printf("...wrote %u bytes to %s\n", (unsigned)crlLen, outFile); - } - } - } - return rtn; -} diff --git a/SecurityTests/clxutils/dotMacArchive/Makefile b/SecurityTests/clxutils/dotMacArchive/Makefile deleted file mode 100644 index e8d9946a..00000000 --- a/SecurityTests/clxutils/dotMacArchive/Makefile +++ /dev/null @@ -1,50 +0,0 @@ -EXECUTABLE=dotMacArchive -# C++ source (with .cpp extension) -CPSOURCE= dotMacArchive.cpp dotMacTpAttach.cpp identSearch.cpp -# C source (.c extension) -CSOURCE= -OFILES = $(CSOURCE:%.c=%.o) $(CPSOURCE:%.cpp=%.o) - -LOCAL_BUILD= $(shell echo $(LOCAL_BUILD_DIR)) - -CC=c++ - -FRAMEWORKS= -framework Security -framework CoreFoundation -#FRAME_SEARCH= -F$(LOCAL_BUILD) -FRAME_SEARCH= -F$(LOCAL_BUILD) -FINCLUDES= -PINCLUDES= -CINCLUDES= $(FINCLUDES) $(PINCLUDES) -WFLAGS= -Wno-four-char-constants -Wno-deprecated-declarations -DEBUG_CFLAGS?= -CMDLINE_LDFLAGS?= -CFLAGS= -g $(CINCLUDES) $(WFLAGS) $(FRAME_SEARCH) $(DEBUG_CFLAGS) - -# -# This assumes final load with cc, not ld -# -LIBS= -lstdc++ -LIBPATH= -LDFLAGS= $(LIBS) $(LIBPATH) $(FRAME_SEARCH) $(CMDLINE_LDFLAGS) -lsecurity_cdsa_utils - -first: $(EXECUTABLE) - -install: - -$(EXECUTABLE): $(OFILES) - $(CC) -o $(EXECUTABLE) $(FRAMEWORKS) $(OFILES) $(LDFLAGS) - -64bit: - make "DEBUG_CFLAGS=-arch ppc64" "CMDLINE_LDFLAGS=-arch ppc64" - -64bitFat: - make "DEBUG_CFLAGS=-arch ppc64" "CMDLINE_LDFLAGS=-arch ppc64" - -clean: - rm -f *.o $(EXECUTABLE) - -%.o: %.c - $(CC) $(CFLAGS) -c -o $*.o $< - -%.o: %.cpp - $(CC) $(CFLAGS) -c -o $*.o $< diff --git a/SecurityTests/clxutils/dotMacArchive/dotMacArchive.cpp b/SecurityTests/clxutils/dotMacArchive/dotMacArchive.cpp deleted file mode 100644 index 2b46fd4e..00000000 --- a/SecurityTests/clxutils/dotMacArchive/dotMacArchive.cpp +++ /dev/null @@ -1,546 +0,0 @@ -/* - * dotMacArchive.cpp - test and demonstrate use of dotmacp_tp.bundle to - * manipulate Identity archives ont he .mac server. - */ -#include -#include -#include -//#include -#include -#include "identSearch.h" -#include "dotMacTpAttach.h" -#include -#include -#include -#include - -/* - * Defaults for the test setup du jour - */ -#define USER_DEFAULT "dmitch_new" -#define PWD_DEFAULT "password" -#define ARCHIVE_NAME_DEFAULT "dmitch_new" -#define HOST_DEFAULT "certmgmt.mac.com" - -/* - * Type of archive op - */ -typedef enum { - AO_List, - AO_Store, - AO_Fetch, - AO_Remove -} ArchiveOp; - -static void usage(char **argv) -{ - printf("usage: %s op [options]\n", argv[0]); - printf("Op:\n"); - printf(" l -- list archive contents\n"); - printf(" s -- store archive\n"); - printf(" f -- fetch archive\n"); - printf(" r -- remove archive(s)\n"); - printf("Options:\n"); - printf(" -u username -- Default is %s\n", USER_DEFAULT); - printf(" -Z password -- default is %s\n", PWD_DEFAULT); - printf(" -n archiveName -- default is %s\n", ARCHIVE_NAME_DEFAULT); - printf(" -k keychain -- Source/destination of archive\n"); - printf(" -H hostname -- Alternate .mac server host name (default %s)\n", - HOST_DEFAULT); - printf(" -o outFile -- write P12 blob to outFile\n"); - printf(" -z p12Phrase -- PKCS12 passphrase (default is GUI prompt)\n"); - printf(" -M -- Pause for MallocDebug\n"); - printf(" -l -- loop\n"); - exit(1); -} - -/* print a string in the form of a CSSM_DATA */ -static void printString( - const CSSM_DATA *str) -{ - for(unsigned dex=0; dexLength; dex++) { - printf("%c", str->Data[dex]); - } -} - - -/* - * Post a .mac archive request, with a small number of options. - */ -static CSSM_RETURN dotMacPostArchiveRequest( - ArchiveOp op, - CSSM_TP_HANDLE tpHand, - /* required fields for all ops */ - const CSSM_DATA *userName, // REQUIRED, C string - const CSSM_DATA *password, // REQUIRED, C string - - /* optional (per op, that is...) fields */ - const CSSM_DATA *hostName, // optional alternate host - const CSSM_DATA *archiveName, // required for store, fetch, remove - const CSSM_DATA *timeString, // required for store - const CSSM_DATA *pfxIn, // required for store - CSSM_DATA *pfxOut, // required and RETURNED for fetch - unsigned *numArchives, // required and RETURNED for list - DotMacArchive **archives) // required and RETURNED for list -{ - CSSM_RETURN crtn; - CSSM_TP_AUTHORITY_ID tpAuthority; - CSSM_TP_AUTHORITY_ID *tpAuthPtr = NULL; - CSSM_NET_ADDRESS tpNetAddrs; - CSSM_APPLE_DOTMAC_TP_ARCHIVE_REQUEST archReq; - CSSM_TP_REQUEST_SET reqSet; - CSSM_TP_CALLERAUTH_CONTEXT callerAuth; - sint32 estTime; - CSSM_DATA refId = {0, NULL}; - CSSM_FIELD policyField; - const CSSM_OID *opOid = NULL; - - if((tpHand == 0) || (userName == NULL) || (password == NULL)) { - printf("dotMacPostArchiveRequest: illegal common args\n"); - return paramErr; - } - switch(op) { - case AO_List: - if((numArchives == NULL) || (archives == NULL)) { - printf("dotMacPostArchiveRequest: illegal AO_List args\n"); - return paramErr; - } - opOid = &CSSMOID_DOTMAC_CERT_REQ_ARCHIVE_LIST; - break; - case AO_Store: - if((archiveName == NULL) || (timeString == NULL) || (pfxIn == NULL)) { - printf("dotMacPostArchiveRequest: illegal AO_Store args\n"); - return paramErr; - } - opOid = &CSSMOID_DOTMAC_CERT_REQ_ARCHIVE_STORE; - break; - case AO_Fetch: - if((archiveName == NULL) || (pfxOut == NULL)) { - printf("dotMacPostArchiveRequest: illegal AO_Fetch args\n"); - return paramErr; - } - opOid = &CSSMOID_DOTMAC_CERT_REQ_ARCHIVE_FETCH; - break; - case AO_Remove: - if(archiveName == NULL) { - printf("dotMacPostArchiveRequest: illegal AO_Remove args\n"); - return paramErr; - } - opOid = &CSSMOID_DOTMAC_CERT_REQ_ARCHIVE_REMOVE; - break; - } - - /* - * The main job here is bundling up the arguments into a - * CSSM_APPLE_DOTMAC_TP_ARCHIVE_REQUEST - */ - memset(&archReq, 0, sizeof(archReq)); - archReq.version = CSSM_DOT_MAC_TP_ARCHIVE_REQ_VERSION; - archReq.userName = *userName; - archReq.password = *password; - if(archiveName) { - archReq.archiveName = *archiveName; - } - if(timeString) { - archReq.timeString = *timeString; - } - if(pfxIn) { - archReq.pfx = *pfxIn; - } - - /* remaining arguments for TP call... */ - if((hostName != NULL) && (hostName->Data != NULL)) { - tpAuthority.AuthorityCert = NULL; - tpAuthority.AuthorityLocation = &tpNetAddrs; - tpNetAddrs.AddressType = CSSM_ADDR_NAME; - tpNetAddrs.Address = *hostName; - tpAuthPtr = &tpAuthority; - } - - reqSet.NumberOfRequests = 1; - reqSet.Requests = &archReq; - - policyField.FieldOid = *opOid; - policyField.FieldValue.Data = NULL; - policyField.FieldValue.Length = 0; - memset(&callerAuth, 0, sizeof(callerAuth)); - callerAuth.Policy.NumberOfPolicyIds = 1; - callerAuth.Policy.PolicyIds = &policyField; - - crtn = CSSM_TP_SubmitCredRequest (tpHand, - tpAuthPtr, - CSSM_TP_AUTHORITY_REQUEST_CERTISSUE, // CSSM_TP_AUTHORITY_REQUEST_TYPE - &reqSet, // const CSSM_TP_REQUEST_SET *RequestInput, - &callerAuth, - &estTime, // sint32 *EstimatedTime, - &refId); // CSSM_DATA_PTR ReferenceIdentifier - if(crtn) { - cssmPerror("CSSM_TP_SubmitCredRequest", crtn); - } - - /* success: post-process */ - switch(op) { - case AO_List: - *numArchives = archReq.numArchives; - *archives = archReq.archives; - break; - case AO_Store: - break; - case AO_Fetch: - *pfxOut = archReq.pfx; - break; - case AO_Remove: - break; - } - - return CSSM_OK; -} - -static void cStringToCssmData( - const char *cstr, - CSSM_DATA *cdata) -{ - if(cstr) { - cdata->Data = (uint8 *)cstr; - cdata->Length = strlen(cstr); - } - else { - cdata->Data = NULL; - cdata->Length = 0; - } -} - -int main(int argc, char **argv) -{ - SecKeychainRef kcRef = NULL; - CSSM_RETURN crtn; - CSSM_TP_HANDLE tpHand = 0; - OSStatus ortn; - - /* user-spec'd variables */ - ArchiveOp op = AO_List; - char *keychainName = NULL; - const char *userName = USER_DEFAULT; - const char *password = PWD_DEFAULT; - const char *archName = ARCHIVE_NAME_DEFAULT; - const char *hostName = HOST_DEFAULT; - char *outFile = NULL; - bool doPause = false; - bool loop = false; - char *p12Phrase = NULL; - - if(argc < 2) { - usage(argv); - } - switch(argv[1][0]) { - case 'l': - op = AO_List; - break; - case 's': - op = AO_Store; - break; - case 'f': - op = AO_Fetch; - break; - case 'r': - op = AO_Remove; - break; - default: - usage(argv); - } - - extern char *optarg; - extern int optind; - optind = 2; - int arg; - while ((arg = getopt(argc, argv, "u:Z:n:k:H:Nlo:z:")) != -1) { - switch (arg) { - case 'u': - userName = optarg; - break; - case 'Z': - password = optarg; - break; - case 'n': - archName = optarg; - break; - case 'k': - keychainName = optarg; - break; - case 'M': - doPause = true; - break; - case 'H': - hostName = optarg; - break; - case 'l': - loop = true; - break; - case 'o': - outFile = optarg; - break; - case 'z': - p12Phrase = optarg; - break; - case 'h': - usage(argv); - } - } - if(optind != argc) { - usage(argv); - } - - if(doPause) { - fpurge(stdin); - printf("Pausing for MallocDebug attach; CR to continue: "); - getchar(); - } - - if(keychainName != NULL) { - /* pick a keychain (optional) */ - ortn = SecKeychainOpen(keychainName, &kcRef); - if(ortn) { - cssmPerror("SecKeychainOpen", ortn); - exit(1); - } - - /* make sure it's there since a successful SecKeychainOpen proves nothing */ - SecKeychainStatus kcStat; - ortn = SecKeychainGetStatus(kcRef, &kcStat); - if(ortn) { - cssmPerror("SecKeychainGetStatus", ortn); - exit(1); - } - } - - /* bundle up our crufty C string args into CSSM_DATAs needed at the TP SPI */ - CSSM_DATA userNameData; - CSSM_DATA passwordData; - CSSM_DATA hostNameData; - CSSM_DATA archNameData; - CSSM_DATA timeStringData; - - cStringToCssmData(userName, &userNameData); - cStringToCssmData(password, &passwordData); - cStringToCssmData(hostName, &hostNameData); - cStringToCssmData(archName, &archNameData); - - /* time in seconds since the epoch, sprintf'd in base 10 */ - char timeStr[20]; - time_t nowTime = time(NULL); - printf("...nowTime = %lu\n", nowTime); - //nowTime += (60 * 60 * 24 * 26); // fails - nowTime += (60 * 60 * 24 * 25); // works - printf("...expirationTime = %lu\n", nowTime); - sprintf(timeStr, "%lu", nowTime); - timeStringData.Data = (uint8 *)timeStr; - timeStringData.Length = strlen(timeStr); - - /* other data needed by dotMacPostArchiveRequest() */ - CFDataRef p12 = NULL; - CSSM_DATA pfxInData = {0, NULL}; - CSSM_DATA pfxOutData = {0, NULL}; - unsigned numArchives = 0; - DotMacArchive *archives = NULL; - - /* Store op: get identity in p12 form */ - if(op == AO_Store) { - CFStringRef cfPhrase = NULL; - - /* Cert attribute - email address - contains the "@mac.com" */ - char emailAddr[500]; - strcpy(emailAddr, userName); - // nope strcat(emailAddr, "@mac.com"); - - /* find an identity for that email address */ - SecIdentityRef idRef = NULL; - OSStatus ortn = findIdentity(emailAddr, strlen(emailAddr), kcRef, &idRef); - if(ortn) { - printf("***Could not find an identity to store. Aborting.\n"); - goto errOut; - } - - /* convert that identity to p12 */ - SecKeyImportExportParameters keyParams; - memset(&keyParams, 0, sizeof(keyParams)); - keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; - if(p12Phrase) { - cfPhrase = CFStringCreateWithCString(NULL, p12Phrase, - kCFStringEncodingUTF8); - keyParams.passphrase = cfPhrase; - } - else { - keyParams.flags = kSecKeySecurePassphrase; - } - keyParams.alertTitle = CFSTR(".mac Identity Backup"); - keyParams.alertPrompt = - CFSTR("Enter passphrase for encrypting your .mac private key"); - ortn = SecKeychainItemExport(idRef, kSecFormatPKCS12, kSecItemPemArmour, - &keyParams, &p12); - if(ortn) { - cssmPerror("SecKeychainItemExport", crtn); - printf("***Error obtaining .mac identity in PKCS12 format. Aborting.\n"); - goto errOut; - } - - pfxInData.Data = (uint8 *)CFDataGetBytePtr(p12); - pfxInData.Length = CFDataGetLength(p12); - printf("...preparing to store archive of %lu bytes\n", pfxInData.Length); - - if(outFile) { - if(writeFile(outFile, pfxInData.Data, pfxInData.Length)) { - printf("***Error writing P12 to %s\n", outFile); - } - else { - printf("...wrote %lu bytes to %s\n", pfxInData.Length, outFile); - } - } - if(cfPhrase) { - CFRelease(cfPhrase); - } - } - - /* attach to the TP */ - tpHand = dotMacTpAttach(); - if(tpHand == 0) { - printf("***Error attaching to .mac TP; aborting.\n"); - ortn = -1; - goto errOut; - } - - /* go */ - crtn = dotMacPostArchiveRequest(op, tpHand, &userNameData, &passwordData, - hostName ? &hostNameData : NULL, - &archNameData, - &timeStringData, - &pfxInData, - &pfxOutData, - &numArchives, - &archives); - if(crtn) { - printf("***Error performing archive request; aborting.\n"); - goto errOut; - } - - /* post-request processing */ - - switch(op) { - case AO_List: - { - printf("=== List request complete; numArchives = %u ===\n", numArchives); - for(unsigned dex=0; dexarchiveName); - printf("\n"); - - printf(" time : "); - printString(&dmarch->timeString); - printf("\n"); - - /* now free what the TP allocated on our behalf */ - APP_FREE(dmarch->archiveName.Data); - APP_FREE(dmarch->timeString.Data); - } - APP_FREE(archives); - break; - } - - case AO_Store: - printf("=== archive \'%s\' backup complete ===\n", archName); - break; - case AO_Fetch: - { - bool didSomething = false; - if(pfxOutData.Length == 0) { - printf("***Archive fetch claimed to succeed, but no data seen\n"); - ortn = -1; - goto errOut; - } - - /* - * OK, we have a blob of PKCS12 data. Import to keychain and/or write it - * to a file. - */ - printf("=== %lu bytes of archive fetched ===\n", pfxOutData.Length); - if(outFile) { - if(writeFile(outFile, pfxOutData.Data, pfxOutData.Length)) { - printf("***Error writing P12 to %s\n", outFile); - } - else { - printf("...wrote %lu bytes to %s\n", pfxOutData.Length, outFile); - didSomething = true; - } - } - if(kcRef) { - /* Note we avoid importing to default keychain - user must really want - * to perform this step */ - CFDataRef p12Data = CFDataCreate(NULL, pfxOutData.Data, pfxOutData.Length); - SecExternalFormat extForm = kSecFormatPKCS12; - SecKeyImportExportParameters keyParams; - memset(&keyParams, 0, sizeof(keyParams)); - keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; - CFStringRef cfPhrase = NULL; - if(p12Phrase) { - cfPhrase = CFStringCreateWithCString(NULL, p12Phrase, - kCFStringEncodingUTF8); - keyParams.passphrase = cfPhrase; - } - else { - keyParams.flags = kSecKeySecurePassphrase; - } - keyParams.alertTitle = CFSTR(".mac Identity Restore"); - keyParams.alertPrompt = - CFSTR("Enter passphrase for decrypting your .mac private key"); - - /* go... */ - ortn = SecKeychainItemImport(p12Data, - NULL, // filename - passing kSecFormatPKCS12 is definitely enough - &extForm, - NULL, // itemType - import'll figure it out - 0, // SecItemImportExportFlags - &keyParams, - kcRef, - NULL); // we don't want any items returned - if(ortn) { - cssmPerror("SecKeychainItemImport", ortn); - printf("***Error importing p12 into keychain %s\n", keychainName); - } - else { - printf("...archive successfully imported into keychain %s\n", - keychainName); - didSomething = true; - } - if(cfPhrase) { - CFRelease(cfPhrase); - } - } - if(!didSomething) { - printf("...note we got an archive from the server but didn't have a " - "place to put it.\n"); - } - break; - } - case AO_Remove: - printf("=== Archive %s removed ===\n", archName); - break; - } - - if(doPause) { - fpurge(stdin); - printf("Pausing at end of test for MallocDebug attach; CR to continue: "); - getchar(); - } - -errOut: - if(kcRef) { - CFRelease(kcRef); - } - - if(tpHand) { - dotMacTpDetach(tpHand); - } - return ortn; -} - diff --git a/SecurityTests/clxutils/dotMacArchive/dotMacTpAttach.cpp b/SecurityTests/clxutils/dotMacArchive/dotMacTpAttach.cpp deleted file mode 100644 index db24f80a..00000000 --- a/SecurityTests/clxutils/dotMacArchive/dotMacTpAttach.cpp +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/* - * dotMacTpAttach.cpp - attach/detach to/from loadable .mac TP - */ - -#include "dotMacTpAttach.h" -#include - -/* SPI; the framework actually contains a static lib we link against */ -#include - -static CSSM_VERSION vers = {2, 0}; -static const CSSM_GUID dummyGuid = { 0xFADE, 0, 0, { 1,2,3,4,5,6,7,0 }}; - -static CSSM_API_MEMORY_FUNCS memFuncs = { - cuAppMalloc, - cuAppFree, - cuAppRealloc, - cuAppCalloc, - NULL -}; - -/* load & attach; returns 0 on error */ -CSSM_TP_HANDLE dotMacTpAttach() -{ - CSSM_TP_HANDLE tpHand; - CSSM_RETURN crtn; - - if(cuCssmStartup() == CSSM_FALSE) { - return 0; - } - crtn = CSSM_ModuleLoad(&gGuidAppleDotMacTP, - CSSM_KEY_HIERARCHY_NONE, - NULL, // eventHandler - NULL); // AppNotifyCallbackCtx - if(crtn) { - cuPrintError("CSSM_ModuleLoad(AppleTP)", crtn); - return 0; - } - crtn = CSSM_ModuleAttach (&gGuidAppleDotMacTP, - &vers, - &memFuncs, // memFuncs - 0, // SubserviceID - CSSM_SERVICE_TP, // SubserviceFlags - 0, // AttachFlags - CSSM_KEY_HIERARCHY_NONE, - NULL, // FunctionTable - 0, // NumFuncTable - NULL, // reserved - &tpHand); - if(crtn) { - cuPrintError("CSSM_ModuleAttach(AppleTP)", crtn); - return 0; - } - else { - return tpHand; - } -} - -/* detach & unload */ -void dotMacTpDetach(CSSM_TP_HANDLE tpHand) -{ - CSSM_RETURN crtn = CSSM_ModuleDetach(tpHand); - if(crtn) { - return; - } - CSSM_ModuleUnload(&gGuidAppleDotMacTP, NULL, NULL); -} - diff --git a/SecurityTests/clxutils/dotMacArchive/dotMacTpAttach.h b/SecurityTests/clxutils/dotMacArchive/dotMacTpAttach.h deleted file mode 100644 index 98d908cb..00000000 --- a/SecurityTests/clxutils/dotMacArchive/dotMacTpAttach.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/* - * dotMacTpAttach.h - attach/detach to/from loadable .mac TP - */ - -#ifndef _DOT_MAC_TP_ATTACH_H_ -#define _DOT_MAC_TP_ATTACH_H_ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* load & attach; returns 0 on error */ -CSSM_TP_HANDLE dotMacTpAttach(); - -/* detach & unload */ -void dotMacTpDetach(CSSM_TP_HANDLE tpHand); - -#ifdef __cplusplus -} -#endif - -#endif /* _DOT_MAC_TP_ATTACH_H_ */ - diff --git a/SecurityTests/clxutils/dotMacArchive/identSearch.cpp b/SecurityTests/clxutils/dotMacArchive/identSearch.cpp deleted file mode 100644 index a049820e..00000000 --- a/SecurityTests/clxutils/dotMacArchive/identSearch.cpp +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright (c) 2004-2005 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/* - * identSearch.cpp - search for identity whose cert has specified email address - */ - -#include "identSearch.h" -#include /* for kSecAlias */ - -/* - * Does the specified identity's cert have the specified email address? Returns - * true if so. - */ -bool idHasEmail( - SecIdentityRef idRef, - const void *emailAddress, // UTF8 encoded email address - unsigned emailAddressLen) -{ - SecCertificateRef certRef; - OSStatus ortn; - bool ourRtn = false; - - ortn = SecIdentityCopyCertificate(idRef, &certRef); - if(ortn) { - /* should never happen */ - cssmPerror("SecIdentityCopyCertificate", ortn); - return ortn; - } - - /* - * Fetch one attribute - the alias (which is always the "best attempt" at - * finding an email address within a cert). - */ - UInt32 oneTag = kSecAlias; - SecKeychainAttributeInfo attrInfo; - attrInfo.count = 1; - attrInfo.tag = &oneTag; - attrInfo.format = NULL; - SecKeychainAttributeList *attrList = NULL; - SecKeychainAttribute *attr = NULL; - - ortn = SecKeychainItemCopyAttributesAndData((SecKeychainItemRef)certRef, - &attrInfo, - NULL, // itemClass - &attrList, - NULL, // length - don't need the data - NULL); // outData - if(ortn || (attrList == NULL) || (attrList->count != 1)) { - /* I don't *think* this should ever happen... */ - cssmPerror("SecKeychainItemCopyAttributesAndData", ortn); - goto errOut; - } - attr = attrList->attr; - if(attr->length == emailAddressLen) { - if(!memcmp(attr->data, emailAddress, emailAddressLen)) { - ourRtn = true; - } - } -errOut: - SecKeychainItemFreeAttributesAndData(attrList, NULL); - CFRelease(certRef); - return ourRtn; -} - -/* public function */ -OSStatus findIdentity( - const void *emailAddress, // UTF8 encoded email address - unsigned emailAddressLen, - SecKeychainRef kcRef, // keychain to search, or NULL to search all - SecIdentityRef *idRef) // RETURNED -{ - OSStatus ortn; - - /* Search for all identities */ - SecIdentitySearchRef srchRef = nil; - ortn = SecIdentitySearchCreate(kcRef, - 0, // keyUsage - any - &srchRef); - if(ortn) { - /* should never happen */ - cssmPerror("SecIdentitySearchCreate", ortn); - return ortn; - } - - SecIdentityRef foundId = NULL; - do { - SecIdentityRef thisId; - ortn = SecIdentitySearchCopyNext(srchRef, &thisId); - if(ortn != noErr) { - break; - } - /* email addres match? */ - if(idHasEmail(thisId, emailAddress, emailAddressLen)) { - foundId = thisId; - break; - } - else { - /* we're done with thie identity */ - CFRelease(thisId); - } - } while(ortn == noErr); - CFRelease(srchRef); - if(foundId) { - *idRef = foundId; - return noErr; - } - else { - return errSecItemNotFound; - } -} - diff --git a/SecurityTests/clxutils/dotMacArchive/identSearch.h b/SecurityTests/clxutils/dotMacArchive/identSearch.h deleted file mode 100644 index 3f759e5a..00000000 --- a/SecurityTests/clxutils/dotMacArchive/identSearch.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/* - * identSearch.h - search for identity whose cert has specified email address - */ - -#ifndef _IDENT_SEARCH_H_ -#define _IDENT_SEARCH_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#include - -/* - * Find an identity whose cert has specified email address. - * Returns errSecItemNotFound if no matching identity found, noErr if - * we found one. - */ -OSStatus findIdentity( - const void *emailAddress, // UTF8 encoded email address - unsigned emailAddressLen, - SecKeychainRef kcRef, // keychain to search, or NULL to search all - SecIdentityRef *idRef); // RETURNED - -#ifdef __cplusplus -} -#endif - -#endif /* _IDENT_SEARCH_H_ */ - diff --git a/SecurityTests/clxutils/dotMacRequest/Makefile b/SecurityTests/clxutils/dotMacRequest/Makefile deleted file mode 100644 index d3a12c99..00000000 --- a/SecurityTests/clxutils/dotMacRequest/Makefile +++ /dev/null @@ -1,54 +0,0 @@ -# name of executable to build -EXECUTABLE=dotMacRequest -# C++ source (with .cpp extension) -CPSOURCE= dotMacRequest.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/clxutils/dotMacRequest/README b/SecurityTests/clxutils/dotMacRequest/README deleted file mode 100644 index 5b88e9f5..00000000 --- a/SecurityTests/clxutils/dotMacRequest/README +++ /dev/null @@ -1,23 +0,0 @@ - dotMacRequest notes - -8/21/05 - -Request with live server now working. Use a real paid account. - -To request a cert - -dotMacRequest i -u dmitch77 -k dotMacKeychain.keychain -Z <<...dot mac password here>> - -To revoke, go to www.mac.com, log in, click your account name in upper right, authenticate -again, click "Secure iChat" in lower right, revoke the cert. You have to log out and log -back in each time you do this in order to see a newly generated cert after you revoke one. - -7/25/05 - -Request and renew work as of 7/25/05. -Renew requires the same key pair as the original, so: - -- renew only works when your current cert really is still current - -- run with -p (pick key pair) to select correct key pair - -- must delete old/current cert before running since the old - and new certs have the same DB attrs. - \ No newline at end of file diff --git a/SecurityTests/clxutils/dotMacRequest/dotMacRequest.cpp b/SecurityTests/clxutils/dotMacRequest/dotMacRequest.cpp deleted file mode 100644 index e610eed4..00000000 --- a/SecurityTests/clxutils/dotMacRequest/dotMacRequest.cpp +++ /dev/null @@ -1,624 +0,0 @@ -/* - * dotMacRequest.cpp - simple illustration of using SecCertificateRequestCreate() and - * SecCertificateRequestSubmit to post a request for a .mac cert. - */ -#include -#include -#include -#include -#include -#include - -/* - * Defaults for the test setup du jour - */ -#define USER_DEFAULT "dmitch10" -#define PWD_DEFAULT "password" -#define HOST_DEFAULT "certmgmt.mac.com" - -/* - * Type of cert to request - */ -typedef enum { - CRT_Identity, /* actually, now "iChat encryption", not "identity" */ - CRT_EmailSign, - CRT_EmailEncrypt -} CertRequestType; - -static void usage(char **argv) -{ - printf("usage: %s op [options]\n", argv[0]); - printf("Op:\n"); - printf(" i -- generate iChat encryption cert\n"); - printf(" s -- generate email signing cert\n"); - printf(" e -- generate email encrypting cert\n"); - printf(" I -- search/retrieve request for iChat encryption cert\n"); - printf(" S -- search/retrieve request for signing cert\n"); - printf(" E -- search/retrieve request for encrypting cert\n"); - printf(" p -- pending request poll (via -u)\n"); - printf("Options:\n"); - printf(" -u username -- Default is %s\n", USER_DEFAULT); - printf(" -Z password -- default is %s\n", PWD_DEFAULT); - printf(" -p -- pick key pair from existing (default is generate)\n"); - printf(" -k keychain -- Source/destination of keys\n"); - printf(" -r -- Renew (default is new)\n"); - printf(" -a -- async (default is synchronous)\n"); - printf(" -H hostname -- Alternate .mac server host name (default %s)\n", - HOST_DEFAULT); - printf(" -M -- Pause for MallocDebug\n"); - printf(" -l -- loop\n"); - exit(1); -} - -/* print a string int he form of a CSSM_DATA */ -static void printString( - const CSSM_DATA *str) -{ - for(unsigned dex=0; dexLength; dex++) { - printf("%c", str->Data[dex]); - } -} - -/* basic "generate keypair" routine */ -static OSStatus genKeyPair( - SecKeychainRef kcRef, // optional, NULL means the default list - SecKeyRef *pubKey, // RETURNED - SecKeyRef *privKey) // RETURNED -{ - OSStatus ortn; - - ortn = SecKeyCreatePair(kcRef, - DOT_MAC_KEY_ALG, - DOT_MAC_KEY_SIZE, - 0, // context handle - /* public key usage and attrs */ - CSSM_KEYUSE_ANY, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_EXTRACTABLE, - /* private key usage and attrs */ - CSSM_KEYUSE_ANY, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_EXTRACTABLE | - CSSM_KEYATTR_SENSITIVE, - NULL, // initial access - pubKey, - privKey); - if(ortn) { - cssmPerror("SecKeyCreatePair", ortn); - } - return ortn; -} - -/* max number of oid/value pairs */ -#define MAX_ATTRS 5 - -/* - * search for a pending .mac cert request, get current status. - */ -static OSStatus dotMacGetPendingRequest( - /* required fields */ - const char *userName, // REQUIRED, C string - const char *password, // REQUIRED, C string - CertRequestType requestType, - - /* optional fields */ - const char *hostName, // C string - SecKeychainRef keychain) // destination of created cert (if !async) -{ - SecCertificateRequestAttribute attrs[MAX_ATTRS]; - SecCertificateRequestAttribute *attrp = attrs; - SecCertificateRequestAttributeList attrList; - - attrList.count = 0; - attrList.attr = attrs; - - /* user name */ - attrp->oid = CSSMOID_DOTMAC_CERT_REQ_VALUE_USERNAME; - attrp->value.Data = (uint8 *)userName; - attrp->value.Length = strlen(userName); - attrp++; - attrList.count++; - - /* password */ - attrp->oid = CSSMOID_DOTMAC_CERT_REQ_VALUE_PASSWORD; - attrp->value.Data = (uint8 *)password; - attrp->value.Length = strlen(password); - attrp++; - attrList.count++; - - /* options */ - - if(hostName) { - attrp->oid = CSSMOID_DOTMAC_CERT_REQ_VALUE_HOSTNAME; - attrp->value.Data = (uint8 *)hostName; - attrp->value.Length = strlen(hostName); - attrp++; - attrList.count++; - } - - /* map CertRequestType to a policy OID */ - const CSSM_OID *policy; - switch(requestType) { - case CRT_Identity: - policy = &CSSMOID_DOTMAC_CERT_REQ_IDENTITY; - break; - case CRT_EmailSign: - policy = &CSSMOID_DOTMAC_CERT_REQ_EMAIL_SIGN; - break; - case CRT_EmailEncrypt: - policy = &CSSMOID_DOTMAC_CERT_REQ_EMAIL_ENCRYPT; - break; - default: - printf("GAK! Bad cert type.\n"); - return -1; - } - OSStatus ortn; - SecCertificateRequestRef certReq = NULL; - SecCertificateRef certRef = NULL; - sint32 estTime; - - printf("...calling SecCertificateFindRequest\n"); - ortn = SecCertificateFindRequest(policy, - CSSM_CERT_X_509v3, - CSSM_TP_AUTHORITY_REQUEST_CERTISSUE, - NULL, NULL, // no keys needed - &attrList, - &certReq); - if(ortn) { - cssmPerror("SecCertificateFindRequest", ortn); - return ortn; - } - - printf("...calling SecCertificateRequestGetResult\n"); - ortn = SecCertificateRequestGetResult(certReq, keychain, &estTime, &certRef); - if(ortn) { - cssmPerror("SecCertificateRequestGetResult", ortn); - } - else { - printf("...SecCertificateRequestGetResult succeeded; estTime %d; cert %s\n", - (int)estTime, certRef ? "OBTAINED" : "NOT OBTAINED"); - } - if(certRef) { - CFRelease(certRef); - } - if(certReq) { - CFRelease(certReq); - } - return ortn; -} - -/* - * Do an "is there a pending request for this user?" poll. - * That function - via SecCertificateFindRequest() always returns an error; - * *we* only return an error if the result is something other than the - * expected two results: - * CSSMERR_APPLE_DOTMAC_REQ_IS_PENDING - * CSSMERR_APPLE_DOTMAC_NO_REQ_PENDING - */ -static OSStatus dotMacPostPendingReqPoll( - const char *userName, - const char *password, - const char *hostName) -{ - SecCertificateRequestAttribute attrs[MAX_ATTRS]; - SecCertificateRequestAttribute *attrp = attrs; - SecCertificateRequestAttributeList attrList; - uint8 oneBit = 1; - - attrList.count = 0; - attrList.attr = attrs; - - /* user name, required */ - attrp->oid = CSSMOID_DOTMAC_CERT_REQ_VALUE_USERNAME; - attrp->value.Data = (uint8 *)userName; - attrp->value.Length = strlen(userName); - attrp++; - attrList.count++; - - /* password, required */ - attrp->oid = CSSMOID_DOTMAC_CERT_REQ_VALUE_PASSWORD; - attrp->value.Data = (uint8 *)password; - attrp->value.Length = strlen(password); - attrp++; - attrList.count++; - - /* the "poll the server" indicator */ - attrp->oid = CSSMOID_DOTMAC_CERT_REQ_VALUE_IS_PENDING; - /* true ::= any nonzero data */ - attrp->value.Data = &oneBit; - attrp->value.Length = 1; - attrp++; - attrList.count++; - - /* options */ - - if(hostName) { - attrp->oid = CSSMOID_DOTMAC_CERT_REQ_VALUE_HOSTNAME; - attrp->value.Data = (uint8 *)hostName; - attrp->value.Length = strlen(hostName); - attrp++; - attrList.count++; - } - - /* policy, not technically needed; use this one by convention */ - const CSSM_OID *policy = &CSSMOID_DOTMAC_CERT_REQ_IDENTITY; - - OSStatus ortn; - SecCertificateRequestRef certReq = NULL; - - printf("...calling SecCertificateFindRequest\n"); - ortn = SecCertificateFindRequest(policy, - CSSM_CERT_X_509v3, - CSSM_TP_AUTHORITY_REQUEST_CERTISSUE, - NULL, NULL, // no keys needed - &attrList, - &certReq); - - switch(ortn) { - case CSSMERR_APPLE_DOTMAC_REQ_IS_PENDING: - printf("...result: REQ_IS_PENDING\n"); - ortn = noErr; - break; - case CSSMERR_APPLE_DOTMAC_NO_REQ_PENDING: - printf("...result: NO_REQ_PENDING\n"); - ortn = noErr; - break; - case noErr: - /* should never happen */ - printf("...UNEXPECTED SUCCESS on SecCertificateFindRequest\n"); - ortn = internalComponentErr; - if(certReq != NULL) { - /* Somehow, it got created */ - CFRelease(certReq); - } - break; - default: - cssmPerror("SecCertificateFindRequest", ortn); - break; - } - return ortn; -} - -/* - * Post a .mac cert request, with a small number of options. - */ -static OSStatus dotMacPostCertRequest( - /* required fields */ - const char *userName, // REQUIRED, C string - const char *password, // REQUIRED, C string - SecKeyRef privKey, // REQUIRED - SecKeyRef pubKey, - CertRequestType requestType, - bool renew, // false: new cert - // true : renew existing - bool async, // false: wait for result - // true : just post request and return - /* optional fields */ - const char *hostName, // C string - SecKeychainRef keychain) // destination of created cert (if !async) -{ - - /* the main job here is bundling up the arguments in an array of OID/value pairs */ - SecCertificateRequestAttribute attrs[MAX_ATTRS]; - SecCertificateRequestAttribute *attrp = attrs; - SecCertificateRequestAttributeList attrList; - uint8 oneBit = 1; - - attrList.count = 0; - attrList.attr = attrs; - - /* user name */ - attrp->oid = CSSMOID_DOTMAC_CERT_REQ_VALUE_USERNAME; - attrp->value.Data = (uint8 *)userName; - attrp->value.Length = strlen(userName); - attrp++; - attrList.count++; - - /* password */ - attrp->oid = CSSMOID_DOTMAC_CERT_REQ_VALUE_PASSWORD; - attrp->value.Data = (uint8 *)password; - attrp->value.Length = strlen(password); - attrp++; - attrList.count++; - - /* options */ - - if(hostName) { - attrp->oid = CSSMOID_DOTMAC_CERT_REQ_VALUE_HOSTNAME; - attrp->value.Data = (uint8 *)hostName; - attrp->value.Length = strlen(hostName); - attrp++; - attrList.count++; - } - - if(renew) { - attrp->oid = CSSMOID_DOTMAC_CERT_REQ_VALUE_RENEW; - /* true ::= any nonzero data */ - attrp->value.Data = &oneBit; - attrp->value.Length = 1; - attrp++; - attrList.count++; - } - - if(async) { - attrp->oid = CSSMOID_DOTMAC_CERT_REQ_VALUE_ASYNC; - /* true ::= any nonzero data */ - attrp->value.Data = &oneBit; - attrp->value.Length = 1; - attrp++; - attrList.count++; - } - - /* map CertRequestType to a policy OID */ - const CSSM_OID *policy; - switch(requestType) { - case CRT_Identity: - policy = &CSSMOID_DOTMAC_CERT_REQ_IDENTITY; - break; - case CRT_EmailSign: - policy = &CSSMOID_DOTMAC_CERT_REQ_EMAIL_SIGN; - break; - case CRT_EmailEncrypt: - policy = &CSSMOID_DOTMAC_CERT_REQ_EMAIL_ENCRYPT; - break; - default: - printf("GAK! Bad cert type.\n"); - return -1; - } - OSStatus ortn; - SecCertificateRequestRef certReq = NULL; - - ortn = SecCertificateRequestCreate(policy, - CSSM_CERT_X_509v3, - CSSM_TP_AUTHORITY_REQUEST_CERTISSUE, - privKey, - pubKey, - &attrList, - &certReq); - if(ortn) { - cssmPerror("SecCertificateRequestCreate", ortn); - return ortn; - } - - printf("...submitting request to .mac server\n"); - sint32 estTime = 0; - ortn = SecCertificateRequestSubmit(certReq, &estTime); - switch(ortn) { - case CSSMERR_APPLE_DOTMAC_REQ_REDIRECT: - { - /* - * A special case; the server is redirecting the calling app to - * a URL which we fetch and report like so: - */ - CSSM_DATA url = {0, NULL}; - ortn = SecCertificateRequestGetData(certReq, &url); - if(ortn) { - cssmPerror("SecCertificateRequestGetData", ortn); - printf("***APPLE_DOTMAC_REQ_REDIRECT obtained but no URL availalble.\n"); - } - else { - printf("***APPLE_DOTMAC_REQ_REDIRECT obtained; redirect URL is: "); - printString(&url); - printf("\n"); - } - break; - } - - case CSSM_OK: - printf("...cert request submitted; estimatedTime %d.\n", (int)estTime); - break; - default: - cssmPerror("SecCertificateRequestSubmit", ortn); - break; - } - if(ortn || async) { - /* we're done */ - CFRelease(certReq); - return ortn; - } - - /* - * Running synchronously, and the submit succeeded. Try to get a result. - * In the real world this would be polled, every so often.... - */ - SecCertificateRef certRef = NULL; - printf("...attempting to get result of cert request...\n"); - ortn = SecCertificateRequestGetResult(certReq, keychain, &estTime, &certRef); - if(ortn) { - cssmPerror("SecCertificateRequestGetResult", ortn); - } - else { - printf("...SecCertificateRequestGetResult succeeded; estTime %d; cert %s\n", - (int)estTime, certRef ? "OBTAINED" : "NOT OBTAINED"); - } - if(certRef) { - CFRelease(certRef); - CFRelease(certReq); - } - return ortn; -} - -#define ALWAYS_DO_SUBMIT 0 - - -int main(int argc, char **argv) -{ - SecKeyRef pubKeyRef = NULL; - SecKeyRef privKeyRef = NULL; - SecKeychainRef kcRef = NULL; - OSStatus ortn; - - /* user-spec'd variables */ - bool genKeys = true; /* true: generate; false: pick 'em */ - char *keychainName = NULL; - char *userName = USER_DEFAULT; - char *password = PWD_DEFAULT; - char *hostName = NULL; /* leave as the default! = HOST_DEFAULT; */ - /* - * WARNING: doing a renew operation requires that you delete your *current* - * .mac cert from the destination keychain. The DB attrs of the old and new certs - * are the same! - */ - bool doRenew = false; - CertRequestType reqType = CRT_Identity; - bool doPause = false; - bool async = false; - bool doSearch = false; /* false: post cert request - * true : search for existing request, get - * status for it */ - bool loop = false; - bool doPendingReqPoll = false; - - if(argc < 2) { - usage(argv); - } - switch(argv[1][0]) { - case 'i': - reqType = CRT_Identity; - break; - case 's': - reqType = CRT_EmailSign; - break; - case 'e': - reqType = CRT_EmailEncrypt; - break; - case 'I': - doSearch = true; - reqType = CRT_Identity; - break; - case 'S': - doSearch = true; - reqType = CRT_EmailSign; - break; - case 'E': - doSearch = true; - reqType = CRT_EmailEncrypt; - break; - case 'p': - doPendingReqPoll = true; - break; - default: - usage(argv); - } - - extern char *optarg; - extern int optind; - optind = 2; - int arg; - while ((arg = getopt(argc, argv, "u:Z:pk:rMH:al")) != -1) { - switch (arg) { - case 'u': - userName = optarg; - break; - case 'Z': - password = optarg; - break; - case 'p': - genKeys = false; - break; - case 'k': - keychainName = optarg; - break; - case 'r': - doRenew = true; - break; - case 'M': - doPause = true; - break; - case 'H': - hostName = optarg; - break; - case 'a': - async = true; - break; - case 'l': - loop = true; - break; - case 'h': - default: - usage(argv); - } - } - if(optind != argc) { - usage(argv); - } - - if(doPause) { - fpurge(stdin); - printf("Pausing for MallocDebug attach; CR to continue: "); - getchar(); - } - - if(keychainName != NULL) { - /* pick a keychain (optional) */ - ortn = SecKeychainOpen(keychainName, &kcRef); - if(ortn) { - cssmPerror("SecKeychainOpen", ortn); - exit(1); - } - - /* make sure it's there since a successful SecKeychainOpen proves nothing */ - SecKeychainStatus kcStat; - ortn = SecKeychainGetStatus(kcRef, &kcStat); - if(ortn) { - cssmPerror("SecKeychainGetStatus", ortn); - exit(1); - } - } - - if((!doSearch || ALWAYS_DO_SUBMIT) && !doPendingReqPoll) { - /* get a key pair, somehow */ - if(genKeys) { - ortn = genKeyPair(kcRef, &pubKeyRef, &privKeyRef); - } - else { - ortn = keyPicker(kcRef, &pubKeyRef, &privKeyRef); - } - if(ortn) { - printf("Can't proceed without a keypair. Aborting.\n"); - exit(1); - } - } - - /* go */ - do { - if(doSearch) { - #if ALWAYS_DO_SUBMIT - /* debug only */ - dotMacPostCertRequest(userName, password, privKeyRef, pubKeyRef, - reqType, doRenew, async, hostName, kcRef); - #endif - - /* end */ - ortn = dotMacGetPendingRequest(userName, password, reqType, hostName, kcRef); - } - else if(doPendingReqPoll) { - ortn = dotMacPostPendingReqPoll(userName, password, hostName); - } - else { - ortn = dotMacPostCertRequest(userName, password, privKeyRef, pubKeyRef, - reqType, doRenew, async, hostName, kcRef); - } - if(doPause) { - fpurge(stdin); - printf("Pausing for MallocDebug attach; CR to continue: "); - getchar(); - } - } while(loop); - if(privKeyRef) { - CFRelease(privKeyRef); - } - if(pubKeyRef) { - CFRelease(pubKeyRef); - } - if(kcRef) { - CFRelease(kcRef); - } - - if(doPause) { - fpurge(stdin); - printf("Pausing at end of test for MallocDebug attach; CR to continue: "); - getchar(); - } - - return ortn; -} - diff --git a/SecurityTests/clxutils/dotMacTool/MDS b/SecurityTests/clxutils/dotMacTool/MDS deleted file mode 100644 index 6fc69f9f..00000000 --- a/SecurityTests/clxutils/dotMacTool/MDS +++ /dev/null @@ -1,6 +0,0 @@ -{87191ca1-0fc9-11d4-849a000502b52122} d *AppleDL -{87191ca2-0fc9-11d4-849a000502b52122} cm *AppleCSP -{87191ca3-0fc9-11d4-849a000502b52122} cdm *AppleCSPDL -{87191ca4-0fc9-11d4-849a000502b52122} Cm *AppleX509CL -{87191ca5-0fc9-11d4-849a000502b52122} tm *AppleX509TP -{87191ca7-0fc9-11d4-849a000502b52122} tm /Volumes/Data_and_Apps/build/build/security_apple_dotmac_tp.bundle diff --git a/SecurityTests/clxutils/dotMacTool/Makefile b/SecurityTests/clxutils/dotMacTool/Makefile deleted file mode 100644 index aef0a64e..00000000 --- a/SecurityTests/clxutils/dotMacTool/Makefile +++ /dev/null @@ -1,59 +0,0 @@ -EXECUTABLE=dotMacTool -# C++ source (with .cpp extension) -CPSOURCE= dotMacTool.cpp keyPicker.cpp -# C source (.c extension) -CSOURCE= -OFILES = $(CSOURCE:%.c=%.o) $(CPSOURCE:%.cpp=%.o) - -LOCAL_BUILD= $(shell echo $(LOCAL_BUILD_DIR)) - -CC=c++ -VARIANT_SUFFIX= - -FRAMEWORKS=-framework Security$(VARIANT_SUFFIX) -framework CoreFoundation -FRAME_SEARCH= -F$(LOCAL_BUILD) -F/usr/local/SecurityPieces/Frameworks -FINCLUDES= -PINCLUDES= -CINCLUDES= $(FINCLUDES) $(PINCLUDES) -###WFLAGS= -Wno-four-char-constants -Wall -Werror -WFLAGS= -Wno-four-char-constants -Wall -Wno-deprecated-declarations -DEBUG_CFLAGS?= -CMDLINE_LDFLAGS?= -CFLAGS= -g $(CINCLUDES) $(WFLAGS) $(FRAME_SEARCH) $(DEBUG_CFLAGS) - -# -# This assumes final load with cc, not ld -# -LIBS= -lstdc++ -LIBPATH= -L$(LOCAL_BUILD) -LDFLAGS= $(LIBS) $(LIBPATH) $(FRAME_SEARCH) $(CMDLINE_LDFLAGS) -lsecurity_cdsa_utils -lsecurity_utilities - -# -# Executable in build folder -# -BUILT_TARGET= $(LOCAL_BUILD)/$(EXECUTABLE) - -first: $(BUILT_TARGET) - -install: - -debug: - make "VARIANT_SUFFIX=,_debug" - -64bit: - make "DEBUG_CFLAGS=-arch ppc64" "CMDLINE_LDFLAGS=-arch ppc64" - -64bitFat: - make "DEBUG_CFLAGS=-arch ppc -arch ppc64" "CMDLINE_LDFLAGS=-arch ppc -arch ppc64" - -$(BUILT_TARGET): $(OFILES) - $(CC) -o $(BUILT_TARGET) $(OFILES) $(FRAMEWORKS) $(LDFLAGS) - -clean: - rm -f *.o $(EXECUTABLE) - -%.o: %.c - $(CC) $(CFLAGS) -c -o $*.o $< - -%.o: %.cpp - $(CC) $(CFLAGS) -c -o $*.o $< diff --git a/SecurityTests/clxutils/dotMacTool/README b/SecurityTests/clxutils/dotMacTool/README deleted file mode 100644 index 6790e2e0..00000000 --- a/SecurityTests/clxutils/dotMacTool/README +++ /dev/null @@ -1,107 +0,0 @@ -dotMacTool notes May 4 2004 - --- for now you need this in /etc/hosts: - -# for INT2 -17.207.20.182 int-cert certmgmt.mac.com certinfo.mac.com - -# or, for INT1 -17.207.43.109 qa-cert certmgmt.mac.com certinfo.mac.com - --- A good way to run tcpdump to show HTTP traffic on port 2150: - - tcpdump -i en0 -s 0 -A -q tcp port 2150 - --- renew cert for existing account doug1 with password 123456: - -tower.local:dotMacTool> dotMacTool g -g -u doug1 -Z 123456 -k foobar -r -o /tmp/c2.pem -<<>> -...cert acquisition complete -...2496 bytes of Cert written to /tmp/c2.pem - -============================================== - --- demo queued response and retrieval - -- set FORCE_SUCCESS_QUEUED to 1 in dotMacTpRpcGlue.cpp, this turns a full - success RPC into a successQueued RPC - -tower.local:dotMacTool> dotMacTool g -g -u doug1 -Z 123456 -k foobar -r -o /tmp/refid.pem -<<>> -...Forcing REQ_QUEUED status -...cert acquisition complete -...105 bytes of Cert written to /tmp/refid.pem - -...then lookup.... - -tower.local:dotMacTool> dotMacTool l -f /tmp/refid.pem -o /tmp/cert.pem -<<>> -...cert retrieval complete -...10010 bytes of cert data written to /tmp/cert.pem - -============================================== - -TO DO ------ - --- DOT_MAC_LOOKUP_ID_PATH* consts in dotMacTp.h will change to allow loopkup of one - specific cert --- DOT_MAC_SIGN_HOST_NAME and DOT_MAC_LOOKUP_HOST will change to avoid the port 2150 - -.......... - -Aug 10 testing - --- use INT1 environment - -Ê # in /etc/hosts: - 17.207.20.58 int1-idiskng certmgmt.mac.com certinfo.mac.com - - -- lookup via http://certinfo.mac.com:2150/lookup - -- request via certmgmt.mac.com - --- provision http://17.207.20.58:2150/_provision/Public/account - -- account dmitch4 pwd password - -- signed up for IDEN - - # note no more @mac.com for user name - % dotMacTool g -g -u dmitch4 -Z password -k foobar -o /tmp/refid -H certmgmt.mac.com:2150 -...Forcing REQ_QUEUED status -...Cert request QUEUED -...77 bytes of RefId written to /tmp/refid - - # note we can't specify alternate host for lookup, have to use !NDEBUG config of .mac TP - % dotMacTool l -f /tmp/refid -k foobar - - -- account dmitch5 pwd password - -- signed up for EMAIL SIGN - - % dotMacRequest s -u dmitch5 -Z password -k foobar -H certmgmt.mac.com:2150 -a - -- request had method sign.email - -- response had FailedNotSupportedForAccount - - # try again with ID cert, it works - % dotMacRequest i -u dmitch5 -Z password -k foobar -H certmgmt.mac.com:2150 -a - - # get result, nothing in prefs - yep, OK, we ran async - - - -- dmitch6 password, async, OK - -- dmitch7, password - ... - dmitch10 pwd password - - % dotMacRequest i -u dmitch10 -Z password -k foobar -H certmgmt.mac.com:2150 - ...works! - - dmitch11 password - -1/10/05 - -name dmitch_int2 pwd "password" - -% dotMacTool g -g -u dmitch_int2 -Z password -k newDotMac.keychain -o /tmp/refid -...worked - -name dmitch_new pwd password, got a cert -name dmitch_new2 pwd password - diff --git a/SecurityTests/clxutils/dotMacTool/dotMacTool.cpp b/SecurityTests/clxutils/dotMacTool/dotMacTool.cpp deleted file mode 100644 index 4596b389..00000000 --- a/SecurityTests/clxutils/dotMacTool/dotMacTool.cpp +++ /dev/null @@ -1,728 +0,0 @@ -/* - * dotMacTool.cpp - .mac TP exerciser - */ - -#include -#include -#include -#include -#include -#include -#include -#include -//#include -#include -#include - -#include "keyPicker.h" -#include - -#define USER_DEFAULT "dmitchtest@mac.com" -#define PWD_DEF "123456" - -static void usage(char **argv) -{ - printf("usage: %s op [options]\n", argv[0]); - printf("Op:\n"); - printf(" g generate identity cert\n"); - printf(" G generate email signing cert\n"); - printf(" e generate email encrypting cert\n"); - printf(" l lookup cert (requires -f)\n"); - printf(" L lookup identity cert (via -u)\n"); - printf(" M lookup email signing cert (via -u)\n"); - printf(" N lookup encrypting cert (via -u)\n"); - printf("Options:\n"); - printf(" -g Generate keypair\n"); - printf(" -p pick key pair from existing\n"); - printf(" -u username Default = %s\n", USER_DEFAULT); - printf(" -Z password Specify password immediately\n"); - printf(" -z Use default password %s\n", PWD_DEF); - printf(" -k keychain Source/destination of keys and certs\n"); - printf(" -c filename Write CSR to filename\n"); - printf(" -C filename Use existing CSR (no keygen)\n"); - printf(" -f refIdFile RefId file for cert lookup\n"); - printf(" -n Do NOT post the CSR to the .mac server\n"); - printf(" -H hostname Alternate .mac server host name (default %s)\n", - DOT_MAC_SIGN_HOST_NAME); - printf(" -o outFile Write output cert or refId (if any) to outFile\n"); - printf(" -r Renew (default is new)\n"); - printf(" -M Pause for MallocDebug\n"); - printf(" -q Quiet\n"); - printf(" -v Verbose\n"); - printf(" -h Usage\n"); - exit(1); -} - -static CSSM_VERSION vers = {2, 0}; - -static CSSM_API_MEMORY_FUNCS memFuncs = { - cuAppMalloc, - cuAppFree, - cuAppRealloc, - cuAppCalloc, - NULL - }; - -static CSSM_TP_HANDLE dotMacStartup() -{ - CSSM_TP_HANDLE tpHand; - CSSM_RETURN crtn; - - if(cuCssmStartup() == CSSM_FALSE) { - return 0; - } - crtn = CSSM_ModuleLoad(&gGuidAppleDotMacTP, - CSSM_KEY_HIERARCHY_NONE, - NULL, // eventHandler - NULL); // AppNotifyCallbackCtx - if(crtn) { - cuPrintError("CSSM_ModuleLoad(DotMacTP)", crtn); - return 0; - } - crtn = CSSM_ModuleAttach (&gGuidAppleDotMacTP, - &vers, - &memFuncs, // memFuncs - 0, // SubserviceID - CSSM_SERVICE_TP, // SubserviceFlags - 0, // AttachFlags - CSSM_KEY_HIERARCHY_NONE, - NULL, // FunctionTable - 0, // NumFuncTable - NULL, // reserved - &tpHand); - if(crtn) { - cuPrintError("CSSM_ModuleAttach(DotMacTP)", crtn); - return 0; - } - else { - return tpHand; - } -} - -/* print text, safely */ -static void snDumpText( - const unsigned char *rcvBuf, - unsigned len) -{ - char *cp = (char *)rcvBuf; - unsigned i; - char c; - - for(i=0; i", ((unsigned)c) & 0xff); - } - break; - } - - } -} - -static OSStatus genKeyPair( - SecKeychainRef kcRef, // NULL means the default list - SecKeyRef *pubKey, // RETURNED - SecKeyRef *privKey) // RETURNED -{ - OSStatus ortn; - - ortn = SecKeyCreatePair(kcRef, - DOT_MAC_KEY_ALG, - DOT_MAC_KEY_SIZE, - 0, // context handle - /* public key usage and attrs */ - CSSM_KEYUSE_ANY, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_EXTRACTABLE, - /* private key usage and attrs */ - CSSM_KEYUSE_ANY, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_EXTRACTABLE | - CSSM_KEYATTR_SENSITIVE, - NULL, // initial access - pubKey, - privKey); - if(ortn) { - cssmPerror("SecKeyCreatePair", ortn); - } - return ortn; -} - -/* Lookup via ReferenceID, obtained from CSSM_TP_SubmitCredRequest() */ -OSStatus doLookupViaRefId( - CSSM_TP_HANDLE tpHand, - unsigned char *refId, - unsigned refIdLen, - char *outFile, - bool verbose) -{ - CSSM_DATA refIdData = { refIdLen, refId }; - sint32 EstimatedTime; - CSSM_BOOL ConfirmationRequired; - CSSM_TP_RESULT_SET_PTR resultSet = NULL; - CSSM_RETURN crtn; - - crtn = CSSM_TP_RetrieveCredResult(tpHand, &refIdData, NULL, - &EstimatedTime, &ConfirmationRequired, &resultSet); - if(crtn) { - cssmPerror("CSSM_TP_RetrieveCredResult", crtn); - return crtn; - } - if(resultSet == NULL) { - printf("***CSSM_TP_RetrieveCredResult OK, but no result set\n"); - return -1; - } - if(resultSet->NumberOfResults != 1) { - printf("***CSSM_TP_RetrieveCredResult OK, NumberOfResults (%u)\n", - (unsigned)resultSet->NumberOfResults); - return -1; - } - if(resultSet->Results == NULL) { - printf("***CSSM_TP_RetrieveCredResult OK, but empty result set\n"); - return -1; - } - CSSM_DATA_PTR certData = (CSSM_DATA_PTR)resultSet->Results; - - printf("...cert retrieval complete\n"); - if(outFile) { - if(!writeFile(outFile, certData->Data, certData->Length)) { - printf("...%lu bytes of cert data written to %s\n", - certData->Length, outFile); - } - else { - printf("***Error writing cert to %s\n", outFile); - crtn = ioErr; - } - } - else if(verbose) { - unsigned char *der; - unsigned derLen; - if(pemDecode(certData->Data, certData->Length, &der, &derLen)) { - printf("***Error PEM decoding returned cert\n"); - } - else { - printCert(der, derLen, CSSM_FALSE); - free(der); - } - } - return noErr; -} - -/* -* Lookup via user name, a greatly simplified form of CSSM_TP_SubmitCredRequest() -*/ -OSStatus doLookupViaUserName( - CSSM_TP_HANDLE tpHand, - const CSSM_OID *opOid, - const char *userName, - const char *hostName, // optional - char *outFile, - bool verbose) -{ - CSSM_APPLE_DOTMAC_TP_CERT_REQUEST certReq; - CSSM_TP_AUTHORITY_ID tpAuthority; - CSSM_TP_AUTHORITY_ID *tpAuthPtr = NULL; - CSSM_NET_ADDRESS tpNetAddrs; - CSSM_TP_REQUEST_SET reqSet; - CSSM_FIELD policyField; - CSSM_DATA certData = {0, NULL}; - sint32 estTime; - CSSM_TP_CALLERAUTH_CONTEXT callerAuth; - - memset(&certReq, 0, sizeof(certReq)); - certReq.userName.Data = (uint8 *)userName; - certReq.userName.Length = strlen(userName); - if(hostName != NULL) { - tpAuthority.AuthorityCert = NULL; - tpAuthority.AuthorityLocation = &tpNetAddrs; - tpNetAddrs.AddressType = CSSM_ADDR_NAME; - tpNetAddrs.Address.Data = (uint8 *)hostName; - tpNetAddrs.Address.Length = strlen(hostName); - tpAuthPtr = &tpAuthority; - }; - - certReq.version = CSSM_DOT_MAC_TP_REQ_VERSION; - reqSet.NumberOfRequests = 1; - reqSet.Requests = &certReq; - policyField.FieldOid = *opOid; - policyField.FieldValue.Data = NULL; - policyField.FieldValue.Length = 0; - memset(&callerAuth, 0, sizeof(callerAuth)); - callerAuth.Policy.NumberOfPolicyIds = 1; - callerAuth.Policy.PolicyIds = &policyField; - - CSSM_RETURN crtn = CSSM_TP_SubmitCredRequest (tpHand, - tpAuthPtr, - CSSM_TP_AUTHORITY_REQUEST_CERTLOOKUP, - &reqSet, // const CSSM_TP_REQUEST_SET *RequestInput, - &callerAuth, - &estTime, // sint32 *EstimatedTime, - &certData); // CSSM_DATA_PTR ReferenceIdentifier - - if(crtn) { - cssmPerror("CSSM_TP_SubmitCredRequest(lookup)", crtn); - return crtn; - } - - printf("...cert lookup complete\n"); - if(outFile) { - if(!writeFile(outFile, certData.Data, certData.Length)) { - printf("...%lu bytes of cert data written to %s\n", - certData.Length, outFile); - } - else { - printf("***Error writing cert to %s\n", outFile); - crtn = ioErr; - } - } - if(verbose) { - /* This one returns the cert in DER format, we might revisit that */ - printCert(certData.Data, certData.Length, CSSM_FALSE); - } - return crtn; -} - -#define FULL_EMAIL_ADDRESS 1 - -int main(int argc, char **argv) -{ - CSSM_RETURN crtn; - CSSM_TP_AUTHORITY_ID tpAuthority; - CSSM_TP_AUTHORITY_ID *tpAuthPtr = NULL; - CSSM_NET_ADDRESS tpNetAddrs; - CSSM_APPLE_DOTMAC_TP_CERT_REQUEST certReq; - CSSM_TP_REQUEST_SET reqSet; - CSSM_CSP_HANDLE cspHand = 0; - CSSM_X509_TYPE_VALUE_PAIR tvp; - char pwdBuf[1000]; - CSSM_TP_CALLERAUTH_CONTEXT callerAuth; - sint32 estTime; - CSSM_DATA refId = {0, NULL}; - OSStatus ortn; - SecKeyRef pubKeyRef = NULL; - SecKeyRef privKeyRef = NULL; - const CSSM_KEY *privKey = NULL; - const CSSM_KEY *pubKey = NULL; - SecKeychainRef kcRef = NULL; - CSSM_FIELD policyField; - - /* user-spec'd variables */ - bool genKeys = false; - bool pickKeys = false; - char *keychainName = NULL; - char *csrOutName = NULL; - char *csrInName = NULL; - const char *userName = USER_DEFAULT; - char *password = NULL; - char *hostName = NULL; - bool doNotPost = false; - bool doRenew = false; - const CSSM_OID *opOid = NULL; - char *outFile = NULL; - bool quiet = false; - bool verbose = false; - bool lookupViaRefId = false; - bool lookupViaUserName = false; - char *refIdFile = NULL; - bool doPause = false; - - if(argc < 2) { - usage(argv); - } - switch(argv[1][0]) { - case 'L': - lookupViaUserName = true; - /* drop thru */ - case 'g': - opOid = &CSSMOID_DOTMAC_CERT_REQ_IDENTITY; - break; - - case 'M': - lookupViaUserName = true; - /* drop thru */ - case 'G': - opOid = &CSSMOID_DOTMAC_CERT_REQ_EMAIL_SIGN; - break; - - case 'N': - lookupViaUserName = true; - /* drop thru */ - case 'e': - opOid = &CSSMOID_DOTMAC_CERT_REQ_EMAIL_ENCRYPT; - break; - - case 'l': - lookupViaRefId = true; - break; - default: - usage(argv); - } - - extern char *optarg; - extern int optind; - optind = 2; - int arg; - while ((arg = getopt(argc, argv, "gpk:c:u:Z:H:nzrC:o:hf:Mqv")) != -1) { - switch (arg) { - case 'g': - genKeys = true; - break; - case 'p': - pickKeys = true; - break; - case 'u': - userName = optarg; - break; - case 'Z': - password = optarg; - break; - case 'z': - password = (char *)PWD_DEF; - break; - case 'k': - keychainName = optarg; - break; - case 'c': - csrOutName = optarg; - break; - case 'C': - csrInName = optarg; - break; - case 'H': - hostName = optarg; - break; - case 'n': - doNotPost = true; - break; - case 'r': - doRenew = true; - break; - case 'o': - outFile = optarg; - break; - case 'f': - refIdFile = optarg; - break; - case 'M': - doPause = true; - break; - case 'v': - verbose = true; - break; - case 'q': - quiet = true; - break; - case 'h': - usage(argv); - } - } - - if(doPause) { - fpurge(stdin); - printf("Pausing for MallocDebug attach; CR to continue: "); - getchar(); - } - - CSSM_TP_HANDLE tpHand = dotMacStartup(); - if(tpHand == 0) { - printf("Error attaching to the .mac TP. Check your MDS file.\n"); - exit(1); - } - - if(lookupViaRefId) { - if(refIdFile == NULL) { - printf("I need a refIdFile to do a lookup.\n"); - usage(argv); - } - unsigned char *refId; - unsigned refIdLen; - int irtn = readFile(refIdFile, &refId, &refIdLen); - if(irtn) { - printf("***Error reading refId from %s. Aborting.\n", refIdFile); - exit(1); - } - ortn = doLookupViaRefId(tpHand, refId, refIdLen, outFile, verbose); - free(refId); - goto done; - } - if(lookupViaUserName) { - ortn = doLookupViaUserName(tpHand, opOid, userName, hostName, outFile, verbose); - goto done; - } - if(!pickKeys && !genKeys && (csrInName == NULL)) { - printf("***You must specify either the -p (pick keys) or -g (generate keys)" - " arguments, or provide a CSR (-C).\n"); - exit(1); - } - - memset(&certReq, 0, sizeof(certReq)); - - /* all of the subsequest argument are superfluous for lookupViaUserName, except for - * the user name itself, which has a default */ - if(keychainName != NULL) { - /* pick a keychain (optional) */ - ortn = SecKeychainOpen(keychainName, &kcRef); - if(ortn) { - cssmPerror("SecKeychainOpen", ortn); - exit(1); - } - - /* make sure it's there since a successful SecKeychainOpen proves nothing */ - SecKeychainStatus kcStat; - ortn = SecKeychainGetStatus(kcRef, &kcStat); - if(ortn) { - cssmPerror("SecKeychainGetStatus", ortn); - goto done; - } - } - - if(password == NULL) { - const char *pwdp = getpass("Enter .mac password: "); - if(pwdp == NULL) { - printf("Aboerting.\n"); - ortn = paramErr; - goto done; - } - memmove(pwdBuf, pwdp, strlen(pwdp) + 1); - password = pwdBuf; - } - certReq.password.Data = (uint8 *)password; - certReq.password.Length = strlen(password); - certReq.userName.Data = (uint8 *)userName; - certReq.userName.Length = strlen(userName); - - if(csrInName) { - unsigned len; - if(readFile(csrInName, &certReq.csr.Data, &len)) { - printf("***Error reading CSR from %s. Aborting.\n", csrInName); - exit(1); - } - certReq.csr.Length = len; - certReq.flags |= CSSM_DOTMAC_TP_EXIST_CSR; - } - else { - /* - * All the stuff the TP needs to actually generate a CSR. - * - * Get a key pair, somehow. - */ - if(genKeys) { - ortn = genKeyPair(kcRef, &pubKeyRef, &privKeyRef); - } - else { - ortn = keyPicker(kcRef, &pubKeyRef, &privKeyRef); - } - if(ortn) { - printf("Can't proceed without a keypair. Aborting.\n"); - exit(1); - } - ortn = SecKeyGetCSSMKey(pubKeyRef, &pubKey); - if(ortn) { - cssmPerror("SecKeyGetCSSMKey", ortn); - goto done; - } - ortn = SecKeyGetCSSMKey(privKeyRef, &privKey); - if(ortn) { - cssmPerror("SecKeyGetCSSMKey", ortn); - goto done; - } - ortn = SecKeyGetCSPHandle(privKeyRef, &cspHand); - if(ortn) { - cssmPerror("SecKeyGetCSPHandle", ortn); - goto done; - } - - /* CSSM_X509_TYPE_VALUE_PAIR - one pair for now */ - // tvp.type = CSSMOID_EmailAddress; - tvp.type = CSSMOID_CommonName; - tvp.valueType = BER_TAG_PRINTABLE_STRING; - #if FULL_EMAIL_ADDRESS - { - unsigned nameLen = strlen(userName); - tvp.value.Data = (uint8 *)malloc(nameLen + strlen("@mac.com") + 1); - strcpy((char *)tvp.value.Data, userName); - strcpy((char *)tvp.value.Data + nameLen, "@mac.com"); - tvp.value.Length = strlen((char *)tvp.value.Data); - } - #else - tvp.value.Data = (uint8 *)userName; - tvp.value.Length = strlen(userName); - #endif - } - /* set up args for CSSM_TP_SubmitCredRequest */ - if(hostName != NULL) { - tpAuthority.AuthorityCert = NULL; - tpAuthority.AuthorityLocation = &tpNetAddrs; - tpNetAddrs.AddressType = CSSM_ADDR_NAME; - tpNetAddrs.Address.Data = (uint8 *)hostName; - tpNetAddrs.Address.Length = strlen(hostName); - tpAuthPtr = &tpAuthority; - }; - - certReq.version = CSSM_DOT_MAC_TP_REQ_VERSION; - if(!csrInName) { - certReq.cspHand = cspHand; - certReq.clHand = cuClStartup(); - certReq.numTypeValuePairs = 1; - certReq.typeValuePairs = &tvp; - certReq.publicKey = (CSSM_KEY_PTR)pubKey; - certReq.privateKey = (CSSM_KEY_PTR)privKey; - } - if(doNotPost) { - certReq.flags |= CSSM_DOTMAC_TP_DO_NOT_POST; - } - if(csrOutName != NULL) { - certReq.flags |= CSSM_DOTMAC_TP_RETURN_CSR; - } - if(doRenew) { - certReq.flags |= CSSM_DOTMAC_TP_SIGN_RENEW; - } - - reqSet.NumberOfRequests = 1; - reqSet.Requests = &certReq; - - policyField.FieldOid = *opOid; - policyField.FieldValue.Data = NULL; - policyField.FieldValue.Length = 0; - memset(&callerAuth, 0, sizeof(callerAuth)); - callerAuth.Policy.NumberOfPolicyIds = 1; - callerAuth.Policy.PolicyIds = &policyField; - if(!csrInName) { - ortn = SecKeyGetCredentials(privKeyRef, - CSSM_ACL_AUTHORIZATION_SIGN, - kSecCredentialTypeDefault, - const_cast(&callerAuth.CallerCredentials)); - if(ortn) { - cssmPerror("SecKeyGetCredentials", crtn); - goto done; - } - } - - crtn = CSSM_TP_SubmitCredRequest (tpHand, - tpAuthPtr, - CSSM_TP_AUTHORITY_REQUEST_CERTISSUE, // CSSM_TP_AUTHORITY_REQUEST_TYPE - &reqSet, // const CSSM_TP_REQUEST_SET *RequestInput, - &callerAuth, - &estTime, // sint32 *EstimatedTime, - &refId); // CSSM_DATA_PTR ReferenceIdentifier - switch(crtn) { - case CSSM_OK: - case CSSMERR_APPLE_DOTMAC_REQ_QUEUED: - { - /* - * refId should be a cert or RefId - */ - const char *itemType = "Cert"; - const char *statStr = "OK"; - if(crtn != CSSM_OK) { - itemType = "RefId"; - statStr = "Cert"; - } - if((refId.Data == NULL) || (refId.Length == 0)) { - printf("CSSM_TP_SubmitCredRequest returned %s but no data\n", statStr); - break; - } - if(crtn == CSSM_OK) { - printf("...cert acquisition complete\n"); - } - else { - printf("...Cert request QUEUED\n"); - } - if(outFile) { - if(!writeFile(outFile, refId.Data, refId.Length)) { - if(!quiet) { - printf("...%lu bytes of %s written to %s\n", - refId.Length, itemType, outFile); - } - } - else { - printf("***Error writing %s to %s\n", itemType, outFile); - crtn = ioErr; - } - } - else if(verbose) { - if(crtn == CSSM_OK) { - unsigned char *der; - unsigned derLen; - if(pemDecode(refId.Data, refId.Length, &der, &derLen)) { - printf("***Error PEM decoding returned cert\n"); - } - else { - printCert(der, derLen, CSSM_FALSE); - free(der); - } - } - else { - printf("RefId data:\n"); - snDumpText(refId.Data, refId.Length); - } - } - break; - } - case CSSMERR_APPLE_DOTMAC_REQ_REDIRECT: - if((refId.Data == NULL) || (refId.Length == 0)) { - printf("CSSM_TP_SubmitCredRequest returned REDIRECT but no data\n"); - break; - } - printf("...cert acquisition : REDIRECTED to: "); - snDumpText(refId.Data, refId.Length); - printf("\n"); - break; - default: - cssmPerror("CSSM_TP_SubmitCredRequest", crtn); - break; - } - if(csrOutName) { - if((certReq.csr.Data == NULL) || (certReq.csr.Length == 0)) { - printf("***Asked for CSR but didn't get one\n"); - ortn = paramErr; - goto done; - } - if(writeFile(csrOutName, certReq.csr.Data, certReq.csr.Length)) { - printf("***Error writing CSR to %s.\n", csrOutName); - } - else { - printf("...%lu bytes written as CSR to %s\n", certReq.csr.Length, csrOutName); - } - } -done: - /* cleanup */ - CSSM_ModuleDetach(tpHand); - if(certReq.clHand) { - CSSM_ModuleDetach(certReq.clHand); - } - if(kcRef) { - CFRelease(kcRef); - } - if(csrInName) { - free(certReq.csr.Data); - } - if(privKeyRef) { - CFRelease(privKeyRef); - } - if(pubKeyRef) { - CFRelease(pubKeyRef); - } - if(refId.Data) { - cuAppFree(refId.Data, NULL); - } - if(doPause) { - fpurge(stdin); - printf("Pausing for MallocDebug measurement; CR to continue: "); - getchar(); - } - - return ortn; -} diff --git a/SecurityTests/clxutils/dotMacTool/keyPicker.cpp b/SecurityTests/clxutils/dotMacTool/keyPicker.cpp deleted file mode 100644 index d83c8f6c..00000000 --- a/SecurityTests/clxutils/dotMacTool/keyPicker.cpp +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/* - * keyPicker.cpp - select a key pair from a keychain - */ - -#include "keyPicker.h" -#include - -OSStatus keyPicker( - SecKeychainRef kcRef, // NULL means the default list - SecKeyRef *pubKey, // RETURNED - SecKeyRef *privKey) // RETURNED -{ - printf("We'll implement the key picker real soon now.\n"); - return unimpErr; -} diff --git a/SecurityTests/clxutils/dotMacTool/keyPicker.h b/SecurityTests/clxutils/dotMacTool/keyPicker.h deleted file mode 100644 index 30a89ea9..00000000 --- a/SecurityTests/clxutils/dotMacTool/keyPicker.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/* - * keyPicker.h - select a key pair from a keychain - */ - -#ifndef _KEY_PICKER_H_ -#define _KEY_PICKER_H_ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -OSStatus keyPicker( - SecKeychainRef kcRef, // NULL means the default list - SecKeyRef *pubKey, // RETURNED - SecKeyRef *privKey); // RETURNED - - -#ifdef __cplusplus -} -#endif - -#endif /* _KEY_PICKER_H_ */ - diff --git a/SecurityTests/clxutils/dumpasn1.cfg b/SecurityTests/clxutils/dumpasn1.cfg deleted file mode 100644 index 5be72adb..00000000 --- a/SecurityTests/clxutils/dumpasn1.cfg +++ /dev/null @@ -1,3634 +0,0 @@ -# dumpasn1 Object Identifier configuration file, available from -# http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.cfg. This is read by -# dumpasn1.c and is used to display information on Object Identifiers found in -# ASN.1 objects. This is merely a list of things which you might conceivably -# find in use somewhere, and should in no way be taken as a guide to which OIDs -# to use - many of these will never been seen in the wild, or should be shot on -# sight if encountered. -# -# The format of this file is as follows: -# -# - All blank lines and lines beginning with a '#' are ignored. -# - OIDs are described by a set of attributes, of which at least the 'OID' and -# 'Description' must be present. Optional attributes are a 'Comment' and a -# 'Warning' (to indicate that dumpasn1 will display a warning if this OID is -# encountered). -# - Attributes are listed one per line. The first attribute should be an 'OID' -# attribute since this is used to denote the start of a new OID description. -# The other attributes may be given in any order. -# -# See the rest of this file for examples of what an OID description should look -# like. - -# Some unknown X.500 attributes spec from the UK - -OID = 06 09 09 92 26 89 93 F2 2C 01 03 -Comment = Some oddball X.500 attribute collection -Description = rfc822Mailbox (0 9 2342 19200300 1 3) - -# RFC 2247, How to Kludge an FQDN as a DN (or words to that effect) - -OID = 06 0A 09 92 26 89 93 F2 2C 64 01 01 -Comment = Men are from Mars, this OID is from Pluto -Description = domainComponent (0 9 2342 19200300 100 1 25) - -# Certificates Australia - -OID = 06 0A 2A 24 A4 97 A3 53 01 64 01 01 -Comment = Certificates Australia CA -Description = Certificates Australia policyIdentifier (1 2 36 75878867 1 100 1 1) - -# Signet - -OID = 06 09 2A 24 A0 F2 A0 7D 01 01 02 -Comment = Signet CA -Description = Signet personal (1 2 36 68980861 1 1 2) - -OID = 06 09 2A 24 A0 F2 A0 7D 01 01 03 -Comment = Signet CA -Description = Signet business (1 2 36 68980861 1 1 3) - -OID = 06 09 2A 24 A0 F2 A0 7D 01 01 04 -Comment = Signet CA -Description = Signet legal (1 2 36 68980861 1 1 4) - -OID = 06 09 2A 24 A0 F2 A0 7D 01 01 0A -Comment = Signet CA -Description = Signet pilot (1 2 36 68980861 1 1 10) - -OID = 06 09 2A 24 A0 F2 A0 7D 01 01 0B -Comment = Signet CA -Description = Signet intraNet (1 2 36 68980861 1 1 11) - -OID = 06 09 2A 24 A0 F2 A0 7D 01 01 14 -Comment = Signet CA -Description = Signet securityPolicy (1 2 36 68980861 1 1 20) - -# Mitsubishi - -OID = 06 0B 2A 83 08 8C 1A 4B 3D 01 01 01 -Comment = Mitsubishi security algorithm -Description = symmetric-encryption-algorithm (1 2 392 200011 61 1 1 1) - -OID = 06 0C 2A 83 08 8C 9A 4B 3D 01 01 01 01 -Comment = Mitsubishi security algorithm -Description = misty1-cbc (1 2 392 200011 61 1 1 1 1) - -# SEIS - -OID = 06 05 2A 85 70 22 01 -Comment = SEIS Project -Description = seis-cp (1 2 752 34 1) - -OID = 06 06 2A 85 70 22 01 01 -Comment = SEIS Project certificate policies -Description = SEIS high-assurnace certificatePolicy (1 2 752 34 1 1) - -OID = 06 06 2A 85 70 22 01 02 -Comment = SEIS Project certificate policies -Description = SEIS GAK certificatePolicy (1 2 752 34 1 2) - -OID = 06 05 2A 85 70 22 02 -Comment = SEIS Project -Description = SEIS pe (1 2 752 34 2) - -OID = 06 05 2A 85 70 22 03 -Comment = SEIS Project -Description = SEIS at (1 2 752 34 3) - -OID = 06 06 2A 85 70 22 03 01 -Comment = SEIS Project attribute -Description = SEIS at-personalIdentifier (1 2 752 34 3 1) - -# ANSI X9.57 - -OID = 06 06 2A 86 48 CE 38 01 -Comment = ANSI X9.57 -Description = module (1 2 840 10040 1) - -OID = 06 07 2A 86 48 CE 38 01 01 -Comment = ANSI X9.57 module -Description = x9f1-cert-mgmt (1 2 840 10040 1 1) - -OID = 06 06 2A 86 48 CE 38 02 -Comment = ANSI X9.57 -Description = holdinstruction (1 2 840 10040 2) - -OID = 06 07 2A 86 48 CE 38 02 01 -Comment = ANSI X9.57 hold instruction -Description = holdinstruction-none (1 2 840 10040 2 1) - -OID = 06 07 2A 86 48 CE 38 02 02 -Comment = ANSI X9.57 hold instruction -Description = callissuer (1 2 840 10040 2 2) - -OID = 06 07 2A 86 48 CE 38 02 03 -Comment = ANSI X9.57 hold instruction -Description = reject (1 2 840 10040 2 3) - -OID = 06 07 2A 86 48 CE 38 02 04 -Comment = ANSI X9.57 hold instruction -Description = pickupToken (1 2 840 10040 2 4) - -OID = 06 06 2A 86 48 CE 38 03 -Comment = ANSI X9.57 -Description = attribute (1 2 840 10040 3) - -OID = 06 06 2A 86 48 CE 38 03 01 -Comment = ANSI X9.57 attribute -Description = countersignature (1 2 840 10040 3 1) - -OID = 06 06 2A 86 48 CE 38 03 02 -Comment = ANSI X9.57 attribute -Description = attribute-cert (1 2 840 10040 3 2) - -OID = 06 06 2A 86 48 CE 38 04 -Comment = ANSI X9.57 -Description = algorithm (1 2 840 10040 4) - -# this is specified in sm_cms -OID = 06 07 2A 86 48 CE 38 04 01 -Comment = ANSI X9.57 algorithm -Description = dsa (1 2 840 10040 4 1) - -OID = 06 07 2A 86 48 CE 38 04 02 -Comment = ANSI X9.57 algorithm -Description = dsa-match (1 2 840 10040 4 2) - -OID = 06 07 2A 86 48 CE 38 04 03 -Comment = ANSI X9.57 algorithm -Description = dsaWithSha1 (1 2 840 10040 4 3) - -# ANSI X9.62 - -OID = 06 06 2A 86 48 CE 3D 01 -Comment = ANSI X9.62. This OID may also be assigned as ecdsa-with-SHA1 -Description = fieldType (1 2 840 10045 1) - -OID = 06 07 2A 86 48 CE 3D 01 01 -Comment = ANSI X9.62 field type -Description = prime-field (1 2 840 10045 1 1) - -OID = 06 07 2A 86 48 CE 3D 01 02 -Comment = ANSI X9.62 field type -Description = characteristic-two-field (1 2 840 10045 1 2) - -OID = 06 09 2A 86 48 CE 3D 01 02 03 -Comment = ANSI X9.62 field type -Description = characteristic-two-basis (1 2 840 10045 1 2 3) - -OID = 06 0A 2A 86 48 CE 3D 01 02 03 01 -Comment = ANSI X9.62 field basis -Description = qnBasis (1 2 840 10045 1 2 3 1) - -OID = 06 0A 2A 86 48 CE 3D 01 02 03 02 -Comment = ANSI X9.62 field basis -Description = tpBasis (1 2 840 10045 1 2 3 2) - -OID = 06 0A 2A 86 48 CE 3D 01 02 03 03 -Comment = ANSI X9.62 field basis -Description = ppBasis (1 2 840 10045 1 2 3 3) - -OID = 06 07 2A 86 48 CE 3D 01 02 -Comment = ANSI X9.62 -Description = public-key-type (1 2 840 10045 1 2) - -# this seems bogus - (1 2 840 10045 2 1) is used now -OID = 06 08 2A 86 48 CE 3D 01 02 01 -Comment = ANSI X9.62 public key type -Description = ecPublicKey (1 2 840 10045 1 2 1) - -# The definition for the following OID is somewhat confused, and is given as -# keyType, publicKeyType, and public-key-type, all within 4 lines of text. -# ecPublicKey is defined using the ID publicKeyType, so this is what's used -# here. -OID = 06 06 2A 86 48 CE 3D 02 -Comment = ANSI X9.62 -Description = publicKeyType (1 2 840 10045 2) - -OID = 06 07 2A 86 48 CE 3D 02 01 -Comment = ANSI X9.62 public key type -Description = ecPublicKey (1 2 840 10045 2 1) - -# ANSI X9.42 - -OID = 06 07 2A 86 48 CE 3E 02 -Comment = ANSI X9.42 -Description = number-type (1 2 840 10046 2) - -OID = 06 07 2A 86 48 CE 3E 02 01 -Comment = ANSI X9.42 number-type -Description = dhPublicNumber (1 2 840 10046 2 1) - -# Nortel Secure Networks/Entrust - -OID = 06 07 2A 86 48 86 F6 7D 07 -Description = nsn (1 2 840 113533 7) - -OID = 06 08 2A 86 48 86 F6 7D 07 41 -Description = nsn-ce (1 2 840 113533 7 65) - -OID = 06 09 2A 86 48 86 F6 7D 07 41 00 -Comment = Nortel Secure Networks ce (1 2 840 113533 7 65) -Description = entrustVersInfo (1 2 840 113533 7 65 0) - -OID = 06 08 2A 86 48 86 F6 7D 07 42 -Description = nsn-alg (1 2 840 113533 7 66) - -OID = 06 09 2A 86 48 86 F6 7D 07 42 03 -Comment = Nortel Secure Networks alg (1 2 840 113533 7 66) -Description = cast3CBC (1 2 840 113533 7 66 3) - -OID = 06 09 2A 86 48 86 F6 7D 07 42 0A -Comment = Nortel Secure Networks alg (1 2 840 113533 7 66) -Description = cast5CBC (1 2 840 113533 7 66 10) - -OID = 06 09 2A 86 48 86 F6 7D 07 42 0B -Comment = Nortel Secure Networks alg (1 2 840 113533 7 66) -Description = cast5MAC (1 2 840 113533 7 66 11) - -OID = 06 09 2A 86 48 86 F6 7D 07 42 0C -Comment = Nortel Secure Networks alg (1 2 840 113533 7 66) -Description = pbeWithMD5AndCAST5-CBC (1 2 840 113533 7 66 12) - -OID = 06 09 2A 86 48 86 F6 7D 07 42 0D -Comment = Nortel Secure Networks alg (1 2 840 113533 7 66) -Description = passwordBasedMac (1 2 840 113533 7 66 13) - -OID = 06 08 2A 86 48 86 F6 7D 07 43 -Description = nsn-oc (1 2 840 113533 7 67) - -OID = 06 09 2A 86 48 86 F6 7D 07 43 0C -Comment = Nortel Secure Networks oc (1 2 840 113533 7 67) -Description = entrustUser (1 2 840 113533 7 67 0) - -OID = 06 08 2A 86 48 86 F6 7D 07 44 -Description = nsn-at (1 2 840 113533 7 68) - -OID = 06 09 2A 86 48 86 F6 7D 07 44 00 -Comment = Nortel Secure Networks at (1 2 840 113533 7 68) -Description = entrustCAInfo (1 2 840 113533 7 68 0) - -OID = 06 09 2A 86 48 86 F6 7D 07 44 0A -Comment = Nortel Secure Networks at (1 2 840 113533 7 68) -Description = attributeCertificate (1 2 840 113533 7 68 10) - -# PKCS #1 - -OID = 06 08 2A 86 48 86 F7 0D 01 01 -Description = pkcs-1 (1 2 840 113549 1 1) - -OID = 06 09 2A 86 48 86 F7 0D 01 01 01 -Comment = PKCS #1 -Description = rsaEncryption (1 2 840 113549 1 1 1) - -OID = 06 09 2A 86 48 86 F7 0D 01 01 02 -Comment = PKCS #1 -Description = md2withRSAEncryption (1 2 840 113549 1 1 2) - -OID = 06 09 2A 86 48 86 F7 0D 01 01 03 -Comment = PKCS #1 -Description = md4withRSAEncryption (1 2 840 113549 1 1 3) - -OID = 06 09 2A 86 48 86 F7 0D 01 01 04 -Comment = PKCS #1 -Description = md5withRSAEncryption (1 2 840 113549 1 1 4) - -OID = 06 09 2A 86 48 86 F7 0D 01 01 05 -Comment = PKCS #1 -Description = sha1withRSAEncryption (1 2 840 113549 1 1 5) - -# There is some confusion over the identity of the following OID. The OAEP -# one is more recent, but independant vendors have already used the RIPEMD -# one, however it's likely that SET will be a bigger hammer so we report it -# as that. -OID = 06 09 2A 86 48 86 F7 0D 01 01 06 -Comment = PKCS #1. This OID may also be assigned as ripemd160WithRSAEncryption -Description = rsaOAEPEncryptionSET (1 2 840 113549 1 1 6) -# ripemd160WithRSAEncryption (1 2 840 113549 1 1 6) - -# PKCS #3 - -OID = 06 08 2A 86 48 86 F7 0D 01 03 -Description = pkcs-3 (1 2 840 113549 1 3) - -OID = 06 09 2A 86 48 86 F7 0D 01 03 01 -Comment = PKCS #3 -Description = dhKeyAgreement (1 2 840 113549 1 3 1) - -# PKCS #5 - -OID = 06 09 2A 86 48 86 F7 0D 01 05 -Description = pkcs-5 (1 2 840 113549 1 5) - -OID = 06 09 2A 86 48 86 F7 0D 01 05 01 -Comment = PKCS #5 -Description = pbeWithMD2AndDES-CBC (1 2 840 113549 1 5 1) - -OID = 06 09 2A 86 48 86 F7 0D 01 05 03 -Comment = PKCS #5 -Description = pbeWithMD5AndDES-CBC (1 2 840 113549 1 5 3) - -OID = 06 09 2A 86 48 86 F7 0D 01 05 04 -Comment = PKCS #5 -Description = pbeWithMD2AndRC2-CBC (1 2 840 113549 1 5 4) - -OID = 06 09 2A 86 48 86 F7 0D 01 05 06 -Comment = PKCS #5 -Description = pbeWithMD5AndRC2-CBC (1 2 840 113549 1 5 6) - -OID = 06 09 2A 86 48 86 F7 0D 01 05 09 -Comment = PKCS #5, used in BSAFE only -Description = pbeWithMD5AndXOR (1 2 840 113549 1 5 9) -Warning - -OID = 06 09 2A 86 48 86 F7 0D 01 05 0A -Comment = PKCS #5 -Description = pbeWithSHA1AndDES-CBC (1 2 840 113549 1 5 10) - -OID = 06 09 2A 86 48 86 F7 0D 01 05 0B -Comment = PKCS #5 -Description = pbeWithSHA1AndRC2-CBC (1 2 840 113549 1 5 11) - -OID = 06 09 2A 86 48 86 F7 0D 01 05 0C -Comment = PKCS #5 -Description = id-PBKDF2 (1 2 840 113549 1 5 12) - -OID = 06 09 2A 86 48 86 F7 0D 01 05 0D -Comment = PKCS #5 -Description = id-PBES2 (1 2 840 113549 1 5 13) - -OID = 06 09 2A 86 48 86 F7 0D 01 05 0E -Comment = PKCS #5 -Description = id-PBMAC1 (1 2 840 113549 1 5 14) - -# PKCS #7 - -OID = 06 09 2A 86 48 86 F7 0D 01 07 -Description = pkcs-7 (1 2 840 113549 1 7) - -OID = 06 09 2A 86 48 86 F7 0D 01 07 01 -Comment = PKCS #7 -Description = data (1 2 840 113549 1 7 1) - -OID = 06 09 2A 86 48 86 F7 0D 01 07 02 -Comment = PKCS #7 -Description = signedData (1 2 840 113549 1 7 2) - -OID = 06 09 2A 86 48 86 F7 0D 01 07 03 -Comment = PKCS #7 -Description = envelopedData (1 2 840 113549 1 7 3) - -OID = 06 09 2A 86 48 86 F7 0D 01 07 04 -Comment = PKCS #7 -Description = signedAndEnvelopedData (1 2 840 113549 1 7 4) - -OID = 06 09 2A 86 48 86 F7 0D 01 07 05 -Comment = PKCS #7 -Description = digestedData (1 2 840 113549 1 7 5) - -OID = 06 09 2A 86 48 86 F7 0D 01 07 06 -Comment = PKCS #7 -Description = encryptedData (1 2 840 113549 1 7 6) - -OID = 06 09 2A 86 48 86 F7 0D 01 07 07 -Comment = PKCS #7 experimental -Description = dataWithAttributes (1 2 840 113549 1 7 7) -Warning - -OID = 06 09 2A 86 48 86 F7 0D 01 07 08 -Comment = PKCS #7 experimental -Description = encryptedPrivateKeyInfo (1 2 840 113549 1 7 8) -Warning - -# PKCS #9 - -OID = 06 09 2A 86 48 86 F7 0D 01 09 -Description = pkcs-9 (1 2 840 113549 1 9) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 01 -Comment = PKCS #9 (1 2 840 113549 1 9). Deprecated, use an altName extension instead -Description = emailAddress (1 2 840 113549 1 9 1) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 02 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = unstructuredName (1 2 840 113549 1 9 2) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 03 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = contentType (1 2 840 113549 1 9 3) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 04 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = messageDigest (1 2 840 113549 1 9 4) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 05 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = signingTime (1 2 840 113549 1 9 5) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 06 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = countersignature (1 2 840 113549 1 9 6) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 07 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = challengePassword (1 2 840 113549 1 9 7) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 08 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = unstructuredAddress (1 2 840 113549 1 9 8) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 09 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = extendedCertificateAttributes (1 2 840 113549 1 9 9) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 0A -Comment = PKCS #9 (1 2 840 113549 1 9) experimental -Description = issuerAndSerialNumber (1 2 840 113549 1 9 10) -Warning - -OID = 06 09 2A 86 48 86 F7 0D 01 09 0B -Comment = PKCS #9 (1 2 840 113549 1 9) experimental -Description = passwordCheck (1 2 840 113549 1 9 11) -Warning - -OID = 06 09 2A 86 48 86 F7 0D 01 09 0C -Comment = PKCS #9 (1 2 840 113549 1 9) experimental -Description = publicKey (1 2 840 113549 1 9 12) -Warning - -OID = 06 09 2A 86 48 86 F7 0D 01 09 0D -Comment = PKCS #9 (1 2 840 113549 1 9) experimental -Description = signingDescription (1 2 840 113549 1 9 13) -Warning - -OID = 06 09 2A 86 48 86 F7 0D 01 09 0E -Comment = PKCS #9 (1 2 840 113549 1 9) experimental -Description = extensionReq (1 2 840 113549 1 9 14) - -# PKCS #9 for use with S/MIME - -OID = 06 09 2A 86 48 86 F7 0D 01 09 0F -Comment = PKCS #9 (1 2 840 113549 1 9). This OID was formerly assigned as symmetricCapabilities, then reassigned as SMIMECapabilities, then renamed to the current name -Description = sMIMECapabilities (1 2 840 113549 1 9 15) - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 01 -Comment = sMIMECapabilities (1 2 840 113549 1 9 15) -Description = preferSignedData (1 2 840 113549 1 9 15 1) - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 02 -Comment = sMIMECapabilities (1 2 840 113549 1 9 15) -Description = canNotDecryptAny (1 2 840 113549 1 9 15 2) - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 03 -Comment = sMIMECapabilities (1 2 840 113549 1 9 15). Deprecated, use (1 2 840 113549 1 9 16 2 1) instead -Description = receiptRequest (1 2 840 113549 1 9 15 3) -Warning - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 04 -Comment = sMIMECapabilities (1 2 840 113549 1 9 15). Deprecated, use (1 2 840 113549 1 9 16 1 1) instead -Description = receipt (1 2 840 113549 1 9 15 4) -Warning - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 05 -Comment = sMIMECapabilities (1 2 840 113549 1 9 15). Deprecated, use (1 2 840 113549 1 9 16 2 4) instead -Description = contentHints (1 2 840 113549 1 9 15 5) -Warning - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 0F 06 -Comment = sMIMECapabilities (1 2 840 113549 1 9 15). Deprecated, use (1 2 840 113549 1 9 16 2 3) instead -Description = mlExpansionHistory (1 2 840 113549 1 9 15 6) -Warning - -OID = 06 09 2A 86 48 86 F7 0D 01 09 10 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = id-sMIME (1 2 840 113549 1 9 16) - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 10 00 -Comment = id-sMIME (1 2 840 113549 1 9 16) -Description = id-mod (1 2 840 113549 1 9 16 0) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 01 -Comment = S/MIME Modules (1 2 840 113549 1 9 16 0) -Description = id-mod-cms (1 2 840 113549 1 9 16 0 1) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 00 02 -Comment = S/MIME Modules (1 2 840 113549 1 9 16 0) -Description = id-mod-ess (1 2 840 113549 1 9 16 0 2) - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 10 01 -Comment = id-sMIME (1 2 840 113549 1 9 16) -Description = id-ct (1 2 840 113549 1 9 16 1) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 01 01 -Comment = S/MIME Content Types (1 2 840 113549 1 9 16 1) -Description = id-ct-receipt (1 2 840 113549 1 9 16 1 1) - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 10 02 -Comment = id-sMIME (1 2 840 113549 1 9 16) -Description = id-aa (1 2 840 113549 1 9 16 2) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 01 -Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) -Description = id-aa-receiptRequest (1 2 840 113549 1 9 16 2 1) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 02 -Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) -Description = id-aa-securityLabel (1 2 840 113549 1 9 16 2 2) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 03 -Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) -Description = id-aa-mlExpandHistory (1 2 840 113549 1 9 16 2 3) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 04 -Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) -Description = id-aa-contentHint (1 2 840 113549 1 9 16 2 4) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 05 -Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) -Description = id-aa-msgSigDigest (1 2 840 113549 1 9 16 2 5) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 07 -Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) -Description = id-aa-contentIdentifier (1 2 840 113549 1 9 16 2 7) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 08 -Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) -Description = id-aa-macValue (1 2 840 113549 1 9 16 2 8) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 09 -Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) -Description = id-aa-equivalentLabels (1 2 840 113549 1 9 16 2 9) - -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 0A -Comment = S/MIME Authenticated Attributes (1 2 840 113549 1 9 16 2) -Description = id-aa-contentReference (1 2 840 113549 1 9 16 2 10) - -# PKCS #9 for use with PKCS #12 - -OID = 06 09 2A 86 48 86 F7 0D 01 09 14 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = friendlyName (for PKCS #12) (1 2 840 113549 1 9 20) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 15 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = localKeyID (for PKCS #12) (1 2 840 113549 1 9 21) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 16 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = certTypes (for PKCS #12) (1 2 840 113549 1 9 22) - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 16 01 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = x509Certificate (for PKCS #12) (1 2 840 113549 1 9 22 1) - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 16 02 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = sdsiCertificate (for PKCS #12) (1 2 840 113549 1 9 22 2) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 17 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = crlTypes (for PKCS #12) (1 2 840 113549 1 9 23) - -OID = 06 0A 2A 86 48 86 F7 0D 01 09 17 01 -Comment = PKCS #9 (1 2 840 113549 1 9) -Description = x509Crl (for PKCS #12) (1 2 840 113549 1 9 23 1) - -# PKCS #12. Note that current PKCS #12 implementations tend to be strange and -# peculiar, with implementors misusing OIDs or basing their work on earlier PFX -# drafts or defining their own odd OIDs. In addition the PFX/PKCS #12 spec -# itself is full of errors and inconsistencies, and a number of OIDs have been -# redefined in different drafts (often multiple times), which doesn't make the -# implementors job any easier. - -OID = 06 08 2A 86 48 86 F7 0D 01 0C -Description = pkcs-12 (1 2 840 113549 1 12) - -OID = 06 09 2A 86 48 86 F7 0D 01 0C 01 -Comment = This OID was formerly assigned as PKCS #12 modeID -Description = pkcs-12-PbeIds (1 2 840 113549 1 12 1) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 01 -Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 1). This OID was formerly assigned as pkcs-12-OfflineTransportMode -Description = pbeWithSHAAnd128BitRC4 (1 2 840 113549 1 12 1 1) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 02 -Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 2). This OID was formerly assigned as pkcs-12-OnlineTransportMode -Description = pbeWithSHAAnd40BitRC4 (1 2 840 113549 1 12 1 2) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 03 -Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 3) -Description = pbeWithSHAAnd3-KeyTripleDES-CBC (1 2 840 113549 1 12 1 3) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 04 -Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 3) -Description = pbeWithSHAAnd2-KeyTripleDES-CBC (1 2 840 113549 1 12 1 4) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 05 -Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 3) -Description = pbeWithSHAAnd128BitRC2-CBC (1 2 840 113549 1 12 1 5) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 01 06 -Comment = PKCS #12 PbeIds (1 2 840 113549 1 12 3) -Description = pbeWithSHAAnd40BitRC2-CBC (1 2 840 113549 1 12 1 6) - -OID = 06 09 2A 86 48 86 F7 0D 01 0C 02 -Comment = Deprecated -Description = pkcs-12-ESPVKID (1 2 840 113549 1 12 2) -Warning - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 02 01 -Comment = PKCS #12 ESPVKID (1 2 840 113549 1 12 2). Deprecated, use (1 2 840 113549 1 12 3 5) instead -Description = pkcs-12-PKCS8KeyShrouding (1 2 840 113549 1 12 2 1) -Warning - -# The following appear to have been redefined yet again at 12 10 in the latest -# PKCS #12 spec. -OID = 06 09 2A 86 48 86 F7 0D 01 0C 03 -Description = pkcs-12-BagIds (1 2 840 113549 1 12 3) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 01 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3) -Description = pkcs-12-keyBagId (1 2 840 113549 1 12 3 1) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 02 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3) -Description = pkcs-12-certAndCRLBagId (1 2 840 113549 1 12 3 2) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 03 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3) -Description = pkcs-12-secretBagId (1 2 840 113549 1 12 3 3) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 04 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3) -Description = pkcs-12-safeContentsId (1 2 840 113549 1 12 3 4) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 03 05 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 3) -Description = pkcs-12-pkcs-8ShroudedKeyBagId (1 2 840 113549 1 12 3 5) - -OID = 06 09 2A 86 48 86 F7 0D 01 0C 04 -Comment = Deprecated -Description = pkcs-12-CertBagID (1 2 840 113549 1 12 4) -Warning - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 04 01 -Comment = PKCS #12 CertBagID (1 2 840 113549 1 12 4). This OID was formerly assigned as pkcs-12-X509CertCRLBag -Description = pkcs-12-X509CertCRLBagID (1 2 840 113549 1 12 4 1) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 04 02 -Comment = PKCS #12 CertBagID (1 2 840 113549 1 12 4). This OID was formerly assigned as pkcs-12-SDSICertBag -Description = pkcs-12-SDSICertBagID (1 2 840 113549 1 12 4 2) - -# The following are from PFX. The ... 5 1 values have been reassigned to OIDs -# with incompatible algorithms at ... 1, the 5 2 values seem to have vanished. -OID = 06 09 2A 86 48 86 F7 0D 01 0C 05 -Description = pkcs-12-OID (1 2 840 113549 1 12 5) -Warning - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 01 -Comment = PKCS #12 OID (1 2 840 113549 1 12 5). Deprecated, use the partially compatible (1 2 840 113549 1 12 1) OIDs instead -Description = pkcs-12-PBEID (1 2 840 113549 1 12 5 1) -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 01 -Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use (1 2 840 113549 1 12 1 1) instead -Description = pkcs-12-PBEWithSha1And128BitRC4 (1 2 840 113549 1 12 5 1 1) -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 02 -Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use (1 2 840 113549 1 12 1 2) instead -Description = pkcs-12-PBEWithSha1And40BitRC4 (1 2 840 113549 1 12 5 1 2) -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 03 -Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 3) or (1 2 840 113549 1 12 1 4) instead -Description = pkcs-12-PBEWithSha1AndTripleDESCBC (1 2 840 113549 1 12 5 1 3) -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 04 -Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use (1 2 840 113549 1 12 1 5) instead -Description = pkcs-12-PBEWithSha1And128BitRC2CBC (1 2 840 113549 1 12 5 1 4) -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 05 -Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use (1 2 840 113549 1 12 1 6) instead -Description = pkcs-12-PBEWithSha1And40BitRC2CBC (1 2 840 113549 1 12 5 1 5) -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 06 -Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 1) or (1 2 840 113549 1 12 1 2) instead -Description = pkcs-12-PBEWithSha1AndRC4 (1 2 840 113549 1 12 5 1 6) -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 01 07 -Comment = PKCS #12 OID PBEID (1 2 840 113549 1 12 5 1). Deprecated, use the incompatible but similar (1 2 840 113549 1 12 1 5) or (1 2 840 113549 1 12 1 6) instead -Description = pkcs-12-PBEWithSha1AndRC2CBC (1 2 840 113549 1 12 5 1 7) -Warning - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 02 -Description = pkcs-12-EnvelopingID (1 2 840 113549 1 12 5 2). Deprecated, use the conventional PKCS #1 OIDs instead -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 02 01 -Comment = PKCS #12 OID EnvelopingID (1 2 840 113549 1 12 5 2). Deprecated, use the conventional PKCS #1 OIDs instead -Description = pkcs-12-RSAEncryptionWith128BitRC4 (1 2 840 113549 1 12 5 2 1) -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 02 02 -Comment = PKCS #12 OID EnvelopingID (1 2 840 113549 1 12 5 2). Deprecated, use the conventional PKCS #1 OIDs instead -Description = pkcs-12-RSAEncryptionWith40BitRC4 (1 2 840 113549 1 12 5 2 2) -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 02 03 -Comment = PKCS #12 OID EnvelopingID (1 2 840 113549 1 12 5 2). Deprecated, use the conventional PKCS #1 OIDs instead -Description = pkcs-12-RSAEncryptionWithTripleDES (1 2 840 113549 1 12 5 2 3) -Warning - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 05 03 -Description = pkcs-12-SignatureID (1 2 840 113549 1 12 5 3). Deprecated, use the conventional PKCS #1 OIDs instead -Warning - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 05 03 01 -Comment = PKCS #12 OID SignatureID (1 2 840 113549 1 12 5 3). Deprecated, use the conventional PKCS #1 OIDs instead -Description = pkcs-12-RSASignatureWithSHA1Digest (1 2 840 113549 1 12 5 3 1) -Warning - -# Yet *another* redefinition of the PKCS #12 "bag" ID's, now in a different -# order than the last redefinition at ... 12 3. -OID = 06 09 2A 86 48 86 F7 0D 01 0C 0A -Description = pkcs-12Version1 (1 2 840 113549 1 12 10) - -OID = 06 0A 2A 86 48 86 F7 0D 01 0C 0A 01 -Description = pkcs-12BadIds (1 2 840 113549 1 12 10 1) - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 01 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1) -Description = pkcs-12-keyBag (1 2 840 113549 1 12 10 1 1) - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 02 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1) -Description = pkcs-12-pkcs-8ShroudedKeyBag (1 2 840 113549 1 12 10 1 2) - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 03 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1) -Description = pkcs-12-certBag (1 2 840 113549 1 12 10 1 3) - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 04 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1) -Description = pkcs-12-crlBag (1 2 840 113549 1 12 10 1 4) - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 05 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1) -Description = pkcs-12-secretBag (1 2 840 113549 1 12 10 1 5) - -OID = 06 0B 2A 86 48 86 F7 0D 01 0C 0A 01 06 -Comment = PKCS #12 BagIds (1 2 840 113549 1 12 10 1) -Description = pkcs-12-safeContentsBag (1 2 840 113549 1 12 10 1 6) - -# RSADSI digest algorithms - -OID = 06 08 2A 86 48 86 F7 0D 02 -Description = digestAlgorithm (1 2 840 113549 2) - -OID = 06 08 2A 86 48 86 F7 0D 02 02 -Comment = RSADSI digestAlgorithm (1 2 840 113549 2) -Description = md2 (1 2 840 113549 2 2) - -OID = 06 08 2A 86 48 86 F7 0D 02 04 -Comment = RSADSI digestAlgorithm (1 2 840 113549 2) -Description = md4 (1 2 840 113549 2 4) - -OID = 06 08 2A 86 48 86 F7 0D 02 05 -Comment = RSADSI digestAlgorithm (1 2 840 113549 2) -Description = md5 (1 2 840 113549 2 5) - -# RSADSI encryption algorithms - -OID = 06 08 2A 86 48 86 F7 0D 03 -Description = encryptionAlgorithm (1 2 840 113549 3) - -OID = 06 08 2A 86 48 86 F7 0D 03 02 -Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) -Description = rc2CBC (1 2 840 113549 3 2) - -OID = 06 08 2A 86 48 86 F7 0D 03 03 -Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) -Description = rc2ECB (1 2 840 113549 3 3) - -OID = 06 08 2A 86 48 86 F7 0D 03 04 -Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) -Description = rc4 (1 2 840 113549 3 4) - -OID = 06 08 2A 86 48 86 F7 0D 03 05 -Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) -Description = rc4WithMAC (1 2 840 113549 3 5) - -OID = 06 08 2A 86 48 86 F7 0D 03 06 -Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) -Description = desx-CBC (1 2 840 113549 3 6) - -OID = 06 08 2A 86 48 86 F7 0D 03 07 -Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) -Description = des-EDE3-CBC (1 2 840 113549 3 7) - -OID = 06 08 2A 86 48 86 F7 0D 03 08 -Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) -Description = rc5CBC (1 2 840 113549 3 8) - -OID = 06 08 2A 86 48 86 F7 0D 03 09 -Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3) -Description = rc5-CBCPad (1 2 840 113549 3 9) - -OID = 06 08 2A 86 48 86 F7 0D 03 0A -Comment = RSADSI encryptionAlgorithm (1 2 840 113549 3). Formerly called CDMFCBCPad -Description = desCDMF (1 2 840 113549 3 10) - -# Ascom Systech - -OID = 06 0A 2B 06 01 04 01 81 3C 07 01 01 -Comment = Ascom Systech -Description = ascom (1 3 6 1 4 1 188 7 1 1) - -OID = 06 0B 2B 06 01 04 01 81 3C 07 01 01 01 -Comment = Ascom Systech -Description = ideaECB (1 3 6 1 4 1 188 7 1 1 1) - -# Microsoft - -OID = 06 08 2A 86 48 86 F7 14 04 03 -Comment = Microsoft -Description = microsoftExcel (1 2 840 113556 4 3) - -OID = 06 08 2A 86 48 86 F7 14 04 04 -Comment = Microsoft -Description = titledWithOID (1 2 840 113556 4 4) - -OID = 06 08 2A 86 48 86 F7 14 04 05 -Comment = Microsoft -Description = microsoftPowerPoint (1 2 840 113556 4 5) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 04 -Comment = Microsoft code signing -Description = spcIndirectDataContext (1 3 6 1 4 1 311 2 1 4) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 0A -Comment = Microsoft code signing. Also known as policyLink -Description = spcAgencyInfo (1 3 6 1 4 1 311 2 1 10) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 0B -Comment = Microsoft code signing -Description = spcStatementType (1 3 6 1 4 1 311 2 1 11) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 0C -Comment = Microsoft code signing -Description = spcSpOpusInfo (1 3 6 1 4 1 311 2 1 12) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 0E -Comment = Microsoft -Description = certExtensions (1 3 6 1 4 1 311 2 1 14) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 0F -Comment = Microsoft code signing -Description = spcPelmageData (1 3 6 1 4 1 311 2 1 15) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 14 -Comment = Microsoft code signing. Also known as "glue extension" -Description = spcLink (type 1) (1 3 6 1 4 1 311 2 1 20) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 15 -Comment = Microsoft -Description = individualCodeSigning (1 3 6 1 4 1 311 2 1 21) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 16 -Comment = Microsoft -Description = commercialCodeSigning (1 3 6 1 4 1 311 2 1 22) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 19 -Comment = Microsoft code signing. Also known as "glue extension" -Description = spcLink (type 2) (1 3 6 1 4 1 311 2 1 25) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 1A -Comment = Microsoft code signing -Description = spcMinimalCriteriaInfo (1 3 6 1 4 1 311 2 1 26) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 1B -Comment = Microsoft code signing -Description = spcFinancialCriteriaInfo (1 3 6 1 4 1 311 2 1 27) - -OID = 06 0A 2B 06 01 04 01 82 37 02 01 1C -Comment = Microsoft code signing. Also known as "glue extension" -Description = spcLink (type 3) (1 3 6 1 4 1 311 2 1 28) - -OID = 06 0A 2B 06 01 04 01 82 37 03 02 01 -Comment = Microsoft code signing -Description = timestampCountersignature (1 3 6 1 4 1 311 3 2 1) - -OID = 06 0A 2B 06 01 04 01 82 37 0A 01 -Comment = Microsoft PKCS #7 contentType -Description = certTrustList (1 3 6 1 4 1 311 10 1) - -OID = 06 0A 2B 06 01 04 01 82 37 0A 02 -Comment = Microsoft -Description = nextUpdateLocation (1 3 6 1 4 1 311 10 2) - -OID = 06 0A 2B 06 01 04 01 82 37 0A 03 01 -Comment = Microsoft enhanced key usage -Description = certTrustListSigning (1 3 6 1 4 1 311 10 3 1) - -OID = 06 0A 2B 06 01 04 01 82 37 0A 03 02 -Comment = Microsoft enhanced key usage -Description = timeStampSigning (1 3 6 1 4 1 311 10 3 2) - -OID = 06 0A 2B 06 01 04 01 82 37 0A 03 03 -Comment = Microsoft enhanced key usage -Description = serverGatedCrypto (1 3 6 1 4 1 311 10 3 3) - -OID = 06 0A 2B 06 01 04 01 82 37 0A 03 04 -Comment = Microsoft enhanced key usage -Description = encryptedFileSystem (1 3 6 1 4 1 311 10 3 4) - -OID = 06 0A 2B 06 01 04 01 82 37 0A 04 01 -Comment = Microsoft attribute -Description = yesnoTrustAttr (1 3 6 1 4 1 311 10 4 1) - -# UNINETT - -OID = 06 0A 2B 06 01 04 01 92 7C 0A 01 01 -Comment = UNINETT PCA -Description = UNINETT policyIdentifier (1 3 6 1 4 1 2428 10 1 1) - -# ICE-TEL - -OID = 06 08 2B 06 01 04 01 95 18 0A -Comment = ICE-TEL CA -Description = ICE-TEL policyIdentifier (1 3 6 1 4 1 2712 10) - -OID = 06 0A 2B 06 01 04 01 95 62 01 01 01 -Comment = ICE-TEL CA policy -Description = ICE-TEL Italian policyIdentifier (1 3 6 1 4 1 2786 1 1 1) - -# cryptlib - -OID = 06 09 2B 06 01 04 01 97 55 20 01 -Comment = cryptlib -Description = cryptlibEnvelope (1 3 6 1 4 1 3029 32 1) - -OID = 06 09 2B 06 01 04 01 97 55 20 02 -Comment = cryptlib -Description = cryptlibPrivateKey (1 3 6 1 4 1 3029 32 2) - -OID = 06 0B 2B 06 01 04 01 97 55 2A D7 24 01 -Comment = cryptlib special MPEG-of-cat OID -Description = mpeg-1 (1 3 6 1 4 1 3029 42 11172 1) - -# PKIX - -OID = 06 06 2B 06 01 05 05 07 -Comment = PKIX base -Description = pkix (1 3 6 1 5 5 7) - -OID = 06 07 2B 06 01 05 05 07 01 -Comment = PKIX -Description = privateExtension (1 3 6 1 5 5 7 1) - -OID = 06 08 2B 06 01 05 05 07 01 01 -Comment = PKIX private extension -Description = authorityInfoAccess (1 3 6 1 5 5 7 1 1) - -OID = 06 07 2B 06 01 05 05 07 02 -Comment = PKIX -Description = policyQualifierIds (1 3 6 1 5 5 7 2) - -OID = 06 08 2B 06 01 05 05 07 02 01 -Comment = PKIX policy qualifier -Description = cps (1 3 6 1 5 5 7 2 1) - -OID = 06 08 2B 06 01 05 05 07 02 02 -Comment = PKIX policy qualifier -Description = unotice (1 3 6 1 5 5 7 2 2) - -OID = 06 07 2B 06 01 05 05 07 03 -Comment = PKIX -Description = keyPurpose (1 3 6 1 5 5 7 3) - -OID = 06 08 2B 06 01 05 05 07 03 01 -Comment = PKIX key purpose -Description = serverAuth (1 3 6 1 5 5 7 3 1) - -OID = 06 08 2B 06 01 05 05 07 03 02 -Comment = PKIX key purpose -Description = clientAuth (1 3 6 1 5 5 7 3 2) - -OID = 06 08 2B 06 01 05 05 07 03 03 -Comment = PKIX key purpose -Description = codeSigning (1 3 6 1 5 5 7 3 3) - -OID = 06 08 2B 06 01 05 05 07 03 04 -Comment = PKIX key purpose -Description = emailProtection (1 3 6 1 5 5 7 3 4) - -OID = 06 08 2B 06 01 05 05 07 03 05 -Comment = PKIX key purpose -Description = ipsecEndSystem (1 3 6 1 5 5 7 3 5) - -OID = 06 08 2B 06 01 05 05 07 03 06 -Comment = PKIX key purpose -Description = ipsecTunnel (1 3 6 1 5 5 7 3 6) - -OID = 06 08 2B 06 01 05 05 07 03 07 -Comment = PKIX key purpose -Description = ipsecUser (1 3 6 1 5 5 7 3 7) - -OID = 06 08 2B 06 01 05 05 07 03 08 -Comment = PKIX key purpose -Description = timeStamping (1 3 6 1 5 5 7 3 8) - -OID = 06 08 2B 06 01 05 05 07 03 08 -Comment = PKIX key purpose -Description = OCSPSigning (1 3 6 1 5 5 7 3 9) - -OID = 06 07 2B 06 01 05 05 07 04 -Comment = PKIX -Description = cmpInformationTypes (1 3 6 1 5 5 7 4) - -OID = 06 08 2B 06 01 05 05 07 04 01 -Comment = PKIX CMP information -Description = caProtEncCert (1 3 6 1 5 5 7 4 1) - -OID = 06 08 2B 06 01 05 05 07 04 02 -Comment = PKIX CMP information -Description = signKeyPairTypes (1 3 6 1 5 5 7 4 2) - -OID = 06 08 2B 06 01 05 05 07 04 03 -Comment = PKIX CMP information -Description = encKeyPairTypes (1 3 6 1 5 5 7 4 3) - -OID = 06 08 2B 06 01 05 05 07 04 04 -Comment = PKIX CMP information -Description = preferredSymmAlg (1 3 6 1 5 5 7 4 4) - -OID = 06 08 2B 06 01 05 05 07 04 05 -Comment = PKIX CMP information -Description = caKeyUpdateInfo (1 3 6 1 5 5 7 4 5) - -OID = 06 08 2B 06 01 05 05 07 04 06 -Comment = PKIX CMP information -Description = currentCRL (1 3 6 1 5 5 7 4 6) - -OID = 06 08 2B 06 01 05 05 07 30 01 -Comment = PKIX authority info access descriptor -Description = ocsp (1 3 6 1 5 5 7 48 1) - -OID = 06 08 2B 06 01 05 05 07 30 02 -Comment = PKIX authority info access descriptor -Description = caIssuers (1 3 6 1 5 5 7 48 2) - -# ISAKMP - -OID = 06 08 2B 06 01 05 05 08 01 01 -Comment = ISAKMP HMAC algorithm -Description = HMAC-MD5 (1 3 6 1 5 5 8 1 1) - -OID = 06 08 2B 06 01 05 05 08 01 02 -Comment = ISAKMP HMAC algorithm -Description = HMAC-SHA (1 3 6 1 5 5 8 1 2) - -OID = 06 08 2B 06 01 05 05 08 01 03 -Comment = ISAKMP HMAC algorithm -Description = HMAC-Tiger (1 3 6 1 5 5 8 1 3) - -# DEC (via ECMA) - -OID = 06 07 2B 0C 02 87 73 07 01 -Comment = DASS algorithm -Description = decEncryptionAlgorithm (1 3 12 2 1011 7 1) - -OID = 06 08 2B 0C 02 87 73 07 01 02 -Comment = DASS encryption algorithm -Description = decDEA (1 3 12 2 1011 7 1 2) - -OID = 06 07 2B 0C 02 87 73 07 02 -Comment = DASS algorithm -Description = decHashAlgorithm (1 3 12 2 1011 7 2) - -OID = 06 07 2B 0C 02 87 73 07 02 01 -Comment = DASS hash algorithm -Description = decMD2 (1 3 12 2 1011 7 2 1) - -OID = 06 07 2B 0C 02 87 73 07 02 02 -Comment = DASS hash algorithm -Description = decMD4 (1 3 12 2 1011 7 2 2) - -OID = 06 07 2B 0C 02 87 73 07 03 -Comment = DASS algorithm -Description = decSignatureAlgorithm (1 3 12 2 1011 7 3) - -OID = 06 07 2B 0C 02 87 73 07 03 01 -Comment = DASS signature algorithm -Description = decMD2withRSA (1 3 12 2 1011 7 3 1) - -OID = 06 07 2B 0C 02 87 73 07 03 02 -Comment = DASS signature algorithm -Description = decMD4withRSA (1 3 12 2 1011 7 3 2) - -OID = 06 07 2B 0C 02 87 73 07 03 03 -Comment = DASS signature algorithm -Description = decDEAMAC (1 3 12 2 1011 7 3 3) - -# NIST Open Systems Environment (OSE) Implementor's Workshop (OIW), -# specialising in oddball and partially-defunct OIDs - -OID = 06 05 2B 0E 02 1A 05 -Comment = Unsure about this OID -Description = sha (1 3 14 2 26 5) - -OID = 06 06 2B 0E 03 02 01 01 -Comment = X.509. Unsure about this OID -Description = rsa (1 3 14 3 2 1 1) - -OID = 06 05 2B 0E 03 02 02 -Comment = Oddball OIW OID -Description = md4WitRSA (1 3 14 3 2 2) - -OID = 06 05 2B 0E 03 02 03 -Comment = Oddball OIW OID -Description = md5WithRSA (1 3 14 3 2 3) - -OID = 06 05 2B 0E 03 02 04 -Comment = Oddball OIW OID -Description = md4WithRSAEncryption (1 3 14 3 2 4) - -OID = 06 06 2B 0E 03 02 02 01 -Comment = X.509. Deprecated -Description = sqmod-N (1 3 14 3 2 2 1) -Warning - -OID = 06 06 2B 0E 03 02 03 01 -Comment = X.509. Deprecated -Description = sqmod-NwithRSA (1 3 14 3 2 3 1) -Warning - -OID = 06 05 2B 0E 03 02 06 -Description = desECB (1 3 14 3 2 6) - -OID = 06 05 2B 0E 03 02 07 -Description = desCBC (1 3 14 3 2 7) - -OID = 06 05 2B 0E 03 02 08 -Description = desOFB (1 3 14 3 2 8) - -OID = 06 05 2B 0E 03 02 09 -Description = desCFB (1 3 14 3 2 9) - -OID = 06 05 2B 0E 03 02 0A -Description = desMAC (1 3 14 3 2 10) - -OID = 06 05 2B 0E 03 02 0B -Comment = ISO 9796-2, also X9.31 Part 1 -Description = rsaSignature (1 3 14 3 2 11) - -# this is used by BSAFE -OID = 06 05 2B 0E 03 02 0C -Comment = OIW?, supposedly from an incomplete version of SDN.702 (doesn't match final SDN.702) -Description = dsa-bsafe (1 3 14 3 2 12) -Warning - -OID = 06 05 2B 0E 03 02 0D -Comment = Oddball OIW OID. Incorrectly used by JDK 1.1 in place of (1 3 14 3 2 27) -# Their response was that they know it's wrong, but noone uses SHA0 so it won't -# cause any problems, right? Note: BSAFE uses this as well! -Description = dsaWithSHA-bsafe (1 3 14 3 2 13) -Warning - -# The various mdWithRSASIsignature OIDs are for the ANSI X9.31 draft and use -# ISO 9796-2 padding rules. This work was derailed during the PKP brouhaha and -# is still in progress -OID = 06 05 2B 0E 03 02 0E -Comment = Oddball OIW OID using 9796-2 padding rules -Description = mdc2WithRSASignature (1 3 14 3 2 14) - -OID = 06 05 2B 0E 03 02 0F -Comment = Oddball OIW OID using 9796-2 padding rules -Description = shaWithRSASignature (1 3 14 3 2 15) - -OID = 06 05 2B 0E 03 02 10 -Comment = Oddball OIW OID. Deprecated, use a plain DH OID instead -Description = dhWithCommonModulus (1 3 14 3 2 16) -Warning - -OID = 06 05 2B 0E 03 02 11 -Comment = Oddball OIW OID. Mode is ECB -Description = desEDE (1 3 14 3 2 17) - -OID = 06 05 2B 0E 03 02 12 -Comment = Oddball OIW OID -Description = sha (1 3 14 3 2 18) - -OID = 06 05 2B 0E 03 02 13 -Comment = Oddball OIW OID, DES-based hash, planned for X9.31 Part 2 -Description = mdc-2 (1 3 14 3 2 19) - -OID = 06 05 2B 0E 03 02 14 -Comment = Oddball OIW OID. Deprecated, use a plain DSA OID instead -Description = dsaCommon (1 3 14 3 2 20) -Warning - -OID = 06 05 2B 0E 03 02 15 -Comment = Oddball OIW OID. Deprecated, use a plain dsaWithSHA OID instead -Description = dsaCommonWithSHA (1 3 14 3 2 21) -Warning - -OID = 06 05 2B 0E 03 02 16 -Comment = Oddball OIW OID -Description = rsaKeyTransport (1 3 14 3 2 22) - -OID = 06 05 2B 0E 03 02 17 -Comment = Oddball OIW OID -Description = keyed-hash-seal (1 3 14 3 2 23) - -OID = 06 05 2B 0E 03 02 18 -Comment = Oddball OIW OID using 9796-2 padding rules -Description = md2WithRSASignature (1 3 14 3 2 24) - -OID = 06 05 2B 0E 03 02 19 -Comment = Oddball OIW OID using 9796-2 padding rules -Description = md5WithRSASignature (1 3 14 3 2 25) - -OID = 06 05 2B 0E 03 02 1A -Comment = OIW -Description = sha1 (1 3 14 3 2 26) - -# Yet another multiply-assigned OID -OID = 06 05 2B 0E 03 02 1B -Comment = OIW. This OID may also be assigned as ripemd-160 -Description = dsaWithSHA1 (1 3 14 3 2 27) - -OID = 06 05 2B 0E 03 02 1C -Comment = OIW -Description = dsaWithCommonSHA1 (1 3 14 3 2 28) - -OID = 06 05 2B 0E 03 02 1D -Comment = Oddball OIW OID -Description = sha-1WithRSAEncryption (1 3 14 3 2 29) - -OID = 06 05 2B 0E 03 03 01 -Comment = Oddball OIW OID -Description = simple-strong-auth-mechanism (1 3 14 3 3 1) - -OID = 06 06 2B 0E 07 02 01 01 -Comment = Unsure about this OID -Description = ElGamal (1 3 14 7 2 1 1) - -OID = 06 06 2B 0E 07 02 03 01 -Comment = Unsure about this OID -Description = md2WithRSA (1 3 14 7 2 3 1) - -OID = 06 06 2B 0E 07 02 03 02 -Comment = Unsure about this OID -Description = md2WithElGamal (1 3 14 7 2 3 2) - -# Teletrust - -OID = 06 03 2B 24 01 -Comment = Teletrust document -Description = document (1 3 36 1) - -OID = 06 04 2B 24 01 01 -Comment = Teletrust document -Description = finalVersion (1 3 36 1 1) - -OID = 06 04 2B 24 01 02 -Comment = Teletrust document -Description = draft (1 3 36 1 2) - -OID = 06 03 2B 24 02 -Comment = Teletrust sio -Description = sio (1 3 36 2) - -OID = 06 04 2B 24 02 01 -Comment = Teletrust sio -Description = certificate (1 3 36 2 1) - -OID = 06 04 2B 24 02 01 -Comment = Teletrust sio -Description = sedu (1 3 36 2 1) - -OID = 06 03 2B 24 03 -Comment = Teletrust algorithm -Description = algorithm (1 3 36 3) - -OID = 06 04 2B 24 03 01 -Comment = Teletrust algorithm -Description = encryptionAlgorithm (1 3 36 3 1) - -OID = 06 05 2B 24 03 01 01 -Comment = Teletrust encryption algorithm -Description = des (1 3 36 3 1 1) - -OID = 06 06 2B 24 03 01 01 01 -Comment = Teletrust encryption algorithm -Description = desECB_pad (1 3 36 3 1 1 1) - -OID = 06 07 2B 24 03 01 01 01 01 -Comment = Teletrust encryption algorithm -Description = desECB_ISOpad (1 3 36 3 1 1 1 1) - -OID = 06 07 2B 24 03 01 01 02 01 -Comment = Teletrust encryption algorithm -Description = desCBC_pad (1 3 36 3 1 1 2 1) - -OID = 06 08 2B 24 03 01 01 02 01 01 -Comment = Teletrust encryption algorithm -Description = desCBC_ISOpad (1 3 36 3 1 1 2 1 1) - -OID = 06 05 2B 24 03 01 03 -Comment = Teletrust encryption algorithm -Description = des_3 (1 3 36 3 1 3) - -OID = 06 07 2B 24 03 01 03 01 01 -Comment = Teletrust encryption algorithm. EDE triple DES -Description = des_3ECB_pad (1 3 36 3 1 3 1 1) - -OID = 06 08 2B 24 03 01 03 01 01 01 -Comment = Teletrust encryption algorithm. EDE triple DES -Description = des_3ECB_ISOpad (1 3 36 3 1 3 1 1 1) - -OID = 06 07 2B 24 03 01 03 02 01 -Comment = Teletrust encryption algorithm. EDE triple DES -Description = des_3CBC_pad (1 3 36 3 1 3 2 1) - -OID = 06 08 2B 24 03 01 03 02 01 01 -Comment = Teletrust encryption algorithm. EDE triple DES -Description = des_3CBC_ISOpad (1 3 36 3 1 3 2 1 1) - -OID = 06 05 2B 24 03 01 02 -Comment = Teletrust encryption algorithm -Description = idea (1 3 36 3 1 2) - -OID = 06 06 2B 24 03 01 02 01 -Comment = Teletrust encryption algorithm -Description = ideaECB (1 3 36 3 1 2 1) - -OID = 06 07 2B 24 03 01 02 01 01 -Comment = Teletrust encryption algorithm -Description = ideaECB_pad (1 3 36 3 1 2 1 1) - -OID = 06 08 2B 24 03 01 02 01 01 01 -Comment = Teletrust encryption algorithm -Description = ideaECB_ISOpad (1 3 36 3 1 2 1 1 1) - -OID = 06 06 2B 24 03 01 02 02 -Comment = Teletrust encryption algorithm -Description = ideaCBC (1 3 36 3 1 2 2) - -OID = 06 07 2B 24 03 01 02 02 01 -Comment = Teletrust encryption algorithm -Description = ideaCBC_pad (1 3 36 3 1 2 2 1) - -OID = 06 08 2B 24 03 01 02 02 01 01 -Comment = Teletrust encryption algorithm -Description = ideaCBC_ISOpad (1 3 36 3 1 2 2 1 1) - -OID = 06 06 2B 24 03 01 02 03 -Comment = Teletrust encryption algorithm -Description = ideaOFB (1 3 36 3 1 2 3) - -OID = 06 06 2B 24 03 01 02 04 -Comment = Teletrust encryption algorithm -Description = ideaCFB (1 3 36 3 1 2 4) - -OID = 06 05 2B 24 03 01 04 -Comment = Teletrust encryption algorithm -Description = rsaEncryption (1 3 36 3 1 4) - -OID = 06 08 2B 24 03 01 04 84 00 11 -Comment = Teletrust encryption algorithm -Description = rsaEncryptionWithlmod512expe17 (1 3 36 3 1 4 512 17) - -OID = 06 05 2B 24 03 01 05 -Comment = Teletrust encryption algorithm -Description = bsi-1 (1 3 36 3 1 5) - -OID = 06 06 2B 24 03 01 05 01 -Comment = Teletrust encryption algorithm -Description = bsi_1ECB_pad (1 3 36 3 1 5 1) - -OID = 06 06 2B 24 03 01 05 02 -Comment = Teletrust encryption algorithm -Description = bsi_1CBC_pad (1 3 36 3 1 5 2) - -OID = 06 07 2B 24 03 01 05 02 01 -Comment = Teletrust encryption algorithm -Description = bsi_1CBC_PEMpad (1 3 36 3 1 5 2 1) - -OID = 06 04 2B 24 03 02 -Comment = Teletrust algorithm -Description = hashAlgorithm (1 3 36 3 2) - -OID = 06 05 2B 24 03 02 01 -Comment = Teletrust hash algorithm -Description = ripemd160 (1 3 36 3 2 1) - -OID = 06 05 2B 24 03 02 02 -Comment = Teletrust hash algorithm -Description = ripemd128 (1 3 36 3 2 2) - -OID = 06 05 2B 24 03 02 03 -Comment = Teletrust hash algorithm -Description = ripemd256 (1 3 36 3 2 3) - -OID = 06 05 2B 24 03 02 04 -Comment = Teletrust hash algorithm -Description = mdc2singleLength (1 3 36 3 2 4) - -OID = 06 05 2B 24 03 02 05 -Comment = Teletrust hash algorithm -Description = mdc2doubleLength (1 3 36 3 2 5) - -OID = 06 04 2B 24 03 03 -Comment = Teletrust algorithm -Description = signatureAlgorithm (1 3 36 3 3) - -OID = 06 05 2B 24 03 03 01 -Comment = Teletrust signature algorithm -Description = rsaSignature (1 3 36 3 3 1) - -OID = 06 06 2B 24 03 03 01 01 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1 (1 3 36 3 3 1 1) - -# What *were* they thinking? -OID = 06 09 2B 24 03 03 01 01 84 00 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l512_l2 (1 3 36 3 3 1 1 512 2) -OID = 06 09 2B 24 03 03 01 01 85 00 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l640_l2 (1 3 36 3 3 1 1 640 2) -OID = 06 09 2B 24 03 03 01 01 86 00 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l768_l2 (1 3 36 3 3 1 1 768 2) -OID = 06 09 2B 24 03 03 01 01 87 00 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l896_l2 (1 3 36 3 3 1 1 892 2) -OID = 06 09 2B 24 03 03 01 01 88 00 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l1024_l2 (1 3 36 3 3 1 1 1024 2) -OID = 06 09 2B 24 03 03 01 01 84 00 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l512_l3 (1 3 36 3 3 1 1 512 3) -OID = 06 09 2B 24 03 03 01 01 85 00 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l640_l3 (1 3 36 3 3 1 1 640 3) -OID = 06 09 2B 24 03 03 01 01 86 00 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l768_l3 (1 3 36 3 3 1 1 768 3) -OID = 06 09 2B 24 03 03 01 01 87 00 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l896_l3 (1 3 36 3 3 1 1 896 3) -OID = 06 09 2B 24 03 03 01 01 88 00 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l1024_l3 (1 3 36 3 3 1 1 1024 3) -OID = 06 09 2B 24 03 03 01 01 84 00 05 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l512_l5 (1 3 36 3 3 1 1 512 5) -OID = 06 09 2B 24 03 03 01 01 85 00 05 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l640_l5 (1 3 36 3 3 1 1 640 5) -OID = 06 09 2B 24 03 03 01 01 86 00 05 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l768_l5 (1 3 36 3 3 1 1 768 5) -OID = 06 09 2B 24 03 03 01 01 87 00 05 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l896_l5 (1 3 36 3 3 1 1 896 5) -OID = 06 09 2B 24 03 03 01 01 88 00 05 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l1024_l5 (1 3 36 3 3 1 1 1024 5) -OID = 06 09 2B 24 03 03 01 01 84 00 09 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l512_l9 (1 3 36 3 3 1 1 512 9) -OID = 06 09 2B 24 03 03 01 01 85 00 09 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l640_l9 (1 3 36 3 3 1 1 640 9) -OID = 06 09 2B 24 03 03 01 01 86 00 09 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l768_l9 (1 3 36 3 3 1 1 768 9) -OID = 06 09 2B 24 03 03 01 01 87 00 09 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l896_l9 (1 3 36 3 3 1 1 896 9) -OID = 06 09 2B 24 03 03 01 01 88 00 09 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l1024_l9 (1 3 36 3 3 1 1 1024 9) -OID = 06 09 2B 24 03 03 01 01 84 00 11 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l512_l11 (1 3 36 3 3 1 1 512 11) -OID = 06 09 2B 24 03 03 01 01 85 00 11 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l640_l11 (1 3 36 3 3 1 1 640 11) -OID = 06 09 2B 24 03 03 01 01 86 00 11 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l768_l11 (1 3 36 3 3 1 1 768 11) -OID = 06 09 2B 24 03 03 01 01 87 00 11 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l896_l11 (1 3 36 3 3 1 1 896 11) -OID = 06 09 2B 24 03 03 01 01 88 00 11 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithsha1_l1024_l11 (1 3 36 3 3 1 1 1024 11) - -OID = 06 06 2B 24 03 03 01 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160 (1 3 36 3 3 1 2) - -OID = 06 09 2B 24 03 03 01 02 84 00 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l512_l2 (1 3 36 3 3 1 2 512 2) -OID = 06 09 2B 24 03 03 01 02 85 00 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l640_l2 (1 3 36 3 3 1 2 640 2) -OID = 06 09 2B 24 03 03 01 02 86 00 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l768_l2 (1 3 36 3 3 1 2 768 2) -OID = 06 09 2B 24 03 03 01 02 87 00 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l896_l2 (1 3 36 3 3 1 2 892 2) -OID = 06 09 2B 24 03 03 01 02 88 00 02 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l1024_l2 (1 3 36 3 3 1 2 1024 2) -OID = 06 09 2B 24 03 03 01 02 84 00 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l512_l3 (1 3 36 3 3 1 2 512 3) -OID = 06 09 2B 24 03 03 01 02 85 00 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l640_l3 (1 3 36 3 3 1 2 640 3) -OID = 06 09 2B 24 03 03 01 02 86 00 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l768_l3 (1 3 36 3 3 1 2 768 3) -OID = 06 09 2B 24 03 03 01 02 87 00 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l896_l3 (1 3 36 3 3 1 2 896 3) -OID = 06 09 2B 24 03 03 01 02 88 00 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l1024_l3 (1 3 36 3 3 1 2 1024 3) -OID = 06 09 2B 24 03 03 01 02 84 00 05 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l512_l5 (1 3 36 3 3 1 2 512 5) -OID = 06 09 2B 24 03 03 01 02 85 00 05 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l640_l5 (1 3 36 3 3 1 2 640 5) -OID = 06 09 2B 24 03 03 01 02 86 00 05 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l768_l5 (1 3 36 3 3 1 2 768 5) -OID = 06 09 2B 24 03 03 01 02 87 00 05 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l896_l5 (1 3 36 3 3 1 2 896 5) -OID = 06 09 2B 24 03 03 01 02 88 00 05 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l1024_l5 (1 3 36 3 3 1 2 1024 5) -OID = 06 09 2B 24 03 03 01 02 84 00 09 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l512_l9 (1 3 36 3 3 1 2 512 9) -OID = 06 09 2B 24 03 03 01 02 85 00 09 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l640_l9 (1 3 36 3 3 1 2 640 9) -OID = 06 09 2B 24 03 03 01 02 86 00 09 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l768_l9 (1 3 36 3 3 1 2 768 9) -OID = 06 09 2B 24 03 03 01 02 87 00 09 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l896_l9 (1 3 36 3 3 1 2 896 9) -OID = 06 09 2B 24 03 03 01 02 88 00 09 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l1024_l9 (1 3 36 3 3 1 2 1024 9) -OID = 06 09 2B 24 03 03 01 02 84 00 11 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l512_l11 (1 3 36 3 3 1 2 512 11) -OID = 06 09 2B 24 03 03 01 02 85 00 11 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l640_l11 (1 3 36 3 3 1 2 640 11) -OID = 06 09 2B 24 03 03 01 02 86 00 11 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l768_l11 (1 3 36 3 3 1 2 768 11) -OID = 06 09 2B 24 03 03 01 02 87 00 11 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l896_l11 (1 3 36 3 3 1 2 896 11) -OID = 06 09 2B 24 03 03 01 02 88 00 11 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithripemd160_l1024_l11 (1 3 36 3 3 1 2 1024 11) - -OID = 06 06 2B 24 03 03 01 03 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithrimpemd128 (1 3 36 3 3 1 3) - -OID = 06 06 2B 24 03 03 01 04 -Comment = Teletrust signature algorithm -Description = rsaSignatureWithrimpemd256 (1 3 36 3 3 1 4) - -OID = 06 05 2B 24 03 03 02 -Comment = Teletrust signature algorithm -Description = ecsieSign (1 3 36 3 3 2) - -OID = 06 06 2B 24 03 03 02 01 -Comment = Teletrust signature algorithm -Description = ecsieSignWithsha1 (1 3 36 3 3 2 1) - -OID = 06 06 2B 24 03 03 02 02 -Comment = Teletrust signature algorithm -Description = ecsieSignWithripemd160 (1 3 36 3 3 2 2) - -OID = 06 06 2B 24 03 03 02 03 -Comment = Teletrust signature algorithm -Description = ecsieSignWithmd2 (1 3 36 3 3 2 3) - -OID = 06 06 2B 24 03 03 02 04 -Comment = Teletrust signature algorithm -Description = ecsieSignWithmd5 (1 3 36 3 3 2 4) - -OID = 06 04 2B 24 03 04 -Comment = Teletrust algorithm -Description = signatureScheme (1 3 36 3 4) - -OID = 06 05 2B 24 03 04 01 -Comment = Teletrust signature scheme -Description = sigS_ISO9796-1 (1 3 36 3 4 1) - -OID = 06 05 2B 24 03 04 02 -Comment = Teletrust signature scheme -Description = sigS_ISO9796-2 (1 3 36 3 4 2) - -OID = 06 05 2B 24 03 04 02 01 -Comment = Teletrust signature scheme. Unsure what this is supposed to be -Description = sigS_ISO9796-2Withred (1 3 36 3 4 2 1) - -OID = 06 06 2B 24 03 04 02 02 -Comment = Teletrust signature scheme. Unsure what this is supposed to be -Description = sigS_ISO9796-2Withrsa (1 3 36 3 4 2 2) - -OID = 06 06 2B 24 03 04 02 03 -Comment = Teletrust signature scheme. 9796-2 with random number in padding field -Description = sigS_ISO9796-2Withrnd (1 3 36 3 4 2 3) - -OID = 06 03 2B 24 04 -Comment = Teletrust attribute -Description = attribute (1 3 36 4) - -OID = 06 03 2B 24 05 -Comment = Teletrust policy -Description = policy (1 3 36 5) - -OID = 06 03 2B 24 06 -Comment = Teletrust API -Description = api (1 3 36 6) - -OID = 06 04 2B 24 06 01 -Comment = Teletrust API -Description = manufacturer-specific_api (1 3 36 6 1) - -OID = 06 05 2B 24 06 01 01 -Comment = Teletrust API -Description = utimaco-api (1 3 36 6 1 1) - -OID = 06 04 2B 24 06 02 -Comment = Teletrust API -Description = functionality-specific_api (1 3 36 6 2) - -OID = 06 03 2B 24 07 -Comment = Teletrust key management -Description = keymgmnt (1 3 36 7) - -OID = 06 04 2B 24 07 01 -Comment = Teletrust key management -Description = keyagree (1 3 36 7 1) - -OID = 06 05 2B 24 07 01 01 -Comment = Teletrust key management -Description = bsiPKE (1 3 36 7 1 1) - -OID = 06 04 2B 24 07 02 -Comment = Teletrust key management -Description = keytrans (1 3 36 7 2) - -OID = 06 04 2B 24 07 02 01 -Comment = Teletrust key management. 9796-2 with key stored in hash field -Description = encISO9796-2Withrsa (1 3 36 7 2 1) - -# Thawte - -OID = 06 04 2B 65 01 04 -Comment = Thawte -Description = thawte-ce (1 3 101 1 4) - -OID = 06 05 2B 65 01 04 01 -Comment = Thawte certificate extension -Description = strongExtranet (1 3 101 1 4 1) - -# X.520 - -OID = 06 03 55 04 00 -Comment = X.520 id-at (2 5 4) -Description = objectClass (2 5 4 0) - -OID = 06 03 55 04 01 -Comment = X.520 id-at (2 5 4) -Description = aliasedEntryName (2 5 4 1) - -OID = 06 03 55 04 02 -Comment = X.520 id-at (2 5 4) -Description = knowledgeInformation (2 5 4 2) - -OID = 06 03 55 04 03 -Comment = X.520 id-at (2 5 4) -Description = commonName (2 5 4 3) - -OID = 06 03 55 04 04 -Comment = X.520 id-at (2 5 4) -Description = surname (2 5 4 4) - -OID = 06 03 55 04 05 -Comment = X.520 id-at (2 5 4) -Description = serialNumber (2 5 4 5) - -OID = 06 03 55 04 06 -Comment = X.520 id-at (2 5 4) -Description = countryName (2 5 4 6) - -OID = 06 03 55 04 07 -Comment = X.520 id-at (2 5 4) -Description = localityName (2 5 4 7) - -OID = 06 04 55 04 07 01 -Comment = X.520 id-at (2 5 4) -Description = collectiveLocalityName (2 5 4 7 1) - -OID = 06 03 55 04 08 -Comment = X.520 id-at (2 5 4) -Description = stateOrProvinceName (2 5 4 8) - -OID = 06 04 55 04 08 01 -Comment = X.520 id-at (2 5 4) -Description = collectiveStateOrProvinceName (2 5 4 8 1) - -OID = 06 03 55 04 09 -Comment = X.520 id-at (2 5 4) -Description = streetAddress (2 5 4 9) - -OID = 06 04 55 04 09 01 -Comment = X.520 id-at (2 5 4) -Description = collectiveStreetAddress (2 5 4 9 1) - -OID = 06 03 55 04 0A -Comment = X.520 id-at (2 5 4) -Description = organizationName (2 5 4 10) - -OID = 06 04 55 04 0A 01 -Comment = X.520 id-at (2 5 4) -Description = collectiveOrganizationName (2 5 4 10 1) - -OID = 06 03 55 04 0B -Comment = X.520 id-at (2 5 4) -Description = organizationalUnitName (2 5 4 11) - -OID = 06 04 55 04 0B 01 -Comment = X.520 id-at (2 5 4) -Description = collectiveOrganizationalUnitName (2 5 4 11 1) - -OID = 06 03 55 04 0C -Comment = X.520 id-at (2 5 4) -Description = title (2 5 4 12) - -OID = 06 03 55 04 0D -Comment = X.520 id-at (2 5 4) -Description = description (2 5 4 13) - -OID = 06 03 55 04 0E -Comment = X.520 id-at (2 5 4) -Description = searchGuide (2 5 4 14) - -OID = 06 03 55 04 0F -Comment = X.520 id-at (2 5 4) -Description = businessCategory (2 5 4 15) - -OID = 06 03 55 04 10 -Comment = X.520 id-at (2 5 4) -Description = postalAddress (2 5 4 16) - -OID = 06 04 55 04 10 01 -Comment = X.520 id-at (2 5 4) -Description = collectivePostalAddress (2 5 4 16 1) - -OID = 06 03 55 04 11 -Comment = X.520 id-at (2 5 4) -Description = postalCode (2 5 4 17) - -OID = 06 04 55 04 11 01 -Comment = X.520 id-at (2 5 4) -Description = collectivePostalCode (2 5 4 17 1) - -OID = 06 03 55 04 12 -Comment = X.520 id-at (2 5 4) -Description = postOfficeBox (2 5 4 18) - -OID = 06 04 55 04 12 01 -Comment = X.520 id-at (2 5 4) -Description = collectivePostOfficeBox (2 5 4 18 1) - -OID = 06 03 55 04 13 -Comment = X.520 id-at (2 5 4) -Description = physicalDeliveryOfficeName (2 5 4 19) - -OID = 06 04 55 04 13 01 -Comment = X.520 id-at (2 5 4) -Description = collectivePhysicalDeliveryOfficeName (2 5 4 19 1) - -OID = 06 03 55 04 14 -Comment = X.520 id-at (2 5 4) -Description = telephoneNumber (2 5 4 20) - -OID = 06 04 55 04 14 01 -Comment = X.520 id-at (2 5 4) -Description = collectiveTelephoneNumber (2 5 4 20 1) - -OID = 06 03 55 04 15 -Comment = X.520 id-at (2 5 4) -Description = telexNumber (2 5 4 21) - -OID = 06 04 55 04 15 01 -Comment = X.520 id-at (2 5 4) -Description = collectiveTelexNumber (2 5 4 21 1) - -OID = 06 03 55 04 16 -Comment = X.520 id-at (2 5 4) -Description = teletexTerminalIdentifier (2 5 4 22) - -OID = 06 04 55 04 16 01 -Comment = X.520 id-at (2 5 4) -Description = collectiveTeletexTerminalIdentifier (2 5 4 22 1) - -OID = 06 03 55 04 17 -Comment = X.520 id-at (2 5 4) -Description = facsimileTelephoneNumber (2 5 4 23) - -OID = 06 04 55 04 17 01 -Comment = X.520 id-at (2 5 4) -Description = collectiveFacsimileTelephoneNumber (2 5 4 23 1) - -OID = 06 03 55 04 18 -Comment = X.520 id-at (2 5 4) -Description = x121Address (2 5 4 24) - -OID = 06 03 55 04 19 -Comment = X.520 id-at (2 5 4) -Description = internationalISDNNumber (2 5 4 25) - -OID = 06 04 55 04 19 01 -Comment = X.520 id-at (2 5 4) -Description = collectiveInternationalISDNNumber (2 5 4 25 1) - -OID = 06 03 55 04 1A -Comment = X.520 id-at (2 5 4) -Description = registeredAddress (2 5 4 26) - -OID = 06 03 55 04 1B -Comment = X.520 id-at (2 5 4) -Description = destinationIndicator (2 5 4 27) - -OID = 06 03 55 04 1C -Comment = X.520 id-at (2 5 4) -Description = preferredDeliveryMehtod (2 5 4 28) - -OID = 06 03 55 04 1D -Comment = X.520 id-at (2 5 4) -Description = presentationAddress (2 5 4 29) - -OID = 06 03 55 04 1E -Comment = X.520 id-at (2 5 4) -Description = supportedApplicationContext (2 5 4 30) - -OID = 06 03 55 04 1F -Comment = X.520 id-at (2 5 4) -Description = member (2 5 4 31) - -OID = 06 03 55 04 20 -Comment = X.520 id-at (2 5 4) -Description = owner (2 5 4 32) - -OID = 06 03 55 04 21 -Comment = X.520 id-at (2 5 4) -Description = roleOccupant (2 5 4 33) - -OID = 06 03 55 04 22 -Comment = X.520 id-at (2 5 4) -Description = seeAlso (2 5 4 34) - -OID = 06 03 55 04 23 -Comment = X.520 id-at (2 5 4) -Description = userPassword (2 5 4 35) - -OID = 06 03 55 04 24 -Comment = X.520 id-at (2 5 4) -Description = userCertificate (2 5 4 36) - -OID = 06 03 55 04 25 -Comment = X.520 id-at (2 5 4) -Description = caCertificate (2 5 4 37) - -OID = 06 03 55 04 26 -Comment = X.520 id-at (2 5 4) -Description = authorityRevocationList (2 5 4 38) - -OID = 06 03 55 04 27 -Comment = X.520 id-at (2 5 4) -Description = certificateRevocationList (2 5 4 39) - -OID = 06 03 55 04 28 -Comment = X.520 id-at (2 5 4) -Description = crossCertificatePair (2 5 4 40) - -OID = 06 03 55 04 29 -Comment = X.520 id-at (2 5 4) -Description = name (2 5 4 41) - -OID = 06 03 55 04 2A -Comment = X.520 id-at (2 5 4) -Description = givenName (2 5 4 42) - -OID = 06 03 55 04 2B -Comment = X.520 id-at (2 5 4) -Description = initials (2 5 4 43) - -OID = 06 03 55 04 2C -Comment = X.520 id-at (2 5 4) -Description = generationQualifier (2 5 4 44) - -OID = 06 03 55 04 2D -Comment = X.520 id-at (2 5 4) -Description = uniqueIdentifier (2 5 4 45) - -OID = 06 03 55 04 2E -Comment = X.520 id-at (2 5 4) -Description = dnQualifier (2 5 4 46) - -OID = 06 03 55 04 2F -Comment = X.520 id-at (2 5 4) -Description = enhancedSearchGuide (2 5 4 47) - -OID = 06 03 55 04 30 -Comment = X.520 id-at (2 5 4) -Description = protocolInformation (2 5 4 48) - -OID = 06 03 55 04 31 -Comment = X.520 id-at (2 5 4) -Description = distinguishedName (2 5 4 49) - -OID = 06 03 55 04 32 -Comment = X.520 id-at (2 5 4) -Description = uniqueMember (2 5 4 50) - -OID = 06 03 55 04 33 -Comment = X.520 id-at (2 5 4) -Description = houseIdentifier (2 5 4 51) - -OID = 06 03 55 04 34 -Comment = X.520 id-at (2 5 4) -Description = supportedAlgorithms (2 5 4 52) - -OID = 06 03 55 04 35 -Comment = X.520 id-at (2 5 4) -Description = deltaRevocationList (2 5 4 53) - -OID = 06 03 55 04 3A -Comment = X.520 id-at (2 5 4) -Description = crossCertificatePair (2 5 4 58) - -# X500 algorithms - -OID = 06 02 55 08 -Description = X.500-Algorithms (2 5 8) - -OID = 06 03 55 08 01 -Description = X.500-Alg-Encryption (2 5 8 1) - -OID = 06 04 55 08 01 01 -Comment = X.500 algorithms. Ambiguous, since no padding rules specified -Description = rsa (2 5 8 1 1) -Warning - -# X.509. Some of the smaller values are from early X.509 drafts with -# cross-pollination from X9.55 and are now deprecated. Alternative OIDs are -# marked if these are known. In some cases there are multiple generations of -# superseded OIDs - -OID = 06 03 55 1D 01 -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 35) instead -Description = authorityKeyIdentifier (2 5 29 1) -Warning - -OID = 06 03 55 1D 02 -Comment = X.509 id-ce (2 5 29). Obsolete, use keyUsage/extKeyUsage instead -Description = keyAttributes (2 5 29 2) -Warning - -OID = 06 03 55 1D 03 -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 32) instead -Description = certificatePolicies (2 5 29 3) -Warning - -OID = 06 03 55 1D 04 -Comment = X.509 id-ce (2 5 29). Obsolete, use keyUsage/extKeyUsage instead -Description = keyUsageRestriction (2 5 29 4) -Warning - -OID = 06 03 55 1D 05 -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 33) instead -Description = policyMapping (2 5 29 5) -Warning - -OID = 06 03 55 1D 06 -Comment = X.509 id-ce (2 5 29). Obsolete, use nameConstraints instead -Description = subtreesConstraint (2 5 29 6) -Warning - -OID = 06 03 55 1D 07 -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 17) instead -Description = subjectAltName (2 5 29 7) -Warning - -OID = 06 03 55 1D 08 -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 18) instead -Description = issuerAltName (2 5 29 8) -Warning - -OID = 06 03 55 1D 09 -Comment = X.509 id-ce (2 5 29) -Description = subjectDirectoryAttributes (2 5 29 9) - -OID = 06 03 55 1D 0A -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 19) instead -Description = basicConstraints (2 5 29 10) -Warning - -OID = 06 03 55 1D 0B -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 30) instead -Description = nameConstraints (2 5 29 11) -Warning - -OID = 06 03 55 1D 0C -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 36) instead -Description = policyConstraints (2 5 29 12) -Warning - -OID = 06 03 55 1D 0D -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 19) instead -Description = basicConstraints (2 5 29 13) -Warning - -OID = 06 03 55 1D 0E -Comment = X.509 id-ce (2 5 29) -Description = subjectKeyIdentifier (2 5 29 14) - -OID = 06 03 55 1D 0F -Comment = X.509 id-ce (2 5 29) -Description = keyUsage (2 5 29 15) - -OID = 06 03 55 1D 10 -Comment = X.509 id-ce (2 5 29) -Description = privateKeyUsagePeriod (2 5 29 16) - -OID = 06 03 55 1D 11 -Comment = X.509 id-ce (2 5 29) -Description = subjectAltName (2 5 29 17) - -OID = 06 03 55 1D 12 -Comment = X.509 id-ce (2 5 29) -Description = issuerAltName (2 5 29 18) - -OID = 06 03 55 1D 13 -Comment = X.509 id-ce (2 5 29) -Description = basicConstraints (2 5 29 19) - -OID = 06 03 55 1D 14 -Comment = X.509 id-ce (2 5 29) -Description = cRLNumber (2 5 29 20) - -OID = 06 03 55 1D 15 -Comment = X.509 id-ce (2 5 29) -Description = cRLReason (2 5 29 21) - -OID = 06 03 55 1D 16 -Comment = X.509 id-ce (2 5 29). Deprecated, alternative OID uncertain -Description = expirationDate (2 5 29 22) -Warning - -OID = 06 03 55 1D 17 -Comment = X.509 id-ce (2 5 29) -Description = instructionCode (2 5 29 23) - -OID = 06 03 55 1D 18 -Comment = X.509 id-ce (2 5 29) -Description = invalidityDate (2 5 29 24) - -OID = 06 03 55 1D 19 -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 31) instead -Description = cRLDistributionPoints (2 5 29 25) deprecated -Warning - -OID = 06 03 55 1D 1A -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 28) instead -Description = issuingDistributionPoint (2 5 29 26) -Warning - -OID = 06 03 55 1D 1B -Comment = X.509 id-ce (2 5 29) -Description = deltaCRLIndicator (2 5 29 27) - -OID = 06 03 55 1D 1C -Comment = X.509 id-ce (2 5 29) -Description = issuingDistributionPoint (2 5 29 28) - -OID = 06 03 55 1D 1D -Comment = X.509 id-ce (2 5 29) -Description = certificateIssuer (2 5 29 29) - -OID = 06 03 55 1D 1E -Comment = X.509 id-ce (2 5 29) -Description = nameConstraints (2 5 29 30) - -OID = 06 03 55 1D 1F -Comment = X.509 id-ce (2 5 29) -Description = cRLDistributionPoints (2 5 29 31) - -OID = 06 03 55 1D 20 -Comment = X.509 id-ce (2 5 29) -Description = certificatePolicies (2 5 29 32) - -OID = 06 03 55 1D 21 -Comment = X.509 id-ce (2 5 29) -Description = policyMappings (2 5 29 33) - -OID = 06 03 55 1D 22 -Comment = X.509 id-ce (2 5 29). Deprecated, use (2 5 29 36) instead -Description = policyConstraints (2 5 29 34) -Warning - -OID = 06 03 55 1D 23 -Comment = X.509 id-ce (2 5 29) -Description = authorityKeyIdentifier (2 5 29 35) - -OID = 06 03 55 1D 24 -Comment = X.509 id-ce (2 5 29) -Description = policyConstraints (2 5 29 36) - -OID = 06 03 55 1D 25 -Comment = X.509 id-ce (2 5 29) -Description = extKeyUsage (2 5 29 37) - -OID = 06 04 55 1D 25 00 -Comment = X.509 id-ce (2 5 29) -Description = anyExtendedKeyUsage (2 5 29 37 0) - - -# DMS-SDN-702 - -OID = 06 09 60 86 48 01 65 02 01 01 01 -Comment = DMS-SDN-702 -Description = sdnsSignatureAlgorithm (2 16 840 1 101 2 1 1 1) - -OID = 06 09 60 86 48 01 65 02 01 01 02 -Comment = DMS-SDN-702. Formerly known as mosaicSignatureAlgorithm, this OID is better known as dsaWithSHA-1. -Description = fortezzaSignatureAlgorithm (2 16 840 1 101 2 1 1 2) - -OID = 06 09 60 86 48 01 65 02 01 01 03 -Comment = DMS-SDN-702 -Description = sdnsConfidentialityAlgorithm (2 16 840 1 101 2 1 1 3) - -OID = 06 09 60 86 48 01 65 02 01 01 04 -Comment = DMS-SDN-702. Formerly known as mosaicConfidentialityAlgorithm -Description = fortezzaConfidentialityAlgorithm (2 16 840 1 101 2 1 1 4) - -OID = 06 09 60 86 48 01 65 02 01 01 05 -Comment = DMS-SDN-702 -Description = sdnsIntegrityAlgorithm (2 16 840 1 101 2 1 1 5) - -OID = 06 09 60 86 48 01 65 02 01 01 06 -Comment = DMS-SDN-702. Formerly known as mosaicIntegrityAlgorithm -Description = fortezzaIntegrityAlgorithm (2 16 840 1 101 2 1 1 6) - -OID = 06 09 60 86 48 01 65 02 01 01 07 -Comment = DMS-SDN-702 -Description = sdnsTokenProtectionAlgorithm (2 16 840 1 101 2 1 1 7) - -OID = 06 09 60 86 48 01 65 02 01 01 08 -Comment = DMS-SDN-702. Formerly know as mosaicTokenProtectionAlgorithm -Description = fortezzaTokenProtectionAlgorithm (2 16 840 1 101 2 1 1 8) - -OID = 06 09 60 86 48 01 65 02 01 01 09 -Comment = DMS-SDN-702 -Description = sdnsKeyManagementAlgorithm (2 16 840 1 101 2 1 1 9) - -OID = 06 09 60 86 48 01 65 02 01 01 0A -Comment = DMS-SDN-702. Formerly known as mosaicKeyManagementAlgorithm -Description = fortezzaKeyManagementAlgorithm (2 16 840 1 101 2 1 1 10) - -OID = 06 09 60 86 48 01 65 02 01 01 0B -Comment = DMS-SDN-702 -Description = sdnsKMandSigAlgorithm (2 16 840 1 101 2 1 1 11) - -OID = 06 09 60 86 48 01 65 02 01 01 0C -Comment = DMS-SDN-702. Formerly known as mosaicKMandSigAlgorithm -Description = fortezzaKMandSigAlgorithm (2 16 840 1 101 2 1 1 12) - -OID = 06 09 60 86 48 01 65 02 01 01 0D -Comment = DMS-SDN-702 -Description = SuiteASignatureAlgorithm (2 16 840 1 101 2 1 1 13) - -OID = 06 09 60 86 48 01 65 02 01 01 0E -Comment = DMS-SDN-702 -Description = SuiteAConfidentialityAlgorithm (2 16 840 1 101 2 1 1 14) - -OID = 06 09 60 86 48 01 65 02 01 01 0F -Comment = DMS-SDN-702 -Description = SuiteAIntegrityAlgorithm (2 16 840 1 101 2 1 1 15) - -OID = 06 09 60 86 48 01 65 02 01 01 10 -Comment = DMS-SDN-702 -Description = SuiteATokenProtectionAlgorithm (2 16 840 1 101 2 1 1 16) - -OID = 06 09 60 86 48 01 65 02 01 01 11 -Comment = DMS-SDN-702 -Description = SuiteAKeyManagementAlgorithm (2 16 840 1 101 2 1 1 17) - -OID = 06 09 60 86 48 01 65 02 01 01 12 -Comment = DMS-SDN-702 -Description = SuiteAKMandSigAlgorithm (2 16 840 1 101 2 1 1 18) - -OID = 06 09 60 86 48 01 65 02 01 01 13 -Comment = DMS-SDN-702. Formerly known as mosaicUpdatedSigAlgorithm -Description = fortezzaUpdatedSigAlgorithm (2 16 840 1 101 2 1 1 19) - -OID = 06 09 60 86 48 01 65 02 01 01 14 -Comment = DMS-SDN-702. Formerly known as mosaicKMandUpdSigAlgorithms -Description = fortezzaKMandUpdSigAlgorithms (2 16 840 1 101 2 1 1 20) - -OID = 06 09 60 86 48 01 65 02 01 01 15 -Comment = DMS-SDN-702. Formerly known as mosaicUpdatedIntegAlgorithm -Description = fortezzaUpdatedIntegAlgorithm (2 16 840 1 101 2 1 1 21) - -OID = 06 09 60 86 48 01 65 02 01 01 16 -Comment = DMS-SDN-702. Formerly known as mosaicKeyEncryptionAlgorithm -Description = keyExchangeAlgorithm (2 16 840 1 101 2 1 1 22) - -# CSOR (GAK-FIPS) - -OID = 06 07 60 86 48 01 65 03 01 -Comment = CSOR GAK -Description = slabel (2 16 840 1 101 3 1) -Warning - -OID = 06 07 60 86 48 01 65 03 02 -Comment = CSOR GAK -Description = pki (2 16 840 1 101 3 2) -Warning - -OID = 06 08 60 86 48 01 65 03 02 01 -Comment = CSOR GAK policy -Description = GAK policyIdentifier (2 16 840 1 101 3 2 1) -Warning - -OID = 06 08 60 86 48 01 65 03 02 02 -Comment = CSOR GAK extended key usage -Description = GAK (2 16 840 1 101 3 2 2) -Warning - -OID = 06 09 60 86 48 01 65 03 02 02 01 -Comment = CSOR GAK extended key usage -Description = kRAKey (2 16 840 1 101 3 2 2 1) -Warning - -OID = 06 08 60 86 48 01 65 03 02 03 -Comment = CSOR GAK extensions -Description = extensions (2 16 840 1 101 3 2 3) -Warning - -OID = 06 09 60 86 48 01 65 03 02 03 01 -Comment = CSOR GAK extensions -Description = kRTechnique (2 16 840 1 101 3 2 3 1) -Warning - -OID = 06 09 60 86 48 01 65 03 02 03 02 -Comment = CSOR GAK extensions -Description = kRecoveryCapable (2 16 840 1 101 3 2 3 2) -Warning - -OID = 06 09 60 86 48 01 65 03 02 03 03 -Comment = CSOR GAK extensions -Description = kR (2 16 840 1 101 3 2 3 3) -Warning - -OID = 06 08 60 86 48 01 65 03 02 04 -Comment = CSOR GAK -Description = keyrecoveryschemes (2 16 840 1 101 3 2 4) -Warning - -OID = 06 08 60 86 48 01 65 03 02 05 -Comment = CSOR GAK -Description = krapola (2 16 840 1 101 3 2 5) -Warning - -OID = 06 07 60 86 48 01 65 03 03 -Comment = CSOR GAK -Description = arpa (2 16 840 1 101 3 3) -Warning - -# Novell - -OID = 06 09 60 86 48 01 86 F8 37 01 09 -Comment = Novell -Description = pki (2 16 840 1 113719 1 9) - -OID = 06 0A 60 86 48 01 86 F8 37 01 09 04 -Comment = Novell PKI -Description = pkiAttributeType (2 16 840 1 113719 1 9 4) - -OID = 06 0B 60 86 48 01 86 F8 37 01 09 04 01 -Comment = Novell PKI attribute type -Description = registeredAttributes (2 16 840 1 113719 1 9 4 1) - -OID = 06 0B 60 86 48 01 86 F8 37 01 09 04 02 -Comment = Novell PKI attribute type -Description = relianceLimit (2 16 840 1 113719 1 9 4 2) - -# Netscape - -OID = 06 08 60 86 48 01 86 F8 42 01 -Comment = Netscape -Description = cert-extension (2 16 840 1 113730 1) - -OID = 06 09 60 86 48 01 86 F8 42 01 01 -Comment = Netscape certificate extension -Description = netscape-cert-type (2 16 840 1 113730 1 1) - -OID = 06 09 60 86 48 01 86 F8 42 01 02 -Comment = Netscape certificate extension -Description = netscape-base-url (2 16 840 1 113730 1 2) - -OID = 06 09 60 86 48 01 86 F8 42 01 03 -Comment = Netscape certificate extension -Description = netscape-revocation-url (2 16 840 1 113730 1 3) - -OID = 06 09 60 86 48 01 86 F8 42 01 04 -Comment = Netscape certificate extension -Description = netscape-ca-revocation-url (2 16 840 1 113730 1 4) - -OID = 06 09 60 86 48 01 86 F8 42 02 05 -Comment = Netscape certificate extension -Description = netscape-cert-sequence (2 16 840 1 113730 2 5) - -OID = 06 09 60 86 48 01 86 F8 42 02 06 -Comment = Netscape certificate extension -Description = netscape-cert-url (2 16 840 1 113730 2 6) - -OID = 06 09 60 86 48 01 86 F8 42 01 07 -Comment = Netscape certificate extension -Description = netscape-cert-renewal-url (2 16 840 1 113730 1 7) - -OID = 06 09 60 86 48 01 86 F8 42 01 08 -Comment = Netscape certificate extension -Description = netscape-ca-policy-url (2 16 840 1 113730 1 8) - -OID = 06 09 60 86 48 01 86 F8 42 01 09 -Comment = Netscape certificate extension -Description = HomePage-url (2 16 840 1 113730 1 9) - -OID = 06 09 60 86 48 01 86 F8 42 01 0A -Comment = Netscape certificate extension -Description = EntityLogo (2 16 840 1 113730 1 10) - -OID = 06 09 60 86 48 01 86 F8 42 01 0B -Comment = Netscape certificate extension -Description = UserPicture (2 16 840 1 113730 1 11) - -OID = 06 09 60 86 48 01 86 F8 42 01 0C -Comment = Netscape certificate extension -Description = netscape-ssl-server-name (2 16 840 1 113730 1 12) - -OID = 06 09 60 86 48 01 86 F8 42 01 0D -Comment = Netscape certificate extension -Description = netscape-comment (2 16 840 1 113730 1 13) - -OID = 06 08 60 86 48 01 86 F8 42 02 -Comment = Netscape -Description = data-type (2 16 840 1 113730 2) - -OID = 06 09 60 86 48 01 86 F8 42 02 01 -Comment = Netscape data type -Description = GIF (2 16 840 1 113730 2 1) - -OID = 06 09 60 86 48 01 86 F8 42 02 02 -Comment = Netscape data type -Description = JPEG (2 16 840 1 113730 2 2) - -OID = 06 09 60 86 48 01 86 F8 42 02 03 -Comment = Netscape data type -Description = URL (2 16 840 1 113730 2 3) - -OID = 06 09 60 86 48 01 86 F8 42 02 04 -Comment = Netscape data type -Description = HTML (2 16 840 1 113730 2 4) - -OID = 06 09 60 86 48 01 86 F8 42 02 05 -Comment = Netscape data type -Description = CertSeq (2 16 840 1 113730 2 5) - -OID = 06 08 60 86 48 01 86 F8 42 03 -Comment = Netscape -Description = directory (2 16 840 1 113730 3) - -OID = 06 09 60 86 48 01 86 F8 42 03 01 -Comment = Netscape directory -Description = ldapDefinitions (2 16 840 1 113730 3 1) - -OID = 06 0A 60 86 48 01 86 F8 42 03 01 01 -Comment = Netscape LDAP definitions -Description = carLicense (2 16 840 1 113730 3 1 1) - -OID = 06 0A 60 86 48 01 86 F8 42 03 01 02 -Comment = Netscape LDAP definitions -Description = departmentNumber (2 16 840 1 113730 3 1 2) - -OID = 06 0A 60 86 48 01 86 F8 42 03 01 03 -Comment = Netscape LDAP definitions -Description = employeeNumber (2 16 840 1 113730 3 1 3) - -OID = 06 0A 60 86 48 01 86 F8 42 03 01 04 -Comment = Netscape LDAP definitions -Description = employeeType (2 16 840 1 113730 3 1 4) - -OID = 06 0A 60 86 48 01 86 F8 42 03 02 02 -Comment = Netscape LDAP definitions -Description = inetOrgPerson (2 16 840 1 113730 3 2 2) - -OID = 06 09 60 86 48 01 86 F8 42 04 01 -Comment = Netscape -Description = serverGatedCrypto (2 16 840 1 113730 4 1) - -# Verisign - -OID = 06 0A 60 86 48 01 86 F8 45 01 06 03 -Comment = Verisign -Description = Unknown Verisign extension (2 16 840 1 113733 1 6 3) - -OID = 06 0A 60 86 48 01 86 F8 45 01 06 06 -Comment = Verisign -Description = Unknown Verisign extension (2 16 840 1 113733 1 6 6) - -OID = 06 0B 60 86 48 01 86 F8 45 01 07 01 01 -Comment = Verisign -Description = Verisign certificatePolicy (2 16 840 1 113733 1 7 1 1) - -OID = 06 0C 60 86 48 01 86 F8 45 01 07 01 01 01 -Comment = Verisign -Description = Unknown Verisign policy qualifier (2 16 840 1 113733 1 7 1 1 1) - -OID = 06 0C 60 86 48 01 86 F8 45 01 07 01 01 02 -Comment = Verisign -Description = Unknown Verisign policy qualifier (2 16 840 1 113733 1 7 1 1 2) - -OID = 06 0A 60 86 48 01 86 F8 45 01 08 01 -Comment = Verisign -Description = Verisign SGC CA? (2 16 840 1 113733 1 8 1) - -# SET - -OID = 06 03 67 2A 00 -Comment = SET -Description = contentType (2 23 42 0) - -OID = 06 04 67 2A 00 00 -Comment = SET contentType -Description = PANData (2 23 42 0 0) - -OID = 06 04 67 2A 00 01 -Comment = SET contentType -Description = PANToken (2 23 42 0 1) - -OID = 06 04 67 2A 00 02 -Comment = SET contentType -Description = PANOnly (2 23 42 0 2) - -# And on and on and on for another 80-odd OIDs which I'm not going to type in - -OID = 06 03 67 2A 01 -Comment = SET -Description = msgExt (2 23 42 1) - -OID = 06 03 67 2A 02 -Comment = SET -Description = field (2 23 42 2) - -OID = 06 04 67 2A 02 00 -Comment = SET field -Description = fullName (2 23 42 2 0) - -OID = 06 04 67 2A 02 01 -Comment = SET field -Description = givenName (2 23 42 2 1) - -OID = 06 04 67 2A 02 02 -Comment = SET field -Description = familyName (2 23 42 2 2) - -OID = 06 04 67 2A 02 03 -Comment = SET field -Description = birthFamilyName (2 23 42 2 3) - -OID = 06 04 67 2A 02 04 -Comment = SET field -Description = placeName (2 23 42 2 4) - -OID = 06 04 67 2A 02 05 -Comment = SET field -Description = identificationNumber (2 23 42 2 5) - -OID = 06 04 67 2A 02 06 -Comment = SET field -Description = month (2 23 42 2 6) - -OID = 06 04 67 2A 02 07 -Comment = SET field -Description = date (2 23 42 2 7) - -OID = 06 04 67 2A 02 08 -Comment = SET field -Description = address (2 23 42 2 8) - -OID = 06 04 67 2A 02 09 -Comment = SET field -Description = telephone (2 23 42 2 9) - -OID = 06 04 67 2A 02 0A -Comment = SET field -Description = amount (2 23 42 2 10) - -OID = 06 04 67 2A 02 0B -Comment = SET field -Description = accountNumber (2 23 42 2 7 11) - -OID = 06 04 67 2A 02 0C -Comment = SET field -Description = passPhrase (2 23 42 2 7 12) - -OID = 06 03 67 2A 03 -Comment = SET -Description = attribute (2 23 42 3) - -OID = 06 04 67 2A 03 00 -Comment = SET attribute -Description = cert (2 23 42 3 0) - -OID = 06 05 67 2A 03 00 00 -Comment = SET cert attribute -Description = rootKeyThumb (2 23 42 3 0 0) - -OID = 06 05 67 2A 03 00 01 -Comment = SET cert attribute -Description = additionalPolicy (2 23 42 3 0 1) - -OID = 06 03 67 2A 04 -Comment = SET -Description = algorithm (2 23 42 4) - -OID = 06 03 67 2A 05 -Comment = SET -Description = policy (2 23 42 5) - -OID = 06 04 67 2A 05 00 -Comment = SET policy -Description = root (2 23 42 5 0) - -OID = 06 03 67 2A 06 -Comment = SET -Description = module (2 23 42 6) - -OID = 06 03 67 2A 07 -Comment = SET -Description = certExt (2 23 42 7) - -OID = 06 04 67 2A 07 00 -Comment = SET cert extension -Description = hashedRootKey (2 23 42 7 0) - -OID = 06 04 67 2A 07 01 -Comment = SET cert extension -Description = certificateType (2 23 42 7 1) - -OID = 06 04 67 2A 07 02 -Comment = SET cert extension -Description = merchantData (2 23 42 7 2) - -OID = 06 04 67 2A 07 03 -Comment = SET cert extension -Description = cardCertRequired (2 23 42 7 3) - -OID = 06 04 67 2A 07 04 -Comment = SET cert extension -Description = tunneling (2 23 42 7 4) - -OID = 06 04 67 2A 07 05 -Comment = SET cert extension -Description = setExtensions (2 23 42 7 5) - -OID = 06 04 67 2A 07 06 -Comment = SET cert extension -Description = setQualifier (2 23 42 7 6) - -OID = 06 03 67 2A 08 -Comment = SET -Description = brand (2 23 42 8) - -OID = 06 04 67 2A 08 01 -Comment = SET brand -Description = IATA-ATA (2 23 42 8 1) - -OID = 06 04 67 2A 08 04 -Comment = SET brand -Description = VISA (2 23 42 8 4) - -OID = 06 04 67 2A 08 05 -Comment = SET brand -Description = MasterCard (2 23 42 8 5) - -OID = 06 04 67 2A 08 1E -Comment = SET brand -Description = Diners (2 23 42 8 30) - -OID = 06 04 67 2A 08 22 -Comment = SET brand -Description = AmericanExpress (2 23 42 8 34) - -OID = 06 05 67 2A 08 AE 7B -Comment = SET brand -Description = Novus (2 23 42 8 6011) - -OID = 06 03 67 2A 09 -Comment = SET -Description = vendor (2 23 42 9) - -OID = 06 04 67 2A 09 00 -Comment = SET vendor -Description = GlobeSet (2 23 42 9 0) - -OID = 06 04 67 2A 09 01 -Comment = SET vendor -Description = IBM (2 23 42 9 1) - -OID = 06 04 67 2A 09 02 -Comment = SET vendor -Description = CyberCash (2 23 42 9 2) - -OID = 06 04 67 2A 09 03 -Comment = SET vendor -Description = Terisa (2 23 42 9 3) - -OID = 06 04 67 2A 09 04 -Comment = SET vendor -Description = RSADSI (2 23 42 9 4) - -OID = 06 04 67 2A 09 05 -Comment = SET vendor -Description = VeriFone (2 23 42 9 5) - -OID = 06 04 67 2A 09 06 -Comment = SET vendor -Description = TrinTech (2 23 42 9 6) - -OID = 06 04 67 2A 09 07 -Comment = SET vendor -Description = BankGate (2 23 42 9 7) - -OID = 06 04 67 2A 09 08 -Comment = SET vendor -Description = GTE (2 23 42 9 8) - -OID = 06 04 67 2A 09 09 -Comment = SET vendor -Description = CompuSource (2 23 42 9 9) - -OID = 06 04 67 2A 09 0A -Comment = SET vendor -Description = Griffin (2 23 42 9 10) - -OID = 06 04 67 2A 09 0B -Comment = SET vendor -Description = Certicom (2 23 42 9 11) - -OID = 06 04 67 2A 09 0C -Comment = SET vendor -Description = OSS (2 23 42 9 12) - -OID = 06 04 67 2A 09 0D -Comment = SET vendor -Description = TenthMountain (2 23 42 9 13) - -OID = 06 04 67 2A 09 0E -Comment = SET vendor -Description = Antares (2 23 42 9 14) - -OID = 06 04 67 2A 09 0F -Comment = SET vendor -Description = ECC (2 23 42 9 15) - -OID = 06 04 67 2A 09 10 -Comment = SET vendor -Description = Maithean (2 23 42 9 16) - -OID = 06 04 67 2A 09 11 -Comment = SET vendor -Description = Netscape (2 23 42 9 17) - -OID = 06 04 67 2A 09 12 -Comment = SET vendor -Description = Verisign (2 23 42 9 18) - -OID = 06 04 67 2A 09 13 -Comment = SET vendor -Description = BlueMoney (2 23 42 9 19) - -OID = 06 04 67 2A 09 14 -Comment = SET vendor -Description = Lacerte (2 23 42 9 20) - -OID = 06 04 67 2A 09 15 -Comment = SET vendor -Description = Fujitsu (2 23 42 9 21) - -OID = 06 04 67 2A 09 16 -Comment = SET vendor -Description = eLab (2 23 42 9 22) - -OID = 06 04 67 2A 09 17 -Comment = SET vendor -Description = Entrust (2 23 42 9 23) - -OID = 06 04 67 2A 09 18 -Comment = SET vendor -Description = VIAnet (2 23 42 9 24) - -OID = 06 04 67 2A 09 19 -Comment = SET vendor -Description = III (2 23 42 9 25) - -OID = 06 04 67 2A 09 1A -Comment = SET vendor -Description = OpenMarket (2 23 42 9 26) - -OID = 06 04 67 2A 09 1B -Comment = SET vendor -Description = Lexem (2 23 42 9 27) - -OID = 06 04 67 2A 09 1C -Comment = SET vendor -Description = Intertrader (2 23 42 9 28) - -OID = 06 04 67 2A 09 1D -Comment = SET vendor -Description = Persimmon (2 23 42 9 29) - -OID = 06 04 67 2A 09 1E -Comment = SET vendor -Description = NABLE (2 23 42 9 30) - -OID = 06 04 67 2A 09 1F -Comment = SET vendor -Description = espace-net (2 23 42 9 31) - -OID = 06 04 67 2A 09 20 -Comment = SET vendor -Description = Hitachi (2 23 42 9 32) - -OID = 06 04 67 2A 09 21 -Comment = SET vendor -Description = Microsoft (2 23 42 9 33) - -OID = 06 04 67 2A 09 22 -Comment = SET vendor -Description = NEC (2 23 42 9 34) - -OID = 06 04 67 2A 09 23 -Comment = SET vendor -Description = Mitsubishi (2 23 42 9 35) - -OID = 06 04 67 2A 09 24 -Comment = SET vendor -Description = NCR (2 23 42 9 36) - -OID = 06 04 67 2A 09 25 -Comment = SET vendor -Description = e-COMM (2 23 42 9 37) - -OID = 06 04 67 2A 09 26 -Comment = SET vendor -Description = Gemplus (2 23 42 9 38) - -OID = 06 03 67 2A 0A -Comment = SET -Description = national (2 23 42 10) - -OID = 06 05 67 2A 0A 81 40 -Comment = SET national -Description = Japan (2 23 42 10 192) - -# Draft SET. These were invented for testing in pre-1.0 drafts, but have -# been used nonetheless by implementors - -OID = 06 04 86 8D 6F 02 -Comment = SET. Deprecated, use (2 23 42 7 0) instead -Description = hashedRootKey (2 54 1775 2) -Warning - -OID = 06 04 86 8D 6F 03 -Comment = SET. Deprecated, use (2 23 42 7 0) instead -Description = certificateType (2 54 1775 3) -Warning - -OID = 06 04 86 8D 6F 04 -Comment = SET. Deprecated, use (2 23 42 7 0) instead -Description = merchantData (2 54 1775 4) -Warning - -OID = 06 04 86 8D 6F 05 -Comment = SET. Deprecated, use (2 23 42 7 0) instead -Description = cardCertRequired (2 54 1775 5) -Warning - -OID = 06 04 86 8D 6F 06 -Comment = SET. Deprecated, use (2 23 42 7 0) instead -Description = tunneling (2 54 1775 6) -Warning - -OID = 06 04 86 8D 6F 07 -Comment = SET. Deprecated, use (2 23 42 7 0) instead -Description = setQualifier (2 54 1775 7) -Warning - -OID = 06 04 86 8D 6F 63 -Comment = SET. Deprecated, use (2 23 42 7 0) instead -Description = set-data (2 54 1775 99) -Warning - -# Apple - -OID = 06 06 2A 86 48 86 F7 63 -Comment = Apple Computer, Inc. -Description = apple (1 2 840 113635) - -OID = 6 07 2A 86 48 86 F7 63 64 -Comment = Apple Data Security -Description = appleDataSecurity (1 2 840 113635 100) - -OID = 06 08 2A 86 48 86 F7 63 64 01 -Comment = Apple Trust Policy -Description = appleTrustPolicy (1 2 840 113635 100 1) - -OID = 06 08 2A 86 48 86 F7 63 64 02 -Comment = Apple Security Algorithms -Description = appleSecurityAlgorithm (1 2 840 113635 100 2) - -OID = 06 09 2A 86 48 86 F7 63 64 02 01 -Comment = Apple FEE -Description = fee (1 2 840 113635 100 2 1) - -OID = 06 09 2A 86 48 86 F7 63 64 02 02 -Comment = Apple ASC -Description = asc (1 2 840 113635 100 2 2) - -OID = 06 09 2A 86 48 86 F7 63 64 02 03 -Comment = Apple FEE/MD5 signature -Description = feeMD5 (1 2 840 113635 100 2 3) - -OID = 06 09 2A 86 48 86 F7 63 64 02 04 -Comment = Apple FEE/SHA1 signature -Description = feeSHA1 (1 2 840 113635 100 2 4) - -OID = 06 09 2A 86 48 86 F7 63 64 02 05 -Comment = Apple FEED encryption -Description = appleFeed (1 2 840 113635 100 2 5) - -OID = 06 09 2A 86 48 86 F7 63 64 02 06 -Comment = Apple FEEDExp signature -Description = appleFeedExp (1 2 840 113635 100 2 6) - -OID = 06 09 2A 86 48 86 F7 63 64 02 07 -Comment = Apple FEE/ECDSA signature -Description = feeECDSA (1 2 840 113635 100 2 7) - -OID = 06 08 2A 86 48 86 F7 63 64 03 -Comment = Apple .Mac Certificate arc -Description = appleDotMacCertificate (OID 1 2 840 113635 100 3) - -OID = 06 09 2A 86 48 86 F7 63 64 03 02 -Comment = Apple .Mac Certificate Extension arc -Description = dotMacCertificateExtension (OID 1 2 840 113635 100 3 2) - -OID = 06 0A 2A 86 48 86 F7 63 64 03 02 01 -Comment = Apple .Mac Certificate Identity Extension -Description = dotMacCertExtensionIdentity (OID 1 2 840 113635 100 3 2 1) - -OID = 06 0A 2A 86 48 86 F7 63 64 03 02 02 -Comment = Apple .Mac Certificate Email Sign Extension -Description = dotMacCertExtensionEmailSign (OID 1 2 840 113635 100 3 2 2) - -OID = 06 0A 2A 86 48 86 F7 63 64 03 02 03 -Comment = Apple .Mac Certificate Email Encrypt Extension -Description = dotMacCertExtensionEmailEncrypt (OID 1 2 840 113635 100 3 2 3) - -OID = 06 08 2A 86 48 86 F7 63 64 04 -Comment = Apple Extended Key Usage arc -Description = appleExtendedKeyUsage (OID 1 2 840 113635 100 4) - -OID = 06 09 2A 86 48 86 F7 63 64 04 01 -Comment = Apple Code Signing Extended Key Usage -Description = appleCodeSigning (OID 1 2 840 113635 100 4 1) - -OID = 06 0A 2A 86 48 86 F7 63 64 04 01 02 -Comment = Apple Software Update Signing Extended Key Usage -Description = appleSoftwareUpdateSigning (OID 1 2 840 113635 100 4 1 2) - -OID = 06 0A 2A 86 48 86 F7 63 64 04 01 03 -Comment = Apple Third Party Code Signing Extended Key Usage -Description = appleThirdPartyCodeSigning (OID 1 2 840 113635 100 4 1 3) - -OID = 06 0A 2A 86 48 86 F7 63 64 04 01 04 -Comment = Apple Resource Signing Extended Key Usage -Description = appleResourceSigning (OID 1 2 840 113635 100 4 1 4) - -OID = 06 0A 2A 86 48 86 F7 63 64 04 01 01 -Comment = Apple Code Signing DEVELOPMENT Extended Key Usage -Description = appleCodeSigningDevelopment (OID 1 2 840 113635 100 4 1 1) - -OID = 06 09 2A 86 48 86 F7 63 64 04 02 -Comment = Apple iChat Signing Extended Key Usage -Description = appleiChatSigning (OID 1 2 840 113635 100 4 2) - -OID = 06 09 2A 86 48 86 F7 63 64 04 03 -Comment = Apple Code Signing Extended Key Usage -Description = appleiChatEncryption (OID 1 2 840 113635 100 4 3) - -OID = 06 09 2A 86 48 86 F7 63 64 04 04 -Comment = Apple System Identity Extended Key Usage -Description = appleSystemIdentity (OID 1 2 840 113635 100 4 4) - -OID = 06 08 2A 86 48 86 F7 63 64 05 -Comment = Apple Certificate Policy arc -Description = Apple Certificate Policy arc (OID 1 2 840 113635 100 5) - -OID = 06 09 2A 86 48 86 F7 63 64 05 01 -Comment = Apple Certificate Policy -Description = Apple Certificate Policy (OID 1 2 840 113635 100 5 1) - -OID = 06 09 2A 86 48 86 F7 63 64 05 02 -Comment = Apple .Mac Certificate Policy -Description = Apple .Mac Certificate Policy (OID 1 2 840 113635 100 5 2) - -# Extended key usage -OID = 06 04 55 1D 25 03 -Comment = Code Signing -Description = id-kp-codeSigning (OID 2 5 29 37 3) - -# Intel's CDSA-specific SHA1withECDSA -OID = 06 0B 60 86 48 01 86 F8 4D 02 02 05 51 -Comment = CDSA SHA1 with ECDSA -Description = sha1WithECDSA (OID 2 16 840 1 113741 2 2 5 81) - -# Microsoft Cert Authority Renewal Version -OID = 06 09 2B 06 01 04 01 82 37 15 01 -Comment = Microsoft Cert Authority Renewal Version -Description = certSrv-ca-version (OID 1 3 6 1 4 1 311 21 1) - -# Fictitious US DOD CRL entry extension -OID = 06 09 60 86 48 01 65 02 01 0C 02 -Comment = Fictitious US DOD CRL entry extension -Description = id-test-extension (OID 2 16 840 1 101 2 1 12 2) - -# Microsoft Kerberos -OID = 06 09 2A 86 48 82 F7 12 01 02 02 -Comment = Microsoft SPNEGO/Kerberos -Description = microsoft-kerberos (OID 1 2 840 48018 1 2 2) - -# Kerberos V5 -OID = 06 09 2A 86 48 86 F7 12 01 02 02 -Comment = Kerberos V5 -Description = kerberos-v5 (OID 1 2 840 113554 1 2 2) - -# IANA SPNEGO, RFC 2478 -OID = 06 06 2B 06 01 05 05 02 -Comment = IANA SPNEGO -Description = spnego (OID 1 3 6 1 5 5 2) - -# MIT user-to-user kerberos -OID = 06 0A 2A 86 48 86 F7 12 01 02 02 03 -Comment = MIT User-to-user Kerberos -Description = user-to-user-kerberos (OID 1.2.840.113554.1.2.2.3) - -OID = 06 0A 2B 06 01 04 01 82 37 02 02 0A -Comment = Microsoft NTLMSSP -Description = ntlmssp (OID 1.3.6.1.4.1.311.2.2.10) - -# AES base -OID = 06 08 60 86 48 01 65 03 04 01 -Comment = aes -Description = aes (OID 2 16 840 1 101 3 4 1) - -# AES, 128 bit key -OID = 06 09 60 86 48 01 65 03 04 01 01 -Comment = id-aes128-ECB -Description = id-aes128-ECB (OID 2 16 840 1 101 3 4 1 1) - -OID = 06 09 60 86 48 01 65 03 04 01 02 -Comment = id-aes128-CBC -Description = id-aes128-CBC (OID 2 16 840 1 101 3 4 1 2) - -OID = 06 09 60 86 48 01 65 03 04 01 03 -Comment = id-aes128-OFB -Description = id-aes128-OFB (OID 2 16 840 1 101 3 4 1 3) - -OID = 06 09 60 86 48 01 65 03 04 01 04 -Comment = id-aes128-CFB -Description = id-aes128-CFB (OID 2 16 840 1 101 3 4 1 4) - -# AES, 192 bit key -OID = 06 09 60 86 48 01 65 03 04 01 15 -Comment = id-aes192-ECB -Description = id-aes192-ECB (OID 2 16 840 1 101 3 4 1 21) - -OID = 06 09 60 86 48 01 65 03 04 01 16 -Comment = id-aes192-CBC -Description = id-aes192-CBC (OID 2 16 840 1 101 3 4 1 22) - -OID = 06 09 60 86 48 01 65 03 04 01 17 -Comment = id-aes192-OFB -Description = id-aes192-OFB (OID 2 16 840 1 101 3 4 1 23) - -OID = 06 09 60 86 48 01 65 03 04 01 18 -Comment = id-aes192-CFB -Description = id-aes192-CFB (OID 2 16 840 1 101 3 4 1 24) - -# AES, 256 bit key -OID = 06 09 60 86 48 01 65 03 04 01 29 -Comment = id-aes256-ECB -Description = id-aes256-ECB (OID 2 16 840 1 101 3 4 1 41) - -OID = 06 09 60 86 48 01 65 03 04 01 2A -Comment = id-aes256-CBC -Description = id-aes256-CBC (OID 2 16 840 1 101 3 4 1 42) - -OID = 06 09 60 86 48 01 65 03 04 01 2B -Comment = id-aes256-OFB -Description = id-aes256-OFB (OID 2 16 840 1 101 3 4 1 43) - -OID = 06 09 60 86 48 01 65 03 04 01 2C -Comment = id-aes256-CFB -Description = id-aes256-CFB (OID 2 16 840 1 101 3 4 1 44) - -OID = 06 08 2B 06 01 04 01 82 37 14 -Comment = Microsoft Enrollment Infrastructure -Description = MicrosoftEnrollmentInfrastructure (OID 1 3 6 1 4 1 311 20) - -OID = 06 09 2B 06 01 04 01 82 37 14 01 -Comment = Auto-Enroll CTL Usage -Description = msCtlUsage (OID 1 3 6 1 4 1 311 20 1) - -OID = 06 09 2B 06 01 04 01 82 37 14 02 -Comment = Enrollment Certificate Type -Description = msCertType (OID 1 3 6 1 4 1 311 20 2) - -OID = 06 0A 2B 06 01 04 01 82 37 14 02 01 -Comment = Enrollment Agent -Description = msEnrollmentAgent (OID 1 3 6 1 4 1 311 20 2 1) - -OID = 06 0A 2B 06 01 04 01 82 37 14 02 02 -Comment = Smartcard Logon -Description = msSmartCardLogon (OID 1 3 6 1 4 1 311 20 2 2) - -OID = 06 0A 2B 06 01 04 01 82 37 14 02 03 -Comment = NT Principal Name -Description = NTPrincipalName (OID 1 3 6 1 4 1 311 20 2 3) - -OID = 06 08 2B 06 01 05 05 07 01 03 -Comment = Qualified Certificate Statements -Description = id-pe-qcStatements (OID 1 3 6 1 5 5 7 1 3) - -OID = 06 07 2B 06 01 05 05 07 0B -Comment = Qualified Certificate Statements -Description = id-qcs (OID 1 3 6 1 5 5 7 11) - -# addenda for Qualified Cert Statements - -OID = 06 07 2B 06 01 05 05 07 01 -Comment = Qualified Certificate Statements -Description = id-pe (OID 1 3 6 1 5 5 7 1) - -OID = 06 07 2B 06 01 05 05 07 09 -Comment = Personal Data Attributes -Description = id-pda (OID 1 3 6 1 5 5 7 9) - -OID = 06 08 2B 06 01 05 05 07 09 -Comment = Personal Data Attributes -Description = id-pda-dateOfBirth (OID 1 3 6 1 5 5 7 9 1) - -OID = 06 08 2B 06 01 05 05 07 09 -Comment = Personal Data Attributes -Description = id-pda-placeOfBirth (OID 1 3 6 1 5 5 7 9 2) - -OID = 06 08 2B 06 01 05 05 07 09 -Comment = Personal Data Attributes -Description = id-pda-gender (OID 1 3 6 1 5 5 7 9 3) - -OID = 06 08 2B 06 01 05 05 07 09 -Comment = Personal Data Attributes -Description = id-pda-countryOfCitizenship (OID 1 3 6 1 5 5 7 9 4) - -OID = 06 08 2B 06 01 05 05 07 09 -Comment = Personal Data Attributes -Description = id-pda-countryOfResidence (OID 1 3 6 1 5 5 7 9 5) - -OID = 06 08 2B 06 01 05 05 07 0B 01 -Comment = Qualified Certificate Statement QCSyntax-v1 -Description = id-qcs-pkixQCSyntax-v1 (OID 1 3 6 1 5 5 7 11 1) - -OID = 06 08 2B 06 01 05 05 07 0B 02 -Comment = Qualified Certificate Statement QCSyntax-v2 -Description = id-qcs-pkixQCSyntax-v2 (OID 1 3 6 1 5 5 7 11 2) - -# end Qualified Cert Statements addenda - -OID = 06 06 04 00 8E 46 01 01 -Comment = qcs QcCompliance -Description = id-etsi-qcs-QcCompliance (OID 0 4 0 1862 1 1) - -OID = 06 09 60 86 48 01 65 03 04 02 04 -Comment = SHA224 -Description = id-sha224 (OID 2 16 840 1 101 3 4 2 4 - -OID = 06 09 60 86 48 01 65 03 04 02 01 -Comment = SHA256 -Description = id-sha256 (OID 2 16 840 1 101 3 4 2 1 - -OID = 06 09 60 86 48 01 65 03 04 02 02 -Comment = SHA384 -Description = id-sha384 (OID 2 16 840 1 101 3 4 2 2 - -OID = 06 09 60 86 48 01 65 03 04 02 03 -Comment = SHA512 -Description = id-sha512 (OID 2 16 840 1 101 3 4 2 3 - -OID = 06 09 2A 86 48 86 F7 0D 01 01 0E -Comment = PKCS #1 -Description = sha224WithRSAEncryption (1 2 840 113549 1 1 14) - -OID = 06 09 2A 86 48 86 F7 0D 01 01 0B -Comment = PKCS #1 -Description = sha256WithRSAEncryption (1 2 840 113549 1 1 11) - -OID = 06 09 2A 86 48 86 F7 0D 01 01 0C -Comment = PKCS #1 -Description = sha384WithRSAEncryption (1 2 840 113549 1 1 12) - -OID = 06 09 2A 86 48 86 F7 0D 01 01 0D -Comment = PKCS #1 -Description = sha512WithRSAEncryption (1 2 840 113549 1 1 13) - -OID = 06 09 2A 86 48 86 F7 0D 01 01 06 -Comment = PKCS #1 -Description = rsaEncryptionWithOAEPPaddingSET (1 2 840 113549 1 1 6) - -OID = 06 09 2A 86 48 86 F7 0D 01 01 07 -Comment = PKCS #1 -Description = rsaEncryptionWithOAEPPadding (1 2 840 113549 1 1 7) - -OID = 06 09 2A 86 48 86 F7 0D 01 01 09 -Comment = PKCS #1 -Description = id-pSpecified (1 2 840 113549 1 1 9) - -OID = 06 09 2A 86 48 86 F7 0D 01 01 0A -Comment = PKCS #1 -Description = id-RSASSA-PSS (1 2 840 113549 1 1 10) - -# TP policy OIDS -OID = 06 09 2A 86 48 86 F7 63 64 01 01 -Comment = Apple iSign -Description = iSignTP (1 2 840 113635 100 1 1) - -OID = 06 09 2A 86 48 86 F7 63 64 01 02 -Comment = Apple Basic X509 TP -Description = Apple Basic X509 TP (1 2 840 113635 100 1 2) - -OID = 06 09 2A 86 48 86 F7 63 64 01 03 -Comment = Apple TP -Description = Apple SSL TP (1 2 840 113635 100 1 3) - -OID = 06 09 2A 86 48 86 F7 63 64 01 06 -Comment = Apple TP -Description = Apple CRL TP (1 2 840 113635 100 1 6) - -OID = 06 09 2A 86 48 86 F7 63 64 01 07 -Comment = Apple TP -Description = Apple OCSP TP (1 2 840 113635 100 1 7) - -OID = 06 09 2A 86 48 86 F7 63 64 01 08 -Comment = Apple TP -Description = Apple SMIME TP (1 2 840 113635 100 1 8) - -OID = 06 09 2A 86 48 86 F7 63 64 01 09 -Comment = Apple TP -Description = Apple EAP TP (1 2 840 113635 100 1 9) - -OID = 06 09 2A 86 48 86 F7 63 64 01 0A -Comment = Apple TP -Description = Apple SW Update Signing TP (1 2 840 113635 100 1 10) - -OID = 06 09 2A 86 48 86 F7 63 64 01 0B -Comment = Apple TP -Description = Apple IPSec TP (1 2 840 113635 100 1 11) - -OID = 06 09 2A 86 48 86 F7 63 64 01 0C -Comment = Apple TP -Description = Apple iChat TP (1 2 840 113635 100 1 12) - -OID = 06 09 2A 86 48 86 F7 63 64 01 0D -Comment = Apple TP -Description = Apple Resource Signing TP (1 2 840 113635 100 1 13) - -OID = 06 09 2A 86 48 86 F7 63 64 01 0E -Comment = Apple TP -Description = Apple Kerberos PKINIT Client TP (1 2 840 113635 100 1 14) - -OID = 06 09 2A 86 48 86 F7 63 64 01 0F -Comment = Apple TP -Description = Apple Kerberos PKINIT Server TP (1 2 840 113635 100 1 15) - -OID = 06 09 2A 86 48 86 F7 63 64 01 10 -Comment = Apple TP -Description = Apple Code Signing TP (1 2 840 113635 100 1 16) - -# Kerberos/PKINIT -OID = 06 07 2B 06 01 05 02 03 01 -Comment = Kerberos/PKINIT -Description = id-pkinit-authData (1 3 6 1 5 2 3 1) - -OID = 06 07 2B 06 01 05 02 03 02 -Comment = Kerberos/PKINIT -Description = id-pkinit-DHKeyData (1 3 6 1 5 2 3 2) - -OID = 06 07 2B 06 01 05 02 03 03 -Comment = Kerberos/PKINIT -Description = id-pkinit-rkeyData (1 3 6 1 5 2 3 3) - -OID = 06 07 2B 06 01 05 02 03 04 -Comment = Kerberos/PKINIT -Description = id-pkinit-KPClientAuth (1 3 6 1 5 2 3 4) - -OID = 06 07 2B 06 01 05 02 03 05 -Comment = Kerberos/PKINIT -Description = id-pkinit-KPKdc (1 3 6 1 5 2 3 5) - -# S/MIME signed attributes -OID = 06 0B 2A 86 48 86 F7 0D 01 09 10 02 0B -Comment = EncryptionKeyPreference -Description = Encryption Key Preference (1 2 840 113549 1 9 16 2 11) - -OID = 06 09 2B 06 01 04 01 82 37 10 04 -Comment = EncryptionKeyPreference, MS -Description = Encryption Key Preference, MS version (1 3 6 1 4 1 311 16 4) - -OID = 06 09 2A 86 48 86 F7 0D 01 09 05 -Comment = S/MIME Signing Time -Description = S/MIME Signing Time (1 2 840 113549 1 9 5) - -OID = 06 09 2A 86 48 86 F7 63 64 01 0E -Comment = Apple PKINIT Client Policy -Description = Apple PKINIT Client Policy ( 1.2.840.113635.100.1.14 ) - -OID = 06 09 2A 86 48 86 F7 63 64 01 0F -Comment = Apple PKINIT Server Policy -Description = Apple PKINIT Server Policy ( 1.2.840.113635.100.1.15 ) - -# More ANSI X9.62 - -OID = 06 06 2A 86 48 CE 3D 03 -Comment = ANSI X9.62 -Description = ellipticCurve (1 2 840 10045 3) - -OID = 06 07 2A 86 48 CE 3D 03 00 -Comment = ANSI X9.62 -Description = c-TwoCurve (1 2 840 10045 3 0) - -OID = 06 07 2A 86 48 CE 3D 03 01 -Comment = ANSI X9.62 -Description = primeCurve (1 2 840 10045 3 1) - -OID = 06 08 2A 86 48 CE 3D 03 00 01 -Comment = ANSI X9.62 -Description = c2pnb163v1 (1 2 840 10045 3 0 1) - -OID = 06 08 2A 86 48 CE 3D 03 00 02 -Comment = ANSI X9.62 -Description = c2pnb163v2 (1 2 840 10045 3 0 2) - -OID = 06 08 2A 86 48 CE 3D 03 00 03 -Comment = ANSI X9.62 -Description = c2pnb163v3 (1 2 840 10045 3 0 3) - -OID = 06 08 2A 86 48 CE 3D 03 00 04 -Comment = ANSI X9.62 -Description = c2pnb176w1 (1 2 840 10045 3 0 4) - -OID = 06 08 2A 86 48 CE 3D 03 00 05 -Comment = ANSI X9.62 -Description = c2tnb191v1 (1 2 840 10045 3 0 5) - -OID = 06 08 2A 86 48 CE 3D 03 00 06 -Comment = ANSI X9.62 -Description = c2tnb191v2 (1 2 840 10045 3 0 6) - -OID = 06 08 2A 86 48 CE 3D 03 00 07 -Comment = ANSI X9.62 -Description = c2tnb191v3 (1 2 840 10045 3 0 7) - -OID = 06 08 2A 86 48 CE 3D 03 00 08 -Comment = ANSI X9.62 -Description = c2onb191v4 (1 2 840 10045 3 0 8) - -OID = 06 08 2A 86 48 CE 3D 03 00 09 -Comment = ANSI X9.62 -Description = c2onb191v5 (1 2 840 10045 3 0 9) - -OID = 06 08 2A 86 48 CE 3D 03 00 0A -Comment = ANSI X9.62 -Description = c2pnb208w1 (1 2 840 10045 3 0 10) - -OID = 06 08 2A 86 48 CE 3D 03 00 0B -Comment = ANSI X9.62 -Description = c2tnb239v1 (1 2 840 10045 3 0 11) - -OID = 06 08 2A 86 48 CE 3D 03 00 0C -Comment = ANSI X9.62 -Description = c2tnb239v2 (1 2 840 10045 3 0 12) - -OID = 06 08 2A 86 48 CE 3D 03 00 0D -Comment = ANSI X9.62 -Description = c2tnb239v3 (1 2 840 10045 3 0 13) - -OID = 06 08 2A 86 48 CE 3D 03 00 0E -Comment = ANSI X9.62 -Description = c2onb239v4 (1 2 840 10045 3 0 14) - -OID = 06 08 2A 86 48 CE 3D 03 00 0F -Comment = ANSI X9.62 -Description = c2onb239v5 (1 2 840 10045 3 0 15) - -OID = 06 08 2A 86 48 CE 3D 03 00 10 -Comment = ANSI X9.62 -Description = c2pnb272w1 (1 2 840 10045 3 0 16) - -OID = 06 08 2A 86 48 CE 3D 03 00 11 -Comment = ANSI X9.62 -Description = c2pnb304w1 (1 2 840 10045 3 0 17) - -OID = 06 08 2A 86 48 CE 3D 03 00 12 -Comment = ANSI X9.62 -Description = c2tnb359v1 (1 2 840 10045 3 0 18) - -OID = 06 08 2A 86 48 CE 3D 03 00 13 -Comment = ANSI X9.62 -Description = c2pnb368w1 (1 2 840 10045 3 0 19) - -OID = 06 08 2A 86 48 CE 3D 03 00 14 -Comment = ANSI X9.62 -Description = c2tnb431r1 (1 2 840 10045 3 0 20) - -# this one renamed from prime192v1 (in X9.62) to secp192r1 -# (Certicom SEC 2) -OID = 06 08 2A 86 48 CE 3D 03 01 01 -Comment = ANSI X9.62 -Description = secp192r1 (1 2 840 10045 3 1 1) - -OID = 06 08 2A 86 48 CE 3D 03 01 02 -Comment = ANSI X9.62 -Description = prime192v2 (1 2 840 10045 3 1 2) - -OID = 06 08 2A 86 48 CE 3D 03 01 03 -Comment = ANSI X9.62 -Description = prime192v3 (1 2 840 10045 3 1 3) - -OID = 06 08 2A 86 48 CE 3D 03 01 04 -Comment = ANSI X9.62 -Description = prime239v1 (1 2 840 10045 3 1 4) - -OID = 06 08 2A 86 48 CE 3D 03 01 05 -Comment = ANSI X9.62 -Description = prime239v2 (1 2 840 10045 3 1 5) - -OID = 06 08 2A 86 48 CE 3D 03 01 06 -Comment = ANSI X9.62 -Description = prime239v3 (1 2 840 10045 3 1 6) - -# X9.62: prime256v1 Certicom SEC 2: -OID = 06 08 2A 86 48 CE 3D 03 01 07 -Comment = ANSI X9.62 -Description = secp256r1 (1 2 840 10045 3 1 7) - -OID = 06 06 2A 86 48 CE 3D 04 -Comment = ANSI X9.62 -Description = ecSigType (1 2 840 10045 4) - -OID = 06 07 2A 86 48 CE 3D 04 01 -Comment = ANSI X9.62 -Description = ecdsa-with-SHA1 (1 2 840 10045 4 1) - -OID = 06 08 2A 86 48 CE 3D 04 03 01 -Comment = FPKI -Description = ecdsa-with-SHA224 (1 2 840 10045 4 3 1) - -OID = 06 08 2A 86 48 CE 3D 04 03 02 -Comment = FPKI -Description = ecdsa-with-SHA256 (1 2 840 10045 4 3 2) - -OID = 06 08 2A 86 48 CE 3D 04 03 03 -Comment = FPKI -Description = ecdsa-with-SHA384 (1 2 840 10045 4 3 3) - -OID = 06 08 2A 86 48 CE 3D 04 03 04 -Comment = FPKI -Description = ecdsa-with-SHA512 (1 2 840 10045 4 3 4) - -# -# This one is used when the disgest algorithm is explicitly -# specified in a separate alg parameter -# -OID = 06 07 2A 86 48 CE 3D 04 03 -Comment = FPKI -Description = ecdsa-with-specified (1 2 840 10045 4 3) - -# -# Certicom Elliptic Curves from SEC 2 -# -OID = 06 03 2B 81 04 -Comment = Certicom SEC 2 -Description = certicom-arc (1 3 132) - -OID = 06 04 2B 81 04 00 -Comment = Certicom SEC 2 -Description = ellipticCurve (1 3 132 0) - -OID = 06 05 2B 81 04 00 06 -Comment = Certicom SEC 2 -Description = secp112r1 (1 3 132 0 6) - -OID = 06 05 2B 81 04 00 07 -Comment = Certicom SEC 2 -Description = secp112r2 (1 3 132 0 7) - -OID = 06 05 2B 81 04 00 1C -Comment = Certicom SEC 2 -Description = secp128r1 (1 3 132 0 28) - -OID = 06 05 2B 81 04 00 1D -Comment = Certicom SEC 2 -Description = secp128r2 (1 3 132 0 29) - -OID = 06 05 2B 81 04 00 09 -Comment = Certicom SEC 2 -Description = secp160k1 (1 3 132 0 9) - -OID = 06 05 2B 81 04 00 08 -Comment = Certicom SEC 2 -Description = secp160r1 (1 3 132 0 8) - -OID = 06 05 2B 81 04 00 1E -Comment = Certicom SEC 2 -Description = secp160r2 (1 3 132 0 30) - -OID = 06 05 2B 81 04 00 1F -Comment = Certicom SEC 2 -Description = secp192k1 (1 3 132 0 31) - -# note secp192r1 defined above in the ANSI X9.62 arc - -OID = 06 05 2B 81 04 00 20 -Comment = Certicom SEC 2 -Description = secp224k1 (1 3 132 0 32) - -OID = 06 05 2B 81 04 00 21 -Comment = Certicom SEC 2 -Description = secp224r1 (1 3 132 0 33) - -OID = 06 05 2B 81 04 00 0A -Comment = Certicom SEC 2 -Description = secp256k1 (1 3 132 0 10) - -# note secp256r1 defined above in the ANSI X9.62 arc - -OID = 06 05 2B 81 04 00 22 -Comment = Certicom SEC 2 -Description = secp384r1 (1 3 132 0 34) - -OID = 06 05 2B 81 04 00 23 -Comment = Certicom SEC 2 -Description = secp521r1 (1 3 132 0 35) - -# characteristic 2 curves - -OID = 06 05 2B 81 04 00 04 -Comment = Certicom SEC 2 -Description = sect113r1 (1 3 132 0 4) - -OID = 06 05 2B 81 04 00 05 -Comment = Certicom SEC 2 -Description = sect113r2 (1 3 132 0 5) - -OID = 06 05 2B 81 04 00 16 -Comment = Certicom SEC 2 -Description = sect131r1 (1 3 132 0 22) - -OID = 06 05 2B 81 04 00 17 -Comment = Certicom SEC 2 -Description = sect131r2 (1 3 132 0 23) - -OID = 06 05 2B 81 04 00 01 -Comment = Certicom SEC 2 -Description = sect163k1 (1 3 132 0 1) - -OID = 06 05 2B 81 04 00 02 -Comment = Certicom SEC 2 -Description = sect163r1 (1 3 132 0 2) - -OID = 06 05 2B 81 04 00 0F -Comment = Certicom SEC 2 -Description = sect163r2 (1 3 132 0 15) - -OID = 06 05 2B 81 04 00 18 -Comment = Certicom SEC 2 -Description = sect193r1 (1 3 132 0 24) - -OID = 06 05 2B 81 04 00 19 -Comment = Certicom SEC 2 -Description = sect193r2 (1 3 132 0 25) - -OID = 06 05 2B 81 04 00 1A -Comment = Certicom SEC 2 -Description = sect233k1 (1 3 132 0 26) - -OID = 06 05 2B 81 04 00 1B -Comment = Certicom SEC 2 -Description = sect233r1 (1 3 132 0 27) - -OID = 06 05 2B 81 04 00 03 -Comment = Certicom SEC 2 -Description = sect239k1 (1 3 132 0 3) - -OID = 06 05 2B 81 04 00 10 -Comment = Certicom SEC 2 -Description = sect283k1 (1 3 132 0 16) - -OID = 06 05 2B 81 04 00 11 -Comment = Certicom SEC 2 -Description = sect283r1 (1 3 132 0 17) - -OID = 06 05 2B 81 04 00 24 -Comment = Certicom SEC 2 -Description = sect409k1 (1 3 132 0 36) - -OID = 06 05 2B 81 04 00 25 -Comment = Certicom SEC 2 -Description = sect409r1 (1 3 132 0 37) - -OID = 06 05 2B 81 04 00 26 -Comment = Certicom SEC 2 -Description = sect571k1 (1 3 132 0 38) - -OID = 06 05 2B 81 04 00 27 -Comment = Certicom SEC 2 -Description = sect571r1 (1 3 132 0 39) - -# X9.63 addendum for ECDH - -OID = 06 07 2B 81 05 10 86 48 3F -Comment = X9.63 -Description = x9-63 (1 3 133 16 840 63) - -OID = 06 08 2B 81 05 10 86 48 3F 00 -Comment = X9.63 -Description = x9-63-scheme (1 3 133 16 840 63 0) - -OID = 06 09 2B 81 05 10 86 48 3F 00 02 -Comment = X9.63 -Description = dhSinglePass-stdDH-sha1kdf-scheme (1 3 133 16 840 63 0 2) - -OID = 06 09 2B 81 05 10 86 48 3F 00 03 -Comment = X9.63 -Description = dhSinglePass-cofactorDH-sha1kdf-scheme (1 3 133 16 840 63 0 3) - -OID = 06 09 2B 81 05 10 86 48 3F 00 10 -Comment = X9.63 -Description = mqvSinglePass-sha1kdf-scheme (1 3 133 16 840 63 0 16) - -# End of Fahnenstange diff --git a/SecurityTests/clxutils/extenGrab/Makefile b/SecurityTests/clxutils/extenGrab/Makefile deleted file mode 100644 index 629138bd..00000000 --- a/SecurityTests/clxutils/extenGrab/Makefile +++ /dev/null @@ -1,54 +0,0 @@ -# name of executable to build -EXECUTABLE=extenGrab -# C++ source (with .cpp extension) -CPSOURCE= extenGrab.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/clxutils/extenGrab/extenGrab.cpp b/SecurityTests/clxutils/extenGrab/extenGrab.cpp deleted file mode 100644 index 01410d34..00000000 --- a/SecurityTests/clxutils/extenGrab/extenGrab.cpp +++ /dev/null @@ -1,124 +0,0 @@ -/* - * extenGrab - write the unparsed extension blobs of a specified - * cert to files for external examination - */ -#include -#include -#include -#include -#include -#include -#include -#include - -static void usage(char **argv) -{ - printf("Usage: %s certFile outFileBase [r for CRL, default is cert]\n", - argv[0]); - exit(1); -} - -/* - * How many items in a NULL-terminated array of pointers? - */ -static unsigned nssArraySize( - const void **array) -{ - unsigned count = 0; - if (array) { - while (*array++) { - count++; - } - } - return count; -} - -int main(int argc, char **argv) -{ - if(argc < 3) { - usage(argv); - } - - bool doCert = true; - NSS_Certificate signedCert; - NSS_Crl signedCrl; - void *decodeTarget; - const SecAsn1Template *templ; - NSS_CertExtension ***extenp; - - for(int arg=3; argextnId.Data, exten->extnId.Length, oidStr); - printf("Extension %u : %s\n", dex, oidStr); - sprintf(outFileName, "%s_%u", outBase, dex); - if(writeFile(outFileName, exten->value.Data, exten->value.Length)) { - printf("***Error writing %s. Aborting.\n", - outFileName); - exit(1); - } - else { - printf("...wrote %lu bytes to %s\n", - exten->value.Length, outFileName); - } - } - SecAsn1CoderRelease(coder); - printf("..done.\n"); - return 0; -} diff --git a/SecurityTests/clxutils/extenTest/Makefile b/SecurityTests/clxutils/extenTest/Makefile deleted file mode 100644 index ef2b67c7..00000000 --- a/SecurityTests/clxutils/extenTest/Makefile +++ /dev/null @@ -1,54 +0,0 @@ -# name of executable to build -EXECUTABLE=extenTest -# C++ source (with .cpp extension) -CPSOURCE= extenTest.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/clxutils/extenTest/extenTest.cpp b/SecurityTests/clxutils/extenTest/extenTest.cpp deleted file mode 100644 index 48f3f889..00000000 --- a/SecurityTests/clxutils/extenTest/extenTest.cpp +++ /dev/null @@ -1,1546 +0,0 @@ -/* - * extenTest - verify encoding and decoding of extensions. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define KEY_ALG CSSM_ALGID_RSA -#define SIG_ALG CSSM_ALGID_SHA1WithRSA -#define KEY_SIZE_BITS CSP_RSA_KEY_SIZE_DEFAULT -#define SUBJ_KEY_LABEL "subjectKey" - -#define LOOPS_DEF 10 - -static void usage(char **argv) -{ - printf("Usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" e=extenSpec (default = all)\n"); - printf(" k keyUsage\n"); - printf(" b basicConstraints\n"); - printf(" x extendedKeyUsage\n"); - printf(" s subjectKeyId\n"); - printf(" a authorityKeyId\n"); - printf(" t SubjectAltName\n"); - printf(" i IssuerAltName\n"); - printf(" c certPolicies\n"); - printf(" n netscapeCertType\n"); - printf(" p CRLDistributionPoints\n"); - printf(" A AuthorityInfoAccess\n"); - printf(" S SubjectInfoAccess\n"); - printf(" q QualifiedCertStatements\n"); - printf(" w(rite blobs)\n"); - printf(" f=fileName (default is extension-specific file name)\n"); - printf(" d(isplay certs)\n"); - printf(" l=loops (default = %d)\n", LOOPS_DEF); - printf(" p(ause on each loop)\n"); - printf(" P(ause on each cert)\n"); - exit(1); -} - -/* dummy RDN - subject and issuer - we aren't testing this */ -CB_NameOid dummyRdn[] = -{ - { "Apple Computer", &CSSMOID_OrganizationName }, - { "Doug Mitchell", &CSSMOID_CommonName } -}; -#define NUM_DUMMY_NAMES (sizeof(dummyRdn) / sizeof(CB_NameOid)) - -/* - * Static components we reuse for each encode/decode. - */ -static CSSM_X509_NAME *dummyName; -static CSSM_X509_TIME *notBefore; // UTC-style "not before" time -static CSSM_X509_TIME *notAfter; // UTC-style "not after" time -static CSSM_KEY subjPrivKey; -static CSSM_KEY subjPubKey; - -static CSSM_BOOL randBool() -{ - unsigned r = genRand(1, 0x10000000); - return (r & 0x1) ? CSSM_TRUE : CSSM_FALSE; -} - -/* Fill a CSSM_DATA with random data. Its referent is allocd with malloc. */ -static void randData( - CSSM_DATA_PTR data, - uint8 maxLen) -{ - data->Data = (uint8 *)malloc(maxLen); - simpleGenData(data, 1, maxLen); -} - -/* - * Various compare tests - */ -int compBool( - CSSM_BOOL pre, - CSSM_BOOL post, - const char *desc) -{ - if(pre == post) { - return 0; - } - printf("***Boolean miscompare on %s\n", desc); - /* in case a CSSM_TRUE isn't exactly right... */ - switch(post) { - case CSSM_FALSE: - case CSSM_TRUE: - break; - default: - printf("*** post value is %d expected %d\n", - (int)post, (int)pre); - break; - } - return 1; -} - -static int compCssmData( - CSSM_DATA &d1, - CSSM_DATA &d2, - const char *desc) -{ - if(appCompareCssmData(&d1, &d2)) { - return 0; - } - printf("CSSM_DATA miscompare on %s\n", desc); - return 1; -} - -#pragma mark ----- individual extension tests ----- - -#pragma mark --- CE_KeyUsage --- -static void kuCreate(void *arg) -{ - CE_KeyUsage *ku = (CE_KeyUsage *)arg; - - /* set two random valid bits */ - *ku = 0; - *ku |= 1 << genRand(7, 15); - *ku |= 1 << genRand(7, 15); -} - -static unsigned kuCompare(const void *pre, const void *post) -{ - const CE_KeyUsage *kuPre = (CE_KeyUsage *)pre; - const CE_KeyUsage *kuPost = (CE_KeyUsage *)post; - if(*kuPre != *kuPost) { - printf("***Miscompare in CE_KeyUsage\n"); - return 1; - } - return 0; -} - -#pragma mark --- CE_BasicConstraints --- -static void bcCreate(void *arg) -{ - CE_BasicConstraints *bc = (CE_BasicConstraints *)arg; - bc->cA = randBool(); - bc->pathLenConstraintPresent = randBool(); - if(bc->pathLenConstraintPresent) { - bc->pathLenConstraint = genRand(1,10); - } -} - -static unsigned bcCompare(const void *pre, const void *post) -{ - const CE_BasicConstraints *bcpre = (CE_BasicConstraints *)pre; - const CE_BasicConstraints *bcpost = (CE_BasicConstraints *)post; - unsigned rtn = 0; - - rtn += compBool(bcpre->cA, bcpost->cA, "BasicConstraints.cA"); - rtn += compBool(bcpre->pathLenConstraintPresent, - bcpost->pathLenConstraintPresent, - "BasicConstraints.pathLenConstraintPresent"); - if(bcpre->pathLenConstraint != bcpost->pathLenConstraint) { - printf("BasicConstraints.pathLenConstraint mismatch\n"); - rtn++; - } - return rtn; -} - -#pragma mark --- CE_SubjectKeyID --- -static void skidCreate(void *arg) -{ - CSSM_DATA_PTR skid = (CSSM_DATA_PTR)arg; - randData(skid, 16); -} - -static unsigned skidCompare(const void *pre, const void *post) -{ - CSSM_DATA_PTR spre = (CSSM_DATA_PTR)pre; - CSSM_DATA_PTR spost = (CSSM_DATA_PTR)post; - return compCssmData(*spre, *spost, "SubjectKeyID"); -} - -static void skidFree(void *arg) -{ - CSSM_DATA_PTR skid = (CSSM_DATA_PTR)arg; - free(skid->Data); -} - -#pragma mark --- CE_NetscapeCertType --- -static void nctCreate(void *arg) -{ - CE_NetscapeCertType *nct = (CE_NetscapeCertType *)arg; - - /* set two random valid bits */ - *nct = 0; - *nct |= 1 << genRand(8, 15); - *nct |= 1 << genRand(8, 15); -} - -static unsigned nctCompare(const void *pre, const void *post) -{ - const CE_NetscapeCertType *nPre = (CE_NetscapeCertType *)pre; - const CE_NetscapeCertType *nPost = (CE_NetscapeCertType *)post; - if(*nPre != *nPost) { - printf("***Miscompare in CE_NetscapeCertType\n"); - return 1; - } - return 0; -} - -#pragma mark --- CE_ExtendedKeyUsage --- - -/* a static array of meaningless OIDs, use 1.. NUM_SKU_OIDS */ -CSSM_OID ekuOids[] = { - CSSMOID_CrlNumber, - CSSMOID_CrlReason, - CSSMOID_HoldInstructionCode, - CSSMOID_InvalidityDate -}; -#define NUM_SKU_OIDS 4 - -static void ekuCreate(void *arg) -{ - CE_ExtendedKeyUsage *eku = (CE_ExtendedKeyUsage *)arg; - eku->numPurposes = genRand(1, NUM_SKU_OIDS); - eku->purposes = ekuOids; -} - -static unsigned ekuCompare(const void *pre, const void *post) -{ - CE_ExtendedKeyUsage *ekupre = (CE_ExtendedKeyUsage *)pre; - CE_ExtendedKeyUsage *ekupost = (CE_ExtendedKeyUsage *)post; - - if(ekupre->numPurposes != ekupost->numPurposes) { - printf("CE_ExtendedKeyUsage.numPurposes miscompare\n"); - return 1; - } - unsigned rtn = 0; - for(unsigned dex=0; dexnumPurposes; dex++) { - rtn += compCssmData(ekupre->purposes[dex], - ekupost->purposes[dex], "CE_ExtendedKeyUsage.purposes"); - } - return rtn; -} - - -#pragma mark --- general purpose X509 name generator --- - -/* Attr/Value pairs, pick one of NUM_ATTR_STRINGS */ -static char *attrStrings[] = { - (char *)"thisName", - (char *)"anotherName", - (char *)"someOtherName" -}; -#define NUM_ATTR_STRINGS 3 - -/* A/V type, pick one of NUM_ATTR_TYPES */ -static CSSM_OID attrTypes[] = { - CSSMOID_Surname, - CSSMOID_CountryName, - CSSMOID_OrganizationName, - CSSMOID_Description -}; -#define NUM_ATTR_TYPES 4 - -/* A/V tag, pick one of NUM_ATTR_TAGS */ -static char attrTags[] = { - BER_TAG_PRINTABLE_STRING, - BER_TAG_IA5_STRING, - BER_TAG_T61_STRING -}; -#define NUM_ATTR_TAGS 3 - -static void rdnCreate( - CSSM_X509_RDN_PTR rdn) -{ - unsigned numPairs = genRand(1,4); - rdn->numberOfPairs = numPairs; - unsigned len = numPairs * sizeof(CSSM_X509_TYPE_VALUE_PAIR); - rdn->AttributeTypeAndValue = - (CSSM_X509_TYPE_VALUE_PAIR_PTR)malloc(len); - memset(rdn->AttributeTypeAndValue, 0, len); - - for(unsigned atvDex=0; atvDexAttributeTypeAndValue[atvDex]; - unsigned die = genRand(1, NUM_ATTR_TYPES); - pair.type = attrTypes[die - 1]; - die = genRand(1, NUM_ATTR_STRINGS); - char *str = attrStrings[die - 1]; - pair.value.Data = (uint8 *)str; - pair.value.Length = strlen(str); - die = genRand(1, NUM_ATTR_TAGS); - pair.valueType = attrTags[die - 1]; - } -} - -static unsigned rdnCompare( - CSSM_X509_RDN_PTR rdn1, - CSSM_X509_RDN_PTR rdn2) -{ - if(rdn1->numberOfPairs != rdn2->numberOfPairs) { - printf("***Mismatch in numberOfPairs\n"); - return 1; - } - unsigned rtn = 0; - for(unsigned atvDex=0; atvDexnumberOfPairs; atvDex++) { - CSSM_X509_TYPE_VALUE_PAIR &p1 = - rdn1->AttributeTypeAndValue[atvDex]; - CSSM_X509_TYPE_VALUE_PAIR &p2 = - rdn2->AttributeTypeAndValue[atvDex]; - if(p1.valueType != p2.valueType) { - printf("***valueType miscompare\n"); - rtn++; - } - if(compCssmData(p1.type, p2.type, "ATV.type")) { - rtn++; - } - if(compCssmData(p1.value, p2.value, "ATV.value")) { - rtn++; - } - } - return rtn; -} - -static void rdnFree( - CSSM_X509_RDN_PTR rdn) -{ - free(rdn->AttributeTypeAndValue); -} - -static void x509NameCreate( - CSSM_X509_NAME_PTR x509Name) -{ - memset(x509Name, 0, sizeof(*x509Name)); - unsigned numRdns = genRand(1,4); - x509Name->numberOfRDNs = numRdns; - unsigned len = numRdns * sizeof(CSSM_X509_RDN); - x509Name->RelativeDistinguishedName = (CSSM_X509_RDN_PTR)malloc(len); - memset(x509Name->RelativeDistinguishedName, 0, len); - - for(unsigned rdnDex=0; rdnDexRelativeDistinguishedName[rdnDex]; - rdnCreate(&rdn); - } -} - -static unsigned x509NameCompare( - const CSSM_X509_NAME_PTR n1, - const CSSM_X509_NAME_PTR n2) -{ - if(n1->numberOfRDNs != n2->numberOfRDNs) { - printf("***Mismatch in numberOfRDNs\n"); - return 1; - } - unsigned rtn = 0; - for(unsigned rdnDex=0; rdnDexnumberOfRDNs; rdnDex++) { - CSSM_X509_RDN &rdn1 = n1->RelativeDistinguishedName[rdnDex]; - CSSM_X509_RDN &rdn2 = n2->RelativeDistinguishedName[rdnDex]; - rtn += rdnCompare(&rdn1, &rdn2); - } - return rtn; -} - -static void x509NameFree( - CSSM_X509_NAME_PTR n) -{ - for(unsigned rdnDex=0; rdnDexnumberOfRDNs; rdnDex++) { - CSSM_X509_RDN &rdn = n->RelativeDistinguishedName[rdnDex]; - rdnFree(&rdn); - } - free(n->RelativeDistinguishedName); -} - -#pragma mark --- general purpose GeneralNames generator --- - -#define SOME_URL_1 "http://foo.bar.com" -#define SOME_URL_2 "http://bar.foo.com" -#define SOME_DNS_1 "Some DNS" -#define SOME_DNS_2 "Another DNS" -unsigned char someIpAdr_1[] = {208, 161, 124, 209 }; -unsigned char someIpAdr_2[] = {10, 0, 61, 5}; - -static void genNameCreate(CE_GeneralName *name) -{ - unsigned type = genRand(1, 5); - const char *src; - unsigned char *usrc; - switch(type) { - case 1: - name->nameType = GNT_URI; - name->berEncoded = CSSM_FALSE; - src = randBool() ? SOME_URL_1 : SOME_URL_2; - appCopyData(src, strlen(src), &name->name); - break; - - case 2: - name->nameType = GNT_RegisteredID; - name->berEncoded = CSSM_FALSE; - appCopyData(CSSMOID_SubjectDirectoryAttributes.Data, - CSSMOID_SubjectDirectoryAttributes.Length, - &name->name); - break; - - case 3: - name->nameType = GNT_DNSName; - name->berEncoded = CSSM_FALSE; - src = randBool() ? SOME_DNS_1 : SOME_DNS_2; - appCopyData(src, strlen(src), &name->name); - break; - - case 4: - name->nameType = GNT_IPAddress; - name->berEncoded = CSSM_FALSE; - usrc = randBool() ? someIpAdr_1 : someIpAdr_2; - appCopyData(usrc, 4, &name->name); - break; - - case 5: - { - /* X509_NAME, the hard one */ - name->nameType = GNT_DirectoryName; - name->berEncoded = CSSM_FALSE; - appSetupCssmData(&name->name, sizeof(CSSM_X509_NAME)); - x509NameCreate((CSSM_X509_NAME_PTR)name->name.Data); - } - } -} - -static void genNamesCreate(void *arg) -{ - CE_GeneralNames *names = (CE_GeneralNames *)arg; - names->numNames = genRand(1, 3); - // one at a time - //names->numNames = 1; - names->generalName = (CE_GeneralName *)malloc(names->numNames * - sizeof(CE_GeneralName)); - memset(names->generalName, 0, names->numNames * sizeof(CE_GeneralName)); - - for(unsigned i=0; inumNames; i++) { - CE_GeneralName *name = &names->generalName[i]; - genNameCreate(name); - } -} - -static unsigned genNameCompare( - CE_GeneralName *npre, - CE_GeneralName *npost) -{ - unsigned rtn = 0; - if(npre->nameType != npost->nameType) { - printf("***CE_GeneralName.nameType miscompare\n"); - rtn++; - } - if(compBool(npre->berEncoded, npost->berEncoded, - "CE_GeneralName.berEncoded")) { - rtn++; - } - - /* nameType-specific compare */ - switch(npre->nameType) { - case GNT_RFC822Name: - rtn += compCssmData(npre->name, npost->name, - "CE_GeneralName.RFC822Name"); - break; - case GNT_DNSName: - rtn += compCssmData(npre->name, npost->name, - "CE_GeneralName.DNSName"); - break; - case GNT_URI: - rtn += compCssmData(npre->name, npost->name, - "CE_GeneralName.URI"); - break; - case GNT_IPAddress: - rtn += compCssmData(npre->name, npost->name, - "CE_GeneralName.RFIPAddressC822Name"); - break; - case GNT_RegisteredID: - rtn += compCssmData(npre->name, npost->name, - "CE_GeneralName.RegisteredID"); - break; - case GNT_DirectoryName: - rtn += x509NameCompare((CSSM_X509_NAME_PTR)npre->name.Data, - (CSSM_X509_NAME_PTR)npost->name.Data); - break; - default: - printf("****BRRZAP! genNamesCompare needs work\n"); - rtn++; - } - return rtn; -} - -static unsigned genNamesCompare(const void *pre, const void *post) -{ - const CE_GeneralNames *gnPre = (CE_GeneralNames *)pre; - const CE_GeneralNames *gnPost = (CE_GeneralNames *)post; - unsigned rtn = 0; - - if((gnPre == NULL) || (gnPost == NULL)) { - printf("***Bad GenNames pointer\n"); - return 1; - } - if(gnPre->numNames != gnPost->numNames) { - printf("***CE_GeneralNames.numNames miscompare\n"); - return 1; - } - for(unsigned dex=0; dexnumNames; dex++) { - CE_GeneralName *npre = &gnPre->generalName[dex]; - CE_GeneralName *npost = &gnPost->generalName[dex]; - rtn += genNameCompare(npre, npost); - } - return rtn; -} - - -static void genNameFree(CE_GeneralName *n) -{ - switch(n->nameType) { - case GNT_DirectoryName: - x509NameFree((CSSM_X509_NAME_PTR)n->name.Data); - CSSM_FREE(n->name.Data); - break; - default: - CSSM_FREE(n->name.Data); - break; - } -} - - -static void genNamesFree(void *arg) -{ - const CE_GeneralNames *gn = (CE_GeneralNames *)arg; - for(unsigned dex=0; dexnumNames; dex++) { - CE_GeneralName *n = (CE_GeneralName *)&gn->generalName[dex]; - genNameFree(n); - } - free(gn->generalName); -} - -#pragma mark --- CE_CRLDistPointsSyntax --- -static void cdpCreate(void *arg) -{ - CE_CRLDistPointsSyntax *cdp = (CE_CRLDistPointsSyntax *)arg; - //cdp->numDistPoints = genRand(1,3); - // one at a time - cdp->numDistPoints = 1; - unsigned len = sizeof(CE_CRLDistributionPoint) * cdp->numDistPoints; - cdp->distPoints = (CE_CRLDistributionPoint *)malloc(len); - memset(cdp->distPoints, 0, len); - - for(unsigned dex=0; dexnumDistPoints; dex++) { - CE_CRLDistributionPoint *pt = &cdp->distPoints[dex]; - - /* all fields optional */ - if(randBool()) { - CE_DistributionPointName *dpn = pt->distPointName = - (CE_DistributionPointName *)malloc( - sizeof(CE_DistributionPointName)); - memset(dpn, 0, sizeof(CE_DistributionPointName)); - - /* CE_DistributionPointName has two flavors */ - if(randBool()) { - dpn->nameType = CE_CDNT_FullName; - dpn->dpn.fullName = (CE_GeneralNames *)malloc( - sizeof(CE_GeneralNames)); - memset(dpn->dpn.fullName, 0, sizeof(CE_GeneralNames)); - genNamesCreate(dpn->dpn.fullName); - } - else { - dpn->nameType = CE_CDNT_NameRelativeToCrlIssuer; - dpn->dpn.rdn = (CSSM_X509_RDN_PTR)malloc( - sizeof(CSSM_X509_RDN)); - memset(dpn->dpn.rdn, 0, sizeof(CSSM_X509_RDN)); - rdnCreate(dpn->dpn.rdn); - } - } /* creating CE_DistributionPointName */ - - pt->reasonsPresent = randBool(); - if(pt->reasonsPresent) { - CE_CrlDistReasonFlags *cdr = &pt->reasons; - /* set two random valid bits */ - *cdr = 0; - *cdr |= 1 << genRand(0,7); - *cdr |= 1 << genRand(0,7); - } - - /* make sure at least one present */ - if((!pt->distPointName && !pt->reasonsPresent) || randBool()) { - pt->crlIssuer = (CE_GeneralNames *)malloc(sizeof(CE_GeneralNames)); - memset(pt->crlIssuer, 0, sizeof(CE_GeneralNames)); - genNamesCreate(pt->crlIssuer); - } - } -} - -static unsigned cdpCompare(const void *pre, const void *post) -{ - CE_CRLDistPointsSyntax *cpre = (CE_CRLDistPointsSyntax *)pre; - CE_CRLDistPointsSyntax *cpost = (CE_CRLDistPointsSyntax *)post; - - if(cpre->numDistPoints != cpost->numDistPoints) { - printf("***CE_CRLDistPointsSyntax.numDistPoints miscompare\n"); - return 1; - } - unsigned rtn = 0; - for(unsigned dex=0; dexnumDistPoints; dex++) { - CE_CRLDistributionPoint *ptpre = &cpre->distPoints[dex]; - CE_CRLDistributionPoint *ptpost = &cpost->distPoints[dex]; - - if(ptpre->distPointName) { - if(ptpost->distPointName == NULL) { - printf("***NULL distPointName post decode\n"); - rtn++; - goto checkReason; - } - CE_DistributionPointName *dpnpre = ptpre->distPointName; - CE_DistributionPointName *dpnpost = ptpost->distPointName; - if(dpnpre->nameType != dpnpost->nameType) { - printf("***CE_DistributionPointName.nameType miscompare\n"); - rtn++; - goto checkReason; - } - if(dpnpre->nameType == CE_CDNT_FullName) { - rtn += genNamesCompare(dpnpre->dpn.fullName, dpnpost->dpn.fullName); - } - else { - rtn += rdnCompare(dpnpre->dpn.rdn, dpnpost->dpn.rdn); - } - - } - else if(ptpost->distPointName != NULL) { - printf("***NON NULL distPointName post decode\n"); - rtn++; - } - - checkReason: - if(ptpre->reasons != ptpost->reasons) { - printf("***CE_CRLDistributionPoint.reasons miscompare\n"); - rtn++; - } - - if(ptpre->crlIssuer) { - if(ptpost->crlIssuer == NULL) { - printf("***NULL crlIssuer post decode\n"); - rtn++; - continue; - } - CE_GeneralNames *gnpre = ptpre->crlIssuer; - CE_GeneralNames *gnpost = ptpost->crlIssuer; - rtn += genNamesCompare(gnpre, gnpost); - } - else if(ptpost->crlIssuer != NULL) { - printf("***NON NULL crlIssuer post decode\n"); - rtn++; - } - } - return rtn; -} - -static void cdpFree(void *arg) -{ - CE_CRLDistPointsSyntax *cdp = (CE_CRLDistPointsSyntax *)arg; - for(unsigned dex=0; dexnumDistPoints; dex++) { - CE_CRLDistributionPoint *pt = &cdp->distPoints[dex]; - if(pt->distPointName) { - CE_DistributionPointName *dpn = pt->distPointName; - if(dpn->nameType == CE_CDNT_FullName) { - genNamesFree(dpn->dpn.fullName); - free(dpn->dpn.fullName); - } - else { - rdnFree(dpn->dpn.rdn); - free(dpn->dpn.rdn); - } - free(dpn); - } - - if(pt->crlIssuer) { - genNamesFree(pt->crlIssuer); - free(pt->crlIssuer); - } - } - free(cdp->distPoints); -} - -#pragma mark --- CE_AuthorityKeyID --- -static void authKeyIdCreate(void *arg) -{ - CE_AuthorityKeyID *akid = (CE_AuthorityKeyID *)arg; - - /* all three fields optional */ - - akid->keyIdentifierPresent = randBool(); - if(akid->keyIdentifierPresent) { - randData(&akid->keyIdentifier, 16); - } - - akid->generalNamesPresent = randBool(); - if(akid->generalNamesPresent) { - akid->generalNames = - (CE_GeneralNames *)malloc(sizeof(CE_GeneralNames)); - memset(akid->generalNames, 0, sizeof(CE_GeneralNames)); - genNamesCreate(akid->generalNames); - } - - if(!akid->keyIdentifierPresent & !akid->generalNamesPresent) { - /* force at least one to be present */ - akid->serialNumberPresent = CSSM_TRUE; - } - else { - akid->serialNumberPresent = randBool(); - } - if(akid->serialNumberPresent) { - randData(&akid->serialNumber, 16); - } - -} - -static unsigned authKeyIdCompare(const void *pre, const void *post) -{ - CE_AuthorityKeyID *akpre = (CE_AuthorityKeyID *)pre; - CE_AuthorityKeyID *akpost = (CE_AuthorityKeyID *)post; - unsigned rtn = 0; - - if(compBool(akpre->keyIdentifierPresent, akpost->keyIdentifierPresent, - "CE_AuthorityKeyID.keyIdentifierPresent")) { - rtn++; - } - else if(akpre->keyIdentifierPresent) { - rtn += compCssmData(akpre->keyIdentifier, - akpost->keyIdentifier, "CE_AuthorityKeyID.keyIdentifier"); - } - - if(compBool(akpre->generalNamesPresent, akpost->generalNamesPresent, - "CE_AuthorityKeyID.generalNamesPresent")) { - rtn++; - } - else if(akpre->generalNamesPresent) { - rtn += genNamesCompare(akpre->generalNames, - akpost->generalNames); - } - - if(compBool(akpre->serialNumberPresent, akpost->serialNumberPresent, - "CE_AuthorityKeyID.serialNumberPresent")) { - rtn++; - } - else if(akpre->serialNumberPresent) { - rtn += compCssmData(akpre->serialNumber, - akpost->serialNumber, "CE_AuthorityKeyID.serialNumber"); - } - return rtn; -} - -static void authKeyIdFree(void *arg) -{ - CE_AuthorityKeyID *akid = (CE_AuthorityKeyID *)arg; - - if(akid->keyIdentifier.Data) { - free(akid->keyIdentifier.Data); - } - if(akid->generalNames) { - genNamesFree(akid->generalNames); // genNamesCreate mallocd - free(akid->generalNames); // we mallocd - } - if(akid->serialNumber.Data) { - free(akid->serialNumber.Data); - } -} - -#pragma mark --- CE_CertPolicies --- - -/* random OIDs, pick 1..NUM_CP_OIDS */ -static CSSM_OID cpOids[] = -{ - CSSMOID_EmailAddress, - CSSMOID_UnstructuredName, - CSSMOID_ContentType, - CSSMOID_MessageDigest -}; -#define NUM_CP_OIDS 4 - -/* CPS strings, pick one of NUM_CPS_STR */ -static char *someCPSs[] = -{ - (char *)"http://www.apple.com", - (char *)"https://cdnow.com", - (char *)"ftp:backwards.com" -}; -#define NUM_CPS_STR 3 - -/* make these looks like real sequences */ -static uint8 someUnotice[] = {0x30, 0x03, BER_TAG_BOOLEAN, 1, 0xff}; -static uint8 someOtherData[] = {0x30, 0x02, BER_TAG_NULL, 0}; - -static void cpCreate(void *arg) -{ - CE_CertPolicies *cp = (CE_CertPolicies *)arg; - cp->numPolicies = genRand(1,3); - //cp->numPolicies = 1; - unsigned len = sizeof(CE_PolicyInformation) * cp->numPolicies; - cp->policies = (CE_PolicyInformation *)malloc(len); - memset(cp->policies, 0, len); - - for(unsigned polDex=0; polDexnumPolicies; polDex++) { - CE_PolicyInformation *pi = &cp->policies[polDex]; - unsigned die = genRand(1, NUM_CP_OIDS); - pi->certPolicyId = cpOids[die - 1]; - unsigned numQual = genRand(1,3); - pi->numPolicyQualifiers = numQual; - len = sizeof(CE_PolicyQualifierInfo) * numQual; - pi->policyQualifiers = (CE_PolicyQualifierInfo *) - malloc(len); - memset(pi->policyQualifiers, 0, len); - for(unsigned cpiDex=0; cpiDexpolicyQualifiers[cpiDex]; - if(randBool()) { - qi->policyQualifierId = CSSMOID_QT_CPS; - die = genRand(1, NUM_CPS_STR); - qi->qualifier.Data = (uint8 *)someCPSs[die - 1]; - qi->qualifier.Length = strlen((char *)qi->qualifier.Data); - } - else { - qi->policyQualifierId = CSSMOID_QT_UNOTICE; - if(randBool()) { - qi->qualifier.Data = someUnotice; - qi->qualifier.Length = 5; - } - else { - qi->qualifier.Data = someOtherData; - qi->qualifier.Length = 4; - } - } - } - } -} - -static unsigned cpCompare(const void *pre, const void *post) -{ - CE_CertPolicies *cppre = (CE_CertPolicies *)pre; - CE_CertPolicies *cppost = (CE_CertPolicies *)post; - - if(cppre->numPolicies != cppost->numPolicies) { - printf("CE_CertPolicies.numPolicies mismatch\n"); - return 1; - } - unsigned rtn = 0; - for(unsigned polDex=0; polDexnumPolicies; polDex++) { - CE_PolicyInformation *pipre = &cppre->policies[polDex]; - CE_PolicyInformation *pipost = &cppost->policies[polDex]; - rtn += compCssmData(pipre->certPolicyId, pipost->certPolicyId, - "CE_PolicyInformation.certPolicyId"); - if(pipre->numPolicyQualifiers != pipost->numPolicyQualifiers) { - printf("CE_PolicyInformation.CE_PolicyInformation mismatch\n"); - rtn++; - continue; - } - - for(unsigned qiDex=0; qiDexnumPolicyQualifiers; qiDex++) { - CE_PolicyQualifierInfo *qipre = &pipre->policyQualifiers[qiDex]; - CE_PolicyQualifierInfo *qipost = &pipost->policyQualifiers[qiDex]; - rtn += compCssmData(qipre->policyQualifierId, - qipost->policyQualifierId, - "CE_PolicyQualifierInfo.policyQualifierId"); - rtn += compCssmData(qipre->qualifier, - qipost->qualifier, - "CE_PolicyQualifierInfo.qualifier"); - } - } - return rtn; -} - -static void cpFree(void *arg) -{ - CE_CertPolicies *cp = (CE_CertPolicies *)arg; - for(unsigned polDex=0; polDexnumPolicies; polDex++) { - CE_PolicyInformation *pi = &cp->policies[polDex]; - free(pi->policyQualifiers); - } - free(cp->policies); -} - -#pragma mark --- CE_AuthorityInfoAccess --- - -/* random OIDs, pick 1..NUM_AI_OIDS */ -static CSSM_OID aiOids[] = -{ - CSSMOID_AD_OCSP, - CSSMOID_AD_CA_ISSUERS, - CSSMOID_AD_TIME_STAMPING, - CSSMOID_AD_CA_REPOSITORY -}; -#define NUM_AI_OIDS 4 - -static void aiaCreate(void *arg) -{ - CE_AuthorityInfoAccess *aia = (CE_AuthorityInfoAccess *)arg; - aia->numAccessDescriptions = genRand(1,3); - unsigned len = aia->numAccessDescriptions * sizeof(CE_AccessDescription); - aia->accessDescriptions = (CE_AccessDescription *)malloc(len); - memset(aia->accessDescriptions, 0, len); - - for(unsigned dex=0; dexnumAccessDescriptions; dex++) { - CE_AccessDescription *ad = &aia->accessDescriptions[dex]; - int die = genRand(1, NUM_AI_OIDS); - ad->accessMethod = aiOids[die - 1]; - genNameCreate(&ad->accessLocation); - } -} - -static unsigned aiaCompare(const void *pre, const void *post) -{ - CE_AuthorityInfoAccess *apre = (CE_AuthorityInfoAccess *)pre; - CE_AuthorityInfoAccess *apost = (CE_AuthorityInfoAccess *)post; - unsigned rtn = 0; - - if(apre->numAccessDescriptions != apost->numAccessDescriptions) { - printf("***CE_AuthorityInfoAccess.numAccessDescriptions miscompare\n"); - return 1; - } - for(unsigned dex=0; dexnumAccessDescriptions; dex++) { - CE_AccessDescription *adPre = &apre->accessDescriptions[dex]; - CE_AccessDescription *adPost = &apost->accessDescriptions[dex]; - if(compCssmData(adPre->accessMethod, adPost->accessMethod, - "CE_AccessDescription.accessMethod")) { - rtn++; - } - rtn += genNameCompare(&adPre->accessLocation, &adPost->accessLocation); - } - return rtn; -} - -static void aiaFree(void *arg) -{ - CE_AuthorityInfoAccess *aia = (CE_AuthorityInfoAccess *)arg; - for(unsigned dex=0; dexnumAccessDescriptions; dex++) { - CE_AccessDescription *ad = &aia->accessDescriptions[dex]; - genNameFree(&ad->accessLocation); - } - free(aia->accessDescriptions); -} - -#pragma mark --- CE_QC_Statements --- - -/* a static array of CE_QC_Statement.statementId */ -static const CSSM_OID qcsOids[] = { - CSSMOID_OID_QCS_SYNTAX_V1, - CSSMOID_OID_QCS_SYNTAX_V2, - CSSMOID_ETSI_QCS_QC_COMPLIANCE, -}; -#define NUM_QCS_OIDS 3 -#define WHICH_QCS_V2 1 - -static void qcsCreate(void *arg) -{ - CE_QC_Statements *qcss = (CE_QC_Statements *)arg; - //unsigned numQcs = genRand(1,3); - unsigned numQcs = 1; - qcss->numQCStatements = numQcs; - qcss->qcStatements = (CE_QC_Statement *)malloc(numQcs * sizeof(CE_QC_Statement)); - memset(qcss->qcStatements, 0, numQcs * sizeof(CE_QC_Statement)); - - for(unsigned dex=0; dexqcStatements[dex]; - unsigned whichOid = genRand(0, NUM_QCS_OIDS-1); - qcs->statementId = qcsOids[whichOid]; - - /* three legal combos of (semanticsInfo, otherInfo), constrained by whichOid */ - unsigned coin = genRand(1, 2); - switch(coin) { - case 1: - /* nothing */ - break; - case 2: - { - /* - * CSSMOID_OID_QCS_SYNTAX_V2 --> semanticsInfo - * other --> otherInfo - */ - if(whichOid == WHICH_QCS_V2) { - CE_SemanticsInformation *si = (CE_SemanticsInformation *)malloc( - sizeof(CE_SemanticsInformation)); - qcs->semanticsInfo = si; - memset(si, 0, sizeof(CE_SemanticsInformation)); - - /* flip a coin; heads --> semanticsIdentifier */ - coin = genRand(1, 2); - if(coin == 2) { - si->semanticsIdentifier = (CSSM_OID *)malloc(sizeof(CSSM_OID)); - *si->semanticsIdentifier = qcsOids[0]; - } - - /* flip a coin; heads --> nameRegistrationAuthorities */ - /* also gen this one if semanticsInfo is empty */ - coin = genRand(1, 2); - if((coin == 2) || (si->semanticsIdentifier == NULL)) { - si->nameRegistrationAuthorities = (CE_NameRegistrationAuthorities *) - malloc(sizeof(CE_NameRegistrationAuthorities)); - genNamesCreate(si->nameRegistrationAuthorities); - } - } - else { - /* ASN_ANY - just take an encoded NULL */ - CSSM_DATA *otherInfo = (CSSM_DATA *)malloc(sizeof(CSSM_DATA)); - otherInfo->Data = (uint8 *)malloc(2); - otherInfo->Data[0] = 5; - otherInfo->Data[1] = 0; - otherInfo->Length = 2; - qcs->otherInfo = otherInfo; - } - break; - } - } - } -} - -static unsigned qcsCompare(const void *pre, const void *post) -{ - CE_QC_Statements *qpre = (CE_QC_Statements *)pre; - CE_QC_Statements *qpost = (CE_QC_Statements *)post; - uint32 numQcs = qpre->numQCStatements; - if(numQcs != qpost->numQCStatements) { - printf("***numQCStatements miscompare\n"); - return 1; - } - - unsigned rtn = 0; - for(unsigned dex=0; dexqcStatements[dex]; - CE_QC_Statement *qcsPost = &qpost->qcStatements[dex]; - if(compCssmData(qcsPre->statementId, qcsPost->statementId, - "CE_QC_Statement.statementId")) { - rtn++; - } - if(qcsPre->semanticsInfo) { - if(qcsPost->semanticsInfo == NULL) { - printf("***semanticsInfo in pre but not in post\n"); - rtn++; - } - else { - CE_SemanticsInformation *siPre = qcsPre->semanticsInfo; - CE_SemanticsInformation *siPost = qcsPost->semanticsInfo; - if((siPre->semanticsIdentifier == NULL) != (siPost->semanticsIdentifier == NULL)) { - printf("***mismatch in presence of semanticsIdentifier\n"); - rtn++; - } - else if(siPre->semanticsIdentifier) { - if(compCssmData(*siPre->semanticsIdentifier, *siPost->semanticsIdentifier, - "CE_SemanticsInformation.semanticsIdentifier")) { - rtn++; - } - } - if((siPre->nameRegistrationAuthorities == NULL) != - (siPost->nameRegistrationAuthorities == NULL)) { - printf("***mismatch in presence of nameRegistrationAuthorities\n"); - rtn++; - } - else if(siPre->nameRegistrationAuthorities) { - rtn += genNamesCompare(siPre->nameRegistrationAuthorities, - siPost->nameRegistrationAuthorities); - } - } - } - else if(qcsPost->semanticsInfo != NULL) { - printf("***semanticsInfo in post but not in pre\n"); - rtn++; - } - if(qcsPre->otherInfo) { - if(qcsPost->otherInfo == NULL) { - printf("***otherInfo in pre but not in post\n"); - rtn++; - } - else { - if(compCssmData(*qcsPre->otherInfo, *qcsPre->otherInfo, - "CE_QC_Statement.otherInfo")) { - rtn++; - } - } - } - else if(qcsPost->otherInfo != NULL) { - printf("***otherInfo in post but not in pre\n"); - rtn++; - } - } - return rtn; -} - -static void qcsFree(void *arg) -{ - CE_QC_Statements *qcss = (CE_QC_Statements *)arg; - uint32 numQcs = qcss->numQCStatements; - for(unsigned dex=0; dexqcStatements[dex]; - if(qcs->semanticsInfo) { - CE_SemanticsInformation *si = qcs->semanticsInfo; - if(si->semanticsIdentifier) { - free(si->semanticsIdentifier); - } - if(si->nameRegistrationAuthorities) { - genNamesFree(si->nameRegistrationAuthorities); - free(si->nameRegistrationAuthorities); - } - free(qcs->semanticsInfo); - } - if(qcs->otherInfo) { - free(qcs->otherInfo->Data); - free(qcs->otherInfo); - } - } - free(qcss->qcStatements); -} - -#pragma mark --- test definitions --- - -/* - * Define one extension test. - */ - -/* - * Cook up this extension with random, reasonable values. - * Incoming pointer refers to extension-specific C struct, mallocd - * and zeroed by main test routine. - */ -typedef void (*extenCreateFcn)(void *arg); - -/* - * Compare two instances of this extension. Return number of - * compare errors. - */ -typedef unsigned (*extenCompareFcn)( - const void *preEncode, - const void *postEncode); - -/* - * Free struct components mallocd in extenCreateFcn. Do not free - * the outer struct. - */ -typedef void (*extenFreeFcn)(void *arg); - -typedef struct { - /* three extension-specific functions */ - extenCreateFcn createFcn; - extenCompareFcn compareFcn; - extenFreeFcn freeFcn; - - /* size of C struct passed to all three functions */ - unsigned extenSize; - - /* the OID for this extension */ - CSSM_OID extenOid; - - /* description for error logging and blob writing */ - const char *extenDescr; - - /* command-line letter for this one */ - char extenLetter; - -} ExtenTest; - -/* empty freeFcn means no extension-specific resources to free */ -#define NO_FREE NULL - -static ExtenTest extenTests[] = { - { kuCreate, kuCompare, NO_FREE, - sizeof(CE_KeyUsage), CSSMOID_KeyUsage, - "KeyUsage", 'k' }, - { bcCreate, bcCompare, NO_FREE, - sizeof(CE_BasicConstraints), CSSMOID_BasicConstraints, - "BasicConstraints", 'b' }, - { ekuCreate, ekuCompare, NO_FREE, - sizeof(CE_ExtendedKeyUsage), CSSMOID_ExtendedKeyUsage, - "ExtendedKeyUsage", 'x' }, - { skidCreate, skidCompare, skidFree, - sizeof(CSSM_DATA), CSSMOID_SubjectKeyIdentifier, - "SubjectKeyID", 's' }, - { authKeyIdCreate, authKeyIdCompare, authKeyIdFree, - sizeof(CE_AuthorityKeyID), CSSMOID_AuthorityKeyIdentifier, - "AuthorityKeyID", 'a' }, - { genNamesCreate, genNamesCompare, genNamesFree, - sizeof(CE_GeneralNames), CSSMOID_SubjectAltName, - "SubjectAltName", 't' }, - { genNamesCreate, genNamesCompare, genNamesFree, - sizeof(CE_GeneralNames), CSSMOID_IssuerAltName, - "IssuerAltName", 'i' }, - { nctCreate, nctCompare, NO_FREE, - sizeof(CE_NetscapeCertType), CSSMOID_NetscapeCertType, - "NetscapeCertType", 'n' }, - { cdpCreate, cdpCompare, cdpFree, - sizeof(CE_CRLDistPointsSyntax), CSSMOID_CrlDistributionPoints, - "CRLDistPoints", 'p' }, - { cpCreate, cpCompare, cpFree, - sizeof(CE_CertPolicies), CSSMOID_CertificatePolicies, - "CertPolicies", 'c' }, - { aiaCreate, aiaCompare, aiaFree, - sizeof(CE_AuthorityInfoAccess), CSSMOID_AuthorityInfoAccess, - "AuthorityInfoAccess", 'A' }, - { aiaCreate, aiaCompare, aiaFree, - sizeof(CE_AuthorityInfoAccess), CSSMOID_SubjectInfoAccess, - "SubjectInfoAccess", 'S' }, - { qcsCreate, qcsCompare, qcsFree, - sizeof(CE_QC_Statements), CSSMOID_QC_Statements, - "QualifiedCertStatements", 'q' }, -}; - -#define NUM_EXTEN_TESTS (sizeof(extenTests) / sizeof(ExtenTest)) - -static void printExten( - CSSM_X509_EXTENSION &extn, - bool preEncode, - OidParser &parser) -{ - CSSM_FIELD field; - field.FieldOid = extn.extnId; - field.FieldValue.Data = (uint8 *)&extn; - field.FieldValue.Length = sizeof(CSSM_X509_EXTENSION); - printf("=== %s:\n", preEncode ? "PRE-ENCODE" : "POST-DECODE" ); - printCertField(field, parser, CSSM_TRUE); -} - -static int doTest( - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - ExtenTest &extenTest, - bool writeBlobs, - const char *constFileName, // all blobs to this file if non-NULL - bool displayExtens, - OidParser &parser) -{ - /* - * 1. Cook up a random and reasonable instance of the C struct - * associated with this extension. - */ - void *preEncode = CSSM_MALLOC(extenTest.extenSize); - memset(preEncode, 0, extenTest.extenSize); - extenTest.createFcn(preEncode); - - /* - * Cook up the associated CSSM_X509_EXTENSION. - */ - CSSM_X509_EXTENSION extnPre; - - extnPre.extnId = extenTest.extenOid; - extnPre.critical = randBool(); - extnPre.format = CSSM_X509_DATAFORMAT_PARSED; - extnPre.value.parsedValue = preEncode; - extnPre.BERvalue.Data = NULL; - extnPre.BERvalue.Length = 0; - - /* encode the extension in a TBSCert */ - CSSM_DATA_PTR rawCert = CB_MakeCertTemplate(clHand, - 0x12345678, // serial number - dummyName, - dummyName, - notBefore, - notAfter, - &subjPubKey, - SIG_ALG, - NULL, // subjUniqueId - NULL, // issuerUniqueId - &extnPre, // extensions - 1); // numExtensions - if(rawCert == NULL) { - printf("Error generating template; aborting.\n"); - /* show what we tried to encode */ - printExten(extnPre, true, parser); - return 1; - } - - /* sign the cert */ - CSSM_DATA signedCert = {0, NULL}; - CSSM_CC_HANDLE sigHand; - CSSM_RETURN crtn = CSSM_CSP_CreateSignatureContext(cspHand, - SIG_ALG, - NULL, // no passphrase for now - &subjPrivKey, - &sigHand); - if(crtn) { - printError("CreateSignatureContext", crtn); - return 1; - } - - crtn = CSSM_CL_CertSign(clHand, - sigHand, - rawCert, // CertToBeSigned - NULL, // SignScope per spec - 0, // ScopeSize per spec - &signedCert); - if(crtn) { - printError("CSSM_CL_CertSign", crtn); - /* show what we tried to encode */ - printExten(extnPre, true, parser); - return 1; - } - CSSM_DeleteContext(sigHand); - - if(writeBlobs) { - char fileName[200]; - if(constFileName) { - strcpy(fileName, constFileName); - } - else { - sprintf(fileName, "%scert.der", extenTest.extenDescr); - } - writeFile(fileName, signedCert.Data, signedCert.Length); - printf("...wrote %lu bytes to %s\n", signedCert.Length, fileName); - } - - /* snag the same extension from the encoded cert */ - CSSM_DATA_PTR postField; - CSSM_HANDLE resultHand; - uint32 numFields; - - crtn = CSSM_CL_CertGetFirstFieldValue(clHand, - &signedCert, - &extenTest.extenOid, - &resultHand, - &numFields, - &postField); - if(crtn) { - printf("****Extension field not found on decode for %s\n", - extenTest.extenDescr); - printError("CSSM_CL_CertGetFirstFieldValue", crtn); - - /* show what we tried to encode and decode */ - printExten(extnPre, true, parser); - return 1; - } - - if(numFields != 1) { - printf("****GetFirstFieldValue: expect 1 value, got %u\n", - (unsigned)numFields); - return 1; - } - CSSM_CL_CertAbortQuery(clHand, resultHand); - - /* verify the fields we generated */ - CSSM_X509_EXTENSION *extnPost = (CSSM_X509_EXTENSION *)postField->Data; - if((extnPost == NULL) || - (postField->Length != sizeof(CSSM_X509_EXTENSION))) { - printf("***Malformed CSSM_X509_EXTENSION (1) after decode\n"); - return 1; - } - int rtn = 0; - rtn += compBool(extnPre.critical, extnPost->critical, - "CSSM_X509_EXTENSION.critical"); - rtn += compCssmData(extnPre.extnId, extnPost->extnId, - "CSSM_X509_EXTENSION.extnId"); - - if(extnPost->format != CSSM_X509_DATAFORMAT_PARSED) { - printf("***Expected CSSM_X509_DATAFORMAT_PARSED (%x(x), got %x(x)\n", - CSSM_X509_DATAFORMAT_PARSED, extnPost->format); - } - if(extnPost->value.parsedValue == NULL) { - printf("***no parsedValue pointer!\n"); - return 1; - } - - /* down to extension-specific compare */ - rtn += extenTest.compareFcn(preEncode, extnPost->value.parsedValue); - - if(rtn) { - /* print preencode only on error */ - printExten(extnPre, true, parser); - } - if(displayExtens || rtn) { - printExten(*extnPost, false, parser); - } - - /* free the allocated data */ - if(extenTest.freeFcn) { - extenTest.freeFcn(preEncode); - } - CSSM_CL_FreeFieldValue(clHand, &extenTest.extenOid, postField); - CSSM_FREE(rawCert->Data); - CSSM_FREE(rawCert); - CSSM_FREE(signedCert.Data); - CSSM_FREE(preEncode); - return rtn; -} - -static void doPause(bool pause) -{ - if(!pause) { - return; - } - fpurge(stdin); - printf("CR to continue "); - getchar(); -} - -int main(int argc, char **argv) -{ - CSSM_CL_HANDLE clHand; - CSSM_CSP_HANDLE cspHand; - CSSM_RETURN crtn; - int arg; - int rtn; - OidParser parser; - char *argp; - unsigned i; - - /* user-specificied params */ - unsigned minExtenNum = 0; - unsigned maxExtenNum = NUM_EXTEN_TESTS-1; - bool writeBlobs = false; - bool displayExtens = false; - bool quiet = false; - unsigned loops = LOOPS_DEF; - bool pauseLoop = false; - bool pauseCert = false; - const char *constFileName = NULL; - - for(arg=1; arg -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define KEY_ALG CSSM_ALGID_RSA -#define SIG_ALG CSSM_ALGID_SHA1WithRSA -#define SIG_OID CSSMOID_SHA1WithRSA -#define KEY_SIZE_BITS CSP_RSA_KEY_SIZE_DEFAULT -#define SUBJ_KEY_LABEL "subjectKey" - -#define LOOPS_DEF 10 - -static void usage(char **argv) -{ - printf("Usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" e=extenSpec (default = all)\n"); - printf(" k keyUsage\n"); - printf(" b basicConstraints\n"); - printf(" x extendedKeyUsage\n"); - printf(" s subjectKeyId\n"); - printf(" a authorityKeyId\n"); - printf(" t SubjectAltName\n"); - printf(" i IssuerAltName\n"); - printf(" c certPolicies\n"); - printf(" n netscapeCertType\n"); - printf(" p CRLDistributionPoints\n"); - printf(" A AuthorityInfoAccess\n"); - printf(" S SubjectInfoAccess\n"); - printf(" w(rite blobs)\n"); - printf(" f=fileName (default is extension-specific file name)\n"); - printf(" d(isplay certs)\n"); - printf(" l=loops (default = %d)\n", LOOPS_DEF); - printf(" p(ause on each loop)\n"); - printf(" P(ause on each cert)\n"); - exit(1); -} - -/* subject and issuer - we aren't testing this */ -CSSM_APPLE_TP_NAME_OID dummyRdn[] = -{ - { "Apple Computer", &CSSMOID_OrganizationName }, - { "Doug Mitchell", &CSSMOID_CommonName } -}; -#define NUM_DUMMY_NAMES (sizeof(dummyRdn) / sizeof(CB_NameOid)) - -/* - * Static components we reuse for each encode/decode. - */ -static CSSM_KEY subjPrivKey; -static CSSM_KEY subjPubKey; - -static CSSM_BOOL randBool() -{ - unsigned r = genRand(1, 0x10000000); - return (r & 0x1) ? CSSM_TRUE : CSSM_FALSE; -} - -/* Fill a CSSM_DATA with random data. Its referent is allocd with malloc. */ -static void randData( - CSSM_DATA_PTR data, - uint8 maxLen) -{ - data->Data = (uint8 *)malloc(maxLen); - simpleGenData(data, 1, maxLen); -} - -/* - * Various compare tests - */ -int compBool( - CSSM_BOOL pre, - CSSM_BOOL post, - const char *desc) -{ - if(pre == post) { - return 0; - } - printf("***Boolean miscompare on %s\n", desc); - /* in case a CSSM_TRUE isn't exactly right... */ - switch(post) { - case CSSM_FALSE: - case CSSM_TRUE: - break; - default: - printf("*** post value is %d expected %d\n", - (int)post, (int)pre); - break; - } - return 1; -} - -static int compCssmData( - CSSM_DATA &d1, - CSSM_DATA &d2, - const char *desc) -{ - if(appCompareCssmData(&d1, &d2)) { - return 0; - } - printf("CSSM_DATA miscompare on %s\n", desc); - return 1; -} - -#pragma mark ----- individual extension tests ----- - -#pragma mark --- CE_KeyUsage --- -static void kuCreate(void *arg) -{ - CE_KeyUsage *ku = (CE_KeyUsage *)arg; - - /* set two random valid bits */ - *ku = 0; - *ku |= 1 << genRand(7, 15); - *ku |= 1 << genRand(7, 15); -} - -static unsigned kuCompare(const void *pre, const void *post) -{ - const CE_KeyUsage *kuPre = (CE_KeyUsage *)pre; - const CE_KeyUsage *kuPost = (CE_KeyUsage *)post; - if(*kuPre != *kuPost) { - printf("***Miscompare in CE_KeyUsage\n"); - return 1; - } - return 0; -} - -#pragma mark --- CE_BasicConstraints --- -static void bcCreate(void *arg) -{ - CE_BasicConstraints *bc = (CE_BasicConstraints *)arg; - bc->cA = randBool(); - bc->pathLenConstraintPresent = randBool(); - if(bc->pathLenConstraintPresent) { - bc->pathLenConstraint = genRand(1,10); - } -} - -static unsigned bcCompare(const void *pre, const void *post) -{ - const CE_BasicConstraints *bcpre = (CE_BasicConstraints *)pre; - const CE_BasicConstraints *bcpost = (CE_BasicConstraints *)post; - unsigned rtn = 0; - - rtn += compBool(bcpre->cA, bcpost->cA, "BasicConstraints.cA"); - rtn += compBool(bcpre->pathLenConstraintPresent, - bcpost->pathLenConstraintPresent, - "BasicConstraints.pathLenConstraintPresent"); - if(bcpre->pathLenConstraint != bcpost->pathLenConstraint) { - printf("BasicConstraints.pathLenConstraint mismatch\n"); - rtn++; - } - return rtn; -} - -#pragma mark --- CE_SubjectKeyID --- -static void skidCreate(void *arg) -{ - CSSM_DATA_PTR skid = (CSSM_DATA_PTR)arg; - randData(skid, 16); -} - -static unsigned skidCompare(const void *pre, const void *post) -{ - CSSM_DATA_PTR spre = (CSSM_DATA_PTR)pre; - CSSM_DATA_PTR spost = (CSSM_DATA_PTR)post; - return compCssmData(*spre, *spost, "SubjectKeyID"); -} - -static void skidFree(void *arg) -{ - CSSM_DATA_PTR skid = (CSSM_DATA_PTR)arg; - free(skid->Data); -} - -#pragma mark --- CE_NetscapeCertType --- -static void nctCreate(void *arg) -{ - CE_NetscapeCertType *nct = (CE_NetscapeCertType *)arg; - - /* set two random valid bits */ - *nct = 0; - *nct |= 1 << genRand(8, 15); - *nct |= 1 << genRand(8, 15); -} - -static unsigned nctCompare(const void *pre, const void *post) -{ - const CE_NetscapeCertType *nPre = (CE_NetscapeCertType *)pre; - const CE_NetscapeCertType *nPost = (CE_NetscapeCertType *)post; - if(*nPre != *nPost) { - printf("***Miscompare in CE_NetscapeCertType\n"); - return 1; - } - return 0; -} - -#pragma mark --- CE_ExtendedKeyUsage --- - -/* a static array of meaningless OIDs, use 1.. NUM_SKU_OIDS */ -CSSM_OID ekuOids[] = { - CSSMOID_CrlNumber, - CSSMOID_CrlReason, - CSSMOID_HoldInstructionCode, - CSSMOID_InvalidityDate -}; -#define NUM_SKU_OIDS 4 - -static void ekuCreate(void *arg) -{ - CE_ExtendedKeyUsage *eku = (CE_ExtendedKeyUsage *)arg; - eku->numPurposes = genRand(1, NUM_SKU_OIDS); - eku->purposes = ekuOids; -} - -static unsigned ekuCompare(const void *pre, const void *post) -{ - CE_ExtendedKeyUsage *ekupre = (CE_ExtendedKeyUsage *)pre; - CE_ExtendedKeyUsage *ekupost = (CE_ExtendedKeyUsage *)post; - - if(ekupre->numPurposes != ekupost->numPurposes) { - printf("CE_ExtendedKeyUsage.numPurposes miscompare\n"); - return 1; - } - unsigned rtn = 0; - for(unsigned dex=0; dexnumPurposes; dex++) { - rtn += compCssmData(ekupre->purposes[dex], - ekupost->purposes[dex], "CE_ExtendedKeyUsage.purposes"); - } - return rtn; -} - - -#pragma mark --- general purpose X509 name generator --- - -/* Attr/Value pairs, pick one of NUM_ATTR_STRINGS */ -static char *attrStrings[] = { - (char *)"thisName", - (char *)"anotherName", - (char *)"someOtherName" -}; -#define NUM_ATTR_STRINGS 3 - -/* A/V type, pick one of NUM_ATTR_TYPES */ -static CSSM_OID attrTypes[] = { - CSSMOID_Surname, - CSSMOID_CountryName, - CSSMOID_OrganizationName, - CSSMOID_Description -}; -#define NUM_ATTR_TYPES 4 - -/* A/V tag, pick one of NUM_ATTR_TAGS */ -static char attrTags[] = { - BER_TAG_PRINTABLE_STRING, - BER_TAG_IA5_STRING, - BER_TAG_T61_STRING -}; -#define NUM_ATTR_TAGS 3 - -static void rdnCreate( - CSSM_X509_RDN_PTR rdn) -{ - unsigned numPairs = genRand(1,4); - rdn->numberOfPairs = numPairs; - unsigned len = numPairs * sizeof(CSSM_X509_TYPE_VALUE_PAIR); - rdn->AttributeTypeAndValue = - (CSSM_X509_TYPE_VALUE_PAIR_PTR)malloc(len); - memset(rdn->AttributeTypeAndValue, 0, len); - - for(unsigned atvDex=0; atvDexAttributeTypeAndValue[atvDex]; - unsigned die = genRand(1, NUM_ATTR_TYPES); - pair.type = attrTypes[die - 1]; - die = genRand(1, NUM_ATTR_STRINGS); - char *str = attrStrings[die - 1]; - pair.value.Data = (uint8 *)str; - pair.value.Length = strlen(str); - die = genRand(1, NUM_ATTR_TAGS); - pair.valueType = attrTags[die - 1]; - } -} - -static unsigned rdnCompare( - CSSM_X509_RDN_PTR rdn1, - CSSM_X509_RDN_PTR rdn2) -{ - if(rdn1->numberOfPairs != rdn2->numberOfPairs) { - printf("***Mismatch in numberOfPairs\n"); - return 1; - } - unsigned rtn = 0; - for(unsigned atvDex=0; atvDexnumberOfPairs; atvDex++) { - CSSM_X509_TYPE_VALUE_PAIR &p1 = - rdn1->AttributeTypeAndValue[atvDex]; - CSSM_X509_TYPE_VALUE_PAIR &p2 = - rdn2->AttributeTypeAndValue[atvDex]; - if(p1.valueType != p2.valueType) { - printf("***valueType miscompare\n"); - rtn++; - } - if(compCssmData(p1.type, p2.type, "ATV.type")) { - rtn++; - } - if(compCssmData(p1.value, p2.value, "ATV.value")) { - rtn++; - } - } - return rtn; -} - -static void rdnFree( - CSSM_X509_RDN_PTR rdn) -{ - free(rdn->AttributeTypeAndValue); -} - -static void x509NameCreate( - CSSM_X509_NAME_PTR x509Name) -{ - memset(x509Name, 0, sizeof(*x509Name)); - unsigned numRdns = genRand(1,4); - x509Name->numberOfRDNs = numRdns; - unsigned len = numRdns * sizeof(CSSM_X509_RDN); - x509Name->RelativeDistinguishedName = (CSSM_X509_RDN_PTR)malloc(len); - memset(x509Name->RelativeDistinguishedName, 0, len); - - for(unsigned rdnDex=0; rdnDexRelativeDistinguishedName[rdnDex]; - rdnCreate(&rdn); - } -} - -static unsigned x509NameCompare( - const CSSM_X509_NAME_PTR n1, - const CSSM_X509_NAME_PTR n2) -{ - if(n1->numberOfRDNs != n2->numberOfRDNs) { - printf("***Mismatch in numberOfRDNs\n"); - return 1; - } - unsigned rtn = 0; - for(unsigned rdnDex=0; rdnDexnumberOfRDNs; rdnDex++) { - CSSM_X509_RDN &rdn1 = n1->RelativeDistinguishedName[rdnDex]; - CSSM_X509_RDN &rdn2 = n2->RelativeDistinguishedName[rdnDex]; - rtn += rdnCompare(&rdn1, &rdn2); - } - return rtn; -} - -static void x509NameFree( - CSSM_X509_NAME_PTR n) -{ - for(unsigned rdnDex=0; rdnDexnumberOfRDNs; rdnDex++) { - CSSM_X509_RDN &rdn = n->RelativeDistinguishedName[rdnDex]; - rdnFree(&rdn); - } - free(n->RelativeDistinguishedName); -} - -#pragma mark --- general purpose GeneralNames generator --- - -#define SOME_URL_1 (char *)"http://foo.bar.com" -#define SOME_URL_2 (char *)"http://bar.foo.com" -#define SOME_DNS_1 (char *)"Some DNS" -#define SOME_DNS_2 (char *)"Another DNS" -unsigned char someIpAdr_1[] = {208, 161, 124, 209 }; -unsigned char someIpAdr_2[] = {10, 0, 61, 5}; - -static void genNameCreate(CE_GeneralName *name) -{ - unsigned type = genRand(1, 5); - const char *src; - unsigned char *usrc; - switch(type) { - case 1: - name->nameType = GNT_URI; - name->berEncoded = CSSM_FALSE; - src = randBool() ? SOME_URL_1 : SOME_URL_2; - appCopyData(src, strlen(src), &name->name); - break; - - case 2: - name->nameType = GNT_RegisteredID; - name->berEncoded = CSSM_FALSE; - appCopyData(CSSMOID_SubjectDirectoryAttributes.Data, - CSSMOID_SubjectDirectoryAttributes.Length, - &name->name); - break; - - case 3: - name->nameType = GNT_DNSName; - name->berEncoded = CSSM_FALSE; - src = randBool() ? SOME_DNS_1 : SOME_DNS_2; - appCopyData(src, strlen(src), &name->name); - break; - - case 4: - name->nameType = GNT_IPAddress; - name->berEncoded = CSSM_FALSE; - usrc = randBool() ? someIpAdr_1 : someIpAdr_2; - appCopyData(usrc, 4, &name->name); - break; - - case 5: - { - /* X509_NAME, the hard one */ - name->nameType = GNT_DirectoryName; - name->berEncoded = CSSM_FALSE; - appSetupCssmData(&name->name, sizeof(CSSM_X509_NAME)); - x509NameCreate((CSSM_X509_NAME_PTR)name->name.Data); - } - } -} - -static void genNamesCreate(void *arg) -{ - CE_GeneralNames *names = (CE_GeneralNames *)arg; - names->numNames = genRand(1, 3); - // one at a time - //names->numNames = 1; - names->generalName = (CE_GeneralName *)malloc(names->numNames * - sizeof(CE_GeneralName)); - memset(names->generalName, 0, names->numNames * sizeof(CE_GeneralName)); - - for(unsigned i=0; inumNames; i++) { - CE_GeneralName *name = &names->generalName[i]; - genNameCreate(name); - } -} - -static unsigned genNameCompare( - CE_GeneralName *npre, - CE_GeneralName *npost) -{ - unsigned rtn = 0; - if(npre->nameType != npost->nameType) { - printf("***CE_GeneralName.nameType miscompare\n"); - rtn++; - } - if(compBool(npre->berEncoded, npost->berEncoded, - "CE_GeneralName.berEncoded")) { - rtn++; - } - - /* nameType-specific compare */ - switch(npre->nameType) { - case GNT_RFC822Name: - rtn += compCssmData(npre->name, npost->name, - "CE_GeneralName.RFC822Name"); - break; - case GNT_DNSName: - rtn += compCssmData(npre->name, npost->name, - "CE_GeneralName.DNSName"); - break; - case GNT_URI: - rtn += compCssmData(npre->name, npost->name, - "CE_GeneralName.URI"); - break; - case GNT_IPAddress: - rtn += compCssmData(npre->name, npost->name, - "CE_GeneralName.RFIPAddressC822Name"); - break; - case GNT_RegisteredID: - rtn += compCssmData(npre->name, npost->name, - "CE_GeneralName.RegisteredID"); - break; - case GNT_DirectoryName: - rtn += x509NameCompare((CSSM_X509_NAME_PTR)npre->name.Data, - (CSSM_X509_NAME_PTR)npost->name.Data); - break; - default: - printf("****BRRZAP! genNamesCompare needs work\n"); - rtn++; - } - return rtn; -} - -static unsigned genNamesCompare(const void *pre, const void *post) -{ - const CE_GeneralNames *gnPre = (CE_GeneralNames *)pre; - const CE_GeneralNames *gnPost = (CE_GeneralNames *)post; - unsigned rtn = 0; - - if((gnPre == NULL) || (gnPost == NULL)) { - printf("***Bad GenNames pointer\n"); - return 1; - } - if(gnPre->numNames != gnPost->numNames) { - printf("***CE_GeneralNames.numNames miscompare\n"); - return 1; - } - for(unsigned dex=0; dexnumNames; dex++) { - CE_GeneralName *npre = &gnPre->generalName[dex]; - CE_GeneralName *npost = &gnPost->generalName[dex]; - rtn += genNameCompare(npre, npost); - } - return rtn; -} - - -static void genNameFree(CE_GeneralName *n) -{ - switch(n->nameType) { - case GNT_DirectoryName: - x509NameFree((CSSM_X509_NAME_PTR)n->name.Data); - CSSM_FREE(n->name.Data); - break; - default: - CSSM_FREE(n->name.Data); - break; - } -} - - -static void genNamesFree(void *arg) -{ - const CE_GeneralNames *gn = (CE_GeneralNames *)arg; - for(unsigned dex=0; dexnumNames; dex++) { - CE_GeneralName *n = (CE_GeneralName *)&gn->generalName[dex]; - genNameFree(n); - } - free(gn->generalName); -} - -#pragma mark --- CE_CRLDistPointsSyntax --- -static void cdpCreate(void *arg) -{ - CE_CRLDistPointsSyntax *cdp = (CE_CRLDistPointsSyntax *)arg; - //cdp->numDistPoints = genRand(1,3); - // one at a time - cdp->numDistPoints = 1; - unsigned len = sizeof(CE_CRLDistributionPoint) * cdp->numDistPoints; - cdp->distPoints = (CE_CRLDistributionPoint *)malloc(len); - memset(cdp->distPoints, 0, len); - - for(unsigned dex=0; dexnumDistPoints; dex++) { - CE_CRLDistributionPoint *pt = &cdp->distPoints[dex]; - - /* all fields optional */ - if(randBool()) { - CE_DistributionPointName *dpn = pt->distPointName = - (CE_DistributionPointName *)malloc( - sizeof(CE_DistributionPointName)); - memset(dpn, 0, sizeof(CE_DistributionPointName)); - - /* CE_DistributionPointName has two flavors */ - if(randBool()) { - dpn->nameType = CE_CDNT_FullName; - dpn->dpn.fullName = (CE_GeneralNames *)malloc( - sizeof(CE_GeneralNames)); - memset(dpn->dpn.fullName, 0, sizeof(CE_GeneralNames)); - genNamesCreate(dpn->dpn.fullName); - } - else { - dpn->nameType = CE_CDNT_NameRelativeToCrlIssuer; - dpn->dpn.rdn = (CSSM_X509_RDN_PTR)malloc( - sizeof(CSSM_X509_RDN)); - memset(dpn->dpn.rdn, 0, sizeof(CSSM_X509_RDN)); - rdnCreate(dpn->dpn.rdn); - } - } /* creating CE_DistributionPointName */ - - pt->reasonsPresent = randBool(); - if(pt->reasonsPresent) { - CE_CrlDistReasonFlags *cdr = &pt->reasons; - /* set two random valid bits */ - *cdr = 0; - *cdr |= 1 << genRand(0,7); - *cdr |= 1 << genRand(0,7); - } - - /* make sure at least one present */ - if((!pt->distPointName && !pt->reasonsPresent) || randBool()) { - pt->crlIssuer = (CE_GeneralNames *)malloc(sizeof(CE_GeneralNames)); - memset(pt->crlIssuer, 0, sizeof(CE_GeneralNames)); - genNamesCreate(pt->crlIssuer); - } - } -} - -static unsigned cdpCompare(const void *pre, const void *post) -{ - CE_CRLDistPointsSyntax *cpre = (CE_CRLDistPointsSyntax *)pre; - CE_CRLDistPointsSyntax *cpost = (CE_CRLDistPointsSyntax *)post; - - if(cpre->numDistPoints != cpost->numDistPoints) { - printf("***CE_CRLDistPointsSyntax.numDistPoints miscompare\n"); - return 1; - } - unsigned rtn = 0; - for(unsigned dex=0; dexnumDistPoints; dex++) { - CE_CRLDistributionPoint *ptpre = &cpre->distPoints[dex]; - CE_CRLDistributionPoint *ptpost = &cpost->distPoints[dex]; - - if(ptpre->distPointName) { - if(ptpost->distPointName == NULL) { - printf("***NULL distPointName post decode\n"); - rtn++; - goto checkReason; - } - CE_DistributionPointName *dpnpre = ptpre->distPointName; - CE_DistributionPointName *dpnpost = ptpost->distPointName; - if(dpnpre->nameType != dpnpost->nameType) { - printf("***CE_DistributionPointName.nameType miscompare\n"); - rtn++; - goto checkReason; - } - if(dpnpre->nameType == CE_CDNT_FullName) { - rtn += genNamesCompare(dpnpre->dpn.fullName, dpnpost->dpn.fullName); - } - else { - rtn += rdnCompare(dpnpre->dpn.rdn, dpnpost->dpn.rdn); - } - - } - else if(ptpost->distPointName != NULL) { - printf("***NON NULL distPointName post decode\n"); - rtn++; - } - - checkReason: - if(ptpre->reasons != ptpost->reasons) { - printf("***CE_CRLDistributionPoint.reasons miscompare\n"); - rtn++; - } - - if(ptpre->crlIssuer) { - if(ptpost->crlIssuer == NULL) { - printf("***NULL crlIssuer post decode\n"); - rtn++; - continue; - } - CE_GeneralNames *gnpre = ptpre->crlIssuer; - CE_GeneralNames *gnpost = ptpost->crlIssuer; - rtn += genNamesCompare(gnpre, gnpost); - } - else if(ptpost->crlIssuer != NULL) { - printf("***NON NULL crlIssuer post decode\n"); - rtn++; - } - } - return rtn; -} - -static void cdpFree(void *arg) -{ - CE_CRLDistPointsSyntax *cdp = (CE_CRLDistPointsSyntax *)arg; - for(unsigned dex=0; dexnumDistPoints; dex++) { - CE_CRLDistributionPoint *pt = &cdp->distPoints[dex]; - if(pt->distPointName) { - CE_DistributionPointName *dpn = pt->distPointName; - if(dpn->nameType == CE_CDNT_FullName) { - genNamesFree(dpn->dpn.fullName); - free(dpn->dpn.fullName); - } - else { - rdnFree(dpn->dpn.rdn); - free(dpn->dpn.rdn); - } - free(dpn); - } - - if(pt->crlIssuer) { - genNamesFree(pt->crlIssuer); - free(pt->crlIssuer); - } - } - free(cdp->distPoints); -} - -#pragma mark --- CE_AuthorityKeyID --- -static void authKeyIdCreate(void *arg) -{ - CE_AuthorityKeyID *akid = (CE_AuthorityKeyID *)arg; - - /* all three fields optional */ - - akid->keyIdentifierPresent = randBool(); - if(akid->keyIdentifierPresent) { - randData(&akid->keyIdentifier, 16); - } - - akid->generalNamesPresent = randBool(); - if(akid->generalNamesPresent) { - akid->generalNames = - (CE_GeneralNames *)malloc(sizeof(CE_GeneralNames)); - memset(akid->generalNames, 0, sizeof(CE_GeneralNames)); - genNamesCreate(akid->generalNames); - } - - if(!akid->keyIdentifierPresent & !akid->generalNamesPresent) { - /* force at least one to be present */ - akid->serialNumberPresent = CSSM_TRUE; - } - else { - akid->serialNumberPresent = randBool(); - } - if(akid->serialNumberPresent) { - randData(&akid->serialNumber, 16); - } - -} - -static unsigned authKeyIdCompare(const void *pre, const void *post) -{ - CE_AuthorityKeyID *akpre = (CE_AuthorityKeyID *)pre; - CE_AuthorityKeyID *akpost = (CE_AuthorityKeyID *)post; - unsigned rtn = 0; - - if(compBool(akpre->keyIdentifierPresent, akpost->keyIdentifierPresent, - "CE_AuthorityKeyID.keyIdentifierPresent")) { - rtn++; - } - else if(akpre->keyIdentifierPresent) { - rtn += compCssmData(akpre->keyIdentifier, - akpost->keyIdentifier, "CE_AuthorityKeyID.keyIdentifier"); - } - - if(compBool(akpre->generalNamesPresent, akpost->generalNamesPresent, - "CE_AuthorityKeyID.generalNamesPresent")) { - rtn++; - } - else if(akpre->generalNamesPresent) { - rtn += genNamesCompare(akpre->generalNames, - akpost->generalNames); - } - - if(compBool(akpre->serialNumberPresent, akpost->serialNumberPresent, - "CE_AuthorityKeyID.serialNumberPresent")) { - rtn++; - } - else if(akpre->serialNumberPresent) { - rtn += compCssmData(akpre->serialNumber, - akpost->serialNumber, "CE_AuthorityKeyID.serialNumber"); - } - return rtn; -} - -static void authKeyIdFree(void *arg) -{ - CE_AuthorityKeyID *akid = (CE_AuthorityKeyID *)arg; - - if(akid->keyIdentifier.Data) { - free(akid->keyIdentifier.Data); - } - if(akid->generalNames) { - genNamesFree(akid->generalNames); // genNamesCreate mallocd - free(akid->generalNames); // we mallocd - } - if(akid->serialNumber.Data) { - free(akid->serialNumber.Data); - } -} - -#pragma mark --- CE_CertPolicies --- - -/* random OIDs, pick 1..NUM_CP_OIDS */ -static CSSM_OID cpOids[] = -{ - CSSMOID_EmailAddress, - CSSMOID_UnstructuredName, - CSSMOID_ContentType, - CSSMOID_MessageDigest -}; -#define NUM_CP_OIDS 4 - -/* CPS strings, pick one of NUM_CPS_STR */ -static char *someCPSs[] = -{ - (char *)"http://www.apple.com", - (char *)"https://cdnow.com", - (char *)"ftp:backwards.com" -}; -#define NUM_CPS_STR 3 - -/* make these looks like real sequences */ -static uint8 someUnotice[] = {0x30, 0x03, BER_TAG_BOOLEAN, 1, 0xff}; -static uint8 someOtherData[] = {0x30, 0x02, BER_TAG_NULL, 0}; - -static void cpCreate(void *arg) -{ - CE_CertPolicies *cp = (CE_CertPolicies *)arg; - cp->numPolicies = genRand(1,3); - //cp->numPolicies = 1; - unsigned len = sizeof(CE_PolicyInformation) * cp->numPolicies; - cp->policies = (CE_PolicyInformation *)malloc(len); - memset(cp->policies, 0, len); - - for(unsigned polDex=0; polDexnumPolicies; polDex++) { - CE_PolicyInformation *pi = &cp->policies[polDex]; - unsigned die = genRand(1, NUM_CP_OIDS); - pi->certPolicyId = cpOids[die - 1]; - unsigned numQual = genRand(1,3); - pi->numPolicyQualifiers = numQual; - len = sizeof(CE_PolicyQualifierInfo) * numQual; - pi->policyQualifiers = (CE_PolicyQualifierInfo *) - malloc(len); - memset(pi->policyQualifiers, 0, len); - for(unsigned cpiDex=0; cpiDexpolicyQualifiers[cpiDex]; - if(randBool()) { - qi->policyQualifierId = CSSMOID_QT_CPS; - die = genRand(1, NUM_CPS_STR); - qi->qualifier.Data = (uint8 *)someCPSs[die - 1]; - qi->qualifier.Length = strlen((char *)qi->qualifier.Data); - } - else { - qi->policyQualifierId = CSSMOID_QT_UNOTICE; - if(randBool()) { - qi->qualifier.Data = someUnotice; - qi->qualifier.Length = 5; - } - else { - qi->qualifier.Data = someOtherData; - qi->qualifier.Length = 4; - } - } - } - } -} - -static unsigned cpCompare(const void *pre, const void *post) -{ - CE_CertPolicies *cppre = (CE_CertPolicies *)pre; - CE_CertPolicies *cppost = (CE_CertPolicies *)post; - - if(cppre->numPolicies != cppost->numPolicies) { - printf("CE_CertPolicies.numPolicies mismatch\n"); - return 1; - } - unsigned rtn = 0; - for(unsigned polDex=0; polDexnumPolicies; polDex++) { - CE_PolicyInformation *pipre = &cppre->policies[polDex]; - CE_PolicyInformation *pipost = &cppost->policies[polDex]; - rtn += compCssmData(pipre->certPolicyId, pipost->certPolicyId, - "CE_PolicyInformation.certPolicyId"); - if(pipre->numPolicyQualifiers != pipost->numPolicyQualifiers) { - printf("CE_PolicyInformation.CE_PolicyInformation mismatch\n"); - rtn++; - continue; - } - - for(unsigned qiDex=0; qiDexnumPolicyQualifiers; qiDex++) { - CE_PolicyQualifierInfo *qipre = &pipre->policyQualifiers[qiDex]; - CE_PolicyQualifierInfo *qipost = &pipost->policyQualifiers[qiDex]; - rtn += compCssmData(qipre->policyQualifierId, - qipost->policyQualifierId, - "CE_PolicyQualifierInfo.policyQualifierId"); - rtn += compCssmData(qipre->qualifier, - qipost->qualifier, - "CE_PolicyQualifierInfo.qualifier"); - } - } - return rtn; -} - -static void cpFree(void *arg) -{ - CE_CertPolicies *cp = (CE_CertPolicies *)arg; - for(unsigned polDex=0; polDexnumPolicies; polDex++) { - CE_PolicyInformation *pi = &cp->policies[polDex]; - free(pi->policyQualifiers); - } - free(cp->policies); -} - -#pragma mark --- CE_AuthorityInfoAccess --- - -/* random OIDs, pick 1..NUM_AI_OIDS */ -static CSSM_OID aiOids[] = -{ - CSSMOID_AD_OCSP, - CSSMOID_AD_CA_ISSUERS, - CSSMOID_AD_TIME_STAMPING, - CSSMOID_AD_CA_REPOSITORY -}; -#define NUM_AI_OIDS 4 - -static void aiaCreate(void *arg) -{ - CE_AuthorityInfoAccess *aia = (CE_AuthorityInfoAccess *)arg; - aia->numAccessDescriptions = genRand(1,3); - unsigned len = aia->numAccessDescriptions * sizeof(CE_AccessDescription); - aia->accessDescriptions = (CE_AccessDescription *)malloc(len); - memset(aia->accessDescriptions, 0, len); - - for(unsigned dex=0; dexnumAccessDescriptions; dex++) { - CE_AccessDescription *ad = &aia->accessDescriptions[dex]; - int die = genRand(1, NUM_AI_OIDS); - ad->accessMethod = aiOids[die - 1]; - genNameCreate(&ad->accessLocation); - } -} - -static unsigned aiaCompare(const void *pre, const void *post) -{ - CE_AuthorityInfoAccess *apre = (CE_AuthorityInfoAccess *)pre; - CE_AuthorityInfoAccess *apost = (CE_AuthorityInfoAccess *)post; - unsigned rtn = 0; - - if(apre->numAccessDescriptions != apost->numAccessDescriptions) { - printf("***CE_AuthorityInfoAccess.numAccessDescriptions miscompare\n"); - return 1; - } - for(unsigned dex=0; dexnumAccessDescriptions; dex++) { - CE_AccessDescription *adPre = &apre->accessDescriptions[dex]; - CE_AccessDescription *adPost = &apost->accessDescriptions[dex]; - if(compCssmData(adPre->accessMethod, adPost->accessMethod, - "CE_AccessDescription.accessMethod")) { - rtn++; - } - rtn += genNameCompare(&adPre->accessLocation, &adPost->accessLocation); - } - return rtn; -} - -static void aiaFree(void *arg) -{ - CE_AuthorityInfoAccess *aia = (CE_AuthorityInfoAccess *)arg; - for(unsigned dex=0; dexnumAccessDescriptions; dex++) { - CE_AccessDescription *ad = &aia->accessDescriptions[dex]; - genNameFree(&ad->accessLocation); - } - free(aia->accessDescriptions); -} - -#pragma mark --- test definitions --- - -/* - * Define one extension test. - */ - -/* - * Cook up this extension with random, reasonable values. - * Incoming pointer refers to extension-specific C struct, mallocd - * and zeroed by main test routine. - */ -typedef void (*extenCreateFcn)(void *arg); - -/* - * Compare two instances of this extension. Return number of - * compare errors. - */ -typedef unsigned (*extenCompareFcn)( - const void *preEncode, - const void *postEncode); - -/* - * Free struct components mallocd in extenCreateFcn. Do not free - * the outer struct. - */ -typedef void (*extenFreeFcn)(void *arg); - -typedef struct { - /* three extension-specific functions */ - extenCreateFcn createFcn; - extenCompareFcn compareFcn; - extenFreeFcn freeFcn; - - /* size of C struct passed to all three functions */ - unsigned extenSize; - - /* the CE_DataType for this extension, used on encode */ - CE_DataType extenType; - - /* the OID for this extension, tested on decode */ - CSSM_OID extenOid; - - /* description for error logging and blob writing */ - const char *extenDescr; - - /* command-line letter for this one */ - char extenLetter; - -} ExtenTest; - -/* empty freeFcn means no extension-specific resources to free */ -#define NO_FREE NULL - -static ExtenTest extenTests[] = { - { kuCreate, kuCompare, NO_FREE, - sizeof(CE_KeyUsage), - DT_KeyUsage, CSSMOID_KeyUsage, - "KeyUsage", 'k' }, - { bcCreate, bcCompare, NO_FREE, - sizeof(CE_BasicConstraints), - DT_BasicConstraints, CSSMOID_BasicConstraints, - "BasicConstraints", 'b' }, - { ekuCreate, ekuCompare, NO_FREE, - sizeof(CE_ExtendedKeyUsage), - DT_ExtendedKeyUsage, CSSMOID_ExtendedKeyUsage, - "ExtendedKeyUsage", 'x' }, - { skidCreate, skidCompare, skidFree, - sizeof(CSSM_DATA), - DT_SubjectKeyID, CSSMOID_SubjectKeyIdentifier, - "SubjectKeyID", 's' }, - { authKeyIdCreate, authKeyIdCompare, authKeyIdFree, - sizeof(CE_AuthorityKeyID), - DT_AuthorityKeyID, CSSMOID_AuthorityKeyIdentifier, - "AuthorityKeyID", 'a' }, - { genNamesCreate, genNamesCompare, genNamesFree, - sizeof(CE_GeneralNames), - DT_SubjectAltName, CSSMOID_SubjectAltName, - "SubjectAltName", 't' }, - { genNamesCreate, genNamesCompare, genNamesFree, - sizeof(CE_GeneralNames), - DT_IssuerAltName, CSSMOID_IssuerAltName, - "IssuerAltName", 'i' }, - { nctCreate, nctCompare, NO_FREE, - sizeof(CE_NetscapeCertType), - DT_NetscapeCertType, CSSMOID_NetscapeCertType, - "NetscapeCertType", 'n' }, - { cdpCreate, cdpCompare, cdpFree, - sizeof(CE_CRLDistPointsSyntax), - DT_CrlDistributionPoints, CSSMOID_CrlDistributionPoints, - "CRLDistPoints", 'p' }, - { cpCreate, cpCompare, cpFree, - sizeof(CE_CertPolicies), - DT_CertPolicies, CSSMOID_CertificatePolicies, - "CertPolicies", 'c' }, - { aiaCreate, aiaCompare, aiaFree, - sizeof(CE_AuthorityInfoAccess), - DT_AuthorityInfoAccess, CSSMOID_AuthorityInfoAccess, - "AuthorityInfoAccess", 'A' }, - #if 0 - /* TP doesn't have this, neither does certextensions.h! */ - { aiaCreate, aiaCompare, aiaFree, - sizeof(CE_AuthorityInfoAccess), CSSMOID_SubjectInfoAccess, - "SubjectInfoAccess", 'S' }, - #endif -}; - -#define NUM_EXTEN_TESTS (sizeof(extenTests) / sizeof(ExtenTest)) - -static void printExtenPre( - CE_DataAndType *extenData, - CSSM_OID *extenOid, - OidParser &parser) -{ - CSSM_FIELD field; - CSSM_X509_EXTENSION extn; - - /* - * Convert pre-digested into CSSM_X509_EXTENSION that - * printCertField() can understand - */ - extn.extnId = *extenOid; - extn.critical = extenData->critical; - extn.format = CSSM_X509_DATAFORMAT_PARSED; - extn.value.parsedValue = &extenData->extension; - field.FieldOid = *extenOid; - field.FieldValue.Data = (uint8 *)&extn; - field.FieldValue.Length = sizeof(CSSM_X509_EXTENSION); - printf("=== PRE-ENCODE:\n"); - printCertField(field, parser, CSSM_TRUE); -} - - -static void printExten( - CSSM_X509_EXTENSION &extn, - OidParser &parser) -{ - CSSM_FIELD field; - field.FieldOid = extn.extnId; - field.FieldValue.Data = (uint8 *)&extn; - field.FieldValue.Length = sizeof(CSSM_X509_EXTENSION); - printf("=== POST-DECODE:\n"); - printCertField(field, parser, CSSM_TRUE); -} - -static int doTest( - CSSM_CL_HANDLE clHand, - CSSM_TP_HANDLE tpHand, - CSSM_CSP_HANDLE cspHand, - ExtenTest &extenTest, - bool writeBlobs, - const char *constFileName, // all blobs to this file if non-NULL - bool displayExtens, - OidParser &parser) -{ - CSSM_APPLE_TP_CERT_REQUEST certReq; - CSSM_TP_REQUEST_SET reqSet; - sint32 estTime; - CSSM_BOOL confirmRequired; - CSSM_TP_RESULT_SET_PTR resultSet; - CSSM_ENCODED_CERT *encCert; - CSSM_TP_CALLERAUTH_CONTEXT CallerAuthContext; - CSSM_FIELD policyId; - CE_DataAndType extPre; - CSSM_RETURN crtn; - CSSM_DATA refId; // mallocd by CSSM_TP_SubmitCredRequest - CSSM_DATA signedCert = {0, NULL}; - - memset(&certReq, 0, sizeof(certReq)); - memset(&extPre, 0, sizeof(extPre)); - - /* - * Cook up a random and reasonable instance of the C struct - * associated with this extension. - */ - extenTest.createFcn(&extPre.extension); - - /* - * Cook up the associated CSSM_X509_EXTENSION. - */ - extPre.type = extenTest.extenType; - extPre.critical = randBool(); - - /* - * Now the cert request proper. - */ - certReq.cspHand = cspHand; - certReq.clHand = clHand; - certReq.serialNumber = 0x8765; - certReq.numSubjectNames = NUM_DUMMY_NAMES; - certReq.subjectNames = dummyRdn; - certReq.numIssuerNames = NUM_DUMMY_NAMES; - certReq.issuerNames = dummyRdn; - certReq.certPublicKey = &subjPubKey; - certReq.issuerPrivateKey = &subjPrivKey; - certReq.signatureAlg = CSSM_ALGID_SHA1WithRSA; - certReq.signatureOid = SIG_OID; - certReq.notBefore = 0; // now - certReq.notAfter = 10000; // seconds from now - certReq.numExtensions = 1; - certReq.extensions = &extPre; - - reqSet.NumberOfRequests = 1; - reqSet.Requests = &certReq; - - /* a big CSSM_TP_CALLERAUTH_CONTEXT just to specify an OID */ - memset(&CallerAuthContext, 0, sizeof(CSSM_TP_CALLERAUTH_CONTEXT)); - memset(&policyId, 0, sizeof(CSSM_FIELD)); - policyId.FieldOid = CSSMOID_APPLE_TP_LOCAL_CERT_GEN; - CallerAuthContext.Policy.NumberOfPolicyIds = 1; - CallerAuthContext.Policy.PolicyIds = &policyId; - - /* GO */ - crtn = CSSM_TP_SubmitCredRequest(tpHand, - NULL, // PreferredAuthority - CSSM_TP_AUTHORITY_REQUEST_CERTISSUE, - &reqSet, - &CallerAuthContext, - &estTime, - &refId); - if(crtn) { - printError("CSSM_TP_SubmitCredRequest", crtn); - /* show what we tried to encode and decode */ - printExtenPre(&extPre, &extenTest.extenOid, parser); - return 1; - } - crtn = CSSM_TP_RetrieveCredResult(tpHand, - &refId, - NULL, // CallerAuthCredentials - &estTime, - &confirmRequired, - &resultSet); // leaks..... - if(crtn) { - printError("CSSM_TP_RetrieveCredResult", crtn); - /* show what we tried to encode and decode */ - printExtenPre(&extPre, &extenTest.extenOid, parser); - return 1; - } - if(resultSet == NULL) { - printf("***CSSM_TP_RetrieveCredResult returned NULL result set.\n"); - /* show what we tried to encode and decode */ - printExtenPre(&extPre, &extenTest.extenOid, parser); - return 1; - } - encCert = (CSSM_ENCODED_CERT *)resultSet->Results; - signedCert = encCert->CertBlob; - - if(writeBlobs) { - char fileName[200]; - if(constFileName) { - strcpy(fileName, constFileName); - } - else { - sprintf(fileName, "%scert.der", extenTest.extenDescr); - } - writeFile(fileName, signedCert.Data, signedCert.Length); - printf("...wrote %lu bytes to %s\n", signedCert.Length, fileName); - } - - /* snag the same extension from the encoded cert */ - CSSM_DATA_PTR postField; - CSSM_HANDLE resultHand; - uint32 numFields; - - crtn = CSSM_CL_CertGetFirstFieldValue(clHand, - &signedCert, - &extenTest.extenOid, - &resultHand, - &numFields, - &postField); - if(crtn) { - printf("****Extension field not found on decode for %s\n", - extenTest.extenDescr); - printError("CSSM_CL_CertGetFirstFieldValue", crtn); - - /* show what we tried to encode and decode */ - printExtenPre(&extPre, &extenTest.extenOid, parser); - return 1; - } - - if(numFields != 1) { - printf("****GetFirstFieldValue: expect 1 value, got %u\n", - (unsigned)numFields); - return 1; - } - CSSM_CL_CertAbortQuery(clHand, resultHand); - - /* verify the fields we generated */ - CSSM_X509_EXTENSION *extnPost = (CSSM_X509_EXTENSION *)postField->Data; - if((extnPost == NULL) || - (postField->Length != sizeof(CSSM_X509_EXTENSION))) { - printf("***Malformed CSSM_X509_EXTENSION (1) after decode\n"); - return 1; - } - int rtn = 0; - rtn += compBool(extPre.critical, extnPost->critical, - "CSSM_X509_EXTENSION.critical"); - rtn += compCssmData(extenTest.extenOid, extnPost->extnId, - "CSSM_X509_EXTENSION.extnId"); - - if(extnPost->format != CSSM_X509_DATAFORMAT_PARSED) { - printf("***Expected CSSM_X509_DATAFORMAT_PARSED (%x(x), got %x(x)\n", - CSSM_X509_DATAFORMAT_PARSED, extnPost->format); - } - if(extnPost->value.parsedValue == NULL) { - printf("***no parsedValue pointer!\n"); - return 1; - } - - /* down to extension-specific compare */ - rtn += extenTest.compareFcn(&extPre.extension, extnPost->value.parsedValue); - - if(rtn) { - /* print preencode only on error */ - printExtenPre(&extPre, &extenTest.extenOid, parser); - } - if(displayExtens || rtn) { - printExten(*extnPost, parser); - } - - /* free the allocated data */ - if(extenTest.freeFcn) { - extenTest.freeFcn(&extPre.extension); - } - CSSM_CL_FreeFieldValue(clHand, &extenTest.extenOid, postField); - CSSM_FREE(signedCert.Data); - CSSM_FREE(encCert); - CSSM_FREE(resultSet); - return rtn; -} - -static void doPause(bool pause) -{ - if(!pause) { - return; - } - fpurge(stdin); - printf("CR to continue "); - getchar(); -} - -int main(int argc, char **argv) -{ - CSSM_CL_HANDLE clHand; - CSSM_TP_HANDLE tpHand; - CSSM_CSP_HANDLE cspHand; - CSSM_RETURN crtn; - int arg; - int rtn; - OidParser parser; - char *argp; - unsigned i; - - /* user-specificied params */ - unsigned minExtenNum = 0; - unsigned maxExtenNum = NUM_EXTEN_TESTS-1; - bool writeBlobs = false; - bool displayExtens = false; - bool quiet = false; - unsigned loops = LOOPS_DEF; - bool pauseLoop = false; - bool pauseCert = false; - const char *constFileName = NULL; - - for(arg=1; argaXzx&8Ce;a8+#cH8atU98yQYS=H830 zzWJu`Tz;gC=V?)aIh9>a`;T9&6V`lqGeNDT`=sdhgI%wa&0dvBlv>2CX$$^#|AxQm z{=nK*Yj35OKRR zOVsUmpP0RTwe+9IP2NHY*=rTdd$)c*-O0qv$iTR`i7~~Xi7^2jAF{$MOa=@F+(5s` z^0TloGqEl(umN%8SxgO#4Gb6PFVJn%&L}AP&@#|qeKGy_Egc>{JfR&73JCMgz?{->9v+Sc^;WgkA@ zkafjFLZ@0%&p=g78EQvPetJHN9r|U(U@?$Ms9Auyjv=$i;pnY8%{PMgt|v@qX7}~( z`k{Q7L;J6k#w@jOdQUqQa?khN$=Vc^ziO(4#NlHRM$TGYU+unDE^@nj{9tv7;w69o z>s1A!(mvl9rwJ4Xt)7e& Nk8i%VD)H!PW&nH?DSH3_ diff --git a/SecurityTests/clxutils/extendAttrTest/extendAttrTest.cpp b/SecurityTests/clxutils/extendAttrTest/extendAttrTest.cpp deleted file mode 100644 index ee4fc2dd..00000000 --- a/SecurityTests/clxutils/extendAttrTest/extendAttrTest.cpp +++ /dev/null @@ -1,526 +0,0 @@ -/* - * extendAttrTest.cpp - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#define DEFAULT_KC_NAME "extendAttr.keychain" - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" -k keychain -- default is %s\n", DEFAULT_KC_NAME); - printf(" -n -- don't delete attributes or keychain\n"); - printf(" -q -- quiet\n"); - exit(1); -} - -/* RSA keys, both in OpenSSL format */ -#define PUB_KEY "rsakey_pub.der" -#define PRIV_KEY "rsakey_priv.der" -#define CERT_FILE "amazon_v3.100.cer" -#define PWD_SERVICE "some service" -#define PWD_ACCOUNT "some account" -#define PWD_PWD "some password" - -/* set up unique extended attributes for each tested item */ -typedef struct { - CFStringRef attr1Name; - const char *attr1Value; - CFStringRef attr2Name; - const char *attr2Value; -} ItemAttrs; - -static const ItemAttrs pubKeyAttrs = { - CFSTR("one pub key Attribute"), - "some pub key value", - CFSTR("another pub key Attribute"), - "another pub key value" -}; - -static const ItemAttrs privKeyAttrs = { - CFSTR("one priv key Attribute"), - "some priv key value", - CFSTR("another priv key Attribute"), - "another priv key value" -}; - -static const ItemAttrs certAttrs = { - CFSTR("one cert Attribute"), - "some cert value", - CFSTR("another cert Attribute"), - "another cert value" -}; - -static const ItemAttrs pwdAttrs = { - CFSTR("one pwd Attribute"), - "some pwd value", - CFSTR("another pwd Attribute"), - "another pwd value" -}; - -#define CFRELEASE(cf) if(cf) { CFRelease(cf); } - -/* import file as key into specified keychain */ -static int doImportKey( - const char *fileName, - SecExternalFormat format, - SecExternalItemType itemType, - SecKeychainRef kcRef, - SecKeyRef *keyRef) // RETURNED -{ - unsigned char *item = NULL; - unsigned itemLen = 0; - - if(readFile(fileName, &item, &itemLen)) { - printf("***Error reading %s. \n", fileName); - } - CFDataRef cfd = CFDataCreate(NULL, (const UInt8 *)item, itemLen); - free(item); - SecKeyImportExportParameters params; - memset(¶ms, 0, sizeof(params)); - params.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; - params.keyUsage = CSSM_KEYUSE_ANY; - params.keyAttributes = CSSM_KEYATTR_PERMANENT; - if(itemType == kSecItemTypePrivateKey) { - params.keyAttributes |= CSSM_KEYATTR_SENSITIVE; - } - CFArrayRef outArray = NULL; - OSStatus ortn; - ortn = SecKeychainItemImport(cfd, NULL, &format, &itemType, 0, ¶ms, kcRef, &outArray); - if(ortn) { - cssmPerror("SecKeychainItemImport", ortn); - } - CFRelease(cfd); - if(ortn) { - return -1; - } - if((outArray == NULL) || (CFArrayGetCount(outArray) == 0)) { - printf("SecKeychainItemImport succeeded, but no returned items\n"); - return -1; - } - *keyRef = (SecKeyRef)CFArrayGetValueAtIndex(outArray, 0); - if(CFGetTypeID(*keyRef) != SecKeyGetTypeID()) { - printf("***Unknown type returned after import\n"); - return -1; - } - CFRetain(*keyRef); - CFRelease(outArray); - return 0; -} - -/* import file as cert into specified keychain */ -static int doImportCert( - const char *fileName, - SecKeychainRef kcRef, - SecCertificateRef *certRef) // RETURNED -{ - unsigned char *item = NULL; - unsigned itemLen = 0; - - if(readFile(fileName, &item, &itemLen)) { - printf("***Error reading %s. \n", fileName); - return -1; - } - CSSM_DATA certData = {itemLen, (uint8 *)item}; - OSStatus ortn = SecCertificateCreateFromData(&certData, - CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_DER, certRef); - if(ortn) { - cssmPerror("SecCertificateCreateFromData", ortn); - return -1; - } - ortn = SecCertificateAddToKeychain(*certRef, kcRef); - if(ortn) { - cssmPerror("SecCertificateAddToKeychain", ortn); - return -1; - } - return 0; -} - -/* - * Verify specified attr does not exist - * set it - * make sure we get it back - */ -int testOneAttr( - SecKeychainItemRef itemRef, - CFStringRef attrName, - CFDataRef attrVal, - bool quiet) -{ - OSStatus ortn; - CFDataRef fetchedVal = NULL; - int ourRtn = 0; - - if(!quiet) { - printf(" ...verifying attribute doesn't exist\n"); - } - ortn = SecKeychainItemCopyExtendedAttribute(itemRef, attrName, &fetchedVal); - if(ortn != errSecNoSuchAttr) { - printf("***First SecKeychainItemCopyExtendedAttribute returned %d, expected %d\n", - (int)ortn, (int)errSecNoSuchAttr); - ourRtn = -1; - goto errOut; - } - if(!quiet) { - printf(" ...setting attribute\n"); - } - ortn = SecKeychainItemSetExtendedAttribute(itemRef, attrName, attrVal); - if(ortn) { - cssmPerror("SecKeychainItemSetExtendedAttribute", ortn); - ourRtn = -1; - goto errOut; - } - if(!quiet) { - printf(" ...verify attribute\n"); - } - ortn = SecKeychainItemCopyExtendedAttribute(itemRef, attrName, &fetchedVal); - if(ortn) { - cssmPerror("SecKeychainItemCopyExtendedAttribute", ortn); - ourRtn = -1; - goto errOut; - } - if(!CFEqual(fetchedVal, attrVal)) { - printf("***Mismatch in set and fetched attribute\n"); - ourRtn = -1; - } -errOut: - CFRELEASE(fetchedVal); - return ourRtn; -} - -/* - * Set two distinct extended attributes; - * Ensure that each comes back via SecKeychainItemCopyExtendedAttribute(); - * Ensure that both come back via SecKeychainItemCopyAllExtendedAttributes(); - */ -int doTest(SecKeychainItemRef itemRef, - const ItemAttrs &itemAttrs, - bool quiet) -{ - CFDataRef attrVal1 = CFDataCreate(NULL, - (const UInt8 *)itemAttrs.attr1Value, strlen(itemAttrs.attr1Value)); - if(testOneAttr(itemRef, itemAttrs.attr1Name, attrVal1, quiet)) { - return -1; - } - CFDataRef attrVal2 = CFDataCreate(NULL, - (const UInt8 *)itemAttrs.attr2Value, strlen(itemAttrs.attr2Value)); - if(testOneAttr(itemRef, itemAttrs.attr2Name, attrVal2, quiet)) { - return -1; - } - - if(!quiet) { - printf(" ...verify both attributes via CopyAllExtendedAttributes()\n"); - } - /* make sure they both come back in SecKeychainItemCopyAllExtendedAttributes */ - CFArrayRef attrNames = NULL; - CFArrayRef attrValues = NULL; - OSStatus ortn = SecKeychainItemCopyAllExtendedAttributes(itemRef, &attrNames, &attrValues); - if(ortn) { - cssmPerror("SecKeychainItemCopyAllExtendedAttributes", ortn); - return -1; - } - CFIndex numNames = CFArrayGetCount(attrNames); - CFIndex numValues = CFArrayGetCount(attrValues); - if((numNames != 2) || (numValues != 2)) { - printf("***Bad array count after SecKeychainItemCopyAllExtendedAttributes\n"); - printf(" numNames %ld numValues %ld; expected 2 for both\n", - (long)numNames, (long)numValues); - return -1; - } - bool found1 = false; - bool found2 = false; - for(CFIndex dex=0; dex>XT^UiC6n+Wgu$0 zMQ?Hfvrao+Fb0^&%~Dli4N3`nAn^%5u`8c_%>n}f009C(IWhxs&2vVFNNpHN zyf)-Z{&r~p-ZE1SA$5YOOVXWEK-`kk4AfjYRQL1>&iN6Myyp5_C<*4+TN%l@0wDnX zcP`YL&V)s+6EH(QFK2c-1}ptUMsN)Ytd&RUluZ*F zz(kO1s?c&3Q}c~wW-|gI0F%rXgQSgpwZBL0w5epq|Nu!d+WV5@7Ww`DIA}B R^Yh8xd=Pf4{W5R-3g?8okwO3f diff --git a/SecurityTests/clxutils/extendAttrTest/rsakey_pub.der b/SecurityTests/clxutils/extendAttrTest/rsakey_pub.der deleted file mode 100644 index c7f6f03acaf244723adf97e6028f47c38e25f544..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 94 zcmV-k0HOadTrdp=2`Yw2hW8Bt0RaU714{rfNCH6s`pgS|(WoZv@h@@md?yf?Ejq$T z;C-a(lW5_ISNmyYAZofrZ*l^&PCH&O2AIgrQdMCMN(p-)@d-b%E1!MM0s{d60U -#include -#include -#include -#include "singleItemPicker.h" -#include -#include -#include - -#define DEFAULT_ATTR_NAME "someAttr" - -static void usage(char **argv) -{ - printf("usage: %s op [options]\n", argv[0]); - printf("Op: set, get, delete, getall, dump\n"); - printf("Options:\n"); - printf(" -t itemType -- type = priv|pub|cert; default is public\n"); - printf(" -k keychain -- default is default KC list\n"); - printf(" -p -- use item picker; default is first matching item in keychain\n"); - printf(" -a attrName -- default is %s\n", DEFAULT_ATTR_NAME); - printf(" -A attrValue\n"); - printf(" -n -- no values retrieved on op getall\n"); - printf(" -l -- loop/pause for malloc debug\n"); - exit(1); -} - -#define CFRELEASE(cf) if(cf) { CFRelease(cf); } - -/* - * Print contents of a CFData assuming it's printable - */ -static void printCfData(CFDataRef cfd) -{ - CFIndex len = CFDataGetLength(cfd); - const UInt8 *cp = CFDataGetBytePtr(cfd); - for(CFIndex dex=0; dex>"); - return; - } - const char *cp = (const char *)CFDataGetBytePtr(strData); - CFIndex len = CFDataGetLength(strData); - for(CFIndex dex=0; dexlength; - const char *cp = (const char *)kca->data; - for(unsigned dex=0; dexname; nvp++) { - if(recordType == nvp->value) { - printf("%s", nvp->name); - return; - } - } - printf("Unknown recordType (0x%x)\n", (unsigned)recordType); - return; -} - - -static int dumpExtendAttrRecords( - SecKeychainRef kcRef) -{ - OSStatus ortn; - SecKeychainSearchRef srchRef = NULL; - - ortn = SecKeychainSearchCreateFromAttributes(kcRef, - CSSM_DL_DB_RECORD_EXTENDED_ATTRIBUTE, - NULL, // no attrs - give me everything - &srchRef); - if(ortn) { - cssmPerror("SecKeychainSearchCreateFromAttributes", ortn); - return -1; - } - - SecKeychainItemRef itemRef = NULL; - unsigned numItems = 0; - for(;;) { - ortn = SecKeychainSearchCopyNext(srchRef, &itemRef); - if(ortn) { - if(ortn == errSecItemNotFound) { - /* normal end of search */ - break; - } - else { - cssmPerror("SecKeychainSearchCopyNext", ortn); - break; - } - } - - /* get some info about the EA record - RecordType (that it's bound to) and - * AttributeName */ - UInt32 tags[2] = { kExtendedAttrRecordTypeAttr, kExtendedAttrAttributeNameAttr }; - UInt32 formats[2] = {0}; - SecKeychainAttributeList *attrList = NULL; - SecKeychainAttributeInfo attrInfo = {2, tags, formats}; - ortn = SecKeychainItemCopyAttributesAndData(itemRef, &attrInfo, - NULL, &attrList, NULL, NULL); - if(ortn) { - cssmPerror("SecKeychainItemCopyAttributesAndData", ortn); - return -1; - } - printf("Extended Attribute %u:\n", numItems); - for(unsigned dex=0; dex<2; dex++) { - SecKeychainAttribute *attr = &attrList->attr[dex]; - switch(attr->tag) { - case kExtendedAttrRecordTypeAttr: - printf(" Record type : "); - printRecordType(attr->data); - printf("\n"); - break; - - case kExtendedAttrAttributeNameAttr: - printf(" Attribute Name : "); - printAttribute(attr); - printf("\n"); - break; - break; - default: - /* should never happen, right? */ - printf("***Unexpected attr tag when parsing an ExtendedAttr record\n"); - return -1; - } - } - numItems++; - SecKeychainItemFreeAttributesAndData(attrList, NULL); - CFRelease(itemRef); - } - if(numItems == 0) { - printf("...no Extended Attribute records found.\n"); - } - CFRelease(srchRef); - return 0; -} - -typedef enum { - OP_None, - OP_Set, - OP_Get, - OP_Delete, - OP_GetAll, - OP_Dump // search for EXTENDED_ATTRIBUTE records, dump contents -} Op; - -int main(int argc, char **argv) -{ - const char *attrName = DEFAULT_ATTR_NAME; - const char *attrValue = NULL; - const char *kcName = NULL; - KP_ItemType itemType = KPI_PublicKey; - bool takeFirst = true; - bool noValues = false; - bool loopPause = false; - Op op = OP_None; - - if(argc < 2) { - usage(argv); - } - if(!strcmp(argv[1], "set")) { - op = OP_Set; - } - else if(!strcmp(argv[1], "get")) { - op = OP_Get; - } - else if(!strcmp(argv[1], "delete")) { - op = OP_Delete; - } - else if(!strcmp(argv[1], "getall")) { - op = OP_GetAll; - } - else if(!strcmp(argv[1], "dump")) { - op = OP_Dump; - } - else { - usage(argv); - - } - - extern int optind; - optind = 2; - extern char *optarg; - int arg; - while ((arg = getopt(argc, argv, "t:k:pa:A:nlh")) != -1) { - switch (arg) { - case 't': - if(!strcmp(optarg, "priv")) { - itemType = KPI_PrivateKey; - } - else if(!strcmp(optarg, "pub")) { - itemType = KPI_PublicKey; - } - else if(!strcmp(optarg, "cert")) { - itemType = KPI_Cert; - } - else { - printf("***Bad itemType specification.\n"); - usage(argv); - } - break; - case 'k': - kcName = optarg; - break; - case 'p': - takeFirst = false; - break; - case 'a': - attrName = optarg; - break; - case 'A': - attrValue = optarg; - break; - case 'n': - noValues = true; - break; - case 'l': - loopPause = true; - break; - case 'h': - usage(argv); - } - } - if(optind != argc) { - usage(argv); - } - - if((op == OP_Set) && (attrValue == NULL)) { - printf("***I Need an attribute values (-A) to set\n"); - exit(1); - } - - OSStatus ortn; - SecKeychainItemRef theItem = NULL; - SecKeychainRef kcRef = NULL; - - if(kcName) { - ortn = SecKeychainOpen(kcName, &kcRef); - if(ortn) { - cssmPerror("SecKeychainOpen", ortn); - exit(1); - } - } - - if(op == OP_Dump) { - /* we're ready to roll */ - return dumpExtendAttrRecords(kcRef); - } - ortn = singleItemPicker(kcRef, itemType, takeFirst, &theItem); - if(ortn) { - printf("***Error picking item. Aborting.\n"); - exit(1); - } - - CFStringRef attrNameStr = NULL; - CFDataRef attrValueData = NULL; - if(op != OP_GetAll) { - attrNameStr = CFStringCreateWithCString(NULL, attrName, kCFStringEncodingASCII); - } - - do { - switch(op) { - case OP_Set: - attrValueData = CFDataCreate(NULL, (const UInt8 *)attrValue, strlen(attrValue)); - ortn = SecKeychainItemSetExtendedAttribute(theItem, attrNameStr, attrValueData); - if(ortn) { - cssmPerror("SecKeychainItemSetExtendedAttribute", ortn); - } - else { - printf("attribute '%s' set to '%s'.\n", attrName, attrValue); - } - break; - case OP_Get: - ortn = SecKeychainItemCopyExtendedAttribute(theItem, - attrNameStr, &attrValueData); - if(ortn) { - cssmPerror("SecKeychainItemCopyExtendedAttribute", ortn); - } - else { - printf("Attribute '%s' found; value = '", attrName); - printCfData(attrValueData); - printf("'\n"); - } - break; - case OP_Delete: - ortn = SecKeychainItemSetExtendedAttribute(theItem, attrNameStr, NULL); - if(ortn) { - cssmPerror("SecKeychainItemSetExtendedAttribute", ortn); - } - else { - printf("attribute '%s' deleted.\n", attrName); - } - break; - case OP_GetAll: - { - CFArrayRef nameArray = NULL; - CFArrayRef valuesArray = NULL; - CFArrayRef *valuesArrayPtr = noValues ? NULL : &valuesArray; - - ortn = SecKeychainItemCopyAllExtendedAttributes(theItem, - &nameArray, valuesArrayPtr); - if(ortn) { - cssmPerror("SecKeychainItemCopyAllExtendedAttributes", ortn); - break; - } - if(nameArray == NULL) { - printf("***NULL nameArray after successful " - "SecKeychainItemCopyAllExtendedAttributes\n"); - ortn = -1; - break; - } - if(!noValues) { - if(valuesArray == NULL) { - printf("***NULL valuesArray after successful " - "SecKeychainItemCopyAllExtendedAttributes\n"); - ortn = -1; - break; - } - } - ortn = printAttrs(nameArray, valuesArray); - CFRELEASE(nameArray); - CFRELEASE(valuesArray); - break; - } - case OP_Dump: - /* already handled this; satisfy compiler */ - break; - case OP_None: - printf("***BRRRZAP!\n"); - exit(1); - } - if(ortn) { - break; - } - CFRELEASE(attrValueData); - attrValueData = NULL; - - if(loopPause) { - fpurge(stdin); - printf("End of loop; a to abort, anything else to continue: "); - if(getchar() == 'a') { - break; - } - } - } while(loopPause); - return ortn ? -1 : 0; -} diff --git a/SecurityTests/clxutils/extendAttrTool/singleItemPicker.cpp b/SecurityTests/clxutils/extendAttrTool/singleItemPicker.cpp deleted file mode 100644 index 792860da..00000000 --- a/SecurityTests/clxutils/extendAttrTool/singleItemPicker.cpp +++ /dev/null @@ -1,233 +0,0 @@ -/* - * Copyright (c) 2004,2006 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/* - * singleItemPicker.cpp - select a key or cert from a keychain - */ - -#include -#include -#include -#include -#include -#include /* for kcFileName() */ -#include /* for getKcItemAttr() */ -#include -#include "singleItemPicker.h" - -/* - * Class representing one item in the keychain. - */ -class SimplePickerItem -{ -public: - SimplePickerItem(SecKeychainItemRef itemRef); - ~SimplePickerItem(); - - CFDataRef getPrintName() { return mPrintName; } - SecKeychainItemRef itemRef() { return mItemRef; } - char *kcFile() { return mKcFile; } - -private: - SecKeychainItemRef mItemRef; - CFDataRef mPrintName; - char *mKcFile; // file name of keychain this lives on -}; - -SimplePickerItem::SimplePickerItem(SecKeychainItemRef itemRef) - : mItemRef(itemRef), - mPrintName(NULL), - mKcFile(NULL) -{ - OSStatus ortn = getKcItemAttr(itemRef, WA_PrintName, &mPrintName); - if(ortn) { - throw std::invalid_argument("printName attr not available"); - } - - /* stash name of the keychain this lives on */ - SecKeychainRef kcRef; - ortn = SecKeychainItemCopyKeychain(itemRef, &kcRef); - if(ortn) { - cssmPerror("SecKeychainItemCopyKeychain", ortn); - mKcFile = strdup("Unnamed keychain"); - } - else { - mKcFile = kcFileName(kcRef); - } - - mItemRef = mItemRef; - CFRetain(mItemRef); -} - -SimplePickerItem::~SimplePickerItem() -{ - if(mItemRef) { - CFRelease(mItemRef); - } - if(mPrintName) { - CFRelease(mPrintName); - } - if(mKcFile) { - free(mKcFile); - } -} - -typedef std::vector ItemVector; - -/* - * add SimplePickerItem objects of specified type to a ItemVector. - */ -static void getPickerItems( - SecKeychainRef kcRef, - SecItemClass itemClass, // CSSM_DL_DB_RECORD_{PRIVATE,PRIVATE}_KEY, etc. - ItemVector &itemVector) -{ - SecKeychainSearchRef srchRef = NULL; - SecKeychainItemRef kcItem; - - OSStatus ortn = SecKeychainSearchCreateFromAttributes(kcRef, - itemClass, - NULL, // any attrs - &srchRef); - if(ortn) { - cssmPerror("SecKeychainSearchCreateFromAttributes", ortn); - return; - } - do { - ortn = SecKeychainSearchCopyNext(srchRef, &kcItem); - if(ortn) { - break; - } - try { - SimplePickerItem *pickerItem = new SimplePickerItem(kcItem); - itemVector.push_back(pickerItem); - } - catch(...) { - printf("**** item failed SimplePickerItem constructor ***\n"); - /* but keep going */ - } - /* SimplePickerKey holds a ref */ - CFRelease(kcItem); - } while(ortn == noErr); - CFRelease(srchRef); -} - -/* - * Print contents of a CFData assuming it's printable - */ -static void printCfData(CFDataRef cfd) -{ - CFIndex len = CFDataGetLength(cfd); - const UInt8 *cp = CFDataGetBytePtr(cfd); - for(CFIndex dex=0; dex items; - - switch(itemType) { - case KPI_PrivateKey: - itemClass = kSecPrivateKeyItemClass; - break; - case KPI_PublicKey: - itemClass = kSecPublicKeyItemClass; - break; - case KPI_Cert: - itemClass = kSecCertificateItemClass; - break; - default: - printf("***BRRZAP! Wrong ItemType for singleItemPicker()\n"); - return paramErr; - } - /* First create a arrays of all of the items, parsed and ready for use */ - getPickerItems(kcRef, itemClass, items); - numItems = items.size(); - - if(numItems == 0) { - printf("...singleItemPicker: no keys found\n"); - return errSecItemNotFound; - } - if(takeFirst) { - *itemRef = items[0]->itemRef(); - CFRetain(*itemRef); - goto done; - } - - for(dex=0; dexgetPrintName()); - printf("\n"); - printf(" keychain : %s\n", pi->kcFile()); - } - while(1) { - fpurge(stdin); - printf("\nEnter item number or CR to quit : "); - fflush(stdout); - char resp[64]; - getString(resp, sizeof(resp)); - if(resp[0] == '\0') { - ortn = CSSMERR_CSSM_USER_CANCELED; - break; - } - ires = atoi(resp); - if((ires < 0) || (ires >= numItems)) { - printf("***Invalid entry. Type a number between 0 and %d\n", numItems); - continue; - } - break; - } - - if(ortn == noErr) { - *itemRef = items[ires]->itemRef(); - CFRetain(*itemRef); - } - -done: - /* clean out SimplePickerItem array */ - for(dex=0; dex - -#ifdef __cplusplus -extern "C" { -#endif - -typedef enum { - KPI_PrivateKey, - KPI_PublicKey, - KPI_Cert -} KP_ItemType; - -OSStatus singleItemPicker( - SecKeychainRef kcRef, // NULL means the default list - KP_ItemType itemType, - bool takeFirst, // take first key found - SecKeychainItemRef *keyRef); // RETURNED - - -#ifdef __cplusplus -} -#endif - -#endif /* _SINGLE_ITEM_PICKER_H_ */ - diff --git a/SecurityTests/clxutils/extractCertFields/Makefile b/SecurityTests/clxutils/extractCertFields/Makefile deleted file mode 100644 index c128b3d0..00000000 --- a/SecurityTests/clxutils/extractCertFields/Makefile +++ /dev/null @@ -1,54 +0,0 @@ -# name of executable to build -EXECUTABLE=extractCertFields -# C++ source (with .cpp extension) -CPSOURCE= extractCertFields.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/clxutils/extractCertFields/extractCertFields.cpp b/SecurityTests/clxutils/extractCertFields/extractCertFields.cpp deleted file mode 100644 index 6ec190c5..00000000 --- a/SecurityTests/clxutils/extractCertFields/extractCertFields.cpp +++ /dev/null @@ -1,211 +0,0 @@ -/* - * Parse a cert, dump its subject name (in normalized DER-encoded form), - * key size, and public key blob to stdout. - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define WRITE_NAME_FILE 1 - -/* allow checking various DER encoded fields */ -#define SUBJECT_NAME_OID CSSMOID_X509V1SubjectName /* normalized */ -// #define SUBJECT_NAME_OID CSSMOID_X509V1SubjectNameStd /* non normalized */ - -/* - * Print the contents of a CSSM_DATA, like so: - * - * static const uint8 joqA{fVD~!V_e!fa&_kd#PdAXom(O_4B@q~SH^b4k3Y~nZp z8!b!CCLeKmHrVT&t>WP9LRK}N)_~C)PaAsG7^FVv18Jq5FO1P^_v#maSNLqa?EkLi z)K9Oo+%^g|drR$6DpQ>`jYkZ>cO8LjJv`NE$BGXOe7G7`bq{OiJu$D`+}~((#{iqX zkNf13S7C31uZnM+Q*xRS68;oJ$IQvP80IkAGTEl&vnHYdQP826CZG0#Ut>5Ib6jGq z1lm+n(V76(;|YtU9$bwU<f-jS3GLUN;$F;{H)`&@mS_E?$~}qial^LBy@=24s^e^$@qPJq zsMAh}PsU-ttbbc5C7Ph^iUAry_QvqxlTT;jk-gofTMp#rMjH05UAg+cjISg&yhm@8 ztr$4@LDit0bTe{JNi1pYK4}g~DF#++F%)JJ!cETn@|JVwbPw6*I)2LN!UmfxC{7_~ zL?Mui9;aqYm0Tzqjd^Ng08RMdEBs+I87^S5fPsGC@1HpCZDtU=xikuuuqR^9$UCVb zPU~je$d*Glyf6{xW$XsB($r$yUeB1WlS%M-bL-@B^RMH&(7SomnicQTB!H9*!ILqbR>HiM!ux{2W|-uY7!ah5rfu z+v{uYKVd8AQtTdl_cLwBhxncUVR|pG+^8OSg|D-*!$k7Y6LYyFTNlW zR=m>9yx2c^qI~fTlcxte_O7m?vf(9+gZu7BBt71RZ@`W#u#T9Ix=h`26rX3W5AnFS zHnSi8wJO139T8|*6zAPfmm#{;b{)D=)(vWk*pqdAAjbR{$l-)6{3=#Nr4;s=e7_O5 z`%8W9mv;$eKN^zuZ;$rI`wE7fsaH3`EAP@oiJR#Gzx8ZbMt)x1&IrpS18pJ05UdR0>X8cO`9aA6LupkS+m@3M8p{wr_dele#G|FWrUU)?*ZqYo6VMzze;V z@kEXC-1uk>YLq&UVbnvsWX#T<@@j5p}iiF5w2x*n9;d7pafxu~FGb(or!` z^0QLeX+?k?)_X5PARsk7Q+Jr1@A({FCXzP`0MrR4Jp@v~A?*VX&9b9n!s%f~;9iYS z1@t*=hDc$k9^ZUet`9QTn2_%a*-)}1|J2reId~y21YNj&39U|6JH+ACFS$GrVPwk* zug9`M5Er-;m{vu!7qYgq&^mPQq31*?k+3)vw<=a{6Lsr}1yl#K$m}kvny2!Vh~6iW zeOiQh7Fs%4gxSj~Ip0-k$4q_aMMMh$6%mBy0kW(zSsw6tN%}qby$kw;1|TWgtQz=P z1byuS5Y-Td#4}@p@ZvIf5)Wkuef5%J(Mpk$GN`-E7$}!ro2pLXVQFxyeE5rcDak>; z@rBSgjX+C@T5OuIB9a~JTMt*=}h6Rd5yv^9Fh@%uwp=iU4{|!WiSAS z0^h?vM#5e7)fxTyyhVY>n?R@nfWYH+(pOc&AN7oTID=lLpP9uWihR|C&JI|ZGl zda^4_XeAdE%{ED*#|SaYi>C42hhfZ0nD{VVjbHE?m0M43Bk{gJtc2`9nQkBk#F;k5 zLS#ICLAg4tx;zwMuCG?FhBo&3zyR$2Mc7A%Pa9Mo(|s6HoWrttC;XY0vryk^_X81h&e<9juqNf#jmYl2l#AzU8O6k z#E6dpw3=xBBjrIAw0Vn;pirp*g~ob7-<9%2>3GSax##!zTd(cu5-vz7a(86Dh7qIK-@$TyC>SI1IT;z8ckqPkP0S&R~I#=rp3M-`2P6Wx3 zeKByQ5s<2OEYI#({8|8alv+^F+7CNf`klY^^)bAiU~X4UzBTmL#An#u2TcM>^kR0C zAdA5x2f0)ap>>i4pf2D=CrL-DvhBI8N%~P!6OX5uYH00=ed~`XuZHaOq3%bBQ^j>& zkCA#K4c3h(7oSIr_14jo8W)yoeFv%GEfuFu3#j|+HHMV9ZxBI2%}|uF!Tg#*J?M#0 zeYZeahKBz5Lfu|c6~h7S?V+pF&~r?M25S{s0IFgD?Hgqd-VmDAV!B#<($<^DSYNKu zE%0Fg%%ed4jndY~Ff5Pvy$I+wJ>v_s_J+4Q;Q#r8;{QY#;P1wN)_M5GM6p&TB*p(j zP5=G)kA;P$G}!Ym^M7n?Z2pP=`G>~*KU(;|#eZG_fHd0U<`_FXI4mulzIDIVih$JA zRKZ@Z7d??`>uP7Y!Nno6p`k&V5!7eqzS7t=BO}9x64-I!;&rTPcu>a7iy2cx`*c|q z3o|!Q4=<~g>xznsz1%|IE1B6@hB?_p1_f;pso7LjG+LVbQB2mJK6N26dXJfznUhVJ zG;64`qLSgAEH19JH1}eL@7fd*?`#{@-PM!NuGG_^XliP$_uYQ)-rY4wtc9u1MEj*1 zA<6cuL-~6+)54A?eM7Y;+njA9>@6c^6L*f>xMQ`_M@Q4}T-z02_pLY_ZhZVR)q}GLMO#{A3mB`WgKubWzW;6(@!2x-nk>bbLT$8k6Cu$_@hUU zUayaFwAwT^^{7E!yGPVBIr$U^!ltI4zBh4_NF@TA8nV z>m1N76gsc*v{-Hb;zXmb^Ij)v;N+93smD(qJQz15x$Mcw&9kr&k}^D=I4P)=@=!H4ooYVa!ZT?z z$vxXvaE{w?=2CuKqN|061;Il%%hJ+W`QrZJu2UvE2!?b7J<@;udVk6z1zqK*W#@0! zo`WnsCqPd$x;|0Y&~Lr26`iFIbdt1>zGFzH`%pMU6EBq9 z=cTr%T0N0V^NNAl0ybHir?=+~A3EO44-Ht+n~RvkGm`Jl!1kjNGRBGD+A}@FG zSm*As>%Eq+_V#QLK>OBf=L0+6G$}D7e8({G9u(2Dl*$eG>k$>8ougoW(?kLEdAf3o14Z8aV(u*d3=bJEH z&itn3O@=nHfqO!o;7cEF6iT`uNnSbaS}4`({!RB`)I(z0>2;pAm%@!N>uEXN zfO7Q@bbJ02e}xjt09vI(QW%SNn(m2;bVTRnR4(2JfQ3))d7h-(wxV>tn9fP2N6tR8 z_mh0>M$1A zzn`w!xGv>qWo6~2>>JSs6x;-WJ)McHl%u~HP_2PgWgHDmw|TBc)+GV{8S^3u-CxrA z<@q*?LjqIz@IUyKNCdPqQc=At#-+jU(^z~^!x-v#da?NYYf==0!BD)~lfJ25p+nFU zY$x~QUW?@+c3*}07EyHFJ1sCTbDmiKN_Qa@*xd95JWwPo!gAzOKM;d9;%Q4^B#os_ zYKbkao77ST=I5z+C_gfx*X)I^t`6WD=xub_8)65jIg`H9m+K35TDZ%>CFKCZ>{j_I z0pi`6H`|twC2gI4^VPR^T3~Mu_nOYjd?Fq8*hw~b)CmN^3(uS6p|Gm?ULV86>3#?i z`u*N@i}R0rD>p*7wj4pw)V8RG>$g(UbFCyovfb*=3%8s?#`H4oYEE-O*)CEZ`lTaC zPxhz&(x`3Sn)Kd3a*NnSR-r3i7rRcPc%v7fP%yk6)_Xo@Bx#9cY{XwR2lzyLCZ3les$vcQ~e?l5iw&9D|T1x2x z2(eNA?3-s&y8k|j@DdGvN#5r1vz=!BHNTTEdXwtQJ$`VCJK*||1n9I>h=vHt!x9L@ z`8rdP6K6lzBF7bbbfe~Wx!lC2!xggR6t)6AJRT3UJNR7L`SUmm5-V=*2e6?JMH(eE z$5lU>s4R(y^TVS#xUqB}QA7{#`T{P#lb98bqQX}mm)8w1i4iEzmM>Y}glZP(kq1F#qu7Qsc4m}MbVE!hwDGA`7|3Y3DI z>2g=oxORy>NFO1nt-AnMO_aumTme@_Z3+S_*%q!xJAeu3bdh7m2g!(^*U4ir7SV6~ zJWaS7M7+A|{Iu16iEE+E_I%}W3EH34D?5>x_wvR$gaHkvewC4n8lD52c5B~nwWI1T zmBCl^f|nfe94$99AbcrWPcu_V9qW?Pt;Cg4w_%rId*$Xe0fI_*4NgsP;-X*xpOVRi z@FI*MEf3xyL7Ee%5!kL?<*R~xT}RQ;FJ~s6g|h+XTxN;Ec8}9TdPutQ25ElN$Zw5FF_^$aZoNm1N3aW z@tXpkZj`V*## zso}xR=Q+4QVy?=>ETmh+hE42<1b?zCod$=qw|y$MRYsHt)W)FS#BxJjT@DRexZ~eV zK3cUwQoHvA$tv+svRX6^$lV2?3?GWH=NY+QqI$44lwKKaHcHizxy|D8oO_!)+*yJo z7YB~Vc_84AH962!R)2i@tJ>@6TpT`;O+<#$`cIY|`$ zQ}NC_=4oJ1g?2;rK7bE|bDf<*w2aqy6hz`!x_mH}D>_Y5Z_-3|ye{|MrC-*q5nIY9 zUuY}h$OcPHiX0z9O`1E-CWzkZiqXfK#%YxXt4(c~A{;Fg2!oaxQ_f~GpjjxWZp^va z{LcG?N7_hByufMQ9ucp0BB%0%aJaoh?4s#`cOpHip1HTa)kx{O$EO%>blcmk2TBhP}J_Pzq7c zRnlrNCx`Gt{PV0ajYils6PY(^|Fpm%S~`StlK_b9+ym8%le#ckb233|*lC9UdN9F^&3vouX z<_Hn!EJWyZtrU`=#90%4<4pPO8vbnP;*q2Saq+_Q+`KxF%8Z-na~?nJttUXFccJ4# zcF@td^lv-cGK*6;bA$`!R-BqY;W9GX;NI#`>NRc6_-*+LeN0o z!U0k!5-!}YPtDw$kQ1F)+_AKr7<#c}Y>pdln3ClNuWka7+=JieVMPxzpUq`TSxnmb zNr}yIB^AbHhIwHsyc-q9DeaJ}Fz>f2XsrZZl({1nRXST<=6|a6OTmHgSKLGeo@|=R zNF!L9nEwp6=?^Bb2Su)fGM*{yb3ekcG7CI5LKVhO1>9{mlyyXp~^W( zpgPncZV1v8ScWk3RV;kW#5lxzK%N71;~~gXK_{3?5M)Pb_dQ z3Ac4nd25Y#&ITx6oP`Ioc|B`mm4)e9^Uz>-&GX`ljm6u|0Qh@bo_Q1mXJe7B;DmyN|!UE2kO-vk(CqQZ;5C z;`id3GCR~!SMbDa;pV8El@cct$pP#e^jQYdWyi@8r4twcl?0&DX`p@>Y-SKl=P$!W z3F!tu^(^Iir6bk`K(zgOg9|}@d zX3e_G^?9PkNSUVC@TU0erbKUa0I#VTkBE@KO7IAC0gM44>_rf3q^VU5OC`aj$@}&c zFxS30cLd5-N4e0DS~R3D5A91s#tNH?c`!1mnan)JkN|ljP|Takvd5r6rloufdW{$< zcnm9MpzN5Z3+&M?;inY^D33J6lX(3VafCe__^NrdQLRE2g^>FVlAHGeNUf_VNFy>B zAqG`hO12cxmId1)23C>4Xjhn`7!b~!N&V|Jl7TS<#1^yUeXBpWR2oEqyKY#!2}A@H(i?D2>+2T-1ZtjGrTaLxzT zLd0YnIVqr;h43BoImilL99eF+&Vz3`fZ9_IGR=geEp0HC^s-z`)L2i>Q6kL?Ev-MkRJy4Go89gGRM04?4m zWUQIcme&mvgQ;RvkB0J<$LpNTnlns006gNTJ-CK+DTtz98Q2+k6VQ6n4r8O5YtQ+T zvkuOzi*kdhu^=l+m#n^B_YBpDryf{-aoZXH{SH@G`gCJ*KrPmV9ML+S53IODctRs! z{CDB_v1<%ri@fC0{@63$gU~`*AY~`HREpI9-CvH?>2Tqk7Xa{%ZTX?JrRR4;-tSP? zO~hura@CX81dR_D1i`Dx5hm6q( z-w`o%I&8==N8RxE_B_^*jzcX{%BagbDhKacsy<2xKUV^@M6lE$L9>f|hi9kjy((D?WV;xah(_0iwn=Vpy_i#i9AWtc|CHZ-APVCMVWNzGQ?? zK_>IADf%D|ZE0G=KwZ9yi4r1%7^hq{Ze{<#NK~3`Yu+x!qyGu>2LA7Ee>eWi`db!Y zddxo<0si~(Uy7CWYTJJm|FyNUu>EKL-~Wv};jj4bRw;|Tl>g}q0Dc6Zj{x`{faU<` zB>+kQ@EHJ20pNWAybXW@0MreDrvT^(02TpYDgXuopaTG!0pME@_5y^o0T2&>us=T# zApJlPP72(_pjA{=Y;0|$_|Nz6U%q|&;^oVyb92+<+X z=dN8D=gyreE-sMLO;uO%-vhuK0GI=S=Kvr9fM-&&6X_lTAA_K*tSl0Vgu~&G6uk1c z?XUdu|AOE9vrjasjEELu>tTl7kwNl_>pndG>2LAZ2BfCP9 zL?t#Ba$7gpVl6MtJ&Tm!))Sf8nP_g|{=PvVK#@2ujBn6%9*MwXJpl9fS zfzE=!7(Cc7>sM`)bd!4Kg#j8&6s)H86_mgUtvg#QR~)uEXui3G?YX|FIBAWpF`gzs z$}g`<2)7`tO(`h>uz^38Xzfk+PBH4eE4-x~%Z}Mw6YtxX5@d*er}n1?=H``QWTTBu z4b#edFTD-gfEP0#pa?NXM9kt|?tX$alJzJj$_RuIGI$D`)RT+En|F-^WaZyv6obRF zgrve~HA^&CUQX0=Qt0koH78hD*{qPmz^QF-w}dRa6sKvz3}5@)7rWt_$Pj%Fe{sR3 zdk&zL%!(0?s(2>5L`Ft^;VwRkUF|lVtH;fe?Xl3g!|$8WyMk86z$fbzlSs&ex3203 zksiB?V7_Z;01bRLoG^&Jyu|D!tepGAN%LZC?}JJ2knlu=lv~!tM$A|i0z;>hefUo4Z?($xvjK-u<>CEJun$1JPkX+ zkwT>)EE|B~y(pt7LoQ<`)YNx%6n575Jb9Nsh6%HjzrAQ+rR%n%2LgiTYo+%gg;qeX z?%B-QUo%ZUVS#6Gju%%Ty|UfUieNV5%-*q#>R8DEjt$QWfFIrfW0DR>^M@S74MIGOScgJL8GcxeB<-nl+1a!|>F3(etgZ0%EN#`MG|H7`!it)gYO0${^arun z9oDm0*liv=b^@I!bTJsq2XTYCbQiY`zHslmIjp2r*pv%Td#x0yq;HeyuDnM2liR!G z^@>w|6zcpx?0pAdQ&snPN(ZGf3Pq;MBdh{#cDiT_X_^k`q6sZaN}9Yhp=lB_3S}rD zQ-+|R3r;Z4>u258SGG;}$HljV z`#SVqUO(%b9+S^Nh5Yrg&+YAh@x(R4xuIS9(D3Ayyf5#tC05Jp!(!*pSiHGDtT?u2 zM$xFSa|yhek*(L3^!e^6zy8CXZ?@)5c<`d4-8dq(wWMdH{vnX-^_#w0_jT)%2}2Ar zPzztNwHhE=7}e&ozKDnwow)n@vXt+M{H{aR^P=C4Uovsp zvWKVH_9S)tCGz_}-{~TqpE_K7R-L%xU~J@&`<_^|K`EYG-)7tXWksYVu5v?u%!3=| z-FfBb$fu{x?6xH~PjTYuoIM{ex!h?8QF+IB-lj{-ZDY?K9yip`^6B)MqIq?xg-fmW zlxJF~*LGQU`257dr*^&HI-WPUm+jh03vAI>nqg)NTH(CnK(Z zI5{kR;h8vB^nZDu&wNRtyM~^UGZaA=G-^Zd}gI8PjOp8y{2|R&!QA5*%{9%`HQ@PyfAOTRkXr}vqzFI{}0?4CXkwBh}^J$WNo*6-e5 zXs>+f-6=2b5DyzI5@M!aoEteJbN zO`8q8Rm021{qWYTKYOl-{$=}+7BS=3j=6GSOXQW@in}L{e)QFET01W(S{f!q?EIrX zyh!!Ba{95oy=3oiIBmMVDz9zHedm{Snt5*I?3cgz{=TTSos-Xg@OV-6(p8cD_wO-0 z6khP_#TJ`8^o)G=l5yUPW$y_NY`$|<$+p3JN@jjNva-bjlR#`cvwdFtx`YmwzO-LH z6E=sxE+QRlsZYs71BO497MVBn;JAT{{&OKNF1BPw>!|-c8g}L5wA8Cm3lzEk6L)4Gf(%)9t5%hTaaZ$JEaioFt2b8n zCtBt%P(;dp*x8L3AH`ccq;03|#+>Bw$M>9{5i_lI;e@P*2+=R=TaazlyQbX#;oMc- z?yD<#^7UUb+qV+%4)p$78k^W5a$dxc&$=&}`hD*W<5hQjc8F)Rt%=-MP@;R=xPq^Z zy=!}Y{hOB8qsPujZEagR^Amo3%jpHYi1-;{?ees@k2}`FTs5`rr;o4HieI1E?$Nc8 z+4sEk+M69B{sr1hAo<^Ac91tH_ERz$IuN126XXMe-%KP*hQJQ=TP%T^Pt=b@CiSlW zBu6QsxAK2j2>x>)DEa?kUT2j5lQx1k@xeq$^*npwqahVM-GgDW0^Y9A`Ym~;?B%x~ z8M}ZtYBq2FuDJXf-XlA7Yu>!$)2|N~IeF_}npC%`&5yr)lT*bjyO;O-m0zpwzpMJe zZpS`-Wz`Ys)oWMA&Wtq}43~fZ*(1IIjfwJq==@KV|8sH7kzH9I-M{nf-gkc<^m%1o zf*_$2-~P%X;;~LfeOe8=2JVH|Kez9zm^HaT5XU?J{HgIncAdVMGS>OVrI?IqmX|9c z?&uKKs#}MysyyYeux^VMw+bs9-l@xdt?tycAH8}^`S{1j8rB)BCRCd@@$8$Osj|4% z?ON{K*{)q&h9ahGxA1P!u`RmI9g@EwFS^B{&Udu9qubKb_F?tmT~>}5dHd*7k3BJd z-IE)?s@eR_#Ahc9+EG_J6+h`FHH$;)uA|~Qe=9MA~!*78Lw8cf%{GcbTt$JbA>z{j*y|j@x$MM{mr` z2L(}L&vDz_1mLc2xoP0_U&_7T_ud@wrlc)i}|hNmu|?} zl$!r=+cr@@jD7JdanDXi?`RwQ)g2cV^>fzVAsDi@Uhzy++m5o{11F2R?%Mc1@6&f$ zU3y9#(^=Mg#@giizDu-wXWjn&xsIb8hTET?UQgUvurf7AdSzMID(RXQ1TX9DBda1> zxvVX=ecE|l)TR$Q35%B2kAMA%9)i4=kKF#NLHuaplE0?Ct8DZ9iE-V>c5HF)L|c!Zd(+n+S|mFW-N~7H;pO$w>DS_W7aCuEqp02P=#xjZ!-gL0EbYnxU9hcYa9OCr0JDRmLUG!_Gn7j;&v_xm6u+S$6G5%Ic1h zOBHQ9Xo>d*Uz7D-)_d09%lPX4n~cLVHD7d#-SEg!kh?%{Uu|P zkA2dzM^^8wMI8#j<#;`=Xsn|!X>84jvAL&bERTX%?{{=VQ^!xbZP;h20}t#v-mT|W z@rOyvYC8Tt;hilnoxbO|^<{(QVZ#pdSI192we7%$d3#dLXSTngNN;^9wu5xX%-)@c zb(nded%9vQX&4RZUVQEv%{{csSR6i1@o`u3}}tDkQD?UVIU zzX*6v@tb<{%;Rl)U7Gk}k+WdV``s5FdG3vYPwf4rbN3HczR+b%+%eb5h!)#trX)Rd z_To|bJNq{cZL|BE4)6U`njmg}N9R`~PUL?3*v|)7E;7$K{n+w^l#?T??>zib;sZLz zDVcD|t{u+TR-JtP<&I&p9*T;DNhc-^d~8R@+~4n3t$6$1sZ-^hH<>g;o{A^9XLUG(<1Gip^8^+zT-gq10PM@`{I?-{XggYJ*CB&Yc1ND1q07Kw_@I| zZ+?H^o~z5AKH2fqQ_uar|Gm`9y~25im-ceJ+A}J4(b|Z9dHZ9w5&wpRyP1vzzvsVA zXCf4WIvFiBz8CW&e{W-KziC41f=!i(Yvqy`Hobm@L)A)LN6nRB1As zoONl05kDV9*tB}R$x@X@h-{Mw5tUZEp0p=UGU=U0&qoetotaD{ELICSh^W!pt4tR9 z1wbT|(`1D|wUrL5+2w>6oK{;JAx=VFnn{BbKBJFxw~`bY{53tMm!`Ocm#RVfYD)e@dqAWjGfu2*1#4 zp<`-DwWhdql(M*h=_Q%%MJ$yD9=GQ!SRTFrWR#!M3=Mfe#+ z&~G_RQ%D#=j4)ujdkP9-s#gQW)Lod;wpkE<+Vmq7*z2MOmIo0TA>C zMI$R`Mx!(z1{BO9rLahU&>>>b>J(+Z!!;-5b8?hf;uK~A%$yj&!{{8K)9=#LVsMRF zo%gps!1jK@6VSbK;3qkY!Z}5mT3KAGQvb7SZv^YuNpL_wH=#g4&(RwY{@?KdhyT|a z1`04K)jtapy%_y3Fg_qYsp299-GGJ&^{p2v`hCR*9)8~n436yLB28hwy17tlc$~mFzLD2$*O;TBH|P@5%-{zv^Qb(G9)f=26av{ zS#H8ok&wU{)o8s5OO;66gCcbGzf`BGhI9ZvFo%O*oDow;p9ju}F&tGz~R=D?B`+vq-N!cTSYO4f*i0+lA@MFasj zSXD`BabdB4&KL}vVix5k|M^D`2Gj7E&Ac8Y;Q;Bx2q@v(xA#!_yax`@y$hOEit%Fc zROkM;qDhkvus299%gF)!^Si>V;*tL&Q>Zj+b)e3AlUj3v!atfao1LRlXh!&x&l(|& zpa?HUz;xe4_T;s@9-GOqEP4p_h%8??HnIr+{V9qx3iYV}HiG0()9_tWlW@bE42x9d zeuU5v4nRuFE?4^nJJSz_Z!ml4Phn&_2@2B$iZWzG@Uy070hcmQQL3S=6wN}a-rG?C zLa(aS&+J13LQZk9pCdF>2rvNmdt_tt1`^-!SboU*pBb&BG`~!t^rL2kI-Cc|v*#%y z2eb$IMY+UO_7&Qg<0$MShW5RjR2_g2_Tvq^Za&E*?fCCT7OO#H2fPc9YGS8Dnr+bjYqxRFO`l z)mm*L^TH}gCMBy2WAl58PoF`DE8=% zAV`b8fywX(@e`>2`VXReM{CB7sPX-`r+~mTAqYF^blEM0%R)M!=nClrG>5Cw;k1J* zCLT{d0ZpqvJ>+x(MxGA;(VbXaW>6DBns9Ftrsfi$>v-6hRxFigxHqpK`>-E$+o}~> z1^cLH2I>=F317stnhyVx5FtcNoera<3mKFk2pT&Gv({4O(pHff{Gr-fts0{YAJ7MF z6pJ`!E9`SQ?5cHAJnEXkgjz7v)RJ}wLaq$(K-nE+zQq}D(bk%(v`(vCptafHh(h1P zOoc+a9hxxHEHi_U^@p!UjvQHSGJ{Kteg}2U85X(+`wWaPu-ZsVd_SYpX-g9ds{oH3 z0@7i#2&$}rwKYN(5Y(p<zv8R92ke`-ifZMY+F0YV4p88MImA_bzN zo&(~;7w|PrZ_F1u>I-k8r|E=lZGxsE)MAp+WG0Dt6Om4!hBTGq5hlPpCKyx;&oL>- z_+vtDdNL&t6Z#VwcuxH(Jc*$RiKUJ*xCS?V0>x-z&?LO4$?zsV0qnrkABLyc2p$_6 zz_j}lm3C5FjiwYc9sctoR+cQ(o*+#iYPDvUCuD132JCABfFtSc{S3Z=PN-%3=>dI#o1+i-ZS*>`c0UcMuW%FUBh?7j z79Y=mA%k$*(PqO;2NBdmG-Ey-a=>a?9LXllq?4phT5rmO)ga)IlZb4slZ;158w1Y- z4$`RsrUhpc`~jGa{s6w4NQm((h_~nfdeGLJsDl7MZV80$16WU>qD9b5%xjL^DSFLt zAf7T}dIKb~0ZAhCe~2j+q2rH*h_=RwjyAjstIOi#E+f954n6AEAE+@Ne?$byoMzkQ;CtES$tJfBE!4^IZlELC7W4 zC|EFo0np}v1j6nQ=hVfAeZw0?P1R?s@PiC+O8Np60v%wBVRV2e98lb&pL@ikqcQ== zDS!n|9fv?{m*EvAq5uFi3LwA z?lkL!L=Zs&*Lwzv|3;=%PW%_VCzdA5K>w3B>ns9v=5jcJ?-9Ie(h}ee>akW|V`}(~ z2Alt{ei>l@m1SySvrRd){f9gOu}qo_`MT!DyaVZH1&Ci(WefGC}H)f!$0ZO)$-iLENJGhT-{d`!)dm zyQRWrSWtuXFP4iz-Q&prNdK27L%R4a`fmokra$kP-S5G5nB3i6c% zKT#+wmnwzAY)v-xg-jq46B;{Y@!(u85E+E3BJfD1qh{zA1YiW=J_ZM&CSOya$}Hko zo6?2UGvpmiFH~t1Fr=m=Q8j!-epv>;lr(_eVdN9EFFJ#dOuvJO5v2tgw7<*Oel=KU z%P?APVzHfWo$0r4C8RNdUpkTTR&oX*Er}!4ut0xPVw!2{Y$T_Nlbr0tR=+_63T;xW zG#UBo;>45`d1|6KKv%=ax=D~z=iqcxL{4&W-Y!xUsxtW5;NC!PcW`+Iew7P0h06&+ z;2!U~?RyCX7joRa5K<%KsH{>|Sw@XkPZAIkV#wfwOULZArj?VGg<6M`v=8C7^O?>v?#fE?mFh&0Q%SS?^?vdADQK{)6Liv~ zNdlc&>u{J1bporsO6brUNQcXA5b_B#VJG6%>U-`1Oakvm|9*hFLK=m$inB)%DBZ45 zQJR}ylp!H-gc17}^#SJ%!gthPc{r&9{)F@f_QkARoI{s^)0uK|2n5rNULuiHnv_J7 ziqmLvK*}VwwaD9p<0%|Q>m&!ECBO&m0Bf}n;+U!-W0HUk1(&-E4r~V)ufZ4RcC8aA zc7W6)LqDN~a0RhoGWDVW1#P4k6|0q{`6Zgnm{C?2c=t#M6wr~TT8JiqUSSUOP!PwU z)4~8m9lT~Cp+gup9q6%Cm6O4Emwl-Xd|kP%{WJxDJ-3{erCE7qD)bcpIejx z)Iby!mzOF^(28J9C8*7_6Rt6vHGv=+NLISa!Eq`ssI(?PV04?P+lm~3+tN{~Y! z> zKeRo$!L^6HA96q2;f2Hv9T!^UjG+$Yu6cbAT1Gg zLx~a`St+rB#W@(ofmxvMyNKmhIB@S0fv(C#sRA64D6ot{i*>Ys<|Vgz$aFM!qXan2 zWhl`LeS~$YRRt=ghFYo4Mp!LMBLuZVM5}w%0xg!4+34Y4wN(f`>MQp9L*ip|{bGw>I7Y%P~6GBZM}Dm`J_N>~eS> zBp|+NMil_{Bl}gNp43_G;PiufO}Lhm|1(8N8CIY_zh{ZRiTX;>FccJ=vO=PONe@b~ z+ve;R>>Xk;m}^3xUpCz}k&FBGci!PSvPT{D7lT*;W;koOsw@6J=*?=?Dx__aFua^1 zgd5+UY^+>@=RV-VLl8wAQf7J}FH;JcfYf5K8|^9f9SbHnY)#pxT$E@LaFRD|cYJY^ zU8+zAb|}(LE213Clr?3&L#>r8(?;0jsYUoBn+EAy&g_iN49+{JLr|l&O>~hClxbDN zszJhGJe!jT;~{ECBGDNWg?a?~ABg8IAJTZHfy{dhAy-_<+qVDB~i zXZ5K~Sv9z%phF^?ge;MO%l6uo2JuHMVi2g#=7~H_ncgVU3~E}_cEyi$!-_YwOv6Y$ zV1?yKC`~e6Gsaumc+DEHd~HmOa3*n!L9A^L9iTq)79}@Jd zaU#%R?WD&PDDvSdJIxOYuQ^DPBpy@nW)uG)6c7vm3Rx}(7&15;aWkPn&p{$f@|eO+ zfC8*r2bL?X#bemixnCY%d%y)IWTVVunvK zM}9A*5;^_hM9a!lyCC+lE`cbr){-@qP$p9>NkEAYuz7Co&05HV7bq>P3Feo zi9?D4VldyQgBkpZ6gbujui5YM%w4aKhie#=h9Quh26RnA>mVR<1jUzt=$}hMhz&`U z3kbwz`@y$PCs|{2qGKQA3>$=*KpYVYO~L7v5U4^>;sSJHAq*%oBnRqLgQJ3a0aP~v zv^Dq_I?xgZz*KagLSwtrZnf4Bg;um-@Q&SrTqB?X)L3<3xN<=41ki)1{Ui)fBmja~ zpaO#(LS7s;&|gV3pq7xx6LHmqO2~0CB*0>-ks%Y!(&2(?5in{cijqO`OQc>v5DE*S za5x}H7JAncCD0j64FsM#0)^|qBeZTPX0Aom(g}3n5|wp?BqfESH+n(>$}i{k(1n0W ztd-~=#Uu{|$}ENTV4$dxtjO|Ch~1gyqwO^$lQuSYc1c1Tc&i}gzyX119?mQ}ZmIyl z?{E?&)LVcND4L8rucl56yvdAh3yE)F=|I#E+w3xfT?NcR?&MhiGb^QD<;(?4&m4Bs z3&nky>poM`84I&-$inBAoKOKVa48Q}~8dM+&_{BUY1`iS|O%@@f?*o9$NcyCm zXI$fZUVe7As)+XBq4)B$`G^4{2M{gFi>d&BLG=K}h+aTEA&pQQtuC{kLTw1K(E&*g z#^O1*^HM1H1#W#DvxvrLdxqehQKTa#sCOY)vd9Y1bc3DDETf;ACHWnyex zxa1gBq~2Ylo*TF@2pA7Uf1Q;7Vscfy{)@EJ}3Y_}EPr zo!JEuZnY-6)1@_M@WH|XL2gdav5eYkq0yG;v;wzs7)UJy>XF#q!)I70*qZ5B4J?y2 zcA|>CPgM3G#U>c)Ohq4|Hx!lNJ2zyOfuPfBq0KIVjYJW!=p)t?QPR45X1EiK!ycL} zSVB+?7ihTDX^mfF4oCb)2yAVVqcMfm%^Xlw5v;I=VvF%O=L-}Xl^UG7P@2yBq(i_O zVbf#&E|LkvDFX2H3?ZaxQjx6&Z5A8tftJ{Ys+EF~*rasyn6jt{^$mmohd<-> zgJ4G1R-?5;0B40%oFq+EdUVMb(ON$f)5r%4IXwzLna^||-G; z5aTb70>y@n4D3AzJ}$5U7Y7fM#Rwq2%WBiKXjW&SJa6HxRM3& z0_Ygd!pxI)YY;eCGo}H|p#$GyXvZppEy->jAtq=d5sLw1B#mNBO{2!IByZ!F7(Bir zi997)3RvuMqSJaM0Y|^ig`%>lUf}J2I5$O#=i-GG! zVD=@3m0r=-WR`+&z~Ue@pnhmfPRLzJAWF404k8PVVF-uPf)>M&FQe*!)DbL)!WbuG zgfYssIK(- z1=zoS3W&EdJNn@r%(6})k>niLn2smVb5Z@a=>>tbwpc*OIvQYjW z4M9awb};QMt{U28!L*b>juMMcfgt7pi2|sLX~WMNm6NY3$W9vwA(nNJOJk`@7>MOz zSQGUZDhxs5&oC|b02pEELzuC5WMu*=Lfky0p4o|VYCD(^!7N5#ba%m-BVVH$so~Ss z1PnZOhO{1)3JG{43sgn9nmlk<-iYGwJpq)on8Al4p*1FOSt5MM;OAQTR4q;@;fOxd zGFOxA3|InWH--y0+R~*$nJ>g>lMURaU|Il?QVE;EFtK1xDT=cpQwC-|I9&^W^5pzp zX9|8Juax$qqGa1XG_b`G5vR_Bn)(bzF()1xi0KnPc^-(=SDZ94!05oqVIFn{56wBj zeVd^BGC^i$^b)yXbfX`V|4JZp!$Uz~0O&35`Npi!8H)~KlE1hW8%p`%j!SPJC`4&s zoTSW#gxl#y%Pii*Hefupxn(aK=)_bA4H%-Gb=V3}Wp=`?KwuZqIn9IBP|N`&qzt&K zkK(r>i$G#(0^_I}Wmfr!@fVNX&Dg z+p^<#`S?uEV_x^(1^V1Tl!X{9!|qXRv=0;K%Cj^#4kZ(Zb3V{v*B%5-F>|kYDz06% z;nSfJj_yr) zx=mS`P`1MA0cQG0!k`WYI$F9~1+Clo@=r{&LiXI!C*9-~=2=mJg}&Mv+aMwj_=lHu z2dSn(FV^d@Xn<+xA(4UxNdOBD`L&4!iE6mgX z8hjwaKtLmo5+^0x5TSVCjxV7=6+o&mpl5ixKKZ5)43kq1z6H4ZgS1<4PLdY;qP@L}L?g@?vJP{g83g8cj`paUJY$o5A1F(OVqFA2=xD=@h zF`h7FAOF{AO36&DVK6n@iOdSCW)oB+a@Lu>WjFV8E=-!hh?_1fWn~tyle2u%7o3IPFhu@YdSbmzAdEtI2`F0lS}n%5iR}R%U%7ox zHwQ@AXvNH{VMv8UQog4XRkzkp&Zypgqti`BjzTmcT9N_3Js@!-AZa$O znMDfrFruxlp5XCFX5=P7-yFU}r9L(c6Yg;oz%b7|1}_fSc#tm#i-$}aANw^9CRD>^ zDNsZPoIh0LH-4D!Acm^N0trM;+YmvM`oTE1F`X(pNE9fFaz{YH2d}#TQQMdblS3?l z`-`YszTnm#6i*K2E9i2C4Rrw{g73+r7hK@Pw-XqMK-cv_mbyS7fG~6%RgU7jk?|V> zy&+%+qSI{^kp4zO=qt(_27@lO2-LWNg+P!R&;=^&C!~jfKk@9T=H7{!tasltYt190 z4ORuVAfRw6nvZRQ0|Gz`#L6ifT!;K#OkqKvHSkdxNXX#M;P=v6bYK{SOB9&^J;)QK zObr-I(1uf<8@#D12-WB8Gi}RbN?N9-DwR;uk_vOUp?p&ah(@)Q*cJFhMzHa&ayBfC zP9>ox&mb!0fI@7Mnib@m(s3_v;59l3=j8yyQ1S}hcXBePb6;a9>yBb8B|%7{t{Tt` z3MDlu?z_@4k+I*H!Fl8I%1x%82~i;#_{wRj)IsGM%6yCcB7xm%fUUS5Ba=A-)tF_; z$=tSVOck>3p;$kta5@Zv)+q-Qm;W$6HAof!fA4S?N;HBj2pnyJ-HKi|hXy2_N^bNg zQ~u9jf-E+jm&<{E=su-`DPuyfQmrT`E-Wr0)DT;qM`S5Vi&Ue$j0+SHDW^0ADJkuc zrc`a%Pu2r1rG4#z1J^N3_^6f?DkYb}M^Y@xH4xwmt4tZGAa{5$HG_F zaNQrO+(ea)f;am0)n`mZThbT1woxO0tqed_S|GLOs|W z@zX0i)nG;!!{|jYQ)+BZWD&wE$`?3Yua6vAAx)I=d3tQ-x-<&5CPfYOjq{Mco3K&}`yCAf&# zTJ6AIK|2WrTnueu(Ekv-^Z-oO2z7puO0B+8(6A;=*3|DQ&o&+#4cGE;VmMJOJ&uh| z5=$grvC$rYDJ5NCuJE>2r$Jc^oe2UuiBeMyO1LYrYXLe$4%FL0rRMc;PotvNYSI(g zP^lUfigE-1kVd7dN7!SOEepzcoGt5eUpOx<{|irk!>QS2T#OeF(PBu&Vc~wCS||@ zz$CmcHPmOgzq7_F(0UUlQ)eB>GTZ8cV&GKuafjBdwL_Y(p7RWDD5c7&LrN*ryBDCb z1Val3ZVl-c2M0MZXy%Oel@sL8c+=dQi+D5hlw)-8;J2J@&CxQNF7+&DmQ zrJDo(Uy#0_Xn8Y8U!l=1HwVO21?ezHABQE)fYrLCRU;lLX=fs1Lhe!1lZx40bs;|OmS3S2tGk!Yq*{l$ji|L(v=BV z(gk#7Sdiz+Pz4pphy|HT^b3g5pw{UNnsBDS#Ofuo?;? z0Jhqpnt;iMV~q%i4utwmOFnlVo~=O5#d@iuF~ zy)hP4%{f$oj6PwYa0XPUpid1d9G@E|Ks^D0kz$uLbQlXE;v7_tf2G!5VKcxiK*M3m zbWti|XjVaAV<%(0Yrr&!hTtYidCk)Mh8I+RL8-hEqb05UHUqj*vLl0IDGXjgO}Wev z@W}>QkaScRb0#-zBl9vS(=e8BuBM?Z$grohtqo_5)9aSeN#bx+q&6V}6WhFfLN1Xr!cWEoWvk&+5tU%j!dKk58&i1Zk1)NB ztu!sFM-^rj7qEs$cL@h%&2H|&N=oyUs+%+xT!U7W>pK`lrwFjf(c!UiXvN-vuhec! zrG02vpv$>DpzF>DNl+m9z#R-s13Xa@BvsYaIh+hdVPmN$d&ZB1*oaFR*$1OsGuo_5 znKK<3`9;~Pk!jgO^MNdiih(HLqXOMLh3NzGKPXw0A{78Y;|r$lV&O9SU{(ws{v?q^ zkm^}~>>nJEnjqyaC{<-=CQ77Yfz&-bjw9!Ci2u905BJxUjAZt|NbAsRC;k^OK$;+u zq(JKH&B8bz1P~_!0=RRZ{y##1{33Sy)qP6{Fr5Au_FtSJO_B>zQ~qoFF9oGB$nB>k zYQzp1sR-S=#90by_P=P-IA(m3b{Rl~#TtaAT2tuXd0*N}HV&Dg# z{yiJCn4;J;WZczNBkuvHYzuD7h|G*6{r|Pm5Zy-vHxh+nc(55bH3EVXax3AcFQlM1 zlKKQDHcEU2fq^K2>%mYRK_Bf^p+`D0G7y45jExXbj1Wt`s2Law!75-6Sw}~UVr>pV zEy`qpT8Q|HP4*L9-3)c|=&X1y>*Xlw`Ajn+3%~8VJ`0hO2v%>fx7Z;<#*V#FSTV=< z2q33RsOCbnIMx6W)Z&8QF*;o@i`rtJ)xd^Q3n&{!0}?r?h0mG_ac>0f4lH_L)xJ9zeqizR8gc<`HApi3IrgdE>?yq#6>1tOoZ$Z`1WW= z8iBG(6Tnb!0B1fDl;D17(hi6XM8lq&G%om+keb2NMhSDA1Y<_NY);Fr&A?iAgW41} z!phsM+YDA+W&*UJLf)8l*8)|4{teb$I`^0|7KLVfMrLj%*tUT{RCkPM03QM++cW4T z=Nh&`FzQ+=S)(r0dN7+ABfaNg>+zKb!}fPosc(!hDu~4P%r){dcU%{_zo!s@Yq{Z2 zQ*+vOxylh3cRj=4C|wK-4OAc|&2xi4;w_bIwgY$d9zqQ3=&K@~6_f;tTzwwFbEu9v z#HZqmPH22%aRUnMd&XCT*X7sP_K2<&B*_SWgWFik!l%p~8_X z^HD+MC~_`qM1DawF{*e(DZvK26&Dpi)SH)JfrSS&-%;3C>ghW~_Zi^Gemkj!fB+O4 z0AT_;7wG1o*+A|zRu9lwh044;tyXX(BN-C4LvO;4gQAD)fuNug^rr*mJ3#$+c3j#@ zKy5`R1uigzm1@HF)@^I#~L zTPY0hQ}C(;GO|Ezb36|2HWYN?DEN(|6L_?}UGFp=VdpcNH$JY|9c#jLSk=7o=@?x# zT1y2afa9Q2pQ`or)KnmES?iFdz*?C&mxniDhOB7c_zXSym>>Gf1w5zp>VT7Dc@CZ` zTLzQMuEm~evlqw2e9jLRv&kK@e=KMjPZ_L=G?p{D4fyfR#Bz?}-1w$x^$^Yi+ABV@)s@St>co zYO}^7ab*Wc*~xNyRcXdrhzvuZ?_%o^1iI9D#1-Kn#lXQvp`2bJMUO#HW{t}NL2Usj z2xK8;aZwT6JMV8zY9km?5+Je@jLteITv`KC3RG!$joNY?m3e zNn|z@(Tbcj=ntys3mi?8j3izZNNNwlZqfo81b13kW0J4H#7&Grc<(DI(c%$g4`Pua zKvcK;&Pu62lI9M>$v59{iVBA04pQie7m2o2Mu8s2c<5lYGO zoLhHpisgZ;PdCxl;4reb1_n5uBnVd-=+S)!dO8chgNa#dw5T{b$1VeQ1sX;FMHU9| zhr>^1Oej*R!^kl&1P3~6>PsVVIZjjyg#dvN9hwHv z^YNRk(#V_&Snj)dYCbi2?zaE0sreYVO;Ph5Mvj{Ae_L@N1=w5srp4fa6&9xn`K3AA z$!=MQdIg#ftLOWl58w@*u>-zwBxd=$eSpTd68ep1nHfh_3@|geXBl0GAas(XrOISC zH!w4>ltJo5IhepK{Q?6nfc6urhVP5O|27TZ6TuNup`Q>GR)>+JRR`EU7O_|q3ykwh z=4A%8=rGbyf@l!3v!cBJIe8yPet2pQ99Fb)4=j{q=EL{|DM*D3t48L9Z}GBQE$B)} z8~BeQ*At4;da4=>4Wh3D&ME+gH=y4Gn?vDfwBaZS`&I+k|8G$6@nH?8bx6q0QSbvG zmKmvaaCH;)JMi|QfUJVza#g9?pYDtGc@218svT934h}30(T2DfhoL_%0aZhnqNO%qC~DmP!PDa}{;U6dLM@*tlBu1++V@=qY; z7mWd0uomTVQ!maeJ>LHw>A2@frM0f%^?{$JC>P4u6!r7FC^iTS z-Qxl|UruoLgI@+}pgYkeTqaiyfr~LfZ5U+0FhUI`!byU|2Ij`*?|DeWK3=jQReBu1 zN$K7mr2OyG>K#T_s}Dg1Yi4bpn>ohd(T%C{a6jz7BDNq$rOHZXPJ(}PY=IL}bLoUJ zO7s9m>Zz8pk2zK$|EfHqS+1%gWou$d=*!+U@W#JImG`YM>L8*13o_N>+*r>d*iI7e zGxiJ$fKpD?TyXrW6?T6zZ>SJLmGS(_X=)mC`0M$9R7Mgj%r}bPiPZmwe?0Pio^q4MJ;e14&F8-BtUtL24)xl&2MS$ zVmGs=?Cc>id5-4Z=w|AvqAXD3tdZRW^*38prYa~dQI+~rrJATD83dpV3P(g=kRcRT{iqG zT^f}kuxou{a%iI%EEh8Vi>Pv~r3$Dr;Je0b`UnS;ij`A~1u80m-cH?A1c8vKPAOb! z3c5OVMJuzu=1|q)$nvc*`R`NH0W?ieul_+b9W!C8*;-Y1V~V=V0>tz$DDjdb&z2|M zNL^|#rOwCl)OeH!C4DiW9ZgLFa9LPI9VPeq{c<@};tIPpsh6&ekEB#Lw3n|w8qr-8!) zSBGb9@>DD*6^ZC}(}!>fx-6`dUI&hbN>KMv?RQ3Sr|N&Yzwm+Z1ee*QZAu=1=SKNp zStD5hjLJ*#Oq9BUToqW;3MFKlk{O_7@FJkg!g05;8qFx+eG1J8zp-Hi zp*E6W0Iwt=iOghhnG?W5j2=MgIfVFn{5P)VuO*;re-#Ng>k(kRHb4P?i#{KOxo9t6jBrbBNww#{v0P33dX>yW5~$DRk1=s z7_KeBO-c>Ym>+~ux|{k}xk8*1YcKF%p`Nqy_$q)jsX}o940CRlnXwv{K?~^Wonnoj zH711T;I~j_Zh#qaG%7~!qK>U*@pb-_MgtBmyCeBSXMIh^W{$Za;DtGG4*S7i>N=ai zif%{<%&`~*a}kvP8L3gCzJpNfAkRL4eIUe1vAFA2UO+X0dY+zyMLnaFVK!5>V;~8R5%_hCJ&eLOqR@Z<@Ag{PkMdTMksCtPFO{5KcOSjlD}7G(|Rv-cxJzQ!hG))T<^VD+<)5 zXX-*zE>L1xC_z^S8!NrCV_Ge>poxNI5U!V?yhrZ(&J?fE8EW{M#ppG93OIQ>i>Vu* zN1AP+PJ=z}foGWXfbUQfOE7T~1pUx6nFK5mZRcQRo-#Y5NSRXFx40C45~X0fBKk`L zUx-rssv-MZsmjmJpc23NnZr>>)Li9#k&$x{p#=8l2z8d+t0ZIs#(x4CVK_2em`xhA zE;9rjqYNg-YXZ5%blf=Ftz1YbcT$3gZ@v&EaB$KR7}JlWsj3#EmjkzCs|I)-C%$K( z*2Os!*xT(5Ch);4AOju@#MH+7fu3(?HmCp2;KIEuyLO5R5<3-{LG?shggUMN&ZPWI zC6r3nV|)y%vnfWQ&f>o_8FU7Ed+>ef1I$X!&&(z*DAzUUH5%;x=aj_H%)#|`g6>IA z`tJ!Y*U2UAV2*(D>J;FqYO;-D1whPL?Z3|yerBE(!YGHqKd4u_K4nlFVG4jBsr<}* zu+FfvY;=AT0_=hq!fS?VZCX%ZgG97ytN&$+fdGbqP{U$IkdOm`(k)|g=?Mvu5Tyd) zj0&hKVbbA_LjfLGcK!DZ1W|-@9igfqDybFZ%3-DfCkteuwn4;9(49GI156I+LOqED zCLeTHfP2nK0eS<{&}dCyaSOUPR{%5?18s~L7IZg|$6*$7w-d;q5YPke1x0;ehD%w< zLSVg6F-@zlK)L#GgQ#8asdyN4zF|<9!$WCFFdd;AugX#C?g*}u8x$344F(f%b*K<9 zi8RB}PqG8M7pMc4?PZOi24~vBty|VAxW0;GDGF-vN|OVe!a_YNQedhC1Fh9RXVw8$ z`V?cj*uNGO=qFe!9YUl3Lq`Xc`GVTn}30q1I&wx zTgtZ>xOo^sEviOq^S^&Up#B!5HbLY+Tx=UE@L*9$mV`(KP+%imb# zR3tvw?wURta;a4c9L6lmAstrTn3iovl0<#Rjupq$> zH6lvDxT6CBgC&_5jS=pAav*fT1q7g$Q)QjcEE*(cF{{WRvlmUhScPHktKp!gf0!`) zfMEjqD`$cn0}AUjqEmUHEO-Ogn}DyGDdL0#p{%4>M1>t_x&GaL=j)pk}o|QDw*%CI)gfgggQ@AqRK!^_v#7~bs#C70hcrd^&uBi0Ha`pCj_Ml z0{1~h!!v!z#mNBlBpKWRDf3tqUMC6Ulq!Iovkw}uf_&?l= zF1yA5Zw%_ewHA7x@-&jnEf zqHK61BKdD3_cs!X%x|EHpHWDNaYfO|{>KrE(nQ|ln4nT*h1OKlKohwa_;3@Q1xJkg zSq+RL_B#rbjT3k%vG`Bn4cx{P?EoKe8@P8SAPk_290yUE77&gGc}wQN%{&p0 z4eRy~0Z4S`jKSo6`+rv^;l9i2SOMoR^XS{kmVxu%J6vAInF$+49^hq<4e$;%_SXhT z-($0>HmRwo5^Nw?LK}}II7qEsX9Nd<6GF)XEL)r=<}M`rmdPME=G_c$HFEx!k~S-t zR;~8B8yKsR^B=wzd!7Huk|fcs^Zy1w9&}S7urJ6RM1BFGuGS$e&{o!=Qg%ima>Y`uD5lHDz&)&_B2YyzKuV z(~80Ve~bQ`0`1V+T>tp`8D8wroctVKSPLFc5C7v`|AE&&+oh|n}GmOV;x9R$)yxF{{h=_>Dh^WZOs8&(% z-)+%RQPH=xj)}P~CZ=_4Yy1=2x^27Ic5Pe7#dYi$7k5YZ?%nU`!TyA`Y}v9+>o#3t zW4m;_z5VUo*e`|TDvSq@+jofT*)ft3@g==wu|vj-6}_ZU?V&-7mXVPy zBk8{3&GzB3J;lp*bg(OiYbWw&N*;`p66=mFW;V7sXcQJ69szTr zCKJYM-&3p@9;=;5T%5UV-44 z#x2_Q@bf34mJ3Ed+|DYD3h&uFPp0qQYk+(XDP0$5=MRojh8=zMiCzO_7qTCC=FQPF zN7w&ySMej7)MX20-{-b_x~iN=>-#9r@W+;;XBTzdbi$Ci=JpA?7i4dllh>-Z9GXzQ z<}uU4b(f7>;-2M)r)hrM=`=jL{FkFw9$UY*N?kbp$!|W$nE1K0bb$P}4H~E%x99Gf8GD{S@WJ<=epR+x_TBKM z{H$lwYcH%AGpF;b`C|rFmj3*C_tn3@+T+(>S5&WiFQWB`c}w29IP0BPYAk|dM@G(B z`(E7G0p*3&VoTrETkpC3-i!yn?E2>Pj~s1#w|uGR)^01qONzcaA-ein^VA z9Y205jP7&f+x&zF@|Sj)JLK(wB{5Y~cK=;{*Xc{@&t>bE_gR#9u&Rx{&(??wtM{#b z>m|*+EtY4OpL=l3{*2v==gn30Slv$kfMvJs=*gE3s28qwUaTWNncD5(zNa3MtY|gn zgZTX0ZM#c;J9_Y`>2qTa9oVT|;<#h=m2OYIyzNxf@?~lA;|DFWE04;DIj;4|X)>hv=;3eKq zNxkmfIj-}kmS0v~D``I>m2CIU$7_FWf2gkHNZU8RPx|VKlq1#mMdY>LWO!)S@?`PL zJ#QaBYKG!RtGsjava02MfezD}Yol7=`jb8Kg zacTbR3r5eHo%Q0z+wa^gD(U>xooDg0v=y`NfA#e4nFBWb-3F#Jr^74T&Zhhs8|hkf z^wj&6&;2+uRj_JQ=B76b6Tdg8=XChfR+e`EU*Dg3dE2G~mI2Sy+$8vci|q61=&)BaKApAo!)+_x9P;?a z4);GD`N2EO;hV%)*0i3vZI^w`xq|A-@%$mXR$p6ikNDEKz5BXUEE695u*YTT!OqVK z548Wj^R_>&cmL;$$HNbdFUR{979KXZ=g^H~*Uz6cg!k5(*3-LfSu^X;2R@nGe%pU` zzw>;jwfzoAPfyP}-=j<1Qx{kAuCDBrU;NCeMfZ&QW%A#-R~KKnuEjUx_{^J!-W3yx`E%l*5^$5d+F78e)r6=*Pnjmp>31r z-rafEtl<#{y3M<@-3!0WzHM!0gy5+9_b9=R{Sl9({qgt|$@cmeMxFdI?(b(4IxZ|< z@cxMr8~LpGrv<~89Qf#5 z^%-5^--d5SoSnZg>ZcbL9zF8Z;62~2|KZw3?N{xr`wmox*M4CgFHb!XbFx->weJI8 z{pVM~_|(FCdq3UvsqiJGlT_1RZCCY8n^uz+{ycebWp(nzBS)0K{rUR%O&dqOGVPmH z_iy^++R*np%U}9#?pw-F{!nJ=GfvN2+46_+A9ee=zqWG1b64JxjeTW8=}&b>?=i&g z>>B^mP-6Q0zq?K@JAZn;e*Due(VQ3h9;)d+=HnIGhbHCEa-7rmp7_Y$t!j2G88d8j z=hG|y*jiyX^y^yCYyQ_~o_Hkg)9R1M%FGWO{~~VQ_?5FZ?)#1|9;{c)%It-brn9*(JXhX>5*w4=+bi{I%UH|D^L@rnc8{#y6k z@Picxx~zTA^6RN5K6~%Sed2RNzx`|dhcCXe;oQ}S{N%?bk{>3lu z^5#1aUnZ1_3j^2PIc354^SRreQxN4@86$ff9J=Df#-W!VU-QU!X$cwawrzCXyZCQa zzV%|o(7DsQT;8X0c3HXTx%`jc>s|BYpkWuDxqCo#r=l+h9oT+o1I5A6ATw>h&rCm; zF+ej#)=|A_scXvWULVHp{N`$#ULQ;+-?}pYIePWFk~ZgznU=g_bNIti ziw@2Da^#-+<)6Iu`toawwu?L0s5d=S`*+6+pO-CLI#N-0Dg3Y8mBV{~XoQUS z@rlmmk0xXcR`4EMTUh;GOGEVgPmGCpuES%uEwrBavRCIOz_9J}pIm4>)xF@pDUW;|yC-t( zF>6BB+Nhc9moGXvb8Y0FL2qE-p+yRF_}Jh7K2aZO_~!7B#*5FsHn`x( z`CX5{rjFV^d}h^t=|@Zdv+E&g#CF$+ck8q6x?TEvSCxIsW5C6<~;)7?>bB=%c zT#xoK-z?qOZvKFT@-`EU19Zpc%<7f%thM`;xnb{}PF?-oj60Hcm5+Re{8MWAY1!6G z->i8&tswW{U&EB2kGsx${&3OlV|ni`{BuR0p2HIl?RiRMpSdaQ+)z>C?EWIPdgP4r zwVx)u^6s;$rF$;&-ko^Y>%V4}#q_wd@2E>pJbh07{FYB%opWVQ%$yO+-yJj0rak*> zT${PK@%EN>>p5Wc;SVlsDCybpyX6)cpU(4PdpL;Rv_ZFS_D>9d+&L7hM(FLDuzw%_9YW&U#OAG&0gsrRj zZsO7dFV7nC!5``iosNA|_|Tux33tx_>4itjC+D`T%lcx6rQZ>w#{ACL1%scyYyFE` z4rZ;duy0v$U}M;Ol^K)CF`u99K9u19Tp-`_L#1frg!9{EC(qPA%!{1d^VNh0pYHKl zy?*}uC5tWNmMz>Yp0a0N|837sZd*38!^y{_<}P#QeB9~dQ~M6w^V@*mSMS{)wP$(E zbG#YtRwqxgy)iSsHnE#LQ?=GCRA-V(*`pZQYxs{JkQJ7kTl z`!V@DXSav?v?fpF+*vU&s^uqtzA5Wo{Nd)Ltj`hKRSEG@tm=5)jRjf3|_sM>1!{rDwDG@aq)*wT)y(*VSOHa zJ8}8p@zU#`Fj``B|8Btk<962H;Gm7zf8j>_IiZVf#<`VID6s zpT}#t8Eimb{4d#ma(Fo&_Mbyw|6xok6l@}*T7*Z2@xZ?0`5e6%5k}d6D1!|3K4t%j z?GV{h97l*cM)mHb=p~bb@h3biBD{4p#7N>F^cq-hhIi2J;Kve*i8Gh&msG~}idc8N z^ugEF4%wIXC#6c=dLIkWcw_-;5!NCyg0WK379efx#fi)I6EoKx7wx$8B`_C$!Kn7e=d?65Ln@~};kQB_IXE@eOVa?%^$+CH6Ezb`TR*r{aA z2W`i7TG989&uX>xD_$FZYWao}2YdZ+ShfEB{8jG=PmX&w=dqKQ&%GM|<&xRGO3p0r zv;Mudb7PG9qfZHTo>=(sjCcFj9Bk9?i{&%(mHl##Y<={{Ws}d2OTKt!#EGyoSBuxY zxw!M)A9hc<``z4E=PNgaW44OzFHc>*QuWMLl?(naJn=@!)qBhS;=edJf5X1~C!e~y zIR2ZjU%7488ezML+U$kXX8iP6=e#yQjavSG>YljFH@Dm?Sh%kPac*_H9-{GkHW|)s z7N5xeRCvd<KH_Z zi2n>b{MoMaeL9p(Ec$8H>B4sg+FO18{-7tzI(7OWZqKGC%Vh6v`+5E79qT6Szs;U; zahCCN?Dl=jPhNfd!f73K_TWyGS*LcKueQH9XU2^4-8OW)ax)((k%De)b9 zpEl8l!&|*uIL5xmC>Ol`?&5n^D$9Ee8Q6c@u_wm=iDda`utI`0qZies`y;k-%ypa_ z+xpq+@0O2RIb! z2;9PW$*#;u>_YwMw%1Cp*8Qu-lv6c-gNC_Q!mT+D0o zEbf+7%}>Q9&v`2lwfkYQ`355+#U+kc2C?_;X5$z#IhVOcYBYIjdPAB#jXegxL6!Dg zj@U}iK3LWIk_q&c>Y})LSXQpFsa1V=<}Katm^e&q%8fFsXl&L*=>lI{1>x1TKc*rxo|jwadW-^b4f}6!jgB> zy#`8QC;jCn>CQFj`)tg-7Y|7oqcsK8vr$v)-4FdZ7-(O~nLKB?r&w`$wLy5cH2s=r z$F{M#+V;1v++88;kG&c&U&prWJVF%7R&QPTWzB!_Pw0~0gS%ZCp5YIj5e}W~x{0vO zv4N6KWZ~cAsGU;xubO{9vBRdLyvvx{2G0d!hor^zY6ZsNXyWxOeI(PWPz37`eOWvMp5XANqcSEhcv_ zFIh6o>E5e{Ay414?$PTHGUVo691}fP+x}7?)HqVHU{@RMv&@r2H8zx;K6zt}F=Dy? zyl3CS(ELe)rlkJXX~GH6a>v*)z}euqZPHZiZU{|szI!207~EXbHW~CF9DyQl4!dDq zrRZ&x(r??m$l$Zs1N6Er*q0HHT>!H}9AxYcc^tANQQ|NhmVLiJ<9?<@wU2I}9V-zn>H z_x8QZ(c$1C)XL|CY~-cwFG^-_pp(x8JI6+AMOQY(#m79bp9*zXpA98P6)Nh6GFra7 zfNEo#_|CET^~Y!YFHKJ4MHyqDKH09fIuvD@B>nyAjicl+|0iT=m2lwmb;z~9TwpY| z-O_XhZ4|?vWGa^qm`BVS$*vu$*lD$GTD^}=x%3RT%{KMI$I$Y9?YaBKp#eTR`z_~~ zhZ;cIBst@W0El{|^kzi}?=qShnlM5ZJ+7X_x3mkBY*nPRrD)6^YFq1nZd$Bu8Mt7G zvuJdJ7oitC=Uyk$xiAElTRar>Eh`_IU1DZrMCYzMLl9QZ@?}P_^r@3>3!QoEOs~jGl8( z%Wmvb42q@m!4E#Rw`F{+C@*Wr_(+FJXYrAdxs|ClT}qkz+^R)R`C{c2xetX&N_q8H zCRp>eoXy<#EQ95r7sQJ`6uM_|sw#S?qNaCBQ~&VN?r^kGlOkbs&GIFUTS@vQ>X?3r zu_2!ywSEpVR|*y{=|ADMBF_Ec+dUH=@iQ*HC#1IhX!pJ(I#7nZIs3~+@C)#ooSd|H z5-TMoB@w5H6MDp1XrfK)lXKVXXs^(8kHKU75dD$ahr?Thvv)#aL87$#f}3nK)>bW) z>*I;n6pO4b#Sv%;efn+}SXtY(Z@C5*eeCVMlEr1~^<7funAUC{AJwlQ^Gj6nujp(e;iz;uIXLvu%{~-Jc4N z>Q)k)t9ap6UG%9ME=^k$5Ei;A)HoS__dkc5{$%R?kH7mz`0r;5_+$@glKC?3XwCrAF+>8~~(pe_XTSwhRXU1)BI& z#7048dRDrc8R5k$dE@1*ObjOaK88RF=AVO{U`Z+ETtB7EMXRlAW;thy@(G z@v*cdln!Yp@rs$REnXpcq`C-B3JT9WSsy4siuCuT^A9pLiMmP`$Vw{;N5Za|W|!01VKgAsg(+bH5Mjva%$l+rssNb*DaG{)4uDl*l#lk0;euowDItORqyFbFztMm4!B6>*0FXcA|M>V=$~oUW zvQamr`cnR_XD<(zHeW_n^fwJWxHY+2)-^l!;Hg_`dwL@=mFCCsEBXI12LL(7j1lEu z{^iuIW1Oo*AD176f3xS~^lA?fUg${|{5ieXTP(UBy#KAW5Lfq*j&jvIPn91YSW~coxtKQfVcntb|im^GK6Yr0ZrQrRmaP zkb#_H-DtaJ-!rLzN2MJFrNj6{cM|}$8l~H!tE4Yc>!VL6qZ`hpBa2|#1xZi6%Q*n0 zBm4kV3-%2n4GTOwUC#?jPrkA!l=d=~I#cQb@?0GSbY5!%-ho;pu%u@ z2BFBE1*pY9j6uQz?Lw86oTQIp+AIBRqyD(Xa=L6KNzeX89;Ui&jU1jwdPfl>4FW8% zih+)(ltG$)Q`#r{35(C3v>IO0^OD6q712&OJL6E-|8{%a%{QYb^F~Q#je-a7gzD?_ zN;eDqE&N77FR_oCK~*JK^a(HtT%J=B%LHqJ>D7QVX3?Pf+(}kU>nBb3yW-?IJBCUT zxz(EFtrySTHWdOHwXBv(D%rEvlUxEL#d+|W)2gr*#sUFvq$dLv3z&waP*@s*8irc8 z@Fhf9>6>xFtiSe?&~dl>GJsinXh47H;GZ(||MBf_>;JzliTl?+>~HCR>A$W2m&8a( z%Kc&g{cEfJ&yD)2|FZz*ANt=pf0DQbL^eKnd3cn6Yc-^Le&E5&&6n>h`qw8{Uw6$u zfAI7mwf#}!*wdeH@+lqm!h{8NO5#4(e889SeG2WG#%iTyOYqZ&Mi$C z_RN%33rHJ|e z4-yW|ULch(jq+&>Z3-veFbpS3zL@V44ShXi9!D?RM;TMyhm)os7<#xiU8KfeeWQ7> zZzSSFXRV);*I5~s&H$fvK|PM_rGbk!6eL!a`EHtWMmW3tk*r0DhDqLhW9En^{m z7zYHfHKw$A1#{ae(<6~`YbkoBOEuH)F{pDQUbMFTDG1=Ko`q<`~p zUT2K?3^7M|6^DTL#u~+*H`Olao}7~&KLJ$4JM^6_62Vc~Q*2=iuV|=qCqf;)5PwvY$pf6Mmu+xq{{wax#WUis^@e?$LcWPWf0 z{fhrbjz|FUhyMTTHT+LK{;B_kf9n6ecXgbXM`?ZTO>H#SO|(fw4zKPu1~%SuD!*-% z*O%YlshT>_vv?!EtBZ*LzkRFumHz)R2T}k3g8${8ZWnxC9}cl2OK~nJbJxBhrXfu! zRi>i?)M=KDCci2JuQ9+&i_KBGi=f(#>abh)ePNH&YJ`i#kcS4r}NkUPd zLAWQFEO6jPFa;Zw>!Q+C5_dt5naJSkR}0>96)ERZh=i*pn+?n`pB=bNIDy%>&~H&p)b zr8<6F{{Ku=@ULHiza{_Dazt*ZU(3I=+#mJ7|N4Ue6C;1hKQF-W!~T2yG-B;hEa#;G z+KZ!gcXOQ!8zu0!^E->C=aY;xT7xQU)Dmv?jAg_(ml5Uv`^&Ij$^VZz0Lacy`S)10 zdc6K13Exy1gQ%y$1qvl8(GX5N6%`Uo!V(sM zyj4@WRLjU>)`wfSr(jbVpTy#T+bR7KW&X%5X*xM-QYr*dSYiA~c9JA`2wn{DOAT04 zTbeQ0BF|^iUt}nyHqN1sq^^?6YOu1Rt11?vZzNn->QQQ?VyeH{Y|LE4*msAziQclA zL4+r{<2D{bA5F%PL=kdkZuUAIBB7W1Bzd4yvj`YL30)ec0~zN7BKi)=7tdckpog#W z0qcWf$^Z=NApoKMUjkr%Q~v*ob>yG8tbTRsZ^*x_q~zb!{}Su}r2g3df3=4HsV6_> z9}Y$W#2k?KM_-8uj|ljPo};^m)Z3r1+7wvuEEnj6(%!FZ8K+;B##z^!jE@_bVc5OdWVnbQ2Q6BoRsy{fI=!NJNuFuOSgf5}k-d zOiA=65&a zEOr_agB>p)R1v{(et!Oc>ZbsHa_#;2EdbJEJWE7mRCG*iTzo=eQgTXa430K4D+`yK zkzG(&R9tecw5+_Mk`{-kt*gtcsc*jCa-+4ay`%GH7XoL}d;9ij2;}sgq2ZCyvGIEo zlT*{ZIE(rF_YwVwh2=+&S60`atZ!^Sy^phb{^CX7z|P+5H~R;NZ{NND@X;oo3`(Dt z%t$YE#H!JPF4rkC%eEM6DI1I}u;{nXZYUp4L`n5L3iMoUaY3sjuxZYlN_%sR*IA9X zR%v@}uZIksYpb3rl)u08)P*KJl7#Fsg8dPEgD;vUQ^@+W{-$sOONCZ(L3)KmDsP+n zs>R`!tOum!Hk)?mtBJff&f8WKoqJQo-;U#`J~JCNuijGUwzt1`^ZJvD)>1=uovs$4 zhT#@J>&Y$&iR+IH3yO8RB`1U3SKZepnb}uvu>c5&ZjZ~Fmd3FVlom@51>vw(`o2ms zf;FrX%qD5&YQv-_I9_q2||)aK(cvP(xwQWgbrTXy5Tn z#4=(eqtKHEfJ+g}OL^EQ0d)YW+7f{P)zT2)I6(gdbar~ZpJ!^IbAU&PSPM)xZm2-k zGU~nF&^-k^=?URcz2ya2jyMp5?oGG!x6L(Qxh8aSr9RR7TSPjq2wnSrKOj?yN08%q zCLaU1b~NFt-~y)a7=OErP8p7H1PB+`EQW<>z!MNbn(mt>#UIGByb8JsA z_2XQ=luvWwf%@8a>x-nnnCRd8$~8A@^O1{M)$rN#=p8<2ITJ@ z2?k*(%AiOL4Ia!m&y(J{4B5wmLC#;?5%c69NjZ&uceY0OvBqM5W-@JH0j zS@?mCM0JiCJ(xgCImtDI@{Uy{qP#AN{)IqXO|!bt)AP`yI06XvPKp4k^FRxc(CPq6 zb!`vBzci+o#>6+@tTq`BB?$obph%#U1S%B=hyy$UfNkgu$$I}mwOQgf1V=FXB4ks2 zR_PeP&C1%6zJ<;b04W{1)1k|@)aqU!GuCSeDgAXDuP@CJntlEEXM{->A}G3W0Docr zRgN@59(44q2nJ1ZyAscMR1M=E14tG5&?H)Ek=$Sv1P>5H?TEv2cjXPZcOq;d+%6m& z=9rZ9NG1%Y8=@6NZ@*6>tXk%#fgw;gVxy|}T4K#^u{hemJ70u~qE_T19%bO8>DfT! z7+_%e1uUA+mEfsMELv{%xhZMLeNty7;@nq8ieMB0kkcn&fTPRhE^j0&2P>0>qr1=a zIPjCAqpH>06qL-gzzhNa36+wfexM#rp70_kl(Qb@3it~OLHI&);T0{L$C=l*hC*Z1 z2upZ0{ZXXpmp&#|EopHQCRe9VL+7q(K}uyd9C&ZM@IPZ+K4RW>%2wpP4A>=K*|yXN zA&^T}4N#70gMISFkm~)=Ll_0UM>Lc{AIvnH6v>aA9oOq8d190X<#ALJQr8EQwahx- z#g(7i(o~^0OV(B80T$piP+^qlwQs5DE*D-w#kCpO5BjgK57AWOJS{*PvvZzd(>y<(4r8 zD14fYzR=LY&U8>4GnCgBor<%`3yIfzH;)wZNmcgNBs+{po3|ZD)tg+2zf0U}a^H*( zed-b-bDzS8_60mJ^BCtbK}jLI?CJqh0X^}sd8b9sXeq%iU8;pr7}&2`YSdiGo%{O(4akN55RY0=5PnydNbWLrNUtF?qc|t6%)H{O4k^7c@jJ-yJ&H@RQ4>mc` zIiP}VPv24VO08-(vZ~8iP}};^xx=Jp0I}{?#X)upg3<(^T*T_~ligC*-{ps;?dVh# zF06?L=9lEnbZ9Xz_UdQTy&jT_S#Dn_?yp3NTI%m9v4?CMsU5?5;t?>6XJm@*q$h77h2Rk$ z(CBMClX%pQ&O={2Pw!fYeaQxQvulTciz%thqwMZrR6#8YcwBuo>6XWSiD+B{>5>1wD1cu@(Z&O$OaYlhr7X}VY@d{-E>pa zo$V?kCib*aS1j`mht##j`h1)cK%}nqKz>$h&((YP*_Kb9lO1T~B9j1xiMRH!Xru}% zD>!4YFD;)AsOH}lHg@Y+wuHH4SnT+NfJrPsvgFUZ^wQ;{*1#3!nd`;e>!7$x>oR#= zrpG0R;}%CBkrX~4z7cBsj=l2{2U6Kf87j8&?e)nUTlKCM z!IU`jo|La%JNM3NPTmlp&15^3clIE7tgS=q$R%Otc=5~khecpUjLUKYr}x8XT@yOu(3aeKiHOlF%qSh~{w`vN; z1;4F9KF_#{sYQNyepMR92OROK;XZ(&FVJJ1_%p7IlqiC-8U4vJfHaM}fGb?q7?^to z!1e`l4;9JR0m>G_ZfY=Ee(LDaeu)9XP`0mV^Ovvn#oL&p72O1vq&E^ zlw4P20G$79aBMbhluB3Z`xg4^t%BtHPAI%W+B{I=C&;)jP{?&5A~zaUdNKWwORq~1 zj$z4!3ueQ8Ko4Vzmf|m>VoL=W{LNx3QFN!{Vry&ZE|0}F!l{$7+-~ylmSDK_VK~en z@rD_Q-p4AgJ+VLl?#GZcAfGg3mNXKaG?tfiuPbSCDQWsBX%>|{FQ2?%mi!<%c_}aX zk$f@%_}}7I|IcBB|I0J~WBmWu1fu`?8~+CW$H@FG|Br;6G%+Rc5B{HjeaV0K$e;LM z13>-o|A7S!iI|^=^BsyhuZ>T}9lz4OY@L>mpPiW^Lf^li^OwB8A7g*X`(cJC335x; z9^;5{Uo}V9gaD_Pckbi8Rl~|4jc?ZSXFE%&`-Sf~l9jc_aI#$ERC3lF-YQ*+4&0`lgmpuTzdT z{5Diy{hcBy&vILScT>bnr`?G>Upe-+y!s&%pCF z&7^RBZq&NIP?wW_8wN>pc!A`gnHgN~Cqs<}<*MhlJuD?sbh z=?5kum6ID=%D(h0u}Pm6e}-%P z$$_@6Ra~KAe$f}3mxbMH_^ivrdaRw{AA5>~^Ins&JMs)1galQSO2%IlxM%QokV02H zIb0u=w@>vE!|MW8dO9Ot& ze-6M24E-1{m7h;6EIj^+0*J9aVoIn~{^U3L_n+q%J@Vtdu+U>1?~m-zt5JX*NVVZT+#*g&=3)v2B< z$t*lrSeMI8n80ve{8EJMrnk*Lr}p4uRRToFFAINmgH z6rWJ%l{VoF{$}AMzILl0@iGYrd}5S=VrB+RF@Jw?{^9J>0!7srFx5(E zqTD8TxAi%*+GTk8?&XGeJa^Ltvf%w9-7h+x)AXzAtMZ^}(w>y!(}YSl`T?Mhyh2qM zT!FJ`QVc_GYA*`Jh-!(Vj#J`lX+|_`MBh4+FutwqN|N`#OfmX)X~KTG1cX;_uQhO0 zDcgHB-d;!PB2=xUA3IB$PR=7H(lSB`BU~4t4hz)!V433g43DT-IOqe zhM%ol644G~J0-#J$Ooyu7kA7+Mq(fBm~C)K7m4`LzmET~5&Oh2G*EuleMmlY!GI@29tp5r zuCI)s!ZAoAUXoyedO&L%#~I7)U+;io^Zf=r7fdKMe5UlS|I*4izI~}RoyGk4 z8GmkhBlZ(E(n2t1=unxuooz3@CELb(rVBPnD{nb!$KCuM<=rKrGr2w&AH&!BS!ZsS zwJqHjV7bGL@t7y+RA*IhF10aS;lnN4BMKS?hHU*MkC+|>%yslNH#da^W-xUwUZH|4 zBBT4EU&Sz%?JEQ4`fdtPkT*u$o{bPA=!v`)3;on<>0Yl8+WH30ge$eMAZfeGxw8Izo1uYqSOP26n-2jI|D(Ul3_ z)+7(_6R;5xe{~KQ=W3m@c_n2L{uY-<56o&VYn24uc)oMSUH2P%np@0;XKC&;E1d}! zJq-3&gL9=XnP;%k|6$wzy~6wN|DWHn|Nm^a^KX2W-`M{##Kxb0oBt;z^9TR`zp>)K zf9TKsU;lU5|3A+8Y5zO_$^N(I{si4mhM+TMTiC2egx=hnLP*DKks?E+N88b!;QXzW zs5q@LPYW0+9hJEvEm|@s2p+0-$1?Bc(?o&;iAL6CW5p*vF`v^foX9yiMcKoL{Ej~r zXmB|irEka&=HpJ{K4ULz2Xc0BO0!MR%F8bV>8ppE@bN|PkisOhR2u6W@^iB@EQ*UY z)j2Cqnw&_BxywxDfArCvqVbr$hTCkH~D#O z#!FP5Xms2*H&`LX%lx_(g(WSYopsZpThIM-M%?U`dimonZr4zFD$!4tRhmh?teiSw zEeDa@ENO_)9`jIxJ*9Z) zUsr#9=5NWrwDjNB|6-)1CI7(xf4zqPsmDL%U-kb{{{Q0n|HW?qaSj%|kLuA1n$7F~ zf&bM~IML{oN_fy{hLFds$#rrE4@9vORngk^abf?Ss>m6NzRHaE{n2qJm5~7gwT`k3 zl_R^(mXDitINu=?Y5V<}L<-|G;8*VKNY4Z#qo*&imtIigJ9Wh@#=-)Z5O2?MRZpI9 zfjZhDM}#I1mt0`wpc0~fHLQ|Bz_J$RUe!oZQ%jrO6zX&-*sU#~w2Yq`((Q4pSGA%K zdnYXtaPoQ#~3nu>T(Q~&b% zpYAArKKsj%UqATS|Ko4@A4iEH3^0-D@xRs#3WJcsiT@<_i1-@<$RGVbfL{n8iG++q zD#$;L`Go+IhL#SBrbjZsh|M{;B)N$lMnGU*C}H>e$Bn{52xQ0I;e`e z4VpAqj#+H?I97Y5IZSun&%b#l|3a9A=x3eTNWFZOOpnO1=quQa2ab=`XB_tV)aKUA z!&+5B$efafN)_9fI^0{qB7VXt0qaeB1sHmbH&d5Xbh}QIygpYtA$=I@2Xfjm;AD^S zYI^%wRxR0@cl6`iFs18tvMeGUb*>MsMhy%3*O*6^!%Q1)x%}iZ`@wmbB5<3ppLIK? zz}$T_EE6<%G5#b5v?|a!_27%Zlnee4F|G=WN08hg0Ue?|XdP+9Skv zixX)XkUa$#jm*o$dUoFqbMDyfo#E&p_hNkXxcZI8_qN8)=bECC;_X?dwDoQZ*atd@ zFN(bG_(FJ3%*bSZbxr$r>hcE)nUCBo4;Mrhyo+CbzI_xn{3h_>qYaJwyJZfdK@T>% zSMQBTT`!R6*#-m;R|Qe8*L8Vij11m=VHLe)e|5vHCAJ109PdQ4kn^N__xZ+^Ezi$q z`5!_io+r&`DwK@Y>s~+qljiHk`dI!rl$I5?x}9nuY>|DBUh7(?phMf|O$&~xjw0p*Q{w3mwXMoT`D4~(_>`oyJG+Ho=~2;!{OW(ZCAn{pStX?z({;k){*5Z{+us# z5{G7K7d6u(B%Zuxrn_sQ`Q?_(4H*urIpzGg=vK#6-7C%VUp-hvM>wUK*5u!uqCB4` z*(&LGV20w$uvtclcYBaDj7DD_ie_|WyjU+-y%)SRo7>pHGlMJ>pA5%_zGM!Hu<;9u zc}@=uUby1!fzafqtvGP$?wkrXLE2ez`cBX#@7S+K5OT(LUr_|zL^#DWn{IP|X#j>> z%~4)vv#+In4;d90?K(C)JI}DUOKf1%#xB)zG(R{SLlEuQso;3>WZ< z28oIs12wj~_Ii@~_-D4g)~M*OO#w|S6`{PnT}>iZp7Ugt@`boQ1A z{fF1#y92_pB6Th=@b;^_Pa6oTnjhHas*_Go$0i>NL>>dhMTP!~XU?8~dXwKt_uUhx zv7PJ>L!$Bb!Jqv^FQ*MBXViEW8-MtArTt6~>5IxIb7@`rB;)Q!CdkDdxngY{pa`rmBp~Slt*hPN1k1MbbzdHG`UUYCDTDM z0-o2kMX2~Xzyx|%dod$Wa&gY)7g7=j8eUE-@^fOdAj5~zOWV$AboV0OuGzu;tgnCH z2;a3V`TR<-gQ;lFnfF9QeCpx}8FE{N-cJW7EBv>sI^xS1M-z9}O3P>;7=hl{OgmMI zyKr7RBrA73RC5AT*XXC3Q7nLbBUuJm30?&q%Xm8m8!V2-0Do#(nG4ft4Du-F2Nis?PJ!O;o zrttJ><=K3*My43>Zm=QyD|2VVW}Tz)?X$c>!j*EbtV(0;OutL!GTb1QH|AWj<2|A0 zXlHCTG2Z;LP`AI>gBlTz#^9IJJW5+mwHO+|BE96WHs1ZsaNDim7cilT&m)Cxma(b9$KSb-A!)T zO&0sKBsP_j=+SC@0(_!Kw}Or-Oh}pS9ZgMHZGb|oL{_YUSQ(`DRNtkN`Qr7ExJ!7W zpIg_DiK$v%kXF7k#pK$}qI3f49lCRMX-4argr&?bQ^OU8J7iy^S8^M9P4LkK1Q#e( zb0$oZ8Q$jLyDd0$X;vapB9-2ZW`cI%4R2=N@PgsmePX*Au8(2i6U4va58-#6j&e7} zewa3Y#px>1bE)te>1h>GIHWFQRvfj?sIU|FILa}v_{4)v&!6A<2Wc=(>%I?nNYD)| z!^yhf2DOg5kQRaNss}Tz%Q+qLG&N^A(_)6SwAdN4&E?WN2mxF{3qnzWR_iSbti3VZnNj)7}g0dq+=;}!x6 z$jTpjwl*lz&`E%-(kE(xDl?7QoBA ze?Up|O6LR!c+z@;RIg;LlWN8-uzaG@VO=2{dvlvfhBbZ#IR z<KLqe!h=voat=}I|V`vx0xVz~U1dNiNOAhV@bV_~9I zHu?Rc^l71&mGb1tpOPv*eKRzZk7$>;6uKAp5wOAw=%u}AZV?VKKO>4wXz=!=tz4WcP`1&zO|P2zhs?SiJN z)csC9XW1@Wx^V{`yLi~K5^c|R-G|4$2=(DUwqNzao3DCL?^Wd-ngrw9Ikn!R;$u!8 zz8m14VbG8EOT%>f3h0-;6q=ukMNFJt87#||Hczu72}v6D^6{M=uF5Kv$B`yHQOwd)&tLn5m;})04?f%{vw+GL{4e z;vlS2!xdzild_EYEDwWr|721ALSVrE4{1 z0G}&Uom3>8E_sTYE`1~uw_E)g8m*H#x;0spi7JaxtoDl#IdiuLJFsqNY^606L{t5Y zLIU~ud#1!&3I@rQE$xp{@&$wbw&!-wv*bBQn*;2g! z=Fr9A<0rx8kDpFa-yI9Ad9u}M_T_6%h|H(WpHliucaZidqfM9q{(zzXyH+4Vn-CSk zPv=)fUe0P{q}|WkTt*Xm6w@a~h40j1){<%sQ{~OapNq^1`i$E^Pz+ZLf1f&2YOVB$ zHmM9_uRlEWug+b5BL;p`qo~0<+!a@H1o*x`898Nd zW8d!)oT4V=j5Whte|$7VLH+R6$(id*k+H`>$u{LXKuCjqgQ$ic=k$gTHM1XmyY@S& zZ~uY+hu9h1<6mTa{1vhVe#8GGgOT`~`fp-FsPrHC-@jhO|Io9a{$HZ21Xu)s)BdJz zLpB;AL%b&?&7+8lG&YtG&B3Y{suT2>|B>Fp3ySUQzpTH~WxoM4yi z6+GdeH0EQPU8Y-Ut9~)lFssmU#>cqO9U!Ko98VG#=vO(bKfV(HJMO#YqanhQI#%gt z&ZBTmuP8vs*!=pf#-PG)!FO%qf+=ABGbcH5Q#L2p_T_bz{ApeveJvh+^Y((^DPkL1 zvKTT_5F|V)Tv=a_HY1ZqJ_E)l1f!5;J|WIl#wJc9UR_fwE<(XBLni_&7iVXu5vg@` z_X19{-eHBECcjNd$%-5xJP;aThM4m;WGlKS(ZHb`$$MZ#}K$H4TarlBspmW_Qn9V`NXZ@Pkj$n zqNu4}$$uu7^|Jw=cu@HX--#wswwojQ4(`UQNF#(TOFSy6w8oBI`L(0kL+F<8a#Ssm zVJ*1U5$hUQh{KV7;8lXIukWEWP^I|CnG7aOQ z6WN!)xc0b;=ZL12JeQOJ0ioW94p6Cq+qHLYt8lgpM}e5BKI2%fM?$8~DCfEg;Rkcs zna}}Y=}vu6F=9zHV|wcWEEs9DnSJY$)CQwu@Vjbk5m+xYoNBD=RwgOexwGhW46CRz zX`8&L$lDtcgLrCVQ2hrx!Z6j;Co`*y51$U_k~5ol_}=FIP;kvR`~!9_=xm=iTiVUO zi_hOZh~&8+vd~A!7{i)@rxbEgCzSJW8_`<6KG6u~5BOsfGV&s$0?J+ufPX6`V+tr6y;_`fP`UMU#OvkhS9=a+mGAelTilsUr1E zbtx8c5wLef1Vd=>^p|@4%Ao;^Yl#9{5o@^mUT#2C9J2aPgZdKMpB5hi_0gff{T zo*phNqVJY_Hq>q4`pQ%r=u%r0%WiF40RGs4Ov(roLC!sN5)5q(D#ZdddubcwqNQ6o z&EX$dM$`B4M*HbuqG`&~qUp1ggEZ8cJ|ID~$fUyA=oc#9SzI21AZ1TiHSrahjseN< zK1}y4V9Yqsxpo;T9dZ+Eg#nDKLX1%iqgk|a0yV_ieU|#G!hZM}G$iBPov1SqUm zI)O`WlSlf>$x7OI(3~3iE8%&zQ}Bh6^B0{NL9{5`;sQC^$LhWzl{u2kky|+kaH+W6 zr%e&yWPev((+w9B@D2+)CE$ZS-a0!SC8aZ8@y?P2qC|}+K;l^UDhSz`mrN{Jr=)IX zLF5TiR-jGm;^(Z9HXmM8B_?r{m~_j}o%$lOpR?6_c3(MBtcsMCQ` zY|A8wD@SeGufX3tq0b3~RGZ%WbV%B_5`p0-6Bb9&=QFwTNj()fMdk=(m8%w!G=}IJ zZxgat*m&p$$-t0e~&eD$4KlQGRCb5s3It@M@EBmfYA+6Ss96QIRB~8k_ zDj;{_y>?nq204$+j;3Wjn9{Yh3PagIYE>GUyCz*@zwE{mJ_}FztWkzAg(cH!E)S?0rFf}5YGKm0X#`Ryx>p-vJ-^h*!^7VuaCuZdlr$O)k@0+YlRxfIV{ z8M3-RWP2?mF(R1-{`z^0e9MEp&REog`bxyZAOr9syA6y!cjxShDt;|t?7k{CVsguMulbS^)TZ+gWO18a$YAQ^ z!*`O4W!hfiejCD1#BqHT5ypG)cUN?n%x*St=)VfOD}^J8W$NED-dAQ$TANW`YNiVp zkB%;dQg{+F=U#2PE4;EBPLUb<9=H<+J+)5qk)Rz0@X!lhHX=PMf4juVT|W8N92vjq z9hn?FqfaR4)n#nea@d}kjK~yXOnL~%?ibIDbL`hK9w*b^y}YOReA7GVo;~1_U(89tPVsuT+0nE;J|&O{40;`0kkNI4pEZgVtd%S~ zei!Q`nzcJ~`Ecv3aiaBbb5=ErUY&x!m_%L^);;avu? zCArf@yzW-{BBsvNyUX~5p!!(;S<>1C==B&k(?JT49gh1Aitw9V{5UW)>RyBpRt^o` zQMG$>V`)UJvsX&{jUW>i#HlY<_r9ryRAZgw0Z*0vh204AyV7%3@7=r3uM;fK7Ck&o z*;$U@oB*Rc%5-B6MxG(w#c=h3IMFg}0QQh=LwuGA=vt6j-}^pL)Ue|H2~JbWM*_7X zAdJvT(;d?N*7K6-^!!*+GR|B%9_t+{oFe_U-p8KDr{VvTQda&$mhk^Sr~L=`k4XIQ z?_lTS^lxLp-@t!za&mu{|A&$OqyF#zl?(DG{@W(z^}pwV;gR8-U`w2~+_JLrhnM5~cX~#~zjpRKK7~KE_h@Kqd-KMf zudlLzxrcL#qCC8IJbMSPzU=PeQ~P#yKiGuYEiHXLK3eql2d)-}udJ=UKYGVtMBm;~ zN9RlXf91<^9+T^-8C_6O(pQrd!~6*A|A2%LPU7Uhq%i&XnnXy5#s3)+j(aL5<_+7o z33>_fP?Y0Eg74xSK#`orElzJoGM}A!;&TLHxc>M}Ft0Nan=F_+djqyw+|dBsoWa!D zC5gij9+DME&qAV1_Ft4-Rn;}c2K-R|aPuY?{#*gR4wjo;EFF9TEZlGuzf-sYilhGo zH#t;bYI+rWLI=gw90uz~0N zJtc6V51)#2j|wz$(r4O zMEmausj^5!5L!&=*>+dP+gy~6;~tA3*tN3m!wNnhX-cTr5g=Itq8iZ!t=u_hKozsd z>Uv_i=b6ET_hd%)b8W77MFE9v3NpcF0sS;|hnO)98gpv>sTRYiiTo&nW3t8b(O{fr zI{HAoBwrv*Bdb>blF;I)_P0+P4|iwSAceAc_H;lgdY+CPDblC;9ysrBmdgjXkX?$P zlb|VT;Uv5OSzhK|x4w+u7#hpu7vS`KB4o-?sk4lINU{iL(8AdGbiAF5xbI8;}G_lulm(taPqDp70S)lkP{sHG+~z>n171 zn9M@6ALivhMR;>8UVktHz+lw!F67bP`5fX63h8eUW(Sx}18 zzhL4%N5bvu65|hw?mkC`G9w*uB*$O|7?O&7p$r&fOaxh9v4%zIMIp3H;vEK`M@e+I zm-y3oBXaJiCav8pD2Fm9;43E9n06|i&4u>lSap2XES>Pr`?;m_RaR>+vi~3U-UFbi zB-$Uo>4gBHDG1`Fh`3ThF9L?p5hOGPMM;1F5lBJ`%@#UX5yid=*cB!At^q9Av3JGZ z6PI!z1nxHF>AoW zxLk=j@t*d zz!$fA8q<>z&_{R2LDC}~=EF6)dCTsYq3iJTs`~BMyEjJV#$f!URnr}>)*YKlKbA)! z1P9{!1hwQ2R&VTk4in^bW#dU^KUK**u2q?s(92Z6SMtG`FP}`_$_u+h)R|NB5WDy9 zqEgvIe6RRYa^*1k0=GTOju7c8Ycl&C!3oe?)%Bu5st!1+{g66LKl?II zJif|urPbJXrFomkm8zx}=WH~|BlawT??dKN@%G!Vf-6ikOdW;d1CBIeIFuKNbNz#>5_ZG)ix>uibT0(z? zDXV49+@-S16WX_B(Abui1J-+58cd!#vHAsFgWg^<@y@w_X}}d6-gnNzO6zfy)zF*C z2Rv?Vdz$-4iWJ+=ypG~;g=tBFFs?1j{}|bvzf=q5sg{@bWSnfwq~G8WwGuhksB+xP zNk*7H=Xd{&3la9(X@oJR$wwmmNtI)&MK4}Q#wdPV01IQ%((PcgZ)IG($v&4{V7QhD(Fd`)?@?2XU+$pdm$4f z3*Z*pISs+S1pQ?1>hY99>OXKnMM8AEspX%({YJ0LLpR0sUha2*viDh*?%wMLg?@)Z zpB$$=79Xx_( zE1zUvEp-cY^)|XrT6*1d5=H;~fFt7#HpLeoouRR?T5M9TrJ~hKB zC<$ZwM|H&1LWhH_6V|iN7+$m_4as&rR8C`B&*;nI;J5oY;8q!=o_w0yI=<$b`8xlD zgBaSsx6F^pU@Qyr(jfWmDcc(ovSfvikJgHQ^U%w*edb9`D^Vy;|G4#f;c2fQXZ4d^ z3%Wiha?tb8@jXqa5OU6kQ=t9}Pf!}8LoOQT8$|lL*WNN7rU7m0eaBH}7axAW*WTLxwfy3%r^bY!X0-k*IdOXr z)Ty$9eiqH75wGfXkI9Ohj$Bs*=O!b|D{=;y1r;nAWC%do@P_m}Ou2b4Ej4r@WJGm7 zW@>tW#c&s9RoTRGLzhp5-#+5?doNl~|_P&nB2|?yt7w zH+w_URN4U>dqxTM4vk_o@Zj+qb?F`}P9zLj`DkIjy1_{QY=aawuQ=ByUrLH2Y3KFj z=J_Q=1q(_t(zvnM$h08_xolt0_i6wR!a^{l1}dFJC$jxbkxGT7rUna{1W}-bu_$bn zBX=YNUVwdNZpth-h;u#>=|P%`aaMC!Ut28OL=0#)5{re@(5TET->BFEA<2NB9zB$s zMJS!+H^wU}%1g`$8O)zsLCBks7O=S3Xa2G^GYQpm;zGvx8Az7}j9clydK$lSty*k) z@rI1zVOWFZRf6aMHMK)=d1~x+wIpRz6)YVDc+&&$2*Ufzv4xoHrtr*yuz*~P*#>!D zfzGZ|`c`jPa%<*_&;t>!I$Di)ZMgL3WAb9;x*DDcuYThcVKdG^2)3tnwEnb>E4|GdhQZ6?WOGn8VdPz22( z4CD=I0m@tD1p@zDblAH}qdvfO(cwFyz}r-VD8>wdv$N4iQwiClp|HLKU= z)h2Rw%Qlt!ZMksm8si3M$1$O}tnlC#gH2;z)Q`EbwSLe2`YV%V(fv(V>bnekLwpo4 z=V@$x=DV7{%`m4LcEDac=oR&}M}tr;<;qhLHfm!?uHDQOE;b^^DPAxB_(08V`--1OhYYeCj^BznzAV--u^>WP^ zb{-pDup}+~(1Qy;TsO67;+9~WZIXi^QC!co1w(b-jK46rrj zJIxMgs3)YZ5M@t!0nM|Q@kDR$xQ#}^5CdW{gn=qcjuPk1F(oe!ty&!fZ@p?qcbPl+ zc>Ttis^-Znuhe661v^SbBz*}32kCbjAV{f}5E1m`N_tqFv#F6I2|InGr?Zo9-*j_J zO^x~j8=I9q%ph%UgzgYcb4ZGX7R{caq3sqC;%`c0P4qQ>l9V0e4F&SO%(ZYqCS&q( zCJ8Z+f1-C%QhDjfw9(;OBO|6J5l0t6Cf?>gb8)NlB_>siCI&3tTo|)SQdnhLS`t#I zZ(c!)g>d@o852iNh>i5ZZ95e`IwdNAb81uSHvNOAX6opw+`V`I!NZ3pkDhjE{a{7w zfgDnEsl1Z;do`v9Q8kuu{_xiv9uRa_a&T{tHC_UV^Zwx|t&Mh5T-Q(HLen4nPSCY6LBAdf-adZ&wpy*(>8$!#`GncR?aLWkcAM-tvid3u zy2dbP%p7~~@LZFoB@N9N^VV#_;nL>8n(?5&#y-nv97RQl7$nP&lNQnQ z?-&?~lcnF-o;e zD@)_%LpY*%eg$sk1k(DDm8+o*-dpvv*4AuW#U_mjSdvvqT03EFgBC8>Wa~i^&Sb`^ zJptq9?1px3s~&x!rYP&eF0Es?NjpW+rz%dJGrwOWI$1H*>*Sr%%zcbi>(EOlUp0*0 z2!-jhlM6Oy?Y`qY*)Bb54R!`|ua*M?pmAm%zOF69n^k!TwXu+J(;9Y+4t1bgu4%N4pnZk+O5I?U7kTC;)BGPfDV%kk_8X}TpRUuirU$>wYKyVznE1e2 zf880brkCqio|&ba8Dw{0>@cy!t~ADLqJ`ed1%=royocEt56ka)zfLp5Yk)2udos<@ zKUE{%#q7o=?H!wzzj^cO?8b_HThkAPJ53tPnaMV<&DOoNydXcwK0C}c+s86ZPxH)L z`wfZqW+c3ml}3uG-n@A4=56ziO|{v&W$s~Xr&Xfxt&2-mBzY&y(!IH~N5iItRlO*4 zL?iYO?|u02maVI`x7Jh?c=a!daBZHivsVxI=uGj2;^31DvSutDeST9!f~0qjo$-ue zu9IeuER6FjNQoR<5_T$s@29028ll^;XXWW5J7-O`UXqhgxIpLOy{j*t-#->G^u(y1 zx9T0IdiB{Ir<>sKuvC^gOk3^tCc>qLw8!bEQ%${fw$-WN*%n zOwdukxkG2EgUGktLn-#*&g zE5?LPQE}|0vCoW}?QEJ7X;ic<)G3gBZtLV1_b+V}3{GPVShcZW?aBo+{cN&|bjJBx zmxxE5Ji1pjwBNNv-R3Lj>)o`n1{emE5;*hv#aZ|EA(OHydSv)n3oU!EpCmaplCwR} zYgx2g%ahwz4sQ;d((`O0_09(Ez01o|!rVuXGTyYaG+?IAX&+UtI@xCi@m7u2;?yAt z)2TbtB9FLHg~6tGHiR8DCX1-#--YxrDkaf`AfTJY%jdk*qgRIzdZ)-Q70kp&($lK zAUT_+dn#9YDaXr7jU-**yvEG-%<8GEnOUH!K{W|nKzw$xVgTi2%!vci>I3dg zlP^HrBajAW%)8Q8P8fp$v9vmy!!wfR?Wt%TE0%_?EwE6h>(xZZ-&{6m!iMHjnYpJg z!NQi+=o+}`ftSVx=<@VLR((O>zLFy@PWyc9ovy}QSbTcz@3k2OM#2`-56j79^Y0ku+6~&7S$$t-cFb%t;2WPTw|L~&7OBofER2fvQU#@=i z366Yy&5=CZ<3mJ?eP|{`w{Vtk#d()H1q;GP*59b|Hr6-vwYdiy?d_`(vAkryFn<(P zg|U9im|gTTs#Xv4zgv6RR8wZ8#@_S1EaINg4k*8T3peryz@k*FfrKXPDD!Il86m)`L{dNXM#wC4KM=A+tY zoSWm!&=MPx`Y3Uom!_^9Iyzue){G&R9;Tu?T*S^BN8$VkRD<#Cg318eytf;O1A?0B zOC4TDtY_=JOg%~OJ2T>BkhPvY^N1SbmN1Z7zV%f#-R-Ju2-ZGM%3hl&EYxav9bcfZt&Ex@A z8}HpA)R4Ucdk#%#eeOxIkmjlm>`jEEno%)SFQSXQWn%wfP;Rj0eSt6+tGT4wpRm$j zK-y47EuZA_poT#-oaUD2t((SR)b}%f#FoPTRLnu`Bqps<51n3C=v-D=Z{c9W3Y~mc3))pnmsj zjE?qjvY``=NC44dcY~z;P_?kpc%pjnb*4}6-lpN+1f#~XA+9UrRCM{`nJwggM)tiA z44^@%ed=zfjW7dOiqi{vU5UDZ@0FZu-VwOXeg?LUf`gPu z?a;wQ{4sfeWdsBV8`)IWJC3FohYF0<{#uQ5V6apSQWuj0nu`qrp%ROGMurEReJ!e~ zDw;KHjeY{O{&>&QV0ogI#az#uQ;pGh>ODgd4X?v|Hj%nBPTjd>q$^gM?|$AmnMN;E zZJmGC{#svSELw`kjcO(u2Hh}lB1(ImrUM97W$(2m^q$_YAlgQWxrj zXHF!Xq)k*cJ*<9TcBzM;rP%fAO}ryj>hW4L&zVTaGnPQO)H-O$-e>Cjw_#XDARiUzal?z#N!q5|wqsKB}Z@Avh_wUK}3~#MTTOr3;^eJg`7(IP*a5^t? z*AHT{wM$Ft2As?-!cM+{F0DjUp3I&)tg$|Iv)sFXSh~K~MmAv|O*#l>6$P#L*PPv) zNB6xT<$0K(N0eL%n?(y6Vo^n;tj4t_uEXyLhEd}i2)&roi6j5Ht{Jfc*T6Jtl{z%D z@Xip!7OGQAg>I56%u$x-E71cXd5_iRxsI(Tj^c0SYy53~+W@xHqgNXD9(TQuhkbLg z%jN6pwJUO+7;-2YYEFM$hEhAUl_uGb>XYp+)m$;1U;?pS1__E_!7eFoe^_21)?FHG~C z24&&YQel+{L7tYaxu;Pc3bP4stQN5qqk~>|c-Rq^x;A~^^tZ4|ajU=!-I9#$&kCJ# zb-Wb)()rP#W$i&B0d#1xF1OkaF*^JU7<+8Vz^G-< zi*Q@-<@yYRaK1C2n@`GG&?m5YAS%6Hx0H_S6E7tP%kyh&iK7ez(tOh@Pm<2reFMc+ zD73r|Z$O0Z!)W!~sJobX)H=%cQdG=~*&0NFpKmFByU*qL)(sTqg51zLQ-ht1KEXG! zZky>S{a&xsT2|ESJc7x(sqy&ja(bVg*Yo>aHZvG3ojPdyTXp}YN9J}}zL=e-kB)85 zqv)tEAJn6&0^KtJpG&;!=&W&S_+=^~keKUH@}gKew2EAGC>J|cnv0?s>s9&Jn@2Sj ziuMkH&(L0mK52@%WBZq0YLS}TBYZOUfL#Clm7*Apw-cjp$$F%-E~=&EPBak93By*@ zLqZv4wW_%hQWyUS=1c8h24sQ%2N?KvDJ# zN8@%*nfOjMExDGsS95a}N;ig0rOO(Kc$%8FHcVRD%7h4UO{iSK^^<-!H}_z!O8Xh0 zF%h&Ph#?<1?#OzqhUPxa(MHlSr(bH?mUtPoIAO-_uOwFc7kP+_a{HM=WC9Z+Gt01Q zji@B_wnLF`+54qVY#gzr-fa{U>wXrU9MV6RcsZuQxhP!gnU|N|PE?Zt3!|?qmuij* zrNM%@KE*4fx*4HTtI4?-%huvS_UZYDuF?Ca(CFCh7YfXp^PsoXeDqYNdTNZc*X#2p zJE6sd3TU?H zoO%}l3}xS1Oc)^W8<1gCgehS^i)Z?@n!MU%Aq>gV5Jh1qcL-28zMXkw9 z55i%Z)bga1JuGyV94oFQcr_7wF>Nhh`sK=nvzbIsJAyWg&}XSSjf$~p_R|)qcr*_T z_Tu@{ARU;1D?{th)QBwNFecgcmAVgPvx2UE<~f!j1raZ_SxfPva>7X&;cD*4T-e{IO^*@B6O@iSn;O}R?{7CcUlLCH}wVCqhp3PFGklTs!mPg)COVL6s0 zCELkDTbM)vr{uRKj20%kx(SXzsbizjuglc*sl?J|)moXT7mPYxNqCnD5t?y)0ko5; z?k0c+QAub|XomoOkcG->nVMWi=*=M5v7FL3h9-#!ahp&@M97YbHk6ybZQVSowh(iB z6I3I>Z<3O#PD zLM?<)>tNE{mU*=SYPYEBtNP<_(#R`e>iI(aOqkeruIh1n6$&$`uCaUpm0nMDGspB! zkxt8$&lo_%lo{zsV8TMC>Y=jV4>d!(;NLuDzwas|Rkv!YP@7Pa%K0l~5Q&Cj$nj}( z%=)G{2^M-sBgB%1tx0m401cZUo9wi1R7)jE45|6ba3^Kh^DxFnKwb`09=E8#&6XRf zcuy+cziGr7Dt2Q_ejhmsZG$_?LN&tG3+zxgD%6%$#_lSyZDBz>W~xnsRh-MBb7iWI z0#e+zQMq)KN~QXGX{9EO7$l|C(2aNNRb6DEM>XIUwUBr$(yj{9HJDmXEttkEXV6d^ zWaalOvG-wBjM=O|w-H82$+Ma0zOd?Q6f|C*(^p2!ts(`MK`v#)qb9^FQUVNPgJiw? zhLul~QXUG_|ISi9M~giKQ`I1ndMgXXVW|xikP5eYEs){f=n^L}b=WR?mt?BD{bxY( z>LnX+3m|NRDS7Nf%99cbgI;hKRbnQkY?H%<&5Vf`NjKPPe+qC-F!Z`F6pyRfZmjdD z!DI0(HGIR@@jz?f|aSF8_>^0`+AuRHYsGs+qi&PS9&o;Z>?$k*zV4 znwJi0m<;jGW;?o?oyeWds%36 z!YsjSR9R(}dZlbnD+`}rxk7W28jFU>iVQjJ$QoWXXvd3n88fC$DpTtV*BZ+3zug*S z2Sb4}Z0|CHcN4~)imG}58wyk{ZW!-kk?4ML5pRPm(~ z2FkHXZ`5a36656RX?IbxD^a#B(djbO2Aaww0cIYJ;7DJ!xomt((~#B#l_IRVGjl}W zO6;2!v^ES~0^Q3bO=dYdrDOUCR2MN-v*wVfFnOL_^^Zz*=X6v6jGwk8bOe>Sn2KiX zCyj5Fk|7pFKhkw^Gs+QCpJJl2fHnB~pM?9Bc~dG0SUKvCmDueN)VO`Ysd{#JvspO} z*S8EiwOPIYGxfVPY|DO>$$o|iR-sj*JftKGxvCMBm|3>i52YTUvgi7rWP|0H{&JP- z<=BEZ1pTr-uYThi3shI5QB*lpCnv0s5uEFwiSR^8%a+I!3?peucswysK-d7QraI8wj^dwQp#AeF&N1pH~PbaxZ>wYW1lu9wXqO|$?6g#Qy%ys2OZjGk; zt4#LeMwekVX=I{|QlJ7g!Bl+HC<7LGf6KxBmm8LHwf8SLGGkUW2uW%S)SGB3`)M;a zH>0LYN&9=KF=>$*e;jV5qHb)$>O-mr#vZ%3;8+W5@TST%3{#!egffKOUT>pV3sh!< z)7i=hXWkyYv=L1{MA|Ip-;Zg!cbW0JS(Uv({mKeVu}r-el^~CY63Qrd<>;L<^sZFR z<{%7F3Js$98>KXv2J47mNWKKik)p;n*o;d#tTICi{ZWQ4E~Ctro(hqwXVS4(>?7@@ z>a2g%{iWFcWt8Zqd1qi!85514a#}wUol7H3k`V{=hh{TXUS^_D%|t8{!odXbQ9>Vg zEQ*O1$O$H85oYYhCeZIwVt3K!qbw+8t+Y$C_8&1GLjvh-w*TX4BT%=)Vh-l19%K=8 z1dtB%+_DwWSlYE=F#1so{?y~(8IggI>>`hWmeSSdH8pxNRbyy`YIBKTU*cZ;_5eU|r-R*B31$YcxqhRpFJBWK?ybOl1xowM>ekNlD}AkWLGFN0U0S z1#eCpi!sMru7R!&13zMX1h_{6taUS4VlOJX3iV@CDC-{Xy!vqWJ9U7|`#+Q+PvH^# zfA;M&@gD&BraZk_{=k%A zecKC#+E?`(*VT5+WR`XSoiVPyd;{w7ELmvc^z0=?8|s&A4LnoCWS!c&Dsjxgr{Ql8 zU){2FlwEeBB%GU3Fd@q_a0+ko)Tx~5ZuY3zbLP%Nw%WmDt?I=~K)&5yeuR!r`gb4N z#=kg|E94|trDn(TMON|rH0ys?+NYnQ(d-fP9s-s=&B;;u*Txo%`S-6b_P@Q26R`gs zK3&|8{Z%3ovxP7WrEqwkEts8<#{K*qpMCs)>&5Q+-)m_250im^(f^LNVE+Hr|Np(z ze6Ig}cw!-!Bl_+}e98W|bNtBvXXEfI|J!%-{c8%aP89Na;sicl7@I7J<;BM)rm{uJ zv1$AaE+;lwoR(^Zyjj~=*;q$NIB=jO6^314Tbiq_y{o+q_&~F@wkCgA3SS({PWV?3 zgZg>wjBj|9%S+&7eN_{^t%V$sHF%M~hAscUx#x4^Ka3;bi@0LGF#G%1@ul$(l!7kn zzoQd4671LhkMCpqS3PYFvV5{rt&{m_9P9WDk#!I|E?dauiIc6vxnhnrP>#ghcyrTN9dZu zkLPlD32Zu-my&J876?)~h#~0OWrFxMB;W$Zm*!?*aaB*a_f|k)$dCx1ArZ0uAt8fdOG^(j z*-gw9r*b?Z_zCQ6n9qa#`Ql-S@5s$sd4WtO!{DErwX#5Pyq8-XKOq~2nDOn6IDZgfN6U52xG!HV2G*ToH2>3#= z2u>8T(>Nk!+djOK%FgBpl~<4!DQOG$3G(p*=@5qm1bapVgbaa!1GJ4WP^x9X5I7{v z+b0Zs1hlrl6kKV0GR%+h{+ae0KK$GH_W!UVH!(Xdl>;mJVr=6`Gltt(X6$J1Yz(tg zxk)^CV}#4ba2#KlzyZt$H^p;OQ$+%HJeQZ$@m;`9NNE55zN2guFJnco3xRNm6FT)` z`$acyS`sW0#=9FM2G;v|gPX=q;)r6Anm9rveqh|*REPHswLzLGb~jeuW$Xc@2uPu# zrVpB*(e@2U381AzlG@uqc1r|SESw0cayK5z5hk#CYzx>^$YrNm!2X=n3=Ys@*~YMl zo5OLpf!hVqMe#!DGfNc@WG8@iP|Ou^(l|V^S(11l*^Lb+3pt7I#>rx_AT~BOGc(gF zS)lNb8pFVCn8XpggBE#o#{ytc+c?m&z+r}+=?6cxcNDnN-ZL~nJKICi5bIC0Bo5)f z;_Xvy;yCyR$0E%0_;;L2RJ_2`aUR3k%ZCSp^4+ZC zK*JI4E84GY;x~21N4*im5sCOb5zOW#zycwEG$$Sz=6oS6PUgToPL>!>;_x^^V3>gE zho1<82ElO>ZYq#(&>Tfm+E|6~>yw?R^mZ$_h0I+)o=I-;z7oAXX_tgyH>i)Kw6=p*@Z-{%}D5sBr>X!r+U4d~Zj9Q2<1~p9nUwfx{IsTG)pN z7EvHsUrFg*avuM#)}gP2EPBU)Eaplkr;?H@J)kdKLgRafPUDf zf3;~QLPS~p3gzm(9@eh7IoJUW1mPv3U$tv+Hb8;ve8aab+ihfcNrXb6%YaFdZ|To= z?O3M)oo%A>`C2<^S_llx#RYKdTh?|DxQ(6NNdwXqirE+WV2ub!Dp>qKnvfJzUfV@@ z7+;tQtPP~o6w{reufCNWFE3wTFR%ZWoFr~e8vkQr{MZRVZ&a!`eu`VZmzbZ?H)#U9 zu9I6Z(+&;;XGDn(5d#er4ws|>yFdGTDft5!(FgxVD)UnHolRFsfsz|z{uOjTNioz}50wZs^BDS$Sme0>WE$b;?Xim$IyGosnL z(r7R{tzFS*Q`tK;=S%(zP%7dJ_!=Ec45l+4@VX^sThlCTY@KZ_?7?;pngxxfh?#fo z%y4!hM+kedfq%#Xu_D8PrwDk3fZEL#0#zPaazV9i%dWy1@r}(6;K7;6Y%%cYWy5hC zVBzzDO)rE6lDJfEJPcNUg;6hpJPBAQEXN!O`m6{6N37iZ>Awo)1meeLZ$!sBj zcO@x=2ys_h!HjI!CzUH=!wk?SpmYz5oyYz1UI`1%4J z>=WAI2UZoE2YiW$x96kfqC3Z1oA0sX!EZAh6dp;>_DW%&EFdlB(wOAqq-gfKvFqf`F_NzIdEUB{}(%9C? zzKhA!$xHl!`!!kNpH+B^Kg}FhI6~1EJh0e> zpC;%_#&#zu`dR%1yj^Kr@h2$?M=ps(h_l;I!cE|S6`2FvsGqWbzk#ry)m7;dZhQ&= zk+zZ6MG8aPu6{Q;KeV4Z#?pH@JO}YrT8ltHO(L*HW;Dfm^l73x#uJQqol+GmXg36s z+O^6L|B}cg5)6~Ox%%O~|LPkk8Pw7C-}^u9pE{MPh-Lb7gg}u}+W8>I*R9M9%~pM+v09)YOm7H}Mh(`C3OLC5*w%=$7@G{%zK*z_FhBsM@Qe5~ptjs`!)rBCx5m>q~>sR(~`ghG^{55x+w z>&^=CcJ%diWPF9Tp4lGv{zw+Spo4cj_%Eyw;8j%y^V_v)<+twakFMbhFi$H%Ad1j` zyYBsOBNjh6O3@yq5P}T{uosBpihwJJ%lkgP+RoS44){m@8@;-tC#_wat?g`;W*LpG zPy+^uGu_i9sbX##CxHu~CT;MLHg&s0C+J3azgori@&V!s0!BZ9KwIaJ2u$E0Do_{V z;ynU*iF_*nw*lAz;Bf+$CJ04;N&QfaFR-_Q0pCmAPwYgR-AB}o zW@oTP@j|WugeyOkQU(W@RXju`3k3IsEAIJTT7P0s+PZuLt)2-PY+gK2Uw<5_Ke1bF z9X}%VlVj5Z*~I~e2*9+&%~9Aa|A+e1hW0U$*&v3`jaTdt>ngq8%4@KHL~zjeQu#Bx zvTgpcdB2V%e2z*Xhn<$mVFO>*CyDIPgFe7Sew*hDga{A}ha%jf2=FLoz6@aT2slCj zJPPB8z;Yem24w@ceE>WHINFYd5*BmVz~)mZU!6444?hA^7remxw=8N%6r^(yq!aFu zMzglJSBj3klBr!qh3U_<2LUVK)=yQ29AI(?U=i5!n5krHTnA0CB7F1>ZaSo4!;(3Q zz(zJ-(hr!y$&=UKLY6=w^8eGE2LayhUl8My&G0Rx3t*k&3dUwH_c zO3a5-ctDQ@e*t;`RuCW&DC}sVL^)?mM99qT3GlW+Rc0%#bp+n807xo#c>u#aQJl#Z za;)I?K5JJB+g!gig*Ubx4s73{KmwSYn4g9Oo&XXvtqn;N22>p(Sn!o7GyvsQxUf6m zvceC+QObNGUAv;gXVtE%cCP8GF}(=WgFuvu2eae&5^;wPsR&ZFA-9$2ABiv(p(2E- zK!1ZuB>)nHpp;y#tv@miJLK4!EfFX4!N$0xkFaFDIUQ-EAV#!z|~cZ-MBn~L<}P%-Q8FbmuffVls;boO79js zpTt+jYZNgTKfY0C*qgFSWE2b2kk3erTWJAOkz-cW3`1u&%F)!U>b&K4R$? zEMM@*zp#0c9TrJQ{8yOW&Z_o;x`y1q`0I3P_RL42UTNCll~ejhe#pQbxu0{>6M&A_%2B&-R* zt3FxD+&HdS)G;@|m(s7d3%z`h|NblU7m*Dv-_DT+1ig!FMEFESSVe~Ud{XD?Si`zO zZ*~eOA%2x;e5CVV~O^8faT?kMZ0t$dUxcnoi_;0%b*_Qsvkbh9y z1q-~W_+K!;lJ+{fNcRNl278s6EMp(cV?Tn9 z|8}H^_z4_-3j1R^fchckBP%v+RT$nL$*dVT%Crnn5S>ruq!i7b&gE7)+^&3?!BZ8YtW zHZXgV+h|f4y4^fBw(Wl9tzSczf}a0`1b@J!|GxQ1R+I$g<{KcAZQA0G>BAvc2^pZ(tm8B%;y&!Cuh?4o4YODTN0_GA z^BInK?htR}`!Uq<8O*=PB<#i}f3TCgyZ(sh3qblKu#@YQVt&!CVFbn+OVVt$Eri!c%fR_ry3%IUG8}XgVCw@KtKhA-# z%Ky?Oq2ISQ`t$i;kOL;V0jEizjP$105K?K+LyL` zFUnjm?-O(=K-fTI?i}!GLx6uW;9%Q<@NV;?B3dsJ9CGu7{lk2GJ7No|JgWpg*fzq6 z2Rlbntau!;^=L^NP@aM6z_U&qnCzaGHc*t~4)pmfN7_J;$k5$pAi$Bk+qpP9+1t3- zJ2(&OqR|Be`@zEkyd(UPhhTr706+f-@DXkUzti9hB?_L_k+K605A#x{JwftaX2z!S zViRLQ^31eYQBJI~=2%c??E5;E{#-D9dU^n`Wv2}j9n&l@PvCgq2@tvi7pR9KGWK6i zx?djuU2}4NyO@1p{M$Q#WX~U*|72@p|11B~xAXbmJn`?w|3}%MfY<7Sc>po95$x-y zXMzuBfUn6(q_o7rkOB&dSoo=8K_uW~Q~RTUUdNDcQ$;~LKS(=}2KGJ1BAKf=!q~P= zMD40#EZ9cJk4+MCIEvE{It+aqhfdxBfIVxU9ROKMdrmpZ6`_g`kar(g^WC|AJMAAt z&S6o;yty9Ah^wp85^r}$Ac6SzfosqsNGc^5hLIqNl7Tk14v0SdnGh}vIFQUwa5n}~ z=6@B?1v@3(ltHn!Ah9yw3cK+E2nFn6_%PzCj0t}#PVC}jEpltfD2Z;ohYL8w(upI{M*vpDN&9Y$PSzzLDZ)@ zA>H2C8guS=V<9b*0%4{?C2Qy3!}AN z1im5wzo{mh~Ah4-)Ya81*fYq=wx}qIWp#=Jb zM>2u~B8=M?oFqQtj#sRS@7Ke&GCC(P{DcOeOiuX0)>%+@M??TXkJ<}X!Y~w&4CE)} zhJ<$8=YOT^q&xlp{f^^*qg8(R%op^3Tl=p1zm21f^fJ_MN_K<)-1k_SzJK2_v~kbtZspa`&^5QGIRU``f5sDeD!NODux0=~UnQT1Yylqle&2Tc$_EGl*)%xHBo;_3z&>cuCKzxH#5CAk9+KD; zVKyKeSRxsq3}hc>8raNkg}7)scOA$d3Y^9XAnQS!!rrkMTYw#&LNOl%ok6TI8SH_~ z1XyGXSaEKM1>6Q*h7tELAgLq&2tctS90u5JAs+#u0%wX9oWLJ#0e2w}Bpy-F*A4+g zdIj-qE1yT!Qt-=rz5~Qdr#k_$HZ&W>4GQUqQ*3Ae0;2p0^fw4Hx0TrT2jmPh209qE$YlnIRi#uv%z>27RKv-r)z=>xM;ne(_)>{|IqrYQ&G0Be;1#rKJQyE=q`AMNv% z0PO6)sOB@r(R{JSe?u0iuZy3%ts0Qi7)deB5d$j0>;J9LM|bN#5S9PQ^S_)N!TGPh z&j0$47X41eey;z&#i`w?$d5jLLH~2Gb?kEfr>(uMt;4VLe?DU5fAE9y{Ld(~8*~PO zz~R4Cw^^VTO^=E_d-l-j^a&FtI7Khmv13PYTFsj`Z=ODV+VbpqLqh|VO5M0|vx`ogoM!TdlwYst=n^HO3Ap9?4*9M#=oN!oKvcJ&;of!XoB#q za;d=IqSv&>CBlQLu8W#hhy&LQuRULrarkl0o@Uv3qWS#e_crDn6=z*ZeD&tVIrfbbmFARQ>IQUn_fO+W`($9mhuGBMU_?6#i+&0maka3YIV(; z>^W=Kt>3V5)8;KA+14F9ckSLIFWO$Wci;X4jhh<|9yxmK_$D(Q(&;m2&z=5_a;7h2 zc)qz=$1Lq|)7^XbAIzj+o&dhKnCLw1WAgm(*H3zrQ|>%OlMVc-A-l%C)`Xp#pFnx) zeKcv_TSJU64v@;|%Z<}n=!wrXC)1_Jej~(KC6yy?-_}G&8A+4NJ=oOYvE{${a|ILX9J?_l}tJ!f+sZA>K2M?n|!^ly&U z&}FsC^LHEzv|4*`vrX>y9vLb7H*jW-up~TMX!K}%QV{JScC(Q7c>T7i+oZC$)w#8@ zZL{iR+s@cN{V$rYe5(8Rv5=nWZZWIHugy(r(M;Cj9PN7(m*?PQskyi@ zR)V@C=onfW)_L_^DSixE(7&SMft%edsD|>#Vary^pGPZ}d9s_F=H=c!mi2N49&2}i z0v!(0Ut@UE{di5?aczq=tH<@)N$Jy+r8d$Y!qY9K`NL1eIH95j%Aerv2Ffn)OU!c4 z+g~{T{CR@mYQ1d}-?`n_JG5%-7;$!z<#YtL=_% zgGP>D*jjtlE-7nmPQ>cj7WcCZ*A`7t)1~JYB>eUJ-G}mgH96LrPu~iyxEY*NvpRF+ z{ugcoTLvy%X#LN6{G~s5^roA}YSQA&k+;q;ROgO9e$%_+#MT8XQL4%4y3tO)e$-|IHKHo|@X3W2W*u;Q1vjBu=F0I+_&&2p@(Hv7m=nWiq0p15 zLq}Iq|DKcS>=s>FU?P@oLz_!g4JRia@|u6$Sa;d|>qLkcGj$wRW)SC6mO(Wz9%CkR zK+`MJ+*N+hnRV0iH?rkW+NsD(&Gc3ikHCf6vxoIv zn?_64XP$dOCv3TLKRsl=MUREMZ*319VjFcQd|1Iqj9XtLk=MWmYkHUk)Ss9OIafb9Qn}cB*3q1~ab=hC?hj^# z-J=}D7^)peIO2XGz<1A*=A}jc+qpvyR*K9my$1Z;)U!%;F5KO zTM@@qpWZxRhgJ1xy?>-?oE0mKE3p}{X}WZXXw|8|(w3s=`=*xApC5O4zJ9K=={?&j zmwH1{dxUNCx=9z#51zPv z&(RmQQwImH+AB|j$aUmg_lGrDKVrZeXKB&H^y)vX1~b>Xz%!WMMs}fd{4drGEgKyL z;d-qwyt^wXcZtu4tZ;i;#kG4aRe(8r)oJR#-K?4WbDf1cyyNmBQ|(L9{+>e#^y zy6U=HclAu|q8)|~wW}G~nwUr!U3CB0k?bQTy`M|Znf#?@zsoP*s-=GT%8ME5YaaK# zGV-qhF$+o7V|u(gxybFX9Vz#v*mm%pSUYHEgX)Ru{hp~_5rufWay&Nq2}o$G-y5Bcxj`s7CQAX6dyOj&Hh$e%7}lGZB3e^?>?WsIsW$>hs~wzrFAvaojhzE z_*fr8g2T`!e@5%Q+bHdM;MJ&wmRC2fdbnM0!>egc<4h*ozn!XSk>MR!KPmKyU&J5l zL&uGw>JI4bm}F0+$p11 zu~EzHmtb!tPbR)1p&!p2HruywgH7vNZEN!zxpP?MYgVMxB`!3DgVV@1{+i8qB74Rc z9GicyH`9{nb#c4StxX%tsXl|*JMyu%de7!hn4+Q{Cf`uM8dGZ>;gEPZ4`t{q-Mr=K zV_u3r>ROXy`HJh0g<}Sy8h0Oy3r~DJN>G~AvZ-Ms>iWZs)eQ8@CChjJwTn+``XiK* zC6yC~wB+d<^xZVQeAl?pHMdfshV-pr#=Wrj3l}j^Msn$Xr(@5i@)w}=izyg!;PdkN zZ*RFysj0U-_I%bf28uRq+mR$g5!ASoVt;(wv2*VIXTN!SSKr8{sd$K(Mcj4IKjgK+ z^Vy|~2mEuN>F0&Pwp{TQ)BSHpWt`q}?5MKjmTewdpfa1N@b8CyZ1U+h1vsA)&lqXpA;t#Pk)Xwtt*p=7!B z(xqqa@bd_%8I=F&O_@ACuB0RMvhZ{uid`yu`dM1OwazkXB?f4&^BtK#dCiys{WZsQ8F zSlhK718$iT*YzauPN$!B^Q?pN2=T7ZcALQY)5Wx(ME=EMfCnDrQ$|9$-4yis_9!>x zck`(8XGwX#d;HUnJJ^2qaU}fFv6sG^5*$BU0*I7+sQ~0)cW|D2H(Y!l2LDw3Ag%r9 zDd-5=e6|&!m=DN60%EakAru7yPZZl8m+1iLWyS*B6JH3fWX9S$(Be`hv2m&F?mF4l z)rQuY&QApVJ8Jk4^7m=7ZS22L+L!od(^+u5fARslUz-1a#2N5knE%1$uJgZ>1MQdp z_wy6?54viNY_$Kk=f7KnDA7-r*B?aouVUIb@Wt`}1I~c|()g!+bpE@et;4VJ|5If2 z*ZJ>1h0XtKEBV~`e-HWi@F3%FCFZl^-v%69?d15O{by@q<7EFU{`;+b{x|n4{=utG!Iyz$g||A2srQ_E`)oYK(LG_n|MWlfvE?ND+`d?Z(r zARY_i#iEStlGS_sqDMOh#Hf&Z#&brkTwDF@*)tV&jh==M`_9}ue)DA-KQVj8IwDC0 zg~cbQrBkUCemajHzcea38cS4JSY7RDZ?J90PBluOOINR!mgLqqH1z7}Oi`uWzW2za zj|R;xWE5+7_IRnMr)QclXU@EN!$&1KIlE-$q=UFK9!r@}PzYLX)T%PXCnDU-lj&n? zMZ=%~Js>2EYlH?tijXiuCK3`Z`9w%K%9N!H31E zLe$XqWxrR}@t!`YymbENd0nkHj7`^DuRbAv-!QK5ItiIG$TP z!tL?}=+c!Dl*?o{Q`6fc$vw~AzjN=U>GcQKplVce`csC7s4ZPU$K(8 z^Lj?%SsWRsVP@{+Ww!R(`RJii)QGWjp08UP5A__8Tv6a4?;};w3o>r5ex7iwbvP9C zmeP`5(J)uWd?h-Vhx66gYlX)Yi*E0~!j`Wl^~nPImgEN-o^fbYOcqHmL{?{8Ny8!NKBMzx;U&mnQ9rUOjfm zpF5@6_cT0Q*K9c1xX-;!OQ!JVmeO-Cm##N@X}bHi(`+_u#G7k)ep~Xi^C(!?V|x0q zTl?nqPFeeM=S%AeIMzAI({(ycHn{Dqxg#tz=CFFYue&i>xO{6;RezcezQ=eCT}3Wc;c?3*pV^0-u#QnVW}{f+9LF%-WU;Dz%Dpg_o1V_^UdLjRD@7a2XeLeuIrm~q zhFa>B>%ME;uSwd!#wlh53ij=t%Z?mVC}Kdc;{)&xFK@6_HiVUfc^u_G+rbE6-ocFfwY!45ROQb+U@J zP_K`8BnPuJmv_hS=y+etR483 zyf&|SSI5ZOaMwn!*_%>)WU$&8c-PwEQ~ z@e*vqL*?jn5W^P=ylkPw+?Ejo&{YlPzqFGRO;Lw2#NP7w1Z>4A*Fw=Fs8gAOL0vz3 z2y*1LP&W$_YAQzb9KSq@gpiyTpzz3w1fYWFQo(l%#_i(o%AI44M5|^MOF-3}BB=L7 zPDVi&JX(Gffb54H?1quxr%&4+FuCj@pgCmxRWJM^{Ph^`36TZx79@9nx#qvU5$i24 zKcZ32BLfOK2gdX;Wk=-KcX9oDmo3C2{)G_3N3;7hrcB;@`E*4+von(IKIwlx^S$Yr zlGtzak#TcXg23qHl`tBS{4jiQ%jiEKChw9h4bsrfLZt#zUFt8vYxh;?9};J#?O>Js zEsNQsA$tk+fx^zO${yVv0epRv)Wyn*_Et40x)mz8i*wURaAI&73P&wC!FzO(2oJ%w zIq}s2*7?;C-@Ob7K*&{M@}%=2Smv-8SgqSDG}}={=%1j$u>8pS@kJyhg4J6L-p@TP zhPe5_>A$$}c9IY0$3#M4)aGF(((M!Pb2DX8cZ0W)qz}9iAJYmAS;GAC&Nx&T5R~W{ z!X!oek^qP-zkjj}FiNR6{>n^$x{SxG#9irXqO#HNgA5bBA~v~Oe@XbKX)OC7IrA$B z{Ef!Oi|rG!S9{(*K5VTvnUk&Y=~h4o_TqCGgQdOYTY)#hC_?gG13Xdi0v@5)h+7WT+;KX zu9B&d`v*6!(hoi_kq55|X}|JfQwxZvBN+j2y+S|h{~^>Iy!S!)uI8EIY1a3^hYToA z!9Y!JMocAxDh=U@CncLJ+i(IYS`3^?Og0fUWV%*sj5d8DvK@;@Vm<*b^cy4Ehk$_& z)%f?)*hiTc(ZqLEy}j_E=Q3@nfJs&jT#ycfn(5@D=coSZ1eDzPZBvT)dxYpaJT6+8 zbfoU#LAt^gzZNFRmAYIw=dcY{(*D4SlK@4}@y)n!a;Gyk-EbeEPv)m(~-0~*g=(C6o#GyIdf7=OIt zUe%u5FhUhH#Ox}*6Z_sp%R6e0)7?0-)(GzfX?-zO$^&wr$VY%*-im@ery*yH|619Y zBk+)|X|GA_mG_tFl6U}GdhhdB+PkPeKBFK$esA-~xkB}(a;}qBQ&U?eT?FpVlOxuw43_Ai(=q%Ao9=s>1$#I!WM7#cpgVU)%9$PM}_QjB6rt4Pvi za^UP0a#Z3N$3LE$Yt@yWMXXjU09P~GCD-g>VT`D6J7Bb|S0OJpQ1G-JT3gDh4`4gS z2M?bz!~UrHl91G#t$(>(6~165Q6@(@9W7alQ*^c)w4JK_2p}3|A2~Mc8~x{>bf3^@ zY)EOnththf|EgONoS;VT?MD+RIn=i4?iuliGg=@pcWmIBbD#XyT-EP^>c;c%XH47R z)U_e1B3P_)Kg(g$^#kdDu%rkDH!6|fk39oF(D4fU=i1$K#DhPJL=+CyQ?C~?!oO!K zzh;z34gO@cb(tRbclYV%pf!Q5tGEfpodDLLtv{Q;LkX0&Vx9zknc2L4p{=x@)hx4r zB6V4(jQV*Z^}5Rfi5(#hl2Uu1Lv;Q4;D=lS`2-*ROf8QC|Xs1-l8@4qtNt=sKPl2lbfhXEB2`VV7^p2ZH8#QMZVD^13>0pcE^V)J?8iV<<<>T!+Lam^EP ztp{=K1o3Zp;=8otd!EJj#l;U)$G@G3A3BI1AwZAupeMA^Q_s*dap<{f^!tNY`S`d| zc(m4GP`PzBZz}a<3ZYIay;~|td@A!{VsA}K?nLTCUJREGh6jsB zn2Uk-U`SRmWH%U!DM+(e8nsOtZEzZWZW?1x8uL_|#(WwZLpq0SI;Tx~)kPY2ZaRNY zx*$4@cQqZ(kRisGE+U&D6`UdCPAQq2p|F}E(37FWkg2wsrXriE6`VBu7}D(y5XAvQa&xH|z*Fv!k)wQd-Fz|GLJgBV z&upru8wWq#H1{dUl1+g$x=^&XFplq;vM6N0y$HBnpl?#7g)V~E7QsyNgei)M;1Ebl z&JIH{GrR=i0c}DS0RM+>3>3i)wG^{_;W4HwE8puqW;SDohzeU5VO7=CO@ii%*^!9FX3V z8-fPCp91|rm&o^)F@1~N8v{-zqOz@_>!>2SSxauUhQXQuw3#>7iu5w@m zD%C;gRfwG#fxISFQF@hGdRVsB3cIz6#I+h-lRVj>{Fe#Xkl<>2SZ#h?jnY)Lz-kFk zZv_OA3q$5|@Yj7>Eh*@&Gxo^5zeWQEFAAH`pf+0wHn*0(t}eBwUL9S`r9zxdoiB{j zQIo5Om^5xM6wT(<8cpZ#ggXT^1X97d9bxzREX*y<~mh6NE$a+&h6wi~0_}Dft zA`MuhR|J;N$79MQJ1L@K%W0AY+)o1uZu2NkS}El-ndEcL^sr7gc=mPmLIRn)40z)F zzQ>Rm(D{!sq`WBkiz|iE;*XfxL+~Lphp6T?H?^5lnW}V3j@=RCH?+QDi4PEa- zG65p$(*u~gHG;cTiKvSCGT0$mD9?0;3kwAX`IN+NB_b+sUrw`OkQfH+m<9r1Kw+&6 zjV_d{qB+^?8Q4B{Fb0&)1Q0_?*Qsg9Vg#xZHQ6XB`7q!Z&x};N^!j`{VU-?kRgKkG zFFVZWvH5+0KYO)r`ZyW--@*HvXQX?@=t~58yO@X>)%t5f+hdsq>4*lt=x6QO4Q3G! z9`+5k_za$|XV(51+&LNiA@Jrh^lcQ=+v}OGUwv<3p`HKw24S)|h&>KJ3`bai`%gXe zKQMs$e_#M5zz^^W!12HI;l)0@d*4+?|F=H8c$mIX%~P@{VCGCXKr)X`PavOMxgmQp zqh#XZnp`kjr1jcIE+3+QinQ~O)YT%BBrx~TWs~!a#u%W|)FmY4)DtuFjWhDIv1-Q9S=6q@2wQs8gu>MYg%FD<7k!#C5)FN)Q?pB{BH$O@$vSpTGevC>e3B!IZdLM&LcD#N$Bf7XYvyI7jP$~77EhA~GtY?J!O%V27`A|oDOsC=T-TA6^* zSRxVkj!37l$x&+kpdj`*bjGtJHyX@8BZmJ4C-yTMH zN@FkWL7PMcw~i8wB1TDU)rCqTiPl9W-t9XvDFNH1KEJ)uLc){e4yQT(T9@BX#mz)B zNco%n8A#y|;hY+;{Pt@;aY1$>$4!DTDo;o|kQZ#UKOowlO|I@DxmZY$7#iR59^O1~ zz_!dsLD9L2BF20@+eP__6;v!2Rb5mKjGYTqB(a68j?w;S1G34q3F3mt^#Ho#)jv*g z8Tq_8ZOuzp`$%gfONs4G&kA&kq;Jv!T$3W+dY2Q~pEvHH)%!WrD0NMaTijAT?qdCk zylif#bd?O>4q)rf+?|9>MYFjN1ZMr1w5#oLxf;&!IbLUPiP$HW%7?;D@I(syz3 z+3U8aXL+Bq+Hc)x7%LtaX&(@!tA!7gF%NsL4yCk+NjHqnQ0E6ys(WS^nq(DX^VDo8 zW%$bpDCyL=>FLY$=&C6dH0$a3>C=?y=xcOz6(}hQT1STf&f#~PJ+j-}or7fg_ZC)wO4M$m|=lE2(IGX5wWEGExk3Q#vl;non zi+Ye^Eb&l+o#Fi`NZ_Oujbj8tkJ_qvIMJ>IA9FjRG5t1&qWLIK_o1khWgH<(+^%mU zyp=XF*MNuW;2kwLm7U}Z?y(v4iwHJ@6s@K3(_;Ha)! zd5_a)`e#wB2Kynt_L#xsdJOnlXb1qMs%L2l5VYP9a0 zR3*%{duh7DM-@C~r&oKK=9cbXv#ec%vy5$D1&{f5J4~T-Od6^=vYgY8qM?qqJ&!r; zNXnBeMsyHSVhZpJXvm`OMFM2V9`P(RfCY)NHh$fXXVtomd|aqtq7f$+CfsAiP4X2O zhX`)LAOM}bY>u=y*ICW{_~%dRixlz=)tWW67I06!!JN~6*}ELkKfhU@ zwv-Z;Ub1`vO4opI(0p=8EBH9!DraU**rY~?hd@Tp*__(RopcwhXc0%)pA6Y<*X>~+ zwwa8LgeOOppw%V?H!B&)BIkMOTgpe{-7kC|XG!R}$G{#NEI7f2_NE}oXYrew6#sX0 z;sIm;setAG8J#LI|Cgh4NNObizt*bSm;b}jHEYa$|K+fz>7B9fXx7F{KF8j7%$aP83O?pHg9Q zS!-I9YgM(H5~@iGm8-^0C`_2FMh6C$C_b7gXc&jCAlZ1R`VpKpxnH} z^-xYp+4m$0Lxek;hsVP8yI<8-al$1H+@=x}1}@Gj&@pm|8$H{#<9tdKkmS2y^r4zg zovJdWknI&}tt3H1SlA2)eyHwCPmn25jDKs};F!MXt`#M6*79dCzC%>S@MiCuwD5V&5_?{r zic*SeZ?Jl<3rn{1?V3_OdYHFrt&SqfCy?w`;A}r1N@gi;Ta>EFtuDyh>vn_q+89hf zpm|hzycpxIP(cN*}vHN{c?RHxfF-nC&`pZge z_3PCRK7k*1+T2eU284Km&DuP}SK3A9?9&#w>CBV}=8`%7@b9G)v~mEI3-p_zw3Zu6 zF2Y6~v<^6&zXtEfqFz1X!{n>b28~&dJ2t{BDgDT{bdRLH?R7Q@6R!I)Jx-n0DVC9) zA9*}YVVuRPulatX1T-=`$R9GX`+PtK?WL82q%SMi{Q65&KH5`|EtE6UdsIz730>GT z_M>q4WspKq8=ECdm8OwF{N!~9L4+E`C1aQpj6VIz2me29xk;k)Lde z%V0cYe3QMj1g<=8*?9qc~xr8eAkw_{FDkCH%lo?sRT0T4KDp90fP9p)SR6^LG`o}nf4b8F zC8B#qVlldY@sk9E*a0W2NSc7(NvtvhX2#E%zZ*!v`w(;GH$Jrcht6D3I-`80 zv;2)JSC}V$xo)v*ff?{mj;4$&zj&hFJFvro-=bNq3IA<=x8a#$Pk#JD_rsEfVF@AY zXse?svnQ`&mi~)ReByK(?v9t#$Eo{4tNTr&{=9a1zMt-8cTBqejcAc%a<3m)^22Xk zjd*u;ZOgTpeK{2T>3T03dCz~Rtos(4rHqSj7XO?j{jwpp%HVl^P-GuxMmimlvU)i5 zbdWRbEr!Afm1IEhR^~^(Ea#c=+2>`C4m50)`D?K;;E)-lmlMgz&W?YLQ1#(25lD({ zYJj@}G z9Cxb}d(bLDKZv_0sWY5vYNF)}@C_lfRjSr#gP~F@-0edi_UGCLb*u4<7+kM`tcR&? z3$PC=A@4iel!#(Fel9r7NV7ApdUikU*vs^gWe9=kK5I=4^&i#xMc<@~ zzeo<|aA8lDOngqnZU>LA;Cv_>#g|l)Zi;i^2Kr8_q}SUmKr4B*b*D}9eq>ghM)IrA zqp1AT$=PHgdB5WHEY|$8YGx~i18(%Bkz$!0r$7Nu^o+y4DR!LtsmQ8H6IEE7{f1f< zZ({DO$G%_g6T(XIXAFk!P_w*GB-MPa3`CELRI+h1Gv(uiSb|)0R!KNYe3yhn(At%l=oHC7skY4$g8`QX8VwLYnpVM~v3k z-j`L(Uk@k^)NLH$XhPLvbtjq=s~20QEhvX-mn=Z$kCte{a@13$k!d4~DB7$5!%747 zRo)4QPGy>xV55<#wKu(=T3bk)B)gCt`Y}<>Urtr6pRQR4_|X(Ea(+vs-v#^OCLv00 zv7-2ZhY$a|75lg*LS}&NkHO9g`i1)(?Di#?0Bc3iNZmlTxBVE)qCqAXpB;SGM*-Oj zY@!;dr%ITCCe>7FFn!lxuBRota)jh@GjN&gGdY$_?m$3q;9a~0jwLGe-8PkH$m$vB z-cG4TkBK3($Pbkp8SEf=Rdckcnj=KzdW3!mE+m<>3+?(nGECF*r`N9TD05Q9px^FT z$_celnlmByH9N&{c<1v!wWmOOu6R+?Ne974JjpQ2bLu)f zJkbzM+0P8sl!a7^E}g-|Mm3CYN|x^UTo#hQse4-%a0(qI@BFoYvB%`YePW`{QH{KjAz2jsl5dOE>p6QoK7%8An$&sQ zyh@D+qHcJ{2E@|K>j_(7t)Vw{m$9f@_qeOu!1HkLbN_|1XieCafEFTTCX+Y798w(} zK&B~7K5k}WA$+g-{64%IjPGXFA{H?4#$xlp{7YOU1Fw%2ouQ7TS%(Hv-6xW5(!@+U zN^#7RwFXdC9VHM1A)T-j4l=LC2l2Zhm8?;EJ}9>(?@elNcD8VF!f1QU%byz2FDoB~ zzS1=ff=E~+=_jMhGGEMBSe#w?)2*QNf*^dAF?e0Z8yu({PKY};){!^BOgq|^%dx2< zmTx822p&rxXiUj1VrUZM*zJ9dAEzj-{{s~JsvDvC>j0IsFb6_M<**bXY?ko0I6v~e)U->_(95! zOrkRu#e5CE?oI?wrCeGI<1wHY4}A)05V#IZ+zLiL9uq>Jc0U>Ad>Bnsi($xx?7A7a zberKVc~iQ_vG?dd?C~Yi#jv6we6{)lt7*bF=~@&S8j{X}!D+y!8QLm|Z)!3gTqY~I zLsV+*9fFMXf{nWO9%$;~vsBtMw%GiTR#MVU>*dUP-xhEb4Y#G&<6(&X{VCZLAoR`; zeg6y#d1w-1%mzA9%kgbOmiDdvyPeD9a1h-dmgO2jdf{hj#h|H{ocW-h(+7zy=5{SEnd@U>Z?4Ds# zV&yeoRAG~0PG2mNTZq`sWjQK5TGbzE!^d2p?sJQQb>8X-LcE07-O}vao49*_3h0?E z$TAoWvqfdLSkZ)(HsqEBxezn=#v*Ny485kF@Y08JD6YIjo`kY0HfZK*89lU&jH)~| zCaGAroV6~x6Ic8k6Pra;D#a+QEQc>vhgGPH6-hAEuH)D3El--N(99Evyr@t)#xp@6 z)uAQy@s&Eagjcm9)$U~${QMoDDw{PtXGRgdmh5MY#Ex}Ux*o_$bje?Tet*4ExsYmC zsIi9!Uchno=20bx9}=lof)^6Ga8qR%QjUgJk|rc2>s16Z)_P7?`PYa{6IB}})L{9` z$!?3X8LCr}wdwp-8a^dKy#_V^!RF(l>(x5YZC&m(9{*%r#I4?aC$yfFzg}NOx9PU- z-Bh)jiSW>E&6mac`Xd6m_=XgZx-dk2+Q)`dbP~%N_8?ejfH7y7gWnz7nA*{}q1QO< zSD)t*qA%AJ%85^$P@6_w)mqYIHr*8YvHoB>cl?&>@-}zRqtf}J?%-DN(4*kwxS2hn z+1#X|)uZ$;W5JnUC7NHC*sjG06HS)i07f-`?``>6SI!WcKQrBGi3@G*E&t@vti|7A zw%Ya-4gZ-J9gy2bDBmV1-||?u{c_6Go4-wfxEcJX?eR_Pq)hvNrhY2BHd)Ws*E*0a zXu&-{v5Fm@Y`xGU&jKU6nlf~UwcLN(y}7NcQ^(b6|7pKB4rx*)?p*WBE|cqwHtGDj z_U6GKK@Z~g#(-z#7#DvWWwReZNU<5iU@_W55dZrk9JycrF z`+6R)=4i}74N4l^Yzf?%db*kP4NmaB-0Cd$;%UqETg-G;FE=0R_E}SOG|lwuO$iX3 z)Y|Lg4XX_dC-&(P4R~LmR!{m&^YK2;^!G3g7S_jp&F}y2kC#_JSl*TSrM_D%sAZvV zK={v_PfYsyt9oboZ|6M+{f-+qPu~9O%RIq$tL8=dpX>K+{TUdU!7=d&HG=Z=O9qrr z296Wqw6mGoSOG1j#zpyF8s_0i^Zx$T_Uzt<#y>-zoH9{vwRWLEws=p!zkKeUM4ExYzBbh4 zaq<4@C{22PP*8fhsfJr5HY(Z=ZH7?i=OpKks1k=JD)gKnS;`8WKE2okCW8 zx+V#T>P*{Lt7W$E06^6y%|CMZc>-c>K`f-Ek-LbR`+!RG0w@&7Fr~wp;XZ-{=1rK+o5r%Y$Qkf|)S=UwP>ubXj)q2Kw}&)OCI8*X1uznQiPu$pQ$4ajX(LeO1!y@ ziDw;39mi73

    ?UjI?ttje zp~b3>2str+9?OUC6jf-Tj$S_~p*sq3LyDzD6nnPQ1&|5hj-c#k>FRE~IkJbOKG4k0 zZY}a66c?Ju^X9uLIug#WomFDvwYbiPp#>fJJyxZoQy>__BY@E_a6wX?Gi^1ToHEt< z>vRzkv5aXZ8mY9n>+cEFZ+>{JJNQ8AqiYwaJ+)c0zA+}z4yEWBw-1kd{1@tCo*pYX z(*`{2oMT~EAtN!_7OdSh^?c5n^gR8(v2(-kLT#)SL*nQRFveQP1C!#{(h>IV8S|;IuAkz+kxxiYR=A!xobs9STNK zmQSXt$xQUlB=5)PIa(>eVv_&>3AIZFNvn2^J$@cVv%%bqjSF-88109CFPIMri3%YU zi9K(LfpRDqinfvhiS$_>#u5Y0_fHoFRpnBzA8dqP63tcY`H5s3%q88(% zHVB5~n?@@I3A!3-)TZ8U?b4Mn;5oIirz>&?G7SovaJxY@N%bBA2`%~JWD1HdpNr9X zL7u&Q08=5Qc&f`0<)2)IV0#J-zBW3~;}e1syA_9Rj;i>}Ye z5w1FOQ#q`v+}ncma4k&wuU9}h=PjIYlygEc%O?_3L9+~>3t)%_yY^4b=*S0my3*X* zEV_w+ z=q+WrWQ+%?<$aPy)QA(F8T&ON!ijf{LPf9l0Y0WY-5(1OoBoiNZZ6+VUtnstCJD6> zCep~NFn`I5DGx1-8 zCuNQ_k^TSzS+tN$pAgOA1GP_HboUP3(%3$Yw$wtibtBUJSYK=&bDrwO>g?elQV77& z^Aa#q(5H3+!bT!L6su zO+KhT&<<@*_c)iguQYsP$9ubH{`EIdrryfB)+av*#Slo!XM-jh0KkiH3Mv$^-d5!>X{`C$TBX+oo?dk`Rd58S{^Ld->T}#}+HOtk9<+|e$B#I|0`<&Ci_O@jB~yClFd|w&WN16kF_jPMagqsLmZ*CQ(M@oV#UL)aNF^+s;iI(bKa)J z)-$mIm!y50UM_K=&cFAw$^Cs!q;vA8dLKt78PA`1OssC=Yc~h~G&ql)SYJnscLm(P zIX8N{I{Wo8EE7 z;^nJnC(r4+S9r;Lr!Gl+Ll5MODKS1h&x{U}^_dPNxSR6zANUE`tqkMUs7|Ba-TxPg z>#%j@okMQj?-KF(_Osio+d1XIpLIFX11VQ>%Wt;=TH^jzM6pOT&AdCxJ6{_-_LiR{ zXub#}==zrVO7ctM;6Y}d%2CK$nZ4kXKzFdxvA43!#%J%KZQ-KzLi?Vsqt}58ibdxk z=Vx!N;Na?+>mPRxI1&lr>oxtJ3+V5jgTAdO?>-zJvqEP@vXT?T1aWzveYa@Gy36nZ z3nKKnC?|?Id-wVA^z50OmHijg=Uu=rG4_A)x;;l= z69M_+0AYX}^WN*tY%)AvchMZ=QJg2;1hVNMj0QhqNGp<(H=_5q+p1L{V>~EhKaz|t zN~y%fKs)N+Cp+GiaQ?|Bf|JfQw5SKJ5l1mWlGkvdi%_@W*A)_Ey(4D15>6FV%?wuVvXBDA?l`o+S{fgx077 z*=kewW70U#24v%@gvfZ#X92dBf$U51Kd(ZWJ1}`V$qnTo@L|$>87-*4I_wB^X_3|) z1dyh&Exkn+g}mklE_i@OvOy-lzOr0PboJ-~kqF@J&nI(SgL3yK-IWEwI z@X)oJ)Oy+1Mw0=C*c@C}j_`brHd;gT0RE>Ua}bT~4l1ahRQ>E0JE5zW*#-PX2$R_M zoewly%FTu86pxxI3|Rv{62V-$0h6Pu_de(hB@E{!98-crgY#SL*2@qFW2{(%R3w^xZzH;`&7~w~wMv zuGsXG0-i_?t4O+p(66fjPo%?=etWRfT8m?l$~A#TdA>(nJ|O>B*p&dP_56>of>z+1(s6 zL+oEqS4VBY#jeu-w&SrK+Z| ztA5}%7`Il3x&&n>gp<35zt9S$!v}QARpPinl(?`L3H3Fxr2;CAF9RzGJL@!f0OPt< z`xA{tuJ!;x=$GDPNlcS>o%76?J#fb1^f)8;I>~X(2WH(&!cISOoesQNU(TA;wlKqS&(>;MzRDz!d0V*_O`^VybPUgC~fnv-O zyn_JCym8b32U$evZyMYCy3P`RnapnMmj zPlG3c82Lo#pxz7OT(Vw1vaK!*)fW(%RIUJ~P_6__{xc{+9&GZbU@yLBwhGK`q7Y19 z=reXGp_FwNawas9M-gZ^vh+usI1i>!4Bbp6ak>IEI0vjfIJLHc44b&FiIKr%pTu!-gJob zPlT~sQvcMD@b=K(?zH|GIcb$*^Z!bmQllwPX0>%IqC2|)R!Fq zhU@~#!$!3YMw_3G!UTP(mi>&vl0New@2c~eBQcxRAWMVTr$mbLwcumVaJEzTual~u z(CYIv35D2Hmu^Q6_Yv?&isvV=fQcCKDUhOIBKY|PtYMlA_tY@VKU|?ghIg_}7cG1d z&%Zr+kLv+_Ti3PD#TqeA8OD|zL3kH%xe_1=0z`(G4osR} zYnZ6-pWXn?G?6^fApSgRI`8E4d zh~fM+w^O=YxcxF{V%b69q$S4|0Q>7OS2xlp1!6n{aLzBV6i#a?%(HJ!Z{JyRxh}ra z);r2?%dl!VzN;9*`(QTSS$N_Er5LTgvz0Jel0931C5D&!Mb%Igu` zgcM@h*Kj#tU@q{%yy6)^kl+btl?Au{3y?|!bfx9WBiwDy_ekogA`UF?Gio8UoV2-O zH85?vITyhYCDA_M02N)yvnNwr(VK`Je!B8pZjA-8RO7YeYq(^cJfT3k2uU9OG`*y) zx7fT7K6?IMoM%O_aa}aKDsB$^_VwCJ!{y<|wHoGC_RZxPhgGh#rg7R$x+~Q5^j3k_ zCbPEB>KSnJY;(Kt!xzK(uMS&A@okf1i~7H-QTU&u^4!={4zVB_2}nI{tv=p2BFANS zA!JSXN?*9bzoh)#z8(0i^0zcp&i+zvS74?Q*4H3y^m(*#7w~$SeDHHN?fNdk%GKR` z_of4HP3>&Rij4Ocxp%ukq+h$9ZnZLdj>zGrE%wS~5^Vl8-rm--mw@%YeccwCM+{B~ zKi+aTa~k9Xym|fDQfcMir+qS+g}*chdhhn+8z&kIzp#`nn<&YEI+P>AcZ3@Kr#+s) zh}-dn4-#0mm+fA9LOiSTdb zI@61zyU*P5M=pwPA{WQ8kDb{uEB@ZgtPUr9WL3eBk%k8E9@hmhyW8`>{+i43c#FSv zg5`^9!}gP{xp(gt6bD8dp}rr;{Lz77YFpKw!l$TLPeh1Md|19EgiqMa&D|&-&ntz$ zfAE!P#-}lR5E;JHsI(`-ZSQ$?R?@jZx^?>X-}cJgp_10~)Z@BftqWD*y%DA6aouzI z=jVTyz!b&jt6>NGg9lV$)iD-l+975SlyR0yyX@pEcs_1qtf0RN-x^6*(@2MwPtTk0 z=EBbW0<*sh3j<_Q?T5X8j$MK}813bX-4y44@_gH)GM-m!{(`sZSMhJ|KAq81liw*x zTh1``?EBX0#O*5HJQy(VX_fk6_T4%4`%51-8AT1tA&|MLrUANg8N>2X+~UZH?o`kL z=l%YpL??&`G56%%A^+QH{&1H>JhvxYmJ!AVsYwITm z3Imtyo0qi3zmxD}7Mvk@tmYud^}5*6x4|uL`t!l&#S0;?a_+ABw`;d7TL|yz$E<&9 z;g)WA1QFy(7ESgz<4;WCx4xfU$BlnezS!tw`KP#fnOF&RmbAp%GfUx&?_^t($+|gvG1Ll&e%CzRyZ-2LPVq9KS;~ zUfRze&DacR$!{NA7qI-sowKB-eg1t91f%f@QZbojW!+U+#zM+m*Ukcf+NiL!rP1t~ zoc!+AvBtr#Um)X0X7>r45L)UU7KUb5D=E$%e$k2P6@`f9Z8g-%w?jRPj4Uu7+hb?e zO2%sUN^hQg|G=Ti4dj6O*A(psKlBW9K73#mE3N!oTTk5dGPJWt75DZv3OzLg#Mh`! zLDUg^b6EV;auNlA|4tW;FGAAtW4<>l4#ZM0 zc=MCTD6`dxB{`}A?w2;4!T<8`LeH^=fC?b-aiuj!gy=1|!F+d3Y_f>2bL4TYyoA>p z7h!3)5MUXf9G`=8k5KUXKg7WK?y}!!8;MAakMxj;Yw%r|_}0LgXAl|n35>m8oHs20 z`E0CY9XE#Caj9MpVk*DVVH4m7=ZGSXeg0nBt%Cs zbWo}ynY1{4M*+qVWF!sE2QcZD!NoYd2$})w`MGE|u6D({M>!$Hj+>Wz=!Zxox@(C- z=x}H^yiV>I z>B1>>@c~#WMX8bkKllh)`yze&yM?xSvqwVIQEytXJCR`Myy~Pb&jXmm2{Yk5(7+3^ zh?5}eZkI7JJ2B(^)uzF<^fV_1f!1NENseUpz?A54yr}6gJ?WfV(l8(|X{R!^Rt?g#r^+rVxgb^_3M3%^#W;gqq3phu2Dz|`DG;FZILV$0 z+81x#7A<-^-8O$)?vAc3vOQ+>9+!TW`ul5_C)L|3)x#pW2V@R!G#vunMLws<5D->n z%cCdGxhtF-y*B0L=>a9c4&Mpxt8RQ0W6sC1H7$kj<}b1EI3~tG<{$Mha6P;If7|T4 zsMIDMUydyzf0)HAJ&61HIs0VSAAN6D&Gz3j&)Vi(AL!ctWZfNi6tx*Q$aWDv|F2*u zMMIlse)mzTR2;LL-Qf5AWoF2&?q4od@iX`CljtJNbLO+{Wf~S67jF$E^G9s93uSX) zTkSXdb7YlK!ms$mSJ)y^-S)dup>@9N^qS1&kfHX z0@F4|o0(6m!U2HDC)OJOg$ksgCcaD(EI2E`!l$A&71*JxJOF%K(vZx0G9t)B)qWkE zJoksv)vM)^Z1#F#HqMU}d>Sgh7}7vVo(?|`t429Tjh-#87u+36Grl)@X66Q0?THsn zV&RU{y78p+#L;VsF)k#X^xa!AX4SMFQItKgMLE9;c_^_JaE6F?U*Way%)7vAQ$umO zfV^TS)hUKzGH0x)Wk(7(fuku|{d?r3)g8hdi5Z*{B|KRK)0`>k$tX9@w=gX+h}*HEN7H0g5;1Rex6-IK|7;~mjm^5Iiv%-C zI%1`m5?M{POP`bfaNOy`T`eB^;{xUzznt$P}b=G;Fv-fLn)NO2ajuGQ1)zHhLCcUE@N0YCZ z#Pinr=I;f3MWY#hs8!ekhI~mX%GlO7pLsJ*E}>-lLPuhz>E6NY1`V`GTkFwL zUQW9TEeB%|!C-N=BC27NO}IK9X= zI?*u#t77K z*tKx_?@@c*kEDY#))fbSoLEpRBl^fq$`j9V4L}jIRSuzNf=$XglkoN)32*6`8>bPd-7+N82qIF|KcU%qmabO}uomDO9% z9EXuF10~`?)Fc`CZS zrXSQoo>BF++16~ImCl>ISmUo|T=ow~+vl)JwEs)*q#z5UH7jp8xv)P?l0C)YTpZ(&TQ#SeAQP%Makz)foRid(YS^HkZ;a(!r4A5LDqwJBuMXk_0S|ZWG

    !VmZO zd5g?KMmGP#Y1{D(SHsEAa%w@CHv!K7L66E(e*Wu@S^7!5z1Lv0ro6}?&BasS>)q}j2g5m>ju4_rK=xMlaOn>py=TP&_k!Mk;xZHCcO2ygZ5dj`l`3E zFG*cz;6(Wal6b7MRyxtC5w7Z(p7_&j;vVkupS3izf#zjJ9m#x!Nh*Bye#V6R3LF|) z(tYvg(RK(n)rJ2&3t7T_B6IzZ6gV1JowcWXKY!lgiJew*NT! z)U*CadJUz-2h-rECj%)9YFnW=wrU(VdHdK(#g&=3?Lx8}bl4M0y!G`wPvNd08oc!I zaOdRNCUp80Tx`G{VI_oTlxiP#K0y_Te)H$FE71W&HxO^BN z=?4O$v*#9wT(k-_bUQ`&v+Qf={X1YklRP;4btyhZ?S8Swhc_J7CoCe`bW$?lKeBbMj=W`ek9lDndbU3$kMDFy|ir54v9Y`0k6;)oH z1gMgm&pg2R!;$fqc00anGAxBj^_EV5mb}tB=Tw7Y8?9NM4ssI;(Z?iqbU)dd#iS=N zmY?VvaH~acq?>Z%z|(}bro*MU*)hziSjD>-7@_pTVGxzJozrCg!Uj7^O?96xU9gpoXa zcUW__%+(1AWqX6+PV2;oEF))IUc!L!x|VYSe%euzkrb+%dVVesNGp$k%uCLE4*Z5H z-g3EPoy1qhm&%Shw8it3d#UUx2S3%4`9BC?lSbkFapJ~e=HiLf#0h#c;)-X&ABei4%)GK#J{o($!4Y5Z<nfOo%laj`gu9vQ+Z`b$aI|(O#CM1~AKft<7n3S2qwdL*#qUIO zf9{_A+dEmd!3HacP};`=rMuD101qUsp*X}(Au}O>LMJ{86q#s?$K5NX>81T4p!!lR z7+@{>!BfG`6U72pP`X{|5@s-wG-SO|Vz1w-^wnCsAtPxkgGk>mqmdG5W z2j-pufy)f58e#4S4=X$p6Y1;?Ha?;M!|>k!Z*=hg^8X;i{|7{}eE&ZkPtBsn29#<4 zr{k&TbGM$U|lwdJ^TSMAc5Kn*<2(c|v7zb>CD-8@6Xe0<&qMEl{$sycj3atu%P zqKzbq$x=#4OwQL$Lzr8A$}Uw*D5%sdtclE^jVo&mtZH#HGH$O8YiR0~tBC7w4eAK# z^62Ty8n^rEV%Rx4Hldu`G!v}%fo%foBu+jm>{ zEAdGC2ffy@Z*5=F`C0Rpx~oZWCK~LZSixt4YG&MlC01|Jm9SvVUX*u%^)g8E9%}&P zh80r=f>48_U3cmu0jN=*5RDqfh=uU8^s<_u2%^|343mhB7j{j@I1(`+A+<0+{9+0V z&6fALUrsR*_0{Jh2e9Be2{&%_bf;CQ3?_gnHA(EiQYBju9IOum04N?AS|%By`m1(( z{)d~Yn-5`%x|~9|flA2{^)30aV;Us@eZLyy72b-iyH!O0UJ#qarzH=u z@!g@np`;H76#3_?v4{=QOT0FM7j@>qySkT4l-st+cm~eWqIYKsWqEwad?gz({|MjGH+cfj;i(TJyp4}f|c^5D{gSM9!JwKVxCYRBU z^S;HvPB<~42n`x_xZt-)YR{GD-AKC72jd7Pezx$4ru241%-t>=j?Oa6B#X@X86kNhy3vZSLQ%c<9{EY~Avl_gtXzXOR)A|iqy&^L+su1kf`>c@8NU4;OY zlhTL9b_2$T`OdL+<)!J0K6%Q9_30c1h4JH=s1{d|XAcC)*E zb$aokeW?-EtLp*GK$cD!^lGuSs+ufo|D)23CHu%nabCs3^7*rwuk5RgR6*iMe0eEsNsn^i-UqX-bUKE%(3wR5j5cj+JhpDCdrlDhx_hp23{Vb=R@)w+;?NM{ha%hbep< zSsE}nuy4NRZ8% zG#{6!nOFUU?e#4?6{~WlQ|E6J`N`p2KaN>g2j2*m6&4ahRZ-$$dZVn{9ii7m*S^L{ zD|6vZy)XSL&wPB-Yt!1^0n|3!YuEa%A@Z+qObDKo@1kz1J!&KiCobzJ_cqg?nW<4+ zt=rjmc|Wt5{hgn?c2MzgfA1RYDqMpOyUMqvkTx=-p%a&_b0qv^YsS;>WbvQxdY$&8h+A*Y5r>8`)uC( ztGRmiqP4v3aCdT3+Mw zCTBs-(bxb9xgxDNQ!yH9#*qre%dybE?-@$el;u<{ZZjZ%jM21a$K(dE)BAGz*(gs2 zFin!p+~yHe*60(KvH0c&HKkm;`fz!09GGSu!1M1IA1`%}94yHgjmJ=>HsD0X*J7d4 zTvkhP+Q~j#kU>vISLSDH-Rk&h@%9p@4%;6S=le^)E1gYqRb$Gk^DnEx^{fs|f62_%vf!VZ0T(gK zlP^`#*xltZ`beBe`|)#?`H@ml+FuW+{*m#cUhN(r_CQRHbs)vG`{$ z3cr;QaweZVDV*<^9Hzjw%BSMPpv+>S z=N66$g#QjGSHSB!$EACq4d%-r=#i5H>i%sz?{CuPjrBnbd*5dF^1pQTo7i0!N=|N< z(wISpOTubQ*mp}XZb(Ni90M)h^wMbuG!)0@&>uU6XVaYh{#2(}zNUrx=gQX>2U;wt zSxYdjd!jOTDNpWsAHU46;q-YE+L?|}5o1`Pp^!B?_4V{UjsJ zH_U}@ILSR7^hYfm13_j(EB*!Q^^j%f5o7hLR(jGTV(E64>Vq_qzma4G56ZLJ4nT{5 z0lQ<3Xp~bcQ3ak~b_H%R*?GrhUCvtmaAYSyxXQrI9n18`GR3$sFm}5%3cH9<8ZSJg z{1Sh<#-JwPY{NQhsx!``(^K)LdD~|7L_@4~;meSfE!L|vG;BIhRf;5F-SxByA=?EN zUxFN&8irra=nauy~_Y1pLE#BEbCGw&}Wg}YrDF8)Pw!LF2kdaC|+ zzw$5or|R!t)A5}{*FrfU6o(hF!VMEa)!Mnv6cFFSKicR%ArGrC3G}L-c+BHg5fx2P z9sj;$B7g-8C1q1S;PmmEH`Op0s5Bf+IVAiW*r_9Ku2&Y~Of>rK)$;;)9{{P_{~R~h zc=*({-abpifrXH=nkV)1l2%^;lPuIXBNeZ z)NwgE;2>3*X!Q|?&8c`$2j02f6L`ql^Q*oNWFc@_uOntEq9ES{W zBH`&A?;aFxKXQ)v9lh|iEN5B~Zj5Pqd`4sd#@gsthgeA~c$I@Dbau&h@#Jx6x z^RC46`NkncqCC-=amdv1d}Z<2V(yD$(T6pXJmW6#u?mOEBntW%m0oQR36cQlyHfNMy33#F#4aLsO|S`Cx-aUOWHMtK zZ49h>#EYpT#%MG~w!%H?F$q{rwSmf-+se0*#9M^A*rq1Oe{&md)MtF@{Ywe{bR43R zn)*Wdjd6z*6kmeHGvTF`=mrtz>XO?fG~*de7i~Bi$!h2A>g%b-5X&SOdk%R+1=!i& zMmx17tjlFu7dh1)LpYV<2>ntIkCWU^sM#6=N(Q86P${0nqgJ9>Sgdq{JAgkA>5>p| zXttlDan{UAlHo}byfN|HT^1Ff&dL1oB~#3eh{IJQU})&W1At*aeOlTxx!N3wW3nJH z5rg+R?4caSb_^)REY4_2nTLY3?=y#ObN3bF^iJY&Z8GH0KdI{AbTNow^M}683}=0n z#^UwSV_sIc14Igkgso;08|N2ed^$ujxUULne$Pj#R7xX%iJ}E&5MuTG86}xkfF=?b zE}C)~nYH5QX-S{Vn(8|m6V%|H@T@=dd0T-~2m(2MnUA89uYZy|X#wzJWGa%gq<1hA zi^e^kP+gCjIG#idQeGqyke_Dzapcmx$%{=Qpyv1(Ukk zcVd)G3zxY5&P5HS(1elsU27^Ro4}0pH;#kouhWzC0Ef;3ZuS!XoUA2Ys#ZAedTEM9 zc1iiSa-Xm=D~1Zk@xp`0NbI9r0e|wB4XDu!+0e4^A;wBNptRPqa?ZE{?RQ%4?&9x zF#8(+M6};kd22L2e078L&>o*+|H=d`EszBrSPUM?4F^kDG7(BQj31^cG(re>%4F7Z zhuP~eBOC7&^r;gS=m_W{i0BK7mCg}#Oqa=qcMhVKCBes?j@@8LpsIPy5f*s3w z>=#0On*Y$5o@E)p!0bouI8U~Eh@e&rkzL~ODP{H?bR@gHLJ0(w22|-m7|HI@cCBPP z0DyqNf%8mONdc*iSubMU?5UR77JpeqB?UI3GHYaV<13*es%uw8@$Bqd#QL0&&% z(q<2M*S@r?si3Q#oyA{E@y+X1V~2qlJ~LI^bApyN86F= z&f%NR0<+EiJRy);w_Z$PZXfeCjp0FVOOqkJQ7u?Ag4a{hhs)xuGr*B~$gB18v} z%R(6@oli`WED}9$0>7eD^x>F!_pay8{A?1~z#xvt#<>RG+|YBzI39Hk&8|D6^D?nb zzOdwMQ863dI&C7H9DXr}$%zkO(2Yn+K)odfbaF@JLP6icfopLl@#_J#jrQR4q+~k0 z0uaOJ!l9X`Hiq*g_Uj=fesvK9@>SfJlU;^XOy4hY+yd6N=WG%7SJhC*D+#85svbsyr-&8=XES6c z@2e43xli}xjr4Q|FA=%rge+aTEP{&a?;xsV1Lo|IR15?=XxOE5eteSYsT<219~Fo9 z+srxnRB}UNjcbo16BqD8cp`UWau&Cz2jleXn~QlJ(CT0t?jal2PS9^Pu56r4WV0PY@Gdl?O*YO2cFAx<`{l2jm^(q+ z0MQQpe`-HAxyq~<_L4z6)w=u@GuBbIWIy}`A4|=0E#x?2AgMH; z^EvnRN4CH#HlW?1>q^FH$B|~bqxY;w<66k=+WYNN7>HD-ag?Wbwfv7ypTv!80w|aJ zIALPZ@af9C$5l!48j1%ZxV(Hmr+~WO9_PBF)&g{{e!`cxE?qrx6nDV81>x-*(Z28W zUoH^K)Y8x0cu7obH6S|Pd8x6hW#fbAiiFGm$S}>e4rpA6yrh0m7G?F!T`!z}4E6yt z;Pg!%Ld20}__hE1BWD9n4~zeS?EZ}}JIDQrs~yoxqb&CVG+>IIZ&D`^@qiZE^#QBb z^9cOM(ASSf*ylu-53!#e_oJBTXTR~i9hgLY;N#iGVBgr10@8RfJ*I!*O9M!nb%EMw zL}&wK^0DL#P;?O@b=}HPH=h@KkVx6mfcK-><*DHH7LF{D$mWyrl@C4s+Csc18SkIX zoZ(Mb_o?-lc71K(JOCbW>$rV)W;=qHv?~HzVXO@ty!yK1c(y%L=|24@&*i^kJSg>a zvWOltw$g{tY%R&pbx_Qx#_zy0c9{L_4@<2q0~|plZ1T9dbK)Uq+s!XeykYz1ai(DV ziU@!}P|)dVSi}e;VoBSuQ|WL@^7PCQ1vUHxfG1~H!P<17{p_^Lw?kQ7!;|jY`}03m zzn~5nD0J?$gv3N~BH@G-B3TUCiQI)%{HB1Tgv|PYz0z*Y-n3DRuFShDDHiJ?2Q(}% zT6h3?RCo++%2sLW=gew*fK39eeMzfAb+f`^4|Tm&_|K^?QCl(CYs(EK_KBP$jdG#PU={WwTMNs!&Eu3IN)k^}cFgs!M45555DmcB;!w21p)KDZ$gfr(67CAP7F!7T!Tzp~*iXuR znTe6Og^F)Q37hMZ97Ao7B3?px=>RYLE+=fX<1T9Er2XL)vVZ8hp8^fB1Oh;3S}-as zv$NL4eb<0Gfl0FrVHeEk1%hmJk^59=W+?6`aU=+!qEAb8?^E+@XgOFLW{y z6D!r<$U3=7L^o2uJDu&r6NTJ{xL*3=Y_j}ww*^b43tC1Qz?Tx z&j~(lBB80Fm^9J5!tbVuaTw#1-xESmWRb9jKWeM}!);`_j=8pa@R--8fq%4TG3j{I zrQbwr%hdbq5OCC}ESOx)DW&9SgQ17>cWLIPC&Vo7&cE*Rq!pQwdV0#Qc;MT49))J>#s# zbyZ-tY-ke|fFx?QF6ej}zooxeG8(LBfTAFFS~P;+l&QTF3nU@a%SHwwHvl3H-w@Q% zZsqcV@TV$_ZzW33J@~%9f=61e*T82dZb*)h5a4L zZ$>gLZ492k$XqJ#$Lig1RjsM_Ile?#T&dY}VZD%X&y4AgIet$I99#jX7LvE{(8y;~ z1M_-)V|_yRPSLe+?>`0WT`rCc-}Fa5-%wIK?#$6hosf^d+X=y5Gx)@6nPo$qJxcAQ z5XHr0Ht3Jle@Rss@&=9e>%6W)FS(;MaIE@{NA{aYr8)y=W<6P&_YU^&xtBOUIik0% zN?y-q$hnq45Wqwm2uhax0nfwujBdBHQf3-BDcpk)eCgD|)-<+Lrym{k@NT*x*S^0u@RX-F?@!x-M;zo3&RAx=?K zG%Hw`{)V&^A^5k~gnP6*FBcuPge65{h2o4BL zTn~lH7dk7kgylPu5Ep5|hK6@}+2>WFnE=x@hts2tsmXmiSq3wP@$V@#6c7gv(%8EU2bu4)u1+6IQp{wSj-QUL z6eBa!efzwHPic9tA2cB;I4w2J<+Wh(KrOJt^-I2K$v9I!gcK8xH%ld4w8%2wHYHv$ z!Y>{affs95YP9s8){?kbqwB|~EW8kuQo3}`%;WF)kL|-t89Tf1ei_V%tXS`z>{Uio zOH^eGFZtu}BF^H+=H++d#`7g0PJjbp%1OcODlwWXNj_oa$jio)Zy45PF@-N+7&<&A0q%fff9MtN4>2 z$`vt#G+ikA?*~;b!gnV~IIcuE0)!`4vhPF~@SQKQa9hY>l;_1ewUpsuh7`ho;QjR= z-mRXJ!gx2nbw*FgeJsi_pP?Dw6eW?iIr4Ql0zem%*J1A-6C1lFo4TOTXeUg1GMOZ; zp75Nyl0}Ar1;SHmF&=xdTmp`ODX$`Brb>=~a((<)9DE>naP_YgZy3&>1%L<&T2Bt! z@W4tb+5E7R5WXd!1Zw{l?(*l+@On$D3Qy!XY9MRmZ7Wd}`Y+T`8T4Na~Mt#+-@-H(?coitYVRERVeu%`-tSn6~~LD<--TkD;fX6$ISwQmWL~h+^o4=*lWdllW`8 z_xwt@rb9|$Y1E5d5+R{Zqa8T*HNjI2x&-^g#0b|?)h7ZP%)ujB(mF=1^T)B^Je}^J zC&{72%{wRo$8w$^K5f}}-A#F=uJ!P*WHIh^@9eK%7fBqxBq;oz;_Cwmt9f<_9TqRR zVfU56FsqLHdkYfHY!_s0B~SnxV-r9t!Le$Qti0iGaA^D}QOe3af6(5ouk4wyGEcGCW$_EJb%1$w@BwR^7IV?2?UPAV!QdxC;9&3LG{QN>`ZOFYsBo-4H z3U5AEC$A4JFoBn&pjT-{u`iHdFIK#fwAW7P1Qii_L9`Os^wJacZ;{ ze;Xn(GhA`ZEAZA+s}{{?}L7=8p*i{TD9>YX)Exzs`5J_hhcD4HMhJN z`B8Hx7;8iDi)`)rhr%4afwk7AwgXNRVSJPM-#bn5&vXcgma0*+y@6uyimT6gFj>JRAY2Of+39Mdy?vNoGdWDrTtcDTk$;mNJ_ ziy&9{7<(Jiy!3pUSYrE;yS*0Y(7{BpYcu@t=KyYPWuF9!6734IMTWUP1gpM@HkqvL z^Cnm9qL>AiAz2@9W`nv@1pFr07kP-om!vqkMff?Zw$ju0{Q3L+e+E0YzqR=P4i>dgd zD$eOj8LxV5pXOCrkpCgc zkbKo*x3yKap4Uo`_iIL3wG_8H@YwLD9q29Yv+Km$r9GF+#}R_y3obdyQ_Rm|5d^Mw zH3H(ZlslaPh1EAQWyH<@$XG)$ z7;oj{y9Xb0Asa$uaJ8YEWXpTqG8n@OJSW3x)!TJS&;MI_=!2IoIy1~z*t2HYonPrg z46DC|PZ;h>pwui_i_B|d(PP)Zt}@e%SIP6x+FD$}R*E!~vE9>3_~VqK_b-$P3G@)= zpQfY3mLdlbVx-HbWtUnMTXQnOS4tlRU)YOOgul&_=|{t5?|S2ShG=F{Rh9eQAcfs z*g1uO^sHDM>ll{D*zzUU#w;W0QTs}k58Pz2GWziUydA>JKq+kYEhDjUhLIY!!JCgh zU=jFV>qJu4gtH3YyVCGJBX176q?gB$1Z{c=I zT*QiKS?>)-rbWj;zBu(CV)nf8_(5|leO}Q*N7U`YFykoGPp&lMX(f@P!(hMk6R~k7 zg;pXx0Hplj`*Y+Z(Vlq}_3pDsqT7ktPg`H551-1j4C>J`y~s2FsV*O1TKz_$+txOASvfk<(o;qm?k5(Jta>Lc8KP|O{${=(WYx zlncgQnyf`woV`pVVSy{Y2@g9AJse6~&h~|8b-aWf)2zfwUr))s zJQI>Y{)yHu>icNv`9UeER%UJKzXJjk{L5@}N)E=#9Dl33R^{=DWrQ1+i`wZaqK5{I z=ZA=bLr(uGKNS)7MTZ?_(N#qOs7m|_UOSQR(6vBW3dJJXUTGBO3LT&7N`YPFBHlNU z_O;50*u3Xs@~R16-B|mO#D~a5L+AL)i1QJBxgQ~~9?g2kfLHaEZ7Pr#(zTubwcV%H zTj=3;g9TECj$TXg^cbmkmG8qN!r%Rb@WLRBVzo>DwJJHab`({(NP9OylTDMXcPzm7 ziU`A~5YLL5h8F9&MTkT_(B&xLS_jRo zlh^@ubk=u>)wXq3qheM?jh7u)#`8TSY@B}7&&i(}t}WLd9| zRQclgyOtZPX1iT$Qn~ba#sBR=vqoG~!v|Xl%Em>LMr@8|In`#i(?;&DFrjR{Je&#fDTDNf>Rv6@X85%naT!TxZTkn?j=#c=! zM7>LO%V(A5krR-VQWalhw6JmphhkKwLuS%rpWcyM$@9g>e|-og5s*? zmX$B6g5i{BZ~Ihj@j5!hW;;Hw*W3GdV^F+TJS%!A5g|L%%c$g>hux&41efK&2Bwk?=7fmbPvco=I`WnXxqgCS;p051e8A; zRpy?Y8J?|o3{{t1WA(+ve(^a=_=yVlFetTrsyN8$l>7mf_|=#H0(_p+gX>U1LDhG6 z*5gTOsKah&NLHA>-gP{xhhv=DJobK9xjS~E@kaH_S!HO-a1olFi>p#opy@zBoS~O! ze=`YKZlf1vyjpd<1yy2D@8}~|X9~`#WmT+!CdW{v>QJNIP&h}$wSU>m@t#q?5*n>e z4v~mbu^OhftO|!37PTlx$9!kbuX$BHN-85Gt7Yw`4Rx8#SU(dm4o2#KdOtl?q%!Nh z7;pN(-qk!Y#1~%_7g&PbX|r`||4=$I$x%l>(N#5J$Ah1cV>T)|JNBl#v2e2NxmcnC zZDXP~vstOS*)3KJj2yoi8zee)32!N8GMI?^Ghl9p>@=eegNP0ba1O}J7&aGdOx7a3 z8VLL+XR!hrsq|orrL0;d1@VZEz^^`moFk0Dy`IEP$&}cB8UA97NQRtRm&1%hZ<2|g zwJC7aU4G)&zlK$HQ8VH7XL`X*B7{+dKyOCa>W%2V78#Q#Blag?y%{bvd%R|7WjC?X zIW!#5&A8UCkRvw5tGN~~M`8}4=$WhQPNog2OZPWs{5$#21`X|Qd}}sBxQKiAN;9Nb zuF#6ZCVtp1uTxoYcCxdaP8uT7)8ctPy`!^GKs@)A@pW*w9w>h@!wh&Pkv7tnG__J* zv{k9_=$?F6I$$}<=g*W&=6>L% zHm!3$SCro*9=AlNwKh9B%_dpVoxfUp0sZ)4EW^>1`pob(0%Z1Ky`B0?f!NAr-rCE* z>k7QzDpUvBTK_fW@L<9~6bR6C&Rfa)Vo6eP$S=r5&^#n?QLS^Lmupi_degRhxxXDS zLqI58!E^v5r}8b5ocH{8+hGtAa#4@x@KuqjYVKl7u6{vnbLH9Y&9*3vS3(-(b^&5> z-4K+{p^(b^>Zfy+Gb&X(Yv?q>RJS8{y%>M7gYOKH_;>&5Kx7%!Xx9)-X>bJ2I73GJ zbnVvJW_yIwcUk!Nk&Whib&8<{%V0 z-b)X@m+D{^MEwh`LkZZPTSAF_@Mt1UXI%Fd4%d-iJ*sd6)ce1+#U6kJ8G;RigmCLJ zz;+|+Ag^8Ph2J8yrB<&fr{Z(hyv_xCLZQL$kDNZ}Jv#|N&KbbBoVpg=ho%2Pu2pAr$zuGv0l@Qlv`QpAlY<_7O+)M8&l4tv)y z;?5^}+pkOyzD%!^&|GQo@(DLAwEqX7X#rx$GvFg1Esw5HFdwegHLmNmko37!-RWt; zmh*JW#rfWADOA#rM4z*66s7^uSt)*$Yhh_H191O>@t)b`80{l)^!9w@ZHdHGNzd;~ zLz-nPt-CKNh8S|7kIvwCHx~@oH}tRXVITRPQ9gnst|3ZzM_4oW?vC@E>zBz=C&WBL zdhbx~+yO;g_51xF=Crr6v=47SSAY2DWdCx%7<*oJaW9^@lPY!N=JLt|57b%r0}-|$ z#iI%0x&EkG8}j-wuKPYC;W7H^fh}kc!&$)NHChRg)?lN00Ien+?L%=e==~SqHQgi0 z^w2BhH9hV);@wUU?Fst7E#>2HIYJ^{ZC(5y7vnQO-o3tWbUAL;gybbXbzb%MTs?*V zJ)hP1V{|P#?7}&5^&8m!IsN*97XapRP77u(UFz1@ah8X;|G3Zm6{SNFb%lThe=V5( zDuhCd*46c1r7FE3N>CR6>&`T@u-9&8_l)-Khh>X*7w%1#8Mk5O_meD4w=P<@UwLoa zw)Z;F-bh~)LBS{}(aubfk@3;;O0lV#IkLgrCG)+FYQ0~PqXUywlhX?ovt>Iw*E;$K z_iXO&Y>)r_hl)Xf=ARin1a$U0KX%7;crnX6Bh z%E?wymuVDAEasw}(ohDKZ9NjbOx~9c-R#}fQ4Y_OBYd^d|LR8WUnTUAzcNl zUs)%EzxYa&?3Z8}C4j{`f+9p7YVsU2s?AI&YWY^=S}p`yXsAYZMn25iqj|1CFu1Ic zqph!!!JogVh}5kRMpxDn2{&WxGs?C-=-jI&e1FS5{FL2lob%E-X@L2qkF&XqFVWVm zgFN~q(v;+!Y>D7}mm@Yi-)rfHkz};GMwxV_+>UEf?qTcLl;kap^0jX?jX5Wg{etvz ztM}ivM921K4AOK=(3RfiKAG3_Z}G?amu3T`SLqGs6^U|DV*ic)NxVy42P6-Kepm+@kKlX0+$ky2>XPd!wn*IDd)q%2`PD80!sk}rQ@O30E!xSLBn^P&pT7i@Z6%6WN4NhNLNRCWaRz>88sc;{2acgH@D zdI@Qf*g))gq~@W8+GmSN34u&ZL~(?=tfOuvJH;C~w2bQFzAnFhN7P!=e@QH55(S01 zQp*G#KA%kXYn)r01G2Y^CXU51tMlRU)r`FQkKJZnO!T07I&HpcyiXKQ?m!Wio?zi% z-fed?O~CAWdWR`>xMuG!`|M<980AUQ3T^zsJf>mBCc18Ho**WvqgX8hYzM+1VJ|;z zdeg?}Jl|?WBl&7FoZ$JznNJH*kGM`r38EGbe!+3pBGvP1ujVZ$x7H3CMdDxXRaH@w z;eufk#$7>MH$k#pmTl^H6j6De zzJG*nEQe_?ygnwm^u9eMKn{93~;|Jm@J;hI#SuZl(53o(5#f#WB(9d9YtZp}GS7LUBIH?xem?P-QSxwV@9 zQuvWX4awmrPrW;6WGuf6%FjP4I`VyeT~$K6Kk<|9_+BPRM;kqo4D>o0K(K5>P+l|| zihN6mrj9zJeS{TvE=~aswE=TWn8($w#Qpe+aTtK?`wTSyI-l6F6}Y28NumWW356OB z+Q|drkigYFXBSJ3X;zp8dpJZN4#WB@Se7GbtwzeJi|V2;<+WQcREI^f3?&ecq{hdP zi{4i2gtV({eDNvzhHlbXPP5Q66e&C@gIg@uSOIkkI?r7eHb5oaaa1PLLB1vb(I(l# z9PQ*#^E~*yq+LevS0SCr-S9sD9Zuv142vUI8E&8c1$~;`-r@aZjn#2{3@>fh z>+=gZq?;SeaVcWU+m|~e*0h_x9uc!-U>hcDwfR z__MoJ&6RmtL|zSIn5A74CFAz9pyUCV%~ba>7;!F|uLbYoKu*OCk1I{GodTZeHxy1HDQ&;hW%(*(hB7A_D|3~> z*Kg|1mazsl)SMPGuXGb=yg>pY)o}pk^sfQrMNG~zXv0g6gr6%W+cYW4J zaB;RUw0}hzEo<)oZ_fHRX9+WS{dIM_V(;CQvx`gBO4$a|+;iW>xAK3n_a0D9yzBbt zH|YrhLJvg^y+i0lkPy1kq)8_<0i_9cQA6(#qzH%_5Tt8RK~U6Cl&T`46h%X^x1gwq zB{#o)&e{L-KkKf&_WrMR?z(r~^FcCMnaRw&GvE8peD6H(^9&&Yj}4`aOU0_cE*Wzz zynI|VD_Q0}XF`Vt$r73}<|DlqvsNWVn^IZi#vUQXg^kB7WO9nCJH(7u+CX|$1pYB? zeM|Xm*_@V5v{-lZJaLo$N%BVvma;}%8tUHfR)4CKrrx{B+Dj#$PElkqXQt!uxgwYcBuD ztWwyc#w&C3Ak`|V+Z)tc-+)9WT>9HnB7@$GT`89%lbvZy7sC&b7SG-PtgF`K$?P5> zR{`6RvnZol6NWFWX>wm;%{$ka-d&nUP?`Jh?Kt_pv*cspqf-)v0nC%XcGD7QGxI9# zp3iDbYDc7#4M_^gn_dSxIekd9{B}9m>~xsK7oR8E&)6u_w{dHg=B?}d9=3cv;jnkF z!^4xqmv^2z81usG)WIP{T-Up}Pl8&c>{wKDU1_0g5*k&oabvjDH92!jS>NzY54_lU zz7}p)2Pfuken;VG&r?c`A5}cK7&Ic-XQ>~j5KiAea?&?W(Qis)=2+rjh|m|QP1T^l zt_w19l|PL^mD;URhpYC{R1|bxd{j=2Klc_jP}wn7%~z2-@D$+aJKXuk!Kz zfV|GPj*GOZ3j1FB`LHE+_T*Su^(&054>m|+gJH0L2j4j;Tyk?eS)=d zP;!F5ZhE%Ae)v-PUfgtI(SE}t`DSbc<7Dr|bM3841qNTL-3~)ICOwq5anww1P$*kC zDsak9RfuwP_l}%>?(vrEr(XV8O(5=nS8Vyyf_oz@**BRh5c2EX3CfNQ6z^E(O647a z{<<@w??1MT{WdPd{d>LbF!+V}cO zX}P)#?8y~r`WP8}iT-_IOE668sBKs()#6Z6IFN=!59VzzC`z*(rQwXUIZ{DB zQ}Q#4H%D-e>sSaiWsy?1J~X4w#hN~tWClCrq~%orYtE^KNlxwy^Gx}iYKQVX z@OqiRD2kzmc!Xts3D2>=`0{ekfx)ZLS-^W#@EuFxi6 z+ZHFM{RJvW*$?O9Oi&|1+N43x-ND7UZ}+!3oV=`v@7)u4f6Gs`tnDP(V^5`XD!F0; z2e|Za<7wnXLlGLa+DuGPtS`N}EL&&&b^Xcs^*2q87uMglUH!QJjy0t7^Zk|S`0<|~ zx?f%R`LXx=$Dg0rXx(4jL8*jaE5oW6e|;V|`Sk0{goEzy)u|l`zrW5zUHtv+>48tb zzjLy6|Ew*aO!)KTb>qc9>+i3A`ty@Jq|5uYI-S7#z4q!N@6WIApLjfgX9Bb%8z#f0 zW1N{VsbMzCoSRB0U?Nl<`*8l;G~zfDWis3+beNk?!q;LP9Q#G9xfyECwYVL_{gT(X zndE|6e3at=A2F3>I$kSuV0d8TIyakwuOnnT4l2m3YN&B;tPsM9_pMk+Wo=xkYV-rF{GK?wvPvIJi1ik8&}hO z?DEn##Xm!|U*8Ue(^IMG$MwGJ^zqHUGklYV~X&s#;G&Y!J4egERZ@gKU4 zx}7JZWVki3@iu-U(j;v}=8D^P^VZ%e&@BJ6m@sxZTV%Qu5LC)3va# zDBOGgE#opDconc2?K-ITVGv5G*wfC~Lj8R6#wn#w8fnK0G2dQt=~%0hy%Pt2Nkuu! z;19lj-BZ;UL919_HR@-U6nRwtOfl{s@zmX#&ii1rRiXZwmXmI?;Wsy!QuQl>K;Ow1 zk_r278Wlbns}$XWY_3UVJ~G^9j~+7o^vCE%)+T?UD+Ze;-WE^u`~v%ler3ti|(<5`upn2by!54tj{Tx%FQ6Z}X0Adz$j zbD(gBz*kk<7@qna`w1H#GgRlX-*MO~E-Edj|3k@i(Oy=VfYvF_ zm2LSyj#k!g6EUZYksYv>C;Ep{_har^!s|C=6K zznG}@A3an!mHk%_mDVUfkoQOfpQU_Y{MoK2!=H;wB8L~ao1ba-RvtTiBsevVzS|}v z(<_62snoWh;t)c2>ffv-BcHUW$#Bp9UmdVG5zN&S^m!((XBdNlDu6 z6)j!28m}c#JCBP(rdEEqQ&}jh3EST5ek~Vfyazq3u>}V$3E7=Iy#O4_PmgUlE@MrJJ-A+}u96sx~az>{;p}0Jr!Rx=83wWtQzZb%&cha3qpr zl&4(lBY=`lTpML_s9BQ4SnQO7>Um>d)K*k9BpO`7gX6+>E;MrjvjmcNA!+g#iCfH~ zDz=DS`w}d^k&;W(?q|N)*f!Ocw_#gX+wA4&hb{a1Bif(X#*g)XNIT*8G$y*==kl<9 z)s5?my&sK?Uo`fBv*M0~-p9p+0oPXI&P?t{kzpz2MK;&r1VVzy_=Cx^Y0MKqE0J7| zF2G)&uXGJzF!F~pol8LT{=(Efjc)bHnMyeaVzhU@g5l|n)GA^jSKn6V=7md)V}4hx z@1J=RlavveSb%5Slp7*D59XB82H5(jd&k!z>07|0KguJjV`D+r5y{WLJhnWSgPtRxy!dq9HkD zZ)ywnl?kqh6^IIbtF%q`Qz*jToO$7(r0p7ApDCjJjV5xF#mcqM^Y%SgbeG#yxnXu* zG~dCdPa&w>WooUiO!V8iG>^wCEZ20K4Q7!MS+ibu%uvJO{pQ<7JeMm~9{YMpMlU-e z;9I?4oM%>jn90zc#6Kt(L6cG0hZQ!4W(OalnM)c|+dNN2K5x6i@nD{Ku}#vseCuP; z6BYm7lg0nKnM46IPy|B$rXu|xHzIb&4yC0B15qP$P~clqTDX;{qflrOq_XWe zF%y_)co?4W-Dy!-?tP)kp`}#YwBaZ|$Os4U8ai~UQc$H+XIrr?>vGh{-SEbf0Ikz! z1kPgAFz65q^yV!JrN$W3CLBMMt9)o6nZt>x=4iAzhNxnpB4l18N0MKp3+_j!{7$05 zY6WF5{)iKe15)V%D$g<%7t(F}LzpOqChK%aNY4056@yeeGqg*aFu|%-4BWg$WtUu& zHHO^7S7p^m((gV*&;1j`LQcO-hNFEPSeK+OczAho^2IVRafPu)Lq9lxcbM29Tv9 zd>t-tGk}G`K~A4XX;7&s@Q(a)TFA7CApz8sP_w{>!IAJWwC%T*0$Tl>KsHm+lW6sW zDuNDn2H zXkSJuj5NVeL>a2FBgybU()}`8o95XMQ2z~M2QO4LVOEUfp7 zhV{08lXa-EG=Aoi0$rWoi)=lG81cxq z-l))ij~{Cneu*(<_Z(UAelPXv^OVCqijHT~39*mY&Yd$99dW;PaM?fFE#;%PoMXM{ zLVgIsZlAy!68;IHguq~q>d9~E3+AN5SHm4$dX*4jIRZZ253MJnIXLL_OW;Zmk#Y6J zAM|Qfu%L**)=Sj91KCn&TF&8Ji<)BM)MIm$9O|)em&>a9)0#;|$y^8ZacqXZ63bJn zKkc+6>Adx>TwApZgGA7=m8emP-|v%=#yLHP4H_1?6EBV$2KK2lDc+sY{W%q zrsXMXb5}~Lb|_8U=RDUGh@Vqf=ksjgYR{@Q@!rbanzegG z*UJ(|7T8#`S?j$0l#`eDK@~FVk>fYbHosc2t!W$%t)m#p8?9w;(IKT)!ECLXh+9QF zNx|lO-Se%MC!EjEK2=SbFp$Oe;m2}=?}?NGG3&s3vg}2JR7>QYQWKXUW1e91lPLRIWtvr*4nz}?TDhh8pqt; z*&#A7a?sRhnXpfuit?rx9~UuH9qyfUQW7c4Z>GTP?C5^VtJ%;&F}F4S$cNRF?(#up z@tbbM$f+SU{I@a*pAZ7x7q(-{D;@=k9(?&DR%NbruY640mvQ~)Q<+^_;v(Og9vH-D8c`s~#{fiUkEDDF(44w|)UluYQoy6cj#SF zr~Pgv8ZQXeUfbyzf4%H_@5(i|J)5n0&ky;vJp1~sulM7IScj#b!5=2S$1XQqJocTh z&9wgg77$|5(as#0>>3;6%1Vk;*M;R2*c&w*;wJNi3U*4+;+5x-a7Q46Lrj#@;V>O~wk z@q=xCuew9w?k>^gZDl8(^abLccNdgRZW7Yl-q&SlCTpZJ={lDdsT;C(r(VvL^j0lG ztVCy=rea%R=QVoQZ)Wfhq}t%&w=L*VenMi!o{gXJW0v8>`*+w)K65TKarB>Wn8`c8()mze z(Zr49%EQ&AwYf!?=G0JbFC||~4yE#oFRd>o|6ceg3iX)W)s?I%T-p`zb8hC|x5GAV zA4G+Fo-F2 zVW0(_qjj*#T}l_&u`D7vam&o|;Vb$uctsl{!=QK51Mi0)Z!Uy*xgFM28kW-T`*zne z!p^%Fv@z9@kL1CDdujUrfvo!Ytbu!EkWRn{#d*~w@^eGgG6@pgSK zYqO|vl#Gj`LA|bjUk{=DTcOGJ2ypKOPpK#_nWA%y9Pv*X} zgYyaE3H~qDKlgoXS3Gq5$MlziR~t4x&3UJ}Ux`_C=h-8&21zd@F)D0)c~9|IG4#`q zvB&p3HBKY|uo?VM`~Ub62n$V))QwKqdmtt$GD0WzP$swWf{11C$65>PRL*pWKqGERbQ`VF9$Yf(fLqO&?6Jw*lP4)E2f1CdG zouQr{Ae$H&=^N`C8yWHE>l=~{^#O^GOZe|^`;zyDCXq;BcVzrO+*oKtT+BaS;vfF} z|E)6}oa{|aLM1^RpD_jSc)Tip1`hE5f!1Gp{MYvYwpdo&JoZ8OT+Nla{L9aJe+p+U zI##^QP3jxHm_UqF}4-TCi|ngI}dc--Vv=9GvGVz zkfVgj{r-wLll!21*{`z^owpUMRz18AS1EHHwDXQQ z@7Cww0lRDDezykpw;Ac(uy8pL_e1M60RPzk_4P~)_&)!?`@bPS4E&G(|345k{_=mbP*JE3 zyab?JgZJk?a-{6l^Rq!qLvxeom#Pf@Jn4QmnEU2()Rz{YZ@fRF*AIR?XTOfcqNk=> zMvL#SuipQ8PpzmZ>C?xXYo8yizJ1Wub>jWpqp#zx5fSd(tLiID4?o}C{r-N-+sBW) zlU8OrIJ}q6Jl@DeY1^+)CwNO5zd!6>c~s7u7yR|(?zM!;N2RH^4>uOd@|H%HzkQf^ zcCqns+d@|y_w}_S{m1UH>F)>fKEHnWocD`$Ib{6L@A0v!kMHN6&Y#cu^nB{Yt=8U{ z_WNg++q{-9hO9olJoxhN%;cFn3%z%Ke!uto=iLvFZgH2M@Ob0PcZQ#{pPsS&bvO0+ zpWkC&UOl`Ny0pffXmnlsvT)YHY3Ui6S=l+cdHDr}Ma7Jg6QyP46(=jJs!!FN zK692?TX(L$;e2CLb4zPm`-O|Fj!T!XqzQ|OexvAWx0qDt@W>UR@l0Xi zE-CT!NtZ`1!cxxIAXJZyH%`ov>dZ|I$;#>Uf@$##GdP#X8S_4mCP4MDC%ZRar+kbtZySJ<#SR|Y=3@#WQ$($!riY2&s*teh>UHq>#JeT zsf3^-n(nvHj>`QO9G@LD^qB5R6!KRSBl#4kiJfrOXd+!p8ds6C2;STE{ZqqY+9tO% z8}IXbTx-bvn>T)bU-c3vB-+p!aL+B{QY5-VDsDJqB~`>eg~m)ZrLR~EZ&HJvr=N@s zMWBdU9T|8N5@|q8mk1#Q(U=LOb}%6{1fxsf(+s?H#i^E& z(y$7@DycvfLxZ&K=?ohlR=I}Ok2OC}N-I^xY+owplZQ~T;)d#J2&j@qMTzDxQU%Fv zqNzwkytU(T1qA6;O_Ii-hLTZ!7#Ef*xTlNTk8vsB=qpId$zK+8Gp$6_|5{;QzDEVJ5L{`B zqAxGcB(Q;W1U*ggnP?pqBX1EpDCk;AhqY%pr`iZV)UO_vG?*f%pOVCo;Y7t5_ti<` z0+24aLn-m1l(8J8535IX-zBz#&k!IIs^kH|Tn(LU;0DLWsW=rwr!+xrUZO2dkDxb< z-;h(lEte#76|rutaR_F7u-*2IilM1bCC)8plS&Kxri%Pr1kX zPSU4s9_Tii0SO970xb=pPn;YO*@CCQ39u&e@Lh~th_!@Tse2y}gCvEf6P6FKyAkGO z$VO1L4Sd4r6PV|U2)?zN_zjhmOm>!gzo0%#(X5t@J8}w!@L;9drm}IhyJ3+5QN8Ai(%LR6&s3oU{FL7+3EO73fMGE#qRf_Y|LY$ zL}>lX<{)hWOT~0vw?>|)K^5w0=uPB46p5Cj8o`NHBJ|@;$!Qzp*w~HT{lYmDB-sc$ z!Z(@xjPe+ekVONgzQ=0XvI%uWuz*v>06_$uE<m1A01V>{RhKFY^byrJIqC3-9t+= zFmRX$Jxz9%1W_;)G$|Xxlu;mOVxQPS(zzYpshIRdk)<$N=G~xXn8Az>gqcOiIXa_4 z2(X{$*%^`u8hksEjtyhb!z`^)`XCkU;hruFzQQxbskodb%c#+n^R^jJ#eR3EDiWzE zXV%!{V0Em;~^9sBclXi_#H^Hdj&rF6rfqObPz#; zG}sUUpEnWogO;Hw(6^}M4%gz)ky~hNj46{YiKn2kgmlstFf9|2kMi*iR#zm$VWXTd zm$lSEDmPOxV;|0vrLKggAT{aM1RdEvLE@nd@0+oQ@yJ;DgNZY0czKBA7^r}FF)d7_ zVx(!11d&NsFJQxrhNG~22qzX#!fDYW1awq@41$9(R->Y208E5MXSlhyAbQDt$3&l(045{$&O78n0(^2t}70nTq!Pm{IfAd4d)sM0+X=f!lB zV|;>A7~0qfI^@K*7WZJoRJ`b0&U8{kMOX-I8>vt#J`K0^6ik>BkFXks;Yf^366+#t z6Dt*w#Yz);O@SPh5pV{>O-NXwDg|YYRN&sw(4zC>-&?`T3Ami0mA-RXLg!e zEDdgefkSGh2x$uY22PFMG$f7m6zFeI=UNjs?nsyLT|gsq_Mx?8ks**-@D6TA5_&rj zXHnw1^VsNk5^O>R+}6i*l-ryfgD4+SnZeegWt0q|z>=JBHXX(`Y&>&-EYP9D>e45{ zF(QEs?$ zGI%I_!jvj4b;tprB4(Xj3vOGF9`K^wk*`h9A+d$j6X7-)v?e`<^flM!E!e$)@$9o4 z%g6P~CV`EiQedi&)PVx+JI0H3SoZ}$3CL!M zq_ND^kZ&-Rsu}o-iBt(pFV>Sq6(l9X2a=PJvcqhV9OfdN#D>`pm){b1zh*t|jq;-F zE#<2U^f?o?{K4FXjFajA7Z-~SuB9yt1>VY506HHy02z4}MOp0~kLT~$lh9tx% z|DVg&!ElqB4K`VvGvLd(c>}l`R}D#m*FVh4WkWC$oXRDqPav^m_#q6$OUno%z(y1i zE}d`?0a1Zn9x6wkow=z2;Aoj9NkDZqDaaiN+UUCRDRkHga5#!aI^Z&aBr-`kEI4cJ zsCH?9xiQR_3DZ@?1aRox4dJ&i1)Xd9T3?W^WdVJ@*tTwLrd|HMwSoy^;iPHd)N9Q3 zZum@PVF0P%(M(|rM_+>wVnE{|1!>5ajzxkb(Db_Sy(3PMfv_hbY-vba8vL#eSaSqu z8WNDQKCBg=rWd%d_)Opc5RNy5<#(CFQJiA%gHguO-^_)tJhH^mkSKtZpFln}#b9Y5 z5RofMJ|Rhf;xFYBs!nt^A&SD_K7hXr(8mIQ8i*diU;!X8fgnH%a!ak60iMLSwnPKV zP^4#NB`JvMZ}a3Ab1{HWGX}#c<)@L*T*!)~X~l&;HmXqx(1t^0_f27j7+}n{>vF`1 zaFF4Cm{50QSWiV?6AZ?I*>W`^%nCh705E}P3~r?!Y0EJ>f-NL7N-?C0$Bw*{6=XjY z4LttJXGBt7U4p&-g4tP>DbKDfC-ZxBsUU+IWLH)GgCxM!J#U5)AR$m37^@j6NU$yk za04cAr8jZTU(NaW#J41xh(DFXZi@CQhf7_1Y36S;_a8w8dqk4RK%{c&ok z15T|vEmMB7D;hE&ovQm#xEs^&OD+Jct;o5Jc*a@8+hf`Wn4K}; zWg}+Q3@%TD+mcGhmoa=P60OeKx7!u`fg6LwL%@KR_LuGc9Q%AagmtgxD3r>KVw`B8 zU-jJES{ROAg_zSvkl_YwAY6}(yNp>rcbrcni()WyK^2K}YAbG|a|_Z=9INOK*#lSo zNiP){SZH2=8>v({ufdoDbEg$QHafrDQFnYcDqkAZa9kBg6IC=^13$Z!9i8 z+}Km5GBpos!&x__x2%E~P5=F2bLluX^9+-5HiqiYsJ~f_SEM1xPLBO+a6ALt@fS{5 zhUHJTjj+Jdn{!!gUWz*t*f!_m{4rtXIK$Dlr&|S_^O*g^2N9HZe*lCGDr6!v)3^v3 z)k^;0(Vfup;q3*KU;XnmzT3MQIwA68S}_wKeva=l09-Nr$@bB&&G`~beZZ%yv(%>@wN%EiB+UM03iVC#*YRxr|CToi#ya}+KLHg0390qrW&Sj2=0C^ zd#ojV+s+0v6-4fO5wST;4glkp?V&O-clVB@>QjMR5&ERgzL*9NGFFiS4ynOox_Os^ zw-u7FH*cZ=e@2JG9Ad>ZFG{h13V^4vpCG+s`5Y3*x?~K1Mpup?KuH3m?L=!D0m3km z1_XuCH!!?=H=h7XF9zP-%5+^u%DID!&B(92fDauYScT=y+r?iOo!Z>PR%3+7FgLYj11QSurQ83Utk)?M1EGs$Pr3EHj`4 zG*pdno2ZAP3J+8ref>6_?uQfvtkOVCYinr$5*2m|2oPFf?xnSotyHbjx5ida*De5X zp~nuK*w*vR6n5pUuyKbQ0|GDwN5&r%Ttv_Tj-LbBjT{*d8|!IQ z&=?%^(@DU_oY)O?u7_=97cV|7gcpG7PPkeHLMD@Po&`s88v_Hbt)yVw7^N!?RXXPo zo~-j|(5irgUynVffJ5myA*S;%o_t5+GFy{$W8gsK=-q%k;{cM80N4Jp7EZ>l-mTg= z*rGxNAazK<=x*o0obJaX`I78nB&VWyqGAA5x@9iCsi15VYqWDlALD-S%Hi?n*dMkcI}Mh#9n1Yw21L7m?Q8eBkiI z$C$Gz?XZ`=PplZ0@n1@dTgNY%DXxqH@gvwt*~^*hPa@yUGe}*bhg+UX4`;LM-D$SV zOZJLP#3BFj5Si-u1N>{dZgCG4&*;l=FXja4Yl(GOO^nqsE}g;Yn~b=Y;us0}p4KGx21H2G+?5G|0|s+9QVNi*7fU=p+N_o?+9|2n)uk zJMVb9KcAFVX=4N?nml9|EQ2r_T)6kU(Llbyh&1GQxMkq#SlyGGpR2B@9=nUD^ezR> zcxqQlx&yq~ov-UBtMe|LI<=5N$q^hW3^P|4szfm2nsRB7hx1gj#;I*_19o%BCr_SN zs6T$7_(+g_m5=d~r`OQVM292@QKPfq!8r_>d?7{Xjtd*o zXVua3C*(hKJ?SbR4l=-eW`3AKi5pYGBZr=NUjWr7#`-ik z?_Kh?jG0`$>O1qPb<}9K6mVdGrOTPO+h&LiPJl2s=C6xFWHR^SmKMW9OB2KOXaZ!^ z_BfpdpDBEN`!4R-p$|PV4U+r;EUoR>(er5}r11R)rCp1#XFS|07DOjp-T!B!2s2&> z4iBee0?0_w5Kf^RmX=68qXD<4V6LB>R>-^eZ;d<-D~Z*~dHcE+9$Q@FNX^?k4TR0zvFE=_B{6K5dLqT+gFHqdy*ZvaUVx zzwe5JE1I4B%0%4UaJ~OtQTFbJ^Rwxn1-^GOfIHpY>@s6)h6Rd|hO*^ic zU0s8Euo#-6%ij~WE{aHCpPr#;j{!`2^{S$*cOgl!uM5EV(J;LK3D zP1%YV9b{8GyHJq^^s5!+P$XSOsl0IQ4qMe{MJMzWJV0>^!jrK)IqpYLRe55 zwuV`JHIf84@uvLPlfKYBp+CRK6)=DKndjLqUJQ_uZ_!7w@gdVT<>Y#W-Oekc0eW`2 zH^@}Odemh|pfb(H$jF{Gq^( zOEG%sc)q+GK$l@^k>Y6nJxXCdeL-0K=ux_V2#udiJ9XW!dAq2s?Ffc=?MKhB_{-ls zQAixM8tLPM%K0|C8ywPuN0ZnG8*&)?`bvzPFnXC1>e3q0%(P&2TX<_#9tMvh#pDq2 z(S6Tp_89&kyx@ZL6LA}ApS9_ZGko&b!kxEEA$OW&VQWV1dM<%QIWk-a-g?jlE^RT- z!Fdz=XkEeT^j5`6_ zml#yZ=O`N`#Th@!WmQFO29Bh}&`~a}AGbM6`a}4td-{e}h{S*&B&I+u_<^y=>{mW7 zE+?IQ0&hTM*3QAa!&+55Q)q~kV&^SMvnBht@oFCprsV(i7*9 zYN~wX$$);2fiBCC5cH*BShdmy-Abo~o38pcZJyucAV}iE6@p1Ly3+oKinoo88w1?} z(PZ-6lb+&%9$0HL%@(r7+}c&X=Ch{^N+Wq-fo|ICE#Ta|=3`-0ggzBxF_Iy*{|<<} z3#8pyeZr0+XSnUQE|J(F$uj<^F4|%5XXtjAIJdz@i5Kd4+`zZJjfVKK;%1`A3DN5h z&6xIb-N_FUB8*V_vT35C3nwU8Z9xxM2!(9I-yI!Xw7h>C9j)*Xsh1ID0>oQj7UrO? zjbi=g$31zU>kAPIw2XJ;Z5S&@s%Q&4-=h#u!{t=!EPCAf^FHGsY%*}H$Pnw1!M1l- z6I7~PDO!u^Aa7pFhccLH7)+A9&X_1l(75AIjD1Y9UxfXZ*WFi1ZBbiEcFlykOoAa~ zgyVDLi@zGSa=imHR&P*jVbc$bKnEytq7s>@*I?h!#Y&?22UcHN$|mU}1ftnCq}2^X zy8OoT&UT_($ThKsaJUsgO>5i^L zc9i`3gAo-iC5qSftWA4%=OF1MF^z*%hnUHh(1@>>rR4(Ll+0lL)sHBnoepVl{V=kj zX)RWQ4({T0ejodd#k6ZQ70JxrONGg;)*AvgpG+qUecLGoWJXaHFE+Jp z%SVO9x+)UI<+)ipm+0g>_M~dJx4i5{1yiD=ymBjf zXuUN8KYiKj%5D^WYvrZj8*=EJ<}a(suQ4Lg`o%_StE{&ggA-RL3ycsN0TFRX zdg?hQ7j2=Dd%D&E0nuykJip5lY@28x_8xd;w1?1Xkv8e=L&Hgo@UMw54RjcEuI|LW|A&PQi%P_*rI4(nG?MwpPY6zbr@{I4qk9w)z~mnd-z z8BX%*lchXjqHMo9a)L`yhq7kY$3)`&b0muT)sQS?clbU}JFI2q0Wzwmgnz1!owEQm^`S!;jJhcrnjX5JhuuZ&b%e#bO6qLn#XGpg9LCTS~BYJoncFCg3c4Db)qQk=0yUZ~UCXtplRIFSz| z6Zc2ZQvsThN^pcct{mr#8aO((4GO{vWP7piv-$`2)vB1f*}3#@wl}5HWuVe@ID!FP zl%c^PGG@cgf$!u?>MC&z8$30!Fwp$-26<-gO%WDAc?cJyCi4A0iBX$`pJ!lrdq=Fe zzS4ZLjT|Ri%2lkd+N^PZYBFOhK(FmHKLkTsrrM-PApG50=s|n5Zrm?2^*O0_BE>!v zg*$r;h7KzRp>;27Uu?g#`(|8X1S#@nBhgw)!9DYN@0|lNb;uL^kpe)85FkCcOampZ zg@%v>sEJJIN;#=L71YwL8n_56Rw|JWNpg}38HhU>;6}feEghgal4hUb)7w?B2fz+_ z$qaAG;3QH2CVY~vb$3yQyF+&@48UjydtYH{UL*_KfTBK#N(WfZv6rtLifJ1)PMY6M z!ir`CDiL1+hkrkhsXPZOu!%Jt*79LeTDkB|Y)Eo~Oy%$buTN^>2}cnC_Ph_=36&Gs z1MVk#T^xjD*Whv_9ZS<3ZWNNl23W8a#jthHdW*kg5-ziZA99F|lIkQ1p^6t!)l>g$m3 zoIKo?UF=RlkoXzO3F8}=_R;8-^|P`fv?Bc}LQYw}AYIUa20w}w+TaNcIE1!_-26RK zdtR$I%$`E&V>R5(A%3EsJi*xA2n!7@{bHDhqyuAa&D09~%8OG|Zz#_jD<4&zp6faN zboTVKAE!CeXBN%QEc>1D7svcl@Z5h1{}q++Ph&p8e`^02|3xP2=^OtS{Fk1giNXKi zzy8x9{BQgCZ}=|>AP!1+f8js*8)CEB{C7SU3F2cv{|yKF*L?mXvx4Gg>~tKb`ij5C z#S5I<@z%_;xR<%--zpy#d4-60y}u#s`MZ0X$bYKi{kK{4KP&!Mj=;a<|1mq0B13oU z>`ILKS2h9uvH$BEkxlgfi~s8z80r0w|Nlz|`TuZX-VBce2wUx)>;VKpz>)t4cu#;0 z5Ej4-;&H-)ctH_@u&9)Zw3LK|l&*r3oQkR5W^)rgVYlm1FTZR0~jmHKe7*Gd^!XX7dd<24vK)gY) z2>=Mm-`l@-_}?1@gCmeAGzN-CAK{j zt*}R2KeeP5qe$)Olkj-JRWb-mO2gtLrHIlp$||aA>KcYd#wMm_<~Fu=_709tTRpwJ zeRlZz`G-eD?u?3#*_FI^-~Iy!4;}swZ06rVnSV!P@?n^rU01t%uJsQL-o7(5JTf}@ zaO%6zKNg~g@i7cXDEe)D$a^Ox1H-@dQ?SpUl|2*Cf%tiN0KU+fa$+XX}Lb#c&t z*#*H4@LzBd1X5lPC2GAL9lA$MK|d8EPA#eJ=))=+cyJ}ck{;kBl?)e@SN<~XZTf$6E$jbB!@(L{vlZ zj_YUE&0ci-Hc+TnD==W4b7V5BC+QojC0MG=aZy6)Z0u5l>IjS4a3pBv!ivRFd-d|m zN3>RYABMzCORki|lr%HZPfPqfd$&r|CBA2;w2q)^Z(D{pKe7>>>$KZx(r9+u@GkLf z($VIdo_gcGN4!RB4{mpVUo_k^=FNOmPFy;3v?W*_sco~n_JNC&w(q%iizBO_T;!%0 zPwpR5>+B5rOkQ5aS-QBMc2PCL%olZ~ef+R(Zm^(gPM|wzXdqGCM|D>2%wCXJa3%XT-#M0X(lGSZ*Vt(-a=-G`5M^w);l#H)r&oM%&rB zJd=A%Gy8vQL>`Go2W@GHq@B8`le_(!H#X4GKl0KSzMb1}ujHF3+a-1=eX3b0{l}wQ!n>rZ z3r-g9iJy4VMi2PtQGbzC{KEH{!h^Qe4}I7mw2tj@fNts znQrSc(8TU9Y)L#vw^VDxhClM(5&c!%OKa=J@*3f->d;HC?f(~hUjh$R_y0eovJ{ml z%5p>5vfQx^S+b0M-;K%D!I1CB z{XXC4|NDMl&pc0O7Wba>IiK@6@6YEf?{m#3=*Y#$UY=K_?{c7GqNH|XuutJ9-E=RH z%|09ZXV5rW_c-6%r0DOfadBPm?wX)L-Qc70hchNxPY^Vh-8bjn7S8@#am`9oy0*)CE*qG?g;GT~^)2N|nD;ytYOE+#=-fO$pzN>ljIU6O4M94Qjj9e8`W}ToT$O~kDOuWB{Gg;cV!xkv&K0Q_D?a5u5&m}6>&>!jPtKn$ zD$Kulpmk~YoDixCIjnubW|JF&B_|*M>|a>BLb8D8z_iI?XAjFA#uS|v%*$;&`OxXY zhbvMftr_R8g)b=5f9wal-gV2L{9*ogPVrkuUiYN$U43;|;)Ww7db2J0ij(701@u?E zxmAA4}bus^FP*|&7UT>()0?^>8_-4`iXb0C#9Nh zs!DM{otq`Q;yO3<-r_6&@TJPoSWkvuSu9@=JaF&l(P!;?O}i_5_iFJ4?Ry6vfBc24 z-t-G&O1;q@l$}`k%AocB?Qiza#o^ZzQWR|_#k=IB7s;pUT+!%q+qq@KQpy%`_|=)+ z_Fhee+A}0kkq?WzFEKMZk%@2oH?Gh&5rvG9j|AK zV6(7Uv5W1=Z7BzeuF;Q^efMUqt_4a-Ewzo^Q!N!mlR*& z;$DyjU(WIY#zl2k@;_L?b%1!~C63I4Ae^n>y}8j|HhNSLOG zk5>=m#onCu`MBoU<}W@EL<7>D7b^(QI_M_49qJjgP!S=3dVi zxP75NF*Gf|>|DP{L)UThki8S{nUwcUd%7;c>E!u{gJw^c`(=_;JETJkB;tjYnoat#OE;X|=1p)Nf( zefw0U`I)8D9v;HYuef6IJuG51rFI4=-HtJo))qt0$_ebHrkHyu@xu2~xEoe_ruzuWXd)akW z`7cb|4Wp0mpZ+wiRQ5fLT48F^FJWPEZH^XZ$FxVfamM)16>Dxa8!u(LxFiJ}nlX{vu^ZM?QkoA`$d zAu;FW?4M<-xZtRdbW(Szmd$8Tc=7bSRDb5$xV4lLTC#iIrg-P%iW3dBk#N((J%_#o zS+mC&``peEcwcji~*0pHzy~tZFCh6M#O7mXCJh}Gq3grtGU+y`v z#b%+j3Y20J%4gQC`LS5ub4JkZzB#w<9I4oBC}2E!!mh;c4vwwuTi`2~dLdUS`_vA2 zp3NkY_i{#=M5~gEI(W0kIO)o^-I`>{6KT`xw)gG$_VZKPg(s9ub6EI{XaMb_mhzXK z_{tN0pDKTRI{JF^Lv5d!qlytbN)|lpx!LAHk=CDXpIkVvXr^@fE{TNZI~cx0^;7Y0 zX`x3w16$W*>wn-{(l7AjREdw=itW!Mepv6^nnQ_DdUNfelKskdcRXBtNz^6(@--1B ztMmSx8*U4BuU+`|?5hR-$CL2kb9?$X&)j+BNnY5Im2+H@FYf9%oAYJ+3%&G^xydVP zwfh%#wqJT89rsa>Yh_5!=fJsfkMYmBn!eTilyuk9+w`$VKDc;4sYawfg-_rc&jajX zNz)fR2g;?7l&Od&^evVBB&XcnVsk!z!8_elfz>DERiZh5VY=0>25vk4s0chPvQokM z7sf68M~Aqg$X7nS3_Y!!f-_P#$}zX|j5p+M+9>uyecmkbGPO1Q<%zP7i>C^oIzc*n zmeRZbQpMAqJ};ka&-s2~Me8xuhIXy}Et#SlUcBfxDLgHxt#QJt2-~FTzr?-trCz-?O(r&^*F+gxEe!0*?`gw7Yek$5HBG$_mfoXQ+$A0<7b_i;lOgC?6JNH=c5xEBAcy zy^%HZ%(-cEpQ>{6*7cdri{KI#oi4q*yQK7tXwY_{dx7fN`w#1w=I>R$$|lV^6YX-r7=aD}U8BuJGG&uWhqFIZ>rnE;DUZ z*6hRXmivXdyQM_n$8pL2%ymwlJ7lxt+`m$rcSFhw< z{}X!euizTnJ{QFuFMd&Er`Or&e12uT2KDsQf<1j(O(w-^{s@AK_B2@R*!x9T=gZ?m zZE6;K3R73QeouWrsZl(^VjehLDrdjkqg69qt*@sB`OzNT%g)X}A(5m%ck9#0skfK= z?6_3o`X%<8smm6tJu_z2`flZNZnWEdIJh*#wMlgmh>~>XB-`VqG$tn%K+9j$OUnmV z>Ij_`+C&UEWq9cArrxc)X^%e#WY;B?XXc;2&;4@xiXP|HdOy+&%%XG6%e~G}=0`h+ zYrb!K%5i(c(qQ!?xec;&7S}kWx~LXyx~}#rDBCn9rR;U?@?V$)St~O)GC_NRdFbaI z#2lTum+`H~`n5YOWOCLvhnaqz)mpZbquw_9*j=9EjxqY84RX0vPs&TB)$ixJH=IdZ z)kcviwp-O4s`bq&sB_h&)9Z3A>c1IhRsF)aA5F`X4(L8-edy=+tdF8*I+#+G^Skez z*c#2dXm*vuaZ(t@=jHS~LXg;ky0-P3Y?8_Ap6wQ||D^M3mbBn;@rh5ANDgcF8IvP# z9K2<6*y{q%*;H2#-x?^PN zTjYzP5whZ~`6h2`*MCkhv7`88t&@BDvN+G${u|}(FN~y3cyRKyz`_F;%T02QH9t+2 zyksr7T~h-PX3k`raxO;j~i|1bL}okJXNwX^upN$zh}2? zc7F0%>wGi0k+jO|CeIWb`!zvjH;#Q;!Y8kC*5-4)j@PnJ$u$XA3&no~cHXR995Tl$ zsPN*0SjipQwcho2doF1gJlnXaw}qp@Wva$DpE#9da@>}EDs8_oT32s)x4l`ETUn)R zm8uyDzBYhTU$T z`%t?tgF|JbL|4828ZFVR$StBI-#Xl@FD`Owk&Updo`c<$f_ql)^Dj;(KD|Bn%;N4< z{Ed%NPSk2it`ovxdE|L%R!(Wk6=|_pKAF-Tg_7I9`HAklPjo6;99f+v7yrT5c+(x8 zu96%p4I7O`wRw~bwO;qy9Dz^%TfA~&k9MXmUb9tU?^fQ3CyP3B#Gkm{-YFZL5EA&T z^VF^8RjFP3&5s}H)KpgwlDb_%$Pb^Cq$6*BoEC_bO)wZSY zGzu}_Qts^D)Z3!EFTmb0Hh&ULt;_lTlpBOKt(O5HB$vis~lpDkH6-Vg3w5fQD_?9n*S?~$}qve|mi&RD&MO3K5koAW*DWsLi{`)(>v z-Lc}8oBbCT*I655TikMjy=`QZ);&2r(=FvfRQ}SQbYfMeO{n8-i$nX$uSsgm343#Q zwnm5Y%FbwP65h26UfOvhYZ2Z=Pe%1?~@%F%=fAFkA7MR1Ul$H~bx@ptfNP3QxfuTY5?#pWv0pt2$sg+I*@6Zr8nz?{-X(`Ec1MBfCnmPGuce=M0Z@;065m zU%aJVZZ$w|m$@$_nK`?9Tjz`nh z=I`#Ny|VDsnw@x8PeHUf9&7FT>D9+#PubbH#&6nAMYWHF8dkWgMG%GEmR@}upS`$* zdKJ32=iGB~@`@iphdvnc$zNJa8>Yf0M^tHYLFy2BAFa{%jACP$tct(N<_@Ub_9AYF3+FDzT`0_T+@U_mVbi&bOKL zLsm`Hy3cW!#Tw1bw&lJU%;$;4=kladWJp`>LqqG<_un>HEg7=9e2?bO7RSjUPeLi{ zO4g`8ep1tN*w{m4O|B9(Tx8~&epi|ALFG5AtZ&^HD;JJZE;V^u@C)&Ew7qORH6$2^4;cqL~_^E~0)8@lV z32BzNYX%V0UftfaF>6`!p?%`lE&Q+U5z8z*zsfJIw)pWB>y}2TwQJ<3Sw5*bq@CDl zP5MFfz!!G>NYGHa??~23Ff3|z&FafODpOovZ~cPu*?CU?OtFNJ7fZ_y1x4Fb?gz)O z;oo<7d@q_W0)6U}uCzZ^m2%rE#kDOn_xy^)XS<&C`_*$8-H>dh-6?U%5LZq3@my!! z*`v)XmO1BKs`B5y#k|Bt_pU^Uo^|DogRpyJm3FO|+m1q=?oNdTt5?5}JxN+zaox0R zO=w7n7|{l95S)d(cmCn@=D5T=?Opa4s}@;3Ik-FOlK8F(8PG2bjn+ukA@#j0K8`Ii zpN}E)t1E95iCw$VDYCwzo~!S8m60~@RIKp@;brrx#g)aCCau2^-EWvL)KuSm*z0-P z*OK%TJNK=ayUl39t{EJH(=>a|9M+Jue5ZD}!%R3ubN+{%R3Z5kW0QlAx8rE-2Z?hi zdOMXfzB8x+^QT`&3{zVpBxo9!1OSQwdo&)rbuh8EX8n?*Gyp83L0u^Zz359r7d zvg;h`s1^bzoobhwiI6W|I>4vtHC>16>*GY{*($}pGri8te-a#%`sFqu@V<3Dbn7&srMnW=l#vI^K(U%GapbE)Do;^Q^2R?EBl%<|J)PxFJ+||NQJk*- z#%-9d;XmXa$y~KQq;}+!a*u9MWAn>>kDZUF@ajI6s<#!A|IiS$v#m})>bW+*N3Mg? zv`Bx>yCq-NQjQ0@+|HNk56say)go86wI>^MFL@g`hhz><)tc)mM`L?Oi>M-Z0!-WfP9fIQ> zuJ3L6$?wA@QT%2s{s znS8gO-DZLrs^^1hg)zS0qHkBosXpT~KBiJz-yDQHcvF!t@1$n&GspKnl3!w=49@B% zp|7`!Z4LQW7x?VZiI5S$R9A5!!o>95q-!2?OsyAeow&qyjh@Ku6%W6C+iPgV-&vmA zYA8g#8N&hA82AVq_Ts38o(c+2gSZ#I4h(eOz9xUE`;m(&*c{#JC!fmZS!{b48|}2F zym?7-sOH@;J@?OF-zk_Gbi0^qac8YPbiB#02N#zg_M#&^<>-T-eZI}{AEFFNGHbn7 zBytsqeXy;+8)-JbN=X?m&J=vQU@p;LoQ3BP*eW=G^W++tyu{YT zvefE$MJ~;*T8t0Id*AI}V)-U0T)kw&(J|HIyJ3I)7W<@K zic%?NyJtsEP~NB_QibbXqyI7g!Gj-_ugUnjqzfETQt1z;@nJE-uTEdk@+gt)xs7%2 z54g-z%x}8ovfs~zGIKU0ZV);Q8M=}xk6B=5OUNy)ZoNAsYyFC1@(`t4r4av!aFv1Gte(TI>qS)nQ)d`j18 zl^niDI@-~&NFqV`biA)t>3#kF&?wQ!S?07`U3&=6TPsxbOV-SNrFh(af{k8!xn>>&DkMi>HC6 zv1XQ$Gk-MADfs%$G38L6hz;+}%$iMUg((yHjO9z*@mMN;jrPQFkstEwdSs5)wUEM6t7&^cx1u`-M=#~ar>-OinJ-94|i zPfCd*E40V<@4D#l#sj{WIR`$n;%CzplSlq$A#dgrC#h_{6LnFt-`RibqL%$@rH)UL z$@9Ei0dd@ODm+%aHC;`?uDbMTUs1-RCefg6JDg9&6UfVcPTuhSm4j7VrKdsfV#gD* zwMBA@OB&r9vI}))^6^Z~te>u5ao#R-!ScAe44)XzTQw#2KXsNlC%Vp4kARXF;v#kT zr|UEQUOTd~ z(@<9QOxZlm+?#m2;H&(pt&Q+wC2n5(t}+GxnbxN%E|ZF8DDy=-iBEcUe7ClXmRG?8 zzwopp{+z-MT)JE0x)jUE(zQW4ng`8hO?1m^a>BJ-<8*G+JzLXbX!P^esc4Hgat|D5 z_7|?;*{?`z(eyg+;>r2v} zyzTmO>-f&c^?K%Zxeq*l$qBvvc3bir%w62os=@}`wjH(p%Wd2jPq z5UCz+$PB^Vyls7IYQAcn%u3A{2gH{-?EWm$BSzkMVd3k}1dBAAxnDA$#WV?~&76b{ zc^aSkh2O07enShdZp&f|VuyeaCS3a7t?+pDua0^?Hx!y2r7rcF>e<5?U3Z*I>JA0W zHprVgEnNq{y2ZyU&;PEdUUMt=eE;;2hbbh!*=mbyjtG~{*k_y(CAF^Zwd)VFGV^yQ z4`rMn9CiND(*T}T#Bufc%I~k5Z;F|4#kt*iI9VjsYqK5xZ0eqFE0dDM*xUM5)mp3O z?JZNcJg2Eg)7m8Ts`FSLvgxYO<%mzui*&Ahs=RqU zb+toFaRuiRZr-Mci7GZ3-|T)~bzR{9ZP8&t3#dQcdI@iQ()3e;yC26EbDb;gB8GPx-b;DG|QByW(Us{qmxj*gCrk6Os6qr?FDFC77if8nt)lsFy_R zWl8TcT?keC+GD3+r{HkC%7HdLoi@!MbZ>r$+DDF1y5CWuqgQ)DLq;7uDao+@8~zx_ zWu-7T$ITA~rEq$d5#Lqp@p<>}cH4C%Wy0I0rWkD0ajS?u5FMBQBPa4jM~k$C1&wuOG1E0rdhrN`C~F(O5LE4yw~ z`Uh%6&Iy{n9|}EiWWtg&!Lx4MFW>k`M)gEMNVMZ8nGH5mlAU)76}NZJOKFrh4$Bv; zBox;facT<2%5=sRSe@wY^T`FMB!2qi-wZI`J!r3Vh)j%luba_vcpMKq~mhW|u3-~-q9&3&-xna*z51r zxw&f3WnNjOCR>=Ua`1?A&z6(zuo8?^uF#p~7PEBa{&R<$>J81G`XpjBzrWmjb#q>_ zc}8pAqIb%Z`lrYD=)K-|KmD3PPN3-$DUJ>6(+f&dd$_JE8=DBpeUFuQZzH%X&bsr~ zF)Q3e&*zX8^?>UY-lo{Tb$7qFPMG$ZFKqEs5$APVy?$XVj-}ewR&OgKE<1YeY3yuO z?Fwp(wH{A}|CIXd9J$KMD@V)Q$-c`S{joHUYVjs6oe7*-YfPt~_)S?ZkW(OMkr1?@~#m+>Xw!m!zvi zUp>b*|F+WmkEtJOnm7)8*nfOoGo3$o=EW`3Ofkn-G{CQId~5^nrbVs_FLr+3=_vbP#>Oee z($b`ciErTzsSnh);63&bA_VO4OJXxp(rh_RNRZgPv|pGbmk|VgrR&roVtAeNebJ`X z`}wlP>t%($TL(@(!Xfiw6UWEWz#ucVd)>><$Gw-|5V!RCo(oE=`~wB1%_WK4Xo26D z!f}z;oZBeoPO5YD`$&AB#jOR!1E;JBD9_H+?Y6uzg=B?Ka1h;Xc}=%x!Tb;ExVa8i zc?TjVnBKFGGn4U%voTom?xF8>TRWR{VXD~WK${fJ0zc^%4ru{9&rX~D84cn6dc+m` z9}8}ox#%e@<$o|c?(RIHtJFR3IO?=gh4$vmpTd*nlj>M`)V)VI(JY?dW|d5-+v`{c`zQkr`ef z@mV?aTsOd0^KqOk$2}hheVnSD2po+(6)W6m#)4{h1PwRzV?oW|^zoWf=`(q_+G%|2hO>Gv0s(=xxy zJ@>`7RjX?59P&bZ`-Ki(*tP+3dB<8jhuer9XBkp;L*52MksO6axU%;Dvl`AK#|54ju z18HwK^;vBxC!BqLn}ED~o$0~<@uR`V)&Il%y-{@kG58;#|08Gq59|L}^?&;RKu7$~ zzK`tx&6&UaFqxoCmj3^1WdGm1BZ+&V+urWn<1$Z6(-t=z_1<%)>HM~n)jzyWx$nSn z97?nBm3ndh+438^tppz9ciim>y-*QR&v_s-7?*#&_Hgy5kL73Y@TMu&YxFiN9rHR{ zC4KRe%gZSREAR_mEPuImWt;QtDnHWAh3C_^X?intbz~sz=rcy ztIHt?{Oa{yIzkuj7j8RXPVNn0vFx^w zrSEFD!Z{5IQ$!Z8nq>FC2?XQn|I|=|4>4@q9MG}+zq0zs=YL>TRR7_B{bxHqGj|66 za{^`p)Bj^Ik&M4E_@5IPIDq^eGjXEjgny`=e@mtf38k;TN3BA&H81aL9luG)mp5oY})bo zhf|B+PWD$w(sz-PNUcq?uJN5>rAx>$PhUvBtDx}SNk^@7L)(d031xS}KTLjZ7Ib{lmrF-_P!?Nv0i{m^FPhFh;?Q&coLA!3=>Y}XG=cPJSd}}T5HU{%1 ztPzQQQv0Jv{>HtzYI{;QB@(%_LJt49rBH8v)g;)<<9pWh#C1QEvW|F5-*c+q3_YM| z_pEgV^>h6G-DD*Gr~CiOB8%l@{x{t}hF$*;po9>Y`I7ueG(zyQV2VG5x@_P{VFOPD z3y56iLkXsYfxkp9159r3;P7SM!Gz%J#dV`1fg`v2e1{V@#xFEl|L zbDnYj12rC#RgbB>k1?>v#Ft?5S}^r*Fo476PQ^rLVPFG{xevx?BSvUGW@dGYyY(Z znt6$P*`4Bu%RQ@3Jv_3~QgP4Km&aCJA=f^5TfN%4tmDm>y0zj9Wu|bgU(dla$$8R* zDX|+SPn+S$$IUY_hGQa6;uhYC6S+9Ec&C$Q@N#a?U(d2VF^)2#TauB@MY%!2#m4bIKpyf=>UT26aVz+*A3{V8X* z`Ha@5T+f&DynSZ=|5hV4Qs zfx+PE3lp||U9Nm>SMvpvquHPY-n5D+?XjD7bv`9lu4Nr-Uu_ zUhnM6`SLUF!tD3vu9Iy(dQ7UM)(i4YN|rH(&o(WgO%0B?erJ>4q$s;72>Z2Uja^zg%PcU6;7cfhc%xW?GsbZ|s2ylB*A{tJ_+^(|Jg8WrNJB zLaM->osD;Tf1clPkZVx{2TjUI$`fB8^W5Oq((NI)?@w(PnLWYvR`TiQ$mj(Z?#TX- zoqXBjPN(B8h_fJR*%tYYeFwPs7F~nn_Z zYO59dKFQ|brF6_gL;I4nkBnDN?~nH>BHq^DlI2WkGvJ& zc_4A2kSjhvKleDfSg{Q^(Q$7b{<7O+x%d@z$>tw!O~iCdzkufH6wax^?X_Pz$q-(| zwR`64q5=p$LA`HiaVdJmak0HAU0e-f_1&`Bd?iPDB+tr+c_l5}=6P|UP;^l9X)fq+ z(a}8lvK9%~#amN&`=2Q`8J#m;%Dw4|h;RINo;9)S7g&Tmzbnr%&G6FE`=*~`@~`RO z?nus?HkHC%hIx_HK1~*$h~K+JuByX$IX36W)@^$y7;o-<{3|+bm8w9e=39lc4`*8P z_3-@ad_j5gK{57uVDA}jq2o41GhDn{i+3)Rv!d!I?37$CD}R4Rhlr_t@#3vt8)PLZ zGCj$j=`%B3Jq13!s^b*XPdcqs_u)gOhEF|L=;!*5A1!HgZTw#27gyNtYlhw zk~`^rWAE9%*w1E0ODCKcQ{qZOEYeKYM#tNdFB(FA(@O> znlX{{rljf>>}C#_YkC&p%*Lmo&~)!D{QU3FPvMr@!nzRu)eTCxmovu5w-;HcMs9^yI<5B5KIDZBVDgh(SS3m_7F ziGxpo9gP2waB!J_7?DUG9_x*!pfTb<7^^XI{#Q*!^`G;{rQBpzRF8XgrS{iynNcIVc^ok_ zX2=|wvElR#WnA%$NoQ=A2MFgHOqek9oZ=RzH2wZ7hq#ELmy%}B)mzG!T|aGSEbTG3 zjrh_Toa)$lwnk z=5Eg~B<>cD;}13vtSJ)UN}3?J%VN@w0|r}Nxr2-OvoS|zQT_I8&NEE9&TUbTIud3gBT|H~>M%g(>meaNdy9s7| zkw`oW9ldWq^_-)1iS4JXdH$2&MSBJLl+;|Vo%|`a2U{$xm~}Yx(FU4=(~$^$eBQ&u zW(O#o*^exMD z!fB3%X=hfquG;jxO5Rz3B69BA#N1<(9K*ye5pQz^UI5QXQkggn15HUgc72*;fok@Z z$Ti0fn9qG46GITbxJKDhcxvp7M|0-y4wabMw>9+i=C+>X`8@JJr<|KG+pLYi?P3XI z)+`iRZi>;o6+KBN#7OSSN`p@|PKiKSpSr5(sgL8No=RY!L{+Tm?%$a|qe`fv%RrWvi zf!_avSB5EuP*#zG!OR^c%wOp*t|3_AN0#?7%HXA;&UlBh%JlEZZ{Rh2{ts4B13y7( zf3X~+W*1JS5yBt{6GSAB`uBk!3BDmD_E!vC`Cs)uYWo{HJN%V4F#h&eg+bK$Py7E3 zmh>;%A5W%*k-+o4|AN<;{vW{v*8M-Qnkx9|pY^}LK=)&1p+qA45?3k)&_aThU`1HT zF`NjQhX+HDCWKYi!m4Vis(=s5SS2MMBc(7RRSCR!#>(`czyH^0;9vHCdtxYsN}^H1 zqW;8 zDuLjLM)FY_%}V}3fj`mj|MhD|Ygr{E{AO3m%!(XKQF|yGL zr4qv;h+$em6dw|i>`PceA_qk&5<)|RiHbgy5Umja@lUTGL!tj=e;&2}55s46N$j$s5c2nk6PGKd(I@YWK#Jle>>0eJ(fgy3zyf&ye^P#W|8aRSgNkyN~ zP;Di~bv)Wi4Dooh4Q!0uAP6!rF|@I?vDcB1G^W2KAV<8bBlyagjFRBtwluT0V1CEr zB_Lx|=`+6@8zXlBk$AKn^$jfXEIBi?f?Uju98Gm3U}fb65|Dw7y%FAC zM;S82TUy%c8yT5dn=rpQ*ym8X_YjhfUK-=xUo; zneadk_J%qV$k>dj5e07onatRykBAB?Cc!gQG(#YDWo5_|Z)RfZsH29{)mG96|Bxb; zkg}ENm0_vXXkx=ydMyU!9#&Ib9tf!g4+P$f5OtYY>saEA9U*7NXG35Xc>3QVZEG6? zP^K}k70AKN9ax4u7SzlDxf$F(LI)$KDyc*QV@tAxt`%bj6EX~=P^pkT(T^BLB>NDx zkjf!>X)76ksv+foH%6gmx`X#?E15B_LWBVq5}<%EqMwe0(%=0NZC4)n0UxJlH9cgfLOga!LXGzDuzkASFA^F?$z*x2+hgY7-k;Rm!2{_Yb% zAo~-k5RIY@bVCauQ6Z#3ArhJKod^XJs5C8Ra}8()(HrtYaD-t^ELo03htbVvML01m zir%K)z=Qb&=$PX5jTZiqF)j2Z(1<#|gecG_2~i`O7?ElOJpG3Rh$Iq&By^GV|CA?RIm;Y59APGz8!VDDj*3~BID#<|#av)Bj_!6}sLwWhd5RKri5J~c-1!zII#lRkY ziDa4r_>rm*LcfSi3SJEP0Jlmd`6y8Q{HR2l7NkngMNUaui3I$KH&Vp`8L{J+5x6|; zFd0Y5R%QIzsz~Unuw)C#L5=}L$Okkcs3H}j_(4PckPt?MsNvp$L?0UHqu>ujpdcv9Zd3pEJ;2@G8G`*Z#7mOzi6rwx~juPb0&sSL2wCyd1y!mDPF?L)>1-tF%(4! zhe8NZ5Sc=Q!l^_SnTacXh@mtDLVlM?ZTvE+N$9E#mkETHp}{188bm0PL@E@qCVHcpO^i@v?RzO|zpWMd5J zTf0FPX4XcFAR@3FASZDpfHDx8Qoe_rM**TRKv9?#Mj^RTGDZQTFu+lG6d*MtgW)hC7&0P85Q8b9 zpp6F*)dx6^A?4BW0GOvWkw*0)gt8#$U{j+&P#8ccJOV=vDIp=@WRefF`3xyxp_DNC z7XVqdlrToC`he$nBK^lZYEUEy^sP~pg#tujfTHjS7&QdgNVhOZ#!walLwwDlg4v3! z9~=zX(@k>};ZT4n4A2xF0jKsv`W&e5XjX^<5@CRe@V^4Z!S+T0iZDP$cmyok0Iib1 zd<>)?P79!ffx+&8ZyqcO1;D`o;ouPv2SJ7bVZer6faQcy0k|#Bff`~_01*}d5tac&AmU`kmRJ;+gGC}Y2IfeT$Ued0 zpx;Y?4FA>a!KhIx2&`F0?I6G==z=+$LAg*s78XDjmH}BT8KFQKEI=7717##he&F$^ zh*-bXj)cU_dL$hqyn&O6gf9IJsRc{fD4+xjpajc+l0oGnW;dDy%-I=c8-SHdUlK(T zD3 z6D&XzEGwD}WUI{>k10W6#1KjZA$Sx3RzZOpDgZT9SW#nSd6K}2Nn|2qs}F)T8#5ya z0KrJuR6zkMDgabeSfiU!vPA(gDga_s7!WgLB`PQ|K?NBOvW78AN(z6;Ym|DTKpGW* zG%Bp|%s{q-cESRZT3Xg1#2UDQMK35|Mg_o(3TwnNknKRh1K(MSK>;2r06bJ!V~>Gs z2Z{j`CT3t@Knwv`N{`tfK*0*2AhW^0nI{UgQ2}V9!Wx(iWIIs)z;~8vqQD{*fJG{- zSTstuC{RQNpoj_+Mc6nXG8K%m!h>muM`e5(?uJxR0E#LA6jdgmuq}FU{b`s#M+DH) z8qH@7cumBVC3G1EJ=V2`^w=HDa?{_Dyk*#B?HCmbvPM$mQntREz_^zFhFrXe?bWvS zW@H)yP0SDU>kk{vQpRTMz23V>Rb0o2hf zIibL2RiFS>1~!A<3k~!nFkJyf5+MpXIEwC9p#VYz-R=5Pz>h?T5RB}*qPtmSa87^_ zjVwZL0T&Q{?=WB&=5HYvGvFCDpajdGlBxjhRawz~AlqSrN{|UbL|+LAERlw?h_whz zXN81@(~zkF`qTkw6{rp}T}TAea3IDVH9Am5f%>Wd^;Jhh{o!JU5`2AuFcJ`n22sLk z5EYrBB!H*ZGAdVTZJ_sxs(Ws+@6RIe@gDUV2s-t-aL_n~p5yswpy`yME zs)R26jowFe*jhU{V-q-rmN38JMbDW@Eg}3U6g&?*@Q()ZdX7U{wKpkZqPuZetQ>oH@tg6m zG>aMvf361nxf;WtkEPAuHKc%yB0~&FV6s#PQf8F|g(Fe}j!2E+h)_zx&J@51km1sq zAI5Bzkr99_YxPigM>XIb)kcn7)KK^`HQ>wC7`_bAlN`HRj}|YCVb;I5GHb1wP2A(1jG)rbEAXObesycHb=>Iz$nb9YF@r+p~eVT;sh#%#a56BFflqWvWkDm8bS1nAzF_eHX&z*rfi-eeN8xzXf#XqUIG&-t zrh&rmXaK*XG30mHsde1u=)=$k{S8sY7*Xbc)<)`&1+Fzvcoq%dSu}<`3yAgUt;BZt z^_%4KV3L4U4is)f1Go*1k-@$O3i#Im@UJlx>_-M5yF|xV9i%&qvjfONEC`^1!q;d3 zU!yS;^CKt_Vnm=3JlNUX$cFF)HZ=abATY~gqO+P0 z3a6+6oTA3iloE^M*FXX68UWZe7{JbgA1H8L1K_&G5U!8iHorqF(x&VbIp8pdyG~Yh zq5x100H7KS0A*1n4h4eZ0D|He2s)%n915Vq0ieP$fNFRQg+qZhIDj@d2HLRGEz64G ze{fC49$CL8vcym$ei+lEkK6V9Ze=VZJsb+q#R1U8F+i6E2XQEH5C?D&H-v-iT4zMy z^M5E3V%uT=l_MW35W=B=WgLKI90QhFdLIgW#Q}W94dE-hW*N6Nj`U(<0N%gS9}DE+ zP+&d|U_Oq4`H1&I7YHG%C9HCwa2Yt@GH^pKgQeL};5ZK8IBsa>{||zp-=TrNRgbMj zk8HqU!H^~jr=ba)hUQS%jkE_^*NNsnumUzLAkswPt~7zW(j1Dbkt)c`v+Fj$E1t!W zG*S3CP2l4+hbCfJ{J16xgx3TJuld`oiY5w#*8~W!IdWD-69u?w0&vqD32vGwz)cf? zn>AP3fY## zwoc;?5=j!eBzpG9vN_u}9=sCS>rL10;xSzBz#Xg_MS;_>G5~6j3~B*s-w;c1Bo5n2 zoPpBE9O(aMi;CmOd@)N4qi_zeGVl%{q1SBC!h)wu|5iuGrAUH7`fbIYr@NWTKcFk@ZPDO%TkRr{_ zHd6X`_V4@+3+O|wg2ojhL`v|uMtUT`0`+L9lrX}j1PMJar27qw9wAp(SIEqdehvge zSoaI2M1tMl2(>K$>d$ssje86GkUr3O5rkR_Gr6ThUIdHAiy%Z$n8^f1>dOcl5aoI*h9D>jjTId* zpmcC|Ba631LllJ(rYJ}T8-Z0Iptauu-vPc>2y-72$PKKbqrqK- zYYH>Trid=(Cjp24N5$D9j{+vSft@MG#6S%;a=3<1+fv`jFnxba{lq z2@g;>*>nSz+2nC9t`DEZV^5B>rG$b&ixP^cemrrO9NQ3eoeX*o82YUN}79W>Zl#$b+yCVJ7`>ctJxNM8m^_5h5N)7#jSKI2so1|K_6p zU@Dc}?f>T5lNy?+58(^KOu`_G4^TscjR-jpX0r1TLp4O!-ps&BFvvVJTi=PC(<-5h zr1X{>BlP`!(Sse1TGI1IQY3E~uoq{rlb|6E!U%H^By>TMTGA(NhgTKQZIBZ;#u|H! zuO7yvFhoi8H)c(sfr93<*Vu6NB1>P)8(AUJcI#%w!U>E1Dfbv!75gWYE^=Z%7Sg zWRVlWsWcYB(Lgjp*@Ky!J(k!M4QUTXSbHEDG)!a?o}DtxsQ8djS`;9!GCnY>#S$-} zA=beNvkoMKQXn0d*+sy?A3z?)Rz?jp0Ew{W-~qbaP*!Lr3J|^=%tDw$lx0SB0IOiZ z1Dq5YSyo-3i5(Gk8$5#E#?%GOstYtAfKbn1Cijd*t!OX+VUfWsG%|KZGjd%v3_S8~ z46h1Sszx4l^B0|e6M{T&k3rvsf{@S4Y$;%MkQin~pa!vyg3z$xV1y0_l0i#mwj5Gp z`gt~hk>L>TjXXKY0h~59EXdJ717Zkk4rbEkSYTZP4Xz+eHke6e8?p{GOg0#yvVnxI z20EpkB|kL7afHzZGbwHCEDb$YGY4M?FMseO9o*OzH=0*sJJ9=`x$v7yK*Q045t1HA z==x@H3269fFhWoR$)E|37*N!7L=Su{;$T78s1sz(6uy z#f=Nv>EN*l`eV?>p#f2ZM+P&AWGsqDgP{nE3}&H`v9q9&Zjs%!KH*{DA!`7fm>=j$ zXFt0&EFfn?CE{(y-$ns(^!mR+@gD`p(p#{7U32qN?`<_w1` zLraT@mFF6>-V$o0w!A(e3!%>2rf=2V>V+0(-jgO^& zqTw%M5&j}b22GDumuN5uVIg9fEJPMvqJa*C%7`1mA7Dj_72wM-_Nv|QhzA;+Z zGgJ#SBt0zsiGBZ3k{*4NuFd~r?@9optgdyy0YX$7BT_}hpFtsD*4YUpGFgB?Hj}W~ zDoiqyWMDEg%uEOYrGj9o+KO72YPGI)t!rJnt5s`#)~ZiyTYXlowXI#AU0&PQ_R;s9 z`)~LE=g&WrOAy-{<;-L<_x|VJd+s^so_oG~`{uq{4JV552OE%I+dLn`cM% zo|9CIgBr>>c@S~F*foR-W=^&xMoQLnXh2E;%9TzGM(A#w;SgO-4P2aj)pJBj${S%) z5AIyZGPo`g9m?)BRM2r;14VQwyP{A*y;0Nb=38DPY966nk-uyYKt{!Jdrovi&b$on zAc}`^k}B;BsHun+{VAeS*|mr!%v@GGAWn9jlidz|2gM}&SGp0&#* zqORGEi)L7yO9U2&Ld2);{@L}CmCCm5R`oIk`IVUjc5MkB!a~9>5#SsOfn^RjcaW0U zM$bxfiQLbKLd3Sdh850AI~du$WjW5c$sS3=y2vfE<|e$KOTqi8ikVhtR+Cpt_SH3} z2r$q^z(5ctit01zH4pDIy9+q)+$~}W2qNfGAcDjM=Maj(1YHCZ1YwQi`bk8o5=_vg zzy!JeF{m!Lh|@}-L6-s=(YQlNrddquof!ne5;e48Zcm5Bh{Tm*0fVdG%0 zPwNv2Y?pU*(kp$Pd$7n-moRWH1p{aIV9q>erHtFB@0spr_@}$DL9;v}h&~q~`asyg zZs*2I#5pB|ol8O3(G0U2ue^M>v3lcn541iN9ARd<;X%s7Ul#!ix(Fx;!n&8b#Qbx> z{<;X}&_$R-5XKcZ<|0~^(19+~)rE(4*s!x-#ksm7P(&9&5kU;YmWMs<=v==v*wWQR z`cHmGHE=f7BVrQ>m*`TjJ=ABrh)p2mp)22u5A#_skA23y&+9J{9HonJlpxyh=i2YG z)-AN)x9cC<6`BZ~(M51Z5RGrrHsc|-B6vs_;UPg7GrE!y0Uf#sbO@rg%dS_)yrMJj z_~(dbH)Lh|bMspSM(83KA&9x7M4~5z`*SI{KN|d;g3E$_#+#4mj8M^}PFs05cQmJ@ zMSzJe0w#iJQZa7QF0u$9XroJkHgeJ~qVEZv=u*&$)FwM=w>}xpwn%D=vo5uTdW{!c z5oZR0-7t=b zZZEsDo+SnLSRXy+5<%FZ5b-1HTO&W*FpGo-2q5R;0CFVWxpb6SZLm1HAygxRlyebM z4n&hUVugM*acJ(N`{UU~^9$mM1*#~d>3F4jGU4Q;D?1Qh&a@Qx^tr#@Rn z@Om!7>wy^9(*#eR9-$aiPBn;iC&JkHp#&N2oERvyc80s{8f`}mfT!i!kVO&|u zq{d??o}km}kvmOFlPT|XCX~v^ij$7Dr2Oj9RHw*YdoBVGg4l2;@2y7iIwS*8lKk;; zV+2vSL@wn+A!?u5Srxe;&qXjr5Tkh6ZQ$ZWLnIG@QjrBxJTgpxJI;&oizr-zIJ!89 zBk2S?)uj7RIaUhBO7Ydvp=*5yUWLx$HM&cxkY?rKyo6e#vihHc;>6`SZtR2`d7-bP?Qc2j%BbYb_sJ_lttgZ-1i!c$Ap+}k5v&u$Fv>iyxCx9$x6%b)n*S?uk)exl zpCE<@;vodvEwvC`5$vRku#+I#GdMddf}eB|eiFna8zRs|7eNz2G}i32kMX2OTSb** z_r?&Vn)xvj2`vz8(Pf4$x&k5^mtc!1nOA#_n$8|vWR*;pOGl5zz}k(AiO>Aeb1o53 zCJIp(>WcWE5k2P;L2;rGwcMC`tT}uKh@Nu=L{vM0K~a*4^C%AK7`z%gAv0#u<`C`d z@G_?YL?D|kf^34YhUyw$1Ow?J3?zuA0&+QB*+BqX)n}y%a++Bc0+)TCxMtl%(3LJi zSArPY`tJjVbBO>oQHc6XkNB%DlilnvsbCowm1B~OX@NC{hua^2EGnL&S>IM*IG4yx zl_*5xVqX4a|>g@WEIJivU4g1Ox?P!lGGzw+IRog`9ODW0t!t-^YZ)bc>)cQHZ!P z`XTDXHlZ-xRRS5IC`1o18h?6#zWj8HpfFL0>NPDt-6AMV6r!s1<)_+yyBV9Uqeeqv zx~l|MnP;x50v7TY{3w+Ipwg}~6LNKCf~5)*}}PFa8GictiK=_Vv5 zh(V_8M$*a><}k@d9jY$}-6BX#6e5OoADx?@BKJYM35f|}nx7(^r+#)bb6rv^>-A^v=A@4^6t4BAvMf4lf=B1^cp}s!a1e5m`unWdE z#jwOiz7Mie3@WJNd%6E+c; zygk}3;@MfpUZ}ygUcAx$wRcgi#LvEj_5OH{GFi!9oIC6mLB^sGb-Yo>=bCFD2shX* zg2qK5G*?06k}2afo(L4yO;A`6O-)5&=?ItOP(G^%!NTg_C~S*ATPp*j$N&zu0dZUvyL zdps@?hn!%pZVu*}$0mkRtJ($?S|aiO4DOVbUzxrJ+Ji2gtTI?*5iG2mu&^L`%Z*hK z$X3vzgvNK)u@`y@=d6j~Yu$ve1<9M?F?6)yLOBMf8LRXwSqgT=%>BWeE)kTln^3|a zd3VSmo%tf5VmE<`L9`ZfGhYPl>n5}>2&+$@`64)3H{oPKSXFbPec?!-?PTZ(b_Uzp zn~_1HzN3;H4+3a4H{oVMwC=H!zSWUbv~R>&C%;k=Ti@^C?JC%xkjqaB5%{i~;JYC5 zxZtj$XdlirdtHn6A_NM1@0T5S9e%o+Rmk?W5@IMC%(RGUehf#>QG6%y%(7tX$`+{fGeH&!85u)oBxt0`# zs8zZ-pdri8B-n?RMexFI!V812F6L&ah)p20uUkR;Qk(21OkOk8t^#X~`2Iq4-5!CY zD-@z`(%tu5QKwN_dH@hzw+OTtg}^rlEgmni6~PO;2`>y{5?c|puba@mAO^&^5Hb`yda#5|574m%-;-6jOFEfCW!g55(AEUKvCi-8>?sR=txmoUh!C!ZKg!rW1PLcwLg>7J)>g z5Vc&lC(IR6cM=aU&D$*kibf&gNY?mc-((z%fE%~zbBMNGnzviz7E=_WhMKL32*}z^ zAZrj!e%UD6Y{iawwf(`!3wMj$uZlv{IYt}!?~@nq76GKA5cQeS^5zmM^VDOBgE?l^ z!7~_RwQTw5?(xhEcZ&e)QHaJxc0=?9um~vLO`v!XgU-k`#FlzP&z8nuvtL+Wns-?_ z8!ZC3cN5?qB#Yl%D^e?-ZNoAakwv>pQrse#e-xtD=pG04y!vA&x>+{MoSrL!^>-82 zA0(@9i6e7*t_WP;O>ljXtOsyzvJ*NLj(lwCJ;D?fgw(&L_pte0)2z9I(3;6!F#(2?+s#L&u%2G z)?qoE4x@sxK|bv?R~K2xH4mcDL(QpTIkYa@h%jG(V<%LqUNCA1KKDihTI(ig zEr`}9%8a*FR#{D@{6;$eSUSzNiwsgFXH;-v7R)d~v+D!%gXc>%whvU#Lmus9WVZ-} z7=@_IWY?I}P9pGLH^F;BSod?$fKCZ~8r@VzKR%$Q;k z9uZhB3Q<*hEP_VSc6ZoQB>)USA$p9yK430_aq}ldevx{DBVBVwpfYxLZ$v&>F$>@3 z5xH*_g@_f|54Ya+QMawD^aYzo1kQ^>^eBBRH-DkAar-?Y*j*GNR`k$?Zd^Sg&|4Hj zeG2qeS0o~cTMr>_L3EAF$;Fn4)St*mgNalGC`g<~N`j%tgM22bd>*MLJXR1yj|h4f zg@`R#zh%pbomm*CBfLE#7+w@2wsl2i$7lyTPmU<-e7mn2(Iec%5CH~z2p9}vbj>^> zz+e=js&oZr*9h~z5gj&~V=Zy;wvFr)|M?ykQMd#y_9)_K8!-dvaWdl8M7=rBKTbtqL%A=-ontPGf~`c8I3boIa~JOIAy%D z-&4{4fs7Q3g!;0f+#V5#Eee4n^}<`G+EqhNywQ)Hkc>s3jM3H{6WcD!!XtwHMImaa z*|!!!{CWuS3!+WAT)kxWc5}4dYUbsPz~(+o&m#iZMImadZm_7W|2|0*9uWvI3Q?cw zktOOg`Weei`Y>rC8ji#>r$uYk^Tg(J5kHShU`GXoXk27xM7O#kP-+iBsX+`XAlDFE z#v{g@G~p4!Poog=t9uDd9zk-21*~|sjgV%?5r8M6D~|Mr@@R062)G)Bs5QC+p|&R1 z2;_b8h|!<6g}uKoXXzP4UmynOA@ns!mb_Ar<&pt7*@yl>d5;Jr8->tp1(L1Lco8(V zhtSv{mOW^v*t6UoQ=*PX1kjB_#EsDfQD=cEQO6^4%P|Vk1B`Z`9>7H=L=ev&LOg?H zbt5-ABC4Hm&mIN$to8%F+Ko)Msv0e6$0GuuMj_(KXe0RU6ItyM8rq|vp}8&-*u3x% z7#hSd5~K=5lXg5JIBFCkF0vJq-N1%8!YG5VI(3;6!S;Fx+Y4e~&u%2GmO43BM@D_h1!6>CzaE19f@lo$eJP@c2>a_X z-}LJd0o;*?R;wgi*TbC7!M9!D)MF2!fkEDQ}o;+1a;j1!L$cku4ZPM0+?yG-vrmFv=dnD1(^0 zUc_<{#@NGQjO}{HN|Q3dJtzkxmK%=r_lO{#QHWY6d;Gdh6G1$C2=NTU`kdr5kBy`; zXudoTH1vodjZuhLKQtyr1R(4ofG~*G*SYk;7&`h;A86me*Jh{l@g+>^7M({7J~zRz(sjoHA-cYrq2xuMFD zS&EaNFAqxopt^jZw%`l^a8Ye^_eFra9s=%yXdRSmx*A(&fA3$mHO89Vlo%j_YV{DR z6~w?a)te(EaPYD~@*PSAxk3rL7*6dsHl$UCjVlp|u7@DHAclT{*62jnloE@)GbDnk z^$?~O#P9$+ufr%U@2j&Xg0l4x$`(XxAE(JgaIzl4$%3%@bRR|p5$hpDEC{RWz>jA2 zh@fXth7J;R>>Z+xIRHU!gS(%Q6 z1{3j3k&()DVkp%csoa|EO$=6s)0G@HqM|pMoZ}%}DhR92P7t|*&N}WFDrm2f8jwJh z!rkBWLf>W(FD?aL1p4YB=qm_gn~T+nU|&6ieFb54k>Sp@L))Bg8cb%eo>tzlM$PA2 z5@A+73TAa2tf2_l)k9!cki18_acD4! zP!=egcVrEXx59fwpsy%IY{+`hY!F2Nr5*y5f|!O$1W)QAJSj;2T_gwmaN9;E6^UqZ zKjn9=+ju`#1k>puOecuO7iT3!0FNF5Jc5|JOeEe&ct;O+ov9U!MdV^p51}7H7>|5= zMIw&`X!Iz6MtvrWTw&=U)E|hk>%1bMKNND-fv~C!4u)3*Wrspk-9dFQ5`)Q5FBXFh z@*CpZ(LyUJ)Q23Q^6biR={t%b^fe zC3_rp4uB2X*ee2!Lm_&wJkjkQ%=yA&bc~zgLm1gmCbBe<8V;qxX=h#5M@*LK)1^c4 zURw_+MBe~tpI)d`nUu#-3XQn54rSY)(T zrN?6IMj~4Tq|{J6PB2RQ{c*teZB~z75lkQofpIe?&?|xoL?Nn552rNH7&T`|bP_3B znTUnbP>V!qbaV7V3;QxrCUl&4;1$6Pq7bnyYfp0D8IHloy8>R!!PwGhikiV*6xOtX z< zV12FV6#*ln5H&)!3A!2(0V8?|j0nOckM%_)Gn9&}UBWXe;NW=)(+9$8=ggJJEuUTj z^?|UuxJC=ObY246fv~FV20U9=aSs+)%6SRv29oo^<6y4pL%o~K_DcJV7$`k-21^8$ z=Ot7g2_8afx-5#I*t~>d1JU|G zMCsdDBN3FCmr!CLqwr)mN`12VVK1z>y?wE;R$O-q#P7TWqyjOIjEL4GAeEN`Qc?Ua zPrGUE20lm9D}s_jA!5cD;|nLa)Jv}jTnUA!T3H3t3{-y(z!sO6AFwqRxy8{-I3f^D zXsIdZsChSPd&cepWep`~j75MyUIPArXnb-8Sp@y#CG-!7N#aGIJ6?kBfM~2Kn@LLN z@eLQaUCT?j9S~MK-)Mmi054&6K+KI6(HMl!@tW@?^oqc0P>8CM{VZcNNaTJ&FCl6` zSR?I}uDF}h72Ou0^X}wVdXQ}%cs$)Ke{(sG*oj3_w1zi+LRHvjXoR$~>N_f9@40t$ zu8PJpB%SKJJf71TNe{)a6bi|2s6^J1-7Vs_5<1DNpp!TcNCac#C5#aWF~?MIZj_VK z9Amq5qbY(V@)DK^MB{>3F>j}NMLGsT14PCUV`6%XajNZbFmHnz6j38OE@18jc1yMc2aKM z)3^JsRboD;=0q<2^AgMlByWDl5trl@f#IMKF|4nWswF z5kANv0_*V-tOvwU@gW}*mYqN9pon0Oyo5OdVeQmSrU(YeOBf)KtS-}b;+y*<`2bBE z2Zz%&8C+1J9e4R~&CEaq2XBV(Pd+qmQ#72$?!0<{8^@ghrqoM-9}vc!aWkIHHHB!r zW>TRokyIM24M$?JGD-binim0j+bybAX#!lLt@vAu~^sq{a>rjv5z!l4Zx`eSfN)0T!cc@Df;G~K}c=R#5_2i zf<-}Bcd)y;VSPietJ_&;{GCS5)=nD@&I0@Hv>JeXq_asrxY-i4VkbuC;hR6-v=k9R zba@HU1(GGyoWT%t6`J3 zq)>Y-OrNQ#V(Qf|-HGOSI+8+OwcV2~m%Aa>%4P=B6s>`cdsZ@iBX0ndtuUt>x(#s zMG#hw7#ax0;i&|e_tszeqrgvjzLh^$;w%&dswk>NP>5Z^H(c7%XjUJl4* zH!%8?&5>(k4s+=S3nqd!=4I(1}wfsk5+5V#Yw}Dn8mFa(|+i?oR|^BTvJX zYZ(WZ`rsc+st*b;3L?gXFmGNn=FKaDc|#$pO1B-hj#}mWrr8M;={-S(!9(H}Bb&D%|>U3)%f|2tQMh+w&PSY~>jO|WK!*s_2 z`mQ&TN=14z7V#+&gq@cVb|5zFC>@Z~X_4JsZiR08fF4nr?HyO~T37_x=Ottx2x|g2 zI3nv90^@l(FrKQ^^X-H2Jf7<_#Kj=PUgjvyM3Cdu@Pz#UPDDm86ItA5Oy z$UN+#XjWA=smvWv(rjT|Wq&||f56;>5F#fg8|D)MJ)#gXCi}fPTm#P6s*oDUZ3$!3 zQTAQb^|0c%sHRrx8M0zjz=QP>h7yDgOAbcYhZFI6ne~cqqVX~k$y5-ubTBl6&)~A4 zPho$DQt9ZHNNmKSLj@G3j{uq=`S6*h2$+<_7Fs-$rcE^|kt7sbG@-aM@U{}Y>@Q&n zE@UtK8Zd9cs6c4NM}SU{d>HKuMPqQV`pBgUCn9NyKA^2OX*h(QrjCS1E2Vo=@E(Vf zmY%Cm1UrdB#AIGhc4TW58;}XPjZb=jA*bP9(qf35VcGd**Ff=$voh<+DFVs#5hN2NA7+OK64EBP z{L}F+^jCB?p@-7CkGX;0cK78};%=<}aw4 znRG3r9k5cy8rDB)%uW0nq7_^uWg%T6SV zopWuV9vH|Xnrw@iYAEF#6`u&w5{0M>^Z-mQzirHoR&R2GZ^v0OJ+R^vL3N@Kv2Aq9 z?Ye%1c{LmOg zN?u)0ODb2_3Hit{7k|n+*3?d9)cI>zu8M$UeFTyP8FRmz zg;qkMr`GqDD{Ee?MOH_IiS;R%Sao92D=*d}7J~q?J_R7l=>U=S2Eki>CU`5c$XgA& zVMS<*lL-Dd8lN$3EOGUSNtS&kfNHXN11199^$~OzBuoD6Ri-Ncyi5s%j(mi+1sUVh z)y8vA7s1f_2tx~EcseJ|A~;$f;b=h&b@Jk8ik{j@qj`$+V=V&A^%3+DMB|NbtH9>3 zkD$09tUi6_irkv#BP1?}#+tnT#aUf#iD6pA$#D!?ZqjHeT0|=VeA=4ix{OJjafRP z(&DKiDvGeRJ_TDl%2RFD&1Uxqy+OQjno9&~>m#Twh;gKB*wAV=(*8@r;WhPz&%%#>fGCtjFN-u8*Whf#=n%czrc&B#NReBl#;HKPzUQC97`?h=6- z`v__bVvsFGY?)sP3nnkSUA#dOxt!2PP-Ku%A7v*_ymy97PtJ3r>NH=?n7Qrqh?ofi zGo$3eU{i4o$_)4bpU8EJC`4T9Ni(DnP2BF3=3O`d!1#S#pU72*C`1ey%?ZY- z6Z)@IVay;wBJmeONBcN*H0RQY;DvpJ7Y5OW+PtU7rPZS94A~ z*lsK(yY&q*AYmd=A$97z#L8kPYLT_&6M@;H5OE|cV(aP6G?LAv$=iQqScH6m7sgeO zeZV7o+{@IkP8oLLO@b|AN(eaYGXaOGUvf$0fqRPExp^eAL?L9d&jOj8YgEl1xt-#+ zywOteUU;1%0y*{(S;-T{<}(E&^Eg5nvf4ixJMP5V>2>M^IxBL%n>R zBKC%`!amdWd}en=1byox^eu>iSsDpVfx&|t#GGR>0C`^0nqS&Dl*a!0AdV`fAOSY9 z7a(B;n>qs-mJKBh-~a-tFB*@g2O?q0 zZOIOCiNIie1cL=(>}Ag@joDsgkKwk2&_E;1!SeA&OUwwpr z1+n0Z8xIlHN$6Lff_^2T+U zs@r3^$w%k1a7NHC67C=rs82zG60`JUr#LJbPRnQnIz@)EVfeg)ER9mmg8Hm^JntgT zH=#~_9O{&KH$2>=5IHt^FGd7N>LVa2h&IriLK8ug`Up)5qSa?M?tT$pk)W484tidiZY6t3fDj>z?XJ_3`17@8mFOX@rLKDQHN(XGAh22<+%nz>Zwci1=FsPV|{C z#q$M3loEjlQId7Co!nbZE4>vWP(U9+0YP#;nmc}CjCT%M+$U?-M&qJ9$0^A2mqYYI zEzs{%@rj@fQHVN2R&(3AjulCPCa9oKfeMnk*WAdiP@E2s>m7(-p-4OWbYq^>Ga})1 zt!Uo}!>p3yOMg<#Gs85d$wkigctt>fJ^}%P$fM3OvDJzVtcJp2TEr?K%Gij7V=Hot zpO1ipAfr4!SHOu4H%@L=M?L2f77o|JOV$*@8Ttrk2*NsmdYpc2Cq>u#U{_aDXLoaZ z8`G@XZ&ZbCYK2H|S%-^r9H?RWAhWNFAZN7BNdh&L%tXRY5+qei3jZ3OVaQw4P!Ye2tkWy8>!vALG_`PHNxGnZrJQf`+TZ@?oA|wEIO6 zpD08foxj6xw%QEfiaxaC_TZ&J+dWleFtlJN+d|WR%c*-+5#iIM{UY~*q7aRTadpD_ zSe{x)ezt3~g$u?CbDGyLg1JQ@V#{jb;unF+q7c<*TDbT{E(Ap(s!BJpcKriM)C{VH zdF49#eXxOkkxNTah?=X%%oY2mv#uK{zsTjJC`1pCjg)Sn{34K36r#FJ2Ffo28bu+h z$`qyci@-rq2vsR?P{X}5ei6VX3Q=`RRM{rpDZa8&_9U^vG3uq;wo;E(lb-7+y3+EC z+|-Fe)H$*~(^p!45o9L{QC+$cvTL)Yk78GV=~p9;)9&jc*2U7NGzPN$B6v>}qK?rc z?|A_8vYIRBh!~Qq{URt%6e4DHeN0Q95A;e;j+|=#vtI-bibB+CT`g0q>Bmln4s=={ zw3Acpm=+Oy&5;_TTV)o~`3C<=1Z(TBChKOx+HylL5FhjtG!{f#tI)8Qm)rHBxm}#e z7D2lD3F!)=aln~v5s0auAf_O!KD~29Frt3Kh=ORW*>#I?ZDF62Z<(fJSGiekd6!rO zrRpb?DhO*C-{AuLw0;7mf|xs8;H)k`;VeN|Rdb?!;Ygpo4r;1jwai)9NH0`|8*YIu zRX<@TLD5bt_S+%IxvDhg3w%YHxSsfmCs{RFlIVdF;X@Sh}nW6`U0iMyTTX)Awj;t0gw z`~(mM(Rz$}&F;C$6i#-*Rh06pEV~G}N|HI!>K8$bq7c|o5Tkm_M1Z1x0*ZoYE&D+G zg67i&{UZ2N6rv^@gE#_%Nrx|$o)WG+B|QJ*aW<~@YQ${f^4Tx3T$2bq#vK3W&8u6) zBogM8bCJKnE-^Me!bS6Sk0ya@2wPrzpoZ4yvd(~q6Zl5do+hx9MMBGm>0H|5xM znw5iQ!W#NTu;C~~BdB{;yjm3TI|%jdS5V(vT_Rv@KY_JDm~_pF#KX}(-E|PbGy4h8 z48khpsuIZ3@DpwrgjJy(2WTUqK@qbCXqeEgmGYKqM@(U%?_< zKS<)1Q#CaWiFi8GoT0-s*{rmo){I#^NW|a}fY`49 zh>Z{8#!w*X%uhgI5GG{oK1o|0!S(VOGp#m3Cl8La;ABo`o&KI4%SDnzE@Ac)%oxNx z<3uzIA&mVB!q^xJ5WyDv30n*zPhjC)7K1R`N0{0GL&mNNC_S^3Grc0vV?RNUK^Xts z@>&E6>?bHN2&;?CH!Z0K)vL`jiMSyxK;*h#KVf`9v?tJ0@PwwV10jH)aNe)|K6FRt z`tHtEO}KYkena(eqA7yM^%EW!#K4lg`N`KTqId|N>*wIPoE;Pa#`*~u3&J?nHHrwL z)lZ045UtUwEs!)cJU|{GD4E2;9f&*Ew zDWZx9H|ke#qqc0OqjX?&cJ`xR1nr4Jc&vi<%zmu0Nmp%{tRi4eKY=+xG$CPqZ=)i| z63Dc=l9HQmA|O#efkZ*_=6B5DQMR6T*0C3Q3eT{JZ$=1IzX^dl*a2a-J;18t5Z`O= z7Xihh5VciSv%2yUfwB4t#tL%q#@W1&mcuGp$+B>ajF%}9CzP@m43+8%CRFr!8}g+D5r1O^{QEp4JJVZi0daHE{I|35&N1+Ub}Yf zFzjuL&R}mJz$M=UIHm*t1KvK=4*-DF47h80fL?I_7r^c*3u7z-!u1mf7lg5vZ54@0 z`q3DT#1ljPfZZkl2=2!L_HZO{FdrRgpUFfcDX_=f2X;r5h2a*#`*-naI z#K;g<*RS4Gn+4U7dxh(lE?`L@jPU+|m1ZXr$W9-8^CT9A3{?`NHxc=AXn0oinFX^V zK?K73`qi6lb2BTurLs4Q`wBF7G!`MGH(bMXB(?>&11M)L42Jrny`gLjj9&!ii$cV! zY=-g>IQXa96%c7DvUw6K006fGeJWh}X!`pvOg6~Q$73DXRc zrGTj!Vw)R)jT5v&_B#i=v7{mhyu?0MlJ^!N?}&ak+7A)aN9bw42|dk^L@xyeZKGQ) z(fB539Z~9o+?P$q*!PLDKGPaXHGGU3btdO=iD0w+gv|!A91?0 z`IS9!wtd9JRQVvS(S&_dk_>|kh+N?7CoDL~sQpEKHijv-G}zK5M}*irs+J#7k)S?7 zx&0<6H*v-P^x%BnP5gsIY%}4u{Tyzae*nGbB1R%OZa?9;K`gtPuUjO#MZj*q`MO%a z$aS?SL{()cxl$L5s)zoIqN_S>}mZjUnELb)eYm^V%nHsOKK*zkQ~yA>;s&LC*fvE z`KC$qTOw7bekIWd}&mu1dC)1VlinC`8Y;i+_A@jYmKP--<%iVp9Ts zKm^)~LR6JeMQTIU%px|jIECapUr7^@vZP%+T(%mik(kTM;#^RbG`MhKk``hm;0*={ zEem3!05o2i*i(c?KB)vQ6>a0m9Lbw_?0QM|SNUd)IGx;0S*sSz3Is+1gmneUhgoBk zOHtfb^FhEF4G<(2#DXiO0TJjh3Q>KsapLO|u^j}+4Vdp|4TxYyQHZLN)xRN= zEl@3@MhP#9lCoUeM6|g`fkl4c7&6&9QjslK$AdB{)-%}xB4|?-BK~DfyTR;SWibC`R<4WHgp9qLtZ;C=xv!1xe zO(T(OI|BqK1z`ikjkSpDN!ZW;cdw>q=`@o(PPuFW5v(Z+5qqOKn;Ns@m&+CqfoY-; zu{oMA%CV{BvPs>_&OVF9WQQP4dW7;_OXrtmI}su{&;a2;L1a~zwN0!s+k-8AIABmv zNJy}_^f2HOh!mg@J$$rqs8#x1Km;p^LU@kpc1^qOMw6#tyNhP!DCkj{fCwNHg@|9H zMzrI19MkUtB5+C+B8H9HG7s195U1Y-L|~67L~S((B19060YW^2XttFtgKYebaZL+j zHx5;0Cwuj!u%xj}_X>z0Fj0saDZ7lieR7LXkJz8(VRo(MjJPV!$r3^8 z1qi7JVi-IcKy|IfD*+KFlyGDL1xLp9n~0tz2w6aZkP(aYlgIQtM4L+i5oj9j(K#}a|Gi=joURhNmNY=XKoG-#9AX7yHRk!mb1jcs;I_U4A~&L<5Ot8ebfFo= zE&4<*Gz}1r5rlO(UzdoXAw*%oj3^9<+*yi3RF&+|!w%+1K(h~@*iC3cb|78?N_rkHG@u|txgiiy&4k_zm@WeSXY)k8A}bcc zg9a?_5jA_FBB;**p*}%Ob3_E#86aRMNZyic<(1^tMBFYHI}@Axot`{4{bQ&3t=P-Q zX|mh(s^X6X4T!)|QHXk3H(s2_;}b}?3lLfq#4G?JOA!KN2DlqaUMSArsV!2sa}L0Ah9g;ObVWoLkpi6D$=yBTNi zRCW?RW^}Jo1b7%A;2{X(jPoi*kb(h13WBh@avAaQ@G3>Hf&sz`g5<^IzrI%~f_w}R z@)3k}p+1{M?jQ{iE)hf<4NI?51VtDi6d{OKb54QmY>sDW=R(;&VFm5xsu={F!*Gil zQ_Bbhx3uz$sCGgy1{4G%H-aMmE#dzHCj8$&hf^x?`cA|jC(K~L0yAhQHSg!*#f}fN z^z!Q*k^5T%gg^u_%r}~IW*=Py3K$?LAc&!I&b<+V%LNE72g2&q=YYr+r2)dVff(4c z>--O@5HK7fr&~nsObrnB4kYi+uu_aUbm_lxINm%l*_iONQv|RWAiyGsHYoh$5s3y7 zNHJgrDF#G9iYP=?>EWLPSu+JhEEqu-0}6DJ?-vo1KuE)YiZramp%-QaX zH&Qtq>B#^spRSB;O;tMUq?Waviz|b56-A3Hft-)k6&1X1KRuyzgxIK1Sgc5-`YThB zbmcg5P*vrr!a;8ZRrtZdMC`TNRmEQEGyD|L7hFD<&r9E{_PG4j1(J6hc^I`SoU0c~ zNm9Y4NPN`q&>uqK!KnQ=Y>R(T|2XRSH>~a&FBuRRe_W;U;rPEFGGjabP4P@B8c820 zA63;=RX&er^!e{M&wroG>nf0{4)nqKl>axM|Eg&!?+L|WzAE~oeU;S})s@{t5oyIx zOp+E#uIiduT#-t!Vobfq2^q=g{qt1UN9>Dp9!Y#9(|J7I<__+Cx_tiL7 z_e1+H+}~pORLA(;Ta7 z9CZsEKXy9az0R>?wPW&R#|0N$bpBb6Z+`RZUrafkI^WS(;&^AS@kg z?AS5Gv44T%>Y0vNGaQpAI?g|T_xUp%OP4k-EpnWHhGXvBljlx$JT=Sl+;h*?S2!Me z=*u_89gpL=ec`@ojxWx1{QmcUeEs#;a7D(pZD*fx#>eN*bok~vuDIf}vu2%e_ZCN6 zTT4Yn*>g@uJRZAlqhnf;;~l4C#ze=DFLhke=h#x>_!GW7!?Ajrqtoa3fz$EM)s8J~ zj%n!I9>;SRIKB!diyXhd(Gf3k{C2KmM~P$qTt{7z?kPQUofHYgyr{M|JZqjM=$vJ)A!!+?N1iZS@HSh_ucs9g~z%#zV`HeH+|<~so{bX zn(x2)yO))A-SP47-haz~Tv^ro%;%dQ_~Q4j38deB?Yj@$`u#5~Ij`u%6`9iF)-PVV z;LH`LKKa=6;;YN9y?XlUPj)4zZMk~r+)&x+8@_$Pi7Owv>qid^{O28K{>MXKdiCMt zPj4(=@$lXMbgj4UOD!L&@&}pYAgEIGuO6!<^G@j z$5rlIzwxW|Mg8BOcG`LGv|Qag=dtF*ZS|$0%DawRGUM?}(sSltw{FML@fV)`+Qa|- zlShAY#q0C8wG6!Q?aMxP_MVzw9ZS$P(J^iKPskgoH#<%xhc+yF0 z7C!gZcTT%z{XdGIi@tQuq!n*ncgO!uKI4|c+kX75zUwc4>DDFT^PO)WGw{aFH}6|> z^tL0bZ+qjsDI?E6wR`&NA1*y*V$;x+;Ow#`_o5Ee{A>Fh0{M-be<>t zRJ?HG&lh8bOQszCy7T$t>W_7N`;;l4JALWY+B4qyRPefs{--av`Jw2o z>lz>TgzLAz^OduTZh!QRSB~&^FTddAIURfFUOwl=4HquCd~MGS$M3uGs$=HtJtDl! zIq|Xk8-^wy_xN|NO?|JqYYKrf;`Js1jUAh09S<`=Y=dVYk+xOht{m5fCOK38`O%}k@{79NcW*oCduQzX+P1qd{P=mlzyH+mH*R|Q=BK_iXLae^g5mczl}>!J zD17*=V|>*UPWZ~K|6LL6Kl$FhOK$)2<~=hDFFAMD;cwn?`JUjqi~eVGaQ5&CvyM4t zZ}Is{LVG(V925HVh4*}A=9|}4HvG>Q`%n1BpI(2}{rz8V3;*G{z^g}m`Ro4X=l^?e z@gHku&!4>{`HW-VF^(zHF+NxDl)*QaJd=58X87j$M@fCfC)}BgrPfKuIv!s;_|ZT9 z>BrxC`My+r=%v{g?0?q%O6<$ez5VVHe|e+$XJvoz;e3*UX-{@Yv5bOetKx z{)SUFWn3%1y>*~!)3@F5*Ch|e{$6wR{TDWU;x`ZVzq4Y+H(vSM_P4%& znDq5RSLK9RA4wke`Q`6j_0hnDxrw>HtFCk02b#aoxm?%VKRb6d8Yw(HsQvhow2KKu`Bj%&N^iQuWf_`-i@{`57+%tp`t{w1?s z_`JVy&tKk?CIoukEV}B6FZ}NIbEjtZm8|Uf>eN3SKI8Ud&kVMCZkT)XjiF<{y7QRA z7e95v*_(H5ee|mO*Uz0;wEOU>lNUa*_Kmg03txQRm3SmHVZ!y_cGmr_ugkIIBj=Vr zaoEhw7ne-E`FE3dJ$>3cr(W=dUxwzKIdOOSy8G(C_~`3@n|x!@%By!xNxoMw@h<=D zuFu|hs$=JQ<()6w{GHD^ODO8pzxPnq(>x!n&IzPvWIuDIc~7hI=K?L6tidHa@J z7xX+aXYNr)9(PpJ%zc-%HSTr)?++h{?%2KQ%A1SJ3g0NMX#2(Pf_tBwws`vP6Mwy7 zvb%K8!dLu{9sluN1$~R2o;~YL$D-d|Dt&YR^#7=xa_RTix6Qry@2~!}YUk2Nn=9VF z>V?e7?pvbI@A-Y(^;7>Z)G%S~^Ly`Zoc5#7?>p+PsRh!nmkmvMZ`JX>j(evcJO8Gm zKfC0VukS9N`|HxBf1AGiw8u)i3Z8xG3(2W-8*lp26W5$rvhV1~ZB3`V+qLYkr{C6e z=35=}ozLDf!+qOnC*J6--F5HE*Lx0ITsrB`8y;J=a>coK&iTcXQwoy>cb)!p$x9bV zD_(8B@RQ$j&A9B1(_0fYYd+t$^wyU>rQKgB>b~`xzj6o5-gbVWx$)-t_uRAW@|VxL zOpbi* z)i*2dnRD;=%D4aQS6_eX#fMLJZ0(*GSX8^`M~`nm?v_3G)GXQeV$&-ZY<>R5mWz|u zpLg~v5B_*kV(a=vXFXMPil&^K{G!zO-7Ja`BVjDVedStYgF8Yo56B>pQ+w6+i6MwU1Z) z=gyBTer4~queBWglPga?w_x{@i(b8FZupj-DXX6h%$x2wulU`kE%-#Qn*`lDxNeDSvJ_be`cb=%y} zweE0Te#wHDpIp7}`E%ZJpTF+Nl9|u;)E{@kAAWlOp9g;S#eo;6-*J8LsC0U|Z9k=_SYXul&_HFV6k`gI_wQIJW8hFMlrh$i)K_2cFz^{L3Gi zI{c}Vu6z3%zK=ig$aO<^eSh$%U-)(%`JXEHpPm(z*4E))rpx`o@HHGj>m% zJag+EMc4i2kqsLPAAI`R@1nEofUPzpX&Ye?1jsxU-XYt+7J6tRrhUw-B!8jw^vMFyFt3LdeM)!KlfhZ*1tXe z>n+<}``ihePP^=HZ*@NR$X%a0Yv76{!@HbQ&OLc~aH!yfH;UH0F;HJK;hkS>Tqn(c z<1;6I_p+(GKie|>^3$IF*_$ax+iQcrN&WKgKcDp0j4%B88{bZzcH^DjDfrb_kN=%V!f`{sMze*N^5_Wty<+Xt2}{Ojzi1|t2eddF8S6KttB1aiH|M3_LvFB zZ7y2z!0O}QoA7_bvmHmB`_ubQn{@1qnzg6JW*?UEtV~SUT{L0Jz-C8j)waR@?atde zetqlaV}H2wp8g%jmp1-#*^ZIbduHv7mN-5!F<4(ZG-<)WQOV@gg1N!1&rdz^#g890 z`>;t9J2p?BkzBj%M}KzQ^=R?ZwVxa=J-+XE6Q%2SzqV%AZ6DpU?92TRug>iM*~=fh z?>qh#pWJi%t$R)ktzP}dNuSt!eu?9-<3op^xT|yNz2`gLJZw^Dm+P1rHx6_~XYZW; z!{U*>Gj97u@tw!cn7(h)z9q#EtlfFxvBQi1xVz}SZJD2M``MH|vv0fb{#W)sTDauW zm*TT#&%W}H+Z{WnUi;+Gq&HKAk4@O|XyK&bl*hL;U;gCz6RRCJ>@EJk?hE{<%vfHy zw`uF{=E9@yxoYyA*PpRCwDYHvdoDaC{=Gk(^W@fTOPk!aPllF#bjh5pd(VHlb|<$OXgRV1$@O* z-kZ`Jn9%tZ&zCkVT=M+ns~_#0d|%mN)dh#Yci5Eb37LIGi=?yXJbuwx9a7)I;=4{M z`rQ2DYrgxLYZqP-ns9Y^?ey|bUHJQ7bniYl;Q8)lEr0Gmy!*0W3}1QAx})y155VZ+)=dmbH($jCY?}Fa9Y6)C6_oRzjZ_LL&eS?%_{xt%^fw< z7i>G~w&!oGEV_QyjgzN5x@Yz7BFDXx+wQyRn71asbW3r1!>0?96X$LyD0sA>so>fp zf{wfYv-h|MZZ6!s<@Bp>-FAo6wehHbynN%nOD6tk`Rx5OH*Ed*w&vDi$5BfTpS7!C z$9IdjCnrt}P3c`Sd9Y?u)4t+MgR^d$yzwV5+#bF3sJ}dX>&<7}v2FK7&c}9@>@L`M zROhUThaZ!f;(IsddGDHQo|yEReP?cw3L943zPtE_T?M!PY0adwt}LEBZ;N!v1vhQH zeFvIdUwI`H%`8yd-lYFk@d+h?e}%Y?~N9QrhNCMiDy(5pT2L(ooVU5 z4R>w6|L#-nyX(1`_x%3Hm+dPpnNszMiyMl5bY3j<+0PcdSM-Tj)_J6Y35#Y={Oe7J z-!L&&Q~cTM@Ba0IqTjA4d9UW4=^wlA4=>+(>?I#R+EX;Y>dwLUCVl016VBV#d~>m5 z@%4^lGSQ3wv+&C6Kj{daSA6)X#rq0QnDMa(d>{MhpMF_#?Y>rjL1ANb_TT-*8R<&{ z$4ZS-~4>h{%4A7mOSA9*n_M8IZj~>`^*ms+YZ{6_uS@$1y z<$F^WzIT7&eJf^dn(f~gJo1tW-P<2b9{+G^(ZiXKJ-lW6!&|R;c-z+=KKs>&cl_<) zbB}*y*P=&uA73(ILctE2M1#eByr??dHyZ22D)|8sjh?ho@n z)c!k|ua@IKj=4X?``E`H`C`5g$NylCyIS|C<3CQhKWzMS<^NDlpqBqf^WW=nSADqu zr;gFVe63^$DOFI~X;$7(RgKG2gOf2>-Vc&~SYBvlW#xx^fCqC#-ru@Mo&V#M`$Mg< z-~U7QuitH&|GsL!_rv-Ben^68d*3eq$K)k`s0H4S@j2Mf7=8YaPwo%#pL6~j@_)$w zd;D(re;?-m9PH6ADEKh{=ivA82l)w>^I!J~$Axv<`Cnb_uJUC2{~q9fKAivK(*3rT zEMDH-+ETZ8c~h_vN3P8-FPB=|&sg8w*45OB1G3t2R#sd0`sMBID{;puzR=p#4NzNm zcSm{C>8qMo*E$<;u52WpDQ7pPNJ@cPX9nk4Gc4O8sdpfR)1@=D(R895Si^2f4FM*9{O^(JD86mI&7;nt=_ zMduV%bhmdjH;h{AaDMzIZN3O zzTFXA)@1+Psw%hJ=fg3A74@B{x}kGbYrVAH@K~y+Ex5Wq*s1+t4l%TFA@`SHO-pmz zO4~22rf;ZK&+++`8srvjM_o(X+i^@9y`!O^*VeYS@{vfoJem%rd!tcl`#DnO0(PnH zU>vu&u+J7$%HNA8^sljwQOBnZ_opnfE{MwF3H1u-V9oOO)lHqa8a+NQBc+Fu$wW#) zR$|bBMo$c5NYfG?sD4##O)3%ww_V-s4J*4KGi6dmS4VqixAJ~XQ?PqEDkfp#hK$M5 zIg5%a)^@c9TUspt*4);ys#_I7LxU`&@*MDG7zKH7>EqSSUCrH1c)l{STJJXoyCF!* zrwiE+T0)=7S`ro+~9xe-Mbs({dydj0H{y>g{ek}oDIOFM(DcowQ> z@0eVcNkQ&6wV{T&rc@)#w4}^E<18tnsb3zB^d^9XjV9tX7*&ip<_llDGQ8U*bxLYg zW);UJfsquhEM#?5tZ8m*Y+oa7&u$ye9LYq`pzikemSvqym}_mza(!>~+8Wpos;dvS zwP7M;Kaak!bSayy>?@LKz?qUk1+D93O}CvO!R$xwMH=>{OBZRM>O;x&hw*bo+=5J} z=}L~*ZEEduJ(-bMq$ZjP#iG5YM<~O^bQ)=~wkC9EwggMc(8$t8I>w-C7fH(icis{z zV=OIV{oWW{*R>S$YgK1cmth74k{NuXh*^+I)*I0CT@9Vh9oMwA*l(M z#79!`vT|=(HNL*MQhpG#IZV#$T1TWdWxHc>rTme`PD`+D*(zx2TIUL|)1|UQR;j3O zDBepVP3M62MN@;Fk-@~42+jrFUKH&sofnx`TMMH6I=fW)R_VMTuDcpZ3_*=4Z-zth z3|%0VVin*Xsc4$aBmj7^)8@^ej~bL~Q>DI8EFD<{Av>o?0n}$wbU`F~Q{#s2ux^a> zDSSw!aaK%|31F1+~t+Rr$lZhtN6`8?g4C7B-S6Qiu9uql8 z!s1HB;UVKD)h}ykZ)xwWWg0{xtzD~_VrC|5Wd$vDH?8fiWwV+bpqL@+km}vlQzbDcI6o>uin2ql55doTid)7fO13 zHYH`jGncC>tFkZF0IX|5d156Rz@`NA|B7S>aIriYWNV{O4S7;>GnJ->HdC3$Rzx#E z8*}}vKcXu|^S4uIY7GJ4Ir+Oi6PCAAFeKN~vm`d8U-Y^$V+mEzQf?YT=8@<*dK2e+$*Nwbz4D^?Zqe zOeR@ViBNuD!nl#!Hyno84G_3b`3}7|dfZXClnbvQK}C%tX$UFzN)QJ?n0=jp4gCFe?v>K3-d*GTAVm(D3OA}$3V%w z(n)=*c2R3{V*j3h0zFne??CH(BiJ|DAP4nu9 z!r>9AVIY*ruZ4Mw3jDET-aOKmZJ2}%C&!sRy3sOk_UOy8L?~>-Vx#hvQP^BuSq}kc z!w);lbOAIXvo&y{f?*tw!;Tt|`V)~f7VN2rsx3)pz&B1OLvd2P2DPLpT}?Tt>eGv7 zDN2`=PNz{*7<9Q?(I^cFX*7{;&fiR+9%dKnq@u-Yakadiby4-BqOrUIFJqFiC95~5 zT%A+p+X*Y6Y7nN>oVt&X1)3bw&=j3h)^tuBTqXxjaENecca0QmZ;?DWmvya#vy{og zOTk8|yM1L-TaDD%F159HOHGZ<-BNp})Y;UEmA2Hqytxbdvb7bRBU@R;Keuv-aXZm&SNnsrJov> zV@1#;wFZ|pH%M)(S|NCyP1HkXQxXcNE1+X5LWvjwXDi7quk?9vW`^5U&1?kaS2+>U z>O>%@*0~<{I-|!7Qm$oTk;|i5S4DbgKozF}qsq*31D1E2*c_TooevvK5xiWS&znyx z3bRuTpF&+J({8)LcD-=61@>ggoPUvXWG~5Hrp&d6d)DHX2TOix?oS`YDB z)!9<3lr(Lg;|RDIltg4b7U~hUR6VUX(US_r!?lAWbE)*&X2emn;#uAueW$B^RVUou z)^%+S^lLq>GMYNqx38?FAOU^U(zLp%r4|8qMKtQ`x}yDYSzwyuvZXe54apwaMoxfL z^QwKeI1}oLML18rHxeVO-HRKt;kVOoNvzxC-{j@LvcSruP<18@O&$XuwRE$+{4R!z zR-~SO78$FRqm*@vql5htmV)wY|c<*9^a@P2{35@k5>Ub^I)5BP1y^L|%cj)wt6b zu2Mz|GK~cwDxu%iQhKD=X{cI$Ojjr~lnRGNa1v!37UF|FSc_Lzmr-_C6+V-^HMmMR z*s9JI`-)4O8oTE!U&Wf6CX}LvIB!gqA=1yvJ`pAgLQHjwm0z1PkwJ-tsGPA7LS&iB zo&=%=gX;$(z~QFk7)~Vy!cd&~i1R9_BdIt{k1_-tg2u3&bZ~JYH#6X zLK$(@DkZ#{1ZMf6`j^2Z87Ro=s@68Cn)wb|Z7%OAs_O^O4_|F;UagKNlueXknUHl^ z{uJquqt>#}sc{XrK?JK*0jxF!w+vh-p$6z)HvGIZ88 zO9P=T5vZFKL~BIqRbydcX>bGq(f&w9X0BT2des4^UdX3X>s z9Jon9p#C5mmCDMwp;W)C)|K13kPmNgU6Y6&C*siN+agNHj}Mbo<2FuZ&fq$6ZQ?N} zwnHz8We{o6rdl`VygUeS?=-W|$)GvVD<$I08LoAbvp;WeWS)euH@(8c*COPLjB)jI zpj<okKtVOxMk zb%NL#f~KlP)6_{7uLISvxni!FmSfglqTBCStY513&`L>RSy5m5jw2W`$dDW=POEW8 z3X00%KTTj(bu}SyT|0-5x~uAvt2cXy6rD9%h%`;v3M`1K%5h&b9*XxyjNYE|VOEP*STy@0&`8RoPV4q1KJ2M-}s+nYV~s; zA~Y_?Yvp}WH5lx6pJMc*yVkYVx3@qBnYXPzNfu9X7xJtIw>UI39dIr38eXo(Fg5hv z)O;1o(bMG5F4&{nR;}Zd(WBv08>~#WtjR-NqHH?A4N*69)ro4egQ4-JKc6oTBd%Ab zE~w;Lr4$I5W}#t!qgsnODBBwrwaF?@9b?)`fs&L@z8+=uqs*g9%IfG##G;AH%|nP} zC<~z^)_O;@SWurY_4KKhv{cynvj%|l4-G3rwGQRV6E51D9BZ{oBq(a3Nu`*?18 zWDp4o=~`raG_9>^T+s{(U`rpo4bpH)>T*L_5a}I3+Qn9))!tPFT6gXBE@Hzy=02*f zD)UvjDi&6$%zYrZ;{>V8zK@ zR^P{eAvqs@wc0y^~OT!bgi76jecC(-q|VvQ?R_fu@;-6Qm~=BxxKB{nfGcvmPjB|$>>%TIM-xhonGxDaR!Y+L!}6wvm2mC4 znA@!Q#=MvzSf@9C)S9qSM8SB72@OmgV<|0#BZ$o-4uc=Q*v;O(h9be zh?y$4d8~@H;FG%GmXkd5jhE2^^}~1>e>RMqQkd2fp33F zvC}o0Lee7~<_L=xACn)V23yo1l^R*`Xyu$rOiQ0}RhV;1uoj6i5;U*0&LVs(Z|3;@ za=Wz^yZ!`T@98lSRNh<{Pe|!VEYeFzmP{lxn3j^5TG%J8SX|l6CWGpo$K$a`G+BaMMLodZ?WZQHm`YLbA70qxAu*6OOj2cWU4xixgD8eAWv1=e&^E<0nA zazddPC4HzeorKC8qPRac6B4ONMFj>^)@oz6u{Cb&_`Vv;IL`I5iP0DT%s))uU+%|_u zEO;c=LOp5l9f=?#5|AP4D0~FiHng*dg@weiIl-s6Vof`iZ*B;ZIK^@E|dSWnD??5K!2xoySy-B zDnb4O|Dn7tdjFP149tSbY;fh3olV}8|F=scU>&1MPnMysjIc8{)0J{Wpfc2hlsA?# zQYYhsm_!4HV{5=QtJvP6+Hk(l$C6z@i=c)Ed9$CxmyuD=f~;X%S8-@rEQf_|`1nR& zA~om~3Fa93Ozs(@dG76xmiHjFR*j>uNni-V`IImj?QAMW)^FgK4}Y-3DU=uuY%<>l zHE)vihW->T1gEV&_|7m?ZVKzji}Fzbbx@3#2i4)zbK<%*fh!)IxCF_3>ejm?= z+*gXOfxgjqL>8)f5&>23TSO}i4#0t0BR$uRQ+is&j!SY=eR6YnZ=n{!>q1;Bh{#rh zwA>I42Y>~iQ`Bo2Vtk!aGeyCSp&9b4vNW$A?x@!73hNK_n3_jL5c0e=psM`@)iiHhNVxOpOGWWIF435!*AS0`6@Zwz_u?_gv^sT(|+7E2cx3>r9sHHYVGH|g! z+=|HFisE}!-oQra9a|AkCjq{per6#tsRu`M z)OShpM{B4mCVIMOXH>+^EMJo`Q^i?ITq6J&Z zd1?p2=Fpip(Jhfm+8L>?uC9^?xpyc9JD90V$3w~VKq5m!?W_wTkUd1ldP%YnNR+0N zX6HwyBC%+sPt!Dqn(t5_Jk<3AkYQ{SG1lpWa`u6gq2w9F<8jy^iEJj)JAkNmXcHd? zS$wElfQ+4(%z7iZ|<24^IM!j#t_Yhi1h zt0bNf&RaIZ#)LsW`g{Poc(Ilqh{GY)VlB<7X4+eBZct9r%atCe_k;P=1-%1+W?m08 zWJ-19*lB^-NKYyoGpyy@qyyUK__UhVK$?xnLk+pZHEU#z|!{>}aH;mqn!I5~H z8C2E;88*evDyWUmMN(d^myX;fs)`cNPu~vD}zSB(eXiZLLa8lov+(n2o8>U`S`a=zX0Q z$Xw{b5?fgZ$djU7{%kB0qe__=fto7M2W(<2G)#=Dsz4P`8#trMw~!`A*I;53nfER_ zKUZ1?=LT6dL;c7J!Px;poK30^%=J?swVEnE^>1uVrm?KGvA;XStH8tAB( zkRI}c@p(V(1KR}4z)Dg=vtc?k(T;@r7bXt59Ch7LRO3diQRhRj<9)Uf0mD?NuBvvC zWL0~7E>FN&*AWZ#M?@<^@j2poElmI>Hq?Z0q|!5wh9Ep~5n|IRCCQf&>t$ z11Tu%G_5W~kC1KA8IiYVq}D_{atJ1GHqT@dsEgfxn1obfQ)pP~r2L(Z5LOmYIdldT zbugTEeOHZTfT#)aTEN8cX|_kMd28HKd9>t!0}GkZD(J&#iRIb5+y0-u_W)=r+uDYc zkdV+cp*JD)-n$?s^s1pqQIy_$2SrF|0s_)RKt#Hrh%^g7|vJS*{_r$e~(=LKb6D(qrQLBi`W|Kn^3hPcsEA^!MHB9rjdaSSvXQ@Di zNC(Ro;NjBxFYgL;s`x<92%lh&bs@pPIW{=Rh8hbA0X>2MkRY(`!^0(|sE+=S5uOGS zN%KpiI{)jqh3OiBm_sP}18^R;!>^Pr3j(UZp}`aQN&_JsO1cq--)u?(%MNrfg!Zg& z5O6`jLlKngpkPfrl;CEaI<<@Igtz-bZF7wY@C@<>Su1ErJUZV!LUZqf;3gwM))DBe zvNEp1051%3IsWcuTA1l_(Keo8Q9$`>YCsEM&;ek7(CvRxL;uI~O9A{0G+N*<*fxO< z%hnF!miV~8s(29D3GGh6)f=k8lKKq{+h1M}Bt&`#hll%yfFl=h4xH*UFRt9;*?NAs`YNOj9t+s54)8Bjlj|b=E)?gLy#Z`P6r4g+Vh3 zT!A9ZSB#@SOHlI-!#Wt`WmyMI<pa*Ce+q6Px#e_$=hDCsapkHNx z<36ZFp0=LwGD^$Ih@k4AFo)l-PFPzQ1Oq`u(dwhsNPUKi>is*9(<=I|7V1jxeFp!O9~QjbW#D_Z^?%7Gu@Nqz_*2Ik~2pmdA) zK1xwZO?}0ySP4qU0Rkt9%eO(|L^SYD41x~U;DAAewKgPLuM>ulzrlsC{Q^^XS?%$s z9j$zV{|$mtgOL^1hp%&mke7e#Q`q;tQT>|w34EdjiO?GR4dB)ULiscV;w7!G&>0`X z0r|B|4p8?zfefMtdb#2>`J=M?&x(ovR!4#C1ETDpe40=&D^&(!1Y+qAdUjn$khm@o zcn-LEQiB6Q0AN5M&;z>y5gLREdIkY;B{(u1itq~oW(Z$5UntNGSWTdWcV4c**#I1H zsd9Koq#MXq0Yr5#0JRLE=|XXUK;I7v_V9$l6@hPvJl@oc`XqqD@yAE|M)=U4rKLXv zhXx3>90UYHaZ}X#sn0<%qOAALy!UxIfjI0`jVdN(~1o z{vgy?YF!c#VF7`GD25M=1d2SU3~DeVL@aP5f{K7{0u=BD_N5?DKBUhH4hjIofr4bg z;RXXeDhY|D!QDgVURk`ECzN0ZPXwy^SZecD)|f2b zer1ILfjS~OILtp>7H?sp|82F=upuEJ@^95$W}p+?KRedH?pQ&t-x%z#63jt5(dC%3 zZ;r}P1P|>Zo)|(qetnx_vd;>&BXStdw|FP3Lc#XSiO>ijhfzv z=AEeWbrVrm{b`$Dig#2LieLO*)pRf7ZzU>o6AdM!T7KR3xg(1`oAxN|EXZMRg z>K#C7`raQH&$t4yE&<8P-?EGb0wx5d{|?_G3=)n49#3=8kC6if2ycbp*TMN0a&7pk zFoMpwKgu&-qhJ(Pf;|IVLAF&NXDFo`xFoFogDkv~2Xy%&H7Dv$iC=Hl;L-00t^5sv z{#)Y0Y=VD(U5H>|olv;%Nzde}c&LC%gLVbp+B907VPPYw8{R zJxfqhQ&~BVsHpsUEzu+@s@%RpR@%u#!4*guP@kwtf*{|>uU*DNdFg5C3zuED|4io@ z85sZl{{Pywab=XL;h~V@)_Ql}h}d;DMjL^c570x5Ai)%X?*+^1fDZi46#}N>3z&S6 zFK}c7l`%3hd`}J<-M$eG=)zXAK`mn&e47_gHgjm+1c$8?7IAk6@+|}g9|Uq`>8h%V zizsQRYvYaZ3V4m>&-y@dO8r$w0eVyyG8F*ViU=T5>jwbe5MX8dIvtnm6{h7J`kzd~ ze`gSWJV`2REvLCymIA&;+k&jRUz1#dIKg$oKeQe+^1o{OSr`+cXzggcBRFgP%`@+Z zy8gy_r>6AXyi;2F@>>(nf|`R2WHSe;*8cZr9hDwG&N?NfKRfHbHT}PB$|c#Dpl;OwE`1yq^f zvoPLpgFX#EI7SZm@W?^O7&#CV3yjMi!n#zyP`p0abg3EbAWYoNz<{9-nVuon|F13j z9RsngC)l(BS`>u9yKG+u+AR=gM2pk->GM$bjOFK+WdUb!@}?TFeqOnU8`Z>5wMwn~ z_a6_91ga+Iut=acqZJ`6DN4OYGvd>_{(F{jU<3$r1s*ZWj}kWkpq!r(D=0D$DAA~x zVzdgC6@UIvH~{knOLV1)dX7e>h86~EWgtNb$c91QvNF`b2hbJTH*gq?@T7jG+3cyU z`o0^&wp6%hh;|ToG$4ZTO6kHh#{vKX{mq>KH1c<+f-uboLU_enU>O~HnVgWLfzfi1 z7GTIgsQF5wucV?0JYTOv0uV4ILsIHDSrvSNw42b?udW`@=l@drN+qckk*_pY9^~9zX2Rc?3FOIwCj#4)-pX&k z9s??@KdsTarhyPB1vujYz2c7#K(OX3DKNj^bH3Yh{?F}0Kdj^*OiD`M<6VE(?v-YL zZyqw*xY5?o8d7{MqmeT*+Cie2>o?~+dEnbm6Yi90v6>(ZJBSvq>1b#pto!vV9$H60 zQw|XuGF<{533)+-!l7z|-3`z!{igA;Z@9>V91d=oh>=nC8AwuI@mnrQNeK4;ZQ0A*ccH zK|np@4J?h2W%AcGLcZ?Q6dVwPfn52ZOmEcgLEwSjcw19F1tM@Kjq;?*&wvuZ;0igm zM}wGkc|3kO2gS0BkO$UPs6g+scp6BHEfmEThX2+J5L!!;|IJ~c z%7C`e(1wF^Bk+@hU~zx5YyUc4pm%^49>B8@jBuDUWJ3dH;vWWXWlm7Twmd=WfO(sG zH`T&VBf?6g8P(9cGH<_Gauuk_wZG=phW+#Uzm)=Rz*`zj_a7|=;Ao}r7j{@tQB_ex zO$`PqZ#C3u?*I**`W?CkUNGneWpxnmqNWZ5@o~Vt5QbO#3)}F!MS(ovz)b`X18~*9 zdk^%3s|QGa^M`l*SN{0BiD`_aI{A&EwRFu_Vc*Vb>@}HIQ z|M>VDn;L0qxk|u9VAmL7OG`_-`Wxrw<{nHxn3$LtA0O9TXLfmbL{mp!Rb5+UNM&Gf z_(K21^IbisI?lJWoj%&sTGxEKW@)LquK8f);nKICOG?Z0_Lb*UHf0wa%*rXuy!|Be z;)Jw{cKYE{sab^*vI4TMW%N>zUfhAmK0=BTN>$6Y3Lzeu$-0Fs)g9+K_K>UyCl^l$4;zmi6IM_`$+rf@ zc~pdLn+Ow%d6l>Vy$YIT6{?$=g@sc_N(PN$!pZfu>oZ~4VT=fLp@F0dXCd7KLvhS) z0|5yuj$Lf_|*j0k#EF$Ek z4I>b!!%CzWL)30=m9^ZOAEt9gc?2^&2rh_3Iv+8t4*3=Vk;NJ$8;=_gQ~jLZOD zA1=MMmsw@C!{iuUmn@bQG1x?=Fv@5)krmhs<|ZkdBoNlCu!-X=q zZvm-0aIiBsQBHXXw#gQw>#~huVmy}s!=FW?5$2dsJ|@*6MLK2-J|rD&iTp6q6lEWlUdxXFr%J}Fv+Yy=0Hqz6a9V4bi_%z$li;K_;J7W@Q)8y~ZJ zFP!|PwM$1I_OzFdZzKeU<17y;M&z7Rtj8j3pTey8JLjaNb}%Zz7(~vPj#tPRl^;eV zsfWTD@R}b9XvtnPIC_mJJ%X{)vWa-C`uUV38+)=Lqg<2Pv*)cu7)<-8%i@o2_+9?L zY@qz3XaDSPKjZ((8bBuaVgFZCQC0qj|NmL~{wMc+Uw{ z?8xY~#$#<|IcC{zYd(J(9=g=jai;&5`TF`Zd4!Nc5ztg@!~sB-J| zW@ZOuSE4d&>SPpIvQTgwVO1Ogfkd+)nNbXktK?7)Y@CS+EG*U>u~;mIm&Ja!g*3xP zBqtrh7g>+w!trbGtY@R+muKKa*P!c=R-F7W0ReXYxMU2U3==&g2X8#*VK|(P3DwyJ zgRSAA!yHO07o$gW;4rCYuC8Xkd5xX^I@2mv9yFRRQ;O{|#&-;UK9RxZx+|QFxGfqH zk~2k=WR4#(-R~mDmx4fXa*vCGrr?tW7;iFe9a^G;T?M{Xt)PmD)d zG*%^Vcx=EtXUjceoWvW9a|wX~-qtp>O*+7^doA{thf{aqryM&Oqfj9i^teQH=E&Tg z>lBFy1`-|~s2fMRk6|P$>8Xje%o*<1ID@HT9=Ply!X)&ca=!m$)%@S{?CN14|I}2~{^9?B1?hiU295s<0BN}w22=4WE*%~Qyjn@g{nEs32RrAkVhpS*g1@y5fFmP?z+hf}M2ZasMM`1zaI{bz1WJyZ2A{_yeh?5nrKPhOq9 zK79SvtLv}s9qqbaaCTV9zx3X{Cw)&|9R^_h9nLeTV!6kS zfRefbYt__id^OxXqHHSCBEu=d!hj_yvMX?yyWBc8BZ<%tup5|REv=8?uM>?Zeqk~_ zB&PZ>h7dl?Q&5#k5W-wq;$F)l!i;l3hKJJa4nrc?aqD4BK_Ovu7`lW=CJRjjcLIEO zNf?EFmH67qs^ZGE5?Wjh)s=RRaR`pK#sm&6DJ^Ta>I;3xZ8){0wLFTh6pxP7*l5XI zcJIHH>2`hf&B`kcmrkWs7LSLn=?r9OD>@N{4SF@}(S%y%a5`b;oL0T~EO%`h9}iQh z0ekl}<(lAXE#XI_xWOrIGcEd~z9OBahG|iA1#{DVdycI|jCqduSU=Q9CnAGpM_LRp zI1$4pJnmF)pF}BQyUAwZ9wZ}&tWzg`u&w^;A(A1cNGa0b+9AX$r@dxw{#P69BTX*D z)t=EGg|$>}dbZamx6S(yW7?MMez)lS=TD%fH_1=5CHN-)0jvCj^$+xm5%PZFKb=B9 zz2Rr;Uq$8D>t7v!vi&3f{gkkO!3|$yf1|^IE?QFJ*N&*Jz`-5(zR0_R)Gv@`9hmt1 z71RMvm>K}i12G?g0qfnsJ?`uD6#aZ0q658*lug|>dKyOQZwUAEiEwl9vEFR2MIxD) z2B|t*d0D#J+8G7~x^6ah4cAoP9vtBjV-Te1H1e!{`L7!RbAts_5WAU{%2*-_J2MY53CglTY8_f^qDjVR8K`k1*QTO$-%(^{?g8KNZNT0DuaMLm@{B{XF)g?b8=YQSrzrX%} z5#Z~g0v6f8QAbZY(^(wpjwTKNBX@=(#eaO2Kb{7QiI_8zRi*7 z?=P#bu5E5=D?4&&@BL#fo!74A6;7Wk>O9}s*K^_Wz+m^#{h{Hp@sW``H?ChEo9Tab zZFK3~(@R~mcSj%GpImrxd-CziXR}YAy!d7M{p{=6$;E{Sujl9HUcZ0;?%n*Sx1Zk4 zFMXN+u(0q6ycRz#EG>OnTKfFq!Qljh0`K!5LdXP~*tI5A!? zgWt5J`eMGM&0(jDEj5?+DY_4qnzq(n-me+{^v=cBLxL3DB*rynZFQqnCi&7^JJ=+_ zaiYrXfZ6fG*J?H#^Se8E{K$=CF5X@&<|i5^T79lw=Rb1d=9rLEF z`pC&+_s^40y=Jj!Z<^}SnH7kI2_-)0&k@r1!9E&Hqh}`72{n^LA6_{qScgw)Z=1bp zGa+v^!X4p5k8Q7W7%A_{lftn}mfyV<>49M~vLITXX%9UZV5&1Gcd9Fi&AiVk2-d|^ zEN_urM=mF?4IdcJTFlhiaPG{9!hrMZQ|DZetnwa>iat%`zL;FUKK#`451*3gjqgO? zBO^=pm2F?Dz@y^gG0iYKM#ZTVQ$PMLSiqv1i!+5kD(x0!$TC&W(=Qnbr|WVQLYrB9 zzQN~{zecHIm+Ey4ciK5MQa8JO!HhBcYH31GretJSXV|$5Ce>LM>O5T8XgIFBGBlKJd{=+on4snPfu}izHn?xP>cM^4ws+@mD+{ z`|0%+vD@7dVr9FlMnJHrY6^|vR53Uy7UPI1G`Dj%_v3@X^Rp7x8!`#q#ifk&Fw-Hm z@#>kHljQA-u+r4)k^}B5OyLz{F2}dTo+p-_I){HYb)thG_I$6qYV^Led zpRYth@JKjmcDML79r7&`XxxG5=oL>v)xX?~3Z@e=7(FZ~7NL>ID>=kP;jl9~MaFKk zI6-E7Z@NSA0G;&E+#y^-%u^GsLi~jcp_<&zILREMUZ7ZAg%;&{&#J1XVj(l<9Jhp)y|7%>zbXyVz~ovs>jmBF}4ah%0GkoTGdvjl5MM&78B zyPt{D#A1Pyh4{l3AxhRSTfO+L65YiX9ABOi-ASZl$Ue{+V=^&s+Kp4(_b~aCxNG(W z6N_?1J)}taNYI0#eQyn)3LlM^=h(Fe)@<6vn;rAGKrnReOvfINz6aSAlRnQH)^G3S z%GMX4%!+fw#~{=9TjjkN*(fmfYLLnKc`wKAhlV*uIYORv*Tx99G22GSJai@@S`(9z z#q&B05`?n$TcS!+++VKj!=DxGNn|!Foh+L8Kw-@OaF8d}@ci>H3Zj@yf~l}3E3yp6 zv`30!rW2{TDD;v73)pW`DZYN}+7+ezD*R>P&SYHXBofYFX40hC!L`aCd612PMfklA zds=n!qJnMNySGS%J_DktWG5%`FgaO7sgu!tVIo|eu7cGG?j5gK)Q;^tfqS0KDBpX~ z1fz-IiJuD5eXCy_<$#cWJ}jEkvxZTaK$jaaxBHhPo2VPkYcFHD{ouFsaw z5=y^?xqU*P_4CFAe{B~*!`IxrpIshs+#3@ULD7IV~o)by3kghpcUel^AxZ_lBwnu89VBl@>kpd}(gE#65D*cYi=xjyyOJ9F7s~Bd1^IpXMN~-me#Z3Gl=&D}=53@NR-YaiFMg`^r0+G{w&T~*UYaKFK|G5dx;301S5dNl z@1l%Z)OL&W_u9mwQ);&vE|~Ub;=`XM%eqWRIlRk!h^Y$C6x(@H|NeFkOT#RCx-%(x ztmSD)^64brrlQna;d1Ob5`f5CTiayY&*4}bf&irLZkIBpHM~+-7 zi~B;j-PyNK%*&C z^P~JDG?)n87xaYDtR^wtAv`tkYi8SU`;r+%Zyt!R&ZnaL zEnG}++eZAGova&oPE8GRtQ{59Pwd-pAVT0^c=wV;N_DfL2p;j#Kj&nSUl)p*~uhY?)R}k;7oN|FDV=l_ z^DK#ebH~Tx0KSaz`5M#Wp@O{2Opjjct!8+jl)!prfAZUdjc0fRGZuQ93|a1UkOI9n zetH)w12@ssLqzD)NlA9vb;Ra8_usgKU5bFQQHmCw^DR-cH#Hj*isw9;?b{Jtzg$^b ze6@bbj)Zboq{qAa#E+mpJV{`zBY(Joawef;gnY5#M%8TF*UrZswol+~XN?O*->RX< zb0-Q*Ci+fN;&bT3LgeUyaIA&ThOsi3rQ#FZppgJyZ2DSi$G3kfiU(;Mf+I%uYDQ06wl z#~R>JFqcgpH&e-8tS(rX(ql9~9?MT)Md0cDG__UmSaSlaxgu5+hlEYSf@0F@JnK?i zVX(=!Y$!z-B?^X6f{DUma6C3xkyRN6OLjnsR3Ksaz%GUWNNKE35FTqR z%DMvvLo~tH5Lkuqu=P{v!WF6XCK=~U@U<9N_&~bYNK!;|I;`u_rQFK9&R3QwAth-?JFex~2*#jc$m){jx8Rkp1RM1uZd+_>Hk<~OQypbI~PZ`*o z9lua2)$_QTCbGtcX5}#=kr+dgXhxo}P*lX!MXCl|MqG-p*N+6ptm5Zxa`hcQ=F*dK ze8P|pPKUzS)^v1r!&iIu4IVH*`LbIQGs3Azt_XHswPqDL&Hp42SvNjGPHgFXmDSI! zJkT@=XP&-Pq_Rhr%}wEce|hkXLklt0^KzZdksu6x?>6QN;(Ur(*xJ}INu8EAWVdyG&u+wjT6{_n?&-;VdN*=C z!xzzYwqmg#Qr{EKt8agQ@pe7>fgq(pM(t==OpQNE9DZJs*R>^WQXPZfduRx;aC=N%m;>uFLZdjQvaSM4c zh10H_LeJTNsnTPxPJWQ3cI&wN9xbT~`^_l)2ocS@Suu%6T+VdgK5Sq!is-K6`k2#~ zzo4&}Y43;LqK$gKY{7nxhTxnra^pI)cf`cQeF@_1ysMowB}u$GpZi4ElY+YL5i%3| zda~Vn)ky*FgIZSX^y7}3Nc;mMl)|0T$%ff<2cGWYu_z5euq@Vn43%cVTUSgHoJS_5 zSvGK29~L}XIhWF)-qPXUfPB>9f2`h`D8qJwQF=B$9{=&SyAHGM?D6rB&2lHjKITgL zxYxSY*RoRPDKP(?ex1z90i-*65(XsFSqC5?Gl&`Bs|fEtK6}MLH_A;pBEmoP2z(t4 zMvB1riRV7)^1Bh~MH-rV5rVQuE8}w(w$utI$;!8<>dw|x&zPyAHrq5Bl36!I;Cm_b zY8IrkB2LfI91N??pSO-8_~0x|d|BPY#`{POz3WyZBanJby}hHR&S&3_9KW|6d-BDF z!pG%^ihw#nuU%UtFNu2HdaZ93bG>nsA+xtZJ;UtK+~O!|ojJD1E3@g{eah?7wqDh@ zUtS$f@Bg(m5|W`7UcWo?}9OxKR-r9UCy=xcLLiMC#|6x7YRw zyu4VxbK95MRdUTA7yQLslhMsG)hB!DaR)yUBn?Q3N8X-(+T6SC)!q2l@xAL4zWgFm z^g6l!%uAMPkMr|%zmyptMQuK|<*EpdtMh%1jBUAD_z~-!$z+Y>hAXQDKl3bohShF| zH^ryBI}dvqW8a%TPkw7I#K7Q_6Rw2a;x$-N%x-c5%{xe04AtX1DY<}EhgFywb67GpJVGhR3B80`zQ;mS2GE^ zY~3W?M3M2GO@I1enzLp>momcWh|uEad?(pG{RKzd`MGG8e!6pP(`p<4XPlyj=z4$4 zk*rlxh#Wh6ij3<;gdUlWy|}MG5jDsVCzHlwLOMe%99vyiFh#I))KTEnlsGW}SHcy-!+jYZ? zO><|geiN>GpN_DXUZSE9lh34Cq^&r*xW1b+8yogvacv1(U1##@i?2(5DRtA0y|6Js zTsf>qN8+Ts7m#Rh zY3}}^Rg=O(Z+|&C;F-apioc^}Jp=|c zzS|_j8W%KTTT`-B3;hkBM_stGrc^=esk0uaZoXAY2E&uQba9$J!W){2!*lS}?nQX8 ze?b}->h?7Uwy#du?{8nKX~y_6wE)=-kj4etzF0lN#Z1%ISao7cTWc!^AdO3bV=V>& z+>fv$O&(?iV)})p#io$Ph5i{*so1YtS5O!>Pb|WAWzc9$%#UXLzXvV$QRqyx69h2H( zb?4-K9*=U)%qo@(yTS!Yi5tCCJk%W!93DRVTs^X%J-$-4XujU5TJJ_JM!k3MR9Bk$ z<0}<=*6TbZ)4zGF5s`M=H7U1)newDG#)Lugeq0JiC>h14dea5{Ma`$zn~}$4(uz|! zjZ0A9HsoL|e;n2|$yC-)sqMKYCuicifz?l2#}Ru_}ST2fo1i+7YPTAV&R=#}c9dUDp>>P#B!;QTu+ z6x)%@R{qszSPG;o=W)LEF%2I_WLuAPKkesk?X!P!RN&}nQo-q8Zav|27{D5?=~=r& zF27+ByY*DF?t8jym+f73M~nL;6poCneJ_9HW@<#=Dg`?-UD5qiZTS}8?ZlA``j36V zr(P*v6z@HJOL{*1ozbmV#^bYt&%)1T^QJ^U8oMaApG*H~k|6sbS?5bKEqwPY_!8I+ zQ3@|Fde`as*dHdit3IQ<%zQ}d;i&8($IxoUs!YWq+>PhBf{v$|J=gFt1V5tF-5V8+k(%-JQZdDR~D=E@2*XCi`cq5AJ8ut-rg=o5=vh@8i-DucB9n6cF38tcgqBtJUkuv&O5fGNsza-kImR(3_9-Z*#Je zz4a)?HTpx+8@kwL+0%5WHQVy#)}J5cQJFjhf4A8m9ZPf%32oGWcYh=4ON&hJlAf!L zpuys`LWFQR-9Rq9uz-ZtZf1-_WTvrqSQAdh!5G$=XGc4{JymCj6|SB)L-|%ArQZfH zu$Szikl%Er$+{+Uh{DjFWIpz_z)kR(GZSA}s^lZzP8gQqNR9CEQ2z zc%$2qEV8+o^e&{N4ozctBHV@0K(?*TOV*9YF`F%r8<|}?R!dIh+9-N3&4;8)C&Rq4 zh{R1V=LAfRLRg5Mj!B27FN!p}qBVC9GHpYb)>H1wWME&ssmF#STZJ^_n<<}%Xth;u^K|)@s z^SG1^oL9$yqvSZyB*zbuXP#b@LagSKl_i>=lpmGny?H_oPxsR4G?^}`&6*f|TU1Xc zhhwOHUcWnaKdZyELGy!4MYwHJ0c2nAV|H~8!xn49txp_e!Ys^PNMn|&ad*zPZkL18 z8RZNVH9MRLKJ5~PZ#qj%4dpqTAfvIx%Q$7qQYK)|CGPF(XO5SW>&hzA_ zROp92pGj9=-&Aq-)2f#mpDi~g_=LY&xX=@P-!=Zrl7iYUf*&Sigv&{w(Q$g4o(p2DqB9GX|GBS?$GKw~i^fHMx5=d-v)$QF(9NSFp^JufXaKkaS z-uDQO?d^KI#a4MF?GZhJt;)PKc9I^euKZ!blGk?X z7CYT3pPn4sj})(5rS=$)!gG7)DRA@c7da62nnL;ob<7dUOyz&`Dx#nw!iz`_M zKi2k!cWlroL+A09xH0YO@C!<}EYA(9yjw`$7d0tNCbvH*ye*ZBc=7B((){4*1N2CL ztU&A|M+u{jncCSWd+*T8DqzOaHRQV=q-aXz7@hEY-fYkZtLv@aNet~q+i7e&rPDW~ zM0AX~qjy@ADS#3oZLEFoSn~#M_x*;v?5>=_*8^^C=8S>$j4ATpxZ&o{DVG56(EJ#7t=vL(PLmw(ud;4+NDvYTEWlkrYxL9@@Wsd~oJ-k01MfrM>pFy-d*xg- z6&@;;yS|i1kASLdLF#^9Z5l)Dd@DV9kPhLaVspxoZjFN=hB1f2erCk$`QGF7^uUo0 zl3m_H)*?F?5*7{D_{q^5Sc~{gYDDt)SgiG%Fj=-1i5B;l3#{XO|9rlue~*PujGg*; zcW*KSj*!HN@~fohH~?9T25r3$=%VL`9K&mwi;lQ-M108O@Gn;Jzd6*bWm9gU>%O0{ z+S-NZuOVRnp zLtFDl5_hf;_Xy|+y>Fbo%2r%T$cngJAcS|jw2G+Rn|-^TO(Dn$8TL@DQ^LHsyH<*A z#9*g%^nS%|-1U(v5gk_I$BU)jwMe+tY3-M4{g5 zvH84ta{Z0|p+;ws4HQocA~L#-lG9DWh!-IOL8il=Bo&M+lGQ{K=fq)S5t?dU#^8xy z6A2Y9AqZyOoY*O4rG#Moa(n=rAiw$TeV&~xm~QkMC&ex#*V~x~dkEV`x^fJn$S$n; zfpu&gLB)!~#)NB%SSw-8Q#s*MO1LfzYgbyyzE7LDL=5+%OdN4{C?pCJXzjd^+I><_ zO4&^CUD>Q8STC!!WWDtkfm9!CzOacD$x038C#L66>5&?TqxhCoJ7+lBJJMY&81X`0 zd{|%WaU7Y-Ze`(W$cl{We7wKm#M7ty7uhkn56#xtX;pG2GFBTF&~d!mMoQ%!m-H{V zwdr|v;aH87AZY?QdWh~FrJpbOE!>#>W=V#0^cvFK)02}M6!q&p>umjf{o#9$2%cfI z)jvus4jF0Mo9cVF*?ele|J-HP-e7@nqz;-7xjO}WJidSuSZ^nZ+k#m`mT5l1HKgct zN;1-?yCeCWw%ciBvs%F!li-$J|)BLwbJv%0NlpsG5a~p ztx$d9@Xe3Pd3T)fuV7fi6@1aS6iXQo9D{XS6DtLFBe64C(}dyl4cn2mOa^!NR~A$B zkfNoe?m`vqLp87D`gJ>I+PJEOzaN>rZqZwoyJp#GRHPyLsnNqdfSOeKyB+d}|_=Cle9x==n_UQH8dKB9ievY@- zbetn4;d@OzYPS0O% zLO$TbFqmOm-p)SUNw?hs*XMxjVMQ`PC2CH+3LIZ_PyUtA-64DXPw}d#-1u3$5_$*OO(TKe%m-v;uDVv8F z?pZ@hNDJP1p;~aRW`Iq0C)9xFkv;=3nEd$hRHDpy~ug zeX(-skE78OYp&Rys;q9PVA97BV+$FIyL7}coYn{&zk69fvaiUXDN(Spd`ziObw9(y z+TJr-rMh{ds___)y<-;}+hKbTFi-GbG`eYOKG<4c=)}T$P`Y75B17ykX~~(xYq1R- zeibZ~8v89`*wHn~g_XsJh@GNVbM*>h-Y_Xls>_&ro>EPwP?cp?`Vf9VmGM)n6fQBx zl7AK)hcI0s^d_u&xeY4kh0Uz?h#cF~=9xziFR*)a%F)p5UF3#G(hjG$t0jMIZLPTL z=V*YLJ|V4Vo|unW3V zy-z7g?z#GErX%dKCq&Dp(wyS03og~Pnw6anAd+8Szg)v{Si0>IVTg1|#%j~?D$qtiwKij5ic8 z_p9|o`C8X^dxdw52j(Liv{8LQNDnUlhmSLO$4B^$gI;_zIX2yWe|Veq$r_}b&5P56 z9=;5Rl^dILqAi3S)LFKE5_`>%#qS|^c5mgvyI^9Aac>r>y?&w)(U=ZPz7VlstpcAtZt%et8(Z z4Z%z3W^EWb=BjYpb9dqfBhQ^equ%x2f=LEqcE-_^$S5t5Ls4bTDWctpJ~!F@GzA%>c!M2SBSKJ5(cE2AeoU>% zf@r?GN|AAxln2e${kufC=ETF4m7ES&Gig?c=+yD3xDx@e zkj#Oi%)$1|p_`e*3z;L_S;IxCS_9b4-C}jk>7q)>PwbOtPwp_$6j+m%QLl-#8psfu ziy&CTd9jf%sMewvF?eZ3x=f0wV_k}dL#7Pnz%hkY7|4-0X5 zk&D=9^$j9uN#+SRPlue!_I#a*eBBTE1fBvt9+WmYhdVUgeL9C%DS7jJFv6JU=`Pm? zX}SF6xmKOI*4)-D&3jjeXPgicVDWa6p0zd`;Wp3V6rJLUk|6VQW!4&FdD-)kS~mKQ z`=Vm^#h4Zt#o|nOM9hkD7N*HeBB&W9erw-c3vRwmJjM>`*-lz~+kE*R zPY(e~v$c77vEs$zATC^}X&Is-Uq3ywksfw)x=fqlppMkRSFt7Qi%Z7S)*kLz+bE(_ zrN1uky6TbqwGZ?WvHg<9ZbS}>Y9&?Ln-5yS4)(VzYThb~E;+Pg^TF-Bb&L88 z)p4d3U*2tK>~(flM3mcMXKY+DUz_aWGOHJ@#|Wtjx#J>pYBoPD*wIr_v#_I<8$}no zL-hi;x3s`SacxJa*K0N&s}R)mgo7nQ%6pTbesdwp>X7b4Rm{_}?Ys^1v4?i@*6oxo zNcF?L*o19M-q_&oyjeLu*Pz}6St0+%bewn;-L;VyZ1@#5TRvu4DaN9AacjFAjv=8v zE0IKOaW$hrS~ItQuY`>Yk4p&s{)*jVLRBJF{By$WXUwW17z#Q|4kh|Eyg8MLF>i>u z)il_#Z>S{6kE7g7eC=U+-D}*wBBGnPZ)30P)1`9ZI5%q?9IP?98B(=5w)W{Fn$*nW zPuP{Y%YqP+H=n_07Q*AAgf6wl9?xJ^$l#w3%dhsWTBp^ZV^$ac^w8i!ljW8=*3(Js zpBz1{nFebFx zDB7PyzqOpg58J~(a?8OJxcSai4V{}xFKlrdteLog zo8ouCMx0TJzxhnx*d^i&+o6Jpu%Ns!dJ1ZrA%b*#T~OXSj$Cv=2u~~%!5T*Y#@sml zc}(_amyasO5u)6t?G&-&7T1{_@QU2}A(pjy#}dtZHVd5zhr>!6N>+znkjD;IG@z;j z24Bjawc3pf?WtxR#ff}co3sz>)uWnt1E*KS7GB=r{>krH)OpmGfpb>Y0Z9I2Q{%`2 z|7Yjw zH7|l#PO&}ENY{P1y-Olw5*^dT^_8fBr0vfId1#&o6-q9Sx<94Fxq~`EGT)@sTSm$-&vo}yuHg#AfE(d{m{8G$w6@>p2b z4fnQN5if2%{Cul%}R1t9^%r}+&bBhE8cN0O@rrSunX*Dj7(#* zKia*kHI|5W96(2eoNPaIjE{0l<^@_h5T^NJQt0xe%-ON+FUC-(Zp1fD#)n*BVIE94 zdk_CIwT*w8Z?tu2O!ku-);thbbAVOo@>orU0tfVeUjM5U_@nrbC|_4v=-q$VqMyWnfE*6Lj{j0u zQ~f9Y^FO5epL_gU{6{Mc!hgDd|Nc^K?YVR3mdNDd;^NrY*d+o17SeBOYAPls2FhH7 zU~ZOQkOsO9#{6Bp0&*$jB8dO8pUpaLHdtv|VO`oost&kac1Y-w>E+0n##eE#mO9G; zA`|bPf$FeRr?&d3(MdMv@iHnmbX|B+>$15duuXRVm6^8fmxE5{TILuwM;=8iaOxg> z|8bM6HNc=uN!^u}p0PWVNu9yo)n>~MINjc&7+7J#0cjOC%d9F0k*Ur%g1m3v4*B9{ z`2HeUnX(fUQf2+wbLTs|(hH8a^c6Ye$h6Vfx099Jl03SvUB7X2f+xDa8P?WX#K5Xf zxBoJ#^nlCe)8n`1=3l=_V`#j)_sMMGomgHeHLnVr_vk)m$*X!JTRsS0-+eSA4e3}V0281QFj>L{eSFz1z42Z*6=&S3>`yvcXx+FH_{(TANQ#t{sDvnD%s(FQ{l0t7z1}+a`~UBMp0jy)2Hsg~@BOa*uC?~N_KH`< z_vkpEQwTg^*NGq1B4e#+M;)NK?$`!AY;DjU(Yi_*~ufBCc36Xi+y!W(3nBn1`wk<-N{#eO7k!pV-`GbY| zsJJ1~Fh3V|I}QX@gfOZ zMo$k+_nC+NnL{`h*+vvab}Kf|y4T{8Gd()o!0@GZvz`Qzj*~etSrw}?*V`a5ooGD0 zmSP{BzRDbQ@i;hGWn0(!hWX>fdrVe5bn-2Tf%?I_8@)eB$_&;KHVV@bKJw96B*YilAh z;GF5e!!74HTtFI(W)i2XakyL*INMgCn>Q|iLuT@3(HMjQ9$7#)+212~OeO;zKp5it zX^OI`qMfTw-6o-O7w16>M%SMiq8Xb}bUCpJN-iG4nl!9*khazHL7Z2+CT$V)oH}-K za6-BBS&R=e5KOhvf%j1i?%if}5b!`(BjJpN?`tB!aCP+l(&^-eg;`R0PA3rdd6q;! z>-O}m$&QQtp0n9&oJJ_+Br7k?W?z-7%;DCrhbhOs1ivzGUQdf#XxSK!RL1=#KYcu`G%QvJ z{m}o33|(mGQZHkt*-ByQ9e#_liWM@}zn93$dT@bEB++z5*4dF9dTDed8i{R7NJ{6o zr=>+t=~_syLSMlZ#mWSz=HJkf&vKXua{GWarGG{11~S0X&`M}Uwo+H9he5sBAhpau zbHbk1uV^1~Z|I@Fv5wC=%AulY`<>F`Sb-Kv><~Hm!=w4WLh}&=LA@+eWL#PxMiSTXUN;!u zs*HR9Z~RhE*!wHB{+wPJW&J(Vg3Nu&iF^|9^`2B!1ecx_86vy{e5bPn#=@^pJj8J1 zvcTGSJyrksSwSX87~#j6ND_=eC^@BEfS~kKyL3ta32rupGaX*}t1{>yy z*kO77RsjrsJe`+IRFdEsF`U6#<1;C%*DmMv$4K>fL>INiG8a6D^1e3XU8ZtUQPciF zZ+!4YiA*_)h}yyIM$Ak5&}Q`(d- zmFT*w^svj18lq)hS!Kf{Tz7&%&RD`lG6(p1)77fDFl^)Cc_z9HldBfVdO>9s<+tBI zkas$GmMK%iE-;{q;Bev;WWY2QIszfgGY^o2jlh^(KB1DAqykL8CW4}Z@d)hmt#81sfIF5b;qQrGpt)wlQCB@B2$m>_pqu@W_OWj+GLVI?x$l9R zseBof>`*iV88fT>2I>m7_HMdu+}B^3OwTzTn=BOwH!veuWKAG%dGx~MlWY~(lBvb& z{VC;CJU@Xg%yrAdyBy={{5;5eY8h@rDn}Br5aN^`{X+LzMb`(aM}3sx&Y4}WIyP7| zNFeO5$*XcV2*l)>XX6sBiNi8_Qv6VJ&;FVaIpn%Y$z;bu_YG4A0V=e~t!5H!mGw7O zU?Hp>r>o5q@@4cQVF^$xu0vX%GWC+1;N1!871dSiY+#LL@~IWVY;DM$2Sc(Mjp)G( z?~GHb$rT;dt2E#4W~9g(pnqVY%nw!9Pdh{_GG<{u7kGI4x>1GM`O-#jGIspK=?y8u z2Lkark>%n>>ul*hTVbb%UK7`@Lm0J1A26Al`1)b%g-tvqCQMFdu$Q-{4_;16_PH%c zD?RUYi)0@*?7NI0vPeCC5+d}up}KsVm`a!lQ`xR1MUEnp9!C{I> z9!@=EEdkT88K4z7y@c3zBxi5X4_*d_Z4IbA|ulPVskIvqA}ivDsXpBIN$i4T-GoH2f}Ar5?Xtq zW8#QuZ>TyOA3}jcy$w&Ms3POFZr;v*Dbu z5R)Mhul*s!98;58ES*bx@%kqsGCi2il^L&+T-Xcc_>S=q)#@t~_ApvZqpnn37TpA? zFtfJ(n9jgNuC$wXqayqE6Zla{^h;RUOc@7b6Q2j76aMhVEHp$2)O)bby(nJI9#Fv#5yB6nIQ%2Vk7d0VDT2;{PuQ4{EB9 z^ma=>x<4>(HvCk`aeAmsSK195O5Cmk0?{>ct%Ag|h;_)YK$I=7fF)8W8WbH{<0WXH z8%unX{L6?Q(+nI0d?DKr3@ZmXu@1Q~3w6UR5D6q~H;GO9X|CK1MRLt!_9sz~_)>81 z_;iF9S1|BD=t^|lO2gM)eC& zS*rP#9n+!_j*P(x04IvnYY=sRKYM_7NOrsIq5ccv=sHNTHY4NwEzLKEy=LU^^?euK zz95^o0vWM&#jg=d=UpboA)0eLePMn{zH5B#$!ij{jx#-DvV<%T|4dZKn-`l zmsy^20 zsCaAZjfjU|#p2?hS*OM(F^;lLs^acq?1XaQQxp;njbvj{^Q-7tGcDbZwuveg#83e@ z-SDbF*ME3?!`UeK!$RJeSt+G(WV3`x3Q6^TDwV`#;7b>MZ^nCma={;GZzRiF4>=3Z z=FnmeunbydzTzD+WimnRk(k|+AAH3xNSWWS!EeTiRn;w95tWI+KhNTHlcYaG+U$ED1h zZ|iZp6$#H%;fFkES*em}8eC53P*69FQ6aUcluH8Ly_kIC-uA_=uOO+=<|1$Pae}(AtWH$be%i{vsb0W{4bL%wfw6M2k z_uBdGjJDe%brg#PF)I$rkU8oR0i%D~It)B{wD5^?> zc!gOl3$H~ioHE;NVLh;*RbuKDD@pcLI46J7D>`)*)~>RgUp>NuI`-ILoTyNUeMNG&yO~?iDDqdpRZVb=_1h=|qfwoa40| z$-~2H3H1Wc&r4DHhNON0j(ejdj(0T0^70uxn^@DkIEvS!QhgXKJmO6}t`5u}02jBW zW%L^{Y-{mcPGcH0rnRN&<5r4Z{vudu?^Ro4z%Bz$wxIE{yBH9B;q2by&l$#EyV z`J506)(sfDT}h?Y+mQ@`?2+{E^U=&>AriwQ1ZZe6oP28BlVQW?URG){`re8OG6QJ% zIHmj1x`J*q$20+)GsLq%6mv%$reS*YV!KnMsm(zt2RDW~o&8P>jJnjnCXktXj^M!>-obu~*?C~jqk`h;^Q(i8Nva01`KKRm)4mK@THYXg$9?98Hbni#V2iu~ z*b{v2J=1xwINpT@w@f!T+EOm^^Rbcc1}wTiW(M2E7o>-#NKB7>%7O`N0uNXbaj#9q z#w~*FsC0amo_jI(Mv5K0dJiW~n)c%4tngJ&0zbpKBHM~(R%VM{#auFJo6)YW9JG5K z(lv~0t6o9=RE>1={mK&(TXqiaQXm|aRpNz(6ZN8dC#6x|^#%s~Tm-lQeXYp2WDW>( zVf}*VB3~75ED+aVXsson?|O%w>9gi+&CUlb$uW*K3)E0ZCCf8A z%I1Jf{`d(WCiv6p%vp^#h6A?jxmWwFdS`{GXa`2)Pbqgx^k6Ik?{s&Fg!SVC%e3Vk z(n({qhF{gqhjS1*yft_4X2tW2MObY#_fDd9NcUmk`i#^;owOvR5qhwpp=BnY zJjVuoQ&t;(C02RNSp{ckmq+t9SA?qy_A8f@G#zc%?96u@5qq6O`bSMR*)Cy#&2(We zUKd`|sGY6OV{WCs=F_~U9!`V9)yX%__wYE1D_*B5Vd0t?OOtZHX=6R35v_v<$-QoB zH;t})rSfzheKM4oB+;m>nN;olBvE@IsQct{AY06-h5OeO*AaH^86e110=k6WYBw&)OxOqi+0bhi07h|=DAvz zS}|}vAPcY4CTv0M=^8lAxjieY!1y^~Et?G9?wxm{$6bPqc4FvbwhOq*G15<{c49I- zG_O7qs`GePz|QBf(kS)lX#XfvXX)c+E$u4147tzI@n~vy`C zT}2=X5M|ubv(M~6yg5>A6VTA+R1a>bj>MZX=A}hfwPTtr$^~bqZO!wt9t4h999K75 z8R5G}$YhZ*E~m*_uv*h&ZbKaQgopdpVjS1-zL_ed!dugP8w6(Y^3+DijQPwnnbgW_ zecPgxVQ6_InM1jyoKDTj9<-LP0zL$cMNSv3x}L#YdahcN(D;6 zl<3;|8!{*PFV(7vQV0uNVyqTh=cKNTC*{Ci*eZ!H-gR|(v$P39OgmAupCz)>A* zKMQWxD;OjsLDMK=Z!TYePaG36!xmr)*v0{uYBl!mL*jE9QHy=PndD7 z{=8^6&JH89D^r_nO`|-wu$S0oM)=&B-K-l@ACK4!=m+{AkzF#Gac3sfWW7-kgyfsC z%~!US;5ASvbFR#ieQ3@VZE(T){BWV0tl4w($knk9vwP-4hnp<7N5B;3=JAKle!NDn z7|pdUs*hdc+KoOrbqLHK3XunddiNjzK)^6a>Ng58mi13ryZ=ie;&a=4x9!hl02JSC z`@dF*)Y`Zxg-9W@k^d*#e#&|aN+I&czxzcY&UxQNDMWhEonLJGj^R5 zfNu9vUC*+exw}!1C>`>kZ^S}r?|P9 z@h~jj2PA%Hx&vVV5!t%);Hg?z5XXHUfK>JIh{LV;Q{oy%HsTDea7dJXf7lf^uD18@ zB{!$F#7`1&`&1G4AonC#P1l^WcJh)#Go=#Z2b_tj{X&*1HB#5p>nEPD#Tf`rEs9x# zcw###IB5pdc1a&@jhy6l+}TmEW^e5eds_176`s&1EKwl53Y=^c@R~3qyN<>oBXB@7 zzU2mWOSdmh%F>v~l}(xMF4%^q4tH|3ohZp(H>h7s__nqYGZvVo+TmvSjSP<#!!fos zEblb%92HVeS#o~xNl`Bi?xz;_!#-iQsVBnZG-4q*{NIP?5x&0#m}iORV2h&FLN>ioKLMe09~#cS;L0%c?(a#SpV! zymw$6Eep57DL!_pMycxB?vBW=nBf-4L216(r^4v`%dqYhHhrb+0;8Jq{E}-vrW_n6 zYi%gcHy7K=5W25U2e3*}Z$?A&hd1vke8M8fR8n)FV^Ap`-5HUNF^ibBW+Q!Is%&$u zlv=m=i3^du&WRV70J;AeQJq>QG|YUI4|7TR^Sp*BQuf>^$VEhoZ(zG}>00W6L4$Tb zwpDcPczpHw09z{LSup8apT%HO{HXruRihT-6{&%{EW7zx?XNX*UYZb2Ugr6l5o&Q( zKRJ=KX`sU9dCj}Pj?^AaawXHaJO&xpxAU^TIoFr}oNX}JOBb-Z>Q7Kd zVJ^=_{MdTxWvT1Cv8(4ei#7G%xJ8vZvW8|J1oUcq4!FFPdf(La?3Q1!I{%wa=;jTc zmQKI3uV-u4P3ELE*TnVkb+QMrKiqJ8LTcMcGAf>d>?W&IlV7<@FH@kNi79TL;|))I zpUgF_IBeaD;n?1^?yI&0fjf zq-OVAs--8cb}hWG>`NHOa5flWv+4IfML>+YBQVlCAsAbX!9+e5L^POTIY}wE2=!82 zn#CovgFJ<^RxNe~Zpz2e2CRYKtNac^01y%XtU<2CB;6vr^ZYb10RpH zs+twlFd+PCA>4?KV+j3Wv^4XPhgH+ulbm>g0Z!!FeynkQ9w>jlY5y3VBxbpAWY!pR z+zi9ww>9{HNK+toNL85a8CgzF%|#z!=IGO#R5A<{KdJQg%!=P^5%9uejcZdOHpgU+ zsBQU56syrZDc76YNIF8CoT#q;l*+FeTDpTQjbgDBCG2>bh`$$u*#=h;>5qRIWEG;s zwZ-2*0dfifNa~MEp>Qz_PTdLVoHlfMtl=y9bPBp>OUWmvBh=BR<-D60>c=-*F^X_Qi$Ql-*KtZYVG&V&rH59`;5G_E*fs@BIB zsRwPs#78(2j}5CwC{n~%fDLk17Hx+}5;Qv~NJDY7-NU25k`8V~Bw4~QxI{t|k@W;! zGnMg;7g}3MNUfsAacOaPWLx|oPcHm*M&OR;eG_*~GyH4iGohmGMgH!0-CPNXf+v)) zz1_tl$MJF^pR-qt5V{7fN`o|F0>_ZbjL^s|b$fe;7JAeAQXOZIR>%8{%#n#02^gLp zHlx?lg(B_T)cQmDY)K(#jXJB^tjCr$&3Xt=pzN|Hei!RQxh37(tIg{m>ZO)2K~C1) zg2zDQ=)hY0+enJF8`*~eh1464tjo`ERX@P{F?1Be71!1c+AH8x$;}b+!c~|U2%_Bv z0fg|e1zx{jM$A_>RP@G{Tw>SQPTC1m0MYhYX+{7cx<|4<&n8aY`>^M%SdLQDwhXT~ z$BglxK)bEeg#t|NeANd5j-8Fs`f^|nUOrXV#=`gMn1K*9-U_{h`e=aHc2|{ zMFyYNB!j$g(#M`z(g<`9I@mZehd9J>W!Re9*P~tV7AR)+lUc!XWd$Ae>W&EUwF*Ux z^|U&PZJ65Sd^P?wl!^iXQt}4RvyS5=L+C`&JSNW5Yj`p#A+URwi`8$TtwKr8cZP2f z51rf9@LRoByLrnqO>0A%%{Uw^6b@iWgaNq>VQ3~i{Ix}Z1Ic9vm0{0ZH3sc z(cwLx`%bglZtt!e2RxlazVHNNZtTM*#k(RJAqd;mJ>BtuzI%hGZw(8!$EYioxN!6cJ(A4<;p_EjW$Nk|$$-Bpx7(SVE3Wx#`g*uJ$G z81QV*K?xSQH^Va4qiK9d0#1XUS z;!+oC2421>9y*K(58n%DF!r_Uyv6m=_w5J7I(kHvW5niIaMf5yqN*>)1*CA#KUq9@ zhTWHI$xjp$s<|jDT^(Vv5x~(Er7j*RFCI#<q3W@p z9g~9L?_wH^xfRT+7Ln!{ni>#GY!V&1?aCM938z4?>EF_fiO>TF>2Ub@QiNn)1gdOA ztLl1U26&<(tP$77AR^)s1u>qm7|&^ph*0tHO4azofH-nB)8uNAv=2e}ov33BzuExS zAyYa0v0&3hycKfjN=_n-J#l287`m5uf}W(d?^BoKf6LTsiUT@h%KRKN87zMN*-{|* zV-n0K@whW#nJKvcL-Mhj`_TpAbM%xC9L}hGOFLdkAD2?#*(sM2xT*Uo5J@Y5GWGsU z0`x&Dj^rV~&56aQ#KBX~GrZY*VvzVo`)c~k7h2LaG z|GEE{&wr}?2dbXq->?5CBK+6&pZ=)-_h%=o|JlzU{$Csb2e6Cs|GNBuM5V5E0Fcfg zq#HWY0}JVegLKD5`Vb)fNsu=wkwMhR5N2cq4>DF1nIezOP($YGB143cFjI8rQHu@vmLXZz)kptPt(Gui%8FI1`IaP&xQipujjGSvnF7_bTN0D2P zk+0^EhpWi*x5y92$cr=Nr*ot=fV2mYwgA!&jC4dpzTHNi9wIFOq&a}Jh9d1Sk)D)D zBLMm71M=$^_ULg5=AcBT37()CIkLoo!9--^or z`St&QFv8E}zptNzZ;d%HW{|f;;U>6CXO7tPW zT_8^$B9D%ct2dA{{75FIuc&r$`1R?h@0ra%UR+*Ye*AcGj%o!j&pv%SIXQiI{1H{# z>5bde(VKUBdxx97S|}&t^_M$KW>wE8yJw$oJbN(th4Iy}Z2Kc}yJb-E3?ltgNiAn_C(hUe}|P(bd(}($JHaSA@gi!Xjd* z>e39TMneyS!LY6tK%M5%z-a#$DEn^=f%2zDrPKs|_)~vhlka)}0K}LOfAV_%MGvHB zWFmCLGRSDMQVB??*kj2k3sGLrDLPW9GD>tx9-q|BwU^vvDNtUbLCduU0caS4h^ z82Ms)hX6uWQpz6IdHTM&>gAPe4KW>IVI5*&jW`+>N)g%^R%!+YNfku~YHATBNgf({ z86^fH#EDd5!_$~33M*ht z5IuAv1p^5r+#fv7x|*%|ymD4um5xFsYO>U|1&%1E8x^WsMs%;luHGtU%^P z+UBq}r3k4*b$DBJqB{tJNuhp_KEVValP`2<4`)D>66(!e{sFAKpGXqG z?Nh5zo`c*ib8+&v<-p19?YhOvI20usCF1dXoNFHri30FB4Bhtuv?y$2dKkO}4gzBu z(#ICvI*%c4_Wvw5fU;`i!*0EcZeU2uU?NVv0N^?_O!$(a8xTEPQ>@-Qi~bbxOm-1e zN}hgzd>MKYwf0S#%r%9mcw%wW68OMYKr%LaN&hk)bt+85>5aWVfb(|23Ix1;23N$Z z0N{$miiR^v#P}@X5$+86&70BcEG>)#Y#wUEvDz%&o3ZQyjN3#k&zFYHVk8(NiPWqB zxCSrnEPw+a-XO*j2aZ8V>oBZn3v1Gnm_a=D=CL7R-u5L0!}H}uc|0YGk(U@Ez&IFF z2-jN?fAT^!-}um!Ap%!nqCZ0l0cmCo7H9JY#dgFkDdAI7wQNNz&i6AB@E}Ga5`{f5 zBjZj*^wu87~l4Ga;;sJAa7xOtOcUhKpzmKVLb?0yu&d8<<8%Q1ow zjw=u85;5-C!l1I4RO30q29v?qkNXvI1sTkCZt<-3M=-qHgbahoQlkd%sD-OP!?(h) zwt=Bjx3n{e&-W`30K?7nW8E^jL!qLPOpXoVN#x-+q&P(3ai6WaHL)p8Iizg3h zi3pLlf<)emwo}E%uKU(ML;#1VC?1D@a@PRv6EXm3ghy}S!lWeRp!3_R00M-jv=PQg zgvm5O@NtgYaNxkLvgzC95e^aNe|l5$Q~ht_>FMfj?c@4Cum1%_MZ|wo|3wT{0Qe96 z|8HoJe;MV6{wDzNfsbH-hlhvvYaOcclYCvhXk_J5GZKbQahetw=Fzf@lQy~F*3_dfw4A;I6ue-S~! zKji=KrTagF|3m%@0@y&>FY%w#4taSfLz=L|4_*NM;Dzts17MrTlp0vy;+k;TN`j#8 z1CMpRK{$SnbMhjF-ynIrvwgg>TnC5z~1&c_;(X^fYp2eERi4-X(GxRk!Y+9|;BdL#CkpkSV{^3x$5#VEFD@ z4FB;bM)~KdR8CE-S3}*La3VG|J{DW{~}`F>;Iy%@&C^^e_uaq9|i`%)!yUp z4rXoV?)>*5{x16e)-V6=`YU_*`8eDA{@%I&1Nkq6N&xbk^%oNo68mHS_j~F7&*1Y5 z3jVUk=NIG?Lm7clAu>{eLQ=w_3_=0|Lj1h0HvHK9LXv+6R7CJEL9OlV zz8jAIcCRA8>h(vBcRm;2zXBGJ5)zRT75LFFYJBS-CCUE^?w6^Giu`K)Uso^wTPVU( z0>7TJr`vxey!i>d#IJ_HIT+TPFC*4oSd zXYeAwc{V&eY%Se9ZC(Angny1A_$w-V+57lUs2Yvez(Badxx+XP7SF=hGJc)wBbg?Huj>P-JrS{5guq zU!o|XUMl}+|8FVqclE!%y_cu2v!AC=(C?b$KhXcEP2peJ|HZ|H{?Pxwi|GF(GCxYJ zS-bH&dAi&4+uro$*Rr+=@^SX?bK*B}_Os_lZI1n%ZTWxpl>EWK|0J3J*Mj|QW%<9q z|LJ?8j=g_>`-l85_FMa}sHo5%_MhKR_(;s5uq6Z+r4 zKrSIS0GNh~x(e_;v8NsC2S6SHgi8Llu0g2CUsRnb0F`$L`4(W5xAU~I2kiP$S3qb0 z4CO_K4ghFY002d~j>ATft3V_G!@5-K(-DjF&(HUVZjRAUz4 z=3{4P=i?R?6%Y^=g~PA>We3PXfDjW11WeIDOaPb=ghmKL4g>wD(FbDxK z2n`HDB{4!n$M`ccA%u}gP@Wiy%An&No+d<6+A^S^&-~0M9cF_l6DFNi^kosTVv^Z4u!L-w6!g)aA<~JFD*!GE4orxK3g7?)?@m8i zSty!ay8n2t*^`fs;Pn2Mm>e<5>=|BV>opbkO0vUmjS@|g=eR_zJw+9^t(oJn`?aF= zeOy=(pnOKwh`S=^mQ+au6=;VI4lddq1U-yCH;0!#S(kAYwabMxl^U>iO>*j=I&8}2 zw{0pXu!#5DP*Li3g=gIjL@Y{|BoV1&_gpjb-?KE%VA@u+zrolt^0r8ic^%5NT{Y;Q z-nPe6zpy7Y@cw@KLPNxf6ZHxlDk3b4PMim}k545l8s}K3NX+_@w#$>@iMlgP)N==d z0(LIng!pwH@kn!0e|kNf!ejcCIjOecx^IVMAZQCdPF!Hz5;3a_1e_S^T=`w#VND$3CBmmm7>1D}Qi&n=PaAV28)`)3ajb zZQ1Qp8!gAV_rHvWD%}nRO6SiHYIo`v5Mj0Pgwf52oXaE8`)tc|uGiK|h~?E;u;ev* zzu+0%xWIm8?!r)Bx3K3bn%2)!+Q9R0x1`aoUFx7^RN(QVic}Djzd1h_15HtDwh-$} zg?L*W{qt@Wm`b$Z`OITr{#gh3b&~kelAJVeVXmE=D+NKA%?ut%=37l zdX_mDg6D#&I|bDnmZH^JadH5{=e}7Wfme^%uKC_;DAZKuvf5&|OxLFoJgd|W+?3mi zt0<(vPIeESZI${uNk}bL%aInDb8e5z*`f5<%`a=qjZ6iuJsvVf)kx$vQI9RzbhJbw zI?raN|Lh{m~5fhDVx*L5;cJkKM*Dyao))GU^ShOC;v8=> zOZu)W3tn~X5;`ihYL-%%$3H(+DU);k^!~*(diZU_WMcGOmkOP$G%a0Mb{3y`y|~4K zkXUcpdQ{7+ERx*mCg8dt@V+VSjhR&oh1CZ!xIyifQW>hEgCw3CWL#rNh$LMba+LNl zz1+EuG&CbW+5a`oDlncmlfb=1tG4cFI=w8R))a(g5BN?yzh;^cGBGhl41^v_vZ;&* zHj)~t<0WD*N2v7(M0RM_X1e4wW-l%;cHFkDvv2yrW?=Ly082LEqd3{=@Qm!Qi7HDo zoJv@#WNxyvw876vON}|ZT612c%s=ayTuWtB%A-*>>**@7L$kA8zJGhj7cNXp)#+T@ za%TC0B6g0xw)0RXvlwpACOyA&Q5{Eg7J$}zMEKcL2WO4APu569k1lZ zid(HYcMvQyW{&q~=I)VPzhOMNdZ=nxxmO;Q@S3B52nkHq;-RV}J~D3q7_57TbZGAC z4>tWi&cnj8r0r75TAz!X)j|NG8-$wR;A9SYlgM#J@{RS?+*|dv@NG?zF4F{@?%_roGx-4ba1TY_npV3vT|Ep* zJ5~&_)C@d#__Od&qE=f>0;A#7bZm@tN@gUN?p|0VwnJ~0Y&*BewDOW=R2xLwKvpU?yQ$dp!&H1z?+SGI|GHQTKGgRB%BAvI__R9(uu zmilqs5-Hia`l&U>pOW?ZaVTr9 z>}8!YCeUeR6>EY|#u3zFGZ|C6UN&fBsRB(Sr&Gfw=pj+^z-7|Bcbn}usQg}KwTOdT&i zKNG%x!zuk0Y^Zfw)6lHzgZhn%)DcO{!AlYQ zMmf^7IYmChW*!P}jt4=CH$2CoFCN6bQcq0PmeP)cC^(h#McbzvFspqbH|bN1V8msP zRb|{6eQx_sG-(w*SQ`}ymM0jC#-grj%d=*Ei2@RQc<(P@RG{@+jyB9XWA=4+7L8%Q^LpID=B7>w{bt(|b-!_w{vgo& zGAm}&EU*oFJyB9azygmt>3G6+t7>eTYCM7m#5gr9&`kCsB`r1jN+7m!08Kw{?gOH! zB;G!ai@WzpdsDO`wtcttH{k{M-gN~wBtOa&YHzf2kP+j1C}raANF+n>Jb~AS{N`Az zHV2KQa>E0QtPQJUjhv*MS6oAyw```7OWsc0(Yr;yT)|vUbwc}a9MC}AtWzSse$viA)WQf>s{~I zG}YN>fqL64M_UF5FR^OvG5;^zRH!;1J|*@>zA;=p!hcrC^d=fZL}H zbv1*;myvO(yN2puc>aN@fhv=o%BYe8)iegJj4Lq{$KX{y5*%(k@nw>=FRo0s#NAu` z^L{&t=za?BJl09ExV=GCDR(?BgKv@xs|yJODh2woF9S=nYpF!i1!dpf9G)g!cAvH= z8y?LmYh`Lr2XMm9M#wAfkD<%db>of&C)U#?C~^xLIaM$%CaK-%2Uo0G$hcmCXp70w z(W{mxC4Z%epDak;Kpc7Cch-<9cL<{8%}vkQ*gEqJnMszNb>=nJ>sJU8S8b>>_;%HJ zvs)b=-fT@k^MZ?p-8r|hM6lXz4R&vB?{4b^;>|sIOce|gjRITmpo$bfRIIJI#(_JK z*SIFb<%Z>jZ9PdRHW6eH4na3v^!{99$(UjQ=5abDp!V~{7Gz&4S@hSlMFNkZNFeW; z0{`2_y9-Yf76%almp3sj-M1I+Z|ZNK(KBY~v7DxkSclQ4W=U5!G+*_3g zd&ks-v*eqm;mB@UCT$71jmX?+kI1IVUU*hgSME5~V#mV*O5F605-$MX?v&)pnox4b z3$iOQ(I4rfu#Q`X^*OQa9UPWqrZTL8?hYdSino)(KVKN@D2PooTVtNd zTbj|kYW8agz3Qb9g<`xANrrp(NAJ3;Cih-n?v2^Kf}L2>T44=8r7JMhBRsIS9z_C! ziF&Q+C6pvDy}G(Oxw1%Jl)9&Qf9i<&oZl11wm6b&zDjK@V0}+T`i@!^cU4E7$HP}N zcJ1Vcxqpsxa*GJn|0%VBi1=uo-TafC_(n| z0gjwnE)NI}XXhtyigAf%L_s-6yl5I2 zonz=3RZCCc^}Afifz|dB)yj{Ua!E&#Kgt;`D;~@n?mZ z`FC@QYO880ODo!&+m;uWj^_@_GVYe--K{7p?~HkR$2++$`AKupY)D|Khf9`&!!*i| zR9xKI*?H96eOgiRW?1-$on4Lt%D+5sy0CD%v~&jLN;)xdIX(UL(W9rbvI<8>-#R-7 zPEO8nNWMtP9y_~a%{;rf-|;*(y{Ef(_3@MKwHJp1BBqu1dVKxEJiNoR^Ba5uVi#BU zFF$|F%CGjzdHv?y`_Es#y?J-)QZi(j+IW0=rWBRK9~`l<^;l34^7ZTfw{NGY4D~3d zRb+7Rix)3YDI-u}$7N+@s5yCfcsMvX2&4R8|KGJA{;|*>{;}WJ1dfXTg(47IAT2H4 z7?8X?Z(>5Mc2ax<8IS|8=CSJLvvP{a%E!bgiz~~>$Vb$}D06f3a}6k|sEqUo>U*Gk z;+o8&6R8Dk?%6$q_hBtp-fZ3weNUUI!h8B!hNuZ#$KNkpb4$VT6{9MxvI+ zi9E`rCC(r&_Cc$zm#J7}fI=l+PcTqskTlR=z2IK7LF@ADj5T^H({SpA*MO}_Bn+>? zY%aSYJDLT|QC|ngAk`)P$h?=#PcZr7zm~Z5F^t4FWHxDvK z!)!)$kB_}KV;C@+)GW9JqbjzEI>dr!!nY8(l+vc^YPhc%``ye=90CQyu=t_4{2|e& z4;V=@^o!?3Qb8<$3tpX8p#oI?@eSf@;Aa0ujfj_z2#(ppf^`}GcR1w!Uw-<2D*u1u zgY|o+^$+B~fFLSx{WtPoNbryN&)-Axe;W6P{D%TipzRm=|MlCq-J`RH!RIM;W7KRUe#-ywEp`miDj z7}ySZ2DRy*1Y(=U*&P&>DK*wE4{luhBVO-cr}+OajGy!W|6%Vv0Gi0UKhV&Nphyu! z)G<_%lF&gwdQ*B)Y>);-LK2eDY>S8rh>C!K*Z?aQ#Ew`N3kp{3t`$4BwXS8|{dnh2 z5}JUx?tcI8y|=6j1DUz)^xrx6PKOfd9~^S;@^4`Yn}NF6e;aGq9`x_|Pd~WseR*6c z|Cix~C&wWwYHfv+oX%grUDpV~+4B9zPuBc=Y}1atD>rOgwyGj)X>msGl9_WCCe6%9 z;LnVS=TD(b3klB+jiinZj2JU!jJY}N7>j{kJH8{f;~++~_6zU~3w3u5^0a`H=}_SX zggi2-1TA66gN8wnX>Hd3*4tKExK^bBn=XG|XEOx7ZRL@L*7fb5ZbqA&Yk76_pz|p8 zU*{b?VyB}r-_12|f)CbTMKMJ_Sy6ewfLJAYg~f!trEr82I$VBv>57%BR<9{Ths(ne zO6&AO$8Xsd8Xg%oWkOKk-d&TTYo}3x$42g?fZ7`-tu&7#IA^)yHpgK)an|KWDihLQ=M?;tdt6Y+KdgXnJcem zJh`EoGBRarO@{Z|!@3O`kO+OB_*`YiRi{w1$HBuR=!BU?+99zSl9&by*>YNhY4 z4QE%BVAF18zZvSi+GVcurjIUqnRIW%bsqK?AC}7ggasY<-Lv`1mIfq@?!ERlY|?p zA9u{Fo3ZU_{iYR%ckdzWeeXRd=y2 ze$mp}@cUSE#U)iLx#ix1{JiL9E!p|yW2Z9;C1eNhUzv5^{`LMR%hcEZ z`KEXjU*q9bsk7-V50*U2_PL+uF^H+RbmX)*)Qrc+E0!?rlfxn=sdD8XE}O8|OHzB` zI`TtpR!RAMt;t1c54DU}m#iE8s|i=#S)=|VAyn0*;L)no`+FV@Vesr@)+7*aIDa*32I^ot`5v zA5925Rd$jdIGQ@=>9!i1bx$`Oe5*Zed)?c?Ce`ptM{k{t$-WOIXGoV3q~mrPz0BWP zm^`j^(EgY$+iXh>NH6v^&mYCE++Z-oh%BqbB@9|%meI2C4{6%{z3;CsR8&~}$GiEu zf4nW_)O>#XeA~V+s*b)}_=j897j~6t) zADm`T=B`|KKTiqExId0|#YHCHE@7ts`B0f7GJ0}N=}(Gh@LXg{W>kEBe=}~_f8MCe z2h29oTY2vHFOok;)&B8*JG=IV>B+NU5>21hzG{`Dr8}=XI>htSGv!jP?B@9k9DN*J z;#b6#h3gp|TH#Y|pqcCO(P77tpxpCA#?Hm`)#dju$Xz`9)Qt9C>_5}In>7nt2#>ESq^dekX1x>3j8*|g8*9G!M zNDtS;T;}LYMhEE4n5sIGoZhNZ@o>z=v32STHXa#SWjCdmbD zn@ax3P^6JEEq*zBEpi=$Ib$oQ?_oU*vGOIY5?O8w^W&@FTsESlhbcpxF<-Hiw9 zWPN1{L#GWrU3y*8WxuIg|CPz=%e9uu5;g{(?H@AQMX&0~xvh`*s?Yy;tSjy9YvATa z2pyd+p*k{s)^ufpL|*CW;VBZo`nSH6XwF@Gt?Hz|k7NIJ&vQKt$2ce~tlgYA#IaH$ z{rL40-A!O+y&JzjBa4}}c6j%K2- zubMvM8MS7ojQYCLKdF<96ul)XhpMl-zVP_Nmg|i^bgOOosX9ZJT|4OOa(S`Jww1o- zuh*P>qfWT?j(G3cjq{ZZ^Oc(p)WiS#RJRWGV(R2Wz^f{e9*eD}6QGFWq@=LS8 z3(liej@G>0<<5)zn7hGvpUPpK4T_be=CVeQHn)!ZW!m$Vjp6hv*499G4~G%KM^s#w zWP3{2J&btXbWznNE#ScYi$3!Y+IgApE+~s`c{X;!#vQitFEmW)D?Zjt42W2-%%Cm?avYeUdPWGVwvut0NGTnQh;q#uTk=c;YAKg6?|C2(p{m%Di*A+N6H zl;^KsCVsm0;OM9QTjvg4bN#h!#>x>&GUYK;txH3n8`aI)89FpS^2C&7bBcGCFJsLx zpDaC6kHEsFVd zQJ|chrJ(lYUY{k=Z{HYEG2%cb&!tvXcI95X=-GjLhLafn&*#l{%Xq(aW#LlqMu zYbER?H@}|88RpVo^44P7!+N)elA*JA9Zpp|{o$d?`oO9JmlrbEMk^%y9esFh6tP@t zw6D#Y;?zHHbKY&*kp0}%?xEC%;}89A)Ex{UF7C(Pwl|c$Q#x?SxfX-z2CWWpygm0* zGKrs-7-tW1OVyozM^0;<{^oPrX4;Ow8#RV4Ij!Z~xi=F1K2LDb@Yc1=EtHUmvhyIW zwlH4T>}{rA{3et?b4+FOWS;)IC#R>3o?vutd=qQ8Y4u!x-$#x7GSfTL&n!?rK($GyeEBL7#A#!76sbP?$iuaSN>~+$qhIupI4vNzWm-Lll9tsaT9;;|Bo4jJa z!!{~m+dJ9R>e-{c1_n0Kb~CJ`Jmh9^Wu@rqvI_?I&KY#GoOC8>cEE38|q%HCZ znT5MNVx_~DaeZdc2@Pt55$~<$JP_zF^G-_5@N~EF`543Skn~y*>?4?~6~16e#ZP+N zAi;0b|9l@BzAGXB(;Tjkq~5Uw3yU*+L$h^NCULGrsM$#duH!GP@fhIYx6vqQkqt*< zQ(S9c?0g+vN%uInL*W5l6FlcO$)C~mzo4FyoJV+Ok>c&8LU&P`MYqb3;7VO09Fj0x z^46d>c<39V#*m9jQN@!<8)gQrpM0x&_Kxtlj}g4N3&?k~6so9%M?O>U8Cl#ZQFz&~ zc=e~n7v|b)SuR{tP1f0^{3&k9>qnkdJboc}F(+&BTJB=^PfG^WFQMs5swOR*6)k`6 znw+njQj%0|zr1OiY`Eb9IZa=sgV*Kj)HHso8&K(L=q)i%eK2ib7H!3bnS)X_1J+XX zEej%CC1t8-do^TU+eZs=Q5mA@Pm@#rJ$>j?71MXsW^0e;9+FTxI8f)hXa1DnMOA83 zyh@l&^Cq`urfaA-2Q;hCu=>0#{0%iNdSOF~+_U?}@pYq5hRCeQIw|0!XeL-EuihH(hlyWR>)bd3#6V!GJ>@;2zp2`<3uGCzZTtJElc$a4; zQ#~>)TJ}yzuI$MnXKUR12PuWP4s<%9q~NZrT0Z<%uoipZ?7V^gakjJOmgO_{=PyZH z5$!Aa+`CA186m10?JxAOe32)_=Y4|+kr^tDG%U1Krnps?R|Lj#q z2AaS2b-6im)g9*K)`JSP`;lcgD^`?Twtx0^rX-0V(`-;#Ih;c*S1;GP{&YD;E>%}l z{XJ2pj<0pSa;T<5>8ZgQZiYy=P z;G%Uyy5Z^aBd=Fi?O)rv-#z+KxU1LfeGL@>(?;4pn%g z{LJUx99bUqX}R~r4cdOw`ZX&x=+9b0l#}><9k*0pFP(g%k~q?B+BTJGPsuK-H*yVX z-A5M=n513dermnebZ+W&8E>1ihT@r0Ybz49E1jtY>(%@h@cK<77)-6`cRg`~^TbV4 zv^QKzTQ_gwI_(<+&!rG-_pfNRYutR`m%QH%DtA5`5v=Gx`ULF|l@xunD9dkiYxbr? z(>8pr9`=H|XnJ~q>Uy~?wX;v3+SF{nrAZNc*f^%Zz9_tqwlmqJB6)qJQNHetwPnHO zb;bizEJ;^O%t|u1HeB0!W^hL($}s?pT24C zob_74{zX@-PCYBDni$aUz}9(#x2w$13C^i5(OW*FsZ8NUS;MInF_#wpd}%%5dF961 zfwVd$)%xnRyt4PFs$SmMG~{`e;f#`jqjycWkc?U2tM%Ntv9#(;4*A3M?arf%8s+3Z z`mW;+l)vRy?RQ`HY~Id~&o*lus1EtES<-J$Yk}{s31bJ_RLXtIse1qW=Ayc(!x(b!P^o4Yk{mYq7alW}wN=NnZKU#cSy>`NhU=f!V78MpoO^j*`N zyytA$8Z?9837ZOnKF!$ietNCOP5aqg)A^X(yXLTf(R&Xl98lc6Q{nerqZaOLoW7N`aFMh_ zZNnBF-RjznD|Q**^tM$vxZ}&gS?YvUY6Lmbx}7fmi@8fVd2%HyYDeEZs4(P^%c#A_ zS8PANV$q2&TN}R|wsMs`8MlAV%>&E()kv24ynBA&{b+(DUDk2k33_sk<_1LZPH zUb}egTA!m+H*6nOGPX9vDB?o8g-=ieyuNj|gVgTE7ZHVrFbRoSG`iW)~A>PifFrm2!e zj8%|&M*Q{l+s{WntGqUFB=7K3t}_|%Sl^fHvU2!5f^7N$(ww0(Ng76f43>D>Xew2) zGh4@3?v8rWfSs*61VUh@CN*-keEMM4FgI6AN<_)EXkS9=EG*wh9+SwF+Kc7NCy$sT z!5y;E->&&t#$ws~*n7RD*s#X!(NEX0w6jWA?_8Z*Kjh1(^TidJzrJs5N%k8bL;TfP zxms1`f@&TsWJo!Cstkn~^Pj{B>f>|OdAj>97WfU73EG`IQU)6}*&{Ra&&Gt&X9MGo z>pF~YS#h7^ER|O~PsfTeF=l$!;DYqy0XtvawK`StMyb**Hn}1F(9?0dN^H-a-BoC` zf{_#-qmX|1kmZUUTXSP|YHuADSiXMOGUr0v34 zS!!|Y_)w!3*|RPKPGsGgLcUU5uln)jz~R^|E7Ez142@$CB8h}Zw;@@#tf>mQe`*XF ze*2L1CDxR@;*ubXn8A?&6+14UbkXeZqf5Shy?8wTJn5QTd^%PkPn{E1<{rBxHXT*AUq^D;Vt8<~F(&(dgWooTgPZdR6IMTazP(O%)QjrlgW_N8 z_<6n%RAYB91KL_{IsNC4Ixjf1H)-{Dcq<2zfvrdesOmxEjMO~KQY|KHk2%GV4h|Zt zD1RkKUt4w2Zeql)sYZ8GpOs8L^(s;E4`c1gW&@N}G*XH5$Vr6R*}R{eV`h5%RPd9A zoE4ipFLgR$>58(*84NW|J3{EZ1r8H+<5T659pp4vge~p`(+f9_TwcywwWjX4nVQ<_ zsjExtYOJ@_k5Sg#d(O2$cl|M=pD%cvY`k+{pXtle%rx|qo0winlvG)!{K{Km{l29i z)heZKs4dASRit|ioF}1dTo!6Tba4~xC|R0X#;iNCKtn6PtgKq{$V_Eb!DadMtHb4A z`Lsr>y=h*uO8Ul~hEw#i2WMR0-FfO8?J{yL&+_?Mcd(Wsij5RRN4!Yi)8=jQCH7tEgkXg3u zL@e{nKHG%5<>@bGhkrhqK8M*7GIE`Iqw=GEyhp(?5!t-4emuia<6UtVshc*%O2^5S z7q1SlPd^UrkCT!G(DJaN?v9;RFFub#io#ym{h-hGLK|&FQswCocOk zH1V_K&*gF(CM17ZaMb4p4Oli6{{gSoj%wpZnw;AL)nwW&r^tdF^bPI6ftS3f1CekrL=;>qV`FNgI@ ztA|JbWMtVm-IASjSKe@geBBuA_a|%nu~%9)3#5yJM(AdG8oDJ6dwOB<`~-$kP`Ii; zQ_||(1Ut8->}BPYkpaJktT(j1D##yE;U5y6rVGRwy*4~aclp4gLh2E#Os?SOQxw-mYoi^HQacWnnPM}(e2nPrBT1+j2k_5!XWn6yb;Il z3~#wQa;J+z{N#`ra=xSaq52@~8bR@1-Ifgt_m)l0z7$}$*}!y zITkUDb#zmMQNQ(WA!R(1RmGoOeq{_7hj-n+iXjxu~Z$GuhX+TC!}i{=-4* z*tNE^AFp~qh>K{{UBj4R6G(QZte0a!Qq3noFKKmd!q@xPwOheLxML zR(DV8q4V#rk3Z3+zG*Pr{>R&qLDeT{Kgpl}Fx;W|8pC27Eg*qlz zsAKvO{3P_-?QDydmfN$#o0@XGO#3HcvQjT_9b=-sq(RU4LdgYf*^siO1TBMe`S&go z6t$!0z2@%M@p!Z_D`c_asR8Tp*QBRL9UGT1*+7p@Rnw#zPMR`Ck*OI;%KRyg5uZR< zSdfMT_xwqTx*8?K0h&%yiVg%hjbN+EE-dE!F;bcuP6TG5X0XKC@YTnT*PmEXqs!S) zOVH3ToUuJ(hqDBik?wVnu;++lVcm0w;F;QD#ojoc}k|6t+gU3UvG6O zb9?#AoP~q^KYfmUmQfv&tCf8{)St56R8z_A{Yf9Kpb7>xdGaa2(`_D__cPV+#a{6( zJnY4)tbV4wTa8h+bg)9R|6m!}tY1x}G%mT7xy9DjUe200SW#Ke=Jx60$wBjHe%M`R zd;eMZv}~hQS~nxk-q`fK<_+uCD821QUApH`IHg^S{3VBGh@O}KRuXlT3hqRexd9*mD=YLwJ}>ZjvyX+EFI$Yk`-8R zCVAh7JI!;x93Gu<^Ub@Kg|{Y#oxXQ%&-VU-!-EeU-!>=u;k1B$itj17*)$TpU|8*lwkK z@vY0v3;VgbNe1~%@tkjyH6<=%jGwEjVuJnWC$}fb-YE`EKALE$=0dVbyG2w33?;m- z@WQ#7IZK-d7Ze{X)-)TYxSyDAY;)X)>PxloD-78Cbc2E&DQ!XIEBzgAmd+*fo~)Sp zf$1%&Ab5P<{e(%z+BI1QInsLejlSbD78@HsU1xr#Pp5M$>9# zXBVTP>NTG-+{^bqJ345!%>DG;6!ho>m(yHXw&(>{E zCVa`Lo+**EHBK?8IkQzl{SV0_j<$!?ZdN{TNIIcGv6ebtyuYOEh1Bb&y7@aS53eZU zUq4!ICPS8SnKPorhTES{D0y~HN=n6R%HCJC6U+}7m1{m zT7%O|^@AqwRy0!^xy>_Tp*;Vzl&nd9!{zYtp?UseqUs)7+f}H|8y;8wZducNg=HZ! zDw}@)RpQ~{j6GLO44h6GZ*UpWv}5)9rNIHagJe=QXbju2gm7nmQPJ(&nkQ$4Pu7$R zWD1T9IPFkP?pJruF?8za4Fo-{)(H1vEU=34OQtM;qf^4}XYtKhHZnU$pO6(K{kC*4 zA#~}8RnOwq930eGD0r0gVqocOFAa{K*NNS8imV63gl8&TmX?rjJ|EpEfBoFB$rR69 zMzTrE%lpgiRw3y95+y0oPcmoV&k4bmiUGW>^m>~I;nHh(3a8y&uY4eAT(cV$`|P@e zro*z8@h;`Ep9)=@H`aNaMb9YJ7v@5vvCVorp z&S{SgswpR~zWm(sqU5*{XjI&uX+jj`QSMeoSfW`l^+sGU$!?0Wi0i@GrGntRI`j>WY_hu;?&G(38p zSz4=hJ4||Q*#pbP^%i@SVwW_$m(v@5Kj`ZEa!l#c1Z_d{5|7u?`CAp%CdAN2hh!G$ zETG5))3ry~t<%%?Tu%4nPV`&#*nD)M+9N&Br+K>``%z# zyig)&Eg;Z;P0SuG{V3q0w3}V(5rPk+zPSpkF;hub&c&vx z&m7(Q>vJk#PLj9}oRgiWiwMrPiz7`DmRZ=>mu7TySrm1C<(L9CxOqZn7FQ>1+%u!sS zvEqEod*iKxMijiPnK_Jcde8fVv$yYh*P1?O&g_hN^A}JvLwr)R7B3Ox1dkt^S5zFE zA0)BNl2cMvZdp2GymZB;O5=6w7j53Yd26+!>>gdoRU`MvnjDxUp`fe~D5tDgl^`o+ zzB4X2N^XFvHkG+&Swcd0kyCKtoeQqajdI?O?q68Q%C8KKn!DTCV?b z`wya8_3}x-EsC}qrebEo&u`9iJnyi1m{)izbV0pCM`Vl`fTRi@dB4M|Ws_QDZ zMg+_0kMJHQX=D{NuuQ_4s4;2s%nW^hUzUpYJzwSy%x`U=*+Z5as-9N~fg7G%6}6k%mjC?p9D#RBAcE z4P}L`2wEDd6~Q|?=jF0fYrGejySgn8*>ZZW@s&R%o@!!SS3hy^{&lVAnL*3szXWlI zPiTFyR;QIS-MV@Fz@SH(E`%>}Z?HHi4=we1*QuCj8ocI*azev>|9@5`sU<74v5mnsc@`McDZeikJy=?iZ(-Q1Svoc%Pth^W0X ztTd;tGH3Pt(sQj66JMv%Dx1#9x=JNj zuPh{Q4H>NPUUr1ms@(pg3%t3CLk8N!Ymc3`{)^5H6N2)t*A#b!h0=zbM%(=IKtb!g z@ht^qnHd=?wWOjS*!}K1W6rieW|eP|A2ao3p?WAbskKOBR`T4il^#Llbc ztMB$E^c#D-K++j}qlbflN*1T{WhbvJWQ>%)Rr=SwYPbCq#S)*)|K4RFZX-&p-&%9aO*_A94HYc43)y?9;! zKNPo-4}L$I*`k&+_r;*gjwxSURs8lyEZ&e;{$cm^`x)k>%N5QFgMYuPIBkSM!AN(R zuq{yvuftp-!{^ETbTM4Dikcx+XC`?tD_z#Mfj}Td&((f`eYph%n-f$rwH;*@1G0{? z^_nx3Uo25tRF*x}SEb)76~Y(#iNo@F+!$w_d-58uou!pt&l)~+&6(G>#|-}C7o;}s zuJRrgg8sy%3&tF;P`SHr^Zvn0Wu$5%)3J#)tvZHpBQr>(f!u1f?b)5s+W|! zIHo9@c1$nx%`64AbmHyn4I!$DF%2Y{5o3cI2TryqsMeA3*Gtt1&%al|=g)gF=$8|w zMXw7j+~-&2UGUq#j8xQ+IY*CemoX&g?X3OR^+(QP+D1<-vpi(sN*=rX4BKy<%o%kF zOJ#dWr*n&nCuZtuZnHl*x_qhhy}%amembZ z=f%8p+~B0?FfTIMVx<&A*TIw&>|Lc+x}tE3+shM8i?7o2idO0zAxuwgn!0*d;gXdr z8ay^1UvzQnTBSdA4W+fxrHruAVLJNbQna&&OJkBcz7NkjG+e6Kdt{_h^ApuqdY4z! zH*E^qCK(dUbyc3YV^#23V}rs|C(Nh)wq??9hAM;WJWxE><-Nci%eMZ#{{QX@^j!bh z`N-QJS%Kc`KVknLsq6XQwq(nH&;R?8CGYdI!urnzgb`@}2fX%$09!qlFDJyrpw~d4 zt$JthcRrkf%dfY`3HPhX35z#T8wBaryawMb>kXfuJ8?GWx?ZcdqsLV|CC))1|HiS-bS2QePd3aq}naaLt`^Zd0wgPMq@c zIWvBB*4zC~(f;U)}mzBihkEhI{ho|e$n!jRLK3{v$(uFb= zNi(Q(`)SWCn!(g5^&Pu&=l0>d_U+XryKt<=T^B z`<%B24U{gSM2%6EcqpSaXld~A?Bf?r9qKWO;f9}EB`th(s}$EP-4(Ka&f{@MPMMim z+Rcq<^4-JMX6LKB6Q_8rk&~XhJL}E;pv7VNOBL+1N=q^wZObYIrqUZ?e_w4wZx%ev znksQsqf9HAdLUae^LP5kjkw!>lAiSc^~j!h3r%%(>^Cj4lQPYizel?!*Uos=3a0X( zw(sU#7!fI5=9+$2(RKZoW}lQPk9TkV$*JTO={Nd<{G-cGHtlkkTlY4@s$aGG8tcyr za%X*S{&Mn)-}DigOU5xDJ{Uj$iNr(A=R2zrV!z>Zb7vJ~ESkal4Z>K1kDgaNK0O;skC}-ta%N?yLDftQcD~ zu{MMeR&$w}vCNQ1HTdbatLx*8*uBh^BjQgyiCOWbaX{#&K3S74Yur+n zIcQo-d6vQEmWo`PXDw?Ndj0>}_VuX$yFb6Y&w8cfjo;A!@J^5}`+qD*umRxT`u~n= z_)lF6^?x?x%7yj+t*swFer$dB?<_)np(20XZj1asDxTy_a93B9AF)(FC`)$kdVz+DIzjT$dugt7 z*-fr*bgCUeW=G`~_7cgb3oy)$K)B$b{`#P<*Z2v3N|MPeqHGF5iMT-Or>GRknK1({zaRZbW#wL!J2v8s>Z%o?IKb)wzQmQaYDOPgP)RhC2`t_42tR9d&vBWZbj+;!{ zdg6H9Y#L*KVU=6I9lBL}0~3i#8x|=qQaEN!kdVDkEb#t$fXp7^>IDM`{d8w4ULWu| zMz*?eL5+5OVv^p4y@}*A%jBbf^)YhL)vn9Xdo^`WMB%yIodqu?R>lwtYb;!LrfX)B zt&*3z#2k%OSo{u4vnViMb9&~2u<4s)1GW4H5BIH+Ebe#VKtN@#*^HFn;rbS^mXuA^2V*e|`VA(R9>0kfv>vjAm z{vworIG~b{j_?10K7?MK=q=>v6BkKI>5zW|#D8M>|Igd(QU1HWSmXyr`YrhuQ$Zj!J$g5EZhb_><;6$tS2jI`<3QkqL}&`f?a)0gQmqqeZ~cdK%6H2lJIL|u zJF1eaXHRmI*hG!&|MZFU$e{$HE4(vB-c}}^;FujSZ|VIB1l5^-!K@wbRizRc)bagH z(iGS0TGj3>x>=yPt#;7Hov^cJMC|#E%kGS~W4@c{?#LBDX;M~p&ceZC+@BSB2?MH?T6+BT&c9(j)J488v$MB>joL@%yOC$+ffm zCrXYQ>2+#@%iJ|ruJ&6jz3k?#yy9!9;`gEY*-b4^&DK47X;Hq(DRjE&o8`j~%B(#0 z`*y`kjAvb89FwZM=ws*z{10_d>n~8k|^O-5vdgq zpIUnA4fWpYFtJiYt0XLE>Wrvc@9Ml8mYw3BZ5fiMF1JL(Z#VPmppUUsS-a_FALef> zo>rrh_ek+e&{pMLl?Ex-kBsx(Htewb+>!Sqf6KZvnvqzWy`xC;$)BZv))Z_WsUB!E zOYOv-%wL)vozjP`e(>-_*^-JXZxfq$9`r&*f3pVLEvGdXTz|4JYfHj%73=i7PcMx# zd~h~+m3cLNgv_9o;fD1|A3bfS`1(BLuQcC9pVRF7!Z&Py%BAaGL$a*$9u-yS2BWc);G+z_|rc$dWrkIw;q=F2Hu++_qO@< z!vaI%@`r+iJxPm~O_&vawK#gvkw+zodS4@$eP;E4Z|r6TaQ)9_r0~sXY=!`L@w>U} z$Nu#F?|-)>Taf>K|ND=vdf%SzhW_Zyk9~W%k9YkA`deGW`JdK(Z2yODOM+LN@-U1L z&tUi34uzh;?EQ{jAOBzdum}2kvIRUQga7x8`WyZq39`Li{6A|llmz{I{@dTP{Jpkf z&ScXWsb&bs`RaARBU;n}@y)Nnht3K>O{{N;oe+!r5oAPhl zrT&9#ZDS4gpY-2Y$^W10|1Pih?d|>FoxH?e{rUn{GB z&wu~tX^(pN_x<1hopt_S?WG&}Z}$lQra|{=|H&2>+(b%2B`+uo%wna1JyAn=n%> z0Kg|lbK#$%RYk`Hh5(Y#kbX90BqlMFQ8G9NB9AyCM&qyrkgGp)z~Y^PPw>*60X7;0b?W=O=` z0z*7JL-36Lcwdh&A15N2i1~Q>di#W-OJ{L2T}l+7RWuINfw?*2MB#dv3#aAm7!WAB z5`ECArhvv`PU|%{;4e?Wm1{4-Z zl@k%YN2gnY08_*OKVvZz8pDa`&0sTBa#^Dz)YW{e5u!(b&d1WX!*i1C@z z;XYFfBnCo0_wsUgM;w6}u&I3RXyJFv5mIzS3DDk>@^1qwGP2@D$ONd^zc^M!;3Y@cn0sA39~ zH{(;yVrjjQ+8dext^5t5Fj9F8I+Mqs3CsnI1TG77ggMy+Iqs%oY2_yEnW33yx`w74wbKO;fc}_=m#eO{?^M#{owY0a-fu??uSW9q6wHB z_V*0cRrJU=hs%%SaJfQ8AzN76_K_EZcud+qOSCv{_iF)62c(K)u(*ApSQvvAhZGz4 z>veE6N6M>R!HCqVNR{Fx$=&JF-c+7qyK0K%mG^Si2);l!en)tmPm^54{!m} zxAfxkocOo|fr7+1Y=2G?pAiUNk`ocq2ZAKNlVJz>Yk$&kG?+U<5|51ucu9=W?T;pb z6C-}oP|V#zOVGsvhz&!ZECDEKFCK$|d7?>mSzhtlb}%~M(Uo&Y8`EY05Pi&%Ct{BK zH((%Duu;@8G`O^vk~1GAK~h@>8G?f1|576Fru(f$XNvY7f0bD zi^k-E5l2Q43If5ov9dP7tVkx9CD><2bLbh|J~W0OceunxQ`j62OBS+W0+UV$4_5eB zn15&g0<=~XnI7evK#67WqkO2{kO>Ag*%%Yqb(jdoPeNNXAz)*SAYwuX8m1$5plwLv zidhnfg)8{~IIkc_Rdm4Z)>EtAO$^);t~9ZI3&TJ7Wu>Ew%|x3_^f@xRiQjg6({-`G`~ zHWkrBRQudHHnisMWF%{s);V@tj$V_?AZ6pK8;4VqFInE zC|0)6rSMB6?ntGkwoVKp)Snh{QLc1;ls~8x zide(CQP^yxVR?)MkRMA%Y%IbAXt5NMy(Rt>6~95qUma@5alSqz zZ2_imu;`38fNTiC7&kDxbQ&)yfr{fVy)jf*AVM7XBCw(jKS01kn=})3A$Jd~599(U zLL`9}AaWfRsHb)5CXVgoV)W)Lph%V4bNJFB05=1-OG9`72W5G*hGw>+d3_WBDdsX7hMEB!Nf_vW~3<}FM zjG4f|f|ED`aY%+l9A_DT;vCJ}Bp(?x1n2cMJ!^bf#4Fv&5&#=_iy4Xp(F$CEHcXU( zf58}IIJ^W5Al5hz9Z)CaSX1yo)`@7&$B7G79zw?iRt5$079?9(l(u!~pb8LBhRD^6 zSrNmIIHuM?Nx;~IPvHV1!YkXA4Bm1(LAy!^E~XYpD24pkfzidB-$^PF1_u^}%}o+u zf;1FGgfUVPDu>4?iEt%GO2sf6*^Y=MP*Pb8b}ZUnWMK^us!)dTnTWo@ggVDXd%=mo!#L3j3L3jy#h_oWb>U0Ey)MLr$1V#n()O{V~I z7Y6>}cm@?BJ-qqOV-tgR9XYRk0;1KySHw`r2!_J7GUO*w6PN-+(Ha@X7>Z_NhkHU7L&VW+~K}9l3O@-Uh1uU!RIkZ`<6HCNFT*qLGnL+?eAtIXaIpO?- z!7h>^#12Bw8JFj8iLppafxxt{Kp*wg_n>TI?IfJE86}x5h~;!bH`;JE0R7R2ZJ`t` z4tYu}0JOaHt-T-t0pCS`gL}9vKtbSF_#>09Z|MPHk_{3ixD-cm9q+dRTLo_b@*vyd zY7yB^Jl(@&V`-cu9>%4x5`%pRCf zh#aEXbetTH`L;cYII`^*eG3m3Czi>E$y4|!PM|vXHgo?pEJ!?puO{5l9(TidkTC3y zxjHyAUHzPnd$pzF^F6kv z0ArY1ku7b&kLrL~xBE;2n4TG%i8s(Gz7xS^NXVnS=xuOF3>`obvL&C(fFe~0^5~sl z0+N+DgX?U-KdB7uCUjR21O9tngb2jkl$9M1%@A&`;{?lr~*oRkSJl>o^m5EXqO zlt2ssS{8lGcL?Hl%?)Vzog?X)q_||_>Oti0!5@&iHvdXrqr^i;1^QJGiazIxJYYP6 zF&st4^XlCxQ!(pWS=a&ojGwcB=jS_+5~WB$nPSdQ3-wC>wS^aNNs zA&Cw333x74)H+7t!)OwdAi8GIF=`qHJ7+j>yhIwx;qVx79F)%nNsqxin6Zph6D%c; z37`U#56!{86Ap_de5`%gW|*?rOhWPj9(KS|plcxp0fPrTgpoi69wT=JMG#uTWTUxu z@Xy+9mQ{~S8wGPhk-ilX^m@lh3fB&;7H&AcgQk`u1q+9pSlRX1v5=;|ZvKdp{5U2T zW3a(BhfoJ1QYJfw2SKX|)OT=rkYd94X|Tu%08D+8pl-}q%nhPYw9b4QFi#R%X4D6c z@SvVh&KYBZp^RZdW&!iI?bsuYLuZ(x_>hhvlp}?bW`YQvf>bs91Q@k#oS?$_DCz|Y zBPIz2s>gR3vDsGyWm17t83{C)TM|3P1dB`Ic28e>2WyfT^ZEvPEqh#LF?j*IguPA- z9+$`DGcceuU<9~x+!mK0@8GWx*}|$*=Ds_@jc^55garfyY2YUD>gmC`Xs4W8OK9$I^%q zOp%L^n~WZ+EXTu23-Mfx1SwglvLtm#$#(F_zcMJIk}wMhG!#M20cK)lKN_hz;Q+fc zE8PnO;C)EdAsip?Ph9&Yjvt}%?uDe?f{5JczK)|~O-s9Eh{l01gC56WDo)mPv|r!Z zd-qyj)H^8r9((U<3I6i@yZ5g}BS2VVkMl>$N&t2M9omE$K>iA>`VTBc$4a`d2!XQR zJq;uXloE$cVPUA8hYb~pv1#26qi+mhZEI~u?u9pnpZ7AFP%eW8`8N#hTLWbN`$zIu zAR9z3A)LbDeK%s$)4C$aR|L{KlI@vv`!k<#sWKt$La6x8%0D7vT`&m9#rIT0x=P^u|RwiEmhrNCw! zK%9&W&Hsv0U?)>~0OC@*R|xHRr@jSb387cKfD{Kjg_y1vAGSY;KbXen8k%5+!ru)| zP}MziI?6gYu{kDC!w#VmlsNHCgwP)>oQVj?wkDBGPzJ`ynq&e#h?6A=o)*s%PRJ8q zn&FTN6!y25CgN3%qID3LD7I+?mS59kO&qSk!O(vTojuU40%#-ly0)IS;_D^C7nB$myNP&qH#X*6gVTjJ5 zcrMV12$ec4xPfmZh-30cBBa|lASgUclwIwdO7ntjnJ+tr)0R*}hQ-9+H^4V4z&GIA z&jvuu+4gK7A7e6DbU+G489cy6cqmzA0uTz67NQ@3kl>ibH@e5$i3)>f+ZwYlfvk9+ z9us%l_9&hb=w+dVy$J`|_7IdQLL>*Ygwr@diMCf{_Gt_qrz&0!b_$=x5cK{yB7amU zY&n6NDA6jSIHMObBf%Yqc9HSmK1IhcSGRGVZP_#w6LrjvSaix>bf{H?2SY@O2|Q~L zzk75jV<3_2?V;WX)yJSB9w#UQ@Pa*NqD?ek=PZPgOxu<)@g^En2jV6QliJ)ISQ8Y9 zJDR%zE{0l#A7LKoTL}7w<^v1x^}O1PENt+v&NC(VG*g(UGfeKQCh-(edz+~K2r7^| zt)BI_+w8C^J;jYElhYePy;z(mVJM4A7m|`7mBJuffHEPQpf!s^1Q%U-jt`CU3G;^| zTzhMfNk{F8*$LdO&Nl-lMT@6$QpG9waFAN}I1X%T=rD}Xa5uEQ%gqy31li58-~WSfpPE^r7t$VAtL z6IzG1mO%ZZopV$Mk{@($pV`a}Zgv$NEo=_03OC?^WkrDsln`2*+M1HBEiLTrMCQ6} z8ct~V`W7U70`L<}!2srmOo|iPpk3`afr3IsGw3gEvg`_?+a}Kd=X@>D-TeufQyf$Q zyDWl$I@Kf~WBrY~1623cHACCMLxV|=>q5oj}(P_L%tGa^f~exzRE@j zN7vqAC;idg*#57x$2M)*E0P_Qn{^u=P*MK)`?FW5*yP)}ZP%NMeNyo+R1>C$2F2i`0bN4j+m#*z_n?$LNUM zT`>oXgYub>rT~JXd>CATOMvPF5+I=j9&F!5@jK=NG<5$~&+SC(DulQ!_9b5oH*%2( z_c*C`imX2y`A62YI;!NF~wG3ZlFoBx31($RvTG=0N@razbp7mly`@ za0KK5Rvk`RfGV4bKpoHkWJn64tS~s|LUju1v}8zAf=)Gov=-FH zLOBN$&kLsE_whIhDD#GzK^ursX(h@+u^6#!C2M>p>@8-}Ac1TK8K5rNUOPCLqL2BZ z?(s*&$l`1u0N&l=+FvCDzlU&Q{b5ChL#}(aYj`T(8+>fYe*)})S3F@5U1Q_pU{@UG zgSMPPat@1LX$Tcr&!cCJv>E5uL3pp(d-nIz*Hu z4rjwO>2L%I7+t>ES9G?4Q#JZX=bjf?OlNS-@r2gbiIg9rbXx_Sy}f||GTM~vg+2iG)G^FY<*fEKu9jOR#anLq$yf6TESK@j7R0MqkZS-K5Q37DVD7R06 zqAUu}Oyquwt1>vTY+CnuTx*oq>{}kU=cNE+F9TI^*L^QE@TH3=)C%++{?y#E* z*JnYnplGR+V8sBpjETYEECVi*)0iYSI^&^7qWv>ciWoptTLpQ+4jDq&B?`I|OePC? zwLn}9sE^KS;G{7appsEaA7~i^dLH5Pz!Wj?IB)`(S{i75Ai5=~jp(4`Mf3YwK&{Z3 zH+>`U-z=bbZ6penAQ)=T+~cv+j|FKcMnfT*7;Pd#g!y$i)~0L4f%Pbe=EcC1c!ON0 zngLX62r3nfE0o%R0mLXgC{TrB9H1h;f1_O+qxu7Mz6=_Oa4;RAA^iN8PNVBo)YsF# zTF~{V+O%V<9XI=RoUgdV77*($dop`y+`8w+(N-pey5Q&H;FS?yFJ=#$wvt%Rjx1(} z&0BvZHIu+gf$i+QC1%7$El3pF%Ig_a=5(|(oJ6*O9}F6lB*TR#)a1dEfU^jdPj;|P z9CR&4scxqHPi(PY`N0Q1Me75+DLEA0NT_JZS?ZNY_rzYDKmH;5-+ zv>xGRW6iKwF!d;TgiwroTsVC$d@I~nq3LqfeErgpp7KoQ>|Mylwn3&_E$|!sp z(5W*5sBC~ABL5ez&^CQEXT%5iH#$dvcD+FQ&f1F(rUBiKAD;(ppqfpbL6B|+>SMlG zJlIaqs0nEpJZK7!^~w*SXfT~tz#NHz$W6l~xE((FG1*f5ZwME7_pm3jJ>Mx7Hdr&T zqsU)`E40Ky0rL`|OR}9U$-dKSqSIrbJ~4rhD%ZduaXBf#U9mjm86&;f15=ITKw6O< z3xNe6M+Sfeh5qh8FJVI70$+~WVfHaeD5w&%nCP>14kM#;C~Ry16160u<1X5`X*>na z(*Pv{&EfU}ssdntE>!m6wVW|<*h;U<;Dz_p^W2e$n?tT24%$L{KP`IRR|nb@XK&n; z1t3%Ag-n^N(3ByjZ!=}cKkLf6xbYG1bjNM=2*5FW$bNP{iO|xfbB)~ps*xXuA{jW~ z4J`{=AY>wh#1V3yu(q(H75>V$cQnO)v%ln??JvH?x?_uf)wm-}97nH35Vpvs8-h(Y z6s7zOK_PYC?%5T)7DlF+lc6b8!7Dlfe{>6?c3;5662#FVfeQ?X(tu!U&}nz#ZEtPy zEpA}DiF&_T%!nElsgh2%7ncrvvy&K5>baI14Uy>l7wWjXDC2JW?6I_1*ynea6@Rlo zOO$i%HZp3TV*(t40UHZ|yV%K0JXi$P91me3?hK)N^8`GQ1=aydV`4{LRH-U9X8$B3 zbzge*V~ph9WoH1gKO))wHVb`wi-&M||JwGB9;qts*3!PG(ima4sA|7$uLd9X4TM6C zJQV2Q8?^MuX0`xE384U>v~c@6*i>YFdk~qnj_ts#_rgx&7|9G4W{D68DhJ_^;FW>V z235*T0F4Ux5|o`ni8~G|3VZC4r^Lz?&$RuM+|_+Z`(xbI14Q**OeRJ*dIleb)b0-B z>j3JBfyW++EAFRf6h+w2_aP{K=#FgFn`%NwaiIDkh(-YJKp+SNBLH&1?+}GT!7!j+ z{3KCGf_S$_P6Ai^pX8tJvFRV_$4)2jvKaNG85B%EGD*ngTP4p;JpSH%?mbdPqDel-uel)7)WFTw#Vn2wejz%fb=( zUO45yrgOT-Nq>xII>M^o#VX&%zJ+W0eYkgzjMLtotzGw<&4t~$bD&a;k_-_OQUNGu z0b8xWihv>GCou)R8mzWH;P{u`m=izH6!vM+06ql>A8L}&rbj@>*?70GhZ4W&##9M$ zxXw|02ZRxW%H+-mLx~|qRJ(;-X2733IOs?XECm(Mg2{}Bv%fJEzzM-7h;H#3=dQaS zp(3<%J$A?AdOM_fIVs7IAA`=Q&ZzK499!byCk2O$AzKGhA&5h&6rH_>w%9}d2J)Jn zOCr9z$4*dY#}fj);cRo*G0KmE^8sLdaO9#u0B0JbadyZEx78k!p%O=2cZ;@f{Xgt| zbwHG9yZ1A6cSt&P*U;VFAyP`GbcZo?N;fK9f(n8Hf(i-}f`Ou7V*(anfw6q|GXn^& zxV!JW?>Xl?XXg(c=83znzJ3?H4y$6?n)r!PPS;JMYrrl5EgiE!8^d&dp8o~#fHvOr zvlKAcIQ{$B!HqGIKa0xQ5Ww?$v<47B2>g(n;v<3M34Ac-XIKDL=7f_Pem0T64^RF+ zN$}o+qoTme;n+uvd421);M@N77JeMSW>hcp9Xuo8RBZ923DDCW*Eg6;up_L(qp*8x^*Ol9n}S;bIMl{{ z7Y=3~hI9wNdVT-8X{EuXA7jHdFYkts*VP$;I}DU=xN&%8e(Z!i0Ib@uSvIu>yCZ%? zWLpOY14cIRSpx%E1&4y)Zh?tT1>e@f_BJL=Y|fMT4y?S9a)gG6x&()NuY%e9i0BF~ zxMRSFfFEtu;wq^w2b)(xd^$jR0TJrpdpL*8 zE&$0O3fzG;m4QnkAOSr%3S8hpNux9X5e(GV0^moW1r5wE)^G>ZLjY3%zlOp%Bfz)| zOxpl66g=(f3e4BR;F6XE2)Mxh0t687H%eRz80Ek%m=VD5)cW1i8=F=KnHO-U;hhD( zVjV4Te#Tm=21;BQHkAVq=}k!;@L!wqJwgF11KA$%@0ipM&@DIz#NFNBMj8GN=Xn4V z&+2cs@OO~u@jW}^XNetH-T+f}n0LTah{OzwPjLfo_4il&B*6puV}=LVF+V$!n1iJa zvd7oaUEnDX4R?%k_V*O^3G`eC^pgj1scZCF7GN=M*w$E(7dU4J+=1;g@We*J^h*5) znza_OjX5em>(C$32oT>2hJrC6Z4rFAA)5T3WAe{2`TLH^I{yJ@aZ{9>+}gpA0N=2@ zMRGM;0-XM}lOnES3(gcqB80tgAZ7u?eR+cLEs&7!?i>R0birZ4vcNyHy@6}ez&#kG z_``1%2LF12RDah15f9jB?H&xaKGx<1zQ7S}{~Q{W#umHY2eL;=AGYX=Q4Lw6rp{(ATzH74iYK`pW~8fTMN(tfU_h8iEn^|3^vs znDqxU^Cz=xFtez!ni2Os00|@CucL#kCbnsSsG>E&9+OsxEqt_Y@{mD^ui90A5b5Cn zejN>ckQM=omVr2i2!Q(&83=+1L6{Wmg!Tte;~ZU1d$IQco?Wdp}_LB-XECI{ECcjL2%Xyl9jfm z9#T`?NZUk9-Qr)gIKZKESZ(5GddOz(1qXxxFr-bi2=go$$bXa7Va@b|J-+|tv`Ab= zN^T90@+W)2*c-qggaiNxEBG*fXQd!?9-J-^g@WPhaMd7;xmO*-dNvxjzAK7Y#`=>L z$1*6)o>;Yu{mkeFzxl5+UyP}3b$|Y`sqK6024LEMM{8?i$3)>_B5408t#Rwb?KNO@ zV5QoWzzzQn2ho0yZTU$O_Xd$e{da{l)>s*)tS7MXeoszV6=4eF8lqJ zXk1VT5L1CL)O8QQNeOp!3;KhgT-bO9ZUlDN0NA|eiUCV;1E_c)AOOUyYGISX;J88z zBD9IRrIxz+1|vUa^5LOw@T@3v{^96QawwFjtn7L~2Y4PcUsyvew$R50^AO+W7h-2? zJ^KdrJ^MxnL=wZ-E&xq%cmlQ zk`a~oVN3rH*>W2yE&u5)_kWzyS@N18fg|B>*msiB@}lzcfBUxkPU=8m=^tMIAKP|o z{P{bzTq`fLsi?>XiQ{LK8+d1aEFQFpy>!xL3$-)W=tD+64+O{g}85~3a z;=f=d9QdspANm0!1r)`>v1dA5}#61^ZtjGsk5`VqK2`0?|6H1Q( zY|>v92saK1UfWF@<9V?+w8F6yqfY z1&=@)C~%*{K(Vj}vep1b|FF_P!p4kEst{Z~bWQH$AY^K39g;lwd1}X zYOn@nh1I;^Y=nR5g&Q7UomPMVurc7_S3O%5rPd~6UADr2js5;8Y&?={R0dn@bCocN zfP4!;Vz6Z=e@yUzt=1b(7gi?_MsC`cYXn9FuopOK1~v|YeHRRDSs;iDqnNvShp(~) z&Q%>%1bF)tqyr;2=wPeF0g(0Y2ytS6T(j5JSpp>~B_}J3@^FTk4gC38&0hJnBAy`Y z;!oD>#il*2R^(h)+}554!5x5gfPX=QAje4-IL36u0sa$6_gc;Og3E3L=qFdW#uTO^ zI*cr522#F40irzccA5nTAb~9F4E8pdAr+&^-nKU-m<>%96q;0d) zLf;BFQzTF}65=+JsQ*hdB_)M|9jow$l9Q4IsYsZppr6hZj3H|o03$C*06PhQ+4KhI zZo^!y<#WL1159M^nrQSpe(+s>TH_F~(k+Ixw$i}V$^>M7l_YK?R$F2Dt%olHG6|0P zn$2kgIr%Z6YMqk6M#T;Ht&ttf{p&Zu(k!T-Xl80+X=WQsWjx#@#U-UB zB%D#8Fg5nGv5z3K3edwpU$_{QG=W_rNKFun9_);XME^Uc(na3Q+10~C++EJa?PuKt z!E1l1n{Zy*8mqx}@|PPO_M*Vaerq;VSb78nAwg^&44w?~oPijF5iCGf1q`E!;a*Xe zShOZ7kO}%@je`y4iedXOh!$RB$=`SGDwfT69=vW&gX`w30X)P06Qn7o%w`Biyk9j6 zuk8!0ck|Ci9|K|D-#J`#^>$7b)6H1ZYkJn+@A1^2D2s1sfI_HuV2B!)`v&-_{s5M> z`d0WJPEfNHI4Z(Iu!RueCy?;(@P5Yje8aoNBD{f@66DJR?<{c0%7HANpC(SNz8}0k^j_J_jC_&{9jyOeQou(bOdc#I&_sAZ(`BkRXjML<~tGlV@Ja}2NQ#ju9zhZ zCnSbJk=S(BJwip-j=8%d2p9%XlyJqtP+*q<)C7CxRu9MTWR*>Zm(9x3kAvJa8{gGI z9RQ#R!o=4Ek=3Eg0<@QPQUa87|4_F8P&OJI?@e9DxO_rH!3bc{WRr#qJ9iu<+#FYJ zRJy(aF2MVZ`4xZq)Vmw>INWI^gUp4{xz-$*IG+_)7FmHo{G%zd&xiJl$6Qd|9aADarcw&8q{<514 zGiT0WKZmSw4#Psz!>SdS#dQq}w20Y$Yx?S1Kh#(6U#Fp<=quJh^_`iCVH7P8Eefw8 z>W2bW8VyG6zA|X>@XTOp5n~*OTlHBB zR4c}Ib8T6F*-_Z<;2YrV79zIB=r>Hw>Nff55@@YG_{-M=gUxC|GO!Brz{0=9VS+Dh zH6o1B6I0X-JFYcwp@I`o2G%M;K%WJFeAb1J7dr zh9CdWj1gdP|Jy@^qtXB#Eu6rjj!8QH)5G+~4o~0G?3beh9O8G#+FR@%4C?k)+Xt@j zhiwt&N$Y6ZtNi6>gad!Ed~Q$+Nuq`)i?ZV zG=Isa{{85AZM7vMBEZf9?u0=2&|v~5w(K3a3A@s~YbPi|#46ygOv>gwh3 zz+&TITQt-Bb!*NpAodz2@D{(e0YAj>>Jsw6iQZ7N)iN419%r{S-H&_#~Wt#$NRP#ty!204BmzvFASoO{bmYk zLV^(YUv}$XgOB?nnR(aC8eacA|!MS`l7hwFJSYJ6t zpuqYy0Z=E#2e;nERd$0_B38{Y*tcShyFjy81p!&pCN?QEn>~N)aagh&ee3Hcv`xM@ zPS_i^?i>73C);Q*-sq!SlkC^@(N%XCK48cyV)!+wUtaA)fK6&# z(|wFBk(O|by41zNlFy9%_4mP^WP%~0WMYhC@Z zVX)j79SpmpH!U-AqxB3Faac1RfgL6%Ee?!MTQG3!#a}h}{aqWaLaG<>m?MPyeDbt2M;};WC^s5s{bLjEwYs2H;D-=zt{vE(Y)T zp($Wy7F!K@*>qMnM#%jS-|<_TM!=3(_uODtgpUh*fcR9@VG#(k9_zGf&0M@jpMF0r z8{JhuHFo{f?kS0}f`YfX0zRM&NY_tXPk+L2^4;vg1)S9Y-4+JL1v}a*0279?K8#g^ z%@z@koPVk%m+y^<{dfSk6cw=qW__Q7D)jE4z9L8)fH8cr#w76GH4WrR%+J z!0h7h5)!DmHC2=VQlOj!z~9^iZ6g8iko7CD^)E0A6Ne1<7Rl=h{#2BZm&ZVHiDNbk zfSm-;?!kKi(6_$7t0<_e=!?WW5dw;#zo=g zoK^6*c1>Jd3RJ$3hG20;RtEb&2sXm}jTK?QcW?tr1{5romW4nmUReoA2r2!y_F{{d zfh0WVU?dXSI5=7eND=-zv)^$8-=#?lre3ubkDJZNY{n>0>f}DV^Qw<-rXNd6RF=5?h5qvGz)z3A zp3XXH|P|P&nyu!3CO3KL;uj6e_=)c+9O+>e@tkXqkjO_ndGPm z+Z6!5;$M6B+TDM2{>7zHKc0U{AQJq;|JNq)KluL!{*P&8{rqp>{}2vB>z||eA6$h0 z##e83{=tEFlt6ho{!S413jtwk!}|64N67+9@8OPLgY#Ru%GtAL6%`e~PWB$h#s309maL?|ojlN>jk^n9iyTp!l$gM= zLJBOzmYV8j+9*+RTv%%W!UGJ_UN%X zADbR#MP?NUmDgIN)KQSRhcQkgI3&Q5Mrf~|H6JZ{pM*4Hgo(xu@jMM@fgFeIBb8Nq zSb26UrdM-V?v|HRwlh82#=b2pF2^cJ(nmw1-As|2tw_b9g7;A2dGGw~{1v_9H?j_1 zze&T)f0B-6=VY%(R;3V2(Y;5#MHYr>^l2x{Gy_}?29EKiFz7d`J06(D!I?ssRV2nd z964m>VrErou5>OVYVz8Rt{pRaDc8kkNe`LqT2VO6Vbf2MogI_p&?I-zEU#eN&Z*J8 z-cYAdZcos>`c>|n{qpf8xYNy}Jz{bd1+E{sIZA6q3k`C68|PHh)OXMiOi&3CakUpq z41a!1Ss5IbABbo0QTzI~UAPoBonmG*loZ6F7b0k|LyI+&EL!O(tmxg zPut^&$~Wtn*|)p;A_jJEkNNbe_2paZyIo3xD;cLAt_WYchGubpa9@g<(37~1!9%t| zcf$XU?Wt5JV;lE0F510r&e7N0T?-O$4RnUK@tm2yVa9W%%2YP0zdVP% zO1pCM6_)$R4_wLg70c?%N<`jQVw4se4yAna)+c4>QzpoB;rm!zdnAYd!V^X5%DyAM z_C}oXo+AT0o|y9n;V`GL`=s2d*?-I{S*-qMx~GZ8B&`C*gseN5bXF|X`4{U`D|(2uV~?Lpog%q$ zr-CzJcNEe(+Vl{Ou3ivC?1}1MWO(TsbRp-s?#@B2I z^DpY-2~GMGJS?;$E7{`|xVvLy8Yj(=F7gX^<(vQ}pxkXDP=f@1t=kqyjrS z>S{8%Iz*_H2i>jbFD(W6^Wk#e^E0}G)3J9#v(H`dK2@=Szmk+Tz3TfGi-i;At~B)O z^-5_hU#c!4&ByISO+IoFStpLu@jpUCPmA87aUP6!?0%M+mp7V*-!FFHE1s_T72G98 zaW~58s{PQnXsEx!Ozpe{RXjd^??c=e>zRBBqC-K@W<>q^-EscFiX)5L5a17n4=Ik#I^Xj824#yV;6_flAT;btmRQqa*7 zkraFNbG*5hqGxsM+t5rl*L>@I!=1Bm(V=Mj}ceyldG>P0lF<&3gR;!7n`s zpBzd_S<=CiS#V6|B6#|d9+I&$Hog;eHT2}n#mZyo)cl*}Y=%+FqJ_CeC3gq+U69i; z4i)#D;B?SvXo!32w-|9gk9(ig)G#kYTM8vrHT9F6Sc#9?#W^APO#6wA$n~hx5Z;x` z1p0bvzb$0l7k1;IhFDl<#Y^6Osp*Q=AiFE#a`3hiFR9XOe{_QvWq2!_a)Ei;^pt z$0$grEZ_PT#$RD>fgc$I2CLXbTbY-6p+owoc9Ni)A2#MMpdR3%@~md;Dvs zQ_g(w)1EPp*XFd0_RVv z%%zo^uiS-n0&~^s-WD>YS`!P=pTm7rAhqq$jX*)@vWj%;N-81p@m)@6U~0mT+B0P+ zsiI$wkUdyws?(7x_)KwN{@rj{zfqF%sbW2UPV{}E!KpdZTKnfd;e>lVp@nTjk_7EJ z_xD~y#mJsHCv!aESme0c37Yi&H&>~d1&hSSLngfThlLV%$Gu{(Kk%MTR9UF*nG>$U zwR@RO$FrDRomswI#l?Ro{9f+dc-W14qHI4uV+R*X7Q1ntBw0D#dZ;>1llEcZg4&5Q z6HB&Tj|lKdQ`qO-&4l8o8}`@oed;pBqltM$tMXF1+lqpRuQ=bPhOdD5fmT{m^rV`# z_l5Lh{@eB)S72zcJGjE?Co40Be+%#AiB>-&zv}nMmRs)_n^z90i)7s+eV-_OCTw!i z%quU8e90p@rquqKacy{#GH1BQy zx&f8x1pj-xoErlBcL)T_=H0t-DO9dGu_;)!>851*XOnH$%rp0d-e^*&4_$-X0T za8Go;ayJQ`@O=CM`Oq8RrUrH_9$((Q*c&r``}Mc47WbngIMkHh((ry*fFQGH}jERU5_IoWYk5@-(0!oDtGm=6iKvI z4BiaH<)J636~<+)hpXnDse|7A0_y1CdFI3_lH_l^;Q8g0)whWlN=v^oPm8aEy8~o{ z_IvmZ5$^9~*xyXYN>E@HUAM0wBJMnIG$GGEMxChl&uB9=@fkTiL*E@R03hWqh=Z=}&yl72ElV zEJGKt;YLh>LFadBiQbAc&)<8XAwDL; z==t;H8y`~y8xjPIcU;rvaF(*~jumTj$Mc%@dHOLmq}U@iDIp`$LFx92la(B|=#1w8 zeM<2QS$Rg&CYki>6Att45J?9?ookP$-^nKj1eD5hoF2v}! zlLvU=lq9A3@Y;I32p>;W&2Qfq)p^igOY6OCXk$M|y_Wt7?s%E7J(p@S?<5B2PKH~0 zrM^8y>lmurLS>rIovO?0SG}Zm?vnevWdE0mAuHRw<{HR-20h$#wcaG}va~kvZAl!O z2{V6T{1DHD0GW}%?cGUlGANf*o0lZ+#3Yo>w8Pbc@TtqyNZZMw+#z~9hK~mVJd&sQ zf?^|F-@o6bP@~Elrh20w+-K0$c1Hwvapq9J=IHI+dL{9~DWNag<0a}>EXZ7NSQx2K z$~i_?!6*?^>GKbb%g>cCWX>CuM z0twXR5YOj?c*pptahUa45Lyu)x@qN-Sgd6kTQDF<`k{D7t9g{}?ijU_bUw5EVRA-J z)x`@gt~3N!>kYD!6XmKnTpv3y-eUApCy@A{e6p3JAWSJDjH@Fr>ghA<_qoMT&Hn5z zv*17(u@t%tV#}NAc4YWcW=NHurJ|=7i(13H$d{tk@ef~b%-NrsQB$2UCNA99S{hj& zSX7ag%%t@AWNB#y(es^R3cbiL7Oc0bX`<(qS%Z{0)Fp1eQ+$(P<#B!G$m``uHH%C? zH@q9p3}1-14a)eJGBJr;AjNnNsV;+^t^ZAv&Xi%-fs+((uTj)6)|h`zQ#TXA<#K&L!$=aR%OQ^DH>mdL ztooFcBc|YzUFdTBgB@}>UG|Pr+yxd?aIL&EX(ugfPgmrf91gMt2EL~?#z$)(Sfun4 z&@#qK`G>fx%90~(5{v>F5II%uM7i{{#uCgfq{YyZwadZh#!=UcyoQ7bM`1@Su(`wD<@ui}0*?Qs`tgDoHN6N>Xj@;*L zxEUxT97j$niQ9X|U)rGhhJqD2|FPG%8i^l;xe~P`NGaSM(dAsGYrzrhwGyXn7m9Yp z6R#EXye8(;Por-~?ZF(oi_jjg?3idx4v|^R6_OUDJ^HBA@g{Bl8Ac->CX1mdna-dS zezbJec4#l3lOCmqmF%l|?m82TZpnX(7 zM~zfZW6x2OyEHV^ye}(fd|0~fFrRHG z>bZZHPldLZJhq$OsrOuZ_k}&Z%F>8yUELR&dZ-^X;X_e@hS(>=nY zchfUi+Np-lFAKK+mfnJwAuG{+L4LZM4&6I*qxYM2Pp=|k>~4?Ly<-Hzh|6UcJ6_mJ zk9Mo}be~o1(d+Ht+S^uRcY*Nk`P)L>qWAc$ecCNqa{?~+&OAA%WQAb6cWz{ll``46 zff%oZ=k}gP{Sog5XzvjkkqxNQ*H3)u-!+rNvv)u(o60n8a8mq|=DlwFuU*~g-8vrz zo{^rD*n81Y=?rmmcXHCu7)!sbLo~AF!m`0x!DxGuArO zdjV3ym)O1zjk27JHyX-v=&w{7_EoDpTYP?0e~_nnn2MH+#9_3Rb%;5mUq9n~$A_NX9jAMY(6`7&AF*EP4Lr|zZ>(!{Ec{ja zetVlZ6=JhZX3x4!rs=HQ%dzebLnQlULcD~=5aS}MG1im5*P(!C?b{JUj2 zdv|^%c&R4aa^$WYxhV zOa=#N_#t!GCUcdLI%&5yZIe@nW13vu_mIVnThKV3mQ1U4Exy9*?dWjb z#-+D;Z-&L?Blj|laxz*tCm+mS?z$;r=VM&;RwV7LNqm6f1@GpuhZZF?{PTE~E`(XN zRMuiiv?lHbHhXMD29SKCBpwSBSH@G&7Ar^voG^kkifFp|r--~Ug5%!1#=l-W8Az*| z#`?K3rQ?Q&A?NgH!#M3Fdg78JAD7hI42C&FSg+Hy^3L<+u#OAvx>rM8k1z6DZ`!~> zwn2}<(@x^WI=ote+~d7;Y@d!f4ApW5+-qvgB4Sg%h0`V|!FS@e$|r&V&OP)*f;2tF z)H-wdb`Slv`j)71=S(_7c9q+Xs=qCL$Y&#wDRFG+@iaN5yC6^O(bnBrR9q#E!h|06 z9t9C&1!X3hw%ZgCSEIZplR#`-aUjlzGn!LCA>4I^CUK8Xpo&E$$zlESxm|{-gMBT7 zp9ouOM0dOG4SUUcz$|6T!QpVck;+wT|+Siw_~TYb6ibgemoJ9vwo0? zc;u8Gv$D*4uFQ86Ge@W!i94JQNbQBk#fnh=q}FF;f}^lYIzy;et|v4MXasJ*@H+^9 z>3xYZ*;OSp;xv0j;0c6kOGq-lKrBK|;`UeMsHBjv#yC}CcDux)pM)twB5zQmV3IrE zFI~%b-oqFBs%BzI zh`(znIAsa^j1@XS@7@q5a5*H~ICt1YT7ZT3Q~uADMc2M~Z)LcQY^X0ULEt z)v2^A)OwB$(B-LE+EO$=+l@atXG-RX!s>=sx|TGFmS%3S zSHIpfH3_~kGns?iZ{yw5DLH*IV<{vCr=Uc;Ti&F;&sSMo&#V|n#`wT^evIN}uB(^o zZf0s&R8o_%D(4u;#8VtBaaUwfUZ}ksamOq_%Hf%0SfOc?bwO>G5}NnM=b_^$^2Ym8 zb8kOaAZp0SB5Zc>K5t1A8%w1*-iF7C*Ui{+{Aj_Uw^};15nVUmx1MNHzW;1&s85XW zY@2rm`O_;828Nl>r021daO+m5RS0em)&*jDqA8MNaEZ*C-EO|2enGem%j=R)a`M&Wh_>b{iQ!NFILOI-p>V4V>Y>9rm zd5Ahj$8Ey(LKW{=kLg}l?{d|zmYk&^2|2i zqOJPST(12ki5DwmQ#YS_$f6A2^ZLKM>lhXqcFNMeh26fX<*-U*k4EVPEa&jq_JJ%btCBowZ9{o%eD6kSDqCO8Kzu{lUe^p_t=~M2tfh zONV%_kz8c+ZF|WeODorMZLBTy{Pi8U={F4Hy1mh=Wa?S_w3uk)W9#uzFIxl^3ObIY z8r%=Fk|34KO(Afub0@jeaWd*K|8AZ|<}=rWb7iWYj_$FqC-+j{c^4u&c5<-JXX@DL zW%tQTr#jpC-tc_6kXwT%ov8nXZRkt@?SZpN@1q6u6BojcrQDx8My3^S`zdE1p`cHL zroa(5T8HwFpY5x@#Mt_tDH@did{>Z`FX%Ep%Vm<}mwh>3ALX43D?8Kfdk?4Z+9`gfb*U^*=L_u-N!LCVq4N0S3n6^} z18DM_6gJyr8Rk>V`EZ-<=%|R`MX!djxQY0 zt>Sjd^%&zkaG=#Ba6t1N;em&3!qP6PB_SeCPQE319^x1F$0A5j!2&G7_*2)mU9V8m zjw6|Gkv1=g6R7*~DCJqmB(K*4u zv7eL6!c06Nm$+Lz${8>5O_7QFB#R)I_G5Q49|D$L7YSMm5v)(P^~U27*(f5maj-vC zo(m!m?IgHGoASnqjkJwCL0vVEK1u7Ox^gaMQ=iP0R`#2^Ms|`(1==gLZ+G%%EfI(y z$X~@0m)RH{HzU(pz};sdB<*-edU7R4J=$sD5!+-K z@ndSfuW=|d@s#~T^e$dW{8Y@-h_u5kJlwqeijU=E7pb_osChMz0b0WLUNQW7iVO=W z!NJ7mapInEh%UD>4J}bDT_=rgNY&HeK7qp)=CsrN0xLg_XvQ|xwE9%0mh=}@stfP3 zI?%{jE8@4F_^C5gQhl7w@wi>vs9H4WCtC=@s_0oP)7)FAOsaARY*3Rq2X%|pG@tQM zMUmp@=d|<*t#Ggm=p9^XNuze*EuT5Kt3fc<+(9D+CzOaU+g#4_Q%)xDwJkx-M~VocJ!*2Ob(Yy1`fw?GAu=_Hs15RO6tn4r7#|gqq4_6k znf$vny%;FMy%GMzQ0%ba!nVv4E;;kgIol^h+AG;6i-ayn?a%R+pd{uT?xUUI%-^HK z?Mf?|AP?d7LL}GtE29t+?+Q;orbD(#l4M(rRuk4lAxNBxaLtP6EGP^)^PFucM27c$ zi=;o2gFNxLAT+6%g{trc6~him&H-1#J+abc;zT57WmWpcGUkwcFNBLkBn}^b*hO`x zq{zGXa8qEJU#u9R+2L6E;sgOi$L!%wZw4Y>+`a~_BOMC(Gb@Zmal$8PsJP<~(dKSr z4B^nv=Abky9Z-kp-R!CbBRQ|plnvlm=wc_HjgIMMY`R&T?2~?e)ExbQ_q#B1eUY)cFMZB0>{sf}Zhe~MF z#ZHJT_VX9mXmH*!$0u`wZm8E#q#Y@9s=Tj{m`OFN;;J&qqr?pqu$wFG5U5PBJ$&D` zZ0B74yV>H1!2PJ+r0ab9A|!HT&PWec9r~?On2WbA3BAHMCE=jiQcGi27M)hF{i5~} zal>vObBAalQnYl2Q&r?tL#2Lc7IW1?YV839`r!yPvXSR-Y-3O`vG2^by?v1dKKq_c z3)pu`SoI!xq+iq42OPh^>9dVGWhC(?1*&7^Um;9Pe8SeQP92N7Jg>QTK$^GpCQ`7vfByu z2@13|c#Q{{n=6Q0&qvpCmX=P8H`b%8X)GNimPqzOd{HQbdJwQzqJ#`usAyTAcGg*O z5GPbf5XmPO_KHA@CuBdD2dSglvn@^!sb#D2X~nQ|N`E2Xd`ws1!|#zpg#TDN9wCFA zr<2T0)%pX4S-`fBgYBtCsMpc&3iD-Z(O%tG9ax2V=&2xIDQhraZK%Pq`J8%%f*dmEHtf@s=m8U46&4r%3O*5ywRp0Cs*M;+L@`D9D z$K$svAoeC*?H7wOi5pNqm|J&SE9=JO_HyK~=_8x0f~zNYE6o+W2pJ5@lYHE)KFjx< z%jkoC)?R0OS1)rVk?ps_sBvc<52AUWm&o&{>Z+y5={PsL4i28tR$kFDN8nrBx}=q* zH8Y3D$%CeOnbH1!oXcgHCtc;bygc7EE+!+r-j}*Kw}-;`aQvC&IGnP~iu>hh7r3S@ zID$e|t`CGoX+e6L+S7vWTL^^FZc}Gw&g8fvYObX9F-S4^;GuKk#m|cy>j20L(lc> z?N<^iK=GAn;_P{eH_6{>-CZwj;0v}mcJ*SK&I&Z(i z_A=GO(fH4kfw<6Huw*d8l=QrV0XNY%_bc1+;^=#2#dHr(k+46>sP12}Fzb7|-65tR zKPk|v*z$svFBF?Ar*P_%23Ov|JcXm>>r<8cV(|IPy)BdnDo9n(I}(`2N8jh}J{3x5 zVfNOyT8oAKbogVo-Lc$7-e0_3al>ZmK1}E69euZ(aQBYLJko7-o_(g#?H_G+s3f5e z69_4P$h6gIl%?>c)t7h6c2at_og^GDavSwMiF`Na2E8H<(wD=FHGDl%&$Wn%Yw?i# zSq|x$$j4gE93-5NEWTmmXXNTxpeSa zz60@ErDA92+s}sLmG0W1E%K%Q6OVHxTS~c719A7x=oeaU!u8!3_ zY_hjexAzXzTtw^^CbAd8n~|k|Q?I*2Q>-B5p3uu(fn^#ec6HpZ<;DB3LSe+e`_-`` zHRlqagsIuS*>b}U$F}fumXVOcjjw7CmueGG5p|A%#Kq~M`kw<8r2KspU09SAyL3Mm z6rD{D{w>$6^*rg9*Ed3xTjizZcI4esRBh!r#-h-iIbVG^L+YlU>~Th-X9nL)vQLq? zx8{gP4_C4(%3pTNB>R&0vUsoU;T^B?GCr1M?NSVJxLx(}@F(q~AsJ?u`X3F77hApA zb+IXZA=63>ZH(`Fj2J=mtSbI?*cc>ym-(_Fq9xpRz(tgdW0D;@jhEK4D{2-=ZY$SK zN;8y9Wc2WkOGErewhD)Bc@MkQhBRhRi6w=}S#S%eEB?DyO$7 zmo5?~m7vBz9v)U^M*F4XwQR3YA1rixznb;Ou>~cnj8;g82KG{xP`cy9Gmmth?p3ej zJ%~G5`O=EFWwLgZ32jv(iKpL&XMqa7g!}Y8CsP+c`jH#I5)EJDi;KtPX}s%wb4`F%m&nPgk`aDq}Hnkv6o$s=f<+U zucRs^96^7e@-JoO7Ebg+`*Gsu?$%@$p(Q@$?{hL(>K*UB(Gs;2Of+Sw8ElG*wmiDI zc_nw0>c#Fi8rtEsr8Ga~yZy8g^`@B@59idgB~IPp6Y65+Uz(>R4trC%MEkAey%M%* zxY9KmR+o`j^Xkd4U=I1Y-gk#u@*mt9w`nV|Hsy}#;^uYKy%c*|GPc6O2}vG>_D_R6= zP&s#er{zJxaVI9)3vAN$ZqjyRb z4`Cj*6<&GQO#_Xkt9lOY(R;{zs(W0m`SD)e?WPJ+XJy9r@8xJB78{oS;8%E}aOLJ6 zo}@Cn>Ds57ZlkZPgPN`lycuoN#TOBfeQ|f1>l^I4G#p|*-;ULzBwQq6VJK?sLwlDs-JUU7JNnSH`Y=J|!Oc|Rvv zi?Dm)btNDC4duVwN2|O$cT!pFP3LsgfCNR}%TpXaxL@n%bl!wP#{&xLMr;8>PX>2;rZvx(+=cfXNWKQ?IGLw(r1z;#p{DjJoQQ)J@-}G zmitP-3MRcJH6V7Smy#a1%4fcmyi06i;yguoTKXp|^^s2_Njn(Q5b|?}_i?ZZhPX7> zlfUd>?v2>iz)6VH)+g@ZFoJ3(bEw9jCQ#U*uaf^@!-;jw8Jlt$T-FI=o1pG9L0f_a>h&hH>PjGBjMs&GwOu zr^#`J(OefS<~JRgwCzsk+<9+Qo%zV2NA|#G$7jTSdA?4Yd+@6J_j z;Mm~(eD=-QU9)MbtK(F9S@RFmdpMI1%c^}#)%;{Je!pu{@p5vOSdM~ClCfZP?@CW5 zi%+@ZZ`vxt)8@|87w&v%3Fgr@9`K}{sy+EYr`c&DfRc&Uz>(8}<3z)8en)SeON-K} z4g#(bU%QJ;4~Z2Vo4at#;R(s7vWMT!(ipH(zE33_I7v-I$b8D^?j}cJu@bqNWz9dx~l7R$riiWZ$yN~?`(GUd=v%JPCz>JmfXAZbNl zq}<{PI@C3_sFMeWgU@UzwW)%VQJs!J0-s7fWm^m19(9HRM2cx&Dqa;^E+YN#b?SB+ zf=7#KH=a_8GDHm55L7?I>sj*JUy&kQCGKgi+Mhy>qvxKLBWh#D=R=ds7RV}AB@(oR zYstwhwnQq{DXL z2qN`HkQ3)ncCn75NM2unq@?&AsdDIBvRR|p?wmfDA1UZSC3U2leTsvkn1e%D+-AG_ zc3~UDm^syD+B89+IaWaY)!Dd@vPqyEWp9L{yx@gtLOE|p!5dQbARwF1W2k`0 zP^2zI!o;EQ4iDv;9o}0=y_`*LTNEH~tS6C~xsBEP1??khMm5^p8&>SE=ULg}`5dW8 zq`fn{Ahzp~c)|LJ;Hi9y5|k1#FI{gLT z3p7y@0{Hd%hwB>4Si4HqDFQ<(V9v%{MMN{IaV|GgauUdTM)avD-Bs z(P2d{gj%zuuq@R!mcqz0Tw>z$CAXPMiRO;T*;dnCJ5n80L5Dn|{|=HifG8`frPC@U zk7iFT+vm#j_CZy4PW&G^=;Ck*58`lKl}HnjKje_DbcrzuZCj0st}wPO6(2cbPFzs$ z4Uq*hqg-{AJ0SVl+U}`*O6CG3+fqFpp&=#?MV$0j9Okw~SNlFUz9G`?DzfV7RQ{^8 z^1(=H=Va~dQu4+lCaEaZ<&rS{IvTac-A+)>DJUP01ivCL?@mb7XV(fzlEwqAND!W!voQ+#;o=l|Y8S8^f{oj)A_RIW_KL^YDhv^Bw z&i{a~{+RzM1)!k*$^ZDniTxXHfb&0Ooed#bIR67Ae|>%XcInQY#q;M^Mxoa=HJ>}6 z=W%iK+0a8Lr-#PSl$zQtaq$T*=o%yA=xUM&{Hz+@O7@UGCZHfjcZ4gGyAiqjsEM9F z1zPAT=a~n1T~HhmL^|op81t1uD+lUi=?pwtIMn(TfkRO_@k!C@fQ_z`ef(px_VznY z{@oAfJC!o6@9Mu=t}~&1pli$%6-}oAnTSc~>lo?kk!mKJCNPli(>{PA&leynEa4=V zIaE_ySKrVWO~6sXLvoanp!~Q`*-;D0{inFAYmRZ^TSNGi;#xSa{hWjs2efiITWXV1 zxHQr;ckMoSi>t0ZHbXs4)j{w1rTaV`wY{kBp7En^Qy1U0(zbo#B9C8YCPPo*C@wOZ%}pnPo@O_0sWVe zlmXZvoAUo9r2#z5Kl#7^1zQT6|L2A6 z1P^qRpZ~EfGy*~6?CkSxZR5<)6;jeyXqeIbwzPDW3>qUOyh=s&=Gd`82pYpjT*kwD zn*m*;gg~ihHA(1XiR1wf=zIw@b&~mN9fV|t0)3std7+0VAu~1TLG<8ZOFb&2RDDwvG&B?k5|c=nL){5*adpHF;!2=!#WW5Qpip?4*@ZC` zl~olGvmYA;KRFIL4J8R15duL$xxIshiH4AdiOolVVtdoE6C@nlxwvSy6Z?vAngk%V z==|xb&9igv-N#j^A{EsXRT6(8DJiO`aY$8M^o8QW)CWCpUp^Wx9QOK?2&$SPDyJzi z!V$A#xgfO?bTTE2n@x@{9)~Qmpp<<7<5H?UzDRy=E}S?PGSxdyLVa}!Rom&M1Q(vC z5OeuUB+bl(Pv>^5u)g-%&slYafQ^xKe@aMSD58f+wfOT=UpyhiVzg`9slgAfW%NYM z{Fa5iTFtf;C{~-7MtuZ`J@`aqis4$e(oU+)%7NyHq$0z6DPLpXlAqp=yiI1}GEJVG z>EFO3;B=Hcm-PV|)s*!x#CPSO8`Z4!MbDbDd;a~8WZIkdpy<@-?qnnTk{pwRPfUwz zx8z*%rQj1y2p$T=Pe!!cD%C*qg;bE^Bb|7n*x3g@Pqk>OlRCD&NeZR?7C)Xnkz+?{ zP8d%#-k^VA^ezIeYaOof;QWK~nmB^OGkukDtmp;LN3le_4Ugi;WM&@4Q|a(eClKS9 zL8J^&BoP6XmDvh15t+o#Nl)gr?NKVjrPUn3$$akPgsa> z;$&q&#@cbK5w}{(mQy`qGrso-xm)%TRqU>4y%bFo>$e|T^2yEm+Srwy{DTgud|j&U zE#a=|daj1AA84jQDlHXvn8T=otbAmtD+%A2Imp;KkVw~o`l7i|8S~9W-h}N3#KrSu zjnURO8txT8Um2@=(C{fJ%Cr<$ z`>T^7xf%U{CKzw(xsjZe-{;}%T^P6xP|_4`V=zy=rp~xOfl%^zPx*

    4>Yg?NIp?mKK)GOLgx+brBopgz6KPA21AKyOppyjCi3?{=`g61}C%7IJ> zFl7v}Y4xAVpc9ZzcA=B93WW2G%^4l_y9q1aH$j4WVcrYj~ zeIffplka#?>j*|{XlraK9!Lh430#Xpscg_CJXtZ>+s6vRQ$)pLn;#=+Pe(-+(8eT0 z4gf21tg$f`iME8Ct#&{LEnC|Nr)~m!p5?VLk+UW;~+cSinL^KSjShwi8x?%u=zBf^yM7mJj8*z=v6}WGUq;t}zgp<530&7h^ zpziajTl%q&*Fp`Vk*Vd2B`X4k^ii2vH}QC6>!^$KzO$sVzh~;&!5CX*seF$Dyc~T% zrt*Gf)RbsyOr7(OD?V%`s<(GS8UBb+T_@cM@3W4245%{$p2N5d z_r;JR32DTKrh9a$A7cfx&Dn#Cd+yNbyXCVeZhZ??s14rpQbn9RC6|eF=aaf&%*C&w zO}SA3yOV*!$g4god{h-XlyHBg+kQ#w90>|((>%nbjQU>4HWOS6^7bO z57lXHtj23=iou!pV!pCKt+pzlYJ$%T1*N{*u@M$WFY6w1NH}JTVrb2jQm~eV)23pl=z>{ z-%>vrj z451V@H1OLbI+f)Dg#>V~ey_H4$`~5A_8qE6#k8p8psW_;L5G-be}!FD5#E_8#+fek z>p2t5(mA2YH^as@STZ18AO-ISbJnU?Y_~RJX6px0G#`B>)Q1)7!YuVY(i~7i3N8g~ zj@B`Hq7@Q)S_P%kZqQRZAUy%#FJ_yZqsr`KnXu+ayRs)U#bI{!aXoBCngFWY6=S4@kcOQ%Qp)I?=1!TN#RNZJTB&J4Z>)UJ!yIgj^#=c0DgJCvmztNNDoz%~vl+(LMrJrm2$%|5vqM`zT z(k-1lxO^zzZ9Jnyf&UClc>6;>q3eLqcUVD~@r$A)y-`LQK9Ta(A^xxwmx8Q9@Vo#> z0~D;tRC_s*@k1%Wfw)xf$yc$0-~j_I8pJ-y#B$#=kplu?3H8?1XO|1M^lIa?eJix9 zs82G`uWNe%$>f-cQ_HzZM4Oi!efVRU#LpwsGBGh*?^3rdBc?*mP<=6KsGkvx19I5?JhF+5lkQ>2{MiI>wMIT88N#m z<7R{m=z>0ue<1IH?LIM|e3Uw=ovE(Gr9CN|^@SqYE9k)Y)|j z@|8tZ-HIEdC3tuPkNN#=MnTjQj{pQmw5Ga;fia4t3LokUp_UCQ5I2e9LL3&rhGG>? zzFUIJB~1P<0tg@n0$vhsmf^C<;9Rj-C@)c;pJ@-&sgS}VE2q?HKo~08C{r(hMjJ3e zxrH1ds<0J+@{n8ih3hwW{jXL&48CXpL%5$j#7)Nb-Ai=5Olm6!_84u@W}|z2UC_mV zml|(iyoYuV8i_)omCGoLEbBwUHI)Pk*5~V%YK@NzQ4M^u@uT6~Z1%BRg_w6vt>b4x zT=h^~A40g%%+X`LoIgZMZ2Bp~LR@4xNPD$M>Tb=S>htwtnH-BI42Z8}2IqrR@kCgw zL;%%(MSf-j;dD}f0bddzKoIeUe=n5v(?dDwx5~I>mK7W4)J20~r+1~S*FLT7I!e>Z zNGxmjKmmgRF!F%xguzR){IPDl(%G=V4?S*bCAv)V`dK zeoLeQHg>tu18W>(uriP^q5Aw-hb|}pn3I^oORTjbw53c*I#F(KjU|=%=*3D@DZd*u zqhWj`2VMFYh7}2rc7X`HK&l%u=!K{+U)u5TGizjl4arf(tgO_!ocepC0#6J^`q5P) zt)y;)?>45ZI0Q?7G^Yd^-YG<3H+ial&gCA(%UXy+DDzaqBmGU@9(QKycd8YdogY5q&Ue^B?47q>v7QbQt%Ny$b_vL{7 z*YdyqlK=CbfZ(6`U;oW6{gE-x~581k3zp0_U~;DM_>x0Ad5uh9|`;}!S`$N6itl>Up-L)%}7 zApr|qAiww=f1MT|?;oe-=4cDX-5w(ECj@&60$@^VLl!~XQN z{vJJ%Kh7sIxwW_5?+NW5|Gz-Y2YKKdiSuO(`2~*g*Ci+Lo7^gUK5%zH!h%7pJt0V7 z3UB`37Qeu64za%yK@JKxKVOKokGHp*>u*yM1;hlA)7pQ{K);dq^w+8iit+tjZ~Vkw`Hxd3{`!sh@BLjHf4R{g+nfJ&diVZL zvVUp#U+MkMUe9k(``fNn_?i6g&)5GL3H;9bPuI@f4T;a?<{9uGa`R8tf5`9;Bqqe) z?*H*2(E|R=|NS3I{f|}WdE|zC?C?0ax!Cd8__y19A(w>15q>c0@*Kj=Sl`yXll|B3(c-y;6sB_ihj z3k;N}n6sOWBhvPGAmixj9Kij+-5nX;fkciK`-chQPo4i=asH3{@;CJVe_8eadx8F+ zvGq^&|Np@M5fbA6)Bp3I3H=Y&{+s;&f8ziAL7Dykso3x9|1Vy>zjqD%8_fSR{paKT z$M`=!-g|%M|Nl26{jXQ~OZ+zmfCUr-05ZaFEi4Qfoc9lO?*9DzvkZVrbgP!SM-6l8 zdxD|pWecM4>7V;){~)aYSs(wf{{O|f_ir)xuj@arAm5+yzyFr3|J6!=r~d#l-u83O z@9RGY_8dwPmJDsw&YQB5tEH?z_5WWL`Tter|A7Ag-mcys;^p`CpHG1AC+6$l`v3U( z1(9&Ef7<_lNV@-7A;b(~2_U?$q^g9>IrA5|PXI9w$Rj`fXRn_`{xb^5+K4WI2oq2N ztWZ&y01y!hDiI2z51>c36YVdw|2Oj}AXG3KItC^dHV(2tBOwy93>6gwMnyvdBSW20 zLXh7BU?MbPMm|||5}gMaOdh2C;i*NK%yM3= z#vq7@ipeV|Dk-a|-q+JNFf=kYF}1O^duZ?A=;Y&X+~yN zc1~__$zRT*RlKQhXl!b3dE464+t>eo;KRpH;}erpU#4ef=ayGizpt%tY;J8I93CB? zoSwnYFMjfc0-*j?WPjo8ANV3d@&y8eQNb8L`9cBtA>XJ(U^GTPbYfW@j0YYhO#I=P zq;jc6b=_FZ_jF-o)}CY7Zdp=vCED5HCT5%d5qY(sbyW%h#2^66&JHhiv^#zV76_oU0wU-( zdd*A_TN2YWj{q!8A#3wqLsU~#qE$_*Z_NAe+Mj(7rInPH-Le$*S&~#e!CJng?ZI3- z>=;7;nh4bw9FL zgq0ol2k&7JMR%{TT)bHPnqF^q+Hq4>rzLtl{pMTE^NSnlFEQ)VvB%f+-DBs0-IIb` z_eHAqI_r)Rz?*XzvVns|Z3v*?uFaLdpnVSlAP&W9D#FjJ(W>?jJY0d?G2sz#Yc{@- zw!Rsk0=Xhz&;XrACl3 z{rsYBI|9h2dv0?odtC%a0M0h?*Kx@=SROF><(i(wTTY#1S6-#?%02`zGbcIqIMAXd z6#-y|76shooL08A(eHA}on5N^h|v}cEkOVbRqVSbSM&YSDiR}%E7))W7`@?XYRn|b zv?|B;B4olMXU*!>0ltS3kr6?R8g^6bX72WG<&K-0F|3NctAnmFiMmB^_x76EptHyN z&5BJj{9@;-by~}q1^X!ZdvfvO(Gj{Cg z>aup}O=9ja2bqDlZQO*26ZE{}7MI{2c{^}^u~7iqcD|s-dUA0}fRiv5;>-J)Yr=ri zY(gvJ+vkeO%8JU8DZhEm0$A9+Gz%`4#dejgi7URFFfr-+MZb@S>}xmlG25K=E)r$1 z;ODK~*OGi&*LTS45kPe~0@x_fy6Fflxap{Py1(IFU2_&Fy)&KpT%%*{MhkXzH7w~p zX`m6;mVC5`0BW{&ETj^O+JkuZboFDd)h+F>Lrg9UCcU=Cn~t9o>}JK`52c1(Tw`om zG`)4oY&B)!%|Zalv0;9fkp;(m@UUkF%dq%TvxUKqK}bf2=?%IdAI0@_R&{3qr1Jwz zgI>0_(b!j>N&<2?F1s0Wa1q+LI5*#!ncVsPS50YEH^>s?%QY?Ln%z%g=M^BjdA zR}c3r2tA>_(HfA}>P?2N=3Z1YcTZjSTLgN~+xc}~i8tr?yDjK@H&28JPHQ&JU)Tzr zMm0UUJVyXVi<0O2L+0sPL9q{`-7a=+g7UBEdrKXaof2+qEhrTn4xAu>oz!d2_F9-` zvxnOT3tw^Ah$!pzIXlKqa#g5VU(S1z-iA%1&viSv7XzA(oK;+|Z5A$WZLjo8W1Q!_ zod?~rhBnjZk>eMcGoO6RFq9YWcKvR-O*{+Me8oaXlhBvulv^5$03L_+U(`hJOV_&Y z-tDXp?X@Xibd)|2niSa8x?$^lR68#Cgk68^yykVNm^oa!TLJKGsBI<^B)p#;uFyQ@`-`0Hgv`Ka$>L5j4GOyMEC) zLLE#Dqsv=G02o__XIZB=91+tdqgSdWVNP%(OIT-|06nq4o8hRBvl`Ej#iq@`C#O}8 zWnq17dgCWLH^`Ag;_7_lHGlvb?FV>b=_vEM=m^^3;jqQ!(*CIaruwDJu(-gp_;%XU zpxyv`zw7i;XG3XNibJOKR@foI&BT;<73XgD*bdw%$v+6SuieE+a`_VhUdD@5-k12L#T10IkO|zr9xVNza)3XFL!-dQs_{nedk(Q zv$3%*Qlq7PU~cy{Qiv-M8=IS~8}uC7gk3Ei1i&RJ=5gVDbq4`NtZLYFcMyN!c6B4U zwCT;KpW<%+7!bW^JpN-}dUfyYrsF#B_@uf*gLT&^aDDyO&Di>R*v>Knkk%TQzNm?j zP+xXB=FQQoN&2)FndrH3^8NLiL)lhN&{y=LYRn>sU`VZ;mb9b)W^l6 zs+NWZNI`HO-#}J!**RTD#w9v74sm+%yq5lcQ1uf(%^fqR{Nh)8etwM|4-JxXbAy8x zZ%ji9)ewN>(f&nf3)o2V_1Aab_p#gaeopM!TgcHo5E@w%_~XP;+K=Wo`w0D}WpbI0r(yeA)?hg;r+%7gK3R06+o6l**yiYr59Sm@h%33LX zG#!Zmv>-KZni-oNWYN@W15x9WH*Og`TO;t3fi+0kI^3zH)n}{G*>u{_v=Q#xhyd{X zx27-Nxd^n)PY3x-?5P~SyZ`=3t-h)K(DtaLbD}h%?CR||oRMqBhPIO$tMMyUy!9Bb z(*nNng&pm&n*M@4_Dkst`U}-dva<_{3%qaDMI%=|HT)i5YOYk0KDKi{iaYhr)zJGC zuQFhk{AR(@^yqm1Mst#ieHW$ZiXZkkUlh(*4Od&b9-59jd4kb@QPw@^hJ$xMjN&;H zETnP;TIaa z-@@Ll_%wfW{m3k#;gqpmkrZLZWqGDndUAM`eD}IY0DOSa6-MoNWd4zVc5`ul+K4#x z#_Q*^>y`bAT1SZVO8!tNrhmkxS)OiQ@0U=!=M8?Riw6QNjYn7eO{NQ$VFP7X@U0oK zu+!vgF{8b*xOSDBJ20a-DJqB4v5|@e2PuY8pS*;R!A}Te$4-*r>82JICzCurL(1~) zZ8slbH^}7*Bcu*F+dpzzppc%;tqLXB5uO&Re6h2jd6_q8A+tEResklTd@Mewbz^k8 zesp+Mz)}T;{%ieh`;XTzGOv@@rmRT{M1bU@MF8Ab2dd8w5H+gQG?x~X%c zNDV=*2*S|)Jx2^15I`B{esf5T)~fWZY1Q+ytM{B42S)J?VR-&L#s>wlKKnmH(2*0U zHpLn88D7)ST;JOMj=a-$|GMN7;{jbV zOH-{eJbgDG4;J!#q4Tu!+;duB)z1+*cj4z&XV_n-zV>+K7+4c^!*$&v#UbwjYgUG7 zJQF4tmb!be5$m(7yZEWG|9MBUPe9Ohq~9s$KKy2)rd|F80{9?)W8Erw9pJreM3iu< zI=gUov{iLBUv;dsFg-iox~TQh?Beo*?s~akZvWJC;&|rK2~TWOpx*qT*D0jIF_fcY zxB$5rK{kcXl&@wG#)!N@=-*gr^Pif4DFb6QZP zQHASx-t9c7?UHr>)NMZO2mN(fDRRw~(v&H^;tUz)uJU;0G@T`UQMJ2X8YX=)KP0!e zeR1J-8T5`UiUsc)Iom%%Dmy_~4cX;OjJ^fNE;}urUJ2}rYRg(qUdaBAnim(BPituI ztm6}j3F6$-cU*Sga}V2QYYIN!w6?ok%7lI}yud36M~=axrOre_9%6{OF$CVL|HZqL z#(&kaS=#0Xxrlx2?`$aMS^$Gzx9%O?C@$h|h2EJ8oxM)Iu3C9QuR&E6Fh0MhKa+<5 zwqAr;`tP2*Yn6u5A)k^`p;Tc#E(b$bssZ@d^vfMjJSylL6i;K>4$$k6V}2F{1in$GlfDBfg4-M2tL)t;$uSyOZ+T`Z*_bpSefrhb^?6p7 zTV?Q%(+knn?RAJ@pBN5K^qcefLkq!9v-2&%sXXO-$j75ZDm~{Q0?--tJGmNg`q4oa zOb;JB_;S>j5=;U2TM3JOXCky0-Z9Ri*9PKYk7#$LTfF#5!_~+aHzQU>-WOaM`dBSJs=@JJox0<~Q+WdokDb zrtG^?*(Kl2)HpnTq&xrKb$%#|KikdlmyLenfmIFrW$w5qbf3N)emc?@%7l;!@(_l^ zXb9VDi^ZJUpK3lr0N=SF?*2KQOJ$u6!aaDxr(rPRL}~lvBuj7;9!2a8(UmYf?~->B zxxSW#2|xCMpg@8JTHDD3_wvH*!pb1C+pS^ojpzq_HxuM`K6=f%%m$a46D#b!8sazD zq6eHkhMl;LL*gqB3l0`0v=5Z~pM;%0Ylj&=dELDt9Zk`cPv6)Ivx0||^Thqoig57` z!*oCZxEeQQ*Dt+YuoA-hTF8zdaf{eBQrKbL3Skf51uYkJKMz`t>ER+-rRb5y_YXW% zf{nzz4kmfILr*0kdnq>q-%%SEGj&^;cF-_YU`ao0|QyI!TYei5-W;Tmz?|;jSk1yxgnz(l7-c`0cAX zNQ{8M^|J=*CkFe`IaZknprPzX+=eA&uCesnRCT&D0>C+~t?QfKT9@%1x71hBg+t?6Pm(23TV92Y3=sIg1{_CLEc>TYKy=pjI^ z`5K-Tz$&gVE*brm6~=rt=z9C-jNu8Fk2WCR~oWgMO%5K$-=FQ<~*$?T*?fFg3S<1~79cA4i4@MeK zwx%^|c=D?jkKjkhW!Du+<>?BnGdz^skpcmr3e5Q6@POe~&eKB36lMs(F1cOFPB9M?usq; zoaUpvf%&E`^MJQIC}9M?HDGEEs^*2woS4EkO%lx}CGlOJ~U) z;=y`wjb%LH<^A60)R#g1Sr_*G1t56z&2X26smb-rY2~q#A!VJm2d8c3)%is&qNwPd z6M5YbVkrVuWS8P^S>hjTJpMj@_ljp}{yBwuUf-88gL+s~bCI#7KezLshSPbw>_b5f z{2=jNUU-Dyg730?)5oW$xLhhWukk~b=Y)K}`8DOaRo(eHN#GVIbm65 z2WwaS@?i%geSXCK2tcDHG&%;#QFH%a1)7AK?rkJJEZ2j z^tDM19h`mH!mX#(?TWLkJzY0h3APb+(0Mkjx_cLjEJm|;6ACi*NGfXGrBj2_bJ|O^4sS*s` z3<)8+^!YHwFC$+rOsbNkdt14m+CTfAF z#66DD7|#xM+3bY5Pwy5MPzV$xlNZ!2{z#|^RvquGuWsN9(}xZ0rmoPkjjs%S!_-|tHnn|XjVGPjhV+iDzYv4l*N^1xNwuY zN&pwNxxv17fNC%)cpY@gbsZ(h6=Ym{^La|JZDdw_MLG6FLrwXn`+z=1`pw=6gyhQL zfc1Je4ptL?CA)l7<|Kk~|A4!*qyV12o!jJTg#aR>JC`bywi>yFPmQlLA7rdftWXHi z*HypPN-f#WRjPZjest-bN#*+%sTu^^R4Ob_I1R>L3kHYv)!*+{3|6j-DOd>TOxT~C znnD0eD_U^QkvQ%~T4kea;soZQDZ|}`@3l$=D=3R z#>Sp)d7M*82@Vt)ny&>g2m$593c3(Ra;qe1v!>vY=iBJ79S%MrIA^wd+G7ju?e zdkL>_4$4AuCoWl4m{l1yQ55EMerX2vBRl`z8~oeI=iN8BsB}}ii_dZax`|UV`g8oE zmE>9Rt~nav^f?4DP}NwvP`~tSq3L;e)4)CtEH%Ag(rvc+27C6>Gjv+I{#HGF`9Qh% z;`I3eJ_6{ICTKS)+JfMQ-hz9nw!_}-g$FhVx(@Q-gtQKw=IOL)PBy!+*wg4Jh74e= z`QLdP@5AxRbO_SwQGZlF1*uAUEoM1x$|ZEzxO+zDwS3LWEp^xbX1$whdHgsGE0_l! z!u77*Qnvm8JsAOD#Uyecx2dV!MF52epojB7xF;-XxyH91mQ?xbF63df^5N0VaMyNEB@9BfSWb)_N(vU5Gk8gh#9;lY2r1<3qdzZCu@p6KU2 z0W?G*W0I|7{@;O-rybv z!kI)7FkQ{PbzdbEvCT^i+Yka&I|AD%yReAIk+IRyy2!1$FaU5Q1Uuvs1^5S`_;{lP zG3i)YyfOh*m_cl6b)&L~z(fv>&b|eH-fcc;nE+b4EhsT6;c3{D1UtRKu@LlzrY3uE zo0ofgKvz%M1H&o{j8&rzlXd;N2lY;F&3JgTMa5@rn3y<=nSBxY#JEf>j>wcq_#l?e zbf_$#oPv8l-5cHVrStRlj|XG}C?Jg4V`!cy1N38h(FcS@xRvKK`Kao-?m(l#AsP*b z;8`2(!3WPCfoU4zNInX$=M0Ey(gCxOSgr|7s(5GPdo`zu4mn5#xgPHv02h(I3C-C7IM?@ z8YCJhKD_&IYA_3kK!=1ykYc}a7b#CR>9)u@{<JS|0aUM0D-Kq}V`)gDcgf2TRLzF76Itn9Ynkpl$fT860 z2gb0ts^Phb>y5Ulu@cS!*v~CPLv!G>>k)e=sh0HGe4}3xGTO*2ram#=reAWK&555G1{^3qDO7Dz%*QlW$MqBLwzL4NKF81+9If` zrYC76CP{b^n@wanBH`J4iCh`?M_=rql2M5GlnsIPWW+$1=-gGJY`;TQD4s=ze8J?=* za||E2+c6fjCq4gq2nai`lkH)Kax7r1l41Zn9cN|hK3@03mqTbSRV=$CR$IHn*+?H; z;FM#Nzp#(pbFhP^F!H{a6!AzF!yV73hoi{YZmqi6UJg<9Off%jWR-3vk-hT8NV?nS zjJtnGrFN^fEPZqXCB(Tmr3IDk4W%ad?I_-{h_DEegbl8X9OmQCj9ku)W!8$+T__(s zaUYAMnwFP*?nm#EeFJ6Jz`>l6x&`nfNU$sMj#~PtUu22jZ%7Qwh#+~lV9=R9$s;Hn zK}7j!oM=24j3RS6X`fk|I{3=bnAv^lGkBCuM9LAMQkU`E&h7?OR&6KEySh z__~5Rxe^2MP=0Fpy+pakm`N=gkqB&#gJUKc2*|cw33o4gaMn1={8o}nLD?H^Otl{& zcrTNw1Sjo1Jrn9Z_6lx;zkQ}s5{`~8&QXpcKWjq!_(IoEMp^vCVd~2~`)pKM z)e9bU{)niX!m<0`RP%#olXZ`C?bTSPSPBp7@SgpkW|v;2zI&3Nj)0&M%%{2KRnTXH43 z(<~J6yZfGFg46n_t4S)Z-u49aESFaMNwni5Z z6W>Vb(JCB7%O5<~5^ErQU}dD}n7_TQXg@S4(kc2>c;_V(aTI!T6VZ4k(diw7aS_`# z`48?*PKU-<%Eo6y%y{k!NzhoFqWkz$OR=%yw#zPe`NRW0+#w8CKmK^b)arH#llM~O zeci1p$JSob9Q;EAJpoareRZvgc}65)Zq@^)dGmwFtk0gbq?9nGoO(DJ6H6xOp^6C` z^`_$X zGuOjic379oY^j82OjU@5Q-NY-RQFN_3Gdq#Zn44cbGH$R4%O!JexK*~IK$`*O&;}}goSuOCc+S4E$p!_iZaGzG&->v?M_Rhvp;=?Z zz4AJ0))hziu`Hss&-2Zx=^~Q_o7KepG34y| ztx}D8`7!o=#du@!ytGxn7lo_pM!K&(O6!mGwDKwRHNsOsholh&~;0SS|B+S?lyOi*wKTa?Icihd7CBf47(*aj+Z`%ODBG zI)a!fv&*UCJ3(4YOt7)a(|(BinW_wh-yVg_#VFB=Cy`5}m(yv)Qf-W_aiqqZ_&1rJ z4BzAAFp^`|{pUPL#(VGdGoT-qXf7>*Z{W!QWeUiVhFK;EJs<@$Ck6X$3hrzQwn+*; zWh${~D(O}Vp-JkkoK&ihDU5$c`TlV$=YLemf6M;=uk1O0h}VB^|Nq1Jf292{Ec~ba z|A&P89~SyM`+uVnU;PfYi#{zfmv(0sC6YAK{;w&|NmK%*yWrG>p&}gwNH2h*g4~2R z@Z-y4S5dT=v7)gqOfzLl*ORxA{(`9R;I+k(-)hspWdFzit^H3H^)qjGW!z&cWZrJH z*;OU#6N?>!^Rtb}a4N{ss(hlbpyp6w-8lcKl2+8DsA~ULl?Ft8E|L8Oxt7E@ zX4YjzZ6)AGW#tt(uf0i_lfhrnF|cC-z}R(fh>;J3rs}ujtqYyL-Lv{c%ov0w=jh}p z>dyz?I4Yp5o>^A-}{e zBXTSQ?s8+p9NMZ(hBX=}DT3+R^$FM7t)!@pwXL|7$IzXKRH&gc5nV`trdwlY5m1j} zo4kB|qqR<=H?$apyz|y5I2JK#4!p(TM<6T`D7E<#6!R4}6}1C^A~y#@Nr~aq27Dcc z>bRhtuL?Pe6TcwHVknXOn}8#a6Q2mp)8|v~i7?DT2PiDihZt){00O*1%a9k*%g3rK z`A(xw->V0U5Q2KeQ*dZ9Qh_-Q$A z{+ke^MUT}hX7GVsoMW_K;B7W>OuVOxT<86uVw9yZQq4@19}YDBXN{!x3O-XWkI9J{Ngvjvo$bA(EIVGEs#;{BM zf>t5Y8x6#cexZl~HRRrYS{14~-@MCDO&z5FHM>M9@_Q*wwPE=5Wby>i{a(JpFs`<9ZGx#me#$g=C#j6e%sFccs^F137p_~yc{HzZvB;3-_w zgE@&fWja?BD+R-nYolRsIk4O5z`UYQ@g5Wm>hnDg>1E`t8aWV~-<}|pUpngUwBn4? zHob}>lm%T0z9*k(x^qg2?XGh&kD@Tj{nfkkdE+zJub;;lgZh|a8Kc4Cm|}Un3SH{% z@(gE#-u8HPlb8aE1b`)bNx!^Z{%+I^akj@Ho3C<86ap2CLA!O;aUky`>&uM!j!F=~ zdCnOHlN}@{7pO;*SLeBRmWA1J0-#}%x&?pH)w+ZqV5)11zR$drELOLCAu$($mF*$2 zS;e%3gl5);bpiPPZo!A~bdZy8RXens43R$!gTT#hb+fYZ!Fxf#g7^{?-ir!sefI0v z!(0k>QY!$>L=bN-E3nB26!HuCbw=HFVT(U3Kt+c^fs6g%HSzqz_-R@!h7zCM0NUNp zjID54Cige+p6l4gcP50&DA$*k7z1bBM`ShL+mYE!kJl2=4ev+f`o}U1Pq$^py5Ll| z(s2ZCM6G0ugaM>h1R)<3*IY(%OUq3<^f93btk^Zsv5hhL66YdBHITd{+ZA%c4+qMQLj<#e=|$Fo6#e z#4ojyb@ixj9SD`hEphN_gHSE4OJ0&_6Z3M2eAo+JksJw0PJeEme*nGp_W9=$GD|gR zb#(eGeS>JxQS9WC6zlMZFXI{8F_#e>O9R}#7@lF@F|^QS@c3R5-lH)oy(WD8x_a~T z1B{&6lRajj6a|Q7eAY{j16OrM2XgI2R0}boToEs#QUg#3lJ_FjS^L*RjS`?*K$kQg zb_#U1{iR@86oCB#1<2-1C;eIQ~iVn$Vv#W=dSE5h+y z)vyve_wrJ(5SNqz0CjvHkaRtW7O0H06@1AiS0k*v4K;lU^?myD7)967!yQ-B6517h2xj=TPUKX3+uf1@ zV}MNJyubTm+l)1k&(;Jjis$O{vy^~*Z7R7t#Ufn zb>YUO8nsZZJL+IUe>?e_TPkG{qq+IiUF=VsTj@0gaWR5+B_(uuRPi@*%kIbm*j7uk zzKk(9%(d(zWrq99+D}Vy_;`|oOuELjh=_A+wr_GY-%pX7E{PWOO&;CHDnBl#lK93> zYv1nhxQ1x_`%2aucaxVnMeiEiGxOS6P#(Q>Nt1V;U}p~&P@HSYeWuQp%)S9AZoxgU zjMeGa8B)0=PW0n5+}eYM%+J%b9n4j@&oSHjk3}_y+x*#4W~m5;Xx?(G`WgnS*jTc& zYwCRS0Mo9|4Bs<;I=n`WI9Tm6O7kl=80d{t${EaT9qB`8tDi%DmtSK zt6N#``s!=lC=hub^*HcU*lVt2d%t_qiE+ASweP83E6L$n!;^}PGFdK{}%sd}8G=pDsC3FD6T0|#J zXM-9|m<5SJYwg;i0*KkJV@@M8rt!Vw)o8QExWk&YdyFS?2Tu;N(}U(mS)ymw?i!Y} z^MXkHoj}VEwQ_SAcPO+j8h6~iO9q2C+4QU`b)-P zo>C{f_Kj%{--9C3Qj~mUa0a8p&h3SzZ58RG(eXG0edK8lrk!q~nQ&lWj_8F}*a%0R zsY+#{lb>kg8VPQuNs@8kEwLLw2~n^OQL2oDCCCYgwFR{&BssDp4y|mY`N%@F4SZy2 z`h_2>^NGf!hb1aP@5kzp$l>(KJoGuBaM}=gCg^yeEx$P}QT8%2e^v7x31-;)M?&8N zQzDHqyPN{n(VX-moovL+$|ET^9&6o-o`orB+geh3>-SH2w$+My>shtGk2>!QdEkzo zCxjCMee}{xamrB4tsFhkP#8_=ZX$!!f^cXEgYW(NK!`hc!Lcm8fcKMHZ>LS`9D79y zGO3E#=vI653g%6WhEW1Ozt~s~_3zpqI7L1$*aHP^!z^Gzc(L}XrSVHPI>FiA?~M~l zY7;-tB$5=yFZad`Lc@DS0^7%Ao3Kj^0YDjAi}|#~X$xj;bU`8RN8N z`M-#HB5N<-@K9<|?@2XB(u#l5Mr<f~;zqSAI&r|SCQV5auzey^2Kq_%S zD%IOm8r9T4T>!sj)%=gX{%_g;|CRCf5Aps_?0-Q)A>MyH|10q4`QJYz+W)xF-`W3p zuTpTh(G5LykVZbz^7o9gjLG(uFuH@Z`q{ORr*47Tx5f1Lh{$D$JKi_S+ejg%0i?~p z{C(k`9Niyj$*V%{Zh8-nVkoN-=sQz;&!3?HP3n%-@$8Hg!zL% zRSQqT`_8rZlFu*#Ong0}+`X7|9^o1|LCtMJKab`<4JELMa5ji?iNP$2$Me8V)C&j? z3Ny5imZB1E-9*<^Bq#f4xi}Y9JbbJp0*z25CV>2f${~F4=GlG#Um>wyuJa zf?KE+R0_4-101;3aksYKLorcs39|`hw3zqa4~`LWe%cBxDXVd_c#2&2Q(P z*!8i=1WQCl^gza(OcLkT%wY4rk^KXKmyG@b-*q43QmR8Mj3Z(zmTI{zB#NgDLFk8} zXilnkbDxZ3moz$opuJcG%q5S+Qq&Kz2f0A9;O4V z43Ouwxt2d>)sD8;+uq99FBV|LR0~CU{{Z2y=2%tna%Rs!?laXtX$!gBk{XQrm=u+{ ziSDHFJb$!_)A6u64xmPP!}XX_dVo!+6X65lw%b!ON+Me&;lz(KJk);M6G= zCKZObz_-gyU2z=TOO~!};Zu2$ofbL+A*4c9j1)tB>`N%z0S;-v0Ru0S$d9TIOu@LC z{ELzNUznE3NUMpJ%!FQTd_mPDTB7&7e*9s??heSk7}Yi{$2xoee62XGBh_FuohY2S zRFNY%buCltVAW1@sn7O%yvohd3Wd67G5#~jP#x7wFw-!dCJ00rnxD}+BK9LMI?&FN8ro#Gx$jR%;eOUMj{}VC$vky8N4deH9zggB;o3hpY zxWBa5w!de6H}}JyB4-K&*HEQ;pu=gqGRlJ!hY$Nq-+%KV}__(s1mGSg(o%%F>V%2;5ms_m8XP{SZ zeN%~JpNIJzAHiB_*trfrVCjk7bNy(F@j|KPhxi_yT_2l87rWnXV{Q z?YmRzeZd13D9W~KA>UBXeP~zQqmo)ZmWOENA&X#sxk5SR`8qg-yr5vaip zigIxvl3BwznmwOcOdMq=xre6qx5E)GHqAW)WVA(G2La#~@g5CBPwtm>Ot{qxOIc&V zpo9-kc*Ufcn3T_(J{{IYaT%C>^H;+dO<$9c6utI#O~T5_NMSunCj-!I8v*GLjL>SI zx)XNaH)C|Q_;U{xm#m!9puHEHiqxU6`l~3Q<}mPfW7+1CSv*8eK|pJkQ;?uV@$l(D z0(W0Ew`>~z5V3ELTMItD#oGxM8diY&x)=OTZrW9@v_q@b%?HE3@JhG7e%9l@It^2b zzC(K2+(~a_Pb5`|NErpQ4u(pZ6=bfOjczA}!xS-SoQU`w+qe={+TUNA08l#&#u z@tJ;$__P;;1&vGYQNijR+YAJLe~r)Pcy_z~WZOG9zQxmV5-PluUe*q7&WXrepJDX( zyn)}HNcqvCNHhALQCfM~PmbeN#iq~rWIu= z$|==O2k5GWev1ESIZg82>b{~l&RAvP7i{&@vE-}!%X?k!6l9c79NotfU>C(?dJ0kU zU0)}7?M|TJ?3K(G+}z?7Ps%(PYS@ytO}i6u9*If3o)~4ghX46fi1~Zln7fO0PF_&^ zT)Ff-{b--1vK%_Pk6JeI8C}DqfU5fgX%dzDD2Yln_gCJFHLH9Q7YrbM_&CMc#?(|H zZmmwcR_P@=bwPpfFq7V2?In%@TY+3N zUdeBZ>3-BSByHOs3~CY9F9}bCemzQf_q36cVc8icS<=OYZqQWyPQ!~@gQwK~$G1^m zD5>L6Rj7X2HlHxJ;0h;w)f#A^rnb(Q38T=2)$$IMVfSw z7Dyn0ki;ZZDWMlp=>nnxDjfw>Y^V_%q9`aTc2I1H%CYOw!#6uY4|??IDfj;G?|aOn zWM^mgnl)=?*1O&{lf8p%&Y4qum!2G$$jN@Au#_L!9KUScf#AO5g^#;eD91_`cAI)` zwtICn{-E^LE@?&?^I}uOJXnaD$zHdM^V{cKBRzi-EwfmQenKzxlJt8?!ADr9X5KvV zEwh|LUbm5ix@R$Jys;sSF7Y$y@+EcRykTA1Ojz2>6>8${K?uLx<5PFqyB-AI|8QOE z+>rA$3GtHBZADj`PkJ02%BKN8&eX@4^*@U}Sa2x~@#46SxYix%%Ie8ua`4<&O5wPG z4VzHRpzF)(3KCw-MZP{U+<58fdhda*ox_dD0RePVvsJmFa_FA4_1zb>&*iojIz5VZGd( zR!f8Falrvc82U$B)fRXcI;`lqn>1gdOW?R6hyBXjtdd>LXSe3Q8?9B&K2UyPktZ{~ z-2CbJP5ZB5#tD??>ipJKQ$p#Lj5QDD@no1P?1sbkah^YjQiNYSYbP%6cB3C_D7dlH zL96@M>9SuKMlvuBp<<$%>z&DU0%wD!Ds?wz4#0R5K0FGYdtl_GYh1^&KCx1i)^H?0 zPr~J2h4LP+K5%|OMBa4&Biy+IH&4$|a&SOMxNWu?x)D5nLdQTC?#)EJb8KQ#e7CMz z*E23hk;SK^i@L3UYwB=y^ytLND<1+4%}qAP@ZU;#mgI{b7dR>uwC2F=L9_Pzi`Smo z6C?G|Naf&Bm-Kf%t*KAz<#Lv6MbZwaqUXNKFExM<^;mMku_m{n=SM5nU_)gg2 z@r(9#DUZ`OzHFC0H2OH;{*g$;i8Zl@9@d}x^>N7bha0(v-|uvre&-o{rs0{DgzLOj z<4dnUAZUBS#dsd;Tojx8DlGK%s+aaD&rdR5NTj`bt)OYm7hjG1-K(b}#hUdA>XR<5S) zO6%;5ixk)Gj!@Bnvd z$_rXuxMuBYSWKEEg|c7)%+=oAD#vzRVSGI{G785(kA{np^x;L6mA9==Sk=8JS$IER zMrNKYPkwJs?eQRD7h=12M<+>EOjcHML2~teVH=*2{bGpVkcIM++*|H#YruC&w$C}! z|8$Zh_Tr`F+`W7FM*KWvm1N}|(ot*S42%e;G{^2Sm}%r3ZDrc}`(lXrjIfK>nrf@( zng1G>{x&{C1|}$goR$oAe^RqgXh%S&^%O9AaS(9Ic=7UaEkTm+<5jppRPZUbFsW2nUt3q$=b5f(nWOLXVG9N2pnl1U{k$Q?!N5D$3 z;+(Q&eF1)1Z9M$Th&i>=cU0$uo;uaOfvR?LM~p|;WX#U%To<~$)CI$^_OYYIk-C9V8rj`+*i0aC$>If;f?^naLYhC85U{EZ}f7ufm;tvm*V;&R}or zQ`T+j^ZTr&hr+K-^Iq}FX{_iGA~2jU}x2W zAWf#1PYOR1y(U!$xn!B4U3QTuF6WJX@xmin^UJUUr@T$gNQQx2JLN_m!Z-L^Dtjgu z_A}OI%cE}9HJBsN5_X-Xvc+6|D^JOqFYlkPF~G|>sdmZn1h@GmKAzJ&nsN6Q!9v6* zq>|n58r`b*fWexlw{nRN)}=!2py^g6p! zyx|_Nxs156*Gjvukbd2m>y+eIUwrL|l!9I9@ciX!V)P03NXbyR7*z zjTk##Y<8FKX&-shM$zo8cf|b=k>}5&4k)69gFN*l_~i~gH`cK`Y2`EaOZ%E)UPV_M zd17&z>bj92=knv}mRzTtIz2omha&qfdaHyt@$xGd2%o&#tMH;57jjz;Y2{|3pbzsK z7fa*p3SS4?prLonyQzKne6VgN`~~-Xq%f*~%^GzT-Q84Lo4BM!GzncI$9r6E zKi)Q8gpnRE#wFB2kl>tCTcDE=nv-8|4ZnF8E=c5sGgk|7T2Q!=+Cx61j5Q1VB#TG9 z&<1q~p8*Tb9pH(b^_Id+o3jps=@nQ(drrpM4bDu_0l*Z2r5vo*>IvHfhpb>a@jip|KlUhny7Ju8U@4~6iJ?;UeM@xKhxZKDo}*lmzpLW^ zzL>oLju^EK!Gx%h|HrP(bl?toSn(#iI3a{xB4mjL4=dQTNOq5!?hFb_((a zF`_i3b~K=-pKVqO?e{dBShT`mTg_0q!UF%^!N8c>LJoy(i`*QCl3J(|d>BrJ3s;t> z>7Y4fQDZ&Kw~7rfp4SW|7VtgP*~}SSpUagWsX_?2kQ6Ms&=!YYYTt5kQ%icQY%IS~ zuGB`F&bB&m!xr9!SBEOkmTvNH5AxVQH8;NqyWtKDZQ0xmTlq#cl0!_Ta1wW>ELmCc zH<3}r+u7*|Sh?brB(=cSq#>PG!(9Tx!%H+;-P3iDZ36n1bc4ah0*y;0Zu*uZ+z-z_~_dU6<1Wdt`e$)3Gsy|*7Yl%Hv{|3&f~qNlq-BIcA# zcjMWI5khmPLzvRb`a8^@SariVnE@;LUcCd-5>f8NY+~)^x5}c;@cCCzU5m?rcyF;B zz#CDvZEL&Db5!cY`i|!rJKw|3XPaz#@nPq>x%GwCqKOeAyk~;fe#o}V92*Kj25ul| zL^|6ip4gwtNEed97(SO8VXk`OvU9n#w#3_uNh;cHAvY#scbJ|ptJt|U(&ZtMw*SPv z4=o>Iy@0#{0gc+_&+BC4xpa>&26*<4>3c`1n zFlTB$qW1bFwaB--r&r9OnWjl!m~-|Lj332VWB5)n4IN7y-diN@IKk6(#ds`ORjKisNmk_f`_hex>|eAzYI3L zCU>2(XG_hKl8s5+g-;^d$O|v6{FU-s&&`*f*xIQqxA({F$w_yT@F9Hd?Dr8yWo^Zj}E=Nc=}4(h9f$+ z{rrtAdcy5&(g?@&)!uDV@0p3ym*T_Vp=ndTaThNol;$w%UauNZN^Oxye{h+)XiMs2 zd+s?8R+ajsFOW=qBatp|l)=o6qxdY?*CD{^$H1fDe3Ge6uQRULXDBLX48+nM3}N$Y z`6VmULxf>El37+wX+{aDVk3-B3G%%Alrlr5p_3U6?gCE@v%GjS>=LpTHPMB0QhhIF zCR~oU8eBXFmF?}2Et;2&Pe>A1ihLH&=Z5FrUAq(p%fcyVuDhH}sLYL0#@vigBJFkZ zLGt<(!6x^>Vl%pj=R=!&OA#ncI;+ZIzePD7m^za`gsy_5yUy_6PX|4)C2Ls}J?TC!b~8QdaNd zO-ky^TZ4xmRxS{5FBni>y&F91JT&jPU&6`CLh;(d)4T=ej0$cf6qN7fvSFlLbcla& z8P=CqcxCU}D-H$cMhX`T7yQx(o|(MnrNg>gk_AKY0u$M*_xZ&L2^T$lkT>a9^rUai zi@c(zeT86O_?-NL_Z@;Vch-TsQ9h_#Tj*EBB?aTDDiYXN^oF-Y0bTHG6Hm3@T3CLu zbaS!L$>N($MW~0xLVP9LB<=W633nY5md6#3>@ArbDG|O`_|j;d9AVv!H*4SW77W=J z8aJ16GD|H^m59f~C6KEf_pPCBkxX%USmst$y!>scr(?Od)N0@S@^^i6Mc=M-ODwjK zf-R6*8KzPZVZ5H%H+MyIDMG58RJBG!YW+&b^$~p5)u_rW|H_;zoFgd2^^VHIE0t^C zRu)NBl^9o*5mwYKud1x7s@_*s-dtJpwyIXDx=iYSke2@&)b595{5}5v`%^`Kq>}IO ze|>%3Kdk>6=;{32|NSGj{ikJq=l|dqr)+wEYT|x$d#kRsDd7Bo;jeCQsJ&zql4-kb zfN|~l7XPF~Kv;9yEG1a9}!A`FCcImpey~Vg1&7hg&w9!SGYa zShpc?!k+M0n&k^T%*G9P$Ybr6}8Gwc`Lub za=(lfK|FK9BT-5#MJ&_plU(5G$=u61-T1201vls9hQ<)K;mA$RFbRPK1vQ=)#}^yHy}2Q3a|_sdV|9+w9+y&9 z;R>so6YC)myF!FJWSN!KMUnAEAJpGQ!IeGFpo{28OrZ@HZ#ZK~~pFrdH+Q$$L6V z0|*&+;TZo$)w;eEsf(wV>_J^_7~OTJO=gLTpyvL4;^In&)I1%#dv(VviZ~xv2A0|j zq3bl!FEwsguVZi)yqoZPvA_^{Mj$!6$Wdn0`BYiz8<|H6w$(5dK2alBY+jguTc%}N z*FFvUO}VXCrp#BEgkCM_9M|aNS|)8qu-iWJSS%{aw(32nt1v445$7gkerB@ok$dQ5 z>@)t@>#8@dg_oC^9WxUW)z`$p*3TbY?(B0M(|>IrVMlUh&s}s5SN?-oHBR0)qB;Kl z-K3^li7Wl4F;>ERN-5{OMVTvk5f$q+L>(fzjS=JCLa~%_UxBz3uX|n*!a-v<t$JY(7AD~Q6mF04t;Np>6!MU}Z zmrHEIn>+i3Q0(Rs-~YMK6)3=ByW!II=!iBWxTV08_8u7g0qTdBNqIH+UcG z_!g7CV$rHMmDlnTQs5pM$qSc6E(+JUAqOukt0YW+&S%9`QFDxeyCoGyFxc@CjRaoWco4I_ZP%gL;t~ z?mAd2uGDV2<*1M9HmQW*;#;!33LNr&^YT^t>F#;QxLv}oWI8Mu7g6Hgx7fJq(vFbI zvF!m;Hv*Tr8bpAd`5zuc^VoNC+4;{;}?$fqN_yV5#!4#omN76?v5Nr8bb4y z*m7taj!6e`ySzO0F8hY-CEv}pPD-||9EoQ(448^v3Lp;)jO`yDusESHUNj(=Fj}&( zOgp^`m$&i6GzCjr+kJKU=)}{36ykh^p82%cysa9GOF71=)q&8ptIQCW`*4k`QRTS8c}9AQzwHqJARWOWtZjRAZe)asesX4H z;*)-!$obiq=cdoyTM?cW5MJH7)=hs-l5N@5H#s%8w!`Xq&L0a!@#EVyE-YU6LX@|L zua9i}=<$l8Yqa+x+rZntqy<#+NCN+0A`Lg8Yn z`vvDc%ht`Go~IOVqkenbmA6hoXI=IjuR_Ge`3D&eor$8#d{*LNS-AJ7O!+0pR`p8m zTU_6v5xDX^Lo?E{;LY81nO3AsGjHw|{PF|^U8#$QPz`cnk z*A|b?NW)@wY9g23lj%!JZ9RVMnKmqH_w6NBet|I6ecf*9VX&u8tJUx7JIpa7a5nN@ z-rI*;oXKl7&AW+`fqXZW&-JDd&QWv{Cb7Q@(^RVvI8?7wUu&!Ni$LjU;zh-ID+Sh^ z*(DIFeiT-pc*qu8yVXH=0TJPz_0liK*OSp_dC+JNF^+=}zM#+Z@QA($GXi!>62HXY z`1vO*b4WZ*Tm7WY4BWm166X6K~JA zG7jz$eBsq3-rb>ls=+J0-&nf>D^or?oNHynaPqiQ8|D)2S9gkwW8g)b-bTJ2^|!V= z=b$S+^e5l;`&c!6psjZq2{ZWs^Yb%l&dOU8McU9m(h@M5Lm512)O|4@Kj|fayfL}r zwcO=_jBaB6v^l3$V@cbdjNQBRniayYaorFwvxB)vRx~1t`SQ(o?sQq$7S-Ca!jqyA zEIHNAwMd|ZlNiBUweN)M0kH~xe}jG7Vo4io)ta0t^fg}ADpGKKWe%Ns$k4z9f-43tTGn(yFiW9`1&PKJ!)Em%A8uejsp~i@+GG)||J&pn~sS zZEfwNjj1PIM-_s{ZyTmBKNPSeYbEVco_Qeic${DG)Pd_IX^$@4I)56eJg0XeZ++O! zA~MYUm9}VqRKP~%gf{N&nw9tWdvai29ohFt^E~qmqomAJE_Tw>iaQFo?4i#+yy?7+7C%a!V^C`QHvPxd=BtJjy^IfdO+WVJM%GoW&``qcgj}KI5vM z-1@LLN2l`P&7(d8QkA2t8XYze>TKIOkA~J?aEew7XfDj@+P@06E?wV`lQFgEPIk-W zn(N(u9ObohOZ3#6sj>c#c|8 z@83(i@;Yt6o+0MPkf=;K)EIAK>32^DxtA-#E7Cymg|h`WY{ed~z&*)RCzG!j!bRUC z5AtN9c;mG^SM5KcKOPb5tK@ssH}$v1RqGAYuja1UfbsG2PMhl;RuK_uSQ&({_p2Al zvf7(O+oLn)D>o2lymwo)*#m48&#DI7Z11KdwF`;Kp78s(L+bQ}r$iPa6-C|G$2P^M z;+j_ZDZ31d$zAA-H%VCK>b;UT+g)*tgT2;U;3qr>tIb~PZ5qrg@q^ZS$>{vbz4g)Zy|JV1-`mcQdJO4X2 z4J#|%@oXOg$OR0KNG<{74=}=jfQ0FbbGB_gBEYNk?tFl2_tWp#TPgP|EWMuiw5fPb_7%~S@ zRSjRQAmo*np2?Ms6G61K&CSng&lkYeDe}U3*QpfymNt3Sw6|~eYZZy--r{j!$!U*m z{)d~x+eE_WB6f5TujLG2)%NZmI@B2J(YDEZ?wq+EkDtPSnY;d3d8NmkCoe@_!wV~$ z6S##%DhMrpcXen)XKT*ZoLH;p?)7TavnNKv#<>=2(aIWZCcW-fik8CdrtNGZxNxn@ zCd7%Noy2>*8Fw3y>Wf#(*}yNSa;GR4$`3}_XJ3`6TZ!Bb8+gMozD%t&EAvaA@boL+ zw!buBy=tkvcw>QpS6p?o(z2$bTW$QMgj$}&40gGA>M`bDUuFCtBIgWOnIU7MSI`_1Tl0?~z^2H&ms1LcXb2AR5gj_NG}0#-oh3JkIYHNgWZI@72|wKnvU%9w>}c6Pt2`O{-ntuVrlILoF$8 zS#v&#*(~VHI3mwwqfm)fvc6~5a*Fi~x~PrsZbP9o;3;9JcfdrI zO`_Wy>sw$PyAAe}4kS+yR&JVF6l#f^>zIDp_S7M2P2W|$sYaNjBn+;05fS+K)I|>_ zKTI43YwEr2QLEb`_@Yhofar?0MlKtrqF+v!k!(ex-&Bh(^5PC`W$=nK4`?uX9Qt)& zg(^j`Awxq|wWFqL!ipS|T~{YIS*69mx$RD_eo=xoYaNjMMdguC@CW}<4Vd4fefm9u z!ZDU3t2Nu6H%BaOi#rf=AjW8ueIy}%N#fx$kMIL8G@N0mJ!E;zq{qo!NT@ zZ+)|Sj6C0E-*w7~T#)S@|84Dxy1p~8i$NT&ZKJ##p(Z28cbIhF7OT{NafsP(y8o!t zcaxs!_QLnWqP=ET=?l~Z+!=83nuYJCl$6wWB67COfy1p_QKaW>E7VBscMPuYL~we^ zYH^pJvU@To6Ba#Al9#oX(wP_J z_F@@2sAsNRMvSH@&I9#QB;V|<A)mGR>`? zUnFw3_E|-qYRqn$*Ham>JxIo&*~l@01 znc{NAcbbXy2ivp(v;y2k)rThpV2-xaHXGJVcG~y6 z&02YHWnCk&cX>`nM}r`7Gq3QrHkWW%lk4sl-+>9A0|6Hs&*;_NdL8!uhFe*D4l^}( z-}X>_V<$e-m#w)jlfEnbE;(1+`jEOp&E1=sCHCqfVb$&?REyKd@w0K=V`tP{)PCLL z_*>O6tDr}VRhQTDuDW2n>tGbeuB$hWS#*Ek)mR#_K{!?6)yo!X?v~?(UB1TSTHRO7 zVF`N+b)x<1>2SfaoFqk+%V7Zitia+Ad!ATXwD-=gR9pZ zhLw-Md^Fa>~@k`!y3w zcOl7G(_ey_`CP47?<7iu1{#uvwf@Ep9CH@y}2$p zUH|Q=<{}eVOTo)NpNG|$tiy@d_$(&NyH(F{CfpjI-mVJgZD~HEpwuGr>P66vg`=J5(^qVh@WFMdEorh-0@s|LHTGLPQJHe? zb@N{Cbh!s%WP+m_hrBp{&Oj>N?eRv!^wVmh>QaH#$&0+dEGFU_1mx0VE-ZG zFbbj4=+59yVDMHl`1djdM;LP+FgV{ZM2yl!{nEvaEMlnX(tFco-Y|atAoZ&;_Fp{t z1N_gPilN{M;k1x2Y6u-iqwD+#=bNp@cle)P52)>X7j&V zm=p}$EFZAF$B!RROibLncW-QL?8c27BiF87xOC~<`SSx8E&w`s{PgJ~eSHUx9oxfX z?mT#KM^8`NzJ1NRcQZV7lbtBR!`t%7@m@a3hO$gGD1%tm@lfU@aPh9y4xRPKS4)-#s=jfS+vC(n zT)0JE^J;6M2n}rWRL{+FH4bpDzw@lN*>UJBa0F4p$L#;W_#YlRAPsHgQjcicahI-a`LqjuNB z3r(J_!2|nuKf1h~r*D(Xf$o?qaO$I*1Ex&ti}N$w7%n|}8S}PDP?T>57*BBZN-z(( z9E?k!%aIg)`GfOr1=aIat&33UPVjJzW36`Uu2yb+(cbDi7nbhy>haYBjZ6H|4Y`OT zD!!J4`Gu%j0uwBuqcb&9Rr~F03SZ@D9mJ zbTCr!rlZH!VugzCIn>1o#kb*>s)-zl!Z(Y8>owJ#Y`M(g_(eR1Ui`N!Z`JKx%fr#; z&b3LQUKPGbQ_%gEAV*tg25If>c;@EwoF+2L%EBgrX@>7}Z^AHwHXaR&1FCLz97ia? zyNWf{2&*=(HL7t=6j4oYIr>WUks1{BZRSA7D z#Gh5Wi$~mjbk}(oQx{8Kl`Q1TVI?eV_k|_cc0I0uRp{7ZzvzV-T;jwYdH?m_Q2marDN7cJ?4O&p z1R+g;J-`=4MrYVZ3atj}ttgKu_aCm%@hCx`o<~pU-g{uk(YrN8Z z1JX8ba$jct>G|rdZS7knIy%8))&;9K@7?D>m6FNX&)na$AnS1Gs>Ht1lV_qRN9kFy zk@)!tTzF@NHon9X^G2t9;K9Rd3_$@q z;SpvAulc@!zK*)1xeX%!hgNg``iS`}^Phx^{|mGJcU`_W|8-EapZ@~Qe{Jw1)}QnL zcMJaKj@a{G1||Rl&x-|bw?88JugrfkoyJN4{8cCLo%ye$qpLk@{g=i6b${;v{gK}L=ViXb|7Vl`Q-gzS z{(opz3g8p}-?V*ubxR973sACc+qx}VKrVot2mo0Cb_!rN{|`?~1N`4NF3vkP7Vv+E z=xBSe^AwN&#Q$fQzmpS0{=dik*@j^Af5XrD|Ax=_KfctXHHNgKdcvo@#NfunGRa5P zS(uVyuLZYE#?A`KaEm>>jCtp?{X~|3SfCF%NKe#I5+m!e#!W+Cqd;Gh<}D&juh2J? zjY-b(PK@4csHeY>qPIb0$u?`GzMhD`dYka3G+d#76h5nQ0VP~TUqPgPZ9kj;pAl^g zwyNH6nuw`clcJwC;@YQQICRfG!Ef{B>T1nvQK#&Q;g{$w?|3oQ zGaDi1S{;_Y7;*nv(R4J?PJ9)?*-g1-b63q*MB$vay-*)I%s2g(>Cua#i$j)-Xg}v86WCZxf+6pL@tum6z zvLKPr8P~d>l?rK#2HZ5;%D8{7)_V0Km;Dg`cbn_S;{UB25dV*Z;$EoQR!tCFch3j*6>=Y2>{ z=kpG{SnJL-n}BmUG#N1#{`%_ijeH+Z_yJMmE#CQsy6OC?=+P@w&4j5dyw1(24E&~D z!h!tigTB*Dgs8`8Z+2bcGpiJlgt$>oE*X>+?VMN#+;d423dW1{GlX%eR>I)X?Hxtw z(bEJ8B>v7;UOr0tl)>6mZ&9?Zpx5A3pqOSd5|dw?P{EZM({um$`udF`)`eVp`z*^B z*I3CaXeXn4Ve18pxOm6XQ4BSe2g3oyyZM$gYS-pfVBtl0{G!D1PInI8yh})onEKiZ z3|!d8A1x+~Y9ZjC6}xY0SQ~6)C8Q$g9tCd=x{Vg&utA<)(`AH$)pkjt@p?JIBF**H zNdeaIr|Mk49%VF^cIFB^3=*0zxXyM)=ci))Z=VcWZT8W8ErtBVeUV4yz z-orCRe^?g#fj$(m`SGi3J~Z*;*3`=}hVwFS#P|#U3=96bYyTk$e+B>PxNv+phWM9b zfbZbHHn;)g7x=HM{qy;cKh%ByxX|zT5B7h7u>XtvKgj%pv_HuCgKYm7d44vw&j5Q` z8c68_JO@Y)FdSs>LDK$@8GAN9%g(}QuIW*w-+vQC5%djOVi$B)zrG^A;@q9}JByLV zL)O16f0J6|*5LV8&**Sok>7lmG=p)sogd7x4_>tWdc=YJ2p;H!14{YE~#4`Kx3TGB>wvXpOh=@KPw; zDqpw6&9=)saACP)VQXtcM0b1NsTtg^Y1KNZkbiisax?zI(9H`+g7hR}7RHSwDC||_ z+Y{968TnuhRrZ3jY}v(|=YvjObGkR=B)`on6Z14;xpba=@4!e zn2cZ(5eXWe8SmiQt17EGoj1OGHBzC}U{PoyVsi2E4MsErHRjI7bDPnb{0p6SH4W8s zl&A*v?;@Osxo>gWC|&D4$R*kpW!_JN=hO>m2IA4fux#GIOp6ZY#pV@zyzbat+$x?q zcaG$tMF;KZPB|*lIg3h)UPa0tw7aDmtm>;7RF}KTU~j0Lr5lGB${poC8ZaVIkrJ%S zK;~v3xaIRwm^9QmPVp1ZY>Hme9&nZs9t0KbLu4R!spv7MLOXvsu~L?2O<*WLSGg#^ z-qiel=5Bsf)Aw78I392f_-Tq#%-8;U`O%g1`%S33(FpL{CxyKcbs2~|tBc*lmNU|- z>xzf!g5+gHVL@;KNfhi+Nb=j^+_; z8(||y5)Tz#hGWbLycoB+ztMwMX^PxijnIkPTfa{1k}&@|$oWExuR_F zD0Bsf)x!(Rj5`!ZB`ifwM9#VW@{Pj0kmh4Y=G(-LE~#->IeGzJ8Ic6zsEO-`$!@Y3 zWpZw+h>B{gO;SzgXz1!!;oQ0@poLSoY=Xhrb+6^o_MTS(Ev`&%waJcSCxrhee`fku z{C^w)`&X$S%Rha`|D&|Q!+ubP`uaKsItKdsGx?vN>%aflxBrL$$p0H+L|`JYXROQ* z@b=)c{QUg*_;?8k3APAU{ue5P=5Pl2UqQ<(qsFZ^T)hXT`RPGEReZO-1Se4>jN-Wq zRd(&sC&(|arq?**IV9IPU^#aWzY#|@9Gxd-xmg-%-F?yZKu;?d|JEwETlD|Q3GpLF z`~OjyZ_Ix$mk?t^14AQS9UbsjJH(oVqyMeB51HzF^Z)bbe}nn2Z3wFUng9K73^R88 z2ZzC73|4he=9jgLVrJC``UZx8+x#SC|Bc@G@7KYa|1=_ohR2fWnq+FE*1xX<3I*=) z2yW<)0xv@Y_Pe$Y*z@)K>vR0q)61=jz5_Wyr=9DTk2ZAo-00Z03ns{bzjLq1`4{I3nV zU;iim|4ZioQ!!cu5*C-BiKoX9wX`+0wY*|+NT*mL5^0RoL7C|2nds|)1C)-I7Qc-a z6-UzoFaAH3`18yEOBVS0{P)07$TR|-OilbZ+Vb7`Z}`RjZ;%oG`TXC1!}8ykp+zKv zl)e_89D~yekE3ZhW5N=t1QH#uC9v_Nn~CxmPLVU+xI0pB<6|A`WR=vgf&{_`M{ z>HnVk-<|&kU+n+T*3;Gdx&Q0m>wrIzWJ00gsBt)|Ni;c}fFofsXaXrZQ4>R<5OJE} zEcXh@-2gt%p~LwVSJ#t*cjvgPYqjq=p74;N|G$Y-`~;lV~zQy5iz# z$OtkONy1UFG<7769vcyXq~kGkWDJH*$5Cl!TI_51&9r7Jv2wHVM}|d)lZj-ix%^^w z_DCK{$0g8beIx=0#`GePoJUkkmlAvGg}WxCrc}5TX55Q4;xz#a}?6r*4f$J z(#FQo)qduar@N&!>yw3LlU3PrzTL7P5(g;`2IeOzvWB>$O}z8IjNTjURe^3NJPtBd77HRwB| z6@2~4FS>skyuUkJJJw4c8IB_oDHtr4K#BxT68c1=V8Yp-!pKxCjtWl46R>o=xxBHl zqC65qBt(+T!-0RpQ7!n9kR#Olo!Xlw=9Kq7Cb zFaL4e%IoXP^Yih|z>z#ko;`Y9W(fpilb?^}YWTtXUsVl5CVoRH@Qr2^CGw;Hls5pC z&)|i;p3&E|vW&q|3E>!|8wtQGj%~Gnpc)SQ4b5<@9Ved@Gcx>LF$2A?DQ1g}4F@R; zGU*@d6cbA$gnvUV)_0$ECTl4zQyaJd;A1B_d*lot0u;MBZh<)Y^sN{IyQ%L6e79b1&IBRAH zqDdr;kc5K*FDncFC8RJK#T0l4JQWvVt`&h9#+8(%cZG%N{Xzgia1(YG$p!o*`h@H!)!{oz|>XM|gluw=ltHC=IZEee$ohY3$) z<=!o3K78kLmIs8kVt|EO3)Tl$Td!|jqxH!*S&)gqF|%XrZ#@Awn^8(eEd|c@2e3BwB$K806P2C>RrP$_;ed#wQQL-Pi_ zu_h5fUI6QCq85gWB#@Bc4xW&oM6zNxWEjW;N3*EfM_%-4*3O1}?JppIHoDK6-qx%a z@KT@9{g!O99qw-P||L*C-|<9|&&6@w*^MbKF>~-$;Rb(Gcp??(4E}s36glI#KDn`vuHX~FW;-*Gv;H$z z<^e(icA(4(7QTw{vjdD7*EEw{f*g~Zr;Y1pJ_(w}pOk^3BPKo6tzjQ-0 z^?&Y*K1MvV8W918DLw{_R|v1QEbKmhWSJ6*oo0fhS(ku-JvMcIm(1wRs)iL$>wQAvj{q5g3CEesW2giSQ5}yX#^J#7F9txRm4zoR5`*+2 zBSFu{Af3p-dm*jKF(6P+MEVlwc%&=j&wweHel}Ua-1wYJ{3(QfidbjZbR;GQa>Jje zMpywB>zmI=>ujc@ZvYtBXH44B-ql>*14@Ac1_|YLLCRJKa3i0YW9^T8+n!w|P?{C& zS-6vFbQ~5LmWcdPbBHL!kV(H-0b_v`F%m&Ko0zDM1QQ1tk0%g81_kJ8L&afY z!l7W9KtqB^JrP_(CaNO|bRdZ>jRs{~@PIQRfr)T5BwLUs5_AqS4D33Hq#hJsP{kmB4i*X^V}Mv0Isw%cMg-fGSc?UpTKkc|#D?KCLB@&YJfLeqtYWNh%pzIx z>@f_a$0UMIr4q=oG-4uHKfr*kosm%0@v{dqWEo8)(ifkIj3>tu0nEgP=l-*d7adl4TcqJg5y51=egR zL`)(eRN!K2G`k|OoPoztm&%)IIex)1AW9bkt-;Kq7?9_+vQP#P57<1*2eVN8t404T z;-0Y^O$&w6f&yw|EtHO)fsT$bn-8(vmIn?DV;3?Nr>QwJRlvMX26=)%59Vh?L(G;& zz?y$q!IBt|NHC{^m;!@c0=)qn6S3yn@)pLd9tFn!vgbd>>nvyS_rz-e`PxRT3Lw*g zISKVX?Q>ekvLf&qU|v#Z*_;o&K%-UI?gC2j%7Hbz-|ha#D`sMv|9_$xG&daqdWD0D zK|;Dwa3mxa_WBuYhNUZS&Mx?o+AExxb~?r(DLNJ ziER*9`V8HS0J@cauJBQa2hp7w|NNg_v3A?(*=1;|k#$_1<4EExIZ zX2N5sAiYJ0{Ed#@45YAJ=S&Iq)F=HxH01QZlqzq*ioQW4#i|Ip6u4wZIuc8ug~!rp z00~%d35FvC05QOW0e=io3ks5fZzh6pjEDpp6Cyx_20;J~8oE$f@El2hfe30a!;U4j?Jfk)U%Rlp%u~s2s#)$kMR{uy(#baO@;Xo3wcM3BUxn;?C0N+2qE?*UOD z@QLmq$FB|oRtzcn4++?Rz~4SCIer0g-(7J0dl+Z=#j50g1L*Wj^o)N5=)%ZhV9P|L z2FRpn;1Y2Fr~r5PDuHvs&~P!x*$8GC9uAh)A@2r!;+M`0A~~Aj(4r8)KrI&KL1};l zx4s7W-G+v)E=tG1h|PbN(lL?dG$>W13BK3S3J+W->)4v0vZN*1%yM;+7P5M4MzvG2-;%K zT1!#~6o-loXYE4)5-~{j4P~K{01Uui=-N-EAy6a%wuZs7^H<5416~e^2S4DW zvxy@WLMKQ;pd9-&w0H$XKsvL41@JYfvGIVBVnE%XX?Q5b0q_+tF5v!SC^KxIT@Q%@ zxqqM_U_Jn#FaU(ZsVwx00F)47XJC5+8xJ9^fdKHs380pjuNG7#7>|)SswtZ}V%U{H z+>XXlh)xEC3L<&Hs6ZJUHWDyi5gekK2hogO!MD*&Tc6FVz7jS40C59o_NNsbeByML7A8ms;1_H(Ej2wf!NyP=2zYH-!7Z4wO97bt zYXtD)ewQy`@q4>n{vImM+7j~vfQU;V(6zOVSYQGe6_F6ZT2n@{6PaHpdpagMKZJo) zfF&BhhiL#m840M%*YWRD@6IGJV=&<)LL`oe#*^vLDK>HWc$O6*LMx!`?4_ep4BMAN zzg~kJYfK`N7LEs*NB{{CI8rdc1A-!0D2oLM4VjI!0ETALDHxFN0$vz$=WJ#JI-i6C zgb@gXPJSF7Gi?Cb%b6q^kq`|y6B*>+0iB75b~1a;YkgIWPnMxc5YJbqk?`3&GNe+WGw9u-bv=UPFq zfr2(_J9{~3p>(yh^|YXH2d9Yzd0i+;2|2o-2p?5gYv@O zBw%e2Y0!b*UZ4@ILLe*vhza!xnGNEs_5s+N=@krXlQsCs3Y82tM?s~a_JdDhL=Z@U zZewYJ{HTd0(i5;)0HGgy63TFbp@IA;0aW(6jHO6xFjPJkhq4qPKB2HWo50Q?VWIxR zu=)=J)&wGviGVla|LghCS*~v;W2vX5Z3MPPYyZcv^-~4k##TLT?SH@&zgGc-tp<8* zE;<`qp(O8*)2)97v$jHK3&k2wZ8nr9XzN;dm;67KH{*IUX$Z02apvR%_@qNK4{LAhX7rx3j6J zqY|JUQD9XF89^WsXm~&|fNPwcm}Kn`p+i|o@XgFf06v%oxlJ%SV!((1K*$;qEJR`v znJ;H5WW&!D`~TQ`4?wE-|9|{_Y_iEH)v+n#oMQ{wD|^#4j_ue&%MKxgj6y;*X=+}i zK})65R?@CZ<2G*P|9rjAA$8TQ+x>ih-_Q4-+vj7P_xm-Tuh;82AJ6AYb>yWn6$_*c zK)S;?kZDYJUqT#?A-lmgrHc@d1Gu0FqQ!+nJR6K|P-$?OA~LAGiSjT_T)4^;@mvSG z+Yly2?+}D3vVWr?Xa}RG2f{$Q&>v-}1mRIZfT)9y=}*y}l&};arK7?Dkc>J4zik9K zB|$F7LcS%Kr-9)>cChH7F>v`tK*&8N0m)mxAP|tF9m1F)If&jOLXP60M-`%LSQt?S z{|^GNC`=elUlfLBfeUf?8HRwmsY3Xw@g7083KH3RQ@6sj6RpOQCtdy(C29O~^yHKY0B z6GoqbUc?9q<0=>AnWAViq5=4|0g?#&3swZ}9)>_y#biNuy1D^*Z$00Wi9DR6{76G)V9}})Z949vT zKNO5bHnAFoO#V+A^{D-?>m6jW+E3^mBjf){`*aA|5v^og@AN1$WLW1> z(Nse!7#WrORNu0uF^he8xx1ysM$5AcDH)g)YiTStcmL7Wl!hk@0BEQhRtXmEYv zJWh!yKh74w1u$#@C3yrr0?B7Z3_zYxVBMc~5pIi`xgthu6Ar2kcxjRM)E0gQvm5c* zIPfFjEI%AiU;?eOy)oeN>1>Tn=^? zpczKs^Bi&0!{no=k+Gm-;J$MNMgAXm|KbTpBbXhW&1z7{|1r$YXa`?m*Cp??IlYUc^wGUp(OH31Va z3JnE)$(#zj3U@Aimeuqu^ z!(xQ2OH%tDbgB1RES~F@eC;1H#cu;IaW-7z`nQSZKPv z;SH}Zq5)0`S*q|SAa{*=zdQM1Ta z1AisML;?x|5$Ml@R7B_&TrS8o`I0Xp^PHA| zuR9X>s<NMl3bXxtzg5o(IakYwPe&_V}*?;g1wVgR`1hwq-T%df=1FaOi|ncBOU zjLZ)NIGD}gRL8NrbcsUWZ1|W%QR)*?Q&9gA;2VH&I1QK*fJbp#6#W@+0eF}J){#gB z3otwZrU@Gh?O%A@@6*!))5WRFwmn2JB)k+$PrKXvci#rI1U~4h95e#l2jb641-0mHw5Zp zOco$~$jn9F0tTfZ!Snxp92;sGk+lAU7BAlZS2PV!WORNKlJ%|Taf4T#Zc&fbWPYh7 zKdzSiT?`wN;l3KX#z9+7h(&{k9k*USi(p%s7}?nojl)qi&6XMl`6i$MMaFu^{G0J> z-15MU(s7iXkq5f^RX9Zkz)8 zI?$U+#|eMKk|t^DQnbED1qy+JI(SsuCpIiv841*H8_o=i5yH^m=LCpxs5j&h1p$y3 zCFZCu1K}7R25b^GfI}4cJENn4TbeWeh>I1JPJ=9IFcyJ-e<{2Ewp|~zH=@y&K%xs$ zI%A?x#L^d94Dt<%4x@`Mda#?mo50f_12`f;5y6|d%ml+5jRL9)(G6CVSrSVFv(y)< zJ0QQ5kq!s)0CL3;Ux$GLz6=En==>kFHuL~wvfu_iEgbyMxD^W?^uQPdc^V6O!$$#% zJOh6X$yh)$co*EbAXV^D0o01V*KtXOa%^Erki8V-56Tc41#+@dK_^1LAS3|T(a2Q_ zhA={yfp9}a06%mrAht#W_eifop(~^|nn3;^2rgQXH<}UXUeGW~147fo?RMhGFuz<8 zq%8pe8Up12H&%rL3k=r*WIBSHMFspB63rkeLE}P`Knno!_p@aEadTt-r8FAEZ5ZKV zZHV2gX;aAmK^eyA;Ojz+A!GijIsWbT@o4d1Q)vFq9H%qn@mTLKyBu;>e>j=cApy=V z4T=pzE*>7tfm37(K{RBgn82aKb-n-Fmif;MD2lGS#`g#)pfGS4WiU3rEtp0;y40vp zZ$ktpMTvqckgtiLIrOa2Xs{%Z1%b;5x;Gb38pW+dJS+@+3^(tPB>|!h8i>Hxn$CcU zV-_CeT_THwK0L%n|FQ#!3dk%PkDn$2{)V2t;RQe8!=YOoigYUgN{oF0{_vv)d*j9` z&KMJY(WM%gxsqqy59r|J2>-0tzMs!@&>m?bz8*vsQ?rk-tm# zhe|d+$}y00{(Y>Ko`i3RGV#N_BckaH%m?`vBk<}cjI0lwr2?!J>G|FaWxz@0Jp6JxwkUy(2LT1jIjH(DlcYyq~>y51udA8oAuNvQ@cRk%Z3 zlcKIBWnk+Ku4XeokbFk8Xkbp!L~yL2%&v!*Ip z4IHTyb>zSSFh3Ln!M!Jp&XqvPL>PU08ohqfPjp4rQKeAS$dEY&wM1xsQPePRP+bvp zlV}kX3cmxAfH7m-bp6-nNCrOv38if5KpH#H5J?Clz*;O)MlLG^vx7=h;6{NuxKKb2 z(o5;|M!flFNK4j)0w3rL>bN7oHj+i3kr-h5enEZ+wfECqK?(z0LP8-^peqIqal6I@ z)lZ2-+4xSNi%?-ZK_L|?4WN;hDnth=ARr-*XdQ)v{(fezBpmmyi5P@|i+3nYHXLmk zMyLjGBtcYv@JW3+n4g;iN(Hn0P?I}HkU z=;G1_uY6@?=iur>j7f-q(mcqwiayql1uQZCAl*wvAt8|+3q{UgmiSx71`giQ(GZXH z8^5W*AXLwZ-dGeBh0T#xi?=Z%FkwJr`i6?Jcyo;Y@n4~O6kfoX#OQR) z1xG+jjijZmF;>q;b~S$Vovpl}LLR6v=20L}Ay1D%e<+?cTE-5*&&ZE}*xcV~N{q6h zW5Ns+6lNF&{Q-~($}xe%jZwA50)j1}RJu*9psfy7tA0cw8!ZS1N+1OaAW%lb87@d; zaHbH=M)Tltdr^V%Q++@s7K%D)#3=``vgmL)K_DHCA*&)V4Af6tEE5&TI#46^`=;^* z#b74t8Xy`+E52x=D|CpU+D1d2D%@Hg=|fxld;0*m#fbhtvNE8&YU@x)>LZh}ipIlI za9&Mu2ntkpge{<;ruE&OjEOFx<)CPfK}Y~b7Y>A90tgg@jxmCi*-@1dv^XfWMDLEQ z_T6;*WU`D*Y19%JnbVKk15l`0=evnY2LOGx2Q^@SjFR+|l8S0+5-sfPZOz~(R3j3H zGMS+$DvotAqJcLCm2sd`L5uV=V^9NKa&-6DK#h?oTS(f`B@!K=njcc&T>waflpHHS zNS*C9fMTM64|pkw_EFxb45B@X&3<`wD4I|! z`}>a0NY!S>1|Y)*&{l_S_h|(ZAj;|oaC%?pFag(NamEnq16To2`B3^3W5((~Gh>P- zMMHaJ*SSVO1~(w=a7)Yq*@SqY0jC2>hZ`X=`Fp3yK$?x+Xk>LQiu!1epGa&1^8_R% zqYIMSPi!Qpe5M1+^2n?lVxt2gYa4>(s6-{&&o&VAiDd-(T}`Z9j2OLAeu9ew;{%`8 zXxPIzHUTGNG!@bejEGK9E-eUDB4@x%Q^6*R0MsReoH|+~)ci>)ss3##=@J+l75z0i z3Gnjom6M+_OA=Wf#Mh|o`ef|E3AG8r5e_EkE;I&#HKDlo_Z^TgcMdRpK(LQ-8X}f} zU;PR;kd+lIDFRA^AOOP}K~d<1Y0ZPE40o#nRNegNeZ#>7t8aAII){TlckBQtxX&AB z3Nqvn;vClqWa0avyg9uf0~v@%1sTkqM<)U>xqm(oa2J8)JIWU@v4JOu z5@5343E+`3qhqH(bvB|+j+W8AAAmU;RzeNW5L5*u88&~)_8tPt#LUAtN z5c&$)CJ-S!2!8_Y3u+x&fv#oD*a&p%l-?kInZQVU-ecMWKfFDSzHz?mdGMs!`}_aE z3*dor0+%Kr;r)K#EwEYeOu4_lLN~NW>EQb=Px0suM&F}kW>E?8RdW)`Y0R$ z+a0R50Ms8RA%2Aaruf9zC7gvffcDX+*NOA!HyN2QYPaY@7wQyc4w9BMclMUmb#h z-U*OcfP)}MpqP44;|^U&HSU?kM~)OylC~-ZT)S|?HTXG4qyg?NN6HhVDCwzs8$e7I zy+Dtz0!k5tJT7_1_|)+bEfJD45HgUSpifWR$CKLe0^llKdJzUz^c+Lvg@-yfNY4lF z6;zXhTo~k@LH~mY1vq1Ts1RpH1>@)_ED#=e`mGWamP4gb5w7){Gh~RoF%`4HyNYyg zH8Po^&PdaSLP{XIQ6Y8!CV=RZ14RZojl2!$^I=pQ#3v7BfsCV|$PaL-KpHg&Zp}jT zF$Gu>Xn#Nn@brTR36DK}dt_s2uLka3s4J>AD&_I;I3s}VVCjHUAAbS-Wq7_ZU6BR<2XqZVcfO+B1sJM>0T@|ObQq!m2zdcM!5`T#<5Ls1 z4~Yyx2}ZKv2sHtH1@+aTc2Yc@l8oI0;eM!EfuiK}s!)u4p^=For5zQT8YveAhGqmT z31c6i*6>+CRTr2j97_7;{_3H$2N$04m?JoHp%cyy0XWOWpo>owt{>2~I9(#R{mDeK znl2efrQr80fU?Z!jREAqv)2sAvSkBH)GRvM;IsWw@c!2+6OOUyPF8?ee6{%MKMb83 z8x|n3LV}=jBfcP5 z0qnuR?m_txXfFsdv5owJ5hqYWRJ|ELz;2=801*Qte=fwNJt=s2h^PSfS|EfXx}5+a z4$+++%0?04P?S0$0;V?WtNlY!e>nVMQ1{zA0UrR;pTX+}#o_V4(IZU7lNP?ih!)5sP;fhUOjGQzx40H=c+kUzJAKi~c%j*h?xFccYKEBw5vK`0S4 zW_>^spE6K zK#^NL2L@&g&#WHRZpJ-$xG`vp@Flk36(4hH%_y(>ie)#JccFX4@Gp9(bj)u?#x`c- z0oA_eE^qwau#vXVcL>sr-tCQkAN6$j<6l4l^w*Iu#$})*zruF}X@jK#I4n(H{j=8S zMHEJF_6|TOW+(xGrxbqHC~6JA%zNYlG%0Pk+H>>{G-4n$4)qEFwHHVKNsYvaB99pd zTttK`SP)en`&WE?W9K-Qse@N?{6dJ(1brum!JSCqe)<+>E+b%ukp&;C$$q+}cPzQa z!U+&CfDR>qENH+PjldU15Q(G_XaSgYv;eqxokIFFkFgCgfCh~B=|=+ZbY!2x$mzQX z&4F`2!d21FwLQohfg|BPlhNykXTuM!TFG)sGTqNlwp5pr0GE@n11 zL>EgV7owGmyfe|l-pbB`=weSaHbX9ddlwfoJEEzPr!E(#G+BclRe>AIh*0eha>!{A z1VG95pkV@b004xe^ZLsiM~=vdsQ=1_q%SKd6F7^3n`UtqBgNn`QeWK-T*#&e(;GN3 z9tg(c!oJ}V2{hVN-s8s<*8<@YKxk1JvC@UkW?&uSMcfj=|48IV( zhAjKBZ{XT3GM4EVkU61{ULz6I0xfhQ0O^w@$IzIN3ORb;HMr>T>n>3O;wZy0F|%_q z`^(v2?2k_eW`vNVe}O;X>;^_c|I+(wOP_6wFK7xCZ${pvd+EOJUO}23Q~?=Xl@SJn zt`QiW2fFy{Q;Q=u=D3HFe(&vwduIH$NAAWQ^)!8V>z}Tm{?r4~Q%B}MGWt)?edioZ zAi2~9bQXHSFgk6&Y?OYfHzEw$aNpVR=NxO~-tH0o`pYh$@JUQm5R|T>!+$hEMn4*r~Ue_@Xe&@J9qyJdv@z9|Bn6!Ul@7- z;1Ze|8d?~*I5pMD7*XSUJNTLB0PzTg3W!(;mG;eMy!{}G`pqZ)D?c26{Y~7Q|HVD< zg(%ohGaN3`d=6X32vJL^uyQAKMH7kasC01Pr-1L6sSb6rK_fm{F4+_)y7;>dGki;w?;y5?su z_HTL^E_U%^XpxFP8Pf_B>lpl@q5tF_{)gkT4snMd}T~JP_gkZZ{TQH zaJYSKRPfSgtBa2+46ju=-l%kR;ePoq=`?!f!uW4M!o`aC=2v`z^G5Pxq zW5bdkd2Lam5?-0p!phbGQ$p>aXD}uvQvx>g@0HITt`5*VBoz&Wd-FusyE+5~ z#8P80&_-DD3Bz=41dS78{n#g;=ND8NxM^GH;~lG6^kc$q#c%t4$?wCh)e)9TlUALm zjVfEBQ`OzjBVIw?-n%941>My_h!5nV91 zes2|bRYeVZ3!6F@d-|4$mWKM)l=hCc`qN=M&tGub?b*`8cVI*5#F&-pRsP?y zKOBx>ZrC`lGCTXGp2XXTsruIM)heD z3xj-VSh7cQoqovPfuxq@8QW~RE`=Xp_M29^R57i#KmJmw%@)UJm)c|NRUQ);J)XYD zVb){sYbPF0Yo-yndp3kd_%`HL3wk@3boV4p8g>b|DgUm->0HCdhkmaOwXieF%{O>& zOqMmCyEo|Wp1F6MUo8??ZF6tls?u%eW*!dc&s#}&ac?Up&E=2I*0&K&v*vBuJJI5h z?J#ZV&U??v?_AY8R^&yT7dXCP@!OC3FDkVTOw8m_op4O8AeqB~3(MX8&@3?R6szks zIpZBBR$=PIMXfF!0@~eLcY{)_y`D|nYrAmrvx3^_Nlb&X*pf{4qyn*5{OQb0yB^-F z2ovcuOpjR>;VmGZAv8%=2N? zh__(lmWoRpE?L8-D@>Lx4~{Pj+F5V9CF8@9H}ze!mp7U6?;=#DY}u&&-UW z&3%Pel}pz*&Yn&dXH&bpul#!JrpD7Yrm9;Fa@sa;ml@iPuxYwkIlVpZBCA*LG+-C+8BTRm@AyTAANkcAP>G2X&SFXid5wehZ#@eYC5MJT^KVUEZER7z+3+@^|G(C#GcLv$8zINXYI*}y1Pc) z0-Gjc|54+5T9@vqJCw zhb7{26M5ur%(1piYgzq4x_f=0yLgv!b-{ssmmcfxHwny(nmqLMVI}XgE7y0ZJft>X zxM6UARsYn}!Bnlv+ozK*NhdSYG*YSvp~+<&65Ck%v^dUe5Ehmou&~Q9J?2?ui*b~5 zWNRH1xSP9>v!{C7sfebj!nCM?6P>GX%9q5387ntDU(oFDp2Ee-seEmFPdi%AFuj`?3na%fVuq)hUp6o2HPE-L0~rP zGps6bOqG;qV-bm{voRzl$P5yPDC=7}o(W*dFT^Lk6>FkcOD=AwOcF~F*m<|-8Qbp2 zyOAFC{LUTeON6||8by5M!g$X4lDl$VmlT)La%>ChqV7o7^;8%S${P$)uFjgfLp}8U z??p}L?qGkqwrbrwm$dx)yuPcwh6|oKV(|(ra(9>roPCigQpCF)?=5YF^c>2ix$la3 zc_^Bld0N5bRIzlD|E9X7(V^9M3QFc`97x1cGY8b=dD}fRIR;k76mG66D!Dqz~0)oS3wmv~yywp_S6S=4_Yho!W*sj6H)o zxz!^Qvr0Os@+n-KctYES&+zvbTNMX6pDol)e}7lDY2WPW2PqeuR4z6yFnOF770^1+ z*~rqnSaZgtzQRRkP5yk2>I2A3?qB`qpsv3pKNe&Vzb#ZN=lx1P@Nc)j0hA(xF| z);#5Eqy0OITYoE^J!inUm3Tt;;uG!Kn`?t>Obwqu<~?=0%DCCq;hyWZ=tb!>4xAS` zc!6qUePDJU)0{mL4eCvcCU&K?m}{}crnjCwagY13-NWsD*a>?U!#VSBlUWZ6Nlv!U zc4Dn~(=oH}zKY}ADQw$`wX*qv>L%LP?mpWs6eVz<=dchVpQ$>vOssOME58rxrS;89 zcF(i)71d;Cc;{qXpQ1U_<5b9`7p0W^694k7g9iyVn@3q@0b4;|@Bjo0qc{pX~T}gDz*pT_yhFx>=yY9>n$C4{LxdVhW_m?lD z#oT05P7#-3NeuN09b$6VOY*dj=kn{Ty=WOkk$KnC5cgbc_LL^h{yU4dT~hBBY_T8WzT<@z^G5 zR_Pl{hyUqzHA7+7zSF(F71ugHI5!Dn?Aq)1Rj@D{>^-=AVP%U<`%QPt3$eFOhwFAM zzKNYpF1mSqUgwthTOaJS#WzikNaA}R&AK4v@YX+RAu}YnENLyrtoEIYFq_LMbT(6X zi)eeu>b1RHYOGoFmQpRW)bo`2dW$XwW@mN17rMNx{WrB8Md?pij6FXzYcW?wt=`(2 zF6gqN8F@;L~rIZ_;L%s`7S4i|fZc{w`#J*?gss+5eTBGb7 zi!N8@95gq&887;v=)ldv7`Y>7{uJoGIk$dlzTj!YhpA`gC`hkue1G;4Z}9tR1{+?! z>m=)h>6YccmR^*3+_gF(WAo*WdRG+#S95K-{P5-G>w_CK-){^2J>}>s{%9(us1kL@5tmvPj{!87 z>Z6pWMDF1T6Z2@zf&BT?P57;QGaelEYw}g^yOTOq-p;g$FCkNHvwYN?H!Bnj)!FW) z2k*4sY?M)YdrI;BwBX*!dtYW?=Os3*NJ#Tpk%(EFnktrYOqcfHPI{9iyKwo@kA|6# z%!t$3(t_18YLYXav}fg&rrjQt+IlxFHc)q7YF2e^*1iYXVVCDszgbzMolSd_eo(3AS>F)XMq0MJzm4PFa){&tYA%W5tFGD|=t9tP;yXL*c4Y`g_Es~5@NKM-Xg_R$f_J6PBjo!lu?u_rwDJT zqcJ5!vUuiaJy4+tsZA=*cHEIc5|ksFSQW-hIwF=^{hajJF<0Tp(jZa(dQq!=X|q3+ zILUgvS*m;`JmrK>t%9kz;-r(e$W-!CjuQ{IV%oB< z8r|y5ME;zt$&1CyuCPbWzF;}Et;~5~GMnZaW3}SR8#!tR*gN-l`39D*OJ`XVTW&y% zYrf*S7on^%)nN{y#{?7qmk)$@+5_dOgGdcae%R%h*e!$QuCwfEfCUW#0M>I&<| zH$~^l{Lfekc6+Xy*Xp;fVVzRkI-X?qn{Pc=X;f}xtL!0G-rHCCX+>goK{(H+-{cEk+%FeJK@0wX?B(e1eWCWZ24?=<+<1fkEI=B zdG+`i2T>~0&h!ArwP)+(?jUSG;gN$(j3_47mLyXqRGDZ2y9DCz{-&5i6GTiUGawq10I zJ2h1=Th=G(oUq+;w+gOCFU}1;=7v!mSwfyc^X7aAef?sUgRi;rVOIV~)wxxHTi0vI zwujf&{$^*ov~Qw{enTMh+ojbJGu%%$o)R>jux04Fa4MmtJhYb@xW4RJcII5Mr-mIS zxtSaMe-~MB4dWv%?0d^^koewC;ne#if(%;;d#F+fskqDL8g1g_jT39K7cEy3opWH0 zUv^_xr1KdYY`*8+M$=wRd)EURC8ubS?R#AgFFYQ$`wyiZ9!ozC*%wFHYQFAva!D-t zXk;$tdz{d~#d*L|i%H4!XjAWUB^wQ6kL77p$26%ljcM9kiX6Gd-ijq|A#<uMtC1GUap1H*;1tPv1-(I2cq%-CVnwy5Y&y6LUB5ALcycRz6hi zZG803Tk6t34dSpOE|uqDiIMuOYHh{6m)08=Js;S3Qi*AkU5bK-B2{zhj^52Rk9=&z zm^pI0OO+}cO?Kod^jn1TEoL>_klZIbkX?Ues@~3Z$22Oa8;irdL_Fu;oH5B$H>G^2 zpiEMSDjmxnG?emK@X}qEjPk87ev6vj@5{gBW{GrW){*zWU!P=g?V0c6UBRKpC$wjj zA2FWN)UE8g_HyiN{{^-Wt`=bJ)rY(0`d$!G#<40=q4IX~onC-&bnq)~^_x$d4h&5zO&E^#clKj$7`|IwN4$rqeZgRxYKUXGi=cXF{ z_5+>9Y3U*Q;FQ`IV>#O1t2v$v%fu(v&!Aoc;9^cVIvmy#WdoIP8kBxKT?OdE#sT9_Ah_HwQ` z(Gc^9ONqHww)G7$u%c(sY69`emf6jTxu(8mH)Y-b^xxd+Kjp@m-+${);PW%Lo^80y zB^_I+&Fz((Sx}fHl|4r)5G!<1*W>b9QBkv`h_7r--fT8$c4h)$^K@>u1h(z#`M6mU zSO^I_w-Z|UxR^EeZ%^C)o4te7p6zTo#fJ`Gh%Dc5H8jw$DwU7TtJu$7G5gl4v+fW5 zdl#3^W+^G(=+8W$@z772Yh#r3AfaLB);?injq8|;h5c+LA)ec2e#9n;BonTaAC5e? zPdl0{^+!RYb62&M495rOw}q?oGD-+jPp|8BmvOetW$tKpetFMjbHT$Vj>s2=0%FYO z*VP-fnQnJ()Z^#UFaJ1{eHwogR&)#?z zG50&qsGZo;Eafi2V#PK$y6H;YPkr0zMa!oEy58y=cv1}+<`&gshnj=azcq~BdIPaRGz_9 z+do-ag~@)F+8by-Q#kHeC@$IMkO&KKu`)>j0}l{4{h)pC}~8Ea>^3k8!ldCxk-64_X@ z_GY#3#_Eho6H{wSf;Vw1RBn2-X@;17PdqniE z89OgY?OAe8{-AVm65s98TWZ&qbUVuwH?Tw;lHyh!^6k7jm-{ytzTfR$^P@t!DSyf{y~rd)H*vDfC{@mK>ynt^Dqtm{=TOC+HCgtGi-d-f z&MYiIhtQ7Gmet1FQ@*%L89z6A^t@xl$F}gPQ zRp-(fe;!LzJ1Bea&_tQ%ulP3DYYZLSf zuBi3x3g#`6V!SEM7*X>#&*PrU57?e_o&52Q@50GacLP@XmmA61xi+N@++L`_A+jRq z$Zm@itMkbmYiYgf8>V1&5@sAZH)1S%S4ibyRRwWPLrn40b-{UhcgbF{e3rcG@@d*p z?4kjcN8Nez$uZ)0gbEGst?GvKwIKSI@2fhOx_l)~&ys}%CHZdC;J6(t^L^`k zE)kCj4D{#p+h!8I?EEa5Ra0)RzpJ3#sxGS8>1r+H@yJNKH+orIP33AP9_>cGi367X z`B}=F%*#|NI~$xc<+M-uZmw70_j$f_UnR}51-U&x>bzQg~XAM}r-XP!i$9~G9-?A-Q=h*D-aNClb{q9-tyI1D5K3C4U zISKl;I@fSD>C_LlXK6C6tI%@dR!b;|UpM`DoZrkpbl9dEsyjbxKUBoabz*lBQ`qH9 zQ_|sl`8AY>Z*7ybqv!dwUb|8&zKBz!Mc>?5S#0&2yG8D_w*#dC+uq(=yXcwb+xyik zRNg(PT|;~Kuwmo2caOI0efI8g({YtQpX|C!`}1kb{cV3fJNWw9pTD=VtG*xX5DkC- zkYNt^Attf`lf~RIzELJpn7w{&=r!Kt8LJ5VD>2e4>&ja*uOv4mibbU@+{~tMujp`_ z{X^sI#3bfd9S8Lj%q}#)CEgWtpZabS$1Jg@1+E<)JD;wac>TtF@=m@59y(sKHtuO2 zQW{o#%bBJ84SWrXXQX1evkY>V6Es#VFtDNJX-1W0*IPLe3fVnKwv{Zk^_WxA1_Qo* zyLYgs*|%YVI{7ly4W64opYlpfu06P3ncTpc+?-0MWni%En5`rGm5XbUP+VR%AEm zWp1ZT9ULI9Y5$XYBZz@Dt=P1B@4~ zNi`GJ^@1Ps-WEDJXR!NBjQ+|ES(`NfY_F|!$YhqVYn*7}SaXO;i#65N$DsUD$c2s$ zrhcwL`&!?d1azJ{AJ+=k2wh8f)PiUbF3HtD#4EGl1A zSeCOYB|$fAQM5Fd!s59)L42#+tC#rMq(`o6u*|8F$qIAUu54&XF)~=U7L)UFXs&5& z*OpD+wcSdZ(zSU;*7l=TJ5HRKQ@HQM^mO)FY5_A6^2|5(9^cocz;;7tyI!%yg&xDj z$JRZqE?(@}VndEh!jhAf_sggU+OI5B;%_FYH`lH_x>8In`1%QQ|2i|GNw$R5j@r)E z(#+G+=w!j;czy&~%nt))58`;pa?L*Ft#Ch(+hWF9bz2q+CMHGb+r7fbB4=GpT6I*A z(}Sq9EBGva&de6^5|WWC{nrQrTF|6S9f&+8~Bo}3mC7w@<< z!8Fuaf5j3%%zWtzEH09dePyaCGj{>z6+)Hra9>}b=UuDI%;!Eg%dI9f%9LPUK?t#m zbkm~N80_0ZEt%WM$J`isd{#|> zoAaWiq~n+pNBPW_C(@cW+^1jZAABA;&mvL#n7*-N-h>jddv_Lgx~C*l60JlY^%+T( zA25Bwn^xedeo0&62)AWX?CdLqkRvYhBuTZd*w$S#KE(}6zSvX`i>*4Mcuc0&{kZa^X7rqsJnXwbkv{3$Rlt#sX!n8&0r^`H6V9?#S#~ zBfEOPS(1IgSp{98rE7)?n9h}({Z?jsV9(QQEzy?=*%ph!%*acBduw^HWvKte>KU)a zv^#SLj(W=M=lXDI&Ev~vzN_@qEIEDw#J(fi{=e^$@$nywyvl!RxZlQqK#JyH@E;mv z(y#pAe~J3vZibHk-~oQzk74FcE}J$TOw355`1^hQ`2Nh9Q`z;kUQyv+gLeECDUPtC zT;Q6-5#u}<4`#?Bmw!TWrOv{lwgdMs4CU5Z2ryZN%F6HQ^E^1kY`N1_K`rstwcI48 zU;N|S3-urRbo}!_nk@aV^!hjFUlVRL{{sJ|p|0@@|MjoX{_h&0pMN2OCDwsqTzous zIXM%o&0IY_+Pcp|I!JbY4jWnR{rh+8cI;|xZ4Iuk74&jdS+t0(p#@Cg?;8K|b2_q| zi_RTTpN6c%L>Uylki{fcv)doVGcC%;2%ub;3E}5BbG~0Ux2Q$W`JD)#t)~bB!gpdlq zh$ttPD&N4`x`0x(_{MDV@oEK)O#3LF+ov7--ddfW?`0>y4(mi0k=*MLY+x23E9XUkPgqdX-REq_f%ZTpfpkkOR*Y zIkvZPWkYQIQ&g}agQr8(`~?Iy=1J3Kq?Iz5b2&JYTwfnHlS*ta3 zm*1eSxs?zkZc!P%?`_5nnnjFdid9^i!ktW+l0Yf$5($D2H*31D)5;xhqHFjC!YBe+ z&sxr(%TZ#gb($qdie}EKO4DF2Sdm6KV%{pIQ)+y()j@jo3b8B4EnS{@7-B?$e9SUI zx$|zWR=oE)KJJBA%u6k=rf_PzJSs5HYt)uIQnccFL%mqUE>E_ZK8K>QO6sZT^YVKS zCKZa$x`w$OxA9E(>=G4;jV@vnEqPU{c-&qVWy}1|5PE`bjWn4ZtPfYWI&P|>-<*}nVhv-0|@M= zG{qf*&lz6~*ex4-E$pnMM(YCQ6+hZC0~o|rZGc zh%<~zn8I)Aw4g2a#T++_%dI_YbaGwFCr=|8HU;L|T3=kyuF>o_cc*9)!9cZm@J9Uo zt*>t`dHwYDt)$maZ}-VYob11yDZed#qN1QdO8!a)F;;F7n6v? z8P6{r_AAynU=lT9_Itkt3M%|2$2|_OS&?UIP2A_OLf_J)PJz{)CI4FTW5c$ZE1j0n zH>HV_p0AO4R$$_Czgn1G>mskwL_^!H&wH>pl9kG_9F782wGiR5xViB9l^)+05o+=rJO}E9^NbMS~*6C$Y>CDUP^A+Fx9xIt6 zz%28;VR-r;NdW_v43bMrj)-ovxJmc*d)e-a6SArHA~UO|r}Y?%E;}de-LpVkR93K~ z)WQ0>hi~E3c4JR*8k@uQhFci)NSl=J-Wm>`MX?Z@n;QlXN^m(DP&Ee&cIN zidCSf%=W5Wn`ik_JHzdC5}{H;mbB%F;5=LYPcy7e`IMXaoQP?=gYmcc>%J)K z&Z$@5*r;_)FLU~|p!yScqDbM*idr)d)E{gwYueV-N{BgN8~B`3d_(E!O!u}r?fyow z#;ny^b0>)149zGxNXjYant4i4>5rz&DM_;@|7qtc*o}!Ukymu&$J8^0c3?T7T$rJ` zJS|Qjrf^tF+1$kX+8sfWowlijZo_PgncjQy18tSL^XEstZ}bBD`sE6GwF593EOQ^YffH2sPk;! zn!sdAuGNi4UVAx)yUhsGx1YT6Z2qFyyvdb|j?cc?nY`D8J#%5g<&*O})?H>HcMwaq zuV3X{G9t z6XKrJWl4J^xb&`fC23<({24XE<(Tzi7AY>)GuI0njdFFnliFF%)xGFi!F-x*zxdGV ztEI7@3hb^jShe6(4&Nmq}QEvUpDFKGF7dvRO^;Xw;`E)Ow6lK38HpBFHY)T%> zktFLsCsH2AwRY%siXV^JGkiB;?FBJ+?fO-`?;NZ4skMDz({&|g_k1*HpZ-82-0{yN5 zH0gB}JB!M47R-Nrjvgy)Lt*oVdV$*$eX?6ZKY_r-+$ni()#s{n|A!nw~jrbtMvO=a{pgJJ;%DKDY_t)o7;$Bfw)g(1vwr;4& zfX(~mfs)X@cj6*H4oNP#n$Es%XXb%zY+J8MNLg(Zo;9iag;M%E{w+#|Qep33x(`Sc z=J8qND&D5;bSY1&&wqWwd(DL3!Y3c=e0Qe*WOZHb!JCu1JP1R2^RpynPOd&Wl>2+o|=NL-GkfrT5b0NtVfC4aw}6=PQ(^+`BkesW(OCO$tdYm7<-h z{y^EgP1YpRqpePBNS(ss>(!S$$#AubalBTX6nT!Z$b}@86n$6d(RG{U zIDunu2T_EX6xX|Af?*nunQ{X^CY~;~W*}oi&5FEaFYbw6$Ineta21Up1U|XL;@#pY z`9e0?kgGIv%2LZIg{5+N0-{CdvTEA&0@Jh3?II2HOq^s(;ILXxp0yL(H7LA&NTaQW zJlUBzTS(Nk-|CQuNJz54vvZWmN7!!5@b0B>SV)ukFF0U^W?s=`<-Rlzu_?aNBK^{A zmflW!#p>p)qH}kXEAMKEU+@x-cINIA_xBa^Zgmp5Bff8uK(wH<*^4~UAyMiDvFDZ^ z?;h~Zlol5)n9t+twk+DM#nr)ggAR|`gwRZisP{_oW{gcyeJA!3E=P%m*B+w@+(%_sX|FOk zYA5OKh*eXF31Srm9v@%II$~?mH70vEdERPEn19D>8mpLYCYOBO1ogM7mPZ`cvbt0i z7f4@N9lF73w`9?Q0T(kx%}2EwF&m0@9WC;brTFMLI6maa^Vaa;*A6DHO6|1|k<4}U zEqK-8b+JukpZqjJw-Ze=Wu5S(=1%v`tmGi?8J$Mh#iO|1%+Y-!j91u8M14a#;R>md6{&pS-h&*6013ag(0HzKb>3u z75jfo{j)EPxF7%hZ|r|?|NW)@6WmAnEC1`qDgEPb4EGNAVf@zSR^}Liz$o%Cd<`?f zIM~?O*;qN)+1WWcIk>omdAKJ`;1(AY;uD@SY1-5&lO!aFGAi;!DJ5wM2?Z@hCAh3q zU45Foj=nZUPX#VFLyZtPIXSr}aEtNqh*2aZBq=}qHQb5`a9|`%kC`BaF$oZu1qj0( zm;|ar0mz(Bvt?t)2u#eZ94zpuDnIzg6(>y=$YhH;S`glhB_v=+tr9EzoUJlr$ zUF|C5yiwB3aDNih(HHlpc(B!+-x#RDzh~XMJrbIp?Q!oGta!w0)Y7t|At1P|Dd_M* z3G8N7kd$c_ThSV^Lczj1eoR#6c}}%xZLXc7@bi#GS(e6Oc-eBDWRnJE2&oqwv? zmf3bbaowd&fvXb+N=jH$o`?4>UcbR^)9hK4Cxug3?`_?ubF@|S4=KH2%-V5Y zuwCc0tE&&t3|Vf;cg;LsUiMIV{`seNkohxm%7=h-fsKE}RJI-J`) zvWQcT%PHO$t>j6KDvJId1sC3FO;1c&&Ud%aC@6#HTkSep9Ej2*Y*vYc3fQ6oE%-K z74dvmz&+WL%IUg!z8Zm=_K~Z}D#z-(x#c`+Yn$@dGBK_84v*yA+r7`?Qr8u0w=0sC z5neYBSHI(+1}0J$+nt{7dj80HwF#`2*AG-*y_PX^Uv$%nRPm=8l8*CVmxlQjhSoAa zm-5UBcbHQzloipKIVE%D2JJi69gSRNF~YKva;I;x`mH7S(j?xix$5*3)i~Ljh0Vq; zdnTW{KjpsGApfF@U-@)CfBp2ol>*of0h55WT^lBtN!Cp68<}0r~CgMFmdeSFg6$(v1yvpO(ykY(vdeX z+AVD3UF_OH^#f~}TAQ)^&V&+qPNO-5N3vKaFJTcYrq0aF3qb)_ulWmoeWPPytY%v! zB`wRzS$XvkduCP3E64b=t(K3hW%5 zY^RR^ZUNrDv!&n<$HLh-rX3I+A-*MkQndO+6 z;V!qc$(l<XnvyvKeV7Sy4ur5q*Cd zWz%3(JJ!Sm46%OXy1FMrS&FZs-Ulp}ESh_Z9=Z&3T3|?j{{r<2vGrKx$mB81yZB+i7 z$F;xb&087iRQ@o#tZq&3C)~^HvJ1!QIOX;^QPtMOm$x_M=i5K+^$E;b9MQc~=<5yI z_a0q5Ft}pnp;6a&Y#O!g;N)?WjcycoynEY$Un|_U*QJxFa`waJ`i3qW!u6#Yd#>ue zOf1bByZA}$$)QX2UN~T%OAYre5mrVAIOzZ4XRAM^HW52A)&0S`&jnf~M`MzAKL2)c zuiK^!y1tXBRNH1%W%-Z^-8Q-&(YMN9xI&<%%ZQ`t1YTcbl-N6iJ6Gr6hVRB$556$j zbM4I+M;5h@<7nwcb>QXnp$VgheMpTx;wwBJg<3~->zQ~u?E6~BL+Vn z#*KjzOdmxR)WH9V;?!^7b#J}mE&Ly9{rao>e*^seKk@&!BDMuCAo%|PS{Q9Djb_`~ zj_yhC9^9>0uU@{rnV|!F_UY3*rGLMytf2`7aT&$^a|>9a5rSb8@<-1dIez3YC>FT5 zG=15uf(aAG&73`B(ZV^iR?S?qVf7c=Hf}w*W#8VNM~@#q^UdiSx4wJ)^G|>M^><@& zBrWwh!T&7?{*UHF(|=Pvi>e8-Z$jXTWXD+gl!04j{e15<)C9?VQXFg+yTN{zMTaM8 zr=IRTxO7=@7l&CxzZw4BzolhjtBwvOqx*Ik+NO<>kzU1YJzd>7bLTCXxnTC9&zG;5 z-Ns~yt-bxE$w|Ti`k*e(+*Y|@*^c>h=IvYh`L-n$hJ)MNcIdEvl*J~?E%S|x&!0bZ z@zTt1E*Q7@=JJhmS8pxRZ8N~Cy-oWL6GwI)Y_6qy<<^DE#uuNy_-@+^W7EH`8qFUx zz$Mut_pHuBJ+15?&cu9kF>1Xh#@y%7^ z_OvU!us~I-)wCf$_wX*21^E!AwDVXNC6c$OX3zt(v4u?I`EcIce{tk3+v z+z;|!#hx(7Mqu-Geji}<`=NrmJD$O(BnJewqFX!C$1OSD3G!Y1p8dvOTpS(o>*lob z!FoM*3@U7Au`X74bzfeGqC5}((h>LPv!iWjZ}!g34l#SgnyPnY^rN$*GmAu8tVKVh z_a5s#Wd6lbU$0%4IZ1o@#g$Xotf%dVnD)OHX0T}4xFdQFf9TyDedNi*Art-CwslFJ zjxIEhIdp|{Uogs%cSN`(Lv&i-Hg0d{aekTJ)iYAf2ChwD4`I+}ogWdiQ0I5Y6637D z1}2v~{<3Uw-zAot|FoXTHmtkT``pu)Tz!|6$R(jeCO$e+__tR2?75FKT-Qz-crYSw z&*S~S-(IsqEjPAgZru^z*?5g8CJFRbHIn1@RGBdm`G9h#| zUFvCL$X|1GXdHj0rG3Y5h1<_@YlCmLoA~(4Te9!Wwc4G|%UjlEkZZRrj^|_fD>qoWwxh&kh zatOvcvLuRjp(^k}fz8BkO!gho`}2!{E7?(R9?V}+B28vQ8r=J7NyKf3{x>!lO>ehk z$k@!v>fs%CPQDUMVYiS8i=zA{kKWO@%imY)rkdrO z)L#FLyJNf0${`H%Go1_*EthsR65YJC)#JvD{81Y&zH;nT$v$^w-lcD+4>cDgyh^!$ zqkNBz_PpmTw{>YlgSyTCCNEL&_a8s{e`oRg%Ohv6`)*x#$v<-W*0Bul3#C7OIja4F zH$I(23yEhvgSEqe8QG4jo=l*-f22S_=Zs1fWf1ktrunO-tn}%Lt z_p^=k4eMmpr@w(|?ta6&Ga}EHchG8Iec05ZBHN@W-N5hSfj5a?I#k7l{dL!IhVkf_ zPS^LY42gSa*n8ejlYiVl`L_;wZoKD_Q)qLin`G2RSR@IxyywyL1jSL^t$v#xbk@p@ z7gefr^Grcnc6IkR<4&3uPH@$kaY0{8=o;;O<5*{1TFmBkFZ7KPFmc7Bdp)hMo46f~ zuqv2-qRTM4R^*sr#(9C`wI&o#>&p;#+Ut*QsMUgHH4{CAZl$z?a~8}iU+bAya=LqR*!;GP6K-=Xwe;;P7k)Kit(VioK6k)& z_N{KI|LUMKyrj8HYB#S7JmGeJ=+wz=tOBd6+EtuokFGYASs2(ni2r8fjk(4h_pc9q zHKng~xuad$qUt4S_ZGFWzN@qAKy|mfZie5>w6Jj&IudOEN@Mrz%99y=+cQgK6u$=l__n@br~+Jzji~JfmBh`P0j@Tz$+fEV}h`V`%9!w6(HLHw`?|``Y#; zFE;1^IIUE>V#em2u6?eb&V0Fj(U#4eFWXsdj=2*a)uEgBe){yS6)%T%@AiZ@Yu=4( z`(N&=nz4nETad{%)U)JQX4Tyt7G!6ar;^fA8uY|<;8n-jwz(q4lksX_jecN=+MG2<=r zpLc+NJ^Q~O<5T?K`=Y%`_cv<)w`gNxW@2n%W@=_-Y0=iUtDSATcD4+4N9Wd83Eofk?*VffB&^92ZkK6t&^{gDd!~5yCWm(gi z5oNPi+H7-9VHX{_cn9ujrv*Q%xYE*w&pTRbK_D|;q>lPlOWV?l?!8jg;{VlF@o6Uq zW{Ea$%!}(NN3;H4*bi5 zue)DftjKZ_iab=$6U`(ML4W*n`u zz1J~@;W~z8}?&|cKIuoJPSE7vdU`MxouC@zKM^my?TB{*TuY!Bh&QvF{foS z+Xx4bdHn6Mp9dw*3i$&2>2vAc^3@x#OY!Vc8NvGkzdU{7%at2D+>rm!T@|jj=wlT(eQ=>xQqr(#TNu$Y zPRH%zkIss_E)dEF4auE5Z&7@o)*L^SuVjp)3zQ0HhFX11NKud})evo$(0{%EqRg_+Tju;H6# z>P`)#7l~5(Y+Sd^PWKso=0i8f&^0#SXRbWJ>2X3YcU*<7-kVZJ1ScWW=(B!IeFH81 zu<&Bt99?7Z3~M=S83$@FH#Q!$O3T#5K$~W&XJKk;Zc$ZbR;Al!_nzIRMuvJR16QtI zCDP+9rs*EmE^{Alo+z2KAj0Iz6|R|OetvDfp}D^Cipix~JrXW1()+x~$%y;dsCtk` z-xvBn#Dx!^9m8Pvoj!1bXwA%9Gwf${@(zqBEjt`(W@Vc*LHDGCt?69XM=NWlPH|sF z+giTv*Ua6WX4?O|;b)fREGM6yBYs07EiBX9!aOmuOHKN&dHI#`5|e@ zIy}{)j`5(k;QIDg)z;|`SLA=)_xyG3sWDv)9$TBwp4TC6LAky|+Yvh#tufc@N&n;N zFq;!Dv@>JqeS_~uVpoBGkpW z!a@9l>u*jKMhhe-?I&NKXzn}5cJh!6gZ#TS#j*^)iOiCLmvlaJE`5ZB#OWV7k>IlT z$oSs;Ta4Jr?(<*HnV>ac%8=ou`rY!in2e*7mRAIer;K|#{b@UghmQtEE#^l(cr@%v z!nLrV(OS>%(T(;QSva1onpC&CX6L|6hmEi2pVr#ynrx@Lu>Yivo_kA<)@V8OcyYGp z!(9(tJNCWc|1iE?;VMk9|G1Tw``+QXrdt=Y`*;K&s# zb59Qpt<$BgFcOB|t;v~iQ86?2ezJCsqgNhZ%>1s(`pej@YnDxL zcqThR|MT@o_sT~_{Qg~r&E6B8?0LoK>b%|?p49De`g5-MY8QxWIA8$&hgp64Pe}Z} z8&C3dl_;zv!feErEq9DF17EJW`;XfOZS%u(W;=Tsrrge|8*{tX{NEU}-xhs+e|hJ5 z6*@m$2>5HwG{Xx8Uw!et#a@Tn*L4LK78+JwvM;ZiSUmNN&AP}t=PrKz>ogs{&hNo5 z*UhxCezts$P8tj4BfE~>npH9k{nxvuj$?`?T^Y}zJ9m@V=>D*bFQL-M97 zN`@%Q@&HBl?AKm`l*5-wMd#~`HS9?wSLpy(ewUv>BURc)=ZQB2# zHQyyUXVAl^H+Ds(8}xauO`AOMe7W|eS)oBwbbky#rSm&<F(dj~v&zhLX51r)@Em zJoj$rWxca=?78reZEkHd-6xJ0`G#d)sXXaZd)xl7u^+N@5lEF+fIqjIavSwro$ z?fyM6k7l%UWVOy87ijT;9LGVgkJ`M*nQ+Sbh~wacHD6S3uy8WDM_T8{1_zw;GUg@No& z!@IW)x86}c%K2Zj?w3U4$CeJTUVXA|-s3AvD$}+f%FA&JHtLgpw>Pc4`$%nHpOZ(H zCv8vm&A;Q?wc};4Y)0Uzi#hr%>}0!Ap+And@+*q%P+QT}C2)<2e(llow-;{z^U8~@US$z& z$L{I>-JPx>p`4SQCGE6!^cRO-+sKItK0V{$)L-=nhfNFIF=E1j!zZ>mJ<70X$J{uY zPw%Mb*1;*lKQr(W#v;Fa$VJRJl z>i4$@-hV2_>e9}f6*=+PiL2*2OGl?{HA;3ay|STipFx+~7a9+@@38T?^Q!9$`tKig zYS$#$XFq$V)AradJm@>c@%6C@!=tP9!|YcryEXkxT*Po=_CK$_x<0MXHhaf|OP;5c z$Lg?qhg=zQu~uuCWvAAv=M^8t9I_+yE`kb@AYr5#s&ET(2eB_cP2bG2#PSOy8F7TZr`-c`6gyy ze&P3f^Fz!gCeN(o)Y;iiS$?0rZ$sdU^Wj}%w`9<*!#M|{1GQ(xMTNJUb!zJXmwQj$ zSK53tK0QPhXr{OF^0s_mTido4?L!UqjqHr{Bctq%Dm?52I`#_$A{(8KsWQ5LC*x%S z`g%5ci3x3V^z|9}=63d-k~T%?B<|7~Dedpj$;@Xt-CR&@m!0G8HGM(czP|d*L&tg; z>6rUS+jZ2cv`Nt0uu)hP-+QCzew$8uj}oe988gRR4RFxfu_*bcf5b0oMp)e?y|RV6 zT2|wxTs5oy?jabM`n-*)+hNY5&FjI;)+=m%2Tus+#j)2K(2MNAvHTWBEusJ*~P@)4kF_ zCn=;*bk$;I+??qm?#34{js$Cu+Hfb?l2&@_z=+=;-#QR*`IhnMSIjAGvvs;obM5go zOuY5CpmgK=^xY?&w8lBbmzxZ2^UEo1y}6q#4C|`5ha0S)W@eGnL#yEI-*qD}iw-Ar z#tpWpW;jjS7?B$}Z}TnZpq&$^Tj}QWN~<>?on0`e-;m3qYyG;4=iS(0Q5mjpSBix# z60Nkb$k}GqrRqvI+R=euPu+cBE3ZR!PqRlap6Qg2e&*3*%I~(!FKZ%n`-N|QGq1Px zW=r&DUbrHiH* zd>`(1Lp$3h;Ha_C5<8ZkIC@uH=EJxeyTJJyY+_A{`h|xr@w-%P+)bqWGS{Qc-g`Ae zzR)%P#>)Oe#zlP{TDwInmj9E{CoeJhbo;>hH*Cfa-{tnQlC!vMXL#Y7$CWhKUrRSW zc3G=kGsNke&3mz4LU)U>P0OPywDjW4^!i0THVNpq)m79soHl9cwbQ+0M;s{&_tF0R z)Rvkz3obZF^tnGpTU12FrdXW2e`;}`t8+y50v*3S7bY1qbWTND?mLye&*|oZLA$e` z>Q9@^tGqht;L7r#>sm(AorBwBzkTi{G;m+7-*H>Wop9Px`q#_Ew%t$IGaV0At&245 zmv`#qk}rJNg&ix~h3U5Er!9|NJ8{BV%Mlg2$DG55#eAQj{WqJYeZBfcEH>WyuHFeR z=le?{oy)wZcx0S5(wk6jSv_@Z50fD~X*#>w)&)5lSj=;B`pIXLfoVGD$oQb4&nN5O z|G~O4Fr>(0*&zK(uRE+r5>@Q(sym`0Y?)uehPD$Yjr?P7ZGPC&{^JH+6*KF0kIXo# z(}Shmm%erHi={em_Kgm#>F4=RVb@t9)2hncma+Cn@lqGBq;*`HQ*GX;q zm#n2f+vj8-n6Q6X&F@yZ)iZU{{BQnBKf)d7^x9uHxy-elV`;qo_N~9KoZwSiHEVoC zzimqvWn1O2bm^h%DtnbY0$bMXSD_ZAr{f>Q&X_trbUMv6+jmXQoM+Pm*Z6PS^K@li z!M!=1&OY}Q|6C*MbFxn_|HzpyUNC$%SI%8DmbI{}^~HX)>MND*^A`r}TRCO+RO?07 zyJl>|W=|P7fo|5mBHAIhn>EuA?2sBv^)1Nt6+>w{|78+hi}Znd+xcI={)fNcr}`g? zHTsaRi1R;~=8fV%p8a(H@pmVVZ(DbAcKE3N-8s>Ych2qFS?Zq>)@^OE@2#&Ee*5L{ zODhM>&GVkf3Ql7>e=Z7TrvyT!kd?Ei?_IIL-_K80R5X5k8Hdfz3-sH%d_{ya-P5si z7wfiTqkDb+*_f7!^Jr|G#^ei(kT1|I!}Q;TRfyv3wY86X-f%ceb#LCjJ z;7+=0Bnkf7&ZQHVj1=YXEB7d~oYJ|ntTg<{KwBC&r$m23iB_79nSj-&gSmZ0$JvH9 z^B34y&bPE}Us}d7o8?ep-!aQ>L#K_KHg2$Ya9EYKqvIThj@m0C^w+FiXa3dt4SKqE zdPg@@oj!BMUU&b6i=2@uCMG&Y*99l^!9F`dKkZu`10!8s%M&{cjVz~s&mEDR`t86$ zgR%_AE>F^u*;ov;z+5`eB4}1-k7H_R6ZP#nRa*HO+kTPTF}r`2Nb8uswzjS)`;WvU zo69#OhcD&+M&Ge;b+*m)g}SA*HnWCCZ+!7nmp29mKFe%f^P>AK)b%~&Fnv{Sb*X;F z^pPcD%rCGI{jC|t7U(4{^wb%bIb@Y+#*zXv;|<65aH|(M>9l*^v8Qv`QK!*cyVUL; zK5e}IuzePh1G4+2tv9hM_n7;ze7WnOZEL>UURz$O{qM)6UVhFA#ESlR!?Jhqp(s7 z$KlR7TRQDLon2rzL1;O3{qs6nM2WfGn$JH^qS+?onui8X&drX{9dvlao8G7XJ+$5Q z*~Knb4D{@a?X?fYw=JdV9GqQQx}TQ(jbA@I8EryY-L6SPN4<&vfi{T~w#~rC)R{KF z-_9|=Ih5y2DL3qA5$D%m%eZR81kT;(Md!3k5AKL=U+BQ-Ts}Uztb9sAiRFoYMbEvR zhZJ*nInH`qbH~QPw>Ngg(d4xji({3!`rD2oQFxg4A6TiG)(@uDrP@&*6(<6W@9eUf z&l6w7v<&{xdNAaR#IPe;I>AAv!%_lYT=DN^#+YG26Ftw!r$sZ$Xp^k&*!q=J|9NGJ zUf})-T7ipK&2_P@Sg=uV{+djiwtZG!`ywQH_HhU2)mM%laT}agt);y&0RcA)k9hY+kua|u1S#)^qQRCvOpL@*SQFX9mIc>+z*t1dl z?;7`ExczYD7SlYUZCKIapwdp=KC{u;a`@LL##44Dh0(SP53^o&JXQDd;R>;N&i*Kx zbzt^1=Lg$szQ1s4&E~-~;^X7851h2zlXa0{bHRIB@ZWsz%m4c2aVBZg_*!QoKUTQo zhh(Mym1Ao-{{`G)iDw=!_r2%!mh<1oo5@h~|M>fS>i_=UXm8R0)cGHQ{6B+=)_JBb zx^w%+!)qt59^ZRn&!%4$G7Ogl10rI&mYz zP=A`<(*c2)wb^l+g&~c$5n~MrbGE+j+*aQk>tOK5s>-;`DPhJ2Muy=AWEr<>I)Dr&UeXr1ho@=fJN19XOrp1*LByOV6bp-DkT=qmo2 zb#dzo-HZiBGowsRb)fdl(0~OdCWiWZ(x;v<&`;|u*E1bp- z%{e>JX`#0N3}}_c(%(3HkCr}bId@b^l}I28Lz7>ZsCR4qG$A zXfrnpqJMehTFAS`4RU%Vd->WcdaCD8_wF0IFki;$xHuf&_Tzy++I9>qHQx5DP1~Y- z9SU!bn7qDp-U8ud*Y1^%ems8HZ_ViIPku946ftY-ir1^Yb~?NHpm5j(i-~sO*e`oK zTkh{~xY&pG=9QtPz*X!pw->ykD&FspL zI3J%mc;$oy9W&ds0cWL0OFPUpsk>2D6@8r6X~xpD%%OVRDWmo50jG1m@K7+@V z#7)a~sF)CbWKl|o?g{i1!vsAmmkR~)8@bgzdu*;c?zQ^)BOR>_!vUFMewFjM1<$VB z*H3G6KO$kuXV2qI0MEuOnd~e}>U8Zs z?R3Y~=WF}4i)ECa)b1i(XPD1A$~Im_&*4t#dd%WdOqZ==2HuPG#KH&p?H;3b-r?Ta zyXV5^*A-pc^7X##iFxbq&i!WCuZJXSB!|Kc`u*$h)6&x?y^Au_w(Lr}ve;lrZ^mdHVUiV5r zVRBSpEJG^GFFD)sYk$tNFkPC-Z|Ma;Ke)B;>5Z}z?SHUbP}MVW+4NPT*cYD!9@{VZerAvRXRB+q2FF)pIyo8UX-kc=)7^r` z-!tkqU3zc%5E0|qCGGu&`!{s_-E&@LrtFurRh@?fjN=Zio;lax-@uvrv&T7HrrXlR zUmT|EdUw+E-^ejciHSraj586(#&8FM^qrK_m)PEMQ{=@M8fC&1f(sotPgE*s?MsNF}y*i0+vo810F_Bg!?=SkM3)kotke*fybmE-KjEsFkObD54- zMOe4MIepI0dAhyR7FI@ixLx17cl3kLmT3*@J=nyrA68OrK6c8KGaV`}E~!qt+b!j3 z_LvT|(g5dSTGKj|^_+R9a?5L)eG#k1d|T{ZcTvRDe|ysI`x}<(GpdcR{ZZ*xQ)hSX zmxBp*`v--Y4tJi{WjDjFQZ)H*{|z&H{4hSP^O_l0Y3|-vKNs4MvCy*my}G>pY)^x| zB?g16?JS1W(X{%p+T}l*IKQKHSjA{@@_E~NNB+EeZ}8vrG=Jx#n=U+Z&7r%VqfImj zim*5{SG@P;=moNF1+`yGCaj!qekb2JbFJrsZT-@BZ#=T)wMA){3VK3TxAi>=ev2G% zqsOHAopwfMG23R;S-I>OwztN{rDjsCd#%qu-tz|CX7)35uk}cHvG}vmhT+@O){o1* zXE$VV_vML(AK!dIoh+aJz9R-S$bZt|p2I|W?>MgVZEunPy#4FN|M)X}Kh=LwM&Sp0 z-Dv#he^C7gCXJ~Q|Jf1ZKh+{Y_4IXg4YUm*Y}1bj0o8#|j0mg|`M<>kExWVN!Qcej zbl@H4wug+}ivv0N_x2^pVt=(cyGw7gf5n4Bk7Moyd_$8Tc7MOHX3nt7lg%!P{-s$B zI_UJ}$++q<8*=+6TK9_<*{2*jv}nqHU%}(pMVy2?i*}R^%o~_}Cdd8EgxQ{JjVHYL zZqbv!u8qL5|GwC@>hY16MQQ%e_~AA^^V$l`uKYqzpStk;SG>kq@3i%aG$Kg5;1dF1)%%aB#Gzhb;t zHGbT0?fVR~AD;U!&2_}ZcuyE^PhQ5KFC`( zZ;#LLYfpy#vnh7_23?86iQbQHbd0z6nDfnu%3Fu;|4Z|HIA+6o276tf5m(n09xWaD zXTPLJm9DF%YEN~otajg$&SLDI(7Wf-n4m)iA=dpj|MAAyb=B%v)ez42;te?eFXpm6 zd7L6oj7eggc7zqrniJ|KS7^na!wq=aIA4G-6{pUNasmKeim z1zdr~fmu0)Jk3{Vy!}7*%X;e{nV#CxG|>F@_hB+1{`b@Re|V~CaQ&kNQZeY#E%o%b z$bSq5;t4A8-%$ShQ~pm&pAzBKE)J0`-;k zLh@gVP$+Fd_}{+&)#HDC8NQ$Lzglnw8Xu~MNWv8l=Zbq22su2iAcqyk6BLwqvP2?2 z7wLmN)ELC4o!>Yv{~N!lxBnILV2e#hK*5e49#}dr zPr#K*xmYTa`BHI)fcbecumRj0EQ-s)ynQflW)G%c4~93=1{j!!N2qZyQX0@7E-MHA zpn($mW@g1FrADWuWkvQ)N{dcP%ZlsUw-0`~u~9JIRw^_;vLEJw4G@a?Ib9`K0!y67 zl}NF8fs`u-D6qZ)K2N~KB87#8G69bR@`q4>C2^(2LUBQ`7cm5kCEMT8Uz2}|F_OAStuI76S(H^#7TewcT6M{p%-qLe5x`rAEv5+x>ydiL?{#F zu!Ssfj>JnO<__m^i@oSrcXBMOJ4Q!usUgu@1?#|ZY~} z&y<7Wj&+p^g?u(k9Foi8OStYZK9>Vz2=)i^6C{Jms5gK;8M;^?bO#C$^3k0V^bT}W z-bfak&kZTzO5BTiInw+PrXRySpUcb3m*OumF;~QAaqug;;>$M1*chNh#B3DoMNkxa zDUp`&xtO#>1Vkg{j*xnBBoYNth4%mgEx<;hZ#;6i9HAIrpB|V%DB$)SgN64P&I9cU zwob#Bz~Y7XU;+6J=Qe%?1rve%B zijEDZ-UDk542Q3|xza+|WjsL$1Ct6x)ay`V<6tSm7{=l9`653yu+~SOJbxOiXwnGZK9cdp(D`)+e9~9TN+SVMIX)okD@WU;smO7OxPtQx+pD%iAX~i@`uqXw;*9FmgrxFcK^V z#^Osu=r9gj9O@!qOGG_`Sy;Z9n@jA*tgNi!Vg+4`#KIgIM=J3Gt9PD^m&3)49~z+u z^kb?);q4np!Qm621_BCJTS0z#{=Ih)bq&Sz=B;&J+nm!E#c_!GH$< zHx8k*g;FU#h}u*n_|4QVg@@qC%td5PXNh?%KApsDcW+oof=<{#^#uq&p~Rzuz1RxC z5R6K|r3pn?0uYo$2|f}eG1^HgOGz!UZy-($Xf|&rC?=gkm=ZxTeHb|1pdrKvQ}Bam zNKWfcF%ePG5q_!@E|g#rmH>Wn#fU~h+CeqMbRd`z;p^dT`*o45fu~@`< zRDo_Tdh4M`iOUtEqX9__5&}>7QGvgwp4m8xfcVfZ#`%>pYXH+P;97+}kaP-6NL+}a zGY#YvT$li+%gN(WY|0B>d$4%|upkrXyBER6cv4Rh-;a(Ja;5pg9FWk25-B|t-~1ro z0O>35{{{~iKVTcdJb_3i#RwsHp8 zxRsh8a6obx;@FQzClH++Ggb(rHF!P+`ufRFhWe)@GmuW55_I%h<;eul#MAP5IXPSb z^*9hT(X$C@kd8zNIiM82;ZzY9!UEyv30fEBGlgUsh<(aW7GGexa0ujykyO{fK^y3& ze$bL<{JR~_J`{^r9L@x$i3z}Og2Hh4BUl0fS4`*>9FUH=Z~$nO?-h%IRFEuRUnKhY z_+}wiK1|Y!6cGFwE`+q=>mTScf-m5Qbn%N6z$>t57NFN%UC`|y+lI*H@?tSy+m-l2 zBFhcw>ej_4!i9sc60(Vq`iR#Ek71y05E3ID12Uq7$6$ewdTFG-KUp~v`G!C;npcny zcvb>^eUQw9$XG=T!bKqJ3VdoxQV<>Hq@XQ-plT)R!^NR+z7$IX2^EnJ3rUa)z=FNx zSVrOqA|K@?K%d2PgmA3lS{`wtE6aV#&qAW3vZ$yoO1_2Yyyd$G5i@b-DT$8Wz92f1 zyM}-nrla9#2Rs(Cczne2RFSDHQwI9^$e&6Qh&Q!OL9A1iD&c%VBNA9t;ue(T(_9Gi zMQ;JlH%JXQzko)8ivz1Y&eIzQ&#!q11i2My-BSE?)r3M{H7Nc48ig{MD+FUA2I?*r z34)apthf^U9?Q+iN1TH%@si{VMIz8vlvPm8BoLqmzi;DMP9+Cd0$f$WX$}p5_ALe` zBFGbSxl({wf(PBe&>E2KtInDg%11qVZ5+sEQUYaI!Q}@H!1*!MFd4vXloB#P7zTq6 zVXuJ{CR);0ycfrL(V9Z*&MBnS2f@HCO7Ive$;7Tc%sdE!r2(K%xxV!Zw9A3+)(?61Bb zf`X_gd#hUtke&%9&^RG7e=5*Ts(%1Y1IQprmXOYV0ioqlqmpzBey8|gGH&n9H68iQd`Rl zmnNkwo&Z^05ra^&mNaHOpsXfN%%A`tpCGu29U6_KQfeHeK`HBMa!pEMO2NTL28^bG zS%^w4ya#xR=zc=6Bh5`}pb)%^fQpi{8i$d~lFO-h5$N}TEEWzti6+Ppk|;9v@oDP1 zqTJN?fGP=Y*927a(4`zcE2q4Cp%^p)uy?-?oN@9&G(p>RI+Gw9&-(zBiVvU(7y@-T zJDz&cHr}Jxmh4DWU>J1%h=K7b}* zlu-z;Da#fjP9)xtXYAYUtpQO{0Sehiv-nY8%#xp}jao(!J4U=verP(ys6LYLxo8l2 z>OWQPEYb8-If9h1gQEsCa)cJb5{Hg@HSkE`h>}Q{qy@j_1wc~dVTWWrXgCgFvCAGjiLKX#MgV*0-Y zU!?w)&%;eQO4QZlwIfLiM!=GhiM}zoFk;J5s#JqguM)zLrI;h;vcP-Z%%e$8Rk&*+ zk{F{=uoT`Yien%qs?0J}Y-w0h15t%g9>F4e`UxvdCjiib^EcR8ooFVp^qc1g{lIz-sg(8-{>7}TQSevf3auuzCcA>q*;=sqK?DIRoHb3e%*f+!!n53meSUxc5bM!71zumNgQ-;|qd8sH8Mkky6*g-~7B^f>@CNMexCj%S- z=rBMB0hTJvl@>!lA`TSnd*a8KdV${JH*_O^h`Z43@;l{UQS1Xyg)dwac?cy}pja+y z$3jRBxxz}v3fis$VX>GcQe$WGP0I{Wo^()T3~VgTQl~sV0xr|E%?U#rY;qiH%JWB3 z6ZtI_WTnbv6gr*afB>v2J*`o`PhwJ45K!TO^+Lil=~@Jrz%aBr@|8xfm4Q*`aMbY# z@p?ibn1@}QynTaulKT$RwDpy63-fIRbr{;`I7G0)C^klb_@UrZVo5k$Xf<*6gGF$q zEVQ1j0F)eA#h_71z_3W_85l;I=iwuaC%{=V0qn;^97GA^2|*9SorDm>!iS^6i^3v` zc7Ol|IJ0or07U$>pd5Ftfl9s%qD+zKK!B7C?>*uLSR`(SZv}uTRC&onIV>rcQf)DC zLc%*jG*993xhx4p>!yR42k}diR)7(Rv049k{oGV|< zRCt5$(^kNbd>tha)aJo1@xcEUvN-a+icp4>tV9;4HQ^Jn_=O@KUx;kO#2!FEA*CT1 zzClS15UB>68Utn?;M)^R=ChlM4wM=o z@qqjX7GIdB0%02Z26ItM6G_HzYXx|7!RjJI(d*y~LP01fPE074L!64IFo2Vn`~sb~ zjX+7Bz`;4Z;gqmN_;fXDIr2kHvouAC6i&B|`O4-3#|23LG zuou9H3yXvlK?xDKfJ3PVAn}lbEDDvVC&S^=FD~f9g~3!<8oX4qQPc~aLot8e-a&pS zbPo2KLQq5bHxPWPd;^|M;H7#8DXs@9!uY+FL}0)?kx@XZc;wWY3KbsE*DR>WJ2XJ0 z6i7*^ofJ&+U_K)wLJy$6a71x@z!u5eDJq~}E`O3Q&>vMzBaOu`z{1%=h^hUrRx!Xu zhmywBeO~HvHl;+cLlqPMU(hY^^+g&-1M`)lDA)yAo5@Q^Y#>63@vJ+}3rI0icU|9}Nm=1yULhv4^3T5aNZh7d@ zL);;05*`C55IjbZ^I@hF3At@Bk#uf8572_k)h#|7^bD8<^^6ZR5lZg)APXXwsy+T&sC|Dfi-(JT7~rWu)RqT2MOerZa6Sy@A;u|V; zVj${I04doY1oh-&Fg!vJP6y&qd3a)M%dZ9z2>M|rB9Afs0ANdHkZ37|Y7Q-be5Dd& ze;6Vn;v7E+z7-*qEsyU3kfA2{AW-8YHyziY4CAUWX&eEg6naZ)$H-EGLc;l|2o9Nu zid$uykkJg8&0IX^Q2qk^MdV0cikF^JNX3-rIVbl`O+$Xx_jlA%UfTMhChy^!Re%jk zr^!W$?1zMjiJCH65qT_u!W|19dlaNZIqu<=N^A)j@f6WT%?o42J(nt}+p5Xb5*ddB z0*5@ET3(+=Q4s`IE(hh0DW**tZh=0OO`pn`Xv}lmkcAab9wD4_Tn|JmJ(REnsE}Jd z=wS9hWTEm<<>YoTw@3!{adJFRCS6vvM2xT|3Q5+jFmeMDjd@iSen-iK!UDQI4 zkO>qI3GFZNP#gc_?4bt38{UbAnd&w%*e_(7o!TZr`v_(EQ;{?3JW65UQ#VX2hrEgK z^jmPHh@hJ*;p9=>d@2S#Z-#niEFCJdD0qpYcnf8aR`pV-hjpn29R17PYw!nBkit!pSL$<&Jd=(EUW|d&V++5s!837J1t^fmBfm6@|Pw|&O zMQ*%nfl&jLMg^t;sn(!IQR&+)Fn*AHe8O>cp;a;pw8X#)LdH!2 zEifcgLC1X|WHnO8NB(dujw=>|F++)A6G8#V-p%Br3jRzg>n$;;VyDQpXC=+KC7z(z zHH6085@RYh2dQ$l2!a(`gHQ-t0#e1ENEh;DkVB1gWMKJ3kr9-KH5@G0EdsxS`Qxf# zBjA%%*WB=m24pCuFj94oazjeMJBL}25>E4jEfn5tGRguMGeL$?j=on8UG`x@<`a@} znkZ7MghdmjsK}7XBnX)#f)Q{T6(OB`f&QpQ8z|kPA=-dSaY3*v7qwDNuTaRTD)Gos zG0liaMp_`rca;@B^)*J~sseN+g%0sLN}>l;l0nG0xq(vF@fA?Sh?C&Sfo~|$Q$=c< zxh0PnISJy2jwV$}UY!mixVR&{Q1~MUf+46=ScBTc^i{7ZMfU+!i9!Z?tsV(MQZA~_ zimZ__P%oL}8vsTq@gCQdaLOZ;{O;bNNx@#|($L_DP;Rj!MkScx(U~aLFc*>wAe$os zXpp)N*en+-&KE+d5xnpugb8C%QyE1iN}xOgRC#7Yv18DBz(kFqNrOr!1lfqX7=kju zvq+_(;Df7k*M>DPw4$&GnotgwAG}0nE|@inL3w+Ntf%>0mB20Fg8SL01jCgH63?Mf+z7{Q1S_r!7!*4ay}20!;<0)0Qwai zfGvwtDgyj%UN)w$dMaackqNdw{1_zjihywGp}_kcv2chf6$6E{+`%i&6TqK1L{WX< zmpc|AW{u=Q3FvUB{4IcJSQb$mj3r>@un=JaJ|P+r4IB!tV920^s9G{V3Q{2;+6KoQ zV4M$SiBL^i*k@vdLpJOqg=wI1%RnP^3ALP|94thD%d4Nf#ZBO^C|^hB(lm3^H-x`5 zp)4;Slf%*rr#wVH`B0S=CQ0BWDm_X9MYOq6_>G6Q<2WpoL0#cO6wpcTZ$z3P%2WkIQ9 zmBa}O$B2nyNy1_bDn0V}D4DGXnXf~o(M5X)Kolw+a`BN<8!C+8YvZnV74$d5GXayK z_KGY|*7${ya9JdzO{Eq?l!YX}(c#FeAV#|Jt5EV`AdD5u6@%MU!%*lV2+I|48hIX$ z#yBn;*mI+!p!%Ei(B3Q*wcRKh5Jc#*cnId^$w9)&R%L0NC^V$VBof7io=tUxzoUdt zRRwRN_(xG$i$qe_6Y+78g+w=$s3$}tO6J137ZM>`T$%%}K;)7ug={NiTt%!l79$ft zp9Y*WHC4=4x}`P6{9G;GUK>SI%hpNv1!O}gxBiEvrs#YSoNO z*cCWm2Zc|CQ4t3W93r@{jJgQ-f6CnxO4csQ-ld7`8U}zIx}F>@ml2fZ72qYIY9~G} z7`dSGvmC`dfWJthksGLkItSFl&mgWD$g*kXRq>r?%AR@(E&eY+J2X_RQgHqj~HD{g|YNUYLF`+k5KRS=s zi;PnmCgcfRAoDQ98&xvFz(hotkxY#Vjm0T97s=qEX+Sjzebb{MdlKqr<6Rp_TL(1e zLKY?5#R6nU>;yz)h|iFPyiJW$@CPIPsJ>AC0ogOtH%EvU%=VPYQ>D|yC8YKy<7mp1 zemAWEVZ0e~!~eW8pb&|blmXJ6Lv$%?ve{qtuGUlu=hIRPMp_CL!BfU_n|YQnoxLc?OaM!kV3?;y;TyFlfHgJ|gE=nu-`I8i1` zE>hyvuGpb)8~}jGq7DC2xEwC(S%>=GK_sh00xkmyGBo1WGgLE)s7>{e&PZkGDK7%@ zQ+ObMg7PVk(xO^d1|Z>InMEHN~r0?#{h}&-N!sCmD<`6 zov@Wp$0VY}4YZX-J+eP0SdG*jhZq+z3RF-A5*1KJ#cc7v6#s-Q4m@+Ck@Ffnph#Uq zj?lNNZPad-LU0Ip>7f}M)L(--gy3lAlW;WOhauPAl(sqar-lF**yvGYt?>Vx&E5nY z5Xv2a7QACQWOFDG1}44MA|JB#u*&j@xp}}viO%ZEw3MRsc|-8GAXzm{CTR8{frO(p z8R~EkIzww85tM{m3_7xMD{P!rkn10d$J=1H5@{%wfFNE#T?7ySY8NYkyf9g7IX)=3 zSUJPdK`%dI(b|TSpS3c4-b^3r;73q-yEEN=lvQRAm5@^>7T!Y_7#o;+N~93alt)J5 zAup2;M4uL-9-gS|ro_>aijZoBb6O&UCKnQvs*6q0c46;aN`tNC{h`4+&%@)`PMqVDfpo6bdIpl1A(awUJCv(UR+4dw_1rE$nCRG zWmDNoFJ}&_oz+`$tpPv|WVtBg5z%L~0E#F9zd#|^V5jtmbS`ZV^36E_ri6=?K1awi*L-Dv=q>+*@&>z)oHpNXJ%A6S!6BYfo<{A{0;io?x!ig=cJI_Qq+TGXvegg7H&BnDb~+!*9D0E4=79p= zyddZk%3gVq4T#>F85Ho|sX?mwY(&iuB2R_Q zHO3v%xe$Ra57R_CN)9hK7qWmrnv$nKd1A>4{Zo5jl(hyG)yqTui19Gk$b2za7z$aC zKoiFj$O;Nr`R;f;9V9RjjhT?syH7DoFp|XrjVI#$l8ZnhR77-9Yourr3^rN~$ua?c z>Mhrrn=I3`RZa;Qs2NksNPE4unP$g*IH$(qRhtA_RN&M_Gt@ zSV{>?02#E&(2OY;%HrTL!;ni?pDo}M{Q$0=h9-xYymF^(5Jxmj4%Jd|LD9o1lS3ci zl!d5?Vz~IsK3;TZLvt%cwM6SJ7#Yb*Ef=~*Wj2U=r=Vo!@H|jEpvMoI6?BC`DS97w zQe2jt;p3-Hy{X8>cy1%Om019=Bvf<=56AECi*{V~Z6O!k45VwHfosnr*$5Q;OZbg+lTVuuE+ zH?@rPW<(*y2rmQef_l`$4AEHz0hKb~;j98+b8ZRj0VHR{Y6o6qd7c%oX(2tQT zhF!+4C+mI8T?YFd6{uBV<*G{vOip!!DRrmC^Wr};MJfqia{U9`up$xo5$dTPlwhcA zYH4&aQT4VkFrBI_CBYV{W~zC-Tqz;a^$EgOc+3Z~9H=!pBHOQnH4^XlhaU%CP@k+=!u4cHM7-~wiW&6jIc!QoiGn422{ z>J^>rproQyLJA7XI^l^qMTo&bY^cCf#P{n(u676_$P}Tl&}EpcP!xiSIpW~;PsO5f z_)uFt)I70KDCuO7O=HC&D;2PUe5{5zvOhe9IFvAhparA&z+T?IVPT$-_L9r=L%w?) zEV6=_3NVD@7$lyCmJAjPF#udvM!#@w&|DK=6Kyj8Z;X6$!;@O%AQ@FCEkU0H*3l0j zoJ76`+Z*z*C~j^|`y1)dd8_9HF%lK1RX9j<3<*K}7 zRDk@HgPRo*T%-%K;bOe_{zdpxFwiF9F&8Q-k)nboQ}$aXseZmw-4B)LrndPSItcLf zuYYnYQvjTgcrhqk3RkJG4N@iA>>zsM7ra%>tS2BSKc<1Q&KRctI5J~1i8Y*;hZ<78 z-y;jTg>29V8l6}o@jZw{VvtFM8nfidBb2DqCMStzk_Jd0RH(uSAdN^Ey=6#(5=hj= zCnV&nFIl`evY!W#2CZ@-LyHad@4ZkBe8|_v#ZMydIX)`Hw?R~r zfT*;}!hua8#&|!Bg1CubYIHjgPXeL%?SVb@Frb{jgDUQez;`17pE)PrGl$PdYX;Gh zFmed!iuI=6_)3A8P6YBGSzXeE1!|FPO6oOa?Rgx!cRHw4=B3oZ7LO|?Dz?A-epOSx z>LHa4%p1`YkRDkbzWLOn_KZTIMCt+lB`G%t>38)WsWM-c9hV4q!tspmB+BDAWi6X< zb^%F4i}}V$8pm`bGD^aO6X42sB5g(I4eEJ7#d2$a3PWrh1&EY!2%12}O`ADhTcO?} zpmhgEOrE58=EG?!xH+(8wkv{^6r&p4x9Cxj?vKk^O=osEwKdZy)>K0Y zrQQ9{N4}|8gOm(ocw{qv@P zkl{RlpTRjHM$INr6pd6UL^Y+M93sdf5CjI2J@G{jIFa~55%PO#JXJsZWZ5zvKL^Qy za?u#9#c@!N7))~bci_!Lf)u($1DF1gYm+a^#SahwjL-@Iq+~!HUSk5WGD`aUi14vd z{G*sV0(4{n;Er+%At407jKIIeqRFpuxI8e(}j;98)Sc4w!Cjf`RGq^}$~n{GQfyqq~VMiv1k%nGAk+>zqgeDrwq3_WZpN$^cpwT5@t4ZzTg~% z;)5u*6HcRswcZcOsg+MrlteZX!X%VY9}YnT5C(|Tb|!rH9{?sqB#BuPsMcMe3}~td z+8ID01{G5jA{@l#aB~#l$!`S5&GSO>B*?Hq9Q8y5jy!`cijor`1_V)Sd}?x6{PA+B zLz6M!!$=SE{78tM_aFrsW!x#l+=`1#U==@(p_~T7oF+5kJ4RbHS>K=})BkzZQdLGK zva1}S^ELEgQERG#zH3Urh0=`!@NO)vsbR{~KIA*LVJ8F9FVz7@+)ioVeo`_2+X^~0 zb@8dquBwK@S%Ealh8cYVs1Y(`jaMTQO6!%YzwkoEcY!A^Vk(J;{&f63alXl;<*BAEHR5MZx3A=j=w`f z3bM(g_$%~dipwX&>!yvGBa?!|k}$wmMxi&^PH=Nk$-c_W;6g-${=6r#qH_ZMP8{cd7C(Qk4SC_cj3 zpwe4ty$D_3AyYN7R^9 z^P_h~F3LirB-BcXOy)uv@^>9;7}-LJf=$s<>0L)exfn##DQZmRHdIPze3$(VdMqj>#sSH3ZI^wzFAO z^FMOI72N<;w@=eXW8*CasiBAlgYPm9;x{a67{qN@)F_B<;7o23*OKxIp;k7sX^}&L z$e9M8Db*1{!xD&9(6XG0TVpw>hKJD_1mN4LIV%i33!$MSHC`nCjvA~v;vNpc0vs$%YX78ec7v z+q{j>5S*r&?oq`-*fgf|A#_+uIBw-Wbm}S_=^Irq4+895wIGL=mlwEx@X`PfZUXr- zvO)o-qNmooB^3{}Yw%ha9i$*iP!H@vSCxnqJ)NQBbYOGyP#}kc_Wpta)O-w{CucL8#pj!>v0wr{Krkn}NCY#P3F~ zEWQv*q@ZN89$sF`@vijl@Q%1FN63*C!a?fEN0fme0>>6v>>v&8hK9a~kV&ONfhVXc zGH!@`sA3pE2z_gXgg+sKgaCie7-LX=2<*TvLH`*A6O<2cQ8!m{A!Pa%azp5i!2ufv z#~d-CtgI~M2~h#O1Ya32AQ{E*(xHWhG+&q#LQn3SnugTZDG@e8%Ck#^G3Bn3lBluiF9+<6s z8Mv_sO+EoV>g_}F;j$)1At0VSgit$9QUAixhhf|JlSPZ~`e{Zk@K zAZ-5N|SI{uTu7YpKT?MZi+ETEqh#!KBVe%~k3Bf6e z6pxZ8_=@Dw5fqD(kQoLPb3)=V!7d1J$*L(-KRKc}OhdWFkeiGj=0X8D@POz*y@eRf z;E4ZY?>oSnTDFCEDoF?-ROy6{)HHfAbd+KQlwu1VloA0Id*~pjU_tDlU`0hl#U7fX z;t>@UJ1Q!6^jJ_){@DpZK*e&-eeeD6$#<_O$=)-wX3eZRYu56ypBWWTAqeVjgZt8s z!0j$fvjU#jj`U`a^%D*!*q87g60)u+pm&7FfrHb2ufW?(@CHG^-M;k-yv{>+A}Dh+ za128KK^!8(f!G1*M7}$Q8<-fJ-yG(!eK7dCc)B?GQ3&uRvx7az0QAvpzmcQ8VTBR! zRx>ku2Y{5R!NGBfgPvI0JH&t>7P$0vZxe#B4Go-Iz;0U6&%HfafuDhp?DxL#0o~p) zDt-zVWbhO<=Ids5|%K1BM4hC!2{40DB(R2R(oK)0m0GlL2pmy;0f@g4(`XI zuOj+@ek?(dP&~*p{pI!EZmjH`W`m>@14pG%?VW}Gqye4KX!b%+@*v#M?Ooy`VJGaM zUKsW+V6y@Fm=r(g2@^a4v-%nwnwh;T&}sV6){A{}ct;ByTmu2J5YhJTtn58NvXrlu zok6wt3?8&93>x??X~tKuFzEK4ApODgZ_x#VVebVt;jDq9GMM(>@d-0Qy6`Up3*j-d z0OAv@@0Z_uvBWU5?{(b|m=(hu{48>#4jRP5UXV=S8+}>Yi~RNjJF~L)4NnN^*FXpq zke|LF8Cvk*9l)dse*Xr2GwJreAjeuv-!4c5HK{`3n>oGHVKP8+$8V4jlWFfeGdL>x zOUqsm%)sv;SKAjF5_M#5?-v{iN9zonJ<|gGo)kQ2xtW%rz$kFu4%{;r+E=r=?!{ANu1Kv1_M z1UU1AKmn;E|%)HPM^j98S=e;QHP-9}96Wc>djigyUxD$oWLm@5os!Kp~gEcRE5cbt;`vCn6C~v>? zPoEYy$QBhDI&9z}4Hph5Fp7W5)ZxO7zGsO3ob@8;B2joNRd_%LtFFIn#lmK+U#rne|^Z*QLsKCSks6jvvV10+!coD&|Aj4>%$t?0e_T2;S9eAki2fG+OVT-2M zg=7Rg!!dv%&j6PKOiVz|tdK8JK)v0;0h_|u5O84A3uPa;z^66{VBw9oKC?=6=^g}+ z_hupr4>yl6qk>FCpl$CE{vf$O$V>+Q4?;yLv9kaqpe$GKL%=`=j4QyGfDQzRgZ~-$ ztq-`tp!E;@fUh^eG5TLT5Z^;5n7`n%#dl(=rs1rEMPCmuWX60fD{Bi3L;kfn4Q4&0y-YJ z+JeRXdXM#A$N|2jzK;F-JWL{2AUwc7>AZImLM|^D=W7QPjF{gU2HXjo4ai#1t3y(J z5C{S1g0#WFDhW^iNAL^FWPn0T0#BQufB3$PC_PEzYQk371Mtx(IIJK zKgs=NMxy+&LYnU5o<`|klx zqxJzVu!%sLoPV)%T3_dIrsu?@Sux@NV(;|6-i1lB1=k+@#{G*UFusfc=XL(~dS-mV z3_BQH^aH~EU)wRXFMAPalhKhN&;7sGIsMCi5vEoC7rXufw=lu+zt=V6%U1CRiAKJG z50Snf7Cl20YLEbzS^*&fgEZm>*kuA$Xhk(B8#TfW32!cs;M&%_kuv2h3s11XF^ zErD-~8PL~Ix-C#>1OiQ@VGEA+LCR&3DI-B}0d+S9>eEsm>I!6YIy$EB%_yR!PE)H7r9h8^g{LqW z4PZ_Sh@u2IbN?436>LYitNx~X5^(DEIt?_fK#W1(`7HcR;3m`jnOQo!vO&ECwHwqJ=AHG8cztgMRI|)O~ z;5$_C_;AmnE=3_+qWCd5EbABIxxi?>(M});4IcWN{q?(0GB`ABz+Ds&syryjOW0CG z+peyTAjzNbNLn=uU@pmWgPrn9Q$v7 z;29Au0=($LHH4AUn@0+K>WkH5FafH+M6J0xxmvo4CI^}bn82VA9^kwYL1`*-C*9CM`cU8aP;jg`3+|>L zB)t*?%uDe1h26kk2XBr49I6J3id$6qF>Z}kpmn)|wYq0i=5_u#ksPmKM# zcV92xU)Y)dX)68})FAK+j)waR?R_4=U!=}&jo}I0sD^N!;IBr3p9s>E{3|OgOuqQl zAcDk;f<5$;-1K)i#FsW-iB52xp`W(btI7^c$Ui{apfN1_v<;z{?kmkn6Uk~(Dt@8X z**Ca|p9xJ5fo9(Ote>_n;^B)CxDgD*9Qg8ZW*Y69iRLqTS57zX%)6zEKFsm(JQ+?fJV zM}o|*j^Rll$_AvkNsNz3nh76j3VWd#!@zpSgY#!WIAwGq1=JRY>ve)d=a6u?Pv8$o zj0T~UpeqowoD>CK5wcXAzy>LSO@iZN1oe+VfMa;FKv|3s z>_(9kS zicU}g`h3H~DWd^BgD~u=;K~0CCnq5u0xAS6>Lzz)RTbYLqJ9_DFbdF(#P=ux9P7dr3VaDq zfIz_`xF0R>2TB_Pfhh?66MPrA9>I*_!)C$0NB9iE9{SE-2#|`Vzz@>r=>i4vUQ*`i&u*|4)7R&GmO0=lgH&fnQpGGYfeAEiCAN*8jg^&wO|N!Qm6^ zIs7+ZpaS2pIg|N4`e&Ha!J3QcU$FjWfB`@h>c27gkNWsOPX7YwFqtVR=fq%6hC?Z* zB%0DpXr_MC!zrVt$51F%pmL`*ooQ{xfJ=DNO-%`=-!YxPYDcrCSy?lw!gj_}Lk2gc zGpY1mv->-3&A!{#l4&+%Q#0BSP0fdHYB5Ap(W%5Y00wvhNtgvl`o?4}nIad%cbX10 zSF7&>3`PYP>%TjyndlC~w@0N7F{&AD$WiIN8{%7Y?W?l*?NJ%bApm9!IqDGG$c@Q7&aRU!$WTgv!UiX^p-FiVk4RjwIygnZbb8;wghN85KV#uIV%PreM=@o zz#+hy+_#n$w1jyDU=hL{5fdHqHu)* zKxZ9dFVU>&1CTVZ?T?22K9=YJ!@@()Z$r%ZKAz|njG=b~g|Iq(HJpL!XS#t&c$^`4FaQsVLSTGCJTbN}63J8GY zTELHNJ%~a4q5A*CD*X5L`AzzVJ;sB50{;NSAJM-VZ7}@c@-N{n`o2yvpZXT&DX zc8*D=TSohjPOu8#28Wn=2M1aC#*Si!&KMm&jXrjIphNIX2e*Lun3*%EV`c|i1-OTV zc}<%#I%>90a-=pm=#7qz{1O=&=IEKkO`JSAK49|Xu;_@9)7^rDW4%JWJlw~6hE1N8 zqrZ0yd#dAPugR0)xeg9HjS7d)ckDDlz@aD%jcINvjE$HO zr#IZ@r!oFN>&0)<|99MbzYF;f=%2=f&xQv0e=X=V^FQ?eyZHW|E*_2{y!ITf-XVOl07;hQJfv;Ov)R5KYVzgod>?5XLQsdw+*J^g`c_z-bhiYc$Spz0Rwevdad&FgA+Du9u!zJe$3QW;ynU~vr1<5_&dZk&^{?n? zbk=QXIN(+N5dr8|@Kr#+@SGrQ4}Trk-AHMPd;8{#IdV36+1@AJwO6evopI*b?Bmz| zinNxHaB64PRV$7j5m+(T`^8@h>O08mOk}Kmr8HFWKGw6H;)p5Ujx&iw)#=NYPoRZ6 zGUJ!3`Vf_Kt*6;Aebk+KSvK32mS*~9uc+j(_c(@5wVAug)6w^!Qwh_VIlJ7kL?cvc z@7YN!t+%+8H2S(1IpckIy4IE+-{HH7Hbz}z(O-X+bj<=_;|Cf?ot2sehy*{k65N+Lx*m37kD8kc`c z+GQ0f;%Z~|jTDbi-K@WDFWlLWYbE#iqWxT_)-ODlMbemb_Qo)WjdipOn%?OR)OyOg z@zDNjot4*Rkv5L2JPb%KTkWkUlqyt&@Jb}PR@jF6>GyUE$?i6mvv3=1C-dhIV4g{-R0_%=Lv!RDsZw)-j;sUDL&@9Ef;9t4 zWZ#1^`-5BI3Fnr9B_h zO)N>@9N4ku)+(QDPEYkq1ZQuRI|iX&N_E(Pgb4Z@%quT#-V(n3s{Hs34-_732u50Q z)bWe7qo+*fz4A~IPoUOpp6AW0*&vaf??lqfuPEEnxSis-%3>EK6(_+{Ks3Y zOVmC$OeH9F9YpdC(d0_PwFhmx&(>pk3Ht~Pb0~04^!|;*u2L z6>xSR6SLse)YK!nPn)dJH|Y2<6!bS#yO5%ME_}g(o7bUE%w>!2rkA<0_@`+p#JPW; zrM0k8|W8wqstFyy4)BuQ<~u?OCVbEpWC(7Ev2Rq6>#Hgo=!Oa(I!->%I0JH>5E0S&&Hp) zVf(Q;QXz!(lvQw1s$-Nm3G2>BDv`w=+#CNsPY=Z_Xq$21y3aN1mSZ#U-T?+}7tn-? z;lW;U9&)%1OJ1!ksb7wki^ngLYD4A7+P3kiD#b)c{S-X0d9DmA5WCM8f%o=8owyco zKSmb;J>3qOIZxP!r6Q{CvoNt*C7C|?yv(zUAXlp_JIZCmsF7kALNZU`r27f_>56c< zE=4@Ah`wQDTbk`MzVhw+yP9Hqo&;XnuDzLWPF@;qqb+E=TbQimPkpv|Z}xp&ez zEv1@dvIkGwgneREkhGXgk^eq};&svIJz{An{(fz8y|w+A#MMUf8oq&ubElU0A}J17 zIu$A5M?vW}-p9$eLHbP;godS(fpl7-B%g(7B;G^SZfy$Jm02a3k04*ERwv#h&6+nQ zylMS|UCq(ER-F4=a-Uk(h=4deq^OTTN9B0nSjA{X91qdV!3OO?6eYXY(Kehq7wN-C z$``W~!uf{QaWNi;Unw8y%0%%G=K3l+Mtw49W4u*-U9!e;i_M)?-ZOXkV#LX)#A;}v ze+M7+>8T#(GrpN;P&}uHsH)`|PGzmSAS*^-u{@-BDXZSbh7zCM+FX@5X3NXRn8)o~ zt#2!y!zgf2=E<&ek7rPd zD<|>F!_H0_cbsrl{K(V2r$eGWjEgUyU;1|E){LOrXex5T=Y6{ujD0xOi;a{y!iUBu zhcTs_vmXWU_weml;igb!g&7M|=oOdXZ*ZeB!B}jg+0LXbbFLkIxpSXd25(Yij>qB% z3zT?~vUC?KQ<5vST?N+@7i#n5YQ;`j#4rW^Iqha%<*{=R#_^R)w#iRD%7YA zHOqB-qA^k1QhZ&Jil^H!x{W62&kOyJx^}JW^h4y-k~2=lIPH0SDL!z_W!`QQZ|a+) z(1J&p)Cb!w#U$7eu6)#GImt6fLxt7~>9zOL3i$B{Jg4B>tdQ~*(7J=|&tvgZ@s2D_ z39Ng3woUHc4VYrYoEC$l+H8bWGOHfax-jCvjc|hYt{ob(DH!Rj6tU7-p|kEkHyX`p zS8kkDXc`4AyU#+ETJj-W(JTMN2bE`QlK1GDC}14NjgaKE?KmeF*LWh!cZwOuy`_>@ zMq7unmVOPIIf(a=qT6Lk6B{cryOZxz*NyN9Ji6BGMxH}O=!wg#kAM0=FWvE`JaV7H zm3wpeAQb-TLruTcCAw*oB(M78*Ayd`Q}`Q(RUjP<&12OX&G!+gp_0U@P!&me(J`YN zD4a>eV$wUYlUHmj3wEZQ&>C-O_1;9WF@dn@#C@aK>)uQ3ZLXPf`N%2kXJk|JSY+dV zQlw{HjJU}iW9-X=d+kE+UK*bzxsyfO&}cYbZ4NT!=DTzogM`f{P}{{_HBhQ}2$^Dg zC-c_Ih8(w-C)O+9ef%~Fam{k)Da9ak+**~gY5Z%KCn>C#dZ3>^nata|@djkZo|Qe( zyF5MeFcNj9tuX3VPsoYw$~PIA2b%3VAEo59EeYspH;=YHg~zMp@jIG4Ve<+7qRVv}?+dDbM01)}Edh>8aN?>)jj#&!$mqg7G*W z_F=%2nb4D&V?&&0g*mgrnTVd5Wk{`JB!V0MF%nv+ZL;>tJV=3eTWo&GN}jGli2sVz zQ&pa!vL3^-8H)Oxk0%$XbqsTmO5LzB1;H`HC8z3bO=WdKG7u!!nW~_WHpVT@tYerB zHw~(WthT1vcBGAHB_Asb55jRI6vj$+gTF%DGIHlkkt8pTPOJ| zxZXrLBRJ`9$>9?D>D>org+!sfJD~8cIgwk_qTP|G;^f#?-lx}&bG0B03z^uMF;O9H zre)f~7OF>e*4(ZI^NVJp#ImikGt;8X%u{DSu$W43L#STKmUYRR(3L|kN>}N~GUw(L zWuxbHMXpttzP>9bUm@oV`E@RNc}h7hXG2uhZuguOmbv$Qawl?gRf=*C>2tIK@`_t? zFLzkB=;!RlWq6OxDXh+G>cV&{aMv`ZuoV{ZEEip^UL2{v=%i)Z&5lK(UG`(1fAy7C{k=Agt1B;V)l$zHNI zDj&B^hHx;Sn6pG)ajB-_(yr_R#clb@r}9)E73>XIYVv-mqT({_to-4Miw(Es-_=}3 zo3-q9z%u*y%UFub9cQ5(p#QBlcz+Y-zxwl!?f)-vmcI+z5A1&s?cFc_Ul9Kb{J($f z|KCOTFSQfe|0<9Qbg2hIkx>W~LcK-egmJ5`>2-aBI&H>nBbgN9usA8zba`=8oXuSmwPiAT zo0Y|sF&1YG+#k|tD=99QO_5>t?Kq$B83Rq?Jes93G1vHawTU*eTpg zQJF%C*3llJHCAp4c7i?CYK|k_%s>@Klvsg6Nr-!_(>L5_Y0li_%rFqcinU<(qS1Or z%#H4dA^r4>|VA4-u);`kXlmKJB7RK?XsD9CU7K+*7;0%4?+Ps@x3V=1&Jxrgsg z$C;@cC2=o3a@?t6mawN-kB>;l$v9@_b#nN+Ci=^-7CF?rEK#=fDQaV%Wo1e?&V9;D zx#zN|$JITglS@l;U7}_-MWu|kX?$~}fj76Jt|pxz@3jsS>!9g?#NcW*sS$c<3ze7? zqU7jl=}4@q`dm-3J2i)9toOUoaff*#?|{mMtz!~T*UC-Dk&;K1;G*(maN6Av8zG02 z`d}Z%&o4owc`GFElJ&`?8c1n4R_)O%Neh#BX3~z(N?)I;E^TBHb3Zr@LzqHnu3SOO zB%qOTJQ*^@zxYUnR4i8+#Lred@7ct)|kP* zlEU*k+5CjBABvl!Y*5s>A|P~{4-0Gc679Oc`SnX5Qu@=1G)dXVRm(_rpQ;KM*furG zrb$>F$*;?{I>Jqphj{x1sB{EhAfO@74xnP&8_{J-=+ z@qfRI?q6yrKsXXO_am~{6etxz)Fk5m*Gi0^ z;s2uh7r(?<`n~)k{?9NQ9RF=Wr~irn?1#bs+(#k*SB8}P>HmCK|5rb(B$Fv2w^UML zgEX)LfC-?qLr$?&R%ikM{apwys>43&lOh+;PdP2pZ>nq_55?>KWJ1T5GbS9$y*=$QC zQb~$_R093hq8Tz~=*2k=sWmZ=mp9r>qegjK8yegDnwir~ZH=jRi|nYzwx;%MUnWhR z5KoellGz|dA`!*07|igr6-+eIUv9jX>Ifyu2-TUgBSwtG7+KkwI-1*?45x?_B=LAj zg7`cYZKLCcR8t#YQ}t7XrlxcAFl2q(=SnjbWMxQmH|tv3(#A-l53B5P zOoud{xMhg@TQ4^#4#k3F0%=_JD=n0ZgqHNUsFfvonUiaxS~^og6ji*}SzD3wIS#9$ zCDOuWd_vu5DuxLi%?^vM{neww2%B&?<*%jZH@Rojvk=dC7g4y`^OCFUPMjYmFK^4C zaCrJ+C|s41FF!pu(TAemfu|Fk$wCyq!6GGMV7#zKiA&7uq$<^bf)psg^$IHDkLSC-8gQ_86yd` z8MFA@J8t-Cl#GKN7Mx9oiD?^dwa83G9pG@W+{Z&1|bR|M8<~? zpZqzyR1FL9YHLg!${hWwVrKL6)-*#J?#XlKr=D0QTcB@VJaR&1BovR8K0FNCh=j5c z?xWm2Tby!Q$A_$R`1Gl}yZhtQr%!I&xPJb8^T!K0BTN+P>uP(Fp`O{Op1GKw1%&Pl z`OZc3_B8>|E*$*)=+epU1wHRN_f%8>CH3>?&mTX2eE06%t5>hu+uK3102LJ#Fl~YU z2G0fd`>YW7eHu#>Fq^jdZC=Nrl5gy~V(=#Ou%f$7V3W&?eL+UyO*0G@nJAw(Zh4vf zc;%CuamOdnDHf;z3;k%f^qd?t0)Z!pTaXF)#DaxIt5yfd5M^YW9+!sh*4K;wO1+6RIpH)uB^1JS{rYPs7b|;sMCG;&{&qIEiQn< z(JVj_woz|c^6!;wlvbac9ya5yo2jbCoQg_~%9HpogLzl;t;$a>nrNSQ6KdWh#^{M> zr4e+HCTsC(I!XDB4k2igidI5L>zG>fqBy6lisUg8r%BR5TZy%rGdwn`&^h(Xt~lcT z_1_=rxY``-q-K=#lJh?QF5$2uwMoVCZhbn*NWqfVSP_iEN`9oa>{(Xxm%S%rX_)vG z@!MD|&fJfae=hZ;>LK$H+C1KcRD3$ch||d56zeE%WbB^rUK`_45r6%8eVfB`F$VA{-c1?BoaQBq@zl7S6}~620cTT;8Eu<7TBb*Llw?U;$B^)+LfpnI;%0e zP9a$OPCecxX-uFP#de&V*tkj5s~e_6NojfhjgX(+^@&nQF_q*_r_h4?by=zb#rf_M zBLnVjBgBPW*eo_y`tf<3&epbVTcq{}h3XQ~Tu58Yvz8yFRJIf~cBgB{7-%OAt&AbE zFH9KzH>O2JyU4Q=LLSu3%}Lm+!AjFy(vD53TEnV%suR#1fj_X#h)qbWSu|&39rFBA zkL&~~l{JQ#(;8$4{lE8wrAVB)QCR2c54GiS&0Cjelza7Av3SgqGEa7Om&ES%gnwrtR{T~N8{$~CWW*-hF;8(b)#CsA5LsC zQ{9|u%yXZC3Cwa~k0Kzc(iEh}|PwO(GhbY=;y_<+WqeIp8sOg?rY8tODAO>%0zD6?T5 zJ1&;RTQKM7k;6ddzh5BpWQpC?l@lIas(Y2GcYXVU7frj4Z!7G6aPh$Itw8JxW&Wp6 zpFVu}AQbygo;(4P|JJQrd-v`IImDEdl)$_N@*kcHEdQ5@SPFKv7lh- zQl=$NNk?31je>&hhIQ-3@|Vpc+mW}8u)*0!Vj%_=Yp!Hxg&x6B!ZO6kl}ByuEyS!D zcI)kq9X)c4ufs<(LR^guMzeKwaW`-3ni?2gYS%Lw9bqvp07a0N8#YW{=C!y@R1lMT z@4id8HKwv9sx3G@4NFpqg2tpGP+~-97PSI$Ao=)5bq>F@1uIF;bq?b>EveI#*1@&i z%f{3!HY`l2SUb|!V+qDTp}S~Yt=p0wwUeA@L51QcC2;nkik&I4bwuwgB z95zhr`rTa9q?*^owY66Bx-Er%dveVQ2ZY4BP^ zXwHG_)%dm!r{cP-%bOgsJ6K0hjbt5C=d-jlC@$V?_YF3bkS~T`?nRpNTK~{YC5i0| z$bmJE8P;k+7Cw)T9{sqAymnIHn`6fcy8_0o=rF6Rr=xV5cnGRZ$I{a@e<(Ra5~sph zA*s;HC8RM_iZV#sTCZfKE+C>nT<|W>jjh?*YAKEcgQ`wPqHTSrqqsq7MPQC+G0!Uy zN9OWL*6nSZNH!`g9^RnIT}#TFb)G}=E59c;%(A`BaiW{L*CnG2y}JZCtBKQv|s6eVV^K+4Y8Es%$O8OM{t)-cSnyJW6ezd$vt6UoXU08|}l9ET} z??gb9RH&NJ>41}jiusWNjTQBJjk>wzF3FQpShE$_lvun1#3dd6H{8SME(Kz>}asN%x5)3IsP&JL{Mvf9m3{StJbnHg}JB` z`d225l2mekSBEg4lXZKpX>?oK*uyRt(9CE5~|VYzl^6C?JxU0RxW@yox7JBr%s;-J?X zi?79)Hlwt0jnd+Xv=>=?I3^`kF@rs{a6WGu00x!|o)ZqKHf8BdQVgHr$rchAO68$W!0 zdGBq>^X{V!UC`-n)Va6R_n#iLKKK9p`NNLlxCeKxTs>V`w{_vs-5XXcD@aY@^_TWQ z)ZaVb(0%u6J~#4H$&#KEHJ>|Q^q|pUAt3;Q&!0X$ee&e!kt1IV|2uc?T)uqy#EBC? z_`AEi1N&c9RTYUu3gkaL7g+x1i{$^Q7$vv$6FsvIUy7(KpRr@zrMS%niA~ziwi*=9 zJ{y4;H%vU-d$+%VeBi>SXCHflByq@e9G)1&)TOAC^?3OOOL>I!LL?!38AyG%W&zdS zPMvOTZ)s+1OgE;`El2Dgv30yHImpVAZg;@GRNeNljoB8uy*1$Q2M?2}BdD9{>O1&h z-a6Wo#kenzqiBhn_lP{LD>FObiY6h8xUhC@RtwrR8L$8G216HZ!qei;VQ3 zazwsn!zM*4i`C{Em1d5=&r6Q%UZIfZQp^sKa)&ebV0QtuM1u$%-zADnA*xEyD?kIu7x9uXqb@BgK3J| z!#ErVwAoXK2&ss-`%?+Y$l@)^hA{;-7#UAWO7Ysjwz9Q}nbcI-tTCIF#FvB>2S%0cCLh3)(q=l#7*#lroBC|urJy|x;)dvA9#Y(rk0Gi?L8*A3 z4=;N#`>!n2S4CoZ=v@*F2M9?}Yu5@%ChC(-XNgtu>t?@>Yfcd}dn&#T)h_4AlJ8j6 z?m%kYxsB@9lbX&#Eof<;q&a!gkyA;E;ye~Yb4z(f5-8KY>+}S25e9AFyv8?;+T*|> z+G}^$_}Wr2j;Xe-JSR!L%XgO%tt@p~vZCMk5iV%o;-ly`GNd|Hk>pcePR8?`4wG>^3$Vf*0Z;iR-QIIeZMS=l#=K(4~?uuvqNQaQh78=~Y0FZ*;b^3SnaACmt6{O~jMFG|t- zyEFU&{WIwdkQ;i?{qH~V-@l9PUu!3%|K*SleE#=R{(a7jMLCjBj$}Mc3feHzVvng> zy$oTyIIdmVv6Yg%Zp*ulsjt@CpPr&}+v334$Qw^K+^LOyd3bEYmShm0@t{cmLz&U% z9rV|w^q!p-A9ve-+V9S$i%+s8ZJeTfb+Jxknr3yf`l}5FECcb+TTLHru)bF0bbCwS z@s%Nq$4R|ksouU&WsV2AX&JjCMY=UvD%KAFckZyqbBOP=$bdI}oC$qSM*N+G=$?hV zABTLOj5-^R{xBE&dKR|AAG0-mzA*knR_F(W=LE-pEX;S*oM_?_s=F!LWJzNV`dhZM!8 zv@~Q*^0kcC1)a%0n-_3COGQmS$iOn++$L9+b~E2y$mt(@aUG#mv?V!C}?aNS<1s@GJ4iEW-1)aM@**55Fe@5aF*X$PBad})v=Jv zFYO4}J72?KO5JWGW`6m52R_TBBI>*}jxw%xiCqXve3?RRV*vIxQadt&l=gz>8LI!}q)=haW2K~`yQN!4VK^*Sh77yZVWGx;xzjfOVKYv+SZ|bV+0$BHPV>lf zvM|r;fXuqF%g9CWm{o6R36fPkWIe_%%QL1f=ACwxoe6Hmk56v!IJEKx(Tl>vhUabE6KUgCgF zqz!*iG%e6Ef}u9Y~OuHRzge_ z4MHHSIwe_X3_2S9Nsdh+jA)-O>HC+%mVz*Cmjox$uxTs3qBlNZr)_-|Xt`AZuf|@; zLs(kpB9RcQ8A32wD#2JU_BceSTw8I*dR>{v8e3+u7Rkv+?KP4xih5m6*4MbZ-hKD% zn)>C~*EQ#==d`b0$bn?rdX#q|i&o^9M>)S~lRIUA!kbSFa6%mm>^S2 zaq_KxDDyKPnrpZt0<5}m%^0%mO|)@xjU>8!zEj(1 zlZ{!ai$?-GxKTpovxOM8Em-oXyEpVIJyklY4e2+A5`N=exkf#oJl#emrg@A->?y73 zC$B>R$6R^)-8qN{(vY#58Qroz7{a!umCc~ZqtFn2T|(fE8RHb!#yps8)qLGu^G=#{ zEEb!z!}Bkedy1oC&-NTCvbzBkQhBG83muuly9}yzE9gF^tryptpI*Uu7loc~A?+}$ z7UBGyf?6u|iocyiqiN5IA9X)>5?Yp86cjxsBY~24ia_Q~OrMGzfy*6}uj4w6wGpM& zxk~<68cyz!PYTV(nO#kF7*<`3l!|dC=B=tR+{(hp=|3Q_^}NCe8mLhBW;I>bJ|vC> zm9xMJK{5E>8Oz-j8CPn33hl{!2X_ru<2P@Hn>7FJ7f|t+88mMHD5cP8N9vtPwru=q z*@9)d?=O#^p+Ui*GbiAp{4I}A+v3>j+M~vfe=}xVbmpv#sOqc@7L`2zCsvoq+Kcoog0Fd-vXSG|?vIjIV4KWl zrqR>pF4eerA7@Oa*_#JR>fCQiyVdaLts` zD6OFL8$;7i{9W_GDrfkLO{!80p@_xSry8D>ZCZV$DT0jsb4Tab^tj)B`)BljQA+yX z9peZ3KON})U+MpU&i{WG+rQRMsQ(Wa`v09r24)rPWLmk*$=I;Hy7gc~+lkhXD+-H( zLnE#~>v{CL$JoSl|AFfJAA6pD?s?tQ^S-C2yQjy^-92aF!fDgEJl=wRySKqkgjond z7$2@@0jWD}*zKZ#FFseD=R80%F4i(Lv^$P(adc4$&+Sksv63FDY|+%tEdsfjn`1i zEOd2~1GP1rn}>x(7@Atk$S)Toy&y@(SX<;vVyvZG19__~Vv+jBmK9Tci)Cr$RTX1` zk&6r&Bu@^zp-oO+CV-#M39m_)Gt%#{OsTuDPA z^7iw|V`#Yx@iN*~o17(|%1MW3a9g=GP7;cv9~}#L*;WwjF4wX%ihKu6P?+aVbSMmQ z^)xg~qR!@K$0>`EKkv&)p`5I_}Q~oP`lL zCm>wsvKx78<}!h51o1Qz_SNtZc&P0vLLzEq zT@K}FJ~B-uwag7ccBVd1jkQ&ZLgJdkmj-yerKONaZ8=$X83-ko@=ecT3YXaA#3!IV zc}~g}`ZJZd^Rh2z>Rq52KC5a0{(l|4a!ufrqb8-w$%RctA*EkO6o^Y#=Lb*JqrN5^ zB5wz1)RB}*_-FArl{GpT-KU-B_wToiL`m4B`{c`+ye?iOIWFb^^2n=kq`B0`QVpa7m5!2(7V67nrxToAa;EjvGzn|&%8`zHCVd?LCw%YM814Viw|_?d zi;61!?i79`|7qs^;{OHpA3^?yKl#6Z7u~;YkZ@7_HSq9-^J5wXbBWS)CV!l?7{XX6f7 z;4;?EdD&!(7vDU;4R;JBgEx=M$jr(hii?vX@VQL;5q5T146+ExOwW!($dC{SF?Et^ znT)y^UR_3MqY`er3}W}L4PqN*R5xzeupXg8Qdd&J?cTIeO(|NJY)ZvlxOh=UihTB} z4w>dflpxNVs!D|B%t1po5h@sTnr!PeLz>!BwFF-}K4`*(MXI*sF3n=8EfMR8)AR50 z5p@nzE&U))imMn6h0(UmuV}79tLnY!N}=!@%}Jad-jVZK_x19rj{8HF8L);=QnyFX zDNBqnkWfqbAZz{i$%^#{rbs;DZ`aH6D|;|YG{QDXH=z0Svyk=!NCt_MTn#4{mAZS@>~ty{OGX)0VJd7a5= ziV=j#Q5~GNVMvB`TXA#V>gbD`Tk8wz8gDGld|*JdZd0s^GFMeuduyJN_8N(CrPSJs zTe1&%VIT>r&Zz^5=C@ZTS5!_ro4GrJq{7W&d6qtG%bmCLOwH7+LuVHxa#mC3d{}%u zEMv>q4u9o9!(0s~^qI>_fimO}b)!%7c+foS>7A&ac~i*&9?BKyGQ{wsPlrufa3{R+ zM5xM)B1g2;1PqEejMs6;_MEepms3F1N=RNpgL^i|h_&~wt7RAqp*Qt)O^XzBJ>M(L z@>ZwQ_`BU)U@z{{lah8=$WMGyqeOTG-6WVwc z+>;6u`Kd8;jw`KLVm-l+zsgEJrd^DJ(;iR!Fz2M2vKqIMT5zz$3S%OjNQy znIem0PYW!NITTo95Sot|bLf~3d5Y81TXRsp$t`bAsz11u8SkiAk$cj@Utw}w`Zt(j!ek&vi`)X8oe)>;|mck6Yr$Os7w_1#;P^EzHqp)vg!iOrYkK4XR=P3 zrlif5xx$BB_R}VPe1{soi-QmsW7Jg2&Z|&qW)F8&+&ZHv;)PzxTv7rzamktT6t^@) zGym_f5u7oNxwiYK@#%|KOHFdp%o_IR%D<*LhKz35WKQ*?61Ydmi` zfJ8uKJW_##epF!fso3H8_7y;Pct20Fizk0_rs>sH<3S*x7#i90saqV4z#tKwFJ83Y zyLaRIb)g0UuKIO#b-jN58pQmcIdkU7ks~1NZ~pxGUS3|H6g!1N5f>Lnqv6cY0{sG> z3vB-vh~ocn(s$y_{SC1@f_4WeE4;DpE2=Guin69!AA#&ls-Ze7hOH^n)_jtdzMl7J3k$^c>lT`N`WGkZdxxx| z5+apk6sO3_=g3oLOPiLDmAi9SE7)W{mT2yr&AD?Di^R#$8$0XjmJt7T)J~p8axET5 z4?=UvHO?v$O8RVQTkxcG3EKpy`1~j~Z`jxfTw_69rkpZ!+KnC3o3;>pR1rb@Z;aIy zTcYZ=qyE~SO=6Pa)%njkr%+-Qs?|z(boW8I>0CDH^pBYPNI9J0G&5732!J*RjPJa#!SaV_Mk{Q)02F zB<*;`ZkkgKjh!VPUarKtiOW))q2Z4l(w&tZ9XA#)Eo*)^J+iu@pqQV5yX53t%`WDH zq+Ts-sk!J$cSeef8#UJ&%$H5Z7(0)3z>;hg{9Q=3QMFENlD%aQBw@!-!esihi!Moy zMPKw_8+<4x5^Zoi54rl*&NRqIN`XgY%xEP{W?=)-c*vl*vpiC^WxZ=^aPA=Az(k&e@BhfqCuTFU^E zn^rLzxpHkN3$4g|osHQ~^QcihlELLGP`C1W_|mcalv(OKrINBM+cG~w7zNMHDb6xu zW$TcestmajXqg+eb|&r|WF^t7Il5fFym-Qvt_*HU9xB4G^MqNIGzuc@MIn;ZY+qr^ z^+uN0;4501i;`q@cfkd6tly-@k_e$QHQAFbQIq+6GCoMDuPl*>UCN0B*esy z=IDt-AW`P0@Ml%fj!XHQTGlnOP%BL#Zkf1QDgNy>&Wq06al6}jazxkrtL-Q*}m?~70>&d0ufD~k`K}ml!h~g=C7$|Ovg3ndn_?{ zwKGK0^h9guBD=;<4C93HUCENmeAgRX$l<&UIYf0nNWS~H$CT~gv=(cRr3jdTg9ba$6XOBkrAhzcLRzI&hd zx6k>Vvrp`OUElfM^#|9wSkHPU%=wIQk9p5A?$I6IKD;z5_;?&qoIp#^?(_dPk@5H7 z|36s&ML<~K5A}b4+5i8k|MH*0@&D?@zwn>$*Z%*Y?4Yc)?48EhK>wht%bTl)KoIB! zKK^$GhA#>V@6yxX?ChMKoP1kdUGI8&e1+lP@Bb{_dmSzKGQ;4kHL$-t{`FMr`R>f= z>-{U}zAEv*!tM9(-ya?x8W|a3V`Kk@&p*fd!~XxK76rcSkiDVv%l1LTIU{wx2n>pt z1K!_X)U7HcK^G3*vJ)c58L()W(NJ&C4(}F1WJ3GQSKzsGp~0U<75YWCzGD)V5a(zQ z0=S8iTtsB#9ba=W!!;oS1_GLE*XS64G(d(N1~@%~2LnCrwe0k?#N?{9?3+xaWY_tS zt*sPfr1hMu$1)zXhjvU) z7n=9MGzhrFO3n}%JaG-X%jL~skC!k!65p&)Mt}jBMMi?dEJbw>!zkBY(M9Yj4;8ms zR+|&CQcAZNEc9q6uI=ZgzLQ+6?ItJrA_4bHaM? zP1qww4YUVPw88UB)YoC4PDEc=XAO&Sd&ACPv^%8UHY9CxEYnd8w5+_akDs}%dDGg@ zqdGiK#_%Z7P+*TX9m=38-`MI*Mq;H~NMY7iTikX>E>rjRbV^^uEBs8r_g4AT(UZf2 z?!MLmc`m{G&B$ab;+laQ0+AkeK*fxEUC%50AS)!GfNx?-_LhB=uvdb+)j; z2-8hMOvUhd6{ZOt4i}+BTtbH-pcpSCAanisdqLNSGs(&S>N!CB)CG=ZW&woIKRtcHPH9XTLIA}2zS&RI zF^!Q=5c0rjcJoqnQ|LfW-+NH(B+WnYYCzi6?b=-dWr)AfW|Zm|_d_QCqsRRK2((wO zX~Li|)wB`8x_Oo3b6wSA0;P@WX0P&X1E85(3W1n6#WuUK47Yn@X(F63fUw=uGCarGPP1 z*9!Oge3-1z4T7Knez#AFDFixcnY{$wB$fk&ri=A`gc;?;^J0R5new^@06(v=9u;nU=*9J~bmG zk~{%WyyiU7P{rjgOa$q(l_AH!ULQw@a`G;_LKFFRz2$|(#MbUC+D4vRL-7JEa)}6) zSewQPZv9_bYVh~q|36s&2Z{V+|EIs;|DXN;{;QDwpZeY}{D%M_fTXMZ|34)E|Ay5+ ze}9$In#<1F10=%zGui(?HMRd&T>SUg|36s&1Ihny#Q#^6AmY#d-~aeW=$HM&0M~x2 z|5>!Zd`@}!oa%Do_T^^6<(KU%k8t%j{N@XOUV{R|?c|v+t`94-cGVrB>LX}db)hGD z6{5Al!_O@LWcL5@>-9f9!rx*4BFKA4W)s-#$LNXsGp3H=l-?bpJst5O90n_j~xa~X+;_zWmF5hy4apT1*0 zpwQi1meiN&QVY9%3pj*JMyRCZRin1pD&2+(KCR0m-r0leRP2b$YYG6g1%D7vYY^@>9x+-@#oJ6N|PGc!Hc}Rn0>3b3b^Y#@oq6V5#YcWQk zrdI(Fx%pYAaksfrGZTEjFvG5q)y%R4{8y~3>2iq^x%wJ~17Q4>l5qwGHEC3I7Immx z1S1?CS`4_R(Vz$=WVMW;gm}%wk#D_ipao8P9Rn>haS}5qldKB|SO(uC^Zj2AJnEIj zU*17WU4JsaPe*8Fn}kaMSCtOnB#zBfCw(rhl|v?2kLo8BEbj%;JU6fR5qLVQ%v}-L zxITvDvjvQAPke7=uN-#ryw5MVl+kP^xuEOe-Tl^KlOkADG%5${GSKj05kyr z%8IN+Jq--3vbBxU(9m~Mwh4TJiy`vu0u106$>Q&Q8^bs-U% zEU^js1%~OxC67wkEMVD6eo64Wg8aIKqOz9Owq%jYNRdW^#`-v414v&_bNk5Xn1^sx zb$8E@0dQbIY$kAceEr3SLUN*rKojG;hTq`sMo%A6cQDy3h9tpFdZQ^jfOY zTnk|)c^ZOEW`pc^>_t6@Kl}7CqJKl!>lyZPNO^sUqBZs<;SW4)%}hB9()i__PjzPe z7+QkBT;-4HN`b66D)0!c9TIRPn(6<ps$Ma0=IBmUt_5;qS>B8uoWsFa_1vOeUi( zj=ACLp82T~MX>2YM%hLoH-3V63Dcd?PXYo3%XwD1`BE_mX`{mI*JVlKZS`C1Pa(&B zIbYb#p5ZW+>y9;P$MUd;^FiLQ1T0VC)Fh(Z#JL% zv+_FAE1Ac=FYJqX{pD5E&D|5syp; z?~4`<^LTwP1&cde^mgffNW${`7~0B;^w@U4h?3M7YFYGYRA>4xQw=S|>C>ea7k4tA zD6cSP*u2fK$uRM+EX%PnI?RJPR%P{MdCvOTtU1x?df(aE%FXwbwJ8QkTyxOr znsk%X;iKu(27xAmT<50H-f8EN#(t7x@%<-jDo*8n$^nV5dX+rC@($rIojas4HywJ+ z=?#er&D-5{I*xGOWE7Op$vb;DVJq(IbLR)`nE)Q@Zs6LSwCh^KjJby-{}4q9{`(D0 z*Vpb#^nK#*Hg2~CinV+Wa`N5TrhOA((Je=D|59F&FhEdpuMli(c%uB`i;q%4Zp%?r zb*}#cfo1i{vi1_ex8rG>xZ`H;j|R2#Mll4PbUspEr0WXjV?JxFQ5yz_C6iU`FMTEH z0v75@aNpG~9TRpfm@!{Gez4?F=kOV^#_RXS-;&|%#3UE8@V;cJE93cS(?YdK2_59e z+!NBQ^Yb#X1osK;cU&|_>d>x|i4mXOZOYN+`z`94d=5v)tGk(O(oeT0@u0gk53tsr_R4#~>P zkWdRsO+Y0jW^QIzh#3N2a25T2qNX#upFDM`v?I?LWlo-tEzfV^9IXQZ*&ea?e*MJk ze3LVxAvqEZfp^E&_w29?D`DVe?t;37G?Z)DY3-k40K`4vn#~+Qsq{(az}G~8OX|=< zxna2vbH#TzhQ+6a>o|?q;I*z|7vedrCWp;3H?FmCr8D(bJN}X|@K@6aBIEysx%ebBY99;^~ zph4@9M(C8;tPrr*trd!P3Hq2fmdUnO!_n(W%)?U`3zN{=Rrft7qv}NH^(3QjD>T~5 z#Uaz*Tg*;Alpq%b>ZVeog%k4-z3=_L2~wMGewdD@-4A+AGQpc*OJef&T_lt#R#BfT z107ACCd&fTz_j4y_hX`L%`4UK`lnccY-41kwJdG~S0LY>R+KsAAP9WG?fi1eYT`D0 z>~nV>8F`Z;pnBR-jqz@u<;A^w;39Kc3)R`e#NfjH+jw4asgGm?D$R@e8GEKB^FP%J zMIErRM-w>_#|mvhZrh1PFZKG%)diRw$tByT%T_2ovKFqf+Cc&+I2R>YdzRmsEtS ze{RC9tPx{|z`ZNp*xUgj*UcFDRJv3kBUqo?t)yTNLye;GXhwe(78L&UgGb6y%|mdbWnrV8oA~uJBTM zybq&PUmSho|J-bHtI{HWe5=`iVuNN37bgfhrhtRHd~0>xbAx6^bW0Ko7mIY3apol%?g?%`!=C1+ zs4wrip5ua0FJ?k%i2Dhl0vGXR$(xdT z5_#n)X3=JeO3YrE>mWy{C+AxorEF5;N#iJFk0L&$?*5kbbkgmR4>j^Sq5|hu^d=Il9A{7K5qU+sK-J2QUG2mblx}d#}L9qdSR~6@SF##U@Lv{ z+1&MW7Mp3X@(2eo`dglbz6wrwB*ViFAT_ZG*@RLF8e}+Z6)Ne$v8%XcFvI}cn+F%h zZ#f+-+1!(<*i9xb8@}gAPna1Q!wV5FiFZ*CBeZn;ptP6f-l8yzJ~F9Xl}5XiFe`^9 z_1wi2WZ7kB2&ONT`h@K39E7M2uCPZki6}6YTG5WclUynX*r;9cx3)sOG0K@Y`3U^V z6F!(xP!|~Oc^1^@2h$`fh4)feX*XTZPIj31l*w*ZPM^Y>c#wOvbV(L#<8LH^BVe>& z9*>eAtawDpc+cN~E0o-n`{n^hK10xFtISClYi20*g~DM`^Z7no$-pxe1m7+%w_+MK zsic$E>;^|!OTGuzqb_lNEiRH(d%8UjGleWgoi=6cq<(`zHpfJpS&?j;&fvo>={wVo z+3_4XVSHidi|msHYbZRuLDvS6+1erd8z`grPm*r++UMT*?UtE_4fI5^-?z2&Cdp z2*L>m=8Ehk&US;c=JsIS8SW*ksej1lRD>^>+)J~Xh=*0Nh2!NbOQ-P5)BQEx|J~Ci z4s&w-jQ6F_uHyYi(|K1FJ-@~KKRw;q4dpcCGAP+i37^>GsuRc0cwb{ZUPF8`dfDlK z>dMn?*88q!>*20v=usO#4BTxGyz+E{olQk3rSf%I9iTHJl-ce6m8Xl1aQOhNHKJ)MR&HjJD#!$}Gf2n=+-k&nX zyCx>5V#%P%J-zZHq$xwQb*W?1n_JtKWU$K7MOG0 z$mszhv8bmbkGg?DYh|aLBTekhS>4|&tvCrvfVYr>_$LR1JNyM2CFwH4oLd^j*I!Dh zF{W@zW3>9Bby+GMc=agD;oKb3kHTy3O+2B$-FBTkRqwL&(jO2yHS+Y|9(boVzM3*cv9V#|B8(<-66E)hg>w$m^>_hfdf6)b zEn=Rup)<5|$Lz{v&?(Uys_(BqPl6N>RD8By$NKjED>MWhdChenUf%S;_zT{MWuPl5 zS(op|UPI?dzric+@_Rd#Y2SJ~2BJfDW7(S+R=-?`05at+{q}%tn=s|QmT=ENd$xO) z`-sF`XTPonWjIz)($;l4LTXcV&jW09B=ZH5*8a_tFQ)g@D$lNI@T!)_JxE0`DMV;) z9w@m>Y)>=e?ojylx#AS3Sy-w|VJmBrd}w+JP}WjX2AcJ=SVigibX!L1l`-xxGvBLC={q`~~!lPJ&t+VZIGE@e>E@t~oel5*$bs{1ZI4QDo+oy7^!M0FV22byX^9{ zuY9wSlB+G>=GeIcT`XDEz90UTH><7cSntVtat`^^4%6e{q$r!Tl!k!Eb_#L4_8x-@ zPS#*vkJ;Y4M7e85o$M{2R=?G@md@gswI8)szpFjWAAOI*JjQwWlwj)HQC9ADj%(`? zFNcQZi}r|>0GnK2q}r1#vNtV3(evDb9Cc%>bvrVF)CWGAMh~;;r_(7cZ;pC##;lu~0Yl-U~U- zW<94OCiqA?3wtx+#D9aM`xKN6fU*?Ahp~g5$@>HeN)z0v=?Xd%)7zxK)@oz>kG&f` zZ4t7sG5;#D{>EvqN-~Q$Ftmhfn@5qu>`(r}~j7c3iDt z1u+&TQUc}B=YmtXDB(vZKwhkmMkWIr_k)8j5$;~H9GisDlbCd|6RPKD=C{Y+^PuN> zSk2cX6fzAm*Eq3E3p8h6S-^;8Vv}O+;TB-}vp(2cW(;L-mYoV>C~Rw65kHs(??NPt zv5|FUdY!^vNj}ClB3xt zfTO1Q?vVo=d#a@9ddh`iR`uOG0#Qw>;1$jErc(=)9_iq>#K{!s0jo$;Ry2sZM`rHK z{DsF3-|d0@-0-L|8;6m6bJdRourn+0)31Fl&$fAzPOKE?pQN`Gek=&pEazY06a?8= zFs$zO-RR+f2;HpCZ1Q43v2#(>!L2S6)|xbcFQ-Qi-$+N|qF5McXmGM)Q*M&0Ro-Ev zn7I8++r@UPNMuD8m^U)>h|;-C<^K8b0sd*}+j&FwH-bEc*GS5V(>U&AtR^bUE2Hs9 zNB70P07I=9z1iaMwA+q|%Pm4dkcFZv1qVe#v!X|aEp+-zM=Dif)#(=W+(FT9!%^hh zW$e0KcfTAlc<`;U~rjxM|TF2o2wV5g>u7C{?O-m>zlwrj*_ zV-A`d3I~WwpJk5CmRSq+cgLGAWu?7cc+*rA_t^dW`O>Y)SfM0m*&|p7(<2q7)^2N7 zXJEK&&DncmoA*21nHD1@ZpilOBzoxWHtE~3u-A=Y!qwJLr23iMmri&zp_OM0O_MuY zz&p8P&Lz;@lMX6e9_Q$5BV&XHn|j>Cn41xW{T@-#e4eePqwP+B#fLQg-IY?Lrb9h7?HAfEB=tSe~h9Tle+siQMOOIz2& z%bP4HF8*pik}RPT!xVZaJVJ*vS{2Hha)r{RWik}$A(`;-NDtd!Qc_s?m5Rudq)JRi zjf-m}XG3EXSxd(iD>p6|tfv0Vsi&?l+Mc=zRy6Tqkx`vXyaQr){7!uHdjxY~PYksn6AhKKE|wbW zB};fH$1w#@urMjh^l&4qwAeK~O){KgBdG_R8okton|Wges2un23yJ$Toe0(Ro)nXH z1EB&uusjuAon8QcNxyi5%WiJ1ZYvWhF8x$W} zC|E@ofvR5PT(NTeT9MaC#cSMW**w0|3KSMLj)H+i72hST0BI!7L@^gx)c5L#?rZkN z@_dHWPvGj%Drty+4jziQk)Uz*UTaaTBn14zIh${3P(?c4T8Xk12yEh|;&^J~@=m5( z2Jhvy1hK`V5TQNoY&fA}JQKcZ#bXp^e|c)g(Ze#{{{`FXlVhq;qpr(uYk^s1c_cL9cLz)7poo(q#cpw|QU zQaY+4&D8ZjtO;ORm@2y*+2s_U_dd@nYD_cQ!=#&hJbI)xQ}vox>ZO_R(*y!3}D1tBi#3(h!Rxa4Zl2b;BV)RJtF<*I=@LYx9W&I#`t zlhzvW&O3H?s%UoCXIK~R=eQ3mq=S+;cQ-xkB?vyPN-CQuY85HuAhY{QQ?mHR{Hdf)*zWw(7OcbB^Y133T&W168w+nEEwaUl1x_Xri z10+qUyLH;(=%0W7xl{4Ma!(BJ#31^#x?A@^ru|3UR3H>G=HSuX{U}V4hx=?pv)j7H z(tJ{(kO>V|G)U@q=0wq8`n*+qm~mO&8Z_f%!1gfA3W+D-LTJRWU9aRb@>c|?n%l59 z^7SxpTxZ6fBGM8}JErKJq50P$(<%`HC*k0*ok|RD`mj9pCE{%$DgKzBj0~CrRwumi z75X4OJ$u#reH<~Q#L~1O>M)RnEYUvE+qdNz4=aXnJAj!A$AOkcSQmOo@_Hte#}djRPdCS)z#QyJMm+;(UDm@WR@ z;;F|o|E3EXerZJCQ$ zSm<0%A6=i`7a1@I3FNtGTrb8}5zWrZE%osKXl}VVsWFws#tHh_QukkucqsouZYftk z6}$K7UygW+*N=V!6Z%%4+N&d;nD8D~B_7&@V(`x`pJQ+N6}e^Pw)nf~YIHCJJ7;Qz z16xC(^W|-)2!gt`2uq?Llke6(P&+vXg@*BYkOh!OhsVWVgGqxiseemurP(BxR#sKl zJg%+FH3Kz)AW(2hsb+f@6!N_Ld3!?tT_6ZJG6a3r`iy!U(hOpE7+6vpU7c%^f-Y|= zjtsBvtiL*V!7x7n##uDMQE?rb+xv7lH~R{2j;0$ALju?xpzp%LA|L0jKmg%^&8_Yw z#AYBM?rS9ESObBb3BkSOXE9#3M#)O9r%tS9kjf6CL3|EogRjQ{$%_gY{=<6pe&?R= zCTCFX{Rkx`Ryn39t4wG)m8#Y>PD^hOj{a?{2hqnYP}9bsZO_ludWJ55kQw8c=Ep#Y z+YXaiba2LtPT!A5Z>ltcU*7K`J=cwN+@0tNB4Pk!EnnXW?;;h1!KppWdozeO{l8xi z+3b;`%9QJB8Rdz5zBs7!Z345_=CQ+;`JnLg##+1Qs~TK>mq;Z6Cx_)rlBw$#g zT<anG z65Op*T@gL`a`Ck-;}RWWZ}aluJiQfz9=l;g;=Ox`wu>nDr;F)WZ&qM0^*?%7&;`9) zZd>;{*Da^!L)h=Hd2qgMTMF)%hLPT5F0%`cBRyd;QX*%eWE9~3LAsVGH!6SE_ZnLz z%f0W65t&x$S=29VLZu7~W5AzFyY1%UY*A>qkIFIfG z-sZyDHeb>GoD+441H!;fl0-BzJ`Mj%5k zJpJ4tY_5DA2`ZDzs7YRZhZxhF`g@ISdHxP9>xa6C`%?V2Z^G|nG8ajGxgkL!Q9Zz^ z0er`Lyp=a`A#8j<@{mVa!5i zB8h@7meD#o<=D~B;T&VBns+t8e4}EgAHPa$i-Qo$;)4da+=7)To2eIwB!~x8@o;t* zZ$KxupX@eGF|YHSQmMGQ3*ozwJZ+}Za_qTt3mJH$g?MZGtpiKph=vRwd7 zk>z@G`sX#(Zm8_E+mf2>9E-1&D1-02H*FISv0M~ZLW!@RQF$%ReA#lLz6jrmjd0gy zPE>T6+crlew%^)w!AF0kbaS2*hl@VAK44s&un}>1+pg+-v6Slce63;1C4eN2XzTME z`=*PKjcBHaB0sz(S1kPoGjQEfeZgOB%5_rMQ3&>gMU$eC_|7kM*OMhFs4^Fw@Mr zLEX(aPOYn;@u_iED=Eco|WV%@Qk1@I(&irI5S12T|JWr>F)iQQ4c?h*rrwX4G^ zHjcH(j_?cy5?kdC35OK5PSOnnuD;Rhc=7mwEx7ysDcK?o4vL8nj%VCfDL0s8wU4Ro za0ZW-6Y1akIPi%gPK@%BY)IJVfrN5u!K29b2m z4PxaAY~gvHS?1frvLs|frIAo(??^3lB+;|^srxBbOd8>f3u2ZYQ--!NwzvF6bRqv= zR9F?_T@=??&6@^(OK6`@ps=YO#{g7u2{(k6Z92XDIB2}nUowJmzExva&;_Y zoRMGP5qUrNQK@2KMP+bgXjyF?TUBF|R8nGn`;(~VuBQUYB^|we&jtp$Q=olg9Yd2{ z*=^%qCBBTc?v&y*WQEtp9DT&y8Fn3;SvW!^jq`B&OunkibP=UUiL z>&$v=xfrT_;Tk(b`0`-nHnn>(3rA%nJZ1@Q&culrU~v%{HIzP z{U==NrrjQ09TKMO_~I^4zWY|<=coKIG%VaT*e~LWI>(K|#3!eCCnlw4W?7{B!2+@i zi&S!hu?vbTD)}Ep!OF_38XB2va$)&RPdeyZTA(4kI1;`6y)YE_W1*PD;6??3aMehohO@`LjnumzB19e>$@ z#xCy?97Yz&!po@34BF+F`(jQ_Nx-^pmJt}lWpo%sxp?_n0xKyG%HF+K(L&rz9r;9h zPc?_s>S!i}%u*(`N)^NMRqGL`XeyLamn_87pzK|y4YWgWFq2hWm{heN> z!%tv?M(caoP(huV`D$IuX9KHE);cxDYo*RAuPFy^*(O92^pF~FwlEV`OG(~$S;zHp z-Wa(3#C?OQ?io@okjF4QI2OeHc~j`ntUpkbPeH}|$TDAoy{?((n@4ssIT`%m^$PZZ zZ1J7yoBT#@7F&aOi~T3GB9kLYZL81Rt2g|7$gzTYzUlYaZ; znS$=Y)XtrPTXQ77@10_*q$VkOT~7Pt6m{QP`d9-BtTg4zw46_+gs#zl+0tLO3H3Xj z_uI4PFyNnL9p3Wbf3QreIw2f69r7g?Q%s4kQUnIES+I~OzAlnBip7x^vSi~`2ZCb7 zCO?kGXQv)mDoLj|Q6;@xuwyn?Zfs;q5tN{@hHGnaCZ*};YogQ5vb(J_OhWD1aICg_ zrm~#;0an?j-xv3@EPD?(a(#oW%3TfjSElnth7Vumdatg$DwL%3-z$m~sI-fX6{*@Q zY31cSEX8bLlb7YPEh4Vxg>$i$0w{oaibGwfI+76LLo z3hW-_wmP<|2EM^E?Duc_k*VGVP^ARflO}ow;6>!-*l^sx#pY6ghoQhLy$_cU1vtrv zP&6c^nx(Z?=QcUy-feEVRhQ#4sNQZ?PaaTEL*0WjC!hKF`A}9d&0ULvo{H4D+p9Yd zMta-2eB$amipG=5hS-|Z*(+%WxXwrM~^?fT8-K_eCdLNDosi4%@=d!@;?X)JDcj_dbP$C z*K%!X;UB}SQB4^T!jiEgo7}G2zL)d9`KF_*mv=maPW(Eg`o(wPdPc`*N?X1*L=NaCtk0HM${H|?X{nL z`tn0_&?Eq>mQ*6>6!N*cj6JSJeP0APCo)FU6Gi?-Cs!e^fF*&pFQ=zzSj|dVd_zn^ zF4Dt{CoFzds_US(tUi@dZ6ER_##SNr;^HZInWS7YnKvo_>(D$q+ilV%q#VRMGa_p^ z+oE4${;DYg9hOTRhrpJ26^r4cyXJS+xs;q2lBCW_9&6MgLRJq?J(o0dWWE$aUN^bP zaz^aMevJ;ZLk$|6HW>1_Xp*!gMkuw8i)+|SL`lY6ociq@%vEStn@)7J952;dj^(R$ zwq7lw=kW&bYU;a}-641kwIb~AcZO5ABknT(+UNh4#PaNFU6X#T>s7SmsCIbJ(|K9Q z8gJnfh*f!IoK+)$@vEcVPbZE1FBYQm+>~nIZh%Cd%6SN1`71~9M3wla?X;3NrcNOt z-pQGV#@4H~8F1bfd(`M!9QzPC58#f`=skB^CIO7Bf1nqiuqU&B>TIJFt{6#_U13E-qfi2+KOhdC;Gacft{2ooTF&a*&&td;L`6L& zd%FZryw!}XmaNSXk6lTW{8=+uP=FQOnPR8d@9>qJK}nmQJFUZ7J)V=Ukkid;G1U7m z2lbYNMq*Ak1;#T|5=^Ce6$PR?ZSUkYdj{o?r<}lEwnXnuA%Oa@A1s6T_5xPIKt??gkcO+I!e&MA-4|h_tu{7E2)YWNTbza)r$Es45i(- zx9+5tt})W(YNVekwslILr_p+&C-4b-GT6VqhCkY5WOW8RX1YHje}iDaplv(L-Cn9v zo^zX-ukm4vrrOpQw%Zz^HSI>@B*&8>LAh^B6jB|8wAtVAtU$SkWSAe|-Mc}S;JEIX zz#ABd_vG`ePwPFhnh$%MirINlv%1%F+^x(TWE9!rub;dhHu^Y8xY2st^0Y&-sioqJ zm7#fL3V298r+9NDWNqoA1cl`KqsGDa6bVwhGvC;iZRvh6`$0dg1Rk|mg1stKEwjk& z*FP9vV~b)p(~R9!xMy|ek@h6!jJUTzi(iwN7FB%W6GOeOQ)GUFBzu^_RopC?TGRv4 zns_ad6*~vjGZNYl@7y}Ub~WYiRVRLJg;g9URb?YBo1H{eOeDkPYfajl+ucJgsKuyl zSCiFHAeVgxi%jGCt~eB+qN|V|B78WEfaMP3^2wDg(C z$b%B^>(SAIiFyu)rI|KWhh4Bz$=>3g{ckk@$b0wx zyVZYy{~-S#$uA`QxB35~NP$25|NT=Qx?lPKU;r5Kj*iA)FkW6> zdU|@w%F3dmqTJlv3=9ku6cksQtS}htswev&|A}Ar1^!hp_H)diI&g@1X7@z9Xo;mT zoYk_L0MEFcM2`Ml($^bp=qA zD)I!?(zvC8AcA7vw-*xwNnmWGB!uJy$~a`iwhzhfFj3MGvS6{tGvSd7#o=L7!Qqq; z30gi59CH>JISm~d3AsI-nw*r3j+P39?M$3OK#apeN=J#03n8Zsh7o()-p>Pn_eJgB)S$8lNF`8HdfE;^70CIb} zg5I(Ujqx!PF*DngzD5pmkgBkm0fl4XgLH_)?0Uwq3522%fUSGNbficWhZ~3Nl~7%v ze0S)TpqB#9H5N0Q_dVm-w6pY5o@PlQ5Sz@foO(q}xcL#TF|Ia>Ie6%uLg-(^+rPv9 zh5o_)Uy*`>f9U`8OaFmil>blr|D);rqu&3rf5ep*!&U$1!{&|`QY-trujnk-%cfrG z^>3cX8C+ak{HFi%^BNSm(zgoq4SA(Li-e)O`v^ld$omcO4~X@&k5xcyS1PTkryisl zPCCyBP~9Y(DiBOnF}^&qbxB5im{TBqJWMYzHdiOD(d>l_9erUWv!S zGhyZjk-lUCvJddVRzy@r7+ezx7Hv)zWgh~AKzju?D{~HSJQ`}dObTWN)$nk4TYgzN znMcZ2Ot;m7XoaZS>=d|5xgSN~@%V}J^j*~r;QVhz?El#(;Xk&20i@7>a|`(I*MDEh zKZ)@FEBzOtKkL8$XBYba=Wc(oe*~Z(05Ai99)W0^!3>RDdQbRGLbR>It=-!-J!gSJ z>tfD3SW2&P?)(55euo$w^Vxktn8gKRI&3hHic4lQs%Ellx;wfi28QM)rnXmKyxMsoIuZ=L`hf9*O~%{a$qQlQ>VZ&})kLUzSzW(U z7eT1FdfIuLBlNB9T|B+6e*9#f0pwTT_}v*H008J01p6OL%%|RlYf`W|r0!_vEDy|Z zNN`YFG*IJogpZX9tO8nvv>h}_ybla0suI@R5;Mpb*&1&+mguF0tLZLNfbKIF8%`Vp zf&m~S(gz-1&X^GY@E}ru5XMInLZQw{M-kUkWVW-yqN+-Pff!RWrl!{>@lFDSAbD{l#MVrlL(JIajen-`WedToi75Al34liT# z*Ps&ohE{{uzVdJnD?fpp*ogFodbKj9$d<^xRl?0!gLYIq$%}32uyG0+Z1gpB;@m?T zQcFBwKwyv=C6~v)*gy!IBM)!?)Qm^Qw5FG+4GB4-S9cexUulS zP-v4{jcRKX5hvL_Zc<`m(muBieDJ^^F&0)e)=eHt8Xo9#)eIDa>n9LFf-2>`VwvSz0tr8i5f7$!-fkv zh(H>`SEcl$`g6oe&o9w8@UFqNB=y+XwUvxRO$Z{Rm~9!!AUOBL{21>NSlQa$_DOei zk`|NjH{(zTm0g!9^2^U=EK!8Gf^Py`Td55nDhc!i4-O5ZnFkbeOhdxCpmTGqD&!&Y zbTvuI`r5RsVN4sWa)OzwrXmD;sSgMb8O#IxJyHsb6u9tRfj}fR@fy=Uj2){VNzCzy z84X~0kGp>&yZMqE;I2V(V|oY^5>t*0^lJaY3IdJ|2g0)@&I{^wsPPxBs!2Z3(`6qn#_t^hGy8o}pmDta}(*OHY|Noz``T)RR z>>vJ<|KA{#JjiZeHcQTway;EUI&PkSySo43`2EF?OBM0O$ z-M#lmZu?mG?8eI8>$e|2pMU@H{OD4k`^V(=;pB&lD~X=(KYq-&$Iliy{xQ(}r%c_S zgZyusf#2~Ae#QG=03Kq)l{5w*lQabC`Ze=mVtkD$cP@Iy~XGPZE6SwqiNmEA3rMto9n2No0$j&dv9 z*})+jH@}GWB{Y$N29uJrm?a{5K6lf@-6G9%n0NOav1E zPp4%elJjQLDx`=)R21t?q_i2EVLKJ<+W2NKp5WgNCXz$ zvJeK#fxt?dKzz8qJXUh|1Q5y!G63VyBd6D4^v#=h<;@j3%JId;6478Fmm2^W1|jb* z#B$iy4~C|Vp7i1|OuL~7u;6AWAP|B;1E9p+;GkQlXLf{w2V8yO^`rqcSC0%a8u)5! zi5Vn3P0X9sWrWxLCP*>@yq zcR9kX?*b7a&^=tbW_=JmRP}Lf7woFj=s(`T{to;X75r}sfd2>lk0A1j?EPE(7x^>( z|Hm)>)d;`vUjQHgSO5UPPym-Cgq4Hqx-nQvmQCUTSXBvISy@EK3ft>0)W(R-&J{n% zOVq^D*f0;*{yt&&FM=fy_R>e$Wc;snA*Kr5v8;n)^g?-VgaUMErG}?}{|q z`XR7?p|ShbG9)Y{yDF=&GP|v>?IaRK$jgy#e-)ioJo|wV|%7uDbkpQs{{L*7v^m{hzQd$;_Q|&pr3_b7m$12CIcb zc&ThA9KfUsV3Hk0oK_+MLWp%gLI+6xuew#TcL$#4=%lHX2}j(0#enLI&qThSO!C@2 zdv+Opn^5_>Fh>pYOd21xani@JAR6wgt@Qurc!bTEx%a<)%jzTNo(KHBEHGEiBPO!EH??v46#<2!ea4NssfhCUo>rgh<>`ue@a1~-ox8omGhy@o0VGJRxWWi|AP z=CL9(R_S~d)f%hKx~qNi3P0kZr34dH!SqFcZP8m@fx_alo|xUNfsH8{>PA&D&nxPP z%8))Mj<6=oU!d>%S0nqF{9ie8`0yPu^;;;SUoO!!>&fO%h11;H;+*qx{#0~k2kA1=ZcHlVW>gF@>@hNiy9$}d2Q*^PIv8;|Q_Wz?G+r_Lj4rRNt)^icn^q_eb=1yG0{nFi40TZVx1UGss zuEg=tDz&-Z9u?=g&6EIF%b6~%$U+}l2AA5Z;$HkV=y6$t zIWPH!>#HTomZ2Nu{;Hhrl0%lO8Nac@TeZb@M}WTP1s830h1UvvTtGvFJg4lH+tJr! zjyXV$x0UDLI)B*ZMA;lP zzx0UEyv+qgKd^IC+R~Oll>_QlWml8+6dG3+x-1~okJe38xyfHTE!Fjm|43CD7= zyy#QRZ3AEZnk9`F^h!OiE53=bYMynhCU1aa@Wfp$g|qYbTu^aWP0tgM-{K6H7ZQO1eN1=wvWfWZYiPP--T?1l z0Oi_^5%_OwR8E|G8s?I}$29iPhw>~q{g3me0mI&2DUUdWqm&N*5=UP1CQHuXSmX3R zyu>+M6bVv;Y>Yt8Rtx+>@_Xw}nlg`mo_=a@-06qz5PCysV7>7Y&AOKxzggwwtb;Be zMKf9g-UOJ0EasL{TqWR6c^@PD~IFFKw~-shx_*3wQ; zvnIH>224^@cP67_4|!j@a+QnMMn_zs9w$FY8HN56 zt$q$I$Ji5=5L)4hl@C-@wfv-x@`2=)m2YI3jUH#AX*XzQXpMgzM&b40wws}Zxbq5X z7&khs=$hovKjFtqoLLh|1atbJR5C`RX&9&FZrT4b+b2Z`$RRhb!_}ey5^- zNVc+O;G&8X!iI-xx%Vj*tqsd*7$vy1vDpsJ8KP|yuNPO33Lds)YZ<1(xsI-?SzYRS zXyCcu>QTS9?DJo~MDtFydTq52^%X`*NYh%P0((Ex(53h`PhEQzt#NVOxTT{G{#l?n ziX0K${Q8y(7Gvhz>U%F{qe^iQBP;9O;>_F}mBOrP8plvx)2(7E>WT8IwYg2CH)Uk7 zX3wm9st(B&*;tfARh{Fmr6%?H%QlzRW0fC_U8Cj@QnN6eocG_7IR8%w=YL?1{`EhZ z;P~%-{}0jt(mnnsI{oVZ{15EDEdIwqIPv?xstQi5m|tO|_Glbs8!z_BrE{PW6rdsL z+mx5+ZDgz`Mn9T*$Ji848>ClRGo;pFVz?JXm>YM((qzFe0sW6`+)tY1N93RK@0EWd zfzpfoJO1+je$p0y7fdJruMKKA-0t~^@>#)lg%Qx)CCb2zJCSr+Z*gu@1aoX7IY14rFc<px9ru;GBbG4c8GnrO_@vNE6IAr@vk(^8^>&a#&u7d{XZr?Frkd_g6vxc?H z7OhE{b9A;()zunoZJ?*UkUi30u~4Hf#83%$E=)tiqo#hYR_H=??RjIgmn_3%o@^ci zI-f?M-~ayMeU_=wU?tTd2B%D*8rK02{qU-TT`glyfu{u*Dur)cHfD{lLM+}bAtq~e z9$rh)*lu~_`P*`Gh6DDyY9>4|mG`^%XH0aKx}U11(I@wcu=%I+vFe7wTGtehV+HxD z&SVoR>d5NB`s&YWl*>`rqCdWhpq-}_Aidq=K4b@mjIA=#oFnIrdVY1~)IW;WX=eu* zW1kTeTbmti&9NG1zRfHhy8xQZsPxPl`>Z}k^c)-WsiNgl2_}18)wl}dtOB&YccHxP zpPN(_G<32O%VAXh46Jjj$tR6R!&L|2=kr&aP)Lyup-_z%ea+j4)vqmMFHFtA{R;lS zD^dTuPX2)Yrx5?W`k&xP=yCtgum1o45F2&qf6)K+;pMaI*vp(-@SYH^5x6+INlTcQT%A7^c_!>y|H85MqMG4 ziQJ-cv8Xj}wK=#^Q<6r#S+&1{;H-Bp&{Mu{jGo~fwcExm@7?j)Ii`8e@D%$TGOX?< zJPIDI#Eo~ZEv&aHjbu+0G}pZujK!)b;4QV4RVShetf{bZiE*GZ1~*^H4y9;@FBzvY zSq0C;iHw;ET**TLs|_qXxrLNWG=`apGB!;5%Dj7T*Co8_rYpu(P(}U&Y zy@M~EeA1{Aqc-X&N6l|Mt=G6-DYz2Le!hkUfszf=Q2F4JU|L_4lZK|A~FBY$W#$wRk@>l~5 zx)84bbkMhN-+&HkZEbz{@F9p$mn~a{!GN1}JMxO2@@;kHeCMWDqGPwWe&p+=?`4oq z4%NfEE10LWR9FvJs$N^46@|)ac}w_R&@kxXo=J0^tJ_FL z8#7&fT}w2|+E~xf3WZU@X`#>sVNTBS1I!I4*{Wh_hWe$(Lx;n>IVL!5Tlv+gWL2-))k&(_;Ry#mf`C(=C93y z^eLNB6&mn~(F1ix%~YpqF%?##p$DO3j~1xtlb>ydw;M0W*E9&N`IH?ehgYvkw{CRK zDILo@Zned1H^4(g2^Q1>q41f<&cmY? z!WKIV37UqkQv=6j*R4MLb^M&b6JBzIbhJ}GsAjz;m7syCI!9QE-U)xsA$8MnvzWUv^rzH?DZ@p1`mt(A!5ZHFNMe z#~>eN(kJz-iGxMzIf|PGtZhb#H~hDJ>XRX9h7FtNv-N`6x>);b_pob02(^hH9G)Eb?=U8{wztus~m4F9yD^ z6}8uEh{o0}rE}~o_U_BUeX>d!@1Pb;I3Z`GPC2Wps=gy@ZAtOFn%0sB?cvFpd;5 zt8!$BnfaUxtfq06I;Z5;G;mzYa9I)h>dJbCW7Z#44<3H_l&J}Qd!5SdT?@Ph;=?C5 zzfXth^gpaj-##{T8a>*H#lj34r*EjNL<~pav~#p^iW-Wa-r{8yI0qUJX|K?0ATfprNF~J!U|(Z^EL2N*zAMSwOSH z6S*sHlxF)Vs8x8cqt!vC21R@QqwBI-aB~dL8jru~eZxW9#YCt$(Q z8s8heH&yQ%l(cqxVU^ZcVX*mR?Spd%{a$Mpz5S?Pi4jNBNCW*VG2Dlc{TCmW`2T5X zc2tgtn#vZ6sCIN-lKoG`m;jz2;p7Nmt z=mS^^Sh4_yp+qLPj}el?R7Mhb2*Lk%KYi@KPgMBN!EE2ze?P8B zz-9{nITro&e-a2i`adb)l3)4Xe@^-SA=tCI3}(7rf+&e&PqZW2N2D;}5h)xPc7aI* zSCWIPqa*l0AlcjFeeDHIp*{G)_Yd~hi2o%N_>TOCG5I_pTf`G&{KK{MEB_$a>w5nm z#nJKC{eSOXe5J%>l9a_kd$Nlbfss?a`|O3M(ixuOL7aJGnP51bt_z*ird>4ikw4UArlWUozhhKm9K|-G}^lc!fVQpq2QrC7>TdrDAU*I) z{(l1P`vU=bQ-SO6;g-OpGCc5Z#s;$F+O`xLF?zf<*~TIEg0|fk8=p0W*Qg6|z&AuuuY< zna*c|P?bw(!aS~c>{uqv*u(?IyLFl@k(rUk6EK9GW|CZQBZb2h%09tNZakaIw1F9H z0h5lnz#Sh!NNfYssUl{)_^|Yo_-F!?!?%HxQaBZId!;DZh_8Sp$7I;Cx$&}(OaZu@%1EVxwKLkU zk&;D%j`T}>3LvEHGFZe$(2|}K@pv4e3D{hrCD&Pu)&#h9)~Az6)+jd zu>>A4RMJDH1Q+@=yd8}$!9g+&04SNY50t|d zgi@WrciMEK7)~;+(`oSqy~1IMI-?-DR4Du&>|uN=g8@XrRf4Zj*mWME&_{NFKp=yO z(_|Yj-U{&nB2hX-vO7I+=e2Vii$VZb@C5Bwn1Uk`UX!q%1Y?ni(`gwbF)!N*nY}Y< znnVm}JPu=+l!B6Jzy+jEU?g&4#}^4ZA0z-??{XDiAX^}i4JmG&rU2**X@X7=q{z`a z9U_8N3=>nK>xGOigT%sY7ta&%+6gSC4sxW+-kK8VfNFSPH{3uV2~-PEF-c5dG!jH2 zzAZC3g`MgyV6s3~DWP5YlL-VcT563Dr32IA#mjUT?-7hho4biA*iy2Oj|mL8IkD5% zROxpY7Yc<=H-V|*??8P3J&foWiRN)9z#<-Bas+&qo=amhLJHW=5`ce*ne7ik`!!wQ zQQB#N5CEi2DL^>`m;fFFP6ca?=emQ1$uJ{1n0uP=^jRmGQHa?cai|5(JvsormutWz6EG44@ zsbk%seB|C?w-b;BFx`nHI92kA0ydQj{z+EPKsE*-O9$qjDUjjoKnD1_QSlOV5gv(+ zjioZ|7`zlfZ#sufPqgDQMfQ_ZlKA3;1wUR)M>}e&xMsyl;c#eFE|)17CY<8#Kygk7 zA`14!o$TyHBsh~@D8o(g(hZeLj*E*+cY;tEu}CsR3R^~p4%o56DX|jRu>f{#J8TJ! zq?Dl$q>BP0!CC=n7{GLi*g|F!Sh9?2L|BTAgnL}UcOHk$fK4T6bs?CP+enUpMiyL} zkUvaHOnZc>?8Srt%EsC>XPomrd&{5uX+D0COm zygb4?oKGnOCP>8PyGxO9rvUL%`dW+=l|&*F7!*eqmFDQ&c`%439YH-b5KB3KwRjS8Z(U-arsFSu9vq;w*iUlNtgfi0*>{9$ke63G1* z5K!!pbkYK{RY(n&OkGP&JO>1N-P%tCz@QNw?4<*QK=1H@3)O9qkk6!pkW-XlCuGov zbKObKE@WVmB+Qm3A`&~&6!V2JU_lWKS~yZbqz&8|5e&j%s?Zpr79Li?_pqsWnNj^$ zy*07F*U4!4`}_C+lPNJj0$v($i~!D3Pe^QQWSXDG6Nz|9GPj6=nEXDRHfIXmg+y@y zKB%KJqmva%5rP^Hi$@o5I~yaSgUqlJfst)lCvluBKOUMjM{&ew8g}@<9;e)VZxNHj%*dA^)k8p4Xj^u-_q5(vx9@49) zN`Z8EogvI58c2xr0Lunc=mu5{Gl<&@xX#W*5&($!s68&1%mn+0{nzgS>6^u=AXZ6b zf}N##gk-?&i|DpU@h(XSFZ1z`ed}_hD}xdp2{QlkyU|Eb&Xn#R690&|8Hp++yNu)z zJftEbrM?@j{am029;DmgP>{=lCH|IV5eS|Dgv`^D#BVajcX5%rK%E3nyehC7ag@{! z9+?^uM%k)+obEaULeQ?L$}pCx9cducK7mIFl`ZB3H^Av&CWOoSo=u9j6lgE7g9+_c zjhpHL9Di|c4q*}mzIYCNR|LDzG6cyUij#+(iHTs=^`hQpCbp|TFmn*{0$+(W_`$1* zGRXs1hlG;ty;2x#9)dVtjCB{;?RENg*Bbzc0{XS%V#%_*KrJcIMRpB){6e0w8o!e(ey4cHxxT43~DH8KXOa_> zNOS3k&p=)SB;&hSMKW1t!GP*Sg7r=X2#H@cj+Y{UWxE4{UP(^Fv0cxK&61eKzZZea zlxpYLuS3ToO1I0}K&r-5;&_E_g{rzpnPi*m!WR6((wv!n_wo8u3xkvI5 z;Z1S6u}kVul6(XgGi1KFWYyv$y?E;Q&L+15nXU{0j{gH>5L~2cgy`IX6-}0mlBDQB z?$*R(Y@k=fkZ{;%^ypxC^e8wY&<`H#=j|%t0+~T>cij5+xdiq?I?>*qYR??b6ePQg zi`*7WD&3uL0V-DR4o+f0=_DINgn)h0V1Fi6lmaBjn<-)30Hl_NFqGI^0JH)DLmMn83l4%}+;2=UKso|D+?ClfS)8pB;G&a{hIfW_67!C@% zEKm>-S^zTuN|4~Sf9WEN2mz=la)2Pa^SBm5I{1I534B2J4lfCm7=d0Ci2&P+Raalr zNf`slA9q_2iv?W#PH_FjB~92LyqFN=r`aH+=%ng+ES8w_5Ra~%rZT^l4g#dx=HzhFO~2zZoNh@X2RDEW^LjR*qL6y+5h>E|9D z4NK1Z`Fc>f86aHd#-|`2eb-@3t_LtZ9JVl_>+vZGAmN3SxS3s#(}f;BQ<(H_qZw2W zUn;i;5H82VH$~KaFjM5=2X>jurgFQ&X0bi|+1#FBSOO1!0cZy3J}J{9fGJ4o4u#3_ z2oNxtiCtkQFah(@1kAKd=WS-5T(SY^uS8M^9bVs>h%C6Nbv|u5ej=8X9_*S!SZ^{Ax!lMPXo;nU~YQ} z%gNk)w@&Ta3C_M1ctLC#lfM&&y!ry+0Qd^bnYlDkU*p) zcJ(BIM|%O!M0^~nO_@+>!X!3>!2vOPXXV~5o#LD($RkOFv#ZrIB{Gp;6Au-<3f?ar zBa@Ei(_&n>VO|FRRhU=4r$lJ(vdta(0+)j>sygY z?I03IbkcPFIt}gR(~e}5wE9H`6~a#T5GewK8mKI721=hD>E-V`0ZvY`+#(mmeBF!z z@H@MeNJ#{ev$#kKZiFDmB6*uwz&w)M<-}!DHo|yZ0I5@<6x=l-^KVGNipvVb2-hKj zrX*$%?+oHS0B5MLMY_0jt+f5#{Hpz?ljHkWR*Q9v$QHk*Hh5A4N9n)twcUZaEUBS2;g z9t$E-;8pp8N&oI_&V=r>5h(=OY(YW+l?iMb9KvJ*A6`IZQAIXzDDdx@a0Hc;2u@Hl z;4r2z1?g6lEwhtj*REv0uRNSV2q7l0a5(VK;+gIVGRcREF%Uqa$cd2o_HcgM361=kNH{(U035c=CdAwnJ#4=)(pv&lzf+Sks<4hBfTW<-JwSQ2PiMLaH9 z7P{Ra|EM)_A@+kpJM+tweh&eVL`&bbc0Jj@vkLq{0VR@wnh@(_`yL`{!Q*l=5KR~k z(#%XyR+2>Y;mmY6n9ULg^G`lq|5xfRVwz)0os0QHH%_E`P~k8<4?3j=~Y3 z{kMI_zpnv_WbzLXSdxAii&*2nSwU(eWhs+?kWUgDR**Cj$IOnPqg?=t17jla(1i(9 z256~9dJx@By7Yb_4p?7ix@U!|v+;IBQg2d_ottV&NSB~gyxPM9p!{WIX3#vqc8EZ7 z0cZ$m4hzZa$u=G&w&_A9(y14Qm}Lff6GF2gpo|O%GfUnt+iAAdmzOrlw`|0T1a|6Gy6u*_ZLTECQ0{$$Be{NYh5L zDpUI~}c0#R_PfK6cw5*^2HVhpa1;%wjk&sZK6VR7Xc*r|>q3#sU$v#0?h* zvffl0lLMGam>}!aBz3OLcZxrd=(at$l@&9{V%N3H?o05Jv8|Bi(H;WI(qCO!0_+fy zv`07+VQx_N6vwu`F)k<`1T*6Scgr$_z3w*=B=o_YsZ8J}_5y_nCJV_36#$cs$gxG>Mw{NpAl!hw+EaYm z&dyG3#sPi5hdafwlLi%Ywd8^>h*AKzdZ%Pa*B1_SUatrs-Pk@zQV1zu19t7c2nt}b z5YQqopl8rIe+x@QKOk+Gpg4ylix7SUo6rlUh(rW}oDyiH>z$CGK>&yY$Y}#drB@`0 zh|%D&L^23JNJk>rpa38_V%qnK9Uu@GL<7cByow$a0>x;cxj}1vD2JNS=ODl~?Y#v* ziXPZOB*q1WNl8K1pDjXe$NDZU!FKuZKsvX*BH9yQurDDXlL_=(@8m|zC-5v&#EK4? z9+?o}3|K=f^xdMseGTx7xRF2%tjD?? z!Mek#9I7Bgx}F~qH4@m|U^a-01TskikvOQU1GD(OZ6JYFb?Iy9feliL4opEZ(|zg& zq%s`FWHFJdfOw~VkZ(v}p-5C9){Ec667(G+P95TU_exd735JMnsaymHCL>RTde@8fXOi8@o&a3zfQj5=jGX z(2{_S1m9|(6OU9bNx$sz*|lTGwpE&%KzsT}r- zFXE5`1l2gLd!_gMBVH4b2F zd;#wRSFUdz=m53|2r_VRI|ltIqJTL&=L-5n6)>q6XzM~~(JQr_z={zA?akvQ_CCS^ z&~xnAu`n{7c*KvQh-f-KsECO#>I*?fFuy-|SO$&Shil*nD2b#5WiCWVRMuVMD9D67 zI$aXm{2-Q&U=PNE78fb_5RirtYv#W2r2uUuzO94Xmp(!oA%eIdYb*0OdWa^H{|Zk6 z3vTa=Lbe7VEVFI0W?}HXlVc3}juDsl$6|A2WDn;U+@%bvitX`r*TA~7hv_eNOxtf% z_Y&X9E4ewGC*UwZ!R>_Nex$DP6F3d{s3TJ8m=o!BLxNvP{aU=Y-7h5r$U(qc z>5i`CQm~#Nfw(%|Z8hT4U@MUdb+2%N?12WV1aOzKETP$bW(NQq6nZ5swB1i4A`XhZ zk_?ayxF5fhXYEe_dNp!nZx{h_MQWMIDZoTrp;Q6zPzBPA0U(1UVbO&W0081(`cMTz zg!OvT5gCA}rqR*ip`*hh!tH!Uhx9%Q@D@@O>KhE$M{y#r?-77eBEvyiruPy4h@D{4 z*y+8T?j%tuG&TbnVb5T)s30J;qYC-Mh3+Y7Gzxf2AOMl#Eg66;L$=Rgn}9k1*+zGu zju8FQp4&#!S>TBU(#Ce_-KH`x8-%gaTTKxm5PM1;S+#FU1Q4$OAr>7SR9x3cIjNFyeuC z>-|J#fv0vIhWN4(pixE$^H`vdQ!Iqt#`q)tNoN@ZNtjf`t3i57=s=Hv@U$mnf5eZH zC49O;3`YEX5N?S;-xQo8wzl0zAP#Q?()BbNWbno00rsIA>Og^Z>l5v{J|te~=vEyo z>sIYLP|A}%Ti*b40_Bnsi`-sgKN*Bu;{S=CpJ>t^esx3LAMvDmZ+q=FG8hRIykMV@ zfFRgMGLvkj-T2x9)D$v?A&+JxbZX_5USrpB$U?x39|k(uK+Y6=0)YSsf*7Dk1oGjC z6%tp7fE^cz;2@!-I=}|^I*Sh@&s^!yNC;!YAg|DIt(ZZ&3K8O|wF^-^88Kp)S40ukZ==<|OmM2BC`|NWW! z+!w6x?0@^CA^N%9yf4u0$G`vlFQCD|!#=w_{}bF+r{Qnzw;(rG8kI276|3%2}BHy3yBY7{9oJ1oaV^Pi=A^vsIy;jGw9dZlmg0l98#^XdS^lH#5aw%H?P6>ED6#L-PLv@$UEL>`(q3 z9lO2%gXBQ`W&giN(Vuq?k$)$uIiw5igdp%n)o0+p<{LL|-)ybRYTX@GbLdQ41#W58 z{S@`MrMfk%j~1#M{Q(-AS00|N_x!DaXEKzHhK+n?83yfO1fnml3+y^nla2XFHHI&BKHmVcUKS2|)tE#1;zH_C4}6;=+-LDkn) z>6GR@SletgbK4arRXgh(ah4IrWj_`-dRh)qK^}w3nVzL8XNgI6nyEWmB_ShSX?~Gu ziNe%eCHZCL(2D43>r01Xm#ZyfC`?(Ii(U&cR!t+KD|2e_tEz3~MRT?+F)LesL~dCL zD`9ee)e-Eng$f6!HQ3&QZtPs3wBxo)+UaZ$mCd>v@h{gYw?Zj*Hk~~4yYeH`=9|Tt z2@#qJs)Gr``IP0!M_ZSukD0Ewe5CnVgCe3<1>fpHOPfXtQrtl6jwL1i9n1!wBXsjo0r#N*SpLvpIjWw@Ldeb;_ z%rkDjSX)}Y0sE>cPBG|YHS?hIH)d_+DgwK5H|BH%?JjkgnTGf7kJ-i%;}wLf^@b=<5`SAQ=$o$B(uV2Qtwzn>_~dHly^%|fmhYpSKVkjsBD(S~ z+UiG`J0Z5N9IZvs`^qgam4h}ZjmV$)*OiPv5(BSiYp(hFxb3%n=7Xo@SH^ zo%olLo;GKLTqG`R=;!xAicLu-!S2sD&r?w`?f?+QoVAbm}-$;Svu@=p0|C%`p?-sg{U&U<*A{88&-HmKWt9V zv{=6=HwAqrd@QY&ZN941Jj`@D-TKzt${Wt(pT#rHK48`rjd#tiyudzVRTe#;5>vTx z7T&wuO6NIiop;Ux@D}a-->hd0{nl7vQ!-+|iCs-kkD7N1

    l3kuTT`hnsEAJXjd9)d88+fw1B`3~i$i6z-x}_G(Dk^!$?iZ+) z)3Hkod>p^NIFVpAZQcS%_0syYCeEbFZ3>G2V;15^^nX9kI_y^o^`rlL%l{CG#9#Wq zU&8)`0Y94m(aw97S$v-IVcFX@bkinr}{$JlD{b^?; z@~;YVI<3I}JBPS{lKijqZN11D2yK*CvQfYM((>#}m(FZG^ohT8+C_ya48`S5l{vPN z|6{i6rxD@*FrXii|Nft`@O=XIC;vd&yU9P8wQlT_J5~jXXqVwUNnX zKm~wLWY#${`5f{Yf+YE0c}e~k8S9C;n^1iPi39J_R;!0i(Wq#iX7V|s;^sP56*op* z`GjdEf9sp6Z+Q7-CKyW{m$j9G(;Rtb$t};tUW>-B(;k_5ch%x^4dUwX=c=<1Jm~mBBuvW8+zziOjOXMnS}iC!YMQM9!k!R z%d1Pz*a8zW@7}v}zvUs?pwhd*X!eU2bBXg*Z*6-&l2ood;Panf7)t+#a?w8`|NTEp z@B7TykNlGe4n68W;`;xu{LlC4`ZLZ-o#ZiSt0nSda(OljMP3kZ&M)pwcnQX5;kYs<+xWEN%_06(x=4l`VMos?9dq zzO)=waw_D)JOhhWp(l1wEnU_|S6&$Nn0e$Bi$2TUa4RME^G$Q&Eq@z`AFYR_pt5Q- zn%oKgNtlEn;S2>~My7t@;9R+3`2`|;5frCfJb0LQS^1JOrSj#(WREm#HFn0@MG9CU zIvqcG6Sfw=bIY!smI^zS(VNgdb;7+Tj#eKxCUQNe2(Qf9nzFrVanlv7`}U~~vrto- zOSg_;h&^o_W zS6yi)34+mnVJME>-rp52=#54tYz-w3U3F%KN|v$mtPew6a=tdgyRgAm*QW>P)ospD zeR^W`;u~Wydo(Yeii*YDxp`uQR#45;zXJ0=DUY8uGLt{?%m*D)((&OV@hSmh-$d=1 zaiwM1%pq?rzV`sh&e zrtIiZH569Xmf|b8VWYAk#hTwo_zoH{r+DO{PlJkm$F6T0^n21)QBIOiy2agGhn=U+ zEHFHcBTnT+>~%bqxN721ZrgP?omDBrVnX$dhgQbXPEA%>-x^p zOn07d*qBnEQBRBU)n-jqhV8fTfIQRV+) z)w#FSYID^=c-?J9W`(D>1+jgWR6aMVstzzJS{_}rsw~MxWjzhYG7`3ZR2k%4jh`2nZ!I0 zHge0Pztq3l4n8m_xg~%dNMQPn=66Y};PoBRFt;_gVDx zdzaoDjQKDJ@0F)=#jRx0j)l9npRAuhM9ALp`5d_nx2xjheEj~S7f3@+esK_9@jRsO zICUi_@rpaV`0mv!@Hnqy;G7e6c3ysA;=+SiO}LBwN5%sCZ@KeME8&bwIVQF4oUkdv zvN*JLsb!Wt=Y@VAd=b=q)3?4Uc+ut=JLj7IHQeUA=Z8F#Th&RF znYPY=h07NW(p$QEwT1P%5^U8*zsUJpas)23qtRZaBa$O>tBPkI@*>PF8IM)>IR@oz zO+DaRwWBDGU4jxGz81EVoN!cKE?-Sf;mp~i)21IuZL)oG{nd+owdnhK^|!ZY=Eq%%PB0yXnsxS0WbXC+wiO3T8eX5v_t5bIWV_yOZen`yoCr z$La%dRYQ+Tt{4dD%j14_aYDa)Y3L z?MOrJjORD=T_e0U?W?K3+0gRagPwK)+opc%^W+tu_NDHRk2_^}A%8_e_137z2V3Eb zfk|4p)o;+oU+XIPfj0Ujr_40hu^mQ~%vm2dRODL$t&JO>ab#oFI_>h)lQFkdHhlR! z<;>oxqekbv`E>B!?aOtBEcRp<$6*D$l%iR){e}!sfMdpJtEoiDVN`H~2A7&Gu&xN! znKErgRyHmt-=%P-x0{zUdrnc-F7IO1QqzghfMpRXn26<3}bGI z{IZGi1V1LfBJS*d1vzECtbI19L(_GM=%(bk^dLyZ`>#0oszDZ7nWJ1k53{($dy-rqGUrg#pr*HEC1C;FGau0rDlN2Xr$ ztjex;bu=S1qGlb}jd!ygRJ;8-U8t8Z?|38pt|UkfALu+Wv|+)kszdZAc3wNO8W)&N zFdAo6XIJfMc_yATT$%Q$jf*|@$D$yoH^xLy{Wfo7wgTjQcgz5YHQ!uMGZ)Qg4T_Un zJOpAH+gfHvcw*NVxNXgkyKQfvOg>7mf99je-S^lchI8 zCk%sLJ&jgZs12z18f(Rf^wzX43XOVfb!=eH82`ZH+^1gaLUW?ft&L{Z6UPP(^W1%H zS~lW$Ip+1y*@=m zXcj1hRjxJCgO-f*k7VcGHqI(r@0FgATej7Uv}W0~XSH+8Z)!Y-Rveb&N6byXmteZe z?qE$24$qHNF)(uR^UaiVTU5GT9}TUF97DY|vCaE}<_*UBu&99s@{0Lo%xQP5!|`FC ztd1`i@(=DP^O@tC(Y(He$fhod7<0>PJ+xz}=M?m+ zjx&`{g}q|Pug-G#O2*)8&9|%lcE}qVqg4@pb&Z8$9Gq?0X0j_n@68IQsUK)o zSvvN{3qM?+InwtJ2e!lEg+sSvmu^!ZIOt4E^Em#}xcN`ik~}`EEy}$>ecY@vDoH)8 z^0$-+lNVQAH~L2S`u?KE9_oQtzDxH6F1_-b>NfAg7w1h;<>Iv$mVL2s( zapzW+LtZmJMLX?XWrkgU`^bU7wBne5M=Tx|e~DauZk;>YGJ&L^98ln`n}_@56nxKI`~>?ieMWBIv-D^GNg&wk z9{)N0>i_SXpg-|U7yEC58@NAa$+s`x${>>_krg0;e~qTKY&YwGG7 z{3hwm5Wo|BLQ#cVsY6S`v>Z8&Ry?xY@chG@L`Pd5ti7Ul!djSd);DKdwyj+$_v#X> z$qu(Yjq;mUJ@|Nb@}1S$aWPfw2+J(5YqmwpjI|f94$9}}4%9QBe0S->mbogy&)U4- z{noT`Fi{`7qbX1kZ4Tv5JG?LuCof;>>Tjd&15=IGE`utMx1OR0+c^y4l^)EQykal( zY0{voG0l(N0|=i3t+F9hg=Ze0SoYf!&v~o%*qyl}C(zx%3kgAQqVBqNc7%OVm1hGJ zLp%~dlA{cZdoyo~lVC5AYI7_CHEOQehoQ7H+0l0DTleX}R*cbK4*IF4rPQgS?APi{ zB0nOIp$x@T;R*`=2zAi&`z`pgURHFr*|fXA9YWc*EYMmTD`_CJ)#$gch#* zV&sRl|9%sn|F#>39DqF_YMg*O9FCFXkWe!n~8(baNdVfNN1EcrUBF=dp=u16Sj z+t??TLq-~0zI##&t;jmLFy^7Bd7YBwYV0I51sgfZaOWbFX9094d~BLcg~NnMDBa;c zq(ewpHO->++I4^XKP&H1Uf1r`lPf+Jeg=EFeoTnr^=$d;PA$#vZxrsfv7!$2Wqf)x zk{98aH4785W>%g8M0mW&VRLl$YywIC?wEw6MiVvnab9)B+~qePCO;0;cvQOk&GP&|Iw zy7d-=hB{~rD>xWObG>mg_e|)5uMRxD3Rl*~>I+&{df2wz_uKIRx~*pWj-9o;cJJA{Z~uXV zhc;-c*Ebwh*F1dk)GR!7?)-)G7)6cKO;@L#y?FD2+?8wh?kC^4^$=2Se)=ro!J}J> z&)>98dI72XYOCUIslNUCE#m!$Ilg+WHjvy5oR&3eW}bIeJYIXm^5|^i`SKUBp?98L zG|@y|oRe%=cHyB0=HegoVm_a*oR^_7?o8#A9k_F4&LvmP1mq2)=S&<{sGY9Uy5Z7z zuc4u*EZ$XJi4Jw6tche`IV~hO_R>=-}T~p4gKuOkORA4-QHV-MIjp`Hwc0u8v>*OX+Z=^wEAjGVHjCjH~AO1=FF*0eL`gZHq1PnpB1R7!XKcGu6h zL|qXL36la7q61X%oJj86NY$dkf&fecenwHIzhbid{OIMdW^x3&Y+-R&>Us#J9I)13 z1+^7QEX^y@#_dtuUlOLRyd-(uq6PjMxZM-+JI`pIh>SlCE3Yn6rLS$2Q!m;Qx$=5r zl!_m$y=&sbsKBRtA~5xD-$$VQ)@tJ~tj9F@VJ_9x9hoYxZ#iKvH&D;UODvLdi;)Eu zg9SQ@7uW_Ch_ePUf$`g_Jm1pBKrPR8CKb`Xi)P(H<8RRGM@Hq%#S7AuJaSJkcn|N) z+_vcz+3j$CoblAOhzx4x)Ckn*01Z@jz@)tBfsd(CwAq6 zin!`Y8|H;>iCi`T&8Uqj;cQ$em$Fc0!M1~iaqOwAhW+WsrY4PNj9oS1D0fG$|GEhn z|1--ETsyS%7PRK>*0VQSjt6MYMQPHW`R_%q+`G4Gw%n|zP4A{%aL#HveWlhqusD*a zke{=~7Jt?8EYl2Kh5{baCYr__UugRS?a&Ii-k&8m+&fv}x2S^)U#R<^4zL=dv2@B4 z@Y^obom9=wkFh5qb;SB(nctC5>QH4OsO&;8-a5?wFBkMyg91I zGoiQ#fuRboazeAl#$~lj4Q@g2Vnb1vafYGdY}!- zqynhg7`#d&cI`%y-o_g?r=Fb}p@*}~F}_6G#xfs2@#W+#$3>U%`J_7$)a@@F{gnkM zx%BZkR5Thlbp%>aJTn46HzFsnWF$sVR=i-`3V|{PiiXgNA@Wdlb@({tP1T`G(0ReC zh3pM;mK+RP1#2FOE;R{7@S6a{H7y>#s@eRH<*f>#Z-2_v(8u)CnD#}&72n5;jDD1zr1^)@VKS!C@K ze$a{N`@2K;F;(i;OldJQ^VB0VBQ5ar{}9}|^yGZ9UO5z+=QlshTnD8cNl$us)8fvp z9lPXJ;?Fod^}TmhvtmwOR;>Hmr17)QtT1O^r*O(6h~Dbw$6KIU^)64U83CPLFg4?P zq%c**$?D}?OaBwW+CD6F2pPAsa%}4QcR?Gx4y7HkxU|_|XPnJ$uPo8RPY#Dq9QLvP zf9$;nSQA;-06eKAgc3rLPN-5P^eP4fq!XIbgain^gwRnm^eTobU3yolh+qK`q=`Wk zy8<@AhP~?_)ZKOW+kJQ6^1aXZ|No99b7$tBdr!S*=ALtJ%W)~-MRZSq-eM5#Mf-!P z4%3f^8j05$7xp(9jNQGycAsNQ_J`C2)rnWnyMYU$y7BMU-r5OC?=LZ@$nS4qvExR* z9J4hnU^|LTn7Eq0eGl3rxnlRdePbM<3?13)7)(Xemos~*kzi*vHtK=2s0NdagKn*# zy0=4>NnCW=@j}T&ahHn?7~Hv+M@R`5T>2_v=Gh2m^P(~&ZtZcVGmzn1nrhrw9TKq5&S>lA4HU3U5 z*F|4Bx-zm~+{xkb)j%&g+%WG^_vZ7e!#lai}wU|Xt@kXc3;AS zrrz$xoqHU}(<|x&J#l%%*5mE3q@8zd-pD2A$p`&9iZR`6Kyh7RaiH~~_X{5BW2R^% z^-W=U8Swg+oUaPYKVgq$lZ6=lMq!PH;!sn&6%V}i>WuGs>Xn1(=!;ZvBX-Hn_4opH>cyG3DNvc?jhDkMkEv`g zC-Nn8Z)ho9VY9b$R?0qN!=^Q1_&U&BFV-6OdE|5$e=+n0SmF^PXKqZL=RmtFrWy~5 zJaJegrT^|C<^a-fV5&q(0`cV_c6)SE%rlXK0&6pPxyJeY5wdn_sSkL65~RjLxP+_p zOrT=4R#Yyk&7M02T1*Q>qLohLZ4D9{eKMH}4@Xoy$!QvEHt`(3IDgl#AhTtW`mG2yhAgu92s7Rxd-xQuC5&c=^n*JCf+4N2RIe3r)J7ZgPu zw#dt`MPYJ4^Wr?^GPT>6T;PQ@fWvElrTBtQ>xc(o57kc2nZ1%SbOyst*UAY*>!ZTt zQ(xUz+j)iextC>`p4*qtO`np(cUpdkuF5jKa>^fWkHbV>=H!F0)d2~+Kfy(~8^6uSu^wB5`9=FVo&7qjHX|ts}){h%& zmCMa~?A~%KMm)`e(VqgKRvqzl1FzzPyYk6%E`koZ8>}p~$txIcc7$X;TH0ouD?ea);~iu zFK+V8y>#n}=6z*F7Ljth^A3-T(WG?5+4j#MxP2hX&wH|RtL9x&ZAAvmHw?B!ivVDeR2!devbQBQNi`T{vS8O_S z&+svpaQ0XfarDbZ#A$5ilVgfIucqV-N16%ry)Q&7zv()HLnHW*c|m(=uu`6$au} zH;m8o$O3C8^*YMC_`LZ(WfL6yK)%Fw)iqMhYjL8~_IoD#G@M}z?j?0QSaMTiA&56u z_H0og;Zr;PuPw|-d*)nc*tCf>OJ=`&yi?B`y@>Cv!DrDRdzY_w+&P8BY&)`BX~mQ* z_FD1q0^t_)iwXFuAXFOxEcE}V;4%03 zIh%yO-t_ELXkl3wj`zs(Rr$M_EE`^Fuaqj>o%%Nqv0Pgm1G`{CGU2^NnExic0NG@_SKTeWM1 zZ0!&_(d@No@rpXp9?)4yf;i%dL@Z?>DWojbQ&YS_8IxWaFFHC6XP z>n#m=PN6{a{(9$j>9yW7yPD92qcYHq79Uv{rJegNh8DT8#GRNFk)ukP8T+J1;)OoJ z>JUjA5nqbZm&lJal<$itH}*0f`9x&O=1Zr`|Q3T%~t zdL8`x%#F5%Z{cPFNyH)D8Y}7(`2n>{7fL-#Gj2NdH3_s>HmgiD-S_22A|;-bM?Y(J1XO&4XpWJU!AVm z<%3zQy7cVWbW_}^6m9wEH`xi5@ryceu=|yd^IU#d`q_n0G)A&S^P>izXLxm|leOl6 zNXeJXq;$vrG7Re;ty?iG6HUhH?E=*Y6=Y=c@Z_;qz9end(c)Ak#aGMT(N-x?iESyu z545%jqb#IP|ZnI*c&ghv~NoTeik1pOQ#~7)}UVHF1iwa7=#hG@7^o@Ee(9i zqQ#O2DJGGeG>6TtzI+m1agqtCc8h`s8x5k(`4qF%FX@8RsZH&UKHPPDOH42<-0y-X;iR}R$Foe@x33zz<+%#ar6}iE1g1fHgj>BZT#Wqd2ORzV;cmghurK5m zA@=e%;cL9*=Ui^6@|R~U(c+c-9DVhgHlJxYun#gTRo?EgL!e~tu!Ue?^Wf4VD{HR} zbh>RMA{MnmqZ>R>uEJtF6*J*q6uQRllxhjrvTJs=LE#@WpS8@ovbJf;X9kNLlMOS3 zfh+a}TmeMD4GU*6+azcn>L#qu8!}6&`@J4(Jh({f&T&>dec`ixgMiJ{Y{msEHLmD$ z-sl>9Yq5?d4ZPPF&mn&mp=wq)bYltbQ=uZPa#24947;AVf6^E@X(SG~sk$X7P3@ak zwe5=Xfmq!_K2nk`WoPMeB+H76h@Vk}pK4jo&TIi+&Px8WKvfZYY zWb2f4jA@iB)lgYs0uX@>^?8)!4ru`n^jNPts)n*nzHt5#(nlGf&`6D~nebMcW#_3>$Er#zIZjdD1IOM@WR58a zbEjx&)i|2;n45i3Qut(7=ofxRd!OkbZ0NAwahF8?v92M)jDN*;M%oQryvSc2oMLyMZ4&>6&ZaV`q+m^hyG_u^}vKq7u zE5&azKW!f^wIfgZ!$onh+*W>UhMv0lf|~Bx3uS{xRJg~-WDZE=;q_| zE7Ffk^m~0bpi<#Dg*wM4t%oWW%}q70AMY~<9Gn{)&SffUDBX81KwvlTs)0OMsJv=$ zW|z?E>>CT8q6@F8ho`geRP!wzUE3oADKt!Ux;;?{i^ID6j)`arIP6S@wO$~A-?h&j z)L*IT_AtNIdGCw0%8Mg?&;T@SsEqK1w+WiqXn4k1UZA!4pz|Yj?%HH@V4sB_M&0;I z)|vhi)3mja2)Fc(I7zV>ii!#{+Z;-xrK&bAPh%?ONVL7Omo`>Kz2G-9@!QgUR%+i4 zlUTC^(A7I)wyZZo(#uopDxT4r#|umHZJKkaJE0qcvpQimKD zFp42#?=8MK4zPb}39WWk2c87onNM5o-36oDwx2oa26L&77IH9N3T(Sp4TyeF%nCpR z_?fIk!yUFFbnS5nmpxIdClUlM+4Wsk74F7h#!X>y;POCW2qAwr4gooQW&D_0){SPq zcT5L$CJG%Lz+M0R_zO3VcN5TNuC5ALEi30$k`y$qE&>dSts|a_6@OSSz|p_UbMn>6 zMU;wiGIm%QG!5RKz>C_}J8WI9BUko`BN)EJ@adx?RIVKM?y=X@2%ped_67FDkN4+Z z8+z!XUY~Y08>+o5|7DQF`MeK1_`<+Kq#EDHw2x{F^rm5T@q#+bjh>IhOV3=ja4kQQ zy1YC8i-{j!gPSOV4SNFmfPC5NHRh6OO7)WU4XZ@(leC%n$VShI?N2vsm+PKuk1*?3 zy+x0fgm`Rn;{#`4#_ru|g=BBoA#lJ(mzR%&L7-^N9Fi_N;V$ZOamd z!KZU|HpSGPk*)Llq?Jf)#uVB_uBk3mdx3M1s|Zv;%oHy?C&5k`2|xbw*u!VrVrOVZ zVAtsU*GRk{K^C77xp@4PQ|OLzw5v!}7aKZ@;4y6^zNLyU6Od=9-|`<_j^x!+)Q2T# z2<@CY-8i5>ZHWpPIX!B#+>v)REYmvWGDh}I<5Bb3g!&A=s{W&!^Ao&TiEOl|(M_pK zA>#}Sb$9NfW?AFu=A}T&B=7v&9Y=+z;SuMlL_r|V>`{%pK+I_*_&90*?24rs=1MKd z24rGxvJJGueOC0{vbhq0nBA;hDOeaWAsqM2AXSPikR7chbA}vOBYaVIq-4zB@Og&t zje-d02H>1d66jN`xQFglGqm~;u*f}D%hr;b-^GY-&A@|gQ~{LN)Sd+J9TBA2j5=1< zmcf&&-lAjd*_|ge#dOtK7jZWy7P+={ZnR*nncT|bb>KbQviRCn+eB5FZyxXXx^dqJ zk_1?oe*m~R9&KVrAmFP(L>)k*n2`n^a5QTMGSvWtI^AfTi|5;ygs(%w`b13O_gR+x zKh3hZv}-d%|NqA(ODZeGzcb`O2YXJfd z1`x#R#F>LOiMj$;yL@=cHOL;M%%OIkPOph;hZq`kan4DJ)8R`(oj;>Gu(7f!V4iI>96ws?7axg`*~7eo0Hr^z&Rb} zE4*P`i+7m>Ilv?l0@tpHW(h@tAa-}(UE{XNg*6lsPiBnz^Ym(NH;?0U9j*$iTFDYU zrJZOfC|c1o!&0=J(!!OwvoM9v%EAzoe7UrdTr*MW(wdT%-*>OoQ+1iI();iZ6DmZ? zOd*Z3NA|&Cr~#jJ@i~o2Ki)m2;j7Lq7}mNvr?-Ch>sAzn{5lJ|7wcrxYo6irjr65# zxPh;VDZ{JLH=l~`?uP9e)L;JZ*=F={`(45>jDvRxD`RTeLEe4mF&U zn%xQ0VvCTs6Mdd~4#dNZf9>Vb~&Ho}meg_+kufQPli! zzGKSfGAP>~nERaC*mUIOvdv0L?fa<4uYExM8%+}SvtxxrJUKtegvsQwCtiH4Isrs1 zyJvn0nX<(j6yF8TG#$GU=@9hhX0MyTN^}roBm%=*Q}BXI4`R*_N@UqL8uH|HTMTH; zW-OYPNNtW81<4anz605oKMw&pW>O#prF&q|MM!7+=`R-Ty4{jho-Wi6Ev_koyya?@ zhb#tz+{SO6IS~{0GzQIcuHDqPbE7aJL0zYMaed!#Q^KvLJ;m_o$LElU<81Rr z+|3QorYu(qh&84TTR3=^b%ACEuLMEb>DUVOPS8$&s58&;N*ri~vi~}vxq`QrZM%Hk zcIvV;OsZB=in|RWqz~jt2~Vit)sj>V2xzn_hcj;*9$M(FEW2v68~^Y%HK^O!ArDzX*3Y?qAu5M!{pb_75N6^TGhM%lpUbML+IH1`_UyR0K_a`J*5 zh#vs4Sl!=K_{?)Pu+FO0hs!#y7YmM1D~4(VVCGcwIAsS&;q-IQ?nehyc{`_kRxjv0 z$Ub)oKUW>(Tab9J9k7qgNY^kvj}VO=io3#PDkU2RhAuZ@tYS+i^$9)&ZFe49@tv_S zu-1`ZY>-ZnD}1|Rsy2+|o~5T&YKO{}*=7v+G`9$Z=#Vm55>AirW|`eHF{bn7fZ@Uhhw>rkjJp{C}E?zPByNL_@In-PwvTqGMLJHT)?NCe6G zNZmK`o-5wW&6;8CUnWs4yHN77UVLk7OR+_HMjvmZc{o4MIICDl)FtT`g~>JtX`2q- zPs}c!glrWQPmFPS!uNFPE)H`YHd>s>xmyHG0tk~D#^CPcbM3x26R+Cl-4QOjN%T<~ zyn3N5n!l3w^h+ZJ*NuqRy`B3Wt6W@DV!Lt23}j;5Nwcg0)`iuIK&I5r26q zTf>JH;MRr_Hy63TzV_zitm57KJCO5>B*c<~Ny&W&zY1CM&kWwb%<)<;DlHVk}U%If18!e|QIDP5% zX2QFvHRsc^iK{*qo5hE2!+OdxYoMbdixh3sqE6A7TshHG z9aaMc*FQ%vGc3~dxcHS0P#ARIR1C1@?YH~_AS_2<`r89G8^51xkyU@SPbw(!3_t?} zO4QExR_vEOb8NIa_m#x8oLrbd_H+07pT5khBgyjC=`c2)`jd*cZd&PmP3pQFJ9>Y(zwSBnxD){Je zZqU>CEz!5$nx>w3v-#HU4}SB51DxuXn!m~?go#DNVU&h@#DAybl>BA+03 zk?V|)e4e?a%7tLl`mOQ~Mvjh$(f};cpHS;8VK3L$^enXsvnO~WT|8~GoVlt3%CM{eGY$msIMnUg>(SoT zfi6T396oNv)&WZ0cM5jwR7cO$@sk4}SF7GQYX&fE1wY)6r60la&=af>het0?O)tSt zf#<9qc3>G3POq)5blq}#0)TVmMocU>q$G@6vBx<n`PwnJ`zZk|hK z##rWo=Zk6q;W=En))}`7%+PY9j&wNM2t{GCX!>c5(}?) zv}Lt#-kZlNs5v{@;F)g9E_5c4jNoW(y2^`>f7Q})tl_0&5~=*Q2a*V!n22+I+R}8B z;!OY}c}sNQI}&X!7K#C?ax5tCeDkv|K(KV5OLPT0@I?%omLPLE{gac#23_hS*g|?C zo#p!87yW%!VKX%BqPup3q?ICwuzWBTvtnPgN$5ffEd^u-WJ+?Vh8K!Fa?0Ze@>bw@ zUh!_HeZ_$jTKh9jorw{|ePP2VW~uF2tPQ};%vI5M3#dB~ulJwkf-GDyH!r71++}rf zQXIc<5X&&Vm*`eKm+5VdWx;30x|n4LW9$a_c0Q!Z`DG8OKM*ZDMJcn63)xdY)Uvnv zh{SGnaLQ^6CidEpVcLw-XsN9V|4NY`ESBH|mZcQtdde2fS$AD&wF0dw9Se%P?}D(l zEi^XIjIDrukhdnrBRn(jk|G>;oy>V>UW)+^g$7 z$Dc*nQqE}V)*Lv@)4iap$`$-f*vvWtQMXd7QGI~uY7u^_v-fEDcC@$s;^?6ecxy{@ z*2>{Jj-mAD0^U++4Qu|H-F$OR25Mqb&ZWr_;ntIu_tL+_N~%p*%f4d;V-p>oHRwm& zxZK+zkM7H?6U-0V<*tA}nB6P)LGprdl12T5C%>=uRRG&%6*VhyczUUN*67g9O9Eph zJwuDfUoRFK(;t{NlBPP{_C)LZ-mb(ymkFz8Uy-D znOPx&{Gv2P_VA9t$f?IhC>oAPgKC_i;eB@TwH2_c151alFLGpv-vG={Ls&ro*lw?P zQVJ!&1QrxSk0P=9l59gu#l@pEv z$10hV#rwN!+QP69YO39&|MYM`>1fP}PM(1Rw=4dI7CcB2@?tHqoiGU^yRSU7Aa&mL zU|OPNP*1-(4+8P9*TUWqk&LgB0>R**wfihp82EcZa0ZK4j?NDFpthx&O{R_)L}gEk z1U?5~5qLWzt>rVU@p&~$)ZaFNV|aHY%3x%!d?kde+7 z?1Jj%(DI#d4m28QHQ9#bj*}? zBtP>*crqRK>3Qmr%TFp3Ki&5~;)bUsfp}8cjXEh|-C#NhOZZs)Y{#(}lZWIf+C4W= z#fRe#4BGT*1VE7CBGR4+kVUQcZ>Qm+EYC-?FO;9tUtHX*xHH^f$9u<}Sswc7#^jjl zN5`k%u?wPkB_AxzZ}{MT{^W@dZ`STi9Sqx;R99zJfe&D=`>XeUk9(v&CL|?sI+FHL z%Tw3eO3DtK%yS_Pw3q>}cJgMJ7>d;sPk#|m6Z1fTLqYh97vvA&0l1=UR(~Ft{POvf z46iBP(0tn6Y}jNxn8#EcBP(TUC~?imOwfqjLw7RhlakoEi&0>#M}V$WXYdS}?a;Od zzck@@K6iH9*lg@BW6w37fHc<>wAuwNF8SC+f!mk79g7sL9qRo8Uke;`u(|2uT1*62==m=1L8RkG_vXsi8pZ* zT)(Dd6vhlD)LZ}l@b~dgP~acLe{bFH@SoWO42M%+PwxVlJ3ZmFG{60-tgrd;%kk^{ zFBJ_{b*;bm|N1A`_%A>DC;T@FjifR+3I3PCf35hBwlpUkUSPSO%kXRk8s*0|vs;&xdeG5ueWu+i5W!7I{{e>N){s0~m z@bAI<3p>#KK0sBC-v{_7TUz`+Fg3N`1@<_rYoW2HZcjxYX}~RMW-%hPi(Ys3nKXQa8IYwoZUx4o))X@3?Nn_T(Xe$1G?Eixl_>=M9o=gdg2#5@$ zGPi;GmybUg|CzT{e&hdXsj2TH282fX zD?0>4l9eMONs$5G%6}{+e;bc~hT8x4p8aFaDzCr)*@uNi{@b1YGyTVD{#O4rRdCGr zzrWXi{_pgf@xsX^QcyVK)d#3-O8z z3Cf8Hii=2y3oDBA>5B`hNeJl532w%T=}C%QrSz2)Rg@KU71h;Mm^T!pR23AoH*M5alGl>bR#Q^JDd`!= zX{f78sj4XGswwE{D5$HdYG~+bXzS>zsp)Cx=<8_c>*-1G;blbdvZ96x5{Alhc$^$w z1GiO2!$@Bbzs11Hz-X(flA58qlCi!LUQ5eRQ`<;S-AGT*S`}xxS<~FWz)?%dU0-3V zzM-+9zLk-NrIEgc*%mufJv+h{FT8A^iFCNRWULL=c>G=7h7W&TXQ>Gf<3{=!QRr<&e+w#!qwT*-rm7!yYu#)JKY@Z zoSmFKTpiq)hdXH}iRA5U>9xbo%gw>Z-6g=?A;{B(*?he(MH zO5PPg+r1|%A#x}Io|ur7lNwi$wW}~M;e0xfl9HUBmXVs7k(ri~nVgxGnVOxQm7ANF zOW&7E&nw7D%FE3z%Sq1PmtUBlT$rCzo}W@)m{VSwTvd`=Sjb#Fq2xeGVR1=WX;B{Y zth_Y8w4|)Ovbwn>tFAo1uClDPGOy)eX;)Ql_d$AXRdrkS{`R`!zQ*DcU6qGgtBPX8)}~c=){bWLtBIbWi5szS=_IMUL?C%&ZR_+muij}e&N#3^n|jf# z$Jd%oFawPoHZm*Kpu99o@{#9Pt{XHKo?Bk|Ld{4{47&BTNC+CjDr9u+qut$rVmZ$t8n1&dTS-?y)LTHsZX`#- zbEG1mP4ird%G97uBK4&odp2*adBI7_>9a)J`e*^a#^7s*+-EvJlhyoklR&I0Uejxg zOyPHw>0(}Q)4k4}I}b|S3-G!FHCfrMLEp+9QCMH8azn+zO7nWG8i(#`^W2PT>2d4` zTQcLcweJ0K$@99)g^(H58`^c#xSd=Q)zO+G{#$In?5hc4@3C*CGuC_U`V^RvvTg z$x&G>ymLqAshL^5?wy=D8-pEH5i>=*pO@yQhqrRisLIIqpk#9EhmA_quQIkt4No7prhy1P7R-qTuOqcfhSd#HEHEGSTGP9nH9#mvar zM)R6*x;fUbx!Q1$6gXrgNcYi_(^-l{aSS!Y&siT`!uw0>E)gSIkHB|H_DnZOv~%b! zM@k?xSKABN)rRPp2|<0Ig~NFMcG{R|6>!#C)j5sZrmrzRdEce#+z5`!rDn*?C4^+K zQgh?$(nHNxf|Jf|excu=@TJZ^F&v+NvYxJ}aFg_OK_PWl*QDkn56ji&lwh zZ+jOq5~i0NJmpl+DIM&wH4yv!DBHryhxW{W!`cvBcF?NMTIH-_ovtP<#%Nr^%EqlP zZ|RD8Y@g?x*SL&TsM@jVo3V9GdaoZPa~eFPjIiyAzu384 zd2sjm(k4&yT{_R4cj2^eDb9^c>^mc&r0p3a`K5O$D2sOkSJnuM(Fbm@Yya_&CUWBcA@MmP_B_^jmZ^r z_t8Ny{q7nzd+l0w69hL(7?eeHloWX3V!v9*BNjl0B$0xIHB(}ZeRHgXv()&x4W+k~ zT~!u)lEGqdfh247QXC5Eofz}=XTyai3+Osx8+vziO4|qRTj9U1d0)E|F{2zDeS=%~ zisAk}S0qK>;L=r6#*+D!#5o(y3X+QR#@(eP1v1@ts%0z>lePUbpS`G_(3jovjzow( zGAMvlKEN4)8{sR)ji4I5;l^u50>ntTqDyAB+k#PgPl|vNsc)Y{Rk>(4C*i zl9i8e4Y0NIV$pqUr@yy1g1_%=GP*t@QJ=UZFgGr`>2N7(FW=Uv9>o$N(sn}2D|1h2 zh{x5{bj3p^EiO;7n2paKaPDnS=08C*7O0m@GKgIgXxn|m?0{=d0oc*?S-7NHS>C>2 z`iKR#C%@>ePpfVNMC9Cid7HDmoN;H8MOJQXvt4|~=D`+H#XkX{z#vxoEu$98ovmBA zWt|@Bj0kiu8_R@>x3>jGdE(fEQuu^wy5ln}o@KDuegf_H?~h`i<1&)6v12DQyjtdu zr}~@dT~Lu<$?1)S2=<{<#0ZNVd+482_qQ8Yd0z?;UPU-oQ?GMymL3s3n8UL9(Jber z!3clV+6ZzXFb{>O!Spr5aRx!>0&}B#`|&qbmU?cwEfb+4h+%|0F=^wtmk2Odro&Ut zK^>iNc$yLH(&EUuFm^{|MCl1n6BnyV4pDvM6(ebzXKWYJUJqP8cQ|@90;Qfa1Qy{> zObMrCUyCp5dO~&zlT_Fr&w%t}$CSfAsBltol03Pcc+X7>$vV?u{#hJslYb%+`oPKc zV@@iEERZC82Fv2$Z>%lh=!UrGXe26_A0}pLx9j48+GmHhg>WcvQPMV%sH+bWIdCFLUkJ&vos8 z^$OSWFwt}I$;kPc<}_veER@$9h75`|RxT9J&YLfpCCP+19O#0eZy0ijB9eq+t0AH^ zB5USap8C;5o0y!ki9Sdf^{ zBAj!X$cl?K;<)h$=7MMwUUE*S-wKb+lFT&Y?0Bnf7V;QVCMk5DHh?y!@bZ+@VA7(~ z22I>@+}@rZyOi)ISf(>|C0c^R;jNMQ6MTl%!tmxCksZ75Z147s=7QZ@*#pRHRwjKfe1se zH-0cj25ct)QCd7Di!7?}WtCd8ALFFB5)QP@rd;xt?CS+=`)j-x}c3RA^$ zRjJQp=}3`2zZY~)o9ONFz9EvuoYxjmcH3fu{J~LcX)p8GW1M|YZcn!~LgA_*h1EM} z=x_IS&x%6MPZXUS3#gmvnd&tvA!ycwWw!oK zDWr@mv6yHX1rzOrP_Zn#DTs6iVjlxJMc8;YUk>(muhDbo7g)|?W_I=Sq~<=(Q8mu1 z*qmEuleZFcYG_gY)oj(Hv6p&nKRBjK-a|Ryz|w>yQ373=0J^&-*_WD{J(_BEKS?Ay zw|%2~U8CP?9A{Cp-R+}kijG&6BHXof4dg&Tlrj*hI0SVKu0r{Y3bog} zLzD9?k~=1CC#uT%mO*+!&#sqo;VtDH(%_tOi*xV27_~>jenaZMv zb{ne3S{JboVNukDXv&U)^jFwy7^mok0%bG1T(gANYoyn7&bI`wnV|&B&OCJxNS+>~ zZIl>$CH5pu_j9k5F4VHO6QWJm;)zAgtx4WkfO#&ULcOHiMis01XwQcVL~Dy*ERe9< zIp5JaKVUg;(AbWzu~;5Fnhz|MyQ zGDa5i`%U6k7mBMg zbtWB5@)!`dH5$H}r5ek|z=Ke0kYlqfbOy4U=6~sB=+uJgQgpdkEB5F@R63C*3Gkhw zdlathX2hs1r}*h;1UgbVpW``37g5EXEOHcHQ+m)zfPEMXMlfGX&;W=4h;_o4If4~u z5#@N4P`vegr2V3J=nS@aa~;P-TmeXT)1eqO#zs%Q%q{PRIF{D5#)zmo3Nm;B?EI`Q zZwNKdU_lW83=ROJ0WbkzWq@9|&~+E!pQ8b{oa&lNG^(2s8*@bIh&RVUKB>F;K2J=- z!T#G1$Z@_Q)?G)Vvgyc4G~2spECy>pco|C(zR8FVu+RV)qX|X<4h;avY5;`?i4(yK zPGGlAxW@u42#>H{Wl0@ED7b{(EI{7uL6$P`Q`eB?Xw(G@R2Lp~u)(nlhX`DNH8N12 z9N-rCUE32uN@#=>3%d-yt!vHVZ+%utHSUAZlosBO2<^3ER;L zb6~*y88Ej6SSYT`g9eZ4gpc4^ix^PTWL|zO*qVssc7|`f-r5}xfU#|;p>Cyzzzf|D z3=t$w=@7?)CDt%fc(5Y<==;_VjUk8*5v&hD^@kvv32-tR>V}0{Vxfj;s8J_u+e5fD ziG2`_bY&dbkq8o}!>fl-=h0Bbp!!1=KzA1K#I=os-lH1?l2{{RqI+bBN2SmZNdiQp zx>o)|ThSe}f zV91pQ_a`0?!m*DKS@&b1Vt%}p4-ta|_8`hYR~CT4151N_Ph2}h@F3Oepf({Ui3hp{ zPaZ=-bgCgblv7*Qm?VZOwL`WrTn(`>2V(Dz1y@Hr%m{!^wZSgq*xn~X6K1^%(QM~& z!#8#Tjk^FiZCI!s2uG1#>mJ3t9(ZU8*4%aK#RqR`e6Ri*M3>>JqBypNGU7mi?ZCtA z88AJ4SO8t{JesW-#}YZRfn1HK$Fof`;JxwPpD{yckibbE*EXsp2(#A2H4l;^fOIXv zn8uUuCn30@Q4Pjv-;ezzAN#EdaC;hjdne4lbIhR{9$3v*tf9Vbp$lRM&&3lD5WpPO zK=Sknf#5bIZJY-nVQ`?=tR9&84!R=Lveu>3?JbFma3g*9n_OFIfXz+{lBk^eHd=NJ~j-{Xzb#aXax&ZJI zhf%=Er^f;Nk4;M&J)h)1)74NDtL35}0tb&MFhHLm&)cTyD25{rrmqNd?Cken<91zR zJB??JC#bjULpc~M6==43It!H6wl{b$!rZ|RW=Deu5#d`H+p7Q;8Dgt53A7i>I*eu2=mf;^AU?&>V7CkX ztK(wrCs#j!69!Kjxk3CYrzbxi)m?zN(&zDndDY-ll|Z`-J3&K{3F2DJ4+w;MDVhaZF>!$wM7rol_qwM30q=8sO)~ zD7Cw*VhnHR@%$I!h-m7<8`}hdohr4wjZv@fd)3%~A!~80wZH~N z&J8^b)Hae>*6h<+G`k-c`!EezhGVfGf~YKjaRi9I64bsLwj0aZheO?_vCYxgC=SR# z8u>{Qw*nEWNa)vJfCNz<#WUa@UtYykvqaEY_AVfb2*?5o^1vEjJ&`r|6za8MS>qbA zitwhE@}>sM>XXQ3`V7^BL)Fsm1$2U^BGt|6KpXCGb?bp82;hBR1_~Z=`x2RkMlg2` zL8l>T0CGPLd8G^WW)IKs8j5Vk_huMX3SzCnArl$G`e<-!*jt!5cdzFMRTXH=2aHT7 zG~*#UhyV{Dyv`*eWfqY&6igNEW11oB&eOsnp9xIi0duX1b%(tb#DZOJ_g_5hu0NLtqc$DA9P)Wh?91~lUtW5CdA;|`HV4>1=a&zjFcuKH zC6rCvnXzD)g5+uy+={b0lyt;jw%&Pmi7tP5(?Dx2eQQxByp6(d8szLbq~G0P4px+Dw+A6VxZMWoK=C>)cKJ6B|*r;OA1LUJ9lm# z2QAUJdkf~;X{2mbsKuoBd$plZV>?RM-f0N!59~3TNN0<=h>wm-Ym$@_>x;nvK<>&d3iqinTAjy>H%e$n5YT^ZPGu z9zPNqDD3qiY}?K_Qo^Q;EUS_<=b*eBlf}#E3rCW??9zW@hLdC5{$vtncFkzcNa%**8|AD?c=kr=k}nV|0<5$sLVd`woBSg~g8xUXFiuxhU036K^s+Lm zu`-n$q0Bt~jsg0wu;#zg$RFwdeZ5&N(96il!Z7s1%N(Rj5BLgCX$p(f$`vOWzCM0U4|HcTcQGg#a`!Evg zKn^B*M+St2>MMVHm{}`?97)24l0wLvC4$ItF=14n2nnorSZE|UG;*^9>1Sw)-%hb! zVPQcL-wWS=);~}E>N++gDk8x9$GbmXz(xo7ki&kw`~5=H*S`G(983Cj`D-gbU;By) zH7qp1J3^7!+lZ(TG8OydMP{018IZiQa~{FTfvV?CPxN@ z`h72cNB-NrUx@PkZe&>8&rSVs{o@MVLh#PEAcmM*>UwUN$w= z(NR;Az(#*B>*#1|u9qXpu}nTQA74M14YBI~Bo2{b6bXZMxpNGoV8eW|1ZD~=Q_}R6 zNnfRnb+TF{jK?XF2y!aoQh{CDcbWJV?F&yk>nUsoM*JE zr&$;?f}0e_?4oB3IhZNu`RIYj{LEUYB=0aT~uAC%a2`@{JHW^UHokinPSJ}*H@-}rSPwa`K!MF#KxZm z;#YkCwM_iTvv2r+mxVv(&QC1yC6gkfs7wMxFtcBo3Dy2#!NGAq;;W*m@)N$yRS>>Q ziN-gAe??|p0KX~FpZ@<{)qeT;Hkz=qh`yi#S6KKSD`SK!BJ-wosdKBvU zz5O34ude+Q;Z=Xug`cG1yV3ZG;(ry(bt|a6?ulsQeuZM>PbjMXFQT~KxF^#DGtB|h zc>fAh)gLhZH&OgLoHE&{rlO(oD;(EZ`IU`o|BE<&ZT&~o)O3D8?Yp)30}R)h`MZo{ zs%HR|>1QZKhAB~)b}E!i{XG=6tUDb{sr8BQ4v|*XBn9{|3##j9%u1w?b$RyEP}Ndl zUWuf}GK<#M*}%<@Z(9ex!-U&qn@V7VMw(Rz>aClI-&n1{%Ld zqW=_D(LO)oqx#o)tgrmlGJPAWn5_Ob5-5Kit(g}5+X(jCi$4$Q>$ksE`6?%o)bFFk zw+DW9TO@UK*8PsJ4h6HqKRG%xt^fMy>=_Z|^#{YBhW0PRpZ51r``6cgJtRs<{xs68 z1N^-~`#T|iHf7(&N1tCX@?{=m@~_Y}(D!9J)L7qjkA<1l`~R?a9dJ!0TR)+9Dbg(= zAOaE~p(7wwK|v9)fCT~sh?K-6G%F||78DQ^>taLfs93OqV#VIODE76ky{vp^?oC2~ z1i>xe?(Z%89){#*%9)vS{-;h1J(+Gv=P>Dsmhp_lRKS_hbP^Zjx*LV+K7hd^@tABb ziIq&^GU%M>c!WX`6vUtw{9yz*9=%UurEo~Dp18mux0V>fEoX1zWKYF*of|VTi6T}i zklp*1ZAg~70-g9OL>okbpevoj zfceGK*`Q+}#y}P$ z=#^&g(3xHVFNjrjtW=*!Xp{%8LaJ<<~sDL8HunQ08OLmfNVp`NL> zRJ?0oI@lt#JZ!C5l~|$(4haT|8 zq)}p797+ZVC7hF&zK?MTvi(@9y5%4-c0vZ*aEL&Jy@e~1>0-F^yzND07CNHD; z6{Y3g6%ZjhsnbNTb#Q z=ZMaiz2lF!h>*Fk6X_Y)eqklktZi)&QpdQPU=ZAB38N71W`Wv>YyV_qKM<P+nV_6M%j~^etir!4L{x^$q=?N2-ox6) zo5ZX@08riCB$@9*vH;2>B6G_&SDU?qV;B$2>`8PAGwBSTRvz!r4O zis;r75aAT3!~>2>WFWR8_Oy~oxM{!@cn#nb9MfQScj$`6Ml2AGB!%Gy$Oj@cVgR9` z2N^N$o{5R1APy@AY?j>C&mxPdyBGT1>J!W=>K?>mrzAqOTOcx;wt6Buk51;% zf>&anBgdr1kllTT`?UH#IW?Y3b|3B+(&~Mr+`5OtuU7A4mRL;Tbsvtbw4?z@`EB)( zh?&*h7tJ5H!?t>g9na#i+`ZxZ96HIAp2Y4;3PNwSdW_48<)r~abPwUbX!SX8Ux3V9 zdZJ4_6GqHR1S2Wdm>;k}^u<=s$HCi-WcL7iTC$*5B)eKY#kXI$55nyztv*G@-()Z$ zf=zBPBaP%u=d>n48fdtQ2-3kUlNnt15&XZ=6yfhy?eVSF6oF>!?#VZ8w|Xv?na+rz zusO_VM)R{1LI4_b5$ble#7GXls9Gd+@iP5{9y{GQF%5+x9(1-B4#wk?GmYzRI^ zad(aCj3od!8sP37zB`9+C7`*R8dL3@`A_YH%-u<>S))j9OFDEDMixiVYcCGX~)E zjgz>X15mWaKYhLe_}&r6mK$k2^+1vq>#zV}97lWR{ z%V;(I79N&=qD&R&K*;h#b;7)tqO2(mQWx4<1<9>drGM9~5n=|XW*qXtV+yXdy$#LQ zxy{LDOFGyBeHhn;TTLF*@vz8{7GW3vDBRd=A+WY{aB{F~%d;gS3~yEv=&TT@g(>jZ z+#&P<2eBmlAAv*phw$|e3`4}Q(JuYLruI)fb^?P5;<5I&ZFU|vP14pA7+Bh!^gnaX z@l2SllMU6jwFHfqC{aXAMSpCk{Y2ja)6~C^(zy8y0#YD8u+7m zrvmF`t7-oeq*rHVj#*p9PJIGb5)Z|Vv8^WlPg(Cj=rzPKdNf_q-1~!7oW!7jH9V%H zP#syV|H(h%;YMsCBb~y92x1CEYly+H{SW|jYmUdoeB;)!^i&oHZs*`OzY;V;;WDBj zY8BgSrYN=^gOF~q<6`LCzT;wJ65tg#fsTKKne?OM*`^Ti$%e>whMTZu3PjfNtR;7h zKBk~(8!p}z8=OZGym$^PB`)5LjeDmkaquUb!i118JQl>1?>-yg8;X1c?U>-1D9}Cv zV!0!PBNB}(a}dUrf!V#4kzZ(r2g4y45AlfC7UxC~PJ|oNTiMXXzKPr2adSKRjhpCy zXl?JT+Y^d{+JHEvJ5Z82`o9~hlG9!>@(=MXj{8e+{z{qfjoIJ;nmMk|0DkxAkY z0fbjDI21Z17H%3$j=@8haLq>;cmWK9Lx;<(#A$hudXh{+T0O~|!QnAu!G{S)L%8_u zb}cdVqAjy#OOVV#DG(q>=Q2p%Ob)pIJJoR#6XF)=$r)+!;ARrOXxn!ZD}qiJKl^4c z3CWY+Q0u9qI6r1`EDOc?L8uD}`4eHlT--G!eob(~&>;*40$vb8_X zRMX*+AOa>C1(Whv5HyQc-v|~Ti|_m+n*ewHKq`x9)D5<&kk?Nb7b{Fq0=^^Sw!(YH zo^0`b6uHyvH|6KY;J!8yk1opc5q!qaEBdFvjrLA3mVIW8egiV#q=LI2#d2Y>%oIVC zFC_-@{vcNiQV*~)AVRLo0j|r6uoHjC+mYVQ4s;GgVSpItLJ|!m(!?{dz}pCjFX5qJ zYMQO6PzS5EAVk1X#F-w?Prnjm*x2v|KDHR}8l@RwqMpCl%}a@K4$-wm(WDse=&0vX zl8re&DndeVv*f4(F&&AnX8gl}ujbJp#Yz{(R z21hn7O*|(a9wEDof*ix<5ul0Gmy7f?*HlZp!$kU)wEA{Aub zkW$z&fb($F#!7<(dI4_wcW=iKFzJXVSDVe)d87jLWyOd;-2#*YDMx&iBXLg(3DOe1<1M!VrW9zBxb? zj($tZiKC{77K1~)pV$s~;HQ%W5DIzyZP#7|_leytE%pYEM?rJqJ7HU@`NB65N(V~t zmqAQc3MTJG^L9jDH!lS{CL%dD1F5TGt*h-Em>8&4!c2^SRwE$PHUd=W2tHa*Nrt{z zamlDSf&?o!fzLKtatfh@g{m%Md1hOdA>iEnL?W4bHNg(YG z7K93wv>csVADqq>ZfSFHpz*(dNq%BR9bXg(N+ds{r}N<{EAoSt!0CLsFcWZU;sS0Z8XCUuQIkDEC0*bwvuD0H%p5BuF|m%WHTgC~G4W-7PB} ziuy)64v&9;idzAhBo@kfrhvzo0(El|T9>_mLxK#L+&Hm?wUDsu2q4Bg!AhL*JLwcG zZi|LnD$s%08~`AN;4{DykR=eiJrzWPp9@u*6e`=TEqelJ-0EM!NoZpn5!!Sl(hWZg zDNr8?jzI*LAWmy>8f*n_QYsb0u;gJ-JrmzpfY4ic$FUR6*PKzAPAJmYq2f@WUfWwb z&}h9xHZX*#H=|97GZc7Pn<*lBkF;T=Ka1c|XV~D{PypWVIF}R4Q-1EmM2SVpBzG^A z%nz{*#XQZt!OOv6LQO>$$DGf>5ydd^E4r-wRg<{7|Dyft=xqNt?_Lo}{1Y(X|9cOM zj9#E%V7#9pVJG{6(BLB1LmUY_+h7g?!+%OTgJk9fx;SjIpWMmK%?h@sqAK4kwzyN2n0c5CHWFtxUE|l<9?2xh?l_Pd|o6#AxNkrLmWTZsaZDSrVemH@a=TX z99;yDh|e5UJy>3GAN`U?v_1iW*!6o0$orHsA>m zi)8)`yDc*rDpWzlH8SF2rMoDoOb{N=irE-V$ARYq3x$8M01hi8Y;o?)Un!w;gzps)$XS8RYUxpgO~$WajC2B;J(Y%4G{w^Xw|swYS0FqKZNlTOn|VSGb`Qi^&ndH_Y(Xp z9}bn>D5<9@h}Uh@*po&!8uvF~IIh=CYtlIEs8k6qOYC&;hcD<#uFu6Y%P^3T%Mg z2W5evvUW1aUo;+!K3E}jk|1{udGzs`j4VzDg~AV!2UZ!)NQwff4<<=ga$<%sJ`x>T ze5K)dNm_Egkp3U|2ViI?xPss)v}U)hbH|(av9%ql`RpWM5x^gKu%qL}u~jGu#fD|Z zyuILhAvNcig7^~_u)_H(c5o4E!_F>VzPkhSXyf6+S2z?fVhA${Rb~=lmjVusKO=VP zo+18&t-Vm$TRWQ}zW%Ld*$H!dP(*VpsDwSuE;JwIbv!lR818?CW z5RUB}e{2F!U3Rc%Ae`|ie7GzI)6ve(8F@K8-IWjpfW~xE6a$LX#*ke7-33H(wf1)> zF}WaanOql4=t5n3s5k{7G;u7*MS$xB5}C2^b$EmYM=_qsNM(?qL@d;R1tg9KO9KEW zK^=avPw>CV1>Ve!&A{Vw&}#ICV0uOj*NPO1JKiuOhb2G{k)bi&Vcv;QNgaI+wH^%| ziwF1|uUpNJ)P^FxaSUweiBN$I>hZ>+R-g}WC;`tkj%oibubI!N|@24pcFP6O9wy;07`2hJvot)(agx&TNmuJ z_8$04sQxE3+KGh|(ZGIEe}wV=X#Ik{X+EviPrUyqh@O~4^7r=#l@94-P(VBe9dZ8J z1$hPp{*SL5vR(=9r@$Q0qSzOJ9lzkAB(F1nZ~bV!LOlE9r5A8pEW#(^eM-aW(J25$ zk|CBk82|$vbU-{WE{GnTU`ZMg558o<0(N@kIF)`6jm1* z=8hcg@suBc&7QHS1`aF{lERRpngMxvfOs*q3>l|LaRt~6_B&Wwgievgm>$JK)n1$F z*pD;>6jTy37Q?V{@D!9mMHOq&H_&r&DR7-wT09Ftbt)sdHxK@eK_4(Vq}UYb8(PJI zxnN=7vm^+cMNk*%>-eM5i7d!T#WeX?xM~AKx_p=~_?~b0c%1O?KJi9SeG`m6A!#PLAxIY?)+Jl z>(m5*Zi1qae~4=QAe1&_6OVs7LAD=jNPiaHIyVI%TquP5fVm#4hW^L*orp#OcHlOI z{QCl5{w#X_)P#VnzRlI+TToSSl3PMbdUUd|Ec%aXF!C=RqhL3iHrI297;x-DGD-?3 z(GARoP`o~bmyrnfko8Yuq4XVe37I|38BE%p*tn>4RQs^{2Za9roF^;;5>}|leakiA z17M-K8+oVr(LF84D-PnAp>#vY6LiQjm_=GW4(!l{puj&GL#AqDyD7Q^Nu1Qd&~I!r(b zianUr5v~#Ps}>e-*nF4;dj#BAgjA$JNHKwAG9VLd1VN6ZCohS`Wh3eXWapc;+pSat zy11}9H{8SOY$H-K5#K6eWjWd1JD$PdfF1^`#7u&FR^ys^Zzno*hGK=SN$Vhv&63>* zvNBM27}Q2=9;21Or70wtL>4bP(bk3KVWQx57OQZf2snu$bwB3Y7$C%Mqv0S*Bn3?O+@&~;N#qMJ_! z{)O(OC@j1RrhrWaT~5cp2nymvEV1|Cq9Z7GhKw=LB}gDNf4Ce6V*dE9O$I~&LQyo7 z|DFim!~Uow6nZETWE6Z)JY#J&bMTV4IQ?)6C9oSWIwy*Wo0<9Mp$Vw!Pse(KGS7B4 zB5^ACd6&Rv!03ZA*wK!|EK#s|;Cd{e7#v0}EHOAqfxI1?o|8zq-*!9g5BGUOvAQ61 zaT4ko{JkC7Irg+R9XN{To{;bb#!FHtGXXCphc9BsI%y>nV3C|8bmBW;2tN8Wcc4E}d4EP&gO zgbKy9dyx4tAXtVi0yh+4p_l|FTyQ8X6oXH~Sv=teG?$9Om<{?Wng~7*tXL3f0E>r( z0C8YcAy6QI1dh&*j7%urQKOVtdJ;1+gVHim#kTF?fctjE)Q2Fuqed|6D&CMtXcC+a z0RU_vnwxbCFcW|@6;lF3Q1rsSMY6d)zcvGe+oG=lFlrfv&i~lnrWaW4up%Zcg4El7 z+@d7CXvrdRUl+8Af2ldA!c}lHA)b8F0(jt~X!(uS(-#Ihx1xhcxew9&jMljW!h`{5 z><1?do?a@sLE)G9Sq7*B0nPCQ5W$U<_E>{0Xd^6uWowJp0kc1MDAXT`YYeeAA2mss zw1uHnoH8zEFXCVuJba)`#F%2Pw-~ri8F0N7DD9?L5n6iEgk*P5{1GJjglDQha%Bq2 z&#RQw{@*Lu5nAMjp~R zu)h$K6OCBp3S$iaUnmBHN0<91B72xPmIbAbdGT(js&+41Pit!+#RTxkFq2}U(1rjv zYoHJIN-%LHPc%#5;>lR0Nk}nb0`Nf&>{FwbE?gj*m4(ehGaWAPdun0}25)KCt@FCc^h zchHLkTWx~9<1->+#jA<@IB$L->YyPZq0PmwF=Ggql9T~=X~Q_k?tm3AvkqMIiCZkK zMCCkI4GeS)sQwEo%!LJ~-$riY{5RrBQ+J*3t#Trxb=%n!}poW9tpr3@vi=Jb98z+0v zEf6ZfXevP=!cE-h&_Fs58*B{73=5eoST#e@y)GQQSnS;_lO@%O6%n370T~+`9St{j zw}+AiDPnl?iEt1dryyWs{6cg-N<@rNke35M0~pVL*LOE(KeW1KTEtoV-}T-9U)Ohc zYOmwF9RCe~SoBXkRF4m=MX&en*qz{_O~JttZQ!4DKX@}I5^4t>d<*Fh9R~fl{*Kj~ z>Wro?!7YwMP=KuvUm*U*C9yCl6m&8yxDUxhq&4yNXq;K%c9YJGPAF21!R&=Ber#lr z4ua$stOLA#B;T4fFCj;U5P+ZQs)a#<4+y~piy~cs9AGqTU6?ZpA_c^$pYA?Pfcx+b zFxJJAJV9uJ?GC<x1)eT(lpwhyQT`M2 z7Pw(3QFLwsgV$_Qjf#M4PQ>g$l6y!z3%e2k#e`sxL6o{3Ahkq&ia)~)vA3p>+Ne~W z>=q|1R^Jf-Kq3Wc5N$Uamnm-204HE``J-=ijK(b^VA|-q{F$=EQdl&tS%AZ>!Iw{o z28ASn0x4p!#kpcHkAe^IJE58%M}>1l?r;Ll87W#=fK$td$nI2%H|hcMC3z^g7Mp5^ zHY&2{pogl1+j zjuk~gp%sW+h-E+;A9$JYGWKE)5BS-^%z*d;T)7e(+p(@&?j?L1H{bE{qdQ-sAYnq> z4NTZbL~p3+G|R+C!Vlr#TI1P~{C_BrstJ1uW113mdYl@bF{uzZ-YjqUV5Kv%g$8oS zlN65@U(!~=%oG{ckdgwIprL$y3M-b9!o@FL6GtJEySMOJBwdDaf3#UUHUg-S`L|F2WHrOO)pd@*`mO)W@uT!}M|*n$%ItP@!2gBdKkRSx9{do{ z12hMkgS`WlU_-T|QfUN|{hv7qNo_&Y0G&f35fT{5k{-d{r^kS$sof|3l^;r4fA8TT zf7%}C-1@^_pxW8n+5NZvf5(PuZ~c8y$uI`@4-dlzyqONLpy;5BIsXo}4vr${AFaOw zct8mxn?Kxh2O9VvKmXR4@r4^P0Oco&)G%+iWTQ3JifSF2!XOQVKu?l0iAHsy*}B*| zpzFqH)|7-OYb8nTLONE2ARP+}wPbKm68T7*MzJvdA2eqt z@i@0>4m-W*UCD<`GHb?LYg-vtJmu^p3J=M*VToLSB)(C}Y+iDsU<}8v*pkqs#6u>g zNyKZ#UKuK(ZHWslrtMT(1m9;5flCo-j6{gLVn|vidl#EdwvETPf*ftPQHf_q{D46! zL$QF22rwX_2LwetBp?bHw4J20DZYJ(q=)Ohe=umM!z@8;qDBSLi|E2ANO$A#(Di^3 zn0E!TS=b#KHnrV7(xL~@QkfC3fLwm#QFKlOl>Oxa)5mIdNM2CMe7emv+UZ2dCEMvp zA_wnON2%ETTjDmpy$h|~&Dl|cB`|r>@eGN)%HBmXtMANAFs2Au3plKiOgCGJn>W=t zg1=Mwr!0;oSad#~ZKqX<60kY=y!~>Y;+Mcq+^GnPXfC7Cx+02%X2fll_UaKzXhw8H z_$YNiG5p_nq&@vVm;nWBnaC&l$7t~b{T~?xTI>G~b`JmP|9_0?9s9O*A}gAnhaxe=#*b;Whf5)g}ME(aqC1GW)k^MIq672qrq5tswBb&d_{*UZ` z_I5U4|NYPY_h(SQ{We_S0$UE`{kbHtAoLn4kb5wb6Cg7Oe69?Xc;V8DLHu{*+o$Kh z?NdqT|7Xm?lIH${^G^kTPs{U9a{v#(f9GEkJ^#%22l)4Qa;9%2=o7XR2#A#$L3d)UNzN}vHdI!=ItrIP!&}hwf%R0xw~lV8tlFr3EhV*fPpSN)SI(JU)5azB9y^3KG(E>GmCW_!N3Whba`M{##dWo(_slQ7(YWyO&8u#?=d5Q{G4kUtKf3kg z_R*7fU3cHv_xSM9-|Md?^qlALqAc4YdiEuggr_^7e!V>Knp?sY@^HI_zYf_sXh|)H z&6GMerh+-H^zy~{SJ!s23G`{RXIhWi6J@0;rT5h2%p5B3N=4#{gvKKatUS-GK2c0M zU-IdS`J3S1ZZ9n}Ke0|)NA3F2g54i7>cZYN`efecz2q6!o9xT2xPNk4{n674<2{JS zSJm&@645o(^E|n6SLMBGW6eHePwjrAKsJo@Umj4s?O}bXc^7pr^7hAP%e-gr-1m9F z^pYgOD|@7z9NpM0lg`rA9-M(uvnxN-KbnFK;#(WU+G z_5TJ1I?4YfxbNDh)erbTsDHMt_`jW_BgB9FhyU8A>!0!IKb8OQ>#roUr|*|D$K>Cq z^cOJytp1anGsEZ2b1$0hIo*Pln->#X;+;<@9#J@@-^%4~3yF)yM=f1e;W2r|n(b8? z8EfY5*tfd6XlK>x!+Ts8=4=XHy47bwdgi&aQ_6}D?7Dh>@7(HZ7j9g4pMKnW#%9K> zQ(k8-U3_uqYTwCM8XETgy61YCM^a z*p0Jffnw-@Aj5fKwH3QF0*>2^J&~sMUjNto7`J!ebY1uQj>lq^rw`wy_PKkayXC>i zZ@MAnmSYdTHhMwaSav+u^t#5NJ!e(>%y}ebaQme8%%TlJqYH_dn>SqF?iG|?tv7tp z@G5rW+|oh2Hs9WBoR=7MWY?Cv2Q#IWKlJrbm|2^r1^i!+eXr*X!$H9RId_k_l1JS+ zRn3h)xN8p}!y-uwR+%Pt24}08|%IHy3ZktNAV)LCj|37xNi{FtyIRAE7Oo*ud zM{{tnv;Xh>i>KzF`!0U|Hxp=tIszdnJ%8lb=*s<900@%JtbQqtgwDSI{`(5_% z4xlhT#`NUH8!0o_Y3pl0zPM)2+~PIscYJKz@8I5V$ND+N8?JnO`}oS?IZL-)xzqUS z)#EGsk6pQQasT7Tj}?`bm##mG;YHLJLAI&EXzqi;rSa=GC;obXZF!a#XdAHZRYijU zB_3bRIgzO3P(9{pRc)k&c1~*jiwOrCD$@h3mYjXUIWp^w@0ywUge9AAzWTK9`Y zByb5mJ~Qx&dg9;R=S`#Xyqzzt3D1ftj~F8x`bMI)3nvlp>x{P#}#+UgVK-OwP{G=6TI?!XvGvT{5k1S51>+ z>642HUo+(nbY03(C)!)fDyD_i)XG{`%NhF4skpDyM97!*2pKVFlV+y$`mU*WV(x7k zklE+Z`~LT$!anajnIat%KPGQhVD5@o!*cr?=5HsWJ>~6kFVspq1y@E8WvgVe25F5y z7cMVr=|Pm%{M3uUQXX8HC0`I&kSRa>g^AISy@3Twhv!#ME1kA_(ZdFUTIj;jfjxW( zwS$QP`ir9p@lS~hH~YjrUY7o7UGL?aYj(>@bvIEr%U87VXdr6tzOu@!E7OBGZ<6+F zg0#kybVC`1edMJ%hp0}aMA{gKUIdN0>REZ4P1Naq%EE`wCu-CgWLYefy~CjtF@d_kp#8LVZ0}$#svf z$sBjiDkxKiTyxl@kCfiIUcB9#t7j1mbAMe{GJD;zlc|gDuhu)ZfmBnnd#yp_<@9wE zMl35OORur^&~lT#JVm4G!;>jy`kzZIR5rP7Fi5tRcFkf)J+04-x4|yf&P$AJ zQ~DHEr*AKlo;58Z!4~c>h*vpP${w`dZ87gc4?P>Ayr$j#`?u5Xx+bn9JB4S4l6f^X zmCwq4J29v0zGYR?a_SysGU|4jA0K=^pxcu?F@#N!-|RVwu&Qjbrc={RMU%}=jasK- zHDz*#zWn0pIJ@TaszGtnGSAm3G@PjXVDx+HE#->X;MkfL4ls-gQ6 zt33^cit9c})%13DeQ+e?R3u#?vzjQQo>)MX$qCExpuePLx<{+eDal&=;A+o)eH2MG zWkWWei+J*V#Hb^32WD)M*|){4tG9=_o(w^DlQp4NLe2pL^%AmngZ1m(w=1)E>ReXcHL^$Iy>+fqF{797smgkAO>u_w@fw*} zz23UvIob;6j5NY(GmXAi#!zGk#OEe!v~R4N_(kf(D$_`l?vw=XR)eL7WO)0Vj3zYD z4X*VVL?BfUA9FWm+NP;t3t}N^}0LnoDnsiTcB-Q zl4+#b;K^P(K-ulJAHn2;wE9w$I8z1d=WEW`4-Gp_bW!i~y|^%s92&ijM$_*-m|z!@ z*v;%to}RPIfSHS?dGNY5%ygs`r5qSa9>R0>_B$EeI~3}`nZB;lDUZ(?bDps`oVoQ# z&3TLA&x4IsBbV!jsgYl=Ae(t+5EsrV3%j~xrF4(-qxYW9vsL`Gd|2_*%rKqcqSX6} zQZm)c>q>KowC9fqp{af&X7zSi#32*)3W$t>isR-e2liNT$!oN#$3mH)VfK!Xvh21t zk!NXsE1yKDBph{)TiRHa|MX7mg{Fol#BmP@zpj_HAGpoXF>wHDdqsCk|@1e}3{%1*|M`~s8 z_`tq9;u=Fe1I(OFD{c-P2Q_SZFvg}5iuP}e`elOOI(LV)g^ba|8_N&gov?#OA9G~n ziCL?Zvr`u}t$sNA!Xzi+uJs?*XvE6|R`*&KZT5C^-!(7BvStS*9Mb4I%U;>@;c)#U zsm$HSZ&i#x(wJ%ds8MTV(h<3phclnJe_VC&y=moxw>=0?=2-XUdFb{GG8v)yWbb;$ zvb|TLdsm$c*_pA45;5Mee)hwQ)UBackNWK0s%7gS{nc&AEt3h|^22$*bfs0w({7$S zF>BcBF=Y+YKSvE$+-tf(dACh&#QJ`+V*?yz^EQfvaSGinJhX{i6xW6H||j?pmK@OId2Vbj6Z}r)o#e zcn?k@5~>OP4wgvyT(3-cRj20^d-5F6F#SgT*1q&!g)fy88xP zOL%~1jk!rTx97LI&)<_??*4w++utrI2bd8ypRpY}@@bX)frqXE7TN@rUkw$y9nL&Z zc#3dut&)9U|FqeDGT!@t+fUf%KQ$oy!XEhvFF#Y|rVYJWQ!CA`3+{e?^2^*CMGlG& ztkoGe*FQ|%O&t8Pv6?*Y9^tc_$MP2xby=yQiXYR=Yg{tYzdihD=Bzt-Ij3a%EyvrL z)n}d>yB-dm3cf829y|I75Vd+)p;{G#MD z=GV+F`x@kjd^%+K{dL}uefM?Gemd&tP7N+z^q}{U&nHKH|E=`wzDJH{KcAWS{cYL8 zNeV3uJsrXSKMaZe0VMqa{-@g6&|2yL_BK@8|M340$oi*zjN|_m1SP^{OTscGrTu4i zyt;Dj%A!U7X-1CGI@wFP;WI4tyyT8v*nj568DF;E@HA)Y2(9pm{kJ$c+}XHsZ77XcsFSOLVj~wpx~~I#6R-xy|x~hK{#|VIMC!vax)wvaF() zQqTS>swyVR^76f9WJwCoyv+OWU#+L7l(&~^A=SoIeqDRiBc3}J9&*<;tGms zuWWKzS(a(Fl#f)`Ys#TkvPvW`C#sT;xxZo$IrhGzYZS5-w512yyw{uNpuEO3zVW1X zv|MzNeR=obdz2f8_PHC*i441UvzL*_xA&vctQQc>T)y4zPA(v-KAz=n_jyZWO{J!( zp3JBi0{4t%nBPc7J~v9|da!ANKP{$Ed04IHfa-*aJfnt1Cg&>sJo9c(?ORqudvG{H z)u&sj-Zymv)4(fAHi={yAK2f&KY=JkAjH6bgr?^N4WE?g zgbV_aAOl^49lq%$LCrIU6~!RL)WAE$rkjLpf})(9oV=W(yu6~Sg1mxi7iC37|k1Rvz+}A4=aAGJX8kdl$Hc_varr@#$r%t3e=2OUX#d$*S`E zlp<(K6J<2WG%X{lC*3R9xa-jIg;CpHXKk%L53O9d?;RrBbc3KGO@x6AZqhvj&+o%N&jVrYZBPXmHJ|imKY1XWYjUK)Wc5~O>(>1*$d)F#w)uxkCmE+Dz51qhvrM~EK_Qhsx^Dc&smEo?A z#L;dCePb?`y?pJ$;y#~pt8eJK*OiIsYUArXZYOSK-keaI!?^PO3+c)J^@)SaCgt?F zke8$9<>R(uqx;3ZI|kdA-f%sf5?h%sGqe5>kvZ)6>mACAZ#?!H^pL#qyUdBP;l}m> zvj@al*7@F?*|o@e$8gHC>ko;lbNza6XZb8(>}GSr*XSy;zj{?1eGvX~G}WI&F*|7$ zResXe=Hn2f6_s};h)Q}> z@PV}8knxp-%mm|{0`7kRAYr^*K{#IqwyCQBE zd%lkOP5oNRK&C~#n#;-in!1HL^zS1t*%p#5llJsCEkE%orQw@RoxIBUNxrJz&+Wgq zi#qgC^y$Mx26n4*3GF&})m^3Vo%!*1Sf?{MOUnDNRF#@a*fsCh(Bk)Mzvk7Jkc#pG zYP^Ov$V}dJ^@!~C+=`;Qy|j`wU!UCVQRS?2Va>p$RqF!w#0~vAs_V2P<%3Il4p12$ z`0+vDiCD|}DT#O8sJmI+DGsJ{8)rS}pFkZ>y^*Uwj_~Y;f3MqF3SZKh1D{?GILa|T zbJR7kuJlUgj2*S*TZa!HN1tzhO+8+xm#JI$0fYhFHS(x+SXy3#S~67-YPj8MpX0>qdF6)Q47c5dRbkZpB z40`sapu#qGufy2am$rqCa0z2R@9{!sgh#0*t*+R_C+Y&3_^xzR`Jp$etCEJj9CdKW zi&A@O?SS3BtZuTA8|77McIiKSbZ@O=b%gTunI7N6vcDV39d7S1ajnhbL`vWN zi|ZG>WQET+_8rBHA0hi>P2WMjYU{E;Kll`sdcXM0g-e>6<8_R$mu{4@m^FErmHlzm zasz+TNCVm7H&z|1dhza27)VGx!)C7H7u3&|1B7F3s(r7Hi}(4Yk{szmBR54GS8oIId5@wfd@1-vuw+BR2Fm z9G$f3M!JI~r?BV6?mOk2KIk~!+P3Tbop-}Ss(nVs&90rmEc`tA@FN53Cok^hXZQK` zN$2MMp;H&;ma1B-rRob&E8%bFy->9-!B)=Q=D*kly$I! z>EkZPtFrBno~K!9Pcb}~(~n^WTv zswvr|VEz@$UAgx@n|~T&wmsS{j5l(d;pB1ok3#B(&&yq1q@y}^ymkCmqnnFML*7yGX z^wK>CXWbZffpy{GnY3$pM!MTv`>q+I_o&ahk_E+AHuOAos^8s!mm&QvV^6wk=U*zW z_3ByCJ>m7%PlK;Te3tLBi}jmF_0&ri^~QnbqqddJ*E?1{Tl3{3qnFAJ6*0H;?eWE67b&uG8B+S!pi|&>I>d6H& z)uVHl2Oqq$-u~rzQ$@>_cALJ(B;?+Gs(WwcLe}2+Tj5Ve&Qly`x%tZ~?}@v@lB%=A zBQ930n-Y|w>%MWrxdR2pdX1UCecbRh2#gXZGgK6=)b}c+PVzFobJ}}*T9n6n8{6Ak zhJ;Q$yd*Du(}vh&NlP44h2O9bLc+c4DOIKo!vk9n9u^nxkcI9;VjHln9?wr|`lRjsfRIj-SNlk>H z4Gz~oTq?>t5hCX6Erj zub7XfS`YvAz>Z7nBMO@cSNA5JPTg@ZwIsFs8~gqjzFaQ9zfD7tShr>2Y_m^S*wee2ty^=J>n)Uh`~BT@TbJBHceeSDCa=*Y6O#OXU%c0&u>W?O!YA?$}@kiZ*#oRgmb&jY2Jp=h;KJ1kGvr>&FFNUx2Iws%4Q?I8@>aLq6~jiDAY*n zfB(y>AzR8<4Ai)=)aA;p8p{Q`yaispmb|?DdCJlhD%X695p#;cTsPxOZHBddE3VfU8Ya^ddGQp z4rBb(!>8=-4eFkn%}`XBIo78a`xk|Rl3RBS7VUVxok3NNuUxh!sm^CiwwI4fjJ;Fg zRHLZsA`RyYy}xjbw2l|77(Y(+q*cQ19Fx(v4u|)+DHCI$DV=h?G(bbE%l1&Vk-Ni# zF1^0$SBz=Ao&G6llYIQmZ|lc9e2HaJFro1X^d1bA8}^_hO7?op2yf%y)0g~!A8<{SxLzcXOWrXx4h!bde2 zeK)w7y<_5V-qVn;3hScQZ`Nihd<@W?aXRhO)r0D{X3W*s-Ei~!dsVA5+TO*#8(C!a zjSZ;1*e~Vw?>ny6J^FSo?Bl@`qdzZuxch^Y?8qq>ng|98%2oNb-oEFQFC~P(Chk>E zGE7pls0t>Ns>(>=ziCJ@s*{LSNd}8YP3e`l;GXsQ+k5WbU-$Zu`j&3w>v3nxN6_D0 zIBFJs$~b>$>7L^BzColNw_o&#cz$T(y5KG228RzUu?RJq+H_rjgxmc4r|5sJlFM6n z@+19^X4fkIo91Y5>-eAjuQeV2iobFDUkoTw;QxPxncu!IGwY>dn7``i7_!R3!i90+ z@xOnUiVrxoS!MFs`m;p=Dn2$YTQ^L3Up{E5z% z_T^~Klw{7n+7Y3?AqT4u+-rPx>-sGiJ=o{4IbilV)F;FNM3UylK(weZ4!|vSSV-6W z@z-n0Hf=W#keTm)@3of8^rfeaqWu|4(-MbgWU3#Cw2A5V)b;G@dit?D=>gqO4BcCj z?U?VK-o<=Xj;=4)&o!2;+e5Cuib`LVFj?&gLlrF*!-vrpPZ>G-_M&nZ!5PL zBsF5RnL@1bfG*k&iB2_?(4v{^bgl<5p4KRLaoxfg6?CsA$UmxU?hP-sVB=waBLc6f z8(YW>(KhKCdC6~D4+Z8gNxmm5hOL=daRy>CtMAt^Sbk$< zS#F5jgRTU5m+ZQNNiO4`O2u()&c!9pdqIfT(PwAMFP?FZoGGuYS94#gpWJKBnJ4WC zs}!g1uguq|@+dtOeZ0nH_JDPxbqI1{k&&M6?iJ~^+P_#_T(7iXXJl5m*1453O@^v- ztF`6E%JrSLPH&%Grrqk%p5pYL87rA~-z?6LBQ^n{|t(%imOwQq{C&$ragT>PW`~tT{*yW!m-F>m{-hxlYo{Npsi!Q7LP5yM2e&hUZN_9JmFD~n2nlLl0DcC4W z#mPFecKn#vWmz)x5`v2EgR#=eBOF)A=2N_sFA`PM4;e01b+KBdM(`)(PV+x&`dIlU zGnBYx!)T^#_t!PVJu9+Hm~#haef3)4=aDU^cAwFodP8%;?!77%76H~WioSQI*T`r_ z$|@h9@wqB*b<=msS+o0l&kiUi5PBq9YOnZ>tnE+QRlH(TpC?}pG(R1ZT69W{KsXn9 z%_Vx~ysVAxmL7Au#~thPv|&xUpHJ3+Oe(=+=lO0?+kJWwXXfb35wfk~&$?Sy%_|Eu z>5}thfM(R8YAwsiA&FHFdKr2Qnz8y&(Ma|sqc!)Z$u`XHX?|;fv_)m6slpqhczOI-15IMXDoC+2HW9xn9Nb8pQNtey6S1Mky zD5>fJ!PHJF=|JYNsBZpUik~i}b26oeW%wSvrg%Dz^V_0AC*r%Atmgn`E+{WRqzp&qyislJ;g2dP>{u(N8x? z^vilO&EWMcO~24U%}8@kTT+OcNnFqj;yjhAl{PU?c%C6oluM>99y;A?`?Pmm7r5=v z*mB27TcLj7{Do5@GuM}^u3BoDKUeOe@9raneh>7Ig}idUIMT`7d>fCcW0^ZB%;S($ z!Q!ARQ645VvhiTMyy<-pJ+tWl;BAc5lR5ngb`r@p<2Mw%?Q!9q=h?b}BoCiu!KT|w zWgjTk5S15Ymbrd9VesfgmaoBpxHy}&hTR64t$tW$mTpTtbjrrhnzZz&j>9PZ#G3g% z@}y$ChuSd|-b^d}>a}p(yXE7bXxcVO$FG=QvBvw3immh@%e+~Z zpS18Ic6S-ZzQBmuxR&CPJ>lz;X$RwV58v=Im^~-U)z~FQ`iM5M*#Df_lyah(#*z(Q z(Wg8nuO1Ncas@%^Xh5t?5Q%7D%Bk}^w^b*dP_E4mQCZoSR(vKs`N8$f()v?zswQQG zCfls_iz`)MSj`XeKL4ANL+CWwM5UeU7Bvxm(P((A6k1a!=SLv*DjPIlZNlN+gjoTN z-LiFuRu@m6e|WVUFHzemb=!(Xgy_b5}(z>nGqH%RS?$Pv|VA|{iD3X!jK;7&sW+!@R(Oy zP;=mos^4V8hEq)o9v%qWlr`v^E>A1@{3Rvt(2Zv2v|QJnG*m8oHK#uKZsX?NH5%&4 zs(xi%dr^oUjFU4mUe^&C4nHM~whA5eZ0|KG)(}F|xSLs?zuS(<4=y-+IFcy;I+pA! zpI-g-^s6e%+veJ1l%H6=Ug*MI{aj7KWlNq_=;T*n(zXM*glxaitLv^1ChBeJUFP+^ zYKfAUc3FCV%HT(~v#%4C%rX@!RvLbEts$nzr4OQA{3w4;>YTLGB&pG=zm8yizn^p0 zNow@uw@0oPDakPvXM7BLFCRayd(I5k^6oXSXkV*8$bCwCI;KQ^exG6Q&B`X-%{L;- zZ=7(UtHQUN_M0*<9K8N9v)bVG*7DiiM&2MEd&zB3^@#1)bhF#*bI0FB1f|;O)ey6{ z+Las1CO6KnzTD(qv$v5tML)Zr*8NlcUd#(5s%AG{xN=VZ{RrtEhvHP_^fE6vX71!n zm9J2qT#%_$I&!zVw%Vu6_qwg4mH!F^{J-7iAJzZbEB+;*><{!m8r89t|Ie0ckLrK^ zm;WK4;9vJIuK%qk=n^hB5g_*B`}gmkK7V`v@#}Bzzr1<(`PJJ`PhWm`{QUjHU*9!6 z{_XCgH#Zw!U%&V2{LSYluRJ|*`N^@1kL%7qI&}77?b(NWPTa3PesA01JC(J!Hy*gP zVgJqY>gy|aUR|>F(xNRFi#MFlFF!kH&6&S$GMHY8=HdZyADKaUc`>e}A*R#xP}~P^ z;3mj6+?cBTUL|+YoY%x>P6kWWA{#PdJ<5)$s|7ptq*uRvT@hn7!HYGXFqzi{?%C6q zo}v{Z&(`+p&Ip}8p&L6ZCu7K@DVb?`5z=`awOJ(XF6DXh-fJi7ZyH*z8yHl|Wv42! zd!`bUIEAEc(Y$F(ybiJ}bJ$UYy+J*Tq@{Id1W(tlyPAEb_Vf|<@$>9rwyx6RXI{6w zj}{HlnxLi@(q-Q0@AcWM%@!~4&8nQLpf!A^I`Nbp&3lS@&3!#(R!x#UY}w;z_GP(!eXAAfNouc51NC`B14kI$ zd=~jRvgC&Md@r3#F(KniYKsodbzo=GdTf#(YQ6f@>*PYcVcjiye(U=3;b{N5Gpa*R z?cNmaQ+WCrMKMxpjGDfhU1s!%p$D%_IAk(=_cMpa=3l( zjl@v7EW3gBzC|;%&PGnUsJq;K22r)&;yvW0L9@E~Z!_8Oep_u9ubpQ4HCYw0MTgVQ zRcD+uQ}yv3V^Os~Zm7K0yJ2~mq)TZ%lhzPTyW7ZT+s?~$SQB!4Ot;i0P51io*o45Y zasic|GRnoDcyZ$jdNWsa%$v;KQ%o$UA&OtPi*cW+m)RL)K@Vf%ky)h%dncvj7z#fk9^j_b>g4O

  2. 45Q&D>z(R7i?L@P z*wt-Z|9jo&qI;7(=iBs?`>e}S?HYE?Q7-4Pxuc!Imk8eX{LdBY_w>BF2Y&IeSS=sQ zezKind;4hd#`OB-jGlduhAL(f!-6%+=MHw&?J<CI=1j%%aSSZ=g5CCML9*f{E_^(v2B(AX-l=S{V)GZgo1zF zOA+}GQ9eygAfG{QgKP(B4?qBfHVAf*;UMq<2!P}VVGeR0paIBv5bppJ02BZU0GSV9 z0mlL${6XLYWB`BwPy#Ropau~BfFl4P{B@IQVP8f#0L6c1230JIr2V22yHZ~i2lU-E znxx~uTB~p*X`xcu>Eyk4Uz_J`yXWI}QtSQ=`eo=T9C3hAaESRh@#R$69`GMJEyhRZ5$l9HE}T~zI*rQ`iesE*bFV%-s< z^la6mMAc!6a`nVLd-OC9lo23VLV+lyM9|dpmj9(r?w86;wYuZdbq&FaM^wtY$X%?~ z*SPBSN<~qJ6iFa?$(hwvDw^9gTqMeS>6A`W@W?V}tDU?&>#+}!>aX13Z%)Wxq&3>h z(p~+W$1-y%nc-H1N{>e;a;1`0Pdq6wUe(m4`xj!mqwOeye0O)!yPexdQKi>E>aNAf zER~k+b<XlOm|0 zsDOwxr3i==L2Muvu<^z1chC9lz3;ht_u2P1?iio>D`Tydxw7V5&)eqvzE8GrnKZ~J zA`Xk*mz5_z3d14@?hieg+iz2Rg!YyN&)5eUkG-WMv1>d@j&X=`z9ufZ+7W#3>2oFX z(?ED->7;moMnAAn1}7N3rLn4n>tdu0uB*O{fz&N$iPNaZ9f{x#aY(e#88E#lbix0P zf!DGmelX2X=Uj&QAGd)EWa}lo^FhuV=vze2NAS_&xzZl|64y@6Uneic+9#UGWyGoOK&L zo}vzbGwmUX%|2!a#{cINWB=!*)c>lH|9krXU-rxXFQ4fL`X8_KjSJ*=_1_BA2*5A@ z|G%8nzv<+6{jUSi1AR=umoHz)mBUufwM$p6+OzZ*`paNYFsIBVT@{|Bv}^Gmio+vw zaynHvd*_0pdMS;U8e1Q(JbmdF*tt98{4@WDs-Hms!1TR7)+hM*3PI2K1t6g*VFzek%xD=AbkYcG0~!`|;Vg&@N5NADD+W4KQbz7h@MkoKrucUb zGTkr*Y3Ar*HGw+`XC6%4gNHUvk9GR6u5I_T?v*U5cgmn`1PU6v&Za;3rw9 z!w77S!K^ea8JiAA6)-bo$U(QYk^|ie%!KrY#_{sFF$3%`W3L zl6c%-5ZeDe{QpdI`#--3Kfu2NUiOduzm(*tF2S$(-=C-QZ$I)K|Mh^uxBQQMXSw!7 z8>$!3oocmqHS%)kp#ysIxAHv(s$wV0ee(feZs6+H^QG5Ilgksg7A~I|?;zLL*ME5P za(sMzBq`~Zv*VFK^X1OYR`q@1Sy5}xpXJ=FnO&H>dAsM+_WKv{iNCYYzul9HfAa70 zKbrMz?gvx5h3(ELU8L4+VIokMsC8SJ>BCk2HJb1eaP2?)Ks+)suL-?JTQK&by>L~k zJAp3oq;&qL@PMNPH7pCWFq>K2xn$)Cfgm|{RFYrfoB-YE6T%dHeR zpMB{xbD9F%&A6wNe$y0@5cUhJiY()GS@BC68*e6>FgG6RxduJ8p+n^kYcxDrKdF5D zw6KC&9-dRk0^BI1Qj#*OZ8$s;aknjldw*I9VOJlT??b0yD=dv)I?i`q)tPw2?993ADc-Xw{3d1#)b{euocZ%i&O7X zShO%Mb+pJ#MEr*nqS%6YC;rsH8bx7D00=9cH^M5(8a-DEC|5c}b>B;yBMwQ_ z^tpJ}ye8t+p4y?{zR6krJcrC0`(rZdngj;xC16*I%U;MbDAfyW4asyp=juv&uOrB% zB=;l&N-Iy4hwyH1ik0xV5LOc7I%cw&c#qq(K+ptgWe}3vn?S9V0a~X{3IGuhx^1po zW8lw+OVSPbk^Xn(jvw)dn0w8=o3x8kr#vPhsQEUI7gAbh4mMl{HG3VkTAr0?oD^9&3#RWoO8NYD{2VJUZCi{g>glD|=RVdwD*iCDdSiRw%30)L;+LK~ zv4_?AU}3suv>!j*M1e<{*L3@%* zXf@(lOXmb5rvwQUsYikUB%t#!AUNqV5YHnhr25Q3 z_Cn)fL$dZ>mf)xSrTM+)Msg7L0zt*y6WRbfke8-fr8#$sq}enATopVewI_Wz;C)k( zDEol)utut>#BLwUpvP^&wY5Xe>CAgLuUE={nFb@mNMH{3C4%kLktm%pG6GMT^e7m& z+Ap8k?O!Gp)28ZoastLi0br4tnR^HMtKTNq?DcL+cg723i{84^i0L_QrXz8YeVcUn zRH!<8;=KwiPo*K3s$uE=HyLh{g3?hm0}wODYC=`Cp0y84x_&@yjZ3VVV}|MVH;!eD zjv6LQ#u1H~ronh_K>7h{BE~RBp;MkB8O1?5cpH1^N)zu)b(OfTjuX38x5+SFs&aa_-Xms9gzIeXl)CF*5L+!ltAW+jVcf z#(*O`=ZI^@Ydj~z?04*FU@ot+lje== zskH$SnB0JJ>$F@sPcNkq6}=%v*$i0W#lW>ok*01zOsKqA-52c++=I+wS!?6JSsFuCSX}RCWab1mkxP)DwLL_q|`E)1*mC|CoJcyUHz|Me&Nj34r{- ze)pb3 zu65N(mCv*~R&4Nr6MzsX!Ro;TaVz2=$C@V?4gkixANpbDan(dg6fY>gN7 z&Px=WBWoQE>9uh$*Zt51e*v|m88`f&OC z)QCui5dSlejDJ?M_7-4;zll#dTPzrJfoyUwBcYg6WLx3T{>5BM|w z-*?_6Dp|O#vt6K$EGOq&66PhqH#dbA6igkwea%`OX=k z&N1H3LC(%U)3@V${D=8_{O8*}ss11CAnbeozr@~DZE7Dt&&R>V2>gHa0Zf5tki4PX z?37b}>&KX@ZY(ph%Mc=BpG$u>V5g<=XdnWj{Kq7>KIC!Nq{1vRL_RSF?Z+Zc(4tS< zM;W2eFtnNBSq$a?#su&^fJS1G`x%jpj^t8%fV3aYWCO#}0hnS2Bm*5Sj2?;c0FW+* zNE+{EL{^@@AHcwXItkEW@0}PKb2{Y;z>q<7XvSIW_2}WQuIt!#fC-5@kiWmfImq$t ziL;dvSbD^#_0MsRK>prII4OeY$}G5+1GA`s!%!sf2DPMImPNWivm7(5XpZEiTzX49 zp%J;?-?3wd5A>)L$z;M|^)eYCV>LE+TQ5Iq^Ip2mvY|kQsnpZnG=`X>K> zDbjx)|KFs*pLhd*>ec%Z{uLGekpCqs_pAQrr)Kuwzvw&u839J%!EgJ&h4sV3ldG%G zx2{~D-1+!<=E=+Mp@pkGGga*qrOl&v#+F}hy#Mt1%fi!*FJHc1Y#iBow==!)Vq|*l z_$c>2uMQ`}Nl+Yp*?6eX%t$yZ&nP!^ER!YcJkjY8majzesKzdB6SX-TRN9 zKYtm2^z7EiV%gQP#+y^k-7}SK6U7bpuiTjG>Yra&d3}9g{_~fw&6MdUPdBdi&Q!FG zmtP$#ZykR)x88VjdU18*@yhG3Uw3Cv={!TrXtl-p=otP6Syzy%C63Qr5Dd0^f+Zc+Ej1?@rPGr&;UIBNMm+|SFNq6; zX3+!Sa1x3ZpydK+L^;yoC?g2Dzz59776;4L1S2v~;m80YaJlXr^ql`0(|U9`24J9t zG=cWu%+yqrguwT~UV2DO)p&yDZErfs>r=pOC^x{%uIDq=Bm$=g=w+WGAX{%CP(>bA zBYIwGTT?M>d5TUq2noi59jkB}eHhXIk$jn-$NwM6K7an*`w{-B8$f^9|B+RowuJc= z|NZ$X{>xW>$3F_70Z6+5br*+1p?ufUpzm7x+Zh6wK|9qYpSokQ&$owT-Yt8{=$Du9 zmuLKc*AIUl|NkE*+~0^K|3M1-!w32i{^gYZxc@6JkN<`LAI|IFalt?JKb8L_t-OEj z`PSt8dVAla!LenkNq@d_kg9d(mtMX5@G-Y`h-w{BRdn682OqXSQI+xC|s^C?(9>|?L_-r~QgEb|GkV$}o4>Bwm6GWN78sHY9)Zy5~ zy)tVIsK}_OCrumek^sM&l+Ey*an`7?-GYGD@x!f;02e`Hv_lA|l}{+h_JlAON*G21 zMFX}puxvOAiO~SiCI>-CvKpPdgd`dw29{PoKvXoRqj#m1V*=6RT>%t*6EB#Ro%0$a z!~g4D-~RdL{3ZPVj#vAiWBsddKf=GP+#l=zHJ%d{}cbEzuEt-w-=}> zptr|X7oTliYMY`ad=|Gn{4>rWCy_O*LZ#4VaU94^{j!P`yD_b3ETY8GNT%y`ug!%+ z(J5wtueM(rg=8YiDIGQB(1uloWTz2{)n@$1YfbG{6NIsub^;iPxwNq*aNYmiR$hD zSuQ{m8gx67l@Vle#nJm3$%1?mCmR7L1Nq*p1}QA_>{Zp9c!WFc5kN1RWTj&Gbvh|I|zJ*YF?c_;bkr{uh3P ze_4e;+5dR?U;M8>wSNEZMgPSAcm02R>}l)m`Q-AUmG!NP4yyitm0LghXPiSkk=F>U z(E}{Q?QMN}5?{4&0YowUNg7W54Tg0)ZhcFjMzJAx0~@2cws0nzC=cSJbg6(MBTU@b zu~7Xek}FHGCJVu+5pAp82bbb7u{D>n!)Vo3>r231q^ig`hn;0I#=%0E&;}ql7cI>% zbKu`y=YRG4zl47$4<`qIU$4`y4t_r)2Y!Tqxj*&)Qc$E)0{n{q{i{X$8;}1J|5W`y zKC_l`=}u*YBntuRmFN{r3G%(UoDUIY3qW@fUCP3_ad>^MM)y__JJq zrW)y89n#e-vwQd%!GPCrWxP|#PNPLDtRj5dU(l(E_Ot*ZVIp!vfSEHM(YRa#_+08P zvqK>zl66XiboFQ>*KfJChX}XwQf1FffI%g_2W_qOB`DSf|8VKSQ7%ar?#zhCA zW3uw(G4Q1WQZSNGUL{{o3ltDwD_Ix^1;qKvK%(I+Y#dxXdwv-KKYCUE68=2{{9GM= z2KnFb{zLpLD*Pe-FE9Vg|Nqg-{XOS@hkq)<%UZ_nPAoT3rl^s><+V+!7cjH%Jil&; zDgx5V2B_O|8(SYnUbq;a`OmjV*l4@-exoo7gJ_u;lfL)i zgGQKMi{Xd|4rIIvFB%bh+=N#A(s_a7!OU4g;GQ=E%AD~9xJ|61v<-svWDEsZ40)`Z zt8u1oN(*QqQ6flNdYUt;C($%$5jZ|ngiBsYQbryUBf>2ZX`K#6(2DYCXGfezsoLJ-{+P;V-E18_ThrNWzr=;_+v7(ltKGf(cKX;#HeUNJAH;| zChbd&YwWzqSjH7W2{RypuT~D~NbLYOiWIDP?5rs$94rDJ(i=0UF-tWR715Xip}dfI z_(@vs04kS*kP`x6fztp8XQ(5H9u)!tD@cjZ(%WhAWAJg@Ai7J|jP@vcFbs*N2}0G& z@S%kEUN01-r8z1GV2<$oG7J9kBKS-#^yqfAY(B{L=wwARPqA7J#X}8h-1d^z8@$W=W>6L|vbqP4XX2l6t7-PKe=Xq=h#1k|I>DX zwsxL&q161p{~&;J_VV&~^0l@1^7r@hRQ`c5_yPXq6#rEJN%j9_e(C?ebDjUySl{tq z53v50|M&IdN~hc1lta5uV>>(~I$ZguiVyCtL{61i?5-xv)!OVn30P@1-dzmo3zy$r zOMY?3zt)8Hah3kgeC+OHubTn#y9>UJw)~H-=I^d1Hd=GO84JG^slIa6e0M4AMX%et zXES#b59}_VdvU{Jyd>nNuh`u^Cxejg5S=~1SCqGVkjb&-U;WZm)JG3QRp=@n?LlPx-melQbiUfcl9c;n&G;o?8ECC@vy{(93h#qLr6 zZM*vif+g^t%p7h(QZP*|8Q;^^fx$Y=q2XuFMI4Qa@#H;D?|8`ByVROLH$(rDc3#zq zVB=$@M?5WEP9BOkJ$Q)OK7h9(z1t$%#lxcNwoXa)kR;@y4rD0JFMuv`>>mBiqr9#( zx$OoM8PjI;lRZ6n{yMXTyzBH8=u`Kq`D?2;D$O7j__A56H?I>q#NCr|O?O`RcZ+jy zQi-xL!*ckincX}T@sx&T!IXEoamHC%(O3?j3H@* zh7XU1s%TSU6Wm!;s&~pJZ`mMDB6Ex(DI_)yj7WdFo#S{VxLuv$Gk;HXnE1&&T=c>% z)5zmdoBHQ7MP_8*_sdK%1a?O@d#mj+;w#xxtp$}OJm+jnS*2m)XFtog-dGBi_Fu3d z5w)QAFX|WOjcCS>%P>Ep1XsmpBsp2rzTD7>?U?KL9jqXnkOR6YwbxEqb)&d3LfV0aA}n+tw75)E%yjfB7{ z#L@)eI+1QF!5ESi%sqj}5t!Ca2?kxcFeiujDW{lC0pBS7V`IIXkN$B7gg;r0e{ zK4T${!ssqLMk#oB)jNWgamu@gR$J1W0y7SoSfY{0!%->98VDrsI0kR?j6=%aR1$e8 zjzWXKK>;Ar{=}+dY=ziGwA9*059}DGQKLwq&?q9KiFfBXfb1t}7LO{Ak#e=lmLl0{ z`Ze<5M_Ii!Xqkc^3ZIqq7@0=2avFor6r^nQAR$QQ-M(mWUS>B`qzjlpA9NOuxO|*o zc?*3&SPqPq_874Zc*$!wk7YQ%Fw|Jr6bP#0WWxbRC`DJn&rMb4|(1rW%u5J4Fi*&@wLRBDEJ?!yokecAOx3G8S?TLaj%$KFgkiBR=Tng#v9zPrquFF2B*?RSvp7>dY z&osXEkhd=*p)&L!*RZ#zpH#{*C@;M0B?cYdbtjfi#yq|iTR*pc!^;-9XJze3AVG*e zJ_$(N>xBr2G(I#Eg;O-#YfRC(EN*O7V$=f|Ieij=UgRSI0`p-u*B%2}-ZIb^W(*Nd zTpr%wh0Q>U|8ZY3VHfUOKtZhC5@$V3HcD@rn_~27?SbAg8nk19m@_n)Uncv|A|Y&w z3nVVbdngWNO=(RR?*+>cU z0E?}~2}CNX&05V4kwi;DNQGdI1#4-UO#z~&KG3H=Ag~&aGYCooVapaAthb@odEO*g zR*VZe&q>anh|*q9r)l$#5aVk?OUY{spNdaIk11hX%*h;s+!fpx8(5KLRQ5m$0pm@A zOC-k$(y)`1@8knE^8)a=7ERSSfUb$X?EKATlYIx8qG|hY@k)BLZkl9dcBQ`&Hl=7_ z@Bk??lK^rdDYHNhSM*L$H8Q ze}4`cU}Sz<-XYizl4xAaF_xdmDScunKEiQ7@%;pH$Uj!=GYBSC<_Pc-VS^-;<}r@} zb*6kYo4%Vqa+y*t9WDkp!2yREmlzp^z=qA|Cn7fFoz_2Bqi4GfoC+`HnVHw7Du7baT|faSh8@ucby{-dV0|EeN#qJowJga z#js{zlftHli^3y|QGWZDEJ;aM$xh3m)2&zI*NA(YKStsHe>R=}J^Rn!%Uee72i6~z zKT-ydSEO#};;A2{Z?RtLN9J44pYI6O(|p$_`q)L?oTmvD>w~SY(0AS(o_v2D z)l<1d*aQ9;D??5n-}g08tVpi?m|NLc_4(;;=N4V5j5~Ew-Qt%f#Y>CtJZd%?`l|WJ zQ|=Sz+4+vwU2~tKPgKU{WJA}2w%dfG*s_%Zb=&wjlsIU_I+Ujo1Fq2>AM`}lnmH^J z@?7Gd#uq#jd$_t8AM!2)eaNrIg6rBLQGJWM&j&*FR6JB_K0CD?uRC!~tx71bz`btr zYRZHfPoCtVvPUNSQ;X--{Ayo)#q5zjaMaf893v(3%KgTpi|4LD2qZ4#HM|ShuIDTc zDekd$nj9auy=^f;$gm^O?=pg*+wr4Icfti=AMYMwbcAQ~S|v*K`#SY!i&zyOw-_() zzrgJ?#@#RLoRli)w0_+DZTa0Yu@qUS_%X2~)drp>;g&`M5A!(;u-8$?a1UzsozLOf zD~pU$M`YY7Oz!RN(K3Sz`%_e}u8-S%s&G;7t8?e(*;J1$+PO+QYk6R!_3pI$ z>6<+&soOk`*NFd6myH=(5hNw;-y2HUS9>wvUj!fpkcgz4ohc;O~X+zdhPtl>gt_zEk~w zYWUyZ?>~Y9^8ZQ^{6PLw-G9YD?Efj@sVd>u{{O$dx<4M^Km33EZ~i~k@!n|L{rYj_ zyy5O*Fx3O^a2Kb#;yW{Ecjn_(+TDB4D1bbH-RETTewu0{R`W^#pN^>G;Go6`RvM4Z zl%Fuuq8&;)a5qptqkqRImKmRRgGhnC-e&`$kuknZK}-RO=T1ju z_yp&8d1L`lJTn`b(@B#DB6^nVd;yS}8;B08NkBA3BjSCM^C~0GrsdtJ3Cj1CW5lV+ zUG{3Lxv>|*8z@a45 zBc(%aUKitwr;Ikp)23jWa=?fv$}eT2roTDg6`FqPC3L2wMdLHk4(hM#sp&T!Km#PLGYBoHZl~kE8 zEssVt#t&tL?iP1t$BnV-DqDFqbJNF&F#j*=xR}Ojj2kHu= zC}VKcu?6KrMq{9nH5lWUTq5_(v}|`deXwhqYRu?|f@q(KX*7#x=2N1m9r-ym3iAlLXy&%iFov}sf9S9>!Ktgk{^#jAg z9b8sTk*EcQ1haWb*(D$uaMLXGQg8L^q3nVh4`;5wTp1B5!8A|uHDt;7)x#!9hkOQej}7jKvs-AWBx zpwX%?q9#`sC=jUoBTvmUJ_VfZOYbHgb@3KwfA`HBtsZTd5zCnTx!7@TO;IR8!j%HGou(~(mwnN)c-V+R&&hg{#~u3 zaXHZn084z%3NxIYrTYE>zfJ@U!=7F!%~nXMjN9jzz^09Uvibhr-M(l(dQ=%U60sb) z5m6lddTUqw#d0FahbzG=@{R(_)KvoP?tUVf$NE5+-dq|#S4>22|ARuG3|&FXCWC;A zTsqZcr%EL6f`xJhFZs-;vGzx<-59=Ef)*;){z^N(`;-dF=abvV+u`Kv@fCYMiJM2R zj}&rudD3G>Ob)ha6)Cn5gpHTi2@h(=Wb$L5gH8i6O$s zv!Kk%i#aa67!}}A)>m9tw^}(~a{GiJa|6(+hLcOwPlDLzh`&DQy*Fx$@Uic_#sYE8 zlsDNPA&EOsLs*3pIrKq;%hft6ZVCu&%BrDvWFD0|>8_m?TAXsLhBiLg+C7JxxuFi` zxEpIAVuYB+605;j8ABblQv0c1ZA}a#^!e5TW30zc|X}OHttGEeFusG(dX= zMYoGT0>c3)0F-isAYmVrOyT7}g*f@rL*op-yit1#SO?+a>cV<&B=?pd7&aE>-^j+H zt2G2M!x^DX#{_xG;v`^V2VpG*5P^3p2WFAy?feOQXkl{4)K8)G25zOW5+RDZe7ZF0 zk=*C8mv?oSb=Ib}oGsH;^!p5i4LODNeS5WqP`>#AF3yrEEC!GxNL3gzllyc_v(ki@ z1)P2SGlqZ{Gjaec4X#)x3&9dwO0t;oBgVYAg4Ww@hEGa;!#m(-dxDqSLuqaNeO?z=oQho@&i zm_v&gqsdVX_JW5U+zv00)-Dd%_obK-MkHL<_oz5N96YVv)w#R~%6EkDK8e*!057lz zU3c9q?HzO38D+@zr+f{}iPBMcuH*YiToGvmVbYaJv~v=amD#>IV3WVCuxn(T@`l>{fO&7-^ zI>XHshO&@cu*~HwOXMU_pi^Jgo!Sh#hfja#vO!@SX7yt@gA759mHX(3V2=6J64RT8Xafk7fLp4*5_ z!d)eL7FdEf*vQqe;~JD4N}*!zSS<4B_5fr3MhwTu+$_PT_wmby94%}QwzuxAmH(qX zCbTMGTfp;+n?}kkV~J1U8g?e$uaF*q)ITE)9Eoiz7UPZ(UyY42pMRCJZ*~QOYca?# zLCq|#H!*c(TZ!<}4C|lL(ig;$-Z>Qu7j~UeZzifYq5X4q5%-)RWPXIs`&m&I8}-f! zb5QozC^}K>*vr`(+ndc<;Hoosc`wPbcK4dKq)t)}cwZYo>a3yvz66X;vP>)!ZmD*7 zNyc}mxOBPaV`7aXzEyQKmq?{gtK&5YSV@Py#!4#NTJ<3~c zyD0F&6J>h}C`jayqT$W@e!cl8;(2O^&|OyC*7LgnH*POL=W-n3%uC{61^^^A8r@$X z0d^sSto2EEA?eUucd$tlG>&_x>21X!9xxC6@ME#V?~vw2GXl&5eJ%6w&LkaLkgn7; z1W!W96Zl1m`|d*sCiRE~s5@V%V7nv0>LABZP^^V=SqMti3g2LC^==U$ZabPvJ!6V{ z8+xbfVABb^Hvy}eL#Ix^&;R7}3M5LQrPR~NI-vJ4*Xq(JkA$k~|C(KrXSzw`RmhO}Pr=qhi@L zv3YEXneL57XNTgFX5-HiltR{m=pM(%VKpQBLG(2IEY%+ncc+qfPbBUv02}Nn(QS!! z%CVJ8njb;*^CY@{L?9tJc5w>uC#3eZ(=ctM+=^EnYLLXZxKC}QZiuEaZU7toky7S% z+wG*){&T^sXi1+~SC=3`y}%on=m75oxGS2AlIh);I`N)VL&&)2lEI#zF%qA~Km^0F zf1#`KKRkk8Uw$wHf6@OBl(n^|CIk67*}8anI{hoh|Nq|m2mU{`|JNVue-sqtfBFAE zSh>IF^mqTi7GMUNsgd8`Lcm#AY%%~`x3t`S{rakk%Io3b;WKAeZ{NP|?*1@2`NRDD z>eZ|B<>jv*{=P2w+ZX_J7vHZ}dtLeYz0O^ts9^#>Z56rR?gi1@!;sk^cuXn^8mwjt|+e&=7oB$^jM)EV_SVWKpKFxAec>?mFo@^J$kvJmdw1 z2AabYJR*{PqYk?=!JxVsjOX=`){GbrS~ox&l!X8Vg3ELDSl}u3c4-E#=jlMO>{b-2 zwH-u9XN}awfY882vbF71IvN`K+FNM!4I|@mi1)KS>S65JYg>m1Hfr9j zDf?Nf0!J3ALfydZ%0@&`m44~zlCTYm?(GYl(yy#ejd33h>IEyW-Kt<_0Q%w&*Y%Z? z)eDWzdq7oWO=`V69YePsEF6mzlzIX}?v*QQMp)PA<>^SS->d%2&W$>>>3HqPb5;$1 z_5`j>%UtNgqK1i=SF7!5gEfx#H#k(Q?lIWU9n$2a6EE%lPyqK6^qGGh|1Mr0u8wvg zwtfNj-x7ozot*6gJpBJNQSbx&%PT4UvHn*{iAsR`EB^QQK>WWPb8oFB^f&&eb~UNIN3XX(ch*z+pGXn@ zk7qU+kUL=>4<`iG5sI024$t$m|zfyX+p}8gh zlxAwuwN7tPaTg{0Mo0Ip+X=nEjXOiZ19$I@1`f0jj!mAuKQ%S;X#Vlsy* zMrl^dJVOVWB;Gj^?T(kAo{I3%;U~x=ddbMV`aKAoFEe8^YN^jPL z!~gklxuDew8#L+F#8s2)AB)7N#LZgVrWua(zLN%eH49aF!&p+5uO*M~#~b8caqLK= zX+DAmiS#O_+tV|Hg(0}+)18&5WdlyO47tw4SzX!!#+g%{QC&lC<88?i&r&-?*?)Zs1)?XWC)xGKiKY-al08yF>BA~N8a21}osUwrKe&B2U zj{dFF+ji$9Q`&Ws_V&cvBy#9io%GR+u8sxM>bU5nA8>BxOEgf7BY}{44;cW%c5A2}5Tj#IU>;civ2ygT;pK_JB_K9QRve6gthIE*@dV>!bqKx&qs?&Xf;M3H@ z=F!_`*#DybevGO(aN(u++wwd4C9V)UkCE;i@~}RoZ2D}rc=JYz!t>FbkDp)1E<9Up z4B)nB5e(M(wB8!)OutvV(fZ8g*wSayl5MwfAG-kCq0&P^)8SFHgc*WBgLICiAGP1S zcXjRKN03UC!~7ddeaDsDL$Rc|#fpsPkX@-~a#x?FnC{v%JT-MKs?)srynM;A)bKRH z$}3f->*Chj_H4CP=k1$kA;7+phZSEs6DJB#enT$I(!uxIPhNC+K`Kxx+L+vL7(fo& z+8eYTgZ2sX+eo>5qb|VSQ>UW9uc#Ywhbs-jPEcHZsdo@#4uEr(x#7zFCQ#PhWRI~9VFDHbr0OfP;(&t6*lI|i?Ut25aF=l+htB#@Ig;2p=*3dt*M&| znGGtKJi>@*JbdpfW8{9TGLC!TMvS3R7?bLg*-TRsh!uP0OEuhAeiei@C(x0sjRSlU zDj%QR1$5->{f4xP%NPj6WZK7bPb(B5Lrn&)%z3Xz`VZ7+zsc%{WGziRq)hPO4rIFR z*%F?3o!keENnp789}_&!$1%FA5!e>Xl7=GBPTK7#+l+(%z~)P&bV} zvj0oQ0TdRC?#NZ~;%8FzE1+0@e5ZIulfh`$K%6ORA@(wHOgxuqMkp@1RNtQ!aRh;O z>S)&iVZy}S_SVcUah@<_>Cm@+E@Pg{|E!47usKk3#PK+XHgC;sU4KD!7f9mFB{YU8 zX<4+o^}c=ZZH8;CRhcvBg;0~vO!Wmv^^-KPr}gaxOuE)rANDglPTo+dap=e@4y`)D zv)x~=YOu~V9#fN|*bpL$l6H z4_T&zw@{3MkyCGKmrjfwQBmf2?K zfXFVJ$3bE5g^qRaH?ucS&Qt8)snrP1Y@#6;PA-l_&<6agIeFE#`mD*l(peF|o8=LH*)yg4> zvXI7wqxqXLb2u6`)_wXIUxUnjw_Yx&)=Jwn<8Lw6_Tiq84jwavDo;$+UN}(i8Fj_x!tvcTU|geBX58%L|vIoin)r3HN{V z%>KIlulwEp_qVgR4RZ2u_%Ff$Kd}E5eUbo20M1_5S4_B+7bNLt?J!;Ku1S?Xy|TJQ=P1=?8e5%`SUS5J3C9+`tb>&D=U4c zoUCVOA5~VSSy&iuv=~y0i2VIs*49?a%2Hbtxx&NUx8|z9JUe0n~zeZ#if zSTuaE>?ff>&Lfq@!A(I#EhI)`t)JFwl?SSShQo2O1W<$*xn-lx;jlI-kk+uF)HJIS5e{OaoJRMLAD6_qn*0wP(t9QgVF zwyFK^5A-|#<=dJ7h+Pr@(4$!)ajfXbNIFa^Cnp0f4Hq52iJ_%s;7p37=ZcL-(u~k>~upFGp1Q&`>$|?hqo# z;k55F9<8KC-1K6XbDOPt*{yN5?!_k8sTU`s5AJ#GS*0Yq(3`^w13}F)%QQ9EwN;E7 zo?x#B#wi+^6D5STi70*c=5#v(6oq-{Q>cG+T`}Q4vuK`0s?b2z{eFvJ4x{JYjR2>1 zKjrU6!@xRh*u*_g2Q&Zr5= z1mYe>kh~rb7M|g8BtF}KYMiH+5xu1VlCFocfvm5uMaV=NoKbM18W#4ClJ3*BZ@0H^ zy0i1jv*&!Ya0=!0z=#j1?D#$zJ`=)Ay!@4L* zLl?tTWJAi&8$HcuIN{ZiTa+#A%qDP((d{-lYc$x`$eyu6FXsX!J1+-J?=h7W2gyoz zED~xJD=jAbYGKqaY=T`bL^^XUoodJR89)>~o01hy-MH!|o7x)MALDqoIuFABc8$iC znOGy3U-Xo1y=f+0%QjD>II-NIw#np#?9)v@OTT&$$u+P8-Vq=4wX7muu0>thEUYke zQB3Nn%-$=w#*dTse$xEPYne6ER!jK;7CqUpn^2)~Ww%!-icu_vf&tiv9wumWY=9}d zwxbPJ7mI}5jFMno!|3%uLF3rhMb-Ryo&(Co`INf~7Mh@xcv0q81&)l%HelGH`1qSH zu3e5zz1iu89{h112{tRhyN!Vev)q+#EAR(zVJ>_ti|e})mu|e$UXNrIgU8284}CBv zr)yu#T$75qI+ZEk%)TLCD_<67(gQ|QjwwCn52Ug843s9Oz=h0{LDKAR0SK*VnEfUW zJ;gt>k{L#`5P75(PH0i~0QO&Izw@(*c1E(AJ%IgwOoL0@%LYcgwkH z#@lRRc*uve5_~U$4Oj^K{B+XmfTD)(Zr7_9e$ims8%(@F=4!+zjt!CtlDI+s0P43} zKDRM`@eOpdbCYKy@;w^-IkJuNHhclXi!4E^Z*(JlH$wI_EYP;Zb+gXU!?@H+Xio+A zybVu_eCt<&xx2a_HkKay%*s}}3?IeyY9oH~xgAtUR1F?Vh}TUnWvj;@a6D;z?JqQQ)!+*Z7{nc|&%iF=71#yyKe>>IhwF|Hh=@^Leb zly!+`(_H5?aRGLu0mR@)js}$9WTYpT35w_q=!t8QRveLV>Z1qw$@O zxnSf9onJ6kCLk^^$0(}*qqA<2L2;fLG%y-TE_bXmeDtB{!mpBQjBQzKC z)S{`;2v+4xgwz5F&H2$HWS+UkGu&NlMSrqZ>S|L``Kq%!jk#_s1pqCOK(v$ypo|Oy zktqI^7i`w|H^Cn%0BCcgC}wsXOkqI-XzjETJ`qhQQ>bXN`7VJ zRC#-S$sk9t!@cKAHF;XpYm&+;ec{bDu)frziq9%9bL}YL;`Rtzgq!cYt?fi1(e;_# zBEdyZ%rLd;Fe4$a0LQb-tfUo8J~woA+Lyp0#} zm}S}*ZFsRsYkDo<22Pij=BdWzrsKqtWiRQjKAzQ6+2a!ExzWvy7`iiL$=veIycQbN zU8y@dc@5rF6{aCqE5tvVwI{aDE{q^7*K~XG42@%_()tBWYHo<|!|Ih&pO=^#_O`Z7 zIYz!x#BDbSYjye%o1P$2v+`h5AeYwN+Epz_3l{g`#KK|RN?NG2D~q_?4WiFSWuW%m zt?-bjON5o%y>gxfPulUy6^1}z{p<;CK404&eBKvrXAZx;?^XNV?JEM3c2(X-G;FSH z+lb`5yl}BdUqMw54`%^amT$Y2S9MH=y36LBtzL6lxiKQ)E1U^!l_l@Xy-j1i`@Kjm z`is)94?K;De$jaMP+9)FuonUD)i=e{4Y@DKC$l-gffQPmJ;WuB7?(hA0bln;9?S}iu@)|0he%>0S7c`}5GjC7N8M!a_ z7L|V7Xt&~3SZLh+`GcQ}rmc`&_aJTwV#b$^oAhN5`h2%qGUMyAmTDO;j{oKEbHDHZ zQSdmjfAF8k|7vKC+W!MK0R5By`E>{4*Y6l3{|l18AO#HazaYcgvSY``*RSsv7oRjT zIzyopqtQKQ&g_$uOP@FIYDx;5zcN<-H@%DhDJ}o2G@tfnCy@WO7u8#pgq^20Es-t% zd*^_EM3!RKT`2#%{aA)cCx<@B|CV?3)AGOaOQHNPUWCh$TabH_r2u!jfc2#G%yjMy z8$n)PAHos=CVsTpJ%6%$DE%z| zhvUf<5)l^)wfyh_{okq41WK?EnGh6A^#Qv8C(Hoh;(o9WF zgMz$eWo1EVsH$pDbaYr(*Ewrz^QNXFuV258kB>m3(c%ccf63A`pme z+qNA&y6w=RLm;;df=I5eu6y@pK6vop+O=z6zIK6s7oY}7o= zd_E44|J|`O56b^?@QHIPA$c6L*Za<#2J<_9>=-dK;BcAuY17#}m_4=U&e!eW7UfxG zR~0dBl9g?Gh!ihxMn$>(+1--j^#zim+aGq{e{ezmP}7}bVJAw7r%YrJMpB$JxF|xL z-_<#}U~*!<*wv}hCT?OUnz8)+aYnp?|#4c=l zxvfixyy(YiT>|5-r_JUtXGte$Jl=AT&gXQJ?N~tLveF0KSw|(cJ>s-S&O4MLVb76mJIG( z$-C7eeD`b(q90=Id``{jToNXUJ3Y4-)SMIOM9*BZnEy$=M8eb0Jl5hzbW2ls;2n}v ztiQc;zLF>_SKyRv0uOFZjIr zxJ~wL&}x0(xSP{~=k!H^IsB2*i&hcOxp^(n*q69}tJpySLGIA3M-of@0^AMcrktwb z8Qdp(p~$zqEF~zVHZXsclKKG&@xu};xAGKqX|@V}dZ;sBQYbO8c5{GP;~XowC5_vx z#j)F$CM9hv6^L5Mo7F{HhY`c_u5LNN!6l-&aZn*cGw{aCvaM^sx)!!&-`IIzWscR$ z7~9#qeKt5$&FrgbuF|}o;EmYiVFil|UkRHf*6&a!;^}ZDWrmd8l-N5OXc#Z0gMu~N zxAT+{PUhA2=iakrql(S!Yz*5^HNI?Vca_NUSQ&Y4CrshAsEeULdAnHgMT#b07KNz0 z(3QjK9nt9$|EH+Xx*U%8l|56wgkyOYjBn{vC`u0~$tn7m%zRN2Q8yTXWEmz=m*fDA0;zzeQ9r?Hi1y-M& zY$vRZnqsHxb|G1!N|1YQVoh|>i>}KXjJ&Tcf8G9i_jp&C z3N)8U|17Jmuw>YqLwxz44q(MPDi^eI}<|B22a(&NHP0 z&L7=){?+F$9+hw`XPQMFVoLvN3!B{%n;T6K6>uKZ(_Q1mU4rZ3zu7n7xAcD)fk^NH zi606>_50yKE2v1&3W^9iLXkp7z8&@l`XB7|WPSf5co&Q+8vT#{pIFuXsk3zbKL@<2 zy^faoxpfO_0cmcow|n>Q?(VMr`}YI2-`m^!_3Ia)^WVLD=j?3T*4DOm?Xs?}^S}h? z?{9thu>SV#s-~u6J9g{{3Guyh<;tm3rMQy6UQ`eMLn@9UaYV`WbpA zc>ikwe741P?%+cuhufqq5LbncH&RMoFTdxV$}?%EMKFTqC8#K5pPL0&6v()G_|)fz zQWlzzq7GjPN6k`*-MKTyh7-L!Z$pe7XN5k&@bO1#JV$~RSDF+|R9H}0bj`Z;FfJIM z%!V|Zq!ddoNtx*|5xxx~yY}$y>VcBhqa!R`9iw5gft8Ec=H6jg7sZb=MH5_%Up zIerp9`IDD~a8+>U>wHN;Xfv2Uvr560h0p}02mwOaDfN_vcSp71_%Pc-ar-rLGbWl z9gqS=MH}f-0PufM&|+eEq4vgZhtp<4P1#+VNJn~WoLbRRwct9 zZhCm4ZR>EjTWD*AAG9=>J)M(k0Y^&93m!L_r<)oszf<7rr(MB)d#`fvaiG%oSHQ80 zr+Y1%t+mCW$lYi*CO;tjy)TCXOjZOYe0tqJ%P3%OpX}>a0amQ#sNERZHR;YfhappxcRMnNm%A)xK?8zdhZuS#SA_ zt+_Sv8U;_@9nnkF#PD*7NW-|2MW%2kCRr|zhb6$c#X+%5itw83T#NMYi1_)l!b8A8+F`Q=aZe+YrL8Oz~BSS52V1Y zTh+i895ViZIAG&{=$SPCPvv4Q#Q&j981v(+Pvp#1Ee7^qyYNMBjIMJ(ph%VivSO)FEJS6mCeRPSW8`$5p83yP@oubcUvDAs)4#XmPbA;o$nN3zW% z*o!Z663w&TYAwF8WJh+E4KJ7UcDq8m zNqenNQEl@Xj*pcfVQ7RDjWD={Z;9&Bcs z*m@~t!z{;oE}pC<@@mwlTE;6=L}b-;wbmTJn9PY#78Bpq3FGB96c>}TI&t9o9*gxx zPs?+81te8=TZM5L^R5^Bg9+(B&HuDlgW!k(pea}wo)HN8A^)RT^FNUOS4DwC|M36c z#{csHFM|EQ-@ktc`5#~c0R9K8+tc&p>eaG6d-ectZ~1Z}kOi);_CW0ePJa8g9RzvU z_!$}l?Ee+Ba9CRo_WzQ0`f_9h5S;GM<;;+*0{efdAp*H~Zp1wh;=O+9@q#H_X$`C7 zwRk-ggIBI*6P47ODqNs9j=~tZOu7rj{~L8(xL<9P$lRK4>_}TZ6~;KxDk_a zK3oF4!sz8%D+mcmw)`l!NthIVF5dNVSxZAx6HwbRVbQ6mjQAjeqjP#9ay!>XbmW>H zd70+b`iIY+Q>#TCt>lP4zMa6GVCU{lsVYW>AdgQH+Tzi^R4ALkLDsEDMlIS&O7&dq zob8-;^Hxxrd*t?=op0+#I69N?v!9u{m6#F4OK@EG@j2ZrBtCFnE&Z{`_dv;K28L*%nvQjGrA? z`l>3uHO;tvjcH}%!c%1JhnY6LmAS9Z?d;y@@nFN^#|PuD#Ol^WXw_47%0e|B?IJ%r zmHqw8r|V?x!%L98=MP;A)i~s-R1>6H8GtGGN0<7dnj^G}m!NJ&>feqwytj$?Ab;7z z{mGAyWWTICd^u3HF#vPHA6@T{KIez3#i7nDL6&=~ob*yIc3;qhS8edeoX4Th`k=}d zsg!yum$)k(a$9gYSp9Oa=G9Q`tDy_867`zH4VuHT&1BaM~y zkB@J8a$pHKsq<)R9M9MIs0rgk(@A8#Qy#HhS(eY z=MH4=xis6+Nli+tAZhIsOXA_9zP=na%73PM<1$W9F0)C2GKos^3Gl~Js36lzjHIZe=!eh~SpYxK|7bPT2>&0W0n$PL=>OlN z=&#*H*Z=Y`d8q%#g-cDPWo6y{gBuUmZ`gPI%lE;C!>G43-y@4A~ z2j71gEIhC)eZ!fK);r{t>z6Lwckk8UmFqW`WtQ(LK1m4l-?lY(MN0Ddhl7VtoZekp zS9#$^acxU+@s$fV9=1PxT2@uP`|Q1)yYia5Z$5oD*wFqeC1pj~u|ql8>-KNRC~JDS zz4GCm7lW#*DJdDb2kUyzoITtA{L|r*qNWFL9`t^xXn9jxcm8-+UT;`2lE4 zJkXh{Fc_OZ0?i4k|H?M|2RI!l0QDbRl((e*Ab7<>dd>p zgvhqNTB`eXE@H~33&oe9HWM(hS&COhIrn7BZxPeai z_WZnEyUcV84;UOMI$V6fY{R)&lSd6sRhOTvsHv_gHRBBDyx3%L`Rdin zH^Q14uQy-0*?PC>vYBMKWLH>sSEr;D>`~{72Txx2JyF%tl9J+A?K4yP_I*G_{mT^? zoQp3p88-Lw)3Vn-XC|CliFWfk(*RbZi01q6q-+Hb>s@^or zt9b5%HC(HSJ)8Vj4(>!lF{)2Jx0WQRNd3wQE1@JF!ww)TOyz(nJZ@En&+q z{{K1e^#l3u;DgdaqqQ&^T54K8D723n%EiVD{HZJr5Bh0A^8@*>fdVi4V9WnwK>5!< z@t>c@?_ara@XlZ-Ow7v6(hLSnH5do@4>s5iGX{ZEZfwAbgWj|>3W}{svkK?Ku|_j zZt|2_v**m6H(yO%LsLsz$JoTw%-q7#%Gt%$&E3P(%OCVP3koJIrBEZIqGMv0C8wmO zty;Zi?ND>5-Fx=#qjiNkUV7r>sj~9Z6`&5d{z60J#Y;DC-n!iaZM=Ti)&1!4lb)x~ zp7+0b`|kaRkDoq&f#$^lW8LAo7vAz3{*e=#>|E$HaxF3m@wEv z#VO7u4l{s#RjF!gnOof?`zrSpvM-L|*eeLlTk_q~3=1@?MA^7EtokBxgSts97) z^Zm`d_chr5p!1?#lc}-Ak<0z%OTVYJlG`#%do#!Sf1q| zEN-ptfwMh12@enlV{%*BkLf|}nONDRWxVfE6N5j?$2wLRi)&YP;`y>qKp_v8W*Lbck9BYo;|LE+WY zZj)ZCINg2MzFgpxVfn@y$5a-akU> z;NHu}z1Q6+Zd&t|6BF?^vU?wOihJ$4*Pl$O_Cg`mbJD(ATrYmrRhDt1CB$-i;rd)k z#Z}9i977jh%qjj0l*`W&gipR)qy$Gp2VjbHpvKG!&;+j^% zKj~I(TcS?FlsKDy`ONMkvca1Kc6Uq?JU6vSPp>#Iq_V4TVRfq~iW_e%el+Ja7awos z>s4MiW0KDk4vC5dSG;pN{iftyWpt8WrTgQ6*y$T<=fLx}bh;zMIt`{8cf~KS6aUn1 zo%Gr}?H)0GifYM)GI#ONE4Alx24N`eS!P`Gw2RNK(ihD?uj%!nFg}(LaUi5@_p8TB z#kOZon7|Fih0qskmFgbl8ct8eMt}gAU|vD_*Fjh+Y?*27l_TGl)em$H!sfqQ`qrrO zM7@v4sy9;GkIEd{L+Cr6iqz+6XybdmDD7%Q>#IRn>5cMhQujaQ+gITB$GEC5a9#6A zb&`|Z&cr228lS8CFGRFgn=Zt*l)S!jWb0nNttiFP;<|R-!z)kQ^;MO0>Ysjj#s6h* zFQNC{={CzCp`-q1EVkIb(e^$n*E8LG`dn+R=0?}Oyq4Un@;ZBF^z4Xe77ia!Z1umc z{N(g4r6c#X?p%1%CW`jwBVGvP;|dR5*%3d*h%)9=9lXm6dc?Kbf;? zox`WZJ&vc2pXeJnc*xr-chlOsh7{CM(bIb)xspUM_F8-O^{puxUZ^#P+Zh^ppOSI{0i{AOM&3Z03S#S?S;UkNHJU zdpjk2M}O}Aw);=pZZsV9K7UxsQTJ4T$M^l7(VS9JuIG}h4m@klJNfK`kMOryJn4Og zn}w#=5vI;iBXW2g@9b8{{dDWg=H$4^(k%x|p36KhbMI4%cAxxsqr)7bkJxkRS$xHK zryU`7ZUsT2YnP24#d-lH24LxUaL5?id-(aW{usrYNjgELA(vDVXN}oJ)!!$T^idgR@ z?;SbTlGjeFSJIg9-7`xoP4oO&2OlimmYTP9X{%=GVaJS~gZhcl>fIHaDuuWCdlny! zzn(JNDC*sGLwNpWxBaCQ~3C^_x3JLwBRuRxFz`-?%kob^(QywAKLQh zM%RYLA!bdXi4SL<6O-jjitbz1zeGe;?LfQBiN#;@7bRWnYqs>0+|YI=_hdzTWN`+` z=BrftQL7ddx>F`Ctg!!W(K4incOo|5F6Nq{?{jHYC3ncB*kdRU6Om0A-0FxpiC>D?^=j#Xa+& z^jKNI;s|(K~amfa5tO0-%C4p zzOatyn)-E9AYSH?w%*+xGoFU*EMNPze%sEp%!f@2w;wqCvgJO;zde8J&PTW$DVeC( z&4ORJ9zHn#ec|~PGprZw`)b;|D*kej0&G#U?>p(Icn{B8C5Pg-~9FI-i7HMdN6 z;H%G(rvCYkixWPGY#fB?Um1iY_+#^WML0I%>(1&o+Agua`*)pG6 zgU?b8U(bJbk2aOQn=&9AFRBS7@3Mo>r5sJE)3Bye4jkYg-{4)Qo&C?}{}={-=>Ho* zFX>c6*_&EI{y#?TkNf{cWD1FsQ&;NVe~)o-@j$0{df5P&j0xTw7ACqfd5}T zmroAX>E8Cfzc}fId&`uJ&AVgt)Yql1dYKU7S+i}Hebu3@Q;%D{yV#Rxw_tzD21!!m zr9-FdpFJx&bs%!``vAk%z?p$>UoKQl=f5^5gRGai?72|c$IKq@{10!Jo}%bg7mDOZ z1ifttQ(Atxj?3%8OAGE3S~Xi{Rdwr?+@0aqP#$+Jdq-y(HiLIT_fyJpw|j^0 zozw$4h73$pj=Q;G$#ml)q7z2+z!9zf-nZE02P{P&c#FTR>G{&S3rmtt7xS2P&IXt2 zB6e4CF4yd;7hOCh`<5TL=S2{F9lc=pZusZ?`C9Vta0(aQZm92bbxGbJ|6*5uXNdA5 zkLtzjJ6%u>X*Wc+*&cAdtugAHx-+NQo!phj%B}$JCwG@~8x8FGVO|RsIJol|d z*na)3(P3Y&&kO$=z?HGnwKXGo8gNX2JFN0esQa4C3Dl=ZrH7>_H+^-!rJ`U$nrDD@mQOWD=7Jsx9ec``F% zM&*EH+M@uzGDM7Hl&1?o?U)=W0@J_=WD8Bj6Ql;rL{y^=p(A&9y&rC-j~? z+cllb@kDd;9aG&hnV#2Ev!^y5=J&nK-&p(X0q4m9u{fDesnIiU2b?Us(Ocptbo^N( zvO`05&eMn_QLig5>$R7@ei~wz{^CM^`!!>Gud}C;?L68{W2JZB6APc5=DPYz_vf1@ zkrIUd;E&N}3G*!zGkCT~-K&jQnF^;WUmTd}DLX?@eTHP5YkA)rpIQQiBf4Vt>>86A z3FMrGr8iq&cc(czhmrzf4>@Nycb>iw#U@D%CIlp@KM#q(x& z$7?LE{Qd-)T9`f6?6l?rvWk-jJ~A#<@fg>1^SOKaizJsiKOI<@>73*!ys1^ZvBXfT z#`}F||F#!YgHMzE>zjecKROloeH?$RgZ!G2JS;2u3gESzhM2mZ`!+` zSHrjI8Mste)My+j;GSXAe%`+EwPIv%U=$c-_()R~=`^?BXRav!TV39@lU&7mt~3HhSmgkV$m zn76z)Ekm7o@%`nFZ;zwpDc_r6^~U`}SQgRBwLv z{#={Bh}?ZIA2+rtU)66gz?EIfe{cOQRk~OsQ}0AEY3WM}w|M|%+MF$W65FGv1(m4Q zOJ9EKa`xOn_ni#H#?4jLZ(n`+tc-l=?;5fxI&kYQaii05Z#WuSw|%)$ZF*Z*AwDv} z|A6P=s2fX_{3L8=-`?)aM_Q2}Jk2rV%$~qlEiLDR?l}=>ZhoHbbFOH?^q?-D^kpf_ zcc-;jA9$D*exqo9qB*&8O~Zkb&E18o)n6otwFS#)<`PaxF50>zI3{+xR@>Av>Du7t z=M@@TRB$H$z5dj;%4c0QRz=Uh4w|?98aFqxv-C*dUz1_%+dC1 zvos}rNBT5M{nDv=Hs466`}Qt7`RGGy8QOHYQi<-fF4w@w`vub6Tv_Nm)f*+>FxQb) z+Wi9$%x=l)UY~VdDbd#|O*O4#)j78rA>R+EHzl1_-dNd`AH~7<^or|TGy5mY&~uk61a`5Lx#+2*w3mh+7#t2Vhx-aVWiogNgS{jAw#+mnsOF$(7^+}7z@ z$IG0=_cR5C3wRJMGlo{shY@|#D=Nc`J(m0`HrbSc3)QiWb+jJ<%Nwc!UJ9%t3I!}_-NPU z-h}xd;{)$M=qgEzw3gP8pLYY%9ufFmPCnwD-ujr-?;CHw+ME!m+`Dp{H($&E^?X2* zxvoY?;R{SkuG77?hMn%BlW&G>4kNV>%%}`)y%5V+EVb#yW9&3CrgT2c{)m+O>C0bd zXnoXgIg%6kVES`6H`FuU&&qpFX5&}$yO!40YCn3fkiJ6w{mHm^^_Pchy{t{69gIq0 zR*xvjZB@Ev@~%0L7s*#k9De4~ldiqGYR17&rH;45PMn!PAVkuWkkh{|abX&w+*MmQ zLgDL1zacX3y;q_}X!-ae8@ANyroHObIXZ!>0Qe z-Q(Vh7wF-E*TeO&@1>iqKdfu7RoPW?_jxYq+|;In8r`~*7apA3s4MNU;LM63;sVX} zF5S-NElqCGg87iv?;m! zPEGOjP)uE<5Z*p;y|%b%((*bl;@Y-JXV)riw)U;5mG>5V{Z_;!+HXZt?k?8_>W_pZ zlX{-)eP6MBp(in;yLMn!U+b#kIaPhB8OMrWX!aetNTF(&&xqgKSHRWYR(?;X>#gPK zii{r7=m=EyhxiK}J<8X7MGSOuu6Zw>VJ6cwYu`=7Etj3q%FV)@Re5F!@+Yq@UMl%K zH}+GEqJ4#^Uc#2cbJ7l8ymn{f8rMTQ4vPk1OVVByQ#hZi&Mi%?QFxL$)t+mg^c73# z7pMJo9u2~dnHtqMeer$M+TLg0{_*3c7L6y%54x$zpRqrBWNX+rA+jHDkHgwI4fC@% zH*{w&&b+WbY|g3EXHU08PSQVDyIm;YlDvP?p=9{Z`qeel?f9(T9FdKA?Rx#);yG58 zx5A3wm*>>KkKF>(k5zCtnXW13xn>&A^fKXCxgBrC=au8UtUjDMQnq+m!Ztl`c^|tJ z?V?w=2VtEFi?{0U>%6ka_NG(Y)Ge=G`j<;)Wy8+*+AluT0Y1RC)z+#aBg5HA*jRt8NI!^1;w^45*RUeD=k?S6rwV^O4wAPu7_>zhtaVScs zB%KHwFe1ub4RKl&HoMhgM%zbp&BtK*`@ZMN8knj`ALBfckdSlLqO07l`&DlXN!|A3 z@vc*A;b&2DJQ>T0T3y94`8Cl8NkM^|vTdHfs@#{p;PNNF^Z|Il$A)D+I|Yx0hXh77 zpw8RcYJ2WUJbv0U43XVYib=A&clz5xM`!D>M;6VE#X@FLav%JOTJ_Q*B41TY=1)>~ zd|r*YPQB-`E{qU_xYT{sc>1lQQrW6$_omKk?0M$hQg$FF%0R%|473XhJA7m6#?&X< zECcidKiPelbw?JPrkI?h!@1zj3gu7p!_1}@we!ozl=uZyt`z9N$|;ri6z+>LJGRf} z_-B6Mh@| zupy_?E&lc0&nr@MBjpQ=Z1;C8GV_AXuG*k6!;q;7mw4;(J=4(;98M+%6<@5-+EtddwgbU#Ku>d`u(mg+ew`iN?}Y*$41lkAiYb~ zZ_C4zXRe&S{M`|_ouT5R)>{I7>mIfl;e1367-1XQdR{gT=w!vs?Ssip;hXXPv%w%t z);scO)r))A^YVnI&v!nv*r_*0HZ4+_s2%!B&DyhM-?7yku*Dbjt{%SjRR5KBN$G`Z z5*S^2I zQ1skqQk?XG`|9^zt?RL=leiM8sq0@5M=e@E|L9uBjo)qNDCsTDp`_;a4#HF)3$5`Y z+$XFcDEjrrTRyt(1KK`gFeZ8>}CM zy^+g&VJh8}pHN}of(MDhGYZ%BClA6JPs%pCJDN&A!zCooFp2$?+0}Gw?(Vf6b>M$6 z=D+{FKPMy2%b3V9P0sG0O)$edfiIvY|3jf5nZO$VN2{rWS3>@?|Lac?V1jXw1Y!U_MkSaU7K%ixpph<-c(_$$ zC>*X0$DnjDYC7uB7Ze7G6f{AS@f0NZ6P#eYe@^{(VPH)DcfyC0Ci@a@uMkGmef4Wox75sLmzkd`? zCBd=wHgGI4HaZwj#_J;Kr-v`MHFd$lgQ?VTWqd>=AxaP7U}@~E3~U~JC<5+JB2w{0 zs@|Nrw4=Zqf+L`7b&$yD=x7x(1?R6qA_pO%$q<7mQ7AOcZ9>39;X!yJoJt0+6Ofo; zU<^3I$r)=*fZLJC)L=nu7@kb<$HARxk`@8?i-jYi@qS@o7d4)2hy#H)BA$wX2a?Ea z4}?xY5jg~$M1&*I+S-~bXp{Wi^d2{py z1$B{hg3>AKM+%6AQ*l9b5*pc?c*2d$jqPpho%9sUXnzdSBiXJL)CEnx0kxwE0n}hU zgu0eGz!E+*G#nQY08pTZqWz+TO-y3>KiN6Wopd3%bYH z)W*iy0c&h&XAWS1emP)GOz6Li?43+Zo%B%pf&#iOYTAwfVF$w0z*C{X{;K!N(tp+Nm#fdaMv3>2vS917Ha4+TzuKfqD|3_=q@ z5Pv|5(A3TZ&LX4e2Q5soK)}!>DP0S(2}vL$e?~+CIWVll$bbo%zaTjoz+_;Ax*Bsu zBY=?vq&+DbNLwIRF$j1RUBvp4zLO?($9>5R?R5Uyg=MQWT;Ijnah&UxUj!eLXDnTk3AB97} zDc}uNdT2I`0-PEF3j68n;^4t#eBhAi4TvS;!U+CDqSrr&0Aid01hO*FyTAd8F^D9G z>M?A9Kr$XbbS0G>3vdh_Vgyie0pSK{G*AV@GlT29kYi~EiG~Ua?oOZv!|fxD%nsA5Y14y5J*GXmkuAa$XKvGg1SL~y5WQvd?;i?;K^(hW+M_< zo+ zp%2#uzu{mZ1EydeV_k(b2y}5|JPu9?#zAH~8Sf8(_9p>mrvPJ338kc=rUX6q_n8AS zkQoNdYziSjk4Q5Cfqb#W5r|_UWPEruGyp(oHPyceQ5XnfFbrrqM7FVv#cE4q%3lKt zWTXI87?j3egbIKZh9iWI1Pz#)L(&*v3^MfC7Z70J@iB%$X+gkgYW*&7NFeUQB8dcQ zED{JmusT5GpQiTdm~+50z;nQpfK>cN;J}LwQA)ss{axS~;+Nimas=X>{TYxs(_TjU zYmlj`V*q4oXwAP0Sujw7>}$lMCH1rQgS(fj}wueB*7=hN|e#kh-XaRl4 zRN$(>3>;+@jnw0`aRu3-Hvy(RJ^(VS*{lQbHZ+#OCmNe>sI$!!qA=5IP}iSL^rM6? zWH-S9W>^?vJnk41O~6kY#w0Cv!zAa3pbR_B>7fvsZAXvEK*%2^4jTv%g}_>)lSN{m>@f`qXOD|JB40IDqbc;qsBYopwynhHh7FgLdyBt!rx=16YDb2n{=!Waa z)i^X^=ETSQ9I>?Mb5_I5V#cwI>|I>!ZHE>OW?Ts{#shvD4QM7Bv^9*i%*=*yJjS4G zhd>1o@K2omfrCSY+X35BM;8g<{^v(vM<(0gWBeF_Ek>-5j-y|A=FcvVzlawH9EB1M ztml6bQrJ0?i7h~MCtG+Jo*GOF&;#`uRJzR{N(v$nLFhOPj`N3t>~!ar0)o~fZB1Z! z5>*2H31g@lT>>#Yl1h*22Lopt5S`{wfG9!`ApnwHk$5Pi%7lgaIqrQBP>kEqKYtrB zj5Zs_jR-V=bkrl6k7j<3WKibuAAPc~xM3KF9;j<+=iurBcky%p!p6na!v%zWA<=@? zfZKtPu^s|=Vq^$Qz(^UsiCy@zsh8nrunp~ib#`_KLFUb?G5!icAO2$kY6m zla9m@!k~Znm~fEepbWcqVb}-|Rb#VmoFa*~IHDy;h8YopSnUvXG*ejtyNd3uTH3-* z=|i%GELdYB6Ce$W$r08EVZg|jKv$=G5z56Fnr48a7|z-VZ(K+A{^XpO9zV6UiPX6%Oo1~jLB zNQ91oCR)ajp3G7G*?Tk+P&{N|Z=z>z3cO%YTf!DOVyGm#bq$?naULMwf$lnBP;}QJA`(xI9dQ-i zXlK~$^r^rZRywOS&YtdE2#SV)rOs-X(~BAa1S4#3CXt~}`g#UmhL;t~X(&!P_8BOR z$jloK2iGtosX)tc6NYXo+5_G+diBHkS>{ zKNbW`_;o}ScfxCjPC}Dopkrbz4Bav6%Mi^*ouMC?h-%C$SlRm*lIaiyNT94s0f!1e z1qK4%^n*B`VeHaQ0{?_@@^_MmNKpS42ntV;(ZQf1FdP>I-W&*JESM4@&>gVfm}?cx zOy3>43GM*h1@SjL?)Rk95D>AT!i^L?1{9tEim@lH?@7C7To@TN`^zwnlM5Td6YvYh zfpA>V^o?;;d=LrR??=ZT$Ta>X8iMpRArzt}C>&rTqG{N8!0DSRLpQ7f(#_7D5PM;Y zOrDVzF;EyZlO8kVZwy)OV?K6b%?HlXYl_Ca7czC&%FTwa8h_Y{CJ9ZAIRRCsP9HLH zCiY2&pH2HV9sol#8gg1jx*9A4jWxfq28QM|N(_L>04o&y(VpaNVejAoYMO^#8kXmb zFtKRf7rj^z6rMBuR>)HsQ4v1E>KgXfv_ZK)+&>h=xb+Ye9FgKToZ{3TFBSG9y0G{z zOm}E_@dXCb9?8sws*Pi`4&BHw*AQC3+!=Qb(U&^QbD5|Z_Vx1u_Nn2S!qVIj3E97ka2#MDP(4M4ju1_dLAEfknrSjfJs}4r2z5K@XQ!F$F1tSp&|VRRvj2 z2Qn#)#Hy|kXf(@y2MthBI1CyC<;>BBtG+=N7ak6c#9DPQ7Mx=pW2qEp8E0JCJJt}; zu?b3%L0u?D3Cv3gnhu)^{5kPFW~Q3C62d{Yny%SdlE&k3%6PE<5Pndn48T{1O74Dr zs|XEz$PHz8LBp{i^f6T6ZAk=*1lS_BAQg`Xh75gs|+CtT%^9GAJVdMeA+cHTrwODn=YFh)jwcj;##&{y=IE$GgHUjDLnU?5GF( zs(}3r#-WA7ST;|MWjxSt{r^Ll--`A!7$}q!HM}Rz2K)dOwM3*rIF3vOma!hz-hG&< zY@&XKaDb_xamHh*|L08fS7Tc>9J1&j53Y`LwDQ9i~f!ii5zk&e#Z?Pn$a+bBf%TCe>Eozp$(bh zjO;wCbxT)|EVvmS6aoB=;ZUHuIxr)dE*2DCWYk_bL9G~=dr&~!(#gfx)rHnaf@RPl zA8m~I+z&&QL(b3m%YRHSl8HEIM(lty&y4(JgP8p!!^dO|qC&kjpx?uZ?O~^3d{F6p zGU1Z~e#Nc>b(_whnF}sf32qN|3;Ka52u528Y7~hQ1Yst6QPQ|f4wlpy!RX z8H8H~U!&Q=AJCGYa8VAGu>Q=V90rK~?PtIq&8(~oVQk+JgkZ^3|41tPo?x^#*gnq; zLSq2cY5v2|wXE#)gM~JdgQ3}sHJ7nPDS&_Uy7~ndK;Y*$t3VYoM*2|01v^uBXRx`# zh`vioV5l_=YpWNq#fP;G3}|LDMz;5ec(mfl8*I0_5QB0s2= z4U79VLfnnD2wgg2M3%e9;xYEq6G^=B$E64ESwbfz7DO#x|CqDHPbGYi>GDwsHthW9ZP41(?i$EGI@0)~Sgp#%zzg3LBR6ndWpybFkSxVXV>7^i=L2AWO#x3L_w6lpn5Ah&2u zUXcc_mL@vt>L_*kO0xyP+d@fDxCg|>H-$2Zw#8q7(?|nwEKP} z^XXI^!JA{&f&T}H(qD;W(KH|w#e%|6P;uaY6k!1cp>hE{y(R>j7rkA}Qid3bHU%5~ z%z?W2pQ0a_H4YaL1#)1ZW}8{rO6Ni>m@iGo*%Cs5=?@$sT5g3suQJNI{5zE%)bouA zGl*l1)dmiurjAyl&j)m|8|nfFwRQW!>Z7wE_&?nfq4!C1F|~EDcfvY(f*mNd#w<4W zpuOl1?cOoMimd!S7RR%l|51#F-A-q{mF@d4+23q;PM}Yi9)jvG=}fTUc+}DXf*i!M zTHDJ?0^mbVzrV-Y=&brBBZB4NB@5eNQQ@H{q~nKoS@6GKX|j% z(1Hc}540bIS`<@2b7XLevBQaBxH*H(jLxxPexy*i4Jd_*42Rmrj&3x_3f}N{u%gBY z6*13GyxzvN+L^b4Pe|(w5uF(p!;E%#Cj3+kv3b=Zf3(V!fe zNQ!2Z9{(WE1Ex+BymXU>`HRj~BPBBX(uaQiy^KHl`OG6ff`fJ)s}zEQmp}OXSC~d1 zLHbvU1fV2@3QI^XJeWi!1%X@y2v~uzTo`2TLLLhhv`03eACJ|GrhwP=XwJfD(5}`) z(@fu>z!<1W39Vf{Gwp&#`CznTal{Y}Rh6aTLCpU88mi3Z`rsR*gB&A4=Kwt)ZU$mW zksxr%(#Hr$T^gs+S%Q{x1ZffIbIgs|P*RD}c1~3j;D{x&GqxII~ zJ_@}l6r(8}yA7zX{F^(*7%8GZM~&bBKn!;h85CuJw@?65!Y#v?8)kL=$p02VN&eJP zt0p)A0|0d(_|xbO+GN9Bg7I*7JU)b`EB*qctSwQ)8RN6}Mhy;71<$qx5pp=4;O5MA z&wTb69R2S~I8CszjV^WAEv(U!=tlw#l4TPl*?-E8Vt*?1#F24ccFPUJ7Tx{LWXW)M zS(+RI%FJYx-e>g2XLOlmwE#fcojGl=b&+1P%eWf;f9!n)TvS>6@SOk#1f&H79J*oX z6zPtkOQlPC2tiT0yF)=r8UzHz9*`DY#cn`F#7@*z`OXX>C~K_yzTf`-ud}~(hI`LF z_nhaP^K>jErCmb!i8$!1ZSj4McYclj3L^ixsjG)9OX~GGi^D=vuSHIj;AyhJ<1U1= z%?Tk~#H{BlPks54gXR5E?uL-<51?ATVE!Pqn^TY%a487}>50*906!D5cM@0+VC)J9 zVjzgRaRG@^!4<*{cYx0PK#;7H9|(^krmQ1eCHzIq^EsCsk*M;WS0{n!9Ca}G@31Xj zPUQ37UoH3NTi-cUKg=Jjz!^yWu-ngygCM+m-eQUQ?^!IDq=o-{EPef*fpTv#yvkJr z$io`Ir3nq#2R~4>={w54&(NOx^)H$kV2*-A=ZMOp`PG$R2_l5-Sy+8%YAa#vzs8yW zlEn;gb(+&1xq@(i6|AP3xGp$)o^C#_-l3+WtA+>W2ODb{mt9YOUj zz#e>eqyF$}E<+0Qg5+Y|tRF_7AfeN*@ckX;Q0i7kEU;_sCvwRn>- zy8oQ={MYHg&*{untew0F7H*<18lcBsz64hiLi~~&F=@*N0<{HxSL!O3LGy9T1pm}I zWKJa7zz5vR9jFZWgD40-0&XIJ5P`_^zo)vGmyA~2uU`@tqqze+w`U2OY(V*cit2-9 z{`)Rre}h9`eBYu&`7%dmLYcgkKVO{#(9;rK{L<~Z_>Ql7`sSS_y)8btwA;mtEAM@P zlNX&Cagx4-8Ais?XR+{;WXMS$p#9g%H zB}*N;|H2uKz*MIqPq=nObiM34-yBN(p^EqizP2q z3$Y}=5YP-)LS~D9_N_oe3DVgEq9q>W?;gArR8IOlRSkba-V|pQ^Z7f!JlzF~w3x4J zE=AX($#p(sSEv)|bKAMU&Nh=+IB2i!bKC9Myk5 zS%myAgz~dX)0obcL;9@S`I&>aRBN>yO=vpdyw!ny_b0=dS6toSlk;5vd*yyY;`_ZV ze<}ggO1%I7{WAv;_9BlAX8Q%fAc(<460wXxNX+M`Ua0de{g=AOFERX5zHynh|1)xy z09^Lh=owhT7jUx#NRj)aTH`N@%ltZnILELoV-vTkg?#1`=jb2cAJhn(%>wiAqxgJ* z!~VP^gaw%A2mfKfEO`fb?XN@TGw-+@I_fJyM?EA6lrakmB1V!E7(6%NY4(@U`oUB9 zF9*NtBa`*Rl{Q@r9EA1U^&<;I+vVfN+kaPZz0%u;dn)f;R zwwL@@yJy~Q-kE5p{04$vB#JCGCqB zgA`1QkN)cq!M_at%k*Myz}3O?3*@7_th60*-#V-45?lU;HP`(1{Xx&#B|0$zci;h% zxw`p%32)$_`qlo{1+C|iy$zVRn|~Rq znm<8b25!xr9xN!n^YwxP(c0h7iC8|x$`!)9Z--G;8eh3G+ z9AKXTrE$JEQf45mdI4+%2ojH!8EB2xA~yed;1l~;fqeY0FTh;swJ*UBQY5Va{<*gE zY?7gy6ApxV|Lh_7y$(KZVRK<%OPJNUbTeP9f;li+ezgj7DQ14dow$$wmO#7|0nJ;D zm(z0#kSh8sxPyWbpd!?7xc@V7-wMR7FXb}pmE%S9P51(1q*xi)P+MI9)}1*{)>AUTVNm-~VXlZ1lI!ekdCOXl)Gq37C*pb1Yb zjlY;vT`mj01-YNX4MFEX4Fd}7El(LK1w{6RSAaaK^TDfMbhzC6YWd2{E7F&un57`( zlKu+)%z3uWsT7D&(FAdGCWKMU@k4S8F)8z< zR+q!y%+2+uJuy}S2;qH8CN=M$Hvh^Wk7<$k0$a~d=5G;)zubpj8vcMR%tPrQ$+~D6Za?5 z#2_bkH=q+-jE?d$cLFL612?w-v@OVbh$fc11lK^w0LXzG4iZZf5?vD!n8=U&Ff1HW zLX<#|i>E&!<>Gw(RIoWr3{}lFbWI2~JDgPhX0IR#0x0Ua)hozN%pd3RIdeYH4(PZA z8@mNtgIhn@zbL_hU{MAm0xbaN1>8lK!V8N7MlkH$Wi%)$6bwQkfmbOJqYz>q|E8Y@ z@oml_KHkLYy-U_d-N%~JfHfkduA?R~vm zU47iX;I{rrYQK!cFQNTEV*>dV*b_a1{fHjIPGGl!;@5G7FA zH)2jWaWD`ZNP`XZ%uYYKvsdgegwP=RjVRgtJ_f{Ljgy-<{)UH&X&2miw+^Fucoz z&%X$P!YuED(93co$Q+12(;`V3f(-Rn(&D_f9t1`$1Tztmg#QHfSXy-!nC(_zT^H7T zeqg^MMgBk%ODP2@skux(UW6o;njm$mkH3@a*RnZ!sZ>MAC9}fNe}(jbGYi;9zzMm4 zGqoUJ0Xb@g*8skV&F9z4#JZLlEXx7{r`tfi?~yoHHVg{#BqX zV+`lzPbYVGAiDqoe{n#ISAZIskfVth^Ryudpd-LYNMhtb9&u^8Ij%wt@Z5hj`h|Yc zfQcoz{1Q;uUrk_6qww8RA@>6Z2gD@(GY4m-CHY(1Z<)vm;N|Qe61-C90Fd8;(T^U} z6?mk%o$o|=@xs3U#vssY^Lc9i>Ct>gg8Hk?@yio;cXM-fc5?BapS$+_pWm9^|Je<> zY%_vTN`gB*;5OzR>s9~Ldl0Cz7nT7ipS@Q)1|U6;6oDKnWH%iSPHERZvLmorrWA5z)P58<{0ChLMHIkoJod1PRW6q+$r2$IU zXqkaBZvKQSZhq_K=eb0pI+TzGYu+R2FL;-QExg1vbG|qgdcHcD*_0E!GZSD-ce zm3{W*Fo|xPXk&kn-g-W5{$Bv{S6;fnlP+rKmMG;GmC1hrf}fu44{+;}64H`j=UCvv zmvQ4ivvYxL^N&fMz)(29iI)jXOXa$S*DZ)tbN2|Q@ujBnd5a{Wu-E)`@XOiXHJp%g zhH$JwMil7x=kG(n*(nIvQGlL&;naguDgO7nTk%N@Mj9h0BLjizkQh1Hxo;qi5dS7z z10RUcKvGsxRz_9=!bnI-gG*?c6?^-KF9Hpu6Ao-5kR|_{Jv+JjdVRaaHy{7E-du70 zzsS@3t7FGVfF$SA(tox7GLn*DPb^!18Cf|A2#xvG7yrof|KsaFdu4VEqS4pZ(}rMh z2yzAgL9>q_TFnp_?{EkPApr~(z@;Y;r?k&zHS;9oKdQc_Y1N^&wXa!RUIt0-5kqN1fFerTyy)6mkarea`VVq#$6U}tCN z;9UH`$WSP1N@`YGT2}To^lR7`Z~W+w*&c`%1#N&fAYil*oECjgBUr9(oT5^7xZrcNY*(b!{G?48k-Pf1SS;s$m*!oo?9VWzZFD$M zAIW~>oJ)!1X61@NWwXL^S1VXaSlZ#Bsh5(-SL;Gn%s^2*(%ZIL!}{aoa&!tV3(sKdhFnCN!k1y zB+c_Z6}~UlmTyHK+3&u}d@$eu(xH~vF@n&s6gjDVqoWi0d=2aoYQ_vF|1f)y<-T_J zBT1?3Om)ksS{a$`O+2j=0oz26ZlgO&Rj|pGiX=bwLQJsoYGN-iLND3t&kMcg?dILP z^~%1|=G%8{3uF6T|d;mcN<;g+R-}8Cl1&5YF&B6cbmgt^Wpvv5%)Helbh~p z?$5eVM?ya+?8)XiHfZoNGUpF+-%F#3U0H779GV#_S|3--_-RQ_uD?IHX-99eY>=zG z`QFphaZiiGMkE5mf_RVFO14Og=S_24YUUi0*wx}&FU3)E_Z8+Y>*mhu)(RY>S7nW* z)K~_6byGQ%GV>S}geODU8u`b2^IdZf;)bjo<`xD{x&gN4uv(T2sYd45caj!LN6fKd1LI_>RnaA`XmQrkQ=;%NJ#hP~}j4IOH zYThp|L}-_YMBQ%he_!kt-n`A_#nG3~TH+jpXhdteRhyv~<*bd*UYvVPX|s!)o$4ie zePD?{`negI*`FUmI3k`6Wk%&a>S&izzEpBf!|K8ni_1G%GaNmiDJs0QPrrSAldOte zvSXpU`6mthvm0AB=oc6Di6mdkeac)dO?sR=@X07kTG1H~+k0*S;%JT=Bw?dR!vin7 zYh26iVBzvj=E)h46ua}*dPFo*Vs9{smGoMENI>3BS>}ea;ByXEyV2}@*B{?8+D5HG zb?>;6!X*Wo=x4d+25CJ8x?L$3UE>?QGdP>MU8;E2Xn!hGY9Dx8O?BQya4mFs`^Uq5 zs>1`EBRJi=d(%32MPccWI)&}1(nI+7x@yDvyOg7Ksh0*WT@yENhfpFnw=Kh8PBHGU2@R8=xjR9*ypl^M*3Pkb3AsJwV(aN(fuc!@-vDQ zNFEnknD9=VFcy0G`0@RU!Uy5)P{D;^G1uuC) zNR3=wm{5KC)rW!}DLc1>%Bi~=Sp3-+b!||8FwztbEN_;1 zMXo^Y?c1jj`}XMDEhc)eH+ol>>fo3<$AjS z4!;@+dm*`JhT0>a$F+H^fm8RQl~TO@_7JIl)WD-RDYt!XUXvY6oVI}-KC+Ho#inpZ z#Ac@LVnYwBy`7Xq^R}*8XcLQRzcIs}chymnVdgvf8NGR7f%gW}yQ03f6lJITJgbuUpj|9UN^6(06!}N4B|;yOA=R#SLk??}=GK z=|fAh+xzAYF9NoKMro2^%jUPMLRpJ0=P+DDbyUHX!|0g&xb)3$Xqm^z_TRvxB^_5C zx=1GIq=gy%8!n*?U^&-4XwX)#8r}IUNBNV&jchh1IFx{%s-k3jabKkwhLg-9# zLFLo@)D-z=GS%9}n?9|%oZCH?QoohrWKv&rrLxY+l2|x(QMd8-n3?DK3gWWD*5-3~ zhR}cYK$n&Hh{6E_t?h4y>k3Y7{d1R0U4u^&?p%3Z{){TSi6S~ZJ5u$DYVcbjX7f#b zH%Rbi1F|g>cw?Pw0}-of+ICcCl0?gN_m_XF5FY+m`_lAGv8H9Sn5(GlM^f3f!OrVL zQ;#`{@a7-B>sVnaCTA?bR@#Hl9l<^rU7hqURn(9_9X1T#WJlL;F-!Env&;BO9+(1sgnuwd7e_ zPj&Zq;H_s303KBbaqk%R?t6!qC^ty5`6y(IgJF%c|Xv?CsuU z9(GNgh0Y$hnb(jvSf-GK z`zE#z4(jpgdvxy#WSyKA)yku4lX^wA{)yRkTJ~qYn@>w~Q}7SmqhpPULt%GnF$C^4 zQ(E7j=v!y>t|QcY>{9k2A?U!Ss57=Xj>TDmR9%(tV^rF3&@ zLg9}0bx+7FknM_HObBKXX1iUlOO4#q`?D)3@R_q$=h&a$|Na*su%i4Yhmnw!Q;;S& z2mBL5_>TN1CoT1*{4XsBM8e z!EeCtnRGsM1f!?mDC>hDf;vCN!^0Wc8w&fQVkmG?7%Zz8bV7 zd~_fixD9w34eorHU#JB*o&Kb zh|jP>6B@0pPYy@nVNm&+(pfS*EC9fAXnNUT|LgFYk-PZE%SQNd`#=+JKbxIm;{W$q@wOFz>6c%;Q%GKhL zQPN+b$T3q`?6#309a_8un>WCRvha>3eG&|1XJz*#`3?;hiWp{KlQx>Z{CdxUc z76xf11$1=BlTtdD9g8{uBZb2#yO3BXVbW%M&Z80G73$IDv=q7)j!+CT13|4Dr5gn& zEhyktfuLyhQF8g)o72Y>0?Y0^@N|qImQT6df$PFP`%oy3w7G46S z!JBY&o9>k&ku>P;I0|flYFvbEd6b8~?Oi9h3<(qsKO&L12fiAGj<@+%#E zjU~ONicA!0m_jB|@YJQG3uQr-X?%);m2mk4SUG&eb;>b|nx-KziXx@kacI2OLsL0@ z)(Wz8WyPzKXwc#rO__Q%qjYtm0d!$aZ?*)*-Q04!jpoo67MLM#s~K1a22~i`5MQE` zQ+%-?RPjN)1&sDe96d6d#M&IOXH#;t`|1m|_$CBih6}bj?=`*QVY|skny=a#84ULK zyFPM(sjg*+GAq@BL7Vzz^P=AfsxrV39mT4+KsO%W?M#2X%HO8(@m@XdIn0wODO^2N z7(u5VCv39jtN<-Zq}s-4I2qpcQW67AIcxHWb}v3-di`1P;iI&Ufzb>YdDAq8fL^oh zraI~Drl+QDqs^qE8K4oqdkS{D)=UK#o;Y>P&Y$G5)?gHtQPT#7kS*}6+Dc(Ds|)4I zmUKMQBV*V}_lHua>}wc}Dq1?+`(g5J*d{ny70I|!t3E}IHQ-&wNwvdwNHjKQL?KWc zlTnWwzOlfkE|1hnQchkAvePC))UsDALt4hh<=ow zftbl;`3}Oe?EJ+nU`5atnA=r7g97);SAC>#weEa#)!rgVGm7U(v}#l}?!-xDRi6aT zLZkkfsBWYi{|x;)ZDq;Qi;i(H1{+n2LHZ(66qf69YLYKA1T|n=61&1Fv}P$VWuqOF z0$mj;Mo2oC$yG|O8SWJ0D~!FT9-}5f0a2qh zlWd0h_j_3zqFkU`0#Sw$3aTU@T=M@6@q*S<;uFR+MfzW9Ya{Vz%(~WOv&niGn!K=O zg|&(dc4!MQ>82Ly$1>frL2tgu5~Zt(T(d`+7P0O*jbR#HZhKLD61tnQw_iRRPm32} zmWawPifb8oovxkXO`R%|%MqO=i1k+9;~UDub@#?Vv`sSo#2F%4a!ExG@)Xk$W>lLE%r_^DEgQY(WHH5MI5kw3pOl4a*)l8ZldWiAHsk(N&g5 zJH4b(Nv_Ib6;=)uTSXX7r$@`jOpXrF68dalB$4Nl#AlpSaBld#}Fe){&ZJXSxLV#J^v`7b{m7SqRjN^ z;9Jvvdxtjd3H503(L>rNOMqNVp!P|4A5E<%2ko=hc$y3)Kk5C-DX^M8% zRl1O>T9{)n-oK9~`T|MQ^xjjVco?iG$;BZt`aG*+Yu#G9vIgrT^|NJ}3Wrjg{4!IN z+%FdR(sJe>Dyf5n_g*sKBEM+;qVzSao@`6#)u8oqk{pqoSmxE7Q+;k@&?Mj;% zZ+N5_4GrGqTOX%eBgTF1`r#SNKXQ}WFpAkI%wYD@{CZ1@sY@TOg>G{{S!|Y}u9>C} z@rMVdUPGG?RNCULp}tpvs5Ea2VA872wUxL z{h(46ZTIL(d7WsYU{PbD6jX^F<3})yM)p^Bhx_y1(0f9q`=&joT(>$(S7O+w%=zrg zaxy->vh*2Gg>1yexM8>A_XvHY6TQs+OU8pjPsn_NfA4K;Cuo`pvRym%L_{~!!jmc$;ystT8! zHtN~dH{)s5sG|1(i||xAc8(%SxooHWW_7dn^*TItK}YNz#2U+FCmu*gW)Fo4xf+}B zXtsZ>>YVGL@d86Kp)*4Q#X)z~rF6G_TcBW04&6Rr5ov)E3{<>YF zEj)+;q1E#A=pic)KJ5|y_2h6?iu<-rIp|bAEpBBE4&MTC61@D??sXIgciLBQ1i2`^ zy~uH4LjGy3-y<9?R)%4klR;o$jV|0(G@4;Nlv5~l`yN_0ORJ!^@%7~8>|9-p_2cGi z5}0q-qU{;Y_{VvpxgxX~q{|M{o6>Vm$C%L%hS)nvBsg!d7i^x1aNgU6D(p z-w=RfhdIVy?`FMc8XXfyH=>@fxsqPWlXKjHe(iHP7cJVv^K#v@(xxBVM3hM+mCwst z>v99R7_(o70=0wY9Fvgq_A+{*dP~lD#0CpyPGfT}F)sOajN81Uxe@t1YCTf4xR{UQ z95DH~2&Uk?32mxpsR!?yN95A&(7)jz3@H{~}$)!g@g)2ryDsn^xIAMj{e5fe8T5ecvJQQvU)#b9bg(#m05mCkQM`$a&s^Kc@ zQHaT>BP-`Bcgd;>QjS&2ekH)u$Vj^i!{02W)FBnqcFtbn^#M*2$8|BL61(XMA{zhm zjm578OJmmFl1ib7f|MSxzY0^NnzXqnk;|N{+|ifae&6AEr~P1T{-{fSgcYplrO<^K z`+jca3o*G{x$J2xXjuf~!?P70@X(`?amPpdcR>Q;)aG*EJ8wu000=I#1}8|u0$SV6+tL@q#s7wBN2uMcOb zNsh65x4WRCaKu?{c%0@^c|wOUT-#4i+fOE3Vw-`3zFkOYSb%(hovmS5=oSwPDHBmY7kP6xod7GB za06G}5I0R*3maW6KR-`BjAo#m8V?T_8aU*D_}cXj#OmmaQAP_&NiPss2Z9@jnKkCK zO%O_zEYu8=`&=^!xSaqONZ_nUMe$uY{I53n=K22&>R$rSch0{QMgsT-E%X18l>lyF zzxBVr1oa<#n4tevAnJejg9lvmKYjvwU@@Rm_AHlx2!&*-I zC_TcL2Xs9&N*b(|^a$<)E;ulz0FmqrWL|X9X1CMpMqr{eM=!oyQx}4!xb~!EK(U88 z4XI(IyZyc#CCnp^oP0}=lL-lFY@8Pg<}MCP6n7OTwaX_V$=MuJxQoPuI?khv0vQ0s zpj{`DRQT~2KhLwhqN}6B*r6q6aEV1`q50KR4Gebl}CzXhD2Vw{9JMH9%^Yt z(zG<8*lpCB&SCmy)ue;7Y96bw{n57--tlt8U`9Q}U6@;(1iRlb(%VRF@ z?%7sG&8R8gPg`7c4gRWbz+}>@#JTAWc1V0RqKT}RRk^B@`I19IWhIVhZ)u6gdh)B% z0=7b2%_*#V&P^T~Q;$jCxlPgo)yC9RSC?I(BakDCbiEsML{K#F+^&v~P)PM4u0o>+ zrfSRL#m;H{iV1x*ly8l?I5I%ZHZ+CuVzq~~uSdZ1O+zPCHWxJwB(B$+`J>cj-x`F9 z%dyhO+-4i3j=g8$xi~{Mt7_J&b8Q{T6Eej1kdOk$C{%wIHCpn9^HsV^K?%-y3r8kS z+H}!2&cqM2MRCcRX}Vk~JQNkqshBM&n>6X2&z;ldrvtdrsIxiTG)gUP5W}e8TNf&| z&F2QQG>(VdrIKR})`G9zUDJoqR?$n0Z1!;;cGmy!0*??;#@yAnJA*gi7}$tBm8j^t z1`l5?a25}@lg7Abdii+`IJ0|sq^`LofsRLzh9zQiS4o%St5j~j)7v8+u-6`w%DZ15 zo{7`x=eSH$ubSI0jTY1mIIfzW$@XG&1jE3>>k;zQ6?R7Az=!rIc}=T#7wh9Ar1~1M zXD4qa1~9)+=Qx!np*@>=L;7GVNALD`wb1kbe<+mer$zSw0KA;VZA&XeT`dupLW z4Vx&EbW+o}*J#+hU4HDTde!v%)Xmm8*O}D9#b%zt{2sgxP|0_?qrLTNavG)B)YWq? zp&pOD*VIlZ^IA*tt~F0CU0t;8*-*U<4Y@~*yiZ!F`(TJ(UuW-V@|nb@LpPPwHw+Bz z=))Oey3!AaY|*!*Wt{0U_qEmw?bT!xU#~~S`X-I{@Ch1Zj!wp-nuThN9 zn=Ie&)1?-DuQdJI)l1#)8P|$$orC6&Lywm?ARwT4LM$?fmko++m) zY{~46dS*%y^)@KU@6)^TeYg4FKQTu|en{>xnazHAJ5uY@`%{B%v*Y_6s2i+=1>YeI zkw^bv*lb=XrrE=A>#Fg(y2=97Em73O`4||IR#NpUl0$2}+)!J+u1}eU?R-~~SV92)YCoe*M1UMw+oc_>uw8VDSoH3|A;k!U97!v*T{p*x%7-q0?X_O|i__F3 zobGCk7asFkR@hq_Myv528pYGMwsCs+-7CP{s)ae;J?X>jq@|}koMh05T!nwD&C@WH z3XM8)E6Nub2WV&h(Ut07+^7ebVYmD-~3^(+@BlG+i zW&Gc0^$q?{=D%eBmzBeO$^S{qN&V*k{wo{sGygXk30=P`Q(ax1ot@p+*Ec*oTvk>F z;btMfS*T&QtE=nSv11w<8iY}$&!(lNL2*TXlUrjkt2r>A1;QVfq{XM*^%A5cbAry9z1yP^y$;X4m`tI zJf1^tgM)*^#XQ4aJlA_=My@JIxl0Wv@(c^`^!N7<^YEDAw;VWdK=-H*)HQ2(+*_*H z9V(mk^z_`dYgcG!C=@wcRaJHQsx0I&d;a|S%a<>Ecz8gwBlh<8SS*&AnOR(1{O;Ym zV0@gjtBkcQ%r(@oT9RTI1i>L6u-GJnP~>NmG(NQxgfvz0JU5C&3X59myP_QhT=0O)p9lk5pRqCaha327zE=k`^hV zQHMw<{OvHs>P%HvQ{5!q1oJD@U02s35!KT`_rNLE*~L8z;#Oy);zU0?hf(X#SEBdx z%#vhkciDX4wB_bM&%C&PJ5G|!7S4&MqPKkVC>s;4k%S6kx`kGYMyygoyBb8Dy~6ec zM<4y-mJv#9<858hCYne05KQFjgzgs6p^eg*5tXPen)5pAU`)Z6&lr!nRWoU+*6%$h zNtcI(=ovLlqsfdsP1P8YuFNDTa_p2ACEPV28VR4svkxPC-^;Wu5oMjJ^Tq-b#o(?9 z!!pQE$j7HKjAAtZRL8m*Z5X2Z zMEFZ=9PJp{4>?PEPIC>e)3uzK+?DOgb$@s2hi<;ou*v#b&d_Uz?(d0mAFVCz@XVX6 zNaAals_c2LFtsi~0+g!f*``32j&Xfo9m2lqCS@=rIm z_EQMg$8;#_HryBNiEBFgM##G=e(dmcbq(vihi!wQ`a*3Zx88eJcWQe#)ffwy`qo_b z8&<8kj$74Oos)3b_uz1g(Bt|#m4|~Z7wl4f50r$iZK1o{e_imqK;_t5P4iP&4)MaMiGB4$pTzxePX zD|mM2?s1o9*?#>R2jS<>4SG~QKKYYl7T$$?z!|fxet#Lyi?a#(uHrkdd#`)jb^n<8 zp)N^;A--asgZ?MDci#mGb_Qe+m@v>ddV$VsIX=QO`t6yzRP|F_2 zcsk)V&;kCl564!u9X#=b{b{6jlP2At1DfP^t=o>r7QDlCtF1ZUMA_4L@ws&DaVlJ3 z>d6Pr%-yKfYeUb)v~jPSu(RkB?#VJkD04mk1f-ecCgD>-x1MjCs$<-ol_J_Zv6cm^ zjv6)HPHQpohI%NDpAVBFcw-DsqM-Zfqe&be5Bimu?S_~2&t`)~j+VWjN*XdN%i7U* z$EEez%z$zVE|P9{xrocvA*&w0lorZc&!Pg=>E6@rG&FSMk+4w-pIV)9^a2m2kR0zA z+HTwwSGhNM26N36Fv7j1Z$)bQo!X!5y7h=pen5}^L-xzvF~jA`$^&OYg@yyYrF%I& zhN3F2yp)?6;a8cd|6}Kbd4ACJW_m6OtgiHUIdZS2?3!WhD7kcnfqQ z7(ZHDr}`p-g@o)o-JH;^rBmA zcvFs5@iA7h-mBA56Ee#wVc09=R&U@WWL|QOp;qx;y$QP_dAl}41?l=aO%_M1y)~Wn zKJnA`wL;d7mt-2l?oDsjku$NSW2#SZo3`6CZB^gj*$~_}z3E_s^*;B?Y)Yf%E#|3b zE**Z;*_z($^MCB)Y_(J zEN0}e{*mGIlKPag_SAvafy=`qXFGDcj`UZbsM+7!(%1O#RQz}c{@&=h;^P$=4_i)N z8{pHck~Xnx-hS6mW^`*q#mPkArnOtQt+FqbS!&CT!M3V_OteM{n{8XcP_BS)cG_T6 z@~J|Mi?$tC(j>Y>)_+TnLeTyFMXF9uMr?DrOcO<8NguyUoH|#TgVTR~$nb%gu5789 z+cgW13wx~Gv^S~095PS#5QTNZ?=@Jfk{E}|SAJ+^ia((UFHVsi^Jk$;_ z?{<5fv)-qx#ddentn&Duqfc)a#-??71>gsh>C0}i1w?oEMI$tBFf;r1Mm;2DW*r=l zxEAF}S*x_J$TzCp;8bDpjT<-KAze=zuxY47$cx|Ub7hx%eY*Drb48Z?+VP={Sug50 zJq&&PNd(5EMtXV=rpSX)ZiR@~ls_t?F4 z)}Oqz9Bqn3UGnT0o(EOg93=41yMq_vgG3>=`P~6H zmRK(KSd+NbxOnD-?3DP_#NQyploFgUWWp#MZ{w@H6fMPf>SN=ec%4v*{k<6r_a8GF)h6nhpI6}vVm zR}z_6I`e9FR5yxwlKFu)`|7umRQQm=SDG2wIOdH>G#yW_tP9(}oBgB?cGHFks!u2$ zPnrt#1X4Ej-C9O>@Pffo})d7^8a9~JqbzXeDG zgT%O`_~baUc#YKb81Klm!i<=-jH1}A!kC;C_LRs1($bRRil)q6mAQLcYa{D-Wr#I3 z#FuAO?PA~GTz9yToh$ONfk{zW3>j53KBlLpuX{-B^yw3gk>@H%FGTi)baj%7?KK!2 zzEPxcdpwf=P9%zqnQL!|o*pWp$u?GXQ=+1GR&(HZPZ=ssBOxs)ddx|hQjErHV~pCJ zT%KfP3$A|lwaf6lxqf32 zkSC%Lt2hk1o;fN)!SW$JS1_EtDO3s->V41AgQ1VDhjh3%4=$K z>+8xo3kw?dx9mA|u)VXkF_IMJ*QZD7$G^Id-%pR9d9~l_GkShh%qTsawjZ+}4uuQB z>1ne^hLGWs_8-sbIC!ji&xz+V$E)7#sy_1U?fXEp4wLe3YchI8p}J@2lL=qqEwrRT z92-u(om)3MVK=tIS@P~+zNjga*-*}%p+XCwKmR3L^*81J|Caq%PU;K$kIZlT?|()5 z2d?)&ZvT~8ZvPe4@Y0ac!vqG0yV;mo`I=eyXiIMK-m2-NA!=)(x7E!`+ZCq~;v`|| zY^#pl18{mg?k@GOs3I+CLQEMMR zjG?!yle~qfm#$oZ_jhc;Hc1|9;Hc1|9;Hc1|9n(wbY4}A+y;*5*GIZYkL*sO-B*JQ(4joNOC5t9q?l z-TWn?%@V_o$~6oFWFEx<=v>|{GmzN2Af3lBHFe`jEoVP>AD8VrB&a;;s6*orj4sq% z;f#5K3>tdbjL}{^;i$w64+L3idU+)#S`S5Kio^wE*-bKUf!ARxb#sL_4R_R^uf=+!9bYuW zWY%x2(X@ppKIA~dyXD8*@9M|59;w`xH^^^fuk+vnO>}j}h~<$hq`h(WY1Y+s+_zX? zka!vFbB&)G_C@qfvuKxnQs;WrxMokO5wvP^s9rU%s*P~Gi;v`L5 zZ(lCEmBJs2PLbiNv`winn|iZhJ^lJl4rJHy9o2UEY{`$EA? z+e}boQJUF1Wn{OG`?|3)*<<@;0&b)UO3&=x$p1*5p3~#Cq~_M+3OcSicl+XY(}}#O zOVqj4#^$hE+0vRDpPK3U>(;KAgsfPTUIyMr&it3icM*55CSc#-U}CyG?a zvn-N&%Tz@IQ_56j+O>Mmsx0l{$*LTyVS&8`?ur66F+yYYwZ1zWAOvYdd41XL{_rRS zHS^g?1PMb_RGp8c>cjf&H5B(7nvE6JVJ9LE*VIvtl?cPOznE?)AxXkULG7Q&8lVFd z2KQ&-^oFfbZHJH7KPur?Mng^A8A4E7h+@{`0|Bh9B9(b65dJ951*Lsm!(wAk4y=B4 zy-9eFmD1zgq=wkmMpCx1mY(;t0oNM0J?Qd#z^$COeJk3 zJ}QncVS4`0Q%Y8+Jqs!&X-pQqNbRDeHcBe&^XxJmcjM&w*9UxGwp(#Wy+*-Tvw3u1 zYj0{k>vYFA>ef@)<^zz)nw^3B;1)B(`%g~@3LV+(&3UNwJ*hE2qR3-&Q^}Kt2f_XO z-u&r1J7J}DPQLwM%b}--b+2E2znhYW2LGtzd>Mo|6Rr~0$DG>eKElj>Mu?$J-9BP^ zcdk)q&!3+*y}PY<#2$A~SnfpgqfQThrLI_m(&tC<>&^s@uGKih_o89#(VD|TiR-&z z&UbFM!lo$#qE3=ZVg7vl-i1STl00h@Ja~=FEtWHI_Vbtf$Kq6E>V1s%85AA9aZhsQ z*lMqCiOI9e9$14|&|9OQ0KTD2{gdHuV*76kD*X-lw z|DJ0X{;j$kX6LyG^o6oFvShv8A#JIaO*ff#yzW<|8%_@$xl{VAZa@WhE;EXf3mwQi zsJ5jcE1`p-B#B|p%q|H5T#5qeV$BK0OcKSfacNk~(}<_DAmT<>gf(-p8aL#lxaVwL zuzs`MzAH_kryg%RG1eOPh!RG$jS{;&Qbu%{jp>F2mYlEU6m4*4e)6 za#Z9|v|5SW@3wS}pT5wlpt;^2gR4`_I^^(LHCd6mvo;6LA+3AKu2Vv6PkJmx5#1px zp%bI|WuofdLi#(n98Gw`5ZpEv;oL?hRB9+0X@q$Qf-FTvP-jyVR}x<(rku9AVuP7! zzEDv@zJn!d^On7cmOAcg(?fYjWPCO>*$Tz;rbc!dxyPop;*;~W1~Q5d=8npslG-=g z-rCcZmh7VM&r>(qJ?O4s5*lWbq*$V(TyCnT$$waX=u)-jVE>bNHHH@IVcn$GUdni) zt@YukCM~1*7Ln*N{UQU7cdmiBnkwql*vZ-I7yF;5#QHIZ_`IJuclQ+LaX_AFbmBcN zcOf2Zm{jlS4wULe-SR%n-gNUo*_xb!Ak-f2m(vx!W&-9W_1Jn+h8m-bnS$!;Q$nuc z-7M-yV#XAr#`dI3>9(7yVzo%H@`{04;ldYrM=+K?PHNI!F$25P!r&J?UvNuR<}nGr zj(#G*Y#oZv7!=6wm^xo)ZXj(GBiNhRusY_sUdGKa-dChaX~$xoy7Fcm48J-W#Znw| z)a04QOYWT1%{(ohDXJCl;k(>#&V<&T>@L1uOztArRa(WiwzR_{Fm#7<&>qVabhL`P zVtOH_Btv{dr&`mNK(WHlJXnbfA=3G%32s;i2(Loa6 z2Sjq6utoH&a&-5)KRn(#g~e$Nyd9j**JnqVVkDX6wbR**M?KLz*pw>WW-|{eccuz9 z&g0nT3;G8Xg=~kmQrT}P&b!@VxbKXRfXtECmpC5qSn$PglVSb%jKa*+UDGo)t+L3x zlDJdl(sSHOVuHySJhwSerBbVA=Wtubmbz{AOp)E77NU{e(&APg=vh>EKttipZr6sHgKptjrwZPIrXct=FzukFI0pX`#IU|z3%bgi4&vcC8Gxg5#Cf} zQcAw>$Qa)o&U?#+fp@cUelcHX;(UomLQgi%h7-*9SrXbzv@NiuP>0nrZrHCV*Fqrg zWOO@MPe6MDN~=66Le)WYBJK3?B<)cNfn8)78VJhAqcm|{5yt!IZ`sXU*5=$Z>qgB$ zCFh_S3S4;umA1=JIq!_h^<)Ijy<#C@yJS*vWx?W(vQ&&@Ie87#1+tE!A!Hlc_>miV zRn@r}LU^h(vm1J%$eLyL@dTmT_Xk;RpawPCz4WuV^vo-1rSLU6J5EkSdc_VD(+2U_ z;@YXb%MQ{7om+3o_%iSWT^8e*%N;nKi~3aRez()A*n>@;t0>aG%QDq;rmZ>!Gsp_4uHs3h2!F+OWi5G}gTC%sCZ#XwNBbaw9@0O6RnM+mcI0gL(CESj=R6|pdE@b@8UYHQY!J{@}2|l>P%Gqk$ z-(1ulpk!aVNXig1v<3nR!ARCQYNk267EJ0^-`jRr_#x;K+WRwuYLL#5F-N8C)4HK+LssW27oe3hp{l#bsW zl)1G&%90^Ge*0E0djtcO5>7mBdxCqCPl{P)md6(H9M{A`A#Q%U41?^7`jkMfK;9Zv z8&PT#ZEE@*WQX_Lb%-8r-DfFD)u$ns)|c)yY@^LMe5!bZ^PnM}3IBOZI%$R&wZqp` zIlt>1@(ug%Tru;%WafYT#&_($7%7Pr;{Si!e}5dnztHk0{6A!u`+pdDn7X=1>nd35 ztJ#@^gHnN3rY_PL*&qiuLnBiioQ0RXZJ?i}j*PRsxz;wn0CP`1on|-N*NjpG@Dmb8}|q&8wHsZe1I_ zdT!v-z@an8+J;+ppU8|d*3oMBbN)m}M~Xy#`uOqvyLUiG^zq|I5D`Yy4H5Ec0^wqe ze}UjOhAw0Wc-k4ZmLxVt2goW?w<#rPkdo0+QBh6(3>pu8Uq0j6Ak`zKA?AT3ah957 zV_r*}bl^aMCWpgS{0Ki8wXz9jyBT}D(rS7-s#QUf)G4+S`s~}?%;3c?*eFG$UjmB+ zR(Ul813gs+hPswMT~eQH7kt%$^!;vdDTJvxEcS>C?AT5Vc4IRyNg77RI_g%-5QZ}h zqZs`Hk8X4JwYvr?Ox-Xs?r?WMle?9fOiX{!hgmhBc`mI&aS}B)o$sbfJ9eo8VhMVJ z>_&G6SSLo8J4&}kac+)BS+QEgCRV7cU`U4^U9+lzVkD>;XM1!LTkokmt|F(lA-x0Z zOJSVkjK);-7*R5)FkN6w`6G%%U~N5e%8XaTwUDc43=50B7`8R-S@pB?F~|zCq?$V# zP`&QnC#1X^mHr=l-yPOuw(b3)?Vwk=seO~ zpw8j5KIbZ+2u41wSt_ZM41s$|lknyC(HPdS73 z)v@s;v7crpJ+4c`5{P(bon3W+=HLJ%mzA)c)N9F?>-?yoszB)k=h6seFOF5b_wtrY z+BCRR>Eb4*OFED{w;B52Q;_Ta;^_<+^%0{q{-Q_vO^iJWY24FpUM5yMJ9k1yv6S(A zAk!Djz^puyqlD}BAVa1*o$@vm&dZ-Q)`J=KSfU}Bjw@C|)DC~3qv z9{|=z*^V2cy0Wf`SopDU5PE`IO@gsT#4;~t08;`T79n;fH+(wCd!)*EG2UFEeIn6K z9%^GnsOttgC4gIM_B8bYpu)HuFvlUodpNX%SBx5k{T1-Ddi>q(4@Y!&QY_pVn6L?; z5aw6jpiqr>>-gepptvn9c|6F=Jg@(`X~{G%vsPkr429l8!2PBs!8G zp>EEiE0ug!M|<3uHf17l9j zdGLIc=_l=8Hm?;Bj8kahjgV2LB1qEsZd9{xN}8t6(U?bv&t1}fH{Ch&0zE^9h;{3p zABGI(T-Z2WqI2pz9BH3%@sWZazOfhFr%Fz07~P^xZfZ+VnmM_nbXNi6`ZA$cuX!7} zlarp|SijLzBVMo5L$WVBIzDXEh4hOJM?RhO1xU839C;^TX%C(e8agV|KlO4Dwyx_< z?k6&@8F3(Y?YyM6P5X68h0LhL-Q%4Q$*ipu`HUdj0pWed$W<Z{hcIIi*!b6i)Zi8inMDfzy{6!?r-J-)he1lsK=t zbwGfrOJd{>g`h-7y&0IMpstFEr%=N6`4+rgBNHA;%8DaHFDn~AWEe=&wOn|9!-~zU zmOi8Wm{G7|O|P^>MO05M^)Vmk4sIjq%#&^Xa|x5}+synAAK|Wm3U~urkCN&=%{vZ3oEHz$AI#wIh0y~opd zSH8w!mk>xjr}YEUG2`s6tP?)zKGJvCm6#c%Pi?tXWse}}ltJQRz@ZQ^z=_bO~33^5kb=2tOA*Ydn)wXYr*OxGz%?)Hb9o>A_RUZy; z0!*>A@U_@@Cc5M}I<`1YPKGRdx}=o&c02pcq_XVDHeD8e0V-!W3NhtNZHNtCDgfzLoOYDH6^~+Yq+#M z4JIS1ND?nljHtk}6rHSgs$f8V5Gg`DzIxS!72y+W{CK{1BUgoE&#QGWzHH-pr&4;t zP$w3+)vj?DV3@s>^;ERH>cSRmVxEu6qWfQv{u*(8H9eu>27~?;u-tqosr?pXs?U75X0bn3^zp z?GBfw*^+isq1~A@27oyBv?uR{{VU&*GY=(79Hb!mURD+UJ=&7$jSU=Yb#z7a2_(a^j7Twz zqDTR_yo>x?8Z*n16M|J3pocJGfOrt2DZvtKZY8e`)$zc%frWVsol@b!m8lW|IAKD7^Aq6OYvM@2C&KzS?r_s4?eW+P@I*OuQk5b|#< zBl9XURAH=cPSk9@=i;KaoD13;Yk4dq0jtnDtEMf+TLWZk&XgT$I5@ujW=-9A)YBrD zXXg+o55bEEy@Q|9QD6f!Rk$yiz>S3p8CStlqWn5MBVS(#&vJ&h&MgE&Odh;z@+Jwc2$GQbZ&M z;{XJTDwl#n;>DOTL*ZdM_gR>MD`s|rAm%Karc1W9E2!EX87_NkkFs4BUJwxJO3W6r(G)oosrdYY8%R{&+M~BFrfdC zLmYXLZecEy)uFfs`93~OvD!ueNs>Axu`5bcVOMtAf)FZ+ymJk(Ow-BnTEMd1qeuR`~%+HSQ`Clm|bG zVIXCz@)qqp6}d~@lBB15F3X1TmLS@}iFYi{$0{*lcdZQ@5lI0OxPU7j^M<+~J11=> z_tdR2QfeCNAKMLF>b2i?G`$3zhcuw^gBiiH+1?JU`gZKJ&OqG@Q&-2gnl@r7vrX(o z7Y}{7EJ*%kgq>DB+)Q~873$<6;Zp?;#%|*oeO4`MW|7roV*5$Fsb=RVZuf(GEu20r zgQ>hA5Z2sswBb#o#-IyCkOJI})&?0_-tj5?&^Pxo;H<~3Oc)&4b?T_;nRec~K=RW) zvk3qM+rE((l$~0J#)OvKjF$~MbM2m&N`1q*^qVla{AhcOT6?jK91-C+Lr-OD<2rWB z$F{9e8IP+nJQ`@c1G;Zrg1%w$HWR#EYVrj*;QRxT#w0oXPzGO~-qX_#36A>BbV}k~ zdybJ3#nU=ig^Z&P0w9#A*YO~5j=DVsaR@U9DOaW2*u zpyCD+MPxJHHIsOEwD#$#Rw(zGdMGkc+(OKnV`p3VLC+>~Kcu8aM4S);HV3NU1VGS0zCqlMm?4p{IZYsYdazCqTF5*`6&< z<1ctf@Thb$V9s2%{^{|)4{1K1FRx7vluGx>XUQUohhGqLsCJXHh<&Ip&mmaAKz2Ohk1^Qn5vMQ;C91OAUq zmk*HoFWwD`GE^G#+cuIghq{I8dV>$x2FFSOM_wdv4m=HVuKV0QK~@Kupxb%K?Z(Gi#>gmcHrdB(Y?~ z`^#?`IQWKfq_+F8{io5zpH?Ch+ZV((%s<$DepxWA#Tn%`-TJmw25>1U1%)00nB z814oWws#Vc7=JXskznN7wKbO36X#fq6agc@2)MtECNN~gIKcy1O$OPTR}lQ@CtuqV_ZQ8jM+AV z4|<6J=c+&;=h$ue*6CS6aVd>O3nZ5zyFQ*Keeyl|D5;Rsp=SpMylA@YXsZx z*t6S6?SQtLm%jTRB^R|oAD5s#9z_4}5Pt(tg8+k_E(ZRp!TbGo8Y#KBxLNsnEAKZt zxW{+Du}5%#iBX8FxtEfvk$)J`OIa^iIUvMOZ@*r!ZA56GO_-XJ-hKsNGmD_eNOzZT ziyz^GtNl0M4e`!?p<4xY{k&a$@kZ{!?)cC^{BEy6nlU^SukG&~85khz8t5D;EleeCqe}*l(G3$g)y_Gsva;?aSqxk&%N# z(>$<)_8PL6GUR1hvGW(3rx#XJZwa5RuNs&?%)jSw@2Y;5E+k) z21u@=y!d!lnj*(8if7^C@!gLL;pD_%c(}N@xfzaFGqAwn+?>Jy0}l@-Hw#RX@R>C3OJuJewU?h-ccVYbN$zDqNgX6M=;G`Zn=YbM%EuBPO=IF0a}MK!E+bO8-{S5ou4 z$<8YQQ-BGlaB(I3(Sih&@K&QZm|&%38crqJ831LTW#BVJi>pY_^=%xI+J7$2IMh~7 zhR+nh&zbK_h`gnoq>Qw7?52bY41F3NmE}8C=Dj zRmxZvthV}M#P=%Tl(7#90@`uNz{LdS<8K~opscss3{hUnksx%JO>w56mvKn(k3m_) z(6jrBHB+ZW-l3kxFxt1c+{z+cox2+&=N)ctpNi@0RvH4cMcvv!0u5-DlW3LYNm zf^DCOOKI&8A5LcA0w{xO5Pb&9*>j1WSK5#W(BK=Da5D+I1m{by?lPC|7~*@>oy071 zZ*?aM+9F8P44BPzNVyms!Q3l62%rO`3C?V*opAsNDZH{V1)<&6c%kA2lLz7xb>9|Ltg1*YE`Uf=9s+vDG}9>E zAJrIOiVe3wbO=gNj3D2_)D#;NQC=I2UFfelbd&sEKX2cgP@g)l;L$W1F z2cc8l-NWtc4$?V{hCVHYELfiJgo-%|Y*dDh+D|^OUe?Sy+5UVGNAQ?bt{99#X#p{u zhl=NAE_he0xL+*ZNxjd(etl^rO}e*#`UnW>Bvu0 z!*K4Ck8R4SSJ8+I#>r1<_?1AqB!z@ZG2d~6e>DQv2{Nom29UPTEDG5~2~C3~iT+tt zVf4PE+C7TwK_Lh#rx;Q7^wxZ1FiX~!P|q^#{Ao#~=|Q*R^X29$8e2Zx!v?V&)?pUC zBT6^{7v>>=#%#h@s12ET49C5o;jN>)L-Y(dC#;De(nJiI6ax(NUOwJnoz>XFW*>xC zj^xXb!t-xI&rqPur_?8wo`p+<9f~g>mq*AGbO50NPqN{w5sE}Gng%KN@vbEWa z*8-RD;b@`RCFdC0p;0iHI$=NJIpcKa8_9@W z8E{>jMMqIy@%uO}Ds$#_h}6Xx$OfG*NST)c@#5n8eCaJoE)?X5NhY{+4*Hx6}GTIoY-ihda z2QocIf^>eQUI`9Ip@3BIqNOMxivc9eJfZX}W7P>~^=dfrJGKuFdK?WUv0|#o=kPON z2Tw94YYkG=t%uN=9hoK>aiCVlvKNepCE_J`W1g^~XTtk-%)Bgm+rDJBaVGNW2SY(5 zl}?U3hr^T*CnY}H!FH1~9P)BTQp*UK-G@Hdj=%p9z_o){bfRD%DPR)Ees(~9ShBY{ zNSxaF-aimDQ)d7Oljy*Wr7+1ij`qja9qHEHfa)xg{V^N}z>revMy^ZJti`;P%rxU? z&R{zNh^cEXmSx2Wh9{Y-L4bOfViKPexCc72a)`|t3_TW3$A_jS->+-tuPdMvy>KQE zL?Uh6uw&jL)Eu+>giA^8yAEj5s#bIHeXNu<2%EHeh(5<%QH0=WQ5Ap4HEn^lIsAIy z8zQ*tqr0fsYPUjZP>hi2BW5ICNvL5>Y{xTaSU9=ADBOPV6z>dnAeoJCQTBB zOx#S)P&p>m>%yiR*|))_lRWvXS}{`tB($!OMt=QRkQEr{Yv_VCn!4$aB!bCr0*-*P z=3R%+_axm=rFfeydLt&UWE&`7HYNG9NU0C*d9)HM#o@wXEilL)5R?G>G;LqKo+*h2 z5+z#$4=-*3F5fvQ18iGiTy49)&K}qWiYC69;%;vtsmna)T^6i=JC7T_&^un|jL1I^ z=&W1_7kK8R7)Frbs8YzZ{=6(nJavW8kX;PI2dj3U2OJwov0Jj7c;LsU9xSUz1bu$+ zs(`d*Rz>r2FBDFfh3d1$E3%8P%;+NvivTKD4uW}u#4qMFT*w^L^r@a0nHqH^dj$yT=bN9AFB{ z*>1X6y{PeAogsR;^7Fg--T1{DX^~Hqgu<@+PD0D1NiNg(!-@w=-!mQE8Xmae)HPn( zlgRGIOOjK06!GAE)Z2%OI9J%qL|p^1=w&rnVwKWHeQzj=By-d7P`D@f!@^JnM z6ZM-tr#Axk2LaNuNA=9sjT!WS5z+XCdBDO(!D!uBC`(T&A*$?zfeF%tLq1-J66anW zZ;4Czh;VdnjpLvg(7Z+#^kw}|Ij#uuVjF`NUI#uomtfb73|x2K9q#zdGI2>?_H}1s zfXJQRHQ80a7j`agHZ_I8V$L=e@<8QsEU3#mE*`Cv%)~-i>pw zpGav~PigE=p<_!)@(Sc(Nxe{zdI_0&4iDp=SxKeh(z?{sy6w_>!_(d*qzzt3yFQWD zhl6f9BYao?(>69U4-WJX{F@vAe&GL2OR4xR{=W(h0PyGg|KFk${h*OA`X3R{2D)ju z{^{v{etyQr#uF105)u;OIU8(xpC6ug0F*Xfth_v(N^{%q{XaNGC?a=q_}*O4RqfQBIAoHLw&fA>=W^nvx-{GOtp6Q z14SIUR&!F<)9!b`^D2qzSRTKrV=GNpiDV@xJrCkQ5+6NO%-2sxHs+`##4ar90KyI; zqP7bTD`(QkIVl=UUr@m7C8F&VAdIr8I>%pKn-l>E??h&|c8XLd))vt_2p+!DH6+4L zkGaT7&o1nn%?V>-f}Oo_60l<}xJBPC$VK7jJhPw4be4>Yv*YIDddfqqZ6K$zQV_7!^e5{am z4p#9Cs6>O)3f&PaDN9tS&GBt%`jq8s`Yno)N2Si=s}L9L1S!Y1yn$QVhdVn=rW%pA zDd7Z>AU8|A8U!mQmZ81GQU!53i{lmV8a2LDb=S{PAOK=zouQxex$(MaEHtyAK~@3a zdQgpcDUCBTFCiS|x7t5diMH~<( z!2rfvLPL`D<`}w=$8m!5Ny3*CZA9qJamRtdR|`30dg6QuQ^{cuG>D6QzI-pojip$1 z9=8g>0aQF&0Y2+3P?@=fq7H&)?rH2ptt~5woQ zrgoQgTInFgwg%~Bs-z#q_W@`|3?Z95Hc6^zFOa0NlY0}ZY8Is@S%t)3cAWxF!%2@C zI_R?C0I}=VAdrs)7L zOSO7-sY8ij1fVE;f*RnuS(2>4&IGUbB%Tl4vK5c40+CMu+NZ7Fd8txAz}F$tPO2df zmt4ZA>!Aw|CwgvklP2?lAHZ526J)gGoK525>NxF1JsTrm}z0g8p|tfB*dVcMtY< zb>0;~%l_$Z9N_vF?*TtJ{}q&#<-f82swpb|jQ{$b75jUC{&N0brG+`t@;`38e6cY( zykRD=(NMIJ8n~g&yz%h7jTM=S3IA6?x4&({t`_ z#iHYbV@d+96au$aA=e!Bz%MHx#neM6FmGX&;C4m@4=mS{+DGo<=$rySvj^5}9 zi$;_LeO3^c4tpAR7&b13B`)`%FboDqgRvT@NOKefW^P~Z(|p7Z)Wnq0!UQrjmv6P8 zF!{)rnzLN&grTxEM{S18hglh#YI?C@84TT*`&?^J@S+YeA~hw zTy2r%q^%gjed}IU+>o{r>S=wq_QSflTtgB#8TmQZLgXip%1I*q%J|T^6uMD?X0k(6;z~R=(|9*G#GSFBm$0XwGu5*-qhrP9Fm(ZQJ2DB}Vsu>6%Ev)OnpG&{rfYfs z;f>2HVc8Mlx+!bvLcJBwQSE2lKC#`FxsM8f5x|YIdtNv6e}ZxkSvM`{C&7f@u_OvT zKiqgHT-k!Oi&O%-fCkHu*SMl|9y%S}0cu&a1T_d03<9#e+LK2>?5Y$KBZ@jz$H%-? zAP_VdGl_1`edmxOLB^O;+T!kI}E)t<#so zKj5~&wPC;^ai{@FC;^2AuyklcR%np4jU88dCQeyh?+AYspGq_qPu9ZPfY~H9Bu~_^ zDW4Dmfe`41z;^ZoyF%`ZZ5;=ZN6qb!S0r|HvIcpynK~wz?`MKeXjw5Gg#=j#wVywN zHSs{2ph1R1d+(a_*GVkrESQ5mAnUp!McR=ugct(-&@+Z>#H`sk8#o3_dFxaZ=d{XT zauMR4NILjzg9jTm>ji>H?HA_6P)4-Da9Hr+Lw#J8g3Ai6!c20R&K1IMf@W+j+6AZ}X}Vv#ZK zuCkPE7?W}p2f{4E+?dfTvba{)86TE{LFV8(lFZQq1>?gphc9NR*JU1&5ZUPe!F(R)i{u}30{y- zW8dsPeKg)n+YG8zj&kO3XoVg=x^&wmk5j(4)8qA=036W9v5+{Qb`Vg8Y{x{3g}NOnuuesT9Tfllpmj&eTnt9bPblI-z-eacy;;@Z3iH~gc9 zC=w$3rx(@;=lVAM2baag9{~}5ic|9Nw0QeZT)D-POfR%y*vk>t@hy)rC;`A z4gccZe^U^ASN=N(`Z@pO2>7eAf3uGt$bTi80q~pqzp66LB=}SQZxZi+`0tDSe+Niy z+W*eqTFGpGY?OVst!;swy#g0HdS`ZR_0y-ur@C zrJjNp?*0X{ijnRbc)otqZ{rcU(T-=TG2Apjo86J#**2i<{*74SWow?<_4XN6{K#$Q zL$riGA_$8kmhkwro#4#O)O0b{ee6gmJsmxi<)AYh!c@s>m1D!D{Kh%?XLBMUtYm1lS?E9`Z9=afJM4oASrJC!i*OQsf6^D}8qBcH~o zMtK>NH8Df)@y;tG)+!ha&&D7rE0cQ>lLeu(w>avJ z5z_2t@?30z_k`Q4m$bMOvK#=Nh%}=&I_D6BdY4F&U`CKmW~<-sqR*%y%5Et)1rh*QDPuQfJ*JNt-jG*a&wAF~bC7|M=SO=` z4`mEhjV>NMi@aGK)*w%*$rK4dz8Q$=R7;-?5Y8Bzw3W`@k*2zr_(-E7D5ef%mngcb zwU`7sVOVUVVy+mB?|#bJj@m%`rW?293rwoeLa3M~=Fzo2_*RUhOZu z8DpKQUzOr3Ebi*GLAZ`77<3bqE+`4Db$}O1raIha_TX|cDwSlERyX(Ht-T61g^Cjh z#%yL}G6cDF9&FX}shk7OTuvC~x57S(@q}2PO4-Liho6Iu`<*X90$$;TNBLYv+~WDS z?IvXphg#EiCD7=eJ8yBvE`NUmA(I~+b#n|zw8NBfcD7H9J0@$9z|o=4W-EgS8+9rq zpO6bDcz4%!nS_rbz4zoXS1A=%fWlipaNHd1yfnd`&MNM9gs0$E(No|op}72^IF1Iz(=oV@g@d46SOgoS zGg?$UZdE51bc~S@BSHbKnKX8?!0ltsJL1o}Zqt(>kwn^0I1!2kO^bVZI~WtX4gt?E z>NK5UyUWuo#XY#71Q&l&;CWpf?hcf;N}ss_=C5%Mm1NpG4?}0Jm~bfs1aYgO8&A!j z*FQ;kDzbg+r@n2y<$(1O(bU`-o4v*pgcxc1Cp)hWOx5iy8x)=`jJ(dKtlSkeZ1$?; z{Au#&*x{OqSN`ZY&8{PC68Nqo9O?2Zb&a*D;7Hyg>+{#v_>9hsfO#ig#)^cX7@=8xd9CH*yXOPR?mOYnps-ZuR^m0iQ3iuhM*Sgn0Z$&Xj*9 zWhrLVx)pyW=UQqo-F34UUC$$3<7{~uste(VMWr(i;TzyZj%UNkYW;kC7Jkn)b{ z&I;^S@;NEIs}OluE2iD5@nmeG3p%HwlSi+RvO`pz@cy!Snpw9i2wgzs6{f1qhYKyoqITmBUYnV>;6nIuPDNiH`sQ`XYKD4(8pMOy5_D(?%S$7yv3xuI1Z?Ybb1O+6 z)&5T+a!yS_CmM~Ynnb893=y7EGxL^v&nL__{fW{*w-b7)Q7Z%qbGOG&5Cbf6iMAx; z#O1NMEN#^~y#|XpnJv&AxP8y^uhhf$z5!S60M-ijSMLzC3cetiLIu#&RQZHS^+Jae z$y`F|GOpg5%k>6v`IYx?w5o&U_B~8pkS1$rFX?#`oWPagRA_-l@=&L;J2)rl|V!{`c?LKVR;D`2Z8pi~__C z-*T^<#Sn)JyPiIO{qfSBRlUrqu=)p^_c@R2za7q(_gvJM_uS1kX!^hWfN_mH{MJz0 zhLd=P8w!nNvGYp7&{EhslD%Bb>pd#g*ueAh3MX7TPFM;O*+jwIF7lWe7Ns~tyQVqQ z88iIrV@BE6l)ay^^k=XTd`KsQigr;2034PGk48l5914ntK@{Mz@MLhDE`deH-Om;U zMkJGB3Xj7AP-K{1WqPK55=31SqJ@Y(f>pKAQg!!`3$y1j2)$yn%N4pMUw4}vOh-XU z=BR8xw&wu!mg%)~13gj~@{rdg!-lKGZ*_>zan0UgmjLOwOH>8g@8MOFQi383cBy(r z_e9L~8fg2bWufZjACWL1#$`&U>5vR0~lok;q#+l6tq?tMw=#0ix4hbXl8a0h`4Csz`~*FkUi+PaDg(%U{XH!>w-3k*<;=mcq_GF) zWxW^1!VFY#40S!q0`v(4IcqM~;9T2!ZT&~Gp~qSH%%?w@# zBIa?6f@CbBDvRR1`$EulI;J-^si5Wcw_t$VpVY}w>4xbG$vF{P45~=VVo9xxA`7Bq zMT1;d3jZpZ}fj<<)8N7f6rF=BLCq43LtF&R4SF$ z>ldjGe39y#UkG4^xJ(Z2)^#fv$(RFlKiTZxvo!yfUcSr!I$@rFrvUf?|I_Y&-`f9Z z5urcrfB%;C|HA)5fDk~#|4FMHee(QmUHc5ZRtZ+OJm&aNZtd-N?>{+2UDoq%k+iBk z*FEP#rurp!Yq_3n8(4_S8~pU?^YZHY%UADJ_BBk+tx$&^4c>lId2Wgp@C8vR;xRe# zX8nVJS=H^C7q8xY5VfeDeY7@qcbS;pTiP^fN<4p|_rdP4OSTd1vUYU`j}9Qzi#-#% zIP@!qC!f*KCg+#d9z1@$xRZ({bv-TBqftiB}5 zFrZZUtv|x%oB;R+wd`N`KQ!$7r9hS>9#{H|V@A5q(%AW{)$V>)NAlCuaYnAj(}YLO z5h*!FXC6oySAbC4Vi|Q2B3f+Ql_A?CSvfI@aWi;e=a;oOUqK@bY zbK?aNjN8zHW^$6-xFn>v!bFr262%&dNDv>llnTO>Nea4Eevla?z#=KWbvtaE%67~) z6le!Onmf;sg&xYJDM2SF08!-F0q0fYXM$k>jtU()q~&$_S;*B)WvzOA@*F7+f#nh% zSSr^yB7sEHM3P9lkdzcdJjE`n>lU67UiHzLI8RN+vP$<8v-F@ab_v0vSJ{Gu_=j8q zM9R8Cg+3`&W)KHbCy;3d3WQd5Rz)HTy4{E7&ERwuWn{oNa+VCK9bnUNP!7wUOGGgs zTmWJ@4K9Zz&I>c~*cE^?#Nx$wypAO@Ge`wIq-c9C!WqI3ht77pA>y^U_4*g;NZM`M z(#K>*Rgq8z6#jsZ-6$v~RvVX}ByN342Dq%qfE(eYf0k`qWp7tBLK!`QRR%k##tS9e z?dEDMVWz}r$8x3EJ+m6QW0W*5%65;L#W{u@Ewug~>3^d46#L5DH787BKbjqi?9P;f z#Azte@PB4WPS;ABjM-!&tIhbpQ-*u{wvXBWj8;NJ+aDkdhzl4CuOC6F@^I7M_2LjZ7fPP^K25> z$Wy{O*TtJ30WygI&IlqJ(j!LL+xG&gMCp3E4z>x^Ian(!Ucg*A!(4QWvVA`Y?`Y7z z1SsYLFosR@fl{Hm^2k^I-_!m;*&}^9oRKN@E$k@ROD z!Wx~%Z%gBSvN7%2A2it~DR5I?poTHVj1j~>(Q*+_-FcjG;3D*;m?)Km4Ux6GM2#6c z2_iB2E;I@$6$lFN^wT#d*`n^ZN6I+Og22s8)pW1J>7ODB_achYY-joQK*NV?4;yta zBfy5n_R4k~&Xeuldn5fkz*D9vvAfu-Jn?cf9X4CBuMzpSmH>+mWQ0>w84AN$Zl_{G z_bXiybo1gB9wLzLUI#20 z_KSGk1o-ULRQ~NVml!8@6zR>*eA@Ev?Oca#!4b#A_m=3XL-&WT9Qpk2)f~Q;0bxZY zL?cBD@Dd~j8xr(@{5^9Bh*8t-Dg(P?I3!ZmPdzpfpMb1j`<&!ektAGI;DY?AcKjKB z{_mFgzWle@E%)DT=nu-v%PVifdjj&bKebI=pZ2GqNW1g@>+f6rUtWpk|Eux`ZT@Ya z!a_owgYkI4*FE45+jMsG_x|G&e^~uL_2ciZzkWbyu(x~2-!bkVod3!Sv}BK8(Xmfmc+}R8-MaQNb(9 z%PY#s_`1l^$*Iw}S4~5C^Je(H;;NeR3g0Wfi6-@%^75O_%PW2<|EsqD1wHedDzp*N zx={aZ7b?F$B8BgaNJaL)F(Q>;;R=0!L<*|E9nmi-RKH(b@jD~>l5yuZ<-bp(UuQ`9 zO_g70r1+f?{Q~OzJH=_M{p}*F{Sl3nzFD8$lck^J@^;T@9z&! z;VX&o&uUhI#6RfitFf86`@6UY?{*LVFBkLgcciHH>s2+2*xUsFP)omGK}r7C6?O$X z2YCLFY)W5k9dq|UqMy62m-8PGTIs7{nFj`kdIb7;2mbNUl)vJ6^RQrAH$PfY<*x{B z>F)NU3MyaC|EmgrqViXSunY?@bNU#@S(PRde)9j{ME^f( zMw1vqyMnt1Yx)MddT&1Z5WE9?BV?V4w5#bR@~!4K0^%pv{}DC+_kH^=|NmCo{7V!2 zA^-pO{8v-_iU0eTX#Qs_|I_~q4rFgu@w&G8R=4Tu`&FzK9DoA=m?4e70(`NfU^k=P z-k;8vf0n}k+2y{^|6kdS{_+HV#QzG)-`f9G6%>Bj|Nk=G|4aj4_+JeK0Z71R4Irmpq;J-4!AM^jW`9IVYXpkU3 z@Be>==zp^A7yjq`2mZ$|@E)5uA2jffFDM{1@Q;j;O&};576=Um#*60ivYva#`t zgxIVLKzaU&`}8I5$Gg<4mgdppvr~FFbgSV{A@CNAD9y6jq)BPS3MbQeNNx^(scYy z`r`W=Z$C3J&?V|I%_jYF{@>h_mhm%KkH2R2oJ zc#l7Y|B8cTebEE<@Et$L>+wk4|A06{Ww-6o*{J)9a(CiZT-HU;R0^;9NP^@tf=x=G zDcCAk1v5Ujj2QFCTh_xj!GfmRNFERyD3;3<2od%pU3vA1&DM=Qi~|xOBp%BIO=XJ8 z@G>F#>gd^H83NJB2m;(z4o-JGh(+#%9OwW`kz5IjEi{mfHeiRAqqm#_In~M4Gr`bs zCdbT64oq-gG+1rG?EKN)2qJy!j-JlbMBoJY009YuFMt^U-`>7}C*9`>pjq%dldVq` zt5cf}3*??SKzwLZAaBq#eJNoU%Yf>pEElQbaR>e%A-GgHjs3>yrM5wq|zh(v&$ zf&zSDM&6%^gp2dG&>8gaeTlj@<_40IKMzlfI-53Wgl}&rNk|GD$7XNIiZ~&-)_EMF zcR@UgXhtBN@l69HBK3`KyP`jfJbtf2u*(^h#q_^P({Ba)cR;;!^4#{fs7uv*?~uNc z3oKVjg1WTl1`DPr_-gIKt9x=-Zi*4n>w>}sI4=YK@JDcBht{=gsgkRPs z;l%V(B9Mw)qylJmP|~w&P}b)2w}46HmBzae?A1moBloxwZ3np_v5~GUU$+20-rUUxi`zBYUDXemXYIE3h&MHcq(mE^&W&9%<$-ot*IBE2wpL!i z*@bGRv}j&q_h8s38+2I52FrAimmR_A9TfuQ3y29mY)c18=0#yMGUIs;nMlXRQP2#$ z^e7f2DlH?g+?5n4q*`U+>du5fTfdL)+ZCKc%Rz0~Z=2NS(^ z-A)&U>_mV-=sV+OHhucj!rQ|MXYS<9|KuX<{2Qct8HUUjn0fPrxY@8STPihep zSj6e@<&R1LMw}htf$YOAqHEF;*Ixk;Xe9*9(|^qH)XiMM3LVLtAP}6GXWc38P8#0t4$eiMuYy;3Bd^JG#Btm+jvic^b; z>ph5faw<;RT}i&@cNWV%*x9!Q8Lf|`{2%td1E7g!YjhI=geqM?gq0$Qlq7_v;FmzC z(u9CrNQFp?A)(nq7X$>wE{cK*h>E={C^l?}*c)O)u^{&H$(v085m0RRfB${YShAVj zIeX^JoH}P_Xi1U^DE$!kqgrLf?vs2PmW)kJzD3c%`5oaxM>cPpK6u4hB?p%z&mi}d z1|bUCA*-xdWSv!X-bC;6qr@<%>f_rtPY<1%eQ5Qixp&g)E93rA_&n=f>q+SWBaFw!Pwif9L;yo9I6XK+OO9z@cnl|GzhH+CP12KX*m`p@=267 zG_gY`=}lG3Pb=0dnz$oM4;pAC(Dd^d4o+U(Ma&-*%tbR!8I(3?>;jd_>>!AZ|*=e}~91f%8@o+;XCl$R5cFMDe|>c&VlqTkdNtq(4H@0%%^ z&1@d`fOWQPiB|zUA%$q4G`#NGrSN%G-WxYe5X^k^^6pY8WBI9kruNYd)&Z|K6kT0u zGycq6P71@?sgU+tmXldgd=GKy!FWIt)QhT!XetOK?Ekt?S zPt{LCWHEkC;iv!IS!Z%3tf0PKD3LWVSn?XV07^WDa&An~s#LkCzCC21GWQAXL@o6A z{LYZsTLO3KNZmcNGe0?Z?cxjA4S{}D_Ka*-dZ<<|cA2*NcydaDT3vi0$N0)a{q(ow zS4StkDKJT%r~W>SOmEmxL`!jB*nDrM=DS5?`gOx}X0XbOwXREWI5v5~s%FOI9PEut zk`oC&mkj36qbgGZG$<-}1J<8E=IKGXy5Nd+ebS|Y8N6}LTAFXpLvwRd7HX`>2)|TT z4Q($8IHEOZrn1m)>9QRs)>V#QHh6q~!r^O}B~kU*Q8C!e5cOf4M@yH_2-|KjLYltl ztg^r)EXm#~M?*cNh7bH8)lb$J7L~7G!2ss~7p-pILgtTH%Pqx|2k*3dorcP&Pu>C! zNgsz_nE0$QE5r#ZsYLA&-oH>GJtlX0!{j%&Y9r8R*FY|tAzO^OoE5Zt{^6Tie$HA0 zj^IdEPwps9(>MknsWjbCaYD5J|5ohb+=#Z5CcDP)YRz^%;ic*xGJAR2e6!cfGj<#3 zF=rj#esZ%NC2jtyj&e%p+Xvb7E&qEiXZt~6@{Py(lmAvWJ@Y?oY(Pr*-~5kn(DP3g zf93z<%(oqFjz<{_Do$}Ae8FU%y%phj_WGduk4YG;EPt+BQ+pP0{voZ=km4{?VzsQ* z8Z)~=u+=U{FQcdJd8$?w#>Pve35A+^1N6*_AeaVO=GqX?f)GG|{=X<&#xy>I+>WE zcdjHJq78T{W91Ihg0&SjC1s_hWmWmwaqbD817-}@nVk@haZ;5~Q^R8AZxRQGO66ezDR3Q-9&cr83fL($jd;R-Dm3ShYUn$bwLn zsT&86)7-kBtHzZ?NoYSSRoQy)5H2aet8hVDSuh^QL=u$2u zf2^pTQ0FzcQn=o5j$~G*aQyt}l`fjCnFDuhK8(#e;l4!{HHS-4ER%hF*JF3Wz4@Bg z>t&Nx%gTn7THPBWg;Co*YNt&_DrT>Ys#>dB(zb)=27gxkK^AW~IF1_&P`5 z2C_^=uAb7(PhpP90h)}1WYZaW9!JMy2%xp=C#!AHQFG^yA9~07tk7;De{$mUDnA*e zXD)(8Qd#*1^9AiXi?g)!PWV;h)A8{dfwuQ+NKz`AjhM{g9xsk$PJZ=J&qHNG2slvo z9*Lnwcn6cEwBD88n@6sVZ_GRSIt0pt-np|BeVsVTs&;-??`2Oo2pcIfYr|asZYA?Y zg7hu_d#p_U^7t=Z^&|iL^8c-If7k!~60Lu>(pUaJn~h`uvDt{J|JVQjSyKL2KHn$* zf3<1A?>Fn``5$cm`gi~T-zWSJK=_*f!4a@*D==FFK7aZD2dMYo|49G*-+j}NUu*AA z^FINH|GWP8*J%B-wf^$|&r^pZ|E_(1{zzl{m+^`3mbs<>>aNsVKMHcc+7(kg8m^DKud_Dqta8hpI`#j_t2vAy#dlhXnyV#PbE3;@o27o#OK!4Py(N12?s# znJI0DkDlBbb(E6tb$!?Q`+k{rYFVz#pa4nl%o7wRNup+^^V5W3R9y%KSIjX~nqZ;q zAmy%>eU#KvqrN5}>7D6%=?saHiXb6EUP(scpV<`U0V9<&)a61a#>&YnLW=T*N`>lS zi;MntkQs8kt%4#{D*5+tk^v;>E@D& zi8Zh7?uKHMF(Zf0$;aJET9>-wL&P4xRHqb3Rl=|Nm9S9LdHha6{Awj(uxb8_Q63&H zji^*%oIa)!cC9|)A%{~hAVHS~M9XIxWg1574wY5Z<&4ZKI+5Z|IID0aOQt}FI9buK z6k3h0qhRaxHA5DuT+^0RtSGdN-cY(brbSAAU+e~bbMMwo-q*QvCLQKujyYECCaKB~ z>6Rt&9scjOlh^mhP=9y(;eU|-+w=Sf8|%OMU;R<_&)gUDe@Fh8rTLbNn_N4;QvykC4#zFf~~=z-01J;=!ji3{^b` zje)S|D05xI43uS#uGuQI-V|6*--dYR$Kt=k9v-wDeooJgbZXsLWmp-b7-_QALowsT zvBM^6QiD8?q!hSMs#)~9@daO7&ZUa1As??PzsA{d(l!HwT`evY(`Yz;Mf`07mpO({7I zhK!<&yt-ON%BCpOqL^*l71Y!Lw1m?toon<0}d^% zKAdi(a-Bao`}Wxb_vPg7D?e^Kt}^s_qxlD3cy@~Ch#Cc`B}C%VOK}r}@F2N9LuvD=BHtYuM;9f9Rv7t(1)8`8gPM$n7=O{Hu%}hCQkKojpkPUaM>V@_*?)z-queg?nYut8R#%J>6 zfni})10Eczo&M0pZ(R}Ov*?}_rmk3e0_?3f;JC-={KG0z+X5sj;axW#6o$UJv#xlg z4`qzu!WGww!*}11exK`8de$$`A!1nWxQW+`(Dek#Ip-WRZt6F3YnA<`jHwu!&fJ)A zZ1TC!WJyWyM|p};y2Q(eV@{aRs&fJ^pI=*@qV14ZH;Kt=JgM|Lzn&B{sPV|{lna`z zup~_(7DRX_xl`~lUqDT$;WwuHs?l|VXg`Kyy84k z5w<#Ci&Dl|0Fgpixg#uOG88aH@eSumsgA6mHU;AXRAvlU?n2`F|+lcnJSa?Vzu)Au~u_gI7MwXZ-NXeEl|Zg zV5g*Zd2BnU-KpNUyNbo5-Z%IvwWDhX&q2u(Lf6Aq9=e&llXYQb@+tf zWeOpSnAlt+yKu7;3x)@u-M{DMLxAQgp96bew_Mp49Bhwrqg3FX7RC8Jf? zT5vqZkvQEiVj5R^Dk?`c#CxHJ&}X6!O)zY<&(d_P-g4|xov6G#&KTY0k}m3eeyZA9 zbfHS=Hr2Iyt7c8ARB_lp*ll|-MR%7f*)(VQ?&DhMV@v>twrQYTeUiVd3O?Y+nRAp4Mc}S?k49`F>iIrp2r5yMw1BN6+@2f7> zzLY3J$xF8DBouGUP(;aDn#PiLxZLnGwm&^thY@neLpC0#;?B&^^&uC^-y|9uW!HL_ z%cps@a)wFf=z3c7uC6|{BzdwdU)z-&v>r8i!r|@Bl4Tfq)6F+(+$zyk;gRMvG-{!# zv=JR`*y3cm8WW}_)v$5fi#5eE$DkY63%tCISM7N)OLK-vjgeXEi9l}IZeH3z=hdH2 zHNJ9Ly_Xaq>=W?7m}ji?DJR~exwca*=Fss-K!lxHN{SuxWX^g z@|>LO075U!DR(8Y|+xaCgKjxfE&s&?9Q^WEee znJaAzXO5obx=hC#XX_MxbH`;D$ErrMyMT97N!C}j={R$kWFzdUOHR6QB(kMwzJjHR zAtP`8`O+d>CO}9?_w8xcvF2U;B)brz5Mb>L8 zXqhF0vzn9VZyy{IXmgrxI;S-5<^xJ`)T6iLh{>F+sWS{GRHayLj5u~!=EJLyP^$~_ z*Ebls>uiXS53y)@Vz#aB>;&fahM+-_+b*#;JXO0A)$(*#y%YA??t4-bp6zM&dak2cb?q~leunJtf z1ympVKOuF2+z0zVjn*W#be#LnS%xaoo?nMquK{l%Vz?Wh&(PCIO|L|S9f(g#CrQH} zR@OBS8#hC9+<>t@izi)L7FZVVWnp4_Ekkkv9#gpty>7#v$)u30g{Pk{IE{%=vw+A7 zGDH z0B<=Nv=p=iW4hWCi;`U)S_oBJprKmt&35ZAUm-b_SDYTOXuy(Ml?D4V=Bca*Qdp+; zINxx^Idb2=!=13>X&;yToA41yX{Ap;p+5#zq-8px(y$tqv8J=0Tm}Ije5Z_e0$`NAQuQ`9)Zx$Jx zbGewg*vV2trFlPxDOb0_ND+2!OfDK-EFF2r>BO{TElONT&~O524%&k{!o1SP;OLNw z_|a6)yw(;B*WEAtRGoWI`O>WYWlD`(2ia+HE2~k< zwm!O08n9u?nY}w&E>|*6r8gDrd&Dkt5W3jeD?32c3rt!K={{&(cfDC zr4;B}{&yXN@kd(KkNhXt^g93D+KTXZ|Ia@{`~HB4<-aBhtpAaNjvs5IkS}Z~Z@GW} z{naaPl4m!yz4$aX;PQg}2a!{60w)0M4%!`{*#4Ij&*vd9fF9tU^g!1C06m~xWP%M_ zX(G_!w9InTm!6Ub$2$e@oN;WMyx&{XEcc_#hw09S<5a6li!iTM0&B;RZ|am3S2{s! z4G$YT?VgTL-E#H97PWcOm?*qI4?F0wPN;!kCJi$Po0upSp^_|XOoucj>3pGX%o0!O zgsjD=gaykr=Ls_DER7HY$S$6qvkp$9ja08-lnh?B&q9KRmLy1`xicX2u7j%E#!r>4 zny#_X08=hkDl4_?tnR#k$oZ#-7%aXAUz9!Gtar;JO`=pnvmSFw_1fa+Ixjai7?hk> zZNo_A%i=3Nns*d6rt7}L)$E2-Zc5@Zrc6TJVMzQVH@JPIaEPkw>Jf9*FgDH-=xm!A z7UP3<-#rPTXSh|uttDP)H0Qk8**ym9jNQXFrsmd7qa0ndRx6ijW*g~*D#>z{S;lWH z84hJwu$Li1tr7A)qOStXEthMn$4Hz6duL)DfJ$6m1 z%w9!9I!(vFc(Oqqw}vN2y5K(l4)sJ@yko7jM@ma7_9FVC*U=Sod@M4v7U?Jnv~1*M z&}_~H2lRtX_K6d$lybp9g#s7PN4GI!_Qob9dzs=q7pVxV$4~WckPeAJ1>(+4r4`x+ z6qN4vHyN&rCLSI;c*bgX16I20!%;h{wTgwPQTF3jsILqtp0&CSUb<4F$bVAOfiQ!$ z`eXE$1&>-x@O+%FLGjSvq`+erPB}L2&aLTtllLmL`*<(%e6aeU&!fB83qdZZd|BoO z)~4wPrH5NUhfOR})}o7^?QPjwJ=C-y;m8B@VX2yD2i8pBLVg=(WF#%Quwu#av2#67 zYV3%dUwdx<#HMmLt-2MN_z&Z@woG;UUGtPZiy&PSPS=_2%5fm@BDKf>l^l) zZVuKx7?=v7R^)FQ8GXdCDr?L2&|vvFWsiqv%a6qW6HC}^61sO2h8a92blFSARY$Yu zO*WP)iXK^^H+qrh6Ulrhche=V<>+RXWy`5!7tD4ZnsufmY2Ex)&)zgya+}Eliyo>nWlOx5xuUoN&fS}Q88`>)?=g}l)Ay?{195=Z5h+1&2n^T_1uAbs4mRP zw9nozvctTJwJ+>mDAy2`!_6+%d1#`tLMtaX{&cbKYiz~R%CLDt`4ag2>H#J?MUdH` z68(WEPv}o_OIb3t#L(E|q;ymH%!Q{*h7RYX3^j>bP$a+BMrYl z2+rUB^9`CY=Ny~x-ZTt4!piuHaIxr3a z1T_D-z5oLKFDe%81B}1``d?{?vq=9(<`*^OFgf&Kla&z@*Om`Iw{ma2om@u3xu@`| zI_doi^9;wK6U?B+r^AkwC3~_O@?M*sPTqNA^XJ%@Xoq9=UP`@qb@TNb zi;rzaK`X9Y#h}hSD7!0zl6Z8jr5cjBd}L1Z{MQHGWqf$vRMz%j&TZqAf(JMCZCk6h zIbf8oEO(ZgCnP@pB$H)_Cm(f$+6^zs$RrOzr?(NMn%o~27tWQ@SFxig`B7wAwbS++ z=hV3@&WzPB*J=*cUV2nbRzEXD$JN(KwS2pllaMsZonud-@XnrD`s~%2J=%?r;Wfg& z#|ogJbCApn{rS@~UflCr%Nagv@bF7FukAd!?s5L;5RzNfv(t+TRRz;(SB_Rbt=7Ec zd0{+?{j5R7K@jgApK(e{u#H>urTW7#e)p>1v!_m5cSSY$7VcnPvjOJERJMc zOKdi_zbmt3{`Hf}4<}bo&l|M(<1WSIx$+7Z$Ws>&ecY^)o8dcU{*2eh4@nJSDbm{} z<}1&Z#raNIbM;Q$%hdgzgoo4X(yzYOZHM;d4Af*MJ=s-AIeXE#arRqO@nUIGW)X&g2 zU$iEVD zyJoCk>3ONZ{o{_M!dThZfsYFc+a_$-yp6yPZ_lfERz3y0RBFjF=&FLSz-zhZD~;$~ z2V@@l`bfIBxRm%%*$XBn&kbHEl$X7nxGT|UY3z}`!&mQ)Es3Y?n{u^w!lu^`!r4Mh zQ~A?1n?4_V?6K|O+r_arR;OC5lv;U-J9+~?tTp$P(*~`~dX?mL$FBv(E3-^ViJHsD zEOIz;GUJ*A!D}*MhJMYPO~y zfuNTCR&zBJ-%Ac2z1TDNg4%&*7BPEM4f_t~llj)hK`y5rwtJC+6haQ9O z$E~|v78Nk&Zp+X|G*7m*0GBlQWy_@J)r*3iI1l$dVZ6=d&~p+FSUyqQymOF?YSQZk z2Uh&EHiWflU)iqY;R|f_&+g9MFSwVmcEN#Uk4ty<9%?s#a{f+0Ml^fG#{Yl3!e$NTdrn6b=Zj1$@_YZ7T z*Qfp$pYqt3#Q&wTe)K;M*Zcf0YusP||Cea}vz5g99|fVH{B}gogZfofRp5WIZ;$TW z2N(sBz&^l#*7p2aT>n1*=PA%9|Mxho_IKaf5C8YI{}18s{tv%P^&hJ*=KqfUf8Kp+ zUsvD0>RfxprS@lU+V8$-KXJEx`!ygI+L!*^{y%y(+uAQ)N@8+Wj;q!RW4CUp%rYAM4Y|S47&^m zc{(eee3nlykVYj1>u(RFti=u4mf+CdrhfHA66pZCkmA$0xGh*RE5YK{R+n&t5i-lC z234mRsYzN&(hG`*C6jato63qHQ&NW{(+`{L(|IH>JQUS z;d4BcuB)i|gFFO`!@m7Rss~KBVv2&irZ-Mox)nEU-FP>HYhgBS^$g`1AGJ#|9p2NPENoZbUu8wsHp|$MVR$w5 zxc|$Fs$HKOZ@p=mE+uTOQuI(B_vo$K<~Hxin-FO7u9=dhicjm-pXSb@HG=?fRK z`GK9O{$&+4wJJ%3$H%5Oq;f`&`TRP*Wac7`+9rqatZgPH3#u25vq;!K5YoL?;UY9S zeE<%eR8?b0D_psziIqRKW}RVhMm@2`LF&o~xkY9Y#0@P)T4oRKh3*K9@$_07Whldz z$kKjNmf%jWD7&eDbur2C%wnbsfmP>98;~^tHRt-?BuS?nOrR6A&mToXt;!ym1o@ri zMr}Vn6Z~PKwj%~t5f!PKdba(8oRismu-mD0sH@~uV_Q||7kmgI}Y~$ zAzqFE`~N(wcnS9ZdGhicNwojZa;0zU?Jx4b^Tbcf9}^ru@e~e6MACa99QfEGb3NdL zN7j6N`SghYSmCX}`H$8=@s3}9Q~-`R=D{!&&Widj3>q_%^Zh5jTm66Q%|7}cIsNyK zqWcT|Z;izN{`UVL?S?*qeWU+fqWC-xE2hsXKV8_5{RjNNp65SUmEocniEGRltHh1rac84-;@B2-YKTHsAtBu(Xt=Sn^mgmf-XE4CtSy z^Z(Ww-{60L7B@PE!;j`A`~k%K<$v3r`G3|(O2}XS{{yt|4@8gS-7URn^aLI!iXUbf zz~QqjfpNs=Ff4nIlD{&bKg#}h-0$79mWci5A05sAV-4t+|9i)OiB^B-fBzW$zXxap zH-^QFW${LYM>9CAC?<`>i3(4!pmlnKBYFskzkL5aYX0}#>x2KlScHG5Ip61hBHqTP z=l&1Yc&oqrzx^TVe;1eF!@aVQL+xm8;~y-G6j4MF*k?3eJ2Ea_yoB4Q-hs-eW)%z)L?gC-_fwS`6yXg z2dW3v%ViW95l9Y};veE_0kF3Vl?+qKZm@@stFP#BxZ~p>y5&x#`kA|o3G@hZ)MrFT z@mW!PbAAGsr4M(!$5EfpisxG*XpUrr(ReW|z9T0l+T700+TI)wu>CeXKM&^sb6_p8 zBECQ~HW8HqKk6%*@M35T5mk7=n2HLGiN)bX4wpV00f(}pU_K8xU5x0+NPr)#?;k*R z=D;kcrA_)G%EQjlkz4_v#WREb zqT^UR*qg=xR$_EaSVw_Vbac2GEP8fqG%q~H3sAI5?sXna--AC6+hffpeKVbOe136~em6o}BL zMKNJMixCzD`XU035pcPncVOTRM+%-j!#g}JA`k?#6Y)}#m2+9)O2}Zc*JJpe= zyVnjz3Ob(`@xMzSjQoZ3EX9)IOM#OwWjyTU=Ira`>+h&)of6so)Ew)nTZi-()6Cc$Qj5T7yk~C6o7z(oyh(osUpHMfJ*kK z!an36Q8AV5rcgY5+`4`T_>rAEevgus zaiD^?%78Bl+yR7W4`2k5y*%7NV*nxmAlZ4eo4;?M4@KNxw!yZxgkWoYunmD}MQ5?C z7<493v%z492aASyFpwv~{9r*$Fe@sU6O5;aT7+`gpobkek)d!5kMWyu;y6rxn4>;k z9}Z)2Lc{ou`Zjj@Ff9UHAYWhsiKD(hLS22B4g?B|C!#VC;6Uhq)mB2!rgk)2+#R4} zkf%k&?jVkh9q}g#j6e{P_^TI-;B+VQC znfBi%p;iAVa{NVa`~lSX(a{kxotRmE(N>mJ(T%uh+BeZ<(X4USL>d!kO|!zWze!Qz z51=c0*$-gLpaHGih3z*nW72K$ECP{j&j3S`@lDLEe*iOQ!IQ+L!wCNwkE^FdvvFy;`-^P*6vZ2|~h_-a1jlH$qH_2!ljQ<)- zt3H^fgJHx*LvKvU9a^|Akz)z?CORe_!PCRr4G!>k?jg0=)+_>p#b(&sF&TK~H}SOV z#Ir+$+5^4RsrwM-?xwEDUO*p;%`JEwc&{apJ{>|^23&~6=${a$mcYzHY_85u=#YxG zfP}rZlO4m3z$98*S+lKJHu!J06CZ3v6L*M65xGb6VIS~{FP%cL>D>X}75bLIDPSUI zX-_l(px$T_87v%)ZO_JAGi(Xp7GnTSdUrHCUhz9<#&lTEJ> zc0_C1_o&I}hGwUM{yS)f3OG!brJ!f0+W}SB7d2_NRy4Xj+sfX~<~ycMuobf#n%*=f ziwFkr@1V&7c0X{{qN93{)7G{xJXuV-73g_9!Jc7b`)wu!z0T@}r%UHMeg{zoj|K3I z?KwITQ>-^V88jS$W@}@Gx5wGo(7)I1>~45Ecf8_v(2R+sMMTgAF`Ot?OwYcz?X&N# z=`=PQN2D|DY}t65@8Q~E*NPZE0C^AW#7X=eWSOj3Rzx)LL3?(7pG2iu*)eHA_S!R< zOvZNyX;?R+Qaa!9eMG;j8|Z=r1jD`+gB>2vVzI303>uNa{;nkIFiJZ$1L%!T&438Y zo|<877>mb(`O&bGAfYeq03+tQrN~|vS?;~<{r^XN8^pitp-V)rjaWx^kwEO<`cV4t z8^u8^mp&X#Q4!)Jx^%doU;95uNT*xB^y^@D#jp_V-T9;QyPMZ(g8=Syh(KsYAMS9) zB3NwxH%A(aZD(U`O|Z8o;^_9Q9-JCU<3t6sB3MXdD<(LGOJlHjVm9b>=8$)G4Y;ow z)?s&aAu2LHdJwi3rG|iTBJkajkYOLrxsC1DL%Ltmbvlj+mHd6jf<6HbxfP&A56%>M zU|(ECOT0MCKyjZt{8ZbPY1S9#^JuAF4#r=3w1%9{i|^!vh>9M<`**$H1t2;IN*_`T2dxZm51|EU5oJ?A_4+d>1lk_Euoj*%IvW3~THDyO7w`Hc=F+Q`=a78J<7Tg&MH&wY6dZ6_2+ff}ZT<3ij2FAa|{U6}xw1_t8qg0Xy<%hAZKJK;i&roW=si z0ugvGHb20WJexk-Y2U3&t?>P~v#U>$_~(DVH(7QB7L8?XOS54z@jdOLK6(?#s6OOs z_s+!QztUPjX95Sh2TOJ~vX}PyqNl`)i$bRMski>4D!)U^^N=v^7XttZJAW}399+S~ z930>=0n8Br6VVmeCXV`UtSDA2%?x&DMZ~f|nh>}o^EfoogqSEc52hf%2MMkRIQx6} zQDHB#k6R$w4b=6d#nJ*qGd0L<(0W<6Ac}$bTrejlip=BD5=@4{(`8{AFEok=CgsFs z7T~8qWKCE^u%bfwVX~rm9Ftg(!_9HTjpR6po*&5>K3r5AOz3c8CUS=3C&P|ifWH8l z$eBD6m_##W!QZa;hqCytf{2LmEE>;*DT0DPPXGXbpUL8j%7=k!95!r{06V}SyXC9gB$w# z;0Mwszi`(e`oX^=a{IAeG?42r=69Zib|mw;+t<0F2eCobM#3X{oUMVh#GVFG40 z9bxycTaBO**&Pk=(5Ma)bl8BR+kV~%p5hmGS+k-$WYHafRR@ld2>C?=BPI&WtntHQ z96`XTYZRD(F&HJF@e=gS^j%qWp7>H01iyHUFi-|2;W!cC+na_w;VFn>iM}F`Ut~cj zST~?=CaWL7;({qkI*SKNeHr{{@s&?>Y-b^b#SmWtTJxisv;+|n6fkRtbT%`ZAsWsW zaXc`eW&(z}7}JTOM@3zQU~V!DjNsv5rhT{=2696TVz|B;C`ImoqOM^psy$3x0hD)+ zyUyYfqNhP==Q!xR0qe^maJsroTn_NGv=p1umSRQ*g2BPbU+jE#=yDLZ>m8r`MdzT? zApkJHsL4^HH(DZs=!;zH<{f~ErEb4~tJ723ei5#nUV`)J|6Lwdr&rNEHrls;U}aAO zGbJ`e8$8Vl-!qoeU5^2=9M0n5feGEqI}rJMounoJz1^MGNZc3cVUYv>eY#RTzR*!j zSu5Dj-`885k_JKQh{qA)t#QWPOv8$hHPl z#4}lVdm^)E1gASGfvbf;3bw-Gcq}?#VBmE1rYhbZ7(Ja-#S_0GtJpZ`N}zzT&ucK9j?lHX$~Hi$Uc+OutOYyy*J^&QJQ6sXV$5OEWGgx|pEi^bJ#>V_+xwflB- z$=;4(#jvxs0`oZ5?0#&;t{EX~u7DoFVRQiRm~HH6Y5zp)n(Kl6L|_2TL=$~5VjCla z_5T*#I_7PF_0xTVuG@4XM?8^+U>Mqmh{WUZ43-TW%;MNs5&EH}=p|v%5gedK`ZP@Y zr=z>LHr$2PmkA!RbJbI7e#OgT_IC9E0WDV-GBwb@!&-Iq_4h`SINW_feuA3|h>Ve) zsUE%{SkghB7+_2>!n#FBV(e`>F&44>7{vVR5#ItcQvJwdn#IqvA z94K-O+&~$OaAh|c(G_PCXL@v{j`S&fyAbZ#*bXb60U~X{82O?Lzf=$^ALYQC;v<=8L63704wCVkt@AyU{f5_~MgA@?QiHR`_5JUxlBuaCC zR;VC?)@N^ZngV@J3nLj+mPi6tB#kT1Bpek0et|SOE+PxXRGcCH>W%IXfEIBppTmvm zgf1$8si5SKyZ{UVFh3R60o_-Wt|x+w*c`nv?z6D78J1I{>Byv#DHwGS>(=kj@&Q~lgR=(iNJ6{My@L-0`O_) z`0Z-)S3}>Q6(fk?Q(2K*BuDWZfZ|y6cq>3iM3DB0hB$Y0G%Mj70Q`6$fDF8#Z&YVQ zM?^%?kZeIQ%l2qTM*z9+SF=Tp{6@_v;A68R_}@nz(Hedr(ESY<2zP+Q<6hbY426zG zjoq5nMV+sNg;+>*^`rwB7XIE}Xwg*(8G{|!ioNw8q8G>d`g>7;J>vq>r@g$)DZXQU zfJ*cU6gf_vU^>4+Jf)k)^z#kqtunt(tYL(5%;}sc%P4M`If#D<`f67l%M1H`qkBAmetXqik?2zD$1;}ZR1al$aT}Um9Xt6Mu*w?)nFqOpM zvzQ)8_fEEmr9}u>eG$Uf4>3MqF%yYxpnhl#S%Ei5|wq}R7Y2b>O; z?HFvLeu?4Gx*0S2qsXA3iwAlE>L~aQyw2q|7Bm46Wn>Us;DIE{p9X13<9Al?qq1oD z0$lpQqchpDXS)zO6-cNFWaEFUWu4_cAX|$3E+!C>_{)P9;Sc? z+-_TH=#TQGaeqy2cSjKnJJI4Rr0L-ZUyKIX_rD`#`_?o7uot3&I+vaG;=9fc>iqt8 zN6|sDI>IcG2yMMVa$aw2e|i*(0MQZvXaC9&>`UNTL?XG>-mG{IBl>3>YZ--%K_3=k zK_griBlZqDNz?7S4=VLg$`(;T-Aw?g%J2jh4FUEmEEW}w;1kV@qxBxgzd&n0S~v&n z{_tmP4sIAHg2Uw^`JVtuzc0W3SWj}1-tdd=Q{Hv!3(;jC9n!&VU`ZqB&FD}IE;4TY zkT60h?YAvW3mzic{RJ_|(EZtQ*4MZNu^*r&K$HVfxdENmy&(TUuZyih#Mlamh>ita z{=2+2l}3+_2#>aiL2MlaCM)XaZHYeGY>|j4pnzxrvMQF1SjfGa`{Ug#miwZy7{CSg z#?OKR0S5$`I2MTL{B&JLn5Zs?pC}d_KMSA_;zU~T;{Z@9jT6@g!~Vc9=xHrc!)P3Y zl|&@{1!2?;M>+=#he(k!;3KMwD&T=d#_&(`f!Kry9Q{YgB|rvKU^rrH_O>p6avVjn z5VcH0MnoWpIkK1_35G_8T_QPP6*Gva{B%pZ5l=i&fg=3^JOJ#-!;0xeg{gL?zC6o*g5)4)jdORV6Wef`FZ7Iumj-TQl!MWGgCjQl62aXR~=TYSEAmbW*? z-Qr(8bCg6;uV0A6cfG$W+KlWYKx6Q~GV+|oWpH5c==hhpXfPoJHcS9XC9yOHlDQA! zuE-Tw=?~`U!PW-i33umcF4%twWMaWX8Q^jxviTaW&$Z=nPtYK41Xe$YD#w5v7}35i zOp8vyU#BGZCf*N)!@m(Mb+GK5PwTdf`ad+O*JG9jtTOm|350d$%4l0VdpjJ%nr2J0 zrr~hGV2U67q0tC5EPaUZ59AlnvnJ@Hj~1(KVB z?0)f8PP>Dpc=8T#8c1|SR=Fcjh_}lC%qPD3{%#&Wf47hQUy%I(ejd(p9Bbp z2bl%7fA|0V4oUymt#9;y*Zu-Ovv~YlNPU0*ADoq~74hr+e+kxj9RBbAf8V0#pDY*e z|4xNWp^Ff7so;{nGnAp(J z5EK+tTwGjTUH#_Go9yiDY15{iK7G2rzTVT*Ga@2l`}XYz4jd>fECh?<_UzfSapT5? z3m2xPr41P}`@7%d_;>3xkPoLhteY>ft>FU+1SFT)XX=!=>{Q0R+@Ex5L#<*Pl<^bdvJ;V>@!%RBBp!^7JV~Mw%L%S=kJmzo1~@qQy&=E?d69 z#>&jtbfmA*a0zWa$?^>q8zsv&ZLHk9Wyj84@tiN~m0#QOqOS4o($83a}?os>UR#qQ|fByXO z!y~zO&-D%^Loyooj&pA-q{xqTz?kH%GKQq>!dgkF^mJ)09+WZ-eI;{&5v>51xs`cp zv9bGJ%ue3gQ%lXg>nSG*Lp|H)ts$RJ9H{l5{(6pqU-+lkJP9qdCT7&+fP9Hc6Xm#(kdnf!}m#wLyC!4V@~5 z)+UyMd8+qqXkL-!D(8Pcyn1$f*KFTIqo#kne{}AE_USX?u>(nYdeiNcaC(Y%_efCk zt!Y;#|8=?-=u}JqZRV2^>ix+tO7<#;HA?o}%#Ck8^iHz$TKB;RN>h z`wHXz?a!0wK94+PY5tE&3~kT4AHfi=*yW9~-5>H$&aC0RQ=#pvrN%3#Zxx2Fvb~pZ zL_St!LTSQt5p#yDGkc5R0Rd1LToN#B2%A80Pgq!4;EGuv` z$H)sNKHYxa=#gK&oStPJ`nF(IUSNaulOpH4PNcy*8lf76!xG0W8ii;rs$Vi%W4B+m z6nul5jK-=#WVyjYs2U|3k*9tuXr!P$F2E_ZZMULhb8EbZxmi^eDkEUBguG)zqx19Z z(nblYxBaZcveJCvUI~0uQ571h6GBqb*hVyZFjORzKtmxZ5*iMz&?BGsl@bOgFXw%F zY5FQ}_J9x0_xW<(PDl*2TZo3L(2B57!pej!p;VNlW73F*Op+ALLQt}HTTtdpRw=pV zS7}LYnM28@1$Zh|>DsjC&Oy18&~0;$k9sz39_1AZ(9gpntmQ93P@&^$rP83zfs)=VWI$sDsSq~^5l4Okk|BuVg< zk}*XAg?A_q?Pd$nvGY}z)kPFtweUj?zBjE<>V%05aoPFY#Dc<6%~xdoL-raaHcg|? zI4?UP&mknWXvO=HAxVa8r4$Um0CV?Kv#Vg)c|AiIV{qjGNusXqpE<$-Qg9O1X0Now z6I!uy^I&=Hx3%Fz^OogK&mxb>JHA32hD?hlK(p#H9N~o+_Wcz9rH>o3pN)}L4-rCB z^MraUQ1b4D5A4qGy-@Ouzj><52HnK+^ZT-@*PDh_VIF9sR5dj=&u~xGHC!G zf+L})!a_N0mGnPcGq&64YxP-hIeJ`#!ir^=F717@qcUe>MCj=2+dm7p$%l~!d`g^i z>%*H}RgxIl#G)$_%^}N9cyHn@K6T^4h_`#{axAQAmCo4IX~9>{Y>M4=>gKb=xBIRd zK^Pk)%#WQ8W?^YzN%8^{Szch@&p&Bcbc5A#%tPmS4?VweAWOQl40#mT|9G$y5CnU5 zgYh4`>^%R0*Uyf(abYZ0#D5Hn|7(Ezv;Y4@dh-9Z#{GS9zZCc%=zqY^;D`qz@bSQ> z_xUdb;O+I;|J@4gt_A#m(b=>8w%|7(=;Z(ZPtSi5`+rBFeCUDboZqcmxBB|}%1AQi z<;?@`m%_S9gLMb1-pVmFGL&cE2VR#@C_H%R;6MNTV;xA8&V6GPOK#3ceXpn($}$AA znxHcz{WqyOU()fl0IsB*oScS^^gV(f~Cr<+f{AKfG+y(9|egx$@)lmVwgJ`3EZ` zF+RY>v@;#>pu8+(-~Hi6%O=e9{P)A_ff+s!WJ`26c~X7QU%>eH{kzZY?ZBtRjE39V z+p8O2eE#(Q{pa>~&z@a6a|XDZp8&3(Kee}i#z;#3`{p$Ssmoxoz*T+w_U-5P&;Ne> z{QC9l_D|rc_K%<5w|{O2ZZ7!M{JJ$VDl#@U*4kPVT(C{4aj!io%tvidL^FE?K*7eQ6ouhi=+j zxn=9N?K_51q@`u{?3bocWQHjYli9bALOQg&=IF4q=guCfu4}j`Ge|H^GVI39TQ{#u zO2);-#DxWW-iwo*v7^$&WEw?7gUNjT{xx&&LDC?Nvn5J?Ns5KCuTDf<5pK9_IlD>` z@>o})?*eN)cF?wR^&4aWll)NCskORf$)=j=yF6FsYDlA3E=_o_(tA>MZlpU2u0j(- zps><_0dp)E`#zwCU&39k$*LtNX1S>!U5KAnA^!r+n5Q&k$mm4{aFPrblAO@&caoqk zJDAf>H1xBJS$%W*o)v=){8ytEK`z*LB#A1ws

    >gHN5Di`9}=JWE=;UYT^UeA2A~ zEkX_U@+QMm&sIBWP?n;#>zhgEH3C;?Xv^xr&KIJ#rtO8-=QYF7Dk;q423nn!!uj;0 z@py$xa_;%WaW;P0wWK;$`Lx|(_a6t&IhpTj=!ZH|A}1fKJ)wp((^Gmm+LLYRz!-GZ zNk1`Px%EPoG)hWPhhH&3&M<_E_ZWPUYH>oojq0L74ZSLe;-ZcQO<`gscK3TfPIYO?6vTAa@@)q)Bc_ZOy=wIbV0}08CWRip+f=f+4X`MQ^ zo#6sOs?JKD@r8lcrX9PfTfCN>ra_(Ku0P1wLa060e14n0_KX_--E8anB?cC=-i^Ts zkKjow1|$tzJc*&~_<9~g*4u4fL10>v)1aV&)wHqW{I?8IWo5dhB|I%!jatgesz+;j zh72*tjjRuAKq>F9&(P$-|YNs;Q8M7+JJRwz`ApIbmbs5Ar` z{7<@EkxpEGbz%s05EGKAuiFTIHqYfKv~9ul#g-Lpt4jCn0Hs-prf2E>i7E zdxtc8mEYA*5Ai=m+7|lHK845O2kDcVCAS<+mRwX#_g>a|SYhPpVKu~QEf1Vtx6V)A zjgiREJ&{$bK+7_hQ$Z<;V8wOjfL48m2!w$F6q!H49O`o{TDVxG$JI`wZ^!^3qW+mSs-NI}B@ADrZ2NE!Ily zd1#do{yw+$n@2H@eN+mOl&jnuE0HrvV`gJRINkB6)qMlu+Ylu;zg$LkXw?Sv`O3lP zvHH8DYIBmx>J^l*q&aA6vgzBAlRp#4yVu?<)kVWq+iS>9klGOV;GkpXvw&~ZaMI^+ zCQV+l!Rd|;Gig|ue_NfBw9)oP#}TA4S)ZVEsfZ)S3XR8366_8rOlhLEjmM5ULHY+O zNg8BG&6hG&QlhCbhRBB$k+tLVQtT?xa;c|r{B0=NH7_Qszf(pf2aO~)tVRpCq^EVe zp8uR9;x!9>d3hComHL_{KKZ6zGrS?g2gop+g&2U zs-siUQVLjoh5y6eTL#4$gmIql7=r~1u7f)vxVsbF2_z68xVsPT?gV!U1b2c5ch}$q zLU0JgIJWj`Yj1CF90CvXP+rJmI?9{0K!L94yn&`UR`i%=05Ioc*2gQktax4Fga8~;wt3& zU)!XTTO;Kn8bXk$Hv&HlB8D|2RUK=Ug?~XS>9h7+j-rTeFG?Eib03&czkN&$*yhJm z*#bim>VEYMA7H!{2a1Edg250wMHi8ELA+HTe;RigjN~ zUxZn_VgwEOwLvnh9xo)RlFN&vSxiAn3b@3C63BalL@di0Vs5drjN1b`!7r>*xS9ta zbP4*f-4a35UXzy@HVCm=3 zy&^M3djXD~!;8StBgqkZbxHZNMxJUlF&s?H=r<@+T*LIxW-iAW5!MF=bVFg!a1LA8 ztt3fPXOJrGE=s&D&NP%Q`gldCO!^}foaMxc<~Rc&7%Dn2s0}S<;0*r4_I}nbOp%wN zKoRQPOYvI@PEmk9R57>blSlOarJ5|Iv%&xvEP=H8!8N5+AdP-gkG<)%9QJ0wm1}Y3 zNTd1^z+dPE>yN5S)&*gkgsBDA_v*<#F3w&?N|V3gvIa*=K(W1g!P%W7JVr?|Ikm&d ziI3cv8}x>~WlN2DVPBpr&D<|lPB!}r!H7{rc9who^+L)x?H1~SdS;rR%LOX}B474B z-S!-6;)@o1Tr*l_wo9n9oxOFGj!8XPM9}@a7;xDoxz8gv=A%V#w zD23>yJ%0$`WU86Y6bJM{gKg%dNodaqd~#A46MT-rGw=dpvNRh53={+KF(GCb7B}|q z346*j6EzUVpro|X+;$3ZRSs*ws%c0{mbkp4=kyp8&b7H0xW(ThN&(B61l&Jv8Q&a;fn%VOmoTey7|(>$86#62IOn9>(AB zK?=Lc=Kux<&arC!HkCN=zC`NpWX)%bPPmT{2&GJG>up54RnhBLs2!#Nl{M%6eI!G`l%5Vg#v6I7hB+9ryLip~% ze8iDbUZIK-5OI^pXaPXc3qoh&!ej+mu!f=3XJ{Wl- zXiCp@(i4mggfk+;Nh*TuM?jx(g55G>sJ#GcVkkyE%kG>{zd-CDDk8`$R#-oj#|b1t z94ej|5_ccTR}iX-grpKLO@KIAoiIFuLQZeh@p;KF|JCsx{7YgBcL;byirI{AOVqPhEwP#TzRD_XC>&hgNICF zT8KrmWD|2ov%2pw?i0bz4cQ-~OpC(gd=>y(TH?`xY-deqNGn8DBDtd+z>&!KTnR92 zLxt-gz1|?=f>1tW4lxqM*9%cMad80PE(OWbCTwpn<46HQ^LjXJ5B3*^e-ebO(*Q0T zgRa`Z^4?&sL_q5TP*_co9|c`krn2_NzgkVr%R;nd0uT3aElwDjm0P!01bjw6ycPHZ z3Vh$h7j5B%gHDXI2B6P8jU({qD9~p#5KciMPA^2Hw@^ePgV+Q-(EfqW8bYrQ7Vd>H z9i#Zvk-VuR+1#O!+J1y>a)X`&U}FHRhk))vQLGCxv$rWPG@!UnU~=^cQ4;7+#RQs6 zkjQEf7fuXGUC@100&61pMwwVNp8Ft_j7Mm(;+9cv$0QFaQk7-i) zlVl1{Vin^oH(P|N^cJe9LsSwWf&~CYFT}$djFSi5S3ROcVgkfFJAiDhs`$;V5@>9AenzYIGXyabUwIFplZ97~)ESMXrak2S_?9oTn)+8AGw&%L^Y%xS zx)S+Bn1VWL8BgFN^#=^#g^`8Q?=PgJ04UH9a#B?hRs{&ofG8v~4%TWXt--`5wHGX( zmITxdE?;mKeB!v~Dg-fGfKaA1>-H4$z7c}3K1APErcz1dO9C;0>h(GuK}LpIfKuwe z2RKm-59>u_~IWCkb%V3!7^8Z#*t znbDudt2Io*?R@k57|H?>^?8-}!&TnKN>ElLpb!P1m;fY+FkC0tvqTe*U1{q&R31XO zz=uY`-;HtOg=a!J2_4;?N1$Rxvq&eHQ6fqPE8eCgCnO|eI*gRvq$A^k=Fk96f|E#| z2y3X0rnv9GA_Fy&rDA>n{WJ*D>MbQ2FGZ6`_(uj}u7i$(vgI!TR41^;HkcL%hN9l- z$qDr7}Kl_$)V~uYpob|&yT;98sP~RU!S|A+Nhr$U)MFK2!;I{3o z9w(><5+JtgB6-!v&fBPIDej5rceAejoK;KS0gF4S5GnW|B2h`n35au|Mq4lz5)c>3 z5TD@;h7>^RTWInDBL3n!N@D1<&N{uZJlw>RpIId)3f_HppntDBhkuV6#sVBBeQ$E| zNiIeUa{4q98~mHU+|7d{V%iRDz|muk2c(b?{w9yr3U(3T#?UIbROmLAU!o}p z4IjPJ6`Z*m&{>D50BP$n5irWxyXHJR8a^i-J<8 zL&8MOaBMn4q@8E(4wcxRg%|XgFa_V}`?FpEKOa&UL?Mj1APb|Z3ZqVrnK>@w}@I2EpuZZ#ZKIwua1?100_m8Sj-<(G%hoPhyjJW)rl=M4g25r6#;-5syh0%U>q_42iPD20(x2eht}T}jTFpOSmU2|zklZpBqYHIz4K)7f{a<1 zx{7l>jJIwZLp6gzsEN-6+`-(AAlV77V@@C-e^vlBM|*8dIQTJWgt>o{XmSzT2|Ti0 zCr(m2FYoVR0{3#7^D==`2tc^cwmc;Iq#huQw??Qh zaLM*UA%y5ns-G)*SKE$kik?DLkLN;D^jAZi6y{65_4cuNyxTNf1Yl=${)seIh0L70 z0J#$iyf^5^px)Fg$k_pokAzbLUkU4=)SO3E_HbN;1NtcvTfdVr@#zA4tV!kDm+G#W zAAN>p&}3Ec_-Z;0+GEa894KA2Xwtei>kK+x6DbP7J~jw{q|vN%MwVuXK=FvV$xr-D z+^g5n9sU=_j}?wteTd5m#`l|=QT>J&2%a`a zjrB8Lbtt5(gYc>6Y@Ge*QB3YL$e2`2ruQq-4LDFtY+~wtn_8yV>H1o1|C?3|VAn@# zqCWdDg(htTRm6lgo&@Rmgj;z9X-Qmki=Cn*%c9j-ma{#5NGdii^E4=!){)Oj}JxA!c#!)A}TBHUWv8+rj{oZMBe>&%%L9sY;JCr|zHaSSE#mYo77 z8Be&}571qJH7`P_)b6gvis;nAbP_9c$2s)CPe-bsmxf>_zcW1!*o!(8*yi(5Hp>W3 zJ4l$MXy{@QG5XvDTxa{jE+7lvZcpp+5dG)mxuE}dztg~}QN-kFopC4br&|;!u(*28 zi#mwr%s+9|H;(J9hL0KQ)PrT=@5xs9LxyE-)d8R<9R8TPsJku-}i)(WKuI3idwNkkB<}m^* zVJdt3m(I4nl*M$O@pwxO9w5)Vl!e-xfGq}~e^VKf8?Ee}MYFXs)vN#c+IbEsIbgYt z3jHSU_aP_teFJ7-8IJ2$6&L?e4Y?dMjlm|3#p3(ES!8Y`csmH7Jdnnwn_<`p0f$*g zhrXBWSC`hJH~m6frk5##vXftln?EG1*Q7^ zZ3(TtHJeQkK?p0;g=#f)7o^j4!(?{!h*Xmc z@!umN!ceNVb&$rSCK^T9zydWuT4B<<4CYW}-1F>eDv?T9`-4iC$U*n$!;~mPvqOc1 zxeUrv)iVX5kiyKfnTcV@zRI$KH_>vbnl}AU?ul@=;JL5>DDgQzsy0KorBV<%#C@hu z0)W=x0>ta?_vnPfHT^Vz(uLx9eqh5521bk=D|;~;zBOG5m}RsiCBp&zBMNg_QaJN| zGAjq!why{ZSq4LAZ?Ydwqzwc^YSE-RK_S_+MzLZ}sw@DB+Z##8CjsXOawi&RYvv>? z#`w(_V&My3u7sDfbbSCVb41OimAWJ59WITC9XyUI9kA z#Y6FV;WbEQq1DUbuj%$JSo8z>UMx1>dmF}IRF9ucoEaMMSAqOA`>5ZR|O59%oFI-5%@gUC&%6O4O`{rhs>nD`nnw0vzUM|7N))J#^2sZ5jD=v#yapz z&oE`CGWVxKgE);8F;);lXg0krbmJSI(N0Jj9wdlReeJLpfYQECa{Z~b+b*^ut08(B z2zy7Bk15^8A0T5fYnwIR+cto~AcsbX#A1PN1J{DRaREka*9DBCYK!%OXEt+?)}KWR zTScylO$F3F(trYuG7!&G%J^YfvK7rGFdHvz_;Xvo&YC8H6&oRoTYJ0w)|@cH+5%zB zCz=>nozQbbN2-Mwe9gHHxG4ld@C`!Ic_e^G+0)l7!~nFsWE&{c?#G5Xp*eFUV?Sw| zK*R`@Z=Bl^>!FsBP#_!~*kLD&rM&?Q)>1HBr~5I{;3$Ashgc5Y?I`as*!CFdv5n^y~cW7z3I#KG{QA^~3aa z8~8M9taa!ccB7*qNXhcGuE+0;udMapJjtIj{flL34fT!O2noVu*#McCX#8)yxq<{$ zECRoD#&&NTvf}J_ysT-a$`C~PFbOLiMMEGbO{OxAjm6vsce#w9r9q`OHt~aDi6OEw zJdT6UdvzTtrxgiGV`Z7~lGDPwY#V##7)y?v#}Unl?1v3FyS&zKsR9?Z3-p5aS>C=z zmH4!w0`rp}H@f`APlP2w&(aI1m^b6nWa3Cft*k5XF}StC%k1sjg*I}_XbSxIDv<7^ z8f{|tJ%}%|%oKH{4`oHDf&O$9g9d{xHn(_OFfauR0vRR*bW~U&-{{ngM$<(df*9%`!?%=gG~lE$W0wFbNA;bgE;`=s!H9 z_lh=Ve>&N}O!uC2iZ>51Gp}2Jryl1#bseSio5F54%lmAxu|S2+XbAZ*8Q5_AV(wZIz)QL}?|t1?socT>${|(x$g!NY zC-ptGAkqzpLMEQMk)93!0ur?1qy|}^!%Bgb)7OaX5!t&9kRpM#JiF44TFyhGls036 zC(HCKsYW?!3!RzH&cedj;$dYS5}9NX6BcjOn_$OaMEl#BmLs*&>Xa;B`GK&lpRhq< zlbZ_RJI5XJeBB`b_|^Hb`P;ix(BytawSS(4*mwML&y2eH2vRrr%4(O7xXT1>kItst z-9GOgF=YL}eonbUoMYt`beO;%@Sc{fYu+rgT1yb=P2 z3JbGyg9S3NqAW(+uU%U!1zPzxPFttPu0ijiiy2}A8WB}QCFjr zbCACEXiq~=D6u#$_fIbm7)b)V)!8y0+F)3`pJlXVE_JU`hx#E^W`Y#NZgnap;BjsM zCtNRsGx(dle`T*mi-gR68tJP=^(sKMR#)@TU45Y0#3jvtkjSFu$V}kdYnR(sA}f!s z#_nh)2y)Tn2a&LxrJ)(FnD|<(mPm^o8Q-y zx>q4^iXuXBi`N4k=z=g2QGy3Cz51G)P!$1PO)NmylM#4J4%V(OtOyKi{?}{~k7~#GnotJ2 z!3t*(pm9!2dz}$lCtw5ztZ|Pipm&zJdhuI*@Ldl8Twrxv_7>k=^Z79+G!s3UAqJU| ztW~UhyC1@lCEO7zN9`@A)tDl2EKjMB`hvuVX~)#!i?Z4k#nS<1)K1W6R9#RwS~{-^ zCQ_+1)G6$U2!~g_OS%uHbC-CZjn;=+^6_P8bzmfX9gC{BVlYtpb!JR3r28ExCoI>ydA1T6UE; zMq~+3>5cu`fm|3zDNfBM^;Wu30DoKb_Ph{!UMKdlM~KCq1- z4-`x?!sM*V^||jA{zhV~+z@^x$z&DCi`Gz@*>U>z(`%+ZkB8~q)otFFv|Objry0h# z-&zCNGt>TLVJyK?BrLKGJPq=1bGf~O#mys7Npw6%rIQ% z-YCw((qqwA+^}Tp=r!GY5WbwueS6WGoO@lVmr}NI=b%YxTA4Qfa3N;ZJK2-cP5Po9 zBJ(c~8lwtY327=_T<$Tj@ar!+rzItq^v+q{JS#%9|K(#HiqE=5`mglXEd5C>z z(P#I{4t)Qb@}!j#mkl?yk!AJLeII+M55XOhazrygv7*f+?Uk%W%N^nH4zo@;S{Gd; zX#|>MDRiY-xu?Utv&r0qKxW{8sPJ2Lv*DYf@ci1Sb!Xo0L9~=(v>gpOE z9)1GNmY0|3=jWeruqW&*Ffj0mFKcdYej>b{^mEhG(*XeiPjbB{+Up5M8yXsVg1?^B zgiqYr;^N|y{w^aU!_w07NhbKDu6shpp5U+R>+6Amf&YVk?mzVDiT{#FW#z;qj$$&K z8^Z5USNw*HZovi7F1-+V^$tQ+(y&S}I`xg}m))E3HJdDR~yk*7JB{gMbMNQ3> zmGyj$6?8AF`FidS5r-0T{Yc@|Avqe7`jX-EZPVWCy7FI91Lx8oS8()a4bBQH|jI$ zePLnfBwTJxh0-WV=-dhtD?qUn3WDU7okC&RS`Aye#ZNC~9G0AxI$ zRa_kb3I@Y)dDL|;O~9z*2sUlPzuS$cV`+*hEq_=g!FXtyL!7EK&`1<=9&$&3MiTQG zd7bPdfeI+%Y!!k;<>Yy|K3E{DfFu79T^%ecbRnORvB=-FhuC$GiTwkFoNU{D{$y;N zQb@Ai#J4blKNnyP{4VuvjPT7?Vt;Ip-hrT>%vO(IgUI?#o=z*$+azIR$cw&6sGYh5 z3>@3m7mb42n~sWt1At-(V%rwrunH?cpAKDJ5=1qlznjd;)83D!p0{m|0dyhgQ}KcA z{WP^aq(qvE(rRfYZ>~B?s;XE!7yt^G%d++6wnNawW=y28c}5g1^L&1BTIRWC&m86Z zWScPM`5$^S7Wi_Vloy1Zj7sIQl_Y{OGBtgUOI-|otV_k5NUKUS%eJLUGgXx!Rryt8 zEEu`T=v5WSF$2q7mlNynB>{IV75QCvKHqDa@3L)c1Hr7P#V+xQK*01CQB4!M(7I{B zG>a8`#GQ)pkCtu2YWpV2_a6q@zm-+HopqeHd_U{FD2f^Ax>>S4@4i2*KL7k@?)N|s z0B5`Cg%a6a^r1o~2Kq7iPcH^=C<@wqn!hKMacUVb6>JiQ!7n0*`=q06wl8f7Z~ zcs0hB(ls#7Im~uF!Lw|4Jt;8YH!vmg^YnUJ0?vLjBXdpuKZu_EzdDcougd=KS>V6# z|NoyvG5e2g`fvMx9zJf~|D6AR;{Un$dHDX9{{R2pANoJ}t;dzeZ2(6}PEig3JZj)#j)L_|VDL`3rhfYUJirvySpL&L$sp}@zd zK#&rUBK}js|LDVGFMx{*Dga?YK)3)H7X-ltJq`k`Pwj(&K%oE35+E=H3VXsjpE4m& zCI4B`|6cOs1R!7t3<`&#Ku};X&{NOB5L_rV9_*#0#&Z-?=OCJ-!g?+#e0ZPcI~Us7 zo#5mm?gl!7erc@`9@Goh6netTxm~kjhNpIbz)%Pb4uL?RPv?M7Z2{v#s9)kiB{g6d zrp`26K~EL+Nj;z4(R883zkEkfG{=q7FHQfr24F&-eiavj3y1?hZvZ3?7?3~(0SM^- zZy!;_tg=G#Ks!eM=vF9XEq?625jgW|hU#$&j#G8^Fcp|A(b6znnEH=Y$b7vlOfmbe zyKs_vQW%vN9gX0Bz;Im6pKFfe&`M5zr8Osk3zNr|x)S=w4#hyS%3tu(6?SfWen)(( zCZCuuZeOIQJdPLBmigy>MJ25iXLTB()^)9YDG+D-?@9f+e=v8-UPJnaY|{0}>&I1Q z)-g=)%9EnHbV#$I+KUyASPR3F-kmX@Y6p9)c?{Tg2~WIMGum~XBT!JP>HF*K(Y zpg5gdyQ3-puHl0`Y%{Dn2AXnM_p^43vFn@AUB-gXE1}v9>f|+>U~*tNaUDbP%~$zRj(;jmf3Eb_!7#B#> z(-!dL{_xlqtT=`wq$QI^T3Brz=3wtI*1vjR^hXUIXu26@cs<-KF8%e4+ErF9!RJ(d zJnf)0`if>4$zXETc~>Aum;RH`lYHdOxA&$$v#kQXq>eubz168pLMc_)Us>%f#yx*-g)~?%~ z9)-hwWh+)MoGrg^0p%yg<93590V9mwJl@LzAqD$6tU7hLVRDBbf$Rycj@#8IX<52vhEFiEj}$6Yo?&V zJX=j;;}{RMd{Qh=1;e95Y{|pfu}~Jx(%#V-Hi4N3kD^X|Z?+zZs9;g}ug$1n2?7BC zd97CQ*4Rxf&$X!=%5Sv1xsN;OD)~Gfl6mJl^{IEmE3wga-(!8P>mb6DYP|)XykWKW z2x!}gf6sOIrn@44R|jXZ_2g!Cipmdb%l)40d7N%p>1cJNv_mQTeNqa;ipoLvDQY1l93{fO&<#w#0UD@Pe1s0$WLI@*2_84+Nd-KEac%VrNAekyo5;Pd&k$!M;7zacAUfiTPv9r$_1r- z!ThPVD3e^2SM+so@|+j0)St%a97?YFRu}T6^0EN>Qg{g}N&OsA|GF-&$eeK5{y*xN zz;|OORh5&@CcfD7lWGUNo~xn@;eS7?d$=0J_|p`=wr3G?74xhz_{jUBb>HJ>((G{1 zn_w}g8dqmwdzqvjYU|=rf&t4@P4wic^+M$`^F&OJch~&)>n+htidlh{Y!XC(zW*p$ zjPZsx(JP0r+UcT=19$Vf#D5>(y5+~^eqIC>&zR(qMH+};hFeY1(G&hp{trgs z`eu%YLP$kfuiYXyM|zSjJWV)zws}ezIV7Dd*HWXjSE8}wZ*Z$tE%b10-OVz5Ou;oU z-mzeQHHz56i0IU~;HG4VL7UDxF=!;Vi23*S?%${F_s2qfaq}~eK#C>TX~IHRDulXr zqsPeu(<^OAI9{K!CawqXX@_rr{lv1}vDts%Jj%UlYs=w>&7@)L;%Mj-?3>X!=*9Lo z7bSB@acd`6Dr+@I&3?J0G#OTJE_UtlX)@S%Xa8tHJg#DOWt7?RifaI4ZChG7$eJc} zCmxMKO|enf$@;)ZtU#6w@s+%M#`(9p2!7AH_(r%qDdl99s%=W|$5phHx^3ZwJfHSM z9{tk^tlcW#rGrWaK@6m8=Jp+_XsBR`11(O$Wbu5Hzv8vw+6fM+(nfMq+_ZHiWnz2L zO%G(M$6AqR+ARE#U0OB#?uCm7pX6$$ZXV31-d#tGVV~T5ep?sQHl`?mEm1wpC4yno zxuvyX^=;GIBxGDLZsHw+iZy(>p_t+XgY~ZQ1D)*;)}$wDFnM zF<@LOHgm*!5Z?NC-s_L0Kat3h>YWeaPNfDr=fSUQwoRLtS0v;b4Qpe#%D(zYThiIa zF(OunSGRWd-?vR|NGqMG%U_BR>_N8bn|CLo=v;G@;}l<)cpf18)oWy=o|a%NM*niA z#4%6HFZqA6(oSsDJa-J;yOb4_m7{7`+~3fVeaHNUT5*7l*Y0Y2|E7x)V zaiF6rKXNN5{`6y=Zt?~hzm{i*}srG{UdRjSz|lKF-BpB3!NM|}Bem?*CMVBMR? z;KD%>o5WANA-*f;>%~+c|8`dB>-6#AoTcu`R2=Wxx9PU?XAwWE!rfR<|1&2~)7jbF z*qVHJrYq@)!;x%2PP!D-m0Z}=_ySeQAxXzF<~Cx<-?h?l|2V&_u0wBky~cQemG*uA zo#4vLp2)pkwww=V@_zPmO98(5H=h>&h`chUEq4n@<>>Z}Z(X=be!ox(`w@5cvmLZp zek5kL(q8TvEc9d5#iuleo7Z;zd+>v0CMUVyV6rca|6@91rK7E&C;8vo*$+2^pV;xg zl(xn9>dwYtza!&SQtU}e3B-+FQ_S2onl&zKJFn4=+BN;$eE&nq+1s;cA$ZGQiLc-A zJku_?G@&>8Sp|jpW;=~AG|f+ForGE*f#yH7bUzBu^sZUdXUaLnWXw_S$58I7d=Hb*}6B8 zF!5EDS{WX+weCvmO1U97;}J}t{M<^^GqB{jX{BY?yjrSI&nIlS+>dSlxv&J~<8F^} z^=JVLU(1%Ze+#`cL>~Uj&geFh)sFPTYPOtjqB|BkSvSO(rm$@zw#cj!aC~ejm+PM9 zns}gj07r5~su292)__=!HUA3TzRFo2e%H-$-Iz0JGX2;<`Q?nFR8y;rT(z3alDG1~ zq|veEMcZZdL&y3_&Sdv8eL&D`&}u=`d%UUHy5`#Tx1Uc1!1WH9T~k9m=`l7jF~9S_ zb;f-QPbxehh z(xd@Veo#Ei?4h@)>V8>TCd-%_-i8K>+zh+};`^=2$D@WxmP08dn`sxHR92&Y#0nK< zoGF@d>_<{l=S;X~ZMBnYpiSi%n(^e}^FxM`yA+*y>Fc*6w>EoPDw+E!J6`2MgKP;! zAvN@UiDMhJw85!PU&GVovlA$KY*GkV6qbVyE}C*XvAqoPb>8_DWYMc{MygNdCC#^< zb2`ziq4n0kE=Mo!cn+%B~OarQhEejM5hQ=?wBieYZd&C9KU%wv*c!4NJ(mEs)G4)=dtSE_ef{HFWGeKz zhxz3-G50W83#pd9C;nTOC8o9Hjzt#(4vb!h=EW=5SFdQ~7LtE@OO$tze(l_9H{VE*b~I(<7MQfH zeBq!%A?k`rxO`2ypR`b5o4NZ^70e(Y+Z4tY|crrwH8$`e^JRc@xqpJR&(d@ zlv+yY#ri^uk-{LGJq2~I1Gl$i&)RJDA4Q%4?ZL&1%Hn53M0F3dY@ z=tF!zy~(M7@TtDB{=#AB^VQEeHYm!%xq^pfn;R>A;?PV1tRrm0<8@_}b}H6Ic1;_j z$@R={y8;{wUPtUpJ|d*KF$Rd@I5Rx|;RGIsyD-dDuccB8TFjQ~M!I^u;ifaEwJOEo zuj`pxviy~7_J75`qq(ua!+4#MRIbJ}w)gK)p7i~n+Ld!9q(52VCdzldd2STZ+VEGb zp{eXtQ{W)!MyZ0QwK+JizQ)>zBcGwLa)WDW4p&d%`c=TUT{YOV5^I}VKklQqe<(@}Erk^}}0U+MyIniRXHH5W7c zyme3sCclg#;=+bKdc!>#3Q5z*6}+6quAOy7Muimlhlq&%ifVbk8XsuiA};ikI`qW0 zrGs!|=LGCN_2Xv>$LsM}mJ{8`RACiJpki_qWbn?LZIbz05`4tH?DjdU9upt(n;0tG zCbTOB?Uc-Pj)@j8RnvLeooQ+xMI2wUABvd>udkpNp4d#{C~EcCqSw3vR-lpl{qncvZd%-SIjCuL7Ml!9|qqT9IpE+xd*R2zah-=E`IhiDG zy`WBOiWzc`mq#l)%9PGEhW1_*CyMgi?gWz7YX$W;=X2~H6oEx{pD3igpQ|(&$P*x+|L>Ze&oqDY5x_$lJlO!N>3iJs5}pCyN=1XW8um8*f{g+WR>GwG zZQG(s4axGl>$a?OMdLC1-n4GD<-gLrDO(pCM$P8g1y7q+Mq|hL37^$il2F8aCMOi! zotE3*as2J!eE8chKKr-!>kG6Ax546h-0h#Uu__g4Fvkt0;4n)%)8q0djv z6Vi~ahd1o@q&B4D9oxcxXR3)`5PGgRGCu+>RD`Co)e6gE3W{+Jc~=s4oCE1QUYQE zkJL;$bZk|cH+uh1sv8-3{X34pAEpS-#KvcE>gOGOPut8b{6LtLMPDNrk8dmYQ@bpg zej#_cXu+s_@*|PA4XVt`12}j53+FYZa35W^YUeV?n8Q(gve;}dlh{%20aAe+H51LW zSD)U7Rh)b%dRclxmSKu%7hewc8@^*FX!0xF>haK*ViCs++o;Xnxe{2M5=e8a6S1FM zcG*jrOkx)7#bc72t%q5i*vMTRHK@dS75-!MuV(PQJIpD5ad7+hi)!zz$}NjV`XRoo zM<-pu+25*RO!_kG4^HADDvVaW_iS0WOO{nk0jPG=6}%46ci2`^A8#fpZ?>#wj5%k| zta!=tHb2+39m`7xpL$VFmT&QE&i*);W3XB~(sD%>50_OhhE}DBG5qMpbKW0oW#<{N z8uSb+Od5S_*!zOR&eGnVBU|-tAA?v?)u?>hEmjhJ+Qyw0dIz3_xOX{W=O7K6GifL+ z8CUg|E-&U0aQG`{=M#Nhe&|lUQ2Y?%y%IQT2oQO;MG>~;-_53iA@EIb|;$Rjkq2+I-0EYe=6Ms zGy$HW5fSnj7?RJ%SdN_4t#a(Yq?HO}O$6J=&&dd%1`q7M7mq+9YqcXA^T-27xkHNP zKZVuy_|SNak5}<}m8NVjjri>x*gOwBvp#oJnCy4#sSx?N8Gd}%us+8c?HHTS+7q_o zRh2ICNxx|@?cK=a?5)8KyT`CWXc9xd)2Ir69jR!~V80a7-}zthd$;<^BPxcK0JE&l zv=lMN1F15{g}0S_e>uNcXSLXdhSJ-d3E`<17w zWy$Wa<83ijsj+yaPubgBj_Nj%esk&{&2)B-{pJw#ShD(Rp30bs?>%ixJrvE#w!89+ zqT1ize@2d6VB|{2$gQPK3od-{_~!klc_HJu!tt8To&=>Q7QTYS_mF_nb8d%{_I#q& z@mB^$D!Ng0{^ENn@%nxvWJ$#ws`@)htOW6CVLb7@rvj-jw!vb;;Gp}5wDV%N(C+X! zYXWhT+IbUvS$ySO4;hWX}8{`q@(o5`Og z66!vjt%Zc|9CWehrA09`O5`i}@Z?(rHfb+xLC$BWn)?eh`&UY34ryd(?^87Mx18C- zx_~wL`ZxL}UZNc9-GUC5ANoZ%8-8X-N6cjXI?b|caP+=o9pE1P?#cWvXLXvO{t`ff z6ZPj0UQVk_!+IK*D(QpP>pP1M1h2b@Sl=|CkJ&mUTa8vf?}@Rj(cJy`s;nyE-M6P1CiMi>a8KcE z&BW9Dn)_E6fyY%zms16%3Pg-Da|Ilry(E-scm4S{rI1W!W#X9XoiON8IBRK-p^Q0P z-~M$4XAZ-tGip(FRy{@dP1an#jhiC;9U`;Za;m1fLJx*)hoE5T0v{_|z5Z|u8fF(Vu>=t3`N%)Z8-xZ-`f zzfE|IvNtlpMN$nCX^^*J-ptsq?|Ui3H7xHDi=H~Ay!36*GFk3|mokl>y_@UJo+11w zs@&_z|4mobv#ZNQIz00&_BD6FGR3m~fl`IJdSYn&J0I44$~Xm~H~oR{WMm89_FgVD zEFZj+o2EF3<=5C9&0HnhxYRjiG*XL7HF~WUldV4~Yc2yq-Y`+x9+x;Zt^#~ko)#64Qw_}-SXyFNd4(udzxzC`8 zenu_4EOr{WR(Z+Ru!PbnXvIZQ{yZT%I(KHRPgMIF@4c-Qg;1)(b%(r#4e^Pqn{4I^ z@tTh|#YK3U$~76i?1dD5^8p>Xk9ao+Ww zXYfK>%!J7A+>72nNrtSvOprKuYe7@cZBmQ`qy}4jT!-Pw{qwc1&s+J=v8Z;bY^wEh zeZ5awRbM^=Zx_G2K zY83T{bV=8vH@1EIFy)c;zp?k$L2-85nt0>x5}YPLaDqDo3+}GL-Q7v!p>cP2Cj@C6 zf?IHRcMTx~LYPjzGv|DB?wz^ytEu_@b*ZBIrHk6~>?M1zz25Zdi_ znt(iX-uH{lqbC4^S>%=Sl#+k2>gb`Yo!58;6{z6sw(W=3cj;I->b`U_4++V%)+ij_ zH$-sMTQMcGIieCXoA({L46OWd;9>0U0A>zY#Nv#I(N21yesXqxaxL^#HT5v_XxGP2 zY8T>N3n`LaZg)a%OU`x73dzUZfJRK`P@c9^AaC z=UG|EtXT^&t$(VLJOjc8>{?Pq=*B(d-)a2dY-qP2^K-ea-SbA@e`uH+F+Yr{{^~LS zd1Nd}jD0WHIzp}JNuUzzbmEw})P!g>_(opE!tfc8If~@_78Tbg>%5|Zy+ihnfHpR& z`Wqh2L_=)H+4a}T9oJN{!FKH|OCe=QHmPc~i*MRTOH%URFo8DBZXbx;+013SB0Sc z*!a#qN3nD)a_|XDuEqJr!d&^@-s4AX+ZB1;jE*4+;=tKp8xs%3Voj~Gv$Keyn&s_G z25Ot7v-~)<81$J*zB^;>vzum>B_{req5A{Xh_FEQ*Xm8rD9!;U--~K&Ds}*0M1*$oKL5 z{W|ag{}Z3QLK4@i!Yxs=RJ`Eeq}uRzvy(EE*9iy!RwQr6Ap-gpf2ozWMD@5v8t}P= z>}*E!qLrE9_b@H1#nsf}^m4ND`b<;) z38QO=SAxTrss?u@QW<+r4tC9pE+^mZ%aQud-!+JE4bE-j>I;#HQa)*fIs(`ALP|W(l>denIfv<1(d;H1*s|o7pYwi5^LZaWD@tw==EV8(Q_@7UX+R;FmGJ zv3Fji%JB7^V{^&5fMZHsUQ3KO}+hGR4{Xmn}i|%2)U?f` z`g#4s@Dy#Xg+*22K4zfv1uca_>~;#gBOi;B+hh|Of!3c&f2Lj6qByx~_QALg)& z&3eC+6i(lpQow1m4ZPagmv^&+=%r3qs8n?L+BgrpILPn_Ebr8Z9g3}f4oqX%y~l8& zeJ3ei5{`(Y^NHwEs}|O~!tW z+D(3+ni~-S7f!2Srk)otPu1+JS6!k0@~ciegbOK+=w83O(>6chD`{7i=hw1Qp|rV5 zx^$_dK4^fdVEmCMhS|_+kq^(RCeq zC0V(L-ily)X~k*~(-|q=^07f%}BUlz6=8_~g- zR&e@D)5t6T7QVWUJY@|FSF%`u48}?yJhb{xQ}FKCSBgXr zRf0FHfzeV_lJXw(vxaXnvI!$T1Occ3p#|8u@)weCkeUW?YQ~G6-e|EgaL_gf%7>Hp zPu*`--tewYD)x^(>Qj4TZ|{5(P5~$0J&t|_4`RW+HFq`|WP&7qR;arG-jkt5l9Qrk zn%h-Usv%2o`>LJpe=A>6B;{kzeJWaNXsf~_uEw%>c<(d37)mppmLTwE$0?`lbCLb= zYrLM5g;U$^fuCP)&bv&#cRFeO`}n&m8V`?e04V&549!L3n>uQr`Kn~uk-(McN6W6W zC7naKQ)qtV22HmFz$>0E#eTsKR_bqjqXy*CDCC`8AsVc;BJ}V46%j7@CB$Aq>{UfC zdta@VppxL5>&rUt9=7^;IUrqDc1%(iN<6wkp0sI=tZXwGBigJ^zZlQnKr}j`B~GQd zZ=t8;zS9PIC+R`C2oBM5=sAo)0s5` z*MJ1>gG`5-Wf9wE357CG0;0+ajnnnp@1`p`&Pl`WNm56&&He_Fy_QniFlp9bUF6Kv z7GFzg?K=!fUKL(lGhpjkZ;SH;*ZQz<9rcS7LGvm@W7D>N#z@+@Mcft?$fj$h#}pC3 zYo%u<>^uX;`yREVr~2l1ago3u`v!E$vE>iWOJV)( z6tu`CTv{WDWzzrJ_`ZlvH9`o>$wE3f5$9k=`sTZ9->1|Y1aGaHZ;Yvy+3L@L^I6`T zyc1LzAue3mp;1o|WOAAt3$L{>clr_kg?|01z-})b9MWhaN2; zZv4xKZCwzAdB61#qV;tU%Zw}~PTyjr@`5TMW$UCfR;@cyUu|yAWED3p1(q zhIVlHk-KhVZ70Kw0aMb&H8G82tTg*Mv!7?M%0%J=Tx7P;L!{8^M%q+iXKPRWlR^)%#S-tzsE{(nNU;MYpaMn&*AlS zYIFT!>Lw&f^bDAI5&!t2!ch}!)$izV)JnS{u$_NjqdM-hsJ5EUZMubQAL4|&hE)l! z-OmUadloY62a zXX$d(%ttw57$_kYM#T9xq+nuvnKtxJ(JwRTedYZQg%mD~;9IG)gqiDHlh|YL9c$tp zufbyr7E5wJJ&DqgHhBrRNs!Ii+U47|$NhtudV{=1&yvDE2e{H$Z9ZN*1H>D|>5YUO zUFc>|HZ050CCUA8M?3QK4Le3}adnYN_W7CFqo8Ik5^Y6Izq`S=*9zVDW9>;>JcL4G zK6nEZgN^ZCgo59Tw$#S;T6}RQXs;~vm?*rd;8Q2jA!e~XE*FdxQjb3LYl>efeO~zm zi{L19f?wA2tgp?xW}~o3L}LcLZ$9y+PqkdtxaEKU;)+ROtpVb>y;B=YIz7u1u8AHd zE`|&bxBuPjXP%9ulh8k`KVeE=EGhz{jTHTRCgn3-ik}3O!Bp=%s$)rW3#Q^YC%5m) zEf=VzHeKwLlG9R?g77I&iH~kiW7;@wD$ZfCztj~t+7S%2-jh)vnMGU}ET%GKFA}Jp zQ!2jZZ*!P0ihC03Jtw^xU3*_q;^B~s;VL3gDV~PkTI9LiSiaScvrne1zp668M@p`Y zgi5J{N^I`7{R}A9!1kevV+Q>qsl~grAdz2^ypmNjq5Z(i88EA~6UtZ}5ox|55n-)j zTPx#fnNw3{O|R7WRU(Q+55eK?SfoG?x6 z!bJXlfKl>pER~vWZr4DGt>S)V?oHEz+SXmX7p@?F|JJ%{<235W;on*AH1UDSO6$pS z*m9vxZxoEY=AxO1arNs*=t;wAH9Iiw?!GCKkW#Zg4u(LOC++B4#;bS1ANNOgl-5|r zx~}gSbFM$n`u8^k>IR*EBf}rA9rU$2=T5;Yho{PXqH-HqfH$B1#6AH{$@|y=_07~v zzp^)6n}+naQ!ifd-WPpsnb&k^?3g?7Kh$d3Q%?Gkvp(y8IMWI5zssLn({yOlpkg{D zb4g)xCWZ4EDKJ48T%6&XHXYzd(yjz)?snv|c4>)!2B3E-pBQ|ZOY`}*@X);Ru7uuS z+sS0)q?2+^Pxl!hZ06#)-nvQ5eC5Zc`nAKJ?IywWByVfaiibB#m zkY;TlBfP7~#%&P{EN=v22>z^HRU9Uu1bqhZk;DwhW)+%Zhr$9@LX#9`mVij!E`8)D zg!U($FG!v5;=|Lh0TqI;jLtTEh$yh@1cddxI%6U!nOku0C%RqJQk8L&j_~WcUYxxaNm@;RJ6ZS4^PFiT! zZ-gDM8@aD;U+dh@l4?W=f9l;f60eueLVN%9)dJKLdYnxtn--Y0rOVtr+a z?qkhWUb|9`=PYf_Y7$9 zT6zZf5-)r380(YwY)VM`lD}1E;&oY*<|l1QDsDld+3%_TYiMuYcqpP8G z)6zQHI>pS9*_X&z;oG84yM?Gqg?s(_Svm@Z8rSg&>JNIvWTZ8&9uj8jRO3P<(vOUM zX#$0#Tb@j)3Bt)-+i%rW$wlVi$b^GXi0kk3E7%amzhIEpCj=ANPt5uHNzb|YpJ%_o zbS_9ZgR1mHOwp5VL$FVgpI=n`?MPAfTwuoSTFEBkV-yk&$gK6_;*Grad$oaO=>n&! zce*o%?XmBk0mm4t?`RuyXTGxng#=dQt~O?Wj>fK~Dy#^u;(BD$|EOCDC*PDl&Gd8( z2phL2%Ah7Y>iIc+08LpcqRkX0)wY+PW!+dI{t0zGjdy&6DLG2rL#*b?je>?al#$^@ zb2aM3x(A*8mhqQOUKxdo1pON+#CFaHS@f!;ivs$x=ch1WTiE(dNuqng~>~(zqf* zC=^;vqc+gRqqRF(026|P24u4xD>PpgH;rpfAFjnO<+~4-A+KHvo~c12ih5oYBDvIM z-d-sXZV2GR#?$Cl!&{S(`B?aCoLvI?$O9Xj$??y8pumCbxWePF)$+Dj8h=Iet70va zsRd2kGPd>NZ1*7*)TukdWd)81LkiNA1CBplie&H3?XR0GAPs&avgvrdey#LEPUve& zdsCU_(ulJ6Fv>F^^$^QMWz1QC!T$IoBdTl9m7-W7uK3aS*p>X3{(*z}M7nX2qRMD* z-pZ;Zvb|*8a7HEO<~(#{xuEDL0Hz9vDqD*W=)AjnfPE{r9Gr=pky5d|ydk&k;e`KK zdB>G^uzITX)5WJyYiGY@KS@gA>BTH3_+!$t?Dv8sPP-rG6X!Z(wh;1#ht8!#=~c*h z+k>Cy`=iV4R-1cPA~UaID>S6$#Nk_$1(Vlm@83)fcO2ywHVrJi_CpjJ(~itKB4FZm zln#8~UvVN6 za;7y`?Vr5a4wvYF;1)KG&#*;nC#EnOa9lkD-1*|PD-2ck+G<^ZEs>M0F%dh?6iuF2 z{LHJ4JBA0vp>7swZX}0T#yUmINniP06^7iLYrnNwg>lg`t}rlV(tI4J1DL+W%CDTH zF0y)6>PUzXqg+-#Bxzm3u@ZxslH6M(HDgU{m$BREhi^DYYXug5pI@s${uWJyG<_52 zvef0&HmBpGh+n06^XlHDSi4jDUG1&^bnbmfS=->W=_$$=9MK zUQ`e|WGPCB-k^0IFb%e#mkBB@0>c%8sc+6|R}j8@<&~@pPuOnptzyp5vzEwQxu%aS zpLL|Rh6`jQQZV0w5N*IG?AJb3)Q&~6+6MKJm%i^9A((i)-;du^ zt7;N-VvYc^DtX!da?!#FsY^p1(-O_m2L|OV! zjxZjJHrO~PfWq%eaqxz*ZYSII^)IcJ%L<#o%Y-P8{8L{$x6##ht&2m+L+PJ=2wBQt z0V?HR?Oj8Wx-Got{0$N=X=drJ?Tc^q-ev{LPY;xj^&!gAp81fC?4&Nq049@L8&@w8 zP=!9SuzW63k1lw}U+1GcE%^*MQzXm37>Dab(5ta@9bL0HN(`J1->~!>rz#6zyRDdu z?nd9uMAK_N4n>`t$+>4pm2^0%rS`_6uU$XQelWkn4rNhwDBd&dzcsomzJ#h2&ajVvSo|K2zBA2vy^?#t+y?rxQT6SP8XPWh#@* z7i2Nb?LKQYWb;Z~?L_hQVffgqV7RCCleZ{iVj}&($aDU3SZofNO*yAaQH|7>SUK&2 z_`%tCgg0b!1%jU&>?25$_h$^R_$ZzMYc=Ji!HubSpX@OBqBWaday96)a9?;Qs;2Vn z#(u+;EVlc^UW;1%!4)nX z>{8I8#BcJoaAY{jO`P#M@f)m@0p%D?d$Hq62kPSO(&Bv#rn+b5Pt;ad7+2 z4z@ucw(opEZ=}azO`lk4?n8a5tpWKG3ClA)Tv>1a;xJ%DeEk9Pr=i|+K1YA!6Es8y@ zUFS*cfP=+vo8CSvFgQt^*Cq*)l#PY=h(8xWC?=dd5vX#tGlgKMY-{^6Ox7W{ zPn^B5%|Z{Ci79fdRpB)=agLm^kj5MiA$D=lRO44tB`TQ8Q(mhtpJ7&aKF!$`$6l<( z8%U!TniNKwrJqD&nSvy^b86N}z2LR+mnUNCL=qVb286~2U1JpsI|9%O)*v%Tt4T2? zK4mu}*~}I#A%ZO5(57~caAOW<#?oL#vxb;;>%>YHSOZ4^)rRqqT`n&^z|--mY(|I0zjGz{XZa&Mz-V zRbl$jharKW5ife`J@Or?1f{$eO;5}YncAchTgD=Z&&9?q{6+=S<23I3ORP)4(+A`n zA!#$RFK5#E6+kzBS2(c`XQjvp7VWaMU5)Tq&HX$0!MwUTjTD8!MT#ByD)wi+2y!wiTwrj2!2DO(DT>gqat^ew>Rc4gmJT zw+8RHd%j#)p-{jah595o?w2~>Mp0rNR|t27kOapzT>)dzKP6p~Y` z$I^%KFwS==@opz50)mkKpxBfTqev=yeCca2Y5(kq3!aAkHa zmHBGkW7UIR!cEs0RI-jpmi5fY@GO|{d>Z8W`Hb=oG~Dh4{(d`jI6su3wg8gL&y;4} z3yq>~;7@57^dh`1XGDPqich!75FNlZYQo@c*(?WZ1S74+mlmr8T@e7orm;afX0OD0 zfXwqSdS{6bjxaEaze8+gH&s_c@pz8QHmt8ykRrsN!Xugx z5XL0HiS$_c&<+2~glN>e6#4`XKyji@O%AOMgs~Zy!BD3WFU_{Wq%f(5LM}5w+)hxt z;eeM6K&9DW?XJjGhJYL{A^7Gyn$?}qds#KP;nM}$An1i8f?XA|Bc{Jux?ck?-0py) zn3T?i!^A7%j5evW>#gE)B)AWvg8by=GKEl}J;X$*tQl0r!oXs9gbYSz@muxs6cq2UNS`XABtd<4v;$F8H3n z9G-;=g<=SsO%A3Glg<<-sM?yFXkIfFy5yK-nrevg{isaIr1WG*N>_%za6^l#bP4}@ zr4WcC@j);i-;t}ieFA2`{o;br_AM%h+qS2!o}TxG7Eo#w6(mC$40HY-9xfyq7cmUF z9eb>3lidhQh!0Ch1#7`5#$AQQyHXHr zvnm4)mixG~a!soXbE_tkF8~G%!OFq%w%7>H!NR%}X2R*wZEbL=NRTphk4tP^UM16# z+YZ-5Z-_wH2r39F7>Rs)Hg-L3N;{yjju~_7*G>Etu@Wu4dc`Ue4j0nt2Z+4U$j*hR zgrxL*jTJyYs~u26Lt}Y9r3L_GmyQZcCsmps-Godc9#4ggD8SQhT?rGuoK=a9&NJki zi0Ddg_(6=z`NNQnsI=$Lk9=1ID!K$`HxtNi7&c9^w6SWLLDnSLiAdx}VtQ626{3-a zb#UNt4EhmL0##<|15UQ9if^hi0zb!IN{(YAI)jvqMagPI!bh?n? z@j@_-8v`j!WKt-PA^MoCRC+` zFu(7bKA+BE&&pd>R4|WtBN@)%2>MC@P7)<{G3bEJUku>3ODdy=*mi<*4UgbcyXA=) zAdN9hubHU-K2*C`%sjk#hq>5-5lzLeET(V0;GA9&F`@;;_!jA7ER^-4I9z_%`ui{f zG94I+(vuhBg2APU&pKe?c?Rzg?cx{l$PdmD4~x6?!WsAIJ!o0Cw#M1*_Z#Y}Y>P5B zq|yi~#)m_uN5ob^2j&xriLy236X~g7u+SqC@&jgufFwG5@M=;gK+f0O9Hw{kyJmNS zv)uzQc{GVb6sEIj*eIKC1;$h=JuK^|d%`?uBqZZcG5jhhtRSY)OW|BpXGR^%68`UI z>EGEmKPmy@jW#I1t9#dn_F(>K-)&$Bz`si&5Op)}^jyjnT-#hJEC=H@L3efx8+&tM z2+sh{-lG0r{d4quJZ4Q3x@I5~JYd6L?(`@1Qyto%%zBI?C-DKcOhG97hG9KKv$ZgFjccn0o*LQZ(K6+H)K z%M;K(V7i$_7Dn6?I=UYCE;RFy9ZOBy>7Oe45}}=YM8?>1#2N;$7&9hhZ&-d^)``}i zO^_2dt2Bb=kga-$R!{QXGG!pFZ=8|Gw_>UMqU|tf+Nrefy0TI!eS0OsY1T;Zvhl8Y zv4Vwvnho%}dTHwNM|^Y4wZ$98jTg4w?OiE+W@M_zdc4|44-*i`EbDGtG&nnAd}E01 zN7fEu#oYD2qw0i8h`~eH>;vBWNkdG}Q}1py^`F%1zZmIVWfm4z_9x}|Yy!LAwd;fq zlzq6B;)`4{Aa|pdp(-gYh$*0&8?x%Cs=iB;Oxtznegn6PMi}wsgPAB-KgcEw5DpKg z*am~q03)Icn6+C1N!UPtt(HK_NoS(m3*2j<8lH?SSJ=>XUMD7lMOe;uc3?sbLvVPc zLiw-o2A`^u+-$fk<*U*}j~C1WwhO%_^+>qqwJsHsAMEShzxK+)Vdi=RN$jzp-9$m4 z4>`SnS<4G##4KrNQLa_NU>J<{c|Oc1LbTfZ86mGc^fwGbYLuikAGGUqER&SLn;Kz|@VJ|=(DUe5 zsrOmECQPqGgwMP6BR1hPCf@Z`EVriwSaDZJY$vNc1GLn%F!8P0om^`xhbFdWISr-c zGg{Nn4?=xY5*bJxqZ}tAWz*jswsax&|ivo6_>gv6yFl zU_&tHOLV&rQ!A%W_8)%@Epr*teGb=vwGbs%K~w=L6aZRbVL0Gn;(?etqGa_TeiMM} zXBc#rEszsc2R0H_IXut#7D&Q=1B#;7l_*uC6BOL6-zaB6!8L_`O$q~jD2qi#%z+ki zWIOH)hAC4zgFdW(KxTE<_e+oFWoz&@Z00ASnB7=}#cnj;Imsa&JL#4Yc=xL|mVw#) z4L;`0Gk_-OoC3hS-ss!x`(b;FTYL^_A%qCe5gM~Jn&!kU>$dRqr(gHoB?^&U zDW}qU!6z&P&w!U`IW9Q4t1PbVtg4eWoH)VLdab3|N)hv(4*~BS-QO47!d{91|E-3@ z|14I8fQ~#bl^t5lmxGOsjn&G=@}C(0 zpX>jz@$zu~z5ef?`hU=N{=5F~KLPxI`0!W#UmaLtz$XA;d>mT8*Yf%K8Ct{F($aGL z&)?9_pP*kokN?L}P(7n5z12{c5L0=}!O8}$UIzd`OYp*TKtGv(|M%}^0r1c9!?IPK ze5Vub&&Kqz<~F(3m9_S#UCzwv&pr9hGR!1iLB*~k_5yiRtM%tS~-eJt{k`J3ar!rv3BE>e~87L;rx@?5yJc%;KW)-ig*i!t&E_Lc*re9Qp4Qi?u3UQg2UH800?za4OMH z>w&ACI1?~A@$m3=tIXeTFsH0IT{hYL27*0B6{L<0-m2W6TKJQoY_1Dv-CaJP7Ic?w0 zw)&jbHadlFE_Y_Do~1TA9`jJJhx3%XyPh8Jzn*SRc6UEN0}$!AhC%Rz)>}cys4@$| z=sZVTA=pyhQviG|>+LWi%ku4TGS8#!2w*t<4zx(G^-d&xY55MAx%p@(ifxd7H=4`T zx+jM3pnNx0=k%(`QX*y&Al;3u-3CE??C&W-zGbnd^v#-W&@U;^YZcT)bFcXfx2|G$6;andB7M z&!IBAf^^{i4L7?#y`VsQk-?VnDTNvZb(qC>NU`R~o(6IiRm6enjGwQfzI?BoG0kqL z%&pshxnTZ=;xzq?DoZMxO|BX<=#8O=9usDoE*N3F1K2&K4gaqx1s~epQ9b1Os+W7!v3rE$$z#k^BbUy!-WZ#=XAtasx;k<)ZDVhREPAoY8_aYsw$6^ zsBU7+;UeM)ksSvwNr8+n`uL~;gf+4Z>i2?b4(cWBL>E#PjS_ziefYOL!N4K{L;=5X zF~S~3`BE^mGf~#LAstD)WJ9!4GapvTfSg687|26>;cW1uNcWN!u34|q_=eB4%^Wf_ zB55EOLwuOvyRiS<3+I9 zan37g@Vr$6;g4QmOz(yLq3N5CCFx_|D~Y3ew(7kf$$g}BKT(JB)GSq=jE;*$j$|)+ zWsElVk7Hv0O^$wR1^XYo6rlQN)x@<~6Le;LWRh2<722w-@WI-F2o=R2$Y}t6+qu zZ%?zAA1$KeazK6TJ8pf|y6uw5L0&JnZW^P)lHk|LU#4wdf*5M~AJpL=;}?a3W7JA} zs7G&UteJ_oUt;*m z_^W-{E0AnlG11bvV9S=5N0yak2~Xt&=~w~JSEXGr);0HK5UOSJj=_+Y94IMPe}KHLXA_+ZLon{}H=a!3Q~KySI==CyS!$7&V}$!o4`cn87t z${}Wf*S!a?^zc7h&&@Svd}HuYv5m3&hC3p$PCz8@@;3=Zg)Z^yKR8KW$)Hqrf(}C3 zzh~Y>8tHISc@jn~;~@s(IiGAaR|+NHGZV8jF9d%fr14!>RsI|B|8fL!&<^Z` z?|01FpAAc8$&MUKUKJ*nmoBfAnzzn?NLQ{qWB4hqUeIjV4(qDD$i7YeTslW=(Uv=7 zmLwCV7u(4g-Nzj3rQM+OkMaM*6(9o$07%gB1Ft|Ru_?DZHvAX!Qep3i!KH|~)W^;C zcLmhtBWW#q|0cs?e{8wr|D6m&P4HUO-werbJI?W!lwpG;;yR$a_@)&6rIJ;7!?6hl|~p>1gyn2_icbT*J9o9R_t8WraVdFI9az?!YPG%#C_%k{yE5 z-T!kFh5SzmhWZH6suGS(rj}=DEgT9Iy&N8;l%q;Jv^oZTx4T-8T&$T^%szdtvkm!shK z)JsXRldH8onb1RPxvnz0bu1z>n9^Pu4i}}tzQZjvkV-{obhuz1FRv=Ae&wTL(LnDZ zV)M4>!R}o0FKqs-)NeulO9LgKpda&pvu&^He>ZHg^)019R*3|;+&;3GA;7mXXOi{T zU5mQ(BGkz8>Bd9knnCTf?u_7sWC>gK#$DYaYC08?znsHA9rM5+%wPY1Sxo-Oe_OY| zluQtr+YZ^g$mbsc4x+hud32inPB4>R_eGVf4MSKkG*x5OOvepm}yoRtZTyg;%{#8UrQ#7 zJ&Lz_+%|hc_2~?jzm57Yr~BJ7sQ)!;JLcC{o7@gtmU_FxCFCn=vN>CB{|+Tx@vGtbBgwZ>dR z*6?$j{xT4M3{Qtlz^7x5oXUS4R-hnJh1gNK8Mo9B1@hl`i(zvDlDL-7CI z<6rR~4FKbB{-@yJ;Oy+|!NEZ&;S-disi>$3O1}gpURqgM(a_NF_4SpNmA$;Yw70ka z^5u)Gt1Fa{>F)0C;o$+w-UKCl5)csR?d^p|jm*u>2?+_I#8C_k3^Ow`P(mpvO;l%R zXINMmlop}7x*AIR1dS-2oSZ-joDL5Up;S*tM@LX%r~CVRD4)~b-X4?`3Q9c%WtrOD z-90!s*xuegK0b!hK|zV2Mn^|?c6OkAR8X?0rKP2@v9Z(B)1Ne}YfH z=LF?{>Ph?^TKaQx;fl@upP{9*C7#VIh|qHF>ZN|IoW;pMLrcMa z@2JsP8CW>E=@XNZQ~nAqC2@1IFtDO4(=o%s00F;4OMr^nn)>yi*HoLbFrTqccmhV+&u_MtNrTzRdE#5>k@D^pUd& zW8x18GIMf1F#r1X_;8GNe@WRL3_u~=8*-+^3_;fwf~Swqql1MLfX{ahk^;d}dIE|P zV0FMrv^Lpnkqzc!X$&%L@Xf9zV;L-pGm;}5ujHN+Idq(lRPwa}7_iu(GX;HNQKd>* z;vRC}Y&0u{Yv1JvG}&s`sJ8H=nDhjP`;kNkR1L&@V0-FlUt5Cn%a_^*D>Uw$Ca2$TN| z1PDGp@5v8AdzB6cgG|(89E2ipWE_qtBJ)fIi>QaZ6OIf1U>y8a_X-39kL_$4Mc+tY z6pftU6CA~PfLs(Sgo{lb$N%%lERJP?ek2+hIbSsXjTA15__Mc~1ja8Fo82V!22olX zJxg6$OkFkpX;D+9V-!>qwc}zM-Y?dDaPXqVSeWc{#1d%kgQ9ep{yRQpxh!iVbeP^d zY!W#kxFqFyfiEi$iy{Wu`f|CUWsN1{b$le?Ttr?@=e+KRCa@GElAM&6Br@9OdsVJ{ zu6UiVXIouTO9CZ)id|tWZ@G9t&Y`~o9MZX$%AM8}bpiX(BoXug2vd4jmFS;XNtv34 zcpfVoSajOYnpv_zwhfJ=z}jk-dgtdLSnha%lLn4rmEeYh8DmG;*MRsQY6AOsQ3NXQ z`ovc59OH`yx^kM3u6%mCdi3kT$KYNDY;<M7^i^l9M zjsjyW+P9@9FYG-{cdMd?PVvmahXJ;tZNfyq75#zznoFe@{apyTC?c>P7y^sNcO{0{ z85%Ev!eXw{gPzHx-wTHfkNx}^fI;I7i$ol1+=GIq0%*l9fW8>DpSpVrg5{(!Xu{-T z%kRTV;oSL*r8rT=kBST+6Ys&Ei~o#>g|E`H2yed?gpOcdFM*LcWGsP9+4QW6_*$jD z2N4E4z88TbK9^py7a%3NZ}Xa{2hJH-hl_s|^oFm8o@N+CsZxiqdYX;F5f36SW`ZXz z2O(?2gD^UbVK9&r50HVu*dJ6vVTeGdxb@uVD*3SV@x8ZF&LA9}E2Jp;e6+K$cA_Z| zgXo?KR?2W69hoRnMwKWAmvuWJ`6V1G8>aVxHVE4t1h}dKzzAT&;z(NYA?g4SIeJLn zf2=|h6#|i^(D%OOdftae<$Afl=M6%U%#ZU&-$ORfZ~^ARbOe5g7$PBC2uwB$oJ~71B6EbOd|4#f+%j; z)9`e9QG57dj!QsrSoug;)NEe}WVUi}jSmIaiD3})QA|ZR(&9{|07ySR2Qduy0Lq_P`J-(|$m9loEO%HjH=MY|iy~3A{~D5MrY!5)x!zFaQXH*D(uElOigI zW&FCV1BmeKst{D}9v@7czoi0v>P1rl!GSMs5C}9Z%jDQ#N%}_+=;{;D81-h7KhG9l zX7?b=ft1K8dUD;rxca*o%#S$!c%hJV8g;Ok^~`d z%mm|H^-|nV&DWi1mb^cMLBe;2MN|-lwVILu-htF=3-NP(*DFyp^5;d^2yOfZ5k>hX^PUy z`|Iw$?rVAe_kBH|_y63_=Y8Jyn(OnqgmI2@#+={ddwh@M_%^c^V0gJmeaI=!?zv9} zlqVaz=b5h2r7g#G3kmz2l4Fn0eL8{$;mC?6lvvu0vG~bmp~UI9uDN~h^EVe-3KZ0^ zELQc$rpXJUjMLkO=02O$5}=Ai^cQIPr}!^0WOZmr@M=37OPioS;=ky?h?rF&Q6bSG zF|iv~ZHR~oiwX%_AGn1R5f>8mDCXoA=L+E8?*IMm@?W?M`2S=7?~il( z(f{rB;z^h9sdzy@u&lz=-DSdGHXzSedxPz@$Yb5X+4&(c2i&5**sQtfJ$A@ws_a2n z)cHP%%{QNK=SFXd+7g`*n_@w*w45;`!;-K+GwT2$JC~Q2mywf^&C5(LIh0;dc%(S9 z*y5m-8Kf?Ztm@BL8Pzs7)|@%pSld$9(Ad;^p;-XerPkMW)mH1&Seu#Mt-*kMIwZ{f zyVm!6t#zzXm3t2!4nnSO&=N!HtpQJlhCV(Yee-7Q$V=tTSKU*oGa^rwQ`-)i2A-4m zt3JUVc0^au4*fgxXzdzr(T~hqT!v$TeegYAzBHwc~ zhTV!CeUKUUlzS(W53KN)_+0dUGBpX%WN8etCJz9jINOpzmNRBdqa^8sPXeIB1Pq-1 zGIj#cA+r#Yj4Wugk#i&_f&n$fHXx?o$hLLfQ4Yv-K1(OlU0Mkh)8_(I%)$6GLeLLT z0AwdwRxskXiJBinYW!O#YgnFoa00%*L3`U$ds?1>w<4EUw3@}74#|2wvPHo4? z7UmliZ5jE@B7wsceq;i2A6g5o@%K(`Ld55Oqjf7$>!hEjKo6Q`6gK)<#izQr)Jr zv$FQe^Wv*xjn4G*@6SKG;&`U%(}3#QYc_AAEUrGQfAYS;xS9{dXV-GuZqXH2Sl)Im zW?A0xoq4$K&YYPUb$4dBQ$O7GT=L!O{-UiHKHOSi)YJYbs^QJY$DA&c$tST7u3J;$ zhE7fPZJT^E`HV|2jq95w8}q3@Rj=yPK)TJ?r{^heX`f%@EQ$I2GB2#^^I+kE8|_2< z-KJlLOAp3;c~yR#5>Gh^yXDu_U8Y}0>mJ1DY<+G2qU!6|`N^@bZv}*z-$YH%*x%lD z>z)4g9{$$f#(Ok0{$Ji#{O9#QgdP}b7iwm;+Q$5k`2Sb_7uNrv|Lyv3Zf*8^{BLe$ zVPo-E{r|TV{68G@XZ`p7S^pu=3yED=hu5rG1BqJ5t_lPKSlC-yT8fK{Aq0TDaD9FK zsZ*!8T<+n+hu5uJ2TQ%Tx3|8&KCJdRIXRHDg@i0b2kGhQOePaT0|*Kr1c0C*Ha2$k z>eUbhsH&<$q8XNSSl%HDfLH(m0a*DVE`V?VVgZNLC=sb$C8>`yy3adi}SrKFfDm>O-dFtyYOsPMb?w+%=aFGrxEGnf2Z0eG;m-`(E4|=;`l&eyi{F@QnVN z+U`cI%n$Q8YHA1B2BdvKRu_w*BSGGpH}kT-pd&vl*&A1&bnlv2!F!<4aOy zk1JtkaC+&R1lk@LYg;WkV@?%(V=!>^*fs zt%;x>Gu(243zCTfJx29B1SL?KNN&~9-!@@UM9X{Fgxw}NjO-wC`HqYYPrEcZtE#p( zME4v!q@a&XuoXO8@&-eY!9h0~qV35>6Ywn`5vC*%uCl^$I0B69 zO2D=PZA$>SeV#Fm7uV$u7wyLCKux<^GK-m}E9ybSXXg03x#(d6L4MSV8!5|HnsH#G8V4YLp$slb zzWh}pPK>pQL6G*RF$jxqylMqv0k4kZ^!YtZ@kD9E@S+4tMK}iGvjyTw>R#a(aaph7 zV`*Z_42=GHHiMrl-4s!h<*ppTxBSFtC+U^OyH;3sh^?utJi<4WuqhNpo;=sbGdg{8 zpyKuEw%SOe>SnRmMyJjxS5}I?;IPep1obc zzVW8<(QVGDa|30~RdqGDl`EUtTbe2*Pkq^Abh>RI(xk5EqXWJ5%ZRw>bW7ykYJuf2 z5$e&rjdg)_?X9F7U0L3{4w*CkIx32L{cAHcU0<19q3tDWU7kPEXfA2_AZq-&?a;~b z8;+CLHc%J@lZhTTh3JV}o_ZM*KHfHOCho92Og`N8TX^`=J^!#%AMOWie)HkMs;{(< zy}<{gKRygUe(K|+$k)Pu)c@$or<>mLf35$Ygoz4)ztn$i_5YVE^&c+W|3#mg&NQ9L z@Ln4e<{c5U=D+Bee>@EI1N^vwpCA6iN4l9M?Eing0lJx)jTs%#y#IKhf5+z=H^c_6 zr_sRrwQFPl)$uonhlE7^t2_M9{NA79zfdb^{V)p-F|)G_{v-eMTmOfd`Kr|$gF;qW z(CO<#f&ybh%%BtGKUhKjXFf^)7ys7(4X;0ZKhx>fmX?2ekK0&7t{>ja%zwEKm|4-S z{>cB+&FPkZ;s5`RKf9m!zY}DFLGXkBM-XIa=+*rP4_B^S+1Yiq?D)wo@!LGyJr5l! zP*hZ`Z)mo&wbRqnOG!zYnD}t0peQ^%{9JSE)oVA`ZB2djH?`ywqZGd(@k({tN};WGJcdTQ!BYy_sJ zr)N3O`aU(St*Q0>``52uz6gZ_lOI3MoM|>THg@{->FMv&A15d2mUdsiPfvdQq^73! z=B)_+*v_3?C^uQRZoNqK?(5fY@864xic2*#G^VDfc)ZM+GiUnydO;u5Jn#9gOjoE= zfsgm^enEcMzx;Sj0AU(R8~$!_+Os!3W8V*p(?4`5KP*oCqT&*0aXMap;unik?U_2L zLuowM)cn)p)YhKi@8q-~(cQ!eJG-M|w)=ubHs@^o7nt4Ly|fQOm{2si5nz)95^4s<7AHxD3Q6(_z(h=|u9(%6Zk&|t_+oL7 zuw2Q9D0k=D*hD zMk`O9zYHgLFZE>|cfen0S-K!x(LIrB>$ydr=>5gXmKYjyZiDvp9<_bpse9ANvI~>2 z`%({O%-wP9W~38yeftLNz+_zSSLrc5!lZ|_QG+&m=4kc|H)Yd+-w}Z`gka#yII5jy7rxBi%YaneKA)WZpZto4d z0Iki;3ePZZ%F^y*JLTJooe?c&`Md_S+BZJ0>LYDwz{kn*id24R_w2-QA-BOpEFH;Cjh1%I(1-ren5YjpIA})Kwb~Xy@bvx5P&tZ6USYv>Qy@o0_)U*>a%x z?Bcz?E;iS|e&_WG%Tre^Rb1RjUjM4}x_`7-(VeA|hmWlVSjSe%^zPgfn}!7z*F^Wq zq)1u04(@Ed5G%Hmd}nCld-sEa6pn(*WmTigE9CEwK5&(H@(-L{cQIl7fy_-spLe0} zedY?Tg+8o%FJq#Z(0NNvQfq(DteumwlG1J7sqHF~iP@WX%1gN(PVwAxS>ka3TK}N5 zLu~R%=AhT))4cdSHho6-nkM_Yu7inZ$qK*YA$cCApPwycFA-q#R_|!X+QjZ~CGaI_ zKY2)?7I(yM5LZV@TukG#7`VCK`{oc9vHQ7rWp=-Vye4?NRivrI-iA_jPM?3j$PY;v zziBh`!o;lwvz)MihC-;^xuM z-=r1Uf{#z;2A#*LgeQUm8qUB`i0IiO(u;)&czX`c$diUj+P1=WJ;8{Ph?8q)CKWdRlaL`ne*i;ReN&+hKWr`WpDrg*y@ z$ph52-5n}10;2mcS4`s;BCf**^jJ*_$#WORkb`4!`HG#x3G`5EB8!`dQ6cWqWVj^B zmkL3eK2ToICy6s2%Bq+FZ5=*FPEbt7*fl9$5%J9Hv?U6<-L%GdT%2qXav@G2(aTGT zv*gN7cBfJlh12^JWD_T~Xoy*!yuFRcdwW_FBPaoRmv-E7XwJ>}N8?A{y-Fmu+07>@BG_TS4hbd;w<)LwecN%I zsc@yo)Qt@UvZ!4KErB~D2>9#kkFbXUo|8~SlZe>X$i<*!1~8X})<-(JR|_psb}Glz z3wGr{nkciqeq#RSD+^66pO-Srxn5Ua-F6ko#&S;zyrp{Xl-b`q@c~q@?u2oRm5VV- z)3Xi9U5VVP_z#tAiAw)2uf^C2t~e$xaG3%XBkq5e+Diu`z+hkKrvAzsqa!P>UU|@> z#YI+l8jc>gov_mYh%#dGFGER)ZFa6VMBUI0!=Z$eU>j6ro# zFRA(r>hlS)S#tH!{g@5nhT#m%4nguGLw>y#i-EYMb*@kOSS>>v2HxWBcg=-Rhf=lv z;MFHDVf4`{*;XX(V8XLkw|BY7y?m*q9D)&+T*C)gC8=CH%;)Y9t`!!_~y2lHn@5|9Ji#-|B{)T~f zTip;K*(e~)7bQxb$0I#lVxQVuy*m$Y*Y^dy4iY8fhYKEPgN^160xo!QUr3WYCy?5Q zlO+rA*_+~yy;i*&Kh$uZz-sM`?s`iJFx|LZ6eqFi#`ux1--Z}(?LwtR$=O%)_pz!< zB;K44NgJ}ki!)rLL!Hm%ucB;xL~6RY4|I)CHo<*$gvEVRL+>H&2a46+`8 zrq|!!=Rq)9P3IbF^^W)|ESCNKxjy&10!(^ciG&FkAtwvI>JVLU zdo(be`vpXNDj?Z^k6RTMb5)F*|7~c&^q0r0!mq0USyoh+L@fVnp9f+rKp}6jpuyKT z1d-?M&=Tx;_A%`GZhPY9owEM0C^^c}v64%|KFOhCmrxB6qQydNIPs+NS&ORKSB7k9 z!ZqVb_7Xw~OPE?=l!_+(tEO zl7-?f=4z}w3-RM6Eu6t-G7t?Gx>7M&U$A&^bMlQd?B-AhX%_D5^JL%Nl=op^kv`72 zAt<>6(dHn!bgnT63A9bo|Kx36);te+YQp^flxX5^ITm(lT*NL}RH1se0tZ4t z)Yu9Q&U4gc075l*@*I^0$lzW36D6rJ;UH9R{!+J)c?}_YvKT5GNlV?fV70~Nz+d^_s6-@{Hl6m zBPQ1qyQkByZ}7fU0#&;iPqcB;JfO{4sO`+CTDh9si&2n>pWS89t+`yMT0|&i?i(y zuU=cTaL0i5HgW%bV&{0u9Ap69W2I3?~3I`$3k%dBAM;1|)4(=`Cof_X87?I<-D9dwEE~Y0*yn1EW zmRz(tHz77lKO)hXbYSLX2Y()N#1>KK+j{c7!yX{209eOjC~Poz#y4%L^ZSzN?5aC? z2W2pC^>aTg1ZzpI>zDFkPoxD8r_(PxDDw|4A>mSc4xls!lZT=f$Rd5B5$}MmA5asK z&3NF#xI<&azOL1dU3HH4N>WT7I)1Sz{IU=UbIlpQlVcQ-OghISlk$~l*)m*giYOPu z$1XP@GJ6n8ik>*j2T;*Dyyd!ph4$nF>Pov(Hx>4N8%E~-ht4CbouhU+SIf*YqdG7F zy29>Y!JJ(rg9A57hmCoN4IR6S4&*kX3wT&_Hmc0Wdhu7q`2rIhkSqf45JSM2@60D+ zs2G$wC&qowT#<_&4X47vx>RFTgf0Xujt($J)z}xE(})eP@XDby5P1-_=ilu_mFeKF z9TDyERi*BnDF8$dtP0eNSFf6l;E*k-CKc#X^QC*R8A@{&4510@NCS;ALfig)F48H6~nQLicCgKe93c(XOs|ZGb~_ zTxDoLhIe!#Egpq{u^csbHl&DqN~cr4`WW zm;eEi^#EJqWmcj*jgbTuMUO&p?339-++KiF&V(#4oUk!2MtQs8M_?hM@M;4H+KE2Qd zN8zu$tPG^+L?aPuL0cK3w^HHj3P4-JgEm@#T?w!ZdYS)M9E>H*H6YSeJk*0vhU5?t zOXBjS6*`t~I+lPa20R5v0S_|+XeF`{M1bP%BU-d$!$L%fkI2w)jzWb;d#2&s1km_c zUlt-xo4v+zmg^cBn&qHAJnl9$#{EO89F z+dM|I0S&vM8BwAm6?TZ)Bql(#Z3aD0fJFutsmkyXZF-&~ykd)d`~`?(4_1bY&_FZA zvcg|jp2Pz)MJSfON0tRv(pJjwoTXWNhc>6lH#;GlYL$|)@0+pDbaAK52fiaE7sJiu**^20Xcvevr%KwNj)PhlBVfPMK3iYNAoeN)o7v+k)t76 zbhPvp!xVteC8lCDRGtAe7^r@A=#U;tV@)GZhtcDoPw?aC1A0AexqIZq3UwORg+*jA zFxFhxBsS)xIBs1sqfeLU$OAK2Kvh)a)q^C7fvFHgwtCLECL+t)#q7cQ(SRPknV#&F zWQU{FVODZ>;OKkA^({38V6gxgbAc`c)#2`@lUoRxy zMPkDh`Kd^SEf^WWsRQ?SDlSi!L&yfo@3gAYk$Kgq3J+D~A)3NdinZ7$OE#&}=I2^E zC^C?5C731rb`LI2jgKP<)AGv^T_7W5VP^7CG7r0@w`*rQN@uuU62snWLU8=66u*wx zHHan~G~b)X&Sw$v^*}DFMpD-Oi8xSZqql4wzBC@D!76-5TT*~nb6cf(tF)=8Cwtk) z<|8haSaA-8$VHSG^9N-e9) zGzS}+pN1IfD~qL+y0dsU)cNNzTvQLcjBEfjMZ6Wav02BtFBjr)JxA23HEINU&W3+`W2z_Z~;>9%RO2U3Grb+|ubaVL=Z$vl`c@_rFTM$h-jF0{;2ea?ie@Cr)%p3?Di=GW)G>ioswE;L*J>tv2 z>2cZ;g*aD!F_XQFVE|@}fI7QuKSl#fM=7+q`doA}a&Dx3zl`&W`<2%dh20A|sCv(A zI~@ee8ZZ$k72ZMvMBYzh1KosVjA?`~m>wWgNcP6dY>zy*Z+Y(6_uP33E~kINbbdiE z+3VIvlHq`@TZjvCq$t$X$1<2QSt^tN!k=EXh>G~Iq%l-_I@>p2^a4vo`m9L{rsNhe z07Xb-(ybCbi89rLi)CE=bx?J+9}FI%_G796mVPr=^up6+X#EYM59fgIN@+5mm3LL0(bsK&vWF#P%gok(Aa^*1jTt z{>!efAjbJ-Q_l1eEZF1DAKk5v*}9Uu!x`~m40f)>tseuiM}~c>2hA8mnNnj?ENL_0 z(4z=N3f=0_`gIE?+}5ZMe?KzDPaPYH8C)~vHpdR6^u0W9s&H-okiwFu1iqAD-%$Hh z%nIlG1Qw1d1d^<$O|^qNl8bJQskzhM%TSTsEg*fR!da4L(HM{tj!9J`7~Z&wh~>`% z<2N!0oDn8x9RG-U#;L+NRV*j8{fCN2SJOPVZ1$JvFp*tuK3O zGJ0%!%xY$;IBjLX+Yd{naHQ(@8qZ!f2ahH5=kA(Hd)o4TL7zvFsri>1p8;dAH9(qo z`Y?rt4Ok%B_%0~2YOebY;?^5m+_Q61)Za_ZB5LfMT@d4&egy388{V(}DzWFK!Pj>Y z8d}b+A1+^f<-OL*`0e{$s}x$WfW#U>e|O+6C1nOw ze6VRu3N{az75Ymud1YXcl+Pi6!TM*aFny#*SjiNu4-;T9OssgC>*K*{fTD(laf?|d))%CVX$TO|vcES}UE-7*G z{7x4W@!abJ`%-?4EWcqx_8o8zR zomIih^D78Z{0Pd2bBGavyMx`)&DEFmT;QsH&1!TuPp?{f_cz9Yr_A1Sek)QBkM&~n zmtbtS#hq1bO6=suZ{395$IH;+>0P(E?s>O^o$a(ohdUcxs2Ox~=}NhK={p;x@`%Z% z30h?R4u56_#&r>M-o|^Ljb8C*yczttlnRBbDPneIB;?eh)pKUPvX$|sGx>N$8v?WQ zR>-(S&f~aBHFI{q`ao}a< zUU0wAuZGs}B4(lV(r(Qm3AzCBI(Jt+_^7`8GeBV+V5Ao5%V1W?FWRF?+;%OBbdVQb zc1{8Wuk)Xy!y4HH^!vSg#H<=WEP9yxs|e zTF>JBaK*TFDq~Hf^{>a8MVE};o}aj1;6wY%?*abryZzbx*D5G5G?Z=`6l`k~YG(bf z{2yWe+xky4D>xheo&Vp;(i-YN=>Hv0_b>X7H6bzo^5Fu5qa*(HJ^tm7|DXEJpYvaj zpZZTI>6DX`gZ>Yw>ilWHZ)j+Mwhtd4AE*f3w{IWRb3)Gtlzo<#mO@2nP*4zb_(SJ^ zRaKRgc{D@sy(696N)^c=L5P-pvV)7KcUg2 zqoV_AKB4*)T0o%e6AD4092Ck#q4E>zKmVio11dkE>=TMVf0{qwGyJ>x>5p^z;s3~@ zWgFC_yC;Cl%M7!1=UHgmS|3o>KC2@ee&l{g=0;<&=BvZz_=TO@YCbuXtv~Z>eZ7kF z(4D|7v0K+|OpcCQ%Uu_}YbV_TXR#lLqwlxK%go~);AIu&x->81RzVXb(y4Ev|&224$bJs6lxM-!WPP=`PrY@tVCS!H)?yWob zp7mN;!Ty1!`m`6k#r0W$m-k2R^nL34YT4X=PG1(w1)7Pwcigyk%QpPvDgvc$2Pj|k z+#{JdOST7yFo)V!%lh;(*Yz;O6b#6XthCz#6gy){{Wea2DVAiuFrbkt(}qqfnC=Mn zJT%}j4?An2a_S*zeO9qsh`FehU$LlC9tDkGFqjmaxN-13pN$C=F)1>=r-mQtUb)tQ zw@6e{fvXnpTlw@V``+<6xn$ZW_4nNtDT`tc zxo=z+Qe5}yP8q?C$ZzY|kIcY-(|-zMtTl|4&s+O6PsBWvu*9;Zw${J8S)P6H5`KV7 z7$TGgI&fguL80lW3wyr>*1uML@VT{tJlG+mR?yCq2_J0v^yN*XzDi)(eA zwS!=ElFbAP+eGac4O@}x4mp;%S+Wj3mPoA(*A1=RyvJ?u!U52x?h6(UE*&n~BL8UUXc|S?pm^U$(r|I|M|vAkuaFLR*l)5gKVCX^ zE~5PC`pA*8!#lhx%FTHdhUMiSMI)q=^;cdMofoq&FTFUpMZfBTmVH#s#VO_RqOFhi zM4j1cx_1~c8GXg;EquW2rgPj|3l8bmz&=9)W>VI1Qt^aB9hbR57^5dlmDg4hI_R3Mc283FXW z`u|J*PtLFTKSzGe|B>zdr};modyoAt|3^>4oIcai*7R51Rkp3=OuD(m0wWW=mM-y! z?uz(p{tp&=S{!d;v`%>_`A<{6+V)iivGH_0}2} zfWa|83~RdL@058TwLUzOGvcSQ_>|WHuLElqmoGciXDg&JE&vKSwzBNh8(ckV>d2oV zM3zTxdbl!fxy@LT_>Uwu-OGpgZ3My~S&=mqRcp8Lg-&Jk&)6TwnXl8Y zKODY%jWySy%5nlu)p&)5!vUYi2D^4X z?gPx$1Pob`(^&QW%SQFSi%F6@xm|JZ2QOEynm+6_IZCd6Ja&WKj>S7v?|kM%`@T=j zQC6f8=ScSFbHNxL`YXxZ8eE(_F>oi|)St0aVx@jyqS6#$njcT$as&Vq=UFVSQRMA489!QfJ2Jk#=0rxX_r9a zM2TL{D`b--dYVpTVW>K)Oe|?8BZ+{Fio24(v{6MZ7IJIM1Xmx40MVA^XzFFABWxu; zTE}uBBL0r+yp8g%4qveBq%(+ey)=%v&;UAS$laeVi`l2=-1fFwT8Q4VH-1`GCh1MB zy{-M3~Sp$$i^4*HJGhS?0F#S^{@ z(Q=r#35W69Ah=1HxISIA*Lf!QW}#*{2Sd{IWS~f^j9eShXyUa1<9`*pWu17ICWs~V zaGUSE=b~{iqf^Kvsf*|?*e-i&BF6G$%W(oN_&7~cb6Za<0W70kQO z)2NC6!&G;UIayO){~ZEhaphpvD!zcc6=~qtRZv z^(t7F^Z2Q?pjx(&i%Rqs;TN+J$$_YJO+^OTt1&_0S`9FIthzL|2Z$RF@Wf~g387~~ z(0$004>Jg)3T;4{p8-bNQ-HHWzbw`$k(PJE0E;A&eOPmtwjv6ahPM}oth z2?8!#PSA=_g$eQQe5BJYWWpApTMDHC=oFC7?@rpporw}fyHIPP9ll3+xHcJ)s9MeK zddPOuk4zxz)8;G6a`6%ZfLlxlDj)>dgmWb}iBP2{Y%qQ5j0;zl12lv(n1Pd;gc+hl zb-FZAB39TYFfj_M41k5gj>SA}g<&DqAkGE%rnk83m@vw@C&5vlhkywhesDBWGLq-3 zahF}P>_7spr2^w|pCN7CgLpK1A?5GK@y@skjU7D1FK8eBTV^D#z}ID;ybK>MG4M1K z-Em)Ug_#8ajxNH;1v5%jchE`s?#Ap!=5LVb!4W;cJjetO5`)n`** zCNF}%q$RTs`VOcM2#E8m6Q=Y!i<p$RsD+_1||BL_ocfIJpIqpyVFAv;)?`y?gf{ zEQcKd1pm-!4Y{|U_G{?Fh8+Qf{g8x%3?GEzun~aZ92&cSvUjj+fao1I5fG@uwgMW; zVNU_szMteDWd0!G2O&Mg`4ICze*73Rf6%u95k8~?q1PM|kT44dwi`o3Loi1M_5!dA zfUtl2_U*9CfZQQ$C2rli1)CArX#5WU|2U@~{_n&e_@9*YV{-vT>_`5miS6kdB_C7Y z7*+}^9yFUsc0H}O-*YMd`kUABYByUNJ`4sN4(ofjebrWWg4fPvyXGV%r|k|%+Z&Xz zZ+6;(%!Ro*2h#9=^IhP{fAd|C34dEHLlFO)??PM;G&Sq!0AQ!rBG73EmsDn|s90Q6 z(dyCCx_YJOo|@vLN6Ko-Pamp1eD*?7nlwZj8GiLfT6)GSbtQEYG}VyCM?R>3S9;^! z;X2vw<`nm~uQQvfjTe{KcE79mj(*8aQ7W*Sn~>?jr6TAxqM3QHr;<4%#s83bGB;XS zM*4K$1&ilAU74%jn&3*hs^J{}{>8(R;|of3&Gos5=4;!ysO1%A8Yx}eJnGgKF=#do4|w8q5Vk)U0BYsmh{kO4LZDAX1W?>m*ZEj`zhwJ|z{GV_W*y{CG z(Aj7CH{WL@C+z2M`6v93g|#L00{(9PV`Fah*Zk+d>Lvb{$C>V(76Pi5`y6-hLmn6m z{{z#bK+0|7>NQ&c0E#Q~N0L3MEZBPgZ7Qn9{(~m(iAmVU1JdTLR6U7O5g1Cej zktil1NhV8>$&ylJ33ww*NlHn}NJ~j7C@3i@C}?SFYHC3?=1S5q^cYp%;`(ZIKr0~}p28$;kI3kK50L8%n{dz-i z=#Otw0fNDx7z_~)^WlHoe%w(Ci_^rL`AEBH5dzm0nKQFwWPO9yCtApfGHY7+rL>NzLR4osjnGB^T%Gox2{9eYMS`yvovLxz)%{ukTYU zgOj8Z+TWL4s~-djM}(8b`Pv-2XkNCi?Ve=B;UDiJA5ix zsyE4ctIm#9Dj34@Dedks|FsdgyWwv(IvAe4;eRW}Ki0{-V8hXG{guz3T=dE9d_*06 zLW*vc39H4A-ns|H_IIvCZuK=fAQfHPvh8L}tK$u~$!3>;&HkJ3_^>O{ zWcQEnA6>b<=IZfOm<|3)cZ*Q@mam^plD%+9SFYLcO=k3l=1HrYspmp(-yqCc({O4< zrK`X9+QzR9Gx;PG$6~ zZal7c@ErN+Etj3)pF+3x_QWTwE|07HuaQCg-jXH&lfGIV>0+B6!k zVLrUNVBuDedoLRss?msl~Wr6t8B&T%U}KNSzJl~=AFRXAF1((&dq=}YaC`A?k$ z4PkfV&Z@?~`&#y`I%P{iRo;^|F9YhkUzO>uXk0sYXlKqT>g=aR!OW@|t6#3u$ylGXG^AWuIl9FmGHHR|V!O)xgO1d=&x^0zTI2hGX+Gt=u_uJS z#!vasgURdU>uxKNeS?JB-K@EiOC-%!gumOKa(w2QkAuvztv)JGPh=4k4-b!hkw4@^ zirLrH^f>U$&3&Z`4#Kmi?ycB=S@Fp{x6M8T$@i|V-zqgkm##IGjQgxwvE{kK_-9^v zLsE0g?W)APE2|e*)n(RBgHun<cTIgOEnqONDgal~-jYSy^);1s(TlE}CTKK6$0q^+9|5t4r`)g{`uR z881_1byja!yZBXyfllU0Poiy-RmzNsCj;$wVu~yN@OGzxasuj1MWLZ<9rL1PwIU= zTlmTyLp9T2=FBQ5kL|Ql^(T*tFvqZofT6n%6B=T4`{PI#g~q4u^Vq0(OwGdPgY5<} z#ybYQ5>rV59%Qc77PVAu62g-7wZU?sRuxW=qc|}D9?AswD zke{CqqhYyRE}Y)MtsXG;ZTa%$FeVl%f?!Jz^*^wUhg~|920^6|9Pcq0jEsy7m<|i0 z;h+i#Cci;Z5KMuE14XDEf}{YH_du=zp5ae*5F`a4g8*p)*ylq!08#+3!-w?2Kl0xo z%K(`O$V&W{fPj1i$w~`)V${L8XJ}STN~b%t(=P4-TZF-&JA(fwyE*IDY+P?{ZjqIl zoyj|xb?8t|p+!#ijLaGN#Yc~p9x3CMRvf7+vaqqLtvzFN)(Y6@f(vJX)tPe_+ByY| zt-3aXuB#VY8*0zD)}Lw8z1!IEP;kY@@L99&bF#URLV0dMF~p8GJbz~R{M{8@!|{gC z&7VZ?8W2Te4y{VvHiYoCPB8aNp=JE-UvBaeso_85Fj0fhCR~+5zKKLxnAP^I! z9+$mNBBEL}mP46ua7{pu-+jIyyDe$@h?4`gk;}k}VHJped@d7%9(Ouw4)zEz3-GKh z&a_OIO2To4`1QxQe1o1d%XSt!sn8OZH#kXS^O~7%`|&DnC*iIFCMqkf6UAj{3Q#IK zF{2xCY1^%?L35)f@J%pOEps}Lr-`QGNby*>7oj>;e5YNid#fgf(4b1|*!WmJ=CS&5 z^Njp=0Eb6Pacr)TG<&zFzT>rC8p9n&oFP5SQwL2VlcdZua}!+LxJszC=bj_y?AJ^3 zvetA9BV2KFPna%MW^s3XM?VnA00g3l`qVrIx0THY`Sir%d4?g6hKS+mK#^cs zEMSoE#HB9?WSs~B0eej`FpFH8B$+)|no+v{li!vkMCJtTg_HZf9v63ufrTYvc&gn^ z@tLL2RBO=j%C*2Gj=E5cRNKoGYpHovAlch_E)0kL1dbDxJ06A>CYN!Ly)*r2NP&T6 zK9?w0CtNP3Jn=b^sHMZ#FW{8X!wP2l^G7O9R*W126->}t;c;S_(Lp%>O2BDGRgYj& zcTw9;YgsBF8)%NzkwksV=1QCt0|cCsC(>Lhd#kRX;-;Ldr_jgiADc8jjd|U6?pciZ zbQOx&iW0@ecymqd`!_joF$UE@(!VG>DF{F%s0rqNEPX zZ>*Y5y>CKMyJca|x-P|?-boVDTel^)>+LKw?@-uW_^ul&f!1~DJZ7UrJA;}lD_B7CRc_STM0y1hVQd+cp@o9lIVy$IXq-qDtku)L$)er^4Ascgsk zF4f)F-?i)SzW%;DYF1(WL&jCLcaK#ZPS!tBdAvRG4gq_l4Kb+W2*gbkV{8jjyS6aI zQ#GdA`eWqBT!m50sZTEs$xOu!WX)V@JCLszV}JPYR_Dfoe91m0<(K@|?O)$C4#E6a z$BAF^Upo}m!u;1s{xA8j9y7mB++DJE_(N~l>F*z(Y<~NFQn>qV(v24f*G_#NK7M-Y z%V@*fDM|Z|nbY4U9;}`I{%Pp+^whVvLb%;yZqO{|Lyv3X7fk>$I9Ho>aY6$Z!P?P zKlso3Kj&xthebX)IT_Y=Sj_QwJQVXnMKGlCAsm3J9$4)mR}Vn}R0qTI4)r_`FTgSm z^*j&@a5x+&1dfc1ga`s=zCs`X#lKJ&1jApC9XkdoeOSyP1UP^GJk;tyAOK;4tE;Q8 zuP;Om^XAQiSm5XE0Kx$%K!W1~Nb*Ba08s#(1^i>g04qP7IQ*mdLoD!*;t!`4zpMX0 z&gn<}@6@8nQWTX|jdlHfwfwFf&gXCT+Y5C!oz9DTqH;C<<@<-mF z{ROq9g+*9=g(9u7>bS+FqGCmD0yLJ?Oz;a6vX&Tj3Y72;npi77bn(D-MzmW!F4)}& zYOAAJ)1Qn`hc{TP3-xLuyF}BtB z3u@Ow<>XD)vjQ;*R5?|u7OkI~hAI&2hUtj{gd|3ZVtJRJdD3X2m>SCE*G1s5`j+7w zR|JPu)Tetg5KIIr;koxx4@gLqmWZ45b!n9m53OEw0<0ls6Nr0mQs)9TA^f}bb4Z9Jl$5Pf{YZg@o=^LYW(uf z?p9Q(vBwV)YXsW+C40*gGE@b&twebuqMbEY9z4h3{MirF{VHf}2MmKx91~ObH%NrL z$7ukp+Hs;SFCa!~Fh59)|MGx;?g^0)t`{U4qDz7pb|T$=3w~SZwoQv#;TF} z{M4yem?A6Hk@gbjI97Wx*U&z^I9tp972i1^a`@PeM6Y%+qr1G36UQq?3@gg-(<&>B z3iAz5Hr`M+s@Qcu-l*#0?fi<$Q*B>{#CB%cj~+XF#eVphv9W`3QKi|Bw=n-> z{v(|JSpSv({-1gI{(s-+m;V26`#<;Z-w&t#P-)wFxCHj_aIOw#^{@_KzkdB~+%8f0 zCRpVE7klp=*Hpsi`=6YXP7A$A3B6Uzq|o zW!47e_MLy)+SGKLEZSi|qzdlqQz zncH&^R{NUJSbKZ>xx+zRq_&BP$(*`+t)MA7vY}_v!@8zU85TPeZ*{&xd z#;0-h@7%>gRX#CLPj8rvz2*Ew#V8>F8iu)q`t0jp63^hSvTHyY>SD>mF8& z76X873eSB)s9^H}c^D6sW#4Wb*d0`96%)^=bK?0k?`G9ualeBqDl;==gN_dQuq?|- ziPwYj21m-O%>&=wH9W3CC0j4O87_DDK3Kin)qi8>MxW>8r_j5nErAQq$*!iS1k|KB z0CBSU-ZxQh-N|T%%-=;aw zt9ETT4=_lJdLk`kESr;V-0@8fJoytho1j{Re2Ufp6F5Z)2J;og0+tChA)*GQJTJ@h zi4E3liZEB461nPKd^x7dGhRN(Y>PXRI9OJK?G;@ps!uvZt4>q{qVlt~2&Gu1k`XI! zyD|Ji9lPFH<<~Vl!9qzCs&II9)jYYHsC?*|K$O+O?OI zvf~4VC{!QI@kr+B&POgpYcM2oogM~A=IaqmaWkyxe5e%hp)t{f2{lm6wAa@(=ezqO zz8=cmZK=3;jfS00SV!WhbNry&GUe6vT>>X&6cG|z66!4!WSN3yCQ&wqrY6d)>)=|F zr9rDPtN1=*ek1}Ivok&AXDMj&Bf3GN+UN4Uoek{I6Ni)iXcI>Qj{-RU&&1D@>Om~T zu@YE4JB<9P&hw6y7jj5QO+}uO@yCV5$B71N<|p$YWJS&PqWMG}JK3Rb0agrDjc!N33x0)-3Q_Fb&}(W-oAxLIcc3 z;J76_W#|Nn1& zV*kDW>`&`|Gj~IGGk6_mpl|GH@Q3-|AMU^WgT38-g1k?882bgg`Fgwi1$cybdxRSN zyMw|1-na7CtNj=L3;Yj!{(sW{=^N?m|B?T%Z)jrj*ZlXt@Nxd9zvTD+?-y$xzW;_d zyuLNh{R8|ZWn^KD1MKI7SFv*+AMe?-2X61+yYPdt)$l1cJb@+ca)S~5ORHS?Tsx+1 z25$Jm8n|$WS1>TQ!#~-xaCqg%hk?=7=Wp&?96W977IOb#S9@2TzNuwnTUB^L`}kBJ zHT`B;_0{OO^VRi58CMg}o(q9z#6!bf)z#H7XyWM6qn@6g@NIWNLBXR(kKyxfHk&;< zGTJ?G18zMh9*;~uABNY^@MswBP~q(`{J#G<|NR?3AD;gf{G*?`^oWPG5bSJwG7Zj8#WY` zm6Vp3l%XrCt1Ie$arf)47dM~{Itp8EaSQ;{(A<4O2^+Oa4aAMbM~01uM>=n|)HXE% zQ_r5i;6AVCyqb7(^Im6>Xz%U4LZVtm{3Lw=l<>Dz5()Pc#}61t_0urP@>o$Z3dwyN z5-q4;;>9U)wK*y7rot>75ko*LVxP6xb=eIv!k!uw8gn}XjpH9ovtxVizF_3m+g~nv z3|tczm2Zh+_=120Nr~XqHB<1Q+(h83Q)>W+Ptqc&!%LAy6RZVYdS{;~q3NDjlbcRM zEDlW!M&U7is2l(k*lQG580?!UvFud>jJ_o9mWRA0st1&}C5YLfuwG0tT0)4;RpQ|T zMDM6r#BZt@gQyQFKt0R&f5mTqR zJ;scun+T6DIw*fN@)mGb64YgT($Ddyz28M}z2gA~toc5tuh%4xnoMIF?Fe;z*J_Vq zfl-hyn74kGLO#&EeCYzZt9XkH^?HF@l@T~Gbh znfrv}G90a5WlK7S&-eAn3#@J#8Qy31Q&ijyH^Q>n^y7!JlJ&)hC1X}vyGuDCO0|wX z{H9&YX;ww|wkVum;}w_gBaN^jV10K5(h^{waOX?*D18I>e*LSoG{PN^JHo9ZLNjs#)*@20G^aHUzIZG1PIhjYAv#R$1DILk`cbFszYS7 zD!WTU`(5Ms^CwZYLnc1G4V$_Sy=&&)PVh-?Ke zSiQDb{3*c4y(`;-3S(9qchQmjf%6=YFKpESlNB%$0O)+M47~RsfoL_1;3lrGS2pxH z-8uS1mIJObXb2R!J>=TM-YyF=X2ki4!F}g;bT>-(Qr-l@>4v%cU0kMvip1?f0b%3Hn6PQ9?V3j7MVCzwuDCX8x6)IBnmLpw!{2 zr5*{(d`&EZO8SJ-a6j4Hq53_?Z9ZdO7APyhaMxr|Vzajq?>8;#t#l#Gh{20EHEhF&KsF?U2x?sd9TUo_U}Vc_t5DYLIz9NIK6q%$Fs)gPof=H|Ss6K9Y;VkEIK z4qmO5YUkuuz1A=PQhVVj{Ir^Sb29|9Ng}}B@7CQ?gCafFF?(KUhnVZ*Qya! z+jAmIbpH^sN;7Y_*eMU6gYYPEl$`J&e@(elY*K|eu%|ER(q+;DV0`ZLK zxldH7tiy7yCe`WB#rLYc^r|a4shKgE?7QQJm{;dS{jU3BUeB)1Zj41+_e-Q-|7|bV zqp#7SbMP*EpNDk+-g6JHH2IeA9hW+Do@`4f@~=j$lvnG`-#aQIcBtu@};Aicr&M{@MK;1vF(xCthasD3#>!h_rHGa<~|%pOZvVr3dp=# z|7lAH1IM5ogCb^3x$B z@m)=}!}|RjV&weJdX&*d!A!ebqs~Vj4H_h_$@F_1Mm;$9g``}G<+1nHrJL9HMyhLoG=NbU8cKdN)9#1 z1&6;(ychJ9%u=fLKS$X%aW><|(JA@;7@oA1#Mjk(ab+ZH|CW&v<2I+uyO;TQHd{rX zx?ZdJ{=@a2NzLRp>r1#*OE>!uXd2wC9({8!B%IrE@cjM8vT>!Co#h@I9!g(7{b5s( z#=aBNcA*=pR$speJ5vhy@g3>DuVNl*8nJXnv*om|SdG?s;>9xwMkAfpahIc`T4yVT=0kIN9dXJxa z3xfY0*y}utvZd}PSh&xS9EX zcjGxSZp1Hq-)Dr(joS@~4=FXrd*nt0ogP3t4vnanJVm$O?8&hD@zg@{d$h;t?a+MF zm&=yd=B_4^R|gvzpM!Om!fYRU=td7h%#8kH`&N3{ zi4Efs*&^GfKkbM?pGSrs-YIcRx+NfM$^B@i-MU8L2y)-7QK*5FWt{p^U0Y8})=r*; z4R1M$w>5CK*i$BxZW2e!A3MwFqwnyd1>f*dECzbSLf*f%*IDuAiH9pbI4emwWIXFv z5TY5}>*W`1>As>VMfG@JM$=l+KECYX^7z1m;FzP^jdR`v%Jv%ig>AlVvvpmJt$-*k zOUdFr!(rOQFV7)1_3cHs3{6X$i#hdn=g^USeZd>tjT%GFKvcv=ucN^a!faX?W5y?P zyKN%9LJ4v98tG>@Np60y-BaelLCxOH8Ch|Of%hD$Th&dV!ddoCJ0_+tE8A_bYGD;OntjxMJmvvbhVN|4=byk_@ zPuORrazI2T8<%agH@iqP`?7gut8}yf&hchdHDoVzBHjg+7ECr0yIdVJg)$dVZm^GP6o0uSbt%KHIEZiT^|d~E=s&O@kkO5iXGMZYqiwz73xgdz_SU{M}) zs5~URJS?X?ysiA4O!>!F1Wl%bv7_*=x!VsK^x|y6Xe&ZPCU4(r1=FJVNj73V4K!OV zdW9$pqVC4gDx`UpESajp90a_6r=xNQQ>B(tRP7KdlUkV0 z=xiL3O>s~-7(j^kua$Iw$`u7hcx(d-^cjHo33#D%B764MK4`0x(63c?BV3}ZqDBat z=-I{rDS=_xq>&uWy$S}3wWk~a#lr-&6?9TsUfW+7&jBsTcyR&(&&ynRqKf7SpaGo; zK*09^RLYVm^A{HLfqi)@71Q-NibS}Zgr)&o{ZjpYJ7rJTk^n0xx?XHemkbz<0sLeY z9lB5r5xR6%#E>j3PQ|Yug(}&QFstd-AW$%Ut&jteT=9PEAVWf(F*jG7f)^%0sFZ78 z+C&6Kz*YxYBujWtq3W6pMy&_v871nGT8~Yudx`?A0^K7)R*&Jn3@`2{#9vrTu@=6^1d^V%Z6rYA4%c5=5J*f(EDg}3 z0bzyN_QLXwZTSX8qSxCMlIwC;b~J3Hwo|)7eGXgO0bpFqQb^H(ZN)e?A3sG6DikiI zX6a^vIEtFV2o!6FKevH!Oi2XI>DWktI0n!f$jTBRbK0up&?!1muCjW5twIR#%ilXC zWo~wu*DrHL%?$_#FNx^_kYiWs29Ee6K0urd88UV5wo8y$kRDeAMTGF&7QQ30o4fh0 zuWPh*fb^K4FhN3QRBXfHW;j(Wd=?n9Xfjo!KR0j!aN2Qyk@F7JYZC4#?p}rDPFTjR)1fk8mo=bP( zVbkD@@YT!A$$66B@~;K=xMHvKhhad8%OvjduTfMUKwWMQ!ltR_`AQDL5V z;v~4)S_lP5cod4}Ro6`WG>MKXt|yjkup&G=$9_=<*^q{CSK8HGN5#d2MGq|1=XpzP7zMoe1S0u>&(_F9Z(#G{7{D8XLqq^JVfzqR#gI4G z6){YdynL=T22ro7B;Hdprg&LWK|qQ&dJkB4Q}VJJOC1zl;+ zb<~H}zH-NG{Gf-2p(a^`wcmp+9E~DUvoLqU8UU6lHM+}^1rA-nR&uo)S}h6HfqalC87T@t zx+9!n4iMfA+-HdijHpEJt_gcac=<{4iY^ckFv_e^@Ax(@(|OTjNz#I33K7;tJ$rg$ z=;}d-(Xfx&gpceF3uuJhEO`&Sw2sf1BwTxbSQIfd!EBM-Ej>)D9UiIXT-E87lejN8 z>9G^&&K}ik9li8U{B}*}hus>^2+4c8V=*`#OY$=V3jRJ#u#?u&bZOM6TCkOuxmH1L z|2*P(#J|Cdb;#3rT8muSVw)#O11~55ddoVbv@T(DYV@iAK_C0 z>#h|NsvCIih!nBK4Xr#~Y2BL=sr2d7O0P~SX>>SWwN7~K$Ck%YMmw^>ZSU1Qo~mC| z(iqT`_8FZyB>2k8{?+&M8jY>5n}lEakE&}3YJ9t_e#KQjtBYI!0Dk8>4{drIe(CT1);y z+s%bGdwfQhV4dDV0n`RMx{gb%j~TQ`w;yP1Fm53=Aw+nIpC9;9diZxa_397YDKA&sb-!b0d; zeWX4YGU7p4E(8)kZX!X1TS$o)AA_0e^>|R4(g%yh_p1iL>d*Jm!$V#VmLx7HK&($< z*I^ZxT-8Hb3xS5L&%L9d^$1bG0GX-uVR;%7R)99X_^eBnT+<`);H9y)f?WI5x?Ss$ zAVE%bJ#qtQX*0oiGszTO&pUPDGiv=;$y?BvK5z5LjG54ifZNv$25@{0C7}Q|X83siN%x78$oa^a)d@O!a>kJ86@M!;`|d%g=4d{nFbVKeeG<=C=m z@{cW?FM*;<5<|rzQ(D{fXGiC)Rppy^Pk~S06J_>7&TJI1qKD*BwyXCgRX$hsU9<_1d z@J!gK(Y4MY zL&C+!a3ZBs!L=e1Cv`C@hs`tJi;Cl3$?Rai8%XM4c>d7cQd`SvXN2-Rijvp8?2ba+ z${m{X_ZZ65KQYmf9e856z$#W^V@{CwgK~%R1D!d+3+aFD=l|2Ym;V>O;7|8|9&SeZ zFpX8;z|83QpX`5s@jndyj{i8}?fEZn@K5}o`UZyZ{{Nr(A0*fk`WOG{f8Yn?_x+y+ z;0`nZ08CVZZ#dz_-tzJ?e1!Qs;c0bs6<)c)8$Ni!_J@C=f4aB)^%?+jjWS?&tHxeOGT?Lv0p~8||!aY93V##aV7dF^-<`i@mg49EHMw2PG0O z1&AR+0qL0ZQy9s}Fqyo3lvL@)Oev^L+WnNR6r$!5bmbUBvL26Mhc@SO#KD>l=L;=j zw=RkzN-6fYXp(5g7UW%2OGt-A^eGsp)Fl-pbHf_IUU)A4wjmw3Ce15Md@BD{Vlfu@ zCim5KspKNf01rMQh#7ELt?~_fbsdAPxCl?t^8nZ5jI516a*aU!Y`T4CQDEQrSU zXL6KNOO+LtA6Ev%xdM?3^jF*W<6J9Sbo6Si5 zg?jqK|7rin{`hCle^;3P3np!}dPd0tiC^VHN;v`-hMDVG1~W{12ar zz%D@8{|8(5VCO%4ivPQ15Y7UDNdYhp0QUC52EpG$L|_VlySqDV`(L+iot2dpYypJL z|1c4ty}kYKi6F4W5Y`viL;(B$VSM24{{P<*fWI>W{_g*W4S%pN;CC0`@A3qD0b%n$ z>;n9w|Nqx}`sM$N^1ER{NZ#r`rXi-7XHy(&b~HY1Xg*!zGk@~7w+?qLS;t9IhXg)V zdej@rzP|Es`h%H_?wzM=Vduk6hI-R|{WhJ~AQ>j{^BXd+Xe4DAYNTYRr=(=?UrkTG zlB7|TQDl&ro19fxR%&e0V0;5*qK|4bX}ZzThN{2W*>U5Ben&@tJ+l6{8qeB+*W0-gFyA znud4>oFeKGvnHq!=$Dlp(8WkI7VWUCWU1TpYwuZQl5fmAR#_U@wpb9Oqmc?>{7zP` z0J_>z=D_~HTKGujJDS>z>*Pe z2GMwanDbCb)NNy$b*h$yc%*&ffMAtCei&{*23jFaSdmYi|jH zz%2wZj!WglVU^KlVKfdsRv1u@M3O~4+|6ka%~id`5QmJ7`O+KggJS? zt$wi~vWGc=v|1eU@jZ;lxQ8`X9FA1OA&vxbBh^$$t zS>rZ#P^|e>lAJ&!wqpcDiyxuRpwORLZa7OK1rhII=cf!3(kK$Zda|Dtj%5z#EUR{q z-LIH1CSF}u+uPce?&R4@$3Q{f=olw7CliA{5)bpgsoyx6@+I*=);cN5BnIzG?E)mj zcvd;$^aOrmT)N&en}7BFt-d9EP4|ewrBl~CCB82-2ydR!Zg^YUe!5#^=Pv)- zGB*7B0=h^)w*ghtxtTZwD{F}lk>%yaw-HHQiYFCI1>)4&odSk6GN_Cplc#qBuju|r z{2XUfAO*(?ZrA-X?s)Kb|6j1+kwL0@0MXmxZVmkTJrSDbe#InD8WS2_bV@%+x5P^N;`P^n_$+7+HY@i zL*IXU%Yvf^1xqqdug+DJ*RIZ2H@^@6D{bUoKji;|-~XBZyStJMTun_3_035pCT@SY z|NSTbzvq8h|4ILb|KH#*{_lVAsr~o;)$jVh<#+vu?R{_w0Bd_&TN~{BhYu`a!Xpgf zO-V_CwH?-ZxHN!`{WUc;uqhB$a@elt<>dv}2(Z+{c_FZ65XSPt=6~4apOBCMJO5#y z|Ni~^;W#juAq8s$3>Sc{e&yxmu;9ZEf7m_<%RXFX{I2|PWdVynd{7F*e_&Vutp9L< z@VoxQd|~*w6s`hb{r>|302Y6^B7nsoE&=|jAN}>7e(68MBTK0aUpZ4}rbA2_DyDeZ z*_YbC9Z}kKx^zM-L`6IEsNUp<+>F+3b6=B>#1!9KXiuD~Eq@et`c#CcaZHSIj6tk% zyjD!Iva(icYMfSbT6}DBZklllD?aG-y@VPZf)YW&WFzR5>JDg!SbwAQLu2%seaAxR;l zTJ}wo#mW_=@|RDy=1VVios_E*Mf%8@af%c#T_h+<@puHK9tcY`+5&VdAqYsK%xu3K zd25`wGZ*j|DYc8kyA9@6a_NX{DYu`b5i16E4JEfJ!j|yKDi({D*I-iN6F-!q5}U-a z?n=fA)9|W00zL0<%hho>L?{x;-iDS?siM-x(1e1M%-zQUdLiNDX3GkF7#-gf|J>rq z@dGim9uQQqua@Fm>`R2CvizhtXdnZj5yM@ndxcAw#`XIt(olk+!3j@(XMZ=0zHI+b ziKhrg(`{QbGfx_M5re~G72tdg5Gkw2Q=|Ik*9l0O5d456W^}}zUYM4T!3az*+!`TU{rC+zv-@>-*z5RZP>6f}4u`>S(!#~c zNU^NIEBaI#mfw?&KuH|utkIA-9X1U?h{&SF$~duEcyw3`D@L|$mKvqeNVC4I`#8+~ zvN3vu23kI^aOWfaXmN)SjVunIsf@RKlGTz^321>IP)^&J#`3^zx=XUj*ckTB1Gn+` zoJYpt5OdG0Bl&h^S=1bJPn=<6t6J{yuhedQcrCTN!1cZ6Y^Ju@s(JwfwCKr?)Y7Ub zh?Z$PA(Wa!s3>6WJ>;3?5qb7a*0K54xw69WdGB)9{2eEP=D|2hB%IT!A}R- z-?u#ZNqyfsTXt>#zr=XHSt9<5@$~u7`M3Np_;UMK{+AAq^Edzh&w19b{I5k`&)@w2 z_z%=y`Cru^Z~x8zFY$u-EC0)P>39FX66UY={J-x3{D1kC{#^gf4dMRZ)WBTd-PrgK z`u_+2&#(Ef(SKq7Yoh;0{trBG{)_+jKk}3DyZ#@8XSclo;Ns!}OFgX2u)<%zejO(5 z!}1OrL16d~ti7;S!}fdFkO4RIFvAB9^Md2RU^@uR3xEg2Sy@@|TmUW{V8w=g8?cPS z_7NBd0E;}_&%z9)cM3jL)@ATsN=0timefcYXXUaJVB5x10z2Ly|z z*}|Xul$K4twLMH{_T`AfgK%N&-t!cS-#9}Q$uy>gkh!tZLfdozHc-4R$uvCvB(3Yg z?RW+Jn*0jEY8vB+*@FjAR0$kTuwx^KG$TV3LITxd!k@{b!rRYmagxv;EAi8kOvpj` z9M~w_+v06WQ$CvAwy&GrhDv| z6DO|scELIY0-5cvar-jneB{-R9eY(oHuX(z-OA0O3+J99K+GCyl+eDdM)Ja1Y4<2; zV_ohk&WNUqwWqG!KKdYrLAfgkl%J%KH*h))R*l(Ix{qY`W?x5Dhv2HXyMAT_962lQ zmn$$14gnHjA;8^Oe=sth)D*(0H+t=5#7?fi~sUJ`27Eu{71OGgX3M`W($6X!~GmQ zsD+n*SS%K1vcOFtJk^E!Gq?|f10P``3_Ku)=fd#HFflO^o&q~NJHs*oca5+i4~}Ai zpZu_85EcTs^HWwFID+2g?C01h7*4_S z{9Q+kV*bv5S#<3EyZ^827yqTn!KmZTMRPl)+bstkba+ROqwNG%#4z{Q2|y>Kxz72ZdV<04MS4j^8o9sRJUzIHU*RpW$W%9+cIFFwqq@o zw3qsr#{sc?cs(LE_~q>car**`%d3rAj@R~|rS|PeuiAh8aA`m=-kpp_EsIHgKX7?n zvz&N{W7Goi>Jdyp=;OYt&DJO%K`%!?O4rpRG7-~Cya89v`K? z^$qk4d7~FsHp(yE;4zSt=i+IRV=-|xyDuYT*Ju5)oKt6-3OP0xk(`efeoUGfZ|3%8 zg@ZRcT0e37M5$&!Wmkgc`>t=_BY31I8VR9ERGOmYH{NtGYtQw_-vGIH&w4`l+=>kU z{^pJ$LFk8N6hA;>MupA2rg0+7U$Gz%S51E|I&O^mH&xkffmG-GjuEOZM=u7h47SqHmJD_!E`FD~fbv2fg^?ZWC<^uk4knEKYK(nk~<~ zN$e>ylxnNk!c4P+0J9Qa+?LoTo;9D&xJ+ervc*)i^|bO>>lLC29_JFpzSx%w__LLgpawX}}6XAc$fjD1a3NrUJL`J}W@Y?6t95|M&;r z8;1hc!zZRlj?J8PMd#OHY1qJukT%1O@R6KYYY0$YcH|urL-G5*AjHq>Ldf2w0LZbU z#8vD;obceBWmaUkovs;~#!qZNZzF)1;zi9RR`YBe?NKC<4vy3`Lku&u5O z_(6`6Uv%Lci;a5Z%|(`ecLD416` zFd)8hJ!33eww^_z#!??qxy%Ns7wFQWy%a0y622bi5L42o>}JDaDc$ zVo1?XRdIk>BeMDES^J=E9DuK-i$5HInJodTM}wWJAuK`tW@mTH1WGMgrqG1 zO3@%@9}zyMj|UpF?V;R;ys1}j&^|N-z~-W95#@*oDj>qTf>e>4vprAVD;~{qUsKf3 z;7ffab-Sm&i(C4#9R_EXTC-RH?7c+ zO5{2D2=@LkJTXtvOzH71X;7X#oOUeugj2TqokIrJN&BAl$geW@*9HWaFkT_h6?3*w zE`mRTNI!D8%|1gfxRg;-Wv3nfFfC~udEqr^d5}ZHr4a#Pn(y%e(xWYo`)l)m1HC$l zkM0F@VLr+NfIV;jy_~N%*q2WsK@u>8<^ZgFHK#*|o<3jw+RV9EgE$TBlKR1|inXl` z$Q+s?R}g`8@hX$@ozLbEEw??sR~yni^z76GF`l1nwfpwY=Sw-u9kaXnu7^L`;DV&l zpnv;7?@#MLPa`8&b5k>tr>mK}$)ETC`v2+vA4Wa=Z~K2!!@u_b|0Cre@O%F+h+rY! z003N#-5Oqi=lt-9eypGpuDY_bbKrUlF8i#=UsQi@07oPe;VD4UwWn}F3Dn+Is|yv4;jg8ba;H?2g&friHZ@wv7hjA_!e?<`m*L#OPd?218&7u)Kjq~&bJ@Lb zzI^?+HXAD4LpE zTHD$?esKu9x_f&2Zr|x27#zBL@BZ+}=-7kthZBz;Pd<72Hx9-0%*$7=-@Kijn_pOL z1Onf&k2t!>yEq0OeDfjX<8^r<8jCzSjpzt)S^WGd7EiMQC%#pFYOeAxqXa!7^s(a!JntDO9|u z7+@Yi{d|`!9$S!Zz0Qf2f<}&);IAftt`}nuRB5Rm@rd7h4Fwvk^-<2@yDv%FxMn51 z+tRgVs45ctKJa9MF`*##e#iF;URNRMoasey1!F5ZtV>s0bIB_8y(C5>#zf?b z5$+%vyLomlfrOPidllZ9D5wU6(Sbevl}1t*`fj{(ja8%SQ`Kh`E3(n~8efF5OJ{)> zR-$`nE{boCh;ycX_g^XWm*5c(s>yQ^+rfEn38{oUfO&Y$o%tIAjCj*$7B8vq)pyi0 z(yw13a-%RJJ&GwtE{B*90mIgeCxtNgPrLiNwidlZklEum1k5$HC<;Q0WV`QWd zPiroo%Aw;lBW6=DkM1gb`ylrT6;Js^6@%<89|#20`35 zH44yfG5sw^Uc<4vcxZEpYiw(}6y;4to~3zxoz73|u3L0F8lqi@K+-*gq>yQMmuIdb z_}#g??66yx?&5+s7pwyHtzzs3Dmtx$54-Pp#TZr$a8Mq1xHHrX9oSQEHE|-+y7rO0 zSMMIDj(&&OLIM`SkL9gyd58_CB9NkfcjS77HYdWzGpS_ya!P^Dw<5{wGaioX?2e55D8p9ZHyEpz#~MjE}RyJhR@|9b*R*+#U}I3{Ac9kMbnW7n)m=J!ez7m z6cL~Rll?l_-9&)jjfRBFTZGVYfIo1AjOHQsCwVDw{PtSi>nN10+bb)$jbfnxgBy)b zMBoom5SV^mylLEwfIZNIe?`P7#l28uG~2|yqD9gj0PwUhTF;UufTdXxqHU2@IBP*m zo@lZ~w1}t_flg)3;BqzkHa#cDsP|jp(F17PS&Glc$B>k+hIMEd4Mh2MOFpJC6sGQA z#WbXWv;!MN(TZ#FIA1y>OQES7aFX{{yWxX4JJ4Qrgdhc|vvYCrwcbhE7aGB~lR2vYXIE?2%oyt^lsL=qkty#`U{{bG*9vvF}A zrW?9$+z#VtCuH5#(A!6nnk*4NvaVh%vprsTW?~sq{-%5KU8nELC*|5RTCKhI=87N|A5{Hqc zqJOT{VG%0>d%bcD$}U9AkYOXPcnJ$irfBRj|CnEE9%P4Z?}L!a2$a-*5}sV4)yqbs zUy*YR9lJ!@ct{mn>;*yhA)%Ieq_o*I+CFUV;BQ`oUif;@=;&))@3+{zLnEU3feQ&{ zLkSjXc2)$|3)DgVWN?-R%Gc1SC|wkWD;{1uZ3t4Z!!--yWf=Sa^`wEtteYo8ENiZ`|j~ zH^rs($2@FVMrrTrX*+UPa4E;)vCem`mP4!28PvxfTcvhIw{3pKt)**rt?9ht(CX{S z7%e9bwU}@bB*hYT6bTE7%_31Iqb;;tU;nigvUU|MU55py!rMWK)|s4Q-sMYJiAP6t zSi5XRtWIt%WjRx5sQncnnna}O1u5c>Qf#EAd}57hg_vDO-|wu%+RWT;91{59<9v+_ zsl{^do_t#0Cf8u(!nP!tsCwSaU25=^w`dknH0KZr8w30+_|y zPPcMv>Qk4}%XH9$Hh*nyC1unBX)L7CTbA&sE>BsWauESo2v#IPvS?kT=}VI2TK#JU ziIE72@DFlB5JGVU_d_=Xd=}4+eoLN{ziij8!ObU zd0|ALmA}Z`nb9_ua)GHv! zh@K#8Nu*lMwDSUYzi6ak`hUoMxaT7IVpftXjmf22)0xV zd=jit!g!xh5#h*pFs&llm{^*zj1iDd#GtrmxAugX^Va**A`%E7T1ram69(X+j&Hl5 z!vbGFJeHLXtsYzh-S?i+Yr#I*zL~(?b`c1^%%SBV5IPu~Alp3nqCeXYvo@v^LqsZR zNU<dxcbXJ?W-EkZj)Z%PAd(QE76CM(pd`y6%M)9#9p7!l#uOSL_CCg{+HQ8w zr1+L$v6Kh`jgd@1gVgg2489{Oh!+RJs)rg$)I-$95G>U~h6$!pE;fDD3Mcw{JDoG# zPti94+_C^K6waC($w;w?B}Yfh#@b2Y^y+oC86YCI@v&zy1m5}9GONvEI4Nv2y8=<+ z6yMEo6p6!hmBsjAV>#ApI*;9xxImeggZuHYb8*-kVJh1VaXVcd@eiUJxd>NNU?Fe~ z$Z(>k5&;4ez!Ab^D6v;4KC?(5TM7i(@sbkmsIc&2Gn^L1=d4-uLoY0aOkdN$xllz9 z6D{v`$H9jm{3e&80Zi5F#AGtYQyqaa$8A1v`koTT+|ScMA{C?r1d01yp`4GcKg$+l zMiY_u121wtHT*{q;RwFzI}DQ$EJ*Q@p#PHE#jQl)73g)Ui zJ%a~i*oH^35@OjGx4NgMQ>=oVuGCU27*^m5b*wX+AwmsI2T-A^2>TN_>k%6fp0^MK zp~&&>IuPNXjoXl&s$Cgz{H^83GTi$+87`A}Q7NhSUY7|bhzDkCI5&3<91qp|;Jl|b z7&L>@8u4a%saaLv_Dg93bD7cHv%anH?=jXmJ`Haxf-@H4T$!BB3Pq)7jU>keI4Fyu z_xl~BaHEsiIR%e0k8TOMT8uD1i$iAtX=Z#PXYDU%W5uW$Q(JM#cJz^AoQs!6fI0S4 zpoJhCCq$*m@bdN#q+TF0=-D_Wzk?gi`9?IP)^V{JUYF7-dF9P{pFg6DtURb1{lTeb- zK{_bCDmsNoNLat=A7$U>-m24rLTkG7dcQ09hv3fH0c_q3Z{^EjEn^5 zBpFbk-~_}5o5A5?UfD zWXM8e%JNb%bY^AJAy7d_ZtL+v`0p~35dId2%xJG1e1AaYRq2#h>9Q1Q_bQR@LwUWj zt0^)l0a{|{!Yh^M7-;VqJyTNmr6Nnely}EZO|XQ{zdD|zs!kLT{Vp199U#5~p=V|c zo`l-TRlwJ(c)`_~qKG)v5ZiOGGP1h7*37Jn1dNRhJBK{(7JTUpNp~?Yc7diuSLH61 z6?A(C5`_>6X1*!~4lvihlB*v!s~<*rV8Ns>m>9`Opgsy)Br z$Ewa9Xqk)3i>DZFXYK$&^4hd!gdmVUA3`kDAZ3>-UrBmcDH7EVaxI&h~4*K zJ`b_hRtRW!;B5c61BE6e(U>PG)wO?EOUuwHL1O_&T)+^a)|*pMH&<>CS8hd;4vh++ z@ef?Ke;tzw3wiYO*rr;DP*6Z1bAp5}G^UOzHWV()0yPxsC{*t#ZE1PCMsz5%Da7kWPjF)+GQc9 z_2MoJ^(7NXq z`NW7~gL-HWvTB*B_O6A*`VyH9-`G(zuy!N=K^U|&P)JPCo=#;abE^yFRKbg zeVJ!QJZ|URqDs>EjgKz?K0k}9zP$Tzc`WOoh*qoU%a5)CEd15)l9F>A*oRk8w1&)7 zd^!)CT3R}2TQKn5?J3pFbEnsn2&!()you5?@Rgu~jRKjVXi#b`^e3+%bLZ6D%9QkN zM)!g@Q&Uh4m#WVNua#xGUIGTyV_sylgRevLXJ1d}00e{N5)Kms=-{wd0=m&Nja9P~ zIm#gWGLjM+|E#s~qZ_?puis_Ez;W;2+bvY&Qw`CeXAJ9mVgR7by3Rr@*t=@FL_ffY zpCmg^lrX8P#uQ)U5y{=NSp`rqs>qHo`HB9sDWqLnYO8luBk1)l57{D#jW+ zECl_EZxzu@|7_Py#5|ESlc#T7&`^v%+>Vy$2E)qR&@MJJgL8Z-3!{5~vlntRypp}^z<&G#U* zHCpI>KcN#wmQ-p zP79fva1U@)1q-6{uc zK2cB&pzq;lYTkG71L8Kdk$85(x6BFjS97mufW%Zd5UH2Cl$DDdzrvv`3DKI@4=26N zEP%H)fMpe;sto!n1!SfQDyRW)v#;r122go@ypN~pvae^lb9>=qH${%os%7lj32TD!^HaBM?cm=6&bv_+HwHtv{%Ak#qMuN3nVv}t&Y*ZHis-hIA zs<*!>mo}|9vKa_@skb+=zv)@jHlM#~icTr=NI*?Pee{V!0pM@KfKQEJ%7X*SCNL2O z#E1nF1He2Ofd9Zo!WsaC1+plAC7s#BgTj0Phy2d~g2i@hl)p%+h>2a5?j>ixBC$d0 zy(A;0lx08gGyJ_#2{1ee_t8IO?*|$iM|Ml-l>1p3!ocd0-YD$v%;gTe7h?1l3Bcxy zUkrZV9^#k&bdo?X81Ts_2*(|WtUkEP$^fbi5*+wbjwWE4`En4j8DK%do`|O@f{3Y{ z)Ijx50m`49gJFPMnDc6Oa1+}Fr|3o8Dn;*Yl6VoGHwPEG z_u60K$c8CN1|u&g(U-*o=da(AP5*>Wv0aUcUKIka=8MS|-$Fn1Uk%S(5FNXX5ASU~Mx4%@W6ih|QNn$5Bq@rh<1NshLfT>Q3CI#cm}Gx9^lz>ieG=g6g-6Vb!$O$V1(Fi(mQu3 zi3kVY?KmgE@NXHVX9K{g9TXCWOdoD{N^lZ-(kjm=GaV8_ytRT7)uZ%q1%&nHPaXpD zr&pb+7?{%*RDw#{~_hPu5|O>QOV`F-*mzqfU;<`*v;rx??I0t@loqHhPi{!mk5vqW;i2;Lt&upZ{v&%p+mWeLsGDl;zN^75aQ!j3KLiFO zHl)Rr#L3=fSEkd~H;E@`V?BsN(34;X;#iHm*O50o*k6f>2+*!Qi=Puu4hjUa$465V z3)m?wGmT*G#Z!H!O}Q_%ZKp(Aq@i)v~MQENf&1}si&7KL3OQY8bp2^|e?3w+tk2sy^pIAs-Q$`)X(C2fn@ z<0Cqp1OW=xW0e6x-Ze@*mT;|#uOHV3eIn!j)bJO0kgV1oY-KvtjwtAJn^4wg@Ybib zxs28I<`KNAj|kUJWw)YOLgfq^eG$UGamWx18fM+9V(4J@A0sHzAe~@sQ2pVqG|LHD z;!uC(yw@2Ao2u#D75+McZ8{~YPm>kgFuXrDntSBeD@q)hc7#f_|0}c&P?3Ud09p~rW56;WW#TJ`xaE^WUb=p^7@R%*{;j|G|=-8WtP*S|aI-L7(jxap# zYd+X=@@qj{8!%8#5Tl)ry z&Nt-qImhF(m%VEpUt?8hKvawp86}kVoyt6q)2a+*aR-)!X`in^#}MM_eb1M2#kbwO zqL`0VVjQ{v#23oEuD8YBw(4Pdsz4uRJWXdF)g zvUgHrx$s9kvYv<~8 zG{}A!*UVrsV4Q^6D1;3OY0lfFpxcn9{tW#Cnyfgt0qB zM*76uF0GWygn~Msw_?Q9o=|o9ePx-#yjSwV5G!hd?t}wo?-!I1OPWN{8l#`6%rxh_ zO4gB4Ftkry_pMxU84O%;Qs=taD$m}b(C;#F^+`EKEho5e8%$<)$ z`TVL8@B3y0Ue|bc%>f8%5aQ@GA@J6tN$PJKcK)uG^WJ02l_!NXqJlnp(h9WY(~*8 z5T)o}qT{Z7|6})ulr+LaHKYtAl-Hzmi$HnzI(PAAh;n>E2p99xn$X=ZBc$#@-xA95 zMpfOOP&r-hvNNNs@9UrD-P8DGgL^}&N2c`jRV2ioO;LV=rfhLSVE_Bg!}&*|FW-?9 z(o!(bP{9B>QAtvO0Y5O`OuA1__V_pD+^Jr}v(bzeEh{YhO7&BLESqV!-T@7v5S4ql zl7wiPUph^RU%IFRDV&}+W;@G#z0$q|eff}!D0MF3x}>BWG1);g!%hM+5DEUC@D?TO8TMB+CRiyu}&Wz0))XeqHSd8ja|BRk@? zz&Mn{M-%5hweh6B${FIoLXb5te6m8+v_s%3mlGErt2W{p{^waYEUqP)(0xO2vYR5D zO1=2j)!JBFwBT_XgO<}ovB!OY7qb^zqx-PZYb(dk7OM=#wWRqEkv$R0#kUkMkX?Ne z+6-RyqlR{!Xj1}S`ae5uQX768_aFjnMO4qKIzA^P`er3qbuk;mnG|RCHTiEXAS%GW zMme@cNmcD8!=r8j4<N{ViSVC>#>hEh$=eEy8}Z zU1m~`j5BFpu$X?Xv7&ij1mI90rft6_IAmmO>K9ht4ze2sD(agf25d_Hm`PIUK^6_b zi&4Va8a{Ev4VjSg4=zvD>{92Kjc=_;8Jmwd;;eoN+7b(HheZ$ zX*FqR#)ydSSGV)z)*C<4NNrQkB@ReIM>w<_WboQI9BWW7z)NYvOYVCWyt4hSrW&&b zV$~;(*wiCo)F|G-fx~}*ZZRJ zXwfnfj6#XR2%kQvbkghSP}+c_RMWiPFGMt&K(MF6h4&M_K1XH-iKc!R{6)){5eM;W zL-jd9`WZF!N_5866HlJVTgK^3Kxl3r^&L(4VMw$ zNNa-FZ#I20%0qT+nUR?1LkN)lX2yBuw1 z8=a*d1wrDJ-`et>F%lCJk_sO@Rm6gB+N(BY5>|01GEDGAfAx!1PU<%y^io$N9aRQm z&4)iE3!HJUMf(LtC*L7f6cddX!&s`QD*}<$nQ$5O8VD$=^#GbIt1axrrHW`XS?9dZ zid709_T^Qx8;wbaqoX6fB^tZ=Oatce4uZdRbilz+`*bB z4!)Rwl;NaGCrx_CFKp!YQP5jJ zv$<8^oIAYSm^9t=$#+M3$AN?r@w){bVg+KvbX7`PAGA}MNGq72Vo#ZsD)NwDg;U1x z6I9$2j|DH*Km3&J1PVNPit3LYt>d|3pP)r^4;bu)iJ~szAY%T&OlN=T4F_YpIFU@q zTj$4$ygJSCNPCWy(l*1O%uG#nH8yLbgCLl;y&+7^23rw3oo#4sh@Lot#7u;zmcv- zgGJ={oas5-Sw$04=np^i4~v=cNpClFd209=Vpc)y$LWlb$|#mJHDmQEBg!?Cm$Tgg zn|=Nkt&!t@bkv1#Wvait#(V|d6bq${*)GEcEeCO z!yko$#GE1F7|je4zi{Rhd1g2raTvjdD)aYDnuP>rlU(05RUt2MJ2a@Y<}uR=cvcea z7oc6H4e6K+t2lAjU?8e6KJ<#qHmatu25XzVOiBD8w0UtNT-jryogm=|kT z(*TwBpXjKIq>3%qFiwzex{*aFw`3V@otA+}fJd}Z@85QS_o@t(OX}qh8?K5fF z`lUrVRja1ibVJuwJ|X{N$%!e!MLw|ACeMYjPF*v>u7X)kQK(Xa8!RZ~^T(x)!?jtP zrCqe#iFrIoM83(k#|fs>-X~+}wWuH0)~@!W#j@NYTeNkv*2_ur*^|?@3UGU*vfY|Y z`xTdc_L+yza!dS-dWv5z3f2Lu>los*W&P11OWFw{N_ljg2ylW3(`qB@3gTwe5iU^l za)b0qa(I4-MYir^qgwc~lGvPeDN?OOsM(LypQXb4R}Q2qAJ_Ue?two^T~2K4VRpxG zl~rkbD=WImx78{ywDwxAsgX{TD)fbUM#RTIz+@eWnuC9Xy#6e+{UuW6CXxBba$s=2 z%L+VFbu?UO#I1caFi&2(jp&IYSZm0rzkWm00rT*4xrINEejTELmj6i*QHAh~DtJdn zSf;mkL)9MzW35K0eIwvmtlk0}32uP4=L~LkL3)=u-mY)W40)FcnIQouFzfPtK*^+f~}SsZX$v2O1f3>V6AKW zdWq`Gzky%~e5iIATNT7<4WV@2Z_=)p$e1F_qvo4~!$`&=Zj6k$v!(>`huwZk{Ih*T z(f=`OYt)Su=6T!FM=M^?p4jiTu}MZGJb3(tX*;5K9Eny*yd2Ls@IQh~WUywTEG80H zG-D7G8TD=jmlLso3XH;Jc^E`^rmv!RoXxqn=2GB6Fc8)mnao0Re|QpXLjXI5JTP@g z4}-4LW=7LnIH;Q#8k2g2(g)&42&xh{Nz&oGbgw@esxKx>471ZjUpkanlKiN75e6N% zd!gEH5MV!23wu+2reVdepRE9WOguf{*UnK{va#~!{fMSo7-X`2I-T8k{(;Vc1w`$| zM7s5Kyz-+1D!?b>8Rxb)4Q_R+EGfd}Z;{HlnO|d?M(SPIb5*iWGrzvKT-DY5@qfa) zX7g72$)8HdIQOKKm5H@ZqIp7P#Vqzs0M9qu@!>Z`S=Q#L6IJ&DH}qwi`$l;V8J4gGxso@5{Cs+Z3~ z_TQy83^(wmfwKs|o8K>toqX%idP;_~O|7YmBe|b$_fY)A?`7@FlymUoxpiEU?_yqT zzWR6Y&Zjq^uL|^LP{pq8F-v*APZ|Nf`>1vbx?K2$qhfnm=yYK3r*{=My-OS#h1FtY zi=LJ$2*W4>V{WBTyS$v;G@m|kTf5Tgyxo>^ZTgtdFg)YygNaEd>6b-hogbvlU&bz| z-rL#+Z%OW$_jC7B7HpMw?3jGtV(EKa{71{A*Q~?ihh_PuE=fZVMM&`e7t_WN$oP(A z1>EsPVv1VU+saCcPg{+vyEcOMtOvk4nZ2wZKD27Jb0K+Mb4d%m2AunMMD^?(+4Un{ zhPlF>oCrV5Cii%mw7f2IeUz`qZi(|O8S4iTX&H{rUCDh;S1#^v-1tG)p)FV$$F5F9 z=|4;N^lfF-^wjea;Wn9DKB|>QaOnn@>s1qV=MlF?C&8kTs+Lbh`;US!tmeke@Hg3h zj}MK$ubvi13D_53xA8R{D9r!7CEewh_#!OZ)ljnA?E1TE!h`J!Bf3n&XW$eu!XYT1 z{riZ*7?`Jf#b*^oyEly!szKk6iu$PgBcPggWAV$|W3%G^d5kwjCO5(++$s$(f5rMa zg=pxuU$r<~rwXpypF&KJDn7baT0bkglQ>g4m*L)T z-TC>u!KSJLLs_`wsqhKtyvG1f?#bb`5~F?E=C_uuT3Nr~;>|O8vZI+pWcAQFNWb@D zvLUut4Rg=m*m>`&`lk;u6ygYUVhb0FL?DsC@T4SGq?9m{Avu{L(m^tu0SIJ}RCGWg zMB>X8v%-P7HMRCqk-&UbVF!_L$MS!CVq5M|1Z*Av3b9GrGo&LOMHCh7yCa3)NtJyB zrjH_|gyt8K!rJ!JBAbZBa4A-MMK+Q8eus%quiiyUG3@NLKe4O)+!b+hIZ?-bSE6*ngTQHFktiYpeYMl5(ut=x zgl-|(g+Y&P`0WN)vJM^9GO2;%oYKGN-*Dc$G~|w#B$`6?2DSTQ4!(iGx5f99dTJaN z**7kedgVN_T59Dr8wINZJxKsCB}R|JqxWCO(})o|I}75p zFRTKfQGd-iN#MeAXr!0sdKl`pP2qFKs9!*}aPATWIh%DFoTrK^V^aK0K@FRTP{yGq zPjZ23C08k0OpndJkqVWF96lRk%2$I!m=))+AYn;>&SS^Okq;{Asq~tY!P^EQ`H!qj z0>|uWEs%wrfhOQJ(Lme#-(_Phl=b4RQMnN2@HzC%Z6S@)c}Yp`RAVlIh~TJvwnS5e zEKZn~^9Ngxi|qs^ZmShp#ubHeE{`;w$fTYG^7utQobXZxv-CZQVFi_$ihKV8x2u zOMf~3qNYRE8M@9^a-7A@`C%fk7Cg^%tmzIeSecT)=oQlA2$w;b2qSj86Ue)Wmms`I z+7+#onsJ@xk)G-ii9(S2K+9xZm_4UE zVQIPMVTFjEkgYhU^?nQV-Rv(K2~NMqZNEv&PcP$JZZlu%$pH>^mq;pKKNhbbtfB94`O5b;1=|%Jqsm>JBJ7YGQ$_e68gS;Hk3dtX*6A=#jdh(<^YLJd$)j4JEFkHQD`R$2>-}(aR z?KU0mjk0cZ5H=LI%gwv0((nM?gz=iIB$B4?g6`NNJ-W>_>Ur)VS2rX35d6TqlMF)c zBHTN5YrOsOqYuk#ocM0qzl=8Pu$-wSZZ`Qc9X7)i*xN?Na}^u2>oqR;;@4C4G+lR+ z;q2CjTSY8Ukf-WT`7IMU^Em0g^-!+$u)4&bA@MQf;TBRc@l4n(~cC zi87>t8Dh&s?d*OD*F;~*eIc4au+N`&^bKh&R6eF9j%tLAW~q3`MFOINT4i26D_AE` z3{sKy@J)h9vOXI3S}wbNI!D_dcJ&S|v*v5}QFW2Cnv=(xrBViZX-_p!0x8*2rFw9;bJkr$M`m&L9Z~=LvHeVe+WuaY zO=Sak=3eg084R|{7nA1P?RwxVw~y|gz;nOmoO6r7dw zNjdLF?8h-9^(V&Hzd614C*~uVwkP_U_q`iGtGo@VFVu9PZjde*n&A$5ep@TWvv2>i z8E`(&AD?U62W~3|+yyr< z>idT$st5Tv+sKj&2NLCILT+{nkQU)h9V%Qp1cxEyp_;h-5t({1JIHx`0w#h*_ENzV zIPSrv8T{FS5i|IB10Vtoh(Jg38h|J|slCwv+zFUQD~iD;3TjQwehLQ7z-Dn^(eFjEagz!E?QNjg4oE19IDKvcv*Bt1Wnh6>!J745nh_gM?PE(1hh zQ@Cdm5!DIgT9Fuj2EUoaYp19POzenLw5C=h1yl5(4A2LdROu8QiA5JK!l(q2M>WAT zh(vwYzz@JPZiz-LQ@FO8Y+hFc-BodIs ztxQ6Xz$J70rt54)(Nv?TwKHUMA$J+0Nim2>Oe#V@edZKiyp{e|6X*{>apc5|Iwc~N zW2Bj)67 zB{H3&8c2PBKxIeOLK1lq*=jXe9=VZG0@+BaY){$j=xtKvv#in1jMI+1v&9$~5>70e zli-}_BO5(f4dl@W8=7Ve@uz_hIpo#p_0ni85;6lp=Y7ol&7VXLi3Lv-j6f5xvgikA z;Jc70{~Ab@cGPGm;LRelFF(8@HyH~}5;y}huYt9-bMQfn2_Io0o%vf6$SG}HTDELP z4>&z72av55JJFSXVglMeLs8(bw4MC-Op)ig03HD9FuPFmVNz0rY0x5|KO89}uW7P)EEW!#qNgGWI{Lw{&XR+`zFsT=kc_8!GII=@Fj*>sJ zTBc-%0nY3KchA9aL(2P=_0#4^*1It2PU6+c|X|_zsZq-Ph zHMk-^jMJ$~ZwH)>tZ?VADRYWF;fpKJMgGoCA=b{wU5p(;!OLXgz4?<+L2>UP@n4|z z<6p))tJV6P9{bX)KGT!DhYeM6#SBdAl0UcgmGXnyA=|YEYT&JJ}q9 z4U>!5jINsGvq%xMxZ&KYpzf4B2;M1)<{~NkHcomTj5yfNy1@^)y;DGzTaI%{u^sv+t9OSvAoX{XLn-zQ+u<I>gbjha8DWDn0 z)XCOZqdKQd^M5iG-qgyEIP1c&L@{r5v`(a^B)|<^FvWE>jok_BOC`B1b@_GWYO-iK zXuKnHBF#Y;M_r6uZc))$)+{5O7t)Jl?=AOAMrZ-IYfvs{rHD>6ZYkzjE|QSH=7nqZ z%0=`;=137apr&g9ja>Q4L>k#RhQ{Qi76mIs0h)-cOL=tA@CziE1U=e`xzOz|XDr~! zEin;9);g8&P=TdnihP|h3-Z}}OVxR&NS)3oirZx<>jdGm;#;f*dr}#yTRBYp%?smY ziX^cgmlL4+@!E1tWu1c@TEKae-k5v{Sg64zp}J8gj*g`!!i-uXC(~uJ86`i=%K}$< zAQpH|YWi{5+nlzPx%|m)qv1+FUD$}l%81qFh&Ah|t-`3C#i&Ers8hkHOYf-L%BaWX zs2A&)kHVOr#aKYtSWv-ONbgwK%2>qZ7>sp1T45Y+F&-B-jwl#M^^Pa5j3-}?qgf}? z6ecq8-dbkJ|1CwRe;5C6FM8L;UgEifgu`7)ss9cBi;vVl1OQyT9RC)>{%`c3q{aSc z{XYpwiT~!m{H^x>&;G|P;?@9EIvUy<03iN(!Vdoj!0iI4)%>5k1_OWqLVWh(_*MIO z&ZM2Etv$eQ0KW!^TL!=Z5WG4tF%g8A7(xmr29uJLKp-UKlw@S&WMq`oWaRinMomdg zbAyJOl7WGViGhKWgM)*U_a6xefkLS$sBY5I-ehN{V`l%yhX36kxB&n)1b7edi~vXt z08s-8sDZd)Krz19AOau|_|KXn1``rN2!J5`N+1Bg>7QGGAOb>SA}|#INI(E2BqoO9 zMeP6D`j-i6LLwTDyElkc3~anP!BMFt&4aXJs*i1bO1bDD@1k4857J)6&{N~h;jIu6 z6N3M476_sy;J8bOKa7UxAgW|=ozuHnj4L(z2DbzqF>VP!Mu4|YO+XD$0`$*N{eMe9 z!l&+FZ@e_meCV)q9A0|HYiOsSb;%r&@GTYFn7TBZmDSDS2HC`|VIF z*!)SYP<2^nO4piVF(D0or)BH(pTdTAhs-XW&6wiJ!NMCr$_p_cj$KNF=0~8iGDH$o5%+Z-`3o%69 zk-K%T%;~gLJOfXd_*-H%c1Gtz^INCxU%$q`hfkgv1Fdhnt2W5(y!s`uSK0&HL20}& z8Q*>m3k|m}BcEYMC5@>6qt3iNY(KjWt{CMdNB`24@p<`dQA*RLbL>Y;R?nj?wpqTH zVjr05ct_3~2DTHo6q8mb`Tto(-p39rr%|+Ci<$;3^I3dsV+wBxgt7*EXDse!V^jK= z)^*P;K9IcJWvg@?n>nlw?65h3Yxv+rEB+(JHJEQS=!R);=r+gY`o7|Y(cP>3Nn5A|gI zuop_)^tw!dr?+gk&u6}KLy*7H7hS+ zYP`2;+UJ2(qhy4l=^ez5vw}us+N5E2Lbz?1W02I}&vm{hN&-fbG(XwJ3T|gTqWvEELds%P@yPLhU$TDP!kTnysM)0J{p{R-E=gIc5~Qpmwv@7v%!rdLCXwad zfiampv5o1DNWTWm@jJ7|tT^Q{b&ih}12-1K_!ghqcj*7U{U4ux6yU3Q8hn;%Cwyku z0Wh5RiGK76?WDNGSySCu{5;Y#nCWn7azbVMKt_J8&ZD`tFx%*MZd`qCQfgK69{5Wc z`7Vt&hh3qF6JKvEc<=9JF<{-|W@UQoTM--kA%f^SJZq>#^3G$=Q#cb000cV`^GphkLciw2xzQ z>EmzP2;z_P*n-p?tN(5gv1FV1uJEw4W6mknH5iox#!sAvUBEHC@ss1$Kk|8_eE zq+COAzpuealIinUeL7R##Mhyr*x}o`80J0X(xWp0-H8a({)clOD{Mx^TGu7iZGW#* z!w!pFcgf2Ik?t^%u`zrc@5_4_YS`RhI?r0@`0!y*>PQdy^D1noP#N8C>5XT?zJ%zh zY&NNjfGqXudoan-@>{G8wZiqpKEzzLs{BVA5Ly`-I&q-`G^ep{; zG^v`I_nANXue$)!`#Wnsu_@S`+m^KE0qnihHkWgtOOn&Fn6pqfW`Bk5-RM>KUbFPm zrexrZeUNLoL&6>H+Lq1wB9d7yFSbZmF4sD952mV-FSE+pAG;nY1l(PkJbpSmnK&=c z6H_FAgY@f*{NYp9@9iUdEEX1z5{B9(Ka3SIu#AXnGX8Z(NB54~F}XW?hx?0A%rEij z3U%kbd(v8ebZ5iQ*WG>PSI)FQVe@a>CD)m$W$@A>z6XQ)j}HVYYPCh_VaY=mtUONo zD86I9i_Smm=~+%&8XM#>_nF#nYUpUakg*?2?(G%4GyU$Do>frg^k)4X78kam_7P3S z;02u@p@dD5?>=@pe0JJ%TRA>`F7|bG`dZ=H^DmS3hcCpk&6WOe&cDBPC0u6lCE};1 z>imc9!)HcAo)fXJp4|*xF#8^S_*e50DQ)T&drmyb+P$Gm_DIRE$MT+>QD75z<>-O^ zjzeGC2N?^MlI>48fMEB}Ku@}_8^rbtm(_R5y~S-eL?d^+78vSW!%3UlgPabmdS>6e zEPEsCD0y<+5g68a)>ZBJ+>L=OZRCZoxrL~VH&-^2_6<*C3Au0HliM;oXUpO0W0b-j zMZMH1qOzRR=f74jM9$y5-&%{FlbWXo+($%24F^kZ`xMV+9r~=#J0{CL_X|1mwMiQN zeWy)|zS&G;bNuFzC-S>WC0>YUx+>&zmgX~G-`iauT9Wbe1^mhBZkAc%0E0TpiY#>@ zMGfoTKYhY~s^I{9XPy%}y)zf1pQG19U5)rs8Jd_Z8p@F6GcS~-W{*Bs*?j6&pXdnc zZEBp#V%!K7?@#+0T{3*bvI^gZWyaI)&LhKm$5XBE->23a6zO|=N||h*PX`@&tu%bA zv$RS5kIYRs&4X5-*(C&QXDu1bVs)4!C!Pm{H??mwIe&QmRpeV)g*>1^=+l)k!KY1Z zFRDGw%DOM7O%iQJpY4}^JBhRZk43)kesHAaML>C9*JZYv0rB3p5cby{HW?jm6pMa9 zTXz2nb-mfN=IE4&xR{rc&O}P;{#M=6bElt&H@0-z?dn_pV>;3hJbA|gnUxYGwWo9x zYI*P^@MvN7sOM^$EoDNre_P)_;GKVQiTzvk*>9C(i)(z7uRn>|eFF*ZDlodtM0Rbg zR=jPOaXE}Uy7}O3;LWZn=-6Su+Lxc4Qx0tP*HLp_Rsj;;A3xjgPuVzo^Nn$w-?>@w z(EMAj&7st3j|!n8-;G*Rij$tEo*K3KIhDVvhLAzt_F|X(3XYGiTQbs+TQ%{c)XkiB zl?dp5__3oWF0hrqR@QNHx9`sn`)RdZD@8G~hG5oUz%sh(tMUNDqYgI|e=f!eELuQlEAuIQ|lIiDHHXpZr zkahk`r3YM&_0Ych$h<7XKQ-tO?AKa?uVDx(8heL$ffSD2PdJSv!W_X(!$2m z|2gS0X8pW*!ly~rxvU%T`}RdSvca`}SufWi=r-5E!c1rDwBmy1_VW4b_MXT*y4cr= zcB98jt3m`3``rB^w-C!Lv3@O@4CtkOC!vx+;a)b^P}e&Xm77+cA{{SJD{?%=y^ZRF zr(WOLCD2axVg2sHrZ0)fcG@-Hr10<&L^~UUv#i2PuC3O)mSJrXnH@d#yE&~*O^GU4Z_-bU}ym;5#ryo); zHl|GX*1Bbd#$OY2q*^%+`7)_!GOh}_vUKM&;Q;n>pLa-$tbgBgtn={rbay>vY^y~X zuZ|8_1X!db{(a{DJ;HL}%dg`HFWV-?NOdB5@^96>kRh*Uy+4$4=q~hqd-c!7^0B4c zi_dHw>qjQ672{HOo%7jjm$i~-(|SCaxBo2Ha`1nA)~+m1vTGC9lsfn4qy4K-VSEs* zTfO`4*LM)ffQ9id7AL9izu&CzohbXZk=eVt^S2unUxfHyk(rkblk20S0(@zj;BMV) zBt<0(1R%GMY`3+!S-4tvZ`xl3l;F|2^Y^JE2t)}p0MGsBO#gqqWW#;@`=ir;Fa9sr zz`ynX$cWk7*h@;=NZHxlmHzkok9bh9sDzlPsOWzY1phbwpS$8x|H^-q7RO71|2O~l z|H8HKH~mL`fCu0M0DxCH#FKyVT8(&ZN4!!YUefXE`sx~oyS%tKJv+U|UE_ryFE6if zxa*4x{PObp8h3Gdae9hBI#QH;QIRf{Nn2B^5Pt?mw1jBOvH;G;!R#% zU!R?wpPijv;SavJyuQM(xH>*L!3#v<^TC@r`g3%0g5Uk*`1s@$Uz+o?KY#E!UYwnu z;{_J+5{+l4r{@>vSNP1Y@LBw29j~s4mlDS-SN^Mh;$P?V7yqgFANt>Ja>X;%emV`j z0`pt!q#NG-YuKO%M#PYpEzSA|7bD$STZ@mJsIWhTxA!5QTUF zNfA+gigL*jIk|cH|AX$Lwqjj=gRgpO`xS>?DNIhK ztC4h#_r9K@ke`>=c)>ePHaoen#v-TA&@xWHx;8JjyC*j8R{3 zwP?V!Ms@YD1jMm~V zWb$-JbLs9 z-y!3f4|oa$9sv;?9E^uQ;Cp_2XN!kF;IR*6WMp_DU>O-1{4jwhKj5Ljc%B~~{(xsb z;Q0@D_ygX}kEa9Uc@ZyPzKo5H#e;+K-#FKoJiHVHmhOp#c{0GSiX<_M! zcXHBr{)60q%w^#9~P zg#H))gJ7955&4P4(}RNsW@!&O{;g{I1(g?F6q`Gp`NkqdB=f8*m^D~*N0;>ZXuDL9 z=U12D&ti>tOH_%7nFO86cB5Kap^{Qhq@+uZk{rf!?&tx3q1IQt9?0x>KKib#M`n-vw3g4OX>AD$xP0mXvPCnt5b(ikS z|0FrJ@~Xs3FD}0%s{}*F4oVC3Btev5hxR%T1q}x%M?p*-h)4Pu#TOlE4=`H(v9U zX4}oCDL?HjU$>z%Ni*ZlUC)(YKt&*?eR|@iyB_)C>M!rQT>H}<=}$bgQTs^FTFu>mw(dTyZm#i(rY?gewkIwbG4iyv_x<_EgO5$h99gbU zdeLylq)V%({He$Ig6^eW=Q$agU7F719Zi?MQ1W(pUD~uM+mp5zZz{iZ?$nF2F3p_y z+*;Is`09O2Rql7(SqmmUtuGzbH0sq|PZxd#XDY6+uXkAfr|FuM%%)x4S-PJm&vzpym^a%;PIy4Swf@B!$COXG?Z>8{{&CEM zeZ2|#v)*4e!kS$B*gw{;8GU(u!rI#QFV}7BF^^1J-<6P>vF^u`aPoKGC)rU*FU)%ZW>a9ghDVN-A zPa4~EW8%r4)QQ)=l326xxWr10KeekV`7pjWYed&MH?QF`jyOl7d7?LE?%`)=`tr-i z6?d{H`m(an^*C zKvPor8NC;bT9lAjSgV=P)Rk~>gJXil_UznSPdzBt|2H`MZmSuoNlYubWm^4tvkPu| zEoJtMEeFrkJXdj9NowNolaog1k52t`wEu~dx1=1q}Tml7{W(uKDnNSKiS*UCB@PwpzPfns-C18lGtymilck(krhT zy+O0~$aM#eIC0m+!_A+h6mTVJmpnT6)N|?+rtF$*zOl+a?qrQ-+L|rnpWoDV)ReB| z^hY*U9DCxcM=csN?C4$ZXdbyrbI~wO;z#2XMqGJW;vs9cru_TZ&+NC)&eJ~leA6xZ z%E_~AvseAe_1#T}e{WAL)vsET640dm-|FGJcO{Kp({tNtyX_4x+UkZ~S+cS6@@b{1 z>mEAZb8zB^Gd`$1y=P{_IlAO2txM{E+rKcDpSW3wS=%c`hz4273o?428o`{Q25zuLawO z>X0ZFJ#O4M6o^Lsuj{YB{_)2jN2TbIBS)eTG>S`tV*|g4k$}|$TZ#J5U~Cplfsz7TBlHW=^`B`@B>x}U zG-YMxpAIW|arp8FulUQHf&iNM(zxdp!Y_narZ;_J#hD*?>*XZul4Act;5G3 z^2P+iE3b@7-~Q6kFTU`Sb;m1jzds@U<&Xbn{p^zuc6@zb@BKN3I}VvN>L<-ZcT75D z>(l>8wE8Z8^5oAKxtEvhN`7+nvkTJBdSp&T_XT6;dp3{le!Aj`Od{%M9`DSv;y0IlQtZDDuUq5zvNmsA;gD2`A(Kc~g+WPK1^TlP?{kuEiyw=RYotp0xb&LsumsbHSv(ztyZNTXXj4=AOniixay>Y0N9v_g??Y>aic*f9~$X zKIu;R`j=bQU!V7Jch1&s?f5CHGKz9{FIts)Yv0Agk2$_?Yhu=#b%`m5-(Iq3>!_^K z%_XDGn6T!?^A10MSHiID&|5ugGPXX_v^uMFd5I?Pld-)h$XT-WqDduLnnfe@C96_X zJ-ZT;xGwI~ghQQvd*TGtmK-+X$->Km-@FPq+a>x#ET05zNj?q z*ry*&yf*aO)SPR}pR|3RK6Q%b^J{&hd%A`PNB^ZIJ@~^vwqA4Q4^^$#o%W3Tw(HOQ zR=;gTaZlg2TdrJk^*?U8>ZTo=M%}RN{H>d=xbOw{tsBmN*M0k)cYm?zjvFsLaazVB z-WOJ-J$_%;rnKHqmaH1}#4ksDb$9W1SARL;$wTLSb?+0}_wKysm6c_p0ZrI8tju_qBbIv>U(E6<@(Ruxw-c}mw%aD|2g;J zukL&CxTkaf`I7l<&p)^4e}3ovFBg6H)jwY;NuB=Pj`G9W9(c8I(p}%ZR-O0tcdysZ zn*QJ$wuZLv-(1vk*Y|Io-0}5;Zx@_3{fBp)>)U?#YwK-yJ@jtg17H8}p8whDKfWJ& zyY1l*>_a-Y`Vq1N7kL5&GS%pfR;$%;K>z=%0J@hiiRV8&7&SMs5=1dyhhBxbOy<&E zdRCK^I6Q4A>}Aa64qW`>tiWLV-(?Yu4#DNH(${x@UaN9})$ z*?PeK_q!m8xc^VoOe6arl)uo`Lct2v?K96j0~N5yfuDc=`C!zc3kDyKn(xpE&!0aZ z<~PU)r~(g@A^3k(1O|V8$S{8V z_^PTZu>B|m47;6J3mE!enDL+pMu9kJgi-$&0s_>&5J|w{Lk5AM0gW)^5vY1m{1?K4 zs1b(#7xDrGfe8IC%?bQ}$)$?@&v}JX|JUX(=Ey@Q*iaPlm+fQovwC{ZOi3F(V&mqf(z6pLCa%3#|H+8+hmA`4&Z#NY zq#QYAQpv}|4*B!=sVDB5^5#v#i%nDO9$RU<|JK=8PeuB-=j$eK-*dh8^bb9ce*4Ub zkqNnrHYQ9we^^S=@G--0DN7wOcELR-ZeQ`>u?y~5d|KDA7cakK;r)&WFL`jq-%8F+ z7*X(a*5u?Z8sX#nI^Vm)evc+|%;vP7p2NoRPag5p$Y18zlk%TDcTe`MlWp&P{Oo5R z{^gDzlg?i=@{8eF{+zZ43OaU{ADor-r^6p;*?z^7XZ-!@Ys~N7eB);iJyhNP;H$UK zzwOH`jiyR_khx@0&6SD6hQG4D?4lzVuW0}Bo%>Daj_h6?`ufEu&pcOq{fzHFLoLon z7B(lIm6STIp-*#W@ygw{Z~pemJ$p(R8HYfmhgns!CX_%8dXXRph$XI_$Zc-5q&CwHw%H@tII%ZQbqbbg*;*yzu>q5E6+ z>g&(Co!fZB8DFIBy!qUxnzmhE{La5xN6fp>-8IVc^K&024{P{t-t|{lA8WaxGyRC2 zJsY3NntEfm_UdVy)|W2%d_&iQFQ!!7{Zrqzl3^uNZp=DptbW_X!#+Xd8n`Ey|1pjVAbPa-G9-iX?t$Dt=8Pso3p9lj=M%2 zSzglh#P@;sra%1CH#2lkPICIUJo(YgbqQ(dQ{MAv4jRAf>x9g_)5_A{Ef}{tVd+DM zcaJ)McJ8*!(PykIOBr`^*6I<{$86q`lJighwr7w2NPq8(`fIrRl8)BzvL}xV^?o(X zX6h>$k@wEef#HYgPfJQWDD?i;r>DN}zw3?S&HsKnx%j!P_L{=vzm0x=qVx3CsS`cD zTQl1%8#|GPv@D``&Ngd3bqA`KV3zYd$)6oSxe@ z{IKtK?iuyMHmP>xbp$PZ(~Tlyv0IzOx#;?Vr|VCEfAh zvuBs)-#Gfr&0PoA`7~E0efYz)tkoa=smpoja{CuoI9J!Apj**c`<_#3OO9M~Z%S=J z?+<$J{K;2nG-JnhC(YzEhxG30OI`le+R^;xOU9ZnT%_A|WAY7~yM|?r*1WO0WcZ=( zuCFI>DG!{MkkQbpNzLy`vFiDj4_m8_dZ1}c*3PREuJ|nJ$4%ZbXFsrIc(Grz;g-G& zj+wGy+{EXeJ#6f~3Ee+`oH)Ao#pJKC~GIza_d`xY^Yu2+94t}6d^YhZ~kt-k7j5c#Ask=-5{)}yV^3&h`>A`9)a7t66 z=I5UEY3oXgJFj{yv9>qSys^6=qi5CYLSN6svAr21raiOx?+35_b4J4RlY0^`yx4P7 zvXGNx+>tbHbC2fWvE2!?`w|bUEV4s$2ijw0`dCnvq9#t-4yvElIB4GHPM-Ayps$V^P7P zP5;-luIs87zTY&twQ1_`j0Fc*ex0IU^JUVZ>mEP8XLD-WM)zX(7d2xyhdSrA_GW%q z@cMDrc8waf-6fTd%+DR_&FO7e86M@G|TC z$DjS|6`{WBzEyABec0oH#R+3Q>2F@~R9)h?6Uwrm*nDo$ONXRt-qIeW`MK-oZx0)m zFtdAQ>WHRcmp(lAwh#X2Fn`~>V>Vk7r!Ok$exBpC-yQaN!lC+ApD$@DTDz$CwxWAi zKfWXNmu2r{Jl?itdgBRwqu$&7O#VavdsHa5Z~VV^KU;hTmUGAUPrf-iF>iPGvQb+; zojl`T&v*N`jPfF~>gQc&9lWM{Yz9K&qihliECgNBZWH z9RG#)U;BCW=LPTm>*eL=+@CP5ueg^V`FS>1p5A42@}?;H zztz_!G`idP79rT!65u;MZf`6rz##m;-eBk_|L5fy56J(&2YQJ7f0E`x&BaXqzwf^L z#BQ0aPuDexlh3;7JbuK;YgU?GTN?b}$}dNranr1GK5M;o=Zc4JfAOh6^|l{Qp7z)& z2h?`I2fX%oAA|0H!OB~Cb6&IAYO~}=?fcjpAu^)b9mtA(*lTSX00_cblKjMfZAoJ(s_e(wdKsDv~Nz@_{z*J zXXlRpCF7A-F1>IVH`cj)M^E=T6LM?M5d+d-eU%zvX zBe_d6FX2Al+mCE|a^0c5XQ#fUDXd)D=6yHA^Vwsk`?s8Q;^W@`nVqq6``sU%`t@_A zB^`a58Lbz-davp2-I}hJ7p}FObVYUW{+HhEIepnzYt0WjFTc$O*RJtrWn?tJa{8_& z``7P03f zx+Z*p!f`cEtz7ocw{DxW?#O?y=o&WKTlvZvWxcz{br*@G-=*_CD|Dll~4LS z!}!GJt+%ZVd@*(74a;7*?b=)J=Dx_ddDRQkHr{&Qv}5nQ{-(z^-T6@Qx05r*o$>AD zP4~P|up}jIO;f_C+i#!d8FBYB+_Cp>nRZ9+{VzY&cjp5+Yrpu%od)N7UtGK7j4w9b zZ|JFA_236@_3iNtpRmD*#H82O-u=Wsm(98KiEp3sm(F|ZoA-PpG&k4Y{gmOQTSoU9 zZO87~a=Y=%Nn4D!yiq@ItAAa>%7mACd~+XE&{zhldr6FL@eeR;yRm8GL5J-O@CrzX69`kOD? z#%_LCbEtopJt;RdZmVYUgx-XahO>I@iRtF1Q%9t?&P{kL?b@u8)T5LAy_&SpvH3|^ zC7Q=lrhPZ!{+Dgv^>vK0t-bb@r;0zX-LpEu_H$p}#D%Z!(hO_L;c`-vp3X=}J>t2N zm6}5;*OerjYkRlA3$QOC)#BWd@Xyiu-h@o6zsVjNHG*4}Y<>T!F%wfBn0I+b{tf=y z9zEs(-=0y!*IshwNW)iIC-sf1{ZLbIOTwrB+qHbh37Y?H5B&Aqq%ry38K-nTG`7!oL2IGo@QO!k#nsh4YGuiiu{#nnHmuids(>3-R@V<3teW93b)~M!-7>tk@5zx}eQU2P zbYz^UPpG;6ppIj9HynD9KEd@+kLI1+63c_ORfjxLmXv*B!l*-g5{|4qcbJYla+J3A zfw7go)I*l{W-jOcJZ@*7CSmhI_b+Q&eN=VtMH!l|gvsl+FFmFHn(fz?{IX)#rtw!^ z+%s&KJ)yd5?!lE0XofGhS1jsE{N=A}QVV+QkFI$*>5yF|DVs07K6%Cbq!0eOeZ!tD zwX;Vo>FP@Sxz}sd_gbc3z5RUG>j@M6Thg2Rc3k&Uck;?z-D#CQ+mG6@eb{mSl7#Vn zV?H>VOC7UWGv&E8Gc`?JH{ZmyW{l^y{bcL9s%7nzng6yX9QDxx5{@OebCC*1SI$W>zF3CyIhyBp^SN#JIjVOi^vb3)L&FlGlE_-l##l7zL z-uvmTjDvS4RE?sNk0=cAwA{qd>Y+jXb6bKM+R_Bi}s z*@AkVW`F(Y^=2~fYQX2|^Q_`ugo&~5bPYd|{GY*0Az_?le+^)ucG`m>KEQFBr2@i* z2KeEfZSH}e7~thU?yUjfU*Qb}+(K~Q$3BSsZ#DFTzajt(?CA7*we7YUN@7Cw>WK9v(>V~jZ^lTB#O&vWGIt>`W~#5XMBo8qsP#TvU|UU0Ysr^A*9 z{XulYQNBZNZ;MAD9ird8T=2x}%2uF{y;f!ipJ(EmZ7!27->Q#VtMD8Ea_0bT$3`c( zKkIpy4GHiZdB*5zM6}&JK-;mG$n3HJyauOWu$i6F<5t5M=;UZ`78*@@eL!gDLxKU& z9thl6D(uS`+tJd@yIgv6vojxvY#nH+TH;T~5PPXCPAjtcnFPHHc>^7B+qMqSuqEc8 ztwyJ*S#X&g%}$&qaT_)?4>acdm`&%I9HxAy!DPm!?x*330s-66mce$kt-u%?OY;o| zK@cp>4jvg52gD?I{1r0B-o^Qje52EBF8UN>VRGbKOh6lpYmmd?)OHZMkh@K=_}iO3Zihc0EOQGTaZe;$fhjf| zK=90lJp5#L2^P%I0)B9RuKPqp3AMR7~cWi0k0> zMn2DKGT8K1YxMaLL6=+uv>lr+Ie421_y;r?1n9dm}o2PT|`lwwqu_^!msgGj?+VIQn+{ika3!hO$uGV#?%_42a`S? zm*mDuHGFIbWn~#y41zSk^`H6NK5>Oeke9%b)^5T z^Z7#iW$c6Qe;E5C;(rVl$hHUe|9)BgK^iIW2NCKj1PYe=9B#qu1g7^Nj`h*u^@9jTEs{!Z#0sBvQ4S%ao{oub}Eq~&u z_a6QxqZ#pE2jKr(K|S1VO!)6N%bx^)82GGabA0CbCHdHlKR}`1k)R4NUP$z!H^|=)d zcCIxP@=q7wsIjalyRKqpT}6FmHs|npL&y+Slx@h@>t}HD>#B?BxdNT8qoYGBE1r(a zX3b*+W%c#t_6B=_Ezg>lZ_G1WsOPl8`m(yJ+6FEda1>>eB;sl`<>xmV4UGm%8}m>= zON|&)<1%+3)XsYv$vp}eoI)cxn`xH>vpEm%ZD~imYEkwQeilCp+jAGsK$X=6qh{2le=PXHmA>HO0>d2&%3C z-zEgL9>LoZYCXD0KQ-j@Ysu&s0;Uw@^d|&4Gl&onnoD$pW?RThTX15TNKEVjfyc&m zx3z=`LY_aF=go<(mGlh(te!Q=7sPAA-7i}dUpbuWICI?`kI4R!RZTz(Zuih)X9U_JYFXXh$GeT%Yn!ZLz^ zw?)@L1jqrWxuuiq+PzifMeyu0m?zf;d@i>~pzrV}oosi~C%sK?o;)kyYxm=uDbG52 zCg0}vbmEJ}YO+pl;9C~(o^~NvWY(HZ7A;hJ_-E0Y%qFweWVM(l*9lH{0Ei@#`D2VT z@xP~0rC{SD&auyf5fWMpznG%b#F-#}#<#X+IRrc!K zAny%M$DnCALH7!w$WW|c{r@9yEF=8mDusYR8=_E0Yk@zsEIL{r9a~-eZ6IDGjPJ%s zY%eaXnma4J?ZbRPB%O=B)!CjUU`F*pyIj4cR5V8itkMbEHa@Ua2!nV!%jAztNlX^P`3@ zVd{_wOlG=*ow;lYG){tC3`QEvLnRGp(&cTmfkwG>&7E8U&RlD4r%>{fN zIR9{NnxtJ8gW2DwO>VVBbP}=SBcZ3_Z{WL)ADJuRkl>vCfUj;*zN}>8kwUPEt!Zo| zsYJ%z0l;Unfw)<&IVeLjpd9u&;uxKEEG)hxAd)2mLsatKke%Rep@A+-x?P@&O>9mw~sa18M?a zht}s8yi*tt7oMyTgtWkXM|8msLGZ(cY$+H(SeSBhbHpq3!4dFzJUEGiMV&%07yPPw z1s$#Io4DmHdVQ|McbP5voT;F@;P&dn;-A?fu>q}vumQv!uu*{zFc`p7bkes@gb&ch z7x%l&>=A}2+@1+v!u%fF_M(hD01g1ZakSu9T`}=(gy3M5MYJ{ptt;y|uP@jN7F9Xs zl@}PN7xjjMqs>0BENwtTiH{5qEP`<)##Bx9>AO5R;#cT>Hmu@8h1g?Q#7Qg9S@Xby z$P2Bo)%jMd*=FN;m&s+8f*ELKN#u??>sWA?e9z-+kxo5%UCr!p1A7N80#^m)K!A6I z+{=Wh#kSKbMsfnsAYiQf^Z1v~d}(!~h=8Dop!cxZeVzWVz zZgXRu0z#-g;ANQLMC{j;P^&vQmE@#IR1hVIc=AN#T%u9ar0^Ra!G*y@txIuXeXYHQ zla8pF_1@aK&hn+%#o{7Bfr7gtxESUuI3_Nd{2J5;)gj1GY_;l{AgVMe-;=nWHn-F1 z0YrgnaVINMVlqW-59OCT_) z(`*Uv!_R=E#CQl>&K>dCsckWy(nmZJgw}|J!-(D>d#F0|w#IrSvKi0PSkFW>6L1am zh|T70+H-yXSCY?P<^Ro%yV2G}IHAlS-Jx>q=wA?gwNz$oIpG?h~Or-sCHDmx!zWhYhm zW$|H=N-1kK6TE@^C_4ppOz#04r}2oaQ*8RFoP+3xR3&&tb&04eu7Ggim+DZphUuV0 z;`UCpqT=*Wcfe}1QG0S{<+Q9!l_L`*`7AYBVjKxXr=%%LCqhj_q_i&y_s}GvmpCLa zx=V0fj8`klRupG+0)YLZqb7I~`x0cjJHc5+4n2#tj7G8}LLy^q$!UBl@)Jp@BwZY_ zM8H@^3I}^uXb*q~lutMI3Rl6d4fZB_5$UW%a)+DT=i9hJ>S-;%%iOnb06$^ z8c(OxL4~tj)K3oKB^r_r}?MEXRH+e4D_Hf5=j(j>r@D3 z^q?gY#TQ35E>8t!FQ?!WS47uu;0x#`jXKWDd^?~K?`1pPjQ_GU^i~Ncyg-S#lZZeZ zt`y0GT!S_&KveX|E$Z5Ywq_v!pR^X(YyGg(_M0p01p-$wo!*Myw$3FW%9wX7?Y~wt zr91Sp1Us3@kmw|_EMYD~CYdC!3Ur<6LlC&w>>Q^ zyU8p|BoF3^(?S0S z?kGy)tZyTUQ#|!34FuMjZ}W=`t)j}{J#Db5ICM^6NGB*vx!_<(#Tm@G6pyZ_IpG~{ zzMn*CC#N@2@&;bprsXQ?8*({)KEBSH+mMbQNv;*U)J69x3cWJ=M4(L=J5UbA;ets= z=INM03;Om5I}%|R>1;rBnDH-`4o9W#iEb-^MF}~>Y9`oAWL%?`qaJs39|Qw-oo%7!Krsx~3Z>J{#|fgePUu9B&)3##m8Vq? zFRZXPR94i*ctg4)zodGH@r^OwD4kzlRZ~%4AN!S{JH{*Zwe#v4V!hB%QC1n_dAeLP zuX^6B6XZ_RGiNWcg^ckkP`M1d2{Z=_rkV{5>eUUg`Vw!%c%!~@-onzV6JzuNM;-X= zVCT-orx<#nlV)Z57h|xoRZABSOz_GwmRWrT3qPC%OptmRqPOJgiYwXo0)K|qCWA(f; zd#u%F*X6!|0g)^glmY=520$yoW&x4I2PkL?zQG^{Y6#Ap?1?eN>L?;rTsRmhir~ML z)2X5yNIb8mzCdQabV~P1@5Nj+NyMNA>n@DJ65FG;-^gq{;~{mT;2Vh*wM6T{m=hnY zNWt=!$FeD`YTR{{`MsgCuCyeqSJ9Ru`*CsbsUS{Q2Bb)I*eVfxejg~!onKAr(ef($ zfN=U%U{X%|n0&FaD(o(u_u>LTT0ZHd$X6Sek>6W?FfLxq-sMQM2E)WjC+X~q7oT)e zb71jerq@wgiOE|l17LT<15n;Vf(6;;(ZBEFHVg^ujnmC@Fw1o~_#pfxIr4(L@KyJ-UH5So1jf8M%>o7zL({ zd1)4>yC8894swjcpE5Q5v~>92z|I#eQUqmoi+l>T>=RRjN{Xv=MbpL1i&4I!6<|=S zRiSIgZtjJ9@o=qd_=SX2R9 z2NE&t(MXXB;DR8OlB6m(rNbEzgOU}~YRh|^y(47+j| z0j+)4HHQ08jOnmgN|3dhfJjkN4lkKgBmG6OB}lG|^Al-JjU|Ld3u&qW02H!mLb_^% zu{vs4a>rq)F-K-KYfi2SNV}{v7)|+0+iOk`*3K4o0#d z!^tt&+Gx@u@vKVYKyIh%0jlImra!2adz{XCS8 z4=~+g4sA(>k=W2MY!%^o@_4N@k(Ys_XV|By%7g;um0%+B}TlJACcPzugI~lNXXbmXq2d z0PtLPOb}$lnUGt^2V3zV1}0C%6Z9dRfp@fGHa;?7`YXDPx@G{ z)!mlM1^G_uDx2o2%!LIW>iC;-e*8*2#uTz_yNrZ;|BAm+!V%+3&8N~Fl*nBe$A53&BJIGvgrmB%A=q(l(zi9YwZ;<8=XLxudWAFjq>%aiokaiw!KpkkABeOD3 zn>?2dqz!G)@;Ny;Lj{9uTEP%$`J8~PUxWjuDxrrqyHHn4BrO7?OR*dI{krS0P0(n0 z1!VMjwN*86e{Gmo$J8K_GLa~};u5QP3?Xr{so6}aU2TFnrXte~C;uQKcA&vldB!#n zG?|YUCh85bRb!EI@NH2f8M)(Q-hA7?c7L*((MX5e+vWVY80tu*jYlHz;?B9C0hr zOuE>NO6FVA-sUIQyD2%M;$J5l7sVdLlL7HPf}>T-+9p#crEq{_9a|>+4f%ZJURUJx zT_MpRw_&y4^qs0GOztaW2sC*`)D$|IrCo! zRV_S`g@8X4j9_dlq>CK$o1*htS$1CBpM&?Wnm9~a#9_&ko{j)dX8cjsL*fB~b@W?H@m)b3IX+`xq$&n$rp1D4m-&$3lZ-xM`k!pzyL6i&J>8agdYK@W7FR>D z0GC8?E(Khnu9W#M$cu`j8oVEgs1njg@C0E39@Bweq~AVfshA+o(AX~S9BoPq;e=W;4;M|BkZWTInJRX(oLrnc%3`aEdu|bIpj~IUy z)U|+Ifu(_QzgY6KLg(^DcvKS$w-5poq!gGoq5HsorfoF%3NQ_dntxOEPCd4Qi>GN5 zb022p3b@%mfvcA8L(GA9G82y$K&u*-5o9qBat%%^&~RF|K?gSr6M;a5-6pe}Dn60I zFGTzVr>NE`<0XYda)+ngDah=j7}!DHT=96wy=EaJ<2w`{ z(n36>#6s#3-k}ofLB_=Om8=-#gg|VWNDRs8O{ZelC4ODD#xtc@KaCXgijAX&ip^0* zg$PS36XF-85W@a?FB1heMCzg7*sYd~!c;JJr%ZK2@^m9Z!^UP73D(F;Tx4@BYETh@ zOlCNb$nk?fPYepMx2mjtf1DKjswtl z=89H=RwPaWkV&RKPMPx`iP%O?T677O+@DA=Glzu>*ttB;2$h0@>CARgz%@XT!=8eC zia=RW*&?#_|9zNE>I8^c9#IhW6mWC-CD5gXI>|~So4%kIa5$j3kt~ZrGDcw|v_V1) zo7et`a971;@2m95_BxgdaTkAl!Ba(;kfw)Fl-adOy86SQ=mD(&G$(&NuqZkjT|c!w zT>9XmTUvyI}T#IzdsdeObNx@sdLAysuMBo|;?hfn>JUas94*_Qea4>QZtc0Y09MYlK zGKOxkB_0;ID^D1J#l*p@GCt1P>E)p`B6o|!x-h|++gP&qIQ|79RDzfLllI=Gi7ctU`Ubm2PNKG zg2cRFy4B1(#vKeIr5_CCbeH3qdkuLX!}x)@dO3>W;UWy7|AjziWVSi5RWa;;B=!L0O?0`7XDf(2oJc~fE z4JL#AW(s1^-t%4x#JNM{L@wy}2_l0hO|gAzKa110y9U&tR#|1ekW46I_$ zvvk`k>T@Me@*A|o0sn9Ms|F|jMGl^6yM+*U`8DEZrzND|zp zct%NYk3C)GGv()GTLUvQWU|z>1rrhOiJuvnnWtyMypV}_A+hJoev1B??B~~;6wqRz zI5Uk53R1K!3lolvAV;oK3Z#bnI}M{Ko6R_4;Mv7UZ-kgguD-0I1_6Tv$QBq*YM`1 zXCk6k_tyN9$$s{^k;vc<34q0!vRy|41F#F8qI=;Gxs(rhOj=}#rTFy-Wya754{?-@ zDn~e$c@7TUjd02~m>Q{hW24l3V`v4tAct?WL^INeMKj|ZJg%5)EC}Y64Sr_&ELmyb z2`?LL@KI&3VMjD=U1e1iKvIT9idUE7FA%T3f7VDH=hlogT>~QfY&Z_UU)IafG$9Q6 zpd@1_E%{O~=U&Q`OYRjMZ1b>OgE?WEGVs~3!7HZ&yhX|PMAThq_X_T%#Cs{z zB5qm%rNUeNHo#=^o@#gEL{NuYgd9M`AiU!CX8%V4cn|_0ccG>Mp?1eoAt3k7GE&Dv zga-E5e*g>iY1Q@$GsG!!Wg-{~xC#&gXj74O)Qg}74*q2nbwFVk1LMc9-tBCvVVSAf zEd-i*WNcJ0V#phv;Q?Bb2*1*j8t}@+_`APU9>ISK?t?7GUV#^`QvtXma>}G=?~`|@ zC`}Wn3#&u}ktA#t>Z(A@sT2H(N7qHpD{h=w)CQG&BcdF9B(x}*UIudm8gytz3o^7ujg3w@nGvTmFDk2g zJcg0{Or@YLF)bn(bed+!C_3LnxD-X#C{VMK$Onl4ICW}1BLo7lDC)GKrDEF9Dlaz= zU=OeyQ}AV_r)cola9g{(LrVX6nJJ`pdAi&JQ*D#om}Cwh-haD zVhZ{@Ipl&8V2VP>T2OG3c!|mPZ(d4H!SZ8?N}~<|dkzsovT=uB#W%@?7(^aC0%@k= zLItU2L}2j9o4%CS^6mgm33ML?jRqy;hK17y;fP7kbI3i$p6C2-j}P!c$(r^SM6JQ+ z--l76iVjNNc$p7$Oso)*t_`RYk_Li&OY}{vH$}|9Vt&}t$J+J_yc7>;5AZHNl*^R@ zC6>}m|By(4>FefKV}DZS&;BVrbrPw-W6`99QIeV1EbXK)W-fk`GoM&RWe|EIk^x|a zm_Iu{J(0VJPf8-Ze_7CiNNyOFQJ-NVol#V1qMBU7d3Y)yRzZTc!{VUpMZB9XaAw)GI zxE8cgoG#O!0=cB)T_*pOK8EPO3h;&f4}w^Pni4lTV2WxF5lBSxfMsJj=AhRF$qHzt zTozilGZJX^p>`)6t?St1l&2XdJw>@9u>q)7D+S1cS#e0s$SE;s)nc9*G!)FsAxOh$ z5!w(p1V_vb*W%R`|OZ-KD z{ghHT0{YA$Zob%Dpu$tpvLJD3|E^?Wl LW@q4(SOq)ZSjrc6_8SpMI5 zg1-$2m28e`z7*v}2A6A!u@!&M&G7Q#|U>6+zvs5eU5Fg4eaz14X^XtHjLP=^c zN2EoUp)Mu$mZ45^Y7D4DR%F8b-T`_4k{|`BDr)c>0Tq$JF)%bXkc$_JvSq{vWtN*^_!v`@(Zv3Gpvj@{E2Os_}$?yk8 zFmSjMBC>pD`=vUM7bh>ANCqv=6E!kc@I%@QOcbX3QOGZD9W`Y@t)0?(l+D48g`>2% zF~r|e?Hyc|^AtyJo2Y%yQuO~nUrC2~YA`|+Yh|Sc5=)<`OP!EXw+JOpqzXJJOBn|S zQXHxzvx=(HA@&rN$4;t~B07(SEBi!M{~;19R-l3ZWcVpC=`o7wfRl4WOj11;rvOmI zGZ4$!Qbbh%ig+eo3809F;?w|&cqUE}Ao&^fKp4VCRso9p7?lC)zf>ZG2QQZ+E?BHW zKrzY&$zzE1xKcMrJ(f5Heo#4R2v0foy>^g@q^dJGnh=3TvUG~#gF58|7Zm{zMbr#| zeEcK(`#y0fYDrt{SS_qD`lu=#qLQ|akhW>z82c%uQ&)L1)YLRA4^?8-NMS(Q>qt3A z*9_&a5NgILrSmrPI+E2yWtXTe@}OE_AlL{!)e8E{`w_1se&&{SnV}&$n`9R)9lrSRoYEvCHR^x^RW0S3K_Xa0V)SGNGxJv0ZD`13S zU`@$25)<{o69WShUyD0otTbvZW1ZVP&HX1VID@|BjY!t-?PML-A-FsstbpDNMe7k- zjyVPaV)RQX@z^?}t~6KgTh2NJ&Z^52&`}yG3CS4rD=`JK5~wNUCFX|G=@vZXxh87F99SR z^0tHlu4s#~RG7asStQ$GrIKT%MWIv<{QxIPJd%nqOm0k(+g$Ch6tT-0XBSaQF^bKT z&2<=eiTiQQLGy!DuTn0i`FDkC@X3d$fYBsMxF3#*s+IPeC)vVjD%zqYe_}&k6`)a$X%$p1=U?D{f8UCgMzQA5rn84jC}LlQD;f4HBpi3M=~pf!NvMz4=V;gr1)u@kZV;_S8bbaR2p;75rTRQqDw zdUVs$#+99M6rw6`XqjTj986@#@%j}DDnxOnEge++PBfb6#FD@yD$QCLt_|)-d=Bky zru-54KCwKnsIyYo#b9R}f?xXccOpehk0`0YsDsRB%3P%4uo7h&M<86|sqOIRknNd@ ztXP#IupjKx)7cqflLhrJANqunU^)kR zj)hItS2a}Bqd52ih@G%FMMj6vYEmI+azav#aPZO|vCD@<^a)7-OF{0;N{9+v(U6f& z_Ie5fH9YjW_F73QWEy;$jlHhI4!Z>Y;gHr1SZ7{!-=zIloJ34!PmAz(OROvrfbIcC^>Kb21|Gr6ahLpqoJF5rUyD14Q z__T=8(i{F*#cOKezS52$e5nFf#7nAV%y=E~8T~t)MQNDBsX`PkJMvX`2nRT?b;lY& z6}uO|3F_I;v&uYPcoy~_LVX8xO0niFje#0i)}rr|DxRbX2l zXSG#5JA4Q{iP7_Ho}9H~t-3B;DjKEH=oyi}lnt3m?`7g$POb_pimrg52>LMbllKav z&Q#|*7I}uJBJNW`If-Or|3}30?PrS3da9}^L(T&_CkCY1VyQuq2^3{n3=XtiUJ@2t zNrlSm=1Mf&kLUpxr4{9zJ5&5LSQ}9GVynsv&w3X+@OlL*m@3Pr6M=yRWC%*Q zNiivs3xP<~frz?>Fd}jyZc^a(g5L)@X^+%YG#~(B&cK){#?au5lJE{biLA`L7MFlZ zX@&49ry_$fcnEL~d3kh>TXH!YJbfeE%4-(2OEXSCN)Hk z?cyk;hA5VvA~?vF7CzzzZIIX-HZ2oU2ust#idGF_ELarwrh)V)V)1OesjCh6T98+s zG>kwPtS$aT6y_R?^G4cdJvodLa2gTELSCC{bp$$#Tnt}s%mD=`+YVw zoinVv!Oxn(#SkhBD6O|#%}<9+-LZ~(x-2h{>NT-8Xn%f&;=+AMcsm`vVm9z zIbwq)wa4KRnN4HRTJRu)DoHymEIQc_ksv90rr#}Dr7LHcko8!KidRM&iNH$bkHvgn z;&CnWG{ojnZFkw;2(<%@j2z3jVzZ$PC=mf+I)y-rRYbzEo$~YxWnO8(vdbtFhvJ6_ z=4t4Jpz9zjr&K@SSVHJWa&|CZf3MAE7kCB)MH8u$WWucr6@kBE#;vI+Zl_Z??Y521K1q4?s(N@7yfs^=Fk z&OGTP5d|f}&rmR&8Hy{bsIG<|Nf~N+GBXW*ueFz#OWeM23$z+PQ7tEMQMOylfQ zIsNX3mFN!rdE9hU8Et)SMOl@-x*jDg$=9({@s11nTD?o$0xxKnf;r%W(A+ulbZCDb z%AKPi-U@Mif{-JHScrhoX zf0K<%vVkwMCX`spuHSFv41}+XG^GeK!2qBXXao1oi#8JwWTJ_TF2>x-BKpZZSGaYy zsgX5;hl{CJPK*Rmr?`q;<0_=meNfcv4FfjP;z2<=kCf384KyISSd1EAYdeeG=4NA0 zz~59Hc+5Ee@Y$jeUbwf&?4#s^`+Jf+CHDi!8MdWI(CQ5l8xqCZQLYi?e)&Lva#EoB zuVbm4$28vFS6Uq;qr~1Okcdrb!o9fzT4=N2ljs5?szrThs-D7oNqJ9E0h ziZaK@BLWe32|R=3^sF$smL15Kyhqr}YSt=~5QL z>$B3wRU_wZ3+3kUBIyTu6|>{fMg=3x53#l9hvQh`Qsw%idiw}kIR5au>A|2sLq9WUzczPQ25u7OaPw_fx zJIB5e?*)jfv0pIiZ4oyZo2f9>VP;w7f97&otrQxr=8?nBW*C~UJFhC0NCAsAOot)6wE=etx6T&}bM!06iHa z8k-Ro0ICw9|J3Vc{ine!sy!nZYRLg7BD+c0cSAakRg-{eU$v6*;;2_rjRf-KCbY4G!%<)*he*b81@j{0M~;|Nm!5wm>x1YF&0K$?M=hJ&J0az99Fn$zZm^N2kGFH>;wd zD4Uh#pj*i7DmfXk$fnAw^70DU8SHZ_in3|QNHS`#o{ukL6ZAOE=6L8)NXg0>q{-CL zjAU0}0*MMc;`bmo6YhmNAS_fwAm8$O3b4U-;$wX6Az%sqxs6QHby|u<=HYT1Rv; za_9t0=?csI1|W)%j6WHtn^M{YTYuN-7zde-G$zuH+y}Yfb>epTm+2% z{a|DoWKz-;Xi^Mx@@|R3y9m+|f1-+UK$Rb!C_sICGZNyVmTWClQ#zn3t6Cya3})s> z9(aXb?6;ioLoN`z0For~GbwdNun*ZWCGSe?5;g6_0;mEz>*trwt!j{I7?oe4AZ}|DcdKw0t! zti)~!E6YecBudK$LLQFN!7cJW;Rovk4?D-%v#2P`UM$o#i}ju5V_ao$Ag+*bMiBobST{Irnp9ZuFZgAOE!ZkU!SYjGn!Ux z$JmjZ&K+XLVyGr-NWg|wQs7Dj2<8G;){4kSTnQ=#KSWo*W<)xQJ^cRTx2nc3dMkOM z=LjKBAZ@7vZl)Nr3ifCwY*~caG-ft#!W7X5l|ZWku|z)*%Pex#qG2!$I+mVObTkm5 zCu{p+LEzUz%h4WyKAOrV#uX-FVl)#U$XEvNQ>kROveo*bw@fUpiezClqd%emu@=Ro zZ2s^z#B+rCY`@5;-+ws`lG&BT6h*FVxJ^+839ocSo4@V87J+UKk3}IfL!4h6f5|w}}oJ=Gr9ix=n@VD7&EFPQp=$hL*p^j;3 zhlC(%tiy`9Vz$l7DR7(jKs{3lw%>fzK@^om{$Le-%eUBU zpl@cANuduUEtP^akf=nmQN$=CXhE9VZBYV^8haUd<`P9j^##mNCf2gJNhdsQLZa5t zHp5$!KC%8l-x+L0x4M`+One}Y_8{hl--{y*`;uJj73TxhAs_91+R*B{ zNZsNf(m!+91_K>22I8pqv3zSRTVnj>P^PJErs8^G8nf4B_V%t{>P;K;3rP3?BPPE* zqGxbHC~gN^DXOw~I7t&riLpWBprYu^f!IN=hCn8%PK&twOzAIfl!1RM7UB9!fs1Td0x{k~ol;W8J9v=6l-i@j9pGh&aRXpLAK z68@!1DM<3Xz&^q8%CvY9RT4R|aAYnAS5#H;NIV`cAQ@{9hldlhY@?cD>`MX1fxDJg zLLuIIOT=Qto-L>}f^OP@`J`ll0TS+La2VyuFc!6R=_0Qr%`zYv0uz+ViurOh{2YKjXt#hf!7Qobg|aQR!>Er|){ z(udSTm{ihoM6d#)zrid@YhF^#cQA(oG%FqSvcCseWrl7N-3vk~rV>gQ-QQIT#3k)* ze)3U*`jCc3z(37W77A%t1H}w~!Ax zS}EK6bXJohNNB^#cQCgVt`$TZ>g{H5`7|MJ0n{4x@RvXy9JrN}O?EJ+Ras+zg@6lNeJX|Ia;6iX7sXh^&fZs8Be zf=a8Po9hDrWs?uQh1;}z2lAN(Mc=LL;u`Gv~eOsRlq$xtYl zL((h{vKYb<03=f&Jd~RN9cy(%jmvy5X0hg&s2PiR%cH3wrz_FmMP+=O+gGe0`?&P6 zfGTVSgw9;YFK(!= zBl)^k9FnL`0j}Hw?~f2px%L*LnOsNgEY)95eS2UTWdh78;OsyV_85hnIa&qB(!F;R zA=`n9E0g@xhQwONU`b=~)c-A}rRw$k6_Rq9wI z7NPcLR3dCgVnTONi)!{rMjp*?*}Wn6^oCM0l*02K@?op59ga3GA8MnJ+0@b?Mg)wwaEIYUEeg)64MRmm zi<_!d#8I@i;;3S)@;^6WI@&%@`;71Z_t4j?X58HIxu1JJ=e*DRybl;X@cE2@jn*f3z}z%43b<(T8PGS#Bo?U6879Kp^C|OosB4QCJ2?l0DLK(8RN>~- ziCM|OI8Mxr%b6(TI>th`r=jEjzinx(O@W9HGH4tVcH%!`a8#icS&r$v-uNpEGCZK_o;pXX@t;CIp@!sR?VFa3rC? zC^a2iNfAQ@AlMYNz0j;=Vb3>ogi+c@To%Mi&}tt2mFR@Pl^31UmzlV5zN28kA32Tx zZWfuNhnt%VFp&cMTwKP|$i|V##->vL86w+w`1K=}&^S_?2g;(F?cowAY^&|$hgN%! za@)p^1Wo*mXAw@}1T1Q)0H64v6H0`v} zE@2|s<>6|Sk!&wWt%}mV=AtCHkUI&_b0V6TM+L$`@EEPB6=ncGAzS_N^~InV0JN+@ z9|q_(p9vx$C{2D;(rbJ$@|VYdg#9pL3xt;ksI)LW3a;?@5&vR^w(wR2Kr^p!;SPox zv?W3LA&5i+QxQZmGen$4s4@{T4Me$9?Z4$dxTOGU1THz;0~Az)1y^V`qSAp014D_L zkWr?`7q8U=buFP_T7>NSqg~0U{-Ti(X0)kL6##@VRPiZ#M?~3Zja8Nv7zX=tj#|jNW&$LiW!>@ zuY;i1fp-5JkHrk-bzJ=XeV{mp>gwU`;Ozuv&tVA39Y3qbgxF4?-sIxC)TK*Lce z{zHx5@Nx^)vtWEdCqanTvO(gCVUREh)CxE-8~xDs^B#TmsYq(+1GD=M@*auujheKt(LOwq2vbmbVcGmYcG zRY3cb!Zks@3~Hy1EVz5-hvyL}S>8 zFqH+v2e%3x9sp3`T%6%^Ftg~C1TBFtofFt0P(g@`hE0Y}EHWN$3TGVn;hqAw1Be1t z(RWZzh?4ez^c@Y^0(c5U73OHs{7N`aI31Xns0D^D(p5t<5KhPsswUB`vr@lwG7zDm zTV$mQPlaI`o0Xn5?nJ8G;1jAF%4k3>tP5nNz%d2#9az-3_|z)V4MFzDJyB(mEm=yX0(Eidx2QXUP888}`V?jO?D4^m;Xs)bOe#QTVeck!P^S0sgM@yBcGHG% zJ_7dWOX(>YDKVL%8i4eaUfiD)_i5cck{SR14LC?NA9VppM?P=(u|PwB_2n6Qvq0^;!i zVZkq2{rjgb7XtZ_5N+gwMU~2*UiK#_GW>dcq4DU^KU*F>1RH$$nBxcr4AX@8^vs3O z@EKewn4zc}4g!JmMF@?HG5Q`zi;1Wg1$t&fD?JDBVqsY*N=`rv7})5%MZ3p$9LQIqzyDo3BwEZwBPzN+RM2q< zkr-fRFz;3=E$1zwHFZ z`(nQb%sKk_%p89nBVH4jmoar0f4%B*46$qUDMx*ov2Egq)*JAFl1(yGz`sXZ0(`s< zj|Yv=orR+hFj}uF+Sw33G`zEL=n6f&vvAm%5Hd=D7Z3sf1@CW%?Hs77aVeRo8euBb zn~$#PfAO+~eg{}3bpE3O3ZRG(`9kz5RQwd;Hqa4_Lq#VT+7t|UH)yg~$P-Glt#)PMx7Aha73o0KvNi0_GT!E zi%m(4F^NjdiX3luKXcE8KSg_bWemf!@Y8VNPs20KMVO%I<_@>kfJrJKPy?Mp4%Q;0%zkLGQ_eIEaq{YJ>6|4#c)7iu=B6k>16rO#X(4<6 zD7Yyg-v+)rYBLg}0ow%L8o-@sIUMBFAe2Z&Ln+aME0hd^`7mzv63&Tn2T6jgT@LD} zK=}`v&ijaB?I3(4&;%?vjERXxC_hh#4n+cZohj@Vhc4paIKqk!o+G^W8rq}qiT}gn z3&o~Tc3*V*eBn}R0;CpLPMyYlgv!i!9TrvCUcqX6_`r-Q~+ z3Q)^F(O{Zo;%x#k8ib=MB9)RzNVrj>p}G_TMf8VMK+_;$4X8ByUg)a;8Bg@z7*VEw zC;LRG((vb5djB;0WW=0|I6k6KXGoL@U>r_P0xGp-0&@|JG%8ynlw|VHN`m|_Iv>$5 zgmVV4O!tj=^^itxsc2~z8BA}NK!4$4W^Ov%@{kjang$cP*|=CDP>3`@{E(8K zghq(zS*fUT5c>1L+DL^ZJTYe>JUK8Y;AsV$0waM&-{WHWFB}@E@tJW8z}%RiQwn%r zKs6X&^Wg;nK8Vw!kSOp9K)e!8LU^83kh~ZD7S16f1MpJRkASQJWXd6s`bW+pD;XRX z4mcf=S;B6mAD_c4;rGKa49K+u&<-mkte*}-jblg>3^iFD-G^up{@f@)x(rQt0<{9# z@_cHo98uO`MjX(?lc57E@Fsv|0j`TEC4wqD#Q+!!q#97Hq$Xu?gh&23?)bNJw#Gg# ze+`^<_3?2Y_o#|I1oY$4#eMwqH3r)C4+!>j`OME9`~v)``cM-$l`7n1bXWh4egb;2 zqyDEkfMMu#k3<1|m@gh z7#QK>#S^`=!1k~sffYc7&4w@R(>;$VGKOBtocYkA6%;4Ije?rO4Dhp{qd-j3bQq8L z)aZDQ9q0k;>kCzTAyEdtx?OULHdSI+XaGLYhU^NuE##hjqC^6N=>R3>p4|XTqS{eCAZfoe5RKAr-tq;R*}=ra`OD32q0P5^{oU4cumQIEJ48 zkpODk^7W@+&wmS13N1$X9fahQuW!$m} zTy5c3RFSa`KsNyQITpNVD2n}b#){ZKqJyB>g`p$BOL)MOpfWm{GyYNV8~zkp3MWFg z1Lb?bgod_Guuu+ZG=9z-7aal$C_&qJ=pcz~6BHK|!WbVdzbuGJ(4__%l8+=WJX11Y z;e$Lj%r!`#LrNa4#{`W!cCxW3l1v;bmHE^K5FH(aszekgb5l6?=x}sQh8y6b-`PUp z1Z1<5paC+dzoK!vF2fR1gNcbS_EZ=Q;nfO9QaHY7=>EC9^}k@%LtA+K&Ws)Roc-B# z?{9^zW6o*ZDUB?~<4wWe0rZWy z#Sq58Vg(w!rm(h+&&&%Ohxz+Cp>5MLOuxwd8refQx`%Mo*&RanG8cx60&Qqq5B-y3 zhh)@;8gPipP5nIF+yjPm0=1_=r;%aRb&wDrTbSi8OdZ>4L;Ns%DvUPzKN) zm`<6(U<|z$!DSAfph(Apkq3|jJ@*_42+%Fj5%vI4JWgVSn>Pk^P0sRF(GF@2uCS;wBm;{l( z_{mkxgI;_l(K%2G^N}Ox4cXo#wCoUo6u>XgcnEz&9RUG__zcKr0GpsR5%_@30hr-S z9_ptTW@b8cVGxZbnk<05K%c)9;0TTLhlek5BGA+l;lg4dfB}~hEJPss3sA^`UrYq$ zXmBbcqalq9_zHXpR8bTf`5V&3pGYHo4#fL{Yll9L00E8%8UB;AdARGrkZ=U*$J4E$ zZW?_+hj~g-S#TphfxaiYpoD9f*zhf9q7dE((g6&*5Iz!GYycI$boYmkizWkv2emPs zhxUIQK?puQAmE1(To?->1Qel*jE3UcXd2ZYjf1EVb^vG$dVVM?0$3?uIbN_#~&1UwMUK+Xpij8IJvatJ6n3f9b6=$n`b&%wy? zK88X@4u}@!MzK>tN%GTYN|?Za#}(ZMG6%wqY$0F);xaoHz)`kPtPf4JqWubBN^{^D zN%{{@X3<!>yr88XDD@>J`7=v{vxmPE2<(HK9x zs)fU#(C4)fMhDU~DbiF(4TqQmYPiA21#VY1B#k+u7OJ31ut4}&p^ZS{4e$mMp~Vxx zRz`^_&^HS11^RlJHw-R4`WEG`WC>qELJfMh2)EAw>Q^HA;|#k$C$4HVaoC?qNlHSI zbHLI>g&re5DR2OSKs}ntGy(M>dW;Pll}`{>bA$LYYGOobOeooa=Ma4lA;2iFf4E4L zlQP7HM+b6v3z9+U z-~$cii2ua1!bypOV`P|Qp~4`bGyv_Ok|BT?IfqoBMWF~2WXqYRim?Xg(Q)*3e1;u*r!jpgWK*>^vrNBK||R@l(V4Uxp%sqH;_Q;7}<^ zARO!idg1}Ip!q|9|2Ww8KZ7KHd}^Tj?Boswm*Y-t1e_S}h5j9g^01R4ip^n^V1|Or z2BfY?AT+YGgy|MD2w@;;m;uoQCk3PtKANwep%B83AVVVDQMhPFLsY_{9YLc{(T>71 zK_ehCT*%E9eJFyQhd6|yo+m@ehJUiyd#KM26cVCsQqiRHf;gZN0`ueJ0P3H+eBq@4 zoD0{G2*DB@2W2%lp|o=0!YUM%6jsr|`i2&XgEauo=aXu@~&=0hL~*2n~<^$qhzVa!r80PKkxXQRGw&%rAmCXJ5# zZs-<|zDIp;VP4^Hyva^+C`|yM1c;V}(+&;JA$}DSeMGR#Fmo5Rrz6h!KXK{)&{r-6 z5)h!eH#9QnZ8j3lDkv0$A}(;2QMw>XhJ^Y{c&Ck8dXx>Bm?KI}Xrp%)@EP>~5Y!G) z?8knFz7`e^0?0};HrCT~^Y?J^an;ik%4a}RgwGA0wKb#+GU69TL$`$F6qJ$}jUuw> zeugy>w9$S>kaI|73-Ll>d&G}AbPn_7(Y=WPU7_6>PWhqj$UaJH5978vXn%u|uov?D z0Vx6SiM=D5@`w8YZ$yje7-Kuy$5l8Uqu+ee#&z5!!-m}D%D+Ghvy&o4!2a+F zL*`^iB7%W--H8GC5NttIw4L_s=ybS|Y$Jg6J!iXsc(H>K)xi(?I)bzhJOReQuZWKs z8c}WGj~(sxb)cQ{RACebGGhSUPywgRfd2^_)dK_E(H=Bo5~+S@^$1$cf|4|VB!&X~ zQls;3jISFm(!c~!e&|vZ06AnK+5$usa2;S)fwm(|V3Lm%ip{U_J_0T&}y%``%qO=*DGCCweoieF$^Kx_!q9-rPq_IZ2Q$uqN zQKOA1Q*5S)8f#e6ft51Snc9Le+E;@?x3>69Ukxj|6*Q(cvqZa7GlUH`L^&#$@lf0f zFmH0ENG`_F$2l0zz|=j!%hMkDvwvvir0GzfZ(%+UO^N>5AOFeipdSa_+R_q%IE8L) zCHfcI9t+>2pTQr3ZeV6*W@Tw*fzTP|7IZ6wYWXMk|CcrcEk|GmQ;~$||5mvJGCOb<7Kf;+ zDT5zaQd(5Mt+wglJ^~RpH!Ng9c4lqeR%;vcy^Xc2*OqVGylUreer#OSyo8t?JL?LH z=P%7qadBmS)wp{Le`V#0l9JNAt^DfU4fRKlH6j zgJ*}#_Gixx2@eg5jfzN&i=Lm6W@2Ora(dpLGed#`8OBCaEG=gH`C6MXB%yNyiDYPC z;O^qGFgv?u>sCmb*Vfc*SigSV+O;oUymnAAh`m|Nh;(cfbGs`>w983l}b& zJ$v@_>C>l9ooa1u6$k_;Po6w+;>59I#||Dm*wob2*x0yl-@ZM2_B1p!?Ao1k~1s;Vj}DJdu@$ji&i$;rve%2MFg z%E*8gFOf(j5C~#oVpuE|gTcVer@a-!AjlwMggy%BGl7r>k^Rj4!fjNg+<~93)dl*5 z*}1=YdTEulOpRmCi=LwyZ=|=JSutVix#e$?b&fA0%1`c$t-LLsWE$4I^Xi_eiu6;Z z2kTyY2Ac)7?6ynLPh306x5jmSaM|u%yZpD!_A*%Dc(W|}yXLtKR$e!oy^MSk7qRPH zB-L-8%nLp2c*AyH=jusqnS_vL#WTe<$f-BGcKL1dd~ZDK?3^PhC11B3xgL4bJig0{ zEi1ocrM5@n_2Q||YcKB&deS^A@=))MhB=+3czJ!#H3qD0e5}6Zxm0l-Xu6~M#Z4qbcsnjeFg2A zSJwW7zpo@HnZ8JWN*C3(kVHG@->J-qHnvz*X7xjW*#@(3I(y4Zj|XszRVVkzbsE<2 z{K^c^Js`A+m0x4wq^^3(OIdVv64&Z1=_YneNE1*ln0E!?a1v|kuXLKNndVe(`qj>K zPd)Q$I$7le(_G5JlJiTx<&7??mxZZ))Liom^rlX;jhuVL30d{-9TOgwM@f^rBjhFN z51H~(U>GXMcbcBy z@s`<_Q?c%vi;dFVZBo5f%{Je|TvpCFtMKytw%z6Fo>HB<@~0WMI0at8(=H(^?0P#k zbdsmM$DTI%nv-9olVbF1vHD7jM(>PsET;;IcF!iV`6c?5<>Z5Vw98c2bTyVUE*e;2 za<4MY9qit)+KhHQtl}>xuXm=GPFUKNrlBL{-XqYinua(S3Y=G6h+Cr}-)XdGwYG%e zMbEl&tBIT_DJi$IG#UG#?x4=Dws-l<$j2U3iQ5<6rgdnhr5cIrNLx^r=~P%mwVE1= z$$OGI6bi%*V^+(ZQ#B9Lk+z9C$n>(9sNpO#{WiI7!_te?(wX|f$e?z|k|HrPqDDTs zl{8^7JyL~Sv6m~U->yDrp>DavgO!fw7>^qF8vD?htt+hB$npf! zqc*s+Q_ml-^04Cy?A@r@0!+!3Lsu>p+dkf;Q>pTu`*-CG!R<(ir2IAMo>T7bxzR2D zTUUunnXd(#U#IyZn`pE8o~=_CMkbAi)4Wb6T6eIevMFL(^_a?Z&v|yHK?H_?D`~-N zRfrvsoV1%=DW9pMeuH|(et=dP^{PbWmwuwl!2T89&P>VdBW=_{l5eTyo;<0nxHiSh z{Nkw9h}uNz8EXVD6~(Q=Hqh~tFQyjzZ>m-7wjtVtRaL5PaZ>G|x}LjQvm$p-fo3%S zjFuLkXqQS;TN;E@?xqsOXVb*};OMXTxav{?R*%=B%3>2twzQDzS$GQr#mf2pbrY;2 zPm^nDu(?>vcMu_)Dvr6tp!q+#PC+BBoy)ti;y6JHd7bLXWMuP!4J)S8)UjzRg#$GC+$ zDi~68KUSrceki<_Rvkyt5AaLd5S3e?^>}Bo?Qz+`N*^nn=2pR($xB8}NjM|8vd`AU-1fCkSTJ9(-Z*u;mPV>aoijAxm!;l(@@SSxUKbC4E1JB7>Vpr9S z`-;pG5vdLB(JK1|g(hZ=7`cH6NjWbk1#Sf1fSIQ_snkUxpr&lW77Ttr&&8-#V!6VD ze3b{RGq&&cuZXX|zb#9$U<>~eIkvkI+gSaCl?WIT^8KD)bC#h6<%eS1x%SwsurIw{YjxkW0$rog+suSg=IrEmg;t<>C) z5UaWh4fi-m+4nJtA(tcq1-%Eq+FYbJ&mm~$U{Edgh)SLj$00xM2u^ZKhnvkIU)<)2=anEB9#vEi?Uln^CWI#mHRHZn3&Yu zxiwE`LW|}Z>yw!B7~W(2yhw^k*mH@%4y%$q3x|oe5urI@zA_E9f~r>wamIs+g!(vjs|rj=WftG&MBz zHumr__mFBv8X{(ZU?mJPENnr8iSs^Q!n6OYa`XB zX?Bfdc>VqEx7QC(f44GaaibHNFsS3IvO29IncJq(hqy`dS4w3b$H|?$<7VH;Td^cN zUu(_I)9q(3Nkwxs?w{z$Hm%B&S=xX9F>C3s_OCC=EPW8A^`e7#*7U81`va$izxDrm zgIKkqkhaPdo1+{i zl-_W=d!D)?tXfXZB0|RO_Rp4IDdJRa59sz14=iZ;ZSj*W>lSvOKbd&k=fs3^Vu5Mp z{&I@VeYJ}Qnv6pB;mAE)O~VS?tIsN)@qXM`V!r3sXFnR}-d*abb-dq&kr-6Y;a^g5 zGAw4y=8M-WJF~R)hsEX!OJ2F9pZP(O z&02KnFqYVtd#(!?LKjP;h)w0;q&k-VGT$S>EnR+KF+y?sIwB9_PQJV&?_4AKf&f2< zj}KvqIWY6}43^$Kv&iwtQe)DLlXP+`YsqEn#b@|rg&y)uO3_Td*tGrvy=s}~u|-=2 zGMfeB8~TePNW~lJ#T%If4i~qvOMEMfu(hi=d7wD;Nb%+#@uVQa{Opni1L9jK6lCgO z4@Lm9wFKO@o(oRr9Dgd>1YFoU;{LWE2rk;F-4adEP& zq=clbq70cVqo^V;uP86CqAUk7mx7$Kvbu(rhPtw@?!<|@x|ZhV=9Un(4gF!HBqgP! zr6|(U6a{G+X$1ueL}v<`3JQt}3YvOq%J8SAN7aE?4q{{jJv{>hGc&rG+3?S&P8}2= zvLp!8tZ^7^1S^Zd$zlfEktzhi;xG`%jr?Kpu+|VD#zX%`K1JX|EP|&X7#t2OhQr}y zMPFgCI59*PPm^OfXv?z|2)=pEmvmMIWTvgG+23O3=oguuf4RV7^;Jb#1Oi7K1}{Fm zOBg{}8bc1}>yQT zc=gJ4lYOslSX%z-5KXo!tVr|5x~sL@d5Kek6t3AQsbz>G6zlnF)R)(EiZW$aOM2{o z;??pdaPzrNlV#U~TX%Kl5-CeCaR+4`M$ ztAgE8$Lcq`QCv>VxK?uO(e185B*FCFmR%mPub$+7kk{Jx_?Y2LR~@C&2F)MXZW)KB z+stjQU%4>4Fejn%&{gl(YyBFYfAgS$zQ^F#rAogVDODTkg&zy?_@;mJysrFjFRbS6 zmF{(z+<55zn>ft_ZifO-7l>t6zZm%L@=d>ml+D-~Ki4JPb?zgctk~q~d|z=z7VUDc zBPV0(3f2v-&Kicy&K+SjooY^1>GG7@bDH;lCu8hA|K{y&b7SYtsM>5RM^t;* z=b3M2cP?k$I(C)6y|c(*^Lg)Gj>IN!`)=;+tf)uDG?{Xx|`WF|8pYd~I#;p0DIWm7>qu+}7UW#+MDf>%S-dh0RV(dw7wo z=K`I*dOf__fZnRaS|7~>$4g~5_x^k|;g`AfX}^X9SEYzWHRP7aRYn`>ewcWQleVSd zEvbNaW6f8O8HDf;3A2r)p51j>qezkewykybnU1~6GwU*9i;nDgsL*nKv0d{`&i>jTl{BHP>`rp6*+7bBu z_5Uvr6vmwPAFTfjYb)#V_`f+Mj3EE>Km32pApVP9{{L|OFZ^Wv7lZYmfI>amzn~ z#UMBe{2vF4xEOJ08HeQ`krkuK;pG_)zS;`x{W^rSm9XsVuC7VXx8T$_x1$R`21|hL zM*d_mG%Re+&Xd!2Tv>w~zv6pYDXUI6AGAut#`AKU)Whz)!wTe}&D%fRyl}4i*72Q% z*@dj>5qswwJsj|~nN{u_wysJ+b-DTkD!zK)W>W>-I5l$R>$n_&ZpCy_nhy) zf5VZaxkj%ygkZfa2)B)Et#DU)#kvO5(4BK%Rkm}t+?ua8?cS@prlTuMa@4MGyq@U$ z_IP2g3Bmk_Z)S^SU(}B(;*d>_G}&5~{xn-z>*ne=WfeqSBm4=gh+m(_?g~AqvM|Ru zk1=zia>3LC&5ky&cPabL3UocOBCEN^ca`-cVs&lp8q@ttE_{2B@aja)oMm+W=>?hw zE3y3W)~~bn-HTSZ7$KGdt zZIXQ~-q7UDH>+{8TsG=PWmfm?y2(tj>2K68@vjS!VSj5R!NbWM4B&VjdtIa5;aSCT z+O{`sTiVtOp}P(Ffs`8$g5Ho5+urZ_W%5bQlK1)(Ex($zuBR(GPgeU`C?aZRtLj1hH`&bxz(j3@=q|fZ%ODH9hg-XC=koP&@^7v+QrOeS|-Be{K565d~zFS&~CsaH~X>)j)kR%g(+ zzh#;_J^Zla)P>H8Ki`$3fAc87FYK02%N?o1v1cd!rXz3h)#HiRx6ymqJ*VRt4)PMd&s}v$W`0IzkcY}SmAAfi~`0K!L zH?G`VQOOg-$w1)rsBhrei+8M$_*Vn(zd3cz$Rjkbsv1$(RhwjT@z&je-`;u5%bXe( zTYl_xRn4~Gq_k64u47~s@Y9^DnvP@^m-;WsPhGjnG<2@Gg{4P+K|s|iWgVTQty>>{ z_;Bd>@wbD6?*|8Qdb-rv0UnETHXb{A;M zUYfJ2Y2S{0d(EQfxMd|3Y*}yZ?V)dFw&l!;9bX^1_xJ~_uDTLqG9o2DJAqTVZ8K@g z#FKX}(_C#P&vIUWV8@Y*?JGC0d;anTPD^I#zSWC1EW;>?%Nc8^7*pldm0o{%t1?L| zbWw~$u!p9Vo{qV}*(;sYX$C5`w3)@B2TvW9(@`?8Gp3s8c*poZe(|HUuG}OGL*pr? zh%8n@jcmX)oNQ}kVrQyitg39FGI5H*{L%%83W5+|)Des%M&3w%g24n019dTNjIrJ1 zP1`r&08EWFiIGUr|Y?g~5CdHs%(vzJf4dH+m%lCr+BT1r04&3me(ETX9^qd!T@da6e6Ki$fD8ltR6PV-rn=nU1lk#O*sfw6#@l z-aIon_-b(Qx52@8@87?(w$ixJxmJgU8GL{1&8u_oe|yk#qx{8>M}B#6$BAiTWnr*! z9ry7MH|1myZ7tawT}SO~CO6cru(Q{zh9LBkYkb7{aZV3kLcfuEe$+Oq$e~xjv^}cdfB4&7R7La<7~q+xjR|h1qf_ zMrLmN{aO0nTdcC*4lHZ0P}raxy6(ZzRaxg~W^9@ftrkZr-)fuTXu+Hp%2hNpQ}oj| zkiKKJ;9cpl>t1IiowCU-@pbj(TH*vVg#(S@AmDTAa(e4vTY7>(K2II9SzDW5_<|k*zrk!3}zwUHde*UzN z$Al+&JA<-UM!%?_#hgmrNO81z?&QvXyM5I}WVNrW*1TM$4F=zH3P?%;%md=O`5Mn# zi4^e~Cu!ZE8=YimDzr8U9}IF}h)yTh z2S^)9PrwtTw2={@tCU-&#!UzbEL{T zlg#7j`LZrgQ}d;LJ5ura!7<`1v`gL718IeQN4~Y~MPB4>*m)_BK%FDT6;qh#*Of<{ z{xqUM!rF#bM5g@mQr)>vR;S!>`5x>{ozf?R?q1eE-L5IzP*va3p}p)~kBh7mlOZN< z)Wd8gIrHfS#M#dKOHy_?O3JEUH+nH+VqE5In6=LR9~tIwG_Z{yd==v0yC^lKLIThCi)P3i5|h^F*PT$m+R6HB&x z#lljYdZ@ceE|g1cO~*HvgiSgeuxgp$WPo2kHENH!)D+1E0#T#t_GPK5-rdZ0aostW zoMoBq^n8UdU3TH+hcyddIBg5an5kd2XYjxb+7#*5k|{^2d>5_V7Z^m^R!@I{jO!*o z22Z@2ij(tw#VVBY-bra!n*CJWS9jsdpU&ScqMNx(JZfYK)N&qNa+@%(-j^^5Gr%pB zq3!8%l=6y5ZkKVKv!p=5zB}zyhp`x5c2Zw%>w&xF^({m#rD`W{q`{!(lv=`S-+C>~ zCN_@Xy{Dh6;Gx2G61U6Na8j810CADGDNQT#lU3zOPTNX#o;cZenWK%PX+XE@q|!^J zQxRc8id!5#rW6K)X$C?0N#fvoLjBd&5^ zSG(!E7|BqQj#6G$M#3L<|o7`JfUbo<-HEIa9HW*0?uW&*D zBncbyu{OSC^?ij3Pj(g?dLNcx3$%;pmJ+7ktSOr@r#59Hg4dqYQW4N2kYL+5$#t|~ zRgpZx(KIeOxe=qt>%lG>xYD70Kx#3+POYcE$TVA4Vpe;v14gB6)*2%4&hQ8r?y$IM{itxn! za_hP6%5pWxqQ3ib8~fT-7q^rwAW+3Lb~5pvT}641WQm~zI?6j~WdUMLGMnP^y>?_} zwx@zRPSQnhfbWZtnaFV@exjqSWV`|vk)U9SCe%CbPbmhR}mZ+fuNKSq}&&&a;c-x)b_cATVJaT zl8sdsP>Vf+u!t(Mk2uKXe=^?OW$%`wvQAg&T}pX#D-MU$E(sF7TO2yCk`QZb#igG%k$ zq)F1UMf$0E_?2A+nynEf#+e29^tfkQkJP!Dd#Y_aH>+yt0y~rml~VxJ_GKQ?cNx&bs6MFD7(d zs>r&nrryIN(3=HFjz!(qDb)oAM|{aR=UNhrhgCgID~n&xEVDbRehvt;Vz$>hX(F7hIXVD9ZpG|#S4Nee@ox3Rd1rEOZL z=>jc!mrNw3Nl9lmkq9T{1RMPcwP|8YI&_c=gAp#@$oQ6* zbhL=kkv1jWT;0g_DcA!lr&A}SS1#(hulY>iY7r?b8QvaA%CxE4yWioN7w6vP(?O>v zm9k2ln(xy}vK^%7am9VbB4i$PoTg(VxM8d)nYb0c-#&kyk<{m?wtt|=Nb_?2rS8hyUZ`5Rpa}e4lroqvwM0Ks%?rU((@$dM6^nz^V&KdrO6zs z+t}CL=xVqYLFTC3*Bl@nGrbzId^*C{Xs<5P+un%xagLNJi94l~no62Vu2VkPhc}5~ zEDuY~C#TyKs2j*~Blm39y4mkykVvbT*W4?)JnoeBWrr2H5jsjUBAA2PVRy?poAR%1 z;z}C3-YYgQ6-YmzBPRL2lCwKo zk?g4>eRYP=B9Pca7w@7SK|d9FutH&48#XW@?#~u zd_W*h>PI$FB~Nta{=k!2CXhVzTJjK!+ue^xx{!wvGS_$}js4;Rmejil)h(%{D~*y@ z__4+;$;=*yYMxY6s?-fSxtT)#wkz#}K)hK%zS>28$&-2K$C5gvBpuc++1*d56G#vQ z(tBAlkLa0~_)>k1(u4@{RV>M~Jo+lS_;#km7A~%uD%ptu5lhnHI$7F5>a0NOb|d*E zMLJEejJZRywOaxZsQ;#P^OxiQzu4DcOsM)t@xS#r{y)V3=5#ZL_5b4kF+=z-d-<98 zzX6N;4Tn$1;@;62yG=|#c(PuzIoB~nGptySH|vd(UNuGaDsA!)7R(!VGY0n^{!iyQkW3&RZUTVMusO^|lx>gL1lG&$aJz9Ov+g%ejt89OH}=gRO7hih_TL#_%f2;^qd29(IQm%%9@zlD&f`!7_L^ z_+FdKd^Pw+t;Po9Cbjl@)c!AsG7 zf&GG$5m8ms8^4bXU99C7rRW`CdGcF5*O?NFm(I9+)gv;>!Q9*cFo*T4O#06$N3!Q^ z;HAHNbtf&>`@;FtgTFp|P&dKD*>>jiN%~a9tSE=s-b`6Z4BOXwnt{ZxKXm4XS(MIW z2Dut9PVkGG<&?lOO$?fzHrKTR5}T3Cf;g|%os}$em4nqwVy9~@p6gfr=cusb&%yEf4jv&PD|n2Am^o_t~r5DCDFe5i4l20j!S}FxS?)&bKLX8 zX66LC7Djj#NBS%bnQ`Z<>h<9+nO?R9LCyssZh1kjO9Gu^-E4}&W-g2H&Yv@*BHAxM z%zJT|50~w?HY0L=h}Xg}-@KUM!OJI?`c3z>oP20ua&hRjU&bzT(el{wp^ zJU%3UmP;|)e|d7$53L7J96Yd)X;LxQt2lT@CvS0SRA6doK+;Ty5?|-~xR8Y`*Ze@w zB|+Xx!vjAQ#1@45Rb{2r`MYyH9Li>SeTZV+nC<>PF7QKq@L-mv|juxIth%^6INx)>Ey95MF?9py`owjV-S{lTmULEeM0 z;U|3DpUjJN)ut}=aDDIQu*!n*Av|<2cR>XPGYgMDq@lW4MfsGeapL63UyA=%&{vuz z-P~5tA~$(XcIx##ffSu{WqJ*@My^$6={JwWUE&8GXP(Y?t>QH5`)uf}a`g*oShqLx zF&1BTsbPgI?O6J$h8z3Bmj((Ig1fAvs~BkdaSRZ%cf~L zGdkn1=zA}xs;}MEplBAMsbeVDKJ$7*$(9sH&zPCPduHzrdU(!d=Y>_SoxSakuax|> zW8W65_>eW-{*%2MIEQ}C3|g7yvMlb!&7-R>)lU1$q~`Mdd8~QY3N0wiSs1m6PQ?lt zgO{5Z&6+%`?-K4tv#ZJ6a=gl?>Jw8x-bKZBde1xbmEvjtN z&(U&cX(i6-=L*U5v^{iJaCVdo7@lUmT<{cHZ=Gni@?a#9~ zZPQeiTuF2E(0(ayc2>7EVkfQmMP86Qm7?XRU0AByd)w&i?#mK}IJsU7=4E+5#-^Ur zO42J4^CRi!H_Mh%laJ6y#Ve6s73#)IZdW%I8Hm?tR;R)wQkz`2!d{o`gu%-O@H-7RBE2TmYK{Em`(@X5bM!L24-_je zH{)bWZVPxJImPd zpBGY|7+ql)+}%`FqrZ{U8(+9GF<;W|OqbtO<4h8ctdY?jNi>=&wqLAm<(^v7gt8!i zFS!gIhXpboHjXk?zRR5=S`{uf@`_CYN__`vllJ7rtDX_;(MnJs72m0jxz?i;TeoE@^K>J5_+GoYQlUWX;u*S&}Md`h-arsE8SM zJ8ttZ**-U?%TX)aq1aaAzDfEbHab>A}SyHswG=u7M} z&zIJET$J*(R_!X)NmoB_d8A^KQl|=Dm5{bPGgU|H;saOfi!_;>)cZjYZR|YgX7@Z8ccJBB-9@4(7$Ta-%xD@SZ(SKBluHJ{SMT#gtx61^YF;K_CPp6a$q z{SS!&+!_+55t-Ip)3srqllpfZglQcN>FiV;O--f%k>ksRW;&{#V-~4A+K-nNi;!e? zw8$hYotmxw^gsH-wzPJxEy!AZ;u_bL~Wm|7-+Gl&=;p?hKo z{suTQ(l52QEQ097uO`PJT-CTNoHjiV`^dN0jEg}!kCZsva;VG*x~@@u>gkj_?8@}x z_cg$uz>=E@0lXH;FqHzV7*F~e0#i(r%C$S)h~GQ-q7FIau8Nc*$RemOxWz4ros#ff zZ-|n5ViM67E0C^zg2Vn|Ai#A$=VHkbh_@7?7)j;+SnQ;Nsdlv|bS>9D;vnPP|C80Z zv=teRIQ8##KK8^&$Si17+&ibQBu_!GLfnFj{2Ir_74N==Y>H6DQUvxY6zO>sCh{Xy zOsOwb9I3v4xI3a`O7}hKbWXwcoBgS&mbokD3+mJfDh2Zt`N-nNAdHmCWJN3wE8kOw zV8h((U)WDDOW1{b{*zfHgW3Z z=f&9?2==YuG$Z1kL}Wf8%)ui?IvOo2a;NnmXF6IL?XuyUwBKnCa1rwl0`e3} ztJYfzV%>;fO$8BJ*DvHtFnQdpS5XrVy=YZGeX2M0Hdb=$wBmyMmk@GSvc~T1R;}OX zt;k^Eq#J{rRiUs!yptAfiZG`WBJwC*Oknz#;NHzd*8I|{wWjinav>sV+d)(4v? zN1muf>`%Aty0_!Tk$9^^KLsxc*rI+=&?dQ^RXC}W{gr-CE9U0+`HCuBjCaZ++^b7@ zNC%fN3CY7Arx#edx9kgNz8z$A(<5& z*QaA3vdQqm<&E~A)j2)Mew5HYkElc17#l2SvMLNJr2yd(?iUT2wd2Y_os@{ z8wq#;kS{PZZ)EzcL!=PA(N#z52&^uT5Y8v=WJ$y~66W>W9PX0&g&7=U8B9z?`g)}9 z(1|(7(s(-2pN^xmq^_SrXpLC4uFMx}k;4cVQ!Qq}#47U${t?`j{rGS`A&5yj93kDy zLVjV%q+gdN@`}Ifk@}uRV6zDRU1I+Icyku6otl41fQ_L@lLbiJb>!VDoEw$tiV&I_ zed2ip&gOo628EE$T9n=;wbmxJo42e$36rKm$T?M{VS|53$IPYRx5wdM^Dq)DtR4&J zfY>2)LIkxWo<+!@6AuOv68jU2593eTklP}#77^ICM*JKu<`=Qzgf6j2Dj~23ugAhW zvatR=Vp=4ed1|0ps+a{rcu6T(*F%U1D&Q~)IZV>g9#T51{AAzq^hUgTBSyXe6Ak&R zzX3}4Z2WH>Zf;`}ZpH|=25xqwIVfdLF}Gq{hJ#K(I7pMA-44TtG@}_%ff-JpBK&wk zbYupq6AKD;*wz33D`2YA{<3{mc^F|c^=K#mMeGq{V2q@i9AbXKS z^7D&2c<|2Y({C0n+O%oY>5!0&g9m@uyZ25;#_IC&g9!=cGiF3ZMHMm_j*Av;b94+* zQK3zmG=)ZEP$()VV9RaSp|<$q>Vwx47G0k*Lv-?@`dT$neJy%SCVr5wU&)Ez61RK1 z;K|AUNgm(nuuC>;R#kg!%4>8|kgz`8vR%ibR99xBJZ>?^qUomb0(s1)PHIUZS=y$v zk?#If46^XIo%pKsv?=J+GX&fJ#tK$DOVi&KeA-cu=~6?j5Sjfk18d!^LEs1bf|S+Nf)nmvNJ*q=ALWbb!7*uZpP*r2X|js-=c*XG<*3TYvwcoZ-pPUhj)% zHaRQYq^LeCUb1hp$(`dpG}N?GF6ofGHh-IlE~yK7Prx>iuv8f=;heJ0-E6q~)U$r;fLxzK#7V%24O1bK~)n&3MA zJ-O;en9Gsv7iAxlRlild`Hpu>e1X`Dhb5E63b*FhFXP|0r5vksH~n#awM$iQzEWf) zq5ei+y}I8MY~9)=y{c1RKC}>WBbDh~=B8kQ=&aBEm?{JO|1 zStGK~=9kTRU3%m-)-`L`d!L+jJh%4}-$9S9)9<%pWb8rOsSjuyx&9BFy=EJcg;&Tma5&2WawUa1thD`wt4KH9rOL#I~U&E zUG`RLpl5Toeu(>v&HBNuKU}uLYB^3h?}inpMj#K7jaWiWp?CV=v}KI8tHgeK!5R||k~foV@ttDrH~$}d-vJiIlC|BF12g0tbjTTI z$eAJMoCPGz3^@!L5tR&*MMT6z5>Qb=5D*oIq^PKXqKKj(sF=YlqWledgRZ*w?%mzz z`@a7+4?WdYU8kx}g;Ra1>b&&Qjh@?f#WA2!QbYTY9^b*9}(CMKn3THpJ*+# znXou(lkrNWdZ3rhHLZ||I+KbVkm5Pvdq+;n7dXmLlxVN?{`hSBX`)S9I=Ye!7s*UP zT0azMJifU{(15kl`SF^P9apaCiR?x#K0_Jtb(hhn@-=27_?#*jL{pSH#0vt6tExn1 zN#PGmF?gYq=iLuarDBQ!!Rs6tkz3>pZNranQ8fEDW{0EMg@R9kk{5k2smb2c;Rgs7 zyxtcq4XWP{KC;c2-a4t53W4%I^l-DN72!EIV7gWu{_j{w___SoP*YRU)b#TUP!3R` z5Wgq?gW~*Gti^zs^x(YU%iI7oyBPVqS-?M&|LRKL$bS$PQ~7WG|9?i{e?#@N{I6e@ z|KLU_@Vb2)JpT!r4tc(7*Mp3V2kX~Ah>5ukUKGl0L&Iyr!k56=0RVv3LqMY;>({S0 zG&BTFZ-7&VZ|HvaamB92a#{dli9jf%N;4ZCz)G;PBG_70QrO|1dEFsLT6WXT<@k#v zdJKkxw04U_UhW@yibS4?F&N|9vp*1Gp|JCEdfJVZMNBLKRTQa&%zd{9`{}nYNeai`bQC)x*oB|lrzRVFGoY!-<{2`(;MI|xc4`$HRG0x{Z!vE~ zWP?J(C~yV^`h&GX&2FU8YD@82BEoYlSi#w7dP_RF7mbT^ErUshJn&F6X` z45}mz;B4eMhPMiV;JXB8N9T~4U^;}V3=ydT0-X8QJ^~!i-vOgO@Ize_A-JRqY|QSH zgu^-PC-3Gd7^Y03SzsU5v|(i3(KP~PLXOo* z5yNZ{P+9A4xW&B-4Z-MiNu?He>(Oc3*$MmIHWW#{6yCsemECEhgW5cw^z)`F5j-^> zQ&VQVux@(0NQU%m6_Gt8O#?7Ec8&7Nqt}$@$>akMy9QE}{3F(dcPb7m;=rDN@aJLH6K5PS}O_`bgybJAW zEnohc{iU&3#V4*_tc*^3KtQ<~VeGJd&K#d%`Ln+I2IEAnqnJY*k1O`;6k%%^o2^4e zrNz2*dVHOnC!-mSjAj-J3MmqCmrQ zMi~XQ1C-O|t=qLn!sV3Y=p}6>SV>KsYQ%I_J@@*u;<$-}(FK&-3eOJ7p96Qa?cn?< zZ^!^bL+f5GK{to?kJUXdYl^Ffvuo7WxA@CHx-Qlj@hZ=Jd+}cH7Bm1;WISf?y_s2L z&qRg|+UH?zsa_xNV~_5gzt!@=TmD(8ldtCK4S`)o8;M+u7w=@r1w1-!w-?oqc(W4R z4pd=xoEp2bUQiPQYdx^x&CNU^BHJ?oukkagX&+k+#4LQraWbZKsbdO?u&W?u|%Ez7sj)m-o!voG;yGWv_mljD0^z`$C$6x-$27{l=e;UzG z* zl> zpZh-qwDj;x{|CP6|H~m{DAf4hplbdPL1?Ef$K ze-+RG%-{C^|BY4fLsCDif0KyVWn{b`M*I^2KOg@|;BgNS8{k*_56kths{Hr(|0fvy z7hYXK_wo6YwmuX|3M576I2yq+E{s6XBq))zl!;m-&_N_BDawcXD`G#>{flRazMqbg z(m$m0N3kltPmrkg4+Q_L@yj0&{zs1dMcA+Jr$hRRBY%DO*7s9UQvE%feof^st`UDf zEoI_&)B4l;=pRu3eo6kMw(AG9zpC?Jx%97nNq;{H74_dU=N~5P-;bpFRT~NTWrrV0 zHT)~J-pXRWfwi^0owWss_T&U&)U6<-uGj%m_KBtVMTdd-XFgOAdN!CA;1iqV6APLO zrA2=USpNS1K?c6c_0Kb4Zen2VZ0TXW7paw>EJ5lB9nyE!y8N4$Q*uiuX$;!+U4i2A@e7Wo zM@Gl~g!Wgh`47-m@}YwWQa-WKAUK$hzh49h1n;BtWBN)ef2dx5%e&HYivv+dBWU1~ zQ}mCkKuP1z5dKPw{rx)qdPMqXocM*HAJr!~B4A}{><483Si}6nfM3Y2?6v`cF;{lt zt{7r~ee~SP-OprR#uu zm4D0_l|R)=zFF)1K0j3dScQU}1jL~OLF9etk+D>tm0_2p0^uj*gA<3;Rr;5=o``EZ3?+2nb#I%@mHPrKGAw`a%_)zx|NgUy+Q7T^II+ zCMD+25T*VZsS^qc9i`uo!OI>$s#PT|BI)~m|LZir=~62TSpUEkaAFJ6`$3g{m)_?_ z;ul8^{$Z~NDgK~C{)FPMOYA?$;|~Vv?^0ap9Lt;aNJ^w14$ewiKM*WRU(+ipVr#>Kb zVWKASC&l_^P*DNXTuB&|1>t^y%d?d)`y{_f81x2*TTKn3x)1pK`AJE`&xi6u;jg5n z^v&?AqWT9*xtxdPx!psCO$qiONWDgU^1O5bz_6}3NFx}fFR%nCP6EnH2E z?X0a096?^XYZ84xE#yy9{HB?x|51K|GBJkYM_*2qs0!9F)h7m=G=S9$0xrkKF4v^b zPg4D+Luso2!E%OEf|nCiS*c|Z**J{)6A`4OrTi5?zci2)E`dm~U`Atte3XAA2Ef=~ ziGeS%e_4~GMkf5EB2~T`CBKOpNB=QrRKBW@FA;y4nFP{eeWKzbKc52n{!pdz6=%Q1 z4_lUkD~PXPt@*@&IJG}%^k2zXW9(m0fBb(R^@sXDM;bj6Jk1puz3wmb=;!)Bu&=0t zI=`>B|b*c+RuMoG}sS=6rI4Md?3`lUo41g z{=HW6cendP4E`Vf()Vgsae4j6F)}jt-<0=%+W*x^-}HZ#Ws^{U@BjEW@&9LJwCF3~ z>(N@Fk(6Ls1l5lm91*%s!H-T4qb=isYkf07{N3w+#?AkIVG4>0ie&4^h(K$w-v2|{ z2PORS^$Xtnx4+e!e363;uWXKN;^5f@rj`uVVh6c=+!4 z|3lr+zhiaa{{-9q&lKXnQ2$_mCKAOqmDIrfUr;DVlCsJceZvqvvKdLq&A>3m(@R5AD&E=EK}T0lLD5D_ z+f-G}%fw7uR$g61T%I6er=uU^vL?XU&0a}ES6bdcK`G4Lizp&)uBN3)RML``my?pt z3XWD5lMZtAN~DJJvv5fAt@1RrRg;uAR@S1s`)kM$oeeFcy#fflg0_a{@&rk3ITd?d zGorX`fb&|4wMVe4pY&>RJq3+*0ny1JaU@yAFpofaX}S1-7$*aJQ0b5yl0U}= z#a&Uk$Cj3EEIserS(3ao+rD(K``O6h$7B8bOE&ngajMFU>MDs(@wJ)gZf@RDu+GIe z#Ai)Gu-Cp=%6bpmcvq_!XUok2YvMiZW87?a#0BdRMA@{Wvjy07W%tI*_p;UTI@>*4YM=f;N_g+T+XB~qJX)LXxN}Q&7_B=e)kRlpTWG-MAgZU6W5pV0FEwRP zEp-Z6H`&FZCMwKDThm@cZMdwseqEfGv7x<=R-&D?r@royjMQ*#&1eg=9B)qx6=fR@ z^*!-%ewG%|?rvc&&g*=AT!=&?d3kMVX1Ym#Qc*@xul}Z0h8eR%cEWjalZ@`3`D~WeTGYXE z2k03LQc9RS%P2`rUH>3H{6(p>JJAXP=j@!N*YDlDF75vNmO#5Rg?bt2VFNMqqI%s* zoaVeC?G!VsSC;nn&~nL&J!1E6X$A#W9pw_np5lSD*Mq#nld5}Aqq{GcN4oMM-&kkf zR_P;+*0ktb_3?WRj!7?Z@|)!q@yYNDmJ|JQ@LRy8Gl z-gc!}*f15Hy2KK@e#kB-VbESWYH}hS#i7O+15T$tO6FB7r!!W;&^$bSr57Z66I}=i zP}VfGNU93jJTas4wV6;r`4milUT0_z-MN7c}@3WN(C17^9~l6+0>+y8Ru7 zmZ`mfGB%BAl?a-kqvn3oHqO4GABQFz+3LN$)xywQbf*--@Z`y!&C=zJ42<;H92EU( z@UEqFZJ5Y?soI&?0pa91;ekTk+jZHi1m0H~>OJpsx}^7Bhm}QVYOHO*yaWwP52y%zHY-Yv4U09>V>+3AS?}p?*ahtmDLD|hH0Od3 zRyt!T$q-&Y1GSRur}vzbI9$G2qApp-eC_I3&b)ry^SPG{y;p)MQ`%2%8C}wTKWS9W zBt)z2^@$E|{&}ZPS|WyvxN#%%l^oP%F}*nNra+PuQV~tKtU__CT*iq(G1jZEqQxEOO+_ zBRqnDjrs|}COepdIr*|C>XuGKzb=!nc_Drk`@oGCQ|7ol+0MFyA9l{HH_H|>IW3gUZ=Ay@%0UiMAf(5$cdb=N z-yI#4?PeHWfCv!{pkm~-r&GN^OHjXrWz|8id^?u)guOS3Zo;ZL1{kR!l-i{zTtxY_ zz$oikmGbU<>MWG!2qEhjnUK1}0)X?HleOdLF(iWn9MiJK4sQTddvG5v#C1?9hrL0#Z>E&C6xJ^X)Ez<;$m-)+SF2t_iC`;^K9;yNhxk9qZ%uo6p~Mt4b=0 znC{tBjFfk$=eW3cqnKG!Ba(Z0Iy=q~jVR>FijU_v4tpImbH;N1sTaJTI06aiYQEOutkw3ZSW8wTt^=$*oFI|Q0@)e|NK5%~v!akOVm7I4 z3yx+j%5^!2romkSuoD^ldo@ht0)!7o-J|AoUrp2A#+tE?J+)k_642_K$9m?m9_KY338?uovqL@9*OLsLjH2{5;NSQ?dHRqhhe1Hrm%=#jP zPi1LTkX$6O>3p5&Gl~Zw{cN^IeCJEyBfSU? zK^qqvpp^iZ#PVLgiybB$d!=xJaz=b^v@>om2lCdc)Udzsg=lEZZ*v+jbgYyzm5gSG zuL5x;L{dV~RC4+$5dhIBYWgWT)sbDMhR;o?%733Qp1L%b#*<@%z?d@%9jHAVM~nL< zH9%8u$s&@LKzNWFIUVcldxVb+=-i!eij=G2lLGCb6qBw554E+On(dbfo67Sgry$rt z%YN5FZrKfrNb0brChw3*bz@Dt!u%*zUR^nFnT46up}S@+SFr^k=)k4LTVnSs-=GRG0HY~WzSdW;llQE8Kp_(+GTpkiV~a!tWV0Dn z6lGDI$WuL+Q7z!9_-Vib%wCv6Q!3tp+{@cGnWcHM3Qyzh<*Xn>7FDM=#+^Ja8)1xf zePzhAEfEgWD29u|KVrO7K5%r+WmZ2ByYcdV59b&WsnP_R(+ofY=sHD}sAo2e)>j5f~^L9weFvfcH5B{>7kx(;A?%~v71il!b0mG|(%Pa{=I{jd%l zhTzfte4E&5-m~tv#jzXmoK@1;^4*Qq;>q)E0#z^R&kflR6BfpHE@Ll5SjwmeDb%N3jnpu{A`@{$ljzN_1{9y1*B+iVn8`Vk5T0UrHuu7jsZk zkRGhah|1_RGo(aAWaD+XTQNeRm>EU}VD?PoL|{W7(=mId(#e#<6l`@d+;}@on{~Zs z0%8>%;klgyQk-GgkzqZSVf!w_9-aB`FogJD_}2QLn8g1G{hum`|NGmuqW=R`0)OlO z{tFG}U(o;jh0VGDg#!JZ#Gm58f1&>Wnf^~zP31fKzrXFj{Hc2US6}{){x1oI@j{_Z zQRq-+R%&2JOhHRmMMqD=z(_(#MN~opM2!W3V?3yoSDzLamOedSddKKyJbiiJ*2(nBjb0No zH4QBZMWU#z9M6XjAP&vP_wV0{2y^jpp~uHAqL5I~7~DW_^QVss{hf^yBmJ$_g(sV8 z9?eWJZMQbU%z2{K$8HW^=xM0n;o|(X@b2!l zVR?RzD=qsESM7c@abxWAAOZqhKUj02?dbHyb51y@E))E0V?$s2F&iw*iw*6BLprfy zBYBw1{k`iqCb2^R3JPj~gu0+$4ro{y6T%IHaKs?!%;+^tC_@aw6_1W($6E-m-fClh zYRC5VaKHfpwLw5F5l}NE%m<4yK_RxXGNrNN{O}leEP5>t8_0rl$6pe(qc${y2V~6j4GkQI4vqo@i}3dZIHH0(b*}BLuJo080Qc1pqPt z=s*BvFnbV)I|LF6g~~%9MsS!L5|Ij87e*p95O5nL(h`Z(MId5v*d#m?XoN2ii>2YP zE?5kOiOB(j31elZFyoWi*kajO6WQ3JSXuM9x!joXMp$e(8(Stf*IE`9M`nB}KW{KQ z+Zq;@I4;gyKHem5u5eC{C@#)TygZsXrVuW!a9(Z$Hnw~zNe_O$G%1O765<#*yt}LG zGxF==;^Ox0+kd40gZ!%hlYtLOI_eof5iVOsGAy=AIaD}Pdng%jN}nM!hZ=57k$SrD zqvd{f_a*+PxzxhPT!V+2LPo_+kDT0Q)z6*cDdT*=-h$0YYFn~n^{vr^R0NZHa>q$c zM{3Sa9rj|25SNslvf;(5!94*6H>DiMv3-^#n7I}U z=}VeW)A*f$1Tb$H@RVORoTrs^ptgZC)u~=0+|f609l)#kWT-bq=jt2`uh^e{^j|6AhWyQu0L#zsnY?PuR6;X0W?8u;@jjqnU$zHtn)q&m= z?J=SdUY{zK$u2oCi46)ieKdj`jVq@;$zMwwy;6omxJ53${FR#OeQPi^MM)P zUOcrVSTt3Aj5U+fn%561a6$^kE?uso#2~(z+0sY2Cpeui)6zt-5?_#4#;IXSoov;w zkXfh8X{MF|c(vKebXIZr99)ruR~ZB0aip zlu<3r!tAeAeP_QPZ#c^VnlcJG6`LB#YVM7N=ub|SFEMRtG=PM3d4TCV?Lq6*{`1G!&8fInAnHM>u z?u`%(V*gOd#k+^SUf_GE>to0;rczk5KtxJ&5zfG?*-WVX`cxm+2eEJ{-#k&*fYfge zn4OLuoI>ew3QiWvtc|I*P`_Rb%~!sJrWj~FRXKk}Fu8#Z$>Uesd{V%F?qwgxqSz@j z-p%BrOu8o+&1X212fGo%$2W^!60e~5phZVxjdGRd&g$n&m)+{+5DFSH$QDe^m_M^l z=*m@&+r>zQj#Q@PcdL1ou4m~CQJ|M|&LYu6Xj9)b4qo%@UHQUzXizU_U2&h{6BO`q zz6kFJ^saiwO_rpmGR1Wm0`L8x%GSQnxfAS=rtZyFa@DXK?peqssT2q<1Axp`W{S;q zZzT_;;zR6vmu~eJ6(WSuizz*Njc9lwqLOFN*iMof2@~Yo%T-}-0x53Jg(mh2T&VMTIuN)X zgil&ow zw!2h>liGA1sEaNhD21>RQrVpvtNBNH`z6%oQ=QBy?E4a_^U?iTwfcEEVt1Dw%XL zCmX$3&0kJ15wEPe;Mh7WBvfqjF>%CBl@7r|a6!Nr87UuBRqH+p6@K4rN#Jy1W&zF+ zO>3FK~y^>QE1@=>g; zg3F3MZgPE?O0k{>ZkwZIiOpzJDfi<5eXUT#TVHaSK~Gde6Au*P*nli%nK3`(@9ePI ziYmhKf{0u{0U!uL?o|eK82=Npr%GZsQz8(&Njm_lpfkyH%e_xVsyjC_117Y84sHj$ zn*`RT;^P@TLf7VIR0iXg&I`3DDY;i|wyHeBf16B}c{ZE%ZXsbG#JQK}>R^B(AOet6 zUY;1S2Yh|g*-Ja%%GOo6;VS7FesmZC_9#PZFs^u!^_9@IMe0ont=i|E=~l$s_2*Lv=wm0xkjv*u+V2apF|IZ;m0?)11tCU=Bo_?YDX8^?5#Vz&_uWg}|isLoK1Av98%JtZZ&PlQA4WEyWrai;2kFz)i}h_ej)JMv>w zJyIzON$%%K=|XRu~UOGxIqGp3&@Ml&}T*6l~FZ_YDQXqkjT|BNZmf9Vt8U-~(Zs&-WT>Z1gPK!7#i z{g-!CSA4*&1HbsJ(0m6z0|5QAiFNQxsne%uYfWIQVghM5QVr zIk!|b8;Xi?Id=Oit3;;_8==HYoaUzHDKVmj z+}sy-e;JE(=cd=IyrP}#P`j5Cy zH^vJj-B!cb@_Q7Bz1g`op?%>~fgHJF)L}GCFZD{yBM|K-kvI0F4VPe2US6P;Tx6Zc zvn4>6?T&M&(S167jcsMVC3#VHP5E2T&^30)3f`nLhJvwn3c*7~`RDU)MVR423N+j& zI4b=gw6N&c__aT!o!Pa;Bx3(%=mw#-W0&gAs&<`U0(LF|rfm@mhhF;(od`7VELN9_v|3IThFn=Vv2CN9<@wjv3$E_tckW&%wLMK( z^n8+3qSSQ#0y9UwTXE0qDXw=4&11ZMA4{%7gZEg|H^(4y&c1yt4M);<2 z*~(3`s^=tM`#pTUX=&){!U4M{hj&QYwM?IVpZmc5(2Y&*_(8p`bl&mC@I!CL9}vC0 zkLhj93?F#)anN~VWAKQUPtlFp4{esSS_R^7Z^UG%ows6Q3~8p19=iN-;!chAx!4n2 zYY#J1^qREJo@(E)<7Q4M-*YWNy<_R+wHn@lH`fJvA8oo`2i1u%56v5&Dz_pg82dS|g{(3yVZv4;oOXvw&DQGr6t zj^l@K_qHafE&LLF0&6?|xt162Ntu@va_DGi&^2|K#b#UA`Y|xw`Mj zd5$`Yymn?c|bq|D> zX-*i7W_8L0jXgSe=UCzCYe(zX`+P!;IO`pDz4AJgJzB}6Yp43B%zcwd;jeBM@yUPm zZrvES$!<}-e$#>DcMfsJ!Zs=%+F9EDP}}zidwc7L#f3~ydzq|-rxQ=27dA?|h29#v zIh%FEi2p6J>jeMmN2(WNgq}M$Cnh^P1*xifTxZ?os-rsH?s23#z? zvUoz*Zcg?%W3cZLC)2!~Lg>bA0qQDy<8KPQKfKm+BxKhAQw^U-pxEsz2?q<@=?8?~ zxL)TwJWwf2*;_$-8l8J|-PLEeNQ|~<=-(Y7ablQ-432+MV8M1?_8kV2i%T=6L zcWfGYF8IzH?a6f?EAD)FVVP|hII8F*`^Ni}*&DYTFS_n5D8G^48`wTN@p$6R-qs|2 zqbGO3QXZ<^)lxsYbYn$ceU`eY6=?;o0x#Xgxmy?+`Pe(!nOazz0H7CuGY5}0L_$IN z7Y>>YnS_}nrXMpaogjo8r{~YM%^bcKjLzg8nXEc~W(9OH- z4*cw1w#Lfo|JhAmc2mP6sNg%xd8Sjtsmty@(47+>M+4ok<)af>@xinN(0vtji-pC7 z2ZQeAc?f4XXjcXl`pdFjES5$I0^LN=jf-}6Gy>f^;I>Cx;P2f2zjMdZ62W`|fKenJ zJSP|!6ibkzNE5&l#~K84T0$6TjYrbH{SsetzSn!{=7PJ@}j7Z*hO~i>wCcLg1VaR{Wcv{|*3X z&jbM8@!$N!Dgl5c0|44C|E@gT%k3p7HkPiXs0gAXDg@Ig3d;=r_4=nT{QBmP9luLY zVL82Dc}Fm&1^C5<#S)g8N{I{uEs79UObHR>ziq_-a>Uv#E(bEE~(qG_OcCW0&2 z%0PomV0A}OgJXjuBM89}KdRw>G1~9)uYpaxJYs58_X8VHSoCP6cxh0tNkD<$YObQ$^px(hvmet`afVa14Jv@muUDrOy~2vdvc#9YSQ!+gN9 zVI{G;SZ8bqHWgcrJ&f(g-on0QVqy|u(qwXA3T8@SDrah98ep1YdXHnr$>5A|Ubr}1 zA+8?Bz}>*T#N+W2crtzsJ{Dhy-;eLb-^RaV=3rJ}wqT|*Z(`ob+{Qe@{EP*|BFqgd{tjAfev%Y5IU?Z{Fv4ykcvmIbN$2QB3VwYey zVW+ZZu-CBnvQKlsI7B&&I4B(H9JL(%9QQbpoRXXtoFSZfoQF6san5nEbE$B-awT%@ zue+?v@>vL&#~$MaWglU6;qn8_37YAC#X`;8w6!NKPYI) zbZT{`bwzajbgOhH^$2>tdX;*U`oj8t`qlb($)aQ`xsLq6K-wV0pwZx&A<;0}@R;FS zBQ2v1Mhs(^v6*qM@g);>6Bm;TliQ{urh%phP3O#1&DNVS%n{~R=3C6KTL@WDEcRQ> zS*lxZukz&HSl4Oeo$G^lVGFZ zis1PW^N_tEZ$s@u>qD2q+`^88qr-i}k4Laaghup5u8K^I9Hz_Cv*?piT2b4g=Ax~l z>tY}=-Z34qoZw_?Fit8iGj1wgFMenIy9C#SmPEG1h{VBlGV3<4dyr(Bv~N9pJ!O4Q zvT$;0^3(={4OJT<8~r!-Y!cm+vFTolSxQ4HHZ?T$Vj3~6B<)qYTY6`PP)16|bf#J6 z!7S#i=&bA6+Sz+^;5orLmo_VJ-m&>pE;aXj9x<;hZ!w>ef4+cJP+qW97*KerNUdm3 zF|s(K7~I~wrJ;naB&lS2tIgK7QbK8N>8ou%+s>7#l zK^3Dr4R;>dCAe$zuD83XyGQnr_Z;3Uv^Q_>LS=B}Se02-TeU=WSq-u#zUF?dYwg*6 z8vFLw@z>?meXNhDpKNe!=-aQpfByl&14Rd+2jdPtZ1idzI%IsPA8_Q?*9j^X2$$9p=pJCB`EI8lF6 z_~g!0T&IeTI(PiM#`*ROY8ToDRR@n%V%j%aqhBSvdhjoU#M)XIzuNYrBbJgPN zg;Cql;cG6}#;$u^pB$r(&E5#RF+UzZ{^4fIEyS(d304qURPc879qBtqCe!cqV3M@m|J#{Qa^As~_y2Rhm8d(DdQZBhN?o9@8Ixc#`#$?dh&(QqNkS zlb;XHxzF93kDgz8k^hqKW&JCaS3R%oU*CQc{^rBm+;@EM8s2NXKfBw>hGH^W!GdGJ;J=W!q}VCidhR@4Q9bYTAI#!fhPj6S8d%XQd0OFXZ z{04;x6SIyuv#XSfV|s`0`D`0Gddf*}TbWY(yJLglC%l&c?hmW>`W|HCqjKPxky?v$glLW{ZD3 z>>JJ2#PQtiqZ_o$tmZ%Hu71tl-ns1unyqq|M^gdHkD2zoZF}CL9fhOlJ_A+{y>mVP zWC_45=+k^II1HXR_~|kuUOO}4_Tz(H_Y>Xr@r2XcBM)4@vT^eX5c%xj)41ogBWmoE z7R?JUn0ERs*ll_cw%BjR{HcB0hB#{5b_&I6*Zqjl_NJ$+3VdeUwky9XOiD>Ov~%^8 zkbUz6b@IgOhND(DpBy`UTi1Zlvi_#$MAxajy3d-ey5DQIRJ!zaw=Ha}*;LkisPpD2 zLow{*^}XH-_}H-huUkH8oxgGHVBM^@?kVkBhwRn0c!`&_J6AtzkG~UnWm&Ja4*6NH zRk5tsx_L6T|CHE-hMnE|WMbqJaC7~5$+ja`9)U>i|Df604r;cFzi75J9&|QcH?a{A za#{bT`Fhed=jWjy3l=PkMmxth9`d(&FLK8QRD&9h%;~BvgrChX`*e6*U+Z-JCxI)c zN4@S`tI&d+=DBw9g72%{O>Ub#$2WZ1V0fs3%V^TD)Voj&kbsIhU@+EA9_9@DJbbpna{_x(F(^YL^vTyZ6?(c8;nE8U_yz1gLd& z)NmE93w*GC_g>fW(<5PlD~hctP_ea%?TN?6+X1TOc4zetM;IKD82_Nm-p=6{bL>;e z$3LXk+Se{CH?wm*;&s$PW-g+oBc2ml2R2aN$n84x!EXP< z>GoNJJCDLHEMO*08=Ux*P8qJMSVasg+r0!(y5I>PR8PO1*~Xl4`G8)X+mnMyMNjs& z+}m*aRp1j(y~~jYPh3Co)F?2FY#~ur~gU|_|E>{^7Kqc8O71|6OOB;@>A189NmT+npC)ja&0~5Chodu z8&zeLglaj(P(owE>7l_PS?f|x)wc?x`MpeC$%?w-Y$7VsD${qT!yO{5)NRT#%g^^; z@V2JT&Aw`BZe@Y;y6S}3nYm^p=l66Dwl&njdOssLI+!}k1M=EbEu36(6n-G^7>{oa3{Qa!-{TBzX zLjb(BCAGcnEH96upHD6TprBA52n5E;O3>BylaSCrqp|h%=MV^FU0uhkS4$!yq7NQC zj8CX5-*LduG_h#w`RzNq6jfXTLb6$Tjki^fZpvx(^iRqyZ8vv}U7x;7Sc7ikm2T}4 zl9{`Wmbh2Lz$vr1UdJOpG^vmM_y{uy7<`leKqIz753B=zqr(X{_w7s&mP}9 zec*Wg?z(8Vio}3x2TF&VE5|zzynp@D(MYGKe&@Zuw$wPfinMs_TGw;+6;4w8G&}R2 z1JxH!wr?pcuu+lUvOezh$oaP2<+Wv7$IhP(H`aMRb5~ACpgt$vQcEKxfD-KMQyd<0 zs3_k@ndoM2cKpD8rj-?VQ8?U4R@T$i^+0W{nW^d1$B&;qd-mwjBXGkn8yg#_)xlse zP>{0_2sp?8jC}ab`TyVT{}mfM!UAl9y=Sa9n-|)fnhnQ{n+5tAY+^OY<;3{n0fYR? z+0dRN7F+ewW~^(`ER3qOY-agk)I9`JYXQgis5fV|zCOVFT5~*b|8V^$YwV0gwvSOc zkPATAMf!?`rJ|qsHdD@Wa;PTVnsw;uD;0`ec)0Us@x87ryQ&K6%vqLF!wn1XWgUw= znK=xtOMN}3&+zjqrBya5M`o4?o97d%TI^PzK4AO)DbsFs89;v#4!L*M+=oqEZOsh* zMNP(5L6z7>^05DaS!&+>XayCmBT=W|uM1q^_Xb==E3$cSV2ypZkY3~F4Y1@b47~qpw^wJC@thfJLgO5E#o02N@|!*y7>*k$hLWYD?myV4zq>NnB3iR?UUdQu>v9Qcrc3nyfV1 z?Q59venZoECQThuCN_ZXkmas6#$aqM(zzRa^t|4Px#&JaffR@Z-Jq8RGN{C~e>|v% zNqveMa|z21o<8MK)o|#=d9?bbVdTTeXAzbS!_0ag#U2OlKd&IbP<%g=V!~@%Og2PK zB^og+V^k&!A#2SEwkU;@#YhM=gt0=`bz87FML5~k;{rsWiA+0sIl`jIBdjSk zi%;3h;hb2(tOzqku5~hVFi6MOMvp0|=2Gdl2BlQh2|+@NTH`BaJKdL8l^{rseDdYe z0_&1S6|peCGt3SryWzaPK_n!T^2}T&m+sX`D3`MiYl=Xq3V|$IadpYiLTqcJKeHBg z>q9ZzDVjCj;8^UUPs_0i0pU5F99A z?jr!`R>qo>N=CSiDM*!*srW#^h&OeVcRBe@tB5$lVTMjP?w6sH2fbbNYEHcwk+ znyeQDANCHabx9pZNxsW*ZfH^kJ(nNII>|FMo2@)U0(XVipu)zov~N`v_y$!X#3obV z)|IIowPYAB@r;;+Lw?xIBraeq3rO4oQ%asnJ{NRPSqp*lNX0RK%boT}LA!?}{JglGme?^`OQ1y!R&-Wliy_~lb){BePVG*a>~&TF!o zxA|SBlEi_6KnXRigGoFb>r5sV(g8{s1z3? z@aXksvzatL#fEGlS9`o=Bb4`sd6+JCOMzQs8b_B@kXlq!{_!ls!-!@>X&K<`bYF@*Ah-@NTF`sAO zahLZ}PNtlHvw;);G~Z-Lwti<5V)dZ!ZaQl=RIM0F@tfu%FrLa?B0*WgDg~~-LlAwV zM6?HtR@DP0l1km1ofGeJUFtZaY7WT_v*#u%B^lwKH*W(ZAbWaf@Ld)aC9p5C9+ulmd~*IiJQ`-pj_QdoDcXmT&s z#W$VLoPlsBivVp6S^V*yELJ+{ybXj*(F5~P7UvX5*%%_Xr8_0*BpJg$XDUZ$yY6gm z)Npjj)Sgy_YmgRM;<-DN#@#sylb)^Q_EO5$F{P)hgNq1M-Fq(8*$iQ^mgk=>KBIVY z7%wzLKur~!kR0c+c4K!(w(prObn3?bKlaW7Dynbo|7V6_hVIUxQHh~jy1Toir5iz{ zyE{Z_knTnaB}73&kPcBP5mZ9S|DgB1@w@l^-S@q<{_k4OS~F+n#GbwPInVCz=aDs` zCnZegdC=gNsJqHWf=bpW>QoQDQ}C9c3~zu3#{$Hs5eb?bALQqjNOB7=CMw;3#(@Zl zG5uIXG{h0Xj=;xJ_nIfoAr8$mtw-gyx1h+%mf<-v0UhgwkryE%ID73i7*!`WO_^Oegp9nKdMOV=Ym-1qt(|-izyGsQlzZ8i`)9GBh!!K z2Q_P;3M+@85!*+y%2;ASt9u{cumDlXtzmd}FHyG42h@D1Jr> zkL;oBdgkDMX)=GlIWsQ8;0pPGBDBpWSWFd0Ok z9Y0Kb_7XQUJL=pD2$GluXfIaLOOi1(XVCMK(I2crbn8)h>ro8g(AyT6-2fQ6ib1)7 zU0;Av3HMLL3;NUs3$BMP)}tJ?-955H&qSd40ccyvIKFV$L%gtu$ruF^78Y|Wwch~|qku@4ub2ZvG7&k2%_nQXnSOexf4)q?7sdmHt29NP| zgL(I29J%5CpCu6d@B06LfVCs>eSg!3(0|io{X6}Cq_fB0`hVu*zv6#hElT;fzy6E= z>1gBfyZ>cr?ds$U|K|e#?gN?rSWC)i{9Q|6cmV)QzX*M z5E~m`OialbIy$nC^ydlr*ncCV2AWg>! zidNgO7_t~ofWA}&d0z@EeZN~sekV6{Srk;x^y5i&$VO4MPo z;{jQR>bQ>&R|S8`sPHW^X?z=2Maq!P&EhucPy#7s)*HB+L(t-w%ygr@0Fe>{(PJ=q zTxt5E)j7c_gZFl$ehXoNxXW2{%KFCC1AZ@xl)R_DnhgB+HqY(|_=Q@uB{R5MOyHtp z1lVzLHFTwiYT=>J2I6_i<2YzKt8Ae!W$i5}8{Mi~Etjf7Q_;b>!-3lJ>b`f=xA43E zpLE#K7qx zUDd93TEw7Cn*5y}k*UDhQ41mFCFmT>RKzyP=2u#6jT(*_%a}{LO*b1{I*OFyXfeM3N4@V=QR$z?aeqqHo z>zO1zZsPHPIin1ut>79>uv8F2mP#a1;!$p-mBk@NphDAfUB1XaIBTO;LS+CoQ~$9A z<-^pP;zH1NFG1Y3xBHuUm;N*ea(!nu8SNUDzQ-w*)ZI=CCKM{vkRgt}W;zGj@dpHx z9JiC9WVG0Uz>I-q3bDDZ2`Vp$674Y;0bL?_Rh`?`?r9cHtYBG`Tf*3_T0Eg|aNPh+ zjh8zEWJ3-qHX;pM5F)pZG|a|)?=+l*<(kilqO7G1xKgUJP}2OI*Cuc70;9tt!BEs0 zZpl+_@Px#XVX&pUv(4uMOtVFjK{9WxK5W5H5I&lhqcpFTgv#pkh?;0U9(P0PX>BgbjdQ_#~f}EGbE}A(@^;vpBs;=pY(~02(8ppBf5zxU^!~U z(XzW~R)%Mi_6Rykip%CxBedmJ5;q#fFw=qoRB;vMZ1Ve5?Ot+kgs1EaDFRFAqvq`y zVZ<^D@>(DEdSRSrJT_Sg%%I!!>M}kqB(&({0!$4MJl@wfbP?f^P^v{U-jTML#ziL1@YD!@8k=Ylv`9`#m5k114H>zY{Uk~yecfK%nP-M5 z<{^~>4oVSupDx?SaO-Z7DjH2(ryr4|OI8}Ql%kL7wN{2|cMxRSYiIDUec)(^%M^}j zNJ)(MW7p0pd+15YgfhwV-O(X_egqdZ9fjW_Ni!JWMGIXs{F0ij0%Z#D>V9Xr5wbA% z4pwk{1EI2Km7YC^jn3GKJ^WOH(GWT-(Qs~USoEP2z zaUflmix$r{-`zeww=)`y+j>v#D;8%*lIgaR#SH37FbckMCvtEZz|`0W)6s!cYMttz zn6|!BTZ%&u!O`sEA{hh=Dbt~z6p(3CzcdNbctcGzaXnRy}AhtBg!g^ zH1(9gqE@jIF^u_AE-?*%fuqD^&OR=Tv#5mC+K`&T7ALVIC@(s!i9w#bK?}@X>%`%e zOtkC|weN$EWisK;$ABfE9x&0sv6mXN4xOM z$eFt3z9Mm_imHI&V_j86hl*W~j290Hvnx8h^TS5jZY4C%wWw&amEXWL*i*>&l6Y-> ze`h?Zv6JlrD}xxtFlNz!p6AB%57&(vX~)3e=i#s>bJ3ZMF~X$+z0rKz7kxD z&=zpcRD7)$=QTouo20Tr*&4AXj3APhav87&t`%>r;H;#zbhp)lwl>;?jG-^PQhWSL zE20ptx)~-vj_W^&2`~O8Z@3+(hP`FGv|NFD^LoEz_(KVC)FycM!x-uSLIF4^aFoXp z8|K_+(>A3EG#}MJ)9;XII0m<1?#5_fZjzF`AZGOZFuEA!@tO`xHG%7eaFhlkTM9fT z+jZK0{>;P#w44$z@?4f}4*-iSP9%tjxtFLY$crPIW3ZN{qhTifk+lPu4Nj|LZ)GwV z+$MKBQR0Dry9n{m+Z4aP|3`D+A8r5tw|+kVM(qDi`ya{w`EC0ji3I zT!oHKyS%)^T~o81iJ6d48tHyFpybW<>n30Tu(OMdyup_CWRHeMv$uCFr*{6v4LuW+ z;E0HPE-o_?5``N8kc)#mK0d#{fAFEF2RY_x5>T5&M!vH0o|##HeSIs(H~rJ6&nhbJ z7#Lz?Wb!%YzV!5JIm%|V*Gxn;!;#&Pa8ZfxdwV?=7K`QOgKloPxRM?oDaiiFj~u#E zO8{4C0-%=?p>7In6iLG+9?zYG^T!`~Db*O&%~t!o2u!6yflAfMBK7l(nIhK$`8EqF z;lXRabX&){#y!MJ-Q`t7cGCi+MDtklP)fA@+4Ys1dbnrAn=O3d5o$OF2g1>awSG(N z2atkcejp~Eh%g!NOJ+@C2Sh1Tw1P2834=Vk-7jVpI{GwvefITH)P33qVyGZ&qeS}& zFNL%xr>}Kr*fliEwYH?3d`ho&ITK@ zI8!-;o}+2HL+5jaoLHU&2h(v;p%SfA75Meys0~jUP=y!5PG$1B?v~KL4yMQQ*ez}v z$eVjmuCA7|ZP#G&792#&I}TuGYe1wN>YXe?ZdY`CnD^`HZOw5~uGUR~i2CVF7_pGm zUxr0cWiU$Ol29a*DiV@sg>zq*4JHK%+3#zi-W;Z*l?4noBJT*=4^dOC?54}ph-S*; z`|n_bQDm{vn56Csyp=G&o{K+a$a>0kC=n!h76nQ}Rr7*})`-@x>R}6iv$zdre?1OW zRzPS1&|X>8;`7Btmc4 zJIXm;e$^DN;8+?uWwnEc8XC*(Bk9TY+?IBR+ij&mba#a`Q7qpgm~%c^4;19$^zSDz zyY!=!6F7#Xr{H)|1RFmT+%F(4q*iN2DP$&(g^*oG<%a;_zFE+r{B^REPXp}O)t$Zg%8WJ;kL>6Hqg1kQaXE^vkvXy(T#fRQs!wxY_a-q8L@Gw zJ^na>yfJu|qCOL6_I3bO+Y45Cz>`z#7~0`n9fyJfJA*eN)xdaC$Q95HJ>^AQ+7uw+0x+a~qeyB11@|fXRB{e8_Q~UI2#SSHPI|u7Kg` zlX#?P98J6)sj!U=2f#2YAovEeYuLUd2sy4GiAGazaSX-`PR7H;IC#J#i$^tkyi5lK z3jnCr+(N5VST2J4y(io>hIFhYL=lR~=_#^gm`154>E)VIgSNk0>` zN^q%X>+QI8VPR2rGab(q1Yat7K2h>9avyBWIgWQd(J7)=(o1bfS+s=qo5tSb zkG%b@SS#zjAz!p8XqU3z|kw2Dm3^LGdkCr;_w8aE}Q=JD*qb zB*skwe-}y0I)H)EG-T+U41+J+dh_4T)uB3{<==&{mT|>iqQ?j#Kq0gJA$+;$e1&0n zSWuzi*9LHY97Spzh2Xv!-8lM?+$9-Cco!ayB|tiC&8*BCj&IMMcJ0|aRMDL0_|YC| ztlyP+B3Dz%C-&vU@gzXxtF8XiXi0|m(I9v6z^IEKwQOH!0I9ZB1kIAsqNyPOl70M@ zmk{Q^PXT>cF<>m@fFD0gN=BzI2YZGEQ3n$y(ge%%Qw*bsYe-17Hv=SOPOi{?D|7^? z2W4#-^xkO|MOr^|g4#NiSQM%*BpNU zE}IzpWTbjDZo!N8#=Uwu_t>pU!aj4?@1#RMk>2#Q!_!OM(J^I}#Q9FT*!s)caY23q z;Mr1CACOW!(?_TVjS%SJK4X_WfrQU0)1_K08wqO^K|#8-L?Nrt_hrpk?ubJ%HqeIv zhzz^5rj*5NWvaswj{(c3#u5eLQoU|eIC007T$5&xx#Qkz73Q~$cKYv3fdfrnOc&+ zr344%D`+Tw&lV`0)T&dwO=@%8--Z@SEp-k3#q%3>9cZ0aP<#&wG6&Jv7}%KF3)_WA zC{U;ORHp!}Rr$=)V@Pz6s27smW;t^mXsy?!=aYRYOTd{C_;NtTkUIHR3pgub^I0%# zBnIST)H_JqE-T8ytqyzrwL?6!*6VWmAjwF( zqj`^a{kD=0Mq&E#c}wl_&JOok1ejSm$8*;0!^^Te%`OFIY(3U8-#W<;zt^S#!520{@^C{PbfngmE6${vUG9tE3uZP|_ONe&KH7oJ-G(OlmvfBL zGI=$$Wjf0YvY)C1Zg+Bn!bOu?nwX!U+?=o}gi7q;F&2eUk3(T5%r@x6jk`?NXk z^Q=wmAf_;Y;qK1%1dV-XkZt$nA)d@ehtZIv(R62shtYB8!eNx7(h_sDcN=U7TIfnA3RFT{#buyGI|;cwvEvH0Y{a2ixNC#nR^8XV`Q z1o`YcwAp5~6Fe}A6w}jO4XlE3a#>mD8pA$&RfuHO`xy7VbiM|EA?T;+??Af!IGNjGF(L50A`(AxLzTqavzZz9R^8n z2+Ob=N(yH87aXHWAH7GR#(kmK$3BQ}5i+YD!*USrEGTMln7sn*OB?o=$w>bK8bxmM z_3_}10)G9FaGiFHIxWG6pNSSCOq(RI`hpQhbXdCFm_}>FWekCPKxE>#=wz~(RKXZy zJjlPZ|NW2m|B!y_J+16rY>+OMJ+2%S|7dyt&5z&j|8ep23H-MI$A{qmHUINB^YUN4 z^Ka5zcF_|5ll&k1e}w-dh1Bp~@rr(If3N_4@qdv0;y=BvxIsVi1?|T(gNOV?s-D3T zKi_}F|AG8C_lgMsK<^+wt`yS0<^P!e;{PDwK)?7uLx0KtdE2RXQzSpGv$J#{b;pQm zDQHsRn9sX*^PGR*ZL_>woc@E+$hq+2_wT37%gb9|9R#&^BtAHbw|#5V+C&^FRyxX5 zCcalybyAmcwA_=DW<|M!v3T;r2>Qlo^KOu3?d>!YKdYe|R9a1vNjIr-SU@OGX(z=; z+J73I`rMH3U4cV%lEXuH4*Fc zf$quT5MF?Uj2~(V=q5&ZM_%}Bh969hj4POf-#;tnr0-B4w3b6Hf=knN?cTA~iK?TM z>jt+G?0a11h%Jx%i;EZ0Z=l`&x9VvtPE3NbAB!_p&wjP$t3e%e9|y#R+?K338DKOY z7xlPm>cyf0=-$^QO*)=l0;;ha*T$6exM}h`DZ2Nrk%8DO_S%Sg_EHWK6DBu@9@qNN z*vS@Ry&{h7mq3C^kXm&YxJ?2;;}E$77{n^~rY~wvDJ$CRH#fi=w=wT8*ZF?m+!$d> ziWGe2_~?7=A|l=6^DDY^_04n1)2P3U%p`G>{SEKq8P@R7`Z zpw$3j2OI_Xo=y&p4!vw?vzpuHA0!1VoP-0!dLAES#+fKkxFilmWUEq#RYQZL=w{#K z;h8%G7#M8emUk4NNDFi=?$(}Q#+(f4@*124n4PkB^uIEkpaeY4mhwlMZtd~Z1nLS- zJ3e=VXCegMKOK{NbnS4bHTvRK{rrGq_C>y_4}V|Bm_5(#{8ZCY+j42YIw39s2Cem# zB5r#$J0mub^mNQ|$e!$u+H}RWK(oQ-_h!cd{Fb(vp?qF%t(z7uJe1ySHg_T+LF>Z4 z^D8kLR!h37E(HpX-HYqk8r~`^+Y5G8_M$wR=Uvpa2gKdCg(drkgoHY(-7CVIZ|QwN zX$~;B1m=nN?7l3S2ECT8O{!`r^RW{@#;LndD3luU3ZSiOKe`y`8>!BMz1iwXpc)c> zoImgA%kKa6flTX%p5cDn*GBvI$3HFvwppIk9gH5d76~5m$A0nfJ4mfel9wFn|PkWYuL^@S%?{qr)S}!RcMpYV0vv=JkJCvRCd$rJZ92l2c zPP_fiA^$#&pKj0>MR6=T>JmovTTM3=l|o|T?@G5!&#YqWVbvFpi%ezo_o3Hx(wH2^_H0YgE+AGp^>p$r8gm#r1{ryHx~yDDv)+_0E5(=fuUG798}EpWpZx0o245|x zU|{bTo&BhNcy{yKH6cYqhdVJj6&=s#w!U8%Rx-NnADdg*IWoU}@{@Cog4DdDLLq1< zD9(RGZA+qRB4Z474@u!JY}hC2n^8`u2s zns(N8Wpb)>$7Qr#%sG+@me-qHmqnoS*Dl4 zLMUy$)h!o#PQs6M%4wuH_@iX|*k2JYIxkPL{al{LhfTsk)x~IN@L-{{rd8E z{5AD#E9qS_x0 z1B6_}4Cx$hrM%u9z;MB((5uCzK=6+8R%}`kfK5M;o%PWndWtd|Z}2shKJ8!bWG(6n zr_$X%7ZQIOT0}$;nx^_hm?Eb(*M1H0oca{9*3eZXbXZ9c#0J{u1eN3kyUv65&kd+}G|XYT5B zp{5K*iV|~z3G};dW(P0Ub>3!OPOe{=wsPB(OcLu#G~dCknHr21e6uz3#ZyJ%lUfgF z_pE672L}q4N|7ps1J+mMJ9yZa0F;OHrU=PW6eoHhWx1msMa`nGkAS#AtY3U=S=a^O!uw_60LM|TnnvjFO;(pSRNfRq6*2B8XsdY0G;pR@+#;3fkGtrTi zg_#1p+bDf|+-X)xPc{5+Vp~b?jG8y$CVt z=zM?Lmlu9t5;MwU4jrF`%+e}dlYDRFrHiC(%Tf82s67{=hY7r-Na=Xv{o;YGNV}5C zGvoeAv{HqsH5s~IO3wKe0gWiMa@kxtt+|Kag&nuNV_ayM4;iKoy)ltmW#0R_t}AIF zPec|BgDzjc7k17{HVn>2h3;;gN04)eYiQpZl;3fByjC=$8G$5ox);d zG0U@x=f!HG*7vx+CS^T}^$q$Dqn>^a8U5z-ADaKSM>@Gj`fE1l;;?f-E*1WJuiu~l zM+U_A8~zhF4>v;Km;Uqb`gblu z`Bx<5R~Y|L4*XO0Z)t7r;9~3g_ez1kXa8Khd;mg#kB^(5o1c##Sr%~f^70{m+5bOu zL;sf-{j`4!q;;qKa6n~?ba(aR^+Q8(wI2ZAj8Cd~v5SlAR?z4$#cLeN7GfrIZ+gyq zak!E;wDY}+c!R;hacG^AYwUXkfw{rWb!{}WB?Zs1~L6utfVioOXsQ=cyTXaX}wUk7)Je9Y^t&-s`S|nlyz%avw zK%lBjP>7vtR7@PBGn)aLz#SG;83+a%S^#oA0lJJH3IGcOs|KTlMM$MUFqspQ?3-cC z88`4^`0vOv27;<8Wblh&FbDvp_ZqDTzzZpEl#EhB#fwjLHHRoWrkk+g_whb`rVpz0 z0vUFP!G`v&z#u3HeIKW`kKX!`4hk5?tk}y$-yfKE zqK`K7DA6e^E?ET$*9bcx^JdMSZ}25Z02B{)9b${%3K0GgHpM2kU3F-7-W$YR zNjjT;z?5t(CzKfv&tx>{g25;SN3+p^Lt4QIw-nHNlHqos{f>sSYVA zG6E&u6MndHQU9_fejF7}g1DhIbm=KM6Stsga+smri+DDQ~Mo(V@Dk>0j9=CFDPkLd; zbw+@iApdyymG}ytuudy$`hCm(6NE0k4|d?j<0c;;g6w zI;ZNLpmb8sOpS3sF^s z&G~Urdj$_NQH3jzK6%y+?Z1&1&+W!OnYl18lXrk63b3JqMBUWOU?`0fzH-+`=7!+_ z?kU-3V^r`Wp1z$-WU})8>!0SLBm<_SNzf$@A4F~6W4}Y6%-=|r9@}r}q$iERdrbO{qY#&K1-UP)mCUlwQE&jbu2 zsM;OLCjtWmFkVj4rwrMqQG%;cE1}2lvMwKg+bmys{QYBo^~LGiHqM^h{Wq6`XWw2~ zUtUPR+Y`s9`_&ftZ5jQ~*Z;OI=1#75zt;))JM}+;pO^bL?SDQ#1oyA@|8MWrzvK7M z`dtgM!Wgl5Rd1_5B~M_hi? z=U3MvU8>^!f&0|qmo$-3A}4C6QOkxW3KX`IhB9h}>OAL~YmEUx5P0_KPx~h<=!sMY z!nb-sMA(s59-(yC(ByR`<#>k^Op7}0zZJv|Snp@+;za2BENwm|bOzAv9I^CqFtCsg zSZP5pXgs~NH=~9v=1suXAWYZ}I}GL+LklklL1?+l7;!L_Eef$QHAp~cbcH)nHjb6LqeDx z4lLS0^ISnwbl)`(Q131NilJt-$Y%T|IGfoE-hFSOAhmXw(JoBaAeE=+wRAJ^{>4JZVK2X zZkP)zrmx;T3;@-~AIk>=^#Lljegp^v^|1z5rJw;Q&^ok?3|H1-0*r*fJPdbt3|s=- zKmgsutlA#c)}q~}sS1EXz$mx70-jc8KP`DS2;6)E=!MIt#hZgHs!QTgU(IK-1QQk# zVwXHv8zCOI!kJESntuXFSk)K>J2fHcLB5qH1F)NFSpM}W>jU0xm(cbqx`fxQQD6n~ zXnVy_aVVBb$M9xo-w=@x1#cIBob|Je8?f{c0fz-j^gseU?fPKJP$(t_kz4Qc^hs14 z0-|y2u|A0#Sc2YS^i{nh64uOg_A(NiAsNw(^h<=*uW7hfhZ)o6)xl+fL|&<4fCME! zO7t8Yu2O{s)`G24^U0G+vZxa6QRqZcMspYdd$7*>4_x(pscH?!4NgPUxUQ|1B?6r>y&@K z{P%KjwlTlu>UT8=^w(oQSE>Db?LUFP8vo_z zgM)jerB`jffB<9_u&kuC%*8c>hlgzTJq7@z6I`nwk^52pUtNnV|J`c9q1bSJOlZFZ zouUllp)w-R+~+ZH9XYa-1P%H4JQ+WRTB?2@M8u*ZV2;q~L@d_MI^GiEHgX@p z(kdFp)09guNOkU7G0Sl`nJyrL%cL&Z@?KzLvD^#B3Ju4`jE;)XcelUA0HJ`eK+{W z@ReCYOc2tSI>cvsVL1>xv=Y_S89FS$H&+9(A3>iNZ^4q=U!yGO!iXJ3GNdvoz58}V zm^go{aZPi*Jo$s%3?u2bb(hE(6hgMX-rtOMgVDMKw3(!44T`&i(K7W8D}4-%M&^mW z3?^mpcT^LXK95RRzdJhXKh0R|M&a6|B(GVSh>1*n)@J?-@n)G z`{VQb_v{}z_w$?fA20VW{?{L~@8A06r~P9fT^s+`{BO=*%>P~;kpL5gClxwkxLX7$ zx5lPCJkv{xFxUS5=jz`Y>0g2W%W~ji)<0_{2KrHm)+#w3FvS0ABcGWn*RX#!PWzt zQGt<8+Qg#WndNZ<3`Zca9E8<*Rzci>+3HqM?lPChoCSDxT4;Z~MDHdo(} z`{Bq*LZ>_IwyxeT);88~RT~F;Z%eo;@~0PaDiN;j>g{C@m$r9sv4rbfJxy?VOAl)s z7x*o22c(z#KZNmDS9w`_*}&B-y}Uha;2OwB)W*Zd@`odOBUcw2xT`H3`OyAXxGbJ< zIq%yJmM(BN4_6-tqyu|4xQ@NIho`mW9X7a(jTHx6fDL~2U~|B=9sGW#&l7Iz;p+V7 z!NBdW66I;*<>iD-hqbHk53l!EDfGYkPtU7>;SOG&a91}Q7Y7$RxQC6Ejf$QXLrSY4%r?Ju(Cr=h_uk;z47 ziM6H6RZbz3Y2)XG{NJndIpD048t@5)^sX+zy1fT|rY6`lNRA5v9Ra!w&4f#y~K)cF976sU8IWT=wu&fdPS_TtyfLMdkYu1v)MQ2r>rl^n|F~ zAt^*xG3e8p*ymxqwdN6;Dy>ay<;nY*33?R)7&Bl0Br+1kq}H;!{9ZP1{}_e;J_am* zio##YDS|3!HQYV8+&kO!ZOAz~BPqCic=cw4nsl?E&WC%AkLx^ZOnSbJJ}rjr00RSq z<)q{-yfY)@#*F!88z*cw`A6GLhp-*h$FRyK+zO!~T&9eUIyVl!Pma{u_q)z;%Ric~ ze0#YiM#!?gd#+BO*>$~gXs*%tpk=yv-gui!Cpw+`v%>7weCcWRqyQf53qzOhcKLKt zl|Z1;R+jM;;tN|7MfsB*u5Hi74PK#vJvN_rH=8avpVS>X+Pf7~qLi%+dgma67Dhr+q%75ThpunB98z4|Dw4iOMnfCXj&5CegBAV${ z7%pw$P12_R>?PoGO7>BII?Y?WW6zZI+v8^^H8ZT+-*Ed1-^3-#@nz1udE9Iu#{b6n zBaZL(E7uFOOb!O~;1N#dss~$3rUeQ8Uk15maF-7APbdv9@bin$4mhj6lNs=v2-}T2 z`@R#GnmzXSp4naAQxDp_1S*WGa4e$7A=$584}u=k&prfHKi;&%6xeP#m)^nL-fHjf zW}YQ?3LrPOvkZ7Bw={O#GgWsG$3qg!jqvQWs;d5A`KgWO1Fx%J^+j%vw#!D_)bbHW z%r`M*9+7hWlm|IUb{eCnOwFx*&4|Do^*dDu-V^3WGrE3(eC=~N?V*D`<;&X(X^@^R6h-A=WNpx)_J@Sb$; zvdw(wXpi#kZMPFrwI-30#*vE54_5v)e9ioW!t?Xn)%ni%=Ps~UR6VoPsUEg2N`2{5 zzBj7e7t+~qU=rA)yxdmL(S*4}s?h(W(cIPtLD}v=s{6?*>g3{t`P(Y!qV3!8RHRH2 zZo}pH`pu?;{6>*7Ga3D?DR&MBX2ugf{#Pf;g>B`BGnYV|qkopp=m=l;%%TcDC8eRK zW918Rkx8#p!*kiD!?u#Zx-+8#vtsQa^{M^OCK~|y!2?z2An_Not-=}om%wMsxExd4 z?ahIKCnF|4q>X9XwYGaMqYKoRK(Y$glw*z5s<+>(st2??cGIqnA8x&yO30WVu6ZEN zjKZGpjP1Gc{mB1G71B%=@=Fdf$GA?W-mq?ad1Ecmz7f7B?I^~SB-rAAZ*n2f#5Ak3 zt>sl?m+wW|fwKONy5{DR)pm=}oUZ6WmygIUF<`EIu+UO-&eE{_#>phCsWV9HN#4B< z7wN|97Im~cID{rIA0$(oQtJ~XP3_iP0n;M=+c$g@Hp z1>@viq(2$zI(htNr?|#C&|qvthy>d3t*(AA!0dzY%f$OW^52Xbj{IB1E`id6p1kAN zRo+k1=f8e&?Qc0S-)y63eKyle#nCXWfA*%z)7f?E5(qa*n&GURGuJbZQ&;TS6{1$b zYEuuw4T2+M9Flyhc9999zL!>vxqYzHW;6<({Mg1^Q+-Tz*8(~eYWU=1mJXHAy@cflw4X1Eng|C{AK{=NZ%c=xf?NOd86y%g zHf=kDm$hvJ&>^A3jrliSQ%%Q@d%8PuTi&(put@j4v~Ru`AGjyh`O<$nV1BP?cl5}~ z#8eQ`02BI$0sU>B3-%E! zlusz_SfXaJNYU2vB|yA%?_t}awbx>?@fYC$Ii4+gUkwWK#N!5}eyuA=7U}d`zmsww z!Tt4S>HFCQLu1u;?^$2cw<}#feD{0$H7)_ohxz9N2SID3+2>l@rt-zQdg>|*NAZnI z?|bnKyC$sI^NVJ92rEP`=1p-m>WTs#wp%vVHyUf}lqp>5+$-B!3;7LRMve{Xw(t&v z!4B;khvpTAoSU-|Ir;iEcNPK^?y23VIp(j9Y@0r(tvGOMqnrw=INNTrvhVuWijm{D?1~O35YIot=KN!b?QE)ezGyUF}c9)5s2Hgrk`?f zy+QAT+h-iX%~7OItLWABH}7&sL&Zp(sztJyP0#f<6O{RRUsD(gKYP`6G9H&;CYIq^ z<(!^yqa|10v3&W=`4SjgfAi7C_Yy#s3Hu5U(=eB*h1+?zMXJBM8^DUa^sy6b^&Asi z76(7MLvTq_4xl|f9iB__C04V8o%J_nEFRpvQ8s2ZIzwYZr7UlCS|z|;Q@tqShC2}f zU!tZ_Dih8k!EZSbSwu@V6wiA#cFcD3(TQo=wjR}xz=9_&(DJNjcJ{=(Aq#pXc``wmZfiC)fzljh!$X-GqNS7CF7W!cI5n>cQ*y6=fnYF3(9s+PEO$ zp715`E;DOd{7l!&^-MhO63DMIRMy|lzqsBha6vnOEP1A@667x@X;@w_Rwq@Ri+wAf zaz4;>Y&~Zo)UL7ey=S+@<3ZKoTAi=|X;bi4Dt6|(c1*UI`N7-Q>^|`XmG&Gj4{T-U z8@lN@s-Qe1ZfV#as>Jo;RG-scgybnhHz{nawgy zKteYzf$Xl8%9V9#0rBfIhbr`L*DKxxmbGU2+ctE(Y8jeqSdssZ{!~K}ntVjMwy+(w z%T57I;mx$kwba@kAj9 z$~Br0bY?Z*CR}^XbF?OSjotbv;BgC2&o^1+YJ=VHcd(pv6HaI~g68uoD^3MAC5}3~ z#i!m|BOm`Tt+%jPmIlLAeFAYmQN3d={?1IKH&Q}zu@}bMO^@1k#O1xcTWZN?pEVPp zo%5Nkb&NUAH?fxXJrjC)kYtzb81)7H>=HOTYQ0%K$@Qe^Ab5MUW#N9jLpK@zj-I$c zV36|n!5cHvYm;Lkms9WWk6$#|d3_9O@>=Z5@ez?WyY6ObJ8~}2I@D6_X*Ss8GOc+D zXy2=M<+ri06MD8|N|x1qCNO8JgS^3~`l6}U*AvXPI4#2trE6(F_>0XpPFZwu#BnxM zyH5JNk{@5*+xMG(YkdC_FgmyNrqylmA7s(8wK*4H&*l$H2<$jmx@RWgH-B`VS@z^% zPUtI}p3zI7&;R=+uzL1@@!;mUxpJUyy%+4AmuRrKVuUkp6YAQSz~g5jN4Ix8G-`E6=R%pGd)-}wKH{9~}#$wy$^kJ&;G@A8xIoH0{Z1h3+@xz&gz@GLeL5ebd zegk*UulaR~QK^GMSCs?61CCM*^L(}VcT%g!(I%eUWL;9FU5 zcssJ<*eSj6yEC2_kSjsE&r$WdZn4{x32P^MX=NgpmZO{R@GY`BJS7oO-DV2ozQ|8K zT@;v*FEhG9c(yyne&PGIsx-cFZ^dLqcXP$yW30p0TozQ?xQF~A+rnqBaoX7NV5jKK zB_MA1HEZF-DSxFrM3K#e%2f9zN6XsWj?2m8!^lC`y5bMHi|f2|NnSCamG&Kq4nKjWkI|zDAGhr zX)Jwc`%1R>7nHUiV=ccZZNDgOzbI{PmdIgWcDSdO{4Yuya-d5ET@TPeZuNgr+I~^m zeo@+fQQCe{+I~^meo@+fQQH0mlr{_`Wep96)OBLuVj$lH*ccet1Vngv1bBEv_&-5x zf7tvtlr~H(EMh`pdNMNle}>ZbW6lpbN%kj78`dvM+aISX|Bq1Gdf@kr=S}8~9ED%I znTqbq%^cm!jh^H;8er@bJo);Zmee-G)9^l9_2A8X?KHgWFL2Lh8``GMUb3^ZTQoNr zXgtf@BGAeGYIl&r_#QbE(8Qvon79$=(_Lrz#W%gXLOg>v=EEeLi%sSvOX?kGOFLU@ ztbxU1l9jXS;Uwn9^4bfd@2-ZKa}h1I`6UbZyj3=?MBHQjJy=5Ft=j{f@x`RU#-oITaj)Y=?VL`>$D zc^w$zTv-ohSRYD^Uc~QQl;b7W7Jug^^g(2ZEyV${KX6ZYYJBmy=K2Z~|{5Q>}7+>=myo1Pjts?AU7*dsj5pXbjj}A}S^t8+K!i!Hy07IrrXe2*%{|ec$hU{&$~5 z?mcDBoH;XdX6BUZ67k{6h21(koJNfPg=0PHsM))9zh=FET7KK{vE93?T4N*ETW{N$ ze*U z-XBWJmh)47^JlNzb<6aFX#SZI9H;LN4Ze2j!nGlzMyC`U-Zhyy*la=Ms~y&J`-?Xj z{F;%np-&>$Zu2hdm;K^qf7mQuGkwa$%?_{DE$zL0;T!c;-+b?|da=>D5hkHR&FAmV zpXnO^@yg1Btyn>t!PGd9mk0bkSKZ&Ttb6aFC*~zZr|ds4FQt0?sHNf858KXO^c0q) zXFIR#>eW*N4=)?_u6WCYjlzK=9-HokD-3VNEmg0|)6%-{u{N*x4}5yd*zrD#rX|nq zWx<&~)BBI&Eq&MQyg2vbyLYD|dqnRqocnmv+y^%!JRgr7(lpd&=HWj5pYR_#61gRJo;PwDwOow!doFv|#eB9(_)D`c4k=m_ z3Lku2G%t2HV^J9Ej`bPOxIX9qSf5xiv}Vbo)(a&?`@-MN6Pl{UIo@EOk=k6`@c5b2 z%BG`M-M8B8TC)2*XUF{!zi!{LapYn?ciXJx-jzSI&RWFveLremVq;A6$ttd?aLJ(9#Fp^l7Z*=8H=fzFNaOUYO)n-c zc7ByPAtH9phm-5CZ;c3@`QzH&i;fIV8howd5A!YlbIzWBvz&G21^+hdqthCrs5NIT z`Lk|~`tJFPRfRbM9rLTF9UeS>I@9*VGLMt*_huGbZXM8yeV=id+1q>9kbvAxYW#;h z%^i<^@3L-89?$RE^>;d%+Eq~lC*`@%G)a9^y!C9ak3Tej>oGLI=45lKmrK{3SvkXn zR>ntOtO%ZF7Jqrh#P3?MQ|Zlp4kcYXReE{vm8SCasQSzxk)?Dzdt)} z$eNbl-^@E}_h#taLhIxND^0V!{_pyYJ^xG3kuKq7%=nlf^=%`Mck4T(KkH(j(vNK2 z*>+cAW?NN+-)E)XaXS@h(tG~Oeun+GCqTaa+x{&$v)fWuCBg$-&g$DdeP|N$WFiiuwYbD!=0p; zGd)lIc(u0k%TZcC2WGY;>2}YK|8cNrYjNDrn-NA!{l@k8o0^;wd#cK8sr2EXyQd+7 z{dh%i?9RUG5kJ0LKWW?BV7=g{UHb(8_}jjpS7E1f-sj!f^8S43;V!qAK3)tVU$ONO zjVE3AboWZwUv}+Wr;z~-+{$f-&L?kQG~T|Ox5w}}gB>TlTHbYeck)f~hLbismdrV2 z6A&`x<1z+a|IFd^=aX(Nu=%z;;=sEbKW$z;eE5Q-e*AF}(;hawk1MWw6(A~o{yebD z<%8b4FN-|Pg=-ID{qBuj9!3+;B1azX@#{~;1^kgSG5SCWee6uDxXovNKfB+i+X}s= zrbM0dPPeZH6`fq%^{M5ILyRo-g8Ls1j(_16z03CS=@nBp&RKghWB8pt`g1g{!}odD zJQGcMQ@qAaFl_pr-NAU)ypgAVzVPE1=8*Gl*%{Si#q{{)zx3oB+wk<-rScZHcT<;K zS+mE~)Mj5l>FJrff0tMso_}g$!TVT`UOt=N4?O)^{M&SsBTj3=UUYkWGxhlsx8akP zI`_MNhW<+mfwT3l4O3dRipjGjGwab8mbM zefh)vMHgU;0!KaNkDlM&bKKRV~&}*@H$o9^m)e(;;EV14D@>WC3 zo7ZkVJUKysW>xIFVd}B&__3C)ujkopH~pO(?H_kmM|~^*+OST#4!u5%KYXp_=IDFg zBla&FS>$%ZY{vAM;64NJYb$InPkHOO@5$XemVJ%1DyBj@wOc1&dk)vBTBgiSx^!y)-oh2m;Wyt22ZxOr*!S*o&4Tp7%^#EA-fPAF z+!B6UYup6-+31BMt)g6S1P>eP{?R=$r_0ZMy{}yxdFxc&1EEgst`XPY^%%Ts*4-&u zYacFN^6by-`X$UsTL)hZc^o=;cwWB&%eJ`*rGOT;?r9nFMoKuZMpF5 z)IBj_x^p$QKQVmj*K%lv#&2`_=WAU*@9?;8y8V-hi=5Yc&QA&+{5ku7s7(BL#qQ(a)7_6;>-<7*Yt={%(XP>JPHZl+jBYva*-dzT#E3i7 z;+Hrx&(G^~pHn~ak2ONDgzg?sYP}qO{?xujy@y@0Johd$Pb6}C_C9J@mj$Mao)kZS zefzM*NtZ40O|Wypsz-;zFFTE| zOU=K(?6>u!I3GiP(JfthDJ<@^^^4;1m)A~jZ04Gq*o}?3e@7_2boYDb4L?dO-eka) zzWW9q*WDSg=lq7I^E#3B{Z4IX`Ew=a}YIMZgZ9@-e*mPfIl41DEs^sY6h=o}ep?{vyQ#+hpztnrd zkkMT#Hacm2{4mk*-ns4jx3vB|_v+gnF&7UlSZ96Cc=!bN#i3>`r#UCAV_seRBNx^Y z9p^mSs`;a3?uDnTXGGe1*;-5K3qpQ-cj{rWMa3?c4`3q4Th-~^+}IutUifA^S(yc0Gb zx6kDA_W4a5lXvphZ# z+e1!fllicg>z>%-UZ?jHpXr{n-5P%ByhE+?_^YcXSDrQ5_j;y!t^2iKW)z?IZu#XX z%j;x`dHmko;V*|Iv~u<_%4Y zk;Pk#5BUnpERFYpZFy(Ms8;Ob&s*5DBj-9+SPmce4gI%>Kc#Q8*De}R<+kL;RP0)W zWAU>Ik!;q=_xsn*>{GC0#BHJaghR#YlZRiMAc>eBcWIB_cFQvffo#Oj-;ES7f4_N~%r#jfujwRU2cK}W(HuJAhTUwEd= zcY`;ca@p>FaNhym34r(QOn~4ui`Jg+D4n*dG(=f_eI=aiB@)^zWS zWlNmXLd=H7p80k~4|>xmS7h(qxRt8MdcEO)!yUA+LiFF?e~1Eq@BCMRP%O>oWswKJ zQbl}061oDAJzDZv>_310%iYzB)Aswn?rvV(|DON)EK$EwW&ux(r-(&k;LsEvfU{VB z+Da)oylera=I{!H={%`O%;x3h4uCY3LIrT>4~`r`xm=!DBIuhVwO6Syn9O(Z(-x-T z_EcLWWN2`JKq^V)*WN+idlEEI@w5GgZsXc6E<=V4$rNT~38hTt z7-0?^S!1KKY4&y*QfaQQi%V)w4jXQ8aN+SK@IO#SDg>Tz$>pUBfQ&9aJ{)hCTv0AN zLz%_o$=VZj`J7958}=L0iD*#bmVJXe@XoLGc|dng^wA1VeK2t9yTV4p9}azc{g zlqMifH%dq$L7XoWBs>6yKS$!ma)N)|fyu{@mkSw@Clo-cjQ5qe0Eae$MTNkB%9Q=I zMa0UVR%54$Qu8JDWJd{6_(Zs<*4+rfBPHuoIA7HK1RUfH(Nj)PxkLbQ^CfTsQ!0WJ zmL%tq2Pg$RacTw*Y6;O6O;Vtp(gg$n5uPOyWlFMnVmMNoMx4@wsYL}s#4ngrwvoyC-(qKJk}7Lm-t zB^jdpEIythz^w48RDRVC0DHj9Yk>&T}Y`SM;p`ea)JZ*$h7ECIuL-rJ0L0|F31;y z!K2*4Pw+-I(7!|hwI^T7JWk>^Mv(HKK`*x*cK#GSq4+<8UH%tgmy`9M!EVeKVJDRS zXRs^yBJ3n%#{Ngpuy*io{Z| zO_BXY*{=!;#N{Ah1Hz>!lo9TPOY&2)g;K)I$^|b8N4BOD+z{CW+}~y zY+m#Vc6@#=RbOGQqRR34DY2ql+#U?tEGO{d!I6M+{B&@+p`lzsst|4+859>qdKDQW zi4<%qnJ33a@2C!#PROQ2uWY2x3uDsk?ZEh#in7rsAM6}(s{q`YD|0cBNenY6K$3fw z^0LSZLbHJ#IQ9rBWVn(>DCs>Y>MC;E_zd~EiD1ir>a?hK5BVkSRU}+qn31I5$fCXh zAQtk1Aw1Ag4Y{ME)P&#A~a-$fm(fQfAQNo-|dxA4RCobUFpa{%g$O}07N&pDW zHj#s)00qdcynMPSA(4!qA(A7u2mt3cH6MagQe}%3scf11KD@&M9r)tP#3DHnj7l;* z#?BB6(x6Rf86k$^L+MN<`~<+pStNoyJ|7glBtYIek%y)OHt{6P$<0@o;<5$;TdgR189A&vD|)cub|_0Mtf+QY=^zOtLQs2yk;4KOX&chd90*b$qF$_p{b4AHsK7PP>C`X>bB{JN+PzK^}E9jvlfYnPV&2a$-2X%-j zOYpvYj$`$5VmVj^kTaVEakolOBuWJ#z~-m`=crszsThDmy+^c53s8=Eps=f;0I^_B zx=TV)t{@;aOPHG3GcG@;Zz%ML!}07HD;A{*vjp(&tS39-dx3BgAm`8oar2 z-Fk-evcbWE7gu*Tx1I^S^uZ`RBnfb5d$Zl$JlO8uUTiMM$Gc}76)OuMA{4f+;qV`F z+JGW#i1xx;YPt~q1yjM+EqpYufCn$(Stux*0GJ8H@T$Zz1ZVY(m-4c616Ym{=%lg? z5X>UX37{AXO$YXAPAn+_2;!FV5b<9GhFOkd99gn3E6Xv1lx>%<|5J!Xfrw8|bilv@ zUba*S*S$HBwvTE^mh4+N6{ZDdk;le!M2g@zJS#`X;g#w;JjvqYC{Yn0hc`up9A2mp zIhP}&gS$5eY-mLAU}_a7R6t!CN3xo1P6SIwCb?7+WdMC5i4>1grDSU)f4#gza5hyd zH;YGv3xE;|_$Y1|1j`9hXaUKZ3Lb!;@>&ovFH!{n2n4s=U5QaKAKQcZ*_9EbKE}cS z%Gk*ID_;{LOMJo0O5W$-}c^V13Q z+b#`U2Pz(eYRLyvHt_Ox?V@?9gpYs}DfG-<%c>FC$$}es(O;9#Xy> z=ob8t*=;W*-f2c%TnV zN^t^SR%{lph+08JNRT7TWU3GZMbAlZmRugB{%waP6gaC$2Z@G+8lA7xT?*#EyT3|& zq(V_w2ec?;ClrueMG>+CG7^+Skd*R~UPW{!$C(@lm8k|@NeyNS5LRinAyhc-gxe7} zR@)&b7&&D!ZH*>n_@Snh)VxCG6eCX52k>mAasf)uBp?EDro61&fFn#&ut{#Fd_ga<$lY|Kf=DGFajUjjxFY8lT3+_LjNN}2mTPGQ-&Zz_a9IW z5l-GoxXCnKfGkKk)xIuW3F69-Wy_mY&=!SfU=fROKgiCazJ8sqcGOdXnxE+>k+0wg zC64)odt~F(aTig~h*-o|H+*FNh}tsDO|D#U_x4%mnh_5GIiF z#uaG&Kf0A=oHh=>zcgRutG1{#;-9t_(dVrfvXwSJ%Kv<(O`Y{w{Q zGfN^2$)qo`2}t2qL0(}C$i!Kx*D9J_c}64vwGRh@K_HZJ6;mNm@9QYIjwV5ZjhIZF z`2|W0xB`_Vm;ya?tjUOpP|j+w1%hz0sQE87gC`D>+AB|eo(>LeRJrQBXXiq+<$}}} z@ehhKQ$UHyFx%BzJ|hB2m74xKOwpOR!VAu&8CM@j9=j0=jcUrbgePLY-R^Euk0 zDG(^E=;T-FV~1Vru!l^fCKOztM1?k!A1a4Nh0rD)_Y5XKV)`R?R#B07VgnT{@1l#? z;m&n(*ALq8Bf+zTnF2f^E@*IAl(tf&Er*vonAoO<+ZPajLo!6dQ~}!6gYZBa~2z6@DGGgdJn0$oea!z#jPOKQfjNt5*40S!lFm zgB1p=^LQ9vNZi{$fLDN{{ei@~7aH4m*m{&A9IM#KMXbL>ieR&6D#VjqLPXiZREbLj z#1SP*gPhIF6vPX%VsfRpy(ncg8eBrd!87G%;k|KiOOc48C>7kskCwn(VQM4wt$dha z<-q|s1B_awatbg+1=2Z1`S3Y}91;-q=ud$5Bj1plO2R?_#DZ*5fxzC?fq*`NiTBycP+NfDaDpg~B!rPb9kf~r z6os8__5*^V!z9Cr-i~xa?a7{r=m6nYDbx>1I;b6%CCJ8^N-~rRMuJp;k|8!^&x(mn z=o>SDMY?5FdA1ZjZh$H&H|Yn%MvSLY(@3+jz~CUzXUb|5+vEUurGi9dqPBt*vfu>) z1mYI4u^|YQ42ncrlqF!N@KQ6=A?TXJ4-vu6Vt~rBhEJfwkA(uvFnZ)(Jfsl+5;Q8$ zL?lJM2eB1mk_X2*Z?V{mX4k9 zeh@Ym;Bm0XEPxef9(*f9B-YlZgfWCDiX!yTQ#&dVmX!ygO(QC0V5c=~{e@Cqeh|i? zvWN&Yswoi&&@LD%IZB9DxdU*nJOzdZ6@w|9IAY);AW@aLkb7fX(Dx)<#3E6e3s?s5 z#S1p9-?^lLe+%FHkg^4Zsag4a0TGC{gXUpn1p!3zAp=A$lt(5+N8#xrm>DtzVu2MP z1f7W__8UX{?i`RHQu*UlB7#Az6;fdXMP;&XBHFbKRXw;=Rn$0{2wQtQs41gEsEAm& z1Rj#Djk6${3!5roPogG_)u`LeDD1PZ5U!G z9V8FTv7+Pqh5>u`#yM!yFmHfTj%*t}WJACPVsF{J)V8&Gsbpoq7qPk(DgyC6Xa@e} z4fcl}^&o@@?QDrq0E+{#-BvjotUynxVFD!(O<6VQKu47n0TMZUM-SL8t#np_>OQ6G zk&LKP2vvkKkO3BjdI}Qy3S)wgnmTq8w=k z^$c6P;fa}zlAxLb1{>B_qERZbk(!CBf092G63J`;^GU9}c|wyR0RBi&9B=}bBM6ue zaI`iP)rB`o`pBM<@(P)RO$P;fUb*+HaXBpYqBM1s8FYfHzA*VQ|1%C0G)tRu1(@Zs608xkh>j8ga8IL0;F1W#98(r z?*zBQN)RC+N-*Sdp$r4{iJ0+oazaQgPBNl09;gf&ED9#EJqN}QcHfXy!03=j!wg1H3QSG81_lZ#FvB!UKI>tY6b~HDPm33fNe@LCMUWn?*_|(<)jP`HAdix zb~b^YffWKsU=nYXl#l?(1q)P~=sD5tFcPsgO(~Ruazjo4l4z_03Mdgk#XBc@+i^t@ zsP=0@bBGfgrn(Loa2 zXOZgpS)|&lsu=1vm;xujSm);mh~r`u&wdVLiV#XDLo@*F4MYPu9}HKa1Tt^s3D6)a zjCK-$E~C_lyrQZK0X?oFf3lfRUK{}DfX4#>31utWazfHw;fsLc9tUlrAtEIV>Z#~# zV!S|Y1R%9RloO?;fo6qra$ki4D&q_i5J3&pHdS5`kONzi1Oe-%2h1e-;sQYt?DfqR z3()o=3GPbzBSeTyf?PV{P@KZ_Re)9C3~7kY6uNSfqwb(H8IVquK-O#mq!89Bkp-ON z3DziKfyxR2X^29o0OHS2$!Z5hhXg=5KR^#rUzG)9fK&`UwAkqfDiC>7?GCL>f|U(8 zz&DH^EzAjrk2}Vr%}dB&%FZRk5_ONTp+PC4L>0Th9U+cN@I}&G5wSOnC?iw3EH=x@ zLso{gm_G&M;Y8M!l_TF=fu3Z8%D~7xM`HIJ(JtW%v_(u-iURCPlD9()sRk8L;aDQ_ zKiUWD3Kk7nLjm^7kj)n6fThtPU^!d@U(`DSfwnw{1_L-*cEp_Y6r91z0>8isHrwVy zF4>Y3&XLiSOpp%{f~nwA7lJooB&oTbDy%BW1=O)mWigeDFu^HpEd%5^_{%gV8RtMA zaT`9D8^v}2S;&VS4ZXqs{cJ&qWJ07`z^AkpRPje9q%ue6=klS89pfs;9FQd3v`@5+ zyabR?88W0(?SlLbffSAZ(Oc2!-Q5GBpZ*VIzfr`P% zqc5L~8X8n`)Ox!TN5$J#M1x7}vxPvtYzs|JmWW4q9;!S5IJFBOh4_=c)=#!xkOt>j zM1W8_%({F5K86R21AO!iVc6tP?&>FIKRYrwC=dGCkrN&pf$1y7Q!@mqFj*2G-zCp} z!}oyE?E?r5FdrNXASZP=oDEi;Kyw93M8<#OItO8!>797pP5)Y8JSv{37{CAaI{)3*><$oYkj=NYUkG!Ce;iIIAzL zHNnTE!D=Ci0;fn|0w)i0$@qmhT9OUtm2h&DC~lCjS;XN88OG3m#rZ1xuM)F%vZGMR zMaQ||ZVjbPz%Zng(tsGVY}X4!s^#}gX#exeVEza9{}8JcUX=vRpULY2xK_Yy~JO@>a=jBM8sYI$^EKwWw+JXm-PC-D~U=aQQJXn;a1TRVo z;G)oN8N~VqD`VYyaT8(TK%{!>064gv{G!T`wW1X}IMLB5)N5zEnA2=u`AcrN)uc%QKheg&!|7dL zSICgPX9?1zWC9dzPod$2O6pM72vK8)6F5gnfv?~(H$FQ`O7R(tV|-39N+9!yM>3Dh ziss9+&?AwhJ&xiXa&G|9HL{7&OvD+`S~Oqw2oU9uN~uxlL~1mWIJiy=s>KPi&>>aw zDH04Nc{2(YRrG{xMgd#3MZj4JeezLJHuzIKpmEfs3K}xps3E3Q(O>ESIYIv(25nkv zBSOS5A(|=k8`qm;AtICNQyVZObGs|bDbtAT$l;|rUq`?5HaE4;W2U1c*4-wu=sYSBch>jID8r<1%=E;PobGy z5J{B@h*IHb{yOOVNg3Y9%7Rfig%XwJ`?ByD+5fiW^yRS+gr6SPU7tWaAd7P3qN0o6fKn1RF? zx5to#v=VUfcxirG+Giw|*dCuEDg+j6Z|0PFgy`AgyoWH{WSi`iBIKf|b`LFP672CMveBk{ zpGrN!UL?1ny}!OfDXcf8B95a_K+B}Wdf2}j3k8|Q=$Z!!>{AfH@-a9VpQARc@O)Jc zBLyHkUn6`b&k|naoeS)s6*<4oYwd7oFg3%DiMUm8S=E26Hmo?>=Ge1j#1~nf_APZA!Wn)EE#s2qGa= zdE${W_~cV9Wvrl*zUVs10x*(@g0dIVjz^Yo1|0K1hJCQS*-uj_@MKweBWY=}`8?Rhu%LaM=^mMo+?w2_2sNVIg#x;LLdemX$5LMR)XAna1%T7 z5lM##oGdZicEU>)fRZAXJJHo6icmXjy(FX6a5W_lyHVYAn+90>D%zdAb0;TmVbBZS!y(T|kC@K#UmJAdCos zc2B{o4*HFw!p20Hn1YAn95$B-II|PRh`zLjD^&w-ack2`M{T%~HNqht)~1n;YLH=Y zb~sEWUs%I~Xao4ZO;6B;i76tuzFhzul7*JNd*-A_a{Z8Fi%PfcMTg~yy@hZ^J|Puw z$sdpxPFBhGW55bO;VHwAO51{jV~*|qlt+ZaMnvkMpfdAwQG|^gXmn(j9S>2#ENC?t zR#1qwz4jy(ERnwp8fL9qyeom3g0v|WgdPeqkTmi;4VMj3_!Ac9F?*sg4TJrw^! zHUU35YRYtT(&nLfrksvWc$);uKx~^z>G5_onnHq*(q!BUqyAO8^Edfb(HjNTmHVYc?f)RZDzH?>4Y4Y*lR}x!?I(OfdZL(& z_(adX5kx=I&r!iCkIIW~0KCn~~s3_PTvd z^Jxs_GwuWED<(vP(50E^r)rdR)N9IrCTht3k&O-5euL0AlVE3%YWMI&krvo6;4iT8CcBp+TD?Hp2HtV;~YM<#2Tq^lWw;9J;7MzL7R1Ujm_XiG;))N)S#5{3Um7b6we9Y+zD6 zr3lYNH+F*`4fofIM0~O+8$5(effP)JhZD9G3HbAk5sIdR@lFuHceE6uha{7V`oQ9s(wl68rP9cVt*itQ4FaDDcEGd= z+sd6F#X2+@x}a7w2=*jY4YBI1%*p>GY%3E=*vg4E&bQGs=o$~Ce!zcgzspp}NY*WK zd9ZERh$MsWD^IQ z!iYGUr7|5*+EYdbg(mqDsclbts?2K&{RtL|Y(em^6(~7%Q#dQ}8Hl-jUxBO_koU-zc(CMt8elK08H_J(Merj$)snQo%$4KFWeKqDYotFJT7@ zBxF%CK-3p5>4GmL!heddD6(OvKRy~AkbrO!x?T$%GKJGK89X>L0n$u0BB2_=saVq( z;)93q?E^UFkps~q0;og^h6S7+huvbiMd)M?kqU4HJWz!hB)aIxH@V{kfnrP1(Gewy z06MmBVtq#6DY&zZ(ok1Igs%E7(v$O3jE*9 z`-}5G{3Q4+L=qhHOM;J7ke~eyii(PjiRzosHzYoZlJg|4YZBKj2@JU`*Cf6m1r$tL zl5{MQz)lyY{of?b{})*Q8^#~x8NOiR4rjdJ=jG`^{N=jJ^?|3C2RwUuc({7HdU|-e zVH`Iu$HU{l=fD0P3>eWj+}nreg*jtyh~`>bTlbDka&vZRef?G)Q`6VgZ~fTX^0t+! zuH8R0`t^%uGt;h}^v%89d*8YCM`C(Q`a)Fb};OY+q=4B+S+tOLo){lD?7V)t*x3C z-3(luOx(G;T};gEa1$4n0d8jP?qu#{-PzW{ifgZJ)ycxcmeElev(bYt1Edko-t+PRqu^N03yU|qa&+AGXFK4D;Fg0q{ibzymuqnB&`Lp zp)X%O3yt)$cQT$nTXO5}$&anij5;y6Zg{4sZ%SIoi&yu?rF*w8x>CP?{pv-U>X==3wWn9N7Ud)^o*`W{Z~EnfGtcavKBb6v za>KabUb+XC6=V*JxOZahzN*o;_Dmm}8Wj}a)AIW1@!Eqe?_PgbUAd)X#O68U*Orf7 zGBK-R=b|5`rA3B?oSK(+Wo`M{Rgg}%$ z3nK#_Et`FP&XgxxR%_F+14VhwTUS3>v+RELqSG@fW_YB z0+I<#s}&2YvcXW+Ma`HP%yv|%^`FuCGv2Ii3z|}UobN4$wC=05$(Vw{UejMa+N7huf;-`0Q}F%G(%*(X?Rg;h z+w|GrjLa`oziHFgcoSo(_P*fcd&idTA7OlYpjx`|H(`mZBYoCnoHGwwhzDJ4*fhwI zw=?CwanBzIZ3>uS!);ATNdL}0e3{wRos3O$Z>zTq@HTq!;HPDKk2?!eB$G>5`rT^e z^()*ErP<%%u#_I_sONkM8MBcH^DWQ4ld1>`? zn3n0s)U_?=RM<^(t~n*{Z+p&$q02eKIXc8<_l3d94iAIG{VJ+3C01Bz zTEvgqyV5MK@j`^X+V>XB@o-i%hU8n7+nKdrdD5RJUSrY?e%4U)*Nn5>Fc=YSjuVJ?8O&Om?kY= zbrN5AEO?rhgFpAELGUB|==rdyfnlA`UTwXzh5MX+RL}3pkZ*SNZhoLM;Fl};tOC2V zOT5Wlhib+3bu4)qRi@|N+{n=PJXT}ZDRsu2GImT4$+?D?hNHZDzdcu8==rm5xvuwx znq4<|tEz&+yCn1Hgjtp(#4#P%RW;>CeowIP^n4TQ!a5DuU!um|xACWFuLmYA-(7xt zFXSh`UvS2Bmjew)k}Zq2ma2CN!pv}4Udhbx@m^nr$n#P6*M1rp0Tqwhkvx|%_|W;HwVrdXCGp5&Md+$=l0BT zGg2*XH>vlySf%c^)k=3tBcrEf>C^$oc$%qZi*&K(QfJpv=78put{b1RvlibqI~J?q zF`qkY!jn{sbM^OnigDVbtEJplIEW-0l-i)z=yYnuVoU|Fnob1D2Wn9Fmu;SD) z-}~Iwj;Xgb$f+&w$_dhp34Cahwn{g}BGvqEv%1?-TI(6{kfY`o_J^O@8dN{J@VRAE zvbt?;i8{NcPQ1KPZE*o@bvN(Zn*NV$O(s_}x>s(|Ok5mhdoFS2Xg;Ic&$*L*qaK_d zgXff9x;|xRW6;!?`E^E;MF$`#vaiRFRasj{jz)} zD_<+&(IedvjZ?z$R5Qb^Ctjc8&dy()YWY4xv-eLy`Z>!lm^XQcIsa5L#iwair>&=s z{+hqFSVc~jlh?idv{AH6ohkTL3JvQ|iJnQ;YP@x4c>R!(FXJ1b~bPGf5KCyP&d zHayeMzn@+$qn-j#*i(qIar-vD#m%zxMY7zYRFY z9Q3HXhnTA?E*WEad(af$M?tg2yRD~O-`L<@F>prIz4^vPT47F4V-JMCyseLO>a+&e zl$l*=lmy3?JzN;5-c>@=Sy6escm0Jce{5Sb<(-z8caW#o?=7oKVRMCfEjHOda+aQz zw7iFf5#4BOvzq6S(ua@MS2)Mgv=gd>yB^_89~#RrkMj%nI?~_Z#m&@K^UJZ_*Hz_L z`fRn*$&5TY@ldix(91fb>9M5?hU%7g4*XNIf8@*eH}_TG-bW0+-PrJWAy>bsDa4X) zSiMoD04ovb^bKII+W>kf#yK>xhS1ilucF|C)cXNex!W`Xn zi#6SP-Ovaa>peS*Z_Tf*4$J?!T9ebv*5hHLx?wb}fY2k~x>c1<_ep1%-3!#JKS;|T zdWd1?eaA3Z?YisF(Ym}Jtb5$QqRA<{pdGIjY?wWS(Zl`V@4cnL24(eX4h5Xw&5kun zJog9b7gv{?b4F-7CkN?@In%?hv&{aS_QJLC+{~s0N6phW@3U<-9Pwk^9mCD7)fKq* zv#I{aXrV6ErTQaE7(ES3HRCgm?0a2MZhoa&%e(WX-s=1Go9-~W{n4cH{cs*Lz9C3| zN`1LyOMPV@V2nFX75I}WH3deOdh;E*zAbb zWOw#`J<<3XUC(74cQ3qP;Jh(NH`TjhsP7zRK+}A~*=Ehmlqx#w*oW^z@5gsuUaQ{C zyObGI8^RjKn-bSl*)>0L^7A<>X9z2-yMJF9!Yxis_YF-k-tKj*hi)GBu;`mf?u9|E zdix_8Sf^5rxX57Rs@j&Ym%-+T0#j~;yq%sF%COi_sYy3%!ql?@8G6YW1EW2yQd__g z&#J-B-KF2wEOx_vxhMO37^+9sGX_?voxNaCP_4Itqn9Gq`62*?bLN3;VtFx=<4pnNljdaV}a!Z`1-$d(CLo=?X8P(9t>#^;DG_64F z*IfOh7xix&>Tjsgi7v!UFq(M@ZA2lh6NlD0nHD~6>^Qqw%%q{paI<5*F*d&J3ffvd%c|q&=-mtxk7Cj22jFfzh@E(P-85UiCDKYML!h zv%#l#siJ*rPwQF_kkvCvFj@_!gHKy)h^?*HS!+0ZZSu_3TC=~e(K%SJv%_e1FGEd} zK-$>-nrmyU1}AF{Gt?YhRW-P3*4lc5wT7BBLqp7uaPHdq=WqG{{eK!p!%AAQ+S*!Zfb@be(hEX4fpmH( ztz#DY>Nx!u;J=Ro|3vyK>w-xozivj>muH|KGw?NdCQe!?7{gD-8SPW%KpNwU6#sKlpX-Q6t6$G=h(5CKYc&p#KGbNhbj*2D>}MOvTk3+o^8@~yT+~GE)jiKdt_zyoSLb7 zR*hb_e)O8Pl1PyN(SqK7{?*kpSBjU-T(xf5s*RhMFInKbs+*OAt!p=Z{WseB-z})lt?p5q`SFf}edA9-J_XwDi!*C#OG+6!?${$< z`6*{L)3{SjfpcxtwQZiQi(F+jY3e+?)WXOh*U9H}x;RywT2iKdpjD%*MX%a=jIO5H zm0hT1b%a)-+tsG9a;G@0(y)Kx_8FxvCp7f5yvJVWt~zSaBV)p&#?pdprykW8-<7tAJN|I?uCTlRCkE+5pm(h=y+wdce80_J@S8+B(f46gu%`Ox1 zhZ3%HwG;z)$kj1FSovyHe8$D#q9D4E79a5R)I6^19#HO z)tT%evv!&~s&{qI9HsaB)h-5Dx0D9M#^Au2G>sw0-Wdf2mod8gZZ&KwXH=SHjxnj# zII70X-t*S59AnzYCev7ElS0 zyz(Ob%G_XepDVe8^$qTEFg?qxOGk@*w%Q%h=~7vBlxEpbRc7aF78^)ongn8MCR&Ll zv}MgzyvZg33xn(}?Kz9-VF3><67_Svepa*lxjIl!habz()I4@EL|?rjHl)wB5wQ#{ z%MT?X6MP!5AbqpljlsH`Gw>4cJ5`;kFo#DqM@OqW)nn>(<%2{X{nN=;k( zz(}8c%A29*e$Oyi!>6$Ek%38MO`QQtYCTJT)j3)lDl-2%t- zmpw8JNxnZLwS`3T)=BOWr$?jF`z(;^u!GjMpaNn>s< ztfw)Jfu*#K2c(s0J68sz#W*(vhG_J>*Lb9=`RS=ZHJeJjl{V091Rm0@cW6nFn(m03 zC7Kn9HKz?M)qW_|(n-LM8uawuuA#?n-b}v~zmIoBt9xk85gnVYjYqW9zO4#5wf9L$ zAal*Ulg<6D+~hbON=U$)$m$1 zty5zbT8^(RwNI{7A0J<7w!BPpY<&>W-{9pOXEhtnlGC%SF?HQw&APn6^RxIrU=1e* z-sIFW(`xi~uRW^XyS7w+e!k7yXSfE#FiJI)_%0q`ZGG20Sf7i3R zbiSH^)_cuD!@e0b8>3{a-tj5lKHgA*HQ<`B-_v=i8fkW%+6C<0rD}$_3AZUtw>TH0Ta?fegZpb4 z$8(v6&j-4it$jqN(+rZ0ddyyqeF)`zr?dE3zm-Gk7-mf+YL&^WI=_z{)(ihp)2y1l zpva!-n_Tj6)qNWCWgT;QL0P8}MXv@GZ(h{dfxb<(*sh>b-NIV67WY!7Q{&*2^&122<<^!%iWf?XrP7O4skH$Dv3pLeh)$Pn|8O9|vJ;TPh=&;sW3{N(?BWz@pxRu<~t=8C` z&`7g4qiNb0(z@(U&@dQMr~7i*afne0l3(*+C5H6Au}3BUsVI&nrBCREcka<4}? zR$bHHnjF@nIS>mjap^IlP_6O$GEF+C+`y)h(bcnbq#91E4@*|l#b|%>ljn5il#H*g z4qV&VX}(jqU7aqZ%-hnhgl>ytPV@Rkr398b zX<}+!@mf}DBc^}OMuS;BO)E68t9}B;=v;yqw&{oH*kS& zN_!9?}Ik)HoHyVtw}dav!~OO=U@pKO`|zb{kthNI^KBX{0R=-e%7 zvqK{*w$wB^S)CPFr|q3wBI=FJ?!vyWcRm07tlNG|_&Y|gv?2s7V2?9 z^x4jP=FJ#w%IaQf#@I#8td~bjf8=V0S3NQ86nM4EgTTHa-;{LD8@`I25jd{wOljw> zwM)-QaV_t_a{cN?^*iCEYKIf=cG*~6;1p@D!>?-H%zRR3-Q05hau6=rHD$;{GqXD0 z`XxMi?Cxck{Ojm8O*BI-OwDU$3~g{N4>~ve$W-01(dTGWj0KmBlNW2+1eV!tPPT-_ z=DVrGpZD~;o_>ubS@_F0x6`~z7#AJt4_X}Xd1WvOM`)P3v^e1!{^Jb;)LpLBUQWaqMuF?pclxYn@|$SmmR&zB z?M!=6U}J&h`SKHPgktX|MO^NJ8Pw)#)Mr)y9NSu=mUnMZ#y7^?Z;uv_I6~9T9c@}; zUA~jnxDa2MMt3in$gyQ`@NTxIJR^qxB{ljQDcz}tW>qj2=R~_V@y-mU+2v-hekk6g zMrUL6$V!P%wZyT6ZkOESh8sQZO1uw;&b>75nH_yoe6&q<)Je6GCo6g_(8L}*D>-aT zdvI@zaU2cSTZe_0>*kJSCXc;ggEe{N88p#531Hu9GyaMF`~CRERH&LY_vn|XlL)q*`9H478JheoZJfw z_bBOSgpbW@j^5GixN`6?JB;4-=THL7M=N zer6SGDtPR0Y)A97@tQ&0O%mJt@F^#{w1O@)ooG=*8;~e<%%$0L7`;mLOzH5TMvfYqNLb2E|HPthWv^!|OjG@6qk{bix+(gpP9Db?rHyR^1MbTP%e&zwl>TraY#$vJ#C;KJIZCiUe# zPE0*Cl^&%<54ZEN$8)R$1LsQU-K$xKHj`raMa{AE_-HiO31jrqV)Tlg+q0JTYW?h6 zc{JUonK}EdnigQoDi^VF`q<9v22D!1ULUPjYoU$PE|ld(&b2v2>%QQKMbRo#%c?%L z4Ro71ePZWWS(ng^n?jF?*=i#BN%rc(C@saW0xxKq)J;kqqoHTLjT@je3RYyp7kCsRgB>;0$O*` z)hpuf{KiiS!_1Sh+W27&iPJ;NY4%lCX0h11Hy9%@P5LVEC!U8fP8<4;j@PeTa1om_ z$I7B<t=P*a;|Ur#e|EO7j_!tsohWmw}}PrEFYM(-E0wk$gLoiMg9*cpS50JX@;iDakyuUndY|0yYahQ1%FU6`T$Oj*4cV0 z+p7+NK_UAwV3$-;Ga*Qdyq#m?0SOfN@I@UX{XmQmkJ4h%Op{LOGg*Fo*jWf<_+AA} zMZs~=W&gN+3K%4TqZUTeVosN`qtg{U7|B(@fvONVDc+$107QD@P$mI914gpTz{v!p zN=GOJcnP9xDs(Y^U0>2b`vBlDs*IcvDTr?t##|7_8_(gz0U~n#G_ANQ=pB-lah{f) zAh7e8{u2`z>Oy(h z;S3Uur6MYXrSj$TgZGWM_Re6x%0i0keR$e@c<;A2^tYP{`TO#>4|wam@e5Rr3o&Xu z)cA?iT0vsyVs0z{19bq@Q@{^#ixMwSxp}*J5fEMg?JyE@DH4u*-J#WYqG209Zntj7 zLI6JMvo5R909GJs<#hcamZZ;&Y(Sg`jD}*|Q8vJt1AnQp8SICU&%Ugda+kJ7GCldy zJ%tHcTU}P?bs(t0iI5?f)pMO-4IVhnRkdgrYjf(=2q?o2gT?_|6?+X$ zK|nVJ*xkz%J>Oe|&j>rhuAh9ZNE`!J3eP>v9*ah|?8JfF={UBcMO~y1oEQLAeUu5Y zK3H53D11S9r}G-EUcul!_GPi=8RWf{c+ZqKRuybNTJog;3h_3(N;CQvpxLiekO zoTL7=(}96~(K;` z920i>^usSWsDt~{b6*+s#} zNlpZfin*VIgXrfO8(!aiaFM1Ymr)BOyYvhs;{7=JOevp=12&vi5T9fN0u(rOKkQSO z^V43M2f`$#bteU2p@!@S4d>laKISybfg_WkPIhnj)XG}~!ftg4}t+b&BEUfA4B zG%fUQHe1|0b6EKc(APyfE`~U)%ms5#ZTZU*!E4+_nG&Du7+;)A3hDB>weP)hJLssJ ziGa}x{d8ZzfY<`FGClUfJPb^afixG%Zo|?+Rn4ac3l~$>V2r6(A`RrKftiFi@l&CA_#~B}xF@7%MRY5rk zL?Q0kPZ*1fXC~}>g2>!ap2Q5N#hp0BrX_46%6n1nA=`xqAX9Wov0N~>d4b|Y4EKu-&I|gNB-E=QU_t1rtC(&0EhK+k7 z8Ti>XH0HNvVwfo7>@cd}o=9rsnQ>uWEegs<8#)=NRWFe7HI{ zu&@KBazas!&@AV3hGWfc{7cu=)~&LU$W zT#)i2C?c*@*(x&HYzrHiWM94jdwv2J0~HYp3)M_^bW9|3GBma-40v5HopkMU3OQGB zf)0N-)B=MFKaxUE1gO}%Nx=|yzqfS9;V1$C62++ipecQvD2&~43v1n@MnN(0R|s#!-Zu!E8Ql_;5kt{0Ells9?BS; z0fG(;Di;hT36zJ9FbG$MCbBgg^^;K&tVGdLWtoA<7_l*4WYO)#gGF&G#oC2DmKdu@ z&bRpJxg&HrSR9lLyBLc+(=(rutu9YH&u~n>Alyj~&J@9N0;?BR*_v__7!sZ#SZ1C; zt41;l`1Lz7oN_FPVk0hSL+u=it(Jh@X6iizZt5uPBD(yjHmgcysMUT4JTWryX%0Q~ zl471{hxBQA&^ikS8yeoCiKdL?WL3)uXFH?R38B-$2}U@7+>n4Zr9!ZPt}1aJCa38~ zAgj*V&aCfX^Ai)9v~&~zF*3W`L(L5Ruzlq2ZbWm(hvnyXAP5T-udZ7n9d9Wc8on@q z+~iv*J?!tE8I6$Qng{4?{S(7kPMWSN=8si@$VBZ4q0qRE84b~`ie$pXOT+xoEXu6d zhxM=Dx3;sPaO|($tihdtAbL14j#M-5^Uw7K2wCp%IH7^{YNN0iQwqYdB}!{ zN;x|bM~R68viMYPoiK{kb#2; zIN{*sJ)xAxaG)=y-DHI-k;b=FBv%)R4es`Q>Q8RPA_ynsZh02cXb>O{W`;J2p~~xb zi`3gSRk6y~hzJ1`IqCBVuroe1O(9ZXe|h%~1y~`RbG3pjQ1vmHsAo|k)aIlwF)?#+ z3Z&SKg&I&Ykoz)IRh*e;6VR}{yU7Rffv!N_sUcS%_JApnSV0-A0c4d7MW?a^?we6T zNCCZ>tt+roXAJJi<8hi?&ap>Xg z*h8-gVecl0Y~I;X$4+2QL_fL7y%-=Mcp8;13~w`miVR^c7IAi;T4UAG)@XbPwJx}MhHy|WoN zoSu@#DJ)Y02LvIBDE0~NVXFDlIE@7gF`uI9$A4M1SsqvAtOks6R z(Mz#dh~WJ~E&jUDoqOW@U7r)?mfhOqnZ&VBg&7=!9tJFFYsFdm#a^BcWlBEN(tJ08 zc!HyVZB$_1=#&U=7D-esmmcp~#`VxEj7XuR z6S^Fh)MZq!s2fBMR|#p9tKqv(-)$C_cd|890frd~AU41BGVU{Ka1E2gXpCy*Ye*zg ze%_!?4;T2P2TCVJ{+h3{3zdi=h`NXO2cn&U4qyCyCy}P6uh! zfe|VI^6hB=_JpDKqfGnZq$o885 zy8(u>1C+u-DDxbgin|(sAZ}UIM5wypQ@UuE2`jmk1Aw z?VLvVPlvc`ux$xmDM?-b6DRl`&o zP<;qSo?^<>6s3TDwE_FzQf==ak!8i$vU3j2t3MS0GrQt=Z_mfL7-D()(!*fX!s?`e zsxI+ul;C7nG&8re0^P$XsQ&!EcUlAvT?QCvpD>ZkLM0q>%U0-X1i;|4kgf@x2JggK z_X754Q4p302{;4jac)Mm-7|-N-j+Q%&KYLz0-|DWWo8n8mOmc6K)G%2OA}~36+8mG zmV$>;x%1KZULmZrV^tCBiQ5)m&%P1aELfGTdv+r}Pu?pb@N^l6KkDnF=zZfV2;3le z@M%4mJ{KT`!$=Q|STIOM1qieZT;k!`?t2;ZD)#ZG6$tJ_*VC@eBHGVu>PLXy4_)ss z<$qcDaGiYQy*lmS<8Yp|$Dh}PcD5(Rg5MY2__BUw=hI`_kWaNozP!7!Lz}jd1bH-1 z=Bfgm0|0V7K)ngjApsV5(wmMP_$G)018|@LE;O*u9biM|u;PI)V~``vNa#@vR2>i1 z9*3Sn!t^mPqw$@v|E*afwb4(%zrX%R>Sz9k<2uKWp3yvY@*5GvFJA-f@@H6nV?_BI zYk~g$`X4k}Qu=q_|4Wg`-v0Of|4;4opW6Ah{tp2lfI`xj&tJc8J%64_S_qVr^L%`~ z)5xgb-Mxf|hqNMiFaN#uHM`dW5H5Io=Uvg5Zm@_N9@{v^_)0hamE=saBsmCr0ucD$ z(!l>zd;Qhv{u}+@*U8hHL@Z7sfgvf^SlYRgXqqH<`Jw($#J}JFNlYNpzhD1HVr=+d z|Nny>{}TsD#B~2RLaN`c`o`&n*prg~Ggh;oj(yis-aTkTQg$b4^^&;bNo0|`aM=|n z_998y+1Xfm+WvOvyFfDvwI_z|wg0CS|77R48~)@ZO5(Vylb78OXTF!|pQ{1F%GK*U zi3`of)yI~^pXRlv(6w6?l2Ve7>vxLIU$WU_P}}1Z+qIK~s;j@3m(>qN*xmf)n%^D$ z^W9&IZ0EE`X}U|QXydcT59)<-I4@3;wnu4_Hh#MMcZE3RMKUwW$jR0A2V;D@=BL|! z+7Tu-kt0bNz;>5Q)taP+y?1u+u73$QB;BI@)+AD361|%(NsZ@RKTx|WDC{aH{aOH$fazaafIrXa->K%Gr)cfu@N=TO+O_{z z+x?)3&z{%#~`kAL0L|4RLT$e)B}QW1X6{y%O0AG0ToM!WF; zxd8u-(MVeQ*U`w8Bx3&){&qP-|F2!@U$Or#7u)yzN$mc+?2kX|w3Fyx|J@S&v9s;X z`n&wZ|BkW$m@ElC|8AmtUH_lz!9PIAo20Vy*FwnMmBjr0H)ZjDumBqU3x-Ila(@|s z{@L8UcQs^xo=pFlk^0Z^`-e&%5dG(T&ToFq8Iq^;o3FO(H~s2*{=sqkr#-U$ByCPo z7=+~1V(dI^NJQ;=yAyeb6NE_em^i3$3Vm~Q0D~CM}VbUp5?VW6YI$~qx=0u`xx7$t8 z_xx}FzZi&g^!GN~J+%8YK$5g}HT>m{3r>4F-lS7|Sk&8dvAsy9-LuFqq|7MQZ`x}b zcCNm5-cB}FKS|7!B%(-nJGpy#_}E$P8sgXOUE7lONh0-b-Xtny3`qvs_WT8sa`exs z8-AB~Q~yQd^dD#Uo83{rwZSip?LQp&CUp1XCBKlBlZxQDs<`dLjXWpyR zZ`Y7m{eRo}4v`;@{DKHlF@E32P`^L&{qEmg_+518H}mf4+bE$B)}+b8!IK1kTZ!+6 zm)`q*Ys_D&^xJ*>Kc3yQ@b?;iW6+kA-}M!CA^Q84`Pt&%+v#_A@68pvcmD|DKW)I@ z?DHpf`ExY?^R4_7*eOVg!+S%~@5;RA9qpF+H&p&QzL3iH>-IkwYkslcuI9p?{oJg4 zcb|^`vYC7jd4Efm;9J}8sZIX!aQCgbyhxhf`rjDbzw0J^E9b8h&fYBaXVV<&yB_8b zG86yCL;J58?rrcN-TVFW(6SqJ`JtrWI>GnB@5d9rO7Z@ocE2i<{_)Ij-S2On`+oO# zf$YCs*gZs9`|pjv{-ln-x4#Q;_uZ-Y$Hx9Ojlaagd-?nWFY?zMznOUVxnR$y{7(cM z|Ci?fcNX~ng8yGuYL65A8}>-=0(bfUW&X$i|K9-1-+KRJDJdyOBK3E){N*k0cL@M1 zTN3k=Eon&iCdJe}Ev>CQNh(iPZnkdcNx~eKq<6VemeNwvvLv|xANTWaBw+xwp91=C zychm&)bD?J{Cx}j7ux?H@c&DqB@dGHKYrx@l9rSq4GAdp-!J-KbN0Lbhl`!t-%ZfU z_MFq-zvA!S{{QRAZ}0#808^kB07{02NG#}NPEN5c&1+@JcTVwZBqzI;6pt@0-MDx6 zmMmm3-tFDp5s~2F2j{i-VfJ|?dO;*0^Ut4Yp3~gyZuq#iwD$V-hxwV!cW=MEd(%18 z`GLeuzi|Kg=JQXR&%b`${%IY-Zk_;a2a8IyMWb}-U8&I;ODO&oEWnTFj2?u@)6Jua z8$eX@6TD+Jo_N~Y9nOx79$lTqS&<{I!XHv=u*ax6jSBKobyB|*q(Pnq$$Lda^830A zXvl#831>c5IUQCq2sJCecoazYjL*?T|0Gepi@xM!x#x;OaMMI;<_Z~lv=a640!T7_ zvfRO_V<2WUeQTy>r$s#(J@^ctj3>FHGWaSQ)W=G#T$@{ea(1}n+!ZBoR3e9lA6cTZ z-zYh~@pKY|Ip`1oR?crnu#V{#a=25u*14ZgCLYZC$VLp;9z}u>FBUXbE?vqe>q8w@ zbMHSM9?8Q1ZIC<;npapGEA9_ApISzk9Mjj@7;_G~kF4+sK{U#ng_Y zq75K$eJD`2I8T+?j3IVmj^UMW`rV!2lsD6VMVMS%>p3H(wif7|6qitX>d5|-SA*mF zRdn&f=8)HA1_`WmggUaj&ks?yR%Z2;H{3VvAwxG+uTOa-+4EdArA}X@QXCbOWUnGK zme$Zj^?E1>OwS1)Q70Qq4R3ea}6VS zl8d)xl`n>_OKx5*1_;a6qL;!u&_fXSm_+~l5yRPISb3YAWG!?lT?h9zbe3k z*%W}eoB`~}_|1^ZX{Vz^N+Jd_j`tqsi(tT5LF!iL!4$nBPjft&(RKiIFxC#iBaeIv z=J7VcpUFG_{`?Zz%UF_I4@(e zLO5bz<3mjG0k{K&hM+7fFN_gQ#9i@FBvjQvbxgVmK69EqWqcTw>RN#(6*vgXXVG(Y z^j`%`cf{m0iW1~(+C+F^U3nK>b3MWoYrwgRpIq_$@*TJ&wem(f4srN&X$x=IC-Ex+ ze(3UApN0;nwsmlORO7e>!M&;fBK#)8!CP2^!eSxgeC_8JjCo`(9--j97 zFjS?r3fA-!2A#;_iM1Dt`KXBZ0KOj1cFjF#saQ5jURJ3xOsB`%%SgY~pXiaM_1tRo zpc02`Q}2uISB+5QCpQFKy$zVCJ`C%3)yZ(YWRul=pKpra54}FrnMvXXI| z<~or)o`3d{{#H0o6SoSiNN`7?-uL}>S?h(=%A&Cf=h`U`rTf@R=i`8J0<@`8Z&nTGS>!Fpz-05onpEX^8H6Xm8-rfcPz27|QBu-;5PPw}8PzG* z8Z}X&Lnh&9f)K|=S-PUAinjpB>nByoFqCO~0|!DBTQalJhdWt_qk7O%b#L1}Qf0k> zmSshSsdJucYgiTDxOjD4qQ;hHGoPx_5ODNy0(n#wLg=32#F??6e$VX1eqpH{yJR{y zZBPMk7?!syqfq8Gf9P67Dei**nl~R-<>9JK8@(+qFtcH{JVLO6a$NExbF4N+#3s08 zs6;uKyAGDv6suG}lZbQ{u zn)^=mwQF#F+zWP=GHyx0-2b7e;7umnQKvZDfn#R5DddXQzSY!hm<6#1*dx5i3V&4< zOiFc+!ombHgHQf01zpRb&Y@&u?reT}ZM-xLyOt@4xasWw~U~ z2nZxnf0Q!j-tocE7s~+Q#rhzM)&T|csjQIgvy{V)GANmiU`AsV7P^wj6v3LT7xY)e zG<{ADbvK<<^TD0j*FI^XYfyPmHgx8e4K>&2MaRtT!CPBTK<=Th(qNb~npd)JxpRva z6oIqhdG{qJlW#*<@K43WutouL)ldTy4Wt>aR<^$o?p8^x3`SHcr#m}z1~_wR*PXd= z8Rr%#Eh4%v+d${KRAaHR3H-hWn7MVyLipWXmC!Xgy+;-Hp?WN!*0-S3@0@KJyHsS> z%EY@oS{TWK#&04q)Me+iS&m_o6+aoNgA<%R>kM)QGZ_!Qsi=zEp}mw134@Nw)iE`l z%g}-!bS@B;S*5mO6N5!%Rc?r;o{{S1F6Dj@HD^8CHJK|e0&gGhQrV=S=LCl-H{?G! z<6Kypwk}qp6gdg;7(XVW3q^J%_^AAhyD(byO;MTnVL7nmOdyn|I@8y7aeh zi@Uip9kyuXL-I6SIoVlT_(ZG;){3#bd^JUoR_mIGtXJ;2n4RRzxX)lOG%t0!WKI7( zvsA0Oye*^sdD9~wTB@8c*j~xXX*cXM^yPAnw;5mN;Y=l1x_Wa;J*Z7QOjr$ir3g{I zddF4hW6MXoTFbJj^W{=LW%$D*Zb^wbjZd_|MItv9_^_%bQG~UR?<+04ml(_swnX)^ zQJyq-yFuCPd+l*()s2$!FnP4~LuwftqyZ6iB^F^)`6BzmfCWVHxQa6R#k;Q6bp!3k z=a&3Ddf2%>9vAwY>{4>RbU^W9o87(H9xw`237MoxGN!fAO^y5xOT zD1YPaedGsD99^0qzS3V~YLgd)^pkm#aX#dDlc#Y(V?4LfDo1sH_v`)FY|qiujAZqNZ17w~NY3>)s8= z0&~*-jq6iNlV#K6a~Vo}MD+s#%vL?7>sDHH62;hrLH;!|4j6q;xr{zK9sD%6Qc&DC( zb5gd7B@kN(l#CfsA`HTold)rBCNvWKSfd8~Vy`>KTFZmSVlJ_gi|X|qm?kj-0a1rG zZQmhZvW!Xb~#WBHt7AVmDW z?U@dG>8t^wq-_(+XZYxt#u+Yw6J_@$WC`k9d8eF$?riJ(lP8lIvZ zi+|@AyC@&uRG#EvOc^;7d!bS2ZjlwlKh^>P!fs#Y)x1pSAIpFgzG-0Qis5o7lA~IS z@oJ4pQ@G+$4)%?W)!UA+$w-NYC%Z2SU6MV+vUwTG2FQv;S*^u5le+wN1Wf@=6z0N; ztk_yfmi204bz4khIa%*&d@^fv4kDHVMaGIEr_U53D+84E4w`snVKTF-Od_d>VA5= z0;szckGg+pC#Eg8@rkHR7?((kZn$IKK?LYfMaDbf=#$&oeQT*7;PH>;K{Yb^_w>C! zibQ3%M!`iA9tjg_g}I<{`t~W->QMsWji;&B;>l65X9n@Cb$JY;3EAaIXW$_A@l`np?pz?(-Ig5S_R<7IDSl-@w|U0^X3LXvt1GbLTaG+v48E<6#$#Pf>b znwBlWijAJW!4|}{%tE^(%My=ngiU~tp_wl;P&N`y6fQ8*S#f{3+|-I^a_?sPbQujD zkQ6ASqt#wP6`-l>QF3?dDW2S?O~O<;0gOpuG=lE1jBc8{9%Mp9WfrZ%J~21dt6{rWPQPd#|jqa+BYzzlGW0%XSZU}pE6Bs91A zKGmyu3b6&KJzh|60$P*ZnGGPSv1Bj9srC!e7-b%#(WAcaNp=qjc{Sb|GY`>IZ9kAI zxP?LVp%7csEu$UagD4<*oY7~K%ma^DGJ?c=L*A=X@c!>(oc|AkLVqLvCqs(;?gfBt z|3Ltl6c@I4vs92rAG9R>f7_Fix3aYH`Yq`D_t*bRqh(}B@&BLVe}bl-}` zyF+>M_!<49s+i+a`_T~67pws9S1xrYdo`ckRpy>3^nO{CwLi+lm$YCWtm=|~Hrla+6;8Bu%5$u&aea2(U3|>@++)9*mw_*Lh=kwR zd=>M@%e}R(ntDZ6`<|U~zhR=yr?NjA0;b+Nt6JT5uQl-GHOAXpGAG;z@;eyZY{B7? zj&L}ONwC93`uGGpoKIT%Wi13aD?29;hF}4idAJuGFQxI&a|^NoqgJ8D4%qukT%HY2_>++$OVOHX8GP3e1i1~`V3 zOs-z&<6KyN|6z-N){d}#zwW_cvA)ol3E;R*FG}JRu#^wsYOr2x^`p7FhEuhyXOUCj&1ZcE18#y#X=j@#a z;Y}5H1l7*bjS}}0PE#l;p@W8-pW#!OP@eFW73!KQhK9;xtIb!>vcNshsW~iMHq-5c z9=}-1$WqhM_k8ZryOugD>Wd#v-fCjeWkqTXxb=?z#EaVCG>inVieMly6_(!7!=<7q}ys~RU=!Iicaoz<`HaEw@19Ux` z3m5n=-m#7q>NiGs+O=8nI}aHEw222PQi@;|prIvvc_j1!{?H=dQcC*6$qY9|x%W#h zRPX7AgqY0w;g@xMMaTsLbe)zj^UXh9Oz(8cR1dLe@i%sN>nBA6y{Da?=K8HvJk1My zzxFgAM<%*Th+uYJEr=1UTrEtHTVE~0pAcOuPBU~~E6K30Tr17-U0*9BM2W7K7hiT> zuP86AT(7KdSzoWJ>ldx^AoZ31DCT*KYd2d1xkYnczKkaZA7Kzi1cGhD9V1BKHVF!5 zw2k#nPDwRFfUjg^2E>r?o<%UHw*ezc%gRd~;{pg-h4e{jjZMvGigWXLeEnH%KrGO9 zo+Nw=iNRVmu&s{s7W<93o7@e<_h#-(kDJy{ja5z9(woNi+~%B~efE5VZ`>}{cGY=- zZIaf`-1jZ}`U?O;5eS@`?lfQO1&v(T{89VayQ-9eJjN=qR z%#zdzKU$&NJQhR{G_fWEnvM3Hmlw zP>u~bck%tBQ#6KW!Qj)IEwI{#aQzZ$aOz8{$RqRN*;5ZZD2S2TJX&U@n1@9Hf>ZZ$ z7TzEx%HnxUx=b~wht8e9cc1rAFV(`p2#+!Mh08B}8^r`J-1xLj@#@j25LW437v6%r z{BAvWa2@q3D)ijBqQ`pCBCWGNtkA9bs6ocno={E!cvt|&iNG5ze0$M~vdvC*;UuM- zyLFt*q~xFjRu@-fv2L)H>R6b=&urB-o2 zgTkfQXJel9aDPWzw{L@dhogbrjQjEK1Y!M?piGrQbt>A%9Ov5!m;kan|D_N?cejFW8D{YC-BiH~P$rYf5A zs;NDT$BOo8yD!D~MYq&i(&ny~Qf|-V`A;)Ut&DnA*I_~7D&8Np+dNO#nVMeg?yL#3 z&tfb#Br0n)Mde)9x5;f{>7B+OJ3=ne0cu`+* zByEx7%)5Y>UdnCn;@eeaULHJD*@wG*Waj$Gxw+TDRy`Mt@0|>aezm+59{*zTUHyy6 zs%sMmZtOI^L3hnOeI&nS0OW_jU#H|!f#>w*)oD+f%U5`ckCyxb3OHOiG$SbR>Ds2)OVI-#|mEN=^$Lh-U8^jak4GgxW zoELhT%XfX26po1Qsk_q$g9^sD@3Y&C`aa;EV83(k>FS!`BX`<@+mx1z%c8Yxqgg?(EYHN(ybm$`?fw6=+vsG>E4wE9vd78TVv0pca-vBKl3 zPjouoAL`7rpIvQTseD$``F{ObEs;#@d0j8F%k%m{!K&vC)VJiG zJ#QR8A-2(U=-7YOx7i)+W2*vB)*4Z~^kU~HJ{^TJB7)r?Z?T)@k&;jRcIEq zMR4OI#f;a?)g1-LN^FN39nzD8tS*Yf_3mn>a0|Y^zqZ>uctl9Cojcs8DUjRCZwKCz zdWUM^$&8OzT_OXR@QccAjMWdW9qR4xP)H?aNiYf7ewkmXVYYOKP##ttnHKV62G7U_ zvR37v5QIon_O&Jv?C`wQbGPmvJuqlAc3607aDUCobQa5)qaSIj9H652)^$4MruBl= z{fD?_??Rl2M;|YYGWv1O7mdzZe4W1Zg!YOx#Q{a?2(y}7jg-DLi~4V=lhbNT*F^ZD zo(VTsT^Q+lGF`CPCnKPJ;Cf`|vo~*C^UsKEt+B2>TpA}|@NviwhJ$sD6eA(4nU95LL`bJt$=d%(ua9}t`-mL7;$?kYf27Z+-10=FU~Sv9{h%n za^LW^MLvpO%^d^kls6N`Uk>;0{E93{6MV2|iGcZ#r)(E572*cR2WuEp|vQN@% z)!rHNudKoDr=XCVocPRGf=T9I>(77h9X(8-zj9(A5A*Ff#3>hn^V6XT6kC=7O~+HoU2PCM;mhs`^9{F4njRim`1L{J(IO%i1ju@SMJTqo~D7B z`?G=_77mlu#pBG6<|@kX+`G$u^TCUkn@k-xmh&Zx8)H)~@3TI6-Ky#1(Ab>mbpDbS zJA7dQRT04$oC`75#&*ZE@@`D()0)eheW4oKpd^zVJ0i!XUs){u;$cGoN`e%NPr1~N zeQsOxa7bTsB!y_bUWj-b+UvvS_}*;z?ZBxdG|PILI%DOHY({_GbHmMI4V4GJAP&hg zRb0>JH1#(hc@Hg;H!T$fhl`0<>G=+IWj?FA`uGOVTbYKclA{Z!O^#0wpH-E(t&ii^ zc4HNezcL&yDs>sFxjx=t$dP|bp{>d3DE8{5gWP@%N0=y&AfV{lx2* zYJ7T<`|y1$^?SKz_1s%aS0@HQvD&qVUbi}r*@kYPpi%nx_NB{6(5F$84-RuHITvc- z*ALw*duWt@*OkF|@!^X%A0k4`w+pAPf2}S{4~ACuTH;=hPMHQVnCQ=kvvA4lhVe{X%dN!cyjQIpWBi2+MPg%w`C{xdwiej3%U5-+IQm&*u>mtp1EP9gtoY4LWj*r~ zRP-cAxNE4{)D2@8V>JwATIfg%TTX~9|IyFMgg_|8H;X82N#v>!>y`>=rd@v}~f21E+dDC!-_u6P1Cu#KnbTG zQ-^%d+p*oH?Bax#tk^6-7@jn{U7nSCQAH3!UOrS>*&McBQqGv>@0jyJGj1&(2OeLC zfAQPj0m>ZK8U~tf+vBSnD%aafYq8+7q1RYh15`7aT$R*nD1?>N@~$qDhH8g$k?yL8 zUn@bayyc=vRk-)-q3uP%DlZ``G-fX^Z)xGt@SsW44fyLQpr(85q82)rktbofhw>)H z)6y_sg34f=1-`zSnZ>of-^BBCSgTORClImwWBhBVXk)@=m#|-eC(je_Ku{$k(IvF< zHcgHf3|CVvji% zZYQud??wXlt5y%JQT7DWvdqz%24O>31MI^ic|qQn5|gxJf=pPk=K?Y^X>CJ6nfU>^ z{*0FiS@!V>_^RrwC+v%Sa@YdTMR3G0H*;J@HP#Tjdt|KIZ(QuU<~%^#F@oc|b@R^D zUEVg6$Uw`yY*4*jj_H-Ik@=Bn(rn4nmNGiY*s;vkHkWXl?d?S6^RGKM!_$=pUI^Zs*1B}X5%ay7&(qppyK3?*{9b}{es@@IpDkb-vd?lwnb zLE84&SG8H}mGfsk6{lGps`4jvxpmoD?2|ucUNSHhypC z806$Y>7ZTD=p0`AQWN9n&sLD1ivJ@2`MnIZe0W zK+MFUZZH7U2_gdLoN(D8!%mLW-eg&Vc}&1~C@5$chs$H=^j|GGCZ82rN(&~a(1cry ziXw9i@q&QwTx@6=yZC%5n2Z%8OjZ!A;vijf-9$L6zCE_ADlJjbzT!-7mS_>PaV2@> zmwFlspg}-|LW11!@Q7>k9q0Myjcq-Z)pgeN56a0OXHf{D#!_&&?6tUgktTc?>MGPt z3nSKQ6{j6~owt=@w3?}@qO_xX(X_55e{y8CYb$uD7D^jVEX%Ge#hizKl8Q2sBYsxxU@UfeHbQw#S$dSO2vu{7 zc70K(UsNAmTOmI{)il6NHT!m4|HS8wV)FAiQB=6^qsrS>9nY$uf%cS6#h_CXJ`F)} zmwZA3-#Z{+>e^euc6j`6f|~8(ym%q ziR&3+pV3_C=$WCoo|Vg2xS^}1WpnWL%4=?sjf@@p1Nd`o4u9HcB?VWn{Pm#~M^}o_ zIzLWf<3Y!67F{_b_J>=$p%n>ii*fD{88jpmhcjVt2Zx7+#8|Kf$Hm&YF?&((s~KQ~&ca=9`#7}~i&Y?7I4yQCvCqNI z1%$%&Oy8S1=-)rVUNABiw7@tpId$j$uDAVQq;PpIWPY@1)zrf33bXqX=iTRE3eK3P zYy`)Ta!7FWNzV3gdwOU0ryvx`WnnQo>&&@7FkJ8bvGd_)Z3=u6 zT|Zyce)gD{ngSWwk~Z&RI`bgDQoi-g(-S;WJxT#{ua-NG*!0zKwqJP3;X$9Tz_M>8 z8~#Qrn7MTO!-v~9$yGikuWr4`>(lqW$9;WgYwW8doq-eMxNV-<2Y9Qw>gwAMkHf3e z(^G<=>(&+*woa2TL|qOtunIoI<+xzZ$~-t1$XPmbCF0#(X0C%gQoT8GGQP_NYW=ao zp!oK5%i_+^7qr-A*M8&|S)92yqvvy=TRR{lJCZXrV~^c7cBDMZN+pMfMAUK|A|lugM? zDF96;>I`RR@)8PwOBN1rJ15{w0rJ_|e*>k2# z)iM}SXRa?d^e`@nQAL+(Xq70wqK@5I>uS-c$Hl9Sy`mk@$ur$L9Qji&W;-`OK1tlL zdFhGTUzbuiS<%jdcb3R_X{hv~X8N+2T4(vxGdJQAyK*h>JI}at=Ib;B)`~Vm3c(Kg zr_VNumMFw)0yy%e(AVGEKd*&xJatiR5~$OW80pkXaH>tt6BR8flUuC49_KOaUcsN! zQB~1?G2mPsaYd`Xyt7cz;|?u{^|_uBXLiq9nmoF1x|tlrj#lx>bwa?Kv$ z!+iaUBWB16eOMr#q(m>|y_tPKtok_XJ%o}M{+uo#Dw0IGA zf#Y?1>7^W+Fd{ieLo>7|&zib#`>@zn9esZDcqSw$AeQ{CzS?nw~|%e+)e>H|oLjkd%vc6al~0`6T*uam$`Ra1q+1FCb6 zuIg=nc?P_izuadYD;jdryAW=?EQ^{hiDQT{WI1gpYlXP&A`)RloO!QCr8DZ1xXwo} z_CaNtcM~EcgKE7M)6GpIZX}Uo4j&unf5dg}bi#81?t_`vDYI~%g*OG(waSzX z+3&<2yfs|}Zd2x_c;o9NuuwZb2-3KWbQ=^f`}ol>^wwRy6wWthEZ10j-^9LxK2Ulp zeaVPOjgHIwOtgT%R#$cYc*<6uu*kB*G(;`FKYqfdlrI%=+xYFN)g)tZBDEbAGkdFTB%ySw!bLl4F3pshf?>sceT}%&NeJc z#>1wvXJxo%tt##}^{cj26s0d4oTW6rd3ZYQeWB|C)sZQgVT0OQS=4z+%43h#nat~5 z(p?_tbevtDCE8Y`m592>OBujH?Ye}igF$7FHVXA@W+q=yiL=VG+mEz+m%KPS`e{7O z|4PSm-2+S~DMgTj(-bddr;yLG!O5==vd*n{Z9KnCy777W z@g|9O7SttWv{<)T+EP-8E1spY=4yGQogbm2Fnc!u?9URy5nW;B0_tsJzsZB^p1d=4 za4c<<4QGF^XvCrV_R#p_yDLvu_l=p-_puLP1A~@!XIvIMYGREP0A|ipmGT-hu5oMZ zrw+tm%-U!^16n!8x>(kLg{FEnR*aSEg)eWoJ!3TLi-&ZWA=q9AUPdYZIRSB3R?qxF zQULhm!XTQT%x}qA&)8{mMX5+JRrGjI>dIL7VFq>>Tk1p7`;16fiHhvw{;PVK^?{IS z?DYR*@4cg%>b`a1ok|ET^iU1GLqIwzp@>w8h)5?Oy(mot1PP&6L+=oJM|u-A6r~6P z3aE$@nj$t(QEc$#eShbC=iEC^xqqDReB<76^Uoe5duOk`XVzMCt@+IPJYC+`Ri$5q z$O|`Ml|qY)TbmfNeZK5S%=rC8zd03coLH=0-%v< zYe`xX2egZyd?xaUyG|D|$?{g#m3n{jq}|TF>G2lB_NP=)M6`V8&84-%RPtp{wk24S zJ69TNBy-;m8^impmtaA84MDb{7f51T*^X{*6Zx!JOB{tFDLzj5PX9KZ;pGhZ>T{+7 z@}3V&F;N4yE1xh^aFnakO~mZPC5m))7`lm`xFH=_i(qja+^#P+t=<+Ylhtafx%mo2 ztYBkq-(du-X*+dAXj2)X`ej>LmR>gwIoLq&Q&hl^Fxf$&=d)Ih7uZ(OcuK2=!Y2SW3RF^(if44jJy8N9lQy#;FX>t_0Epk%GVApwV0T>dfv9SDevydN3!plRL?gB-+$h_GW?)ZSUzM{I;o^_ z(&A0?m#Q3oCZ%bx7qalOlw?-x|3%;MXd=mAnFNgH5d(uguq_{XDv;KTt!Fl%j)Sl6wHh4zg z-LUu6rLu_Kd*>-S_45WN!sU9d-O%}pd?G+vS3Yj(zkac8sCj=)KV}f#8@6+2vm&kH z#<$zYj)o_`Dk*mVd>q33r}ovl^Y#w+iM=ul@btUIgB!0;mat$it&|Xd?_4}d$arV> zgtKe|b4?X=cFvC%O<7FW0Pmh`K0jq&vE=z}0AlkgiepT0Zj)o^OXV(jRGS-+dlvgF zL;k{goCsKkay)*(Gz=Way9ngzv9|aJf2v;i8t<*k8J_B^`X@dckraL#E*X%RHOjT9 z*{>L#!IBbP^0KmcdxRr#E(DDi*(t2oiLwj0!A%x}n|{+1e%+KYD$D&wc+rrB;CHTL z7OC6BB3d4!7KVU-IIjtF!QbSxW7&}6C1-r}>=<#E;C*wKu-_RYjQ8A_ zcn0z>YfZ5ftiw9dZp*H>7yfubtRSUm*C!An6>~k`h7$YpJjmGsXeW5anX|e-Iil+d zF~2D(ci-P<%_{xLwY_^4_w@9WH1YTDDjOFp=l?WcoBQLp!63?iB4vjyJJ^9&^~*q` z!mFP1Ok941}qm-#O0P zRtz021Glb=Yl@BOU+jDx)LQaNehvR-K>dr_2U|0zlGzcp^FR37!gM^g5HN4+mqPnq zjIiMe?ENL?Fxm4#0>c&wj2E%mEOxk20mPWJc5mdGmF}G~mvR1!5taUJ0|HC6H5$)u zzuj*O_mFjvV!G33lwUJp);x70uVe6=O#7)a|4Si#&qw%qZiPh`c#SsPDi{?HT3youoyc z!mtS|j9K-L3r-r)N6~E^O@5>e(~H&TiS-my=~u7Yc!#EdR3Qk-=RSRKilmMii*dqKDHBb1JxrA-v6z ze%)Nn(HX9N{X-peo%iE|Uah0PQ;E~%33C<0En^eUmtTlZ*+2I4oJGH~bH0mipn^so zu6)|vp~k(ZyfsgtJv_f zn1R!Oek$&Dy$N!mrruHXrSEM`jbrk6_pkpT+l?3UER+o`b=J>HDe+ouYzFGjWs5@A zL%-9JB+)Yk_FNaO7fx3myQX6Oqr3Sje^;VO>)V!{xb}w+_??o1NzZQuZbVWxy~^$N z)<1q5spYlqF^KP<5;E76scMeC;Gtj48N`64{1!2F><@NSESx`k$LPYY9qGIIsj>9u zU0Y8YQk>PA(_SwxMmn*XS=|2SXZfBGY;%W6WAe7P-cXOlklfhn9gi>h=~3%RYxk>v zZAwSi^zrR&dVLXJj+)Y7R3dHm_Py0(pBmmI zmLHy8bhz=G8{r%k`8-&Nv@GM56^n8crx`M}@nEhW8aB8p*925PJ0%pHC15VHEXIvq z&y%h&7wAP#Vy<`Ba*B-LgGEF|3ES(L=F~zX|4;>k2}RXJGUBGOWaDPGx%%7xDV#0= zW09vxK$cJU6TuGrW7I;V{4P+)5#IP3dRdWnzbN=D?hTmPwjBU2*ZI_eiA|H9h%0s2 z*U<_2Z%rYwDuI%~jZ;|3iomKODF_nhTVKnq3J{IbWog^hRjIp;NS4hMP+jT>*tTXH`JuHWSRdRw5!aDA`gUUnn||( zZhI>+qT-8JKQbfTy1#F-hr$GzGCdab`%&Au_3xnRNu-t;<+ytr-kA$jreE~DxSA#OzZ zd1#m1RYbViu1c5B#pRJPrw4EE7fM`z-VF`TK^=zE!Yt2)x6QmB=$RqLIQ2b^e`q$m zX3X2v+a|r>-@ZAdFRWG0ZGCEFtIF#X>~-m{va73{fIuYt+!xj_aKGx-!FBl|$L76U zgEF13gBp9+I}N2|2YNIwY5#6=jrnlr#d`B#2e$k{R`@6U?N<@Ibx##f?hRa@iQGTE zt2JIeEXgACog1+*v#rtZ0>XLMb3PYH4O8}G42X7e7%m*zmv5KYiJXzO-jKhjTRA^T zM2uCit4JurdfyT|vU6wE!>G9d^5=^5MUdY$3`Q4sLm8&2<;%7AlJrvJhxJ8nu@=?~ z4FczN<8#}{w)#uTS@Eo0dCVS~JsD~pLdq&!BAkNz@zx1G*8G9iTq$Y|7xFrs9mT8D zA2r-pAKc3bOs^JvV?3_Cyq6h1T`io!{$GhL{GC~g`={8THEJ`I)+}5ig=jl*z4gVX zaHf8RCHEh$p&UU(4}>!>9foI1O^YCBWt)4aIi+~8IhPcd5w5t#m6aw{MkZD_##1r_ za&EPEnB?)sCZl6B>iDkr6y2zE?dzn&k$QJ{qWPmIhi-EXQ2p3O#_34BYIg?d@vP?~ z^oqUnDsTM4((?NcAH^o!Uf<&zSTEcecyqwHLKzIGqx?{A+|bW)RG zS^n-PIB5?U2wOyMEV0aFBe`31S>DCfUdpM`LAN4u=Q7d-iOclV0b4dd^f zK1nCu{kp+=;_gv4{&1k6_&WaWQ(?sKKlK>(FMJG-qOG=`I+60|*a8mrDqkqJM2*3f zfy-Iijl04m5$;q$OtcHS)EF)*DVx}9of3jlS(%hXFOQ8IC#Vj%^B1)6xM%;{X;;rBz)anfIABDjLbeuob* z?`{N_MIwPJk?vHUR^HNLANiY|ramPAGsLg*<~qM@?U?D;CfJ|RCEvKV+h@T6uz+m) z573z%#&@MPR@m*T=yl)vM)F9}aM>t-^JL?FD;gaD?|wn5|be9d9*4iK9>DOL<4IIgI`+lT$dmnd~pB$C%`_!B2cB5(Hh`jrCpK;{M zNZnnIw04y{UWUxl!`BMa^?IIoHp_viVggKG7`kk*DzMY%X+aIhFYoJTrTtq# z4KcxK^!5LepW00Lv#8;onVsnmJ$SExuS?5kQ~fJ1xXiT-3m8O`7SM$Xu`{71glnCS zZ`Q6>-4Ommd=@9|sJ@J@5E@xEJ-RMmk^A6I*aFwk%3&RE@W&UDiyWIyBd>J7zwFsq zu+o-aBkQ(>zx0kP2W>FL{0ZHB*@;sbE4i6b|N6IcE9qTZn&Ro*M&7$JqsDAaYICh( zcVkx&$Iawc=)mH&t}#oR79&+h={MK7l<)p%iJ0a4wdq?ozHRzEHG4O~zL$>JzkezE z`unmR=izT+p{v7b!T7$0F{lWA*z z;04r>XxYU0&r9sO3380VaZ=G^;>j`BJDr7wwcPUw zX4?y#D8jA5Mt1Lj-+J}yDrZ>Q_uL}WE^U2HesJpN-c2HN4TiyFLZAOLIoZ5M)Pp{& z>il<9Vf_Es#=lqpqxQc@0QDCy)L*oXe{(-6yM$he_?yHr*dy$(VxWK20R6}HKgwz< z^dgi0vHnK|tM-5OKmJ=f#XstQYJntRk*@!9bOZuGhXp_t1o8?7VEVKJM_zk)I;Z*YW-68&OxUUVVE#BEUI) zxnnIYv~(^6Iyg8uKR5rWsqWX$U-k9%M}Iu3l6$CS4-bzHQoYQYEScSMPklc;{QdAu zb;hNiPe=!!sz*mgKi9c)bC-PGKlrh=@o1JjN{+tYeB<-y&%b}aIielqPF=iB)c*Bn z)XYcC!^7jxm#?X*sq`J>-$whpw&<^S0^mnf;@_1+#;$94W9^$}_d6R;NS8lr343@_ z7$EEpKYRDJvmj72diaLUNZ%fQr#&e&{HgTzuOnhCDK0)CHXLB&O|u4>gRbc#Z-(%) zq@?+q8Jsf=&IBSEZeBSLG7E0Va7?6U8YU)3>Jx+kb%ZaX7hps9h@^Jv`wZ!l0g1{{ ziV%{Kz;^PA|4CmVm-*WO0>%t9pK0INY)huE`5_X=v4FRi2znVH_>hI z{Y)*29n$?SPeK6-3eZ~EH@FBSa0WSq{jt};InEZGIWO(EymG3Lmun{hK|2#07Jyt3 zTz(=+uk$Y!#I;*4=+Ob{JbEhw1OUqj6 z-@EohnnPSW=jC_Xp`_|N;XG2WuY0ly5U|)>*UA%|GpY}rb{$VwZjMk-L?&lBU4O+0 z=v}1LE68Sh{ewtOSg#Pz4XBDpZ|dpT~ z#(gQB9}Q`fHDwnhbn~MGMRMm@!$yNlSE`QZs3JB9A&dbWH7f>b9;igl6%h&IfPEXE$aBq5W#Fb9iq zNxANvrZ*P(i%ats%bezmgQyZ4q{?}Nlj~tqu&Q@;*8FUaf%ii!U^KAC6FwnSa0=r4 z5hUn|Pxm!Huym&8Mp7R|6O!DAJs^)?`s02qAUZMl%S_1TVt9baqD*SUd3CCQ;oG?ce<=;y-Hm~9+m>84P-b=x!S8>&E zkD-juAs8pBc={&pD@N|6xugT=apMOn#e3=A=GEvY(olx}f3-b4`p5q8`^5OEWo0Ee zeo-4M>`IbzSy-;-8 zrfo0J&m1T3p=D+>WhIm)FM)Q)$Fd!K765i@nZYt~Y}P>GdUfPQE0sRIBmjsw8Pgu-LeQt&7WoR2^$T?RuCuZqqxwm&J#+mr;l z83DF%Dx5u>2oXia*_hUX6bsLQ9Z?`&RSc9BRl@-GjYDf%N&4;rS`U5b!F3{CNw*$K zWCSzDcb9SlagYhSS=aTP>?4dZ@pMj*+*|Z8kAW?fn_u~STsQ&5`Jqu%*$$NTGaHUR zATm$L#Im(>F`t$oYBB_#1?W6akOnU`7k(3E^)4P(79(8)8kkLdp$f>L;{FUw=?zlB zipGE%-;ar#9GFIqXWLq|h&LxKv|N+r-c-U^S9@zL(>f zY&f^fgJ>hJ0%cn&#EMEpYEa>itsxL;K{x{tGCI+71$=kV7*}k4JLQ5*OzqUd?H#pl zfj=Kfe9s9SNg^;|^e{qY_hv0O=1jq}J%m1iNh5JhK(seV)Z)Dx_yp$O5$tV9rP(8J z30KX2jRM*q;|P_f6sy}3VMFFGpsF;GFy>RvD)QplB~4~_@`yN!8pkb7Eb+WRWqvQ{ zC5-YC=B~Sye9Y0U2ur*t1IIDj3^`rBd;Ec5UPsmVTp1uu6H%vxa&iSaFqKw4hG8C| zj>5AhHAZg%qQ+O79OeM@CISv4#3JPJME+y~j1N;2y*TBFjl$fnxZ{PcIziy^DyXf9 z_Of9YfLn@T(#ARfNNE|cK8S)oI|tZZwYFK2iO9Zkm%Y1+bdLrrSY&*3CH3 zD(h(5M!>`nmddadssNXzLHr*OOP5)sF1$;*Q2Y8<`vn-T6hcVjh=1-`Pd0@XCO zfMbAQ58%?O^`yw-d)az#|5arDaC;yd!Rsz>(x6f2Ip0Qc13qD37;ZCn^wIhj4d`tf z23cdkLW0CsAJeodwVL4-tBZ{S+zPJqb~MN(B8ZiE*=i~=3`v`xY-r#fYx;U@hkL~Ahsu8kUImYpS;L1^&Uwp#@e7Ed36360htns+WYK;mlpj+JXSYOA*J-R| zlINqSr}|EvZ=-2v$-xW1wx)g2ry?J}oBC3g1wS<^^-+JFi`IKKD83<}@?eaCu*ZNq z{#hr}%p+=)L4X=1iU%CMf{{c(lnfcjXQmW5`abo8gTVI}E*@zm*&l1SGgAu{^t>?j z4a6FF-K@Y;;Kn#K~GwjtKsnjENTB@9@e93dJAF1iMW;2;T`U^d&x4BJ%rJmCp9oDp~7 zI0no`1xHAL!R<*=(jYorT?a3VyNBH&D(UD6pAkE+Qa+VuJzps=FZijO%O5JEISKDxFl* zkdYCdtpSBM1wB_3iLh~d~r_xQv*-Q67Wp(=GXp=2`@YD*AUYNEQ|m? zO7@#j3(v%XbnbJP@WjE0Lx%p*eF0z5*YtfO!oofS20GU%uP|P z?BlP)j}buH*t6c@U`hk43|6pkJ7Opsif0FlOonMQIx}M+Y{AHxk#r6KBuPsYLjjIw z{BBhTcIpcT^TcVs&9$_1I2sLw(HT^<+;~89L``Y1Bnl?J3*ZT0wRXtIdQwnwSlTl? zII58317xWdy5b6p#0%qU3Q1#y0IhJIrmXQ<1TqIz@P_>C_w7>$7l+A*{{YKV!9lqE z8(PM-@r4PE@Z^-@{ITMuh{7}5^#YH40qs4jQ2kz^ zGF99>P!02~z4f+O(VoI$TGlmL8(U*4at+{^0;}R6E{lL19-@GS{CWd+sslERGZcVg z$|QKPpRDCmtrl6k>QikmOHm!9ylkx2)-GY;0jW}MDiSNq`Yjdl;8v*JF9tWRUGTk0 zFq%**hfR&%p~R)uDo57Bk##P`O{~RbO-&8P3}96vAc=*%Pq`_8gUDgBm;=L)Zhc8) z+bt2Kf{#%kW2qo*GAPP7zZqGbj4adKDbqw&yGB+srIscAXd(0ErEevw5kUD{UcqC3Mf0=g z%EQ8d$`rrv5*>9WwO_qEO1>s@L_ioZ5Y1ng7-(Rs9dI1ycssKF>(-4|Srrx9x2O{) z(>pD*k;VtUW%ZF13!NLnfe`H%cy>IP3E&<*2cZ?0%Tb+|7j7Lb7BC;1kIl7D z*yn$Zywz;ql)}}srqxG$3U1{BF{8kiJdl}O@QhpO zNLPK}?e1Wmo)~27Gyc}XlIptUsvG<)>;y0at&j0Sz}g^K6#zMYZ`YJFl4E4CLIBjh zq+KNFTvJtvYHQ((+6L1mx8i~F>#42}AR5E~k#?X^qHRMHqJjfm{t38+LRbPFrrH4= zDj-M9n|fOf zW|S_92vC3YV&#m}HBBtvbwBngbo9OT_SeAMhoMJvDEbvP%HE(;sqB~StK_K=EsPza z9ioE=?@<703iA}{_NqWrikZtwdT^5@O}m&}u;8RUkXuU58L?e(?_f1k)Z z#+wUI&%nXrv_(Su;vM`$F>*9KippT#^!#n%*C9&_oUf*TaRv-Bk`cv;?y zWe)6$3Vzi*N7@X7;+8ddApH1;(4IwQ{6hiS@}6U@+sw!dAqXr5kX9A+H3mV53n$3K zCEw*9&qGxX8Y=^g&+*-udHIMWZXt$$$Og=)o&?+Xj?hf*bKQA)hX`1qd}-0Z2?Fe@ zD+u>~{z&Vf4tfLm5=tynRxxrj2j`Iu+x8D`2t{J03`O>UWD69u+3F{cddtcT@#qiFzhPZgnUR~*N%5q zd}OdTGjrD#vK}AGPEOQexUt2xsg(&4VTG_`W)53zfvr#;@@wC_ul--WzWnjENPEbP zCcxnjMqvRd>ej0_TfSs4dpk%oo6h*{c$&xie9_=V!v-Z1t^u%`kQ^f16}z#RUiV+;u&A zX6^bk{@rs!SMEfMyN>|%UGIp~K+CB&%z4uvu^|Rv9XY8>rD!N}(UB1Y#;@>^`fONSrWBlsq z>;+xj)znj84PCw(#e6lc_-cCZD-$hc<<%!`-47D0=?%4Sf`AR%ihcWg`;M#o&PV$M zwr@x9w_jGAzx{gk<%6)565iwbp^xC#Z-K|Y2kU+hb@?6^^F6%cyI>74arxVgqm7st ztJw=TB&`qVQ4if4@A1bDZmfR#QTIOS*pKWOD2njjayDI??O>(tW11zPL_QmFYBfjq zXO<=JboiT=N9j5)-!ea@i(WaagvzW^QaLuoU32BYZ2Exd){nM|Z!xP|%2wa)C_Dyb zpa+(;>lI?AEn_7oi}LfG1%U0TS;iS9FFw>C8~h)(?mu@)2k&2f&^dPKll;Td<#1E? z7YqmHrhwkB9=^MGXgepwM*(r;L7ag{?{vWzu}9(nlwZWhc)=YEgLYUIsmj%uSCXd@ z8b=9!A=%Fn!)v>ec=d{TlaXSq?QMoVO;B9X=nK?!x-JJm}i2PDsMHK@p`s~G9t(Ns8dMo%aJ!nL{lZDmOu>wHQ) z^ljokkQI@#hE!v{JkK+)B7PIkSx~BqQXkYXE;k<1U{%+=&-VDZv5_UybhWCas&VoV zWo$&2OsW3!^IN+JCYHvaa~WYe0l`1Vs9(kyhAhoagE$aPg`kTdJr3CmNMZ@@LG^&5 zFa+pFUHb<3v%i3_y97K$b{E>~C&YaVjT1G?_=Hd)fX2apQqjrT$ zKm2x+1tgTm4MDf(Ludph^5! zO~zFOEGvKZ7j~GWo1k!fD_v9&iv=sbq@bt1A?r$nFelf-NAJ70ze;}C(s-+2aK261 z%2BeOr^)Kfyuh$5o?5h^l zRNrQaC#JK;l^%KP*%LMSgkNe5Z2IqqYcWfQMtRP!3e5_M{K0~bH^t!2IlIJqQDttZyq!0HeD`1s;ef81xL z%mGsFSCK16XC3$M^I4ui{GSfI{n;x}t% z2{&&4{Pm})scBK?N^x;`(L}QCwZ1<;el5C1+dBm% zrIq~py#Hta;4Va5&)E4rb!KLEDLcQet9SVO!O!iouIAe>ejWZQuj*(Sdhs%+{?q4A zd&OPPlgl3II351kUppJJa_s!LfZmI`uIcIN|CvvdZbv$#4O0PP{y~@dw`2~(5fS(c znodkgPDxEmry+T?b6~Fmm{6RC`>%>(Q0AU1xb@+oVbSo3Hz?)cZD1> zY@8gN{Hg*Zu*3Ova1iUxdqASLfeKB?=eT#nJPSAekRm8Lhz&xui`F363dtDk)HsCS zT>S(YATohC%)Rm56Tw+YQas-1?Z;wO=KPGpW0>z^NpL}hIMHP;LxWUdsQO&8Rn?gS z23@OzWYk*eTyv_Ze+1UpC`;OQlz&;=65q|z6*bnttA|SxlsK|UWf`oBOGFEwIwa^r zPcw4}SY+aTZ)m;+=aXyi{!;pIbsS_s(&@C-e@bqYrG zTF7ZeNB0_AtxE6~hd}6ork6O0`Kca^hO-q-MR2qL6UM}!V@KTk>eMtb^f**l0hGWZFIp3z-+ zzW9~qGm2T)vO7R0#&(Fsm1I(pL_Z;X#cbAZ&0q4wzcWH9gU zkCBo)`sB_22OK)a#bbB-Wr}#+4G6(9?@!|Zdz@4<0`z-snA48+u^w1lc?5te4pFG( zKAAfsBb&>UZ5RgKA>pG^hRsMHbw@JogVs576b$CJ&4gn+hGpN?60aptb<+-}gwuD7 zmYv7$b8xK1vAYn!Gvo4{5cba$)G|~UI%m)7(4Jh(bI!JXm`k}kKbZw7O)wBqFHgBF z&gsQD&ES|x2Bw3=+pSnn|29g73()2gKwKyqV;n0FjaEdCFSAGl`MdH13a>FnX9cDW zA?hSUyacBVuWN&Zx?(%9N=7wiu(O5EgBTg3$P3q?+b9J_u@ibDFC|XkNNDpD>LVBD z%S0iZ9NttIJJf$~IFR3ZE{y#&9);sAynxYwaRt`HA~jL?+cKR9w_>QWyp)2qTMI>x zODKx6b_73`Oo@eI%!9%y7`Ol#1Zy{l1JE=T z0SpdSS4dQ(5MXeW3%el!VDi_CHEoG+DklT{$+6JW6S0_WJt&+1JX3SlaEvGp;=`o` zg7*{nCC-s@pn!x*I~7)qWf3J)G8v@_OoqEeq(240*glSt5CKG?l%ohXYOEwfR)S?D z1}v?)IXp7rGaY%e%|0i=IBiCFk%mz>GM|2k748$pq>7k}I33+!IsV(j( zv(S7|1~xPoyEB4_u_hvl#_CR*xW;oCV;GzcaMHIatP0+Gsc`z6>Caci+JG4tpXtNk z2Jx60s>3NP2?(`{S8!i|q<48s7%o8shuAX`Xd@|ZSP-bjy0!q#jx@#!S|3<3nNu5O z%5m(G6A~~(iut8Osf9Z2{YHF7lXbo6Vw3%Tlda-RlTF{$Vq4^XGl8YqcHDHSvv|M7 z+oIY2>C{s1;C^dhMziA^)2D;W`)!@ffAbgq!-c2AsTwF4UyM2erokK|!oZFsn9H)el0?CN=90$7!qcG{bLntRnh}FnQ3#xpcljFSdN&cW9 zqZoEMT~$X`O%*6yh5ekNDmT>moR+f_w~Dk3_zJ(CrKYNYCA-+N7$+yY5qMQXh65}O zXOp?22X#u;J1HY+J+c>v=;JoL5pGf_mXxk&p1e(NUoTIWCK-<5L=47CboXtnC)Nyb znTRZ_a7yLcY&_DLgYoh1o@G8qt|8ZRR838K**T~&zc|KJP_zQ~IviCUhu4e!S56uV zs00202mOVQhzg{bc%v)v$;k>aba$PWo|bVlOF>O7akJUXU!g&FDRr+(jh4xit7 z=~9ce#LOcFJpPuEgj#SgKG-N&jdtmS2=av5g->tu%bv}co?)6M#~CaH(y#<#o9^(} ze17ku~k%$eI*r8Hm9+xO+kB&8#eptehjubLA%w-=3V-<(+*bRVW zZglhj7z<5ln;A?Fe7tpW%i762+iY{PcG_f(*9iJZb~+m7Wqn?ksfKs+df zZ>mJeYGzwy-DsykLxD&b2u$Dt>o$bPYla}}*_RgrIU_f?gV*J}(%nXWyk^F!GKZtr zctxT7)-gXbwYo~lB_gbh&x1x|X8^fX&fo+6yd6M&Qy^6;W^RgCSdt)pu&?r?NSjx2 zg@82zk+hGKvtnc1hp=$SRSXKl7ua0~@WJE>aY9Pc2q@oG$Kg>XrXhSB3lkR}0E-Om zjWF|JaByLD)MKLydMHEVON1z8Dk`K~87JW1pd8P4s(2nid-Sh~DcLma!H$k8Vt13y z5%}hL_?QIo00cpuI|GWQ;)zVQg;Xkkbj`3hPxKH062CV*Yyk2kJs;;6=?6x^MnD2C z-#tE1kKbVg7!`^?ap3`D*7SjpKn&VFQE0npPl)`iXdceMV!KwJVbDM$6{aX~kQf=T zbKp{?7FQ3%ae^Kk;w?jb0J9~BkNS#;Kiz>v)Xht^UUd(W6Ra-A3fTJ%0i(h~t{|w0 z3*kE+70|!t6z0mz4j1rHHN2qcfq^FS6{|0h>pxeDo@ZeeB)mV?x1=n~7bATe7-E<% z*kX!lS=-`cro}D^t4#;KImTBLJARCb3M7FUHiI6Zd8y>4BZnAiV6-cyU2l<>WZ0Z2 zVEZRaA#1tQ6?OCSH2Z^$RTgSmEejX^-MIqnTvCVH${=+}?U|q9eLw2Ezz3IGv&LZo zFYyNX#}|O{GBwrrNlmb4yGHk)Qg`zo2nx8)0iHuApy;QbS3hS2IPPESqe+Ht2(mO( z!g;R|f~ZUjWy7QVd)yYy;1Ah)_nB;`v3`RZH6R9loJ>28pU<4dkQ*Uhej1+ANB$wS zyFUzYd)svdaZicjPz-CLHE;oD*XDp;+PSMt)>w@>qlgR7K@rDnUIprbkm8P1=4eOM z$Y#XQ+(DjuO)Ri!E1xk2#>*2W?O`o?@A42e${d@e7x|+=;Amjj;I)OU0}g9ZhCRc# zu_JmUn5>T3WDLli59@g$^0@af5H^=P%&dpI&&?GGVQ<_*dQT9OJ*jbA)(r-HxGXhP zVA65-Nf-`Kwb3RK*IBk%kJ}Q}@YX|o(?k%vJXM$npldg!fS7G@aFt<1`z|@DW?~Gj zvX*R!b7l6X=!?$nmKvTu!&OZlWf9~VYsZX;o;FP9EILT8v)xM~Fjv#_$BdLeSGxsD zoAW)Lc<@(wkzq?L_<)>`qW+aWwjq>3&4(=vn?(MV9-opNIlayq&wL5r@>-i?m`5^V=w2m57X8>lK8yKwOm8pjIhH9#qpJM= z=F6ODWJ?Z{AX;CF*QaU6P!ho$%l zl14>7>5kGL z(ETR^0`UnkiKKsQ?-GE_zqWT7{3 znjUey6?co}OjFCPrs9qVDfN@4Xnk2Tw1rf2H^73HB`=ID*Nwj#8H*7_>mBmd^SUqAqF45XMuzqzGt!yQWZExtUcFT@Fb11(- zUAM=&AD&VV-EO>KNMH#=TeGwCD)I<*lr0-6Y#LvA-fNeWE&bZ$v~tf&!Boy{E@m^^ zXM^gG7@4H>&xYozWQoi-S7OS-6PqWqIb$+cII{OHN?n?M(R*cez=Ppauj~^qn^6s^xS7DUcW+t) z4tW#>zkj|dacecv`NZni538eTpL!gkG~c{_a_yZX+n;NZI~%uVO-|ehe7d`)yKryy zSHzFkds4@|fy4qwbr|WX3yE2MLg;$W+8fL@h+^k+u>xC7wulCy`qGn0fr&3L!eM7b z-QT$;&YH{eNZ6-|*TSpiU-tBg7>}O}u6AQ;TuMplcH%D#0> z5me!|O`Y&aB3!RnEZ}iLn(|5H4m&=(SaAB0ms_Duu-$BdjY?AORlnB=be`d|u}I-y zK;vt&MR53PNkpoaXK^VaaxyVeg#+;~olJqAImS=#XaK|ZUoixv5=uRe-pNQz3@EZB zQ<@?7l!j^jh|rjvM4d?Zx6hU7qRe-8jdA%V6Y za&iv>r9pR{>5WVj291ZL8Wa<6RT@1#yeXxV3=>JCC_YfnTuDWaRaPr9JO`LI(vXrR zk4B)+iQNqX0PGeRj0yLDo?u?0vKZ{)W{U+F(zoIY^d47P%ziZyQ)}Rmw|mSnAPdKg zRWmC&dXvb(C1cDty%|-mQK4YJc78o=JZ)Yx>a*fYi3Ag7^MeLVpw!c66paHQgUh>IWw0ekCx3VPAe#iD@zlUWwA1g`D=Vg z-L$fjEv#>BCN(s*RIxOksj*_ox6(0dDKNbqL+R}Fb+X=)_1_Sjf&a&p%n5 zd%Q4#wlLL4Ki*!lIBSZoD?po`Ma!4bUTx^Nn4r(ZeAN7Ue!=qey%-Q1c#K;4?3it8 z7@^_*T5?xVohE_&*u)iwXH!n*ngsKt1<4XJTIz#q?$}Bm8Fx!|*r|~pY4?aTaxC4` zJ9T7h{`Mw*&Jz1>vJ@fr~kUR)I~UzSsyNogpOr<+MC#tfYm z*VQ9sdW$87ZdEg#!nlFkckT_B*UH|Nzf0Ar6rAjcH__2C?dZ$BZ#Fb*Wp-zQ^z?a$ z)L(|%IE&UdjobYkbJjxkK(N-rbXOj+_T*{&F?h^wro2P=?y*EMsrU)M&QX52%m>+} z5{*C?U3+#Z8}nf0Y7DDj=G@P&bnALu@smOJR=$D^*W%nHgD>WINF~ZfDvHquX_B6- zqHOx2)thN6eK+<$msIIwLNRCGYxZ|;QSwb7hm~7bYboudiMvqbLVaotdT`whRl@DO z58-ZKs0V#s!x;3h!5~X4&PQovI7q3&F2mzM}2ACf?*OA>Yd%e@92vZEdVt z@^qV{oPvynTR@(^_w}mCTze+I^afCP-(@Aa>k;lls7C|EW22idqlR{qkGd-=E~Nba z-mJNPfe7XCro}2IkZAO|so(fGtI;z8=HJ0n6qOW}aOPJodzt%O_WLi0C;wZw!2aU{ z{5waivKscE&;4}?T`yi)151zpoBvxk`>+1)pY`8^uUrZJkM4cV+rz{EKf2(5&vX9{ z{-g1~s{eJ_BQ)faYv5lH5LV5_)!p4C#K+yk%{AD??P_S~mCG*5F8?9~_P?iz{*Qj@ z|AzmcKAy33K{q zT*HAAKo7|G{$GasnFLP{PX?S6>!;<=&ATBcsJ7 z1QZm3@Ul!vJ4gI~*n8`!IGS!>xQD^rCAbH7_uvrRAwXcz;2t1Y2$}#19yGYSLx5l* z1PH-BxLfcbGxJUIocp}*d)7JUo_oLb-F5%?YOU$swX3RocXf4D&HnA$^_B_)J4PYO zQY$^-T^1>t0vH)1)im>cab|Wo$QJ{Y8wtWzs4mcHKyM1Jco*@aH7Y{U7S!8X_AzS^ z@COKe(SZil?-O5!-l2t)EokH{&aJI)P@^Cm;vu}yA{MnGJoTI%Z(g#U|GK%oyT7=C z)2{OIe)t4{y^~P^(X{VNp;5auG|o}VYvM5{53a(m>E*%+=-_0nm`|U+3d3MF5A|m0 zDMUqLG&XcEqi3dzr9~0de%lZxM!?8|B!s3b8;`_D+*;A9Z9d^AFVc0+`?Mc;Ae&u8 zT>Bwr6j0Q9NkW%O658+sclD>;48^FCJ*Za0fAx?a6M4OUfN%Fupp#-DOkvRZliUYG zECnw1r)zouZmh5|I-N%t3Vkl=)3hAQqrIazlQ{k2+mIqt;hvq4}n4inj8Jc zQ0HBHEM!`3x_T`REj|g+G;)XdRn(~x*0=m0fvatk2n)CqH5L8?6pa2NDvX{O;cV9@ zZJRnem{jYTW;PnDgb+Hp-AAtOE<(ND!YaJ@q1n zJ#Q+ zbkY9C4;)=`=}*kRbM0om7wr7CiVS|m2J-hq8IO;q1CdYLh6_33g2dP^tsJN=%VNl+%7@1K;nRNr&S8)J2-`fIV5W!}?q#n~)9up;%3u z&8V9WFZnOtHe3qN=szN&zi<~PCQ^EDwa>J9_?k#Zw+?L(|5R zG5{YYA8v{_gd!Ca<46Yz+L_0r(rCF}3A%;`Edzm_G3&N@b4HQ>p{SuaM+w2auof&9(wN zFGdyT5A2XtSL#Wbj<>MT^ ze|zdt5Jh?w|6HX+5BpjIw*%nD zAb5!@JXs66zXkxiU;`u{@ty_c);K7|+QS7atDVbE~Q8Agzrl)3}qCSx_}Yr-CNZrZWT zN-qC~s@ajMCl%8MUs;iQLbdTpF>s!T%Q{4QJ<-&7rt9Wx6!VTsjrtWP3OXth8WK86 za6rJT0`{mVmuN})_;=pb)k!tx;aKRnSx87>I3GW<=OK2p=qoIaEKP_Ta&vuc5-S;9 z2yP2S!kxukXhU!Nk)4CGo{oaLj=H;xad3!%g#%$Zef0VA>U#V^0pxwa_6B0_C#tk> zvM*mA1I*s6(fD0a_;K3ftc8YQpeB4yI_*{24@gUJ!Z$rrLjZ1KCXg38Q^W z&7F-Y3>BTf^9gW9)EO-sozPCj2=p+P`cQ{5FJe7F2p9@gfzvj{dQIlKt_I>afijz1FG;xAy>KG!!tt0 zA$2G5o8jG{cNcI<9WDzsEoyly4s1~@S`N{)Wo(wtSOO&=%vWb04e=(jYLr(3j_Rwn zS00H;NPR!`wV1!3@}#ER^_kfi@(a%|*2lBl%A%sv$eIxOd4eYv)k$+qPS-OGDmSlycfd|gL6{#K$WpLZNuJ~Bq*8w(GEgK?re#s%0!V_NHEq5R zk9wb+2HuHg`S!x!(b_0jj5%~dl7qZ7pA9|ovrZ(>_;m*8MVyj3s3T$^MGrk%Ar#3` zZUD_#fP0nrEgE@$4DIp5THG)WC4XdsK#Yk`q0EA---0j&y|*l$M$Y5MJ{8`yA!qUy z`;_7sFBbWbM}>_QcXGzjT}bu>W^-v9h=ILiFo={0NUe?uftg zUJjN5+|S(Y|Cg@)KQjN<{lAc)2*TL&U;2N3gi1)@|NsB@KkD!Q%QJiqz6#*0DXA&} zAS4h1#Zy7_??=R4+752sZe9*jWDLOy_di!_uKOz3eaP%h; z|F@KXuJUi^-)YD=f6{(?0DAr>@A;oN`ky1>@Fx%EpBUoqzhkWUe`1(_OM~>M+~psx z3czD$he&Zo98v$R)L)#u_Zfe4_z@`}gz+r!H%I6XhwC4lKiB+)h$A-QLe%Yl7{I%~ zlmEjc`2U-{Xt z025gRKMo)VK>uNjIR@n84!FCc!lt5gpQ7Zj*WqVO@M`oML>dwjg3b_ zPDDgPL_|)2{U`j}>95GYKZ0@ZY%r{1ZTcj(7lf zFo*#_A^?F2K=5V6!=l0aK?tN3gaY~#5CZ=Wh^6{S$SA02=opw-hz9zvi68(8{67-$ z0T40>jD(DYf`*EY0>&0VBocs;=?VEz)jeWlBGK)!77+A&IWCXJ zoT&G6?G)lAM4De8&Z3Z{Z=={-;4MrxVX$s{*6^xt(r4pbi8Z+}qA{g^YV)F~X<&Nm z($LN~GPM|?gxS6lQ8u#oi%KhL8Jyj@CIFC-5Yi(5kqHeIMd*(R^n8TK2njqGh*0>$ z-Vy(nphtK7rvQ`nn&-TdziScG~f5JD7?*(e$ad)u!6Ey8~;0qZ|R zfG;4NE&jPD0Rpo=f8jnl!dxZ!IP6}(5>nd^JY+es*GWn+!at&p62MZV))UxFwml6Y6RyI#{+N zEZC!Z)bh;cvtrB>8{9e<=(D}t2CttE&8gFVhlh;sOdvtcO;Hbi{-U{dD_FXGm(Fn~ zRr?uym9|d~O7P7JG`o+en60lKu~!`GnqBtE7H+U@7VSLt^7KmIk-7@ZzA!X&O*Y9x z-kkqA5pt#$U8{I}uu(9)9Q-C~o|{+<$AOE!>OsON4dc+Wi{osK5n&6b;u;U9tj}Z; zcFngwsc=BZ@FXZV*M9#p_?_*_h4G6)=%wF^!E#i@1Yd(IQir*E&6_eDH4Gx zpQ?(zTb$4REfDAxEKd9DZFk__B_D;RO8Jwk@6Un?opFT&NXXizj;a^QZ_Pt?yN|Y( z&ECbO#W)N!E-j|-FOhF>JAzV=Lh1)yDsQ{5Avfi-JTY%pT6DtW+^c3jHpf*7OEn94 z?Kh=233co{9n=q7tf;-w3d%gVB;vCX=pdG}8f9B!jC}F*fCKE8GI9Z%m&3N3;|~1} zqRd$hj(uMhR!GW=kGCz7d#>O9w&JSDt-z}IYeZ9kLR(d8+ZaT|HDuTAlHWww2ULKSDg&LZTV}};|<5@vCOE$;7H5`C{ z-|DK7YWAT?Qe`l6(P~H{t`#1M3Jmcqhg#k)97s2A#ixBYo6Hzf=cyE3Ozk}ytIk+j zI4B-$S`4yO%X&;{yfPkKkqJwi4&k~)Bdk2Bq85JhmRfH~zCyCqNO3lj_7_@!0W>dn zt)gKfq+!Z1xbc$3$F(~tV^)LoE#J3-3(hP3?Gv2E{k!^*gRg~AxSh+v%6J{=j(eYx z6Rx}E$|m{Rz3S@gZ>taZmUbW;>r=jq!FrL~;w6nTKUaP`w zp-$5~yi#aK&V92kG+( z&97$H?aO*wRl?u<)g-wm@lbBBscAr8e^zR?J-4ah1`bS`*ygN^&)jh%+zRhi9v7I{ ziLOR1T}Oext#z9u{D2OW#eEmJO-bpX$-m8+50*C@x z>d{^ny~|oEADG(wXzX!DE&pVWi>3C|zGUxCSlr|SKOSaI*6RuMhwGwt@0n2!*1Za0 z?Y=a!zqD(A*l!DKv+4@(pkbObPx9s7H&OA`w9xQ|@K+te!ZohofHKU(qfKD9KEx;E zKBJu`Ch=_lG@WYkpz{hM)c_;N$#Lbllpcm+JI8i*f13=JftIP64hAeYi6$}9iB^Qp zz=6*FfRV@IeC5q=d`;937Mok#r00XuulN^VcYPn*>2!i>S!8zWUl|#Ye=R!c*&F*d zc8Nk_dbN28YHeJaG4hq-vcl>faBNG^An%#^K2v{}LG6{v z)GCMy35ajlb%6s&V;2@hxjCgKlhjjCn#_{2Y^T#jd~`~*1@209KLOI_4wmiTj-0P# z^rlA&re2DVdAbFk=|e@YqE{Pemm?%`H4-|?Zf6n?T%I=1k|TG`1YAp8KtXi^glXE^lzk_kYL)cg$UJJceZT&QE`$LA&%lzX(p4 z&>K@b!@A)WwPSGh&@8%JaGkZG$jyBd?9HC7xL64Z@pu{dZ2drHU#&wfRb12^745SD z_N17w!tU-}`o|JGUD{I^D2#znlaI z!gwAd8os&6_rZqpg-^KZo$OB_YL0$;G*2cw<62~HWaLZO-{TlLbhNU#d(PWPJ4f=y zoUYEolES9~LLQIZu4Tqdox;Y9wDY69Glw``TwDc$M^+}yUaP~#4e$mpMND>gHg0A1 zNa4VAe0JOfZ#*tZN70O_=Nv`*w&`wfSBJXu#nsxauz=gG+wJ~mI6!Wak~`m;ensWn zl@vdi6)83v=v-@%xX>By1^c#8`sI?{Z}+e*mFxO=@N4~@Y4A|`%py}}oLh74U0KJ? zFm?Nh-US>Oy$v~KQ&af#>_vCSeA#PST=n!AWC~>qHuvHCoxOnW>d%Ld4L5vf8|^Gz zOn7El>EpXHMv=E9XghL?DsXj5g36b*+QU(`eqi)Tno<=+gD$Wb6tlXH8QH@Zyv|lK#kXVe` ztKVt3n7f?Z+knOR&+2|{;cnitk?Uqybg6BWW&Uo^RSRlDPPk*~5EN1n-ucs7N*YWf;~+Dnh(5MdjSpA{EM(3|qnm^a$ZSTULk zf~8olkrGt~4tb3vA!(&Gb#FHXi2VAn+qgYH#qas-lHJ`-x-hc6drwS%zOkuh#fewS zH240JriwK9<*-5edK@l?lSdtZ){9=4NFl4G(*O(UPCFJFM~9Vig)y;WIi+UpH})@+M2&zdYtRv#92bq z3@xw?>>AgYhHS0#rOMpmDv}ww)tI|Inf*0#J9g(*BmO3k(hf~?S(DEJe}_8PsbeZ` z?2@}?!oFkT!T}CM)d>^CC8C+06-z(ejDE!wq9m{w^*Uj80BWDnQMP4kZ<3t~2Q2P> z9B>5|EbRnV`p%%bICTrXfw}E+q+gHQ+7|UBNH*O&tvNd*zOo>pSbu_f(ZDE-$w3OY ztB9o*u{6|oWwIw2&tZE|GBYw&XD0xSMyYDb5t^b|K5%UUiQ4V)ir&y`8?}BW{(8Tb zOwhPz__@q{aEEV2$^=`b0bL&kHx;46F|6jeO~H+p?6R3_$&PBJ@nKl(Rw66xDICCn zPpkzfaVy!`Npo}f+1R+0BShvp!g1=u}`nC;HL7_r;X^D&+iHE5xn_6m2Z zyz5Np`cgDcyH;g)Vs?IL;dKcb8IpP!v zr8PO3p!DeYXfJg>MN_Y;);xZgqp9{wAUYnD+5PJ&tS{3*?70XeAf&Ly{+C-LJ&o3K z^t%-Bc-^Siy#RSA%=HrXu^jOMqMY9k&);cWUy3W4IgR+VwVqrHwns^4azMS?he|5RPGP@P2g9E2dZ*Ql+w-1ZA zXdf6rIy4o5%a);5aD zFC1Xa8$6l~w0v`5u`qWHYfwI?9Wgh3oiU(;jFja&FQTKtou7YAXAWwOj`+e3nxN64C@BFnSRDTa@MEIuC?0D~D;kp)* zp=m2oAQTC6>MIEoFV) z-tmLLuEk7WTR5;MMG4jV=>*w7mJ+hAA9>QEd*HsAJ6OdF-5~S{#@kfxOctMYG-f&v>H(JcxX@T`l+pp zi1ty@boM9%IOD2gFEIURk<*E*=3dBWt}}2S{C+%SAO&jL&_3A0BN#k>9N!6 zAiX`J`%Lku0z`}DJJ!s`s!Bf%7a*8Xz-!v%4G3?iT%LNcBf^1O@vKimK12&5V?VJM z=zO&?;aP9q)xE6-aQV00}g}G_gA?sa3DoWt0@=`{0dP& z>Mn=AdmgLyjc2=HGuSQVbp{;pv02>SJMU_^Ogpk{xJ@X!qDEY)AKI{c+tob!2AX{U zExE|GyMztwLSJ8m+=;e^?*|y({z$&9zO?stT{NeQ$Y4m^0mqcw3SQn@_YJq63Q zr&(}$+M%!>8BWIB|({7CQ zer;t-LIytnmsamD{T$jK-6IGDz}K;jRpsR^wRN?WR39q>2o`{?f-rD&Lqcf5TwJ|9 zb(J5{8Jn2Wp?yP?!9eKl_yE8P;^nTPr=3~ZHTS^qGf;6HZHCxR$d6z-*1f{leaCz0YUR3Xlze?U3mnJFzP|aw*M#E`k!cT+vf;50YKi( z-QUyE-ocyhA%u;NPfSddPQ}*G+1A^eOWO+KWaVi?C-3IsZsqEaPy+vX=HI0N!rygE zhp1#>J~3foE`DxA_5U6I%f!EP{ny0rcl%e4bDcl$3`9Ee58gk@{)6Y1kI;xBG{4}t z|KM4_2Y{9c03cuZ2ao9k0N}j>fabA(dLGi>?Zv^{+g+T8$Is7?+tC)n{kuZ{4*$~( zf9L$qiGR8u_wW1tU3YW}wsuxN&favtD;47A?B?T1=jCn%v8Chs_l@{}yWl^G^-pqe z>e|}bdfK`oZe@sQWsa`)h}Z3EBnOcK`un{-#xMkae|bi3^*{^o5$FLv1H-^~#MTRoz$&l>8~{IoE8q^H zl|}>MfQUd8AX*SJhy%nA5(Pf@PeJw|SC9|r1t=W!8k7ji0Of(oKy{!t zP!DJbG!B{vt%3GHXP{doFcLNrF%mTr3la~KD3TnKI+8w;Ig&k+2T}miE2Ma&bfkQw zN~C6_9;9KUX{1%81EfnZ0LB87g6Y9rU{SCDgTb-jRB%4H8r%*Z1W$rj z!H3`*WK?7#WIALnWC>&yWCLUfvIlZ7@*Cs~rlqQq`lxdVLlq*zJR8mw{R1s7aR1?%^sDY?&P_t2MP(PuLqi&#H zqM@NtpmCr{p=lv@D)L5)M0<}`iPnuafwqPA3mprc7M&km3EdRk75yc8DtbA37y1PH z4*DGiJ_a*}IEEI64Te8P0!AT5JH{Bs7RDVW0VXS^6sA7rGt4l|bj)hZ0n8=Lb1W<@ z1}rfw9V|zzP^@&UTC6WvYgjkfgxKuZ^4L$XeX!%PORzs-&tsqC;NY;}$l{pdc;m$5 zl;QN@{J{BzON7gftBPxb8-kmO+l)JbdyI#H$BZY3XMq=hmx|YbH->kJkAcsEFOP49 zAB>-g--bVne@Q?@z(=4(;6m_*pqyZcV3!b$kcCi@(1!38VF6(u;RX?yh>=L12tpK2 zR7f;Hv_*_c%u1|E{EYZDaTW15;-4ghB!VP{B+p4QNjgbZNx`Hnq^hLOqzR<;q%)+q zWYlDGWVU26WYuI7WY^@B<~-(*iRFvnaCza~ks?^EC@AixEo{OAE^`D>(WD< zhcXX69_BxsVnbyUWpiT7X8X>L#4g0{z@EuI#(~5k%;Ct9%`wi2!YRh-%9+nO%Z1G) z$K}ga!L`Os%Ke!8C3g$=F%J`uDbG8eK^_>d5U(?DA@3p|A)gxGOTKo#Gk$h{2!AI3 zlmL!^l0b++tH7xshoG%sj^LaSk&uQ^lu)k_R9HmVQ@C1qPlQS2sYsT{tSGUlw&)wt zFJdTSkHkX6K8oFl3yXV;*NdM>a7j2xluPVNvP#-Y7D{eNF-TcSnd(@8&-{vf?7 zLoZ_`lP|L_%P4CjTP(XH$0qkou2Sy!5$_|#OI+;gwL9< zv~Q;GFF!-ShUWy&U7wHmv-`*R?*u3X6a^v&LIQhV(7ypKL?}m8MB+wzM$Se_MCC>!M>|G;ixG%< z9|McEiT(PT_jT&)`!|p`U*q`V(&OOqcJbd5gcEY!qP}%~JM&KFU1=ggVnE_Xl15T< zGF@_P@BDuZy82t|hCbx~2VPB4uUe zROJa3NEJR6dzDWrzgH<#wN`Ug=hcwbysiameQNjXp4QFOtJn87h&EI=GB;*55jDj& zgPQ%Df3`TZthSo8j<>0`^|nj2H+67#lzgQBnAu5!P-0+qz3PH@2XtS4a{qMLW8bsU zYuUTlXWTc{uhai+Kz-oLXQj`5gK~r2U!=Z#91TWX;f&m>6`Gk z<}s16*6(89+s7rxyC!5NdL|VnKToMn4Nq%MkIxv)%*{TTU7fR;+nslwKV9%$xLXWe zLRpGk#$QhTLG>elg>9u~Rd}^?O<`?hU2lDH1F~_j>9u*k^=cbuJ9US4r)-yh_v4<@ z-uHd8{jCG{gS*4XBZ8x>rO!nx5ABN!?w;)sroj)snni;0eo ziHnbefUa@y|2r@>2m^tWV`5-oU|`{5;b7qs{KmQe4dDJ?z`4so|1(7YFEalZBL6FtzNV9(qSx;#$>*@~CVO1#JD=!5Pp~|R+U&!3QpdB{ z5S>~v+}MU5{EJ^o-DIYqPGOlHI6%3vKrR}#_hF@m0Ls_Ei<#97?h-26oGuyL-SvVL zuHi3J#4B)xxc6eapg^2O}>R+jgdBUajZt4C-)(7cPyE6Y)*%kNq#l}C)V<8cLM zOzyGb9j=yX3zCcLzQg>9PJPjfIp0JVGcn^_D!YoLrrRIC9jWrdU3pNpjKy;(tmzXX zcoS%OHp{_*O(d%IAoGtT z3i_~W!goriP1fGD z5b5gEmJ|ykmUg1m=avxHFD&s1{?Zy|wQFY0Oy}F!xMjS!W{MQ;n+!cz3m^E1R>*dZ zw-;)x1Iyw!MIqUfgV}Sw+iLUp`G`y+`iA*jnOuS);Vn4>`cnt}^yHjZr{pPv3ydel z=uNOayb;bz{nxej2~|KtZW_Cq8an%gF#SU%@l}7aK8c& z%lkM{M798;7F3zKxUkTJkBJ@?L5}I^Dlz+x7FT}yN3ctq*WM}SDq)&CC~6>2Y8d6^ z1Rckt33pkJjVInYrrFfVJs39oWlF?wz!=l!qbelevE2{#(s_S0teye!Q@0(8qWX`q zQ)9(LT=^ty(x1)@NJtE+2N!xiqb^yB5bvulSw#epe%*^7L<}!YLoTmD|TV!nV0sV?#8TlP82MpIQWHBRK7J-e}yQiu7PjMi;$6 zrFtFsG^915mKI&64`c8;^loiRK8bp-mX-611I}CKJXpa_{&gii_#Gc!8<0D>kJ zTC0#^2F-n^i~CyL946lqy;VNsxuuf6&!7wCO^TAO7&dAOMd`gZRa<1+PTu?hh+!;rFEsNid;z4R(I&u!KYZ z(T{<9gSU?G?`s~=h#PDZUfb@p%eJbu3=RqlHhn=?AP-rert_!l*>P(jQHdr12UzdC zXcWxNntB!S+-=}MS^!B-OQ|`vCV_OW69yiUx1*(P9?X_@XOQfib;}(3QaW#I-OUBq zp0Sy6=z#-4B6m$jFg&PpO0dNoj>y+fOFRXB{+?r!Za-@ce(5$HWg~%V!CrC`*^V0Z z+GCQ+L4#fvh01J{Sm5**1q}6%zwGN2%#Vi|>MfgS&94w--O~l0>%C0nYb*1$Z++y@G};x-TUB z$Y$kS;G5}8Q`NpHXUm>X!J;P9i9tiPwEAd>j>x-@}o$i zCZ(Uv3TpBDqmBBRa`vvHYZY~D5hCqX^QO}~8C*cQt-ia*)-=^BS>Fz!y(!}eswu%vepz9$o^HGxu$J|d*fgh) zGnZ~-Z>-!wY_Q*5@q->AlA~!XR5b1r)tH;J;qptf%4FmkhNe?!()D_9a@gIFk%!%_ zMoe3a@JvtC1JsQx&1HYQU-6HfC7X!9_w&rZ^3ZwZksU+5bUnIN@w`f~1Iu7zc-+Jm zvb?hH>zruT$SfKz_vlf=i=N?(NBzFGuT{Z}k~#T?Jx(Qyg^tARQ>?z^chN4c`Q914 z<#P8D>p!x%lOGA^#~vz=fu9)C*_C3DFA+@nS*BWhsK*X*>(_0p(qZCpcJj~f6G>-a z>*R6l4{F+)mD=2icE%U@W0;_vstopC#2E6yWEXwi&fF&rCfEE;*OR4CWWFBu!5CkC zLuqB4xmZ&|!K$I7gj)0ow~i4jj?aJJic^{8cBjoc1ZCH zH>S??6vsBOyvoQt(OgktA^uL??hQ*XK>m=2Y?v}cn`Cjnz=;*>P3`y+i+zAGcV0>G}gj_ z{z8h{#tiV|`T80y=>#78`1=+3_|~np(v^Fjw!Bi)X%%l!sg|0G3N4CkZzrPLAJ3z~ zEI1*5da^q@<}wp^FJQ#`JRYiE8%-=Va;_YT^I+WA?UBksorKTOV9K1vh^*RNFSv;ToU#E&=L{>Z{6N#6AG=eM|< zv>KLzN~k6hPE&repb!ciaJq*B8=4fO#q`HP&3ARZk2UVirv&@XF6p5=0a_tWLM^m9 zzB0B^@+U_zrIir3oW~bZ_)gcJbDAp6##n;6LyRtDV?RNQsfx}AbabML! z+MW;IHQDa<31_@GeJ81a1kRsvl%$vnk}c9XEU6M0<+d+1fJ3wVC1$8?6I@DjEyfpUNo+o1hKqz z(a|H$zJfj8<~_mordIT{-|7}v+|}79==&*O*8hFEuYm&z?mR{*_iuc6O+PaA-`z%%(zH5~ zLx{a;8&YjHse*W>1(`opKvt0#?j=$sWe;>!J})7WL+7dr$k$AO(l@Ck!$cP)sd|>9 zJT?=ikso2&?*(TFlJP zbwYGSHNH>Qi=2DFoTGmn2-lX8;p~_FQlWK%npd<$YMn5c9jLk#6>xZPeQ_2&7Ws0L zD*1876#An;s(o46jaI^djz-~l3hhQ5@hN&Sl0J*+f^<~8E}f*XL1KiA{;+JBjg?qo zm@|8lC+vHMbgem6X^~(2T?tB3^sAnya=&hAPvq9SF51SBFqt@iBk4q{y~x@EpH8T{!GcZgK6K{dQnVN3MQrJZ~BEB>LijzwgcDk?q`>nr=Q@1$Vl2 z0g`J=vw(xxlR?dW0n|a&<~f(lip6 zmPt%Ydt(tiAk9cw@2W>)On{Rd}1@eV*^CfPnyCy;FulYG7y@CFs3xl1) z#CNs9F_fcaCjFxWHp!lDTL!=0C)~zj*>$CqSJ7;2|vH6|6j+>(f)@7AaM{@|@!a>bDZ=DuM@ zPe%+pseQlR&vcq2cPRTZQIp{sraF3^8h9`G&Ri34+qNA(bkG?udUkZ#%?FVOGgNAw z=SH#OoGhIP5#om)zvi59agi+9x-&b{4=LV{=T4o&XR@(8{*IWM2hD#YeU{^5u6uOi z<2c%7o~uMmO@OC{0Q=u1@E%O~M;W(IRjcBwZMm#7#XgF9zxHPA)Qh=##1sU#LX$yQ=JmU)dKsoPvUn2h zG8vl(8F*GvI*zHO+fHqYCNU~Kb0Mj7Vp1G}h7lF!oodLy^Qq}fykg17Bh)ee6w^Ib z>$V&#_1$(wO8%q*zh>G;G~)xbsC5kE$Q`e!NX00chs72 z0C`Rer>fseCCjB6pHuIuDtP$hC+%hJ&uHsk`84@oI=DpUd{4h@9UWTZX*Awtrl#|h zpdnUb#Bub**4Mn2#+}HJds-@=paj8wq_lZJ4o%#!`|4>;=VMRxAyKScpZyEDf#rJM z9;_Oz$Rf=EvC{b>IaIg=+%bl=Pj76Nh@Mzu65WVSR1zNZ1SOX2G0+#HEv!AZ#iF zXA$>)_u8+8bXM<+ZCj4DnCLG#0Hk=w&ih)ICMDvd!6uk*Gcb2SEIX2c&XV7y|9z^e zro2P1V488pld^+ZoG|2vn+_c_FOzT9q>>1Pl*8_77wC*5Swh2}*&i)K0AS~IP~$Efs135RRG<^ECmJKHdXY4OmA zE=by}gHDPrFxTkWd0(M}NFu=im(eTv517Q9PeZuSZqCQ}pVbcuZ6-?jt2lKHF7AFC zyQ!*HrSfg(w&W}vZC|!~ zE55(@$$7S@gcNErHW|ad^cbA~WjtJo{f(pEuQtSgYBZdSVzc7yhL>yp1ascxIM%7_ zkH~D~j2MgXA_CVgvlE{LZ)m4G{OtdrXeH>06%z&reCsv_^q{F~&i7$%3}+o}CNAk5 z%vBYhN~{f|4KlYCDGy@YB8gbjR~FP!$}KXC4c~UWFDdl+ zYq`68AMmubOEew=4N25W>4%iPlThUR;4PIf%>2VLZ7RAVh5wV7s~?BO2iT0ht!&2j zurMZHdbu6xWAYfa9NiZRar-}*+gH=Hl(f{O-^eBANNKHv9l1S?l+jtz_r9uLwYweS zo=DB}GN8V`Gl_S;L7qDy+YIkY)zWF1mqXiG$oWN~e~YU%|Ay=t9LSBw$S%Mf{gOlX zR#Hpt#c3je+tVX2x|i&pt?$~y?l_u)dCrWEHb|+M7KvvB7qcHtgp@1qFU>2tWr*KD zS`g zmG3X*kNH+6jCW>kO(F+JaoOZ~oWTzWUkDE>;d?VRiL8X=rx#v;hF?4;NNC>RtC>3d zLi515D1EjIBbrtve)C@cXf1R@2K}0t6?LFJ61;b`)@8z#^&;?i2VgrjU|qB_J%NRc zzH8`IJ$@E!Lf0wjvRpClAay3`D?LS#QbcX8^(B3Z{ADyZax#w^o?i4jE^K(kTtCMsu*67LU zy;tURA&HeH#IFOaWeD1g)^PZ&5q-Wo;f!R-0 zU7(;8X7aLyvqkGN`p5dokKI6f9jaHKslu=s<<7isFB^@XoqS#^jQ{cQQ7Q|;(2W;I z8#JZYMOkjDiW`%YUy!*p@hu>D*iV=jsUgF0Qfa9l!t;!8kh!|{%~c}b`ndUL_VJ3i z!5RF3kb{61Ud2wq+Ko;c%8_Z84n@x`dY^73joaR_%h-;?fsZ?Lzm95{%gR^fXIw++c zIXN(DI>Q=TOSlzar)Hw5otS1n_D_|jqn~Jfif@DrbGmqXL&*EC_{=SHRcaOP zqO_+K-5YCRA3ARvr4!5BIF0LAa(~JUl5b??>0qVlyrv0e8v#ID?Lp7tm5;+Vg*R?L zW96K2F)^KwFl4dWM&Q`6SlT}#CWoqB%n0L0TdIhEW_3O|! ze&wMy4??A2x~4mw?=}71_E%?SP9kd##p6=CP8@P`qasbAI{{OJ|A8<`A&Eq&68`!aT>AQBQxf)o+3_ueZO z1iPYOR}dAk7f=vX6e)@*Riyi$J?EqVV!Phoaz3t`&*qe ztd4sx$k}9ndWYt~=e1@tVpDhrQj1>Cy<&N2<{7)bC!NOMu3{`U;Z6<%1Itu{;ad$? zY}pWfFkfa|R<6SF;}OTN#5S{fgCDyc~ z&PKcZ6^9mX)E;u@h<5U;&~n${OZUFiyldx|PwmwH!M(GO>NGbNE7zBYtLO!+eYn=B zbbRhSttovw>75%n_=b1Riqv{`Sbx@6%8GiEg7t!jYZbhV2S=3LTQ@k^D$78|o4PBa z_d&~0$ARnThybq7fRn5M5;ziBLTJ;a**G6GA>et_z#djWI zDsOmgi@sIZUh{+{q589Xt}&Y$8fI%TkJ3B3f0o6nHC@8GgYBWS>S0RvhNu1kXLQ?l zxx{fgI}THubv)fHGa*}rteHrjNK&cxJowc!13^h4T?ME@{Qb| zypJpkJg~It{OE@CuTOKj!IJHH?YZ;zlWhUxwx=JPqaE4xz*>(O#qn}46+pQRJ7)06 zd#dls4F$DX?yG{zbne;i;eKhK)o+N+GUI;OzzUPF4ojZ-UOIp5xcjCroKs1Lo#sK- z0wck<`>IgQlM9|ie)Oy@J7+)cie35i%_Db&bn>+;8WLFRDW7lom0~=3vEt>mf-8HR zIyrVIaFgBntnNzm)OTm~GTpjw8aFA4KTt-e>S1_XhD`C@${D_8tMliF*pHvy*C)Dl zwDS17mTF^4!{h62FV!paU)=Yon)}xHF>iH_F5^_h3N)j-M{Tfs)xLw_;mu|iHcs2m z?YK8gUCVNN_tG(CU#{9dt;o9Hv7y{NjiFbwcvmFbLH5w4sP%f;ZC93_2yp1>9A7?4 zZq&=*4f)gEAFp^&U^X>y(*E-u-iNHJtCzQ$F(gJ^o}G}rU9SA)btqFRzMS z=(M8i`bWj7?Ha~Y2U|~x-8Nuc+nI+m7RWQ5@~7nA(N{F|T&LP~`u$+xc8$D6-m`OZ z!_xO=YNgznHTm)7kT>!7UzC^+J#_GSnEK$`MHdD~>{L1Imp{}%^YyLD#j{j4jL6kW zoP2ed-_HEG_5GI{H|%k|-XZg(F#7tG)ac7Q@(Vs}b$^y-tG4g#`bC2-_ldY*@^JoV zKi=I3cZQ`FznQJ@MmaTa^~$}uX)`Y;Jd3u8c~TVLYuU@ALrZBfgVWR>+sA#StaM&- zFz`U=Xw&?;UB)ZuoeEw$e$CM3n{M1n%k^NE%CDSV^7*!v^U$z_j62h23S?j1`WUb5 z>X24|Ii@yX0fyX|hPMwGUXsLWfZvi((1^bXV7+nZ7vZk{V%+8{{tKK)4N;YdXd zo8ChT^)ePX4Rs&9yw-1h^{#ps$AbB7E3(w~#hzgKXP>CC{-_#octJtJB#uJ-vd9UA zEPCxo#}t!0yv#(dze=pyv^%RTj?@@jetvM3jm6_Fcdp%6sYq4Xlf5*1d0MKj)3n>M zDF)?N^QLH&rL0fxusLI>Z-Z;7qEX-61l1|;wwT*2=`+fGORCm;m!?OA0! z>_Kof{p7X0aDDSmx~lQ}FV0KtVbgc$miTp%nStE#W4=8bkj zr32;MYwkXux-JBnc;;F|2xKM=rGpmyw<8+obc>7^^Sw;#5X z{_$-^-iwPKw!C*eOkF00E4NMSxscL^e)jM>j9+C78w9xyzb*cJ?^^ zi}g$Dt@V^go4D*qC_ZO0|NgcwkglSiQLRa9baw62A+@i4 zOfIhFJ#QoPyx1VLMwq1$Q|Hk)>dDHIh7JctMIXF$C}(egYS^8E;Ig$_P0WJlI-S~X z14)ESPEPi$I^1xpQm{R2x=$OAa)bVlWa6fD??T+U2sVNpU3%jlA;G%f)h6!Zr zF8fM3d286Y^7=9hu>hkPOY`g8klthY9X4ir>34O!MjI(c5YA|ki zE1X%rKr^97=-!~Knim;6RvjLA%a7_7A-~(Fi`Co3dO2ZF-hj3+FZWBx{iiPbp+)pQr4)amRhlaJrky{_sN?*F)}oEVPUObZJmq=b=4NHce)0TRY1mTeqk4hx>hStvo-xh*ff9*fhi1h2zuu0o$C)W38;- zQCArFWy<_9FQ@J?5ZpXT^>Mb>Te+A*Oe59<_8%zC!*<-14Gd$(}+=e+9EI9jOIdthYM5dHVt zsFScYy=pZNjj!nFO|4t?WPpkC`*hVf+n5WNXMG+vwXih&M*lPWg0m+W$ZrbRJ>I5= zsqgS8C#UhZ4uY>bHhtK-G=|}^y2%!kyAO6S4lI}7ez4qRCpZ4EXC7zmuoFA`vd*qv zA>&aN#dWn^QLUBrsP1}M!PCfRtqYxxK{Ws3m3vHl6Y8F>Ul}ki{OGk(7adbXHs7d9cZ-=$=xVeC^5wBgbj}x1OI~JP(s!`RprY zv|(oG@x1;|o>mox9M+qtGv=gb?fZm+P16U~*OYp17{+QlvVK!9dF#-3COaFr#$M%% z)1PMViHv%dbZ6&LgUE{Q)-`3JgA%|ute>iRI4g#e(e=xw!l(S@!)c)>Zv@<&xa)a% zzSc#*`Rc{#dYoImXX{Ts!#KQU-TOjA>yI{ZW}#LUHQ^5{HJ(Hq(lvR$sLvV~AvONE z-j}SQnmupMAFM6sGIHz{Ip)K)y&!Q^=h*J|Y=4z!dh!Nqwx2#RzvftN*!8eu&#hkc zt*1RI3eU9+k4FL{J?ByQZ26i4;RiaanyrkO^te|a<{Q(5io`xyH-W5%w)*0keS3)A z)pE_g0h5Y4AMLTU*1cVOc6XC4!(#ewt#0UiU1QVjRhC<$u5BGMI!Ul@8D((&Lq=W9 zzne3NHk6LpM%6+t>f@ppmz>wHnIG*|*lJclPKl#|J(y z95wMKTSuU=IqK#1qcgHgX_*h!>usMKvL%18)kkbi>aM_1yB4RNbF91bYU+5!NfV6a z9D-~vJp4-0_~`0TuAD%7pH6PNJg=G zD%ZE+gxbNvRG*7^2Mg1(?B@+koxW7jA|yNs><-nAG2L#r9{WP?-I+nb6vL=5@1A>2 zIqvou`&=`7L%G}AK6&rrjOG_FE}5li*LSs>TL^d5ki=axRL;K&$W7##CV2F;Pb(D~ zUcc1MF!}9{KA#?@uG2VZdpO2pX^vXMp$7`Wq;WfU9yH0GHV$J14vp6z^l3+4_EQe+ zGuF3$$n&b6V>@*>P3OG6e2CgPju9UMcdkB_UE}Rjy)*a2+_4|Kr; zbsk4Gk$+jS-d6sMePOzGu!sA()x}_YFe|xndBy}viQ*f>^qigRsxB1t-19y!aP5X| z%ie0d>(|QBWR8Pj+Cof}?a`24rnn@{dHuKW9y4mM& zduSFPKdzBxxHk9r6q{jd9Cr?$=2?|aQCg^JegExg+rG~(Y-Svj)o|!w+XK@wo5nc!9;AfP zPP{l};V+xn-SU1eI5SV}&Rwi-9unXZH!^we27@%$gy%_W6AQM+aP%gfqvsSL%}idS zq_y`xR_%#;D|h$AWRrsOJHzz`kGOnh`G?{ik@;FjugvXy z@pYNI%cZw=#b=GLW+YiJF=516Rou5fHTOx3`jt~pj%TS1u`zL+_>!-4Hh0*h?rDQI zcA$FIKUR%ub2p@qV%Viz&lQ8u9GLZL%7%xQk3+BdY(A9`xA@cOPp2H}v)n-TtV$^I z(A4!(TynpM&5$pGj5EhJt}c%rGsikD|6tf%zY4FLJeMu5LCZ2DM|$0xp#VpK-8F*? zI@G1tZTLzFMHPH<9``t#;v8y8Ir)%NJY!N`)bz<&acg@YKe2nzj7769d#+o1^14uXw;_JCn@UU4l*w zpp0IB#VIT+|4}kF!GKOR__X2ufEoLu-=D1ZMF}-|pw4uN9ozGInHIjPAgq3y(9d6^+RQJ_b=?$GRsRi_%kFON%M3C+dSw^u%I?T92P31Yf#)~aDl&(f9=_q` z{8V<@lcT*hD7D&RX}J8jtU|Uy_%;*ux|0WQ`}k#A_H^pK`Tnucn33u#$%T`9ubdiX z8eR}B&{_G|cUe1oW$jy>sr<)Bdrt;(SB|*X;q9BuYiFzM2j^5cDa@)&&s5dy|1ka7 z=<5Lk(|Wp=q?l~CslPn<Fh3XEhT^ZkIvAy2j zi3^5SO^p07@0hw?=`GcC)$E?h)YY>bWIxKsXzP@|iFo%RAlT7<$rrQtHLT=AW!Ap@ z6(s|7T-;(kzP!$U+y9Z_&b)zFX8=*mOy{b7RTpbqh|c_p7Dd z9$5SEWxiK`3$9f|&1|JEeor^N3psvcO8l*@1*;Tfa>gk1vL7(ivdYM2etl-t(l=o< zcAek4I~o$tyJp=C=O|w8^JU1fJJ%PjO6U+Yew^;$Fr|sL{Q_dLk6qmTD$>8KVbf~! zm?Q0mo?WxjX6O`IH(v4ht0u1P4U2VO^exd|bUuF1lQ({w6+Jh+>eeygxU!+r*2tnG z2mBjC@80ik-S4WRU-wf!>4}EQYwnhP*s}TKv;C0`t-c|ObMxDzjZ8&+Jx4>2x} z9h!BL7T0=VdHeVW1FN%y!^&BUPZShh6quwMz6k5ya4h(R&grQRaqG{q6;@~EJNMiZ zR`+Z>tNc~8iig#!Cu)b&7Ag-6Pks@e(|_XLkLqi#pFVK&$l{8&muqr_D<& z?S%Ii20K~}ovnE0RIT;Nh<6(0Q_i>Y9NBt%d*@!x?niq=lxuw`W)a-)n9T#XJ_?p$ zy$7Cs)qmn1-62X1=?`zNV-DJX>PZZTJ;txBf56GRXUFf;tzF_-eQ~knc+<1>nwzup z()%vR%+J?<)h_q!!K8 z^{InwWL>1mR_cz*YpWkD&^=C#XJ;ZkV_=cl7!2;9J*j7F-XV@g=x6TYl+UUf1(rq*=OhbNHD0 zwY6KJD${^~R%ZluipjU$WkW48yq>gff-%5CKL%9 zb{1AnQVsSE44b)r`jok&IjYo|zdopR}1 zd6u(&YL=!vc(FT|cly}JU0x*?XN$YfnUwo> zKt!0yXV;st;d?VM zPxo6pO|?wTEu50s!|B3m$KZnU)^m0~9KzVNB1({T({+4(no3FC(YIeI-LCC$suKW1 zlzD{*$k*Pizm?(fDLm)om-IUK>-x`5ex(fFJ+5KQS4y#6_?7Hp@9_=R{9jI4o{dv0CQV`F=6^M|^BG zPal`7x#{07yY{Kcmu$a;gog6N4PWXK@{_MUb1DwM$om9wtl?Eht4~il8ZlvX<|~sS zVZ+C~J5xEf*gngh!>$PlyjxN`dFE_aKN-)-JhhD0+@hHIBUMV*-#6)%v}f%6vNoS? zLeZ#KhZ3&VdVE@29G(%rd0Avk!ZatHqQ}wnbQRTkCqNcW8|-pEh*fz|^T7N2Sy#si z^{mgGomHf@Hg$8>)poN_*w@7mJ@u~dxj7FWPn&8#q(5_(L5~Dq?tQ1_;l2t%0kBNB z49Xh}jKbfh) z%%r_dm1s#KWAL zgKxr^)mPW3%YT^HHK!~n!KR_O`qtJOk6WMRp(M&L{e7?gH`Mdc_t4Py@Z<$@n_TJe zOJjV${x{qnq1WX8C(TjXqyD@9>6dW)yDt;>Kgd#KDeLh9)c3T>o=~kBcq$9kFuJr| z;MFgrdeR0z(+Q@n{*HS~es{kAwQG!lpW*)i|9`^$lpo#y2K?Wo{y$v*2-n47s2tJ1 z{wKQs(U-;j?pSnBKlbm|Hu7*>q`C} zT;Jn=p8$py?9LwEETPBj0G^Qbn_}Qc`@fb>6aLrI(AE8K|Np%O{l!)U|0_~@Q=n1= z6u7v1_p6uJJ#B5#F#zulmj&n@N*i9ki!U0S(Or)LZSP%rIs^;pm(r@|l*7B0$10CZ z%AR9)VC39SH}7b-I{vJ>gYxxNA9a%QHf$Wiwp-tEXWEkm<%eQZsxAxBYl;mAWk*jv+KhJxg z@$OFaot=wzK2CW2weD-i(~QgOlA^a9+P!?={tXAOoJicdVAqkICt@}pKejve{mYMU z(+eWk9(Pj&bcF3Gwx?c?Kt}QR_5_7*H0a|oP6m?@u!k~ z%M&lhrz{s-Idk}4SxMF6u*-*{ZtdEBqoSg!zW!@%ZGA(-*M0l;&k0KO;a^^{IVE`c z4L84wo3U zc-Dm(^RF-8e(uiWSI=G+hV8hs^YruR3(q(1I=bgz?2WtWk27*hD;pA$ZdnEYC#jp&MgQB&3&p zuGXD>#V{zzWyO7`MagcYa^UCN2PmKSxiAo6PVf$O;klHSB5=N(Qdh`y0? z=F!Kq58qvQ{QlarqMOe@J$_SKP*VM=vZ1`HzNn<4wEQz%gPWU|fAW6e@jLk!pA{!Q zFHLz-{2=G^y_X-aJpXj-c|m1OePKoI$BOFrC7-M78a`DulvUT?&UpQ~y0)yUCco&@ z=Z3GPm7l-VSCv+l7FQJ4eyy#luKHa0xuUwfvL3G5Ev%|3{al^*sq|%Oc}{)(mztW2 z^74R$Xmn)tBEq(pFA`3lDojoN+R%`blLM5G?{kP3DD9zabNfLyr}kc3*uLk;w%ztd zUJp}B4F2#;ZTF~IX_?~(j_UeCOPzacyrT7*?Y8dsrX3FLJv8O$R>p!Gz06%Z>xE~Z zpWP`@W2&BvjD6gJNt%P>X7|$!F?_4kU)L*roAT_>c6oQU96w!oF-c`r_euIMx2srh z@uozY^zZyJ|NhjAzUfDXP0y@Q)?zN4#(KGPvx>&d%gd_AT=V1T3zu~-=Okf!nDM=` z&K|XL;of3--y1sc%jwOpCNe?}Kk1o&f8Y#8-E6@*r`;cJoa(DhFAF+;Zr0P}H_SkqrS`RLZ!GmeHGf3oqm!@$wK;%w8GJXjtueEMsjV%eFui-J1$bNjk5xliV& z)#tBi>bIG;J$B-a5QTK}RV(|Co^;VB@N{H&UseCOH!^(>MjiYut zR^D0fp+(*x@Cgbi3S*^nSI#%*lIqpG!;HNK0z3eGgmMZ{fYeFo?Ilo_|ve0f?C#^#+h zy+%`KYFx{Ga&%Z!N)J2LsCCrkss}e|-5wgfE9=9B_)~LlUy53?Z}tq82?sayIJn~C zV(fzFh82lhN2}f)aUep=ZbalF>hhs-TV0k9id-E!rF{k{%bac_#?)AjSKhenWm`(vovgD@=$+fF z;vdajf4jfOp?#M9r`SAEdv?G->GtqQVcGK6yX(|ejOcVrt5WsMB(*!k4Odw#V$?{!SEOlwT{a7S1vGevg=20`&fsS z)Xvo_?#<1b1?|gjDo))Md$VsvYIZ~Ym+))t6^l*E!qh2kUn|N~wcm4Ntc=#)YhC+f zER-?upFhUubyuH~h>q&77xcAHr0Atw3k`a-u(C?VFvB#d$BuQwjVKE`PIxzV0H)EF z+Re0muZ)GA)%Q}`^^2g)867dVs$_^!g@Vb~eA64jm)|b4F=UKRy0%fF^ZdmrSThM;j>$U#<7IdAN*k*`x1Z7CkOyd=!*9O29JRc_A>V8n6>uh_)L8VnJy^n88Y(HmxJH3cjojHkj|%BcG9?>gi5*VQ)pWjiVDVs!SK zKJv*J(Yn*NM12{J)(U&qt*l*SYM6JsOxh~DB~kg#iRMjBlX%0j2O$* zr?eSdm$+Z$kZLQL*KMe2i6=hyOOy+ZnBR6)qO79N*wzevifkyQoniI0PF{N#^!Xb1 zI(C&`k&N(Yt2M^u?aGc(I<-%fYyB?qWZUzyqYRzfD5UL`Q4La?@NwT-djm>4opuo{ zLB|Cz)hjOz&Y)PE&TO^Y?lq-@4@G9h%yuINU6XC=Z{1@Nw&;s-U)fRTugP*p$ju9- z$XdK!-c|L|g4QP^+N@nXmS>tcv)i!$6V~O&reR8fr3%Z?}+lFG^s-q#j)hc%9g#!{P=Q}6AH(IJfX?<#D%0vv% zJ-)q4E(9SADWU8-s3BvVaX~J$pZUgpCBQ9j+S@%a+w!Hlb^q|-c8o32vOP|j%WhKW z8k%7)U*p`~@}5Fh+t;(Z?~jntD%mHu2(ysS*;}CGeXZjmrGXk12OuHxVUNj=(T1S^<3;GmcvTiGPbi3+x=JZ^L_FgBabQSEq zKB()pjUms<+x7NWUNQbf#DY;{TUo2O?x9g9J7!(0F1xHOPQRJH%zV)PZY5WPuDp%l zg{IH%S|>wkJ<@r8o6&n)wJo)-zRjEG-`V2L+hxu-sC6@!S&T@MTR!QG0@jLWjxD&q zZe1IN1TeG7ly}g4fTqxwUNWN<; zUhKf6oY^*dx6~YE$As=4?&L1pde_V-Ex_xwu6ilqSG}$(Cdq|UZYWX4FEu}ZrR%z} zi?Zs+%FfHGedTA}25U&{+4{y-T}sl!_{@UkCaO7dd*teJ+a;W`wQ1cg!lq67lXWt> zgXBJMv~Kh6>)yp_M@_rU(imsbdgcO3+eFGZp9RJ9io0cZO6V}IeM8Asle(}GkyUca z#w89jDLJxG&;GBtkNmfknEx96HU=d6Kh)_D5U}`jSn6W$b^#m=)5o+l477CN|L{RWi$?2cLF2OoH25Pf(f*0f|9j=H$H4da z--YGR6R?FmKHT2(PyT+$|D*Jp^8Y9h1ONH|{|VB6vMr6nW70V^AD$nJ#+)Od+0z+t zqZ3!?Lvv*dSu}x=E@U%lEl|mSg5W2y{P(`r!phRn`Ok&N!*BWer_le9|MfJR@IRad z;QaSr{Leqd{Eyok_~SYs-@up0WV5)Q^s#KNZ?HPu-=Bjkf(A_l#D6URW1Rk9dZQ)& zmmCZK`E0(+|C(Bw+M3!;_+L-!KmPycc>kFm3>DPWocTP@049EEp99N}!Q!i_8F%T3 zet}E;n4ADl7B+{?7Y5KdMpT-B$!Gfu;i^9mAD%!+^P~$|LN**8{QN{8)u9m;!~1|< zY}_2|QExVurWVFTrw&e2JZv3ZEnVC^%$*$FEFIlEY@D2+$d4MlAY=Q_RuS!P1E8%L)$U@jV4pjO@gS3Wh7vhNTJ@A&NdDdzLE9gotBN z#k>LJKzgt$1_kl>OdnN@#r0-$Sprq0=x9Jo0s5DUfR-8#U3-YnoX3?K(HxC}1Bph# z*a9pVUBBqh;tP0OI!81XCgfp49~NdS2EvO)7Y4vV%NwI({=7gI-wTv30w59|00eAP zJU?~_oxx#YfzZH*#mDGePmIe71Zd$$rZ0vE=D{~Q7lR8ugVlsQH8A55)Ad4^K%xeI z0cf7+znCA7&r-lJ2f8my3dK0|IOuTVb;e8rz64B4RL-FMQV4*4M}8 zNPnSAeZfaJGzW^abV2JYBv8xt6#5wH>1kk07Kekb&V>0J5#Rjjo}R=v1`r#IZ=`|R zxw(izLBs3o#;m=Dyp zG@_#0NIg6}=$-=gKo&!tDZs6|2o*G49RPWhmJW1k>tKz!x|p~0Ivb5GdEbymH%3fq z=xXj_>+FWvn>t!gFtxTcvNN4%NazqU#H@AnMk|SCt)Ude;c|?I z>6&xl6X+Sf=<{$T)YPBPGVNAp?V-6bdeFn4}t(Mqv6WKw9S;5I02%Q3Y!U9 z3Xe+*QkzAeLnru@iUH0Dpx}eh6Ri+U$jAS2Gc~if#Mcphz|1Y}?VU|6ENmUEVb#$$ zS7%dm;+vV1i-n~NJa)IWaI--~g12k7{*t9Z^h>_2tD*5DlF*VS2`wuoz^~*rHuT~F0}I$8EZ`g@3XDwoY>-Llidepp7yf5#Xl87| zV&YOC)6^kEpdrl+dba}6OblWu^dxCk3+97gEz2jkp8?vVuZW&Splgz?Xl?|L@r_Xj ztkF*Ax8;d{JD(2`^^7~aIB2w8xykcd+VW)}~yg?==}Y+Nj@U^8O^hJe6m z{ysb|i}4nM{Eq;2I$V_8BSJV`XY?X=LhRYif_V+D@@F(lRz> zGFbuv<`{ssP=OeMrp8KKhQNOe@n2$52xtR+fUJoH(lib=q@nd{{IVEOfe+8$ALJ0t zlep_wt1+19XAzWAfDr%_D=mW3mF($H!bc0_)BR~kxUl#*U@p#Xj&whkkt3kcipLM| zQ$j+Clu74(>fEFH1SQr+c_AT5K2*)HdHO2?|!#Mxeq|nI&P0HMd zE|i{=AI?F|<^*qvRt!X-c!?SjQuE26&i~}{P`|rAwhs72XiN?p&T}Fv`T>ZxTsS9y zba4QRhdtu|9kh0EDk0#V1)mVHHHJ7Cc5q%GN$k=TV#qL-+EsPcH83kai=|*lV@PD3 zDH0B7qy5%i@w;aQLePN(oC7BjZ>|xXb)bKYJbSb(<@BUC0Mrm|EJRB_CK7o1`b?&m z7x5HraiVTTzmvS*@+caTQOIM7F22J7)Dp3;sR73l1Oma6-`H8`XlF52Qq_~H1d`~);ZY(~xv`DJe zPA296zp-G0B_93d^YCGTy5mDkh4@U&!3KX$GKCdeh#2Nyo{C6u`n~|N0Y3=|F7lXw z^l3??k;iO43$#KrV;dfa?MVlt1}qbw&LQSPGB}c1aFmDt;M&PwAgr9Nh&hVP7#?11 zE}hH7=WAwc%bmj#AfEZ&iYS2b$nZx~`SymW8or`_*^$x!(d?bWp~3Hx6$ONnGfY_~1yKam8E0W&e|1?&p{Q znV)bZlLvbAozLU>H9h`v`QKv@#1@Xwl4i+a5ynSkcKgdYLx7YQV)8WNGa;~C@#p{Y z>a-+kzQY!c=u60Ak!NT0i9CV0p^tw%;C%WV7Dt-oz~DHCsSctPo;M{s;wg>J=F`0S zU^Qg~1Pe&*%gopfZ}OMVHxTv~a;5N(%|wAadf_jhgaa6w2~jMi+WRp{mCei;{f>dE z%jL2--z7jAu6coSgVYKJ^e91me7aiX#|P>7#G=Xgg#)x2fZGwms~g>6UIItwx=hH zOT6F)wts}@0G5$$i!UL+2%E{0deiy_J9Pl842SHOqgEY5}CiP{2 z%MY*y?i*rU(z+*&RY3s5k1ZsBcf~zYO&c2}gY9}${8)KN*4@P zU?Y^l;z0CZ+!1#nA_F223vs9>jLBdHFNf-EF=oC+I_V-*0 zVhcCX8gaJh>_!^NHNjLORtdn_g!4SW~Stb z0EM$X&6Grx*a@Pgt1H5Zo0GGYx9o4g&9_+?9fVzY0U(^5K-5k~{$qPE#TsD9R6iE+ zz8M`VFbFUu%#nv&!AOp|!pR34IuxS|!N=^6&;fg)8DOKSQi-UCr2cK{6vN3Ho z(m8O?7s(QhjD1?)R`f($A`-ATYH%kNF4jmn`jd;MMVvDl`wc+ESaQ5DGhQHwCvVK1 zE%X7bafNhs46_vu7l3p#;{eTr3AicF@L7S#1tCFbQ@H6>S^|H2LjQ0Y+Qc;cz$VC~ z8Jqj?feQTS0?d`i^+v02ZUN_{zXVpDMlyu-DIqeH_UYiqZ*X}F*`5%aKx4vTFTj`X zL&luL!Nb^$&kKZT1t*|+S1>0MdLYjWKNq4`F>7eu!mLTTC~_=<9LIg+NJ5K_g@hDs zB?z^}P387#HI)V;2S3$z9KL7&pM@vLpize{!h?| z8>#?X1P=Y^{*6p2gkFoDHsvK!tECz{z>lP5)Pl_?SO$=Wc0!5EUV5JY8*H^iYf@_u zK#B}bq$MdZFtF*oaWaI%2-g=sxC%H%Y_67`o~{x^qiHJ9J&iQ=_4JgO{zlrmN07g|8IDU+$?@dp#MITjndQ> zGnp2|@FFJD(?(2&e{0HQbU%6skBgHVD~QFU@fd7Ro&YjPz|I4Ezdso4cz$X=erkx9 zsmADVi`jV zq?m%z5AoPeD7cu=b}%;{X3FQYLBY4A^EtsyLVwACMl$%9oEm{^2;KRU6Z(-Uhc6_I zIfRbPz{8NqCHao^hA=kTfU!{lS#Xf|8-+F_^7yV9OhRBk(#9lO6`@PvDjkU-F_DnV z@w1A9v{r~W71N%Eh@3P>lQbYPV@O$N$v9l8$WKHI<~}U2yy7+=OEm{Lco0q<^1y+# zQSkv3p9M4rh#^cKW(K_T3vL9F#w4|e5*7}T{w&4}5tb?%=@-tnEx@YXBzUYbS&1zM zU?M~gU=IkTl#Yp}LP!}^gkq|u7FDEbQ#Gj2apPcl)B(gK;sLmbxSAsn*&7f7MgAC& z9KS*Wq)gL=g|%g3kv%rZM<5K8FWM6Y4@ge-56m zVe9BT!3}ep>}+XdV{2hy=|~RY#p8g`p-&VEwrBiEj5*}cv3aBfo@xN_k4q>oaq7qN`#V7loVc^O9vrYCeTy-N8HdOc}|=%h{b}_ z_)q7CkuDJtBfthDJ#OP)CFTQSn-I?wPNx5eX>`TAIl2G*e0NgjZxSfcrYFu<6Q6X5 z(+o1g!oDjx_7JiRR*TUzk&^+~kUHE*jpgOVWa{aOPF16Hn;aUX$%z;hMOG34=R{@= z_`isrf5_;To@}89Qoso!r-{NGAyevGL@XYz*$lPN44uhbPiT#~A#XV9xzRCBBnHIX zsI3JFe_{(Zns;N#A|CNKC+HCDDh%-QB7~S~8KKO2~_{2}~9FhUt3sj#`|KNtj}pd4c$Ae5Xu zM)C|dAV__Ogf4#|ba+C%L!((k^br0Q1`a%wGz@Vgevs3Q+T@i#(4Ra@D} zhzj<1Dvo4?;km@X=%W~TDKtR-H3HKJqk4edfl5vuy-iLWMK&Wy)KR7{yeA%4{OUYn z1c<9+iN=x|^w+w9zNAP78TS4Hl0g@Kf0=9~gZ_PlgJII7!y}^G zMtJc-|8?MbvJgkiMeiUYrO_}@cQGWBaOufL8HOAVPU+}(B$r%)^nee5HIT>0fJPI& z4e|n&a!?08!>yer1l!=mFKP@a{|>HrV{o8)fDh15K)i)|c6NbaA@Pq8$^>TuVK8+J zf{qv)5{3~E!q}*}NZ3evFgJCR`dt(ng?<0o){HldtoCaLX8yc#Ii$4Ark9^X6)g?X3H;aSC$RMpf+C`O@$LsuNYN?|#&LJtwkieJD75l>U}3gX(vuZZCgy+X*1#xIHZisTO~ zB+)P%9LIcu6>v@vOFGO5mHHAa6e?8nlx#+RLVA15)ivlGnLcnEOB zfxzTKfMwG`$kS5Ov%?PuAqJf*B6KL_g5((jqDx1hD~Pv+W2LCh27JV=nRxC$wGsPM zMKR`7INX5YmWWpul__aSjw54J2Xy);Jw&9Bq4BBtJDQ?Iw?UekDGbP;sO8o+>k(pa!Pnv6+FtF2o%#64f~D8_`6ghhFv@kfoEdvMAnr? zw!&|#g})TPm<3ogN6b2|bNw$?%}s14PJyBV|h@ zWATXAA`f2kstqDHyML1iZjsU?(ev>`5WEg`r35q-fC*9mo=_=4I@(SYMCJnfKhjoE zpbN58NSSBEdgcECln^n%WF*iZ3Tg)xnCU|`b_0#k8vhK@#E>mMI{?p<_&xrJhPf+(v5B>p~;|Ci#LogetMM(P}rlp~UL~N6U3u$*MJ~7~a zQM!e;W{b`PG-u47tSd#@E2VJ^sZA{kEDSQee+v7$|G$QPv>dL)a$s65a{=zTZ|=-! zCRBfQt0GO9BAaCsPlL4Q<6kn8irp2Bb~EW>W6jK^O|7MNP~#BSDXjt^p|vGDX%oY! zw27HK2@pOC5(PNrO4BO|617RRJI+4}s8RtLbSe=ZWFaej%LRieZb~Ov9fjAzBj8~# zaOdNagNUEPjpd?>iHncUF{U;sBi1IQ$Ia49#P^|vAM2IU9ODl|5SkXhUpjX4K|gmB3C zV*J4QQ-cZ`#SDHU7#s%xFV_O&fc@8p2fp)fB7qFGKxtB_p3d)}0553s0~CO_fvkaJ zjK7Y`;b6`_JRy$=Sp509i=0qD7_ez&2xELOOyq?6)lt#fNsstLPcOdM(rzSUBm^;Q zL<5);UhfkUs({o8lmoSiGyq^!q&tez8Gj_T{*+^fsz|tYsF-L(QJ9vrZ>O1LAiXVH+UcnWNZm3ZHZ;38aenZ>{D(NXnSH$z^pa2_Gp>z~03KCVe zSy0(e2K}KtUg@<){6+U;d-EXon-7*mB*_{H69%MrBfZ%atYi?s1WCJ)LI-v;N1o6` zN^izDJ~J1nPr~y>`G{ahV?zmCHWN%^KolS+u{m&gJQ9q^tB87GGoeH-5A2p02O6nE z^dlDFj}nAYHC&=0l3>9o7ZM*8{6SvoVm3xHpCqfF+ynm4_1)?Hi*1#6a zWqGkt!rLF(3E`AXE-6kw`2L5H^(sXoxw)b#+L8Pi9u7oxz?QcoFboGkQi%hEZDS7b zxoMm>EEFDC@vVLO=b#f6>0}B#P(@@s4M++?^bB$fsK(}axnzi5453%oql^z_v=H2j1? zLUo3>PaxIUEFc&&CCY!}Ye%HLearGA9Xm}3-G9s~W{%Qi_h(EsVCVGp0Y-wUk-74C zJw+m4-VA;u4o2VLuErY(DsU{$BF2v^Vl_&<vQIG74Z*9`x3rIuQlW*YA#%eICEpXW2f_c{;1*EHh_Dv6 z07@{AK!L6-&xv%7GB{c~Aa{)T3GR)dDr4w}4ul5}<_Ino@Z)s=*G32A;~c>@(inrW z4aKcUhb25yQ6bwl>Qx=m+xe!#5o~4fX+m&1`A)L|@DUmVB-PXyqw0UZDFToLTF4JT zFvAn^jScDHs9M@FSo=fZ|`(r`S51J6Tu~?l(*U+)^-_k`hc8#~NzV_#I{9 z=jK0%9Jt`x(uJ3#kx9aZ&y?`vQqlPl3L6N;o>^Tr3$`~DkO6=|5P7oHsmQM?nwe-h zU~1yxF7Q!0R^Hl@jG%V6Gxq{D)>xbuo6WK-K7z61P|t)NNlA#sC6qrHLH zl;BQ*M${tO=1{nz_V4WzWZlQ6djs0n#7To%jYfqU@KW26#M1TMdeho)4*|}^gcq}g zT}-Syx2y%BB9$Kg0xl^B4vH3b0pLwj*N`QM0wZZabYAfz;Cb{If4j7W_J zCX6r!9E`Gy8mqEM!I27pB~`=5M=-p=5dIQ8N8(>px(hzL;q_G9@%vNIvFI0qeNk&j zGZZ0*JfQ#3-i0tBRvth;nONC7nH!-Adbr_tE+8WfhF@)CgxAbB!0k<9cL~0OQ0aJ; z6;!GX>SHtMRB|~9+Z3Fg#JdYJFZmPrYeF?>4FG#+IQRz;iC;-Us`5xel4sjLI6>UB z2>Z#Oo}$P;ikP9#uxXTE4txVv8Rk{Tw7qNwlRDHSs zDTcJv+-=d-OfBGs+%jqI_+4I&5#ng-CPoPOMQ!2YD_2+rKg<ngqkKTo~7N4zbKv&k4l-me@lu5^8Mj<1%!n^E40+$B*6fi z32|{lBg?l$925H*A+>&sqlg{8$(DeI{w-Xf*jD^NZGy`gx<8L5nt=F&ho-uztFw~x zL?eiC;rRyh5X(S1x--;|0K>g2hwYEk1URw8PD4?|-p_5EKLv%Bu7(5-2RQSy_~u~I zLS+!_>7dj@**>@rPKYkY@FdJQ|29B6`VxRFEuG8_kZgqlTuc_EfIwLWbEw452T=?g zH3(dSad4PK+#_{-`9AlMzy1Nr59E0MTa*v3U=B>O#qApQRQ#m&cal90Jq`b_hnBXk zWMy3fAk!DFO>_n?6@*HHy^E;2fyYOi2QcV=p7as)3LiEk7`f8fp7{QNoXi0zcH9htj3v1FA3)R;#Ns1L#8Ve z&Q%N^$epIjY7>$tEviUM$624WV1l_-qTPv7BPCBzxfaPO^cQ_|#Ek48o{4LMxzl1(6gO1z48j~S|E+IoRy13B@X={YKZX2 zia^7k(D45fh;)Q&R!v=+0V!dH{|B7xg=#1Z2-B_zQ1Tg#{FeaMig=NT4QdASH*G(X ztpYz$NLzpYUu+h?X3r!-8O7TL1H8(9C^xu?%}Z)SAP-1VyG66=AksU6#A-wo_!n6v z7{-=!;J8AZ$fWeO#<3nPx3&PoU$e%IgvC!lL3sP53oxL&JW$PM!i)J+z=*G&)zbWy z<_X(q6K``1lWGnOVIzRj*&Mj4iV4$2@cfTq5=94mJIa(#QV$_Vkuw|0mg0f-WN@XZ z9ynn^{*C$Q{$U)O@q$o(J#yEKFo#S&p{*~9lthJTq+V*%8@MTLarhFOWH(;m=cL5+(?+)xH;G(<34^1d`Iy7 zu!V4ok2#7xLeX0+46on?0WPq62w8ZJ3GoWF5#2uC=(Z4|#)UYb+XfUm%nKraFel`N zz=%5Ye8_ked&xgXB&8K1fieM<1kE1 z2R(AYVKBl-ScYMG8tAbr4hG;F{}DW{N`+GVL^N&R7E1{2~W)>(vso! zZnXY5wvnhnKfxbTFvVZsTeH9;;x+UpZcD)L9T(RNS2abx9*n%ko3P>{Kdq!kXb0X= zrwNX37EbPtn41&OkBhCVn}ewB7{^-V(k8JU{|q%OIsR!oA3Y_Adv$0q$EU^wgXH zBrksNwj~LHqO!n1f@p%|ZZ7#vLqiY#q;dqr!7y6nS@`F&1)7LUl z8H&V_cm$BR-KbIAg~a%QTZ~9(B-HlZPzW6`Oi2t)_!duioWZ*wI=VDFl!`*EVdG=^ zdJy3P(s3?LP9zYRDh`Se-xtdafQn39p@%>6C=gnqBuc;)cQz1sX%Z75r5s9!d{I$- zR7pWp$W0}0qD6jG?*J%RG6$Ta=&{G_07y9y5CLCk#T8JN*H85Y6M;)2XncQq^NvWV z3EUtZ=7sX((e3EuRc~a>4xAB16sjR5CP^xkqA!51CEj*}JGfYU*I=l0#DUCwT*l~P z4yKdrEgh}hY>c3)W0TfIfme}iaJ4rJ5DIx*N&QZia6G~c)J?$|L3&`K@Tc^v82&CG z98XX&HFI@<^06Qy3?bVC#ud5haWNvYh~kKDa*HBfOJIx5wM`F7?J>yKw=UQ)K$b@vG;-e35`$&;z4y(&hsnKD&&(-v<`f7rEcjBE4!D+>)0-x#`gE|@?rYd(l$Bdy0r~*D+GI`1-D}OdePbH<5paA{un?d zy2WEGBn^IlP(iQ)FMt2qn*KUSB}7I9d(!D%^eXNCU?|0Lq&!Za9{?nVAA{k=uCnCH zt@L&3Vp2`JOH7P@`Hb!QT${;dw>m5AUF1` z-94!qDOOfR@>_KrRbC1b;t4%CLeZIGm5_L+!a?PHS7}R(2oA|P)#s;LO>sa00I8Z9 z)g^FH70F-j9ISMSsX^KgRZo#8r{&e+zQ#aUPBQ*>ZGyhK77<++SAz=aMx&J1zvlK8 zw+%$WzSOg(D}DQT$oYaJP76j83_fR(c-H17YD%>ZVe5OD&cvG8FB<4(2Uvjo;F zLb&|V2EJMW;`=QE4^A#Q88Fmv2!D)4;J?6FRfL?sYaXsT@u+fDs-nI5O45h{(@_XE z3X>Xjhrt@CqntV^)M3uGo6{gaOwc1DU(7JrI7%@GR8UCPB)FYiUQ$xt6havz)K_~kXGy(byM;f@`@NY&WclX4G<0G z;a5CzFstoErF4Rni-e5w?+gOyqFibDA2EvmkU>=6G&qS+l4o!cQEGVMF^pTT(U5Oh zA~a-Ol1dRf8xBlpLC7tu(5ixOeSso%6X;Qqwq6@#lB<#w4a)U1AQ-C3!>Y8XHtbhu zSe(7Vln>Mqh&w>@7p&Ovf-dm zGV*?ji&{J+9f-eO#SU7L=2<@3N#aNdZ?X$%8rJ-ZJPG72O=s<;(%yL#uga zp%W{iF_Bw*!UN~v2zfP(<)u8L$?vd3K~tzgI7uLgGvQv?8~=;?B7DL?iiW_R1?WBt z!mNgJ!GvB4CcU_S1qn_CQ{$#_U_X%-`QV&_-{Jsc)C@M&{jWSP$tNXOHQ~2Ya*s18 zBh15%hrmn;lGzrtR+|kO>BAdL?z83V84jiJ@TQ3P!@3XJs9@gUI7>Sp{g7bGA! zrSL@HUV&n_^Yh_&h2gI?#x@`lcfgIVyj{XN0TYRlCQ-$j06hT9C%^>vzL{V}PPpZJ zdw1*BEekHc!QCDj$Q45oxCbRo9H0(S+5>Zj*YFtbk(~+B&S3aKxG6yfM4<%z2=1a! zTrJD5kBLzuR-(oDRYpe!@aOR4I8`<7OnSCAEDBP7vwewwA?qyu8$E*$1r=cUGJILSJ`@_A zMT6HEtLEmu?^9rbV3>nZviLa~8|Lufu1RBw|H_w|)?Z0*tK{aa<4hrUIL+4w))hWA ztv{3DtG@mW*Z@8hj8?~fzN+~D^Yw2V9p&fGnMyIE6joBo%gX_VP9OEC2$UY^4|+q< zSv|CP`SEA<7tPstWz2>fe-CXcGqV}JxQ~wD@zhe&U+;7{mA&g|%MXuRow&N!G2mQ$ zH|LjAST|oRmPNMRJKw6))Z_&oYo-nR)h#^L_1P7d;xVbR{ORNO_c)XFk$t%J=vbD+ z^Qf+U6PsUr*sz;l?(|{jtrz!Vzgy;Zx%mhepT;dVJ(zj)NLzt#zsXq3836$^E{-yq zroYYR)5k`~9v$($pE>#RCsT(xgIlHu2aKJw%B&NG(i)BY=SLd|XpR45FllWXty1Po z`0vAJRKzY)tmB zmLUb!X$vEVto*ff)BHU<)*jux=X`m_Qjamm+a`)=HyvF3_`ukdXFV5U>+vqnPbHfE(k48P_`*g9-J}rp5E%bZT z(AbV@W7DQBEyB5fhJ&;907GLdGh4fqSWXw`{5d+m8dJ=tQYpizozrG#I`CH68yT0> zw=7z^tZlO~0&7a&c@ru1^=yaqC~dZTY`+P5lLM?=4YNBV->}<4iw<~(} zZc?27S7?m(_>X7hRxD**zI+M)=}eFbRpmbh+`<3k|8)WJSC=L5-wJSXVkI<^URhbG zDh22eQUH2S(eav6JhS}S?xHzKMIR)su{S0?quvjm;yxjL*oy9V``qYvY_abqv$<^t zjLqjaJdj5HUqO+thV6etMXm8)nj`8<_kwH^b)VH2@ZZOW$*h9^bSCpB|F1iszoG_# z|GAVli2oDFpPjq6XXf_Al+DpeW$cg@tagh$!{>Xlm$d$Q6Vug{}EF1e0N0)`6ZPzVZakX&xv3j;Mteekh6JP4odS(;<>BPtg{!b-n z3hI-hUkUu*6*EdIStES1`$g8t4ec9JLv6yJR)%yLB}<58j9V-@D$JWVE(Q{)nyt|t zo3~?EFTLrejaHts{%zQ}e$vdQ7GnL38-ft$y$g&s9phnzgNud?sXx5FRlawFhQ(RuaUBOG5^R!Xc((bOl!i9x&hjXQUUKKK;X1ZoOEfz?YTv)lqE`(3t zTX<<(ucIsMk012tKHl+apsD|QN`0M1QHHd=Z#&-18Pqi1G;s0*GoOG-Z`(UOIF@#Z zb+-X)w6}E|x?y_Cq1KxYPCQle#H_E;%ZhFDVVR~TPz zf91U>Y|zI=H%;mngmt5yN`5(}vhkn0-p2*L9%`AK`_~IABdYz2!(n|dXHw=_b))Nt z>mU7X^Rd0-wsh5h>5v~K+2zr?)80JnB;zZ>cYoXJ-x5fp_|)+W`^DCl|IxN z)ZW#t*)OYH%=+7H+j7EAc((1Bacv^X8#_@x=ud80;gLX{ALivtDLQ(uU#kT%{fY`F zFNrTbws5QteQ)SQaIi8o>oYZEQm=(>ZvE26{n5R0miM8HU1py-ZF#{@R?)Zls%ejn zT~|Lh`?!qJe(439q34`T?w8%5P+Lqpo)^+=@Ttu!{}{#XJ|=zEbAjpM0oVI|3g5a% zf7zqmEn~_k?iO|rm&KlT`;aCZ-pE?G@YeY!`_~=yYGtW^zu%}7+ud{88ZYyno$I>y z@}cHUxAeKN{zYi6!Ta*yPnqqm92k#TES}))HqPMi?l9lmyiS&_j_h+BII^>$)35{g z7a8n4vcBN#F^|_#>E&%#3}Cvg5}OTt^OSaa-?+OW?yp0-P4=HOr%&Jbut=k)L2b`G zIa~ioQQzE)P79u{vg^5F?1^OVsX194x9sa1GIqoAU3tB7uY7EI+U}9n%1YA)C)yWN zqpt3H|Jb^D$>ejd65iRH9f*nFbh{%qkEI*dc4xU=bemMpNO6 z&a@Y!EWqs5?UnkF)A?W-W?*?%_PR$*%0Cm%<~TJ9in}$zn-nuIYS( z&(jL2F?UQ1^6ft9y$`-_R@j_l6CD;aZPS(`d#U$lQFOgB%Iht5%D3$>Vb*WuB_s2x z*+wUl!)9I3xnLI3`{oCS)6OGzN%TwlzuStr4`fZ*-kDB~G99L45?_Drwf#dTZF4lf z`Cg~elXr+R-+#_$zgzqCV`!9yA%*rcsDVo^_pzlV>`xA!v`w$&3w@jDa%10+LVeeD z{VsABb}2tdc^ge{n6&tgOORVwX$zB4Lv4OB6)$X}$8&9NvizpqFOR|+O#G87nZvF3 zM}D~d_DSQf=qxn7{>FBsey^bX@^&^lFUwC4^D2rzK6#$Q>2_}?rcFxld2o3A+2HqY zBPV;7w$nf2YCv}%Jj_$JpvSeeT;fGy~~si0pkTMy@58X00 zFrP4`XUj=5CUYqILysB_aDP3Y64`Lrs=FsLOkPjhUs_JxDW2wW|F?mQ2ORgkUbLcd zNH6Li4VOi+NB<`Ktj|hXFEoT<4=*aN1 zzFS7STrYF?WSd4Mk!!k_Atl0lknxED3olGzECJ)9741@cPFnWdrG=@{1k?Ht zBB+y&J?Rwf->G=_0v$tEJKy*1dwd$^mRv6+!a@fdoN|5`WyLO;mZmGt-sJ%_TvJ^F+suc&vlr{T&o`VL7QEy}OhZnqGQ;oUJ-cS6GuN3K_)NaubpD5#J;sID3>Yw>(T;8l z2Mp6~dwl|>Z;D^qpwllchw5H>+Oy>FFRxPijJkGvR-Q$58Ni5^m+SYcJ#Wz zo$~uoXSUcdz$N5y!t5*Oy-P!EJj8>$r4;IL3UgN)4)6$VZhh$Xy;8?#+lT8tO*~lc zHsNpA)y?yDW_#N=%38{55^rqHpPy=;=W}>r5%t|=${^n-y;EZzc}};QW>C0#+tmOczQ11($et466ewj=lHV+1v=Q2 zZQK%ffA_;jfAk;UD)XRYki9w0aXQQ2zLCi%lScLJOLR=G(HEIFv0v5w7xCK_M_ZX& zIJci7aqp_<7HQ;qYkGO%_F^n{T!W|+GuG9!j;dTQxaeU%%%qWJV6W39p@jwwY|d}c zTfOX5&YTMOQKy~uQ%6}j$?_MDIZ!yzM-+8Sj4i&f(#5DOD{=2)!vZ6VB%9VJ62|4& zzB##S=7ysu4J-`aJt}X>S-B(srPqLimpImo+ieP*YeCI8zr35(hzLpgq`PH~Qv#>F zKh(^i)Ym1jtfb@KAx2c^6SqE29{xv3=-nv2Db%uv;kMQ>Tm1*$ETUL6eA4A%=BlIh zj2z6y<#R#}3vB-6zbGjVEu@$R_P_pO+u)S#zrXI?_uz!*!}c`T-SL;dS}t5w9&Xl+ zvJ0b9bvoKcU}ZZ7db|Fz$1(i$0^_*RO$OXAx3}>tp=45Ny{MI@-o0K>I1W?N>&KT~ z#(?>G=*`drju2iy;u2Oy7evW zs&v*Lg{RFu9^1s{UCrLoweR(U!;OW`8`nh}{Bhmjmwv`OOZhJ2pBZ-IgoKrs>o@N# z3DYXLiyDhqxHy4T2XqZe}q|x z`y$&0FC7>3cr|H0otxXsrH8%22WuU6`I{77Q|!&S6o>eSr*vOj+jLjgWWvYtRrVVv zwOnns>CRxGMg05v1{dOcm6!Fkpgk=!n)0e}Ry|7d} zt)J-pb$04SUDI0!%62<8>~%-SG^CJ9wT|CO(JeHgl`lBu8NZj+F`1UMw_)I0Ovb#w z_@z!`9*we}*0+4-(pZnO!6o+xo>@{j(TU}@hkv8jU@3d*<54MP&b!ve*7Mj%J-guc zfmMTg-?_L~@5GG{DU>D+d+{lD7KPLc*47g!7oxjH7G|(KDPrA*!V<^yKAlKRv=NS!RmL_=Lpu-q z^z=d>%kx(T_v!g;MEIda(?<6WJnr_0`U^9t@$`qMf=(Yhb~^IG-Upr5Hf5w1AD>tF zL}$i_6vHXKH(tEdBzmiR&6Yd5%!Wc=rw*;K(8TI!6UeKeop7dOWh65594_IP|hYK z?FoolC!A$Fn8 z-USo%-)z>c+%}-u0OR%}4Y#+QQhqe9D{H{PzZl_5^`;%x)!`LZ>Xe7O=9P5s%1hHR z)@|~eFrC@tC>Lw}%twwjEqYbBc2qiM?{|84&-}(+`mODM zy3eprmTxQ?_PjONdy1L4?&i%8g&}(F?onJmM(I=v4vl&s7bHI`Ay`^8G2V>n|$kx7||YPOGZpE7->(Ks6KV~9m)%lNp<&&uas z9JQog--ahvZC)In^>=s?Tss}>?zji`VsM+^je@bh_EN>lQ)rlV=~ePpR}++{J&4f6>h7uFNTR&#Vu;>eOe(CbyYKLTz8~ zr4`-hrRMSv+P%KN-f&x5s^n^`fz8HrAGfz}Qs-{vL;UWoqZ}JSt-sH^nVZ4cUxTm? zF+$Pv-a{zo{_1Kx%5t!--W*5c=f`z)Ekq4;XnL=vEnC$sE5xu}OT#JRLldTR&$Ub) zu&v(435Oazy0pqnaF?~FcNf;*FB>sSBC?*jP%k8e=mgwx&)k)N)X{11KnEczd&Er8u*&0YRh)*|CLyGR%=si0Z-{az(HM#Xq>rp8AOE2UJ zB1>QXven{$(Xc?H{4Y+;F35(&eqjDXXV86Uv~aK9;tV7v*6H&F{Xc_Fud4s2vFVJT z@_(Ix{FQ|(f3Lhnv1lI^9Yvw)P$)e3k5c)R(jX$2n^i!eQUC)eYynz}1X<%;Apg{u*b8G9yjjgSl zIyyQwby0k%Mn*>F^~~)pE$tl}H*D;vc%ki=%5q8rBMKM~>QWm}bQ(}~8&E3`z`!Uv zx>VeRi3Ey{zJZ~U9z3h^oT{Uzt8YQkfq!*Os5*v3d8)3Co<604r2*Z_DYR3ciR+vb zn1+nOY0`$S5!Q{{Hh^|e4S8tLrX=Fs?ItiA;; zUrWl^lC#e44-#Wrnep5|E=(Knu|>knX>;kp^XB;-WnY!v+HC#nk}a3FzxQ05vwG(c zNokSk0slE$kH1PEdv|3_sDC>BX8MUf$6O26<{j%$e`G;-OLm4)* zqZx%?D>uyXJy?BR+Qcl-uyJ+nTh-N*@_if&}jPtWO>W^^g# z*t|KFl5ZrGHH~Y;S4%f*$0u!BJ#>?$nt)Pfq5NO*gZ6n|Aya znK&{a;8uqfjXhpHdP`X!<@0)v@KtBQr{4yheBNikaqri8J8}<~Ir4oP?_YWMAgjV* z*|C00mjqwBHoZsZlU-H{Z^z7@cYTxduHz{M&qCVG4DItudXkp^_)33!|y>`^Eq9IuWUB`z{c56 zauaesjcamj*2F22r3;spOqy|IV|$-6(;<38Ip>@X@XuTw^Z0iD!)7baRD=(AC_VeHWA_&xx|4U?FApv}W z|NAi6^s4$l1{>_Zf7<{4_>J^G!2hEtQEL2u5b*yh0)Tgebj!+ZRl4pmpLfxZF7(#eV*>YQshx#33ErVEX_usd=3FkH?}ZM+~M%^HLN;-hGe z+Q5mf6Kbi>`ZtIj4E1Lg-A#1kcA0)}kD&0$^Bp?$t#?P*u4gjcF0>ofWyQ*pUKLwk zyuRPT`{kKIqL4u;`30|*O#kp`&z6!AJ(>f%v48K2eg=fQdcgt>> zEPUJYapqq$E)CywcgVreN{Z-jw@ZJ!v`oDlo5B|!9^kU$m_*M*a_ZqYL;8{8?%l_~ z($9N-KX^ZXi{$La3lVGI9v(5jW%8i$V?OoM{p;@jQ&TAo`# zt@hmF_Vh^t1&eCX2iZqZ4@7+m-?gr#cX#KvnKprbe-(`G>$&4hkJF4yE5?8|r`kB| z*tg}n?HKyuCL6{SPbyn|w7buJ_L;8JcW>&rA+f9FJBJar^Tu~yHEH(soQ8rUJB%j@ zL*3^uy;byVS@&kFPR`da{{Cotc1*9mg%1M59<`)2>z`h_)3E5}FR{j3JdQg|4mdtA zr^m#!r~y}v&)z*!+$hm<7S<^(baP=YUDtZe*=727X2oCby}QTr_OGs{JoMQ&a`utY zLv~K=96qkGcv)=X+SrtKj~9sC-#)Ot*|ERl{SuWKWX$7-4!g7Am9wy?gjU!#^C-pm z;k8EHAK0DC6!|3dT)d`eUWV_kv^6Oyo34yt9;Hs+o+@!_8CH01|27-Gy;V|X2pbz^ zY?)WOD|xE;+^DPT9J)9?n0&4G`$;!OKJ2h9vOBflWJ=WCkH-rsr$;?)Kgs**(*2HI zQufy?V%sOpFl%G-_|v^7n0RE5v5%e2GG=vcD{)@#cIMiwNoyD- z74^Qd)nrAf%YJG9{OsHB|JX&(%4*l+SWv<6zUOWn-j-S4Ja}H(+~YZKy1cPEduM~M z|Dg%3X9eVR+?#c&WQlZsgN4bVe@iV#HS$U5bLdPb{iUg{osC7?3r9so>}dImmvz6b zYee}gUcK$VZvWx4pBiEJ&X(IoExE2Y+{mRk$TrNwU}Q*y@%Up?J9p|Qo7Q32{M8=Q z8KWn-4)yEOqTa`SY`cISLt|Z5SY9e@)++VXE^GHGc59vmXMgq>m&Ll0#};p<8}wea ztmNSQ1~VNjMu)VRY}Tf;TXX~WpvX(hmW?0x;(haRbGi>*GxF-|h5kDm4w?3hGHK4~ zIHOy3*)7FAO)tfEYs!k>GNs>Zv**ip6-!P#I{X@Vu=TX-k5)foOO6k|@^agj$oQnhXDeQuUo>gPp1UV+@LEq;_uJ;#*)H`~20k0N4zus&-XbEl@b>CK ztj+;%i)AU0Quk|b z-qz3Ey8gCD8@Bs%#?ZZGcQY9l=ihH%U;p*iJF~+Ij$p<%=@>-ZGAH(jQl|Lb`pkNNc_hR^&L+cK_&bXZh+ZB}C1_NcKf z-?=y0C~maqa_QSQe;CF*sbz)j{U^ItcuT2~&7zVnG-$aoJO0?H59Ui=a*KyQe!JQF z?6IH3GH9UWF39hbG5wYft<+qJac{_6kxdr#`^!{<&UZp*$g`o`dqJX$$!%0TGWsa=^Y#C zT3s({$7pf9_ny*`VN3Pe?V1wS@YA3s&ChQvJ7r}$d+hNc{UxH=hwm>u@zBI+QBg?T z;f6YQnq6M_W~v}IW6&D!G4uD0js3{(`nuH=pW)YIJ3!mYe>5Jf)}U2d`-+18?4r zl3HG}edy|Q&YV%-dP%u|wC(=(lbs7oGef%%oK^byN>LzX2a};)V`?yJ0 zmW}Y-HTkH;MB|Q|7f!LhyM5$>pQjbM+@eYT5ATxrU3@^l!vE8U#r*02sSquH;FmA0 zeKtpn1*xT~-xsP93Y3~FGwG_8GiBMrR2E#i(AW$guinyXb!Y($Rsckq#>eVy65$OQ zWFW8&&l^4_S}s53OZcC_7mFa;3nUZOw#Dk@zJ&jDS{46KI-BJK^#7;+r#dXZ_Y-eC zNF-z$f^+LL?R^gjXjoZqB>yEq z_Q-GT=S%oc^R1%)rTa4BO86)Ke=Fd%s2?DPY%maTEFeq774UO-oDhg#1woR;Vj&;J z6Y|r)`#h!WXl5*k;;&^GEo-wla;hjABo*fD@C7#`4 zx_fr-P$mt!E?&--76Ls}Wh!dx`^~_IC?!@7GdUos5DZZey$kUS}5_%%<3TG@$ zgc5)UInxxOGo5|mI}wk~*~ixp<^l2QQgWKN_zrPyG~qvao~X-ys;O+<^*_EoAQJqH z|5Xz(zwq|wSjvtN z@KXT!cLFdhR4C)*VD4yXFpUL}p%MyE5${p1&Kwbh*krZFAao@vf#u+lV2L!KQZb*8(s>uSfVtBD%v-1fj9oxQ;M2m;*13HloFM4q&^UeGzfE7@OmMq z05UGMz}jGREC8dm#?UC`nIWN5L3%pbp@3htF0`+#NOZu<_rUVS9$0}GTEg3cIHwW_ za1YUz@kPW{NCHuga=nR)oNU+(;L1bDq2o9v75Xf?2E1<=PiHob&5qO}qnW;EC zgh~0)Xv6~|N+~>n>^(4blr$8dIFbHSt&Ws0O!pGxK(U6 z@Qh3utLy+JKyVj8QCMODBty*+wZ>Yt!UQmQ6u}*4o!>+73-KPUTn!(zeIX04%7Q9z z7B!GBCK|xgz)E1vMA_~wTB4mstdJ**)`D1B)JjeJ0E2B)QyZuWVnJ}AaVyYE7bhdDqpes_sH^oa+C| zs}dNAAc|r59>aoQ)#RHDJyhT>A*VYB;x#ZlY~*~n2$UZo_R;#_+d zi0%>83UcDYVC0f*iZczh?~TtOSW#V$Vf_gpR3GpE;Ed5!YauM!ZUdem4-@cU+0?cG zY*`^69zwp%=%nb5aRHh(0w+x>5<*Jo)>wB>$PgFV4N4Q6sWsLmIx#vdIwm?PSz{CU z1`zSM(8zqC4Gwem$?K~~ks8OTBkUI=_v zDOe~a57eWQ*{Ky$NFS&SEC*f`=VLf*&^P%s6zqXuBs~anAo#@#s5~@@gY8R25#NBa z1PEJ!C#mnmx6 zIf?~N6Y(Hpn-FyMG7WpErs7|*n?TrCZY7+lc!>r1d|^`UyQ;P-G2gVi(B7%GyHuqs z1T%6QqTN@sxQ!UQbv*x9krIC%`hVQY{4*_U z#{X|P^s5a2i}+v7{|mA}|BU~o0>K~m_2>Ej$HDf$q2*ffUupCF&C}3`|8z(V&Z=_% z2l78U|NpfA|7OsCu>lkG33Q6+7@m|IABnX~ijBeIJBP(Yhhxs3-rilA;oja6NfE>g zrWc$8BEgZ$BoKLip?~-s9{htm17bUNPmPXCj7&&M4euD26d9M4+OA{A4#*-Nbs-ag z<$rJlI2y<}LM$9?O#`q*a5abmt6{D{$`xUrSUd1S5A-HVngn{w8%Gu|SXu^GBou*L zluJ7Pfia*)k@Em)S4zXUe4$Xx;eq9OMiB8!D&}yBU%0_|kTayBZ-&M%lLX`DRDm)c z7&i-{Tuu;6trvfPCbO!`7>_GR%@B&xIKouaGG9WtY!PkKF~VLsh^`nBnAXVFHc93iVfiXdZ=Jo7d7T$@+9nnC%ukgCWpK0H@E`Cc6%0Q)EaVS{ z{MzK!wKS!Jn~JcOnud(C0TQV)ezsU`)GS|e+`cs2vy2$C`mh)*rO7YuJolB5AY0`K z1sOR(TrgtdOSBojP?RA`m2z^@$=#wl1qPi)PQix}9GFHfZMrB&hNZ(Y1%Y`XkCVgk zK<*|&k4(NWj}KuDIG9w>j~_%2?#k!o@TELXfd>}B=kl}Dz-5Kb^gst+TA(*-M!t~b z@QJnh-awJJ%Jjhq@PJoNCiD!*CE@o8NaG-n1ur!qps)>IgbgN-ETFRL)e8eMl7`*L z874I~wMGX|CIsLCt(~took?TSfk4y!yM8Ap=Amj$J!2{}1gRdxi}fM)Ph$(pIk znrOQc%ca<&%9+YhMs4fK(Zw6bZXC}MeSu$K?w%*eAWTiu_~5c6#i`48A_M9q25?hB z7<{Ts^(!~Of($5;{-5i!I_Uw=8XODLL^7EuTQR0@o+}vsW@FiWS*C~=1iJ;}aAn~8 z6Xfizx^=y!e2#>hsi1JkApns|Ifm6n6L2yHK8Tqd37?lrv;ib7U#3bA{1g<8POp(1 za7DQg)Jj64f1n^ooGZg*1!8^>YK!oyAR3pKVSv4AzL1}jA}L!Fj0;(Q^4c#bBK{Tlib0X92YPL z#1%9ZC-{e=28Tu`CL_uI<_(~_kn)Kk+v4EB91+lFlKxcL4_dG~2AWfioK79SsHs#@ zj_Q{1QEUmOoXL@X?&`Y|XGk)rk9^`4n^Ob(B}D`UX;ZkDtB*;oVMeMbJzaHpXiLc{ zq2}?SU>yQ3IIn8~E*~wyMYdUORBV=ZgA(&a5G_QTA+fX^647F{0kO0k5N^}L&lmG0 zGOZxxtL3m%+pRV@U#51@LcTH(PfMDSE8uAbG`5zbQ){^T@U(;-_#GzMO})z*1$iX+PD5efXTq9Kfz>4<;*2I2 zi&R0QSnBU|3{psfH9;cSEhkMXZmlK{$xnw2Ko_})RQt)7UgMmhYLyA6rz=jMss~eF z{No&q;T@6knCh?EyVi8*uB~^X2Z>65@;=pfgkm)KTW!RE3=y1nMY*z6oTT8fRpe)E zrXNYF>HbOq5jBiHnvN6d`-wqDWsz$Yi2B4|blR`FlhognM}B7(Qb`1AzvBbtNMfQ8 zrQl=_bJZZG&}nj-sSrbCr13HQggGbIA4ESn=m4PbDH_cBr2D+uVM zl&+9Wztc*nHiP$*795FG8l(gn=$%%5f1!dR1q`Z)!5k#AXj({+RYIW*=7xpm3T3$x zP?&)SC(?P;+GZL@qPb0wFv6e=YEzh-h67S_i^Rfd949bo<+^HaEuE7s5Ef`^jRD)Y zg8(?68y1BZ{_>f3bK6{LbPoz#o8j_R?)il z_((8DRkTt_LscHibp`0DdZlU=-~p*v!1b{5Du|2Ws#)?Sl==ea#pj`kJ^W<7gklEN zK2lk3dOA;(!>`VMS&Ea={|Nh)NjQ0Yp$6(eC)EU1*{?5~%VYuj_2;D0x#_ezuwSCj z+SxB)xPr$JWrNfBQlt-u*mnpsv2=+j8zVgLIRXg;_TwwrFUg_hHKX7*5P~=%eY9#_ z4ls56OpHMTh)n&vtT&O2RFWvyl6(dG&Bc|Kn)wD|!SZqn5?3qpg@9Hf&CLP#4Ml}& zYD=!9=L$JesUTgz=ZS^6QbjOE2pX8fMfXEoZ>}(1Ad$-OAXRNTMZ|^%`O(;Jox+1a z>Do$hYvR@^F^J1?>lB3w(20wr8gG>taJ&y!bXw!k)D>sIPlOOOS_2L+Kq6>|mqJ`z zAcGqhE!u_KDxs(V*T!jRn+ftkdr=xL!NC58;8ryOQ+>qQK$|oQ9ZXz4fI?qx3s^Y> zF@spyd`%Ewf{c&=C9z1n=$D(taf?*XX>1wE35resC3#R0(MJB|Ep$b`lb zf_RXGlSx?pFp(%rF7e}%;eW7vK(KtJ1W`puAViOv&U$JW%il+(F7HgC9#V^DTK79C zbY@UMzV1>Dd6iDeWim#m$W055<-?^D z$iY~Qh|3WIC4e)S{FVky85jSwY#-#gs_hGcL9HwmL9|2^v@nw+^T5OcuGGuRE6`g| zy(0}43hKflT@?uU7;8}=z{VmbffpjLF$j%$8x16#Nou*P$sj&7hCj$4ettE`Adv5y zQ~@Zp@4hrb1weFKRR&S+DFxaP^WoJ+$$_e%PYgjT@GwE7RH9gcU?IdxMC1u+6(I5m zzU=t5IVKju#lKW3(X@q40T=&b0JAI;e7N*R zov27R{N%xPJM!@d9U|)vkgxp$U1rP!pPPQfUl7pBm6aMY~uX zP1FGLW3dHPE_@7hp0L(3eomWOwze8jAlNED1M<7zc1GlnAO;;o70{sc#j&dZF3jQN z0Js9$1*sEa+BoBG2PXndCdlSvPy*C+T(C#MIOvr&JqN1-=D!iam`nwNRa1R@52mAN zUl5!rl0g7ch_8j8!91|+Tq!>{`(I}}Rn$Wo@XCk0y{`$cxT#=mlwMc7B0IfARW zL92D8ViT%>CJan&8^Vy^{*kYUDc41;l7lcUI7tMX5EQj>a6RvVDRj)yQfV$y4=Jga zLc$?Ct$70|p`)mvEC>s#3MZw-Em&)Q`ymGUAyv4_U9Ps8wRW!UF#sJa5=FV71nZcd zjzb64R5j01?YY+O{_(liLEsiu6KU(dyTUk`9#|#>I?v6(WVLF<;7|stEPSIWZHB~P zJQ|b_w|In-(K)yqdf=*^r(t;1Vw(q&%cAf=fcMBIjdVPPP<| zY}ue(z@%`47*GqDt+97`yQmGg9}(p$x~>KpVrSPvrWCdU-*Izm-C%wUZ@&9P>hGz>gp8nyP>qAmueU3h#P2sVP1V}*R4Kz zKCE(8i!7VG;l5VDg;ZIferY5B9^~uGX0ZHfmxX*l7Z%GY5J`aka*sbkU|_?4ya&|1f+(W|Gl7L)BL`$VZu2=h{DcCdW{^27o3Y6UlP6Ad*KGkwLqc< z!A6ZYeG?AVojm{(RiF}%JhkheeL(#jE(Co75GWw|D3)|KqW!3vl4cRpu0d8IHUcri zA0~Qe5&^1FEIG7PnL}M@wOl|`QtO{WNNvtM3mOi~lUB`SV5l3U{z#d!hfRY1uB4sJ-2B7dOU>)s%aW)spV zDyT_-P`(oqUxlfhAU0@h$zR+c8u?Wmq-;%^niizuHb)eZrgBmD%DZ#i%SH+$PGZv6`F!JZu=B|QzM&687rdEqbh>yC*iaK4>3_Hc(;T{8yH(U{( z&pDg_RZx`M3kU%&|4~q^b&_9zXBD*pAuN%XHy}ZfN(GIYClG1LGf?ej(dsvSr0Pkf zs;a55nm(wy>Pc0At80&6Ryd(EZ7s^Cx}BL6il%tTB8hzM;^A}z{;Rd?mXtD^oS_i6 zXy^y}s4R#o?^Oi{oC$xNhDGWAfi9ZSwVG1pMQ#;*oEp@CtQsxzYg`q%alT3)s(VD) zH_;_egRQ(m1ybesieCbW<*R~IUDAzE&B;871KCH_`@?GS!UI>Ef>a3IoDcu6)ma9b+JmZ#7)3GIO*5Ko2zReEIHETQgLtcEVJ5 z6hM8DA6VuZg>CtJO&wRE!BvI~4WOxNa@as6fF-CbTy0AR(o41oQeV+oY_=CrdAcwB zW&8N}5R0k(xsNpNfEe360U;SFa1?fnTm}(?^it#AQM~5{;bT$!hPxy*D&=nhJU|1K zKlwi5kSsgMpY6+L`_Y(eqTyVLFbG*RHe+&{G1B3GkUO*)gAd-^IdF9h-#~Ti4EM

    ihqyVAlSwF2J{&3YjALOSVr9>;?Q#awSqegv&v3dcFXmI>4p6&YftxE_!?L zGDU$u2rd~=ncc#0dgcAy)v4;e6%KWD&1~P+!qG`AD@iI*lnxSEsn&e6n>8mJ9BH zmtZ%i9>1wQcvyn9kpv4R;f}>iL>UrJHqc>(Zk{BG)kw3PJ}K9@4m*|Ds^n=6-&;5a zRH1nqsH1#8%IVGjKA8e*Zi$SWi@OdcfytH>%(>*pu_`Q+fT5fgC;VlobN-YsyRKX5~&)-L((6dNL3vY`BIhKR3lDAkN*y3 zO62n~1V2z-BM5>m6jIX?Bl<=HR0FI)75-ntDr*|Pa_bS^yQwmiSUxRR9#5hUB9G!& zqQ)bu`2^Q#?^PX>R-2Eg^zUrGB=Ag<5vLIxkRYZ2BxRx;WU}INz$;Kplb6ZU%~Yh zfPnmk^fUkq;wKXQYpI7{YbolXBY;Z1A8`n%qKb*mf#3x^0Wv{>Gp|sJST8>ejG7Zw z1G=gbK~?+UY8$Nfa{%Kf{>TEdYk~rSKXkeujSk91rZ4>Up)qOfAAvxGmJYu!fa_pH zd!-5tf^qN&UuZz096rJ+^#7cKY%rHaVNl=~9!eT&K+IrbYgfgc8YW1hL=J52s&gdY zafo;1Prw2M2;wKgp4w_6^ugbeMb&El1NZ|Z7uoF1MawI(D-H`>xZJro{ z817h))EXe$g7pQcJ--7!v3}wc;8RUdkmD20kLHI|_B5op_xJH<)DfTXKnb{Kh(bu# zz?oEdGoXi5jMUmv@Z{jj6!?W$HW7&waU=LaFr#LSG{v=dGlnnjPY!RmfPB6XAeRr{ zAvge-QlOWhq2c0B7{Cf;44DE+s^Vb{fFY3!u&Eks$ajEE=pFeJVG{t5M6TLv;&`a6 ziSsdK&3^(9`I2-#SB8b6Yfuzp0Ez9$0IVt>Bg9KmYY&={I`A;xpEw6NR}&Nnob#hG ze7s--G5rzBv3-7s3`npr;3Twku;&83mlDA;07rOfIHN+ZfnVWHSW<}53G9q77Q&N= z@aVA6h_;b%V;vRKHL-o?IAV8KMW7mHNn%9~1mvhPQSucBe?|TR^g+NNej+wjOFe`= z=oMK|t=>O?Jc(jH7ow?y-8z`b5kST5bP@H-B%IuE<8@$L+M>_5pM|Tce{m%yiMQXu zIz&D~mE$JTips+Z`l&`(P#|9J9#hcFVEjmyNQV=BvB3Os@y+)VLyPMfwp^DUi_bdBsn%M;v%!a#kwmo6~(S1 zXp0B;qds zf`BF9R|G~z1gffdLrl^jn_vp+grE)wYZ5r~ zCzsQ9#|6_hm{!;6a#*23PO z)lXOO)C3)c!qQNQ=l>K`82<)T7;Kg=97f{6<|!HOh5!(e5SfigR`@T%g86U2g6Ze) z4*`@FNg$B+9w9VXt!Cja%VfMQc)+Q}dHJ8(EI$7RfP9(0D32)#h8Sd?ln$rTe-&+5 z{{kc+0gfLXwhF-jns z0SsSX9~2+A3NXU?LOx_O!*Agso+%t78LaWFtHT7|+6p#;(Ji6e@vF~wEsWNSicbu9|lE{;=MwM22 z`j1H0PHM*E-l^JBrf4k;S30kygKj$WWN^8wS!`s z8&Y^tY74n)K8;^!KMlgJ=W4w!p{O|4nUE(H;QdZygjhcm*Gn4k{W(g_dw|Guq}Wgz z?ona&75R>8-{dfOGNq1|jV7q4)~UT|m7GFaHeEfpQ0=XQT?fj9q-D$P@X~;xDjAV# zZyRDbL838j+fJ$>-%jmq6Zw#|9Cj>9o}?Ke2z&85-JHQHbFMr*yVxWPmWBBPTHa5717En zn!6%k1J_v)cp8~O$~UeS{lvo>p=bqw@~E;hO(wp7z7q@h*7Jj^_J@$(|4GrCJfPsr z>pPtmzRz`D^%Ii%Nr1RhS7YeaO(RtdE>dO4963$R9S_ng$z!njf*GQsEv?T6#29KO zL>#%80=@=$94?;p1q5f}2Nn-zyIg{-yJ^!1S0paL?~%~1hy1sQ0AO(MJU|n| ze$pAr8{IU^pI3>vB@*X~X=*kvUZ|!Q;sEOY-jx5*PZ~$c_Xg{DH6tKkC1ArK_5MzC zhTJYRHj70;Ve{C&#J_NRkN-x`;6p(L7`_Z&7J3h^piDLeV|}OoH8ztAzB3XGqh#@O zG?wG=Agh4J691JiHLicn1{igoC*+c+`TF?Ow*E{O8`fO0{!ot2X44oHj8^BKzM{ha z^Yw2V9p&fG$*0&--cu;YogFs+VxQEy-siP$Z9Gg)Qkqm&R#se{b8M_*#hIes(H0fg z=2!ea_4BTn&-=Oqtb2xeQ)ci(OBfH2F=p$stjb&l`O{ZwswBng4q+W?^BmtF=RF zm^sbKaQ^)Hua~%1{`K;_t)qph&Y*5q0+qTp$?5j3o1gb~JNyW*6hjU!c2ReRO)vV%9S#of_ zVy<QlT{q0XCH?4ee@!BA#-`$$tjdyx>@BH(%Z4QlcTw7qbCf{zGh22Vj z+wE3%`=gqy3AWuKa;UgG^O`TVhhkT8cRepTa)-73gAK`ttnByiT7N9j@$<)*e=c#Y zxLCY)x^PR`qB~rt%brbd%yN3X(B(kiCTD#epDc9QJ+#Ty_@))-M^~I1S#ho8LSEBD zsZGvq7<6%cpEIdVFD5p7yP_ zK|Ii3gcB5_O3I*-0qIMR6b&)5YMFARY{C8!7B21QluqcjB|c5&@PS@>gld3=k9LS& zzxe26_rw(`MB{SwMIErj9XN%Wm%#NyST&+NAr-nSeWeQ@1?^p_MfeVW7O6l~bT zbEU@Yfey*use2dGha{)Zye{xs(6)!~-0giIUzpHr&zb?r7PRB^o|K;J@0CrwHazjI0eP2Q6?x=%Mzvd`3)i%m~lW`y+fP1Rp$<}cJ4 zW>BxGUS824yEl~IjUDsFMaKS_w+5$HED-;myRVahjUaBq#hIyh4`j@2G?2A!=7@#Q zZZF`EI={u1i7sBj)fv;pRRD z)MeBYBWZ>8nKza%8h@nWG+y2T>j|7O-sad?eyb0|hVYkB8Z>L9>oAcj8@OqmIpyBm z=rHOd?9ei*SD?85xVJ|#LoDlKVRy~lPFHptV&?QF`Cwz8yt2W)$LlX!oTu+sR9}*0 zR#Jb_z$T$~o}DUkmuKqA8Vutfosj1y$+XGS8JAi{3-PWWc&qLF`lnAn7+Zgi={{ZN z@3cihj1S>=b$6KiJ`y+X>1!tV)2z^Vy>1G})|lthI>hdjdD+Q4U7Iw|f zKJM?gcaH{|i4V^=m~btw)szt>`^;A4(R59Ew84sgkIp~7^6DOg&5nlaK6L(VnZA%w z?)t(yB=+XOxvx_OOfu_be0th)&a-}4j?>|OQt_QjrO{7mg~n$e*$g!iwz3*N-Yb6X z@yqu4%tfXXAGQy_y4!N}73T?08~<(*+s$d1TVdxkQ`^ToUG#0nytMf9gYL-kFvBLL z`*e-|kG;2mi)vf@$M+<|P(#-+4dA5t~Q1G5F7Wv6+i7UPrX z1$Y>cY|-Z8;TNBIj`fqgWg9_!h&TlLCWcU-MemQbV>faoBF*|b+1eIkvB{;hF8C{4 zcN$~EuQ-9)QGsUeJULZCPPq)08E;m z+`Thw=_rA=oTC@tBU!kV?E1l;QE@4{@E#5!MFe)osPrn{SxOCgmWWy|O;UQllt!d= z)B}ToU7wiE|G)qIQ2wLDK6p7&D%DfM?3^5J{}ETe$xHr;{D-9kD19maNlM5`$^4T4 zHo46I(&-!WA1A;9bgcoysV*1YG=KkilT0RCm>Ys12w6#qk9`SM6Z=5CA}cPw&_DIdQPHX-um9I6u@#+0klC6qzxOX-A}y2b5_q6}uyElQ~~s zLXRN^Ary;`oZ*rtNW?(MFpe!zRB>ZbfL})W@afyGEV48YLHJ^(QxLeWxepyJ9S5fg z9~GU11T7ONh2AzXdIudH%D_!SmeEI-R)RwXWTS=m&_uv@DKMMxAY5pWY+US2^c-}| zh?B8=_EZ3uH#d-TaT}F6BH234F4KgQBN1$A%>f`;B+OJsZ$jAz*-8@QcW|0RVf!`N zi;yt*US)o25EU)VU0as>^s=N)brzl%(ZEY0YsHUcdqOs-Y=TlTPil#*% z5GV=_MeP$15TIyve_Z7T{%JPwzdq+W{`pevB~Z#I>OG!b@)7IpN>5+4myLM2Mke{- z#kkTKG-7sxwvS=ua>_*pGF^jD{@hYyQ`|M!$v++gL9~rz{R0s;pJ@A zWJzbUSBsey#J5lLXmUzwN^Cqo0EVUIIz_k2Hg{5T$u`CJt20UzaQJzsJtRmUC z>sW|%0S*y#oSaHb_BPh$P6z2&?ENfxLfL@mu+#N>GO9`C6SvjJ6aX3E&P+L6utb3h zGW%qPVTx)S6#jH&LW>CjO|0el(BMntT3xc*-lzvZ>^6tEcgAj?s2H03{0X^KQ&keo zyYMbgeV_6{T3QPo7^ss&ob$vQluNdbUp@y7evZtlzJ5iF!8Iq52|lO>-M+QTQQ;Jo zobjv7gNk8#wMH76H>f!ba8pLra9u=5UNkgD+w2N_rh+62(y<@?-Ny&Bl^SF^HsCq* zf=FaEo_}&yjzHXV(f@hDdm8f{qsB(^J|RAJOC)nTqE-NY{)QfX{hNRZ6qSl<4?RrS zS(l~H4zvG+btzM92R1ifX2P&_hQ44A=gzsd)`P0~nLPZ)_sF=FIFVD9c>*kkOe0(O zS2cskk!*AEyU!ccg#4B-BH|w7#&{hh-#}+3{WcUosTh>bNBvt!i#83^>cD%0h4QBH zrag#-SzQS3H30;9`?2?mpcKHrO3MHnpVy6gw}j)3xGrNdVN&fWWE#K4Z{i-FH_ikB zu8slzB6j%4R{ekFU=#e`#VO!Z$p=S@@7MN|kMz&6e~LZthxR`S3CXYJKWT~u@R$7e zSM0$J{$Btv183HNx9@%jX-*2*&ngE#vPyVNEPrup_Wi?WA6DLcq|%*YG`e4QVdc`$ zn-?n|fBWz|zpe>&K{Mi8=5M{#7j?a?5iZ!ppB6ShW_B5QW% zfT*#oLI|^*88vqFH8g!kvb-x+_h|feM7pHLbYqC_&Y~;yRU+wwShyUGLC&FGIsJ}K zpB*h}QV^s7l-|Wj*&c4_j@PG#_yme*utd9O324BnMe@{gv{`WAJZewcV_-vSA%;Q{ zLoEoL5zLzy-{wF?1FNTn9ck}!qB;iUpobZT$+-8k^py|YNK{SnSHIaxA1y5wm2S&` z5b&nH&IE^0BcWKw)@_G!Bt-8BP~SMmuKQtcx=^H(9(^WNFPQ%+iwOCW*2nI!m za737Mr~#3~a6kbiR!Sz6q0OUSWHJ(ql|fL&9TSgzi0V58UI7Um10Eew`mS`CT@Lv| z&A-VH+pAxPcAFv!WXpv$^vbU=wzi6#Rq5FUPAjv)l4IgV&Ox?K!PIzfK;ksFFvVFnbUJfAv{4Mo(1NAB)Os4zc}%%5d-{{`*;pCVBvXM>ZI5^nR(b3Y0LM@L5!iA0Li z*wxk5+S+>m{{5Pon(FH6d-m+1I7uiO_Ci8J{QUfAG@6r>VnhGOXG8u6{;vNsQsncVjz(ASLy`%(Q_$u#A{Txs~Z9#~dCKTYiH{7J*8Yx#lg-ARS_ zum-DRZ-Pt{%J#p$)XdZ|qgjromx>&vWAlG!dH8^%chr%XLo^^NBz0u8g(MBciUy2? zhB#!fj9xpW$B)`!)Whq@<;O;r}1N`R^TV;6G_Y{`>IThbMDSAKZOdns}n6;-VUx znf)%mQ1kd?pZxA~SBJXB?%kYz^Xl!=iaIJ%X%N|-}9@sG}= z_h+RKjI#OINuLAHP@+B(_y=CdDDww1EksLScxE^;%G>q)Fw33tVBMWAz;z=T$nQB2 z_|1dS*pq{tTS~zDv@~EuD@83Mk=>$Dez~7EMKP&c55$Sh zEi!9ohjY<|M4mKHNno2-(g}nb#A+Z|XXQ1@BaKuMTNXxRBt>h&UeaIlCF~nBEztI7 zOz_8~#KPZzwJ!9x$# z8U87of)exbdHjc@w1mVj{qMgA`p+nD;D7Ii{jZ^+@eli7dhR8P3Gi42#RNE8QQdZ; zaWFM4V{D>xLq^!J|4mIz_4V~ptbnbptrZm&MMXtl+5d!vh5y<9N4xRT#D;CCF%*QiJ#B?Zw)v4!13~W@v#hNb}1SZBePm zP$cq2e&HF{T=l9zqp>FL-A@m>Xk=l))Q-_Hv2@g68h#u5P&#%_RdriGKLu7ag8~(u$ND!Ejzb5szf0*ga@^|Ua|CGTwA;Cc^Q->)rBi|RDwyeP)OIcXa+KL z8?4iAHxCbY;RKg=+Ju%uZbRc9F7A8N5sUy5)@p}hV?$0aFQXV(*?>aNmR*3D@q(Eh zQw_pJE#qL%BB3*wpzAwb71`h7b^6uK#MpS%DpAD8WG*9AF3Svl@lXiAu@i*B{`g%6NMX zszLZib+vyG`N`4GOSb zUH_3M_n#rM3H+~{{B1W1CU0);pW$Cl>TCb6gdjtPFH{?Hx@V7&$ zXqPt0)TtpV`&v%rP+Zoz>gM69_Bk0vTyIcl7`D#h8A=TC<^bOh>U++*ajcr-rytabFTY;1t|Vs1dihW zr9niiT`zifFQoou#F{x{GKmko%9Y&Xkcr27rNlb>Jtb`6iPMODJhwA55n}MF;KuI8 zd?iCDa^ZXfYC1i6IYLos=L#PW85 zbVdjUNkbuJ1?AfLZr=-%kjuR?RS50)^$#r8w!Fzn@%8VK=8->6f4rBJx{Bo!0+B)!(oU=)ri5M za6ke@P-~BIA&PNKlh9o}&Ew`5&g(wdzLi=?sfiTX8O6<6Z)W0KF_U;&Z_Aa(3m7pK zIMpa%(MJ|4%7Jp)ggLxvif5&wOV@Lsj^So?Fv|>xRx=i$hwZBoM#%E2j8kzSB_=oRYBAVy=r=_Y*;s3Le%zr%7KXLFg{LB24|4&j{M&cL#|HRV% z+o$~F{ZFy~e)#Y^k~@i&KMgIKMd1YkG6fQQOQcke%W0JD(y3H8uGOaDK(w z{oK^dBEhfSJ%XH5Iuf3Gwe-yW=H92>6R!rQ-&0^e^ytIrleL>q*2bT$O}t#Yx4bs} zW^Dui9G}S%upx{<>H}vx?%GVAJPW1@7FCEC-q^|f)+yX|K2l!=5kD+Yj==2ftw?yV zMA`aa7=eSIFZ*aUbB>=7T-(C(P6S^}99SjSnJ*yvi`Rjk2it;^|BM2vitmfbN&SXlmf3`+kYjcFVmD7=I}7UnCNV z691K+p8l2nhvEqOXZsIg1OMxDuG@e3QfD{b|4-{XebS}v1wu+(i{pYb@S5>U`(^iB z6=_lHb^=Md>i=20S|2&oJubHzLVT4 z^k}BW^m7WWCwHBqHf4f?dk(PhP5Tf!K*}@-Dz=EzLm4n+JKVHpdRkd^Z#Sx9q-VcH zPm1-F7bY;z1v!i6Q05MklVzVkCmHN-^;Ozfv+phY*E)$7QK@ z0rbR|WgIT+8ysHH3 zZRMQvA_>}w*FM{J>{4c_Kjk+R%l}6FFXa`GkdW|a_&;)k|F6$U;r}GQ)Uv3jqHz40{u>9YH2j6&qYoD*#s6xrC_ zJz3aF*|K>!*x2Zqc-YHq9FIkxJ1=`SVjDe{s9V@p*PRYaQ?L zV?xrV3%!XutIc+ijtplUY+2~jB`}u5ezdUWP{es1J_Z!C28Dn02v|r-Yxa~lF zCHmoA?O7asKL0S(o-i>00s3XY`%3`(AD(0r{C}eu-@l*%{Dl8+ z)Q0%N|0^l?EB@<0{Gh)>ZiD~JZSeoJw9KnluN4*+QI!9kN=3^0EqLo?0GrgylQvL#2?LJNrz(RX6Hb&n(E54aan@( zqS#{O!W=>h_vA~{!Qi#)x;#1rd>f4VxRGaYCCtAOQ%D44HKhOFPY%q=z zEs@sI)>3P8KER*hUrOR@`@b}nViNde|NjnV|C7J|hy9Nd{|{k^WZ+5I zx-(PLyq4g1-iz3gTzaGa%KW9#<-WIMgE2L`IUy2?8{OM7}MJ32})Up{{6 z((%^TqI2g8&z#9?YRYMD&TneUZD`1@ug|Wl%c!YItEK7Ks$*s+Ad z!npkWn7q80^z_5o*-@F9#I&@-$;lD%@gXrWK`}AGk&yvMj`&AJ_=bjh2L*Zh`nvh} zxcd9MdwROKyE`2`=;-2N@8o1>Z*OaBd%)V-%F@!p%*^aBS=E1Wk`4LjZ}IW#&jd%c zMg*cL@oaJN35iKZlan|#b#zo&0Oq|J8c3YZ9vvw_P=^YDD`qGG3M!T0xRpNRAy+gcgK_pKmmGyPF`D6ptf;03c#p{D$`)`+A_5o zayr-;F&$QbT1OI)R-9HrFskg>%>jLWI)ltbJj`)WOrgwy*vc;h#)!=kx@lRNxr968 z`*2B|qR4|#16)@!8#g_&1BC-eWx)6J8Q4R~O#CW-hUe|N;sj00{ZPCW$OX)C7=Vx; z**1255}UgbO2P>6_5EJ{Bqh9|Mv@8uk5&K4e)3DUs~p$ys|Bv`zoF3_q{C`UFe_DEaS9jMRCcqajUQq0R8o{-503+&`4R zjpTnpLBVh8e}BvWU!QYb|NA`uUxyaqCN5C^^0x{FT40;eu(G`3U^mD>QiQX|VVi;^ zn(Jy~-))vt#6fkTxyR@t3^ELm!}xi~Xf?{Kww#Ug&zzodnh1Qot99rFU>$HVOLy1DxNw^G0wS&<=6>t z_B76;yZ0(v#pCHY*_qG`hNA=-k21? za!so?okSZ$tz=lJ@UE+JAeNQC@vg7_#Kq&!!{TDLow9--G?Rp)%@-FkkZiIB?WpZX zMfop@$c))VM#C$VI^HEqoqiaNbkfLm#PXJF6d0!O(5*96(KzTetmrBlX=tv$%!Wo` zNyNP*99=%DQM@sMiiFZh_1BJ60+$N7A0C|s@JwL(E3J)@s*JV?TL=rMW0b-42bz_L zgP<$8ooV$?LU4DUUYBBkrwNI6IIoq&|inKjyBCY^`(33u=FpC=p8_|>OalOv(~)P|EenGfv0Q^U$7 z-I;#KB_Zd&Gm8zc9XG2p2QPsmGd5EB@Z+JoZp|iGZVwJ%x{uzXqJ@i!9gDLPpms$K ziL=u?#09iJb1dE=$J;@KabO!e_+*~6@G;!I_Gn8g`pJZDFsG0UJm-GwJlTlD6%!*( zA7F$yl*5mjq6Y|#_u>}twW=Iy()dS*Khi13Xe3x0@I&f`;}eQG`}?+9GN6=E*`5dU zOAUBL+BnO3|F7n?Zi@d01X7yU26$~w`u}`Ud|O1!&jf zf5ms_+qhK}l{S;RFHYX?T3YU3TN_*}kp7hCzkUu560siliz?Kr1~4p4SWeC{P?WEo zs=BbqcIX%erD0as2%^1!Vc7u@mFFBvVD9t<)b!(&J0IroUbJqVWMzp_yex8jlxAmi zKa0xi{7W+e?JJQr0-QMZ)Q_jKGQbKVu39h{NF1bO7>R+Uu*297_&YnB;Ta1Gi;&d+ zgXO4yarys$AGQhnQ{2CH>-_~bXZ)kw;ZNj0EXCXVwf-+fDGB$>{`VK`jxX$gTX$x0 zie&IgWb#Soh$!YOXp#2W)*m|Bb-eyo-^i1x2QL~s=K7}oW(a)u+s6%kmF}~6K4?uN zr4Gm`d?_QCqZ9Ch`=PZ@TW9jdMJe~6Jd=-C*>QCRbMbh6r#S}!qntp*4Ve$cdHTB6 zW8*bv8&6FkVi#+(aR$cKoi6-HS_7^ti+(Ikc1<;hZ@kpuVWZbWnus{FMCn;m`wP-g z!{Kr;Di%QjfR_&%1b{LSd*Yc&sbOC3+d$w_hE!T}M0HRhU$#=C!OkFY9q7Kc_MnU| zvH?|h#^I}MzYK;On`;yJ|Dv(gW|Y96;GYuz_j&zyN-T(^^twyn7ykb;{3~zhf0X>s zw6ydM6_64ILa72ri30hQ0y?*m0=nV$yK&<>#q+ncv_uI9q@;juXn~XxaK**NU#WmU z%Ku!Sb3OiVTWXmhO661iH?jRfl>ATq`dwDJE|*ec*nQN{nW_2?{dTg9eay8nu2`lN z$b)EHPDrtxgCkSI~RHmR0A0X0wb`phL6Ls{|?d_yufZgdmf$ zvb~THI(`>-5EplRf~pRiR=EOqs1{?Tnp?DDvVUMUI~q{X)K#dAjz+O1CMGqd7UlHz z?dp`CYF4T3j`Y7XedNO z%!HY!ni`lWzj(V6YC~^_lE)JQ?HVr8a$kDp4v=slqMJeBC9x-Y>A`J1i2|8jVAt|P ziyUxr)1%Z&kIYvZiIG=M4A2|qUNO+wD!NlK|5jUN6XTOcjGH|}-9A3%XToHY+8HFwAG9HD3Fyr+1P zWQf+`AsA$HBfP5h;!G|wSz+#o!O{rPVns&729bC$#!ydsh;J= z8;RLLogk1W;Jod{97nl9l=8+nb%V$%S-P;k(kn#e&gipzoyh;O(Q%u=f2hyqq5o+I z|3v=7N=p8d{YOIj7ykbO^aG#apJM;v6HlcO1^CDKmylTx_WwuyA4)GMNy%UKpG`i;fA#c@_kReb z+szn-gtOG@>Z}jfdgHaY z>YnD6)mLZp@*hsL_usubM$R5?Yfemx$uxFoICbjj-00iaD@kW6E|aft(K8*A(5wlG zQdd)%xYnPSb9De5)}OW`3s4iJMPcU^;G#kott;CwS6#tdw6W(`9jb0*Y7rU zU%YEH`s&6;s>%lHk~^^wO0R+SkW;7_<=~SEd;K;6_!>F#Q)%(O3cr32#pBV$0PRzj z4HGAWu09WI?`&8vMB6d!KgO4l(DJNBL$5*Sict#Ta<6&K)`)N>L%zre4p104(U2`Z ze5-d-gul_DpaPSS)ToFU!xHcjuJmXSTR6rLQwHAZUwgucFTe0yF^K69M|#sCPf~lb zN6M9$D_|y%_`awkHPz<|TThiIaa8x3+#WC)XR91(;~?M19449=8;&)%HXZ6ZD*99plVnmEkj9;168i?1U) zK^^f{cNq$HB09rl=;wsobIMe`-H9XsP=Uq^Mbq#obmcw(kmPxYMIS*7}d z5xuS!FOs5-ZXUMIP^$Q(`W!^`j%Xr3r&b6TaBtY`h?-J>d(gdGlEqAKeCLHTPu2!*xKXbcZ`wI>u4OIQdyMsRNL!= zsr3%-j)$B(WAE}f77hFSrV`iF*xng)1^zr&pQ!`FSt=uz93Nhb; zQC)g6T5E2$=b?%p@0P~!(gWS?>Gy`I49sF?6R32SYGbzUn>!q|?P{wF`pCVMbLb-< z^%h~_CSCDS;ah|_h}5biALTpL6LUqCGL?f=MT>0_BLRGDscUXv#e6d(^EIp{H!han*-6+bbw z)>NKny?hJ{Pt0^p`904L66=dvi!BL(aqPB^Vf0NrY#K@~3q%!iLP>6DVd#S}A7|g$ z%5dj*2O_+3wI*}&=^ul9e@{Wq#ncJpS(QiU4m@FR(B5B_KS{U5eL`r;@ftxUAM1f1yBrI=U9(NUS=K{(ZH+!B$c`#&-u>btGKx zdS7?N^M~5U4;lK2ma)9+ad|ATSEYu~veYRe5LNQK!p_rhsrh@yxw-_QG`Vw6ZMso6 z<_Txwxpt{X?0Qo@l^rw@NAbFo@eN+RuOC%$Kv%@1hvt?qj9yoDVU%{|D!zi)L!~Zz zZL3y+I{v1S?vC60ymy#-k4z*mnIDi1oJ==97P9T=ezybVwY&}sJci?Uwz(ZR zD`vKL^v&MrKD(BCs#hgjjLu9S$enVvI&e$W-*r-t)mODx8gDG-mobx%oxwI=r|o znkpWkw|LOqsGYDYC+PhxRV!)g*)83dWX4i@UmQ{)uIRU#)d+f?Q%e6ZbI5M`2r+kc zge;z~=52j{`$XJ%aMD}v&=Ns371=R+pG1`M{ohxs3r+&*VJ^&2(DP-~gMRSV#}ICj zs7UF_;tESH+8K^qflj7O134~C3KR!`6Y*;N89p;=b2D(->uS;48?|Y|XOgzOUyNVQ zil@^wZ*E^mkKeoAifFanDF797VwecS0avzLE+yfL@o?$5T?M*?Sd*?Yj^2eU_bo`! zwc$SY41AAln{Q%zKS4kZ*Dcq!rosf3j~snAp^9oIz^*f^q4y!;6_@vW?7$HD_AN$Y zml>hl2K*pxd;ER^G2K+CgM}v)PlF=C23F^gVIBPvhcTI^T8{jXekxrqHSzcW7=k4+ zl93hzOM2yCZ2wrxfQc#(N-h$_Dnx4cEXSAJ!yVE{kF+i!0+knLsYx zsQFqWn@=>xdUlbe8Wa&=(sbdY4pFs>+PNkreuAPXHC&GHC_^I=@Ho<%ZJ7BhZX(hw>@(9Z4nRX0m{g0`Df+@aIaC)Rd{ziolF>{tS0tt4VD~fwcsJpe<@5 zsH;b(;6-K^^Cq9d1j_p!2a%yrGC4vWOH?btkRH2%kg}-qBk=QeEK&TR3+01LZJiAC zsY{{Eg=(vkr`rc6aa59xkqjY3K$ruEJ1}(ZmHBiN$7%!M!v%hk%2x@-)dt>qY){4m z7bLGQJA?ZBul1;A3|_-gaTICtin3R}?|wn8LEhgaYe6=kuTic$$-Kk8r9PusDkZ#c zWJ|l$H6@J>!~j~KBjs#?jnj%C^2waVPMKm}g0kpBGN|~DMTW2sDEEvQ`&Pcfn&0l> z{MMw1c5K&zyH6eC*WN{bl-C(to8j6ab6^^jQcoi9u9t*MKAlz)&1~bwQ`V$0^6{Nk zSir7c=@t2?LnXkinR`pep03RZV#_&bnNzOj-gqoq8*vZDB?9BWk(uSXkG1m*5 zVb^@0A(#YVcRfd=-)P2;$3W~oeX30?(p)dU%>=vBBdm$nSD@N}#}pavL1P>6=4>Gt zt1O$ajku!5H%GrGk~*v~s;r&Zw`><&wQt&&EuYvcaX7|iB_zSwnf=jDJ#5%=!P z#^IqDC>W9f4aD|R`)|K&Pg)#1-3ZZs!UI`3!Twf{ihu!!?mExP;Z*}G(_54fU`ESm zd0WC>s`92=T@@wnms0lu$s7mZo%)d%a>Hl(dh@5m$bSCC5$cI5ZwmSe%1BuP!iwo~ zPQ}IM7Y_ps!P9$S-ZvcD#Si;3dnmpPUj%4yC37QLOW;s}Cpy7n`n_8NfcxG)jp{zW z95W*@_8YJKn#3ELQ#s#EPWwd%t5e4jTKEwcmLn*=#Dc0EIH$q^3pW)oP;kY5m2uIDXoU$7Bo~itR>Gy zF%tm-K9&#TTp%FM!Fuo~>kX8`hQbi?3)p7-0ZPM#P)AdUU=v4m?jJp9QUz#fK*VhlRp<(!nn>K{5CQWjxo3cPmKk8q<;9`3w5{`1jYn`{S zu2fsbr=hf8Zl&@&YM!~bKPC7PQuKDFMn91?H;p|p<4_3qj=u2u zi9=iGrC3o}2+nLfdCGku)I+m16^^pDrfE~hu?@wyuKKQR3FUUZZPX?N))CISn*f|z zbtlgI**wl66r{a#%{-a!(%k~SAmn_BO^b_=>CG9(MIi8nj>N?IgQpAI(m&tpV5IWBuKVJJd6t)TAXA zXd*|88Q;0vS%5@HV9DEg80(V0tr#Op~vP;y3N*+*W_n8++^-Yk6Ii?bSMND^zqjvD5&t;T|dz0l+4$2@foe>+~n7g=9F?mdR_E z07-6qkaARi5S__U#kR89g5qaxu@bk-99qj-%#YKFXo-hGg-|?JCn_g}g@Uxw8mdbh z5=pqQj6C^bJGY}x^26I(`0c&KgH!jlp+aMZJIktH8WUc{`~D`T+K=3j$3SHn`=R zBoxvMfYpS=5BM%O28eA^qEF!(C^k ztj@f)Y|?0}&V>e?)H-W(HCo2~Oy;YT7FI2A=kOLyPUt^WV-NrWf+&9|sxglExoT`c zj%K8&#^&W^26!JDddS;Fc^_U2_*@Z6wdQunoBf#4R+SY9nWOhN7~Iev7H%HrXF^34 z>Z0ljILG>CrrQLX)6yrJ`T*|vDn2$vzIn-jRjCOr99?V?Q=$^wa4=n+3PnwMhh`Cx z38C#Z2hnIMV+IoHO5?r`4I=F+>oc^-fm@oyqT2_q+`bDNBN!r$QTA}^8$)_I8t(9G zq!Q=k%$LWlk@Pcuc6a90&H3fMrY%6``Z^#)GLG{}ISxTK(=?V4GQv!vlGtc2928K` z-WqFgcsFE@9;d=zo=TEW+=>;$pKOcqyj_f&p`K} z{j>)Ps?YF0)D28sU^ci|6U4&Tv_De7Bo;LiU!A}km;55;b(>nb)lQB{rHM1%eKxkX zv~CYYZ@!E!In3`_akXn++KY%Oj4-FW%~)PGu7CInd6^%G-G1Fk*AaO|@d|Eub|mu| zyXPfxpl;*#NGU#&qR7Wvw}E1kl$L*?m1j=*!KGA#2Kqw zIi&WtFDEsx&HyEO*#{;i4!*5CfnJ8V&1fNG7CP9Lo{lMsoOX6Cri$S=hykCUGmF_* zzS}2Tg=8$<1)^U)Hx=>v&>U-Q^Qtq3DNkN#EjDaaj44MbNazgZ#B1Hegvpbu`(7FQO&MSAK9Z>RPOytPO8(LzFyhkn0^E9e7?9xV(MD&##iLd)uieyc7nz{I#!=t<%XP#OYvb{4OY zL?-S_$WId4Zp$BRX7~Q%++ea6HXvJD^+SQM$O-gWQ6(M`N-Lld^TLtpWJ#-9lUN>7 zQdlM$d6oT4+rcWqrEa6TbBZ5XsM+tMF_ex*GhqXI`y*x_=AE$hWqjCL3V`{{56ZXD zUTn0sf5CV*hQ;*wJ|Mx%Z5a#BUFq#J|IWFbUYZ7rd`7zs}PMZ^%D#?~+`!y!6w|c;M&!g-g-f$fbhDAB+i6kBMm+I~13%YsE z-YLrd$;4+y5zOP4%M3b80v+fb5(%S@IpT}Rx_V>as zk#OTAj%I*KEmmHPp2<4rdEwNuUvT%?=DPR>#V&w>N*c8OnL>1sRvav-`P z{t0igH~66Zy;e?oaPPP|uAuuvWVNdDSqsf-&h6H|cUSTAgi_`9PTvB{Jv(0J#bmdb zgzRpZUA=@{blcAug>Q;UELLM-N!O**4SP8NyPZvx<#S9%%w^q+ia4Efn%sKY(!2}PzEp8sByxHI$;`u6!iXN46I&ZlHdQC zBK57=n{-m!Yvb9DLR0IfMK7aNR8tLmxG$08jVt;!jGG}B@#@7Mys=337&Q*gvq?g$ zbF5Aw_U3#&jFTR!`c}h8W09T;iIZ!|bX3!T$9q6i^5N6yRS}0ic~VQVFp>R+LBUo? zX&O|X$o?EpzsoXi&p5_@&jBJNVoUALg@+v(>8~o7LH!)jV%ziENa;#BOV8hn$lrkggUUgo%+r zbOuDp(JQ(xBA`M$Qk8tQo1VwPQQ@gl02b$b^>|=UVNdfT`EHBr9wp4XsSN~S=xG3U zttrom1SmaFxZyi)1X{znD8B9A2a_g(+r?BNa7%;e!e=DvZkIh{w+-SSou;Mlu2K@U zG)OMdE`R^b72>53`ywWwY^{f1c(?e$>&dfHl^{@zf7&4Gu2s!mw%X?tBxW3s1 z^ihAG=KIm3okle+ydtWMVKR8BCc!xVT zBkf>JsU9@mE%Zim377nc`I~-4%95xKv&5-ceFOYj`YD*SWKnE_VXar1W%7G8Z zo(O-;72hJ%LDnJ?UFPeoUW%EN&|s7mPrkkj^_e~gPaq#TCNdp6lFRI=+z8P#&z`Z# zYi&QYsIEnhTzzw^c;dtJxXX9!`crer7N{l00P8};tKf@|=H~4Vv{|@ilF@frB*o>i z51y8c%Wm-!l5JWfqq5Eq2;7wL!CGIx7bSOGJoa%?KStN-k#GM&Oh?qd4-7(g&HH#S zf}>7}#V8zC?+xat555>-YJWQS6l0Kv0b65lgrw@At<%c3a*vxQW}gqI3rM)~>&*rju9EHyd*hkP=in{UMAP>7V>TR3CwJ&QRWw>MwZ<+5 zGd!K2ca|S|!ZK_Z;!A`}7YyEUlr}Lt77ucKcDrdy)G<#zPq+IPBazo+($5GxUU*}9 zjdQ$FGEpmX;J^bw9M>G|UieI|F8g+d&zmze)6ZP3xEXRvq%WNjd;I1@$VFQH$HyIz zAgXi%2=D?54$VE&X}xK;bTrxG(5>Il=f`Ds z-*_!xd8&0xa5P2Bx5nk#qZ^lA(1Y%4O zQS?rtt!5boI)~I`GA$OX6HGyuF9tuY)_WQ;f0wxOrb%l0KZ-F=Wn&g)xr~J0*_n8MkK~0t}W|9Lfofz}7XN zsNcG1pFs7xjp>f!KqJOi-_1Mp#rWLL);n*aAGqK^p0{}VkSG8lJT#7=R}Z2C2!SCy;L)&- zvtGupT~y}-HRSepR=O>|0uy2Wd#ECADTj~uCSI*Hv(~g3jZHjRlO&#Q^pY)UPY{p1 zSrW~-pZn|Zj$5{zj}BbbbO{(X3A%sQBpzYS!Op`am{^Q3XMVVk!eJRPL{0%>>Ksy# z{ctA~-shv&pKcoW(BKj*q8GvAIUjlTyvLeLl-L~oH9%l4BYI#OiQ?d;O$TDe4Q3V` zl-PJeT#r75nRoNYr)FzD@e^4r-E{)O$ll`k0m>WmCgpTZ+5-g7*_z}OSUUERN!P8T z7bk#`xeS|!rdK8`X3wV$WhApD9=>KCWNDUMADB=vA7Ufx7rBa?nDKrTl97`im@K!? ztJ~)O!;C9=63TzliT*?Xud1n$IK_wd?|!gY>5Upcl4?LZFOskZ7Nby z->33bwY%>S_`xpvR=KQiQ<46`Qhrr*=Q{+XzkeU=HM_p3+VC9`@;@T+S>o@vhs*qc zGyGHD;CD#;02bd)J^B_MnI9tb>k#(uQ24>N_$&zaJA=R25+fUd;N>AfK;R2deNJGV$|sIM zf#&zeOMbBpKOgVm?c)7U0fgVaeaSC2;^#yHyn~(m?0+!7)E78%^R#nuvXzos7cZqL zZ#XHejD#$uuY`gvWlg_-6H;H?#5ybb;=&!gDe{n=gEvKL3~=*w^8W#$FCNF=2_5wI zck-l^Q4aJAUH{b&hJUdRUX-+3DLW}yX{@AzEmlHa-d4iF8EY$#Rgko^leecxSdu#r z`nY_1Nu|GdQ+!6s&K4^vFZ~Tt-;n@h6s5ml+nJs9?7l zQeVmzf4eF<1u0p13MmOYTRACvi7(gcyEiEF`BPIv{&_*_f9aV&mH!Q$e7ybL0=)e~ z|K&UUiTqFb`t$tnPx8O4?63Uqe|fz(Gf@1K#3}CT?dc@$5acheYiA$o=jIjQDsJQ! z;3WQu%{hqwXqWuo$H->Z^MBj9KYFs_>-HZ*Z|{JA^QL}=f2^#;SN0!SX-Z4DU-^Ik z=DPox;fg-%3WAfLqPw?)o0FHL9nQ_mJ#?p?kB^7bP6uyK#jhB|FSP%eRsG*{&JXeb zP32?r_x4l#e^LK$J^zQ&{!!)^{x`qUn;)@}|Fa$eMEq3$l|o@7+wX5FGwa{rz+koi zu?ei3zvW*eK3jnwmy(sBVE&K(59|1s!ctO#f4%>IvabJ$uQ%{t z3@8DV{Qp#X%$qlF`)@pk(utLj%7GoGVB-?`u-3h%9_<|+cjm58GJ;oEdtSaIKX`C% zZ0uxb=dr4)#O39yiHSj4TBA%STU!QZM{->i`iR-8OFFs;LcTH`qf`Z>XTO*Uwn`Z(v^62M%u^h-)P+U2)Q}S48 z&{euw`DrZG17&mRt+@A)7mg0}+LdL)*F-bA9ZS-#$)HevEDSUZ{>%)1!K}=2(ag-z zvEi&J8oD4>mZMyBVg9JY$^RdF?*Y|ByY~G~dI$jm1Pncdj)0*k9TS>#=}q7XRX|j_ zsHh3O6PgrJ=~9&rb^=Hd&;W`EmVkl1(I^UiJSs^ob zGINue`?|0BUH^Yl#F=E=ne+Sjo%{$=ZJ~f<4mBZ-zx+gbac_BMS_WPa%Z<%H#m!q5 zcLje9UtBVJhQBF)io`c@bUyM46&slsjhFNfYi$pa9Ly_kBJ(e-D>SI^F35i7uKJ+5 z%vCNgV=Un?NH++^u@d#6!cdFC=QyZ|zqdx{qmj1i;arg&UX(oFnsn~Nl&wau%On_| zpj)FN1wgPmdG{Q;M;mpL<1II^$*}NC0vK@HbNKoqnqaD=j7C^rsf>B8ft!m~aClmd zy3=>(0B?toGAZNT_Es(GLiO`KetpgRU={uIJz)=n6fH?kiu~2z*7(~{B`I9I-9OZY z;|4Er;o47s%G?7_98B8MXibbYmD3j`BXzgGOx%9CZTZTxdm}Q5s49|8+8PkGR|sqB z@f^y6z*7g&Y%0up+F?dA*aY{6bYB`JB}e@OK1E|x*sJTi ztVrG7=64U3G87UHcjf_gFs}&n`M|)rCCWjyG}(I3<3d-qo%Ut2cmX^vG`KSHQ0bFD zDx7EBT}QApF2USdK@S6YHygNIPi5=9gnud8sf6gRol5&dB-CMWd&7j|li*XEm(ysc z!#)pFt{%KSE7kSYv$V9RK@X#aD`{-J#8wF?m2Zwzzr7Vwueu5$No7MVhB)A}HesH}jF%p>H?? z2gInl>AQzsbinls7()wTk)ftsX`~-)-tng$cI0YWv#AF{eA2X-nM$%H_ zFB%gt&WJvrfI81HlR~l9B!;;x1=dA@Revk472){lB=U3AqubK;aS7YYE#NY}FLHz2 zW$a!zAtlHKJPyrFmjeQj=FYW(US=h4bR}Jk&S_~W3B?!FXuR6DimX~2oOqk@4Rz02 z<}Bp#Uni$wS$Rd74HVTdhPBsFN&S{*3nR-4YQ^*U1L<~&TvAy=lDrm^;2UG*HP2k2 z$@?n{8f0p&hz-j-LRivhjKf0=3FbPSV1y(m8O>p$UN1LXOn;RzJ(;8mhh$rMLp|TD zU?f{!m}qKPq3dSh2l5faLQA)EE;^daZFb#O@=4Ih;^1N1-y8QSR&(>PT=hC#xTV8u z_45r7cSuibi|QEEe3TxF;M@FJnU zOs%Gnv*ZO#v>Nk>A<7n>B<0g31A}zQpPspN$yQX{rzUcM z{W2<)3LNnY-$$6`hK4pi2M|c{Uy+OM_CnMhrdZe17i30ui*;m_^8~xEO^HYuI@jYybUE zCC*Jq-#I9VU^*Y%)3h&~zH7p&11PVA3e&f1k-|l!WV?+rd7LmUiMh^e3A{pM<3n|K>tGU@lWDEvidJ3=s(1N8rtN4`+xik zJ^Y{F^mqIx0eVeDDH%WEDUUbx}n>Xdl znBrdq)Bf{^^zWAcLJ$1q^Z$Q&3-_;m&_6lS8F5sP?Iac1SiP5~X^AEPRo1OgOfE~8Df{I1%k?tfv@=}+T51qIzau8$ zutN}Sdx5=PKo%cXUnegmM=(7z+kuHMC<1tR%?}Ax)Zlkz)YKvBQ+TUu;5yj$gsa!C z-?-Vw>K_=qH8eb;hUEk074BlWHTSaFLxEGHqi7zizin=89C#CHyXc z`TXz$lu!12;`p~dz59W|>@ai9m}cp1~l^N`^U_-Djz0z=ADj}CjOnhf6xH-XnX z^Io<9h{s_0T7bAValz*3O_$(>WI|B=LW+3o@CQ7DHlPsyo^3tMx3R>In!@?7RsV7Mjs&@EzgCO_)+lh%g$UxT<}(M-fj|i zX6&(U;5WYQq0OEYAxSKtB`%XLWWfv{X45@R1?^Vl?(e&mTD zN8$+LxIeikKWW<`9T)z8599yEEARg|n*ZhT|8MB4e|69Q$@s6O1rGNAar{^R_xS&> zcJhC6`(NX~wyy!0i~aIv*bmCSftJ3To15RifB*LF+t;sOH#RoDeEIVE^XE^WKCQ2> zfBg6nw15Z2zt`5*K>csf2nzK7ef|11XaT&sy1KHmvb?TOtp`oE$w{8s#4D|Q+vsk}e=|KVV8#iuT zzkdDNwQElR$aV!v8AP@ zxw*Nqu@ST_2F1%ST)0qIS65qGTT@e0U0q#ORaIG837XoUKY#w*xpQaFo(0v-%gV}1 zN=k~0i$SxiqN1Y0!oq@rg8cmayu3UnlbM^Fo0F51ot>SPm6e&9nURr^o}QkTmX?~D znv#-|oSdALl$4m5n2?abU@$<3cTg++mYg&jC>AS5ItI5>F!{{2BgL4kpR0RaL2{{DV` ze!jlGG#U+bJM{7K@%9ES54}7=&qI%2u7|F!t}ZSv&d$zGPEL-Fjt&kEphwr}+jqZES3;t*x!BtSl`pEi5ed?Ac>(Zf<5~W@>6`Vq#)!Y)qw6ckkY9WMpJ$XlP(y zps%m5tE;P{qob{@y=&L5onYc$OG`sTLtR}Rge`aM*rBGTrmCu{qM`zNKr1UNgEH`n zii)5gn4FxPtgNhzj0}lHA`*#GQc{wVk`fXUVq#*VqM{-qBHOlY6BZW6iqqemOtmZ zzs>~!y#+wf;uftHtVFb+ve!sB4M;^uVG0%7DsQFXG$rFL-dF8O7UJ{MX^mJME+9h2 zTj}Zn7KH?E(Qtqx2ax16j9%OK$=f7K^EKn_1^rHo!sRr=sp}Wa(kWV$c*P57b1}&b zJ+ok^WU(_R&Jkqo16i&GMm*j8zU@nu%KXREAfg`^2OySRx9@v8eDbG*KR!5#IjUo-wlscKei5xP3t)Dk(|lQFmHV8AMsM^fZl> z=)B(<`?`-ifd!?9tN6I*$pDc3PdGapCa*mZI((8+V4s|!%;p%EQKU*V+L0H~Ujro7ZjW@87) zeiR>xkmpPY$%b4+F}1YEYHTwwh3Z~{&;aS9rtLX91RpYU6ctGvRw#yx%)su2GZ>b( zkXDA~_%$3IFmjKh5RYl)qsbQPzC6m@SKxGRdqP{kKNi91<7Il02CN~iYZE*5Hg)VF ziLa^Y=>2KaBYHQPT9YPNFX;?%rFG|R#=P#-bcM)XoFmWT##SVYFG-YWAz4@AKv!MG zRr@<&Ust3lrfyUSWq3hwFoma^RY=>NW|iC!g+6I^p|?((ow%31jEk)pV9c{Cn!X~~ zj(SMr(w_2aPs&r=bT=aj!0prJ5gh(;@pEtvl~5ZeGa;c^al8a^vZljMyR4I(C*6x} z?bo?v!MrUt-fDbDZ^r9AB~1RD84ew%(qTu2g(q>TiW3;wn7Y0=If4pTX_(0^e$!;x zb5J@(gKg7l&0X6UVS~k;H0^_M>)=>$;jlFpO0Lu1gl~^Q#I0?<;cZ^F$|{j4{=`;E+KIm<@U+B=J*Uz3AWX{x<~K1GDaMqx*G4${bPVVnHYI}L|B?^ zb_y!didjFb)j`~l`zk^qmT~0xq0MaaQKhh?XBnBVr{x5tPmyiRc>DCdTRHd`bh4;3 zKjiVJyYh5O@>@w`%4l03K9+z09x*YP^-JXB4VXifG44&?1U^PFnKIX!fhL4)kGDYh zRJGrcij^MB7-1MF zM+`xpxAGDnv5^Xcu;L8IRQGtY>|tCocIQNTPu{7g}TuAVs(S@(mMlt<)XHjLQ&|!BJ0hE#WZDdu<3EdPT0d0|g_>LHRa6!$I6(0v37c zz&#Rt*P6K$(7Kuw6JIT$PB)ee^eBL2S;7{{sZ!$nP**QT@pU?#YZoikx7h@X8(~1v z#IX!TI*e-;raqI01VC$h2#%qlwVV)>=Fe*k&<~+QaoA1@oXa+eXn+Qg861c#Otv)m^ut23-SPD}y{ImyQBbd)QQb2y$#+(R4ETPM<`;4AfrHag6R zoDx$13}5L!tUJYo1LXxr;Voz^fs6`O$q_wCrtnpz%_QRF0LP;PpuAxUUYrWpcuCr3 zf5hzwmbTJQeXw)&m_TLojDrBeXtGTqqJ1V-I=*)BJ4+FW};e{sPDVpT||Yi^Zl zK7R6Kn{{;GL=d30AB?e$v)g879=N93w*q~0k}31kKOnkoOn9UH@KlVbAo`^r2Lr^MmQb!z1p0xEUv%Maxs@ z9i{ZrKw4Sp+J^u_47;&wUtp9et)ecx;XM5U1H7H_l;ip4w9&gyVesH_Oc>~26a>z3 zC=^j}W&q9|T3g$mKU?hX=>;b{uU@^r%LdJD?}C#Z+~L7@@7796O38_rmtHPs=P5I?3>6e(7Ixqje=Yr4xPW=|E{`Efr zK>u&9zw!Uh&dFuw)F&z-NR1pRDl>n_wcG&WfzG+%0MYwzgn>b%%} z`O2@XXYY;ry#p3|S;Hfv7y53WAMkW@-nQ)z*NF$Sx5pn2xOzEbVk08RO1#bwS5~ip zdmi%#1_u>-PKJ6wo!npj_<89~ykRDC!Q}dJsKAn7xJ(A`fi031UWojF5~5AJCrBqh z?N5po*Xh-0tFg2d3XFLsa5!s7hs!^xRK#hCN5TPL{zzB-MdKmQ#R;(^@1Bg8y00mD zXY3d=I%ogmt3iwdgBmIB@5j>kIFMbVC3I3eij;7=KDfhHs7s)lj#k>r4-)Fz$vvyX zA8o^aPi@#!=3k?;k>B0g4R3J82;nY3uPgBy(I1EQB;+Uyk)l_i^2SedwS42#3Z`3E zXa{y0wn1%ugsU*SbYSBD4m*U2`n;nG>9#KVk4-E_0i?o1(Iy zbrNt*qJ}L^G)?8zt4T@|IHHfe=y`qaas{zG5$#nrb~CxxX&*vcR7T~=&VKwmiB0WW zJWdttWW4*eVm2z)CU$@a*Li^tP)o9B;FrfQNK-xqwu@S0yy(fiIise<-k{7eG*$v& zo8cjFFkPyp7dt@kJwY~4S}3O{a32F5-w~QgC{~I^BXoRA(5-jZSzc)!GSbOC&Lt

    } zTt!Z17@_D&7@VHKpFmfDbAUhOg95#g`s2jJGlz$`6acNEBQNVKI8_K?xjO-S01>)6 z6@!!AX$}C+laIOdY$h2s{5IQCc`;M#Zo;?#PEdJB&16WqfLFa>13S`h6%}+24Z#R3 zOH+|9aR?TdpeeZ;pJ%5x?dIh$?;Igz?;BRm!=#$ShHvO5>c*Nj9hN_8Oe+Mkf|w9M zq?ZoO#yKyYxDLHEw)Ly!)o}(0wc1y>_;D$(pr_-Ep~N$$8ZNOn>sR+a1)?kp#K1&K?j zo{P{;-hWE3Rj8HMIU*rp`9ux#{5A_t2rPu@faD>DVJ=AC(fbjd>KPF2EmVQw00hs3 zN#!6ZV7?gdV8efl%SFW~#5-`YqxxzD??V$&t+2TUEPpxuR%Gn_<>v^^P$Yd(kPZP@ zEykyz7fF^Mc{#N@;WsSqO@FO|;V}VMxXTDT0px-WYnKIJ<(b zpFS@%L`QHeLZSNvCnEAA6BN-)s*nB4VQ`bHU+C0u)@4SSP8>rGz84ChDZ=%* ze(nk?Owyf>s<#(oSK1qm#~JGwbE>#Z!;VC<67W!VFB%QRcUqUpADaf@LCf-}5fMshs~PV1qy%o@2%@(b$=nUt*f<%W^+&2^^B4uy z{ZV@xc6I8Boy;f1+3`AR0`E%Eo)A;2xGA441a?X_!q9a!OXR@Wm>n z^~3dml$97N4W?NQcOYwOw(SwO%UV?4w*uj-aDhf(w(t-XSMeJ7zhki&yLlgcBB(35c_W$%@}yQ>y>4~!)Ku&A=1 z?vx4rel+{kjYNkg#%(>q8&ZHNwD^k-k#a2^$^q!PpJ=3_`|x0-JPm*)Nn@k7m?j~i zSM1G5RPO50VN@ftKVMyJ9N7acu^uzhj0MnvD}yu+oo95+%2+ z(k_(&16No)910ad*jGZ=;ghfXF@I5y%upLw;r&>`)hcgKUXgoWpWEomqhQvS)n*p_1f*frg0n+vTu}_{I^_&*nS(TV?!!A=hbI{H zbX`=fg+Aw;e^Lb?l-yO0>=j^MD_wCESd)!~vKi-$i86=eGV0{^s^l(-&*Mlg2yeI%QTSoa-e4+Koir3vp1))Z?QM3 zoL!R6c8@!IWXb>`q4@CL*YATu$^b+epF{ze&=1kqJ~G^0RJfCNeXLZt(u8gmnXR$n z+UC`c`=|@_=zIfr!hTuDVj&-ykuPDN^(O2RL2&QdgS$jJzJ|Ha^ykB!7`P&Rhsx#0 zM?R!Om4ylbDTQ#4Wv@lP%g{MwPr3+HE~^+-|_?QOaVk&Y0i%~ zG5Msy_$~L#Z%3#|x$&dHZOP4-d2VgJE_$W?mV*p&Y;fHfjcn3(&UmiJNI1;Yg=2Y1 zI*L=`g)prP7ZtTDk~q1~%bSVhhg>NFM~mO8uHSyA=9v!PEg#(rNnr}BXoZJClAghI zRmX{B{=vXd6S8NVVHb6IGBvvN^b791;&RdZMS{Kt&!^^<#gCJ}xR`O_3`M;@|AY=O z$DOF+dwfR5KX@b2EvXaEp#a}`wz&2c{%t&4jlvScj zOc}#8D3gu{sSRvOSk@BLq$H4@wXv z*%XHNLE^hfO0}65b9GhO?vugt6A{Xx+ucrNSjH!lC*guNS*wjQyk(x2NonZG!KPm2 z{;KA}&b(KbnE25Hau(17D%t~%j!PsP10qtxoO0jF$%tUqLQgCqPMA+%J5;ydqd1|f zM}NK#CLJ6_yKN8n5l*@KqhyVj?~E`hC5sA7X3&yb+%L*jk``yEmiNAMd7!n3LuU5^ zwO>fSP9~azf!9ch(gQfA&wmm`YIi$=ys?r5w2Dyojwp^ zS72x=3A2@Cupd6Rla2pGYZJ*oN-~D`{}MvPyx%?P*7Y{ik>goQmvaw`>1pf8V-s8sa( zY7xaj@o)V(G+bXF(zr5ygL3})8biXwV834cl?uT~PFG|&4W7x8IVl_i!acr7BREyRZ1sDSZ-xOG#WH z+bx}x+-3~;#@pc-2v2)fnq>`SDv$r2KwZN3hziH#HDlaRs+_1e+)$Y88^BAtWs=t5 zW$VO1k%n=qj%&Wo?fGuUDxk#Z6kt$9#z=gB&IA4gBwS~N=t9>S8YM<*kQaozI}^^n zIk?3Sh|fGlPA0%=LhRdg_npN|0y|q8{@|v_p>fH4xL#X?P1=hx0fz+1-Vdh}(*g^~ zvI>?zLc$ZQUZ@M@frhJh^b0gfNb)h=ED1_kO4_{|c3PUF-72nZF{!5aVcKfZt7F4f z`x8&gQ(~?};f!Zp+M%EC_&c{-23BI>DiKJyp5$fG2s$#()u4ff}Pjqb)?wC!G{#@ar^@l=L)&xlg)snzfysb(VZmnz9BdzF@apYN8RMzz%NDQ>k14BMA!= zQH{E1?Zo|Z8kG&zyUsV(6i`j-8^v~!G%gvoGZXjiqS}d>C8zn>#ls7@ZH8pVsOXA2 zK6a!AWpVgQ9&87nk)66>qgkz;itt354L1pmyVkE&Pl51a1zcgL!~0~hn`j1+#FLmD zn`pya1YY=YyVRm_immL@3@C|9RyH95msU)cF>2pcUsFZ3BRtng8cFSx;gj^5`UHK- zA8F{J!vYW)S*N=TcY-sF6{1WlMM$S{`(sP2DvuDrE%0>ev=OvXHE3!umw!jN=t$A1 z?-V8y?#7?KV2a#ZZl7VyIxy8ND0OtY(X3B6FP-0H@y^bm;&5O7_#abVLbIcsi4^`O z$7{QqA0c%Jo6Ls(B!Z=iJM_%GhU#(45d&>akAQiTYo)y7eaykp++2CCqF`M0`*B$F z{zf$XSK#vh)8!xLfB(B^O%SN`<{uK}fB1i;e)G>e<{#&OLA5`Pzvn-+K%tv|=YRis z&;Hl9_?`a^02F~i0MOJdrBKe>+SYk^GzSHBL`7Yu({C=7mcH)j$jTZjEgi3`o9gIz zc=P7d@$sdH4__}WfhfpVFmd@8_e1)pxJy`|ZvYYeRHD;C-^geuUr>91=nDRVhJC;D zp1<}5tP8A={U7vb9WRH8p+a}U2>GhFNy&6+dKwXCP9%|JgJDyYN-^?rj6;Gt=ek#R zf}f3A0k=SkuD&wa9n(3|rY0sSlgj8*P`N<|^=ph25-Bo?>WPPC^pKelxm4JRA{k_= zKBGJ&RVh_dKpiTVnH-gBUY(jv!oo2?oD4kaY%iEcy@KQAb>qLO*mU{ktpO5W-?gE{ zdVyP&vU*vH_rYn5tXpEF%&7_T-HLfq>B1~lJ-J&)dr5h=YVp(OFB@OKF}R>^aDM1` z8o5u3t|&ml(U3_w*^sBv>`dwbY9g?Jh11E~6QBldvRX`g^7)|*K47b+;JL{jY15su z_%#LJbT|whqZP^KoJ}g^F_(`cQ7Na%lR$51Y(>NL1^a5NvsPV=F7@bDe!A9c=l(z1 zI|HqQRn2xfO$)5XA^MhdEx)@zHqPr#ud5B?;}^2dHDyqt&#KNIQ1roSWfs+aC#du*J$vD+S#@DC9`||u;oP>FRcPZ^=FgR6)5QCB;e70S z9EN@$@*-N&?pp8rXCnnS?d>h;*(d}Wtw@)B;S84YgKgnXPRj1D+R5boeu* zf$XnbtUj1IPbogeTdT50$IVRXMWM4KvnbMCpqMW26)Q3UO?^Z)25ReZ_N9}{leNm8 zokc)Y;v-nLo9s2&Ia2UBVjry&^- zT9w%w3a^2Gy5Ah}{jHrVvhQmG67`S14SJ$b?g}OO!b2SQ1)dSL%2iSH2`yI4%E7Pj z$5{gMw4_xlH-m2WKz-E1Fs?rB+#HvRaMI>ZDZQ2m$;>ncP`I}5kJGi#5C}JAyTJJf z-T4YGamJjyZH(2}8~JnM?Q^{CI z|K$3wrLDQ^@AyBBU7#fFzw5vMl}`RoZu>v4{~-VO_3hfqnWiDM#*2$rdH}UfK&=B% zy8+$N30J>{(!7Dy9w6?yy~|_BkTz-(IBI=h!YOh(BxxopYdSJ>=2+gNl=7vfD=#ly ze|2@Z2fusL_vBPm7N@xJ$?1m2zr@KC%Cxbpug?_$w_{&V(#^aoCFB-qSy!3UcWAp9s z=DV@Y_mi9Nr+=)^{oHu@b+LBq$HvyrA3rz0Z?3<8KYjZ%Xa2{=1~`<104Rulg2X2X zdV+8#$aI1zCrEJq1~-2rn;@wP-pvKMOz`gJZzywca1bOif3ujsDa_yeC5T;us3izl z{$?wGQp8->u>nKR$mjxij5NJdw`n4EvixRp`$);AeU&8 zA?toC#j;@gjeAEwF4kBx9{lt;)6+P6BVr4_)Hw6{ek1KcBw}A}Q<-|nFwI-+*g=9; z=$Py1m2U2(-G9KncQ(~=2ek)HcuqKexg^$n*6`F7R7^IWZ_U|bsm zo_yb>_vhJt$x-*4qJDnR-6zy>+IR4MP|NB}?&~g>tsyRKb4$g}6F+WW_Dohee>1v` zoZIy2-3RiCtu$%Z@s0ET3FCdG1F1HT8;=dG$5?N(@#;AGzR^RhB+ELiogI8yEc&vvNN3GsI@|TcBgR?~HVmySS^n z$rhBh#d`Rgik8Y|(NdI_N@Ogf@TI|Z4M8a-IOB9ulS==nl3-mz2C>rK7%h9Qd1b$a zl#V@sYO0TWt$1v_J*fQ$feO4T(N_b{rpaYYbh=tlX@__KNCvoG`5J< zW4rHb$!2Ob=x)^vX3Kx2AbI5-eL2m<&iDSTu+zcGKF8+Mjq2a;8uSK# zyu1DW+BBvJ{?&;VZ+$3azI}M8FpO$A%N!7C8o{MlQ<_;AL3xk&#XHTeXw)2>ychL6 z@001Y%IUI}54J`>vgC0)-E^BgZf+ghXYK#>?E$8!1FdaX`B;f>BEJec+L)i(%34;Q zw$cBf-18MbrqW92w%Xo3(w?#X!JWt!=k8en?j730i(|oE?EJCuYqN_Po{7Kx&6k57EWil*Z6L5N5wYVrlt`Y zYqd!;LB60Q!>w)JJHFO9RZ!Z-2kz*%KcBv1_|#jTsXyOhe8=F!bAbuN*E-YQ86SF| zjXf{AP@lQG4N!|yc~>a2R|P6C@@2GjSnd00I)P-V2s`1IE}wCS_c-Ycw*9tZ$|ht) zIZ^xrN}-9IZz&u8?dMB{5{jdxR1?5~ARD8}eafZyNK1w5)_0fDVmMI$LfoAOAeQb* z219W5?HB|Sj@$jZnVmPxCGAcJ@NBvOr;=CR9zsn^${H52w7pcZXZPoY+{(OkZa=am zk1K%EM+fjmy0a`#k`YZM1L92;w|29Am9=gSZX5R-DHesoJnsX@;MU3PXj+j!ZNKPS zMH{uPPM2KPps5t~eX73Wee!tUki=*AWc8nu++jR5;u}Ef?l?y2iPlz;ZszdracL|` z^u3gY3L0mlk)qDNjWh^Oz}fV}nmYTXM#51$-+pQ>mu*lVBY2($y6UeGuCZ6MF=3H`AdlgU=6n+zOnY|?Mfid=F*5JjIN}i*Xgv;G)#Y$6&p!sf!G;1>Vgr%U! zR>hF=CWBY1JyK|VBUK+Qkaen1Mtm!HNO?UX$0ML4U0ppztIlIWgg1%Tu9YS5sC5e? zjAzLP2Af=&2}Zb*8@FvKro46xS7(&7(3(WF=tZKvc_~ct``EIvilTh%rXOL^9btHm zUm})mEb@Y#y1jie%j1zh@rTZ^(Ie^HLz||OFY1R2W+2;-l{^#gOS5~n?#sLHIZXKG z+Jx@Ch@5>E&m>lKQg^I7x8+VT9BIq;VEc=$mze3zQFD(~ zzzm^B&5Z6%W}P7W3(d^#QD3aQM0+hGwm6GY^<<3QhcAJ%?l$xmBi z@VPDfNoqesY2d}2-_h!XJ~}k3$(|{Tk~JYt&gN*>O@cQ)O%H}fd2Gib_YG`klcX=! z-a-Z)dxx#h%_5|{8cQ3Cew)FBua6`KuJsB?+&Au3|DT)L1c`zXE{{Osa`v^@)dk4+a{Neq~xh4#fnL zcrd@4{Q3jL>i_yDsjBk)1+l(=9RL3{)!|>G=095gN&K&=`G2qf->Iqf@A&^8_38hv zbz8Gr8~|r!ZfOocpud8j0I&?`HNbBgj|CrjvHW}j zf_OmzJ_12hltB1Z2_gelhWxh$0@ihKVYs-txVU+_dAND`!NLz-e!)NAK#;%>R)X;H z6NI;c1tQyoe>E2sm6j$-OaJ%g3JP2O06!We=d@uE5&-3g!1y6sgTNhdN1?F4Ee}B; z0T>jH0!v0JW5~V?bLScTe8=!C)9Ek$^ z;nxD;hr$4LX#qhvm89X|Yf>G-sBDv&#;qAIM&S{8EWd<&P5;CW0dQZy5Bc5Z&qsb7 zM4G5BK%)9q3PQlOe=h%R0|>w`txk3DjbP;ADv52Z$@g1x02VwJC_fA=!UR^X9>Md* z&z=Q+=u=ule8N~cvwOv=9~yPN-5ITikEn7DmJGT$VvF;c>9suQOlhA;QDGX?$zP3C z3w8~ty4Z$XVrQO-D&GRYw?%_r0SE%Jp)O)t;x*f1TYA#(>}j2o#h9G%n}4nby8&Ds z9CLe2r>3+1XY-x2`*YK^9nxQ%@c(l?s1}HTG}!Ft-}Rny^2WO>GjAB)t=qek1+Jm| z!+y$t=c~H`Iqg|h&fHV(!y!%WzrStHlK(A!hw!6yy>fKtRl6rIBN@A=p6tKSGkeL; z+g{D;$#aYTm3D4~+))9ULOCDn^MV!+Y12FGEDHrqQgME zyh(CKIZEm9joOTZy%`oaMq&eR85Sj)(e8=soIfZZ~ydY)LVUEs2o zT*{yC-64L|D%QEZWKQnDnKc&6Gz!OcQKWNm@TcJRU9Lff29*&lLzCIA{X>^(>Wx;1 z8|*XAgf4Ph8ElLA)*=m@tA%x3sfpMyP!Y7fZXfJygUOv;d`nXf$)u&aIYxHcA2Ok2H)xPC}{(Tq?fiitvDCDWfu5Ab| zud{|@@!NlYNnnuOxI`lbGSYLft$FOxj)VRKx+>m}M0S)8NG`UNe|mJYtnTfllFtoA z{U4pqm;U}1{c5BwQ26m{$Gp1BSJhs|voET{di5JR2^FF5vxoRlXA0N6)RkZ54v1Wx zUORVbW%r-$Aivrvx=8y55gNt`2>gN0KrfQcquiSzoV}dAi*|}^Y3z6*czxsZy7$n- z?Wp;1UYJYt4Vi}mv)_rayU}GXBx&o*r&VD#hqB7>$L z_X|OSQGpnZxONxHyD3#93)y=F%`DyEGJfJHa<2lK%;TGJ`VxDOs=lx5o;Oj3Shv@Y zTZ)nCX!NnWvWjQDxpIt3>d+VI-iVBqVhL+j9a*>M$3&1mpBhi?{$6cZg`_(lvk=vN zk8cz-p$``7zP|-bAxJw_bO6aOVT}%mXkPQK2#uSb_ z2YyoKN=fZmk}6(t_gq45s2=GmHp?80KHd5AUbXPP@TVWZ>l^SRi0_eBe8JYkzq$1O zpZ@f(#()3FD&n8@;XjN2wAKI4|4l<<=fCSe{#md7?^*vl|Emo~O!onRrY3PG-Dy8F zUj+s;J#?hw%?B_xYLBxzJ@pLC&|OQXWmzk4_GCyxpj%_5(?!1NBagt0VcB6je^V`P z2xOr=Xr(IjTi5ZYdG4zhqHg`z{8SrO$9dHjVz_6A{O5~N#`dmmCzC2%)mW!&M`Cu* zR>goh#6uTuoLT&wcXi}PYiLQZF##)}u4_!fiyc4c%MV4qYdd~SpCqqHHWLxhBua^k z%2eH3Jh_jGMer8YH@zwI1pv4@KX>g(pUs;|Aa3|)ul$+E`*lp9qj_J_Z%6Y0jr=s7 z^X&R)s}?)Ky1K}*Hv**|O9!(k;kSDwXR60dZ=<>@*%gjO6H-z`~#ZK|4?KEWJ@#Lm^M1>Qb?w%PL+BK?;F*9V{ zsi%g3jt;jDpru0QVRGy{91cxuMEi}@uqXY>#KULY$93)l^duBP9jU|Ii=-oC9h2>6 zl%x~zT$J$wI6sm*UGtb0le$PnatmoZil_TN!)%Gbh_;~)Z^bLUq(kj-iVCT_h1I;` z>Z!0)C|20nYlHQvA0;FNH6TbsDHKVS3`yA}MbjOYkv>;8hx?zHaSI!Hg>&eya=Eot z;poEK6#l9JD`DQu%e&SNGhRrb1wHtKw7K1jEj*6clFZ}AL31r zmt$)Ck=k#bpMk6OQTxIVgg|KFO(N{A0jLC#(1+gM98QM|C^8|i_)oR{F%M7dDuHL0 zo|YDTVrp#5LqxWkxI+{{gb>4_Bx1J@asb$s6Rq>HVhdyjcQG;C6Uq$V;6+H~0B28# zgoU#Zau#F;YI|W{jhoL2Tp4t`%_z*l4O(5ROlG%I0CgX_6JoxI$$}X*6RBMB>V18O z^p!XRaAqeFfNIOH*@hPfRqqExmSd>ysAx_i6lK&Zk+_?@CK=49gK2h5iicmgkHkwg&$ghUphOuF0056=&R48pw$t1S<=Jz4UMbV-R_kLls+m3zR_4M~&rn=^#t?&s)B9PkB#{*ZxUulQKpW+<76gGw zNpSD-uIPgbauQ9_zqZo`!qIp-S()h$cGsT&p>N9b7^xqI8$gLqvMI0^i$oT; zY7!l)D2k?u8)Bbkyn@PRF(0_9XoSzZl^VLo|*>5pFQ(PG3I^9-5qfiPq^DpYQ*(prx~y2+FjnnWo~=D*2hbr#hkrq6696I z$5n&d!eGp#S`c$n;%ZJ^sD#ffzW5(&RD_}T%tn<=jt+DPwNU}Xq$z&Tm40KS4=j=l zQXish9J8s|=EQe#TzrK<4HRQhVe&~k-2U@JjsZ6t2%8RKlsKDctH6W_W3X;VC}NP} zV(37DHYXv!uH0J3noC5UtMwfp{$XBF`bCpjVWqqPt22mgL`RTV5dyH z-uIOmri7K4qfImJzX8bK1wqgBXkCq=L-BL(shIdUq>0yFZcjLhqCCZTDZX|16amLT zL+uk3ZgVW;mHiMHcYU)>=CO|-?+Wkh=mOQ<;nIy0`#%T(hTkgS2(A1vXzSU}c_y%c zX}Y2ymtG2@9?}b?V@>U^*d4qDm8A!yFKPiIihx#5BgDa!!Cj5WbH!WKVuuK$Jx2p! z66|V%OZotzun(ofVX1#(axD^GN^Q{yJkCl9h~^JLL-29ItCsVb_z6M=ndWv2r$sbR(^}B3k zH)-u+_Xs_rx-?>f*DUNNu}Oss(j(aK({(-svE2Cc(Ly2-DK}fINS@scdJxx zYT+RH@?pobJ5jRwY{=X_mDAj0e%JnWnLU;b$W_x?ZZz?>{kQN+n_2eM?aO$P^A6Ml#?ByV!;ybd`b7z7hyD@oxz>p3lp`W zpp;rk22>@t!*P8w0%yfv9n(nYcIiHI>i=TzI{=!xy2oD<_C^FjQ6H#?GBVgQ3>%as zOPmlOkZ4F^5|*O^;$FCS#ciF`QMFYI?p++U?xJ;TTWwwSYs>%Km%NY!kP-U*f8X!- zrIq*Iz3-iK@44rmd+xdCo-3=lUUGjv|NBZkLyM6qcYV)w9)Ew|*1xDBJF0J8|JvJV z`=p(MT;tn}+IL^=o$Dqn9IJcxw|58j=TXJejdf)k-yJ;d6|56eedqCj_lIi1{KISwff(u&i7IS*u+B%`X7W2X{7&o|M&cdCJ6ZtB&q3tS?P&ceXJjBT9g;z zv?8hRhdY%w=A?s$SGg!-j%ZLnUzgQ=JLz??rW)#k-Ub?>U4I)LE5mO6oK9vqZ``=S z*VCFE&Agl$|F-sotBuLu|GMa#n3%eBhf#OOy*p;ub?-(s?R0oidFQSs{Rf16>)Sgm zD%{#Y@7m0O6ME zqw$zgq14{Kzngxy-B~6P7SuT-zSd5gG=?TI2pCQ z9fHd&*B{P*T3Z>cZ+H(6V=vihePG<28z*K^HdJH7E_7ym*b;(K>vejL$86aN$@+Tu z)?p)zg14~sF4#P{lESvyp<}&gX#&L%quL(pl<=|m7@MkNsF%$s9h9qMaNWY2{k?<5 zAqT0>h2=vsrcpQ!J)WMqk0+Iw)Q<_9QET3BhC$CU%eOK-sRreaEPSF%aJbvFuLtR* zv2pecTF_@t@iAq?O)VWi297?ww>QnQ&)~AH*YUl3&CkC)wNd(01g6((Py*ZHK?LoT zW6;F3!?%BY@ML!Q@{&n3ADUkG=lz~mNkWYsl5UPPs19ONyEv?TKS5|7^77P={NvM( zu)K@M8ufl_)4$J-s!%_vEh89P-=~&JVcyYO#qODHQLUqAD?VmI&E8ti;aA_Std^c+ zz6y^1D=&dMzVPM35wuQtMF`e!aegqRYv&Tmyot}2_tNvSF3FnbQM9lowy!tioT<$m z@iIT!9Y%>EW_uvSKv*LcGjrRxY@RVwmiB0%UCe$%wF9oG+AD<#PHNFx7fNAygbqL?T&==;=nfv&nVs9ec9A&FS`UE zo&WQQQ0m>k79|fny*wkt<Ycj(im0U+c;wX1UT1=h3N_j`??cVmK^akgjdy9FZNiP z8tb)miC%xf*c5g()pBdfltUDQWp8NI3d-1CfLww|iQp4+d86m$|+m3i1x5*)A z$C+dGw?eTy76~;~V>Egm-#)n|D9#y5-jtqL20W~_F2Wza7>ul{~YIG7AQ@ZI?U{+BMltEW9s-RBS zTTB^{a7xcM0LOaznwWi9R$@4^8tZbf+Hl(P66?+Eas%53hIbw<5Lce;<-=g>4yxGl z)?w!`^P*sX8w(G6gE~sr3X1V5Te|7;FF7vG?27Wm8+!g-i+M0M=-MzSSZ)0YY9fD# zNorl$_3ts0Up=PSW?1ZIRMk-#c#UpU^~v|cTqynq({#MW;nEBWP48fhezju>?PMY=uj_c2k?z%a2kxfa8G_|}`_k(1~#?HNsO-d*x z2AJ#4>{6#*+_JduCB7Fa6f?(s%zQ_bKEvvfp-tU6Mp%Mg=D`yB>9etRcS_34KSYkY zbiKm%TBR;MA=vOi;S^eR#?(y?)!52DQ*58IF;{~rzK49{hR&s37>dhzsd)f>+EaaKm% z`O6H+hG`~S91U*`lAdBy?RcGB`}^tdI9x~ReuHA1!HKWjB&Oc6ry0ZGMyV*lwjaj+ z6uwF_n3JJn^lFYJ44o0{Cveech#Yr!%=3eTxGHcyy z6*)!tC8I5Kb^-dp^u_(>>dikulxOqj@VRoy`_N>pKOatbx=oUWch&9u4P^}%aS95UHj z6CHIw>-xRw4J?Db4A1I^y=g@Z_MU4~vjhX`_N_l1=x)6_Tt-Wu!^TR(HrC*M?G}dS9xT|W}jHSdtDz~tu%YP z#f^FKS>mc&HqUNSty6c7=_gxfKWc_ommIej!>@k4{?#R~T_U$>se3>EaP+ef3oZ2M ze?T?+w}5Pw{@=o(ye$>9CH>#KvHjQE>%aRyS|V$Q2o?t3xZy~}Y1d+Dt%#uum;=Dv;XPw(6{KFr3BK{M9rEQrXSH?^R^ypu6DbdqZt zlhxm(yP?1;$51B_v$HYPvmcVbdr<+6mOA1y*8`ttOzhs>RnIS`TNg&>ux@%b^A}a^ z3A5c_LLJ)O*?aPGlWqQXCOUCv&Kh<$4YwJ)Fz>q|=_dR7>K?szVA$b1VfNj0^(pqI zHq`a27X4c0k{kY9kajS^zT1eI!)u@JJD)_=w_@eYsaz0JHh;78VvmI{%T6uo`(ynH zJA=M)i?EcJJJ0mldw!P5#dDR%viq;GH16VP&B?4Dxj?V;(#ydX88s!mKD^j}eXk#( zS3cD{p<>*l+h?5ZXZ@Z1V4H!ykY7dh@8l(m?RyMwcEW2jXw!JJhGq}RyE;7~U+>b1OO-nc?4;2ZezmdHWkHtJL$1nR zK8e&>SM}BNBQYbE=9^vreqK&;@>(6;UJ1s#Z)SGcd4Arp!JS`aY+5sUxM_`1u4O`G zu)XQi-?920n=f`wnPeT#Gm5n5%h*&_T5xRs!ADbiWLEaczQOs1x#wJnxielP676JD zjje(Y8k;=KW|x>*C8Q3cPWod?7u~0J>uO}ZXYETY8xW8XJ#pXRv_&J=-k5UIe9X&o zy^0LVS)*vP9j6WK&*5Lt+?Hf-=^A_VL&%Vk841NUbM?ZR-Ix*9mZi%gSYOTx61Y}w z8$M;7;5X;U>D@MV zx!Y^uO3ArF6TGu^yo?!VGYf{DxL(?GRN6jX(2)f;(HjlyGq7H~L;L!!O?vuz^dixb zGs}&K9D7w}^6=WB(0bMkuZ*A9=-Xo_b@j`-Iq`N4Vus8za@I2+H}Rmw<(;&NQ%y$e ztr?_qz|10X)8H<=**jckxh|jn^{)r_&c<{tDk%M_$;%$;VGB;==^T8`Hd}6)J!fG= zMD`d%y-sQCf58F;A-$~Xax4~GK3X0ATy`&FPffp{K6_#xv%=`l5e3HC6_jx<`$9VB z+1qxG>>OI~%~;DWBb{=x3!E!^pAmlPiv?kJ?9%T7s9y~VieBJJxiH>{TRQVhNZzgy z7S45jr`TmI{*orUdiUqMm!5`}>lHdClx)qMG%fY~hCB8p1{TS9zUPwc>gzvMg!YK* zHtO$KQ|ZO(nMmPrFE@oS> z^acfq$3N76IwI_f&Pb`Qk-<~L>%wzS*HqlMotRwupmO#d|HoV{?-_PS)A02*jHzvGa8GFa#H=PIaA+Tb}a{EqoLGOcScjd7yqHEWi zOj$g*`~KHgG0)|D^)t5ETq`Qc-xqPLQ|gHxduw`*F1Wh;SNq7kAv2~K+_~pU;U z99u|XB^=xJXT|XBKcZ*u$l9Af(jtiRa@4FHkNxXY-_(|S46v2%$hTRrkD6FG&g|)} z)YA7K45^OzqH~vQ9oPwB29qwID;;ia*SjlcUR?S7wVm}>pR2U6n6$%OIzVSvulvsP z_8+?YCOO;i1LIl7ijstp!!hi_pXC8N7tZN!GOWDM)R#-fGfZhgAEI0$o=PU&#|)33 z99aKHr;OeE!gO!F>lXXvvxEgF!X`iW+P)P#T-AH#x10N% zOk@PCwV&)k)w^pkbm*Kb?x{I5&L_N@I`z-hd)`>|^yofl@tHdjYr1Bv_Zk0s?fxMr zCh!ifuPYg}nB^EnW4*fQe#&vB4-NY|xwC12-WIEkf}zGC245zRE?>AMvlXY>tQvzJFT%BC&{`8CA5v=#SsF{k3-r1*;0HEsYuTcAaHVZ>v%rZtPgMmz2!p=xgGj zEZV^1CBO8y7(8P0vEkbe-=-8SI?O3OK@l8TW#xpgq+v@93XMxff3v^zn9+CCc*~rx zv!5Db_PuN@olA0jMqsoLbN3qHQ)u3|&7FBm`$g6Yj{0uDiOu;6J2qwPj(dC8Tc$B- zRlQtBc%NTtI?iN#V{FRyd%xtk9$vZTPPBbR$(YppMs?NC`CiBF zMLkM8G(RaXqW=YR=cn(h&bVRS9G91#FqP^!)m@GWjVZU7e1QF(HQmm4gpShzn^Pm5 zj)l;i(@oFS?J-aJh2wX}+)p~}!l($*;^G(SmqPwH(mAc7uT^B3i9!4^pKjak-(XUV zt{t1^kX4^Kb_OGStykHQ@jF8|z8O>QZs$Oq>=d%hTvS-!v-`rX^qRuU3y1(0_ zFpuXJ#TKK&7%QN-MX{9UYSHy-{>zb*V}gF-e)fljF>QG=fUv6UyjrasI#Sel%Bmf zDz~!ur~5YJj(8k>TG3^BzrSo2o=DnGlMWp7u=lq&5A?0QJ+m9-!Ic8)1;c-hUUYio z^5p6;L_hG_jZ}s^9EHCDN&;MzOtR0fyp#Ova$KUmTKiNHh*_e3Ph9w!~ z_RDeyT^jALFAMAc`k`)G^jKD>9dmR3o*kFa+uGT}a6y89{p%z37iau+Tp;#wjxFxcepukYVQ=QQ=46~7eX-S_Lq=|{IS zr+ioWgSeBsqyN6En|ho0mmIsnVwxw$SXelprc%vq-Cw<`bez+Lp;LE$$(iud?iLVP zzPKb<*T5!u$M}<3rLzpJ%=Cu8!mj(7Q{6|}QbO;|sSo?(I-YSke&d-4h{1fY5*xP1 zJ^*z4u9h}9liH)G)^GjxX zLx0%i6f^OACat%xfy3I0xyQ;%btdzVIJjE}mzU{Te#g1^n)V`v*}sSE2LC}=dUe;M z>km4t%P%*;&BtZ$tvwjtIBU{*VckzlGv1|SmHWEYQieGQux>LC-L)|h=zCfuO$ZTg zTDa0C=4mcQ>AkGlq&#Hn>VDSvlSd}@b)KgL2^MeHE}Y?TJzK}Z9y_M5lg7wNHGdi1 zXPpOTt5Pac!~>=-Sc0uHWQ^IKk@$4z zyb|hw{>w8Q-)~F*gN-|`Ui^G~KOM(8RW-VPr6Vr;ow2vvyzb=IuMlUZ&$@j=fXQXD-` zmGtP-WrsCIf9D0sdDFe!c>2jsn9ClUgEdoh19?`J3-5iHfYo*@x=?Mfj+@GgId#-O z^jM6?%c@)A1A^Z%$Ajz;N;H+1DU2IXEUJxuon2SeW#YQ(#lPy67~Zz{roYFDGncy4 z^t)7Goqkw2sz=!`#B}UeOJ-TpF{qB{*p2~so&#$;wSHqm{h&`MxQaW$8(*| zQ8y{at$wTa{^^3xu8((2-b{V=X0V`pep1rlJ6D!J8L;`H zX^~0Mk8j>Rp4;Q_Vrs_Jz4@H>InL{h>$YBC{PA^Ul1k#JcIPi%N(xpijK;$TLF!hUZz` zP>-{Qk=4`9pC(LMJ*LF0uxM@Al3C?JZxRjedO6Tjq6}5e- z8fIW$M;pAfglZZ^F>x>H^}F?Nv%edEdwa#zO{QYD!L6|r+R>!--5D7}d(6fL_MdXZ zbYr!C=cmVA^fF31iTCJq-N^2_WP@+8-s=^Y*H@Hh>vnfwRO$}!#eTpnC=Lw#c@ZBqdi`d@n5|PxWAx%=n4w^z-a^_5 zjOSWJi4pkfS=3c89R4R}_VHEe&faHeU2AJ5t)zLSe(V=I=_Wg)93Q-Z7vna`%0RG? z>TSCf)2aW7)rn$K88n@5 zt>{y0TX$vQqzue^=f>_sFPmLnFmKC%+G>MDtDYuy&*|ZTr4|KV{q)B7vX6gjYg6=- z?v#@T+i{$2$U7J3KdEH?re57mSlcMJAKuWrl+DZVtShy88fLKk>y)JUau44re9ujgNx^K4i2+pEXS`d4(G z6_7#w+oi`9_TZ}nx-QyhZ1{a@z^k&(e@?CX;_OzVh<;OcvTZ)QNsWxI+H%otPKy5V zy~a5~>^lzz)E(}*yxxrBR7bJw&DOO&>paGIY}%ExY(3|q#gpU4B#ttq@f^3B*oy9;_^9ny}ad)+Fnkw&Rsh#1=UwY0{YkZm0MjFF0m5`r)afASPwshhaS} zZmsKcMn-$SnjiCd-6`D#rC5DJ-752h%7wl+W)Ih|VEawVjobOht)xY)lh;DV?>o(K z>b@X)__jLsCGX{X%?Dv+#v3bFPyF-P=oe{+O)@g*P9{|Y-#q$J|8F;H-_BnS{^mf! z#!W>xtV-VG477MTz^7WT&Pn7yci6})>npL|;&-vRTSg2X_G{_x=ySDkMaN9@R^4W< z=+!;kzqGJ?1SQdCr;&Z_gF)T8=sTwcQ&YudR?c;YW#xU0%xN!nr#v>>7v$hwIJ2X-GIqYlw46}v^3nC-y$Mo)X|mKfI4tPYmY%rAbxJget(UhRset{6kzYZ~w@ zq^r}Qo(Dq=5~g%c@1$?Fm15Ta*+AOi2h@3^FmPkQjIwb?Z;M4H40j#Kt5PwE>2~GAg z8jBm`TUA|Vv#+ws=TZr^{M-EBmsacjjB$<1)1$2m_vq<}UmB&dr&z<%X}_RSV`|cC zt26A~AyGAkj5^CM<#{~GR0reCx(QZ`g;cwu$fqxSUv-M|`{VVptlv{&u67!kp}VoX zr_B%1ref-*A>-_@{64r&7o6I=mKK zHWCX4D_Euq?4On)S!_~2CM1ez?27G+fcK~B8by{T3G%uCYgGbn%c9sce8 zgsimgerKjs*p~96sNXH6hNq2o&Y-3nlslL7+)+yL%AoZVCp%_PR)@Kpo#f*=mQ0cE0&h(ky z7ayn3?&DKU$(uoOtIGZM#Lynq6o?;WmNdZc6qgx{SxTPSvGMUQWI@N_A4q^FvR%EWq<)2EUZQ-WbRZ{IM!zT@;#s8rfB3^X0 zFD1x%i5p{)k=XLL3hL?Pn3<7O`-~F1gqWxeS&uq%Po3yz;zQZ-C~-SBoR+aHkAdm3 z$C+JYzS=yKjxBoKcaeKPUilX*x6h>fiaT|VoclVBI$<5Pz%k87uZ!oS#cOaKANI@x z2BojwSsTt=`UNxdmx>Cr>PgZY)0`P|d|ve`i->&pdeRSeUHezke5S5AP`AdXa@v@v znZt6UkG`Mq#r|PS9+uf`!8~qK^sy5A63V15Pe7t$F0ZK5lNS41+rPcCmIf!lysF#` z!E3)r>0Gxc@~!n`XR)cpWZz}Wba5Ka_-tL5NvYGRXa1m?tyuBBc;Pq2u-kBf3!^L5 zLhAbi^aYAj1*ITN&t!UZm}DF)0ekpLP!Kk*hj?|;u?>MA=f}L-l+kr_<{+Km|AXtP z9Wp8ZHv&=Gf4G^PV)raj9=+p{GZ>!8yo15na10-`*BgFJ)qg_E7f|MVLwFaPJ^yGXlJ}6&+ z<9;}cF@WVYz|$LU7%V#7D2y)QN+FmQy%k|aK8^Ihx&LD*&~*P#8AEGz7$dJAU)5^q-j1xc@gOgdJ6%PxgPNhldxV zQU6Egg8%maj%t8Uz%dGNaC5`OoLnw0D;9Hc2JYq-gv(Q4JXylY<_mN2P*Gl9zK|~~4xr252Kaeg8AlNkF`FyRlJLbc2$<-IqxgsrMKRDZ zna9QRL{b@^lP|i(FB0N1c%_h==>Uj|alXtIFBawZ6`+OK0xmo| zI6?(f@Qmda7m6g=QWYee{49i4>WVAwT%iDY;(Qrb;)-YTvxz^b4z9SABjCcLNHiAS z&Jyv_N1#RJiQy_!R5XhN;9c=NZk|ZO$>a<89C$}8l0d}ATs&7KA~N%({47^ITO<$= zfb#fRaOFT$$Z`2xxEsSQY1AN8z>!M%Is7b8-qeWoA5ae?^b4TN`N}9D zQ|wW3f@8b zZF*iYqE$Mirt>(`K}m>e90`|$OL-hIH&DXOl0l21rVn&v`g*%ETv;AWSEiRE&XaI+ z0v&lWnK(T?9d#C|yV73TATJ$pjsQ3^3UGZ2G|Pj9K>K+#2A!45XEs3Q6uLnI9rc;$ zq~L^T_iTY+U~F+XR3b(M6;qa6WcwznjUi9q`{UF(0QC4EtCJUo3`tWA4c($n|f)sixiI9Anc^U&WxM;NK95s8EV}WQ$mQfJaVd(S# z!Q;bn_3~&F!KH3U32~Eha=5A`7|N3?1UO%cCqZ7594rw@`P@(*M*`}0YZ`~)>gDO` z$8`16)P_Kb%>+eWg@H3g`7*F3dU6DUvHWZ)on%;q5hqhyhZDph;ADC-KTVe`c|Ax> zifZA(3a!0?0EChl4zmMLX9yJ$>5a+3Au-{27BrVs%*g^)3Up+E?hnsm4#8T)b0+A8 zTu?zFtB{{9;{`f;GvJ;h0CfezwZmM5D?x~o6VabA91S{R4rF;a1_eaNM&eRQR-hwV zLE#jpi=oS;Bb^lWsC3kd0#U9A?WIscXL=(!!R6=jK&ABdRuGYxKcRO4C_On$jtZ1x zIVzU2JQDOBDo(SQ3G}KeF<+PtW;fL`z#~}#rdNY*>xwHhPFI{%4bfeL)&{d5f>sPX zUy77TP}G~&ze(yTN*fT8h-bn1a6o0?9Vk8VBS&q`D^Y*=1N0`d2;!3u)Y-N>NRqK}64$j{j%aw@*oGflS(~nWa^i`=FnpVRsSda~4i%1C5 zEtq9Dyzkz?rhd=~NH%5qYL--4VrT?KS0Nj_S8N8;XD#^X!-`Qs9m0St3`OFF@la38byp=8*Da3M|ZyhwYdImcs;zNX(UhE=SfT77VAL z>7cw0s*j9YB$Ja6ERbMHmGZ}P16fQM7m5U2VJ@gdOa_BQ-v*p*?uRh2H8iawKM!;$ zWe4y;Dzt+C(Y=b=rfB8}n5f{*3hXl|=ps>O4 z4}I6laufX>eUTX3JkP>QNPBMlf;w#oSTK)PyxhS$H`z&>RsW#n2`wFs_>GH7ey({1 zbu_5W<8;g5n=GX!Zt_`eplo@ZNfL9j_@J8>BgH(O>FZa-QYcR3AnB_zt3cK?LXlN` z22(*oqnEapwdKu9mbJNSTPqxdt20k?aLIH;BefP*?Hx$D2x+-dNLb{xg`SDjr#z8N zBvG@%1qJ7Wg+(Oe7jRK;Yx5vNFx;m_LME&V3As{fI=2WWy~13ss^uyuM3IY!D{}v- zV&rD2;f;hv6dBBM1Oiw>LF;54hPSY=(4EH-lytto29=5unEHhG-N=ubPOgv3?V&-zisf?L2@jUY+9Z`)A&iw+iPe4u$`G{jk1)YJ4N4uA7#^XV zd~4XxmEY%y3ZTUm0Ah)Uwn9MO0we%*|Buy`aA{Cr3KfBSLmNvf_k~aZNFp2~{=u@! zN2E-FlDgy|g_8b3ymH?VvPog4N%)HVa~KIX5d~4hvnH~(XmR5+k0kPaf< zQ6gcP5T;H4AYw5OG%p3(1auF*I~-{q5|I$>>i<}U#jt<|^Ij6O{0VSJB5#|H#tIr0 za42|Rt7~|Pkc@{D=^c$xDUAqEB$9QLkXurR*G`E`CMqT|CBv;N9>N7BErgScCkXPT zFmY{z8r>F&%>|d&VlZNY1`Vc5MU#dr6M>(kgbq(=eCm2-&;UFjIw%4(-h6PB&kdkQ zw_ej%6tPu86i`vPP{kt}%CcbjUrJ~Rh(NB5R3Obkn|y8ydSts)ppJrD#OL6( z#uXA6@z$ekm9qiwrq*!U zY!gy~>yXJshp6AkloS#a4+0PO!t?mxDhqzHgrN~Fju1|)4*%s&VoKI>uh4#$+Xn9J zSfgZnX0$DtBXR|zOpc(z0?CkDCYqeX0_g|~WF+xT>#UC*Bn&%Z77MobHVpn6BMP!@ zk?XMToP4^Y+&exPb|gu_V9h~8N9)JgW{0dSjuMNS(T;E>3FQbm+3mvAgbtG<`2?m2 z2}hX4B}Sm6#87ol7$LV%&Lcyk!;+%{S-yBwcywe`av+n52gf7_I>G{}gCiaipBNSn z7CpirLQC2xiJ#3S2_MOozq~I8(yU&Lx#8g6xAhV1Lvak+Ke1BKQ2U zWHnM?2L(499}K!_wkWSvNLsZnB=2_3GGuEdNlVhBWpUfE!1teK%xqT7Yifq@BKUSS zN`-}v#y%$6Ds`&lH=jghiG**{XpSfMru2XZ3N_Q0<^6Oyj+=18lE|UN{<{T@G(h* z-H5O?3w8}AfWrs!HE}}lWSm@PAi9xobDapsl)yeLUjfX*`>;YK`ME9=JTP(=yYM)LV_nf6H5YO}ULN=ibA>JtGll7z&Clf{tWbIvaNp+& z0H-ipDn@oAmjXVRa9lyv6G~yql?QH&t`aDtjO&8-HcCVS7uY7~3c7<#$Srn}iougZ zN9m?XEi~0c=g|bU(R0XB4TeS@DVJI3-YtMfldl@Ofe%+$tzhR$Y3~0Wq~Xw zXjo{AEW}Jss!mja$axBMPPy|`(=tdbfu;U**jftPKtK$odohZ<)Mq+gD)T~guOV|( z#L=h3kA`yt+3N({9B^S$%&CYzr|i9|;)oDQg#D86)5#)gOD>QtKvZ>sJvpeCj)9pZ zU+5y^BbQwP$TF0c*xRA@pvdxbiR4QJ{as*4iQ{B*Ir;EuTyRooa3b8~iN+ua znhUZxQ&fxuAvqu^giIqobqrFLfgTHA&@c(N5H2A|>4C5VNEXE8X93rS#_$nW$K-=j;O7#IlpDEBa12s_ zge@RMvJ@wlmRq8$I={k`ilAs#vsBI*n%xb6rV8MWt7;!0hd)qWRWxS#Kr4R_Y4)mG zy}UH=m+)F8IY9NQ{=Qm{W{*>yizCllK=$cPEvjWFv;jpS$#Gn*8X6`4R7teOtKt*d z?1V#3In`3A-jftHYJNy)kKtNL7zQzwB_`5@=F|MpLzb#ZP9rlluWGZ_W_N-qw{s9N z(_n=W?K@3pF}z{wsW$V3qy~mWGf$$i(Fa`Eg97o^1jVg(AOAGn$%?eOwr$v+*b>(= zTRUGR3#)o}95;QW53lYV|F^F)V04~8JQB)UI$%({Lhu0+sc4P6uFM$iQ`3Um9y;VV@ z1QKaM=tgBZyH(a=)h0vtnpIUXWctAm1#!_*cxuCinx*^yQI>zGqpN$yYd1dm{ZFE? z+IBz9abA=CG@msayyMxiwPU$v$9l6Y_Ox5;`BA>nltZ}wD}7xdszt+UU{jHd z92MK~(9T`hWePT{EU;*(>^IGE=0jM45Ki%+B%w$a=h1J1lq(BGTR6G${il;uOqNZN zQ8f*bRHG%7Wb>XsyPhxnK>EqQV%c#tP>1bJWw zM-jY~k^W(F0F^+wILbzL@+_Wql?j#srDW>Wi3CxnNY@T{lt?HN8Ae^Kk!!1MvD}&l03FSdJP7NU%4XvO^*A95JFdL?@9I;5i*QiCD zo11E;c4!8}S|vvs3j2iBNHsXg%}t(#qde_!#E4)Owz0q%JPeKeWR`X)U}XoEn0AHT0C1|iF!LqVMU82S!ekF6XLlDM=kc35KhLLs+_{tyfO0p-aBEC&uc(GE{DJt7uH z{toLANiu@*)u{yt&=^7FXjcVN$f?5z?Sjnc80iP=6llkk8kRUvHHb9^l%riOU<*1| zCY81nfrgC#R>YY6<6{I;wiW527!H0r^)2=$b zV62cQYX>?6mWnw74Tb{PigfLO!$>nsB++PS0FFi=l%XB;L~!x}^-g0#5(n^=Iocrz ztO;hkFQ>h1W=Py zGqps+m&v4=`4SDeO(0QbX^BDtJNCinFH2pDCW1l(QMnXZ+M#H2SV-#VVIh{A2d$yr z9g>m4Bv03_3UOdkXsp&F@X8$R5TJcCe07aGISmE^B3V1oVX$JWF@hn`@?^IN=nwc% z_@m_%8o9b@3Jiosk*-}8V4R0w7_dQJeK?0UN_R`xg8ZVa>8sd9NGQY4Rej@Hpzh*GBnr{;@9rjl2s4-1)~d2QagrCAy_o6*W0E2^6&8@4aB z+!F2g2SIx_v|A-+syM$i>rSLeTk=_Rovwwl$U`uP6hpY;JQOp@$3xQ>2a=lb#UX+? z7NXd&aMmFg!lcNgM1)v$l2B{cl3Tw(+AJ54wI;8q_Wx5na~dx~Yxt43x>m~CX>5Si zSf(U=>FE#yT_)cUA@|R542nc4aA;JlJorQl9MO`ulIs2_Xz8{TsSx5|XclTHN+UgN z{#lB^whckHq)`dLfJ`J4h0wC+qTv22JC8IP99)4~LoaggmeOqqZLLC)FbF67=7lK9 zCYsld_cxLU=hl*u+T&9}R;_X0(z4;y+fB{omBgue{fER?NBSEvRkzTzYba4Ijhc^7 zhp@o^C?6k{-A1h@RqJ`6y*@s0t{zX6Ee|H&vf4uOsG1f4=XL>u(6_Mj z5SCF%XpjI)IVh!V@G?1)Og;+A09zH{rfna~YlaRrMSDCIMF~+nwhI*6c1glP_w540 z2jf6CY_TK(k@;kqCz3i859WlecM3DNlgG!kBmpa z11ljBEw61bVZsX${D6_bvo!-P;3` zaLNP;0lS$Q3SttG79j~oX>Eha6~LZnXxDIbZQG|g$RP=wJrtY~A%AQe40($}Y=7v+ z%1CoC5#*xSu_ZQ6#ygUY3&0C zQ)?v{xNjd26g;qDc#sDZZ1dnCZ$om92*RiFj0nuJIEWxYyBMB?tU1v`KwAAfgGKj1gnxnbbUoxqmyxEQhOkd;fx=z05u41+XiAR_#dI2```-Z z7&Mr8P+xOw!)TZXAsGY^2m^viE6Nj#QqZ~Jkkqzv$pu6c0kzu$MkItd8{&MjRPjO_ zw$;LOdtiw{BFn&`Kv6?*?!=SOb9-P((Ka?xyG*ceU^gfnv?Gzy9(aXZ;*d|Wa6=W3?E^*32pT}iAK~C5#R^(GEfH#l zh$ff8+6lPD&%i*`#^tq7fK-xH^BuqcUmTyimz!GI87@IAzJK!!Rp8LXk|Nr8j%shxT%JA^> z_GNm3{WJkw>9e>Hkaj#5Hex_jItd6F38xtE?dj?6=Y`Hhg?m4DIPs24#7|XQrI6cI z{})mS=KM@1(+3W!4hj?D!{SpMa2||Yu$Az$&mv-mMaM}eGnBZf8tVeJzM3(^zE1m#{4TRy*LO2Lj0CAcA50S^q z&)3hB0Y^~56tuW6Sof2FI1<7$fyc?lWB6i`RDP(r1J3dgWJ>9*LiuS!|0l$c7t6!j z$IH_b_$RtAbgoE zX&9hd8ai9nL`cw@*EVS=nje$TFmSfy)YEu0R$WhQW;9ldz0$-0OzJ*uSBQwiG)QGh zelP(MfuxORn34q0yvj!(&D7RD|GV0xC07=8M=Mo*3F_BG{OH!!k9@BcY|~N^S-z@D zotjRkT^ZZgg78%f6AiNNn%7nwE|i&HOwWZ?$A&YanpW(^5-uF~R+z4M7pb07LaS$e zLaS#%cT|x#L_n!XIWmQQPpI`|v74PpkuQ+fR=?P`=4z~}e|j>|5+A9|Z(8l#KvuC) zSz2A^1_+322qBLO3UfSk2tgyEuhKq>DUC0j#oT6W4OmqI=aGqRy|$tcXG6H*JU*N$ z>+7vNmcF6D=2wfx+iqSv1m&x(4k3Amxl|Mh@^aOD?$Zp(m4@*he+I9lyZ^~EnT%IGwMx> zGcSs8nJV)zrSU?e2UeAzM*h4L4SzrRhAdAArXPxU&|3xM+bbav1n_on3ED~v3o`#Pe9}t7X>dv;K~Z8x-SPZ_#HIXTAnkdt?W~if zY(R}V$HD>|ENTB(d-l@GaotR=J2_KY$=Q0t2L|*o58`WyVa}>kr`z;MEAiXAh2P! z)=kjPY7wPyl9xe~;k6-j<8NE&m>T0f_~*hwKB~KYThjzg1`D>C%l-7Ft?dTz5uAWR zd<8+S8aG5Mj9HCK8>9{uhu$q#i)f7w1ZhkpwUJk@IFRa`W>;+K85O$`g62Nzh#{XW zXtPM0%^*vqUJ7_psX=qYSTkcz>vbPEW>{&pY1Uc>B1T(88oLG6T3Sf}?a?q>v(2gl zs-t#ZTqC-*uIJr@lIRLW>jUzN#Pu@XcDk&~QoaTWv?RGz2vdg3{2zn9r5u=0jW; zdZyS7_A77{-iR%!EGS_0Q2F7EQltZ<`}!7nFx8HS@KxD^jEYO>g~YkAm5h4Ubqu zK*}zGC|A@R10br941lOYFo0@NR5*Z?E_ldzPRi%{L0s~E~xZPv!j++QEy9B&35bo0X*?~+yA8)1yivfOR-aek-j?gsI%X@YMB2}7@3kXfIdZMyusw}S3 zzuVZKjWnl3xp_pLg(6`N?6Bg&`FwJ-fg=t+XRtLU&@nv|7L5E7sIu<4TfvqC!|} zAox%2Skxp$)Kih%LbD$(!Agp=*^^KLlD*_-YQtkw<4A**Pc_(S5+{cn1>0L;1CVoK zK3D@_rijvH#r+WU#*{~*21i7j; zP?H@RFdGWbLF-(IB&ze5pkS1WBT_dDkt8LYWy(b>XGj(~1`QHrHs78ag&?F8ANJ^| zqee0drGmSdM3f8r0$VHsfg55)7V`8YAP0zS)@886N#0* zN3lqz-m_G?j;i9K)`gHi4Qh7cUl2sgl;Qc}Y^ZVe09c_22@2z8xiLN6z>SXSGr)r} zfZ>ZLBqcX|f^<*RBUMyT4fV6*B~2rWgvQ4tB?QL>I)eQ!KrTqsDv6f<8gaXl(yiq9 zykdeg8bb0h~b1iOfeiR0_>FL0)xpO+iqyxYQf)KK%L#|}dJMhmmt2@(f`uWKT) znuYeN1IKW)-BC#zm7VNmVO%Mk28g5~PRtP?YBD%{BI6?*fDLDC<1pUfV4x?=R9uOy z7#HOrfGCYGfrD>gKNuWX1XfuHf`A65Phv}v!h1RJEnkWcn#u7OZuVXhmTc1-R?1*8%@I2XoEr2i0PLiGc>w?XSb zFyV~r0)+&F1%U!iRxwU&Zy-i(puc>SXo}jva7`@UqM=Te&6;hb7FeW->Z=sB={bi? z0zopl>ByK3flFY!wsN2)Z5U+9RJ|jWv+QK_Iq0s6HB!Z17?P>TYeTg)Moc64!Ppxg zHVhWC=uyeBF+tdW_78!npm%JY7z|H_kCzt)F8>T4Z}}DE6Y-4F;D@0X zSl%peFK=&*!SsL!4EO5TVl)j6_yIiZacnGC*z^mER8BS=K>W!!{v$J+ZhuZ;x)=hn zq$?M_nplZzeRUZyo%HtfY_9#id^~|ClJunvaHp$>>026fvg&MY$XT^4>_kNrG!n}P1>)7!qCf6>GfxMhg06z^K+(=*2RUgacqXyT|j zW@mB_^dGEU^iw{F}tJU>42%mnYEo9PC_`ZM}%@muo5#)TWQbi$B# zV?ujBpGSGpYxMY?R)KoqPJy$TTld^dJG-^W>v?{UxOav{PW$5l%L1{eP!9mXS4d(PD|Nvb;7{skyY=rggQye;7Y&I%AH(@D)3`&mOuvjB)?QzfSb5VE)sd zDMjzoMh9PHh05mkd$@DA^R9}+L*Gb7@7?7*eb|W4A5HBuxYq)=T@_C80fP@d+iYxA zB{*_+SIoJ1W|Hjtys2kq&&%wQEXv#P;^B|3{c`=gEem=0uy##AJr?SGZ^CdNlVi4n z_9SPHFkMH<9ys{nx=R)rI|3Jf@EvpQTdzm;*!p_xtoxw@(&7;-mRvdd%by~~@B4hC z0$%6pW*CNFt9(xBe7UzL-Gn*jR_UK74m>b*%p1EpX#c~1eLgbK&i^~k&>LO-C*YI3 zgD>_y|HaZ-2md%kON-k2)A!$)P43>ctBzgS>Vq|tW39*b`SQ-V)2{dUNBz3~HBMyQ zZ7R#^P3rKTf{V}Aez$&lKgQxO*H8NFa?I1g#s`0^?EHftp5pm*avEcKAG2Odw+`9% zL}vYmk%cW z{YRajvpjId`PuiT90*&M-}lMYHJ5mSudP0xJazQ2cY0HQ`YUGJ=DuH;&Q9?AbIX>) z$0iK18Oe*Cx_Z=*mmeKp7j0bh@s4F|@aP(^XQ2mwIF!F<7ldRf{^1mT<>+_CPgnoU zb3fQ`$g}Nwf`TLSXLUX~igz|(&)?&7_vOb<{5o*eS35byr~4b+8pRW?+*|y`iEV%9 zd0F+^@$CMbF*nDQ^;@{?tH{oR%PWqE9ZGkP_jg=>=+t)4Ic48{pJ*^_y{ql9N6TZK z<|Z0;t6+G2^JTC8zK?eK1iv3t`_%Kyk@2D&yGx4(ZyA`n@^N|uOY-xouV>Jw?#fvl z?H+yX+7icG`F|%`<#zeg^x3ne4=T?V(j|_+X65}A@iypL;Xa%AFJD|6E7kjT(uldI zw`}S5VPeWl-*dW4h6c&be&;fK!}d|<@t!|@9h?2mps$(DKD#3?4j+2j=ht}7nSWVy zeS7j!O~jzQ!3m?j3jI6yj_2J|U%A#}o-?LC2y>oK*ZGaU`tV`nZxWAGRF-`uf`NZF3U8yPfvO zrikiuT|$Qszs&aRKRjc}k^Z-iuAX#s_cwnHzEtq#xO&WM$fdr+t4>nZPfAT2I(JY) z{vWp0PcQBII<)(*w9we#g}gBpvT>*F5C8FX@q8bz-45G44tp<}(SLpB>&;(fS)I=0 z>Fjo&yJzHOzjeSPi6_~4{@xqs?Js^AeT9C6Gi_MV+h@0ye755KrFFkV_T4pY)dj=T z6t9BL-#)47qZ{_s{Ql>CfB%2%y?0nsTlNNgQVEcRgf1e4UIYwPP|?tfND~l|-h1zY zgx-4*6p>z}BfUtd0-^$nfEA=;!``kp-$C#EX70V;%ys5|GtYeUc>YLE+57C0?04_I z*1Oj7S9O0d&AyQRrv7?JtcB?l2VZfoy$ZWCTxESD-poE{@tSI|Yh2rV+VfboorJ}> zdP#$m=R&ekWSx>uubbC3)mhyj7SGvJvzM|qh;0qG-AyZeQQ~1qCtc^$8=X(jzL>q3 zd5WX0tjE^R-z_jH^y94ITT_+M^+dbF#9LMr4&{0A)#Nz+boRD&Sy2`#dK)(u#KLZ# zwlETF%6kH-cQr`jT|3)}DQg3)&F7l;9Jh))JxMI9~h{GjLKfifpEE;`<*~}`qyvxiRBW_dG%kGkW@pMx-#{Vuy_L+d7qf+mgDJkl@At0eeK2#YHKyhrfHHggWckTYDeFwP-ob|Sqo?d<-PxM- z?{9=WG{1LmX^AHJx_x53zWC6ml9Gk^nZA{>P+oh+sWV~r>59`eIhQ<>;=MEO50IZp zZWcHMs+13*S8C#`ETo>~vwXSwOk3mw_l$=#vq~g?L2N&#)a-0*vPffC(YoLrJ=A-R zr=fx7&t=0SbS3S-_TNe8A`2<7&&=fJ=qVMHWe-Zh%)}zU%E+jO6XcuopJ5XHOhW;T%)o+_<(r zM^|{zL+>iLTKBX0)1lYK^V;1)rX6~&iDAnolWlW%li2)Ax1)^AoRfW{Z2V|M6rFb? zZxLk-B#S=}nBgT2Du!3BCagSN%yOAaO9-QNHB}#PdQ?8~LCcUYfn+~efzcH=DHNy6IMY`&Jc zGNE@fk{YaN9~<^1%l^>tR-1|LNS{sndnu;~-lb8tbkEL5s8_{DL4$5{^=>xFnLoOd z{CH}>)GtefIdbHj#k~iPs@-bYGvx?@yMNgq9Ezph~{6Ty+Z=~t)0^)Rs7D^S!fAo#A!&(G=>J5F%=3?3OZ zUQUx=c@=Vl3d{-!sPDr*i<@UXkydc??23=FguU=gEaUDT|IAaD4P!sIRkgQXU9h>3 z>9lkkFq zXNHaF_56bp^$p}t&UJa?;dFp-V|zrDL<&xRl`&%ST*T!@D&S>B%!;TXMhulxfw@yR z;y?)N``8n_oThN7D1y51*LCvm&c1j5wVE-pgl->WE{htiD zWBjrI`&~!=8*XT5smt%TF$K7R_u$5Fvx`clA`l2|=S;{xJHNy_YA(>x(UF#xCTtL1 z-+g`V;p)V#1x-y&4-XGvVd0MP`W>6Ofx^#>faV+I*XB5Ee~DOw>;@3v)!1ztK%Ef*Ztnmf zr-2nfGD5$m*|~( z;FFzek^~FD4?f#Dny8FGIrqmP()`CDu+dc9Cq@9P@h)g5T`+jQbCAD&Gl9Ed0DQkF z;M~Ouexsnp;P+pSzvR~k(|YT?3(`a|0U6-=2e6HQIm~}~UlG`xowj7m+5qfeU3QM0 z_GsleY4+H=AbGGZf7{ld!25rx>(1|h0@LpFK{0q=bZq-;pY7z|Dd#W0)6TUT zpbRJhCjl$q#MgF6e62YE*n|1l0gkVIs@m~7NOIBQQ$Ak z4nEtdYqc*Z!2pljzx2`0IXqqE>$N?Rz4BNCq54%oa#-ktQJ#2o~Hni7*h)Kr2SXRTChw5N@Pt2Em_g#^{Wd8CAnx@^&?_VqqB~!We&h*Z| zHXAyhvslvh`Th3tHLqtSz_Ih@cyGltg1ZIMa@N5B=AJuDK|H%&wHQ^saN=YLEMN*^ zAy=TD0cSODqUbY`2*;6J_SFN%5VXEkcz1=-F9hUe2k+8sq7=ulx^9#taEJ;A+XWOC1Pd;p zZk6X;;=dJ+wa60 zBp5^3(14Pr%1M1vQs9lZLMr>{Vr(FbNuQr1SjUXAq0f~U2Y_v^(b9sq%DYMtq>y|7 zY2;$P3@Fd48$tQ$n8nqhpAKZ5JetbF8tYQea>BITQ2vC4-%{>24dY^U^CStY55U>0 zLvoRlx8$crAyeAcS-T{irn8}4Y68w)vi0{N__u-?XE_sG+N|w4_)P$OfMcdND`b7s zr^I5{T#UA^)?#JIvw*kvqFLIjYH;oVKiR+k?aBY~_}?MUer3;EeIr*{fm|pn zkTonLCA*`0|IWt!!T6U1oqGLd{7Xyj|1ti*vv>bovTx(R2EwqTfdI$IJ)IH6VBC;#L+lxi&;Xr~pz>Du7_xyILKm z5Ai81;RG^zg7xDuR9umuJpX}oQCS?2NGNY3sl?Z*t!}ixZCOvx|0iw;< z&b=Mh#$1SUe6d81jEcq@X&M8XTA=<8W(Bvkvr$UGo(@)mTFJU4D(|r>4)jS*KL-?P z9s?p$WzHjHlUjhRJi34I#L)G@*gR=oZaar9P2v*tHL}d1aR5_li>>s&>P}V7o=| z07}Lvcx&0$N`hGaZqroeId22vbgwum`sy8a!|+m`)x5a!xkgDHsd_2T)pDQGR!SJf zckQG@a;59E>J~3i>x1E7EQ)2YzAR^~{Cbb|!%|tcHW~iUw{>{LuZ_Mb8GpNY=U_I) z_2D6h`&y%+^%G$lJdVz#TBPx3X4+c%t=oc^(oi-cO(oeWW}e3mteYZ)_o<;Y0~j49 z>$L2yPj+?rp>0pg)Vcr-5MF$_1;tbpv@&zs}; z0>*t}y@V1NQjcr(a`1HA^Bq@oT8u=i1{uj#^|cYAKgm)oOcveupAa!C|pjXk0nZe&GeLJ8_O7lo5_5|j`NTNj>M$w z`kn-+NV%+JFl9t4>+5%aAm#4gs$R`woLpT!YaK_c7xOa4<(h~{Vol{)rv}NjbcQ;S z^+Kz-$~$`4gaSi;&S@9Hvt;Ci8Zya9OITEU(1y2&wY4n2I73}@v%F9M01p1;`_B!U z|DoJ}jQ=~FHLJfHXY+fy;*aoOPWo^8KRf&nY0$^xkM-a8^zENb^9}#&K~BZ+R~b;j zB#_<@#I*onm4IIX;F1DZMF1wgfQ}=eauQI`0rnjM1f>8@L4au&K)WN%0e*&jlhXZh zRlqeRf*D}^HlOU22_UG}gfx4XBIiqAXArTQ{vMBl8(xIHpi+vxHN`kiz(U<_CY6cYx)VIU}bEQ%L-0WPSAu}?xK76%Dp8dCAt24uJwSr<=_K;!9n?QKx> zX>@pod^`l94}*7IvqhUCn`v=4BYr&`Ew&F902#R`j5%|6y+gxOpJ8FG6%x(c+k=Nc z@S?%f=pE(jt!7T%|2XBc*2C`n-5G<0^-=ohltfwAm_8yLL$vmz+=D@(f^yZuy!-_; z$2F_jp7V^mhL7qrGl?KWi2 zdI4I!Nnt;Tqni+hq*kh)dmlJuWzE1|6^SZI-tGI4lUW0=I7 zTBj8zIJoyps@f3qP=23(&OK^QpLSm2FyB)N$6Dc{<^Ca_gF3WHf+2mDg(kZNBfBnn zF7Rr`ic?tS#&^+4lb)H@K#|pDcKVdvMd1(4ixQHa^Y~lZbV4VEZipb`Re0s?QmA{e z#w>Y4JvB`i&`;$J4T9kSY~aXe=a$K1cT@+?sf?;>rc2&&P>J_SP_$o6=HH4`iyToq ztK*>gK$CQ0K??=o;hJiH7$@h zX{!(g1XS?cr)9cyd5Cd@y^Gt&Sb2RkyW{0s-c$Q+g{zyEYVz^6%ZI$&6TM zUIkR3oFweo&EP~Kh0A@>fC}C75Z2mDlwUS>qCocGaW_s~P?d!Rcp(C(UBkyF@YC-6vb0QW9{;h)EUP>%2m{_m9e8~krVO@77yIUf-J3EmoF94>?9zT@tDF6vwQ zY1e-$oiD2;Hig3IP%7Kc9B%f^lJPD_u=|uc>Nr~Yyg$)j@1Nxf3JMX0d(ei8K*@MS zf<$VhDQE(gy*Zx1Q( z#9-jH^ki%k9}?R~ONT}AL1`IoQXs{4bbU0#!=rpOH*6pC7JFdm7LK*H2|q{?qKVw% zedqBQo*YC!`7tyRwc1PtD4lKDSr@PLi?ZKz=AYno zGBD?*Tf!^7%x#z3-ye!0_^F<3*3&R$8CV-gi2C3@lX%WytCtCi6La={)==vJ(K$dc zA=Zr7TDHmQ*XW5Y0&e5#WWY1CIcmnVnZo-7p$ZfFu&RQVce*l?Nlmg4vn^X@%!C=T zgbO`g6TV=v(t7MM2YjlgS=kdNWv^*B(ARCdC*_hWWApJ{`>|qP1N9vxE1o5@9*OJY zke-%=wBV1;p6YKDsq#_+FJeTMDv}SXEoIQlxE$kH6tF!?=U*~rkKKjK13Z3;qrEGE z8(6w^{AP{XthZ36BngTQza4Ah(xq}SP-Kb~#Tl+Jb=KU6mN!c4ojiZKViS5wFUn6f z;Z_W^F!-viS)2T$cr)DKHT!-ziDV_MxJ{Aa{b2tv=?h7pUw3@$G8&@7Djk)|>?=db zs39X40;EquR+z+5`V<8|++v0!FKWc`ym>XHLf`vcv7iQjwZb~H6SB+V{DS}6`QoE+ zS9qycVkTMEBVl|)Es0UG#{QjuunS|Z*?}4W$xoVuu6S^$R=MO~5@o60YTByJY2Tu$ zYb_Feg5d#o8-IRy{@dU1o%sKIAF=;L&Hf1grKNr=|CN%K0{Qrb94;T&^mJDi1gP|{%^tmZ9R|qww~X4 z2LPvLjD3?0^?@Btn0*f=cL_(iK zZO*p7RV=&JwA5)WtV1WVz1M;h=TKvfdS1Ef$uYVxB>cG!3F#;l6vA=ZNH97kISAz^ zfOG+}(e!oz4LUQ=$oQap>Y3w$CvDKD&Y!K$6soleS14@(D)fzDDdE;=8ZE;}Atp|hTBNKuh9p?<~Zp{qry<-_F93}|$5V%*X^JwaJtn1vW(0W!< z`|JDDFJ6c&E6*-xz0m7m4C1}e{diwt68R7^s>gqk#EFD#OOgPOfngGrdMQ9U!zEAE zxtcu(?yWI-^{lA11!KY(=Oxjxp9;H;T5M!kkoW9mPWow(Ar@x{dpMe%v#Vr_NEbL( z_-AW{%MTxmqOE1Bm3m%x$oN%`Mx&Y4A+xm%EAdM%7OmzoYNq7<3RR;X(^AK;1zR3_ z>VS{41EjIJ!b=+o+T%SAtiq<7w%c?fRiYmL?AMGYG{tAHH`OU8=gIVxKRD=)bWuy~ zM-z(gNBJk+y0WrzY7T{dW~@^d6x#s1gT&^B6)cyFh3_y{kM`pJ!@YK3*lYL zJjMsr$;0#6jjf&KyqW7g%{eMU9*BG^kbhCV+Mf9w@2*!SR&l%60Ch_U%dq9{Q_L!A z>Pj91C_Bio0Vyf6hNNSukH&E_58(ZxgB9f@t+H0+M^=oF9@ffnw`BWH{Qv632mb%l z9sMt4_(lE?5_{IZ;{T^FuiwA_>Gj7&>WdfDSN+f4&8)uar#^f{-AsS`TEaDsSbHGAjz+}s>>;mG6~ncCMk`q-O#6W9O98k{@&`&X&O#m#dECn==L8Nym6 zi5eGIT)Y6vm+BgcRDb`4L}GgS4As%GC(Q7As2G_%Ni{JkC;-6eX3`O$9ywBIN1h~^ zSzGs0xwt^LHYp^szJ6C3(b`2RiA1^#Dk}HyFD(G1g}94^goFT~0BrpKO-%nnNBlQr z0q0XVGeG@C-va(701cH4L`BEM#>FQjCMBn&CSZ6nv$At|SkmHYa?fX;1r(1QQ6v;g z110$UOSN_N`FjcrAq{NJxtF8FjzlRI?<%fo7#tc-&1lcT)WgQInPR$oyQRAaM&{;6 znyzQ=sc*Z_)7jN?QH*lr&cYl){`re-dEArOt4nmXlS?ck>8X;k}QQ|cenH0YjRcY#4aO~4jJKWlF)~lqw=p_qQH`fcB3mzwy`KYhXRJe zOfW||@I`ZohIm^dQIckeV3Er%I(S*Pq^1B!wua}!7}q^UQqchSAvl^bL)kboQTLW@ z@vb&UU2PsJOJ6F&zxEC@V%HsDFDt+hmv-aQ9(3EYq^`^l;w|xFwGVo5V^Fd+j)vSv z-mS%cDBt5=&3Vpin4ra%ccStjVX~bEUYEiP_o};_bv{Gt25`qNJDa)D=0#~YAg?&T zUZh!u67yZ=1%)0adiw2saLSnu0+lLXY;K7oHw`mk7R8ou$I-0kxYtw_Z#~}%!gH+P zcST|660I2|ysH7fp&4UC7G4PNEv_)$rM5XGf;Ej2k|0xh(aZy9x1|_ z{1i3N^4Qw4aw;=nHOEL>WFH836GQ{W6n}wb))aNiw{63rkSUBNDv_7z{Hb|MdhtQ8WhfW;R4-s)wz~y6K8XL zr?vMo#ohKaWUNXqLww^)2V5dNHhxdnB38+k<>xp=%ggkE}fB(rz+z)vRYpr zy_!SGbcrTFl)9i8_|q_Valiq z7d?K7TM#>_g47>HLXC2F#TBQ{ls!U;38T(@-0NgoW=T{L(dNnW)l-xjgG^UVAULAb zbX|CPRi+}H*hvtUF-<@eN2Wy=LqGZ2VbzIgR0q9?Xrhp$+Wg2KPHB9JG^e!9AXz14 zJtJyLl}1!QQr%<`VCf_Q$gRu|UDMf7l!ppD71G)bm-8WELcB(mtww@33z~dOU^F(@ z0GSrZB*;S*oFc>6{r8yF6)}VdYr!{Omhib%sWOyEaTD}&H%@W`&%L*+7mB@{J+!#;8ubvT?(E~^0>1u?H0;hmhNwP*dDeD; zMD95Esd{VE$E~xBX{OHXR#K%$t&2;AS(GSky16w}_O=uMQ$}Sv0Dr;s^6s^jZmDiw z)r_mj*I@vzyb)Opqj4q~3pQb3?kY9&ra<{&@(9MnE68s$68$sVRrh?)lO~uVwF3F% z23tx2j3Ow_xj??ATP)Kx^3=pPwdOJ z+V`3O-ia!0BsV#4;f9$zx)&6-AF_4{4@c)S;-7Uxwzlb*F4zVgY3wCKnSm^Nv~`?K zER%C{q-D3F?1|$ZF|be})x|IPEA*!asI>aq$C0g)5cV5QaZHOk$4D~(n|_?uUSJ%P z&wMu9$hmy&z4%2NXxP)Y77G+p)a9jO?Z+N5;uW_bVa`#Pd59R{#1JiYvHXE6e%sLu zHgX(nD%GjX!*I^7Tdr&JyZ5o|+Q;$|!t%l(p+q{N3hUF9t5Cq+UZ-Xp>I(=z9s*#x zwP)Mzn_&Y_+CM&MMvFICi@gxSE-mv?49;QiCA5e+QgPRT zS=mWcsAmXc*aPt&1vzJQIl!5ODQ}n-K zIr%+x_|E;`Ut$UGxQzN$4C3!8;}7R0=fop*rpKmEUv|NV_-pA+^Q&3^jWif5TS z$PKIZ*RGeUov#bL2HLtk^!6ahC*0hSVN9Xte7M~qjguJjd;THPbGepEKJLChBowag z;Ak0`QGOr5YruSsW_|Tafr*F5<2O?J2 zvbKBQkgfm?kWXh4eZpdWvJ_oMu~q}BDVA@em*X?JxZ1E3KUCHI!TnVJ&64>I-ttfa z_4IuhYMrg;&>{+VR0#j*K!CsgxkLJ*yw{H*PfZNJ6DLb?m7A^JI{W&LE^yUS+h}zC zlu#j0*%tdp&CDK-2U2b2nX-BcjnV^<&WX3WymgnoRSVU&s-635#-)2~G%i3@ z8F1!kndoRssNjuDM|-T@=KOtAkDay?Z|KbQessooKQH(Bb~Sp13wK*tFbBzBBnbJ{ zPGzY!`<{n^PLoQzMIJSAa{4W9tsWFoj=!JnyXUl)bpH}tz)x4synbCDVa4yiXJ&!K zO2zsw+%Z;a^Dt(0b3QhD9&^P)kl?Mr+?ng+D)62w{8jE+3FdW(@S`)I!#Avu)0=YY zfroRmkE$*br6?&1BEzl zo9ud=$X>3wWVidR{0;fNQ44oS(#^&!K7$IS8Y(_HzK)@4tC}>v0tz3?!@0G0*+!T| zZ49{v>%U1e-@o~RUQMCf0c{u8&MSOK&VY@bE4}#ET8R%j$zHdjZmvw__QFU02&0)3 zTR9a0370M%x(|y9i0Nc=+f7A5p44gI7d2w~oN#U^{L|9alBN$e2TH?7&uv_4oRmwR zIMQ-MeXnuYZ4{ z_M-2@TJ4J~pht@rJ^25)(&#(!-w||Qr{%Bw)$7(*XSmY;1OecW@L!tvTlpVo68Z!G z|0J@1U-obK&jauPvjDKZPQ7<;N3=(wY=bhqtt*^OO;4Me?my}fooP5!RW)5uFxi%G zmzA}Uo7;UMIXWq+E;e>9H!dwEvYSk<^!4gOiKseUyd?X(F%Qb|!eJhJpLzNnYQMq*QRs{<(}#0S zt=;+Jl?VU|g-+GXF<|H8pBe=yR-eBheOVbzG=o_2$S@B#Xj*zYQZGgW5sZh1du9}7 zGDQcdp%V%`E>vaeq19;hk^n3X4Yv9M3}a=h!oZ3N><~j+%$NkfR|=nF?duYQ+ec4)=v}{RaD6FkH1d zKc!abjxMLXeA1m9p;-rb3uN}3&pb_=`yQj%RGF%jLE zSvvW;6A<_n)}1u>=%_e7YUcCLXVFEp$e%D|eLwbi z$N*L>AEQlMM2E2-pLwR2=Rn6U^QOWcb@MEWp4oZs3Izh+m?_cMGju!}OUKmdd!2IS z1=|6;IQxai74-SHUKU9D464!Pj($YsTm9H){PCdp$0@!O|DD{uY;D|+gKjUs@xQ)C zD*nfB{_E2}!hf0H;XmjJ@CX0vuO0YrJo|?KJpl7B{4dZ}|IwpI-}L|e{rw;ptg*52 z8yyVX6o8Dd^z?L4MFZ{*^z`(07y;7K+}zv@44`euAHzF{&mjMc<(qzEr%aIlMfiW? z|Gp|l)svKX_7a`r`MkzgSh$#yR+Qk(!a2(H%8|nyrnyl^6XnTd*qv$j9tXNQPWoQQ zjt5@sh@#_Myl7K0FC#O?D=~=|V!&hu#Uz-Rnu(cP62nEJAtnrY0G6SM*EBo1Mkk7y zMkuf(1pyPt2Vl*72!u25`Nmv{DnaEwKIN`U6K$sjoA|N5jIF%pjB$py0R}%@MgI*q zLHl@M#W!Wz^dVn(^tEmNxPql1-Yr}lle0Y|-jq@Or|9kUC`NC=Qq3CQbTlu`7ebTd ziOPXPc%N=>9%hDz2bgaHD2gvXxg^n?mkOs7Y`IOcx~^kyUWK6$kFToEzmy^0kfUQ# z3ru-GUCF7+GpjGma!g=EhYyp5d&LMSGr`85?e@7Pe98GuQ|Dv3$R+*skQ6LE?enwZ zh1po^y`gVo04b%OK*b=L)IwUU_66g&`v`Ns?&rIXJ;^m>OLloux+t|oywt}mNSg2M z(uVlHLGCl0a}z&Wp>xgX=)KFi!XmZOT8AOJUN`1+4N!~f1Nj^K1LeD zzsr&8G8Titvz?3U748qYn>&;Xst!YrYPX6Tf(oGPUJ!Ko^SV*{vp!4}`*8%>7A zf~DGHLU&py3ez@B5QkVzh!S&LYKP_-7@Y&_eCU)?K8DX=JC2*rUI$Qzli=H2l2{p2 zR$7Y(`yt{duPY@P`yDGQ#=?h%ms6xAnn+L?#taG+Iq6JERd}2Lq$^-|@j+$o<}atH zJnrOAJ#s)~IfI^=b|u@?vF6t-0hhG`=gOL|2ICI@L89%yaSZ>NSAQq|JA3)-yV$w; zfq_P4f~EG`{u8Tz;1Bt~GBUrl|C5p>{=ok~^Rs?;-f#Gy1o?~o2Pp1&0RWEx;3fd{ z13)7HTm*o0&_xCScmsen0O*76JHVe500^Lek+1Gd{+@IQ_}u~G|6lDtcFOz>|JVC> z_8;kEJN(~Yq(o+o^Q%isggPXh2Jcac^Edkv&fV5$vxY^AmNX=5F}$@k)=!__u^{9N zaQBozC5ZS31Yr0)@DU>6*)jPA=M3XAlf_cKQbG|lI9E#ujGoq4G%x3T%jMQ17kINu zi!TbLM$ny+Y-$@G8I|gQbb-9z5QchQI3@&-#bopiK(5@H$I$TCR@p*_cH~xuiw0V_x{7jPoIDK@-yf!gl@-Qh|+1j;$jsUf_RbU^58DN<+1b0x(3WVfvVLC)|U@I2qdLOF*XIqF-?!L%=HAP2Ui#f zMOrx}psL3!(JU60$_5gs?mRv{3tqAC!g~go7=-I<*N44!FVL|GVtC8oKxPf5b=I_b zc8D)fEQy9VHJd543PKUk*B>ahnz_@Cytaq%F2U6i zf3_+3F=rD>K#P*)eilB8x_q&=W6z#Ze*<4wYbqi4{KeVkRTJ5K+!VseZz?kIpA111L=9V(Rm@{~2;ldwPAPBTp6rds};*e>| z>SqtK#0tjqEaOBRcb&Rn|5yB9Q{?RhEeO9k48bxx6@|UqT)zlf5Z)|``sy%5@GfHs zIGO$rv&y~`|J}XpY}}2&xL`XW>ZOQs;2iM%Q@|gs|7B%BPhu+F-h0aiBM7TQc$qkw@*({@CYa8J|-q^T3QCM zQvV|U@09ty_^+0vu5!}!5FKySvQKcRRc4dqAw}824Vk4plpQR2d-2S zx1KzGDtCb&de;Se4HD@J3-7viMVP|-W>x9rAGs_Ub_QfL@Czt5sQD zjKdrvP_`J@Q9k{H#--+0Q9^}jQ*=Tp5Ef0fj|UB;0q#UWO#}%SclNHObh1?LZY9Q< z8k-sug!e2QVik6Wr0PSMIMnPDah+wLO0^!5COk4A`nY~lDr8gJwnzW6C8LQOg(=dA zVR{;}@=V1%;i>IqE*Oq7D|Aldn#THC`1y~1ADZg z-h_p&Un>ugUj1UWZ+lm@gBhAAPdQ{+O}y#w^K{qMNmrqx!+ZAoS(Yy!`uy|t6EeG8 zFq%>)*^p|*Spn!?U&^BsorkvRoDwV|E&T#A^&eQ_iG(OIdY0-efHN=aRBREgbruA< z&6DKyXuMcI7B;mOuL>o_#K9~)r1jwPgRG-Q4Vh!6?l_OgI9;jAOzyx>4tZ0qpI-(U zbNAvX8eB}zSK@U~h&BOm8V=I=IBKWHN!I;)Kz~mk@xU~T+Zn{!Q2uv$fCTnX*JCH~ zPec;LSz*nPHsT5|S+RzNxP%#k+eek=KAqZq@r#pT#qkMWIQcO$cEGDw%6mQ`^}RT1)%iZv^t4_`efg#lhd(-Np_S04WfICI1-% zz(2x&Iho(te-ovD*nj+6@cy?i{f7TnK%>0jul(QtlmCFiA5iiG%6$Hez~?um{YpN+ zQ|8~3|LoX*FX|BZ5eWkPFNAGb4I)XN0Oui`9!!=QddP!L1qPHC6 z;dOdeJ~HRZ?gyd67`pPgdy2x)4#M7tLIWbyg89;EZOmAJp zO|qoz#Ck&M%4&ei1IR)oy+LjLFq#2F4?|)6W_XKfp32HITN_8ifXviG=guco!}OqF-(mt@!?30e>6hd+2F?VP9~-^|WvolJ?O zL1_g;D53-Rq8Q4Fxag}lMw&$C4teJen+y(+J1QR(FnW|33)r1=9;RgmAYQZW_+C1m zdxl>4$4jkANe<%g060+$Dg_xAnz}35>aa1TGrTxzmO)l}JRIItthQH~vMZEdhfZ$+ zb<=yz=gmC!P}Hk6^-&ME!^3g8Id|`}HQqBXaC=|!7^0`abI@t`UWsE(iVh^c!7iIk z_|;eURUxNcOe05FQ3|Z_eyK_{np8^>)Adn11~l=W<8t2!3E0jha)jV#SgwX8Is{{) zMK=s6D$lzzuc^FD^+rNXbKU9}2(Z6iQ-TZ$nXl;BH$2d#V_15}S(179l$bxkWivX!_Afp8u_N)tMxd&(j$_nK;OyGcDul zcO1q`8^(KvjU1RN;lN6RK+>~@rU5hTJ%FylNF$}gL z6LfhiJNMd<=xbw;DpXO`d2igXmm~7$d_V6CV^CD3D!Ywj6nRgKs%dW%g&6@+yOJtA zMaqhlayL3Npim1`WvRv<%XESY8Yr6J4Fp_st6DE&qHK>5T_Q;ZdvWrGgQ^=jc$ahSX8wF9BSG;bd=pivW>)#w32Q6k!Iy#tUpFX`$py_biQ4@ zt!lg7KCY!~X+4nM%Bjx@gh;aT0ZHh=GJj4R&AS9bUspyv)nflyX%z+Zf#L)XY zLS&<}IBueH7=wlt{1o+h%Ld8z*_LYelh!c8%rPQ182TS>H38w_(Z&uZOqN9m(GYnh8-97237Jj zoWwpT+fxsOpN{qRAo}dVVW|5OhX+)Nuvk0H?o{`3lr!k5WW)DJAHEy^z5Lz3#%I;@ zR0frR(!tW-PXYM@{FefwKK>2=`y2ifWqp}vV7<&DF3y(sMn82g1&ruY;Mg0Z*`(k zy@qp!We;*Vr$)RcT4^G2fX>yX5*3jr=X8!z%B|VLYAGHs*&Ir;5R8Qu5Rm~&t-&f6 z^^$prSZS*PeGy!Kdyx`p&LF&+Ei@3R<<`Z2D5Dj%3}|JYfeMqEl%O=cjhIhui$+my z_$-OwrX>4lI4cCODQc_PTqWv+Q2c`iNywe zw>Ud!=baR-B_H?PuqT_rIdv^fA+Grk#J6mHB#l*lo+$LmEi zHkfdSA6@Jiww!!=R?jDQ1ZtfoEErOnbZk=KaWdm@^|Yx*n!JsSyh%Yx_-HV=uExmy^4g6QW_i=!fkZ1c1C zASvyck)jgJ<)xucUDcIt)^vt42XyOemD-2xCMi8)#3PbrOzNc%V%Pl1GHpzpj7{4AcI29DfejlSv66EpzYWjlB3}RH=i0hB zQc(vSYTeBjyU!nUoL8Q7z+1avXqtm{WZA56YkEEJ(pIF=`R&wJlL|NMeNv+t+vVK%RyUXJzSp#Q_#*x%sgf8g?a z=YKFr^7kuze^c*2nE#2A`~Oz|yEFe2WkHuvKkUDL(~tj-%Wv~PJ%Igc|1}AvKD|i2 zElhnsN2UHu1wDBzkf^H>f3M)Le!+M00`Prb{XVh9>;h!T-YBvX3+Wu|?UKr?GQC@b zOn=SAuEX$ZV~RQtE%5?oR5kH`nNsohdh5UP{&$XlFbESE3&cU$%irJ2!%9j?1{~02ahy-SI{BY?~ zuqr>ZcDW6X&_AIR2^sJ{uqQpVZ_S>_o*edd9}%iPbo0X(PVOjoH|O1~I1~a7g;;4o zX)w%eY%DA%8SxBQ3_UFk5($UFQq$6FcKq&W>*(s!(j7NGQGlU=)oX#V9MMdyyPaIz zqsI1d?%o}7<8;{c%&qX7lTKp`vCf=6ICNQMYA*n%#pdMYGoLHOVCagG$rV*AAdgTT zV$_I4)frl12rI zHNEWmASpn_IQ@8;lr_%xwqfjhT`;QZ^O*z3@YbP88kb3ZF$Z36S&T55L|(iMUDcCbH3pLqaC?uCbkL-+$$2zqv+gQj#+LXV~6n9&?7~^qkgb!$T$c)k2H9 z+HUwjeX=-Riem-~22nWl5*6quTsRf znpX(USKHWZ()^|!maI}`*@`l}TjCzM{Y)qzCA^>*Av~Tbp0v%enGxP7j)sZ~6gUhD zoHIWlT3jjodThU8oR7(YhlOf`$W5J}-gcB1QK#4JFRJpmZq-z`Xk03A(#|gwnj1OJ zQ|@lr1=q@3_&I<-OY1=B9#Y6wms2)Wp!R8XlEiuU>ISJxc6Dhc&Nk&)cU~`_ z?+)y-i9eb%nBSNIJ-;G0h&^iZH0vqH6N#Sf!2@+=EoP_1+dW)+#5*3oqhB}dc$XvM z{wep`=0K2O9VkcI7e=gFwcYzD_mkylV?TQky*K4C*1f!OMP2OG*lN^MH;0c&yPHOK z-DCUVXYXGFsQ(9-7kwA#y=5~cZl0naW5J)f>w-W}_{}0dqpg&q9l@jG` z3b3aGv`*vZo<&*F)}f|{_*v;4uRW0Kf6%bfET7Miu2c2;r|yEAsc=aabe*Zkhi6zj zF?%OxSNGjv@w?d>3Cs)7leX3 zCvN()oh-`C6%{P`?55(Wn@kk7bGtg0etJwx3!&lBO0tM0tdoP#Nr)Jxs`^u9$4YsH zZ@23aDwGte?L#!`E%jU<(p7E_E0eqYo9~{UN^P>Fb)qrPyvidQJsiDsW`RPW#0>ke zIozEX-mXIOXe7xxywW7Md7B^?wRQ~wa2RlCK4Zz9>;T~phD-41J`dU@MTTv#Z*IhT z6Su>QSjbz8r0q+4MnpT+Ya4lSwL_OpHiy}n^q<6dKnd~>rj;6`|GIx{jvN*$VNMp2($0;)8K}%MaM^?a=dNC}&Rw;pGxvi9eD&!#3Y&&kJ z4FncyHx9=t7JKp}I)1z?#1S*$n6woIixd)UjFh>I%|=D;DQ7_r%zB)(jz5y%AC`}N z*04wBGHm;q`+lCZ`n5URD^G{v4D8}QMwSX0^{%!54}0$&)l|Rl3GY;r&_WMQLNB89 zW_b({njnUvR5A1-(osN^&^v@)MVf#JQbYs<3{_CTfK){UM5QVqC<>Z49%ts>d+x0J zoHKLhu6JfVEdC&c?Cjs(`@6s8Q+RQeY*H#|h|qw~qg|JcS&F-09|hirKY7=^#&MNL z|NF?Bl&vpc7%Uw-eN$!XF3><#v!KJnqc{b~*8_0-+awxISi@HHL5z`7Rvu0l5y>1+j|_{X}45S%RX> z_+KQJaSkXmjh%(0IlSgLMh;)JqC$9-mh^ zU|RKl@^fZst!|b}+`?%GH1hRqZSIJjEpDanX-9qb9C-@rV^H`lC*HEscju+_HQU}L zppH8L8U%g$kE{m5OirS-=_k4#x^jY4+>feB5shPB0>O=2I zBS2?wPmEa@(MiH{=OVvO!6^=XL9+HIaF$PklQIfo<7oQ~XMfmATOHXop61v#? zKuchw)!2M;^d?P@^nnAPF*s)1rDD z`pknfP+PQx3rU+M z;#TWYLqCCw;@%%y%xTlsDuXc3^vSVj-4VMj2^kQ%lR*tRYdRRGj6ZT&(48ptWwW-$c1;YW{_P%Wz{*PZl8~ZN{}ERRcNdfltehzUe^U1j zq1~I}@8w*Kqn+`yIjalzZPoF@BZscCkx3D^_uTLb-gm^^@wM69y^);6+gntsdL}!V z@koZ>C1wy@S*E)}(OkPhxrOdNHW| z0V8PD+D5iMxq0mjMf}ErEexK#v12zi%Zj_IExGAsWmwF@vQLTA)r)P{_^SF1F7^2N z36m$QlJhybW{-}VAuMs9WED(X1o0};$8rg8d^WB+YRFpvOhGB=)eRX?G<*oxXFPF=jpzQubLeCg=XTZp z$+icg9j{I5_8u!yzB24}ypDq(M}`$$>G{OJm3HBq+t;Jdp4gz%Ns{{`srQ_-&iWyb zc#|FmPmkn#RlLQ)7~|Rfmk^}BNml5)S2x>g zXq~H_95>jU!$3$3ZBM}{WjlQ2VC>lARnEE~=~Ntms+qg3$fJ`fDY&nau)VjLN`n?& zw2nV@Yd!9dlS0ora9FF0*(ny+z(Loy)j*f^f|A)dM0&%@AYo8M*a%Pf4#N$a+<8VH z3(IOAkiV;v7V#MOx?Y-WxAx){8cbtubVD3c#Q_Ec!IY&0rlvhqL=YPy$s1b958^=QGZP1; zFg63&yY*3B10g*@N(F97_rjA_mLt4O=bZE)ESzkQKR+#qoY^m*eU2AyJd?bT%WWo| zp|p}Xo1Jwe`iAXH))pdLvOD`!8N#%l!(Ez83eJT$z`VaDrI0|UEwa8gpial-RF>yl z8_dD*f^JIWJqgHFf~Ef;=3cK)3YdZN>9D#?FoYE|M^aUBE7qr)qP(S&a@YM){&h4GI7Uh;VE65!A63uiL5 zRpW13yXU7{Ioe~3*bxjj^ zFu=kCLOjHR4tlgiJ@N%#CfQKMxiUb4*1o*q*zbdxheYx~*n$~@VwgvAXJ% zi>GkMo4Oe6!QOZ_2}ggigUmw^Fu*LX_Aw6>(I1dbiak7Y_AM=izPJZYVFsx3oPrX1OZ`a~>mrh-^XRBlqlSJ=cH`Q)*t zVgXnaX?7onMP)szEg!ZFKMIOnP_~4@Bpt-|T4fBg;DkV#BL8zJ3%j-kKNpA^Dh{Mk zU3TJSN>g5C*SoAdjdDC+HfkC~dn#6xpCR^efn8IZq4HS3%`V@^{$ivrGLtXdpKTKn zRE;511){az5w5fHt4U46A`92s3niuz$MYSE-)hveUj`8_Z}8UARnqfBjBC&$ zAHRU+@*P;0ybo2_eBk5hBHz{PzPFK3`RVD+*DE&>r|WLWHc2kyW!$Rx{OaN+RPU=0@g z!_8G#_G{M7%s$P#GK_i3T8arGd=arBZs#f$TP~;Jb=?Anbpx!&@xH}af@FwWX0Y>> zfD^H<4;<`89+ef`4Zm2xcZ;#@9k#7>GwbQyyu7u_bWJa000@YKMd6~aA>w96FP63# z{CsN_sM=|m8T)3f1GRLGLH(w7>sgy;Wp-=otc$H9`zciZ)ECF=MArDGE(s&ch0s{T z*=GiVPy@q;#IPV8n=T5iAV4?THLT4!WNwq8?)zg1vC{5UYiYq_+t$Zp$2*vTBDcdi zj05;GM^MvLFbCQH^&cJtxw$rPITxD zwd>m!pKkBvbGsof;7nU%clTvuw+;HFMpDO|Q%FjDG)-on)h99a+uJI4==Gx_ZnKj3 zuN2-reysQDrN>{d^?EZs@s+J(n|BKo=)KFycwQT^@htSo)ySya>m-2zwot{pwqdx4 z2uZ|^%&7r(g2XK9Da)6pdj+q$vORlqlX^A({n+)N>;IX1`&?91QVaSgnt${z)}PG( zRFstdwf@Ji{-2^M9TM=@{Qtk81NgiDw?X%A`aS>K-rk;{|NJ)zD7p~f(Ea;gYHG&m zlRx^*k4%0Q8yoB8HRR@2<>lpNX4XU>_z?(+r%#{$;}0KI)jR6yF?2XM7VC+@l<@E* z2?`4S&6XpM-uwfDjp#e`U)ulswNL*t|NA=~k^g}sG@|Q>{C6B-%dh$0tMKmY&(E@^ zAkgfLVY(1BHzR=H=0k&Y5R5EH^7WkDGcZO3082*WLF_{8+(O*h+Oa~lEPQ;m$h+vO zN_H(qKK5u>G*F$_?FC_sf;I55B-h^5DsN$|eXNy^tQA5G2;HYt-a*vDkPSj5kV=+Y zGd&yTka0r<3uDM!EjM>v_m`|Qte{s4I)_6)2zI9+Eo5+c?)>(2Rr z(k&_h5&+v`tFlTh=K(PGwlGMWc_azJ>9?_P(o2r(UHt8;_v*AFUGR7#I%B^74=ocm zCglP4ZYWz9*M9NB*&4!+V=(n|9^{VVa#@5g0;#Epw2R$i(&rj`P^T?`m4UgFpa`GT z?X>fO`liUbqbzZOqZ~sGRWAiB@#pxwvSE`a`3*M9hm)_Dy^Q0In7g z6Ox>+&&8j*?^Qxp!mMcG7K>Rdd!MUahbB`TP@NZ=~hLai=9! zq|sORP>!|P|F~gTHL5N())O+_;t^-6N#qp zhU(wn#;n&A7HY_`I~iYneI(8IT)GbIb#9s6>*QxVH>@Qb&+7HB+>HSQuF3)+hA06) z(4nic^*nFIaN-U{ycR^6wtBo9A20xIzB(5Vi-uAdfQiZfzYt}^2 zRoc;1A)Z<_cx>g3mU)61d3O@-bB02P5gwxLzpk(VcIT_Vri8CC$&Vd5NPSz*N?XNfRBnQAFTt7XUKnV~@ zQ)c*H+koxB2==WWvfyc*#oP#hrTCBWR@Q4_&wzs#c;^n+up4U}aY7=l31PPp*uZ!Z zbetOgSWy02!Ye+SM|pynhGW>|VyZM+;g%#C2Vzs6XJ8uuO(DHQSTpD6D*Ag4nGSnc zL<)i&avm}TP$QK>-%POJPD#z8c$~^c%e>x`hAAEhh!bfneYx|o2@Z6D-+FGRx#!Lu zuSAA*d)WOe$1!|t@wUBlpD;u~DvBm51Q*FUT0H=L&h>0O;`V9Kl{vFm2|ZbL{)P5J82FQj|nLm_7p9Yq)^f3Q@sKp;-# z;yIHiMLI{bN(0{TeE2YUxP22;GIV=YkpiUf;u76v0XUEY+Nkx)i?~ENq5+&?aiaSe zx!wBW6Wro#=XVKJOks--#__8*fCBB=N-!!lqkCvWy3WD$I*g<>Oz zRc0+T2W(C{fcdGUJdwa^zfhduvv=mnP!hnjCq=Yi&^_{$46!RTfxCd# zVYEfv*ly#YWlxaSs|k>ZGH{W3%>-f*j;OiPz>;mGzc?QaCvA9&cr zZlC7rG9RW)V&+G_6seRj$Kk+3354rf-JSO5q%W%VyonMiuFISC0T*2}1-X6&!@Slm z3d`zk%7l0MsZ%1|jV9!{Yx6hW%^OUxTgY(XSh2>JVCMFdjBb^XT)}P-c&JOJr-gE^ zNFnw5SJKRP*ptgx!0TbnE57rbw~#f843A%0sKj!&9-6Pqw_%)8(Zhl-NBb2_)x1Ca zM190Z?7ldcPsJK$>COc-5DgpFVF|!OG{;NXCXC!!6pKMHUBAM^!z;!X`L(bjz?KH8 zb=LjrRdnX0GJk;Qs_t>?TArcJ7j_riqfT4(NAuTLP6>FJOtn6$EwWdr3v|QVXpVNJ zh|W(Q0G+DyAU5jj^1HV5-OL(qom9E4`TA0G%ooaFk#Kb?v2QD-3pmd5mFfPY_bBC8 zGt_&eCJn^=giFEX!8?yS?USo#AjYqKop4T1FRx2g@ywHKzZ8mYdR=;BHRqYkr&K24 z9sK6oV#l0J=zRgVsKn##n&GjnkI*EAYbO>^m1-6?{Gdx}z@??cZ;<5o>&MR)FaDTQ zzH-*ifN9$LyolT$JCx{W!ISbf`dRJ#EYrp2^RtUQsUc0bIwuO(1RmY?a=kZEcyQT7 zVhpW$HlXbhMjZwojX3%c%X`!1Q_TlIpB=BZTVFf8n?oMWUH+u55BvJ)z8>|Z$Ho1- z(s}sehzk?eSjzM@o))x=e3JND?#4&ee)qPHbksvW-0;_+k%tP!AqA=nl~0YHyg0gj zsGxmiv-LA8pB-l}R|p%les4m&{#ugR$+`OeYh~^mTiWdfb4}7lE{mO4v}ZeDceyp+ z(a4dHdH9hCkSZh~FTcb8?;X2yVBtU--P3LkET4La$GMRcUNUo)zk7 zgavo*WQ>y6KV3sV;h}{+ex3i?@i?^n#<{oJ9Gv*)A9S}XkDYpm>Xi38i~b9x^5+G_ zKUn`+xY-A2`Z-&92O4>MU-~5irl6ttkE+1@N&TlNukiQyZ)FAgQ-9Tee}4G>x8L!* z{-gXi{g?lf=I`{cO2=n{0D$c`|LfN_|2_ZrU%7;!u{eR40d6o`92c8J*On>{%=R!pe1EItfZ-uGiYmN_Q3|inoaq(emfRDO))dWkqu#-lWe=YR-11wtoXw!mD$!%< zRTow{*84=jOy=+b{E#-wz$OPsE`SdppJ@r#-sp;3nyBm1d?Bs*uxG@Xwe5AWka9w7 zW1{}OFESM;znfxYV9PH%KZMK=*!$0@2C?tQQ!icaSh=( zbCu)A?q^#+?~01RvH)7v99hc3jz)>!;vA*d1GJnKY6Aln0$Ksy0sxGN>~}vkRjb09!EK!ArT#k^MuUg4 zFY~(OF&qXFzCGCpj0E=Hprq|fk0L?6SEZGmPxy6rp3q2~>YxZ{re}UL&h_?@S2T(M zn6(SR6p&;~d@76OR6jqx@<08l-}iq@KnVB>0M+w5{Ee#)#teO{UxC|;GL1{Jq7a~R3Apu& z_7n|Z#Kf9bf$S0Br1`f#R-@xEyZ&_`yz$KA6}s)SpA7@x5OdJay0iZiF!KklmeHo! zfIG|2H@*RJ?IWekDZWU+`UX(F!df|39m5#!iAbN?0u=F`xlA27On_a))!_~AryGFZ z&HW!gFZ8b6i)RFZ!7E=6dh(g8qEJ9|^V|C@fWG4mCxodcoTF})_1+3=%?IG_8c_9t zHo*pzz5#Ad?RK$lb+UfyV7+X?u)NFvO zR{)K(0^H!rC`Lf|D3H>lr2=I}fdJW)K**g47X;vue$@`)V!{BRxz!FsKn#q4lo}%g zh>Hz`W&-Kx=+KEW3JMC<)zxflZ0F9Mqm$;ZT)84FEKKj7=jZ3shS0P@^yuj5mu}Yi z`FXXL4|AXQw;!|8hS9C*jN9LT0OCqr%U^-A`M10KG%6a%8{6z)eMn}UtYW!5xXxU= zd`uEhqdQv%7JoVT3Hapm*1WaoUN!Dov(|_I7+`HkWW1lk_#lpF4*y}?BF)iQw(IsJwfTk5p z*ZR}9AMmQB(c8@9mCOv4Z)+EJ>K1neMc7#D)|%!w*&5b5KYZb8+@Q|`V0Yd_YF2^k zH9;ev81B4J4L~ZktN~uxcjFjouh>}Y*G|Ym%Sfp2-@i*WuL9&DoD5*83(ub3;%HdU zd%5j0u)g+~mAd|AwUreJuAq&v$sQA3+T90k&c|Is%+9@`Q;vX~N%gkXuRZA5?eFXK zf~nJ_@>{`2J4+gAoJO03M*^*OV+ZP zg`IsM^zO<7)Ql`xxc(qUWc7yTJa&Yy5Rh00v+y_;Em{f&KE4234}v!%ifb

    h$RRy*uM2v_Ikb7p=e_w#ir&n&l3O(f9_R2|<7uZ0;7wuINb z-!4>ks%DIBmt%J9_$dOW1+kYryBsbr6SWr*K6F;mcTDw$Z18q|-(6bA$j>^aD_@;X zRJ?S%eJ*C!qxL2@cMzJH3gt2^R6{e#s+U9hGPxri0b`mzK{fCi8HM} z6|4M%+-^BXyCa$Hv1v8Q8!98&QfFbtd+1q=NcE*t(f*h@MVzdCoB%hc{TKdxA7OyS z5kq{!-yJ7B0NobY>PNHgacFWF_goV{bt&@z%{#1+qU#gG7;^ZL&0;I-6z!)OSSSng zIYy`)gB_HkLwR(-e0$sB@IRCt04cuq&!-gvrlmR!q?qeL@ct+cW2r8m21c0McMcd* z2<_X$U}d?$$|f|cJ*d2cxdrG%q%+1vg4h;EaX24Fmc91|3j0$yKnJZ_74Bn{U{?J7 z1*>?V0RbAH$5;M7Rf_AAQ1(0s&M8Gcis|B*kP_aQ6YFW*bUMAG*i%;>)5W~%bJWH| zyN>pKH}%ctTVn=z-K9WnD8{du288Q@o^>L$KJ%L#_8kT!grYZ(x(i@HaXOm zF8R_hc!X&&PD+3z5Uiep8^cKOukiFk?KWVo>4@s{4X zfjzWR@mRw7wNzfJPxg&mduD5Z1b-Ah!^+?rCyrhL1C6O2{#$+WgQ@KI6fdr6Nmmz?@nR(; z85QLq*M*IR0VWMKRzNiQI$Z8(Adqz?hgm~am_zm!0yruOz;0&)cT_cwS*5T6M+D&k z6-HGW+-%HJx7Z<)+|0=4$`*})o42@GG0d2VKEo%+xMxx@yl9XR%XmM)QvJ9ng%5jG zqHy7K4njj6J_MqYMQ{N3#usrD`+9K9A3N|i434C$rNQ-`2nM?QwNa|y=ZoKho+hB> z-GDlX-zPNQ4$Jf7)pYs)W=c^Z8?L9r6{etQCub2HVDr(T}pZ;<6&p*ZgDyYf- zJN;(`rN8+9|J;H6UwrrP>t71=Z~b5YhyG{Y5b#?9G_(Ss+rIke0l$Pm!vMM#sL|hq zpnq$DN+<%q|~yQD@o>9}1rSPTysR~(c&EaKz?hT5@& zh}hi-Orp#4C?V`%3Q(wnvoR1M28k2P1w*ctiQbY-5W6ED1(L`u60H?4$|XN+X)Umm zM-$oZJ<2ZxV3#pGdYueRcI@pUFuP{)y9OR2kSPq4C<6~?|Hw-_p4*V;b_;FmzFb@) zpB`S$mw3*$f(R#dSJ*MJv|~>zLL;H>7_>?m;K&tuiIXm~r~m~=3g2j}IvykY8V_6+ zX_lV2=foYfWkf56)|)2ggw#a5ex;UlG2IIYy>1k#dF!sQdPXSzo$fgkHg~Z&axWTJ zQY6(*r+4|2a){$b9zPlyZ$DL+t3yk!YH`kvbp?^cxp5!hA>75 z&kNKxxNe!1K5ya#C6SDxPA*rI)*mB=o>4L50Zbk0BQkho zk>>)aMivBliOrop#C?0>OP;-*Wlo#9-7=H>^FI*_PN_PR)84DF_)2HpZOJ(pOA9+i zg-1-hAAki$E}znm*9&KqP9QJY9@ujX^StNm8HK68US{Bhhz(X1me08$4H~gpXHa4d z))C@WH>pfksx2>(psM#oWbW;k71MPT_~G^XUhYeI1`bep)4Cy5{#X!I_wYv3`1wm4 zCm*~}C3Qi$i9}HIe9UkC=Z~$+zx+Sw`p-w3SwrnL!Jj5Ced^eIfA>@8!M#Tm@DI4` zCI!ml>GhvrU;AhA-}|!nMP~>5U{5!?{F{%xtMjiez(1K2{z?9)B(L`O@n2DuZVC8T z{`bEa)Bl-&`cOO22xU2{lQ-UHZ z@=DqPURzDmXnXHm*DJSN1B)(SD~(90i%D#HR0G}PecL6MLkxj;3 zM8jV}@A@(0NPU|`V`A!Ad-6HgOe>FU=fEQ8z?=Tz6<4C~1jkl~CEbh9YD&m{kWuvL zcHNWe`-2ZUMjP8k9(9kmQpTQ-FMQnGwec>qZ?tY)qKrQQg zU-9Ha9d+vgb*+15vwdV?Z1MBd``x$eyQ|yZzkdJm{op6v(v@!OTJvnBb#kk1eBw>lR-kFR~Lf3-RF@!RaDz2)8gPe15do4QNjndMO3Lo z2D^LTh_Jrw?(1|l2)Gt>)%9V3Yx1+9MBBDF+Y3>)NmO7e%KCf;C`k#jupkxzh8&rP z04u_%3NqaT~U9kvKpE;h2<8jpA_FtzJoRf*c8e zuwetp5D=RWF`NmTl&FPN3BrLu-?!BCX*@t@!y5tH+4O$i;R#J$-l>-lh#1oobdkVw z=KkIA4y1@SNtRp{^0z%Q^ba4c7w@@ zNC*Nw3gghk5b;75%S0S2pg&JRF-z5hL$@z$g=00^aSZ~O_OJs-{FHCP1p)lS7@_@@ z9mu6AS&$B3-`i&f$5;}(U?-R4BVk|7bs#Lhf5rTOznJs$LH1TOUyI9H-Wa2Q1cNpR~81e46iJ72{f%;UXHb z!?>*W?sa4YC5uW4yIH#JBdsZo$(CGU- zOou2*S)KqdE8PfH9Wf8=fPvi&{An^df<3b^ACAQSO5}^{PrvdyiC_W zuQmz@$DVk)0~#2AE`VZ-D{kgw2^j~JG(f$kNNAp|NmWqeFZ1^W*0b9Odx^!B=_A|FK8e{psH z1)cblpFhd}=vZ$$=T}WdMNyUR1fu$j|EsJ(mjwJP|NE15{m*#$cmAgcDE{*QSlL>c zUz?v?ntV3~EHrGJ*s`)}qm zzqU!Q|L1@Ee|Q}8T>Dl3*Xq9s8hIJ==~L=0`6v8*jyjH!zED-GDAzGdb>&Je-4e38 zLs;Bpd;5bg7-&O@g7SwZSOoEs8$)b-fIXUO6XvCaf;+%KAb*>%li~7=3?Vk5v5*kN zAIV1<;Ay_GKrA#n>8cuYRJ1P`1k{!|B&y}H&@G}E7!WNGFu1ljE}Fr!@wRgB5#|Ti z?sh>DC`1(8N%_7UQx$AD6ME?g6Lqp*BiJD$wglRsKE=XB{;=}-IxOed6w3F*>`wf| z#=xMZMCzdqkWDVMSCe3Rj0oQk(pD{Fi_rHAVa{zzvv{ohrhnAZ$FK|Reuw1+av4u_ z6!8%8l`?!F`TD83d-24oh-k(i`LEu;?lq|BG9VoV4?|zdU652j9Y#SbYsrOinbj{# z5j{f@l{N_C%~<(!`eJ6I)b{Ge9GfuZ=baS4)0VlXiM3Z`Z4fRN;f(CEM0S=c`}@dJ zceBl_@b(_E+3QQ>;>r4Qvn=;yrkOfO83Q}IC!KWPJwIo((=Dj&!O43p>Gd(ujG7Lx z7T)E#4t_PS3(Q;uS?~!p$n;rE;m~dB>x|szbwy_kHedro3(Say}iAy@3e@B2!&d@Yh?H6<%6+q>TF;o;%n;1E0(9334^mzAH`eqqx|+dH5gJ$iI!XQ%T$ zEpaAEMnXmlj;C>v+P9yyjXhf52CZ+IMp>m%*J+TFq@dg_540e)mhW*`p255nC`A zyu0)H#(cKkgJ2e{q**9G1WUj^wI@Ro`|LI<`lS|eS<;y-}20Ox% z{E1XHv+&B%Au&Y4=?j*_w`#fPpxyOYV0F9>(2C>QPX+@ayS;)v=MuX*b>;Opa$lvI zAE`gWzdXTMfvd59=(j|vEKMLCIl?a4OwnbqO9P1*vXH88ViYureEIe6-;Wkd6+X-2 zBU$v|*~_u$S69R{E=@HSM|0;%45ukNfz8#wrdp|b3=c`!n3V^msk}IfT^bvNYV!G_ zhPn5gpCe6xpqq&QCb#Z9knCo~% zI*AQH2zl0P^7ue~AnX8op^q_3jEcuzh{KV1H1R;3D7s!dl3$c*ESf!yJle%;NcF`d z9Lv#g6hNlH(CO=Jx}0a_)ybe$DN-cUqbkSK%w!C`JHoI>He$V>sg!!625qj-c@;`N zjq%6BBLo0~iKZBAlK?RK;=347#F|YwMi#vVL4{{_^>B!dD=@IqZ6A72Qtgxxj8c^X z9HALX?nb%FFZAQaunzk2aR}`=h5@6}aQJj4p<9dLLR;p0-Ih*hUO;`3 z2E~Y9)29(|P$NVyn2{jAsDlzJ!~rl-G>F8gR0vRjGTAPDm_!nlPHe~=>q34Gm>bcOs5h;QKR@|xWO z)(2@?Fm@b42+-q1zhU6QlssW7NFoXW1o9|OXava_34!#XBbn%iY#<3%3>7Zl4HN?d z$So=!3fn9Z1$c*WU?6PVo*M|pu*D#wIRUz$i+MU-n?rq}8-bHQh(x-SQ(=G|=iMia z5URWk54HwOQdSh$q~NU3THC^hY!?T?@Fr#)xBTHu5Hrl#2O(dHSXDyaiWRB}bY39n4uqG{=+7Q#Iu3d=`Agv!eEbD((s>HH{Bw;yi(hZ6Y za(F6yUX~OioLgu(faj-z!f_Ir_IQzOVAFs>AEKDRZi*I0Flqq=eGwd@E7}T)aOhS}}t-m;6iRE;d> zNx~Y64#0H-(J};0Y+EkrC^P~tWQ4=kZPFip%Rv>13ibnZ^q)7O10@>=Ktwt$3K++dHcIN|1$;u-=!{p zmj9{9EBsykub@D;g#N4k|GRbkKk@Ki>i^&KAKLy`+P6=;U%%2mFaF$mNn0CS-S|ZN z(6ak}YHR7;&$l(S4{;w}&mFwUo1UBdIhDOS`i%A>W^8ie=a~P@i$2=Owf(MM+K>yK zEA*l339ZleXOG!_pWb%U!+nY!-B955!?yjlv(Fy2)4Gwg<`W-k8#fxG-qqCod>~J2 zKK%0`-)KYQ!2|5vof=xL@M>k)LiuglT}fIkW~#h`R)u+ASkzftyIE#Ht3*F5FCQ-| zZm%e(l|e@GDrYnDhVt@0X36)a75AhhK1|QJpHa}BkUbL|bu&HXet7EmRg?OVYq!Eu zpI<)PI(=e^7HGkqLoo7B><2He!)}e2#DV~_wPgd8y^w+d;asc z{s?{k6Z&iZ6AjSkKQVMXLrfe9&LSX}og>2ur#CQCZ>7+A&HOnPmDw`v1;w?Y0Ek6K zrBboExhfk22i;2smx*gsNJ|TH4h#s&$h2}o!JSb|SgcZoAR1nfPzpzI3My7=h%t?Y zGKtB(&E{tWzut~3^L!1$S#z-`_pCMqNaSvzWl1?q)Gz}zmjj(XrONdWo> zHAJ|}o@AT=SH|1{(x7HC+&dm(9@?yiKYzvxG&mWgp_o}t#3{xa-&8rq0^q0)F}1uu zEsq6#>jqQMCUeVq)s@DD%04?wGt~^NxeNeye7dR>5Cvf7`sDx`QFJGWwm4Rzq;hul zQP3AMFF@(;7Z57tLSY@IV}d@r%{E+9OJNjp|2W@gBN&?lkX=g3=_$S3+`F zP#jeqv#pM!q&epP1?PbyK%B_K0YC&Oub5|H zu2F0z_^vmshIrv9274ffK`@&+t6Q8M5kav;O88L_TEdC|P2kFkW#<8A!lCG+E%lLTBeC$?*@9Q3DLA<( z4YUp2GCCZoiYLc$UwF6G&$1A&CeCbvTY#icRzR`&aReU&RL4OsJ0Lm>;9v%O@?cix zno%hMOJigd+uI2%NnXl^FYKa3-dLje%o$P?To{uE<<^lRU9$BwI(8_muayGkPkLvP zCxTXX9ITrThvOi)>3JSAD5FkBu9&>y=55~2ShmJJ&PV3@7Ns3tk(sn`UZZyZx zGwnmysGul@-d18H^V?t``p~uYtqf)^JYWjC*!IHES}v1F5@9~k6%CJPBH=kjhgL5J z^DgrCQ7x+)bhyq5EOY~&5NUlt&=L%KeYVLLuf{q{SWQ%3m&CK1L>1#8NOhBbo{Mqz za2`|2=37P;0uKr57)W>nGH%+^VTzwE?&FnJCdi-_QNmC*;S%wCLd@YpIS39Nf&4g5Vjy)fjU)>3W#Uc_&sHeCR!rw;=Q%abwuzDr!a;ZN z5N0O|BX}LlS4{=4&cx95C>R+q5eShM;RwM4E#7J$7<1D6MdBtH>OT;@V$~f{m=-64 z+XfE%$j4S4#-bxIIDtRBBaUQ(h){n7qTR_n4yVa8M2z{Fr*Ok@UW=w47k`+pJnp2SQzU;J0N&}8Hxei;g-aV$$PpKSY5NG?0ZR%pp9&S2 zjSvu#B1uv~J%H0C(HzV06Yqjk4VQ4xcA})=YFeUg6$K2VR{S9>O!r377I?T!(oz|X z4?kTd3}ODie-QSMHWfDAy-|4yHdB@hzK%#zH_lh2<|J$Ej}(voa#on~c4wy{aKwN1CP%eZ(k)80Ot z?)>E8QRwA$%g3iUFt98*xFRg9Iy(AZLP7(X{2)8KwVr#*a!+LDvJ6*MNlA%Eg)M^P!v=|Dug6J1d^D9rKk)C zZp1x{xcA=L0;1xmTkEJ6aqm&vs%_I@8J1iS6ae?6+|W%iWQ+ zc=c3wPln5UM=!Rkm-B(|y&Rp~*-k|zd)K+S&`;*A+f}&E-Ra`K+|#F+UK>1_^Delu zm`}d1$~)(AuIOj4UrzkGiN1^Ry`y7XPpyO=r*;p#p*{2pe{I;dZl{bUK9D6Yo)`B0 zTdGIE%)3V2{v7kPM8(D5#`&m;HPX%%h*f~hup6W32Kdv12@F4eozyxin@fOaD zY2HCwI?OPfo*Zs$QCRe>zio+Cd#%;2_&)l#=XcK?-1+N|*;=i-g&f*-|3rSf-(F!wIaQ}84>buZ@TNRGH{Qh} z`)$$t*!Jc&k(A3c={;kEte%m(s!FNnCXdwCuf$GhQEApobzLYvI;Mv0*F7~_K{x!R zk8TbYmUVDC)v~iqg|}4>t^JM_Pt3eA?d{Z7X{{uslpL|1p<~35>?#V?WP)EO2F1Z! z_noC~kj;Fo^zAcCEZf_#P^ai;9RrJOnmuLVt`+(^SP3;z?_=*AnpM7ciN0CjE}tbq%AvXBn7_#fCc6eDO>jlSoE|f$2PfB-tJ8kcEl>RH*QmDG03vwxX7TMXDrS_#R)b2YjtHU41?%OtG3$-mw zeDw^o&MaybL>1s z*0RR1-m8AL%HA_;%tLK?v%~> z`rEJyo^$7|g4^>1u{o`bcsyJWuobRQENEp5zXb++}C zq7Bt;x@_A;-C(GzSEje~(W4yN--a(w6c|?a%`etk9Y@ic)p}SN)o@$Xt3#_7Q*t+D zjNhDt^|@r^tEaDDnLDN}<5Kp5oi{db#jg8g4ZLRkmr2gmjpAEW{nvsSC0eP4lsDAw zCiaw88$HI)G+gZPmVM07qM*X9b$L+Tu$se z0PeG`dX+a%&tf)X!OKsVa(3SyvE66#J-2@OdgDGR z-rDFGZhMxe+n#5#4!gEGjB_uyeb~`9b{<~(+U@-r>yGx!IFd|j*XivCTjRup@iZ+* zyPSR3ymn<*&up{FHHS95&Eb+QRFBM=a52$h%s_kkmg5*rdtfVSm(NACU*8&(KKSUI zE9g3F{6_s>Xb~k;&baj+KL=mZcQ2r5M`CW#hYKIQ?VWvanfK^61>QUMt+UtGE^_Qq z`K$imarXIZNN*d2Q94BoqiFBSHm-1>#I-A5tRF_v`&{XIesf`)SjT=- z-VKSg3hU+yH|yxljvf8wMXOoXu{qf4V(sn~YcQ`$FP{>jiT%?O!<+*h`#6-at4!Na zbur3*gU1tc&2zR^>CZLrz-T5VC5BjKo^>8u8%p+FYIFhRW!+`8|9wmC+7-5tVi>SJA?yx;plG`oztXWvBPH#%~ zZifeU9o=5Ub}A|{sPxM+&);>H@9G}7~fhSZgikY^S zuAwocYoH5%TIuWR>bEj7G;C#PXk=o9 ze@u*8w=rqc+NfQ-_U+rXgB!BDSU^;n{807u^o)&+JDHet>TG6e)>;0%(f?MLQB3tA zy@&-Vr4*VeRm+rGT~4_OTNt&dZ~&#^qoYgH)`LgHNAVbjP1DlWF`-bksajfab0zuF z1{7)On3%R@wrlTg>7#4qXJ!hhpwaZTX|O*M|DdX-ZQE&^STcQva;#W6zHGnJ+;O`v z$L%TWk=MSbe_IL-s^}?!K{Yk8^kJ^Syu*faa@zW~gC?K|>X+!5N->4TOonpC<;=(4 z?!LUH^ghG;UG;5>kros+)iQ0Q<0mUcV>^L!W-}^;vo;;5^y?vl?s7>O}w12X&L;v(~{V@Du;_|6mm;ZKf{0|lb zmK|C4s^aFoNk@-XiVj|Yp7a52R2`cC<1Je)r&f$f?ek0=d469R{e0JnMGKZE%$Rp* zi-cNLqW?T}BYkO+ONG~OPnHGDy*g^_y7IVwZXtZFOHKo3_d0krFXwdH)&ZV(9x;pd zd@f(xmNArDqe_6g+fCg=`D@^8gfW^57g8IC0UL9O;@99QU-8+9CUbJX#SitB* zqR3r07VW#P|A>?NK;pKcqH|?uKbNVGU!MBZu2;8p*4sZ$br|2yH`?~Q3-{KXdS3c$ z!U&7d{VT$|_v<@-`{rBA<~?OxZ8O6n)8X=-Ut1eeN?t^NIhr9I@{_p*<8IcR9a}cr zJI-U=DNjf#c|G)g+b-kUOmu!5xop8}YPUyQ13v7$UbXwtjGSrNw}so&WG`(GpIK*W z`tB!EK+_nzm!VBH1 zO4q#44Y*>lbnC|aCo?U1$1`&;wf_A|&ab1ceEM#K*~EP!5J&*S%2o%+-rp*2EX;txvxvI5N23@q;15 z^0uDqI^tQ{W1AiUd(v)gsmi#w;?3{x+P1s4ZbB@tyx-9Dg7Q1XMdhKat1GVdI$QYZ zkC43IZcsN3nv%3~X1kO9Gy1=q!uYh@^x?Evqgx>Y&$s%Q6BiY(S~_mn`_Zr49z8U# z!~;n%R%v1^a+TR0_U;&WOD zN;lqte)@56LZJD`=^?X+o=Lnp{95LEsl~{m>B3m&YRdYk{@MxayM~&?|ivh<#lH+fisXi{Y{=8HyCNJ?K{%v zc`9|-qmmxiehDggQIL1Z`+fHNbIWdRxhC9s(!OZNoOu~N9*3& zd#!zLhIKj3*c@?Za>bH=Dmy;!HrMu{$MBSlB(K8j)?qhXM31WI z15b8*SWWR~x9MRvX5Oo-lds)&oM)cmJ~{8s#_C(7g!}f-|0WDHUjI*o98i%Y^DFWI z8qoh)E>5-2e`mQczvch`N64&B{J(lD9BW!#9sluh$(N4<{(3j|uO}-Yjqu&wyQ!&*02!NK<_)MSwz$3) zySu{d{&LELg_Mg+E#T6z-zJ#dp6pyuP;fJ^bG4|`86dp#je;`^o`;7&ALe?Q*ZERJ#FH?)qkPJK zE;!-DPkpSb+3eCmy+1lQzzLu~J3AK-GpX*;w%XG2VV^!9tgH@uI-O^;;gqIobMvE) zj!S}iKJMOqx4Zf4&YjowH+*bvzOujJ^Z}Gbp88>7VP`EYjzC2dlVxnmsdnvtG&5Ue zX}QG8YF(#JK0ZFPdzrz_Xv-*+9797X{7<1^7zR6MOiWB*mKED5i1`0R)%btS{?A+k z^KSDB<`*tlIKOkRS$W#_CWfoOFIrQ)cD0F}@v__%#_rp9xO;i+@YuI+z(JqG0Y{Gx z9O&)9+DzFR_T9*e@6Mh(J1XuXFNt?maQ%i*80`>z;-rhE(fz6_OP3129_`z_c=@77 zf5GivHlG~ntZUqc`j=jNbLR-!FrPgX-@J*`*0JD7owdZqVUjHAGUcq9ZB!p4239;p z%UJq4e@b4!`3|kLI^TG*_)sx zIv8l}G4K6%mo022@U(niOZB`$9D!xbU5c%}R_Tq!0U%U8UbcjC6dT!V=BrEd5 zu}{<6mg)?$-cj)fU+>H+7rJSbyI{lOc0b1Y{owJbPtJqE^zZ)ukaFIOQ}%b^B*$0J zPyPDlZrP9h3qGINJ^lL$KikF+h^pYthdi?#diTan$hmxy9p`$ZGCgh1@Yo?)pHAN3 zmboqEWW<|SEDg&}-Pmo~2Eo!!(|gCSFP?a}GWSnAbTseHx{T@~)E%HuUjBh`7)0*^6r6Vjdp5|Ozn=yN6kD^7v z_jN2pye-c*h>~+ob`VeL^L&#Sk`i3(9x_gC*>>RhSo2+{`t;qFaBaM9>#K=*zB`U2e9BQH0RsRaLJ3D$-?p~UAU;F)+X(l3N|>)vfp&mFY?hg%ql9-GfgZ%D$>g=!t@Lo z5&iV{|LxnCUVZ#8LvQ~dZoS_s?gocMo+x8`*in9bb(X1Rlvu>cKl;yOj`p#?;_UPf zyzXOB+O6%2S18GP)#=*Nyf_oW!w{1Q#SLg_?3(T!&3@#d=S$RxHUqwn8r zivNed_m%zqCHhr+wtvCtGFnWEzR^##5=jZeADeEPh*7dngq)*lolCp8YxmtAttz!U zKmU9;ryZ?`$=XveU{XFMv3JP!z2kSz5^6vFV}fvBG+|EAzv=`oA&5X(14(=MKS zf6_mwKmF9XK|4IJTszxOX8`Tv*>Uf0OR!x7K6RaP_n#vbWxLX}uT1}Syk5kt$?yIc zx%P*@kFV>uxZUhn?XygK(d<_DK6V)3MlH&Q-PL97t+IDLochWnN23F?@$x@Nlq}$J z{tfx>2%9}r_y4h+T%5nffBzE-KyCT|`|qFLy!rjflQ)%>FYeuYcIVdP8#f+ay-*1e z+Y6_DIeX$(dHK)f$F3hgezolI)uRV49yoB}(AM+&wwyVz>CComr#Eakv7`9p&Z6?Q zYfHB-FWs`_$K}h9ZYVsyZr;(t!UL;jA6hwe|Loa&XV2cgByaEHiM#Xiwk;UHqabY? zgpX%Sw~QaZVU~E)4B^JKv~|lQ%dv zbH)hyKU!7(N6F8BnC6VmGeYuzPVT}bOP9@Fyqs;sUcSb8=oFh7(R6Msidy1eZeV8B+S$zf+8T43#V~)9*yIHsA=Q0M68~HiyTRPdD!S`W)WA`3rjw8slR&oM+hHVsO#Tx2EgooA!w;nP%3{d61b! zM3MJq-}1n=eFL&STD+WDvEXX3adl*&f4jROeoLL#u`C8rm!+eb9*|aaCeeNpG zGif!g$XDNKWmxW{KAQ?Cc^zC6bB!tG;$nkK<=$(&v^!x%M!H2}D=I{kX$FoDPp>sH zX6XARnB6jgII!+b%vakvEBoARD@I~3S~poG)xasc=zHDXLAzqKhK6wb3qLYSymi}J z7kKMNM4hRmIbEZ~Wq)=O=j#2%tkjMR-jR3$t~Gdj#c<9x?8&4~*PcB!_$yOfM*Zv~ zIAIbTxG;xW#n|1QkK|qwiw!Ap{ zFPi@GLKENfMiTbO^7$2;vkh7Mipp9!PVwHn=vnJ+23l|6vL*e|XG`uG5B+hv1wZPs^9Nv1mlFmX5D?r#*(&Q?nytZ>2rC zR>iQgyC&^Hi_abFpV>>4>!&ZX?rWfzkxv<8pq=ZSLyb;M%URgN&##}8xc>smkfJp` zyeCTqt>Rkg>#Pshyxq!a5JlHm7#8ii>S%A8>sWnb=P0+mr&(hzq+Qq3qaC>dIW@W? zb^ZMY={(k%l0bd&@)cD_Pxt2Jv`F2@?{B?+byfRIHKmPz>9kmjwOVVfsL?k?mfnGH zO#<6)+Esao*7~2&S^4Ac7iejh&ncTW$2-U70IND~Cbf-EaQ6GQv9oP2t@oZBTqKj( zXszs|)v8r)`yK_DY0;OWiipE0<;Q0SFFxS2S!P3>F+yv3(r4DDbCUF{^@`xm|$ z9}k%7bYiYQGcVB8%cAh|jea90?l^TKkoRP?mHyf>pQm5HZ#($Azn9ILzVKC0pnm5S z5zB}AXD{j%(Ro8+n5FlcQBE|I?2%I*@9k;tYvf-3W@Y-=A?;QNwOuoM&w=fQKTP#? zzBQ%iU%p+ZR`z*w?*~6!>$U-XB33M&|JQ{xqo}?=TC?}C*x99dZ;WUD#jULTOG}si zo%6@nMSo{5ef;3uWX9%Wd9!~tH}NX?@iFz!u3d|M?f*y4dvAk3?*F;^asR(PcZK*; zX6_El8EpBnWMb<_e_kBl`lhbM1oNT!zPaWOL6i*b^&?8gw}~B)o!`6QP{B0IiPMLL z9?1AJJA+c1m^&aG~9+&f!E@ZMdz`C#h$IhEa9!*cx|rboUtJHr^*wxXvIi{{VG zGd5{Ig7<6i<9YKs#JN7m)!8-OEPyttW7XmwV>VT0>m1Uv2!3SjYPpJedz95`gI%Xr zhEDY=YP-Cr>{FXLy?Z^+9@OE?=EBU-w1hDk)ddON#vfpwSUq9VXTRl?lB~|F49*10 zY&r;>9_1x(?7*m??3w0UvN?9!iJx|s%r*J%l_~Y}f0;-u%>H7 zzNno4!elyqJO96tOtpE%2>$;))f}Dw0_-35rB}VHK2=ry^Upu;{JFaLQuVPPOSf*_ z3a;4kS(C?%iShLG?A^P!aT~}wsBv625(X9ikNT`R|7FXLHk4grqob0PUv1}{82sRk zbysnxEYo>GJfB^5hYSaMF9=Q@1?RsG!gd)NO?$L|>%_|k!d}N>oz|UuJFcWv{JhbR zT~`ijv*6(P@j9_ncp+0b85vr!Damtk=I2nQy4fRV7UpD)j*T0`pE)^Z5_h>cjUr5v zrfe*nts6aOoz@7eEfLX2qjjhUe%LwcN1fRv<#Q*GTIP_HG&bx&*_gGf&(hA9m7f|` zaq;TN*>Oh?Oh0fdWYDv-mGiZJOnFC>CS<-EaYy&G@XQ*=t)Gv)`zx&tW#jNGu4d)F zXARoh7RV@xzn?5PGBtA2@uc{G?)~g;MOexL+eH5`anS1OsafmiuXdz#V-|C+1{xg? zIYoPW+nU|Ve2{K1jB*WHe1mZ?@xz>;u`jO2CvIQJ-#cwn z$g$wxH|W?d4ZasY;m!Q^Gd@1zY`%14VSDNu^P3K~ClCBJW7_#k>)Ti`AD_Q@%dsM! zN#EUf#{SYFJKs1h1PMEMqI=hO9xqR(JX}|5!ToUD#r2Vg_tuyrE*qnF4?I77(etXa zE9Yj~_O^a|-_Pg6>hC(SFK-@iZhUJ;w;RH3)4geZzYNv;rNgmRZDTxsIM1G4O)D#B z&9d8nEqq~@*w7C5Cg%ZT;*L+DY56ik~9GEVkV2VN-PY)E8P<%K8z*-cz*9 z`xm+WIwNg!kL_C>g3aQn5q%|R2KMdq_WDoVlBfP=>^-E+qTio(zH9b$vp=xykgoTa zMGqI7oPD6n+4;{ElU6(bTIAVxurFFAA1xX692w;%$b4I7?Y^3u^acd#fD`2tQh_)WV)@M(PyZE z&GlK)*w#*iO|(Z#R8wLh;frHvJ%@uf?cASR<3bvhkx{|);1{$^4NBln%jG)!{!-bnQ_@k6rb|ebBn@e z4!d^7#(L+N`)_Bh@3YKE`sax;L(iwt?98k-+t73k?4mEbXD_;zH|we=HjNe(q4fi{ zHTEB$oT=LuesZwgYwVB|oq0C0xP90Z1O#;}WpH(h?Ke;R;`8eV@55eWZeJXA z=-3)l!~N{P%)*Aao1FXe!lp8hHP7b#u&-CQ+!9n5vZdh7>?;97+ zT5mOZHD7G&zq&NuZC9Z|%G6VBBdwP7EE(t7cGVyImM;kF1`c>PB_waeSFE5s^8guA!XPZUXoKaVJ0mdWemromGUon=K_n^-nuhEWg za~FrMJGoI1x_`*_D<#zK-z^#*?C$q;E;f2Z!H$x^%sWSJv<~E37Pl%sH;~%)r-N$^ z$7tQC*kbNQT^qyle&;@WTbmaZ!~LdqAG&0{;|Ny8z^<$Pd`G<;X)nGx@bU6jv#thb z-yZCLVDB)>Iqgl6J1mUsbt*S3Z~eCQh}4^9r;>UW7{52QT0E0Fa6|ap#L=N&&W7xx z1jfJZ6x(ZK>rPv`qz+Fpdmb=5@(;sDw1Tm(v!cgu(h7;TxpdU#Y2PKQ_ss8NH@5eY zEM2{cRO%G#>eo}BMU8at-8%Pla;)J1@$M3eq4)d)jN-hJr7@H_k~?hrq@8{YmyiS0 z=i)c>yL(KZUo|4H{L|Hd^}&4?_Oc+1YNtk{FQCT!u@)t35Kf6Pkq*LZ2a!dOF_Zr_^Ush z#kyVAT@k#Ieui;=-}Ae3Xa5?|VeavvYpY6oWUVMQdlTu~x9yeP!l$K?b2psS5B*_! z&cVMqV{YpwSPz>W^!Ciw^E(cm`0dKB)~mTaJ5a^R{vP}6Cx!I%$U1w$bL9^Pzu&G3 zG`ONScZ20j+x906+CviJ1`|DQ&QVv7s?P^ytzqR(e`Yb>4`ci@V7-gJTR-y>tqb@6 z%zT;D$K})MjNB@lNHgA@cSUCoLnP>@ZFw=hmmiCI%}qP^Fv^g3W_E`We_9n(_u9Cq zzgujX=kIARTXhbYSN^=S_phTr{nMWL{*zYQq3`^%iaQpBX#t$|AKRsN z{Ey-6^6mWh7Mx|xO%e8=3_|gH@j_q%QsTiyM*)M60ueAc^&&pLIzFDgj9m@6KHwLG z59G42+3+vEUlG-%Xn!%O2;O?!^~Fy|pZM6!?Rj{iP3DxO=WwFu+F|2=IXCXWi{)=} z##Fi-dnYb^n0zK#ckHIcJs8ICH$|>>Jonss>V;j0wC%eF92DL@BAl?Ze0Oy8h^dk% zJ;zKO@?f63B}F=AaOzZ!ef})^bSqsv17^`;h=48a-qCih<#Nb?S+{Uyht+vDg$7Hu zuU~IK+e=%xbJ0QFPBSAqZMH4!QeeK}j>pnhId17y+WDIK zXM#auFjM% zl(e3SmLq@2Js;7vAokUI`m#HNX=a(fjTpRPo5z)^V5x2J8vg-y*|t{J<|#exQX>vB zcmw%9+dFSPn^rh5W7H_`V}Vrel>=d(#i3gZFke}CZ`Z#C29LG3C*@}JdS{z`bNTZN zuL2g|AF(IStGm|*lgs|ccK&9)<~O&fyRoC%-`G=_I?B9cD}~knVRGElgj2BtN^bu& zAzin}G|{}oUydGn7rODemGOjQhktu`*5`Djm^P-<^I6-LTpDb%`@^f~>5nT6uXgpA z6<%rl-DIA_`8D5dU2-s`ONsyIh@61#W*aaq{2IW|j7TScu|l^W%7KRe@?QE~Uq zf21UK&(hD$&zt%D(@ktzuhvVtbnY~1Q{MQfPn&+7W#a2PHQ#Q>^mT<#Ja=Cy#2h|a zE(k7keUP26Q|QTqvoUP z|6@9`7;yiSQ%eC*UppY+I1&t_B=Lpy6{B!?DT4Y-)LZ?(^`++d4-m>E0zRZFHv7{+ z{LhK)Tr2+?6bHi9nceb-TgNd;i3>Mu!DUNQarX9X7Cvzk}nG3-K=?H<8Q*(H*hW4D* zwFlKx;JA6In8W2ukP524GE*%uc;Ev6D;c6yqxq zrAzs~nGtALtTcw{!p>m1)YF2lT5)7+WL4&@E3f;bJ~lz)6;6hQpE(>MtzVuxz^tp@M}#-a&c$W56Q?xj?72GA0tyf1F3;g@u?HQ~tF zon1eHCnSsFILS5hULO(FKPpHW2@`OWq%h@7P&K1oswNwY5Q$@0Y?pcn8(LC}ZGl*jQ9r+jnrg9A&z1A) z7KV#EOYKm|n~OD6Q9G>-Tz0CVDYb(TOElh_r@k4sTHa1HQ~&iV8roC4Fp2im9p|s1 zm3jszQ9Tq^Lj#~I)Kw7(FjP(zQ(s;EN+zn;dnkp5=G4jt<>u<-xT|l-NiE4KH&kb{ zoce|w)e0AthLp4J)HkAD_^L_W&`@11>B(w){xnop89)N4ksPUj8zbO5aHY~ZRT%Cp zCwDpWKxc&V$pT?&Mm>c|?gE8DB~4D{@p&<0r7>JloP;Cf5s4{Ch$iwmJWvnEYU-05 zBi+#7urXTk|D7_L?Z07sF)VSk<+HiiXu$phr+{NE``?+3?0-gcJ8n$<|Ks*Q9apXB zXbsW1X;OL!CoU7LKUpFjDS&ivj>rUDx>_pvwvrk{U;pK0)Xpp&`TvHAM6#9vzQOem zm%XXv|1q5ya3#>U_1`k+ueTLeqiQMXs5ns(<}6UFzKb&2)BRep~;|#CqeZJ0wV@T#Dt`)tQ&Z0o4$XXcACPfMfs)$5kdjIa!nrj@_@q6{9)Rg< zPD1c6%~oJwJuE{Nf`4ghngBtaMbkLqV7J^X)R7^LgP>V#Lvmo&J7Wqe)>bOyKd!l%B@xQTpjl2{_( z^1rS-TxP=N5I}9FEfh z-7`hPW=}TQm;@c;W~{30XmI#n+dr<&5eWFI{_*(-MKh`8WfeKQc;hWDtdtvX4(-%8 zF*xKcF0PazZ*h5r8po$JLBh{$)|8So1s8$CM+5)D2(=sUt2r~=)V`WC;Z5zUIrHDt zzM4Z0jqS_W(8oPd1P*s>0#OC|#t6PuXDy@(A*PM2(0*v9iT@lRkxrOYn^}(FOL!ci z!Z$~H?MO*LxagQokol-P5==#Z&r5-dSZQEQf zfkajt=k*Y_Mi}_<625v37xRVO#3Y61T@B%|RMxVeADfMITm&FrDo7Bf)>(PAMyHlP z;Jydch8ktGR()0M;6p?erDEh7tBssmbv5^`MsHJQk#KAixmqB8@Kqd83D8tY^4Gwr zGMi`<9Fomw=y4J?BbPf$6&R@Pf>Fg|!!9@%7tOXzEq5h&Q50~+)gJ2C04AS`0Q{py z01&)F%_JfTR^vw{00WeP;U!8=CY-670IU~btcI*F*trNF4WI&ca3F9klbImlWYz|v zcIRp%Urd}N8sKNn_(!Ej*4OulbML0~m_T~0YY$LP1}f}JDb%Mzo*H9oY9T?imq7Mg zM@%%WUro!R!G7zgj!o)UV*sbYe(R_XP3u=v^sd2v>v+hT)~}}3q`u$AMVG&o`fta8 z#{3W9i$r2>^G8sB{s)Tzw|&&g|8izBzuo`be8e}R1$p8{vt)y#qgX}?3st|HTxkdl ztVeZ`%SAj7rJ2Hl)nb4&PkOL5anmMYq|qr5gpHt4bT>RbetsG?OZoIPN>i&J5Rj=2 z(Mh8LX^2o12}>$k421Dp41$IzL<0oOmVm!lR72aDNPT9EL zaPn??Z*^8x<9frXwduXpStO0?4JW>)_g07I8`m37OHJxcecnYA*(WZ5<=rBw78r;% z;HXlcf+6p>aidk~*3Zw$NuxNcEkR&b2*TBzp3%tF+mP-N7+7DtI6p9sic12zML8rvb_(0FZ}0>t;2nh7NH>60f4sZ%q=r z1~sx_0z=D91I!9Fj)0))Kx|XkUd;wUM@_0P=4k zv}sFTeMXs_gEb@(A(@yMMh{o~(~$Iw6J;>jh{1?CJap)iJBG(O(*-8Hl{C0oMHNYFvVJvh(6#m>HkY6+HtASXXu{Vvi3db#nsjb~CUKTi)1+$)G>Pxp#K{KFa8qir=Bo-O>oDG0<7%pgtRRgYuf3IogztuF6x!9tutI}j+<_gI)GRYCVHl zZEQipqQc1>sf;Yl6LC{hz;1JZvV4gI&RV>WV79pJcQe#Ve^8!O_xSh|%h=7lkAfu|VY zdj50xxZ>Ji`5k1&2jo;lunq zqphs4zL*^PzF-Lhczt0I_)(KmIww^ok~$E-95|w6ID9hN%FBaJG~s215M}^E(SV;U z-6e0sw$Z^)P@frU49gOM?M0h*R+s#ngkM0S?EOhJzvdTGMq`YJ`t(NB}l6*gql& zmMW9M=oM{+`2~c8g!%aU2M-@Gu|0nkT+PhWQ5!BVYT31P>St-wF2E2lJ6=r>tqqQ1J%tla6!Zb<;+=$4>pStqccmD4*vxntdRw3 z;5*G?!*#n?H+F-G{}TJH)&2hu&RYwF|1V6p77YJMep{>S|0t`i)pvtjR=)ng1)$0> zl7*o5$T)GyeDJ|1CnFys`1?urh@OxU0P+dp&L@B19(njqusht755MHRlwdIGdXs2= z#lz6`Dq@Zh8e$`TN|2I(NhMtPDd$CSTTPAf$VsQ8>uYd6fb>eb@=Y4RgXJJHo!#IU zahex`*cpDo^(OEYT~h;kZ-NNd-ekP`U<27e!p6euL+Aopz{4F1IRO|(B5fF`iGJvg z5l|};OlV`KKnNlY>7VF}u_5q7;0>w>g2`yYi1A^^DBW!%N|nhkw^0lpF1wKr94<2< z1|0w*(;;ETj)fl|cjKY%?&>>EP-d7;6v2aFu&Z-#nOG(ynT?=`I4_uu>m++-@`207> zEsX>E_M%A`(6s(r?)H~Ptbe%dTlM}2XNJ?a{l86`$FD71>w1R*wPsk4d(;*R3 z&>_iNDDz~(rJ&H6RF(-%8ODit;DSu%WTHbc<$Gv};9EZ|4ubay5)o_>vnO+kZ4Nr-L*F+@bOo2ykkS#gN~=qX2}wiC48eTr?w3I#;P6Px8kI93gO%AxB?v z%pf^*_7N%aL3bcmze^FINtwFz~>NJdDC1 zLlP)r4c*BkULGHWTmYjdJ+*&aTup?;3Yq6{ zB|Y45pMo-MVu)eM|B+>iVo;bPCN4P%-7>A@-A6G2ayb+65+-y=#!8%=A*Y1{e;_gf z;PT`kG2rT^bO}eSh?p}NZf?%bUe>}mskmR=;*4JMK@xORyB@S%7lk!QQ$;8VB|;&I zK`#%$1P3Ax9I4dPid;1i@IiR8qDvr=2xeat!{f)th%*60!hVQ9#l*zGZODkO<-YF} zv6K#XNB8G=a;(LObUelJVr%@iS&~ewf#D_aWspDViJIue_UXk6g#Xji)0G;62NL+h z74>5KD|ZY5nqF+*`YWP2M0FE6!UR5iA;5z#DUf@`mjHOyDakPco+nxm?g)0c&zs@u z&T+T$@`HmYfs`{vsS+jDY)MRE9L!*x1pY$ls3fj%cH~7qLAP~z5=#mpG>k8iiiALr zaL1Pi9S}@M6}>QWj!81K8p}!JNVyV$Smw^>31ne_bE!>lp(g>Z-B{0fyVN)mdv;>@ zCI128E7%mo$)wvQda_*^cIlpQ@oR5eD|O)DIcMQ~nGB+nQW6j}DmgI3knjNzhh}?O z_h34@0VU!v6Ch*qrK1sMQbgG$c#_{hF2S5NauBeg9u0z_X%K#d0Q~pBC!zgH=o$4x zAA+Oe-vb^O@QuVYD2;$=Cs)mw22xf6Rq++r7~*0Cm&L`CDqkWQi8A95#>L=lRg99R zlLS(!oOhrlAD5iUPXYZz#(~@yNW!4=g$ZoB6t2=lC6(N(YNLs|JyKr5d#)j0u@ zAo+U>2}+Q)sv;8CRp^A2qZ2ZYu8?qaO(G77FfTkyVYrx(Ns7hNfCx|wh#(+djGTms z)C~EeR-+K$iEWKn3F?ki{a^&{h}n=C7hgLT&;bQes2$ioR2v}*olTW^lz5+)N2pI2 zHrOXLz!N_~C50nE)}YU@03R$o$R{iSY&Wh9^9hOYv8f=(H;YtFM?!Z%?}R`fHpj> zdMJ>EvWSqrPOvPbNE3L%vdEFb7X^&O8fURxzgzvJ0k3`MgFbzN?4DCzJlSA|ZF3=d@sqaGW%ERy6igTy2;P`L;I8`cB4F-T(uSR+V%Il>0>)1`77E6&Tqhgf_hkFLdF zakB^KbI1e%yFnV00C)Y0fWo?J(0 z*8pe%14R~Z0h5U^-&AR$2i*riM0$iAPDL7P^Ja2I|24ciuF~5@ml?wZUqLEp zKFHdVqo+ZLLQoY*A%r?uB#3g7^R*yYtQawAlPaK6JW!@!FI>!Easw8C0z(sAkfQV! z1cn_W6iH->V3C6eNUWJT;)FP5aL6YK>HWE$QZYaxaYzB5q&4x}Q{GHpq8+cnWV2WZ z-YzLg6p%MvM_1ucvDg2B@&iqiXh}rS9rqestve^!6m;!$jil#+>cks;2@-tqocBp0BCJl&7hvv z*!5U0BzE~O{P=hvKyn_G$(bNv75`t2!k;4I#SlxcA6V+>8ckISLk{P_Krcci!GQI1 z1yUeXEF3SZO!~EmOf4YsB1sAcA(2E8&l5-*;_e$14MM6Z1a^jcriXopQqyw<{ zR%#6QPZEz|cjI`zC(}v(3fD8Fsc|U+8M5nA`JUl8@WjfMqyW;IYUrylk=nQ>T6b3x zfeNmW+CQ9UMKENLP;zUHEU8=y)SSVfdDL5mZ{-yl#-{tE@&uxK3no~3jSyw>Q^5&T zPnR5M4)hsRMp+e9JCEQGm56w$T$$8e?sP=cuNVQYZ7FO@9NS!QAWJw3Hi$n{JEi@l zp8mv^#lC)c9jP_fQ%rVejpSB%Y6?VUGCgImv(*~31&Pd)#jpn9ha97xOonwbc#A#x zLTe!kg$#zj`VQkuQ?z&%du24&R+9BKApn9#f(QYP1xUfMDFe*~W)?`FaIGus7lJ3? zmT>K5fyZ6q#WAoI95#i>`l<8%WU%ObMf-@ykvo6t7!ahPPPQeDNdeC*9?&8Osc^}G z)u)Ka)wLu9;7~>3HZa*k1wugzFi_~V7AKHTU-P&n378VOOhm{6mDaH zO|OWBd)C1Tu_|NY65^9NNwB*f$A=m-lH^tjRSkD+BdY>#-w??ZORtd%8~Ac!NaZaC zZ-kCF11dVb*8HhBR*AAPWLd(w%3?Cz99^AA=PGILIgwh53rlVsI@fqi>UdrTpkWX* zsGcdOgLVlU{l~{kcC^AgK;bdeZ9Z@=mgJz$nc0rYdA*%xH7}d$_p`e;J{#mBnre>Ah?upBEzj^&2S=g z%Astm{#_>ue3D&bhruMC@yG!|83Fz)p=#>+LpY9vOV#M%3 zCb)~8C)PB1Dskw4;MDI{YK}q3N2`ng- zCguI#nl(xV$q;j{s<75em73dBs7g(UCDby-YAkEq-j{*TT}}*;mB>xv3zeBAsD4UR zNGiaP<`|CZfx1f~8rg|TEU<2f;;S@YNEkrf01O(}nHr^+t*rGr*F@nPtMvvzvQCy< z_09527D@lx72sN4wR+epOQZKlL9KF@iUb~L*Qy>3g<_W4Uz(vx8|jIVEQZTR2pA^w zL9gQ`rgP#{=tAyJ00myP8x@sYp3$M)S*B`dY&Mq*M%oZDUx@h-T7@z#sw$BH>v*-* zBP1Li9~+Fk-%4~`;|WzrF_ao3_hPb?Ku2I`#*j>;wpU={5t2-djRnAZlVxIPPniTl zz(@sF)gEmZux>xB0O-on++wO68<+w(j}Lf0%^jUU2y|MqM zxfZ$y98xd=+`v@GF%FXtx)x~?HhorY_fKkn845HiaY3c_K;6Z{@nO|!OxbNFHVi^6r-J$jUR-O|A#Xwn8j=mmmzstexN=Q^-?$2Xcm`%o4VCFq?F_f& z>!fNa<_dSM)g?xp>o<)U`%Ce0dj=2o4~TU48xk5832sx4l*bu|tMzmgfv9mGs6t61 zk#y0ZlJX!k$%x4t6_Y zmxwbd!K%d1RftS8Mwtv3H%A9Y$7VL8j8e470i}Ie&JIkNs{a`n1u6}<=A?-Gg<){( zR7)V1?d0a*=GKCERgfyvfeG#YcjMJ3A}G|#3;o>!xO8@KZAk)^Ba-ny0FS|gBVetg zzgqy0P7DWE*MET`84e6*%>*eIyYxoL-9}hkr0t{L4^WRtudQ;ciXMg9ty#|wv?BCe zkV>Qj4b%cSbXBfjtJM-!n^PmwYOF#~a3Bzg9HO8~%LHk-9~L9BWH1k*2$X4+!g0W| zkXeSwqmmwUq7bkK6hT!M3@SpbVVL5)`oK}QNV7m~V|W%E%AW$&Er=e1p2KS=7M7lb zB|;7e?9vBWq$G!$)?Ek(hMX$qp`9WAd@cqVR!;6r=de&LAUpzf>(7A=dptf0oIyIe z41;sKpazS9L1-lv*Lmyotspw2N)h0wJgNy@C=@x($q=eh50$~m^CT2zNwbqHaGR+f zI&Q=gX(^{fqDUfwD2SNf4{~70uMosk7WU+71W!beyo7=ipal^Je@IEyV$KK!EC9+k zhXlIw$P>0U;2yOavPN2M-84-(3s$yD(aoLmtPjn}^kN9`VZM z0-iqtJ4W#279vYT#b{M72Dy=t8BgYt#G#%v76l;FAxuM-MI(koziY)NG*;$`Al+I> z)>U%QX{;dM%1OXaxT94H@8>yT$S&dN<6^hz?{G)B~jY;GLVB((Y$+;nK&C?>~+SdtH>42WgFgY8eh` z9V!|FC=hBiX4S=uH_3^D#fvBDqQz&Y*hh=MjEnN}fwVZ3%B$urH_FQo?aCI!3-~;B z1$a?jC^3QP)t4hpf)nG_v;#YW$e_4`g9E6}ghpD!5T%M}BC&XtF~Y)kNWrEBA*37= z7-;m+VdoI|0g=S5GjQ1M6pE)TCGhby!&-PrjDj81B5^W55G4z!D*-#VMu;HdPmCRP zgL-ND_}KXPA|NLkFo!h4MvrbR%pH#h8Q0{d5??s7Sj|Y200|rrlst~QVI;#_v>`-7 zPGSU#uBn~G6hudIMORHf!YD-wXf0%lq6lM*K$YATUuR0hQC_3q&}vaSQ4S?Xsw1Xx zFmq(yXXCJ~CY;)w1&j0>v~3KZUpa)-Sm*zHWS|b9Ac-sM$3GYz)-E9l(VwOcrs} zvAqo74syRjttkPn5H5nQmKMoKlv6^au1I(tr2?CBY1a|fazj_j2 z9)tLh4+Fd7NK3sjWCI)wm??zj)yvZiU|s$KK0c$h#v=i`;R^*Kf=(NSW4Sh04?DtH zHr%uU2ihk?0ZW4JTsw57!L&g9SE-4I&>WXFMNH}ychs4{Cs?{K*+R?0~;L``5JhE zLqI}D8Xs=}*Y_I3SAsyT5J=)dsHnqXFuva4a2;X_)j&TG)&+-{*hT@Zjl-=iYMTt1~LPb|f?H>T7i;_t&I9&i`$0(^FgtDP*2FZONJ?fkaR9gWX z36ch!Fl5?ncoOW+Mfe~zYc=lfnmn2slTTsqeRFz?JXJICz>}!hQ-r=NIr-?ARV~vM zxxdkAgM_Mt6b{0=!L1zfXN&p05i|h6H|F$&iEsY54?ugC@go3WGblev3Og7ev#o|Z5KakT$A&d^_=-AkKqYJzfwLWj3FzPi z(96+@5Q)IQP)Z?qCgGYLJmd){j-gYb@S14jX$oho2)3TUF_~PD8xW&I+Y0cS1iuCb z$O8imIjMzc%Q$M?3QQJEeu4uQ#|QT()RRKHaE6~qk_2VI)eO7WtuVB;Rm6qh0}P6r zN^}$oN4ddf3vebwc^M}Ilkk%T{CJELkAQ|~p&&k9z=i#V3Md^gt054DAR$Ttiwu(p zU_hKWQ5qj}K>w+oV%5NF~4b{ktrfNWFO*R9C+LWdVl#ZPlDCRwHnxZhG+;)8*={x zcJXKrDujt)SC5D^s%nH!E%B)gmU>;@Dz(2DJo-i5P3(DCpo;VD9n=2MovwZBi9u5aXA-4oEv2BlQO4 zw)Di~EM7!T=03^W(RjKsr=Em7d;Z;&fzra^#gR{eSXS4n@vxB2)EC+HW z?O}5^@_8bXO3D-=qJqQ`JmXY~;i>f)ewQ+ip|714Hl680Pe;59yj^_049`)-0>Dbe zhKn(lvmHhxf@1y>kywgB%H{uK?>*p}yuSbOCxZ~e5D^3g@gXV%2#^T@MA?EOAmG+Q zfG}jmBn&s;!i6|c+^D#%;;g&4apSDkQQWIqSL>*i|GCeTKtK>}ZC{_?|7%Okll$Cx z?z!)K?!D)n`;|JR2~Gubyd*H^i-NCo@VuF*5z~;Y{CQo)7kG&NqmcxC#dAS-LCX|Q zV4esYEKV@Lf$K1^yhDL->s>-}s!9P%Q0Ort0`VSM`~A~i6S*WRlGB{j#(qx3`MwNF z_RoMyWTYwW0FsH*6>y{tS^!Xi5LnCLJ>gbuwQ%t@#*_q3he-{5Gz*Zd@p;`O@(_ss zn-K*fn9wCQCEZC0&Nh`!%FJ{iQzZNg+$@Ca2~jBSF8qfb0%9I216Fp4O6V1Esf$J~ zoJ^nxD2dO-d!To?yINDVKKWspr(UWJ0#|HKmm?HMC#6LXRj6Xq6}Hj@ zFLzgPmx!E6%2N_kvb{P9!~%c#2f3gY3k1YJ=xs`N8Yr~Xe_Iz%>xsxJHrY$;&KJ9( zAK=9qteM^1Bx0UzRJZ8RfT)l#Kjb$Z{qhU*jqnNe*Z9GXLv8uU2X-ex0I7om4*+f8 zwOVb442uZlH`|LH4ToMJhz0lThDS#Dk**8`(R_ElnMM4ka?uAgi!)R(fr1lO z_2wwrLqqd_0~?^)B@)SQgz+pWj)2E3zQ$DPOFb`Wq#L!O7y`|@^B%Q(eywr@o-QP4 zfN-hag{|+r;8Tf(pR6SEZb2$}LEdC_2wxO9To)mYOCs$4v?QZO=Jd}Xv|pWXyT3>3 zBxNnBHN#kYg$OdoN51or_(F=1q?XU8D4e7eXo&Q=*?)<957I6?f!OzDqy9!bO2zsHpEGP&xLYzaGr$gPQtxNHOVU8B>bS5TkWH1bZ=_^tWei&ho zIxGQ1YTyeda-*cBZ~Wru9@4$s7rNEA5y*M9kW`>mQcuN90zgFsUw7i$)r; zw5g!~-BZR-90fHkL)VHh8i9y3^C!-FHTu|^?)b#%KpaRYAf{-*7aSvjwx>dS+JwVJ z|BQ4y72XpZ8^h@d7&=9QQX}lGqt&*iD1xu*gf&fP{I_d_1~ORv1JrD|;s?%cKu97V zfT6Uu)9Va|`jW3}mlm2mg|EBP5NcK9+sWw{ot$b|?i0hNS=H|bu!-y#G|p!KzTJ_Q zaf-GLP@|?c^-Ni`W5YQ{oyE}bWO;p~7wwo$+Wa(`_h*?HscoYO^C>^%fCP?41_XzL z^ZIzW&x#n(S`Do;6N0*ub~|D%^B}R>0HR)%>RIkY65e*}SrKVBlDJJwZPx@x(@j$Y zTm_?3620>B;=1rQLZ1tJ<{ndS|J2+tOptSjLxrb z(x=&=tj$~tl|WRNf(asd_d+CW0)UNaBq%DX73T@Wt%Wd%91D@r2|Rf8#_MTfli;i! zH4dU8GaAy;)gNv-Osi94_$cFe6dNf9l2!3Zjm=CWG47+NGKlH}-hW};8n3yjry&qE zAjp5vJ&`g+7T5)S&8|@*YJ(;=fft|#1Wpjrq{B0aOY4XRHzbWR4JCk)557Oidnh0c zsdx&?LTat2hKZ6>AQ7lz_VkAx`8wVArkG0rqe63lR!@>?sQ1~(J|(&DUppr@c?+c$ ze!=B}s?WHKQbb;aC?GBuL?^|FK1ex-ysV78T~mXJ&_~1}s`gf)X3qK=e;q<;2Cp{cz>y|&cq6krL?UinBip69jg61a6Ny7bICu$!OVshm z-~j<%PJBGj$1ebG0ZEr-Nx8%&-w;z%#ZPQ*AR!E#=Sx-5L6M;v@j6MV?ZK1{Il(4b z=5Vy{0s5TayIhG6$pGbb9MWjE%QRzyz-_IX3CWs~RU)+9#NZ^sn=eSu0PWC#C}&&( zzkSlv!EKI02^UcinkvI!?}Q*W@+Mp7Q}$nKx`bEjmApBKkP$%O0x94G9u!$YRSHo@ zb3_8lxhRmdutL3$kb(q_PZ9Nqo!o-Y59M5%aq`^Mu0^F zC5`W!ewGu5`c4p_pvC}9Q%>W+EaLr-`61WhlUh&Voo$?)U{5y@sqV$&PEIh?lT>Nw z9@E&2_+jux;2gKjeu=x1wPBdt@Noh+KR)#pRn%8Vsj>MVs`TXWkv>mST55U< zq0S?8=kaY-$#Ba&x&*_SFL36IoOyg_P;}w(kUkEa=fru5MLe-kLg?yzU9}&PyHMa> zr}pCtx;LV~srKWH4xNxbung%rfz}UbsYt;(z*!1+*$V@e;GZZ?)=B6u$Wi5}l2kmN z5av@~q>fH3ycK~gxMOBg3_8ubxp5EqKsAP?^)H=r)oESnrb;Bf|`@ zEzoJaCu!k{T7)Ds0mjtGHtO}ACiBlF9w>jSZwqU@pTji$43`f<~E_c-ADwmI1W}xNo(vzUW0*e zcVtx1MDgGO03ZZT0O5#}6rUQ&1I%?J<>39Hi9C?6fNZz}xT*KxLnsoQZw@C5X(AIa z?eFc}!&&=na}41NQizsFm;iz~_@BXhM-Z0OntS!MV`QQju;@@BTQam3sRhTzVrQ|t zbkB%YdVe|=T%ia{05}AW0R0T9lGHtEEIV-hPkIr6qa%o0XB@4GjM@VW2<-}klp83M z#iQH05M?wmYopZq0#AVb%xF1C!x~Axk*nvE;8u4R4KK~l}PDm{{5Gml+ zyA}un(3GD{xC})8anu{D#4#DF4XQM;Tnujj|go|k!}|tI5<7d85t?S!J3kAf}{ZJ9LP|P3?ad&BOG!hd?WRg z!d+GhqN@lexPpdIN-+XX5BGE-cNGwuUE z|02k3+6ZuSr^u4UI}@5L+RLDNLK3U964brr;O!M|j?9FP_v$XqlESt9Y$D)jj~Li1LCFCf zccuLZBAcNs_(7C|0-fQiu4EO5&1KsYZ`09Tus(`J4m({Pl299xpbnAOhRD?+v9%$w z>X6L3piE7eg1Bgw$XpSxj+a!MGD#hhT^o|E4oR#HNmPdnsSO#T4pG#GDAXZ94oy=M zl$x-*Aa#heHbe>`v0lhulROeEER#5~_N?RtPOKO7G^_z!;-q%=v0ip@(rENk-HBj_ zS(iX_dzv$O0V$C@(Z(wsF1@fH>cvs2AMviZ($UT~&CAX)9ljIcJCWsq+jXrUB1?sd zrHN#9(NPr>YReev$hJ-JVml^yqHt-waJHkAh^(mw;w!IOK5`^Eh((lI{}oCl2P&xS zfP>(9h~^m$yG(LG)iyl|oXR?)^o~POTu`-4PL#s>%ULRy_kk@s*xPc3`9+o!mcU{6 zj0_H7+uOhfq&+LsD-$Xo4~7_y95gJD&lQfny)*P-6s$x!_MWU!sB$C|XR5~l+Vf6N zl);FPMPnWa%7(-)?7vZV*H4#?a#W}Zib^M@OFKt}qn)RnVw537FRobDP0SpGF5B4H>W#mZmmouoQDrNCNboE6}b%IyYNRu$YZHItrI5?CbsVBGZth!_}`6GU76o9D5Bt;Xo8<-8&sF z?NtJ>!HbVO8R4j-Oc^JY%Q&ca?Q4Gxt<8sI2Z*VONWxTY7uiD}sk4Btf*i=sV%N)x zg)Sp=u45-aFRx72DEPk?)zZ@9Iq6)L8qQ$QM99*RDZeTyS&4(XerBo+hxJ<;c^-yD zhpy!DENWmzI!OKCaa;;(WSE-L!S*0lhJ1|6VAAzONx+vuI(QXul7jpP(yS&&Che& z^V9HwVtfn$=_E|BZB@fytf&YmXc&f4%Drl-D2G`MS%#sGh5H`iekdOmJdhrSVer`i zKik>ka!2&tSP#_YqyVdb*s@|dvSE;s|J1%D#=aZ|zE)?cAsAgq1k?eIAx^Rv&ojBR zdJa<8!86&>QB6GHaWD1Dfyskwu>xh_$o66b3_v4LBrl$tmcZ7;e1@Vc!RShcUONha zFIgn9afHCymD0j&G%G@e93?sS>_?77k8HNRCUYV!!~jD%l5Wa6xi4=L$rza@|pn7Xmou~5lG=y_Yx5H1smHkxsY#3{#m{fnqtI}$%a zju9v?R0U`nOl_Z?BgojKe8(bOmxHli2p=cBjd`&_U661(=K*49Mk)x&p5*qHhma@F z@l@~jdkEdpkKsNG0R@OBP z++BQm3+i3TC$7DcPvrXP76_Yb0bk-;M_qnh3&`Fer$P_00KKSd0c^2;c?;?tREz3b z0M}1vfHi>vG!h%@15tA=5DSUgk$pfsl6@c~TBB}(i1<<00&x8C$VbK;$&a4#hz;)z03icFd3D54NeGIcC_ zd<4u*gfs|_h&Xo8V748R1!}XS9UH_gl*G}_-i~OoGoe)qHA@HufwHzda3uuWWN9)8 zhwT$$KEjhb6NQj7q9=}~BUBneBuI%~!t_G6h78qA2RwV!GCL*Ap9r;aj{0>*><|>9 zAuwd3enE5q6t9^k)Qu---$<;1Jaw@|Bf5Bzq#|S6+TuiL=Z`ZVs43WqKN#wP6Q!nk z@zsqU0+TR41h$?L7dR6-y>;~&LbjgZm%18}kp>P?S4WdSZsUcv0OXqF8ZwY!=wCry z*VoZzVBPz{PzLd9AZmLRKTAyt zEiP5dG(39{HDc{>4MPD(tErKIMv6TSdLgMA&L$Xvki&2e$&|$SaE3**iWpe-DV3Yd%|UeK*u>l8+Q5dSGP#%5YOyN_WnFl-wqP#^$mdMd ztd{FW04UabF)&?AD3d$#?FT#8f+n60`D%-7a%c|19F7eq$15IIV)nMS@y_7U#vX^? z=mEmC@WLj?);76wyfe~(*HnR!VTtHOD8Pj#4FNGINj%VK7%W1_#N@NK1PrMO>S*F2 ziB?l-sG(Y#1#)T0V9KBnPA$^QxmjEQ9#G*)1gSJA#2Frlc|xgGc>p_NKS(3T3hWW! zc?ki?0lqkp9@PS60p;7n;(*w|01U}Of;j{_3e*??QJo1X4IvClR~z67kvUnwRABp* zZD-%rE-P7?4C`Jy4+ymb`vVyYB<&FFJhD82MNnEIRx)fz4f7(xwAx8bGBAn}(}3;} z%stv$3up#FFvEru2x67W_GA%r6pr>1e9#sfM+789lM@dCPF*lGp9p3rq^9uM=p7kJ z6WKWdd=`1(V$JWm^pT{*&nAZoTAGk4AqFf&U}for1KuK{rYr5W-a$)IDFfLdLbiHr zfBY6P9qbg5%tyq;J&5^MyA)!Sqqzj~t7{S8oeP&_!3R7q3Bfy!P{PGU@GXMhViA1Y zxVS6CkwBQcYrSfdAYU&x4SjfnQM=T$Km!_r9LOa;?mRBv-IXig3Ah424?b>Ofj|Tw zcdkGv<_bi7_`rKHe2dXHgu6mqSE2eF!d)SqSfYLp;bQnLf_y{}PYB;a$Pb!Deo&a^ z18Ifm1Mvk=7LY-}hkVet0Kx?jkEjc(6RHnN2l0SBWW69?q8xZ9hIc?J0g#HQ4^cm; zuPelLgS_0Jd^h;*2JhV(utJ|Bp~2cqzWCVy*~?F9M>AfS@7?#B+D!ih1w><`P4`VqglfNWv8Z(};nu#Xxj1 zFd|$=%5~+Vw!%l)C>!(Zhz%y|yo-w=4B;Jtb7D1#$$UP6bJ`K=nog1qR_wsCz`lsJ z0q2D7z^34qO9X5#;sN^-Yz%A)Y$t*tB7$lW-zXf04T?{ugCPM!kIV<L!AY7D2~~pfg3#7!h=y2$)d}amCPjF^nTIOcr9Gkr;4T40C}P+9Gxp0Ucoa zfVPOC0N=*UHKY>Y0wk3oz*DT){Cs}*^jWcUL-Yo*Na4AEkvvB zcnxSZ#9AUw9oDMlJ2JEZ)(RTIS}44B!Go|?onD~9%8#)YgguCeFc!(rf7RuCY8A#h-B9FPYG2?qzJzyS?# zU_9L2T|HvS%sv6Q+7as7Ptp&z=YR)+zX(1Aenh+oV?zx1E(Sg(zR}zd)e?go1PZC@ z_`s_$7C}c9KJZM)2Ph4EPXW3iyUGDFzvb{Gey_fp;LMhyl3B zX9y$e33=7l6XF1EOj$0$-X#&vd5vZ20Ndh^+fOdikIw24O$U&$D z_yNNerUK{>fGOmmlEf$^-@ym)f)5h`iA(SelL@G+sAW39A)p%}bh|=sfDfb`2cS-1 z4}3#^2!YQIB*OKI}%ZqaKBt!j5{8n#K-@R!ifiu!D$GhaK*k;f$oG2H2r3r*Z8< zw4nrk3bl|0eu}hy+N*^+K?9&s7ba{PXwYybfkvnX8es#WPS`Ba5HXqn8uDEo(7>u$ zOQ@^&wgJ$f^|iK8N5*XeXfyx=z(N2F01Y4H2%HacKh75*fls8FX~>K|0W#VV8iEX( zOVQK`VhAzUBen!? zP=7Jh*%j*P3UwpawgCCAKo?h$W-q5fU(|M2qu5z5a#Pq@FH+Ok3DIi1zA5Y^;?!a% z3}F&H$>0Xy*%%%ImT3!KLqTf+cdx_i0K7jF@*hJ{SUk+${OCy4a!q4Uy~j@9xO}6Vhp;O=jKX&^94NO zHwuIQFcbkcC|$*_t{9IG%X%S(i@#a#~4@w=QWq{*LeSby#Koe2TI(f`>+n!OAM>2 zsiEsIZe0Ft*UsCo@+;@ftsa(r`9$QBi4!MYwkYWn2>f3|q0~{`rbZt;gh%@Mga-(m zc{KFO<}F<(9;0Af6bogG(QD+#g4gYpJU+F%CWccuMY=d??S|CH`{dj+s5?SnB5Xx>#8nFq4Ym1UhcT%6F^FB0SSS+zl#y|*{VB3)<1F@rt_ z6GTG_B38ZO=BB0&Wiq`d3>~Bz6=pXQ3#ImP>g_cnY!;?7q-W@i+4D>N7te@XyliYr zI&E2L2{T=g;XKujTG%gZ0b`c)V%iEuY52<6jio*t_N+K|bYtP#;PsUkOE>YiI&GhB zyT`WY@n5(ly|IJ+7af})_WfP2IS;~Ccn?1pkbdIQM%rda1*7`HyP2^OJiD@U?#YK^ zO*X{OsBYu;`^gzgzFT>1(ej*(`T3*p8a^e;CcN5`;gA}v*Y|kK6}`AmN3#2H^#cmc zUmNbfFm%q8={A0U{HeQ&vv7u;qUd>+eDO-WRbRLJ2 zank*})LVvkO}lS-HkmHFZz$%y&A-@o*MR7Q6Wg@!x!#wOKZI$qr|?i8!R8a`KNMS> zANSaHVq|iT$;r2m{1;oDH5=2%DD}~$02jw{Lp&=^V6$myjAh&;zbX9}*RYHV_vCE4 zR`YPy=F#o*O@E#}l5*+Eo>9(rSG#AlH=UQ&YNw&9M~&#U+2ug1bb3;S>aW3DZj7)i z`>CDJy(@ifS`A{x9twVT>QYSH4~t^17+f>8m}_Xq&O1Ebb!uflv5u8u!NjVmne);a zE4?EPJ+050nVUEV4Q4YBJ(xcNJ8b7Ssaw*UiNlJxeZRx~UvYZthrW2;p=iC+4(m1( zx4K=(XYH#fV?BTNDo%K|e2aOYaMA67N$ErSEbJdyxz#LY=}>!ifnls~pQ0Wnuc*8O z#&LZ(mn{08S~$$7ty#|tPpBP~y*JrNyX4KkHNa}{%%lhUca7r=JXaY1U>p)Q@Afpa zA>{{)6n1o4zn%*u%5H1N1~GLrgBC9>TOAWbJ)3a&aNCR1MfL*PAOJGpD1$$>c>+PD!x zUjEy4op)wTd)K4)jP6r@D|@P#FuCu5;|rYoW%nELXtT*ilLb2>EN=0Q4L{hmHyn0W zxavELmoMVhoen&7%=GQKN9OBaUz!@eWH6`7KeZz3QTzRzg*&N9FPtA$9`8kY{J>Gk z_$gKVheP}<@s(S*ms)mtZKv27Qnp7|^g~&Q|02b$T_(FZRToUchP?5~y4WSRpwA^6 zN?LwZ7s)W4DZ`IquUTUY)9hmk3)(X{H`^C3d~^Gp)v+CC2CniyaJM9J!&}C^ zh1t$N^g3u5gV8ZJ%o;%huQGVu3WvuhcGq0Q4QNS=+m&wMJ_2Y^Qsb^ky8QO^R86Z1 z@;43?AJzol*b{dPotOIPMP9U^PCsA1wR*w?PAt1J%lK;K>jRtj8K<TB(cWp!0%Tx4>PQ&6TTxwBJ8(peyUcR-ZnVeZVdwlmv)Pl*j6LndE0m=}A zxdrr+`R)C-($}$=w89@9I<;L(U$tvBzWJ!$?mZnVrn3&~9o8*4b+CBnk*)LQx7pi~ zCO^0J|9bR1Vuo}AHD%JzJ(sVXezVJn zxqWZlZQqBc z&r@2W^mV2xLyp}Dcia07oIEQUoNk9U|5d1z+t`mC$|Zvxv~$vfzj zq0{chl&ohqC*^4w*XHwv9L*jXM!WcDdtJ(iaY=Zb$tc{v?PP)d)UgS)KHVmXXUvo( z<#qDSpJ%~r-)WM_t_^lQhDl>YLA)%n&f2_Bh)rjHTOtS*>2H0u`GESNrioBU#0 zS!=dmzYXiy7>~VKw8}u@}13h7fx97bGJOlNo#hC>3Ifz2C+e%C-5Z0+l=N>1xzN@BHynl zYGn7(Q_YiS#<~%PZjzQW9}18e*$+Ocbv)&BQpG4I?p4``*Q_p61?nkTJ)&wKv* z{mb`V{`??zH?H)Bq45FC(%|}DFz(_DJK^3qGT8$stgatH!pCGmK+DRWy)ySrujrRO?G7?*?fYKf+oA6k$gTuQei!I*X~YrKFMIw zri>>4O#qLk(XuqS8n)>M3bh;P&uSJFK861gGQuP%Louw`Y(5#G8T?0^f(`NCRs3!L z=aV%3S}$FY(OD{SWr#~$meK`$5P+wJbXAf|Bp58Xz~-nbInJdCE@_^Iu8#y;VVSpkpgZ~WZ>P>8$5y! zLrw%z2~Tbw4FKZXkpDD2|6hCC)cCI_#y2Ne4T_6^H8~@Fa^{c!l z&wqk2f9z0uOeR~faKTF9NxO&(5qf%XfTB8e>eRe>AKt(JYhwy?ubmxdcB?_lBLAF+ zt(q%uW6Ihw8EYTT*s(;! z4m&py>yE`!Fej7vk)AqOD@)6E*z7s8TeT~myQt4}K|AYKi)XJ|J!>^KV=1qfPT6do zRg1B?%U9`aD%{{u@WVn(_Xo>EmZqlr7jG)q=Ui!8d_-5*^kU`3bM17G%s4IO_PTxB z=-&N%7m6?b`sCNg7k}9s&|U8jW5c)a{(Ns}eBmjT)fqoiU@}tgRVN<4bg7@7-rK)Y zvTy#JH`&~Y!3`=q=*85-3&uTLUS?9zA)v;VUf@m5H!?Q}ufp@Ff!S8WB-IsLR-IYm zJ#54J!1F6lO?DFR*;9Hm;dDFCF+VS0nZ)Op`n9NvA9CJXmrjWtZCJYhR%E+gqi#L^ zsoJ4xy@{7Yi z5F2uNr&!VFrQuHOF4d&Q88e}wdED|xowpz?!B=b%MPf1qC4Bji*X zQ~bs;#q7?dPE}b`w;DT`x^?NlbNu5Lo7;E&5R>17&fIe@_Qq-Vsf&!++Z`UX1&*I+GhUf$?;!R7kOdwX-O^DJ!T zG5PdBT-xEL*Rw^V8JGKB9TPq@oHBtvpxkDHzD0#`PCHda(KM%H7B_MvOAA`-ekkwj zGs0|7LLTL^7S~>T>l!Aw-J)B*%^4V`Z@|mV9mwKU$PWy=au;iPC$WO25ckWa z8_w_VU0k-JvK4LM5c`!_j05l990Tqo?*$ZmqBrH;UcLLByS|uRx@hXX{`X7tjn`U? zd)M>a!s0X1V-J=OyRkEw9^GsHl1_F<=5cfl&OoRr*wy(q{t~@*B%9@SOUL4D%-u=UE{xr|Zl0Iv1daO&_J-83gg@IjhoIX`h zSy?5Svi;8u>jo6|$k_kas1A7tc%1c{D7POyN?*6&hTeKA{pyL(j^=Ui4;*1_tX#dZ z`VYq^6`PmFZgI9>_bc^;AYtdD4f}>Ze2)3ew8G8=b!bOB({AFgNn4*e^ET3g`|f>y zj_dZ`VMo<)`)Bk%6Q}VmwavErZLZJmN9!tLC!QL6q~eIvYx*k({Pp!w+XstV4S)S4 zyQR*r&+~p6=a}ZNOE<3GZ`#51!)vq2J-l;qPtOfXi-JgF*x>I>8%v*Zs3@oA)|3$& zsQBc_r_@_{InVarTX+K7rQ448)Yr7bo!mEf=&AT&{YhiOF-l_TzMZ;xKc??yVsh)< z4^o~MGAX7(4}5N&*qB>z=k>JE_qwOd7f86{MpoxN{+<(d_&1Z#8=WaL!`hE|K2v}3 zfqSI~r@wzpw`hOjd12Cx`TlY*s=v?BXMPLsco^%yv`-&uIBwCS&Ce)@#4R%OlNP`2 z>`i$yBPM6c)rFMKXEgqB)+tR`3SINX5+dk)wuAF7{+#;!~2Pc2R2Fv}wZ|LiJqfLHxyv2Cn zn+dIL=5H7}$0DEY>OH<{(er8YsmrZ;np6L!-TsfKjL(|?Kedhbah4y2G&BE$>RyBW zU$7$lw*LQ!jQ>giIsf;;+_6I#cDUD?lN3tXqNNlH<=T{WSC?J{jgaBPN30lq@y}yN zE04XuKB)hZ0|$Q?H0Wk^b;k~!ZXUWfK5Wm6+ppd{cyQ;|`*W8+e7Jma_nJpX930;N z{`}3$Kc75(`uzL7{dy1T;?=ca#jh~`6OAC0Lr|G${>O>=A5=ny>>*S_QY=jePtG4? zvY>qB*@6j`9eYxD;)~612!kAbSC=o_{${2rtJ{hk&d|Wodtcq1ddgQa&NrNvXDaz+ z#PuHdxTCoOkFI9plf9UU-h35ZPj6_}D684U@>y167*uO(qrBi0Cd-V~dEzoNb7Q_S zy>;ukv#0BoPj5Yamfjen4hE&-5uxU$DT(1;DXUohj4>;{;;q~CF#4sf#bXR;Ei5ZU zhZD@#PVN=PJnT8%lh;NE!^(GDxitIvj-N28K|7kY?srT{`OS*F=mj3wd&cti6=5z@ zebyM;Q0>KGroUEMES*Nl(Ro+3Irsb46B9SBtr_p`eQUg~3Dw|@<;|Wklfv4v7P|XA zIv5z$*}*!F>6b4awQWPsb@w>Q7P?f1%KObZ+Srn744%B&rJB*w!1c|`7;nF2?Gump z4~b-U52UxH_dhuP`#Z~LZB(RL8dt68W5JDU`ygP>KwS%|iut5h`s_9SmR*CKjpw#> z)qgfS^k9#aUvejml5yyQYT=W!OmEEjop9QEp2ZiJ04d!=I{X9datF7#$}+!~FBT89J&5QSpl?-*HR&2kD#g_IG$b$k*F= zK4*VLpNEER3~ahA9Dllh)hQcV`(JMI^C+!~=oN$MIM1i3y6EO*PK)k+^BCJNPPlF` zyFx%2&8%K(8eI77sBEskzmJa&Q{^41V;Yi}D`>HS%@ke0ax2W=m>HiKH0osV{e0tB z_LnfK=`xs$isFvz>^Ms?Ot=&jPH**U&zhMNr~i!QsYbnvwAZn${$rK$P(``Vn4)KW z`!m`^&C~DxW&Q7B%js29EvMWh(kX`k5%2 zH{RWF8*DxtmTc-E^9G)!ZWShBsoYBCPG6`0o#xmcOd#-EQQvvrF#?e0>tyBvm}7nk&3s|q-L&$f83H}Egv z!QD?ruNKGNGwhkXu7irVsFgKeF>U@!P^PZx+qK-v2issi_DJ8ocZ8?pmKf#is4nkY z=yaVuh}L=A*1e`yQJpUu_KK<5oQM7LAg!Wo#8L0(OI&&npwRNBRMTsw_+Q?3;llcU zPv&0h=o|HO$iz+bBA4%8PMd$WL)4>9zSpfBQg}Cg&qaBysoAu@hXeb9{Kec=Z*uPn zTNI4UpWO$~-7|8dgfsET*#YhC5Jm`=&qC9}txhE|80I2iBQc9z}4(ztXvX0e~bexkRcq7{|3iE+** zuj{s|Xi-Jq{dy}MoS$Cxro1jITRX`{_)`JK4b9IrSY70eSsmQF*qFkURI^HB4w!8i zI*n=(n(2Pc+FbF*vrPexg-=~(x+>_f!+__L`<-0Ydd-_dPQ#y1i7{AiwmT@G#(;~_ zVndd<-5(UliOt0#hx;&EmmhK1S6Y~ydYigZWtOy}#k8Dpw~9)4U{tzdO8lXUiS#PW zK(d)aE%9a?&pE=K-?E63K4Z`y2k3!#ziOosREc4PPyit2^KFGaW9&L)S-+m;qhF|Bk-x)LB+ z)^a92caEKKSQzK$nH2rYc5Y|Jo@z047Uhu$^Jy1;Qt!#8Qby*3q8qEv>RqWhSCsue z$w3zj&=0>bj~|4Y+RZ+zH>i>_!OE^!FeJzzRZwE`R{~c0Fqh7JR>Izv?3ewp*PIEn zS5O`-!)T?I0i$n~1$l8gwz*Pef3{bd{^~pJj;=Wu#*4tH6&?GW;Y6(Z-G+u2uMV2k zJt936TT%Fae0MW@jH3`^`#Rrt&u~AB6*(?DU3RYv9}gBPDprntp5k%zZLq#YDTVFj z(DkZAuDfd{?bseWU0W=~puCb|@l4k5;KM5u)<-Q{(bJo@(%+dOdNq}spOn1FY{1rA zs?{Abm-nFMhQ8FRZq;UWis`EEy@Nh%*%7nCA!EG$v7WYW>*tMg9-85C{ej018$wQ< zax#tc#ro%On-S@>yn~bbcP}Py-jnX1(Yn>Vee37Xm@{!|hV|7)fs~H9oQ1_3M_&p0 z>~2cfb8(3pMxc3oG5^ro*RcoZ{X8_0G5a{He|$HNsQcps z{rd_#p6fKP>|llITl%J$XUolWAH?ptDzUq_>-PfDw2qdyuD$F%$1ma!=B(M{15VF! z%{;OFevX5e*`VWes|G{|swF?=cEhiFr87w@pcBr`@9G`}ah@IJy|$ za^TM572{l!avUTAYeC!}inGD?%je{`J$@&CoW0GmcHa2p>xbMa11t?=ImNpeuMSzs zYKlF1jHYkbOJ9W^_Ulzu+zaKk#W%=}A z+q^DIZjF7gY~Xog)u@o(leUfPDG3SPwPo%`?>X!444U(o_q~1DI~6Z4y02elb9>78 z?v4X`>OIrzVg7UJ?O`5)5m6obU%cUF-gk8M*ju)qJKnDt-)qt8F)eCBDF4|y^l!57 zw`Bj20$+gtO=!6^UxDWE|Kt6C5tx*J!~fQzL|U@Qd8f*CY4yQ65O68anECTr!?IlDLSE3{d%z1NC)$s6|-9r%8)?T%wVE<4z( zGG$oR=0k_wFJ7LoN zjB_55%Xo8e)5ax!c~-BU(|9p4lSaL$xU4)Z&BaFYYpf=ZyBr=LFokZG-#KUf?W0!g z_QS(1UUux>lJVw>|Ffqvx>1a!rWV~r9eU29(OL({N|#`q{?>QPDpe11*O})Bo~#fX zO_;>aYfWD|`@!5%G3`eC-)V`3XBV?xjZG>|3t5G`l`Y!6^x=2gOuJs5_V$n9>$}HY zdEwZ3%P*ny$d(fW#_foVJT}DB|H%8C%3de)#8+2b?NcqQ8gl#nlaA)UpWip8Wj5oS z$FDz?6d3LP%e=q$!ZSnSep`RdeA_^yZIO1_QzjpMWOyR+r_;QW7lVIUAXMfUdF_rI z)ost8H?TpE3ol;Kn^^j`<(h6g~lCF*8^=4KuJGFbAS1|JM50|I( zl_y5`w3#2oHX75rY=2?VP>Wv@X~XfW6Ca&D8WT6khhaIk^HWKm&Ogm_HO(D6%C02! zKqlT{hM!{I{Deq{mJ0?_LtYIiFrnPLFxiYTDR&}MvbtS-NwK>fRc7@2&-3^>6H6An zi`SWx-h%D6GR-`NknMrRe+w_U<*L!DG!lJkCS9Ik^j;_`%JpPAe zc>CvD#xBm9^L9o@!z&N1mooBWir2N5UFfy4uefhTnCy>Tw>EB=Id7eJSHrt4R&-Xa zC<{zDF!=f7xtP~gZeKgoJGX6hj?7pz%xzx84c!xImK$uk&3k=i+Wkj2&yL%=-LY`z z-eXsv%F=&c_uIbre?0!}M@*Odtb$H!`QOdEUx5E=y~HoaoaXQ!VN5;yPtfXg`zHT? zIideX3KIW2V4binEwH~n)GR;#>w_2XcK!7H(Dj$E-u|`v)RPl8U!A-6$L90DUH|pX zqN9&5KYV@j>D%wCp2A!~;(rSg|4|-*|IdyEx5rj=Ji5riyHlZAt^w6eLh-Y*u@A%I z=#zXfU2A%In}@NM#-lwMFPKyGTy%VnS5@m|6&wzg`!T)ewwy53g3e(1QT;8RG1|Pe z@s#kqJLR%V?>!ibw~y9QVBKg8eWug|Gt?cFuB%TSlVWZjV!@E>G7Ojo{BabALJG5W z_qk=dIxP&HCNSLeN=DH1M)orDY(1-={st2!qj=l+wnl9hFLT`3LdU~apEb==Cz(E! zqO-}`+;G|A;m~u0L@vPuY$E56~B}QqsxjFB2 z19P3bWHRNxMHCj3Qji{VQ@Ju?wn3Ykwk2&UVtmXpWUVE}cPm56>D=FoJ*ukN#uN!t z(y!?JileP;w^NMe{<_O_7Ba%A)f-QjQUeA{O9o&Red<{HgY$QDE8B&LB4)3p2bi1L zwdOIC@{_Q9M!Y^RCXaDmXX;2!?6Z|;@|-X$lV>3@_n9a4S*`8yN^c&;yqlqfx3VIB zcB`(rxw*p+Pp+cs_Za_zai?OL)%s$j~Y0C~Ns! zciyZhrnY93#g?3`?(y6F=gj##o*%m!f348OS?~jY(X>qKP98by7<}o<6CJNDPjDJQ zbz?CS1j%>3&$|5P_u#Cr6Lb2Ow)UH71&kKO<~wA2=9c zSjAq%NHmk{BrUmclO7w?vUG~+tZiGagtL~dn#Hr2U4E$-hi5)pk0M zixge4UapM(ZRPS=Xz)e&PbfrxR<`vbHIM%d&;P(Xz&HKhdNlmEevtUj!8i#2cRZ*$ z{A*EOeqLu-Y4_>b}+ z@&B=vQ@M0^&4nUUdTegeWV4Ck_#lUY6BHJYTb_A|8UL_>pGuF$$=b z%dOz-QF$yx&wHN|M3FNfjmQc@tVNC(@qh8`9|*jqPIDheD?qQ3AS| zF?x?xU_N8$Mg}=F1A{*LEW_?P)I!suwhX2|#-mc#4AC*tOIxz0q(heV8t=Xav*+cp zhQxQ&bM|HGvZhH#V)~ZOBblr`@qsgA8Ptor+R-Qnqsj~~on=zilri(VA3v^ZfLkz` z>vbr;nPV--(*CgUo@wHJc2bLlt`@x9py;u7H4OK>sNC~EwwU=UbG~mbwx$5Dp=5O~ z_3^jtHfHwVTRJg)D(AK_v0v(|SWNFR$!gHMjt^FZ4b^YWJwLCqJ?_r3z&)xqtvXYX z%i=|PJBIb59F*wbohp3#>KZSZTy?%UI9T_svAacCH@#V%J{;QhRk-nh>{h0yh_D$9M z2QSUHsPsN;<#dwXq|pr9zUQ?Z7M{9D*JKdZDscMZBUH!3I;&l#JRXQi7`3xTIm=rR~b31?jWb=wxwW(1|~!L_t2#o`R$rV)iLNn+bE>5 z^!-_<+b$n{vK7lq2QyMK^bEJ^pX=>(jCtZli>3N{Q=N45FncE5=)Nw6UaBv*U)-km ztID)|mAv1Uiqq1@@l3}d=OJ{NPh4L*2o zo_}KZOUYjTW)1~gPSU6h`kPH}h7`JN%Av3&tMDF_pxoJ#@;47D-`mjqSIlGMK2*x4 zr?(bG-XA=%myH`1;O}tZ%mCfCoeK})g&bPyyO2Jttj%r8%dFO~KYXsZWAx1a8yDYh z$yp$o>9K$5oqh}3-jKPb8tYas`u;jrBS|kk*_*Pi4W-|x@^h8*v%lL?wa0bs$@JZl z$d3JnVYg}ZzdF3FpDdG-gz>PD|UO%iWU87MjeOf&IR}(oO%6AUIiAwOYUR zrB@~qO0({{jL;CD$O&4ovf$c)*s?+H1ptK?{-+(+AB#v1eTrbxM?OM zv4~$m4VgqU6WU)0?>2UY>p>ZZ!D}_ZWt$b7O7SV-`?W6*i(h`R#mUW-xJ@_8*XAy> ziIKMKS{-xcFk`ZG1ep5&J7)Y}KJe8kz6k#b>&`DPsu}#}xrsj7|ABiAzTy9uQ~JwO zkofNadpFB;vG*Tp(ze%}xLZ?rv}W_=n$T4>cVE=W`MTsj4~mP?YI1g6W5pU!7Vh1V z*UOjVS3IpO+!*sVr9O=HD_Xh#S)s8H-#?~o0+u)9>fZcCv!rMLq~ssey?Qxc<$4-W;(lXKA}dZVan}rBR}GD_i14Zn{gN9R+<$Z7FN|u=R7I z`CY~Nm2D3gu4^Z56>7CIG<26Yoz8DxaLW3MNmQ^7w=m|8b+E~mnVpr{3~aO~9#7a9yuxVe<{8NhlNbxu{**HDqxNyxQ(GP=$v&0;cvx)hWTHwAD9u9fEjJd_O$mY?!#6xq&kD1%~szWAgeUeq= z4n41F6zZ{y9ZZ_j3HgHYueQ(ravp1L{0l_j6Hwd#A6$Cj_HF!sIideX3Ud7GV}^wP zH#qt`d9r36{LOArpc07F&J-3!xhr#c>7cO*7w zP^u`uOtB`Uxyk7twCh{a&!fQK9RFW*6431U7c`Xrg#!LJ{h!b4z<(Hv9RD^jf@joV zF!(oa+z5jo?d>!%=4s@ZM=3CB#Gt}8E2qWfE{s~-@8#inH>!GDT7>@6k-3^RbwwNb z8jpeezKc`R{O+u~IxPLiLF*+w_K%zyzxnmL=Yz2OuXY^YUf`0Hed1Tfv@R3JO1~>T z-{OyD-yq>1cIX!-|C{6gi*|yW8~<=2Rm1ro?lb&0|9@du{;lZb`0q^4|1jro+O#P# zF%d)nzygs-6doS_2`o_W2%yv$?F2Xi{$R*?)A9RmGeG;#l9v=?H&Z5A*2#EWMfScm z$G1B!GCFK)(B!0$v1`Jjir>1T&$BmcE!rFxxuRSq>giHg6Im2pz3|-D3MzBvtl8A8LbrsGv7^V749oAKNAaLcO<&TgNHuqj?TA=a zV#0=vOR2ipBpp3Hoe7xk)(z{@zTeiqe3NX;!AfgTDx!p)KfR=A_Rq{Y*=O1uKM{KB zC;C0Q-TepFj~`o|O}`VO!y1vyc*8Jx*XF64a{bf0yX8-5UEAI~w9{tRktKQ)JL0jq zcBR%rou7=Bc?OjS@LiAAw3e?gJ$o={`fYkC|8}?jeyj&4gNxkHFa0rJWPT@A_er0< zp*^c&{KZSl@)kWwVi!M%JH5TTO<3z~-jUJ0NB&vP$frj6{}kAY^+z_uj+a^n3Z+WT8zw zbH=ivXIy^Tx?XhO^AfHzq|*|iYw-H57w^p#bl%bbxuNKnyyD4LgG43c-E?>L)-mI) ziMu)8B4M@7gkvE&{yi-xR7!_iyLP-a$ui>GDZTcH`p=)W@Lw*APnIHI(_hW;v${23 z?*AEXcmn;eZ}-3a`|QwY|9?&A-_V3F@BeT2|NQ$sPnOVR|9>s#->CmTeg6+!4%9&Y z1MhEeB=pVy(2 zaZ&~Rn9i-8(nFT2hNU&^zlo^Lo*brB-|%Wrbv#H;*l~%mQ2CM(S6sNoMmKtozs-* z#4Z^dhX%0u?(Pz2KHpiui{gttghD5tgvVp!3Y?RU^Kd16vfz`7^X%>I5S58`rAyOf zUhEXvu^SHIc^&yaCMX%9maOVJafu7#G!=xFaiNWu#uw3 zgj`&mTU{5{)(t27mW-&0SC>GO0U2MODovN+aEV9?T+RdiPc%>yg?QQE9qW+unWVly&QG|#yDhng!wJW~;u1lN6| zJ||O>oubYN1}orxV?;wa!Yy7hau5>*d`uxCF-e&wTCCwoJYANpByvg1P{^FwU2qr{ zkx~6a0uV(2ehgVY9!VK6{zk-Qq-H2Q@D2$HuC6@ZC_`3|sO{#B~i*MMy#jL%@WMG9p88LVz%o5kpwc-~imXXDx1A6|I9h(Yi&& zJ!^5))gg{LYFpm(+TPl7gx8#$ad@8rOM zVK-8@`hE1?et2AHKum}i-%af~EtvP`9GF;e5Pdv|v=9aByKDUqd|W z_n8kXrx!i^2_tIt#jc=X^;iX^j)R1Nxu)XD@UCC4DK^shE3kwa0*zPZ3zV4rw#q;f=@Xy1lGL8QOh zsM;>%@W@_fi}ShvL6fLg(1h!M(1bc~Q0>C3ziTn5VHTu=%z-otjV-6f)S8x@pEF5hF#)*x+QAMd z-$2O=M1NpPL9YSP!$m2CpuY)i2>wXQNh!jU(uhv_fFOc?aG1i;J~k*ho~I|CPkutD z1)q;YSJl1)ew!thfq3ZyIsg!p>I3-)!Cv7j@)OCgeb}fkNH0fo0kU>7s0u_!HMat} z6IdYJjg|Ot;TiNF5}%-EpG=OU{)3R1oRcCUMhD-?#Yvf<_ee4`DKdvQqfgY~0H4Ui zj_iS4=Ibp_fp*Zz=fh$9f^wFEe#ub(sBdLC1<+QukE^eDMivN~vSc3?vJ$00k;Qc*Ao3n%A-%i}9w>F%oP56r6EhovS9 zv!EklvPY;hDY$=RShPqO;p0lOWFH>i19cOo0~e>@X*rTyXjUdc8mzYv4~Ys4@*(uP zgoFffO0G($gTKMbm69QoB+H#sGBaKLLj!!Ebgejv>+bH6oSNbef5B(s$3++wDD(-8 z7lnv|`x686K}x8WCdqqTph~VMH!zgVapxt(`;o(r5k>_E#`v%jfK*^qq2a-Jbd*0i zi_jaWri+?S(DtY>44!jl;eL@(0fAAlYThnFUt-8m$PEpfB5PPSa+1g?h9a;{%VwXQ zlq>B={w5X}?$lgjiU7FeY^!}qwn=PFA4J=rI-qUpL&{RH>mnnA^=Sus_Qe`rqzB~_CYVnkd(X@)v zJeXohvXb=4jhP@%&&kRqNq|^K_$WbC4J)Yi_0Wn7Y?y3w_yT+C{cO+A zeLp-+6v~Cf0f>$$WZ*NqkPfOX)dknTG6m{ga3C=vhtHb?G`03n!8y$*RoM|f=X2)* zv=Q~WfRDLtO$5Q+T$I?AOG|Qa<+DGx3jkKAcR|_s$Ged%%ge}>XmkQ`Rv+RRP)>>4 zXOjmstKJ{-EuSzeBbPM|IIK9EhfH6zqkb0LwGTo(Y-h)o(C858Lf z4zP`CKHNXIF92<*_XQyxZS{mCk)*s_5CL=HJZ!-++&_QELTl<>P&Q6=!-eEsE-G%; z3ZwIOAy^^&gZL-ne83e+RvHYaXk?U+O;Aukkh@=7996}3Db|Yks-NcL#5aFOyCH$0 z!67j|P%4|`+^%dku&mJF2%oUPpcs5G`L{oS)PYfdeqr&mv#*|E<5<{BEs!a+CF9JJGhBVjPg(4Us**z8EP)j{tNmnX@`pl8JwlOjU zk82y5FgaNs3g409(q9;wNS2eDktzAF500lC9LfHXc_JfO;-YO#{&~6b=sf9P8xndL zpthwIwBRc;%tB2l*ORykZAYSxq8yjj;anpKleKhnA<2U_Ps*PBfRPuY4iv9s;w zxO@+2&efIIyg4_`<|x4qXcR3zEFJonL<*E>Kr@g)13)0|CXoVCyW};2B?0aM{(&AO zGN6PJC^etc1Qm#r5sH&QnHv+39)#pqa$~dwDAWD}nC@4_E1C+Ao#s&q0vH}w@1Uw0oM*jZvsZ;ia&9=jn zGsU^Ngcj{5hHfBu1;jGwI@w=J3nni8HT;6-$pvV|lkM&*25Uic{31N&5*4B!{8 zTo1knht1*f6QaY(ng0|3BRmEG3@y(Rnx~&EL!OZfw)YHKfw%~);YtQiDuQSo4GGu* zejx7&3TlJEb~;3o}910N7rPXGyY>B(nav3iH*bsAcA)W!UHC=4Sc;UylX|laz2W zvI#Vf6o_GHXml`6@=HVrz@Q04T}d--os$$3a%B@10zgSgV}{1a)Qu9PnSz`&7%O?! z6VN+(E`U7(7A@O{T2@sT$kj%#p-x0s&!(f65Fm&XRtZLefEMLW?v%V-37q~uHl)l( z(kDUt#6Zyrr+y+)$GUdnq(FWRs%q9l4`u&2s-2*A-tmzQ1YRe`Gg3fjWV1O595_Ez zl8_dy2!WyCH$$AGxr8;#H;8mTQy$T6(ElfNn9pvz$F5p?49n1}7)uD8nmrC7yyX6- z4ue!m*>1E=v77cOR!N6irdVB+)$F%F0H%LWuie_7WMo~m6KM>`7)YAx({6t4$~68Z$E zuu8~f+3@{50{!_c)d={g*GR%7jW!fJQjQPUN)sbzxgv)&@Wk?A0W^qylpBquGV>B# z9c)!mfzi=;bf7TGKSZ6Glf$IgNz)*;kFLocsiA79$#H0O$Z>^KGlMeaaT#NQ*Mm(Z z#YdWx3l6A+QsKh_86g?)R|EnR3Jz(uqy|TrRtd{0X+-5HmkKPZ9FA`Q=piyt3e)gZ z5LUdX)#a7An zU{zHfC&2AU5RQP}LP7%q0wYMQ5qUZ((J{0IiL;>9yMw?-f`aGZG(&6L^wv)scW@3G zvpnY`BTo6xMy%E?iUbMk;HPy_m;&avT%v<$gt?MTgeXvp0bgn^B-~=?4YPIQDhXI-hUTw8v{qrT#`{7PwUbZhw)pL&W9UwONbV`)Y*EjCUY zXPL&SOYLVj<=&wrwa*t^fQ%`gg1iDgZI$BE!PgpKAG|0h54<15`9N3wDN#|mX4HXA z>^N!x!DT?6&OxLLKh4$+C#Oe};yXZ`-Eu0qzCn_tmX}?9!^N_emwCQIsg}!baCcG5 zyZOEY^0d6t9WH0KyxYT9n3vY_vZrsfMB4H)@PWu=xt8l3--w)iE!VlgosvlzR7o*# zR~wU>A}(rWN_{yk+voafC46lp-?SoHsa`9+BT8?!vhKd_EiZcbdbGUg>Fe3@B1|BM zt>rSum!oBP9Ih`%%K$m9z8oz>oAJoq=Qv8Bj$YVwQD^kiLk2v%=Azgh$0MX!| zGKoA-h8+Aqm4kA%bI^Yo=Vvp{)@D-Mp8Ish>8oY8x%q0@YkXfVJMCY7sUgq(%P(7; zsDFuHlBE7W;Fm2WT0-6Zj|5Z1S5>m9+JOMhsi6pTjLDFCA*B?LgHR@jjsq<%y9h@? zNVv-AgYZG5WNCLH3Iey2keIm8p)6n0U(N|33!nNlpgW+avU~|YH}XjoTJ?$V28@Mx z8l2OJmy-HQuCuob46Zc=6VB4M&mwh=HX3|YGAK2Q^dh0uB^LQfsr5I-&nST<)oLQ8 z94Y527(=OGQ48AyP^gghwj7dCQzYn#kP4L-Hi>0?0&?L>;T9BZL8*l*(1JjsLkYj3 zm?+`kz%V=@P#6~d3BU!Z#k3rh50_;qX*3y2NnAy9yiHI$I?6w1Yba+* z)hayQgy1%{OR0r`1!_|$vrs}fB~qLU-Z%+za7Si?ZN)P|?mSAG)?_Xr9ki7M0)$S) zVo=Sq+#n#9ni-Zm{H-J#Py$*)Au6d!3nbPAWvJP7k-7Afad>hj+n5Wm+V$nJaSdQz z1;cBa99)sfp}8c7XbNor^c%*f;m_R?e^1Ggb2JRtEP&|9O@jVPCzN>~mK#EHR5lFC zFbx)SWrS-^9z?##iKt|-fPpDZ6>>^IUzFXN?*R^H(W5g|QP*C`@I}RDJE`J2VGrW~ zwIgde6%k9=L6mUhe`7>Sb6~o-K%9{w&d!vlXtxNugCA=MaT5`QjOU6oC0=+mV&)v! zascoE)*yojQ}A3PIrM+O?<53`!f;Vws|zUXgwY9w38+4>-ND2eAc3&t5ENY~E{Y+- zv(-Gv`5s&rSS*Sl$QJBkXbn)TZ#sE*t`{BzKuRu9B?U=}<+v?}$00@sF6)F{^1rb% z6s=Kcwln3WK~NfDe|15jxVh;X0|DGIurN6jd|&gGi<2israoJk6U{Xu+x_paQS(zh zP$+U1MvM9rj={jL0>J8(k(p}`e@ZgJ4at@7&ZgWn`N*$5S}q22BH+rnD-mBqg+fEL zXoREyACe;*jr#)#Od!RuFkCm~kSMsT359KytEtXVl?4DXeKn3pot=M|A(v_nZ;B{Y z58XjjsAT=g3BaaEE~PwJZ2Vl&e_D?XD(XiY4#{c4A^&>=YjM0Gb33s?v>3qE$JxY; zsks3!A?1ON=aZ}$JaI@tl{A=8?4J}i$pAz`(u@oc4snRqB2G|`0XP2}I|Ho|c!IJU z!2Qs9p~aDDY*uoHEScE8$!Qrb5;A!JILgZtQe|1_U#>HJ(LZdUk0(X{JTA~bWu&Ka zeE>V6UPxJml9Q3A3tqW(0pDuA8bia25(7TsaRM2pn?p zC^2LM$b~4t)_Y{@?)k9}eS$LzkIQHI4hANne(<)(UF4A z1ugzBZakRzaHO6fjRZ0qKrRWmQ)$eE6(*Y_g?~ihe=k{iw@u@u#4L)692^SaXPQ#; z{{@*-5nAMIO61uPTSz4KP&=F4TwzAT$ji7r9z`bnP@7N{jjFFqU`#{;>6@X}6gbnt zc}=99zz0+5Y}A*g)t1t7GE>#tafdF&NF;a+z?HessbKKm|CAnqpr_FcoVvo4dP z`0wP5ZIdwAs{;cUoB@CD6*{Vqp=v@HUM+(3i!6{_w)Q<^3dXSGf; z6!XY+k>{l4Xlam-;!whKlE6V8#S|ltb#+2+&SSL5Bucv{C9SlOWIj(nQ+f|7gH*Yc z(9onT+o*dMYj;6vOZw3CkJBbDG(ip2n+RP_?WK@hg z$0w!^lt8ryN!KLG-vIgeYKQ?Kg(heO29Rb0!uL@bwM^|eWo&^|mI3>>NNw-(Jb*w% z5KbV%E?k5;O-~m4rkzoO_z2S`wO4`t&GWgOtL3ld}*7VR75S=#)qad2e6h zC6GU(P?`INc#9Y1f26!fc!qirnRfaiYy($rdi4%d0ZU|1Vw3BUn$?Vq3sZM6MK9Kt z3j$T$Y&HW?M&Q8k9L?{iB?SMjdxJtc(Pd%q{+5_DRsYq%78CX$OBE1VJ;vl;x zj|Qd=o}ey(3&`^{upU>y*~lnCWfBw09})*$7Vag^3*rsru>V1W5ogFyB$yiW;Jb2K zj0T`96#9gtz%VMO+COf%H!K6l_FKM9g zX$-}q#ZZ9CP>NNRYWNT31|ZgHus2>yt{vDH34dCM3r<#*(GdNqI**$!drK)}COWG$ zWwm{Xc^gc1(lAP%Yk8ZD6ysY$ZY6yWFv(YU?@oabiegp5q^3;hKK8p3k` zR0k?`4q`Oua+@uuXQgB)TZZjH`U1cjLNXxY`GO2M{E-O@6u4vw9xj$c##|ZrrIC8M zGads8yYReR(#{3SUovD_RbmFZp~u^I%gK&nYG${PmeCsnpx!afC-HVD{4Q>(-^|0M7}Iavij_oYb+z^k(w_@!hX6m zD>FMez4bQ|B&<%!Bosy|Zj`Rp!jGVpZHqQU(XITn7!W{|4+6MRF4!o5v47$l5vL%`*5FUxWVTj* zVDrIj9hQ@wl9L?+dCTN7NmNdeI8#kp;cD zGI@g~01_kv>m?wcSm$WKq!6!C%@-vBG~0Cqj7ILbe;xw~2#k&ijS!-QNr;gUephfQ z`g3_nYa?qVZ0sX!#SOR$aSOqx)Y?`GIW1VQ_V+ZQ(<-MclAASKB6QS{l1z&)K7&_M z0v^E=KW%`Y=_Ezz3^c1t=ni%NJ4(r!?PuM+rD21aSPDI$?l?Eug& z)oFx(BVR1_N%_P_TDot+`ZT2gQDW_cPgV1rk8W;Yxr0*$c~p@ckfdag0*OWlB-YT7 zFyP7|n>OwN@da?NnzRNLFOq!iZ8#pT{fKAb5oIx0LmnAe26nqmJ;v;O3TSff$A5@5I9eqBao(oh!zF+v?3)~PdEi7!AAh@ z{lrDipu$6H-V7-^s0-jYLigo@@mD4GBkL&HDQ8kvAeLH_Vf?$yC@~Z%zL9o$t>PNF zJ1G-=8yl1~&mn0N66-Y?7ks0ofP#Vd1vnlT0WOxC4RV&!Bo4}&n&J};l2{QcwgDdH zpuT}um>&co!xC%kZakc*jWbvx1H}p)$a2B(1fGC+PAceDC{YC>KS?WFTZN4%x4b5Y zB+o6)vrNTlTlYU^tFuhiIihZJP-DaYf8+Y8;(QRrz!>hL6o(1HQ~7~#>5Pm~sgfh1|sZ<1mIV3qfOAKrZm=Jh} zLR|XjTx64z0L{ojc0^`DLW6N`g?#>H8BHuhtn`x6$~C|j0#>idljc8V96~q^kiVS< z!{9*DJ8*?XSqi{&8SM8&Ci`3*%0XqOz+Q%c6m_`(*Z^Ub z5IP`aXjD5dgqcw0EDu&WBQq1F2X407;o?j&RDVH*o{&EmN?V{w4kS&&Ig^|BX=er@ ziXsYWL;Fx+HEKGL#u3sw^z?rL6H@^@+T9Ncbi6rIOd0H(>vVFaoG1gid! zoJ>q33AYguEJ{_8kHU>$nowFM4Sfcwd=$h<{6jpYoabh@65pvQKjdv(wmUkXl} zM@}Y97wp?EZcr!%-H%FI2jM|Hw}fa{68CI9c^gsMfOwEfS*Q6Rk+zK_bE3;g{vt~Y z5+3?361AbM{b++J6Mv8ipwMaf7BMliNwvR;Cdv6D4ApmvV%Pa1`(nbA(F|t z5CWvGr-3l8)al4=M10afoZHfZ$u(4Ylk?R=2LI!gwBrU53kl`m;GiKE^RreD>Ptk1 zyKuq+0{{o(Bn0|92ZyQ>{7{*++E@t!mm)X|F(qn-DT=<83O*sYBF(s&a<8OsqF%>e zqwnNQsAT61CerLYiI|{naCD@IIRX5`L2{?aUn)&V5_8yY`~)_H`$Jui^aP#@S?3&FeKvEo3M*)(Q=ODd+&y*8QuD+jWs7}O&i94M$SqvU}_PFHBm+fQZ$7m8ZbfO zBuYzKgb}3if3vBQBw{eM<)V&$oC<;ly9{O%6u?V}iPExP{K(dnd*lCLOl@w7*0zS9 zklY$>Y>0x)O-o>N{`%f~lL=^xO04fzYi(8}&1j&8Sn5hw%;)%3&;H8i9oyA6lIrcI&8i&?8B_}x#RWo*mlBk3(>7%*= zVVY?vP;ApVIVp!TO#5YLW!{@mME@h4VNiJzQzNL1=HjBPBBkmKbVpezO|6tB6fX1= z`VS0_ij0j2=u7zQLg7}bI3<aZ*HO7NIP#SBHv1`WK{Y+#hGgPL+YLm` zhBljsi4nXb*Wjol+YskY1BPMuEpeqIHDqn7aYb=krR&z zjF0IH>PSR1Dng-AOOq@H;e~Ud8eKn}tV02xpm<_Gm|OLNbMT3%G(uDtQ7#!uh_Cuv zS!#rZ=;70?>S_pIbG1duQpnV$T3xEN8+E7+jx1wJ)u+jvqag+=nGeK_&UDM&3eYt#YLCHOXGid7~)? zgw|6F_`!1r--g(1Q2J8vfdD3@Y&}DG~JSix013rZLKlchFadxq&z4!oK5CB)XcJiO5fyU6Ox+`q+C()c;&J; z?Oe2i4bzPqy?KOQhx_$>X_GkN*dB6A~E{ zCX9{n4^gd^2iRzdz<9{KK}B_|2Ku*7EcmQ9n^;dchnk|85zo`uM6FLNJOOcOi3i64=3&}yYjo*PO&-ju=#Im@BS*Knz+N%cuV&Mqyd zlIMo91gn~XfLkyuHZ`DRV`OJq_oHxgRi-&0K}gl0G#hBss_F)*mX%glm9JE@1CyE* z$c~_OEPUT!_^R!P!MjTRSq;xDt#3o9FyZ~$a`xOjdFp^KQ0DD|6!QMc?^}7kHP2x;Pfu0y7Q%73 zmFLN|)s}C-9TFWw{zN5QOWlaF4nlN7ns_V_x~k33Z?DN}3H1JoTk-byeX z!3EHn-<%UDWBJ8NkjPDqhInqCzCv_OStQ2^7(p`W3XB?4p9M;DQZ_XzCrR64@}RQH z0Qjnv@n%4HCO9t1H0H78-r(^$zM<5ukVGYu^j>JCO*K^%)lSKL{3) zgL{VhV({Hy7ZO*I?*+9VnyrXtV}RYDB3FYYY2sX$f{bip>`g3!@5c9yE|5s1;442G zJie(rRP)$;H>tGGCgix4%o_lIpnE8^fh@?b1cJ1czN5OWbgHBJ4dt;4UBvJ!VN_lg zQAim)BtD{1qT5N67=;W$B}Wo2@^DibuRvdx`>?KP%BYnbj^DA%BY zeRkz}R7R63JMYe?a6lifs}}R_@Ou=4XhZ34Ru$ks+*`IQAFurs=%%L zXFZM{MolPtM);Cz)KaEO1p}N4H^Qw-<80d?jT;*|z!AlYn^h@>3=9Z=(#X3Y^u@=k zH?0M)Q7dx~hN;%uR)yjD!3?RY*y7{C=G@eEE$yq-uyl5DV<07^wxoSF;AE}6LHS&ZfoRMV`3_Rd)euQq)RuQ+ zqgv{%4M$n-sM&~+A3)0?wJH%qImOoBq3)*vqB7ulN>RDxOPeO~Q$-IqqE34&!$a~x zvw0*2HXaq6qY7i9%7u7HRA7+GXIWXeU1MI!gU_9VA{kqGoANpE4*)kKZSN%<0+i`M ziB_n3;Xy)wsMk#xHJm~unfVg%d=bN&z{@Z>M_SYm`9f$OX;4Hj6DR5wM%tfK@_d+4+RJCFnj zP8Jb()5H}flOzTKOie_iY~r~tZ9n!| z--30V?e6A=!Q8Rk`Q*P~a3?;aYw&}i8@PNfh(zufxR61acno*@thfBdo1v06;4e5f zT9Vyn3*wZljJEG+^YMS`m#wZpSwSs9LVD>Wpk1vj%lx@xVS{J^wOm_Ye?CWT{rMQU zNkMEChOyBN;u!9GG`2F`kFl^bAMT?IfeN>BK-whso_3DpLp1pltd+z3~U-I)$y?ydbB>Dz8 z#og~;-pY|b-Ln1pFK>Uk^TUIOuLsj&>aM@Obok2YGf(U4etbA?+>1kpzWnmWH4eM4 z)8>^}x8o!z#Q&6-6sim)*6ve10M zhDi}a^;csO{Ud`nohY<2vF>8fshx#^d3(LDnXJPD5A57^Y1y=h@uHfO$4=x|mYyrb zj0`LyIvJR;tiRTwb?Rj3m42DIdWufr<6oRY4GcQ(_e=Lau2ZAm!Jxficg3lV=P(_8 zrkDH%Q=r4pH@{sJ6*}PFHxZ@fA;&IDW=*4YV><0%CSuzfvG#imXU*BhT*P` zye|ZEE%waK{_ybaWxZ}??os+3n9L)X&hQF_xz&Nvm~KWq*T(NH%uVpY6TRBAk64j&3!qx4cOsm=U`cCi>oipdZZ7kL|URR3g)1`Hp zm@$tjaJ1Sw>Ij{FV?~K~=faBXL%UmKR_UAK^~G5CSzR!!yG27WMt5rXNyk*Gu-a!D zGu}$S+c@?%9V3wwM%NFis=_vi1swgS-8x_gEZoQI>Cxnw+ZoO)GG#gzPInq==`kXK zL7!n;t4?0d-^w{`;m-bfzGzt3*T-pF??}1c%MS>)2YLx|570scovw8C-pu`Wu_$ww zfx*&QbFZEE`a^K;(uM+sj$aS__2!07cXF`z*Jiz{Ua|GyPWs}yfiHrt8-(w|dRo*7 z&RghI?KzE~>{4)!ai>72mvnvQ`>&T>HmP~oY2#C;!`-)L5 zL(xg!?PfbpAMGJ}d*Q9{JFJ0q`6uDVGhUeAIpeKccj)Zy$MpPm!R>KN>#~d+Y8p27 z&^vJadnM{{;i9cclA`*vvWq8uHALCa4CQ1#o0NTYrEmCRl`dF=Tyzonbjp6XdXZ7YMdW7;-{ z`zL45Fj?Pq3ihwS_pw9g|J~nzO#TZA52pgOLfITXFCjV{f#{z%=8wsLkYBU8{Ko^h z;9vdk^QQSP-A&4Wg_t*z|K=~+;Nv&^=&^IS!~FL@>%D&Y`hgy6^R`2)%ZGqcD9xSr z{_MpEC%Og(FMM0MQxseAb9%bD<(?0Zo_P7q_IH^i&D$|)jI?^Y@Lr~Khxm)bN9Mgb z^zHD3b71oZ&_5{#mDG?SS4b|f#w%>mK?!d(U&u#aG zwxg%hO>Io|$IqBKYxbO6{SwnD86{nF<}O>lVvcUef`E}rR<2vWLB1-}A1hrd*SFqb zjeWHoW3jM}`)zmZlj)YE8J0}X-&Xq-Df?teQ@~R(}$<-Uwt#(y21J>mL1zA&aC@hy8fFTYaLF`oY(%xXZYxX zJ~ez(x-|ADW_ahl9?vcC+c(T2XydB6*4`PSfXNf@lndsmZKGfmJYTKfn2M1P# z+j@_AD9xL_FJ|cFb<*n_X1Thr9+)yk`hLPPW3#ZSIX|!_xLYYo%4Cbz{W0Lj%>&JE zGyG#W$DF@g`;32f*{P0}T`w8mD;rkgIYhXKE_%MprgP+Ep>4K)N4#cHw#NZu6Z7sC zg*hIFLm6K#7+&<^;bGdkVN1N<$(~gIcxB>=3G5{|NQXB>?isap?|!0$8G3l@fF4Tz310YH0Iu@@80fcoM5VX z#M0nt<82!nYfAAF$2I!4V;eAiQ&GkJ8NFrr{h90&?*uv>8;;)VZfH_rqubs@a0K&t zR+-GO9xg4`6WU+I%1dV9>lU>C-SOeVnBQ*L%oXwz*P5?ex_+&$30`wVw_O1H2*V~o zfzdL}r9wuiNnMSuNqPlixlLWhWAhFsi8OlZiEkc#X<|}ut3Pbb@##yv%&|&6hLfj| zVZ^MdS#QEj6jrpaGkk15%DkahrOAP1$JUuL1)xAYDSP7V{%qdbIo&;sHf~!mGO^c& zB@=J;(pfu){dBp{{hMj47#^L|He1I_i&yI$7&~BV5!=geX~3=J8@^&BN;j=fePpzC z=g|`DpVoEqu4x=q-F}_dqZMD-d-*Miu-@F47Q(N~-m5o$rtR{>K^6APznx)Steb8< zL-F+*=Pl0+=AAI^vt;JAEx)X=#Ac-FS=~6fVbhq@XEgc)uT5K~KQL2Z6^r&fTc`W( z+Nk1Vm!l4x-fF|Uow;mGDmHn7-tZbBqr1~+p_7r*(-fWHA2XjAblP=mtL~ZJ4K=kL z@Os-$<;T;$wl@qhTvt;!r{1+r&%k@~LeZNWYj-Bk9kKnE;F-tXa^c|mh;uV!mxTJd z*vOjtNd=-Fx6*T%)%CM1BRuX+@;_AlV4nUjB?lUM&UsU0J<2c3UN=3v$Kx*^zjZ6n z9j|z&-?%7y?DyYIoAXZZt8u1{;|j{YbfDRrhhQgvIkcc|T*Kk(tm6B}PhR{`_+@|A ze%jUr6<$9ZkH=_TH~Tk?oUm>|V$H8(;-8OuR_}uOyjZ$+$-d&9htnn+-1su`s9uli zsPFZUO=3=dZf2G4`{#EVBOQV)OLa37$9H*mfo@x+aA%9mjM?}LTgL;8-+n1HHmQHQ zYTmwIuAa|-71iVCn!zh?Wj(e#!K`r~J4k7`~KLA3hBnR*tYne-ZF zscpkOvw>D-$-fu-@y{BJ-gD0+t?tP5?U&&_V^+*q#i&*NFvIoqxD{qHLMO zF|qTsn`=i$tey2ujGfuy(}B*DXfp>V1zCUpWI&wvX>0R%^G zWfeMScy@00tb+66*Dt&rb3Qr!Md;ue>t$99#+42(v{UtdqRm=PF|JkWBwzsS#+-azki9zSvVyu*4$;f|Vb<0|_gJs7E?jBRer4rU3y1CtSV1PtWy=c{+lGk8kDQv3aw$GM z%o4LSUt!+mVHZB%>S^bvKmGjF_-Tg@U0!uIA8P5~&g$3w-1$7ShZm2QF0v3sh5bCF zOxkf%%xr#QJT`aD@tIbxqh>ke(D(PY6qyv`^RZ&a`JWn13T;C!T10QG9TmXb77>@;-nueb z|FuJKQ3p$&f!(E3B?}xQeY@msxNyWie$3G0A9g>w)=!}`?u)z`lNk}_EXR>|6fcs* z?VaTD?-Tut=~l~m4T;C5=q?!J+O5j}`uZbToYAAMet5QF@R6$I%ULfA6lZQ!KeyUH zzVp>b7WR=xB?E@qKby97|C?!xU*%=r*h{-$W>?6oe^S*WB(Y|N`(~Zq1|HbK*L%jW zE6+0WvmaZmx_bV3{Pyg$T@#*GRVM7s`QuRDx2BA`ZaK7v7OQj~NG=H*^)EO|X<>6b zo}AK^Na;%%<~PKvvn&`JqDuF4t2;8ucn&{Fe(lI>JQ45C?>uQw9!|qd3_R*3-4*XJ z-QIXvg`s`Q4VsQgN`q+!6O2il7skbfIwn>@YZvHLUA&i%F@k6d+t1oFq9mGLE}oy4 zc|+jA>mKy5nH^H(e z%L}700j<+iH*B^3@N&np6$XWdbW=c~=+pJ$F?x3kHfy1NNV$XVDzlmq=H2V!6-n7I z)AZ@wJwt3(C5=)fec9_>h`CPJ+EGH5DtYbGz4e8c+P3YkZ4No`fDD-N+vnv^^ zaF}Mv+)UebFTFy_UNxtXec*Sy&ZBg?&KmYrB@M$_tGX2qc(C5JleAd8e$Uv>I=}Jl zUe)IDI(FOP_%1|o6vMjEPSFe)eRbOfd)?Z-ZS1IRl?_p%lNF)%%N6^us?qGP4X+He zUDdt1^UHN6WvqJI(Zx=^ryN@!{&lTBW7gODCx#xS(bnJH>|Dznjg7`e4DCi6L-!hR z@^03Y<&RUJb|0FJ8Pv|Gxv)3FTA>%fYTxVLyYB3qbE7QJd!Flg=;!1{y3sIZZ=DBG z6D#*!?9?smwvo%zM|*BhKI6E3M4HU~>blLh_UqQ`P8fUI^alUwvK7|;r3!Q2BJ60h7IMe&v!cY0*>m z^k3_ew#Se)*R&9u=P}0jisyyS1}SHv%mtY4nOXAV)+6+7{kt072oC!0>-t;I%6A)d zJ>g|zjcw=7n|{Gjm)5Diqy4Fq3(d2R^7q}l;=*5TV=|;lYI|(z@HZU~-*YUVs?%j| zyB{C)*!=~&l>cL7ZHU1V-4n-)u_NbmV_q)5UYOlWG;3ssE``T%qcNq+DE;o5r z51s2)UAw(3&%HP(qU*f}i&ma`tmr>{UC*0OP8zV%XFCL>*uO119_%Y!AT@mWs{Y-o zw~iad+Y>GO+CSB|v3_ib3*fJ-hf zFIt+7D;y}8aWe9L=z6L3DZJ}Y0hdu(Qy7p)3x7E;Zjyg$kI16~Q_if{>9#!5DakL= zXp_BfPjhkiX;TK)jeoKHxOqF9E}^!%hfXJs-y+Z*TjHQs5hZAU%AP&<=CRPckUo1a zp6%_&*`)tnnx>ynJx4W;XtG#EXpoLX+WYeWC=TQ6Sd9-~4YPwh|^txa*F}g9obg--_r@z^(2v_KA zw;8o?=~vb(C#{NEQ*qN?-#l;rmv*6{iFpEyTc=q1W+8TXa{9@Jb=3)+`ta#9Iu+P1 zx^>pOGR@`H=utPNj)&*-Gfj36`Ve-zc*HMbX3kxoo^Jo+rI&W2biQWwk-gY8xJOnP zcIUnQ*S&E(ic>>toPRIkgL&09k#0?wHDj^F4id$b2}x1kGZ#I>DzNK2&x@{yua4nAeqWuME4Z+XXw= zN9a=ETtTbKm_cKuEZoT29A3b3t*#8i#)O;qzHlvlYl@F_mNEa@6ItokneS2u+9*cS zZMR^NURN;R-?7AdPmk`NpeV8XUCio%51Mi;Jpbl%#r!kW#LoT zbr$y*y$`u0=~%y&#%&a0$7UURvi#;n{wPI6V4!W~z0>mi$yZm~#@W4ezOj3G(yb#8 z7dfV_AKGt;XSY>hR}~-ld+3vP<)vG6sAYfK@kB^ypXKLF^s&qudQQ)Hof}Nrm>oj; zGDXyjR7S;t`>_W?jhs59zcxMKReZan(NA-Z@i0f4qV8;}h;w22=wyEWl14lJkOzHp zc22w+A3nUU%ZCLQeyV-NyjeKC)KA`H*ZTHLe70@ZzfzR2@b$vGzs{*%_B?BF^{#XM zqbzFut7*DR>lp6ss?QxCQymi6XXU!M@aki6*^f#c3}*guJ|h3TPDfGwE6;bo_3YPv z>W>zROV@mpzN!29kDK;~2JtU+K4sNtz%g1mNq2VENiFIK0Z&S zYiI0Sy)i=?)#dlX^^2BV`DX6eIrK%`@k=;+6h~@J?5vDOq}>TR%2Rmk) zj(cQv_MKzHR$*N6`Hj}EIr`2gPVL@*tXKDyUz|VQadXCc+p~(h#;@EuUfOZacFUzj z7pI+|qou|0J+c&jl)NSFO z`&;(Rer{@5LEpX#_X+Z>3@QA2!o8WpeGasL_|DWIq;{UAKrdtkO~2;-SX$ZBb<=XI zmc0KaXnIo4x1F5sUYWSziUFH(c6Hb4`sUxMlj1AnTa$L z96Ngn)9*wxz7hMqLqXXiOy6eIo|ky#8wTC4r;Gov>P3_2tYIc~?9!KFYv$y_)!i8z z{p|vydzVLe?3&=C>zKUTsVHjV6TiX3*AFS;x`ZAbc;^V7U*gcNZgOwe_;nrQr%yJ% zbyaK+=eDi*$**D~>Ey0^dz9|Yy)lg*B+xe$dCdMnW@eDQxMy#Dz2r4JGYoVG3Dy@g zQ~Mo0D(;fc?wOueT|fDYg2~Yy(}GeX4`5Ti-W8O7ytC~++EOfb!c>KqRq_*ajLz(x zQ>DO|sngAA3k+xpyk4Ewa*N}!pJTDjI@1>9PBXy@>9QG(TW^Rg{A@yZ_i!&Obj0b7 z^@GEEb~Pv~=4^OAAiuIU->k0P?+W@#osxFJm?>UlY8Ao6v&!^(x4-IG)~V~+H<{PwwF_ONyXbOO zCR6uab=)e;_+C#8d);8`ZW{GvmG!`sBo>G6ARYQ)>Xgy?gGUAyowD#LI2OO&wp(8z zbGp=YL|s(3C-X)=@$R#}-9iQ3L=xV0wXUkjJXEeJoG%-}YS8V_El6Qs%W9^ActcE`4#WfMKH;F05KI{^k+^+q`fH zBk}2ysY8|uMYhGA>HpfQK3_3xTmNq@LEq=S=Og+*2eJ+{*Z=wM|Jr{(Z<7Dw-A(>K z#~Lxv=X(jk=8H|3FyX*~1OER0IF4VqaN*~lpD$gy6x?+0-o3|UGS_T7otT)IFlLR% z!0BVB?+h5S;N`2gV9yyOS$?oj=*e^6%lO(YgrxqDk@`R3p9A_oJ|`t()#FPc!Y%=( zy)VeKzBGOK%aPp1nu=aW`wWU^)t1w z2pF|kG|ZS~(8syGfpNQG3)hI|&^o4@n;L9P-&8fov}mg7ddxGB8FwI)(eCiJQ|B+# zT?{p3T;l4->*`!{V9;;gzGFv!sB_my7t{LzGr6Z{sQ;tM)msKe4_P`Ubd#444KWio zd%HDV|EH-IAr41}`P0k>h;u!dioLpedZLg-OtFVSA3Vf@DWy%*v3PUa(AIOc;AF9Z znL*7psbG_?PStUfLcIQH(Dy;9=4H=U)asaZJrz)TVQsjc(Pqy?1MG-mO+XKp^qaab ze03igRIhc&PoU}2LOr_nV$p6^7wvslX7AH|`)FM(cLfwEOCxYl?O028ysMMa|JE-|LkRufQ5=M*W6i*WBZ8C(rHF zb473FZ`ik!qFuAX$6;Syry1VyTZxx{Ia%lTiDtv&1P*>Q#o_kxODfhE)936xcqJF*^ZO4RU4na_>fmv^5~~GXY1dbuD$&7 z*WU+4#lHOE@|_1Sf2`Z~+lN1I?Ooh(=V(8l{vY1|T3R+IcE;2TE3<$3<@vi`e|-1z zojuiu`i>fM^LD+4erYGSR@mdd|H022&PIEnPZe zdHm7|v*#HZ&0SzRclP?l#S^Tpdvx2bXJY!rv=w`Vt0v7^U$Oeo;lm5oS|2!eY?H#; zq#LHU{VdjP7k&5MYy3{rzMNn4-Q79m-Cwl zDoyXrU2~UCXLy)(t&V=OG%vA1;qPzOi7!gr(=+(Mdj z_rQxgs_spg67%xhDD(JfIjfHujypDB{rakI_UUuj#V*(`YsXXLnb$DZEQcpEszl;S zEY4(rxY(@M-jBQqD)?O8nab`P^I`(_)KPu`+Pys)#T;Q6%M)*^NyF0Lw@=HeCL z-o8fk_UY2aLnhZ1n->|J-fh|VWTVb+QR63MNZ<6V-?_kXcc+z;j`;M^Jy~^s0B?DC z%@8`%v0Tuo-^sh-NP5@t(qfu*;%f^-TBd_Qe}WxTq0{4+AH;ObgFRUX@Sr%|j@Ev0 zJuwr&e`zsH47(Xq*D2w^wkPv?@NO+lg6o0@`cD~k0^PiuzY3FA+p-lS+)KEE**$to z*N-qCF10JWBHsDKqF>n!Vob-NV!59C3?{~~v=vA)ZP<>fVNdag(`e%QsaU-RN^O<>C`wH>dMX^`&|pwk{WnZY4glhB*w!55EjE%-`^4^=$E5 zJHOv_OaeEJVD>QoYRR?Vb`(DzxMt#W-Jr21Z12Z2J+7V&do^~!zVUCXkKQv8mc9CJ z@zmG-46fA`l%^`b|dt$JKdg5FP&WDbxKAnu`QFn9cZ0k zB~|E1UyRyOc2b|;fHfLVwF{e8raMw(V`VT4!)!O#=mk{R(0IY@)aA+8qj5im9b0p8Wc2N1?_cW%@FAo!Ib+8G2S7% zvu)v0gYFfME`~s4qY}LP+0(BY)F;?g%`;fDo1NsQa5ku1Qf+m8c2VAf5a|Fb##apN zsIFNA)9KFs%wO%7t#6z;{Llh(hYk-z^{)j=bDk}G{!`4wk;lt}3>$P3Zar`sapTgk zJpt3_Favka_tBf-7IWP+BhGSp&v}@;-;k*3o(E`-+cD#+XkFi+*e;J=ii`?Zxq5va zjt}N_*Avvlda)H*Ntn(W4~)U9FTOt8I1lp>(CV#Lb{-V0o3Q!Dc1KTmG*wHbxlmCA^Umr3TO3; zq4{;WIU~H|rr3i&r*swf@t|Xy8;u37&Cbk%?wlc z$!jpvcv=x}*XsS3)|fx<8Zi3Oly&{PKDL@-U`Ss)=6Iy_yP9eHQ=K}As?*0`vNI7h zI3&ENj~~yqh+~|P{~_%$=oHhgG)WM@+G^*P<<(eSOg1}wD9Va09bRt@IW&W|XNbanLCB6+X=N`~+jJbc`RSs) zT@xLLyj);1c!+N2;nnOuoDr$MU&E1~>Ne1-&t=oVAJc~?ce?%ld|~RC!LP~_s1}uKe7}wJ&{5$z2oV$zKu0Uo$DU5#yVTSxH|jRwY8?s?O2Y_U+k)! zC!CWImUb?MU$rc5LVb+QjrnyezS?Rx=7GhTvpj`&byz9;JD>c!rx%ePwQhuhcmw#8R7R{n}P_>VbTyZ@oUz4P$~ zyRhoRv!`r7=+}?+ZfN#=sr8qN4{p!p#-+~X3uji-AJ~fA{&a|G{A-o`A&@FC)7X=l7{epAxzX1#qs$1jgu532dqoVSH8H|lre$CTmbf>Qp9 z??n#}H;f!mGw4#^WQBh1kAXW_-E{1|1sClSGk-nPJ^y^_o2eE1%)X5izvxo2Z_ds? zFKmwX=@p~j{^|(-;LX7&gGRgmc~uu5|Ll4QRo$l#U38}VQr(OYj_XK?Dpqx&CVaouK#A9y^+snrmZflkaq@cvbTFl+wwD(Rn|nji14t+-*T#gQd;M0z2_b{qDt9n;K+c zg=Rm~68^YO3wguqQJ-ld3aGtC3%$;r&2HudHYVy>=u$>l|J75{uJ@6ys7EIwM(ZI zotm}WVPZ|?lu`Gm3(=<(UpV4? z{q%Nwhdu0QdQ4<$`C_D=RBC1^HO4JcJ!bxS%58{#*_pjF9pWe0RZJAbPxh)Ty^&Vx zbEBm3URvoa$Jt`bq1Hn=nU_2MXs07ujXdS#R}qUEWL2KjPh(mZWc4!XDG}z$KFt zd*-y;n{$1>?w$;bx37)vFEFhs>e)5PW=pTJuXmf=_op9z?`EB};_x?J&c81{y_dH3 zZLv**#dbl$P&}#Kk`>=98IfBw?#FtwzE$k;kEPxv{d&#Uf4Fx{LjA%qRkSIV{||fb z0oK&E^o{RSk`N$)0099*k*@SAXsFVJAVr!;Rhk&8fT#%_q>FSg^r9jt2!bUv0Tn5V zfFedv#17c79QiiKTh6)nsK6fcP=|2QU_(q^hx+|MwIB;lJ{TzscmA z&)+C8G}zZWlHRaFi9+`+F#06n?Ga^;MXFuW(TM0}g+D(CjM=)c%mcA7(25 zF$c9j8pI#_y1&9e_20ViwP5L27^wV~!LM*zJ6AzK_Xh4TPZ)%Y@|Rp6MvkK*s(fPd7o zmbRkux2ZjMdhHGU+StEO4iYPUgZg*R^WVD;Lh)_W_|M6I2SNCi;s3$2+p}6B>+jOr z73}T3GZX~nPz1q~w04GW@T2bjGptro1ob>ULs!8szcB*M-%5X##sGxIu?eGookZz( zO0-I{HF6bSKja%EzkBOfNj$;=0=&QVSpThGKGZz{Af){_8u{J)vf9XZ-drthrQZqv z3;yL!Jw1z1FC}F#{9IFrCn)=`x2*iTmj4DZ_mAgC-Qx>Fj(vmr_nipy zSj7(fJGBp3aLPM)XDA2)_YD>*-|E2MS%4UW-(vB*NAxda_y>#Nuy3*W-TeF&79gzS zw^;mc8u|(g5HIjsEPgi|eT4-$J$>VK1;I;yGogKz#kU5c`n!qcD=a`9!EX#i_0PN) zAT-`LSp06iGsOJUZ1|@Ax6PXh78+hHZvIb#|KQtq>^~3`?qA}+N*dsAKkdK&K-51> zqOe*pEZ|E4AJ6a*1q*i%5b7{6)JMSvtOle2g5!ZmkqTdXOMder{cy`a3H~QY;A>A- zVRiq%ZSUUD|3W9ftN;Is{|CbVfpCF8@gM#Rvi}|nZR#q#s&}xq|6Whu)#^E9-#~v5 zW0gt`__a>7_PZ>VXKlT6XBK@yj z`I7(j7BF4S|2lZ^;Q07>X=&+;mkS##iegc)VFvy*QLm)TXdfaG;*eA*WWbUtTZz-v$8x}nz3V?^|HC={-sNoG?dr+BzJ@T z1=GrYm;bfeCYb-ll3LCG{cHJOpLA)`xYF~}GypzF+ljzLad2^AlM^{2kpPUIwG9Bo z5D_AH9^vAWQehsvNP1>=wJ8jaTMGjs@z`UhkCh`4HEl+y;}Cd7)0s{If-pAq=(&MS z;cEqv1)U?pf@=ke%Q07OYaCk30f7v0jgAuLz*LXPJI@qxtuUm(5dOj2%z2Ui=bvPs z=3RU;`PAz~XSF545XTdC{Fng`%2-u!!Z!wjMhixpEz|QMuqu&FH(6WYrLnN}D;}YZ zfP<7DETzuVnwC9Sr1@^gIT=ZUyreUMxqcFJ$8drWp`a^5DggPkgmnH5$?UNf3*;9-gOtaeu0#}zZ)=xKGG2Tyx; zbuCI7pdOBan&1=#k`~H-1QUJD zFabq7*{rR3VshT2>+;ZQ9%@pBVIUfhNa*CP8Wbj=u@kcSA&m|C3BkIDP_tvrLo zB=4i59#{8mYDc>1wV!K{>q=faxUjCAuP4&q9+LUK4+y*NAirnxf%j~2Vxt@HGDUCz z^Hhb-iF(EwRnlClN~jT8I33QS38&kW9`|Q@Gy=#w9xNJLanc&6Q!edM4X9s6?e6E> z4{kpr!uL!EgH{t<=wxbeoqy^2>2cFEQ{|RS^E$!X{$sX5*<0LY!cu&*?O2e;&hE9^ z&J!T$;AJ+X2!HL#9EqaT)7#jIWAwJiOdb7`4ukU0>9TCo7*{pNDrQ|6R8kWy?G(OC z=47ah_05b&_u1l=%r`Z<;9kJ)uiq?soC&#}E}pW&#w&rQ(~wCg2uD8if&e-gosi77 zW4AA~HbtFT@(#_~vfOI7S>USwT#`+0-i*lYvmZluyCSp?NDy~K#<7ttbKew6DIDXB zQ0-&JBN=xeK>fl#>P-nnPXdZ)@5c}|X>$Jla}W52K0SZ>WK441twWib4LW{Drir^c zo(jASbaoenKJ{km=nSznWUi5tFK2@mW6iFZl2h|zlUhS7VW|_N(3ct_C#JBwC9n?3 z9^G9mrQt)D_ups;wW)#B%OWtZ?xMsi$)8LE6A|Yj@FfNVt*Fn1nZJb~FlaX-Vg!4Z z9na0}gZ}bM<31Ib(BhS~p1*W$c!cK)e*G$&?FLD*`hrxbP9DB*?*ZgKlV~&0!@} z(;P>-PrI|Lw_iz|lonTZ$|+SiIlDcl_J;Pw2a3WnDm&OZ%=X;sZM1IoaV2cCDn5-j zdls}FrKVCN-*qlma!-obgd*C};^uXYiz{aw{5&ck)8gj?T~xNV=1eM|iP4C?Oyv^k zy%I$VS5peSQFfRBO>&t;r!-s#!iy2wecAk{djhF10&D__#Efq1qz&Zq$%dr&8+U{m z6@W+Z`HvafV6$k3zEDZaQ<`R?*TlIxeaPE#yCBK8X9esUSr| zmt}9MLrOlbQ>E)CsxO|@2W6F+2H25H1u|<|j>yxzhvMo9Iha;Qw=6RGNPC7*ywWZg zsA$kDxDH1iDOvNyykbJ!L*;Sw!3f#sL0KE6Bpu$hZ)M&vYBkr>Q@`KA^43?tl#zTD z-9o7rFTDk~qh?LIlj2EL(eHzj`2=QgiNvB*TF1^T3;T$|^;G&(DjUyRy=F{$W1N)5 zeT?&R7x8*yg2uJ`ocou%Nt{hdTP$X{iCy}_ly0%itm5sR}PoJ|1SZTe*FMH z!EfN9KpKsJH3I&2p6}Nh0dOeJ@aHkyRhj%h^7rTT|2Ofo z|6p7{uK!9(N?LYwX?GW@d7{) zfsBj{JRX1V+0x55?^nCIs{k}B{*(TGljaM)fW#Mkfz>gs*8j-<_j9C2VzPccN4m2! z%;HMS&^$HE8h2Kd&0~MRTPDjcBr1dN#%6wugqVatxIvr&1R{Y6v5AV#-f>X>a9XSc zKMuQwBeoT2tWT}0%9$8?Wv|g zr!#qbTDwwX#S$SLh(0FI;Z!k9vcvVkVScu_8;6TJ#_~WYp_>I`4;~&lgXJNx(q4TU z<;^EOxpxtb+pr^l!4xeYeW2eZ5{17epS(@l{&g^3oRGHWT_E?8HXkhSgvFhUzi7^M#?~C%`ovnE zsh7*1HRkR3)s5l)f)nNJlU4>+x^g5lV&$*^=o< zUd=K(Y8HpQBXCBDyg*0cGFfF1D>u|Yf)KYJ4aJM;1d=WD^YJNs_z^k^juVBzg~>jE zEK!i=2@|8bl_T&eq|N})V-f z5HnKE5Ycg%!*ih$rDH{Rymp6S9msk}eS5bD8N>u>I*OoLUkTx>ym1)MHTAZxJe-eS z58;K&(jgqhrZhNQLJnTf;X{>&a1e1150$OEBIl3Ub^Q6+lZYP$UHF0d{~!5x-_*fB zxcI&KUsd(D_5W7!UzOBUf7XBd14;h(fBL)q2L;~!${YfLK%r0=3g z$;r#huV23&j6NwSD1eAF;7&kUSs7ehR6$4xH8pj0bqx&-O-)TLEiG+r?Ts5Z>ged` z>gsOVv}yC^&ERUKr>Cc{uMZ;E7#bRa3zo65@s=%HOiWBnO-;?r%*@TrEi5dyZry5W zX=!C;1uj_D*4Ep$ZL_hlv9+}YS1Wsa`|aDeJ2*HvIyyQzIXOE!ySTXQ*s;Ua)ph62 zognIsySuxGhli)9rF7Z(>FAD@trkeHa5l$4a5oD43_hYuf4O-)TpOG{5r2ba{$%*?E;tnBRUBS((p zAacU0tDv*9v#YDCySuxmr>D2K_wwb-eSLlX z{rv+216QtG0b_}v%`iAPc>Vfy5Lak;cz9%FWOQ`&#*G^{Z{8dm8@qMu78rq?n3$NH zoVC;?mO6t5>gHzkdDZ&6~Gx-@beIZh3k6{rmSH zK79E2@#813;@L01eE$3y^k@89Hw*$6Jp@n)VD~3>)c<~0#t+Q@e@~$P;YsK_^FMez z=-=#r6|g+)PygQ!OZvwN{yzUh02=7o8*&3V{7nm1tA9cbf7G7%@gDr7`2SJ@KcN3$ zBK?;m5I@@A@94kUAMO8t;y?YUl>f8)zv#aTL~M2c5B`CxV0v=)o7c;W3$OP_#=Lm` zYVP5)+mjEDm7W5Z%ht9&AK#GvtGBP-cyR9Wbk)V_!TWEkt}irCeSG-pvx%Act4}MR zXFXYip(_&`>asUHzEk$gtE-pmHeYGov(zcSUY6v%h4*2*MRm5v=l9RTz4hMJ2~9B! z=MQtWhlyNi${J1D*b$+2bTb<4#(yxLUuUk>v8>j8qW$~6|F`&2*SUq#`nn;$n%IZG z)_pn_kmS{M%;YmSjtjNV0E6Q6VT(^q^Ms+e*f~(}bW=7Q4}nh~e~?y&I~)$@BESd) zpIkU-8nYpNaVJMW^Q(vUcoYuJ%y6AX3iYpT5}Q`^ zP{{h%!7QLFl1E6#WHzBo-%{N>MT?X*BvK_P$34-mCUH3`54(_)kLqlf%M4D)9+&Bo z7G)>)^EQrxIOECH>vb0nUxlIZaSlMs7FrT#B9FKwX{(R=h6}cIj0}TJ$LF%6aOX1n z<64n}j$1zf;tdxKG;3W4A$l5Uhdxyny}FBC6&Oe;`n z`_UmIm)+>jP6V7U0>TEV4YyX~hKS1ffQu(2?Y%UgeAH7CPA^7ku=QlAk8%R+?yDh?b)&g#hJHB{5M; zMl#+I<1lC%oNL0z2*$IB-v(P-r{04^a<@V7YXXMJLH@OfoBVU8^F?sJ1}YRSkxFCV zgCQ~>7zwP)#NrEb+Sptj@Y^k1hO{bfBTA5|iXsGX-M2QO_ zeRI|(W$r2zk!VEkKSZfV*zH)t(=qau41bJ>8}1l=H@6ar&Htcs7JPn(yNFmfLvI!) zf1(i@J(HykHMUB}oh*?{CCTAA7&-k=ntgRaNbUvWm44uI7PAv65UQw;=C!5JtXegR zm!ZO53-n7HKX-VZ*SR}$SrE_2iiakcPM!kvU0A0ul@asTLPjg|<6$jt@p{m6FY1ps zi@D$e@bGL(KprB%&>Yfpv>2s`j*@Srow>f`t7F&}x?$V}DqhQYJ?a~n zONNN9Cs(5chn@GL*C{f+o-84fo!|w#v+sDHemnphf{GVsl15E4+@!8cod63*6=K#Kw!P4m zdHzuAk&rjyRMiVTq~J|wJ+%01CumP730U!Fw#{yEz3ohHsJp)I7-cWy)Z;`TYnkeU zIC-E|wW~p@c$ofL?%9>D0WXnSX2=1Ph39bzq9Ab?(Wnm}G=B8YAj7YEues=QEu#&ktb09)eD z02DGU$d+YwPd+DR@S%Lv7|-MzXyyfWI1_@V7{Ewv@fie+xw`mHHcbY=$GWoX<`de= zXK!dp(-7<)PuE)q#mX@t|6zdQ~dt2BG)v+aTMM8YFp5{$Jk&ViyEt5hY zcR?7oP+S}{c@YD-mBd!3TCnoc$qfoK8O`L;tA!-o;D#XK1!r~~C3!vYcdv9(Pe9I# zLe?<_(6*#fgDwSE;fRU});t|5$?|Jl1My%wVk_M^dhkfp@Hk9`^a4LjeBA_bQ zBI>s2-L}r4`-zox56v;${vj^`i87fPp814@`*K@I0ATw9zmk?lr}~3(i1iz^rZlT4y5IwgH*>=uKp?*Vxfk> z2aW(sg8)RLOyq--(I_c|bgiG@V>fQDN=3x$(XpZGye?jn&wk;-E9?JkDE*4wm|TLK%odID3h!+^(AyynG0zgsc9p-i}X*eO@F zcuP>w+^2yNXlcP2nS`Zt^cKZuZwH2S>_s6r%^>)5XN0#tRMuJK24Kny=IeW^T(QHP z0*-7@4X4*I^a1& =#*6XBe@Hcp?HRaExLwX77Ya5&JaNNdY!uKp~0_d1{aI{X6y z+9Eg)W7$Y6>J2Tu1@&`Fd{=B`nv}JTNE?rizIH0@R_ZdWlg)T|LiK8wM1t>L%q=+! zx*q`F(Nc>9$PMwzP{;>e-|OTQudF>J$a&{d;6c6{zOufaSu%uHskz9_$U}w3-J?M%UK32beRw%f4;Mx+dk!RNc0G+tmVRwNHw60TJxXgBC4KEC8?j7?coDV1@ zKmhe4+fQ_^Z}psTMHKhQ@v8DyuM>iVY}>wDT8IINx^{Nh2wf#A$-i%UU@#6NoYRFHz}0omJ3aN-=mF^a(e817pX-MbZ@42(=G#E z3xHA&bjepqmpHUoP8@W~Cvtj+rb7z({tp_Uh{!H->!A%b&HRf*JJyUpw1SzaK zUNZB>hG`F+lU^IM!?3(^yXs?LGOf$zm=E2#Z`=!;@u92tc}acvJ`=CyX9gXzD;9SP zCJs5gTIS6UmC@!X7vuWmg}q~oUe{iI$HvV-nhzMXEx7(rDbd&Y-F4rMZ!Dh4$};Dl zP1?+8x&b8-&`TYx7S8!o_2;H&H>EZYpF%hHx&!M0*65?R(@U>ZUc19uW(`G?u^>PvL5_uT?spSYkfx2;3s*1*joh5Z?olI| zoMt>6j57ENo&D4}-Wx`d=A*OXon&YvL((==R8Ss&sDm3o9H;X(Znzv404#*?2EcNhFa&!bTaXUO{-u;B;;bw=!XWQU-;&!G$wIqrq)`j8EK_VS8*SaT-1 zvwI*nxng1dz=r)&(VGDq02zV=APht_B3^8rjnw8i_6%L6@*OAHj~K*8!gT!Ew4g94 zHrsWTHNp@w(r`bQVOeMh_mNA|5+#fRHl5Pw$PMe7FY}eQ%T^D{!q-AJcRgWhKC{;f zFhCfK61kE+d_E2zxi%(P;TEq=TNdmw^QqXWY3e1kynug>mq0M1^Y!PRt{A1Jp0KBH zb2mDABumDkAarR4FtNIrA|rkOcwcdzO+;JLS+`zev4E&5*sYm9Beg@}q?4)%0Q+u< z;ui8PeZS$2^0Io4?f!@}rBLezyg{W42D&cP#V;$+_reL+!3M|M12QhWw^G`HrLGru zw_=m>m#+HPC5PH>mySIgmgZpYdd{ireb*${?j50LRUOA!=w9q6sB(YegPXKXB@fTB z-F&H#hkP7-pTedT(35I-U>7Eo)4jCo_6tq_i3Ld0?mWAja*YhFn^wB?izTP+XT>)0 z4zG)g%4;<6<(IHg6aHYt!_oL{Mvum1$%?1B4_fU(-LyzKO7;w|O6#lCYH}gl zNUinWGHz4(i775X3>e|{P!Ozi2=6RF(j@c<;^xYGTpAHh81F_;+|pKj9OMD9ECc3Y zop5VQ$aKZ-tUV1A)$(DIOYtRX+S-uHP>NG$cGMetWV91!J3DDmi7yNf9kkU{G75&dl*+2Xc0c^9(ER19u4Ee4m{ zNPwk^jqLCM1dNwM;9wrjmp=%Ahl+B;l=Q6O?m<~)JoF~zmD>Oo28I^#Fg&msI5D~B zm(A$lqxb8WW6M~l%78%_?DU0Y;pZAz9PQ>>syJ;={G zeoid|$5TH{zwGvfNadHO+vagp4%ER)&=SYA1pK({9h&aw>g|W~<(1FK$cw1P@97CZ zc?$X79d^uEU#>e{SbEJgACcZ`8`PgDBonfyw7B(dpxvJJTH9oaLy{Us@*6vC({#^y z5Y*NAjU|o*wAgOzG3RKPQ`=x%Y7b(#y=(;>qq0Ri5c^ttJ2v{TG*?ZYLTXR`*zg#J(u_{C!>bNdsTtYN3$^`1Ks zeM4_fEa|belQpx-M`bp7G07uU!n3`c1{oX4MfhpC-RBx0#kuEtw7}oYX6u#%Nl2yi zswW48?;ITsf|`!I8~>tG-?2X7#i&hKh)e6sF$ZMG9 z3gnub-_{ikNXDPdyHP8GOxzGle{mR|!lF}e^GRMgBVSnG9yPx8P=!z@b>zI|#=#Sh zG3>&ywyuhXW2XcSF31OSD#TqXFmxhM$EI(x-+~xnrM0jNKd5*=_;Rm!MfZ4jI(Fl= z4;(Mk8`j=^%jzq8%V~A`QES)OGtujPXE(36dM`(nv&oY|L>S)aYu9E!TMb*(v1M{PFeO*}D}doJANsbHYH^pi zM>~pOYrp90N>9F;@$9nO+ly7l?%PU;%O!QBEx`{_eTYv*SIAgQDT43j_PY+x2A}j$uR1s1*>m~@e{j!<8$IrI zZvD)<-DQ$xwGneBkGlfXTAuSS-gT)9?~pLAt-9x^-H~#hH{w_Z_b)0+=Ueud=p8N0 zj!2$+a81vTvP-!}$jQa=j!POhV;7WOm(P~eAg1eI7BGdE9e207S|i_Ml3$2Bf3LV? z_w?NZn?x=JVnvL(s$TBRn_b$ZLmYpcq3k%-vRFPaugRO|u+htL+qop$)DBLiTOFZ8 zJ_4dLVc~E&al`AWdGOl0Fig6%v_Z7ygyAlcq|-}JB#!mp&PknHV`kigx3(txPbTUr z5fXQ`7ChV)>A%hgVCytO>(zAZyd88tlw!xR0@OUDkBBGQwG;<+!*62~Ea&UIcZtOh zRB3t~9BVX^584tU5}#ly=;fCn5l^XU%sT#Iv7TB6E$)@xehTY+yLayieL6g??u?W+ zRoFo!$?KVQH%bN?x6M@4*zSHeXYD9Zr(2WUN5aR$?@OM4^nM7*^+<dTn%t!)~QIj5SI_K75pQCc~x8=)mXYD(_Q3EH$oNNdWDg7;;%M-E-744 zc>8Px;E!KZ@^F8L?xXQDpIos-6Z7{aZ#LgQb@0NmnT3kbiz~q83m@JdI@}ox^@q*X ze9W1C8*-kq{Q2d_d(+{|n{u&4#mq}9lYd_k{>OfP)&5(BP5Uis++P^MckDk!FuCjZ z`QKnhxY|$rm%kwKKTrB)|4#t8fiu5GT)`ABAJ6Lm;HjhpW{!c0TAx>z2UhOwFII%S zD54L_OMmWY122HtW?&m%`~r|Ket}gUWO%Y-zsy#dw_rK-567}q6GV$^0TZBGnt5d~ z)RgiT9=$%KEqxni-K-mG%|I0y%qB$DHXGVKH^%V8D8lt{o#(fTWCc0mAjUUr1(9uC zY4*g4mk}Lqqe;Djoc`wKJ4s3yHUKIRi?DZRQ{=EtObfU2JQc!=fD4o z#Q!|)7yXX_!1|vn0I2hze{^MKcIr0k)v)=2sA%wTP3zh7Romsu7;S}GY_Bh=+|L)v z&dj+!Fmx$l*Ue@|&XI;o=LfFtL3(<)XL;JT71Ja36+dC!XphsMAE^fqSB%#0{zq@V z%p-rxFkfvG#DDuz|JkRIGvH~vpFCLq`G#frOC5!~VExa0Z3k3;CHH_S?%43WY>by8 zie1j$+(fgIMcqTvT1cNf{-)5_iF2myylRrmi>zobngEHPc8J|{e@KD{X9PM*8_y=_ z;6OVPxH&OTPagD6b4PF>czH3E2yR%WX%2iVEdP{bVNppMqnsCoL7}+#a1ERoUVKUM zLAps#Lt`Tw{%m<=JMRVDB`MBJTsL_6xdpNP9Q;?V<#TeJzc?;^i;Jt{Jc>_j5{KEp z=fpmK*SS12L4J)A5QB(Vly?|r=+O)yL|je;h1prD2bZ4^)mYdmgytmy0D{SPjZ<>;l@#AoKDOm<>5(I$ImQ8vx zXMwNJC9h(KbkUQ0uT>Id)Ft9@j{|NkN<>3A257Xm7SJ?I2_sS!@4DkT7D{0ak;{VK zNFqhgxUfJo7LJMz%2&Nn7YBh0B)z4X33@4V?LaJBv(l#paOn~Hw*hY5#H}V6=dI~z ze)#$G4*-8o+r|5E9%<1lB=+SS>o{PnH*VGohVRA$iLVEW5$yyrRzlm-&4%v?73eEb z(QKPB;A(Emwnn*l<|w8IoaS@GGT)bRtGNfQt(1k|>~m+HjFSwPP4}pUPiER~t1Y`+ zXQmk|pX7(-jDr(=_&DFu7jeCWNMRSt#V$BHxi^ z*5ILAiWQa62orPvR zdn1jGeQDH&W)phR3W-~b1JoguVeuIPoWh(DcX+Y9f<_P*G=LnK+j}&jN1Y5rpE?-x zkd0>E{`k-u9P>q9QKmKkp@~Gj%w!v`cp#B;FzU(ayx}On#v#jS^x(aV(GPEAu*h>o z<{2^b`|mbH+@sgLjgUu>toq(R&EPyY+jVTi%BPxF7ds$lpNm|=9O%9bl;(g_=vxCttFc%fzFr`g zQ?LCvYK=I*AvP*-ADU8u-+s0Ol0U**eT2412@}Yn_Qq z_+$n((y#>fah<^=aqp4yJRXS7iF4@B3uzL=JKz!mfYC0?Fvq7mpI_-Sys^l6*j~q5 z+MvMjm3vm~WpmnRv3Ev8N}lwlxT??D{axzX)&-E|7$GBc2b5bW#28++D8cF*4dO0X z4)IvQKDKZmhrrwS+v4%_7~2g&MMT40iklw~0QO3dD*1hs%0F`J1?f z+!V%?tKSzdQ1}nND9bP_Msf4^C2T^!rt%KXKZ?VFLHF$JIXRDoR0p#y#soTnvg`eI z-w_d~ZAmbew33djZYG9GOMiV&abC-Gr{8Ef=brKflLES>EU9$SwnpZSX{u5#gHNaF zi7-10*i3R$2_`_;V{2&G=&|&c#(VF8M!WmotcVK_Wc3d3yY--I3?=%b$x{DV$o}_y z`KJB%n{pn1WyIgH{}h!qetZ7!SNreh{_n2{{0C_Nx&Qlu{{@pt~C#+dPz|n&%=1 z=Zc=cPH#1k0eIFaaBQOAf&ZhN=uZ&1Pd#J(V*klpTXsqQn{5D%)yR$o+EBdIrhqse2l|N{YWn@HoMKC`bTZ!cXbSeiL zAw%HT=9fOrXH{dxfiFolb#Xh|-OY}6^Yn7|2?!vTRE|_ok0IIVA(2?bZX)^V?!?N?+EK$Rao5Hz?zFHIw+TT=HV?W{2gORw6R&3(r7p>; zP4q9C=j|`N&XjqKzGBFtuKw8#ryo2(RD6w=}9wmC=@}}zOUX%s87rotQPJZIqH4&RhQ35GurmX z#psp$Z$9p0wB_OX)o4`=#fsqDRNWV6j*LHO2}}&^v3SPKkA|E)81qCcw6ue9Ge^B- z>w=7}>w)u43+=@S?7`utqnb2pBW`@cJz9gjjd?i8GB{SD>Hu6kYe`RldvHnTTgi0~qPXEtmv5vJ>Af>28Zn zurYlyf^uS*D-1vaoizCAE_MaK$2gHlBH$om{pjwiI|5a86o`t<)T1~Hxb#AvvKPvB z#@uublYuE#*#SuFpL<=`JIHv_87s09NM&~uyN{SD3%Z;4n_1;8g@gH()>=kgW zQ*;+ZU?~z*U&Uc5eit1I6Lu@qV;+HgJ$zf{gD#yNx$+A?L+j{S9~qimfFKP9xcGVl z92Qh>T2<+j%XN^cNQZbX+t^CXL9tw~czwUlt}UA?DRc%R$pCfIDk;a42I!OHt4f^& zcb(2HyggG}2A!v^RH1FPW#N78KI;W!gmNlRoULYvW(!=NiG}m>xgFLgO25AD%TF1Y zM^p$ZJ|P@6COtoW>@%Az0Ci@kHSwUzpW3D(pJW<89{I2d20M&U?HzI;%T|z?@Lr(Wid#;1C3+?LZh4*M5-!?B| z&(t;R81BZ1Oc#}xRyIAE0ibt;0C7Zz!>)qS6oK$-Vis=Ur@h;ypHnt#uwtO-Yi4dI zPsr>TIKfL`>}y22QK5-3b+uEq-u7-Xw-n6%8O&dvU^{C)Li`$=Hy@@vzRmHe_|Y`4 zv7(%K=%K3S6~g`Cd9wuRPksRA0Q4-h!pFAoG7Q*6qOJixh&DD)BQvQqr>7QYnz2%c zUk#ml!e=vbYzr=`9bu8x1sE!1Ng*~h(g&aVDhfTd!{)tThHxlHorJM1h`7PA&co!` z)N3c?I}4T1pPl9OTBhwodpXcP3uNn`)UIqU^D@C1nrEY?cn@zYMtbuDqqdv29rLr* zml(^BLwFLh%y2%^C&@9Wx<<)6ps$9~b_62;h?_UY<99`}N3wzym~9Wj3YwS+@|Ubz(u;CNCvU zA2pB5wzo7kCAS-Gh;te!IWa@bY8;OB#6CprhU?q=^yJ?!%Xu^#2k zO)(q2<3y(5$$U$7=oA?;K*+T5lLZU2NV6c~6taO-3V^MB6<4z$3X>(#(lILlJ8HoP zF-OR|_KX@IGav?GK`hOwDm>hu*th7)0*K04K(xviVVG%C7~aQAydaKiCEGyc-KvFK z9&^P9T_uJqRsHh1Mk#_&W}e`cn7ZU+^)B&dslDED9-||wR%IFq@R15^ZI7ORp}l!y zb5(m}A345#$i0eOzckTro)wg{_Trfelp9meSP;ToYOcT`0^m-$B%+AhNz-5at@jt+ z6!~0@4MAhJAwP5|;nU-upNv-DWrO}a8X_<%|ZKIQQRz#&6rLqj5sp(Ms{phJ%Nie{+9cf4wXb`BL3#9j z@e;(0T1}sMZtkmMF-;wa-}8bGmK>@P{>_(vnou^+8+CTG+JN$~vmW zn_O0T!UwsNwkOn^_tA0HnUS=VSZU=7Dv-ztUANW6HEZ8Kp!>0qI%+;InG{^%JH zeEU@OP(F?A^*K0h>m%`gO@aot>h^4q!C@6lc3Dj28O4K^r|lF4H&tqjsmv(2wJy0o zJ6lw(yG(_(U9~==18vm~q$T3-&@$&vR$x)SmMVreQwg@^s0&QJ=Q-VnIvm=&9vk~>DYQh+BX zFL0RN-Qyel{-v{^G+&a;bso#vtNRRb7`8Hn%Sw!Q7e#ZQq2Bmtvn&@e(n9#8vHkrO z)7IDpU02~9usMX{@=S0zcaOt~c}rVro>%YU9n!`tdnq4|*nI95+e{ud;(WwpXFMk0 z-a`#bZ=64J@TF;qjPx!u$a}cqQz7@Qp%2K#1kDrWNHox&5UJSktOi5m?RaB)Dr5D5ABWt(<-DuAi(c?7U&CS9ck^v%d zZdFIoSMN(ipSI_XIFLm$c7Xs3Ga`4lwTO^OECr!aV8TICiw`tN**i?C$1=uZi(%8k9j$Q zt#~Z=QJ+NBv(457&75vg#RIj%)Y+=`+fQ0UH>dz{D-Ffw|@N2{!c~Yclkf7`#+^s zNYJ17Z{HH?f9cxq_J3gVPf1Bbfi4b&0M$1%xPEo`-~oDFrBzpY;QXM~&C?~19?Z>+ zGqJksFz@@3d6qmL8MD|ZAS44Z zs6{~QR~!n&ILQ!p*Bt6_x0GcI`r!0jXgeTPU|b4oRhg;&2Jj&?nTKd8RNz~Zy&rkh?F1DLC-HikG_$+Vps4BeCdE171sIPc zc4a|Sl@8U&s8HN4TB5M04xSQyG7ZwapKzN`6IW*e9AfI>rm6Q4c{CWDQaQbXKK+Sj zSUpJ;$#vjOPWCoAl%}GdlQ)q{+l@+j*GWf;keRSh(`FJ{Kr{C0mfJ#n?xFhlD%7Tx zbpSnqQ^@URB8vMFIk^+B*ooNssl@|5sB?y9#jV5dzUH+liD}AGWdd-99^gWq!N0q| z+lX6H5GT6<4M^%7;I)UJu-4iJ$1wYa!uniT1$jG>rmRGoh-NVxp92LM{#BD1^U zxE(KRI#Eiv^-U}`@kPIP%%45*?mpY>4&KB=ZM8Bno3UzzTZ`jE#WEC<^xnIO<{^h2 zj}==gdNEkZ8hYD4YgHB0ZIy&pr3S#g*LvKDe=s1XsZM4joD%`0R~Q}%>hu;*WoBns za$v8d>Pu6c)Ec+su>>e-Y+xddy(J71^qPAC(t1l0kcH?zN$SksDT~|ErWF=X-;jN4 zw}sBLLT@Y-o0&~ldT%sJMt_&*oU#timxUIg*PT$L#29;XLE+>btW_3 z0t^P*&Jpb0YxD!c%bke&(*?ZQFdoNFI&4pER>A9xM7i?q5DOL^sATC#`H&+7sWCtV z8Ezs^$I+!@AoIJtD5_)(lG(#8&rIPW(&WtCfEB21(_sl88WKh8<#k&0mLk#kteHkU zI?U7qT6zL~lr20tSt;T~CSyjkkLPt3e7_J=bc-9H$L*Gt+9OU9HHB&g;?u-^n1Bm; zU^A4K4J8#Rv#Lxf-qAp7eTydx;x!~_n+@nMoh-|mxDlI65?vVAY2nqa{v@AqH>b||FHKRa7`rb|C<70=tZ!BOHhhZlF+O4CL&GjLLdPGA%r9} zD^%(hj=~Tm1 z^L}g$l-yodGE6B=*JyC6;#5;;$nrvS%TRx}zo?b^lqaOsR|0fP{FjEzI_7Q?{ktCV zd~qr7VLwXh8F~Gd0XpUeenYIGMXO|>MYB%pd|;fLL<%hUb139u;C%sOSXbdPfAg53 zn*w80$}1PmBD$~GbWE<1T6&ar*VBKqr}cCmjzZTB>R0X-S)!~e1xM*ic}<8pH)e~@ zzD-_7Q?i)B9H?dOMxx6M1qTjUb=km8{?kqcK_AVxOkOY&q7hQ%9G$E1(;g1w9mV_} z-MBO7k9*^$m0a5XG_&HJS*6?9nf`8f-FGZf+h{G{I^hDL1#3J_cg&{})ho{aHB%4O zxlf~>JDIzz#Et5sH_meNu|qEsiWqCwhmN*6UrR|Gs$k?a`FPQEg)6#)9wj%)_{6w= ze($z2=JU~k_htRQ&KXtvh!mFUw)vd#`VqzEGXKH;+3(H&qUcl_ofEr4<6?&4Zx2Tv=52quq_*x*x!yql>3dGlD40~Kp$Ob!1Ng1tVI74~qn1!^Z>0!ZzQIWHaEyiT#gqciSJ1t8-LJ?M|g5c;W zRio0ChK27qRK0hiZ`rQH`&H)5-alns#s<~QO$VkOUE*7zvRj>(LYuOv@kV2eQj_X! z-kB|OR?S;-CK@#wKbNB|DPMPY+4>o6#_yF+X`Y^cZl$*3QWb+)CuDusc;(uSZ+PT8 ztTq5&l1I6u^p?(0pT=d@+o8pfBQJgb!c>AP}_Kcwg+XAaI;al)}!b;PJ5Ma2px zG@iyDu+4wFJLZeK&x38uG4r3~3?}3kbJNN*{oLN($N7*4B{T==HBa36!Q%KK*P5qN z4x_Fvm}x6zJXF@Pb^Fky52{O!q~4U)0{;HaQCm5k>4q-kdna_U!+*m5r60Bba4P4g z+rO!W`1#-b^*=LkBv9Y{Ph^01Ch4{8_&LcQ@X;n8o`UzHwCVZv>u`$~k7kvh+E2ixPfcYEp612AKbR#Sy2CJ^7xSUQ(%J-$7@9UQ zY&LI*F)eR4ajurG>+o5AlL+}4fdxAF%!P$RXAbvUGmIV0jA7-(q!LyaFInU}b@UwF zkU8c>1)8P4J`MS!R%_S0Tb?{cK67^DZ_WBG=jZkBdznonRP@6S+dn7ar`x|7c-gb# z{ZG{X&HL8>J4x!-d`0cw5w(8`y$qCq>YDF_WL4*FJRxdP!v2waAza(Q1I{>p{0~*y zX)|-8{=)NhDQVCW=9J=9PtTd*O=7k!#qDa}s*2H9mdRF4C-%D!kEl(hJFW|wbXmo8 z*L?kv8`NB{4#}@kz<^STLY$5Qe4Vy{2GUxEzb>K&7azqN~wLb`>fQk#)%qny{CfzdWC@2&#_C zVAjDog{KszZdfzDPC32!*xYh|M%vYxQG<)ekbb`sx^KfMZ^ErTs~t8xYShea37j@r z`(W^tN!!nlgEan>m1$P3*OOLM@!Httk&6F6>N$SY{v(*YUts^@=l`PiZ)VvS|3&uq z3qPRtZzHmQa1c&I%iRT=PK4#48-kIxCF~!$7s9JG$YUfCP_RiC(ygn;MR)Y}J_xfxNiHA&wDq4aR!RpM+7EoSvdmn3XVB zIXKFVy1HCro@z-rv^rvNc9e2qhrK6`{%pa^2l$?YJ->nog)+b$*o1NSnq97SRLt8ckO)V_AKE zU%R*kH?@AAI+p0Vkxi|K`u~Jv`xnab?~?ve`;Sau{B--b1Yob7fI`$z8O&;L>TueI`^G=4r)nNMSQXY`X!_e@w3hp#@%h@Xtp+&SDV#fsS?)A*bQx}mx57Rg#jKV#apI9XHj7v7wUfVt zJ4bA=A8HuPo1=+Q3`vD%G1W%qtBjuFI0GVO5J%Ip@)#www3*BdKc(4P>lKO|2);_I zOX6hu^rma+11VBO)7UTV$(s#T7w^)u7<=G81;UYk+7Zrzcz6RHH8waeB9 zhh;69vv2qO12cmgf}Ind^V~MZT~|5kQk^Z!IKKJOYOVNySEt8T#cea@oxjs~96wmW za%%Rz`sFUUiqqnEO?ZCTM=ETXwn2{Lh!YJtJS*+fjrDS66RsFCc3zOuEm}c$4YPV; zG~YK`{_%X}6%?)VVVMNY0lW2c&&?RzrnClgVd}_0#f+k`to)&R%0vv)&(WVY?132@{5LTrtN9IkQXW7o7I`Bnz^Qw#Mrzln%tkXNT z-08)P=JRZg;`H+8+dpq!D_e#=F~?y;#7@O*!tyfJMN{u$!`;=C=obL=_1?Ip)pKQs z9oFwC82+gJg9CxNKfC^CYVpnfU$ega|Hth3@7|5tzd36Ef8Cyq!(rP0`g)*p(o}!` zDlMO`MEpnYg>d`z4`31e=V1r8JUxp!H%;H>c2wr&O`J1N143PuUT*fmOk2Ho8E#(M za8G521R6JIDg@i3AV2UAfYNh zZvVd^{|CjszW6U8mVfLEYX8=P_#aUQ>i>=B?}g{?F4%TT)CmduNA87iSA_Hb{CQ~p z?|f90|KBJC`Tw1|)3k{Ba^#sOh6%VT3z)}t8Ggn)VHWHH=QRueP=x~ z05X01V7}wU$2r(Cn;8l3p1LRVuG~!0AB1sJ;f7J6F+-F+6c?uEQ^)&-2F2!1UvA^L zI6za;PflT64yR~LX$AwMm>gVHpfp%^-HK_@f?eCT4qLvqc)0QqudHz!(^6s+6^G2J zI2qi?S)bW-Fmm9Y{kGN7TP|2m4H6-Q2RF%*gw4t9EE$d&#wA2R7P&FhRmvs+x@QYtny|tm{V}vmmywlb^V?EWnXhJ&G4Q>W-FKKxyARV zsbNz`QPw*7u6y2OyT*Nh!r1Ua%?i?nmyGx44evd;KdDR=*Jhp^F?Z6u0hvnHqr>wu za*WgG44!O~GCnU?IexZQf$~ylf@@)9QE*8tMr$@_qmGtK{U<4#!u_SiL;FjJb8t_xqk@4PA~ zH)+W<72iqK78Oc60wO)VmHVB^3(cPNat)?X*5BH17B422Mo`dH)Ks9jEu>7!7#ANg zNi(vLgUR<>TsR~{EnB5*%BYahZkwkVhHl)#EL}ThSrFcEyTB&RUoa7g3kicJcQ7f!Fe{9F8i1O8(cg%6c&nUE7-rm1}YcKx!}r+Y6%zTeRJ zyU~JmPd__;TFNtC;y5nlFQtazmBFjWO}nw-i8 z$0s*hpH%D0FVsCSeAbPMWAsz5)Fna9LGIUO^Yl4S*QPQDDdxE>4RhSQo8gw~TN&*0 z@2Mq<>_0LtE|N(%4v&j95y|~0eE&33*?-CsNQ+42P$lnsF|MbcK*K198 z@^@qLI1D<#v-$~tz3u-aAwB^(2#N*8!rTI^|B=m2Nqzf&egfxvCt<>1(dfy>QM_2D z3E7xz5|luPy%U%)YzQU9)riEJ9zMGMRq3WH@mTJK~At|P>`RIoBw#PV0&VC9E(S1@r-yWY&sDZ zP_ZZS=*c`2q&-_WJc`QU(s}k?f#Zy;_Wi=(B$Ga~>UqX=p& zgPCFjQ#lMO(~wJLagBh>Vno=^CYYFjPT7GZ1$mBO#|`H&*gSL?gop%IIFAv>f`lv!7d#1h0bxX z^BU^`CoyQeD0@?qIUGf2L`L!K$z*ew%L%t9BJ(arEH#qO4dJsq1WDJ};JX>J6^96i z#c{yPdG;jGB+s6RN(b;W3=jtY5$q!3II%F5&klQ{371agghvtKSUN8%j%FW8=fNy$ zEZsiB!H!1_W76SpI+KY&e==B+fF|;dO{LM$Z{QvdGO|dPJ=%9T5&ecZ5-?yOKORjm z6iaglT~-*EZ3{Go#{Zoam&Bp69YBXzJUD_HPPgwYRhY||LAN&|I|TB336l*?DHev- z6p|sr#3XtcjEtLWXM&Ib0z(N4KA7;ph`Z@uEQ3Zvw5x~Si4V)cj=^Fl@L)uR?Gb?^ z<4mC26NzvH2XG4&mKn;qc(m8%=5Q=EnMr3w0y$F5El>%dbod+&-ScZru zDlr%xG7y~PBVJuS;-wc0yVDVlN5VeHS-s#fNiGWo!;51J1jeLC0G9R2dx}tMR5*%5 zj{q7&r6p2X;dEMvKy@6P1V5nSMf+`MLgf!wAac>eY(Rs~p@ZkSL$RO5~cHW56?e@I}rB$9;%i3EBl z@Lcc&phvF42klJ4`0era2^~Y%k24&2QFOiz#&II4ETE_~I4lJQ3}%GenJ_wtpt>nA zKhy+;N-rFSCpD1{Q{iw9od)y(yj4eosVo`{G>E}U;L*9GVTplq!APmJBw*)Y_gzP& z-ibB=`N?Dgoe2u}bbc9!=->e?IwdXv*eMOT9ax}Uyf_*)1!20ez<3Dq1fh%Qfz8oz zVO$fUgG*c-6ZQt55el$TNAIYhc_N|^bPkWf1?*w)qTuo0+{UD`A`^h+3cJW31I%Ed z9rY1h{f2m0Tmnz<2#}r=lZk4V6Y@Ly5gi>WLm)g-3x1(ht4fFB|c zB6Ptfh_43(_yMu!oZ76mz$Av-!4qp5(e(KKtyDvBYIG1|1f3l^SY3KL9 z!0ymK`~Pu9|BWZm{oiB^7kUUm0Q}|5nKSR+y}NPa#)}s(?%cW4($dn<&~WI`A;|s+ zL|zF_eyggg+PrylMMVW>IOnuFZml9lZIasO&!4}1`I0D$y-Lzpv7!*~+46iJ{+6%F zn>TOXHfcS0@ZiiU+^biwV(Oz6CtTZ>g}r?F^3d>``mwjt(&rvOe*E#{$4{R=B`((f za3x^;qK9`P{mhf^xTN39vZXAE#yRb9oN{o=ln$Ik)ICyw*nrGa;@~wwY{&sW9-1<*%pSN6ndgsm`)22>+c{*eBkxehIZo07} z`1QR;YUtEk*Ux2RjbR_R8+2Aw|>LMO`ErD-L`#4)z0c&yZ6-W-M9b1!9%r& zkJQyS9Bn*y{6y2qQ>V|IJ@;Gl?=9yqT)cGo%GGPvZ`{099OC4D?>-EhQl5Cv|iDg(mfWhRo+ZdX!*H$zvQ3W!SZ_^r$0Cyps| z)WykeUL0ECn5NcW`9190Mrd_GcYlSW> z8+r_{`)Yg|mgwv2s_A&}J%qEJC1+swp7}r}a*@)+;!o%Cm|+2G17Gcb5!Fx5N3r$v z&Riw+5tE;_ty%G22G?5OZ{Row2urlC3$vQCl&QA-n7w8@yu$i%dgV$BNA_e#mn7PA zzoW9lhl3-V9UKQtPkFGCT{lljs}53|?-p@BRC*+-QRY+QUN3)-0j-0kjlKGyZjQ9) z2q^xxTAho$aR$3pQ7_wadPcvp^2&M2#8w@w+| zjzK|tbdKd2N9BY<3V+GmNxqZscRfjZ!Gx${d8LB&CDubp4PLT42R<79nYlQ9<)dXq zdbk;{);+P9OL&!DK2@u&a#4y@XljLjF>OosZu7yZTjb1I>sZl$)j`-9n?BxNUpQ2X zzOgcY^8~`EIpI=@n+e|d9kjwiji5cm2ix`1fXH@3IVaWtFN7 z=Om7}1MNKj?y5ZDLN$C3X9IaXth(NE3FD1rmNz@Q8>}S-+<$QjQhqv}UEiMbv7#+) z`O5$m6GymtR9fvv-M42IoGaQHo2w7eQmn|SDL2{O<;*o1diPHli>Twhh=Xh(h4ophh+12uV9 zPNZ8JPxoj@Q~Y?!c;|`;qyCq%YuQ6~jK8<#?k0w1Ib<>3?H_sum2I2;`D)l2Rz(7<8H?W~D z7rS+#6nE+5tCZl~KB=C@HO>P^l(6TiN7Z3r{2FQZE9ojVt^F-OHs~I%lQP_ziX$!1 zmOH-}YZ#g)yUKB%YhvBJ+_u&%JF9f1tbG|oV=7^cql?2`%h3hJb#oT9miP1UbW@$t zJhK{?I_Ml*%4q!^f?S!4#w1L}vTeC6U3kht=@U5_n)H#AX!rrkTAgGaA*^y0Bo_*B z0<#zA>Kv;7V(2vgO+5*x<++w<3LkwNA1XV!`P%R%c)pIGu90D=lf1U{|zWkvAMGibV;D(YkX?p{qGy}drhrQEWWrwO&siU#BcB(=& zwCKu>^}%O35OsBC`y{N= z+NyaY?!%O&YtA@w>jn&UUn&$~(0ZJ7JKQr=?yqUkl- zP^e7ZfLo!`A)C{&q(Oeq=18wxW4=^fW%dZISoWrC86Fev8DOm#{TpoG!-4twsoJJ+ zI?-^szs0GocJz-Iwn+6Ue%0n+V+L{!U&~|!56A>bsC5J@rGcJXKI`Xc74D8?Ah_rm7{c} z>smLg-1EY@%{m)XzI3;opGm~Q;p?TFxU06kgRr~}GIKVaAsIAWjBPxc`qoudGvW+D{ek}gnZEy%%ndoPdZkoEqaxFcGmBf1Jv|W^YY)Ono%4r z^plx}(FbnG1f@>2%e_cH_C|m8sn?Clp^nb$Cwaatu#jG8v#iwQ;1;s=yG>7c)%^}t zks}EZ{jV8k)9c@El+7OD0$m?hALN<}Hy_Ix>|m$Q80NLkWHCPM%Wh)HMT<|rmlWwck$)$!Gx&EL>vnTk$0Wk`$c>D$ZkJfq|!&%)!ZzqsU#?W=aK=k`!@R!GThg%kyn>WwJQA(u1{JdE2V#hQKejWZ*}gF zW2dD5fcLS_4Ve0Qy!Gd)K{gOK-p$8ZBPur44aRys`>Ofp5`P8Vh5D0cdxR;#vQE=n zMs6&J7RpA(Z2#R*#{A1*>6N48i{j|E_$wc;4BnB-822JKaORTx0rSEPtCL~}%K7}U z&*fBU=9aSdBeQL9@D@VO@W|9RwWOOCA7@TK@IZIvv00GH(hq_5b-W?>7b+bOFLtue zI(Va@R7O!Nd3Bz7?V0(Smm_q);DcC?wP;&HH9rYx3!<%khU4e%@fo8pc`)z2SA$m zdkGgWlW=U@<8|?*P~5`_lruF1)hdh~+bemm?itJQEprO6agcWzM8&-PG^vN)zfmyJprGyy{j#X5#_&YmZnsK;4jhR%|n z9~73p$q|x&95W!)#HTXjgS!m;dd}_p;Yak6K2<~0TRooy&si2Y^1%q16WSVOfp~v< z26=Jp85f`1BlP|D*_{dUHTgKlfvr6&*z*2-(|*Y@{Rd`3ZTQn}na@>hNBxc;7dn=C z1xLe~4Ky`dnoJm0g-d7}%&WwWm^f=w`PBKD%sCNxxsJAlO^~*$|A|8U{Sk8t-)9@` z@t(p}+nbg%_IP^=xtw+Mk-4#S?u^%dTZiXMg+g*{?erGPZ(*q+SN!&`SCX^J%Y2`A z#uUSJ^e`(*vt-BDZuF^>kxg|{ty?pKcMrPtn6T?|Dl-`KTe1OduX$No3g^=7Atz=m zMDnQ+P!dXs2YyF{P1#Jm#XEbq6liu zm}~c(La$2cYAncTOAA{+DSKo5S_*XSqchQ<_$ap|vkgN`hY}6252A1_+ET|JFP?oo zEgLSyRpAqp7knV*a!=Z(Gn?D@Vgt?UHRfbzh{&Xy3)1 z^ss!^kap2vSwx}Iwc>cIDi4e1HToG&_i`rLy{1=J=udpZ+t!BBtioH=57>M{6GtlC zRt1gqbJoGP7m^%T=R;-Ej&3mK)fE3!)| zGi2O<$M`DgEUuhuTFl0l7s+R-sYi{W>CbMVs@(NjC5P40ok5y~nNr0bDpiGxxKlBx z0vcVV$4ZD?2n}?6yJ57et2+-L=4k8PT4{A^*3|tnyYE>BzO9_g(0Uw1JH}YcGPgOs zb8Smjxr0(F?!(}P^T(Y?!+Jo|Gq0|b#jVdB>7N}PWu0rXYiIO>`t^HWClKyvtV$sa z%f?FA4WRoE-@XPX*Ic>+!jCCehsNU!R8{d5c0lUvA=4h?r7dx+ohra$_O}l5!(@6H@WSAsM*Vj1y7h^ZTR&ghIx!<{+4*f*ycJm|7kZA=kb!nde|8O4g%sMN2Q7hu zgV#Cj!+o65KAdGWz0h>GdI`~ECibFd$wmxO&BG&tI4Z_bqdrSstpjiZ(<&MqHU zjNAUIPSNK;|M-z~KisD*SRr-s866p?oLap#LwAjtryo&vjH6O^eg7f992^^3^K3wr z%8mt_vT6fu54>)NH%u%tnpeIn4dOnWtv+b8(di@CJ|8L4pNlg*@@dHy<9!%ScF=vj zT|@RU`ZYrea`oG(18q|)0?Ok~hFd;sa@Ulbc~nQ^-Syd-iKY9q{M;%V17mU=V0FtW z16>v$#vVAlGM;8}L(6Xe!aXgOJ9*s8YBMX3W{uetKX{|w_JE8xdRSekabf6=$7;J+ zO=i2PTJmkU=+}^ z!XDT^&q@jB#9e<{xgC;gg(~hFZQmk&}ec zjI66=51pg4Z@;0sZ|bTA1So!IP|ebHtIZZ|ucW%{ZJ3>LM#nIx)@Rw)6y{=mvwLY! zuH9S>r9(N6wqH+TmfXl+!AU7oJ*VM_AMJQCJy_xWDa zZ?TK>*r%6$dLy>gdEC}C4IL{b)p>Wy>NP^K5f5-4tvHNS?BH~xqa3!uPL;Ny`}b>r z129*PpFLI@GMao{b_ktOwm{X?5I2j*Ydp!D{Rk(81Y1#|KG(;Y+(HvP|2TC-); z>ayl!$Exd?-3WtZ$~`xq<=K;FojWa~+MG>{J#@--`fo=sO`m1y*?fRJiG8)=sFugj z+4;3|V{^<;oKM2zbV&6lNGntVjxG2z+B5Y6=c+_kpZVbO*>zbduhw46Y2>Xqc_Tmc(zP47^Dzb&4=U}^A%}B`q{^jj&lZ2N zG_;wTGWq=F?4{?I{ArGXSWPQ$VCp6`Exsb-cudJ>-#|z2M}IbXP_ItDc607=y%#5} z?L#l>PoJBYE7LZqfYh1?%xJGudsy2xPhu4{AD%Md~y^{|HW)|Hul2rwlUI}A&)LCEUjtAJ+!E5+WaS;S0?k`{5qwyK6IbUQxH%D*jUdfBYlYOiO*gULi;rZtN*TePd;M}=>T4ef zJGS8FxDo6@S<_@*sYuN(K6!n{DQ!**TkBEEecs!Pm@!W_PoMfkD*u{%D9$4}Bi9UD z=pa-5XZE3i%ZCrjc#E<3s2SBTtNp%o*g${wysXywZ_A(Pm?qA_EPNP`sbl@7zWC`_ z*cMyoWcdz%pxM0W(bIdg;6dB9LKE=8u(a8DDZ{n_#Xe`&wb-fOf^_{bf2`teAVOI- zd#?na+T%I>>YsBo&OJYCjLpq}yg4K12OYA4H2ptCrkG}X%U9I6EGXygqQ*}dHRrq@ ztTLj-@2h{UT>QGdLx%@yJ$m6g<`rYCavT1N{po7IZ05@PqN(R5Jby_iOL;)}yGv!T zp;FV9KPxW7nV!_JP&H`|KdAxX;yoUyJL0_kYN1qYz_R!&_~jA%vaQZP+s?vT_$?&2 zJ|9#iW$7vv(k2zu?40FVR+Dt+a9F#=U56J}^VL>pK!#5n_CLp6m|ce_;oh;|d|HDw zt;72)mg;}cQqTT9J?^5iLX%~iEdP*s(9)?))ossXxxcQQ651HYJyM zRN!pdaJqFDmt0ZWI;Z7u7?!ppKFD~?N3Y1SC(j+_WL~&ukonhv#j9eZI^%xf#qPziha0h*b5VksS;jFbKc=4___^W>*g>mn(?=>GT0$l zNK~+$kHt&jFfwuq3L3gDHi|1(63PkvEBg-w1>4GU8y8Q{B8{CI@-i5l0ak6kEY<)g z-A_)wNOu}(K$G&R)2B)8_HIX($(@($S0jbTs%EOm4qJk$U!h@dL4HIgKGk~u{HdGX zk$%h1%Ur@qVfQc0#0NXtMjM_ifR}9y80hIVs9e5asICu1S$oM^qMPbK6Pnj6>d{Qa z0(ZZ`iS+}km+A+;-$yQ|r>(e(H*7w(WBu7u2u_oArxfaHmf6jwcm_EwtPCtGBPpFz z*($3LHK?ve(Q&V${{8+3@mtE|2ZmCwOk_YIyHl1wpLV)1D*c?7-TuTqRF{?6L^cxKUt08 z8Fdr&6(Ok$ev8P3jtZZKRyz(~@kIJ!#GYkt%ROo{3aX-DjcgwWZTz9!RkpFg{wFR{NM4 za7xW=URd4E_N36KFCBh3v4R*d^wsKADS1mbwM%8tFx}C1N~glt4u{;BYWv(A`z_sS zup&vuaK0je++S&}XMDUBHR#r{_Q%7=%gPnrt+c=l@-qAF*xtwrm|}f*eOXDryBj|F zKiH_PnrylW6WtOxE_-E7w03z2C4HLb%T0qT7i?oqu5idxt2;^^Zf4P_aN1l?-q7oD zTSQs8)tyQQ+wr*uvv5?bZ z9L37K#kNl-eI!5GzTNEU2dAz1%Lx5fO}=}XwSC*!A=fu%mcflw?cr^8inbRnUz<7Q z(_5T=yv6#XGI+U)-`46-iZ^AOsi)@osLIS5dE7PFYwY@IbB0ti?>;=UsJx(T%kaq; z@bV*9tc-Y4((t);Yqqi75t>ee=fZyH8}7YsUqT%-`M}^kV}hKDWuzS2;6_<({kBv^ zovAlAoxE|Z`jyk>)Vq)cF(fv;aO%;TTcJMvKJ7kPzRK=i4DTs3S?6XO)A*8(@urve zh+$VtlHZa0>0{a_YpmNE{9)>CnexjY1Nv2M&kEagWyUR)$IB)-B(%s4QK?ZfTsAwg z{&V7i;n}gOn51w;xjXA3@#W1JZqpH-^^VemWeu-zYgg{MzrFtLj`3NMzkO=jd^^@G zX4`L5>R#!ug{F8=%nw+P#=2mye>}M~ZjMjM=#eDPV|t@M?|pOh-0Cal`e}`sep{4| zjT)1G^!E|jb%wj1)Ts|G$censuappRFN9J*eTvOx)5D(a`PL8LtbXr4(F9^EnVsO4 zJbORkFu}LkMs?zCCNF;5+)2%@kLRs9SL1(lNQtM?pk;To@lc&cXu0aiCx!Q;cOUq| zq|2;@-1L-4*v(KVNw%p%eXop*_Vf)|4qvHCUY_oa#m%N4Wh-ULMP~2lJA8HThpF#) z>=s||zmU6tIyM!?Un{6%j#j!B-MH%rVereTZw9(6s1T3!v#L{1Ptj4__P*is@>ff~ z?h9AfyK>wvpnPGG+`4@W+ekVkXYrIbg{RKx$rRLXRq-6?r#Dn-k#x@M!hL7f87J+} zR=7|uZK%|0Q2Bag3DuY}fqC^$Pw8Ql;y*B(*C@ak3*VGv2}&P7X``oycT1@ZBs0R#$8|vY zJlQr?jq)ITjU0RiJMC`eUKxg0(y8-H0vsWnOq$=yO{v;#+|gDk%?jxk`>Q@bUv8hj zIcR`Qnmo^O<%aC*Qsv%5utl7(n@&)Ig3ZP167v--gH%-;^$pT*12>o#LyF7|xK9gq z*+ib*GTp8C5=JRwTO~W)D84!<$GX~kc0<2OA5L94p1Ec7Bx<{(f?Nw(-*b(&xxrCo z;%3}SwUg!Kgso8?c~+i24VY6E%=GnDxKS7U<^D8qa@MVxr#(B;;7XA$BkA-M587Ku zqsY+TGc8SNF(~x6Vw4IG-UvxqT42+b#(hd&IfV%))}Cc0)?yUK@a`0|?oLe4^qx*J zm+p^&FKl>Gptz3lp|*Cz}_csYu_Ey7x=I-Mb8#BmHyz z)W710AIrlQTo0JB*}RqTCirj)$2%hQ&OC)Lbr`rrd5OjHgVXk3ZqSd|>g)P?=>EFL zv@hPF_kD(5Q@dWYLAEY+QX|0 zHrxnYKW!UWq9|M1&%P3%++L|DXBt z2k7&U%ioM_+K2!33#9!m$!_KUvtIr{pA|Lo0M^3nComH2i7o9`>zoWTia0x-Eq4jsT|Aqa8^G#C(LB!gv7v>+moR$|}Kk0|09auxk90I35% zfWg}_Vk6oO+?$7;N=?RX%FC?VNW+N56>WgaYq)y*AYoXIDtzC zCrsHBbah3qvalLsL@= zLo$g>6oQzssT>}Q&H+ezBE)kdkT(F#6J7xW>6tK@j1Z<+k^o_fh_KKGza=cZ(i>s2 znKhp<$x@=n+ypi|j>GGME_$IivIrl{4asKUKQTUtOzj)GFi~`^H_{+z8*v!Jh(9+PHVrfX};IPmtO}JE`wtQ$f0Vr6{0y86-8(J8G zTB0GPLk~p6zR?3Jf+_}7u(v*%QmhfOVDMsn1en=OlStr3lBg+Y=TPMWzk?{kj}ug8 zZQk~sAynF%JA(fZF0Ztt06pVHOfh0x9 zAcXi)E0NA%a$yFK3wPfuV>k$ec@{m105TMQKM}^Uz%#<^ z3*-~AaX^bAnDk^u7=y{+@e_%txFjS)NFjtJFqkxu+0YR)Gvo(*0Bp#J02&7faZwCa zE|MJp@WwC>aCR`4jii1Fu^`JJ2vbHQWLgC-3D{=LAG??Y1gar|cr=MXwVP`KQXPI4 zD{vtKW9-B#5c+6*g@O5_L6J21JV$tpnkpX+v^%BhUY#U#S5o0SFdw_^ZioG$3e8Uo zIz!lYq$EI60Qr)KrUn9k0&2g&^PvE^M6w0&C<3AabX%dCbgu=7w?bh&`D{lJaD`UD zHyUk_rU4w%L`GZ!kfea|h-Gy(K(Qdvi42nQbU!qZa>s-K=u>_x0*mG!oGtQk*1(~N z#tDL`81GPliaQo@hXFn#&JOr(WF&6BuAO`%;v>X8r<3!z@j>wTK!7icA|iJWlauSp24r5%nGw_?{OD2LQ4aaS|Yn1Ef0)M3f69 zag9I{Aej{b#M~Z*0fYejK^zAihgi47dn=R$#S&E@G^g!e!r#LjI1!8mpd1s;5SoZU z#RZAR8*x9~flf>$TY?bCw_m{B4nByo7k;vmz!l~}!0>_T_sj-?)rTZSQF(~B<93oP z*+NXR=D-ZaIK@wtCx8bL7n=eHQd3|)2rGbk71&!Bflz4DW|kcqLk6lY4EZP~Gsqdx zl%tcEgS{fec>^O*v3kIFC&hsT9-L7U2@@wo#lc{vC-4cQiH2}e6u=q=VM31!N5+AB zP#>NYm4ZAiNsb#8m%s!H$Di5v%3(W(gBJ@4ef(4oAPCcA5X@gmk^rNdIs;6$LF-Nl zkpNmASvv)e3qa$7Fv&-^?nf+vKy$|fBuhIU(0$9mN=zUKopfSw?^8koXMxDQJ! zqPRB}S{c%qhdquC2@v@DD=pbAK6KPB*^Fx_=?jZaf+3-(4x>8 z_=G5Mln>zFw-RP2go%n+64SxJph-TU(1rk?8__@!3e-nH4abHR$3h5+WilvwGWbml zZ<{Cp$|pK>a2!-|gpu2qp2P*Q2rXQRV3?8gr6cYE33m*L43N~nzwccK0|qD&g@AAj z3IOyFDu)x7B%zgL@uUO!Eb!alqtJy*_(O@VqCOq;SQwbmBp5Mc{*S1V34?V9PXt;h z$WBC0^S>jb7rIIDnGxAaaz@eR%|J6i%i^l<0(=nw2m6fb%B@ zepLQsoIfD|Ar+>OK|fu<)dVm}?L+|8ZU9U!aMYmNXvwhCxJ9x7SrH;#|6OwZezy)v0X2T@0%fU)-{32-Il)(%S|zHaAS3T^y+lx&6d8!nP=$_MM5hz`B?*`UCP=De zSLrO6DuEI>Ck`AxEcghPRH$4~?E^CIIjt2-I7B^?aPE9%63!?kwYEb~(fXPbuyMqW zMT8IyLyi?doOuU7yV5V=WyD`0?iX+Yk+O)A7>^|rfghGDAk9x*fR{)06b6DtrcPa@ z(ZWI(#T?8hgpwOCD5rR_Xu$b!Qb4|nx>$Fxv|==#4P2LmiJV1rVR*tkOH7km;wV7p9uHT<=!0;@EpQCMl=-_ zwTHS(L5eEglkZh4XFsP&x;g;J(H1x{WF=HICF^o|m>(^XN?z|;CM>AIJx1R^{*tXk z;Y&2Q|KG|-?bANucWIxb5qz)e2|XIJ%o~90F#w0w(%~R_coYkq*%g@rK2l?mHDp(C zRuahmzeDH1aYnIVnF&nc`K!&y!!A^?&K(yCyMllJooW`=r)K|vngJ(gZfeWV{3kGG zfDILbAAVfPT)>tF4nQekae-EXKnhj~!IUCUxXDAHWQgt|8yv>+cUXXbV!-^B-#h{2 z>fvBLj6V|*=Ca7f8}U5l|F`c8?^DX}Qp&%b&$;;eA}{PAo(ilRfdjt4$zi|^f_e?j z$QewtVvs5+y8j0b;!q zzdq@cjCTJYQ@+2gdxFR-<`O$^i-Mh4EU+O7>5s4hqWuLX9)~*J~WV{y{+Ij>5tdvUJ!nJryrMbWC5-B84ao7nE&5 zHYMDL(nZ8?8EtUuX#)Cg3nGK_Jc}8&&MqwN} z*h$ba>lH3on+Uf!2x6>AM8e*gmmd~(8H1WVkmj6?X+Js*V(}x+T7y#=0vCVH3SlzpE6}*(19qwb#o-$?$Oc48BMLfbfxM%7EzowcvTkq7s=_z` zOrBr11&Ipct3;;*3#$MDU~lO6lt9E1&u$6!Axn1_Nbe;jZ; zG?+1YW)w6S;9kzo<$8uwALYN6{rjcssD87 z3c^|OYA2$4omX8Y7A|@e;J;RQU~vEpOtdQcUGn1#laq+ZQ0P)S7>SA#WoH+QBj2a6 z-z7XJHd|b59WwrjazkFrK<6-jO9_9S;qjL%5aIPMJMbxU>!~pk%n>!>H z7hnNTf357sf(j}XyiWpN3;DH%=QY;J@82l8?~+`skV_`45acruUuVYs5-|x(3GfZg zFZez}n4|wd)D_YZO^C!KArb96g(&{sCE!Sab|bB#(S9t0Mgv<@{-JmeQcV6X8NuAd zWg?g_@P1i%m^ju)j5SD_^L>8u*Z3DRWbnvLvrF$Hdg;)F9-fSFMfk5^sws3ZZYa-w zje?3IIH+6FfE)R>;`!G_@9&imcr5|p4k{+`FP&s1khVB8f3e&;1#eX45vBh>oO2;k z`|pg~h<>1+Z~}t^*6_jd=P!=i6aH0UyJvgrG}q~f+DQUtiKSg4{s~O(7beObLIbOT z$zWIhFV3`F{!NM24@rzap%Knb!4xPtMUXH9!GQ%<^d)$Kz{Gj^YkVZ?3q{EnKZz2{ z4thzPggF;l`}jMhj(;}wadY)D0sr|1i49S}fo?ag3Fh5`3Wj77Bz&s`jN(Tt8>n;s zRap-hAG-BV;7P@U?Jr9#e>ijbRjd_QPZzV*j(k!)K>^I_NL~I`w$hp3E+AE9fF*9Q z3J$hPumI=*e|H4BJM5PUV4|@($@*WQ+THWNQ}mMXgHDBDwgE6M;w&5@)XgP>kAOJ%2dxW;*6q3}y(86B07-(lJ;DFcsDxDA#oqe= zX0N(f)B=-mfk#IczyKjZO<)`gz_&0W;ec@y(1jabQXCwFbc<_)7&E`7B{rK7i<;sq zX=WBcNjqu`d;%~Tyhf1}6$gq9T=4RGcoa&vgDk?_E*8#yU{r!79ngA5$z7})V2>fv ztUGw0P_k9fF7lEg7#uJm^mTK4A_AZk5&|+7&JSf=dAP|7? z$#28-H}XVdIt9e^2mo3O)_9RO!ni%ebcr|tcG@7{k)0W!kZO-$7IoMg5-~bwCt@88 zMBn8>QWRlE(u4kp5fa}wA`BY>SRP5&(wU)M30*iLmfSNVW@=(y$=n*4x}@uo*t>>u z5YZ1r0Am4sqY?j&3Xr}6OGDoR=a02xp2zqG`3lX=P);EK7cLl}o4@!(s7(I!VV2nH zrU-WcX%HY%3Fd@wAo50sc?wNGF#tQBd+vgAF zP?9|mXNeH?1bGC-eEXIzsQDoXkYEDGpJO4PyBL=^RS_5)@{Fqhw5>B?LC#47ugo(+ zMC3@Mo!~jiPP+EifUIm$w2v-fCXL1P zMKnAnLNbIE2hc%K0ZKB}3FL|VsT{JWpNrIXY5eYpCqliG1xTZb)NlbNUFU)Np%-Dl zIIvY91s&|Sg6UzqXfM7;!hLn?IB#`x`nPH9__V zg46&YXYyj14*vw0?tft$UE)6jb20geWBD8B|4=Ld{_fMtz+O;Lor0klI;-1z zkPB2=ETiW;dVKufda+yi|HLz({)YT5DU?3>{}VdXqx{`iJOsb#KkY})`0peNfc)!( z|87AsH|xWH|4;e;Jk- zW5WH?^S@cLt5-Or=5|o~~ z(;aw8H^h4Gj~FpA=(TQ00rB;~CO#>UQ-6bB*)=uOo<}JL^x4hxWLtw>RUJ6)eF$S>o-P|fV6;5y~z~)Ns;dXN&W!JuAqrS&2|6}*`82^9L z8F0PCe{d+IWvBRWNurqd#s7ao3I6{1Zzf=t*k{cDgp7V=8$H|q&p89GSNs3w{5NxR zFeT_a|Ls=_UO>C={I`FA$^YUey0!lwnHTmlzFzF#f8Y9*vL{~qTz;Sb=<~S`e<{ilvKlL1W&4a= zac2FS{`uY;E^L06dp3ISjqM*~74lBpul}^acgyAHHDBZxoqqK8z@H0$d-mb$;daG= z`c|G3qmr|WHtuV>^7y07AOmZ!NsN@7;!XQcUVZYZ|KO1}-jkze2Y-&%VeGHMH}Y%AB>JZ0n&jH=ci$(=@UlJ1us0{>p8&XK()Tr@WT2 zgYR_KoQ12lA3k^M#a{};Oh%6jiJQA<^^POI-G14wNGh*O!^;k~%Otygx^PM6r{ zS!}zuhk5>@uV9zlQpnKKgx$Q|Uw9lHE^_ZJ07)Ozn(4k(YND*Do|WSo4CmH~!Hr z`B_CT@8rxI(tfdY-_v_%xFaU`&PaUoq^f+>hJ}A#*>Ro=VG0)Fbk*EQbdWD>-)7OtbqC}v<0N$V)k19`B@QzxOsg)a5k!yS^ zs&b(Nfw6XpuQy{|;q+X_`V!VD#)egM2+ zGiGXO-6iE4CG|J7Wpr8W0f`H7Gv?D<~*d9^T)3@Bi+(cieN%E#r;%zh{kaFxX*@wKsF` zZ>`L^zBzYf@J)DMV#qDbHE;7!GlRNMk?Z6+$#)|jzNHJD;+M?tx?QTa5PF?+wYag~ z!7k{YXW+h?`{uES+9$pz?Fb&%@)NfTjPZ*492%e8&=I_89WgYl#zJg+}Xf4xIW*Y*ZMuanZ6f_4`$xKx@#iy-L+eawn6J{|w?v}@7IsH}5o@YY$o*JnbW{ak8fsrUFa*5=%wnT<_Z{^tJST~Bc8 zja{7+i^+N2F*DEZ2LAf~>6y%9kZQO_nfGXM$pI?Sv>CmD=l`hM2-yLT5U&yiHs7ze z38S-A-tv$Rs6Jc~ovmfqi1y?3;ZM=?3=wuKK*H%c7q z)4BPRtS4P8!kL`7qWOL%$+K(t;{j6Tk03;mQTg-Q7LK&RN*}6NYg8j%f9U$YwDQ#G z8TYxHol@@`7c{O##JZNgT3<*p$w=BWq*5GsBX6qQA>Cz2!E4-&^<%-AsWqf_Db$^T zmEKi2b3>#4!BDo!Zi{mK3$1IR! P74>a5H1)=ZGZHH-8rdTxk1)@)2I=aPi8pjN z!3KksVyk5-dIS9RjaJKzTxGXx`*EJd!Yvm zDw@}{)N60w3$6cE)MT}__jX)%pz`$i1MA^JAJHKh<+%;7)}9&lb?K>8T4)%toeuM} zf10fHb^Mk6u~9$UUot#UwZ-CQy)kP&v~g_!$wDDxU4cDxWonR?nf+CJ${p)Og71T}Ah{aA@68 zWQ*N>!9xxPnkZL|ax~=0v2S)ZedC=pbKZvG>D@p1{`M&y#;I2qGFbF*W*zM|=rTRv zb+$(KRG?^c7%SrjDeZpbt{uIRgRmpC}q}^oOg?~P!bK7vyD)U~p*=GnHwgat|c}}}+v`ve$<8u{n{X`Lg z_ujitar3%}M-y`BDHS8nl&c|{U1OKD;5(z!*EviT3EK5nURO+TyaHaXAHTegwR6w@ zH&?ovy)SDEjCZzf2X%JW!k$__sjjeoDpmEsJ&>f47Ns9m8^%1XhgM8DYX4$u9Uy%l>IVJy!162E;W55Dh(&AGnH>T9xa(u zCrOlB;C$jnpFWf(sh$0<=p8rad-tS-5n`%j4)@~K(=-Xo_mid5+}Lw-Uv8M9E>5fm=Tnr){Ema|`!l)k$xJ!FPpQarBQ<`6GY4--F1P$P#-U7BC?{vJ5{@=9alR`*S{S_8sQ5F; zZM*zfd5uMi-tCQE&fvZ335!IVLtFjUfa8sF?b|$d5CY4T?u!Mq$A?9Eg*=v1fdFLj)>`#=z_d-fvV>e~0) z+cPtjAFed7IV&bX4;71?Lb|2(d34j0`yWj^QZ5NdXLkj}c0E^mmeytZE~%7dJEIhYV`Z(1P~Xkwh~|5`%cZPGCP%)W`>UiQ} z#HHm|=8_qEEA8Ln%n!Ztl{6mDR1=-PmeC!)DJA{td-gfj6SSlH_jKsml#A+&$*m#l zAg>?py>!j)(C$qZ<}WsWfg4(V2qTf7T^2pKmfCwhO}-1ZxNX^#Z@IA9+Tg_~VdBQQ z>GHfU=~*Z%`!QpX^L1ob&!;1jKWDvizKx&jSvptt^X>MW z?^7RozFd?1HD8?bW5(p#*SlrE7EkB=e7oz~_h*tT%eQiVEuOpf^F!In%8xfWD?dJ5 zTUn80fFuUgodHi^AUO+%^Ay=1^tJjiiFqCUFn`?q%nUYxM?kvj$)*24WriHa`h-Ej+azL>iNo;3#wrc|0 zjl=e6VS5d+eP-Eys62mCUZ8tkP(oe^CoileFJdS!YBp~ZDnFW(AM2jKIUzrulfShk zfBR7Wj@kTOsDdO?L9%;6N1Wo~mQ`o{O9^&ku z<&>cc%SnZm?uFF}g|(c*`j*0jLxqQC3y+|R8c9XRR@{r45{gc6icYo^ogOMWGh1{H zReYXQe9^tQJ)!s#r}%P9@ztT??%CpNsFGe%Nxyr^^@NfeoRZ;|l3PP1w`WW4qV|uH z_TO{ge?MXW1J3@3E&Cr2?SC@6{~4-unpFD2z4VWS(pQ|)xt7v5L#6L#OFy8>7D#2E z+{=~{%D!;QzP6NoA1eDfTegDYf_hx22N%ATi!9`#PjbbEx#DwNNp!iCUb&1%x$M?* z`NDF=ljX|8<*IY#>gWohUWKMdh4$78-NFjJlNAQT6-ILvCg@62y-IVBO3SU4YYHoE zPFAiPuC$x0bU;@*>Qy;=RJm@gax1LzI9cU2T;;QQuF4Nx?XOoI=usWCwK}A*I_zY1 z#Bg=gT=gb&O|)K3tVhk}tu^t5HCs>CY#*-KF;}w-U7Ms=o9t1Wvb8p~ur~cYT^@OYbKMW77{OSMy z{yPAHz%c(H=YQe7_`fmq-_HO4C7k#dGK{}^+5a~GP06d#zQ2h7t-b|%RsZ*o_}^bO z?SHt#pZw1NB7v9x6#rZPva-Cqys|v~?OXTahm}w7=RbYAv;6$y=dbA>{#g0=vHsiF zjWf?*zkIs#@xjBF4_02jJoWt17t#32qeqXP-dR1|GPE&$*Sojv1EcpNA3U(VeQ9N+ z^Yd_T@4|V`WLMtcsg>)kpN5BhMn=p97am<{yRlMVKhk>U58lyh$36`V7+$)Z)qQy7 z@xen~T}~a1Q;U_^k57d3^r&3tn~l`hU#xw5<#cR2ccr!AR!4_=NA0z#;^OlS1*gg$ zohkTwCU52JS-BGhbCWqGhmV9dXRbU=PdQZB&r4ZuXEG0^zOGN7nvPE_tJqMUakV2k zc`7=pI^jb_h17IdSZTuK8!ELeKH*GEOhM=@BldFE*28U~;U{ApQ&UZ692^Ecy>k4Y z?AvfBHC6mbP}FA)jXHOi^A@TFj&2(_0-3I;6##gSLANU6Jv`uDaQN!2{4?gN@#mcT z`*$w)L|DDYp7dVmXudiR#n&3)~T;epwwv)LjwvASE)DSTg1hWx1K3! zwxdTh*Ql$8CUEPUPvB39BYGkItCKfE{p`(}vNAIg$;`dch&Z7$Y-QZlEHn#^UaP9A zGs)`0zfhf+FnX^k3l4r-yn(;9T;bv28xa@bcbG88)behyjvG3DdG~d(ek0s@O1-sd z$u%SFxk;42qazc7A#C7`9@7$&lvNoz?dB)w&LX2P^BwQ47gv?Zq!nJA_pI2hPO|kJ zql>wc5cf$@8GqzLW7VOsI*QO4tO*4>ONLWM3vf2m+;Y(rtYu>iBIu^>7Rcmg;I zIn?gq*4n#Br3A8*OueW)hagd@A{2Igs!RFMW;O#3=RZHIQ=WIr2DNNtFM$|Z=* z)FY{m@U^{-EO(P0PDQe*OTxpb*dcBjZptSoO^{u4Q0$DS^3u(+iQ$b@M;%k&m zUqti}uOb5^3G1*jZ`YJT6z!WS9)4e6`PWmshh`dv$I+WnYSuhftlOBiQ*3nGe0kVj zJ1IoiEszid-&G#%ofiTZ`UC2Uv8NfV(UV&ZHl67xlroy7C35^|3$P5`bY4FyATcQ( zs}$NiB{L6CAcjjK^3^wT(h)|i)BOl)*@+L{)<(QFYMQ`x&N#7w|6x={9C382}=Z;UfD!&k^Bc znI)tk*AjXY-L62Wz=UD<9`gaTPUwr`Cqbs-DrOr7r;`H~8p1%k29dfZT;+zeLsB^3Seg82eQ7x85D#b zzWlm;d~0KdoV_g-JDuk>_WV%O`Ii*YxOL1(l%6+~LoAw=2-ahn86bC>Q_u?9E93&&xYH6EeplVFy9zN}#V00iX& zwO3kwcbNXAW@Ma5EX5j%l_LO<78*j%T>wGw8R|1c$-T5bsN4|c9GjvWS66Gdxd-hrSrqc9BtXMD7;kt;r%n!~_CRgUnJiB!Dowqx=j3sg0Tz4U~2$OqvUCJaiL;VNBMaI z($s|sh2nCRn?<>n*}N4M9R>m;H`8`2fuQ}73{fhfS4hk1n^i3^?qk}O$a!S-d5!_L&Zpex>2WO zc*SCs%YNR@@=*xJ+6^Z@)DI|d^1k6(-?zjaA^2`JP zRC`7E989Cb)J8-|3u>Ay@VSU1+(N5Ib-g*tiF;HAXt&E}um$|D17n zOFID>%g^=j!hvU~0=P1%*Yp^V4L20D>T?8`7$vreh;kyA47!SBDxNgJg4CqOIHAtB z?oFDw%rdvdQAMmZk?k;U2|$L?fz~^sCT{DT1ep)ugcP`Aos$gN03t(c$yz@ly38W)gNX%ySQ5v%|S+aG^?&+B$( zL}xzBgy@WfoH(#t+9n#9;@Y;9-l_Md>0jz;hrir#NLm%+LG8ENGmX-oWR%*_M{4z% zh`A^xoHD;rcF(fdj(0@NOum<~gXSzN~^9j%&MbterNxy}UVD@vuj}mggag zSPiwnc8G}47f>KEbqsZCKuB+GDg=R;_ugp2!0h8f&A(oT-l(a%VPFj^?Dm|JbO-JDpCuftf*OM^ z4jPL+da=>B>G1Kh9*`u4Gb&4fB&yH=iytu%1RXFv{!9ULfeZu)pmK)*MPmkV^}P*hMp#f|W(A2b)I)3( zz>Nvt@5S^VGqf>ZBgww#v>Prw5L}@?){v(KQF;o)P+|5sCP>p_#L55=1h#wjhhZ<+ zRm>z*^&&OpVOIuMEzAXX+Z`->YPJ?!X=%`cqaxe7(om-D>1*vzAFf;fLcD8(!Or#P?c*m#^Ofi83^3 z{iaV`$N5|W3`F{U*;wptqFB^5YAgSCL&f{o#P3yG%u2pXc?JLom_1ER3}<$kSyn*e z*Us&-?o*m#d?`11w)kWir|3l3%WjN|45+7htWD8E5oOzLJ_2Vp!z+;h41l1?l0#Yu zT?%CTJi?U$-6BF}3bX5$vZXE%KAeZg`O`lWcM$wFhDYrioW1Ik*1)XH5fs;0983`h z%8{L`;z2hqJdln|5w2ug^AY$V*iw!4i2RyTrgmqt^rcUu8UfL+U8#Myyxtl z7uUe&0WB&lkPHt`K*W=gn*_nRP-U7sGnSk6GS^tjOxibDv-yF`rxPmf2}F}zd7H7A z?J;s>germ}p~ZlD@nO~!$k`YA0n?TmB8W^UGW7%}rH^A-p&P)rHtDmMg*oan-EaW0 z!qkFy&*tPGp6vym0gXVa1_-BOp}MlZ8ch69HosG&Bvc7UfSMg8oIXK#Hmd1p36aJT zzLu}VoNf;3N|1XZ1yyC{@W+)cVzKNOkWIM#4U1bxbhq#ESAORY_XFVX`-~$*Fc=FW zPPT2ECbojay?fMJ{>b?#%CBM;d;->ebZ71%=bsPU-yR#H#3p+8D-KH=MF6m&XI;ctXJS^Y_&!QlAQjkaEjrVz|P2bCsIqxauVu5o~zXPiFOcOO0@UN3|U!$ZsHV%iR zWkFt13AMh~16ep!-w>10+L&K`QCYtLVFc)+UTjibB-~67Q70W-G?o2mO8+E?35X7@ zp~AAs2pcjd63w287LWb3`U-FOLNX{*X?sJ_%A;amT6KfYCC8B%r5#WecJ#pt`r2dx za5ZMOnN;|wKi3W=h8OH$< z1}|hR84zhQBw85Psc9-h2My=t0sz4I-Ztl0Ew3>fAqX(>l9wtC78x4hHz_(IEGUEX z3;kr7~3n%__}~7b;oOgco}(dU4n_o{=gCHsBY` z2aiG_>F@{|?9FpYv?JnYh1t?>xG%NYcz1(}nUl2e7?CV-jRJNH#EzXn8JRgYIM&GA zYcB4GoW5e=-EToVU?x!xQ=LD3lnwcVftjMW9u}@tmwYlGya&-B+Q(ijH{_SSTYxz( zwNSV)D_X1Q%CR|?>4zlyYL>M;PvSLKVk{gU&J$burqw~$9aBPBawVoH=U5bQE!QTT zjDc_GH}e!iMX-7yr2ZaScDpf&fmh2!lLQu_6ux?dF7YbdN`xjxzypLA^iJ#P%)^x4 zpjFA@Yt~&%iGc)gVaMmedxVR&-?elAm`f)501xgOaqa;BqR+aFGFFWA)14w#A=NFDYNG zHMm;%=1QAbSK6)46Q_|Uy*f^x4y=B2wd3)XB7^Qr+pk_IzN#VWY!SP>W!>efgO`)M zx~A84_jp|yRqkpqfMgb5Dc|0~JlJvILPt(!$NYD4%(`m{5!YT;v`0K{XDXxqUki}_ z{qeuQNSyi`B2fQ!{Euv9VeuFGe=`dUvwy_@{sznb$GiL)|7!v)fR`(O>i_R^eo0 zvkDti(^Z(7>Y3{Oh8~f)3ZjC-Dim<54TVFYPynzBVD*3bk6ZTNF~Vy64+MbFKjVMD z?+Il!{ujC$|I5oS;1m`Wm+UVs8cACbLG_aC0nil9w9w}ZXrQE;+P&w>mEhL9_PRi55ToYnuqBRfB?fGTD^hd)DV%W zB?0IS=)ZgwXFxJ-`^Zw!1g|cC{r3IG6{NoXS$w_Qtz0BtY_A8Oa`Zv9=3}9aya)HPSbb@c3|4m=h2LN}D7UX}OP6 z^NHU1Bee5QE_u+OM?LrJQykgin&I67BD>IcQ(puAWH~W-^kS)8ZbI)1PNjbTis0rU zuS;j2TnRdEsMn_nM};Op#pK$AP6%(q4ZLLr(FqDW)O=W)LSV8`icUQ0Xpu8QOm;*< ztvg}50I!6dkKLPx#BK5lXtCG}zd2wawhw(KnrMup!txy#25t{u)Q3RcFWx7{$--rF zDr4rE*9$Hj*Y#K?I~|OpO42#!NNPwlfE+N9S)ov{1U+sOK;gkl6$ICB2x}a>VA9W* zs+f|_%hcPTL=+S1Al6Fn$IHc?;J^*C_;<-(?zG3bH^1&?12XNnFxjl&>k&+XtILpi$cI6C|bq>z!D!wKb>=8V93~H_NwMKlplssShOhe=--gU zh5++aINr^jmB9L*3hR3)7;a9BmisDe~sDZ{RZM*swg z!Ej`+c(qpz266+iZz9;!9_*h)T z&t)IZ1|GsKWbJoF=x^};@S^N-mmkbf0gN6|<`FjAJKanvwQnti2?|x`lUw#HZEff! z`?`M?V4RE>+F>fk1r+-Pne02@t_oo~6eC|gf_Lqy8L-%P5#?kOq(Txww7x7Av%qm}$w?>S|9-uJ<*(U!tPo0vy*rGM;>5L4w0 zbbV@9l#)mYgtd7PazYd!B$W#~2`G`GJrU?Mum( zZrNsjDkJaO`cEM7tpHAHVL-HymzA7+0gclXRCqK?4L^-eKG`RocF`#|jE5KubCRTq za`8L{RHm*`{KPC8Vkpx8cJsd2P6AAOYQ1rU5(GVxYVT<{km@9bz*o^=gtrWY_jphn zl?;)|VnEXdCiW~`EL&C?0dE6l^M5330sL?Ar8Y%o<~RFhOtd%D^^-T7 z%F-#21o!LyI0h&+6tX5r2zqgn8`@9`@rRdz`)%gCF_XS)6qAj!oQ{$&DfGgAY{eM) zL@TB}2RY3mn8kH**|rKwc@5*l8XqFuNO14fq7(q9@nD9_UU2Lc)ZRuBo{87Oz%U{NUUY%*O8bAYhX zW@9cjbygj#oa@XJ>{rk_vtx=+xsmS=+gdWWlO1uuq>EUB5V~NTmcSA-ayh)(36M&V zLj|w(eRM_uRy=gyAv!A27$<7odDUrdE!~u$D2|WM%Z*%mY0=^V!`P?MAV>VyZh$eI z^kxAA11?k6g0?Z{QK4Iwe;(&+iH6BZ2x|As2?M@nT;IdQd$09ND@KfV^`X@D4F$P! z2&jinB10<} zc{v94O3O5D>-pZF$B!~(VJ>@DVvJ*!7O=VmZ&w(HDcnW@K>i8v?N?aFLjO@5v=?%i z4>0NTkB%R>0eS8ZJgS)w_p|=2vzUGtCpaM~(F$mid_yJ^n#&$z8;9k#KE95hS5o1L z$E_K=opn3 zae`aV=6sor_pbQCUi9}71e_Y(lAfquwBd8GKhjAY7JPsBCgVcgadONCGEdf@A--o9 z+$?a4y~B&MNqhhnmxOh86&&&+{j8m$F~YTvS@BNFueg^VL@{7`9HuiPu?S`%hV%^W zlfe$$+IdyF=HYn;s(WJCS#k?g*tse|87+}NrC`Y9*d7#HOd{J{gzof@|0(YE}cXM?^0bxSBiMHk5fnr17FG+{lUamHf8xa%? zHhT3GaC37n;1jh(y%B@cFijW{nS_6UvK7`LsUty%@&*FWI>m3@B zvN|30Sj+2aF_A|6fmdj0cWJ=UPf)>;nRI6pe+ZCvla3NQsZeDh17XfMhNTf$3hW~Y ztCn8zJ$#nh4+6@W1d*;1otQXikh9TBhf9-ZQ zX`8y)Zd`O;p7IfPppb!1XlI~p55VLsjH;soLG0?z;O5F%$omm@%<~^oU3ZiLifdG` z4*eV`v^A%B9-6&h^>MUuFI1@b`n7W(h|SvQbNp6Nu&-`rWfcV`JAYs>K?E&px(Hx4 z1jDVZpfC9VM(^&$Mc05sdOU{n<6`jATW6r7@*)JQ0IVkEaLtq(C^h7R*+%PlOuPu& z=q!4fI#$R)PyuMR4+zJT8O90}gfSO7k_7b!f>r48uWJ>Lv4Z{XNv{=pxd*844%s$f z5pE6#v4DDvKVVIVy90jF{Sbc@&erJs7e%qDpZIf7o_smWZsiTH9<}IfHe>P z)I}Xi2e2XljA62vpdn88tF%SAKk&u{iXlU>IH(B&W;_o#15h##`r$athzG+l^2lVE zqzDo`4>2V}LwEq1549DVxTCzK?*md~Und3YcxO;b2w?dDYF-Ua1^Q&w848?SYYt3U z0OuEoiPV!wQOT2>Qdp=82>!q3)c+l>$KUS%|MOxef5$0+zvBOs&CLHY|If^lZ1oTQ z&);L?e{bJE{eNjd9Ju&T`k$5A*;P%bG5O3KQXEx+{je<6{pN|irFfq!w9KlLi; zKmFC;V*oG@oV)*ssq4^fsExaVnu}luyCr`BjdH_c-!vxWb&kd)DXo>bONZn|UhFsN z6q8Ew-Z*rFIeh$>vTnO{d!*ViPMlMZer<^jHMf&RD zYJr&57eW8^tN&~Kw=n&e@jugl=z;fW-gg|Ef4|^vac0{;%rfUTxgC zDsfvCuC4O_Uu}Q#AN-U5zsCSzUF0E;)7{o@ZeLxYkr3=8LV;sR;u{QH5wTB(yJ?ro4 z?b!QKOZj^fX)E0$VN;${atJ+iZ%IyuKBoi3fMq0Z#d=ryZHZq6c_tfpNqfv@UQXTe9d33{}!f}|Iq*cg%$s64*%r8@Bd!^|NZ>` zJq7?f`9Jw@RA@64jf>oR_ym=ZSd540-<^GZ1zzo)DGa&hqd~He3TO0+JASk|(yJz= zS?#?Qgi3SwD7I4hDYKeoM*bHM82%Jz5#&OVBvgLX-ijDT+J-~r86l40yCYK!5iZ-Zxm(UuwPq%sQ+01K@(I1#1zLHT zboYho3&{OL=4u3uEB_tI{;xbje<%O{wTgiM%BcVRqrb*~3p3Nd)c>zB|Hu0O&yDzB zbo3|xH~lB@|MwUGtml8N|0br$-3l)8hZC-#;m>>Ai7k6}L>OV^9iQuxXzz4K@H^P@ zG@diA=*DB6ZB+=Yr$BlO<1^d7P#!B+++VHvP3*_g$g@uacIeA(Y0Vsz$+cUIEgO=f zv-cJ3D%>GYPAm2Hk4q@d$=%1I?m57zh?CumDvik8N>46o$uGojJkfIQ)LH4!)bI@B zsHXTcMfE$jx3=aTsA%4~N5&)dl8JWkU7@^d1H*B%2UDZ!M9n+kf4@oLZ|DF2 zQN#1^d=~$0{+pSvR{i-4{+p4_{;~f5omT$$b^nw9M*$x2G6(o^*LzpdkFKetvHbk?Q&UsFkch8ezosPb7`~8Dk{;bW_@MOSt+UOg^Yin!Z{J>;yHQ;nx45|Y zW5m9%uXptN>38qmy}rkt>$c_|JGZ6ZI>M=X^PK{pt{BcHus4;W(GVka?M)uyUg3_idgZ{4T?oQ9O@f;I3`kX&~XnN`U z^WNz55B~U4U^d>9o@A_BSDGbg3VSh}cKqz6rE7cod(OU_eLVAYba?E>;=4)VNMB%7 z!i5X`%ft6p>cFAl;U8xWYC{694R_Vo4-Z_wUQ|;0c|7UK5wjbE0|h(NZ%sUT`SRtH ziIGp=e!ZA|@$Ah9cMtEm_w!|yl^;iFadFYVR#r}|F<(_hEUs2o`ts$$YKGHVt2u%1 z^Tx)gh|sTJzr6kQ`QyirE4R#6i!c4T|DW@xKlS^b{NDf1`Ir0uRYmHx>S!J56#U^M zL2B7b;o*_^loa%7bY1m1{`m`~b*V@km2zsyL_Ti-gS@X56r|W8qYfqdf7X&z_B*HkZX;>F*5yvSkT<{R8{d)b_m^nD19J#}NR4uyhBEjpp$j zp{|(8^T`Z>BKFaSbf{ZWz!_MIep`R-owBOc2>ERstI-)FBWq^M^Y1UaRZDggZ%pDh zgK}~)8`3I|QTokQ$&1rg=a2e_*OMm}SjKS}2i2pV3xeyCRT2T~4-+Z0sF8ED{#@1F zba#n-3D)~D$2cH_N}PInP4!!n9nH;9Tn+*osgG@3fF5*( z(dt`WTD>kvYLL8(LAE-2VK3Ye;aPpT_Kon#>1;V0Ej4Sb(bgq`&}d0=?Qp7W)- z>*iUrQjNTxpWhZ;g&~3&rmW?@P>4uq=BmmXF4AD8Adf93yFBd@>pw+i$f5{bBzWzlvoyJ%TXQ($jjObe>b|Nr zS!efEY3_=QH9rX{vlGwE1FRC~1#*}j(*n3Z7tB=f9y zj4k{cbO&jI5GDM8f+8@&!zD!~X%{H~9LGtgp8KIM#HG6Y9sR_9;_)smz*purXSs(U zh)ksAi&@)Fvm_l*g#I`y0oiGFH9zmDpfOGcRjlx9Xg!(-J(jitfqO%zB z2f$L6nW8%@y6%ZK!5VvuZiw$*oTo@ywg|6d>{O=jiXkoNy>X`HK`=+S4_R?VZVPof z7i~@(9rH>{5Nbd(U{V7pazY2LF%Zyy--(kAe1BO^n*zcV65D$v%>+VdpTQ6TDcH%O z?UI)?fe=OpN?PB>3#WCjP9-HyEs2fz!BBM>*wI17RO}Ra6mDjTn2_-+h1 zN|0No#Wsqd3N#{wK7~_gdBrkt@jw(4pUJ%!AgYqqE5A;E{^9j*^M-0I{k}0)sXN;QT@eBDaO#v^ZkLzz`N@1!7By5sl;LsRF%7`RoOWw8ch@tk98SPXuLt#FmQ^wPD7z%3SxN z04DwwxiVMEVW?75z|D1Y3h;9PD3G=DtTYi=0qrEfej2)?B58ThINlK%Lch_w39w5q zkmq#j78amM(m1(dREDR!Qvirw-VgNY9rU%N)ErOn<2jQ{j0m0`A%VEwI%B^ zQ+*K_88?5thCZmFSYI@D;B(vINjM^akbef}<~TGDl{cm`o?v-^J{6SA>IadBIHBa> zK!-43KrCqqWmv>?PpYr+aGWtVA8L&^58dF=78Do}3QCty5b89Mi&GZ0AuF>H+iQvu zYoUnGi$JYdwOnb+`I$U1}Ga=rB;hpUr>L_@fNey{bnA@R9npgy9bSFNKp+#|o zXD@GGNhTiMzaxAb?^~B%#W=tMXpSIV(2I7FM=0A8$}o$$vM*^oLzf8{1m}!!5&*Md z0NQsR$Sr4#vK9$qVFZ?{XgQZPATog0g9^eE_61X$F_F`tHX}^5HyxDo=H`iM z>BMa05Bw4C;%#ap-vW%^43+bEcDrE@f89@gCpR_u?iI| zgs?SiKul7MBGtez{ro7};EnQ|TGwt*(*io&m?4eDi&$j#G)6N4#QLs^-pJD!>&dCu zwAU;pHt)Ux!%-%b2Phi~B<(B(u<$2PIqPWfU5(?AkeZ9>6bwkB9?MzrU@`-Mn697? zdO#LzYcS)vZFa$5`p7oIJ0g^v_#@Nq$*{`k(&9PC*VZ=HDzmG~mO2VbhtMwDibLxH zxnc)y1Bg}{bm!z#^p!6JG0r*D<9L$~-b#0>&aFS9t;blzQylC3$KBz)Bf9&9iRvY3 zaHG(Ysq?@3pT{Vr%XYPvbv{fv7r`E14>_h#jssRyP@HQ&swY0y$#mnO2n`$FN3)Ms{QKpVj5GTu=1_ttSEL32wec3y3wE zbwrP>xuMH_pHvx}ikeV|=x}PyuP3N~j82joJJtSS_W8kPL&>Zo55|xeQtjWnZnQX& zAv3et+&m`{zW3}B)HlWpxr~c-jXIX6L~CX!kWivUAH_*#PAZx}S5jz%Ha9|>EW?wg znfi4(&qYY#B6^989p8Y7;rSHpi8ioa$vN7Dmga>S!QqkQKpfTYA=^)ngMZG~gOTwL z0Z}%~s5^_)S5mC2B5)lxpCQbC7-%f?BMLW5b3C_o=Cg%r07Vi7$Fg_(B%ze% z0f-JwvWx@95DrhbcD6(PMWF`KM}qFzzK+5T)8mfh6WnbZMj(gdcY}J>6)btwpamU<2m#ATO7JC361SrQ)AO!Z&Gz1m%1Ex*jsoB9DP@ zJ|`;|w*U!}gU&c3j)s~(H%I2P;H7Z6^jvsouAH7w0&Ao6X%S5iWjX9-o;sctz=K2* zLIU;zJqsq+n6^>V(z}Fa5;4_qf7pvy&}sou11fu@!>$M5Agif$K@55o z^bQ9Jq0vmf`YGTr4_zeeTEgUBvh`f4CY-`$a>E$~SuFzC@G)G>AC!j}QgI+u0KXKZ z=`^kzyP$GBE)xz!Ml+H6>9Ax#BaW(>!1W59mJFa5%rYyhcvdN9%u`~?B)sCq6o}K0zln3JWo)OaXX5W5poogDH6ufkiA05 zo9P<6#}yv?dzf-z*#erS84&R>ynB!1n%RR@moW>;fiM7;MFH$-D@aueLYrW1CV(BQ zSbMu!-RYEiHUR=02Y?w9WIV)%x?8MVx#)x>CdN;Sf|x4gB18~%Y49iAq1jYnpd6}~ zqyfc&S9?MFjIzFP>+9IPYdV833WKd*gzx3T*RLiQlh^9ULACh`TL73V#om4#h$HI^ z&ccl;h}}2f-U7hB4epME?-CHQ`G7J23**Cm2?((ajgADsf>05*4V0x8UDiVA%&W@s zX>E?maRShTw>cbHX$JLvG48qENkNwYTg?JgZw3sw)}gdL;*4#@qd+o0MvVZ35rAMM zyqSR{ir~f5a9Ki2h^LG*59T)y6(@rwdsh<3(?N;=px75V5mN-Cgy2y`hxmCEMBIaV;}ArFgb5$~LA($Oz$7(+-pzoL2v)gZQ%Hn`;oz12pdTnBIS*6j z18E|_fzGQN)Jt`RKqi{yv@Skhbi5Z2_2X_cBbb1g?O$U|mSYklh49K5NTgu<{87M% z4{Rjw2+D(pU{?0SN1>*SIsy%`b^(x?H#IIV9Ulb3n?T|`aCLc;kqn8qKDx-IW~6O5 zj1O7~Ahzbt1~`bbCenz!eX|fM20(WUEhOg=l03-PKubd*R0_BH^?y}gXl2B!iZSIy zY_3+LLJX*oU7yG*uaFmz!GpRN&95?C%(lGz0zk&$oB5D*gLsUHpFwlR@Pg9jA#~c2 z5PmimfGXoUd<~e*leXLPCj@YxZ>94|$8~dwT?rR_Hq^ z=?45Ow0kG`=I{gpAR+MAzM8^WX19pJwh*+FRlgUdb;n4!ryj-7Y17XcDg`tq^X$zPl~sSYSoPElGf0fz7+0Cc{q zFf}Z_*R~)4P%1h8zwD*nlNJ$;8Yw(I$YVK)a(H?+Ez}cQ~bNEH%;-?5Od}j2P|to^QRBRasXuU-sBKrgh!^oOpAB3-DYQnn6f&XTX%X>pI+Y*D4_@`}g{M z={<3Q2w5f|anAY!Bh~;kSdjjx_%4-mj>f$fN`ZyalkK$vq$r67Y>3n92G&K0*Op}a z#j%!n#5fyQYV6w%K-Svh&Twmn*dwR|AB>5EISC;c z23!nu8z5$UnocANAm?K<3h&#wQXzjp5j9_|GXU^K!0Ag?l6ZjU8tC9jDGmAShXdRH^ESCCXJ(nUBKN*UN|IR2<5hXC7owAkGc z!^&TDPl*EPA+VkNIBf>hVICGnfMwy3NnG@5-s)irQh@*_$v`JHfv|YwR!3~P(ZgbQ z_m@IVg*d%+%a5~w|u0u5oPUL zD~Q{UCl?zUZr0m7ly}QEJdquJvh!yT{UYT4fLgR0QBbKzZ}_X{wfl z*B`7UD%^Zl?92XVT2CF12KkxHuAu8U$R-{w7d1a4`SQHa5r#RE>rana(|vJ5E>gbbX3JZE!3G+){lE3pygQmedK~)jufeD+e z&>^_B{ws%5`{iV*EZ<)<*&*`lP3Dc^0HYU5r5sgMT4v>x<{hafzws(^m|mP+-g8%J zkn=@BgmnJ8!Tp2u!QlVF-h03`m2~~%H$C*wJBHpNp@YbVUPPt$5=!VL5ITYZLNA7< zfQX==*s-9X;08eiY}gPLFd%~1zzSCW7t~#MAGbWaJkR@k-~Z-g1n!-C&dfPy&dhx8 zoHIK7^tL=+s44v=N!p8bzHEG|>acxg?3D+ZTBRGuA>o|)6+e~+x433WzVB56 ziUN<@RzD6<9ZY}RRO&L%j{XU-&04jJg@un#P7ZG97`!#ukv|W799)2ul5tBA}b&!6;pe(+GrD#>b z=-544F-trjCS3_VgHCR8Om~DU0=0GGGIGJYQTknbwUBO8JxPv|Ic#2S1s7|&?HJ|i zvhSL%5t)660Mu@vDg%H(*Y zV6n*&!D1e4A*=N#2&FO+78`D6;ERfLfQ84Ds{BCG`%R7c5@vs zHJ{=Dv>baDxTVkCcPqtKRc1HpG~KF>R~MJ$Ek=sIseZ3#@4eytZ=4>8^iP`Qly?9Ph0 z2gVp9d<>1*8=|RnW&^g$j>^I>^E?D`we;#0Oq+sz21~j~KrV_VA8US!fC=zyP_P45r8O!)$Ddngn1zDog`Y*N z!6KV_YSSZ7C&t&bA3E7J@&ZZ`sG_q1*adqrd$}EArU*eReuS^C3^$gF9V z2cVri<1m;MqpKYXV!_>PNo~)m>?x<7pA|CVi>VZHs=~A0X>Rl+z{3NO>}`@{fs9o` zulaTgIf_v&5W)}F@IndG+@mr2Shs~AuTJjCNIGJ)E{;l9-F)A_R zV>JPITX>co1XiV6h|u=|t2FxvNWmKfmLT`fO$!L|WWp$WMBMJclaJOgod7j4>%5k6C!^|99+4_#>B6K67j7Z|NGa4U@t zu?BTT;#p#5x9o$YJG@6R2!z6Q4kHW|y0HZ+YDk2qU>g-9>oZsw45U4{0@lJpu{b|{ zDEYSDG?v?3hY3L^n+WmcWJ({D%3Pa4$^)3?nsdzL88;W5QMWd|I$A0+?SeR-&J||F zKn*;}-~y~^Sa?0!Sv*5D5Xfa&Xn=wXB=$+F#WGw-ofcE0Un52o3raH1!8w_T%!^b& z5I}MWWyy{;6zXZxZ8`Ix*-xwX*O6a6u-{PSRM{4o4aY2=Mebz6_L>}rvokKRN(^R; z_DQm8c6l$$6Cb5`ocVPwd6(H9TGesF&Zj1IDI;IOeg=;Y&`V~}!d3~2q zAQ{fl!9cOi0Rn;h<%vR6WKuIBiUWgK!;;aEQpVtMZh-Jaj0dSOAfm%Wa|$xD{q((^SN%0Q*$uH2L>XY z9IgF&QUm$}nhQHvE_{@V;w4JL8C6u*MPutMZ+yM=1`p2{3K3f9#$Z+9oJ+XK8xYY7 z0@8Ecs{C~$*%HldXmvYCM#&r?E92LTeUq`uttErEjo=eaKC7;fU8p`!MbzJ5{E#!Z z`iDU*T$P*w0L3V|(jLy;nC4InYE(u2Aose$5u^t;3nx>x(-uo%a~jD)1iEmlCK2L$ z8Gta2nXgta$HqsdN#Z1b{D^LH45^0@FP?)bKkSNCqasAxm_eF=abiKjaShciN4EIf zad>$oV^tsHjxxEM)#T}Ifw+@wTuH{Fe(;O1dF=R#lh-!w#c^y z;9wfV5Ai~dxG=*Ij0P6|hxedVfVQg5k29w89GA~vczzWXu0Cgq_D`!#5H$9(CuSHH z+8a-MxR0|1FX&<4(=NqEwRXvw2o4NFS79J1%qVmxMr%eeMka0p0&eu{P;B?ZJKf}KY&zZom;JyD z@m*$V4CSKtSayvzC^z4nKY|IMen?{QlgaUNG%6jmL0&hE0piI?gesQ~Oit+q@QR5z znwQBD!GLxw2K&KO7$%%8Ou(rBDKqCWOsC>RQg8GEyC>$cV@4Ad_o^Na?R#dnX%Kcr zxgG)HEJMbdQdZ%*P&jl3mre`B3lr|9OoZ@?0B~aqu{d_32@t`cNe$mc67AsTSODb& z^}Qj!$iw3{w6ROe);1nVumeDa=4+uk$Qd2fWL^dwX9uqngmcE*lW|Zo5IvK{<_4q~ zQDG1)j2%F+GXUkmO!GlNhZ?_u0XM^DiO$)}V*uSiR11xr#mesDdFqpK>RSNrX$N0} z;U~5jIpDL|u3~(Vu<2VFb%_WZ&RvSiraB0S4#IGA_DzoV%6d6v)36@~7on?KH$~ZH z94AxzEKL+LXx7=Gcz@|0J2;N4?dGWIX(ylG!&ci1NHXAlc2FEH#m5e6PDV&Gkjis# zReFj}f|V);={E6YWvV+k6W-BW=p(fK!yo_8aS8U_DYW*?9WfM5BoW)%Q0X$US zGzLsY1B+m!`w=r9D-;|DkaOKdX8acB*EhRNMJ%PgA70cFC!#X<0Pp)Ec8{}z{#Kf* z{8ksjii0MCIHa9bU7kF9wIan|?P%ZTyLzEeiripO>AnTXn?4iOIc))4c`#jGgOJ<~ zRe5;c;1Lx0;iSA~JoE=4r1Q%X@!PUIp*+u@OBe`8axSPxk@cNSb9TQB4!Nm(4}~-` z)?~IpYzY}j*PtqG&Th z8lS>IrVJ{#?+oN+04XhH5GoAB1#E9_&dZ8Ry}i*p8HqWU$(98dC3>%)us9W<;nqT| z?gmsa&`S3lXv^viQh=tL6@-lN1CUJ0qFyZAwxNIP+H)pvT;RG|C{`kjlM1yO1cnmL z{cu*SEh$_Ws2Q%zc(A1MNR38yCTmuW9up>^Us~^8TYR$;PK5lx0vlK0hYsem!M2Ms z^da+r*f8`c21%|*>0tqf@e=%7gyem;U(om^f1s9le90Zt|(lrczSDy;T+ z!@W=l7;7y`g)2~@^X}SN=xo@#?aX8aMIpFxOO}lsw7eN7kKJlSHojtB%dOOq<_;)Z zsicrmDVQI4Viiz!z?wN2TL3(qj_@PugJ%`w1f$F`jp_q{ePEdeu~26Y1{H!BkrCOA z)h>2^`H8gEO5SP7i%3;sY$5}hNJcUHz069n2~@I=IqzjAj63; z*1<4R62R*q>~I7sO;q05jqI0UqmY%Q0a)%Hx8|h1ikYFx6geoq6ZcHxbINd zyTvsx3RrT=$+Aa}l)%cy%U2~3s?4#lLIbvK!`W=+2=+h(2nW1#S1FF6nosYau{lyu zFLw-524rc;(T>qua^DgWnm3_=ZAMnF%APy2Z5G^9dk1z5AY7Q*e}{O?I`7ydUBLP} z&yy6S-dvS{5;U=1S&_9|n^*ify1b^E!{jh^~EUP&g}Mnc;aX>omDI7jiQnme>N@ zt_(F*2$j${wM!J2AJD$Fu>Fc9;5WE;H3NC6`9$C~sY5&U_KMa#sjf1+DOvGG;!HTt z>682GP_W}kl&#Yq?OpFVz>)i(10sMG`~3O+pWmLr{_nB>{r#UfZC(7Y_kV*2K;QuE zKl$JPJvslC(x3N#;vu5I{Br&$FtZYvWr+r6UIG&_fq9w0Oif_oCNPN;n9~W&@6_81 zW_<$lKY^*Bz_d_ciYRbTBbYD>O!2fhI}7Gw8oPWM%*8a++q($f1&j6e4s~{>hKDbX zjm-}Ywbs@y4h>bLrp|&HqiSnCY;5MilD)n2ot4$> zmAA2(O-(hCl$@ndYQgdp%5-@6Yor#uZ_)^gTp*{ z1^m;&VH$ka#wJ`+a?HeJ-o|Fy#N;5DISPZBH8B~|*Pk~r8PnIF2J5D;KZM7R;qf-$ zEwD0*iu2%~ii*>Uik%=|@J}$!6dFAQ(vg&$mXy>-qh}>0FAE7(U@+4{LbF0b4rug2 z45k-@xs1UKVK8Ihbqr=6gDFCzJJIM~@L4o^42_-!A4H?)(P%{gzyp9j0GI$^+Ht@E z06YL7006=PfC2!i06+tPA^@lWfLZ`(0)T@6&0#Lw7Dl+NRd($j) zaNukTDc*T#ztBN{*}j|mm5u7eumsGt)kliHt>uTNE~@DTl{o3|Pu?%1&{_Xz#(uJI z@yQv?b5|td;Lek*^?a!>V^*E7Iahx}xzl}I#PGtW3g>swYF#=tL)e1ui3S)0Dmg5A z_36(!WC}fx5is@X@UHVdIg6vOhm{cQJvTFva>rrv+mm)m0TT7Z9-%sN8H?;@m7RTT zFbtS`hux6qX91>8pQM`!gie<7Z-2u8-+tFqp)6)^Wndh7Kv$?$(B21Iyb@-b=zLXF z6IR1voGGiQ%FO*rcHs;Z7tlk^6%!WnE4PoR$6~mnS>w)$;Q*#wE$~5Dft!LUI45@D zxpjzfmWYgT)T-uQ5g^Yww8Y*+QeEW1=CUx(xmBc7WGS23aN8gm31x3wW8TOicR7+TqMB;PJF$!yva9eZ*7 zMKljH<2+ff@44uOt269g7oq()l)(AhhGNNvYdy-?@hnc;F2ZEjU@qE8M|vj{8_of# zQGPcG#PI4DH*c|*oGb7==)|UK9LzCQ;F%JW?R-njzqR#fJd8Y`O!gvm&vN!`zO&N`8NtNM zV%8z72tAVQ&p{;0pSKD_Lv!Lplp*E1V%&K=V?D=}7bj)(9g9_W*9?i?g%VGw?tNM} z2hj9pbONqDeroJ=A9k}SSbpScBv->W$jGUSCs|6H`R~C54z)=+`(~U|sv`+){`9)U zCDi==#EYv3drX{<=@ETyqo{o%fkrJM_cqR)t~U(R#XsE^u!-XZRW-;3i>NbKoZ@9> zf}6N)Tc9FPJe~bGl`TSnR-_`CuYzF!hOq~YKgm?;tIV<{VKdod9Y;*6+d?Sh(H&cE zT^T1DCwG*0M+I%fNSu^A(ejeF1ocAx(QUZAt_!{}|HFg>>8Wep_QQ(D_0FTMZxG(| z_ia4UtNRXvb9-=%RoMl<)s>$Hp;Vh^G7hNVcSJ5mz6m$Kdqbely=CGOvEzw=JBeNm zwUQ)avVlyR*W!f1Nz zF1C-Iwhv!E5G|uhZ?3A*YbfB9C~ysvGty^-uw1OkX!Z87EQE9qXrxRBu)aB){9|&w zt+CH@)+5h@OE%rbzz;|%zq7b|G|^9|l|$;9wi28*ZLWJ2JES1Pj(}K?>&B`{vRJC@ zM2kMLp9x%Bo~h6<2J~HeMIIjDa%3sv zt`N9%S^9wSZOcEG=h;g<0mLgTwj?mLE@a=Kh{tDI`eR}`FDIl=q^Q4;%7h(r2V}Ng z?3FZ;;gD*)h6k{6qPDw^WEkkkVyQ>$#T2N0O?KEkvGTR1jcOaYP#58l+d-@Vr?8)v zG>b3~6cWlS0~Zz{$MGWgMH9TGS;KnQkjz#HzyBf#lJ&DM0x85Y7Wea7rU zNBWi7_pki}!!1Ls!?M;#B_dhlSR6Ki`SQ!e!1FSzYqr&H|2bcNy$%YV7oMH7?w~OE zDiOsQhosB%*jN0>=pr=toa;T`*FUgR3&wHu(BaS{gB+(FVYg(E086w2PaDhG$p=%o z3p0-%KY6-Gljp!-(6!u`{Pzf^EG%a<#ziEyi&|aI`UW>-!xI-6kR{wuQ>2HP(Tys` znx-&_8Ci%@1;@pb+6DWj3l%&8Vgv%p_@EGs{gred@9>2kIPi6#jngi(&E~!~D#;pq zuNRwm8f{OZ2Nc2M9s+|y$M(DKb?QDOrlg}{*+?qZSodC2&g}$Y^bDiMnR)B9_xSo& z5BunA$D%)4$b>rJZ1!hx6qu+2)5pEmBV)yn5`(uz&bmkX-eJ$ZL=Mb zgW`hDv3J%n?<^)x;n7|htoYvZ01r8SG+VpR)g98I4KR>E&q-s*$6^J47@HPj8%)7~ zNi}9===kTZ%6SOxAQl)L&0D1ebmi_l2d@dyeD@GSR~QoV4dGu95XrT$Xpw?jN;S9# zv0>&UAZrDzn<_f(tw+L$=JeZ0f1|xr*ywo3PUD@UIe`)I6kJ!qVli!pF{f98bg+Ar zqEv;G6w7XyliHl*HfICZRdI=Lw#dh_^!I`&Sg(-p4vAOO8RXj7<%1hsFuLL_I61!A4vh&mwU{R<25NAGmmx7`P;~@nk|%q< zHs+iOPQ9C-_QbP%$b>vy*wfSzyN5MmUiI=_MP}@k7HfrYD19{S75nW--L8BIAxoKV zB!8;NQ564aLJ*F3`c-9cQL<;!j^bc)8|yLKmwER`PXKTw39)BLyOXvj?nJz_(5XhZ z4@YgSNgF+R*VENQ9tza!&eYvLE36wAzehY?h4Fg<+ow++yj?vI&_(bwa(v}Kezjv){rE^!x3_j%b@HdTr+~Zz zt#=15OeZ?uE%>N=+dFu*4j`ySpx)iXvZ&7-^gFy}{(TB@H&5gGdkgQ-xAbR`7m{=I z_UJ-lmSdTRw1i73S}nzbj6 zPJjZ0{iCm+WqDZDTzg?Dw$Oi3d$+Pcun0l>Bd(CP^J>{eHF7nrQ*Mn(na=~J85Nyp zW87SNX_z@BC-KZGwQHyAr@X4eSU;+^s%IHgtatw=j*F0~vhAZhiH*doEujzJV)`*B z>laxzDnm7DfzILcjZ$*6mcapoCxeoNFPjmH>J*7hJU3S1n{12i9t#E28OOzkRPxz( z304`>Ep})}WC98i){pv9PHtJMS+6Y3)J_q$z2mjXx~RMr`F1cd zM1SWq+i;km)pZBfEcyxldd*Im2CbO(PV``zy>m@a$$|cD5oJ#Zl{U~qPM*sHPX{)z zP-?emIk$6HI@%w|yy~#T1ugJK`UEnX=uvR_0Qs-iKsSm^A+J)Ekp$ zc?Tnc*WUGSCP=*Oiz=uzij#V_A7=5y6{aKHLQ5r=vTSwj%A?K-Pu?A4Q>g0F z#{ugk#Dwue%pQgH_yR66l{Lfk+(0YN8Zv?rwmjL{)yY6W2ghO2dR@Y808|4EW+UG^ z1D=7Mx5_IwvcnRBPTEk>pz=U|b^WS4ef{P4G@a|Lm=}msHtHTvCWJhzdO55Q7yGXD z4)Lnz7OV#lCsIeBTz2i7+r`+JwR%M6785AO;#oKulO~qJ0E;$Yb=sB=KhSUPskqpM zIpqhS9zua|9f+02Q;(5T)pDYP1OSek#=duB5$o0Du~?V!=#4uHmZxMTy(Y7o@7<8$ zXm1|nD!+R;_Ll5my{Ok@$okE|B~JTeM>d5~M_6y47Xh*KBCqKMe*z#ph=U4Y0qN;2 zP^`|O!<)9-dEPrUm?zOycI@m!O3%A`hEF7voeXfsl5ejfB-A{=6rpP>%yIWwLhB}5 z2#2)fozcq&fwPe#9I=CI7Wb#40eRL0}PK2Y#vhu1!{rS%i&WcPk+o4m5 z`Z54Vma^p)VZC^slnX$$v@s;*%?T9=f|umRtJm+k0N1`rm^zqIi&OMxL^bIk2mLGZqxMrSlktaGS?_NRbAPe?~ z-~AAgCSed{_=HXJJ<5iFPw`p#Yh>x{?bZ-C^!Yl+Fj9Dngrl(Rr6}Q2}l_r|cw&F40^T;Sp}(0{_E zBJXM|l({DKn%l2o>s_!wx2LY!2+Z@gp> z5R$WDx>SMgBO;uqW?VtW0kruNsbt8@g~BWX#5Za4f&y)^v@KTMgm33xAQdv0Cl6@@| zVMt-jyM@%g*EMMx(Q8Om2_bQUeSwiPS*M4pI^ZEgHsjK)|Fg#HAe}RH-&fTLGle0@)tD+E0cnA;jD?JZ^KVx;yT=+B=^Lb z>WmM14fy2h6!{&5N}f;o4f=!~^(@;L_U<^y*wJi_*zaDn_130)!gMKuVB9VFS6k91 z-NR3Z)`c%raVpY2wCpk**j1WQEfxmbCfw*ngm{N!Uaj77-5oj73-4)dSghU*DcFU_ zl~cFm9G~!CHCU(Cp0D$0TPvYnEDzdk-Dpz4V;8pDd*QuGNlImi5Xf+OK3{!%MRX2MvA!qcsAa;S*75A*KaonUI?rz3wS6TP-jC)@11@7|iZG8uv zEZBczUk!e^rjr$R34OrFonC_6r=`@~S)HRRSz1C}&8LCdVs@C2vbsU=pin6HxW_@^ zqrkmKjqtTCVt$p*EoISt`x_ta-;#gm$0@c>a$L_q{rNllYnu53<&e7zR(C(*;7ujH z-)HwR43ia+W(?0T_fpPwg$$cNTsh{sBW{y>qD7VBf%%oKkYd-Hx#E^xHnxpWo_z-7wt7k2FExH^IHXI zQu|{#+BXS$^0t=oMi(9%Xf570ET2+iy$97+vkm&5>hC5HQEpv(K`GXt)Xty2@#yVx z+?IT$Ue~j7u>ORw;8Eel)^^nYvisq)rRKfsbcV5{jiwVTMP%LrTiXA%(z602BJpj)O&WJ{roXz zhH+*TQZ$Bo601;OjKA(EhVr1tJw#w&G=LW0JXo#h2b)c-#!u^io*3E#K^hs+g zy=Q(X%AmYtrD6A;5Ee8^j20KDaQ-AU)K$rWnn21l8JH3wscBpmR56H8l@gy5wdF-*AL#(NHu z{gvmRbvfP^3&-d~+n7@8pVV*WMyS0&UhDH8-gxDBEk{oWos+z4>#I$k&sEv-ThFPS z$3=AP@4!5<&9p)VjqAl01Rc9$$T|K*g3sjY2NnOV6^6hiM>pf3+l;>L?4@csZ1&9U zyB_z{sa(Fbu^-oYDGka}XM5p|A*XrB)y4J`TpR{xWYgm1IZ%s&iEG6oxYuf_4p9e^ zu49WYX+OPU$j>RUC*=4w4pV}j1C_tHgFh|}5Pj8GeBgR-hg?irf0WpTRpboE2mOnJ z!$IpVm0LvDiv8$!+qk4>x@oAe%=N*kNLH2SC$3?lVt zB6*Y}?mb&`?}hihS84a&Y`?eAdG9TU>*B+Y_W%hd)QCBCX$+apM5nvncPFqyJ9FP)?7se|`-Ys8MiP@|QTLy@PMXwBTAi6R9h!yO%-;cQLqWEd53-N$#G#zU+ zE$K6zpf-_IH*I->G6n_>mO#`FP0`jfBhw!SHzlm)^g@?Pt>*O7<(ygV1L4JTl}XGP ze1ZqoPg<(Y7)Sv8bO~-k5@Ee8oH?^d_klEWieeZK+{b3jI3bY}riY9sn?KELJ~U&> z`C#ia_*#lIFZpp>$xM+1#GiBW?t}EII=LxFpr`J!x!q%vLk}6|Q`BdTqdI#k?}TMZ zj0In&yq(F6-7&xqORwV-GmAWf5@uWz#MmhgJoI$L0b z?oWSk5D?{NDnHMdz58JH#h7>m=BeSQS&Z*wDyNrknTl@NeeQer+qJi|Uw>qHW|~A? zR}p1|81mVtHmkrj_xAGREP^aA?gcmfMc&|Z;T;J&JDv*@pZYrQg|t9kShnzCB3a3h zJI|h`y#=(oC?vZUt9#Fc)E*A^BrICINqV6h7Rov6cF%e9`loH{UkKL=i*@7Sgh&0? zfNh6nc7y%K2f)}t7|vi$M#uroqlAe!dw}5-JZARI!TKkjJ0RPQk+sj^V)xtZ9OLh!Z6rz0D)Ere>T%6;AvcHZa<&w6VXmpk1hZPEkO<9V_4hDw?M&^=^RkjAUy$zeY-EKl3nbt zwHoJ@KB|5Y!_O?;a;ef}tUpLd%H_58D;NGJE`erctsEz`w~S61>`5kES!WwAelqBy zad2ZL0Yd^%;K2!`LvA0;C4eoHQKA5?3c^JD#~YvhVFtDp+wZ+gDo%^jE74t zkT8b@kElZn!5ix(O*!+V9Txe*>=gp298igk9hmN(EDkCQD98~N zfnqV_@(gIEX`XGqQoPd5eU1+Ncehru!PiL`#Owv$lpI4p6yQS>EI7qCl%}k6!-ZcG zLqn7>7h>7>ORH=g8`)dgaKK=#1nz3P)A??R-Yo0hsM9U?fg%x?gv8F}nf0S#QqxIJtymD*(jq7i(6c`t*Su}&OKAX=Jx!|hDetB;R6+PPQm zEKojL1(%xidX7{aY;mzxI^*u@CVO*~yM|v!fKk1wUpPxlBP%&uP`sQ!q2J3kJxIEo z)Ew_dk7B>=QF^e;jUnv&G$dE(1)soH{-FmUx%&Bfa+ld~1~0a{2M}6ry9VlMSVHu- zjNcdF)&er3;S9)Hj}+mz_YHDfGF(?Zs=dz=-ihz^(k&Qu4pGS~yVZq|jwDL1ld&D{ zPJQkjXho2BqWL;-X0!4j^ccsxVTAla9~RN4^Jh5?`U^}kZ`L#tQs1@jk>u1cp1g|Z z%Nk(<1ffMQ*_OtCKZoD< z#@@{y-cCEKir3$1*iO#Po|-)Ud?@E(p}*n0m6*=ZS&`6Sa^N9%`VmM@v0-d`lM6+Q zi54qeXZM0qz@d|4w9_j>Kr|u7?*(PHH)!;v#P!ob0>M;)(Xz4=)_X5*@_znI*In5E zVCyQ$wzI9+_=h|Kg8jkh^$-s}KJ$jLSA<+nSsLs(`T>#dz&aqGX(7((>1fH`)_8rx zK#k?S+M#pnsP!V6^ z=}Zv4&=|A$@Lw!t4W~Rku%pDi?Mk=JS%v1&P*uT-X-Ze!ntKP zXCT#FQ;(8k&Aw}$Pd-7tcDzdRP{T&|x21HcR#Shc37d?1*dsJ{uly%P;ao+Om=xVC zJO0AjY^ggR-3Wl+0tU$Dy(=Y zz3RMOk9z45p=!mP%LfPwiF4uB&M%|_>hEV85n!a_c$sS-1lrKI8PN^wCJN`TZ??OW z3vce(Y(5v9=Ta7Hcwl1_>iNk5@7MR?ho9ssCcm{2<&)eBzE$|-A9683O0!yyz~I?z z)_p6)m_IjGuJ)93_ruN^?ZU#{nhm$t9aP~=+ogF=r?k{mrM9bPbY%Cd8*kTq%;f_NE{&Co?(-Ycgsz;4;`Em@sL*E><60mgo~O^^M+Ho;qB%a>O`W zfL^!A7%q49lX0#ry&fqEeE!;q3Eo|L=ahW#g`Q6)1iSTmHR|xi;Su*m@9Uj67{hN) zeR6*lOux@WLZdW8?4J|Z{wr_b|7V%}(f*I+Qy*hV38YvG$=5G7HahX&-vsje`#*5t zSr5P7|EYlokA(Us{_nqF8lU%numkL0&wreqU1TyBFJ4?^FcuFVUfjHSkxB&*f?OmJ z7O~hx3DSAGj!4-p{#21AuGMt+fCls{!YOs|s%tOX#NX|{tXtt+5ag4v7zKRif;gg;_Dxq zNC7v22ZV&Hg@K`l|L*6H`oE^mulIlAmyU${r~m)Eg8mETLxZpi;Lg6#V86KNShaXi z&Bno`s5rIIs6bNEh9Ctg+t8@^Bq>F#%{90NOo63sC21WQU83^IVv<3wjVozbJ|dmID5-3i_kapw(E=0kDEKH8HoeUXQgTMS)iX zuugu#*w4P=OMS7wV83L)U-(Bw$42@^tX`txWcFuDS>bgT3tXpxha30Z0URuR13 z*CLv~S>z`wTEAID<0}>I-z>$%EM@7E zpTV;0PsL&bmaZ9KrHzeo;3o~dlMqS)M~6V{H#c>bKT9|L0^&jwK==Qz4=$TUTnGsq z96p-@)-RTX1&6UftbZ~Vya8VJiwg9M4aAa{BG{Iyq4qhZZHe5np?)>TZ;X%GBe!nf2v3|+FX82e6eCu;^mJ|d|di_8rx58Av z)b&fx|AoN+jxm2nFrX%u$$#tfz;^wy6E-H3Bf!ypX>x&eB*lVg(l_qd7(7m#41QyO z>gs>DuWRc3mQ(qe*NT|uZ!r3v#V&JRcF~TXZR_uw)$&~AyBbmZh8sBZiTIvv`~|=B zeX%ZC_BZ_E{g=kqzu&sw7-N6MZK-vp;3%;I{6K^MOq>!=CdIDQK>C|A1!Ko$K1;&- zGA;T=*Zm9X`97;(wF$KQ_<$90&EPb5S@TORSQ%gZef#=}$rmyGUGD&{Mt)<;v80l( z*88`)d|w;Ojrqc5MO@HtwC4LR$UiiAX-c&+jF%hub>y_LSQ?o>+uGMT7T72MwiH2K zEsN|c%`fwsm7x2b!R)hkmVC;Rm{y|xpi@~Ux}p=7Ws1u$W1L7yagIy%U7@=EJk|O< ztz36aC-^@|N&TJ8K@|FzsNzZ%q+Y3=V-AP8L6FF7BR zh^6(x-)0YbpD(KViR?;Q+Y%!1xqjbHoqoaXbD#X%jrcyNpVj)gpZ>%-G|ms4nAye0 zk|S1Rz526jU0#kGU_UeXnZLe14rglmD`9-bXMU>Gl1^Pi;=Z?p`3s}s_a*WR|G2b> z2B)!q1~2=+R^|`z->)eA-)i*96(iU0pwGXJv=|AYU24<-Hw{{^x9 z{~h@65(@o40095yQswh%XvF~FC20O%XAVD)r+*Fr{x_g)4G<^&4o7fsUTNf4^S2oN zG}m7tV5+zP8AUaZgW!r?qX)UF92bNZFx;meK;x%x~ ze=l7FKR@HYy5R44O&wiL0IR*S)%ZTOcyNPYEEWrdlcK&~;LBCNz{t?wFY&vN|G#?k z`}#L^aa=(g`1kd%rMZ;<_aFWL=dI?q^=}>(7aL0Y`@8@DIR86t$tQe0|6#fRYwPIz zbN=6dUilyg_2obxwUD^T2z9&~Ufn64gtdu}z+&~W8aM+D9Rn?0@E4qhx;m?w`ciZb z`1$|ki_-s!Hvaoee!KrWkjT;Co_ugy=HIQ=@4x>AM}IKb@0a~wN9&*b?|)b7f9`qp zi0A;n2=$QYNRoO$0!7`{&p$afG%7Ac-4P670AumMT|WWp-?fr|+`yj`@&D7MzN=aF zrTL!&xW#^Ds{V)lU+0_ie?O1^|Lp%*8PWeC6$3IDVh8TWHwcdo2ql4$QUoyMAz952 z+^|ntS_&Hc%0c|o>Hkoq|EmgozyJR{DO`!h{C@w})X~xX=KPn>{a+VM3Gz?;|4In| z4`{F&N~)@Y;e=69q=2}HP=BnJn$FiheZk*-BV)j;I%-;K8orJWIBh&QUGv538Q^sd zv~j-c%$$62+Uj_mI=Du_VO3R)SU(foKqf_nMg?Ql)YQR$%d3l}DaKL^=JHzOOVOnp zMy!TQZ*#yOOEp=y!Nb>jy`#BkHb^$Q9DV}+L{v$1g$L-o%TSPj>iI~jwi z3?fNuqykBwb6tQ>OJTn-T_g3C$&wSql4GM2z<0M4Y)~wTgax58kWJth)`8!!218A; z5lejIzVMCx%vWuxQppel-*6ez!M+7wPoPK=HXqkaE2m+z=xW1~UTYq_ys+N1J|)_pDjio(gk*uuiv^z+|KM3Xbw@7RFRqf?xtmDm_vG8zf#5~WjOzzDHMx6);SfFgoYA~vaj zs94yFie1=wzx>a;fr5(Sz25Kt_y7I%bM@}sPCVy1PoL*Judy+>tqi81HIWB+4+4`r z*qMVl;m=@jlDVDDVmk+{gRz~Jxi!fWZVeXb@UyG2rR8F0tPRQ37(Brn z7~=S?=*q~_z63rw7H+7eq!b$)s~8#O z<)auL8K4Abxy6uvU=HF^0C zoH9%u72yAK>=z5J=n*tEH5I|gcy$MYiWXi|0j~kLI}%h1!Q!z|;BO508-m5l$;o_Y zF*rl|5)>R(ko|C<7leav63|2eIDQE90`;UQx$osPXBAT<5m1gU zZV{Nxo>n>sUJ(q9fnPvS7^{DD7)?Hb*~4S){6fL?Rav+`N|axSzhW4WLs(rbF4QY1 z45y7%Qld$wD6CI(WF)+ku|OXK?(vG6Xae$XVnEQE{xy(IK$w8ul<@EnaA#E)FAw{4 zurLH4>C!12j^u$S*qw`pKVWg#1*|wgCeidB072m)aBuiWz!yRBUfv;o;B#z{FC|b{ zOJu>>4|E|P{J@M+2#UbS3<0e}EW? z1e-%&BaVohc%E1(4v)iv+!lHpUHB=)&z~~+NQCznKCRQ!2?`@eQ?N8L3Jmh~1$-Fe z6%q}IcB&lsjt=>rjGv_j@d}9w$NqCQVh&_YWEhaAK($1A!5`rHK|lb=AwYQGR^L=5 z1M*NKu|c7*G6WY00V04ngOx9>4>(5wd>Dy^-H9L{KkOvI!>UO~iH0av9STfUKfTs1gFRG90`N2=a#wn(%;dkI&`^_zpMOUs-cRo0|zT3TWsm1K@mvVz6|0C(!K!v`v&Q z4hGHvwsipR;AAR5=u^m6Psdx&+1XifQtiQ-QAf#}hUPE|_#YS+{7ZptDu5gM1d%ZJ zPRGu~s@3pPpy52Msqtcu#f}a(jt)RMdU*Nzd#oa8t|AbLYRZIFgjFi5Jd}wl9%^_G z@32VF!D~Vi!`jKi1GJA)jP>(Y^a>AwwYL(?^h%mUU>2(4)s!^V)zsCA${Iu^@H@;o z)3$~7c4?2v#vY#=d%%ND*&iGL0N{_l^EfrYkrSi@Gbe4ACbtGl@`cIHi)N2vCBIr) zc*vK@Ce{>1@c~f5I0OGg!vDae3cjL~>{M!;O1)p`bt*06zmTlIzmE?d503-m>@%g( z=z4M?$^iNavc=Kq7G4cZ#q>>^APQhFf;EK%=}lAVVZhWijs`lw&npaTFkw<+?ZZQ& zCrbHDZq)b1vbVCg68QU>9i&02M__$~g?j*_;3tAwkK_xB0ibBh1SKxaL7VU>kr< z@WWAnV1o;&P3Ro@(+@iU_4~Q`57h7v$Dl-bM1d{#0S4a0#C~z)NEpx`$oLs{PhA!6 z7Wsu~;7fvlX=d6y?{EsxH86Nz%XS!bpQZa$$w5#BW;9)H5Y#872L7`s#>UWPGI3ID z0>kaIk5qkelIyN$R}z#ih$Gy3-O=@3}_nQv(YfIRmwE+4hs?3=A#Mi8Hs3u z>47o#U2O|Yke?8)@>j;m*LLKD7@8nt8sP$s4QMJ%7j&J_=^)4fs_2FS8SbrTVn`~E03CYOF&I9;npir4EK^X|; zxDdav0AN57fwM+8Mu8_r2ZS~N4UR8{!e{(_ANEPe41q`fBQOlj9bEqg7?WBT-atA4 zbVw(swFhpCpOOu*JAX8}y#vX?cyjisI8go(3MQ?julB&r+(yYJ9QaEipn#dL-;d@6 zO($nnn}T_@nP;71Xna}n*Yq;Ec*F2$V4P2)9r%lY8YZ`r-ey9Z7#e!uVLA>c!+L3Q zc0&?Q&kz)}^7YbDqW|(u6GwaC?b62e^VM@yv)bMF z_)jPyx`7WnbQ9`fs{c1FmVg6gVnTy}We10cbb+NX$4G z=mMW6ycjwL>EVj07B^j`%%giqcE%(l4>JcVOJIpjF?#{i!QFwR0!0<48`%@;6po9) zz`-sHtYqox5GZ}P(^O*~_S2?HiOFZ!`hwkl_?g}r2YLfx27+`j{@`HUXWt1&RQ=)v zf<462!JFQOKv4gABemHKqzd9flb+ht*}$wc$fg1a%Hz{^6{n1w=H*PlHi04#sRLfZ zBn7~6r^)eEVf;)r7r<^#nwg)i#%W=-&t3yCFg@V?{S^m}W{Ow=2aX;+@Y16NBqjiW zk40d0@~_TsPY>tAFv!EMA@*0M1A%q;ROi>1jnyO3yG~5{ON*qP2>iq|mZmk*1xGL; zzS8#APDWl7FI}9TGyIGt(T)^;d9`FXEysgC`!6`@I6XUXibJ2277&4h(!aD|3NQ`G zfuQQouOnKI6zS(hGoWZw(}S~LqEmpYr!WyMS`Ih}t4xdHe#J9%rw>rzCGgnC2pN9oWDR)--XoC9t5K3hUQG1JToYOvO}iCJAOrmeHR#dKn$k2slm`0 z$c;Fa+~`USM+>~+zyatNc|HT-h4@pZQQkD=q(Yb#<;_IYK9oqpw804)Q^-^ueEt&u z{EDo9rbH$VbSL5llk_|Btp_dtV`3NRpMM-aped5?g}Z-=RDU;24iks)hF+mFYM0+V zC&|YLBnpI4!14YHEbK1Nk_c6%65$k~^aIjRo|!b%H2(o<_yT1Grv-gQ8!N~jv1E@Z z5K!_7{E1Yfk%KG!$X^;uuZ3a*m*4&+a`+u^m;mbi92Eyg^YCtb$Htgps@boXHjj;8 zILMlt<%X+H-SDY$W@>c&D;)^ijWZF1HzjmBJxn!#f208?jnWAP`^7GuB5G!3mjYG- zDH9V^1JZH8bpam*O29N>GOKe18u1L2f z1Y$zbKxvsQ@;mV0k=yiu&1{VSceu zO0$?4*mPg-*UyHgCFO%Sz8}b0o6Qska5h}HKkbDF@FKsGb3dDocGOP+2TgF^&}`;2 zhI0cZJIo~TfNeh|`alaGOv*XpH-UsH(SvCLk;wqU)TqJqV@HgW4XYRsuy+S)?1me%b-w))IfwQVf zQkqTH031{D)&oKj&NQ4PlzE?3JU!G%3kyv0?1WO7O79?s0a8)F?D(XFqbHVrb(XmB zCseIxMel|+pyi_ieA84HoNDncNlnMZq~jC{qHn-D3#W%jemvilfRF>|GI9P%VI5oJ~M6NSP*6guV@2_C(aX}Xep#1 z!HeEwHaPl+)G|pT*y(YssYE}8ApmW`95G#(d(eeB_=Rp>LD^;WOvYpFF(0!=ovo5x)em z;p8~~F1R!X12TXD-i!82qF4{GKCRPlf)Dp4e_9JpPL-9Jfm&%0!!11M$u-~c5o!4% zW}peykY=9#E)XX)#Y9dH{6ZGmJvSVDs|0=t&4mB{#Z37uTWFU2?;Y@L{Hk=lc~HoI4N?{T>wX9(~i?%+wfmQBe=}; zIRW)&*{a}X+kX*_V6s`F@w53v6XgFIs_+`WfGWJke-Tw+vRR_)UnM2NFW`qj_%GrI zOg2mW{I^I+^A}Ks*ZeP{3QRUjRQ;=@r2Gr`At?VB@dGBCC4QzG*Gk{jr}PUSvq-W3 zqEP8}Dvmzf=Rg6y!XoVo8fY3AIq9o=gA?iHQx)rvOcZeD4zB#I@Bo*Wf_zr|itPtx zu%UOx+R!?~_6sZB{g9sYLcWPtOm{9n8=q6mQ24z>w8P0?1jfNHGL#;w0k`vf>96^v zfkgM0{%ep-Zo{T{kK`7_a8NzdH;W34ZvUDe^rpb^JoA6(Z01~uR@LH-wdKEy0 z<=#rHU;0cYD9zAGW2R2D)RpgbB4~j^1GIXBU(Ga;W;H{f??Xq=37l=0Z|;uG&{6Gc z_`Y+Yc!sXi@G<4m>vy9u-yef84L#Gw_>O-)!x+=hHEoRVI94-^p*j@}Q^)vTNaXut zD9^Z-@A<+rjG;0k9N%$*W*B3peE~O@zjdU(KL)sGHHB=ys!Z`s7g}Xa)d|o6Lw(oU zoT1m3dYr$b7T1sE|L>^*`4jmM|NNEwS69ZX{*nLxM6S=a?^osBex?2+$nT2!9V9qg zQ2(_17clS>{{JmCAb-aH_;2e!s;mB~|MoBJ_P0a+ssH#bPX2%TW@i2ex9&ZrItG6q zD?j6Z6{7mr`d{sj{{Q><{*|7l<|Z1NUeS;w)B-`{aad&&G>8urfmFtR2;MPC|E=_0>@7)7tWjc48tX_W4hjHl9Gg)p(`@75j-}L1y_61}|7koA^Z)oD)Y8&9I7kE{psb7t#6X!p5y%4YA}&}qfPW!q zCb=*Z0Mq0JJSW6Bj>WEnr9|B}(|HHSwB?Tl--z4wY}K>dX{F?j+P~KIRYzv9^KsgE zWw*~T%+AuD z%T(^%(&N6&XI*;(tEUR-0P%$1k(ImHx_d8~GspB-vv{)JV&&inIN-@~o0IeG5vJXj zU+7$oZBJ%nxpn6g2iLX(%c@uEk0od^Rvy$%j1Apv$p4zpo7HrkM`spPs^?@dRkuRRk26`C?o;MD&%3zEcUSx&7s`UtJswx&D6D(rx8kE- zzD~Nr?cb5GYUyR+6wHRD8lEOnLxL(}y~~%#MNr&xmoC=z;W|{-gB{uCWG%9bnWr0Z1xEEA*tUpnH-JZ)S=%Qh8T}^V>}~OSTR8?{!(ziq8`BRXo;jZ$U`)dMNzWOz5zSpt zzW$oLZ3|;wsPQF*J$zd+Pm6EJVpGf;1k+}Qa!tpGW^P7fVlj@}+gIYnh;bF;eN#r# z;|HDWMF!2c=8!ndUUVUlMm`(1Z^+cJE68c{ygzrbp3QuOUsu}QA|t)F1?-K({*0W9 zBIP=Ac=WsiYS;EtY{%7{S!-Z74p+jg+mJH7d;`@TGM25!wx^-$uuE)8|x$565>ajuS=fXtIiat zAiVg&GMT#q*&pPsqXRy8T&+8%<-$LfggSTPG0#OUA*0(quWq|+Zco+sKF3L{w72OR zVJ7x6akU7Wpah&vCeq8ii_9EFm!Z*ojHlHelB>QrB>~^8- z%PyUc=OKmK45_e)c(GIm7>qM9ak1K3`XIVT4AY_0CXnQMWQzAf1EJIM$yr`bPy2Qs zE6YRW*i~VDYBKnHPOVlhUzDcy7X2xjA)%uucx^jsq zu1Xy?5#Lnnja_p^(@ZS)zi^Uoygt8*Xj*=*DTUWvf90!MBhlO()>WSj7A!3@H_g;9 zmDyy&G(wQjtBT}$psMX5_EG6&h6`ZGn96w#j3 zW|RQ4M(GZ*MY$9PdCvxi3%lHo?#^sJS0uzw>R{TY7wvT$ayy7#A9i!lHWHD4Pe-bw zx>v6<>`p+X$O+q4|QSJ~Cce^#J z&&V~731>Ah)(P8oxST_IpF7B@%pMb6%y!OHU+4Z!In1GlQle5&uc8yHceFeqYwXg2 zt^8?CV->CzA9YT56=c*GF^F($FVHknYgw}S_Pq(*M>F$aW)V_pyn6-}}UAk*Y#m7Ytf(7^1ZF1o}oW=Rn+m3zo{L_$#`!%mV zBt+lkmyEwAy5z_(iG5F=EgJg0M(OPAKiYZCOj`Y?-~Y`1Q~xIZ1MI&)@BjKKUVle} zN&CDGPFdt9 zzxks417`PY`xi*$oBIc!(i4b25kp|QA19*oIJ4l6&ORyABUh+)Y#OWG+?PfhdBS({KuP|wp&BYDJR-C!pcXQ`g6^txTVusS~3Xo-L%$yH38Q(oHFxheq7&I8Zj?1l}qZOZx>b^!KCu!^}yMt^nHpaIA0l>BeBB8 z6b(78L`f)#iS+1NyBtSnGlO=wG9GgZFGV<5IM2SlIwVI&)DG-EfA zG(4+QSXH)owYqESD@!Jwd+M zUFYFVz{JnZIMAyca%VueVoTA3u$IeqK6NF~y8|-qmT`}g8*;ApB{h^U+pD<4%r3r> zXY4u57e`%eZUl z>I?Cq7JcZ>Rcb@#E*!6REUG{8#&Us^cGQJP?Q-%(2^sQU-g`~SOy^g>{1ocZTqsbQ zm2!k_ae?=Rs<^poc=Cnu+oa~AIx*_mo{T+l{@2k+%L{YPJxJ|4$|9m~q|K@6@(C*+ zu54lGe{~mEX`|tOg*AyJuZyYLt?Q)?hpwwSo@`3)UD(ob_pB_o@sl?-aE-IZ7wnB#%gq?c;_(6bY7(a<7^?*Eb30kWSH1Y?*oCeTURn6e z4wsqHDP#*>CvbYKTv5bmJfvp*m^rM$!c#)!Ht*;qu0#@+L18$Ov6i%40de)(5sbHP zkVdjUj*tIs?p>&NU&`EhzCDoSg?Xu~w-S=@7HVcU>qNF86Es_e&vp$(yL17>cRPL}b-+@5ivnYSWL&g-72AIbd7mbvC>z+tRYuNuc07qy2r0+Nij zId!fTZ<|w%HN^vx9(Q9+bK{Vuj$CM~7ZTWLW%L%Cs=Rd$eVdNnZjTg-kjftPk*;~s znT83^e_Shh5ntBNEZ>uB6m*j@$E9dpV`A>pB*`6?JB%IljEkP5H^>s-FH*BjwF-Q> zSOFP>bidnd->Kp!vikilM%J@sZ!u}h+DZp|`0f-p)Nhs_6l!a;EGR#Jbv=hGw>2R% z$%-QBhVr{${g}*Pb*D#Mt6Lczy$HGS^+rLCoCsB=A!0?Zdx93X_sP`^0T|1Vd<&2d zHC;cfr}ACPaag5%kVR{pf?ss$W?p%jExYThB|0u7QT5=^%Pqvb;!Uj6Zg`0 z$MSoNlG0R4x+n&5*|i9xWUG}MDO9=8I}3bx4xn$2ZRcezHCvAwa$3W={i6GP%(gz& z)dsJPw^BDrE#zl&mxl79gvvfvC$4KQeNpI9@voT z)aE}o;l9g(Gg&7NBev&infhB?DK6RUq+;SlWq5cQvzzJ#acxXej%jl9vL0^R%ed}A zzR+o&r{2PWPwWI^PP>c7@7@`<%qr~W;r^@V-9~GTM;nZ@7q|=rt4GacSsr#-%W14D zi1GTSV}b(*x?Y+z$v#-3v{E?z%=2Y}2e$3mt@M1u4N(V)&0JSDJIO4!9%YR?@PPlZ z(in5<3$=Hh+e5QGt9GJ0!+5*7#ILmv-SNaMn1}ktc$|g(H<5bt_pObe*nb2fLHXPG z|DX8Z-$(c_^rYK=5>O6wmlpqf^XA>tr_b-*dvxc{{TnxKU%Phm!i7sGPoD4Y?mu*> z=itGEZEffF?76&W&zY8%md3{ZhK3Uj4Gnd5N9yZaw{2^zso7gyeQ3*;UEmO5)25oj z!d?(OEGcQo%iETdQ<gecYYwK!h>AYx> z9f@SFscE31qWh~M$zMR#zuy$ZM;ZAb68$^{-V=y>R?Q!r2JaWvm=lQgVco^UljVX$)vq zek@j6dafYm=xI?6r49tEh)E$-iAYLe!Qe0(%`hDatn$7W+bf?laV%q_?(-Goln9d-_QXsSNaBsKCYw?!w;WDVNO)xxW zGeToQcVZqUOv2beDCfXN2o|P zam)6`o89TW3ziMGH{Cv#E5*q0jbQutck6$}46~5`^fbzUu-c!DWNys$&Rjiwln2gxLMB}&V;Rz?-$7@57ri* z3*_78@}Mi?M0`eKuf%hOk4!A4-Ggf4V(WZYDlWl_bIGng6^s$#TDmGp7Qv2U=VDII zmiA)G@XaZJ7+IKDxi||8n9)p3F%gXhQTx|O( zNal*t@{TCep2~=0AuQW_cI-Uia%!L{@tn(^f%dG+t_ORXj*Pf4ZW&+=zU$I|?aULq z;W19+3)@#0n%^x#lw2d5KQu*I>AT-SbCP0hNc<^AoO~LASaGAd+hmXKPm}uA2AlnE z{r;9e=KpVUqW=~EKjD7@FaW39f690@Jh=aZ|68;DVkhw4D)1^bEVSG&?1w$Un-GJ3 z+~SAb|EK;)=l>Fj8`=u&zd>lc3>pOg`9p(5s0{oE!T-_i5@xzx0=I>b<8f~1md;<~ zx3TOjY4AY3HIcA2U^9<-MF{i3u>%oE9Un%W*1$POv{Rs?w}qJ)<~8*l|0`t9+zumZ zL+PfQycqU_3>OP_f8=PXyOHp=Naeud<-7REE2D;}J2y!kI?5T0K7*TFRK=3+2twwhY5+N^~{q;kR$Dc5yT~Z z-n45ay?e9Hc=H43-vyxXXf5u zFZwjGX^SY6Vqc+}h-K*8+}^8u!`~E_ICtN@#QaRs>U0U|kek{_qV{%fwDApDiF&z2 z6{&2W+i6xO2bQjNKb@?7F#EzaGU%5$V={W{nBN*&LAEl+$YtURfu3_$ z?Oj0}NkB`tn??}i?vEs4%JmJ_ay#`I{V~V>r}F#PaQ#^Rf9Gn;*8|Mr`N#5~Ku}g8 zekK121eHJj|12>3&zsQYzd1r4_WwVf-Nf*|{V2K2$pd*INQ5LIx z4Kuv-QuoWT#wnzRnvjT zn0Sw4lw8#kTvSqAR1#fOsE*33YsFD^_?3?OI2(LS6N{Spf-pl_zY2B+J-oOU&IPC^ z%>{F_AP6sJri8`G3Te*emKWf_fn3Iaj-CJV2y{JbMAx(Mp1}UU5%B*Lh0}ynzViP| z(>J7*Z7vh$;bLQDWn#%FV`1jz=H%eou?6=3w{UQ@2qJm*W(jhzAfeu)5E9vV_(&TM z2RkQc!x^^yn|WAjxOsUwSvdqtd5&Hv;bOUUqJX347~{?6N10qq%q&|FtcVwT4?;}a z97nKK71^x3xKdUd`Kvk>f;{&ZIL^PCVx*|-|A~Uw)N04f+Vk+jeG(NdHeYPSS_}-S4YOOc0B7vJt8X&?--2^2|k0FV!%yuCf$r+(m+z#p2$T4par7-{Ig#E^SnT z=2u9uy?XUQ-(Y?Y(f_K;N}tp$OU3bX%}?6(Lm9O;vK-S!=)DnnmcwR(3(7JM;Aq#5_T< z3|J2gcPMkWE{_aZlY(LAG|7oS{I zABu_L9M%<*gr1@f>a77)gv6%kAqQBb{5bWVC5t$siSZi^*b{aBjf$#Jk2ZnVwzk z$PNo8*`Y-!e&5o{1x$EUhh?#Ep%b~M$VDusR5rjn7pX$Wb##8T+!6;;L;XT@Ar0KggUtvj*KLt zVjMNB)C0G@w@O32vs=t*d^E$25iy8$(&uGo-0ryUHH$D4Gga1%S(@)d0?Qn+%bnPW z{ykz@3R_FJR&|wKbYGIsd4`Huxh<6hsf^?X%{yBZP{hENtXYQ}HNqNlDr?yANpXn{ z?bv7+LGFM^0#FA^Y;;7ZUPwc~Of!jn-?i)%&EC<9becRnY(l%db+4`qg& z5B+kf$o8%N7$)?dGxHb)_>P9|tF?;OM}{4`Lt>dcJe{dChn5s2~9qX`Va$~jeZhF<$lZDzOlR5 zRUR9WP%(P1WSf5y8|(h&O+42J6pGlLwp!#>di>+ zbyP-O_IV#4w<1Xpbjjqfr!SQQW7JX?!|~>VY@=u5B@wADLK6M!)zC%kAF#?C+S!+> z4QwanU){~pxDyqu=lP$G@w$jpn?!6?*h$?CkPWk*tw5{sIxpj$v7IK7RRa1aV+_D)qKJu~C`~LFf*KmYu^~>s})G z;u=D5SQ5JU9@k@ja|D_^{F2XCTo_fsJdB%rT1c{)EjJwVehCL8?V@r1-AI({e0{r2 zC;k(kWYX<2s9>Fh_km;S_F`QOV$?n7Mk^SWCg^{VzNmQ3D?8D^%tu5xT}rI}nbfN# zx%Jozq)OP}^0+|>w$KDV%}YZJ5=NX}x036g%nPyK^r1M|J93MO3#Xr9^&FJtw(_C- z`VkzLNa}Q}( zJx=T|5nh6LOP29Cwww~T zEM9D<7ANjQ{cle zL4EgIFWTgJIzn@CP4?~)ROKgE9&Ush9r&bV{m+4i66xvt&#n#-i#H89JhxGErDdVY&KXBt2h5V|5R}>Ac zBU-in4)Myzxhl6L%1Xsz z@dql)cZR)@yc1XUPAFiQ`_M9-9gi^`#xLJt87f}Ny*pQ6X=kgf`te+NJi-uSb62(C zT++iXFjjc6ctI27qFANIzxxudU`L5QDlAIdoylfYw2!C9{GcuC<&FU175&MXW$8P` zgs5(>t}S=p@b1D8!t+SdU((zk`ix!;X74wY-r=Y()gdK9XcdTiv4S1b{ej1e|6{`d zN?&Hb&EDo7>m(`{^Io*z)sC9Yc~5m75eLYN7#p}w65K^ztF_i}Xl}4^*`4-8=kDF~ zQ^qa%s%7KBBWOJr$j+F9f@N}X%Uz+BP(xW0EJYruJASkW&2q7g)3*ch{ZspLL;SKpVY#^7y-#UKG27Z!{} z!E=M=4_9+`_G}g6Aqt)Ra5=!%K<#PTWlyY#1i4#aP79BwCw)YVX2%`WuRL-n~3|X!8QK*OCnW zI^G9-tWS*NTilMTr`KXGZil*V6gG~wxH{sUO}DKyFbdg+=oC0PY)LA7$ssr<%NFrg zluaL6ZxooPvG1{Py=W@m`BuS0qw;MV*zl}kvLu-SxtALDrK|3dApP2;bI!_s%hv4m zhL-3 zu$Ikf<07TJWZySoJjbwcMTUqzd3>nD1bMovAEReQg;9GlG(0pr)k9rOAyt1N4`T~7p zq{J)8_ZZSMz_Fv7ytM>7H!0*2zY5wj$R^IBS;Frw!k3~4=YvXxof z=UB$wJO`KdrOl}enDu?~Q{2|xlyY$)DXXv?HdxDk%TlJqFl%ISa&gL|fXqEM_M3P_ zB4ox@-WBTdn`&=0%z0|;lZ#F%;e`y6GVeJ#&U-gUs?vIufIgRrA-5233ljB7$T&CE zWO-4-?&lEWHmFl3xb9+nn#!`OwusGlbIP%ZdPXBNM$DBcy;X~NW@ESrQ^&| z7v3bPre~$4h;Y8~bi0p!BpnIqXS@yIIpHj+f5*cR%02DRkCTAV5CWr*FfuO`@ILD zdsYgfx!9#}o0E$<>cy*dYs!jp$HazmOBdcMO14>d)iy9Sd9e$xE7qK_%QVJO6NMQ| zbL`X>w_}&#Uezs#vN>0B+&?$l(=*~$K((te6k${IawRVxs!lR2A`Y*_n|_= z`KC}4iwS}X72eMeaZwS2gm`kJFES*oJF0?$Vj0m^%ez-sR63AakfK8j3V9p|GQ@{q zJ2J%m5WD97Ju;dIagGV5v~38#sY?xny!&$+7^^=qY7H|BQ%_ep)tE%JdvJCrUX?=j zN)}x%lb2vrdR2*Z`5>BcY|DosR#9)(UVH|sOv)m%;*7a4HjcXKt$^Uj0^VC?y?6*y zQGnX9I%jCJT5{q-hykCAds4Yb(2l#mSBV~LJdZD%mFGC`5lSM%w+Z;y?)J-aK| zPn{)y6??w;94*yg$y7~ggmJ&3j~kWoJvk90aa@EfGFCtDg<9nhv?~`g=gg-35x0u% z4NC8Hf<#bQmSs2gK~79t#fV5jo7E{XJ5I==jt$rpy+Eqict#XD4EHE59BC2l-|$*Z zGEzd`1(D88hL|CKy9CWuvWZ@*Vja~h6VrEN?UP$D>WecLAz9JeyrRXh=B2$T6zbDXs?L&i2p#U^xt+%StUqb=en zkImc2t5vsXl;b3oM7`V%JbY;);Fv1_$BcIPh9wEA@w zxaAvCIHEc|xV$F*7>3dEb>H5!`lFo%$70xQnFmdzyY_p(BP(jK5XpxOS0(2?>Rag$eP=)| z&^9DNhpV5r5jD6^?49<*~uvi|AKR6JQEcMCaxV%Ge&DG<><boc*qK<9t{ zbTh|)r`GiOUbX1iukFY2UpzrY_3QIL0zsAd=lpN>82G5BA1Q&e&yG&H>KOgVE zf7$qa;G3P}5?3YgXhs`kXOj^-M`jhtt4@byF{hJ2 z-;Dl01;tW%8|H6T*|e2VShb)+O9PRNVi0G8*e!xkQQ|CQwq!IHIwbPX#U_8?l|-?ngp6yqHD?(@YB*qZy8c-YO0)t1Dx;&~Upqn|EBhoY!30SKaoy zb?_(I{!z2_<%%ZRngvx>MSOl|MiaU>RWc5t-yq1Im?RuK3-_K253Lk5Uh!dk>l!!P zZGDx=O}&M{^=}x~$YjZ~s=w6iWl{8rHR|rZCO?n1rEKQBZhHg5Gj-JMwy)oOgk5SS z_0fG%y~882_;h@Nz3%{zlBZDCBWm1{io%;8Dmr=gc{;YKlr&3U+NTt~E`CXg(xL+) zmzve)#MT?{-TCP9Duw-$ngZ0U`Hmy6B0V*brE_Xp*59Y@OvSMK+KjX?5416zel%b4 zR>+|>hHDo;(cOLHrRtJr!@4C(D=y2t9^h1XOZg!75Iv?zezwB!KgS4XFvI9xbX%%J zVrZ`ef6y6H#nURlJZ91SSj8$>@BDG zdRWwA?FtN4%t=$yQW%9Ds&GIFHHx8;&xxpr7ktJpi3f+gEgiY!JB}MJb6^okckuK=OVhxwpLc(+q~+{gL_-3O!Mzo zBnt%JuU!42nqiY6e!c;;?y}Gh)@7kV4{A#NgHyJ>i+K28dxd|0XKi(Ha2=|0TiwGt z6{G*XT40o?xwZ>0peB4E~O`CJq7e{4ejCrp?BA6G4s&@rw* z^783;M+Mo;{WZjHGLj%Gu->||`(9~too$}uUR|%IOJ&fICnU}~qEXLbbpX5Is(pif zY?OnZ_KlDBk*;%z9IF1z=12(1Wv(fMU^QpWPPCc3WM$|E{qp&nB`b_pD{O@l5(9jh zSXfvYRjrEVGx|e_7TXd^=|PHTcuYjt_EOL7$ND<^y9UV7k;lR#V$KenTXACOX#dIH z+6%pI9YdpKw@%0>qaLG}*w~n}bdl@O>}t?kHAW6bpX}h#_G9`~s`7vIFzos^9Z+(* z2ueuhmYA0Jt*hvQ;p5(d>ko}9>#=35JE!C!Xd9*#5OLAG=%D4c5Md7gtZ0-QH&tf6 z?N(-n;0G)Hm=Y4rIEL`7)Y`e!H5PN@b45Dj&Iz-Z>)4EXIa}t75%)_z2q{w`2imT4 zSZ*(=9(C>DzEGB!$7*G@%AvfX&WzShW4BIh(7LT(R-am+^4w;mGogzeb7H58g)-Ei zJ>OWb+tJZ@uVQD8^}SK z^c$-LBK}n8I~Gog!*N@wevbEr8-4A~Ww|RT8y!mq659zNCuAWezeD>?|7{~ht;cpJ zQ^jKL-%P`%%HB$sEDpStA-k=1GdG0BW~^pedcTMrGaPt3N8`*}gd!^12^FC?Sb96x zNWdJ$Y$m;9G@nQ4!DxZaLk!|ivhP1(`DuM;DgVDy7j)V%KYaM9{Ku<(lmGF@{{JCL zf7_2=%l}Vr-+~JuH;*5GdFb$XSy@wc^=T^gq^(1mo7)Fjh1(L+yQSx+@C#WB3IY}I zJ^4?s|Mcj@fl2xAHfPb!T5z)$WcJD=;H{6~p+v}3-c8)Z_e>uxWr>B|5=JdNh zOB}YgEz@sD4a*)=X)V1Hf<&<~O6aq&i*Rmpe)9CO%qr|!p#)-J(rRgDLrSN)DZ8MmCd`BH&X>0cem~3^J&-{aA@C= zrhp>{I}Wt%?#tj?h-70%v9U3+vuT+CUK7WrHjn+C3ASYqNouj7n-~^WE*yV-u#a*}*|$MNK$W#f zb|~A3&-aReac2TFpG`KY?8?m{L^ie|qy2X0;;Q-!oCQ=HKa^NvIN zlg#RNy5G9F>12$;ar+vNaSgi^Ig*`vUDr}p#<#p8EJFHe+XC4>t>_paQc(hda86+D zNFuu$oD*pBj&CK8PG>)(zisVJApd2%I3-tnk^g2!|FaUJe;a50zcJA49|YG2*|1NOhlpZcG(NAN#rIZgim-;4jmuJaIRWsF~W-8Tx3`_R zyC>A8CFVkY%5i4}Ryft*N#4?rl9()B zc|X3$qfoML)H=LN`-1ezb6bPl3M`gveYBtGx~^f#ncdrqY9+2)BibL@GFlLkSFUCU zZdy%Zw$V-Y#3nIR>be{@PTxEnfxouxdU44rk6~Z0wJ$HfePVX~aL~ONwuQT|KYzM= z^~a}a`dg51%`RYWP>;Vqn{6mA)Xgip_<6FU9U~fh6T?v2d5WhV`%XA6+>f%vx~B8Z zl|boE)vcjQHTRZe$kc5U$?Av@@=m*d?JakfdP8x6wc#M4$gsPV1TpaF8B-A_6Y!XY zhFF>PHmRByEfkKKz3yN*q@!}Q*gaCizGUgsx6UG_sF9`GD>iCcA~vtiJ%&K*YxY2u z=Od{Sy}rzebJSaRT$vL8Ntdp>zcpKJQ7!-c`H1!@Bym`G~s4qw{xif}0Qj%SuAdQvQGE-E^}TI)6w0|GED+d;I>BmVe~` zANl`B{{NBxir}r`5z&586!@Kc@S7c!rk?+P?}d`HmpVU@|EhSxckciEdH=`k5&REY z!t!6;3y$5t{Rg8=b|pfPKkdfoAbdaoo`^(<=nsKf!Nfs`I1c~lPlWvaA^$SSe-QE? zr(G}w*G&DvVFOe)2$hXPpewk03g18l_fQ9+!EyMgVVnq!`@@%0;VY`(0gMfX24jIc zs-X2aJP-T_u1icL4ibsu@U-9w6f6d{%>4(6{^Kwd;73r#7_Mgw3LB5ZK!LV{{=~sD zA}Dn{I1XS0U5VrV#PKrX_#kl{%nG0eg8`rclmIO78<-f34Tc6|fzIRbf@sB&;UdZY zpnCE+ygo23Ts67OAJkJX8;6$*pa4G(mVwIZ{)6LS^#CZ))_=Ure|*q?94rsu1Aqy7 z19X7(10cW(0n}hH05pISGzD%l!BpT6DA_&^BND6+Obebs5%NrwzyuZyRtTU5g8`sHPXHEx z156CY21Ad-TLiZTKZ9rRXB_MpKqOcnm=-(@(r#kGc%|(({3C4(VKmcr1#U}2G>ml` z?%=L8bikWHTOm9W4QO~zXmG#-(}o7*0Cou=53Gqc)g&?g`v1S=F`&mGbuz|`T+x|` z=9+KWN3QHn#qif@w{c$FpK<3L;|8;^rJCynFU)y#v1wz|`q6b(=h}DO>h+oHy31jo zV(Ia0+(Lf`7T&w&KB^b~3ULjqKDAYP;eS-*BK@qQjkPaV_whdLi=MOFtvZmq%48kZ zCsXplbIIX4wWZz%1EaR>uMmjndZoepz-EJ?u838g;tjn`$;%k z4yatMdH#$CV%a@GW^7{Z7V~+EewOL7+p0M;=dJ0*F$-);zr_T_2il5ds}^^z)4n@= zX3gt41*8N8zY!7NImX4EzQWL+;s74+)GPU~_%BHWIwYo&Tq=Twg@g5n1>Jl%A@)^k zS>zWagqo@q`-bLdY6=#%UArsn=Tp4rBva&&vnw9EpU>O&QAH`Qg1ck>SCGFjK1R}KXit#Cec>9kSE ziuV^xM%VP(TbYnOQ8o|T9#x|C)Aa)nJP;u`9@H00dRFs5;IfkC*gDxUEsez1odMN# z86+mrh8BtPVsx<9#ji_g62{5nx$f?7+IOu}Hwx#P6s+qH2DNcr^RDzMvOo z8@hGZoO|A@t;p`s&3U8<;oy2b=yFi;f23VEjT$>Ohm{l=UX3Wx+jE-RM2y?={QqI^ zJK&m3nunhh2%&}|AOb!hDj+5FB4`>_nl!OO2mzvy#3UeK3jqj{qM~9C zO|c#-mQ&9I#qQl<_iTLoBveH~&wF3r|0h3%l-+%1cFNAo&d#0)j;A$_3yROZ96UIO zclBYq9wUfuneh8HH>UT+YQ4Ab#viwTk!Lk-^ztn7#AHqzYq?wU=xH`?XI7?FHTmjH zY4JEzdLwL+S3=68lZJoXkGrF+CG%|i(l*75W&0B=?$)^Pz7hDF+rS5{qHVh_!M<~c zuN~B^I%-&HMaugt>l3I?YRNeCxO8{rn_W7FbR>ahArUCV+ER+ZjIf8UdB zbaJA5Uc#tNv2hIY0qx_0La~jNnNiE5)ejQY*WjwWOu|&pE_Dw&dcE?vz4xyq-FGy~ zLfwt{Y1(-Cag`avbejXrC)M~zR#xxSHBk029;7@%RO1K@9ZFeXaJ}u%~2N;{RzW-&J@W+X;JgrGO#1I&D!Ga`E=|w zZH-cs$mKED6i+fPh}M{r=Q*y}>JwpMr!GQen8sriRZvv#Nd7^AJ}6+;THF0yzw=GJ|hJ8bhN(5PZfUX4A^ zCfaw&oYKHy+FBXv`piPFZEKtM6#u$mc|g$+lOO`SMa}cgbHQ-OBL4}?iZ?zBNT=Ex zULAEOV1Z*3s$krLG~GY5HU2bDP=8yvH2Ag{zco~3x+3pk;9n8Ti!xqpV{gR2(!Q;; zR_Hx)O=^~Vs9XJ+Gwvn6kMI{Crwr%L&d8T5eYBMnvaGPkeW;Q`c%xk1Fts@i4)?M& zgYwi?8>8k2oT?5=F|9dPoI1>l<+K8R)wo3vxqQ@MC#^q}Wmae8Y_p47&cR`;bRVzQI`F!VxMbI&7@ymzna5*Sge+cb>j+=0ePN@gyHfVHX|eA7 z;w>xQFI!jJNG4efJTYd;)BU4r)EgTgoH(Q&YOwImmHok|793zrc0&KG*zon{!vBRH z{fhtfdJks*vH!CFXGOIBxc(#9|FN_Fng84W8UFT`()iy)$OXCtyex^Y1qN%|0F@37 zF&zxG&4t>22d^R1(NIV@)HWC@-2gQngXV(I!=aGTP~-1V+cBtZG*o&FDuqJ82|7~< zDh-Dk!=bt0A80%mY6RcTg+c~@^?fm4iciDuU;A)xEf2161Do^s!x7NUWR$nka^m}XN{v3jw ze3s}pUiRBIVJby6B~cL?l!%rWfl`c<&Z}-7NQ_6HUmL9II8JAu~S(ZhpJ#*IYc-Fp?duN}!d?mV)dU4^U ztG}Po*nmD(zu|P#gI%g_ir4O*dib=MHAw04trO6VBu$OS&(QXP!H@`}^cQ5yC7t$5 zor50oMwN@AZ1ca9LCfS8hoBa~zfU4GRS9v5TIz?b)#%qwWE1OdRDsG#sVLomIn^~# z1h!29@9w-lLt6}#n^ZG~00wqWH3Ooq8zN-mk(#7_;$+VgW6(-NZ}^=_zV zZi*K(Kr2SA)V^)vJk9EgNi&ZRcs+$Jml4)DcYeg@! zVV0UPn|lp~k_lBTxL=I1J*eP;&s2-uI72t34zt$ujc`l#yOv;EXfi6gbcTi4)JiF? z;J9~KL+SmpEfqPn>%-1G+*T&eXg;~aw;)G|UVk{XbSG;28Z+%%E~s2WjC^Ybwo#UJ zcW*dtTY!!xG58E=(8IeAy$7vtp`##Wjcl>&OU?4YBZPOk;v-5ekA!YsMr%wrx2zl? z)LCy!s`5}a7L(A=O}QlNhLqFUBcaOW<|p)y)$TfRQwJ-A^7P5~s%nRApLgJV@um!n z_3$P!K~pYU{)p_@8|C}&Dw|=c@_0ho+2INcYgf^iJh0w(6WwZ62k8>6_U}5lX_xol z99`ZH-HE>?pnhGm=;_79VqLpq^R2N}vg#9SNoP(sDzsKd-BT1F%Owh4-F&9A_@&FQ z%6_X4WcX`N8vx2G00EaVhG3*-3L3J8Mo0uaTO#0|x5VXgX8Owt1_jPq9>g@Nwij8nUKH1Eo;1rum9rNnrH$=RR)cpOv6psl}S}bD^qlGCM(hA z=80+5XgC|43*#GL^|G_>O8ILW;kEEa^+RWuE6;_Qhqi z(uBLa76gMg^Rn9_nn zc(D?T+tj>oi1h#klj|>b<;>PHt~_aYfu~wbsZU-R8K>Qxw0R4$@>j?8&5fsalhS7w zGMU#39B;2&Hsde0(b#qG`~s6IbD{mNI8+zO%pn*MJ5p#OPf$PLtbTIq!-HV`NNFK+l}0PKngSanKPOLNwnO zm7|b3W^s6kLJmsSciPy*iK|h|gOys3YAg=oIJa=Bri_?&tgL%wMI1@pkN5rMh3hgLAXDm=xc3QQ2z zFE`mI)Xh857b-E3dFxohj0zRvGtFKPiDh|PZssJtb6K=$vHl9iW@Dw0C{wgXI^M0> z#!IajQn~?&9J7V_yJI#Q?wt_HyXU{q4I7#4bv(L0FZwUzNhXEot46w+`iRKM;ZS1V~%Zfn`u7_etqPZBwX+m?s&>}xQlM?fNnz}lTNzn zEXLFrmM3{GX)t~gAs4n2RYN{y9=a=xI>QB8i(~v*qd2FqXw1umCreIMCB(k-`(@CT z87TG~H?>rhe|k`AWEM?*#)KtQp#nx_jPHWwaCl~Z05deUz&#^$anZuiv{Kr1^&M{0 zXYZ!0n7D7WquqIj& zR=S2i!&tvSUQ3=rKvPw(J!Ks${PhI|kKTblaBt`7a`)E8c$4Ac>xV^wOLoZ*S7~x4 zK!fB>vLnt|8z?^2E3YgP+RF`-@m{@8I9YYMmR?EFz@osNLx_`k(;bGztQkbFIw;oV z6a7>9lZ<3DLli@;2o-|TTQ4+dgs%CD1t((-AL)k&tDGr=szy8Xt1LrNQ<*#s3v^Va@O$|_m!<7@LD3m%SoRLP6m&x{I zDlAZeRj0X4RMnZzR9k?O_3;~rpEDV=S8JnE;s>4hE?LV5~@%Nv?Td86X1gQ zm8d*QKziob)+ql$Qx|wYuqlBQtvM*jF8GC!D9r}HCV{-4Bq~PdR*O@ui_c;v!u5D! zAx}MX0aLkt(D4YudKb#}*cMTCBOx=A58O2-CNGn%t17H{4+>&eAsio2IT z3tXu|p^va8yw{w4VAZon*_ij7=gg~uPU>LTq8vzj~6^%9oMDY(Uny|6)LBg~%fd?Xr_7A+f zEX@N;L@^DsRY5IpO&NirSUh)(`YKhljHVKLN7*3}E`3Y}rEDi$ zc3ghd?1hWB{enIKD;`IyijJUGy49UHz8OFJ464B6BKlI*v*{)CyzVzsG>@O8N7W;#w0+t-dpozz(r$dy@JYOJxyEhr3L=8zp) zznZ#CTvRcaVw$o0)}N`z&&5*0)KXy|UFT(5K{8zXmh0POHI}HIKUn~Yy;jJnt-hQU zpJ#oBi2U#_|R6vN+!+_J$WB|U)d?TE=m|uC+}#i zKtWwGP_;Om5KsW!Hu^JKq|Mw@Z@V^pUOZPl0-X~%E2q-6Ok91(xHY4~yX-XCdMt;m z3$3|#{V=E>F1kH`hxKUk=8O@R1q!+{UT=eS-szU^F_Kl@KJB3V2>khbzilv5ww$7! z^ps{8#(k^v-nQ`mVp@}hu^b|Q9oN&Mp?#2pgv5yLuQ@cM*{D2Qdjn+DY5Nb*S3FIM zck48jjGADAgyKwh< z*@!a`hNmvO8@J@_xoUAeRe1RPMcJieWjCww)?MJ=4#vn++`P5>~@^~$Y`VghoK_uy(yEA&Z~WAEvk>! zBQ?r9D3KCP@|ZF!(voOkO+s*JI%#&Qj`MZry7i7jg zY?(gfxUY)+lS$hH;AoB~*jJB`9W2kQ2o}4)xJ&P6M$@@b5 zuOISXJ!0&ELX!HF_g*6N*y<8LS#4g0_K?!`p|h39uUzP7PkzYF(VAAb`a~U9WcAA1 zDD02Of!@EHs2bRx@hvzFy;yuaW8NWB>TmFH*_YEv^wfeoKGE)UUZer1?(UTNLK)a# z@)lKcBsCzo(9qrBZt6;x_cAtXwdNJ!#Mw<7QHz;pZs3H&Qe6V(kM}<}v}jN((aL}6 z3hr=}`;@0iwA7lUt@Bn-D&Bf`P29c*ch_={o7~G6TxQ){mvndQCx;K)lg}RB-<<7k z`k*j3bSiTAu=GK(B>Ai$!}K9?`0(M@66EmVEPEKj;)&vi>onwu)7I~hKTksMzwp3x z`+=9HG38bA3Nd9Ac$!&$tvmrMS#jPV#xNgJg8U$D!12YT>{htL+qJ+nh;LcJ&O5Kh z*`HbwSaz-a^)>UE+iq7(h-Gi6dgSc3SFg=qyna@J%I3nE#nTHmZC+P4ZD%QG&yJ1zc2_d?mL5Jr z#~c(FRnu_=Yj&NepHO>dZOSi<^QExXCB~^#(RJS3o6M$+TNmyuy+_d||6j|i``XaO zf2;lHi7Y-# zz>I=tGB|M@o-;gz2!7n%N6wa~JI8VonLLZg1b#4&p4hWRbo5AAz)TXDM==>39$moV zu$|!qb`+Br$6_bT;3d&*ZVdgi4yuV6tLj1+e332|T?F};Ad8N+w{1u|d=J4X_aXp03vAgUc7f~S`9!Y0Ri{WvA+B5GEON7IauV5}6+@8UX0b+~v zjHmNrSU^J}Zvb}SOL*p&T1fOqC-_p`5z6F6(b+&{d>NCTTBH|LoVufeKnvgnFhw!> zjE|o9Ef11DUaGM^^Q34FN5JF-19teT=SgVUp&fg{s|ShN@%mI3vN@9F$s(3X2aDCW z1MsPOw(fmir4QoAfApx&QnRmR;4_no7;3>RL0n&R+Sl;XRVI!p03ZI>QcjLy>33F{1@OKzV#LpI_$He(_GvrL+gi z?d${|4-^wTQ_AEWi~2W{(&{tM-~;Uw_Yr>meMrZoc9+AilMH@BB<)jO(BJ2OA{P!8 zcD)Klzirf?4gb9v_@e(el^@RGGTGsL29L!R@GYi(n-|!J|7T_A@NxYgqJz!P{EvT+ z=-oyJwS1xz*bKz_f@7I+Tw~ywaH&i-Q2r+HOnLBi=Z`;Ng>fu4>Md7_b#54r#-8O=j}Vz@ZaX z3OzE8iF_wf`L1?Wc4ku7#ua!Jh9)BsfMz4VkpG>42Z1ZR1jYj0-18%qG{|emwoM8cn%P~fN`7mRc?5O@g-qreF0o;a2 z>|hPMo~+Ty7F@txeB=1(0m$F}fZX2nUxC-QS9rTg;(zC5m;Pq~Y29|rgP)%Df2?eY$o)@t-xZ3_4EF!|{ePdKKQ%N6Y*&A$ zpKqYQtpm9K@hAPi69K+3%ophI#uo5c%x^RKdOWcY`;SQc=Ce~&r*x87I+ zdySc75i5v~v$V3XvJ6gO!rlpSFzf_d6P>LcoQcQ_qP3-^JWX;e*b=<@w}AOM?tgp+ zz99dBOi5gp!%O~$Q1vPQ4!|Y=27-`60{T(I?=$mBUs<1kpjv!|0->}kmsbS^gzqT>l*w<&2lDvzj8<{pr-o?P& z9QO5}5bos{?L)Q>)@8W8RWT99hjs?hBi3LGkroffO=QujrIhk7-!j{NGgS~=%+(wOK#sN*k zgasVfw<8KQoDX|~&$#p$ri-PtS;wPe1p=-)b9w?R(bX`(iyCAOY!)WC%#B@c49w1&0@7iDWFXWB7?gD~azTZ3xG~Ai4<)c)$q) z5P`6@pnZtIATpH&`*C=JSeP6Sl64q#I7p&6+j~YPx3>h@I09092O5Y9ZEq3H;e85E zkA{}*EkP(=`pU}5$-#nXZ(&0Wwz74$wlXJzP-lB19&F5pi7+4hPXzztV4{gh`>aX` zqnKQueam+{< z$qO3^&xoZ905!nJBVj%#E&BoJAA3XyM+g^xd#?BmuA9ydSp5HNQVUhOukRC2JJhkxMsZY>c5 zS^{)?>!9HAK5lUE_y9lzi6DR!N<)O@fq*H=}u{J$!?_+`N!D z0_f4%4&(-aPyC~e4UwL3?N5QrxA3b;mK!!8JqGR{Ug2&{>(HTr*!+1WTKiaWt zpML4AODG}Hs(=s_f7*DM!%j*{LZr;q5cwSdC}M0yB$|vggee|We;@xqSHmIhk{?4j z*gwFR9O&WY=W0kagniuHgS)+zz8vR83-*+JEq(9l=H=lTEcqbVEeyPnq;dk*fXO~y zeq$u>C2R(N^ft8T`@T2_=JOb?hDeRLI94Q&&Pxt&-|Or63pR=k;ZZJ@T@&#oM*RG6 zVCy-7A089OiKNGQ1~`4+VI_|5cNi6sd_-G?v)GKdgeYcsEH|FcVt)#3PypEv_M*8O z22*H2-TE*SnQ=5$qC^mb$rPY2+6fAHVkl58ZazK%WE#!O&qG2|Nj4Gsm=_W*1JILZ+2;1PS!Ezo})0+Xwuwc#iiu%rjNxw{%#viNi^ z%QA)&&j)Ll1)a|w4R%*!z~XHQm=bWL8(=IzXfEjE1;O0BaUH38+PDmZ3h784h-1`jN7H8k;NY%)`g=b;3qQpA58laTGn9Hc60*~VfY-7 z9Skcea>x&7Bmf_%2YgnJUEoOv1>k)GP$w{56p(CZb;Awm+(7|fFB%P5UwS|Y`}vOx zBnKd)10B#w5I{k9V02aJG%P3|vJt0mYVH2QXSy8Um)}OFRZ+MI% zg9N95c2mT~5@{kKa0kF0e|w#TQM1~6bRpQ;{yQVem)a1Y@_w&KwObrN3_g4&oyUmn zA;by%?nLV!t%4-O{4iMcLo@YCogT)v#J%_uN|uNmbvBSnx@Egk{i15M1rpz($(=r@ zfZ7!gP>IqbHj)(tBnR_=_1aSrIdv%_WMqk+{EQ;{7`*OU$;rvxy=$c2v{Em6$X23I zdYeqR4?X1apU^`6<6dMb>7*lhREMVM`1>ExFo+8p9v%*sd^X6V>%oZa3$FC5ua`|X z$&i-dj0}qntlR%KqMhagj~O$AmC{4?fRFged`m8iAzd$+3|GL=AK4VWG25shV7vpb zCGx*c$4>M<)j`N7JZ?W13UVYTLC_WL_+hB_DOxi)ytpWkjmPXKW+6eA<2t(hz-V;_ zJo@Hx%@9f@Vy|$Gd^fP2*8)gXQ)0@~M1htyMX_Yd^# z@Jplzq|AY1>1+j71!?#)nioGdfyJ06H9!G$R3u>NYS_*p?dEOI<@93%7sTy6{ejmF z99IdLlu;e#EFd=}P#WCx@(TzF?f^w{Rzz}u37myV0?`?17!Qf5bO1Iz0pUuDmmke7 z4Dq|#9WcbK@+F5!y)ndE19KDt9JBVI;HOV%Kh4yBX5%vt4ho_8dUZZJQo!z*jxGp* z)7Abc4}a;yI?WsDL!~Hq0teI$1YD)F%jb0V3Us4V{lFt6k8`;OF z&psfTfJzs1b^(*p$3s5q(6LwWd8j_>0OsQBo?!E}9c;h0gWcD5u>aZ)4qw{=2=Ld< z63`QUbYM^Kq_UsexIUY6J6m^<7=!@=eI;rZ(IwxeQz)a_qYALQb@t>b?_bqY}!Ujc0iFm zz#mb%0DR^Mr4aafNLBk3NSX4ZNdP-vk`A4`3Nt&#_z}t71IO+n*N$Vm{z%|Pft}co zQ0>$yaERpVA0EH%(%69?*wOFw5=H?J;D<+|7g^-6Es(unW)et}V8=+3t}I8BgTY3T zmEABh^2f>vn9GsKp*$Wvt_O-;;z$MOSU{YM_v0>i9T4`m&`HZa@PODM!8&*t8~`@( zIqZ+H?RC59Kfi8&gh+R}vjnAbkc0|knV_`4>_M;}6NT=gWhr1XVnGfIz`!dQ*`bLB z=zx@u{|Q?3B3|+QPnNoFOWgkeaqPM+-v-J*i7pKXaO5QLeo$+p6S&??4Sp<#Ytgy2jYO${5eYu) zf#?sS8M+YZuGc!vMlKI9-Y1qsCvHGrfbU@nhcm6G-T1>{*Ingxw3qnGp} zuwwT>v_p?dGc7=bqAQW6YnRyG-pPqd?b^Nm$FXG)*y+ge0WbR(Teh_YL06=)Bxwmr ze3Qh9I#ZY=QE*ARR6pbB(sZh>RH9Lz1kpkIB=X3Q1KQGPeOJdmQ?lA)^45;Xa1uBJ z!NVj8OML`{Kny)77-W=Mg@bH(r(Q(37c(Z2gZQ?Ve0n@Ms{sydNVa;UNm<=s?lV72 zzz;``<6BupCCmU3Gk&Zz{Xjx2H*+eI1`Sr-&Kz5i+6$^FN*{`Z_#|A0FcaV?Nm@kL zX36)OzplI}5UKs|b882p!GWK0OxF&HeXlIlHye2Qc?Ej`_b=29@Pd`2twT3^>9Y!< z!+8XHK$4XAHS`B*1A_350lL$^-62Je{}S7i-8%^0Lw|JSy4WF1FWq+Nrd>L|B}%^j zhE1Y>d&;=dBs9s&;g(2`lP((|f5n3-fZcjb0`hf o!|6?O$G5k1qR*Z)6qVh!ZP)~*+G^;5G)>eqgoh(vLKt0m|rAQs@RsUKY+zJ6{f-Hbv6 zL+6iK9WjIfTSvjb)R#JBpwb)-wULegnLLxtz{(CMCHo#D@BKB)> zXpaITYTPmgsf7#-<*kS^~;y z_s8by+|~RxscGMTlAMW<*xJ&~(fhqjPZ#Xd zciZG<(AnTrT{0ZSN(73F9mR)10YW|_7HmvP78lSBBq&b%?n2Pz#B}+|9d?-1KmFKQ z{AUra?v66B?0WT-J6w1HqEnl6q-m54-_+&90p>5NN{^)>CX4 z+to0h6%`c+PWD8`NDiWaGig-GkF+N^yeVzQLrUNSNLleQp9}`(>XQR#2=7P_VMz}i zbvw{Qj}ssXSlw_yoYr>qJ0FM?75)h8_QI2fARP^vDkM4U6Iej5Q8YLQ=xPWwv7|OP zT~gm4RMM1|_XnVY(*2SQu?~EZO7GyPCo&{uR4^xso(xXcB1RR$`-o$JJV^4QR~UPr z6W|zsGADiSjD0#a9Ckbh9I`}g0+6|al=+mDZnpsQ$>;D~hl4H3sNo<%rK4Q}nA={O zwI2(TwrtOX0a5T7obWeF!Pf zNTdN_`Yt91XTd)bf-dSK14{WH_+&^Qz?5M2I*2XF)B?|zfY9EqgLfr~juLI(XHX?F z0c^(ztff|wCvt2LWB~%fZr33WNVuuHE7z;QcQL878mgg9cMrRRJ4Q)4v!85;px=i_ z4RW`FJly=;0?9r|ILgYpmvGdlt`)EXK~6Q_vi)y7Gm1sGWU@gfay%Ct4z~nV|G@!c zP+0`zBX^`T!M;cQx=A`XK)n}5;}6t(?i?f5#OmHIUO+DPcw z>yHA***VFU(LA<*GXpqt5+Mx$>5FgzS0Zvea9%y0F5R(gr>oTINBV(dN1ZN-Bv{xz zYd|8p-7LMI6#nNFme}78{i3jB3p17z#{zZ+vJcG##F84~p3)CtWG5Q=baZ#2b?0&7 zI}2>}M5KK~2Eg*M8TpA- z1#(Fe5ugz(Lt^lBv$*~@T@BjzbTuS{{UEM}1eSm5Y5*4l?skgpn|uukApgU@2JLHo z4VurVzDBz-F5OoC>3DoU$AjiS&dq`1RbntJP>1z1F1_$FbeTAq7wuOK*@8W zJ2p3v^pP*FWk^`1Yw`N&R(3!0(n(!pPs-ZiYn)2S)iFYbsMY0gz6ciF;3KF&^?5+CpCC^%t?NkWS09>{n!`SHz`xRi8&S?M zDB8{k_PrTQV=|b?)iSV^wVBk@HixaOoULqNx<$MN8~`qJ14psoV33i}ag0nl-d2gY zbQ)c*x?{$IWS#U8o;?dSb3{}R!=4f_T9f44h;zW)9na1{i& z|KTV7yAkSNdf5m4-M+^iKwqx^O$6n?KdJw153UD;iT@JLJ%;`N{Qj>FqaggVQN~ZM z1+sFswQ{zxL+ndyOY>=wmhzt+q}w*=XNGa;&oG_4`JWl2{feS5!y?IZ?n>h9eJES2 z{=oA|%JgRjv+eg_UD-gr4`tVXxWERiG#&3VBlQcY9z|O}Gmw3Muav7eSE{$vy>IPJ644V<1sbSp#L z`v^Aer0->fcEr9Y9sm*RFCo$n4JcRqna8&aI=KJq=iMJYR*wG@Z~9pOzsnt9eXRfB z>yPjMaj>!bdH>IUgugzz-sh|C|3dBq{HYWEBV_v59@3Zme~&xB`jUU*C-;BZTUr0S z|LT-v8BoHva#6{RR2&xZLBjo?(Ayt1tQgWc|0cv9bGk|8IY%_aC+M@N#!_ zqANfOkPw2}+S;Jikip+r$&hBqZ{!;Yt(~40J7}h2IA7g3<`Z{ z`qHhZHB)bnR0}*L|5N7w;hg_S-M>NpJHt)=#iK9zx3c@l|3}vUpZ0%$r}rPV>sbGl zp-m8U=FFLM=gt8u;M%ooZ{ECVX=(Z6k3XJ2f8IkQC_u^(gt0I_NC{1|(--J!|ItQD->~%| z|JGI@*w^F!Z);n-pZ0&>^ZGqnNacSlWDeCr(82338}7X>XlQL}ef#jm`}wsGnFsIt zrmlPW?!z46oa;BP<=3%KG;Ih833~VL?TZ)B-#k6s_WsY;%~Rh!T>1XhRYwOqy+H#% zJh}V!(&3jC*$?Ii0afzw;lsMRx=ovadVwS!1@bJCOk2~iB~h&Pv86lACJfzKa#(Y} z-Qv8k#Vg|0x!=0o{5<8D$7Wtdg4v3!qTBbMhz3Uwr%y{h)>Qsr?BBC^x0anavqSqP zx27s`hs$v#`-8!krhO336~wTn#^Eujtc6(^beg`AZrb>)f*ZWJ#$3ve8Xwc zqfO+~@QT~ED>9=s)zsAq1Pu-M6k}@i+Ih#sRl}`DIu6peb8tFtsHajQKS-Bm7*hO8 zJ>LKPAQjCVtKS-{P4of>9M#_$H|oX+WpbeAv*#~fK8q_K{2DK>Uu^EVPL)(%P=(I+ zZhZq0+_uafNc7CjYreFFf}RVLnj#n;*g*lS7tkW<7`$;z+xgvY1|kg3)NIb!@mqSn?5j<*>@3GsLEk_F?e^g&P6Qttg||rM~sD%N6(2=kHTh zi6E}`{`GXtLYAkms+^nmQTfS!E+=tC9!F=7HhCi6Wi&z|b+EEVp6}Y1DEp)C+^|(| zX~z}CX))UA;}?lB(6SNXOSne(y<0Yq8T_D0^g`~CEBjHDoOnK~t*bFJg7yh5E)&kb{Nu=CuoN zM$g*|@6)6J;b;onSPbyII?6 zI}GQ04K1c$&(ZYImGLzGBX@nhcQv&+YlNpz%ncPnd(RIOqVPH5P`y7_ieogZW%ir8 zgL|s8$&jtbO{MuQ!=KcuB@)lma4{>n(CLK7#6Zl*5tEG=M|FJMvBc_n=yvMi@RUcp zJgUY_lD*-3{J5S7Lb<#;V}q9W9%?Z6{mI8Sl1IdV@N8!y(ikHBS!<_oO}Ae&JpCc!+J_Yn z+fKf2yY;^9SzFun8#nI#`RMtr-`b+1!Seq8{d?dkym;~A>C>l=9z6ms!^MjiYinx{ zA3j`BQL$~?w!*@~b?erxUcGwx^5qK`E=)^Hn>ll)Kp{=k6))z#G%6%}P=WzlH#7tog27YHtpY#S*v z;I*;N()t!geVp@#h7y5y*@T_vJgB?04dt+D&Do?p)dlky3*ry`-un7^m8Y>9b64{s zN8LBEP#iCPUdDWa3R*T|F(Vqcgn`4PWv1(Is*z#kFV89bYoHkbZQ}-g8$=w&yR4zPPUH z*IQe?@7%q2=k~*3Rf6hYt$)>Vt~`3leZhbAcH8rJZ69v5U_6Oq#3H$Sc%S;#lcae{ zLxwpU=QLA|wMJZ{&hXoOVriQhRMHStEu%m%BNC1mU}Uq?X*WpcYioSu3<8@j5Yy&m zwkZybs2*s5k@Ysv2&-=}p`(}M)z;9s50$5Sl~Rk{^)^w4r)x~vC0`b3SeKM z5nY`@pg<+u^N|>={7_;^ges~={-ADl7PlE)2NZbV;aF8e(L8nANx4MTA+lKngMCYi zA~(@+S`$Nrgk9)rIZcB08DbSgTdb%aRqKh$&5%>jpDGka+>#M0%rux(P&FYTun4ZcHRJ!Yrdq_=n8_8 ztpzF5fFc+6Ff30vWgH<>NWl)tT?u0?#dS0p+p8g|O3IXMvXXWLRHL}84BJ*CMu-DmoCbX(VCN7V=`d;H2g;8c~o)!Fo~?nnwvE7+{Uw%rMLf zDv?XYnwJwcux@U&uU42?6mV0~fkMb97}f?<$w3+mCgX_#btt6~Pws_J^x?UyW8oV@ z&7`6Q!Zk9M1?5$8RuBoLG#MQ+5I3ZO5Qcx3%tb3`gh6TYy6JEYTdf{4#13w`%FGXl zix{_fKR$e;`<>35?8YKs;eX86We3cMyQqX!~_RtCv6+e0`5gj(DVhCAovNt4> zA27vAZ@J#pR@3c`Hyg-n>=>td_)#r3(v3tuq!!R%e(ao}AYNV@T2Uoyk_Shu9#qgY9IIc_TCHF@=@4q~ z&{<8@3L^xoQSxSoo2uo9gawfC!}Ek>IZJUv_2L2P<&-mK4MdE*ZWuvd(IUTm+TtVh z?Hj^}Ej?9rqQTXqy3RP;c2QM1+qo9kSS%JQIz()t?A^I3LVdff&viSD!6GoYZHWR^ zsZo}-^B{M|`-zIzO1G8FwTOUjC=3+CXw2Y->{dlRqB!;}F#;kfjJZikxIzrpuUR}i z`wvltUIEEm!SwLdn(O74v(bu;%Y?6d23Dp}m)PXaasGAVwnJ@ISTpe{kwSTCd8*vb zyW>(7_69;m`Goueio#m=2DCg;aFV1*9kauJduoU<<)LE5Y^uV&9RV6w$~UdD-@cj- zi%NzDEJXhuPk;YLo_igd_~-2uF(kV!&9jQ2L7H3%7oY|;7K9cbAg{>~qqmJ$30)po z#TTJdPo6D6>lCa^ySZY=AYqAL`BR}xAQ7|Yw}rEYmB4!)o1BhRO_jZVNdI*nj2>7Y z5xjLPN~zF&*Iz7InfjRpxDDB&sf*#Xa?>1{fD7anVXLf3cGb41rc@Q55n1Kl%`Kw> zYKuJaSWWG!D&0_#wTNUxt0F0!TA`+=Uo`)vDq7xfOV-J;ZKar`#_)Y{q@y~E3ep{t zP+no;6T3qe`(3jhG{IhW+p87+^B!hRhDSG~D&F6cmRNNf?@h=Xz7CRo!)hY5rfoE+ zj~Yo0t6G#^V!=96>hL=T`a4oQa{u0l35ADJ)weSD?Kuojo3sa&QWA|J-7U-8b0}5O zhv+b^h$ds2JwfhP5*j{-_cjue4`@TD=!^bH;m%a@E7_~Pw}>?7QA(tI=quCk7fWW{ zA2?AdxM818UaKsB;3}mzj8yH02&@4iRn8W2R$2t*YGqcb1~rKAT$1eItK#g;RFryl z(C|8IbRz617?BVWOnisZh03mgthwy?pqN&g%>5?L` ze6*=V>C%S;A}wZmKNQ zB$7Q!+MNmCRWu%ovbq3c!)KxlibCuM3B;au<@fNkf*Q4ovb=KFbSw?_VjX}umiHn2 zec5elF3MS~nITJ_r(kr%XJs6H*t*5lkP=sjZ5c9WA~T{@v~MyIZNHJMn6hbyw#FTq zmfIyscmovWlz8ajZKx}YC;=-}Rx)e%8s&ak=Hn>WR_arSN?hwihdwn)) ziW>H(vHt}#BIiFv$ePRB>ra&&j0+(|L=Ql|7i=U{l6R<4&8;I z_kX{M9XsLu+xG;5>X0EuXU|>FSh6v2eDsS~f6I8yA2|Kc?T4+9uC*>b&veOe&)P-aIdBr9dlRSx-@NVsPo&4H6LC*KR+Y% z>9*{9BQd}gQC3m{E>K-(@`7JbC>1@%8K1_wLb85tQ21_LN5@m~;HK)5y`OO%HAA(;!Z7A{)6 zWNCKJvgNreKsNJ(@S}I!QC@QL(gFVQ>*6^_ zH`j>hVJ9L^p7PYx))~;ypnh?Hs*+Ajnn!|n8e2f(@YrkP1qohywVPuYlm43c*V8F# zFI3fDy?CLniXZq;)bP%#+C4izmD_Sy6}yE%a+JZ@83}0FkYV!O#`EWoFD_5WZ;WlG z6c>6~|8+k&uV81&nLOuLZguWT#IA`p34&ovGS>2l;{(VLYW6S6d(;5|H4^?qAs zd}%uNB*7*2aZ?F(i($PV!;k&98hl#Q>U`+ILZN@^F`RB27G)JklfwF+DthoiuI=PuM^a9R#E#3p5G#&WiT2SDEtMM zWRZM`tg0%SMhmLRU2I$xJ?ABx@l>430Y_}MQ3$ogFUCKDwn{^N zEB<&{BjK6)+Lz13aFBG7R*Q5Qt|g3ocyATXO**qONVcs*hu{>$_RNc`%dP)$FY`j6^md z$r(Uu^NN}^vf1@H^W~`ZRT-*Eu8AJ{PD#S!dYqfhsmkth8?O(%SeH{n_)RzYr1mCr zuQeEDB))GnU$5L zgQK-KrpZ<8I*)Q1ZD2Jvh8x?wZKsFsE^&F4b!6SLF$wiPCK=t*CPPjd?YS+tzHvp=NGBg`+2LpNfqUDM!+@Uf-JO=CflcTwR=5 zf|Av$Kc2>MQS*k(l@u?QW8|8=nl7)LZgL^Dt#qea6Ry&*{E4jcHZ>Tho0R+Hgue4( z)%ki!idE-fj+ks|z!p!(lF}Nsq>mHn?y@=S)#90n^UhtHq56bt;I3t8oK=ER3Z9h- z6%3d}oKci2rs9XTmZ!;HY`wikR@G!v&GEU41ynUk9*V7+AYALA$FF^RLdp3IJui@7 zUzDboy>W=D9_5CrNH0NKsfED3pgKq|R&y9hXT<(E4_%fVlq^qe%*h~3=H|FzP=~OCwmy1b$a6+`LdXi3~Fhi$6tn5Ca zQ1uj1NG(PwVTjcGa+l|s8AY^VjEqs3R)QBbB6Y5j30`Y^Kpk8exNwwbL`_&LW>_Q? zkyUcC^iB5h{MYA5N8Z-xHL8k2HU=mOjBl2Q%`lXP;BR zJ!!~27qj@@BqLq9)(d8WWqAK=kwzX#RIPtY@$JQ!qX$WKAD%3o>vz9u#C~matx6KU zXcAU0|K5B;L-V9VSP|~V%R{`arHYd-rBZOMWutTN%Q@f242~<9fBE?RLD;ZyI#sq< zBQ8mKmUsdA3{gnGwonCAPy;sz(?(!JivyF)=t|S%)>HN+EG~*<6cJ=hCOyfTP*|lB z3Z)H+N>rU=JH_L4K$YXweUm1;dgu3u)eWNRWw2J75WRioMIXbtti-PgF$uZ^=gmGmbSt1^_Y(jn?Fv}#Jemci9jWg0Bh zyBmSkttTrbHcZizgX^s`pjn}#Py?_d!iFu1z&a#UDGXv#ZEa=#n#ann(UUF1@EWS*3<#(w^w3O?`7jQZg~917Jpi#D ztaBKKKq00RbgkjmBsu-%Dc8&b*+=#G2YA#&t z>V$~fdcPbPG&LjL>3#uz$g3SEeU&lG_Z+@+J~DO9pdmQ;%)98y`U8y$yJS%UIC{FV zSobg_(5{TQPn%zLKDhy-v%N`%(t!F+cpK$7E9xOP+z6}RfO0e|fMT;TJL2CYl7j|(@;vBk+Z-p9+^$w4S?r4W}g1v{|5;4gPhm5NW3Xn^N6W!9D&-NctK z>(+iyRDr~UZgR1k2D;16ayU?N&Vp5a5v3IGfB3|LZ(u+7Ab$5C2bc*yE%84;!nW`Ct8**?-i-o$R*3)i_APK= zKHR?D^8CfCCr_WFuy_}G-r4h4#!N3vU0u0u*Xc7??mqhSshlA-n75J~#$UQ|f5q_| z*KR$&{qR}1sD!<6yP8YPurbp|MrH-a&VKXu-Rr;KK=SHl6Vjto7L#Zm&tAWS)bwp< z6yjDqmKmF>5V?}T-NLARNVKwg_x}BkojbLhRFw7PB9B{*Owz|GW6&6=z5o)%LT!IH zw|#i?;RIx)3$?v_LQsU>Uu162ux=}b-j-Om-8nP`+rKMI zDh|;8z)+HxK|epd_APtJlg7HX_wO!mSn%fY-Pay6bvBsy&!4>Ec%*vJu9$b1-7cf!ou|Q^i)(-z%~?c*H9?bKcD@NMv(Y_2rUr* zZ+xHr-{!)i;w@VgaX3}^0m^!M+5_ZOaS94*+xC~?%eBOss$)v(j?Yt6*e;LP7*MfK zO-=p6h05)O0s6`}u7fn06Sua&Y6@ZU1cIrm0vc?vJymSIfV)q?zj>pliNj7fj@NL5 zMV5-%x<&z9l8(#NmnlcG5;oSP&Cv{&)2@HAyi`tAwor~>5wQ|BmdPn3Q)@Dm%yAK! z%&KY`MOniA8z=V+|78hDNrq5Bq87p9W6#uvoflr*60n)#MyMz)fbTC-GsK(JU09Rmpod6Q_YuxNLHOV}S(HGAaouyLN!g(g4wvZ?!P zR-A6G!RJ|?ue4&gFV&}|6Ub^PaltPea*Y3eiki2|^2!lzRiyR8m8)fm0k2zO>Z7X@ z8_ynBOFa^QO4YBi^z5N)74xfx6!~}`o_|-Ds%U^!QxNPYt9!!rwW5%M09ozO+_4$j z#&K41lpDdM_0uMn6hO{l5xY*??QmHxWFNY8Z_u2-UDdEkmM>@AP=S=mSWWfUE9SX- zd(OwIkM&GN5AfGWmQk?GeNxxvjt^-%gS&fjpTY>!Yc>3Jl}|Yc)!@cE2B5J1DWnpt zq9Rea2@6<57J?dvxxhjqgn%iO8|Hs~Y2Q}4(?Y>zl5E4p& z(2JpkPz}9^8hXcwh=72hM?j1;0TGkXLa)-%P^BnMP(;vBM35qaARuZ$K$?o>RZw4Z z_`ZE+&YV4G_St)%^VgpJXC|4IS)4|9^(h=1hT5nNN4OFk8CsL4}@pUEusV>9${- zXgBs%me1wKS6Ss}QLJQ;$KH0t3zo2NH)>G$V(QhwYp*^s8FNO+%Q~j=GAVpcA6wP=R62}6AI$5nCGA%iUMHdUS zF($ux?y-Ni;#Tcl(1!*K2=|_uI12>9XUak4VobpyBnTdbMef_Md?iT*ycJ|H8-$Ti z{GKe0tD;ZqT`^0VXeHlY194NRdq}Lu8 zF$980kC13y;z^?8b2(f@L5R9A2+&0(0frl<%HP1^k1-5^LOBlaIry5`-}?*=*2!#r z-6hnPn~5UE#|XLSC6`MtRIepLR&-X714MIE!%;x*Qmv!BZ7YTBY!+_OFRr+1!IcDX z;TSR>hwk@4VwRKK+zJp4-=3ZV<8zf=0FXb|eGo4@=PVpP^{1rrM=TMgEzJk%U{MLt zKAK-#ObwTQCYMUkvyJ?h!aWx%tWku5Lrg#pmkaPh3)00XASk7ah9)m(1YjUyTqrJl z{<7@Zie>FV7EGK)V))Kii(?H^v{;xLisw6>v0Z1StE5^f7Fc}E)CNrjG9?_BM_o`U zvsXcZ5|J_pI1`NDnP^loY(n&cxQ5_h<}c3K$t-!oGfT1@?AlHM3bR2(CV{GjD$hK3 z#!$11`jO&Zff75eDOwKKOY8mDmEQe2rH$@t^<|q`kCJ4x@DZhWR%H?iCC1F|M06MHnSY@(lt7dRSW`c&p+9=stSTiwf_(dtG`7mcA>DCmRupzMIC zHy8;Pd-P1KHZS)ZdGW83)a~y0^V0MFYY?sHdOQO7h8&wr@-lTY?45Mb#c6tR=Kz+(ljrA(Om5 zimh)I3-*Xz+tvHnl|NWI>%4MAH&z30oIB^a5N*v{gc9RNt!gVyBgdp$lB{mA<%|3K zoviw8RsSTzfAYZm$(wcp)VG+=b4}co;2`d*Q|J+Aq?&gzX5f$S-U@}gsgQmab<*C7 zmkAL8?A?UGGzjU-(_vT*0?ljnFmSoVPBT%2pPBq9#k9q9#7s<4*CKE-V!B#NPCVe= zeBIkHWHjWWm%Rd`-s%@5PxBvf2YvX7CNVYVd+)Bi3DuC}?T4E)z(Tq;5=zn^UOis# zYKzTE;$5A`wi9g@gE=8WC!9S%fZHXjLHr4ea_up0w}BJazt3nT^&`VHf|IQ8vb9)t zi#20vyf)va5l_NOYlM@AiD{;_P`2?4^bq$+L&kP@F?Z*^xjR_|3ZSCg)#6|n{Q2o_ z%5$i?A_E2%nnL}3_OQM^fg+*1oxCn&&@Yy-omf6bdNOd*499TKPsD)mvLw)SOLNjN zY7-qV_aJ6W3K4iOx#@?eg>vWWcEaD!)ZZAMgBOKRJ_hsBxDpO{#7*CFqSPvz-VJ$%oN(K=B@K=_y%*C{1@UClL2a3*fW~~F^}QR)-Uyaui+k{oH!Trve@a@ zbopC|h#(DajG-e)KHfeT-z#qI$e69#qeAQ~P#e}ki?1_K=PY?L;a{qa57W3r|NU^K z@y2&$bpO63;}L)TiK|;j^3&a)8{_XizslS27NkS~X^4WN+gsZcZW7l}Hpios#pO!QM*CPR;h!_Fvqa|^l212uiWpQAosW^ae1rA4e97H2FsJ3jV#$H0BHjT>~I$bSsG?%7` z??F!P@=i`AI+;m0Y12h0^m-;;t(&^@GeKA!#{I$Yi5A3Q3Xo)gPId~o#w63U>1fs! z3vt9BFo@U&5K$?I1=W8K93DxHSI7e^5x|NB;EYgexOgfL2`oyh@s;ynp=^B?a?y$4&-UeCze1X?H?sj(N z@gxD@Q{a=mkBE<8P$&#JI7s3i;~g90(?=q8UkcoNHNUWk6%+`cs>ozsVlYt_#D(B!7#6}$s$N%rLfWypizPszxj4WgSOApbBHiL#SBK(v(H`~h z9PMn>fS;;$k-&6j3?+$PVwcopBLObM8*<_qn4+1xWF=E-;6Ym@@WMOIkcZlu3a}~B zd9roRFmF7MG~9^|cU>H0Jhvb*SJ{H{wkhbCc#1DELlk)=W|n2D27?P_$o5tDgGO>P zq?ff8PN_7dJIko%qD6zAlL!TGC$3n~!P(!$7iJ_o?9|;{lwRH5kJxxSWo@oEJ!Xdo zxLShbf6SH^m*@<0)fZ83eA?I$K8`6|b89zM=~^8=8}_Ya;?oeB@0CVB1WxA}J`o39 zTxFeavb8GZfIYgG95q;Fp!#g`OTcU7o*gGU za#ge$y7s~j$<>#Dx($^~xNq6U(K;?|AHO#db`d z*;ZfsA*tTl9o+>|(T z*vrL6onSs|DD|xdC&!eR78}^S^9#lGd!wwNyY-1IS>&;32sel-~9_t;NdaWUww+Yjn)<|Jx-F- zIb5$Fdz=1VTec?qp3!>Vu=_)JN>qNQjBoeT4E4sFh(=vePG&bsNL2hLSDW%9iwkVB z@3tIYmLWLP=mnU#B*f8tV!~7H;4Z#b^2Npgtn#SYjeX@tkCj56A7=3AV7DoIg?{Vk z0_pG+B^3e^!8t{TU&=O5gl4#PA|&x=lz+eFnP%90kP%EPv-j^doMOe~v94baSr}FC zl7jBBybBj9(JtZ2!RPypR2Zxa^Xy*!B>po;q;G=6l%A%RveH)(7#_qht$XxNT-{6T zXamlYM|!%b*L}Fr%0@$2zqVwy$9~F&IbM2unQSX{v)eUg(B&)MIV#e(yyCu*c>1X@ znGwkn#Ud>1SXPu|16!ags82dLBCb`DPje?q$mbEqO0skMjB0KgJ#PI3A9|yzdva7o z=gUP}m)F{AYGQM_Pi8I|9frWrfWvz|nyhMQfbhqF{Mvyhg)x`JhbY`f z*Qt#A;w`lSJL8gyjQTH|TeoIrW?v9K^z!|g$r6zAFW*f&fp?EQIsBgWRh8Vh8O6sC z_pFT^kQa;EQ9gVn_NnDKBky&L!XXY%A#;w@TX>QXiBM3M`B(g5#Dfc-=6q*vW&XV9 zFE`<(`tiDsO1jfz0;aKMA5dmKf$S}8pfyaFAH#2f`Ycv6!*I=DOJ$=Mb(zfKu?lYS z)01Aw_ngbGgsey7nu1c)&bRqXoEJ`h^cKT%;aD8JKLh(91QV>E4_nkX0vM|mXxhczB%UvVc(z_zVcq@B*;PEEl*E0>#b-7rip!89s=nD*B||EyS;%*&THX5;ZL=9#}v2upfB5 zGzg#~a}OV;c5%yntNdi~JmA;Y`|nNM_1!L+#ViX-r6*lUo+kFxiD1qHUO3H&3@zU$-Y0fZ=$LS0mnli*e6n z6xWend6{{h%*qe`XJ144HgHvz;yZZWvx`_}w0Mi-C!wX1>BqaYXr`SA=HU|%TNCIS zJo_omo&~h7hfLhKbjx8NZtj}On9slFyHEn_?b_sz*3$|V=T+#l3Uwl3g5DRo$-l2o z$q$6MtYPx_!&cDBKOsX7Uw7hOz90PCebn6h6Wk&2sW2@zN*g$R9#<+s_$EB|@#w9q zsS5851X2rvjw-6Xj{7hYcCPqr6!$nb^z8Vs?r^AHVx<4s?ylD|lfgf8E0doq8T~vP zJA2}ehvECluEgQ)(V7;qw2Z4eIhqe!?>k-o7+0CVeuA7`P6$3xoJ@RQWy&5~Q9drw z$4)yP3ROgb|3_Ms{}cNE|8b=2e@ln{xAniy!L$ebf2IHRv=5N5|DFH*Z!PNoPv89) z{VxtM|AYVfv-$hS-2VKlUo9Y z@BI1k;p=eeo2rY?u323o8We>(I~Zz6ilQ4%sgm_%wG?Fy53Av%M7_^?*jie|Mn>di zq@($G|NQg)`MV~C*2dHHKtdPY?K0*!YR7 zh4-do2g#T7>Ygd|tE%0UyIKCSX5q)ry?e;p8r|`@2-{ZIU=8bXJwZ6tqh@c zYpvYo+EU<0~K%gJYiEZ?7v5=YZS{GOS7SCtnjx2(ttHoAN3 zIp-!({q*+03N)4Puy^P#1?)P_?{`B}HBNVPy58Sd5%z2iI$cXD2qstAG>PA3^rr9~ ziO!r8^E=k{><6F@=Rb6e0t%6{l|z>H@I%|shtRQi5?Um@IcwrwKIU_fewX>TsJ23~_kbWqQh%uYQ21>dA;acWd4c8pN7Oyk1I1Tq=W9(Q@Al zh9sXZb64)|Lc3eVPnm{?+W9CI*^+I2k+Qw_0B)RO)%qD3QdbQs0le5>YMG=BClvg- zBxv{x4W7c>mewKS?ikJpoha|jD@V(=%|VeDs(%cWW;DitnNiPdlOPxGTnEx`_08gh zqv%mV)CXUqZliGVU7~P3tl&0MdfcNK^@_emM;=x`lLVQd*8y$ZR^=S^F51SlkogY$ zAAfvlOktX8;P{$QN{yS4;MEhoYf5M@O)fL;G51k40=Jh|l26f&1|zJFhK6LCsk>ef zCC9N;=c{8I#r_t*#A`5XQj7`B3&B=;-TumNVf;1@}_-ZfMiS1V7I_L%12 zAFKRk|GYQXYNL!Skgi{BhkRDN%QXa>HMqrRok0wj5OdFm6;Y3b+RZAQb=q~&sg=LC zLm>D2?jTYxSpKN^#GE)SNILr4!Y$#@y-VTkrgsYSEp}i7Pt0#e>&=KiR9Wn<)>!|E zlJ)z2*|}I}8RQ$$%qE0mV)TC@F||i6-l)3WsJ{(=J9GI}TSNtC$S;*IQ!gv94kNk( zZMGTO(Nfk^xMqzB=wCk^>AewU?RjM0Cr7Lw?DkZ-DqezkFC^nq4fXg-u_0~_eap$@ zhv-|g+Z6ga=Q(!*hsTIPwHE+xg1I;>ivQ;o;_Nn0TD3!-Yu^CF88RxcE=pyp{Nuj;hXF3UeSWLcpZf~vR^1yLNyDvOt zbfSSPPZPJGty#9A6%Wdw-E%l`&sp36DTil;5nO0e&v;_j@F;6|D{Y)R1`btqP_(MEg}&3%APXi~KUDdtxCCmpr zKc2p9zN@D54s$~7HrA7MO3Y%rtlQDaF{yS5>3*Q$3E}p!MM9)t%x8XX_l)q}?2Tdkd=+qy^l$ zR(IB_ocJ>BWaeGV`N@Fh5FNEgp@GpxoUl?|rl;J2@Ax)$$2l$q&F5)Pe)hG6dpyJx zZpU@#p`9G}BJ%C<7ghDj2h9jK{43-3%MZqF`5h~X*v7Vdm!=WO=S?WKKVOWe6fe@> zQfy^gmTPcZ@(W75p_R@!Ob@WB78S>j$h9$@eSKU61EC_|5WSO(Wss}n4*)Gl1;v%V z|udjnvRS8VLw%bxfA{*573K5dipU(2ePCM>R4ne18?>(Uk+s4FuI**ddFc zsCE|JotmZ=OHPNXP-2&K4b=uYZuRxJB&pJ#m{VrX*)sAiFXImUf@9WC!t{ zX@gd&icM#Q>ADNu*$71d(<&Hyq%(`|Z}9NW^FV!}P_IK^ICbX6kM9I4aBUc?M%p|* z_pr1n9Qn_SI^pRwC%3OWXAkYegOA?Jr%upOcqU8^2YQ5L7mIXWUx*Lx@A$W4C-j#R zjQd1%M;-=*J@asRVe+2Z!+-l+Q_8iiz>T^dFY-tub*9_{2DvTmB^=F;uzEOI-=OKW%fALjz%)KleYH8IB&99oH%koQmXEA_%On}&> z3_7KZtFC=2(XCak1cfDI*tUI9DNij&gBLFEE+fDep1-D7^r_q zs_yl?gfPF&mS;fRgkrLi)D8OIfm1slUv8Q+Q)>hr3Fux@ZiUANSRu^x;zf!yb|)_$ zT{FoNTC=|S5w+X-BK;Lu{)lUIlJb!+oxUcUK^K!xVFq5QZ}e{8%?0m&^VGPNi^DKrHKoypSK5yQW&DSKxzXZ$^;O(fWSr)aX#_!2f$?{blAWKLV)fB zf#%nfUr}V=%caHH>I5)6H4#n)InO7)_=k#M0upS1lSIDy ziFsB3Cy+$PNl_UiF$}3(K#I+HIG=<7B_G*tkNT87!W^23It^cb+teagfSFGgg9BnX^J z&K+fBPLu%I@U;990FCqK{T7#dFu~Id3tSXeAxl`w z7e2(kSc%UGG)NHKNP5Ho%dm277)kag(aKY<5%36)fM{6TIZ+VUDz?zFG*`4OlK|1p zYe+ptrhS_SLr9?Ob$KFH#IHvfn2(8bF+#Em4!2Uj`04UDk{MiD$-o#Jx9 zd#5upxzY*|X$+&%q&#@SY7i~$jQK@^q+^3`WVq=aY^ZCad7Vd#<8dXcd=S zunhY&G@|71H?CgMh_j_+wt0+sZot3(V91$h=Lc7dopYo~!2TW}F;xL0pR*_m&k`*j zFUh=hzRWtd?DB)6NjS{`0B}>+Q&gZTxjI$=?NeguE`;GgKG)!bmL$llP)a?0Z#n|R zV>WglA$c)?m>MYA@sf(8_)QRuMj24n%D?G2e~$CfFK%eKBzyl@Z&CPI(G}d3D|x!= ztCf~W*%j7@xZ4I=&YOvaDtYV5l|_bm>FXf64OEs{#(>}8b}zIl&3xKWrr(q~u}3{6 zjs&GkQr#q9{{$zFD5+Al7gk;F4}fYC_3H1MIP2CKuOCT!uT)+Iez56%a|RdeTWeg8 zRnEmj-se>7_&DP2U1(zPpfq(BTJjl~uOL*J0A?*zb<%NM46$z|Vu8gtNuqX84}c(Q z9|BeWW21$jHsmZ8`TM5%Zi4Ko;IxLqr3W>J&uT^uD~oVQON3YkBJ16mhG2wP(`h%W zE$r2(QVPI4m{IXu*W{jR36E;Cm0dF@Y+Cw`f*z_#MCLU7GxOlt1CF`*XBp+JDyNRm zm85lEZNpL03d8q}fSD4pXA4EJO)z2#|850bvu&~%g4v$htGW=lkS zJEA>9!GHFBoA5SwA~p1#a_Z;1w;5l7942MeAl1?poitxyFpMrjMJL$+=s^be44!)w zSLbo}a9n+_o3>th($R&I!#zdE>{<=VYAVw+%S&5r<^lg@8iW`gPOyV5qBYt8vUb*j z{P_%>=JN{ejy+vs+fAGRkJ=d8xjQ=IYRs-Ay?V;Y`h^ZPMPIlHSlEt3=THN5J)}EVr8%L!@EOczwk~zLo=oeI>@&cd#d8vwZTC;I8f3%F_p}- zcdbgxGgKcKmX|Br>zas8~9wf3(L>p6{yt;3GB&Rp9uci1= zQg^6BUa0UsFT=&3)bWVVyzG7OLu^D2^3-E|#g)fTb7I{G{~YNtj4w8c%k0d!zL$HE zV3^|;bd~NAI;Lkm1ED%fC{yxP%)7?I*NuSnYPtdgN%M;O%0hmO z4pCC>b!1>!D>uAVD`h~s+)btlG(6?SjXPhoyWXHz!Fj)Jv5tAlU3|y48*fCs?)A&X zu-Y*9rZAV2f+c>vw3V2q|{%J_6 zjL)=xUHS9Z^wcQd7MjP|8o^1;F|NBmgClOwLwe# z)UP^KCg`TZ^10s^9m)XzFV!-;?4$><7R8k7a*DSYmmarS4DAP}khmB_6={xHv3U*4 z8P#dp&k=2S7;apcvT#04Of&|J#;?ZOX%&pWa5zad^3J*EP#oo6c4MmsK~ZeQMLB<% zE2E606_Nt}gMcHOA(SX~{8*xZ<)EKUMR50W2v#heGtAoO4IkMPE0;LYiAV z+Ig?EwZHJ-e<V==44$amPHl`5 zTgkqgnXgP3d#u*F`QymkV%X+}x0m8lrU(^4V_u-!-lo{yRm@EC+Idvt-c!3UezdIh zrUPtsCFw?gZ^y*$;~TwSRCN8r^?E#*{?5cM$;Xf1G^H#Va?ZRH*1*&xKYW_=SNUo8 z*W_TGjIU3!B*xX=-R=M2b%^;^n)#MD0&U_12=2m#DS!|KKoh}ebFFWgKuS}ASNvc| z-<;N+=e6#x8SELZqsP?p9mUld+NzYtK?V26e`q}Zn$`K>o5{~Y+f6t2((^=+Px)&Z+$nd_B19n2Kgb)N}<=#vVIp zT6!G!d^pkU^op!w-O8~`Q^$VnVO6m>c_$opYMNI-!P!|}QC=S7jJCJo7u4BT-Ex}O zwXxTkvolb4JFB5j(m*>O1i1^_f}<|SUa5lfav@yI^c`KSY;3GLTpa8e_WGywKYA#h zwUhQRQJ;FLt^Y@N<=Em|*Ua2lJ9bvw-7ZuSBfxR~vLu zv9ZtB@W7zwJqYMSqah1zVUx>$)qTy79RY!Bm3zBYiO2>IJ>tYvKZKjF_h?)BtEc9v zM`f_%5ViOp-2ADExf_=^svZkud{W9!Xl<3ZPiuQ8#UH#Y$15yQ{iTov7zZ5ZSJH-&$StT&|kIl2XbzG>Y=hATIdZ(WS|HFoHJAWjdzB8?| z0zIO~OrDKS0^#jJM`EfH(IC&cS%Aa5F7~no&s{``{GD4pC|!AX()hE*r=iuqJ2Ux~ zoXj&*_86vp68F~8$RrDnir`ne*&ee%;F0FuW%`oj>jubkB9R1NU{DfWekx7|v(VBp z0F0Z^ZTLRxh%3mBuLQiTmBwj^@;`a)LV8E~n}{Mf_`EBy4jg*F_Y5n&!5XAIvCQ$L zeT0rp3Vw^vhM4}QW2_&ct4|Ue_9YuMA6krDeitvdao^fVjoQOD!%sI%yV`sjuc+3N zp%YZSF!G3(C0h(u)AlUGxJIrf!9Vby4 zEAdM7M)f20XV?2U_amjhEZ-a%G8oFRUW(bM%NcD^j*Q#;FzVRo$&Roc(s?ed;#PLp zKHQ-&X=Co;2J|Ltqm#GMqs-m3B4p9H0z8xT-?8p$AvU$;GI>n+^5K8*Ow1pP$OVEw*!NarUsq!VXfu*n)!vZ(u}fCRJWtVQczuMWW0K49?nV*Ux5*ZQg?v4XL5dDq?Z7 zPof-_ZuYZ^081DuWBWXeTUwW1jhmK`C*~p$7^-6A7kIVvy7?U_)^0rsnzl2F?IfNQ zA)DrFfQrMM0Obtcfr6XkRr~zlTp^NU-llHDmWL|efPxwmEJEXmYu#2X?P;=nohF0db}d zJx)1`7yIY4Ik}Mvs(dJmrmVy5XFny%{eiZIA0}V=<*nQx{OEWd+xx9oKLpo&bDxXQ z!j-#uyS6fhA^r&fYc>I`G+)M{m$>H>2rR- zY`Tkm7(FMIy^6CjLJSpx6TS9kr^AKOBZ4k_E>g4~h|hp4h;VgnOZZ5)u!@Rz`!$j3 z#|`^PlGYsP+}`L7S9VNLdleSeT&VCUA!P5`R zgw!+Jrr;4H{uL?F9*-(cc!iE;9MsyE)j;fVB~4n|{)=-WocB?Ery}Jq@%ah5pmtaj z7aU%bR)A;tw#=xExlV72`h^MJ7mi%HFwm{udZ>{MHU2wyc0dLB)t!;(>hX3hEA?mo zN8G#e=k8UKKoD_2Z%Lc3P|i|CJRR*^Gfw&_Ppv*GN0+#J=ccBc7ikzPVc^b-It|_@_fId z^9dHyykLrKCS|A6xqVlWP>tN zbe}+@@=D*ULNLRu?PC+}p2~y0GEi;!ZC{RW5S8Ys_tU+rtl$Rd#;nllxcNevC4>sG zFDO}4>OBX_wx(NF6eN=bI(yvo+EM(rLQ3W2gSYhz^-E)?{c-)G@Xo{H`2KZJc-(aK z5)T@)16-xSCCoh$qFgo~_TB_M|J{yYdd0jKn~60&wknLEU~W)tnPQeHPOj;aH+9XS zfqSB-x$aJU7L=ci8@QZ${$P%^}{IP7OKGU1iQbP2Br)L3?>%Y`Vw2eTz3k%R^eInvl zu@i78YkIO(yril+rdoIEIrmMPMA_(!g?;(6v0gYJC{H?pWkp+HI8GNi;OwEl&)IL! zgFdSQ@gdgyZ6r~O<)lLGklas7&;baUk+StOt_l|F1mks#h1w>!oPez_?`39+{ux$? zfBKn-vCn;Oh}~UHcrV~=mP>tNAU#svX_;FM;+9iX&Ni)%LzO_&OOt$+3zu1nso`u3 zCp;VMVey^N4kd3lZB&oP(Krolh;L)}UDOZCs~SC1$gBQ4OBU(D+?Taicy+2FbD9I{ z$kJbsjX?QuS3sfjc4rSST7|$4jKLphe(j#fbw91G<-cz+?*R-C^Q61BXV^f2jgmxZNLGTv0!^Xi74tX||0D3vW z{;K-Jge}$g0@6JQ>Z1S`zDVmamla9i+i-A1+Ozd`1&t8ZoiG1BN|(3r7r;}&80MkZ z%^_R?n6}%Z&N(2&SInF9`k#X39)FQSqU0Z=3et(L>keXi`7$&7Z%n@8e5xI6zVNsa z0Pkgy9YGP?ZQ;|3hv>+2Ww>r9)}eQH`ED2BkMa>=rdVW0i;Mb?@UK!vEV&Qr@*=y^ zHQ|tBCuA;P#OZM8)S>B&Tp^XLXAMQ98gC&9D?l|zP-M|x(Ow90FW-A5Gp%PG!@pu| zM-YKv{%PVpD9?jkedeQ)TNCA#-*+iO4b6`Fx`C1Ox!;j$)e|+t)^}+e4 z5AxdO_bMtEedW1K*XyC-{g%&e36h)00$g?HG?#%#gGQqLaw<&duT~D1=06R0;d{?P zyUq6lKkA4uj}+HyD1?WruZfEcN^q1E^t8=&+2VzEPcvB=-lwLTm|Ow$V|Q4`npw&= zTFNZ{<3^cfqDaYuZ4zU~*FeYj!wkE|@u;dpi6QAFyQp)RYP4Z%d!oI+~g;VfS7)+q6n_t1*fFupV^$YQOcB z$mBwwnrs@5Q7EpR&SUt@Ua=86C#ZU}L!tIN{}yYYL^3^~)EfhkUay^mHX1R4ri{Pn#Z6xBggO2oqzbvJyN0Re$laBUxo_td&K$WPZQ zNY~0UYr^wTii$MV%T&{|Q3>njXXEb2eU*Onnwi8Obd4EPrK(H8^}0fJJ|8+al`$60 zrEb;;dHrb_!jEx#{@o$*AA4?+<8fUL%TCDK$S%yZyOtvOW26@LAT%LhUtP35u8GWUiYm$H9tjo6F43Em}PEs*HM^hu(Rs8++q+S#dO|7CGjjiA9kIQJ#>$hJ+sUknB-LwaZb@>^@%VS7#3#HC%%6T1XI_i zW(W{nD@8KfXY-$yxVmBZOIAqNF2SU!+0uxIy$tbG_Qk7)O;eHLF#|SQO{SgHQkyRo zKWd;Trk3tB@5j8u$G+qMr96Ttd7)iFX`#r``=z%zDpGbJFuL@K+fO6x6H9@%W%7J} z|Gd5@+XDa;+caPZrr<`6+SL7H7S+g-6UUwR`{5)IT|_z3>|Ym!5+TL>zrvCUGbyL| zMe%I^Jb1*KZm#Vq3tqYJxFU^X?25_J^R?!EaN>zQ(1RiDPgVEKyAo&H7r=!V3(ohe zO?PQ;4Qg8rAk8wZXBIlbXqAqodRyRcE2TUeZjwTqO$lbecp%O^{HC0l^xE8VQmO9q zM81Tff}TuNk<~mp1B%|}^M_d7@H3hxX(G8SMeqS?#^vn`FjBI%G=|q|1>(j|H1Wt` zu1fa0A75#%^{ED4dfaJbbGf@qIuN+^IBG?H?#gsxzH}{=EP3;>lKj7hPI4W$E^#-U z8X{*7dwK-WYZDLUN~#ET#8-G&`0qvI*$K@()uvS0-ZGc`YTn6i+abx?GawgTzo4Sq zSwWLJk}SCEYs7Gl?suIMy2_0A>tbh;SU{oUu`fu@Vu(_Bo8v*X16p=7?0nltXzgJ8 z$F0(bI$HV2SC8B>H5QxNB}S$UV9s>gW0pd$mWt9CC9AVjBc$3xPvbH&rvt0IP80fO zuZXpLK!h!%?C*i~srMUWMQ@e0t<|C&ni{-*qS`)opA-1uTz6!!%98W++}8aRz3HY~ zubU#c^nWKV?M{(>0-O(fUW`l0iQ$-gOnxNaO+GV?fmHCi@rw}j|BN_PTvPeOvv{R1 zjs2uR1(;K~|GOvQk|*#*BMDNfYJAaX;Fe5NjlqcZ-7`P2$X*Zkuygkzn*+QRM4y9WgI0NH#p*cX6mLnP`CsekrP``T&pebk$VGqbfhqs99uaDE~@6cJV!RFytEex*YxsQh=b^Wv2 zZ)W>DlyALg-S3xs(>zL2QN5Z$@DraJ@jk)@O(NxX#1rm$ zCar2NS@w;OULT`f_RYTUN2GRmSM=RsabKYiPUh(60hqVHaT|S%Z?XMR4<|+NlY24> zo1P(0pKN9ZYUI3$dMEngnz?9l?2fc-flNhD>K0!(9Y!C4=V~_kzLD_sK%h!o|KOzwC~45T%`kZTuj`Iy#;lyQ~i2Bzd5@8BvZ1eUth}pIFgDh z^QkjqN`-n_dUYlI(}%qFAVp#h-DB&NS-EK|`a%RV_)Jh!YN`70gROHIRjxxyHdNT+ zN1mHi4)E`BLYqvX;40P1)Go!YfPtS3%&P2%wGi6bOnO}-P~$M`l7-$6?PF{|)Q$4n zf4ut&FoL-J$hQbCT9nJ82Yh=C(ohuA{P?P@`7O+wASy1ef^LSX+HFVdO6WF~HEcJ< zM5q@qr`4|VSL$P(F!_BSt2|`jl1*~$Wc75r!D$;kZKczS*KKXJlk1gE&P^>)S>=wf z0*M-f(tn0CV+XZ3#SawaA5aISG6HTl`nyE(3W-MJaOBWPqJu*(aHEPwbnT&bdj@+) zS5z>Wxt+O%ZMkR*!PBL>$(`xErhFn()3RDg(wm>Y{`mD5%#HlqA#^=gSEM{Qx5+AWgmZ8SwRoTVM|R)&(of)$e^ zPGPfajH18$#JKp}O1W`VVE=om>7X%ER=TELRPbL?3>AJMV$c2Ptc`;%W`^a_d`uiz^9IgQ;(zwSNZc&LdC- zEC(59XN^m_u#66vaS^&XRwqavn&iXdV^*^uNAxs5p>NqQh@4 zw!v;mAkI-=F1|Z{D^tg(1EW{BDO#vfJh2pO{Lhvpmw28MGEGhCVRc?zsPV^sfupYz zGMe9xk0WxvPh_8qiLT+1(iem-C-6VEv44sV@+4%&f+S8)o-CS0NV~scCi?PWs5)+j zrgSyYb>9K9Qz4;Brzw{;i;&m7kBU{M5NYz~Ywr&`9iCLYnfYzj+7u?*i_e8c_5(J@ z9W;J$T(F{wAcX(K(KD`R1hf}wtzo>B1^7WV2%+PUt8JDl@2OHIWSfcV7de%mJ7CMr z!nG9`ZzjL@yB2X&yQWfj=OyjR?;+87ML^rtlM5~$t4McK*{rS3_$5yT%*hhI zB5xX50h<2@dtU+=S8?7i85>xGxy(&Mo)@rIXstbTShg(NvLssq$r6%mV+;{1?US_j zUfEq)5;lqL5FiOOBq4;73&K&7v?&R>lQxFj7gzpilO}DhrcFqitL5J`h4BA<-^{!> z@9o>wO15e8uLYKN-<$d7n{U2rzWHY6<-33O`Q;uZQ#7Pnmq^ecSufA3LF@ zCH#MHt=TaBPZxam6+b)kq@Qj$H@orSHxI4YxwCNFqKkfU#^US0bYEkC@0nc>J#*{5 z!Oo%K6|ZYJ?Olx*zi)H;t?zzKeQw|RxBc>9>#mcgpLj0y#@B!6ny>gz-ai=l>ys~k zc+qPgf9AUnRKIEa8_eas!;!~7e7FCbKm5=)?tCit*pl~59j^N4gTH;T8c~7ozV}V$ zo&W8B_rAAW^yC*Vf9CSnU;MH3y$4Tv_q|Vj@ScFZ{%X-Cs&fhP(gihPNhv z`{}1vUGRyY-v9HnHYJ8)yT0+cTVM0?o58n8tD?jy{QQx{}zIuOT;KJ{`uk|zg-gw2CZ@XyZ6W8^=c(D1B#=-Xg?Ai6i z@~aMAdSK(CpS<|$MgMx)uYUjf#GP+`X}bX&V2snj=$XhnMZcaEIH6w zb?>(i-F()-`M*5j;vZC<(6o8Y*OrW4`)5ym^ArE^ql4`;8y7wQ)Ysnm(=%I_++f^v zarc3f&Yt<(v)=!!-Isp%ZNnd1xp8D>%Q;U!wd93|fAHDscXnRC=pBR6yCa_+AE>_d zO9$>cJ@zl38(bG(@!2c8zjDRZ(dVj9zsY~Cal)J4yX?&99VfhYVB2A=IZ_=>>J-=8sf=&IqBuWtPJ6{o-JhoQk=^j~?&8MimwbIu#D{`GHe zzRmxI$OGB?YF}?$^XI?aajxI|ve_NG`N@+?!bKJN>s>^*S8 z)&G28(U)(%b@2C>-TCHS*T&Y}*LC`xXWjMQfBw;uN2@>cfg2Aj`nTV2+_XM?X!&i2 z&klZh(WCEt@O_gzZ(aJxft#c6s(PI{xT53Hs&^Q#==}1HA3Ai$its~seRv>zb#MDM zp*tU+eA)Hqocqon-0oX(u>QF(er4->e{<;8z$NEh`IUoTzx}EcPJO^U_tBOouYTq& zciq={fAf2@xcLv7z>F>Rm&c1`{={{pPhX3 z8*jP$!P>ssuO2+D@y5$<`ceCp*+s8=@q-($uemP1{P}bK>a6Zt-h0jk%YwnRZ@fMF zzANsZJ=Azd`;t4Jxa}=(zvfWSWr^)~z53ZJF7+R5KI7p{hhCX|!%Z#k51jYqu2pCG zZ~FGhKUwsltG<}LH9GT&=QsKWv$rkpG^!qa* zwd4Ai|6Ax|163y)C)EAug2$@=?Ne8OX6u=6Jmt2(3hcS)yS48>^Y&V#<6gMWxFvi0 zM;`s~r(9S+eZs`2K6Fm{ zeT!fC$HM)4UU}xf+;#7jFMs9t@BQXyfBE=%4Gq8e!rnsU`#VpqpIr9oJ?*itUHj}^ zt8e<*%QL_J-jX-`;=;GTaNgoG4&3y`(Kr6?W4GP?+3v10AKCr6OYXSL|NHBHy!`E- zy7sqcwS4|l+kW`vul`@(oe%!yRVN;P;+}WEf6;lbeV}Ub?@m4QpHBJVBWF~N-1C<2 zEWhSdTz^%z>-5%-toXpY-{w2*`sz(z9s2vzzJJ!+FS&B$&aPhb!Q9>P+FPr7 zxBTE`ZTCDe@}JM0`r6R_%g*`Bo)wp0pF8CvA3pS-fBw3YU-iMRGn4zr{`z}gs~Wug z>XU=f2e-E8E_ix4DCY9{Wj2Uf4dMcT0l@DXN zTyJbPGgTOfp>5v$Rm51i za@kU!MJ4hah3bmDksx;~y6n@V9^>yw!==4;|LAJqX}I?eIeRFcL#z!2&SncmE_nd^w< z%|NX^u&GSW1n4|QuZ;$eUJ z43n1?46B2vk&Wf@W=|U9z<3t{DG>X6!w{0;1_88b>^seZnM)?Fj=3= zOr_)EV{9}pK8$7ZfkM1~!Ym9YQh--mdpSX>y^MczuNj{JgSw2U!#(4nV9b2P;;Ofj z$$iY_Tv719)dlLCJ@oY0x6d%>k8eDaGXlgK3G^e}ia+ZNrN`=%W_qG9iHCJ{T*>E~ zaH_#wiR&a`lVVyBzn?`LL!z-++fmRLmU(NY%(?rF#>rR ztw9rjV(AH!#A*QK5=8NlXbi=m&W0v4)7^=<7!0mLL#zQ#WuRybbFY~;CS&P%(#++# zm|I3NX)X!5Nuw*!`z$&m{pmge(22)9u)Y%YQqZj)^+@HGtv8irjqh%6TNbsf?s#%+ z9z8dNAQ9jC6z587Az2qA%r8r_uY-Xj(T2t*f$vddVS$>)#8QWmLXljouq1Yt9k7%( zy5{p)x-6DV29){i?(N8=3(#=>+WLH9Hfh!idURxxU}vbHOUC%eFT3OorE{K8AYMR- zf737eXTo0N50jesuPYrJg;E~NB$Kgh-VB*DS@51gLe|sOSVsVyvM5ZVkIa8XcF|RG zUdFLO2tFaQuv(@ss7bZB*rC; z9pj_`cJ?k9prkPVEL&1y_rIe$cr(w&>;IbC&_JN z2_K9~YfLWT3i`8?Mg{6&YZ8S(O|YhRSNJ+~5aPhTNFm218GzDD`U_H9%A$!vJ|8J# zGDA`yc@00gh(UHlr43`PVH82`=>Gu2PVKcJA2 zMn$?MPDsoJ=}cOPqV97M3`su=L2rm?%g-Q~`$VtjRJy{JkO~Q)+ZznO>WQ(|@QW@H zIAQ?ZES1JUXzmJIS1P}f_JP3ybS)1kjdlXgcAJ-;BuNs&;h{v8l+#dxIMVYZ+E{`m z$piFCF_llVFevR3AhRG`6kzBQoea2|Y`D_`IhbDXJc|elN6HtDI7>&%mySA1HX+8CeFgUz4lFUms^N)Z_oRV>%s3t394TK&b zAPl9ULLqiEFNL*I2ucuj7)3JgKzNk>3q>}|(T0#HH<_g5l5zgAsp%kf2mjbFnbba_ zR%s`Z2yJ_aMO3EITeIdEQrT{Mfh4v7fWA&uz)^#q^mrzKd2f&=v9T05np7Au3}`Io z>-bL3*fQp~FN4ZVl0=*XT}TQzEmiYk7W~~$!yMyCvx?%d{)qg z>(#+J`8O11vu0bz@XCBZKRbM334-6B19>l0lWIioH=fLNgM`1 zn6TD}VM>e`3$PMzRaxLj4@opi_j_|DmkKPT+heXygOcg|NH#HJCM|ONh-8wE9Be8^ zmP#;*36XjxLOmiVQ#2Q6v{MU-D*^~B|kdG*9+6|T>jNfUv@j#w762N@}|--@|< z)}}=bS?$DF4UHC&AT^TB6^3~BDdR0}*N;jvf*q6Q*q*B?H00=OEn6RcxwFJehyX{# zEfWMD9NR=n~@y@n<;KL;;$oN7U~oVQ+()8`$=QUFXQ8W1n>wi-;nYU`p3s* z#L6;#(o-A&hYU@}Ky0evbT=pn!kB4X;`2m~Aj}Ilv{j589t!e~#nNMDa?{i(1uv}l zi&NzlN92UQb5I|Zi#-W{XDmN?4cKuoF)@jd4LXjNX%HQCt>GX>uqJ_k=qP0ew>co> zn&J!AuqqQspHB>dHL;;*Rtbd2OH62~*aEy*IdP;u$O$QWU^iFsl$J3k8tKzoH7k|S z*{%b;ETT_rBiFUE7PY3fBF4Z_6%-~G>IyK3+m+hJ^_(wH;N`elW2t$uyt;z8gh-2B$%q26K>{@)WxuQ)5%$*!MHknAqv3TMRCdrU{BAvEj z*}!%au-#tK_uX|O`o51xk5Cncp);|!NID=CV%A~B;dft0K7k;Vm?t2zP)rA{JgYLM zS5DDGG$qXthLjj{cUxOnxc7=NT*aMK@xZJu;(;3>S2PYbcBmupV}4RIT`Sr>PZYxQ zMnFZ3MDsi%L=0<0gv!~c37?Y;7ITOY3KraWwrkbLcL9P{Xv7kYa34j9v^hhj-!4uM zh7zMmFs-1AC~eU}RgZ7G&{qpfJ9H{@t+G-t;4 z7?!S)<0&}JR-a%B;NxsPmd%>!xS*LvT<*pkB`YZ-`YZ`;t3Oa$DnOUzDAIgHKxxbd z)hJ3G>uGk%MtYRl^M~!pW3fg%0=N-|3yR}^&11GbPE3^`r2Eh->J-g`gx4>F7(AO{ zC!J?y@?B}pI821SkYYWHr@c3FF?%$n>fQMtIy-Bz1|!@2Ovm16KHyFo*P@qnrFQLpf0 z(`E}+I!5!EB-{)TiwBo{it$T4O7a>t z09I3Y3T~FHCL1XQnlQIC7q`ROjdj|ML;!kOjw7AZ6(MaF>r{}ez~fDviitD^+onD0m}nHUW2~gqV-C23cszXyK@}@SlCg2cbQ2ZGv-RS-f_>= zDJOyF>O@8gR1BJlv?HOSk3$gXe1evvQOfE)8jwd5A|xGM3L1 zCYU~oXn~zqhe)pQajD@IsSz6l4{C86Nd3#_D{dv8*h{2k4D5DNBTguS#GVbpOmQ-x zJq(VaaY7;jE{NlS=77-H*0_6UE}iRT4W09COyx^>ri2j|%g9aPk0itN5C1#740Laf z@hT1p5D->%mSIDH9qV(%E^O@Bitr;sb07Zs?4pLILCFTWLJN#7m1ZD%VLb3Ci%tQ) zC8Ow%D+*yL5o<*CNf!C-R%NLKECIL2MAz1Yp}UH;(qQ-#X?XZ1`z0u7gD8%uA<2yG z2*=di1*ggTKyU2ln%_Vu*e@hx3d~BQF2sJOWHCWoQEHY-;r~o-Le?$`nM$IVsO?z_ zue=)7$TNye$2~+Hz$zEg!j#Hz1Y@N$M9;OR&4M1lWM;6!6K-ux3PD9q!N7qP8hlz3 zv%nJ9Dhn(yt(4l{<%-B%w&$EMNVrlaqo)h#C9(FBd(cw5=*K>EWf~JSGhi2}XC=rM z0$z_^TF9zh5(wB|>Omi@=t~t$!we!K>Se9<(^@c@ES-GHhUrd(T?0UzL#F8l5G{ZZ zwOXuUyOzmn(RoVaRJ}vufha0^KzPvuW$p;Gnoa$kJ8Kv>B8po%`U)Cwtl@BVA##$b z5y3FYKhfR{Fhz(Iq+6AbWCJSKKh}K&OO6tCFbREl?0V>c?(8BVL*1CGk9IG0U`5^3 zGl|&&pg#IgnL3#t;x#c)a;U;w==>mOIH880^(sTTYTFP!*kC_t?;D^eEA1y;SJ8tu z>p=p&Y>ng^CghBL{O)|jj!#|4v9oMbsa&9Ykou}z>Y++SdUBRX{mZn;+5b36%L1+8eR9lH8wXi9N+&n zCt;650dfCZbyaoMfvTz(8@>*ZEB*@`DDlI$snMH_ix%Bhjoc;JH`IsP{5;^l1SShVw2c*$zk*30kgKK=Ivnjw;W0*$ zSu?>~-~9RtRu7_FO&`uHxs2JG}h*`nH_GRnm{ zr7Y-|sdW>XR33?Tlv=l;5X&JKqb-C@8ICMGqZ@l&u;-DyH77ECLmmBnHX5N2$kaEa z@JQv8nF*0uzR>oZ&9!$9@dLEd9?zHVD9VLm*h`3=I6*)C&$x5d%jw5xkH;}5!ZxH> zE^hSc8Hdaod4r2_g@IfqJ~dXz)1b4{8H>jS3k3Z7I~w_Ru)cam-_dj#GGiZV3FfH#IahN^QGa^Ha#1GIjFhTcJ&STr4D_vt?mIG$j5;hrq5p@FVPk zMR}urY|PB(6Qc=iLzyk#rpf!sJbKfMXrPNqJXt8);~^6nxjEJAIcSN^;S_N9Xxr6p z(BFxWTQY;dKPy5P+<4j{Z+r8Fsdyq&3E2Me@x+*EY>uT8$vNl*orbKJz{;3PF7DV`e3BW+qdb|o0kO_`nOs}Y4|GdeOU>tWcZkFAb44>`Y0IQMaD+p!2t)G3Td_A)m_YIuy+yI$*16OMeb&(EZ|z z;TU1PgJQ7DH=|hAy9KbnvBMlSL`(L#NXV%oVX(BJFg4r>yBop=ILZ)d933#WOkv-h zn_?aY-a{|CAiDsw2T<0UdGVARCXqx!Dy0^L5|9)X8r=z{0@P`X4wBoAZ4QyknG@5A z8yq7l9)+-=n4%55Tx%+C@u~wC9P6R{1R4sAXBX|j(*-Wi%Pe`9u!$`U;#FuW9}A(j zi(iWv$=%de96FIS3rM)EpiBALd?=e3PPG@IypigE_mjrLRX^m6@ z9t$a0k55k+E73x(kbr4oFJEt{m`@Q`N~A}Svs&=fx^60M&Y7mswF)N^CCQ;cvU@~h@C^S6|0(X8K|IujN|MSY%3c3s#pNh9nT!XsfTDcK$&ggK|gmMH-Y z%d4`%EYK+dTA`4z*04Xy6uFQU?-jb@TS%3am@Civ2o1g7IlbAV?opI%$R6Z@9Om70 z42RV>Od9fTAI5WB9H{qmG7g+w943Xcs><8-yeJilgc}-c%U%*&H3~=OJcu0ePzZdL zAH$g?Zf>=nD;}^OxcPQYk7$F_?b17D0Tr$IkCJCst_kTD^;PZ`k>gtqVjnmJ$6#UJ zDd(XY|EO2>jtS135MycV&oy=;VS!>XqmBKmyxW=ZKGGxlD!dSWA+umhUg?&MeYrD+Ak;-fLoYg2FdRo(|0cK9wJr zOvgNj^8mqzTrrk(ah&6w;<{}^p&glAGLDqT3XJizD(c-Cj~2jrg_@*@dVulrP}m}1 zIY+-1&=PWzIJh#OW@z&5$>d&L;qZ;3fUV#7hyoe9nVv?>Ae2ZKk|U{D)(RW&*jUkd z*SM(XYDm;~P-w380*^?(uA~(tX;{=(j~RWjoX!ul3_@?q#&I;EO&Sq!p5mvj7>Fm; z6^0UF6@_+#l@aICaGBnA%*RD=`9jg#F6Sn=hmFDTQXmQOMeCC_%5ID1Xot^$q7YO{ z#f&KCpzDsK+L|lithZBPpjl@mXHQ5DWFXrfYF!E@&16>5r$Xv`)O(n<@oFGb$_{;Ml@4(4rMU+k%K&fx>znSV%1gtfK;8-DWIK z8U5aHZnz;2s;{m9j?m@^ABaW8GF@!009qe*NRTH{Omu-!O9e0n%uE)sRm46gW94{i za|N()$ZIwWl6#^gSaVGUV1_es94?E)SHP`hKy9f2R3FY@tgo*x1Et%7ay;OA?BaJv z3V9y!UzrDrS(G@=s^X^0$A81&Xr!Si{@V~ap8r)bfsde|$p1X6>g=jVtEvtkK78}d zH_y(_77EBB%Iw**XJ}{$XTY_$w>LC2AQZTK`EsmKE?KffwCKnbB^VnQx13S+mUsTm z`Ct1+>!+?e|3d%Y$G7gh_S1(Ee& zRP8a-Wt)k`5#%ge;!pBrsr4VVrb6%CD=zvC8uY#>9TWR`^!o9PI187~#NtoLDdcvC zaf~0z4%1)Gd87nWj~h6wttRr84ceuMtW&;7gZ8JCtsz|t-9H4*;~m_TAYGPIk@+$; zqe_GG1g@h~H~c?}L6g}z4 z;OdBo7%D0}hGz|pCCW84G740#H-YTmU1EYrLfY6!C zWGOBLNK&ZyW%qDjFR-QIr55Sl9om%2UuN|$Gg1B9tmB(#mk*m!bxD|!blsOodp-t2 zu97l6+x4^;X}Fv!@90qs3FAnRR%htig5O|~j*5UtqKvK^v?8G6Tu=n5%R%WI+KgD1 zLK{u$U;AP+a+n${st#w6oGhPO4{_iJJ)&bFL1wK(f@v@ySak27DrB(~!h7Y7{3HSd z2Hp1{T?V746U8iHn#M8=l6Kb(;Z791YO6t3HVzI#BQ?g*@Xp?@wi=oEzLw4vZmn6r zE<|P5b3{=zxQV2~f{#RBnIgFcsG^|Hzpk@qJGYUD%W*qxiha{-!>zO(7=I+h=CDLC+7xc3{R-pB%=FsHL_BV$Tk#bKiN=zvaIMTl zdM)Y`{Z_16wW({%2-+Ok)V_6V*WjvE{IF|lr|V$|1oJ{y2ojiXuW5}^S#$|Gn*@@g zEfwMmeP;{}cC^)4rz%TUQuz&IY8F~!Z0aBE>>6wfgGRCiF>%Uh+9T+ zO5&bYkUv&fi}MsG3#~QA*8UxX?E_5RzM+x6uC3cfhI@v4yM~D53PZ`9>Z=EXMT@Cy zaTc?KhGSz17Q>c^1+o|*iV;IPuop|Yxz1)Wv{}qz&WELX4UIQHbO|}hViv-YNVFn^ zjrQK2EnC|Ld$x2BTk-)6ijj9dbRzHkX6qVgh=wu)SR@yvGz|on^rB$hc_|5~of7Qo zU{TTtC3sXYrL%|Xo8;f2j=`RRVPkmb0CaW%=LLp#$M(i3(;{17r6qFvRrwUo z$T2X*h$G#B&q@Hz$r1xI+ye(I=2-|xXubp{3_v1gy9G3ZU;w0n{H=u1=meWEviEw; zh`T1{2~<-guW?NpIo=3o?M>4G!0|_Uy>0P?_q>51XxiF2=Y%3LL4Vmzu{)tXAyh7* z1Mukr1CMT4MR|HdSU8`|-4Clg&tM!7_{p68z^sWbO*DolO>kN+4p)IZzw}gU6ca}y zkv7z!IC<&~{F96pZkdW4a$Jq?KNCvLp!_99g6B!(c&1c5>!8m2b zU^AORX)$>mw;KxieCUeQPiu|l@FaXpEb{yOwQoKqozD~}!^0-#G>q@@;mM1wD6-|__IfmF7d6wb6jLc-L1 ze+M?=RH&k=kP~|X0DdQ`Bq*&)Y4H+mih35Oii$4I5!mxVXxg!Vmd`G3CnUAG5C8b; zO==Xxu!aSSD4@CXbX!+XC#G0DLOh$L3p=?MX3^GRLky2!dsU{%tu`CPB-d4nE^DAd z{y}-8lYj?Vr)qM1AXs_2hH}(2l<$jaJPzriz92eaPeKT50TO#JS)UfapTaSK=s5WY zT%Y0|;yfi!K)_8NzGu@-4iw`6P_BB^fB;P=nXs)YSyj9J(gj5TzuXHrac+&7;={{0 zx`8gR9#X2NSg#OSIY3k#tWvizp^|->*)+OkiJD7W1z z*QU_axD;2`D3X5Us*+5zKu$BGsbVbELXJc!s~AZxQP-oSAQ@rK!3V|&MY*u$?mF7$ z)~6*%2~_%--sS4RHdgb_lCpI|RBInfUsYlF#o{jNA=2p#Jz$KdfxL5Ekpu74JpnfB z6w^W6$K{y-6U*qUu}5q}sab3DJ(yq3e`TlLs>?#o)_5Y$WHB6X^Csm$&I|6$#cxJR zx;r@SNyZn7`XdSAs)wia1YIau5xSJ_=oPeP?HrhU#m#PMQm35S_;DrmGW z%P_;C$~bTmh5$OSxC*-=RvA^va)9)jj;7eva2E3#df8)1v7^{!KxAm-I9A$ctIm8o zZB?wW*N*NIi?LY>s-Y=!N`pSwQfzGI=g6G%-WE7tgC=b=LGXQV0tY@AXxm_uH^xCb za1ByjNshq_!rN2^5zK(+`|!^SalzfGEV9+Gy_^p{bJ}75RfjO5#(Rf?4+6v+obSC^hlr0cMCcl+=-QDU^jsHsA-nX{@`Oq%K1~5I3`@Fc zEkO)=5fs5Ju&YX2fP7Be^5O^wYf2@D$eV5!(Y?oo(Xz^D10%SxRL|$vbstlUh-h_6 zCjj#RhzvfHUX^0Hp)yRT(H|9cPgGpbfg1!9%z7w@87UH`0-pV}F1B#@$!j10ix9=^ zgl>l7Zx+zGkbp>`0{^C8_=o?s*$@Pnjv?8S7!TrduwZ+#Kn^q+XS@;NE7!}QUxi=o zDH>vdNS&hR6oGX zz+r>vik!Aui_WMn>M)<;dWn+7Bs}yOb;K8S0|Xkt|Ja-YZqeF+lE{mdU(tNf5b(LF zq1>1#Eo=u#rs$F;ma+^_#M_NwahOld2*Um~M)zRX=C&Fd0NU&xD{LF=l>oT+pb^b7 z{0P+1=;)BF@H5B$5<$~p0TB-cO~rF72G5}8#5C0IXtRyl5Htojg@{c=LQjPp z?D3J;nFIt;gR&kDg76j}6eDxUGlqa=7=s2spfz>*aT}&~ELFs$Y~#JnDY)4IQWP%% z4?QRn>AoRH{rRDUr3D%rs}hmuh%uTkK4_DiigCUo4qR=mgc1W-feD)X%hg8ERah)> z=c0dGny-n+ydOu0&|yGq(d(&rA~ltwSQz(Gu2q5sF@uebO`7p~vAaMX1xmdKeM!XT zh>xHITT9nWoc&EkR5_o7svUt3qzViq6|t(~R_KHZmTjU06c;sQ_#}dbM)ZvcOHmH| z*@u56Vlja^QET5c)Ze>p825UU{=$j&xJR&^FAy9QVH|HP7%mB=#D(d?(bz=Z3cMO) z;0xM(6tgHyx5400AcSX;;f0fIaB!S8mGu|}VFbuc5HT@~mo-GxGQZ)t6W$1g%#WB> zc*LaQC)4t5dHV^UN+HWI`W7N$gNwJ^VeE+B$AF=UTV2E!NUyW|EDe{u*vviXs*e_l zG&@(sA*%bXCdK1A<)b-nQ*csA>`bM$Y_SP4s+|d3Vjr7@nH1lJ@cI z84dbUL0^K>!gCi%8`ZWV_E%7|jIDTWvp zcXeS*;UMHFykHst;uN$zwwa<*6gE^ZHc*g&pRPsRkv@<{7~^-KHj1$5}3xOa(UzyA!ZS8_2{7;ij_%7OaRGUB}vd) zWBJ;Im{4~1%z!xAF)FOvtN|p-drlB+SXgEA6N?Zw^wic*wPM~NthUmF^98Nx5O2tk zb>(+>!LGqZCM-*g?P;r#YyKvk&4rtnX^CSy-GSXE98y6j>H@JYdhYY1u874>6>w)b z@teqd1hx4&6%N#3cYlo$=HXKHnRm1XkdMW;l6yCRw>2di zh-U;6e$C5g26Z*)SJ_&~b`vsDJYZB$$xBR3y>x+P*3jr9Q}gC6lcI_JmP~>c8dRZ& zNLk?j($hInOqg?w7tiO4rZ(1a1pRTbM&J+fqD_&300&F=O1Fpd5#VFqC?l`(tP;HcH`#gcBF)B$EFwZ>5vbH;k&M5XM-#hS6?t-I?DK>q z?hR=*NIBcbbc12Q5O#ZcE36eZgd_taHX8d$IoadiO6owGF3P*W55?3~v`Q9~Y^|LZ zjs|JoEW6x`y=vRC2<1_2c5Rdjv{W|55~(esP~JO$XF=f^IZ=cQuEX4pXf^!i%miGWlA=PYLOl5?}kX6~lDj7nhBx6cGr@N4aD~>HCt3>Xw z`X+OT)z{Gs_V}eJJNbrHI11RDS-S=vh4g(i`vn78quDwcEM)!Y-WO!KeYozc$QNW) zsngHDu6wXdHm*ch^ugN)G=_Sv>1vCJfpvnWv_VN%iP(@=mH|+rxbCJXC$_X(Vl@PlBDjP-6SP`3 zhEp7k79j=MBR=fb(wmSG&hZdtl60Bwf3q&5ZUTZ{U6hul-fN1i;>>e3rg`LZv?Z;x zM`Jo-R==>2kB-n+>LGeSTG%4!G0@rTHI*%<&CcnsW7=F|x?M^cfd8Plq;heKE9(MF zFX5ZjOBy(f9g7z+ta2KAp$62F)Bmw&Cs;YPEiQ%Wh_Kd1E9$T9@RoD{pvqJBt%`ahXGK#i7s?0;s_Eo3QN-q41~S{Z}W%c@u&nfE-X?&`I=%2 zfcG=48V8K`p)=0jj8OwuYb8ZqHK77x(l~MB47~k4|Vl+b%3FXM;tHuH(g=9(BKmOk|0z?u@4^G6fGq= zq+>OSLv{3a2>D2kz9Jo*?oWyqBvJ9iDfvPN=6$W4J31Cra@*C8&?qP zqP0?uM;*PPtZJ|aC?oj?UxpJY6Y;HppE#bBL!cIiqeZ#nQYfX6I`xcQT$&u>8m(c{ zcbqv+gS3xF3IhlD+AiOKd*%S0u141i9%GnUD8SO*Wnuyz?E$Rjg%(X`}fVh70$Y*~D~@pu;eq?Z*!(ao3I zgOv$C{k2GccJN4SiU!y5OYn=2reU5+%lSsvTFy5;n+Mzbu>RU=7@-h8Z@sd&9~fbP zonvgz_k>qbVu;m^U$mJTbfJ;AHg(x%01VujN!JuOV#@pqtvh7^Ch;!&Gx)vN1d|q~ zO*3s5p&i8esZlCUd$N3EJ3(-vc0@kJ(v1dAxjdWF$^;5T}`Nrs`${ zSD2;gGHSRRHF;=iGS*;H-XpJ>ZWW;*^-jV;cWN8Jp6^fXJ?kM5<7YJ5neW8a1QMH zcDES5jh{y;g(Vfz(G;H@WM*JsZ>DW~d^e8oDM?*7IUO#RBq`C1(WVcp*tpXh8tfSo zabUz$uhVEQ92sH*^%e!mozVnIA}xvv-eA;e{z1Br08^9eJt_%n;Z?~pl2911a9%CS z%B0O&IBx0lSq-bD+o$sS$qHz#zzL{c=~5px`w7>VCz_FAd{yQ08z@$-`XJa+Vpa?qP6|w0bI_`-Wo?!6wC&@Y$4N|nO2f(w@?r{q8@b{?YbNhrZz6o%56fJJr&FC zAr&LHGZ30U&8o<(MkG=AG?Kv;e7KL;&!A|(Rb0F2+o~Y?ABi972#7{J2lsHeU}$+D|2pesZ4u?%S-R~`XK@CMT0 zia^edHtpEQ%YXP(%#_4J?sb zO$~%B;HgtlcpPa}$OjF|n**Z60mL!6c3fM>^Ce6^oOJ;s7mNf%~yx@2_1cC;2s!wWws3Xj*-W@5>3BdDdp-$3F zhYv+j3j6$g;e*FKT4*ZWLT*0TdqZz74ZUxO5`L(&KAWfJJpijqH;~7^{;}c_0NXnB zHDiDi%@oI43fXzMxC$i^zWeBxhPA3H^rkq~PCY9HPAXqCjFZ$b$g;dpGNJ*k1wW1i z7gGoy?G;7qY8^!)qm@-HdtoCMl}Q(Jx5adtL`A8aGQ8eWn$+T05(X(-hYFb2SlZQ; zHVW`n*HGL-rx0P7ETEV}O-Ta4y9gM&+rq8JZiEy>9hE<_3Yo9QZZQwR=m`Q^6oZ>A zitpNe9k{q=qz1EgrtyvZhsmSJEk>qXV}{-ogPB)L)S68Uud!6DqV!`ad3a zH;`t~Q6iF)(Mr$|C)N?(t|_Ko+SMNz9lY2EiBeQO9dg(eYid zh2v2Ph&3yT7?pu_wZbSNV?dl`)aDQS#eog{X)>RME5RT4+8;M%a&bzB3u81w7%BWl zWYf&8cafE5vDS2)Pm4>Y1H)TLJJ2h^P58pxvux>~ zUzB-Nu?vSA!>gN`s&KP#cy+V*8;OSbJ3YgX^Zf5fV>pWYADfOU7A1iFFF*gc#Q1k? z9}1Nq*!&+aVEh}KnvakF{3$*E8fC`6D~)-XnV&yQca8Gre?$67CqO|&o1@K5tDy_9 z@hlQPe*U+cj>qCVZn8o&seZDMN`@l!k)EfR( zq0o+oj!>v`xRcLAG8*f{2JWiC5yb@@QVfqF)V0-*Xq>ttkwQq6PnVkr4G)F}yE;}8 zyv8upM<#F9#|v@)`lajW8U4YfkNAUq=0;!tH6uM+hq?xbM>_hq4tH%G9_jAyztX^d zt))xX6%vJ{xqgS49HYxCkrmUYqEsu^g~ZFH>-xHe+kxcpz^bmRw)Jdp^AF@=6RDWr zkO13|_Pc6~PK_ZHQf48BYgkeUPEMF<6Wg>iIX@0*!wsNm>;>MmsVk1NW1H$R8A9=; z>%?K^MiS@EP0`Ys{|cONKEx-S6FBsN?=qSa2kcjt?7vX7u&n}jhF*>n9_GaaaDjy7StbyGNu z->LDvSTe}qQ-uw}I@-zi^6(S$ws(3|$Q`8gP%aBi;rdrz;Rbs4@*sl?0t(LfM&TQgf1nnU0yvbhb?J>Z`Eck0 z?$Ii2>*)+6(zuAGh=6{)TC0f1{h_29ddegvx^czQq!X{zy6KTq&k4_8Hx~hUNF)_q zbyqs;dQsm|Q5yk})W_>;g;W;A08OmH5RH@^4+&A!v$zTeI?+CSf{Mj0PZp3hG$d#N zZ6fDtUKX?458J#T@wJh!A`W{Cy#d{g-JcehM4zLuHTP^8@E$Q^sNZg2KplpRi z#iuZjcBwFT1vFI`35utpDVAu?A0Q_XVk(q@09AWgLv(d>3nZCJC=ZcKSS}+88yhdK z4}(uRi=wD){ki&HKo9U6fUPwyZ=iFO0`f^D9BssXm+RLXxZe<3Lv)DFbO^xTPnnJ? z;)%OTC}g=K>VCJ;-1^P9X3)s*fuK3o z&Vnfd;v^GJ`=+}KjjmKIku=%?ECITrqLo>V+Uwo5<%VUwnCv_EnznJQl6_SV=>AV! z0*W8(U`fFpMxJ>rEw){m)Sz@<0#4Z43xP8GErcB2IQrt@z-$>j>Z~kfN;5Dd79M6* zbEn{qqELVZN=$4t2g@2}WRoJRF%%lcP6d3%#s*Zve#Xm*A-NjOXKJzg$4F-iBp^7Q zQMjt2EKUwEXsSRdxU?GuCWQbAm$j%}+eP-1t4xPz`dNOUA}$XJF|b<&5MW|#%@9%& zFztcMV>cb&DZtOEo=>#o=c$`dS!K-4$bMQ(wL(`ns8I{vYR!_gYd1;v|tZbUeFUn zFFG2W)f3gF2)b*-tzcZ^|7xf^eIHv zJ>_xwY%jgvF8ySIhGk$Zr<=M0vT5Q;o~tdM?1lxQ;iU5?#TkAd)g*-pE-h^&Av8=# z7G>pdipdf`pG%mDz@nOvgCtC7h!TPd6(KdL9_VQq=Edu!f|a;d3FbwqvNouw#WI{*#BUbfmIlNVW+s63 zWT#D=7tT*q*NP5_=^e2dJ^mx%GuI@K7@vJ_Yl1k3rlhVcjM1p3m}XY9^)Jg6Yc9TlQEhSM3B zu|zwV2qbu!VaSZ-#wNwaBF)($cSGkxC#9TmTYq2w_MWbxuJ*x>?xEqqo~>K{NQ80D zaN``pNc+bY1V=Jl^QNvV1}VMdPpqbuLC$6Yu;ALUwMYJxqq-PLem_B+A`pg2@dkF6AlxtK(_HU zv=pmtWBJ=kiynNo2^N~@kT`F_MDzg5RCL#GTeOLmWPAqHo?*@0oJd3~M?&zR7ZzUJ z>4660VXxANu!!h7+kcyaiF{{b0y`41x7zX~@j1^@h7UAhqMl*R%nWU<3HfpfW|e7)CvvJ=~7bsYUUca1HHTFM6}ys995k0TR)0Is6>jK)a4fhB%G| zQ#KoatgVji!HCi(GrI%GAEpyjECs2PtzI67kjH&=^*qREhCF1k3Rtq5c#Wkq>Yhb5 zYDt{vL7yx`(1vi9pvBxcFyHyFNn|^4xv#*KC~n_r>%d;FRZ3(rI>Q5NJCa!G&KD34 zi4~A3OB}0BmaT8XZqbNZi?P%Ycvje@ee-H`5Q`bK9zXBa^x+eF7NHkSfW^dwr4$C< zl3&8kl3t#iYRkHU4nsIlhyxexxLyh8b0g?7AMA)SVu4<>!YtR4L>{VzrFt&Z1W7PJ|de8U~zz8>n5uaa7RC;`t)QV_iRj6CwBPNE9Y1oMY>5S4AFW**~F7y&0RW zM=_f_y5^ks3}mvEV<6Yw5icSmW3|JPDC^stIM8-COgjWHCpIG80*7)CPI=a2q>!B4 zE^{(4((8Z(mLMk5ZDYtB!6vqKg*dS(w&L-LBuToSeiZ2$$PPf@4VTjt40^Uy0>sjq zPFd0*6bvmTDqcMkjZys7)fg_rNs4D=F|ZL5s(EyZQZIm=-M)XFmB>-N1&Wj?g*A=RD6jDMceyD%oi#tLq&JTXrLA7gVQL{VDIDfj#B$W< z5cQb~jNkx9m$9|cVq065Yz!g|4^$G4CsWt@Wz%3xVH+A-B1$&hq-0JaVz``7>Lv3K zysA}|{@4>!6C2EsGpNK>rQY-lnr$6AsZ7m1mxt;9?fJmd<1LW!fR+O=E?&JwBAp6t+&Kf-yaM6^!wbM;((HDiz~n;es)7 zR$DMe@?ge?c>Zinp9g_A@*G5Bsdy*y9(~pu)w>4TLJumjETv)-i7{Zxc_9{NnE6N4 zWSC2|(ef`Ng=?NxW6SO8$ZF&f%8$+V$0qw@qx`sLO*4O7(-4kC!cCZcp>2J3rZ?N5 zR%Au9yzK05*9gjX8|=nBP(Zs}prUpg=kBi6tm+tu;DG^}jS^m7&5H0sX^L7+c#u(R z4NXM6nm{CuE+V62FL-eKXmG(@qnH7<8QknHowcr`fhUcsGhZvJ`}7AMOob8%s5p35 zhEX_zLJEg|Tu}TQL|~O~xN=kmLm;I<%v|+Kl2Zu9_Bc%{QBZvFK+1ljwi(3Y`TA*d zv_6(e@;Mcl_v{Ig+6aXt6xa%#NSLUF$V3R4!5K?ZlK3*3PdmPF2+#ddV_gB0q)!hU}+_d^jWh?A1B{*pvU_{E-)r*(wuSCMxU1q^{ zx?Gzs)Fw@%D=?&rO{KB{zrX@!A8kpD44OUDkN?`Vuo?7H=u3RC-Wu1Y)wwhDUMNz0 zLN!uGG^EtHuMM~GSaV#_j*8U4InWH7AN=a8LpAOX;3%6VLeByNQHI{h#^p<`dDk>l z9)5GJKT4IvNjN+~<$xARoUZ#FjKuiYQ3vEzCyt`bMY0I|CNV#C8&5$5q6eaVODUpf zSy$#HT*25F`rq)c$AJMF+hvgJFF ztZCg?ld+C*q>Y%UAZn6TPuxJ8Tieo^AUGYjH{d#neA}#<584jkG^xU%=J8EJAr?1R zKb{$z!pe=46N|UC;%>`OXm3M(Sokc#nP99<$w)nIgUz+lC6oa=)iJhmWnx`SdS)wE z24>n~IDxTt<;t1*%usHul`ax6W=Ki5$tMn3>Kj22B$DM*VCc*cao?htUpiWy>uI2bLLQYc6k zKyiKwDpH-Lih-yKa?|LX%e<&8KFbcM+75E5@-!j}cbujwvodD9`I~)qCzXjo!pz

    o#cXCttP3b+S%vF?5_N42f?q%}4QZANungb*v(E{37f!jot_{OY zgcedlGDGqMp@HbMN(lmxI$VcFd_=PeEgYx7^SnScDWn7T*%y4Up`3&D=}bRiUu%Ev}iJ_EIo$!g!kN2%R#Y^wOKv>P5| z(lawNq%_)SQ@%r-12y(MtW*TIqBYf$h4kgal7+OzvXW(hH?JJ2WsH&q)jEVMSj*=w z(BTlnv}0uq`8bFlW7`S=gaV)y`8>AnBj*c?>IUxyOW-Q_DZ2C)FLPp35v^Y%4-7^q zmYy~E=A)smVOpA>HO8<&UNGwoqo+WMehgq7_0$C{7`OVR%oal(gFOSoMsNGpE!*0+ zba@>E0h?kOIdHnVD2+B615Pdds!t-Xk(S}>;Y-kz*YVwEXVF@P$4_vsjXXah+7xbC zx)h0WVz)ypedG)Y{v`7I=$S}DvKzFVO_|HU2V3-Q#?c%dz1upwMh4JlI!=3}f3UM_ zaBXBn%FoDFB=)uUjtq8f#q*I7q7{zq;L|GPdORHrte;Y$zN>R8{B+I+k}2p{TxL}G zK`TFrKc!drQ@m*8UvG#bL+FTS`G&;IFU|^Cs^UBxI~y4pp^OF?id+IWCYdwfoqV1{ zhIF*iY)A|KaAYB6#uKp-w!S3F`4MzJpUtGBdq%eMh>iPtCe^aSTVP zXd!hZBt!e5NK;Eg0|zj*ldvg2LKYa|0waisieAc|p?xdb;x>Pft_98=Ze(s?@1pJ_WOV4IU14<=QyBa>U_9m1yDTxH4pyYk|wM-HYwDEeD zRWSk>3Ld%yMrDlX7-|8FmNJ@qOMkhmRWMbqKd4Q&Um-qwQCEF9tAz+BJaPXQO_%^@( z4w3}*Xyhkx=|mfZV+Q^qCY1KF~Oe%&V=j zy_?_}uuiUEV(bzbcZydrn=W0K&REJ&KXu37+~nl`vN{dyf<+hBY81_;)G$jwIggu> zX-MUODJV zujWNhs^Cy3$gHxd@X`@fW@sG?g2Ia|PfyLwjKD3llm7g8GcRhQypxzMq`>%E&Nlx` zN6Y~`b?aCVRJq*csj5mT$J|9)^?F|PRh67Xj%d!qOGo4$EvM^PP+84a%2QdDDnVuS zdR|mkm7G+LdQn;0QO%kuYf9$G%R#psa@aYyaZ`S7m~5amIi|D|JRwsjj2$N`2zyst z%*yQY!xxecyqIp-u0Hwwl^Kcb$V7HBHA3!Cd;18d@>-S$C*;|}jg%2DrG^;qGt zliR`FVArFv4oRv+S3@zE>5!#oB2oA{6`8N*6 z=TS__@*GM`(czCH6y9-p2T>%?ShQ(~0xWaCXr3{&234Vy!)(%i&mNl1pBj=)jWqAn zOIqTiNaLCnxkblCV>mDPnPYayMab#p!ZLS<_UEXLIIZH1m}7BiYrV*cD}5t3)ZGVB zie}uh8(=BP!nwr6BwT*i?AxL*$h$HP{%my<*=|?^8)?MQlmR9BF+XzH`wc4~himL) zzg_&{jXKTQ9DxQUejtH2Jwa=+pOJlNv9~D7R~NQ%Xn`m(WwveUUm>QfMeekd=_fKH z6Ii)&dM=HcZi7wLbek>tc7K3TiN4~wrYls9bs-93yCI>hn2D)k;%^yM=IjV91R(H+ z>7UcBcM2{<&5f)Z$zoO}UQ;Q{12B#+B2?Gt9Xoi8~` zvofhTOOZv6j@WujtyGq!WpDv|ABr$y&TtNx z(+^#}+P1KVDs(D8T1qM2>DP|8wEob7qegefSL$09w zeAclVL%15UxrDG{KSkpRy)P10Jrs@g2CtDNeW;JD=OUJCG9fN8bv)FiSTY54bh+Sw zbSa1(iiYzg8FK7x!H`G)SckkJ6lrN%v%2({H;izB{Jnw})@~jM-KTb}`*Lcsp|C)P^#Jj#z|yf(wGcQ{VpUTVu-)w4+&96s~h@UX;`8c~~!Er{4tZ2N_7khJ2g&7;?aJZX{3OvCac(Fi_( zw8pC|5hs-tePf^@d6S_*cqm1^)W>jeZreI4;upxqv z3r#LkJ7S@&o1-mWCR&w%x<-j2b={&ZT{Sqhm0IAKk7H(28=s^$u29^x0Fq-Yls>YU zgfv7YiiTu+YzlYlIVTyKt^wy3@rPuHD08xVq0P{dP|{qP%ioJ!Fm=+CIBJM)PnhK+ zw(@+ALUAsPmI@rPG{F@GqbH9G=HkWxw!f@BqA?^0IFez_(HK7+R@t%R zA;Ul*qH19G84V6Hv3F*saFsYtJ?qF!CFALu0^I~bItar=gS%n=1f4@(kJTXc$hW|5bj7Cy$Ku{xGprh-iYOmE}W)s;-FG|L^63VZl=g@IHD2Uym)K^D?I5JL)3*%5%$)a*5lEl_Dgi5ZLn?&5}IWx#cNO`#LJ zaiZW3k}0DzSC1n(fS<7mDZ6`E0Jq|>u45xwm3TcBs5}u3ymce%TSZbz6^Dc3(t=dFma|e%@<$sso&f#X)NC&OuA#9&ye7&0X_mAz1SOeE3C9%yy}L$N85X-`em4Z+*O zX=cb8s>t1v>{n8Z+)$59nxe<0DVN9=un5gbB5n`OP3-@HA*87;$ra6jc9VK`ViH;@ToWK)2iYR@TfjYmh|oP_%$kvNAISeWMYr1;U1 z8&A;X2h%I$B@A1n+33TG3^>RD_AQyjfjvP3M@0`Kw1-G{+}LcI1suB&H;@378bvU0 z=|T-2#@2fs9R!B+zkpdMEJP)N46hlm77zAV+SAwayz!EUiIkl5ie*4+3RJWU%dwRN z3%44_(JGfc`)S}GE4|F=d^?tzEeo|?PxY!~W`w!2duCJ-VbOdO?cs5)Xz2TkytDfv z^%b3k=JpObjw!>bk)|dOX>#oORxbTyp^%lQNbtTR%o|PK)9w!Ix!~7r7Wa6#MN8aw z%V%BK4$9JP=}`*Y5sPEHyIjJG9&txkH?M9umK`Pd^XsS;sjR{2EYoa{w;%%(rg^B4 zNt#B-WDZlyR4i|kq2Y+h&_er5ie1m6H{O6hKQfee$?U#29*w?-k8$6_^Xt1K_+WRn z>4>}99A4dgEW1kZ=hxLO$rz54DP(eXH&sZ)6~lskE1fk48&`>`@<>9_v?-;s=qs17 zo1|`36n4HgXTF9;vr%laUotzBPeZY0F&ED}EX`_4;g;KIBg)Vmg;{Q7wU=qpQYd)W z3bw*115=c1<(e@8pxcHxCbu0i%-pcpJ!{zw*}{UXWKrW@_Tz|p(@?fISTfEPu+F9()unQp*){z* zCJOm~i9XKY;MZxWW8A*yP{@vRwvI?6>z;T+)Jsq_&#z+M0;ICM#p@k~F34kfv30gMq zN@dL)1lvFYgs}yyq9R>_eV>Kcca4b64W2e+zTF@&WxIjvfiR_xadyD@)Na# z^(f=tO5?WzIgX5aZJ%P44k4(>hab%p3YpXh&c1diN5@Gvjfg+l*lVf7_9Oz{xdW+~ zI6>2Ef1$l~LPHowve>azr(tTQ<6!LO%Lk_vkyLm|4^DOPj}@G9Rh?1OLqSxg*lZAG)qykJi!zds zD7}6Q0>rFTQdpF+)I@B(v427RLBKga8XMcQ(9Wp(3+PD)GW3uaX>5Z-$y;2>crLIT z?W4$zU1%S;@&Y=*^~7LMkn_lUF_25_jg8GNv>&p11wEOMpjg3b#euRJ%DGOAVG`{a zyONXi_VMvVav*^)T6*bNHNIrU8comzaptt^(&yhivH7D z1Bo zKS<}3AxVvPPV6<~^$Yft2eHqHjyJ9w>|9IBJ!?auaU8d0T`pM2&ElRxdK3}|8OP$; z4OqZ#gj=^j@p3nb6{bp?oQFgz6*rulHE^J}(Oe%^=Py_@JK>ozdpn}TR_y zU{%-Qh)!%r0zh&D%?n^s4v!jZ=2NK=*3bkr~?0|*R8>_ho=TK2QMURY>&r6ZFD?dfovyKveuN|8aC2j0sqt@WYHrZRAH0C09U_q` zBfOBt=3D1~`S|0?g_bq3O;tOqK3`S!-13GypZvvt|KSfm{QdK>`@Z$2x4f%m{LR(X zi+1fWuQ~L-*MH!dOZ!p}E_>PO{=nIh&aT_P_SfHj_LuLyJ=4&=_tQW5#801VUDL7T z%yT~a$%aDV=ZrwGtNn8qePUpuW9SbpC;n^xCf}D{)pGT@%eMUZsjIKK=c$JtJoyW^cHjS4 z)me96b;et&POW*U5cs4o_NCcRykgDPr|B$#eylAQKlV{X_ z_D3iCCigsc`pddcJLQz=p(nn6$p@;Q z{_AUh{_Rh`cKS=Vo;h(<{kh*cf7!N^UVTAhcgM!TYfh~G%!MzWc%b{<gq1uWswP>p#NT!#8bh|6cDk*@4?HjIICaKR^BF@v(>B_rx#n zyC=GF<4MC8cc0riQ1#eXs#h)RzUL03{p}zBxc~8Q_H;e@=!T2_VtZBLq(g^RUUuoF z1IDi(U-IhBZ~ow~H+Fn+=wqoDzW&{}?ig-c`PHgb;h8PhR4=Jsdhg|i@r5T(+q3fQ zUqAkn6$f9p`}IG)@9oJauiJ3N_qLti`{BbA=PtQu=F8dp4&3sl>y`)a{?N~NT)1@c z_g{W>c-PojHI0vc?bENUerCy2OCP`I+xzb8sGjiMcHwCc)qUyI>hs=k!F?ahfA}Z2 z^#z|@|4`MTk?+6fZ9ll^Rj17i9H{=ueP@6D#Y^tk|G?ozXIy&ksb|i9=bW!L{MQAK zop9E#{^KtWXMD+x*HoVuKfI~>XWPD6eQNb1x7^zDnU55a{J!os$X%=uYdH0 z7hZVg?@oBC_Hgy4Jx{Iq$Ho7#^QL#4wLjQ!(&@kX#MIzPbuW*<@}$V(jSr73K5)si zi%w7E~+0mym9g0T-@0{v+RLep1tr_5BtoT{;O|zI=<$& zR~>BF8GZT(TmCRJRb6%KU;USV*Dvqrcr3hrozY+O^!C4a`cqGa+izKNdf<`e=Uq2@ z|6?aTc;g-IOLrZhYO`Mb|N@S%y%_jTUz@`0Z= zUAO&}!?#_WzUq{BRW0d#zWuumg-0I#&L3(|zP$UawZGoJ=+U?JZd-o#_(u=qdNzLe zU$!iIptkD86JPc3kG`?$jyqRXo$;-+f3x*{sgHhS_1lJTewW$hd;aXmi5G8tYUAv^ zdk%i;;oketJp8gRC;ztRnH%=q{?=`$oYxWi<%Sm)PbL0v!HJ)$y7rw1zjxNxE*QA! z9lvUM_PG!D{@_EMuO3}}@4n|Q%zmKtRW;kj`aVDX??3;u>U_`IpZwF$9{=*Yf0;e^ zzt8+-)yF?Pvg5=bowMip#TWcd;9Do$Ikx7-Z4(#oOl-O5M`{V7`9X$M34>z12|Hb%8g~zUFcxB6b zUf!~C>hkx;nogbh(6h7t;OxnV-tiC5{MlExb$5L9JMVbMFRwrF!SDU*jc0z~@cQ3X zSHD=BO0R!c)h$2YJrr#nzGLZc)>bXvbam57cl}G1@tOOg4+Y*a{gE$R@cg5veE(C; zUmh)t{@K!xJodtc=T|?oEp$TftCm*}|Ma2QudhFU`-jdjpB-9rRp7uYwmo{#zw5-; zo;>iEH@vuXQRw`Y?SC+P{vUhq85HIBt%<%J$T??da*!-JHbEpvlAN2IbIxy*b54?M z5D5whNCveDl9Zq#f*>L}C?bd;hQ9s#pP75>&eY7QbL!UA{czq7U0u8P3eVcBy4KTc z@7-~C{FVfcv`cxwh3vbqQVLqPnX7MFkeZ-3G{ha;HRf(!f%LZFw9C@hTc_2BltJUc zdQi!Y#DesV9s#))?HF@<72kUgc?lDUtpF^=;<^@x!5dv~aT>A3LN{BCc?xY|BO5O* z08Mz8pTGzzbdQrmzX$xOvc!-C{)U%ftbj|D9gJ2{s+k$^0lanVv`bu$2Jox z4V80uW3b)|WINF30{liv7J%`-4&CsIasBvBs^bbnt1uRQ6NWuv z$^3b%LCzW{)Zi1dY-;KC<`XmwMG9Bj$S{aQzmVN1o;Pnz>C|y!4#QT2K5(GB(%9e$ z>q!3lLFyCvmZtm5;2SS`Cj9Jp37HEnEe@~Qs_T!_&_-I%@Er!{#M5`)ung>V_gaCJ zws2hJe&c)fq)g42maAoVOq|eK*H7c>rNdM%7rp4AP>}SNyoVbVLnjU zSa;qjW+uB;srKu6pF3>j1I{)EKn{hn$z|6V<@j!PIeM9pQf0#ys*id=RzXKqZ@>K* z;+dnKsWk9bl0Nz%-2(^n$BOHHv-kJR5vj=Xl(|-%-)kBCfM8zO$jUoX*EHu1n=>6&6 zu)8qeb96buM;0&=KzS+~qwL<&VCBd~Hx4=rzz<^7+2$&$)J1{A46G+-qjt_`Z2hCe zwT@ASK5k!Q2jXB$5#hZbY9Lngzjf%Hil? zZwM~e)%%P|!{0XYsl{c$FAD1+o#;ry)y7y-9u*Gi_;=Iq6L7zuJ;X zkrzaOa1@YLE~lUy?@O1A+?PGLN$|B^4!j8aC7-k^ACuceYD1r*u^$sQBKO^sfLAw} z$Qo2%PV_rVF(FRX)n)Qcj(pXWoR*&W`)2aqMXH}Q+*v3gGCkQRBkjU7K44$Qe>u(Q zak}qTf=+X?`eZU#POd~08$Fd~+n3J!7N7+pUffI~?||b95tlGpm;~ zYcDe~%vrU}P(b-#CGh`WUjAMF_y4|8^FQVGzr+7z`>Mz~BHZ0AP^-76h<30EbtG1aKgL!y)i00VDzd5daQ>01yZy0s$frI0W7f z5{W>92qX@H0uU%90tF&aI0T5dk3@hV0>mLO00M(VU_b;0hrj{|EE0hQ5m+1o?#Gx<%3WG#pKokat!U8BP5`_g(SR4u;QM^+)5QW3X z2>8dNe*%if1K`7fM~(-E$McVy|2T@D2jI=%HR1*E^YBC9KMxMX03ZelVn7gs1F-;z zMS@rm#Nt5wD&c|R=i+b}{1V|&;wJ()3b;Co)OCxa@6o5e?F(?p& z!eKxF1L8x1*NVen01O6+!GIVH4ub_SSR@7uVz4+2e&zAO!`sK#peP(oOq9rI4lalqL5e=h(+PBAb%5b#ej;qwNcBKQpWC%=%$e^4U-StR^=;6sm(>_15d zBL9I7{sSJ56AuaRG2T(UPk8fq?RceldHhuTyZ`z331S=oAz|0;z>Fjl(}~y<@82Cu zr{>kK*6pl+o&}ZgS(_?!oyeo@(^wOrZJ18vx@kFl{%E^FkFxJWW%O&enX>W_&EXxw z`YOBCgn(F^E`h0%Rq;$X>l;JkLaoffJLZe~uhJ;*^bYe+8yXdvx&IBbed{xsugA4M z(~@%dvR%cdOUCYO>wcR?iyFgWqv(g?2ya4vlC!d+XBnn0e-x`NPtKU5wxw#ZWB=sUKs^OMr=Zt`fE_K}C?k8|1pft_$5;0X zwxliw>kaj17QI!mlrHCve1+l6YnjL2`kdJK|H51YCeX~)8E*=wR@Gn2me*^2EtTO; zm_L7~b8C#FuR2)cSm8qkE|-wqqkToUx^U`A#dcJ+Hxqx}zzscU1|bx*DLopIZzv1+ z8`@C5&o8(d_&rycq~vdnqIi4P98ig0{4 zo3qAe<++M-bo5;VY}E!hf=V9f?d0Df>}%1gjlp?4ML++u_o-PxN#7%Jzc6T59qf8= zP=!D4#+3{$I=GfLvQq!4eLn4-PJu7!(P7n7u|CI8&cR^UsBtN;hwUH5Uew+fBE5Q` z)qD9K)k3jZwqGQ3HF$UES8ACc$uAmb1HPw(qHB*PXr{joN)>)L@uK>2okovumhYRL zy`uZK=gdQe@5gU^FsB(;+$s4sWn}2rHBB>LB0XsnAp3?dukf?Q6tz}0^9^Cc`jqFA z2DggFID#XtkLn5EDvzMDxZnLsZW3NNnF-klGiV)zAWc*${3$!dip)CQ#c1R92XOJ{Ra&s@$PX5cxpJ8=f9A5pR%qrj z2Q*ObMnv+7ukhzWUI`6od+L;yeaJs^ck8RT)A65*bvc*n;9_m zEIw>peDsVXcGaiX@OE&ngus>GUeDYwOvm+uf=8WwELTo$#eCsz#JAgm&VAE8Jd%#( zF~$B!Ye9b@OIQgmhjz-)0GqQRG^{Af|E58L*>tL(#gYJa0nCJ4XF$YXCw z@8D~BNxhcz1kVkVIpXX95?zt(ZplcN9PS4=&C5RTSAqimY#gM%Tf7FJ{G=d!27XDG z)GVY#)@>u33@sjVKZd{f@J}19SrgyL?#aqxTjXYBU=;tvAMERt!W`F{R`~oREhKTAI&PSsb5m?176f0vsAm2RpI>|3+nClwF`etIiES;>8ihn5Xr z=kXl4l87z!Wt<$x`;b@vh2GI0F*M|P7CrS>P1wM)HaCs&r=ebBg|3N@aNdX59jzHl zdA-+N70*5)nEj)8RCpdM^hoVG3F)z?Bikzt^{ccd7S%0S0}J2$7EqYwq2{kRtKPrW zr1WljE@JR;%}!jC%AVeQ^u*)Z%a?+xUlno2^3`wd?!x!y{wgjc+U8&`xA&B}x*jLO z7wgi4GiW_Rn8U94>Zv~nBKD_?p2~c$ql;ga6A+OKGurXz-a)A{yf-RI`hHKG!dnMN zVp?+B{N8u%7WG)@?V6cINrAQ&^+2Eb+&MY{N$>qzQ6fy~;^B>4{$#G0E2FaBZhi_` zJHt->R~0(4^~mQfYLohw;kG@kUJSlUH7>7{3F+&gH}-8IF;WAs&#S++=4kW3f17?u zCjhv=bl!abDohi8PcFO#<-lq@@f+Ui@Vrv-vGj@^A483SRI4-ld)i(R?#Jn!pLJ(f zmOCD}KQ5y1Hze~lE%S=#sG(@}r3#fFj%5uOuX=mrA#C@mjdZD=p+`vTt@O$UZF#qj zY?JRtf%1jd-5oY}4qS(4RzHd`+&7r^^1e8ne=a>C8EW&{emmYmJ_o zJ8e}q5}Y|188cR*RKx^28tSr=qHU?ZUOM=ryKd|2>w|-XFFn*p^DVv{e>pmQ^s>$4 z`S_SHIia<=+3CyPUq3G&Ja{md8=0nz_%xYNSzh)sRYQZ5_Rr?0PuoXZm?x4}V#$@UPks_@C=HLL9a>NLQ3Kf2tv5#jF`libmeI zPTOGJbx**tx`+ke4_5A%vkzz9>13D8qt;M0q$rRf((E zS+Tr=iU%frjf<#@LFB%vb5yx_n@jX_E(U7`u37cD3`Wc0C&~pxM8#3>oho>k5b(L9 zIT6HlIjZ+j;^Hb%Q)Pln5ZjG}-x+*vH1|T4IX_f&YuL$wGqx(BKl~=hD8?t2N#3|( zZUhvj2)ixAAkb?xi7mz58bD)#q8!>}BzNgCj+6r_G}SnrT1~;LP5EyR)DbRu%&~h&bzrQJ9QhH!p{!r}ER4 z4c-%Y`WUTl0WmOVDG!BezBJkSq_IOWDzwwQ{KgY%*B|rww5sQ8t_N2woF2KI0_Re3 zZ~N7&p_K(C6N%pE2F}d%*F2&hmRk{*wJOolgOGb;u2dhcl^Y$HFM|V-8=MEYl@51bXqZF^NiTcq1jd*n}R4vY*mKGJM6C6BJ5n z*yn_Dm&_w+n)+6H%oPRv$uO>r$9dK2pBEs6{9e?gH$vK6KqAs^0EDxj(Cf;_oMY!J zk}9c_N$5MU=+x5gJ2_Os3QKOqq?e!uY4sXBjf^Kq678E}bVwe;kY!^=CRza|kx+Io zBoW#bRFD&!*dheEpRE^HN=Ib{<*>`0bdNZ*e@9|9pQQ*O6WNdpqiIqy2nd-VD4$Bm zG=d<>gunWOr08uXk(JRW87 zarL4Ly#i&oyo455JV28Zu(P&pTV@v0sbzzYCyLLr#x!luFncC;Gv z7R&ISoSFgyfiY?Tb9MKU;?2-2Ns&pfT96RhWkxo3AjyMVGgZPKvnSAtgwM@EuJhfc zcvYwj-|rw2k$edsu7?uCO`$>v4RU>CwkD#Jn#^WHQy{WkK-`Uk1=N7h2j{I>;J)!| znjop3K+zQR00GDcDIqCjbuZ9DxFWE}b@3 zo3UR5qGSR>Pc};Kivq9?Lb2Aij!cSeNH#tCZml=DmT?Ckk26dG47 zKz9NP!X=s6#N2@lsn7{I$~${IV&((H06<<>XeffGMQBYB$T8+qGARi zL@yBpbWhMQeG_0>KZ1#I15F^hvB=4O0MSEZ?ffL6OkMyiC9YN|nUq|210*a6VuraC zfSo))fWB-vg{W<+PLO{CbLA+*HD@9SxFbfEgwup8{p!fN($Ay}+O4Ku0O1*9(2j7| zA)jB=I-;dSoSP#IHD1_fPadOvM6qP+Lq+8D$Xw!rW=-l1;MbBjf9H^`qf5DvY|Q1D z&!Pt8^S~&_%Z+-nZsfqR-5du3TZhQ&)J#FRvT$Lc0NR!CcNmdkFF+aWH^lm) zV#3TEQ&=TrNHugCF6Opb^fqIg1zAW$UeQ&ingbA?EwfY8;?Aoy#>s6gSz0AJp&D3{U;+VDq@sFRhx?O_RLfIpTHnT>%jNk zgKhKG^+5)aG8@HZ(W8wBzK;(=ETxkjPJj^yLOE_eXl5z<<(>N)MxR}X3}i;7Yv&CH z)1MFTJg{?kVg77zsm}4O3&%qNZF>C65-rm`SR$#asNb_9H|?M1F-|4t^y{CY#;6-y|MNhYlBf+$t|PJgWC z%(ahz(kyFe)h%99Y6E9vZbB|h*0V&$3Q)S-VNKSj4O}Ov(?K2J)AV0wj!VP|#l;BK zsO=@?CFjc@_d}D;|H9Z$z>0ARmDO2--)m%dFSsT&#tvG|Hsya4rBcXIvYPBE#_n|x zD|meOHjZDTO1y9&>O63Yi~M?|^xK&s_-7;v4Ryo7M0SCua-cvky2LX&s65&`J)UzS z;=t1S2T=lQ7r?1uqUn|ZfqJ*seYO-Gj!{_+JQ2|j}@_%a{mMDlW6!h=qjdNy5 zL3<{SGo^gIh^^Q+8)b@Ok&kL>Ff-ANA>#&wqRmQ_#ZNXRHI^1tB^2tqfq-VIy5@ap~ zxHFMw8xdtjXj*$OUtA$X?b4A_GOD87dulm~zBx5IDkeoXi)8`rumn(G(wl$8cESt& z(qMCY-b$s>&n_ZqTT+wv&Hh?Ni$s`GV1cKXi8amsbDq(Y@}B2H+3sn@8D9Rg<#rQ$ z(dIWnbYvpEN4kM(gz07ZU;2FR{t za3FGDPZocA$8^7`Y@8{RG$n#b$JLS8jBVeH_9qIupA#MJZ?+O-#hj2;jz+fxyqh%H z5bzg}&a{olH(_?Ads__3rx>K=N$qBk!F_Zr0p^T5H3u=)eM#Sc9B^ z|0c#14;{t=uwT3%v>_j9q z9t1?n#z9HBcN~MVkKZn#d!mka@j*NA6c9p29@9gbjHMEUPRsNyn9>5&{ z-(tb{ZvNrt1a1H)@UQ)!|JcOu|3q=;xp~)mJ!tnkdKx4;->tM3)xH=072gl~Z@j&z z-}ks|p*c*y&GymqL%N#?av^&Ah+E=S^ZQ{j5AQ`iIqZ)!dbB$GxoYGI7d2-jIw?6N zHBH$8j$+Blp^t|Xrxll!mX+ViaLlcCDgZ0$>hCo~uu?J6Q?c?G5n~7Kb33~~f73+W?7(O!KHYwPuTPAe7lciGxoiR<*ti6C_O+?b zEqVy4MlH`ps{PZ@eHWZ6d#f46P-nU=qWBM9H;en}Fd|JReiTG9c+%URa3RiQ2U0>A+!G)Ww$&U4^ z;!gD=ZmtmQc6B(t$TN)X{qnv)@Mvx}w(sjY)+zteP(|TO({LeG;+1?G2w}3EDK+Rj zn$AGJ=oFdz5QT3BjU{tQJXQJmaVq;-`jhpqr$4@~yojWF_V@SY_pht-^IW)Ze}DaC zLM7sxL1nsTAA&}3VdP3_=8DVc#>xbGsC6C4MA+<{#%{aMoyHZw?2`T>m-u$f?)|9R zEYWtMwM4OrOP=^j|3)*_45`c4mXy1pwh_C2>Gj#tjC$LJIs%z|QJ+(zSTavFTDWpq z)Vw!i%?Bel3lOAU?&Y=T_ z@1zTQOsruH8wK~#Gk0$6m*sFCHrHhfWbHTP>gWqM7?L)v)aR+$c-=3TzH-X-&|_e> zT$J^))h5J}Q1b@v${eY#L<_&jkIgW{qK*R#e0`nQ6qz&ZB0f7zfK&r51;f7wGY1D ztor)&cm2`Vfu7GA0sWbnQEEXA{@rB@(hgEvduA479x9o_?;95Sj8+o6TNe9m5)oS! zJc)C$Ya=-9`gJ_~&2r&%=Gx=zuhR!*pC!6E)9sH3SR>ckBs1ahISYaG{@qd&d_^*^ zZqa?2crN!W>2&dO-9UE6^j`MkdFauw*n%Nh{Kzu8=Aghi=!^9$^@mS?nwWGnveejV zU32Jrbwlt;_kyt%dzWNDihtim%Jo0p@7Px3!r$h&a)e_Gj_jqD4S9{i==S-NjX0}A z^ZGV6{~jse-d+_shHPgfazribQhga;PAY6e^CAgKBJ%y7X&R00shnDdkqSv0?D5eg zj_qZBZ&TUP-0O_~Ho^5Q@)Ort&hcjB-SzX259L2xu~q)&=%%dXwSW3^zvV?Nb+ z!c&I~a-HeC@>kR*DJ;38s^l6r#`mkf*^2ZS|gdO90mvtIR9r{4q!M1`WxiPyh+C}?qjCP6IQ zJXZ?VTDXf~jTmRU+TS6}VxPT@?KbP}FC6!Wx#e6WdEi!OA&3dJfDStPFwOO(#=)Qb zM!|xMtkY_Q-A|o^QjM&+2;N?(Q&_*^YL?zG&Ff+|5?|m;E3{*VZca)Ke$6h2aVhBQ zY4KdaVvxTbcTT6;YR|9vt{m2JmZxi27>y_IXWu1rm{hZ5yhhp& zX3o7RMcp)-iV~Skns29fis=_JYsm!}cG4O}N%Ko4*&X#8CkGLuk~O>68uyk-`n_k2 z*#*YAjHe=$TjplB>Z{t$EUiv?4n|zBPRP$J zuQ7zq1SF((eVXt?>!xy6f&9&Z+_FZVI>z615?0=CT%^C}IGL}1^0CQoizv0t;`34G z$Xx6!vcTN(PmvkAY1tAY)tLC!o0!DTT3ao^HtPewaZBc+(t63g_rLcE1Ue`}g|?Wx zsfmmu<;zoPFcwUTO{%xAUf;H4=wM<$()sql$XY)z^>M3b|FTezoSISjy|$*ms3U6| z;;L`=ThT@=eY|OAHp20K6Ei!cQFuDg%4cQLW$4~ zRDG}%=YMY><}d5Xpt_dwmTmeArBxD#>L&l$t9jC*U=|oNMZ(z-FU+lw{hpt7;4d%x z+1_HTgxYSPF^S8Va9`8Q*+Uav(GQ6sMn%_41kCTve2N-8ji0>Eo^0s%cq~SCbp4c# zo9kfsewp+{*N_{Mn7y9vw`7?hA(TuGykN* z;_{nzI^E-xI-jDqnkN`M!N%2~@L9D)RziqwYLQ&d?w11W&4p~WI_#-;u_vU)3 zu0VTw565nzVAaUN>F0XW{uc}nUw0PWinKGxJ>YX!*3{B`>XWo&0Ull~+2>(tvf8dZv%3l|g0f4>#v|6be? zzqoIuW@6f;vM3Q4-4a@RX87p$`d!MHmw}F^O<&{Q8aTx?o@om@-K`1BlfEPe>BJN7 z0*;QUzgqih&8^-IA5_W4HR0CJ>gH8WbJgQM(LK|tm;dvvMm=Vu>F-6WvD%^8*B@Jb zAAUaFQ+w0-=<17|`k}+TsxM7r$DO;bg37^0Lv2yx1F=rO{hke9JiMFugvsd?M+8En z5^ykU5L!V8_94>HBA%0y?cuP*az+PFklq^o&*skxG%InmSs~-V#qITOTG2jQy-)~e zf7qiwv`BxF=yHTie_`t;a+$XDw(H8 zQ*&1x@hwJJA;p9_^|nH)xo)_Tb&3O%hWv>L@ms2g7O5!aG#7<5zrNYes3hHnx0KpaMG5zUrUg6&&)4WT)JYA_!1$6OI85tEBfePs){fat- z^nImbY0ViW)|qAd$vOLIr*xykP`gzqx|}(yULlJ`f#IM$fytD979)jztp5Whnc2Xc z-KCHn#zaL-9NTCu5V=IVhPwF^nT=)68SM|xsmMOL$?E?aX#=4iTh5ug%rTrwqrHq& z?#yoP*@9E$5anGrV3#%jhP*4fc)lpn1KYd)ObAww!nWH1A+P?_`<%n?n9+ zMc((Q{41~g-`4qmEAsyk7vTEyaY6-z2Vqvkv57>XyBWUkiSswS3NC~SA$kS$iUnsG zg{*q{Ou_|>ikVzCg**d=+y`O3mrVRCg>(Z&ywinWdL1JU__T-R1cK3Z$K>m8j)_kj(l21cINnvlsuWDTP2LQ zP0gL_7vC;%kW(WT9hoL(q?f1QEP z%I(|HNb$E&If{FFGB<-Q+f@3)zD!rpOe7;uRgy#nXu0&<3(I7Zi==ae2_zmT*q+=X zFRk1NDvRj{fHcx}=AeD=$<62WpMMV%(~EL-4&|_ZK)#;8qi;spO}bvvm?SJm!t`L8 z1T&HX5RzN#PNAT7N&%5H&!-f1hBdg#)4~SFw$|PCDld~6#mEWJ$vuuju|Wdbsm`Ij zwg8LfmO`n-o0)s!`wJ1lzosy+3JdlTKj>9IkmLn!h_OhN^!vGo<>A$&dZ~<480b!PLEP%>+lO&Vc!(jDqIX{TRkD`wstoF z^BIsIH9qOY8Yp`;qnvJ^iG~}8{k**30uy?68T<$t8%E$arO^7;dC~VsQ)nwS>f9N# z3RvuGo*>G}&sPe})p$2=RI2^@eolp??^vuiXi&gvYto8+r$~9Uq2Qc)+=4MmLxx-? zN$4b{xtaYg^>8sSHaRV~S~HBMfHjySM*NjWM(=9|nJhb2xXn%8sbiOAVs*R_;;E@h zs%WUJ2BO^sHRPW!?=^xtLi@I=HZqMKtb>p1$i1W^-MmyJuY?+Aght5ki?l@@AR7P# zq^vqXf3B(AxuULaDt!5q#Ozzw9Njcz&&!7Hc6xq+K3lqU94uBGG)U=?;hSv4*7J(q zxlcMxL^OP>z=N{&P(CHWzjA52)p)7bq33PEDUyH;f4UG#gE(m;=yA+ z<1B-FGtccE&LyEA9x4q--_Ek6&?R^(S?WG=4NxvXLTTWw8j7r53p3c}I6dy>aMaYv ztQ^kG#$Lt1-fHNUB5B~ntyBI|f`@MpEesIpT}TBF?I3BW;N5Cz=vwV3F;S8?_GcBS zN0_;}G)=!dT>C~~`w9Z8D)TsIHrwUNdqX?VH?{k}vIs5uM0?&^@fNsa9IR5#J}FWS z^uG6M@c&Haqju505IoPer@jeTBGzln<#ZO!1TiDHXNfS*prw>_Wp>WP6tTu-)+Z>r zdDo`dk;0#;-A>-q%<%)DBfsF~)Yakj{F^La0YCe~%;A@`O%{_~2cdLPbHC#V;r9 z142p0+q!g)RnGzO4K!QCE3~{D0v1a=j^jEFN+QizqrQJ8^5X{7)xl_B&|(4K(%q_2@c3qcLI??A!t!M-^($Mm z1dD`SPbEV3k2fh|6QaY`>2H=#GSqU%R8en}Q0hT-uYz)VU-H8Otfw7)ZZpqKbI{0o z4Jgb`L+%YTah#V@Z{HD*Hh+UWXlKM;8#G~LnnLnOV5f9KzE!zbHzZC;IFpawt@`5X zr`mTV^U+c_%{>Fo;5p2q)Ie++?!uXXM|+> z`Yv_xlN6y?Y42%jy?_eV6imznwzaWv$ZMS@1)O;P}nE# zznqdtpeY|n5i*v@oOVz{)zovFvSkwrns8o^A_c+QUo#)gbZf8~y5He6WR@&-?79E= z);6)*dkeewGD!+Oe2S4R5Q`l|MKxdU<7#trY|d*KN5+x;H^O^F!7_kXw8@fA*0a{0 zlLuX*eB3=VhFl_HbspP0)*N7C9^fBxOPI#)?Fy5DZS9uAz5uTSnTufRuip(%*tNU05wou>8a zkD8sZhpX@3oyr&Q=WLkL^1s^Kw(MdZ+pi`^q?tk^qe!PpM2eKt2mu5@0tRtkzU5ax zXijAjM_UrD>fRaceKvfH;kHoO&`$!=q}tXCaWVfsUr_i&?LAVKeW6cj^i=WY%LWf z?(RAp|N7cMg?za3vrq+TBpYW^0U2cooic-}c%S&3V{hImHF4V#igQ=qb` zr}*W|9qS$f*4UCjuZSU*Sp_O>);Uf3!sDP{Zpvm6Gvz1Y{lC`IfX`&!%*^Lg9~QvJ zaLfktU+q!cd}q+NaASwAh|j}RX#X7d9Hq-+fB!g&02JA;R<;f-?F`uF-_OGX0jM4k zUs>%B+QJRh*{TKG=q)J}^uC4Mlh~d<2yE(`cp!9x*^3sG^g~%C`XE0!-3hyINBrK% zslP#D`N960QuE-_6@POMAQAQV%mFME-csHoF-NlfQUX(b@yBz~>mLf4xE9OpH)lR_ zD9K*b>`HJJ%q9Q5cxIK_!XI?``l~O@X!)&SwTZL(%JJDTI$~`oUEF6ATLp(830ryR{a5Ou!|^pgFkx;`f$oep=Hr*QNZP*o7P^8C{Z|;h0?p z>jD7B7DND_g3ut~G+4+&CrFHdlWatf-yoFNAxSACq&i_s?79YYNYG01wlgI<1hJ@S zCK{K^5hDVz4Wcikc}hb~wV(Tv?#5aMfwI;h$));6WR&@12*C-cv>&aYLHH|#QMFG3 zb1rxjV#|Q^TE{}jPGU!;;&;aQr*8Y}JG*Ftk^XRZqt}rib&}alAOv0nZW$okiMnM6 zgr>q=ojC#rO>hXJ^8%tM>&2;15E-niY+*V_6q_$Bj-ETdYf{1fcDz+ZqG*(h?x_Ib zgp|mpuMHB^1e0@LN0UxLsF?A)PY9@7d>E0=_ix(K?*c}|ycs%9=|ZV~ok2MA$c&4d zu_Y1yr4@Gl9z3QIsM2~=aX$oCl%%kqZH-O#YtHm0jv?t1*qtfF{QjY zbQufsWad#xCq&$meImZ*fq$$}1|8mJNMndIgeHo>Gb-7OIpukUIj$%zm^nr^!u3Vt zwdv=zz;ypTw83_@2>l_P3ersAL9~oa!l% z#v1VJ&qNmF*Wbf`F*#nU=a@)d^fsql$QC@N9zf%o-*P+3`iJzF^7Hy_( zaw6Cn-`&&GnS}0;$&hFbHojd@Xl7MHPkMjm#mm{b`SRx1JP-2>+S9^yde=T^4s=}~ zOi54G6T|=ZXgdCUf{Bp#P_+S^r;Fhs`Vc4HfH+*pIyV+oC=XV z$%l8&=NoR82s7L#6KLh&&p7eZuTi4e%OnnpI@OlHS;dj0Id+A$pe|F?ezw>asxZyL z4>jMKN%iPSNlyJ06T#sI!z@4B$f!`MDj-?EDc*)uDf4UJn!I;7=v`7y(Chd2_g@Nw z-u-sRr6>ytbez@eN|$Htv;8qZvAv7Y{>3VmF4OJYW9U?y-~$mq+M0BD zSl@cidQ&TI&A8WRmNR2QqF>Gr!Pt~pK|{UZ+5DFusbfg8#|=?qH9M| zFIyOrA^#NTI(_AKPUf#(_|{P#J<^20Nu2U`y^b(jvw9gc&a(G0HCV5#5M*r&vf+Nk z!Tef%iQ^SU-=JkIFNMl9!!`;dv@tHk!VI7(h^QB=1>g#uTLMf9&UHen(l^lj_e_ES zf*B#qb}k#TV>`csUeBFKgA)Zp!wZ>=5)04+IMugOOnfTQlw70ixAJ#S zdjZQ#Dz#m{ebmiopJ4oDa=P@+8u18MN6coRfR)b6qn9a%`q%UBF0kI8yNmx;fn@2E zejjI}j{hRl(OL4%Z@xv|!-+F{2sPlIj@c^mnzN_iCOhd0$I0i+ z1x}%j2tgO#-`5sk*Ph6TJZK#gs}Om@BinCr0i2>zeopLqIaKMaZEeW91_Gp0HQj=+ zy;a>>r0(BjOR^U;r8dBtmX^)H?zyDMP~B3 zwsLm#sa}QPdRn%bit!iMk^)b+Z#p;wdp*R42BJ1_~?}YMYHhG{g+xyV~ zp4@j*E_NKJ3!fW$YtMe7eY~YhBQ`E*f8Ni5GIWewN0pJ(8P3yburfYV!box>JLo2O zvLFSE&lcU0&hWT(=^XdorJb?JL+X#0O49vFQIZ6CVe*=eW2k~=@z^vzEcqvSs!HXxxnUr2yKPe@X z#4B5_AKEzu&h4m8bWWuRKL%>SQXzNd+s1X&)=oKugH_STPP4I#g33*>)M&sj2EOyO zpiy3}UL=#X1%%09AP=dr@bckYbi~-xlHX~*0Z9!B*5|x;DGqb)5-(E8SV{Ci$nMnG zZS7V@k}w6hpyVa_@723WvWd>q(Imev`!SWK<|2yx6@-N^4a{*3Ho^zCUs8uODJ$iW zJ77r~B_SwCslO(*C;f=(F+I}mk4Eg>e$$r=UNEmTBmd|19z;_f1N;n&0O=OD*3A}u zeQuoCZU3lu*FIs4B8*UwqhYMFF|~1_xnRnLAD`sbqB+!idb_y&aoIHoEd!bowV1tWVMd?KCZ;v^4}>K|xHI8Qz{HSm)tsTfTgRHQLKrB&l)ej#1J z`#^^bf4%7KX+Fe@@DS`nx_(f3Z00r12W%^OK7QSl{EK4uk3NP{>TH{mZTUw(VPDXNcb4Ap%7r2&=2XA;(R|Su+0<3l z5sR=Uu`m>9|i;AJj{=)98O4X>n^q2+0o|h zu2)``eJM7h1!um>I@Cg&| zUcu(0;s?j$HtODpS_SD9G+3{IqHnylsiX1;8|x!k~<@9h!dir5{7$q$8O>&pBRKi|nWg+9PV&V7GU z1BDqAZ=dHoM83<_keSn6)^K@6{7i8!`%8FZa{Nwh*=A*; zO;;=LpKkrYq4jI05&eD2!eLE8-aedqVo(6$tvkHQG=KT8u7g$FN8!I0Kkhi(Wn9`! z6$3A)V*j3Ds8sjq7NTDTI-lb5kQ12!{v!_`?4I?4FjCaj`_=Uyw#}-0{3alLgY*1= zQmp5ZW8{#l=~-?s2!|Gc(C#%tnhmVyy}KaALM=?H;OSSzg;*0>)%^JwB6C+L@tnxs>K2|q)fVNZ!b2a|Z*`DDVCC#V<{dt45X zP(ya##lK9C!nY&Xf)cjgf$T_-006N!qX*?8@7?G5b{1@C>B9yB#MF?v$pj(YST+QN z*d(5yBjMG}SN*qi&D@O}52UUB54%7}ceFBa~z6F}a9 zW>XOTsg&>XXgee*mL4THl`J#`8SsoHK|mNy(k!Ehl$hgfg;Lfoh$y4d*b6k-JK|iH z(YPgpZ3drqBF_=J*h=|Wv#59o6U13Jkr5S-uSzuclNe0WAwlstqGV!ZY)E~QBQo9C zE7`sS{Xh^xM4bM<4-GNNbi|}W(vv`JT0Wjpoln%5s<6kzec^7+N1$H9P@~8xDuN3HVnqd^|kjdd^ zdP1aRvQB?$p>>W-MHaL}@l zPP}u@WJSP(4TN-)+vxWk{KXy`Q}N^0ImP>lc3_I(e(Z~P*}y;7m`TFeJHai4H0}uyG`PD42o~G}!QI^nE+M!RAV7fN!5so5 z1V{+H&cDyy_v|a@o^$VcW4t@wo(!sM%wDx>)m+`ZW>wAao0ry+6}pjJk&%7r;os5{ zMan}ifC^EOdx5;=kv+OW=flCQWG)11;cilIc3D`u(8IV9VF2C4{E;ZPnds-EK&fYe zk*z_;Wjr2HNk%Ry_&tF$I%zNU04`)elAg#PBFP+k09k9Jl3okN3h!U#0b6MyXkM}3 zuR;w1fhEF0hU5TZlUQN3fUUg@Ff0{4671;}c)k!YJ`9Yy3GTEBxZTVANtz`(mEzTo zRyiELv6mL0_o`4aQ>Z74;0B#cAy8^0ooFvzSJ-a2%u$Igd)_<8Cf-*#DkpC*8;PEC z$mc~Om-Bq~^@?}yLVM0WhR@nf4xG(7NzdmB|9TpPngszsf13uaGruu6 z$px00X>d@xFzIMJf=TkfKJ5Gb_uwnHQ3tU+HC9EUh5RQRDMyHmQO+iP?qRSRQBIT3 zgj2_tv%i9`zFxnV_nK#`avFmtQDaM9jj?ov?5&9`qYCcbj8_57!Mb4toDU2OjiXD<#mV3Hqoy}0^%()pta|MaBBRV=#UaC= z7Z#VON5=xS)>}BZr-c_*vRt83zSUNX z`#ESRtwJ8iptK?sZz5^Mc1%6?*@dE6lTccY(Pc<$(5aE<-inSiq)1wxRA%fpVyFjd zib%+jxv3#6Kt&xSC<%x6jTfB~IUtaLU=R$-eUkiAeP>J>ZhRUU)x^;P#1m5E!4qOH zsQ{PFejDJ+lqi(z9D7t62!g<9LRF>o&$G1hcP4G;dIcxY$bPT%M0PN1vf>hbUvgDx z=i3tUz=iCC1zj02X>exg01Va&>o<86wt%8zW+30ub)9ePHAY zt;}wc6&ws{S~0-XpB_rbUt^NXb6%(S2`lG7%ym% zt}F5?JH%d`DLBC+&@+h&Gt?_EmU@djH_Dx)$nzwjx8#_}5Of8=fw`eeNoUl0`1Z6t4%JRNxV1 z@LF9^zw^Q@ugf%j@>~6Vk&DWjdeF)`AF%DVp|DFz8~v>p9-djmi)(`>*aJ*e(4-61 zi7|p50~XD?2Om_xxr4G_R-+x*T+Z=YBl)Qfw$w?D7G51REaY!iBiTt8X1Ukx7_jqZ z+8hQdS(QiY)xV^8QD|trtw5P<-Gvpq!oKQg<93nJ z?0MHlNp%`)RP3c&$(&q$&%HPFGBm80s_sf5tf?~G&0DP2Z1;rn-IYJaX6BkoNq_vh z*TIiR9C?Ud!)ObW-FKYCs9cmrHaT12&v`s>@JghWH0Gr ze|3nX#gjw1Ze11^72^M3fz(ZD7rIzJB>p1NB!uL;=DtSKJ)ZZYKPaMnn#o0W0c4Ec zXGSaB-0KQ2%&#adYx0eZc^cyS8OGYfn;NxlfTkH%4O^?Uss8#^3_UBpl z;JeZoKo80G+i znAf7i8F3n^2a88|6QbUh;KS0X{FudE6hCOGJaeqjWNyx!hdE|GWBDS(JmQxjDfh%Y zZZBpJ@~J}T@FqUx2W1HV&ge()na144qAw4cXFdjZea%~U2wx5j{Rko-$;X>xl8Pgl z@`Weo;|uP~Y?MveV%(QJ?H#v~6ds$V*$plT-XI11V4G==PYz~w{2w=cv;DwMxsq0WCNyJK!O4hpAiTEm@*y-*;E4I$e4g7u6vE;>vT|% zMIdDl5`-DJzy<@>hwX4+>{0;VlX%uK!j6r>SpeKAK_G0Q$4I&E^VA!Y+DL3EbJ_I} zm?p5v|COUjK;S}Ct{a}yuLAYaKmhIRC3^P`61cszJgt=9T7$-kcSjMlM$+>(Di#TO zqYr@aw6@+$lGVa;?RAf$Nq`@*kuNsbSJrlkJ06pr8mM-BK8hBqr4c!XR{kZ>7ZRZZQoa@VX#XjUzVfqZe zBHFo0sk$Cb2jzog-khaHtS=G9E%YnnNEz|o8g=Xng3L*(-OPXKU~r1n z!u^+yJw*d`F5Ji-`ldEyYCSYZINY@6z4<0^BDohX#DyOArYeE1W@%01=KVq^x0mJb zm2NZSJ38h@yn*aM%s{daSDid&IyH9mZSx}m&6Tx!@CEp=ZuewZ3vTr<3p;DwS+~iW z_$78IdSvT|9;OzwN<`3}Sj#BA0>BC@79jsctS%ErxbBew;Jp%HT!z^bkB4U&;BqyC zsr}aW(?k$S6ks}o%hizl^@(%hyB;aeNa&=}d9-!&#(}1VYpo(9K=*bF5eFLjRB>Y1 z)Bq*KZ6DJy3QhRL5BV#=Bp&!LvF5yg3ot?a6<}iX-1Bd-=GDW~Ub()vHTONwA1Dl* zhYxNaMQXBVsIuTwq}-Kj9pM~(I;_)khEtI|7&ZKs?(pp6f}=2;Caq)N_F-r3m%UYA zKewO&yHHQAh)C+_$kaFk(KXl!hp6@!uih(Qmd#K)(E%}{yXp6i1R15g$Y7R;B*tBAvpM^pRU()wLeSQil-~~S|2MCYu)u%M|Hl7M{4zi__}z*CY_lmh@!$X^T8AK?BNfG^`=Zto2M z0wAa>U`DA<0XUKt&SsVXiyo8)c)tt?1z@8R&SGLS5lpx z5NhhmM-(K*kWf(1PmJC>tzi~?=EhhkEh9*R5BRGg6a+%G_#;37K8TJ0jB01<3JFRm z=%pt-^!T5m3fDao50?X9c2Syx=NTMym3A@4Ulnww^yGv+Q z*>nBJR3kpxNfaEJCbvo-$q@E>Te<3-?73c>9=hr08LB6$t_1|8Llm<&RXBu1y1(_H zrMqK~DRgk#EcD2=66B@KJM_1g9iOONL_|)r3{fQSQ3hq+mCba%o&BU9Gqog9Apg97 z+fCH5J&h@3ZJiB4d1vm^Jm}ltrw7rCyTYf&cqG52oYedQafKl?TCmc`l#%CAPc|4f zs5czv6kcuGBB3p2VIHqOI9O>Fi7ji{pkMVwN6XXuaFZ#p^3a*7B3j;~%2jriS+9{* zwQrx>S7W71!u00_$PbM#IR)|Hd8U)3X_WAg1s5t@y1gPk2zo=dT!gN`B9dV9Zo8Y7 z!ZBBi^cBWIombLY>Fc0gLaMZ<8b)2knakUqk0~a;b^XqY!-kU;qC?mGi|&MqqfQ^V z{%ZYBA{i0cLcmEu%22U3EO}N!-56JwMCI_A;&F;5VdAqoJd9avKhMi2uNHWeQtpZx zB+J#A({8x@u7qC@z9a;$Sk+pL^lsv+@VyH)qNpta~%`)qoPK{Q}HMjQUE zv(67ao}S-QZsObkT*%GYb~2Sdhpc1D(|oPA+~?8<=k473)GH7iC-vBPNAnv$S&tFd z3ye&zE=wkb>uBU)tKMw`+tEeM9(7hkN(59}Gvq5voL^`xbpHG4Q%N_08ojt#nN2FC zP#ke>2kGN$!qO<_2Nb+L);}xiau3U!Pu+35?TAf0;Ne?Wnr*sFIoNpV5YI#(XRq-BI@crp0qwOVapd#Ub@qjIQEEp%cd4rXPFln(%hhX_~0X zEdh;mqQmPC@!U1L2EO~~=5(h|!?@BoxIVqWhnpX0sj;KIU|1a$`bK&6D9pC)9^llQ z%fQdOruh(swf6NpDqx6%NTz^3#?h!;2%Tu`q?$~Av`$)65(`Tw^54WzX%e`3VIW;p@mD^LdK>@5|I)p zA@T4drk=A5)?bD#h5@XsMXIYGW35FAnKc_!6T8~vVfBeRs(#B6VNTxgl`d{8Fj1ra zP0T!Wb6%_3L6p@zRjtFx1M=nh+t%dKR7K2GqT9kxB2jWYz9t{3SDVG>%{e*sfQb*; zXr*sDmMhAra0xR`NqK%&#l=RF{L&egG+nt>)%a-qE>{OE6ZbNZV*b-FkH|Aua&k+L z5Am?Ccj<#~e<{|qUyzx$X}E(unO>NqkIB_PD52&H2_4v4*Ztbzj8t97Be3I)99qs} z#|h4SQbn67-G0kvalkFT+#2Q<8dH2BVehAl3F)5I7yxcl+mzZ557qI}?h4jiQ%*ni z(`27AJq9e*3}QfQ&C$GO@t112$;4{tm=!vMgJH*#)y7x&LEGjmF0TU7T2sFqcE`Sg za=MWjJfD+Zxtov6?q4P6NW*NDbsl&8PSM@uWkDe3)VL=s6L#S*hMsGwW%$_zc8e7N zG?v;hjm53ufN0w<&@Oa0r24*CHp-fSs-YEQo?p&<)~Ag#V>eP>Y^RG1dzVnJvHl?T zbg25&ZR-O+)^X(B`1-q!*3i1GnSKBWf`Nl z?57V}7~^6xMR(1`20iQ-pv4Kk@)R;UaF~QGbyw9j=0}(r!MhiTM_jMPn#hCh0Z9t? z0CQ0_x6-Ny;{z9#KGRi>9va+&vnLdO_NUnfPVbETps$21dKu()AEcQ73s8N=os* zve|F}o;uQ&t){%|%hE3tgVw*^a=e+$$)f!{E%cd)L!e*1$E`c+OssLt3w*-?m0t$b6>eLb zb%(#*YNqqyRrz?t^d@Ui>4)jRnO!DP<7C_V#co|_PXV6Q3XNWhu7Q6r)lSuHb{fRf z=1k+%0N?blRIW#bwMDMvwB>jS> zY#VT>YMzuZJj#_oB}cC}uE?S_8|%2D_2>sLhLr2eZ@<2CTaTvk3|M5uYF_ttjS?N?IpBsrh8;)rX~+J}cu7Q$14w|=rt;ihkd zMg$8ECSIVXugsPNS2@=;zrAFC%^VxO#HD-Y%B%33_#JJMd-=D*O#2pQi|bDw5J#^& zl|*pa*sR6r*%FN2x$g6*)};bT+Hj?n+Cl5BU8>B{>j&lLEBc3QpMU)MIH+m-X z6)IIxXBBheoWy`d8>Srl^?L82w*m98(4D*d+|xmKQ{8U^V<0d3!GUr~8nBi-uM*2P zcNDR;zG6F>4t4|4iX)?b%`NQ2uE%o1({~}Yon=ppkN^4)6S8#Ni0P#N7XcWfC1;ow z`k3KUGx6r*^M~St`feON5c~Ycm{DUdl9>|ou=}+RNlu4&!ZyW{4jLp!dI=wjhP|Zu zK`bY_+nb3#^a=53v$+@UuEDk8V=cfpq8dVEsCc5;HDj@yJ=z(AqO=&TyTmDoZN8Yl zbpyebFZ6t4EVdazw4UEM4su6#OB0!T#~+u=eP3Pd=JQ{kFZI0mJlN3A=E5u0&z8oS zf=hp=&Ei^5&9#(!_IL%J*QP5f%r`V9%umZ>TJrhUu8!q0Q(Ur4mV67G%zJ~!O?&b= zdSQ>w%~6SIz&>XQbIN>seMj;NuPs5LbC7jA)i#RVvwWWevOYLErw7jxiV7%0`{DeJ zW>zCD+PN#%$%EyZg5AIVPTwH!BsKP~Vw;>dg_gZ3smxqYx6uLGY|DSL)+CL$-l$|9 zJtv=x?vwX*PP0)ka5i(SjN!a8`!oCK&_r{!0b1LUnaA(BT0DH5#>Cx<7I{JLm$X94 zZ_6l1lgRJ`*kdF2cAf0`hxXpzdc*hp-1woVPO1}zcLg}wBnzA*viRlHfg}`uY+?d< zax%h{dbN)!wQYM(`5;M%;lkzR$r*}3@RRCv#R)e$xa-1OH-TdE#cyNxfJ$daN1ehk zEBWPXEt~6aNy6C+{^sisKW)Sylm~D!i`w|&ug4;cuq01Z^mtv0$I~5?coR&~%VQ|R zZ*Ak+MHy98{45ziFr3o1AAgBt;`}4!4AXW4`y(+)QrsbO=ToRn|)f|MxmTtbwk`>j%OnG6#jD^&u z!=263S+|w1Zwi1J@kA}Pj_k^ln^p&O7wwqsvjVcGcuw zHNW0vFD&=ut=kmS&Zlp^TKg#W`sDl(YjvLFWwZW|IC-Vb?T3^h>vny6x3=hS4dICo z=Qm=l_?{DQO9;xRPVx=Zhpg?U!5fP4YdRG7Mku&y{>>-Dm;&6d8qwbb>PEQ$udtX``?Onf> z+=VM3?~;z~^;)thzt4y2#RN0S@$uFnG0dKth|Pt9rx+ozNg=5X@>X-YcDO_3A9%Hw zRC|7^N^Q|I{g$x=w?lOJWs@ro#h=v2!_11Ys3p6H@@2r~s_tz>55pn0FG}tKWAF4h z9|Qo{X`ckBD5!VxPak{cIDX#KXuS1!_KzHhV z_?hV!U2CkIDru?G;n2EC-HEzffEwYt^gr2R)9(Pr8@fJUd{tKiTGzID7f`GLkQ+TBnzR!i zJv*^qY?R-xbh{KPJ}^CKweWrE0sdt87_%A!x+Nt>F}vyOPh-ujavKvAHDtEgFQi$# zrp&37WiIVo?@`xn^ts}!vt#(;OfiLq@x2o#E)KsUXIM@5Js^H?TI*7uucl>%W;S7j zlW0muvb0O-V2g#W%D^CCS(UK+#Z%6^g&&_K){GRydi30_-^jfB+^Xgoa3~>=wBk#; zOeMn;f0*dTX5vBVX3B6y@pAIwdL?=zKqj`k*z`!pWLp5;Io7+ zKCf|yNFILk*D?LNPgK64y-ykoHchBIO;G-s^~_|S%gtFy;T?iBSz0;MD?Es0lZ6fc zgR@88u8wu97uJe`>)yKrd)5!>72QMMuT~e%FARn`Lc4#La!yD*4CWG$NOqW7;QFo5 z^X|IlbNO?HnWyp7*|~D`rsfo!b&AZhBw4e7K8LWpu5K)KPCat-uX#Mh9~hKAjgm_> z8ai2|2=gWFaJ0RgDIPytx4HPCPBu6^qJ~G+QZnC~&a?F*cYh)@?y#3s1IFeP)IPSzG977Dwl*jeXIGZ=uw0`>Hae1($qq)bNa#Hp-=s zVMI95^>G<(s|)=lyaMNm&nkCEHl*Ho{nF`tWBKL^i5(iyHs! ztRFUrVD2y^RSbx1UJ+s@F=h%0A{b>MPZ+8n=fm!Mh@reqX&^I7ADf4TbyQ8(AdTC4 zo&F;34oBste#f?2X(GI%r+!{&evOnkTl@>FsTV1;Otkb%87nn^6G|PH)Q=)t- zjF|pp?`&8rICaSGEjp>Kz&tDpueXSIBj)TXT~4{gJnSL#rO3iC<$5&zL$2)AI~V2s z!e|dA*1~AKXx73|`e@bySPc$srzjQ7Y`8ZVZs4`h(N9oEz>5e^$;enJC!ul5qxkp? zMVfP#zB0^ykkPieDRsj)koJZ716r&DuC{4Fn55(E;CI@wIhUDTw`*8~Ar}qF z1Ir!A_YdrXTOx-*rs=yx$!|8?c6kr-#x7QTyD3|oBoI2shOOJ)nQL7NG&&h$Uu@ct zNa~|F|BIWX7wRsog`7qbBEQ8w>f~}ZaEjRj#XI`)TR+r1`_bL{XpzKI!U;}WB+~ST zDXhq*_^^@9`l7iR&3XNSRy=_2?)kL~<^~rd8qFHuh4^9F4<}sVgb`t;M2Ro3etyL~ zUKo9>q_x*3XQ9k$5q5Rv(NkAS5^g-pkE|ha29fI2dijZR1Y=*E>zzQw8cksmIost^ zgzDc4RRY((Z0!u$QW~s;H58*_7UCkSPiGY94hLU*zgs@2td~uT`rR2;vI=h#uY5l~ zR@3Cv@^uzX*RU78L`7E#!9Q|aC{*%zM-qod2Ty=SJ7DP9h2Aha9Vr&JH}-ymxdnUV zqzaC<$ps|_vnwU1?@Mgwodbt1+Kz_xU5l}nTh6E`2fe4|5H99((yVgzrK*eDdjKzw z(PI|G2#*_$!p`kZ(1nwUUoY48JwWwXV5V{qYW#S-S~q<^Lv+R#P8SSyG^|#3G^+N+ zO+mh%o##9kCnrcEq3BR>eU9ty;^L~;l`BRra(jJugo9I}_c+7c1xY74r5kd$6!fSw zC}q@q0~rT*GnW@%e2U;5Fec|)++k!@_&kd>|I@g$O8RTN%cq2)ts*m%A9sYQR-D80 zBU*3B7IK^m9~(&m8bYCB{fxGXh({75@o=KPzlYrMlk`%l)V!d# zR!E^>?DIE6N@=76y~0ca-jZ491f(P5?k2Sfas}yh&TOv+D6DvDL$<=dZ#yhP7F{Nfh_V=HRD6Yc{EiKdr>i?9 zGE2Qv2B?foJtLB~7U$?NJah>^zM*s_?clHYd~kzRp1@@sPw}|HoNPW&X8)I0rC+um zlxQL%iYjB7yW3~Rfq;kP3zc0lyVHTEeXO&_#+iYWlR=Vv0%Efs@tT2m4(n;>50+(_ z7Qo0%%OJ~#wW2hRppkeB&I}QLCo7Q1j9TEz$+JTl_s%Zku9e*5VgF~3hWLjEt%Jx0 z6@}i@kttI4jR7RsC{QIhbug^mCc{} zZTA5s|3?s@{%6U!1A&g?HY@M<`tpyD;R^;0+n`1979|TxEJjm`mqPQ$%Br9GJ7o-` zk}hZhf}l(Mj>ly^8+GT`wa-`*2Dx&ER1$u=HNuu>bs8Fm)Pt~T4Ob5x)>xLWpGjg$ zOE_o@63uK69b)H5zJQqh3a+n*oRWMV7!-b2G`4xc%c5_w6Pd=spx>QOCC|KUxBV#h zj`YaqD{117A!he>-LLTri5y{DOh`Qb0(I|!n0Yy22-hLI!tapiqpDINbgP2Wl#*B4 zT7hun!K()wMw%G}7%Yjh`^V!CJ%q~-=dus~{$p3#wX(Y$y1g}y)hUsoshe1Q;c|6Q+GSvY^$)&miPwk%qVBx}huS zKs~cJ^2s^DL?t6r&hVE(Y(%SFuU2|He8g16Ylj}TOAdN4W(fcsKa7W_9bC_(e=uW1 zrBEqqlNh^V3CoEc?M0D&Q#2HrjkZP36Fm8>t)FFd#n5@AHR2l$?{=2%wXpoX-8h!$ zM*g8i(1hHPY}ML~6HC-+b+lS8fGKTcq+zGKg5LRCZrN<2;?h0fTSBZ>zMLjw1XZVI z#z5kFyz*3Qc$fqKqYiiiV-bb@PsbLEB(k5A6<6FpExh9q&U~?e`dNx2(p55X5{3t@ z=L`d58B!l|5|5JNB`G39?dv&ZZ-<8a5?s30CpLCa6eh!rja%KyP0m<+H08^T^jqiM zN?)^_n7w%2MC#~ejOBF6%9D9Ioc&LYH4JQT99oFslHlC_8;$dL#@QodPfMM|9k+J! zT*YEUR#mLV0>$mo15fmWkao^?C?Z>;7i?d6L3+jfgLp?KT(1CU1yVIEq;Z79N0ZZ1 z^~f8(P#kTQluL6N)eiy8Wk$oDVFYK+aS~=9xz5jI9KQ8+m4440B9-OLn`KY^w-yETPYoFVCo8djEf^~ zl>EA|W%U<+wJ(<60K4+Q$;Yw5Or&{#w4Ra7%rCt3;jGd<_F@mxxAHiY1TXba_muVMFnVtg4^-`_%c0aQ)OCDzB@7p?aL!gWqU}V&5>X7II1>QrjJY81U z;kKLZBIef-^T;ejgJo+r~S@oTh{FwNx%FfOxJHr0E)w<*!u%j%07`&SR6 z`O95Rontx6R&tH-@*c+bkLZY3`)mbnY~KkZXJVmyYC`5(FhNxsdwg6%Mqp#If3-z{aGwhz zARr*!U%MT%@p{0+gCsD0jO)ZrCMSY!M^D4d53r(!@{rxKRRT8aAdlu{9+Z0wEq6UsO^S zRSm*mXT%Q3$ivP9q%~opi3kdM6(FEc@$~q0x0uC_aOyLv~gfrrYnQ4Z}hkz7gR^qK7i~L@*G^?g`(^>-DFfOlk z1Y@1-YswUe1Bz;MGsf&kk4V+axJ(&fi~o7xIhsixy#GnHIIqKOotZEK&R@5_D}A5y zP`P&<_<|*rk}BaOnSAEMNU0IrvHT1@C?BIyNPw8voD4!E7ITmfx)LK+_heL3M{70^ln-Q)cGxlOG z_^0!UIl<@O7-d)89ccv3LfTw^{XFeZ>m8XoGYvyqXC$*}NkGN`3g24Nl(JD)w-=J3 zPwLW;p}%@9zGCvslv@;SjciBDL=s@+u-g~HO~n%qtH%yecNfODLPA>~&EBWmvLMwk z)eucnI#2KdVY)#n)T|$IAdJXhYz`Sj5jOV%vJY&&Fr#CVA|PXIE`d$18TjhtdxE|A zj!q1Y$kaO6$QbWT8jSz`ObVSkyA_OKOdt=%!FwfuFY_~j51g5(el?A(Fo2Y0p%WAC zByYURC`o<(Jbw#ktHuOO4x2TJM}=;Ms^!E89qt#s)W8VD;yWHKLu0RA@57-W(kYje z7JLqtk4v?)t4I*K?7_ix@7cq`FGonb(%PI!g9Lllu|Xp1y|O~iUcn)c(cprwx$@gW zz{=fEOsuIvYJCwRf>YCI1OOO7y3&a83=GC!zYan(k~r(fqyS*vBe9(|)rO%x;+xo5 zKLqe%xpKUw0kp6ctQcVgu^L!Q&>}>-JG8FH85>iehYOJHkB0<+O)`6M;0q=pP>y57 zWW(8RNCb-!{IzoP_jk|Ww4imoSeS^{1_!P)5n+uCX5?8e{SE@I4sNG(<@d8E2QY(tF?UyGwmRcN__`3&h2c#2A> zei*yghg%$OK0I$`jO|H!YW47B_BOa-bo0Jv3h-8}5pvHjYWE48Hk!<7`r<2NAA9wjp)=9hWXTplh`<~6Ne6V;u2tot5&?urhn7gfeCM3UsKz~+=1PTCJC*7eckEihWl?1`? z7zDJe&=^w#5d`-+Lx{EYCVRRBVdTFS$*RzLBM?qR)pi!fc z2%_)-L?GdXc&1)p$PW`VCLSP`CXx+?!7k68A4F89Fvvb*5R4Kxwd?C zf1+Y~($NvQ8D8{9@se~Q|MyW>|K~mk|9^V6f5ZPXeeuH5{e`j93u7B+M@wT~K3;xf zb7wavOE+$7TdV(oz5bW}pAg?a@_+O3@$>Wk)BpPqnD~GD(7*YAGN>3&RQ@j~W&ZR1 z-TUL&gZj*Yc<;0Jq8Hjyw<9f@{D|N4gTFs@RHeNM(hym0%p4sa`q5Xh&|E&88MIoO zR2phi?Pp!)X)sq3o#bh;-&2y7oJj$bA zBsysB^yT~<7)Y>CF7!7Furs<_Lxrhv{Ev2Ed9cv!R2A!`N79Nze$e`Pea9 z+1VeW<8~UNp&^LKIq1uWW$0W6VE{4`2mx99YoWWgFQNV1z2OQL{qG zFiFrsAmBNO9kUa>04BgEUWabQbBVO}0itPy#RY8=5Iye!vtFj)7Dpty3&$ixe9%U= zf|%SaCNdBRYKGv^H$?(t3d4Zd^acif<_z)xHWWP{9z#F$UV;yi?$QPhhJYv;;kxhW zq{4A&lMyge{sb5khepgupmbm`DL&>kYX1ua!%(se@>)8Eh(H7?Yh7J>w<0j0$b2vS zA{j6-Uh$!>q+}l$4UKhRItXz{*>2~>x!7SgxCG<(+eXxFN@D^5WSSzJ>pj>*FuZ-h zS#Kckh>c84kEE4U2riS=cKS3TW(#oE(-GAi*f-2 zsjHDvkl%WUB{=VjMji&UjcX5(Ozmt<0upa>ub>LSL0$DPk0~US{8mR2$PYtEgNU@f zWVtcQ5xp4HfRK3@hZ=Dq9=(Yg5bRa=;|aPEtD2NFk5ReQ15!S(5D1z~{s!ISJA{;v zumfH{3!2Z$~RZ~>z~@XPO&Ewn^R0xyZwfWv_7 z{9ZJE6_+w7$F|w~B$c1(S+E_o?$i%-2-SKJ7D4*235=ve7a(YzT_hM^0;1Le zC48?I3}EE}G~f^qtV?4U2G>c!uM9*0FwYaZTN$2tJ$D`9k* z!i7=CFe5?eoOAc8*^CZGY8WQr+}HaQ?*Z-yyx-4&m@M&tV4~Zd9!UuTKV>O9MC{aa zY=%HQpLI9Gd=xOz%Sjv^fgB9_h8PG00U$C+0C2kUN13RI4WI{tiM7#xx3XLe#FW58 z;&Q5iE?)&&Q|+t3#gN57z&<3!yAS4xWTRy~0ZUMT?tff$1b)v)U*K3J6`u)0qss?V zngB4Zkb$$s%tipj3WLy8@I{7{4dw9{k>~S3;5rihZK4(y{S^3tNlB~RiGU;xj zyAB|T9M+Q*wviwCcz{qFBzlRyBo^eX8;ghz_J3W1lfNDa|1ADz7Wj|(e=cs8j>b;T zZjS#U5Ac8K{|Wv#>wkQF!aV=<|NdvU>_1iiH~((~$P6e10LI71Gcqzzt8x7N{HR_~ zPSySW`2BsxKloLDjs<}4VeeM%c*Yc~Iz^5qI_^za{~?QuyW@Z1Q~NJjT>fSC?QdCJ z{!lmnolkB5ABY6nk+N|cFK+PyIfJ=Ejey~bQAB~Sy@)}OL=?UUk_-n!@WEiJgv4B& z%%re1j@0xVtW;u%PYs|L0)FG2*c6;vkj|grlZlhxNm_+DH28Kni>9M(K(Lpg0+<<9 zfeo61H&L}O^|g<1G?$kFRxuM|#z2LcO9ztkb2zEs(>=bU{lb+UitW)xfb(L6?-FFe zjZQVR$?o$LE|5TcJe>m`#cBP^>3dKil=h_F%;Y@#eK=hs8$UDGj8FnXbSzZ#q8Ayz zCjhdMN!kV*`meA}wXRzYLqU)9##u*ACM0C?lycsEW0`}BJth;ZNY-ZcD9koh+KY+f z50IU%bQmB;GHP@xgk8R4TNR6Z=sNK`Gfi{t?Ujp0p9lLYr{oNr|A^)F;@hF(>p=E7 z-8DV5t81g7cMEIn!gLnvk$3yA`zf*~{qPP2I@Q)y-;FCJ6v2L2SEYX?>)hg%nE zj;be~c9sE;KRsG)V=bwsDKtCwd;qYq%Bg;>#De3?O zyZS*R_jy+J*Y4K7vXc1i5}$iwfhHwoj^FaD0ceA1pE$TLWodb?y?vhzu0{CP2mnQT4 zpj|fejTkx;85;9Xk6NP=cLt%#ri^!ly*$OSTHDD!ta2Nm+u6P1fJ*U-ICTO!aw9%0 zi1d0G^gJXsjSQ`kCWQcbwUair7-b;*K6Y`%oYZU7+FHAEal%|p$f_Xk`4BWC_HILi z3K29(1}}I`VuRjeHvxX_DM`G9Vb!-zPtmlS7!ES zz8(p8beh4ar1%*%DaQOW;%SChHp@ulKYQJ8o zDnXinnOB(3N^gbjqtS{}pD51jXLTyg-gXV^lM2|T-1JxWIa>)gB!y(ui&Ogk9vltr zPfj-3>z7k}`5<5TTFzAcg#ji}l$AXE?2gpY;RJw`7&i$qcRCvIBfL z+{aE1bM|M!q&27S?%!gU2(0@VY&vN>F(|c5f`0l6@>g)CYQWxma~3*J2reC@U{Fez zKV@mrvQO*BA1oZ|>!lK|tAi;wR1&=xE!u=V71jNEjpHPOa3k@H=^2r(JFF;1#yBOd$wRYKTPDv?`bht<-O=7aqLu%Bspo&&s)n$nP&Dzxap<{tQF zKgAP0t!EAMF$>-*3hH{U~j}0qo1oT#R=LFuu{dobnYQnmM5V zTuZ>iB4l)+CV#)}Es>~}blw(+%Zf>N8B#<+3K zh^0?~DQ(|JV{}bTn|8Lj-c!l}?x&Qkgvhn}!!T%oox7=U& zZ{~lE{{{nyQD|vQY?LQRiOS-Kfm&&61pr_Rf8oL*;6H*YAy5eF9~}(>K|_Z@q3BR3 z3=@U|jbp$tG2wp%Rbpeq;eT-7_(XpfAOsB!h7QBU#Ka}S!NK{v{@-1>@B4!b7X_$- zf%yLw7e0W3XQTZCE*uK@b75c*O8JklaMY1_03ZYe1fl)Gga0LeLB#=3JQD&Qd^$lA zdOiVSW)%J#gc>3m2FAa%{|h-z0HNchMZ3qvimhX zvRkdTYq(hvX651ViY5~qyCTNQW6Bn!&OW>AiyQL2T&K5Hh7Kl$7aD--7KXAA5DmnV zLgkRlsXgbiDss5I>E(oJs$`k^$*hE*@bqaFi<9e?o|cn9;u+k4{G>t%hY$r4gbCUA z*XPn$CY*3pe%J~4xb|yJ`vY+JZeJg-EtTY4BkPeoJ`$DH&;OBMbedmO`KFQ^ z((b$Zwq%|%XtDff7zb`FAy{b3D9C1~M&MnUclbs#g5y}zR)0Z}LAF!0qE)L_>;hh8 zVW%l9-_#a+Lp0CLA7Az^k^8H5OGSzC%m*(Li(zcCq^m-27pCP9n*=NQJZVb&mU9< zY|=#Oi`N<-5EeCn-x^d(Gf$U1_HRQwH2x9XRPDWaFhn)4uB0!*p-oL0Lo)G<9O0|K zLyB#`hm}gAx2g8MBgQNF9x!_k7?4oP*a<1#YV~7UF16PWui)?;G3^*23fEFAlFtMm z3rV$QHXcRfl>IyvpSjV0wCsd)**~V?{Zf$q$(zoO&4{G@pIGFybOM0FP6BNWZM^<@ z8bpWHbiuYz<}9PIV{jg+YpWzNVl3qinG$HNvvQVjyamuICuUKhs@AS0bedpQ{m62T z$-|asKd-j-+MAn^OCXWuy*IX2iWHS9o$?bjnGqajyww>h*QZa@T$b!CeLa2nwn%ZS zurg9>!Y`^j=+BK>Czdkq0n`H$QHMAjU8HQ}vGHcs`7Zo{XMC1ZnL9CU!xNOtc5=-Z zH`O9OGhqrpq|zc=AQ$?pkLtZIwYzb)j#1#ezdqw&;A1)-RQBT)?b=}mtPxL*$=fpW z5(c8yw}fnDwGvk8JarPsR#r#~&CizO62R;bvqp{J@)4=uF__Mdc*hA2Mj~O?)hRA+ z21~pm0f8__rx!HGhutvmTdhYOUdB<%ro-&GEVA?0-(T34=OvciK18Z)nR$wKwM2G4 zH(E9QVV;UNXM~f+cD*vLd)g_;&LuUdc`X>(5UZ+7ku%fR#ssO7-uLJ-OPwhl7xL4j z)a2`RG;~do=3-Ny{RKUZXmIpi@<$c*8R8d+aF8c75wds_4oSU`7r=^kx&L;n>YXo zImLhkK6&T@puRarTup8hy8QWp{QKR)V|$PaAf}vciPaeCvQ622(w|2Pr4v|ooL+%0 zoC>`vVyw~g2ZLb(njXeWB31<^*SPPgoXBO1WeK!a8d|lo!iO8G6wz6{-Z06Q>lPQC zDO)9)&4eoS|3B=#byQr>w(r~BG;WQ%yE_DTcb5!25X5n3weE@TuS9POot%42c>|Q~-Aj=a(Qju5C;RyNdGpT8yy};H z$O%lsx&pcPBRjig+Htoh)Zc}*zRN&!(heMbS_4|K{0bFtfxtvHwsU@-pRlyh?IZD) zP_4+m&HTi%KCe$RGKz0V-{R{C;v5f_K&Ym3GM4c#fJqqpjGIHdiB((E*JHJg+Ywl* zTva*NMO5nhi5ksdwAulu-_k@ln7t-A)X=r%T^}RKRm^kay|^j^HC|#LE5{`B!t={@P`ySm zX%^e(a`2L9BJJ&7COq5BP?GP|pbsH3&7@Ly+updSCr>q<9b{~#XobM6&8k%xvZV_& zBzK%Tc~#h{+Z`=Wl=!u z9aZ(@;AK5%;+yz>sVEF#p$c`V_`R7;-&aPzk2-d?f;YiWdFkfpkZL)!B7a#fuR8Z92yE57Vs1?3JUIz8}MwJ zga3-~1odR`Ljz#Y&@o`i$T_fC*+khXFtKoG{*w9stpMpp| zS91#J6$^}4o8zEt#DZnbtD7~+7dLfHlGH?h@}Yn*(0?=jpMH8E8W{*e$|h>;gnpsQ z?hM6R*GnE?g7Mo=_@}FRt_S$-Cj`V_^m(F3?xDwE*UEh8=Ut1az;v+Rp%*mWdR=$*McLQ?`%bx(M#goUQu_6v zu6#E=NuV&4bDXAhZI%i zmkH@{v10i|JST?L1dD(`X?>pUx;*Y(9o451LLhDV;RUiB!ojis24!Y{~gkM=MF5^HiXYbpo zuQX%QF}mkTii*m8N0a*yZf|n+fNF%B*V-)EI7vT9I$7MJ+s6_fe`;UO|d4|WwCd~4Wbn(~ShZbDt<)in6MY=Wugxpq_h?)^R2XgYm+_l&_nC6>lFDVl8` z2I1>hU1!8y^2)|We1W4_3wRUB5Y;^TK!%VMRDXo?nXtP)gtu7DzWletd(*1tD%ViC zA>5N8b*->y(1-O)EipG(SOukWKcudrIAM&>)iS62`8 z&o5lh+=Y`I5bBHhNswK7%7P^A!JF|UIYhE|CcX-m@olW09G^aiNja|q?YUg`!cle> z2JXX@!vWSM!YYe~?@R^4qTMAv)m+j%EV~@AppYGE4_)w*G_&zKZM4<#K#(zmbTOpG0)`^8~f*?fBS5a5bJRe zlGl#@1--d@`Cin07#0)VIM!<4C-WZuLT8Q;k3J2}y3a&G>O^D}32A-xeK;W}LO7o= z&ZZo+JIl`sQ*R)2eTmhse%M$T@G%a&Ujts#yNJpU;AUm3 zf9ouK-SnWkClJPbBud^^J}Bv>jvwQ4r}L4+CFsGOE*V`4)7cd_I_GSseJ{GtR!|Wm z3c)Wd?+V4n2Tn^3Dr2LGb@7L3L^`!RK_)!X*{AEj88^>I?W^17)#f)&XO)#A?hDBp$;+(d)RL-2 zfN=q~O>SjFi@WB|ZwPZZxPEGy z^=!pLOp0h$>nQOy!lE(Re@azbC(A_(t;1ZEF7R zWt731;Nr*Aq`XG*qCwo!@>cHMvPBIdMSkB;FXcF?C2pClDQ0-Y-rQzz@D!gPRvu7$_+L@u1mSCO=^NPP?`1k=_TsN#ym=q4?R)Qz+un(ToXqixZ zkx}-!tO;eczmh{GbODm8p&G}KHGGogM!UQdIT#fyTF~+K=tT22;%VRAVO5eFKY}e| zeljy5y7`#SB9l?f@sz3>-KwvvwN}J^g!}ulQcq%50nP+;iI*yic^a--H-+Cd1BrBD zLAmDdj*M?8r0RyaMV-JnnqRVZWXe^4ats~U-yerPW$UgOF0;ME6UNeT2l6`Yml4%GO0ThItr^@r;h`}aUYj|etaB*eP_Y^*(mNZRs41wV zK1D)u(#tIV98O2OJjfwX|1MdhO;;jmkwD~lF}ov|NJQTqKwKXK+m>)fX700*$!m&V!MukY#AlG>IZ7QW!a6lpnhrB?5#BEZASHV8T1*6gJ2 zoQ6+I{NNWrNt(eiJPoy^TBJu6sqZ!T+*}4_jCE{!;d;!3gVu-_KsrMCO~qf)bB_#| zn-LDt)J4_}9wd~VI&Ny0YsCvw4pE6jt!AoI(!pG~*4$OM5J-3v712cJVh^J_GZ4p; zSl}i1{i|c@OcRawq-0;_E0N>RZS17qq1mEpnFUWhJ=wVwKf-}XRVxS^HK&}x-!Xz4 z0V%WVIn^k&1B<2Iasw=xFnuIZz259qO2eWrFkd>?1W0c4Od^jpq&{U5S7SrIOcWna z5eb^?W%GZiXVx}y9yHEmt7Z4k_B|wHk+1q7fN+Rwsf5dguVpUHO3j6@8fPA4uRm&V zS)mx2B}HghCbd^v5Hy4X6G!Hqj`C7+dPv=$Qq6l55vbD>I4BO{*)}LB>kQu>$PWMh zDE!B?cqTmz#2*bVzA15U-6XuhCD_8c^PWO$cKmFpv%k%trYkHq#G5dLB$}{=P=}nXa)WIl8>On95 z;V%GgHp*4+5{;rs{7=-kt>^L6U$%tFOpC45{Y^jTq%wv+mZ1KC3HsT3n3@<{Q#ybZ zs2&|kHY)n*^fEpt-+fn(JCw65?-J!FUU#=iLdofAXY_{)^oFVzfmzGnY);#zEk;LX zZrm4IVN}aBOEyKePv*H@!0w}gu;c=_X zj}^R^mNxfqqYP3}a2Td>NrnWly>6W9oo*kmIA!#WRko8;p+fG*Lt9OGkg^^^cg+%o z*B_gNPYE(y9X)%fmbAG7>*VZW!t8(~D_;qICfBi!c!chRy)GH^^W^Y3rS9+xV+!CD zg!S(o2-P`p^)U;xc63yUef@a~#G{$l(hvyUr6FDDCQ%LkrT|hQbl823z0PxbKiJEc6)TqWkaU0I zvG!>w7Q^$!?>_MlM+Nc`e(C{ccY@KJsqclkJgJ_y?5pU@>GN`dE|DjP=#M$^%zcD= zJ97s$`~fgf4@{5c`<5C7oUn@Lx1V=tImtkT=ujgJm?!XN;5aPHB=pz&@}24B;~EXs z=GhYg_A6@&2hKlmLZQ#-!@JW8ZDnrid2J6}IpW4tc5R=G}5)i*iFE@M;un*D$lm&~{D6oTQg+5IIMdavr2)7QEV=FfbEtp@BpzxW09PamcGqg69#Ig2h))Y%B3j7 z)bf3A7@j{66B^sW*dKPtEXbCVeY5m)9=xqOX|044ovBoBU9?*l`y4R2IH}Xbik&cB za2~M?s}K^8Un*~pH3MFP$WU1z7z@W-h%HHM0?-at%6ar8Uzn_iXRT|+P4v1_SZ-A7 z5+AU$VjjW3za!B0z=}#<>M`kYOafe(OpsApIcCFgXL)^9+>Qq2ucmECsG&Q-%=L{5 zZV1CxxDsJguArk}Dl*MM#fljOzTgMx5 z9oOPp(tAw6Kl($|M)UwG(};#o`!Z))0a@uarfFZSZQUm(1oUojU)JTnd~0{rzA%OL`dw^I7Duo%KzLa=$|TM+ z?3;{oRywJB=Iz;)P27k&qxUv_l%45 zUMUqX=~(;R{`Vx>dtYMJFit()$jaH7i{W`GbGo$;C@*Qgke&r!mzs^k$`?_k@t8RW zrH`^JuB=@}6Mb8@7Ef^gsl1Fg!noG!iu07eo>TyM-StiMGNB0r5EY580wY>SMK$yk z;DI4@XW(K&>?sM=45u8*Yguf1Zch`lmFH3dRdLon>&9o2-8N>=S-qy-Yz8F>F&NtgoWHZw$%Cu}WvAooSqYndQTdRX``~6Fx9o}6>$zb%} zCB;Id9tF=5xBzr~cVZudT-@sTcqAU#N-*_M^(2MfMn&2*UzqrN16KWs zw^kz(NZ~cYKxRgPDtubt+P*-KT|sel~jJJ4|BG0ZE%ph28`7Uf!O$QD_O^>64Xv~(JvXdowl>5ihq8;9a7O! zQgQ+UsMi~*Dbx~1F~SZeT1gjBh^bg)=t3O!e*fanLpeljuDr3dxy}lXw(wd)?8l50 zRz<%2AkKv+@`V%!+LJY)kQ_1}=Im)tB)F|XR={{0&JycFlxU`u8k~I5v1X58dhp^w z;-=4dBJ>mVwpmb7FltEnWzd+L^xa+qWK)u-56;X#?u^3u7WkXj_8S<#-u z7ujzCA(sz7efJ2Be$>7n$LG=N9_)l}W&T{IzSOj@x)a&2H+4Xj0mvQQL|^Hj8(9th zn(=eHDX%Nsm)@Z>Wn5Gb#W$7cwA`wTz}Eo9mo4S1YC)hdtfz`Gwwr)w^sCz`*l85RX8hwBOS67~e$zhL&N+b{!d~c zSU6Z%n5P612=MT~wLt$Uo^>!!ARQhC1|As^9uXP!Nd$y~iu$|4UoS|1-u>e<|Bt`^ z_x%4U3JMVX&yfFV%ls4nhXTVtX zI?j>iR0yBAltF_%PyVElIaH~uz<}L`bHpPmm5(O7$uyrNF1)}mK+z2L-cY2)a3VLc zY=jOT{V2zJOFf%j#@I>wdMNo@aW@6O7D{y-Q$i9$?%n{k?OC%&6YA_T5uhByH{6A%fTFNZb?O zmNu4n1mhDU8{fwWreeKcrd+PsJsd(@ufPIN`><4-C&+XiELp^DijW z4{w%!0VwQ-$tc$zBYPY4rC;0B+H1G9h#dZK>HA}$KCgK=GPHkgQ^7+x)Mih+zoCsu zNRlfrZxM1(b(XmHF#EIsv&b7v-89HCrUxo98@N;n8dr@=qT;kFL+GM7exXsmowYEO zyLfy{&!r(vM&X%zEpWsIGwXbWC!sE#8 z4{y+gXcyzwrb8ap2i_{2MhQ_bqCPl0W?9#~_fuoxDbpcq>6~8#S5@@oBJ1Ky+=Fe_ zBzq9AmhV!Q70y%fTxs8ITy!u5(qX78->uWQ4$O8Lkoy?lEw1bJQBCCZ6E*}V&{wdH zLX$yiVd#ov2`@r!GgV4`3bZ9+*D^eA9ZdB)t*w0Y!^ z_a4>58|$jy4?~w+F%<3O93`jf?xxSv8o^FBLxXz?y|FRjXr(fjY9^WSC-^LefmUm` zL9U2mI*Yj_^7E|P=m}&Evn+To!d8rpR!0ROosGDX1J7eG!fB-$Z8Z?G}MF6;)w0twCSn~ zrcs5y$*8xM(XDvx?B}gg%GGil`i~=*AMTiuC6Q{zvf>V|S*$J?wzc?-Xm>-&yipgL zlnzgNqiBDK{K{I}Du?{rSdpsb8oJy!5gEya>l6!-GI_hic!S_bs>M+SBYW-#FL;1qz zQoF`vj6DW3_S-t=!rTbOOdTw{kA{DO1oc%%2e*YR#6^KDd9LGicJ z<*U@%OW~J+E-y_#DUZS#=QefjBwC74mVO1oJQxxikG-AFd3_f_;D_mB)X_uMA@NPC zdGZS_<*l9rylWJnv3pU0c@gPn9ZvUY&`w{0u$gsdcTvgS4}$5oe@44S_p6LlJsX^> z3rd);Mgr^C3MT!=kUxp_TbInF0v&?ZihL9jfeA1$FRF)6t#-1d`C0f?`gUtEP9jOYUF@~VEysjvl7T>4QRAydGya+26`OwTL*@8=&j*1|V=*$&0 zUAl@atbmOSYj;b%l}s!=rA5X)Yu>s0qg*>6BZBZF!u*WuaMZAe>&60RN?iwN$;rFT zxU_-gkm)*!J)>%RMaj)OdW4z#9Rjh4N>->KJA9v`Ux8- zM*zZ4A0IiB!B;vhuU-7x#vaj&uA;}a2+eh~@NqV~A<6k<3MncUD(Gu=btEdMG^n;urru7M!FT=wd_VWip%NJQ^r%HH+1&JsTPwU9OAE2G zO-7F~z&eYeazjyOq;i?pIhAJK!||%^vSZ--3&7AWRtl}J%pfCu6i$h3rGS{nCFpbE zBf&Z>b*uT6p~=E`qFA=i$nIL6A{=ivxV#UCYE-f9AkibjWM29BTs^oxt?|-`cnad* z*@zLi;y2l)!Q|uf*m5F7{U^9Mv;wi|#t{K${CEbn<*>g1NyxDkVHJ5EDV+{y*AQsz zOMDJ&DP<5UWK{XWEC=@b>tEcQdDf$5F82)Q2>OB9?76Jjnf zXR&Lg!w_+pUw{|wDRPrTu2Sl1hbnAm!H2H&aJpXVGVfP)16Y#<#@0;E`fWL|TKVLD zKBMb@!jvRQeQTyj*wkV>hQt=|TqJJ=w?RZ7_AE+%8)$!KpJ!-*Z$q9Tt_gsGFrYTX z;igm)n5H2a^Q+qhbN?ucof`r`s8kT9*xK3>e3MWEx!(&pxz%5aeB|AS>}tZsRYPEQ1wWizz)zU|JbpK zGa!3zQft!l}Q;Q49G{%c*KOS#k9Z z2QLE%%1RGtUO&W{zo9aplJKqK5{|nM%C=vwVW`U<9&uwxdC==FZJ7ef5y%;C${9D| zV1ldRGA&6mDwB}uHWJy;R~%J=wase^bXl!W5@}aZ7)?|ehsJ_#YSVmUjMM@w_{f3m zEvd%qCPhvg7@}8kj21R@#mMM&{?sM;y~t>d8zn1Mb&XAzGA1@66zKC{Oh!KsqaZAD z6Ez#l6^E3F9gWz6WeqYVi>-ZMpsPa5k>!#PTku7Pe*vm zm4UL1hfd|cIFvxheG0Av9LVF5Eyd^Y&CTtuYiGD+s;t*noR_=DcM5QVXA8neDXTXl z7Jp|mPH2}=4M?I$>ZT_QQd*1DWOmSG(kWE2lBb-}|BMI)sfM=kQa8>&cfWBZG5qt0 z{MJZznQ%qEt6%@@A+*g{-8yATPdMtK)KMOK`)z5Td|hz0f&R%yIUkO9n5GcovxD0j^MMrbsl_W1Z0ptdu_>z#R&C@pZO0v&;P`K`tJZh|KIt~yC?ob@x*@y0Z*Xx|IhsA=&!t>|KL0@umEVdCnN;= zPyFXej`_r_e)FGaxhfd;uixVNzW_972s#WI1}5t>{2^x-qu`*zhJD&-27Idc6x<00 z^$)7~D~TwZCVz8YD}OUR+8lt~vRHjt)FRk`(9b%|bQK3FKs&Wq)TP8h=`uu!nyLhPYhDeWDQ zQx6+%dX@GwMviSn{swevnfy)lfCL5zb;WGZgT&;_9Rt_EMUYpHjO19i_Y)=2?S+KO8wS?PFZM^drQ;RNY zTQ=sGmHo~^JVu8LNX1&HK`{am@g#$73bsJfGGkaWEB?WmG z3v|SbeAaBC3Hu7PFS0ta?N4WI8k5kv=x{_%vLkGN0q~ChvbCSvV`21Pv=%cxasJ<&7kJ27dIpsncU`1pG$_`QIn{z16PUr=^W_a4^(> z;LW{!M3|Hi+wp?Y7AF!K35PWj<4&ZnI5X zHdFH*2D4(dp!(53W26G1$Upt)S%~%?XM5f+cLL=E9z(yGTW^SiRgghuyEEn`R9#e%l0gT4On z!=XRnH+6t7lE(MyceQM+=s+R;;6t;0!y*&`x^`LISfX5;;lAsi4J=)^WqDaInGI$V zls<<>xQ(pWgb-4FQLQwy4Kv#t>Cg^|w5C_kk1DO-4K@3Awa0yQJK5p<`A~D=;nbqY z3tk}p^#y3b^IT@X}CzSLoyATq}WQ1*Y!X2 zZt8qV`*FGu0llv+-_jzggKko8!DFk9K-6y4&SS2{^JBIYi#MSc(;ofvrk|Y$K>uw~ z8qS5x^;m~0?ptL|S9W2<;w?^-lrcuhbfv(O(XFEts`ZkEdXlRpg}5?yMFzH(>*(Y7 z#e^$~%8!$CrIq^e-BvW%!wh!uwD*Vh5?dk+1nls*$ODH%!ke-}x^E4&j_}iT_M2{Q}J4_YdJ$ke02RRHJsF6N3BgTGvhQ<-czC_3C_!nHQJn6;rvnPbZ zX_Y_yKJWSsCn_}GM>7+GSgXgWZFAJv+dGAR7ROMauC8P2j1jqMP+Dzk;MXHhNT#oA z-7Q<=*7^SeRKTPd_z7cuAki`18J8P*e~GlN?j_lQy=*|8$9mh?H>maF)h*J9XQa*> zI^zItsm``Xb?xi1562Uo+FyvVvO0`Ey09r5e6p%H^A)fcj<5WTaRRVR5~-6|rV#z{eCAOCSE)reK)Sa4m_bQ{Y@$F5*5pTCr2d{=q67 zKZc}dZPw7J^21NhUx1y=Z+}Js;Ioepdx(Jx(A4mrb2T64qH2C??5JnU;Q$z?hk;wR zV2<|ID=3gNTCb+MZWNR?J7gq(Vhop&RQ(d|wP$6v>v~85I07X>ZSXBsL^M))u29yn zy1u)cgK2^X7IV##ddXF01`vW&rG%M`&n-z#VO{cvdW5;WZ(pQd&Xa(+;>d64)cDe% zvCpWb>T82k8#bqSK4Ni{29$J)lntN^?~CCJ?<4mdY7yyt>r)KyDd9kzw&_t z6nvtX`Vq}udPi%Jyd>okMTP7LDrMv|Gdc4}dnp_(fS{;@Y8`6AqJd>lk1)WaR^L_a z*t^C}w4qvY_8o(!8jTB0=cW!x8lSF}Z~Aa@Gvmz8`u2&~Pu3Cr>;WI?tPag;Zvhh{ zaVH0Yd(2q+?R3)@G(DQe!%AdE2cD3X8ZA^oyVSSRofs)p^3AWV>>L{6FikuGKG>Qb zN5MfUNvZ7HuoJ{Mt-ynqCBbistG-v%6R9iL4ozs7ZWV%naArK&tSOK%cfP1*ajaYa zULT}D4%G7}$=IhqBlL48fHzdk2SJyqifIh?pX_dl9G)03>C_Z`IkM0(l(lBkC_x^; zJ~Wh6_$p(RI)3J1W6(OGz}reFky>#%hdssqL8AeUHovW_Iy7(emN(Q&KTBm!_;q7@ zA>Vi&M^=PALR;MYq9ViSu>D6C^^DY<0@BxsO>e7DSdVbNe3Qg;_8WcU)IThY^(m|O zUE3wb%l;W(kK3@1TYAwu^Gn$m?VBw6U#AuPMztbZUJ?1g7=|HbNuGZ`Ww4pHD&3b} z*;=FI@cLo$3J`s*Bc$B_W9!f4@qAsE7l3LWAYV!cq(R=4RKb z{XGUQT$A(*f_uKrM=E2cW-BShV7lv%MiSTuH%{i!CV{TQu{je4M%IE_2lU@7@4g_k zCv%$zog-40;~Cz-A%QBSB7XKSTdA<|@ZMaxzYqD@<=y5ovsGO=kY+eA#Q5UTcL!dr zz*d6Zn(v#R;d6uk6LhNUo|edcSj3GpLm+Nb8=)>EH)Y;hcXAxu5P32f|IBdD&o+&x8WXtPzw-zl)Poh}SiB9TW0x9x@0vhWG6!i7F*zIv-W@s#nLWET^Ix(VJ z|*w6Cr`46MjqmxKkchwfKkCy%bvL+E-0RuPQ! ztQW1^l8{T)LrknZ%a~TGQiwWO#(XT{8uE)P`{jhC5OpXMx(}_X(4)in*tAqZn%;T9 zaZ9FmPW^ck+F;72Qr+N>M?Bjy##N=)aSQLXtoG8TDTnqEYpeHJG*@WXC(T2ZAjk&D z0xfj-Dz;PYS$$(Y0_!6_7`C=^Q#QUIrvLu*L+Hu*p8h7aj_=crA~hfJm}sKQc%W2bZW(ooRit)kO7-X-u}FHi-UJ3A*#&CAm< zBX)e1{YcPupiS3rK5{HsEV5X|CX&7OPMg78QTk4}`!%0FNUA#(kE0+%yw;yQ?f|hA ze9~9`TjxhU2Ls#g|HYnyOSQ}~l*O~D72nO;->y0~RJqZ~(@$-8Y?1!xK&_^Vc<>bY zBlWFhP7k)CmI0J9?Cq)r9@M)IHoF5zJ#QulANGa$$;;d_vm7t8vv#!EWFZ!^g)w{)nb50*3A3ex|QSAw0`JA0;DQ z#163$_kRvIIQqvr*EJwswBK!=R`yGjWGo|`eh=5X_-e{4*WK;te&d*@0C#_vi32R^ z+`Hp`dMw?-WaVIkN)j`w6XJ3D>?d14)ufB4Gy6MPM`4cKy=>ED_4e~iNLqUt6QEs} zu8$-tHefSKKOGie5^XNBt&$ zmhvA>=eLo4%=RJNn#7qQbl&DC{k<_LLU%EHXNQdZVw;x=OK14iKe!|uOc1TFJy<0O z-^C2iczgvz-VqvH2*QacXc4b{O*glI8?wi8{V}E~ef<5YP5w>X?2nuNe}DO}@jubu z{O@0j{tf{A*YTg&IG%C06;;3mqVAj4+W&pk0mV3 z0O3*k*7GN(3k+uKly*2 z@98=JkBC1jEq<&_p@<4C1PLtaELWvhv+^ebsZr%j?khgzBUjD|`;M)PRslo+ZlT;E z@1%6iC;x!JpkQM+7-$P+Un^h?@U3S^Vp4L7qgz~5EYK}IJ~c1Dpim|!E4wVmuc)fJ z#-+TzEUvP)rL|43p*}9Wy{Fd}5iz7QyE_Pld}4AEcd*Y0aS}ypVQOMlXMAGG37(t? zIe2(97!iMpj%o^j&S;VuQxYC`ii(a6qKh`kcD=oUD4M@fNtR3+{LLfp)zfg@>1xzG z9R_;ME~76p6RR7JOSlzmTHI$;!=L&GnO$7(knXhi<~`v zqS7i67dx3Wn$!_n95|IP1^W$SHh-HdThPHmm2UTd)P%wC^@yh%Zk_#>;jYCcC#SWt3`@UeVoD+ z7Rd(4nZz5jvb@1<;ONVNuvzAi#e&l{n7*tw$fp!K15%OPDJp0 z)iFl5s7pnP=A8j1b8EGVz+zDc7)0V|xMIRhc`cBW?)$3sScFVs1tPLFu22f2Fy{K3 zmnP?mfJiMb0@bfI8*`pwxT}Mt<(FuuMan4s8a;hTo&0#D}L%lTB$~)`%*GC6W%+p z`Yl!}GMwJ403aM2oXnhdsB0h|dD)}57~&*k`1sxHs}+Sf5w_%Csqzq3ZE6leB>s{* zC5!kh4>7Fb3@rVSNXAmCpWf+2NUTQw&7F??u&<#gk4WqC;}6%;p=L^y3p=ZQ_7Y0N zXY}9|uum&S=KAC=y9%`e*8N@vIHu@daWaHLU`rw5?_ggfu$DWqZm7XQxV~q@(2&oX zMdHn`SG!V%Sz3;q;WHd!saqqkX<};k_Ks2MoKu--gyTd4`MO2=+^KP+9O)4dua(;; zlQ_Qsa7F}L>ew;s7KD*05nPN_w%{slg>`{+=qdIot{D9!V2J>((HvJFdVvTGMoM1jnc}$Deg6I*+AM&vm)Wq*jbyq^+r&$zxzhUP z!C)r<&}KFUL_89OnpO>$XO#th#SuVV_6Y%cLmnRBid-Gs0}dI-DTO5WmXQI0ceFsn zs5pR9lL&+s&g9C(v5%fr^flCvzSjD95MJjt&?pk$JcFzm_-0#oEl--86G8`O1e>W3 zgd!S{Hqc#1;*nX(JELRtKNKA(-WGtgg&<{JxxX&`oZw6#Y_LL%U)*9s1^r0XN92+ib_;dh(nWRMpvSwHFbJXD`dSzMsC`8jwsHU3L^kBXMOgyIE~yaP=GTxEz(?)XKW@i zAK>!ySPb{qZW^2|1uyQlCG!+*VA8vMs$a}EmcN?khnZGPi6r}Bs{F48_ewFbQI2$| zu;{~58Ub&J2Q4K!0Ftqtx%OqIFp<=hnF>FzvEk)VIay{CEPgK){-a&a9 zI0KaPsS^8E%>WW~a_GAVSh*r0RUQX2z^(S>G}19@yF#%P>vD|Dw3uq~Ivax>DZ$9M zST1J!eWek(^c4#7iOaPGFYI??awLj@jCL@MF_1NjC{werOT^DT+(0m+6X9M0mZ4q; zme=;Ijzbyd$~O9t?F=@7q|2FU3&yJSAaeCL+7Y!M*NOH5DC}gl(;$_8u@pv1a2HuG z2=^0c!#`JRgDTqPf@>4GEf@Nl?3a>Pkz7XG83hnNUruWK6zv7_bZ1wgST1M#W?#=S z=x3FKM@N19a&&Q5{+=|5K9^|xjb>~d(UG+_dv)M9aTpm>BJk~1EqUpT5XR0-0E`hc z3Z0qwDudI-JDiO!LM#wIdm@_t84%9jh!4uL+!e5!R6OJl{;@(J$(%dec2a==UycBN zk#7RGQ4p`-6&vj&0Du;lheLhG>O{rJg*J#o>1!SF@hE7gR4&=s{p>=b9h1NE6%&|i z5Le!`NEY66G6LN31Oo%J-rWPM8bQ4^)n z012zn7`r~?wJ)!vCX-ww^e?TwZ1~k%Yw}zoZ8MR8Ie2wb69c!>S==C42~yyS?N?Pp z%|PKhd&Hosz8%_AL4>qMV9F(jdu6;0y^MG2_reSTzT5y@qu{scnQYnNOp8J#lFBP1 z%?l&FWxnYLz`LGof}*b=lnAMb9{K?Ix%XWIXat6KLmqbW=ZqyvtqfJGR^5AxW$WZS zt20^#@snrxXth01K29<4-Qwxn)djKRw7p|OkTl=A*!8n_FZBj|Uw0?@r%35gY(+t6 zA6g3~#S>`JZ{?wrs@55k5UaZ1M_-UmB^9rNzsI;eWR+Fbkz+~E3aXKoe+vG_&t0?9 zEdLolTs3{?OTHW}D$_4~M^!Ij4U`to+XO>;f1-pE4&AZIj<~Y(B2I93pQPc%Vh$9M zlLcA=2W!%;pX2_Ko$goYT?TyKGQs2aY9}`tt|Eb*_%lqMAMH2qFGX+!Yk#^&=P6Di z(Rayl5|{c5CFR#lzsWt5PUA<@?zvy8@lQ?rO0w)Rfr>L!H#xQ|XDZE&TC$V%6(Rp# znz6we-mZzG-fI&+MbajQ(9fIeReOzKy;pBvMD0Y0Ocxpx-58w@0MaLrLSlWll1WmJ zGeR8#8oul9pSmOeM!Zp9<(%;8^Z6EDGgLR41C~lL^lBnwW{IUFD^9N)*EbW?A2iY> zFqmk$lp#+1rBr;sL}7hVaG78|R6n%@&~F1_VA<-)$he(-$d_NNUeZK}nbYq(NxQR{ zTshgJfq;2JYM;=O#Dk8Z7|_+cZqZx@Oh6>GT)R%F1fp*DFhQPo&I3b0r~}nb36KhI z$N{FS6a{`G2iEbdl#emUFHy3BOq2wI{$|cjWJipeRWR+qo*V)q5kY#~CZf~81{DIxpaBrRcUrJ~uh`L8}OB z`)Y5a*6;Yf*A{@QWw$vBK^jIvhoB40QPF=wS_#oDOGC!$Q=^&z*nl}1lcm(-B8YN9 zWNsuz9G1VNuqDS-BOx;pMWuFKVeWXP0cri_25LmzP=@#t&~Qeeq$H4IK1j75&>(?- z!3`)h6E3-yUB;!_p^b4Q2d<6C5O2#C?)a_4@h(aOs}=}^Z!wz9VirRIs75gxa7JHN zVh++|fu8c;Xg!ohqzwV&GDhaf*h>2vQpaEt_5vkMcg0C}@JF+FJGA(|0`2~NOhR}P zjZ&VeYX#Agc${?bQg8wxT0&b&d>=@$EDs;k- z{4e&FBy3hF);KT$E6Ds9dK%k@6F!-p6>4<=G=ZC1Mq?!`t?@_+qyRv1#DS4T(rEm> z@K~W7t-#2&;!?Fh{3f6WJQPGE1*#UvSergh1I!!+nR$V7zNbrWr|00&<+r7qm8ECu zrYd~571UMTT}VFSghKWQu+F5Y`vYEm$Dm-f_U3>Zf33jE3L>ma3Bi-)@PD$fo*bJj zC`S-S91v2QlCqQ4UdBVwlP1Lq8VW}ggw?HHRn`v&=j�%*3r9Q&hzBNY$o!dV!O? zz&344<6dA6QeuL*94JyCfe{G@AYED{?T2HUE**m4T`GZQwwzN=#ZInlF5nl(|6=dG zqng^fweg)oNJ0xe^w7J~5d;jqBM2f@dX*+19Sptq-b1g_1f*)H(gZ}Rq9Ou|%syN&$?n5iT zuH{N6mGcW#(ju$dHY#m%b3XD^opXn-Ym;30lFKX)h=_q%um$@F5UQvM&s1|kz8ZB< zpk-LC?US!DS>1lOasjA;U`o_674vc=xq|FSu{?VDiVH=hg@t93?iJlkh2PfDMp3o* z+@LESC+f%+EXuE|JX0J>IM1M)5vElpG^UX;76{Usj+tDy}0-kobzQMpjD254d zrJXk*lvgYWIm^>zz1P$?U$4YyN79w0>#WC+0eUV6?3-sE+|Lqsqh`Vs8smXi7Adb{ z^jJaJ!^Zj}{&;xf4V1cC+f@D!i|mJA8&BlhEb*;xpym|XZAeQf?3ICQZyTyOh2psK zh`HTFuKkUFVvcJ&V{$uX@p<~`cD23s&;E%B7CkGuig61kK^8o}Fa^zgvs%)PbBR99 z@jmCzw3xS*n%>OQd3oObVM)xF4hs6RrWYYv$6%fQNcB}1H*@tl-LlEGl7^yeL|>#? za#!DGC!V>Uthdy|yw29W!lAhEqzX}FQc&P0UzD0zG~!le%u;7eR$IMRURBtA&aTLX ztSIETkf42wKLf;hh2#`6lxXNS)N+*9B{?4oz3g5wE7$|isL;feUUukxJ6W)#U2yGd z#dcBMoEucau*K&Jb%IdoqFbrJRG!I3&9+YSfifQDQ?`oW;6LcDCj%uXHhFGT29Uk00`@uRS3Ts$#iItA#3Zby_Z2^fk4Y-h1Eq1A*7H zfG!`GadK9rnpaJH>P~%C@_d>^?`vB{Tlu1#Uh-r~vY=#ha&`NMfrX|LqmJC-5NL8R zIM||HRJcS!vJ&o7ncz-+V$R&B)mAS()e^7I5W~;e|qd zv5gAlZ*`lQ!{x}5>9bAuhKG06^fV32W(x=BEo&*ms*TrkB~*vbs@?piTc6xN#9CsM z?=y<(%e&S$z}GBm@azt%uRPNp#BW&fsCQ6qW-u86iG|$$E?C2>Lm4u2*SN8si?!}- zry~VQaISxJ@KqzGX2|M_v|w1pJ9B9C7ur(h!f$QmM(^(k?pG;1oaE~x$<(>+QK(p9 zwV@Msd2kka{npnZmG%1fmhk1G>ZQ(_p@$3S~WC#*|vGgBc3$QEYKOy3uRA!$hpC+ilaiMibC-WkZow=#M z<)eR?l;t@z|Ad+5gGDX%<4hmhw(E(LT>Uu|XJ-Tl+h|!rSspF0U0KK%d4NoAA21n} zvCd^@DL(tUm51!XxqJCMuj8| z#Bzq(SpkUFrc9TsHz_XN8yFm7!cUd-9!*zFimuJvcy#V6xHBwY+@$}}OvRAGirjbD zWt|&Vg6xKUlUffaS0CMfuvTF@-}D19crJ66J*hsk6gnaJIE}1AaG?D2M`ti;BhM;<^4Y=`^U%z2}COo808fNMI@N zS&b1}^W`gBoE{tEN+bzi?^^ggf7Gb(J!DwddgF2$l)kTkscmI0S?lJ*UQL7Nk66aE z(rV5L_dxgYg5U1UuI7TalwTV4@{k!jDZ4R>!SR54pTrB7O4U+cN- z&UCCuvTwb0(nMCO&01p8Q~v2$4QKn_OyVmOveJ7^_1C6y*Q$z-i|gJNZ`a-4R@^snGW)f8Q3UchCI2Zoq-tl2o_SL!ab{XjX5wq!CsqSRi#P5D4~M_x&4k}` zbbG7O_J(`@jn2E~qK1K+Nl#(~XYC80d7xf16&sRKMtpA6<9VH>o7eLE)cwHWrgv`+ zcqm#}Y(bteKb zuLH|mKRn1dj4L+OdVNU19Vp*n8&ds1OTXJ%*QMX|fo*9+b52v0>f;sWw$p83UdxCV zfm)_EMiikvCoD%M7f(nG^{bzxE!g^eI&V;ov%YC}`jgbs;Z@t^?EX911h8XcsdsBO z?exct?MQd;CpJPuv4m9@%7+Sy?QNO^PBtrn`}pww!t2LtoYW(_w{H~(8|aHPeQe&% z?ETUnzEpRkDn_m^Zt!7oFvjETm-4mG&qe2{D9Ho|N;i%AZytABHB=lj)iL1vi~94( z7)N`0*Jud4G0dBnixfYHLZkQSP+0tf>9L2Ug}0f%f065-`vFr{JZ`a_N*B&Owd8ied>FRa#{YiH|VtYpk3KI0wXV7<+46b_)bmgR$K#=C+ze3K7~Zb zejiN;1b%#1Si5wjl-ZNH)$@d-1s)~vq|8Wp9AaT^rE6eoMJv7Wpx0w& z);3x4Jk?+j*NO6Q;6jFy#_2aX-|}D6GVw^HrD&bGH<1v>UJ828Ww%6*CsVeoQZ;$5 z>F$}5A^gIrmcvBpROk(CFnz3!23dMpx1i>$>3tCo|KKn8 z-tts2kTmc(!&y~hCCTD7TO?eaBgZ9g2dLv@9y)N|FH+H1TACwkzSPA$qJU7@onKYq zHpE!?PcLes$faq7{B6(G8TlDy*hRlusVqgscrGKrWWC3n*i=H#uEV76br_w);gb58 ziB&)ZTWG-RN8;wG5xybqWb2dpvezTBGTxRXk6}1j!o$8Cin~~(clf2e`|#!SXAVKe zdvE&r2f~|=sfM8Ur_~eCmk+!MVGj@WhLED`r~a%<_?w#}fB%8swg2bk6lmk-<>(Y- z|MUGnF-cizV$KIyX=w==2^neGpZOnTB&1~i z^#A|+Gxo<`{dND31cU*Iwu31fMEt~^#LDqpd}ed_XS#0fHYsAGXprD1U`-eSV@4miAX$t zOap&WNAPE#SdtSw|If;Se2mZu72g8^f_lS+t}}kUx5%o%-XLKHYxUCmH40x-#-D)O zH}P6vbs&&lIraQyH)ca1y6tBC&iC?XaLZk_Ns0cVaJfgY6x;Q#kDbii2j2#jQ zZ>{0(5x6S@>Pid=!O!1cc(Ay%yt2CX@X`9?Cr>w?Jr!hQ;{tZr$=MjW_La72uWWzV zhf=ZuZ$5r`gJqymIMX&Ucq2B|47{1l^>}gGWFI;`Q_rrRQ#%P z8RNcsT{Oq}+XG(?ch6$1=Pr*LL{M|PzumybM8TiF;zfx+Q=v>byk<*G4mkTjnSy1B zV0c2xkYEc^q<+Q^fZoG1Xo9bx@D(_c!9^@cwu4< zuRt6sfB@W*OC07R6#yPO&S{Ta6uPA>x#pAK&V_V(fX%HdaI{}y&A>gOcEP|(lv9bC zC)ULo46Op(<5s0rDudVqkfbRcDzW(sj#;Ks?InhU%l2}<*m}>~c-| zQfnX|yAX0&D>_ZGvm)5_jLiohTvmM7AUP}#-2j~5t)eO1 zRymsQy`+r_mzWxA>DZMN8_quQU_p*Zz$)Uz_za;_s8pOmDtjZ^7kXrVK=XKKzj}^D zh;Q^3Db)gmEVs-j*-9SOZ>QNxry6(nLqV3w!&J365`rhSgLq*CNJ2i-58iT}AZRyJ(PVCid`M zlhx)hP`uj}6)1W>n7xMr)kwo&@5qIw@HfqqA3`<_RDzd=bp~Ie>L4aK@UA>4*C#su zNldLIharR>e86M2xG6X@z1%z@p2q2{Srk(Mzf zK(;WKmy<4z2QaC+(M`pGCkQZS&0i`9LLXsaP&_E?m&$>zGG7IMsT>GSOS`MLYYM#Z zbnS)_(2%;P0kKpZ`a8Fb!^tM~sVCd;>&7$b_;V(11`*SnBzBRVdhe@{|Y|TmXv43R~dK zY*j3(*3GY1x6`WYE4|U0*y@wKPl?Utdc9j@r2hd&z2)KYaENquDigxAq;JOstU>u~ zrJ9vIoB0+V={_;7q$P$yJM&haS{}8?7z6RDvQ*Bx_djD_sf2V}LyDnW$`T>#dRMp( z%yG<}RRgy@pk$R)7b=`@Vx$i1Ld|AzmUn8Yuf?=Sctu_B1XpZxEa z!TUFV{0INz`pN%@wC}p}|6y!I7D!}%ME*zQd_=-WqW`=Wg^@A+vBhJ9~ZIe#fdH7FO{R^n>}9L_7Ix;kIK=9 zZTJIC5$5!X>J9;qzP$N*V&&*Ga-ivFcF%AsSh(G^_0sjIua{x zI(mYOw6sThkU78u9h?)Q($X{d;M6%ejJY|9Tz~^P7l{L95}LaNZO)ZlkY7-g+1h4^ z@<-EkQgc%#bA!=TRVnC}oBrMYJ?)cIYV@59oh?B;gW#%=u-iQM{O9~zrZ=8R)A-YD zxzh0TRS&EM`Cs9A;jpv4`T0lyb$m?w?K=;-|5rMs8BCm1=Ueo~+ov&MDDF*+V|`{P zIRd7$K5_ppt3|*mXG}(2)nv9T%}E9it;niuj+nz`W!{^$_lnQ>yYb}JleK!a%jx!k>_)8qRv~&QBY1*dn69s zbQZ(FAfQQjNaT}7dEYqj4aPR@M^~h}6(U_waiQQySC0Nf2B75G4SO~?>lqXUzR~(I zf_3W@JqG9c)VK7#nT2%|dvq(hmtl1KD&>q(`BBkJ192i<)YZe}; z)q^;zBtTCeWEq|_#LDaJlaR#J_L&Vg5SDGA}ks!#GApH>S0ar^B1Y0F2 zN0B(5f$$%KYyt4HT-!x3X##%~2!zkV`t#ED(j#K-pIH$!y% zDl0IE-s82e%)kPXK3NCYjO9qdos=h_K3gtF_e;^CA#hvLAahJZbr#>QD}9N5mjPF(JdT*4%Hi9QJ6KuBS+*Hy|iZ~|N%1w#=aR(W*dRdY1Iy}u5x zNIOp|pmUOeKnKGLg3&%&Ac{pfl?dgmj521+FG!J&c;B;4kOw;(4;_6jZwodR#}>V< zH_u_d9N7CwVqd;VBbJn)!S!X5(=|s}1ycAhM2Npkq`<+XKkZUw0uxupYY+{4NA1nd zGuN<8$J=NN!DFFK-$>gKi59my5yR*F?FPYDg*Yx9K2t`zinNY>&{^B#Vp)0(@1VE)er;ZGiEs^nO!BZliM1S4f_Sc4& zFycO;m%GLQ8LnMl3x-g2v#jBY({Lcep32M`%u~#^1-T=FwSDqB7bJm@3eYqeB-R@Q zBFTgG3-dd})f63CcHtVFijfMtn2cjlkHUGUPy(6xR5gKC>%5wIkS(a~ zDy}DNg3f$`^)o&`jwB%xDg;U;rCKb%)q7r-$Gnh%rYfd26C?g$P3^JI8Hflv11=+C zK&fpg%WXCVg&lEHhVu4MAD~DqkZ_@-qfsuUog_(D0we++kNV$JO!;4v|1RD(F1}7q zUZ;MSEBJ5Nf5c>o$sYdF{v#z#ObLMz`&$X}$6vYT=WpkW!2nmBy#8t9c8;EI|NM!6 z`t|>IQJ_n+yFYKy?fhzES-P z`Tw&|qW#B~^QZi;M*yVi1JIi@k#_fEd{3us%p^}XNob2{H8Z4S9NmW|6LhIp&A~}d zv#uEFGw@Mc^;5-jyCXvnupL&XCufv1AWZX2(T0c_5ivD{H4haVIV>?LIVCmaXYnx> zehLm-yTYR4l41zTlNaJ3>T{YrKmn#}VtS#Omd#72E|8YIhg{`st3-&ZdJLCvCp1Em z24vumz|tuB(MJyPpy-jm+J9(o!NAmlTiZJ?cK1k_SPQD&9=v=1UYLrP!+zBL*d6`t z>*mu``S9B;yPw$fKSl z+%OXYM^WT7MR`*};Od+Ek*YfrJhglZF-My`C{pn{PA(%IvXp8A8@-9m95@%~vJ{;* zp{r@7)pl@Ghi5M;k&GInZ86<_!}1pOOxizT`+xgi_^;vL&&kf$!PUko$j;Np!|AtH zf#1TvBr(|IFYzxeODqZaC;tC-y8iGhzv90gAO~>&LE8TUr9bar!EG_=4b!iws!BR7 z(1xp+;{EUvw3l6-Aa_wgJZZ9{TnoR)_{!|fj_WUbaKp@G)s;0C-8SzolHFEnEc?h6 zPF`Nk+toqg9NhQzBWs0p(<06N{o}l6?`4eRQ_g=3>%8-k5#3`i&KHzWP~S7rBl`^2 z>*6r6vHU_daLr7>jdVBBo{8V|#S#-TKCm;Rq4&!!{AEGBd%$6#TLW{IMe&l(7a?kq zfz_AHmdyh*>k3Byd*tgMK4E`wga5zq?@hD;`2H69e~11rF7?;=my-B1|Mwp}(|^CY z|Iq&#e#UMSy4yAesjJ zzPk~Xeme(0@E)dkQr*^wxKCMc|>Vh zIsRw-S4{<`-Y=&~7m4C)BUL4B>!ODvF0mGH*5AHE7#bcK9YT*yOioSD5cqlMnin*Y zU0odloqTXORU6f%uoV8SEgoJ7AB1=N^_#Z`TTs6J1MUy+-f)9oe&pu{ww_JrQxORM zpfU=cf^=vi@PLal_#=i9Y}VU(Z`hTW79I!#;UzOODztrhwZ^#tJkL-L7^r4Zo>e2z z3R;(mxMVz5JjoSQ-w%6X2vtioWu-Ig^M^dBp^P(;6xW6~!`5uIV=v|+xlLZH6`-(Q zY5>igPJ&u716DVOTW1~$$L$~@0NplG#{8HB8qnfHQARA=!yHk&j*gCY5;HId2yd2H6L`#)JzoSuF9^e$3n%b>gbbKPyp>wU(x?V)Z;U|r%MWggTsG%u z;&=fuIci9f%MV$Z8pNHKdMI4tXXrcsAMTWA#LolgXy05|R`o!c5?&pRvgj3f1Xe`&(cJXn-%ttqs(#FY;m1hsD>GJi(e>k85 z#44W~%J0PTs^pq#*b(Zhbg=FXYCMEoRAUh?S3_U`tW0e=TUHX#m5o8p>EvQQcJWLEEUFA%gZ>Du?|f<&(LDj`XQgesu=ZD^N*Ta~;N ziI0oHV$uN{fT%ihmE%r(B<}Wf@0(ueG80?Ie5nO2{gx}e^ZT?9Vem~XbMdWwRl!?& z+7PL`zK=Y6gO|t@R4QK?tgBHteU|i*RQvomsETEE+4qh^PM`Br&O|9j`-#t+DY9>R zv;`^f#tIR+)<@f>xQ|CWC4sZIj6&!1c|isFN+cw6XR5!xY`*p8>#MfAr;hhKSG?Sg z_oHdWBKHQ)4FNDC*y(Qvqm16)-c9hgetSP7TOJ0?(~4O?8oX2Z;49KTooyLx*%*@(%BiP_kD`}=!)+SuFu4$1%PYW*AhUqVbw=C9DB9)bue<4?YJ_|rj%pmJO#HO^H z*m!sE^`F=Zq;1uixi+@YnBMjgiRZuaH0b$k*tz9id`8D1lMA6DE7wZiZ>-8+$X%(m zN#I(4m;D`j(LfIi++03+Fxx?8IdmkHQXI7!WK%NhvU-RU4-NOf9vKuJ;~f`ooS3BJ zoZ)Jpn#b&wZIGKEUs#msUTRW~S1GCDt*I5rYCd1z5Y*Hv)866O*=1hYqtw?gc9?Wct*ZnR^M7^KuIhqL!9rSJyCe>zigHPc_D$Q*Q4l?Cz1j+AnB%J3RQF z?ajwy(a%T5B;D`Gp1*x67YX4X&1Mv{Yl=EymM^Kd#|?=;6KL%3;XSF+2x8R?`sOOW z6_?2&9U>`M1xzIho8R_H6my!%kTPEG9g(P;EkD3am1w_xFpo)}ln4nA^ z2=1|oq3!K~r3lE#R#?(^_+reZ_&z-MQ>K)vmQ>%-s!YMB)@vs+=YhDgh06qZa%0RJ zcs$IK3V6=RL_}9<*nuVZ)SY~omO0A}1_=}ZU_t+E8zOUi6 zjC6j!#S<|rAy6K(y7oB#_zW|B^+zrF@ghp|5L8vvq#S?ETUYt1vg`yMl7@_e5c>L( z%1i;(dL2eyxRO4x@I(8jt5;6-c7L63?mT7DP^ZOKB-H*M!6MW#U4- zz3;k^U;81@*fQ!Jy`F68;nZ8_$KLnE=2W}!F6lRnS3VFkEu8(MR+B&5`G0K${ssB( z=VRyad({5_9E#tN|6*c)Q~yg+T=viX|Nk7nf9J`s@}F2|>8JgVco2pEUr76(cK|S0 z?H_xP{PMLwKmH#bf&V`Ke`*51ZS(uD!|_}Amy!Hy`=5lg_@DN_|2l;Kw)3C(m$g&* zb^njp3$czK1q#KC!Eg%;^NWd{I(3TZ!XPg%uWV>&U~6mP<6~oE<8uAFe|maAKme}1 zJhip8h3}^-l2!b*UMG@mdi_R7z4TA_F z>CueTB&5`|3`jBt21s>&A$1rn;tFGAIHM3MnIeyovBBe;@yDUPP}yFDL)szXtpU{>3GK#(eyR|DU9k*q`+u z{u4I;&XZs9kNaEv|KZ>#{)%7l|FbV5{x|rNRy*nb5B^1net)gX?Ru-b-bEA7G=AFa z*ElP`II&I={r)`VB)BO$r(TD+r0wv%7cHL7q;L-M>d%f}2sOA<`0{Ar)fN}}2Mijb z3BC>|7lx7}uS3*n$PtpXkRXK1>C`hZxEk=pj&=dWIny0EWt=fkUVsQo!jMsdnh7 z)@}=JGceL6P|$p!8_E(P|M&`O)`oK@Idc_GqbHdG*xU*eqVb5v?6N?wJt!K&)&My0 zHTsaQubMB1d&n4=Po(g&I@V`$;LX-%!3Y8nLWQosVz{tygMOHN@j26>idqh_a1cIF znQPGY6zHINDY$2pQKoGuvYHq5wMw#2Fe?8aO8Jf|_|ZR^+BtJ7YR=W1)8 z4Ai7*QVom1pYfov1Ot+(Czq9NGOR$6k+2TM%9%!1fg7Y%bOcSoCkxTh@7h-uk<0fN z0aY5UO|uB_b^QBevgVA1MAODLa3nZND`3)j*er_%fSMiP^{<2Q^zz^YM+CHADnOg$ zR?IboL?gMg1z3-yIx1zpd4o9)wrZvf9y61*p&MMIgOkOYII3n{?>W%Sl0CZrD68(H z3=UL_J|LX(rQq5raLjYtDRixE*eUYp7F7KoT3r8~!2N^T{_n5<9!}2w4%d7Gem@EP zjrCtllIZOHSL?sDwA7#eAAisk|I=oEUH>Toqo4j?#Df!!vbb>J&mqaqNlz;%E&(|Iv~m6YN&4^O-^(t*-p0W(^g!`|}wrgbm)e zE_zCbX=dQeS&8V=qxe)uH-kzOtdS2|B>PWG@*g}q|NiFwb^QPC?cd*u{}TIq_?P_C z{`2pjd}0s(3jTj!3EGhe=_~rH7L=uC|K zyyolX5dE^q_+!MbwfJ^SNH#k90p2=6Ygu)NrZH!llNyw}Z!$Q=%dHGP zw*W)pcki=P#6MKdXkJpM*q}(zWq4buG8lGx*3~=edSsNhZJZ}ZP}~)4Gv1DN>W;AYZrSOn8J@VNlKNZkCifJWQ=8$ zj{@o*M8X%u?sgs2ils=I9bA8i93>Tm;$?LyM#(62s%t6hcbjg|bdo_k5Pnv;z^;Ra zv}d@Fk;}axpRYW0z#KV7A%GoT0#J`a6r>hdZFe`O)k%v_;5A=V5VYlPl>0n}#@h~R z*IPH$X=)536G5jr0<03s9E{lMYsgF|D1 z4Wd4f*k?lrHotq1ACO9f45_pv2uiIl-xE{ zu;dFC`lpWf4`KcfZ~XVye{UZruRtd!V!WK=?_2(Vi~mUy0|5U@|C17v`P2XJAI{ky zdE?jhKM0@&b^yTMl*`o&T@_C!BqSstAh2`;#>~uYuFrH)k9V+`@}f4qf}DtkBGda( z$aWtr$)8z}kBN(mEBp!@4-XGJJ3A{YD<2T1b6N~;tzhtF{Y(QkpWy8u~baC@jwg{RbeU_yd0hrPeY-k#HrYv0W>t< zNakmeiRY$Fo$V4jV$jmvidj5JE1%>%U#r&1qN#I2#4rwYS ze)$!J(!CkQdaeeVPT;X(yvWqYw8O7aG@EA?j_{Fq4KOJs>chkaJ`%?cH(>S1;H<=< zr48mS0(2Z&%vRjVS=xq3Rg&bT#!iCpc{Dqfs*m)E!LX_*lr0V5q$_ehR zI&iAQ>c$9M_6e4=P}<VEAz#Xq`~$jgoKyQXPaEuT@EM4*qkwi z6x-N{hDqcY3dACV8Y1zh2MnLXNqjcyo4F^YTL--d%d1A*51pav5o8Ah#DK+uNTxrLMV^4rEI#7n^oAwx?$U>)Ty-Ha z!9}*|(ugTTMb7IfPrwEg+DFOaHWnR8*mcy_Hz=I+CR-jz9LjQ?c9C~I0 zN?m|O7#!e^x#y_NA_vKQ56-n~+ga!osL)?Nz&!^|B3thdGcT*gNzT|&1Wu?jbhmND zWY~EC{z}&9cL^HRoY2w>Ov;#diG2c4x;m{fp(I08kP5=3v$zvh3^L}C7C{P(|MzW=((U-{nv_}owZpQz{mnztz* z0DQc?^YZeD4qR6$D4LVtoSYZ}fuIWj8~|W<9`^Y0V`8}HUwDfCY=dYAn4b_N>pAm^ z7!$J2okFw?5@SL3tUM+9KkdFxX`RG?n=}k|4CY$Lq4a+*Ttr-N&L@K6A zc`G-3-rN^8zO&g`q$blJyW3^86!FOIUGG4|TN}7J9WufjaXuvBtZ_^VV_af}d~#|` zdS*y=PIz9vZDEl$GBO%(6<=D**HGWo9NyAu*xnJ)*(GwqXg1 zN%-_M1!iKn>s%GdIoq(WxmA@7br2snNm4#JDR8<^zaO!z3Of{=0r7VKZv>tnaUtd zteruVJ}D=_BxApuVGU9J*gV*|enS7~JnSx?dN#Fg{KeuCN(h8Kgd zBMOF>GM#aS(rX}ereqUZ>C#|<{$`}WgIhkCX(iL`dyynTOuN#FGM=PO5pqYCuQnqu z`BMzET%pTjOM@Q6X!CeJHg0vDQy707=3iajAH;|wA6&5-B-FPX%!07uV9*1avueOb za{2fxErFQ6B6X+frjMJ7gy6%w=b%~qbt-sl=W!|E>MFR&`rL z#%@re($>gr_V)hInYSNF`@hgA4Z7OTdd`+pdMhb!_mm+&^NDMXHP|K$?(D-vcddXC z0i?l>PrtoXqC7#Lr=S|EJTgLU7m*fW;%{UWPE3!B!OagK#79zAU2*l zUi8y=Q69ofT)wO8vtUM()mbyJtyyg5YppYobPTM<0sciyj5SG+eSS2;5!8NxLF)}< z8)+Jsm(R{+;AX^5A;fKmREY{iWG7Q2>>ScRD!-6tY^1N@a-Y&HcQs?K;bOGnL&RLS z?U1cvcJl260^9|d1Onrped0r2m678wbG#8%>?O%FPOc`o|K(!7#QYIIi(88vUv&(F zj%_m=kNY0%H1h`5*HulXiPBU@r-8rc@>l)ZRL+K|lg3#-3899-ICW9drw#lNFVNPP zYS#OgRW-6Ek!o0>v4ot!AiKLt^g_zrO< zV>J_=4cOb&>AVj|L%h>6+-z1Z>>o=D+npO#IqAZ_%)m zbIgVu46HtbSOOd(R1J__iH`mrV+f`c16>41D$$GKB@K0>w%=$berw10eSPo@l&u8@ zmuv#4VPft> zK0!1k@J1-dAREk+)gkGQx2fD_6=bEkIB8}~1pm=9qnCHdxL_~~5wXpi)vnov(mPPc zn|W2I2yNZgq7dpRGg!&WS;7VY5yLovnn5a0Zd^z{9kfDUb&-^WaQXv|_CYPs(YE;0DlW{~)%QMEoDSQJrf!20j7#hfOSb)mQiOCO zWycQ+d4mL3q7t-Ej~`M>St^^6YE5#A-z?`nQ(WqE2%VMNA`3H|6Vct(WJVG)%cJ4QOAfo$Q-imkAH`=mI zU7~BQ9^NE@Wp(Zv4spqNzjUYw8sLvYS2JbA4s>X>mQ;Vp;!K0wCKRt&MdEPxp#&cw zPuCJm%fAhL0k@x+2)cKTb2Z#d4Hs3X{m3;W5u{R1f+c_biHqjCS+VJ?Z?(CttHuH+ zY_q=A5B5xl?95!Shyu^WtPvWl?OVAOr!w#a|EtDPG?n{>rL)-2+&Z65Ys;`qo2mpm zI_KkiVY;Vat9{zHIviS95~5Xe*&exqs^T9xpH{oHF~4*HA4eIdpXY658mWV>^f<)q_RR4V{x)zgvFo<{Nd!$Xj~iU6D6aY?~UE*SlkHol!}MQ;U@E z{(5RppPtPC8HB!-)qSIi#REu0hXA)JmPR8kKHUz_$=6b6*KL#)FU+SCqYX6(zqO&z zxH|y5Y(0^YdeU@G-t(pH-MDT9K4HsU_5Ng8V*u%?Z#81iSlZQC&MaH{oNZV*HEUju zqwIfU{=xYY{m0uOJw`XYD>RZTZIU2mx=*$!Tpw>V5me|KB}ZAf0vte z5YEBTNI^2N0CoJj8KS39K}>=BLadDUjg`*R^BX}I+<{OLf9E53)WEBU>)Y2c97kqR z1Ij_^ch%sZ=BF*>d(&n<@d`YG7f?2ySNYzv#NI8fgw?rpq4Uuu<#CVPx)WW3d1w6k zE@kM^cILCQQ4kyFyL&&hAAPcX`t1q6k8afT9Wjir9z*n@Gs*+dGMjjy7 z6MdD^eEbQIVUHIzG^xNfJ|G%IZ4#ZPV&qY0Fz=$JGXc5|(`puo;XYs>L;GI8>w3B8 zYQsmvja%2#wy(>Q;PyFjD$>CZx8m~S%=I(vA7zRoq7rhdRf+SFRba(!>&W&#%7~8P zVIHV%L2Q&?VTzj4bS1!&G~61dYk6eGvds|yw_VJUZPIeRF_F}^8r0bn({&W{UEtbR zC*Z|9l0kG(u%EAQ0yt?oHtKWi!mdhmo<^#=_~M~WTVz~CO`Oq09LqIT_Ai-cxj1d= zl+_)^tt?F8VQNvfsT5P<)V9aiMfUq~p$j$I4_5^b=0TA#El$StO~#<9OX)x_7%Fai z4t|nh+5=wIbUgt19Ar6lOvG#kX6!GAmDDA_)>JhXGzlKb5>fTC(z^bdE|_OU6)kJ= zGR`t7fClZB%%dH^*I)q8gSf6)&V2CNaf}iDbVW8!fn>;@s>fc+6lDo0P2Vrj`sl}k z�%4Qe8P$(2x!GNjw`Yuh^h{%_p&G-b%s@bhw=O{s?Q~k{&*$zSpfFh|) znRge9uiU6 zOKRg|E($+As9ehDEOQ{f`H@6GT7ydGci&04={{p$D>Y+}tvj&(i&sY3q zgY1$?w5B}*e<4`H&J4K3S$%~i-`J6}y-i0di9wZzL4_NmK{6ivgd2I|nz%udU$cxN z|EOPB&y{Z=#Z}{STt>6C4t-Ui3g#dyLfPuk6rQ$HRFGD(^d@%a=-ktz6TX!HkG=1J zYbx0uPD1ZRP{ekLN>Lz%UV?;<0wSPdg#ZB}Aqh!nR+?QDdsplov6r=A*Hzcv8}?pS zT}4-y@663jNCJqu?!NbbpZs=Ba_`)kGiPQ_Kj(UOA627Mbh>lcs)|pZG1!spni&Jx z8`|~Iojg1=ChnJz63tblHPhRC2*5Di-0h1;Ep4V}HNm9Ygf4SpsRbi~rf6BLS+dz7 zjbSl$c1V8n<%?Q|55L+W)^dqY)hx=fyM6l6ef={A_8U~V%OZYLs)Qbt;CxAPJ386# zmqO+Ra;15@plizogWawV)+~#k>V9nM9*?Q9(qPG;6{$XpT6`qU)1C3#rQtT)DvL*l z_Kv4$TeV-4*r)Yo5%15HrFM&l`e?Y`*OllDa-eT}e^kWuo|pBQl&;B5e>-mY+z#{N z<0*eGX@75PlJ08i+)?N6InJFdmcA-{7rk>8V}&2d<7Rwq^j~j`mmHWq{}?}Oy0LF4;$_T91}{7`WqBgQA)XZ*>2gIiA9 zH#{WZ?D*IY<9l{2*f=zFa)#c9F4nuw|DwNp%97hYy9*Pei^o?KV(H1h>`9t6E~j{& zliuEd66@8KZQga8Tr+;>3z7a6W_abFe615Y8-LjxvtlZm- z5cKmm%sw4*b=+LjbBAXfJJh}0^f5znOZrfx)JuLt4+{^`N}YFqv|G?_bBA$~V!o1J-Fp9Qx?9Wp1BZZ)i0Hg%<_==gSPGYbK7W31CM)7JEshGq#X6x zwYsQGr`R`cg5!Z>LpF9}dug~Vrv~nw6jU+G_t3)GvmGk!R=kovN#~cGBfI`?Jg~p{ zBC*pNzUC{k(K*ubZCKYA&&=)4`42zG98)msw~khOJ9d*SYu#qv!ImQ3o!jFm&rdmF zt>K-c$A8xh8k*$X$E)znso_1=#k6i7{I2xW(jlj`CTh=fDJ%|eCo=c9Yu_gE`1&dB zWAEy8zF}fpdiIx|oolY^-Sjt{p8u;p^=vEu({V-TtgBr0^C*t9k7xLw%%L+wGIe5x zoN?<>TXa2--)3D=+Wo0^My=*PGwiU=+G2oK<OGFJ*QmPuu=;X;(;34z9GoS+)Z4Iah5y7~-T22$y#m&dcZx2Tp7u}WT$xjT z)s2Zgoua)qQZLWuifNl;8;zzOnR+GiS(n|V{qOjCFE%paJU@4e?l$P8$)U{4v`yDp zrVdLNSq?gDwsqLGE%a6APxrJeJ-P7nH5$f`n5KIUf4XyhH{)j2nO5g| zIA)U{{PujnJ#Om=R zbNG|Zevh`^e7OBDyUL2Y8*iGgxcFf40+Vuq$(#k2hy09>>@hg@m(lUR9?$bT+h?8Q zfdwXK25Mgr7+<=nb!Fg#PiLQVDxcHyo~|-}apv^XjZ>cf!g};zpu@=rNgJ&-?>1Vkh%YkWbX{f!-MAxK+p@!kcAc}>>ykWXKTWIzj(O*M%f6#K$OkI+8 z3w_euBFpB-NqRe*n^rl^SlDUC#*xi6Hdtz2ns-(2j<%lBNYgu2+H)7^YW%)Nccf9x z$U@VuV_i~e`S={l%E@!F~37C z-9B5FY!^1azkb~5u@p+-NzaLEPh(x9TC`a1wDT2q`xtv!hYhbrt_q-(oOFyfjeZtG zS=yQ`O_F7D>drcQp^9YFonk(#Q#SeP_R$OUSt89t%eGl+IERZ{K8~@OzP7LZ)4=HG zG)u2qXYcI}Q$}VEN*J)XYSO;g4N+d7H*%}V+@38kEdNN%e*1&$y&s;(<=i-D`SR0( z)E?bd>0f-_Vb}2ZCvGH>g?qT^+r*p|`ZmSGwW{6N?FMXRk2GJGbbr$*i})>rp7`{! zed35kmye&7dHPb)*o|dnH>wK8&vbknm-YL)o*7n*K4bQb!bpDiBFTvc+Wg|)1{90S zl-BJ!b+C^}8)0gSwYBJ#etV=<>dM=rTIW1kG}`8;bNL4x?62(N+v&ep@|9)(6%aH< z|2^E*{l83?pY?wf==(>%$mstLW%_Sws*hn7K>X?SHbDIS{q3To89@0H6MaOYV4(aX zMnp}T)Eg*2ko|=VIqTPF?A@Dv>ePr^x5mgQ|I3$C@X8CyvQmEHUF`P8v)qWAG*L(5M_6f`j>!4om0jsko51bJEvTjo8 zp_+`TZE!6@L-(%x+s&jo<|N(p@>K!eTFq<| zqwish0u6T+aLS^q{r8VFGVfIB$u1(5SlRZv{6|sSk;8QKYa_}YnN}6(?g*jg?Kn%O zL>dpIEWvKK8qc@TE?HZ0Op7(O)1!_)r(-Wg=$*92!e%vlQZnwP)Zu#Xz}OB&JExGx zr)(^A)v^$G)YPr&HB$Q~J?OaB%;_4NtgUV*bs!&D(c)nLp7GLdy$k!BRZTogDw}@2 zzqz$%Ikr}dl}T9|oL<;jGLU3L#;WdDu`A9DY;kX~DE3k(qulm!qVi%(`sH~cv<_=; zH@gvGsj2IE$)D6&Ylf@k`-}cFoKNo`oFoeK(T>+Y8PB5RthRGJbxrg1)P9Nn+Yd>Kkdg&%xbOhg4f=Yk5BKf#zk0xb7Zr^j!B1Ud+oq;o8aS{Ylym!!pBuoeb%H z0?cQ>u_4{8G%qt)6L+a?=A%f_r4A2`MjankDUGF0bT2#ltENV4ERuC(Yz*1%VLEfH z{~ZRsoT21-}z4-eYw8LaI02Ho%}D7x-)tf6!xx^Zly#Rb+}^` z-YLvuQS#xnmFCI6X6n zz&fnbKll|rXGP{L0p;H4b#br8I{le`$ELGoP*<$;Set(SY@^l>COH;uonk!H;GLG_ zS{do+;AQ$djhI#3rQzd_7aSpz;yPQ+n^WTJ7#u7;RmXD*2MQ%Or*!LX`#B!o0m?ATxYvt zEwh<{Xv^#4^dpXMPPks;zd1=OQRc7TPX8qWE+<0-0pMS)0W?AXnG9F;`cF{*^=JK; zf0XXaJD0`(gvjE*A)LBTM9T{mDC`^Jze8B9AP^ivw}%aCliaJllw$#5-w^QKEuhuf zQX@sc_gG2GJ@ZUD*;yZ3re7*GhFI|VMaGl!%zH)JE*{lv!xVD}2WNRZg$39TjA;w8 zXqf19a*9aQQ*^tSVHVL1cF1n`2SY?H(Cp|`0r8e^x94st2cRaTkB~>t^MY< zXDyi3#lUX?tHgJ%pN;OqvATY~Ya#r*y`NiK24mS|*4!OSi&hx8&26{ymr*Nx_Z}Uy z!j0tIk<`kynV;(dUmJrp<_8U|8FM>c+`gcLpAKm;X6@?NtS!sVz-IpA4(6`9j5!9C zb3UK0Tt(5PXm+ZpdGd{fJ|WRvca&zFv9rBqkJtVodUKZU5KaEI%C@DSu2r>e`}Up4hC_8poToOU=e80r zeZ8ot>ZE?V<=H7(RsLkdxz^WTkpr|YWvr|fn+95vr%$ppgJhtxtbIn!EvzqJNZ%GP zYK7Ur6Ty`h1BrZ?+ycp_ODo43TUb1@F?PW27aOg9{D+kx$@Eo#PK*8S1$lRS z&^6wt%wRB>y zcVnV84NDwS%Qg&HdB3!m{uT1n!TX}S8afrVyf=>>!&_0t+sG>*Cxle5SjhP;-)?%w zIIru;qSq}8rzJ6ur7tN9c`_i`>Em`g^6;+t`<6`h-pL!-jdd|_vEPhAPgae1Fug^< zv={eRuNk_a)6-Smb~qee>9}Y0(~6xhc4UO^sKWTpjC;R6-LP|F_S2Pz^q)FbwqbQ% zxA|b(yJNRp>ecGm=5uF*bRDWkb$+q^&hUP^J06Yd7l!@J%97LC|HjYn;Q!xR{L@ zsoefkz*%3Kv3E}PsTCt`ZI;`A_Tl!Q-x{?4ps^aX|77`hD0BO3?ui2hozZ)rr*QL9 z3R)Z%cU{*vYr=8+_PYn~t#-J(BfsR-qqomCY%sm>s^&`clxr`0H5-1)W5GZT9UY3J zmW~!p*Q}X^xlyxbRwXn_QIUZWRDT_BVVpK&b|;FFQPCLBd5gpCX~x!-8#b8H46LlI z^|x7DGITdq8gw$S-mcqC-{^=VrAoik`VB_GW|iF>Xw58_TUwiqvp(lcp;%ZK>fB^d z%ywEgvo>FH-+F48#-Vqejm;3CV{CuG(q?4{>7*gfWo@C*TM5B98 zNWDY)mkjixY%L28(Yg`z+Q;DHb6=) z4+gIe;q)0lysCs8HoCB=p!bC3lme&nq9a!~p5zTav)+Hp&{ySueC|1ER%+6I-;7bi z688y7&4hj~ue&)O*mPfHWa_`RkbbzMfyL<+o2GH|m*$zRZf=yhMfYU?ZU>F4uC8qU zfMnWbMmv&k7WI$U7rm@bzwREcAEXt2r}sJE0CESwTCv7e3zx#eW<3ko9-}|!M3wC2 zU=t%8SG_y#WVCBVPlm>I?Ww(j;#CxR+g z`SpqDx{4kZB+3K*vBJ(?iT9frBRa9Ox)byg? zv~kiDJH+>j9OSSfERM>-J`P=7ge`F_Yu$I)!A?)tZoW9^>ALL?KwjSUZg9x|jT)2R zLH~s!w{$M&Ym@(*rvEO$0MzKe3)ACg{ilD8{(EtT$?QL1X@OLKNc#s%j*n}rwB9Yi z3Is&~d^|gYAqYwUKxqId2N3Gl0xUvc3u@J>6=eH^AqZ?fHa0e3DT4feu=YS*0H_53 zCZNI$v-yR_V5pIBnnC`57~38)|Dlcm7=^%U1a_o>J=%g{XJWPqn1jIn1Nr~L#CD>A zrXxj`b4M70Eoj?xT`&Ye6#ys!09GKd7eP^giZT;0`}~jQ|D&}~v;Uy{|FX$brk0Sg zak@IwN_4%*lkEH!FVor@Lr*l0*+WvG*G|K)#y`5-I;Z&#wbd1|$G5g5&2Vn>Y0VB&$)pMC z%{=GzU|UR_lg_38IU{L6C#{j4v7;-ibh>4jG%r85;cmNPy%A1yAD^oA!SjsU4z0$< zkuHy3J=EfK^#Lv8uTxEVK#^sf`#AlbpDYUs4OgxhXQ02}&`r$~mN|1xC|4^BO{@#F3&_)NH1{vE zPW1eh#N2+rAkii0-0b1zHPHvOPS7jcl54Z<<0;M&;3N2`H+Ful33JR@lD;1w%wn3` zdlwBcJiWYd#^xRLj^t*hW#vZCALs5H5zDMj*7dt8+Nasvs*393RCBse*Dt8N?GR@_ z|H2u5A#|=@v!m5ymn_@zlck1X1xrUzs`UyAY@)Gyk`H8ztaakh!(z=3yQ9-|Y;^re z%TA0T9T@RpUv;60`?RiA+LY4|mK)WME$E<6;-9Wcun}0>jW;`3Sv222>WPMqdAwDj z=9>Ma6rrk57)OYg+iI6*pHuymE+*VdHUN0$pKPmHDR8{>ApdZ7u;-@n3y zYHC_xV((9XX<%OYt~c4-0=9JZY6G^8_f>~|bH!8a0}PJjhyrWp*K)AJC4PArd76F7 ztJU+ZT6fYnoMBxVXyVc#u}ZT=e~e6S=^xF|w(?IDNVJb)F29_J#K@XKw@B~;%yy;Z z1D#DH{m%xqH)3m>r|-(TV4hOG<-DnHd!t&?N31Pgpw&FD zO56KY;hWj);Hb^N`7B+nf=d@ zq>JAFcw!l;dJAdxP?EnZ2`VZn{#5e(QCpG*7T?~C+3_%WOh;1Jto3EVr~8oYC*F5A zUl^3#awUDDZO5PIU4g#;<}Y7${w17D5g$}ONrFVmk@Aug7~f<7Y|8%U&Zu|(8O)#d zzkg-h$j<*((lm7bYfr%Y-~OuoeOv8aaqZQR+Q(CB&)e0$zo>HlQCoQbE7SqU-~YNB zuk``%eSXHf{ghX6tzez+F~9inhliS-I_>YfAWZ*Av%+)sy~@+( z`_>#=u&+ni+jlDHYc)UQkKTz#ZPz^8 z7=6P1>9b9zLpnd-e7;x4^DUQC*F4{PJ?H83ZMggU-i(YFJ02}x^J3?-txsS4^6GHs zm%H9x%y_xG=E0hmdp^B;`f@Kx$MF^DG5lBibnUK3Q2s;w^84sN^M}%ZmwNsm7Y6fZ z{pbGx{Rb8RZ|vK)tu`d2RwAi&aHyR+wf54b@1g&#&7O_g^Rjq<1-<6EZc!Bp=)eB> zd;U26ud2rBzgFSX6L)?qTXP%p7hlm@xCqPJwoE&X*}tc)QD6Uo0|xci^yX6v^u4u5 zq?Z{7lQmPlyOD&z12l(Cjh6Hn9+=;CcGTQbQc!W`ETjDKlQ&0n89H+a8(I*HoI%xAqoj7_^PB(qhEh%xBjmz3#B#uw6$=#*jRAlHP>KQTf;NS|x9r z?)5qP6Sisc$ui-{Pvnm}ch1bp-POu}uDbmm)U5dv0raoL%W0SR+IGjj_*M`*Q}#Pxo<^$Eu%- znC+^2QzG0S-G7$n?$79-12vx$M>(jz&Fk@lxuU}k59diQ@*d95 zd$8)^f}!sor%lsSj&l81j?(|hLB5avyZlJ{&qObKR@46(kP`T_{@=f_qg3R7k_#gL z_OZ2+Nwrf})`kqK-F~F@;!V{zLVu^mDU9lNHIS5f~~GZ?3+YC(0}qklK18%N9J{Nt6saj<)*$HTzCb$XPe)@ zx!aaWU+k5eM(Uj&X!ZET1>W`5BSasKX1{-Mc)4VS;}zZ9XGRwn4!L!GX#AUgUB*2$ zPM(+2q5a7TBKb zOiQadR0?D6x5hp?V>eJ^ z+74y}uQ}!HBBxcEo@PT0v7COIJ`?v1DC#n%>7I@HYr{|`$^`5h-p?=&sK$P zEz9ped5$RThP9=$-oA;SfV2YCuV`}jKeEDR7*4nsJ!es&*_@zpA$HfBZ}7VJ zKtnVq<#BeKl5K6~OiR@}JgnSJ_x8-0i~6RoI(z$l|H|4j_o>wEX(ygkOc@!8{ii%Oh2+RJ!`!4eqG%eebV*%h^|Q)+#%0e z_HMtiz|jx(mObcL*n2mUUxo;PC-c;{Nqe{Aro07M^a=ngV z$H*<*oMCRqbEEAH2tE_oR8E#zB^ZQ@Qr}O{qh!t z9<*Ru94hn9;Tnq`GuMRe>3;E<184t%*!A5{J-Zi^ZCG1orgPkMT+oKhf8PFw_`kuJ zygMK7-==iAXl+$9`QiA<31dn(_j%Q$kn9?wJ*|Hwol$J7*_AqQ+a}4@16>U5H15`H zm~ynjvZs5Z_a6^B`@{uKTed8@`{k$9_We#=UXp=T4hUU+{a)Szt#vvc?|rX6l-e0m zTjgA@i7$9r{gk17YxddD+vL_mR)6-LX=Z<6$nw8#>%HrA?nY?g+sx~qOzze`|NXX} zVE(Xo@#()me;Zs>*>mdbtPpH!qU5jV0kQ>YAE&)dq#Acmd^_XB9cj>x&)<^QIGb636k7}6j8Jjmh&HKW;_zq*T-yE3unN={$D{SzGThpiP zN^UuGN4_p8v)7A~Rx^_~kL}m?&~4p;c^520u8eqO`Oa|Rl`-3?BRs>yb!R7T-qFfp zY|O{`!uiKS?#w=veNn^aWGTm?B>L?6D~T`j`yP}mdhOLIaN^Y+#}^Lr=2VqmS+>HKc-j@#>>EY3MtwSM>ebq6Rue`Xd+ zoL6%bH;{L&&zj84 zJXABktTdP5 zeI)U)-toT4dWA=NP2bfw$o_rA%B#ZlQ@0)u7;@wGSfi;K42zZ4tyY=6zG*bzdWYCf z1$jeLTissH(7tAOQ#-b;AT~{-MOWT01Ca?AIqqxX%1 zQlra_^Z%oE>p#6d;qmg*o717R&u`E77JmNYa@zXO@2=;*{QSOpH0`gNdozW9eYkD+ zQ%?BX6#mN{d>#M)=9C|mL7VXZ(dq6CHT@r6|K#>l|5ricKlDS!|529DiNEs~ zU6B2$o_~fL(+%Rk-G0dEO>~kCAq`>-Bfy1Fg#p6ni>#BRv*wK zf#K%q;_~GY8FaM=y}aC+2@F>^w4R$Go-lUE9=Hg9P+1Pams@GeZFdIB< z8d_`Us*$y-*Oi3J5htf7aP#mez{WNobl3>;8|zRAvu*S|xOg)fUkm(D(Y@&Oge0L< zD$Gns;(V#2Mm80|rPPr`q2n}+E@tDHuj>VUYaBt1op2REcmmh}0$F@@Bak$X=Q>FE z+*E0Dwm9bt;J7qGvQ)qkaB`9olEpdv#;4`d_(rOON8ZmD*2%@Q(UYRokJ{Vk8%B{U z<14ySdy#P?J$=pO8h9mM!@aqE4a$MeD+=s3(#_Xkim21rP!F!&^shmXYNfA6I{F&? zeEDnvG%5mu3RSCHd3oJ|M&S6GLm^d4U2V7<#@8&6QU*jLy)*($!*SFN_tBU@QLhhX zV<*$qo7o6n>-B-hb2JQxOCvj_ULUwmsF6MzA>~c&3suUJ2?7L1#(?=eL53tDG9*DF z5(=0Z_{%7n2|?UcPBvfKI6hP<%oqBLf+%;PfWwysx;H#26&e$y|CRFge_OLA^uHLc zNGRb+h2s3b0eBPoAKX^g|2$k=e#Za&4UB*NqcpxSnZu_cGD}O&k-sLDFfl zJSmqZ%lDu)zDxeE?)$ID(EoPJ##fex?0+#rq4aMfpsDj;&;HMF2fh2J{r_(x{wq50 z7D>3EC5XKPdxSXebs*|=jlh` z?th`5?>qmh`cYGOXyW`czy+b||6#hi(SQ2?n?makxi35aVWhUC3;6l}{Q2|8KR*E# zc=Jcit3UpH^XBdI=g;pwfA{F|ll%AY-??+=#+`>ZZrr$f_3F_ZFE3oUaOTXJ6DLk= zJM-Z1;lt~Gy|d~_^`1R@=2zX=zJ2@V&6}tFa=D_SV*Iv?D_5>8+Hh|1;>Cm4oyu8# zYVO>*qU9$CE%|lo)Tv43MbMX317k;f4VN29SoXCJkOm%3Ds#TSm%R5*HU28XD^B>#L`yhf^*z7m{`@#2BLY z2pvrxcbMGC1H97Mx(O(_AgGH?(LHm-qO~ZQr3&?>;eVL+-QuYOI9siwaRsN zyoQc->jl~x+QB<0+GOpWq`f)|c4+Hq1ZW!^BWbp?Yi`r7jUCmdjm@Pt)YFy@mNstt zg7vKJTU%@BwY9g<34#hZ7A@ObYg5c^+gp&#TKdnbrehlV7S^NUL>s8V<3>4l9TT=M z>CkwgbL&0v0fI4w2JQW?yU>L}U8qJih5j}oHpQat)i&{`_aD$THjX%&vBCf7s9N)m zQ6;*+ORTjGJNl6<_uc6?HY=oc!Rhj<;!)ado#P@sg9@XJFzfPk5_{y5=EfGA3(5>A zqYYXo2ARHg9W{QONpf_`@2_4=uGqW3E5GlzFc ze=_O7>QS2eJ3J3Fqoj{%)-h~e+pA8io}>ny4~Q?ny`N%fzWU?%{=$uVIu;R*QemB_#R2)%#4|RFOz;Z(>}f+&~;@z&-^{vQpZ7a z%rAew)3vazX032uToSmrBmY&IZgbDKg$BC*shXPR{?!F`#$g3FO?86G3p99a(j>Cc zlPM2Kn&o;~1)An1HU0HZmx)SsU83KxM=TpwzSwS|e^HpR$Mv#etIX>KfyQ0##K)Ho zyFN>|)p*m#qbG;1p1gEQnkL4zj-<9Un3m>ynoM!N-s66&-bsB9Yqs&Nq)hZ$zUsl8 zLFTp(T2eZslPI#xvraV+AoDETeC(^%`w|z9(!?}$$>n8abL+RHR*NLjuL8Sk2azt0 z?98nu8?qeB$i2(vkoTJu#*h~3o7Pm5O`cv!EHY|QGWf98RQ=mM^Nik-{0(fQPX|`) z{I&04lKTXDfu_^j(?y1>v`G}h_HV1$8txFG^LMN2)X{%$y4T-b_!0Z;qxPL=$r*@IDsWPaDubxFG*>*A1Tk zAL8|?n@H2=U(Nml1%cs}fIsuU>rnWQeN!{^{Jak z)8}8!{=It2cM-+uak{z2saALzQ?`LB})e;D*%JpWMXi|(OT{}JT>pZQ-u z4E<o#QmM#^o0ZMWVNnBx5Vk6iI>qISxKu1z_KQW8a`U7#G=LA5oX!zLP&|t# z5juH7u7MMSiblnI3X6-2b_(v%GrSjz8k{HMfu5n%2_0`37akW8?AM#i2O||1lM1oO z*eGPM@}sKO~=@oTrn@1gT>;$b1IgUk5PFLwCkVAOBM?y z!c-{&jf#medjUqrB=CO@{Ljbe4i0u`+7f9#pX-OCnvD%f7V?E+@Ak4(D4$^%+nbXt z<>hc2x|1#hZ@uD1NQjFIosK_}!-GIAZi+YFK;C8j`-(@s@IQFeSzNERvzUOOp*sx? zfEL;*g$p?jc;uXSHU!IyAxe*n_wP->rq4F{OR2bDd;f@g-I zDaxj&_P`)n<9_r3J}}ckFfB1mN=#g34DcDox4DU*e z+9bgJ&Q$0jkLoil7dC@1SJBov9d!_t;4{ofpGK2yF=A)YWW3HdpnFgs40wr1w#!*S zp&@O8_~C*jrQw8`)jkCO!_bjo5mXvOA;^j!IV!(6%D?ZN_d@x@QCg5apS#d&9_ta=eP=e#c z@xy$joFqOhO$sYUm>UM{9n0mVNYh#FbWbcvCX*`*0s$#7tR56L*veMOv5B%m=H1_ z@`aF@l$44GtyATXyV9|AE-x)z3ZP**cvLvcwGKoMU&^8q?4C+YjV1+Q1wkf*fa&RH zD@c-vd@!7+rVIHg7~T)YNdkt6N%$O)P7s-qKL=Qmrm$1w1G{(-J-IT`TojmtFVILf z2;5RMXV!t&6b9uelhIHWsND#t>%dY)FM$oL7)`Xpo2L#SD(6(;1!# zfu7D`agneThz9@&shnik&IAvTUzYF&!$pwtefQG)5U0G0{)YT!SKm)#5@jPiQ8fLY?&C&#NePJ z-k5|oA%h{3V(P7ZsD4r1dj&@Z1joQ|GEi_-exYx-2Kx4DsBa{7ImtGTH^W^dg~1q1 z`6#p`n2GER(D1WO!*{ycMfs_hpDj!Y6RNveejecbDb6`M=5@)giUV5L6uN``3mZW7 zFvj9}hDyz3!@GF7)lp&>7k76rFI5--cohnaiQd2ohBd9W`O?2SSDsieb=05-t3E!y`kn*qA^TqUREj`JfR{RE!-F$D&3Pk5e(McX&`-7|Y!Q3kwbp4U1zj zys&`oF+ssGAWnwGMzaHhSqwVtbGCf1t1=!rg;X4M7nOF1DtryeYLJg9E;g)E0s-J6 zvDn^WNGeoS$a2P+xT~iRP&1syITIwp9WJG)USXm}h$buAz?Br)p&~B1xw*k5c8dI` zC;UXxr1I|+r7jqBkIoEtFy<(9UP%T|Ajq!|A`>5786aQ@Y9Im?Rs#{gq6#ALR%H-D zz*PYe|E&h1&#*cb1{AtF9QvrLGjLBCe7LKwwh&AMu?i%r*C`-%>WD&1QE)k#Dh4|O z-xctwq~g$(_@j)btC%vrz?A3;Hl*NAgwlsbQs&Zxe2yOw*s`ESi0R4lff;VDSX~D) zhOEph)a5`qmr~`Q3_87I9XyS5Qaa8umARy={OAB=3XBn85W+Mr*fhp38Hi5-Hz!yf zEr7;WR^_@7ss~acI=ZksGDF}$ZXOU2F<0D?84R=q{sqG)mdpqGz{>RlK^_BxF5bW! zN#SB7-{aCY2=6~|Ah1C>fz1l2HrAV)q!<8*i-Pgj5gH{d$qqQoTSbCQ5lWF1ts+3m zWhN$5Eb_!A>*DQdoBk@JHK^Vl&gu+(;V;dy4=?#K(P37GIn+6$3;1ckhjxHfQ zet1epmmpWVtEXb)gbJlt9IuzK3)TUS113yORjjGf?)--aM=GeDlq2Fg@wpO-9o8!_ zMlt$-%Z`G5q^y*wpLUt%{3R_0(G8q-eu2O!s8Bsh<1V+isLQWR7guPkCU~fu6mXja zH(BbO!spWh!-H7h`S9Ypy3w-B|ZzbO}YKA-p*-~-!ba=9n?#zV>I>kvc~xx z4lZER27HZdXYdUQ4OZs3K*A^Jtu8U=S@(ik*4jUX*(C_i?# zR49=jX*oS%LL=2?0ofAZ0+I$=x~R1b#29@whthqtqUk(Ezz^Oy>Qe`UUgh;30GiwwP;V#91{Z@ZCR63r2lrHK z-Hn&hz}Nw5ts=nM1S(A$bQ{B!+ildlj!=IH*^KcGnKsemhC{CRs0#v?7L>+zo5_=`2PbBZl zHJXNX4Y?834K-}aQVh~8agLS9R2JWl%@dc$fwdC$nH<@54ZF$rA~XyD4+9)^46#A3 zxPDuva@*|u@<^bQ$%ZbCr~c9uZ(7!p}8fyK!}6)-%)8YXttX28<=BS!1RW;-0#pL@uc# zmn9gTgejbS`2q6!4nHK=E|jSZQd2=#`Uc@tMz&yjxaA-8c=$uQt{lZKa{mk(iEuSA zK`p@lcDASQ!isboY#QnE7mGPf^r2}Vrvvu)4tbn%gi>G*>LUHig*_iS_nfW=;BIY~-} zPq3`P{s!xW1U^KtVc}Kml8$a6so?FDD$FTKQZS|nprw0~G#kFESnC?J7W=?Y%vE*<_M4!#!cz+Ljd)lHwx%rI7Djji6Q1lh=2p1Ke8*u zz%M&YjN7}hG|-cN3`~qhVQR=gOZ5xM7C2(5AW@(VuCUP}ScvUi@3=KU_kiHXqNpHc zf-ismoB0Vcd)FN#g1QpGz(FQtWj8rtRX&BvMr}C}k?%#KU6LOgOXXyuunSm*6}P&BZJf`k(?VqvkpKIARLiZ=iQv&iYOsUnP>SMg4OUA!@xWEr!%*pAvWti#iN{0(PK~5yP7AZ{O^5F@(2g8-_MTPhw zUNV-6>ShbTx`O3`Vvk8c=vO~je`nR)8=Wi=<;-jt7+9j(l%*m*m@VL6uyLn}h1nu} zZZ1?mh+fJ?CT;nK6r~FZdz5@d(5Di^BOsUaHR7k@P&CN=>KfHaCyL{RZhnizr}7|r zRL%uuqsY2zKn`+;z_ogRUm+5CG>Yzq7#P73T|GTK-C-LM`|6+MgZ1VF7gSwH?AQdz z1<2s$gQUe&6}1pQ!hkA+9S$8*5lEexNTGr6c-S`{1{cXmgI(PX)V&mxNFbwr?uz)s zx;V)?1)w2RE9iM0#0v4K?h;y2IfZpq2}x9LgXY+fMCI<%(8!HScmD&+A1z-pBq2xQ z%iIME;z7Oae26nm!9Q4=W8oPb6(1iUUs00pw}1gS!Jl>tmIMV8_Nf%;AiG)n!a#a!qxnQM>xit0ZI zvH1#M@lXd|!|;N&QVm{+^v1y@@C^{cn?WF=Ho^vvlt-}CyM>2~*PEaML|Pg@i3a9N zK?a%@is-K&rvcb(#PWbc-cX2!ibX}{&1NJs<-%A!_m7uX)8HyQg}9d_^T1Q-QzA?J;0FQIZk zz;KI%GLZzih}bv~Yp$%7G_WU82wg6CVZS&F#Br66)E6Rml&69A8|qs=75q2+!u6P@ z=7PqQ+ZPr29*Sj?+4HHg5M8Q@uz52_fQ&?J1cZOUjf}&g1B@`Qys6}NmuPVR zLgTO5WB4f9BHZwW>&9GyXb=kxX6A-CBJ2ZkCJu?5TPom5N(;n;#oH6n*>XOq+>yNT z*TD$NT6Y18PQp;mE#!%U^+gfmqzqmiNs|YwDNdYxOnx~>9f+|9!>PAv_pefl`5DP*PpG-xF z6dJfLR6!oiRY!Ci50R45Dx|3mmdo3?5d2LLD}sOJhfeMVm7h7L(wRdzG*6*E8-l!qw@$3*j*t~ieOyz`c}mLd`I6n$CEq6WF~uJAeqLlY|epF z+OT@KB7>(0_vMMAfmh>di%<}oos`LgTs$!s=!5{ReJ~iF^X=^h^F(%zz~Fh{fWz~U zL331zF{~>M06WFoO_Ya$C;}1yiy8pIV@mnINQXmDl5~N288cU(0!EqZx8lf zDVT&|7(QO>1Ln%=708YWN{H?r8^?|a>>d>SEt^AW??KrUl%d(vudgqyr(bw9hWb+8 ziZB)yfnK14g@avza4Po(fFL0dRsa`CxZ|LhDR2)FCp-|D`_r@Y&RM6^JaKKNe2*kAv+o= z2i_RultRWRM(9*ZP~zdYb&1>{t>?=EEilh%Jt9W_d*jsW_X9e-BPz1td7D%;%-WegOkt{%ndJj1E&I{*`Cg^&KR_ZU7o^qhFS%vX2N$oiot$MP8SMc zFb;Ug(@-2I5~Y*D@d4eU8WmyqRAl$?3*q>M!0@;}X!rV{iVVRCGD8z;-!*|1EH5U3 zx9^s~0vEr88v@}_QfTUcCT!mo9&vLRI@G>ff-gh%>4z7PaX^(FSTeMtzTpQ8;T3YK zprizju+RkGt_eP&2}HFF=o3Z!irG@Q?chtLQ&E2^7yYPSROOD7h*}uKWQbE;fx6*w ztiny3zyw=cd;2gb;(@!Wxhdi3<*h6h9gP&;z-8sZWMcpx;d$8(02IPQvhTx&$!95} zi$lQEB$nET0G@^sdkoc_P*?`*Z^a=1A-oQgm&Sqjsu4v;f(7_KwP6Xe`Fwl}H`0P7 zL$$4K-FRy78l6?O0VNB7oMS=V6nRY; zxhM~UwbB-q73ru0<}2kL2phtym-NP~i*c|(R8>G_U*e`NkRX&#f}Ba$*}>#W6_Nn) zqpUOs)yb(&T#gSk6=FWJClx1B)ePARJ;84ah6e~` z5J4Fw@QuPZ*#Sf04O|Y&AS2SnKtdIQ`yVc+fNdRx{K*2%QA0xTBpNf_;XzqM0h11% z;UK6+f}(9P2(Ez0bP$Wuyus20zoGC5*h`^a2gFik$_Qh!FgqD?6WD&f(RG>B0krN- zPOG8t2SNb{V2N441w6LF4Z;CXG%N;YM_}g3!om3%R521@NnE@p4=zkWWh0Ox>cbM< zBrM<%O3Ma14C5-YGXYKDlt8JPxEY`~Q5S{42`5PmVbEPLB8UVKBku$1sfZ<@(y(Ed z$YnG6wp80KIH^?HjQ{;7F9M8aDE%Ua2!5<*RaH9VL`4`vME-9&eK_Hf1uMzi53+*_ z;V|;DY<|80a0FnF<8h4vz;HvLz9U?XfmN+Xw-mut@{B%62@aI2+>j{{!U5Z_!othO zRS$fd;@uIn0G?6sX?R99ip(-Vq*M5Xf_)gpp@B&hJf9%dDmEA#KefIXiXs-p(v$?Q1l*pFqp_^CXOSV1ssC}_P!GN@-mUW zv~OR6BpN4Q2`-hAll5l~t@D&x%X1s+Hw>VKD78bi_CPSidg2kD4YdwdYTZ3G6-7KK zHI7ygiLXTr!Y%MWehSbMSix_{3uLP+!xRYh2vax>LC#j5Xe2j}mkjw+^%tM5oU(wY z9H0W55ZYt zTt`q;K+F}x4DG3M&rAT#i-rf5B1=OiCxeU2^)f#L9KKjMwH%4;@F^sIdDI;U{-`Km zotn}B5aGd?8`Z(jiGkVLf{$CS5}_yur1aN83%ij4&|)kWhJrPKam!$F1{<3!asp$i zK#hm!5~jf{K9C4pqGI)@B9oRg9**Li#07xt`ABZERa~emsYDbT z!o4Vp+e+<`ZQ4aCjZWD%{l6ti1GWAN7OpV&2GCTUDuL`c7T`@KhXSNj{N3_U?pK~X zO^DZ?3X>LHmQaE3Hg(OI@SjqF=Yly{e#Vr_5QBt<2Z*3h9td#_jKrfLWuT~q7v?F~ zrtnf4UI7|zl~ceW=4PT;U{w(Q`}7B}_XA-H2*ec2hr+Ravq5U$^XjB<0%vM&O+0-_ z$?~kMa}b4|0mDhjIF4zV!jx>}$OJJT3D*)D+)IG`7csp27%xkKawpJ5nyb6Jrzf71 z1lj|i;|xMNJdzK#I0#Ua04)+^g8>-wRnTRe5dSA(_4IJZL(C!58xJv+B`QNGcrLC= zKyD`|1LBSFOv3*(u%4b?Zg?0u)eqE-bS#DgaZzAsg4hBm+6V*}^I+mI(qIRCv(oV& z(STtGM-!PjP%K@hPR61j30#~1hTY6`@%)mLUY`Er43$l#T!qJ1ei;g3IMEqS3|E@` zip=L5iUN(3p^g{_1=OT)Ve_U)z%U3lWMTt5;s#|QE~+T#|cO2tO;*xdghXGXyM|HGR>x6UVu z<3ROvWVVtgaVN=gJXMQbBmWY(${;@j3j!(yW^8mtR=FK&7{~E4(KUsu1YSGFkClp{ zoVsIBf+KjIhM?x)U_%|i4G2Agd$LZzu@q8Q{yhk;LOD@B7d%R!PT*cSxLsE?o$d&( zrq00$omH-aON!wLSLCJC)jLHGDZD!10<5#-BXd!lFkFxW!EfN^3L{_*PjKw%1KuKq zLInh}M+m4g4CmN<2;SurP9#u_z@Y>xHa8E7*V}crbFjgq(BV-z5}+%%?r7JM>BbDO z12EK{!Q{`VU3ZjUSL+LdzEC%~j|{oy08V1!wzlw<@W|1@ZDfbpp-I5SIs`Ht70sbG zeFJ^NxS;U>FyJ_2!3y+Ll$}%((?CS?q%mn}SyEiIRZ8&&5}Jv27m@jp(_67I;R(*5dK~Be4YM4r6p%V{3NcX zgKAM{!fV(@FOSK=15zQvCIpNvkVu>_GiJ&*G$bIRs8ZAwuB#A+PI*ABY(PRF{^kJ@ zA;^&RD2rolY9Ks4{ySzC&5?4_gt$f}8?I+8yQ#4V$@!Zn72GK&yc}5}8dU#EQESFoqF#qaaf>KJQ`bOIheq|)8QeT`Ba6#JA-MKpPh+9HK9fd?*5hF1kDl8O>hJ!0a$|Z6Y7ZK z9w3HSCP<1PWAp#9_Z8YpuXWx4X2}RIDzq|j>eBWW-%X_oCv$L}^vr~YakSq_b!Ne~P zcw_;7&Xj^IODV7d$x}rR_<&YP!pJR*ShN*L5(Gpz5U(a6baY-Rm>?Jwd9=aRI(n;K zCxZYfmBRK;QGrGoB~eWU;#{G6pxp%V@o;D_Qi>tTzBi6=NJrmu@<(0z-TvNn0bVP!IeXH-oAs zAi}52Agf89kdz4P1iPXF&R7yNAnz^|9l*Z}v(=MZ4mP4$UQnQaNcHK7LAQhCzz)uw z(u8p2!CpPI-tl<>x+zbk#3>HQ;EB~?&>r?o7Q+GRRjE6#IzCjlg2=N5nsH#TT5C5_ zN`7Ug0vO4Ejo!NQx;k{#Bsly=jZhpyDzR>%G6G{}L~R4EPq_gP(Fh!)AgWsMLV-!=^6KwfFsxqSg5DYe(gR%*xMavYqU z%1wL?lNXEa08#JiuK%=+l+CV~x@fpIgJ&2ZR2rzm=>sBX1o9&xf=$pD!k-izGpckx zEY(K{02=-_Ws*k{X$_FWe_4Mx)tMS;W&k&;3S>Tw2xl5-Cn~RX8Zsg#;6ftU7vRth z%n4xJ13}N*JJ=7Z5W+P?&at`ZPB79M;072FS~ICWJ&)GLCX2%1!dd#lll##`aAnKeHIJfs{9 zk`S|E^=U`C7pDltncz^8Ai(*f3MoF2-Jd{(O29_o(9(vH zsM`Stc)S_)x<|vTwBZUGR2@rH>=eXw`tSJMsE?e)aJGjSU1@0=mJ<`O zft-}_=m9>Y{YS;>aEBTwqrgCX511$h)!lwYZ=9V0X{{gy95~B>(@`4AyMcRV2)zW! z3JB!?rM=-eF(G*e@+(34S->fz!u0V7H$O%O<)yF+7YZ4dLnXp@ebo!Y2`vJRWu!@a zKThLeva}2_98QNpoKB@Q{;wlrM~)+Stfq;C$wIui4Hhhv!uE|8>@Ox7Cpr*K05HEC zEC6B?P$CM5`9bFGU)&K#E@TiTlZWG8XJNh(ieO%NghoHg(Jd)y;L-=d&{VPqDUg6- zS|O8WIQ?6gbO0PJK*%R5hK%y)$N%W+#D(oLyTh+w(yD+el2NO|shCc{sDr~;82FIq z;5+fpi=&qF*S*jNiif8F`ZdH%t96@t^s4 zndI{CgN9wf`{2%pwI$vIh6qlWWbR#z$ca+XFDUn}WQR9}ph33f&yG~G1>hB# zalr+NLWQKaJ3DC zMdNvCJVnS;q{k2Ge+U6l$QUjFFC{3tOcFLOace@+jLPMq@>w}yD*JMi6V&e`M_#RtJbI_KNhWv#-kBY^U=10)zcAlzABs zpy3C_CF4?CX|)Qx5;DF}aHAe%fdW&v5|wYql){7*Fdl#yio7lf2?oBP3zUcfa&9G2 zNjyNV9ug7ojl?o|eBvJzIEJGHc@E%TO3_yiY3Rrg`7}m^hN)gJi$BgU#UD!gfcf#f zechvc!+m%mJPbcXWq|O6e1_pLzy*sJCBsn|^4WwO6=1C=Fh^jTz?)|Jjf#*$I8=O# zz)%k7G6V)`3WJbS2GnILk2SpCL|2LK6Kb|bh7i0T@TVMse#?*!v;|tBhFUXdtXzXFA+s4Cc&>h}$s?1lk_gerUy6IY z;Ff9zizuj}ZXRvyr5B|cRH1SPFbM4mAo%cD_*gV^xRQ=3VD*Rmv_wBiTq6$|9M`In z5Z@q5QSz0UnN6FD&gJ=Q-P~{ZdHSl6RVNhlSw~bdsH=31vVJox8YZ)bCVA0m3 zV}i-zJXozT0cGK9{Cjz@Cdby&ytFP+B4%b1><^@fOK)YlA054@btj@I}NKC{PKTvNqTUOyjwMfu4>BLItfWYF)+$lBd*dQH& z4x(O}Cp6zdD?@W>FrCY#tAymr|CnaAD$rMpXb7SWh5Et-jv#J~^t#29lT<~!KR`UH zxky76>3AVZegcP`Ffr(#G8t;MCW)Y1#0SWA^X(N*$S|e8%_^w{y$ld4UV3aiR#$V& zs}>fCrN{H}LHL3yIC7aHK?W6)T`-hU0u}&1E(N&#LYZ4FQ%pG`XXB-I|6vbMdKt*u ziL&W{rh{}tB7-EV*sO%)nz-UqWl#PI8&cr{vV13?s^2+8Ur=G{98}92I0jgTPyvkc z-OyrFswGLTE}TV_(twI{Qego)(E@2i4MFat{D{6{{;1G9E@!C|NUC$# zIlzihEujkfK?=@N zfEP$9T~#)80w6I$UK+d%SSPN+2!O-|L<1;==s-u!F{{8%aJ8@l&bA>!Wpo+rkZoww zC%G84QxB=nmm##uI~WRfKy{GHN`v(Mu2e24Cy_T4{iq;uqe}gNA}Ej~B_3iVz@t%? zj9fW7qBM?FS9sAou7g)x2dZsws1M|v;Sq&JpkxG;u^{^aR{kugXd@8&;IE^6NYH;O z0W3g>7J>_G%t4$GD$GJYKFaUUe;)(!P`HMsxnBT-rPc7T=yW#Sk;9=N4c3uM z{0nDj_%*r*9}0Sa$z^gmjtmN&!D2I66pT~D{iqNeq}6~0jZspC(h7f9-GqdGqHjN; zdh$Q@Z-w&@Aq`A6%nB#Yhlvu+{=*T`ArghlW>+@<3=V@?X8t*BI+udc|6#k;dj0?S z{QC#`IXMd+Q(96MQYax)%MJ9l zEYNMRb)4~5j_x?UU1kTGY}>kh=YoU6u`^em^;orH&ANpf4K_!vxt=@WL=Tt1&(pm8J($4Lf0hjkADS9&6ZynUt zVepxLF;m+%D2X-lZ(+EvbK{~$j7j&nORr{!TXve!wnfekhP?HWo(^l9E#4T~bm_2> z0s9O;jcFF({CZ1z#4Sl<=SAE}8w_i6EQc<$D&{=59F)Rdt=}W$=~UZ*A+2AAWE6H@Y_!eMb7HL%Rw8D%%b%F78(VC6m~HSSCx4aI%Dp3;vf~c+ z>AbGcc=-k0Vzc#4np6nOWBc#vMeloMShQ-*;JMBu08x)-=`XeE0 z*H}H;^si4o9Xe#6O55IJUDDZ-fbr%RlFyHSKh6CLr*TZyYMt86L)ZT~rJ>XyFtI5; z=6@CsLJ0BQ_UX z_Y2Inv~1BRdU3a?;FIN-j&r58O_pYn-)UBDZ5vKze2Xz_6X*A9|e#na3 zqUM5V{tV%hVdL#K%t;&9F2?kHoO|)LMfKX6O!j{`&#=|SrgK+5$~)@4dr!Mo^OaU! z4_Zv}n>BLLZ=HGY}yxb|}nBTI2OBXy@ng8iPyOq)F+CN>@ zZL2|kyG;*PJ~dr4`N`9@+3hzxUAJvlpQr1O*ycam(4dI>^x4MKejT1~Iv3TAr%Q3I z7PtA=Jyaq8=LN+nA*WZWB3YCPCyn3~!f@!Fmi(iguY&(Oa=ENB{NE963BUROk0Sg# z-YdCOa*NWilV6}81#$aC_#dU@8O6jWBOx`1qC?RKSnc4}3yLu>Q5G+xB<_JbIwe;r z!zlIZ)~#EwZvA@o>YEtWGc+-8P``cy^Twv8=BB2NElkYK%*;(JEUcO~Yiea-V`FP; zW5YxrC-q0CzM)}#+993hhEds)icqjv^1^7;8D%GnAaAh4`zBb$_=-vvw+23 zzxPbMg?z|DZ+^ruPNWG%M^8^rr&cZEO?a1LqTA9`kHOOybV(mfHOoE246pTS!Fn&& z-rMpalNX+~;g?*Y)YsF29_yJKhgA&S{yl=j`$qUb7koE{is%Zk;{n*u)k(vwKi| z5}Kdozk2;}a<7JGl9e?1wXE!<;R9|vnbs0778cEIVlp&%VCL|=7p>}!iJ7qF7R&9G zVZVZc#%UIUh_+4s7_Ku||Fm`N?%h{|H$A#IX>BIU>a6eT*p<%ntTUyb<{yksFKi~< z@v`r*wTg$yUH_P3Ww&O28@s`;9*%ANdCLcbT08zydz5GW zH0ZVT&7;F6G+%=q{nDNCT&6@Wc%cc*2vzps9fHJmkn#R%k}iM+HmTy`A}x9sLZ$tQD-B2+{K#taHOljVtT8BOKq-pyw=jHfn$!%M!H{r*^)XB zUdcvS+Vu|=Zaup6xWdf6AmiebMmaeLumtO2MZ3rS%0?O>J~%w zV$-en-u>&gVoL8|GsfP1*STXaFHIVfuwrWO`q^hUVPBm-Bxl(bP#dRt*-WvYQzPLusx@@O^|Z9I|r=td;WBLr$|jF{_Ka zb($1rV$;s>EBpPO9qZ2<^<%8^bg0#L>OGUFC$m=VnELu!K+%?q240WG7mjxst5dYa z`9;%(OP088UJJgWP4_I%gY1>kTgMzH@(cfKQX* zE%uv^Gwm}%GElyu-?(_1=^N_M8#@iJPMvzZ=~TP(h6i+xB;R80?a=>m4`ug5de%c% zES%hrcYDx-q0I*$H-9w$+Q;AG*5;S#%T!j&WKT*X(1 zulXSDa(6ASO@Ed4R#%KFYMx2VfT}+&h;90h`cnY7MK72(*BOi+j!~aUkX^`G{kk% z+FSb@T+Lo`y>Cik?jz47lnisf3s?3&=zr&~;gSUkTsuycV||38m6>DXnz+hwO$qvo@i_Pm9=$4~NdZfzfH z*YM+qrfHJ{ZF*1KaNg4}2IA*wf#k zr$1%7^NRa_)t49W*=M{gJGizVaL>y0F)M9Gmi@W&FgZ z0q5#(UfnI!&icWp7d;$qoS0;Dz_?#XOWB@;>-SP?6|HYs-+T<6Q+uVc|9&^Q<%1*j zRv7wy*)`;e(X_e!ZLd5on&g*aHLrukTHB>v7i4Xca@WvatR89?ZW`OnmhBgBvSQ_~ zM#pRKw0<49XMN*sJdM(kI%jAGO4L#iH0+E)&G~< zZ0Qhg!COfm_CW4@d)`_96VEe0=PsW-zEQ{|-ImlrZCgZTINvrKHq2+cVS9&RqbcVu zzHgH~PHdEOm-Xkp0Si*>zdmFK*PV7C>hy|89hbp9~}F9 z;bFy?);mUZ${n-ZZS>)U+)Sr{o3-+}_+DA1dlP zIBi3RfMNMdY}&ZEXDm(35GabbcXySoTGMg}quHj}1D1F)*UDRWygZUKfy0S3=;x_t z<$ZhDuI$l$Gs8{{8`ZSYQ!_KO=3X1d_FaAG?)j!0yK}HDh1)D*2U(3%Y}hh6`!S`y z)t^x_F5R1MS@gki?~1UBDmg?tE+RUFnrIR<7OBY4X@$#;qnZXXtG?e|P`9 z3HqPrJez;nzSdQ@%wzW#r{rJz7@>UJAur+Xu#-BEJ5RYyeSPEX#_QXYbJylR@aTCt zZ(8ok4bj1!R&IULoV_={h0n7S^p|l#T~>NN*Yz9sZZoI;)4@~vOi6#Sd;0W1Ed2V^ zKSnq8ZCmf0k>zW*^#f&p3Wu*`e`w4jUJtQzjpH1n>S~hxetHhwr+XS@V%ZrdQ6xfvwYXFaf(@oind;JzzRq1 zIQVd*$+kZ>tb8)2y~E@QdvaT6_f3nIaOW-@5xstLs>AVxN3ZAY>-22NtW|?Yw_jK& zx9pH$6_aOubM~ZJ;}7m%QQzEnlHS5G2L0K8-CfTb^|sU9D=B@JOjk%;42I9_R50T9 zvbh&JZJ(ZU%&Ey2H|Mm&C$Blwk-R&4vWZLR=T+Hvg9>g&JwD=>D;XTV=APeKPGE8D ztlrCvyM9RK-g<3uZP76L3i+nVtSEMul}pEL)jK-kl()qFXzrbR`GaFG#_28>H+^5c z=^57|Yf8$t2=^moYpY=^eb8VzC(W&>^NKR+1$3vrgZ8o zX>WXdt?{kiuk|KG?%8tvWoG{HNZqq{s9m~5%xsc#c9Y$*3AOKZ9)Zo7;@;Mho=)$O zIrim?;D!F%uk>hVwWb%<_x*u$Mz4+jrZ<*d%Q9>`Ec2qn=#@Js^`15ATwtBQ?#Nuv zpZwUbAgfbuAvQd`{o{p`dvls+9Ly5N$ZxfsFJG<0exKk!p3*sl%3Cd})2K_(B!_XM zUf9juVsy6KH23YD5<_U*j)@wh>-XnQw$9OOR-~+xJ+aZEL7loTusb6%n($@V zqFvKPEi$LwvwMC?uwrE}XQ|I0TtRB_xB>UuyQB;_W1F|OXi)L~>m#~H?)jqgx3B;4 zFL9Kmwzjr*{3WZ8E_>@}vdQ+vnXXN2mM7Wu8PdLRWq97-myC9IJ-p3Zn99tu-T*9~Ygx^7IY+4DC;s?SD7^=)x-gxW3cfV*^I)w*Px*ut)OnP@@*1 zyWN71nmIjS9J@U8W3cFp1AqOb+k0&m9&=8;AvgTX9-TM54>tyPo;uThl+MhC*qxV$Uzcbc~Kggy| z@y1JiGL=sUxZl*dJEvdT?k8(ozxR3DLi+4+Y?j;g4y*W|LeD?{>&@y86DB#f)p6A? za9md8@cQI>`@HaVJBoBq*@`~(Vw~VTW-quqIPH?GX~e#+oK5;+sV;**3_qu1{pxe_ zJ$C4#DIwH-5%c5BUEyFHBu zPa0TsvH!hR?l1f2K99Z7zjn-?TG7i_USy_rvexZ;`Evu)W3g?lV!2Pu*M7|J)S|xI zr+LqJ_4_bje+gyA!_R*%^Eg#}dyw~+j>~8p`VIIn-l54Mrvr6I`#m`p{F-~w(YHaX zd(Pd5T7@;3u~%vzB zdrwLzV|!*Ce3qK7@7K_#!^-ZD;~LFA(&}ETu_@*#5(hgQ}vb z!W>mN&_8Ra3i}TvOf75w=d$RG-}aw>hV|;bT^;*R+iKW<3=B;gA^T4wOEa@ZW@eU+ zP0itB+PHC3>*m%?8@FoJrcJ9>92SekaaDhGj0_EpjEx!^8#gpJZUFY5h9)Kr&6}B< zH!?SG*4nBue5_hyHqDzix53)BZQZ(UTPBmvWUAkHCG0x?uXztA`tZ2Q60fxuLbcotc|Ud7PhZ) z_lCt%H7F$IO2x9-kOY&o`Go7@7M$c0Jvw_nZ57DZq0_`cun z*B3i(?k`_=^#1CEzHa@CUfUPfqI(q?ZqMnrAoRes@f@CB1J;cw%dsEceKb72!po&| z(u9*^&RubII{*caY^R<6{3Y<%^#1vrrqiT77hMisIP1=USs!{|0r98T$`|kU^(rKhqM%D%A6szb)cIzE3|c73@#Dwd#R1%HLm;d)O530SG$W0 zU%$Y66UVr0cy;I8jRqUNw~gEU-t@xz&sNv1hd;j-nBFJCbxDDb@=Vqc-5KE=zr(v; z-rgE9CS`rt$*69ZTMh~>?7t}|+@k%8bMvn?KD6v`*z!BQ-*DeN>~**0O?m9~qBHR? z)-Wv2&Xmg6zZxGCawmUOoLO=KT4Ql=y8;yU8wfOC301 zBz@-B{X8J}`5Un;WS6y7~9&aVCR z*DG@Br|Gnd&wuvjV&H{l2}dsQEh6}#DaE_3_q=~$>pQ-c#b1vcoqL>7&O=dFvswAqV>pF{)A=@skBY)l9*msm&_|y6-tFks?E9u0eA5%eZ6*wz_{e75 z>D`$|1&GKsW_j2+YrvU(>)KxHBlmAV>4?XfF1MGA2;HnOy>FX6f1H1Z^O;ivMjE6oYkm9Jtk2w} zk2?x3GT$9;lg}LdA>C@dai6*~#(ygKH0@Fer66WSXTI-e?v;5#oM+E6Mwm5u?9gh$ zotS2ew@#kgbf!*mojdJy-?$lXQ8ek?)K!qXWjKx2?#vL&5=zf6ULC9?QPNfse~IE8 z<-YDVWA4OQ|J}~qm-k^~ZvNJjceXr#l(c(WLi)5nET6B=GVRjQe8S<|*L>Y?e6gMV zvFX=McVDGuO^*$v@3S61JEmuoMUyQJN7uWQ6)pcN@lN?%aCx5I_$-~6)tDV+zW$-j zw--;%d(4b((0^dtKdl>e*+v;?(6@2OGee8LcW1t~yX9Yun&lT`YZtTT!L6d;u2Jz2GL!9eGgSB}eQcbhpTc1&wjCnR<5#CdC$TExxEbH_ul^5X=7qb;PZ>_xG^Iu3P8Z(j?OQy>&Tqnj0_L%&J=il&E8RYSNL!ux zXNR~Gw|f|U@%6B1r_B(6zb@z%L%AEs47j56Sv%yDEVLM(( zPxA}Uj(lFRV#VS*H7xe2H>?Wfzl0QFCZzLG)PU~?YN!hNj}GR!GUtCBN9J$;5A_`V z%rAuhM}3MRC6_|kvu6)DfDp}r&j)@`hWmV=-zmCH>JJ#vaMnqy-jhOd=A3Zry(8z; z2m7uY=pvo}>go5-#O!|qcE#&oCWoX*HMIJxvHm&Svg@DyTmSnt^h2zFYl<~xPzhT9 z;P$1p^3gAzy1v6EuCRJ)xp3;KqOo_6?kF(OjozALm5`Yju=>%XG0pR~bROS&YvHo= zj8BinUY8fA3_FwWD>{AWH9p^Iwe7|>YqFv#zq!P(nbYrSrNZ^^9mTInAK>rz z|7FvGCH(gP{ho>Z!DlO-e+bP(CEtG#tk!E)$bSqb3w*-0{J%MD5D9<#e`#Uy=UhPY zDQ#bGs3gpwMPvxEP8nhhbHHXN}gtFKAnh?o=JsBMylj-tr4K&Qr~zM z&|He$WLcb~@@E-Z-GFCvzVR$e6K)Ew&sE%8hE{JOW=R$opM?AVSNuFv3)Lv-TqLc$ zA51Oi*_A)YVrz8R$KdCX{BNil7^sy0qdH!YJwqnX(RljDzE;8iAtjyWXOSWeEZ?4TZkb5;7IEAVGYNTqISd(D)EEPD7!Cq6At+RPuXueix$ur4Ls$ zvos|Chs$Kj8tQYE>z@lTe_HY%+mZ3x{#QfT|27zxG(4VO?vg4?5DB5Kn zB^Q!~x3WV{Z*M1Oo_jz3>Te$LZG8XReywo*t1M78)Y+=mKZ{w`|C2*!{?`9%2>ag# zL#%%jiV0<73FXC`4{-j+NzQYV%$>US*xLOU?>>3`?!%|OXKr1-`z*ZwJmrjK3%2C} zcOcvZ2uZ<+;1LLhr~bfofk&sC_Fmu4x9+iAYhO>NdEWZE7bBv#Y&*8B;qi5Y^t*JJ zd}Xg^Tc^xrOR{W?zv>s|*u!<;6$89pd(H#5EW)7Hzjg>31` zJzO`eZe9aU{WN}Lbh{1)X$G}x>FafG-^SITehYW3TPn-a-6J&%N)H&B{1#EZJ>O-2 zt!(|{R^_q}|KN31>%W5YA3CIq`ECFEL41GDYo+UdVI4}{x^=#MDLQ{)!>U#JW5&n^ z_FvesBNLW7vCiw1u5*fBe0Cp>Y1p_8D~CEw=;QbG^wMl>Yokzl!wFbJpZ4sQy)F&u zpAhY7spDDy7S)fw`_{Ud$Lfm@Sevz?AJE;lcVixvvP-{(rOn{3k%J~1G}?N3UxY#6 ziEc&bseM^Cx7%8EH)~Yy_fr0ziTuH5D_sA?Nzo5NEdN@S>z`fL|A);%`M-YWe=3j5 zn!ZD3p!+eo1lQCJ}VmlP$HD66PcT)3vbfW%d1ZD7EgO?Sqf6epX8fdGE z_0NFBe`WQ5F8%lZUjvx08U(Ta$5GtS`iJl=Smz}yO3B(OI18X86|pFJ6iQx6$kvkM z7al7n9iFl3JcX6#CRmpv9RTYeZvpoaMldM)CG;Z|=Y%_@EX@g*7GP(Usy8@1O+3B! z(feluzxXUU&dZp+x6kHluMTv!_+a{|!8Y-QmN#DNKP;TPMe%BfwfEW%FSB#{G#=1% zkW;-OL(TgSAL%q^i23jl6S<>v({zj*bk?6YFSXZnPF{|Yk?#Eb`CS(+X3bo>yuqq1 z`kCuE8*=LGT5eRZMR#o>Ys{`)#+&x#ALwXcV0GrKwL$$$m(RC8W4@#A(cQ~W@NI`DY(%bt{&+XpzyeJ2d6U+Z(2{Uvjg zNVnRJ?4#z-NWbZ0@Tug9@6$(~x=V-EdB;&&>Lnb=Y}QnNkmVHJ!!v8~qLi0kCs3!> z8N@J;@;ns$$7io3yC%2VhL1LzoAk#d%JS_CwiuX?Ul6hKTwdo>8NQs;sRtyULl>Ss z)+s-#Nz&b8N`pV+4vuEu=Z4hU(rzznu{Y{nvXx$z zo~c`LfPDkkkK@iSrwNz!_v-s$L*zQ^63&GcY0c^V8r2EPd>TCeX6hK{tm{3j^hfR0 zYd{I>WneJ*elG?0PyZW3oxfz=Ol`DphR%ov;!$2Bnf)!h^cl&^((&AFA22U9d5-5T zLleKl6DMT|Jx@ox58N|rtk<~1O~-_u3}`-~HX}P~@+selTGRjP(r{Khd*zICgPVV< zLv7S!?s8%Or@5Cs6XSlbMw@*Q()xT{b2Xnn``G?o;UIA z#6d-a1{MuWJCxRIcdxK*VV)a3>8t42Qmo;;hG>JR-iMGE^$B?qwMnT}g0&^~3m9U-rzWW(?gqhIYneMnvHs!MQq@JnK@r4)XLGH(^}so+ck!&-NeN zg7TNAK4oa#_2umr^Ecw!y4Q* zUeLYXn>@Wbk35h4(T=MB%SGJ^*MB*G%j!*UWlvSH{+Ucp+4CPr1pPbzV`b>9(fiej z|EE?G|8HzyU|?uqY-niQ$f&+iBTG|bV^d3O3ya1U7S>H0q451iO`BpZZCYYYJ9Kbx z=+ME#-QC^8Q~l9FnIBCWm^Ex@W)A;C>PVC^fZDimlg5pyb}gF1r-hwuI~yCDcD6K{ zogIzl>gw$3s(#;-i2r9&m|F4wCGiNCi_f5X+G%_w(+XV*Sj`^@MgV@1pA7GHfmEK;`S;lo8yZ@Yff*&f;1?dIT3 z%OCtHb*`&7%1v_UynXcC+k5rqKcNlSyXSR2rR%~m?ML~0_*g!Ek{GbQO=o9Hf92pE zbuThyrvus?nEkd9f9CKc$M>8%TXsmdPrCNU-6pZ&OFD1cI`MMrz@F>(UCB6?W4Xd* zn*O0Z-S$ZYo?kdV%O5yjeZF6s%uYzUF1*UhjcC&I*1a1SH>L~DwR>-LwJ|j`q{G}T z1v)poe>Rh~ygR;!!1#u9k9yKBfB7E1$bZ@N+IF9zX2wmMcut$!ZL+7-B68jG0=sAV z0ZERL-3x{_vu>!w&gb;lHhbFmL3eZtC_4_0EDm_}cjqbNM~|H{S?|Q8U5nc5oIPdlwnls)Nm2`%Mq@)?DeY zA8jA-?6B_1*0Un-_e|Pq``~)vIoA=o4_%ISY-jSyH?Gmp_r~09y9$+2;eLNM*WWp@ zeZ$j7?sy(+vd3-5mIvIO@63hwLnn^wv99&8;SOtB-=EMlw&=zXPs2X!67f-zdI9D zLU|iA@M`lHUj-k|@FNv|${pk8^(lP!_-5Gdyb{VEk5`*VTW7caKp*h5sAKBQzdNKm z7QA$O7|edOaE$bNqp!i4e@jl(+dlDgJ)nZVBaav6Z7HE}8yCJE7#*4%+jePOaE{@w z{5}&)C{BR}%zq6=|5lyhlXl{!RL1j$S;|iU(!e= z>%Ru0KdZ6+QO!5)_0Q%0j{o>2^Is;ss~Yj2gp~N32mF%h`RR>Rw*G4_`m-AAzkK{B zoAq1&|LJp&8u%Um`Ag9JuWh7)^f>JC zm_5daD(y-IRI|tLqTdzD9QYl+VVFdahV@MpDbmD(92b!kCCqW{kN+aT`YMIlO8Z11 zq}{=*yhC|v^{+e!iNFP(PR05{L36Q8?t8@CXuR*bMsnR}4AQ6dkT=0VC zuJ|1VRN{7FFrh3q(JT&F05#Avg<7By@R|UfDT0(K!bC0D|ESv-(Qk(stS^BGKlngj z$=l(o+X)G%iZXuN4U%@?GXQnEiAhCeyRrCW9DsXP3iJ?D%F-kPd9q0APRGQ;B&GU- z_>zJb8HeA9%Pdr19Ik=_Lpr5#3-g95E6jPEP6$LG@Ldpez9Nx&mJk<)Jv!HK1fDgs?i?sWuV(5UM83z+iuj zAMQ%4)lo#aA$DXSR~&!m=^}XU`?WBqlinB z%OtWmm?mcyor-ydhWq%21Cj&yVLWeN_!6c10)tS(!bhu>Kxw8x4B4FAfk4WRjTjbC zM0$o0Pkg1-Z#5VINX`*VmYVG1#e#%X4>V^aPT5W>Y;d^1c$7FvkXYt$HJ(xtKp6_r zq8843=H;lqoFqmoZ;g{?UERih!PWl@u4A>whbP&@X=^n)k`)L2CYSW@fl*V zP#Gr|CdSF6IJ$^=SC5}WoSKRlbTzrBD3xh0G*umUO==GbjR^Pk;RXA810N5E#BF|% z*cm5&3}+MWRD!Rl_$w@lvdAI$2KfMiDyE0GOad7~fRiN1GKF$MvJjIc0fwa*y2N-Q zIp!ymCkWLD6Tom0i4a($;nS^o3+)`LyND2LnnSQv(*%UAo*%@=oSi+~{6fQnu@FF# zyF!xW;l}q3^7W2T-AIIm9vT)A7#e~RKlu81@L|^yDpa?lctMfA?hwU&pNil2Dsw+RH4DEVUG@iwSOJ~m zYd0C6D)xv*y`vEW^KkPD_i)oJd7W}3-fgkN0{~w1qQ`;r`yr(oSAlDag5-F`};11Kr{Sy{&|6Bs-vGnJ;jk-(1IVuy95xPzTPYkrFYju>;o@+dDun}cz^oP^Cmaw1 zcHc@c6cFm&**B(IumB3eHluQM`-cYkF{%fPz&J?lm31sQG$J&d9~K%O!LJ@f0{4u{ zkslfq6C4)ktpToMywY8oo@pDe%y6ekXbCj9K->H`CiI0)M(^ez=-LA zRF0Klp=)qxxbJsh0YKp^qQW^+q`@GQ1X86ykweHF#9(Q#+&tXkQ7lQeP!ykSG&)*k|@C^6&nw6m^Y#r2LNZWbh(Cx!=qilo<3n7jw(lhTQ_9GQZnD@&UWous8R3H@27nUc zuI7Ur=y!w<`V&q(1&<;*0*PuY4>u(5!v3htNfWxqL+ZU$)dC*DVIm0`t>P!qwC ziR!RZFEn|EcXijp43l<`Cz*tyls#pN&`~;X>AQnRgUo^$>LV*(hnSq4} zFM^I#Wp*p6$eBb6A9+Ud78yjva&J z1pje0UuM#)ewo2_vSZn?SkO8LhDc}+&@zj~tomi9>Q#njr!`)s0ZKd!2+>DF$gYT% z%Zl6NI+2%OC#4c#b=OHb*iu=XLM%esH>7!%iR0o$$(l%iA4;4e1xyB-tuX+UsyPO5CQ|>d4)(C+c%?~V2z+HIoA3hdbnXIXya=5>6 zs9_oML`b8p;=*YH1<8V$SZIn!hVhjSKY6$e&MzEpgeVzpY+10`fToYZ0uw?W*<>t9 zBo&CkP?I4|{JF#Buz%@rVW2+3Op#cDDUdRVR3|o;EEB*D(1M-q>1fQ#N`?%?jTBs* z!&J_GNC8Nb_o2029abA(Emlh`G8KFc?n+2=p!nm~HI60^A$KwKM3p+aibJUEON5Py zv<~4GC(`JoYKf^mIFfU67;0M)vUyY{Low8w2+2HDEfCF?S_|3gRtWP9*$hZOhr4jnV(V)xR==#CCaC?PZ$ z5%H(_VD3|T38Wxk($YX|Z_V;!aGY5z2adBni|fR6bmlnI=^R^;1b)v=sYfF!iR065=ZA z3L#kF>J8XJffFUkNloEz#8j>Tm5CC-56ZqoJl3Ds?nf&OyhxSZ~#K|snU*5 zJO2I1H{aXc(7N+f&NQ{Uo@;tq_#oYnW%I-rjxUs zGsBKW2YmrIFi{yyXU9@~;hXO|f>O=^5RU41=`5BLDO*(0E{B1?i^!X3w?fmcOezq` zHBTx!fI5S3tARtuaX4h|GY z6*xAX>Bw@f*1Jqc)D;Gst$G(BC|M>>0$vU>44_Gggc{9xs0!%}x)TnQ$x*=s&etiz zD?HGKKf6(L6{ z6iDK8(BJCxg&@FE`cw5KE6YJC5T_=HlsWh&Bg{nV7%d@1prqm5qs5E*psP6iiabz5 zKB{Trs(Q`9iN2ITHQH2<9L#2l6x0$@Mbpw?p3!JJqW#SsMv0ohZD?f{gAXQ`u zmhI?v!ao_3)$JplgbJ^Sea>0ORW|p#`zJ}KY!T2@Zv6- zt)kOOgHo;u_Q28$EjS5cp#U%Tr}=g{{!d6ED#HbnltR8KkE!J;IB`?&BLp1Mlm@kd zN;$r!8mV>(;!V^puF;n zG%Z6(m<-X0I-JR8Lp|?gIFaWNYBrbXl`>t?N0jDaD~(sAxoW>zXu#3G-z}o1&%p|QldrB;=zRgO<@MUa@51EPBEUBsiwF$^Gj?crpf4ZT2q2*B3A9R;EJcsT zD9Sg6A9VxKBexoN6_(;Xd@>SJ6}Yh?2N{gfNiO_9QI>%`H9{lsrZtWfaMLWVZ(|9t z4i)ae&`O5|N5F{!slcv+RZKXlpyAotFxbwnT4Mrt3X&_9!YAQs@&IH+a>PRA!epQ& zWZG6>V0G#PO9_lB$S%j>+H*K+OaW9JH~72~mNk-Gkg;AxRO%&KIt-2Omq%C#7%@|_ zgbFZoND;cgjwQuxZRiX($2CA85@W$2&EVHuVvuF9N5{>}KM#8Z{0gw=Bg>LvERH>c zZHGmR#EA(AfB4D06k~Jja|H54EK#Tc=0u$Ig5e7MyGW}0Ik=1vN#cd_ESVUXD2XzR zFA*tI5DkjqM;VqORRT^UQZnRDhtpk76Z!? z$T3jHGjJ<2A`7sygJT$cft8gh6Cte;%s9_Rtq zl^C`v8OABy-;pEMPgvu@BC$X!%M>L5AtLOd9(45!!qQ;lst9@XpUe>n_!S_}4@46{ zSA;;4CcwM|Ian7jIOY(;b_>pk@i|x!59_Lw3niNVI6nhnogoLeRFo>q6aWRu6v)qz zM4J-*BFsUIrUJ~d*gu!-Nca_C&I?4V@C=1Q1dBwH0rRVIR2l%90n9tlTxY-?sLhyn zMjEk*e)7WYBvh&yAz0Q#V3EV*8EBsY{(_i?NSaY@`LdV{WSRSEOt2Jw1$YdBIZqI# zlH6N?g~1X*N74>44j6L(1ylke6=@={JOVREi`!o=OZiSbBAHw*P5)!rP`&qSiIP7m z_knEpkHkGMUp^==exy4F;mLq671iFWmQ-p+;)_m^0hyxWX0z)?~!~_;3scTQ7KBLq9=~(%y1O?Z4DCf&00E zD`BazsH0erAx%gjUEq)v2E}Z|gL4NBskmrohbhEcS6iyU%wU`1&Zg6Cv)tL>LiJN* z^k38W3Wy;Poh=em?gEnyd!Af~<-i6*Vx8Feki3i@Kr+C< z{~YbS(0*mpodp)KGE4ER&@YN5bHO#Lr1YLI7^B`pL5qAQUOUM2AJlWoaoOcc9aqN>*Pb(~%UP01*^8 z6#Q+~d@zwE@~1ATAL&q4Q^Es7Q;q_7BKT>;;sN#v`U-GLu@FpYNpKv1IEs4vMvk{> zpi}>B?uoV=T&O_`XtYq63Khq}I~Pkv7R~Zo5S(yvoqnE#!&bwu0GmN5Xedgi6uRKT z4U%M$+a1CuU=FNuKwueZKU-A}&VX%2kSN0h@vvWGJSiAGN~P}aBXFfqDiy(LFu+jJ z_RquZw|Pw^U8!Iiw3xq2a+eB);7A0!tw;g~WiU^$C4d$QQv(tJPE6m)ZE!&oG$i6I z6d8g+`cm1%;n=sV9UOuPDs@Y!(hSaEJ8GE0)h0vI?SQmdlTKu8l@l3Z5W|D9oJ*sm z${4e?+{}=Giu;wptGHiBskenHri(BMC*aOITDVt5f8a4QgpZdU;1&!vP#zk5NpY(p zSS`IUQKCBvI}^%10;LM%ZinIoi4#jVnwQ#siOdda`MZ3_NCO=}!~>PU3>pK$0$xGj z-cCBJl4lA41Pw~{pT>ba@^-5{4$T$EpNnc-RRxW)9UZw0obynzKpz-kB65*HW=u^- z5fwB7OSt*4JeHUwfHH>xNnpp!0J%FZIYX8zAWw5hG;p1O+n^9UFfOXi%g9fGw8}v* z)E1CZe5f2G!55$^BmzaN8c;2K)kMGNrZhl9@{ zH_qG90n(gORY6&Vhh&-PnsN{0AvXT#C?^tlu0}AU$~Rp@^3akxe%iKxTerZDiWGF* zZzdsGWFIe*(o`sfLJ+O$gw?|9k(l|L;aD-{1*spzgYF%!b71`L&(MH;z2HN_?3 z+?WuS$S{;|ilW2{N90V% z(17F**FOjfjDyI!sL+5$8XSRh|Ij!Iom&H51a1$gJ~T~Q3-RXhAWKY`1~_yJ3y{f> zO{BUV)C8F=0jH>P6C4W0?(d&q0xoHT(2ki^8)7|3Z@TZM9?ec8!>P8Hq(=m}OJZT* zvG)CVz+EB<6d(z#qXPLSdUzv8NiQ${kD*l~44BN~gM6^Q7Z!<1@FfHM;k%JEO^kdh zaUVDY_6*fg?==?*VYB1?Jnl zSd%Q!nJsd1#RI8Jdlrb2uWEt(rv6MqRD$N3D#8)1q6nnRM!=u%o<|9|Dk)_y1dVx? zu7zkhN)r_M-SB9=W$_9PoOOcB?;ap{w#Eyk!X%MW6BI8Iwn8O1(!fzNobBLY>)#C; z;Z8xzVWy%!dc-h06E0)ORYw~ZGEjYM*Cyv8AuR`-AX79aBLaMbA=1Pf0!~2ohEpIr z3c;1${c!3mJ zi%WvsGi4+=!XAVoH%LK@#Z`Ga+aMu@coRc{7jle6LC)azOr-gsqNGNEzS1-wRFvm~ zj9W)%w|o?kizX8B9x8;1;t4kNAdBX zNri?9?`^Hv5Ot4{clS5q(48TOoNdQ~umYw!q?=Z5!Bqi-jRRq#Adyla<@m|BfiRq% zQBRm`NQhDjM4Lx`8v@G_hX98f8W1X3@85<*AO(ePXmkZXC)C(X5C}5d9R<7-9`Epl zaC!fB7P{ZR{;x1lLHSb2Gryd+j$5+x}q56_;%N`mk3hs8=_ zL4D~w^e_5QSa2I|K=+c0C`oxxQyRa5TB1o%h`NeiSMqbq5<{L(sF$xxU^v5pu6yG- zMXN$J8YQK6iRU0xe|qAP#qy(KmwBg`D?6=@U3+O&=JDr!cHdf;9po_k)T2#(PDr=k ze6_V-$l9wf^LGq5_40Gcput0i4jVpVC;JD!8;e(2tPeQts?|DETP$6Kj0cT8z} zQ(&%d6n4C$nd5`~S<fDuEs2}BVNmSkS*JE8i#CL}&;5VweRoh)&9ms)NLa#>Gb}m7k~1tw z&L9#M5fI5P83c97K{Aqqiy%4YAhIAxlnjzYf+Q6si;>57e^s~Md-d+S|J-_2uj=+x zojs>_wrjfQ>`eD`&-6i$ziGyr@Xstyy&#K|sutY|u{WK1cfH4Ln)k-i`4>UvacvUU z>K?Us@sLt`ZsRcrZhScr(LL%Sho9JP)ub%s*WkZ8{rZ0TA)(f|;p^+g#sg2<`UHO_ zs*_pu*mxl^p1f1n(aL6RvWeX78zWJHYen{6l4Gqs+~R|4-&6Ir9t>)oCr#FQ;I}42 zPmTYa57QiOjXg8zef8(p#mVOnDZNoos4kOG>p1WubVNAZ7r#!#h{b}47_E_aAhhNk z1c1?{f-?pvG`*ZrM8ybf#_?piZpI6gRd6M^vdKq8u!dnla4JXBI}n6)!$yoSPupe+ z1}^w9m2;C9PohJ==NKX3+W>-7+M|kLbQU>VV3wI2>=p=H*n^>ruU;>bih zcN1mSvW7v^gnEgQzQ@>-&B2rjrhsvLcsTL#-( z9=WBz_ z3WsJVH38f1Wb_UVK>nt_YSU_%$ns+K-U&<0#Qapv0dz65Nms zu>9n~Pzn2-D!zqOejh?lg9D?6)ZjN$v6C5j2wDt)8fRN4;Rh|9AuLYM1`Jm0Mil{i-zjAWUzLmrs`Y74l)dhwP1lL2T+o3KPj4EQ_#!+ zpjinf&HRkz{b(OD56rssDxR{rSe@XuiG%~CE_ltP* zN_~mKW1Y#CxrFC7TrT!bnKR>MvLSbks2r|q5)Ts;d63m)x&Vk8$sZ?)G^TgP6h^z3 z$4LS>@j)RdF=K{IFB2E1h;V^uDgf}|0Kj?OMk5siNTZQOXjBUxoQX4o2~9-gS(JYC6b5WDCao%G1){`#mM3~988d!hRcQglDKq#% z){PP?FDJ`)5;Ngk>($pV1Z`1$vtgAR&7`p~c&R*PkX+ec z=?X=$RrgJV$fyW%fL!68+g-%-KWjmZCa`Q>9VPP^K1(neuVC1gQsECr`sUq4G-5P# zg2Z*cR7XY#j76AF(9;vJ^R6D0cJ^ykL5%{*Zg%hVO}bPwd%tNl5=$!INglP*qCVtA zAlI+?@d34|8E#;T1o7M$3$LNKxDi7|kf=`QSob*KcuRj~Yjn=pvF;dJN7gA58OTgR ztZpd5YRb#;j_umnopc4E!WG(g*{^8JL_apcp_n))_sM_R7^}IWjaW{7svX2t$ zsJ3&|N`Aic|0L58+hcTx=GS7D`}i|IK6Glhp(c3(9o$!&i^>7lix{$%soF|GEb@YgtH;nn`PN#^s`+xoDSP9?atuKe{9R={1fHT@<>37_b}; z(c%CQ&jN%&a(qCX0|1{v#)*}>`Zx{mZZA-EGN8OO@5Q~Bup@daN^gCm5!hq4&6*AO z4j0d4)x7W{tep>CMm+kw2LT?3#L%a9fD#D-Q&PVki&*%5+a+kn|cU1SihH7BT3)95<4(ItP>)R#?Hah{D z{t|kR?jYmdy+z^b$#Z%>pdTx2+8duXq{N+U*%M6$fe#-&`=ha#9W*}tHH?Ah_i9VC zbZiE8v(ycjAn)ySUq-ZZJA;&klQ#zq^IA{{ z1DYHt_q|u{b9t2I^Jw=0?Xid|kq^>30Ji%ux?Hm7Uf|5`L(%nX97yIPOLvMRZJ&Yr zAnW^}a!vsJkkL0VvYgYMMi5Djv)#NeLh$>Z9pnWL4+)Yqy$5o5$49;%dcqJ`6#+5} z_IbI0e0=VrbQH>oM!lhB2G2x`9CGmiF?TMa^&+DsG$i<%qv=mvZpS@h;0L<|M=%ni z@1MKaU5JQ-QDOt2FxN0kM!phyW*!YAR)2ku($GTLxLT<=!5O4|gy-!|H4B0GiWa2E zx<{5gS7t~2>PPa=D3&7mguZi{&xh`fSqW7g2{nreKf}RlN1UbdPaK=TyzAr-Fi*OM zBR(L>8D3pHiN!r3$R`f$5j`v;AIwP{T_jfr{-39w{|}V-|3?46l)!&v|6gU`MWg>& z68Ui~mynXUO7{1^<^Ph9`S1K+{{@o&&q@5t{(l7Ef$x{VsFCJ8%`1skGeMUv3~oPr)~_PH zq$c@BnDyAjPSN3xTYdd77xD2evr$p@*MkFo{{Dh+h%Ev<$c zpn-Uxn1}7Ir?XL&iF5b%_8bRzUuUFwt);xCtkH9DajwnLD$Voy{IC7?B{iGLvLJ9tzB1R>zdr5`<)(9wz&BCC?%Nz zJ+)&mr)yZBClZ41&2+Trs3tA+)-+{T_^JF~54EYwj&s8P1bR0Jv9hzX@0x10aMLVs z!;c-Tn%GFurl#E-#Am+Fd-|$#n#!j>o)A)c3NZNG&nuUWvQU8S*x%zc(DUN%tpORq zWhqWsDvDkOvG-Oc0|JciuUM85+E7Jz3DQrfO5zzH2qf~{%cYDR`IHI1VQV%cC!ov8 z-onpxbk6}s$@$6k_O^r7ik94&y90ulIFSL7!o!T_5F8Pt2SE|ZtVk#n8ct7?$N62|#=a+#_byZNT?M64MCX9BwFn z9ZBEweO4MuS>(7<-TOO!v z-Zdyvjm(1zwe0CU*UqrltZJ#eR%Tqn7bVmxq+VrN>-bhEK-j9>zE_A`ctK#PNn`T) zS!H1DM4NYze&R1WvG+NF-~JXw8eXdsxh^%~j2oAHd&j{cOv-S5 z83z@NOZ3{?mwk?z=y+G00F`J?bgy3BN{M(cF|Z6xxv{WDJ%*wgA?xOpQcw6*E1Byw zEDv$^m~dEFCe!AMEKOH;akvvU{*r!#T8%l|@X@fTTxv>RVRliffqY5geW_E|RDUVJ zslayv*N*h4d!K#RgY~P6eJCT3>squyp4{t<2vW^G?@3z4YYCoffzN$VLJ2Xk<4-$E zJ;r_q3rJpP>gUp`5tL(3sJ*dMj;T?3vyxFQbV*v}Q?J(LW&Zd>v1m?}z3b~(2`NfxR9a`R!Z?EX|cvy-sp^gYRK1vCOmRz0kQX^6%7$^0Jj>N@LMg&+5a=;0>tGWg4aAocz|WHwsL5i;43%fYuEDmoz zr|_Blv+*H=6FTSnNs{Q=>?tbr&i`n|iOTdCd8s3o#(n!LApz$D< z&0Z+!01i>04y6K<8_umq$XwvyGI8pkZcIKP=NSfR=`s-OA3oq9+kkjsp{&+@q*d5x zI_EtNs}3-c2qTW%696Mi9Y7p-_CJ>>dG+?2^${G_7*hGT_$Z7Mz)XNsm+5K=bpb4K zSSS}#LW`S`6I?~;BlW+y#>ot);b`astk++oY*QGGEg;l4@lXnjK5&pl1fWX=LW&UJ z!f`lwo4l5uE)|KkX|zyH1DNq*`oV1w2empOLa^xwlIn~CC8AzpKd7d-6xAX07- z2ON`OACQdJ^&IX4gBu8RRQrQkO$4~0>m~+i{S@Np2trwhQ?YKu(S1C|2}u)6%L)>i z@~N{<6+oaG$Z*;MEPMdN%@lD5N}j3#AW`A+Py)zeoH~sPI|!JYM%q(LB*~-uX%Tny zZ+)HN9FqnMr307Y3Z{1`06HDPTDMfsvc`N#B!*fbJXRs@S{`d^IKnjqN?!`(j@;CP zT}SHjVESQV0%a=V=_U&68^!o27itX$XaxNLjvflqfFYsOi!A^Q$qyAl5&3uZ!;Qu( z^zdd7q_ujHHogSLDgo${&c{PB8dBG`qb5ZWr^K?Z z{068v5@bbx2~}z&;AtC2=Pb!R)ez2ex;}nSk%l%ED+q%*_BpuX89W65@S85{L31t= z@Khx0&8Z>0>O2?35JbVlNus+~OvZzUf-zL#X`46d9}sKY&cHsAjKWYy1aQrv)4;ly z*mW9nGzc76Z9Q1`8VW&bU~dpwWC@G zgM#qtZqTdiVk2IpLTzyEoH-~AvANHh;#?n;exf0I+78Zp+Run;siRTDLYV|2$P*nR zV&ob?%H!Fu7#l%yi&(f|>ed_c)P5%7;#gQJEwekI!~1fbgq|grM0X9KvGxR$5;loZ zr^8@R4+nbj+`*I%0%EinP9+6}(&GW}1U3eo$^^1^h+=0?G?5$+zhs36>tu;HgzGqW zP6Uei@)}PkAVWh?TiXC^Vm+C>!D-?!XHc2ifdWa8;E_cFj6BFVeWHFu&Uu7jSYjH8 z8la>O?xPXIf=o)o=PLLDl*LdH*I!;tM)3kfZ#cs(%8LV34?&QyhU8D_(5tS9g~q6O ziofg!Sa3i-iw2o1lAD4LP2k}>ijpn`u`@KZwd&kDz(iqc8Gc}dM^WMK-QLulF1W4_ z>m*@9f`*wV8aG%DvrQ{0U}qo#DdUq7!uQWrL^7-0Xf~uG^#nlbxLUf zC=6JjYI`jmb_k7ZPY$Th*AnF+fEw;Wp%3sF8UYk3Y4F;~mi37aJ`2oC77ORg#A*onQ*9?ZyaJIkh6`v;%_lZ~MUOtgLd*B7|55gsgfKRshvIg+T5rmTqAJR#OLtcF)md40#nL+v-VEI#V_(iCeDYRe_nlPoqZE;%=Pf|;OI870C<~+e*6OGVdttqH7 z5?)0B$MUOFN<6M>059ewE$xvuSl@PcfZYLzF!&H|e8>nfQK|!sAs}+&4OpiEZia?; z1{24k!DsSd?nB_5nCK2c*M0pSIS71*0EXJ6!aBk4SUf<9NvFi7Q;)!e9bjmz{uf;&I@Q>50NjTpleWpYbBT`- z=Y1l4^?*&`{sF8^X_Qr%K~6ys97O&QVTK2s&~UzxbW(ICDVj{A0W9wTnGM$9^pEx^ zeX4`k6?cZ!;-DF>w{&>aIk1^%Buwk@DJej7ZA!zoGm7rWKocTS^K*JN!4%OYVxND6Bt?4|>mB>>LRq(Ph-pw{8? zc!UogCXIzz;Q?z5#2N>)It0v+L?Y{O@2kwBrVx{8Lk%nAePo=Wis z^5RKo>|`+XPr+zxW*?GB6CiF1fi+bE%at%Y0D@kJw_ir(%*A0&GqW~YZ%|rTK;0nF zhU{KULB~M;-ad`)Q?NItK%@ayNkSZ!TG$f_6Tn~FP$-%^!TjacYl=2=b%uBY5G85A zIydu6l%HN>PIB(E0VXm#99Ure89$2L8X#7{;5+rSa|V(}EYxKHLs@j8RpnFqR=_1H z?Z$>DBPn=8uK(CZNir znL^JnrAJm-TGA0;s=HjGy?o8(XO8$N*zqSGmiJ7*Qa6F8Bzdls6V7Nt`r=8YrpoDa zw0o+uEqmvf$U7Aj0nHCbAKr(NnSr};@;FDNW9@Q)P} zSry5oRYgAw@@=aSja1ZTnq~Ub70gssLV4L|=`Pb%^<7mu>eWp@si*Lizox*ix+s57 zfqU{0j?+~H(`uPCME$YQfGtA@smwe;?0^HzF_2;hWHB;_zY?aFikx?NY=%d69#W2d zVt)GoX@`bh!={1L>OPIa4oT~s(a7Egh!Vj~ssVPcSkHV^qlUMeZnaY|MHZti6|}%G zJd8LEaw8M^MTq*AXCw z9p1$YQ*(f;VIVkMt^DQLmGS|XIctD$lHxUCq@gBI^*ZW&L;5F;P<6Nj5|Th@^uYj7 zQ>2mus1#kVglqb3OQi`_CvC8MUxmDSjRa6g%~S^`gN7S)Fuhb#SU7xl9l)|QQX|?K z8;EY3B6ac`A$>5`>h_Hx^3qgteqo5xl$)KMdiNl)umSRpQrkR=RQ9YDS`4#5k*XaU zMxc<`0Wx3V#<69{6I?rZiu{ohBy0@yBEPh9>|;Mrb;CUgJ(>v9l3df9S%)+vfTqQYXB=l)J(5$ znUX{M8uW1B;==(?z(^QD&fZW%(SVe?iIgF0qEBqPgMS^%LK^wT4rWTiuROpdf|LgI z#grkc`A~hswyCF`#Absb{YV=_q+Qr+g@Qh25#(Q`(s%C2`Ss$+o5Kp|{;11Lh{6Gx2JXLQ?5s$wLpG8Ot95A*RvI^!ST^F-!j$0g9nugpa7BhV*Bs0UDQhef(K zKuR&B9t|+LFGH~&RJIMbC_<6S00@bHMRWv00tikN96|+V5C-6lzzvM?^m+@t5yoxM zTAJEaIR4hoj>>Qqh(MC6O#$S}$a&1f$FM0r1cKs^mlOv6HLUT-(D)h#(5h-jpqo4} zmF{>FcPw?o7bFjveqRAn0RWK$L`XClkvg1`9C6YGqq$6Kfi?mkpNgP9!)V2_6)NgYm>PH<1Vjotr?bstS_JpmphYijc$%dEWpQ z4UtHNS!O~94Z9J4Ac%*PpA2X9O(6{3Fb0-U`GZDQEYbthx{7N`LXMI`=P1+{TB`f; zEem?&pm|fs$1gLmqd9%lG$)dX6AzWbHY%zht=@tXkoDvha1Ya-Iwgy!_ehOGsAdvL z@!{J|)A1YvoK$7S;rm=Z8e$|0H!WNOH!Shl!B`vSNsdP5g;zUP-_lNxZ74$&0HeV# z3(d7tuT&uV>vK{K2qRJ89u8G!U(xV22yJP zphgqQrbtcz(f$VlUY|H9)p`GLmQ@&WGzx>M!%Giaph&XwmC3~?tF)ZNJvT`at3aeO zgrs%`S`2LfKLVJ&U!yWaHh`iES6v{ipVOIYs+<_B0^SfBTVu z|Bv85^8fsMvbp~PUjFa?AL*-;4P^dz|Bs~Pf9HSyFOd9yPU3R$avebGYwKwPAn;XK z%~b&|zW`MKoCh5OfB@(f3HB@0SAbL9`M%>_z?pD`0YLyH1Pp;+Er%}v0Np(R(EN3| z0z?5w1Oh>ZK$4Lm87Rpq8CYnMNLm&ShJS#Aoq_oZ7}(jldHH#{*~P`Bq{PKB|0{r~ zC@HCEsOYGv>1e603NtM|JuNdIGczkQGas7!%KyR6jTRQ;=jRs_mbvm!%E(|aYX38d z%YJ~07-#`mKtNmom%fuRr>6h;Ci zx(XcvT@j#ya#BmEbJ3Vd!tVHl7t^L`m~$f=`y73zHzLxXH%al(p)mc|&_^@Z{iNZh zhfa|hCC$7t)K}uYqC^CNLjKh(5I_ayq((}ZLDa8~+Clq-OKQ-hO`Bs(iyIvyxG$Fh zG6?93R|wTr^~Wr|J7#+icux*SgT52d?efaAb(lMyz9Txz?-sLNnZDs^pt7_)4CzxYEtG89!;4(J`~>{4wvFN`aVjKk3h& z=|7H6f<%;i2oswuDy_TsZmsfK$M$^8E*H(%>qbzv4tmxZ^Eaw@O;{CbPL1w%swd%v zlka<$hrMKpQS{UCG5zW7ZwITYdE*h~x<7nttIf!gDROmuMWE@v3unl!QG5E|XYV(T z=C@sn^pD|?Q;D=aYqavhXs64g<>K&PiBlyvmFqm925Jlyu}!; zP-z%Vmbv?5MG$2~wn|C6#QO9{n9%&Q(cMR9=}a}h=JOM^s=f<4gorEr)I69q@cG8F zeeyWn3ZbfS_AQyh?uLCtj_Q4%vsHnOlv28j75VqsJDn-*q*kO4nJc>osI))f zBrOBjhavN^sny2L?%__Iput!x)%#%gi;T&kus@NVvumMzwLBiX{Jx(0?r)4jB+d#m~-4^pP)3BL^D7-tK!b>^EZ2qx8>e^_mZzLMCu zyprmy(KhxD`=&FkRPzHtQDF1tHB-2WtqntPfFpw)+pxKCvK^xz%f3M9n=iWuKgrH- zM`{@?Ou8UwldafpZL*`yTc_TBDlfT>Q(&y347MT!zv;@9CHe*pGlI^M1S@}cen3Vu z*E>7ejV+{8;gPQzXF&9&sQEb9&3<~)_WQKG^nW9BK?U^!QP@;5->Lg%u65fAFO)_w0Q$#h;xD@I0lH5+TQ}?? zG7;JRAi_9nkvr{PwC`}}6^ng5awGq+ny&G09RD9buEr4JtKlC61A597=-aEueODF{7iy1{^Wk_pH7bQ zi4gapoVcTt6WJfZA0J%;6#N;(x$(K%FNf5EPmdql{{3BJ%fCKwd~f^YqoIi?yQ2$t zn)1=f>EtubW8tmM;FC$I;rNf5I{Rw9$|gB~6P8^bFJEn#_(yJ#f8=&krdJH4`;g(t zc6oNc{h8KFEj}?@ox1tfdn>&u-fMX}qeP>cnu8_tR5VE28Q#2$`X@$}TiJ1^hqB?- zw3XUiYvWlnsL41-3SC>}k%uefZZ&$Yj@DG{9)IFh`O%j*`%=x(G))P@1BOj&ymj5x?eEdDk z)@X<5HhsdtGM5+4elaCGLIX2A_`Gi;yQ5@1u_!lTcGmh#&xOlFm4Dns__#Crb44w* zyfk}5aF3GD~^j;07vll_Nj+yPrM#2G?fVZW~YW(T= z?eRL@BZ*0xH_siyR9?IPW(m9CT+sVUk=g3fq!5?;;-#hPjhuSU#*1tnRw=apZ}}P> zJ{75N$xRy8Sx3sXpVh}FRqVMwTs*!W=U@Np_P_ND=%0ScJ$e%gH!mx{H`p5Glhq6R z{%+EayMedf`kBNZw&dKFWnT0*@n|22a&@wZea?%ZrsnMzzN8~MF^q*gGuC6pzDJ1x zv@ZOr%nziV1TQ$2nj_nC&Y93D1z$hddVT8&r-oo>&Ox`v;l!v-3Da5TiJ9RKn>$Mu)=0PP9J__D;pX)* z;h8}+`y|gh+(H;*RGYJ!e;=dj{;pxiRcC4^s3c`RAXU?x8pLR5tn@Htyk#YHa)00X zJbUqW#H%Il@7Sd7Xc@b#?ARf+2i=PpJbR<^UpmYj^DPQ|lg@wa@0) ziVX9-xCJ`_tMBA3SbwkNcGteX^UJW<%LiZeA!}J)@nUGSoHYOXXVTG$av8U%FScLZ zeg#eO*5!&mtXJC%ig{R5S5xazxa$4V=fi`XLYK%gD<|=fLDKs)&0nJf8s6x%8Bu?C zJK(`No!xZ^!CV4zEnhBy+}@R>{o8cbaBsCA-B}1JuieZ8 zbNsH}ows2Vf7#S95%END>F;ctlS-xZ=g_&R2hlwTH<^`le7Ys)20vTq2mS10<=H%! z6U&!9M%k?Ur++;#TgL>V>tkiFda`wYEfTOd$1A`ChNurdb!R>$;zA ze+*gHPpcbPe5x;|X#FEkpNQ&qWoJ_;nPtzE{Z0n8ezm~>Rc>JL8o~S3jo0AGIc2wu z+JykBPua$`m^3TXwDQq1)79atSSCxU*XatvS--P)U(IYi@w;v!F7Wtoe6-!i^P3Mt z&IP?KZq$n?uB7&a5jMG3QY7VzLVYIPU!GTAT~2jasqTh8mb4U(Zm#GjHHA!_)i*LO zHH(~)Ir*&e`P^-=>ADdJ@uFvP)%e*_>x`bI3MKVhDgrU=j}Lh^pMD{>_VB`QOXsq> zsKYizNIs?pJZVyuSGPqA@6Y`*;ulEpwfsf#R#EoG;JXJn-`HVD{-0kcQ}b~g1lxR^_!7b#80w@X?{)5ZBTMX+k$HK*XSAj? zb+BUbcW$PXinrVQ8m762#D?G5Uez7{VQTMzR(KO%|CEx4o_qH~NPS>Dv~}IzmM%a# zzs++`OTkFra@_S->(8YZHDA~j&uSGPyEPOjM*eu9z(4+VdEYS5pP$^Uds#MAn|etq zcbW3pJi5u?)vn_>y>Zs7%;kMX`SOLfQLf3EFYluZzSOXH4 zAK%nikz)DzTm3tU$mC37Vc8OgQl+ZBi`{!Jy3@AN1B2O{85-C9Y0*!E%y)|2sJnL! z=Zy|%B&o$LX1&IudC~z!@bR0X2kwzdR{Avo!77g;R&Qy0jGO#5IUwyn;}(Xt9*jOO zYeW$~_5OK88v5|ZbiR%zkDXcx&i~DU@r^%glhj2zdgeq)G(S|wR!Bk*YG;-lf_sca z#=hB3o=a!3K^D8*zcnnUY^p49NG&No5Ui~&US(Fc716KiVGe**9bAhr5TK!G^OWnV zs@qtc9c*%4cX<;TTAzws`C^+r74BB>w7?!4`z|6)B6ceF}q|#igh0bllmw-FQ^7l`nkmvLDJU$Y4g{8Er?X7R*WC}`Q zEMGQwDB}h+!LK}-msOKrxswir(w!U(3})86rK=6G9Sk0;g*1MNF^_6tNVSq>Dx*i8OtoVvOs2ct92yCIFKg-2mSo&3=U!=pU48X>DU|n0C3R;v@Vf5Ol7f9mcbc+z zp8eT9s9#!3Eya$WLXYmk{PQIvi2G5cAMC}y>`!Z6%MnBVO z6u4~`QZ;I(Rr_F{@s?}e%YsY>0Dn7r&Dg+lz}#SAOnW%-iRd~uLi(Q&7$na zQ7tFSJMHc_sY4sT1=Q0`pZpax)!p%vH+pu__PFHm$;@Qc7P?4ZZ#S~0j*GJXxfD^g zs5%r`Mcq*mLtuvU-IrLs$@$X zun5PNJQS(D@sKUDQ`BYFE+kF+N!R#pV`EF}SzCbLw}-coUjqvHxH>{@$=#1X=e$MO zisxPX`ZQPe0g*(g#X?TA?={A??M_l7Z&u48iLjWx9sSSo{w7}~93<0b&IU|hH%+pK z=TSH|ey)j&$f?z1!v>aRFZ=u+^jG-(Sn9L1MA{6e;`yzJN3Bmo;F1O{hNZe1XRA#( z`5&K~z6zP3mxVjWHg@bUfgvegpMc+l=!y2M{YwB;cy@cp_hD(*Utj)B=NGpeK85=S zE=`VGX*4F8*OO5lr*1N~PUaqg0 zsC#c1AGnspG|gGni4`^23IUkYnxq0|EZ9B6+hxWDS=*RtPI_KCdu11!pNq|xra#%p(`hko~_4SVPZ zp4ooC`>L!Z_fZGcm?L91<+5LM9E0!28F(Nulr80rB7@YI(QmHqa|)e5o;<6I;CN+X z&_Lo+c6Sb!iK?%np25Wm=BbNy!kjY?<}|b;N*8b6^qU7ylv-Ae*qQY z<1Y=N_xNu6bEOYH(LkE*iUg}zXdlIZ%hnsKFYGTe-Usx z#hfg%_gJG1Bqc=`eKoJw947-w$FU@cpKNFJcLFg}7i^weZ3`3b_sj_La?{na1)%Z2 zfIWXbX~=K?n|~F>)o=_cTbn2H;N7Dmzl)2`3y_Y~luh0<#@;M)&Tysl4m;(UMCn`_ z#oXocTmcx@TQpTvjygQf1Hn59*os)M?xDeMI*UKZuL$hd{UmuOiw&1&r%4}V$$YBH zT~}`#AN2b@aWa`MTEf2lb?;wB>_2TQC^K|wXOJ!FZdIV79?%u8&FpHW(PRoHvTW?u zuIiduZl%@SLXl7~*Nzx$Q8&<6RPW_s22RN8+Kj5rm{7khU3<*d(Jh*~Nv4-T>aK;G zPC3ul0y16&?Mom%uyGT-bmz((%Uofi_q_!Aa{`xFsOf)cYDwCeEe98_H90*)MJ0#Y zF_;V*V2dif?Z~;7Va*|atxZ8ZVWz2~q6bTQr}Izmf4Yzr7k^{$*w>eLSz@NMsV>f< z*ke$kx=cOcIZr`Gx^>lnUa!#ARF2YK`Ftvh!?i7bVk615R4pV*m)K8QtG;$?GwOj+ zQHDTgN<`u9?b7(SI-Wlr^w`~fvA@z9W@CAYv%Grsv-Vb365kRRf=HFDG|ap9!ycs# z3k)Zx6SJ;J50z`q@TZv*eX7nKk!d38qv9tjq%$acBI%~h6H=ebOlnsi8{%Xsg$-ft zf1BxE8thWI)Da!HYx*w1&n=!}m(Qf-i`49hMO(pdItty3d&-N2FIscx-(xP z2kW?!aLbVojPp#OIl5*yeFX~MFrVle|G!hoNzul))*hKWNr$Hlh9VZhOXV6fT<3&jw{u9uEG~zKCq5Y23~glMD5n#x zE#`9G?D|-nNh;^85s1B>s!z@QF?#YN9W+JO5;VB_9akjyXZrM6SBLtJpOvn!jX*2~ z7fgX)p-f2hfd9uAuN-gk*YYoM=YN;}Wuk+w-nz1gu%~+FE2)KAgL?wwi8Py@sfol@zmCPpVZrR$K%@1I^AGuKU1qn9 ztt|y<<(EsYjU&i~Thb!7;u<)lv=yizlvEFr<(;%sldN1Di#=VF+fdKm~-7xhrnQIP6jbtAF1JO#jNtv!^?XWWeZy!%dfW# zo3?aVUbG8y-Mo3zvf=fS#b14wSPnKRwCL*Z7i^0xqi<&&m)U~%>zOmUqd`d~hCQX7 zf8Ra|D&P93uY^9b73ieE4Ln}kY`}z-FIIqB^`pu89S{|5#nFz(je51+S-^9`uANQ9Pqxoy76RDnK)==XTUA0u;A%A2gTcYan#$*;2rVwFnp&>R+$WcSzheE<)>*QCn$@x)ZkBiX?F^8B%@N=WG zu)8iXzZk<;wOGERK9R!9x^vRMqx`T|qy2yHe5s2UDIc(JyRVs`!P?j>>Tjk&($&9b z(sG?RI-`;P*=*h`x(u|eAPe1JVVg((Cr;{XBC;8+ITVirvl--m*D%2PIeSkdW!^F! z>1JTzvT7%67c}O(KO?29Yzfrb=erdjRWcD9Yr;vNKs?ognyp{?jTst2_Y+jAtHXd}WN4=bQz`yO%_fPq^@rsI=UI%MvilPyaT&E!D7jXKLhEro&ezs!B|7}R zPgss-+HBX&`&);Kjm4XIl`TZ*8e1pkSuA(Wh1nW2oON$(Pv&Xf7?iV1PagQX6iPu9z?6i4lcmSb zczXibcwe0DeyDFxMH|}TA#|#c`oGLp%6DBJ7ft_Jj)0*iNSwTdO8vesklhcJQo@B%R3Ez!wWIaEryG%Z zKB{|P41FY=KD6;TQ-u64b504vZ`s@1<$30G+~(sCao2aK?plV}z4lvsy=%Zhm#oD> z9JBKy(y&B3cb@3`}PKNvTyp?gqq*8eOo9=XNLQ~et zz?WMH|5c>I!j@xlU)-ihd3dD{XViA~SEHC8m^v;7VJ@c*^YK3-wg*EWLhtsWE&=ll z(j`IoY-}RE)JlMbeF-b(E9Y18ds?a*I!ovgxT@rNzqYePN6*jjRq#N zqxSX3h(>Tk>Xv}x7OilL*q`H7U6!g}!Bnr$y!|@UFufBwlpLuuC06!dcTA^amTxvT zyyyK?Zj)ID0lhXOObv~VAONoQ)^GP6lOFL!p;J6MH-`r1I+wgy zzO7ksItD4(@A}pY&ygffS83Zk>#)9=4{Mvh@1+B_^Y@7&%32rw`N`%um#r|cQe!B- z`?ha=v|NR=w2S1|4U0za>gdgq=ud)XB{%&|UsyMI^E6JIe6Dng7!&3eao#JAYv`%J zE^ELoov(2|A`AZhYTH(!LyT@Q<}SY*nd)&K&4VlxpLSRR%3FN=m=(sIR#P*1viv{T zdkd(zwxnUS8+UiN;MTaiI|ONhYjD>93GNLvE+M!D2@u@fAvgpJ9w2y-03kf?o$t-u zJO7n=-^};k|JHw53s`-+Y*(GyyK0|(s>ECM7x!N_=M$bj065Uc9R`5gsPzlW>Z>9b z(taE*addqnS61M`r&!KTJk=tOxa>tANZq!iDfy*ZkVWJhY8X__vQbjW_?h7RA+qs! z%A8FJ3ge9pqn?v&=~H63?ye3Z>8pkdS5;=>v6A&fON0xx^F?4}auwXqxX4C|5xT4Pe| ztau<6x)kJ4$U;{$9iB^^wJ2maTWs>!AJ5;OmxOLdnI$5FhCkMK1!RHkdcM4m`mD|a zVy>{u4b@Pa^q5g4^t{i^j9SL08IG4uv|QQoElSbLXdlPZS*glBCaAWz>-;bg2$8Y# zpU_ur?;@SP0=Zfa8L7!kWzdP8jO}lYbVP7abtmk8n`zl^R=Y1<5GHb^d>#gW$&^2w z;<}0b0VM@TekF74OBe5npREbXd~5RztHh07OnoN`MAZ@768l@vlMXkN9iukIpk&l^ zLp(pftoWXH4**5RLF(tsG7c-S*m=B5RF;gBf{UNHqyy?|Zws!rOj?lW*HCaJPYNM~ zc2p<@T_~4iU02^PWpuvcq&FQdox+xCdd2whRUD2fc8c*ldy+&V$IpQWd3RyCmcy(V zb1%mvZ0y2^$1vLNzxdq{E;qH19_5Ic_Q)ES=o`J@2tz{1SD z~w$-gfIRPV&&F{-${sv#^Y%0~urFe&furz5DECN2`=SuPe$x1{BdvIY*?HQGI*c*QHiuAo^1`hy2 z`J;Tr{j>6L{60;>qE8lXc=4pCcjziS4U0z&-#Hja7kWxYl7`_NX)&?#uZjedwyXv8{J3+h7c-3ilxz!&?HDcB_I)r6nfti{-i>z_LE{FQdQYh4 zZmvb{+B>2jbMnkoTpw?Eg-8In>p`K3XS#8+O++Kf5dJNSR)LWtJPR6WK zma|q%59W?nuQ6@`u;9*5O=WBlSMp6S>YKK{Ah9x;FA80ZlzvKBH&SlnNYX6b5ctfB zFiyV339%cDaHIRFjPJWqGu!iF`QghdUWi-~pd zZk&n=7YML6&4DNFg--XpOm1q>;Es`%?|s0|?6asP{`ezI6au(7nKL{NYG#38McAXF z&@GkaBc537L+aRLj@}Vc#}B{{5ct*l3XFl4>ZYd2xm$4A0bpUL)Wmi=-nGd`&k_E_ zJ_i-cPHSae*yq_vPX|6UQf*4ak>UisXW^UfO5_q3WQyyPEp3n<<>hq6vfBokPXC*= zL6hYdufWRbbBagVqybl{8xFJ7(Rqh_VtsuGM$;x*x$QunDEtwqO)^jI8A(ZW_-Q@CKNWP)JvgI(ZvZ&1t4T-GE@+^oh@R9~- zP4%s2`p2!{kNiXIs6|)@pk$4;#ZjpoY#MSR0U?<_|8iRNS*gTaB0O5a;WkPX=K-av)F{;TN~ARGC6@$*=tSOy?u&h4S^Yv@Sbzpm`_U$Gpo`BxNWH%bfMr@ zidWVtU%>Gz^!lFIu${Jj16tart5qo%9XX^z8RCMj??7;sG0F)F5Osx?l{dQi!rz)~ z@+XW!Ys0Ssdj?h-8aoPAoHf&^fpw*fJ}ke_TDzd~X2rzm!o7Fm8A&DA zvldF_Ybb_Jg(XMq10z@KgxSATZN@Zg+c4FFa#d`0SLsX>BR8+j8&}lHJ+7Zh3ter) zdXqv*GNFB1(r~hcp6snHgr<`nyPF+T`ufBP?@BuaqFrj5IU88p*=XW0>&hRu`(eW@ z&30bey|C3kqv(&HQsFBjdCwV3ASWI%kji>Z%(4G;n1Gc~Uo0OP_q=fhf4RO+#G{mS z7S(*+A{dlgjpKEa9|M_h$jW(^v`+`MtO50nH-pcW_w7%Mm@)NeSS3j)tIzUV8$v7^ z&z{=a%TojzoG6;0fQ@DKE#dNUU^$KX$W-6SaKceg9WeHX;|l>(a7U^XcSe=96`XJx z7>5v}Lzi#oFH;1+a=-P*Gx@GCvYoZ?beYC_ z-p(No4}kFE!^=WTNs3i({4M8wT;r_$!b`@L9~VZQl@QiKd*QYm(U80PmrQ($v=0FE zXAgi?e6B{Md0rE*t_MJ68RbEWg$t2KqTI$y!m1xzVhS@&^FZfs+Ad|As@^J1`_A}v zCRM>fRvLgSpn3*`!Q6YUzmYbF(kzcuFxnG1t&koQ>=Tl=18(Mi06=Iw-w;wAt)A6? zncMvEiC)}`&@f;GDjXm}cuWZ*K^L%9jz=Q;7R^`a`qI!$9$4?t_v*wh-rG>VENg^_ z(sZ2}&b+DS8dj0nemNG#Ao`59MAJT#NS(!NvKL8+_6pRRNGm{FGLeIAXP7~1S<#w- zk}xtqOL|&aOI{^*kZrKe*g{)Qk-N*k{GBePp&nz!WpCV*Dj~iRlAdJ?_SLN6!lR`T zV~AVt`nrTMvo$ynqtrMMh?x4FJRT}0lS#B#A(rcy(0M;sZ-4;@9qma}dH3P4{qUB& zLXy$ZDV6rKrZuHT3@rt+OfWhAX78wWXqu@+otr^n%vWBRUFjQ;YEsz8{pVRTyWi&m z6dDGAjwfdoilV&MgJG_pFj&jFxKvSU>laiDoLOAjEv=Gu51ISXyPoJDD+7lzdYM;w7uKVVofYeafEEG*e9-y-sFBR~erXsIjSGK@dnG##q`zICAAEX6PDLDP-loFf#^Z0BBLso%PxA0IGxX&h12yy| z`9m;D{6v=3wPk2ftFRf` zA6DNoqew^naeUd;y!ZjoqPAv?|DJ*_NF2=$DT}+%EG%H1@p1SEt?Lzv zd30@p(Ch)yuISZ<$^J5}dDfOn`OD|#PQ~huLpR#un!dQielt$32-qJj)XMjpAR-)E zSp4d-erG-(WeYV=l)p<9WjB)fB0AGyxW2)3#uGKM`K)EG;t)QTSc;~(pySy|E;eZs zD^s&Fy-hrjut-wo!{|p^knO6 znf~_?XqlMMaHT)XvkgP$xt=DSN<(qgw^!xQ-Z@XbXx!U)rdKLWI*jK?Q_DlN>6;xc z21+FQ*sa;FlJljdH1(?nq4J!e{Ga%T|(S5ykJvM!)E#$E&(U1 zi8Ehl&g#xxCrJ$HK5Y&O_2V9*9*O|_nQIBqbHhYqN|Cbo{o6v$vc-N#!b>LAn;VG+1Ov)z3RCqSezv=__G5R}y&Ny_4Haarn84FQ0Dpw9C&@8GqRxj=;luPaeYxbu{${m^$mf z$;ph&0L$|8$fU1Y8I8yt1zgmIk6FcS?VqO83Od2Zh4+3sEt#;5z0s6qdwt1O&59?s z&aRjJLa$s>`b==zQ5d3%T|KAagj2db>T9d_!u0on7&cWyVi6 zj>Py!Gulp+zHv7WFRSy`NHur$R-`&d33sj1__F58!TFbwTop8*j@-@H&38o&fC`Jn zEYD`zY-AUzhz3qIkM_+4jo7`tR-c1Rm$GmbfwNc1hKu5$;83q60zH<&6&4l>Gh8xP zQo3sA#Z3ucC0JX#OEgG2)WS@ip3~Q8!M&gqZjqd?u`P4pgw^k?T@N3&zlk>32?<9( zOx#sCtMigrww3FMe$|N1c)oPb3{q2^k*6?OGh|>>wLr?+_mp1RVnC|q)@qH5mU;et z#8g;w{M12ol{u7aD-l^@bs6gFTH!c`J>8qmBUUA7F%-3Abwr~KX>QxMcDys`Sy4y9 z9Yjv3fiHwORSha9M>=+Xe1)<$CS1$!Oi89+oarJr*GNZlY|)d7KO1bUw`mED+b56O z1kae?Mk`owD>AE-tc=wfI->cKcSo)^aqhB^*lzipxs0T%+$ux4;==1gUVg=OA|Nr& zUtyQ0jLc<~Y=ZfIBF#mQrrV>vKEF=nGl>{qx4>bFze2MOA?%wCT&WR`Z?De}P3YAK zNPd#^6=dizEZJ9dVRkp%=PxhhZ&0Q$H4N9&FTL#H2D|S3?l=kjQEOA*C?-}vka?H; z`P0F8jt~?~3~lSpJN-Fw*>~2uR59+wA=4w{e7QRU^myXU-#(0fQsqC2h%N8N>1g2qBAh&AX|guAnRp+`d&PB?ngFB+MwwumAl*B z_q+Ip%lMVyH~#*7pCAxgCJ2$QS~T+V$ZpEUkmYE&_sB7m(YoqqNLX9MGWanO&*DOY zi@}SkiMO-xQcj_T9Qu6G7<#X;i{{<0y6hjfb6LH~VHXBEw+>dwbFfa~J5D4t-+A`M zi9w1fL1A)`p5fLlSUx3&x7&%`o5Y7MW0(lKQCns-0`2sqj3ABoRL)9zeXf{H8!eZf z&%$+46dX3c1k@K;{YZG=mc{Q=Kdno(UsPEll=jkaoM%Qp(RvT=PnY+NQxMXge(DUP+YQ|c@6>Ulo z;jX`Jq)5|b68e^+bA3!OU%X?}bd|dDz($4=L_3EP%gw93n@{oBu- znQ!!dqv6u*^98Q&8 z2G~>XQ=)#;ZhqhB2L7m$<-?3yclT`)UTLI-)P<%Zvzkm{*Pe85I}sd66@~O1(%m{Z z4Ili5VpKaF*iq~kE*E*xO><+?-1EJnt&PQ@OOD==V7%5j57P4%{ZRSsZA!Aj4aJsyS4(c;mW-Tni#3YSx7hveh423}14u z7|x-6ED^n*5w!`FVxF5NPDh$Y;&7J#rq+VA@O`lu!nomH{K(_-|rDm7aeT|U;j z>%!M9H8)xtQF?@w#0*2wY;WRD(D%-k)Psi3sx%T`m2Y1y>h_KhO$|8#gJrC#yRYQS zc@Spkwd$mk1o{SQ8*7^Un7%^MDzaeZz|_Ex8msBHjh>e!sED@kt*nMZxK&$T_U^{U zJf8)kNWRpSt*A@r-Mtm*b!mi@`$3>pd4hN21SDXWvjTzk@2$w~$!>U~fK}R<0gUWt zL9bkSTtWGQ#<>+T@81-m@z~>T*lP`^2@RfzifyV*Nt1F5i1dNslB7hC4B{JJZ{QG} zQtexSPuh-SA@_QB%&%1S37bV6LTkR8FHPwaHuA^}th-qXg9GZ#(FfPIWfkK|Te?9A zK0#C+xP5PEigag>Vq<)azHHpmaG&S}#mLe* zO|>MlI*drp>dkvCzjE(fUR$lYzCUrg^Y*h7bd$cOMyqLano3#SZRla4z=Pxw2rUS@Po7T2O(HiMkzV`%woAq_MCID}NJNq1~N?Qq=8V{%_JX2Vq z#}2dDmWEkerAs_Jr=`@3d!Xb&+=0XRWoIq|gl$Sk*%UNCx?swZNCaUS?^Sz~&x%Rn z?yZF1te$wFI+?Nn1MDbEwLYmctK&xzBnlr1`F&wq1AH>ZvkX?va)!0v^IdVD&!W&| zEj^4KP_(obZ9ODp%O%{AdjiSwC=+fK=B|Tgvxiw09*Vjj1+v7G`2FK5(ol94@Z))sVO zy|MF1_G~@{O)jT3Ls^P*EBR7@y zYL~w~KIg?~V3vy&Afa}A$IPtSo{X^ZPD~0)7&M!7m_OveVQQzklmLzSc5wM9sOR{= z0|2_FXgnB$1_m@;8K?&!7tkTX9K76L*Pfpt){R{Zn{}eV^TQ@9iJsVqJ~Z-Jv!eDq zz0sTfAYxk@r()>Z?4^LRy43BnZz{%14?3S{guPDud{;Qt@sTtvJ}6(8Gss0}oq55Cize$*L3OjZ#}_ zi7T8+J1aY>=QmCvgXLFYUc)P-V_j<(7Add-o0z;jW?Ci$_I3QTF}}%nx|hwEB+RRl zag8R+28$nkf=1H23g1G?PDH+Vj2V7=hiOaEtrdo7y?8}HKxcGW@6S|#0wHrF%H(cs zac}^;-RPCvLZJh&$05`}VR4Xm-<^-~7DVSz#HFsDn-QG?&2axB_kL zLT&S2Ha{qn3eg6v{Yk@k zDkI3^zLllH$ml~d`W)My-TK!3c#$=W_PF|=z$dr42Diap6TZmyc@|vA*&%J!A6@d* zA~vdk3!yHW?AaR0JcVJY@KkIm$rE#GTb=1A<_5uE`WD_QJ}FGu?G5H_O^0qrxMSfF zEawTKW^#{G+R1uBDu`Gd*AM7W=4tz0H693ixSV0B6+Aw;L8>~iiIA7RHt4;<{JN-y zu(-6Y&{etUMwazSF&NY^fNZYWDBQUQy)U^b+kj9^qZ$PokcJ~ht;@>MI#yt8%2Np} zIEha4V?t<^TD@J!evA;1`BGYu=@+yPEZ105SlYkx438C0e3wleO~&2ch+V%Uz5%~b zO3C*I|E8ApnPCJU-`Ts8!4P}Gk1g^j1qK9k2-8bbDl)ebCak$!#%rKUlTWY06#2{K zOqg062uBK1AV}t+tTqF(7Q4FjEjD0?=k;87b$(nwHJM|7e3*W^EY{9-)E z%-b;XQDk9)bU3uJq%L0-dphvApM-i}JPA*u%^+i@R2bJ9&2Ys*g_x1|&bIO3p-nl} zvBeQ=W6Xe|X2->W+}j->s{~~hCB3#Fl!mQufa$z}7-sP1;1H23k2CYodkQEqt%1Fx zM-if%seEku7Zim9a1@2yvB6l0cRWeq1PgW|W@ft&q06fD>NkuBrL|&>Vx5jm(1f zniQqT22~gqzR?2dYUs-QlE@`LJDwPf2e*o0rgF>NZ^D7NWUEgg_t(%q? zkiYYNi zZ|XWrIR~g<&4RZeI?$+Nsg7nY<4bfcfNG*DI-Bp)sfmWBZHL zy;b@o%Sf;Q0-p@4)2i4jh`D7yUN~8fW`~xeC>wz^kK0`|Xdz5em|k%lQkyeZMaMkF zz8eX6q0W|NC$d+wovA1xa7MIP`yL%N46YOwqP%}_M4fGUJapD(^7>vjSmCV$X?RM? zfqsJEa7u39l1fYiBVYN@YPq1UeJV^i*)WLPa-!*IIYF+bRG;v>L2Vgg@%BQ=5O%CR z+Qw_xI^5c>97oHRVVc{77%Fv=!n>8EY2_M_?KR)>(L1FW0@jd73X4ROw(NkQ>o=F{QGCJ~#h+AHG5=m#&|-C$1TJOG9t0H=dm!FL8! z7)d=t-jDAM6jiboQjUr$`F!InBY#00JPRDhv=hh$>i$_a)twER>t zHD?BXHbeKEaco=1MKYvj2wgroBqW9;Zl8QL)4q9y-J8yJm!t-KsN2iW6j(SfBo_`- zl2Mz&eMzGIlzvm|zJD8U&mNm>H7{!5Sg7pi0nn{!&OVti0L|3_=xe*&dmvL`mkLYr z^jtSLGk3D+DdqU`l^fUyR3`|WCBFFfswtg|(BHBgznP=}(U@Sj;6DE8=p`}!XSpb| zK`*47bs0ZM<#Jre<-E*?6gV&OWVEu!^Q!Wm`pE&VB!q8x$#6Ii@DY~>QV8kU zv+T$nUy-h5T8}(-O*+!k8e9S9yOqR=?ewp9p*pj75R^Ost~hJNjEksV*`+MZ7Vymm z)rH&_C_*t_3NniKKGzmU&7}9=qqZbKU6Ext;@N4JCpN0$tD6e>YGSREd(Dx7Oirnc2k@{t20 zh)-=v88*w<^)c`1XT(3zfseXI!QB%37DaQ#?8HMA4v3#YU`c#3{AmfOh}gi-yNHS| zVpFpYKhDn1v-8>hqp;RHfPvN!VDe>@%WRSe^E;}BK+&r&r}sEgaU=>3Pc%G@dfh&) ziK~h6oWo_YRtG7FTCsu+Q87gJhGCs$t)(2~wQypE0@vmD{2AS_&n;Lfr~|t4-kYr0 zSg7+BQ;|nkZNoUAdd)R_x7`j*)%J>tg7c(aTCqtKn7dj?ZL8mT$L4E4YW(bcA@yBD zc5Cz()@gQ7(--aU6nyh<7>}ufiLBGoQH~Nwi~AD2Pz`z#ji#iDh7{IxQ8WhWsxrS1}(esNzf&F45Aw+tNw<$UAg) z-iqYpe(GpOBO27|9~Q~JLODYry7%UJF%FVObO}R+0-lh0P@_dP;p(QNiCXYfH=&!e zy@J<(Sf9n!QwjW5mK*p6zHX4(-uF?*4XgSScSR`l0l=%d2^Vf!5v@9OW}msNMy;`U zuDq%r*2p$~=(}&6kwfJbLTs&A2tf;HNP($n#lw;9x9E7<+;d`C;?vKnGy)Sz=d+G- z`^DLr#Fb@xG?S|T0iXoc)j{j}VQaO~dgfelSgv#alvG;ogyt&&@(xsHecepuyq?Yd501M&o1VsYSm?S}K6x)>pl*F7yDHg@jfycn%(> zz~S1+9YqW*Y)k}kjs19iL-d(hAc@+~w&wZ^gFbx2@sjp^k5z z;YLiZdD7cxRSLQY(2hcAU~GgnQ`uh6U<_Re{??IE z&&G**?*%OQpqrFE3wg;k?M4&TaIKd?jnM}cPR={8pp~2w!O+-+S5oBV2Ejmk2jp1TL_95j448>UldA+u|Fl!-#Rk3wzYS3wqe#|3ZX~{ z4+_J=GRYyc53nPTjtR|-3!;oJTB8J-p+A$AltJg_1x(U&D6p_{G1Gpbggpl^9V<}M zUQ5^oXLVEyv`g$^=;Xz@z z4zTD+hq*=3ZTmMTiHcQtFJO*0AgW{QgaL^P*QzIXL2jZ zj-n0hXb)Uq4GOUvsTR$;ni%3^iBYKl%k?ao(wzhDEwH6N;gP*k1gNQgcwPHSyLzo3 zrt9L6;qF2(-8)$E2(xwLa-tnJ@YF*tc1BuF#sql-z2jaD#>f@#W8?cAeLNkj2G}=E zUPkr+d>=(eOTq75UO{&?Q4SpS2ofgw}XNYqphp)*(+MX8; zZvc5-Kd*~MB%M|x*Ws|C&w2ZzArzP4B7`xw2yzvNG!`iVcJR-m3Vu5-kN^<>41NoT zl1%~XFBga{_$btJJ4uW_mUjz-CGc7Tj+>_`fdnUYlNs&-WoBFB0~f6bt(5I&m((5) zWkdJid@UK@lA7ny!k@Wqq6WtSG7(QC2jWSeC)i!po<;r!Rm7-t-1Mx&FB;LfMFadv*7sA92P1(k!36-)C6H zYpwEP1w;vO+o8aX{O80c4@|)$Yqmv5nkPH>fkejbk+WA*- z04ee4+0bVrZ&@HKS$jmt;-KgW+u-%yx|>)F;cY@h!2;(AD($Q97ayEo-GBS^?$wX) zC$AndT~KlXh>Jl;fAzQe&E@2G)_-$P2L~$;6E`bM6K5xL2Qv%%eS63w>;sXG14gw8hV?RSc7z2T5k&z!_ zW3@Orzx(_DFfoaOh2uXh^`Za}Ft{U|Bx7Dt*YMMT6}k ziwh-^(nN!Ync(Kai2&(KH!$I7j>0LZqE&>e;5-%!{a>&AX9xHfwLjFr@A$ukgO!=v zzv1$~;`wL(&&m5w{tx=8wBuj#|F4wzKlI^m{{L7i3lR8o5zNQ1|5sl9(>D?@Fe-nQ z_5B|*!2ic&f5-o&b)Rzl$0XzAUq8QC|G5C1ARcZ$ z9sm{Ze@ucuAmr)pVdh3f1+cer`U5Bcz|7Lo_KzX{5dDAGFaN;)vQ8duwpQ-{zT|&0 z|8s-*`TxoOy!>3ef6f2@zUKd&0tY`gzW^8aPfI-qh#kbC?P*1&DyIH!F7&DQCCm zf7?X;Ei^tM&R=Qm?`YCi4z@3BEq>27k9fb*-{0|`dpg^j{k&)U+w4G`zZ}wY=ig@l z;`t?{qq~#2g_@POyU9}x?cYb@`W1O67aO+cZe}hvwiYHJUO{edc3wd?Zax7nenDQr z#{%AeK<8J?U98;Pot?}aOw6sUo!zYd0PR<%b~mwb_Ofy_F*kEEclI!`e#~osAC>!8 z`gAvOayD^yu(h*$J^ldx zSNGS?@Q=#yHgmK5LpHp>vdGV9E@qzYRwkCt-cG;IjrX6_@hF{#^Y4y^Ux@Rc+5DtC z6LTkL4+|R;cN=H7-yPW_?yrpfDB{n!9{(EducoL+To1G7RwfQV#@@5qqKj3_0JabGtw7;P^nz^}pTK%q*@e6VP%3L1qPA2Z2=I$15w&qrk zUgQ1yVsih|OJq>~e1ZB4;(t^Fe-Qs^S-Cj7+j=;=`Tm;{{7L-xm=yf7|Hn`9KOfIy zn(){D-@mE%e+8Yx!P&yhfy2hx(Tc;u%bi2T%-q+_*2%+$S1fa@!NOF zU*7w#X!w6`nBTT6$4~jcmb0_Re?<5{^?yFlKj(j3T#xxb=YNFzpAh*!JpUJRakp}N z43LHFoh@vwoGi^GY@O_V+09&B9IV(aoE?S!X@dC6=l|q>`v2M2zvKUZ&n5qny8ibE z_9y<&!^QW@{r{iVe|}yb&|m)l-`DuRj`_F!e<(l>(D&HR&&Yo0~gC zNA2+-&?Bw(Q1`xU_=hn-lnaKMAmw&Nrirr1SVo4mwe{ogzs~GW&I|n{g#`Qq6?L4Y z?Hil7RSsV|Tv$JN7*R;PA#KYO4~|gB!X~1|lJ5paee;;KIhGL3eKTF*HG1@-^V#bO ziPFpu^E@P~U2@|L&N8f-Qf}BVT~rhDH|m~<-hh|>LNJaNh%mxof^Znd=71<2I3N%y z3pV>rPVSp54BHpZX?$gG%aZ|^))-1?Rv{S~SxDJU=;)cSNOg#b8ZJyJv?96?T_-F$ zOn@#n0AmJA_XUi=(hE#Dh~U~{Ilq28d}Dq?GfZ1&CVCcn=Q+I7R4E@S%6Amh#d|!u z>P@P37??YlbK!IeYH>sw9HG$2$&FsOXI1bL5$maJs!e+vJ+grb$>z6c4={)PoQWgR z_tp@bMN9+9RBIwm@bJ5xDBZyktVk@NR8Rq)ZIo%QB{>5eRxpw;m8FuH8~A+(xVOH1 zq3T(0v@8%W_9Oe&z*}?!-IayLv8G%)YI!tDmkFigAb|(~4`ZMqxliJC958YTj?61H z6j9d3Qf6gTDr$@v23~F#1wNXNbwp48HMy$LXuSdkeNq+K7;p$&!{wJ5k=w#opD zOzm{t-^rBFr!Ufr4$Y&_j6f&Qw?!~402AA!BFM2UrALt}G~0wL1FZ%;6Ei)>K`J~x z8!nNauQ(Gw17|oBdwB=;a|x;Zv3AhhGha$ZJxMF<)o0jp)XO4HqW%bvEyE<=M^V4| zj7779SVFtXV*9|pO5yNK2}9=bAXl}`Jr){lqf5_$&+LzUxCc?7se6}+ZE@3XBMl&v znW=S-09EA71}9JjBNi`KQPgp4(8G5{bI!v-_RPT{ zYa=mAVMAv*>J@T+$u82Q=}e?X7#d6$^vMbc5#wE#GQ?zz__MPiN#abgR!8-S5pffC z?$bQ%m{18=WvazmGz?aaz%WI98|r*0T`rH`dTJg#OqJEVrsILr1$9&wJiyf_W<%s^Sl26gw)Kp6;9bNrMp)l6Z$!epi%+E%r0T%6m``t@^084#yNRet{2acI?_miWBtRW60Id%Lj?!4UJ5U}W z3g-c)Nu8IndWrbfF`v;%#la9)Va14Mni68w$ytSB%d&oG`>HMb__7!Pra5F+mHTG* zO2hi({(3!vGe~b*M%z zz9xlDs@d5=$VMMpRq`>tH%SGs9m_OZ}{knz#vXHc+vf;Gx-;Tv#@Nc26; zFo4`)#`&%heXlFD6i$iUkv2e%R2x7Q&WQp4uCfRJB5RxpA?fBs0aDG=T^!=rUR+mB z#GPc6=%jO4Qv_IK(G^Xt5|U`+TqGid+Ecnn#-~nvUy;w~rns#b^KkX#qvcNX(3jSM zBfGgoTBaLXq_1IlxD*j=ToPlgo22RFieMw2(nSo7YC*e0 zD$0WG%?Uu>u_d&^Wm3SkJT`K3_29QQvhaCUZ@49tDNcrD%L@r&Z4a?BzbJ1!aY)J_ zwGMV_T#3|}-z8=iIq+iAPzg+TAsXJM=KZRyM!_iOsY zoi6VwV+}Vfmf7p|vS20c!$eYPeVf$0v^Ma=dEzS80Eln5rcDJ4rF#e+XOxx{D!}y| zHa9(=F*-Q*0Nyuvs<#V;IWwDH8e20Xj^BtnIY%u-3=E7`@rI3#Kb7L%00DfJ`rb$7 zGX{vyl@cG-izF>6^LTEDDBwb4&NfdxtSc3;V_KSJJmSqmbdr4;YPl5^o(d@Wc@n?0Giir}Kx_Hvx+$ZYszg&XF{I-}gX_Zlz>2el;ur83$x z$nvFHq+@sr6iAWyKMVm41VwScd{iTq39puK_h#Y;QuI#RcJ<*K<0!7$Q_32IIgzYK zRH#}cZut2tBlCcAMYRiZFUT2h3%u_t7 z;17a@?Py#Sgbwu0M`{pg_zUo^?lQ~;*MekA(o`G{KQ&7i0Rv*7x-!=V_Z83-`E%U~ zEAJK*SM+@+f^GTd7yJgubA=woTZrLWp9|Rc5V(~RIK%eCQI`XrHUa6Y7ROi&?k2B# z(}~|rdx>mrrV5|{JW4bjq+zo0GMHjkWVB1A;8+dQ;VV->CopYqf;2*1_-Hv})1{Jz zZowVG-v})d5rdF8sBz$Jdg$RMGiWrd1mko*xbTy$!?IWs?A73+ zeE)j5^{+twS^WQtXHfqNx!;8O)A*m4@1OF2etyos^8eq|<$wC(KjQz#^M8-=|6|zy z80U9o!ap*~NlKWFbNku}dFkh0Rnt)8u5W2Yf(Gx8 z;^&_ckQVYH0Lc%{9TlESnb6P<92;?&J$P z&i%#sd;UNeI-#0|sJ9K3YGs`8yF6Hf08MV#_ef*{5{D}gEYyc}9i+wFH6fx4n8?0@ zcnLAjyLEiDCd`4r0OkcVAKgH;Y(NwlXK!Eb-WxKhBodZhn3RGN4SBK*rF!PMQt*4H zNZ3M_c*DoYerE|D0gP-a-T~Z94vw>iGqm!BEgm6)!x>tKUrI(rjd0MK1g@I~C2?xd zA*Y%iC!=UhoB|G{8RN6x*AS%J3wM`){*ap@vX(`FStN>xN5)xAHCYE6bPGmJqUsJ_ z&YIHUoKv3W0~A#t;igi>unM(VsJfVvcAYE_h2tYs88UJib%v@7RQZ3lK`tjI+H2;V z;Zb>gTj3;8xtAtQE@)r<+!;8G$}xApmC$LbTUD_wCGnuSS+g6;zUjiH>EO3IAL!Cl zMn#E8y)Oe)WX#si6Cxhj(o((|PL5GQpOgtyNN+w}MQ5Dtp@40yZ;*Imwm$!qoT-Ao zOUA6PWEt_CEjT(sruY*3nK(g4eso?KL4T;ZEYnW1wyt8Z4%pf@CB;w)pTvDW@X8|1 z(pX|1%|drF9aAH9e>a0UeIr&M7pr;~19zG;&BUAt7tPH6CUAir6|NDZ4lM9vCQ@Pg5rd0;LNxVPbGPGpOl#D@3Cdv8tPK+ky6J|+xOrpyTq z(Ihjw6&i3~go5!S#t8-onKjeJAOfcqOH|z=)+3TctU0iW+X_A@QO4s0A2s zcDnT;@qWF}MET)~W4g4TfJA|G%VWheJ{*nFE4pr?RL>R?hoOluL-$hehztB#lSqzG z8y~f6D)O)DoHCYOz~!NFC7Jn1X?aJilnT@bd1?FApf%cnd;U!rKpbY|?TWlm0K+rJ zGPJ@cvgs70nz)?L8aYR#YH=(8LZ5Ck`l$Dd-^0yB3?_A`OPuv>-y&Oa>KVA^X~r{5 z$?KKvT&-Nc`LD=+I|lGP$!NpqW%B2OccHgm?B~SL8#FZrvmMMS#kIedYcQ_4p2c2Y zeUAL$i@}C)Gkb@jAW<=f`H~@UQSbJN+8O95e4J;m?^!G<&;d~xF{pa3YjS714te# z-4@vf(?xZUO_wHMQ1!85S^Hc{sUH$)1uL|)-Nyi&)TZ*@ar$J5v79W==H6oAR~z7E zNWj{_!-BF}%+b>=5%3eSy(|^YamsKR@LaGlmLBWh2vJA!77i^)KgTffnHwdWS zKjo^xO0zyx)6rii(g0IO@XG)-*uO%sOcMZF6P)nS)7;*%0sv;TG;Xj!7jzYd+ACh)!Z;Gq8%}%%{i8n(v^i><6l0kGow36H*Wn1q~D+7o-oGy%HdTQR@X*P9_EU1{HyV zccZO%Q4M+p!iO_2%XYDfA28e=JK2U(Bag4okP#CteyHw_a>D9oJf}(U5x~hBJVnhb z2K3_R_Gibv852zQ2zqku7WTO>8D9{PZtmd9#$tn()1JUM7OhiiF))JzKLW>V$c^ov zzMF}%+D`_W!XA-nNP=bDg>U%B;vHlcGJAeT>43TxX%~1b8WJJ+zCG z8ft;(jFU9cFxmx#MGuRWL1-ZWA|?jpZmei$ac`klvr%-Fpl2Y4Y0xNEe!8WwBL_fp z;Z$kY>oZ*%yNqVkt7I6-B9}}`yHdtF68joT0692)p$%LJ*YvO#f9}x3i#&3XN-zShx=vQ65~s+Up3ontODqNDZS@q;k;e$gvxef(NEu^CP>8wIbEd>_aT{q>syZyh$e`*xD(k5 zEob#hogV_-6|*;IM@Tl~1z%1c9On)tW4*$dloR_3z1H2^#^xs&Bb6A&W7{&hU4KM7M%pwqG!YRIMLMe0sVv#hl9ZH`+R_$TS=k6ViD`Sw z*4EY+it_QEXj-zE4g%aQ76!PuxC<_}I!sS0o$SgDo<8SdtH`bQca2DK_iw7|;UXak z66Mp=)y-Ft4UiJ{whh2VK_(#~v9hwVU}Yf3#*%tM=j-b$Kub567GGRkY^#f!si~M8 z`NoTnLq|*|zzPw>N+8cKW~FUD(lOR$piP90RUDoO2}Tb6F^vK1 zK7U4gxN~8mrmsRrJ>mQu;xD?fz5xP(FflNeJe)7jZ@%^dh1j^n#KcZcPBi4HYZYZ( zIhh&g={4k3VpQeX$jDvH+*ijpl-W6qI9O2NVb|Oo^AqH51_7r>*P`U4cvzUP94I?I z-7p{Do*EmYB_yQ5#gPzZ3Rc&2G_GGPR3eJX&=tEc0?dUH$Ec1LPMh{BBy8-%G(ckP7Z;oev?Gb}$__rX3cJe^LLLW1QP{A92^NSNeIkLD1UMQ5?n*sKPfG=t5)Y*C@~6ED5PoO7b;cyL;Q?43*!9`rdTjMbh46J3SS&<=V!3IG%Af|@ zr4-ADQm5H;Py2<|$PQgbZWpR17w4>6UginMB_WT5R6)(4D&fkUQzgDaDsZ)>I2Jel z;0@#FqOeaS*m`(~iKwYT*+{(2yn(h=RT~N->6KbVIl`o(u>vdcs9l3Y_Bo)yq9KYNM_WlDPkAljZQ5E7MQ$pb_QTY!#{6*Fg6HfH7} za9KZxBS(;?L2)lDLN2t?%n38J97**kDpDG6D_|r2bJ+;_?H&4Dqy(Eyk(Mi_)umd! z^X*66i4S&{Fq9Y2L0zn8Y^8S4xqf6|SX@6&o*dc$x$`rJs=Nx#VlWOS;ul1Ij%QP= ztLriiseX}8jPTohed^FJf_Xze!ddL9pwma_uh&}&MV!$M;`HN`L-75$prFMZcxkD- z{u(NpnW+}Jp23CHBQe|B>f~RukIEjcWfM>4IHA;p$MDVNnVotZsH8NO1Kn=92qLv3 zXw7+>jW$JG4US-(ZMu$NyQy0DGIrMZ3ogB?)$CO?D|xQA@6C!t?62%`{F{Lnx*EoJ z`82q;E1rHu`SvJuUO6OT32CE89TXymaHsMPyBdJVti1_?lEw?P2BAD|lZ%`MrDz9e z@q`_pj~&U%!Y3bH9Dw1?XS9www%1=f@@TtAIF&eF)1Q5}#P_=N1QpppHkOh&3+hL* zcZ1@)kK3M7cJYOM-}_1;uHNqRYL>GhQO}M#Z{oaFwg@mwfjgGrtQ=7B^lLJ~n=UuD z((^@DQv{TvE*kI6qa$Pa!6?P;AH(nasCVDe>?4Rynm$ju|GOLP{VBOTily}E)k8lW z7Cs`K0X?KiRS0nAvywPRPX5XMhzZNMUCG63*N~f57UtZ-{_ql7>iQ+L@X^YuQ9>bM zNA}QZ+bcaUPTC@kf2rAj($3%5h+|~`(KsA^Q1;nq(l!JFU9`&>uXrBI1`)lSU>!fe zM@po9vgC$aTw3))uXT?#=gp?}NcuIJ6W(lO7T67=6`W$SGrmi2{pdF#`4dT#`69uf zl(Juz>h_xGkrVEC9TkR(a|}ereh(rmJ7TR*Tw{s7Ohpr|YOVt^4Ts&dQ+aQ;h+w#) z#_S=s+~s&1Th-B%5{^wrPFsu59J})#x%(nVs*u$0IPHU4BN$L_OUgtOPp5qLLV~?Bk1u~mZ*uN4QJ_n+eT96uXJFs|LWu+iHuJRQT!bosm z5hatIJ8BXX@9e7}-^DRWs`u?}D&_Cp*G4aK_kCnhXXe$Z=kmUwnj%ANBqm$BV%l@= z1dLg7HQ->>8`w!=9wwEgv$#(Jdbei-6ja3yJYxZVQXHiX@k=(%`sLiY+3Ikl84$IJ zP|)ZgDxRGqO(IIZfYS;2RBIi)h$dygarUC-aQoQFF1|Nq)H-S(_3u1RmON4LV;?A& z8;(e$IYFmfTH$)RfD6797Dj_nW8WasLbw(V$daBY#}HQb2w_4YSH*5d%lEy3G@8Z^D2jwT@Hv=bKGdWWsOF{0m9%BI zEBgdW8;zWl;Lb4;m-M9AMKClO&N-(eL_$2S^nL(I6;xzYqLm1_e3%)|5t0|M$>uvY zIx?-#^N(>z=7wl@4}K^A&O4k*smZ#d97hZZhIXfM`|EBZBKL44bVOSCG|%;G8~lxe znUFlS5^?xT8|97F6{SQvUO3Aoxep->@eypDP(`o|05nN7)RP0uyin#-&j6&YikKpO zZ9*TPRRCOkz}}^hfBJq2HaRKcI5AcPdlAEjb_SYI>U5lcKP6-CYmePSlQ>AcW?a@d zeMKUaX4jLgfx-5%vUI&?kmV^dzlSzpM|t40hGLA~-hLQb3}~4B9X^vidd>BP)}p8a zX$49azRl9T^nei1&c)@Z3?a#5fB~~oDoP}xTM82`&>S39eRNo0V!N?j;>4M=#-NnoOXrNMk=@{$2n!f{KV6%?D;Zo*RBN&szUs2 z;M&61kw?o;~qGJl(|T6(q8e2lT!iva4uy? z^5}is(3HD4@EmN)(%{>c!n+vJ_Bzg|NLTx!0T1ymxnJH5@?m`EK9j6b6Iwh#`ia#b zPe@jKH%o{v-%^O%3z&_ete`gv@Ip zkCLCr)nX4p_@9H^(UkfVO)&jKM{fuNn&6c?pNW{;aMH|$?l1sZ_w^en&Fn8$XN9ST zhu)Pt_|oYZ!%w|x6CsG-fM_~;G1*4=qDRg7x+HH0$|iqw!=9Qye_n=9B6WfF>_tai zAw>P$xz3WYBYi)OeQxgqguX-II7ZAR9;IoiUfD)bVuLGDh8$?^6bQ9ZVJ2C87?D39 z%NAwR?KxluV?c>`4~2|<2BV9(H-8zWNuA|D=mmS2fpmnY#VaXsG*<#G43tw}XpPb~ zdc08>@ib#?JN%-Pk3eSG%2N|VAerMUkEc1n!$;6008jjg_yCEPaI0&VO$CgpZ0W~t zY}Enk95tjKG)IG~)o0UeL;jK}bM--d5dNGt{R&t&+7JN?98LG^P*%8lW!BT~>@X7i<2N)#``|$yU@DBjmx8|$+xxD= zW+R{~B-D{&hQVj0@>G>{Q_F?f+z_tsNOsW3=BaJDYx!wmQ_O58imR8qRumme!nJYO z@ymeqUTZ%-YCR3I!{<|kVAN+o8=r8$lCtN*A$2jzK%C#-&o0L2g)Jbm7dVGeq-?;)O$|Vo+ZI&g3ek$6#JAAK+FO6E@}u(RqZ|VEKaFgiv>KG{>H0jI~PNO6ILe z$(Pwic{7-U*#~zX)u=QpE@YI*?#q5-TS(&@mg^OUwPkasK;;|gO@3e{8uvZdsx<^M zMQ-I=gO?xZUrnaS;sX`&S^DBq;fxvE7GoKgYdu{toSL&Zl1tRdc5b2CHi?lOQ#G9!wB_ zTCwCoUgAln+~jCU!=*y1jst7*$Tk@>32KGZK#jr|PhA?^mxqjELsI*)cB%~5nOP-VmlJjy!qa=K}gQxG5dF z>8Vv~Fqg>mYQRvwDUe+s!9(uWK$%}cw<&^KXbl^bN>urVPm*h4?A;o8sBnQ3dkMR# zr}^+0DOwCezVu5NNeA5llV&n~8QkFsXRs`t*)SGXE}Yt$&uEoo9oP0O2nFEFd&3QH z0yNP!9gF6&>dM?60s(|Yh>?yWxCFF5K_La(Kt9=dQk@p$!#=@aozlg_mXUJ5VGYHC z1Gi9c`Y3Y?{`4)I(@$O^Mz^27H4i4UcNZ_Oz#ki&_O66`Fiualm&DyTHq1aq(2%Y? zWCRb|`}JhPLr?UVlj;KUQ2vRX;`wDSXYDu>xT7mr7}B+QwLZaP)G2GE-38D7oB85E$N)g>`gvg=50T1*hmS&O zRP62taxJW$wj(`vLwnl!J!gLQT)W<52VU;N;}yY{KQ<$CvwlUKT3%4y^69 zBcOq`|1VII|NkEP@8Ey`WTpKty6yiM|D&3jt&08qEf8RCZEn5F{9eufwW9ua{{R0X zb}NeweRoV)#QR2i+{8%ELOqB z6~N*)U{M2D#H<33z-kXr0{}6r1OLgC|NY^A;AVf{3xHgqv03g$N{2^gHEzIFq>5bO zjzv`YoEEYEaJ-}5B&L%?B_Uq*`*PUc%`*DCLeJeSY&K)HMOi0OxS3pSLqjF}Mo)Pa zr7T`nvJwvNyn~D{Il@iGOH`>54|CO()Okux6vOBOq?BGQw*WwLmAYj27~#`U^5iBj zc}=-)?IF#Lhfm`+X*NCC{6?~_kNhri@<>|yB~FbI51F(dKc4w*~Kx4y;=e>ew06ZguCM>CHAe`tnx4( zf1zoCKl4<^=AAiqOrRk;Dk*8CiZ?q9FDQ`j!o|j(i+9glFRK)PZq)J71_I+{l9s{1 z5E&12+s2OVS+C;06;+W-)3{S9VVsrlsFTB0(}1hwj$YhuoF^%x(!05qi$I~1{V$ym zq>OM-S{MC*UQanVRzpQ+qilnV1W`raDOZeeL0|D%w$+Q7?y!+ayR$uE2~LN>H%Q?^ zc2d09p&s1-j@$hEEB62Mk$=bk{|{OW|FvoU$Nt~U%*NvXuK)TE|8H&m-}ySBC@!{Q6a$O?Aw@#fw zpDe_`d{K}QEA#&C;+>lrXHK-8JC$&UNc3=Xc35k(H!-f7o$+sH@So(1{XL7n`5)x} zlmDSP^AG;V&a07rZ#<5dt*aZk{z)=#kV3xbt+c6oRV6lgGr2e?;xUUBQG7bJ_xCj@ z>bkerD{FG4audCE5K8WO84=!nImUEjWCC?3-5S3$5@be(WMQ~b2t z0w2Gw3lke(yU3m)>fpN1A9cdH=sFt3?mEudGZwNdDNQCbAVr5jO5NC@?Qk0XA#l6? zM@rw>9|k9$qQ1m+vZ=j!n@HC2@e9*BBG@Me^ox5QLjEb;TkY7Xi&${-~pI0nD5< zUjgxqtqXg+h*}tvN!a!Do)zX=lmu>DY6XV41B*&NevKO3+u+vfSi7oRu`@BZj| zcp{0gqrxodQLg)et_`l2j!itz@47J;!Bn8eh9%QKlcmG&#RgPm-CY-~k-iYlqwRy= z?jGGIEp+RLt+OXn_P|4EbET#BVp>VX6*pRvw+XE|wT?^{g6Q&A@00*fAq9#xpMF** zihC%LD$lN(Nn*(GpMo-dtp4K%|4?FMljXLD*URZBJ!;rv{3dq8^trDT?!mMr$lD}i zwxKzwmk}v>XC0YW_s#>Vt5eKqov)tr;L%bZei64OJy?u=4I{?R=j}xlRndUfvM4Df{1?_Ea7~JVp`$f_T_a*aT zY>4;-PJ#OAhW-tzAeXdzf4iBX$}K8NneDDJG;V(!`qHUekYJ|h=r!I&ngFq}+5VS7 z&I8Qt`-#vm_rdj+8Bs6F7<(6^sv0@9KAm-UcAfty%2L?1Jd^wJv45C|T<|dLrU9a1 z`@So((x_7y9?Ivu%cut)yHZ@u5@xhgaV_c4iOgUp)3 zi-U&IzUoNUd6|8z9f-Fhg^46fxf+tY;GXl{ zW)win)<0F8Do2I zXe))fHi5e|zu<#oK=Dcw-wjegtAFU5uR8HdH!l=}s~8z5Ezxt+sas{Bpvlr023dDT zSW~CcJm5~ith4^L9(%+IFhGcSk4wfurAv;6zYTzgn1++)ibHT#2XF2*;ed7U(ENhX zC#K!sV)TW|+xU5Cs9i(T|Kf2>&HKvM#0kY4gH3MVm#VJ*x}T!6&&$Et&)I!Cvw`iQ zAW=lc?rpd$(ey%PrC(rI7FCfn%h1*77p^O?tk~20-9w>VX3gX9^>~EPNv^{@dqYIE z{k+G$v`1y3=;a^;9uG?yE(n|XF^~J@F`9(vJoLp=Pl7EN&1n$TJpmkr$X8kEi-uca zS|NSF-m!y4D?r1Oi+N6No_>d7fF?bk69c<0wR!rUln#k>E{|w0*g!iax$ZK|XBcnm zWIroQd^y(bk4Ug9 zakct1NjTL|Azmp!@aHpP?P>jMVVwL8y{AyAxjUw4GgeJYf$~Y~-rgPJ`6~iD;}~9s z_u{Q{peZ1>_9E9$&MRcVP9{;v0@r3ftJBnHikQ)}fWul56t<0u9xF2!N zRJ~sq+#EekqMW&KLG_VZ!UfYOX2WR-Q(E2&=dQ~lP_VO4@A;uRhL01sgM!>MNv%5y z-h_VZS-G$BL+#nbUae&)UAXTO(5p>+8_Re2SHME~IH)+n9HVbM)cX{-eW#>lJai;hD2B zX8F2ZPL+9bey--PvTsPe-uxuu#Wl(^QqsnLNra+*Ws2=?<1Ob33#`qAj2rOeJ{zpo+28%fIsz3Y*eA#fz2PU{4tF-l%*AE9;43V>E zi_(kc|KtXY{{@LDFpS&j%UitaMZg=FV$wouMHx zPL-Yu!I4luZaM7DO2%55_~zvA$rWzd@zJBlxwY(UR^CJs*XQ*{N?gC*IyV9& z?*rE=zH9`d$b}aNXxQI+Y4ZZu(L0yw*DCNRlbcT1dCWAyd*>*be*sD#)*Z zIc5jAtttQYpi1b!=M(-0@XkZ_W+wlmPK{e|@*@R77+^HFsXfSJ>90G@i7Uj}lr5-K zj~pWf;ktAx?e3iI%}&%qg0^#i+WsXO)mP#EQMOfy8=Eww(kJ}c{@w(%w@xZoZ_3Xo z+em#two*IsyU6eCH8;x;#Be8DH^tybOZsz>R^?FQb22C+H1eBO5sju_>R=ZP>Do@I zn5OI*v+>y1kakbQ4*klT-66RyLhUnGm(ifg;_fdir%d~*wFDR*OjI+f(w(D&3_q=* zfrAO9YArHJlq4|7oO{^M+dvM{oCxb5Kg6}o%?io=T)yG?z=q$Jrht`+mB1v&cEb8f#nSH(iA4Nw6=ozMcX`dr1C@?r4518iot>{hH|O zL-XynEx0h{+qvv}&fWAcS^+V;KsnmLP<=uScYUZ7;&W89z%viX{#)djMFp1w}B>R1wu#HrT=zMn}L*W%b^SAl|tnU94c# zE`QBW8`pnG#Hagj z5rjcEcy4(WP9FY}Oe@N#avMddR+rK}HUVB`{%aabshA2YEo=O1v)(|h=Pb#Hl}&bp4Ia!vP3ES%AW78q&s5uI;{| zqn9f-ou;PT@i=fek#fi)tSngTAVE_61uqZ=JYCR5T#Ui(-SU!Zv)D}L9a=LM8D=_3 z<5(h|ql;_oHh;xPOjR78>e~F|%jQ4dkM9KhR=TbD@K8ST=FzOFu&oa@UWwO6SJs6j zY&$YZ-ieak+QPB?8u6VMgK5`z&92i#08;sKV^kUW9GRqTN&X4a!adR^JzM`+#UD8@ zt@7v)+_!EwT-q)nw#Hgs{%hnnKKb>aj0AscfbKqpkD zK`T0Buk?s^jQuMIdOJsrV&mDPzl0&urPFORqBcISMon$>N$SnAB!0UxrNlvE zJWjJ!o{|=W!xv|cpwNO{!LBF8qcWM5nvap~8S?TfL&r1{6kF3YPdrlGZ;;C|mp+Hx ze(Pq#h5T)`^7e``K%RWOLj6{ALX=citgyd*_@>dwn%Lv79PVsy8}KIyk-Jo?&RiW+ z9JZELWMIf+%z=dDPfA)Y22CE$%Gb-zK5daxncVwP8{&LD`_W23rAKc#7x{-t%wE?0 zG%8pG=t-1wVL>NvT~mIOFW8eAZkM2_XD&I$l*)1MKrEh6VA)@uB-fNQw|pW3C(q=! zv^F$0q&Nd#ImfQw++}ymO=m}R41vC~+n_nh7tj`M(PC?=U*BrJSIfRc`iO-~iLFdr z*6Hq0`S1A7`cRU>5X4B3cDcE=L?L{M8i!_BFU=iz#B@`!CPi`97?;Mgnxva16QEfI za<`mCI+;)zqtohmM}`859EB0PgZ*?D;Oe>Md(K~1*+1*}&zX3S0 zYPi{f_WKTbX)?_hq~N8y;tl1uEk?dKaD>ifk8uwf%;o%^heQd$nGWrD^V!dIF)rm< zA`RfDjq0^|6$~?hPSko#Z@qh8jvAVbZ*S9PosTL z$!5QUOEP3ON>F?I5qifNUJ@f_a?@+?F!dGrxcYWywHEzUqWs=@fp=W}$9DO9mWach zRTwAyve2!h)t;5oq&Dfi@zw_KEcA)U%UQmF&AXxzXkE_b0VSQG)O_c*^PGWX&7DyS z2e!j90*swCk1KV^8|2GvSp#@Qbp60!j;DIJ1K%tBhZ?5yGKT)0i)K z--FNJ9lY?)5yJvn5)3}otLpCG({^%j(|~>v*;@CV{v83Tls7iHI5v zbg!szjtl1>-W}K4eBkO>L#Az(Zl8Bf;<#!?hkNiq4mffLm2~~* zL-*#LhsIL&eBSpEKJw6ydO$;ER2FUYAYnTDN^g5r?YTh}$BvxjjwhSfdGv-+Ock_K z8y?|(OrKHeGR{-i>>n6>`*gk@(?#i_?h9;93{<{tRy*1+J3c;rZY*eU0=5XelgwQ@ z@O=5$^B-59|N33v_Pv~t*Opgh%Q!ss{E^sLr+z~PiBY7-sHrv)J2E8yh`ft(e>CMT zj&FeV<-zaH)Vj|g9ZU+VXFf(S6iq~RXj6QjiN?Q(y8k=)@4u0H{kLG=zuxm7x8Ypc-6$ol^MmqSD2bb9f-cS~Qs ze0%=i!@3>VIDY_`j-sUHbVq+xKrBAMWP2ed5b^lXjjg zk6`3Dg23@6o9T5)*l?*>Gqnn{sx~38A1WL|37IPR(9CaI8McDWIRHhRAxAcwsii)T zE#FP|qmkvMQ3weM7)%120k|EM1`kR=Xqa>akab8ludEo(_Vv@iWk^VEIoOh^E`!Cv zQEs^A!_CMtsk3aY(-`=%W&m|Y3X4KYL3^Yy^npP`BJKjLvIv7lfv$NM=tYMCkjutp zD&)b+z`D}_3QA5RJfZ|sPM?Aua5NVBu*C>je(Zbz>H z5FBUDrfxZOup>j0N@au1_|6YAn#st(c9fcjZ4!T5zmKDN&GZ`9jegkqZk9V=`>byT z>UNTfJGpFJ=SUf@^HRAU{qVY4+jUCLpXj!jt$HPCWF~5}G&y$0Z8+|W1nCR` z+38A8vJAgt$McL*#J7*4P5WbMeZAj5E!;o3^nc@1H5?gVsLQq^XJb= zNlE9=pa1xB?E81%%$YOKo;|yDDtU5p@^Z1uDiv!r_hWi`IxsNM)z!7BsVP1l7{72R zFE6jBr)PY8d~UpRwWvq)E<&y|^x?yY^78UTWy12({POqjfByW|Agf=$e*NCPdw6N- ztE*d8U?Z9Q)y!;RVc}HTYLe=~^O;s}o(%u`{^{9`<|$!iPY=NI(B$!e&+nf8`t|d0 zn30pEWYZqknlR8wO6o-Ou^(SQ91SG>`SopxA0en_KY8+`Juh;dy?uD_`s2rsx3{++ zK76>fwY4^ix|+taYN%C4+v@gTu-N~`Q&;1o>strtR|)3Q+%^D}rdz~)KicY$h)7NNNc0zPEqqi0B!Z1b&v+%wM|+*-yB@5zlPFTU*dS+CYGM5*^IQN&bGrd zK`GkpNQ30|fTnHPeYGT7`6D)K<;BfokEMr@TCP!R(6hc8kOWTEz@G)cvH^X^m@w`P za8JoCheetJglObgC2NWtLF)mDn()z}&&K*kor>(;H9SEX2vw-kh97D>A?>Ed2r;AG zARsT>>5-@+`fboqt(^H~re6l#45x-H@dGhsBu@sD6$PNQw_dJl6IXC@VMB`O+^&8* zSbNLso5wd??bBc7ObUbirmIS2usm3Z6PU{%!sGY9tOi`N1SB|Gg$^Nx0s$IcUnP88 z#!!WKca2K`la6gZ!3_=CYqnZvslnE&7?N|Q0R_zy>|#s9CYlgG9v}b_lq?1W(4^`C zLn~(idk7dP<^* zH)YX=_S+_~PU0ar?9Cl64ISHY!uW{XXpgZ8OfCTc;pHqILW(`dhBT9I70INi;W-4N zJx_#n2&D=wRVxLKTotiS8KgyAWP4F>IG2UgnuO;AuOAVe+h~GO*oqV_jNJ}N3PQ1n ziM-jPwr_GBckXZ1BfrzrI<-F^xX<&0!70x8d_V^g4k9Io^1-0i>au*ql;4+~wUTUE zZav=J@F9|9TkQ$UNz}fH9K(s;8!5iGz=P(c>H2Q^Apl?_rAKEYl;iOL_+FC$%G9kB zI1p7I~W5%&q59^1g zkzsKoOwe}Z3EXvto$tIY)zB7OPZdDz@o@oC?!~)$E4VVN!d>pv4fw2VcG>}#5anE9 zf0``zF12NqK1h%aljB~Xh9}=&P?W75Wbf0fx0OrHuXLvZ5Ru~|&zq6Vvu5MyY-qh# z|J8B}Y0VRjP>Tm0P{M=s6T6BDQ+ayjqX0fcWOeEUM}RpozOSGt0cN<7}~@Y+2v*`&;c5^Z+$8eIK*u7Y+h@OvQ` zq9iSFY!y23R_f%FrNaBxB0+>6G>#>N72V&0mm87Xh8Gemhf4TF8n zp?qe7Hf>L!5I(4K)PT4qZnJ(lOD~SVHfxL=P^`hT@%H@9PBe_HEsbko?i1Z*cpKIb z*Y;>98zfy+k0~Yt?jA50i7`(+RJC@VCe+bft^v?uwgx*=i@;EF_F`lmuMl}1>1RJB z_cVP0$N?aUhE~}l0QNgIcq#T@ak!a9V6GBgJWvG&cnD3rM(J*-^-$wG|I9iJ2HaAG z=Xb$Ro{$FbuIQ`F<|t6;G(hDV)@A%_HW-wzSwdn2nz3&7adQUH_~lZ)D9NY_)A!(ecNphQm{3;82XjiJn% zTeKL+OvuU1*442%k!NUxZgdiQ{@?Y?h{I8qemo*M&mra~sqU!&c{ z0n|0w?25uy>+7}IPqIGoMt5C+cEF2b_ujY|95M>Q^-N{=16heTgOFnv`)%Tc_WWu` zk4PEdaOlOrFJjr)dK!cYb!Tod1Nmgy!erkqN`qv7EVwX_q=_#3#f!ZBa6xzKY#%7$ zuj~9=BdEFPINbe9u2E$`QQ|~bCy<#6+q9#O=WeDNq;nFj?rzdfUh%B>ZO%;p>}xie z_~a&FQ-jeDqFktNjNo-iMG2?hYX9_bh*!2IW+)lKat-cX_o#uk`ptKpEsEGx5OSa% z=rF9-Je%;k6_Nya5E@C;X0c&X%Ya>MDFiR1^5 z54e?Hvi`I0>{b<{DBYc28W_A)=;Eh+%`a&Bf3_>{RnwR-U6e&-EQQUObhq^l*Rb8{ z4UzHuwuVuwKsc}X!yUKb_q(){t*N`y4Q(I4{Ir*+TX1v5S7qtF*HqQU>EOOt8h;zD zIK|At?xUbs^YPm)(S1*Kc_DYl(b};n>yCOr7$US9JFuBuI!ho_`(Whs6gcq6gcvnp zXL(1tRb+U7jvCph0idBR9%iahKrL)>pnc6lBdo{>*ib78cTnJVb?aREGt907^DUP0 zH5cxWr9C<3&uub%Nc^cy$F#Hpj)D9w<3HHj^1DtRh{(gBM!ofOb6VbxCtz+VV6kHD zZJKuS%r(7QhHGuGXg2t!Io<~5dmUzQPd?&hCZO?RC+VWYRE*I}c`REY>a;}&jEyyp zG%_wreJz_hF4(s>FmP&!W4~8vl*6gi#s1J)!ON4CKM#fsewIj2z{4I!)A_0dq0#_e z`pIZ?G}30T3`xGqdyYfhR}z|xl#u@nrZ@t0GSP$uV#shuDriXtT={-#Wu#UHbe|3H zm)-8KEw$tf*~)Ey1A=3k*v`h-IBo2zTXmzUy547N@PSu0#LNn1A^?q20UQJViI$9G zlgzCQg0I6rPFOaHg98#at1!SYik));T~XUeU*vmfLeuxfrXF)(cS;8OTD*+~Jg`aU z&3V&W+Ylp{2!1DpD+W4C-A}>Hh3*da;d;_UsOU47(M3X?FVtdDEn2zGfq}wGf+P(L z*DgGq733-e!upFgxvZ#e8~~%Yvahd{BpdJe;-Mwd4YH`-T~W2J zD+tn90p6l@fo&%AkeJo0?(}cFx{ZLSVj4ZFVjMG0)S$m zLaZCpqPsLMdCx90)d2)V)^cfvfiM(>R0+8VC@4ID0;F(wu-R&3i<2RQ&wT@$W0CMRF&;-#If;O^hn5ku>}>g(n@Lh8Sz ze5Iiq3xEp^ zl;^WZT;d$t+s8~MeZYi(Cvg2iaJ=@+iFHz=-WUQc)$fRZCstl2#iDzCFvn1tN;%x) zX>n>ctxR93($&4J)X<_z+dCSHr&vp?yd(xG^#oy zEwl~pS`XJ4x0|+YA!`u#44tVLdc#>vFN!f;$Z9Vmj+dGoc_jEsC;lj@|8AzJx&|lj zB_(#3dYgu$c0f-n4E8w@0W!4jtFsg%W@`$~omYoCqHpt~wg~`gD{wE)rAnorxAm$o z8Nyaa;g%WIOEWr$Jxo+sKvUeg0UAkbl(j!x?neTAPN3@sbXiexbqy>mnczHTPZ&Kt zLNyuhqN-M5ZExxyo~=aT*>;yN#Cu67)N>of+AxGf!Z4OLn@gX?8pBFkd6v|l(ld@G z+*@F_1?veF2k_zY)D`6z3tdpOKfPY7YdhSK4DICr548Xn5)haU=+n~A`}*|eXCG8n zt+0Y{B`0=X?m2Y}J5v_*d|T8xMt3{j;mzmB-7betuz^qISUVElS;LF#1*kCKWl`4e zneByH-XQx@x(0B^3tWx`HH9Wbf^?Fjtg0EL^7t>DFZg*N6Q&x{^p24G2pVFbXJ z5}>D9T2^594S-=pP`wC-VM1C_SW_`fM+hOP3dUj>_{(^vac8wgRL(cg6V4uc0=e~! zO7%>KmCRk(U!^z|?Apiv>y*1c47yA7T5S)Mh^UVlEPzMa$mph@%v+TG)2O>uQbT6@EM^t;W3C#)tmGt1GZT zuopnQ!)8?i2E5@*RB*Eq)_{NY-6pK*=&&pgHa~<_6Ahmh!m_Nf#yn7IkEI+_PlMqc zmehYRTITp*V0~0zXta!}E0+8sAE&3I5KB^|8-{2*r2JwOaxxF^+5TDp_j4Y>9(8xP z!8s>#drvbNOM=7Jru8$W-ZkJ~@pW%RfzgvJ-CD`3L-;eGj{+RH9GOED*xX~lCuUW5 zIBB}ROQ605L%gvG`>|@QtLHM;Hv%Q~G?;<7Puc_f)(dOGRE}DPWSP(uZl%N;yyGo~ z-W>rw-(@#3l@w@qT6o~k%S1c8u;(R=p@LNu!@g-?zu=(OamYw;yNv;O_HJw7UtLHt zSSh&ED1yFtEBs}xy6%N8cRtE$+3?8czdpC5XkUz~iqhj!+t7kws!n8nR?5p)DsSLX zq<+~4tz(nEYW%% z=#v};z!x$V=JdfrpM$p`I~FK;2d+Q`L+-#ad@$@OXwLxV0w%Frj68?A$4EpX$oJgmqX&9%w0qjG0h`Gt}?-St4|xO zc>%WWgb?Iu;P<2we^c0P_}mcu^AWJ`80^^-DEv1}LJU*jgW&$hstf}R@9G#*L%|1H z*Cd?TQP}p`?&B6?OeM+C=y9z580~_`+E-NlHf8(8mJ7db;LJO} z<>HhX*3I1}T1>c*1=lJiyUv|pm(NZ;_NKv1X?M3cfIIKN)%Y(FqUjHY zlT11O8*1o z8-=DKF1cwiLM!~fw+roNP>^fI%bTJS)rv2fk9^^a21oXrwZl>*+cuF^FMuHA0n>%l zXH^qA($6#L4~|Y^XzTfRR-k=X0DGy)bDI}(O|I+RoijZ%blwOP?* zDuNS!;4~keN`S(H6kp$PyK5t};(O(ZFflPgwC0gi#W2rXpzs5uROqrT@V#v_3%sF% z-FaZs2bH;c22kt&(oV2)yMNuB<>*WE;~?T46#ZfGjl;t_RV?=Ttm!kzK>$3l2VqYq zwW1(P-l$*iP{hu~Eq@?OKBzVEZN%rP+Q&Oo*0KY8wr#`1UB_V2b+GKG5Lxh{UL=;% zpEQt$s66nj>IZ}fvNrwRBm#5azue^mQx#pUmi$$Cznh=B7`sp^77J{)2Tr? z{(=8S7sJ6%z{`+TKVtWBcPfQyyAblZtV`Q3>i7dQ)vXA$7hX=8=p~ItOM4Ns3zfAr zyj;Cqy-2RoFmE}EB&^IEFYT&9^8OpJZ6oVTy24Q%Zjw@(6mNZ!3M2)0QO3a_EEXlD zEhz_}SHWvdO>GcOm%>Ut)B?5L!c3N*X68no*!GCd={lgo5yDef{F(i>=zHzhxxOGCJ`r@c? zj*H1OYI#Mf1sVrb)&v`mqF^s35egxl)uTz=92|nVKf6Su1u1J1S}hh2T<;ysl|AXm zs5fiHdb?VlVFMKeEYX!;d+O4;R{_dO%s;2L4@P4pt=ZSYF5wZ^%5A*YTkeCc#JiXI z774xcJQl`!%vytvVzbz2LJWaC%639XNRce{mPD{fNW1zJ`W)veNA9{F+@qvTQAX=Q z`(}TBlrxNSX8=KG%s$CS!d(Hp7*tEx_eId)=-sW7cKA+5xT{dT5Rxh-$7Q4d20RrirwYNlg#tKm zEuP6)qs`zCA@77R95o+=Gz!u3DohDrI?4iqN#h3lK~3_CfPT=?RZ(PMQ-pBZBuffx zb`6Yaf8BC2imBhq&oOw@)>K(bLTfU3FB9F{9&Jf~2M9Pa1WP6eX`%6sz%Bzo4}{Z@v z!rKp*=ec}1V)cdZ7Dyy&KuOm^s1S7Bnd*rBlR*RF>LH@D5dGKB7(lLE1nj%9r7=rJ z1y9@3=`z(Swf52WA9}r%s`#ZFdab9HP5@Jzh6IGUlkoFydU*B#P>u(!t}W;9CeYF3 zx2b5JKLldqsmJS>eNS-K51pCn89x?Rx=)vX2|M*=GA!l&mxs(l#$TtRs&;;zj%_{t z^-+BH`>&5#*RNbaOL_-8!@3fAdg*Rdw$C|f^0_()t+yy7z^II@O1T9u;HhiaErB&Q zfaRv3hKdo@Q+J5M%L?fUV$t@X^0H>bKkq&-Zz8gGNR4G;Imd*VNAAxwR~ zErlfE&cWwfm^29Kl|>s^^fYAl4=1)Ty{)k{;U%3mRR$esF8lN2pA|^vs!VM_m65xk zj2pRZq;BfTc4zo6^S8eYt5}Rdo1euj_;$|_4*HBXmjLI$v;pD-QNVp$p9yoF+Opt0 zzwXnjPBG~=A88YNA>hhNe29xJ^l>R_ZMIoU%>B2D=eg{*?_n@NUk_~9&al)j7ebE> z9pS_&3yLiZ@m7ll=(zX)AMAZ~T$J0o|2xCL4BarKbSp8mfI~OZ-3`)R>d@U?lF}%p zpa{|p5-KGMh=7f>IlmY8Ip=fYv(LWwocr6q-@SLwU%b34p0(Edto5uXz7HqIMuM7F zB}M+&5SR3)MBS81s#>*SKJ!mWrc;$Ponyln!agM%!xX;QO9;4gRNAxqFjL$xNL@Yh zuz#|ieS230SiLg}o!7;~z3~*qY0CnWKvWYs+Tt)^^b(IGtJ!GB$5f>EGc!`EIk*dz zSbfkjtrrz=`D$+XNcL%Bv*PlUX2IM`AFt7vMy>;KqvUE;P@EQ^I6@VMCdkT&^KfM2 z9iOxYafy~u2Ix!tp_;!3QE$pz0 zw&$1Z!&3tBt?8-?#|ur#k5K^R8aHDvLqC~EC{AFTLH?0igMR+R;~MFsdfn6p!&;3e z4dzD;rqd0^ofA)Pg&j58How8S;MU2W0OA3ocOx`1pyIKL;yC^o3Pc~k6=RSf-<8`@ zR|t&|j)W>EU~r84jK8+JklSfD+25p(!V|J>sNTbFJLD!sIvLuwsW*E#2z@ogQzFab z&~0#GKw)ON0z1l6`S4xySE_I2b<|i5I67NEw&sFF#w?n=f+ts>2Z_Nb?l3%0X^nD` zheNF1%n)k!rSxXmBJL4FgX&H$b1v!7vmpm`7F2~^L=JSWzvsi3NlyBxaOc*|SR&_h zeKGUm>$laNZijDteSEU1A)$WfqswDM((jum_0NQ%_~QL9whEp5GS%H>#K~50N5vnI zrM1Kins*|)nh>DX3pb?&^2TT($nL%!S(0)TTxLP`e5@m<$T{gz`!q` zj%YIhP$W9?SmTb!k*zmwR#8G&23jo3R3Q_a@8ihDaj(9+9*$>-TIR8dnmB6N&nfI% zzS%1={^tGd?6>63;Ve)4vYiGB?=3hnc1tx0hxi-A_e9vA5nm$c&c!WK?DF85G!dbK zmxnlAWcM+Eo%4U*Sg8krC{(5soAwiIX}R6>8hCJ7IhJE-72q{ttIseS;uVm07IXPB zF8kv{!Q0F?K*h?a&RQQ{)_r_M0r{sLHG;DH7VB0goqf3^;>Mh|82eE)1xJB=D=`a% zeYAWDrS_&Rnb;1&!YZXAc^RfC5hcooE~WHHFqBB|8Lu0*p=0tqn&AMf<|{PoMjXs3t+$EdffZ}HL_DjVdE zYw~*Pk=MIe*lrxBHp1bIK9onA1=b^qX`*E%}5>i=uf^UG9Y88qy z3!F(cS<}Fe_^=novVvqE`rZUXL*o_|0YuD!>$*I~&R`E9s>T=xJqlhb)qs*zDIkx4 zi#(2(o@jGCJC@qsH(0e!zl%M%_TJlOfa`|GYopp9rx7mV6WJObuOuw?!X?lpkaN+< zXTSr+rFp*#jlerTNcY+glMtwn{v7IEC}dWukBv;T?(NPR1URWGcjUb;hcQ~OFj~jgf50QWR3m#Ne2@B=N=FRo>#mP+ zhfF$O<#q8`gkL=`adqlx#89mThpj&~i_&W$ejHJG&OXn33)-KYVb!opAyL|!KB&+d z|7m^5=ly`tIJqqr0i&JBq}afoNP;+B6NV*6nofKMQy-%-n8}g@%}LCm5h)puc_Tc| zt`on$oC_Hbe0t^J)`g8LP{HRnCG{DLImdH#z7xh$8^u)+yf7Lug=bwrCfsZvBQ7eR zy6D-t$xPQSNRpw#OGWauTIkjg@d%73VpA~D0K!%-tEm=m7aMrb#X2KW25DlO!HRzq z;Xbm6X*t0(cNr4xCF#Zz)Wn9b=_lV0jx?z=M0O_MSn`!%!DkPS5AK3-a)-=u`NiZL zhVNPsp@CGIOSK)uoIb*Hv&_=8Bx)JLU;K!VQId}bLqwDyY(8OGOZX{!_z!n2%Et^9 zoE_Wb9Ubxr-A(Am;v$Jn@hMKN0-a!A)#85eL>}cPLtV{38aWX;J06c2a@N1}q)Lwh3qF{j`d02(lP5#J_sNxrwOoa6DMNGu)yOYlHkpi z-A;za=ZdPkP1JbItNKNc`h|>nJTW01633ai8@!pll5Kpe6J^YG=GVJ z-Rj=FptOtB#n=StcsGlB3swLU=T_j`WmqHxxa1kKu3smzbx1FiEG>|U4=toIDJXC& z03*t2P7GhZy3UU*!a+wM0Z3wKQKD3Vw+b{$HG+bycyTnMmCmA-7t(mo0@)|zy9SUukTb>v&LEbpPpQijRvPU5Ay zYn)^T;gv96T?nempPdYq2rb<;E#0Fl+m|XkEDQtP1ODP=!VM7wm;oZt%On@{GU1Mj zJp&$Q;z{A=h)&^=j^$2aip@;XOqS-+yiuH0R-RjtUnX6jee*_bZhBE!OleG6d~R}F zGEa$SX)Vv4es1pU(#+wE{*eb!{WDD6>An4rlIK!59?sl}U6gKVtIDXKE~|}w$dsKm z-J0BTW0kvhFE{s5&0^GI>%*?sx>}Ug>?<7Ja{V}hB3@ljC7AE-^BPtbqm?^pc) ze4PCJy}j%_Z0wz!z5SdnxVVA9JpbzNpZos_p+rFVpTEU_k`NRB!~gGJo$misysfNn7dac{Um-(P`;B`@m(7AWBF*Nvmwx7vZH#OQ z(YjFlXtyJ5+N=A;URQ)p`bEU)H-*02U$K}-(Csdg0EUB0noJDGff3+CV}ByC=aD4R zoue2<}seWL@sWOg!=+_ytA&CF2M zBe_`eIM~P^Iuo(5W2ji4tT@2nbZtW&G;m5>S{lMyJ2tMPBcv-4^K%R<7iZoZWdlV> zOqV<^X;OXuG->Shmm>&G2|{QjfWsx@nsG%R2xH+%P{M3iB%%@0qSYKe+HguXf}Rxh znwx`R zkjV1ob`m02~K1%p0rFakcqLi;clySb_LxIprTDn%i zeCWEM(PiVN&l2_iNqr{%)U%-kGICuPE5uQz%QE`gXOk!45%TeCt`0(&vcP(6hsy@| zX&3-{)Iy7W5djfWh5E9|sln_)&X3rUr3cT1N2J{FcX7@Et`(!1wkGdDma`sqn*ZEOeMF@`r$U5fh2$2ZY#Dh6w{Y( zlQx$X%OTtusZP$K8)?k?tdKp%-e>%>_(@>~wVY2Jk1JsES&ca#D5C50f^_X;1n4Bm z(s5YJ4dx&pr%p5R7X`Mh465XJFRM{yjMW-AFoOXO4nm`OR^q}OSCG)$P&!=8taYb! zi0R_vTC>;+es$)6&;~V*yP+%vqCHd!ZQoMl<>AJq9qxc-QJ*Q2m;~PwInSnX;}+Xd z1Gdp_GcL1_zs$%U^VswmP&9(QC@US3KWw|p-RUY19X+!YVs&ze2Hww-d z+xl+KR``395o`Q9skR+YA@iI@wjRX4{mHcWJ*&IbM{|x}a59k4u6f|5%)-2y2?g+- zx54bXbjRJ>I#sM)-07Jf_-kTJ+3NMB(j%)4xZQ#_y0 z^Xc2b5~re-!$tLI{3RmJsK<`3ifr~I#%~}(uOBP2M)_YBZDKoj6qzK=(K-$gE;XNO zpC`i8?USZrl`E&h7_hdWUvBB;wFh8yp;wYohE)Z2P9r#Tz$D@LE5*5Qx~lr2)^s1{ z3snn8#Dj#19io=a|w6;gb=gn{NtLkc6 zWNnyVN+}h-$_n6cpdmy)7*VD^j2f~pcXFymynT5J7P3&hIJ7N3sy^dabWpOZRV%$X zt|J2bL(=~o0^iss4Eq3MJ}Pl>F&K;!KK{YM!S}E*TU%RS zU*E4^zn-CYI!_hL$^F`3e?vYyqXNW#E9d+Z{+q`Yavy<50iG{HZk=Tb?JNHU(R1DI zujMv@Cw=e39o|V+Jpzc3!^}|X657+6j?S< z6d@YM8WFJ3erPLR@j`ZPe&H^hpr{Q%5D?;#P~4mSLeh#LqL|UO2qs>GAqW_&-SOn3 z_+T4QMn`IavV5IU643~xFPo4nf`sRgL%Ur1%KI*?8fK3l32`Lf33Xs0jN}bJMdlC% zq5GgvN2Tt za7z@QzOIGf!jS=CM`VV(otgK@PM1G&%Hn3HCcX_=KZuG(ystNVcIxZyS*J-^@b2|< zpS+zQn>WPwwl0>o1vJ=uVyYU($%t-lyzdGX*RP|4Spf19p}3n3l$a&lejZ52Sg~rs z4F`e!l{uditF{L*8|Y9<5*XRLHftdQ#OyTIeK@dULJIj>@rHAvk!uAzg(E^ml&)>G z0zxKFrOPXx$)hdGN*`;V_&#^&MxsjMDQg1T-OP;y>nSyRG+SE%Tblbb#7MH>EhJeI ziB=zRh8u!TCCM^Iax;mqXK6S^-`LDCU94?mi&m_1$v#&#tiUPFML%?-$SLO4cCpXM zXCsS%r*1o?A=~vX7T1nm@04Ni_;{@RXxw)ztlrn}R;Gx**{xD1;(J}4WBi7;xZuqA zRuc5)^`DJz6Qj73R())=C%&HyJl~M_>3fy}PQ|`3lF?z?LiSgC;Ql`IO?PJyh2l%^5t zm&0xIP5N%WEZ^-E9LRhdhDJXGqF!D^8uLn#9Gr=aa*PPSPOMH}e_iLOy$ z_y`mp#7KTU3?sU4|Lux;->%QMM8&ttR5~i~VEZ{yAeg&Fg=7{F@PwktRnoG zDCsxyl6N%WN(&#?u5450>qv@}C%(AuA5F9_{kfUa5?dZ;z8O7wYP=aKc&n2u8H>}k zXoGX%o<^MiOzLLrN2Y4*wx-HwNoeihP0E)I339}*BRXlVcVj3obaA2SXF@{CQC?E+ z9Pz@Rw`*Rc5x+Uuy&AIh%+jrUJqDhBa`@OJT`m8q%kA&S&w@XGKPhG7`*9kp;Qr(D zZtZP3i@duZe|*i#62yM9ZuZ80Ki#>F?cY23h{Xn0lmT$l-0yUI7=%{2IWX3TH;|4Y z%PE6$tMwC@lfg+q>l<7QLlU+Z%|cXxP*oeCDB6qR(W)RY85^LvzZWZ%QbFXRHb}p+ z7biJYK@vPR$oyq59!*q97OytMM*r!zjc>L@FKHnysaTRMa)8-GSy!eYo#clDaB;E_ zf=&S7EI`bhP!+6zr>I2A7Jz_m@z`h;hBwvGo>X>xn7R>#8$OwChYmBxt_o^zGE%}E z0XDJE{pgyxm;$A0_F=UNee+L{2kLz|=sE&|03Tzfm{hts1b{@?0)z;Fu|gPQTP_Tc zm2)EOS}@iWebIOYecT&eT8b$Yv2~Vde3zE+RcBsCd#k^MMT`%)iZ~ZB6QPCSEd-?Z zYcrn2IEdyfPaED6N!=8xqT}{a73Zsuemzvfy=`_`>A64fIj8TE(e5-1(K4` z0aR+c=NHVhi>CBq4YbkRf^Yh9s8Eboy4i;S4daj>b4}z{q}q@9)M^OYV(s2@;0{0* zy7RJ|T|3;2;Th%C^I)vWX`MZ-=8$_tJMg7xN`r9jsp!lNAbG%YkZuW+fXn%Ck(`wvY99U= zPw(uBIf##EZO(U2n0w=+OLF;Kn{&8Z0SCOyTNF8+y=$*rBJbT;f8KWY6Qh^gvYVdh zJV#YW7oWq9<_m@!Tcyk;jsD5%ln-&yj?P=0D?#|t*)`OIEJXmYOyLSEJ%tQP0qCQP<3+_Sds3gf40ND12&^^9=ZKRLa z+7pAK$I#arLL~7pNw`9V2V5t^O&r4)Os*K*%7dr1qJ_og{23xH0Ha6KZF!wjujqm* zCv8dE3r4lJMT$R9x$3kRElzEVcYmJtNoz0J(b|z-{X7#ggCbS@BX0cH1f<{p|Gz5# zdwJXVd$>6|Ie2>o_<4hhU^kb4^#<@8^1raC5QzEw*ZBV;;FHK7^8fGgHT)v~(*T2K z@;@l^fB*g+RR4k*FTq&wg@uKIfq}ZZx|Ea@Z*On#E&#@S>*?uTx^xM=DR6OdadL9f z(9lp(QT+!g6*wz**4LSo&jw2Qd}-|39&dZS_!NECpb1T@g6pLB>AW}j@o4&Un#W|g zn1pIN_Nv#a=ZE~2hcx`hb7_;cf<~1Usn;T;mz38jKV0;99W`>0ash7U;U{k#VPkQ@ z+R#oKyG^vlpLfZvt%%9pRVY%AsVw`r z_vusphrFBT-!MY!b%_9M zDtS54@F_P{JY)Aw%+%E$^jK*OM~~`_*d^PgQRZD=#Aqn(1-2Urk(eDTdbZfQ)WCP8 zk|u$!YVb7^7x`d%Kjk_x3$4#mG)KpD>|Bbe`tkTlxf`aRXg_zXTpzv@v ze}4yUZ51?H7Cc0dO%fyaN!|K0)rHt(O2@LT*ZDk1iF{4Xvd{73$e|G?_~`$hiD z|1v=PPf(oXf-rnAS?Cdx6xio+bfQBt)jH$awN}e;k zsBRtyFbBpmpz~rdHSTT?s_0E{JU>28d3v#U%LqYl(zHQ1?pNV;ld%EuzC;1Nt&}9T z8K643&!eSL!rC0)$XkSOGCejmqdV;ydI#rA?xK zagQyExq8ONAdY#sGobq+}x|+`5zPG1IBNendyQez@$QD(*T$BaAdwPzB@&glT_Eo$xALo_}a=&KZiNOGw~0zl=}6|rj{Kr0XS6R5lT zBcJ2H@^$<({`av9^mnpx^bYp=_r!qT;(rmLzt8^&`v3iL{{Jh>`Jb-yXZ|M!DzN~_ ztJ>Py;DLYs{Q19b={L`LVgQXJrFQ?B4pakx;v0_C9XFY5`(8FnGfxWQb+W_UFYl0< zyfeCe+M^f6GFt;BfZSn<5g{XrYh+H({)2V@dai%xzyBHk2YCPccmK2D{1*R%o4(jo|g`*Wdv@K0eOD!J(t06B`=~I)6}7Qi2NN zy}dmU0`$w5FTc4j$bs_zJF+qMhMuK~^CmwO^f;d3Sy$HOEELwj2z8gg(u;U5i;ss< z-#DMqn1kWgswf~z@_AT&eq^3E^l{b`UJheD1#%qL)mQ_Z!uWPig31p`=}e@}>+=KA zuNCsY^7=EXnFvNP#5l{kiz&o2#mcyau-Xwj3fS7|nkU(%185gEGftI+K>FxJJ&VM`xLdb+`r08 z^2pL)o-s2y$7Rj9Dtl~OX7pCBU2y3^R$CSBme03W{;zHW(v&ANlBQ!m6*2$)vP%Ct z|DPFuZ0x{UQJV9vi?f{C^D~1Tue~|9?^1 z{nXW+{T~fg$VsoCd{0_c!nc&%{`|pL(zs2vyzRsq-r>6+2rs|UT0BnOxlecUgVYd+ z8>;-2pv9LzRdawZ`=RD>!%@<-duRLqdNup+v6TN(AHTu>0spV~AN7a*_g`Ai|7@lI z5dX*giT^eJ!vA%+ApgIa0QrA(|0n-{nK}7!nSdaEXmdCIPyC;G@c|DvLQum6`275+p1|6M+TU-+LG^vMA4|DeDRhWeG2 zEwixH{B>mBZ^-#)wb3|BYWKC+QzP*=E1ys_NxUziF?TQ&uRToUUoH})Z={s8>CD;` zTkXDNsw?hD1Rcf|sh?Rc1g5?8R1k;Qh(-sx&?Z6`N+@|*ZLe$Z&q^qwEYsl(J-_Fhkfz` z`ft7N&%~R}q!|Bm{01p5ha2gjC86kapIv|Qz}q>O+uFFc&CH@#rK9Q0nCUq$ap5|r zrDtSjW&e!3Ei5W7aY}W&VpI`V;T~^rCCU(X`G1C0?)O;vU;6lU{tvYGvJ0}Y^YRaN z^7FL&cT52P{QfU2EGF^~@n5Jv?Ek;dH}DJpTL21>b^zeu1bO-TEc|{^7dMQY+72;_pAk zN9g=b99MMAPe78SCtmw$rv!igzkSSRv zWVT9X0G3`ZC1G7dJe9zi6WVf%Za|lGU)X^~6?5OT%43Fp_BE0z58u-IuokmDnE_Y% z#1QPe&;V()-4567aIUKmG?HTpX_+yoR!V&{wDJyPrk4-^aV$T8DB}^oia=rRG&2Ga zJXa%4-~-N0h8_D;23q~D1%6~wQb^-{qrg%AcT>R?{! zVG%LyG))}Z#Sa*N`1KGriw4e{yG6t&AD<6@k?N9F5gHmILrU0iUrcXp6tDRCkq2Px+?9)pv ztU$!BzAEHVtG|xP4g#&mg~Lsr3I zgbe0+G~Q=T3c}Rna15+KJNh+R$7|r>T5;cE%iFpwvs-pK z*@edN3!Wp7`4hqqA4P%88VP)&Mu$tdNTh6=VI0yEq#;nAmgs5D_NVF>u&Hht6=rc%m6y{hm|OVas$(3sHEFpf_) zZf%CzTn*IO#b#npD;8uC+aoU^yyyJ=q@|CnW)B1&mrvvsgB-3Vs^bal5S!%qr(7oBBQut zWq4>6^#M{vS4C0mV6DR4up${kfkPY5bDj+u%4W&Knx#_SeC2xN#_HWn@sSjDH&zDH zC>G_K$}VE-=%^yM-po`HCS303BwT?JJ+ixfFz&*271>?P0A1ufSMx;HbK^u}&Upw8 zWN#>q-hR9_Lrb?PCDu%6o<^4~+AWhq)hddW$H-XO8`-qUM1Ya?h;${Y(p+ z;}5JmNLtzzqSU?ilKvXs1mB=xH>t|5V9Oq?Q^UVViwjpIU07LAaIk$;Nrlr{DOR5E zAP3d3TR?j+Q?fibKCJ@JdVVjJr$)7T-IOo9-E~*+aU>&?eGK+Or#d;F>Otar&j9^5 z3xk0rDE-f^jaJKrW&Ub6nM%+i8Jw~8TKpjmfpY=m%-y^Y+OdTjG(=HoVt2*>jmMSr zV&{_^9!VzIWk-<1-!#g_)u$D0mo|EtO_*EIDtc zk!6H#81Y=Cen%bYEsl{0F26~${9|n=Iy{=i(_+`dDC7;Lm|HfMFnJ`JjK!*s2j7lJ zvJ{T-{`QhG5g*?(C^IW(tBPE-)xluIQC-3cNxzz` zs5S;2pQtG%AqSuj7h#&gOXQ~%rCsuQ*4=L_f3uEHm={}!|E_4#!jCyl+r-u5_VdgJ zJ0V-fEQbZLt8|nLeFG0NZZ3GuxveR>&hgxMlS|h_NT@koB}HN%FWABsZy{@Yem>Ux zW8A8>;!Qur!Wu9HldsmuW~oOtG!NOS6szYf#Pk8jH9ONxXOJ zcywBms5cg9x{-v$R1GOE4>sxFimHC?AGDxttx^#kbNRUIP4IP=gRrNMlEN zUC2Rne^XcMa5J9bUQ98yl)hv`L&Dv$2BBAddix)QQMaBNQfaI7jkwlOSgS#UFN()l zom!;v49DCSuZ)))s=gVnz~yTZz4Jkf{XXYpp=!X5eJr=(kyW7Kdse(G%F+kEu_Chk z$|CY$Aarw3Pc*F0sqg>&9Wwk3Ve}%%)rObon z#ryPgEye+%Hk3)DRB_7X)w#F&fpR z5j%^?w9glik4`tpw7Q0{(GGE+MlVubjL#+_FV`8OBW)Qoy-ul#a7i#z-gb^r;u>_4 zB}zA}ceEM*1}V9-(nMQm>fdCfom>FZqvQ{V&varH*gc12yi6&Xt%3cHI$TG7O*fS6 zg&zp6apmL}OUjQ<>k7Gh?iIu>nHjV3Q{257lWG2GggwnyZL-ZR&E@LkJ#^^ZDoTZS z(sOJ?gu!Wp)X31_NiII8?to2c-F*sp}IZar~AiPWAd zuJ4c@GqK|(mKCpM&k~t+BQdzQZ+H3H z9j^zr@<(I~2hUH1WE~G>3ncC#A1Oyw=2D@tG&pgN5@ zKO04Wh!!1#ik!m43Zi*^qSeZymOr#P2Rqm5^;t8_7wlwa2fF`zy<=YAIsp&(80 z(NXJw7yIKUl96aSvpV{rQ*W0(UfDD1@rjGhq8Q%b=z|G7XThKGClRYqu2mrkx=ZF7XzVA?eRp1C zJwHK}oXXFR^m9%?P&s#yZg5S%>1}1K9Lm=$C6m_;N{|c@FQt(Q4#G{(B+#|SxS_4O{d{65pAaOs6G#4t6El--EM=@xNFIAzu<-)uW;!{P2dXyradUuCo@ZbPMGj>K0HbiVWQ6=;p7uj&ZQ|SqAHp94&v)f z=WAD(=YB8mlsuL;_}sZ#)Qj0zlX`@4_Bl7?CB^Izr7cVchH80?vXh|4~%5Tu@IF9`BQ>4(R)Ou$sMmFns7Li6eokyQ94u_IHHZ&XE zzA^b(9jU;(#Q`QgLlD2lq6XJ5XR}Kg2~+*xEVqMYzvhv&HXuzyhkcKg`r4oMbWv}y zQg*RT_vooEKBpONgKQ5=cC(K+{Ya)%F5{z5c3SoN9qc}aRob&ixh1Os`x5KFv$jO$Ef7bwBG;8>6v!HrNiz}!4u04V3hM_zT z!bGe!{A=1mRtDEzr)Y+p+_s^XVKQkZ{oO&B`Q&dZxo zlT`T1>eT^jx}j067?w1rJlrEV%Lqz&FccinPTUsD@Zf}35F#)Fz0r=j*nDXGklHfG z^m3NHsOn(DVZB**2P2CEP1Ywv24SuAK}%2HxC;N9EHPF!1@WQs78tRn_SuFi?lgQK z59~0ZA%TW=MVJ72^QQ!=kQTDNK=NWeiWT+dzE@(yVd0NgR9>L@v3G1L@9`0SVwwA* zJ)_9~1Kj>GGW{){KLF|2r3wVU-fpxPvPREE_-X}U!-%W5Z;N7$g#!{y+)ur=3oGX~ z1ob{s?x^Z(E$5(=4Y!V}*ozQS=Ixd(RkB6xgp}1XtL>P*JdG}Sq*AB=M{H3XR z{7Nn26WuB6U72W^gGJR|XKJox+B*n>_e)6y?qz(OEqY%o0Fx}V8V+fq7ow@Tx}(~ zm?PYPSgg+HSiN+~SJ3F5_xphkIfh;d_x3GKO6l-kAC}%X-MtCud!gv+FPXmL@_r2) zaM!o+rgf~KIxaJVVthdVIg%APEb3v~68kzo;$)9i;8SX{5#yy8ks1zmb8~R-k`iaf zpQ4K|W(i99;%a+{Jm>EDRg5V7*z@&MV#7O58jCcaw|ax~1I~-yGAB1nnM;a0G)*-u zPM%A8cG^`@PMM4wTz3!d(nXeU#Ms0s(^+GVRT9lmZW5F#%VxDOtU&^w0SR~EgJ$-Nzxc()@ayB^?c7o6LFTb-SeotY`f zr5cY)=8&&)c6mpDPvp(8P_u8Vrws2O)MvN6Lc=i>AFGb~W=GT+Eq2|QU6E2W(Ng)~ z2o+~!&FJ7_QFGhIL^O$qDZ zUA@*qeNHn1rD4%eRq{%>rrV5KpFWFGSOZ8p^lU{gN;k@RIoOtX!1nMq56P)}$ zPg*N0N+xeJPHtVCypz)FSGtHMc<5~I;N=GY94`7W$sQI-js=$5)TC7J&`53YtW1@N z&C@)ytd66-aywz*37!>l4fRPz1arr|ESyVkDm313isEqj;wa6m>!@7>udJORdj~n; z_`oHiVMgC-N<#v7qk8`)%ARTVxbQw=f6lUszBo(I;~}MP+Dd88^L&}Q#YAi77qe@u zt;YV8Zj)&Cd~I&-a*K?90A5w0d!T z753tU>Aw?p*{|t;J^j7x9c(s*L+cE&oRu+G3)Rn!y~Rft77V^Jt93OKVZ0l(;vok2fSP>X!l@LAJfTVQ3d zG;r3>*{^VF3IrWPf!W&6x&@yK3#SU5rwUP1g}@mV;7jMiDG-><88zh$oDl_gH z7NQCZfwS>}-GWcf&V|mXLT6Ct4UQNj1bpud>c0z7062P(D6niH;9Llx3PIP|v$+Gw z1Z#uS0gfLe0vsVoHP{$PG)N^_6r=;}7;GDC8f*)6xCKjtufb>VhjIpi)WC@Z#|L%` zKA}*~C=gr?oLX?iAR*v;6bQ(CHqB?N0@4K*2PYaFEjX3ne1K$vwZZ8CX#xifju508 zYz!nCtO=3@(gAi1whcB7`u&2H!P4OCv#4D#ZWmlJa3aC+f!%^nXMwywzlO8n{#;;i zMbFmr=OUdE^>g0O%mY8C@{Goxvja}Y*&_TL;aN*Ri9TDCpLCox{IhAWt)Kn|XRpDo zKpUi7M2BpNpfHCZ1Zvx>Ve_#2VQNZ#eSOQqTidVJp08ESmwX&c{P_Ou zr^TtY%#a^Het`bTAQauv(b4|?{@mOgXvXa9>;wan{r&y*_4SpNmF4B-!SDuZYHBht z;R_KF9v&VP3WY!*pz#y5XMjmEvA@_g&v@c2*%Ac7sMb>6AB~{ovm9%w7>p-l*CfhfTMyKKhIT;XVbP;@S9vHnamd&%w>-k=De3D>@d^h_KE#bjNJ7~ zLo=^f2_F!=4R^;=`Cge)>V?ub=NYv#C@uvFsL$>gS5UX+9&D36BPhZd4&z@GdPWdn z%G&VYb81HwR)t~O_C)Yo?>cK)j3|OmiDwP&>7|Qkn;*G5RzK&Em}UsB z+#DdDgzVSQGTf_5VG4GxJKaqhf{qqVckjD8`vtF2+#-+=xIat+iBxRL^B5f2Fy{Br z7PpcRo9zxA++MkP#T!H9^yqnxTi5d&bIn+wbbh_l`^BZ(c>HAd{9=?)IJ1zRYljQj z{h3#qdafUPzib}1R$QbCnU>!`s_IIuB2CxD@p2WJY=b=BfmtSHs+(_aJtI~;=35uQ;Uu{BfW_*wIXHP?dn)PUS z(}CQfy#z42+;dV32EFc6i>dV~Hc4c}*ldl#IUruTD87=*fQGxq+j1T0-3%PxY6=`cZJ2{OE=`h= z)~Z8t3kj{O(OO(NUx{Z|WoNS95z!F6I%Ik9RJs}mbH9;>OYDIox#!{XW=Ol}LX^3t z>%*iVt~*cqCkjXwEgEqaXUxN}?@_ZWQpPjOF)k<)mMaqP?~Zc|Dv>-jxs;G99pZhJ z1Q>n#+97EoKO)~kM! zlg+R9-_cDx3!An+c)x*OfAED(va>4n^n=c2fm(%b1?v+r4D$N7DT+&$wIowGKg-UZ!3i1C!;$eqM}N9 zHgQ#KXsoX#Z_vjIhw*vii&t35$E?&dx31fSS8VWA%QYz{o6?4{QC0CM;}#|Pk>()Z z<*8N(YO5x0CRBWR>T=Wf`#TxeZ_AH#IjhDCg+jCV)DGfu>aZ20Zp8HLX-cA{31oO= z#)fmrQA^T^>bk^R?1-CcTT(z}Jmc;Po(PxvxOxpjn@1kb5_@xGTc*Y2;=+rG2U`k< ziOs^7D3^CD5ehj#U(%{jn#z3C@Kfbkxk}55>odn* zG>0dEXT5Otkb(684->GYs)1|AS};N`>yv^5>jkBrnF7S7m9vlW{JV z$N6N+Rj3wU4rnTu6JH^b+%uF+$5$#LFshS!1_P0A-mw&w@SM!585D_+G3<=h=?I!= zUz;b&dFQTw-CSSNJBsoquaWDZ`Ir8<7RrndDGTBg6$=d_L?v=h`p-Mnj$t`k%K;v^ zLUxh9{}34+JVs43BWr@!nwQBawNdmQ9^l8a&%!^OCeh_4dIkVEGc5q02V1%Tbyo^OgmT0t1{zm;^RFfa^kmo6yi@hLQEr{ z#a2UP+?d1}mQ1iT$L%k_jF{`NRgc^_Zk1WvnbIdb7wkJ#w^9Ax+0$ag4q~q}2&uEY zrt;*)h*(+RP0I^ac(T42rKSnucg!4N7KXBVl4M2+N+!1EZ;h$T&6ByK`XbSNaS}IQ z0`V>u#tT0tsLWq0kNKCre*TsK<}#`N-t=SfW9cRwtGC5^B=UZWcEZ&PFL?JHUNw^W zPv!MHdcr9eB_7<0(K2nGc1{?RwGM7LfA@aNkb@>NT{?j>9jatM)ym%G; z^}Jo>x0*87#_w3I>yd<|(5s)eMBOq0NPTu4&b2-m*ESvS@RR(yJj*;8dc$w$%Hgu zH2N8C;%Ikgg=hAXl~1?cN_I%zd>v569q zs;L-{7SDHB3p%M4`3&JvoOAqbr-Se;->CQ@wePZzd?@tO6ryD~dZ=m3v~P3`&y_HL zvV{*dXOL2lGrq)maY|rv_)4lVivglDnJVzT7vUKl4G#^Kt=1$X$9_?`Oxh(U%ACby zy?+yDJos+WVXfw6p5iO0`{;Gw^lP&(nQ+ZUFGi$RbWm1r>z6S+x%p!vnQhA?=_yqO ztLTRJR?kNG!%?wQVbbWPXvWBO_=+I&UR`JD8}^%DyD0Qo)q}cM+S6n+cvw4|3p*^4>m=fpq_`s2kKhI-EOc2%eWaDN;as6v?KS8?BwN~3kI4}V6%n^9FFkSR-J`ZicP?+c zx9P{nb6tqcaZ|0!Rw(33=}qzkgrx^QXc6hW-Zx z`w{&+|6ef_2nqiO{`>Fnar~nHu>_t2p#R_A-jTL;_4xP`X6EFlPq#HR^l@>8l9MxY zawbDU?l(7&g9L%s-r(!|UE!`^p*HIa1>fdq(@gd_+kVnCW=p^J!0QxH+9o*n&uxF%P?Lcsf8Q6d{1=vkKE6jtXb=b-TrB8fj2l+hD>ChxTo|E`dr3M;)P)pfrE!7EyfV@<; zzlTn)WC-I=P-`3cI(&o>>Vz=530kLVY5&uDNuztG)y~z9tU2}s(Kmc)@p#1oeO;Gi zCLQyrwyUvzb?M%xLpzuHT?~*WtX{KInYH`uVpprP%9v*xZ&I@csz^iIeQ}u5dKVwU z&6xVVcTwqyT8}WrFZ`cnZEO@jTw|VB%42<-O$gM-Kh^R3U>BIG?-ehN>{7-U?aw+! zC3GK{_3^Z+ZV@^JY6p5v%P*#pS7a~aBWcioU+clEQa=cmZjKW}>zDt)KW zBK_vl^c7w_v4wszA+7h>3GTS=Ea{Q8H_3tBk}}WP8|>SANx}D)8~;dXd6mw6RNH zY|{3^{B*_gpwdkAJ_pqLhrDvW^~Eg2u#l;Eg`3KXy#UmVoY8$HX=WauyW&i5y zdgn#0I#>IC+^8~VcW;Ne$qR|#9Sg<>H(-}Sj@j!O1lO~f>#uvgoV_!cJue@-Yu(+J z`6YTq3pg&D6HYr*lt52po1EGTB|YI00>92hsaYp()XJhNc;@(0I(*Xy; znubb519f7s5<66Ro+o8yeTtc)1qJN;Sni`(|tAaW2 z+x`3ecR#g5%<5f(sCa6(c;F@G%8pmkyaTIVZTCBsZKAcg$?s&^j{%}N^}3BUg}Pb{ z3ZjIF&T!5rs&3D;NfWrMfET`xcX!=TB@JPkPr9YtTnOHI$~32NvW4Ei`r&EjX_Z|C zCsb}W1Qy!0N0pZrovhvvWX%z`3iz=~_Hzp_uO7micB7PX)K9W#_IZ8pGrR`#qIbqU zz2C-(=*M3kK4^L6Xjd;jNB89U=8Nei+5^|Kw=No#2s!ph^8ha)AYxgdv!k%O)A*G$ zEp&_g4aF4du||6h3H4s-AKoX?+ZmPZqG6f zb-odbbT5TYr|jLg)e$1j)A6*QRUy53=qXw+vhmruZAqE zKeAalNucgwL$T4xM^65)`>$My>SiJYEf$o|DXVYawX34{r-M@L00HLC;}ycjMb^JKWeS|u+SCbeE)&#Uahi_=!I*_&G<$b zCPV0ll9i|fogW-Oo~y#V*tC_jKGYI%>GCso-uts`mi|aai4@_ChE9uX8^)mC{MV=I~5H0Du{`~k7NB28h4z1Zo ztel0B6Ba=S#P08vEEL$+b_v~nJH+^E^OgtsYlL*GG5(dNW3#Z!oC}Lz&Gv46ti7&hI|I;m$X-=rI@=2%{0trO#Y%)${<&CK^5f5sRWHx5_PG}a7! zUU_L;dP|ji++~Bl*BQ|nNdd=V3oN#Fob^3K9Ql0k?%cVL<<=TF(zeKLLF~oVKNh;h zzT>O+dJV0;Q;K%CVs7Q9)VbLYwBJcd_}xeqleqEZ^NX%?*)P=JE!(W)^+E`$PQ&;W zta>JK>gb)-y_K`JYK5kkmAja%%11RiXC+1L`n+G(#sF>DQcbtITFU3VEvpH0{yj_S zh;$>SGh&xIa9m?&7nBcHvKVahVWi0E15Ip>PEj-K&7EswM^CK0Q)qOtVGr}+U5VrI z^*?d&vU5{7{Zi+J_FwX7*))*5h_~lj__BhH-K#Fhf80{N>h_}U5GUEv&t6Oi*4+`Q zKE0t2&C264PMbw<*DQKh==U=p|B{y2%W|5ZIUx=y3r(Sr8<%wUgBBjs62PO zpLUP9dp7c+nwPPQ)Qe)oAv3;~6RBc|Bp3gcvfId+0@@bDBnLjh{88U^+J0+Xgq_~_ zqAe_{$HrYS9M?>Q2Hq4mv|P+f>pH{%7HUrQj& z0v~&&Ot)2&+Q6F>FzU;;Uv-%nXHs1H?5*P z-eQBs07~NDr-1zfv%UYk#jno)LH7rf4xakM{O_AUerNt~ZvO4_e~s|?f7k#2C$IjF zBNOxgA3&`ey#E1(3IQ{FZeIZ??}L^J#NZA-P`uAuz3KA1cO@wzkMh|EM_+;-jQ~%V zjm-z%oau|9XLO&vG92bRw!7h{2e*Gnrh^^|H}5r|n}BF3EUCksj`Z(5M*zkGycuE` zntJ~mSU)`V{x|IH@l8k1$tg)@JKcTJ;%b)Z7WvwRvqoHzQ`oI)i4F_ksoqto@G!T} z+iX90Z|^eQJ=Zoe@@hCQ-icr^3JNH&ZZKB?lfkDzUZ^OcCZZ^+AtJvx4i%smBv2B; zUsu0vdqd-ndV!2|zCFu!we8xInYnTwiX2i$Q*2$HmA9TuWE@XK7L(LJKEpiLQ^>XUbdjZw`-FEmKE~G^3Q;C9YND z@7HCw3zMax^XpG+P|%~xYw-DqHA=P%{jY`JjcdAE;+g+ z$u;cf>q0r~dPId>ekzBF$l(>V_LUbWtwf&_cUtpS55>$Ctnn{stPVzJ3-8b&%a3yG zRwBeSBf9Vrb_hN(Z6SJ2`}q*5n`TO#%()blN!vCNGuVvf-R{mXJ1rf_d>m#VDaQjul5nnJffSnO8icE9LAc#X4T!zUE>v1d#Tv7o7P_fL{tSAG12 zLKIl5>9%tRz4y$2WE+W(LYL%eM9!fOt>UfVEmT0ixoEz%;7sq_Y{si#2#FFaJ-$KU zSx%Kg)=|R&&s7b@m&+t<-dP{(-RiVNwg==s@}Ts`#5_aNP-uIMNaS(CvP!#Zl@)T@ z=AkIGf;?fl;15BYGbG;2ve~b4JgP1to@-vuGH9wvM!h<8BBae@39%{F_OyF%>*I$7 z#S%Cg!VM)DQN*TK8j35RMDcj`T|t%&0ktZxhX7bL${D9_R4YW}YYb>vq3X@WA2Axt zIjKB3eK!%Ro4|@vbcGg&!+Rz6$9JQ*@JH*7*lMo1`Dpb8pGF;=a6g0hztMhvbH$hT z@D+Ifn@z#|CA8H8cgyTQODt@S`Tec8wSLF3BpAnBd*A0M|kS$s-R z+vwu(dA0dk0T(qZs(^;V(vqDyFUg7tk&%alYl}G$k$7!qVAF9I*WIbSQAUDQ!@B+J zd?j{EI7ncfvYqGHf6j!8`|owP-7OTki4O~N&4&~QWl{OP^BJkd#po{Lg4?~yxlPA9 zQQ&Be$P~U3z@`Xw?SKMW=! zTgmHfl4%mQ(r6riJglDl;k;!~n;NkrR-NgJ$k}{h?$6e11uEGP@=$}r6&-1Di_*jjkhGpxqU?DE@JI3Om0NVrV@Az z2H2vW>~?_&<$0&s8!yC)m>BJ}4--VRFLNZIWGdMAvM+48!G3C?SX+Qwai2#xqPoaw zq4tT&ks-6sJ4NL4c^640%Zv%uAkmmvH$tV`n*1-L#%C=)mxbrqBy0*fJn!+~i4AG* zG(>dq)+X|Fm{nIw#4KKDys1F5aH|m6g^+e*c+F712NtZ+uVb%qmp>rUBcCcDpU+l! zt9J8!@w24TiwpVWudBGH>&F{luch#`K!PPs2|}p|o;52?A7|t*=3PCIcuDraV>7Ki z=i&nRV*L3vE#9`i*<_Di6O}2zTg@2VVX(Y5uCptwaKH9^Law}DbyrTj`LM_Ub*w$| z`RdDz=a#hVACKNGG-V?@F5vhd^tx+hKdB+}jwmik!iFh9eJwkJB3rN`hLWp=v7@aS z3N4y*H`pn#GaXaqA8nXhaCN1|N1=V|>LdDX>Sz~I#}Q^|dgZk+iSrd_JGPr|e)Kf$ z~jw1V<_G1U2$J#EyoHsbAU4;p++* z=MRiI_H^LWPs+1aig##>o6+5uz705a`RV)!yI7BwT3+u$oj1)9F&ky8iqM+~RtLod zW9@Y+pT`DaO=^5}nZr^i94(h>TV!}1bVNU`IV#lWav@Xry;94rXs!JAeZ0Lwvl@ql zCGlQDV>i)4JnbU!?5wO+7g25Iyag*>32)Pxy=3Qm)r8kN5=b=<-KYQ-LTfBKXGu1e zT3YJ-pu^EK{mCL{gI!1GYzr0N@cBZZ@1laV)Fg2o{oTm%tX^&1L2-oG^)5mCIqZUK z)(<@-6WzTqyCj=J15B65c%Sp}&r-Fo9Hv?-%{?lzv7iloP?Yyl>y`DTazpHJbY0WZ z#|5zxhIgDgDpXwBv@NVKyp+}Zi<@t5U2SYSykl7W$i@#kUS&5Ljh*r`c$b~4BqtX= z`p|RC?WDHPZ0MF@>4$oC7u1Tq)PcDRoBiHw(O+GPQ3*toHuf%-p|4VkWu^965Bh(U zq4M~QDfaM)bJA^XB@m4)r&pKvC!N1GvWX{JZ+O9LnFmQf7$sXQkT?}O8nCEsuli`J ziHF1XyL%!ABM>WJdA1l!>kO}cFzo7O^m%Q;u8d*RT-!#r-}vqU`O{vEdwXR(y@WCR zf-kiezOHuBAnA(rNvGvuJKLm1Iq6FKX!{{|4l6dMT=zc8BxulMT+PDHF{{8Vp2*%Ra!5bybY&hpw7vCIL=(0|A?C@mFXnx`NUe7aonRD1INTE-r{PJo4YmX{aP z&hw{ZxY-mrQ6}!8kEdg&6uaHctR|1m(Q<0V-rXDhAx~g@B|_gdCnd&wS)kp5t0zoW zJ$qELCEP9bJKhA?na@*ch}5=JQw=0^ICkCH?Am84OJUk|HFW|fP+k8 z2liQNj-acs=*93^CBmt(>{IPpWqVg;xCkBMH?%z(LKt>2b9H@=c2^G8vnBXB=E1nH&&5!@N!T=E32bHNXilUx>qs0 z95GMUe21Ol!B$Df>VUJY3t!-4GcA#w62=#cDs~{FGW;d{?Ssg#<2B5AMS9j6*Wh)p zT2qm^3>nkg{$WAU&}fm$V)5w22;S>5if6r-htXB;L`t+T#t{Yc!B1@9>CwMDsoOu;K*h zvV>}7k@>91irp_2ql{Ig2FwmfgiB_b)|RMf%OXsTP{$1wa)#-gDKi%P}_6nQj6=LcG?Zg-z$gGk6QKhS&cHCt)~XFP=X6s(DUcRHbra_N9y0AwuhSQ%u%h2kSvw#F0xm;7E*h%0A zRfoO4bFl=Z)La!&MPqgvvd5M06u+_Nf%I%GYV3YCG9W~_Y9Lr$wMqru%+Yn9TcaKk zg0a)A{S?sESgrJ9&d#+CU5v5R#X?<`+lAGr>Jo7+TZYWBbmYP=OWdp7U1s}^=$1Iu z^0BX&FCKO!533Zp?JIP*UVjQ(qS#%&th?frjp{_g?bq@@6RDpB5+f;@LisN{L4GIy zV}v*Tw*SN24}rSZ+jyDQ;LB8UH|j%`k((T>wlO`7Tjj^kAEiC|6H9|{{!p9 zZ>;~R?JbZuUVOc;weG}v$YHgTYg>JPiMDT3Xn)%_u>L3NWR+`sw8vr#=Hu)A?G5L) z5>{enyO}hWttXb~hMnx#;T15)%4)M)XOsVCZ}UYrPIf+75TJBu_3Q(08l4ES7n;IO zb?v&gmwxBuX7|0j!@91ZBn}?myXO{Y`Vms*zScEgYL0SMS=pTvg=+3wJi6QNovJX7 zyLtL5W2m>~rnGy6NA^w04)wZ-#**~82Gm``qQ{;})DEl$iU<@pCw zpAYwy%+ZQJ*!}83`3Co`>y-Atd2(h)+${se1Mgn!>n;#f*&~1O!>cNue;?uekBj3! zal>En|14%=I5Rnt8O5MRQo<8yDgR9f@Z0|1(AW?>?D3oTe;bJ{`&!6Dr~7^l^WUlez*vC#4+Os%eDb-Gbay;!vv_0}WEDQ1 zpY0hGD==#n`Swe9Y1X-L5km)~qSodmArF@x5IO&@Kz^BGG~M#X?B(aF?^50O)YW&K zc zu@!CM6*M-4mf&$RkuQ9Lz$+a*;v()+fjZ@r?5;3p#9sU|a3KvzN^zVWNIB8d*I6}J zGBdV#bVilwdCU>qCLvu64QI7htEHFi%hsl5pTp^gvLBzw&PK~zDbzJqWt$=?edU|+ z+Y>ScQTr|OKHo#3$|;9hKb*8m+TmFx!wKs=X&>o@>S%v>Z?VkCtE$vEX$hCHb%N+d z$$h8Zdt};2NLPo-{Z!q?Fc)4S?z&Aq|R+GG_OQO+ejKR z6kltF+cBc1Z!#3QjRz_!^k4T@byQMEME(SYETcZq?@3R#uh$ZC+=%gb&)cDb<*Oo+ z(J|EGtLXHb_g&{oUEeO77F^k~jr`NgjS;n<1pBnMhFM$nu&Mhxj(Xf|PP!o zp*pK6#9*7C69O$eKq>Y_w6f$hSH5&u9oiA!79_9lf($g_^}?UhHfb)WCMYtMGsw5hd|gO5Bd$79j6 zR%cHq$1s=Rl;MKEvSaJmvVd*`zwqN7&jgkd^dt!E$^!pg^nA$Gr6?O3H;I4Q`~G;3 zy;)iFz|mgQhc93Ds+U+-D5g91a74X2JRA;&zijnX*$_%vB{pa0b)pF6e$u7jo-)0T z6Z3{gN5r0st|g$)1!V{8RbThL0Q-cv%L}@QWSGS(@NmQswH)R2>!16mbyj?jUFl13NQ%1+>FUI->{b-?SQ~PK7CK&qOxH-&k2(PM7Q*h zId*5ndd{3~SMj)pzqOyacT8*?sU}*u*Xl*%1x=j5-2^MdVf>rmrC7nTU?V={@L4N~ z>pX;Ngv)>|vd5wte>8Z*)1eJMP5yIAstJb&P>@qj-)-4y{~!`NJ+~p`6WvF>Qz%w} zM?LTCoU4Ii9N7_-j~S_b840>q7bd=FeeW`AuisLO;M2B?*u7nWfzDQO^x+J1n8>C^ zHVXd{#am&ThuDV>UbGOgP45k_=#os-#UIxqngfc^5ASR6j24tGWU_NiTJ*NH%;&j3 zCcty^zJ;J$PsyUz@}HK+gz?9E)hJ8Yy_uEdWT$=0BX*Fju1{7lu_W@8ry_Z+ix3TX zj)t2CpG0e(^41Tsp)7}^<3<(LwwSE>oj(rcAPRHRPwTK1w`xF!G7YA2?{j!#O!Bk! zjwxal;^b`$`*{h^PhOR{fH-m~Hnt=>g42_c zn@{M?a&cTO7{=jQZA^?n__tqI4H{d2O&e0$cZ>%)l9Pqa8rx7Lc%;ea?$NWa8xn3f zT;4=5-v9A@c4k>euP!#?2kB4IbLc^<_Q($Mj$d4Fu_9j0^9OMRO&sBT_OZJgMab=5u-=3x^Noluli8EOZ8zFBSUyXjJpDIciCOs?OqrZe3avV`WaH}-O`;A z{5!$(=PqLVt0gW8#PM5O564=?hKw0#1;{;$tK8$42W-ujpFViWZ1?5#1ih^H(dk+u zQm|91st6b3LXs$pn04O~gT8t{lk_rmFrm_@COtOG)&1iw&Dd51f8$8m?ki8#lX`?+ zLA*uj-2|&f&8u$vy5h#|Mt5QlPCx}#(w`^TUokW`NOr+=*C;? z=NsAYX~09o#G<_QC~TtPs$qw3&2cg!7<)!W6qq$l~@ZG-gNb>JDg$LrWU ziM>~H%kFI4$L7VJK6*4FAqAev?T5@|M1MZBwq!B3fG}duE)QhC9M1NNV(baT)OlK7# zkD{BLCiQ$y$fus|^E-B2+R7oK9{6mK$hazx2+scD^^yHu%O5%%ayVZ`u0*BIW-T`t zkl^(z!!AaR;1lk9$PjlHL`IB6=LxbE@lEpbQ(sFqc^@;#Zxh2>}d}kQo%srP41aS3ri@E6S5vX7Fx68VWBVT zM00)vAux&)DHj^4G~P;H_vU#P8pWv^8EU=vtaRPzq9Zc&j#W2A1_I}6b{?}jludJr zJgtf@lhSXB$V=Z5ZaD7Qb2GB+ErOU0!J*#rziM}RQE`3Ny*IwK%k_`ZQJyD%{uKT5iBIC0E#5!fi!fizj9hqUkjya<{uCsK zPR~B|#E5`=_7;08#c{mK3!%*Na+UVhMa!kw0}TmJFbwPWLRvLsFvezM^6^MJF)_OP zzIvIr#eVbnJfun;c1a|Q73x157L1qB5bZ?7Rx21JN!|2`+kw}4Nr|Jic^o4u@1)}; zIPtOB8Q=+%y-bbd8fDc;OV(i4<3Z7wq7}xs6)tDGVOSc&sw%pOWO9qjRzKN+LC=A) zIfV~+?;UfMDsYdmWeDaT<6O!6y^l(SC`&xDj0bu%!F;6+*yPP;909#v~YNZMT`IP0faBxxRPmn ztt=uN)bBGUyG%U<}-XYM+kU?mCnb*>fNl7iSP z0$IJjCiDsl!hE;5{B~2mQ1V6#wE%U_LfRYC`E&{|LAtI`NY@^Nyrf{8AKJ)Vv5Hu^ zZKE$s1J#_fUd|zyk?bqZE_lb>w4dYf>}ATEV{#I93!Uu34s67oFpI~D2QHMTs=!+c zwg`krnVco4lnrcf+AeXbBv`*(EN?^nhYNB2mY%2j<&aK7?F1n^dxdx>q1Tkq^&1T@ zZreP5-L){uzYzTx?c9&J$>AR%RL38!pgEYo_HuWrm2DGu(Ks)A`;Nl~zO6e5%4HJr zJ%v&dJwi;wFdj0_6EeJVPZ)nx*g3ewzS~mtlJD_=%*OQy<({A0 zdAUXdEB1OwY~=PllbXC^YFo7!sRs~}o`uy{WJERviCm?NNI$YPHRe^25U;^wyE{eG zy{(=iUE92BB(`Po5d_*D#h(_6dS=#CS4$edRg)wk4K6F<6#^56YZsM7h13~!nu_KP zBp>@{Ya(fzKO?lCLK) z7GsvlUlMJS5|bU)F}j2~5f#z=W0T+-VVXTS+k`TL(q_4dLBWnL0AkoUf2=rg3?H~&)EJ5&y!bhR!*ER zMU$Q+kZVZ2Rx8--XxYTjax<7zyr;8FH>+m zTeb$sCn5!0kbLQk*^%!0%58-qE$c|PO9bMAR>`i{=j6snI#m}*zG2#p9d~;`nr&~_ zynYqpAl+!|vOU+Ny4+HHh@Q%Z-ORI=%^ zYt0D7y*6z|ogFP*nh3j+*fp0%H!saZWMrz0k19Ac*l(&y*e4{kHIdeqfTy37#-KX?JAw9N^=>{yJ9Nh`#5_t%@*bbm zRmr%c_gnLaSN0|+?>K;hQqrmKlHwx?nOd*4 zi;_~;>PRn=M7-bM-Rw*7NVTzS=-D*P+LGq9$AZRWt0WM*&Pe1AO5`45h!&2}#1LyP z2V#wT>iHd*30EAiN=XNlK^J7Rt^BN9Kxyz6g8k;U9Fm* zu38i++jLTf;oL8(#KK3!@DBE^+9h&W5v{_LZ<}p{4T<9y z95qyz%ji4bA8_a&a9iWOmQf>FF4$yphKg_6<;{|i32Z7;?57C{F( z-2@})OmACq3g6S03l?X}3!^QvhdA9SKCTUtEQhdbS@XtZ@r>!$R|B+G$wN) zw@)K0GQUH%ifBV8AZ>j#5bDVH-p#n%%hi2|<#(fR^(6N3*o8%6lBCaUC&3olqM&JDQ*t9;MzR$13ViC~VeC?IcTFR(6`cle;c1MxRj<;I~=cR}(a(hr-%1qS^ zQAC#3aO%@*RzG>@SW2SbcjtizN+7l&-WM~+y%4n#^8)7DEI4xU_JeCml#I95`iAk2 z!UGur4_BsHsQ1717^vH=hB~~sc=_!XQ}IF0^`8f->#KXZGV+Hr4*A|#myH>xxoz|t z(Asoy#peeH@1dXs&4zXek1;LGRJB(QW5h445N5mf{Ji$D zv0bWqilEElw|6t-e^h9DBBnUk-CN*?m%Sr8BsW4|#!q?fr$SITVUHoz^G8y=GU=Ln z@*2h473=CGTeY=fdbC7?+=mX_N_eSNSET=AtxR01F+|>X z*!#hzQpBCwy#4M%gO|;=`}`2UcJ-#E7MJEE>b{v(=GQA?jS@X0bJNl02!ko;qcmQ9 z-pP9`Cz@_?4!P<`9x)_y&4<#x{73ua0$gtz3PYdy`?C+MY`>%Jb?)hqn8(vO5lVU{ za;q5iSNST2H?^dlF6ze*Ei-g}f^646)~tE;`NQ?1Na8T>k(DYrQ5v6fG;-ZhJ5IOr z=;uB|$+Zj2e%Hq^sTw|)IbT0-)j%y>$fqFnq1>{4h@Aq+&-KkEKdm|BV$N>S-<4z^ zc!cw4_w#bZY*Kaay8NffcSXi-8oXWm2ye5i|E7x7vrP2FUt`-9Mt{WmL2>u{OWN`+m66H-C=c>YrNH%r#W+?NU6i@yz~HAI&gh4QjHX;Ma1${~rHeNr5l*pTsm4 zHG#r3h@vIn{$fn=coVq1gTRB2x!J_Gp%I?D4<7@cne`t-V^bqD1Z4UbHR&|;i!pZN~%FDD$?*_m2^rz7j4Z5-jll-q2#3Qs;usVr4ty}*bAx}+{a;OiU)6sf3Z2HJ zvS^I7{~G__)qnGE-~S5?!N1Rc|F7x(M*!gBX;GwjTr4etf{R+h#Ceb+(-_o5RxHk! z%A(*vaKxfU;eJU<{7>Iwh{x_xR|J;wisQ+JM z!oOrZu>Sw*{NK>r1VsJc>c6Rp(ZBltmk|GVfLOzkzb(c(mO>(fFI9bg$aBHMaM$_1 zL?6F!hXwQfi1YozT^1~GhxGNq2`nlro?`14OM&K7QlMZOBM$O|^F|OY5n_R(fs{yV z+{8&3>jVmm1SOIZC^lF!1@0xLv#7L0EEGjcWKj}XHrU^UV+A>qsPSnKh(;)kL=cD2 z5=rrT0N%tFL`oz>+~@^Lq@*wbP+-PLF%&48K}+D`0w1Q6=oE$?6v?2F;;4x+6Q?HA z$s`tqsRywrQL%|M@Rp-A?hks<#3OI?AO>X#6nd*?G+z=-2b6jdc2`^&p3|ND70S`2*vlGNO{HEC3Xs z0RRKuPW}R(22711fyuyE3Z+m;fZyN%g$&OUs4#05(DjLAJ%|LJ8Z^Nj3YD460O&?j z;}i4%mVl^VNeeCqT!2BcXi;%cQZkLp6ZqZ*92?ZE3jgg!H<2uPHSm+Ze zQLyZSqujAGrV#@k-!uUOr+g6wK+mXH>JqNJa`A*=Q=&*rm`?M9plL8-c zrh+kpZ#V8S7tm=KN08yFDWEf?jfgn%;+#`b_aTQ>KIp7qSU|+0& z9*`%1G4~+gE12FSb~AxYkm6afdJqsKRx%0BZ+$C$QLz*9Hz7qpQ$cowdlq*=Bs5_; zeo-YSwR92@0Cz%HCsYV)3t_Ce!-iOCbYKrzlvEZjiphkH2Qa!A1NZ>6EE-rw{b*7G zuzOaJ-Go-TP~w+Rfc}#JOj06K9|UaF=(&KK;8Z4cDaFdrke)hsImUoQ{skZt)_Fcq zXdhYv2?#Ow008wXP`Fke%=-X`Y%u_5uGNMBuVa#dakas^k(Q8rxd$gvhhnK@3MM)^ zkt^Gf69d?LzgQ|0($;~XWf*AkLyd;CSv0yqH2gc$AfA#K!-|DeZ6N%N)22?J`i3uo zjXbP3kPSqpMJ2-`W#I4Q@dfnMxl`ZE|KpeCn6C)J{>YUDko$^T3Scu>;sXBy?x8hV z3P~VQ6Sd}kfwdfi!%g@=+yqfo+0m`N61lt*4hbEsVhbSP&vO!~>nQ!A{bfMyDidYia30T3q_j=*e_=X97rd6<_folPthlxu7mTm%BZjKX1!jqQF zq$~hz`hp1T4w9KRT3qxXV2FJw6v&l3M966plGa=X1%L!m4kMWYNDgRB0o471Ijjvh zKoCHWuVf-c0>{Lq66Oz6>5q?#3;lbCHI;6ETPi>Jl_)q_PEXwl?e0+mdT z2Rxg+1g!Ok7&JIE1ZNrnz5(9+wlo3f91G^bK&j^W`?%Un${f%QYC;UeWJJMY&%^;2 zn?MVP4OR>l=+Wq~TM46>DJirf&P^ke$2=7_#YXn28w7 zY6@cpQsDe4LK*_}W)gA=qhBNhY{;hg0gTZ%_qBsue27k8ObLn1oMB3QK+NC?f?N^~ z{DO;uEm(MbDsZ+;Zq^hw>od;hh72GUnW(AYaXzpa#sNZuf9A$GhpC`d-_XKjVti97 z0?Q5%DpyZu$k)eVLa2V>bo&K9z|Yv=A;`|d&j#xRBHPKC(wCDVFK$4Lg@B0IO^FF^ zLP=(7N)&LW6vkIwnNF%-5*XllD2Az~W)?G8V`2u(`xoX+=MA)k%SqVL0C|UH-Fo7d zU;~a|AUJ}t!RiBfj|LnEff08$3FrregB!1K55QUqd=Rh{U;Obj>+w6AUoHh3zx#n< zP2CDuhM73pVgiYd^NGHWcEKR@UJyX^vh}NIJD-4C}gJ5}KBtRe=5KAN5 zV7(Uj`hjR|f=yGQ3X=lQ=VtI3OuxWn4ma@&_=*QX6nJeE_dLL9F7RLRZ8HYLb%itR zI|!Vo0CAlXnEu#ceYudoSVYTde1gNY>4tSuZn>F{iAf8fmo+t!p3Isyk-<(zh2U8+ zj5O?|N&`s10Ve~M2J*sH{OOl5NMtH)>bi-c!V@Fl_hTtwR!E+@mPI3z(tzpkfD<+> zIO)WkdH-JpG)PM_Jc^_i_YS{tc?c~ zfOz^O=U7xab0QqG^#hx*u6@xhaL;dCFRV32F$_|gAwJb|rs~Y#$P8Ea#he;_F{hKt z%yr6K)n+8X!btw&@Bl}@jU>1XnHE7zX!?JxeP8t8*JH77JI*4AUfP68-li}1%Yx}!#3@jsG`5Hxm|ATdt zE3z|*H#4$=O#*PQ%n4)7H3+a){h~QA0zJW*s^aE4t832h>=|>zl`}n8ef_!Z}c?MM1={e^=1#>EWI|JY530Dhuz!%~5_Q;I9e;lIDr9vViOaNa4VNnHONSX`JgR#*7hXFzklbe4Y7=SS~ zk^dba6NR7|@&0681R&zXtrGnXgm06Z)5e6gb%xXF-w6Ozd>Dx!6aff$Om2e6ng!fo z+;>8nFnjUTB`~zFrXIlM9{Nsb@zh8LC>DVn8r9T{{vY#(1|?hP$&GUzJ=L@UHq*i+Am-6O&)FXByNFn z0`_G34A}k2vHo&mxFaaCsIEh&{QD z2j7VUNcV!q1_m5e!Z3W{?e7Hf+Y`t?=#9CQnC!R#IVRB6JKavhUA~~y1*+WNiQCuE zd1~t52UoBICcG^SYzn`>EbKFz%y~=!o{H)w!w|R>N2UN@1d>oQ+^z4_gA4&DKxEHt z3HoNV`roD&{s^!ya3K;4GR15BS(rduKo=^&o&gGvT=o8+Am6u9#y5HhGAghug_9}p zaAA>lq{dKLr1)=!{VgRY;YQK8nHB7e-m&k!lv^8cpc!!KGnK}kncnzQX*DpNm~^v$ zByaXLV+~&gXR3i0<;jY53O(P`!c z;O{){sfM8Y!-D(I%)kVc2LS#v>Uto~11)|H=c)Ac>on1hY&je(FC*u`R9Ou$k1Y-!u_Xm0iAhZQyzp>uf1*!tc=&&Em&?rXsSCN4mp{PNN#^`BqW(9~&eFu} zPtnd7G+%Y34?P2=wq;i;U&KPeN`+xBmZM2_YXPB z8F2roCFKST#MCH|+Xd4BXo5Q2;&D8M1^QipXZ%~)F`23Shq+-o#SM_(#_MxEVK{7C zE&pib5*ZCzD{TEuEX;8n*?!d}FWpcnw*$*HGE5+YNeOCAR1-=85?`P!K~4r4TUMIE zZ!+X>PHMv;j0KKNi6$k-vv8CII>3i3WWSZho_5;T-1Wq~!f0xyXf)9j`en9==XQY3 znCXG#CSXY!NCd)5DiUd+1rs#3)2${}ZWwZxIQ;SRjsD~OsZ7euo}$SXyQv?)rdi-_ zLU=~{rKk9J)9G-tDcmv*k0X)<7F97on<0q|Cw?F*Fn1KN+6!Lf1W3u6Sg`Rsd6DTw z;mJM%P#|`g@2Kx!=jp`_W&n~i(wKM)d%OAbi9Y&752Aygfzbr>CK{Uoep7vqrbbik zGcX_E*2~{P8mz$Pq71jWa!c57J^OncsKYi;zM)u_tumP9yx&OGZrvAXkCbqxix@MI0f0cXR6uu_7Ywz#tGM#Z) zcsx_A!># zm4)0r?vein1Xmuu9k+cN8 z|3na@kwI|?Zf}Jm(?I-2nfi?dvmS1G1$kSr^n?jB1uzfPk-(bCD6n(_F5yF9Bye68G8b#qQv<6lXEG}bEnQ>D~h(RYK*ade;1ix_Che2te0RUw5qk%MW zMFW7H5|0!x1bE34K#&IdeJ4>4jD^EW7kCks!8h%Ie@qv@WtKAycGSRMQ={U)q}#U?S8nLFz(e1Y=s0P)T>u>+N3iUW1o?xiU_6<-Sluo$Di-8Q9VyJO zJtZQT--m7I>r0#j3>T9iJJ4mH#-uXAa?M1D2*(;U24E&Aj(|u5UKR|-2J;`TjHN-u zL^8ML0i^I(Zf5@f*t-sZCbH(gN$AqS2B@J(QA!dz2pD>#N(T#s5FnHU6RHid_kta4 zDE4-!h`radA=t6^Ua?`}KW|eApq>ic_xyWwt-egA(oIDy&;fkDh#*&!u?^5zmMqtKn>voV6A9;JeeT?f+!-2mN#nC|_exi4i=Axb;8XN5f0td-#!-+(Jx8c(9~JKWqg0QMw`01cK!_t{_9{ zp0Io+knR%{9unvkE$(jA_0316cSukGS+Y9DB$OP+2=EI1YY8f$ptv_ecnQhObV;Wm zAtaWg0@N!oXd&X<&@E(utP?=uHXspzd5=p(s+|QOB7m+FiAGpi2*QgAc42x36BY;x z#UvN73DEhO$uLV}Harlx0;UaU^)KT3NVIMp)+z&kh=e2(lvx6>JOKlO4ek{Xk_h-h zN-PQmS5tzL|5~{8@d^=-bq}5(6NI#fxXHoHJOMcVE9uOzE@JGgzI6G5XU?5@f?JJE9sWy(zlEL+}a}{Yl zVeicdq&Jsy7F4OIE{m0z2)Q)89GqK2*aDb%g7$()p$CF{U?CxoSUQ-`OTqWVLl+7A z)@r>t!B5gPXhd4E)3_E$S@M4B6(F;aEfm#=))DBs-)bto@tR*W;L{qVjo?RMZjO$p z2r>-C(xZ_z{tX&?S)fbE;X;rZN!x^x*Pmm8CT(jP$Y*DR2`K=&K}X?yjn80F=F3k} z(32xzWeJ30OUww7Xlmet+Kt!&tWBwQL)aLW*TNS*O&8`nfbu|Gflw`)B1EJBLWJ-j z8vhbthzwpvY&ttOE5kGcz#9M{1q=(cL?3_{5K2d^5EKCL7o^bvgr^$7wOJXWGYq6I zb(Xr)G7+#L1g2)rFW(U1f;1`&z{YZjA{pC1ltW6r!ob!E^CSyhEmQ{z z_*fV|fiC`D-eF{SACDmapb!^BZ~Q}sz0hEKpo=vKByWIEB8M_!yo3u}g(n&qii7Ij zbPxFDdkbEBxx0pVg@*fwff99xwp*dQK`(@PqOTD2HsUp2s7c?Kj7SLJD>toOg)I_B z`5O{4L`@g3z=g?R0+S19BLI+sP<>#9TXXyo=vokY!O%j6Cm=*2QAaifRSkL;t$QUi zEz>OinDDXg&{e`9kYofY^$PTgj138j1Ug950@rCG!~#SLaej{>8~?PZ zT|Ri~VM9Z3){$bEHhL^@FwNRQ#J%5qdNT%S&9{cf+t`@f*ipVDd`b0 zBS0TmiF@Ri`$jnCThuqmSs=|MKhrm@@L1G0_Ks5Yz-7GD!@u7(t@Cu~8hcxsInBrs}pAugE`Mzm|w}yvXn_Jt!sG-_G*9Zpzvxd=bY)>eX_WkaC=V3unDQ@D&mY9vc_ zcQbh}wi;Vzi%ENLEoeYx@%+{b`DVbrY?#L2lNfkOG%>Y6Z!4P2c;y086Sz`gaTNX= z?tT=%M6+HLCuEDKC&_#f9tF6x;B^~0B7S-TAmooBE1b+grrlP}3tT{%1S7MNfiJYir%~^?uN?Eq>Uq zbYx2(X7M{6*Qyo_J~R1A>D#IghJO9enQi}N&;HhEZL0bt9xWR%K9H>CRuyke z?VumHs$1C-p;2&0>3>M3)2P4V`e;>>gGRAvW+{A2v^MGY7Af)OhS2wWxzG`;(IKd_}Z6#K84i4y6VMcY`Vyz84AnmEc9h zUL~nWoJ6Y#lUgL^W9x=)8~c*T7Gwy3kx{OkRG?H8y>6XY@n1)VA!`XI2pYa(&!hEs z!o)3=$f&d>WSer6oXC!j-KE|cdRmm{AZd$K-?UMbG}l6sdS>d`C}a+e5Jx(i4JQes zv{uB&21+&9{zuIKQ(N0c5!#>ajTW&3*&mR`cx2O%pQU_@o`%c;b2~dnb8CB>ztJc# zwXyy!%C@S;{9!b;t@)cuwJ~@6rTAW}zB}~0DedRFpcy43(omS&i6?jpzob>6!LKIC zGzrW|-Bz^um!TRQ5?Npcxm&1ISd07%|1@2S@_13gbi6o3@;_}VmG;$SCfBMX4QW$R za`b;rn^MhfZ0ybL9DXmqrgb#BDFBj5=R5s9+7zmPaZ{o6*Wad2spi&pG;{l3GF)1! z!cA@Le~YxO%IN=5b?QJdceMKz3#L_H{U5GPQy}S#o!1Kb6so#PPgs9%p4u=?ZCD&3 zH7SzJLz+xjTQ~Uu2}IIobvppd^veSp;pKRJtQnHczA`UCjlAyK(yRCIT3l>YG3 zeb=h;q^Z~c@0@r4Cmng#%{+O3#Si{z<&-78y~EttX+s z|JyE??=ImIC%YOVNLI+e4GQrBpdPxXKLd&gO69Q%{U5mDf)?*0IVdj1C0-v5t9lzD z&`5BOZF2#(r4ft?f^iWqU^PHc!3|YarK>TL+Zwq)jF(}>O6KPY(kN6bXjHBpCDw=D zH&%E|T;20Wh)3VOs44ytoG3;>vO~-B05Vrt%-5Fm+b`qBwo8(w5kyjVq5`O2QfHsxWoa5 z$RS)74~wjzas(sL(<>^L5#|+uc)iIH5%32zPy7PHP0=^r=!Tz~-ml@Z#&3sSUwl8< z5K>1(APEV?CqOg`HA*~Kq3zoa4&`{zGpgI^~43W5jN}QY|J`WIWp_~USa7J() zLTCa6_kx3+Wb-%)s0uRzbv=%k?FF)uyN#mRJkt>zrWKAV!z?#ek zR2vXzl3L_Q9tpcgw5YdPk2H`@*e=oce`Qw$`_nx{T@ip60VD^b8hlRVFu-XD1pt+F zRBIYgKD-gs1C#8XB}8Ru8`4vqY_0z_r1uO77lX-o^0SfvPYM8$1Y}=;$-r?`00al& zOX2H;JphUaMhFyb0Ki;aJ~VUyu>0?!m`H~;ka%*X{;TNk9TX&nJ@R03$-+7|96&7b z=J5dc2$fR7@gIamb;$l8-rd@c^evY!wJz3Kg&Zh8Bc%I*gz|y8l033rYw?aR~JY3KNN5 zdM1F9r6NFD4}i%5JUI@ZOa~-RZzws6WCCF8;K*DafHa)hc035f{~xaTr0O|R9Ku5A zVl#wJ4&^|#dIXXJNO0^tgh|Uu16dFZO0g{oZtd{T)^}3;?$7WLqrou{Yzhy+6+QW= z1Q9@tgUtc@4MF%Jm?=6Av4^kWV{iv$aR7J>kb6NW`-ABRFl$IlCXn6PY%VzzG-F$K z&_8`dNOh2>7hNonaF9iSxXZ}2B+~))j||9`2;q>2%ybUa(e+?vpn68|R{)S92!K%X zXm+$oy!g6eR@swo(*prWPng34+rvDn)>1go%>JKYwZ{ArQr(5vrRI zxGfUld5R$3++iw+JQO0#LC}k^(1Y9uLt&DfCU1X3D-^!!67gi=fBMNrNSFqc1t zaw(>K12$|M2m|N^NOJw>_5xH{7K89PNa2{`U}IFO1iBQ}ND+YQLu%3k7RiCeM98V) ze!^ji5w15bsxuKVqb-aUz(EyvlBjE1PfF9AX!ie-j-fdGE~G6?<|T->lEEQ#451m- zU%IT&3Fx}-x~;68pc+(*h6mjJFI1(3LBFjk#rmoRs#4Irdb@O+zB79a4Gs!H&~N{6 z52}bb6bHXRhS+K6$K|lVJPXYP4^ooQQ|F6(ML_^n(^gg)nkBY~)5Nkz$oS&#{~rIS zgwP>$3Es2EU_d`bf)@aAgV59vFYOrw2;iuycpDPi+U8$EY=3%ikjNhr!sI3)3I}lb ze6aQqX0VXvZAWKXi{x&>kaLkh_D=tf1=@b%8 zlo9jKNZb(;2{d{nBTz)8P!7y_pf*w%K%$aOLZP5s9u)Cm3rvvP39qsl3dNV${5Bgj zpu_E2WK zkpvOd#pI3P@IX^TggBIwo(_{$bI4BPWkIDfcV2ota)f(>YHK^QwH1gjR!Y+9rBEf*KPXaXu6*$32hl+G4&V{03d|nzVt0GKa z5C)0c%m#t#m;au)m;X0H!jJ=kS0xhS!oYOap9iv-fx8s(m}6U#{vREYmx={b96TAJ z;vcu{q(C!vZ;y`usF!-_*D%V>cQ{|^zix@Xh+GK7mC9_Ety)P z$Al_P^!;BHq7?Baq!9-MiR-q~xw+s#&jZ;DiIE^6!r(9DfAci7ofrPo zQzgao!v8r!Al*|uK$`j9#6O@jTEhaAG5!~`RKvVH zd;_7ZqmML(m(a`*Es$%nV)6g+8b&E9Q5=H3Btf2FcBa6R1%;L&Yz|Wru)A;rtj&xq zs*}w>JO!r_rM*1EJ@5rWqUoPkLKX|T;K0_+;&TzXA-2rsbHV$GG8pIy*-Wt8pgu2J z%9sujPUsG(j@Gs-=l1p537rhOvvz@!iIBSlOJ%dmJ*e9}qChVJY< z9;%NHRguA2&jdex7B`cVn3V=zh%`tyLsnW_awMce|D)4PBs~yJmtSV`G7m9Z3*5&J6JMl_%EGqO9<}U5RQd4qkzYP<{k8`%&c^-6Ur0; zQ41+nc-}}TOugHb$^R`hhq9ew2WS{4naPD*1Hdgpt3a7#PhJl4aI__zTbi?mtG6F( zH?hXSQ*?y922jzB^GoqW9ifi-hJuq?p%2L?;#K*E2=1l{ikYiB-NTO@76ktXOG@Y< zz!_nB4?QbK!)^Es0!<1U?{u}whgSnq0t2LlO~3OqL8KGhisM5o*;wC0t>-~ zg7TpN8Ubn#h!H<&qCyNfaC1W%6bt{L=1Z+ch2<NrF_3DfnB}A)eO1 z%^?gF9QQ_O%#eibSztV- zaR#HTPH;Z4lEL~WL!gq(=BDr!&oRG^6!YVk33(sU7!ZycmuC46{|iS$1OLNiKj42+84v?p42hp01?(jj z8ZfZQ(&siBat0KD43Qdiun*lPdaRIp@xdm(85M3O8F(J}r)fE311dU6#QEsrMzTVB zyc<~m<-nY?uL@J3^)K|UvEW@b29S&7DirLZf(j|5W>@Mj>T zD@f1~SW>Bu4irbL1eo|`L6LVj#P) z$p-`*G?)j+fVA!mG#dgp73u{@oD_&G zLv!4C#K*5#6N`X$8c{$}QweG4Mtvm3=!RlW7fMW2oJXoNrB8%9mlQi`{r$ZYy}dm= zfW;b;e5IdlXa9|RiaAC&q{PEOXoMgk(-cMVcWG_o_#Ij|HV#A_nI~jP9O+QRlEMMe zHw)p70CV8k_Bd85B;hmBdMF9=Hj$x9%)t)$ z5pc6y`nFcliAAQtd)xKdq+b|pqBjBT;0Y6qRxxTQGrK!b(kM&IJHU*7=w{0?yg znSuo7phow_C0k?FB;9Y#ZUnDqZ9}!Sw1=`Kjfn|dE7hiN5VPsMzDYWYr47I*!=2lT za*bNqTwMPILkSr*)Hs-IO99AZX?FTC0e<4%h*@o{sg@1^4c?f%ZN;k;OY62J`0uf5 z2$)Y``jSy`>P9sF4TiO)*jZ8lk-RZM8@20K*cFX)X1oC!=`>3U)Rg}gw`OHXjqf#qft@o*5*??I~z+|A?q}{_g_eXza9kNkqe?B(fV>h;`9-N z-8R;d$T5rif{^jePX{wLGntp*VvxZT!0bslRdF#8O=!f4VU}V856x+iM=LgylbOaA zSTY3}ZlY_X4mV8Gep3+x(b3%bhdMztd4RM?fdD)h?A%NP*U(HJD-{{eeY0Rr0G@K3 zOAtjwE8aw^0l?>AUe++d6HSGt- zB@1@Y3!^vv{^>%>NG=$J8rAd)yy0YF$x)bj2%iJU$gnO*a$(bJ1X=Ov9Ox}kLwtDX z1S`Dt&ENG~vOs#`)lfz6FCpE3#1#TComt6}{mkiYL#?!*x*_q&vL{USK%0N2~ zq%WC65;>pAhU7Z5wDA8w`F_-Y4a~;`9}PH;*bOLb^k9qdPz&T-vIxye7m+WJiTDkC zeQe0Q5V@T=2+@KKOCh*;j8&vP+JxDfWqq|ev;88qB-!{tEieB-iy*EAxYjHJ*_k4O z1%P}6iV09c3Xm61(DH!_ALeBDEI~59mZ7a#tQjuae;d)lA}l-r>Vc0Gkg)7}SOl!@ z$OL>`(ee$PR)GL@DPg)cCYp6Kc%J_>(IhLuM4aZ821pseSr#D)86v9TR0_=kwZKP; z1Tuix2*R1qOA(&h=EL&`M1y&jBt#~}N*AlU@8#QqZp3502#uZW9TF5k4)F>H=z&nl zBt~2&r0Ja{vh3$?O>Z0v1`7;XVG>RG4TA&BAfD9Z4l!pm)Ha6YM+wY4i8BZJ$0Y6? zD#S*lEc-^TIiXn~6;>pJDfdG_OSL z@+(w96|p%i+~!8z0wydwiO0`_-mtba234Hrl4lG7pCsriFRLUr*B@560VSk1V-wi0 z?lVn*2EQ@tMH@$Jnhiv7{Q%4a`T0@OSsV5m&Dz1*nrb6OuK-BJMA%9me6UJcfQAu_ zz!{tM7@h1J;^i%wEVrP?C{$Z($A%s=W~I6qgC21KFE99DarX7fhB@mu_y@+1aF&bL z(`puy#2Y27RxTM)V5>{n?vf(v-<$sVpcE67suCR(;ujX=NsqSl2nuK{A zXXa6JY4$ck$s!KvI=~E9>=Q;ACe4d4?KNm>n=i+tnsChyX4224Y7MJ<}x zB7U=K`^mbvtE@%uXh*dYE*k)o!Jm`J{;Aje_7zRuRPtVb6Z6@COMsKX;(-SOLRlP$ zCtE5(lgnQ79XQMx=bT;xw-2868T=e0HLXffWh`qa*{QsKBC6vjT4iybKs6 zRul@AN^y|vi;UJ@jS{PxC4dD&Wk#}tIhpEcM?of8BmX^=&1;g!A#9i^A*zwP4)?W) zMZR=Gl<*R9h7ovwrGz}X2)aYM5h%SCG8kCNkVlsZngvH$fK@krc*$I{wRv(2^aLj*%gnPqXqY$z)TBDE|>f z<2gxIh^8V^!n#+u6L1cmn?=Tr3#5I`V0{n}kU~Li=O@8>ctDxtWU`VWv;xK@Jev-% zG6+tB%*+C}HXmh(82IpDx{7B8guxlGd_KXzoSXwyFhKoqrSe98*g(|pQY|z^=>=pa zzDfhK#mH$Oi7d@f8ynOy^84Wt5I7`E!vr4{>UyPK`W6;YhmB3<^3X~rD8&ZlYQVCE z5^Vy@46v1X!OYBLu`d&MY6?@3aQawSfZy;NPDSvSqdQ1z)t?N0+uMP;^%FjK6v_}L z@4)$uM?aD#G^F*Lm*zxwmuUU(m*#ApSNf^f5T|&-TL=dY-4iz2SnLbSkNJZfLYfR< z9w;;`p)UoZ7W|*nW8XTziL`H+zafnx_SWE!kSI7@YQQ^-+2}h7My(9_hnMyIyXpO3 zTZ~mC@TGd8QG}qi2lKZgUX6zHH>?BeTo}5I4ERPv8Il&iVZh`0IYKGdSpP_C#O6MM zhVVh-`7dH(p%)-49ytQy*;XL!p~fyRBM*;kiM4OMtB3dy9%Tp9Ls))M=*++eg9kG9 zx!?+q7sf`0Hu!RW?x`72=86e=P3YVU7Vd#kLctu|p)BpqLqrgduqJ(L70*k^LqDP$ z2_xjffC~yW2tzWG4bcJYf1lQ(Ks-~xwi3 zOQlipeRK>y7&?Jw2M!~9Ym5SUGVn9mwiVm(-CMy5Q&{js#vp(FyXT-EmX|cV zii(Q#_4N}I6T`#9v$M0;tXZS~Q3j{AIr>KTz+~#xk1^Knc6f4XXMLRM)CA6=sMM%s%U5HeOn{HCsJ*@Ac952pz_o z-5hy{oUE*)G>Wc59;Nn>c63RcvYc{eCt2mBj!Nu-BQ;e?6XK?jve;uaIoLF{*;=yG zVo6HcvNKfU6>~dISu}7)T3pEjcFJ1f@Xq6NG`GcS?@Y{&T{UO$1Z>UP8S~a|?X)5G z56y*hwbF)9J#g;u(zwgq41Q+Sq9rb}ga;2Fwwq0QBy$OSq=qTVJbJA8?BNS7#rG;Y zmoDvm;5%ZB+ymwK-Wj~b2Xa*m`&8vj?IxRt$=UU%Oe2mO|EOMO*kpzE#A9PgCzlI) z6PP)a<|1`JnMq5^3pk zdim(nrn`$iV3T`o_Z>&dR8#7;B>5P&gAmoTm&3TDBX-MWosoA>SBr{pg1M#v|&}+#bHw!|E`j zf{?46qunA2uiSj$m# zoN_;J3!SdDD)*M-QvGvAvR(s6+$E4)Iku3wq? zG={!W_i7A%L*K611nz;GE0&Ds>pVWYbj_xTMQV#Ik3aDBj)^x0A1*%AVb`99FIFxa-rsfkPG<`p%h|$PPW&B`$?9DJp)RNv;9;0p)!~<2Cn=Jd=$#M4g3i7)%^5HC_*%Zs}0fb2koz@rZRjnEmJM_!L&jq2{H^*L+ z=@V_Vzp~#Vf%nOf)SAs#G<*gWFqJxtD{ysUPcX+6Tx2r${@LNy#@=@HWhp1RxgIgd zo_TwBTD@22Sx@#4A04*v<@7Jgv$jkb5}QZAS5OpiCaRxGY2`Rlk(FVd1K=QiZedjCA)25EE&Ao z@Y=F8O?MK%_bA<`WK8?;8bz|jsHJ|z@3ZGk&6;dEl1C!S=yo5$m|>CdGIxZx!cBVV zrAfpouY1R>IkdHNy`2nUmhQmo?luMYRT2pAqDGKpDi3xpP-k3VE!i{F=*X7nzJbop zlWTg9*m$UHN)*k1N&8siEo9^4oWbi1<-*#}ynJchz)o)#{8`)m@UTt?rf4g6RlRyl zajbfr#`Y6`s(19%STVXVZ_-j7ecL#9rzMYl>9AS@)eNGC@tL73 zb&`pVMPTnEJ8K#@;;#+tkd?E&WsXdFGX{>&#ORG0VIq zGWsc%UEiFaT7B)J_p-8qsvmfVudF4x%XaR+%wUq&>%o?@9kXwm`0d+wZu%68=|khY z$Bt?yyI7C!LDjUawb9Kalm@Ufu=D04hCd?5J*uK&SA(gH&#y+-Gu>Z}=wo}+>MO&? z&#e87E4AAV*wlSd>YEStxfZG&qLFzfCFJ46U@uIk^W>DGs1d;z)w=2QWm!BtI3RFz zjLnRx)U$G?@?nvs!@0$^vDX;8#@gz1nYLnV%FDZ{L&|sb+{U$2c+@fNz_G0!N9ATD zYm$p?X>l7^C7NE^PTF2;pI;^qE?*tU8kMoElwGtzk;4y z0zP-zwBK>o6I0EDR>ynqx<-F-VT^2X_Cb5!K4o*|ht}wqyLO7x2)Mt@U)GU&`~zK4 z@7|=Vqi%Q%`t!BT^?-L{_4Y1JJ!X9A=GNVvENTXvE!r(R;>9cnM`QDnn<1m>u{8nd zajLTFc}kkWm|DA%hcN;4>LH1>hWoPHb>8NrJg;k3V21Zy-$*CH#eLH^u)aJ^4%&HT z;fQ7BJHI^3m^MVc)HG##&6nr7XND+tP|w)?>C1}|YP)XA2Yoo8dtL4}c92A#^TBia zGTN5pQS{{f%1>k|?PXti8V$};q@)?Vs_}l>?W8)1Nb3Y&I z)mQPf+p>-uA7Z+j77*fc3A$I}&fM#0)~;q{33EWM=gi6VV@mH#?69e$>x*$S#v6C> zc#}WR)3R6TIE`)2UCy5!;J=jZMd%-B5KwkB*`=$N&s7htn>h2~Y=Z2P;R*Lt>1TNti3OQPYF~5IZq1F; z)o?Q@E3g`^ZCE=ZG%>2~qW-8_J2!p%$)!xPIyq&(Wid9YtgNqgt~Uw*BtbW`VDK?l~hL6#olvVFtJ24orH zXr`^)$P&Hbw6t5dbnl!sNOLfoNXzW3-ls;xpyXV(iZYWC^urr=b5Q*k9zNJwSZ`^ zkd+m6-tWd;-b5S28%rY|56Y;#G_BLiiEr*1B)E^?pk>c%-wD%a(ye(qH@(&0=ua@1 z+^0NZ*=EYEyM#vv>e)B=Nd>p2cNsC$!fbfG?2M@G;lno{$IvY~!SX8uMlzG&V_EO~_qN=y;d#EO<=kB~u4ow(K44TjP-T+J@+U znJ`j77@Rd$Wt(mPIkS!4%o=u_?M>HlS`qNMjIXC2!(J7)MP}Z<^OozE_n1~-J=ZMb z`lzCr9|`%7=If549~m>h6IL{`J2AjJFwe&M#`wakB^(dWz$&d?-DsG3Reu3{p8Lpo zy}eDwDn<{h=C3OqkYTG8H5>aQbmrYR#RZPG(>>yA%X_>dr&W$xpqV$bPv?XuISY<& zw+Lrh42?_fPg=Ccc+nLwYkJo&?s%uzYeJV7kEZN8yfAuBuaK?Nx=d$TM~C@sNjPNd zraar8Y~()4XdHNLokv&B2T zHq~(TQrg*^edQyDkOy9-Wtu2yKGI*2A2WZ0q1&rhLyTGKY;Mn9(Q zAufL!uE}0w=}VY!ot25*gYe$MKkAK!-Auie$?IdUDW`d9MB=SZ zF;DBZkj`tA9Nuzj`eseV_+aNwcVng~yyu*oS@zU8CZIs6sEiP>B1_>_lCI3;$ReW^ zWt-&W+cUNeTj-0hPgH?O8NBdcHcoC@fWKs8ZuRYWhcb#(R zdtvp2y)~48gY0Jqb`$OyU-s+yaBbO(@cDlP&%WEUd*zzl-Fqy&wYGk%(Go|cm&+I3 z3ksj1Yq5e5S+ssA)BSbfT%8_PGw5M^UTa*5P-tX%24m-)ij~p6Tu%_Y&AzXRn*(Dm0w<4y> zaZYql8aDLsh%{{TmG=G@58r#MGxxr3u7B@`*`3nQwqHO!s(sdQT>pX~eR8=YozG}SS_*S_w{=@`7OhtXQW>R~(q|M|UO^a=cw3Sl^f6!W_!3}t=|GFxL@KB-8 zQMs~RSOIycZKQ%~h4Wm&k=~Kc-k`6_=06yB;(dnkC%Hd94?3m)MswF^Ug6gG&-4+z zR}=a;c2H42p>hkm-fM2?jDmvu*xRuDOY1gYHDBmR$?CBrDi?H?Pw4N_@Do`g>?U!%j+-I-^A4Wcr&~)0+E3E!hcx(Gnw1L$-GRS zAeomzwzi~T4(^Nq8Qj-PJf%m(Fd|0OBjys;H`FYVWV&Rcl_QXKlE6uTOc}h0R~S1N zGE98XY5*?eq4=azI|6aomP#HKF=uZePYc#yUa^+y3d zuSvoXs-5Y{PUo@sC}a40#G|J{%h9qD0B1@g$D>3bHrd7+5{<-pMF0aM#C-|p0w`*N zutS1{w6zT-noK(o((jyMWI%z{6I}4av;OUH;l{(B-6t~!x({jL{p4F(IW<9${~Q_1(*8! z!TEYbE+#K}upUu>$wg5p))cB9Q5I8?+zLHQk7$o6pw-_fiAawagOS2R>3T%A=x-7x z=j9(ov-Z>@s$m59K^r3l2l=DFG7&*xUibl6m!n5i!U#5c#9mlC2ryD@XgyIRQIAN+ z6hb_ML#+b5;11rH9IWI9U?DwXg6RGuF`{*-9&sE-gpeQNY|6tK>O>EgZb{l(kx z4F6RfjX(S@qQCgaQ^9{j<1ZIK_YJ)oChGVe&_{F*5x?#&zUPZs zB__fzY49y4x=MJYWPXw42n~KAU@`D5J_m(k37AF05&WJXU?0OW@Zb@|kD7i+57Ey} zj|%r&@*DonLJFXFh4&=(7XA~_LmQ4lJPQ61@NfL z?}ZLw%D(;_E{_QJONXjUAwKTpsOT87{AuWUMW6x|g1{_6MnI@{7`ipX%Y!U{lhAg< z=iLST30Sp-Z!nqMaQvsXG*}RYg60Lo+17x6%!2LFu$`8ZnSqYKgl+BkRJ2V*Z>G(M z2EukHw4Ef}MzJ{Uc;R+$w4IR7O@MPyn==y96VUb{*dCvq#fEK?KWvYM6#pF9J_p-I zX<6wU*hc-T4d7A&Afhrlj-Z=in*!U){IC!Y*zSd43d%`R+woG{XfZdOi#4R8n6k_u zW6{xp?90wcgFH)%U??Mu(k4Z@C@`GxcScuXnuxY!AhI1~iP~8}_CJ1D`1QjdrOx}& zChA+^?{E4FxuV0#hGPv^HXP$E1>S-&M4H}kEPg(QRgA%~PFEU^87;vuwb2;1^^DZ} zbU^$fm081Kvn&xoC7-`ML2~BzH>93tiJm8+9VnYbCMZxcA}WGs%;E!<7y|gSXv)OD zeW6sdq}pK~0y(n?G>{ECkPWp}lc2l7I>47WgU0_(5C7(6Qf)w+LcWF#t4uvy+&NRy&N;e-Zpbko23sVg!apUSziiLcWJ>_#OXl^hKNoyF>veiHr_=goKe< zS^R9YEfhGIET)91VcJ+{tSe@SnS#uuVfHZ3>Wz6}eXt-b42#AFVk|5fOUL+F4mK1k zz{X;eu<6)rtO#3-m13*04cI2E0^5b{$BtkpuuAMaR)gKd?qN@`m)JY(6M;aGC#Vp# z2%QPt2;B)i2{eKO!Ij`e@F#>2q6u+?Bm$R^MHosLMVLe=Boq-!2&)NYgzbd=gyV#> zgv*3mghzzeggPRLs7%x*b|D%Qt%wdpI?<09MjSv)A`T)BCXOafCC(!*C9WfGCGIDl zAf6}QBt9X&C1Ip?qz)u~k_E|u&`I^Ho+wR!_F4tdlH5HcB>0 zHb-`>>>Sw@vgNXeWzWmrlYJ*AC)YvFM9yB$S1wvEMQ(`PWVwZM8|C)Not3*I_f}qB zzO#H!c^CO0d8T}({8;(<^6TXH%2&zXlmDR5PNACuO~G3sMuDp^Qelq58ihRyRSFLj zJ}Igzc2{{p%`%u}4ESgN=~@r>d<#ZO8aN+wD!N?}SVN(D;ulr|_GR=TS6rd_*s z2JIZ%^=-##H=^CVc7L=x*6vojkII_LJ(N9^`zvQDPgP#2yifVE@*5Qu6=Rj&DlsaV zDpOTfs~l9huJS=uOVv`9p_-tYuUf3SRkcd>xtgL{cQv}&K()bYbJRAgol$$LuBdLT z?xD_9AFf`kzFqyI`dbYx4XQ?vM!LpijWrs_H6CipYZ_~MX(nin)?B7}Q1gx!Ny|{n zLyM&~N~=`su+}|oIc*bdhIWefB<=Our?p?U*KBXoKB9eY`{MSy+u!U!>R{Y~(IKtF zv<{m(TiE8sZl~Uz*qtVJ+SuuQr@GGM&R(5UJJ0A`(fOK= zj7|@ozB)NNi*yd_Jk{0Kb=GC+PSo9`dqt0^*F!HvZ;0M9y_0%xyL9d1(W)xsF)M%~ImF|k&9l9rXpWFRt_xHvo#*xP3 zj4O;EnshQ@m<%>qYjV|8#njDokm*v>b7pd84rZxl3(YEf5PR76NbXVG<4jLtPrII+ zo(p@PHJ3GaH0PQxHNR+~Y(clkwpeR%%d&%|zvW2F3d`qKMpiLaGpvqUeWln^(kP{r z8mcC>4|ODU2lX|r2aQE5rk%4^vG%skx87#`%BH6c+h&o?C0i}q0NZi42W-FC+1v5$ zHrPF~H?ohjUtoXHLE9nNVY0(9M_EUA$9%_Kjvt-uoHCs@IlXYUa87kzANxAmb%^UZP+`Z_ln*R=w|d3`a1e^cZxgTz1;o1 zhm*%JkA0pbPan^To~OMuy~4eUysmp2cqe(U^?vDN>ode>pRcU1pYIIci;OM|7GpKz zWgq)K!}=WZQ}zq>EAqST-@~8pzaxMc&?jJKz}3L+f!x4~AS{RxG&AU0uu1Ts;GKQt z`Udwc?t4Fk8ZtEGXsA|bZ0MTMcVX^f)52=PO~bRo4@9U%^p98_@jlWsvM};ylvUKQ zs1wmT(VXaQG4e4HF)L!;_VemDyWhS3w*ANUzc9dLK<+7MZp&T_HU#eLGi^o60@J>&naJoz3W(F*f7oAg4jI z2fgI`@mB~4f&qeUnc84Xoy;=L8k2P^+cmp5`$JAd&gNW=TyE~kydHTI@*WKK9=v>r z%n;U)14H$P77V>Lj6SSnIAM7F@B{gV`J?mijqn+t5W=;Nc3U$i7 zDfLqmr=Ff>H*L{$x#`^L7iPH4SXHP|IJof6%z&9&XOU-3oK-tJcJ}c(HgguwRhpYM z_vSqRdE4e2&7VI1b5U~9`C|9tjSKV^Ojz)KVZy?yMZFhoSlngtq{VehI7=>-_>^p2 zYP@vLGPz~h%kGy(lpbB~uzd9jofVT-d|Am|d2?0Bsza;oSFc{9w`ST};@YgWkJj~H zSGnGE{k9Dj8%j2I*f{AA?2oKJ9+$A+@(%^S9K-?E@wt9;^C!q&X4FDsHO zZf=X-c6NK8?FV)^?2iTM~9C`>mutOe9HMO|9RdQvoAZo`hC4xpAIvd=a?!zffvul z5=MYQK&Y?5Mq|nf3JQt}%8H808ts(YX|z{UR#t1@NlUA}mR2VXW&9)hBiw2FO;Bmq zPDNEkT~$?GTUAw68-1y23op_5nH$va!!#5K>I6*^!2ly_5J(z?`fD&f(yTv3aD!IL zf?iR zW$AsHS_Xp(XmZ*!O3K^~joOFokGHnrk38!k-@P#O<*ipNfo+GSn?@OX&J0WNI6d?sBLB^2W9Ys-O|eIwp99+hwwEOPcWg7ML_Nq5cY{Ov0b3fw^I|2j)Baho#Oj zn>ky1R_UWcx?gEw!mJ&^^QK?x@8QF#e!bGGPr%jHrteM77zYw=b+@`^v=a_7XbiK= znMQ?k{at77VVv`+&N<$ldi-nhXLnNI`1w;OD!%D9J95K*oh3QGm&XMQyt|A!yo6|U z$(QHyZr!@ndHkr#$BGt12WLCyoOLV8x8)?=J$JRA?h~a&!zZW@ICg78{|C?f$KEZh ze9|xMi(Pr~r~++fvS-e7w?blppC)_B6Y&4;ioPEIlTxhaTwf z{^#09*;6hZUVofvY_YsB>c#Sk8;>m(jeobO=-Tq>dilkIMc4DIqM!3iGEQ`HdbQW= zw0&fG^?;32HeTE8T~Ynz%b)d_x81N&wTnu!@2p>++T~20)0g%B<1ap3dhhMgexJOn zj>gz@7TI&XQN_kb*~PeKpYku?%XBeOwg82(>Tr*9o}4xd=Zsaw*CM!b)K95@F~;c z>MZIp#`CX#UVVIMa=Y@b@ln+Q5&J_wegUA?dVC%A|p9Du1q-E?tIz&w;P_Ae`$ASZ`6=UPe1I;zF$#S zzCLi=+ff^~JWbv09=EAtio%zRo!_k;X7!kBVN{c=wq+`7WJTGIfKCsFq^2@7mIM&{ z)tD$;T3b4dv(lM-lU?~)b&1=)n9STSb^Wtn^z(Vt{&dzlrOm6Z44ZrY`H@{}!+2kV zUb|IAeth(G-LSahr#8RK4^H(S;BR;??bE{O8dlfp+O(Rwi2Ty^z5Gg83wj3EB93>N zFra$H^M&orjAoLTSNDl8>@zTw^ui6Bwd(7j4@R@{_MTn%`tw>t6VnS-7l>&Eq}%0! zq^D=Psr|X>$x)f@r?a1^$?r2hk@evY*X6>c6H&^3*X>W2^;$EHy|eqFgF)N0HV)hH zH8kS7w}$hCZs#+!);y@2;}$lkcJyGwheyBEY5N5DSt&lO=0@+i5%^IsYE*^uoJEdb z4y}2-ZRrWME5npW_{B|29q~0pYcSV?ecF=TIfvC%!Eso(4u4JpCF8RHkNEtG+G@Jp zGR-H|i~Ne-M-Nzf%y^}D^%ozDUHy0I>O3yHVkU^&J)7$umOwq#b%Ts>)i5DZ^rFRrphdS(COOo1O5rFbGgPY8?1(OKk9z-fm&T* z$-5pE@*ShMdGEYd;}x_lf%VpPVMJ`{1(&LeV~^>MtEy3Yae1EFmTg1zUc3mZTpz(! zIkvpE*TI40Lek!cJFjdmt}K336jOI<$e5ywIt80Q>lSTv8rPANKI&8G$B^_0wU?*e z)YV?P7dWlvZSHoR_r}?ETHUAo!oo#0`BlTyhN%}inbn`IEuGoDhwY!H+%+pZ3+Or1 zGToP%cJFxk@j^m3V*YL`uZ0V4eOWp_)M(|jx)&4nuBx5O8&r@X2;4Cw_iOd+b@mr3 z$wVD2`DKC9%8NcR*Vm7UJ3p)HfzSN>PwKB|_9H&&rKT2db3Xb!_*mT}R);el5e$;| z(W7H}(ynQ&JkFZ7&c(XZ)3@^;?oEGUTdiR^jODp@3ti?E}WKHj}^Xq>Y0CG;Ors$1WWw6uBOqEO1!1_7oK-{vtp@^ z$9vA_SqHK_$4(oZXC|wD^JdrUdIb4nj~51>i#}~(E%RAx@WGw^UHfp1=5*aX?C#Ks z19uN}D+pzDr@T%5a&zvgGuOKf=F5-hYo7Fc^sGHMbM+~%cU}gRE#9HEk3?5AQw^Uz zM~9(%l~8ltWcGr0j=LNdAKNs1`-4Rbizm#fX-ClQdWrHZ^J|r{+kiv1c1QP+_EECb z!$Rh4>DOsl-#yRXCp@dm&!4z##$xY3WZo&h;df^DTRXDK*zx1Y?YkBfcEO(O?0@m5 z@1I%AY~oedf7+DlByg(7WT%|7TE$JCcLnQ3@0t=GJv@AJ$)d^xt$kms>#;#=HbyR= zZPWL7*V|w3YkBWjf6Oa%-q)osu^Xy9bC(CR%IfBqKU;Bd$4v561D^-xpNjgw)*H6( z(}1hST<537J<2xbtFG&o`Sp$VQex5F-AC!iH+SU9W^ao;mP+2%F~}mb;##|%vUip$zDb=&;v##sKL-v7YGasIxGOZz?leEzD-sZT!Ui<3V1kZSvV zTbU8b>dQg(Rkb6FLU+z? zulcrGd%4Z%iL>TAB^16|Jg{fk{7dgHeK@>z$z`|stN|5QUR>LpzuoqRiYevQ?rk*dG6!kH= zD*ybrU1QJB4_q0wYI{BAHvGbRlVJl7=k(52e;;*G<>DdN#GIZvS+pZctG*Zq?66VI zpY?WezDFZcj+PEC~ceyyFn zn{$dn6fn(qFXcuREcs|Ozq>P|Frkpq2UJnW@rnE*&5*<1N5@jn^s>=nHmwa5W%U`u)$-9cwYqk5H4h^4L_IBviS1gXf@r7?SYPNqlUqsos{BVWB z6un!k+>9<~m$p-QdTN*@XXBM4uU;u_NMz5YI6mlm{KF#cx{~xvkHEb}4$+AZVstJ# zV0VlIM>?ChJ5ldmlPz8}px?rk`iBO+i5T>Xbb3=)my<&h)P1Tw-@~a-|0o%WaT@va`thuW^{dRG<@Rv>o>wr*xlc=tMFvvqy-mk%Ff&D zNJ~!Nuu-u4>xIRGne&MwqWsp+e7jb8h!^kb?JCy^>ceXGZmta<>~v%}``uZ;&e3sp zerrv9zjQ3y^P+0_*YlyyC0G8O@-b+`PX59=rPb4qxEzXp^l8uR;fw0AlG+aG^XFf) zTl2;&dCf)nczM_UenlQDtLwt+()b-|$xBbH{*-d&)0B_J`Nc`Ki?4rO>Sz7*n%@_f z8>faX`?xb7Zo&9`g>hAW$NKu}+JL$_AG#It$Lze8$-gw}l|n(y2v>d2W4lTQhj((+xu+qy}Dq<;;V{-ZHK?O9d?h_hxPDWrbXpL&qc0p55N6Pt=haco&Egi_MJro zR?ql+$L7oV8uN|oJAHUpJ7jl=Zo1)xqcc^n-?-Y1QFD3wM*m}$u70onoK}3aZa~DO zh4TwSX%%)cdS6QI-{;o(xvg?ufA>la?~!g-2f;uPW5fFm)9NuUz%uv!kRp@dUhNl5 zq!>-xBByne;NL!A(MGp%k&$P%uX{|`_Ti~p@04e5Yo85>JYS^CO&*jipkC>(sI{?j z-L!itWjm&9o9D1-VZ^v=N#&*4uez&sTYvYWXt=&%UO0UQE>+UEo4==yEpKX=Cu9wSbhx`S{ zLq_VHJHG$Wlnpg^u32pSQjhKH?lk&gNpkLIINx;h`*Bwn8WkQff7Ol8tID0W-FH^i z$ayo9=HA}q^gQSCFtzagQwncCiyNLSm~&{I)w*{&kJHy-yVn`^HBfwBRcu`nJMF%j z%K4YC2Q1>IZk_8auv=)HUs&$soOY<>-IYgKMLYMIPr7>l(tweAM|MWund@ir72A0u z=xz8qzh^tfDOjX>Iyhv6b+~fbH8$dy-D1XF#oI&M>(aOtKAq)5`UJ7EUd>Z7>f+WT zeddnz^|Sk>ZD_}MS&t1~J+MPpXTR5er7v}lyZOaeZ@zLlW4c1Y)tLv@eC}2r^~s`a zpGwUBgK@*mOb<=}9W+vWJ877k{17t6-$6VtR@~@&@M}%qCj&APnT3B|dzV%` zKhPoPgAeuk^3!9dTrb`|xz2Yt@9}f1OB;3yzE600 zUljJo)3<{-o8Lc4-ScwH5PQ9;S1A9--g}0_`TdLDql-idk%%ZGgb+Qt=+T3O5WS5) zm@r10=psb#M2{9d%IGy>r08Yz-U%Xl8S~tJ|Nn27bN1QSK4-sp-fWl4jG0xxW!?8$ z_gdf2B@u7Zm}sFTY6&`}LlCe`b&ER^Mbg^X;S&X=CrlO#i9S=i>-BPBaVpX4{U-}# zf6O*Ee;KP>x^igTB>2Zvb5T*ZzqS_G@}QAWBr6@1cG&sRa{Z^KPPcT z7ZkS()9Q9 xRwmv(mbk(fZAiL?AvXlB%D{zydTnm#`DpH?SH#tF%3g)MLS3n;$ zz*o(;Me#_G;UefYDoK2~d0V&*ou8{B|T z=|>R#Y`h+uHvGri`ZBRlslU+fVl|3kcjfZzySvlzlV2Qm{MXoUAbWQ+)5c6Af&Q~mxKZ1X%wF%A%ukg?hL?AP zqe*U(pei@UDNw&^2iz9&MKM1ae7jWWMMvCQk%o<>nwbvHsLqCk+KtmyImvN&N7v?K=Je@_e4=UicyR-Gb7pBZ^E&N{JkzRH@R*KG9 zz#7(Fq!=aqsI(m`z>`w@dFdjH>E$fCMm?0E z>uKw~ZTP*ldZJfQzRyC_+%5xp-#xHu&Mon#++|*s?b^O!F_s8JEb%)leW#Y3gKHM{ zAmQbGnNjWbvpT2jdjZAe`v=iU19e7`y0jw2hV*DsyKBFL>$trH$ri2wYXpDB`sxW4Z)PBgXwCGSea-^!nNeKCg z51QF~FPFXBcjtJ<8O^C8oNeyaSAp4w*I6z|4su&Gv17#QtTpbvmD#IxKE{Ejpo~~` z&c4`RusnfO>iaEH8f`y-BO1EH5I4u>XPSk>rlf7)n(GX6(3I8nKfC$Aj*M$?y^bB_HD`}d_oC7u`)8}eR*G0H_;8~;6`uC>DshsjvUNfJoYV> zyZ4Qlf4D9;`f91PZ_+WcUW=rt+&NczadAF9Ch5GJ@05lERcgQSAB?}7b>pkz`$JFC zCjC(ZCnu-g`+M6pc%{+5BY|b#4@9QPX2>9Wy`ONJ7yFMkT@;2EfOqgiJX-V z#nU(zvy^T(Z;p94RH+cw@6&u@X<{RP@TAl}QT^Sf=JcKTt=knY3@6;YlKYK6WaE^#<;upH^Xg)c# zI}26Q??@gl&Xa|nxiir({o&GGoPm4|L`NCxeXyLr)jDo~HWXbNQ(&WB>we&M2g6md zfz@H@m-*P(EnUb&>e0}1`QuQ!X;k3Moi^2rT|v33@*oqb*R^st!>D-8$VTIsete(j zBmL$U>;_b{axU#4^W)FXY)9AM>0x*8E-w*D?29ityc%lTFOBS^38t^7sKW z&IT$fUk~6?yzM?ebm!ltA}w;`l=2-!8G~e{AC~4f$Nte;uv~P|4Khu8Dy;AP*eKgU zI_PQqC!VUopBsnE)zI#GpF0%tYx~~L&W~r;#u`KXjUY0N+h-ak_DhP?18x!pKR|hE znY268O1UpShOw2wN*Q?@^)HI86GLwcw2sHujX>HSXSuc`5YF70ppjWE&oSFU-4*KV z;8E%QdEe+jwThg`^WG(_aMpC3bCDkov$ao(tqkSR?)IbQtxL9HR_gsx)R8o*K4X;8 z?xye@Zc1X>;kdb3D)9SBY4qOP4_xbqi_Vj-rN@5SmCZQN@Obvlk5fb+GF@}gF_kUD z*iX{qPmIgVnd{<>kT`3#t?_+o<#+Ex#M!%3XUJE@<3i~f%sLN^}gSDaxFwW&)W?Z?A?rI zJ~@}pS_NyBG&n&bmqhts%p1%@-(_aPH+U!|TKuD_U!`K9uVwTf*RB&xKFJdfAD$qt zjS&hc{O)Co@zBChWZPZ{5G>P=RJ|!PUls58hyc4PTa$>#HcQH0i(UD`s#WVLO_m7{ z7f2`cjoG#%F>o1G)RQ-?Pih=%=v&@8PVgAl?_3~jr5y6`AK>`;8H9*mO;@U+iqUrE zEXcn8DDtSSMhn=zzxL>4;n={Gok(eIT+t2Frz+uOd#P&s;>;msXuGB|*SAe|uD*rl zLhm4)_eWE?R3zO9YW$@2!5Xae$d4rgOD!*A|8&3`R?MukcSeqX-s!aIUdvOX3dI{6 zEbtRO{)GdPHY(nZ{o*U1PBtJA??AultD-lF5ynWaKkhV;#=H6TD}`oUCOwETP|b_E z^j66H@}YDwK`C6rQ$LQHEGrEw){La|tnQGKGAC)JcFbsGX(qN)DRZ;90!z~x-GV@gwfMI*F`xGS=90^P z>aN9_MX~vsvo|3kGO-49$=S{1fH(E^h(jwdGO3~epyW(>L$ZUmh!Dyw7z;OifF=o( zubtc*XS=w!7*yYOkepF=fyvbRj<1dXYMEbXeAfxG9}V1vJ}6G9-I{hnV#$<2t}kcp zP*YjvY(BSB{R<{tX2|&{rSS-?B?yTs8j|ik)jq+mgKmc&`x&_2)o_;fN$L1=wB9Zv z6f2olecTdWyyy3#tlnU-%te-$f}^NM*x>=Jo-lWoq~r|s6>JKWfocM$(p zZ|*0n?NUq3Z$2;o_CKP2naw}9>P#44eQN0S+Z^fjTsoDS^;=?SWZuhwZ&%#GZ&D|v zXxX+OiE$rmx{TWwg#k;cs=RxNq_;h+Z5Ahn^{@TjzVQujG7t>RFDPF7%MOyooD0&? zJ?P^n>3Tv=cFkjN>yU9XI(Pid9i2nwYYkFJ%=(p_#8CD8wxT{<-3 z!=GYAy5FRf$YoajQhLGr89NNU3gX=bx@h3{YB~;7cB&`I^n0vwyS$TP!sO{4$sy09 zZD7*vDzk`5Y|+Zc8lxFG^0udqG0Q6%>Y19ojeg=DhknZP6{BZIB+6f~iG!dL+A40; zyE*8ICjcY zyiK-4hlgK^L5BV1nZ5mp`po_j%Dygum^CrQ^ylpPH|I4m|D~cy3JiKTFbY4iVDhB4 zDygAQ!kwVI<2w7k1tD-5xK(klj4dNq!|N?1_aGv(ZuH?sibfi+f&cYj8T|wz_B0Wt zLX@WM9269b5p-$P6CiIrC$iXCh>$+#ojN@?YCw+3t=IcpFVG$4Kc=@Q-0?~l?~^R8 zoE!7*J8L<-w|P9er;#$gIKBBnuD43#?N=w{2kEzFho}LS)KiWCbvCDad6H8Hxv!a| zS;W1L0=_>-);5%HFXoMDISVJm^fuOKk(2Bhm>EgLZeS_S>D;FrbzWTRVDsn3ZH~*H zLloO_posE3-@&lJ&WkDXekPc78pl}~WY|^hqdFf?bTqfJRtgRj_=nZH(qPg2;*R-ntE z1sv$^_IJ5&RUq?~$u~(h9GD31^8CbM!!f}N1qzBti@q|njOaQJH2>Zm@q~VVB04_i zM@5Z>u-JJzhs^>u-!Wz>G+Egfy)kYV(k)V)0Y$lts{S^}N%#_Tf@lUzpqDaa*2Ici{_n%xQV;^LtjTCi#8jG;` zw(PF!&9meD9GR~5$>-~F!hkH8Eu8XMoGPdO9ByF6yBqVUu}-H+9Cu?MM8^9Qj(2bLwVgg71!eX` zzR59SuB~&vp4WYrpFGsax7}JWtXMn#W3RF=irf>PftYJ(D4Q_4!#!;6F8qs4Dp)+v zo%Q*vY)c>8-m`@vxCFb6*g4$JUE{9sI>VWaYV9NrBsy|-??V>Y)9#_eepC$&>)NB5 zvw#uNgTV;#;-4nwYa0@V%|~@v&+1Qnb*FKlaAUowtoXPGwbI);-GON0^||c^!JB!l z0Y)uqK@$g4J=~P#*q0Eu5WS(*saU&Gf%t|_Xn4xp7LS8qq=-3)jc1}!}1Z42-6uKLh%yy*kX7=|WyPf&*4 zSc|P0bM1SgcE^*evAPJFhHR}94jd@Ub)7M5xRG6UV_diLcv(zF0wW^K%Y?4X%D8+V zf&&SrP>khyi(C^}yot5Zrfi7MBYAPB44APpvw2oCkAAtZDl{{=-)z( z9@A$LK}yEyA9a=b@pj-q&&T{mSuAvY#$H86bUHOq+$gRM<8>LfbFe$r{?hy;eY$wh z1uD91tl&`8ruy}S4|4YIkUhHOnY)rg*NhHJK<&8nTgNk{_gZVnw)9G^P1})8>57-G zfBe5~jsY{{4xXaI51byCK6MxOH_YNzDG^$BjEjDoFN0)j(grvx7s}!+UNlK1E_++5 z5W-I1n#r(9B{oFOy^zKhz9_6y%*06bg*2nescf@g%m*~q(mg4A_}opR(}Px8u(;2| zAJ^c#sFg@B{zoCP(>3QcCf9FZC}SR?_3GHfWcO@TXRd#juCvBgZ{2o^=PtSoS5AZg ztI5Ttm5@&MZaOHQ%L%3H9@J5Ec>*52UjgqqsZaj2|HGg0Cv;)&P}9Vpd5IrNAoX=a zu;u#Zb^6(GM9_xxvDWvp=(9)tru!_}dlTNaqdhOe4*hOM4j$Lc?yq9~Hbn|7PQ!lN zu0?P9V>dX*4|PUOd=RKQ(=QtSxi}n0oM_(dnl#S{oT53bBO^<{d zSpVW%&25O<{WQM2A8Xh>>N)kvW$@W*qpqx@sDBpn+B*mQP@nsB558tVx~QDk=_dAn zW!~m%tX@t+GpcYbebjWH0nsdnV9}}>l57QctcaO4V?;eX0t;iltj0UVz4=i!`RtC^ zc~t)M-aO)D*yGidS0t?b0<~0~Z0q@9$O#*?hysYP*j?-_rap{E%4MJ-}+!e3r`X@r|5|b?rE+B98#kXEb*FHb6>gVG7iMXJG@DW;aHqgek#_{+l$({ z9jNfZy}#i@oh^!HHG6-~@N@CT4D6Go&c!efuQ?XeEHaZdKHI3ZXYbVW<=d>*MDJX# zR8Vc*2oBWBYrB~dY$=XDf0-y0cJ!=@6FdKDFaj^Mv7PP~7T%UX=VO~gK z(0@@laCqjm6g=N#)b}$so~Rf5PzKuSLH2=>c1WMH?!d?=YvGPbYMMKxMiUz&XVJb? z`hdIS#mbu2mgvES(OVuNlcYVLB!5GZ*o|H|uy&aTH`$SY>Q%K6(VLRV6nrAZ~HZ`>OU0js7g8dX`MO z6vo$YAHjuv{PFRFolPI@)v=+yoY8HUaND+`ZTGo3zZ0$1O^vj}WY%H?_ZtTV`))MS zBvMtU1obIhItR_Aaax@_Wvgw|umUY{*_U>|h*z}Ja;?yL%6j1ba` zYjJ;+*Zf{hW-6i-*0vF+24){Es-}KH>1LNxtQ}1k4z)Hbo~_fNG@jLc3h6y{cB~h} za;?ML(u&#?rVhr!4;o5}EyW}KVI^&BEhTdqY)O=T93CCukLk;;Lq;kw;(k^RE0OOc zjFGR4)80acOJWNFFTCd_ zdhE4*iD{2Se%e7wE1s*&$D$Y$hK&^H1~7H9_|M;wZ>Fab`VSR-I~$C1@g_#JceYTY zvqWRfu%})+`U=+q4N1UucWPUUGiNFw#={fsH&4pVN|j;^UEc+un&RZja7Dd$xL^imix{x`<%6{b!|BG1D}E{Hx!ysX38r}Yex zCZfbeRJlC`6qV5{8DNN-i5W|~HnSwnner`i^3uk4mz-ls)L9V}49L%%e`|Jx%ejCb(OPZIqd%Hn+Z9|Aj$BCE3pow249?$C6l)q&n#si3gQ zhF>9qF+*GQUrtBo!VFtjrDkLpzvR9+G~ufTC-r5{r1^DxD&w%NoQ>PZfi7HK+jfZj zv|#&%7rQwJ+Uhf;3zWE_$+M{;%2yk=mp(f;RypN)Hsr4RIhA~mq9F*2qR7U9T#rd4 zp_6_IZ<_eT&yI(PNuE3V5IBoIXKTpSs1rTyKleE8B0946@)&NJ_Y10c{=@{Bf|XI0 zv?wqa9A3QXDgL=PaVFZ$QgP1=0)Y+c5_}IM_)amPP)8w|M|N|KzFJ~OrKn@nYDG-o zi#h7Z2^tIxV--%>uN2ES`XuT0Zb{bEI8B}KT}PL#eHuU$@S@V*Sk=oPYZgXtfebC? zRHGQajVW>{3RUlQbbssUWy-%(2W=qv>NisU04v>BGRl}ZYINktlqtobr?z|@{5Y6w(Ea0POh;~;Ph0C~2NucO{j-9GamNB~xTm1B`(nACeEU*!&VfYn z_ieimjD`kShw|Lm=+NGtukbVz{ljV(o-?MBBG?dcCtl>R7||PJf`jKX~@=|RX}f`sItR!7!jbktgPVjIzRRZR#Ed*&9H(@dKgNHOluD}wo^cpae5J3E!w$J6 zY)|$l55M(gHt8y!#72ED8J5;WdYaC~zb?Cs7j9VFVS4m_bNpoSm*by-VUxo%h(bfh zwwoWsd1c^*@7ycC2fvLq3orAF$c1z&^>5hmZGZjq@gk%$FYJUUt}oYJG4^Fr6v@N8 z4HY8WMJwet@9YIu6F+9GraRVll~U}pz7#n?YvVw#?)DeWa?6C2WPSWur;*g^1)`>H zn-o57V6c zHR_JnX_>vTMvHyTnwe3GPg1jF`=(x}6Y^c_toW#{!GNZpwkSrWyD|sU(5BLi^vS|t zSD4fjb=U>(Yt&Xsl(@1qfq&n(w%6`7kKJZa-TSS*k->cD#*~k)m_GWPC~AgS7_J*$ z`HRC|Mn%=bNt;Tz*gA$WbyV-MA(7Jz)MqOC@p81u6ne}~zVDDx^=7Z~?^h2RZa6FQ zn@Y#a#|UJ2n116h{ZXzt4(u+7HGl_DiR(@)6X9pC=?|^;9aDbz(fmX#Zqe|G9$H-_ zaJN@~f{*f^kwofShB181JF$KlS_o}dA8U=>bEapv!=lzsSVw&5)Az@HIg9KOth#kc zh7(Xi5?}2i1X<+mYQ~c_-qn##$s^DhrFKi-Wp10WX<5`ygr!fPC!`HEL$Fn#K=QKb zX7ZieV`l45s~X4YX2w<~`+c&0yA{v{>V9_hQNw|DC}i%*WOxkyUfaNdcpj)9Ny@m+ ztzQ-nT;MVb8q%G8|d{frf3>}{Yf$}O$Y z*8IV<_)4y#Fk?9nX;nAs4n*QF2zqmA(~ zbtZbNb*155BDdU!i-yxN*Gr^-8cIg@y1L)h=j?mYV&hV)B0Pu>{*ZeT9Y;Qd)r zya0Lhy<*&S2vO91kU6+>XGknYw?`qlu%-F9VoS=e^!=7y?SSEy>2Du;htvZc zXb}h6n7JgkJLK-m8WPyvXkp;DdXl_qCD1H}Wfv&D(gWi0>09{Y(pTY%K9BR7XAo15 z+Js_T`lB@xtJg1+Vc5?N5{zj_!`4ri=zpdVkY-pXIr}!v;y`oH{+uO^gbwq{ieNQw zqI?h9ijQRUs-S)Ai9*iBXB}t8E!nY~B)%Sh2D8*lkVcR?aWwsaQ1qbIh~*XTxypnDI#iB ziMrzuT#?b;+=xW6+xW5qPrOi&6|CLH2~1eL>xe=D&7R5(u>yL*)i<^Yk zhUZI$x}SVonM>C#T--GmbQ|nE$;-=lSUGX-aOo7u=e18SY>Tz-w$9Kzma)If6w&V! z35Awi>;l(W9>;^TdtoLaQW#fX<_`^RrBR}Xq7Z>@7olo})Ba;;9H?|??#zLewOc*( zz{umMR`kzh^o}nq`jA@T;5803Ai93`#Md@ZO`RKt8`*ODZo_|=Idt?n4Ei))dLY>M z^SEE?7q5L6JnllLqMd0>hyC=n>{w$tpPyqgGuIXl^sQ2lZAzG3%C@x0u+s4Re4Hu{ z^l>zP^tD8}Pp)u}wU=%v1+1o-T!Cqe@w6?ahQW0AJl6K>HuJ&s2w!!-SmzQ1n5hj? zYJf9_$nR0|Zx5aAn$N)67`J6Ig{qQWP*bfR27wXRfPW^c=gAtq@!&=p_ZdZ`h`wLP zc>l*r=^B$G>GEGj>UK5?cVnX=?Dx#E_fDe=DGV_A_NX*n0M!UE$P0mUB#_h|W zmw5SD_wWiTsKT;V3#`UZD*KX|^Hfu~y2(Q*Dl{PcKzxyihSD&2W#;_2%NbHHid|VN z`|N1O$gofO(>H;ORCx0Jdr=fM{pPBVE6|3;)0nDGg7Ixx0fB{W*{2WZUJY}e{XA4E z*sbFkrmsv(mnlJ^N@pt%=dQC97Wx=pRfTFy_O^SEW0 zd}$k+gK7P!c!C-GfU@%n16Er7lG0_Ls#cb42sQE4AI#4rTtvjoOo$7rlof7x%PJVo z0fDE1iSuO@$YAgcva)->YIkPZ9oWSXW#Hjs^@C2UgsE^WIZpLkedv) zoEYVsn+rq8>I@leiF&EgfJXXWDAC9BRc0Cx2g*PPeC#&Os`)={q-c&izzS5B+p(;3 z7lo43^}x}Fc(y-kO(XkeSt;i|+Z>Zm5(P=M<%OQ86C2!R24#oogqxD?$t$B}3LHHP z)h%oJd`8a@GYWSjk&{~?!@keB!s^(Cl2EGb#{DJG#B=Zaf7X_elD}rHH}GQAVZAS<0g>I1C~j?FtC4YpGj|Am z<1N7GCJtQVCEAlzY7?y9s+vyrj*b~}Ba)d=b(vNVik>gml{Kdld$IW@Zm#o_xW5P4 zxJ@^~_@9zt9w`5Ad+s7jWNhRPsJ+apG{H6c{ib1fS(z`}TXZc1qK?VoQ`#zy;3-Dmby&CZEA zust3FS*uOHYx`M!dC_z`bfyu0x-G#jw5LVpaIANRP`bEqFl3v8-aW1-(w(Fo#46?z z&(=)2&Jt917b)6m^aIZ~+ArfctSe^@Op9V9Y*l`Iw-3MWBhgm6J6Lxym)AT`{M*aK zW6U|5T>pe;pgt|@H`9+X@EQ~LJkiwF5Fsw6Cn=NnN_x(p3Fg?2(0jpNv0K(kid5d_QmqIXSDHlgfm06fK z3O97nTic;U5`@SrJdJ@tslf^L8uiXMv_J0F_XifL;v0Jfi`q(;fb8!f^J_QVB;GO= zJj#7V3io@zqMr4B?MY43>p(X!jf}kCAN5Zak1%#Tug6074C&~kxHdDlK0z}z$NI5{ z%5e-&X$KRH+I?~#VTIdzeXsF7#YPVJ?T9T($1d%vKAzaSwzLmyl2~``Uw1t5yA?2` zV~qm|zz(%mURXTHou}3A`PT62drLw!d`+i@IPh5(doFc=MRLFstz}NmW#4-KnMgg^ zqHQNw;94lvLgAm*xRpoJYfmoiWTsmPwytyess1=@4K1zr(}$X2h1WFSkji8fop2~T z4@^(?CyjeTEsj^ldoiCacyHWiU1W01Zjgy{QECJ|56Hd@7M^0HI51hqOHWbv3;@eVr<{>_8Q19i4)fWe zn>PHzbp*Jc{AQ>m%IiD6?5`scG08>$qhqd28Qtz?W=(Xfcpw?;pGk2o2SK>p3n-qz zcipU!hmJc)<*)w5CWj??5aDIxvB^PlyT=vZ$!eO6==*%_OKU%jo34?U8SA#07!Ikc zm$PLGF~84;jXeoxEF*x0>|S);q?sU$+C`k3-LT&Ty`g+4f}sD#3k~W{Dhd2{)*lP8 zY&0;y?x^)jDGN<(p7mdy5Q6-9u>I{w`If@^?&gx?9`lD_iAaws!kync^)#brK`DmL z>|XpFyGG19XYpDuD`>c{KWfNFB_Dl8PF(s8Xe5b)G=9Z`HKcs*jxGv`_up$~M;Q4? zN^ea%!lmeI{lB>Jh9z?`TeU-5lm<=ri`e`KT_9d5nYTz-3gqs*+AjRLo>zs1EJ{bu z$1zwx;lqv1{*)=1l4)Ean>iE7VmYP$&NgTlbijB@W$z`#zjdIztgAYj%9=&0>B&of z(W=Oi?3E+)nrAqUYDSY|?0TA+`VDrXT99(69kAk~i}E`EnfV7<-oI7t=+4fGH^BWG zOfb`S`hE%f2=9#dJfg__A^7v;rOJXxHC5jHrAVVRk!pk=n}lRLmm*i~%_8ResYl4L z-%njU8JO#f%PHf)*e;ft+tpz%iMF?^1>fY8HAX)umzJgVxZNZS{~*g?ryVvM73#mh4w zNIpIirr-@5xMybuFZxEiJ;}wt3Q{WE*qNnYv6>wiv=F2y&~u8a9c%1Dz9BwBz3kV_4+I$1!0lyE&D6=v-jABnHI98pi;W+Nqb%kQossZH z`iVNExt5B}SvOW&oByPwu$Lyn>shi{TDpHTH0K#jYV4v!+`5}|;^`< zsH1B!K`vZbdQ{(CcZ@j7QzekIqu(*M74C6?bU@Q`puto+k9?FRIX+o=9|xMG3q76)l0uPfL&m~Vk$nv z8$HLR&ihY{WXEfOr>U!XLFCwOA4=*t*eD-v;vXl?|L5=jzY_RQ;(sb=KIORz*LOv| z`)@V!Kac;(FZ>vQJ^gF^&nx~Hz-<4Y_@DnRng3Ta|AYTTjVJi;_)h@#34lKV%qM^X z1+bu4SXcns6F`9iuulLE3P3;sEGU2i_3!vkS7rQH_)m4gU$lh4bnm{I#0K0V%p9=G zmh%@;!|#}1e8c{XLU9CaPQ^|T5R?=nO=~y|DyHk5D-4l5Los9<2@#QMk&?V4A=ZL= z<3U+X@b3@=;{`mm)VW58pGZnWsbwoj;D<+we?5^bnf1EXb+!t;N_N8ccx0i^>4-c< zQseA`pXJ~^i}_5~cK?PYaV~X2O}42}$5a6Q@v*cY^Gd`;(&UrcP7Vj;|pm`f~F&jKTTmtr|b=je-N6^I!3 zNKEzNy6V?!Cglm{wF`HNl4dfWoWz7JhbwV4=p$dizqYecH})iiginXMO$$wb54-iY z$WbJ}BOzcbmVn@#K}{VDmTSS6C!?xoOOnSE{^k0Du04?f&*Rok#;+KVGd_#ukqZ~i zD~*>RExcQ=Wl0|q5ug9Sr<>1yLq>(B?qjOssJ6z$9a$veMzGj_;SR~>a% z?6s)A{|gWy8}v77Z74&6+9vhQ2&X@NDk1eLZ!)J^EwA8V%(L%u{+uj*ig?e3gyixS z!^27HPqfMK{b|TZ+o+9W^YH8O>11t+J-?9^pz(YOR$BZIh)ug^AS`m;4{Z~uiE#Mu z(^*Y#aaju~l9*&uGdfeJu*(r~e?=%2Vmi?hC4MVw3cQkAyeq z0#m(hd+^&IA)2*6O1-t(BjKVE3z`YZ#se#HTaxO``7oHu-V@4YFi0TGdDtFIC%Ss{ z6|W^RCDx*b2pm9H`V8(*VCm(l74gd5T#W~A^*C3U%w|7WjWYwKXc7KGRE}Lvm84zD z`NPT6?CUI5iiQd-5&?KG&4FOt`xd(G1i2dg>YD2TU;AkS>IvKL5wZOS(P*^XmCXG(8X2qVR#fFt1LSdoIFw*Wq2NXznu1osQsR+W}BX?uHXo*mzuOD z|CpfM?^Hg#bRw>idVS3m`j9@_kl^8GCJ+P3AFYD8Uk-BCc0!izx6$c?i=0KKk048! zk7`EU-_p36i&wa1wI7_H)T^=(TB7fCh#v!!^l3^Dla_pRcj zPe{lp`PBlr%p**#7ePdJgwAd{#G6k3f;jOmf>!=W2l9_px8&lUrM&KXgu^Sfo3;0s zw0zg~?2Wt|d@}Ic@)tRfP#`^2=vwKl9caU#-4DsHQcy6@3d9zbJF1VuUtcM_mC}K4 zc^YnDN|5xsxq$SRtS)iSYr^ZFV6p3;67Eil1uCh5No^W>*dBbp|H5=W28y>rN(V|- z{}OVIlMVDrutP=1cf&*Wdp@s+7r`DO8>3{za*L;Gk0m|L^+FXE7AtmYCC2^KfrtWI z^r+y3ab&_!Pk~6?_g-i3{j~WTg<{>Oc&y`b>Fb06mb~V{=26u?+Eh#8X1}`|UboW` zkj<0OeI{oFck8Ew1!)~o^}E?nu+bQNo3I(^l1riqE&4|I7%7(_Kbeht|5MzA)Gjyt zgdtFm*hw$@qZI*%@BCw>7XuA~{yDcm3#AfWU9v0Y%y%D81d&=fa?RDo-oo zWirm2!aoRR1HffpMm`Xazr}A^Q7{)ciFnZ+rcIfxB;#lh!6maHRkaUOa} zi3=L9mPYLX(J-CA%SXz07c4>%f5t1a6$=(}RPIkL29#N5SJQq9cQ|oP;WKs@G%hl= zqUGs;;SDceq*KY=ohYI3`2AjylIyXKF^ihc&jgcqlAQJl6ev6-zNUd3XIr~1pPkNv`=W!0F73}%V)=vFq@bVqu z6xU(9_Gl-?k7S`FH*MD$T4M$&(D_R@cRKwAdLG3KJxh3d=kysQfwrW}q4(A3W}v>N zXqinctD%%$My4x$<@G1!pDKbXUG^G<^>11}gpJGZH~uEgp)K`{*b>BD+b(QWG`p)7 zBO&Az{DO*OX_1CaAn_FiGu;#- z38!rs?IKi z>LIDU$kTI^4nHzaS=mN?=a4(|k2mq^+~7IC$%HJ0;yPamMO|-`+DdH?-}upIh0;4J zSPwq+O)qsS8T7U`nz{{2`{7<#6)@*rP9u^|6j8~Y{-HOqPmA7Sp^GhbJ zCqw@ODg=2b(tdy@g7NySaHN7^q4^3Krbx(BV^ot~m-0<^xxRAw1xF`IDEXXt70Q=| z>hpK0^XBqzjKuselPAJ1g z?w(-^>_Um9$)X^aF>>z%uGQj}-OHH|gu{+E>jt8%2vw=&jK0DxhVPT`4_5LFUcQ9~ zL{|NupZ`Y*{3r828&?ZwfdBB{o&5p)=l`7lD=PFDU_$>3|KYFspP=yn%>Vu$HTr*- z?H}_$b&xs;IOq%nFN8oKxV5#i^z?+_;I+O!3<`zAV2;sfR7AvaOAFG_5EUGZj)<5| zNKg|HfUBuRXlp|R1QNu>;hdaQpsN_^xL{;oFcO`fu$vxH7L3H9@*^OIxLHhunm9yW ze60_ifP~}vTGmkcYrznR0Lv`81qYW$AtAW3hy+7Vyo-u}09hew0*3OO=@3qI zIuwTvo-Koy1#7Eug38i^k7rwgp=!Z!Lv%ho0WQCbDeFT;lqEo0614M?;&3(6^kBoX zVDShDU4Dci4ilV!RD&CG8p=~)`dZ2o3mTSKFu7&LMg zlfJgrm!BUoJKK_;9xN|UwYH1K%(kHW$`aC%K#N=YB4&5d5UAnWF{TWaPsc(9g+r0S z$dKYbp=PKJqN7SE%U6R#<)M&-J~SjfK|3Mh7>8Rs zKHkOQFl%f1EiGkeG$c3}Sysj(ARumNNCjv?T$~C5p+X`-P&kX4HXRg6stp0La3a(5 z;pkcMgfh(TaT&S~S=Itc$VbnvAzLsYPH_-4K@A=pj5!9!U)J0i97pCK#r-$S1ULBJ(*TTKZ z^2<;Vcrc5Ad;(B4GMGi&5F`-Xg2trhqmaP~!4c_wm^D;OA1M_}LORM2n!mQT3s_uB z3pzMBLQPFuULG(p@ra0gIyxW_J`n4lDj@>hhwe)VPUy=A^npS`;Q}n2$EZF)5Qg$< z5H;=N{1)8o8eH43FCrbCp1%tuhQeo&5y$90pe9ssL;?f~7nfg4&(DX#(+weNq*N_% zq&A2Yc~w4$nogzorSA4kda&t40l7=*Z@e6s}ul(#Ln8n3Jf4c>@1vZflp!1Zm_>9^ssPr zT; zUu(PS<^Qps|C?&a|I&%z|3N2e))vk@&tM2ZGzxasaA#`^1o+`=m@5=)iGTov7*2rn z0=EZxdBtP7(he`V5Rae`_&?5v`$tB%zjK0Z0NwuuS@}ErKZIcMPsRPK(g1+WYd}YE zfMCP@7xf12W?^g1Oa716KmOla{~xvB%F0B*a)7P40~8$q?IOevw7?qB-IZOy|1M4F zzg(L5RlIErE3dy=1V{sH1+xV^!eCcCn5#nmS1I8Bt@!>a1t4a>70lzGvJ>FH65ey5 zF#y))Uobs?oA(vg27vcigW=YI&=785ORxW}3ZRC+`ymYUS3m%K6{Y{Gv;W@XuDCmZ z41vM`#1HW9uPy*M9V@VfD+~d==vg4VVa~kd0)kgUlL!0@!1}-euz?OhIY+yz`$S+2O4+v+10<+ zuk9h$fNcS~x`O}w!yGOCWpJ=UK%jsGM6V>E4Fg;iPzm4;Ku_$foh`h8dYvp>q1J#& zz65exBK}e-kkSh<1#KWk@s(=>W5a7l3$H5;xZ?iZu=KYb@jR$c&-Y+64c+N!T-|8-!kAO7ZeAwI0CA)1_R#f3f2H%M;6Wy3oi-q zU+Vr>Re_x?+yFH>UI`PB{=aya*nilpzh!nslY#^3?XAHNAr?@;IDt`sQvyI@I9|#2 zuMrR+V%R!clMCQ@1o^@L?7=etcw&J7MvjLt4`)DL|0FH_o8tbZwEv(i&VSqWE6=;~ z3!q1TT@e7E1S{ABBP{~xtMxynEB+7f2S5MkF!Gm}6#h09JA^afW&eO=LH>eg04AaA zdX?YR8qhN!GAsB$1gHo5hhzL>=n>#2SGBTs0}x!|^~lolhuhcC>03e|%;yFjfA2qf%8-99FFiX3w|E`4c%gsfL*vMX7`}0*To=>h-|Fp_l zJ)YYj{Z?!c;WdAy2qxh;gS;MAe6?o_gvKNk3?f|%2a(lEx0pfYc70tfX|V_pD9@=_ z_j;lbLd=*SXJ6IT1+vOjB6q9dP~YO#`||XZMX5cShSc%`1P+mA{WTu8M|{`RvqPB? zzJ8Mg-js?@F7#ClpB&U+p-l5ui1s%HJ_)#;MS`^FaWo0OepjC^hb1k=JJ#uTEiz89 z9N|sfdH+6Q{&XAlc9p?3&X5YW(zlz@nU zhyf7+Q3E1^B8JeB5;`bqXbOlJ5D^76bWqTMh^VLm5fM>iFR#8iy!UtR-S^ztXV2_? z=l*f#p5&j*WF`5|tju>k>nWed4<^$E@C$Uis4p?V6d))tD7I!RYsf-qtbnR*fy7PU zD54BYRx^mC94;Rp34?H*?xBI-B30I~9fXn;_=)5I9?3U_$nBia%-8K5*Yxzt`TKRQ z!E8{5qQ=7&nXMXAAjc8@E;QxY8NgYP0m{o!ivbn>6_(vva(`}Z(VAP)#t$NK2FvyX zKq&$d&KsITi%542F3*~NGN|;mB4^@dL^Oa1Z?1c)v4o=$07?K8xG?knhZ8sp(C%FY zl7;;zz8b|ta1$20^L42;o$uREs;nCC1gr)KS)917g}Uw4W(2zrT~|Q+&%Dp~pvp^$ z1CUuMCf-)0$#(w!YqBRYGg(Y)XfZCeFJcU~8`I9PP#@d;&RxtYChh~6V;g3xU8}qb zg%$ug2B7BbI{0O%%r|{FWmKV8IK4%?ZN5HF`E^@{j}5Zt$~`;8%oShz*C?j%d2!=Q zC!%%FLN=C!<03{IoE`IZ-ju7k2+J0o?@8|k1leFJd3#X!oj;-+mFIDviYtl(BqftB zr*0+Kz7>Ar2ee31{v8(g!D&8(YLd8bInwy5ax>8BYR;9|Q$}rv)22 z(cq+G?SM+75)~w)FA}zXxfyV-+csf5 zBw30JtnnA^S`&cKsaB<5EEZCVl5IU7z9Wo+Y)=*dM}G5x*e^5^2%zG^a}c{o<;E&% zhAVb2=XyI-NIAQHZl4nW))fcz(BMxL{)nIVjIgvS7&V|5C) z6py1Q8s1=nk9#4~j1o9X-Js0Wk*=L~oN@^oI92|w4F);F8&r9Zl5U?{NIx>C0R`Mg zyP^iEM(3E>5MNdpp9Jv-Fw{7_p+^?7MyP&I*7p2Ke_kj8gXdLk%lmtspcQ~IT>Xv#Gr zQ_NOM#!Cs^>T^FD3sP1xlz#|L2G2XnT&ac|SoLF_Ewq4D-BH{54&YF=lQQuKQiYI( z!`cC`bRJA4_aiZ=Sp!1&!IxSjoivhifU!7O8~KGSgM$8e&R^q-wcqslez9{hm;76M6-q_OCVD_Uq-|8sUR-3wj zwPsD?8-UVY!QhK1~KZ20#=aB^i^Tj#BZf(3fCyWhUAR$dH21tjv8P<7M zPshe#Y)!`fHO=6FQZ*NC&v2CEfoPo;H=LmmB5|I^{`Eyh1Si@qV9EQroQabnp z=!cs!3HzFxjGLvDuSYV^_kxG5Q!fGFgcELyZV8e^K@d}f&U%icHo}DgD1#5KjIiuP z4yvYK{Aex;{t$Z#SHEXK`qqsN-cb-`l?b=VQe3*{V?XKKHv;`2JF=Z{p$K2y5BJY? zM7{r#;ZaIa{mKA9XDT3}%YZ4O9+iQSP<=ahsS+{6xx8&5f8K7j6llI<xcLRw;V(#=g4A&@H9fnu*sSfgcjnt|ma#DTF01 zViv%waX@(r0?CBJhfseq4Qxw+uZ}+F`KSj>`guO?GL`fjvZauNJL!nsiKMOTE3sUt zmJsOe02?EuZPfvcfJhLfC(8nLOYjeXu`(5^Nhhd?oWHOwe$E&@X1NRa29bfv${EPH zaLl}bAQmsc&A1RFN}fI+)Mw_&azRB4^FkKVj{~Z6T$gA#79Ib<9|xhr@FGGOk}}63 zjB}CW-*H`Z)EEml2LSZ|zL#&Z@)2`Rgm0x5@B!Q%5`Kh=r+-)7EFx^af)BcaC|w{t z0)YD*0L#)!oQ%SPH+enEX-*Zx*34GaA8K*6x*4|A|AL^gt(JID|s21 z?x)G(BU4GpYrL>-A@(*4+atmrW1-49_@_)%6@Y!=O7tOR3#lXL?aXl zkSQXlI)fO`K_v3fF96~OCPF69I*E-4;07j8Y|_B3ugLPK_PuyrKdEe^Jai7Mxz zqdd@k9Q+#^@Qws5)6kh5v$Lij}@PLtrE2=7OMZ_C!og#y_u zc(UnwIsvi&p=1fvCOaN`g(Y{1yFF$Qdm6yb(+<355>A&8!y(|fz~m7fd`bgJ0vJq$ zdQL?>X!(0~WzGY~!k*k-C;At_`uLpEXkGMj*mrPpNjhqO1@+~#0fMA$wNzK_1X zDtwVXNg#aT0*~l!Vlf|E{0fR^fOp|okOv0x;JbzRvm~M>1Mwc=ohn5L;@ItH zLfB-RjE>sOl0Ew0n&+% z&!eI@*_;*&@y#q0od#9ORopDn9A?7z@KO7P@FO(D9S^yC=5n!2xi$f|jfJh_W5g^% zmswC1c{h?SA5bSB1|aMyuy79Cld~Bbg$Sg;4w2w~+>(uNV16vEB4^2A8f-iR8Jk5z zMQSr?N=$*|As&(|!qzdcXGoYDCi*#3{)33HA^_epcU3G9D*Fj<_z)ruwS%tU1;7Ht zT!jp6WJVyviv#-d;F~KIjV@q!&=DLON}Yr97U7gfLPkC!>;#Bb2DX-oIVnJMgqSQk z@pwM?^J~O{Bq+ro8t_059_Yj&_=;e`41_Nq2G@rFENk=ZhVSA+w;{bZ^AQI0^=k`a z1H&|)Q>!N2Gmk;a4=Mq4OtXl11CaEE038(kOD2J>zi}}MIHd!#;X^3^7{xFQ6c{8? z5Pm|LK+a|w9p+1g2e?W8)o=O*L@rT)EzGcxB&BhO7;G2f92dg@B&i*`J?YAKMEH4N z6AX}EwE) zNweeK;}B8gmkwLS4CSd)h!_%*$wwX$AU3xklR27G4u;nvl_N(S>PgraGz?TkG^W6? zf~(=Q^*%-PIT5CT8-BTju~m?x!98?68=!Jb7uiOex!cIjG0NG<$r5@I$N3@I@EQzw z66D}J;~}OZlSzmuDvBe*r36y^c`*1AsKEt(#6#9tPAI{S>oQWub9H{FBjKGC>qy|c zlWqaW`NY%2Yh4!9euvwpfV!9ikz*cuF{^fc){&nbjbyrnaRDS1GKuX??JNK|wD?Zb zBRrU+2<+*ID;C|(mp2SrcZsloA3|WmcSn_az$8;z%ik$5T{_o_AeE|4pxn};LpIXY zv7-(;B&m0^s!k{28Pi9*==gSqneV{C^(rSnO?CAFHGG`9u-h?EEe**5_4x2@4A6uD z?xe##SfC&M@;5pG%|$HIAeulQUBHVaK@vq!YaaCbGA3(9w;iaRe`=~S%@NRTBOQB6cx;((wv+IWNLrHW zk|yGgJg(~j{cV7VMc5us;DiE$Gw#P1LH@;YH4?uo;mCoNs~hr`P==DqvmEDZ9dWg0YI7jo`Xf|^0)@8$uE|gY&|Az? zEn%t!M`*<|2%oVOG#7X|m};E}Xwp=B=Z;=aR112bI|blnA@~I`6K}O2UrfW!((V8( z(40^Fi))HV)OjOv4oc98>jOSAhznx?k^+!PUW)!im1^40BM$n>*6n=UumJandZ(B~ zSl~Ul!POOaKpcRqBq`r_Gy=*1uww$hSnCC&H|@BH`)a@<;5p#xyTtUJ5F8cI2QFPW zVR+M_KVoJ#0w`r&xSBANH;IDqK^z7A$RXl5L^5d|CjuW?$Rk`udKK`SPDGQ|cUj<< zhyW)M%;M>tU%az(9nvq}42sbCP6Gih@u!G@=+YN)h#PYBz5$+wafE9QCM7fijOPR& zI{thSoD`{km+_g=;kR$`3H(H4002fz0>4p%pmbtY;d<*ZkeH%;JX2W$0G*BlD^wt! z4?Uxl`FA5?ZSh3?o-KnCJ&6uJ7U_5~1*uLa+GGNc_$iG81Uouj%uk#vDT}3pA4M}r zEO9d>=GKIN97#uwixmLbInzgHkcNNnSJp8^NHd^TEGR~x`}l$T6BH0D0>}))N6Mr$ z)kuehTc8nch+fuxf~v5<4J4!{9?;<_?i_tF^LnX3h#4XgLSCcJbDT}_hZF94%nAt7 z0I19XhfQ@ntLzs$hsXB=#M zjmc)|C|RgI6lRID52iBl7(P*v2auV>??Qr-C>>1$E={J(Gl6|VpDm2%3y%EFG@y0> zf@?bIJz(;F0N2aF;2z>`&~b*ZQGO8C01JCpfPc?`8POpc0u+n|;Q2%x>&6%Zl|)I2 zH@Jr96Ban&H{h@WjJ8>XddnxkXeXz*lj83&b82_rEuy}1K_wncg9@n_Y6gBV@^opC zb^}R(hYb?~&yh!?+f9#g^}V2=`2+o#-@sQofkG#g(6A#6{95OUs@CdZ625?m7t#oG z)Dr1Ya5n(A*2q(!L(QlTk*Sd(&}1&9SOK!yYPA^;995`F=|DhJ2402W!e zg7sOeTx0_Pv{lgy0Q5Wq(@MhLAz}NtxIsR?Q%Uk63ozrtcT*wjmEOUUYus4^mP1s# zS}0b7;OW##Lnn}RGVP#F;rd1L{~xxJ|Ed3D-LtVPVx3*yWom5^WM=vQ#s=~q`#-1~ zsOJAq|NjOv>IQ&9{fAKg|N3!wUHVC&P=Iw7{6GAu@W^!q=|4Q;f5|uh<^Skeuc}@K zfW0w zpm8Xj2m{9HfR?}So_3M6Iuhj}ld?_rO0nap1y zITy>Lp~mct9rEIdny8wn>Do=|_OV3csOd*bO^F&h>oc0D_JijW65`|ec?M5Gh` zJ4?=7vx#Q$Y9?yPW(Oz4|2%WT)iz~}0#W8QHGp}Id4iw9`m2U?w@+Wb|FilU^XV${ z-}ALK6Xuz*nW3d!)udJJ!l|4fK zI6OerMb+?xg@d9ZbYnF>LsFd#MKRPFFC>>XlGWe5dcEll`vdCWM#e$)U&}v#Z92%{ zzvA>1+bY`aCcwGSKM`AK*I22_`m`<{%I??1D%jL3>Hn3o< z_tA-2hmcLpG*B$(%_2Wbj2R{k9wr%Hk4)U`41gghXPsBcug+Adz?X;DJ6*Nu6xHLQ zR{m^Npp?m$&?u)mLKFdAE=;q$V@M(;mIsCI;ZO!7Ho;`-GVwURn?wK~fcOFBLnk4C zXbFK-itcwHYCNH_Vs&c*wptj-h_aC3OAGyaAcM&=gC)~J4kdu%BDWcXhR8bc1^p#b z&7#55cXl3U$_Y3sP!`~_Hw&X~Vd|d9{OOp3y)&e>r7Cp4N;$1or+^MUA<@OX zfJ=?#vta3Fd{%@GmFdX9QS+UZ0lI0Xl%pZX-?L4c%L3)(IEn~erS+-tuv{`r47t$l z43BMM2^~}@lH6f=B$qiPe*m`k39}OrxxgKh0f?#p(iqN0J9E8lAt;}l(L)HR^M!4q z$%3Jq8on-F3;$b`fjY>1%R-y-_MCsP{AHVCME+F@`owz#>L5eHf&{(&y;Shw=BL0w zHCb&VL539QrtoG<6NBL-XHVkyD;;9e%@IDeT_1T=fqEn%9LAa;Yn_{Nf*U|t@!q$_ zR??B@vqUb#5%j(6fEb^fkCGC+cfv!Z=%hz8sZAB<%UT9s86{r&u;*y#t4fMPczPk( z10Vjuqx*5RLATXy1+|ZkO}nB|PI@NK8mZE7CItcZo*j#M!ST6$R~*+q(_;gI6H{3- zvP!~DNSpZtW}NQTQY>H*D7Habe_6MJ0XWJ!7UM${L@bmS1yV>imYos8Qv4^N+1vX% zVz_a8%eFtMd}KvWPDgB~1F}7`)Zp?6koLTEUv%bs%;z zGD;>LHteMJOU(o9X(=xBXtir>$_h8q;A!-lG$`4Upx-5r8jcKw6)Q#C3UDo+r(3q3$^u zKJRF0(wg@pX(}DE#6PICG5~&?&CqaO!@2Q+XVk0#rFbE3CzZy`zA|9)g@%*o?;<#* z+)1mHAT)<+VS_l3;l58?-ctQ6>B~7sEn3x{RMrWMWQN0;y99;Y0*SdEGD(IHSP5x> z3{Mg&$B6Q8romBkaA(hwwsqr_>?U>Wx;Y7EwK^bAWu^lb?{SXKAmXSn9Zq{GE6t|~ zzi7js;s*EF(;ic!opEWuKDRcAL$w(GJe$nUPW*oNX2ZPis%R^q9?czEkAL*RY8l9k z(&mVH%p-5u0ui9_m5LS+8xj{F_HPE30yY*<4S}4*c^3m24s=s@7bB!Ewnh%(`&KE#M%h?tyWiBwS<(NJS;hO$YhNTw>IymT>^}#|K2|-_El*a|((1bqr zaKUtclV-md?@r5R%OnnTZ}SRzDL_bM9yV2R*E#?P^Gw2+I}fy`--xB>k=+?#wksni z-(A)1xzRx^Yjjbz`nrLyJh&AUs>xc!DBf*ZfhumL9b_FvB&s-E5ZSX7GiePYDoI(U z`Dow^6}CZ+1uWXpShuMf#mD=vVr7~l0$ETAXF22!xmVZUGw4{w8Lp%cC~sDfeJTIp zrb31z){v>HEfzHy6(84zHfbSNj)8@)3=0`r_wGQZH9lF zR0B>!D%>Ibtep&uLLYYkf)ZwP@2$>m<;>69$taP6jBi`V#-3j~oe|Ot>NNdyWNs9* zmZ765{rk0F$;c?}wY(b+PZT;}f;bBSPiCLWJWs+L;ATJ7FCQwDgR*}&M8nPN5X=x< zgY0MEj;4@}(RRQo@DNxFK13pgD3QZ~+$W+6DD0yq^)`zmz8-B|{VeXC+q#c00CKy1xP5X;LMT!-z9f;oy{fhFN z*B)+?#wb+}fRW3HL-jPw!$URw`P4&*i;q7GZvDh`b3Vu3U06;NWZeH8m$P-{0W2zu}0n0T-dUZp)B4c4>R~{0JDy1*2(@j_-R{0wLeKBO)8+f_Ts)opK7K z)E*sh2${5xX(FA4t`QuZe01>7w^T(E%tC~md4xpB0!8LxgK@z3#Uott5>-0_T3?F9 zuItKtjoW0zRf@~aDX5$<%m%efmx8!Ti#k1;qDni2A7N~`fQY3Zt8?_jQI-(EsW zzz-+XL$m90ZasqNGr+x)P)`=TUo-cYt2oyn8r%nLubN8Db649Ww2RvS70n^*WPCWE zcW3Qg@0(AkEt60KOp(l;zE&G94^TBF_xP^Ec0mw^g736eZ2uavU;8MNwnJ*%^L{dE zA6?Flhj?$cPAURP4Dhx3!M%g&Pfh>N=>g9VI-U)#wE`+D@k@u+3 zwz{%i+Q}OeG)%7mdfUK?NABS=PK}is{Dpl}l#_$%iq&R@>A?Ta)%-7cOaGr*^#7Fq zv9PjEwxaHGbMV`>J31ld(7Mg=zsdpq$NZ0(1=ZZ_f6V`wQO&IWH~;gWI*lkTk&9?z>LQOiWC)Uuv(;I=KFwxjDJ!Q8lc?F*~!`PIpasyE@!x%@HlKE>xu6 z?CVYE-dtFGX>PvGZPcs}g;@XWf4mGeG1kW=V5^e@-Nnq93I*4XUZ*_ZhM@Gn%%lG- z1AvPuT1AmDXQNx& zci$boE#xJ88K1tt(sgw5K<^7tPpZ%5ryqXwrQQGVmzb6Qe^DqW3kr*hIVGiK2L)w0th1R(`XKbV(o%-nuCiUXy$~`g+%! zv@@$;@u3~@Vu|jUZvfZ}pL*`mc-UlH&(7;gozQi!fMZsGx}9*t0AO_hfe<&VFPm`K zFf?Jzi!0O^bDBh0XO3M7xr$y*LO;u*HK5MEml?Z~awzXc(uY=$AeQH=mJmJ*o(iDY z6PFo8T6F${$4+Ob8qypOnOPMTYu5-chueoz~tUf&+B$i>b5A7n|%e)|f{ra=5DpYD^u^4zjp^zM*9~(3P zP3|}WeyM-qVX*`3r*x#Vabq!E?@~lvxuSY*!_n1niy8W0`ZOkk;-Z5;btgP=%URc% z`k-xc2WB3hitaYwd0r~$x@+dHpP#jZ5@%ant@=F#Z>+njZT65GBOA> zzPFH6Iq6=!i5KLvFmE!Kn=m-4R5QD{{sZi(S`-peP|K|GCmdD?B} zgg2iGuN~{B3Zd8IX0#x^j&EC(ZR}&UjV~iU;viQUtx>1O)UlI^9}Go-D%|XRBZV$! z9(iYnP1(ZwC2I<$>lMdW$|0)frIGYg!qwzMtbn1-BF^x&mTH8zoc&Q+k5j7p?c=HQBJLd_D)yWvclmO)FG`6 zowjN5*NaANceK6HiqrEKpd<(Y_qwwja z+qL(+UfzuMiJfzI0iWGx&Rb3%j=q=`gNn8cS89>HJMISE43snH*6i>3Il=n;WjKbo)iGd!2BG;+S)37{1_s36wKPW<%|%|^bPuy-U&)K%@=tAVlxggoMD?#`Bi_VXy6&*ajD5V~uJ(vyqrc!= zl4rP%hOO1@(7Ap)?_^>6k6<%Aa?<4%Bbh&%-4;K>!;9i;^lplPJ9}DKah~S`ng@#a z3fo}Mc1S%Zjh3)qxk1iPotGbwQR_7FuXb!Edz7+!EW>&0N&g1pw4{^Yoy!g!P%0$x zBb74Ntxey{URzxkst9noX9inV3d%cK2bRTp(&w6W*L#gY{Z)Tjy!GSP?Xq5GaVt@O zpWgk3n^f{NrgdvT+_OaIaZ+h$4&(F`e07y{DaK=8eN-+@xyejU)rS=uRgO42mt)#$ zge~aF#W-)`*jgvQ#V?)ojP7>5=%a8D{L9=Uo{?{!gw{P%^b$_xcoM3^jn16wAV{aj zRvnD;X5?ku-@eE1B(>6Vzp|gC@lwd7&GKF&-sM`FxiPeNUBi@ zGRXz$G|X{F%|ADM><(0LTXVM={c?DafH;YocQ3!v^L2G!Q>Vr5Hx|3M*0qIhIEH$< z{H^DU`Z;mZ7V34wZn;xbU`?j-?y}L zDEYx%n8d{LF-=slkE^InqFNKBE;lf27E1%=;D!4;4zjjPKRn%>;eB0WS5-&?BVM>2 z)~n=@{&-7Xp}ax9Y&YC-y6KWJS*J$9#x*UA_X22egej*@ZHyXzku+Xxcx>U(#r_*-QC%MX^5s(0HVY?R4XVo7{|DW9dTq>yI^)8B>TBW``j zsr$Tmvu{Oyw5K|^e=i@fgWlPE%bDY+1k)#`k3YwBmR$2%l-*q89hh+F^xcA}>Ey=~ zd%lT^uJ_I;bix|k@89d<%BKG*}3l*%9XG5(yYrX&njhTc*s^1A&#I%3PYCxbta zXR}YQt!{UM44-9NoN2L$QY(;qRNXy2tV`=L!=~Svw&LaV7rdCo{ks3NqAq94T3nE- z!;?crU%K+vNST~oRWBKbYoFWRM(H^FSEkX{XUM!i8UN~ux)9U*^iQ0Jtiu!2_smvh zpUCvl<%s<^K2y(`zKUF~pPP8zhAc)zH~u|xH~ zpXO|bzt{^NQwa#P3BHx{DpBv~Qw_r7)a{&}|v1^ye9+5;efkN-rm;bI1*C{lFhUr;Jq z@4rJS%{4K9_MJu@rHBCO&jsk3rErkOq$;6YAAWQwC z8tz-)Sh2mhJIcq$Ez50xZr*;vI+QB#jCYd4;#>(>w_Q>0D2edsa9k7-NA!ky2enA; zg%P*bNNw95DwU9Y{YLL$)qSbQV^9VCY_IIB{5+3|!X1+yJ(jATm4tna(>0eFEw~qq z<9-((28C2iT#}Ny=N&TL_wmzb?Y+B)YeV>NN5`J!+$nWtYx6LD@~RXYZWm3NM`ahe z$0S7IS-M%7;p1QGcC>Dt0Qwr-I+v7pU1E!+&CNX76!SlX^q*DwLK@qXaA!qsysRe3 ztfM;J(RD(>(A_uz^IfluZ3j#{5$PmR5qLGn`~7H2LeHSQ~PL8}94&VIlr_D>QJ7a){RFr}3d0S%=c1A9*#_*F_I$!HCx6+j*lgr6= zDCzx)wH<@~U^M!dU$i$1AfbvTk5?^N+-AiOcPVJkJ+~Y;4(Z+rySn9qZffs9sT~=% z(`>gk?MS$g!I=1zwexgJl?Qgrw{hS(Qmh|3bYa`DK=1G_qJwH`V=-j)+}T zP4NV!{k0AyL5Gdv_f)bz(KV`amC+O1?bX@Oi{*~`6-EaIIlQ6_7+wq29hlRKbV;Rq zG^K8D{u#n;T%<+^ZfLi{71?EL%@*gPW>(6f?GIrJx7VzdrH{?M$x?U$a@ReNsaNO) zO^BoVUN_qj)m!czJ$hD+7igs>*X-<-;du9ro@fEs*6cRpFjJ+ zxZndR&^^9ZJCjuFohO&0o-I|b*;3)=+GdlV6wrz7V1H0(*d0MS51y?ya|qPtRC?!) zgj`hW_LP+S>2M0>{Nvqo6!F_Rnd-+JA({t&sm?#94A z#iqi#J7e-^&g_&l+o8n*0>4u_T*T)?;_sPQE`Qy9%korV_SIznwa2-<8FPi*^9hO? zswQ>oGlFM!O2CkbX*3AAKwu+YseSqG{d3ze&9kn)QCj~(FVvF3Uf@E`I8oR@!%5-K*Ia1%*Y>@q6I|Sxm$6uy{!DX- zSBzSh>7-Y}utl_yD_XsC-X(R4bG0tp`%YQTXLstr%3&X{Nr6(wgrQPN1N+8Lg?W0B^wsXJjXFyc#N>tG z;>gnc$LU)(;nHQwTd9&_1fJe?t^ zME$-UjkC??JG9MA3rUtG@DuvvypJ|+@eR5`XPcQ>^z!UTwF2bd1nzA>^x@FopEX;a zH(fdL(=Y6i^^9J4@@4sHidwMn{?qJ_tUy|w0qdu$>|FKrO|`<%Lly%X6+&4N%v|N( z7S?A1aMM<6*{nL;fa=M0Xs>jkyJ4M>a`AW=Q$vf4htVZV5 z#WNp;wXY%7UUXM+{FceMowMC$CY#p`({*3fOOO|4qP(BHQlp=rYU1_0i`p|$3v!Gm&Lx6PMXJQ|BjxZAUD?TzoDMHB?zv4>SJ|eW-RvEilUNTmcttL zQd?bl&?-m2NS~eF!aSoLU{t1D4P+%a-pGEnQWad~@XpC&W$?0vqo2QpD^OFY6aqxxip2J{lRn61qzml%;@$Jln3+ay>;xZ{Z_WqEZWO!am(wxvefThLHM%Kq{t>OyiL;cEFG9 zBexV?nJcq?Lf=;#km6_SzS6!34BdBFeXjkDo#6|NZI7+tH{zV@(0FTb^A+phQ91Y)A~15`W5MMA|;%+15?NOIXSJgoHNGvFy|AEq;?ST0GhVJ;n=oHCcGv5fTBhPjsmsT0q;rDwy9RF|h5OW>VEdLv( z`FH3cG5;9)XS*21FZ2qe!Y9EX{`?&R@BBsWy~^yp2Tnfwu>4RWs7tiW;ARlkEZH5#GdAyrUk8fNWDs`VwP8_jWH(8AveGa z#$ybO**OUc!n%FfeQy*kJOV8<)YbWpR0i3|DRgF~gzm9c#WpX~6?Mw_ls9ah{TA*d z&{x_JyAjDB(8}9uV9XEvd$mj|$}q5l+Pb>kedH=I_4^HG=5o0gXVcM+9Ypfd8>iYDx?T6^UmC)`<) ziIlk)JNJnnJXj79UNoe9oEgaW9PP3!+}|Ca%{*%;^*#RvY?Z)!u z{tCPJ>Km7oU%yw?967h;oX^c0U*FDM+4th!&ED@Hgo7tleQ)*s{Jiqu;;#F*ZvORM z^z!aG-`lr-lKu}s`{f^Qa4$dvsG#!y326VzC;!G*QripW)4hL}7^++wMqVDhqMqn; zd^187;fq9WgdoxJ28Xam4@p{OWEf@vXRr_&s$vD2&ES11`M`Lq#xvuEjwf0RuRM9` zhoI_Zs`Z)>iNu@N#y(VJm1v?=&x05>rkk78<-@8FuN}h6nYV2uP`6qojn6r6e0Sc1 z``vfQ!5dyS1=1#!+?>GY;)T+x6#z!gqi7~bQTjnRT52p+o|b+WWhHq%+_`MZi)GoAPV|mE3$W@=Jcx&O+ATOONRYMVXa#q- zc5hTaCA%s5+aT-JqZ-@d0($st#32$>Ay6U}co*Vw^AwkSe5g2S$Mu8lHkFAtur>TK z|LYyvY~L+fmX6{WuvuO5fUw!I9I{ETp0c$C&N-cJoJT2(m4CAQ#M&)#*oU?JRhAzy zGtuvM*dUJ;!J04OK65ay98%t`pHBtcB*wC~uxtV|&?dUiD@bWKMY_8^GLnGH^s3aM84)W7vbtyiU6bN-Q77p?M}F}gc4F2%%XGp%aMP#ap4 zTPAX~Q&;qI?5^M8<{qqcpIn#c&9)byvS5q*Ey4b58mz~t(3 zGjm$4Uwa@sVBoURYK*c&d2(cx4H~P#3%q9&GvGY!da=eO#4j|@wJa#GrIe5{qIagG zZHR2@dKk5O>a)zt04s;9!2w$=>VD#@p8=L-0cIM*AEZWVSzcI&i^58@%f4KK`K>v# zB@~FEEn*N~ATLZEeb3Hl~veIZCBDYvND zErYWz5X6vEk(m9JXHrVf*3~z7=buEUHMZ{MUTnX7hIA6y%PjSwLz`5>o3pIW~UR`2~tNfw(21y82cE3!t95L4^08c|pI9 zPXGQhz5Mc--k6Xdoa^g4c$hYH+@JDHx{qX7Iumb;M(jft`Km zARQ$r%?ve0w$HO$`OyK(0;7@9JL!(i*UH|`BZRsT2XZT87e?r!c7cPot`qLupmr&I zFzro|_30#|U?(yOLE>qHF!(--;mulBF$6rPaeuW9Xno_Z%9+=klFbKtENl9Ww>Y+w zx;12|gZB03BYItuPtupSqZtyzWw=>omyXBFd+Q&H zECO1XEp9(UWc8*W-i#SlMOF>Cyq_NyVrs{KbHfIwaIak9;4X_66Ur!qN?f2y05^L4rWa;Y0P zhEy`sx?>x7?pjL)H_Xafg09FbMv;!+Xp}_P-Gi>|*jDE$6kp(Yf)`0=@&W$kJ@XqE z_6DpiDEkdV6eD8YS6=V3dO(5|>@VAsn8~>^+iQ4bhmS2RO_iGCTo5Q771Z)gW=f}O zmsQ-;V$rWbBK*n$gQ0;hH^}{tU7?lj5;Cm@2_*j%m-IrNA77s|y79U`xQrqMuaODQ z;g=*fpBMVv0vn&OYi%x*_LE|YI1=RdM?FU`c^#j~e4t@_r(L2X#$|oFgjAAAgc~nf zt|7-#lOJxNZJHEf-|ew#@hGUwJ6!dw_qX}zXBr!xMgH~ba7aYipOGdnbBV9Q&~mRI z3r9jXgvI1;FwR;ia!VT-c^NZ31O?Mft$NBC2dri|G~=J*l?cr{GZH#bt;?2{P9^7U zVSiq)>AGCpTMBz7C%mjvU-rINM$vaXx%X}2)iS=j9S{wRd%R)DTLRX(U5aJuR$+~b zH1zy%`^aW^Qderv)-SF-%|k(!Zd{*RhVR-<>GU+lUoB3Ns%taPU*FEsyMnvCeoN6g z7KWpB7%JshJ29}Iayi$p+r2al&gDb9tXOf45pgPYqrut2^D$mr#m0@lvMen#>wBzDc=qq8YFH847#$~nYP)|49O}*oq;Yd$GY+_ug5l#6r~OF9U7f1G z7HvTOq=oLHovgIBc8O<1_)LlYVME%!z|aW&q|%$>ht01oouG>n>LMKR{jm4`Irwr> zNujj_N%3j&2=tGrAb@j+VyD5z#kh~D;qqlX0gt!ZLanO;Lm-$=so5l`c$u1;Qr10tP)aQKBQNPvQe4^}srd-_8 z!a7TgnQhUylx^djIE94hWja``I=F*7)pQPFFj~_m-T2-xAFI&;x*=fO(%2gI6@2|H zs%8}{?aJ}EMd87<_o-Ke$X%H@DJrSpSHHBowlF|(=APTE$ySJ$r(R{Og0|z1{EidX0muH_jYg|x|HJA*(Oy4hB#{equA`6+ad>GX^ zxOvvgDjnI=EXVR2_cL`=Hi6KTsd3tW*JnGF{XHd%&v4uRbfdSXSFU$hmyF?N#)EMw z4cD|_?*#X&g!qZ_w&$E(q<|D3=7B^rsNCICXCDFy1_(xyYr?(lwLU&W9 zq&@$)NN#_RhmB^6WO4G_NGJaskKF@arI#$pvg*TOfinfW`Z54M-WWWO!J*y3O7yP>l&c{Z{Y@0)ff(u0<+}yY(JeEw1PIes9Zle!0&;R)8q_omhJkukWr95?owx zP?5MYt^b#q71`@r=Ws6C%Vt~OIAyT%tn#bKJgdi#-1$ln(f&;tdmw;tm)z}y$^yGoiHCaSs8OqYXWyom&9kCCV zi}C$(DIbFKUn$X-6LJpqOdi^8v)xAxWn&mdu#lDxKNO zbjzq?3Wag`J8i^HSwuKsf0DxljH?^3) z*J%u(Uhu>#9Zx>bzC1tG?cx7S`+?@^-5oNbk9^|Jb<1siZu4<`8k4DWRib1e8+!2O ztG?llp*xFjo5jyK2`TUt4&YjbhDEyNEgbF%ooS6!5YlmM*b8~xx>49jMB1}qS%|>P zcdEOGwNLSRayGh!TyZmwqIqYAPc77FRzK)|R`90i(ZbtL z)RFS69R&C2v{|M0(Sb-)JwQlNAQtAYC;aF$?N#>5`K*t}URk={v&oaf&Q@AKi>>gy zWtoh789w;s;g@e8*<73E!nxZR9AdZ2zMr}Xkeo$VW~p?ofv@~%If-r7bV#qVkrIwXbzkWF9fqW4skPL*s9 zxkcE$!Y1Qh8=@`Fy6x{lw2|P(u$^fOZXL0LsA{u^ObP8H9`XBX zW6pjJYkrrbOoZv~pN{T4CCKG73j|3*%2B{`?HJKkuc%wV$P}RQ#E~T!8F4%eIKezD zD-9+_+LVZjmG8B!IGkef zI$H3DD47C3|K(QC>(&S+zj%$4HLJr2Pv?;tL#` z!grs#b|6$f;OV?XnS)TQHui{tj2)SdU*IufsYpCl+~;HZEf;>wDOJgL-KnXK{<5(v z!HMextYt;^S&Z3uoNL52>G1EDG;KSAdSsPyL?@s~z#lz=KRe6G$>71W(pAFZT+|>G z`DAxya@3J@@z}s`B!5PjP}aGfTXZl-J+WJbNaz;XSr(U3R=`6b0yD$o{v>?n9fwT0 zIOKiC!%3c!ijB9)2HaONRGK)(KMM4b@#XxUZ^`^Wm2dK#GBmR0?FM)c$!IK&xIt+A z!Hpv52Eh+KX)k5ONRndr>7o|Kg7_!u1y>R;E}^^)spB3=pQ#}c5eNFh9X{Pj>VFEL zS$hV_F{LP=;LaYwC;Se!yY+V_shHuZJ_mECA_*hX&II0Gf&CO~vw1`K>#~C@^FrIj zA#p1{5|i2jr}wSv?dFE&Sm7`lJ@X>%o!mP=xcM7z(S$nXOl>uh+7S`HwXf1*nwqEf zmNO7-XRmFs;mJ{=sdT;(`H(Yww<$6!c0*}c(g6pqEVS!eZ%&5V0V!Y?Rn1LL*lqY6 zV3`zinT6<^@$0PFdvj>>m#fjUk}Bd&aH|vrGe75k8zFCXxL+Rj5)m$U*4}-?QPX!E zKY8L~Jd3pU@rn-f3rX^+W!aldZR=w@LFk^#UHJBAoUh=)8|-hX7L&Q7hl+!eHwI1R0b{feQyU(ZCGqPXn|WLo?O1LVsUEB*5SAsoFDxUP zh0mYf7=B_SSP`?}G3TzX44-T@mA9OJ0;I=s#hd94L$iYEi=6K2N>IAPu(qE3E^(z4 z+<>F|CzCjB&jiR$awsW2wPH^9cfr7HBRr%9gV*?x-^Rmo#)&Vye{sj1=MCZ!&B zfgcT4aOXW~<|4C5rAn3Y7drZk`Ns{LLQqu5Yh>ZJK2t~>CqvhACEru`@lyOYtLjsX zl3X@NUnmX|w}*V&?adI!UFsgi>Nx#M>Qg%7vbSW)2)f~(PO~}YlZV$JfK$oy+UVr> z*6cK#9=bh|)BT>#gqrxarnBHShwj*kb ziuIM$`rHN%3*G3I&GBxO=*`FzJ|>2_)*CD<&Pa8iIWlQ4-QxwOTy~t3agM`1U>JPT z)j_5z*)M$hF1+m);O=`p*&622O26U2-PL+&T0B>`Er-~4;6>GKj2HY~ zTL!z0si!lP>zZ((O~2t>`u%emU(T`CozK=gpX+*l69M|e_xJZ*8UL@m{ipuFI@%GM z8Z$y8G*q%$0@tZ=ILE^<7(bwES9G@N-`^C@rBLl1I(5F#NC|OW~FQH0OC{ZHu!w#H{U_*r2YI@mQ47 zSx*d|xFCRhewHg%iZ%%*fkt5jpb#O!81>j7j2Hlu;!jme_ZGlO04NcNuxPGoo;ybl zup^11d`oyPCyI=dGA*yLUspip5QlIHw49C+tX5qo3=wI_ZMES=s`E<`*txhsvY-$I zTA12z&JEW@OAS8k+|M^F2Ajo5!EQX=dt3Dy^fCeq!9Iw1WW+;`U=s}>Xdxt@DT^2f zAP7&Fi`r_B%clxBLZS?)%vxbMI{yXt&B4;cs)UvFcwQSEA>G>wYK5^8<<55x;wM`H zNK0YK{dIgYz6RR>LuUwHVILF@<7w&-#d?YWP&DB#PPl1~3E^r;btcBL;psaJqi4+7 zFF+Bqp;`+Qmllr(_$puS(w1SCpl{zRp3G+0!wv}6@Gw4#;UR;>WXb-82IfvU9N7Ns zDpd)JC7Bj0EbO!be0LBXEW-^>q50e|CzmN|*<3W0u-kfF*gX~^6{pM~vY&4o)o!WX z;l;8;+ zIGM`;U{RHJxKs$CGfGeF32e8{kWhEj&_ZZM>ZaaYYyM5&?i#UZvcp|jrm`nV9Fjlc zR{k4|&pjbve(0Tlj`RQ5_`kN6+OOk3)U-9Ve(?YQ#w`BppMK~68v#M!;~M`5 z!#`G53RYIYU=9s1oMZJ@KbX*>V5Q%0rC(#EA6R`^(7#epuu|Z+QlPO?0IYuN*T3Rd zumXmF_-U;80jo_l`d7fTAsT)w8X7Aaz-nz7pnnA@SONT201YrsWVPefuED;*#^Be$ z>Nu-^1^xYg{rwvK{lMz5;I9HOvxZ-Pfd-f(WEBeVrC&k6pI^V9M!z4h3KaOQ2AE32 zuU|u>UjqPP1e^8)1^s|uKcLYMfTMy?gPnmugHVECf$zY9!M?$+!M?!8z$!wkzgI(9 z3JO;9cC6wD4h#PB15syFTtP~FzQ7E0I>&w0>3Q){8lr403doGJwPzQ z)*v}R{6Qc<3_+;D&Oo3+D8WxbIKY8dQ-OdTfh|`lxB7ZDjKsyFZ}=wKLDg7NNJD&AY9<*AfZ8QK~jSB0Ko)XgX92V0ucr=1fd2y z1Azuxf?$DgfCGblgIxowQ?&Xu_!|5T{(;#~z)1sX38Dy&3_e(09IJF)oA1?^Yg4#N z=CxT_{dSGet5jd3-D=Y{a;#3m8iuPqtpU9{Cu?x5cD&X#xE#P)0*MFWv^LZq1QPx0 z>-~3Ig7OI%lXUlcFw*LtprR9jQy5XxhO*8$G_RstZ$o)^5<%L$*tGGuajZj~-HmhB z($_LX)cls0_IX@SleevPyWS+z!xHsAuqYqweXWSJ%|Ubn?}@F2vRj^qnl;x9SD5A~ zy7y^5Gfk%$cj1KJE7;WvM1F>wv1aW~8Orrd+_Me1S?g3(J9EAD^!+ya<3#%{M|V;G zW9ryH=l>yr{}$#C68w+ke{FTm-|&AeiiYM7`Tuv<>c8pb5B~py|Nr3sf7wj`fdB9N zHUB4<^DE)M^Z%YSp>><;TC=>bC5dUIikdZ5n&n7tGmn4TD0Abmg1rhH!#zXIU+?>T z;`&*zk_j~qYb+E}LoG7VzumtpxB6P~*2A*<$46vrPulDXc+l6PWK-wSt&Kzf$5{P8 z{Zs${*y|;AMk$-bx_#_4*rU}{=% za^hrv|Ez{a{>;qVk5Bd z-OlzTK2y+@7;Sf^m6FIgV%50ev&w{Y5dKE#%Yb* z-0PvC=euURo>AZD{Ce(`1vlc*f-0$=kPH zsH)~YdHd|s$_GuA5>L-FK#Tx`ae43Fw$ER`ykA*(y!iObm#=ek@8;(}vRK!SA0L{W zd_yxR%gns?`s2dauisX_g7&lJyLVqszn%N=;mgeY+{@=5uRR$oIX1ZTYMUTpN(nWUMjE)=9H9lmf_Zk zaX{|t?dZ!3+636creJ8mE=FE|{9aYQj-d36{p4e`PXHHL@A-xM*+Fhoq=xy}vQ$3K zsL(6U(DL3*u3w4!h1962ahfq$(=7F_o25cz=1c@S>j6nkyVul!;Q`OrcO|4ZE}S?F z;gK@Ut0Q?P7Ui!qsgdtYbiu(ki-Q3Wr*_0E0@zAV=_zQby5Tpz^N?M`{3Do>|I*%b*0M29_z3*g_H9MRytHT%rosmTV?L>bJQJ%0CNo|@$VfeTY2N!fYNS5EvmpqXDk$ZW zzP!}1I4CZq&z{z{SK9JGQRsHr(Dc$3k{s9U`kgm#CO+YbA^JPNrG5&Fez}ysZg`Fp zbDtGt)bMzEkU;b$R&_$24|4?Uq8gz1GGBhoj#d?2N+wuaO~#VstgH-4TQF0T(nPl< zQzeZtUlf|mqE1MggTX6+P{$+#=DFO7#7h$9O++;5YH%@WJ0yVLGnCaM%%XC4;ZU<4 zU@om0Pv(kvW(1wYh2QA;0AsSA?gKL&qs#DIY%pYD0|}l+$a|e6W3*4PwJ{pBq0`c2 zaO~K0K``AjL^Pfe3kPsi#(|%Dk04OojBFSW@5aV1?v!r}h~wKdJK1o7W$qq0Z~nXy zjCY>c4b2JrWQq}GFT`@or{`q}y8#Qy!ZOKfH1s;^@ElsT!{aJ?UFgtrY0V`}55Rd> zt`pel^Zpuyw{Fq^q3qKhbaqgY-3=Xe0hn35>&eEPmKH=si(oehjCb~Htf80cQ-2myB-IWtn;xGcn1V8 ztJT4DYuK>>i@c7yFD8N=#K)>5$3jIcSPK$bGm=#f_t1>sN}xdBCi z6%4v0Bx{D^gcTV3t^(%l4ZtWI$2Nw;`sYzXyZSr*ahajRG@NZOo63>NCkf-Sc}IOO zF{Qm=iWkbfZw$3Cf+oUj$j6`@_VWu#9EYG(4*@?M12O>fSx6QGe1@e6qUoSw851vQ z0C8};8G(TKAA-X0@wfw3cujI4YTG=yyq6bFerv$B1oJl3qeYrQMW^cm2)-eP^bEu6?&mo1ToU{-@tMIo z#RQZ(E5o$I0~ajifB_m3?!3>yYlbiamh2NnF?C?lX4t5VG^1_nGgO-mL;eI(15~CYj(%;@#juQzT_Ee;W4O%330wm_8W4Ppeu-*A0`{8$S}UJM(vf7s$xjd}K<_2f?iAiK z13A?)2%tkvd}1`Sk?TB3_E!0IOW6u6cNwlq-sF5T^@mya-+lJ4_V-WaKd(KY;0Im- z{z=(yb&Nld|J2nfzrFv{Rwt|d(EnFy_n-dzoBVfcO#}h$Zn%|1GF`OF}dK(r)2Vt8a$XIh0=4UP}e)9G*fFMBXNUY;!-_oKca zA6$O>W+KGuS#{=gI{mgY`P1y9H?QapK*)m;Bs>yfC!fg$jfk2i3~+%`D6elMJ<=T>8vzG+FtG@y z{UMS$*5Rp`Y-A)SBNYOctpSpNl+<+Y2+m9hAk)`~&NbU=fh^mO> zXc#Oii4YOfe73O_K%{L$#ky~cOdsorD86>$VyXRLGcb}jmY+To*)VbEQSA8R8i>vL zj-kdEIrrRQ4XI-tz{8%y%MoM)QZHrGPFeo#-rx=_xfv-vs6VUN`4_tzti7``eW*r=g)3ORQq#CEXW(%mkt zzHF0KM3>v8{(E6NL$(`k6WKkt9_Gj`@RYl(?Z)fCx;N)<&W-WI-KNAxk^5EH5>M`w zyz#|H>+S*Y{D;RL3fc&^&Ist$iu@QW(9cs5!cxdG-#)*RBrW^>oCL4m1@uOqJ6C;uiOVOKUAMqYJE!3-b z_H=G1lM~tif%4teDNO_JCSYB3r($gnTj5%cCg%msvtd?F0GJl4EY4jm(qo_LfpqdG zxGaB7r=u=5stn*0)GYJLiDZ0Ca*oLlMk{(oYtB-YxaE?de03N$4DCcr*p_|Xe@-o; z>+v?_s1ma@sDMAi0EHJi;7?BZ<|(*7iI^vsb#T+ToKGIS76KKCpo#<>qqPgF)fX?; zD7!k5L~3*7hdPn#jJRv6x3)V~=&2)#=@r_2dD6=9+Kf(wmHZF@)2GZfp|v(I5DT#;|0el7vV61!(znqWq~V)tyelvg9Mi^-iZQTQh~ zKh(pzClO~vrWWuBkNOY)1FPcu`QHlg0JE!iv@2*dT1ZGpQc_YuK_M_O z@ZiCN>FMdYxw)rLpKfVsxp?v7)vH%;-n@DH_U(rcAI{Cqy?OKI@sQZfXM zRwEDs(dZ2X0{Fi-8XX7#XaFDptI^)(0AK?EE&$*S0O0fg<9}=N%j#TELA#H}FYG>G z(!zAb^*Oog)nG7qK~dqc;?k1xvI2$miQ?j->k>po<%s|(PE;%oh?AAo5Chto=Pz7j zbzkYps7_G916%_)wYY{x28PDQZr#0k504hQ`e<@$dQwR}fh>tZAdxR#znXvZc46_w z%MSvokH0K`{n8unW&uo6T@S|%5&~R%S(5NQ50SnA%X2dZ07&S!tgN_roDA{^Xsuu; z8+53L5+l{~&GWu_rNVSfiDwgaLY@a9t*b%1H)5C%ZV20qS-baaJ~^5s$Qfy5@Dw(} zsd)0{BziIqlPwx;4Hou{zl-yM!%X02plHp0QFx^q zm?vKwGHYHBW^8JZwxYXdi}3LMb0MY9X{`lk=LYfb9mFkNhM&aVByMDs6~2FdyJ5$T zFv|(`|zs#ESM0WoOWUS-SZC_jWT@=vY}eN$RruW)GNMC{8H37hkQ=S?^^62$oR-MQ3?}Tk0 zB^2+g8Q+Q8|1{nIu6Lrv79@4p6C?-{*3S~F))Hb1DJfWQS zQ$YTZd+R>lX`LtMPdtfto1L4bNrbh{7Hf=~Lf{-TC+A9{K0KQ%#S-c4f>43ahe<~o z%DQBrn$MqBur@0yR6;hom=phUc>XT`_w)4({qyYqkMuvXHmL0V+WxPtrTHWO>;DL| z`_BKj0|LO=HT@4XtzW)-Np3|RSVb19z~1vISOEuP(q?6u*t&2Nr0CU;&j zAd(4iv@+%XPYeY7Ov}MXE~xxKIx=uK1fdd~upf;G4>X2GFqBb=e((sD!+Cx&htnas zd8qut^0FlKktAdlI_ua;S_2H>n^)d+1|F1aSL$blF0L9HoYOWwH zMXXBT+!58QEHMr%W)8Z7khuT%ZCby(|99;P+2!N=r#ZkM$bVqA=ilysirNqR&p+62 z|A9yUYx19sP3{j7@HZ3sEBR0JH}ap7a!#(Y`mf|aMdbuhsW?$_KtfYgmMIO0%Cy#= zWQvN$35(TUmXMKCU|qe|n_iuu3W|V3!`fVfXOcV{k?aVXrn@llczFmAJg zUuMyt-f7@J{8|{_1w*&)dvtT)VB6jY>~aHo1K{@ZaWAU8B5Mx;f;?C8JuA^uek;-= zPFDrIAX1vhXCdw%2jfE&G-$ON^}d%$9oA7>Pr@&~+I?LD{^+*yYtu-RB11gH;i1P> z?xt9!_71y#WKJv*^wl>7?l248wQuaa&>zl(XF!~C8OVafLalp2abB?xOyk+W3A?Kh zv~+>h4Wcx}YFtVE+wru_Gj5@I$tGEMk7~*tudWQsKBaKwo)xCHtIVsun4aZL^kLDk z!akKZa>cIpNUF*eH*{tgL48QE9QLEE90m2o$~3YrPbtxNB*~^Qil=EdmeKmur8GW6 znus8*FME1CU3*pjQ)I9q`vn3N)U)kIy0Ayllh00+B`Q9zDMtbU3bFtD=h1I=#E+l< zVG8{2`M=vUIB`-zvQd!N26E6B#AYXaLy{BU=u205{>oXZaeB8E?Le-QY3L z9@^~6C8GIM{#0jAj=b&mjZ{^y&Vx)-FpF>*H5RBPlFD|ng#ZQ`B~*jVs5*1BI?*Md zrb$cz5f{O2PNa?kQ5H$h)UD<_WevDK51-wCY7D}Nb5cMvwEgN3qbqFu$St#5Ou)J5 zIL8G>=XeI1dHwVAGDhz%1d{NwfVdC`K`fe=Se$QqawA_O@L^Cr1eU?vs6kwpLyAY0 z>hs>~_3(L)sXiTQ> zfxx-Yj0;J`^RGQA1tT({77l=Kq?~(_4v_1HMpa`x%u`E%m#3a0dfiLQC11sBdYA## zhvcq9K0*lAP-d)6ndZ_ZJVjfO&PBX&Sw z%KOl}l@Wm`=z$m-)bBvNN)pS`hQ*BVM^_(=x5zJm??xO`j;+}i2B*Vvj-zwZ>rN*^ z8WWSxpK78b{9uQ(t#=>2yeaQsbE(Bx_P(ke6c#6*hSnRr zwmtChvYh`6TEsz(2=+Yf|D1sQ`};pKbnkzD|EsHk&fdSV|E`7v{kZ@8hdcJ)`|yYS z_wS|WpX%)onw|0>wQh9>9W$TF?X}GL93>1PtL~qL0PFAWU3aUM->Z z%xNZ9Q3tM^ixWV^VXK(%%LJgC4MVoa!=X1g5+~yN*ubOVGC~Jzpy6rGn|ZL(#^U=A zAD2FX+%7F|2m=HKFw6lk9ugj8i=F}i>v$x9X6zb*rqmP~5EB|Y)!ngB(#C|LvCZkS zk{f$v)!5bcXf95&Be6UVDTTlWqZte(e?0d+zEEz45ww}EZcAi5>y2Ks|GbxIDujxa zbtPg)&)S$5`Nj)VA=f-5VP&*-HSbv9^2#Mn;xiuT)p*_%v!G8S*$gPuPoN3T-Q{Q@ zCCo$fpi8NDL&iQ>q+)^72sFQma+%^C#+Xj(Ai zVdtlXXOl<6GsQn1{PJvHlDWjA(W{H^xoyOQpTs)!M#eXwBw`Ya9dVK$Q+Ov;o?7o` z0nO;@5oJ7aa#Zo24hic=;3jjx5o`y%a`mfV4pmv}k671I&9eJSMfvASQkwBB266DN zoQ*LPzKDm)@$eAZ)wytG*uCo=9!qJi*vTDM#uI=-tJgISY$$~OjtU?*@lr!j+|xt3 zo2z`bm?Vm7pjAhQgazoWJ z=@HFyI1#Ky^CAY~$FY$hw7YfVkdJ%FrURTgh>bgsDk?oA1sFTkjz8IKWcCbz49v@7 zVZKiauNx+M%}Gd8xGN-@j=#4p-}G6*AAK;v;N1F%yMCu$wN8ZTnf<3E)jzefel-3k z6!_iqe{blY%>46x&_B5UQPWZ*|MvXXRQuuo^G{~%-~0H-`Ty^w=b!5B56=Hg6o6Yh z-vKy;6Ng9u%{|3TJQo2C#MRXwCvXBVTv;L<&Ex|8e^77)Gyw`NKALmA??(T?&B38z zurleb+js6JaKOMaosD?l0f7qwPr^Qg;h9*-W9;-p)4s`!ax%^Xa`1H2z(X>rT; z*6(=_=vfzlhv=Gs`K@+301|ug@m20FW_b7XtuL}1(|SH}=ul}Q1JI+b*tPJU;PB}# zN_TqyPVj}@M%WzZF{#|LBV~?E9=LtOBt!{uE^0uRWmkO8DGrBbrJOx==Zr^ps@Rs+ zy799d5@e70>*^x3BEIaxDk?nX1&cqS;NQC!0ftSsSel^*wxn9nGHFSV~&8e+$ zClU9aqV1dA>Lo+(`9{Xd(2AkdlGAhth<$O{0nN{u;T|{Ro%V}o5EpBKTBJu$<%`bC zHkB=o0UQv`{l#VTV!>rA!Y7wMBIG9-Z~=c0!~Z{DoBS^S5ApR3_V)kN8sH!BfAT7` z|F!=2Sehol60#LBdTeHv1qw zah8Gc^u(=5%?I99@41hp?`ZNhF+vN!RE2e=p-K#^@B zjZIv}RJ$Xm^%cTL^Z{Qiq@T6j)*_~lyJDl#3EY#(HS71Q*Q?qOH|GCEfAT-r|G{B@ zdiVda{a2g(+x-vPe}CA2{u{gaU;p&y{r|t<|2H#WMHX^NVupS;vfxO%vq(51)$ZiD zXocA8ZejG^AB~2_b_uEou`#E^-HE+Yi(5kjLha#E^liukVUP$kd=K4>6%u?TAW`LT z2(%EU3_GTb*r&`2PR*#SftAL~fw`V{JzeHaW0 z4>U%xiVEqM?$8_j4_CVMM5$lgqk4nhz8UTm*1m7IgZ;xEmGaY*d128@h+`QIUm23I zS7aEcU{zQ`kS8JbnCBI!sjF74r@kX!`KKn+Go~#RXN`M9omc7i&xbx~mxLx*PM2jV zJVMjF7#6$|UoM#zb&|vm7w*bMulfJ2rGok_^}m{H_jmVy_^#kT@BR0O`yY(|_y_kt zzp0D{jMzjuG) z!Nb+~kJbBs79Nj#j_aHRuh}ll5MW#n7v4>AaXx!J2f(nRrt~2ImW%{Usq$1N0^qyC zGZSC{N5P!9Sq=<4I1Dbn-fsRmO9@yp-CT1ufCX_Agg9By4EmJ~0m z`1U($JPL`l;`JEoR5n1vsl-oviI55j?&$SIc?b{`=g-ZYH;aWjb3>huo1>{WXoMB0 zQ#w0{aK-S$)xMV-h(gX={f4WJ@7nHwxAomtuZirhfm}u9rp7xr{N?_?|2!D~0p}u| zJCOW}I9y>8Xz|m5JJSFPq3rRKE;r;fQ=}n!i}f?L+oSN|%^!*wu(46UQGs|}ty8mb zc}JKPk^KbPflyW<>Oc(}bM+IJh0BhaAZiJ!=u>`LGP9Na&L_8zfk@w@ccE))Ia6_hQWJ7Lc+n^-^yw_ntx6R{C)jT zT~k~8@BF_se%Sy1D-7e$fAgLHp94eeZs`O2_wOGV7+A^619OnBI67);YtPTmkB^T( zd-hCTUVda`}Dk`>Y+0xh7*W26c=H^yZR79iE zL`6kAJHgyeOCLUbSP2ROQ-H20E3b%&ad2>~fL-D7a5#MB>uQpvm8GT6pFe;3@&(K- zZVUh^Yw1HlkR(?)wi?^n8X8y`tE-S<;N8_)`9Lh7|2;%y6-_F#ftvK!)Br)cr9(BL z=BHiG+^t(J6L@*D;d`0D<^uzJz%qg7qE^cUE_Fl?zWK7ki2Xa343-JZJDOimSX6wh zq_hky6IfYQeWK=M?Wwxc^=BFyo6a`3w6>i)-+rOv;-$;%&Mq({4|K`?tx4|JEcv@j z)_0{8ypk(0SVKa66$wc|97qE+K_ph#r9UHKX14)EB6U};OX(Ph#K6N#lMPPYr&9*K zoWlq9C=Ju!-o}}ndaxALmho+2FgnIFmgymJAUQC>BR=6UGm|NimY%yKD=L3~A>B7G z+%=C6@aK`P7+6&hnxShX0_VBUAWYejcXQs2xXA?S}FTAvS&75CYy;r<>bez?*H1+A@ ziAOaI=zT(eGb^((J}|%(%%|#gSVBTQV4`<{)sxAq7AAUfc(OCGs@?$mvA)opp(+gZ z-Zfa&>?i-FQuo>`*R4~>)F`ilk~qEE$`?~b-fLx=UDW@W*Ba11qflC7!)tBt)xvqZ z?m(;TGwhtw-PklQ?pKkwk2sNhUNyJ8|6n?y;Wt-*y|eAiqsz#?WwB+-neC;Nxa!Kq z`T4BUE@IlQm*Nn0bUGDeS4$(Hf_fBxQ*z#y=e0x*CD8)rD8vnVU)OF5e z>gHGPj~)*$eSKb{pcLU*bk|=lZ!@oAaDGdv@|~-;Zt{0eoj6nXkf$;1>GjJy1ESwY z8Waz!Y0PaOJs7b-8{HxG=2nNrC%LKc<2&*!nP7f{e764)1mtf^R~j$^IKY5dDl(S+ zXzw+J*I~Lhw}s1VL93`n=Qrj{(M&PrUzDLD$xiSP7cYE)0HI;(A~#J z7|Q_y@-ku&A|FiM3&~I5N2Bqm4SJR~1PBC+LephE^<9){qL$VHNG}n5wG|{=pI^q- zOLT`mOoqS*0MbO1AWcjCN{<%p`&wMvP}+d;suv;%l?}Ue{@N5SCXpSh6(q02Z(AW_ zB%e^ouCO~mO&>Ieao+fp`aPe+mf5>qFCk|2x4dShiEdT1H?2GR9s zq;WK!pPR5({};oU0*2r)cyJg?aG0G#xXd(ag2s%fcomf>qVr9$D(Pe+Z?GmdC$U0L zq|(9D#&gUrVf`-WbE8I_qe!@vCRN0in*$9Nk+EUvGyq zx1RobJa)eb7J~MRu)yYT;lMKVgLh%^+eC6{D4An=^+&euaz<`R)a~eK|K;qZgG(25 zQw3?egZ*gFMWDJ18t&7P7-abTbDRzp*GXc{7@8*ESapyv%kEmcA$lH-`w4J9_gkNF4xD z;5(^(!0mF>yD^L=IbA-4maIa@SH!`Kv)J7Q%lmX5kh*-Zx#HXnZNZy}oHFnxb8Sj< z>g{bG9W)8LW*g`Pv;$cQ9{oe=p&=xS@&?y9f}g%RfD-f4PZU5< z01x?KGmJD|AE6{A4RbV-LNYw~1O){m_4$Z~@#dB=eP=!&jyOdUOfFJgp;1vmB9Tvk zOYeNTAp$_q3zT$Cxlw%-c>x7u0@^TJSdP-6h!m6Fz>w1`FjJyP=@Te|pX|%mQ{>Y7 zv$$WxrAiw5l)*etO>yxfSbUi8MSa)yo)(Cs(i)E64>V4F^$Hs&*G+r+6AjSkssKH< z>b?uhdtx8WRe$vb%i}hM*gEU9@%wU&H@0`(IK2O(%^q%wtOPq!@}OBgs$H4=90JHl-Le7-^-@25!VMK?#49^ z{WodBMt)r-mXcLV|7^VnA!)ZLJOSK>YF0pd>&I_=JnDRdO37AaE}gWe-P&q9zlldw zSpX0Yqd))*Mh{J*%V{N%_!PJE!34E7DCq+f0euKZ5alRECJ`xDhNQ@qh;0Ey9uqB5 zuH6zw{xo@t77ao6*w<0X@&MByZ{8oTbI zdAO*D2$DYRQVHpF1Y4ubP}571Pviw1F-E}Z*`OCRRUc;tuEVxQDw5zgGsTjk1zZS| z(}&gdnwICgEH-DLE+#f-9jLm`1ygR$<9Tb~Nr6)|mlq2rH?KFuY%F+ZmvApm;&QrH z4TLc`u+HE55VakE99g#^EcY%V!Oisy2FwKs0T04xIRPO#)TIFn%QcZxi@09GQUXb&c_U&DIl5<2h{gIM6xLy7 zEeTo5Wr`jkfmRYAou>&XNK~sUN(?Cu4h$=T3HkHL8mmNrgD2`Kz1s%n zPg#mBIzajbxoE&TfEQ$;ROCUBZ_^pY@x7Jm`zz4AZLZI%mkjjGY;51ZnBcj5BV+Nr zm|aVuVhD$5%t`CHx1SCnVPkQNN)rH$f~WcNX;Fw~>LLUIH*=PQl%Mn=5oC^%1Cl8f z70u9R##02iX&e2-ENU*JoAO76O$9;u<{W>>az8 zlteOnD{Ug`B$I}uG!QgjE=fC zeJe29SX4JbH$E{zG%Y19{cyrB*t;Oe_;vvNAi68;N83QD4MaEi`kF#wcjPnrq=Tp8 z{yH(=leFDBmjvuannn7OFK&cWESu`@zX`Ja zkOb&SimPd=YO0A#>g82bnoA0;!{OHP=p8q;^RGJFtncJ#Pm^%%NWJLl+;T*lM-nHg zb4FhR&vjDw3*Ecn91Kk_C@L`wEI(V@r zTm=`+Vqkb*mKew>LitTS0;dEvr*!pZbIbQ<#Z~PYS0}+OV!0%|tjz#*D}(f0&47s> zvf29Ftg!xr202Koo3rK~91Js@r%P3ik&l0NB{41J5IrKIlTl-U)T{`@s>OBUP9XP@ ziS#|)@H!*mp-Gs)Y^&%<;SNC#(4xN2sCXpp~_3g4PA`2#P za#yH90*>c0560TyX;+H$*DmMbs)PYT5{AdAF;vp{>gF#}w+r(VkE*(u2B)N(1Rrhm zlxs&Dpcw=VDSm5Rls62vL4!*OJ~R)Y2X9vJMrFrIGD?yvtacCa65--@HAZS~7ZqdK z=YnHfQ=26Xs6zz5lh|LL$g6aW`I(N}d>cu>prg65i;=_nV7M-4490qMjd`|8W$l51 z?e`zHwt{-HK0>vN^iBE-4IwB6+vO;Y5YPvt1Q0|iUwLVgqkPzRJvoG|s&-I+ovJF& zv6_=$zLhANV@hq)SvyB(GpY0K#_jFRm%}i8uqyzlD!UPZUOpmGz85A)6oj$wnh8~@ zYL@ZTk53n>sglLj$aCVj$FB>(^**60#Oot1CHQ8!kR6I+Vc`H6bHkGwW z^{bSh^U`DULdnn3L@y&+JR1s7t#XAHu*NwwY=j*%yYhyk)Yhv;Bi4`5Tl5JTgiy=m zGNVJPdQ<2|NE`>`BU5odPgfBKavi#3zM;7`+eUMv&@sosTKjb>+k^6n8PQP zlyA;f0w7`c=EV$O{;JrpG#> zcs3(H@tRs6=9hLDK`$ir^Z^_wz{Af$*IW3((svA4?FRAv}*em~TC_bvy02f?^~qaZdNH8EcAcXzv;%6 z`K1QSZH9LiKe*mR&E4mW35sR<#U~s}*_M!)?wgd(igBWBShYw|I17#y7MGM1l^-w8 zCc@uC&%eV}t(3g9tG@Ed zO42ZRk%e{N)o5jwO5Lkcb?fxWvJ>vviVs9Ep4J%~e)bacAFXx2@x3}u-?4)Z2@ftr zysKp$Z+qk3?k&0@2s*6bK@zzL7UQ3cAxN2yc^|oTw2ZlQOl~qd@%>JYQp-*6^PJ=A-}A!P z7{=QA5Cg@>OhD(?>*F`ZzE{6C_U-(uv9IGoM%et{jC~P58~c(B)6$QC*1m%MMRebz z;Xy|!$4ZV?F;0Y(rJSxeJ+f-;D?ihAy0P>~>$yv*M{2yf;wo}3_vUt<=s$YxO3y&r zP=4*%y4@9Hw{AQbJ=L+6L}J#ceX?clrOC59Q?K6A-Z(cWTzohC-tHsw(`P7FG})q1 zIxeAv+bwQ>uyr?uPi1Dr%GP)jkKE1L&c=#snVg%F!QvS+<(cvZg>Gg|$*o5paw2V$ z_6{0vrF?NZn`CLX_0=&o$yYD$X;$3`PWoCeORS8dgSm?+*SLKf#5JYl{#CG9%x z`MiqZYT=NVDkqI^2r1b11f^;er)NmIzD-AldJIpH^hRH1FOtW0SiDR4N>>l`tqr+R zxA^kv^rOmXSUAyb-~4n!++cA+v6}0H3l$vh-@?vpyK|;7^BZ!o-TKx2Dy6FJcPAsGuE4FW z01+^yQpO*wfG59R0k(f#0a3qR0ek+s0%*Tl0fE0-0VY4MfRul{0xGWb+!#%}&~k8K zEMq(aod30J#J+^4)k%NyYMAoW?m6@2>zVe4cRqYrI$QSzyhdDq4R2#$23rsvYi12L z#vgAM&P^sr6^RIG1WY(}cP3>L4O2H>Y4q8gDQ(LnK~KvVCw9I)-Ti^buO+d>XQU#M zcc;Y5Qby>vlSg}eEp1J{pr06y9Unbm<=M0NQMvX^^s{fy7ZdDDZlA7iS1+LOt-oWu za5Y*h&GaQtlf`(Vap3Oi3AfOrw|5p22l2*F5y3N zil6&97J7yI-9*^IFiP!bsp;yMQC?aX={!nmE?)P8AZBU1ye02jXREMQFq5d?khek_3hHx~e~ zDkH1|cRyy$eo6x`eB!v5Wod(HSy7TZ;8TPAUp=>LLSH@klyGiD!d5<_K+W^$xZC?7 zniu(TLf+OOeG!~OwIoHA4E43Q!SUF9*FD#|T@P#kyIr+ZZeSn2X2>>;?ky#K@FHtB z;f{RgYY(7DOw*V$>i z>_^!l2TwJ*Gz08MpLDtlzBIq?+_=zI=%y*WY_B zexF6*y(}FQ^<4=h5v@@07tQqsYuxX4a@ zUHowV^X#cb7sstT)C3(j?%v4uMUzwhRj?`H+BQpR{H}9jdj?4y$imw+JyRv2V>J(C zi3vK!m)B&k*vcLAd<)-!!EX`Nc*TQ9Jk=O$lqqW51y&QZOx_T;f%kK{ajUbm@L%Qr z=NkNJ>{i#m&+j{rep^Kr-?ovmX-Q>Y#=R)rgI~Y2-M#1PZj+FJB(9Xe(2Sj|3z)nw z^5;}!msJ*3``FVf9MbAtn>J9L_cwSaw}11cZJs~r;Gu-EeYJi)X_@IAR-+d$k2hqu zWL>@0e*KE&l>0r4g$ti7iGTK^{OL03)0j#EQb6o#MoE^kU;Xo&Th?t))ww`t^B>DW12*-T6nqjVG1dF4RG5RFEBy3g_f`G8cLXUT?Wfnz zgA7N0ehuFP(1@t3K~cuH;vbL3IV#D!c~mYvO^k*{ zU%j8_@u*wD)M7OgCL3Iel?l_wMBKak%$8JmZih9$#ZI)TuYCub?}w!g>cd>hao%sv zXu2GfF-cRj4CyaygdusN{FD7RofkR540g7x98zd<9^46?S=yJ8wl!%VWdXm2!R3## z(RnzmB(Ft0mP2!X>S(30Fs6ob0q>ROogOXsA{P93TxHKxlh?!keFFOxj+luR%r+l> zmVaHr@$Rd~>)%~Jd-@hNSt|gf((kK{*EjR`Q9xdx>xAzzIo0*>VslNV*I2^Q-q{X6 z`O{0XQ;I?wDAG0Awj%QSvzf!Sg>Jg)he(Ls<1W@+CY7%J9It0(UC)LGwtBL^QIys@ z(=)zvxMFAED4COwXVZ+$9^1Wx!}bS%#BMCt*}c$U4*xh>I{>eBLteFOV9iLfF7D~ka_niBf#5cV2Dp?4r`$~LG!6ihgNpvsvs)? zF3;zT=RNx3<5N}Xo~@}HT#+2H14f=NB9aRN;uO5s*(6L|vEMz0l{Gfk1|wz4GUp%2 zn~z~6cJ0w>yy#qJRl)$PHx68CU+Oj(#0ypjMKb;HMz0PKPbkjV6SdgQK16R zOV9@JZWTJV%-XR)SzdylKQ=Ah!6a5uKmb5GDCJ9g8Y{)n6p$qj68Qy=RmK`nZ7+F9 zF%%+@V2mU?RyfqtN-Ozul31_V+E1SjK}s0QZ0hsQ%J|9MDR$TqrywB|UF~5kBz;){ z+EJ&J5QdY9k|D=Io#SSHyT_0kdRJLAR$4c`z?Plrg%jO8+li3Uclq>|>Qhlcn2gp2fvjl+tG^SU& za!z1?H7*kaymF9?=OLuCU9kl0B_ZbN)f=s%MW!}*W$&8ny`-6WkT3x<0u42*6XXD8 zUvWnUjO3ubJMJSz|CmP7Mjm+-X>EZo8>$VG*Yplg$f-Xmq+q3Ae#N_&9m|swcTFWp zFoqmlNqeukkfks0B@1KgHA%7wU1(|E9JhEQ9d@a$=t$ro^ zx<62o4sZ-A71i0OlZNmNm;45*wUvA=0|odU)k@bu4*5;&5DJ7BiPd)(Fu}+O#f!WS zN9Yu=s-ovT&h1aE3T8xWoQtmlrT9U65qUG0bOrf0(LLPIl_CJT(`<@c)O6Yb3CI`u z@^6H&$%q1Oq{um_#tbG;K?YHn#*s8IkH{BL)^poq{7%NyNPk^tuAq|ZeTy~n_Vo2e zSS;Z>f`8~D7vkBX1D~gN)*TpBDO%dpSZkKL9wu<(UMW=K9m@uQ{YRRIFH%OXfS7w2 z;%ecIz}}Zep5PbKy*1;U(O~;=vJh%i4w9okZKl|TU@t{Y{`l<{UK- zuYYy&fN5OwT#Jb7M}})Fj`qPkz`|iFx7yxFD^WMjsAQh_;l0tG({FKSK?#mHIJ`g0F#?POOmp{*l;Zt-w<#WJ z8ryd@(7+U5ULlK(cQau?6G~ou723BH+6umM!JvCkh=F-*3IfBzo@xY8|besVBG7!~J1ua48 z`F_Y*Q4LE`O05YpNJH4>)M2R&*+&KJ0tvWzi!=^V*C7%0!C)$c??U2K*8E_e2~u23 zfrLwT@8;73I{4Ch=iyMEjuVu86BN6bT240!L_DG!fe<$IA@m`kaDPkD=R}KVrn+4A z!J&-gY^<=7!gJRpD451be3UQm*5MTvTECQ%%V#5wpV(kgbB#wL= zDHE7<6`i&G$WQ?kU-U9jL4N3ElCx6aa}bmtUEC|vVn0dT>$n)*2QgkTPfGMqz$S4a zm4PIv=p@U|XosM4GE`RU04Qs zTC~WixOhZmGk8mIFA=HY&x&5^B7;G(QzmUdYjF&+l52Dq+!7aG42ZI>;$CnntBhKN z>ry)UxSa9kCJxq?7jZ6Xu?7YKeqm6&%&(3=% zM#`pOce|xx7;!Xv@mgx$hewhhSWCfLmQ~|_?(=Q?-%U77+HkbUyx}LBCJ&yX^l{fBfC? zHxG-B3<`+)r)~dz`)|CKmgX<*zjZWOAtAoUfBL6_{}cRbcs&!Mot?R(in)!ssk7>* zXs>GOs_JUaF#$O1m=GLJAE%*iprvb|rH9kN<2BS&w)v`|SbU~-W-2BwPL`|A0l&qe zXMk7#n!`6HDo|BjHJGyXx9D{Zv^Bq`CrA2(vFN{DzSfuY>Ug}jZ%{~xH_KtcRYUuC z*mS>S)6&t4)4_YMCpvih1xCh4g#<)?n^hhECF`dIiQYa@fn=7S#P2YD)vaGSR{WMM z^bIt=s>$3xhLw;hC_Kz2h#c@!M(%I$eKksUZq7lW0Z}T%phy)3R&(|7ir;9bHr@dL z73;>Zkf5*tr|9s=->HzrrT*0*IQazyg!u(n2Kat>0$Q{7Sg13_s^&`3C)09bTpXcMgZ&=Fs}83#%Oej{5u!j$d`+=QyFi zO|Si{K7{=gSMVG3zbgNyI7Giiu5W<OmWq9}n zyjQt2<8*btRn6*(`*q)044>K-r=k0MOkcGvEYvq9IyyY;U&(rZqeH7TeKn9Q0J4_a za4o%0>3x5jL;b5+Mu`j$4fl=?|JKl~ZUkRRn!?)agTl7{?rN^_)nG=lCTGC*Z>`X* z3N*f|Ad2GS_sy-EMg8?WWGS)~?>~@{)|WUmL;VTu>3=`T@9O`K0hI8lAeIIY|BpKQ z2l_wjP^kNh^PetW`+NMie?&lMtwz}b{`Nc-5+4%UzM+SvO2dX&*MF*&{ z4#&|!ern&ECI5e50TewqL zVL(~ceFGv5wuP^r-28nAL1EkCRedOwkN{P`@KA$aED+xj|0jg{zlh|U`2X_Q@(=s- zNBCzY0Q|-NucM>&J^t4}l=`1z{~Z6pkY$-t@G1W@b5s)m$SmGZv1nGG6Tn-F@>@op zaGO%QuI)K;>xR|yo#|Rx>-CbPt{#2L-WRwszO7~9Q0GrkBVn zqKa{qQs7?UEMXD;eapLc5JYpLKP=>;HdK*ng4jGyXTR{Dc<(fENc#oKQ5S@Ru_+^Pl0t0y zlJ>5_ZORw3r3&Ni(Q*V%F+3{joSXrPw}Poz!PKf^YHy^9)G&2WXb7FDLucyNGIi^j zdQD7&W~M<4bFC7AyOn8pfN6M$xvrB*IKm`!F^NZ+#N$j8PpZ@zrnxs&`W({&PvG&T z$_z6%XcBlwnYLq0+X<%KMW+1>)BZBk@jBCaj=6cB>3WyxdY|d`h`FWXocWP+a?4Dw zWv2IYrnezM@FkPGOu^`vcSeM`pm8b2huFnrJla+&LR6Rg*-L!{d2BGRaIP z`Pnnl?b~h>6HbQ?S>)&IQz$C-_PClF0)Zfm!*Md7kw)lH{27I3_`uiRWdqh|w@ss2bLX6_@5O3jdenEMGAY00e(tdsoK2#lmC=C$ff)tg1zTXw^t)KD=f>m>q>EY(v5!UA0I~Xboq32ZC*XO>cc2 zq!O6{xsb+{KXw+vUU@u?V;~=!jJ=p~D)~J8^1#@!(M!W4V;t<)gN{w*&jdlBDeS-< z8e1yct29Oq!^Tf=#-61MSL2Fal_CpVv3-4PSSdr#W_ENZO zo+@SDHObf+KVBkQyks+ao)ncg5*;?(no_iozO-G}m-?;+|rA7{ZQnJ$nxQ&PwdW% zQK$x2G_s+g4;J+h`OYr&Gn&d$_oa1>1{DBiScR(z0itj5LdMqC_l18^Il}F}v~U-` zA8n>3xlra`60}er*wi9d?yeJ`#BSQA_@FX+d^pQ1ZlUD?7+i+yuk@*mun_dE^Jy0H z!Uih{duSat7Yd{$rIq>9)SGH^b$X!nv9lL5amtfdp~8MSNrU{hbV-@c z;PQf4HNGHx@W^QPmcVu|nQQ%Bwp5>V!PDUD4=tT7UI3hPI+E$FrR~=q9U#+)fvpRU zr&Wc9$RceOH)h$bVDGcz*BomRZ&hUqgSa`Klr2>sUTV2Fe&CwS8Z+eufeC&aeEC?@ z1{Ide{WbHU>$85|I)!tzLjvUPipPTwI+dTaUkr1%IB@d9mMHl*+E2Q6TAFb}tG3XB zAB__BXD@elm4F86Gg50GPK{?{4s=xS3RbT2MzkKjut(>Iz=lHcw(!o!6?c~E0`q5v zuF1hw%aX}On~eKJibdQCR$-jhM2XR^X8=o77;Weyg# zTP9kS4z$Pqcy!RWXqSP&kkraaS=s#RZM|#q*MuKg(iz$DY{RoGdH6cl+HO84y|Zg? z5p;j}VUoyQ6H{^HGbkR}ik$#$c%!X^D; zkjkd}N=|TZfi5mbnvYYt8Q5+)mBZi=QenrXx?N43BLS@YbVF~DViH)xB`H3IeSYq# ze>YY+JbsL~j^|~ukwqXS%igT^c4b@>t{cZDcm+TO|58+`N zw2gYne0j@k9^#THU!?}M?N>*%l#@`W?lmf%9?0S8>L^CZ@XAOjj(|ddf;tX=o}7R* z8MeJBYe6R*ydYIp%LnPG;IBWSm^QBhY>>h6@(6Bi3Q~QPC&*Y(x!7SFfl5YwG)u<5 zE4K;f(m+CQ-jSJC+z;<}+?x+1;h`rq`{1jkF!$19t41K0J!zwfnU@PNquX_sGKu{<58(aXi4?P zql2lHN278YO&tBy-BZ!(j%a;9v`G}8=m@C$nfT>6`t9)BQHhq+2L$y2w4xwF&=0Lx zi9oa3_vuWzS{DJzB+2Ia2UQ2Qwud}EOHn>u)a1a24sj0Oh9K0+*I@yKhv}6)u7bdZ z7JI5050IYeUaJQbUNECA%ChavhECGWP)QeGMD)pS)8*jZ?5>f(E3nmvcRdGMnBP^9 z7eJ!D00C@rAm1M9dQP4&`v@rxu!#>JkAWJi9YTrH2_RkR^=*6!P$6lA^Fcm)4lXXF zDUZLNw}1%TP0t=KEC8VNKwu$ZCj*Q$nyZeNU~pK_p0)vbxe+mdt!_ZqdP;AAElRt> zY}cb+n6T?|LLUVo(43o5U<9uc%R8dBF9R)Y&5CPRH?W6)GZ4Z!EWI8OBxj0dfs@Y{ za+)yrdJIPf=y?S@4_6LL%av;anRErVIR-45`(3jm47Z63;C8;`5!KE;&1noSi3{@O z6jjzw12cNGwJVTR5?y?jrMs;J`gjUe~K(qVdYEx6fc!-x`*o~0Z5m)6PD;OER+mYl=UhU zR=;yJ>lzy27xDORId!8-#GYZ5LGbg?4wr7b@x7b%cw2_9T~AOk;6{apEcf1pQGuhD zkK?wARGUl#ShM$<6R;2}fJ7`TwWh2=2BIDnP3>a4ntW1NFJ(Q>`tMG|5TN;5G*l^jwNh>rwt!_?e!@HjCK7lBTFP>X zyRWUCgQUkw*#JF|kacr_k*&fU1Ik&w$dD6W*_;FmGr)l=iXA5J$7~ITlWTQF-4(cm z{paLhG~h#HmS=>}22QxgBmllmcWd%yCum=5ZYT+U)Y9D4`lz+-*rP`WItEeK1Y5CG zs8Ah3at#MBq1HOFcc}kHdnF$M?kueLq7MdR>qu1s-)qXSxjU-m!~`E7mS>AVlj7O7 z-SibYxW>f(@H_(fk?IfPd3P!ldD49Z7Wy<{P4AHx$AlTa|5(+9ELDZSVKE;QI>z<-BsFzENEOdHJMN!uvkzd_*(y@1w@2E968^uXVtsx zPW!kC;@;MCz4YcOxl|n)Jk4k^;UzD2?MRXL`=v!Q9^0n_53IWlPr}gYGe@QD-OpN1 z4hy%rz+SGv*g5b8piT-KTNwh?iw3IPr&NHCN)TXpGl8;K&1`0l{g!^OboBfhP-ck1 zt*K;@Fg^f729#>!N)dZI4No+0TWdUN#kB)cC$cHnX6V$O(RX+=sSBfQI)swZkmW{M zogtV}>U@652{H7YNvAkLUreN{&=t(%JtU5L!Sj}bD2|^wv$V{uNIIzpo zd356T(qqPh#p{L=GTiJ)A5~p(5rNH{*1vu;5#aun%LHq^_|(Qv=YUPD*oXk@93c7g zIRHf*0iSy|Z#mtBOnk;<&{)>TsFSlNO1(az`Q4k^4**ynd_ zAA~3DbXr|%qTNPOi`<(#p79qWsYzt25KIJ{m_?FG!sO*8v0+4nIK8sV9HsIESP>KX zP<5r{jTC4diofnaOC21=2WjdeNOiOyf}cK(ia*L&5AE(BIL#0A^c)|Ijq2cUxX=_4 zGrRrV#jZ=U6Rqsmj^4O=#^BENzMHXioJSta^uaIJ!KR;;Nu7#4b9V0SGAI6C_R*dy zstJt4e=!MHn*=bMGbsR_n6`&ghb?p7kCjYd9h#aG*hr-!K^n|{6Vfs~9V{B}Partf zS&4&GWgaK-NO1$uz!!ofBDDvka#QlPx=+j0ervyD_k?&eH-e-RI9&VCLIB4RLt)Yh zG&PB}_GT&rQ%g2Spgg_+FazEI43Pr_Pi|5j17gHZL6o!}+Y6c&470`0iot3KJJ=LR zlGfL1bm2L&$^g|K#Gh?V-mxqTTP%EC`b7d(`CVRTgwb1HNcl@ zY9*|0^(_xCHSP9SAk2`$LDVchQG2pyz>P4|+!+2#>zD3m?@io))%O}(=aa4WHYa57 z_3fsPk%{qr@9C1<2oj00!9-hk-&(ZY+mxNy4=LBT4qKIq#O;03B}z7u(X9huW|V!2DZKsecHWuD`^#DYiKU*LCz0Q8xS62H%fF%;rD3;DREH@NHQ*7B}?+hhaqLk&Q1J_z-HCy%j z5ES+yVg05YfSIbuSl3RP0$BXgVjsNR9t*bG5Sj+C);b8<0>%aggFxT_n5DIi-9|;p z&^_DZrNrtbb|-D(SCGcFNy=Bbl!XdKNGOSt5U})aAjX_w!cF|+YuCTmzyAWRZ{q(; z!~K6)?;qh`{kQV}eaHVll=`1zU&X(!4-$Z_=Koy9KMT8La_iU3pK!HG13-8Mj~IgL zI6=W4UErhD=@<8NdjGfPulu^8-@pA;3H&bpKRe?5)gpgI|Ht_M)%za}R!YF{{=dJH z8;NOeD7x?Evpt{!i>!C9_CkAD^_=@(k!esy9OUD0vv%i=4 zACkbg@y~Kb`H|rT(v@rTrcM|4itAlKZp%uLlMJ)Ss=_KB0Z}2>|9# z{bc!DU-`-MxBCa~^m)sY4WRFc|C7@FpHKF?`2X5d_HTFQkMOUq@yqxhEQ{dp`2XAT z{ws{1@$bcokIKS7gTW{-FaP{j=O=58)n5Rx(y!J5U!J0ctfog7jy+}Hch~0fo7@N1 zqi;V-todJb_4QZ8^#3gFALIXDKJR~927ieEU*~_-QrG>i|Nm`){{_a+_@4nmzk&bN zUjVRm&ad3N!e;9xJk(&dR(O>sG^Cu6WTKm|4&Qn`~LsWg#IVFKjVJ|4Ecrrzxo6KtN&`> zXX*bx@B6>Ty@KNR?f*~8{eKGC@8bWfU^IWf#ealrNaeiQ${iYxW^d-MnR*VNVgHU4$K z{DZ^YJAIko|o9NZurGFK;hTuT9RIy}d|V+&$dgwzzI~3kV?l z`1pEydU<$wdXdQXo5^mTWDjq$qZ^sz8?Y@TB!EmVDld+XiH?en3JnVl3J$7itgfgo zPt8b4PD|Q(U+0LWg9pzOeWtGJx6@^7*1vT}R_nzLk`QXyk`ROZnrY_G-Ub;0teSKu= z+J(uh!xLAA<{nKj{Y>-JaQxIc6K-os?9$-q%)soeiAy)fXKsvLygoWUd;a`*Pyfi-z6)o1hr4@*PBYG*x-iv$IRn_4{`1PK;039=kny zH+5%d=(gbC!0_;}(9jTne?R7R@`uahj~Bg|v*fCx1m-lEIYVBVCcmE~-#tt2Z6-6v zy*^y5Tkzb7` zJQ+^tZzlKcCqEcSxN(XKJWE*+3)&Kl{^0_+l=^FCUedPUlUY%v+ z_7d`eqJWk{a#I1hHkVwO0-T6XDGpOU`Ssu>&;8r4M^Mua+q{~>4yO{yVb$4Sl_kBg z)uTmSmKCjD@>GtM)BVv3J=0sG!$%sEstHC{OO z!jpy(5KTh5RWiM9<^A3&1-I8L&;9yS*5`uILTzOxGHj!}@=?Pe+$K4Q@I7<*;sdu}L~2-k;o_gqyy&P3igduC7ExXAH{cl__bZ@2X%@3_l2 z{4z#a=wwuSi%qRb25=4}k?35ol;4xi9kq#sroTzaLdjVyp7bxSp&GBTD7ym3O%}*e zR+g9-Mo?4t?|r{1m?9L8d=@D|+aA$Wpu zu#MyZm%_3%LU5CfI+TA6V;~Jnu4MFKH7tE^qFi51rtk&3?lt4vYBFJzA@UHrS*JhZOGZvIoVz*^bKp(ys%U?2-dDM<$(zHBx8+m z&nGxduJmy8t#{Q1B-W+&Jp+9D-ekJl3217SJ&ax1ssqq4QQhx=NL(por@0q~7U zGhu#U*@8WH83GZ$A&EcFwSKv9;I`?80M5i2b- zLuJyzySi}*SwVMf2ZP%{>kfy^BpkF?`*>bhE5ztaD7Ss@|6pa1?P!T-8H ze%AjCfqn^~B0%xYtCvf8P$#E^jPx3A0mRC5X;@gEl+^n1-RMyJwagR(sa^|4N|KgaN6|MnBDc{x~>fmJ2K_EOtf+cX#)%+&-bA;?8RNs##h2>c5gq zb~|%tCsU%mxrQnp!a8Ao%62;hNPH3U1j?k#|Kt*|q$JZZCl|V}`%wJl(^npgq}7>h z0AY__LLafhZ5YDBPdf3J1<$%Bau!EGM&;CdQ z>AcIyC(+GU*2BbBkPpbuqXFwprTGN&_U3z#Y>9y}HdQgGntWSowYW%;iIc4<%~{3+ zZ{m%NaX$r!BsylEH1j;>DeX2`)pl&uTPpvA;IOCng!ITE%fjpVx1@KQ1<*W#YGh{a z+g=!V_bTJ#1JAg+UtV`k#O&n<-KKfe#}hBn+~dZ=rZy@sBNr;w(i|$@DMg-lEHOUx zNH$14d~T4(>1m>Su4V+ovODK;O1m+odmgPe(B$g+l<`>^XvifDU=8i}Iaz z0ycGty?AtUUun;lL!^f1sxYTGS{-X&iR1YI5X8m zhXl%AoG&*~-^vAmlG)hlFO^E@@zLjoo1D5WtK1HO5d487UO2#n$|V59A(Gd=MfSqQ zUxm?YiN25HIbG2mzz#T!Z&z__`@SU*IODxe+|BqyuyKCjmphmDAmRnM(pyW;+)7S^ zUJ80s4Q-D0OV(8_asP|&j^4O0=5u{0j_;X9U8$+<#_?^ zj|zFuS(cVEx7;beuT->~C>H_^<0Ksp3LF@zBrn;EpAT z%*f*gR#x!y2TqABZN>M#ut0527s_njbh7fp8Wp5k*^9>!G_f221R7d$spcrkxm8#x zHFth|j;(tU2-3gbZ~|2M7MlR^w~vZ$k)i{qs?W}i)SWj_Bp>Vyj@5+3t6n?gA+YxH zOEpCF8UDOr&$-PPv4)&6NJWR!3TG+%%?}g`y!%mbE}7fz-OWhdN)V)MYxVoidZOK% zxir)1SIo%13iD2Tz8uwKd@+ZVGr`zq)zgoX&g1m0)w=D7OGn;rAo8~z=Sp~5jt%dA zj=zCRbg3C}j(agFFVW34avnQ?%Cc#nexn$`ZH}>gP3#le%9ygpM2=3aw{9(a29w?9 z&$IUf>3+mc;oy#1=wqjQcX~u+X#KD^R8)?_J+ZU&RNd%1wMGh`8F{!(gr*V&q$1@XQl4qY`P}za-L2TU6iSAjK z2^N<_o4}i$Pz$3rnB<7B+gcneOsviBU%U(1b6)b(0{v5g%B*OBtndlY;yKm={T^u| zMQRReLIU>DM4$FD-|-?_Uh^c={xfk#DX>K}k0RKqZoh-D9GA7vY1<;U0xP-`XR!W_ zEsE+Vqrv4(u|qC`F$FgJ`vN1GP?VQ+NEnC=m5ScNmm)3Xx6@t1!z@r@yL7ma$rdRs zvm|{1w`yr@t-e%MkyNcto@&;?Y#qR%wG*3sQszhz_V^j;uUaa@%C;%UYU$(EmIhVd z?(@H#cD9K|@_sGp;$VbV_RF&(YdB!_EWOlV9Ku>=85p++6{{@zLQt8WLK;OcN(?Dg zNZ7iCEvmohg~Dosg%sZ*N_US7iHUJI`lds%KxA|*C^S9X2ZfBp2nDC^fJ&^lgrdL! zU|x>xLKZ$!SZp;=yJ2gPn1FYBWm|ar=Bccdb9L^0ryd_1tFP zA&wH3>A7R7zZoS^g0{rh^?yzq{?kZ_0V=FH!1Av9-2dhwHlae#%}Nsu1p(aZ_AC)} z(I57fq2z(H3O&CojF^_J24(8HBbq~iky`gRWCm- zKgXA@g#jyGxyB`XYYq@J!J-6_&t$U3H5BOtlQ9)2vO8`Xjw6D((W)`;C}cC4oq{Xo zR!8kY)DW?fGJ8LTTJgM7&YSfE8>qMBa)htbU$M2yZR|X(ksjrN z_!1TTthB{)|CV*2wFYs}|8nEFmWu6FQx0br=llvvoR1CS#3xy&^eH@gZ7-~44ZrAy zv^-bO?--?RBU+T~UIj`yTu8|1wuzc8KDMQ`JKEhn$aWhFvmxplKPV7P~+j zB%oy}!4QtU+FnADIYAY+c38MZjgpvvDofJAtZB!R^Z{99o0O_Vq(ESo^zrRVtk4Bu zaE6G4hFE7;xx@)5LUTJGifhyxAV}*7I#o05CVno!E$JCzId^k?f5MIOub!G zmbkerQm-lIv9PzIVd9nKZ3lRHMMte(-|tBQfc+IOv}!q?WSojof8FJ`m(BXz?k5%$ z+=;3!hR+i{4HxTs&#nzS*`77}=wYf>%edBf4m|&r1Il1A!yV>=y z2Op*tH|sn-QTDRJj0$?<3++63Mmxht-YLCJxe~+Xc>8R2Z#+MB>=B)=eXLE=o{Bqd zb+abZ?eYW5Bx*cLo)aB5t}_vM4M<}X$o9v zfM`A*3ZD~~{H)#n1W9hdlm*IvK{BwlB$kAN`K+~==NLkNYI1ry9xw}_E zWj;=UQ@AnZVFRLJ4jWU~^JytPW0!ino*}P+jJ~izJL3tj+ni6dfEY+6q+$cu^%9lqgSYw?6+E7)MwGAPcxF@VmK2j*QG`Pjq4k{rcm$}1;eppIO zK!_t%$Yz_=+EZ*0dCW*F7RA*;84&6k2pW~fPM9fx4Yt{N*5uckaPml)iCq{yEpe(^ zNONZKWcB6zRLingJ<}Omn$6m333K4wsEX;sEdc&H3dt*4VGviBk&Gbl;Cu_){kgLN zJ!ZK=!^GYco;L*=6B*7so*RdEY~Es5TF`Iua&J{p(s-i z6D6i|Ce3^pkPL!h8C5bbIj`A4K%C&Xj2+eHW5kuM-JZ%0sPQP9ZrjV6TqW3UBf-t8 zo~L5XGucYmRU{6c&FR*+aSO4H$az1%Cq5adyijaRnQFY6h2%;#PihZoKWuhZ4mASm z5{{NHOsEsLHOT4QBM4qZ(Ia<6Jl+y*GmEtr`?bo`i{bBFK0O83qHf^gZ z?D6(JWaY^lMi~5~DRj(>hr-qH(Duc4@MX4V-CKWrkT`1~+Cbg8QogBb+uFk#IZOoI zK^-S0RTewRJsZJq70OQs`6#W;Ja#1_ZEDj#cyvw|+61+jMsiN}bQR&tTqf0ldmaXO z?va`-I!a2ZvpqrrT}@}3k7>oQrtmkdS=)F7QnO0@ygmdQ?xMV|QrX{lI2*hIW= z1p@5ryRR}tc|%`Oz>pnzeW7%`+2 z?N1=_2&F^ukpP{qxU@`(D+3fy-w{%;4A>^-hqubYxnrwypb~Z)>spk-h9QTs&8H+- zILQ<`)+1rm4-9JZV=j%LxK8>CSj7qi(|fU3uWJwGZ1mb+;tb;8ofeyUB(d@F-ArdE zoi>&;BD_KQ&Z`5t9T?-TgUbYVSCRNoB@R9G!E{NpLv3!Sb+*;Pvz2(5uA*}Jf@vr? z!r!%^p)Vs{QD$6k*oh04EU?A5fsQj_A1i7?Pid{X>Fhe>hjq+0=GBl1Qw115s&NDADmPLma}@s;sQ@oI#6J2DcDjKmrK<;e6+VAzV2 z0k4^eRzV5E0OxR4&|BbTgq}uWRviOrP$Qcb;X5fKHX;}OgHxhhMXS#|9Xk$fuXuxq z?zPs0+ZO1<9`C<9jr8vz+XSM_)&yWt5H9t24e)xFO2Z`)SOUc&mBBy>OF^l~RYdY8 zf~<>+leePkG=L4!UYL4Wag0z{A^CufXcQ_(t1>C7jNZ3xRjJ%5)EOiZ!+-)8wD>X8 z=QFwR!Qi7|0s&iPu(MY-4s2yGuzVKwqpKR`)Z)e2vO{u)h*u1gYp1=TEYMK^L_6~R z@@q%gc@Ai-0xa0M=kD|&KP0!|5Ou;Km0iM~>996wxEPg-N7h-Q5uDxo%9KQL^fgpe z=3a$@vP}lhJ}3$}4(Fq)Z_iTpZe)T11N>DZ+ytd&nSgBHM*oWC(&C6PfT z0x<4(*r`V&QniQH^k!?T1E35Pw^D=cwzrmNonc^WlSaNVB zE>+E%6<#^EZgFSNGEj4uXI->Z;?@3n?z)pQ13k;c8rY(CV4yv6f91j!#ks6q>~haR zdpTXNa1%{o;3v;xg~Itl2;Muv>I(qVln+P2!0<8-M3YPSw==RZ@whz*cK-ELbF7RH z3<{@V=BRoB%|1vlzKbTp?Ys#Dis^c_URz<^(WLA(xA2U7_=%|=D4Tz=1;{b(`3zh? zcuLya0I4sN>nSuWV`$T^GY2TP?Y{G*vn;-5n_c+Ix3tw;IA%0iD4ls19 zkQ2e-9!0?Whk?4@y7zaPFpeH`MwlZKR*b)(0eO@+XwLIwOF4}0)DhvRlpG_GI20Hc zuPpMgCM<@wxCMcxhjsNlLJ1(b1^sOO@@9j#9f5eDsiC07*+IKY82T2N5RHCAeRi~B zxf57gY}=yn`i=#lus=j2xOyj>>cJX0$}{-OEcC)y0o~>jV(V2i(3veE(S7WS4I$C} z0v-&)po~A%5ro(wbQBTl;u!-=sh%7rR>ixe_&>ikiv!D3>Zr=)ahz=6kmFD2NOe+2 z#rfco$yja_M?r6_+GQhCE~-3E&#Tho?sm>(cCK1>jbfwMcN9-BkT7fFS&KRGMN+)D z|C8n6g^|Gh1OaG$O7;1x;=uBWhdKy!(B(Gx%{bN(``_mt3~Q}02Q+?KD;fkHioj+j z56@CoP!6*(IrT#|0G44AaA{sBzpnq@G}0zEO`3pFZonfOX4A3^!Fq66VRNNHC>ITU z<<#{Yaylw{H>{X`irTE#8H*3~78CG|Ns`)15X}|Eno0>~NprEF92FCgD+Tb8U4nvw zSqB(MVJyI1R_Z4eAQ6Lf0-K6!7}quIFo8fYmg0hN0SP+^tlB1&_{8L-xf(JsAun$e zUsI^MIEJ^KOSW?pU_Lcjcu^KCnB#Kg%9!ht5vJ5`s|@i13b{0m9KA0EDz>5N$t{SHS?ZC>-nj6-zM7l3jh43(TuSeT#S+UUV#13`zb4{p`67CoUk$5m1AQe2;L zIK>;Avt9>f$-2OG0IR`p%V`${(y~=?I|GCKak=$ygy9fHk^o=?V9HC{o!%TSTc(i; z2}O@{kL#+6E}F+SuycJ>*hw3F!+^+9)@r$SFc@j@m`iifm@Hi5Q48)Xh#US%8BnxV zqU<(Vb+0{&uTHTtwNj`YyCn%UQV#*v5G|zbY31@NW0<1mOjyQ_By;e-aCU7v(V~Vs z8oIInl}<{EHlMhSpy?e(YD9Ge{~}9wx(;hIqVt%L+%zBb=Z@UHwbKl;%&)9GIXMST zGCyMXg!Yzblu`YpfYcMr+091<@ikHOprM1JCiG6|AfR*s5hJ1^wonBG3|2rGxaQf?m0L(D13IebK z1ft=gDSlJ9lTfuO2ZZ@j054GZ0s<50>xytWO1v{iQlaxD7~Jdi6cTyp&Y<|L zUv9_l_Cq6Kovaph^U!b!>?>sXM4NR+E`}`tK?tx(kkt2i<;ebdVW%H5iZN(820BImS9hR#Jj zn7n-C8+b*eAwJer(WP_ryvj$Q^Z3TFcMPh9NYazI8UQHkYk%c0OdsHbT=aD?R-fc- zl&{5e3{8KJPm*(5*sJx@`x^U!ue)gc!`)A>TKxlgLE8Kgn*f`holV^RqOj%H`f#+1 z)$3UP9yRCkmgHBcna?mu*NAG10Pk*alx*`PfHQx;nhQ0>WFPQ84&I^ZTsp4dg0Ifd zuV8B*m4wj{f;Ygg3AkpLyrEzR&9DST0!~~;UQsMg6=oy_pyU+F%h4zmV*-+dRK#<+ z>3WhN`51Sj@=CcgRMl;&1jVw8NKUg32`}c2Hqx{z2Lop-sOYk@@%CG0+cs zi)~;>S?LXz>Y8oZBj#X)uF5b6#Mv$ZlOGit*pGJQsUkO0$NF?vKxicWo@-DmlZ%cU z?vs1DOtmM;B9Ir1#|EI%cri!eor9;Ux9*IAA_bd;l}1RE7g;+jFw0u8u9QoZvdTUm zChIqqC+P+v4vb|a*q?iY>J8W9*T-3lQB?v?UT$8ztM%l(j2MR8AlTY+S(Sb-*1nH2 z52)!kMDrP&stja_nXaCyq)`$qQgnDfkOsRQW-P+ts1MChTNJ|rv-{t6!imKAaPp5X zkO){Bc|&M>yoQQir@1h8-xk1<4K&tS0|Fl*KI6cwFtJIVch$y~f8B(WD1xQp-?5i| z9ueT=S)tLCG3W?GIVW;w1d9VAHpI>fL&V?6EHGa<-UJa(Z6A3ODWYZT2}61SOU8-> zWf<_gLhM4UQu z6dl>f9M)BDXPxkkkm*dE7pni`PNlWE$msy}=OS;|WP|OFo@~JT-MYx0l-fs`&5fvS z049JMoPcqL5chm=$lhm{UW-h$?;%EjP0VG;TEpE*(&oM0Tr=90Hu z*6v7E$K&;Mb)x7fMM{h@D*`Vj>55MkbIowi%0k&G*rBChQc%1iEJ;?ZwQ7G&RIRZc zAcsb~wxY$@r>oC+n(b&wy5Q!KPP!ItrV!HWs;}6EC!jOO#%a=$6=8IJt|A(hb`=+x zN1wP=5)sCIytJ!}ju10_dFxSIX~be6>fQ$z455Km&#_PX0I(~08EEM<@IdX|Oojq& zH(q;Sjcs+73wu}CFg9d+R`eJ%JkPHNJeO6azPs)GmnFe1^p{}u=9B;+&4-#$$$!uY zNk?m^t4qwE4xd4I7#(6YpYL!tRN6D%(jhhH)yyosJW**{OO>9 z(k0D>{nTHc!?Y(exV_K@q@E@uW+cyVa7T5#}u$0Zgr>X&HPj==q-AXM#m+eMs zZ8?o(=_#tjB)|8n^R-f1r*b&+TS4uPB=z8cGH*jkx!Z7#+YfkIRDjdcahr-Ba8MCz zPQ5}-+s#9Jv&tH(wi!C+;|KUr2y*FC3Zb5+sTB|FQl<+fYaMpYlI`N`n7K|M6cR^8fUef9XFKK@6bj zPyg?`ckdoNc+lM3?B(U9uC9*5{RH~|$`SnYwE$!T+5h+t?FqZn*Nk3IUD;sK|DNLb zGtK>WeDu@g?stDraU>RxwZx7`wZYRFFcY@#7I0^8&+o8)Rk{)L+Hotc`I2A<0SVz! z*DEccU*s;lQX;^h(FamRVlW^mEXX7>Lpfr9^ua7#JTxV&h5&)5oj}0K#rDIiMZoYP zJx&^|O&r4Z&w*RjoovOpoGR%y%ZchFUpg7xcoy9qLUZE{alwegg?q5mx7v?e}`Ey3axYIG(abPaQU3wAE`@z4f{jw>0V>$oA5>0Xowf zQIM3iyS&cy7Ft~`uXMolV?gB(@S8wX#Yca`$X~QykK0galReTw3Y@dc9YAG zz8p}VRzlD?1@8)Z!4$ z9h1X3fNIy3b;+evNO;V@0OuBfq-dVO-*&0rppDQKA6_te2|4{d$iMTYXQa7VMgxV0 zy~G4RXxvEdyj;~LxhAPWGCUf%XnjXrDCbuoacIKt$F<8H zyK-K{D0zxMQ{*DVsR^mi>8%1Lg#fARSDi~24t z%uESi!;P~Op;C9!z>5#fPkOc3&(vMH|ES@Zo$If4RVRI(*}}Rid(0knp0Ijjy)@sQ zNch|-f4Mtsq+s3a$oon~%@ zEP})!a4`D!xY=hO0fWg`8!4r)%J(z~FN;a6rx$*c4OL(<#|Kp1b<1~2zQ*ZNN(*dH ztdqqyTxm=vgLCmfo%Alx-54mzS!yTR4Z=o_g|JNqFQ*S=zgyifQ5CR5dKHBs#g-$TejH zK}ws+dNI7&1}cxaBd{&5|7yUh*-Ol}9g7W15YCR)4=&p&A8H(C+pR8mxgATq>qBfT zXDV^bA|xoMQp@SRbfQ{SO@Swl=~o%raZ4D@>~KXz-Nh|`VTdLf;rk$b|_-O;*Iv8gGYPXzYH=0AEm)viTe1p=Dh z2Ec2!4Or>_@=SUx_ui?EzGu)n_~>-Gs&p`GKYG`<2iNcDG$-M=kQ!@z8ZAYw^F-Bx z>|Q=B0~?m8KkM2o^>4ZHBUq_9WYF~HeAE6IyQC)h#t58)&+QTylig8X`%6rGn>O~^ zch_2}dW6(I3J;wiTAIGyo_ZL)sC5ZM&pg8l0+k$iuaOnTt1q1B-(r%yTfO@6lT`8t z-LV0WD&~d#VHLmmJdcd;pZaAj(46A4VqZo2^h0g&73#^uX%A4^wRa7ZX?ykRD)*uS zur*KQ9G<+rY)WDm}={?K8-SSr1 zlc`)*-D&cmtGHF8H*#9)oQW{>>@YT03bA|qAni?SVqJjvN$=a3?w&nYCinGs8f{GM z-K&uoLb-$<`{w4_{;@``E>!*O98aDJ-I=DbdRD4NpJx?+Bw;DkLQ71$TA+C%Y}Tw? z42@Lc+XnUtF@p+9qsedp?;|*>USn}9PT?VJicg>32j8ry&5QZc5ZjOnR9RN zZq>>cSs7Oq%Aco4T;UuL9D4LbLn{9D=Vw2DOfeiPFFvgN28(?#A_s1!?HrVwQFwa1 z@{#k+Pt)e-^&Hm~h*^U#J`BicmsHG;UxWN`k)BQvEJdLdKS(Q_QPj(mt8aMZe$Xqi zC@ekrL3WNW;Qa_~V3xAP=2r{eVbC8mu)9x}L*6r72@JB|BS3tcp2@}1__ec_S~d)v z79^(cp4g4w$}F}XY*jLR*n zo7ro3^45%(7XzuE3cZfCe$m*IT*;KK81W^RL zM~IzGoNQ!$jwpD8I^hO+l?v&yP0>IaqLyA<5DrvV$9)SqY+>EzaWpAXDOl@!4JSYQ z*sl$5f^Hz~?)~wx?EUsv#a?zhw9@5aS?n*6OE*iWA-~HYEmxz1-^0HRv&GClZ_H5c zdPYq?eLd&ydspeG!9CTi5AyZvHs+-yF*lb4W z4%|cQdaGtiXUHaK`0${8BVe~*LA$r5`nf@vQG23vFXfj>Y z!={Os8PZOVyP4wCj{T(^d=N*;8r<@28}8-9tmFKQ-X;q@b1a9M|w zb8@~W8_a@5@zD1`+PeWQhHm15dp!TM!nw3e3N@|p4(dQ-?h9eqeRg*4hIby^BO^Q< z=wJnbzhXY}&4Q{}1H!PH*|0&?12Nk9_!6H>-X51&IjzYO5$vqiwY={!a({#sjM?P= za_XqJidciK*l-T)4gr%(-tkqC{}5C#Fk9FcP_R+%lh>T9KZ{4bPrvq{V3(e}Ia51# zoxI4{r}nJylXvmkq=FhL{1x1hW^WtECDFC^Ld|FS{v&>uDaCVZ`H+ZW%s4L|i|!(* zIl1k=Vx)ProwCtWg@9kG!1_Qm!FaNyjp?RKYO6gN?`EPwbTLDCZ2*nE>b>e=s&g)5uUOEF$#3{GI;e z^S`dHq29mE|JY`**%I!5&j0`A5&zF$_z(UM0Qm9aM_qkgP|#1)#>Zh`{cVGe?$(@e zxQCmatgMucA#^KUkuC?H8ZXX1=D%}?o+J#6!(qu}1v*`oX<>fm)L{`3)VXu#Mn*?v zX|$Nw7?cz?Gb;@SgRZQsQc;-ycmD@8c=L9Dh7SB}dCSdkw>!A zg^L3_b54@yn?xaXpa{Ts&Tvp5CBF5g(s)O-CG_CVyv82YK|q2$H|dAG34N;Qzr(T9?Q};FKSHC1@~Hu~LWHxUIxUD zk0l{V3M6opjLhMbtpq|k7>SpVMCHj4JWCIGY(pM5qgCUP;QgRzBDiZmDGF5FeWJX- zysRSq@|DZQL&YZ>4b(w!$vF6SY19n-G%=khAuTU&XNNi-UyZE3Kae3_wG{aZbP`{9 zt~xFveIF@C@~aPy6F{@`WpB3Ku9Jq@gP__LT5b|a8g0Z9{xj|-k`sus9M&S)A zvJZpo@oHWkH`llsS0+7Bmgj%H5a_0L_X}SyIHv2quaDuaWF>>HnB3zQ>TWS-0StH0 zKTUD~zzk_fGJau@+VNuQ?-q^fN?@Nd9PAzeQU{(mN)URQCW3=dAFof~T z^UHZU!BQm>m&OBx(8DNd2_W9WTiliLG5};dyf9Oif-oMO_AG8!p=ojDsRAew=@lI2 zZ?|r-OV>|(ind!?p9Yp*edYwNDZmvHd;;?1-Djd^XarxncrgCh$Y)gH;N24B%ul!82 zr=v}6OGkayoYwWn$G1fE);(7{;Xcb2b=X_U;xZBrm1RY=kBsJ+!t4`siPv|;I&FY+ z$3iD5-rdr-cl*`fmvGR@<5yzyp-t!=IEFI9yb~X6)o~E2`+9G$(eqsIFC%3FsAFmx zqaIFrIVA0nqSS8s7TSYx;$3BnAYSm72TYtMSELMXqfD}(%nz3(Jlw3tqHQj@<^h;1 zx`Qjd=Y;qc<<2u+$Vx+h4=r1Bo@IKcdcV6u5ZNN}|zxqS( zslX3C3Qgg_jv>2#DYHUZk_+p$0{9#+{rdxf{6l2G^UWqbm{u{dR9yy~sPxZf|TjvyIVwzk#^Z zTV~uQdh>_p^6{ci`JD_2KCSoB4+p8X_k(?agigcb7CjJ;^W72)imxB?eX{6J zkzN%b0S%Ha&PK@_L=~2cMLc4jRLJt|J~2fG-sJ$qmL-C!ex{zG?ER)L9ezPZo<-Bz z#7@I%>d90JaGGaj6={V#*IVRqdGNj_hoFYiZH}Ylcy@W6@7ORPxA+Q>p0BksPx}Q- zS*6hL>N=9Q^e+Yxm)RCvY+$EhULIlh%aQJ*GtyM8NVhopfb`WxYDfU~CrH0Ho8SnP} zva!pzDh5{|BJ4BB;}Y3INBRtcf690|V7Pal1+~8SEKSAEytQjl(55O>Q`~7(_05+J zI;<2(93$Fxq$W(>H!|07IKH{dDwRE%GWXHuBlHwprWCNnRGBfT?NdGR>AW&}#qn-_cvxIYGg_kOrv-*rGw_No)_`tKXbS0FTG`xa~a~=V!4-BC*p4sU{k9Tf;k4{7~lxa&At%tDS zpM{XWc0Ty#&gb|qJKw)Fvi({5`05BU!^SH^;EOn(gbW2iC%S12mr!5&Jnx?EO1$;U zp&N_*WJl*;%q*sDSLBd@Oo@{EQeoDKFUPaZ%QraOwDgS3tn8fJy!-;qFp!x9Mc%@r zltKasDMy_Ed=37vLfu|d0)$7TAlZ;85C!ELr;r4Ycuf?^qX%Ui3kQdWM@DasjZfT~ zoSMEZoVj!N-u(xAnFNB&6$*|-0Kuv9L>Za-Y62W5vr`%TV!`he#9{^Vxh4|g0!V*0 zyOx`f&jdpUE}Bs)Sd7btH!RH>f^JHRi=$u|5Wn-5tY}IBCWnWh0;!NvD%AGQi~p}-XVW>0De`*+N~;E z8VoC4^p`2%Jy#=wsyRbkUOY?Ko~5*8WR!DLS%7j;pF^ZEXM8BR86nLmFc=Kd<}CRE z-XCUp46>>O9z?_=#bU(pbWL#_GG2knU=l@Pm6fpL2vI2n4B^lqC3d{6tpyKZ^agU#12otu)&l2zTU;F2hQ#Vdbg~v7%0cDeGlPsqSQ-dr z2ps3N1t3asT{;XOQD!C#9sEpVGwJ|xI$I&{eoNyJM6~Nm>eWS>y$A^RMii|*AjlGn z(J>X?K;fNrin6DRRVgV!uPhbj-w67rE zFUNn}#NnDw4(h3TDFx*OZ$k+`;bQs)xaRpcLNwc)2?rrD;X(%0ABWM9Hshz~i>xlF z7OL^{7A?5ZiX<=LT<#(WvlP11GFR#H2@!Y^WSz_%@e%o;LEtGV0q5!=sf+R|UM?%* zP$WKhYJ;XYR_P9sCu>*I#D&5WB&MJBnCljdvbmhXKnX{ZD#c;!#NvkpV3-k)VqqBb z5lB-tVGG=SNt`kZQ>jvOIBKz!Yx!QPwPZ&Gl>s74P}lF#uyi2+0r&MW%Ae$fa8y1| zX5E3Hd#M1#ec+2gT`|IC_`vD#(0OE`CDuI85xKZpoBVuJ!mSX&0_ou5*Y|*N-WlH1 zDETx2^pK%CGgOi-xChRn*@$8BP$ekhCH~i}xR;Br1F#m20n3P@(FU%>X@#abt3C`l ztSm!}d<&+~5|ObzFGeRDA?s~BkRz#q^{o)oSckIUE;A6x_Fs(0l1IbS+%`yGT&(k< zNS1K6^H+@5u!)o`6o-yFTjt!wQJDmYVWu%4xj`e4i!Bw0Odlo>n{pY?S7I4EDgOL7N zlw(`4c{(UbU}Fvcu0shUN|-TDi^;OmB%!_jr913JeGca;Jxmf#K5m^oEeRuh6%7>{ zAU&hVVQLKkq%>m(`~ZjPrGtV)^wY%&RvY|?URCZGO8#EvcAUM`VRK;i@$A!v0 z&=v>!5e|rcpBqRG2Siqbsd5YJ+Zy!f%GY@kFT>=tH6C9u@i z`;=l-VnqB>7|FhRX;WC8F2!kAr~-(Ekk;l}&n~(53+470Jp&bEVJHETOsdoe5xtkN zNoh^kUj`JBEVJXEGAqogey;)gGByErdJk+ziS*}6LFMC%8HRLjR0}VAd+GTJ zIcos`s{hM8v`EX4j+}^WIFdhH%^G<)*oQhARdyRT2)m!dJ3F0qoj26d|I53s!8oiEjU0Gcl5u@(?Slg* z+9V(vwKF>!o}R zA!a9TPlIgu-eQP+7r0-adt>y3Kzxm6aN)9+jFucXm3HVhNgp6F@ll$*S0l-Y4A?%! zzmnGC?C?C^Dp5^$HHQvoz&+CwwDe}o`&7werL7{OJfD7wPL5758Qg?}%NFHksw*jj z_Kt&{u3BPEl*S~qV)x`1nJPgo2MsRv4#_>5N$b%Lfqcq&z8AdCag2gSsx;X}#tc$| zIE~Ry8=fQ`*O9LH5e~Vjbn|#0t3`?tRB^+_N|~)OFTK5kCULw3q7F!IaTPyTS|;jr z+z<4`ZdiQhEC6g>RFO6U6!Ko;eebbE9V|Nl>G08t;JYBW(U9UKT~N{RPztXG0Ktbh zaxh<8>ii;Dw!fp)+@^yc?GbKMJ6I8^in&9n=?z9r=D79z2;jggFy?sMZnX!c_dQW8 zTZ_Cr5hz7f#}Q;4v8ES27L*rNSAA$(=@et^2UqNBKOWWNrJsPl&Rnd7$RRt?k4q+z zjslRe?F3ktai-r~3UfDN{&%r}iYR@-!tv@_ALqv5^K^wIQiIZcfXtA}-Tk@rYkOFl-pg2m8&wU(MuUE~J+{H6I$B%F= z(>TW|CpRmqxsGS)uwO?`FyU8rEb7b%1f2b8jx{Vp82-%8NR6c|wPjZ)qvKuoM8}lf z;yz0&bw-8U>v+bSBmb1+ zKz~ZvH2y7^Iogk&H>e&I8T%83 zYSrFe>pe7e;8Y?A6q~n%FC5E3kOzXWhoxQ2+yM|__fgtm!oCB=ypqzg@`}o;>YC%V zbp}ie(k{qJAjw9-kI-b}-y0PpZL_f#*{v91qK+ z4D8naPA|69bs6_oCTKh}XG6tNEY5(f{*L@C{dFXUbH?0ck%b|y14t|qkSG{67`uic zg_TGwvH>^&uaFY3M@7a|i?9P^oU2gT`#E(ULBNLI8 zN2z)g`$QWB5aAdJjzofqU_4U1=*Z<=MAA5Ma$-^-xG~W0xhZ%rGsVx6Ku5ZjbMrh` zd7kztI2<4JdT@NA@cH&91@{+Z2IRYq&f9O@0JLgwFJTN>Q?Lf=ZopuAygb~tju6lU zg+|#!8QMx|nYmiXFYX`SWp(A!-8Y;I+Iw0zBkqC*3j*%6FmZ5-EtY2w%|?L~>TKCc zSkw**J)XzVK<4gPW{3Byfp=pv(dTsfzc-h)`t0y$*EbJ!a!CBWWKnIUEM0>4AK~G0 z9A@s$U%zr<@4@8&#aK+hOPwv;96{=;_UQ?8_c~uZ6v}t`T$m|>JD_Pfc=`N`+cdV( zV3tU&yiX4nQ{B*AWeRmmT8(&q^S170nBb9=p#Cf-@kL~~#1`gV_T5tl0hfi?`b`hB zbI#Gx$tpM+@@87uMy%{9cgPfn>Gl(F=nAIEj%0JyOcA__qiqrq2t|E(wwtt$`@(iI zXb8oIL#4wTP2sr3P{UN2dlZj7jAS zkF|L!dx?wWoliISjX|)ST<$A38{NlHc?<)Pak`P$H%r)7z)^5lgy`aGr>)?klm^G; z@U1r>1y}^x%$Ooe%V6_mH*F-}ZVr-&sXajK6;L5X*kW9dHR0UJp2YRTr^%3UR{?l|wc|9>V7YhBv zO+O&VoobCF6sBuEK0IGKsO6zNwMtbIc>rNve@8c9SLQ2+-b<_$)Usk{B_hI^9vgkf zGNZ>kA4DzDwv1Ef2LjKh1Wa`uKLE8h@>&5NGmM`Kbe!#X;N}zqKBBEJruQyconGjh z#MYbHoiD+DSGhCAH&reoi!S{>t79iWq(*vIQnjm8^Lqa9*6`xr`f7?*TNZ?P1FX9Z zUAa6!>19dodOs2gSPYtdfupcZA~6t4+$w}4HoNIhem{cmZH72YF~JLcnY8ZmolaaO zoZB+Xzh@+Krw5Y5LEp@MmC^R5FAd^(2!sgI790{dg~%$K+lC5zGZxreBGjgx=pddC zb^n%QO49{vi46|MB}ZN?`=Qc;x~cdjd^EqjrrKO%Xw&VL&#k~v0O-co95UfpV*y~M ztu7_YKjz*9l?K+(+H3(QtJzKv$WZ3@-6mJ)J$&~i8G6*yRYRXcvU6O7DrGQr0o#fi zEpnz_*Eu89EK<5}*gytf2tAKdF1^Duu!(Ne+{&1Ns_#y-^P}O92$+ia53MJDWMYjS za*mkAjNkBp$*uSd7VPCg-mP}!y)kt*?n_6-O*+-=s(thVnphoqu@v`*?$kls^SplB zA@QjX)`oTGFtIxr&nD=x4#lZ_G51MInz5t~0}RKOAU!O%ze>e*X-8J>?CX&?mQl}rcJ%%9opt8gCv8yT(dckD$XE!UxQxdFu@Xw z^YC;{aA`ucrNqU_4XhnI0|ok%VEY@ifo$?bf9|*cR1UOP;JGVzLvr?N$>3dq>T-BT zS&k8h9-9GjDKc~QG)c2RfAJrn&6TI?eRP&Q8>(!wtLp5>LU%Q32^oM$b)|XkPVg=C z2S~C10&RX82h=jn@Nng3h>1L5{E6@@<=bx(N$OBPBEQ_8Wo9U2DCK-hK?$I&ZV#}PlmU>O>2-Tot2EGojspiuyj%9~LD8?nHFS0K zN*ro$_tx+kr^YW-Tvos-FKq_Rh{3O_6~xC3&$KDKvf2$rZzJpCIF5RTW$kxDi24MG zT$d$OG{nZTFLvZO3XQd^4BKGc(ch)&Qn{JMc8ln&OT9z6{Pj_I zy^`f+FGPSqiCAGdd=72mV{2)%EcC#p?WbK_t0uvRE|xkPsh3YEi;(I>Yhy-)3{t+2 zQ+k=UQa(})EGlAy+;cEk0tNPlWJ~Q-6HUX*OM`bpBKVDHveBS9lmIfQPUVw39SNlBL#w=z>hj1#_9O{%`aBNdf7Vgt z1K^pTtE^w=`rvFP-yJD!SvtC0DiYi1t+B#Z9;DsWmoodw)Q2Joi&)bbxzn&zb79*YX=UL38Bil??9c_EK8QFNF@G)k{w1g0{ z7V}tYr9EJeTJc&C*B?$A)8i)X@s^NPlQl?oI?`PrVJi63+mdz{d)zwZzCk(Bd)|hdD)@i`j!^daQ+6q!wy-HC zNy?^RPXMj~QYhERDCOh@`o``}3T*=$d4J>!%?NY-M{W-)>Ud$hlLytxo8 zD++eI7^F=>B>{Jd94|T~SuvTghLE1)y zLiJG(Yod{#c8!{%zJ=v}yktA~bVUl}Xawbb=Fm;~eOBIR@8{Esy@(Vs@7JdqG}_Z= zX;EKy^9F4;<5v>ihlR2--b$nEk_j;@k&)t@m79{vGCOQ*_|I-6D?>G2f@vDU z+9ytXU29G>=>Fk+f%KlCY*XwXXW+?g5 zZJ!2`LEf|-wFX;y-1;D5f*{GbD9>hTmfjr84}yOE=sO=IsL2PlPwfblNr*Cxr^{^j zA!TQ)400XfhRpCI>epVCSD@ewy7}7$=?PUcv z&^ZuX$-bh-oAiktTUb|e&iEYR2i$>soj#s<)euJn6I~!kaM@MrUi=HgMQ=DW37-PO zpOyp&IGpV(8u7>jPvyh_muhaUN%&aHpbb=fKEwZ3l9(??Z=gpI*p~mOM+PSj zJ6gnAJ;+{XY030xC;$a}pyX9;JZPWwBApznSy|jL0~WYaw&{F+4qLw$lY zhWXyz_sw>mp>1v7Ww--giMt|-IRmiFZ141E)!bJj2u;fO++XqQHyU|Da%pY3FY;O_ zl~5ysav!8NrTuL;uKbtBy2;;uWSfb4|3EaHofzO%_Ee#*a$~TiY3WbI>A_#Erx*3q z{M}Bg-3oZbJ#cAsx{~@t>sI=3U&gd7;_}&&_O(?FO4E*o8R8idAjRN_us`i`It)i%4BvOKIY zLH{k^-7~Z2lWm5Y(be$KX>ClB>%7VRR4GNf9%+U z(Fga%A7uY;N&hw%4*>kf`af+w9i4yb|EaC3{XhD@KL_vs@V~$Ge|rH2F#NOsZ%|E5 zXmN3Xw6yr4L!Kv3vJV{C<>j>_Jw533=`H>>FKNW^(CUB zn1X_|m6c83;Dn_mb8T&9ef`bXub)4C`tan*&9svhptwx zsZsR?CAC0uv`pv^>(zk5RkfFkK_uw!!|2Z1AN zcWq~K-T}xzNN3F%9Bhs*M%zWeIEAMQ&+gw>a>NE~{V0ji3r=^)htf4^A=;xr|rzIfX5i1fPLw+i$2*`9pJnw6V(o;iLwIna1{rwS)V7 zia9CzA=<@Uy3?%L196A`MGk}Q8Z*~HmiIa3iZg;Rc9K#2?Cje(?UH+O~gm1*9|%w9A*dFH%*@zsiF0|2_^-hgBFR|6(U9LpA@eqS4!wzrVxJ@zv= zI=;g3k!~-O^20?)!DU-0uI`duGX*Y|@(p=lEQ>8=mc>zHiGOIMrulBg8lFO~U31|= zpL#TapeNp2O|#rWn{D9o-rwlrLgUbdsLG`QUli0ETMIUbRs$Kg`%42M=f+>jf|`7+ z=k~`xCtJj65I78FDYh5$*z|Eh*M{s4U2{g&(l2dMmlm6Z{(TD*yA?$EB=Zwac4Iat zk8F7p=r0~|@01{WIYh36TS4^}Wcfth8K)m~anVlyV{fS)*I!{BP-|m-g;Dcd=-t;Z z7PL3WKQiN(7ajH+bd-m;yXof1VS)pXjvFP3sS<6Tup)fw6lXdCJ=|JFh-k5|Lp17FbsTMP!GWp%?u!o; z5?8_CP zQMu<-+i_s8{j2xe4B_5SWH$Vz*9>zOj(Q(>sZ?ZflzDpici)<`!+9z`5yeVmBILx> z{OQPs+|Y{C%3qyp`S9Va+Se)tre|(}{I)P-DYgd(V@J(zbbZO6aeDjf^s!_9Uzcr^ zo)Y#%NwDFtAB&vB&(4#d7GHjwSQ z9B{CMF`^aRcq|}oJJr@DliApiYsZI3uS`$dgH5dbEOfQ{k4rg+p1(SI(?$O`n63)2 zo%oGuZE$5ySc?k za-i_9z^eBU@mYskVh4(`Ze31&74H(X_82 z1S;{2np;q&UhBGJcgkM(&2}9~B=Wk2#VQi{HYexp^z`(^M2L*c`!}y%KU>Y< z9`*M2a&oZe73F_=`gG;-;}?B>?R2`)HiLvXc6VpT*AE})bb3l+-rW8BOmjxAjm?cK zSN6a-@V@Npl2eTMCMT4d&Y+EQ7ml3x~_{~$o_{TptbCIA zP&li;VQaK4q&|baTf%m1F?xj&BPho;@RXJSFjB-a{0mh8YgXPExGJl`1y!rk@Z}#Q z1DJ4zmA1bsQx-s->GqsOl`kP1EzXA<9a?e+RB#hI+l?!RyZpZN?A75Z4Itr2bq{uO zDX6G-Djq$6Kb8K91dTap+N;z{&P_4ktlh~#E z$-V=~8f&;p6~zt=-(^c36|p3cVCz#}tqiHI3fuSR!#OU}-`+6~y0vD6bFeLtcaLhe zvbMH{e$VvWWH-0oC!yr%M2O*q;uR-nDx5aOCj9Db2+P3N`D%5mV_jS~tAh(H1XL^bqJj;tjrVK<*u6g2=Xc-V`+n~J0omQNr_7m|GxMD}ySTh# zR;x;7)EAv8*V{hhY_Z?=amUu~IORj0_4T5q7F( zdRfSua7ER?<4L-MmbIFqnw5>limE+VnnWN*-pT2jaf_eX@SOIoVxqcUXJH};YcYH3 zt+gRD6+^%NV^YdZX-!ft>a^;fSK6%OIs}mY zjaii=+1#N~zxGPO{k)(a*OspCITM}F-}Lk(bo$;8)#Ir9CWOt&sf#3Yln7g87}#@O zK_5yg$lA3pnBMGC5!(qp6R58{4G3?Gd>i#9n5QoEJeC{nO)|?@{yB5^Rsk!BIA8h1(rJygr(=>|*~5w--;Gv8 z>r=I5YPmQpeJIIB0cc>LoKTP#cugLnn6!pArs-k~S?U;Q;q5p#m-U-JPqVV9#>TWd#4mvb_+A;MSF zX6=1ya)IA=dr$034+2E?gOl*)4ufVYp%67KmFP3G(yxGaoeiCLtiQFeWx z8gqE%kp(EbCJ#Hbnry&KmHen?2tza=lpUC%o3Z|-@jNFr1&yldcet0Q=F3x?QQDG0 z5Ihiiahq@BwHwZzPUSe269u{p!OrVF7lMqe%Zmfkk53v~p-%ID1g+JHxc|PB!b&}h zw#k^Wk5D&7dbw-+p#|PsajkOW$^G@Y!Ud0s@D4N7KWuf^H7iFB|sH?jnFwV>0nLU=^2ctsxQ_XTh zJ*Ud)P-T*_J^(k)L`YL0DPCzX^Yv*DXX^NU9@8M#NExbzF~DQcl!8kf7Ts&pc2&A_*&&5S2=Xm z@l?vrgXpB`2NUL2Uvavsy}*2KMNJGVJTlxX*MCX;u`4!NH*dQqH)wM&ErzzbO&@J* zG+|@ZKvc{v&%XZp+efY8`POe$2`+=3sbXp46*}nUr+pVrkzZ?;InW#5*@U0-1hW&% zn)paTF}+o~9lAY0Qf4&o-ni@V%_IWFjvAB|7ju7ypbEVkZ|HDl%L4QFleFFH56 zIVJi;X}`a`Xq?sPqkaB^swNU0(~io=lx1{2 zP|q+q{Z{AA1m&evlycDwQSXjI9h^iu=7mVVOY@XnHIXWoVN_SQUA9D-jnk$C`d#SU zBE2h%fWenQm{lc5A{EOez4{mm)*X8si1)Xrs?^_6n$~_S;315u8i!SA+@q6zj5X;U zr9jrT((brfz6dK2Qt7VO_0POd>8VeCd9ZG!!SiR+UNmTly^TX-(6BJ6PGIwa-MEm) zSE_X+fAQNFh)vwkUdfqyh^fz;p6q`>Z|dyqRLX$F+x#*`dsCM&AcZjWl!{bT8_%dHtTx@iqHm>lin zw{DRB$S5tZX*txm>|yF33hQ+4U>dvrj9nV@M+2<1V)_)>t9J04F=MZci6Y3`Zy&FJ zv?=|xK^=W>)(Z6?#dywuRku%;dGkOe?3!b@j^XOLR24uF)xV zDm&4>GktP!h>qvxsta4`nVbXM*FxkfYg@$f>PE&2F z_BgE0on6Lof_|g*qoS>2noG|8p_t z?^~Q6r!|2Rk)}9x4RrQkuu0UUsXku0y=2Vt)d94VZUdV0 z?pK#CY3#U4NSmUaqlI!l#S6&L3Uw_LGlAdaI7~}Q3-jkspQ!rW*Lq2qO_`T^OwXMR zI9>m4rp~I6yIJ~MD(_|+?(4a`+#0--5!s6+;38xfvL|HmX@SOGaB;m(_G~-(;?W;_ zCH8N>wJoPi#$M-IqEShkLx5)CVRa5(U1_Jg`d;6A6Bm0LZ8uOC-MQt;@}m)p8&5rb zbh>E4vBJ*fw3E;6qfF*UC9x?Pi{@u6oo;EfI9Qvij*lo_Rl-@GT$;KzXEt-OPQq%H zt)r_}uUpI7z*_I-6vqr)Mx?1rNugyin99m++t)Lrq5cAik<; zbVPIOI0L`fNdbHF+JYsw%A!Z3&WR|=^j}ula_z>=6Y*B#C+%swZ|4_q<>@*zNt{vh z?EMC7$ccXvsyfFnoU`7PtEUe#0gSicP;h6+WP6O1O2S;9#`;Cq^QE0u zDb%8FVNf__%E4x2n>dMQ+CtUS%aE2mKXFA{%&S@PYMqRyGE}W68xjU~sjfr4ygeuD z!AbJE1(ge~#F}r5RwnIk*?%D+;>@~&6t#2ADY%YX3l~?*TGjhIJ?TvT6IwnROP#NI zXzv~wCBq)S3A5bx*I!+Gr2W#w&|S>vF;w!+e4;1eZtfWVpmB?@r)G+DTqkYGv)&3+ zV&S6Wiu12bFMyY+tR-imb(FTc#XqoyP*`1)`f2e74oVs}eLeQRDCNq|Vh8;vmMWpl zvHaU~ty2D|JX~ps4_0bk+4}5OTK)R$akJWKb8HK6(vDBN(tK7LLSuajh(UP{(&7cd zxBPPsJ=i!)dJcp#H=3ygxt_!ApH4p(JtJ#$NKu*1bSt^4&gE`yst?wjvcF#`VtMyZ zh_1o2JDT1ouGAy0QJ{Zu?4h!jpfwR&2B=}N4rGsckIaI`Mu&w>wKFzNJkXU)c5{BT z;Gmx(Rrgg}l56;O*=AAiT^miV$?kj2zEK(dv|#3}J$2=m24`kFDA-Vp3a}A1SX*axkTH-9%aC735bEh;(OA?st zE~QKR$k5?&4_Ow<`=O zDBV$dgS|a9(G>ZAUYi(rUKc@42_`#ESdJA3fQHB0WB6_41-FN9|dSnyqS0 zEO=dU63^?DmD<4$?%Upk#|;x~(29GksU3`!t~dD->%E`hL{+HC*uy2xDD+_+@U2J; zoojsIGdiTA) zXEuB8>w?f+h~J&+oriji4Rhn7FoCQ|sH3;f>_`MSJgveR{~dz42C? zvU?L2a_T(r;3TCp;f2FJ_MVK2uh9+)@yxJ!B6k(CXd z(Aa}PW_ZIDkQ{3cT4})i?${MU1Ty?oE)TljR1@^^o@AUJdG{T~rexN2g${?;d?JCr zNK1i%_tvL~$Azcr`*dDIryWtztW7G}M3rRjYiQSy5mD;8shDb+Oi*`Q`oi<}gEuE^ zdk;NPUOjCs&QKq9sQ*c3+N8A)roL(H*E*MS_`;|TLdK*k`V0EmfjVoIB*{tr#XDFv zvu{0)3${F)|1_%AR#SPW<*_SCiJU3)_<@Xm>^478J})Pd`8c( zdK+&PZ>QeW`A25s4PWW_NEhN`tJNs_wX-Stdv10=*EvSKM9Fz+yi08d4 z$Hj>q(FuY%Y#o%r)(1{zrN*euUFzz~ybt^8kxrv&Uf zT|jh##aSH?{=F7z-a`J*YqB+=IV-Dl=RIRbj{D9y>K}qbUZpF7x1?T%~PGU(LBu;5!YCH`>qZ z)2-(CP&T_Rmw5Pe0VzhS|5*B@HJmC!xySx}=oG>;jgn=zamH4eJC#njbFA&&`#-#y zs8UPs^`~OGA|1_Y@68rbn%I8Tc|Prs{b(NJzz*w@sR!1RD_)Y@RUIym-EeO7-h%Za z6{9Q|oI8#aHYR%T#*5E+aN#!el%X|sCRB-0OEJCLq==HehLS@qW`wi`dpl*cWOiF( zv)l-4O->qaHmB0mi@f@H*($r_Wzsj6$j?~(fDz}Qq#ES2F(ZQ-bxU8%l{q&(8@2ml z@WwVV$e?~vrsgb#yG|%{jS8Qd;QQzp59^y`cgkZ{y1pK7Q6N;nfz9I`#)W0F@gDQ1 zI$u`1+_U#msGIfqt@Gws%PFb%Zoj{E$}FSt;_A%!bHU}ypXw&-mT9o(N_Z&6Rw>~E z&t>5=6BblzuPUv6RK0!Qqet6nj~hJRzUT6S$2Il$s~1WGp8sd!DL=&j+02+wW^C~9 zXMg+^{!ccsF#G2H&t?{;|Kk7u9R6k3+ zEoiWfGS~(oH+gM?Jl-HLXpl!iKI{$32DJ?a@dkr}27@SrK@jpNrEQSH8>9pcQYeEI z2-GwPwGBeNK`3YtqJUHrq++CMP#1U@l!lOYkb~FO7Sz^8X={U!X2BVc*TxHK<5Ajp z5Yh{9Gl#9P z4h~9C5QGpCj1M#m&M1^13Iym1h6{QDZU#XV@IE$#%*d>Oeu3hE&|tKHlz<+fo8W0c z4$vnsU@$_^Yfu^JG5(r`GN8Vb6RT4M_%4#pEPs3-$f^~_KBQP5((J&x{B69 zeNO|ODt7sa1#rNEBGrQXE-UnW|4`5L95bziI$Q8IjB}fu3iUoTnDw}=v37oIH#SR;WTc5vqGfG|k*{fF}3m2a6=sZ`!>1L2s|7rewzh#xX6}j=6`MEL)YjHFHXb^B_)d5C*s){BjT<+4%9MHY=f}py^$iTH%*)F! zEG%BNYWLo~e>63nI&C>nC`1s74J=>4L zh-9&rB_*Y$rRC-4uUQB74{g}EY17uKs>*HKw(Z!lW9QEO4Go8n9zD_8+S=B3`s~>Y zmoHzua^=$1s~y*`cRzY$WMpJ+Za&EhIh>uHU0hvV-H>C(j2Quefy|(w;NW03n;jDy z8y6p+uy}Fe(xu5MDJf}bD^{*7U9)E0`t|F}$~JG=QdLz|T~o88u5Rb<-F3Tm)$Q5S zaPZ(EKL6N>6USOwT2Gxi+17UM!i5{RZ+G6i_v-E2x9{KM@pugl4GRkkTRS^PCnrxY zuNgCEdV|B)H#9VKAvnUrlfaRjoRO84lbc&yT)bi9#y$JNixC?d4;^Yee7LE(`RK7@ zM~@#r298swPMkb>?$V_TmoD9T@ZkQ#hXZflN=iwosi|pbYL13skPl#NY;0m`I^NQ9 z3Y9u-+BA1MefFF=etv!d0Rh1wA>rVNh+wf;i`eWa4ksZoaq-fniHV8Jl9N-?(=#$M zmgnZ?=H(R>6yz5b6|7pdn#WsRT3W*6t=qV~*H`ZE>QaPSFNjs2GLT^vQL;^YD}?N{O!JcLC*DD8A2BlG@$EAGQB}-aQ$=9P27v zB{t?j()s++rfaDh1eK;veh%tX8e#8PMe7oW2{rtlWPXg-$0suN{1Yc6Ey-{Pbz$dx zO>}JKJ)PiN2i*rMd*5l*+KU)W#miV_l2$V>Sk0e1x$WjG z9sU@DQS&4RbCU0D!u^51)H;`BZm)Xh{p9B-{d80ac7v!?Bc@BZ20?9Ij zH62lB)eHz-D0lqa7y0_>>UAloNpVV$j5fJFiK-OhD1vFb7&{+_)_9?;cowISB0Adl z_^lkX%OUr2uh-b~QC>yS(8}5I-3ob+?Q6B&dyl;;!eE<=xdoOM-TbL26>5^RpLHJB z&dR|Ln!eDS%0)?9LKh*svGH6eOet*!3TxTUMLDRElQ1)v+7(hobo#i((h5|0lt{=} z+4Z70{-zu+LKA-zA*>8q(HWknzPaRbN0B=233O_*+iC3^W=Gc2u36*q?x`ti=fpG- z$Iu5&OGOUCwb!X4oJ~1Yl1@2Cg9H?Q90iQ^xa zVu<2jHcyISH60H@TUXvt6aA34#!qGxHbu#+qK^S7HSdq4-JvJ>LwPF@tj z>&vu??0_X^B;8--m}dQW%Rs)hq^JzW!ZA+CR?1LH0V5|75@#nuaM8{)AsWDvw9N!7 zwxnF5Lh5qz$2AYH_<3F{az*>u1wl3riYNz+8O$w^DpI_J3brAipDA|Zi9&hAhQU1r zGsokL2CyOoYQarxZG#-vJ(M|~F45bpM|X*jhGt+O5cB^VTO82PpF%n*0#WU8< zE{cP49QSZ%$GEl4B)Prqz0A)`8@*KZ6r zqT}KecV)%;9u|Gv+lwub8pd`0k`7l{tm~MS`_vUNkBVg1nM|oHydkRD!FL%gKd#Ts z?D4!lj4lD!HhFzhl3GrZ=AI5kf~E;}>x~pylfE{SJhJrhz7(al%rjD3`o)WV(@}jY z7-=_)yjXgYLN^*!>F`oSl#pb;&0soY+?QdJT0Uo4B{bzdEHf&PiYk&hqd4f0l$K;^ z6GZ5AWWPB_QNsEwni8N1_m8Yhn!{CP>ZcGy{Zr-j$7E8>uy}6MQH{XU_-)s0Q|6H+ z7x&m&P2#51#K}XqAxFy@ZxrD9MvsJ2t+8!7gwgDFg0Gqe(Ywgn9@ zSB=wBHGb|5#q{ONncYQaWM)r@ZauYTQ3b=R-mzf|S!HSFW9{84PP!KDE7^-$Y+417kbI)Dz33{zPP1}3;8|wsLJ~3xbZCo zcqx61R)`is1iB};if_+8(3h@zXjFsTm=otT7B3JaoC!< zr8bq~F4S>KS=<|y5Q@0DB7WW?2#XugSxJCVRuc>D_prI=2R*dV;#_`M)TG9W#LMF} zeNTl;cXF@3%5-d)I}b98Js_?k9xmsbRzg>i+yup8r-gTnJJ~CdR1&{=ULQO1gxHW%3 zUDtXNS3N_fnG(^5uenvJ+);8wYi3LEDD%w{GtJUX%yjJ6?Z`mY$Yzcib;$RCPrpW? z4S!4rba`t|nY?QyW|N|y^wjMP4L^ITNNRqXW>?wT*N}*EZ#h@89@32Uxh-x{Cr&4G zd0WqAD3$QjpoBu>Mzu`5S3f?=l8e2gu79)wr`acto%^i4eV;N7bJI@;B6YkbH1y>! z4qKGoeXXfE1WrpL6GRnnoDn^^B#+9i#%|3#Jw}F`V)MRJCR_DH^&d2+IfN$77;(OW z0$+NfF;#_7=>vsKN6Wq>h@UuqOa-dTl(nW!d_P#$B)9&u1hyqaLA(9L7-D}m4&No| z)tMpE!7Sx5Cqg?Xv`C=&VuTQG2FlNYolH48P9M_1oO5U>KO!xMcZ7GB-5uj!n_|$j ziMdf_>zT^FrxLw)wbx|Q#vRObNCNLWK%3BNW%=Al7ql3@eul=fqc0`8rf)*?9M~bO z^w9_XF^c-DRrNM=jhmCD`a`qz6wodr6-nMALAn=ZrI)r4u9BLY)c&CCmh^e6 z{jMz4c=baSXe&qJ+WbHfX&qp-apn3VJ3&%<6A&gg5(WVZvnA zybH6P^8VZlPk3&+sM|}NMG8gg?$UQ%PAFyQIE#o*GXGOqF`9*PgemfhqN~}`%CDxm z_e))_g(mR{om4Zoa;UTqFX4xhVBrJXMG7~Xz#f_^b}~kOnANc9RwBv~!ua*!BaSJE zzfqW7hOy3^hONWcQL#E*=TJrF zvm#Jb(Q2a182e0}=Vo{nh@kJevPIz|O=JQjisEAAil;#x(=bjVHJ!w9cX7u%2{*NI zaX3vq^USe|Uek*t`K-qx5Wd zx@$FAW^t#&2C9rQUCOIZ(mlo4AC|H6qcD$$YQ6Cu#N{PkmJyB5!}0P6vNGRb2|x7z zqgadpCi}ku|Nce(Hd-iYr{{#hoDF0r}fRKpDu*l%}-vj@^ApQdX8*c$V_VE?|NBKAY^H0n^ z1bv48LC~ztGg6N%0YQiZ@AqV%Oewgy+&s&qptqp>Rr!LNfRNn**_X1*Ka}r&x8uVwN~t?{p(yZ*!a+()@rc9}Q5Z7jN*zvSeSq;pAAOYD=|lJ>o?+p%rd%HEZmKWr|2 zUmAaaU3{%L=Xy@@rM%6z%h#SSPCXdE{`LA@FSg}(q~_k+th#wQb?#nvd1# zCz2BR9KS6-o@-r7p0D10XUmDB;PX-VlD8!V&kN#?#ARJi$-kASyNpXHv7 ztFGp)?=IQ)p=#;rrKSC)#kYz|ZWovItzP$bZSl?gluIf3cUO#xRmpjfv+nu2``fe+ zJ=|4tdgY4q>1iElYX;Xax6D|1IkU2>qV!d1dPjQh-JEsTS4HoQ462=9{%3h*clr98 zt1ItRtbSNrb+^3oPT9^kHRWxEHE%2PUgTwVW`;M1uYSL}@Kxcx^|Cp4mh(Cavb(c$ zIL2V$2Vjob8bBk$~rg1&-^w;OBjZtSfaoB1$vP0wmx=jx&t zMHMeMrQb{st)5?eBD=14YtHHPmiv2iZ|1}vj;+2`ww#}waXF*pX5r@E4eOt-*?75h zfA_YP$1_?k=n&` zE%{ior7a3Xj2gHTH*}{TnxnNj-=(NABI8=d+UF}$Z+{>Fueh=Tp7whNMe%PLWJng$^pU9VJU!J-mRve8=7R{t8jq|FY zrDUGSQdg>^LLt_0^f9{RD=u~l_e_2K11O})+ug1WvtIlcB_-+-26knI9dGSvBQT! zR8UmElZ!>Gv?X!8l8=ZJ3X+bb=zE>VXo$TX({7@&0CPr_;9p zy35eve%-}BK~>$W=EOYgUhTJFtc;9_mCQxsnh^6-#^EjJGGApT;hpjEa?2U-6p8>AI(NaIJ2_ro#qzRKk z@L;1;1M{XD=oTg79~snU51u?~pcz+-m)?G6!L~|5HNR}f{-xC-HQQR$7HqeY>1;OM zi{)cf@AT+VBdgb<=Frtr%ki2^*IgCC-FS4>9?lbe6)vCf^m%ywEm657FRefs+Wz~= z({>(!%Nmy}bInB3bc*Tqx09OM&pq6J3_op~*unK>)(z&rZ^>WTlJWV zw|%?S4Hw^6M5*juE?@KVPLh;9y>bH-TzLe$Y?6=ci#E^u+h1_!*g;NHTv9tIF#779 z3@K~ug%k@1?bEZD(VY0FuvdFpBuM-{mD4VIdf&WjI^nH8Va2#DanU&jQ;$kef&xy@ zZ(7KGkz}dGwROBP8h7#3t;B)BCj+;+V#aSeQ;DwZ8t>*|hVG^Z(O3J`PQxuyx5pYa77>frCmQzA2_{~Clb+;Vn1_10@xqG6 zsk;WwH1^d$Ub>jj;0-T7U`{Wng4DaH&BnP4j!Buj&Ydn{WPtU!IccX;_t8?(#HL=~ zO3z5HXbA7BgOSIc>&wVi7%qYFH-5=5)*S zbsSSb*Gj8!(x5YIQ15zep*ipE<>!`58(Ue5%<3qc?pBrtHc8ve;rL!8DXybh8qki7^{C69cFn^G1dC zXNX@S@~5MdRF>p!hvwn%Q*NNLG)lB4H~OUw#L&1_iZ*W8cICqdF=?^u&J@s8^+>N? zLDaadt6L9330~Cn_hwmB5;`H&d#to46@`(lSTCtxDLz0yD~9!Rq=(hhCOl1E*VuD( z{OS0#MK(_?wGm+4Tn2|gBLPg6Uee=AqBo6j9PYms<54TUdhKTNjppcIhJTt(wI<-#JO9Z&!Tie&G01S3lyql*=S*LL8@EJ74;GPo-!QYbH8FymZt>>i!2fLQoau)ezPG_ay(G5wm zGyNb;Cx7vD{UjNvHrX48k}s)@T#{CsYIUQt0oSrawrp`H#&drY&VeuaoXWsYDru5j z+LyL_97Ajr0}Ag*GZI|{B~kg{tBl#GRSz;0MwMYH9ciQU_$wskI@PCzaJ2|`xN>jm zu^6(Q)!lPk%}Laj{!WuT$s|Z(Lx&8;haFQsCs~_BYn>wXyvQU;$;4`-n%>70%$cs$ zGM)TM!P!UPqP{koO4FcpV+k#LC;tzNH(8KwUm?ooJxZ)+LNmToR0-y1q29+Uk0$SN ze`EDv;yY)Neji#Ujh`A>w$^w+d zowzxky+%~Sq*M28Y&1>hhHNmrBk9oMxNQ_G!}nd+rMgv%F!cm3UEd$OQN~H_d^@yZ zjw4>LQq*9@u9V0yfAR1YB5S8F!f)W#Dp19n#!6|Reblc>TjKCUnMENYot-zkE%*&g z4YbU&!9yfJC;?ZtdC`qlP3}?{`-B-tD7);iDPCjTu zaH@rk&y-~_QvIihEgpH{ta-DBUg2lTi9k)>4fp;w!gGRmPH zJ1SCOLUx)J$_2OY$jjCz3+sy9skesV{Se5o?>%Tf|M7kKUv-#m*T#jpLwOR z^EJVbf0wf8-K|Eywni21gQ&CbZar8!aOf=d*@tpSwb8Ht_!VnR_OoP{u8(i847``v zVj}6VXI{T?3pDs{2gDtf*(oNKXR~A-H^n5U2?hB~k!s)RkEvZoc&XU;;r8fd@Ahx_ z)ATjQm<)Z`zpQV}vNzuIOO%&|!RWLHOVD&ebZy)wKibs-Q38}WAC_K96koGXqMHtB zZ4n!tiSL#1SBDZWLgML|ifz**~flF!3OQxAXFZW8sQbl~*QGT!t z*o;Wb6Ibt)|Ja9hhZ5hXN!=`1XPvI_H_8jl(n2OGqI98jT1LMVD zQQ1Dc5*5FaC7Q$+W5D7SGUAt@0{U zBqH)edVL5DdD#sz1;hyjI=%&Z@df(40-e@ujXV+UGF$~qB3nlMLr0#**aCR4s$gP6 zp%t&-SqrYe17#y#WcTL^ov|`Rx)`x4(fMkj+n+`5zG4LWl4T_l9uLvzJCeNiBKJ=5 zSyzj69ukh{5hjjZ708ol^&^~tSDk^14aOF`lc71U#B=%3A|6(mO}GV#HjqWvbF~&b z7qsvtI>;prRKh_&f>u^Z_JoqOR*8&O2}8a_Gr1rql#r#$YoQXdvq}tM^U_wHR#n;@ zrp}X2iE;GO_=mXBWbE3$)hGC+w(a1vNTtNqlI1+!KHeJds8t8!&DX`7%jK;(*++OQ z!#hY`OZ3HFXX!kFB->hb(4DxLTHFTk6eM;rbe%?LzSe}24Sy2y{aeuiS!+5UdgX@_ zPLffpcqJvOYrC9Rd7b+x_s~srUx+V?}l%+{IZ>)7Xc4Dv5Z7FhA!9ux1EqD$vFt1YmXlZaY`!l2V|(hl*I z#goOC5kqvu;|q(&iQ7xz(jc^`hzP1IMs9`4VoALBWZ61dqW6TU%Pft;aoq)s@i_dW}8vvHmFq9cIBx)DE}y#8)IYbvMi{gd-C4} z&@)$vMLiw#RWFN#P#!AoP21#}8FgrEpQ;+aV77YhQO5AcNaHh?phrczR2sB_o11opuFRT2DTksE~cU z1+8gXzhMlUHDjKuKW@A@p)q7%xx@UxCK$7U>=$UQQ$3I=Cr-YqqgJGQM-ji+O8>-4 zIgb7&EGG_CrZN6G4rg}O?uClkq*~b^d}CV%Q+f8IEAurrSo$y|Em`M%yn9{zRbvem zrYk8=`OqvboPPg3SHkRc{k^S=xe@-@<((o<^JMJmZGtv%-#6q)nFS?41`AK} zS1ia;1_`|Xr6H2L-#ZBXiCxqf>_@0O!?t0CDF#Qfgf#2a+1 z^bwndPek^1n9BZRZ~OdKOuwi9=X){y!n>{BHtY@QIuc z9bf5xGYg6Z1e^cO_Wq;CqN6wrHVi`xnGrvIju99h`tuS$ef)px&7aJ_?M%=A4iEh2 z^KWiC9<2ZW&j0^B*Zjr&+eZL9kQw!R{rC&}k4#2%!Wa4f78a(IfAjx;kLthnG$}M9 zkQrwj!U+!}nHZapyrP-#)aWo6o&cMYCz@JLG(&!nO-UrY9f{41B7p<{YgPYS>i+=> z{Du5`Fj#8OmXjfN{hL4IurPOa9dbzfSA_jU|6Pvn0g+^N5V({C2nhO8&{;?EkYc z`4|8BZLSozfutY%KI;o_5Ybd zKau}Wmf>%X=BM%xpn>rg-{k*VnE#9a{wCFb?QyUN)Jn_F-PX&OZVx+oxw^pg88$A? zwlL9%MDnKCl1O%5cETGJV^i26Gy+%)BzrgFWV{tpd@^|6$)08hPPL4TU|089^PSy1 z?LEBa+q%1X*}HkocXD^11{)cH0$$EuF7}hXLYRn0L5A(am;s#7$OtQv@CM$BB&-Q< zW#ew=3)|3ar#X7K&v3J|CL*4Pzu;vgMA*gIZJISv8$pgNEQl~|=zPKiDjkMhiY;2^_man!is|cc(8vYJCMm1 zj4OZ{7KUW>gEzX5oU<5#fy3vqp@EzbYof(?GI26&#bG0V0^y;n6U@QT#l^*~Xt0xq zy@NF|gu`J?B#{__QN|JRoX~J)6tYy1JixmGT$zEP4CD?eAS^Us;ry^TW8@?@Huj66 zEJiSxQC4JFC@?RhNX#Kth$68=gF`rsh+u#}l1VPiAdU$MG{FoD050e-!$cWPFh_z? zBnvYNnL-Ayk2j@^r;G<@6ks@zDVE?DIH!Qw2H0LOlVeRpK4e6kY~}3g2zz?i3i;{l z>WH7_3=kVkKM|g6MWP9ZPT~Z9K@&g{D}Oe)KYX1L78)D@Dn|NG9HyK(LQnDkE41^9 zWDQe}LNd3ojI$sEa)Ylr0f&we7B!y{5gPtqAmUGI{t-Q40X>9-BMDfIB;Z#-%pv|2 zmT>ZbJ)LLSTbm3C0TD>Sus|a6_#-KR;V4!4;$q@Kjgb+PGEV}~wenuam>D*MgH?< zhjjMWia0FPpUq&$lUN~hKdl5m=CufBY*Y~VC>=xaMY_)=@vk}U2ZR55O#Y03g`7yR-h6jJRyN;RqXA!A zeNt4zqG~HRexenI#o>DrIehPn|34HO4m0j6DRBUXmr!#OjZA6ayA|#%mdVz&vWHK4=&EN!t3_p*|85|ZG!-N?e*kmGw46}^G zjRjK-G^U_b7+5?&A(l`Y8DX%14S^376dAz*JU^^dzAJ=6wimShg^b(UB5!X4gS46K z3H%m#1|4>A_kitP*&h-GW;i1>>^6#-_0C)?uyjV_Rsr z=C3S-ACUv$GFl)!OqCz=QB-IG(;Dy*^1u*l0KZAVhYa9y$47-m84q#bC*Cj_QSKw^ zd1O+5JOsdUVZYdYphm)?ey!7A$`Z-e#uE{*C`6@&{aVjI$VpY_7f>#V|V|8Uc($;H!SY&Wz6l^?Q@?)$%1=)BrOI zRyC4f#T)j0fHV1bmrfXgUhLiMzPljff7!(N!ru7o(`>J7Pf$i}a9^3jiocgmEN0m;|68fCJeBKYzY|7$agKP-x9U;}id&>9?ayDTk<@Gw3^0RYiw4xwP>wKehtEr7}pi^YI zA>s`Stl{5g0H7+q?{xe}^!{B5{-QBNdWFcx&q0_k9{PoopIbb?P{A)1`2wc}j>oY4 z{vuBMOKtq5(0_X-{^wN8|2ViyM-oeb>uEv)1~!Yah+;bQWBvs4(5{2u1bBt@eyVOn zS(D)}0AAsG{F7Pxk8T0^_-57l$B1bsK%a2q;ljp(!oyX0a-xI4S5<&N2tes50Q>|XlOU`|P!Kr5 zoJc_d;l-d(W>_F->U&K9`9)fdnr%8)*b3;%P{#o&gon^#u_6s~0s^jixWW;PaHci! zQ+J6lLooFtVZd*v^m_&x5g!>Lq_Z{g6UBkOj|brzH~I`Om=n(e4FT2zz&~-QS;VR% z3W;b<9BK&h5q|Q>FdKb(j2Sz8Z3xN!>GJ}zj695V@C!3ldl*Ok1Yd8YX z&^_!uo$Ww`+?nPA&ji2RVNZLShpp2$UabwXo(LV=Aus0FNdARQ46OJs9AA6EL7XhK zjfL{{IZT6qMFNya@YFCo0YdYWK~6Z64KrXNOTY-93%e}Dcmxj#XB0^)uqGl1H4%2B zxq{!rtWF#Ps7-;#Cv4{PC!z%MD2Q&&01pY-2F%2W8}vzGP5fK|O&T8L5GpqUj|>l1 zI81@k`h2VaNw%^DGhr`8#l9f*H?G!5Ncp>7xM(UIn64?=+Zg;oa2#+^FDew&%pB@> z98&KWSK413`RgJSl{mdmno%%ftf_c z^uKi`e6l zj4)OR?1q$w^&OFiVLIXy{bn~P?7&}Y-W3sq5#WD}RCGf8`vqL01S{T(8DC1#G zJfsK#MWe&N%xwgE51`E;5act(ghHhn2Z0?5{(*siHD%r*AOIX16%`G_%dw##^c%DW=cLR=v8)7dZ%h)$Tv#%F}A8-mt zcLJVzRKzb$&JA1m<_nmqCP?S0h ztOXIkHu;qQj4TYp^YwM-U4}{napC}{d*Q@SW-#*DSHt*@^X>u?8$pf>0NEm<3}FD2 zMMVifDnpnSwGcS;$YxI@jY1G1TNE9dkN^_9N0JT@eT2-!Nau$#2N7711fuRtHuAkV zVeX>QaGJzVX9LM~a7O&g2!NXDjU-8Y(&xen`OZi_e{u|P&_MhkfP+NqL2iQ}N$5qt_jqDXlCdvGs;`+ffqR0jGEgG>dQhc(Rw?3MVs zq!4X&1&|j=*Z=#O!9$+ya2(wXWSx%$*ngg#{B?({?3`zQvD4ton7AOjJs=WHnBdC* zfKy4}0U?6(byYt){~`iMG(&Q_KTon22I7WOus`ji_?CD-YGC;K--@+;$~7b+DgFS= z5;DbbrN8?BvwF-dK23)pYw=g>7%ulcE&(Y!=ZH5vUmz92RL`MpCPMHXjBN3G)8I!hwJdK43qG#bhhN z;D&AD;Xw{3JPGd(UmX^NAdoNyU}h#e5E#jZFoO-U$PD2SW>^dptj6F<6i|Ui09!`3 z1OWPs4DT~1AO6f3M-blMYC|8auOR=xWF!~xlcfwckbsa8APGVjWY-PAf{?8w{*fFG z$Zh*X8G-LE*l+@h{-?!2p3P8ILP&3f_8=$ea{>#f;ZC37Li2!Ux_bfC!yj~SXt@Vn z{k-WP)=BxcPJ0)7Td=+(Q1^Fh{SPVdBLWQJm0u2t9>6h1>`gEMF_Hg=z3%{PBJ2JR zh!7AER22JwNRtwJ5m-8*W2kmQ5=bBil_DZir3wg$AcBYrR*D5XcC3rNch|M; z`rV<4?Ohn=!~L`2@sT8C=H9vI-gADZb1Cpk5*(dK0e0&jKiOAn|ILDFfAer(n_OUy zL9pq}p|fy7koDg3O8(sQz@ehgM!sNmWPvn5W zO~%(N|HJM7WpjPa6*}X1zj-bz5Rd|#RW9}xKbzo}+jXqV7cTR|`{_(a=RR77dTNFS zU!d7f4^UqwrL3nt{VTTdHbjgcfhf4BDqsQf04*Nxb%mR35GIV4tAVgw{!yM z>3c-hbDwVH0^$D| zN9ok#dmvJ$jivYOzfQyb78UhQ$;I`aO$QL@INM)j{}+DMiHdr}HxRX7Y=#4dDF6y} zK4z!ANFDmZSfO4>;Fm!ofWbNdqfQr=>Ev}?fC=7`y#znJ82!V6mH;Qi8ZgkvjUgNm z0bfI(&g0vW9Sy^eUc~t_fiHCWo>TODLY4rwGJsYNVpkv+C%4|Lq}TTNb`4OS0?_zj ze)&BF?0owF-(xG|V9E0J@cko0r$#WKePIo#K!G|OTQml+mDu;65-7|9F(uF$d*GBn z;XuHY0Hm;`fb<_O_)iV8rUXOEwC_>T;B3$T{L!!j*;SAeoQdTR3Pq`bmwx@`Qt0eY zWTZf6?0?1CaA0y^pI9)F3M7~sMCd=0Lg9cSW>V;kJ#a#xupvMN6bcctq%Z=BpklBZ zfUOMvnE*n&+srkH0LlZ{&*0QcKVXgogmC4b3E0%wO$gxp=!{hViB|MQDg92h>1`Tz zw*i%&tQU5C$Cc1!83sCAhx-@gv|AF{AnF>N2xcgS{WHx?R|9BzJ(}AOZV5*0QI~ru zOTE;|?>#X+S{oiN+3`dDv)A?gd)c`HJrN?^IcxG=>R5MLxO+zwAqXGpvcN-raJ(9@ zJpy+$thWJrbf!c@|9Gp;J3t=5%|-?;vYxBIowrzL9CxS5pqGA)hwBggpI1+u7g2WNo|4w?j`{LJ&ljKk&*!g$mvWA z0)_!lJDCOID)`FiFSgUTfskW55d_81mM}qh4?X4-sY))CDxh>9*aXl#(106BvoY}n?2#14nTu}94M z&>4H+tPcei?7*ZlAZL;_g&hn6c#xrF6sCcg6zGgSa8jVKCEP(FVF=_31Q0vHS-;J2 zD9iyd9ncwj;B-J?KX`+hcVQ5o0y5Kp+6d49B9{#c6G2Q2bjJQUG5*mM_kSA^=p5F(J?y`{#rh;#dF# z_WE^)lkxpFgW|X8P)V&p^(z{eOYgMD@!20-W&78l0$`*Gf?SwvPz@je89YOW1^wqk zrU*w5JLZBcEfvF7i=^zG!OdBNex+u&5 zu|A5<*#8P708_z@7{)*tGl0T@L`(&A#vV8oP}mJ!u-KW%F=$1CIkjXh7Hihs5N7AVMT?03Bg~%rJn? z*#8Pa1j7Mmk_8XcC-O%K2~ZG+h#>(wV-K7XDC`KQFa`ti1{P#cM-e$9Kw%6jW0iIJ^dOpaA~? zXvWLeO@E=y21Iv~AzLP$3|cDl!#ux3XhR$nXaW6%pY{Qod<-JB~K20v1a2Jvio5rOA`Mu8lN3_6p>M+W~ndBiUt*+0t= z3Sb;0!9$L`jwBx>c2X2(fY@7y&e#L@)}dgZb0l)9>@d()0+eWDh9HX`L17w*NrBGT z11ALvTcSIV$Bh~62S*wrER2J~Ob}B8ov{Z_4HR|-TrAw32s+*ZGyu#tz3mo#>b8Qy z6cCdEow0vThM}&V@=F#DIvV(5Cgp$wha~G49o~b?af;5^KRAMU&(;Nb|BFFgFxQFY|tD4q=NDR@-MU0z&HTp<96c!M3qv8@|hUw zSb$%waL}=UHLwiWv3U$K2;KqFJ4ib0p}>I=OCfZ|{#SqjThKg=L4o6UxD*J~&t(Vk zP1V2HRE=kbz}Y^ajxoYwdFX7<|2$510PQ6>kR6l4UBU;-NCOE_*oz)CP*|M`>Pa&x zR0h8fQExj{r{Esy0F7Tka?k;q1%m+^>u{({V5UYI(uTs(=OZ+EGfR;42F>EJi8K)H z$rnVwP!M&LRkfrONdP1B?KQv5UIRBiW>EoKq9RQE;2UcwkROvxrm#(M5DB!(Wf93_ z5J+yS)$xwQB9h>DxL$2nLHAQG2xc?+x_q%;0EtOwvQ4Mqa5_5r`Ve>rE@qhObTvig z(3Vh4<+bGDKY*{vPwQNHdB~qg0)JQxVswcNpyUwQG$KeOrBdjNDO?&{4~Ii!aMU>< zV#i26a4gOU!%5&sr@-w$k!YhR@L$9-2%WJ9 zE`v~zg?4Z`Zx1RcV$6pENNqDHY==2aP*k1iAHaqo8B&WS3iJ5a9*Loj2l!R;1|1Jr z(P<1WWWxyPD9XmygT4mfg9!#SAS>V>2!O0WtwI8#Zlo;v&nP0ba&;c?KKVblqG03#ew(N*f3((;}|M_T6H(~$=Z0@D zLu#l&VK2IKDT^trAYX!k_`k!uWo7w})4Ut>cKh6~excv?7_fS-GY%v6SgI%Y$sEg||* zxKzl47zP3a`DU75h|9WKtPqGGB$K%qbe!sNXYw@`=GVt#hyyfjpeOou<5I}P*44!W zLMMt>naF{d{*acIu?`MmX#{Ji^tOz5q9QoP7!EP+i6e$O?c?7X%gs#SgYso!{R=0y zG$T-0Ang^zI2%K_>AfDf7ZC3&GC%>LSg;wON-pFG$`c0ofqn+a*dPiM;lng}Gb*OpGQHMg3CV@rd>%F1LB$9L^>C=!Xxk~RN%1W+t0qm zX+s?q@QbGozS#y&`}CkPgNY#5gI_7~d$8D7goc8m+F1$0naH3aZNH1cBoL!BbjBXI z5e)@d+)<^bv;8ED2$1A_pfC%>lt5?fpHpI}iy?m1&OsML)^He=8_u$TtAeet2$H*UJV@;wyzuMHh!dVov=(0MX|4$7k-wbh_76}}jfH**GF z10sbEKmn(-9cypP5kCQ^+r`@HSfx|^f1HGb!e%5e1AxoGjY9FGQ~2d-5LXRC0hxi2 zTNV|x#l1`w#^i$zX3E@EQ!N7vX*GzvQ zAaJLVLAM(^8ChHn3W(%ii;#yp65!WT9dw@8(bWT##py^i;3I)wh6JpE1C0!7bZ|I` z+jXmM z<34o89(eQ=3KF0*#Q^wBVQ&FnAN{rZC=K)@3g){@e=3LiiV9FT7akNcWXWcRfK!14 zC8IC{#M}v;v475;hB_MH7c3lfG|;IHS+gm$t{`4S0oCY;<^O!eLI;p<2)qR@l+IFl zNRr*qVL`|!fzH@JXMcSaLMZG;2O{V`O$_70skr=lQNPSq<3tPr?LA-z8l6t-C?AO= zjt!lC`JX=%1R`j=MyEsG6dH%)$Ae?gkpMIlPA6i3hR)bO=TJi(pz(`&4mv=yWWxaj zRy;PFwivb)AYp*$Y5QTmUx#^M+*+pY#1fRN%m)(?9~e zH7yj*Is^e7e3b}c-7XX$fg>=~0RIgrvkrni`OPT1oBjaS)ZL775RGR9B8N%?p`H#j zKQ?e1AaQG=fK2$70=OQSUjXR8#AKUJ!{Kyv^!2}VV=_atAC!ronKjUn*fbIs(&3kn z9CSqB!~;$`I%tW^4D%z>)j>!Vz~sn<5(*3%@##Zn?4R4|29XcC0HFkz$N|Np$V^fY zGPE|7IbmOEfx@2fCWbL6J*{*3zJy<9FzCW)AOx4q;vuYFIF!%CP`4NGs}~MBI-vHn81j}1vLyA#E!DY zd|2=`EEwvth+i~s&}9)^FBAffJD{%eLwb<1J`_Zd9g|H45pK?u000M&q`{#u2gEi4 zbjBXIjQ|A^*+Gysj{(9x_{i+P zRzp{ZUpa5k;ea(riwFH(dP?i_BYD0?;Df1@5`i27R=MsBxZa^GeQLFX0{=xUgU}g! z;4%mWS?Iu|G9X7LgUJd4q1OB^t-q>Et22?ygX7%FW7X0#FK-<6cCdEow0vThM|rQ_~j)B9Ua(#Twofdquex$69lrbkkm9p zhy5TEL+FhC^E2019SMcA-%&Bg1+=WD0h0j|q=v#A{lclw;&n=adATwCWM$M=#2fZI2;`Y1W*8+-H8hjSq_Hs`55ZhfM3~g(6NCH8BRqY z0Z;&dIHCiG4*&Vj0|PkD2664mu35WfK`eu!SI)#zl7E_>2z~ z#s~L2aH28DaQz}=5(pjcgA9+MGxpCp-yi}32VgV&Df2^N9{*Yh-d9?nfQkrAGL!Dl zgls`+S9)hj*WP=hPXV7OOan0~&>8#Zm|&>OA%5AmL6<`|bQ6d5LD)+Hojs2X zgQGL{&(B+5Ssx1Q-!3E!ly)bwxpYbxGOZMaNg!r?=!`vZLZGlA9GDcyl1LgrL2(o& zftV2Jj6HBdps*o2QVuMMT~(uy7^qR01Y$y|zh2v*LjgPwbG}rlt5uez|lFbWC{q8;zz1|oohJMHBf#Xwn2vgR?LnfN1!gKC56jH zT8EO)`A`YZ0ab8_AYhuxCi)RcRK9oAMDrJGqaeE)!t>w~g?#hO*P>_;@qhH1pHcTgANJoK%W>I5%S=HcwMA9^n5^o3LtPI!eOE|jDQf}ltX3` zML{7$tdycN_P@eB;KT&gJwWXhcOnBIvn3sZh@a5*P3@^c1O?swMlG3SG7VwtS9G@L zzteIy)Nuj74A`LK0xK%q|C-4HiYa8p4CUKN2cn#!z;T_!@U^vOsG|XX*{?xI1J*z_1r|BTp2GowyGZKn z@ofaC*a&Q31qgTzI6w*a$0c{4bM-HPewhYX4Fj{+)3p`%7IsF}}OOrgVx z)qEK6H4NyheFlZ?=uRcFf%6Pxc~Sr&kknW~VG@WL6FOu6+;BP6@fg3<+MwexOW?Bs zB`0ZgKQW;84JZGK6RVg*hOm13F_5oDL}L2M;2Z#)d4Zpp_24iOzRTbcQ$@&;!!I&#bGe z1Y~0C>f!-$XiF%j@>=o`i3y?&Oy#?(`pHB7phdZw&>6$l&3@EX4XM ze^5C1mP|j$nzk6U6y@7yz73h`D;ZGWdoUSnX>z>E0FjZn%utvJVq%~(_P~jO!lrPdP%Idrms@uuHzf7}6sCcg6zGio zb5aa-M8L0pH|U6Blnj1tGXw74gfUz3SV}M4x$Q?N7@SuMu|LZF?P=Kn=G!m6a zp@Xbw1`}>tz&92kgJ~#iM*)AB~Tgzb3^$8Vev3Idyd#7wd(1S5J4F zg&r1`PBxmF>gr}3|jXjK!HJ;e}8WRJI9D*X4fpNz}tS`fx!Sfh(_XZdv3yDXh2Z^){{)?y4qU9 zs-H6e4N!?8pdD)W4Jh<}-oPJDM<#bKqiw%8Qvj^x_mIJ^zk87iW>2Ga%^u(JrhjV( z=1%RVpgsJ$pO@3=Gyp-mccMMLzv~Cu{eZ}z?)3xwpr7kcV}|rx3|{tc_FtVM(0{O> zV+T<7v+w`pXc5fs_BsX>bPb`Z)mx1q9fAkxniYzkc6fF|mi8xlk7O z`|=QAA7gPqKu!0?bkV@~o1-%*A%PS&hthqtTr?c|KapTcD2>$3+gvo9`+tWpCOfEW zQ@Uu(?(g*=;DSm5amIi{cJE6UAfWnrI2iD4$i$#8o7+Xhx}Q^FQfb}m;0j*$k4rFv z=s+y=;3Ze^w!g!(DFMvx)9ng2M*k+jqA(boF#2NR7r5dEKI-?TVpEx93XRi?;}JCM z`#Bd5llL7_-TRF?I_~lnP2KxVQ!ZEn3Wr1KK4u>9lJsw3xs=cz4Cw*C?%(A+E|J=G zIy}M4{#^`Ws9>0gZ;%GY^2J`nQrHVN4+Y0=l0g43;^XoeCDvsAvopj|*|bSU{h0_q24j z_mJ;auk4uLsC2MDLDWvr3c?Hl_6Z6@SxHGviN$2`Sl~C60>@yQ>g(auIt@wiD-H?BbGjdq%`pw5aFkT! zAubVkX}PBI9hZT%rUeH;95%^Ro()V5B%($D2nGFOa{;lU9e35z!a;sa;ALl<;y}nJ zxW4PFW+r}YusUC&J;Ba&hwT=SJp(?S9Tt_I?Lz!war%+1tb4t_zMYAmnHw;i*jwAU zc-UJwL2j;2_8#_D?!Ci8zn_Gd2~q5;#qK_DfCU0G4ZP;YhB(dcWd||s6e62M{S9ab zY}2mqDsm~oEIN1?Q*ipbUw52F#YLdPbeQRk88ZM?SRD^MUB|-8LNSOE76R6Z1OBAg zVZSj29|BJV87QvcKI-Z-h>WlqJs-?aS65_#rb%Jlf9ZGwK9x7~qLC>~$h~7$CYoU7 z0GsRxzU(kFez!y&)-b?=AS}yvEU8a z^FU-;#~LYuMFbp?Y}$RfVi=gNDa_5}%{ojp9X1<~%Gr5$U<)IH4jmvUnbYw^|MP(e zHcr5@XAQaAd)WLFt-IOm56%~f7{Fv{0HeiMGXn9&JU?)rfQ!ftUVeBw9Xt7d-btNI z35IW_34X(e1^%VM;P`8TBS{JUY5)+Q$|SMD?k9a2pof6n`@H-2_a@M3}gxT zA2v0^`vBNLArR~bP9!KY8w^p2bblzAMkdoKa9}nsm;rT|qkDbx>%RhW0XW9(`d0TW z`uh9F2JC;jy7M9a>08}@|MIZipZx6i|DMf{NA12lkkOEplZ^$z)WXT>3v22g>c?dH zhl^l?ySKfy2i{amM-Q@avbS?Fb+WPbfV?_id$_upeG3POWU!5T!2tq=NOz_HLz5=> zizW%?`wQuz8t|KMk;6|-&K(i?z`9MRXyP;pFca5-WebH)!s%!NYkH`*fgZ3_v)D`) zlLJi83xT>440C@?eO(=#4o+W3M_b20#{j(3(boc>7=l;ey$--d-7;h$i1Y^{#NOEs zawk}IijeaV0jPgaPIj**eAEnrjK--cjL4S7&0kPAS!vw`&h^5_7&R?J|K-2u2_SF}HXd75B0 zeR#;P7}rl84ElPRzx`Iv>HOinzP`5myMQ}dx?0bMxg_4hxz}0lAxkg*`Q4Yr#4x>o z{D>UNw+C&Z2hk54B^V_2{wm_vIGirdKu-??D;fs+oxioTaUJjB&%h4`{(`o?w!WT$ zE(WKi2aY8M(nCCAKQ80}LC=OD3@{k~&#Q=JpvnEuZ~UM9<3G^G>KGU-T(oFS zQc{VkR>1b{O?Z4T1UXAenngrpfByU#i#3Xg$y>4{-Q3*&`0)!;Qs%C%?B9N)c+H8C zkTA8fqS@Ke9UK@FCg6pI4HXpJ3=Mr}%<%N|3?Y-F=FeYlXTQj3rhjwu>8h#&ad8E? zxz(no+(j@3q8->YFf`-1TA0H#~Xr(#tDUS9gA8<-XF=x`c$n zoSZ5ub=C9duL%U6i3w@zwnKma{r8wLR(^gFE-s5kj4;vBnKyUtveeYFz`)qUhtJHK z#XW!i+VbU@?d|tkTQ3(D)@Ec>5Q*V(?}da~02S0=QouAZ7x^4678w;Cvnn<&K4Ep@ znxwVKNkXY<=^2^pv$At?^YS+o6y}Q+m6UEO+gzSqT(PyPdRs|l&5qOs!E1vT?A(_w zhG}eSK6vQxk(Q%})YnC;A8T#epV@Hc;-$7`HQZX9+T~;CGA^{=y?6h?ky{7uJbZRk z_hgjrbIjwk$Ui;)=e2vFg`w99N)BDYP+aHvTIBXd941VnNqiX z)=l}allQTdNr)3wRtm44jz1*kCoEXUd6$%RAV5I0_*&Mei~?EBN(;mG0_rR|Gx@Qj zAGTaI%Tuw)y)#})G>of#pa3SiU7>@+g;(sE7k%3mFcp{4}iCK@K%j9RAqXw#N!; zzj^8NA*bT0;X=07M;*?IQ42+eYla`9=1!brXonHDiquI}PzR(3&~ z*GxNG+Nlta(j!S}J}y}k*8J(IEvM(^uTrY*HN~gIUMhxTjs7X4iuD}YX zHilg$DfTH`P;91e;AX+!>oAF;IPB}@jgf|r%Awf(?U5s9&YQ4#W3#dVy=s+Udtk|h zM9db!*xli@!u63K?$@683R0IJO{u6qZe zQB#`N$Q^q$-~kr@eE(VOLBG6nT7>zgf~SH4!qTOmR5iX4-rLe(bbVuc=+U|mr_Yj~ zvaReh->XPX#f-qbyrDH-YFm@Ar7WbaJ#`aFQ{i3yc5=wJ+A$tlwg+*q^v3I!oj$(y z;Fg!U_FG>u594Y|Gg9^PC;?wo(Ykfb#Fikwoh#hfeg9?N<1!oGDTk7UQouj^bIUAf>4%g*zO|vCOk&je|R(DjC|V27<}ARH(%M}34XW~WpTpt1g|KZ z{AQN2c!13#>G?)p1wJh{8jspz=AU=pd-z=?Z{5qp{kUlpF8S!_@7DT_nMj&=7jNfT zwk;|2&cVrNWQElgEJqMqZfo9=U8QC%KO*Ab?J4ID#q4EStb6D_NkP`YH2&miW~;zF z<2Q%Q&qzmp=DNPTgk5{kUT_Ipsz6QjkEU4rCse|+Q8~V83h%KFf%NpF8%w6qXD3CL zRHY}DWzQ5-6p&XVV$ZBzH8NCcd<*&Dj7?*#Rb|E=CkaI;9`%hJopff;EMcnpE#Fzf z85jYwp}F;8!v)qwo5N}MqSeYcF()zA5v!9=1RN~8uXQI@(pSTBea@DJL3MYx>;XJS-Zhza+bj-4KPvH;5+5J=B`8QBY}2s)+l822s?Llb#t2Yj%oTSijM(M7 z^`)oQ6^kgA1tH=Gi% z#n83Y_MGKP88EMC6?pH8mOtclVbT^Gp+G(ND|_qSRtjF9ffce45-l??yM&E=9fuJj zYkL}JE%#Y|HUWDgDO#4fETF)#O>=R(dhcBKXB>?>8-(1<%5# zE)&0U`nEBtvU#=d=Ls^bWN|&E@y8l(NXhyoe!MuX!a*SD$lj(6rIO8=AF+ZXQ)st* z3*IfUdD!^Y|JpwBlRFNzm}?~+7*!v7%w52yjH)l?CNx5gI9%<6bq?QFA_cXd$-O=@Y<>Ea#=#iLM5;Z1h4s~wu2JPkVD=zCvhSP$@ji*XQ zr(M;ny6LE+w0U=M)|9ungwGt~Sthu^W45uCm!>_TiaZMr6Wh3R*U6`hr5~@xV;ZCd zaN#plUwWC5&r1pv2w~_^*XJG_Gs5MNgzqeKk=#)-m=tQ{xZ=RoTeL4$Bt0lQF6HMo ztiiLuR_t80U3FEVWsBA}#61%ZmD`DB+rF2&{&4Gsjeb6B zra?2}8qFKAag7q5>4DcAJwivnCT>xYtRM67h*oPZ@(L(Axn^+ z{XkGt$S5p=D>rI>`?5&~+K>2Cy*>6-&2XE;v&6%shbc6BN9{cyp8dG&Z4^0q z-1v60+=o`?fzz~xy%0X1^4if*LHF;ELej~@hgH)@2(vE4-OZ1}7DR~C-J-^xZxGfl zhT}4Q3AgPN2^ z9=fz_^jNdK_ebvkbEW90a13GT->jwLq2XtTMZAI{nu}MCPYr)n9X{U2`K(U(Nw@IP zhJFv5S0=TuoVtFgSh8FbMZy+Gy2>Fv_g(opdgYxXpCg;3grp&i<|qm54p;G=BcC2w zenVu%t@|>@`rahaf!|n33N+X)3gk0jpEzN~24P%VYkk6NjpN=>zEM=&gN*m6c|Y@ut5@2W$%*q1ud_roLC6hsP4 zpL_SU770r=c@cGCyLQw&NqPLTS0RqNw@B~LX^#+y9cwNm0Fe*A@PFPAak4!kK2Aw` z`ftbIND>}Mj%^c{m351{x$5SvSxwa#i#C&JAIWX9qTAPN`jw12KQ2?`i=HMb z-KrEM``(kVNOXjXc_=I`(kEdDLMZq4v8iJ6F zC1~%lL86&ELnIevt=qp-HpNyv_#u`_%Unv6EPbF$jYyd_{j-Hh+uYGAQM*VYVdmk7 z|4a!~UKw>6J3Bs0Xtq>yY-;t6^~Vkcwza0kH!S;&hCSy!b?!s#wYuz>*6gN&WizxA z%imd)xi74-$1;**%i^(rkIRk4<*qBp9`<7LY1_<`lpL!VRl#cQoHOZDFH_a zBka2t!^%ub&TPXJtO<{ZllJnc88v_7RI6=rnuZ0jM>C~AthsS{w(hk2Gp+fnTeGN! z$y!JAAB-0-d6-!qQP}z-dyQ1irTEy(v-9Lt7dAyeoc9WC8~r)kKF>AWJ(r^;G$UCq zV!Zf48uoDgvSz8`n1aYUf4XfvO|m7*yg<68H7CkEr!l-Jv7qQr@8y>+juy!}D#n7FZ`y=`lI>#ETghq+^fwAw3g$ZWlRrNSJ-m{tpnG^WLtPAL8$ zsVXHfgSBw>b5@@Y3T2iCc z?mjI>{7}NyW^C2Q0*qIN#C_fPMTdRnc$GJcVa~Qy-&jv6gRo97Hr{HBs}1z~qj~)# z&j1XxV0uNF+tMU~7xR;jxh*=p_S{&p&!O86wQq9fCBLYjP+V_3Z>Bge&~Kc5QETZ) zFMRD^?kPIPMv1f{EF@s=yCc;$HIJ8?k(@fQb=b9ps(P6n_sZs)Cl9k~5Sj>m-nP*? zE!uc2@%FYt#q_#WfugGQ*}@s~NAC)huPR!iC{P@fzgi-2ZhfrI?nli5q?v)EqIW;L zvTNh!+B@!nTPwtOsTe&vLq9cpPl$GQ$>rSI<9qhasA(>fZ6Ck4X|6H1G}lMpEiY$p z^XmCB#}r1)*;#5^SoglvIjTM^Cr4pUW~(E8!`O|4!^JnR28}K%&aBQ|7`QKW?zH*4 zMVnjpIh5{e^Ack}+MnfESYEy9!_|E+bGF~#Lr?z@Gt8-BR7UWeT@B*b8YDk8NKI;t z^A%J~X4zq8j8jt<^Ic?IFl@}HMqF~ESaPG{i(z6cD@AivW$~toCYUj~3nE_(n=-F) zR`h4VF?9CS6DkUHtic=BRHsHemK81+yZP*lakT70b_^RH! z*W~%fFpW=wxwppbW*>~i2|5%Ay%rdz{9>3UZmQi2K^1z_Dk)86I&?_;CiqgjF&$`<89ORo1DHSbS{?i@b!ak28XR<&e56?X$p zq2=-4!v*I#2`DEE#lLFFOKcYOKB^jWR4e+h@e6jA<&l}KGHOuEvx~~g4HACKgzOCt zHL`?U4`y(@=_+mq1wHOt?XH=zI8n6`GYn_m((p>qER(gGeO%xY^Oi7gUCppz1;dnC z*6;O?y}qgTz`w;Rq{%q##KdK-t8!caSgb0!TrKh1i5={dS|-h5PnvYquw$O8?PIGN z#2$?FZIN7~DjA@vSRmA_)~vLA#>{p=7S)(fO>%2g1uHR;bip$D#tVWojIWI?wd1vE~QIO~O`AF|Zhq zXB@ORl2(?fYIHe>9uD+NivF8mDj`JI64gY2z|k(d)H$wx`60Z;GCCWfe*8 z;wEF-^5wc0W*^^%sa1@kmSd;oA2GAF*x_+=-4%ytn6%0}Q7TGnt&IdGaW6fXUtyLo z>5fNg>%2+F&K@J%k1Z~cPhA?bG)+J@U{}1jP&;Pa(*pA^OR4~t)S=gss<{b!c!au5 z086U2E@f>R#v&zUM0&IZCsJ6Yut;T1wBg1=k0iA+mGYeEN|m+FH8L2Fn(XTIf->j5 zkz2~DqTFgqFea6U4)5Mp*|?#yA!&bEI`&ef$%VDeH8)$^_Kt8fzSDH`asJw?g-`dk z7oCh6@u027B<)C{N&K$EYf^;U=Zi5T**h#Dyq9U@Yl3vzA9&(!+T$iUwe{O%@-3w2 zdzSBbcC{wSWASp5zSbQ5)!T(UlS@dFtBu~dO`rHiZGGb!jBebtc-4Fzzl&w|BW90` z*s>P$L1ubgLWyodZvHEJOjP-_EoSMXB2^qp)Rfa)&ge8mww^BW`h4W@aNK=0Ig=VG z?clIQZc?#Haf_WItnOZHEK1pTGGluc#93qa68E7+MRl^!(NgN3%}0+m#7%z{B$J#; zIhr16y>na`?p{Kr;p-GtF?D+8CcB4N!Lu0~uN5v3Ij6R?_2@#(vqejFN2|zPDWvBt zc!uYQt-`#}SSB>Tc%H{0174;^8KYvcoV)A`V{B-`^0RR(gQs6>_kSCC*pV}GWpewK zsM@ikSG*d&@%Q;PEyA)ZK2gTb<@pNuj#E#3p+7$r6v$bPR!m$QqnHp=*RuY~qG3ig=A+$&j6^cumDnc>yS1;wLtnO#0N6soJzEGf zLPTVgis-Om3Mz(@lB+~UM5TLWuJ=mM$&t;g1ia`YSoF>T|Ex-;UJU{}I#5E}1CQm|vyx=0)CIAJGNX!#xE*IJlKufnuL7 zlQ^-&n_xDewlB_&Y%ITMp~O+iX*n#Gv%cnUQTCB@N^TZxnYnUN$GuNE zEDU%$+N2`EXKha4S%<)^O;?JgRu%4u*4nOCR~{f>vu{V$t^={diOJXJ-fzpAXK$iz zW>mN1VmkixEk_ORF`=W*oJU)N5=$*w?LJ&rSgyY5P>s+*OyI|z%sFkEXV0Eu%C=r= zc)n=MS5B( z<_kY_EsquX*}j$*%9>+Uj=!6Tc|rAvvt<+H)kW1`P?n6lr+sr}eF3jE?61ZL$5R@q zDx;O|t}`DKeCnm$arU+GB}JMcUMXaP{HrvDTE&hIpA(ISMmL zDQ3qutCdv=)dx&JkTUuS6n|EJc3ze2M{?Nq_qQeoG*iXQQw-!va3eQdSb7|1!fLRH zshLz?Zq44b_|Rh?&kOZZ%XcLB(d|S%Mr)VliCNkvJ@%)M=dfQyCl!k=E5-k}3^$slx4(!UE52 zS3W{EQ?7+BpH-;bdT7_Ds}>jRyl(t;>D-4o>*nV#_`{Z2r^GWFds<=j-COhB*fKH6 z5p4=_;$zH$&kb9Y+9K2L)rh&2yt1`UQFM82yH~=>t0oqO0Xs0$+g;O*4CeD%!o4Fy z9n|fP$3(W^XRplk9Q*r-)Q7emX+xthnU67Mr&ry@!2 zjn?gtDx|}g+$}1eBeX^_`|!?_M%qgzoX^T@i}!b!qb*x(ozhY!pWsp|94HzpSl}IG zJzU?na>pd@qZs!4E6HKk?1x#CfQ7zDVUt;`(5T2$MJmPH)n?!~8W4u7X#F?&49Gk?9T89yFPR|fY$;w`rmXV&r&QD*TRamsCEXyK&TIJU4t=pnR z{I^Y`M&|4;*|{r6X5W--(|x9Uc2leN2<$sqx#-B5sDr02Y<12Szqqe0%lU#pip0K~ z>vrsHJ)3i7=k*l!KL2csebh%O=WB9K=Dgqb@XrUAYc`3lS0`qD3g+0f&eM#jl%@Om zS41czY&#)TpQ+-qjd!g^{mF2thFyu`1pf&EGt6szv<;__#vRWq4t@RTs8IWJpB=;0 zK0i$pT6a@%tw`+hwD)H-lAL7c&rahO%s#qQ%uaUn<)p`WZ>&gO;vq?i&CB;WCtb34mvrLV%Cf~?`ee5ogX||%ur!VZTYQ|c_%^_ZKYi(ICl4Pg&=Xa zqt0-UHPL!cI&b5e$V56C+fN>JO%chp^89$#W84+N{XXG;-FiJ|4ZokaX%= z!AqHmH*ad;=iYVJAFaWu)MoC(3;8lO-7L*nzK%LB)o`C$T`E`5pFKG=+o^6&(5X9i z<71+PZcYuzoc%y-WlEw!lWo>A!xU#>y|@LM#oS9`^ytlXqS4vybqmNI^;q*I<7u+< z!}k|%jF(J*N_M_wdC24L`QWIyHnI41>*FBIg+=G(X-6>QM+8qh!OKY~YcaHpUWZp2 zrn>RkrDIwyNzw9wXD{<)F!(DnH=v!9Qa$x_M`b82n>H`&YVJDv(GraXlH{V~NqXm+ zi__lX%4Sd#JY7q22@hv`=NzQ1rpz90T&$jDYkzi~{W0>%1+$IHu49uOI1kfu%BaeI zbLNm1ZmdlEGi&poWR>`&Bctj!>gdN`Nr;M4p76x2WzMcZ#a%bfw(XSFCkaO$-|^>N zx64b!!nfYKVpCLWj1^U@+|pF0P<6B@ds<=kc;UPIKfT=pOg}xEP^V~+>(Yb(<^tP3 zUXnXyT#^7jDrF2lJ;Np?GA#o*t+UMXbH`+rq!bqAm6nW=-&#c}9amN5SmIN=)u&=F zrC#2w;DG$Pl;sE3@7-J1e6s#fitDN7)+qeBbBb9uZS}`6XHRcApi^RYVB7CmCu;XZ z9jTWneNy%8QB(cHtnKwXA76iQ zdg*Cle+_eE&%5#>h<#7cc#O5Hw@Qk{^c`d57Tv91Rtmk{BeSTaAm)#1Ux7!*HmDTI zr@R-!Z7;P+(40B;`n$*RjSF9uIq=%V0#x#9Ya9eupDDLY)TynEj6Esm+YU3?%a|SGhS63Rb2J-nz4JVUi%{dkO-a#O(ji%~^>6-k zX4Ddu>{ry6#f)G1`cu&?#fZCS+a1{Hge(O;|6T1fbn?@WFIW1j#v^9yJZ1c9BfH;AI?y05;wp2 zc1?DUz-2{Ssl}phYweD0K7q3wt~w^~@T{!01#z!brkYb99abocT+!^OGBaEFwr0YL zR8oojviO4J%L3+Q*eo-Z$UGzC^Cdp>k1CJwD!gI8S|v4b`enl0gmMDOjp7{?u92Y~ zIDXY#8{cw_!jX+@JY|+dWu?e~)^; zZ0$+X(zN)5gji|1K(ator0lwkbz@SqbJ8>O^JR02HWud)l*%>}N{Tc#Z!S!gt=gQD zI=oiNa?9R*duP=*?#K~nI=opX+ww^L$o;2_x7TX4Vm8%QMAg+Q6kV#ieBsuX-%nJX zPaRpmEqiP2iqvQK+He06)$qDXEA`O(swYty?;R=6vuZgPjunc9Xs%a`QIZ|2hMgs^ z8CG75Z;UG!P)XXYm>?9+EI4BE*8-c%LNyZ)L~LHXX4%+b_u|uEelo@D2VOPL*Rh-I z^aqr1W+Q%${{*3R*2Q89kw#0`AGbMMp%j&*YV>6GF%LtfSy+F^Wb^bnPc2M@*HSdH zWIwC2E^In_e{T)V2zcss5}eBauDN$z_fMe(3l`3bsg$B`Eu)S{&ac=~ zSy8reT()!dj-r`c>vv~XyXKl#o9}5pn7yoeR@RZ7Cz=kO&N^X`vHk3c*0$k0vKz`y zwYBGziRT~RSbp>2v3=QY7k55*w0pYr}(goLzrRNzBj2t6J>fab4W+O>3c9(pT;<-_DUr{|1NQroiLb9a)1mC9MSohKGw^9uDK$6aNV!Ky~@?pNJN_pBHt;f7W5fVD5d! zfC$ge7|iqMe?G@xZrpf&%_3Tw>zB#KawmiIs_oC5ef-98M*NQ^MhZ7ik<$B8L;r!Dx|4B_vWV ziIhkpMH2|Qz-vn&EF};)mX?W@meH1$OD!$I>mW-@lBMMwBcr8STG3is;D3&mR*;q! z2?TR$X%Xb)mdeQm$;pxANK6uDvIW~&@D zFc>$NDHyD}2xf{??o>@%XU8Z98`E4HL5zkbMo=%;Wh!Q*WQl98ew1pirlyPYkxG17 zx%2QHu2ZI(I*VbZy0(=lV8mQ^4Oh#>%xrhIPkr)qwY|N=i`Z9@FaCV}(&5$Pw;w-4wd_Z|wHiG~`Phvs8Nm^$Ns6CuAIo#xwe|X9)sq6OER21d#HlxeV}+u_ zjfUY9rEyyX;~j?y3JD2}y4v zHQ&=Dm#$`nQGQ`@#mQxi$rCq%vLHspHFr|bqQrBfw~iPaXKHJrr8?3v1@~ASddKn? z7CAO)?$|Uzr5V|O-n%oF@g(^}234U}q25ICXr^IAQ}K$lJI)@NLZjWx*G(Gjpc~OF z;bIt3Fk16XYx^jtH|>$5uPJ+MP?EfLUv$R1zcz`F7SnE7V?JR?$&+Q}HbY(|uiRH%F%CdS1q?w`D(+O|?!CIw&?zpw)83 zJe6u|pUKLN_99WQ-10;*^UQ^mbPE;>iXEA5v3k^aOhbgDtdnZErK-f0CaK)&*3(66 zCR}PP#vE)AR2fyNu>>f%bH1O=*{O&Wz%G;zBcq^}2VY^>$ZFgg?;LCQKV+9a?ly{Qm$ zqCL}xOxqqm_n~_ASn(%!D>SFQkUcNeFhlfH%IMo+hb?|9&Pt7zDh?+_kJfJ$G#9?+ z)L<`QSgnBf$9xKuyf6v7PC`RN$Z)|i{~ZOo?m3~Y2ahpNUc;aK+)xs&{kSy_iXWzT zra=27mTPcLRKG0AeDO@|$UOq1QheFd^so6QM%=Cxx>+gSA~q@|VAJongtrO4^9h_8 zDSbCDR^!8i;t}Jq{|B+cKgfSQeZx?F+z)f-`pyUcxBS<^8Q?%pP*46(NB)PdzBXU} z_kD$tf3s8m8w#3Wwqr0L=L4jGfMgDkz5o(6K)MDmH0$t@3z^y5KOPkX;F! z;P##Sm^`P)hBb-8*G;e5y)1oY@ut+m=;>JyiL;AO8G1)Nf)_%3NE%8uS0yd+V?^(`|1!2?+!b5?q421cyQ!T#LK3xVvi`Ah^4` zYw-ew7HzRo97-w0ODVL_QlQGm%$)C>nf>lPv-iw*-s^kcv!5$}x#fB8wQgCz zwFJxo9%O-2UpZUW>F(fS-Dw!U2TG-3Q9o-#pm!&8gE9R4V(|pHjhC>b8f}5W=mM}vrjx`vXAgw zDz_78i=mF7S>oKb6Ipk(NtUXndWu{?vFp>xsYTC`DALI7*qYIqEU~K#QR}2?Gc)gI z8Qb?vrD#y?%5yD3Q)4qs{c#_&$T?Q+KLtJEI-NP+X*tPb;c7sdS`mO`b zx`8pNQ4Q&^9th~^!Lh4eSv1c(2D&IGcj7S(GCpBVL$#-L6V)Jmnuj8r#OywW%u^)# z20pw*Z^z!gC0uL6GSSxL%E0S-p#tZTHwAu;9a3!+X@M83EU+0ydzveIY)2D3?WxmL z7osS>x`;!N$lm7KJlYwiz6FDr*1!E&ua*aQV{Sw4cKD!+|)6(?t` zu03B5JwFnUwV}qj?RPi9A1mSE=n6{;AUEnFF<11**tUd{rpRvaYm1A^y~2QZpI-yf z4wxW@r{Wcu4ZA1BnC-0lQo#@rsu2Gd2I$f#ENNz|NWwjLdVfOZ;~T};fOMjooeXSb;-N3A*NJt+joQ*N z{_Zvc>p^!q={%gxg#pt17Gkpj{U0#9q|~}&D|iKXrna-ecmqt&rM^1p$&?BgBcifRJj$M`^6!))-ggY^mP8A#Ff0iFydQwARt{76ch}0P70Z z6cQD_J!#7~zzCfUlduFq%17q#*r=);imX{UQQiW#M0q0JUCp2R!pOf;Gux}F#LA0_ zrum{lspVI^oH`X%M?~x08~7Px5yq{WhxpM>6U(yk*oh)Ux+dajO7{vmV;*zaIupIk zsC(=+;^e2!`B80{LA@(O>q7&M?#M1HkE%xEMR*2TX2g>&DhxkAR-Rj~X*m&moJ~pF zr~*;mtZg!py1~oX_CalaW;EV}Ij%rRwW1lDItmrs?vw_lfd`AD!=v;xG%X!S62_m6 zW%6j;IAK?9j;(Y+eY9YF&L;X;MLW!P${NZ9<+{5fgqlV(#)QU`%s#X4%M1V!PP+iglzpoLQbH=7rPOV!{fR9iLQ zT{mvrRutb@*~8bEVoh6!!jV8^x{rL8o61ydvoI$INF~lI@GmKa>Mw8`citSFnH6A* z4X^57!|qcGhDi6|R7twj>nYAke>koI-JwUZa?S|cJLzz?XuvlmA`>evKjM>KOfcWV zUKr6A6To=kYsXnWw_@*%PkKQ3(r_=%R>_Z~&&j!J=uL`Xl24qsVm8@QunKN*qS1>s6%hY-GmS|(Iwo$+`A;k8TuKvT= zEdVkJpOd$NvgC(dTY|}pHRmr_6?c~0^RbFTU#q|RGNI&o_GxNUdYFaQNy+QSQv!6z z>FsY{I3GbZTOueMsZUU2QbR8YA_2bAAP8DIvh!uQa|~j=sTq_#Nbg6k|Lj$eatr19 zEr2uuBN6omfUllDK;eEj;paVoUMeibo4n%tQlQ6)T}x_=hAkPJf=*e87uw%)W0}cP z=H9SI*sbN_Q}UGHGg%l9uWKIHZHdv(J+Sb`Q1oLHZ0WC~-uu&JD_An0Z@hj^%o(c8 z@L`Rg@>E3g{DNYK`RnIr=xEKj@2>WfPSMI+t*w{kA(@U;xbGBW9~Yj7Dio@jeVNOh z?x+@j`bIP4%X}$OXRY$h1Kolz3$>b^^+rz*39wZ_ojsAGAFqcHQjfn$@@9<+ zjr?Z$dHiPzI?axF8}j9@Yq8YZRE2ez*{D>zFZ zGI_^itCf(11<#kDp?)P zR)w@^&|;8dM}>vXSAp~E?J9X8urTvD>BH`nW_(}vj7B2`QjfDXpT3=kNm4IfFmR_A zxE3Y{$F>jSjSk0TuARrLwRQ15%_)DVvV!5fs0U3sxrvha4>hzuiN~HZdbpP(UOA4( z6u1?mad8<-onLrL=+Q~`)>8ETb+WDLIMqV9LoEEd?S*OI-5~^X(UI(wPT0h2@aJnQ z+yfNUU&Y0EQU>e4ypIbCvX*Vhk`n)3V+>ik?3zxcZSPQ;1{S75-)4rzc_Ule z&^I>NWVXW~vFPd%a)kxc#{(R}%V4t6yW6K|2MC!tDwt}Fi&o-pHjbxvD)KeCr{MjF zDh%tr5pzl#bGBKY69>Vq79}0oo8JMNH(qm-LIsnx)tyDmJEL&@g(6s3A*xKI>jS2p zMg-kExMzsFoMT$V3*L2G9>@{b&)H^_S;9jt937pJa}nz58zEA*7)v%D*^1!4EM1?O zXo*;izd@MROt6z&Nbh|eC*>#$&|MSb*c)3>tQp$KaJE>ek$YR9Asd|3)}4#(PM|Tm z%}B=PnJlbAO7oyVi(kF94mYJXCob@&YP&rfX`pC}37)MgWWh`v|XZ2)ox3 z4b|SQ!f2dv;%>9vY?`@Nte`G!Y3xKoDV|DYAPjZ!p>ilQPC3Dj^P(c*(x)G{U>r|N zEWP!r+Y4%NQ?(`8voaxmAc1<3+a5(e8O6^dNoG^7)%rS`6o^~s$lH<~<2#~*euAV~ z(RjFg=NJ$ca6f)y2TT4UURV2)7c_It_9RZh)4~-93%9yu8fg(^rGLi@VEH*qCX4bq zB+Z$O>LnXhERxbwFFlc17LYVsDi;7i$n6LC4o_1=6;$NLU<|{W zOPT(f5qy)Jn0!GUZ4m*@9qwCCkj7D1`qaj@t$7%@aTLS^xhQ%AF79L{h9RMf|77fM zrEiX#o}{O@nx3bsnA< z1U_1T<_MmO!*x3495R6UPz87&+k!t>!`kd3M6*@~vHByyu4RA=n4Xi4y;}vqWsu4? zLtUvVI}rtlL+ZDEzAO&(hIR!NP^1-*b)@${H}iwh)prW-tl*Yv1P?_HMf-gAoKZSrb#(9-E8PRF>kdHL=z?94|FZK|Jwz zMl=}DP${)0&XZPwOuJpIHt2u{V_Nxa#v%NyHkGC>U5ch_kUC|?_AtB-%bp?k3j^s= zU9Kr}vQ%BA>1BOJJy8Kk{fEWd={AlD_S8{JF85Zg^JZ_ylQjU@>#KVk`qb*p{22u( z>LrDs5^`7JiCGwc4aN0FEeE6pC%QSnro&Av2W*&VIjO@QgK0FPTdFZbsp+LNV}=sT zCZ277aP$6w!`WI#N50TRs;iQ7lU(`)RwGGi?h{>K|ap2YcYbrY=B)% z1so~n2o!8Fr64YJCNA?~LT%DIiZ*?BVDM&b09QA>S#4!7yM4z`n&_(?DZBANg_IVB zmBpUa>u@G5e>-@o)ORFMcTegxnA(~`dO*J6Ln1t8+51wTwhRuL%b!UW_p%eAoJ zB8doZY?RHnXL=@bb70q)D)jwF3TjCA=T8xxtAsf6b;i*31YDJgSjvifbJWgyuZGft z)ntwM+k&4OMsjc8uf>oKT45*SA~mxNKsIF966B=UA}oRp?8E613N*enXln6jH?|-N zC#nQ`FjVkP1%-TQ%B@U{T|I4FU4#{S%At|PoegXpoX~w7&V8M?u*k8KKJQow1z#|MJt<^_`1Aq`7 zl3EP_z#ar)x6f~h(+hu=&x7CCDAa*@3Vyt_P=*3+wy|lJCV#Il8L&pzRu^$Lq_kZ70sPG^P++y#p1U z_8ETY!&@^`)kT{GV}z`Nli_m};w>XP%uVUjNr9{)K^>J35s~A2l_9mhcfSuF>j%;- z6{%BFSm50`UFkKuJ1`{!d}|0$P##;a@hNZ2d3hPu=42D&#RsEY3Wr|#p&4v+RuAD% zMy0MsV4LPnF|T&dmkJ5Cis<19^Xa5$a358s+e z#&N{3bpbVM)_OV%019;C+A`)=rLh`hS4ZXz;u=n&4TvHa2NfjPMuMPj{o}wiv7X(} z!|lLSIcgn8#9M+q==;JY@IpWKRmdza>HK_N5qs_bBdL zgCN<*`f#d8>tNa?0M+D{i@9w_c8M2MRyMWB^Qv?fl|V zc1dJQf=iq>%MwLJovp(gp;%!j&*fu-FZv5V@SUZCXXHQ=<^hF%!ym(q{W*2m2r%M3 zHuuL79|zl&ZYZzdr_?AF5!{d6#9ZR)E-&{0O9GP73)p%yehe0`Sb?i#zF~5SY?aNu zi%#mOuQYG7vaf}~56`35#sQf)>mez;YA@Z>r(`!EKucjV{>1@}a1V7cnG|cCTRieJ zigy*|Q-tokkRVr)0X*wy7|7VVJ+IKU(lyN36CopGPtWPyy-0UpGb5i_VH(}P>Uj(&P00Ny6`0otbBn!?tFUc|jA+(SupBU6 zYBdhL#}GC_X@j=Xo%s|ie`yh?DSJ2^(Y%u2#F?b7SV>AG>6Jq!cwo%?;rbKQ; z=v}ada;uQ_X#~p2zC)*el`3O+K2Uev9Y8*5Oy)SjoPPV|40A(%ykUoJ>c~-g+?KB0 zlUhYMXL&t2#Vn!HkTt!`>3EKI{w~85V#=UPmRr-6nPAjU3Ita^?{B`IP*Lf2QMj0h;4br zXG@0^njCmwB$pIx_$70J29T;{2IsAW8Gs4%Q8Tc8Re5o?Y2ZXWn8tCySsg`7rMsN5;0Ne#P*1yg zRpE|)1(%IWD4pZ7ETDIn&*Rf^>NQj0l8YVrlBxN~yGoNpsr=jpHH30>Yvg%Y$Ws>6 zs3!i`JREXs3tb*NZ_Cp+GhY%7G&)4FEgN=}Q@&K-IFnZ!3XG^YKYFi-7kJwneyCND z%RfXKS#YgTStzZ$!tGGfgyD47WI}A$&VWj#9OIA_@Vuj}a4bD##Q6pI>|=JT;xg#I z2&iFa_R%Mx(Efzf4zLmJJJthSHJo|4CAW-qUeJQfrxRNt3}l;}aF?RmP3}Ia>3vuB z%I_l8ncQ|Dra|ageq&@t2{4 zO`O$C{=YDV|;JCja|;Uh6m&<;4BkzV3E)>ofgAH*{9=vr)+s*@@Wom zdJ!fSv!CKR#d(JWn{j|V(dn!J6=j#ZT(p5S7RHcbs!~HRgANxmy{@h{I-#{K9!DFB z)7@R%gAvo5xi4@Rh=t62n93IUujC7_i@{HIH<3IsDtc!v7`;g`As`r|n zvT`s@@j$UYVsV1k)m89tzu}RCzmY;$a?o-E=pVLpJ4WG_5f}iartt*~J&Y#jHzdbI z(D6$!UJ3w**@Y-0aOaLaTRhWIL=?_ak2fJPbj5)y()m+eAM-m?K`QIpY`i(xApQWD z=@a(2DnZcxq8TMj(ICQ*hr&3wg-8)VHE77X0v}jPf^)L>b!V64m|Ut^^yDz@NvXY6 zc*!@rKUu*W1_ZCCHXBs;*|Twd#lPRW{lx!+vGLiCQgnzLFXAJajWCZ<>hUKkJGG7| zA1bj2IyDpEw}x7blg0g71?b+@9;(dy7I-U6IIt_=&!-Eo9BU7C?Xhcayi8iw zUzdJ7r#!Q+i67sQ8sP`TUp*?hU)G}}?Ip_fgxWzR@32%UQ~G9!OhZpcN<@sN<*Tf7 z$fbbA*n*mG7DP!)0AEQl#Sg1xwv^|)J{v$0WU`>80I@*BDAK@S{$t7W0stTbBZfJFbOM1bx6g&X2qxf5nRUm(|mPKhLzkQ|UcL z;oW-5N~!YWITmRUOYV^|jL0&5nS7IHWam$`TS#(7J(`2SltJv3r%Nx(E zH`mnsV^fFAO02dH@Oi$S=L2HcVy7F)R4cepWVqn3)*4gxQW>7t>-0( z`~gxXV-N|K6L)Q~G{@5-v}MM1by`d@#tjTFzkzpZ&Kyfq4lkdPI0u|U`n6f)g3mtF zvht^xZ{Ji?>^21>`Uia`so#W|Bg6V^9_3UP4~AD7BJv$=RQyb-$K*;<9$uVk57n z@P40pW_gNx@9V09>-CGIg&-W=+|U-I_Rn+vczXj&QMC^m4_~W=8$PCTt-T?n)b~!% z;dA_ZL;D2IqnSx>e#*f;ylZ+*BZ6)IC4HhYWxdZ6j__DUm~8F!ABs7i9^OXQ-KHn_ za%Ys9C~Mg}ZpI zqZ(1VPL;HCTFl!J)+S~r7K!yJZ%;k_4#4Mu&qc#g3>}mAorfCSIxAILft%lYa}{y}?tO76NuDkSZpSjm+ZJkQ9gQUOFgjQw9|-BpJY} z)U|oCM9gv81flv?gR?9uA!Ya_1p1U;ZDn5|{4pt>SO$ztsMS(Kd8fuHRrdZ_Y`e-i zyNk!B7{oqcXb+ghJgm?y2bKN8p4t*P#%HxTqcoi^yt$!)Bk~qUh@~8W=Cs74sfv@l z4oWP@*S7&kZH?v1_DC(DXelbjao$BT7O!$>13@q(ST@6-lig}|Z7?HqV$OudQWlmz z!~0PM)F+x;E{?wj8H)gtLXPZ9>|$|QKM>EE4$wrF=E}I0Bem#kZiq3JSmh!o#C&b< z@g3z;f7_+cpxeBbnTL8VNArTK`-vNNI=hFhEj@{d5$W;_?u4$97;%G>0^-^=75SG# z&l|3T6>NcSs6LvG_Qz=6i=nKI#?_HKn|?0u*oN;)Oc*BbWp4+iMB=r;C4)2eZJo}XdVVEp= z-}hL0w;Bng0U!(4=Q5#pYKHGWJZ9JAeo@^Or|b28m`&qpbnlewqe@+}J_3_bZOxW4{(FyD z$c2lnA0dzGSDpqzV2nqqX zfB_yZ-r2!Ax_52Dl`OC-ut>A0P4RGXbG*o!qCn1}ZC)9{`f2SHk$GWY$l#zwN~=fS zy_h%*>8QJFXU7CnQ%^fRcwk7Y7*s<^T3IF5fJ=%C1Yx-VfbZS|Ay~%%Ea>q&fB%c) zuiuV8fG)l&x0GIad6RMPh?k;dKzmh)Zvd{~fcfWUq0aT6s+YvvEH=KNr(x5X*;Vlp5=)NLUfW@vN|;C09nrqt!&x2C2SfA(`WDW1v3?0UQ5Ox zEi}=Qm9W&aMaka&>5xi6to8sAE5 zUNOP#4vMbjK_B@&p;cHNR4$HJGm)c-QVAx6c+BBG1$$VpX6I&7Wk*BJncq02>l9_l zOE#odzisY2J9v9<0GsEq<>3TK8}Lb6l>}7PH+*<$F%3UvXgjN9ngNcR@(|}$t)w;5 zfDCAFNuSl895I}0=kY0iSkdEuuq)QVFSA%qi|+lDZsyi|-rdfpOwp&l+y6aU-L4b- zNcjD=%&N_1y7#y6bwZqt0XUry9Q~AlxyML`Hp-BY6TT;G4^jfoFREJtn92$Z0f>9D z?%nHyhedsq_juc-1Yd!g{RFms+B+ta=6Q!FUJeV(NG1d{jVQkABo5%*9fKn}dUw+o zjVkg)wO{r*;w|$Nlx66gkM1I#D}HFHShZn0d#dLeIb&sXQPl7Mk|!xi9PL!n&G?ED z{OP{FB2c9}F_Q7R{}w0So#Cx8vOK1hAiXY)+C5RkJU*%B2L=zRVCIe2)466hRT=h zl=Qt`=iFS`CRfqW-dhPH%8~Jp_>_{+-@mxs0Nq_beC7;luW(H1Cd(m@0I`Hx9#@+N zz{oA9H|mr%P{etXBg{mtk3`GR^tp2irnTX?u2X8kVk(57jt>}R!XcqhD=gqy3zk&q z8)T>y8u4zYrrz96!?{+G_WDIN|6(<%?SZ}sGgFdG;*9zA7tas`R)F0g0qxWZSzKM4 zhabah=}f`_ zcT!`Rv=PPDK>#%hAKHSxR|F$zk;+__!qF4k+^0ar}Jo5_#1J&sa?evwpOUJ;_bQH`l*c zac1*(R$(Ezz+e5Qyn5`VTTXJ@yH{Joku?CU;X3!jQ94IAj&dgpa*xJORPFu-917~j zGBavRtCf--K0%W5YFUlxR56 z;KF9~1l!usysZFwPKX{H^rTv8kS83v zJ~k7>YzB4o1^I=dua4;`d~u>fv2FlDaKu0X04Xvrf1J!ap(Qjov7jQ{)f719zQvS& zJSj|BX0hC85LkvS=$a2B4`+0RNNa9^hpjt@5p|*yooGJOxOI#-xX}P^(O4G%DypU} zA2%wQ*-qc~krdvR5AnYdGs=3DNqV$_CI78KI&H?@LAz2`veqhri6cjxV?`pi+)^u| zpBln^bITWj#eQw+GBXMn)mAy4!KqhoKHgR}nZtgK2_2*h0pv?q-N}sPBQ433jKrf? z>!`h==VfqPOq_C}wRl_~&v=uf=`#G)mcp6pZ2K}~uvS>8$I-@G+}GIN$j-S=BxV_> ztzmT>0n({!#*m}JC?y@%fb~yOD{m8=-AgT?=}N5RoieVUc{wFmJBj9rv}9@{vTDs~ zMNOiuZPvIHSKcLsi)j(n6TQTn$p0o>zWt(mSV6CX>gL|^oHwJCB5v9$LDkTSaK8@) zHg|F1xp~<+k*wr*x!LxsU{P+hKDw0miCTi7A%0S4(Tdb_MM2P)#4WOx);{l^i`?um z+R%mrOm~zXU%DGf4^o9Y34WwMH%m$t5Yg2sVMd%g$FDS!9JG}AA0)OuNQy2H z{7xbcxkPq%b&WGauhYWfD1F19UvGYyokCjUPl?_6x_^jPDsqP8RpvmZ4Q}i4dbB0Y zqpX?eRB-2daRPV8K7r#1*j!#fUOj?_j7(~CFN}?JX ztYvT@#e#0{&xzcr7bPh}jf8y_?%JzE+DOc?CKZM9UFgax^cu6x_*LvnzvVEULU#=d z6l@fD^i9*=q+agKX}bIU8_T8?)D5^gRPHz#vkZ6N{Df#CdHo9am2(VzB86p=Xvpnz zk&#Q%#>Yn6n;%qt&zc7haFA&Fsv72DuL{(_TeJ1B+?QZ(7Z52S5h1ww+V|rx{7e2b zstm5?*-cRn7oHt791CTZ5Yv54S$t0f&R6nPyv@Nwe$Zi17d_9jP(1dFw#Xa#DzAF6 z-MilZ`09WhQ&T(^P#jPH^!ncAk8i`|-_1fKQGhc9dLVa;*N+o1@x_u}-O65ye zBs)Pzyb0)&ocGLeqN9e*SL`ySoK$8BMo(;*e`LE|T6}N~cQlg{OO*JRMud+!gi^nQ z3fN>rUbC-t=YR^rHvc1Vk`I}Y z0gbL_lYmIyY~cBt=-6u57n=u@<@HxutZjM5>mR!+)Yh9xs6!eKNvtHwxM&3;N8%jS zG)2RDEuILzE_`V_5B~rdA==t)V+_R0**wgeLX3|Ip|ELR7ouEtGMeGC}eDz&~^A@SXJ$e%vbA@uDjpqXF}Y|3dy zLw1D}v8C~tTBmEU1t(}5*h#J4Vl$hv<%*j7+s73w^KRi2krnx^b*%rUBfHp!Q3&{Q-RmF;wsUnBQ!6Ej65Z zB5hio{WM?kWfN6;oKOz4J0GdkbCU*DmV5qt^3c3#wMXF*9!UTtjG3jp#v7tZv7J=9 zmjkt?1dD4rV@-TiCaKSQ@v+kuMm{du#^1MlrRA@H^(H7Av!Z8 zkP-B(91R~nQ1VpaB&1nxF=+}7HiN&u{KUd+j9t3e9?L~UrQLAD9&!ZO2;uSaoHJ}A zJckknX&d}-7rZsW-$nicizO>{&bU-TEFYj=F<~qNFO3Sm$}~{5PmQo5@%Kx zfsHTpUaim$YKgbeBz!nhyH*)u&>}j{$Ua1VJv4z@C&4^av)R?w#WaCd!2e0kI=N(x zt;7$aRfClWM-Ob-)Cr#l^kNaoX?20AA#@oN0qe)b4#)%8vq{5fqKSG&xf^@ylVf?B z0n9RXbC3K3nppsUiFNb`{2yy88<(p@tUo?iK&{@6dsN#RdKk zA}|-%6$|)^3+(eNI`9=c_-`1&HvbAE_)m7_Ux)pM|Eu}G@_(7J2o$2}08o*u2x2;f z0LBV!FhJOV5g~^MAOnE(^t2R4he3Wgf>78D1v-Ov$hdGQTz)0q?V5@oNP9TLxGl=U$|*zRNk0pLWD7^0W4t*^=fo-G7%D(Lrcf}m~8kpc{WW4e>B+gYY)^bp{< zUvHX2?%`_XIlND(Xdk9+Ss@G8l@6x>m~Sp;W0CKGBFu--mU1ZF(hXdI3W1zq`1@U9 z$eqdyoB^!lqv0YJDU*>jK3!uS2;4v)2}#sbA=&1=wl6rEpfj^#1K)>&6ca~KtzZd# zZL9K2GA$J^%@o6{L+eC!r4!~TA*s((3D-c+w?x`CkO~qe)4H=Tk%0@=d^uLG(L~`1 zmEAbsC8yU#fqQj7=Y4ryBGK>p!mSloXdfXaGBe<>nK&?ruUR=TXdg`!Y(_lFHiIgQ zgwmK1r%2&()zTUV7nHJ)2bfj8z;&)8lQEt_)kjeQWkGbIdzdC%)Nx)zDhQvGC7-jD z0Dvo9hAYM+U6zca2CK=siXGlEq}s`Zg~ky&1{9I^D{$?0)YV_ZLYqWyZ4Yqj1=8Y^=_!;oJyzXp1Ay?!TL>cF z3$ZAYvlhTuP1L6M)l5{=$_IHMnG*1lEJ1CI%IJmlXe3_dKmk!Ry4--+RA(bXP!?~l z_|E6ga*9UzGq8wAUDW2nTBjEl%925#uPQ$>Mx+5ZP8D^qd=6IDRq-a#1(}d)9Ci~zOTg5TPoRmCKP{Z z;`zr_`?tjZh93BX@&8Na^S@Y+KN$a4*&hEk|EHM9l}h+`{>Q)A@Ba+^m+_ws2n4kM z9RH^Y0BC{%s+a&(rhq~W;Qajk`}a%h>z&ing^wTmbav`CH6aTNVONKDSJ%%v;wS7+ zG=Q;R@&0qSSsnAalio-r$WHsZ-L{F^7=IyDj%kgA>F`ohxY z@tZRA!(0?WRhdr;?3TG$%Nrb2za@RHU*?ABYdm`TIth943k54{)JpFWbUh;Y#bEgs0r(Wu_j1j0vY`9?QKAPj2Sw7-e%W)=|g@D!ZSix2* zu7F$isbn0Pq5o1>yr^gCArK5Dt+XI<4>!a1q~wJ1bTwNf@{IO4qTe>Z!sY9tDz83z z-9J=tp20V68_$GkK_TJF<=A+C9bI&rizf*n7=Imm;BqkNzxJ?Rh#vVpr zR~Z=yzccbWQ6C@maqA80ES-0RiT-WslQ}X1TXALz>`Jz@fZ_fDv?`An zshPq&fzCEhy==rHDD2313JBM=u@%xmaqgsRi1lPi&`9CJ$!97#+2r?I5R>jkV)HCy zc$vBKsTSDQ%nYUz)dUa763lHUBth;2oC;~h%*T205)bO2wKx&p z%r?a_(Vi7WA+syB(3I--{Yqih_$N{ixJ-x~Jsf+LY!ihtH%M+D4A)iC7db1ybP`Xq zviy3SF|{H`c4R&bQRz%hkyKJenEP*XCZvRe4-%V{3*&4qorZ{Byp`n%uV`qSBvp@T zPeYM3b&#P=T`P+U&-1$K%Cz59mz;_n@p$6a7UHg~$GoF$)fP=xuX*`4x3%pI2i~qc zV0!Cj)0c$DWR%#4=zEj2Oeq^hw@SyZKM0JH z&KNywTN8?;ql`qtKM+BE*u}RK8(itK=7iyI+bD}>*eE9vsLE3$Qgm5$+YM^Nwr+yg4V?;#P))yCeV`+D8nzM!mg1g0bg0D+b=T;k>%F@?ai~rWni$+bJ2%Kz|1LDVIna z5Od6%epHHO_yT<4;XwhiTTJf1P4d^axc(V6_&-+WkL>?X$x2>$7nz#rIu zq>zx%Z|DC)f^^#Q`0Ux|t4zwTUR5IyB{0|{OUrf? z>ean_b15l3+S-pjJsSlDpO=(Oq0v{1g}i^UhCk02ekuz9xkRx3Iy%rZU$<9*&F@3s zUk;Rds_@dJj8%I76dh=$*7pmG2sowDABC2{Hf<`^fw6S}Mr${qu}rUzSpdeFM1X)Z zL81L&8w+j%V{a2I7-6&(fZ5V20^m&uyBm!g79Dyk!Gk-!2$#SLi0ftr14la(HPoAc z0Du%?5HmQ+iU0<&!m7?L;J~r6Wg!525hpSCo5Jv;i7KKYvnH9$cbTCr9n8yOJJP6z*>(tgZA2`<=D`qmmL zXCmfj3YD{j%C2L9$Z#|XW;*n;0Z8?7Z?#OyN^+^23VzU-3W|EzmTXAg(g8Zp!LDqA zZU40id`DwM1IMc95sm^IA?L@KfmgRSS@`e6r)YABw>AyRA@dWf%qdceG!@=~MErMoc%JKsjjJiy6X z!*xt(0N67o3n7L|%)Fuuzh3xcBNC>>xrre+bli-hvaj7FxeCYle|Name{sP4_ly6L z{`c{;a_4jPaPauk+8=PWpCc$JCUUi}b9IS}UB!C4x{yLwYrbDDq=*pmZ}mS?^xyGc z|N9^QRSCc7e`5dwQ2z7!uduN2D#qL6$M0=y`T>AUCaTOUp`Z2kPckU1ORC{;1vcT(}JRk-EZb3nI5l|X@z>pnt~fxOb-lqf%gn@*Ubgc6oAS|E539PdqK z%jzpM2-NCe8KSoo(ula(S4tC?nlM`MJZtTFPMGy>e)i^0yGw57QFZ>i>h`yLC!cb& zdy`W%wfAUCp`k(!h(SGe@N~w9XT?M8U-w+&tSnbr*zRT$0=)vFXV@gcF5Xq}`S2RI2J0Y*4dyKG7nV@5eYQjAC56pu4o6043UMP!Odd4xaJ^TGdZG&5NbJ zCOmvIC=Cz#eK1g$8r30}X=v1gPU3vIn57-192=mAzY`Uui0f^onC9PZ636VB_pRJ2 z@;qxuMO)rHFo7OIx?P&7r@K`aIM$K3Mg6iRcQ~rYTovK03z%OE&=9F9F4bRN;+ba`}W9Sruz7qo8wbnw{5@$~9nL6|eDnlgwGJYdBcn*mZDFkNZE* z{QQCbmp9ZC_{(}oP*CKj@Sguj|NmqKeyjhHVuE7A0EFmYF8QChfuE1Bl{W$baItg$ zU1=*@H>cm1_+9w_U;q3kp1-2IueXz(&!2C>AK8C#i*}kWzxb z!Te5C;eP( zLQ;alzec&+1^C!|d$?Ks!+KpIe$x<7M-N{Q2P;=sJMW->Tnh3xZSnNB^Kr7ZbN|^R z?(aPgAt~f<3h{PwaP+nD@OHQRhwT@V68g=1;_u{buI;{pszU+CdKFDl^bVPoYg;OOCI zCt&06BcNer9pvrg?&~O^=j3ZAa5Xvdb+Qro{kP=LzI%VZ*8fKSf7JuO|6~Pzn*Zy1 zc=-OM;{Is-3yS^i{7+0==xY8i_?JrkC&B;2=l@ckK6c($)>+EM!^X+Z-PQ`_`E$NJ#R-sR!e z=={M!_lK>$v;B^Yf`&y7y;85Yy>CBG01w`cxM6>4Ta7Ik|J<>5(3?vtp9>YroC)V& zPS*p-Un{%S57~o`#%rdR4{1~i7B`Q7UtAA4fWZ$_zyJ6>>;y|LogQ)kHS}!!IKH4# z$h*A$BW7JSx%8u~b=g0u|Ih6$w#57Pk)4~HTXd1EH~Hf*;Y^4?`hHjT+P7alT^)04 zN8RJQ_|hNHL^8*HslkF73eL5pa=Er)?Ly|20%jG~At=}AuB)S+pQBZ$zpw9|rW7?U zp^Ii=h-Qr~{D40$B$CO&m3n`3e!^!`aeI5mYh3<7yEyX07?*yjpjqYl_7s{(7Kd&L zL@bp-c|5 zW)V7n`V^9rQYn8nN{sGt0hLldrBWVDD3b{BflMKfK`!q{|HqQ%;$Oxs6tuJ33-Cf5NJMC!pe|xf&-Ak4-sS#2%gy7C; zG+jdE&Z8Pv#lm3e_Z5yH#2Pvg6OJ+`7#W3EsRJM-wYreaAPsaa6Hq`;60W1%oU3g>pT7|;0- z91~VnEeMbDSfyPIRiuS7ljRHoOe1il2TnQu#^Vjz@>BuzND>oqgI*m|18S#aA?_Fy zCDcH(5qPZ>hg19!0*aS*j`X^eF{RHD`pVs&CJ)x6Nl>1d zrtzWHU`iX2GMD{9saEM(RpIX_ru?Hk+l!<%WH;iruDx0J#Rm2!0*oe z_yW0rS1<;$1tA)86?fbo?HDX>ep^~0dbNhy|C%^gF#&nZhrt5=GTx^u8TYB&C1xI$ zhLh7m)^6>|qzMgw@EWjDT%)_Ng*pfg=mX8LyuE&O z0ve35*tuzn#VnLr4s37abbuXuw3hO6=+liU(;cCY!cJS9M5uLxu`W5vXQiPKODN6V z0h~ZWzQe}IDjH(TpCoG6CCXS#`7}$U^j4V}Cjk|P*jtN~XHHuyHbKV$RG|lM5#Lji)2hYsnimD z-4z1X^$2-MBnZ(HM4<7F>0-c>ORzN&D&jFZFTrpKpb0!VFVRXyOa4H$`~ctpLa+b? z3|@S1UjzVSVIcD;b5Mqt>Dm}u$$4;uiyEni0YL$2h2FNKQCKs8k#$x8wnV@RBqaUcXq1t>o5vGL!!i^BQZ)2YvogcPH-ba??L=x-{B;{qj>z*X#W-sy1s*f=cB5`lPmDCAHVc#kMPgtuiyXo0 zcE=Ox0RalN`n;ZxgeGY9yCBpX5TCwb)tdE27#_Z@gu6#^NH-cS+P?|{val^)Kr=f_wo0 zliK~I#}DHAo+2{-(7We1)QHz0LYlcl&BpN8`?xVWT!5tl7zd9C@E}Bikg+s?CJF=0 zm}6jW;3=Hoh>V?Gwj|~jLP6Xr3=mL?e~1I5T63YnC7`hd%m=Qg=HO`ri7MlCI)`s93n6QnidLYTJ4J`vnA_IJ*A3yC2xP^wE+Kt#V09G2 zVs34mM(WaMCJ>+GQ35)?a+L*Wn3SO8Bbi}=90&(sopIlc$zYT9 z9dX)FBZQpL`IN8b5Bg>TD6b@LTG>p0UYptfI+y->2)_{>g6{(oaN&Q zstTzR2_KKd1r^(>z|(M$3W*H$s1$Vh-ftluWP!!(Kzjd}?2BDdz}6R|Tsddus?I+d z3M0u`^#u?O-#++TJvZ~UE(uqGrwC{uXaYn|dI2|e=XMA?64x42MKPfRXu$>k0M5cy zvd}i4D!TBlWpO*;C&;n!z29UnD2NHe1VDSRM2UJfxPBVR6wt*$z!LVDk1&FpU<8LT z{xb=4uW|vCnaLIzXuWn#4j)K_Xpeyg5wW7|6Uu=?1me}+kEAfxXn)GCAP-Y;adKhaIZB&r|i9 zwp4%-RDF6JYmJ!<|LNDufrljYs0u?I5kyybcC$=}VKu-LX_*yJBK>=07FHH`F%t$ChavC~gT@OdDUCygJkR?F&96>UYe}N$B2|Xw zRQN!-93T149Fw3Tlj;35_WU1I)EyGH(k0SuffRNEmKVP=*KmqNdQ~)@+OKCBA+1Hb z{~=;XsKB4R=<#}glJ!mUr^+2z(mNC#*alI7IWz@q5yVl5E>cYdgvzu%7gr%fo~2nc zdIFhC?6#}GJphqJZs7c$a*!H@qlY|3g4iV4RSlZ8DITGSx$M|+pm2Z@g~X8QE79bAHnS$ z02>MbQ2+oM0RRIYgHQ^m?3RW!P3VEJmCHa| zF|$2l`Xw*yoHKbmW@<~5!D;HHmIgoNHEyL z1&s}5GNNzLJP!jfLQM=|2y$o#Zl!DWo=G7V85s4a44}{q!Ac@+dZWjqE?fqTPUr!Y z#VGJp0O&YFsDu)b@zqnC{j3d#fOkIyM`up|cJ>9~7?uSx9n51howa!+m%X|xLt>p8 zfGWG&jm6*SV!rfiBBJv&V;?dHN9k3HG{)MA9<1DirnTKxlzBa{1Tf?U>)W~Ajk5=l zpeOKN5jGDCyMtL;i|LMwKL-(JS=$>td(sB=l9I6 zo7J&KP}vL!*IzR)vU?*cv4Z~$oAU?EKC3`{Ui3cLA-ilMi5CpiLuxl~EG%Ff?%z92 zfIy%P;DsGQ(EC68*js*+b>>3Gqop7;3ehU!Mx-f24zix-dM>=X%4D)M1p9tZ@vO2T zB6-)p@erB94ejcf=`lKn#aYyqN0t0^#_Dzn}j~0V7KbO@~Csb%&EVP6!1b| zY!qKtTpLH*Ma{}bU#y_cc%D)sS32~6ms2)AtSF+h&aiKsXIpI+QJ1hM$T9@Ez(6lR zmK)(ZIbCkrz>Bls%&)5vM=xLUudVZp5J<=z#=n&SYJ)Qwa=5abl|jT20FuEGgbn1# zVZ1;>0k(B?X-)7-#;-8CS{2;)N?@|!cr={T9Q4NkK=vXB#$0UvOHu?x5U6q4d}#@l zzStp-(*)Q&01R4X*+BW~P$~fsMg#)DmO`M@PQkHUT#4@pvQXe|q!l(y84Sj;jeu66 zAX%E7kQ~e2rJ~jg;35QyI#MTev;d2aK@^U_x4F;&PpCQ^s%8n{LV~!~APY*u4Ixk( z6j(tMLgN7ye1yiM34O8#($_>2MS-4Z0)k^e1j_%M{JFy>n!5*-K@)5Vpee1XE5t+S z#~=krDC`J~1OTVCAQwxJN);^g2&9Ar^pC*0Ir5AsF!cpkVGN}C2#uZ*76ZVnk1%wP zAX4$r=Q%IBdPD8kAYzYTy72(@8dNAJ6ab*s2&5GgOiB|%yc_&j6QTwOdrv|I;ZRu* zbk$ne+jywd5twBSDvJW!!C}bOBe2d9Sd0L~3x}$pK>fn^MxY@YRcN>bFdh_GZ4J67 zAEHx*Ml%LB&WWTT06QIl$sR#LIgngGu!1E-%n}wp&Z-p;v3mp-iU-pjfjQU6@ZiuU z3OIc{gjy4fo*%u+40{R+nV4f$MZg~BUf{}=sVVg5(|E&u=X9sOUxxSP9M0|-{ z_Xluy01(Ri*tqxu_qLJlY2M30cZUG0jO|lvJHQrop96vbq)-SN7ViD3pAZ00CIi5O zaR3mzyjuib0ccPt6b40u!O$?#?myTVXlNMNI9OQNSXej&IDZ8K96Wpid^{XtViFQ! zVj5~{Y8v`~1Q0qpIxY?_1pxsC6)7Pp)jtaUPZM_?03ik-1x|;62mvr52to+D>jJj# z+YJMO{%t3LAW#?@7#;NY@NY`)4eCQ-1o!VLf?<&R2Mpw2(EgT92qR!1VnpL5X5u3u zg$t4)WcURhX<7;)3GcfF1VuxGVMD=?zg^~jF%m+^AVUNt;MK}yB)0MlN#K*MewN2X z0&gGJwod%4<0SxF59NP{kkdS}VI~3~0D%5)8Ue`UKGO6+#uFYB-;)B}w*w6RJLP-Q zgbW0{GFn!iMEQN9zd9W6Qe*0O$VNU_!|KOVgl}m1=+ui;G=0B?kPO3|WZ9 zhGk4Z76V4+z;a+!SYRX;Obm;mvne2MZ5S^U)Y+_s39%{g8#`(+ORU@0^9?G~0?bQ?eYenxv z$$)P^M*=kVCOPoU-J6yg^1STMImJn_+$UNJ#*Zo$42(ET@GRZSUZ}+xi0`Jfy1k{= znuh4;bbNbJ&Q}#<-d{3qz_k#DOQzrrJ((P|BNb%gskZy&kZ+f1>_u_qQMM$j)zUfA z44LvcIehJ<5@As=^Q$rV^8kl9*%4yO@!}AFUf@>ECpG)pK6B7(rQb@!NRO*4rlK%hE?H?{o<8E20Z+Bxwuat{ zqXUpV?Hi>k?B_qz{i265qlziry=GFx*sb-v)l4?&^r=+Ub!Mdj{{G19aLK&?(-x_c zjR`uF!`_mM=i49Tu#1W>1iuB5CA>e|_C5WS`AP7~kmEXe=EBEpI{e&bs#W~gLq)&S z4y>kax7Jjq(`QNrffYTck8Aa>`72KLq{aRSC+$Q%FrqEx{L5A(I(S zOjvu>ElQjmkX#n$Dsxp?z)HO&v1t882cL6crMA)T#c<@k7XyKW%w0iYQ#W0MGdDle z5BYo-%Oqc4?vD)im;Cl`tC0%ZSbcwe)cm3$%v@)G)Qsv5kQ{ve{_Waq+8-{*Oa1;^ zH`}152`|Y^ejJMy;UzbGf3Jb1i$n46b~Y1VHI8p@zTae^f^c4-hxrAmOV~>CPfAb? zduw0wOBGHBP9;S@Wd31~^My#6XdqF7z`mg`%c-X`P6Jb4e>Z&U@t|OX-p7vDPWfX! z+i~m#+HY%phowK5r3X*+Wv4il*Kl8&_B!!=YFwH%T=l!mIo_`+tzdk?@3}K;#^SW9 zTS;D-2-OSVf4(&xXLNY-@T1A`7yk;-bYQs1NSZC^sj!UBKPnaAcMeGz|amS(NYCjA!>nI zEi|MSHi7{GBau-hf%1eCz+wux37X(}1M&5Q)AeCpn6`6s<3c%duVTW8`i}dWJY#10 zPFgL8SRU8h&lni@vl|EomTKGIKO;l43-{paMoTD&dQL?ZFJ3|xkuMe8GgX34_4FB- z$m^qABo5EKBw<#VU@a>SzqQ$y)fdb4)&rZaI@*?~hDws%N5k}#V#SdRwp*0ky;C_s z)(hVT9M;`C*WKI8VC&t%x%Eq)FG;=V|BCpE@$I)!;g7?ELov1DRfprYCPURJ2!A59761=3_= z|CkXKk~nq!*B&4ADf!!3f!iH2IfG5` z&)No3vTvtVpG3PQu-=a zrZi*ulV>@Jk#L=hcH-WYGiITORNjN%O-1LAHeb8ZJYPNzdHSvw@A<>)mBe&_Df@|t3X%PH@|IpyXS-z-jThP(P8}Y3;L7mul-rsYJz4{m1 zYes+bU(&WUT6c_owwK#`$C6Zb9AcF<)z=zpTscgo%)o*ub#}SvR*^Z3uvL^rlwhnh zNV-kpMETHmGV=2prxi=(;Z9$uSTHn-DEbI+stzVBX-D(vF?hJY?O-P_c}9q~a{v#F zS<5jEHKN&{x~z!E5?YqhdM?P6wCp4Cz4?^7AkDUAqrVz$orCy;gd^6ybCAzl@&Vs= zi{ATuljHfFEv4dBv~@0XsWA0waJs|9W4n~&ZK4^@V8SSa*bgBmx#l)p`uHcBPvB|q zvVAheF$^+a@kuFOB=bFPfQr8x>w4W)!cMSL$(Y^t#Jf35JZsnH+Z5{(>th{(>;#`~lHNAW40%od$Y>wTsBRI596y9;{hSD9AwXGNtIFZl2bOe}hW2#qU4hRwQk z#e|(5rgkcnryqCJX;JO1Q%GwZE5vU8HQ$5(Hs9X?VMej`f)L(fXHrs9^xI4=TzNr) zPggAQAJK5a!O9dxmr({-F)^`nnoM0oE~p`A)R0R@zQx$*QROjgxV?CIbY)nhTr(os z6t{!615-~nRc4uC8LmMXribobr5zRNK~xs$5iXMrdUzwy)%?v27-YHwD6Rb{xUjKo z5ION?k3(^SPca_l55bSUO4vd^k$~GrV%Jo18%v2WG?|O-1W&Hy%V+do@qC!Wl(`6JVW;YfKKRfe?A;me$Y$ZNFVt9P z+zeR%g3{5LzJ_Qn%TqceBAp8H;iB2gBB_$0l_`FhZ;hOy;fP2MDTAH5kaY|cjIVuv zMPN|ORZRWI-|8_N8+%+r0RbNgltdO8MTrZ4O^g^5z-0_WjA1gUKtl?MJalXjjO{AL zs_daL`HEPG2~0-h7zQQu#apCXa&A*F) zetNHy_P2*N? z;nL~Y1&m3+n8{>=rTQT6XCd>rTTxAw$ZXY}uBS04m^ z@@dkZ?2xPTsr1@liV~<9;waImO-MNU(mG2fSyy}TY)BzF_GcW#X(r=V z=aO~eHfF56mm%)L4+Him`cn#}S%>MRT#2enzAx-8^L+VBPE4m<#;ek2^xA4Z=7L2j zJsV8N*{?U~sWS22Kd&_B6}?^`hcRZ>C9 z`P=Jd#j5O|g4O-!V{J~tSIehx*63s6VhOUVms>uLyBw*G#k%5LV^?`PYw1h*u{8=z zts?23T5Y_UE~_dWJGwnf1~4eUTFB^trpQdEam?zop-~~%o+YWX)4KH;=egWCBi;s1 z;g*z?v_aG5X`?>7Ve3jfwOx-1Ve6bPPe>l_+{ov>_@fn(B>2USDfnS@^u;zam8Dq4 zbcyIlQr)Hh$~PrB19V~B>@tpaNoLm(zM9t^nyevlS*7ns?Iewq~ z(qC{2?=|Osoi?JA<|86OxKbs0;C~0~tnK-X2SoP1Jy|-UU9Pan9)INBs(bd(WA|7; zt3d+YXWTO_bLNN~J6BR0+MWh@!Hi{!Cx_mk$x0u_uRHVg*bE7n5tf|d;_(7=^PB14 zu&HNs3I+$s+{%xmXrtl=1)ipR#`4a=bRL);2qH^UuX#pOyrj9Bkh$8JbI>u(#1mSj3>r|TB80|!#XC`L1s&iP5hIjkWxY8LSC}EYHZVMm@fyqyvB&7u4ibpW%QomCE5Vl93ppA6_WkxiW}|NySc2+;n(TYxT?N9jYsW zi>RZp_2ByVQ`GeXnPB|4DZjIyxU@fsunIpAdL{qRUb^@kaGU$`DT0F~B#MVyKn387VF1J%2zX^yH*z zqrtE!*s}sOg&KR<{cKoF!=f|G^o?AkS(3J&MzhuQT;{M%FkE0t`?vG;An(XF=JG8u zTk$C=+sIn4IgRzlq$Y#Lo2Ve)D_yCQ%i5hEQ|FV1!irDM@^55>r;V&9<%S(Lw601M zLd|4d=U^IJ&uXqwcx>iAwSP#)-3w+Ear_ODu8$6AB{>W^53?zKga{N`W-R%&d;)$L zJ$~g2>3*p8Y2|bG*XL17V)WL*AVswvbn`lDqfQ?8xa8SIH}NE$8dG-||D$%9N1JDn z6GbCJ{l7?Yeb$@5ut|Q5BMY1O{IVaU)YtP%x>46@nD;9aQ^`41n{&Y8Y59zeBpI3# z_N8T}+IRbk46d2aU&O9!w;i3jHIB0P-e!yR-~(M7Jk&Z?A7YO`Jm)@br7f8p;>0tw zW^$=KeK5W9BNE%hCrb2HU8fcnuVhnNEcAm>k@H)2^p-cCs!s!A27=3iIIqzQ@7St`dlo28g=${ zj$f!^T$OUgw}PDaXt6%-rxLsBSG=$~Tl}thRkSmi=^fik&wG(M9#Zz3Kj;qF`@A8M zRgu&;Vp2U5SCRTdZt8NzEjR4&$#%!Gk1WE!R6|C%zK)y!ts9MFqfyKT$4$Am$lnL-a9+bOuqv(eoKquSR+bF z12+PCp&cy(@aSP;|9aCUs;Kv)`R3WkTdgR2;>8l~j*!#xMW(+5^{)knnzcAo~uKfl!;RVWoP*+^*5 zuM-?mby73C1_C1KzETjgEcn z?><5g`da9qy!Tedzl$-CeB-16ecf)( zI?vYKRZ73bj37UCWuNaulc;Ug;6BORpUu5&-L{E%g;>@II4n}qcvH03Fi}<)n*B|~ zY}Uj%&TH+ce=kWoVc@#YT=J0Gsd`y={K1L;d$jdVKzP>ZN#;K7pa7yuV>MH*?alB4 z;@tiUKf6?JjIg9595+&B%*i)~VJ7rP-b-z^n>V;Kr2#Wv$e%l%)gL+)7tXgmiFSnAo`0QgZJrCPr$s0Ft&kk=~8_;Q9cSuRk|4YsJwxdd8Mwy4l zO?i)_s+XSMFnPEvQp@~E=|Sa?d9r?ID!OBIS*m!W5Vimx0>s6DqE^V%^ABsnc>-&A zb*a&isFOAzMSijFSElO4*W`E7co2|JqtqZ1h~B+vRaaEb_-tPJ*-3LJC+tfmp;xS_ zPZDd$oVoPx>0x^fH2aq#LVs!%jm)ACXS{_Ta|hFNcAG2^;BwoTth<;X#7SFgCJad< zc&AWJUQ!i?i!@JtdK5Q`v^ThY+`XK|ljRuDpK`$;_#o=E(G=+~8~v_lTV1tZ9N?Xn z*0WLhMr9zgry=@pc%`cUC>fKQq=bA93Ivy>iw`bO=2d-`vYSYmUJfT4nNg{XknZpMCYUjl0ZL1zvv1v$VN+ z^6iMDbH*E7H+RPz^+5Z#b~%+^H)hx$>mKioY3(bBSHtF7G?ivBcZ;0F^`?YB)tv;N&VT21As}f6^&0N||F;fU z%AkzZ4xJ(GyxCmbvoxAgB(J^M*4J+;r#62&U2D3ZA+SlGuo@2-Y4`1?MOs9gB^9@w z(G~45f66fJTyhLeQ+;d2GfyK7U$C{qnh!Amm7GTGh-&#+wYtgLH+;a#QGdUkXAw(Q zf}Os1eD1{6J|Ysj7)3=Q8noHw1hcVu#H(TdT`qOy0jVf_QP3Rcq?3*5HJOs}F$|nY zzW3IVoZH#CWr^jDVM>dE==*$Ocy<2FkDg6~jM>U0UbLRHpO1e>#fqqpUQ(C*B+i0; zS}U2%DfjKmR;52uh?pqT>gl@hix6H-_baxqi88{&-@re@!5n<|hObjC@fmIGOHbG* zAx^J7YSj~iuJVeU{k`(?gWj$qLT<|zgFVxx@RRmOjWm?=t~hwB1>Ixf3X~levhx77 zcQYs&x+ZtXkbTDt6G@aJ*b`dqyq(l{uskq9-|=-d zQwRMCp(COE0>1k>(3$n_xo5}<<+Sjm??CJfhk+^H7c*F`L+RQpipf^KtJe#(I-)TJ zMz!8doJO42Z%3a}Whds4@M^b~FFq97z(rI%^Fd=+G0XkP?rLe8h~bk-r{q`es7VSN z+m0;csPZ4@yt zlHv6&HTJ>tYSPZkuC7{fpa8*)oqVFbI(qEGV{wW1K|`MnQw(RBCe=ska%9S$zdG2= zxPCnmM0_I)6C{025mbwCD+<2)E#X2GBaN%so^FLy&nr`&>8jrBggr0Pkc?*t?LMuI3(L0 z^Dx<$^`;iMPT{8$x_!`?sk%mjVV25;TA{9^#TjC+m{SS;f*oZBud~vVO9e(=T`Q#q*md17N8f+7xqY+a^?&0m&ksB*03V&QN0^ zJ`i~%`^g%wz`}K}^a0_!S+)wn8R+V|yH)4RoG*Uh^#~fxlJ(J|mh5At_-6rWS(=z9 z*V54keI+jD-EU>q&e0UtJh3&@96DotLp@iZ={AZO^Gnn%qGOtRIMD<#wQXzy^0v!n z1S%eX$Z@$WqBMh5@PGfwvN(DLf<9n0Gw)7!oZ((~Ua-Z&DmaSAc1-x(zr=v`agDB^ z#1IQ?yo3AQmpJgfA=U1bN%zt-oi}IEd_QY8Sl%Uxr(0xySt~a+M6cmSr@JH;3(esWkZEiqeTND85zVXK z0V)cOY`S_mer&uP#jU*JReGcljxN!)MosMtD5){vi5x!Q3>%l6)HgwV)teT=BZ4W!2)EXZNEz#l`KJjm9UpHG9vyQ9g zezPJHq{vY9RYe1;8>DEwewKdtKXKJfLOvt3heGezeRi68x+2#S81>MfdXjFVDSvhvz7Ij1>7 zV%~-;p(bIYgeE|}^$->Hd%$;0e!$aJaFVuu>>Y^^$L=#5-fe}o&W*JbH9~c-C&cG3 z^k16O8zrw?Kl<((>6F~yi$z63CCTvE*%x>94!NsQ97@aQXpE=`)ST!lf~}4CB@NH1 z-zeSq8s6M0rN)3Bh23%$iAA(wMDYrL?crB62MhjOlQmk1HGzgo=s~Fx-NZmVSJUu} zV?na8(!d2xyWGQ5qI)N#ZsXM(;<}P|K=|!PXR#13R@Fc9eGJb z6upMQONvEmBqZT_``!Ivxo@VqH*Be+dELyTveCelvyyZcYd_pawmH{Kv$EJgm$Q^k z^CU7UFn^n#?NVt#O6%9#tia80^dgs|Bf(xLZMN|vPxLCpN zSX|FJtRKxEgY3ROJtrDUHqX?(z%jT=r+D#8BzXl~B>6Tv+M?sBIwwKuc2~!A2=1bC zJ?V1H9nk*g$zMF;y*7w6!yQmlqTMEze6ge>`;H7gZ=}yNXT^?xWZLxX4%k{cByQAL z2Y%eIpv}|@xNVo}oIhf`8SH9OOG)Ou5yaGTq?kYxNJ>g^W=0D|T#Vsv3pjDE;O-8< zX<5W%zfPnf#u{8;HHhbtg7L8UhP_H%?lFyK_rz=p6DA6f0P4r(RI#jTO4wXf(mI5; z?q%09W{p~X4fm5I-VM&$ZZ5{vH?A6@J}joWpL#lx`y9H<#dbpS6OtR&lj|(8)!agZ z62tvp?Q&aN2Gz(^b#@1*hTl0{a_E;3NpHEQ$A0%6Tat#k$;65aDsAc*K2SP}$oy5% z3v0k^jHJ>nX}fqn9Oao48C}QCQmFnR`j%Xg_wB`EE-{r^?Ud6ub0QKY+a3~1Jz@Dr zx~}PqMIM(b3f> z$@`4Ir~hx^UpW7!_Fu`rGRF_!K3_Ty8vR%BXY}RL`9BAG2M?vvlWusW{~BPBzYnlA zPSxalLj~Gx7r##K8J4;V7mJX>edDPT&%Prbbb znDXxc{oTD=#niGAdeklYnztC?*qfI zA`rLatR&|q#e2ck$o~2rMW61gt@^NUg<;C7GAymg)UCc*caT!hkJZqxS4NuZ=)QVS z(Wb2Q-_UZfBuxLTE6#|Wm?Pe7*_bQQ7+c-^d9@_TfxZ6S!(sffDl-dFSCA_)VAymA za7^k+Mybke}fq)rFmuWBgs3oEO-$V=!UXd80a7A znJP4FH*?Up^;LeHQ}^Sn+)7!FpXpGYHm$yX{XHqFMzx7%0tp+0>~resFK({A2}9VN zmsqd5EdNx>8_W!CVtog{wwK{9oFbS6u76+sMp>aS76fhVzTo#5*0c=$b=&S0(WD8M zV^;!3u6LfV@_)U|J|Ft|)gkDY_|Np!z|P9QogYd$c>WT9o4yn{vbjU6G${TyH2mgCom-hV@DZ*vjk#~UN%O8(=j%ep) zIH>I-SIn#|4S!9rv|{5l9D_Zoz`0xP9G@6q5idkpx_!Ko^V0;ohX?O~W)n+Sc%x1- z-1&F=^-wED{ec5Zb;{F*r!UX#u3C3ZL@cyZ$DC@{&usJ#m4WZtYHc}e5z@^T?^oH&!zJw3TbD1>i)!{v?=#4K&xCp=!9gX zHHOH;O;uYhvI|+$<@kJ@kKoZ>@5g{IcoUy%{ifeB`y#F8OMdAI>JErn zAtmzAlmH(EV}FpcRer!4Z*B49B=MBWtsnG`q05`pE9w>5a-oUVqz{GA6t&q092t_Q zH50V!ewBgpF*;r!{VWZghgMUp?Yj@u^)I61*)%yQdi{#WOCBa#8s~mOqwqq>@Rj-7 z>33v>+2e$h%@-_#-sM%;*YNREW6e@Ck38mP()wwLUBoDR!9LVyWOlFDFnMWJBb%AT zM(WMplC~1##gl8N?!Rf&)fDe%k`$}Bx$ue2?)qqV>__BRrW?Ko6yzc?hCkCryemBx z*hEOvwJ0QwJp_16e{d>>sZoJ$%AXhyoOdpBMZ5Goo|wvF@yM&@p=jsKT|W=iatky)}M@YEfSKB)81(e-vP?T?d+O+a+J{fo0w&iQ-M5C#nRG`%4qi`x&vl|v8jx! z2IYnN^N5q1a-E1@NmG&f)!`O#A5tUi0 zirIbDb+%Za*uGV@PCrIxkl)nH7Va)O>IiTr7Rx} zK)9Tojo@?o=W;&vtofR9`)`khG5+|B7k{Z1%TW}!xASa5O)QP`lz!upo+4CRp59W{ z<>s|eT?%8BEo35^z<{(;GF*5WwH40T-vM6>N=+(hISyVYjve@Fr!gR^k;f{ACf=ey z9F1*_72C(@Q|rJ*kfd(@NR~4 zq`Wq*r&}VVI>pS$Dl>V!XP5psMhY-9Fi_ zLg7&FAem#OS#|me+4$M48nzRkjM1>Y`L?Cj*Lv)VQcIto41#jL@qRz4Gh)*bEBs|-(xYkbA|DHI~v@e5Zx ztd2%Dk4c0hKVHg;VhAC##ZWII7glWxsXbzM5T3CgI87p-CC|^t;e-PMg83w9u4-`=1>y8*A3P_uG-j2J%Nr;o_{oGQZmBU^!wkLHY+gCmG1|)S z2x&%poEVr6XPBa#%Pf5ra~s)1r+Z0z`fT&Y7&Wn1Tpy9AWGqvo2R_9cn6ZMdV+F|` zbzZfm$Vl+~Fhu5|xK4l>Z01O9;*)bB*b9%D!rWE6Ga1w4H6cMvgJ)Cd zsnSp&)p81p^?=Sg=4S^o(VflNji^W)FFs{ZS*sFRF)NFWX)|z8z_bEQcD7 z3PPG05FN8|Glh27_`fa%(iD&_yc`41$~)5J&)Sm&Kj$=hcDV$fj$cJ+G?p5pr)slO z8LnrYwoKtjmHn`ybx@nJAW->^%`*`hxg;%8`X6(Pb< zJ7fqyY&&3msJL(7$O~&RBP}DyTQM!R_toRV8${J&*gc~}Vz?cj zwi@2Dd6l$uj~w*8jOT34|f2weR=6|0kwtl6&qM&w2JZ*P@&k>d5_VebfNE?+^VMt2tgX z%Wk`O_Liqw6PIuG=KJm#T{)-fVFcq=kHta!5KG6nNzcBYzH>lc%Dx~=+p{TM?AE+J zZ?&vimgCq}{AA7$+is%rAgY0uc3-pN1M|;sll`!3YV7Ez8kI)7$-!@z<%H?loxid& zkZiVg17WYt?<-zkpW`_}f5$Dusk&>BLF>;hU7lUTSW~3w`J2YT-iX7-t{&HQ<2LqK zbaRE%Ptm;u{9CnwhxN#2<^he5j5j>jWNT=b&Sdm5pq(7(Y8gaq)aPo?A`Y9|)4$NA zP-~`t>E4M~XY^d|9;c~wbI6mPW<=`@dP22!J$snD2Xzi3a0Eh{dH3i&nQKXTrsllt ziL*!kHtgr?5rcMKc_@Cp-Xw}Vy#5m0Z;tl3I`7cz2bt41Cfy_QR}ywaBg7uNgemiT zKB>COtDikzve>Ii?I+aW@@UN$0VBsY5OZ<|o-yw?QYv{mIs&R5j8EgjdI%;O&n&>%dq&?;j0PykABDu z`wJd0`)c(D^Ti7@56>F6Gu~yp?adXB^)3%7sT!~4yVGvqf)EpmaJ%mshhHXde!PTp zE{e2dOPI`$M86(VF6%OOcTLFlpDvYfX9~ujGc=>v$M&gN-lyd33pMR0y1x>$#F=J8 zkBHoI&Ge&#*Ap7={18afIHqpF8M*N7$i>O0>vrl3B|R@yt5L}Ig`3aKob*aY58LYr zn3dh57w6)sO+@oyU0%9gKe_m+~n|jIB(GJ@dmrSo;1`C zk=3wz#9y42vonvmP$$hKPyJaz5+LH2g&J|OSOS8A_ z_MO3xT`k!hnH*A7toKemZ^GWEl;MU;JPi9iSiNuUK1=#7y~Vo*nWa+=Wn-dia*HKIwjhMg^mx^}T~L;mBeC4H>a#ot@r8NPnFD>G|$;p6VRmfHQeq9^g^+5M*t zyRolJ(px>Z>IM%>Eg9h=xrVT*@anibj|JnO#;4AwUcZ>OKvYAE&+Bsh$1S zVdK)=HEXP?tloRSvyr@ARw|gjXv36l_ad~?_4k_v(+j1wmUHH=+|0W=(teumh}EaN z{@nGH-|2hZ&P;vY%hm2cuOph?q_ ze@e~VUI?X%P+0}ZO}!ybnwED0rE>R zk49{SOVi57{MdA9*t^9KJ|LX^{U7P9{)_!vO!=6NaBXVwB+7-&2S?;b-x!fUdg_nH z`$s$)G0fY;_qUibyII@nmPxFA)~-)+nlfT?^4lESpC&aHrVbQ@{I%5PiQ6y3j-AT7 z<~nh=WO2>9_t!)H$6TNH!s+^%qi^hc>s>uMO+A{qXVKJ?4Z&}VM&H=iXJPqE=}-5} z=1`XZW$#(a5vTp6?-qXR&3pQ?kXL`52-+nUybeC7cCDZ7%oK~zCofBVuiD(4^!V8M zVxt8Yk5NM8jsVQlM7;0;*;vjg^(&wrWm`mX35nrDEKi>e3Gp2=uK4KX{vPb@Yc};Q z^O#Ar*Xv<(%8ojzCT-d5A!jw$uH8iXW7TtFkEerQ>wZ9r!~RlFRfF`?q2>YX#e;@i zco6)cd}7~$kyXdM4pk7G7LUJdxJt^?9XYu>GHg5XRZp>B@TtWmgZ%bwo$oJ>A3jn; z=3nQ^Wb|GB>rcmaY`3~?%kc@%zGjx4fnKu^)m>w!m8qZ6TCAP3>}~9^bh^v62-bnK zBPUr8e>-d1EsI}n^_Ak`XPPtXaC*3?+)$t z(xB7q*rBn#hwbA;Z;w7Or|7U(m|>5ev{Cs1RoTYR3Y;##_;YN{mJR9sjW>yx?ak>u za!_O1;%7BO47%JA8{R5%jXk&Q>8R3Q6Xwa`z>vT1kHQAq~+(uAVY9+2Y$H zTD#A@u{-S44Bc~Oo7juH8J!DUKEEKXV)XXjM=o|xKfj-H#O3Mk&Al~`yA@KpWx7rd zSdtpD;DYDABY95mx7-d{)qf{?X|cIW{E0IUw}q9{lKqF5)|~te6|5c^=%c%>fy=gf z50NoK!L>7M-*rPpLw4*bowRx8y@YNao}d7nH8nIwKHWgDKGe!@&sIadmFT6B zj%zuO#%`J#e`)bztsU!YoCE#8-=6DqPcw~ZZDi>;U6ac0n-qq7)eOzRUe zz}9m$-VnKIVSR%ksigf@!rfSyVx<@r;;1L=M}5G}-xO;|%GOa$eXDsk<{>@@~n}rTI~Y zOY=D=GbV1;I{lz$$)F*LJ^NQboHpHd-nqtm{cop%ldkm97JA>}d%BTJ4NU8#n=h4( zyWH3H@hH+x^7!POJoj_sX6&^els`09f7UIT=@E`WXE}ng#y{7mEbLR?cqoRP2 zExax(oUfB_qLDr;I^fs^aG*B*oi)0W&WeJHv6SaMrCI@00R zp`|?|!jC?3nPE|UCE95zYv|6|+xO12CsxLue&6>sZ;fH!zFq$|znZcY_Yh|LqAJCd zn%N$KkI^`%1s@Qzg+VFnKU`M1_<#3fC-vVg9`*61Q0ln;o9aNro(%;Lh;ndoaB+6U zpZ`F0q$1zWfBRB^f5v_C^WPT2!6w!C^Z$})v_hI`Jq@`JuV-&6_SdqL3J@A!T2Mh| zXA)_AQ(6>a%3;tLFi2HZ)n^QaAaK4G)I}5I&lAMP^o8fZnm0cOwsIUI8*LpTy)ah?gufo`E`+5JO7`24D>=>_C`I|8w|zrK!BuirV9 zYwxQqHnk?X5vAXEA)Pa^VO4d@Ke;M+=~VtB>8ZL6;p@va>P}2Q^kessi50zmH`K^6 zuifBmIzdfiUdDV@^z*ce{5kH#YR7sT9dApzlij5&zYy1$HEOC2L=9g!9nYJ4bIlg5 zQ3rR8*>_9#w057-!zTsKMc;~hZlbIn(Rk);h{LUl!98hK`!@Y>Ha!dV-5jEE{Bb{G zJV{OPy(YbAV&H?D>2-!h_Pmf69tT!S#~Ecs&whUr;qP6d9nGGz`!B<@n%$TF;Cj;G z(CPBWtlvj-w*LL+D?;O~*HJDhNR~4>U{QbB0%!G5wL<3}A4dLpar>$e3o~NB9_X;h zzP=tK%XrkhDT|iQqKCY^N$o32TulwI+gjy5!uEVk$^zmM^BISt7lr5(|JXW8Z~ok@ zyxGh>BTNN(JKn7P&U^Om+k{7^Myn}WjIwOmwMaF!86J5N8k(<27w@P=y{pO{5at{H zbN8Cahoc+{$IJYCs$aT;(ARTiA^lG8P+Q+yG-3J`+vs3F--| zXK&U`zhpC@YTE7JMBg0#2l+GgzpFy_AXE$@DOW||jZq8u4`J**{ zq(1M-7djjsnk|~~Qp+KsZl7=Q+Q?r{Rr40q6J^~E<6n<;iHO$i`k*v(-6C?W)lrAO zR~yF^gcV(mwPameG{d;$?H-*&E-MbrnLGH#vKzZfi)b&LyOFCOy9F%?-!;o)F5wn` z(zAO%+@Rk*x}eZndzsNTu*9 zl}d}G(n6`UKq}3Zf+E2$<@1a9{6apzfX~n6^D{Y|0uCpW!6;xbav2QxAZ0L;7z{px z5k;fr(rBQO@M$#o%qEdCNhB$WltdzNNF?~mAR$pCghM1si9`mG=#C(K1c^cr4uY@| z1T+-*g@zzx&^$f|CjVn?@#hX;d*Q3|ADH_uc#j3m2jq`kpgQ zkiG$S{p`#U-2i*++$SAB#E7Mf^ssmLH$(ISx**0o)(u)QVD(yfese&-b$;|kr)$pC z&ZW~CXHVsxV=~VB{&FSz`qj&q&tAE3Hv2;3rHgm&{ru~*=PzEqdi~q)3(noV=v$(0 zqrGA_0nWNpL%RC=6OW9I%R8j5XUx4c_Hm#Z;^=^gU+{}{rfV8bve82Fb3+)vmPeo5 zT6%gZwbySbQdOMQ&({fepH)5B#2MU*3$14XLJ@ph~b)5gs}1ABa^Fq z8+#h-h11(Ko%#LI}XB5ohjdmKV!^IZfA z)!=ngA8}IMD|lO1mT4oL>SOly*3FT-qQ}mjrRGoM)#E&xfvZI!7IBEN? zkH_X?10QeN?r%)^gd@cM$H?W|!2cWqoyh;TPvZQ7Av=@*&JJMnx3K?dGzaHz_Wu`v z`m=B8RQ`9Q0#sCh@K@0Sib~rm0w31`R8@dNTnoqrMS#Nr`QNE7z#)@C3usaYqT164 zqKHKHf0tg+LjDJ~mH*}%2K1R`2!X1D^tVLx!W8*|g2bCk1x=4r~f`+XexF?WVUb*#ziNoN~e&t$}Rl&>qBl^L?jrw7s7wUH}dh)a& zD2V;MHv84@fiH%<%wZ21Qv1j6MX8@%W*yWBeMERHG3GSKbemDm;CHv_TskR9Iw zehd_zdvtm8P5-ES^QR}?N@CH755@@2kA>4ZyJ{hgC#=R!SJ%psArn!J+;Xd%D^0bY zYknU#G;A56H?Q0J&^WEhvBj3R^C-j;pPFK%_^@$d=)$oV*;^~F?h=2veX4soS#4pg z*?cF&7wv91pgaoMndG}nZNTzeHJj}{tF-9l{?|rF2QQ0b%!uf_xoF^YEA_xA>jp$C#ifF864YV#Fp1;sC$2QAk=b?cllbhXgZ(2Vff)bvBFuG90L zv1Sjlmc=o}jhBffq-fpZ)4z&<_t7&4xY5$V#}E&`LQPpZ)+Nq zqosNS_f_asX(m9XM7Kp8!C`fzniw3aHIXwqxc`Y+ns(*BbAkuNK|8T>bjy5ZiYfQZ1gpb~IY{wETjm!8&hosNuT4 z;@ob%)|zMOhGnf;=E$9b95pI`OEo(leBG1YEi8EU^s|BdjlJz?PHLfqowuHA>aVLY zu01`Q?E7=gGtl^qhxnQDyL|}H8{!p0xTHz%8G9-0hK|P?&4$Uh`|@t}(sM&eZ~v(H zd5(_53)iVe^A_#8o~F@l&+QLYf1S9tda3B$!!n&-|799eC-T4LGqpcky2x+nME*O{ zT-x~m9jOlAKgbb)4%KtVxa zZZ7x*z!A{KFCfiq*EPWBCq+dSMn!>A&_Y4raFRG2KAT;@X1DJ+U@$lg1{-%DWHz}E zXf%e>eZVJ?R8$6%JBdV7x)PFzL{J>Sr+_&Wh(sEZNG1}&eb9kt0Zyccqhbl41^0Fv zw~+s1+RA^jCXqYS0_hrWf|zI{jD#+TJ+eAB#;YtrV6`GKzKl__#@af3xi!*-zr3qp zZ0>SIdoW@}LiCvIc*;rB66>jprX3v;54@rPk3Ur;&t&GKU(3qFr*Rfra$b zK;jxUA&L7m;$p0H-@nu{IFyxhAeR#lL_X(L&r$0hzv;ml z{lI(+@;EQub8)751TBG|+oHQi7Hdn#1fLLFoL=dvrPr6ez3l9oz(u_Wx=D#tC&95? z(u;B}L@jaaVxrNSVWuHnYO?6gn)MoeMvO$N4r&sg+im#kGLf8;)w6FMsI2bS)qkINNoVZd^v6cwDS1Kt7Za}Kgd0_5^^S|J z(X|&Z=st!Yd`v&*N{NMbWPC2Y$H?n>w3&80!!5hgkgCe7x|OC`+4?5BVgzyXs;r8N zpHIpig59UTpm?=hnhR0ENjBy+3L>^=eu^_bob;3T^?cUl_)De(vYBCv{FuR z%zRoY8dFe`OB_{XWYJq#MAz;mC?4Ye z=9MJ+@fw3Hvnp}>zkb}~irx1%Jl?$f1$y{Lb6ZlNkrDOzs-6e+Jg@wCKz&fQ-pNVy zWXC)?hL zuG(+QEz;k#Yu~tYzCD%&ja5VJ3XRy^%HC6Je8S#msX6+hXPNtE}v;%OxY4M7j*|)jj&Y_+%GkfbUEl%dzA6X9juFM(Rf89%iT^UPd!$K2Ij( zYL>ZCxAs(@Smf)M{e-D)tG+L4MV4moODj#{7T-i?#(3o)Gac_e_TG$%H_7+3kgT~~ zhw+ByTOi98l=bV?!?PH%HL;;i?=?#;>(Ghge;n>Nu>bqKF1^a0zdSUmaN2{TdcS(1 zvt7e})n?A99Ij69-uwD*zTd|#aq!ETxS;gZq9k>T9s~VeyZK8zp7h9wPRnuAObi!s z;$5Ev(bo{8<|Ea;7A#MdY54fdE$e13RNL-|;{#0TmFeJg)h8|6FBd1mLyGQ16niXMWv1@u=yo=5ExXXPs+c^CHPD|jez9q^ z*37>CM`w|0@FhDBEKu?h$(l6{|H_4p}pR5H#k{V56?Fmt}{J1ZKCrL@0TyW z%Q9G-0xm_*cA4L|AO9yH(24#hPE3`hCh(Gz1(FQ=1Y!IaO|cXG&%x1w*2@1wb#eF> z|M?c_csk$}Ce?V^orR~4W z;nQljTIheww)$UxEdJ9A(F^Q?bm@cW4AMr-APmHY$A1I_=pudDZV>kh+Uc5OvW{)r z*Oq0lZYzthE+G4a*(v4;V>|bt5w{JWKQ;gmHtUv zJWwNe2JF@@LGw;}FxF1D)n8R;YGeZbpKhfdeu#MWQ8mOOmVBvLO>1ijYeDz$`Nf9= zEU(6uZM&E)IJz-%+qmne7O%D%wKF`C@!Y_7CaIcmY0`9qO(R3pKLoDqdx2@^pyoYu zAM$w3ljwsvSFSLgcemAxO;~XD!701bgE*Jiy^Ql8 zjAE5#4|;sLUb_!sP*gc%z}jt#cDbfS4)wdOW`Nk+xW7D7pFhB{&!Cv&&sH9s79hTB zVca)k;Z6VS?eoX~V7cJed-J!Cot|sqZ{ZO&;ADx#$+Q7y$6Jm({Nm#KcLBdz(+~F_ zG4*?)5?#%u$Z2aP#If4AJoUfkWwB2fc1hPDl1p_;nEzGB{t0TbZy zIfVIR1G{!beGkR<8*X!AX5ZQqH_<)|3FS_i93ylxyxt0l-cA8@~)e(Z(%^+Q$W7@vDe$+k7m!C$&clBtw3#*Lm>1dQ% zC?o5;`NrNoMp}t94TeyU=6z zbiI0Q|6KL@l0c$fZ)4LJe}r4=Kc|9&#>RJ5=0)3*EL+=T<179H)2hxTmS103WS z#v6^cL=4gqTV)xu5o@~bSOHRLr~cCnWN%MRoi4+)vj3b<*Z4taRds;Lct4kb-*+#~ z9d;pYK%i0J?l)&V{>Yy^{%GHrO)mzKemed#&3;vMu2H{khi;7P65tnB>-FZztDn1R zb@Zg$RZjOj}3_Z=CluGs0TbYY`K@l)ReE3_Lz&NL+8wY0*GI0j280W zyRH21r=jnH$$y3+V%TSe-%4Xh`xxlV?1^ZZdol*Ya|lcH{7lzdZ5ud{$=HUF2*^RR z)l9n2BFO*vd5(|I;B%*QF6Lgkcz*Epi@q1K&tGiFx!!Qe``oR^b|| zW*!T>vLkbH)eqAX^L4ti2^+jUkLb}ICnf~0q}Tm=YkU5&l~V&F)cYDB)W)S~-~>Xo zd9m*cb5Gq~Mxo2J#Myu9Lj(iSqV{9W8>uy!xMqBIiJFN$LhqXt;=MS3h1n&Ybl?m;8pOPpR~G&T=EsqPx?xX?QYVISzULE zxK0+HJJ>Q2)$FBNPg7f2L+nB#8U=a*Uy?Z&}v!2Y|Ha= z`BTok)sG$=?P9TNa_DW-G1KaW_kVaAz2V`yq6vCI=r?=(Ytiq2VLzS7e~B<5QN~Y| zhy;=^*8n<^|5Ta_wYB~4v6}zHo_@|4ozVXTp@f$puuD!&Nd4F7-@(bXjsEZWjs8Dp7r(r%oc<#b6uF4g zKY>6XLc9|Kq7W{HFe--=1@Tvi+CuoYu&@Yny+QTgu>)ei5DSLT@S8VplKA{62+(Ho zKRj!AR=+4}aq26QYKz!WY%+sJykB2Y59wk>g$#x}^pylz;e|!H zMf(dY?$h`m>Ki`n*#8Ey&yVeg;VekU|<# z#CPApHZ9HMmlh-)qal1U39JA)AHvq+tNo#BhIlv8h&5n!U0JfnDt#>(dx{Hk$+kzV z-ehFZQGb0kq1vV!U9&^t^bfLzpV2m(n)m8KLY?u{E^(>jk*<+OQCcGsBD?2B4nn$< z%uM48;PE9ZihhXHBD=b*c0$};j2u=Y)YW#j?zXfw?ug_1)wE4iBiiaUZtyT$CnwkA zh@HEKtDB2mWR2?%C}wnaaiJJpbUuuDxYVCn?L8+!8y@AUK9->I++Zc-T`!-#qN~PW zEz<we(t}-h>XYn9gyJeTlW?0U$`OtS?WYr0)4K`gzJ8ZpJ?ZEH7rH@B){pv$UdUP@K zwWxgVVtdVP**%AlT+OkY_HRq{zIo(=Z z@2j>C@0Np@=p~hLFNqrca{Yce6iGx9Z%?kQB+l2FgY^IIZR~=qp1vt3d)s0&k_b;~&*jDxj|JUnBqQCol%DdIC&T9PBb=v-IG4_35-JsImo-;r; zTzh`Xa9Bpf90SL=h#b2!1`$W5`JF{I5HB;+4@V3dE>R5(wa#(sBV2+{FkRLdI36+B z+jyTd)iyTqNao`$Z%emEK5zt zEQ?3iF_VS&EF62z!mr{`7C`iv|JJ#=IP zt>Yrg8XxIZ?i6QtRVxIut522QV-2(28yG#b8`ZKj%7X5f#~?(aZ{JZT{Fg~KpY;#a z-R`|XOJguGoS~hNMP#Jbs!58{4)s0ludbdq`va@r*569%x|aQLXoT8D(P2hq&&Ww+ z?RW7;Lp`f*E+(?F*1A-Wi@Y}d7oW_<`t*Q#l9%dgYENgrP!@y83LJ z5wwai)Q}sOYUY0UK4HiCC!;N$FOHyx#MMVTUU$BDCh@v#vf9FK8v17<*DynvX4t)OpJJF!V=-dAP2ax8Y`_B@|Btn7oYfPat`=8o6 z|C8qI3X%udn0A;5oqo_OTK=p8dqv@RC1J!{- z(etA~Fo*(wdYyIp?fQQW1U^dt9Dz7hDwL&4GXC*eI;DRwnOf9;(IEYY_Kp7kG2lO; z14?o#pO;KYOid9`_!Fd*U|wv7L@1IaQX+&h0R@yJnUGIu4@-hL zz-&Q}Rt(}B)prcf|F)~`(too~_*ItEG5rIrx7GihY2Wn!uLAqdI`Jae*`YFFiU1^i zir53Cp;UYD&bYZdHGhcU(m7l-%pc{lLc)XTToxKJG6FuMc6L5`UV+?@VC;V^x*z-x z>ns3_sGF2=PHUDaBE>0DviOp@zWvQvju{?=)hCphYE{u~Udb>DKZ4(7p z$lKeIO0|s>N(6k+fWZv*7Ny!^x=@<@6JL^=jNL26Z%z@2(y)%84VEr9i5HtJz%O9B z6*fD#VovtdOGvkmPvxgcZOEQe^e7Y@dKCGZVRa!aE*%Zza>MOdLx%+o_coUZ;-R}l zb5sFDZ<-sG+FrwOh|#6+n%kL+QtkLWexd*aTAOZJ6UDGDsY>&RG?6VzbwNW@C!jQU zZ0FrPoZLMeUD1FLF4jkIQ0Nep!wU9};EoJtMFg@~Tr`lw^2g>VrMSiby12x+J2}LF zL(eHDJv}`};Z2MI2@=DXN+FCWi@|hEF+>w%MCtbMn>p&E>qSwZ4I|8NB+3Y2h6RUl zyv;4*@jr7wxJWL1mHP?JQEVRASAVKM-N_uKE50+CSOar(xZ=Aj75fKwhlPjGIRQbT z-VU$`zo6mR9RZ=<=6pzK6i9IB(8Ey?FGb*uM>tb>VrWR`u;?f+S>|o7f~065%pMJg z>6@ec)Kp2F)Z5zC7IlFCXiiSHsI#jzng~1QO+lrJJh8x=!(wtjr!yMW8G3Pq?i`^{ z7nkJW#g(9Aa4_n>N+LS}O!SrEFniKrLY0z+9 z1{y0&PKI%~5*|MZ5fCj z!(&7fVkPz%ozOafG(IJmnj;PHu4&m3G7ORlz^eeZykve_G7nf6e8Hz{i~6TZQs5gm zO%j{R3N+&E2BXq|)NpE#;7t$!6^H~GwkY6U8ef3M z31VfoD4>5FngG+5!4Eu`S*plRWy>j2zzQ)yKslr;>9-sbBXMj@N2+2>B^Agq6(c`- znhdBjSQsy8qDr7doZEu0PMRjcC{a0*VsQ$tAj1R?8Vk%xAn~T6d_i)um=_lZGgEw% zig|qbH@Uo{QK^;y8<_-qivuVK6GYx}=7`E$IO7d?atNC%kQ*4hyS-ZURCCTKt`j*pi= zC_`vOP!!ACj)wZvnJn)Ffk-fcXUmfadC4H=G2w@aGJk&`)QjPRst$sBQ5Zg66s!;U zpR!8|54MgXi^JcsZKU8xfbHj(BLjvDu?hUty{yRj5Y}KA$lF zw3WbraWHTB8+=pDv-y{1G;GE^{3?!`lGJp30uBniga`r32b_?4^O=6=1Ucr)QpG;_ zRyL6UU>gZak?*>KVqjba2wYqh1cMJN-va=gV)kxM%2~yx z%4Df2%DbFgJ~BmxB>$Wl!WOrgpfe1t+#`26z;OV!0V+jK^$OB&hNbdmC8RM9U?qx` ziancmqn*}1dh$kqrZ_eNB$|6_Zr?nO7JW8N217k%>kwrR&dvDurD%r{g9`fTDloDY znk!~Z1Kz1b_^&h|Kn0%ym_KwzFiXiCs3?;a92`#f^9u?M049xniwLJP<=^DI#06LS zxg4Nrt{*yFuEJtChkxgUjer|My`7b;$62+B63AT4G;4kLXLATwXUzOiN(%)+xC5}{ zgvba{qCCv5g)s5aGi>p%Bi=#7<)$)>k0Cw_oTIc}MAK9{l77m4{v^iKG?-$Y z@f>E0#i63qbO{&^0RkDS5aU*0N_*m(HBJriCc)+$4=NaFz_>*Svbk=&Dj%z7_HQ;W&&wT?8l~;?@B~4E0!; z)r86?<$-z$MdGv;6Gg%H6?i)<*@gVNVn$4+d`S!%D$4-#NSYR#B9vhWlP2&ENX4ex zq4f{fNp^OI%?3Ya)pH|)ZPFyk8Mn= z#)1DsuB3P<*K6GZb7azFiZvNbQXKE&{eyk{QbpD>GzpLrl_d%kyEWJg6a^d?v9T~| zOu>+`BSPvxc~p{*Lo?-ffHy5jK*0v(?4TnyAXi_T*??k9=T;nB!Gth9wn@oo%@R6T zNeeBfxrYwa6j%+;$N`R@G0rEES2K_7sOyjLM+^ekoNz@;i4Ltel@B*Hj+bFAMY+JA zBV?)kBx(Db)6w`J*_e(w2h8k~L7{eWg!KX%_J@E5#mcPEneGhZ|A}sgx9HT(k2mmgh!u zih)O=xKpV~i7}2;irgbfq0&$vub_|sG=jsF+bqHqFlwY=tl+SaCJMzd_|PgAOGv6D zfhU4}=ZTU98K|ECzKjrJ2DHM10r17_rbMutnk*V~N1C}}Kg`|S%$xO=CN%^djwviG zZyFk?_yEj>4thc-;KD(!*eeRY$<3q%TlDV{mkOEvBb;oBk#by9%08U9R4}m_bLDW8 zV{W(vTpOLXVkUykDp1kn06GeQDXCqdtU9)2j=;}8TLA!TRowyu#Os(X#R%25}YmHS+@>nybAV zO#w+|YdM{_-(GHt%Pm}R>J6sEhXBamGHV1qE%*}DLcXVxnk8*cDzL#HNZya3ykL?YI zHQd|>-ad0@T|NacvztS6>wI%?IYbBl5-v2qK>Ry*BK|+8OQrVRo?+szRN>{p1|M*Zh-8@4 z4Lr^kbU(T?-Pwl+ah7gqvrK*K{&Rs>fmm7DA|Y~f0~OeuOlTleX7 z@g1m(PAy$`nC=2P5+>wY1XUESA}`Ekr&M3~9G}JDHN}3y4F6_-i995#YE2}HrL7bw zu`;0R;}z=@4(=GC2pt(VjDt#X^A1<$NnVs#Q0Kq_&}vw8v2s{U4+jY1UMj`B6(*}A zRjJpt)24Z@pR!60L?^Mt46vt$L0nJjp&VVs0d!BO@aq~I60&Th`dl9w=NE6Pbt;fcVrmplPt z&wNOT!TphrK3wpF#q$95q!7#%@T3qUm!av9ngHkmcYx(Ak1H$F93Z%eg?E8&- z?1JxbdjsP)%2}F{i@`RDl>7?gVqO&N7YJR_6%qNCybGKcZ45vag2s|(62&nP2lG+n zia^vIb|*Pwl45`4JPq?M;7fxy%r~TDwEu8cc$x~uXSfg$2}_3&D^ph#*zhk6s~QG? zgVq4=F(*4Eo;LyV&SV0JK!cl(;u9f&bO02x-C$ypRB+*8Ar>*XYuZeUg6}Q{7lm`B zts|^GR@CG)`(KMH(xwC#3Lb00z1wg!4W6`w=Y{;M_@TN{{8(u^PsUG#ybDQ^0CEIG zJTWAJ$S8wBg-J^hd52T|BDg*r0S^M{kT-(mGy$i<+M?JK720f?LgxNM6jn*p@(IJ7 zeGram$=TWrtb#4TwK1fTD*;W~6fUITcesjs9Gkd?g2%Zyx5Lfl8$nYIoV(Fb1zU&s zG_VQa?;uD)@8puJB1YH2vJdtKOa( z(eX6FA=cbg(@e3EKU;7*HrlD1-E_Ha6CMx6q`2Or_3oe)U&s@$0%LC8~9#fo6`c2 za$IfocA(6_5)@H+be?b_QmNGbE7=r`p`w`wurj`5ypJopk^;VEi301(} zR4Ygilz)KYPY8U$FXEV7H2c1%u>irl!#wc_{ zAFy@4pbJ&~DFV}*_&iA*HWNVC_9(Q~)?jvREBfq&=PA-Z6&an$sXURiMLKkQ6dH`R z`hxB2Y%C_OR!b>~v3xx5TB^vq_79DTV1;w3)Wj4qgnlGqNXJgJA1W1yWf0?Gq-B8C zjb&_q(vE%VB*4-Ub~p>XfpQWYXpN`ee;V3hlaN9NdZK{e0^0lpp?5jxs(O zyB-6TzkGT2?Z@DOB|!62MNJT4V)5lj-}os$?f5-?1>0r>D1vDUidC z5fbLvY9%Z?W*Lf2!g81)FBp)_r^-aJ zas`SH_KpUmftme@KvwAiN*yRZ@Fr)xolAI?ThlSEgW`i%M_>bgjNg6@dTCVy(cT6{ zU}X|0Ls3KVC7aZ05JextFCeH9M&~v->dY_QI>+V z=)O~oXw^GTLwK!`Lh*u;a6*zx=zoiVn#x7m-5uTpn1w<|jes0SEFa;EHc45Og0XOA zF_jO-vr#LQiPu(rA{8{x7f=T_73yU0Iem(C&~z{MAtqHU16P(}V%X>(0rA(MgyveA z_P`vZtfWz-?0x}+RRjq>7E~Hw4jx>XK!FPsx56;>R2E$K}m+f9z1E^ z2P^Txcc3%0{j!00P)8&m2&*Xiw5|TKkrJUMN|q=eD-i#TjrK7vr)oa8YxQ-aRf3tM z^wU$o)i0(D9v6cZ3fhmimu86gF$z*{Z_}X!4z?SdrjYLwks2>c$LbI9P}D!&epwn! z0NZD2niw-4C<>*Q0vHeVzfwqgQl7Hp!xiuo(Fl3F&)yb{jNo(@<#6M{(ewg zgvoGfLsLZ|6RV~23k(jWv0Pn-vZA5_92}jLMc3GYPLM72Neo#9+AW+EozZTS0}(g% z!TR@7gnA*?sZjY8*apuQQ7I;aLa_;g3<`c8l^D{lfz#M0qz@Lxc@M?(aI65AMy1eb z6j%e8tEqUhrnh2OgRDSv7DyoL+gk;d6?=j0k570q#D4^6GB{$>r1C83^hBuZ1Nj2! z(s1+z7IVgG4B_Y_EC2*}3}Fq$)D`YZmBlERLP^KMkJ6Zwj2KXjc@$+-gv0b1fd?ir zOv4=3avmYI#ofU20>2Ej$=p<=X}1^-ho7ol47vT-L_&GeINo>^8xE=xlX)2sR)vLN z>yx20XB18=v`52WOvy*uKpYNhqfnnQ&o5q})uMkydO>G2G%O;J?#EIh78bz;Zwl^NRTLUh749-u zyk1BV4{p;&wJZkm_aWv8xFs(N#X6LykIUl_io9Pa5>@pKt9r;4@qfT_j9eh+AT2&# zr2wosJwV|d$CA_)UcguwO=6vFiHS6E zTxbMS@D~W;VxiC+r`&d0;S$3q5ab3bcL}s=s9NGmO-aFdIzNFThC)qyu%HJw8G;mZ zAAd+3#fyA^n?TGCw+v8~F;%0V@o<`wKoSGSC5D~S7+!q5Fd0no1Z6fjW{Hys78-#0esv!Sr6x(hczldZ?0gXqBhZ7-i^5)UU^S*)ol_>N?D|GTZFtU5vpv5!SO=@sZEu2 zOePpBcsh_?i@*~6u9{8(sW0+_ahgvq@=#HBtSOkFjFD3|)a}WI7Orbxp?OStD65E+ zSc}~NHSAzFWAZJ82U1Yp5Imo)+crx#d7wX5wMTObelikIf>A&Kc1RL@RCcBi#j4`3 zSt-ZRAEcKEl;#LrPr)!&p*N~79^2+-v7_8<1-K#Qvq=k30=_9%uAMfPDvE}(xLm0* zd~BK#%2F^iHUnkhCscenajC9FVa>n-@v=!cBS^8$?J$>i3$x(#35chuRAaTng3Oze zAON_K;{*wBdP=LQCDH)_faxR7@WhU5a<#)uAym#w;D3DkCM0U+efZfMnDGI7A1r_e zI>TX4;Dg2-UGk9_5b5BB4l`xi!T@k2MVcC~ z2x!7cTaYc6QA+L4YjW27+Z^66m3Tgc4MU z>H9K?Jx;b^@ix|j!H9rsn8hGOeQ+BAYm1_BaJ(0GK(YD)N~82>6R(@t@8I4H_MC0;rKLYFa;GPgC*Yz?n*NadId=0 z?Vv3<5FZPI`(TT20;td%z$x^i zVed)^w&_h?_>PykCko@>>8bM4cj#GQJxDmn8t<~5S;(0SHlFfuI0b^jIceAdX@IB{ z#c6whu&Sr_Ily6ka2l4AoBV@|BjiP~Lj68=W}nKTfbE|Dh@I-D(&nFj{DSlU9bBp3 z&j0_XaQ~G1Kf3>&9gy>pQ~lZ-v*YtWX;e6ltL6FM4lZ!E*|+n*+k@rT{tYkFZgc*p zg9{w{j~xVxf9Ux9Py9?sxzcSe1Ff5ao$Uyb9SCb+TngNFa4IKwJVROB2qrz8MR8L8 zhPlMBcK^;l{7A`6Ol7yj%mfb_RV)L!hkcj3%RT7Wv0HEm2V_WpQoG=wPiq$z{AumN zKdsrYPwb8n9L5|nbXXXi&-zKr!N6`GAK0>YhxUPlMRVdA+!h_T-&6tObo>}q4>-Oi z4j^m~C(@|i>(+V{P!px#uR%ex6UH}}aJ1}9gqh&jhCz2NW{r1;SC4sE(CJV;=Gbzh zKeu-{HzQNg9iNXK$foG-BX|Ukf;cEtu>GWAnjiw%qbl3v-WnqKnQ-`8nGqpP(`m6f zd^(>BN<~+I>WY=QIl9taom5x$SzQITM20rRh0nj`{^3iOVUz|DKyGLRwY-iH~zBcHwy@hc?{FNi%Cl)FI^tA}q6U8K( zT^zXE!HEYET@UOOO4xXOyXA0p$G*k7GT#jHp@|iHsM=oI#R=w0bYd#$I*Wyz1%=wH~ z9X8LN&lu6-E}T>q3$Ty%1EHWgno>Z?A^C5RHMag(Kj0jnF>D(`=~zlA^q^+dB{rhf zGL<6zUtT8TGl%_L5^5`waOg&WlvaiAzq?vhFt^&)P6qzR+sXy_wqP7zTLc;E$!p~7 zT5uLmh11v$;)HfmSw^zJ15eOy@jLE#_fV)RvEi*SK~B}4^5YjgVv~V`eC4_0m=F&7 zt|}(T*@EgwpSlMMjse7*it`%$!0UDwFJCyV2^b2{HSsa53ofuLRjaTQQPKW{Rm`1_ z>I(L$5nn!3vusrv3WIB^KOnm5{8bfiT>F4qn;?d1EKp&sL{(L$s^}N+DLGEDNQEAZ z;)b&7!r@pBx!w!uGRnSG5$B8gf_WvzsVIuLEL4p8r5&ow&%)oI<>u!94>~l|!yOiI zYz6ih3@pR(YkOn<^Zk9X|F6{n*&WTiWB(r&9*yqQ%Kzu&O#SBn>j*GFhr!^$R}Q>5Q8ZeVyL%J^UW_OPJBrPSVzZ+-@Zv;8!7GYS zCi7|VqVe6``3!h5_-r7*aM{%Hc?(;1wn1^QB4fN|M4~rZkg8 z&LopE$?#6gq`7ChyJvDZnVhIhK0h-FUP+l!cu8|jNx39=k#lLZTm~bT&Cca;a-~VR za4A!oo10reBo~;H3rOSwGO2(}D_}4R*z5uhyMWIxB#;Y<F@lBJUuRca)ay*s)_jnY^C{FZcb0 zg~y1rW2UrYB-$}D`54*#7>#_4=6>whv077FEtyM^$d1Bn^Vt$S5$ozy!iEecqP>*!An{%mDbnSH*h!& zQTzrzzac59AxYXG&1}fbY{<=R$Sr6nfLCEdVPQj2QA26zeW~<*Ztnepg8PMq_lrvJ z!!Pyq_wV0-R$BV3qT<<(9nbdff42YFvt!4e)z?3J_Uz66V{d9}-_+N?X=r$JA71z0 zym|KK&6^MKz;$^40Iz@j&lV#Aj1~~W-^f8-v%t#YLpg+Q1EWt=mK>Qyv|twnZdrYF zj;Z6gYbUm>IsP5WoNX4gb?wPTHW3@5Pi`$ey_Cv7RTQ*s-I*0`(nr@$Zd?EJD&HKv zzU=K~XV(NS8aVpY_VV+~8g{0fUsCaC$Hrea39m<0Z2aZNQM+RI4|iVSQr@s~OyTmU z8+MF4yV8>R`^KI>j@}k~$lRG-SQcKaKJDF|^2+sxrqgG<^qg(7DRSF{7mt3^AGtN* z?1qs)Ef3icl^d~b|J-_8Q_9FSj48LA$eaN|g|QJ^{eIf{^y+Tu>2(86{x%?V6=Uwg zqk|&1)zsIBl02L@M#pUPo3i18=Y(G$U)q-ROUT2t(y-O>fB&&}-ycuv$}Vj>c~?uH zTl&k@+oxAi4yId%S591Te5YMSZOUqIjRM<}eXhDw2v%i{X%)kaXWLeJExIOgWTk~T z9j;S9HDICbgPXI^b5N(`9~fnwH9a!B zAaY&CT~a1ma(IP!Ll)C4=l%3NGEbs;*YRi;CoW}qV|I<>&uGq^>|EnF zZTS8wX@nDsAj{%62-gw3iq-qhx3O5qy2_Q-3|w)oezuGDur<0<{$5VZ4W4|IxOVp1 z-NW`i+`KP#V3o#bTZg%eOwyzw4wZgUD`>iVJXQ_V?A|TLQS;`wtKFCWzTxR+bvH!Y zYK;$f9Bt*DnWq^))$E#6@nV=`opXJZBv1Wn{ppQr-4KTmzpGx0PH)^T;M6%DtMmwW zc8*`ISGB|Fb@1d3#fQtb?tHqSV!vrZ?<|cJTZ>;EcdcE1)lt)#d3Dc4hG+QR6Wk=- zlNy(Y*Es9k7^ge%?8?dFl-;{Mi4F#TzBhC@YC3st^)J6aQtNIsc5jxU3o%Qm+0B-y z)?FVV())xYEl0ZdbKD-{v`Z%Wp-S_w{NH`Qzu-|t0^9>-u`bk%^~g?`p6dC3)w%Vbf;Ab2Iu6u&dR(JQMk`A5jyzqcK#i>h6u) z>-&5Qo;*U(n?1INI26V8eB(N2!Not9YEUylh2dO@eNTaE&N%o93DDfE8CS&w~b6uO&MEKla`-Dz2{E_uM6T0fl>l zI|TQTLIXj9Yj7t(aEBCHxVyW%6C{PZ6I?^^2t*-5nmo@v_dMtA(P#9%eY*S08Do$7 zQVjNDW z_!D}lkwkfRN%q!+l1D!j%R21h2#iX+z<#g35}e9!0w3t>i{i<`*o1tQlSKmN^?==| zG4b#4sNF6rB4J^GkR8qtJgrU-(oIrqR*CdfVY+&P%H^ZB)@yajU=hQX+knZY?q&gO zbSD!Up;~FZoQE8QTJbElmGsGN!_4nSl~#o{=?Qy|=H0LHl{el|b#>*7jCXY@)bRQ! z_`kU}z3SL#x}=$e0JPE9_!4(W(n@cp(*#J|@wMzxaUoooj2K|i&^F7WSb@T}j?A7H z?V&-Tk7z_$R%DFtI2OTb_ZxUoXu4T`@O_~Qy2}YJXqkC7rXl1madN)How5KxI0|e1 zP>Vg|!XyLzT6L)N{(vTbrr>m8g%lD;)WwCG$n~I~6(Jvx&{j?O1i-35N7fj9sqvpy|30_&`mqJg0u0jRWDg*@15;Tp9rks+|$m?jg*QXdl}MonfiF7v;qbXp^np@E9T18dDavZBC93iCs1vq;Ig;m zT_?NVI-BN?8>{Uk7w7&~wU|OzGDMqH=YhwP_kL`s0NAc*45y-MLb=6>ldWeF3Qy8QN^IjeUAqw3Tb6Cnn06_q__5hSS3A~ozJ8ZExNd7bF zHQ5hJ$+Q;IQ3(YQObHEUQ~D5}IgQD2LP;3rI-FQ3RV^}tqwYZsrE*CE;b$SSb!-Gu zSLrd>oInK6Pxx=rSL0}S#4X|eO<+9vq&FN<2Gc6!Lli~xP{BPJIAGgaM92^&$_#=s zW`VLk#Mw!qilVEqH*-X5rCHwpFN^A9-v z?{BrmWBBf&zX$g8#s>(D;9#PvTugcUZ}oTYT;?3FZ+vEzg};x#q-Zn8y5^Om+9^Vn z1O%?pKYp>8S>TyUVM6!}?oXW7^pU(5vCkJZ0CPk@IaCMsg*v;}JZ8@QmW*-b=|kb( zv!4on^kTRs_G}#!_`sj^9rKNUhuQOmXQ>RFzYqSlhV}UBi@Fpn>i756-?LYvk~f#n z^#k|pOs}G_pa3BGmr(yN`uKmqf45!1|MU2v|MY48bN=HOygjV(U-|F$_|5+2istN+6v05FRUpB-&q;ox7H?OR#7y;lC9!%E-I%IMC{?KQiz zvvV8}e!Me!yfb^ea|;K5@j>1#AGCisp8asV^5J;r!-w1J_}}-gI(F8mD# zJIB92eE9zc4*p-KkN>{G|KB6<7ytcK`b7NgF?1>&b?dG6OVsJbI>XVOt_PF(DxD46JwBV0^ED-5 z#=S_$(ieD1l@ckPY_HcqSM$MG5|c^+?RC8tso}jN_2w(_QJ@@U9|}W})TDCxxP|gLw9l8S6spsq+&21KpYG0X zci;^UCEmnfUzYUvy{ju+l`^^M{qgOd{19?`e>mV9uOf+1{IB3|a7J?|B;bb3p8jcr zMYzFpOc8szU``FT{cuvPHHt6-+ci3OB4Xx2Z0eoNLjRu;_9Z@diuM?y*gj^MX-aq^ zEn+((=8F;Ro{9$v-PxaW2-(BY2SNA3i!39QSgV=UWI9COr1DaVC*jH-9Svd{#AxJd zi8#&Q&Ft*vlfe*l(U5s|eMqkn{n*z2Am>h7^d=7I`(8%gj#rXyk}rXHD7N4LoXv;C zNn7C}dcBe$H@IITg6`&v!>B*t z@TG4b``m}W{T5BPR}{M6&(qX|?O{xVECIx5Ljdryt@HL#G~ccvE+4(dX(b_mL||yp z!@(6;NYJE#_Pa2!*4(4d2puapTA{=4UE5n#CJit!h084SqEU`spn?lVKk!Z^@%+UH z>03*uK}}Nd-Pk3iuGh9t)q$?97L(k~cB&@8natC56AXsC+CF0{qkn$&!7E92_i{23 z`>of#hKo6QUJYE3$3g!F>7@I|002a*h{OR9!G*2yBhw@-&24C?6lD|yJkOzV4cLqg zrGYad1vJW4!Po}-b9tzCZNC{TQu@qu>=voj2uI8tAc^d)xi=A}m^sjpO7~UWPJ;Ok zVdOd!6)~1pUFq8oNCtlyET~;aBozR78gF*4*+K9y%|ZHgYEXg9d?+h!EDg2!8aW1E zDmOggc-_)xdJW()4q4S#{jVT_N=M~$pK3}07vMZ-@p_zTm=yVmU?D0H?_lV za|r3!6yvI?7eO^SW?6C1Kih7 z(cnd0&{H)uzB$@R?xx4!WZ5H`+MXUlPl;V2Z7!U~4}cdxg?tEgkc6t< z1BjKf-|-=V9HKG+cbox3NpZxCfgTVAG>nx4;!L;#tJzUNuo$#8C~^F-48lR}}p z$b6`Mt4K=g0L9!Y4V_=5rm{(lw%gEBC94-i-;?V}<8W3RuWn8Ef@M~}7Y&g-Qnkyl z_OUaBmF7w~z8wTN-hS~Czn7@NZYI%q*B}I!yItfBGq*;gFH5I)bhGC#?u_rPOO@Y~ z8zmLav=4oBN;1AyhmYJicy}4mG#b?=ktiW`o1^RVwN%5tZ_S_Bw?L>bW*yjICG(1g zKt^;Ns48urCGko!jYkEHK|judI=ZiV_8ua@jD1QLQeU)pwV7?1JfA1zul)W%zDYUUF2SE8+chV zj&pu@kwao5bzkBeP!50Yp=rIdrUA@1f?(z{lhlhZopO;t!-zR04cf@ykz43pk%Ono zZ$%u2E1kKc>T$w^jlrzvks~oY#GlSvM1r#homyw*Sr7pH>xU6e*QV|nlbz; zKHxeg3j)N7G9mWGh)|z;J@Mw=v4ayo7Bmtl`shi(vie!<&>ok4&qte-9UzdHB>eo* zrXKoQru|6bq+?p=&7*uCtR%tjJ4Z%|p_C)vbJ;;v@xWs*ndfYgha2<;lS%~!KvV0$ zgZH1~@J;LS88y10lqrLm^%)e9i|Nm5^8mgtk^+A|M3@@LT?t=H-#5|2EWS4SVeBRq z-;4ZIF1CJ~0CQO=SL3cHsu5%LC=p>7{qah0BZ-*87(|c6i82RKSW|Z7<15y06oJ>Z zM22q)dkx~`USZ<&72n$*O{E0$!dr7S1@wOgIg5#pNe23QH3*A&q{mGqow$>>25j( zyuP9Ub%Kx2b|ZfwQ_0?(k-Gvf?lc5%R)lt5r@CY~)7W|k2JJZZ8H91|{lL!|G>;Ue z&$J5E4SI#L+?56Jw7t9ddCe58*Y)|)!@1%$>5 zMcaADvXTong>tWj@?M4VQHBYKg$Wsii5P@wYnee2dYF68j%hq+uiZo{J$F`lzB2>( zXlE=%rymrLe?Fx7Ec##(>mFI;Lsk)fc3bz^PG?L^ek0i+eJ?9p!C;(BOQ#`!W^$L; zC>jv@`RCPV5uOh;QRe$CiuPqRA2Vq*vH9uDy*f3`K~1hd^=a}*KsuDjn+_Q@gDRRU z&u59U;&(=oFTHKr%ROXQq^-tyWGke#_0>r;LKXQT~jOjTA)O;=3aT1>-u z40#iG4x9O}5lVBRU}O~C8M(JbnP*xnFSediaESE^qbS}LU>`|iv0_WOXoZ6`(8YeJ ze-ibfBf`x$h?Y&|fs)(L)u;!V&pnT9zqc87HAlW2eNL`Jvq<4;cF41HEV85Mrl?2b zR~2{ADgNWtUGmRXzM~>^dvWvFwg-{s){#8E2l4D8GHc9$(PARIt;|QJphs*f3U&ZJ z%Il?VNXucgoj$q5MKV2A3Zr-mvtbIWUkZD63TJkTcvdnq<0N5>d&HBk@6!vD*+I6qHd} z;=2Yu8bjn%@g0a31+^y=dbk&a(U~){?!IP;IHbrY(`nZ<{FR)Cag|v>6~iL0I`)y1 z7%niZ1Lo4;>~NPWWfU9};A#owl=k54mQ}4x5gIJv>=)pIH_5f8a1~mXWeGq?n@ajw z&3negDNoC4#KYGgS`Sb-!%52NS0hFEWE7M`3D2B_aDr70)7IP{T)y#4KXtniGna4( za()raWJjYOjg0i-A%O6Im5-e~$)vZlv%ZRtl(oH~&<>ZSbi-ti=;m+*eX{}=sW~x; zIt^Euv#5PhD&O=@Y^==PD)IUu>XsZK;TfIwZl@8Xu>C4BMSdKHK6&M6fpx z6_o+;q^CfaiR7@AGK=cpjeR$L(4Ot$M$O{QgxobU<6Oxfd}{{ndLSog+WLTgon_xF(JAk;W{CB)sp=aK|uNdAQKiCUE+V}!SO^; zs6jA?jJ=R_Jh~(^wM)!=)$loPjSSR~m#isv9n;t>JdQ&&aiPmP*g)}3Nx%U(;`G4a z!Mgdo6Be3>4_;{Ao5CulM2TX2wfc>zqh5Z~M1t_Z@w;P;k8ljdg71E_Sb^P{yx!X8Fo7D>hMBl+Rv%UsxJFt- z(pyWi=ow}$T0dD?zm}+mhK3m&h*`WJs!`3pK)s6&y+fKS z3UK*wIsTzWr=hB9zp5*WkQ4o8bK&fen#cK>mPRdceqR&SMA$M9MHuvq4aIFqJ9(dK zgCr?iH&fhpPw3t_&@lgKPh8`Rz7flJ7>#@C$up8uWsnsYQTCV)ZHybn@S3eoYP4_T zb>`hnp1d`GUU=eHs^@OqPCrI1un<8{(>w?=`bjC0ex1_cYbULJWRJ#aqF7F(;nF*X z)Y`B{b5wTZS1HkyN$;0*+Jqww{UW^sXu`?@Jcr6R$z6~%#CJ($XCU&}hmf_ALC~ID zu9mhusp(iN2lf|7!M6LXVG@0>ON2d%uw5JCGn66CLxp-nm7lz;RZN$(Ii=B!V`(~l zm$~T8O0G!jaB{u(;kri^(h}V~G+h2n0S|BXb%M|D_@>j?)zLhRxLfI8Ekw-G9nzk6 zeTO27CR+(maTwULlu^oJzxjD6oo~gT?w3xN#5<->!!f4nW;jT(uau-S+}Is=a@)QReki zbYM#LyiD!nV?d*iU1YZOnAU$nFG#N0p(oq$g-37z&RiNF_=={y2;3U-7+KEGaxup z%~nZCQERQ{9{&;h^s2!gwIUA|h@592yam*YBdD7CJCc>sZE02L6)G7;@U5gWiYTNhS zYu5t#IecuWR?Qs3tS9oS<*2;h+VbF1hWFKt1)q-_UD`ij;;IYEq~WART_}_g8*?MBIj85l9gjf6mp%bj zw$_th1LVjRqg$HjqF7MGfd#2W%EnBnchRTs*xV-8CZPu}KuZLkS#c#HO4T9XNCJCS zMH0L^1}Q9sveSIT#^i&DM8%G*O^@!`gYG#VS>FsV&AjPdS37>U_;8l#{1@}PcSn)0 zj(p|!_=Ff@8n2F#cTPg3Ps%A{?p#mNDPWicV3P_JRzfN0#WyxJ8`-7W zd*;NaRB%X#{rYvoD;u6xI2agSqGFsdF}o+N5u<6I>=~T@5FM4|W`d^|428V`6M#sh{Ca0!nX6NP?7MGS^t*oxCZ)|RD@9ggFzdm?# zcyxSndUpQy-TMz0mmfcU{_^$P)%EuuKY!i)1|YcqXeHCo!v4!@(mz&101QAFpuM&F z_a5`D)d>%48pclhT_cyKX|_T-K)bp{+%kZzvyX%(+zmue%a7?LQALG`+UtY zk(0RNh)0F)q-}#%3773)*ifyp6yvJ*K2QDYQH=l}Z$Doc3KkI)=p5{d_clS-Y%mW3T3w< z9oJvzMC(Zh7rdT`Rk*iTAsdb>3$3^ylG7{&tCJ2VYbp@Al~k=~CB-X8h;fU4&(c0t zAxTAOg~rK6;-}~G+mxJKmL(D~3T^iqGEU>nmr6vFhX@OyM#|I+ccLD(*C^B)+_vid z@t}Vl%YS;%Im4WQ)0lF@@t1drs3+!1FlK@WB=v1jD1-oOnIY*;wqT~y!_CX^1@g}k8WE4v)d^;NiEZKbP)w6gZ~(D5P!-};iSq7s`70SuZ+Xbrw~ zBcDW=7nHCp$1~qsE9DUg48>?FwIXb;vM$cfXm2TQY{IAxV)1Wy+1p=QGLdQ3|1#U_ z7xqR8mroJH@6a8@6SxqizHN z;FQPB=~bXjKQT01GM1Lp9>gvOf4UWU;$E^L;wTyoCWX(#90CzUd5#9*r29A%s!2>{ z1OCa>sNxjC`nnttBS$O=wd+#v8h8YIg;~0zZe*&nc&i@?!Mmf{#fOCd`|v*ipa2^{ zbL+~de_UCd&fc-%=~;i%REJv-v$9ko@B1H}g?x5$m!U&t#QIWsfgx2w7r926Xwuoq zcmCzF%OYp&xpa%I)W6F0AhsdqbeWr{wtQ_)ALi(SVWGjnelFI?+rbZsO-PJ;u8Cvq zo|H*=8^AenPHCU-KthFc!;^NixowD=|X<-FmEB>n;AW{`Wtf@2}|#@-R5h|K%=v zZ@iM`jCfrB@p#!`it=60nxDdr^$-CxzDDOZZ_0@kH8vw^U?9+)&Xre)7Ag5=*Pd65 zJ&F(x0iQhL9R)RZvYEHDk}`cky7h)FP$Kh zur(W%ADPvi)7cZR2M|C8gPud+Lzp#;!$2J{77Rd#h#R<@z^%}>_JXX|y{sMB7RvM` zF)<+w6Jn1Hf-MmRrWAv-D_s3%(JXnPQ)wvdL`(D;y5SRA*d&Cbs60p(QwZjezi^&?^@0=_KLP^GG zc~Tdi5D~M3=VA5(W8Rbg>L2ln5Xt}!Gv(Fs`jXf@y8>4pE|KsG_`xr9s>Z6p{rc34 z{Tm1KkS1+KE;pk$o1!N}`%$UHGH9e<4Dt>_>~RUY48RZ*B}*P#H z`O0#`ifu0b+ zM5!d2TS8MYmT#2(AdVyaAM@DlXac&xZD|SP-(BggfA1L1oZHh>p-0E3xy<*r_8nU9!UaRlhmlz92K>n^uZ& zc>46#acmLB3a6LZ>o5CI=W4 zBbN}>U_;Ojh4nfWMWXHEYmyoVCnuBL+d42hb9*DK`%Aj5BXV+rM+L?;rl&WL!kS&% z78keC#T$ej+qppt?+9( zK7`K`*?(zTuU&-?g0Va0uh(TK-cyXYlJk>qD5YA-09n1s$(bs5Cct>1vgr0jhLC6+ z&I(NrH{%&6nhDQG)_jNxGf8Ftb8R#;G%YvoEHHc0aw(gdO!3f*B(+zrSk}dvve~$& z{(IUB>a^wxbcpr?BQo8JB=*RSz=hUWK7G@y+N_U#il6Sj$PMtPWBlx5yDvT5a;;kR z)Qr|GV9qk|@GW+FLW&{R54IPSNs1{c*N|xmV%_^X08hI+#^QyE)_{YiE~l5Ep1k$Q z>EM=T39pw?Pg6k;8H-c}XgpcHACu%%nba*Lm`yd~n_Ar8jDOiSl=@`z7}ij9NS)`AoL7>giKSP?;{ezQCdF{BgdYr}(J@H|0* z>nf%uY6<7&U=5%o|9nOm1lE-e3_%%l_ZW$ZN1X{~Ca3D=-xDqpSV?cMZEU^J!(-CB zs2w_f)J&~(vE8Hh@ghwr)tLrRZI;Eq_@rT3g*?p>cC?$Pmv#K?8E+p&2(aVm#Z>Du zpSX_jOHAi^c~-uCCCdpY=?x3e15MFf%2(EIZ#6hE1%K72VtqUs50F#<(<5LAK%KPu zMoR{lOttKeakhV%2BCUBTyvN?&er<&!!##`MjbsljJsX}(evgW;HUfup8QE#UgTsPntAKlwLp-Fz znMTUxuO5rIe=LfwxB5=`Kg6oOCNW46bu$^=fEBo5ev@EjjF87uuF8n0)YvkP{OM8O4zNqg%Kq3r<9bH z4-Hpu4%rJ6AOf;mng+)Au<|E(mnXJDY|^7O?RMV4=cM0q%Y+i z9W)7KOlC_WB##yu`U4|{WYl!kIgxoNJ&X~~*wjb-x#Lc;#E*0gbgYwEa*f6{!M>N_ zvp902`tf2cWb4(IBBTX*rNCE)Hi|S-Sp%Kyflm%sN+F-m1#AWNRC1J53)bc<$Z)X1*FXstv*=jW<$Ce_M zy`nz%my(wub@u0QzB^Ya|9Ac8`$9~fw+<2s^?&9a?CYo#;-TObfr^T^_sc-4CqGF` z_bc{GaLW@(2~RI7iO&tK@~J`9Jx{C%i_4Czd)CpY=;hEB?O@iQTovmuHJvaf;^}O< zv}~$V&M$~|+S;-<+R%Uf&|I}*US9d(eSI}K0p&}XV<1VubEakutx1h4{OgfQfzzz70xivPVZ z3M-FF)*OXwH-c$gV2-^&9?N+ zEZ9<)Z|_)lkgHBSr~wY2obp*(f@179%_z)u9DZ1S_3^NCBT6G-cmMSg;Z4J2)&%DQ zuhE0&$$K2!D87QiyDvlW<%Fkqxs)cM_Ky}4Xqm(DDMD!tRcVG@2BNm^i|Jp!eq>3o zl7A8vT{e?jrK1%PMYz^&L&;|9+0K202({Y^>YWg>n+>lO$(gKnv{A9l(xM8IIbRz{ zg5~yyP71!}vVN>>6G64dj+29@AmD8O&U84Pa6JB3X9iL+Tj{A^IEw4NK5Fxf*%eS; zEPwv_&Qpw^9YwuUSvafho9qtD_61ki7bsLqwn)aA30L@WOL0K?20d}aMw#)*Tv3E= z`$h_*OT52OG*kJ^1nG!PtkEnj5r?57a=E*iqx++#JA0p@=MQXrk@X>z=xY;HypXxC zE7l$Gzk7B5?F(1?4=?=R!2i@@SET;KoBW>-XrEEGf)dfRZibQoWZs^>nsmQ`BXq!R zksuzY%1SCjt8skzoem}6T9{_f2@GpAv=`~5{<}=u5sTIN8J7p2m!%&p9_D9FfJ7#1 z$b>OR0I(7f1aqb39@?j@;-vEXkE@e? z!hnjVC1!9zZx~N+GOXsWBS9mKBSFF$>LAgIeM}VwOgLI8(9b{>V%4?I4HE+m#j$aW zZIJ~S%NS8$^m_D57g)h=kth3TUBmkE$?>#%$>St~j-}-&7zza?gspwef3*w+lUMI) zH5iKoqZZ2pzEq;3gcmQq4C&8l_Xg~`Tn~}GN8pBzH_^!}rIbl{&r1CU8yw&l(imTx zk4}l<4~{0>T|E)No;Dp#L43hcSr08|(^%uyORKsxQ^OYdy-!=|aV#FU3r|?CNz9is z;)xi1vXPpjR&m3PNoohSuC0IYu2^ureR~K1r}4%sFKB?OX!~?qqwJF>N$BNV4r`Lk znj$?3_VWGCm!##LUDk)WuZ}l{oNom)M@xZ~^O64%$;P}17>mcDp9lxb)W)JiFqGH; zMe7hTp;h|z>`jyU(xa!P*4mHP+`0>2l~JonTyc8z(9hLOx)K%DaCA%B#X{0gOvgwy zjYKPbab%nG#s$psl({VrPYV-=REWI{I6^Sx;XKnR${|K|^opX)Hw+ev&*zW~7Ib(= z{4vZes#W_qT5+2Deh>FL_oL>OEG+L}rBpGZa5AFC0>KUJrTDC)l>dnRfm>fP{uf{R zBW|7Uc$!T4HpF_r{@t1H>Ra+F;UTr#dW(2KG}2Sz3x*YZd>mm;9zX7?bDJ}$jjo(B zr^LtIA@-%c(5$u%F?DTVYUFToV^{R?we<^t#roU$Ah0-KARv?<2ZqCkWfc__Py~)G zEsYNfe#8QW)L{}kGd=?_AZd(v5Jnu#ItXSCcLYIk42+PlEOu;a99EQ2#R7v6j}rI0 zxDvE9H+5ma+VIpghbH_-38ClH@21P*7npm|K;!zY;$_@)1wo8l4srF=m-)5ERydgV z8un$RwHDJT`CRb0fh~I2d|C2hm}sex06isoYe4gCAcCC(KH zd|UDuT5sB?*s!Ogr6XX)iC1TR?8+c#_wm9oEoK4z64{1MuE`8N;VV5!BG#C6rR}LXZX%9O}iI0IZb07HInvWg1QC^(0VRz9_xE+-fWpTAz95 zznIrY$!rZ*NPk`s9Q1qZJ~8!kH?e^{I{Px&J$R^Dcrkq#JY~-;oRqv-_8&RY%Ud4i z1gQT>KqU{)JD%osC0jTAP_lMIWDE_H^5B-f^Y^Hvf+vX^m}lTvyXYG@oAXB-j+3yBL-b~B9v z5Vv_e3|F<-qKuT}luDPd9416sQJ8XB`O}*8#6%ObhTF!W;KHKj*wmD=bZ8HAV~V|U z$k1?S+_ObO``kQG0Xk-Ib);$(0}jV<>+RcCcPt+YjdgymR(RxU%98)oWQ%aIeWi(N z#CGDP$7Dg8m@CUt`lIr_3x;7EoI3E@@+Htx1``#%#69z?IJT&=!5foY+gl6QD5e)4 z7b{|B-^Ag#XE~TB7ja0VM?GQ>kz1Zk<_QWVj&`doTP){t$+|AVcO+%fYjxbt`5$st z;dc8e_orK;WCJK}$8+ePa+c2`P5?$R6t($*_q!C<#DG!~5}h%C%mv*^2_Y?+`sE%n zVEKlUR28#21UPwgCvF4@Ll_M)jne}w3B(vL#slhOupxxE?$2hS$O6N#Fmu*RV8nq4 z8tRyZ^Otb&qe4dW<+Eb;OGxjCn8cTGD?{o6>%IhYM3k_B|VIU z6>v>r^}**A98jlh6*y>#F@|ZA8S+BvUis)gcTDQxJAr3ML5UA z)Dcak$>ZnsX-Z_vY{D!J25-}hz~liN^*+oUrloT&Mp@goLvo9!YK=py<~^p*w|`yDB0(cTRaIGV zOGjsle^*a;WujMa&$EHyKDo$-rpd;^`kAbxsp*mAp^?R!#DQ%l*zv(BcVr?d`{(znZgez(*3JoK*c`*q?Y}nKf2=!f~5foG8=`hXdf3 znst=-O2?wlxr1rD->Wi(olyR+(m8Fmn)0L7Zm_;~s~B}6B(fysTRNI~{?%Rft#aGR zWZ@KnKvlL|fwG5;4RtxrW9G*tSSIQUVqT{T#fJ6XU%r1K>u;97TV+z)VgD-6zWL^- zLbdsFtyOZtjPVNhP8Zke;+Eg%dPp^Ft)o1qx$5;;(p^IJn6(o~H!fB|FOB|(-TKI1 z;DQP77NtV7Z#8L7-!10Gn=CrLw{>0jqdd<$KK@vD)_rA?JV^I0m(MUd{gClDZBMsz z<5U3Fm|EuE`=LA485r+-?tMsp6cBl1`sIo5LZp}>ui>{pqR1KMSE zB*D*Ze-;himH)BLW}=v-iKWpMtTtmu%v2W$PC&r?v6e$Y69@CMpM{vsBL=I#nTgQY zDlyX5iY+ljQ-1$6Bh5{mior`uY-NdjHI03s=sXOv2)~E99-AObP+gL|c~PR0JO_N5 zp@|(&#^%|Yw>)IkHg!Pps5q9Ehv&(2*kqWgGd{|e2&aN(Jk6kblv{RkAxBTNB6FPY zdsKZ~@JMKYjnwMMFoHxdO7oM2vReq%=v9^Rz5Y?|WGJ?WXtBisZ<@bB+J% z%>NQILVnACRoxO%MXtU-n!^=0=i5}jM-7k*<>0b5tetzl*z}KObkVK)B@(|$!mm17 zkUr!Do{)M1x$50|Q3)P#40Ly~4KjBM4T}kX>Se1PW@_Ucn-b<5uId9K$S3dvWoD(y z8zveQ`Nx)2Xc$(zSC_^ar+e4d)W){7cJ&r}u;}^bgGUQqcE6}~_A3~lSV(Ogp0A$E zpNy+&$;4?XTxiN&dtJ1)UK|W`=8eKG#!lwCk2ZGm2u6Q^S6+QOwG`)Cx%Wgm=qE1q zvdH}1M!S!Tpx#J6Mug|jmKkwtwnD&{p6V@=nEU?A*n^tiK`;(2hK}&NiSdqIjW!~o z+{Q12lp0DD3UTBH!?S0%Cw=8oi7_y3v!s&F)zg14VT%JdDr<2&JO zx>0xg5=M-cPnJuyUj^sK2yLyjdwx3m*+zujUwQFn_6z4n8}k8r6$urZbfi@;!z&3^ zc>69o-4QRq@~63gO?L#vUGl9f5B<4B<>&SO`t6P#fxkSrBsSWQR`Sg@Nlp9(EE-ZY zpZDQVwyBI(r8crANO>K@w^ z&gX96f^vG1&j*LB{O77TpYUb<4fRcfPwH(9y*L)hicOHsUh46XgfGR0u*FOxYo7Ps z*+@4VTWv9$EU{uO`4lDNIBU&e=2Q`aY@(FsAhMMhQO9dK1NlW^VzFG7bZvS6I+9Vk zT$Avm2Sy3ieenqO#7MW1&z;dqvw=AJuyt93AxBtHTEjG1^%ry zD-PjacFWn4+g;~#r758$rxm`oizmf>I*upBtjdBj0!^besvJ{MFXHcQ$9-4fiatr< zXyp9-2)C|d6c?wllAZ>|pvfJ;)oR8q$5ofuRiYxsG@xg!!n}c7>fF8q20!df2z>gU zCMqwMmpXKQf4JvjlXgvwvRgmt^RP5|Wp6e|Cr zgx%}=6aA{#j+$6`AnkG-a$~7}$dHV!K{8wUtY*fhd&-_;^Sep=E;9*2vAR>=@mpH_ z+&&1kV-asPqx;-67!-u?w$O>>w2g>(uI-lSBZ<^YLxwu(CM4$EN;SX0Oe>r}I7In>3 zbZ_%NN3{*>W7Q)DGq3t)P=4Sq)w_CQ`9HocK2H8YTV+Y_{G`?&b`hN;RJI^(@QVDb z`eDrG3-48(=11T7^dIOP-ob7PEsNm<*UtXd+)8zP6&4CIBtO48CWWMNXcEhJpbTDQ z;L@n&`H~!tTQGREFbb1CQS<-$-9%Ni`EayAQ<%7yah^6Ltf3^B*{-d8K}*`{Osboc zVbJ}!OhzGVo@K3oZ^EBP17V{V?;K0*B{6+A(RB^=6&_pNl0iRo%l@+Q^_@|s>s&iH zkEHww*5UV-N8{qB`|(bRj1$`8WH!@r_t`LeufB}x_&xpfuBXH0-F!UGS5UV2SH1RF zpTZv|O0LoP(*LNf9WQAsPj#h=hnP$P*^zCM~ z{&fuRuhP9IH+`>yGSnw*@52O@cDhRPxMhs2wMZBvqwwT zWJD=}T1pYJd}sjNuX5i@EfOc{C?scTly%QY@ZSn zr=$H0-NX8CGkN>W9Ba;o3*YG7tEe2SQ{Sg4Q5#skk~pv9^Ao48j@RHMFB9u#jCuU> z#wT4gyukaZb;K`uYTe3p1+sif|1-S_5rgKXSw3pbFGMZ7QW5dIrF$%~-4nxS+K*R+ zrd&FDN8MrC^7p3}dM_HnV;-z}4!zgW%*RtD%ClZl6)jNmc9y35)q>6YgZAf+ETJ0Y zu~fP2Rx~?B=Z^%1v*9Jzp;;yFkK-X}k5E!(SNwDRH(j(b0-e)Ore->t_*(^E+YGkO zne6?%oRcmj!lf3Y;1Oi8iqZ_Hq`p_;L8*?#R6y~pEBOn#s$fbhsj}0|;LKBVd(UGF@sY`*|Bq3 zZEE1i`?%qxOp>JHU9DU#dq|c9j<8{KN+reE!;{PRRC!3*eA0(3m^Qow5V$)d@e@2e z6Gk{DH)&LE(IjQ&`*~&QqzlA|G9u6{KQ{donk*GiT~E6}0`rn#De;tT?r)d{RM%8< znbjD8beLjFQBL}z=zYS1P{ETTU147u6--xphS^4<$NTjHF()#tm{DM*Un9zc#w21Pk;THMkz}Jf`cg z?h+AazutQ+ao-MPT@ek{jUKP6(dBSBF=l$n5qDl-)B25gnFVYVe}BB)i+D5w*SQ+i zF7R}<1WVR=U4CY*3vK*K^$Je${`D|R(~pjL8mBY0?*a?II6V$P!`}*M`}6nK>=N6w zOn!5o8l)MkZCAS+;yi~EZ;HN9VqbhxjKrj{ByRXhW7*H&Mvu#*d$ldKYJf>6CeKf? ziG7$}RBXe^`)btPxEism>q!53+;S3bBTF+8C>X`Ms!F_Q5y~?_#~n3aHsL5pG?b^Q zt79npJnSbiYw|+iYYc~C5ZOK_h?h8*TNhT5P9)QOY|4ZKK12uz_9-C+e^z%Qf=>CY z;{B#SSd!>QSUp@r55l=0CzQ{ziYhy50Eb`n@l#mRaHqhvd1sL% z!kQg3G~V|)K}Pj9HPv2Wb#61&FYAhBfkdj3xa>q0^S9wD?}S2Iw6lSCaw^R5C?kk2 zJ6CAOi@rl{oF$i@x2%aKWaCDz{PT(3j2CZ4*d{DDoqLXXW$I|ZX|az9>1X4-W4k_! zw7*T^O^gpoi0Zx?dmQ^Y2|4DP7VFFnBsvbfdK&jHr%BC zMVbCD^nYfk>zNO;eXQ3I!hWg3bN1U@=DzD!Pz9!04BF(~o zCKmBwzI0GtL7o+wDx0R@)T28rP?w)J4i&tXc%l)(*pkWh_~C~kk`TB|*$ZO> z8xta2Z9O+^{K!ZLyhzqqVMkMDRuPgQwud@NtPbIEslL9?I6$5rp&lmQEcnqOnl^Hc z)!tx>s^}&Xm%75T!FFAIjOq|%E#_^toy4NWuSPT`AV&m~bpzWqd8x^KV91Bins>6+ z%qu!yqwSSNU)p@k-nZA--fuKPn0Bno492=6x#{<_DwH9V4*I-2I!=MPaC2=6Td4PC z03%u*P$Rk1avkx0>7L=m&Tma^NbF>ToCWNH*iFf{Hs1HUlEhMj#;~r#la8qYhw}PV zIYZU5l4WQOuT;ifAf=*Gze{J}LJAX4dA&b2I7^On4ofmr_v=2ai5`rH;fV1TDJlP+ zT~6R(lp}M53k`-I{(X9MCZ3t*bi&$pF1+&Z&FWHyoQIQ{f(KOeGOgASC#l$3W`>Z% zB!U7ldsRo_2ROxvS-~Ia2Tm9Q6BLp-ED#mgXsj}IKyt7d3mxJk4VDzXi%o)fNNG+Z z3%%P^XpL1b*?o~Tk=X8qeB!e+-ji&${wo*hMd6HxWPR`pWZ#Yv_b_pf{w3%)i2=&Q zi3FW-*YjPU=)g5V1V_^cVHnsU{8Fj-5XPgzN;%j>o}={86*45PC)1?Jc4X1I2=W=2 zT*=&x-L>lpiU1lC5!}O{RqUK{=(F!hw6;kY})X=Z*b$P|mk192qG z?7)&?Z;`TeEn*mtA1ZQ?g`p)H;%vxUO_}t{Bom!a)Bg$Z>B?*|xq=UdZq* zHj&(tHP`eV46wHddtOayI5H{biz5VQolgM!4$t5 z6G@1N=k$zhAfz7$`C?KuVkTkOyY6}F`ha?A08;2nAjnX(;K5x zL`uv;)JT|ELhxm)Gz6~a%`wVYhsVU!MA$+CA(8et=0eBH!|2*+wbfDNh@T$yUsoP zo^!6p7uIj8-5L*cH?@x zQ2jY&BsZ%|&5~sG_XsC$#0<$E8&7g+pa)mY9?-SlQhu5+FVz&ALao4aN^Q6|h$4rx4+EV)D`PZvoOQ<76WJsWE8;tf~I zY5EX0pkf*d(3oS&R86J;sVS?IoT7AQw>O*E?^Ecr;`%>?s* z?PCq?EDP!XF%pU51I)Zh`giBl(*NAt+&|`jegMcf-G#RlUDqy@d1pujB4Jhv-%pg4 zk?+ixO2tBF&@jAfF^G>8-!x4BO;0pP|0)ett=PWrx|*PWR}a_P_rHJ*@v;8z`+~bg z?a2J^aLgCg{|#HVEo|G7A^T1X%F5(NE{@)|kG##Kc-^+*eWy|3-_sYTT!bq=X3ktz zHgn&RnHS-%kFv5Or^`;?D7y$(e5_k`@y0s%vuzzz0$z9e#=46SwjDXL?Z$(BP#yTj z6I2>_9~1{h|Bjr#c;q5f0)BG(^tRKd_nn5Hi>FUNfXhIjQZRf2)q*dQHG*$ExN!qj z0){I=pg`~qxI^T@lN;!E5V|z*6I2VBzAofHT|@Tc`2SuA5Jd4unB}|1q5EHoO*{EtA1OFI!L&mMGqdVjHU}r$$C{r+C3zW4gQ}UGaKAz;58Kt( zSC!s7IPH@pb1Sbc4^LvcaW&_UZCQ2Z6OMPWwfA}Z3kI#M*vgIN%k?{Y6}U$HrWhAD zJ?=a6s@;~l`X*U-xMpVMev_6ZA5B(NEx9vz?TAggm-+2vU*BoA)gMRgozhzmb?+<@UnuSzx#pLp z(-ZNZA9Pddqh4@urqMk;1E2Eyx?9HPEK4rBusmLRFh6){|F7LV?l0_oBeg(3ZM8#X2HvSdNB$@H zE?v_p+^~Y2slKy2n)R7GD{ab{UcZ$YcGmyBqWo?4_QKX1+8N$iJazfi^ful6!oDee zoB!3pMygGD!46|=?~fJlL<#I&<`zn2 z8^#~y2j>qyX1VFmh9mfZeGcK1H386;&aZnm=+CvglDvZV zs&lVhJ?tHSeS3ptQHp(b*~B$In}?CAsQ;uGf__tnH2JW#5%t^XYz9FT?E4nd6_XD!N?V zpEcGr__J=TVaAFbe?DAxsaMU>o2mP3COq=>dZ^bYEM~UnSM+ObU#`<`Bhzr>+{5jbRv7dj%!n&| zu(S25tmvctyUv~c3bVTGH#H+=36lc{;3LjX>s8TxwnMs``%9T{BtG++A?+yv|g8f zxP#ct(1xwlNl->u<<(5ewk{YuzPKIB*=6=M^C)qL(&}Ev&*}|sU0`J4plh)6rM_j5 zjv@YoZs^rx%;Szx*N1b@jft<(9i+Hx{L|b*iz&)E9ZRt24HKiBZa*`O7WVl3;e<%x z*y2yw?K%hiu=4QYi!jp1a>EI2RT5dzD4tjJbzx z?OOMX9<=1S`MMg5f~A+kX8S&V;3hM8WbHCy&;tJpw!g@D1D=F=SLk*y$i4M2E_6`W z`SaW9>2vzW`#H>SV|lHX z_rFnd;JCx?ZJD`)zuNwM#*W=*{5L#g9=Kk0{g{Eh^ohb?bhmve`a6F8#U}3gnna7I zbBuH%pZfO;uK8ghrZ4xIUf6SJ>Hd|<-CaXQSo>BFF&VwHzbJrb%-$Hk;`qru-QKqO z^Y#1z%lwQFJJ|J4iT4vM=<0IBBJxSPWQw3|)cCEwM>xu&@Vm?P^_!^G)wKSv;h}Dk zW~qL-3H{&A)x}-g{^zo}AN7AV{Qk~Yr2anu<01V&Mo=aY#Gv~SN3WyqF$A4|<~H)e zkD1Gkluhx1Yd_F6h3N8+b?b_4)=kM+HI0io6YZ8QBr=igW6zi(OCzGZ@a+m?ay ze`J}>k##Y(^#9Xk*y(M8)BB1~A6a(#v_R7kxOk-a;^}oNTj0jUbt+rn!ReU~E^d2p zW1q?#pe_q}a^%UA(@&njWrEa|A;>O}$Gj>Y@@l61)w(I@hQS;A(A|P?iO4JX|AxwH zc=hhVt9NjZ$j7Th{=Lfk2bejb|07yJ`u_%6|2GI53@IfC(EX27E=z5uPwvqzDd9FU1C@7ectZw;pxnYf%7^EZKsdxE${or%G@q=zRRMMYX=0_Mt&Xg z*{>E}OKq!d1{ANXF%zUuUhFaG^Sf0qdW5eSu=b<{^U!eaU^OMiE zXP9k0+;6(C&XMqYz3q&*jh%J$Y;pF)x22vKR-x4E$qlK(20u=la_O-D*>(X2FYRM< zjqh(16t*c}d$z`}b<8&RuZ(RJufFEpI_9@9U(dc=sbl8%RHs$Krn}}50ToJJQ%$T==wKOO+DcrHZ;NHAkWwB9f4AbxGGjQhkz^Cl5 z+N^bO|1OTt>ojmmK)Bz9!2v7%m?Hi!;{+)S+gWsF_|MK=SgdF4rPS|sJ;yeLdFqgk z5r3l4U}o;Z%ZaTA{)ByP^6r-&52rE;kJV(EynMJsmpA*E(#U$}F}?nwy(Zq&A2=hg z=hp*X9@Q}^`lZMB<-v`8=UARPczT74sg2RLq6)TRpZsEU zaToViKO_hG>vYYlIdIU-<7?fM+}!16?E>TXZK?E|{)f}sN<+EhuQyY2dzx>-(vuFD z+BjyW>VC3!*t30sQeb4KjDGgxip?`K&lKuj zdlftC)%v2(7f$vKY`uBf)ADn6V@fLx^ug-U?^;&PGhW}Z$BwyIra7+PdF92_(H61c zydjq(7)i0|(FGiGS#y-s`IKOyB>F>YXlk{EF<^F!dik|F6M*S1~ z+s=KeZy&zMRd;e;?sLw5ItJ;iy=)1yaQAvnv zVdqO#{oK3q8PUcE+Apl=KF}!>W0Y6unY`}%*pC%%c&y{&Dy!`dK0HQ9y1;yTMO8n$ z=~F{W1!i6Eu63Pt6dU!D`6k(}vRbImEVLDbmMe<_*Ke8_mf+vM5D#)NtTghBKG5#V z(&C=s=ce(vv3kE+_3fbGDqiRbw|CI<)A7H>2u|*?UmO<|-YtwQ@M8=S_GxXkG78)>( z_kD$#GcPkuyiVjtcDJo8{&~v%9k+LF8FiIA-?h9u_W9PWKBG9F-+Z$oc=IwRnLnQq z9KFQ+c7pTx)3MXqF5|UHl6L4^Q$FKls3?3$q|He;gT!R@Und&Ba>=~GC6BJ%@p)&caeEn|H_zg2=^)}M2&>5BW>o%tJ zZERNG-dH>ZJpI+cP7=_D8omwZ{3@qP;=goknA) zD(=@9l>Vuc^u^O6>!rPSc@GZRUb8!)v@?I+RZ~Y}3HyZ5f6JcUV|7f1``xropR1q>It){kEr{&Db&KwxzP-sGZ@ITO&d)8=`y(#t%cmJ_^A1kFY_;~c)BT4#829ok2>CCZjpE!etu|{i&5BAQCxrNcQ+lyEAs#B zdhN)lW1DP#UA1f1hz0i7&aPkHsa0ojvX#>B>g2xe?0buU6uNvCEHTY)8&~mQ$TveS z+;R5UerA~2{B23gy4ct3`9k#by6QdM_e?Jk`1?uYx-YnH`I|?i$nM^bt;(CmH@6+= zIDA#SUhIwJg*$^CV^*c~A9}~K&6#bjc%MI>eR9EFa|Yam{yz{d+O++r5oz?EhDa0k zAJ>grEB*uQKX>lO_>cDlcZ-^l_FpR<3v3JA*a-idnO(H8y6E6=BP{HJK=5GnXt=`t zNm&`(+5T$ZKDeR%-HjW>m5WH-CiG?07Sn%QeJpg%zMQWYZG4wxKTWX2zE!A`zp~^c z&w2!u@6EeFGrImVn{SQZG2Ng+M4+$SV&?F`(s)vET0@v{=o3xtlcy~VCqXI1Z@=?7b)a&W(tOy;`GaoiKkRH()j=F! z=DjMq^4iuZH|ALBnz(vmhk{D-vDL#)3>2dvUBS@zYWD`RYzU%bm3(bhYq&7O@Tql>?@)ytVysuPV_w-pxY zwRT+mx_XZDsh308(*t>q`;?Otwv>mYGXn!h{cvYdarl7jD-RW+)qZF1?4531Ry=!P z=wPRL1|1#BT5;|i-r415>6*-5>!ZwL7$q0dm!)4B+au}rvfispSL(zpJ^nU)j_m%K z4Z9YXnkdb0S#F)N-OOUt5yq)!osWgG2JYzp;Nt7bF z2r@}o>vAA&l@)f26WQf{L@c8+F2-QA;{?@Lxmiwe#C zuF(9akp|i2chmWEj#`YoGOEqp#rI}kA6#=gc>dVstqj5rSH^@hdmU``$+cn8Av4-U z=LRo`HW%p3?eNmQvaA1Gulf1OM?!>cOTsUt$UYloTWPc4)aFb2=dawKFYoGpwAHkG zyMivZP4|xOx-x5N$>K84`~F9}2B&ylT08mNxSq>BM8`X}-IO=6V8w(Zk1AF^dONGv z)m3()XA?%h_PlbC!Ee)Nc8MsQ{YhC>JNXj*Ew6K&Ou7}@IqbOj`H0LN>$5D=XH2SY zH*2P1Sb2%=@qLpsN6l#?TCn!%?j7q#VeGttEv$=uYeX{zEKYZiR;x)U)r#5an zWtb7ts;b?z>r1>^dsQp#7Ob+_S{XCoR_iH7apqQgDn>0*cImRR_pJenl)cG!7Kh2^uuxBBb*>rP_#oBgIby6ua&yQ{yJ z)(lWa7n@;L#iv%DNDsynEq9OXJ0aX}YEh)0lZ)GR*im)Zc~pfAEB~hBQR6B9D#f8e`QKQ?aEl}ihBYPsAwQ&+ z|Ci(L=Jrwkw-C(l^*Aa2Ax9iLgkd1kd-qxm*D^y_`}gk;@b@1w_ySz}EK0v(Ydhn| zM~_@wTyAu5JbCh@S-WtD!^5Of=}%)O&YL&S!690lan;A?+m{=*U%GTDtpCAvYuDcC z6Y*rqoZl{7`Sn26n@2xEpJb`_wq&t?G$ty0|00?$_P_Y{Yp5Z&VQx6jC-KdvA^jF% zR#dV7uMf3K9pZ1b{&Meo{$rrnKO4VV{#f~yqVu_jlWsm`dzIqDR(uyWjwwC*P8pWM z$Tl_@F~V$UP{GuxMdJ+fM;T9^Hb+@%F}{SMKg>wKpT5!D(4|JY%lpkY{>thbldhPa zK|ce%)ob+i%vP-tm~=EPwlFL)58Sd>FHlc!vDp~|6QeU`nE9DgSE{kSoiKyNm{F@G z*S7ELx9y&h(e~SCI_U-InXf%?Xk1>v=6;<_97}ONPp5E~Me8xaQGUMIZvAAz@}#oq zhI)oK%$H5Qwm0{wduL8Z?#+$KNA2DvJv_Lw?8~D4VMm5;#B>Yf_w+r_FRw|Bn7nrF ztu1-ccd!i3om-vR_d9uEU0+(th2;_bvHk4(g=wd&3UgZ-y4J+&&vzYaZahUkf2rT9 zk!?f^GdleG^|=*h()riZ9C@49+D|!`mTK zmrQteZ9s;RL5GT=GFF($=hL?8RQtuB;pkWW@Y7&h_f*+d&UdMn3kEE>xMcX2i=95J zxEy81=_U#)uk3R-S@}h8rq5}^?$*q}hfi0;2kmgpE?`V-_ZiQxH6~6f=jj#wC>@e7 z9ev``mYA{=_ZE+HzLwPO$crwcDZW!X!GakIz^1+%Qwa^(04yF=!w;U z(rDaQUhMv$tjE$c=SjNfU0y#8xmDaQy#_bxloNVuPPkU=q_<9b&9P<1l#FiLz5P?)3ty*2fcYO z&nqfTjTVduvVJv0@Axt!KcjYH_GF_D=c{y#IwVxAHL{i(ITdU@dwh~Pdz#g?kT~7+ z&nD<}otg1?*Tdy&9`F8X`;U+J1llKA>)0RGEIYFA*0lJOVcwSFr;tm%_UVDv9zRKU z9yBYhtgtf6pmV8ne|mQG&=L2Mx@~;e23?Amu6=&oamP>3Pq2?VZaLm#GW*3T&j)K? zoM1vu=>LF~`(CW^f1*)S@?V|t^ZwvyLjH4HJZk6vdALJLAkKdOA)DXwe?0$_l>Z8l z#bE!#52yfGDh9XtfK&Qd3>#xx53pfAS=<`#}wGae=>t{g2v${clzU z_P^(kr}jMH*-x|GHPb%77;gWNIxdMBb^XN1?LW?cQZT&6WA8I*g#*vcI)Uc&1OEjzGr4xhlNGy1GYY=kuM88tR(Yl(wIK#_C3=>lQujTdllOQMI-G z))V*cyt-d{8@s#PHt@NTauznmaLTF89Xn*0!xGtqhKQCj=yB4Wyng3#7 zr?VRdJ`%N!@9y;NEmC1Kqd?v@%m=60Q#rfo-VQc2>$o!-t@b`UK^bSe4 zv2Xu;cwuYW9Fz9(9wj+X2P-0iyjLcF-ODIzS)%3WtpjSpazjcMCGSgkV1qFp<<{Ug zZrwi+{lirIIqg~vS@d=G5T9GhyuGa#ckBFXW_q_V#)TzClOFwc86V%H&74mQ4ualZF! z<)QW#w{&`Dk6b)hzm2TJrnH4w9UQ8r3#1+s%BNK6e7|@K+%#hZbs|3sJ`7Xwf4Jc- zD@!OtIUgS?@1JJEEzkdVapOS#-^cua8iIe{-+K4|1J-^(GjI9+yK>w(ANT+7+jVu% z4etL3s{KIhKZnhBM>#(52G|+N>^lx6Ft~$FW7)YxOdal%{`GX5j&&L>m>OTMIKyHwFk1u1JT$E-obvlG_SRr zOTDdKo7vj4-qy{TxeMEytsYyHl_Jb*Xp!hq)j)wPnNZGxpZ}Msj}6lQ2g?0#4*jz| zTx!uj)PMPy|Mxdiy}IjK>Ag+m|7&Q8|1Zfw4VeFtR}Ituhspg%U~Izw1Ij_2{C_A4 z_0j+HPoUt({QrLf%KyD%)Jy-3>4fjGl&0w4t@imZ$HT+*WBrf!fON~7`0(*`nK0Ft znXXVs6B84mBARoqFxeTI0LT?2hH@Y*$~+)!g-?^=5rMBid(_C-Q7&m2k@6t}qJpC{ zWWlaM8EJ`5q9{eI&~-?rzdSB0KUtWa5E~w!=i!+y60+01B6CN|714QOj=(9Fi9_MV zG@-&*n5PiRviRb@KBCMtTrLy%GLgnDkYp)@S&Bq|b|O1bMm2vb1s_Xv>kqmx~7c&=F)32@^?Sd5GppX(8n#U2@ulRP*uK6`MYFf$^}pFKD= zVFcexI>^H_IyXz4mLnRN?-dcFa8vMvF>x7QvMfPAcizYW00US%)Kz2R$r4$LQ0B{I zGx2nxC@o##%XEj=xuO(Bx-Zk!-ILkZhsE#Pa;X3Jv}l6}CN7WwVak1(9*$hLBZuSR=;;E3H^#%jB(_6A+Ggb0FwxbOo)eOrAnv;YrJo2HSUfa7x>44f9~#o z_iE(nl5B;5FIP0R$u5pS5_m+mTqM9_6@Z+Xay(Tg$;6|D5~!Mmhl?_V_+Uvkwch4G z-VAVX+z5Q#LG23z>)0F&YL$Ifo{~yVJ zkB|0$%OTzJ7LCjQz{D_+|8RWc#dd`#9oNLbuvl&rvY)Fd`%^|_it-v2`Q#HoH$Dx^ zc`nxx_j1HJY$1gXGDAx{&A<%yjX zxsvGA{0J>kui@il5wl|@X7WW@&Lfantmc4;3W=22#Jo8$Ut;2Jj<`p&Vj? z>(>EPUNR5R-&OWMB~RrdG1M8(6v{+k!E1QdK!oC2PJnuzr=Dq8Lts0)gC_uZCyZ=r z(mbX=AY0&?FYlL_J|tDq-(5N|)f%vVKA33jTsOnl7NNl(ENm2{YT;R9+cg@CiU`vb#P4cI%(pmM)^O7%>^fqHvfnCFV4sFpC+LCVZQdU zadN`_?7KUpiovN$+Bgij+lLD}G>hxP^76t1BvQB%0!}}0dw~Pa@$&LY#AC^5VLVa@ z7L+VQ?g$<}fwLnHj@s;GxhO@%m*wMU0%G?;CKmBm$WQ5OLQF0qYDgjoouHVw#DJ*CxS+_m#E__{{-^Vr$N$VvKYt*;M0b}Z^xD3%MUsY75m(VvZPt+DViV{l?Pvdh}v zhdAKqeh~yiXA)HQ4ggu`UTZ{q0xa+aC;}>&BagY%o>(M{m5`8-0T(QZ6bur|&Jw9G z%bv-Sg5Onwx|g%k`C_poS18P45iKcm-4SOds=i^uJL(`0u9$Hok1o(FfL?YoU*^kp zBmlxs24_CoQ7({4#A5hdj^4mcDB0+R0vw&hvrK9!8go{FXcwgOv(kh(Idg^zUa1mU zru;MZFlW9@A(AT+Qvq8*JAk`Z(wuYnVz@~Qun(af0LRpX#Ukl}MdC1!1mH6(9Z?0m zplKE%>j=4;XxTX1g$0qB;GX^miI$jKZCVTC4dkijjwWnsk^{#dlx|0EA}ki+J?_N8 zZG7Pbh$07c`2>aM&V(e2O0{Q3@C8f<+|I7f!=Pr$cxedx)z8L;1~CzNzyN4a^1OxE zZ2+>HI~zfnMDNk{KH=esp3vCWD8M#~#S9{-oZMZl)%a>+W=|HHmvc&fRv%lrP>yI; zlwundFfc42FqFsR^^1*;i{!e-^I`(np`bEmX7aOAeC0xgAX_Gb#ULcg5{m6WV@7R# zxz23(4~+*jAarKi5!xk7E_Fih;V=9l@xU%sAp#!4wiBiJI&peB_N3+wuSk6F*;@-B zy?Z)RB;mq#(?I_$361ico(R#k*6N%JEJse$vWjHufGHYIx&p|h*i%aqr4S^YCCT;8 z66WH8e1(wcCl;as6mc+h*dqAS86pGFJK{U7vHuo0*9Iq<3qvUM4etQ~=$^e*GwQKRy*p|jXs$M40JePtbu{u>B z|LD@t7SJ@VnnBBHT#+u4JFAoh!h-)$O!R{iw`z&CL`B|D6KAH08${#)ZR}GMTgJ` zeYB~VP<@jnDfxJEnm{6!K&)VQA~_!XpKv^w2?36xEFykTEKF5syd_^!iWiD6BtIZE zH1r->5>#hwc$5dCyHP~GP+tx^TE{$~8*v>W5rE4QyHnDk)^y=0~uXXm1 zkj5%=Qjsmoipq+yCx{Dq#wcoQm=4vxu+LPDhEY%#0uNAkh4;ppBwi7292|$C>lr;Y z^=}-WM2K4BtMx^a{}8;KWMi8A+|?7}U|PV>)$$1m5F|nnZKug3+2D83W=Y8s1%&%4 zL~sEp5d}{$QN;dnEiQ`YL^4;9e1r^Oy4T0d2{y-1mgESNv!UZGIoT^Imt5S{Jl&n- z5`z-vbPM&PHhs=6SA zEDI8ZUY;KW^C%JgLBZ!%FZcqYBBFVbgPQ~i8@We!y;@q5WF;xt#3YBEEmZwBqIqOp(*1|LvK*) z1+?ATuwHEeZxvTU02ooqbQ6b}Jf%X80 z9s*L42U&wmHDoZ8;-6kSu|CoUr4$cxTbZ1Cm4W)YCL17@qdf!xJW|D|3lL2>Q!SZj zb~IWs;R0**=0c(h1s2tIw73Jj`5UMjOSKC$=)odKhBXCvE-kP;T$`~4bpWpodlLL) z|0GCVn%yY{YH9~5(12O4UI@~`(0}N!k0@1!PUdlX`tB+kc4uojP3U*jdO_hs?hQBy z!*l2tL{}8Wav+8rLfwO(16TPI~w6Z(}tzN zN+@>%j*H=ZI2-%}TJZ>K_%$@1B2PgN$HY}3WOnFrsZ6Lon9qd(J7Ev5XAiCi@ufUF z)fZm(;Cl6NNw&)qXNi4#xCyf0l>*XP&};a%C(O}@rLs7DvLve43?DvN%#DWBA@38* z%LU?mT--fb5QYaugjkS8s}7b|%@>V>&=OZKn6T6m>E@bsfC%%0B65^%OCvLpg{x*_ z#N7GBZ;g5Tut?m2&q?M8Cp!!rLy z{~P7aBDs(jd!eAkaRbInEQDGO^#=f8Lk0YZbDgpw{v(a_)S;LkFP!bl;&}eU;R6($ z>hfKUrL@4(MXN@J8|(nd&^5XtA)>u82vRNV9w81r0`Z!5h%yPV`-DaWtFc?{&jcn% z3r=!Q@HEM2$<3kg2=%CmiGOLj^;-F)dzGFGh3}25h!%Pp&R|3!B##F6pv@d01}X~$ zMRAC51-hi9G&`A<416Mm1+rcNpF+$6aZJlfCe#WpoBkjXXc(o~ISccUC$|CTFjOH( zqilQ?N2j3b;!fIK$%wQOEy52yS;D?2Cy#zpKLBsiRZM`M;t2o9Cdh?+nIK)$&qAOU zMXgAwqDY;By~@reoirM%28u7j`9!#yFOx+E8KD>>fOI0Hw&rH?A*e)11q(IHSCJ`H zq)Wg#6dV)>`%nj|>nd&gLgamm@x>K=z@Z!*W-Pb1-%0u8N!p;}; zKRgwQdL~~c;)@}i1p>`Mw(%VyEC{@Q2#KBW{6PGLUQGPcX)G3vpDH7*gOi%}&nLh`DD|1g|Ly z|MRRzeX7(D6K&S230nYBvwB61@##U|RQta@+6&IGfxzT#^Q1wLYw56^=l$5t=pB$Fhi}eke$~!5p+9 z`HyhK=8L6zcoHSqBnnL*bF;)Ou~dL9fj5XGWtjkK^@<6#2?8yMN)~vyFh?jRBQ&+N zy!TKhRB~5i-@u$yt3wcP4L`6Mhyznr1$bmtb#jn`(I9QOQk#gdMq>b?TE_<(0`)~= zO07Zu{#Bs*JMRM(4pF#=l=;Mlqm8FEIt?)W-75gl)w9tEjI_mqtR-y=7`36Xz>D(_ zn!pX!1EP&mln+hWzc5GI{v}Gm042df8a05y`~bm8*M1^w;Q9vCFoKEkK8*E?)TqB| z{Zd76-`D!Br-m-9RpnwrL`H8rlYnVU%wGzhXdb7@3I1*rXA-pbw-71q=z_z*dZuwWh1jLI5#OMThE1ly3hFGQR+kNO;CgrsAxnZK;uH-z@~`AS-2VXosZ)=n3I2o1 zQT!$Tqcz}vJO2Uy&HH)ZNd8lMtqt%W1k?XT{zDLMERo0DAnE>VxzfLp19`ao^9oR% zf(VT>Ae0LKm-vs?c>nGE$L+82pW17!pZ_3`{?D?XpsW;}VnL(ay2S8er~I!rUno{YMmZ%8n^^)S9^iMQ0M}sH;FYy#>rKSfM{jlpN9-Q z93WlqlK=Vype~630V2Pqmbnb$MDaRD5ON))Jq63&FvD{3}sn~`DF5;;H*3wNK_$#lLfM%&d6*bU@*~I2xnZ5kW{Sztc9u^1P@1NVZhOe z_Ns@dDjY}%*-%je8l?{*M8J!v3c~$|tAfzMK*S*~dV^+7{??qSEY}Hg@3dnYxE}wR zm<9wsdNQOwrgng;>XB%rd?JXej;nE14g^XZjz*O*$Slx0^)SfeZS`-W_67NDtweeH zT%IhCK^4hB{!^$7K(vCtB&b>-PL#!}s=%Qhi+rUqqO-az0R0ros3Z0Y zWnx0Pi+&0z%7IE%NKvf|>O(St6@5;f{cC&|4zWe(8&r$io5iA6@j;>sUgN_ynFC3yY}rEZ06aT_i|X=iCx+Q6ejc{EPv8sF#L{z7T;8XmMI8lUk2y zK!8X`gfBld2$;Q9BlczzVHRjcEEZo3`T-OQAO@t0o2b?d`b#)f%7rRz@}HX->;*$6 zL}?HRr4V?~4w0Op-uxLAJA-pqNWT;2Ng>crC`&{tjvVquR54JlPoBXD1)3#uwgNh+fJl3F~eqe%d=b>$I~G*C$hq7I?X z2K!r2ph#MnpdN|f6fzTl208i&0wkyyljx|} zIG7wAzM@f#su_pvpQ0KOJ-GeouHmJI*s@Cu@(c!1LDVk z1^3d3YGL9K$b#xUpa51?HY^Q#w5!fg0t^C9>>cQU8Wx~P$_Q38pa`VgQ59}tv!y~= zFd|1{eXvB3Lb8*g z6qlUzV>UE9P!jZtBe!Tc_z{M;HLOp`G&{Zd-=1nS&q-I5^ib%!Ah2Tjf4k}0{ zM25?0P;zZ0R!hkRT}tgVp}p3Kmytel;6L>Qhyx>OkgE}TG|f{$`Vn3nicvJ(E5S5K z)en3#Zvp6bk2cbZ{QB}!_KrpcGIq6oDn>7sSmRY&Kq1FrhA`g0Re2?X$iq9IZ51b5ds zBB4YLwG~VkaKLGx2QBfa0&*loH1&9{yDG8{0$T_PGe{^FKzSDASECBdApf$BYVIfz zzP2Rv07<3k4b6 zZQiCLBvkUM2}wYbyp~6u_=pk#6oJ*{Unf5V0pFW7fgYc8|b)J zi`eVpKtuG-RWTB zNsvzvUCKv(4_=2R!=zl7RjNqd#;2!;00f2G9VV@CZO%mRE+B>Kxiy@BfSXjSS!0cU4YkEe01<(5SR5r09m3OO!Ejui$aShQ{pS9TCOI6`im7l6FBzRYI0>X~>%P+Uk-n5qx{kmnrTA?nN2VCv+-BiEke073*G#3Jq&#qGJy z?s$a1L&IYdjb8y%TTj2sCz4$8a6?K#e_#Lx{%M1Ugcm!~sbX#k|i zpynxDr9i?#{Z4&gP-ortMBQhJ6fqn5XT%%Y=N}4(N_oS`%Ms8F34TdF3G9hH7oeS- z=sdY^Jlx9x0Eva#X~1oLSmd(^nW$D&LM%M&#Ls5-<-xI*46vWy#Is;m!XZTjaTtRK z!41Lc=Mi75+qn=9nV7)S!J2}AizX%_m!~oN#)8D)OOXIjJzam-e0h2Xvu}t51WbSQ ztBJ>j+1cCxIBOeo-+Ia;*dQI&TTs@i=Ee1(#zm9@MtN~8~XWR^Ck=)s!vv247~^tj%vp}(m+YHLwYFC z25cfi18R+MMQt5}yCGxCOM8Pf&_laV&-dt(I>6QLvjsv6wu%--w9Jal2Q4)dj}eZ{ z7RlhyC`%#tCZ$3&ycT7{z2gCnI2rN-HV+Z;=;g`sa$`lt;jYeXNBGRs*%Qx5mdc@X zsNqFub`VI0^lXSVlfjui>W~sORLG)AAqU+O{wE4K(sb2gJ&)Ea@enAdNa~cT$VeC# zhjTo*eTNB(G@(`0EBpT@V$~v08ubX|eqTbVONsB>Q+*`&zI~Cz3rs>qUkz|C+80K9 zQ|qdSH1X3+r4~!6l^NN%Z%UhK0Vk}hpVGr{kvq3u)c7E3VRTH;z|f#UszCS_P%XG# z>yRxdngQXV0sV0hlXyf_Ob{L#*)NK;tPu;NRDY7~AzrGru`bOilt%)F;{4Db@`qDw zv|hQSh3cxx?Myf<(gZQx2kFjwZ(*dt)a$GcRcxv49&LzQGfA1HjVH*__E%=s3^Hf{ zCbjnIF9_)O#dTWQ(om)Ab4O9KOag2?^P;i@KnYO5Wp zZK}nDnvGv|6sPy!VS-(2DPiy5m$nem#8+A^QhDU+$WLOQH28~}HPCI*UaB4-9nR25 zOQC8$0NH9@M)ygLs2&b^CXk0CSC~xQKBn?bK-?Ckc_4j`IA&2D3#iI=*LCaX!-W-+ z+!XNX!|jn8g#rn$KCLa1{ukQwA(6ousOq*0%CoO}uX+20S_r8l_2Ilxi-95~6oC$T zUoUvh__(Mz1Qh-G67Yg@Xp@J;%_rEIY(4>?5Lbd@Uw`Ap@RDzUG)qX?` zo&p|6XRRy6kO_{GV(6PT&^=>Fl_Nc@gM`UW=q}k5YI}*p0~ibZdEi)}6-OL=`QT!J zOe$1KM*=Ze=z*qO_+ZdO-jdpRPbk^wk~p>VUah`1ayrGpiPI@`+bJ3F3O9F>9z;4? zodbF@L;-RB15rSvcaGldmR0vhcmdL1jV(X~D$7XY2wZjZNW&2l+ATHeKdFw}VK8-` zLOn!k=_I}5}+yl7F={{D&Ror0WETK@oYY$;v!y8=p}UDh<>$( zBEQgHl^4puYBuix@X)=}f9ouW9tEr~`sxHYx})|U4M$t<^fdA#K4P&F0Maj6;Bo>g6ipPCl(XKT*Or8fN49zTG9mz?t?GH-nYH?VH zb!yQ1hnDNwOcF+>Jjv7?;13-B4nh&5Ywd^t1PCvW&X)+g(EMKRO@ym!eY|a^fbJ1RKTTbq8yNE zwB^%0FwuMkTGAQ>QsT5n)avsCu0<2%C^QWz|6*YpA8O`9D2A5y&vACc;qr72WC8rs zDFA;(`B&`>L<&=e075VI@ehh1*03wkGxc~;NyCzi6Vf<^ptrw?7*y0L?U-T#Xmj|2 z{1%@QXdlJX=N}NQih9GPkU%4VxC+WK#qaBk&`>p~fV>NkMQrW|8af;y3WSqor>52# z*G?dj=Jz2&BUJ`*Bvtyv5vuSAoJpSsZ7f4{5g!h%WjP|q-G{qAGf?IvFH;DyGkiP> zE_Kg>%zo4i=Rq(Lp$*F6;FBn6k>U*Nq?e8Sap*0fh1SDYz>NdW9n$YXz0h{`(5Qff z0dk>gvAG7Fuo_A&O}o&0o$1+dbghbqJNXx`*SgyMh=Hs7!!k z8N#dvpFv;nQ!+)3KhbFO|JE-X-2Zyc3urGMvH@GN9=I2V?e6N@(Ehu5pgmXZKRn0f zy1BSwIJ+f-yzjIBKff#Aep{8DJq^R= zU|12GeP{RXxfqs@<6mLePd9IFEiAl!=FC(K`whd!V%Xttz9~;i+8P)*8^g|Q*zo%C zW2u?hFHfG#!m#ByUW#ErKdYqD$r$$h#*OJ1ro^x%sj1(XneF}Z%hAv+hRu$SmSEUx z4EqwpzQC|i7$(B791OdPVIwhY3Wik*g?Sh@2E#HjOom};7^c9mLJX5)*f1$Objc6*moE<%hXhEX_>)bY#23aZfxv{l`A*o=g%KFu;#>x zpK5AezkFG{`oe{XWhCp08F9qkJqnvPnq%p_G00}F}AiN3=NNzm)|*i zc4D7Ck1*`^u3g8LEjx~3E1jKhV%UjQtG?;k^J-GJ>zq8*6>rsR~9S!&0qW3u3n~kYgTr4 z8@9L9=8iCY0Y?^MaNy;klNFebzV77{9y}v+=H{dyp6N}R?7*;kDlEkUCLFagx1D=? zF{6zG?pIx^qi1N@d0zH)sch-d=^ZWXYm|#_A2GH3I(BLL&z;?;Sa>YmSoKrUgp96z z{Wg})xIIDNi1GUNg%cgIqBh2#ufz&cj#~Ee9f9Bc!@6X0XQu6#chVYsck8_mzgyGR zEMW4CEjLka?bi zAEskaKB!{6fqm&h-7dGc@%40EH!dnMC{0fuuOqFpnbiHZfj`4IX=BGP-ey-EGR+&D zq|~t&n_=d0o@ezs1lLp)nLqr^kJr|rW?Uf_XX1wqkB|9HIYGw?SL!5~nDH?E=uY?N z3Qf#XXJ^E8(wXS($~inW|CdYFX1?rs%NP7$(@xL);i4p^fzI91;VtSLh6P7$aT%^%xs=`LaPVo%|OUrf&5A za$TEA9mkkPdyN=%;zlpO@s%C^z&6G2pZwF>hfe+1nw)z)XvG(9)n@l+bxgJDHS4DT z@5@FlTKIdhPsnQP!yjpO{Q^+H(5#xF=iRPOLa^;Gx6Qj4hq?%dsVv zc?l)s<9oeXIr}UBGU2Su+t$x^e`7bLV;fuL^)h3;cwXg~MXUS!?b&==7>qqNNaD@f za$~RX)T|N5mM>fP=(@w4ff;WK_55G-kj*s| zi(c<~uby+}wp-4X(HF`O9@xA3gw34HPfc%5>>VBYaPy;WCw@F+k+|Mt-@C}4H`b*5 zIQh|Vz*L@=C(SWktSmy61{tU3Ti&@pXU9y79%Nm+Oyldx@|}eW$%&v`IR9 z=hUEq(LIcYE@#~DB|VWSJpRcR<@^rUP7K-natB-Y@szX^BdjK#3--hme)>JS`x%D^ zF2>gS6+saiz_Z+s z@p*-Q$5JDm=#9D~VwTvx99k97p`x^d&bWmk=3$KB*S8<;Y_Ifn^l!VUCJ-yGD8_a& z+m_5N{zSJ%x1+w&G|Mxnr&T+p1IE*hPWNvg;-I6CR~Xnz{fs()r(-mx!eDat>*SkJ* zO3Kw$-9{acm)4wsowdR*ln{d#Tg4;==4l# zH%O=Svp4q#eOt8eWmc%!fwGHpzN^`sz4~D0G(EemMN?Ke2IcLl(LY-h(6%5%;5gHt zF``=M%k7p+pIC~%qgB#!UJAG({)cv`4;rDXT@>6n2cOo#C> zuCn!P<>#9hD4+W+GO{S0YT{m|@9?_9$h%a>V4Bj_L}6&?na5)c9ID&fPe-T3#@cXp zl5YF!YmfA=c9@!3*2B8nTvkW3l}3fui0eJ*~!tL}WcuBrZS`bM5g zqq}3$KDmrx{vs~cD@$VK{0jZH#s+^gNONn3~~tG57Qf#(dwxvaaSVv@e1Z-wzv6Y)8N^42pKj+`nH7xqZ1Ig4Mtxz+DQ_@i;bqjhv2oY2*0 z7uxI`!(v3`F6?MFu2>Jd9#G|CHRSE%o6isH932_C;B4zO4EI&&8Wb(8>@q^q%I8en zju!?S7iR81Vj-scJ3|jyBv$SK*{E1^Pv`gQ!f9{6YD{Z>{HYWD% z>VB6!?+1UOJSy+|+@agPM}t^CU+n(ew@+0;o4g8LyM1qe{gHRTGTpDpI-2XNSF!Ku zgs3r>jP$WSpyjm0{;M~Ekx-Z#|JAtt$8m+K92)i?*n(VFS68tAKiYqd!}UXaOWJ=I zu>x!hhCP0K@SCq^B_}6eytt_{*4d89Ec{|j=Dc}Z_U~V8Y=n(@xM$alZlMYOJl?x^ zCt-9geHrzE>A$N!7P@Ai=Z~lMyi2m5mLgi1zIwg*$Nf^rGm6ZcdFyq?Jb719E)8+) z{AJZr*|C)Q^Q-@lz4s1k>JQg_R}x4HQ&s9SKc?t^Ld^( zWp3KlW{HKB9;07;it;dO+;DE@Z45B()bU~e=XEYkvZ0gCfXQ!X=eVHYkWd^oNR05w5+^{yrQ})76QR=KxwJTt$Bm?EDxDM1k?tMVRCmJeTUwAW&<(jtnNsQ$nzU5re zNgPd+hx7j7v+zp5;DbOQ`V3?g67#9SkD`g(3zLAYe_}=UmA}kdMio_-cccmQ|8`vtc5K@ZiAvoX5Vn>GS_Ly1|&pRt$?z`g5 zpTb-XE9V-wFkVAmX~T<*dwfZH!)WH2qqxUp4Ba=`%cLvrgn;w>8-L;++q(1IsZ9P< zWoFj&-LKVuR5IV(AHH`w9_{(asl(cBN#zs$jBaSAskGIP3d_&2`+3SOa$O%Uf1XZP zsG@1$Gm@^l<9pw~dc%If!Fw#+KAV1}y(91#Opr}u<9dDausxDNM808z+$8TDM`m5Z z8U%lq%%)iw)W_|{PfnWh-fnsdqTOq=x^D}X$ShQ1Ifp$ecX%pesovo;*Vbh+@m~Wy+??=`tIkY(X;D zZNp!yzk8evH-TVm1EfC^#Zo@NWicFWNvw(a!S=C`7JGf(xlhohRCVu%iFM9a zABE_fN|BSPYc>*0^tmn-pJP~Wh`7Qe=MBXvS|HR&r2cA;;8NwSp8NKo#vACXHN>P1 zj9sie5L=vZDmqrO(rqWGUOe^dYNpfSiFJNeDwIhPu^GDW-c082mg}y%kqn{+#4yH( z%LkN3O{%|5EaP8LIcWzQW1P&bm$eNcx-?jq2um`;0UwcB&93XS)4QjypXj>&420kB zU6i5A+7Mh_c)33QPEqC0*pskYkHz&sg+E`b@rw@_s?GJj;LbmF=Wa-K^Uf^CFTH0HvjO)JQ zc@N4oWoO7Ukl^t~to86+4k8xm-sn|(wLSPo=w3)b^Bu6KTO9kv?V(_TCId zUh1@cem%{^0Vu6NyvVzLJJiQZdLO6W&^GM&a*NG6ZWppMp4;hYGr!Vz8aR3VXEm0O zB1mUOC#>0GYxc2p)Z64K%!!ph6S_eP2ZU`^FaDWG zT6ONzezM3SiWU$b>)8Ss_K{Vrt@|^TcuKsf#>}we?+8WzyWH3Jw`(Qc*ReyGMIi!z zIBDMs9DJ=e6?wP+X4Gx)TF3{-)3tQ-y@4w|3wT{;O|-t!Z6lJ@0=u1?l(V9PP|-Hq ztsEW@57);R69)Y7z|T0W=rzG@#uC=dcejk%zUQ*BZt|oY*A@R(zj?onhs|Ck>b@52 z@|gEcZnYxi+SqFju^a`Go{4(yqSwM{gG5&_CR%lA)F~TbcGW8D1k-;Rvh?wW;}xm!cm8ecvV~gEnaGG1bfyChz zj4Ih}%Z24ABwdyuXRpI0iYeZ>riUHcyaB7#kzQBLS5^XSURjV^M}>;TXE8qSyG>_h z;Kgg_=?~7R8l96PZ@SKHTXm#;HGK(^(9NO}TXj8;xt3qZ|g(A*yM&UhNo(HJcz@ z#UwEjR4&mHo3!`a67!xuyGnzx1tCvKcn#t?2u0l1P&l26y8^rv(zVm1#7(7JV@kxv zKWjYCnu?%lD$~^6F-(?6g)%pCCbjJtf4iyduknp3NbKX$mAi8ikydEu_Xe5U?ekZL z;|boedg0)+q_&~SdViJeC$yO(uWsx_2&m!6OwJY;CYqZWFgPdQj>YAl%}pIjPR@a6 z%iA)tt+lyMZs})BYma2xTE@S6&z!BCOtdr!&}$lTda^ahh}zg+UVg^F4J1a4ViCW^l{C-8M` zucY}*>;84ityEb*j_dC(`1`$-9kcuH3TEKa)E8QM&M)u2k`n{P94Bdrix&7;?0aL! zCJsM9UmsX*<9u6wm9Vdn-rn*g=v(vd@)jA2*v*pgqwn^OEgqrcSx=gup}rkYLgMAO zs8<}{5FRh_>3f5R5?rzGcn-;&2bwMoxF~D-uA(h!J2xMGT^YUn3l34K?&t~6v zFt50;K;!qpb7hV7lI&sqP!OBJm!0HJKrCM&g2LY3fo`(y^=_r$^m$`F zn+NNgqVKxgln+*(9!+%2R9FqGyghf>u%N#)=kn-gz!b(|)B^|4z#&?3R13JzFBO}& zT*%6-7)^qhTVYR}?VH1HrLDSiEf_X689gf1`FL#8O^&H_3(DuW5!bpWH^rMl;;&!l zsdx4gk(5^&mr0G;zg4BfIjfRP_N%0LCS%X^_Dq*{17I78Y&$j z9rJ7}+-}Q%GJ}e58_Gv<#ojr#-_2uX!Qwfc@mFc2{ILrkA&MP!*S<;T*-ZwuYe{cR z;uY(Fygu01eb~o@^I(B60eBm;@vZ226keIzSkgpqGnA@6#Fr20s<#lzbu;P4I|wZ+ z#k4bU7=~qk$v)J_Zhs)wwkjr&aO06_6ul9sWI^k$fnMIdG-lf*=Txp&j|F;?soSRL z4dJ&K-9Uq@H$XuGM+Eu?3Cch_e5|?&mMJ6R2kX~)1wtal(O_CaSXTM4$%CeQ)T=?a zMAB{$JAF z|CF1wW zvFcrUu5CMG%}&)9Xm#7I)T)n3350^ZwwHa8RBF5yhAyxhpTT_0TH;`PUa-L78Vhta znXgDXVN+BbZ}PJU_BpCzmkm$3$g~91#){S&sHJ}JqS|hSepm>j_$)etr4po&zHJ79 zC_EDAX9#S}|C^b%Xd)IZKueF2Mh(=KWEC;nmsXBceI2Pk5UuNz+>3aQXQUyhC!F5yuJ-JGa!fi7aLB$$x>K)O>JB?*G?Hjj0)jt=Fk~@J2 z7o-PUiVU#UT}9VXFM{B7b!+5`&J4{SpGvl~ie@XSLXVigwAVZMIys4z^ApnBc9<)M zSar&>j2_`ohU zII%>dqFYuSnnUvKww0~VMqA6494n%=`0T5DetGGM31mgKh@??b2H}?5D^)EOoCcM@n3k)N+Sj>!zc!@+PQ=y|$|)PLrH&c)oUI?|$yndVe^NYcKW3 zff&CFUil(cItR-|!423(>WeM8njWA14a=YjfWQb*;4z zNEcX!OM?#9dPb6AtCWMI@`IEy?WCvyd!J!I0MYC=TMFe?6@r1VB|7 zlGZAdR2buiLVbX8NB4>;^YSPL!C9SQPb!KrI?}?LeoT)w_%dm{V8YIW#OqEsJI6rT zPsOV^#bGk#U4oHjpc|KtY-~f@j27umUuEkUad#M>2&S&s%qn@=7PdPkXV!fFVmkC1 z*ETjl(mw!Iq;Ncxr77Y2)1kfDs;tloX3JWqwP5n@ux9S}Wd7*6@og>R(;{lY$bm64 zDDNG5Dp#4zZbrEjg*ZP)T4%s$o#F7NvfM+(HT&5NiPpTakvVAjEsYF)EvYJ`R_iJp zq-*HrNVz`8Fw>1j{;B^-q5dB2OP)eql4#XxFk8WfOe_{(Iu@A=zvt5R&;mp!)-jpk zI7ic9RsxbT%bnvG&qrsGLf^v#Z&e@3b!48kB?}M&?!8N6n(ux!S-AGJyn)j?d?{Si zj_etyb=R0yTTz8}$L(h0hKE5vmS=HGf$v8t&IgSnrQ=H#*;mRlf`?I>sp~Z$d%PU|1tn71sIIKocQh)f+bG~58$fMu%;rIIwfB$^A zeGdt|{%{;h0ad-n5%PhTUrIo6mFDj%^6!VS1SYx~N(MbMYiG>^Mm|;gUd>kiyHD=& z-uTFW<)e6sp}-@$yRK@MSkc&-tE2)^M4rL*5Z&+o>vDPP1qrnBuMy7xL`o3tL1&@x zjv&{X5NC23B^S@m^19yNjdHZK31ZXli@wSYt~1Db`SjX4Oj1X06U+6f5Tj(trS;qB zD%RyLBxK{^>y4+R4NI;q`8Z0OnqucX#8IrZRotf_KR)Qw(9nC77FV`HSJqV<5f&a> zRJmKPX0ODMJ{mJUd=J@v^!HN^6`_={ZCg@YM%u{I`%s2CN4^AXGHD2&Tv}689|dYe z9re~jCg5*>0&j(O`Gj`)ZFVVeyV%^MHmBY8iQT#zzAbT%tu%;^yxscO&tI?X4sq=b z{YBLOrMO!#+z3)1QIVqdXKW@&=yFN_Ci@()j7;!YHFpZ;72HnyOEFCIc1Ulpp61J! zJje3;dm}YpcPDlaoW32t{`#fHqd{nwn3vQ|vmrx+FzrFW!#~|gW~@qJpT4JecY-6b zdrP4RU=BP$JwK2_a0liQobu#<*6g-UAf~v!jOy+2TO9s!+7o&6t?S1Agr3V+nz#K| z_W#m+kHNx<5_qTkWyFH7G$G3t#yDgI5vm8=X=jTOK-2kHQ;Qri!_Sc=yH}JA#I^F23b9$r!2`*H;l6aTHT<}jhw@$xyx?gYmpT7>+h zwFl3WFTpY{@d6RSy5y@oc{RtkEC79r(=m(;PKqt4Hiet!u>0#b(QkYGUw5CS`|Pcp zJf_`!IQebB=_g?EQ#|B|sQ)ef>KBJec<&As{0`guk^Q5O+nk1C-toG=v~>FM(BiAS zQGS>@<j^8!7Sz@s8TR9u`?A45CRO<1-bCXpi6oS0y$W>l| zaTNS&%}>7Ij-7`_>70F1cR1YFt;*t{RsO9hHCbY2m}F)lZ=(;v67I*FRn|JRfMkat zc_>;RjLt51J_}9WBW4u!z7$EtVC;fj==uFPs|;tewhx160fASFn?L@z+aXah@DoOM zGz}Vwk~9Gah@g$hIoKW#z2zDkunb$==^@6RE#yY%-5;bE4p-;Gn8@tkrPI3i!A`Z{ zI3UT}GBmO1!G_x%(HZ<4GMt+8MkwmeNA)PCbG(imbR;P0v0x1L@wNt0HCo_O^Mlr% zHO;h3JmJ1p2GccQ8R6x=%)489c}o6&$+8&q6ulKQ>3pq?ObtqO=^Dvy)eG=FSSNBY zuBt7dYaVt5kh2@_nKV4@f`*Ec_UfYT-v>L6%6u_z7bG+Kle9}nBA3noL(XBckL?Mg zzNC?3a$q?SOD;?O45%FoVH=>XOEvv&J&~&v2<0^UVLM%{n?K?At3m^vE>RTD`QWF+ zVv}9vqlfPr?3cRy&!JrAuk1&v9x!O;ng4S6G@h%B=X!YRwlm$GaxI|q)Z^>>u0R;= zUwMyM?g0oq|Ir_xpI;*Lg)CMS{Z5a*d>B;9w>S^@`{&R3p#JMUfWHm{p;bqBgUPK7 zRA84v(W(@+PwG@DulAwUsAV_m)M%B-B-H6N`Rmmg^u@1&{{>0?XJC#0TH`;s1OGex z@4wHB_zy1rZ%RPz7n|NMvl{d4>m|NGzD<^OM2|11A{3^4!0|C|jC;~5zp z@81s<6N~2HxbT6Fjs3&$~wrW+tXN zcav_V@TH{-W+qft7FoDFPA&B;zy7qU)x1Wb*zHv#|5I3RU;n`1(C|pV^9uo2o;O1J z1WNLGDEYg2a?0@!tB*P+_(|NaGMeSyk|W+N&9AI||FDkeno1LyHJg`PTyCFY7yior z+BFvU=}V-3AGM3cuc_xlUH6^p^ebE{rh0dLW70KTxN{Ldmnm%!jRmLpQ? zfWS=&s*`(DLm@=~fC)ixYB$;%fMoLfdxjhB7+m#=w8J(FD&{Ipsx^TBqfPMtwf--r z6km*J@OWyWVrZmuOVvW%LfZoUPbFVROI?$dmaB51&4i-|~k6#lv$W2^U@Y!p&dxY476dKZfCd ztmFW2(K0UD$3-i-W_|uY^oxI96Cgh)2>o}Lz^2f@x&*#mxCA8W{>3Grz~eIPAg?@9 z>ZaXvvvOhYu;Po4?{ck|A|(qc6(L7VuHtTYTrzK^U)ybR;{wu+GoF>@C^ zrBrAwj(UNYnV}C5G8(exR=e)ZN@dQz_S{^amNn!3Ay$Q>N%LzGz}`?vCqX%o5p?$i zSy)6td;MGrkgHl%aYf`y{1!qo!R&u4I%9+^yF;^C*nj!7B(4itB3w_GekB?4g`iED zM-41hdZ-|`gw5w>aneq_R0{}u31PuY`z~&ZJIFchGTxjTRpEO)CbacExB3)5+NiYO zWflBRU?CJ0s4D{|ovrvz&AwGt#c<^Gdqm#L!jyYg=B;T%BqEk%z^)s2L)`yf6PGF) zpaok}VylXtkcbU^(yhxey=u?DoApqWye9FFs0JFUKX{4n z*?$hC?3J;V;yEHixSNJuo|q(-hi{zLaQtlB(l4(rXQ{52>+n!ordVHsuf#lA@v3a( zWjV+2MiNzQ41R4G2j`@05^wMuh2|SzUKXQ(cf&}m^yYAjwm6rGfUa;VdAgB4>&6k4 z)+YlZ?-jkobO!Zxm9+c-WgHymm{6WxC?`w*i81_7U5Jsc_D9JDn_r=tQ_3?Jrfdpk z-SuL=m>}Woz2pWy(tiA8`S! zZPsJKMGJ>W;fmah@Bme_Ed`0$WcH6*FAPY17-^%Ur>r9E6| zA8CC_HEL5_(7<%bwto>%6$ig&Gw$ph_9Vy+^^W^f^Bk!DEqS=;kKD9RFPwwYt{x#w zRZ4|_*aP;RTf;qluTy8_KbM*4yk?!@E@3+RgT#W3nWebn{1y2ZvsgwN$7_|Z|49oj z)-#%#N`CBTqM;1Y4R!2GDI1g5nCNr!GX7Kivh9U8-`y)?i!Hi(OM8lr3iJIQA(<+W z&d(CUdJV}Y0%Ow{+`5$SJrlY0h#4Jai4=n=*~FbES0B!BKX6|XRV~%w$8f(rS00F| z!`y6-f!|JE_u@7a_Vwur$``%tC$9BerlrK-e4_54sg7r7f%kA#WiST_bs5*oEV=cY zE5wRKi^E*F|Z@$0)wh{N_zb`i5usd=#4D6Sz+V?O!s${Mw;ac|GuH z)cKtHIC--Fn-=#BjihGipIWEL9B68vNl!#=tdhg6$uIQReVV%J`5ti2;VH#0pO3Q+f+yZoGvZ^ zLSr<@Np;~o)7_b>Db*Bz6JnUO1Ylqs?tXiH{1R4>?Tg`vbzD+Rgprjr1xDkT!!?tv z^^lN)|upU|&Eki*GIm3y0_U+8fxs^><@%Q`}Ab13@b&V+QUM&jjp zl-^SpY`Vw0QjJYJ9c5z-nBK8eA%skyT?6a%it2NS4BNQ%r)vbyDvTi}YNCyfI~9rh z%#kZC8}g_qPUj*v*KAldBvtDx->ll12slrA_0*Ri2^U?yvy)dLI2|8gRdxB>_8{<55% z2x?Dx{+ta9C@xo|TOBmNf+1X`F8A$Wz3pZ!^Xj}^H|ilX=KXD&q_S5GPH4!3sXEEk z();d@)nbQ-({@rDPy`3LDOQ{+S5i%|gOiGKrT(i529VXuHD~u7>2(_BhF3-y@+5EV zH#H3n9US&rX_@ar3sYi3QmSr`3lErB9@PaipdPzpw6Ag06W%BO z-2K-0=jr3}yZ%q3QqK$s;l_5_d`ns`dzjKyrj>zl&3=Ske}AI>O{iaq z!#I5HUQK3dP1SeS%?DO{pXkMn^z4MM`S)<-e8x3Q@jTuV9#t$c%vbwb8d9`9C^XO* zd;iM|uOeF(&Ew{5rio2mJ6-b!zQ1yJZWi*XY#2cOhy|-(*I={kP87tFB^mQ?t(=Q} zF17RTrTBZQVG*2?3mvV;6D`c2Vj%}@;e64~;DbKmH#YH)Ah@O%5p)9w6JLhI0#9Do zR;Pt469CkpSI?jE7aw^#0rumT2=yO|NkWPnoGfjfA}h~Bg>V3!9EJ>@0L11me-xtq zHE8q5HDSwq4d!_=e!S|Ev1GoceBRb~K0KNjEkuOS5in$m3Ba$X92@s1PlqLL992Ac zxNGvJ^=-=)pse@muB~QA58hy(RjL!vkHj0>CnBzT|SaKYjWbaZ&8=EBR}O z`a<1d=7W9}w7nW$i2+<#&+}GU_p?#}+)AH04}j#5G(>L?7H`T092c635=HqLkITWo z7!=YGZ{a-AMEz+AJe>!q(I_~I(k9)XX$U8>4MLQ8GoIj#gxtvpz}I6p$+94(ZGZ(H zBG>B8h4G@X3A6}#Auk+yh6nXwK-46&8z;eHUf$5{V2bS!g|bj23Y7U0;Jy~5Xd9G; z4;tov!e|hfx+S3pbJw;FV_FS>B!-D@yP9jd8%G40Y=<)qd5bN0Imm_F5cWhZ04+FB zmnU#DBV6@W_?>z8k``cB7I(J=yDW>RxDUh$2V}wm7>R-PtALxQd)skDqOgAnEF|M7 z(B=fDvEX)2Zr~xY6~RLEbp`t!xJTVccXk`}ufbEw&{I+Z0T0uowczee!r(3zPZ-ia zfY%p3AI0_E!%j#!jz!tm##IIHTjA;H+v0gxXmHRH&ndRuejGglJ`$uzzk?4gi>U0#UE%v9%J0LV4jJZ zUg!Av*nK{C988(}yO)w@218F+eu{A43p&fqZs%5T#d6#p)Ic`(&0$Tx@&mu=wg`!2F7 zjD>g-%lbGy1MaTR;G`gO;)zyP;IY4SMD_qhz+V*9@_ra70-u?VN1^a~3*j`jVT`SwGZY~-Lz#LJ zyb~?>OifTGQ&5Fxl;A?zUMBv7NT_sr1o19}<=7ME6*l)Pgc_GeS(bYlg*$&Q;&srL z3t9m5@t`laz*(|L9WSqt?YvnL{OT=t4zC+OZ-s$QgC%Tp(F^&TB*JA|0$h%8aF@XT zEErM`P%eh*op@7Xy{3e4GKYEC3>^DVl!6^Z!3KX28O9aG719Qnzw@3pEmSmd-@+Fb z5BlrN1>P^i=Gg?b45mT6qTFqY809^gwet%zBfDiIS6Mtuh20ZQ{LES1UkGKlvQjRT z`lPmIt=VK5rJI^pWRIE#7t5E^!|t>d)gmg@B2!p0-G!pcyF}Ai z(-XA3-4~*g-eo252&G!wOS=3nP9id)0v~w~;dYC~joCYKS380Idi+s_s{pKq>G;Ku zor{2L%AS0!RAemG_1fPf31II4)y(K4ZOi3gXVG6JZ5(<=qgWlS@!Iy%L+BjoQQd-k}VI67x+wNykFQP^o2#ek$Cn*yMW!H=s z6h1z#b{_NXRfz0@=y{*njI^Q!FT72i{+4@{YD_tspYMIdx%<33{8@}UKCNZP-NeWJ z#XPWS;CVf|k}k4!SGI_u&o3K)2j9HRRA2p$6mOBJ)GS^Z$?~8~Z$9pb9B0sA z1gKOPY>fBL+KRAh_Z6}98`Mlxx?{y26XLZ_M;?^uOTEtW4%~g@#b>BxH9-_aM70Rw$ zaJ#`@uE{K;a48f20u@%M>GO`&AOE038WmxA+oxAM-*&WP`?!OlqLATna3&r!!meD| z(Rod)&=KCnkHdAqA}M_;w^{NQ72as?bdC8yjx$5gKT?KxXHY#qDL6>=CXS?Lw8wtg z?Ysw9g{TfX9>rIr_M$MT4^xTxDLcVcY z8IQavr5$2C{3u$0NC(PhJ{%}i)}0dLm57LZV$NSv~%+J^5oy& zlK>|PtVAO7pX99rapFjbToP3miRL{C`G-W$ImM_n#r$vzp+=A7nL zn&y8vE$BZjoI5SrH7)*UitGI}`u!C57ZCUReyKlG5B(^m9cKjmXJjwWa3;(skIzVq zPhaJnW(Po*a%XQ>&q}=S=j;NmJe--3)16a^oi^m0HSLTRrFfa6YzrK7ah380SJ+ z*J9QC#hNeET$qIh|Aj`SrRIlAt^P~xxl5g0ORwKA5&tapa4t7q28Z}B59Kb8bS;m) zU!M50OyYb$t@M778uHfv{X*{h#V=r<|Fhcde}*pjAJ%^jEOajPU$h)rLgHeai=?E5 zfsTrimXWT`zpnxRd-|^|`hVs>*Zvt7@?ZI{|BM^_@2v6P^xrqYr+=ONaX$9*=g)87 z|L%SJvGM6}YxC2}>X#26-oJgfH$Ojrw63yF>K>ceI$r@U(9ro?;M?@|>A~*4-t~(> z*pD8uU;RMm>yDi+^m41!_b$-S7OuL+cm1z&8ylLoT7bPK@OdTVLlaO~KGX9uqN1#P zr4l&L1SSZE#RY_^5>RI5*iqC!tZ6lxJ2rWIEE6bBjH->bjffxUOaT(&W7lxNn@I8L zV1`Xs(783x5Ce)2_xA}VHh7yA`WjY;fkvM5E!qRC)&MRbu*+V$H~<*42C{v@(J!pr zJzn@e4@q{^$aE5JumL5xfZU!xn9>17+3?5MgDdpZE&vzd9!IDx$mbcoot2*N6QJxi z+})BaQx6e(kJIr1yP2uc3sX>t4wdaaI$teX69Y9HL(qlBeOpTns}0=K;?hvpG}8nO zRiRoc{Hiw;ZpnjGWwUWn%ZGJnDkcmn{ia~yDydJ7B3M?^+N$Hd0PhtVb_U!>mBGcvQXb8_?YlY$BV zl6uQ7EUT=luA!}{ZFtp~R^QaxR@u_t^*XonO;2xfci&*wz|d&p$k=4{1Zk#ZdUihl z?ZQ&l;_`>omDTl+>mN2hEp30E?+pC5e{lHy$I;K@lV7K2Kh}WMKyHeQ`4`x3<-dTa zDEe_xMWGjzcVcOxR`H6wCB2R9)g)ZGfJm-P$E+8|156kTF3C?yp2 z+N5U#ug@wL0(E5F*?gH1f>7j8!6NlQ1|VbtPe}zzM2?9SLrk@Qt3i835zQS@WpGpd zF>7ilBL zAqD}*oNUmo5$nx9gaV~V0QLjj!%d-M004-W2C5W>sG#o9D;#(FXbp&UOE5-1G@cHL zS_3g7iD+`NPX$6SdS+V;h}^_0Aq>HY!Gh?YlYs7Mg}r@Va=}>u%LDG=AA(<#x=A<> zb`nq-pu4Vv0#l01sf3dOvsf@WGZ70Si@9DG0yC5&^hAmT0I+oDj36==zl>FYO5d+M zjQL6wp`Xc{ZK@{$BxuDCQgSAmLMVALs&sk_L{)P3x`bZjgM@>;G^}v}9}=_bsgh}v z<-G#)!U5edDMdOwn~e1uh~9Ms6avvtA%r3tOGxa5n_T2XG9@E*3>eaSvj-`jgY0SG z*+Aapd}xwYOo7x|>!vw*+@VHYog4Yln=OSW17VRxAWzpuk-o6E-r&Jde9?n$b9Xh6 z14+VkSPYCa0T)ckPS)Aokfc%H&n$T{wxQ|m*VT(1jlhM$g$up8&f$(&iJM%mCYT^r zHq3q>iwiGEqk}93fRIU*9jtT$vtk^;)hYlmf+kG$Q?RSo5y4XuzCADRxUG>h&dS^g z?$rndb^Xdu5S6;Kwm%q$d^fgBvw`%Mso-(yJ)gVQQl!xCUbv; z!Vu}bqOhtQrY<}^KkUp281{+i)mFG@&hQ{?b;cQXZb}=v_8aDq(8ScST7($j7TBlg z`Hk)j^gp|lL4+YsT4+O9i=*Ft-Fr$e*#FaeR5@;AUYUSRrOj zQ$uczYHc4N&)K?pm641N^Mfz(4+S7QwiZ2x0|bcJa5m(}cq2^61ys^G)MYi8ON0cy?nh5$fhl4Ov;s?+Zo0|)LFU`wP*a}MLQ185&i1CpNHYI2VN z0;BB~l|?A5w4WZx@?oPsB^IPi2*#g$P9Z-f-JxE!%aA&udmJ!QtWM)>eXN}XLK%c| zV|Jueor5Sl6GF)!{s2PGO}Z&-O4ax`C}_ACK=f|gP;x?JE?0<(uAOtC34)tOxHFhz z01oE**l4Gq4QbW^j0tfKaSCNUk`E;b;8+}mC4rYx6~!BI&{_we!Z=0jt*fba$j8o<3#U{b6;n+lfOL4b%=+$#L&k-=cdfsA^$?iX&Hr*YIM} zLZ}tWNsfS3YQCTLl5}eyE+wpuSz%S{>3IMw6CMc_7EuT@BDeaQgfEOe^mm0p4@bV! zNY7!|XEEF8-*BkES1o;yP7tSX0TnuK--2w-f+AscTEe7<%HfbD_Xn0dNq~&4GfldYq@= zO_jz8`2FWRir^%sh&~>H`aPZ$Zuu+D-PFPbO)aovAxPijW#?5jR1dm+`3Om~{%N6g zYrjFf>G86c*7B+$3EcgHhX(Ep>EQEx{yaosQPVM+hlZGgSGVF_Q6~cl^IV1A0Sh4r z>H|WFsX7}oBAK`me!&pjEeCV@OXs>hj|W^H32@M$jsIDCo&r`;?DMzKftF#_peWq)# zc+lCx;Tt=2VzC$qW$Qyo&SDb$(9tF_0Q2SQDNyS0PU*r<@R|{);-|b?d|rD#_3gJW z9hFYPNlkLsuGvX1$Kfj8?|cox=oNhF6A2$@N1*j1hFmh-#E)M(rS(Sovw^Q(ztLCT zf4UZO$@T}{m356)5Z#Fo{Qy&T-lp|Cfgt<-o>XbBkcpl^ScF$ysZY8|!dCh`i%&?5$s=jtQn3EsPBiJ9rG^W16tC3v875~Fc0GvKT8{Tiu52x=Rm=P zz_a6^C!2m|&Yrwj)gMoBQOB?+?!KbP0P!PBS0c#OumB>|VIOv*F!V9f zPd)>xl>xJ~bw6edm4PyFXhF6<-j%W>JN4wVGYF1if!Y}eF=N5jn8#waWY!oX1!RO& zL!cJn{#9_qeE>3EM9#YpGQ&dA&g3e^VbCK#4w+Lyh#r0n*rBmJp+$e(yEl42J$PQy+X5byLPqw}V3x>z% zYDFd5kOl0!_eI1KwqW937XC!2?x6RkO}s-Z`%Fl{PV-%X?TeeBcUi_4r0CV#9Me12j{ZQ{#}w&3!#>YTKiB=B1(e6f zr{H|q#Jc+-vSsA@2?=btfJ?3M!?J!g3%D*+yxIw@{+_Q1Yn1mqjFZ*l5j@=9#J43K z`baL!YafQZ9$?%mXz)4GNyNhiQIe@0($;_^UnS zfq)mAv)tWP-n@%^!>^b;uMEu=c0ZzfMWkCKYxcdCXnh-yD-oJ>EBl&MwowZ#51w;x zORvW}+YOm|6NJn+$zdJJF%`=Bj(3~*96d}CGu{RxM&@2E%vJ8m6${JlAI|M*gI!6= zUAdk&Mv?dab1v(4ww`R>5^Fvqkbg}*e?K$#duBed9CR#_|Gq7EGcxB{K~A?w{%U02 zUS>XGG5?(%=%kH+Y|s7pIsZ#$)~TTY0xN^S^uNQTPC5lVMtkVuU34+YpxAhX>f+1jP+hUPHr1ok;vQs)S~s`{cT_eLsa%n&wa6+7(}xuVtk zJ{5=U7417!TV~ZS_e*i|b(@P64Ow-FjykHPI-0XOWMy4|PaXLgCE0`ecbIxqb_rWY zy~AQX*I5bAQZcteL#=bYU^Inrc0;p4!za-?(rMW#0)g|(^XQGWt_H_+))vr$*YualJ9#kK))ixxQ>WNjYWtIIjYtmS%>T7S* zIYXFsH0_Dje5+`BV^;PkyJl+t6(+mcI=Yc~TD_{>bR6}{7tw-YuX?D^I95^P>DzoW zyYW?BLmziD$I^Kt-BN4ZSu3S)liz5=5Batf1w@2z8>FHwdbF+JSzF#HMW%0C(e1Y4 z(T39OhPT*SbNh1b+l{uB6iOXcTK4s@=vUhn%}G1$)vM)A_9fiA9qrK_oo7wO+71Zkis2me!@36|w49VoiUeI^W-} zzD@c1j(y|$gD#7+>Nlg6jtVuq*_|Zcj#pxJobC~xCi8qLdw~3AQT#hMq z&8n-ybX@pfUVW`-JzeU~U2Jr^{i-3FB1(bC+Rmr z_v`J7YTD&mjN(AOSgMj=&CTrI^PS3Nd7`XCm#+gc8d33htdfRf=tWFzd`>@o&g+EE zp_N4IW z?3JUa(NU(|QF6*LoamUpDBQ+*Y$#`Jq;qU+d2HhM7>Q$iT5){VZ*0IEW`i4F%o$(q z9A8;JA7A}F{*hy1LviAh`NX#0#7@pcumSAr?}>em$wS4-ALf%k{r*kQ{<=Kz`}d?f z68I)g`pN-7l}J!s5-6ASLx+U;LZW&|f>D#s_9pkMAo8mdsOl+JY7$IoiuNH1a(VhE z)f9g6FOgJbz^6Qx@P2cXTO`zadS?pbxrC&ggtyecT0Ebcjp{k^|a8#w`RH1 z_oydrFTefCG2_HJ@1ivC_GcoPH0$+c?*C%%yTh8=wtd%1fdBzQ?-+VjdPjF?QbeSQ zG^O|65fDS~h=52pARwJkMVg^^L_soJA^LvA*7^rLF#OeaSz|y}hGtZLMW~exSbo#>`CF z+~U%ctxZzQFUjKh_n%+I|B~#Rr1)RKzs3JLp}!OV3;nzJ-=o|er@WihovlTk$sI;e z=Hf^)OM`k?z;YeNt^ilYpL2zqv1N?{OJW;OyS+Ooh3 zFB$p??oqyddU8O`Zynffq>AR(PCv%%8T70-6&lKUFxx0Qcs32myn-r??SOMU0(rtFVDd&p%~-^2$Lc zV=EanFHi$YoN~D?bA%xKo;CdQP*+!L3Ti>>K-hR0 zQty@KrAKng7EKfs!E)$lhS~*Z6)y+?EhZZ<4QDAG*jw3Qkg9z0B9fIV zJc7*WcaP)bwK{6MDo7`hQM67i(LC!5_}r$uzl;g*)z*Ns^J>gq!erh*ZlP;>RResG zS83vSiu&V-n1r-z3@QjE55LKm5@rA1x)ODoS6LNZ2|0?^`L>d0j?aH#R z<~diZ(sL`3Il@Ca2Hh(;cjclZ$jc9;DjfmQu<{^bLrj!vGuBV#n1FZV&`_MGyDYkT zQy0|HGlD3p<=-{%QoV0v;UU}EaHXViBsm?7C?Usw%{a~1;W%nvQc`uxBZ=Eu-5Fv2 z?l`;0(fP-4?NoAAA}_&@0_Jq1Awtw4UQI+?m*38K=w&Pe&UANDL0d|y8SZm~g)_~c z(~VQK$FHEb_LkFx6IvI&8xA0`GE=I8?fQ`#y{gs$i~KUHiPXjs%?lR?W-EAw+@HCo zJbo4U<`5-StB6JAerfpvx%D)bgY*Kucz;4l`-A^uos3?5?{2C>Y3QX3&BD$a5xDf+ zLEq47bpzH>xp9#eoRPqBaZi>{Zy?&SO;6QQ(T5t();UZa}1dPDLEQW zMvQ-3b%bT%))LWM@zMc>CeEpk)uxvQbxb^&HU%C-;XN@Th%}#0WK9Ifm>aVk5SVaw zlolC1AqAPyZy7f+D~&>dh>puKWH7j}0Z)78U0)DxXlUSg6ChVLjxas+|#XV5{icSssrqXNGN10o~2mNq%rg{yAgfD8D{Lc38`@t$1}_< z6hz<0?EvRbTZB`_4C1l2*zM97?3u8c0>D4Upgss`@yrioohH0TwRTgYlfe^KntVT< z2W?n)8Q3v*4&S#|h4)sX8c)RQuCxzDFHYrq%Q{83RB0EKy(}O`2#^tVr!4Ou<~W*{ z#Diti7e97@1F4%4j&1#%E8@*3vynqWZ9*!uXhwnUh$;>$tb`&O&mDyohJ=V3k)>7` zW9nv=AVyJ4ua5(ip@c*E3lwV;K6z&cicixgCaZKYvPciE3%OsDh`PS!4d`>_oV+O40C{dk zB5nB&b5Cm30cmO=uu^^GqWNQyTWY6|RCWmD4Q020ih>?4{d$IJcdmP6ga;pt z0>p%<+%;Xx~pM6EuSccc;GFYoustWCFC9eW9}Or8F6?&HK6XX#RY zrDzs+hWK_vm&3P}>ub4LCPQEN!RZaJAQu+yBxVNS&WJ)#_ZQn$rkYFnx;BI~@-Aq{ zANUt~SYX>YOB=kbTPi+|W92+-RWcfNc?2N|f;9mujk)6LGIiT0t(xz<&N&wdQLfN4 zmx?gprKr7hC zMcM_RVLZ({tCN$KbwS3fl-0cw?RzglCYDRT-r(xz{SCfTd#Uoom$4eQ&`fyP=)uuy zaVn(zgX&|l+zepvY-$fnA%t1uJwRsYdyhxuB?l`DLA&ikrUC$Q zQcxXLJGTpple5zbcRl^M3IyEdDtr85kc*xh;V40TzVBVCV0p~nVLI|Hd_$Fx(ij3Y zJ^l9j)$qr(IKaPv;|Zhf@mpW&ur@~tU`~@NkeU2BV`uHb2u5XBPGTRL{dMo@(~#F^ zZ30~h=RmxW5`6mHmsStr?g--Jd+Jl(a3o;`RoS(B_h@8xR*&NI`H*>*@PlE@g;;Wc zL;#Ty`1L73wduoXc)kba@Bably9r(y_8G1SEx8%75Q5zLV3Y|rW~)?SSBx$i@DU6J zs};^4-iu(djXJD=rNw|vH$2IO!*L$~mR)nFd0^W2Fk5bf)p`^;&i~M9?@gBoO`%9e zLouHZvD1cP>=E+%!88BZQ77MLiCNKgrlzk4Po{LKZL>5G~n7Z1Yb6TWIk4cP)iKzPeS z5`c;sB7`O;ro;@#Auvgq3h_5bQugD81<7Lv6R_+E0R1EgV7WMj@D=cjesCuEX)wTu z^-Ktj;{QN-GdFV37Vy4oN({w5&P|y_uwkC?-ue&;+`y78M4$&#Ni}MLjqnDAG$=VX zaRYb|Lau$)b6+szQD5>bIU>&`(FYMVIGxxrlIpOKsLK?Ub5ApHlZu)MWV>G4m&am+ z0sOqC!=?{zK@*9%fRF@KMq+Xx;ZgXsh`kG*tl@MEVI#~j-R9>Rf%I1Mn4H}7rwAZV zA>I3OASMxLNdzq40%YjSD+pgSOPs;2_%IXtgSe2enNTD(PT>{#g(6?jRVRC0+dGlv zeC4L@KC7FGaEz`yI5Vh@P(f64ckr1eF$cA7fi@7%h9~EI9qc=k>*DkxZ8{EZ`Er&?& z8qN{88?h#t*NO;dL_qZnVErPPtKdka)9J1XP*@q9DfcPdv@GQx18EzKOA z9vy-d^TBLi8DUxF=uW>0vdu|@2L)qjQ8 zTb+cniJq>lPu6Xhtf`1P?K4(EqA`E{rCz!Xbh z7+*hR$rPVaU!V-u_7<#ts(-DFUuAEE)HDF&4WgnDmSvK$v=PnGBxZ?E?Wpa|01J5P z^I#y-s^;UFB3_PW>77PSm1gh5wM&QQ z*^@UtJ>Qxp)^v%gedhz^b1kE#y~cM+x2~q#3RCHDVga09HK*!T?^cmdvg5B8+`8}? zDCod95}HccEu)BWpkd{$PJxnPD*SSLo(iz&-bIG(60Po<2=C(Z=xX6Wii>r(Y*V!H zR=96ck;U5BiiQ?7PB>kJ+G+_Uky=Q-8wozAYEot_&U zNW5ORs9X(Rx#nPO3>}36bMB!D+dX>)U6Uz<*BrN>)et_2-R4F0B9Og|q_^Lc+sLlo zj~rTxQr(c+`Zjwp6*22$aR~CRUZ&bUYUFL^i9X93P+YZN*1Dg=lfF0Ox^ibN5J5RA z+J~fXJ^ijvzP4AZwvQoVKrdoIai0;emAmh8qUgB5Pn?5{QM$dF11Gu$Ula^j?++sN z@eLhK%UQ_NAT>2_i?ip6M`3^^a!Bvlpf7T0N1^r9_?c54(1xI4tdh@Lo}dAyD>yzvElUFO8#<*w1<{ZU+3Xc6aFne~_r zNv;aV4yslAD<^uNc8;=H_o6t*Yq|#Nta}s5DMXO{J;afrg7MC-QmOOt8I4-L``IFt zV>h4mMC%CaEA{t@2g|00PS{R#od<>uCB1nj139zC#QU{8>G2&+*Qh#^l=v#`Zn1d+ zM7CJN|N1;yWglI|c^@l+r*=ob3e61H?;OQl`%2#!_xCQ57r!p+HUdbmxKj zzDU6~1u)Ts)9V9>s+Oz3sMWOm$r)bEw4B$R3)dYGppJ>-7x%#Xc2~JWfETeHxsG>I zT<*g6C!`Xa9*-eU-_`8HH8&?y9b=--lbr%;>%XQ@wW$+|fjhEAbM|NFTuAm(t{5^Z zN(%I>4|UBWPNetUL!e{}lkEgApA&!~upPeBTEij>rxLv~ZBW!%iKQ}FZAz`H-;)|F zY1PUrTFl{E$vr&fqHl7IYraj|T>NuOJTcp8{QfLy-1k_05 z7q*g{Oj3&SbXQ!Cu54bIDJWV_}+3K^%II-1Wa$F~uC>nY=GV^wdAk#perr2*Ydc>6*u=TfWMt1O1(JiLOIr4dR4VC_R)OUB zZ4>0UDSUsm>V#33Eq-)*b^Wm)n`uWbDuqUTqF(h@|-@jE(t$9_xZ`LKV>J1 z+R;EtB7t7~lSh{M6SI0Suy`)t`gU{I)a&prx9*0NGt-pTJ&abvz`8*hB_8w`h>0Yr ziH#tdt;}Ov+38PijEmcy-O5j2JkzsP{B;XFIYN%yE?(Ozi`+h_EZz=W+ln&SQtH{N zD_$h4+s;l~Y&iGijCWx`&sy>(kg`E_lV%Hw!;VHQ4ylOb70(S*JnK4_ka83IcymYY zLTRtTiptc~P{!R&udaBURuq0GYpS3!<0Adk^Fy`SPu8;9-#x#7-g~k0&`cF%h_P#$$3VuB;f6;-Pf|`;>ft|&39rM!PVq66{XUN z5A4p~Zs>W$3#C|Ephy(XTtOx8;5)?*CwjjM8y%*qGr*tHpI1CL!-%e?alGMJ!uW-Q zTIlv`7Bl1*qgqJNJrMtffqv(*_cN<`Zg`fW{>wS!@+yln{-FHJfbm7q2jOdsm>M|e zo3LBcbQ`oP9DV+0-z`xMP#f3I?cm3j+|GKv3(S4QI5pK4ym#7b1W!@;_K^eBptJbK9zYn)rAp5$fbO#@P@PQoo5FEM4h#^FwmY!5Mlbv2j zTdjV4a?QJ2;0<>e7KJ>*6+_jnwNqc8BJuH=T#XIB9wGMrYs$kL_Mfhvoul-fV+2n5 zVBQUl&8!K%4STr|@n9`|GMh1N5@*OPC2h&I2~MpT)g#H{TGx#*OfkcKE|wHP3JU~c%P0heNmcTrxpRA(+M-^U_T+aY*Ha#fD845u;(GkPu^}s~p{ij@1_6 zq*j&RM`KwLIlfL}!4I);N{>Y?6)!B7PYS7s!DZCMkOf>k=ZYmt8n-HcMw{E(8POLP z0RuDV^NJWLbIDWXP>a!VWV8m3FGgAVh&U+wW3O$+XHc0Vf`+?^uhd|qHaq7ho~k76 zhOw5Mtz2Cv$Wx){{Z~ToeDqnJld*q8mQ{Q1hSCKZMcaabD892 zDLPa(-XqDz;2{ts>WU73NPwMFCGTY>la)N6fLn+YMxayY9k}6VF#wBUvld-3n|&Ex z9mxh5LK5pG0W1Xy2CNGSrneslnJ_?MXeNbWLI4~&(gzB!gkGo0#$;eQ7yuL)G<%ZB z!zO4zwiNfEO0YPL3fss->6zU}CM@B7*@**%?H%H>cv@=5j#x;HzT(h9PevIBv$dx_ z`nuAYs)p5^puEZkFL(OL<=~XU7u}?F^>C(SDQjpph3nD%s;c5B1+rZXaI6O_>=x9K zq#=RF8AX9=c8Iw6aSQh+?2U})MPO`ui2}JEgijU4^x!8&0W#s*%83+7S==6I9Vwa1|vB^tquJ%5(ME4=(jNk>4EMa^1USSzW z!d9bbb`+2*WcJ>q>V)vs0XVODQ?;-wKMLd)e%ltuZeEOuzTK+(sqj)#Ap#4_N0&4V6dz|f z2q-*3nitsB>iJGN_@*E)6@`nfxwH5a^qfgCHvDla;B z)>K~J{>-hq+fQYq`f8Ztn(Au~#m1;NcQg)lznw9$>3%owaIO3OvdRP14-b3{32)X_ ze8%>kUcJ=w_Hovs$WP^k5033EhSMGe5sDWte%*_q{b~QjRS7I4`@!3V;bUOBMAXX6 zp%;6@n9chy&sU5;c^L!Fa3`zb$Q2r3RBbF;UN&m*Glozo5EQvhlNX^dM1H z%-#=bu~N$1IWi~_CY5T-$#b1`TxUooUn^G#>-BV< zlH|o@cwP6h>*@yr@tKe~`-y?;{v7w2m9J%w|m+p6t zM|33Dbj!C{6Q%CTragJOvAMOq-TLU^OR)#LZ$w_a{eXVG_wdta>n~sN08+;Z$1a?m z&Dx@|JETsZ&)Y}YMwynY6)#zlY=7z?p&$jV;Xk(N>QH@&?UE`dk5QR!2J?w2^-;$s z3AsEW=kcM&{8K{mA(>^tPo4F$E91vx=>ucl7tz5YUqC&%S`Uzfo&0Lf3-#(G{W(RHR_8`Q2#T+N<<&pxoPYq<0 zoKsC*KXR@t#ZaX98AC;>Z9#&4+STAwF4bBZ+BsrNK6meDpJIIxpX+k!ews#-0cAns zOXi%j%U?b3H}Ceuz*!ERy%pGAwKt*H|Czq{ZAU-;Vo*KT*t-{mTQN4TFGK{qA&yzMi_>^X2p2o1F)DZvPYk{{m%15wQ?v9by!jU?MS^QhtOOLvtMQFqWPf zM+&!hu6!8J8NB&00Ua;Ap2(k*_%Keeg48R6ttrtCkZeO-PZ68iEJ=}FcYTy1Rc+3j z%ub00;??Pu%95qt=RQg~EKO0GZg6k&ak2=r1@?-WJHj!3*KVO43-am;q@SEyxSn?? zbF?)5gn{n*Rp0n30f3X;7KjgCKYt_FC`Y%Vfa`13<9M%}To*8bTlvN%LFNv=D@Mok zHnT6f3yWMwdnavG6b5g*#Z#_`h?bV6ySrCa7FWAh*Vb>l*Wi0ZJ!;G1-8bsmpH}bG zcfH@VNzn`ACuyMoHm4-|PQQ zdaC@Y{~zgzAS(l)<^Cho|6q{+&-=gsaQ(Hs1O45c0{(!5fB5r{3WMqH6{_@fa zf7XBeL%#keE|9RXv2pPaweb(Jar6oC_VlrH{Odp8V*4bdjz~$E205Yif;`b^CA74Z zvYd>vlr&meQc_ytu!p?_8{-CnIVA-!{`Ge@n?+o_~uKjknKRB%a{-APFe}CiOwuQ5&kB`5Ny`7_r)Ax6S z+%M+xcQBV9U`Si(Z#(GkFg}6b1Ia2&%KSda)5pc<2dM8%FTlyp-@*0!IH~V&Bhbg! z{=0W3t1PAX>q&Zs*aZ69c?bB~`8#<#oc}&W>EF!M-^a(<#?Ia+*vUR9Fwn<4;QL^i zUx>laGW`u~Z|Cjpq3lDNu~(p*=XbY`tg_ti z)Aez7wsQ=2@(*+iaP$5FujS-_ciJSlgO8W5o%eTnEvGE`3wiu2yGT%HCnraHI|q;N zv6_Va{dFQ?U7b9AzmJpp?sQ#!yuQmNIc4eJ?8Ki}$H)60U=j)ao!NT-A&;bgBc%UD z_m5d5^BYn9FX)dsB=a2(dH;}q)a>Er(+)bA1ezV?z=mi(=7h1j?{**QA-+k1RhG)TDLBlK6?w_E() zK9yIN`aPNfUUr_Ic8-5x&JVD^QGcYP#eZQvot%F_RrWNh;cr zw46?k--rJ8!TygtkmQx+ez6hUyzE?@Y!paFKm|Ez8#^D*9}xV-g8V&D=0`vUWyxQt zy1xLGWJqriGV+QxQqnTAa`JyLz~5^SP0Iho8To(n7(aafGj{Uz32+Pa@jw4>vEUEh z|0E?96nq`IydCW@Zr&c}kJ$P8l3v?LrxN8~DTqHM{ttK5|5F!y zSN^}9g@0xJ`B!i359D7)iq!1un}a}FURqx6n=e?JRAf@_Px=2>`Tft}{^I{l1atvX z{;x9|TToEY6e-B8txZ!?ljH$Lp-?Ygydc?#lai9qX!P3Jnv|5(H`j1p9?3^c@(%wt z$@d4;f06(DjV3Aom&pIO{9j*jlIM6>FM!nl=LXR0qa)rIJyhnOWUYLyOE6IHf^N-% z=T`M|vs-I;hG)`>G?x?mryUCU5@2qa269F|$Wh5smE#o9iwuZB7%wuOHz?IVHWf+{ zD&{DTbaius9-(m)M&#uo5=-*Pvp~1&49Gk_*8&EpTLeQD9kRCEExoy%{FdkyF^C%t zMg3tax<&y?SHGS{+yv-D*V>acOBYJn!aMHHTSUh@OO=|yuntn>reoBlW@CB|lMw|+ z=yviSyUnduUwKMM^#6i@7w$ekq~Z)PC#GSn(%bKQU zFh7`g<3m!t`!?TWDMPjqr8A)XO;dJ_UKXDuD+&bK*5brUqE!)W_pFot{o2;H;FI}= zhJm+2UG0$ioH&Kz$wsTpbtQQdhyG6cq_cs0PVA~RS4*6^Ddoq`hQ2!&yVQ54)Nnq; z;x-c!-q)NfO`*u~mPw{(5J`4mUN=R1w)0SHN2WV^2E^{n$~%03DZBoP~P0!r0aFi=r#iSnd;R?YjCJG^Xd$T2d>L4WPw@ zCkE-eGp8Lb<4&U@yI+O6o_gAXds29Ngg-s(r@@g!QA5w+g%qaoHz{2wl$b1BP{s;L z5=&kzP<3dFF%`H~r`9KMHPaR=kpO4+q!8b_xt?14?mmO3RQ!6PWr#qY)j&hv5iXswul!8355)yq0+3ZB=D~COpJUDB{NhT(_&AqPeRrH98knQiG)=9*E~Yh} zCwQsxN}Iw$xO-@we3Vn};QsN31Fj6|mW%t-c%q=K4&1K;$BCDY1;7n(8; zo~$)ZmUpq=I3sFt)%wNqS>GBwMf=No@0UFVR1v!+3_hwaa}K?Hu{+khw*N{^5+J;t zJ>&D`-GWQQm-j0nFTZ>sUX%c!^w~aNKW^S=`1m+WaAqBKe{>ndfANz@YaH%hVcyv8`GFm&hj6}rfi*$)^z+K)>Y zOQoEC%Zr-9_ZTxuC2DqE|Fq;fB>nnwn!Q1dKB)__g}e+< z3JrnG%NLIG^Kx&wj%bB7CM2oy3h}t<$`~}oRqB_Ep1L(=)^YC&Su7Ujs5@@4)RfcS zRemI3bo}h6rmKYga>*Fo2|IR^oW@wJ^wrS`XXQ6})2S7*H*_c6E#Ktd_r%KI9G&zI zds9F}-cTIYo$}9rQ@H7gh0cvm1$VqD+D*Nox}kd~Z0Sw$-h>O{e@9Tn4<2Fv+kW~- z&VN5!ng5L&|AX@%$^Ikr%k!Uv)l00CfzrQ%E zefu4NAY;?3#-Gz(FKn426*^Y=$BF!T<^Q!D_($abFE06i{TBX6{-sIAo?pEGNh!$7 z{8|71UuXC~f&6dzC;JxvOM3JB)~+@0TiK?+Xo0_s^ebIJMvDK{LA3l={IB8zT+0Ee z*E79#v1@ho3X#<7`EOO62smGz2nw=ce*Y>@>1$KMfueQB4RhkbCs<)!#0EvA!Jm5M zpIEH_flL1Z`Ty_entz%4kL90a{gIRZrTl-34Eodl`!DnRp8@_w{tJLO;64C6eE4u~ zZjNN$85tSr@9*#I>}+msuC1-DsHi9@DJd>4E-ET2C@3H)h|J7Pl0_&oGSbh_kEAK= z?d>frEDQ_`)Ya9Ml$2y;Wl4HOTwI)wkB^OwjhdR8oSYmAh5j=W`&X|0g`WC$PXO5g zA^zt+(j#Tx`bb~X({vlLqPIyA!ugHY}ICR6HN~ z^7EJTVdj<>ZUCB9qIXU%e;ibIjf}+y6YhfkVD}&4ZZWtgN z)Ekf*O|4Wnk?jpPySjUB6K*%PceS>*;HjJJYJBVT#z%*4QQeyDqNF0VmS0_^pje|M zK3*rTuP&|hbk5E+Hjkg3bh@LB-)kFKSXqAZ7=ZF3bWkgVXkfT#x#Eabqy6w}zml5? z_cATUh^?JN(}&ct2z64k`KB`6%tO%NK=a9b)l}93Ls3SMq_2mvlB--#7H_L84ezI5Hr0_yb}T&d)otV<^vqE}?NZb(%Uwz8%c0X@olZA# zDf;q@>oKpWujH!frDf-9Xy^^`z)bcRoH7Cknvczk77m4oMJGm_|`6gZ`Y{F5CYE3Ri87u~w2&4;S8dJ$)G4^D@yl{Eeocm6h|Lb5(>GJ6}?l;H}$MQs$ZoAB% zW*u-i8OYCEK4I(rbxyGErm`rub-|2E1iVsjPN=7VQzZN96Tj6KZdJd5hG&S8OF?? zsBN_~p5SIw#DJqO%xptuM_(Aft9Em)PE(UsXg_S{n_kzx4)qjz(|eiM6}XF1nI;S{ z&b1rL-<8Z5hSOz>`;gIT8oH0g7#wX^J0m1-ki<|Uymd21uKi%|x!pw%pb&D(61zn0 zNGT2JWjp)ihKYp68somvDg)7t7Z11>zCI!XcG4f>0oy|^$-E!9J=)!yF`NX9L|y5^ z)DF6Eifg=<)#%-PqI*_&M@MkZ-DR26w!0OwR|G+!Z>>I0jaXB$eNR6uqs>MDY0+yC zZXz~`>5g?i6}i+?L4-uf5vnh{vs8`1nR_(}4ozx7`mrS@UOMv*_>U;&C1Yn=% zjx28h2t~Bn2+RsLq&tm3SLSpvN?f*}pBW}jDT_dRj2K02j)r)9x*R@~0eFwRA}H)y zPMa;cmyMxp<;lAJ!xy{Uwymgfvxf|UY6UTZ*HJ@|I`Iue^+YY4urN-x83?`AMW9v0 zo_e-AcMEEGK(H3ckbzBHfijt*j$aXr0%boydYN9N$|t0(7pvi)o#5%s?_4F<$3Vz& zhaISKCN#FEZm{Qi0{I+KfVdezohx>ZdU}=`VcQ5btS8?OS*Dye12|bFZidwm2jxQ` zKrUACFmd_8IVx8MV@gG4d@^Nwiq9}Lrw_NG5e>rbg4jeJRJ7yl%dZ%yoGdo@yHySbt|b3tWcCv>b=pIeACr6$ zh>Bt)^c{}JDhiPLEls?GWC>t{j^eRP@*!Q6o02&AuKAG@`E4iP0no>v?clVgjZ1Zn zeFp<9JOR}F9OrWZo-^Is#&b#|hRF2Pi_>7{g}2z|Vk~fsdcJ@QJ;=@K)yw@EN|hJ_ zmEp(wi|IvGC@Z?0{DOt4cAP4_@Cib*0AwwC$|`8Ur#>xKFaxPBujv4Aqnj{bS-beu z7zeI@!CdF4ak1pUHQqha6r=#S0)n;$#|KY};E62Ve3Z{L&M z4hQbwoX(dy2=~z_O)}F(E*6~Bv4vm43u!9f zPkQQ2A9BPMhn*B&AvnAe&)~Qtawsv>t%%4>j$V2+LFnSJ!hUcLZUj+2Z_8 zj*nElq9%Y}Ede?l08PxBJ9DGX`!G9TBN##I`6LfvubHLcCyucLfpa&;t|vV$Zaj#` z)V8y@`pr#NdEb<(s;PQ(>$V_-Hzow9e@oev%-jEQGB*AYX3wL0Z$+@?J%9o{?QFyf zxzUe{ZMX>{7vI-glX(Tg!6G|dWf>2q3?QHtoPBHZIfw?Ora-C*cOWAGGAc$jxbU(K ztI!c0V*JAC2;Qm+RvYh)(poJ{L5riwZmJE#+8yql{QE60(m(BlY>5oNpdC+ zbl+6T(sGL#GM}0?quV{qybH2VyTORDku8o>T2`mE&oJ& zkh?0g_dcC^g9hJpsWlTR1yasmMDti0-+3ffx4~HBfK<3)NDzE-MFd4W)i8ZZ=_(q5 z(PJP24bz@y+XIe%fbP$$q-EJ3!XFPO16i_@Z!jwa$cnaUDyvVQ(j8HC!6{RMM)9pd z;eud1gNXG_(5d`XPo;6&?CHWQtc_?!_e_x(wQ%y10N5jd$rr?yf}FdiM;{AQ>UgL( zrg`xN`ZlYPN<3YJxUlRw=;exP4+g-lq`g9j_|Cbc^>d)*lm;tLQ1o4*CP*|&^MOi? zNu{CAr%!MW9y8+?Q5^=={LZZ;shFQ`-wGWlMaQILTX`PBGrE#eoe7~MvJ(x6=NOyH|#9uS+dx$)EW zA&bKISKOHL+y-UrMou@*b-_GXrkbRM0Tguc0Q=CSYr98;ias<@V!qh^%K#9zb_z_61ER?UZ<-wM+& z6W`ubL!zLyfP&xH)B* zE@Xm_D$8uu5o7BL)x1YbuV_gsoA>Z2*=b#o$-ll7EtbFj)6s2ocL{KeSITNoq+Cdx zP7OvM8bxGL4qv=>s)G$;beu6;OJi1I-bl(s>G15ma=-OFayZSIe4DTo>yUbo`CwyZQxDF~-+Fa4e5%*UdAIGz(eU z7scFD3iH!@WUmymrESP~xVus8z}vN?guS}ude$NxtK-rYCJh~`454>X0!?ET_@%2# z{t{1Eq|n#p8DlGMu^*P^6}wGY%RtXLFU463rztJ3Wsl`6k%no_A7X=)f1MVUP&%a% z$Xf~?ve>G@H1ofDSjCXXYP}^I>aPAWCjYJ_Y)20kyRNVeG$cynM)exriSp2&5L)Tg z5f7{N$U?nutYCj#66hz2_1y=L*%CU#F z)In@tdFlpz9qFzk0X=kIN!@PmF%7Y7O`c}xtoG4H8dMYmS55t$r9+4Uys=T;qiA8E zgYnkoI_=M`q#BhedQC*2`CvR>Hk7W_xS+Ywk2W@%58W(sAIE(vkJ)yo>7o&RT`5X3 zMHAP@UUxa+J+VYnnkr|8?xr1mvJuw<7;DOBdBI*Km0(BjsB5G`bM;`8ZU$!!9aUg5 zO8-@R>CQ1hKRy*_rD0HXucYlGPrGtB?P)Q#RvxaTaYkz^#?>exIr~o0hs=V?;yj;W zeG4^t)KZK>^vQUGGdr zpJ-Q~_zJ1<27`iFuYfqmmjX)pXJj(s9130ibK`BMhnL5I zzBq$sZU0Hn0S3-N)0K|A&q#V(X^YyhWAw_Z#wW~6!p^8ktKQ?&K!G!4L$R|wzRuFB z^k5DHC>1vZ>EMBEThL?-6~E&L9LPpul?A;8ECME~t(x)BPyKj3YIa8+~m&tk=O)r6A2N z0Om)GvQ2v)ykxFIhk-8z;V47xTya zxYVoqk)zKuv-xBu^h75aVK=zc$1khG8j&uA`lI^!VF_Jh$>&F|Mu5cQRU@jfL2>x| zu1T|ro~e~6W`uH;5E!y?#5XvEzj?GRb%Guk8Cdb;3JoQuD!8~P4HiymW=zd;O6Y`6 zb6nA4_C4*HJWlQf_IZviSl<&`oz8kSAOI~TY&zt1jn37M`m*1vL5^jo-l;Irrcb-K zg-or9xXTZf-sCiyO^wY~o}uwlR;io1Upqy9{*DNjgh}0u!sii9Ls43^L`l}{+_Ne6 zL4ku~(f2Y|qVzt^ptHc(x86Jf6IWJbY3lA)ZA^0cPbPUPyQtpTMn;-Wj=fr+UsfGB zRtO`f@V3;y*VZ*kw#f4wG8Q*F(-tAkA2U-^I7Ys>P**$ZnKo76IXb{Oo>HfP^Sq~l zo+SS`KGt<8qi*pP@8rn-;ump>d=FUhX=%@hWt)lNnfQ^!;Sm>oosu^e7N*K=pN9NY zhplSskNPhsA&1U@q2gR4GZ&WQQkiIo%l+LW&Yt)qX9taH?-NfBt{+`HX}$LJ@ZhPH z;b#}-Ur@WeTwU8e`r!512d^$Xc$@a%ebIyc?gwALtTlU)8Ua1{Qul!D91&qaq>Lm| zr4z?N1JmaPYZ&o0>T?f~kq;@-A2Js|-2XxhGhCjSe8_QZo&DT8ulM?eXAiMV59xdQ z8PnG#BiE%3)@34zqBP{_9v&%!N2)!Kj=dnRon1I=K&nUg=;*meI+2e*UwGt{@krPE zvEkRp#z!9L8;}_sd(7~4)jYC)v-^qs%9C^HlsjWgj^~~_M?Q5ee(K)y)N}2rcjObh zVoF=?jUvg7z(|VV$c-x*8(}XH5o;R>yBk;oO3P!L#XyaT?WTYFrgPn9(9~x7F-m3y zxZ0ntf`7#(`UjYQ!2bWYJlQ`O>w7={*#0jmEh{biYx}

    8n5EzrV-O|KRuk?f=vH zX8$JzbCO(uB*Q+*>_0!hpsA^aVq*96^ZoGQLwsD^^A|5jP63i5VEy64gM*3SkWfQI zLz0gGi^Ye6d)s~R8SBl z5D4xbZX{PiU+<;g`WpY8d;5j`KNryXX8*^~xa)|sU-~cm|Mcb?p=`^Bh1%enGXL8| zJnIfu!JW-ri45<~2b1q!X*Vpt3~nz@dHLwF|M8y$zxCaY4Nta+NlcH^jY`SNw#?Lw z%nQ_^g;8k1V4$D|MM=puButZn3WR9T-JsJE1gU5>s!Nbsf;F`zRM%>$U@gKG1F-Js z{79^4^rcx{C@`Wy^0Z!~g;G*NZ_R5WsGB;d0IEqX3IGJ58uL&nUK0kCX+WM)qfj5U zfx@4FkHB=n@kt|oH)lpPN=K82GDSn3P9$O7=5`d~vbBm~tixq;0EO8X!ahO42|B^Z z^L{0HCp3!HWY#a+3?9H)TuZ0TX|YN$sN>Xx3#=Ft@_xw66lMDKHWd{rL-XS+Vstob z%H}f$F9VGPZDwIi3BZfJDW3q*u#+a~TxyK8oP8fWxKns8{z_BS@KfB(@W|ii}QTnLTQ652nFtBsQ`APeU)?PCx-OPf@aaLRCvcBDx zHQR=NOE|9Dl^^K}AKAGjuv`0K?uq>(Rw=m_j~uR7+6XRIY7IDkEU-+O?u{HRI(Iqm z5qR5)Sd?$(_S*-2(2(vR&JbkURUL~fiada?0Vf)3Y@@nMgcd%?iOO&lUQa*=3z&uSRpi>miMHwRBp(?3c3XEgHSbw0Le&htlMZ5!dUHFDTqn zFByp1m*+Sqx>a299NXeAj;z+HEZtUfuktBOcIT+B*Na8)uJG;Dw#+F5P`*Nnb2;_u zy#U2wIH>~Bz%g@deYD|X4Fi)-1{}tK4(Dws3?|mn@%iGMn(rK^+NeM0-=Rh}&)f)- z>G_Ktl-U&PGto+EV8jj!j#*OnlF@ihtI?rsGknO9^d(0qgtA^c~t02G44O47ZK zED&$aVJ0>}X>cl{7mJ!q4ud z7%C3eNEZ{QmMaHI&H^kM+z<;HmbBW9x(B(+(F@@^tC2kV@o-_&w2rZ=$S}7n5Dn@| z6sb}0?Av1DhO|mDj@|@P3vr+QS7duV3cFSRhrO?kt7_Z+U3*g-q`O-hq(ea(X#wf( z5|EOPO?OL5w;)Oj2uOE>h?Iz;D1uB-sAhd``CZLXRS4J%=H~( ztTD$NLwRJMHuy8!0q92>OiHgK{$L&N|2Hk;8|43Q@h*OpHGf6^^YZ;E{vUYjc>n)L z$^BjRewF_xkp6$*4;0AY{y(^-|Aj0CQ=&oDdF1SnT%>o>-Z3*TJ4@qX|icCdl>V>~T@ zb?ia-T`TqX6#kd^|BJviKQfB1;hz^w_V@??KYl)5;bZ*&2&uoj&Jq4qK>uF&uXRD> zqY;A_T*w>9Cjb;99Etn~$B_M%M*lVc|0VtpL-u?bed_zC{x$sb^L^p}%g-mscbxzA z`w9I6HIDG_48aHB2&B(1(r*vh4Dt>Db^KN0H!jBgCh?!dl>biRKmBwl@v)-%K#8x) zkvUfW8Z$w;Vy^0K?6~8te*#188HNG`y-ed3S{h@vtcasdgBl0zf%w1F3#=R%P_%mdy{aY+^AbgZs1g+1FZ! zLxw+MQnszJ8#?AF`Bk-5WsQ8o8huKsVzecE@oM#n$lF`LsN6jvuIj{W9G`pL4_n22Gac#@s_AKz>(-AR(X^Z8)^mtR5GC< zc^K|lm_<0Dx}rq{scE!DB&ExcMHFoi%rcrWQPDDnB|q9SmgB~dWgJf@%qpILLeVNg zcs1H8@$}A+RnpndFzaL)TqWxi1=<+vRAruF>ooPVm^N3m)Rk<~bxmVzG7MdYZ8A-R zFm1Ce6R(*;jz1ND0NUSFABgxj zUHq#55&R?n!%=LH-wOh;<9}#`1mL-^Dn)^jrCp_SR(ZmY0&l-tW{qUFPqd4<;dr%^ z>&3tuE&`t$VDt_I^4!<&c3q0q6l!!Tz;j>z+m0Q}H$_#^R!i0jTknf9(GpT7!&3 zf&zki|rrW)Ub|KF#3_Pz`U*#+KM?MFj%D=;Z1C%;z2XpNnP029BhMnW}obYYVsJEOm zJO&l}xkNSLoD?IK(i~O|M!cJi+xg-~Za#kRa_6oc?FPvm8}z<^rT(58--Q2PbGH28 z5Wb3kfj`B6IrjhlL0W%rwIlrVeFgu>=K%E7Z}{hMtp$uP&IZn>hs1y?0BNZ4a3`mO z3v2O&=(0;*4RRmIvg}x;|K7#;zfk_$@c)nOR6jVrui{_uPw~G6_>b-XKS=HGt9FEc ziLc-v`5b@>{D%L<6W!D3A8@c%qttR2BItZGo($#jQKq>tSNJ8a+OpN}nRgy~gU}tT z`ro%4KfUxf;Qz}kbKgD2ui;-%_{;NOU;>b1{C_u{f26_@{*m^*J_7Lk*Vt^T*JQLy zm*x2eDZ$z^r^@Lmv@y`qurUQtQSx!Ha&fSNv0#B%Fh4AqI2tNwECelu-`?$!O_AVt zHbu0$HF{KQ2QYFZGIM+>FFBgUgI{+LYs{s%h<`n|Rp}XPOdo#%E_`jp{Z1?o!2Tp- z*!Cs)IIee@u9GK?%j`?%+o=;zmhQo|b@a}8*!h@wo4UmLUbc?&u?lf<4cCf}w$BMv z2?|QezLKQj7NJp`;2UM02*2bPT&Pwairhg|*Tu%cz0>vE4&uli9Bd3c%;}lgxx4fC z7Va-DEl=ZNF#LBJFTMr;|EBp5_$vOv&Hg{`|MQCQ@*ms(za3aVUh)Y4Nc-N;#{Z#B z5iR4N_^-wa)5Q05KE(e`GW0$f>0dnvILKf{X|PJlYPe;Fa=&TK@~$qQi%i+Xp6<%Y zn@tw(MibmuOL_%UxhHRQn81TP-M}b4Y5}pX;qjiqdKcuQQsE(qm(ImSczN5Wf*u5_ z8X(Yr^&qINyKxBfe|ivf{?~#0U%VdQg8zTh{Pzv`|C9bNaxDM<#iIQOA06QzY2W+V z_&>BMqGkRQ|Ng(jfAAmhPfG@4Ad*7EuhvC-XUOf+p>6g4xs6QOsFOi}w%y8OQDZ8z z{HSNV_i8Fe2Mx^}&BK(vFF40IxnJ~1yd0_NqZ|=xWfl_Xk$o{J#an1bR!EuDPPdy=3N+ z5SKz~jQLCNiO&h?ZURD!I1jeqA(d?-p|JWp-mAj@HhN(v12Ppj~(g%9v1W`BL3k)tkog~ zWGZxNaG>f}=tsQ8vN;{La=kgH!~L4YOM#jdt?8G0SE*cX%(~W}m9*u2VeVsT6s8k? z*(@kFPF4+M1;2R^ryMea-#my5kJ$nEN_`#w9u6)x-WFaq$Yk$7_6~mK`ybrw|I+`T zSBU=@|360T@2qu%e;?2!2j+hPjd_3R|NndrZq7kRwlVimVnbcR{qhc!9zow{Rag(lgAAS5eL_ma9_+!gCoc@PjBK(Fq;deuZoUVoiv(r zGOTwBY&*abab9ZD%JAz~POlcZV^Yo1uk3PD_eKOBira$VB5_AOz1)+nmU4-+DxBvP z`0)v>3^mWtordAM4SN>ePJGPqiBKe&;vl{@OBBty2YAbQtm%ARA zB~#sG4yb0ZwdGhww@C5Yo54fOua48`=iR$}qhuie?vUN9QKD6j095uc`Uf)a z->*>s7)h`EcK-J;?$4j20C=!9FPH%Oc>m{z7W6wS9pT>&pamKZgMWcBJfowdeSLkwz1{QY&!0JS28;;uKec(t zBan3gRK)I(Qgw&uKXgHQi+o!?61M*Q$nbo5)oJ6s`FnBCGbkpYY?N`~clmsIxmX9; zy1jU@1kt34d28^S`{7tvwz^%*SNZUNiM(ddOySx=-e_NU`s|I2Q|F+e&_FdGW3+P- z7g?eJD_!zL`#={@)Wpj{@?qidT>TIQTf&q`h2%o%a}dno4M#HL?j39EwGXXTmMbW3rY{^2{MUsF>9GGCX&;jII9!GofyQl#f@fW@wG6L zF>AFqugA<*%vPK*>aavhpVzL|TTyDwd{QQE-}YHC3$>iECSreX{MRX|=eqNq1dZQZ# zAJ{Wvutu}=#!u;0dWQR3Xm}QQHFdnEx6v(q6zK$MR4{X2u$i9VuY#ADM)Or&0L6cVqAHK-H)pU-DaB{oS#PLK*9WC%|Z?MFK%xANYX@vXM z81v0^oh~_bm*IP->D%mkQnskqqSFrKDefXJA1=Dj6A8wY7oW-H9V3nZMTv|2&XG{*SB+pz0#|e>%(7xY&;Q z`-oCLTUmT;0|r!?x;zwflyHLO?f|DVP{JGX?*z-}xH;?QJZqZQLy{{yRC~zlMMC zwBMKhKm5n>Uw_W4afE*~fZ;E{|B&|qC=K%bKjZ_Yc;O6b-d(XX7b4b)Obdk)mzBz0 zemM>V@N*XGZ|dcn@sBhF{h%uFHT?4meIftB^MArZ$KQW{(~|$8*(3Zzz=QsOW&c6m z2cS?@jbl0d2de$|Tzn1x9?lj{P8QZjX5haI|9^`A&c`osy#M!8Ua}+nn;zjmJKGji z_>cNM)a{Y?0VpYI=waOVE9Jl1f5Eu#Qpaa_f64;=&7FKB{+(=We^mMdU-kdt1%>?= z{{O;4$MXMgUiqWukMNHI&>`jjpYV^o4?uBIEq#W!u#5ugXU;U>93ScXDGT$HI{8NY zyF1v~|1bmis{a2c{DT&OWBLD6-hgkyKeqWl@sDIap7a2{X9 zzsR5Le?t7n^8cs20pFtkll;^FgR1^0?~^FyF&p?P>+^Sa@-_T}z<06m`f=8NZMpG?VB) z8f4S&qJPI!rA6&*odjPsH**;c8E7W}BLaN>{CQ?(roO(upr9Z*IXNgOC@?V4!NCD^ zAJNj%($v(Hl#~QLNRGk;9G(BCJv#r7>=Qskn6v!BbNC5Wasq$EUy1SA)3 zwb*xORfPFe75bKym6Q&Qg)5^#V^ASC@AvhXE-l+7QInHXo~I;Nr`&i>vrhA3=f(NQ zPspjaA8lw+5|WTUy;JJ*3k#+SI@Wo%D-FBoMMPM{T-vRJtlCvJQ~3sO9=~8L)KQ`o z_0a%;5DYc~1ijQpct|pUqmf|^PnCwJvCvTiyYMb0RPn%iPo>u(VUCKV@-0)+P#G*j zez}Dyh~sS-0j*^}R=VuXN)1NEq14OO;U^5HwGwLWwNBMxGi_E=N*71K-ZM(cvt_)v zeba-z*7?(wYV=m>H-zP{V7ZsTZKBucO`I(3CCX zhv}tn9H2I%Z)^22RUa+qpu8J3BV|+n0z`g5+FD(aKEy`$UDl#w&1F$E-RDD*Qx+IX zU3g}Qz7}IA4i1BJCb;~WA<=}&1`!^FLYYivmnMdWX$FB*)ywxKdh_ypSwa9fw8fg1 z;29<#fQo|33jo;o^Z+Vs>K=d!-5dmpKS}V)1p~~0wiZ+&LdTMd$DTw^Wp6+movg6z zihgGqPk9g&XtZaWL6ij#U7gTxv&^k2OY z*g8xdKLC}jVE1|TEKkADaLz<9D2TGp4;vttE0SRYq?O`1@MnQHe1%<*431=}a_rp9 z`a$JJl1By?*x4v7PzDCHWh^y`ubPJvC~{A3F|tOa-r=CaFq&j(Hm()FMb&>(jx%n< zlwp;_v(-Q?ZUXhrX4B40&RdyMA_-iFZfo}h&WP40J^f^zI|htPl!CK?ZIa%ngQ6a&H<1(Q&lMfW~wQ-QnBnlDTGf3 zA#bY2S+o>)6w)wCdCRR>?z@r7xVh!m&END>)sWb_;@u|Czbr&7XVeuk&8Zxb6W;ww zyBs#8e{W^-Y zw(DcJ5&K-h#3>mx`(1IFt_2^(Vt_#XMJiBRdfwQbzsL!TEgCBsUawV-vbU}Krg!CS zp4?tJC zL=k7sES1=8KOi`$q($|hr%SXwl5V2-$y&}pnGrPA(C>nlX`@({0akLRb~3Fe)-@`9 zsH?hv>|>OMM?>3E{1y)|V^HV;NSYMA4e2bis#Z@WZlsF_il~J`L@IwVFx_umg`G=q ztsa84T%uFs-V;e{8JW7u#h@*wsIxXO!__XBti_fgw&s=W4Eel=6|0H#~iDVszP;;4QgK*;6TM!S<6Syozyaqv>Y2DZEH^^qt`r(?$?3&yzO759kuk@- zs6HZWS)bAGVA~JBFGxLK6Ei+*NkA&CE%&a`?;ylcZ*+0K?OjuCLXDH%XecPt{+|kD z{Z;+X-NMDg)xzDz#me_bwZO0Ff4qN{{}XfxKKB3r2^!#${&$@J^Cyt{e`Ob6!@swU z6Bz!<=Ex1~2N}Ru@Xs$O@@4#2J}?5rG5&wX3v+~j7=#2UM&|z%aCMak2~p3@b*QTg z>g`SL>gobVarE7We)QdjEDN6h6g8Z09Iupq+|Hy<>Q50Wb$NvdH`gQmVp!8-|FQ=L zDL&k`(;fuuy^n0A>s+o{Jz|ozgtt_>5DUeGo~2cJs0jmrb+SSly@54B`c#$-s3Siv z4lX{%bKJN?Z zbC4zskTCZ*bS*-!F32-?GIvpFaLZ_cB!&`nUc@OJEWXu#OB~H?Jg{i0=qjPBVq-96 z(K1gFDgYgwRzY!%_Gr9+@=@>OwQZW%)|=L~Dh_*SH{!|Lda|lyEp!3DS{Qy-|D);V zO9=C5{--?oVQ$5rXyOYA5Y&urR5wG47Geh#LugMK8b3vU%9A zz$;6df<0wZifSW~OtnXsYarCR97@LA*GK@Aln-1kp-opfE7FPz0d%5Lwn24veQ zCM}nP%c^jA^t4ZFW{!slo$(qkS1Y>zN^7)yhmg&7kM?T#xiQKo^+ovJ5%qmaQ#(y0S`?qY;e-`*5Sl`C$NduXr`->0l|Pr_Qq?Zi&Bg)X1_oBo*l zXv0QmnOtR*p*|@n#*x+mZd2!5uGMJ;2;e9}T}N_@i`}{$%2nwBnGaZS`BaT@msqvr zk&t)BS|-X1m+NQ97z$_7*c@`QPo}yTLeGvn3GBNSW&65_|N2>TSz6Fh+kve;O-tD@l#S4OFuJftoCuB zy!PbCxnUP$%5w8Uxx1s+y`K1y=>OmTTCW z4%biST*m9xUubJZtc@QGP>8!M1kLB`-K#HsMorZ_@ozTYB!@20tLeW`{=%lG9i=`VY{@d(w!PJ_TBq&VD|Bq?dpNz5nR{ z!H0ASKi2>MdddEycYn42{SS~Ly^qcepYgE&Dhs&$^XB%Qol!LZ-p6$Y@jMli&xL;x2ffSwpZZMxkJ9{q zQ)B-U|DOMWkAHBoU(x^n;`^T$84~Uo|3BeHIsX3t2}J&1+{OQhe+Op^I~y|*US2T~ zA$~K9OHMy3{lAKT0l_c*zrp=qf#dz(pYqlq@h@Vb5Bhn&{}1#BMhXC9gn>K5W8h{o z0A7Ky0|aaVfowov3=jYf4B&GC(98hXW&^fkfGq-9Hd_G5wgr7pf$T9L8-c7kCIF1t z0-z`Q*cdQ|09yhO0sz7mKx6}8coGD70k#b`4YmbV21_H5{UCp~0s`3r0%PEYGqPLo z3N&fhW((Mk3D_c#qW~Xf+X`f73uKQ8WFwG+0?Urs3XEk7jExD5A;2+$RRs{X0*Gt@ z#2C15jT|y^4&b1{QG&w)pMf2NZG%mNZGn{$$O$2@!C$tmEto?Sft(-MEqDd`)Mk&_ zW+RZ(1xEos97B59+m0c?*@J@u%i1EcZ4qN&D19U`ki-IOgX93`4-NvHAvkKVF>uh} zD8ZuOIKYm@0Y1z|{3FZ@ za`wn&0E>f!24@SB5~K$>Ot3ac4scB1guxktqXruT2MyK)hXsxU>=&dQd;dtf9W##wJNZW;bBnj-w z^@Rre*{TBzX0_{8(BN7pxp~E0(OfR)nNjbTtI7f3cIDVJ*c8jT9S+m64=!l~-bv&H z51X7880%&VOXr7RQ=(m=8#T;Pjn8H(MamQc4Vws}OB`bIhHkji?&G_uE3T;i zauEvi{SdrQ`mI)v6CoG1RvzXo47`1x>&2+gPiJWBMi1r9g<~wakD`?%dYh@~<%d!) zr;yo5sXZ;yr!$1>qdI_QO-KMKCzaHE_@WQO+ikZ;H$=BR1{CDOYfTR z3uDJf-?cNyHQT;rO6_~2K|Q|9iE#Dw^C5^$I=4H0lz;y<1O=7PQ=0C=461ex8Ykav z(kPdV6*O8mEU2tqj1Tnn;ze{Ft&Ny-c?ZVRY!4L9SlL;g&+e)O<2D(>sOrYm7 zs4?2~@xxGS_^Mh+ebQe@72aT?Hl69e`tW+K!Aw=*e#U(lr;DPStlj9&#bwc!A-2gU zi45xpZuSVL(DBBgrJ0??`s_7Gsmg4NIgm2pB}cTg>t_T#znhS?L|RVn6Jx_9wuSbDo@ zO`Kj}Z$Wo)9SJb<5M3>|vVcPBmX_g^Zysb2=(uC&VmcrOAq5KBQYOJCo;g~``Rvss zKY)rE3CY0jD+@n@p0=y>C%k{z!zNdm!qh(ZdfoN0lA9q^KJs|fZ@Sd*tf?nao>5|` z^!4YPqb?LNFRa*#BbZHB&er*aMa(FB7KyBVPA?HH{D8~eb3U{_ zbu9jr1Wa}9?u>hh+Q|xnTJqk5`k81x@*+lZE*W%@%5Gfu-7s2g28&WIv^#pb!=oR#Q_0Mt-_>?V6F15yH)FWMpK@(!aT=Y{Mz~?%lhfma)CPjfsir z=H>=^`>Cj?l$DjOuC6jNGEPrV_xJaMyGExl2tcR6^z?KpDyrwtpZC=_3keC`&MoQa z=*Y{<)78}ly#rfYTRlBJ_g}vyA|m4A;)?eTh>3}L_3G89j~~|`KD4p1dHeRQrGi>{ zN`{Mz%f`kA7!`2b@N!8>iI5k z41R&4H8(f=`1q`u2YDJ_B_ZhP5ieiv@9&T4xg#bgCro|bB$kC!@p-(RQoy z4S(A^-W-v<7al3X%)CQDyi3Wt#U=2|&K^QT!&^;n^U2fId-rAOnHMIf18gtuJ$d@+ z>5Gn=^{gx``eIUu;9x0m7>COW>MnnXvwEn9U?AW@p<&@jf5w>DxcIn$q~w3ZGY$YW zujc0EdSs=91_YOtR~+Rt3C0Mlt8WOzxKR;Ma_e?`N12OEV}mnyM{7{&4S#=)V2#n5 zN&n94c5*#|PTrk^!!>oY+UL*L_}9%{*Xxlom|H0~)_wFyuWT)N{c*6~>+`zC!DDZI zH}Ghx1RLNB((i9v$P;jY?rwT24fD=V+2xSV1CeJm^xJuN4`i+tB0xW!N@m+y+?hqK=ex)V> zeP|&%3aUJt%|nGSbnG=ofe1dc{Qo|H=CkbEhDy5^dZB2xM-17I~9eP z<)-FTFE%x^QY!W^gi$>jy*$$PKL5oW`(pR;digWt^7pVgF`4bd$jk-zdI?OK*ZK%f zFuV2*O#j?$n~LIEu}O z(g_}G3@AkWj1Of_;1;&rN5rb;@GqFRV9Ll?G7G|uU@->r`an?WloU>oI6K^SRj_s4 z>?}5Ew=V#dV#AMG8eh_#Wg3-9_)wVIWYClPBz|(t-5$k`xRgZ zVJ|cf#Wi`N)r;*H`cbAKSbXW69FdJ6fd}m~p>f&Qj(wwMzMtGsvLL1SPn_AXyI3Ku z0j_pfMjr_Pr?Xw0rx0*&1A0PC($Tjc>anOwMWneV>A<`&}%Y9vF zL>jvo3!KZSf-~fU#eBpX_-yr3P7UL65Y%=c>;z;EKZF=1S*iyXe8pS}^VB{;IBGVI zR2K%(J|93QWbP&mmz8}=Ju@2f0t*YjH2FD-gBCrU4&4=yg#^9ml0K1Qu{(H$vsX$A zjZo3t&7GX0OpnfpTH;<%!>*7!En}mr?4++oZ73aMKvyUl+tfi6dXVw%AdHFrJ{lcc z>F!Q}&Ej(vbCghnLJo8R(b|C2V9{h5+Ow)=2XC3}YeQe4+Shh(!((5Lq8Qgp5ztBj z#C_d-2AutQKD!umt?C$TYj9L^-cSr}bJYD41qk8FVwdpsFna7FnCwC{Va{$i8li@Q>+%|Jwe~FC;81^2PoiuMij#_}Kpc z1MB&{RgUz(Ifyv$#1I+({r&s*ySuwjo;(5dx%v5d(4N!R*Vo?O-qh3tDutk)cW7kF zj*pKI4-a3_)ARTDU%7B$NlD4W!(&lS?!Ju777x$D>C=bCFxz=PzUORgbL{NT=;;j& z4QCk`Hp$7;PM-#qzZq(3(6ZG>NB0yDZ<>N4o`>faEv>S$@>3XW5+A>bf+CiK<30=q zYNawVG7~UZJpsW20EE%dfcC-Dr%%_yU?G&0?EsL8hgXD-ehX=86sQ3J9VVs#0)j(B z8sLM8$H0jmtFiG&s;ntI7o?|JUOp73SaslOLTgO z(07BBhfk)CQ7RCYeqTUlX1zPPXw$jWUdv3u`y_X0ykbN7_&I*}k*>YoA!(Tf-Sw%~ zS>`tFH=^tMj>IP`3zak9wcB5RkV>cG8|3NNP^}lu*>hvzW0>OrE44=~&C+YT>Oy_Q z<>t!<&tp4UENrewWP94HQ=fenM5F4n65Y$RfWC@BGKkd|71w5icJJnDe>rJ+U@keY z8M_`$)Lo92+Gn$E3IX~n6dp2DlGfs;2Sslm>m+Qnv6S8CvuxHTF-_0A<>W9ol-8>? z?iXR#<`p&R@;P@)YMjV-M4YxtTPt+JV)ZmG+a~B z9_-C?!N;l2FFRrtjv85PY6%IQyXQH#tw16DdF)EIzr{fYz0eE^t9b~um(OqrlkvN7 zu_C?})5`^dz45|?{3YwmpQKqBBM}awbo}!X7viJDo1w+l^xZ5})=_(d_u?=a*rO3* zPYe63g^VS{CNvW^$qG^g6Eh3bu<8`m#S|kyTJoyBvwy-aH)3};*uj#0Ll_o=a#F+O z6Olz6MY=(>sMo4k0i&)knfY0Y`g0W`f%7P=8m0rjxFu?-+4fRm`3}#b{fA75ynCJbICA_L|$G&Sd3a8RZ2f^oPTWg-sC)^VLF>IZqWEn&mjcV+k9; zcfmdOdMR&Bn@(A#0+rI$Fn7m3jRyzl&jqWR=S*)+atIRY8te&@d z)R`I94=Z-3Q;B2h?b_$tNi&vlB}#%b#v>T|&WkM5-EE`s&73_?c6oXvym2h&25D2cA%Y@QpLaRCJ<9>3~=N{Bu09m=ePfWYjFbl{4$2sp98gQMlL>=!X!-*v7WvZf4u_C^{YP-l=FK zE>5^(aq9CjIb3`i(s@-hni|cSZ%KNbLZ4$Q>8^FueZT{tn^6Fe46jwIwb<1UeUmD_01q`n;`<{xKM__4$ zk4N*9&=H=r#NyKSVa#gt+f8&6H^6eUEln})R==cDqBssmt&#L$RfEmoo`ZJv)G@CG zD

    !@ZJOFhBZ|vJO(kQ^lDg_dAU}Zu29W3QvmEq{`CY@_o*%9m^s`KL2u8b5x>uD zeTOL(#5%XG-|0hF2)wT>z|2JyslrU}k2 zeXQL(B#IU(K(v(Q*+Kw?o*t@P1T5+90w`==5-y;S~Z{LzfEik_(6#S?@^7 zxnL%z<)Y)(!ei@SRzbJTYS0^LVJOXh%$aJxB|7_HN>-I_pyX~c3P(y0*{@EJ)i`l9IM zLK|@}(L7P^_%x?N@@G1gS5wY&RIHcbK2;PK7;wtEg|&KVJ(>i~+=UA;eK)3PtDH_gfcn_HYQ~G1@9%KY_W0)0us^{DmP&DpW3xOM53m7a0F^j8KmEB% z+AnupKHn^;Hrcj8oP)KBzzt=Mcu6+rD{B8g6aW%!wH;z zs<%hl6HPoNWs6p)kCH_WWO$fL7IBKv&(BArlS5qbio~HnW@m6EPx^_FX+2dh<>2 zc86J30a=^ojW<``-o0tiAWM8;TAOg7v&9T?x_O`PaTj_%C${`}e~Pq#uYNL z0m@6jd2<%1E?|Nq&M>I3`2s_C%7BTy4zjFLiv1Zuu7=~}4cVc8y!5#Zb<;)Id&;<* z$Q8ejm3h&f1>GATu_j(ZDAUV4E&y~nS$+z-yOK3pjM%&=_pzoK-|Vtyr}GJb$!IZg zstgWfo=|4xxam0}u;a!THRE@4F2?8Vdg&PvC=}JRI;(;DYLOG{QMZ9F^h2+W{6qp-qG7gty_q(Re!Di$1S%L&$)4p&$`{@UW6-PBk8{fO#~E!VR)hg|rXj)d z89j*26V|eVd@F>R>nk;?E@R!rgGRok?$opgEX zfFBy1Xjgn1C&ixX^QA&A;Q+^|{oTdQO3q?Li69+Z<-83ui#WrqDJG=e}=j8s$gO}5%-1gpD$wi$s zDSWMzLIzKZ@bx0%i;ICj8VU;HIR20p0YMIUdn%)^}#r~%OC|&31=n-gRbNUb5Y_rh}6VbOI-Is22uZ z7c=#>ZUL+B0}CVgd2e}fMEJ6y%4N)j)Zwz+It&jdGA+*oH*xK zrsoGG*GJuiW5C=n*g58g*;n6n36;ubeD51G;8skQCUfmlic*?} zf&6n4Wq&<)%=bR%SqU&Uw`kUOzD+Hm-?yOU!7pK|TS~>UBENiimTF5LBKOrCeS%;h98O zvc1^zk_e!Di^Zt+t$28$Z6UMU)%!tVQ^st}#*;(**=5G16v~%4Lfq!lL~^pB=82NY z6((;@qHL_A=&gNNbvOqqJ1KHsZitKf*d=PC_>EpN@rOJAx>c^bkdN^vdJej08A+eKOj0)0fEmF(E%c}_@`H`&k(o*bg?K- zOme(U06{W8U9$RaBZB$hV@<38B_;joSPyH}GHtxw$iXrIi#|)@q=wvGjd?{e6Cr52 zhp|M{g(!M7Vpo9Sq`d~Sb~s$UL_p`4s@f;$7pOOG^ssB4zI#FYB#a2={5jTsjYCIf zqxM-2Z2$53*NfVcCv`}uw6|kD@$j|a+4Te}xly}PJB6h+5P{bVxndYB;up?SKQ^oO ztELKNI^R~!#6XDwrB0PgcAA!d565#|R|z2T_jx4B!O%2FOs$yKr0GyK!@#6^yGm3g z)U&=p;@)MncMbC~G1+Wkn#!jxP|8$INSs2UrWZpkudT)W6#eN}p~N7tO{c2gq`m)31rz1G*T#xq3x2_Bw3=Q1?X zq<8gY+iss}>>+!Y#%<|QwOe`CdZxonR@(nehoS(42o9l zV%&xC;trq+<(`6~I(2=%-9;#lA|Ta8zS~7E-c1w_W#;W+1A4eMy2xF-N$|UIoVxL; zyXaM+RLMP`FCrjR0F=A1TfntPz!-8ipqH(%TZFey&bUujwVMVGA#v>njC+V)biuG8 z_=R1<@x4S`y@KKpo!nl^WhnC$gbIIv3g|s;+>OBn(YoFbU_+VVJ+Ry^Eb4CK<$gxh z9+r5h(u;2LS_p+xU(o&_oO&o!d??&_C^BFuI(I0xeJFl;C_LACqFI@=7b4W-38wNx-n>!{PK?>)h+4SK5aeEX^ABhO4+pXi`S+ z?~z}l9xf9fA&?rW-5%7deQx#QJid9R!%GpL72 zWG3%8jdqHUO&C-8Y>jtLkNQ5Qs-qseVLVyMHRU3}JZx-%K0a20JyM-J-OpvQP&`RA zK2n++{oHtlC2)o0TC6f$<4Mz~n3O zNf{gqp@T7um2ph&>4_qR?Bx+YwK+8BxgDo5mF`iEgQ-(1V}>R?O}S&u`lDzy<6I{5 zwt@5ZdGn6jGh!iQq$ZP+dE@s2CMU7!jPqu*ji>EA<}AkV*)!ig$mJXopH~_mS6P{y z+eb`ObKmpW9=j~Dz|=9yo3Nm)H*3Ou|BUl=bRDIP+Pvez{X&|>V(vvJwK;Q~d)L}0 zy=%rA8OHHCrlI4Dk_U^8*V5$5a*4#soXN_($wXP+y()2Ox0=NpCeze4cbgJsNwyaloR{=ymNz8sMyxEQ z1&)3qSsu+@tpeK@ zZQ_r_6GyQR*7`&q(b6v1Ge0sr80#Z@(z8M^O|c>5GPPav$Z7S7Oa3TsEv0oP$vQh* z;l?AnUEs9@@l2xxX7U&=u(Cw-)PLe~u89RMFr2eelV5(bqJwBFoUDpqQ-OAK4)uI; z=XlCz6tWnU%M*F=L5hJBYrqJR7ZVjh^8IMsd32n@))&v7GdwK|T1sbnqEh$FC*^s% zsl{$Aeak8V*+-N+X9;?FUgW3~bep~y33}1i{$hOMMJx5Qape~@b5i;hHXv)8tuf8yEN=k2+(J6xAutmJPCJa{F9c(tDYnlEW0YRs*TtQ8Tr@8(?To`G$HS6l zBIpnw+QdH$wGj>P@L-+iIStv1ff@2Pk;dJ0$V@WZDpha{5myy?#ozfsg6DM+oy1Vi zu4vbrmDLYcBv$QeAM;qY@2bDIeE6~C=8IeeS&RBpTN|F1JD%+W?}z=~blrF}aDM+3 z-Uqqh{nCOrLl5@H?x>Sp`y~4E^#tC*aPYw>Vt*;=VD;2N&>eMeTv1gs9#JzMZ`y5B zEKxDYt6TXbf-iZBlRoPNJ>5kdv_AN}MR#x$2E)OTl%$jtjgE;7kB^8+iVF=(jN#89 z=8uVwONfX{63vY-%DI{sPMMy;PaGXuULkoizoNJ{FQuWmvhH?cOGkH8Ps5$Y)b`$y zuKKpfp0TNf&e_SC@cz!a#ifd*p8kZXN}5dH6^4>|02FWm7Dw*8MWXtYYathPA=w!yhXj(d3;*Wf#eJQLs z4*J9OWuuwARwKDepvCs8sK@i=;f9LI0;w=88s)~y=@Kp!2=WNO z5sk{$3r3ozJ38;&ro_YRRO#*N!~igc#*wD!UjEjRvGLjI#ih>BD^b_O`t}O%A5FlA)D#@51-LZjm%DgLT9G&o&US39c48FkU zSGureMty4bK#sv3e3r`(@EzQ>Cz6%@@|YivVw`_majDYPA-p`EzTXB$qCiy6VBVj1 z=HwH`=c?>86~QuXbIiCWYv}a1>n_UA=8vkD8ZH`Aq+aAoO|M^dic)0NHkUx4nW}8Q z-o9Dl1v#D2Eb>zJ+M1wqs^Mt#!*gl2?&}}kl8lltDG1^k4RM+GMxFcQvE{9|T;LJ$ zIi+X~j>3K?>$7H!-`fxrV$X*gCwsd?(BwTR{AH+LwY-FdmTonjVLmCUnkjP#))X~SMrJvZd4DfSbbdGAo`Z??AxmR_@UH|j)Gt% z6S4ldhZ_1ud2b2z&Z7h}&cRS{q30j&KwdZBh+pCS}#?%6`1o50l~ zvLEJJ1eq~m&g4NiW`p|%vz2vAF@0FK2&11#A4QRY4380V2oG5%@O&-;5D~47@3kai zS_N=%_cnU^QUP2L+7CI=JKteAe1SvKG1c;PG z5(KQFN)rJ=ilTs^fTCdU21Er!#fEiVP^@cT+q$}Zb3-WBb>Da2@A=;U|CeW1l6z;) zoH=vOnbYo_vLg?!7|r{1wLZK&vBE7?erg5`Sv*;nmm^_UeFxn|wHqiDGinhKHMVyR zm>QV+*QM~Js@pck{*~Gw=7|oyWty#li;njR;ORo*9ayN!Z6=(Vd-Zi#EhH!2)J2rE z_BdM%o8Is*=&p{&FR@L09pR-XK>8Yac&g{6xAn&<KsZTjuwONXJ6Wfc1P4*7H4BoN%7j&WSyvyaCjX8#|?mSz+e)e=f%2I_w z&tq@VQqbxnANhADYwyd8uWmgVRFVsO)F>5xaM=FLG#X>0HdI>b&bqSm11?5k*__(D z)8_n{qhB9NxBhKAb@zpBd;`vPBg>7ZPS+9+X-++9daml&wLJfQsn;x{XTD20OU#?; z-%<>1=!2^oUf~G@p1a>0)7{%`)!Z#hHJPX1Dy>tGC@RgUfYbT3U&Ad{m%hSBYjj$y z1+VH6Y`*bf#(>4j+ef(Pr$1lDNUwQzF);7lxhH4(UD3`rvQ|kL{hjDP2#`r;8aUZl=)I7DB}fmV`I_wQ%E^V!4(ZjG<1ISt`5u59RPr z%8glBrN$4AKhH7RpS9;oQ10N4!{?86RyX#h=vG2yG`%1bGqOF`uRnj)o+7o{l!uIs z5WBD1lNqB*%Py+<%Ld1Mza~MERI+sg{-9X7q3dCR@55tGDsSQ%am7@fvWuzvd@nnh z1RrJ?#g?yax?E@R-aq)+%oEf5pX87eKt$IDwNZ`Pkeq|w@UqxeeihMdkt=upi;n>& zk;YxzLxq~q#8MN|I z(H;f44*j@j|v^4DF)yW628;>fvFBq&iCAs*Zll`F=nIFyPXm_=`N@`rn`u)#t zd8xJQh`0&7#2H&6E*(9SbP_`|bl$Fx0 zxM6R>1G}sCPmCuEbRKNCc9<3RBxS`r{s9k$T3<)3hyMCJdE8b*rDRAt&=RNd)J4Ki z`4{?wYo6wh?(Ur!(BXWxNJaDhi_Ky6lEG1}>N;uQB@!Q-Ijdw=>kkyGHZlid?bn^Y ze+;jwde=3Mx#;Gc*J0ad?Ws!4xmieDlzX`U-VQOea@$b|mA>`DG)oa+wFiHo9QHwVoZM+GB-yKf{M#>EV6WSD+|hzWNw+~L`g{{+UAmVbvs*HTP^G+ltPK$y zNz;zk7~mWQThr!-MJu0@-1fF;?yi0TI<1VDt7rcxRkl*n&Z*e%(IqTKV>Zj9vIy_A z##f8gqJF9Oe5I3oA5XBoHfyr2ZkOF&!K2Alx`%x_)Lx&L!$=QtoZ9_l1gR*Mp}u4bP{sQ#IiKC67_&)4yLR_Yjt?TGF$g(fN$MH&=BOq9klPm8dQb>7g` zAlD>)y90-wZk?*5v9F3q?kwVWop`w4?A0phSm~vkH~k#NR(_C9=9>o9y?QV&%X4`# z)dgDAKf}h!;zMubIjp?Ydnk2?_?l?(*Y$nsdL>$r1|FK7wlPjdEs#E~=~HWl(PD~f zeqI$OqAdS0wRR1PG2v3#%IO{#yB90TrcYe*FsM&8;#u&0!BBXcJw6kfcw~#)nm_g~ z4o)~YfS0n^Pd4&e`bw|7f9eT(8q+T?yDV~HTd6^2iSi1?sL~lB>Y6Kp4X&!E|Wbk+Q_VVr$5`>9Q|moE}k~?VpZLy>Vx`BT)@4u z^c~epf*V36?vAPni+g_+_3N_7fl1NFq;r%4uf2D*(5QAs)%+qQ@hE(rk%R8cb;hi+ z1*cIRA@TC=t&FHY6PvP|cVtg((tCnZswls^PUdk_kycr7l5^MNN4vTouibVyckYGX z^5w3-6>B}S_}vMv;N-MiGv(X(e$!W{-jx$?8r7nrCCvAk9O?D>@N`Jug6~q;bbn(A zVOxRS;xmWN?8^(*yQNWCuX|`_*v_3tGrQQK`m5%I9DEX1yS**gw2r1AF$boq2JRYgML~^+8Rs_yZAA&Bfd)yJ`QsE9KlhL3Gb*1>I|oVcNygJ@j|{`=o}C<=OfkT}Q`mkoNyS0)g6E+s`c&vv!RLEbI%P%~dAU`$oT=2T3JtR}lKU~7J_N-fAusg5rQ`3U%qO`CUrJQ?KPs4J9 z(2awHN!(acagtnkae#T4Ptwd>qeVvLG;$A8Jwb0Z9Xxn{unOeyixdBU@ zG}SM6M1{}o(zbl*y1T{CB1^m^l=>h44H)&%bExu>sQ?-?jDtU#p^1$qQE z6~aP5QA&F9Ei^(hGN(auD>Fk@LFri#gpw~Tf=cq&6=?*nE<&TGZN$=ORnSDV7%gMk zgh1)CjKF3{A}<3AO*;TA$~~FBXvpqB2o#bkRM1KY{G})Z$Q@Dy@YfH+7gbxYUIhj! zSX)xMt`JIJw|>L=a+G{k?dIHa2&$=TTDx*(_Li+0f!p@v+U~c_Y5`;KJ)SkIeb%9^ z5Wr!#Kyacxvk*a~r|;bP5CoZqzMg9*&J;@YpS{zOiG_|m*z@Rd2Egjf^SV3P2x9M> zUhAX5D^zP37?kv-65NK}Srb=A7fKdguO^P+Ylng%PvM4A!(SOPRvn&Wp|KjN4$lB+ zro!49LsLuX_GXR1*8Q0)D>J8MqESZ=95{41eLKK+U;F-! zlVw75+s_?Fu-$Rx#MSgOWfHgd+dg>s0N~qpuW{DPS1&V#7;palcZ8Olhq@=9yW$}+ zsaKwzJ=H2HvS*Esl-b3U0$TdHA&SX&@e9t0SN3aLEA4aGN7<(893yQVWA}oRlA3jEOSk1T+qN|A+?#{f)S2R#6VSM0U-{~N z%>=azt)MGHkI3Sx$n7$|Pbgsw4AP*vWef!4jAa63! zV^z^f!a#G*>u0^ej0}p*bbZWTbBBnN+C`jfPGfXityHZB;nYF2g4lYM0_`*PyBf?Z z+&rvbIo@!stD9zQyJGKUC!^eThSuz+U1a^yCrigEp__WEKx?i zjJ~!jw6SDR-*FqI&bUBDYO=+=49Y|kwW^L-1&ue+M|W5@l~gK~%<9r&ee%dWYv^4R zlyGNWj6=@tMZVjV*td^(cs1Mj+71n#@8*#&?QEO1@Hq!R#W88{w{4l*XIG_Yoz@5p zp=8n*KG7=gUPdMlgeu`u>FXk*TeqBy8iem?*(5)*p1<&Hupd=fEx2RuLYjIOR_RhN zT?K!KBtB2p&%A!M3hug^4_mwbPS+}(<*H%|OH=U5j8x_OZVkB)4yMV6uVJ;-M)m0{ zD9*5#YHMF)g+35Cff}8$dNrB2KZkBJo6;5FX>fNzsB>Co_R@>2&3%C-N_8h9uZKG2 zt+eeJEOIHSP7H}VURUR9as2}Nl3CV#@jI)hOvvekU3(e}w!AXr$*DXb?+#IvN_^$3 zxNRUjr}5o{a9k6y@Np;p1@Qt4?<1dj&gRJ5$J6v?icfpe(xDRbq_xvv+ml@Y-0?ccXshd-=8ZdA6gc4|Dc3o*r(b~qQ;u7(k?K}1q zY%Y$Y zJTr%;BrTb>t_`}rJNxN_0nbcY$UV7Fdz2jZM1XL?buwiVcv~?Z1*s%oN`N(Lb1&}U z>E5IElUFy0Yo=MTQ%}=r*lHR_nlEc&VR$q@m?cG~Nx5o?7siyehJr-)F-!w z^jy}~_az-qi&%Jl;1}l&cNeBMkn}UVNsem^>~?XV`R?v@S)ZL-VznvcfL}3Q(V)Jy z)g*rU2eEheZq1?_EPeE+1&8gKyWe=@B6dfvry}bBE3__lN7sg}-Jg~&+*L# zUfP?vE*`o#{KeH)H|=1$?%P3Sl^E*Y+IdrPC<(|jglDLpkke4&!(AhFuQ+{~lax7n zc7@+AK4-llCeMG#Ui7AU6h^(Ak%>LNFW^j7=>WO3&6V$=9zf|z(};gPmt7Fud5dgR zv#a0vs`Bm-ziips^LE)!!gKAR)ZMbtO5(52I4bc~eD&6>*gdf>Kf%DqLASg(+fO>f z`D{boI%)Ss4O^NXH*Med`0=(-7jz{2FTOixto}PO-W0s)(d@rj!uqZ5=HN6RTX3M4 zIr!KjXZ?T=c*CRcFY+CHKCk~KSlC$EK(O_gE5P&ySz~0Mh^E`CkMp z8}LGp|2+Tk?~wn8P|R5I5zJ)MXkJ{b8NrlbMo(nI9*MCqY!6$QJ6MAMEWj6Y3o|om zvRML?YX&~jKZN+7oBx|A@J;!rF*$55i^on#`B$d$_wxV6^IrsOEAUEy|H%KpLj4~D zF^gq~Gh)r6!8^Xq!WVPRycl6A39NWtw3$DP$20@R5swva_9d76M+5wrs{ecLez~${ zi2X-nvw8pG6#icR318U%Rs^g6y#MiET!HU{a^P^835%Ht4l(R-7BfDAL1e|pq?j@| zoLDB}4?29IApRry->2pO#yelh|Cl}auTAI2@^5Kr1rGcD?ETNc{~tsGd-9}f!*ldUNAMl$;;gt#+#U#1zI|rnUU$_;Tu+_<}e+39WaZ>V#foE!HnXA zhw;%o9>>AVEGa3;G|AGGoe*V4rLW;CNsl<^8*uXfEVOoVF!Er(_wfPPIDnHFE1G#Chr>?b8N=XB(_p#?F%Y`2Vi9Z?M#O*{%<$-V zWO||zhY5ykRXkQCD}4M_;mkSAgh+Nm93vhX3N&ISZ~$qU4g+HBz>rq)hlk7y$eeU!VthEVm~a%E$956@Ff@Xf zO2eWLml+#riueV>W{z+KJ3KKC(9)EXz>Y`^=edH8Bj3GPT%IYLBjk=bf7=j1W`={4 z1l*CJ!#vZ)jMzlxbm`^NW@bW>pJ6tPKQa@uVKpJd8So=VxGxRs1uzTPKfuS-+1DGU zQ@p8OKyu;PmZsLGgkdmFzT{xo$<^7{%a`Ve*R=tkVWAyS7XTi9<_t3uG7tjIo8(VN z#)F+GuI@g=Kfty z1{a36!4;C1yQ_~Q-WljP3Qfod$iQB{uD)jOWHVQa4~+1IKTPut{0s{kJX_S2?n_11 z5NKr41)9678y%1I0B8Z&7I;{M13`a03M2EMK@u^M*>pWFQ>Z;y5qdrr7BqircM{3T z-`tDjO(zk&0<44m0DauOU15Kk^DxtKSm9iR;bPfQY~)qYV`CBQ0drCiT)^aoGX-D# zztGwubh0&P+gf=qvoeDtxwLKQVx{IUw5z2?^gC0*oV^1`W)IJi5x` z7ugwnTwFdMdpv7=YdL=~QDjlSG1FmjasOOU$gq!ZAdN&FodO~O&R!&cf1uDfX%$f$5gdR5#fLm%D10drB78(RM8(I($Bc>`5H$*oB{#RflAc0i`l<`+^quEJ3c35J{e+8@?I|-(T- zEP9c)wzM9V3V%0W8r?a7?mq?<7VUszTcV3E&0Az}k23{;qHspcBS*YhcofSdj1_N& zm=<8eFa^JVW~+gLLGI>DcEnSC{lSJN65BW~FD^duzp?`$3SX!x!53sx8G*=2jEx24 z_osMKoavuW1hHfAu&Q_ zOaxzFp}B}`0|5Y(E`FwHL=p`4aChf#G%)$W=ga0GD9cV@ngOT*KK^uH8s)173}B=o z=K63Om=qvfAOEk~0d6z_sueVI16Bv!7e-8~@3x9zro^*>3IffCMcN>WHyx%VGsA&% zu$T#Zitc|G0It( zkM{@T#&gD~CX_YjQP=tVy+&O1&qs4gkQ3;H=uV!u*!CcIYWh1fRxllj2e5$?0`C3@2#?K<{epTUl4T5!$cKoH=t$ci0sAHk2r&^x zCPd8eBM3kN!~xy;IW3*pCf-8f0J`kU&LRei2oL)<`;dX^c4o%`8;cbi!A$tFyBQ;l zoyY@>2Sy}0`3BGthxz-B!r83&NcNZ5#c>$%DZo4w22_v@<@*5Qm=P?-=l#8rOWzZ& zQS?~xU^4*w+2?)TMOR@O69hVtt?c_lb2;EPJAoU``cho{$KCm|zlgp_KyDm?JxH@j zrlQcocY3fu=miA9gtc<`neHI?;6tGg@0-93LktUG-yufFh_`|mw(dSuummISNMsl< zek9=I?hV2;z|0&AGkorGk2u>RTf)`%d*&lzn*q}Uu?xR%%Z=HOLUZ%WP{K$!L}X5W zW&i!NkO;8bMKk6mghz)Z3oW^^aE7-#nd}9o{+aEKSZ;t`LPK-Zs^l_3STtHxsq&L1 zrO3!0BmQuFjZO&y2ByDz2(Zftz`P%h9{UG-JNbGEeP_gA6OnirmEolu?)`U*HH>H& zj~74e4Tu)aUx@$6!U-K6;c5wOe#G)eT>DW+K)8a#_WUrtzh1QQ@r5tw_l;=7kGvBL zut-8Tf7m@invUQ(j242;H~oz9SRnx#5$}yg(#G!pGp+%lgYkhh5qFFWo6%|GoH9{# zO&Ap!=eB*zN&C`A6vpXBJfRUXh~hfqINvkRYnRuM0g8^hG4}2Oul~ z4DcRkA&}u{v>DhMz^)bVjMDvN?)*G!DlLcp#_%->e?*LMAJr~!xqB9{K=j_9s`_9hY*cmJ#GxM5lbGa zj1grK%%Z?{faJS=e#-u!v#&4(@%K};vPaMWFT@^?#;Dyd${m>juN&l$fK&4ikQh!o z35nqg>@~2_#z(=F_{FRQc03aA|B^fr%t!{v+yJfVi!48)v;Z4|Kc59;ga-$57a$cy z3&PonAZ;Lw77s7=x3~^*Jdxy^>F1I^BANs{5Xu1?sx#nepd4n8eI2)H2KZ9|D!|ts z;laX2@S(6HV(Bq~3;s8QgCk&&(XH%(A{reXI2`f7!Tfp7rwBXzc$x%jpzdG`%g;s{ z;jVu$7Fnd8MV9c72eq(52DP-a89%-8vOb)KHRDCI5+Y1MwwU*m@mZntA^y{_|4v8x z!&Ia{aE3&F{*O_!v_~j!h0p_pG)3zUmVDSY`+3?U4kTjE{dhDhD;qGHH34imz)BO1 z7S2xKEC9LBe?WZ-$ds~EzNO4QXKHH#P_nSKE#T_0@#2|D+*l?!`5d^iKR-dAv0gu( zBbb}5v4uIo*dC}7(G*7_az8&D5^LwNVZL2S;Err(p9Qu?A~rvd z#IPI76>%3xD1d?kWH_Bo*Mh6AByTn_i2+I+*ILL_ju7(`G1ZkrWq zT5Ee_YhZ;EY?1u1P+~QM3cjfk-cmO_Vtj-~Xrc9Zd}U9SX>nVh=1_0-~PAwC_k{=%47`k+{*{3~6C! zY+-2)69^W@V8|pJ7a6$BaJc6hz=9# zPBW2&BW9s6)(#xJ#JGPdH;M7X{@O4I;4LP`IgAGH5tq>=feFIdqMXNg{qvb$f)E-U zV??l65Y0jUjB`u=r^yIXL;r9RqcIS3#QPDYYb}Iy9`k?x#uXY>uQQyG0Mlp05LWXD zT{Mx+zaWu2jv&Ii0DmM^2kOLp7>ij^!YJ&RgEk&5f*r!mKaJL?lOaS4I4Q#No{{Pt zB*Q<>Ga9L$`eE%A@C3$OK`>KM?)Q5$jt1#Lq>_n)Sg*iw7(Z{2uAtH={vbBvKRQ`^ zME{GHKxq5^%~VGMzeoUW6qj$z@`rN*V~(2>;zf=G{f2ATzUe=L8jH~quOwzzI8aR^ z*&LHt1}OFWIk#-)45yia6enj;6bI8NPBajJLcRl`6K!GMjChbiLi7skB?N1Xl*%&W z!a!cg+8B9W(A*ffh>SRx>QA3x<^(7Ligyq$^ZIn7PsEa=L=-7!bE^?eX2t-iV^A3hiXMM9 z;)76=6hLEfDi)sCJm}~miRXPMwpO?Y%c6L1{WlWe#Tn+J_mxS5y37e1P7Aq5Lf`7hEkP)3@7Qy0%Ckjh2!R9zzjr`M;@$~_vq9A(f z?(ZDn?+>!6fT=zUD8kmJ7Q)S+5sxVFQQ8nJObB-0qYfe&j6_~ENTmshG79kvXvmHW zSOFArus~Jz*gO#0CdLUV44xx00f&PR147`Ap$9-CmDixy8kC-Wn?@0=C>AKlUI;Ah zcxH;Q+64)00)+z-=08m&vb(E09hCWb_y*8?D8aBup*etp6%Y~tk2ntN0vBNMfK0P! z&PY|KgRpGdRXCb(jk)0?tmhYR=y@Ek}gBFYHpJVaWAgTf-Y9Cl^_sew}+210b8M;uVV!U4I%weVaX z7b))_E;Ia$uGEnj;BdJx*dIsL+bB2wj7*Ls^Aea5priuSQ+fk$&p?-8XFDBH@4)Lr zLcybDY$FM+udj$I0mr92MBm5qAxQSf*X1XYCF6Sv9ZsN`#%jfdgA3!J|I@)%Fw(dJ z-LFOi7V~I%^S>PC{ocr9bX7rZD_itH#|CZI~x5o07Bhwp6L5hs9u{8k3m1yj6PD&&X)NzXl=_>LuGlaQ zY(0qO6AO%hSRUILb|%60R+i?LaDYF_6kLmig`l}W9U!I*s2~#BC1Y~S1*Kz5@E8bq zRs<-HIIw>JZTr&($;e!Q$pOl%=?DNs;RkSmk|WJDg~!GLkIpP+g#ToSSwzucsMO(} zFqIw43Kv!ZkB2)_CJIaf#E3*Jia1lw&*jfP8^(pnj6l40p?zrv*6Hho9AScQsHSn3 zkguXFwi)vD2%^b^kE{LY*}4BO-23YJPr!5k54``!%F^~f@BjI~!C&88|8Ip#{u{{r z`1xP(sITRh&;Q#Htik)g%>Nr>{&d&>pTGZW`26Qk^c(0Mgq;73$KwI%dWI^%G0TS! z9|q??7w?IUjI03XIX5(P%nl5^`uLH(gXfwxd%?qkeSL$sZvFbAwbfWd{ZT=|fzH!w zD|4u)M_yjO$I{Z(Ez;RJ zH-10KAyGQxfEfp09_4M>ZLNe6U)x2j1{PyJ4tD&KVixcfg)@LW$B_<{=SyKP; zQc2L7`~s>FD6~UcGv~blEaGeW8~Zx22^8oMqkA)U=7lv9g*qdGh3! zN4qQ|D;8$>!P=9xwc)ll!JRvU`Y>M40AJjABeJ3g*2U}V8}*-P#I8-@M*R0uA5n18M$~V^0Nl#C|m6j$uK?Vf(uRt{NH| zgD1KuR9_8E%{NazsHmuH$=cN-IIga)ImN)Jdgl&yV5;UMO*M554NVPgO^wIbdX&|a z6%`fPOOnZ2TIofFPabYkQczS;Qc+b^OG-_XkP*;{ij@A zuU)-LrBJ-R7o^0jUgowyRaI3+L!+nYz^h}&o>o_LrkJg+s#;SdsM6Ga@bI^z=g!U| z*f*#0larHwT4w*J8iGSkgrJR)e-W90utN|EtLfHK-Ik73oI1C&r3RdTt?RMDt+n=K zo|@&tTb-?&Pp^TUb2Z&})pe~k^lzHm^`p~N!ZVC?6dpqI25b3SE86+JMQ}$6mg0^l zq4_a=J3~+8YUN$@ylC!wscGI}8?OMfi0MmKd+y)y%i-{&M4k41I~VLDR|`%~f6=9w z<>u3)-*ce#?rEc%=H8e4cir3LFq;??`~F2+$6RG+ZSO;S9<7qE<{#+!V1YFZI(`3f1ER@%4qSLP{iS*0R=Bm3rajA1{Y&`i}_j{Tr4 zk@DU#qCHZVtX8u`e0KCerWQ$eL7L`YrNmgWqmB+ZPPT1<^I=BAom|x=q~KNNZ|l=h zp%h#ykHl9a#m_s-X_vKZF&r#>>b)p5-)#$~UCG%Ig_>>umn13?R*C3QBp!YTRUYR#3X;VcS5X)G8G#w5E>>)K=4LxLJ1V+I^3k zeEpXV<@B$D=!*syxTwje$?w-zl~~J1H?o|w+U2)4kn*7k;u0M!K1yM`#^AQgv!|~` z9Zi!&LlSDO?da_(p=1ev9E}c`JiJ{eW;!!d)`coxkj5kzI45)k^&fcz_@%*rK1&-9(&PV6U zoara(9<{$P@op-L!8d1Xid}i%Rjsl=dP}k zl**1-EN+n8pLjj|#15OA`(@Vms;*FFKPL<1o*Rk#o4vI7{mF5Swj_c9jw8NJf9|y2 zot6c9^7Sh_b~s7&{({Bx#d=73A-T0hGA>)8RI6>vart!Y+rd=bR48oSE14TEY2uR` zb9LIOeC(_Th0`WP5ajR|6p}-AwR?5w^7%SN56jv#4sBVfd0~UN%~fy$UyF`qP?q!1 zT!EOTaU0*l3!fDqdBWhYlhOE>9ylZZ^tAj?DNm|E&QIycS)*{B#{;U6Qj55LWvf$f z=Q_nIY+7udrl8w{0J|Ym;y|^8gXW zd%po?(1_Ec_OD+P+o`amO)R|fcPp=D9(OKYG)K)a4pS5>J3ypnDra~@G7V130_7nB zPOVLK{+!fhJ*Up0)!ZOC;=TO}p*u26y~6H>K-k%#zNq(H6Dqw6`w)lvtG6*<7wsual+-qUu~~luO7a!%VzI}d6t5F9ozp$L1?HN} z-xhE!@`FPb`fLQcQ`IT4dp9;Cu1Y-k7atVvXo%y2%SRcNBG#)M3w=OP4Pmb7LN8H#lw`VrF zOzmKp*~3EbzYZOkA|IM3e?Rc}&H-Q8pm5EnB`P*J@$H9i&s!LKY1;JP@67I;@Bbv} z?ESs-2MU*U_e08;1*yeOu*A{i1d^J4v*KXtFM&_lYTbl33GoR6|=Ew8rst1+E)yQ%4iEA+^Rt32(W}zW ze|)5ZI`44hk-5EdN!YW&0LSMQ=a)BK+5}x;J)Xf==3aosF<8>I`@xwGb6k2aC>$ak z z$+9hfw`%I^T?V=ep-#Uxn)B>#E$^6UpW0c5ip=AbPP|+4b|6Zw=tW2AiL2h_^Hj3} zkIv-pwEMK}ZNi_I-*m590Sf z8&ihvOh~$Y#l?Ej&Zkccuh=i^Fer%ik2-ta41I+4^hKN}AGN)CFzMo|3`uM+3R}(W z59CADQwIFz-P>w+YU@10sd;jJD}3Lqfckw;M5)6`@|FVeWml612GLl)*a8l1Vyma# zqF9M&{u`SpXkChUUy!7Wm{jC^*?n}eD|2wCxW0Sofy&`8A84r6cnX{`UcDSN3T57l zBH+YQ0-YAVh%r*joXUt>mzrW15dO~J#%@cvm>=Z$HoX7J9H;v!*@+D3cdBZT`t?Zp z6ah-AEg)RU>rxqxB%Z94I)hfe3QLL^2qPt`_&?ddh((H8k;=|&m~}Wyz9tLjb|7Qs zQ1wc4dDNyW64Jez3R_qGn#3X$vt~uJeJ`+J)C4Sy(dri?l;O7bDPIv+SkNM#{y^*~ zKZjNx85$Pjn;NsRQzg|v(Xu60UsB;rqD3H?zsrtGSeJLmCEtjI5hr4F{9>j1#b&mw zJei!VvNa~-8d<$lesL#GvoPL^h=NaLoNGy?rQIh5`23x)0Q8d4@L8W)F;B}FCfVt^Go9x;8 z(DX7=b&$LgRV<}N);cr;!tvE%3@ub_@Ul!97Q(w`NHof~_hXc&&s{;8XZ)-u4=R0EwC`Tq$T(g=Z{}RKxiiLa2 zXI_VFLdCRRV7t|;x~0&o`HL4&E6mpU#E@{ym2ILe1Lv0)`47E=%)(7iB{7sEO&`9a z|50m>356C8thm3|LGf~qdZN4nRV>~xL7xeoeFT}~#M&A?6RzSUU@FYVphB@(I7m)V zZp^{h!Wdp-dD>yl|wXy&8k*Sct)2dnnfM|51xbh5$a>!zQ*5E7kCxKBxy zRtb>QAi%HY8BN7yUt6cphFWNj3!>p5I~NX&*&2;Y=}L;n5~uMudObw;6Q+rlKyLrdD%3WKkWxk9}DlvVI z#U1%3+hUBoc=Z*OQb@AoqWJ0Jne71>slp9&D(ee|U`&rXKUkx2k_Mz5f+>;O;xRbm zW<`ZvgTLB|r3QtBZdVU=XKjVGMHpOooHX;dNit*3M5=J8&8p)*LNph zeq&K7>F<9fvg&?jWRPQ|LzYBjP~j@-I>SvG{t*~zRNNl zfhllxzFg6!p)4)I2keA8s7xC2C+?mwwKZ6y#=*YXm@3hovU}FF#w^?(XU{zrds%^*J>*ovNxTM!B-g`)Hd_g~GGrg6mJelab+^or?+E*(T)4L*RYYs{9>J=i3# zSzT7p7q?ayW6r_(w}6x9B_@TUl7FiX%Bw$TUlRzgrU}q>OOK=h5KdCZf}_kVO3t79L%e?73^PA*m7E?>#%XTOZA@SF!a-) z1Eu($m{cQ^R#`veuv^7IQ)15HFl!1?9q@Ug(V?ZGC~+csLOv?&R(V4&Y67uFi`v{X zwc}UKDkNbu+DXx!^F6BFnh&TwSp#Lbp-cd!o1HgZy*o z>T||z2Zr+8=eIy-HlWpqdZCHEGCdnIj)J4)9-VJKg0fsDdEwD^EJth&j5)C3vdo0j zGJ-A@LZ$D8Hu74P>f~ux0&v7FDiV7v?H4L)AH~hpQlvYQc+vsKYS2?*^gl7c$?Kv8PiG5M+-Xe1p2gFU5z`>l=#7yL1TybJc1+v*an4rSL zs23;l9${$?$z6YR9(;1@(2>jOT@uWj^7;M|TPR`@msM-x7%$y%j4H(i&A8?Xic!u% zs1^q;2MyLQePS&)kNk4;*r%IfFZ!n96kPBSZ^|LfzG6Cwe9M@Z|`iL|TfJ zEAbMu_r&`rvSIzQWkW5JX)MXa&}Js_I+G)Y+jjYJRlT%U>xK#YY-N6x`*8chBh;D0 z@=Y-}(2HQ7TdFaWpeLO-)E?cyN%e`D-pps3zEQWzXzSB}ZpBZy8oj!Y^Ry4Q19jpT zc?oz6Ynzx)oIO?OWx>p})eYetH!v0DZ-ShI8|&ME|8UZ=T}LDqQO)h22k4IxXh2&-L?a(1(7x zse!wyQgl=9**$#WfO>0%&IV}7cI7jR(QPkedqVGgnv32I)hBTz<)9ObVF>}Shzrr? zy)x=8yJ3#_dFb-xA;&YnIfR0y`)rthFp`*65>st= zZ~nagmgW8Qb3r=hq{bch!fN`CeYzKUTmInFo6H^Z9jONvJ1P>3CC~E@o~Mc}@PeF7 z%A4mN8}yW2%8}x0V~lzwP!LuRmPmgg8v{$6n^=NwSbNK>dFIXQFK*s`{`9P|Kw`4C zynDUMg)4+d%w4Qjn~!@6YT_SHlt)eD+*1t~*Yd(OYNK0q=&Fiqumnwo@VxCSaJ2>g zZ&ncQ6hHq{8=ZUk1=I8S+hZ>V_quo`I~!hD=a^LQv()P8_;@dqixq(!RVDbKEKl- z9+k(!S}s5n=b_blCDo|tlN<>>q6EuaVm1ytu|=ZN9NScgMqiUzgA?-;Je8i*!T1du z^a2%xJHCp8U9$qa3_6~lgV}RYp1k9&1S4dk?>ot5mHwu0rQ|;@zi=feW!GR+Ejy~; z#|PJQUd3rK3%0njYDgb436NJjJ}A)=9VveZ?{B%hbHH*>MYb-*dY$pxtE$UZzu_*QGWGV z(Hdb3#T(JGu(g7+I3!1NG@LLgar>n$3`aezJRY@r`<%6r)^lbz(YDc6D;f5_F%79( zd|pDOW#7}A2cQ;@=HflXzPg3i4`ogZFb(agux8)iPCp6tijjE+^C}yqC)8Lsm^WLY zm2f=f`7QHqP8%x0HYcu~NZ55LD|oj@XgL$BtB%$;eyyIJ+QE?(7wd3CwWpO^$1Dtm zBzn}EWc_Z~9Zq|RLaS-#?1TCy+-PpRRwpemIxb#4)k&sE8lI{P1reKe;uW{;zO~K*o+er3^wJP&>TH7QygC%&(R^ESfsujYl_SXYo|OMy<^rFG+f9UmIKZx;WD?hMP-@_v%rot37_H4kk(7 zJoK8j3Rmry;I(Bo#He%r0NpJ}1wpw34<#xwVh)e?@XtwIR1-_pgWL%-+CN6@zO;b9wl$!{cw^+rz3{ExivdY|?wOOtR?|qAV0W`>xZQKvW;|Nj?AV*DGIDMX z;<}q;QQ|mf8=N6@&s@!|+QBa&BVW?MkaRHWqhUMRe1p8RMwG>S!wB3G`}VDcE|t8a zwjUm%WQ;FDxa>-mntFBhhymYK&aixoB;6{k?P4I~Q)l{$)7uMA?5RtW4`KXXi)swT zs15ZQ|03Hjb0WOzn1i$2Hj4DZZ3j(cO`2u;H5x-Op)XG~L|$1G)B0)eq?Y89`m5*i zuDz;ycGLQL#j}cT+L>kP=4UC(s2t+!p`2X2LyL4&x)_(sXS@^_I4{9M z#a0>f)%#qIQFnE2&r%{xRYP?)QByYn>J> zR|@}l>~zDP(Issbs#c*vriAd34+WUx?NzAPB+M^n$9B0QB>oEPJpAbKnZcfQ^fdnDQwg(^8%piYI7vQ=KGC$zka9atUm0_!KlbN=yvp zJb6bUN?f)THL+7LVTpWtVFSl;%D@SykGhpM*@4QH*ZoMB+*q||X zFUh(J#5{U=EoPu= zD!UE|Hz-?zj1tEROwdb+`LD2Va5B+tm<%{Wro0Bd#hi$#^+So3x5<)*Y=|-my_0dF zcv<)NFm~n(Lt1;2q<`<(piehWy^@}0#6CIYdf)Z=d!G32VC;BMc_MP!+`;=vGG$X?0DAkM67*{V zN$d+0c7wn{mXFdiza^jw)~3CBVu7)}W}reO%19XBJ54-B#F;|Bs2+hej&zbNv-oH) z!#lWT)vua*?gkVa3zpPNv4{HBJN}XT$Mx)z$#e8CtHiDf&G-xB7cWb^fAH=8>*$A( z3zQnKep)=KrGIw!fqJ|xWGEwkJJNQu?)#`7waOaBXLAf*+K`rdCSzJOJcia0yoz^7 z^fNcP5hrf%K|3GmmS;jF4Kz`rPaeWemiomQd;f^V>#!@OZf&}SofzC6$b3&EUwu9` zVuN)$uBIVl^Ael{?zN!bEyFg-TnYadVZ!m>r$^AAdD=ML$lBq-2#;%Tc0E{=Wb@GG z*Y%Q*G_HHCel#D?5tQOHNa0)9e2IMh^BB9uj#N&)`qE=3o+X~tfE!d*jMh0%jh(p+ zjX46f%jKtA)Iw?E+7C2Qvd2+plnD|94lz-)=CEnqvU~f_?M2lNMBFt&V;ml}O*+uT z4IfewzkAs$WZ>u?sR{FLtjM&z_{MI1{gji?z_O%Y-e+G+EV%kGw(i4q^pN|X2d+$j z-uv%-l6u^D;Dn>m%R`1C;@)pBxhXxp#8#~>yJ$A8O2dXhlV#hs41yzs)fzjLmt06StmCV#xmvX?pg=_@6q=VO(Rc^r^uA=sZq|bV zF$=Z&^h;IGALrM%DGO@zP8IHsCG1@I=QPXW)z{WKT6*wr8Rl*MecGX^(DV>UjkT}m zg#~WLW_fZ$U695riy~ZpTgRQ5Q0UB7&$9bxY~3qo>dYv6stfZ{!9@j~-ZmH7`seGF zlNg=(Pm`+r2bj?{F*?tSb8h}Y+LrJJal2Q_|WYp@wWoB zQnmzigs-Y*(dhAi7`hUFrvE?w**%8MFt@fD=FC;@+Gft&H%W7kD5Mgq&t`;>M3JMp zC8Uxh)hr5?C>4_CNGg>I`BmTc>rZ$;-mk~&{dzsGH$s_T0jF^&X~26@mhqTzRF-^U z8i3oRX&Xq(i7>bGKq#L!I&`s-&2&hR-WAI1qVl)cN*|&#H02rI@`E?-7r=kq%!d|| zCzx-X!LPgSq5hx^a^ZoyA)1@OMHa*`0aWdTsP=G>Uf5!s=1B>_zDH?`Fn8S->qkVc zmD`jE;Odk4T2c9c!8OvsYmPm7o@}VAvqbjgp6aYJ`-$A&5e}*Fg6^sA)C7t~>W(d4 zZ6rS%YO=v~jL>DIKoc&d9Xxn=rU2U68OR%4XJ^BW<=Q2ISr-Xh4_BrWBG8oJ81r^2 zOZ@%B5o=nOda!VAN_N1eNigQxd3{=IohgpZ)i8#aTJk6$ocrglM$f`7teX- zaW_SZy!nvcVDgzA_oiH`9}h!Tohq4_K((PDwY&g;quXg-LsT+ggEGs2?lP#RnWvpp zwA1_QX_~Ur5GbDu^#dQU;SlS#2MzoiyESPGzp!!hS@yXg$z_n;RO&v#Q~YPt!EJ(dTg;{SE3;z!{yrm27n zRrb7?3wM~z!j5qWtDq+u+}s?|pEUP)aG z<+ro;K1c|y$$Xikfs@Srq(^urQJn@_cnv2<;o>(vQYW^{-l&{NdwfI9^dD! zZ(K)Z_rbOD5qlm5!%QLO*=j`IPGXrkTfoR`K7+G)j!IBvXMpU? zbzX*C1hOo~ByiMwj>{Zpwjg(=siV^Pt_b5Y(30?b*MUo1#3~rm=-ZI1h>CQhWsHAf zN@u$93F>|$t)mZ8CHKF0*#IK9Z?+L12SM zOi;#HO92X-xCNV|a)JfdG;q7lJ_6p7CB#`tdg39DB2J({GP8d_vb6GHG_$UDCdK972UQ7;>4; z`DV`3W9n$EYZ%{nlsKsxRE+nT-L#Xg(J23TX$kCJRq zTS&v55P-P5!7fX#<#}!5nXkUQ9m`O?PaI!XHg*~69m#>`@vz0&>YHGuG+^=v?F4Wx zOSNL7&w9D5pT2%Or%L9#*BC_!$^amC0^Uv*09&^C6p;l-XWMT=4A@XpzSsX~67N57 zQAyk6LAXKBW6#1V6mDAF^bKEOE`8CxWqzIT>d|W@_g770A&rUC2DJPpcb)8M z*)wf0In68&8ylMb^e*Iz9jsTnuu1DJIVlT5d~NFt?|cD%aEIU6lmEdE_@w^!OZD_E zL#{3HwV83Cyy1AmOcS;zyEGE?Bk~e?JkL#@(Im_`*LK%`JXbc&9;gpezG_NCV1ADQ zJz47MzQsyde((4xt+GW~8qP91U{ZcNz@ZR}EtBAcT%Khvj1a*|lLl)fa596Uug`Zi zEz_ozW}jKkdNAfqOzhsdn~xd4T19}LtM{&Ehx~1POYV97?Y~*F@!oIm-mV)$KOKVI zR0r0jBR{>E7MlTGdNHrbX$alfkOtywgQSI1uDoTfY3=cVTfYsNYw`^}An`I_=hte! z2}TA%lzXyQRlA*+VS-Ps=R#^iC2O0wi}L)i{Q9-*A;ho*Tt zXE_dW2tgdNi2M38*B+dsur;K2<(*9fb8Q9!3!d-9haK>az>{ONOrSkMKy~ADX!?1x z&AkBYb+ZD*swwir=lQX;>>hu~hG=}lyNGQuidUXwg|MfIUL2C;w5T!YC7*~u_=*be`O=bYc|SW)(AH$?E{3(_PHUVXt{Uu&2)yx^#APQ8w`2l&an+o77ld8CK05qiWdHr z_qDRu>J7V%zl1c--t2B)xbzapoPFEi9x2P-+hpl&oyhz82^tb4RL_OE@_9oruEQh* z)^lSkk>_WrQN?0~H1TSHhhb|DThg9vEW@(DjjZR+=r6;w2HkLzlafO#WggjC1v%$0 z0|=RH$6|1 zzQ!I}mozpavZ25DV-sPnjRR==p*Z>T{Yr7Yocw^LQfX{4M*f2U;0rDpgED;zO~w$@ zvyv*yw_ZQrm|EUw;?sLsX1%76XbWqXP>2WvD!#W^x^uVwU1CG=g5Lh=zk5O!&b__l z@!o9ct?kAU&?#T{<Ha_naX}^WB0d%U;ZEcoU=2+Tf$ z=_WEM6L5z{dcyU z;N5Y62!Uf~la@d2z6^xrjUhr&Lxy@Lw4SW zgS-GV0v2=}X^dz-0(IbzAt#ItR{Lh}q~n6RALl0a`&b-S>}<+V8(7tj{Yu+@`BX|^ zeq;El#4Y$8`6q7jPmzKz+@XT45HtXVps7^8fToG0Gl5QS4xI;8RBE_dN8{iy$dr}k zZ<<5JWE&YJA~b3kqOv32Irw`$`n-`pC_nC_JzAx;jcqC6+w57S7xio{?I198PT$Ei z@#ETuAtBd_;lDNG`G$~KoezJ4G+O<;3Q9`v=Ss(|1oxciCthQubq?u$Cx)enJfq z)fwo*4Dm~6Q2LZ|&Kk~1(aAot15#) zIg<|U)EVO^NtU)$&b@HdxLBM*sR6R_QMgQn^pEn~|49?)XqYBuD-9J7wsKK2o2_oY zCCbjWK`VZhIIS1{@@>EPDdY;i?&|d_54_~O1AG6phr^wg^|NC7Pq%` zB6R{_=9*7_qswi*s^TLQnqWd#8B}6wva1S~$H+v z-3??#4FvhiJDKy3NR8sMz@p4dfT8!(Isif{OoPG=n^uf@GRabT*>COou3AXeu0phuM@2Qik8Pk-`6IWPY*TE2)uYuPWAlnl_qq@S)MJhCg3=H7%|K z=9Dq7$-6lh^pA^dHdEW?1D~8le|T-a&1-S@=esT%6~9<+dybqC)51#a#BG`*LgLz9(W8hJt^I2a-Yu-QLL7TK|bMZlF)K{HK? z2fH5_7x`9)WY#DT<~cGr*K5>ojeQa24sCYvj?Zc4?RspnqljG?fQ^?VqIj*a+K&O= zs?-zR-A|AC)L-BQKT!=5Rbcs0cyS9w*^-y%%Ofk;3}T@|SK zJ9(zj^j)X+I&}r`cfXSb5QZ0>{fJX%T3DwM5$p)%(%{geyz9I>Z=nXiI=mQM>1ndP z)`nLDkO?hG-^EZHS_SQf)-Fi*Bo?Y9Wl0AN;&PVlJq*WGl!$!k2Ty2ye~wrwFS2Cy z|KX=8{4DdRXZqF3c<=uKIp)9|)Km28T!-%TC8jGS!!GzJef|M=`G@8^W^?Ga!`C*h zC3t)<9m@QA3s*j#chvg!*2m9Ymnx)vyZ-ZAb1drn-D-{qKyw+1=0p_4G7Z?x@65Jo zfyf(QIB%`jK7=!Zlx~ zJ+f9PWI*BP7Vq~D;Z8cIaMH*4I}hJB#T?%_Ldoz)E7+F+4CTVY zXA9_WeYP$t}!+9#-!2Wj0nQ#Gy5k z5h`{<)Kcq+x&dejEoK=9{7+Z%Izr6iw19Ekk0ZGKa}RX!ML`yjR&PHUi&s4beZlTAHgA)B#z` zUZ5wo#{9zc71L%bM@G_*4Fd54_)-71M0(`a`_uc3I@W1S+!u&}sx*|-sknb0sdAno z6`pn*=qvV$y3L$~m1mqXTM>mmkGgN$bm-LiI|x~UI=~PNGY(3P?fI}-9De@v-`P8g z;u;2d)-R74ANw1*J3g)=V|+w9A;}dU+JA0)ZXoJdR2gz&2xoo_6jR5uDMRFPWD5-w z1tweHmX`Vl>iIK95V%DU!lT;jFJ9An>6UN;o2Ie*I@`1r!yf~vH&nFl{Kx&HyKG@I zB_EihqY||5Ph4nl>ud8Mo7#Kn*&2Qpc3vMH_S8JY_PTJ_PVOOvxuCfkqCKRZfdXkz ziz*52h2Olz(?By^m+9A}0Wxb6-pZTPl5Usn2i(fDWP_B_R3oPzUZzjbW_Z1Yd&KU! zMLP_PkRdZX<3)p_^{KgI07l!!|QQjA&{{3+E zgF`QVFa_!UPebVHBg=EYk22Asyq36eTHt^@k2P?{s9CrUzHF z%_$^4e<1R8_-7nRtEMRd6LC*lr$}J(xMc;vAi$-~_c$rhE`7*zI2Yn*y4XmZ|MS05 zrf8y^#s`sR5S3`8%HNCg+Sc>QE0FBD1xUwmU$pqH{WFik9510EfB;2?#Bc zp)ph1kKDr(+wJ4jiFqH)LO2YT`sJS9z3`91d9|% z$1K5k=lh}@wCn(hZ}ssUYOp^-e53i)U&)rEf>UHXrLLJfws@k#wVMPrWmZSFlRZO( zEp0*Q26!=zQsQY6Ru6i(&BSnFXnbQ?n4JvHpM$D(V^@& zl79V9K9{v>Jn;&Ze*X9ZM#F)=43Qm*$Wb2Xv|`fL-d&OT^bakhhjM9cf&vbB(~byN zVJgYL?^@4M>r}t_p&!~%K6QyzF{@W}wR!4EtMf9D*^N|QgD4jF%dB!=2W6Aj`rrN2 zs4IyXyULzu+6t+5TzMi$kZ0p@^>0&YlIH9%kXC;oQaROGKW(r)Gdw&s?4(LTXwqP# zjPh;|DqJf^)2~I-yuLUXQBk5lEGhY79Mn9w!dp8_Y5I`#;DV%#Px?pRe;^Nsrbp{e zNHW}e>Y88Xo^IEWzXh#e4}MUka-`Y>xPfecB_WmqoTV~umKM%-()#}g5^O=eO*(Am zLw_n)(yn$<$y>G}5?{(8Q$6t1(b6Xfb{qSVw5Az-d7quXvRlinCH;g?_RmWO!w>c* z!hwWehS{Af71J#p6Rz~Bac=u1558nu!pjBWiqYYHk#U5ezr3+gz3~wF5DhWc5blKm zY5fxcKo1nX$oPFrF)J&UVK-l`tEKU zIOO_*|9)cSp~Q&miHQ;KwUI~P$(6qn-%DyHtoCD2+&ypvym z-S4}HDr7K}itFcR!T|P_&5cg%Bd7N5?p!~kNE0LGovlIL;w!Q4?p|uSvhTmP=blbl zx-t@@Ck{a<6?3Si9AyB2fdZW*m%udcnQXt}IZY*Fs3r(vt9($RFPcn<)EZPiY_MO6 zq2+cl)UV`Z{4i{@{zs0%po)}m1C&!^JkT}}YC|ZQCG%*C|C#{nX{xo;;lHl7#ig%* zHdc046MOVb+E)@hff(2VHFgITQy;0W(TDQRX%^EYCLx+qLbcLC5YOZ?Ajr z3(#G-^7NTm&_-9f%xBu}LDi}!CKTX0Uw~TepHh?Bb!?rv+i%Mn$6+^T%Q6DPq)RgC zrmwH&&PN8twfOfl3^E-*9o7pESlae}TXej{UK_65gw{+50(*cWLj%YNh>QsI&@6#k z3Pg-Sv?T}|qbgj{$p|po+5E8Jg}D5X%0Sn62p!GU_Zg5+YR)?L{%!K^tmaTmD~UiQauFFQ0}|aXPoIg)`@m64+Lve$mNJ@$F>r=1bGlRX-+LVL@1v`A zg8FGf1Vx~;26m=Gl|>~JMQix+Qh&8MgEbB^i-zPEn?=#&d&VT6I_S756Q~^g#5T!) z_gl;v`HxR74cm3we2+CG+_5-qPw6GXVS6%=rAb2$$o>OaC;REqas(Nw;L4^^q^C1a zlcuIj_@8;H?}7XiU}evl*VLt9Ndt@axXO}zfJ2Aq{E9lXq(a6)&^=1%1djIzvwOH4 zps+}2P%VMpQ6Zk8{t;jkAlLTj1CPrm9>2MPw3r=+TvG_?ZU?>dX(@V(*kw8{DhS&4 z&z`pOSNOrNk0WL=@O=WAKQvr)eL}FWd89*glll3X{=EsH5F)WF3o!BPgyCLQd@`*3 z^t1ek2{0zC+EqcO)SKR1=R9jfUQv4_z2Q$y!x?YNiol!&&yy$L;L|L_)#=$MMw$=y z@D@CA8CtEBFQZkGGjY;4Kd(&d);u47qvfIRlM-vF(b%ytFuk5ra9XDf>YDv-y2Xn( zYgm~TM@yTp&LUM}SP##AVWu=`QvQPze64i;-IyUsDp%OSdanL+45x#7{>Pq~N$ z+LjqHokMn0Hty*J!DKokhw8CUH{EHBOSPqKVQFKC%FYYxu9sK;7PL7PSYLt(aAS@vIfwheYCb;4^L(~_1OB-zy~lI?_w_v z-amZc&*QVU@D{HDm;gQW$EhXr;R5jJ`Jd4fBU%~nJTckyKAuhv{T69=+xQ!v-6!aF z(T$Yf1-~uPOYk@A4T%jMYChQaRmhRFvV&Y^GQiw{sKA{HeGz5(UA^pU76VQ!DuOE$|)<;6dTA({M-LQ7*mT&u6L=@y-$4h zLo+v*p}nrA1kg@`X#8G{F&rI`1=zwMdHw>iw8FGj%};k+j2Tw|%!BlFS^aW3`=+`N z{SFA{q9DsJZ)7NLoxOEv%W57E;das7VB^^_ugRpa+jc=?(c>`FD4Z&~lu8F+{N6+s zk-fk#jJTb@(KRv{fUewgORo>Sf&YjzbXlRT&aR}7BPs_S<47FuhG$hEf zMB|SD05=8DM9#B{SQg);9>@~UA6Fm6f0!;j4H7jthkzutARQSL@J&-0@VnSy6P^l} zOj-q4{F|Cd|FTmw&I#zmw=ya%w-<4iLm+2!m(0m5QxVn<0rYg-e#8AOZMRHW!FJ%) zxz40Qp+qS=e(rUvS3K_Y%Wvz#mi*{^@* z>5ktGNX$TtYUy@U83~cJaSwkH@=E0e=E`KmDJh<-R<=}$#uxtMYtmAuNQg00bYi!~ ztRMo_Ed|WMUds5c_}`Am@*nH#jc~sA24DB3AMyOu*H^!eKau9hZeQ7N^={3^xlc>x zV>^R=ti3oW@~o!U&w!eq*)@nQH`hNQIKhOU^jf`=N3{ev0<2;APArHYZI6c-r zv`;5{1#-E5>GDhZR46qt`|mMAaNLLWLpSeVx3jplk+l5TYEa=-;Up|s^z!@Orw(lR zCrj+%wWA`dFgFSZbx7Pw8Mmur4HEnlH&wOD+#z6N(SIO3Gd1!$Co^Kn-!J)k=* zyAw{_sa1t2uBTYxdatHCN=%nGkh%YIXA#>aIjc&`%?g=BuM=|85f2EUWpOROjMYCI zwyj%Wm9x*s%xxdE6Lme9k2!w%l%`tpjo>>m*tiz?ZUSB!$Ew2~Yf;&<=A*Rb`@3zP z*B^=G83roXIu7SyUcT!**!J?nQm9l(#Jh7!22|HG^tsmaT{|qGsOaQm6zS#BjqAm5 z-Jv|Rm1dUG!=9&y_UFejL+^|pa{Og(90AMnKIcrAWNk3P2k#QObtqTy$(k#%V7bE7S^0zGEoB@y?x9p<4QCvT(A&x1DEMrfeVx z1e#bh*T15Gw2A25lAV&xF1Yf3-V;oQ68O)51iRjXL0e{lH{Z~T8+Z_TxydS#wtc3KUU^ zmc4or+^R!8LWiq)r_YYgm!E}X{dtsp=i8h2T$<6H-+024)%1Rbi6tcO&9 z>De0jMlJhX7qOBL_e__=M_)8?9Sszwrk=No&NU8z^kZ}6T8>K8MgSbhTpFN76XkUtB|{Whxw`3{s3he20U-;M-ckmEW$q`!h0QB6uf{SrmWm{T z^^cDXSLy|z+a=z`+N$>LkrdZE~o0A??j?*3UpI0+q zHf}czcJZAKe(Et$fBuc8M~wNi1$DP3iP{g0{jI*QIuP)?1;n7Z%StUv(J)6lRi%$y zAT~4{TMg=Aq&V4*% zj+AW0y7D6`R&M+(WNo|b#lCrZb_tC9d+kT>(&MKbykG4nssLE39%H>0FRP*abK4|@ zinn_Y!RKw4ZPC}T8YIlK>_k8Ex%J3#(|yxYSJtkRcIf6Fd4^vIZs;<0Fl3u#%oWbB z-ME5ac*ff7QGFU?be+gC{SBaLUea)H7RT)Ms(%|t05I4PRoYmtpD{(jLm(vGO^+NL zyJVQON$&0&BBGQi1#Ssd@~1nk!?z_D+K!z|e~mUk8irfu95RC@y^mgEdy{0I1u|v^ ziEpbbcFaILuB>X>gpowFd)8~R>y=AuExL8%iVu}uqD+L?sNcT&yT)FgBypmRA~|9kIA7|HGXx5y6{w;W zw;oV}!cuVgmLL%_<2H0KxxZZR?JuJV@YGR)FcI7)4`q#>rqy1L-H9O0WU6p(J^$~V zXfxJucJy@5yFKKT_YY?hBp7$GJ_jWCHl%gPthd^K`XIM&;(jxNc1ii}aQ5ZYF6wbz zr^t^Vav^=Ejf>We0#~ySN6@->#-g7?!)ibeEK*gw~n>Hmq;jX{V(l-Ll+VbN8Kk`NJ6%>99vcj>5| z$w5$vGR;BzF-q6KAS%?9_luPH@Y3Ojt;fzU*+K7_ygjheZCfTru}YzOGeq%!M+_AYQp zwhqlf%h3umoO10dWGG78bxA8}k?ID8Cp2% z!hWzdjsVKr$}DDXEk7Qg_@z#6TH7zmAz&87i>vskS%HKGFkM82IMv= zN+>3XP&B??`BiP1IvEtrT^z9_q3s1vplmQsk+vr(yo!)472xQ&FN8C)R|^r;TFfL7 zLIW|s089i)o(BMU5o(q%CqtJ_#l>4Y=Yp32z6V52l=~~1CX{8U37%OWfcJbN-j`L= z8J!DhT}yD)vE?2U0>_ZXQUyAmQp0n856C^^WWSgbGqKoRj_xz4U8S-y#Y~hCpv-_L zO6tmrp)M0lcLq&$FI0MlD4~C?G2WGgoyX8XwVlO3$4t}@e8&9)kJ300+c^T2zK>Z8 zt>Z{Z^~2b+}=rd#$lyMCkPLczr-PA!nx?fnXB}L&-n!-?s0&j1`FFWoj|vqW<&v zMy%UANWnn`+YS^ckmrdIkNHp)lC&2DJ_5j($atwa>9r!`C9ZK&o2-MqY>~&?>B6L> z?3o6wKa+S85&V(AJi8y|IyFB!Q|I~|{e}R2^F7h+hTqKm=UK^id;h4km(M?j=1J_@ zcU0bNzHQvtYB+=JLf$@i1~87Qi_nQ;;Dk(|mjQEj)HZfO2x%xL__x7};Uwp|4NzG* zxFZ=FXKF~!y=E_7K+#Io?7ncRbB>@PklwZkV}1nUvuu4%g*8Oy$~zU>zg{kAUD6o7IUtk&vn zd}6JZK80jt+pg5NKQ=r3@?D?yO2YGVdqyq=i?>r!l0>sh8-X47``6Chn_RbUyMJUO zAW_1JfoIxxL`r;2QFwGk)&Bs?HlY~KFDAzAzzU_NR~@UEFm98g+$F7paHl1lj_}_O zLqmU$qPW%lXACv`dq8`F=U&1!$40opMUWrx^8p69M6BJ;wHW(U=2ceg{X9%MUp9(} z^63Y7g@;)2_VJ^GT$FiX~)0S4*6cR*uUg~Z)s_IBE9bH~k>UME| z@aSNl5_G5h`-FGPA=3sQCLC=4WCcmhhguHo?lUX+`!h+hXHO~Y-s-C>GIgPuI&^rC z{b$~d?>;N$pVtMWgC6uk3)jSso-4iIvQ9qRyZf83G=MpG#BV1(_TtY2=FaT|>*??dn# zVPD&VHBl7017+P-eSKed9P5ZQ0}8(F^?o4Tli^XJWPja%G|q{R-jNf zCVA4`X3fZ^Y=bP*9MDrAP(COlGtt{IXK*bl44&<)#B;hd7;1JVjsU3i6WHata^rr< zmVgXLO09MahX~2v4w+4kN5e1!KFb<3*%rt6V1dLlqI75{w#ZVNK~e}{VWExQ-AYNW zQ${^_od3r~t1E+DLG z(N?uP4#mWN-0Q!!e!Eo3p2ue%daOIQ54y%Ueo?+}epK{$G;QKJb*KN)xJ@OTcZE|@ z?T?7%4kVl)!V>1xxA5f#noNdh^;ees`y73OL=JC7kR1?2Cda=k$D~a<$mfyEclRp^);ieB>E~}W&3I4t)2;Ie4nm)T&b~gJ>B!` z;?bFf=Zz}R}s&PZehubzQubai7QM`yr5-i`QEE6v`i+v#rEN6b?M^SNL8%?um2pe6IGtZb%?-1Ec4G;r7LH9#s=pnyz1zk_ zpqte7#PiRS-tMlw-Cb_7&^Mi-Z-R~)2H91!_qaE9y-xbi_4-6xV|oK)X5P_NtGBLH zMsUpdgR^BsR0a8Xo0FIL#5XSp3*pDm^`m(O`b?Wh09HbbpFlbxsti7QW?zQT`!s1r zeq5mra1I}jJNwf4f8z%Xe=F5*Z7J|>S~_NzyPX%$Q^_`W%eKtQHE_RyLZ-a2DB{Q+ z|3mDXr`YbY6q0uxL8NQLH)0Pd9CVUNRsGov-SypbH+H}NvynUSBxKw>lqowte&a#A&OdBZ@A+Pb`fce(QvEm?ht(<&|4X3% zR)jLCeyhO2rWhu1cYH0cnA^K=?)L0&nWGz$Z}cd~pU=K0I?}PJbljh>&QeG{#ttnH z$3>UtF`HQFiup5QB=MXdlZH5UU$R5NY^FYC_UyxNZw?Y%+?CtZv;b=Vb7|5^rHe)~ z8Y^43{CESMJXYD|MvkbvqtzAhHEzDE)eas|F8-+Dc_`+~`Ye?{uE~vQpt?{{$da$N ztNw;>8m;G!96zdTH+$pn0eIu!{Wzly7Pchlcs2gn2O+L!$B+7*Kh%#8h9qa7H%>h$ z43~lGtqGjZscZYu^dE31KkP7hvH0b`r=B-O5gP-?>;5ydvp65})ED*Nyt&7U$-VQ0 z>Z6ePhpk3I8gR>8+#D=RLRBweXsmXCCkykdq9$W8I5m3c0NQkMAfG4+Smv2Fj+7bf z?#+}iYkFK^F5WlYmuJ@Oah{B1v!)ITfOCv&Ny~g69%x)Cvk5O2v7yq8aWwm53?L67 zmB`>g#}-vcZvK8*(F9fYDytb?p7QJzKt?^2d{g({aHP(`zoj9hw8iV5KI*G&fl`yK zN`dl2pE{;U&mf2y(!KfZdw+g~z0c^n(2a+TS|Oxs4-?-K47ZP_Zoi(V}dx* zpN4z}w0l*dHT+XN0G`VCy2Sl@tc-rLLrNtSv`_{Zkwv=6kFi^DrPFaTJC?^7sCK-o z*j3`s7?G!W49YIqPkC;#O&BduT)qzHLo#p(0e^U$!-z%}|>$;1?&Gk(| z;^O-8~jGrI+;DlP58JMTSy(l$Jc1UDyl@C#fA$_kU4)6+sRjmK936rbB2a zwl(=(JfS!Bu%y6v^h3#3>dbEc<^BDrP+W1C`;Y7D{QLza%B)Vmk0%Eag{lZ4Na{&>rOM58j4gPV$~x%4nNjg z+K~7Vt=O1xft)iycid9G>OJpL_@~pU;iFIL7B4 zqyzeeM3Y^Rn-lYB+{088H}z)u)d%gmZkDrt}zGm~sCMJ@;tyog=w*b@Fx4+jDn1 zrwT8&ADJq?IbDL>$ zPfQ-}ulm$})4=>|2E_f>%~NmkM9(f740ZGlU)-QkGCP3>SXu*xNew$;Si(a+u^=zu z;KvX5UymL!hU%X?eIFmY&{+wyR5P$j$cP2)MQEweG~~wnfYm?e^gHpxhF>zPA}4=I zorD1+Pci}OTUp6w-D}aJj3WEJP)HIP5oDA`-Sy@~rqjjqpFMb!z10%i_z>Baq-?7B z+~=+`?U}-{EZq;vQjuxaGQuH1gII%iuI=*YW8yyvYZx-gXo444!Jc0u(-F&@pujOS zT#kqFp`B7W&Znp$&;>H868GZrLFt9MrUxf`az4BJ-sTjF8y{Honv)YO0CUlTpanmY zJbKC&00^jYbF0yZEp|0Xvfc}w9Zk=WN-I8YGF${+ctBU5QXQ}g z+d_C6_vlnz95oqj+E*)K<2;P8rAzwe!{Ppb0`w7Tr~Hkt+cNGyA^4O3WfSp=&)DoX zM#SkxTwC-#U_)G7S$2R^X%Xp}O$%QfcZ50~yr9#sjkSI^?7asQBe?%GBPhpZn(kAw zvNpUD5Ge0d^CN4)p!TNl1DQILhb+!}{H?}uz$g9z4ol1;dqCjrwTn<{Zli&g0${7w zlzH&cJC`K_8Py=I)$gWil9A_Rt9|yMQX~teFAk!O9yL1fqEFLds=KbN2A*1eKlVdT zy=hg+*+XW$vmakhc_=@7Ua}NQd9;6MIAwaxp?>OpB-gq4q>4#d*(N9#!p9@|K)z3+ zv*zC$XTNK$oX_zcb{uZeJzbJ|AlWA7zT*X}^O+;34!P+r8Y{VDZ>%+-nBKzg(<)={ z5-&kNMtR2#HKi_jw1^>kHolW3PP0a5DQ;~ZyKlM(|26>#6-Dk}-La0k9DMaAJ^Pv@ zv?G5zpkaB=!^7M$+|j5*S63fMe?Go<tQQ9RWUMBp{J-lnEr$b4zrn>oRdnDk-F%`D0B#Xc?w(0S8jHncTY6k& z-dH`w26SF*N7Jy@xdImhk~+O~u-U93>coC3FFnM9#$Q`8x$rMLx??-Zz!*;0QJi09 zOuQkt1AQatde3Wk(Wz?T5)5(F3I*Tqa6aR$qdoJUKZJz~SQ zDLt7nKYx%Ea5WcSeiv8xuLUEk|LnLS8W_@T-p|M<-}){0-{EL|#u>uyMI!W;0Slo& zG#Eb1XlJ(~)=&?60(KRoPYYde`O2c`mr;I~K zF>zfRy^=Y0UM=1&|ItsvRxb|}h*`;9<9<^COkema%YojxSJ{*Dq;P*o3a&o6-|HAW z>E*e^7lkp%moEcN@aMsoyqQ*eROR_}c4D+I%X}eixw72#w%sGyl;bz6HYY{`cGo^V zUFD;mfB`drF?vcsN!!^p8=J0=Ml}c#Lc#eVHJr4{SNMHBQ^} zr`EgkYU7;PQNdO_58lH3v$8dwO&GS@IU@O4JRODV9`XUfKC3T`h}~sd?|itgEdP0bpl$&2PYBXD%;JP9;KM}*UvN;o zEhPfJ?*Y+%V;csL6Zg91c*M}Znv{MW_)*#2Uq$Yt?oEH!Djn!c2>e{f4r{;wm!~=F zmFJpTC)a=;e88i{0jqDG?TOCXcL^)rJaOv#sXZB&Q)y-2iW=8|2@4Yh;=5nQvjfu>)KU@p>2ry8K;q&< zs$%i+S{;847G80gyLFkoKn6h>a9Joz3I zaE1`zqxkwTJ`(A=y!}AgU}}ZK3F8(y<(2~%&L7k0Q9eI@>?96je{I|HN&Kgq+|iTS z`-XC?!}XkRSX;^M4|NQ)_|Mn`vmCVYdYaFSi5Lt?`-e^T4IvtSqOd>sJ z=$5Q&w7%LBkQSVnD;HwvD)rr~s7d(@-}S&4g2>_)MC9mvgA%<|t}R01*?H~D`CCnn zQGcdhskhncEw(8-#3=U9_i*x~h5Oy@Nxc#z=Lul4Mt2L=NFca31cF234vhv6u7ThlJP8)kI5gI{1d_&`5Zr^iL$Htp3&Dbf zgg}gs_q=zWJLk-?nK{qBGtc+#e|q;*wMtgiTD5kqs`ZPZR7EnmLANna$1QHN7QW zzy|Dp48l^fT+2^e3Rkv22K`c#Eneb;rl57_AS@U!H?FJ`Y6=(0xKJwTm(AqOH0qmW zH=`so!eg)V0N|qjWRy_m-9B&`DFHJEqFqRp~Dx83VFQdT6hfayXKJ5uB5@z!~i1MKX(*V2x?x%KKuR zRZA0F9UG_c#WXoKRVwz$94$E+3Xd0?rcRriBbZC9m#dD-tceKY$~T&Dp@XCFtZ|-x zRnK##cDBx@ST4_#!KJJz0M19CIWLlcV~tM%v`Age^Vs|g zNvu-wvnFTh%ZnTwx{MyRIJTU89veV+8e%T4!b}P)ndZD42HH8Vd~hi_GZ0;C6^_wD zLPzc&E_{vZiDH|k+vh>7QjwyP;Wt+bx%F@ey9@A6(kQ2|3t)2v0|km3fU2b;OFA7{ z;f&*cj8sIbFoaxwuUPN|Cr#3Z@`PYGptwZMg_<-$_k>_XiSI1CBxp|^rT3&}G?9*@6 zr5ePsuF7vRNpGtYQes67BnwMO6H)^~jof5#B=MWJ8jvPOrxbbPrXr_bktitmgGP;r zw>3B@nWYo)PCX5nnezWQ{AJdljS#w^pM(V};b66r2Nl!9@?BD5>RRQ{Nd@ z+&(w$sbI>Xr~nfZ8)1M$4Q2cnctI!}&RT#I12kY@9n(a~uu38fP(Vrs#{fpyQf|#g z#HU&@g(CR3I!9NZLG#N-K^uT)8efKo6W<0usvGZGHy$-E*c}6?xB-sVxLhu{3AM0m z063u*%=x|X(RX?o_4=)yx)qlqap}mYy=HE*CTTZ(<`L3swRlgRMeV(8(sXfkrJ)hs zgyqvjgeb@0CoTEysfJnP-6qmJenl^0X;PhA3J8I_x&RBJskim&lnHM1RX|_>H%gZv zXd36`7}nVsSYB@%_|Cd~-J!~@BN{|(RSTZ41?=5u2^9$N@~c4rm=H?Iuj#jmWA1YrWSh4Rlq;TVEzVmcL zexLz&=IzQ$cL~}S=y*5roq+HhMf@KLA4VHV+>MgZM{NP+v%he-6)UUwXucXzl;@*EN zzF++gIm?wwL%@`gTze`656{@xd)aKPfwwm)Ir9gU!Wd5V2Hr$55WuN_;ovNKQv}um zyNy<4aCZB$es7{aGA!O3N=h#lYO7kxU&VOxwR8=(z%(gzdX37eR#2)IAVVPTkbw%Z zj3Gq4kql6WcqeBDuoV_BGv4FZ`z~LOp=SrZAJ%cMpj;hzsjn`x+5k8^Dm=Q!57Wj6 z+=$NnOLoB(GX7~=BTn(W4jBZiglxBC2C%&2GzZ{0Ffhv^=JR3{4p0*4jyrZx{K6UA zctGKNh4}HMX=;3M_QzP8%%FP*g>NZaqWJjxj+Y-oN7rvs6TrpbScrwU6WKAuO=e;! zcNj$tmiaJw+%fULBjN7kQ(49=*GVf+$5TwDkh z-(ZpdP6^`wp~63vaE0T31<2}q_rCAnrWO5-xPIsDc|U%vqNtK(h1zW-sw5K_VjDG|i)gaR;S*x#Q&f298J z=D^?7|N0JIp1v-Ao<0Hp?GF9}{eNW?2>*rt7ZVg0{6qi$w;BIW6d>U4X=mdu@SFA$ zuzTPupk-rw1#Io%=PY30;^!dX>u2NVVkhv|X2~Cl;h$jd|M)C_ZDa+0v;XxyJ^lVg zt^bGeFDCdG@-HGTd}aUtVgLP$2H@`$BjxochE2q>G1J0Kbiw*KhWL z=RK*vP!NAe{oi5c|H7odD*u1gw*Rkp?jOj%kf_krH~*h~|BH(Wiu@t}|8#{uEZt;=`sel0Ft9v}Uhn!22vxI8-kwYqva zF>yIDd3goM{im9)pu;(@=l~KT;FJh}0}4g}s}YHS;jSTo{Vf9t3GmSX*s;feMxPn|1j-1ob@c&GgCz4Na*3O>5*#(Jso(j^TS`HZ+rJ)17`qbM_fzEt&K z>|@}|wOW5(x#X#xhQNu*oY%)K!M`5O9i2A`AwDWyu%SZ2Rl-=KB4TA?V$k6U0O7Ti ztBWp~=~+3M*GLiw6Z2)mo)wgc6qQz#8CE87U;$WtLt|5O3#_=Vrjxh4tLJ5P?*Kcf zp&d3D*@81Q1(}|ioqIJ6SzcL=GUYM4X$*8nukmjSZftRoemrD7Bt1U)#CdY#>*+_w zmG+(8wP8!in>DNQzL#2C^Kq!@82rdX^KNw6%^A}(ri-wsz4OUm74=a4tq!*{kXJJr^({w-l^PpC% zcTt)VpH1rKs|0y%iSKVL^y5Z?3yLzYU zG7Yb*D!Xp$#97mp1VjAd!)n_)HC|0k$l-UXW{ziKw2uPDO9cB@t@l|XEmRXjf8jAd zI{$*Z8Zv$Ub=Ehcn8OkUVu(aS7{n07(Nic>RP=NVjcqii7{chz1DwT;@QZt8*=c`p%5RnDc>TU=|JwVXa(?jTeA zg~UxJp>&%iOsdT#YwghxcV@q!*>+_uE;|Lv38ud92TIdOO}2jEr)zBf3xquIo8}w4 zV?&NBp%aZ8;npp@k!XQxT~FbuY1@Cwb67|;Xm(QvL$X-hAii+yl9Rm~d$TFj%Ne-w z&J2B&GUa3FRl;9OyVh03IJQ~6+0kB^+hOZ|lu|jkhHza8fz_E)RXYjV`6>NvLeEUw$+)eCbRPl{qWo_yd^zfsfpvBXGXWybx=NLw ziu_fB-#@-1(CL{pF88x?)DJh#yHhQ$O|<*kbIY7@P|TyV-j0xEZ~Kf#Zv^I`H|Za? zK%qLQNr`8bt7~)kH4-4aK=p>Aios|^g|K$e*PLrTL=<(*Nk;m>+b~}auJ>LUyHO>b zfeYTsxlSRxb&%1$HWw_O4q~SKId9|g;zV4)3(gtgQ@_0cIn$5vo&-)|c*1wdpYp`W z2o3anW&0r*=k)yN*(#3}pRkI55ad%=_}wbvjl%2SYC5vyWr%lQHvY={_=Nf8w=fQ@ zJmmZ7(c?>iXzlWICV(3}^{56Pb$J!U<`yRDQGhF)g^9E02K+WaGmga-AMPOu)CGvD zu&m(P9#XU}jBVcfLgzgCdYvvl*AFa_6K9{y(s7gon-ZSya39l#SF{{a0qG*p&q9|> zLQnL+%Xjcs*Z+UNMfaP^{%=12VEsoRME~;pUsU|cB>2Pr|8MgBpCSKk{g<=>0U!W% z33PXNU(v8!KtaEe{%N)TEd>CBmH&6m>ff6G$Mer{;BU+SziqkyGo}3fJpV}kuN**s zVgHLEt}M$xuacf#fRK=;ii)$ixW25c#qV`oX@oz${689j z;wtPF0e;);XNO^=68QfbSNXq$-~ZDJ`P=gUyJP8J(cXV3|Du2C{};V-0RJKX{|es! zqcVP%e=2|!IDr76p`pKT0bITOZUsPow*r1kzdCo#5K;cb?s`G4AsSR!;~exP^o_Wx zU3q?4YXu8^i$P{ThN$;*+|k*Ox^&m>Yh2E`j42F5p&%m(*dIFLAC1HRU+I5a{{N;+ z{6F2)e7`I{z8nZyYa!Hx)dWCGX%hgV1;nTl36i}p;0C;_xE*VBpJQH zQ~omePZ)0M4s?{!SeW{wi(3Z?b2!MNldQ8>4emmUii20UFQ2F352b_}2QF^El$x|BY27$~zF5PEk4%(WCs_->s& z_NnQL*E8IyLL!Mm>Dk+?vuAj6L_sc z6me{1pQ`z8XYdmXwhA_lW~Z`ES=Fjv-v`)IczEl)Zgr2>d!!OkHkd_Ty9uNUWnY1` z|IgQZ|3Lo#{6NcpWrAJN{C)Ws6BWL4_WjxZzYs!L{Ez+r|01{lb7a5Ezcsi4cm)7n zo|Tgm`&U{3Az=05`MiMv`l_((>~Rf^z>(pVnCSMp+Cv0Fc6aBqqhoepU{Fg-Yie2= z4GpcbvfAe6VNBFWR{9DxHCIpfW>Mip$fM@moHY}pXVOwm!GS#~nErV5G(s@I$})w3 zfH*m6+R?r|FtEC)V9(C3ATMuV_4OefuAqSQl~;(~KmDSn7H?*eb9{V$nGIYgWA5r$ zWP$UptgI&|zbq+QKRY`oB_+Lfjq335CeEXeaGjw z6V!q_loQ)qvBR}xck4Rc^2QAYOe3SmjI+8c-%NCRKY0?D8TowkeerJlzU|zH_X!(| zVe);t)`EUj@I;*AzXXX)%uZ;U$cxwFH0kUGiPbgZpl}HlR+<>PE%svcYNP|U32pG zX%Ew4$Y;}|(v0`Ns$REBf8BG}qtctJKRe#7?ve7F5@-4NJ;cn@^OCwe=xAU2#wu!z zGSWyFHIn(pAJ5py^6@L>(g?{<6OcBNsTUNFJlU2JEL56JdgSC4!so{g^gIj-&sO38AD&ErpuOC zSxv4lT=&a-)s&>kn&6Oi+x+c(x_6G=FtfPhgY#VUeVKr5^DQGY;~bht(d@}tjVjw_ z{2Ofa&yLlKb+x|{z{peM#WYm>4kX(&ic)H>uj`}<<#6$*R=sd3#zw8|ls=5vBQ7rq z1UZzI*-8LSM1kxobByD@5bdhsO_h6J9sgCv+|&BTx|cKep;31 zW5c|$+sDQw$I6dQs}J@+Hm^nT9JXv_xE;1O3l&@*wjDI>AGRM4@*H)1UT{0={JIf& z)b-A0O0Da6O3^hWO&kerAx< zLWwXa?jr;sx0}aMlLul6U)tmhiSZ^as8>(tZQK}yru5qh#pY#8iKFLy*E&9T`UqEr zFS=(EH!jL-R(s5OP>&Okc?nb2gee6OU_V4ySI=MbjV$P-_*Q~K>=bN9;mGjfnQNuUQ4KR`l7hW z3sR|6lGZl)V+;fu!O<0T6fgZthINP@drqJJodHB9MswV~<)sXl{c;8NUcas+EiXRE zA`gI|a>78*`)_xD_5C~#Qi2{*gQ|9|gDZqlzYaM%KwvM+O9=cGz$pVdyhcKbcmoJf zhb}ryhcN`_{UW&~@nyN&QwqcIT{T7);yxXjDQ%6Ld<8L0xAs`gV(n)LO6lqzNBD5+ z(<9i!mIZ>NU^0Ky=bX~klUR}v@A_vzN*RPv7X`k2QqVq`34FO2N1LYQ?y4f7<$1S# zYoBBt_*2V%7F_eXmzJ~c`a$9v>=GW(*B*O<`6?kGghU&Pto~v}yd1xOoVdTCaKz-* z&&4f>XUbDR))U>uj7d!1_Pxu*jOhBrrHdaEWJj{Drk1F35PXg1_1CUw<)K}zcr*p} z`(U$#f`*5;JPk9HTOyhuHwk>rd1c*0GUiZS->2#|``1rdTI;cT*>|7Z0k>s#nXyjb zicK?q!(6lvD4_6Ug4rcw9?CttSWD@eXA@7C9Kv712A*EuqJPWTVd_|y5z}FHv(iLI zu1hEIhI8g-(M{0fE)X_LI(NGyc34EiJt3x&L5_Oy_Q>u*!qAPk_@otjkb{{*NjT@G zNcPBu$|*+4{SD2vJ#|BV-=~+v#LT#!vs2>Yx06(=3g0TR@x1veyOD6s zMMlDk>?Oy@QDbF!Ohm=z56ld^;%Sz#7N68-8`253 z%fqtpuD~>~*V>LmbNP_2h7XBsUZwiG+V)v*zWbEp`<4THhS}R!E?%WV&3C4f_%WZN zI_U2Wux|G^6Hq3<=iOtSyww8ebQSOYC##b93z0by zcfo-}5G6UPI$<|PQ%bYx*P-NOkMp=KzDlo)UkN{ULIA}aZCWB(({0~R|A7VAo0U_Uo-m1POrr^86&o3Oh6 zUGhs-!jqC?Y%aj{&KG4*TwbFQ}3C|r_f8+RZ(?Eo$@zs9|K&_a+wLlh|UYYuD4t20Zb`Wx#wbF#j zIq4=2rZ>PDE8QL{7{!N}uEq+F4i9N(FW)KJVKf@M<=!=O&+_K(!zX#bx}f#L0v_Mn zJa_awcq{s3-I*p}Z$(f%mEw zP5%*}%v03jU5Q!SKU)NJL# zCO3p2s_!uH%)(`gxa^@ABMxb43(vQV%)Kz~U2Ca`$4c2Rh-KSIkGa|uq_ZF9O}2Up z44Hc3`tIt!j%+chzTCBBedOIPUD~!ka2T~G6iA`=n*K@F{{1f^zA|g}Pd~!jbi_Qo zy)uJtJj#H8b`HFuPNw#o4~C*Pn;x|93-4MHxwe2?UUzS8&iQ1IX&sSFOP%Fh)3+W; zg7`lsit>_B7#*hZYMgbv`ST)!;kCvC-OR?x1aPIqwDgU{mhxM&E`+Ogt=B#VNp81H zQ+C}3F7uX)9+wL-Mn41{1CxD0PM#kymW;s4*}}W+jjW^2+jTnY#vMNyso#G2cw;uU ze~3EQKnDDUv8E62i?oL%|3$Oq6$->#Z?5cZcJG8QP2)r812 z3gaCvDt^zDvZFA+#BMrk8HCCsw5eO4v)A(oZ~<}^ zFtKxnhL;F?P@aiiG})K4`B|nLDny5WDw4y+aR8`%-iSm5Zv`uffG)%yt)&LEMBZ0% zHc8wJR!g;0?1rfMsy;CaQFT_aQ$<;y3-Oaj*_)yS@g%fTg(Ei|55S@Hb0Yg;Vp&QO zKK^d5Wn!noVh6?I4olID!cieKF>rEUx<2(V|CpGp7~O)H_!a?_n&9z#Oo~LT=xI!v ze{6<-Y>q#WyA=EMJQhoXE|5SMnW9Vl(PdfaiWYR$68c$740;++i~=>7#{G74I4iEL zC9Y#B?y^}8zysoYvp~gV;EO?N97C1swejOi@sq>xhJ8x${c0w5>Y^A;^?oHo1IQu` z=xvtrwP_F$Her<$M1%ofWLOTV5mV%Y4$l*hX_A-`NnE-~BF7-kZV-Mqh`AQ*+XAK` z1!$1~lmNg#mJq>$IUa(DNg)hKpglY(rV&D|n=Figyl(;1wI)-IBvZFSc(8y;8JNv1 z#l${^GdqPlAcc211y9#pg(HryHARFLQhp;0G4IbjSAL#~1pmm@K(X?Lf?1)9);&8ww|8h$MvDB`o1P%X^7ln#U%* z#dn^G$(YDeDKAWX#DP=GnFIrpK4)d-`6nT;Nk4Xycn}Z>DL{b05L|#DYr%q8Fi;Do zwGI?OW)Y+0C@zw(u3cv>C)26>NtdSz?`A&>NV)Qg-tbE7QGcl!K@dV9{C#1a1#ihd{eQ z(ijNWRWR~na1s}W9d6I@P>RYWn}#+kJv*B+7VFs!R$a&;rOUspHp^ny1=X5?8FayP zuHZeFta931vDU0|B?tpLr=jH;s5YxXJyn(fuQMCO)#eKz3XihD+{k!=oI$8UhfT(L0Exi0ePKv-t&h>Bkc>#sZu}@$DS4itgl!1^G z4LRwYiVCSTS-Mn{&m~H9l?tv!NqezSR1vnRNPDH|a!xYA)HN?OD$hMO!!`s(nH zhSXtt(OvVW_EIGu)RUZ6o>K27k(fVALW4bBAs{Y{7&pKU&$=rKY~>`w+OQw?lCqS5 zICR+|T@G66$*0k>guSxYdpTKwIh?cwr|9x$8fj9-e!g4)lnV+2Ab7|!$I+TP)2zyG zwWMz7YVKN1u1YG+Ttk!dH3u|j4$#7$g)W0UV3lvo9aMR;X^=I%2!ID!^B!Fjl2h|&#Rlk> z{`sxu5S>%LSz+?J(aP=F!+;Xsz?`!3#LIw+0%9a^2}>ggh}7mu*@8esx}{TG!2)n7 z*D;tAkwQV5_JiOtIRKDJw^T~JK&z*y2E9PPPNNOVp_k5NBdkjqOTW#X@gYrk=_1b| zw%BJ=B$WrmJp>tVP3!|oo}HIT(l;@V);}@>XwZ@;Tn%Tj)g5IRy0r$n@&>K320_Bc zt{@P@NCN&I)+(rsj2lCzo>Uk6{0F*`k1O{JEZI;p>F^vh8&vtct*LsrTnPo@BL$1O z)UseoT-x#jgP=cF&@dEm905dp@4Bu@wo|DVXYo>NxusF6t@TUm4-1H_aNS%$-K*C0 zD}db$Xnks>yu3!6_eNC{y8cq)8^~W0BTEP{OdBbTnKbZp-U@1v1OP@|h{X@qP#YDqtj5Sg+Yx8CU2KSEOOqfreJHtd!4a0$S2-uKNW@+QJ4%ssPXo z*6q4!eZ{^)cI#$ei!wFR^l}>KLm|*{`@k)(m!}q4XY_;0=v)aP{sA|XWB%n2o;uwX zk#%U|%ZfVQxMFfrozy475~nDl4orN3Ai1G)xRvP?Jx;_5RFk{tA zT6kjX_w>}@UQUKGyqtE%+6LO`tE=T@4gRSG%h~coJ&7I9#bS%RV1)@e;Y$MtHu}k) zG|lgu_h*J*eA_P$zH{C7+YlK;llB2{)EbF#W+W6K{`9TsskRCL?$xi>M=X z1W=C$1kuk2;~LH5Qr9c5!nS9|SU4=XW+k`}WOAokA2f2_3v38RkF}MR2SB(GT>{6Q z?<@03ut2ZYIOp^nOD&j}7hpNYTsft}wa{&p(V`3!%CP_u>3oHA%MG)MMczUCc#!x~ zyNjguB^d_X<0o%pjN~wN@St@(jvtaKl2v_Dr>nOvx@7;!Fax52&oYk76@!35V9LF0@mQKpY>zYqmXK4xg$ z`3YFgi{{-jdAsW7i{re?>F{=VF+Sq$c3Jw5&h!isWbRf*v+r7^89ZM&+Cn}De?=S|E z-VY~@nlfljrAe4te|5@#AbOYmI-PNC%EDqcCv;7GZ0S0~cuLN6^2hqri3T6n<+l^L z@G1jp8Ss;XW!pULEAAET{WZGo7sS}7oShp|**R5mo%K&%i&#C+M>lP%??2fazAUpC zhIFsCYxkEgZTgylc&5Q>hyyj9c{QeTsvrF~YrzzU!Q3X$k`J-QA@3_qJEf}EDzfTG ztkc@qTT07bNic5P@~2nGNNB^R=H?gNLc(H<9Xvc5KJu%yL!DR6T|e)?yND`Y&C%Ru zJUV`wF&EQ)XIZsdF7tlu$9SuxdCkJxc}-Ld>x|gpU#5*zPva=8F_Y0C90ZWpx!*#+ zf@7Y@=q20W41p}yG}Y{_(qXts)4xg{z}7y&%};$}KPgr(1xi}W#y8IFw^1PHx2rAl+<}aEg;tAv(LpqNWe(gXA`h>YpDCEJct+Rq24ai^>uDuiO{aw~y?Vkt$ zfp^1rSOC6fB~<>|a=(x7+6)xlf+0^K=J^I$D4VOSr}L_eA3rAXh!QG zh7k#gM6_n9@Ij%|UA0*hsH#cDZw z*U)rpb!$5456mJrNe``vpx|}H0@fO%{yt^dPcDCkeI2t#@c8n2b<*oE-)Lf$#X;+G z{k!twA1Og{nUR?gHtV}fS?l)JvMq6kO4(hsGX*g-O!EsSUL{TEd zS|W<_s=^uuB)XK!1kQ(|i}Oqk^wT!yR$L4;H_@olY4<*t(~rk4eOd2NFaw`Y{+ zX2xIAHNoU1i-73(R~rb7RN|-&@YnKd$jMj;tX7?SKvd}KfNc+gKnXIM&ME4(wk>!| z`v$41)_m*S&^05Xn+x#B6V|Z2TS-=4$oYbq!kgUO!Tuw73vKFu`6rKg!{fm>eTToT^@$=g6;YXILwrl+tdgO{QK~KD|-tiWA-dp8)tYZr1r4;Gapq=HU|(eX(R)9Lb~Mj1+4t4Bz0Eh>SJAMT;+XXxIj zF3wx<1-~3S2*|s`lcNR%R-qO}qLC~S$+mXt#SkN*{O;82L@ZDsE(TOtb+dP&OP@LtYb%3Pq~(WV5*YI<)&o^T}86jIX?j8r1R zXFch8-VuC-V=*?at6Zz;j_M{MU|NIJ!jZT2^w9MoW*vKB;}}a%N6?IVfTF1}_JU7U*Um$xcD3z(fzI%4xN-yjF=%PtRU! zR|F<&&%P}tNTu_wTC}=(z0EeB`SRjRm;fAf*i6>N$-_p*O|V;C!+ZIrV7$AHll*$j zjYIdETi7D1K~aU1ZWZ6N`1(O9%N55c#r@^Ey!1I|YbvSSN)~+;VoM5Y5UJvNzl(%~ zA{L4d4B@i<$hVfFuN&j+{YWFlmhhTFqX$AFvZ9<}Zj+w$3fW?Xzf%=mO|X+6Uu}F4 z?D!*{hh)!Y7~hQ2nQ)mFH-6y|LKzXtHiu*ZdKp5F5y~FbKGv47{NA0`zK0qw3c6|W zlKT>R&?axc9!~ri)HhV8B1hjRl~|im`EX#{|F#X%H^4x<6-_`#a=x*|bCYIMLC&J| z=IEOPeHte^Y!WwJt|JGnhy|o^?(z-pmiL} zqfy-U{Sqbiz}s?nZfP8Da=S z`MZT_Jdw4Da>Lq@%YtKG{NYm@%q_{|6(uI2Y764)_VRWLcqO99f^Jm8&hBjpe|LAg zWGx#P$d2nvQy7etMN!hr&RAnup@egdier96pI?aHf({9Vnd)sxAzFEAyj0V|Y&y&4 zB-1*qLkSz!g;@}M_-P}yuNt;RrMolTT~G0rc@4yx&9vk52$X8-m*B%@6JDxwe{t)yYEQ#U!hb zzKW&?DNB$enJDGVhkIMzrT`p*&DW=;^h*bk_`&6DUPG0t#Ze?)a4CislW`bEZ4l)Hi*2CouW!rT>-Ag0m1wkUGM_HXoRbDH)>d6>F;?@N#q>_QQ3W!k|j6L#R+lG-# z+U2W|;o3?o;{C@UhOnRb$anVH1yD=|Z=6{H@qECz~cOa-d8#?fP#Nq6J>wY<;A6hh$kF`gUtet0*tou`_16oFLPtk z^;m>24pX}BlvfxDo>z=B+DB#EI-(R9UGcp56s}XbTU~xjFs%GGRpnUw@N13*?WHS? zG)=}zw9O;ed9?@6J#%;x>T^wQomlrrRBze!4c$hvtflbFd26@t3|m$^-fEuq7D*8V z0@<+rQPrFR(^(0WFV`BWhjDNeQ$SL4C>$KX4zDEDV}1EP<)@%0q^lC-w0HenlrXU` z40Wq&vTp%H^n*g~#U){+7A3wxVPj}6L%`@ZWm+*kej}rQD;!kBV zlo_n7da=e&t>z^HSrZyZi>pUPt1DQk@XtR_<})ui4&pv*K;H}CglprF8UEd)I%N!f0xGgM9pdikc*H*`}1sOmYnJ?iXCt;X&T+tSH9~ z?Xckf8al*RhdW1vbgRnF+uS0->fv&+$ib;flyFbWe{mGG6z>U4erV<hi=<$dG_025Be_(1PJf#q?mVKsA-PT@eoyFZ`y9)nyxQOd`N5aB-Yce zkuY(1vH z9;xbz58%pq)gwsoZmE}cxP`71;Cr!hMG=+DlyMW`amkU~KwrWFxWTY+fjg{xJjWPL zjKBpQ*3caOq2MT`%^O)&ILaU2e}|2T#~KoU`!2t`=a0ReC9j>1q-*Sz*R|~^IJJ7- zZjn4ES@I`-R&{di<@3IlonK9^*&4v0D(>KC9ilBL+^-Z`(zCUq`8rU?wQTBqV{2H9 z?9m!;{!`Tx5mFf$_zlMEl+g}1ZqF1+9GlLs;}~GsT-|^6avRoFQU~aj=5hszutEk^ z2IG@C`fu>~TV7Ek^em}a1fSUHVC8C%K{1Dn z%ZQrenWg@zT^d4BtViGBF$sP0oK)!|3ek5!z<=rjC%6;>*=&%z#NYmOD+R&h-u9s$ zZHJ?#NTrcvwnt1ZAiyq37R-&fVX10idb>mG6C0laJGDpg&Jg>nJ^Br0GyEa|x4-Ja z$xUrxD82!H)CuQWYtuV-LVS5T`FweJfXSUN9tNUf1^&HTJN3+5z|Km{C4Qi(dVxf`6;$%d%7oo&3`yN z&;wV53_WruAf0%|_!^nz&`M*_vH0PRK^PpNw-)vK@&_Oj~EOD2ofcUl!)Mdg~lq1#gKc3EV!SX zj)mro&b8U?^d>1v+045S1Nj-q_VLgBbd?%5&_*FwqFuC_zt>zkKum;(SUHmY45 z2w{lnI+J<#kW4jXdveH+9 z0;Wz|?Nx7nfAI(KlL#$eqfG(OY6b;nv-?|V;R$Tc@}lqyAFct44<}% zZ(Bq8CvwKzUOgy6~BEK)nWHkK{x9e2)Akr%!)O!qHM0fC+hdCJC2t~t6jCIDX zET=*J{Z)-$s~V-^d^x9Ksx9{RUAbi#7NA zx?}G1m^c`E-!cJ@!e1l6%1xCL>P)JNOx=1@ zaw0~ddyZe+{U36DP4On*04=;FGh!^5($eFOs{~Zu>Je z`qZ@x88y9`i~~MBh6MqJa1%un_0h$63jvVO4e+nIzNOE*lh+f*d6uR{!w$tCoALM` zPkOHR#W5v@4`mf1Ou}l;z%5>hT@ZHIG!+bWfI#SwlJY^$%n47~OuK_dhJ2W>(I8MV zq>@dX&2Hnj7+5LPz9*zrLI0TfGXH{2R|Rt;UX~NRg24Ehkz^3_E1zb0D&bm8o%6($a*)NNL`-sUL%O6-zcSnW+cIcl`$j9@iOdUVuhY@| zH~a|p z<9-Q6lN`nScqKNiySlqkFDB<;YfNm;^vk#|L3Fqwf$a?V{twmh5+zj^9SQ|lRpcY^ z@6&QhvWa`IpQq8x<;J<>Q%Srypf4G49(++} zv7Wl~Yy4c?r-cE|ZLi`9AxA6J6!GVMBuF<}wqWvh?e`RkFP|g5?#Ark*j{=d-a1V*I+6N`GiiJHG$SFtRKv{2Z z-Y_#TFXWy#5U}0hKAa;uQqp7#9`_oK@>RMzQg*M!>B(!(#p3r_=I^0HtWnefvAzEH zZOfkcvF z5(KQrm+R81*~nAr5*5E;rTbJN?KoRDobucQ{!*=G{SSF`GC8a1!tXc@4UC;aR&7$t z5-=8MU6r7;tf)8!UT4bYZ=Q%|Cf+Y_F8B!=W%4$cguww{X8Vnq`n?1XDQv-uCPH1! z1BwQm{RSN-INXi=P0hsMbn9SzHI^JIkh*_CvUaYuXcSgX(Zm1Ka-fFyal0w-Ed<#a z(X(RpoSet*Uf#!uJw>aokNpTY+kws(wD?VIBSd7KwaH{*X^?FFX{AB=mXAvw%umw| zEQFfJQl{Knl1mvaIi;_;6@foh8QrHj^Zy!Ng62|2t(N8w#nVvEzEQ$Z!x*D2irPgM zE`N3vnNdc=&GJj>A4I?x%<;np!F~$Uxe&ZNv7O>A_^zE*TexHT{$<_g^ZAJlBu%gQ zI%bE^_|ps1r*x-7w>B>55-!#(jn)3I5cqPE1K(8A#p1oWCd_Lx_=q#zyM&47l*Bi|GBlQ4lLKQ8O~Tn@BU zKoM_1?AisM8q4;z3bijlq)VLLtDn6o3YKjtG=Gim%Y;U09mTt}O;vC8E}}_zLfd;qu*%qhwXBNxgF-70uP7^O{yP|rs=p6@Y_@JAUp9v02PsvPXS`KLyG2BZvLPVc|r zgLK3D0JIWki%0o)i04D;=cKu%ZKS?I4dByb>Cs(-kl#=m!>M74z?g2RvSS) z5Qjg?1a?0Fi-OUrncIYSOw7*5OLYcVJ;rU#(2@9QO2v+mA` zl-9c+sbk;U{6@y#`3%I=c5rG1TFQzBz>GA#ym^R5QBq?%)dNTV0(Hr8q>-g@ApII4;?mb0LRSpuOz zEH~c`KzO##Yr4LFdj0(6&tGsmv&$|E+MZt_D)HAY&MYpS^DSUK4#0OP97SMndIC*< z%%`WCMm3&EmFeMO7DZ`C!d*7XLnv&{aF6|kx@({uDTs?ZUXc!3`h_fXN>rS?MhaDO z$Ip?3na;s}MQwD4?^T(3k~XjMoL^`mku?w4AUD2Ds14LTDK)Qmi+yRi5zvb{I5VGm zSa7&O1mhb&W(tJRpa31+U{Fnw5?CH8mAZJ!Gi?$qf(Tdl6W2vSnX}BpnUnsuqpnkuy2j4>bOTpo{o2#2WY8=~+ zxw>8fc;vVJWBcd>@8=S5vf|16SXkD(`+d0HhA%9Nt zF5LCB5F8}Ep;fR=wfI3QNyk#2*u?iOh6?JRV1xUedbPF>bY8{7ijW+ZEz|9`eX|L^ z;WY&#LZHM6tO4QLOynnc1@FK(-fP965QRb z4emt>6etqhDXxVEE!rYQ3KT0vOG}}pKqW8#z4zJox#!%w-}BsiKb#LI&oi>dnsbhk zxyD#?N#>a2r&f@C3+Ds8Wif!@KgAMG{(|MLF>=^+fm#@bn{@`_kZfclV|PfB*w=SI zCnx8{GhzePY#fdvj)Zpb@ceJX3-gRx`RQ|azy=6qGA%0k@hH;tO;2Xp=e5<6y3cW; zfbE<0>(sey5*fc2HZU6SQF6B)*$DaKVP0GDN4#w^ z{t;jWtHdX2rUZ*8u_c0mdQEyA0eRg*(Wg18HmqWnAgxw@v7*sVe2P(N)z`@c@qXE* z-(JwDiS&=_I5W5^WSK+g!xkX-!&K=PaAGK4EJewm#_<{{>KjH080=HLW#U+TRb#1c z0u~`jt^qS>QR-o1r|2n!D+&VDL}`5jZP~BvwdTfNm06+YNfXIgdE1e>xrEk(SFK9+ z!$$c$wmjOVTH59gPESqyc8?zT^}F*<+t2`5>({?m10}`k+5?e>9x%yrR!ZvSbk=+| zHnki~^ku!FGXdj}%3W}DpmXL2(8pd&i22)D*Yk7$qS=v+qvNy{{Bq)?&oC> ztm&3YYZOcj+p(~}v)#j^XrAqJL52|0i{a1E%Uw8BP@2-cAfDvYdB{a_dt?K#03c=R z6s`J;UQwEzm%J`)Rd^#}qpiI$y)c-}fXT1)G5nU~>=?69c+E`KLoyAVH{|L;9b7PBcRLksQoK&9_#Sq&qQ#%M1X#5q$ z>_aS3^GHj}jkpO%G9Qak+2|zmM9k|zUKOrc+B0Urf#KWRI`cmZ-35m={-i6)WINrCNPXG4@g+Pty_Uxkp~vYrl`Zn40vA z!fG zqc(zxXb1(2x<`zN>rPTjO&!X2cXLPp_L`65-^;`=zIP;2E;M=u#kU{^QgjobW_Nt! zZ8_9#b$0J7TZ~XXtS1wE@w}&7P>COxS_EiS{Pw$A`4`KM znABSlNz04@F)$(Ys2Lv#$8C)h&ELfmd=vNJM`Bd%v*pW4QtpJwgLqXgdZOvCm^R;c ziv*Ll`&rl`WH?d4y2pXlUmn_bI}Sllf%>H0On9@6A?@TfQWzf5ry{uU+m$uYTNLx@ zhfCD&&Cj7pk|UIoLE55CM~l_)M;Q-t@g1-&Q~#JOftbU@@l3I@y3?P zN~}?p?~WzisJ(Ue)|?nMQTp;ce&@qVIcXIZK?tPZyG8KXk#gc@pcJZ}_)Ei#_0vry z#tI$*&hC#AHl}IbL$$-)X7NZ{V!(g{OPhP_C}S^#>mAppj=@A_iMLg5u^3@VE&-X9 zQD~H3GZp?mk{SQR*RMP|YbES`WX?!l!3t4?wQYqT17CiBiF@>Oo#g(_jPIX2NXy?RcK3g72tB;+ zyZ`5+?9t6D{kw%4_c05vo6!pGG?krQ0QKDf`W`OD1YhF1t$(DJN6fr7+qx)3B#>u&46a zr83&34A`ZnE2oa#rOC0UEh_(!vP;`wPd2hm*Kbdy2WKdqyqY2~IYNWSlE1&#W>TGjH~1E4?O+cWE-8R!5o(LLx1wula#6g-3~cNZCC?5mX`&yl;2}0OtY)yFZkS zB@?T#i6GcKRM08%>>h6`VJ@fCY6BRSmG=P z@GrOuT>`f-faESJYje-)9DTOA&)KcS33U)#NiFZ(*S-Z{RqbnCIox+pQp>Lp+u9=m z&l-%dlc%ygDZ$lO0B}Mph_glvK~AJrv2Z$e-N%*64;AOYvz#ZaJgH9V?bWIiWfWHq zAe1x5R+Ta5ECVV*umNo{5krzYY+QxZ`kaCRHnGXJDW%g?y@`quSVtqVRgMlL@!S%MO4 zf~l}L!LznG4!SKP5BawZ!)gqRIX%fng(o!J?sR$`1~=FVb+aS7s|57W0g{K2vK$|w z4uKViKExknn8tWOBo+tKIjqVTZXABc472v({!iZWcM<>SIZ^34I}b10w% zCuDGsyQlzE0ph9Z+Y;R|2@hP{CE2`7tF#cFQ8%ZpIs`+kEKzNl-w;BI>0VyRW1bZ~klP%rwhRu1CM zFHw`4%4=O=%+$^u8haWp+t2`UF?n%ki%*?bE+*5wybRd-?Vhn0T!R;NhOPXjWDQ)g z?m@44crG0EAY6SzjpDuypbu@nf`PL)I35=t?CwovMf)nq!PLTCI6d&y$n?BppRglKb(py}oqI z$$x~O`WkSJf0DG)L?U0KMWH6jd!oklp^8jdF+kDNr^!A)mT2ET|20r}oo5m9d}yT! zldp*REX2I!ysTIDn@Z6Vbg1*kH&)?u6aG2C(GQ|r#-g;%2zsu?&c-3Ro!i1c>LCn# zQa@|Pj+bPI!IfhsDDxwn5&rIfPAKL;wBbj5>c=Mgnb?k%_@^I~Km-c<3VmcxN-sil z_r?uIgQT^H6W&*7wiU#$!b{YTj#C$#iH^PK*Zf5|V*F{IY93|z)Anqhmiq%~=PCIZ zsRr62(f$n2i3~|uMAF-6FBiIwzcQJ_nd8vRKj1Kec5K4->?T|gI~%3>G(I7E{oM?> zi2#(9VodQ-Ic#S2y+5ZN8Pk`qrn~;Mo)=s*Bo$C1=AR;tHzKenNZyVB-m(imF{;J2 z+^OZI#C@=7>#+Y(!0Y1JisI6?l9@GUjdvNg`WhzpTFrSWN0|GpPE|yyW+oWV<3E?< zQKsQxUNaaQ8C(i%!y|OHrYI--&NZc8ChGfbzNoSmzrP_ygN-FBLaahmJvALZIqkr) z(%34(Q2B~ly`B1JAa!F2cbq0AR;m!fny%3wh^Mab(w{+2oFT11Z)BVCX*SP501HWb zKym>)+cab>!H>|0-5kC8J`G%_ao%jJ<#?fGEFKhdp*`9O&umw%yio1A;N9-j9lhY2 z2_V>=WjPjQF(9a-#gR@^Y5__}6_gk$kG_`9U?#d0$I{X$L`Kny)yrQ}Hg@15;`-Op zGHkS(ev2DFTDvXq=hQ9~FHp8SzA&^-)g;Nmk)0 z?qfP|TW3gcyJ>nlbq@U%#mJPnzP)K?L`Z#8KJ9pyrJcEx4gE*p&Qhwo9EAWjh*JNGhq|DaNzi;lvj5i25oT>)PIz-sPpFqg;p*^Ea=3 zQ+j<#XXC7v`LEY=SB>vNn3ukVXkX+t#X{XibDLuEns8OwE|l3T+bvh3lQbQKt}u;V zSDgA`-%X@_$S)xC*XbM5EZf})r(w)97dY2fzDbv_yAq9jldZG~CF z9*A|e*c4JdBE!YK^sLjQc@uc#AH*Is?u@*t%u*_xe^8hu>3NPLLQQUvNrl1f@TvyL zzUo>X`!NcJML%LPI}CMH@1{8IX#5p=|7R$Yyg#1{8bjS1gW0U$3kuuqh*Q3eyB}|+ zah-PBvxvBTyxP48H5&&{vhepL=&N~Wb;iekD-P{T^;}Nt>3!<@pu$>QZ~MAw^}6Zs zTJ=XSFMP|&Si4sdvYA^##Q^oL&N#yxZ)1yWSH8s;j_i<+8(mlp^qB@HB!bWQ-xb;oMrZ`apX+b(y_v)mS5FYE2vU*j2ty#p84 z2EMl;&S1uqj{`96r14N9UtF7O5EuH^^aZ-#(Wsw){d$=O;veHJtq{U>l-DU1!!<4^)uFz-WX}tAgD>6f-sCF zKU;)}_J+uzQ)YghzLEd*>fzkLZKH30^nx_;rx%}p{A$J#ooDXKCW;Oa3QfxH+18yl z;(M8`t+?eVTd^6}J&s>RfjpqVw1sQ0ct)?z5db)Tt$%+tULN`25c(%*(fLYPOs!A{2W=(c+-&7z zUVf7}ymzh}H6GH%x{Lmu_-dE$$0Q7WNCcq}?|***ZG!QO%Y&hq&S_X3423o>H^9?C z4a-Oypoh^vubWugkVSQx{0IcMga0{H@iMKsD4{xUaQy7a`p1$0vLYG{Qvtv=T2XJS z^~gQM<-x;;TQf^yZa1xkP5Yl~+J5PsQ>|_Zmc7t1#oXQ~)n$&w%rR%~{U#a?M*fG%{hTxEgbBMQ$2$4B?`v zqH-Gonp|?prjnw_0BpJ-+%c=}WD0?cc}--7FGZNi$S&q&Ix*!HMW>Z;S`03f*y6g5 zRA*9w3Lg9}BI+u0Ke|2Vx^T~gr`4X{JW4MC9gppNud>7<@m9RkMXd2`*kwVj=Uvdt zIXOIH2DyOzhc54}AiZYfmX~?6lX6U&6~BG~H~TY{b7CQsW|C?ENae?xC$;s;?xu*ffHo#YtnSE6<|QGx-i1ubnl>TNAhlW@V?6h_I$85x1_!`o`?iLfiE`!J(Nj^StC$8XVl$&f5@Nm;G z1RFtjhW5yg^*U>=Mals&;%?Z4;Sr4j$P3&fghGCn(g%fb-1+DC%{_0Q1GT{4j8!;) zwratYH~gR@*5&cDqH~F=-<6<&@8^4om7VfcMJd3IDs46$ob4voUNhs}keKl}KtL}a zk_ghfL%OYHAW=!I*1-xV!k-@o12YKET8RleyQjEInm9yxqJNiX@Znr}(U<~uX0)w_ z3CZa^z9P?b0^LTnV~#foSw27oeRdNbW0cXHK+9l)!wNs250_+l;e46*lrXuUxAHtc zir3jD2q)*601L_&rY)c{CaKEf0EV(o`nS^2C^&&kDMyxXEEi}vv&78qJBdxR`oWZ* zwXIS&`gvkq*0f!Wv+NqSzsm-0c9FBBveVP=Co7&3CT1$ERVDee9;Q_k*52bf1QXFi zAMJCfu5j(u{0U;zoU0hVb^-xbyt1wH249E0AC{@etv&ob_w*Ylv;d7*RurR&(WMX+ zkPxX1w?HPVdKWs-$?w6brQUbSv}5TB7G0OWnzHT5cZKMgPn2pW9caCRXp5uCjf7e8 zXXQ#GH~Ey7BEMost207S502Z*F%2%JoK4#}!st?sFt-yGvd+TW_DAKc-#Rg6ObKf% zdA-Y@I4q{xg z1~F*`n0O%)60-qVP(KA)s?moYSP0@#M}8u+EbB!2Nka2lSyov9POD?VCzH|i_4hsw z+Z%I4pD&w!_PO#_eqh;DlVW`M?XyD?-QC;HRl7tKsjKSI>Y~bM*VnFv3}2lm96McP zcns`_P7U*in>hC^ymie^3(J5pNiEQl7Vn|k)kBJK4Sdp8OBv4{3XHha=%=|HKRBFQ z7M!51)=K;^js`m#x9?pxCx(uepNvkcH{%O%kt;Ea)GVDePDcj7MhR8Kp^*?SN%UfxCVyj1ZzZmLYAIwvy(Ck7UD~} z0b~=3vVzy%CM^V`ZT#d(tj~XC zVE-YLMj>K}j*OC_a$+?`Jg#` z^$Lc-;jjNdQUtTW2^lNHfa~;ZG!1@}E{3n0*g3I%Lm^0KlnCVa`3^V}#ms_yi&V4J z1hiN)_l||^@aj`geMz}YdsVeTiPl?6vH20tSqte|4ADD6tR@$fu3o&MYK8pH?^EK- z;64F)r^J;^ZQ2A#K{b^29qR0Ie?0(TQo_U8-~n@c|A9zGNn*>O`S>BtS-B(W+idx8 zT&f3Edg_@X+&x-cC4+f<$D%wb5hqZ<5DLwwa@C{5u^u+mPviT3=?F(x7N;Mptxk7+Ou;h>wRLil zYB0$^F)@!MB9HnJcII{=>$haa(?LD_`Pldd!Mit&4#u6J$t0@!vGS91I_UlYQ1+;A zF#JLSz4ED%7~uJ8nCaWxiG?3A4gax)X~aEwmLsUyj^w8sB|FRrwF;%x1PR;8*jTeu z%ExE?s3r@3l>jjXjbba>Hw6OKW8ZQ8ZDRVaCqO#`-vkt4&=E=5CtAPFNK_2)>O{H> zbwb+ZDli#b+}biB=XC)=mi>Ty7at)0JkL`cP9fo^at)3}2vZRR>DR(pB&CxO8+_Sk zNHB@*%1pg{M7EpKZwvy`fJbf*z<>SeBjFFL4HpFBDXk97zlZom3jSC%j!E)Z{Cvp7 z^Il!cT-NLt<5B$hG1;~^P0~=Ykp`JnlSFQjmm1od_AZl>saMf5xt=#)T?R?bg>zC-|lsB0rjDS+G0u~YX%l8N$cAV-VV z#`^=v7*;N*IyLgtOEu%^P}KD2BAM{3PbKU#fWv;kvql?<%v{oDQq{8o7~h&Lh+AMB zV_Jif3t@r_VbZ|^#B??^EVRH_s;>agDw8yypf({Ni;U3C;abc!^Bruq&dcGz8{;aW zWi?BFx3zX=Q5{!4E%v5wmAKiMK@R%LPLb=a?=27GYHD=3ac`qyyKDS8Czyzixy&zx zu2le5en9XyM))G7J@yuUGaW4gkc=a}B!wc&hjpClQW5)y+C~f8$pk{x2SU1MO;(~O zf}P9c63ZLNP%#Md=Z4v=@iHm<$?ZAiQWqDA3T;XKutIRBkQiNTKzR%Xid3u1Al&Kr zIb9{oHXMfq@D^qofYwo%D85dUR)faS8g!-(5RTwC%ibV0#O`Ir3FBJdlf@Lu_(u%> z8D>L_ROFI(8EQkH&d@T`K0d=$*dHk4Qc)nYPf%y0aPwE7VBt9;$39t-IL1<5UnHJ6 zmTET!%4;xCiqnR7DvmnR)AlbuzrfRD3oh z2@!ICW^yQL(v3uWh%_pI{OEyE-jSJ9iL`c)MoHax;;ZB2P%(Mk0pPfHabFhsy$!~n z5i$>kS+`}LNb;j;3cyyKHDkLl#=zkx3%C#(;F~PEDPI144@zQjHKtrjE0av-x8OtQ z2u$u7>wYRfzG8XZAc3(`3_?kKJ<9}Z2m*Yyzfr}@F2K(|0FD=N$JBQn{TvZy9~0gz z1-8bJz~yNTmC;x)Ya{tuW{?D7<&bMhs=Iixps}6yEc3VJi=<=e0RkfY1Il3JZ@x*j zps@+$7$A4d8Kv?^mML>y>Xm~iTt!4v6Ll3^m^lVF+K17V1HP=6mbfJqm6t}oW8LOq z$th1B8=hiVV@z37%{?Z6DVj$|)>IJ$5}HqSP`T&yY4|%X)XH5=Dr~}b_o;j5H2Vue zBer~<5qh?F6MSRjIM)+?zc@d#5eGzdE$ocBn1~FySA?-N5Qx^F@HJ@S#;DT(+S!ni z;BLt=@NM=KbKR)?{1AR}3^`N_-2jA4=Fo{UavqntRZS>jKK1j=bgQbgtJypa1*0pi zUW#}EDGG4+-=%o%6;RF7w2x2<6zOC;&GqfEiqSO=%0R|PvFIl8>63x}DYcq1sb4Rt zrRrZK7!U6eW^K3um=HJ{Pzsa@@dZn(ozpC$Q;j}dCTE_crn9pqXnIygJ=+snho=5% zKL;mdRi;agO|3KjnNs+zNkydDEt@KhP_<2`8L}WV_*P%+TrJo}0MCG+oKE&5E0~Tu z28fD*B6Iuk%Yz%^Hv$Une>SjO=WD>KM&X3xPP60ewQ+EER`xfB{SvQVbSs-A+9+|( zuaSioE4-PV%=o0|D?GQPqPxt_9{=K*i13tHZx#XOlbCL!a%6hURbAQx0_l5VkT#QA zvZ!mr<7WZZM0b-t?6OI!uU$NCD+%hN@Yg1RZD~m5AGqBR;uv1S> znwF@{$Hy#C&~4(~KY$JG(M>f5={h!aFb`Jc82}h(@U^qDwW|r>XH9jzk6#r$wlJa1 zS1H!^1~67;kNuP~-PauNh~HF^q@Ko` zVpUCVq2DQBSMkcw4(=i1y=Dr z{cx^IY$0W(BNshe%2x1{(yg11bUBtbk@PLsyFe<3{;s>3Nr1SanJp5lK*kg)Q{b&$ zm^V;p3(&Gr#$~tCRuR7_zsq}5dW^7Y6{WaN6;g_hyX-^a8>~dYhZXU19`yn>M5UGc zrasyzXWy`u>}Pm0X3}dS$>@yym*>2ev5c%(A&g5--v&Z|D~bhA z)W4|5`Z*feCF}`~d){~N06jq#i1fgS#l!~3fut=m;eh+tGa9)S2ikmTzhzQXQBwO* z%CH#PjFV*=^M3P1da@p()0$Jm+y!rGZ(pxgN6xpy zR*wbb4=RkB+vw~YF1NCQci!V1UQI44KG5v?@j`4WZ{2(&-n5No&QzfzO;dnBo1BMy zcz4;!K4W)&h;%ZBzSW-c2#|we6{X#b8+@zzWwtpx8o@XZtU}BZ>At&1NVKafM95OT zKi6F-vBd)+|JW?j=k!XcYT2ujmzaCp!wUT#EgD8w6ab(GA#o>g?Y`=~BFiQL+irB@ z$MH0Sv#wizBy3BR=H+<}6YX#PJX;y+c;z>kmXg)M_^0uu19k#$H}m`k$pXozj~Zy* zu>(q(kvyH?410o=yd>$&|W7a4Eq_BGZ;=F7g7w*$zvu z0~ep}J>ke^`e*maY)#EDza6;ZpX|5e)81$viqjQ(T6MUisA-!0J{jBqiegfULq_Tf zJIf^!?N(!~iQ6Ca_nPr8zi|8mDb0Pt!U3=buXf|_ta_&iav)ko5QQiw!*KK3nOEiw z?6Nd{cF>Z{i{&R36D4VfhNXza)dOrQ+f=8re4B!;s3l_=H3sA@hk{?YFbN=AH# zl2{NZN+aK9*b>sj;3U5V7(ned<9vZK(SkW$nhB)bfZB&Uv!CAMU9*%!`U~>Lyg5&K zv0Ujl1Z_XO+Y>m9DsB-9vD&_SKRnN^NEM4n{wSe2x1GH+3tJgHp64r!ao%9O#gCKp zf9C3JR5yoIUXee;G~1aLFS3}*hrq{^)!c#$tWzB+fFstVt%{(c{h>~$Ov%&0U#pi( z`*@F?Y$cDu5lcP0`d&`YGS5>Al^aihA5a%Diggy4;R3&&=S8CVR#8ZFhPX@VZtsV&xbL4I0z&^qi zLI#uP20$s#9&Q{4S>tDsBMCYg5MYwSxrq+5l`QDEN#EujJ2(KQ7W@brBLKl7Nv8Bitk6L0npDbP#e8E#?G)5uOaK>Cy9Tz=6W9cs`S|(RlmhB-6R78h2 zW~aBDV;{eF|LR_rYND|2&!LTBUBD1Pu^Yluw z6RjHb4&=JX3Ttt|0d<^*uXR0tweIyJ|#_7Z1Fbe8cmX z6mcw+UFjz&u2nEeT5N0#JN3o9V5j~`(Cd1Y3fT7?m~40P7pGOE?T4y?#FMf>DQAxxA5t@^^p~x zixu;Bdx8k>DaXPDF0EjM8?t4I(;R>;Yd zcf!S|W4|BA^=SO(3u;$b9Wq`e=VP+ApsCpKkecsiv9aA21?5Uuc!k+;L-#2u+EH^&sG~Aw z>ay^OpCcPQyF9C6zC7^j$*2U&m2nzuFYDP)z`V992jz=SWJ;euGF=`F7!^hIh|Yf< zPnQcTX(Z*YlMA~nArx#e5HLbK^a1(A3fAm=Q-O`B>EAbiL({*;z=(d3oNvWM8R2gF z?eL>UB$gO9Cxvw^m;-!h+ED@6X+Qu|GQzm(ltEC98xX__Kw-tuH49}0Siw^%^(Kv_$#~UxB8}?(#3CR`uQ?{C z!PJCXQ@l2g^L5B*fgwC!GU#-jvYy3|B|CLCipNO=#Q-7vy#H?LRc4iMJm%IXJg`wn zQwZz@oqak*hE4ZG)Ob3yp&hUQ3CD$1Pb+3HHim9C{;1Sx&VC>8TNITybr)_Bk@OSY zjHZ|S^C13H!r6NF1o4aCOg}P;v9hCBmuc&M`f7EA?H45Uq76W1lGy0*}biu8(cmQPHYS7VSj4~GQ zjzJ6_e-i)>D9T#4H?LY%q8SU*$#8wYR$*yZj%}0SVgFslM+cl$ zrWU$9ik+h=IOQY@R5)g4)5Mp2h0QkUN*K<0#!}*#B+mZsK>~X#Mx8xp%@5BP<)=34 z!Xy8c)1j=XU5ihwiHZQ!(W;{F)p3Id6YBmg`axLS70QDf{#|y%LpJe_l{$;awirpyeBtAO;9*^fwQR{&(sps-|OI z%u*3R+#KWt+1h&mKgSU?l^TWu#q-9;=HO7_rs?tViK8@mg~n=k$-Wbrl(DCjG^VHO zoLQ`-nT_{SzOXr-^m**Oi<_5u|1-sY`k&VpRg@+=2dlMq;`L4=gBM*IGA{BA2gAmH zjMoTDctVgQa;=;o$J8hs&fy+;2To3!f<%j{XxOwU^G=;4W`wWhyDY)TeQ4v1_l3*O zvy2onBPRdFP5`1xO@BS38p%-dxu&?^t9-aci4+N`URfH(`F%32)%<`BWcX5yY0TrD zr#J!LvZepTj=T++e^pJDR+}dvWGUlQjD(m068kH(S!oCC)B6^usI+n%tUv=(A}0Fe z*u3*>*MQSul6%)$SN_SU!{F^uWZrqpbVRU1AMkJEm>IQ!zEH~09ek;#m`>{3Y^VJ_&HIc{F+YDjrB*dUDgT

    >AZ=lEy89+%9 z#)JajqvHnH)1YI)%Se2BTxvyb6dx!I8Q`**(bw8p@H+f+AZlRRtbz6UVj*$xHQCJJ zTDxNOq}$zk{;9J+7wnaJP%Wn_Mmjwj4xZ>#tx#N`i&+iwLk0?qeE}fXZ7`tPi4ql` z-1=UZG^7a=_IBcB#~})U%3IzldyczO#;hA?xHZW}57DsFJEWKi?uz?lxA!60$0n zh3yNLwcmJ#P)h)czp8L{E-e`QmXdiA(gS7L*HHDSp#Z?cLLD;Lwp;o4)jC`{l6eF< z!|AVhu%zG4IaQG@FzHiyJtM)>tf`wZBD4CgBejUs^) z&DvS|?so!uVl%!UBlf~U=P67!+E}Es2%MK$%}&43OdDI>w49RyzAtU=Wff_Uap@lC zl2&bsM+!;K1-IN>?1-IoU)Hz}>f_QZPn9~H)B+@^!hlts-Hgi&#sr(Zh0|{(@rbdu z{Dl;5e@-{HPXoW7A+iV$-F_?Vqi@Q)8ECG7YXbN_! zdntX?@a`6}Z51o~QfL{jApPFm!KeyQ!MOk}9wCjp+AG{LGDwW|jCmS3#;0fjIgMXIlAZOgGPseujyP-u zpA=Y~`1x|}UoLU480mf7W0Q@2_GVLBRNzT_9GJks`Sz_;w`X`NaI!I` zj|dfO>{Ja3t+9DW;6BFsIko*u`sK1d;ip#Nh0=P0f%aE=S2m72pE7F6*?rK!N9B;m zu~v2C5E*Kul8d^#upC3JeDbJ)HYZWMJx5fiZzfJyC8gVzVc6k3=b(gdYEKwc#Jdq4 z{WH0KBx3;*I2YIo zQYPC;e1!!tgL!+L3n(c%GUh*A>{b|FerQJh$jsG2b}`t}Joui&qiHoqD^&^Ka!XJL zX~qvtl57%ZXKy=kWY(^#M}eHDpIpwty(T4`k0Ce&`5`jObrU;I?m(m;>ZVYKvlxqzHjcKk zP~QKD%>y$d0ml$j0efo`@KqqYkc2Jign|%i&syz$wy{M zNB?9@ySC#h)$D}O&(&mqa+gO)6>(skpE*&H8^o(81r(NIqJ*P8!5#66TT4ClNEGmh z%i7bK=f^UXjn3U}_Rw7_ONO9&~eWthh`WmJzJuSlq!v!4|LnO|G+c)TZp zRXm$2MOK$3(W^53>7^#)j)89gHZK&%^%Bc8gihR#uBKb!rsv^Mm*6KT?5tudpq3Cc{+i@1BjIB(8rrjD+=pATS*=HV36VfWe4h0;E zrn1e8{HRRzd18n#z*m=v)tFM4Dfcmv#QJ^ZI~}a-F%fHWT+(KrHy7j|(v!CUBZ_sU zu(Q;Tib_#jwBv4|84>lPOW4&UI;{V5TD zmoxYD+AdZzJCh?*#VOKOO8na&okxOlR$`|E*Cq_N>#%o zh0@CGxW1@L%>ru6M*?cuM{%mneG-j@$*k-y0}{_}Uu6{-igp#!R9;2l(O{mCS%~n# z<)i26*w9kdQlujbF_{x#^O|XkrfCfbu1Drr_+NAR48x6X(%iN3dJL^rdNW4t)A0*R zr8KN>#G;CK(+O@Pa#`cOEhRitm_Vt(s1#I`Oa_rv*eC>Vt3+Oq$D@R@(_1VHT_trR^+W(Xn0s66TB%bg^Q0vJr7JX zloySYC*LD8*Fq9sV@Gh8Xok0FPSF53)am0~oMoR392q?XmA*t{YP&nitSn2zA^zFY zTC>*yCIt}@bQ!9ZZYd`<+DG|7B;#EOZeCH{VV#6>Qe9&xDrfy^ZfaeA1fZa(o-BpX zaGsRwgS3;W&MeZt>Ig6P305TwD50E;S{PLee3(fKD!{Wjz;_ty?;z#zqPz(fN z)$6M1mO&5D=BRHSXcI>b=V{lqkoAG_>oZSlN(S19r&ZbT2ouSYKf6ABCZd8G=6JQk zL*5D!fVbzJH{e|0%h=E?Wdr-@K@j1w$^|SnZOk(+vQ~y0-ae}A3arin{A^*J&ODC6 zvBOCAWkpx)uJ;6tn|u?FFBrB7hISye5S6s!kTeJyAZf@0t#O7V1J-)0-_X5W4DRMZ zPpruJ+!9QNwb&S!NM9LP)T~1;JSb;l}Wz8iVk~p`ZPw{KW?D*hwLz=d}$9^ zU+WJfzIB`GT5B-HRNSW7XZ=11~>H z(&!xY`^gd6>~LWn&yx@>kP0l2>n>1wFHmPJ&^9m7N2j&yU@?~j9d1nYe0|K|y~uT! z!m@dhZ*Gyyc2R(6Nkm{tOm|7bdr2x|Nyc_bsCnt$+0y;NB{b-*vhG{exrHyuZ#A3W zYR|pZJ$tK9v}`D_Y^=L%>b-29v25AAY(2MZd$w#xv|=x?;;6gg?7iZevEtsm;yJhC zeYWCDwCXRg8mPM(?7bSAu^QgI8acNbeYX0DXe~xyElzhW!Fw$!V=bk5Ep2Ws<7_RH z=v}tJyC=Hu^1R<^GJ^l>Bd-DeOML$K_-}#E_5qG=4naXag0Ai^|2Lie*Z6P3!gp|w z|17V4TIV`_1;@Y&7dGT95-SLc(bKN9~NNcunTwf}c5|Hb$Z_VM!l ze*yyi|17$V#5E8|NQ^X%l~^#e;@y$0C_;i-|%0*eED&3@Z}B#dTea7 zwstBxx!upN*3|Toyu39tv(TNMJ9Nl@YGc6=D5~fysmf{^i3kdVw$A=>)gb))RpT$M z05HaHO0#iL`gCppgW!Jb(>XwO+Di^GDe{ z&371$kiRe*V>X_L@e@6H<5np%=i~X_?}x13m)B+3$RUF-+a(b(QPKX7w8CQ|}L(k{dpQt4RAW9?4_f~cDUTvUW#$c`2tL*Je z^feqmuETk9*77O;-G{s*c$WUXTgpp+6jC`r0XqJ(ttFp4TAh~{3?recQ^a6qN#oVO z7(pHCiRTxw3_o%tYYJ2Gph-9YadqI}eYO2%C1!}AKbQ=brT8>u5<7u|*p9SNS$y4V zl8ftA)=LK2v${+5s?Y)?zl3=MQWt{C4aq2Mt69h+Om-eU34|$^3*RjU-x%dAlaERT zU30*Y!@V&VOfeA#Zzi7cW!^>XpMRXJx)+->6E1B(tnuVQA>*O)xd8{>V-3-1A*;-3 zggpn7L-2WX*z?z2~yHdvp4w)`yZ?sZ)L% zwdnUZAB(0@r(!}Z8Xp_#FF^O))e%#tEh(Q&_B>5(rjDdP2? z$Q)paINsB=(hI){f(M1r#sHWYvMrqBe|aybLG6dARstY8)nq>GXD;|6c|IYJ!bli&9=ZF!tsg?@FGqly`<`rjC?iwWtYKLB`~*% zS%%>T$7NorXY-ll`AWsIFAyNRURkvuj>oS^iWXgYdGCe9su~08ZDHtrkMH*9bZ@1s zrf+IL7haYgOQjQW=txoLF}%3u>gM@|&|DXTle_k>; zFvvat1_O9H`}|8Gdna%Af8F9=ivL%w6yk*$o9Y>xSn8<4%wXbzk}v_7k-n~?9!yz7 z(MVC*MAZmprfOuYsjmm)6~f2AYp<@Vr)s3B{MW9MzKSJ3%tYgkRQO>A{4fNc4`x?nwNOB<@I(AEu*ur||9!b@BBHf<^xIEfDA) z;Vdg6>=z{Ww_O)|Z+EY7SyyKt=MZ~-n47a#h;xv;;~i@s;BN254`cNTc64{LhXvaE z1hVq~Z6grq9N_K}jsL&?Ram6AeSoXGkF2O)7);nNOwP~V$;sWvRrZemcQPXXu!Dx^ zzcFHeWB#YEO8N!eiT!m@;{UNy;%}AzI9d&fe^Vp*4@OB-{muXm?ymf>JN7?{i~c2U ztgEPVXG6h2Z+ox112#6jbCQzL9rIWDe~^*+OGH^;MU@|>t#s#66O(`R_8*q?_VuxM z^yP;+`UVHMI|tku@E;t^$2pYs??(S0K5+E)@(qw>la!Q<##fa6%kQwrf0oJoRc7xP zIL zDTGj5!44}T7SwfJE1)RY7DX)B`&vLnv0-1uUe>ao{D0@(_ujlWnS?~*et-8fO7hBm zx14*&k@{ZdU;4LA)&2;R@K+_m< zy9R28Xv1o$s4h2KEka?rxwh6)OGKh=^0*a4FV4XrwGDoZPePtFAX7Gwi6O0GC@9w& z2)24ca#1!Y1>U7Lc!NQ2Yc4t~c7q9$@jff}Gyz{kEXX>&eBZ&O8zGFl%yc9Q~y4a~Xn3cXm}<_ApX* zRXIms)>S*NPFT@Z`LwjORq@s$t=$!D4Fib7gJw|dGpfyF)!5vwCQmMVpVwfsw>0^^ zA&(<>LUD01tEcN~2w@|uVW0VX);>*O)aLy?YMSgb`!~=82rsz_DvDz{DL06d7p`s34K&BH$IO#wO zHb$2Rgb~ceJ;}ziff-@cAiq@dye#lN`bWG^0vF9Gani!NT5DB>l8;(z0IHzd zncC3A#0>^I@m|qps;kx3CTWV4Q?8EQZ`J z@>b3i>4B@U9j{0Tfap@gE;y!0*QFv!sMlCm5LMXOC;U?SNV=0gTMJABSIoc%op09lAnBZ!y9UXRIjwOZxdJ@v;7yZj*)P+LcR&)ua)FKISTmXPX zPMJ!idj*w9k0PjqA!4`!HAOIK)@q(sZUK3ETY;Tn4uXZa5TdH|))@e8tKS!9Li*tE z9az1c?dsQx%H6?^uL}zy^GaVgxI;i9W#bIo{IwgH8Tp#8H>~FkZU_(RkJ+I4$8F6J zztwNKfWf|Xv|wV?Zy8&W8t(A6I0slD^*U&SB&h6kVU7$jcd*0T;$nHkOQS)gsHg~a z7h$q7AW(3rdlTP8U9?=GB2#2j?4~YWfRU? zmab~F90|l$#hZvWrNW99c|mo1SPdg!>ka~iSbNe{jh0#G8orq|X%X@q()MK&FxHarPz-kXRWm zX@rcc$wTCK5pBw!DjMyCTS~1;P~|*A9H!i=$T`GTrMrk$&6MgG{89W2h=p`cRL;oeNhd$v(_7tyCwbY(f>JwnPf%)zU$T~Psc4GbMYI(i|Iro| zRyD@hp4R8`g|`z-2-F4}VAN0*RWCs*=+K6VZ@R0>i)4hEEEH7v~6{|Job9vLw&Qi)#-yqt=?`6);EL# zq@M|}8`yjT^;kOVjhL=_gR$O_UT?^$Ps_k>ZF8{IEdso2`>)=ZsW&L*ANY}`&oKUB z|BZ^Sz5Ots=BXgR!Ru%*$hQfwg*Q2aCQUtzXBwf|?`$+_nu9@KeSN*np>=q{H>qEV|MK#th}E>UwLy(5 z@*29(xjY{4Qd`jL59r#Q4LVIhzN@uKfH}&f!R}VK)a7imIqK65*?N6ieX}oI+-B1* z_BCk)F20%cLYvDGY&M}?n0m?fWXjYFHaCV-NL|K5zf%Z$g+{2(1#c)Qw0ix{@n}zH zE8uV#63-zqBpz4eQ&We;&z?QI#pQ-6O2`k`{VrcnaN9ghA<%j97rLcNu9aGVwyRv zmLcW*0%5)o5EK%+oU zHN8^*l2u3{L`)BnTEL#H#0%7tFQNI6_|#PJh~ctW~Arjr5REUD-Dt~Fe$B3ArC+%=w#K;Fc>qlav1jcT+5tpGTL@n@D0*( zZ|L@F&x!E=4-)L{DeX~x9qGStW^FI;0e{8*FFh^okNsbdCh}Jnjz0eu*xg;uqj33E z_2x+YKf|Dm|DpYVdR8Xp{}2CP6&Qb$8%X%Qw%ylZ8>F+s?0j0tEeJV+QJr2a1>!G5@>GY&muC+lRxvt^=0*K9T)M!1zD-zQfGw zNdBwwdV{?Oj3d&2rc(dQ)_-HxAM1bbO+Xhl<@%tLL|jE~i`VXQdK|W?u;I0nMU{XY_1d*eN9J`q+Pzq1wY zx>_F$4`e8D`k9X3xs>$Ko+h2O-RCqh!%srB-`fb6`m!QZdRk6aLQTknOQS)bZb&dY zaEWbPdS*fiVpM#%OEc&bidjG&mBJn`!D?%oX@l!sz+?c5XbqX^`h*%d{raJ1Hj#QL zcapIf|C4Y+_9mv%r{3The)~c}*f?r7#gqrND5i5vEnu6j^Fa8a+2f^~SVz zyN-_ZAKvD8xU&4+`4G1Hit0m9cCGMN4UkNy7<0NV?%$;v6rL{u3$ z_zShP<*Q`^fsmoq3)be4P~@}=hIGM@otvJSYcS9jSuenp5ii8Y#mCYA>>vLn{+9m4 z3E`g}mW~&{09%S%rldM?UP9h!{d8ttkdc+EPYcfi`_$U(6dJv5 zx3>)(Q3w#T7AR;YfIw#e0B^bF4=x<`W-0=n4Cd(+U|1Fc&E62gSiBy0yU;*pK|35g zZ2opU5gL&OKp^EwKr0Bd$Swy1CY-aWO0r{tu{Om^H6Rokx{!cSU2ku8+FR-vQx*_| z3Bx6n>x2?0xS$J@nlP{u6G5>!Qv5lU=kW_Ft_H# zH-BP)8k-Zqx9>DwuC`_oq39Lw=Puk$eKsA%s118qF%mrr-se#5&Fyx05 zJd|Z(^$0o&;{wq;8+rh1Gr`=Di!WV4MA0MU{)lsF&>BT7kH?gZmtk)AdRtsh%oun{ z#6xmPsP_8me1({pfQj63;oG6h)6lGtK{j$Kg_SGA7Fn81GQ3Ar%3IH*v~oBH`2{*aV-~7xEBW{f;fyOAwiQXgvXPRFka_y zHBs=Kj<6RY*+Lseg#qx&=p&#y94UfcuREX(gT}x?6BfppL`sknq2#pLn;EDiY$mXY zP(xF;a0k79O}JiTw0d*1_1Svn-h#@*Wz%?BOeT5P=>-w?Zre z{=iZ@byit0gBOhOr9uf>@I;K7ml>^VI(w5V6=0WpCkV9mR@avz9Rp#ZF`XfeC)C;i zjtj_wv*QKgUftZ=gCPKYQHvLLCt)0uvvoRh%ZdhIhFplOBuWp!RST%bMQYYkT}?SP zBUf9>+^$$p^sE3EfaNkk7kDzYQ4eO3uNF$CW$=>BcPm;!&LfJvj7Lh$pJ)S2pxqk+ z62U7P95CQ>+7SSX*@mwa@l!-I0--SfyapuwaDZ6`nHyM&;M6v01x>`5F$)UfP0JOq zpJ?*iTD1a_zhFz?CS2tlmh*5LNzm&69&;X01lJg10n+2jP%GYuWwc9aw*&tqD!|!H zIYQ|Rn_WH={JNxPHRQS$`7rXn$ZIcT%oEjzu+WpYQbxnMQSOYUV&|a3 zID83(Q}o93kc~y`9cvqn3s}mjyeZX?jCYZr^5&?YsF#CARdv`YPOO(2Kqb6-e1ci1 zh5KU=U-8dn4=u*ACu>X`3>*$}@dE133ThVZ%F`*=5pGtWqG*J-NfC9tFUlK z%8ASwG|9OX(?)E>>*3y^QZbQclNOCg)Nu z_pOENXDxTmOpfpZjqkJ$20f}q<*%5TY%*!`T^{H`G+p&T>Q591ORpmT%3zOt5qU2H zh7Xc2VUb1XepQE|i7gOW%fMtp8z&_qrq*_g+eyq87{S*KE!RT9Lsfjkr#~(ZL1b?;UEcDqKzNhLP$XDH{)KSg@e$+aMD-lUJ0(`WkXya5nbVdHAlA)aW-Qh4oW)Gj!60@hrOi!XA#%9@!B zVQ9*#HGzkTfst1zZcX0Usg|l4wiChJrV6;dT>alt#nqUW~dIv$|OwQr(NC zx&g{smerlrj*crt9QMV$#b`^OD?>5|9M)*CX7-I-%HC}An}bPuUV=CSrj1ulvrnkN zKf`374%Pr>As2wiq8kr7a!r9e8>Rn>LXL_?z1Ujw?s z-i&XFK!PbeJcU2z+aG$$NSO((5QG?zWjSdw!HjS2PDRQSLHq^70f)P^uLwAUq)tF# z_Nf-TeRfX)BS|nmoQj>H^f9Z3)xf4sUVQD+ZbBvaqXKbn0iqQ5Dr{KLVc;)hVs=L| z94^oSSrF687y=AfshOhDaoObGb|W~d9dL<&)P#%0-+uOy;~CH9K3&Oj3T zqb)2iE1WK@6!=|j-L#4_E3k(;Bz`3d(O4^)>X%8>5d~`5s8NDLh~AR4qU@0<08+hj zFTK!wB6zDq&G?pLmUY;XBV}OHQX4d4?W8pgI+JsS64GB+d!YeEtTNM4K{1WR09p*_ zMgvfd282eW??FL#yGN+>`rEu-=(VexU4AdAl$%}6u;zIj`1~|ztc4jN*J7IknM13g zpoUe{=@X{g+Z5446Zhi|6u7v0dILQl@aMbtJO^l3qBhVHb6& za>xr)8Bep6z}m?&%+{7#ELNsUW|_2vAlZ^N6d^mAVQdsgM3mTR^UQhXNw6nmh6rwWrg zoy*A9@)*XZ@;rnBUkhk$QlK~Z1F;XuEaZ36I^|%~j5rIZq#=G1fr$m^KA`9q^2Flj zi1XZ2w2L4#kUK3(B;zAtCQ?0$?k*(UF`Ak*4p;nK&BfN+jN|X|%Yu*@%yz;m>gt}~z&8WITHcVnJQU*=I(7isy<41+V zWK@A!3tR!4UF78quTDx9O$GRSu^-)Ass1B8hh;&BKmaoH!q*ieq45v}iX$Ln7BO9B zHHYaIBNoY$mluoE#HzVp6qt6vCKWV$t1Iem^ppvA!k73g%k#@wrpTL+o6O%p%;^YX z2m~^0oAE#U2W6`gmzr!2W|EGw+>^Xl4ap73|GBvsM9yd{MW}E>o~H?6bV))Nn5x86 zqhS4!dx(m#*=*P@sD;Ei1bhlVLDt!l1t(KPb6Ol@;aENK*wqGOX-@AbSE&F6P>SBpYM_ z&V|*OXMEwMNl5qSVi&?QzvRJ($V8c67}VgR!+RL^VH9X6)#jq2vdR*Z#-L&M$QoS8 z?$P5}WkuFflO`+Es1ZsnWhJFnlO_|skEjY~O_on-nu7eY;u>>>MS$xSwA8&9>NZ7#T_q(O(IDFh5~c8T zBQy*#6}0$PzL!eiK{Ja}W0SQseAx&yvokz-cPt?Bi2YCphiRUI98^s9uV2dO>}8RiU|D16%C3?O7}G2^JIGdi6)RKmZ-g|&z?f(l5CHeounHMAe8VcUEwrH+wMjdT@VASxrQN^dnBc9;Vf zBbvy$lv3iPLVMwXY{lGL#A_XitXQJpH50@h5$*?~M>CE~DY1ZZSf-wcIiZr=gE@e- zJ@n6oQ&JH8sL$Yj$(#fYMv4BQ6ch{&#>PuXWLDYyVBnt>Ka3xgK*5JgG5|gz^1D47m7sVI6u|6vup4{XM z?uhOJ&Oys3ll;q_0r<}1oTLWsy+^%Z%_3744(4D-r>eM|#Qls}866zI!Av>Wb=Dd- z1(ahDypEPpLL|OgRG6VoVN6%CDun5REeKsL5F%+I!kSnvmI(ZE&~_fY$Yau^A-#f_ z2SOt%S7^CXFXns!=D+#!&KFXm2L6-JSF6tYWdI+HSh*CPfsqAJg=Ppzs3;2sk5FI) zfO}PTsP4`f9Jk<`j|!0nh%u~s>2OP#AEfEC!kjz<9SnCKM1d4hI$BE^v{W60@lY{6 zwH9+tVJXOI_OF^AK!NFqfk#|l3fUp7tkwt|(@h%g1IG0sV8bv5!G9S}&COo$Jurr- za|lu#HaZ(MoAh!`C5rfn*qq9&}~ z&}PHW82pl&q2y~lLlAS(Omk(S1>!Qp`$!y-s7AySppL&4D6V7N0T< zX&qr9jszn_R8p%9rh-D!=m%sxvlZ~+#9@W{UmuGir4cc>u$wZcE|E`9VXTm4$4iiz zoC(Y=ffr-!%f#7M0%Jp_Rv#AYP5@F-oz?*wY_x4G|wz6FTV&R&h6;MUa|U)wo?I|K?;j{FLn#Ikj^Kso1k*SI^WxqDA#$kAY*1SW@-ua zBG_21M-4bxW`Ih8oMC&hgHqK!2OnsG(L;Q1(IaG2*p z>{_Q!$a}dbwwkJWSPgzl)@^;3}>t;0tG;?>&(#Txa(?8C~px4GB()y(tcgH6CrpXgdsT zNH1cYSYyvS*6UPB78=s~ciNRMsWL)mAcjb@py6IykO@{&#VmnxPq>&Q*hh5K7I4{m zx0kHO-s+w+y!{@^IR3rDfe9(S?VDVN2S zK;2I63`b49c8`aFNwzOmT4wd$8bP)97+_II7kP1i!(O8HE@9cJZ3>a#ma%?{=;NyVC>r{p^H!<^a3{*J3S`Xw6Uququzs?4FF z)>>6FN1;INsSQk&D0p9FuLAL@Ap?x?D9rW>4Rg3gSxMT#RL{-y0IkAdVw$ml!hdeMPYg*DWWJeo9IE0sC4 zTZ&hiImi!@{CPD6W_Tu1hQ<`31o|(iHig;{j(SD_QXzs8gHt3mKihGMsK#cy3uq`z zr>tmoX_d8#!3{onFr*TilvP@5s=DFc0PS^zlZOhnWUE!H;yZd*NFNw7X);uvXWcZb zJ8Uj@J3pdMuScdwM0Fu?Q9H6WrgJYe(I1goko=)EMnWpdrx9m+lUbmr=OBtu$?eX!EV$v?8e=Ve+b z(40sKm=G)Ggvpkr?sB_YoIFJvypqXL-;PQ5Low12d;?ys)BaA075-M;DPNKA0-)vjupH+MO&ein>F6 ztV38H3v@ud1AO?E=*g1A@G&8tiqcWx3;1D+gI^qSxa=%m&*$@^Z5a+Mg&D9OHHuJF zgArt>a@NM|*`nD@A~lPK9D^~er=!ldHG3&&gSosXGzIhMANK@et{{XIGGdS$!;uMw zm~@!)hA9gCXnJkfs|&NyB?E?XuM@(;(V1j#1IO=3Tv!wovusE|I_?%>{bx{8u{AUx zb2S6Gm9bNn#WbhHqj`VSHe6N>x!1$hr-nz# z(^3qSQ&x{$URlzdCQ6cdVm*Y^#DX#p4?Dp`6Uqri?H<^a+qqvUpI}<5sh5mK*k5qt z|6bs7NJi*{W#wv)k@D3tTY&etDvk@5x(pMlDrCL1D08W%alg*F=kl4R;9e_)A2Qq$aBBD^U7 z@3U)KJJge?5)ppws+*mmu-Pz1%zW#SMiyWLEAiOdg;|tk(uM@IE@b)hvn7}WvY9SB zTbuC^5e$N(jbdStcn&#e5kW{R_)=Da~)SQN(;EYsl$P>=aY z^w1RwLWKQaLP0`5A5NTgyTfwt|3xH>Zc{d7XDKAVQg0i>omu3=0=G%Xtr9A7;gp>Y zOb+3MgJzUPzD*By8A71NNg0?R`Zh!P97qvhutNd|3LQZ<6gOqvbAo|)j&{TpiC_1G zCBprjKC7*+vLbYM=38efXc5B2a5s!z``W*KvslOcD6r*pk2REVALX)vax zXJpnRg=o}My_pJ9j2@9TO9pA9q!%N}lyO;*_~EX}^M_(riXbhvg90x{){%TEXos#l ziPY-BL1E#bEQJddE|KX&5nF|5Dw)w@@xtZ|`6|E!1yWI~ax4|=0t=*L;Z!WJ3ZF+rRDnfH&UN9FI8kvK55c2KfS+9>1(2Shgi0Qf zJiH}dtoHkk{#2r%C`v72>O`>$(W3$(3J^U?%tZ*9fb1dq4<3ofcP{hb-~#Y?#^j}i zoo}YY3pv(#<%%ND3zh3#C7D9HPzV>)Ob6itjd#&2_4e6^xJ0F&_E9MIcmyxGLh>tw zy12zNUL_Qzo+&`7AYBZDO!Zdt)6`AKG z)(X{F+4#0fR{nLM4_ef_-U33;)5)%jDq|uq{Zj89Bu%L*h#!TEyez9X5_coT0*UY{ zogucv4y5^}@K7ZFCiNo{BU0}9DNqv0%-vdQ5sIs7Dg<*O^9#3{OK6nX4=bL^q14E# z9+3uIooL+~pr|EXlcUuQ;l9FREv+g-NPktWm7@H`v}T&c$P30}K#}kZT6y^9u>^sM zi7AQ1)%Y{qaK@IAtxplD9S7hfCWpgP!-Z)j;j0x5Xhxl-mW`&YvbxSH6qi}bi`br+ zh4B_eCw)4 zW7joSdV5-7+L0;@B3F#xsj8L?U>q+P_7fbf=JN76!n8W8wW^X~g*+N*`;7&HXC`BZ zK>g}KzA)RTDXm{hr)nup`02{%C|oO==hLE@iBFDh>FH=WgX&mXWgyCh+XOFSv76y1 zzXcG)5GWNKGL?GbsBowe16)OIdza!!1)Xj}0LMnlrXnD16(UE9%OLL|xdCH)EQ4V_ zrzh*2Y70vcz{J@~B#l7+02a}SloWNiL6kn%kBXuEIQN%Ff9t3<90%b;kiX5X^|JUq zR<(?CC6t4rtSH=Y7mYSyuj0Zn8e+3J49y#Yod*f{`~jPLD)Z$clNOURqxBsTG1Pf6 zQ>I)|b@(t9EBwJGr4{8M20SM{%aEO(l`|=;kUcf(i+I)*_C7r)$B3i>@D&%|TbNrF zf0u@U>FhLYo$)SDsF+q3fFUz0BdfuLV*sj)t;pKw44TZD!L$s->{l4uGAm{Va`J?- zKmcdHRfihN98{9u)*%G|?tLwk!`SK16N)fK1pms##QP5AS_9l@)>i?X2Z0q za%*8}dYQGh*fN9qQimhw?Dq7mMq`6BEyrnarW+j@nOP242#k&FC&$6y3I0}7L0A)Y zBO*Q&H|dd!C|lx0u{A=-KdObE#XhPi281iqaHdMMmy?Tt%%$Waa#*lZ06;*uP*he@ z25v}9kl18cOz9v4ND-!Fadi6GCYW*7qmv7$3jC0_05*xzPd5bx#TU%q0iVNEL)Bq= z!uu%EUSvaF2ORieYk`BTi_Q|%HR|w4hg1(bgG0v{eWVaTl*Zo#bTTj3`2sei=1_Y) zld)Ku5V}@{@)CGi$HeZbxtFxVU|M6?u8i46V@i%8%V3afEt&#SNR=QxX=*v;=tW{z zGg#alZwU5%a5xEWG<1@HtgxX%Od`>Vq9BpV3ZfKpkK&$^&cR&V=4=q`e%o>!_hdtW zJ93difO5l1YinfO#LX-QyNS`W*EBXx?PBj4?tlh>SC>UD*GZd+m_OIM65t<<~&qdD5&{#rWwUR3Wr#s-q?+L5nNJNInvcg*0L|JP7 zx7Qtj9qR>lh3qez1V(0EuSOzoSLa%YK==HH0)sYR*C1-Aq^cPSt8_Nesf9GAl8Tv& zoU{~C_yoDEAQDgqtfZ57bqxpzg1JkK-#g9Q>=DZ0`{VV1KNsO$vqTz{zy)b(^|?qW z0Tn#|Oj<%Yl8L><4LB<;r0kdYo4-8LO5IJ^7<&~q(h3r>g6gvs5o|D_le>ygf`m|P zUqCA*gNZ2ZVg>YI33vOt0}}=q@~}Lz?9xq$q#YeZ#HpkHsHF>pW-&7k*iJRJ4^Wzj zZdr3+n38Z~7IMEa2Qy?jYj8rSAQhHarHl<6Bf@xrD~2PAC+rh^5V;zM>7FQ_iPpfd za6xgw?o<~~LJbLZ-1QE=0i*?~Wv&5bmax+P2udo5Wt}Lg(sNXaSyTinX`%n~4y=)4 zFx$$K3QOrRD0-N(gtwXkBtQ_Xkl?C>N|op5QK&?*&Z$M+bn;V>WZeh_0-GrM#e9#+ zaS8~j^djWRCwKx;=rz>1+Lb>6U{bpUa^b19OIGhL#g4(Y>LjW`SHR;1X)5EMO#R^D_vw z@Qd&!(g6ZafsQ+z=54@Xoj4~Fr2JcrDl1JfDsfUU0*F|t6*#4r(j#K4(Q5N3hQk1l ztgita*kYrjgRxg|B56L!at%%o4mHIq@F$#Ciyeo9jswBeFkg+1^V0wiWSWvrUnrLAmrcF5#C+kHkLb~ zLZ}9ITZEe5A%06KSUUJ#rz;r>mrj4cTn~gSh)-j!I zjj~S9VlQ@lM~@?&_BBhHfdYMPPlSTR3n2nhX}$%F?>AO((_)bqh|SMi%lw@HZTSF-L*u(?}^)NDE6K63j?H*V+(B z#YsZo)`iVrG{P*T{%2d})4bsGHoM*1p`TqKFtm{II&43t$ftq;0;586 zVa5T_uuTFLYH@S{u>)epI6bc!#}4@v_+X*D!p$VEAglqW@YqR2;VI~WOD( zTw_I;8~36vtg4<JNB2ieMB5$TM+nMPU{i(4xgJKesO8XL%hKvnIvES%u z>tIcHvfCZd1!mDCmk)P>YiXf88($lZb<5`D0h-a1(l9{K}4mz3yT{67`c6v z+@n}fqhdQ<0edK%>?B5S=KHjhg2#@7nCs z#ZEg*wbPb1*TzU|8FU1SZKLAE86cM`J*}A94|d^#3R-6&786q>#T(DyLc2M#Yk~(u zy7f4)kbw|!_$iKa2ZgqR5~02&&I;y(BN3L8n9L*Bn23n)D4@L+XTc%#f^Bfs{F6!6 ztl7xE@sq?f1tnF`dJ2@ToM$Qx2a@qFk`0Gy=CyY=yh6V>5I~n8*QiHFf>4{&*#bUF zJw;^R^5t&k1Q8#x!N!3Cyb6jPSGCilu5#I1QddWM^+w&toQK!&npYHWmR79j>sEop7xEP%)~?g4C* z-f*R^bUcF&ON(=vl!Gnm#GHlzNP+Z~z(=!G3%t_3SXi-S%80~qNQI`I?#LQp!k}XT zIzxtHyr(9Ro-l|54I3fm^`M=eoMq4nHp*u&C>jRZv8~_l68$o|MnB5@uE@=<;B8D( z-2i(l4lWWixGK3E7Xu>kkWQ7L^IS-B5zmzH>vcGs*yjW50}3`f;r7o=XyoU@V*wDT z9JA6Fa0}`7XIz5~H=n({NMZYCj%)FoC zcJ?>GjjW7d^HCy(A^o?60Cf-v0X!f$_>K9oU;7Q90P_Gy8Vei_0y;V>(P#daz$l@9 z3haaiFwO`-s8^H-`@3wM>baOKvgKYCgVG^E%YuJ2^9%Ybo+`!|Wwo>+>~M~lLVzN> zST|0LNk=wn+U=1!PT`9}hn*>xM8*fkaUN-r#C#v<2JX{|>Q%wi>+!TdGn8TV+%UV$BtM z0&E17p+QRYls5xM*)w-!YAVGJ<=4VACkLHU#z8g*Tix}Zrh3p54ry@)?Dg19c-^i3 zmY~mVcjAmG9NE|8gohFi_hPt=FhU;7n2me^{BXTAgBau}-s@E{k9wh$4(GF&^ukQ( zf}NQs9S9~=R@GQ)%jV(~6*&^p;{_$+wyfGJl$$F{>gX^o&1ndMsI~iDzMw%1Xvjyz zEe>>l42uIA0kg;JEt^6?9cKLUlP#^dV1@PWSPJUSB)&&k_|b zcHHOjYZ6=qQV3y3Yu7TP4J%1DX*z_?>Cm#V)i~i|MLS;#G{WASX99wf7}vB)fr}v3 z67;^%bho;gX93yz@KG}k8$`w1vEHle2v$*FO96e99t%LnQb?{6 zkq&K~8N(|=bZILTa4xOj6yU5#dkPL9wGW*9iI_DkoGUD1&|#kgimyPBMOxUaCNZ2F zj3=}*!yxXVycHo@0&H%fl5Dg%kdVA*VJ(DD3R%PPBmg%nTG)C2$Pv7g{)t1Hg(3L` zw*XE4Z!sjAP*urL)+kq2SdNxjr;K9_nFjgCe8lYN*wjI1{3^fjZ?$N<`e1(0;S z@HK)AV#dy%QZAYuIA@NIiy)b$u)P8AX&2G6;h8ag2&?_|gX`3ZM&a<&VQe&O%qfNZ zB_ce4RHP=_dsJ&6lNd={?raSLiHe7o_gn{JV8@x^pmM6CNRZ-UWO0=Xd~BH$-IeR6 z@f{4EPliKbX)PPVMb`*Xmt_^|n)8E+cFOs&VMo1?5$Lx=y)&nimnq6!G)S@dH{7Sf zM^s1FDV$!cv)d8E%1$wEa5BbeYcNi+6eAweI^8nI)FB%h)g_%VEw6g00VAM9x9TMi zmJfN!Ge)Sbq@6nYP4me9Fc)$Hhyo}oEtRT{u7IMDQ^@8(=~)zDl9d5unxW@>;gt^v z<*}hk%>rvnR+e?O6h}-5YL_+vq=5fVPYK)&p`}t~pEIN>R2JFLQ-#R^%bAU>wG95W zOi8%~lj%Qnd!)hR~Kw-sizCBvOLQEuyt=b zJej)gn1rQ0g&tyZYz+$TL7F1VoE? z3{1x!@(J&Xip*ku;?7NT5y${#lX4K9Q%ng8B87_Lc=|3$r)OOy^gsv-WDKo61Vb>4 z#DS&kKoguN?O*Cfn00Nlw{6NS3p9(+5C$DOa(ZAGoKR6)Q;W@^$y(F}!550vBDBDd zT#h}X`)+hCZ=#$(U}BxI+%WUB8D{genzW2^^NhL1X}B>fd(YC`@*~&-x*EhRwAqmP z0bvTrQ*DSGR)WWCw;`EZT|Ch)*|+sUz_1yNE!i!?n|Nlon@IO6kE*JIv69E z_V+0C-LkyOv@}SE5cOa^lJ#Y&l^iaW@)2p~6upzZB)Ni_hQd18GkG5VFOvTp-)D%n zRscyNb*|G8W97g&djkpxE(_L6jzu&8l5sj0;3E$u7DYvsK0ZP)>a_ora9Jc-lN7e{ z7$;C(EkrrlTTIHdTB@vC91f~;0~>5X1VcA5KTm~E9a3&hQ@oKgaAoS{3|tu*`V_=t z1VaHjhCKx$CVbQzkh+y_k(&#d=mQ})53N%5l=niJ)LQ~0$!&B<2XxmgNjMuNH=9JA z%CK^ZpUj$-Wsvv&@Kv8F6heRQviBCOU?!s&GH5?St)f{RiBUXk2?K=Ka~ViEFvjW^tK+G0F{B+d0irt}!M1>K4s5AVvZTr3#9~%O$ZfGQ2$8G6q!Za{)!+Jtzf- zFhDmHK>fCqf^c~ak+`6!0`_fK1{9R5DL@Dw9(6!^jz)@413bP)^{p6l(-{&fzQzKe z`f`@D;mA!Qqc+Gp5Kw&yA&TO-j{LPf1OkLtmg?(5@geg2a9-0bJdcXOY9y~QSD1^; zl}PwxuAz{5<_z>(u211;&)!?0#5z02@wBWSqc}Ow^Vm{^T!ES4gkr>M1|#u2JRHi# z=12SwMPX5VGJ>!$-+T#kg#4t7E$a})+O28qbdDIaB1x))1jJhF4VP{)Pp3OPXNPqBN?Ld%3Nka+UL@6-B zk4SXX(V&3nszaA%WPPtRY3K+!^pUNOiU5ZQK}?ph6q<&kfeC5q*-8yd63i>a|CC3S zh@ma)$S6rN53DN$$%q_VY6Tf4ji^N_+IeCA8J)+NBN0Y z^3+Wfxr6jA4kUv@&VfY4719}0Qamlag?wu#y@SE1)9Y!+LYtWm5=5_~QTU|oUn8Z9 z2X+50kwqT4+B2Q9&IqNjn!@hSF_oBCl}8}6zg940rEmi!%SL1KAYhBq5?}&5R-+XJ zD}u6MyQ4gG$m3;i5#ZuWVbeeuB=ztk-n7y0Z57I)&Vca?=`$#VnajOsi%=m75mRE)KQ&7>`9*6l24*;s(6_RCqFCJEB8`nvP%6X$jfc%hC*aot&4DD5*UX z$=pQUP!SotFNm+99XKeo!hw>t0~So})T15gGO)a!wZl%oV4Gi@5ok!SH{{f(W#Bgl zxw!pFOf$$p%Fa%dyk!Y=qI6A{Hh0jJn89n}%MK#eAuibyY}bJ#0$N+ZH%0WWHWd}7 zC4~HLlVS-_d=?2;oVi0snt0Gj#H9PZ2!sTcA?qHrT*5>{794ld78nPr29TFlk!h=VSGn8v#K3`mY}ka4z%$Cz&Q~#3n5khA;hkD&DMwbMsyZkq3(Lz2 zr^7d|7I_%?c91*SVVCc9v=g?{fD2;&`1vn~Km$Beb!2=F?*b6Z)w_e%>(ljF85uF; zevy^Q|02aSyQgRPiJ=0fuk1?pV}Na zi?_=Xzsr|eomMxs-0Nv7$3puXjet+FJm1p1OMmr-OoM#QaKQipG(AQr|Bd>is#cnR zzt5&8l&k}3JTyuC z4R>J3()F1jt`=v2OV|byrT+^+_FpxG|G@l%p96u?(;1CN;s0rdv`hv6$90-MBRwld z(EleOEz$q~QT|_2R-Bz%p&Y_Pk&iRhTj4@JpwCdgb&jaeWT&t9xq9;Qc!*-(Oj?^&HLKn@;`5 zjmd}qk@v-e`k6(;-YCyF=u5LtjC-Xq_1l~BE*#$PS;r}F-I2O%c)#!WtXrQHUp1`X zp@+(MO&$K-b8~-q%=pP;vkpIR{%B+4{=5m>yeDqa4PI71=CeJ`@2tze{m+yBvhtLF zY&AbT^ORpc{Oen@_1`^_|JKfewVo4!CeJcd8UJHH_BVxo)0kog9Nu%LuQX-cg-_n# zf6ATvw{z!y_T=;vZ+;;$Gw(j(o(mqo{fWE{7hkde>=y0y?Ry`wSl@FR&%63N;q`={ zipFBUoS(0m_NUg-Gsnh_EzEapSe3D1+WNM&f6=U8wc_&Fak0)Ju|rIQM#q{O;!K9+ zjkgqyyY1FlhFdl?IX12_Z5nt>?C7zk>l-e2jJj208r8aEv+2BP8KzmW12@0XuyNX; zh9UJ&TAH>@TXo0%`J-PLH?C;M%>84Zd*zXF`L{fGU)>8ITNYckzH_(xjX{q$2ew~w zc}(orvt3y!Gp{PTV^7@3hj+y89P{*(FC17F^LA|MfE~iVv(F!Y(Rq)Id!Z%s_Ghn{ z{ql!TJ>2Ada@*m>x4d!QzCxqzv}rqbo_|K^(;rNoIb^-r(RAmtyIWT;A9=##i^pGd z@@o_0$6k3&(ka!&+FOQQH}k2h#;?ER#6V$DzpZz>*Dmr69p7j0G1K%#)z@4zwcnoA zCyf;L?ANawzhZRO_bVKA7oK$H*wIVR_~DF2{jVJCJLjq^_I&t{!V}M^G+g;uL*K#2 zuM{d`2FAsYJU;vT6R-XLvp06H%g((v=G@iCkDUADc`qzCtnYtMC~L=%lYVH{^dI^D zqCMmLu6uXDm><4;XwUxGf&GrTXUvp^4-Y(M#oirFU!45Fuw(lB?%J^Dt&(GZSTk&D zpFbVibxog@_Yc|sx7Axus-Ajm+F4(&8T44{)N76#{^g?B)3cv__3+>NwY>k)_*J8~ zF6y^@@V8IAH6&(b)1I>r8H6?K^y?F^UwC4vudsjK(5b7}4i)r!+LG5dP3wE;+NrjS z3QoMjalYl-%v1WsUb1Il|CAq|To`lGZU0(x?A-NF+_>q-L9sDIh9|YJSz9pmnulU; zUZOww(s6tAi9_O_d~I{m(w)gMF-7leiCIyi*|RWi>`>wA<0cdp3CC!Xau;4dDF3uG z^~YYNe`v_?eL|o3f-_Auq3t7BmD#+?c%1c{g!C5&Jn_P}FBLTVzTZ1NsW|PG{a+y?c zJ>cx0JoNFa`hK)n9~--0bK4`=#x<8Les|IhS3h!V^bde__4;fSFJ`VRcWxAmBbL&x=vS$El@zQ?{Z_l19dv)_}FcT?X%hCORjhn~9k`}f{_ z;r@$;lrM@|kshQq6_|F=vdv?WVGmW2g36{Ag0m{!R7Cs^FQNa z`t(`U=Y*>@1CGx=BmR;nixM-10eQk)vWp#+<5On=tLs3FnQmkG=Kd zn-U!F^vRzZ)93Z`&X0X`h2i8uLt`$fYWcWudnT6IPcs64I3U9 zU#h=o$ZSXdqD8ltEEYBzE}uAT(=}^Gu8oQL%b^?k57=R-0e|mjJ zTIBvOJq!AuKlXpWZccmh72p5G#>B>)5li14K71IvC|t(Iuw4|rfdo<>`^RG56R`en z%0{RE2y#)1E04j+mcRur(2J7%^tparhZF z=J?SgM~)nQJbgZH-1zar`0?`hiH9GK88#>;KXzZ=SWQfyVX=LO#U6e%=4W)dUth-H z(0lqB(6?XzffzEj@qPNnD&JsiefsquFce>4gq0fw= zg4wqE+Tlws(md2x|K;s38mHBa7=fPiAM~HKi53m!8MY;>uN`{Pmk-_k;z2?G)#2A; zj={kD4C^}#wXI!XG5zV*W9lw>H~)D<+pAY^8gk>%4SPR*_w{Eq<+=W+`aM1=VZ#mc z9(Z}-=^4To3FF_GT)eH%#%YCxS8V@!PV%rtHAx?CxYPI5siR-MJh9=;Oa3_|dH&|M z*T&yhnd&;>+cU+y&J#(Z+c;Ene^_sMsImOL==;HY7j9@M@t z_}!Uft{pqJ+;+;8D`OsiWnjiw-RddEdn#WUcx&Hi7JpXIEGKW9;@!y-n!tqrco=eTKv=gw2Xm&|Lm2-)l2OUt(wx7di?Z@FWCF!1vg!MYT<`(_PcN0 zk}c-Ov%lQvIQQ$g>wbFS(}MPwt~vAMrQ>T3$K)@6q2}D%KRJ+dR`a&!Pu^XZ|C#rt z$6GUo-CmaGN&ozY-5c)RxBa&J%VRd~ZMpQ+dB=<{|NCkEp4|2ASi>#zG7H!5A9Z)x z4a3T=IZ#z{_i1sL9lB@ZjE{fXQ*~9$l9e-;j9Pqk&T%OjZylJnVMxxxOAPtvYnGf+ zFnRcQXWgCg$?kmxsr^n{^T}iXUS9hB$h!w^{$$tQ1yet5&8q&?{Z(CHZ~0yLH|+G+ zKR)~0^$SbyZoOjKWgkr0R`##!+FkZ73*Mc0>DwQ@8DpPN?|kl>1yft}6Hopq_p-~@ zPuDuf-o0;Q^Bqr3%sOeqMdfQ67T2dPaK_${o^XX{^EF?cdCNzArU0h~fmy`%kNro| zJ^6!1e0lu0HRnDuN z_u{J3efp}6rw^PpwRqu3(_IHgpM6~Gh_$In_a+_NTKDo-_bgshJiAgiDzt3N&8ub| zcSicw=AzY)eDdyRme6@0db7T5`{9}Y+5Oa>t9}`M@#^e#?`EwooFDT)H~o0ql&5#U z_sI7TwIBD+!ijH>9y$HOQ?B(tk#Y5NU$qRJ`;+$XKd-DhXVbYO4({-d{Id1iV+-C+ zIP=UWVNk#BEqI`Nfp%ZG1Fob=e+ zqbBX&zPIJP6${&+&sov_?$xcMM$f+Y^&LBY`r_p&>GkznKD;n9@uKUm+4N2**stYa z;eq1m?|rm$-?xLG8(Q`1-)>u1y7`_hA8%jow^$}VHt}uz_xct75AS(x$Ha-{Z>@Z= z;@#n!2S0knN6%-rFL`AD@Lyj1DOq>hgBkUfz~1GS`pSiGE!_R>+t*#Wec1No?LY3& zwmen6YsrGUpBhwFoAvEUAMGyPa`moHuRiqMPugD|c<{_u=X|rN)ZF^e>E#pFe-iKg?8}0z1Ak3= z?ygTaw{D$WSM}iBe_I-pi&u`k!thka7mv=eZCf&__Wn_?UQ;mKvZngW{Oz~cM?GdQ zJ^$~S*@KQVUN}QD`}XORe)yv1G}nbc?fW9}wTbP;YiFJPdfaml=H4)2;wP5%Z`?dq z|8T1Q=|4X|e~s;o>~~j8{N?Ixb6-B|nS1XUKWEI0Ne`dWusP}7_2U2UTdOX6^^^xn zHW=plrfHHYvyJmYcYhi@o1&s!>0wgGRxwETgO-``&IgR_76gBvcr?q82CDh~a*?D|~GzH{5(z3;U1?yXsNUeP7- zqwf52!Q=-=j`mKv_vyEush#}Pj(cbB9I*b)N`KK6Ur(~XvhjvHTNiKNnOSwFfBVE| znocMWE*<{$M)$q1W&Z2pLj$tMnEFp~E(y%OY3=3r+_S5$|GKf8{=Q_}!p)yhMh94`>p1&zIWpeAyC(O&3 zKj4Z>NBQ=<`ks)oV9Dj<^qUsFHS(#CHcUA4p7;X|H(Y-670-;keb&g^r;ohzR^5-M zzwzMP-+iFF?a+!-7XI_+pYL|ne-kWv=eu@|>Ei9*{_RKYOAmgu?T3A#GcC)0nt$i{ zt;_okymRT!GTrXoTaEXA`gWfyf4uR6CAF)Xv}f*^{IC1ZdG+oC7u@YV{{51>cKx-g z@PK94r2SuPu9-h~|KDx4`@TNj|Cn#n&`S;Fn}+UNQoc?z?)uBt?OJvGgw?z%Gb zz1KcVn9??=<<>cxaWB=^g&uqEJ@4imVOjo%FArW;kU#K%x4?5-%IJccrl+32=<1c< zH0)mcVaWgH6aLiMq0pP7r{D3_^a}>R^ZoYybMO0f+u@i^AAdjpr}s*`>uF ze0GZOim@l#7X2%C*6T@C{zrn@u`Ay4joLh9*lXJOyGOn-|FVWTv)@^F*(Yab-CFSe z)4S(xYJP9;cmK@zTH7?~(i^g3T1Ks!ANsp@*}7X24Z&US)ji*L-T5ay`@<7|J8|#G zO9D^t`tbRJ_HUlQ+WpC~{@q_pdi;r-w*U0A@v1)`%6jj$lF$2Z`+Vo_Pj0_)cYOIQ z`#)OlK7RM;%0n{_G(K`&uJ>i@o=+~?e(U-VAHSs_Fucya!@E1RuIPc!9(SKQWJ}G* zHN$rQrPO1-{m^HZoV@ej-)ukoz|C(g{%L#0j`~BZUcB|~FGg*dF=Fuzd)KU4ySO!b zP)ud=&er$(92{}MwEd(U;HSGO)I$UgAy zdBy|fWw(FxQPF#o_GoJV(f)k?74JWvFk$<#lmBt`#B-m>d3TC1Y=P0b;fF0LV~59% zdL*N6cyZHf#iJK2`P%Yy!F%yH-+Z-u+3^e3y!@AS$)>d$tubJ~_~QuI2g- zKkUBf?cd$@Z^XHdpzj<}E>2z?~|Iuyv?i9WV_8BlG*4RF8+?~H%e%dXwLJ!?K;$KY*UpVdk zDbLoq?|Ws?ntLB~oIU+^=jXG|{bcUj^Wr|ccF#M>BR9SN@l|h{jvIOVW7@%O33nNu zUhMqkcD?K6hc5o*=?_yE+|b@$HNNJD=Vvs<&oeB$afW^UsSR`1J(m2;$M*NuZaRI< z!QCIdr~Bmj_twp*U#L&Heb)M)@7C?wbnUrY-#+HW?|(Y3{KfCTere#b^JeN--tqaW zzmF(9#k%{7pT_6^>6Pk5U;SxP{To$v_uhWx){kF&_v^a9B|g3H`0Ot)bnZMbx$wsa zn|93`TsiRBTF<~|->>Qa{=3)Ry0Z1j`}2SPIQi)lmlnK{>-*6D^(#rAJvyU#^JiYu zV;}#|J%2lC^xZ=q0p;b-CY9{L|&H-MZ+!+_jrVyk;Bu+I08( zGaqx$@~%5n^Z93=zyHcP+Qp_NhL26ve|J39a$Uo9XPve2yOHCkjhf(oNT0iD@{Ffn zJK@k{$4%|A(pP3xej6G>h@r`q~SDrBQ`WFjt9{%)8 z=bf_poSJ!)zB+J0OG3#h_nt8FtpjCuFRE#&z2zUn(%=2D@|92Tc0Oj#+%k83?%CS& zFFFwOSmxGGM-~|awZY3Yzt}IR*!Fp0{HAB$KJC#yqjz}HU;k^-KR2(QU3}6bC+vEB zkB~Ru^?jDD7uhO=`@T8h(mn@gzA`#zdurLZi;PcSSGqv=_^r2{vEDz+wYs-GHReC?2rJdOHr;s`Eg`{(ix7~H(sa3=O zyyl{^XO{i4Atw3x*B+f*byLcqeNA_K=g4st-F{#D&sSWs?)!xo#vT0P;GH|KpYzzC zFS=#h-S%|{PH4#5H+Rp$%Sx8*UvbOoO4GGB4_bGwYtPOF&#%1kxJ$-eJ!sV5`wU2W zsrZKVC&oSe-LsFTezwAP`nFdm*&8<;nmXk9MYr6sU`%UGO39XMt~!u(?7gXfarS?0 z`K8x7?-J5B?XjQn=?(iPKjE6NarS!;j-7q}tVf>m+&iMN_+ZJhFCM>XeC(L@*DwDd zplSN>-@69AcE|ne=IopoTl2)T7tGYGeQDRzyKeYA>Ft0w^Cy?XalvIX_kLaWo-sM* z>=S<8x1rC4SKa$f?7`aMA8p8a^Ah`^Ta(M~{N|nEw~x8?8RM6S9yw>@>`AlC{n9GO ze3h8_NX8kTe`vaEVcQH>&df1yd~jUo(|P*G@5>Dyj+v46#Ma%{eYs5-+jrgxhS!$6 z-<^NokMFilU3C1!^{>tO{D$REl-;!Qt=I2*^X13){b;vNu)TfS?mI7R9r3}x*I)J5 zm$tk$>IBb^d%Qm{-dDM#?v+OuEPqc^x8$Rmmb!ya9=vSGi8o$;;^1deO1^x##r*Y^ zrJ;DuqUSV|H?&`PPWq?$4avHt7g)}CAUk&9_`ok0?0N80P4=v(U7N1RpL^zn;?%!P zJa6l`Cw!AHShjgxdC|suU5^SU|G4-4lDJo2U3kj1dkqU3uO52qMYlXNA@8aG$KHQ{ zMU`al<9Gv2lXK2ZlpLBICFh)TZgLKim7H@1$vI~Pl$?_Y5=B(9pooH?ps2q_XLiTg z(b*l{@3Wu(f9|8e)3BhM)zDjdE9{)s27`{a5@dG1-2bx2CsdlUOY3Zx^@;Px^BdF0!>j@Qa zDk7OuPSx=#*|nS!(t-Sa*ivCZPL5JM@%PAckV2% zWtD!;IJ#{_FjQudwmh9F;?mniZ@kG(j=aXEfvN0X zhZ9{Yjp0<3`A&IkUvH{gL#9CBL1L=Vhkez-*`EpB-#Zu;aZLW&v(yvpfW(F4=r zD2ia0YVZP)IxWN$0@n#OS%1ICkfdr*Dqcp^ED-Dir}6BmpLE1cATtumty5ki#?}Gw zhHd+6jFNTKG_`8>T5`YTOmY5BvVrH-C!B;_a+xDXE_8aM{oZr>AIX{CDI^YTBlr~+ zP}jG;8RiM5T&rPc+3hCNnw}Q$(<;O;&v}&!Aw%2krTg zMS%aV)6ZVu%ocKUBPdpZ%zkHf|2!5`PcXy%;mL{?EgEDE=YbS^lI?lQC%{WhdvA^H z9JU;GEMFVqYFdk8$bKE0x14!h;PA%NiZ~6D%Tk??%NL}|?&8N%U_nH*~?Q zf%Q!8u|xV;*kj`|?}w;*R25!5w=0y9U*`!ktGm%4b$$Z$3Kcestyh!M+QZMNCk4bV zw91OHT;T;gVm6=H@2r=5ruM{e>H57_sgdP!xc%NplLy>r?;?2KMMCaU-=)2EUj>8M z_0g$Ch|0i%Eyf;UBlf=3O6eaYPbjb(GX&O5d1QIlbTNA#a3^&Dr^)xOUkfUrtCJG5vUOH2d0W znGgy5KF^_s#UyevQ!}f4AAy~SquL;^Ji_^?S6`N0Bj~0~dRvM#9VUkxjg~1+134An ztu(3<56%-?-V$x9k8W{1&5T3=nVN87dw|%RM&-J(OwmpWZDi;VQC8jeUQ)&p^14S@ z4ljWoWeh94D7JFof2;Svu#qrxpur0BdMp@o?A{F>ESz{+DuTRXIV8wnxN(@fIntx5 zIognu+dWG5n-R0Ab8E)UJ+}lN8P=2f&|b%C=@&|ps6!!lZoNBaIW|8ZvUhQsbgQYO z;nqjlt4$v#!%nZRI(VLzRf|BR2CB$cZs?ar`z@H=)x4b)Q9FO9a&;zR?Bx8p#sjJ~ z{IO^EUO3zwEE7;VDta%4WF{+?yNE~_r&Y;4w)jMO>%ODG`>TVB-M&v`>s?!dQ=aYJ z-+4!pe+Qn|*Pr7$7hOSW=KJ>bc@9ra8Zl_#(}l$9mQUV)D)H&PdgV!@NlqBo5R$>km|pC#yS+ps01v8DaV(5uO22VQcwwyb6? zXogH3Gj9xq~t)o2ffEsqV^Y3!;kU9WZ-aWnm26jaQ8wH_DL6>>vhq- z3d$hSTVS5o<@(qyOM&^h7NsrVb2A1CKOmcDmZzTVbOSb=A6VZIkw zN;>ZwFV&lq{F3C()ILGgd#(=y(jN>y)T=+I{y>LL5qN7=WD9lvEM6cgY2((b7O15t zGmFus(`)Uu#F1!O|3?5a_wiD^75pL=$aP-Px6pd*P- z7T+y5VM?@_jER!|;-Ni(wR({EmfpKhfJmlI*O$dmv$nFUO{5EUkK7fIHI~X=rL3|H z2D0_3xYIUfs6YMKmT|$x?$O*7D;V*L`Bja(_v+gUP6pDo7KVZ0HMUz%vVm+^XP8sHVKWR{D-@&V!S{qHW2BSXbwvo`r?3vI_d<@&i4I0O!h# zN9sjJwVYjDlaRQz^C~4^rnLxbC$^j}Z!sl!?RBvg10Tr@qHDTKQ_<~wne|Tq41f;b za|G9dE{)VAcUO!p z>Sf9%pEh54sGDdj^HwLCGGs1Oa9d`rW*AGnc6{gIV=K?+b=BN80U^KBphik%KUYvv*p(o8C;aK?>0n7Mb% zmtUfDR<#>`pryi{uTKxxis?`H@Rg`;PfLp7wgEelg(eO}Ne~Lesf)^6HzUb!{x8n8f$6vi>NjRpq4)vjI>UOv^$ zTCXw@Ef9BqDi3M!L&{Lcdbdz&?Yy=F0Eh$cp= z9+EM65)vESis%s^&;>OGeXu=LFF1LwK?uKoluM$NH_l#>rq3>7qs{VqV4NH+|4cav~0j#b!eFKSUA7Uhkv_BSS(lF({#V_Exig-m2H>&32&V%Qt zOc-SCYOOv~zLkYuT%MyD79JUDw=t(9rMK2yF-z2X zrrLYMwI=ZS9iHGr6OocvLW3WuhY;sB3N=F9?!@QecHb7m! z_pRDqt{x%7AzZfd2P1MgDBMm6GDwLjG;SC~11Y_1W;m7fWtWl%q~yFq)8?Slw*W$y zKJ&h=rsrpqe#cxT{-GaBB5;oz#WxW_lO5y@FM07vAQo?64aOTE+?QJgMl~7njN;NU z+;umi+BE8~@__pUz{z>*KuGf7gZQJKps8raefmuSw*!Wh1om3{DfnOkW-iN=1x@A* zQ)!|COM_>o`z1&9pQy4`o)pc%&tD% zXYZ9SWJ5}*8Ec}E)!j*jgp#D6Z$fGaFYqvDGe%U2Wo4d^ZQP`PpuV#W8cMVCTV=+9M(cz921O)wcdhFKzlT`o7x*`P*!r( zk4qsanU?VbpF~wXveiR-S6K0J%eV8uG5Wxfmy(tsx=C4ubT}izj%T!;g^Xjq7%vD~~>d>AWp-x3l+TAf67D6XRy7DA} zBx`D)0Hit+dhpJhWr(x4Mr#t*0+cK#2uz5kaRe1e?^}GFo_RZYRVP}Lmus|GE4&F2 zGS$r+zknX(x)>Zw$~&@45zm^XP#F#y!c9jvWhu$HuGvqP)#i&<$6k_0q~!U=gm6IA z5YfrG|G|)N#5R@3lS*1fZutv>TK4g7(jE+72_?swXk_E#4=k*!HFy_nPI_Mi^R!7 zhhzqwuM(ESl$Y%EmcTDZPX=W}_HLB|yUU~UmP%@~o1P(*S!k6Wg<6P9Z5eHT&eqVbF(4_tX*h!dLCCCvK&h-e<`(p|Lc|kC4dS8nv4W)z`oC949qF zr&XUa?kyDro!_&9l3hS_QiBY=fd?e!!$<{J?PW5bStOnB*v>L6TU@e{_}M5&t2Vgd=RI4V3b zMg?014DWzVLri)A8A8R*U^@`!#=}X!w4#_7TyRwn0Y* zr)PdAklPIpB8<>0URHr-((6gJ7V30z7;XzVLu=U_7Nx02>V^-+i%ha_tXkjPZvQY8TB^}SvKoB|B*yL| z2tm|j>5OPea|@aTYSVPc%wn~uLr^$lV$#uTAN%cX|lJKujh$Q*lhQd) zXL3^Srforo=ND0e2qod=?Bf`5$0w(68KhN60WTpmYsc!B%Fkn!@GCa6Kx-8~(#zuM z8h+@1+G4`wj-BDzwZ*dSZkg58sn@nIQ%!Bqcfhe$E)%aqgw~rgna5(c?pF#f6u?VN zqd~3^kkP!3R12+66|Fdf9`ub3?-g=$uLmfY+2 zq2|16P31rZISU!9x%Xzr6)bX3E>+M>@ho@L)1Xu-8vPB1y*Jnmh(S9y=syAPMc1ag zXd*76YseYSIn5Tx8GkXDE(E$g)DzTyUs)3!p*%9*iw}*lRwlQ3<@Br!s1EQ(hZaGD z#(>Ph?8$J5t8LC`*tPP8l~u_MJ4Ng>yV+g(jvL(Y?M7okh&WlK15UXXkiix} zAArHN7BrNe=*B&UjR}39d1%ymE;nP7XjWE!jrziW_>C^Rq8No3{ac_OI@N^Kb~;D@ zbRq_k2_f{z2uLgCR=#q%o&$Xw(9;T1l_#u7O%V1(b)T1y}X_A zhgi6~zp*V>youZ`M6(XbF-YPc@ zKOIb|-y8kVs@rX#*ip8n3iF^dFAycxK5xE{38d_RJS9z%M z9uAW3OLE8D+{n0XpV8){A%UAw54dVhLPl^3v&d>2h^_Mp@YLeS?Oj4K#H~`yq2z@H zG)!Ru+~O$fh)te|OfHRIns-aG-gi?>_CCn4JCwpx<54kDMAMiCujNSwvL9_D*K@1} zIaIc}u!T;ucEqSFosN41zAl(M_{I8iUH&gJ$;Oj|kvR#p^EljsH4NDg{8TGg$*Md} zIJ5}Zv;}(SJL561l?(+iQYxsuD){}(yS&!ywX=$e6gqNtdJx~EVwMJ{FFiuy@>Epk zaX?X4tvQbaG)w3b5TPYN2J2Z~eOTr`LE6h--nHFoVDVh1bbWTCrE5 z*lUzeJlwF0a^tWB*xf8C$g?RO>1%@B}3tbK-4 zI}%`=hT@plg(~{|^%Bz#hX=)N=bL)~>#SET z1N$kJ2)4OfFHeup-m|mI$w>PQf&>A!xtOM@50%{>JzS*%!8Vg(AlT$woSh!Oe2r|C zd9b$=8hriq&FSUN^-pN3GTK^F66!J#c20!L4Xv=v?1&IhulL`;&FqB;#HRPzZFf1H7(l zGfRf(6QRSQuyTXwOw%(mv$W|z+~_Eh#AN84Ae-!pN>d^bCpsCiq;2QRp42XaM zX&f)-8u6+K&&fi|9poK&pBaPFV%?hamLhXZwMrm3nb@uVCKWsbzWVxW!enhp0k+^G zz`!7Rolb$Mc{7-bVJL(30)HZ67#@U$Oo!YqPPjFdWhwHwC`CRBh)Ef3uF>4KKTlu~ z?Yj<^K%y^{N|IH%^TvL$&V(wa0}e?v;EWTk{LhyWaeO;zKR+R$pukrFPgR##h}QCF3znyW{nO9-pvq*bc?DKpc{J zU`$?uXsHMloILS)PDVflIvnFkvAIbwidIo1n9jTQE{z$6{z&*$_lzY@0`*rQWNh(l z3qGkT&O{Sk^ww+?oD%QH1owhvMgU&a83`Klz|Eylq!|f3fZk%Ztl)A{woDSuV{ahp zrgF5T@>L3y;6y3b(X#8LngUihRG=k!MkbX~?OXu5co@9WHLhTIhW?lsM0{=aN*@X5 z^SGT*i~f%6wE*^>W9#46+c7wPesFt-uGE2JKuw*L^jUBmL@IY6%+R`9e@Ipm9;e2- zX@#rQas-_dy?e6-DHsKxP)KHFOCB*oH5lJ`L&i=6kpT5gda3v3a4_n#20DS)A;o}C zRF6R*^JEFy!BUWdv3`Hi6)CF^A_uRoc)_8hGKy>aD+Gt4;2G(em+T-{>cTUNX#k2b z;SEs(nC(g=*261W-YqDvr6i+^Us?Q%M6@Jo`OxJc%JWVCAs7_DW?2!Vodv-m7(#R$}D0 zYoP#+DZsTJR&ldR$9|M2TxZzwZsrL1xS7c%k zXCTj)CGV2Hig0X8>Bp==&Im=`5|JA8d@q3j!UQz9BiM}u(c&Y}3#1t_M%wv&iZPCE z8nUap>Te5 zN;qpg{YLK9oVs*?@WDYXC2aLId`z$w*uo#X9}Jjwwve!5&IV^HBFNkB3Ql#MuV`U( zau%Wsh%`a{5C|653;iB}CG1Y}^+pOYp3#EE_a&O8LQTgNW^!hDpRQ!sBddpzvC#z& zWl3(RhuSwq+efgsp%;Y;-`iMhzmdft_jk`#AEy z+7tg1=YM(sksIpr2r$fEgq{C|<^NLt*Vp~|pZuEtGb z=g)7qzf1fn68J0r-+$Qtf9C)F!TDb;M0g9`(2W|34A) z|18KK>%Ww))=$g<{Ga9jg`NNB;(ET9ZshqBUg7)WKa4_v z>v#D-xp;YDDIxxj|NjKp|5*_n|GiYd99-;N9NOMcu%fpU7%T{ea0&4W2yt`Qy?dJl`q(caHOaNIUY!fZUw_KHz`osa+;$ z{st)TAA|n;=HVZg%kx!bY|Qw1U`eAd(@tCeaklBpEcIsA7WPhlW}mrQI5}Z?s$r>n zU7*%}u$uF};;o<6I_L+U?J4ioJq2D2S!X#&9_Z=v{zb?DqLtQe9eFy0WI)JSQ^gAVU z|A4rhpf+AE7T3%!|68~^UDD8ey9(StAgr%|U=*X@M)^y_@-O}DD-=(Ai|?TPfY$#O z#nJ<6;Rx&9-ocsO~&sJy;0CkqPk{-i!<g@p|bo(|A7v$#%(8j|3J0L$vV{M=?YIm3+^=%}`U$NHyV7#+| zLai^UD8GaBlk~|B>f{C^%>EwI4@`Ey)!cs)Wq-R?+&^g~ceL>Mo-T3!qyYkE`C9nH z_zb^YA)cS4wazeF>2H{%p9i9!H7U9L$td)f+>t-%;FnyXHuhHE7TnL8ls-ER-_cm! zpES_HctP!`|=meGrzQ5zXSFI zb@~^uKb0WQ4-6Flf@XIaqH(jg`i^G($W-_*cy6vv-{~AbGE4mv>Jq~YX6|`AeZ$%K zJPiKGMD;tYYp!13G$k%$-hbUx{v4#a?1^?zSls$+9`HXJ-C;HR0mJ-jv_CVFU|2se zaD0vRB}54I^tAZq3<-n#0e9eQI3K9xpZNqZxF68!f53UUdV87u)^#(31u4EYl0bxh z#I5=o^Utkz7~0Qhzt1)N6QctL^#e-q>*Q}{X#tD#dtB1Jn|Zkk()E{86mzZ6FOrJeo*l&|{zXD`Rh#n#Ld=Gt!(FaWl)$3qRj(=C4hP@0A2o zlkdFHR}#Ml^W$KXBoCJWCnvX=o!dW0Knsg+zslDp$1i2@azXg`1Bu*l^=cU@9+PB#WP`KKVO~y{g{7Z|y^EI}hZf8e=78}xd)ZrY{9!NoKiJ#QD9mlK=g;=f7dczxn>w|9@Y=Kk!WsRUhcYpso{9m+x%>MF>a8`><@ z{mcMm6d8nDjnc0%pX;hh2pN-gT4gfJzY#6cPzT8Fb`6Hs0)3U5&6LQu?$50anX>n3 zX^6ZNEqhy-s=eP;kQ_ke1g8$*GJJ{&XW*ZiI`i?3ZW2Q--eO0TR^C4TZGU%d-L3bi zr1uKDUc8tMFXX$Uq0>lOQAokibwWyBFl=8fsfZ_N{3h~-j{qV7j%?*E7?JRqe3n#o*sO<1 z_QB#k8^dXDVWmQM`qJ{$r}+)b*VX}?;>2%6$Kk}`+vhy_JrWy?Rj!-nka1^bn6?8S z+p3Y3=9cCj2IH#$kROkA0dU(b8m`|I{oo`=;DT%$bh?u-X$H*fiStFT<152e;@fJ1#bkS~BqK+oT9yE#XK~0& zTpHA`%55^&?YG~HejOmk6T6GB5)3YaFB;ZH1YpBD)EmYDfJX^301h7jCnHh9j3Og0 z4yU1xC<9bS6#v}cG}P^4QN)1&pf;R_IL?>P5WZw}h3N`l=>)1_`hq1)GD)kc(c|eO z{IXR(bSx$9u^#o8NJ1!E1pbQv!5>YKTUz53@Ch?)zfO7;%z?KG>1wT>>SEcW<_eWPD;lU}~->Fm;m z#0!a#%2&6OgnT@#Rz=e+0XCvp8oOnD#6ukptc;^|wx&}x`y6>UMkZ=C=ilo0Q4ppZ zPX^<^*PalEM|o&;h$C-87}A_0AuLfJ)1{d!Hmrf@ZK6JFx~oL+K7jr6zW@3!V&}eR!6?}GF%pp z8!85QE(jI6EL#(nOx?44Vsff{g85s%&G)a27ZhzljG>ky9?sfa{m1AB*P!DO#h%+< zg|sD%t8yVaEK~@OoLKeU_qn;I4N_#%t{#^>8d={e_2|~6>s)(+f7XAFFNBpc7aKym zMJ@S?EP{_K6O2kGBf~JyuJ7xyl?Xk@B0<-PrJ&WmC=hQCp;$!049<;(u&naoz)541 zN~t;~hj?&RMii%&ImU*R-_GIGNkQ7d_r?wCAnXK3R1@fwsWXDDrusEqQX2Rjq`I2Q zu5kfQ6V9r^E=@hcq{-TutrYFYAPj!_c{Eg~{bS#?2Clgh=wOni)e24_J};&dX7QFq zj|!ljHO>dFmf^i0gf6bkJ|yX71B0hh;^YK7PtECV?aCyIqjRinrlET{_t4|FI8x+C zIbLt)%1d)Wk6ClLWMc4xZp-GO?-S8yI4(UU*R=q34{ZX_F|hn0{h zHIfnD%DCl$Ek=3m0cUH5yE}xy_FyeivAF9>k@|k5WqU+2C98sb1>OB9>hKP?Hwvii zy7Cy4)|tik8NIexM6IAaSeU-LW8;b9_tD-bzrgI6n3T^b^LvtI_X*&ozDEHdEOooi znf=61a;$J<7T z<`2|h(FN79*zxk19LRuZ!orl>Umd#p9;}Sirf<0U`Cdt4NxF#;zb#0()j4g-PZ8W$ z==r2N9#CvaX(%fkm=aXWh2O%W9bd*{F+^>GfFpfKg?i5aa_IGw`-S@+-+dYaDdWu>y<&K(7Va?yWbG; z2m2mcYB(8RO+YVTN!ju2G7c%P;swi8dIRptjWZ-Upv$;uDThYCbf6T#^r4NKJ`WVR zW{X6BlPr6;|dAuLgw2&y8H<*Ehmf+Q1Bv5a^3@`Hkq=0(MNGoJ68_K0PC z8UA5BPJmKRaCeg^d>Qu;E(@!#7F2KsN`PKXpbFo8@YEN!gZ$`VrHw`QTCBw-xD99J4UKN`T?YyGgFCG*NdRHys; z-d(1Ia<(Uv+)pO`u8|wv5>OHQAjWa_%Sa4kiUJ&DSAuW#HNCh+zFY8Ne5nMyl)D|w z_ZFL3(K)%wO`n^(1t+9`o_#Bph}zNm-mtkL{YU3MmQuXkkh&{XI+c!PAbRI8adnHN z>vqTqbKd%0(}*m3NZGjbH^FmOq$#s(nIGBkoji)HsO9m}c2W7ZjmJdg?5MG~i(TM` z9cMFo*DKWCrz@KiYtNy1cI-MgF!D|)9uD9!to0+&3S9vn3R=gzkdFI#$}XPyXU-sT z-pHnqOs?A^UG1uxJ$->Oq_Ti}HGtNWMQRcPSt#0hKWjGN)er72zcUx!GLT;E<`Oee z6~&U|>Qv03mV(ouh0thy6+_!O7#Q5IM}Qowk))}PB~zr9#(MRxSSfICvyi4yB5wv1 zb?ny%G`Abge-!P}ubqxA&Y>r^jcDm3{48Xlm{udTLBGDAaJE!dAHq8#WTlSQvDtC! zflIow=W)TPOm#y9N{W8gtcFNjitaP@=b=`y4ZaL-qTZHl=FprGxD6*%xV{9ufgedj z9=}+|oQ>$UmaB9NL2DAOAAkFNwtj9%8q-7h3{0nRMX~YR61f_bek2})B4$2^+DfCG zzceqqP{J=Ws#?aGJXVsoS`?dBfYj70qtZF5@^SYD(6@WwS)`q+!7Z}e)yTp3uVNyQ zV+VuqqF?uKUX6Yh28tg#+(Xkadg!mYo%R$b8auk*db<{3{*H5;$-{uVj3Lp8{dCnv zxP@i(?<}3W(L0=rjrKc`AaFAwGmOJ3am@}L{!cs;ZakyW0gpcn&Qj5CkezGy&{HnO z7}ZE<%p}pP*?hbwoP*~?%uQ_Medn|rzIr2gM?30bc$+RC9P6~o~=uVI_Hvz2&(jm zbXLI7=(3RoL$UWJ4|e#lc4?@|QqrL=)H_`I^V^9%>I@NiETitYM1aShKyxjFPIOGZ zL-ngW$t8H{ri9O|kk11iWxdS;x;*JXkz7n8!pSR~QAMX3ZjgDjm@s913o-G@la#%#QL`KvEyHCGF%N{ zE1@AmaB&cPrAZ@=r)+ogB{MnleIJf@tqc9AK_8;Q%>+nQvYKb(@IhNV$U{6rb=nD& z0OaU}PXI18s}yRSW9~@P@E17>553$NRechobF%?xiRCEbnFs{hmWNLXV7xeNogcOf z#@`A#Yby-&t4cOFFc{<#bVhHIH#yL9iANKt3a8};H!7PWM}Gp?xr|dGQg|9x2r&>{ zak4QNzmO1rxb2!YYm#`hIm}jO=nPuFdSrc+$7ToGBr_~>d7LnI72ncoeK-TnU%Q$d z2$$7KOB=%;7{JBhZ~ICajaHF?{Q-fbzEzE-$-I3iomI`sX;;!axg*i?`v`+8pp9`C zVM&~n<2+P?;{HldG$(-7F&BJBYq)m{T}92~r1%p+nU=(-kn19V0ggYTmA#9Qfl|+9 zl3z98T0-xE_Sy1~aYunBiM$t6jFC-X?q1kT?rnEYS!Jyp%-s4HovE`i7m6LDxA;9= zGY=OE);rgxt_=$s+sh8Sj7GXSU1_Kup)aWydzf3_311!BHFoWEtM~EEjgRt9l!bh= z0n+QkN8jiZKx)&!WE;T3L=GTM?Gkx)<82+Ccs*t@ufBOm`{ST!I;)nb@krF<7zMJwVEj=Vj5Q>-sADTTusiulTsWXA%S|2KMiR|QHyBX=&nEe&h5>R z;18HuHzo1yu~^p)(#tGVW<*BAWCzrqV6@^Ds` zwxSa64T(rIbGBX68~*k(3iS@0Q2J@`nC8#z6DL23yCCe2=hfdQdm zewj}K1gMSeLO7xkI+LGx>&<^m8!Xt99mZmfvbr!m64G#g9?L^-BT;uj%fX* zVqMTGrp`sh`3{{8h_}VzcJ6f71o$%~UTwkvP_C|L-v}#wpmtXHecf4`~3gsFwKAa$B)K;;e7!Bgc1M%Wc9xk|5XC$d=>v~{1X5D zN2C=Nw+6uCzaTgyWLSXr>%cHPEF%1C_!j~37x}}2!T=l~E*>H_j4h3Z01P6OfY5T& zUxt4X;1E!d;E}$35$-bli+dUW#lyC64}rygHG$w_8jliM{AQ`SqtHRCAw=BEhkkwF z^J6%$urC-c1ea68BBi(_?CYTKv?7D*wTnT0k|B~71T#gB;I$Xw6YS}!jRl4)ahVRs z?l`scVT!%U@OP%>)e$%ZQ*~YsD`!6+8S~hg^y!)}HQ|aQqFhcYW=1h3nbJ}Y=&UxZ z=_1Z!0=LcJi$Xi}btLL!m+i(>%AO70Q7Pc@FtKGQam!E|6yUJav<>U(}Y8m2a_&wm{f(BJb!Xyz44#%xbjolR=DdC_5oCnWKgbj$biF?l>O^X z8)QHfGCmEbt34TqU%vf03P!TYH+C;S<@GMcb}|u9*Otew;iey7);?SHh7JB<(eQm` z%OF~;6nPf3%#m1Dg=Jc*D%M13O2q1HR+}STi6Au5>BYvCha_od`8JyO?_VoVT}(>1 zN+S$p+B@@92$|}mNIBOP9*Vn~k|Zz1C7W=Eltp2sl*c(@V*04xFGD~e3>ERIAfx%~ ztM_bJm{lyQNEgi-gd!7h!HJkI$Wz!SqCWRF?=v6jjMuJ!c$36Z$Y0%sG4iBO8no-p zYz9hWMA~G<1SpWFw6s^JE^ydwGrJ2)#LvA}S2B3wCVx_jwXywiTIA`db0;_T#KyKE z3oF}7^oAcwES*)H$okQc{KHqD+nZk-ktWm2t9huxJXt?)tj6oZagW{=tIr{ zrU{|l3tXYv27A<(?7@g7SPnQ`*Tl&KCG-+=tDsX?$KtnV!?)>-wX@p|q*#?=06{Sd z)$T6-^%5fQYMw>3w7mw-QMtMDXx;)DNYsgY@4H)%%4$WD*mjddbu{}ML*k@2;Z;f1 zyqiS}hG)juR&#W_LsdiW;UqDA7>|9QE~=_zJ2ZkWZl@BGkG@hWXmO2om-Pfuik;P1 z>CWJ8+Z$Gc)yH(w^^1A-69Tx)BmlohgScFLVcHiN8hJ|L?xAqhrT6`7w~+L2#9X8RQ({&a=g-k`Lr_Qa8GleU1$#2rrP{C4@B1GkSI5c zi|-QOvg0ocH=!rXfRo{zS^R9Q7_upPgYw>KbxQe|X@RWqS~%`hRGu-7F~&25+07*U z6i3v`6b}cx#cir1-=yc$F#@-uQDPpxred$96IGVSrIR&(t5n+~CXvZdL`t<@KY>Sr z5gC&hA>x2nq%#{wQLgA79?4jk#IwqoWctxU+ufhWZHp(3j?u$S@nm3NO-o9n^F?<{6 zo8^|%O?dVZD)!P}?Am?D|4Zi3e|x(9pDX_-+kd~$SMs^Oe`f!2bN+7s4>u<__uuy4 z|C7G*@7RBgf4u&W078M;e%=58uoY(i^?kPg(2Dr3ceeQc}`_85!y685toEP6*`J$AyKztpESs{u}$_^?wi& z;=io_Us`%VMC{M&`apQtD&3b09`*qa5Sy9{7a}2v2%^Em2Xpff@Ln2#u+@L0e;SG~ z0}uhWMW7fL8?0dw;-1nxKm);(^Z=%EOIdm1UT!P+waCu}W5a=|H8{m_BvSC;0Pyf| zK-hkOU(8gPElJH~fi0l{vm=X}2f%Z%x%@Yq0iLoUzrzf?zJfE+&?9=+(Zz$KR*Ds| z41q8t^w8}g)TG{!J)vgXM+|L>1Tps19)MU9&hHmC8~)I^__|)>wtwErOr3|E6nI@k z5k0}7fA*PaLDb|;+ZNH%Jdq>TNDF&8lsQ=*A(1vcYSq^pkE-&Gt~0F(kiE8@o5&ba ze)7dEx!hJUt9n~9o)LZ$BVf$Y z8supmCbMd+loXY0$}hSM-XVJwm@+f#doBfmFWt>l+AW#k7B_e|eBeylQxU-BN} z>9ykD{lqo$je0UWYv?*#P>EjJbWQzsivdUMg#V3m(}|0l{vRl>6|M#9D$#$D9n4~b zd-7!w;&NF8E>K0IJPk2_xvb&d7n#7UHn<)%o&B)eRx}q`hx^+ae90Wlr+#|1Z!qFH z_%o_fpRZg@a+kwBYZ^nWlan8I37_f`G2kh8MXWN!5AF=J*;|1IkRd!sjiw_bA2#ka zOHNeo+N@Ev&SV8)3|C_!xj9w%jy|5VWPm%kKap^Olg7tfcgmGEicqlk;D~Ys3%gx% zAN=+j}+qQtwWsI%{;qq}a@(wbtb@m$f&}A?s1rAI5sDG!nsbA4)!$RhAC!ac zEI{VnP+0S&)nKZB6}x@vMPiQFgEcBAMus2VE4-DdaXf`MWm-3_2oGD>(5BPAk?=coDmvFjsBhT|ViM)N+9nk?@}2?ii*+@JPYMlmoJ+9-c_p*xQR6H`G>R0xX;k zKLITDcZEBQEvE-0dvZ}fu54|=tfvr6aTeDsY|}-pUAAZ$*}K8~P#iAcVDcKJl*8H6Y!QAu z;u{(Wu6ADfeYoWZJa3}cCT_7Q;y9ev1D8L7vCo*7Q&GpNoh8U*i9;HG#kN|F<&yZ~gs6|2+WY0GJcEy}mK6 z!`+&q3=4^u6c@l;Gn<@g1*@dvwn8&AGdp|kNV5oT8ynciHLZ&eRtjNE5ue}d^N4X- z1_1bJc3h#hM?drKoloYBkrMU=c7`@iaqbFvPRFeC-dRI_L7p|{Zug0alg1=NHN}OH z6ys6>Rl0a_jv=V(hP83T%gi6IweBXm1?BP-jwftj@bi@$4-$)RG1S=sQ2eZrbo}+~ z(BhCBoSg8`y%oID)L|T1xun*JNO5++8#<8yG*f_8ke&^oFv`DDoF2aYR!3($@*U~S zUR4!%-8?;%!Z=+_-SW!P8l#cuU>hJs{c`&E>JE^XOi?HXrLqljaeKDLNz8FNA32-+D+h^M|%>ip_BLjvG?9_O|9Af z|4t<6w6k5l|h)9 zai2~qQN&i{fxCs6m~hD2o%e!w&-=f47GC-&)2Z7<<&c!a{7<})D5#i5{|odAa%g7ta!j^MBY8F$~@`J?(>4} z2~!9yE;AWY>o!EqYHwBLsn;~GgSq3J<%P{olZSoSl*$<$OSp=-%kk}WAdWj!Xe)v$ z`Q{}d>ZISw@k3E5gL6w)nH^7E;l~V*6kdwHc!>#e?#XQFTKM%bCen`DTZPBr?|;tj zjTwJG=OisDxk7hwLk%s&A|EkflR_6?!wf~=JDVFez8Wq)%%=Fp1u^3BO6aH~4?K>? zC2!VHx{ZArv-_OwP0eHI{&FBmPyOBC5mqUW2by%}_(YgSY^#BhWr<4?6W4`POF1Q` z&MABfa<4_?YYf`)dQldYIs2ib)2DZ_5u9l!BJZYXmL0xGn=5ucD_TBCO|388E*Y@fg_Fqn!to(KS2kL)vvOnzqug~Eh_4teZ zj|6u}1?~TJm;`9~AFZt9X6LNN<-6KAGNrY5_w=k^xhmq9`K0sWg0|zMg?pAwBT|x5 zv$I#fvj3lt0os4F&-Pzs{ZIDaH`$dqSV4AMzevu9hB?#+H$7)}-Rz8~>&v8~D2#HK zctJt~i|c@yiQTAsqjRJ)yF`M;aY*UTG+v%K8*g?+En`1pvg|R0Z#$r~Lq5tIfX4C! z@B;2fNg82*y>t0wHcYD+zBec;u(&keSEP{J+a;z+zz1v4mQ;C25YKevw07|suIbdlIMirTI~O1|!Ow)iK_HpuB6w6pPGEYk zH}m)?6!|Z3QWdUo;t?w=eCldLNhi~+3R=qP{qz|G607(QhB71Z!_cWJ{^rYoZYpe( z1uoH&T{*@D+NkqIq{T5#nCtKamExJmB**0cs%F+6qGmt-esF`~JyWW;%9B61w3Tw2 zLju>kc+LJ&8A7D>lg(o6G=L+M88+s z@ABK0R`qeo?+zvg5@^BP!j;e!FRo%fOQSn>uydD&+Lue&^rr8&7&6h^v5HQCQ4~ME z=m3uF7D98I%qXsxb6NzNIB<5Hyx-O&=39)c!eGaryeZz7;L)f_6BjY%>Qx$seeAeoaIn=%_=J(JVBwi+7W$R`dFP z;O68|a#$A{i1(jD>z{~!T?@Z%E7YP)592VUltvvn(lO&c{!sbeLGii**N8qAYpib3 zW8DJys&4Xqc*_j16eaYM+m^=UT5uqaPeOu1#YL{z_;NLwkV1!Dten#$b(EADUNVQ@SHTw&HkK@)zCM=Ju0u!$eD_Vw{h1t#lAeIf z;V}1r?P+g-M8|$h24Y@S=l*us>F#QHq9$iyj(<wW#Q9IUDfx3*=+_8+3iQ%>+5&9yeV%ckE)yoo1|7b7(|;msm)UlS;H5pFY@QL zI#K522G{z75nNnizB}it?!FE?&;}XIdg6OMXJ@Hnj!hc{66493YnCo~kd?MKwdH9U z-~G}PM%9)^V(l0AMUpFI@9Y#Ectd=m*$H(rl&QTDH9z0h{!4An9$r3D<+&0vMw-xt_(>1A9i%+|lZvL3=q{JOfvQhHlT%G*zEQ`C@iN3++s6Aj4 zX7Os*@ep}CfjiH+PV1yEUK_UM2<}o4Kqw&}T1>Dti|_6q>Ocnd+6=|WKGcQ41{d;D zf65Czm|@6GZNAI*Ni6&3LHJDj%4Uz4q>N()wXprU4+&0vz`8L%m60g6Dr)FwC7Nqag$}| z;rar=sJuGj9=p)q+t*IHn8}Vs@Bi75S~Q)aWR`j~F|Nd0?zTXzWW^-UB?`TteLib1 zz+J?bn+m*e+W16XAAob)Fj$~EE-{dfTR&|F_qsj&fUA(=^lp~Ad%1jZ%aLilT^Auq zM0GNYl!T*z+Rfd}?k$n*>;otsil)1LKYe4viO*3!jR_aW!}mmI>&gszZ|_pfu0aNi zEo0X!O>z?Q7Gq1-5=o9vmLSc5XuO0_An$-g12PGx9og3w)?voF8+#J}On=ygJ^1jm zZl`y^3m6$_iTnhsY>NYqxRW}vU-RcKR##G^D@8a*uN5q zd=LNsm)ZFLg_HV*|NlGte<>;}DgE&O|HbM2uD||D|M_y{zuEr}T$lQ>|KE2#>;E|i z`!4+dy$vjW^(X%K{LB3**#Bz&hdgK!!2N%J%>Vh-N&JHze&N3iXaxoVU~+PD&z?Q4 z>1M^Dn&*0Yz+52NUAZ4ZDkchEZS@$+HD4SL4KWqV$;tWU=bx`s*uS_NBP%UF*;&Mh zH@Q^na_^kqr$S(Or(9)LM0crezX#A=l^jN;R##WA&d;{Q=zWzheEv)Tu}LCjxPvND zU6cR%MXJnHSirr=rss#BZ}u{%1~R;vqo+br)KpGR*Mu209%#P#B)3@wdHX>#MB zn#1!#gl_k}X9w@3FbbbX`c?+7G~L?E8XFf&jSEMy2BsczO`%emP>9sjpaKLUd=DRA zw72h3(=Zqxth%P=G;C|t=@X47+S)rlt3=&R?J#b>QYOfW!!Z?=Ibg8@8qG{#o+eCP zndV>~pPim(MziybFY?@D#AfLA9^* z1+&2r#^zO?RRhl6R?4tJM0l=wB`pn4>`ln(b=hCXvU|E}ajrJDCaCSA=|_3GwK!|< zET8fH6(k1BEkbTN1ceWxxCi~-I`_sySjEgXR^2Orw5>%KmfpOob3(A+HF;FOSbJCb zd~_kFW6AmhShg3AU30PD=CT0~g`0Y_7YZwse!beZ&38mWD4#O>i94XfT@#N zVfS4MlL0=ZcaUTOqpCeSpR0G$oO7^b*2C;SuONf=KGfZ(1we&Krjz`Oe4(uFT86Q@ z>cN@-)}psp5~yo=LGK=wsov<|sZ_nU>w5l)@z;+AGx^<#;IfJPeFT%HUM~db&|B06dWZx+2qcUY zOX6dnrZDS;w74G;9=4(b$rh@8?QFDBmrW!ync^6S!$ooJFc$dW=0_^Z_>D`ehy1jzCvRamJ*=(1qwxo}P z;CY@wQEuqjNv=2NlP&$;44&pkCT-qS@ETh}RIoS$$al|@y)FVBn1*}&q-|lBv@Z5E zi?@kfh*&bMzC5e-T;vTd-BfbmoeNu5Wp2ujOXVg%&ChWBd}Fd+pp?(~O*Jx6gz=MM*bO~C(`#~&r{^1_@bGH(a$lRhFOA-!SbCixhXN8*YoEgLPey*{67udj{||1FZ6>d7oKpLcG1*1Ywg z6;yiiiYP6|8(*U|LwR>?GgPPA#z3PwCHCcebOM&SUwW>yX(eIZB(9V2;-iNWfnhq1XoMc(c?0p8Iy9V5^A17ggH*3c^9Ps1sV*#Slvi@RA;N3 zXcK!gzsbUzz&<9tW9pIE?XKFBb7l;kdj$QPr`npjos*%%VR0%Z56%-)^pb+8g|i+hypC)N#s#5iP-ZNPN`uy}dJ}z6Xy!eL zY@vmp&<5@l@AX4W-+I z^ka&KaCxu6qcb)hGh%bDTAtzFovZ48H`9;qa?Qr01WIlDIQEcAB0$uiWrBB1kb zk(~1JE8B9e8hMNLs`(go!dVutH=z#NUkY})RLl)=^J3bqX5b95ZZ(p>(Rta=2)>`yL_u+HSZS%8WCRFQX_@OZ|yH!Q?a;zmgOxx>uGMEyO;DZ zRLAO5f+c24B7oj_xYP7BlX4Dres0{n>8I{-<-l7wA?1NB9S(_QJKL6`ydRV%-`H9! z(4Vv2YvZ!>n@wjpP^VE}@Z84d?%YwxlNPT>Q=Q|^x4q`d-Sw=DbNs3f*f+~Ox^NIS zy$$g=@omY4l}@a-)%*KF#e?N&RN<*t4_(ojim~#HUZ>V5j*Tq(!aHm?-`y5D-L5Tq zM;f$89@z|gQlv8u$-HnEH%^JEQ1^%*tmn8CAXef3dYx^PGyycqwogHJ^pjPuRT~-_ z)%dlFp3C<5bcK3Rx-chT``JUbJ;!qK#i_m?DTb31Sf=@1_ek%U>t(xBN>^XZ*LTMS z5Vz^utF^P}D7sDcDEdJ)E(fQ+>)3&01Tc6k@_U@UW0=QK11#iVHtXYZ1!wj4R_>BW zPtjIPkP{pH5KDgNo9 z>Q7!LlotZFM@HQaQv=JxwdeX!NLc+%43 z_MQ+vE7s8IE|<+GX5kAIyH$qlU82!>mR(P zt0ISzs3yGh zNcL+X<>-4YEGB(gV*kbJ&^3AIhe$vER_BQFpeVfrRk0muuE%ON6ch$9X4g|E-XX3; zI&yU34i>uIpEd7#L#^&r+Hq6q%*|tKa{FsHVhLQq^`nQAh2)E8lw46hZmZ-Y5X!uB z!ey$E^s3NIxObwS-pTu7??TmIGO|l5bYjYh4I2d5bvx!($WtqsaZj0{5NN6jl#k&r z6>e%2!P})6t}hBrb4$%kvN-b2f2sA1e>R@?(h1a0p3s z8Qmp>+O!@*Y`R-=MFdaGp!;(yqo;RlRzN*8_e3N{-?EI6w1H$?qy8kZofzvFmvkuc zTGIQX?T?93n<|l$*OW;2-Kz)&yWfe+*aB9a%Gtr>^KwVqA4s9vm7j!q@>8U9&@xg5 z(1Kvf#Qtqtlrr_^47OQ@2g`czJ>$5%A=-UaUK1sU%Fe{|M(40mErWx&J_R3t>|i??5sgvEUHN5j~!4czpQKNq&W+ zrCD2;92v<2V^NoKD?W~Ce3YzkmyFMMabuoV?}wDu9E?!lExjqZ;{`EvrPck_qp*X5 zr_kk@&%DbfJN(w(Cn#JkzgS#!u~-`JR`E<#M!{EBaXrReCy@)wN7mZhM_z zskC>RF_BKo4?OJ^H{{J5A09X0ZP3LX%%(!`vrLxQu(zwyy>bX@kpdm|EKoQUiaMZb zROENy4b>2%$Ty>SEm+>a9U`B5m}f@j@k&jSEU|fC7SjmkROR+PYpFt6uD_gxYrYjV zmMhtmBobc>LIfzgU%PKLK(mJ42k^9dnbvyVr39igaj%Qf_TVkO7!Az(RAlznH}o*s z5&h>cAp#^wZCC~o1}^FV0-#RdybWt6nk<|=kypN)T&);~Db{SPCYZXc2JUFlT{nQe zIm13MgE?B0$@>6MzN)@u!vs!-5NQyRL*Y z__0RdV||MhkmUAc zEr1&U>f#{W8_n|P&SDqaVOfm^EA4g0O~yp|<|VD+)X03r{L88euWTzaUhkYpNw)sj z{oW;4dQ~gnAuB;PirY>8u~t;WMq7+(li7pQL*AK{)*01iF_UmzV>{?J$%@qaWD7MJ z;V6ZlZ&f=}4&E^1-QRCcPCf;(m0$2pTQ-V{7&qal4^1mcT~=w@Ji;AX!)T>3UmTtV zH2W*86i=qqk}pNe^j(Gso`c%d(=L-DhOLeERkEMyixyjS#fO9%T7S!!gxdgdq-MLO z{o#r?qS1Dzo}sFb@g}}lgs4xg$?4OrX^lDt5YEFLuN&+NR3^3fGhuXsLFs|Q!<)&hJ|(G-JX?J~ zU1B{WGI^>gX`~76!c(&9pi(n@+9qQkYBy*Km21*kLNZapU_G_MB7pNFmvD zDmWCM?022AxsG;{?5kQsvmZ89%jW5NUAS{RBEZCkHB=?8voP-?Rl4R{Ugg_$g?fhv^M*KBD6&vGZ8y^ZvX`2wedd71GmdiHD?TK1nAXtFV?T z7EialBsaNZK>?*{!kZ{athjoyQ^fF4Xh&VpPdP#St)1?N2V=PF@_k#)+{ROn^HfSr z?VaqsCT`h}U-uBJGI zI@*M$UdVQPpiZn>R$3`eS{C22njDxuf5G9Z;#S5;G?rf=m~mPpGk)fT<@xdj$y;02 z823^fmwT;ghJ{M)hl|U@pDLFYq|qBYiY0^`pBaa%B1bAy{9b6qJhs-nSCn8K+-6O$ zJ;6WzaDMsRhn9Og4W?bV%->& zn9FBStKJ@aXMBOz^mJA7CALUj^ozEkiJA%J2Rlk1F{iMZdI)dMALQj~h}c)4R5#Pm zEqm;meulJ$Tq2UZ4*7U(~uHZKNn62yTyj!dsqX6LZG8aIog) zc`K7SB^y09Z@tP6iwT5_44n%YL<192A_Cjv4 zuMNMLWK|eoeRX8)RLR)fDec(EYEJ&r?SWxsZ-b(TtkuOUl)OoyQHS9L!VQ>(8;Zvchd*o72>ItcuioXS`>E z5Z{@|Lkc%G%Eg|S>ujBvBnT><%4p!(jmvQ0y-!cqxKa|v>7mr#ng7FFJ9lgA z8}AGXj6IMNNXe5Ws~_f;2&->xHGLGu#dGSMAu)S>*{r0!xTbJ_*~!(tZ$ECnT_;t| zD+0HO)Gb+**$nJDmf~8erMD}2tH`8W*cw+8H%n+yg+=_$6jmbBrbPV>zz70mtrLYw zusO#`z?eNR(^~HwXTpo)a+Pb#N(4WOaoiTy_F*+JILlGYkO62oRuzK8B8djWK|Et$ zk3dqz_M8k+QhZIWyD0Y|q}zP@mHn|$lI0VL@K~)h%a7ZwCiM6E8sQKsDx{X{5MaP% zt9CT>p_s%zZkzmf)03m-ozk(hekg59ZTQf;Cd#%&I+mnkacz{MnduL?jN)DaXwud= zSwWc7ihILpzXGq~koNaxiCPf?6T_9zxivTk=d1Vf>ze%Q2c>|1?MHTuohxj2uAB&O zjce+w(w!zb{SxH4N6t|8qC0y%ns)0+HcI%O!&@f78y;sifrBYjrn2zc{6Yf$yY2H> z4bsD2Ia0CSj6ouocP~x8$i%Ziyu!e&kLk`X3S8xV4VeNzcqr`3G2N`iRGeQ!P8|AW z&4#Ng{<{3K`P6xfNimkg;YB&uRT3?u(HB2uD~mVG#kyzHx9GR{(zMC*;Y9q)Eb0tvtImC)koY~S z$IFvClWyBM`h?fY_3-b!QNicGxKzcZ!l*(z

    tY(F|E<;bk&y~Hs4HubX#+*=@O zN8Hgqn8Mm zc58`o2yv#sSvxAP;9{}8ye!cn_IHL@&IJYB_a;Ka%=roE)UO8M<0{FeMbCb~Flt)KGr?6D#((NDZDy ze}ZvBe{xtrWp7TOIk!hwD4fTX>x9{^OshKdSVDAOM1EKLnL;4Cx8r}xc<+DqyKa+!AKm+$SE>pKDwfdTJA?pm!` zDtWj+X2!fSmp6-O-0lK!l-OQh-)N2Fe@`-acA3T_P+m;kKr8ii^JW~##|bOwhD=K2 zRjLCr`jW=}?x6r!TV_;gs75beVfVglcVDis=Z@%(h{yOL1qN^> z&Y}{ikuYeTHtS2HRg6E9(Bn)iIJqXOSno6Gmzv=CG}vWTC_i6IwS1S8AcM?Lm;hwt z0eG0!mIbTJe*N-gFJ9@F7fD{xzjamigd4HqnvV>$EQjZ9Y9eg6CJomxD7|SXp}l2o zI!Q~R0{gT6Cbo*ZIayvb#n4l4Q+56nU8|B&b`!2OA~cg*p-@Hq87w7str2s-R+@1C zPG$U6bFPb7j9ECs&<}d~Bvi3Ri(hJA%7@J8_nA&l(Vng39*(RWS$~BIAA^YTt8qdd zVh0watk11oZ;n-LaP{!r{nA#(fP=Abg`LFG=VLXrs7LcoSW9k*vTVSJG)FB+JAGW6 zy98Bg0etq#9X})2=_tjsC_@9}N(T{%P;2Ea{hogZEM(<* z`~dUTc}|sq{3A%RU0a(6!}>hoO;EzN>GZ|2EB(0-%M$JE=V#Px22oD}Q}!Oe!(M9B z%Y9HbvznRkF>uX`bq_K^5WDzEfTy3!F(|XN0YQ`DI(v6p(~(OS?xbVfm(@Jma?jZ# zB!rbOEnB{byUgsmc-s1c%p1AV+Gztp`5jk&;ii^G-x=L`CUi3VSxD%MhVqY(4o&UR z@Yb^QeWb0NrxL{eih&L=*V)uQP?g$+tUPz;YCNan)snjk!QPF99#pdYAyW8HY-Q05{r{!3q%l7cGo8txB z+je(6@v6KLWmod1fE{@1=N3J6Ve%lIzcfKSGPc3zX}?SNV$KT3DG2Mk!SQh$+X01J zvitxgC^&9H62+Wz;b)$pasA zU0MIdX!6Y69CwrQ2fGKx2lp0Y#Ts`?OZyn!iu0+mmgA(o5{QUq5q6J%dEw5vF&>d2 zjjkSDz>vN*-Bka{%81A=ez3s5JvGQpi{UpAGPwbU> zb84W%)In+c6H?XJq9(Jew&Z0FVYDO0diFI%6bzhsd2(*sbK$^*jQyI=-(2}{bGq2- z?10^SqF3{s+TNgx(gkn3SED&BV$`yCj>q}JKFw$0 znlORI^B0^<-66<2UM8)%^#D5C%^T3N0!wewnc786n=^CIB6Ghpc6Lw({6B|cWwLgpZ?$1|A4!-fz4iD*Z;`Ml7H0y z{Q30#p+CRW{}2G|=lcJTFtj58#Q+dR2!tI11HefX;D`?h^L;2gI4~^{h5$!bK){h0 z2qYSU2GGo3)$@El1^_=~hT5NOGLmg+?$bXjGe$s}@^Z>tC+pE9j=3ll=h^pDm zCM%B?U_tu(LbZ{wXe2WnE(7&th9U}JNJp+6tp6w4asJS2{r3+32k`%8WB6YgfN%5v z+x|~kIr$&`-+%9NefQse;hz)W{LDYt{ayU0F7Rrw77%<;QnD!}^%{Jzckg`wxCa2> z9K~P2r)+GS4<2j|41C4^=VJiyDDt2Be{So}y69`k93T^z7)`yJ*qaqC9d%jP$#b31 z{qV9ZitQ;Iqzf|_Y8IX#k||+$4Sv&mo2+VEi}TYpvWtD6^I+=CE;s%Jjgl|1|&M`t|EJHa1V5JZWfXn3#>>gt`Hor#Hwe0*TDH}DnzpN|2+g$SSdzqZJmc+;E|Rq8D^>QRDmYuuw< z(`QZ_VS09Wx9$%|{kyNyANPju!M|6C$5*`n_S=5T|C7OCFJHy~a*9d{Kl*=udm8_c z=U@2$Jne-BI{#wO{eMmM=l}W9|MQ2O`u~W7eh>crJv_q#T@E^Z{s-S43KbJ* z#t_U-5SnI>KqF8_C>5n-bP#~`57?T7SCX)2vpLMJgJpr+qfi+*awP+Y#Gs%!OlFn< z4A*9pLk!woEJ=mK>{%`t3Nrz)VCFbHVwYAkAHpmHqoRYtLzwiU%dz^zQhcisV042x zg2NxhK^B;nCwbM`ruME%*cm6}dzJ?#Xi@)XnKM(u(%Kyug<>Y_pfB$~|LAF5?0OAdj51Igwe2{<8 z5De02pj`m@2TcQL0=~cxe!aiLf6Vk>_;*f*9P=)#Ij8_v>hO_qi=D<2seCABrbJB^ zvUC}ig`z2lCSWdXWv~K-^qcsKPB|55x=#C&jRN~zLzK36cdgS)8##&IxyZ|lo|YZG zY&2IK0(vNk4T@lkhS5}65Lmd9N^&6|QWOcq6`f?1`~J`Xe(z25-T4poarw&m|0Dd% zlYh&r{Qs}{2WbaQz!(1yI)Bg#fbfG>U?@KRFDBsc@SpHk|L+_L z!4#le>zY#bJ5yS&D2Su3kR;=$)nyH}Dbv?8q~l;zk^u%z+rF5^Udwz+X)v-Aiysse zEZ+mr9v)nfRJn`enWD={6R=XW$q{UbH++XJ*3uIq;S+r%jSb4gb`*wyM&dn@t}4gU zPjE5=&K$_&Wv8oaPW&(f|M0!=z4>E9!DRw) zQtaQx|6uz9eDhcQOJun89-m+}U@mFOjPBp2Egv6tQ+Ds7%-uK=fe$G%+27~C!fm=L zJZ^6QpNNOoC9C%APqJJB8W>jE>@*X{f{gXKEnC_7Vq0AL^l>E!J11j*q9xuPhjKh@ z0*9e+$iN_zkX$oY=7?OAXe%N-$HXi3I9pN*4(*M`(X}ag98^=NK`~9*g3SgJap0^+ zKy9jtJF~lUJ2zDvs1GYvb-{=ej{;-OVc9rrqH8h^GHp5jAasI_8XH`Uw{bREWUH_c z8}J2|+=Ab_+P`3Cc-~U;!ZNnSMg+}CBM2!CQ7g_P$AOIgcexBbte!ghJ%h*H>R1ZR zJp55Y%6-fYm?Em%fW%hA-DO~fDw6JXUhX+bc@OX#b=1r-iE(#8UJeY!ZdEl|<_6q* z=|a~s%wsD(jJPacF=W(wP4i}Vny&ennoE!H$)VoKpr&!ms)~@&?Ls#_x1}8LyeqYK zb&8J;{WN-i-_qP9G3ZfmY=5k-NEs7sLRNM9-SaaUv4=4G>|4=Zr_j?m>oTq>=A#ev zVwUIN$j(fL%~5K)#j*-O;0Q}7sBVidz^1Ju`=XNWC%)NuaQS4A!1supLt{jI8-&Hu z3nz{I6&9X+WM>w;EE0o@Cnn)B2vC4h(U*omjVto)AZVzwv+;?e_>)$r zASaR1QuyY)MkN>mHv*3W4xTt;f^4b7Ur?}uhBge?r8?tbdb}(Pri+>^l=;VN>rb}- zKN3TJfBr-KLxTdpN&&ygKbY+OM*mTk|H1#ifqnq^`}}_)e>5Wl%mP8?LHJLLiGfxC zv<2VbfBmogTTCm^^U@CVONzUrI4urws8+Bw*+k_ioCpmEp!lqe%wz-t#+=Uy0|Y5p*zuwmTU=)$5$No%O|Iw5 zVnPMxW8KQE@Zw|$s;3Mu8e(w^XEj(i!dr(j%I{?lPzr~_p3dQ8I#8A9XDC2)arpkv zM2TAl-h`P^9nGUCHYxj2f;RmBLd5gk`49Y>{m(b?H~Cli8~;xRw*>y-|NjjZ;4A(? zpAY(fkoK|cY!G$O3V`r~ApjT=fbfGs0T>{B(TM&_|3C9r{+%cadH|UguYqAxr!!v( zGez~AtEaacWDL8p9wzgpm4p;SRFFFi_h!j#r^Q-%bGjIqcxSjm`}%INIk zRF929#@HCN&)^vk47vk{z(R3IHGh*`9J?UUJzC+|gagDq$f9I24vr5~#~m{cJQR%g zDo4Ny^$H^?TIK1d6ths0lIeTO0}n*tp<2WNJQ9atvLt0{US%qu%Mc zRFg?y*@+_hSp96EbA92AwqTaBBBlnQQQ|AR);q@z4=#T&5=uhRpRXV8Yt4wGsni2#5$@9LJ=m zv>ls6yNf%H$t&xo*<@Zy5PER72OR!Bb=99Xlel*M5H@h-HrDduetgR1d`&@ zS#FjM+2y#4B=4NQlUmi5U^t4J)&V}DTKApaaXbAekQoan75343ouM2>g9jUR%MoO! zCqf%K_UgdTGQ-g%3S(GOn2FG>)KEl{#I~h8AT7?&NT!u}QtTc&eD*d6#k_0SX5zAU zi`w7j7+i|4Sttl!bf@Re=Y*+`A{Zf0RnJELw6?HbPQQ1F24fa5>26sXNZ#}{nCNbO zFcSOTsLbSS+r!I6@_u(G&bF_hz7?Z4@V{s#ZDWb$w0f3W}K2mk*L z{QtuLpY-2qVd0DR_MjC2nFmb(sQiNDgN6WvAG8Jkg#PPZEbBe44ry0s<~5L&KeOid z?Bs*ZjHLcn*H7?F`d&de@sQaS*K$6S(jg~c!wuKCpAy!OazpZC@NTt(@uprj(Ku$f21+j&DdCzBAL+eUj~T784Hul0mtS_MC>5ds%`}B$ z8kx$&3zCcRa8wH2q2=893l|S6N-Fo~Mq`0KNoGKTtptNso4|%C5y7dYDEV?d%2^Er zQA2i*4zmWanj-%Q*Nm@(`t6p^ySx8#a$xF<)X`5Enb5ZspwjvX3PoLY9+pss2>=F^ zYJ$d*WPt|5#l1;8Gat9#NLiZA5`=6wdDkiF$(p=tSEAZ1Nm)Mm3|hl})K(~S1|R%3 zq^H|`@7T5yau)Ht>NCD>-RXi!>o_KpcL@H z+EPojk9kviIv!uG*Xabi;$*fI!#>l|n(YpRlO4XGm? z6|Mjq7z54=U5aIEXlgHm4&jmL^TbQN0%SQn3;{l^F4^Y8EB_8EUUGMW5m6Ywqm zmB_!T|Cg7Q|B?Uw`YQc#kH6v{)O@~}fG_JmH!ofU;Rhuk&?12RgXZ81|DgB-sz86c z{{OlD_pj^!&2(Y4%&S>jTMl2P0ex`tBl$TTtflDIrz*Bpv#jMv+>qA3!`$qN!+q#{ z4P1IP-Ai^U9@6Lf0maRU8mZ_b@dcnE7@A71D4o0D)J-%Ie*}LNAFPD2=MaOcX^J4A zIwH&nVZQ(@3m%JMLTUM-pe%6CVnMB9$I=r2j1)F81hbtZTpV}wOhhs90>TcTh0kkd zhc(sL)iz>>Tk7??S(vXQXBsX}60Z+R-^9Z(P~xb_@s-kK%oQCE zzWo;e3bMb|f5?hTKk9$}IOu&s7WOtQ;QNyvUv-*qgh0>0+TF>VK&emRyGGSi7ZeV>yV@% zcadEzOaL-11A~n8v8s|Wj5jLYE3=&lK|s$S8y)Yt+B=W2Mf9#2r zfHb5T#)Nvgm%+Rt!Ko8l;T#qzfyty(jkd9dR|3#%ik|MIcDRfP4(f^$%JNR;#`ha6 zk#4&UdPTe-hzvpSA_)D6L>X&gn64hd)K~~*o|Gq%LV)8TigYNP1ru`2CcjF!kRDQm zcR-@jm`}IKA*s3T-P@Tp&R&oe{C`Xg`R@FCxP*m=c>FH?S61P-{QsE$^SikE7he2l z{{N)^f(kFF|AK2ipalG72?$&Z0+nA-4hAJ)Pz(OO^}oxUe1N=x$z?cnz3T;=$YZIF zt5;-*PK_2uDj7H$JO!&>q`ye7wdWI06V`GK2U0`^g2@ux1$UFOH^TThH#FzSW-8DH zG?ZsOrccNfhr)V!Q~UygoDgwD2>B2mibKP3Sa8mw2w;NtHbDd!5X+3%b8NBu?Mjae z!LZT#dkz3hdjcej@zoqT(U5c;w7G@EEDeh;-p8STLB>r9zS}y_EOKgeD+C8e40_#R z)5idh$%XNSRBK!GwrI2i>T%@)-{4};!*T;To|db7ujcPkytqJ*HM)mX)z;&F_uzB? zAOGQrNOByKD-*J*CP#jA-z_bphm(Qr2e@=?9E!5EUJfP4?JHx{n8>l9*!68|)CoHK zPi|GwSRgqh>hw(`_Mexy94lo!Yof^l*Nqw;twFr+F_f!*HFc&YG1hfyOm;F`Su;Y% z*38Yci9@gWRjgd!Xm9CNzJ|s%PK?zB`yxUly5^Xg!g&!aaHco+YFBJE>zKe7Q+kD4JNixNTOmh_oa1s|hf4H`M9PNb3~&$Xyx!QMRJ8Zf#V_^0Q-wfZ^eI#iofmu zmIY_R{8<10cicOFw*T1A`#*weFBsc_kslcLfuY_PE%-|p7#RP7fgl+6f!QG#7ycy$ z{9WJi@5Fy=zmEUvHzr_MRqQo|=MU7o7ROhq8_p^Vtq)l z5>i}xf&eK(Ip#oPg?#atlsX*11kI)H7H-+8-n~=V%28hhmX?f97S4yXcW9Xl9U`<( zwHFW^R9VI};1&c^Sl0p$&SZR0c!-*8cWv^meSoCRx4tvLb7IX zsJMuGnu^VRMjMSFY;@cpTlYV6neBV?@9p7Fb@vGUUHmJ{|F-{ImJE)B`ceP)yWslg zUi@eNiJ$ogBR??g1B1Uy&dy-W2S$G2;y)Myg2CUHT7a`=W`A1+@Q;7+Z}7eWb7bo;;hj@0NlcZRp^K!^?ydk*{i&Zr#ikVHe&j~ksZ>Ku%#w`uoX81Jl~Yjz%RwG`}X zxYh1`#>(MxSL5w7)Cc1yZY%xcQP=n8-zP9I=%5QY0q$2B;5YsM-}ZkhC@KHo{~rhI zpMT|_`Tte_59shgsrSpuFBlGhQ2^-nt3*UV{|^QQ-&p^B|5yFjVjAx3Q|1Zw{}dAZ zrQM`1W0`W)Ct1ijy@1)x*COeCZgj8?hiQafMKKXg)zi%Omhw72Kj2~mYBh;ri)QLT zOPuENP1~)v6Wk#AZ^r#)04NF;&%*5NBJGCo!DWizu;^$!BmfUZ6s6$NEO3fzDG|;T z1ScZlfvHM2t5Cz8hMZ))oW|5*=_u%{;9X-;OpUC2D7Wl~m!ZdYWk= z&IlM6L1bN4=)aOR)r~;{xC|mH{4~^y0zpDy=r_+qmPAm1GpS5fS6D8YB&#_X58o-1 zoE-V5`7e0A|LKLCfASXi-u(NygnU)|@%d|goB!X||B)5Il8_(%|DU|3zvpdV@ehXm zUzUK*Iy-~dgYf^Q1pqVwpf3Cu_`ww5@2~%U{44+X-ZU(5fW{-&_xNJY)roZ2h|*P3 z1YWI+DK3lK011nKKseCBJ&Y!pkqn?lv4*X{a`L`m*F~FmY7`eYszi|oOiR1mo6Kfa z+e<1U6R_wbYEZPAe;}Tj1rGD`+TsI0f=40oxHuLp9twvXWXB;g*&t>tz9zZEf>f4m zES_0BK0eJws-<9cM*s%}b?!U@724CENAcmvL*`1AVjkUU$7fHV zC$3C!`9N^Ur+0gfpJ0)?jfWth5GF-v?b4ekcZy3B_QXM>xH;|DvV;cuVhN%$2JEdB znE-Qh@yxUbY0sPzVYGR;_g1{yU*u7Z*wlM zi!m8yLS}yF{O@z0`y4vK55OK^hs%&G5f}mnNLDC&Up77Aw5$sj{RHXYFQ&AjJCLeruZ>9#yzFBXhYnpw?JvkRx*VK zT)$RK5+h@1LUg8xz8OflF_lF$kO<0LWkrXv%qkK&*UfX>fKBNsBJxp{R=M~1lqeed zKySWF^*{+D1}A2|&Er2mNdGH0^e-O!rTu@vZug#+R`dFrAgzY0ENm|4* zj#eqzkc=V8l%!Vdt%BE_tU;%xdX(f64;?+x+AAy13){{QsP~PIjZY~3pH2Px#{=`F z`DeMfdV6@gej)%q$G`fT-{pU5eU1PBYdrte-};1q$hR-^523ys`Gb`IjSCl+oj;`i zA#?C^2;h(Tul|XDBfNurn&TKjlC1|1(!el=LT_km0|A@Ap_9yFwyqLUXpQH(gbM+O zVvVhUcM(K(jH;0N(YOk`9EXN-E`x1lweHN#=fFED>B`xtx!ha%qIA;QK;zK$255Xl zvd|ioJQ?Q4Ff!oXl|T*6ODX0x<0YuMvya5(hT_zY9xbIRqwUur5r9Qrd}tOLU3Zb! zk>4>!B;eAO-oC5C|F@z4)kE^d`S%J84g6K?|Kp`T$G^t!)_>47zt(^K)lK>vcR%4D zg8xcN3Ispo^Ov)|A>-N)83M>g{5<*p2l~J1C;rbb(NNlHG@Vr52EXJo zi>{Q%vV`L&7RXQdh_FL!3?Q9cZcgz+Z0oD;hKeGF-#A1*%ODaCaiz-W6zk2^F@77? zP%G=AVA&&t^e3~l1BC8%k^2uaFt#B(jb!yTBLb-rob-JJG76rZXvdLDJ&ZXF7^Enc zlFJbr4;(Hi)GStvK%(I|^=cd%(cGfmOdy8WcL^essZzX`d10jE-NPfJWB=z3!58O0 zFu>b=Z(xM?uQC8W$NwMX|9q|g@i#L6>r;Qi|FY~~*7=YvxSE~49RG*n0?Pw|<>244 z3HW3G|I7NX)?^m8-!N(mytKGL%WsY@ID5PAiqgw7m)iU5=E4c0iRe@pb2j?ktSb|jJJt4j)WFs6Bjglp;LM1}fjI~pA$T12ycaokutakU2&2><_h&{+^XsIYK4ku?sM1cWEOM+|V zdVCq_$Jdg4i8_UVb!YWeatIj-nw4;~x=(AY=bfV3k`ep+YfD}{p@R2Fpbi|As{)d# zmxvM5i&&Z@>98a(MaYU$+JSW+SohMG!tE>3HysDnnKW$43cARTRlS0-2s}bkmx38F zV6WLtcfDF<*6fk;ev#D-bo!dFe)lf3>Q0Y`PKA$pB`BblYl}=v2xF z;BZbjxDgpa+=7PT@NKwDym)v53MD}_&0fFSzshh27H&y6fu$xN^hlgJXiMbtBje-` zCuV1CfnmW^eoHDr+Y;(ji(;6>M5oSF8mSKrT4lHbXH`vy?i4gxf`B>Ss7ujCvgk!^ z?1uX_7@gV<2L3@PYm;pnhO{$Ws40tg;$>|D7$dGQ z8yyQ@Q<>eAp7G_(o(bcBUuf`4`~P4Uf2jWNud6?NUjJ)p{dWBaUF&Q8-@gs{Pfq*^ z|By>x*7nOmK8W^Xa&i#%kS+LmAOMXEmO}%OSoj0|zx0p(kJ?WM*UB5t?=z&OID1*4 zPWoV?a}9>2Yjzx!a_k4XW)APu^ElSYSu~)CuIgYLFr@`z42KOEUc_W%7vk&=8JjE7 zm>b~bQ-)_QXv5=uE2Lk3KPk*Fvx5lt$H4IDy&xO|;>qAf0s)3o!=YhlHw+mIYHMN9 zIKBV?PxLP?DFZ+p35M8=U1JI0@G$LaO>i@n=9*k5mqJCs98is!dj04)Pz?@V(z|}; zYT-De1t2xcpor*=99h>@WFm%i<5oZ)2?uWpSZj`ezio;;W5L+|L}>lNaU6)*$S_bA zWJcGn9pQF#vR^fgRD_l9;JBqR4VkMLn9`FRP*FJ}w5~fLt4~0!W6d)-u#vY%Qyw@3 z$hocvJi04bJrAZ@OSEn7RKOVbi z|5Ik)35hRVX8lX^zuf#e)SLCI7{KTJzvl1!KeQt3YyQtCoc>+^`GkK6_#5r*kP3i2 z|MFM>!X5&CIR)_N;NO2v|1VJ)O0aOvK~1{ScN(z@fd(Ve>TyoVv)`p7r8ZV#L{YAi zTO)+1sWGwL2>J5H%jKDMuVp*Y9MRBP9mQ|sr`c5Icsnfh`FZVYNg&s%kVWmt6uCE|t zvo`gh%Z0QmC!|D*iNujv20|6lX_`cJA*Nr6@h|nU{^#=YPAJ14 zS^@y2{X@zBFUH5AwE)nf0BC6dv;+Xk|G!;R^UwOfNPSZOWr->OtCihK*Fyd8hBquk zEi7?MS*A)N>AjV~ebQn=u%4Mrj9p_E$B?US)o9zODPhKU)+y;QO$Q-+ZT@u+>xNh~ zdgj1E0wD^Fj0z`*0Z>i9C;~MMMTL>5d-m>AL4?8KNWT~yP)3Fl_u%;?Y*`oq@Jk?P z!Ql9&y~vZK=E@X zXHgXOoa)g^G%jFC+v{?pyjAljQ$@((xDP-#gUZ--Y#;=KnN*+y7Y|>i_zc|DPHCJ9mEK{~zoBmSsQW z{Feg(kQ{)-|FYU&p8SJi0gx_$6af?nTuuS{OP}rc;|1jWuh;(tbO3M-#GYN+mJ&F< zJXW5XC=8nj(AX4#Raa&^C=$oI{lXS$DY;y3%wqyAN~%@@t0T0s95spuDb%E*u*Rqv zV{5(Ln-ORP4wSaWk&y^;iX;{Rq*BQ7D66O_0-B7WaQ3h$7>ph{f)kI!9`>%tusmK= zWDBooqJVht(g`xD8n4cRqcMj`M}YFqGxh^SGGq8WkVNrfcgCeQ-Mlt%pz`*Jp-ppz zkA4Aa>dpY#tO*vd`vEEtH@|c3ql@!>NH``*754hwuEYRBSHh2?8mc^BTDSkD@BL2> z{^IAm@@N3ZhbG}w z*1EXj;7olN1d@bKU;zrSeF#88ZLg44BGncfS4Dyw^B0r0?^usT5R1up_*yjt$=()` zPK2K>EfX-mpklk5SKdk}=j!_7_=(o7YPKhL7*2F=y37{_Y`4Y8);f6ds$X!M@}SyJ znyVsUSOwxyvVGXS`wafYP#J&?wtdf+&FTV=3#AiCrWEWg0urFo-l@`4R9Jx2S`Dil ziP&5$+BEG!(@bJ4oM;&j#sAqbb0@DSxBDvM68>9F1bk`!L%sdoq2k?tiGK~K*~f4C z|7d7@UH|tbG5@FM`hGZ{*vhuHTeFhaPv61y&@ zX-cmlS{tQyBI`kqLhzyq_ zrFE|FF52UJ#;BgJjShzBz>#Rs{QA=dxk<%i&!GMv-@f|aohtNq@bBjB=^g6wiw5{? z{10mO`YHdaU+X{qQ)0jD8=vsMto$L=A#V>E0>}zLQXj&8*$|wzvijNiLssB(^Z$=P zDK&!`gtJU}cHfReT{^+KYrS4LTIIS%hJmFbD#nd5qfMyTVv#d4qlI!Os=~=gA_|8vVwjOpM2YIAfG@}lfS>p3Ck{A@9EA`m1bfe>W)Np_hTBcc1d1^oTWbF|=LW6{BN<|aT z?{7UjwiOm+SmU)c&Hkua3kCo9c%;ss()^8EK-68NS0 z-y0b0=k|&B|9t#UgZ|s~fAo(fVZX-zzAWm0c(zaYU&b5q{LAn!i~nWM4_O4r3P3^t zQUre%|3CSQ|ECFJvM3a5rk{n44nzK$K!s^ivtG23PrYr*h8$&4M6^^#xDtxoSq}C8 z1Yq$rQ*8}gQ~5hr79TgcJ7&aB9+m+5?86{tlJgK=pqP9y~~)P!<*zpnhL88jZ8@;{2Ln^ zuU)%lWo5-;u`XS@#9%O>7VywSz+c)vi5GmlCRG0iivR6)JL+}3!SCrsmQtg%&c|7T zP{&u?(u_yn5z~96k7Ks#mM~;P%~Q>sL9~R~aKpJon>AL&juz>mA`~4xk!X}~#!Bf< z*-j&#AU&Kc5z9mLLk7YXKw=^yIf#tr5amK;50DO!Nt{5QP`^AKPdT#Relng10rSg6 z;9zbgaIy>P6cV;8jt7>dNQCc#{PuYsd|_;kY;H|H`BKklPUxv}?Mkm|RFdp;30W3% zP!^7aqk1mY%OZ>5xFY!ow%n6|yLc zpvV`?ShSgrQeKSIQJU%SO>M6OIj1B{S!|kE+SPd(rSfQ(Sk??xe-&EZKomJ=e4H+z z0o%g&e(3qrw*=l}h)~K|(d%5Un!kq44ZfbM6WVsCUekNW+38k%ZZJJ2JCs|uMZi^U zZBQa_u}UFHrr^+%C!57Jx3uiz^|TZL_s)zudhjCG?+Z*-qt4CnNHJ3;DbajB+4g2p z*!P;*6D9(?jZXD$dmyvLUC{Nav6cM!H@s74Lc}}j&#%cGy%@6*RJov?M){vu=HM?q zrvH}?{#)$-Zw7#$vH#FwkKc{|KBk0ywg3Ny2k{sC55<3>ZFz2Y*}_BaVA&TyjsWrt zkQab_0ptiE*8uqf$Tj@lo+Fm%y~6BvDF5p`H2)hsuJO^byX`#5QtEoK_HOvmiHL~f!qEY)I*Q$tQ3G7HhV*oTcu|hZnz`<&= z$msIC#MIDJ0*xgC`;!E#yzuVlS=I&Z5tW>6S-ZQ>7T~v$yf0qrs2@9tB;! zqw%-!53KS>A#^pz}A0@et}Wg;1g zD1a+tuP3I=j(7F(M7&?!J`y|_=Cpl-rqIq^ zjvgo+IY}Tw1Qy^NE`SV3+KG~S*ta8}LM{RkvH;;Qf7UEN}rYaN^}kuQx14YagA-bt_=B%|tu zf#5qU?;dgjQJXRrt_h%oXgOw6NPVox+3!wWVe1Db9Aoc7Y#`*v45`s0A&n)*T2Mzx zzvcx1jw*U(u=YcVK02SphVCdfz*RmhVt4;`z9GbayaOPn+bK6vu~t&jvEaWpS?q7& zpB3o$OZ4~i@t-xn%l}YS`&$3`&$<0l@BYI7^7s$({LAn!lMk5y2zv2>{)1h)m$wJA8=Ii$;O}UWb|t2iuCNj`oWX||jqV0I14y*j^tp!5IsO zqYy~hh{3jW zF!R6}d993mM>@R8`q(jvad|fPMA~kO;;mdu!PUFD9ux5QSBuHvsDmAuMvthgG|{OO zpmeG0>X3k1cDJu2PR+M~M{y&2640Zq5?x9q4_oc`%5AIr{`Jbp8-%l#(z$o zI#pU)8WR)q?YG}Ts9(5nAvZU-xw*Ngr|16t`_G;|+qZ8YWD#m>Yp+~^7K*3bym=GS z0v;Y7e|m{u-uy%_e7q(U|0(^Y{xcN+xfV*q*8$Hd3{&JvX_^ELl?kdOj`6cIj!|A| zNK5h{9?#h6XHldXuq5fQZZ$ZYdssYcb*w1oX#@PpUI5VBh~{xr2&STVLIS1jw51Nk z9g>Wr0z3pcPIN2}4sb_>dKys)cG%KTR>mHwY?vJ!vz~2NAm`k2q|D0%Y0BeWcY>9b zD1~w_+SO7g8;ro!Wy%~*;wep-><+ptjUTy{&y|lO?hM83HzuOU$VYQnvMq6bKe>TO zMvdT4&pt>|HZ`OP=jx1*hSX~MnFt^oHZH=5-C?pKYvnsBgPD#x0sLaVHjAgCFI(OQ zdEDW#pwun9)F4dt^w#D^FP1x|F_-qU!QoHf0bqa zm!POFhqH9>;1Zp_w6L&5p)B3KyHrxLWM#FKp1$PbvQ$>K)Y!O0qb)(B048(k+O?%i zmwp}&{QA6qxc>?NAFl}@>t{aUKN}utocPW-O`a^`i^oz^<9|y=E*MFQY3}vg!o~t>KYN;C{!s|!G?UNPb zwj^fT8^<%~S2{DR4mj7R`4)Iu3=HH$PX800Kc3^){eM4M|KT}G*yegI&iKaIFeUw# z#r^X#p`ACSN{!V-I8M~w3&h~2x+gO%rudyEN%MIT>Dvz4N?@H>^uraD&|&eUw=eHG zZCnwEW7x+^qg*tojuCuvj$v6D*k?E+fQbAw5|)zp^b2%`!>Az61@Bqp()#4WOTmWHI5jjtT$^y&fE&t^y>UvlcM#l|F@H0g zZea)_(o!Q@9=o~n(vbV#2s!9*#tY0Ym5+xsC5*2_P%E}Gca(0D^m;o_u>)ucYl;K3 zkPi{rGMhGHH|U>}F5Mz3=7RbG#^vVMU$#s1I^HmzD;8oB#Ev{8tVSyq1Dfhv}nAo7r#)o~B-E+vP2n$3}9< zmqR>#XI7q*UEslxk_8krb#JYss5e!vJ#X2aqp&?OvRm-O^SPo{A?CsRwqU z4w6tC4wxWGrbLo;QtViL^H{C7yiv zMBe(tdiyVkfdp()cXVt!If)a081BKFg@YZ4iCZ6sCEPPPjJQWwe-wn1c2$h3li--z z18|3f4OxTwFLB4dp-$>F#mPC8ft_z$L^L)R==iQU)b7m}z*Fmm`CgP+daM&P0+yZ_ z7=5dJo9qnl0$*=Sq@6Gl7V~>1bOk(EPvL7cJh|#pQGIsjP}x~B z_2puOK526f)6de{I21~WLOkzN4-5G$C zCybfg|HRI)Fi*(u_%rZ-&Md)@IS$}q84BcvW$sf8X&vc}5h?11NtV&aJ0_MrFv zVCe=S!b7(FHM<_Hc}mnNvd2nQSZ?f;_U?Osakvf!~?;jQ_$R)gOcQ-}KclZ~s{zD*!sXhlIHNR0-&F z_Mfiy>-9e$$A4<7U+aJWdmfli>_24EA;S(?_<@5S4=?3IzTo}BCCD9&rU$>g)p)by z;3cNTWtKhU4(>LlKMoJF6j?Mh$5&!XRcQ=2lW7=<3?G_=lIGoK$2I2STm2otl-GymOU3%{& z7yzgOjZe#6G4c{(epHd8g%z%_j8yQnQd4(4c@+$nW7cGH&tt_w3Fp}3v;@*|y=hz% zhz)>kTWuqTYGNDT7SjfvAx~}G+G#Dio+KL=6lOSP(+bd-F-#uWv!M@0Tk!spv@Fh? ztPr!0L3M|}GQFVf8USc}B6%;j3Rv9A!;y7K8Gw=#u5j(H;i@ZmgCVBiW<@l6d)el? zYXaKJ=T1E*H0TBPD&ObITAed`_agHA*_X4u*{hrn{AX0-zvtQfdX>Nb8~F0}f3N#) zk58L`f7br1{yP8XANC�DjH?`TOra0DNNqAI^;+fFn<0E5!NF4e~uWLUd)Z1@4Q45YYhP9A5IG{rUJ z@y*U)#9JP=#-Owr4iG90ow1lr)&ofeE~6}%j@DCHK?Udf0FscSZPOd$kXY;^Q{Ya zCH@=bBmFy``LEabRT;y>t$6|4lEb|C!&?|K3miZ@B-ToB!2N{UrZudHk>Wb^Xu3<)K^Fe}#Y) zFaZGVAeg$^XpgKmlFDHZSS&X>x!lD1fT7jFRqJPO zOg$VJIkD%UCxWLoCM8l_aa2es-*<0c#fegTuZBa}lc&%1=9Mlym}4P$E|gR|h_4Qi zpf_gbb)+0VE~y+&7N6=LN<~n!DB^zf^=AYGMgU;oW7y(j8pw30fLh{~{9J9! zPq$>aCe*y%zR~VsK>zcIOEXR3n^g+0&7Y3w_dS1i@obc3L(;79ZF6~O-s+n%*xKmiW7~AK^GPk7w5}y4p&rG9ji`>D?M6Q-*7a)yr%hdOL}yE zh0-4xQEx-)%u=HC6;2M=$qo#-EX z`t14G;|T|$wbS4mP(kv;cOMkqE&%tc^EXCwsN5db=Xy4XH;27LkKH2M{81QkoArPwEw8W36F&}k0gdXlK1JBl4aSfJ` z)x$d^Zm_L@UH2XVJ|aT%3_xPuEnP#xMP?kSX3nS}6Xy5MMy<}6smxw6f0`Cfn%@|G zfIR;iFvPsr`w&lf*900`8PtpsypEZ1NWFJv;K)$0lGm|s>r5Asc0(Z=ge~6mEVrY2_fk^WG^_zEifX5~r0%+m^fTd-WV!-tFF8jMBD^9Y<w83%d*tU*n(hPHMC+_t7V@Yq%R&~NIS?-Ae!bq#SPF{U{j(bu~$x{xgmS@EP z?ade6DyTPTUP-XL(y>E)CYoE(51;cHVtKT&OR`x_<>t}nD;grIPEB zRrfHm85sfRo*pWAapXnrhgU~(4$M?q%ILM-ZO2btmEfo%lr`cIXQ7JugO{<EcK+N_eSw9)ge;cb?R@#NGOJ~V}st&~+&xGIouyh7~Gx}Ke(M&!eW~p+ZL%gt?#agMzb!A-B?X48>x1+6dWqV6SeUko{qaq&+pxGebVKrl@kV^ z`261Z$?EkwV8*p|&kfF{b3ZJJ_X4xh3_YQy7a+NbH*5S@%+1mnIHrivhABORddGm1 zjZ1NCb=br91cs*z_vTqDjKXEFqEiY;$Ge~&#q&N#;I}QUx#xJ}kw}9Wm*7w}orRH} zU7ju-0FrBX+>3$sZFaHqXwsT1mO;Qoncp&+qW3>fhKbX-n7SK{JT%Yb@2*P5g|bX= ze%v6M9T#;qp$&N&K(S&CzL!1?Xnwoo3pOQppv{4nek>CqUqgwXhQo1{-pE9U4)nAv zhfrFI$WZD)X<5N=Q~qFP&I4(Ds}{^HIBNyNfG@$c8XK4Hb?kf5U~7f8x~-;%AMJYh zfWhXXqe|0_ePveFqI7qDSk$NWRy@d+V!Mv0zyw{37GB7L?kYB{0XMgWXB*BFV$+Yn zG11|}DB_03G37XKj0krObz{6r>$&%qy;A_ui(QTN zdTe2ov8~`#XsxlP;+Bf5ofT>mwFb`>EQ>#kBj_!)4lR#u+pdlhHlG0a4SKJbHcg&U z%c^JX&(f%mlV3G5QJP82eX{_~9*g&5Cg&?X5Ix;=#ZaXCLcCJfMYVMPbE1m+ zxUFH9rxS!mHy^7*oEVDG+Wy_WI*0d3HLGg-8$vV_oqxdDMH?s6dUx7EO|j`Wak)F= zmFN6}PTabqb!O+qZ=Ha1;9N&l;S%>NdY zscLKMnw@=geQL3$rn#Wt*wobYci(-Nn3%7qxXs+$x2NZ-v9U>Ta2%bk>f+*`ab$dP z@zvwU&)oyMkVv(`p-E9uu{UqtZP?n{+VYkd-lWgPpbq&y1mD+oNX#Ei7}Zq!XhZ6oz-Ow1U0GgTZd_dX^yWXtp3)* z#<&^R4U{uTYoc?6IL8&S-$UG4JPwzZM#O|4&due=ChbT{*-6}nDoDm`$HKM~@j1zX z86cnFk>=BuJno=4jE%&>{i(PFVp2B-e>5#Lqn-gnp-!QP`O)jgh9}Y2P}HH}Q|kns z$zW#NNnYS|m%$PGThr3otQzBDz4Z>^l+$k4i%qgO z&oEjW?wl8r_9|Tqbl$nd2Hh6RzJ*^cB{yAEQpom0qm}nQP|82UutFgS+Zez&r}Zq< zz5GW!Gn!2Zm2(iH@xxFf6$_R$hhSgZMnM;?fWoi@OE);@)H5ESX5Fyyo6E?^g1BzoX<% z1>Lq)X6I`T;@o~T6Wv}`C9t$hO!RseQd(kunz9JScUXL|U>_!b=-GS6OhIRuZB8^E zzY`!pE6sx4gZv4Sft~M4BnD_pkol+Goyp@w*={go-wkK~bCum}gu+fH4<|*~%K+(C zRW;*sAGx&%iHi!WAnQ!=i;-UkEsk3Vnlhn63iC43U)o) z=46ZuLx*@;kORW(Tmcr`pkjWbxM-6wZ2lPy>NfR(2JmOT7?yDqF@D2205D5AKH{{h zj#?4M;^TsyJnu`8Ca2agIqFDEnK`YwAL5nQbIzm>P^9w7mdO8?jBUV%j%*BaYy%jts z{_aR+nOT9^2}|^zy~Ba;uPPWD@wwgfZ*F^6Fb&Jr{*J784aMMg-qJjgacxY=fjivp zkK+RRh&Iqilu1!@6rQhsa-5w>7&8di(9Hy2mcQFxw4lhid2|(4!k{DM8Obo)1rd}+q|urizM}* zXYgH$8Q*qdgQN5COUi!7v96(mx}GNs>guF#+S|JLOmOZM$AQ2Yn%hkQ59mLYYz=WH z<5=3>$N`@H>fGiRF%={4Oo6K>L?=;PQBbcz-$3N%9yObEfJH%m%+XxKT}E#^GA!VwawGzmtMj= zNKcr`9|Rn>|kaWD4v?0Rj?xKoKJY}nnMj}ZKd?n(bO8eF->YdNRrRJqXRaOzE<#i z?j6j|=JkUw2+i3@0p8N84KP{Vo&5}iViSjG%J!)!;38=GHh{!?!c;D zdj=%R5i>$~Iz!4pf!!hiH9|`*!^bDzXRDmui0hRvhBuWquVnGw%pXf;k1$qOY&cT? zo~c;(fsw`7mL;L3Xef5$*7a^q*EFM6IZ!%R;v9g-O{WGvHoHp--`KxSbII2w>7_vj zWfC4zb$NqJ#1z@#tZ0@#8^i&(HW?{qrqG$%h_>1kr8k4<&07VDEba!S834sclYB6H zgrSxRBTz-IJFRPQuVd14_tc&=LdLSwUaeWJu}S=~?~z5V@Utu5_#Z$0KxWEEvjli)Zf_T1oOs9R z)zg~zovU_BG~K?T=YP;ey20`2=xr%NL*V|~&o6nj4#`h1Ms=9nmk7C1&UBj#d@IaF z(daWU-gjL15En^f%uJ}=;8Hd$#!O62(+J$1Jz39Bl3FdFSL8ordZ(p?rV7uy*STB-w!hAPf#}Hmg{ck zfSC#mb1$F7)S3Lm>DcB{?AS##jjOIl2h2n(&lGMzfdux3*SuovSp)nONcw;VR}S}= zPA32>f+!|hKN#!miWq*x>I)U#e!h5JK5%sOe&yw{RGV8<`Z~QW4SNTlI(_%yI+yeY zZ}@d|@vo}IFR%Z9-vR7%`kxLJ`}$4(x7yeGFaPQt{cFGXlm3_axc=j~6`G7wyXp>D zBS}Zp00~|-R~USsp3n|OsnsHCI#juJDB-o@bUBQS5>?5JXXS77yv)b-A9PdiNe7Q7 z>^*nJTDVsuvxI|5Y)P6qzLjPk$~>%?m6ey zctl9y0!S4W+^B?Q0Fcei1f^q{5nSq|z!`>jX($Y*cfA{HK8 zY^YoO9!Z$LCAURX8G*f@kJqLY>7dX3*td#Z&oE556e`T%W>(ajJzv6vKB!qN)P@JG zv$R%V*y{S<<@4H>F|)f5;7jKZ-xu;|U=MKho?aWTtY|9U5BI}%##~H+p`ZeTb!{c* z#P*x2XN|w%fG*ESQO$c9g5!m9MnYF6Sc|VUgjGj9mu7O= z0iByjRI9;=mY^Nru9L&k&%Uj&!{*}28LQf4V_Fh6wTt=f@M`TY!QRICpfzLKxBfs< z`Tn&m>bjG7&MuFjm*xNfm0c$}_=+bti$@tVI#$9udHBOZOx`tvNEu(dx@klCcGv{@ z_PLZ;fxY`T4D7mIpYhfYr53mNqTT-N58s`U?6TUDS0@??Y^&b61d!?y#{91B`?iSJ zdF0hm27xWeMfdL0aMBZ_FWwG`HRxi%_-GkvzKcAZ=$M!vzBSOgHL>?@GUCQ7VC4X9 z%`Mkwv~4yP$M3`d!C62CBOOf`cC}h7$)y4UcG4@?2{5@?z}j^?h1O!9zjKL7R&vWU zAu$jZ@CQl)qABn07;^KTj6b*)2u$YWDRuP> zIzK~MHU6-Bu8WVctlouf8k;zw<@vHIvjgQhM;}Xz@Etwzc(+_FtKkigvYo)F+^%UK{Mc5NeEMVK-N^7w% zM@#3(!{UEjgAD=Q%pciaBzBR&B%aNWcHnNPGweF240xGk5}Xx|Z|@fd*0y-FfFRKw z0yTU#o#q5!LxboH{DjG5;C78bR84xb`-z77RqHppnYGGz+C|C*po_Q5UV4}5akFja z^d7u9r+D{@4Y4*7-|I7gFuROOiO^z!ypc^43VD`pp<8XmU<;w0&bOJO?~cM!?^C~J zxfr1RB(x>2Ynku+W~1i4?`4_@BJm+>EccOCHUJN7uOBK~QaZ|W`Qfbm3(Qv2gKz8W z=fzKFFjRYJO#_6og_=#|xo2l*{qOJv%%*8Jc|}?{SPPwZQej_Qy9n#++>|TuveXuQ(_wNO_iq|!wMBl%y zU1X>aT?LNkkhkbbB>Wh~uf$7nw-hUct_Pv2hgv z!)5327n@+E-aE7#Tn)qo0^%aT-F{kK zfMCATde<9AJe1Tqo{m>Gm*2E>*eq4J%S6Vz0GopI$y#w>Dans6AbQ`AX%rV!*&n#E za=XHS_KIB(O>u9UEP2T8alIxR@vnsjvTwMezs=b|w(L)}3YZm9^SSRcTrvkGU=8T)3zxr*07>Nx^K{`0?HZ#s<_dQUXvNI&06L~Y#DIkJ{Dqp;?tD=JrY2XLgySM6x$Cg30N%?GDjkV5?u}gL-7kYIO8R@1uizyWa6JgZZqX<3ed}8~@nPSOA8MPz zZq0wIXe)%%_Usa9l+Cn(ZD^`8Z+i@@c-29B;iVuH&i=-2PwJpulQOAkT3WJ_BMK@h z39h)K{6;g`R+Vc%3yv2b!T>(PEpg0tQZIdX?n>w|rh|*_oSN{X4#lLSSSjoY$*h_i zeY%E)u{I4GuLA=-!0?Bg;juDUoM}1p`1##Vle0Z>0iLUq>s=oau&C;nsp)${MRd*8 ziqZGZP_At)fMLe)sLhZ3wk4y(>7_?c4R?#euTAhwp^~x~m+O5pH&q%2VEfNayzzN? zvth#Y0smu-=laPZh*hqI=Lhzm+EgdKi{hcTehw@?_&spb( z-s;@p8pl09#+~Jm!aE)gY}kzv9egjD!R?Ohw$!bb3-PZaifGWz3J<1IEL$fwRVn*(46`2HvtO-8c_-YjK zhoMcyqBbbmZfk;@X|D2a3hJ0^-?Qx6&ByKe!i~QQ>%S(a{>L5tCG>yDa>7@L^KO@b z0QX>LsP>z42s8oU?Y=w(@EQHDrn=^L>wh#=zpnrOw>(SB`u`F55B(2?=nw4QUszCZ z=l1Oj=g+@=`}TNkZCq^ZqeqWAJ3CWTQU(VH7Z(?y8G#>v{E>a|;3xY3<2fMx|Htcp zmLvPW>;Ly38964pI0EXJmDje9897BEZZhy_1_dLJh&2JZG9NQ?oT96mZn4=gUdPCI zC?m%J5idzuJT)k?1Bsa#+u;951co6XyyUVwqc`F( z!x07Flpw1lkltYFLxuiqro}qHE6?xAV|OC$s@VLavEST^twY`2BhT&E z?Sv1iay=Lz(z8oZpw~u51K96NddNS|w%RI80ZyfCc`{VC9%T4OGVr&x!a=j%$;-jJ zP89}i_<(2cVXkT5leXh>+0i{*_#5T3Br973FL3bWep<{4Efk7gia0I>MB-4csC{gU zCtB2%FQ44JeH3_%m)$Y^omFe@W9*bH$x{3}OG8nHp0_6Ok`JL;VngauxUx%_Sn!;S z8v0;#ooc>E#(3p4f@Gj30f)!h+>LL&jTR2>+jDx@P(bv}Fjz-=L;at@8yN{{H3Uz0*6X>c9Vtrxwe;nMERH82__MIK8Kd4TvP zV*_>vny+b0A5UX@qBKRWbQGte=q^>=hAu0TF)Rg)EQc6bw-kp&S@(Gl>+4YKmg;pU zOUk0$J3=JPIxCRlxjUYk^$5$7%Qm{~HeTZ{ zA{}{4-}mt0Ehh6?gdXk3BQQ(RT`u@(mDAfZB*5{^LMKCS)0`kQMp|(M$(ww^0RAkF zPZ3a_eX=+ZpOJX=0$L8yP$4z;>>EC4~IgVJ^ z9X49!-At@tz`J{ia+a+qLhl=jreBu5=46iT(P%jQ-5bg(od!LcSx;_)N(7cz*5sYPO`K4huhcc~uQ!7Nn?FBOF>6}c`IQI?7@OR*tKv93!YzHf)>-{!|E7GmueVkrwDu?zO~P_FS@d;45f&RkXOT#Ce8i1}OyX3jNd z&bnxNsAsypWx7grI@WhO)_OWpV%pVk+7&ZxUNt#AIXOKvSyVKclQJ1;JsD{}=^HZX zYdvY0Gc-9gRG%|c6*-h6F%%g&6lp)?Yd>U988TNLGK}mQ>ggG3@2Riq2{G@nckQt^ z?@>tUQLyiUlB0Xt+fzc?QzY7BUE4#<+kLIuU3J^-?c41Q+wE1`4OLs(TUuJ`TXG^> zLhM_74O^@gTFmWR%q3cMbz4*=S^%KFeW<>rs=lhIJ}0t1Hl#k*w>}d3CsFUJTW_se zZzxf3NU2w#)Ke6ogQ{{;szU6me66co4XY^TRTN4U1ycn8MJ+u=RrN(xMMZ`RMG6u{ z7$B#pD(B;tk`o)56XKiWYn|gOoMUa6l9Q5Rt(rnnjZKM-^>vMPHILO*h>VSl^bLu$ zr$kyCMk-(;DVRtA6A~E`VyNI7S>!8>@x@S}bwIAZzOK3wt`Zb`XfvePt4i3b3R^1( zTLXZ3Y`ZzM>0-=Ph0Q4nhQ2w55)@rsT~$>DRbh-O04P{TDnJ_s19e%&DA)tS(Dcmz zj7?$*Z(zK|&_vhFT2+M(n|=;JuUMLFvoSKTGEq~Z!$IipfJ86C9NJO(_&0q72f!== znOITNrqYg>kICA-O=VpP6e;tf|47#Mx!rrR;z~Mp3vz{-T3&CaBr;7y$Zw|4hVBv# zb%s1PSg0iRIOT!6r*yWHWgDOQ;x_3c`ukV*^qsD?;dI68o1CTItSwdKoZ;(jX4)RM zbF>uObf)5jnRUO&1@mn)6ZO3p!Z|Ch_j8#p6Ho4JQvHAIy#-WT?bh$RVk87YSR)I7_xY8^2Uiv6rUvIOAnjV{%OgG6o{pSZ>kgDZJ_ier%dO>RSz+CG6 z*U43yXHlCEBjZ>4<7u_G%-N0fY|9+8L*I$5=zCAAh@;{jUL=?Vx-zO&#(@_L)}3B$ zn=(XXolY|NF@R}lL#BSc+_4gv$*YJJHO$=%D>mq5_S1jWYnk!mYr<00;C_--B0FhV zjYy=-1^=>7|cy;aMdmQ)g)ixau9BQuG z51u^X{q*q5(n0H^^AAm*hJI$xetHbR`Fwl+AoV;MLF`)kjuJ~8`t}punJyA%_r&}{17^O6C_sOgX4G2dlL-tf;ZiTcgU`XF8>htpI*W zWROHJ@cIj;M=h^_6^7*X;1I3vv(9Fhzgi6?*%%2IgVc6}=Tsa#f?j@|VTs+6-<}KY zcIKrDCevS#>mSOlF7De9qImjkyCmed{|Ec(fi^n1>#gF?n>&AZ%*jueh8$@gC=YJ) zex4Wo6#St1?0Dcilg4b>&*-1iBBmMQt1&c}5woMa-VvwES|yJdl$FZPmgXS9*H6#2 zh~(#ec`u_rjrIQOIc?a!+Z*wE!PVJm&Dy3$K#lNobb%>rD8kPEetJ@rtxvU|2y+tGdBD?xgsh)x(TNvSE| zRo_$sw#yfvyQuM(6ai6ULpz$LNA4u>;_3PdM2J6Pyu`G}-~Khv+wHRcJ2$zNC9^V+6 zkMCq~njif(6)260bDS;ae_(#uXEAf;NmOd}-Vm-MU9L|Wm@^`HB&GXg`<55%QQaED zvffXx_LShx+sb)WIwSm_;}jf=lUL?FKN==G=G0-l3K3tT+G9KC zD%Ly+W|Tuovc#3E2@H(;kNfqrT_S1)*wyALe_-<6lsQ)C)sY`xTNz zJ<4CGPGPZ|j&g%iga<mmKx)*D&Z+4D}Qc{>wEi zbrq@FW-DlkxJICqkcJ*h1k)igD~44F%+=Qu2QN;}=n zYpN~rAcgU#FD;LZ`%-U|gF4=5qwTuS-d0_!sMmY)nZ>E<&DGlMX z2%o0Ur52PVdwu3hAoMpSMN7Jx30(LetWKp+L8yOA>6)6hM%pz!A-%tl%VT``T**f7 zx?+aCd1A)marifS4~OyJ3n8}>3?Y}svQ{;xSq#3mR=C1pP6PhoFJNu{iI;}fx|L=u z+w^6D9f?d)UrwJSI0f$6(RmS*r+D&F#S-z<*H0Soagn}7@^BT2rI~Y6za`>Xe6)v5 zzE+krlRShDVB?Wt6}gon`X)XtRrzcxGqQJo8O5k5*OjE-152d!;l22N8wVJw7U94N zi>c1f*;lmqJ$t5W@xu=b47jufS+=Qs-TGJ(nWJg#Id#27=P<%#DOtQZ70(HEa-hk3 z6=huRJD4eSqbncnwy;J`jy7IPDC-G1w{V;BN<&q9%o?Epl{3Nn9K*Fsazev2DvCmy z@9e5Z##XhWGk4hBupbJoSn4*^Bd4aHmekge)4MiJxrP^{a~dK`0+W$+C69u|q?zxuA%it}lNDag zaQCQoY;wa$UK$DwXFx|`Q&Ff7ZD0akBE7i*4I=&$Pk&_|`Gp-N9&^vpt#MNniwK$a zRzosN#Lx(TuY-P-qh_(crht-jnFV(xICaf!SZmaIPwBV7{=Q%t#v0%6$srD&>AEc zP$sUFd>UJ5GF85Qyy0@a>|w9ZfYJ@O7q4QyXBO(djmogq=jO|ZdG@)|V?52+s=q!i zM_!1nc)X}vS2VPiTJa%?KYDI599;o&qPN`;@*jQjn#!4?w`hjen^@q{7xT6TKAz+o zHg#0Nds&_DHmLD#n(dzMUzCjR-4?4I3M7#c-oL36`0G|karD81^><%tTNAu~+7X|o zdu4W@_`TfNDIxi7X)5HxR5!3=BBY;5Ch)(s3cU1G6t(&#$o7DIJ(tP8 zuw;r;C`&MD+$fs}MvxRr(?`1j#mJ&4uL*}}5tft}j0h755Iv}v*OWGE;nlBl&sZ7z zu6xcR@$M@3YPM9@EN`IkwE^FV=;oNr14YKgE?oun>EekWLbO)@9s;o z?^BTgpHm#GEGN+wI7r`TfPBl*RJMWakz8jQ|4M~u=h&s*Q9Vb=+JhirhlRN-tJ%}Nt$Yzm)20ohuP{hA0ko|zV)RzO zq+~g_)zl&yS>!*{iDjx%IN`YYV2w!?#b29Ub($=eXO_BE14FNk*F2fy?!7N=Tuow& zHgy+#Ww9{YNPDQn-+?qzkJBf~LaK0{p_ke<=Sjj>l&)`NCiPf+>nMEM?94`HkU??~ zivY6mCc^0OYwQ)#RuJ@Qn(K@?yNsVnoZ9MP|w>!Bw-TyLEh4@gs~RJ z>fNApEDYYeW_F@1$Y+Nak3^vSrl5kj5rUhvSGvVxE+ccRSj8GJ?LZ$irsRas8i=L5 zryd_fF-#TUzcnpq9Ulu{#tV7cQyU0Yi@e^lxCV^WWpY7UCk9-wvQ?B7z_{6BTczaI z0P*m=L}jf0jxCD|OjZ&gL^FDcGoV3>Lva+vS7UB9T1N6qSpTu5H*?=MDzQz7z|xn) z_Ti{c>4z@3=gBSk+3OV>m%`hLJx-fbc9xrhn?C65VqKKk@Bmpw3JYGz3`~^H!RptSEVxn$eXeGusMQl`@Bk=YRLjZLs0SgF~b1q$KfRD(ycO*BrF)e zaEm7`gtQw~%F;HRsh2yL#)^vB%EUpL1PXzGP=xs#wt?(_yKeWlxY@wsyMSnf}{X(k3 zYHFdtv8XpPf;?>2B`iNAYPA>VOa-;31ie`{!khq}lSYL4);h2l_|`3P!8_^;;6%9H zx5PW2cO{IlmVeX*eOwCi0th?-xo{jj0%cM>i4(6kiP=&CQ^zbj#Z;MET)Rq2!9wK4 z;OyrSBL#Q9hTPGlm27l2v3qY8xx`|NgRPM%`uNf33R;~9$J&INkh%tF8(R=!L9|=C zit4uXDj>Q{!1d%73zM*4 z!7P6sU1 z))#RXAncG#?L0?#oxoEHQ{|};*Kq*E7Lca_DM`ePN?O2aK$M|Ch9n@1GD7b{SoS~~ zk||7rASPdEiYa~`3XKdgX{5cy{2XfE26Mxven7ypU)c@xWt3idRrCRQH4w%Ys!;*+ z^}T!U3dNknBG3RxAEe+E_kG;$WEaBBB}u#hIiZpCph9r%vY4U?oKC;0mz9ir69x%1p$1sx%wfhg2~550D&OjXKTVJY50XRodN}@UJBk}>orN) za%UWclA9A~V6&7pat*Oej77QF_5_klXeod!YJ*1r@KOMdL8l$(g587M*$VC~NJ?sO zrL*|vT+s%~YBNF$gVr2jJu9+0X0*5Ho&lB0wr5!d> z^)>GaNq206fQJE!g+hug0P349lS$|zD9Jfx@})NaK_JY_JdD8AXT1ZS?^~cz1m3H2 zA`eY4%rw7%;|J>?T!a7z4psypqbuV0ZO!j&X|4vsY*AYA`h+z_xt3VSq**c<7DPE5 zU|IwiRG5RgC0zjIOY^dd69jf4&b7!S0FYX(Aqd$b2)uM8%oQxvT!p|hlj)6<;caDJ zRAry*p#J?ZtSuy%OR`|qBqmd2H4q-nRetvs;iy|VV-aHiBKEq91*XC(KrlsP1x&E7 zJvnL8>WlbF9TpL48Jr0(+h<9r;HuWBV7!t@;nJ?108c^zxi+g509vAY2gL(sa5H)6 zOH}1sdA)}qxQ!sz7G8`+?AQ_J;dt(%s~D3B8aN|#@(3>S5CRse>RaXR#?`$Q$Y^~Z zp9KQ<%4*MT>fB5&ylaidzAi~c`SCluT137P`o3Eba@3c|H=L;aL@sog+DnMuSAp;~ zSM7i+6kL~J&W*tH)X%+&S(tMBm1tfkNIco-OYDcNGx;Isl}TS$N!W@ti)>87FTj%Y zVe-pHl4z))U}LofZ02iCZBj~pH_;PY;&jdXcX?bMI3gN>x|X&2^ciH)k9g}$Nc9ZN zN)Qw>0oFn{)<`$vGp*dvaz$dqEgu^vZHe#F*EM3B{AP%rr8JGTHA$GkCV8M%ZP2SI zD&Yc1Qongpv(Y-!Dn?KedqR;PgnWi9ldyhA*RrPMCNb z4ALmH-MA)+-#T1sy0h-tJ**D-7}b||N_ZhgjxW#kZEMO<_ee4MqV|hTW}WUwN$!R( zT39WO%ccX-vk#`sbQy_yTGo42lShAZnQ*K=;5$m;Pfcrl-H(IZ9glAmd@@>}M5n4s zOJg?{_mfq1w$JzNO#F5EdC%2t$Gbr+DPEe!EiWFDPBKx=4SdB~Lkez@ml@}~MRV`5+FFa{Rw^k!3fYKABT2Np zEf#K8;`i>oDsvPw4^36vsGB3Jp-vuqzR?tRbtl!RM{GNdS-8$BU)j3oc0Nj1Y{%0y zmF6~y4-bFGvy#W zXzBCrE;i`=@TUth!D#VsU66;J3#z5CXHZy@Kd)}vsq%E z=TqO~KL$T2ym%e?dGxMaM31N*|G?&siGbSoz!HY(1@23maE$1ubgw;3$z5SerDt!> zo;A!?gdH@?lb(GG6}dg1k}p=k&gzkqvo=E>Gjvzy7^mS;F}=0aTM^dm8ugR;yMMkA z0f(0(OjH5l^g)JD_t=6-)@~CFZv{W$iA3;3C2|qmT*|GR~(g$W?8pxo1bbT}V2Al&3-(y{TAC_(h^);1L>zD~xom}X4{DGnvM=0l9Ptp8(Dvy`!3O;(V8R-vA=jY z*{Iw&o{zaw!3wwzTwn7Ima4ff@E~YX{u^IrV?_Bhy0C-vLz{m^H9J?Ty7=A78_^AK z9WGTv``kLtyn_OYXZ4plxoguraiz|@(~>Gu(k&$m;~di%gp}*rtz2E1S}l{QOW7|{ zcP&q~t60~awWeF1Wj#N%!w8#+YPNP-zJ=UoUaaj@$9*nQUT0pN+9&tu;m<2-UYGL| z7oK+O@{VqyGmwYB`@=}?)8obzSr$$RW*Jfy@2+}xzMZj>h=NbV+czT~LeO&qVttLd-T5K5 zWBi}Pd-cJ+p1eq`$K;pNsH zQ`0w~fWypwk-y*~2xQJjP#JA;oZ45oi1Sg}`L+a!xoy&jl_3!5pOwP@j1m5qw*Q6t zk3cssr`w)BE&KtNud-B>ZRo*I)SWmvb>O zMMXs=qM}9K-bF@6MRasU@$ucNs-KpZOWD}oKYm#4R zlt~~}Mj~-V_G*3-=6hMiEjA$kjE>GOsdl<1M!RUON)K`8yW(X7er(p=(=)+SHy<%x z>+NT9#jz)i&+AV1a*@EH1Te(AcQ67dyn%aj`|bM=1Vjf+@NeJG&*`>yV1Jx_5f}B{ z{bVIg^;$rCeZg~7k<`Qt3SAs7Ow=P}amKU{1N|WMrBVXMWeZ5jU{+~V*2fJi6T`Qr z<4m_khy8fqZG3s#9QaZ`LMzw$Z99T0AkE$Pmg-7RDz%d23N0QRQ);Ht!{8^`_!kCyd8*~8(s zqhfO8`kRfgK*Td@9$~_7m22d~O-^LAf4u6}*?bveQBW~>Xuk3?9?v{vT_Q#{#rw`~ zR3dJZTG4p3LQHP(uzclcH%+hd=knT*vg*xCV3^UqG)7K8KqXAhnv7l`M#yjzC*_xK z6-}8TdOd_Ln5)PQ#bH*Ogt8uCfX}PY?nGvczpKwAswIZ4!qDkUZI{v zVcPkM?=J;?1&$EkhmQTYCk3jdw*}i!WIUs{Ad94%!FCewD928W6Cp%mWC671)}T> z09~4=airVhkxiGx`>_+Vv+kD^`;g{}*JAdZsnQPlFn8p-==w@MHDw^FG?Y*9SrOnn zuuee#Y4S!Jy(Ax>(~W?`2Mre{wjEIJ4yl{X-s zc2kR5^a*X+>!!u;c=Qp0a#fEJJ%thPZC0qqLZ@a&LR+u8)!kQ)t1>R=KmzyWb(eMZ zJCUH5K_Vmk0BCkG5QvJvhg?z^(Y2a?V3w2x_N26kjXbas(JKq&7j7!l5u#O45D^d*&kk&)BM>2ZWQ_LV-k(mjitS5fsrA~HXeiC z7~#c!SDv?qKL@9qx*lSya{h=kC+f30pLkj4^?PTfv+Q#C=j~|T9?r8jr{`)lq=>CZ zagBTGOLZXqC|xv?SmT$W+RZ)VPl9dL^n}mZKw2BDw)lkt7M_#xhM*=KO2O8j^}LNj zvQ4NacG-@@Rs5CtLNx8mdq}-0Ng~nsxOPK&B7#B)N8zL!es#OpOcEg2Q4^VWU?tg= zxY1=j97Kn)z4oc+CebBUS8itv68Vs;Key7CRM?7WU-D#htnY5}Vzn*RLCD0zj@t^W%f=&Qz{<)hUqd0huaRik#qJUcxw` z;P-4JMXDN_i%zGv&_CAK&?1uit0!4B8#$91!D{;S&9{{tEt&+j9(}e`Mv8E&fjpf% z^~(&wOhW3vhI$0rrDpRoz92E}lC%6w?Wt6f)k=lvxchck$5e$vs1g@IuiW)K2a$+;_;ZF&NOtCSG{Lmh9m<0Lo_EP^vPVx zz4mGlcY})O5ARD${J=P~*vTLOy&Jj4r(k|Q-o#hy=g`Wg&$m5VsX9ZEFPZxu!)U5S zEIH}HO2i!^Z@zdMV{1sh^@{a&GF47#UX%u_4x2VJAR^^95J^Uv+x_qpXo z7M}GV-R~K`TscIX`GRJ@h>Ld!AEe^hC3l2_y5~H31KEgXmM!ekfpf-inE|qmXxu;) zj52jReHoek(pC?aB$XJ zun5p;uy+6A4KA5Muy5SQw+%BXQfi0CP4|SQ4LodGBTAGQrL~R4!vM!kuo= zSI%>fooe#XVFB6>CxPAJIj>si>F|3#LeUE014SSIW?=>$FW`xeT&r1u!k*&oEFej@ zOS+1prDiD<6Nd4#Z(*|LEQkwTEL0U8r_OZKjzut(nRF?T=zKI>hAbXvi&d$~f%WSw zUS*4S!&(0+2mi%{S1^$2;J*i<@)cZTq0WKp*e_I3@hwb29&Y)&K5y;2$vl{|)}T zkobR+|0ynX_5Bz8?>?LVfd>Ct|G~q_`|q~4bM$ii`+NM|=KobU{&oIO0g?q?$^V)E zp@2NqH(OtSC0nC&nyyL!(^}>e z1a~-fEZ=RJ7L?PyZc}Ig0#O;IBm+PjRzaj_j@-KVcw-}w<3{uNs$R*cTy(RH6)v5U z)?Zpd9jl0D=K-9HQq*qsJG;5lqD26JiiWO8L}X&=J*8<@EbK-(3bpar)ydPs8qcBYPDgm{uEMJ%a1^|pj#f&uo zy@oKrZ6wtorO|M|u249CFt4$ZF(-ZK;rPU0qc9uylRRN5IyIqI@dZQv2L4y7u(_c( zn~Zd8BZ-?Ic6S+>P;5-%L&6v)9@LJiR4XIfTis6p+ZF(5mL}Jrp8$zu?4(>*B8W-Q5OSf z-m3OoZfsi|bzJV{$lBn4Z|9PYm-4KOGkUy5xk+FJ0~{a2+vEgOg|)ZerUq+f96; z<5a$E57Tsy-&jIMX&3KpOfgZi&oCjlihCrMl+^K&d8aNwv?^+{Aehqb>-9KjhMy^tzP{j6g-6&G zho&T^SG{MvePO(Q)d6oDcJQbBq|AYfzYgI#* z>WLe;Xu_Ho7z^8`T_7ZPqU%gkG}}VBD3krAc`IK_H7XPaIsQl?`{OrH90^QxwHD>G zcD_&PH{YOK)@XypOF-()kc2d)?z9ElEM#Mq+>~wCD0@WdD%-;N%r9qJ)&bkr!cx*K zPpZ$-Quktm-iQGjcbtRtcytXgklx3XwpTGeX3v>E-HorUWY^Y(G~tI#WT&-dOS6X^ zhN7uAnpMWPuJxc$Ux|>M`O$22*#_0fC)$x5}hIQu23h+WetUg|QJXg5+ zZC3stnuI&*sG1th3N^|lg-mXvGO)6V&%0GzQSE9QNpn(C=R*ZjG69Z+lr@_bCpGI7 z%2d*@JmTD7nh^4MXRtV#)XJm!N7z&z(MsTj`ikHxssL28Uft#CaquZ@Dq1IQzicV8a74|ZFr)zY; z^IRnK^@N8yzNr7$P&#z=E}{u?53~RuNqZ{5W5%LbJ5|%pxphtDN6vE@X74f@qP7&GluD>=%s>ni-;nmw@?mZbYeizK#R6q z9u5FuGgZ&uB1~h1!peLRU|B^TTb3v6nWyH?d^(_TN!r^D%IP)gTH3-Vb#I<73g*5Y zEi9~1KQ-2u@9fCt6eVltE7plqw#Xqrk(^Q`Sa4Bqb7JGAYtkRd%=k4$X|5^-_F9D5 zx-SxNea{gVu~#rIEVU)~G0#E>2;c3-7999CsM%55*=IVw6Tg=fr@_RMJ+3{ zL^>NJx00M&Jy4?wh%G)AX3cmqS?EMrrS{h*TW~#aGM&ki(G)XU-wWfntuK?t zw0%8J8VY7ph)z7e$}1ok9_zCq-urpK@Pc*d%o+g|IHAfFw&S2A(DD>&9{izgHuj>( zH-TT4miP{g?}?V57i%ekltxd+k`U>j$+tuIxb6u)SxDbR+o7^va-z@aG{Cuo8o_DD zt0KUim2S1d&IzB^@D|Rrd`mBbq$4X#1_yq;#l}IgGV`gjqp&yfy>Q9JoU3kU@$%dU z@xhCyz8RgRyV|?b>lgE(^PT12=XT|PULX|yl9LB>{Et`pQvDTP`qV7j{Ao|$rmxnOYiIpakVN#ePwQ`SF@Dj3u7A18CxkfN z@l}#kQ`4l?H_$e8(vx9j1(}*taqv+&)YYZBdEkBG9<;T01h%xarzMd&4^!g7srWc#IO|`}HFkGi6@Cfn4)1k&e=std7MMM$t~pch zM!c{9lEv@{3i7y0(oWz3Iv=|Y73}1EK~+LV+=U;zT4{B{p}xFd`A>NNIogwaL2bGL0#~ZeuEdi`i;0sqsL)>+VC%d{w-Z zUzGv`dX1?@c^DE;Kq6uzy~WuHj`5TkI@P|9ZJDo**x>&$(OJ*f|0(UGS6r`;jf~#D znA>a&Pa=#JLHw}tc@x2PZVLn^1`H#l5Y~aB*;(!P=V3d#T^eM36raStCeEv9Fz|%$>qAO@-nNh)8pCG?*+iJ z02gsJP@zf!IuMdyTI&Lu7UQ0X*PFYkkAo4+G?+(0Ua@_NhP>ZkePnMJ&V{ zCox3K`oqJ)l;T?zMB9Y6rcjm*{Yy2Ey%D?xb16h$Cc zt}Pz&v>l6ykzJAAa$>b*Q^dOrxe^pGYZny@S|v~ug^6XlPKGd_jIiemd^v5fsSG~Q zWU8kBnj;^=fEi@5^d|TUSk;>LzFo&WJs#uITQq>X1qP)3$ z#JQYDjAc81{EX{6WI}w`<#&!IXiWpPSX^j-j)GgrCB}#+8@7(kV5776N3z7WR~1dZ z6)3hS%wrU}Rc#WlvJ9MEd=1}an(p&mdnVM*s5Ta4Ur*$C7>ItG`7S=5r$OdyO3(_h zhCLc0^1(ftS>FJ-e@UR72`R&xvSJxK004aB2Un#tAKe=!P10~Bgn(D(W{4KGEy>ECw15e-c z!w@wX{K6Yl?vJoC1L}uH-c~p0b&-4)cmg7kI0Kp ze71>3;NCbOhm2dDx05Pxqd;7?n-I&-i^@8DS1L!+0A@wSvb>>|5FsX2LTj&teN-x6 zH(wxStAgcm0g2MkdD2KF){PI?5p6pyOZs=Kbh(Ax1ZIbEu6!)Ux)q8@G>-BqsO0yC z8m8d%63YQ*)fXS<7@I?3p%w@%WT}usG>ME1ono5@uE%jk`;q#$z3$yZi!Scjr#NBD zz4!`6MI@(l1O($o_zIt-iKUa&dn$ccnxa1=!$t`Q;^5^u>FrY<(qaxHWjijAA95~4 zqlADsu20oFRKZ+@!6A%t>!z}#aO?|rCZ=32ekBIO92j(%PQD1?&0|~i5vy|}#YB_x z{#ogs_U?N{V{Lc?MsEOf9T^zU3)V?Y{7z&kz=*{GI94K$>ll_1Tb(`%3>@ALRX}U6QqKQztnKasR?o3&)%=Fb-u(T zG5^K|)&WJw9-#07!XMmo(id(-@j`R73kz69x<-W;yh_{)n(MiA zCvK* zO6frYUeCY>R-6nQGiysdUr8opK`?oML~gOk2HKIgycaaUZ>2yqaF)~B;m12lFTp>F zNwb_=U?Fa4b8+cI!3O9pkmq)WD0=`>+mu2e$E67URUenuX9m+BZm3nb^r7oXtvo$@ zM_@!e{@(Cl?Z;X{3w08|78!1Kshu=9>?K>^c{1$Yl3U+|*en%w8pwgCfG#gRJC2jj zj@(-pUhajm9LFSUt-uD)?@m!wv9moSLawhoIYLmN zbsM&seio82lAaN6go!ZCbOp(?AIc@mSW)wyPY8S)7k{#lH~@YB#B7N)D%^RS@$!6D zp430ncxn{Ao#NpHImG7wdcm=Yobk0eX+s92q&r>At6y-i6{XTI*YA$nl8PowFgTtk zoX2AgMSNoicXrMwDSZ%%J$HU@Q`1O1O$mvei{$XbI3)MM8sA$bw$+RCUE&M@=BqU>&uPLNQ zqrT>J>L0k9mON*j`o!I623P({Le?Ck{~#uYtZ}VYOzcFxU=w#3+-tl_E-40U1FZJ? z2J)jxCa~ZW0BSb4^!sIEZah7Kx8Y(x+S zxxOd3CR0kwV5UGhLL7Dz25i=FMh$R2n{k%iiXpcGf%@jf;1#NgaWUd}6+USC>rSQz zri&!Dcl)H$tiR3N0FDZuMXm{b^11WF@^~S1IE>l$`+ViVQge8|OjYt@mNWbB9q*@GFLtV}ng56zd~z$BswH#i`1iLEdHf5Xo2L}K zJgeHi;M=~VY89YXjSyFtjO(o~r03F!H7ALi0dHNHpsSZ2GX?kZ=(w%fr__K(^P4EJ z;B8>^rF}Wd==E+?f)Z%UG$3IC0Hb8VnZC}M92z6I%WGz#+}n~bREVe*K`aYM5=mF^mPC%KzoO(Epj#lGG9O?T6o7?0VuAd9a%IS6+#YUv`tYU zJZD6w8a&D*qPAWAy^~EeM}QTT0dS(A%?e~;6j%`OstL>~Oo;rIj5Z$6(}(|*7%Z@d z*P^ixT#hs+lP$}MTH(}g7Dl!#>v=my$<t6OO(|yCA@D09>~mwyWY#Uzd21>F=$K zA$sC-ts+)d@{T!~Jva#>Xo}0BG}q3KxD0B;Fr)c%*$k2p@oBWtD0Y5^calmDp(E;W z=lAhT#zFga(Yd?HM@x8q+7toFloP6uD$|gQf)o%dBk8bD$es^K_>MCRkP>r4_CyW3 zKpkWoH)sZ*m(=MGfZqihO!RT5a>Xl+sUSrRfHuJ*yc~_PdG>esPyv1=)RUwweS<3n z?h7PvFf`LfjgIh`>PPJ&NT_gBE_T!`)IhyB^0ykmb;2y;gkjLX`>md}NHRUxRuUlv zC#+|`lr%O_&xB74ZcAj^^(u>;-Q7!s`}?Moal4b~XSsxCRVRhqE4Wrx5IaE0zzxsl zPsmVW4f(|ZQ0apKLyQaxb{Q;~^Sv)q{DOrRqe!-plX9Npw@)8|wusA4PJM}aZU!eI z6gXJUz3oi35t>EKop-_xUN|8%^Gm!VmMs;UkuW3|hN@!0r|Lv)44>~&nJ+q> zKYuG-3ZA>DT;QL4_ffUN7MX18MRAlydW2vwUaByTF2%5@gmzzbp@KY9O1n9`=+}L^ zg|@tscAr0#!#hG@EBR?EP9FhB;n>bkkXHp{P zOr@7xG7tt(U{e}u{e0e8PWSuW-!lF29k9T`0zwiihf57jU>a>if^`;mB+KO8B7lpW zgtw_gJn;{3^iN{FFGJd_#r6x{nU{YEyS-Obp4eYb(N>b;mhs1=q6|CZOEu7QGW(yk zRB~4(Tcr4mfr|VEB3qp1wrvIOEj^>alp3;BkYf)*J3I<6H zl(8{_GHGx8xF;ic%`kwLsI5|b4e9-())-%*G*Iwrze3TRof&|W014W{q8d{5U2gS; z;Z27jO^hEaFH_uIS^Ht%lX-8?=+#W#o+xVQHG!#D)ZRX6Ff7*W-ogo)l7&%3Ba+~+ zESQupVj=|P!zltt?OTRu3+NE(yAxN~xh#&Lro)-m{K?iN_xq;d_iGTi%I{gHt67;B zs@Qjg)tSw-ZOt?9n~#w#@1Zu)wWfM_p&e4 zZWohCqMbn3E5uUDi5CFQ)bjnnws$yEEp8s#MdbdwHqoDL)HLnnCH2gj?PecU>BD&U zl3=ZH<ryEV z*PxlPm&2kxE&~l$l{DfMs7w~Sd`mibQg!QJCCi%hew=Z@z&a~byY+H3&9C=aq#Bwi zw0Tc-TQ_yyChCzp@aZ-~n)x;?E|kil2{lmi#$>(4yuAT~CSfIpu5q{7ulVTS`tcD1 z7DSEpO&y|5{SRmQ(kz=FuZ7>+(i7B#=A(?bW&xIk!AFDrx~WYuCW;^W2cAScY$AGi ziX5aWA@8>IFmxuqQ8BpoesJmM;P7mJnT-1zyr+4S?$q`6!RtfYgZ+;NAI?SGKb7!U zl!1C`QIYFET9$dtlKDuqiGT##7w^&6IuXDr)@Q0UG`ZeI($rs1^bqecv}AdIf3^=T z*neY;oKWrrd~)6AOT@_6l1FR2!$6uH1K)jm&tbxcgDiZbToFy|5BoViJLt6^|BDZS z4|EkN=mv-Y8{i6LbQLN1Yw=k1?Wz&ig!1c|ftq>Vu0>VV zzNRGQD!KVJ%{3);<&7=G06CHq+P{VwTWwo;$PbcVU zF;otP8p-!+eE?o3?~@k9%GPfmlQ(^ZAzY1+!Dr>s(*Fpg0Rtv7;Y zEKDTrtEh(Cj+l2jGFy8WiYQx5)q%JicA;)rke3)?B6AX7QFzeo^G7+@1qz3qJ@)BOOi5S(e+aqs zORSgQbxJDjElG_1!y#&dGH+o$68Ssiwz9+1{9AV@SG(V+u>(ChvET0JZUzv6S=SLf zxm%Z&iO?Dd+8F9v!(c`liKt2{xL#K49|FWB641UIg`Kf-Z4mo@U! zs|PcE`7l-tSDz^@k|IOzT2p^KHz;&J(I>kuU-&h#UMIWpLsY%_)Utl^cH?4QXYIao zfYii=yTQ#PO)>-YaH5-`la)qO)ws7QSH#puX^iq5JueC*Ot@X=6?SZ{lSjPQZ)0N5 zQa?!ThR!``9gIxLJ%0H42R9DEE{U@5+j)+G$wbwQ>*XDwO3mbvO=E&1KV|)Bo0Zc% z=EY#Qtb~ead;;Po7y}?+a&#iY)2Vq^w=;3BSUo^%LkCB>{I|m;W>0n*S?${SO%b|AziYP(u7q{hx%G zn6S98xR}Hh3s&T6N#vjUpMS&$@N(sH3qWbAYN!IBD^#H4)eX2j1jv+w96Z7R5b$S$ zkMh;3V}Mk_(Z}8ia2&o`1G-!X;s7Y*PrG`A5($O=P#8eYB1A!;z)A@>uoLzZp`u2_j40asW3up-r-oH*w_=sq#l)`;{byqc0tC6z z|NNybKn7tEB3FPK*ioGL#bi~EunJQy!Uz-%@oXZOYXI?|9U+5|0XG5cPl=7UjQ)I1 zRTGkxoCQqulgIkjPcg1y$A9q5GQQyr@!lE>4v~LN(`#>(98sIKOQx4-N9K^Tv4pKXwo3RbAa()m7cqJ?B^7oO2#qoe*TRXzNYVqE&dv zc{@>Qcd^r!^Toy0Fc%+RX>u$5fE|4REbblAuy}h=B0iDM(u=|LUOn=Bd*QryJ8=rp zHZuodv1KKTb&TpDG2fWd)|rwNdGNK=b?X@t-f+eEH-oMBT|*e&h9{rWE{HA2rC^D= zqapweV`6vp*t5or7xe6bdox&zO!1gFCXV@DnOgJ=%gIfGK^daZYG`Q#k{IKP5i>`I z*H05n^)MmealHuQ31}x30KKq1;+*&T(gaKxVgT1o=BTeF$$hSS%GdPaC>9MSr`*r$LwW^+(Z&urNbxZ;|^vSwZM`G?#)uC0Fdkb6OLpg}BCS@Y7Ip2|NYq$VB zmYbdi#raCHRR(dJ8{GYmC0{F&dz%cekdi?G8E>`@CIrC4gQZ(Y?gy$rC61(XO)7e+ z@$`6{a!1k`5J5WAv)LNKAIPu>+)&$E7O5^6rIeEnUuCr13I&~076d*C@XLC-9iiv< zS=RM$-K99AH$V6sM_H`B@-f%)^RD-zQMcY{RTM53PWCz7T8LY)(NMt5h;O>c)fqA> z*2hC)&~qSJ)e46*f;Qw=-8n`PEQ;9dczCJfxH9=ec8y2T@)OUj^HvW4XTKUFcbsxS zBHs%cIc{cgffKj&vlsN4X9EWO+q1%i|V+()!8b zmqf0g5&hiE>N2}CGObryyyI11oee2l>Udn-1Z$h|z(ODFWL1tDN8kc=Z|_U&=n6sV>WSH zSnu((X^%p`gLC4}9coYtRA8$_5pM#j(OyRu!XwID(L@N?k=kfV_ zSODbPQYAcZxNbc+RxZuk{S1@0y6UeP7TPSZCEXU}LqbDSbOZZHaFhy=>7m zHRQ`mp~+uSqZiiG)ktxDK;+g1XKJsX#&~!z$e>dhhimo?Uqa`HYn>^EH(`}fRVdm+RWWE{RTAbgcXcj_h@Q%Ig6VyStZ>g=1@Y|U3@mK6YpoMH(hT9J zz0*DzcCPCx4ooM+Px*MDxYanQq;0b=O7^dmN4KE-)J_5^kAIpJg?dtpN1T;LZ+;UM zus!buXNATywV@SudFQeHo};n0^uDnIz$tuqAA7Ypv^O-aVZk-O_3=ke^S2{Hipan& zMDDv+CIYXLgs2I&V#-&8MO#~vA};FJMvk$zkv-J0vz%kGLLp$$5iEnEw6-b4RvH{u zYi@bD954|7cJu>9t_|fK0xdx#F0#QU?~1tk@M^-L%9J#cWtUz1195Ym9_{uq_I*~^<#}3n3s3*o4;s2I&H$Fy@fST8U)?w^R!0uLZkRWzD&S@e zE7j^fGM98H&ZD8lEEI_dDR==%M`yn`-VF7BHqG1ensagPDA90ppg<^a((ISC#M#}} zvUmotEoX7nynFuxbt*xsaI&Kv?=rwmKgajOG`R~oNuZh3$NF9@M6hBK@B3aY_X0c4 zw~7K-^gFOe-mXN*`>O#|;S@t&nh}%Ac5bwxuc9Z1-1swfLW33Tm4gp>Q{6ct!a*RP zsSU%;w-XWxkqjeiK5npal0`4C7_ZM+lr$X+*M$Xd@hGwUi(IZ|y&sPnzEZ3Ue6e=R zd8N|;`;~_Uz`eqy`c8GK1XeE*wzp80zi3kblwUf43-It5j__@)`LaX!8PML_Bo%Do za*|?adoJ0LxGO^;GtOFtA`@A(xX4XI{UM~`1eVF1U51kLg{7-`w!e2Qbm4dLzIh^3 zS2YE!S1<3}fp&VN&;_Vs>dZ;5$L}t`ws+(r*Hj(JHjx%f#b^@oCCt;aPm=Y+?#f_R z*M+rRi~TG+LKyRk81ohIz9e7));F|DzLq*6>rOnCcJ8}hL~J@b9zgEu>u6yngf70w9Rv!4O1 zI5NqfYXl=}F_4IW(@*bVZ&df(vov51^)cb)JkXWt3#wDs=9KpZA)da&U(Qbe!_kqe1AxJ%=)(?ozGqozU~dh^>v7#T&M*u}hU-(-jK zlt_Aj$P>eYuW;gim*u+S&YcIt(T>4J_fmZ)x}3Lj!)VP%KJ){Ts#BvwFJALhrw+{N z3`3>(KvK}X^($10;k6Rs3(T$!6kGivHJg!a>_fPG&LyYBirUzY@$=fj{diApm$7-B zil^m3fde*-$b1~?5?M=yl^N~?BRc9$gFve|CX>JlI@D8xAy2XRC^^X#AwF0w0D5FK z0q~Uqnik5Z_pi%8oftD9biWfi&iTcW7IasS&5q#XgiV5fWvh#xkoO zXq*|N!^GIiUg&PST?&n((nILD+Y;pLI)jv{VmJsx?rFHvFgE~~Bahej8n?NR%tcrEmol6C}|uxl}{WvUTeeTG*GAR zX$iA1WQm;cpWvuey=QAyj!#fj9IrfnD_q6Z99% z&b^9V8z;v<*Fo#>H0S2SC+?t!g1tK5?z8=y2QGEAzQQc$+aEy#dQ8GMUO%32XMaq+ zDGIVvi*kGh^oo!rMSdYm4EK6UZ9HX8Dw_C_SpH#%`Dwpqv3%g$7CMi_W8Yd)`_9Hb zLXX$##YM~ei-pa_HTl=-0U{RO3m415G0N~(*Ux~S2EtF*k8J8U(yn=ZsQYbQfp>w` zPZunk_T-nJ&D`#Yl_yjjkI$HduX~h>p6WVZI&lfGY)Xk(2VJvk2kxlwJp;5KTLrfi zsS2I}%2A^M3=fLW0PMOzLy|xtNB4owXF%HCGhpkk50Lhxyq|G9@eEK{R{!es@h59eR; z|NhN)`kxo~ui!rrqbUgfL;a8V4>SN51{w|t6#}(9007YI001n+I1XOt4_xRM8UzdR zrUDCx2nYE`Mu3AuKt@4ALPkPD!T19Yg8ZPNW1ypYT%y12_*WCpgTHVgF@VBlF5KhfMB0|6S{>Fn~ z{{zs0j17T+e&I&2{}YdboJ-CorfPEOl7e9zQq(js_wgU0A^@`>UXppj*hs|iFPRU$yT0|*N> zEOkcZ-{`DX`F+TP-;r6pgaZqQL&+Z1zoV=g4u#?!1r6PhK?w=Cf{2<;L7z`Lbtd1R zKy^#QHBqzDsn#^TwYj~pja1H-A3CPwrliDxM{jN0cU3A}7n$j2AAx}#F?f+Nl#*-# ziZh_GR)3e{<+j&ELE8u9dQdUx@;B3kStuX2f&kQah{n?(>+$BB)F6dAU}HkEyL>%L># z4Nr9Rk9MdNox7bm2g#p3W#`@K8}vZuwSa9zkNFm95$8LiT!+QE7B9SO_cXzs*>^v1 zlMIHn6b`!)3|fN*u{h;=xlmrkG3ge5HtR^ySq|quGX7?=^f1H?8}Y4Q*z$aT#aSY{ z6MJX{;e@|en^EvikTSUSQbCyJ9-D8i@9GHj*2vAIWZQ}NZc{y4)Lidt)=CSDsU<1( zSfYjBrkAobO=eqYV6rO66gAr>vX{+HE$j#IeHbsV+JN6B&bHC6rB- zx$hk_LS9@C@7XrDK0kW*x&6#9TC~Fc{RsW)%LlvP&&uD@f5UPC7*JxMWJFLX047)r z5G)3R0iX;6W z|I0K5ZmIQH@3_t^MOV0hkmUSvJ3=BU;e&>%rpAc-PM|Fas(9N4XJjafZ7m|&%z3vx z z08QqI8;;+xFU@~9`?ct2I@6JC_(0b5NI9h+3BE7sd~!VX!i^4Tg09~nRQfEyPw@cI z2dn4O;fH7F*zJbZG|*oneki;{8AW=NU_=n1+0HN)ZIt1l5ADaf2J2BgA^!>baDA+1 zUWc`!`$c^vLvpT(s2VLJU_89Oo_L;zXZD=ELCOw?M*31m-o!;0FMBe3;x(+*`Oj%? z%$J7dE^BDJoi;BVCZtf7aMEuBVT{8&3Q?QQs0awM`R&8$mDv>hCIfMiP8|ByoGI`l zbVib~hnji>C!r4WeByW$<0j~E1RGp0_Z_agDzp?PkxGKm55Zj)KQU@dy!|I(@tV*g zLp*Dr#0x(buQ(D5y5Od6SO`1f!zu6*s{>gLHDK^fm)xRX@F-o-gw9S*u}wwaZ3l+^ z2;h1!I)D7~QHUpNKG1F9==Ugtd>lkD{^7~^mHxjXt^N9P{Ck&wF8|p$m{?gDIa(RH zIh&aMa_(SeWaePvWbfc==k9E8W&v^PVB`!r#M#Nsh>iWvoICuP{Kv-eU*bQrb8)e; z{Wbsh@4eIiytLo;|2hCNz!Cs({EnIC1$>$(>2MzH^KSUlip7uB%;#wi8&#aHOzOvV z_v>oMSvFh=F4X6F`Lovw6^KyJi<%Pz$g6Ei2mWf6k>G_Y`k6Ai=NW-7eXLrNn42%T zK00%lQ6er|GTl}QBw@i!o0DxfGkIgdeC>}*q(xH3ggGC0`A!t;?!Dgq2>a=X_VWj^ z<5bI40g4(Yk_r}NZzF<>e(T*h!KQesTz|5eO0hvLvZtdr+d8awV}jdl!m*Adkd{sV z(YpWSkMLKUAQZm-|77eRrFSu|KvF$R!!6Ja>PQ%E8WTuP%UO-EV=nPo7?RT1w_uOX zzXPpP|BxhfHgOdc1d9hb;A;^g5=sb~CkJpPizj-;=7JLg{IY>WKnqkLst^J`P{P_Xy(85)nx@Xsr^yUmhY7tbO0DIr~Ywq4@Oi%anQJD!2qVPz489LG zhJB6f9GREXe>5XO60F4bdc+hO8P6Z22!KaK!olPHN>cRoVzVobm%j)Q6@rJOHy%Cf z%a#b+;la~@`r_Ui42yGM+)oZ2w+BaXe>u><3WSG2=^zj>9E3;lTWGNQLfVUo0_)t8 z+`lb@b{~o<3Kewzt`N$<2X(a|r1FJ|C>lrjWhlZ3lV~A2)}=8pkav3Jxd6uQ;FvrB zztR}S7x{K<8x`Ph)gN)r1`3U1O{6I?gzzLKUeeiB{s!=S89>DZ(T< z<}p&Y++;Ao^nOEF#`|$Yz>CIjp=f%EV`W+25r6k4qIXMWrZQWI1yP*XSRF4kSXnYRff+xfGN}wx58e|X(GN$=vKkSPS6GQJ_ zEG9SC$}%u z19_zYV*$rkVB>+GnI(45SfU^52VnzF(K9rFqTH%ft1ZISFpQ@NR3rBZm zFIO9P3tAdM6Ogs5g{2VK+TGompM}N5+||Ot$=!n4*~H!2(#Fx;!j;*~$$`bf^Vdm^ zRxBDm&K5#u_BLjA)GDq{mNxbla*{%v9DF>~Y95Y|Bs&``CmRGjge2KGA-FEJjH{D} zGh~Z{jg?y3#KFei=hsoJY@E~@CRSP|_8t~)LTr#{hMA3{H;L)4L97XsOIclCj6{K|xE{JKJKW)pK~Dh_EjZXQ;4b}-1@#MR2eT?p)G z;RO~Jv~jQkxw)DNfn6aui<>jVQ=OBm8^>=2=RekL>}-%w_C}CWxs7;vy*b!^sW@Pe zwS|q9wL9d(L0&fI?$$!QydV>MNV!TDULY~$mmqFtRxn6hSxr((O$f{isfxu!n1)UO z^zXP)|Ch@6=i~qXpjZBd>-v-N&+)(Ne;g2}aDR>ef1zvt+lTz6|NW)^{iXl?rT_h< z|NW)^{iXl?w?C)%YT1_^7&&Dz|F|S{MWyYqoorB>SyKpGqC@k^uV9Uf2^FG z5C=K`X#c|wkqBA;lK=imSN_|xe#?I-0Ks4Jf9OT3A&zu4jjDqRs;8%)pC2wYgQ^#I zo`VXW%O@{`f~up8pfx{;LcC%q)hiNo5A_rx%R}x$r7TMTC3a zFfeJ=wG63t!M?DoK0gw5Ghz|gbTAT%Nh(06T=1a~^z(omr7c8RT!j@QRK`pTQ{TDM z@^uy~G07`YP>9^Hc8uvRXx8+ANLQCp*P@a7qG2G8J5Cwm!KV*UB}cm1XFI+}R?a_;VK zVrpdS1aau@@PA^~`M)3k?3|DYVE<+Ob3pR`8vpuETkE~&-}du6AOct92=eu7X&fw!&9N4 z6cy*-q~_-NMG1q3kiuYLp&@>0APa=z1%rtN3n0gakh{P*a2O^o?6?q2&oLjYVymPuxa2@b?&39 z3YcBZG&HsON*o6J4>lR3W|&|0jlZe|Vv+-XvB_L8LQ*avXMjGk&RvPBK*%e9C#(Q{ zrN#TxLoHdM2?Y}MuwjnqT|)n}krqxNyYUr9(z zdqq^X>vw!KHA${FaHBR@BbV30tUxP46dBCQS19T=lsDjJeq&m)>#st~U*5=OR)0K680OAkS!G z(uX0Gd;gXq?%uvUifc-n*MR(S=IamSdm*ZgAr~0=;~zD{dp;vAclPG1C*Iv_(n5Q; zY(>{i7gaMxgtj}`Iu0dOX(b7BFZ2agcOvdjU*Q`zy*l0R%^^_~b(~>7idX#~&Xx#PgG^^%K0;Vg*{@mXC;>yaldQTi{W#O|19z)5)FB9DTiXk>u z2en7dM-^jVnGG^zGVMwY^r_mHn+1B??6dy9uE$Q-)Y`k-2 zed=Ex2|=AveoG`Y6S>aR%K>GM9=USA;^lpOGn{!m-CC3MswP2Bej_1NikcRtnlUCP zl}*3z>U#Lvb==10y0g{`r>LXWyTdYubIWi2RTK+2gPmQ`HcG30@yrLofC;(+%qI9V zT9Yl7%DSm3Z??5Ly*4s*a^S(YMj&Qhr{$eT_F-#C{?n>WI-kw?!coVF;!8lb7F%sz zT^bwjrc4QSxd5}QvN&>8txMp9Vlha}VMKMFiJ`pGg{f_WDQ;4Br73OywBJyqLe>jj z!sKV*AVCJxxXHWt)XUCm%?iF{0v~PyX(n^FbLk2K?c4w0Fa3JZ?kC<$AEIg(r#2%m zhDMLK-yL#F5-unro8-{)EehPeTfAiwD4URxpu8ZH{Sk^?#G7n#O9b`kgCvAgMj$#n z8vKYnuXpDnq&+Six1G{pNEC`5lu@q`apO6tf<1eWiT*{-T0cs-PPz}SfSordOk0fu zQ8!@}Ic%u@wKdATL}$vjEXC5x0wp5UQcm)g$oaj}&o5G6q=#BZ+auZAqh?M0p!v7pzCjT9JEC@rB9Hm3llF{`+bd+f*y zJwvw%yX9Dn4Ea#ow^(ppkwWqei0dW_edMLRLu0xB(6wa*rqPlvfV)1Qq@Z+mXl7lo zSWjM;Lu(07X$j@H!#zTnGE#}uSD{~nL#w++r)XKcp3_Gh!T7@Hr1FIkdkSRLfN+g7 z*fTQsSq=EXL*jFoo6II?(lkctDdvyH{=rY3O4f8yO^qQJzm8wz@U!kL%!RRh9TM@b z!dy{~i|w`CZt!%rx?Ti|VxDU)sU>*Ag7*wIH8AGhUT@C#paQEcKUoh=MQtP%8xiArMob`Ih$}Py|$mrBb zk1F|smm(Z$$g#P>(j_va|By!slQ^$&|9Z@)EcA;_q2uuP^l|HhczE)suDpQd&0MOQ5;05m)YpS2Q+Pnx5N59tH8L z)^3u1IWV$cS$@Bre{qB-4!{=6g7%IU)4F^5&cL$7aXm}05!+5*V6)F?fI~84J$b#{ z>LL+vgI$V{2(6dYeR%we{WJy@CC`_ec* zPHogCifgQp64(z%W5hLXSn%Z=-Z`Hs5=jmSUc?rcN=I`^eR=Q@9hElk;v-e=tIrsn zgf^K!s8S8Qn@d}>G>fK*OK54>Qq=oWNhuiBNa-wf*2>Mqm{e(=qQ^>!Kh^(gp_u+u zkd7cqEURD_afPaE&6Vc!$^##2!S~X*i!^1mAAy3@H)h$OG&(39!P30*YOUy8?awE@ z&BA#Zr$!2yY=pFzRvfI=siYo;t;hI7od)t$9`Uz7YkNhg?YT(&yLGEvJNk>kNtiKr z%Q6c-D7`#n$x|rx&?$6cWql?UO!($y*8E;CpqF&uGu?Dz8#z+63rOd=4~xNF_(mHQ zdAVmS$^wVQ$_en`w_%X@3{rTZG8T24Jq#5U;ssEi+?L!ZHd2T)lDf$o`|MJZW%wRv zMxLdd4lxuQBmgO;>xB_hLl`N8dQGuaDedxT%y8=Qm5c=stk@o`b*IvJ%6{H9EuAyNW#&1=0A_oc(e1{9`l9a6L|V28x_!jidkD>gRP zUSZNlnO3jt8~93J*En>}HwtYaR0k3vny^{LN97u9XiYR*;1w6GDVmzJ$$!a7PRvf- zE(W)hO+5(Z$nxs;DNhIqYiDMSJG`>a!B1#WlaHmhdx0&K{3Gx7Jvn2&HtA&zi(VFg zbm#3NNx677{)o|N3$%u{4+2UICfuHUgJTa>LS%XZ8pB2VmreSbD}&pgKbO5u3EmMD z6C`&}eO{F@L0a7{EQ7`6UR>_s%lx5m-V#ARgYi$M=PUn^Q|K3w$WB z1(0O#XxD29YzB)N%BK<$MbHo4wflOVyltQ66g8i^PTqWnuu1H-rD6}IwC?XdBX*C* z1_Ox61Y)9$Pk865ZD}gJ(N7IsV=87$ zSbZyL_^7O_MlqDU|0PZJy~=xyoF<#k@3;+om7CYNAIB;RXblzHz8|2NE2shqH!QXo z6ghuzjc!^-&uTjElxg*Kt$urQe+FE>SVVs;G1~2GkTOrURoV0iH9GH>?s}{{n{}&k z5lC`2V7X7I&~ziHPKc`F;qjFIl*LTtmsAlbI2?)WHQPX5hh={Ny*ilwM!9#v4jOhI3B zqxegeL%7>beO+<}+%e*udnK3Nd}f2=#KPu7{N7riU0r3GD{bO>R4a;BG=)*S?Ux4D z4#8z5zj^diZ2yj8h6F?!(xc462FudX!H=39)z{d;_e-LNk{a@H`)gM#6>FbRKCo5v zUK#Dw*4}`5OeHewu&S5aE72YvT7|W46$pvye5oG;a-t>ZqA_)*n}F=)W1tc9{t4OC zDostLoxsM`R$2^pmi_K|ZmnF7og)?Lkc~uGpLDdj!lydQC4s#)uD)Ozle zI#CwZx?M|iP^FTYnj??+NZg~|>`HwqMwYy&?_o+B7a&<5=ixmR?vD-I9ec=vmCRf( zq6+B9I8Pysjn*+uwwHVuspy$i*QN`74m#s7G zW3eorzR@a43C`ut6_wJ;ki_U#&{$upZyMF?U>`F29v%14n&G%uldl_AhkxXPG8Z)W zf<2%){*6)l+G$i8!m>7D)OV~pj?VbrGp-BUbm50halL%CHl$lq{r&aj3inrMXPs~jHyO{>_zI6HW zB6M`@m2Yq)f6|xsa4*A9@5N9I{Rm;bl84e!oX}_r#rgguxy7%&aZ(W(s+~>VV5NMv z7*!-gvyNCTzy2B~geDIcw?Y!8_->~{QN-OGA2o^bXDNT|&tluE$7-63Wz~>El*$8G z!;DkfKF4xC*V!1D2w(fz`jX}g`}hhMR73}k7nMC+7#C$$VlEDKSjDn^iRA*IhCpdi zxLw5PT0$2qeui{;MUx#}Ti%WzmC{6j(791|KWgSnJd}(Bk zp49qDDn(Ma#eZM*)mEHZTJIS^j9bs1Tr4xi^z|oNpjZpj{g?8{Ljh5>>sJ|`r!^br z{o`eu>VuU%w4JX%#7!DHlFx@$aw)~Eb{;zu1+(Mgmdn{+mT!Q+*`=CiQqxm^oZg;L zUNG!T8v-G5jSZhgcoPL0p&f2rE;z{L*Eds!)1rX=I?p>lvbjhi(Z^N8K~PB9A*q(0{nZNiug))i|tehBoKc-}Qu)7f-3UdJ$f8 z$D~>;RyGXjEU;;KB4ZhFabr z(`NxQ7Vqi5{9O1g?)|d(2|XE2Wo-@@5F1D*N0v_+YHTWJg%#GlJ7?O5A({Kc(@%k9 zyNLot*}MtZ?6BVE3>B4#xDbR5Q#qk8YNFNzUb*-~fx^k775Bg3k#qx4joCl-FCiGD z9)z#w3!IOK4+t@nM5QL}YQqm;TP zAM%l5&2o&s6@c>DZifBZ9fn@)MRejxl1@e;h7ijlL+ z3e#XCy?$QE?iJk;VltyS_tYS1u4LAeiYd@ff~SL#*{tibG!b}6WZmWzb^2+^Jwnd} z_-#eQ7pZw>Ee5}&S0?F9cs{W{7@$A;cK!a%RYCN)1IciquLjN#l#9=^x1T7X1ULR5q16=URfZWMuINZ#ZcD)dyYCz1de(BP}4!Fs3;~^|7|q-CDE7! zoh7VkCp0HixEvKR4Y6HXfon;uj_1cM&(Y;vSsohJ$uyE68kQMA23=%DjGEkF%WGx@ zid;doz5(B&IA~OPZCT{QFJZ7)^`7>y6`S8;y1U@c~;8K9?&mB4X&i6ma1Cy^Qt1fq>A)vq}SCoVJR{&?N|rhyM6&Lb-rP2)$Ka<|99q6OsuN=D&<$LkJS z`qs=4=7W(_rAsm+`Q=0X>kr=9mFPf{X)Ep2hO))+>GN%dng!TwtF`EbyohPt5`2B4 zLtb7DR0e_CxI~0~63S`SAt#mU$;kY3#}Ws4{UYr!S^p1$cYD{sLZbSuM~cAN+E&N1 zta8Dzm%1xhP{ZUE$-a72Ikz~TMy0UC|`Q?Shh@8|VjVROo1qY4q)X6uIZG1i5A zz``GGc0e?LvBYOeE`_wFT}TXlqn2?n2_pyTTS!WQgv;lm_oe=n0gt4oE_J$8_EL*nzsGn*P8 zbrD_qyRUZQR*=Tvlv#vhF(qSgs14_0mcfosk}n_2D=?%fI=IP1qI$5qQ`%BWt2nZ$zdFupkoH72C)c3#R7y6pp?HH5H9 zQ$U*(Fv=2O;%C68Shzv7Nc1ci#KDQEj&{`8+C1@F8+h^77)w+3e1fr##1(Wg3<_xg z0`x3psI?d$X$K1r*{&`>qC~{vI`5)1Tr(Zkr)1`Z6$Y&3jlE^I7g6{)qGU{FQgP}v z79P0!cq@d!V$t<{XNW*5oFmg@=ATPKyEUWwOh>P!SV_*O}jE;Q~CMvBLdkS%a=^wFMB=k^FeVkhK!PcuZ+c|^Al z6%XSD2$NrAZ{vfaHUk@>)1q&go4E=APpk^0y*1uBTS3!bb%z}ut=u?o<9#3@69&A+ z&=AWpSAQNaqrC)1@E9~JyDbZGw7#jm$XV@Al3+b}c<8~4ejxNZdo=CRmzBa3Yyyh> zH2Mvo{OZRiYiJO_dclZ!)g;VS>bmGE_4NoU%!zxC9qKI;U7Y={iOm2*nq=hRraz%z z)lxWue_$jl>C5Y*Egwk8(jUBE9oe*5#vcxGDq?(j7b~BfB>`*Zb(HB1Ji)SpDoP51 zh^Voi#&EuM$QJ$t;_|MTP*RsP6|p1mD))q%ur249I}tJji{sR)R=CJI8%TS8eFC$Iku(^;!33 z*ioXP8u}V@A|1CuZ-f#PI=Ldp*^urF;`fDFTW(zgHotbq|LFag)GOWz-6QwFm5$Z3 zN^+YymUJmCTh#i%wt*Db053v@CP}8ca1)ZG6(A}{b1@cSa@ zE1dGvoHXY4>v+md=tBiF!P~36J%S>|fHmQptAqoe7PFEg;o-m@%J&C9lxzLUE+M{{ z4#!i4+aC{EC*sqvP6NgtjT=)?TD%5^sHDr~+BKZw)nM1_hy6Da zK1wXjJqBEsdD^KgyH1JNciw(O?+^jL&(-ZhkGI7A7$CexL;9U8d$>EC_ol5e+{QSh z>BaFeh$v~~VaMi<09LQZ`=lUoqr$rhDM^UyY82jT{QJ+tlpA3Y7*jg06BTOk1o@V^ zk?k}+;hu0mdxz39ARIqLa-+M?=N&wfqolyrgOb!&^5)#NX!~?@92tmLoOdf!Mf{pB9NHB2F1ID^UrU7*P0#{rKvoGElH5@js=7`vVT7?e_QO>R_rguEyULOYbC(ob5XIO`iw}A zC9VQ6zfRzQ6OivV;RVQ)DJl^@V6eT2o2c4r+us$Xqlp4hiRy)aEJBfR5KoaDb|q(y zuWk4Ih^EPIbD4HFz_rXpWi@{;8PnQ{ki(lzAX!?2g3CB>DY-(xW=G#Nfdb2?P4qD? zj+k0jWgl~{K1mscgnSUOTDYNBjqr%5n3PvK1ZE@0A~L%WN}NWjP+%8IG?uWxkdk!t zN(@2v>}R$Oa^u17K(N(B4S;@neI|WO6ow8*7l4@YHU0qceVAk>t3YsN_F}D=)@-+S zFTc)fvEfFoQ{^lSIn%UM8WFsrov{s}p`3NgW=}R0-h=~b%;tUtj_Qdtf~*!?2^VT{ z&9gc>BA8|$`I@Az6@xbCO0eqmwvkmLAX1WD(h#?VBgaN`zJmIo53qnF&L2ZyCVQW= zj$)rM>9Wi1QfeO`k`Ugwjk)j*0a`%p4IWa_*Mroy^bmM5sbZx`dyUFcSIJiw^aOZLUI|+-=yhB>H5id+JtO-eXx3kkwx{{hWyq}BNC0ZBR-x= z12~&$xQAG5Up9(wrwdZHF0oV?k}RRB%HIF3k}TGngOn!B>7J1$%8^yVotBzrx&TI6 zPoMNA#3&TSd~@n^t{-s})0N7tE$VT1SpZ;*)Ds3yQ8+1}gdjQGPsHcI=p()+66+FI z7bS{xu^K!zKulv;it^4INy^Qg2u8RbrwO{LHxSr#o2p%kmgU_UiLR1c^&bWti^17< z`Ap)ZnNXuH>MQYVI(+1Vbzuwkr7Q1SUX2#(W`-prf(kM|-Fu4Ynz>X#d1rZ>sc>ox zB`Th0_1cf%k}4$wX3u=TiQW*#U1|88dOOe}Upxj4Tc=bWO*2K!WW4i?ODpn|`YS(+ zv4z?-U-Bj#ppG;`$SO&-RJG50-u#{lBivAZGTclt`1o;kgdO$?r*MQQ3O9{h24w)P(%oM5ktU268wh*xAV*YtmPmX4wqD>MSh2Ak)%AS&q z#%`8@KNt$tRdN7ciH!&48DIg^qJa`c4F%$sN5zPepHUy3#l(%qriXXnX3bP8SLIN} z3$9ZAV4uPnsw;3SRah63!y3+%?`$4H+l=r^DGt_Jv~rxCV>0J$+LCbz>c7E`X>u^Cq$|MKrDSZN$)-sK>Gxc`KCjb_pqEEUI;#FD%}v z*qUB>@X;KeG%<60nK&^`k6smGt8CMHrxgr>@&OD8O}C=4PX z@=yty1q2<<^y-uYfY*_w(xNUKOTcv?-gUvM8kF`?9PRx_n`m~w*p-XT#^jgVZ0 zX#Bg;;CQlwhw)Z9J-~uRjt;~4q4CR9JCfR20(Jja1R=_(mD4t3RaSMA;F?iFw2-7m zsCe?gf>4AQ205@2F}^0w@MLZ&C(1_2!0tP>Vm{8C1haEleTdH%(n#e6JzakBhQRDi z!AO<31j(UZ)<`~VQLJzPyf_7+;M_nmX?mASEfid>#w;a0x7bxmLAf{uBO&S%MjKR8 zW10))uwil*45;(7L; zUFm#xsr{Xi+d};AjGczVE+?lwwz=#Qr|Wi=@l0k~HM! z!jeqVDA_L3ttG7@lZ&VeS8>CK1>@8h`kifc0GbBo%!guUnN`tTEMhke=(;}CCrVr@ z@^+u1kki!Cu3woe%f|j?M1nqR%wESZc$|tKUz}T4!F%0+qA}cUL1iZo(*g>CTwQcn zcV+L|U2F3?!2P>RXbwy=O!(rp`DUBxqC!NFAu;Ro41Gxpn)K3@Lm z=@q7Py`!JzlKOxi1B9r3Sj;jRlNz5r-(5V!Yq2mwd3uB@gIfkKXK96HG;rb1r>1eH z=x7jgfARF@J3h)R23DEe7@4m1=AfOs*CxTjkv(8nB?K;(sjK6+J_P!#p_ofWhg3z0 z*%f*}#~4sVbp;m*xpBPE+l>;8(v_x*Oa(QAX6`dbbAow0r_N^-0@unuGIW z!(MW4h{qt@rj<^eGssx;b$`3%MU%E3&mFuvwSfJ`kE}j-)F`RPLv-q?JXO;VtNT(^ zjf{;QOOFHXhkf>^M9=`E^8}fUCW00rc(E`|J+{ zHB)RJrz3pO?}Ogrs3DCcCZ(J-gyG|5FM2fVmqgQ`hNo8TH~>j^5R=91C+vp(2xOee zDDI_6>E6Ej5ubSSxUFQrO>eT)Cn{VIUQfypX^2-#^L(!_cC14Khl@Ol&qAl<=bAkTGBeA*s zooHxkO_E8o?n9hl@cYVqQ$eUb0g|Nr{PjW8M_f((&Jk~IGaj`EkDZyINj6vVOP_uW zyZMLV1hzW!6NR{-FSx6=%-V23MjKLL_(9s^u$JedAo|k?}lU%A}NNvqz$te(;%rCWxAt*U?zGee7 zPiIAzrF;nsOa(%HD*mzOzt8b{`W-X`PLVEspJiUzg0of^1%`w@T?v z1?PyX&NqoE^;zx*SEx{G>x?P`&Pz%ycqa4&S$&~?!|l~JZ72Js>g&=hHyD0Ci7T#( znL9|z*|vO~2qB@(XKX+1TE!Zl27Gb)ewTHUx>0JUTU029x85KYYWcN!q{6tx-Kyy3&_ z!~kVQ*{x*_OH-ud^sm#4WOHVd*Nu|2ydqy!ptbJZ-LsAl9kz@TT`??g<+R<62VbvP zA(fhbXs~IGTf8HSwj*GJvd!E=^*A@1DU^c>!nxipN|BQ70|yV>RG@#O-K z+gFM%#mnDpMRwU+*-scj6u%ZNGO~cxtaZoWkL~Kwu0s~wJ>c;)esBAmPhVnl3@ap7 zx)f$UJk{UX>zpvLY@DaA^X=SGABQdr&)apCt~JccOC&gRwaiRO*Ofz;r<`+KXnVOd zx!SXO)5Nj(UBSz=HV^l|HjiP!U~3ZHGm9#+Kc?O(aFPG)z1+@v+naRJw4qFRj9ooK zoVD<9i;#}bguRb12qpj}9Tk35?d;Wya+@^893-=B^~);NvuGcWH{L%L z@@5J0KOmpi^CJlyVw6Am|GD3jsN}m-Te6$ zocRCcLP|oLWrZaA7eM@f1S$38$&;naS5BP0sBS}}|5%5e+iyL1@Zj0AXRYTu1YZI1 z{}5~{D`bFvi1r~Q`sctS9&2}5wx9TfW^r_fr&QW~Wb&7&MbD6_Li47FS5mEfkv6Z&IeP=wQ*5GF`@U;eu7mRtSkrt7c`- zn5tQ$HblY5L?ocV^+KYC@#>T%dIPkdhmuYRNk1^uv_7-(;Ti9- zCiY+QO3z*>Dta@h)H&KBYDf91Y4;-f#oTgU;&e}xMa;ZIf54j5!H!`jE)!LmCBAr4 zV*4ekLGjT?{@c#qw9pMzy87Vy?A+&B3t~mDXCAsjf3dYJ(q)bI-Rr?iz3zvPXexTA z?jv$rT2ICubLPDsy^zjb^q+yhU5eh}oOP zrcKKmSt=TdPl%W%X0-W;sOja0d)XSU|DGEsh=YIex@Y=7kxWV>#zmXrEpa%L=)@E< zjYgkHWI>$-BJpQ3KRAQ?KK&<{n3}_xPhIoB%<%u#|NV;Dey z*H2tZNJz#?NJ!OENN9u^mihsue&Gi#_$wBPAu%Uq()*zdV}yAwLM~V9;Rs0q`R~ zSXo6;QBg%1ZLX@Sp@C><@Y|2zq<+{6xAqg(>^u?*Y7`5L^71LLg%OAB4k-L90%g2- zDHGfU6YeJjDIwwmp#^rX6R!v`n#dt0B(ESoNJCR`pb~;7Xqk-B)^RX3Q`VJ-G!Hai zL{dybS^~|#fIBGXt00PZ&>S?-Kb0UxMDsQRv=rg=s7;%3w@sKcw8fF6s|^p|Q6qeC!Iiu6Sqqq#o>b00ZnS(<&Z1qb42llhks70HQf_#i zo9$=q5iEK)znMA8ZfQaB%bH#19iR|LQwjS%2P#Vk>7Cf3QC``yq%dF$ab{#S z$f~lnSb4TW{Sv1P&{&mr&+|<<$@w1*6#?5&tRq^q3 zyM4ylvKhlCYCsx-?WEHIbLt;owVIi@_SEp5!M0E6XAe=$ zFQLM7$wi|gWL3Pjjuk!9_<9I_U4*$){w1aD9#!%lWmkROwvUx6?r13VfB12a?+T&R zDIuv!Nu^c;49sp^bzC546}1>|J6AJR-Ckee&CKm)k9W4(8;Xw2ethurB=@(9+a;?X zH=c_e(@wSUYp1*jW}frf0{_cTyYg_>>-;G9?bM}?#rH<9^>|m2L5^J=*`{4|^TBnY zSgmN%iL%Hs$vExd53Gxe^F577L$aZ82=YLa*$Yq-euPl5mx&?owKH*^3$L z9*B(QIFTU=U-;z623yHN&y`sAW5BH_?VBo!o(1aVjKgN7Ctf5=gnu;J`e};q?2ruJKlUW`ntP$#>H{%8zPNfkKfkRXlxYqb=p&pW5iR$V~?;IqNTls<@b5Ztgl&Q zK4Hndf~`7hS4%0mxJjnWP-?n8Z*cj%A*!Yc$8WifqXwyUxURLrT@Vdfk`ghfAVSkQ z@%gL^0d;$)d1>W8mZm>>Zf|jQ<;W9T+N-HG`oX@<;h$aN^<1YYF2x@;dv+j{xHeTM zaF^1>GJ6G=Y`^EW>(|999gKCKyVcxMasZ*gUo))UQ|JA&fU)F)kFC!}T-MHTofkUm ziqwf_>nbhn$1eHTYKP$V8RA;=o&#trt@*{2>;J+dvI z`|oa$Z}CO--EIr;5h;$EBYi9h5$x^ltjq&xBhK4antjMZqHau{c8Cxizsg}a`hEKvXGh8-c>#PhHFFr1gZ)QP=NShbm&w0@hp?+nIz?PCdQ zUaW}( z7=LX{%%-Up<2G#B(82N!-gWU&Tf~uu4Kdpel@_|}EbxC5er|frn37?&M+rJda_)}M zKJPUX_i%OCwmif#()HQ!?2aK)txvU0Q-e4A)TO+)k{cJYOeBFx5%FD+6^xkT=#W)PXWL={&u z;fCVT2Me@jG)P~KsajII^q69OsA9dR;^sQz57VwS-+Xh=cw@(8^{7XmK5ZvQzhXJx zdXu4Pw`l$AKRy_pZGN!!eJgv0OZvz0o99v|^^@2Ai44v0)S!RCc@)OWMck>@aD;%c2^#=-ne%At`}bk#%e=CudjD2*%-O&?WM>Q8|2Q9s(2HXwQAYz zC-H^G9!0MAo~WlR9WtCa;hlBpm65)T{VYr2$v0Azs^#P_8%b|hJUzZRW?a~<+~UWx zEb8pj(Px6;#d*Nwol8t(+3>X$or*zxy={}_5s zaWS(6jDYqTuTGUx9`|SLe5P~g@S61>KM_{sby(cF?DkY_?bB^LAJ?ziDeV;+dop>u z@=g_>4*#q1`zx&J=Y#e&-SqcT7D~ck`LjYX3n=Rp+v^=Os}sC53$Swo&hh+#WPv zzu}l}uI5{>87t}ZluL&K%~Yn?9L#@Stu?Qq!o8F_!QS#}TMpr>mq-1p2hMkN_Gkv4 z%s6Gc^zJELt@Zu&PnK%WIc(K78j+7A1TA>K+F*!+u+o0BU6&#UpnB!8p;Qh{pH5OsR&-OKBwlU?3uS82Y8)%`|_+r|A-LW zlub{kZXM*L9<+1mM-AKQ7yKr?n649j%{O>Q{j!>eXWCu{|1qMaRoU`+0cqP+eWwr2 z35^jlJ`%?RX%ffp28i8ltEihoJ+jO8(?h+Mp%d+|S*P5OeR*NzlLP*V)lcYl2OoZE z_+yyLcDZH_??l%k?xw@-!hp37G)uDz>$lp|mt3x!kYhcsWYA@z;$=_D-H?NnPM2>#A|^&M)8 zH?DeYpAe87xbCF9Y1;>%3+>xU2OZ2;hih2RGMc;as?b66ns!BJ0yB_Rtob!|zW3Uv zPSPdEZ;m}6qOyTzdS#{aqw1_M*J1nB8V~J3Y{aj$y3{NrdLvD*)QUuIhg?vxT5sr~ zx{%OP;T~yxsBU9s>UAgl#v7B?-v3kRTIizV_u}t)+}M^Jem!W}5@TE%OM0Hid!i4$ zJ=91$VLIDk#OaZOA-z+V59s@@F_3Ic*z_jOitJq9l<{fl z;@r1U1yZ-4-QK*da@@hZh3nRCkIlWR7Gu#GzUOwaTl%HR>#}_8%4;Qa=aBboi##=D z)qusSrIJcpMZ`y*b*;)DDz)#;@dJiWCKIQvy{Ho#zo27`+^GrcHboAm1{k=lE?aSR zWd9w8%SmFFCl!^Gwjd@Ydtx)&t6KFBleG%N?lcbxn;W|SC~e1}c-Px*>CXQ#0ZI=SIoPn|9@n+ZG`laQOKA5Y2gK8(SKyo{qf9q?>;v$HmPr4mtPI;|@Vj zXqMWi)&(L3D|WmRz8$FWV1d>3#jzcAdLEl!-BPF@Tz8D{ykr0D!Z4js2T>EB!7oOb z?>EbQdf#qKRGL58DrE4rdjr_*5x7H5){y<;Z*sV1XT|fi$dG;!YWT~OC~f1LKD1HC zOiXRCL;Xvf1JDS0%4+4^dZy&i`EH`x3lA$uk4BVcdPj+~@%$+T*IpKt+{(_8x*{1Eb zF?z-m=euO?wiJ%iV1Avyr@39zGPH$UveY(whL)@0a_yWN)x#$igOr<0{ndY4uy3Cznqu?-M#?sh}Q@7eL4;quN zQV>zFQ|W^LgOD{_!;6QW7<#I$pZVv<$6K1WIKRG-8xWPTXvN9TYXT&RR+%IG-f9<$ zy|})qDRf^P$%X3C>UiLi(59lv6Ayi@eUYK%w#dKc=*u%s$ZXeHVc9tcBOcD$BTEfW zyfa>ZD#OlR-l(Paobb_H^{ksn zWs-B?VbeU-M<*99nOQG0ueA2=;yirN{QE)=;_|X<51Vb5%YLIjxXt#-nDY&rBP>P3 zQYmduRu?A56vf^9JfeTl;K}o+d{}SXbZ7T$%Bl+qt*;E2%;6VrCa2t>*k1Ay)O5_l(@DSr(|hC=zmVw^6HZ z&mN|`f_=JF(eQ%d7XRQ`MHYth#V0uIdQtvCe$|SNt|7L{yN8vvPD+#^m}cZN`oFXg zKJOH0;;wF@v!F(KSZ&gv)yGfUbwnMQGc1#~25D9C(;`F>gd0eaw?3WME$|svIi^ab z-ZC>y*#Gf^4Ch(PMMp_UZF^&;GIBE%lStV5O0MFT^djFiMr(&=Tr3`A(V(`sea&l} zGTyED;0u~|=%GFAGhttc>V5Rc-+Q-TMp>yw-IlipOf!dHt2NTU-=r3J{J13($D$*o z%h69>9Q<@d2VP<^J}fdvZO!X*x*oCSq+MT1loUTUWRNZ2ClHq3o;uG%jePI)qYv}? zhgub-UVVKjP)mkzP5!czQ9;6og?|b?3m~)o?=Cf5YBV4{e()MCVmaZ_IzzVGgmqI6 z+pukTl_I&S)v4-);=Ex42)04Fc`{Lrs!Q@1BQjKP&HGRTbV7zQVWaH+I)`=Z zwh?cLziTcjTTUw*5UC(;DttNAKX#JFtb=P9xlym3WIEP+rS_X3bzep8tAhn7$hP^F{xH)}5b>oheL+O%NP2)BdY|YU+6J6#T{rO>%Rfc!V z#>OkwgJ&J+*Yx_%c=2_MHV)gGu=2csA`c#PWly0p4YnB)n0#unb7r76OKM= zsB?Sldo%pPv{TOuXRmTo*u$1+=`fM`ILq|oY{ChR6I$EOddm%_Uw=c)^4{B;Aooyt zgX~4)0d_@k_S43Ve!p>z()4EeqF0%vXTt3?-w|hSR8PG3^&bhGvoTl{k0p(PWqR9O!Zd1U(3 zpV%U~K(F4wy;&*IHraQdnR~wvhgi)ei5tY1yDZ+a&{?~`af)VOl>GXk>gL-PsaG&? zuM^BFg4DmJr~UUrVZG%$GX5_ozzh3<`ZXP4xc-h_3-nXf^8eO zuiy67b@axsEi>MXzLLazQ?i*(WE7Xjl7X=f#wB16P|IK7Z5e&e`N~pGNN++mwFOwT`|i zbK&EMXYYL+vT~=0S^6a7X?X3@!s1U`Z=Ew{258!oraWjpU!$@QSy({Go*H-Yd54WG zZBfI^YR9Rx?6~_!l zXyrZ|CU?Mm*y~*tOT|7EZ9mvLX}{Mt3XXv+?pvh9lP z9qDuL^DO5S+}`$l6Dh`Slzs%d@_z~?ypWK;^heRcPgUl+1m6;pX{nmEff4;!@g3s@ zN^+?I?M+SrO&63ie1zm02U0E8m=zyWXNcM?puB#v;r1@#;d{klM?3NkKN(x((0n3k z-iBCv|HrG&JbpdDWk)AN9O8m3`%1 zHBMLc+9ut-2d)`zyXhXaW#I9qHD3)V{AhTFfm0%G zxez}%B=~A5kr?9TE!%eSa;U>(>guBFeq|ABagB{FgxqT%YCJ`Y<7^EY2D*iql@CX* zy(*8@H6LH&Yf%^%X{w^%e)A3h&i?7HAhJ$U}|6I|W}=M2v}Q*3qD!Kf zLS)l{%c3!3`i%?fH(6PY9v&?bS91ULLHEhV#&ZZyPE2cOhvuY@U!%7?ba`=$3bJEX zn@-l7ph-1y)pKW*cU+q?dr?H)8Qeu@-223i0j&!bLXm{^!T3Ys?wVJNrtHM)Hd#2V z_6Uhos6BF0QEyb1rF+c8{Ms|KJQhW+R+m3Ae)}ksdlN1`lf~6+4gaF0u5hky@yx)v zdloa&9oB4JR4~^h9-*jZ=kJ~4plq4zXXpAls2|fIf3HKxC;EJ4+FGJ#@%w11dGZ}< zQSCW{v=0jhpY-1J^3t~B^vSKN5;KgC-IYO*cR_2e*<5@RQgW*%(ynw&>H~Me`V5I8 zzX2aF{BfZFiq%LtK3@F8&|RCwqD~a4=Nd#SY2Mqelxs0^|8Z?23AHOl?i3;QQ^RNb z^+yUG6pSffetvUh{+q+sDv#`rya+W=rgPL^^xP}Sh=)|QitxEo{ck)?ob)-U#%Yw} zvsNqbl>@T%6Hm8ZoH2EeqDsPkkq}z5*frWShL?H@@Ce&%*|qq zyvdEEDDf`|PyI??xBDxL+TQ>gdO;eA)cOvy(E93n}GKuh321weozh!TE1AG-5&1IF)90N#Vm!F8^*MWiMMPYy8fA&;t&GyEo_)sUS{*M8bmts zAaf2rIQ)KUgnC=Vo*IVmpF;9W-z6yzx%_3!^<7hs<&1o!(`K2{p}TOt(OU8`kxa`` z_?U&Q0i%kdoK;F=#y#FW1xGV&96iuuQpu7NrVtwh!sAa~pIx&mG)C6uNcyF!T3Z)5x3>{$l|K*af4bsP6*>yV0mig99nfEbw zRm#Hr;mft23dhtB%pE(QBo&mVI<~<7EABv`^!dY9v*yL!0S2^q=NyXc`_E%PD;r20 zcsMOAYSYJK4-c;Q@=OlPU8q!X+$95fJ*Vb+La5BgKdQgpNpI*#&gn=t8?L34v(c)} z)=m0L+o+BgtxZMk`OU4v?cUtC)nMIxrz{l3R!Z7bX~MC5pu2TmNnL*C)@4&#S9v{O z;2H2_`rV;t_wK%QqR0&ID?7Z5t&lqCr3#Kk5*H=B65X}O#K65@)efUumafx3#Hr2o zi!|F%-;q12<{ZI)+mOAfq9M-OhUBll^uj)x_Uc zi$0T-DSmqH%vgpsG2ABc@zkqsyX{uBmVfYbplW0nHkmca3^GX^J1hX7+Ym~elIgx@R*SjW!l1jj(wusd zq4c>SRJPoKuLB0ES%YdB`bo?*-9om<->wc_xwt4mgE+?uCX zR~h{L2JPf%v#2%MyQXJT%5H8=l}l>PK6E|=&shSfilznZQ7hS!F0;<4Vugw)^KGQ^Ub}EH3U$xr{pm%=qZJo>g;X?L ztBzg%(nnt9RCd@tBCcR@WM+q_pW_^2gT|b(LX&gH?oyazHDvd`qG@Rjh4#k{=WN$| z(KhJyxCB#m^_FPKp|d~V6ivA@RAf~~(bBO_$)uGAmlUqaw5s|ax@$dDdArPKTat)n z#)llA(8LIDrya_?m0sG;kMa9>ZzwTO);g%K5`)QVJ!<*4I>s%kDyX)C*yU2!37 zm&Ea5qZ;4N(b$lhxrq|K+dX7VqgZm;yumJaBr@~$Hx?xED05B zGkIM?&Rs_hV@(PhR9F2J!{m<_Q-5KXt!z0 zzGPj>$>2jx;reXq_t;ei9g*E_u@vihF|NWO z2GaC3aA;GdxYsL2c470}0m$TH$0Y6dA;ikU7k=Sa$CO1bnSLd1`Q5Ew_Gef6Hx9Xy z^Hg;3z-FZ^u>k#sS(_H6Ol=Vj(%kNHdcY<>f)sA<+{LmNpcc+=UJ2v?E{Fr34YR2W8Bv5F-sS!!;WpOjR7JvuU4}$3o;nzxtqgVU_OZ z22@y#t=A{5_4umeIw&Ok%bo|DBK1-S7BL&|=-*9^DcRT%y5*6}8jW$y9mdyIx#R__ z$n0L)vO+)cRz@ZAhvlIBMVgY;mM#I)B-WDF6xvn4Cv`L*KJf4l<1gNdQ)=c95;}k9 zn6l`EC{k36O-@GEwf^@eC2fz7-fQbvOE%hKCE}noL*lx`!^L{$WBP>^(#IH2kjP1R z=(q3K?FMU)z*ly2tQ%LnFsnGVCrtx)B2GO?o$x;EaP6tL_vnc2DYrta=&|pY9b%5F z^vsccD@SG{DWY;(XZB4xD#Fs<5^_FrjBQ9bZYJ)y;S^ln=Y5N<#dqxAHFXaZYmn`? zYW7N&xy;D5F3ajKy?I|H>L*4EBV`Rdod=+ac3q}@BoLpo$S!c2w{@T?2i}O=V4iD^4`c(WhqTz$v z$@u)}s#Oy;K2JLEHpFPG{V;o-ccP)P>PMaKE;inCJYP;FQknFE@qAy)6WW;1_cC;x zj(@Pr)=LnPEIvtVFkG|erc#qxD)CjLpNvuSW)_>O=*9@YVRxz}_+EZe@kOgYW|N!~ zZw`B%Q+Z5FV`l#Q`KPrfOmOO7Rg6#A9BA0fz&1jh>wPo*f&s_StBW8{3)w5juwr+MiE^<6`c-ZcotFcWfd&`qu zx0X)O-|rOr$87CUGM=(iPCiuYzsopv_M(l!pM1*N4V-uHH%&aI@JM>QMv!xf|LKWF zMdj=(53EXp)rK6SsE$ZHE>q!>^hu^IKIzcDFGl9H(D915Os+LtA74H9igLhpCnZ<0 ziX-{1wqq~lwI~JVIV6?bA`jWlID7qIQit@Kw$lfM6lRs5u9i5lb907BazMk%vSZXL zxdUET9YbU&Ckmei-;j$Z41eTzj9Ml?`?`p~OU1*Y*|)N@vn$KAS3mXtBurSGK4j;F z2@&JBJQ^AQHC!nrVi!_##=*tvSpTxvyP^Yw{}g&ae39~TemNm!wS7{>6C!DbM=P=^ z*)@6K(0s|E&We>QwmH_Nx7oX%6%TL99>(;)Uam50<6(cZnAb&;8Co0g?E}`kNgJM- z(b^EbRcy|PhUAAz>9qd$6wAZh8Yev|Ry(pFQxc~Xw8A(g(?8s(Bg3cKK&^%uX&k6z z7-YHoTtlARK+kYXxrNmltZIvl35~34B zFQ3{ExkB|0AxbJT^9lRv^q+sZX!2U(;mV8m6Yi|nXWkl4e>{ED>efl#87p7px~hF% zivE0#=lmqRcsglm`4}@Ba@aMSM5@(+ooMEv%yP>GgSt3Na&^YLv*LQhshWKcfF;aM)kh_HmMshif8IOBNq%unNV zavaez7Duqe#aLOGTUf%$pSW~0Q@ptm!4hv_VuQDVb3O?;8$1qY38%WkUpNoc#M}mN zVQyt%V`)P$F|n|+!4oV9rZzYmoUt)_&ZmwEQHKx@|FCmK329`S4uM2YVbI|uQZk*! zggfl$&v*)*O=gmbG@_1KJPw01XoMXB3Xc$(&`~^#L5zp*jtWMaoU=d)rp6Ws z)<6@9p)=sPR687Y5U8y&w$#74Pk&dl-tpflB+&Txy!B`3znKN(0^wnc{-yuFXYqf~ z%lG%+g~no#Nk2T``3LX#5&g%5u-}FLE%IkiJ{{r$qhyGg-%>O#r<%pW7N!=&?kKaUz{cGLD_dH1;CKWH87y zR-$nr90zX<$`OkkYuqc8{EN+fUg`hN2YcOFV^sbNpwn4@ecV67e_VI{4{we$0r~G= z{{Pq4{zpAnr=WTbiD8{gk0q06al|p8usIFhD)*T!IGVv%SpLkf|Wz$PY;1p09CF$@mu{ydS*N~83apH;uz$Ka6J*`P3QhWVzCJ%Fo-FMnCvM<>BLLr>TWHvdqmjkr3{^Is7;|X(A2+-@CeMB93lOzFxio(83vq z{-*4K&1O_=a*b!+Nx-2r4 zWM^ez3Px!QQ!8C&3RuhO3_CD_W5BOVrlL;*-7$^%n+?BV0azYp|taN^x_ z`?4~DXSuymNb!J3&{u%HZ4fY>U+A^Rp7`T7GlTA>rG9#__GlYyP=Z|v>=?H6ofC-# zyg|8-tpnm7;NohhX$-J|f*D2wMs%n6@Fl>I3#@T8AboH94#b=ejyBAvz}pCdrNI86 zHv$`gZ6AR3x32@og9H2zOANmPetB}Pz5(8dgHw=)FF*q7p8*$9T3Q--g^U1__)H6P z8w2nfg4+;G2B_N*^WPXzH4zXQ+bfSvaIFo3S`!&`nnR0_Pu%tDZ|@wP>m z7Q;-ju_e<$FhN+rVeB+nq;z1GG$Ifx%~ZHzk|)8H6*^lVzu+JwXq=ymorkxBo6FCV z#Gl_g4mm`Z(l~+M1>;a^#aluGTzAJeH#!h{E)jC{4GQx0M#0lDz@9r}SCE?#R|hAc z1R>x)2N$J*1A|PYXd;0g;qaj$P+1-uK-q?giKe}-7T(m#hTDNL+Jn8VKtEV}19uW- zA_&q+rIxaD%0^t#|g3kCiML_T)~gu3?*@B3!o|i-soRUjDriHSm<4+gaG<~A}fxZ z5KW_FCLmPj|AA115_{Kg#8@u7Vv(q*N=brJqS0}5R&*={7+)7siw9|~lh&d_A}Wsl zgxtb^KVJ%Cp;|F1jVa)vj3=z%dH8Z!j;VX~cl{>JITOekzBt*3o*!oK+)=5X5fY3S%nek*04+p9~fNDl?kXOYc*_TXC675T@UE@Ber11m7s!(`I<{%)~rP zepi!~068N^^E>*^w7^V;vH9-({>}--rm%aO3fQ&#FbQbfhv9ej^*aa7wRQJ2c#ge0 zwht5FcG8DQbnWwZPJ|mZ-qS>!IRWK;mD&H)=ft?~m!75;$nnhdVN%>q`Y@fYeg4jg#ITv*wPN-t@jG(A>%&xd z-SlBD-Fp3-!BYfIvG4L3UT1xnQjdNA&WR<`(^&ML zX5~!;B_8Yv87I+@w~Bv2zA#!@(4{f1F@amxHBwOI(kBpIVN3T9Wa+zb8aJB!9? z@?$Za)6Z{MF`l++jExuok41zm5;Q)TFDC(rp&x!{)FhA}uvF7dH&ld{7@&F48C~o{z4-$>9~bBw zr~%Ip3Ko#=fY&!G((jrC$F3wWOgzCd-OSPu-xbUS9k6CSxYSIXUBeI)2yyWPLr#VU z;zokNAqXh)4nx3SfdmF2-sD&Y9elK&84S7x5=w%Imx&~V%!0fziUtZ9n4_Hv7IX@P zQJ~g#%sPu&XuB9_zw4jon?l_Kxb7hVZ$1vE12$l(Ufkk5mupWxeV)S)^Q)sBbn%gc z`L@#``xh}rz!cmaU4oqX&R}#VycOd{-+VIyzI%?lqj;pSd`(gIRuJFzY3gEPcj(Q?zWMG&~t~trT<~BSIzW4XCw2fjfoX+fqpos2Rs^3k2|oO(06CbBN4XIs<6n4@L;+ z5>M{*Fv2YwP5Q%T;If0PMi4=H3-ZGjr1V${8^Tw+HQ@TvVCVRYFG#52W3H18eWKID z*7-U3)jB`tMBavlg(Z_I6f#R1>FH9+Hqa@+!!HQoh0NNGB~By;VzI6eq}SO-iX4xO z97!WiBqyNf_Mrj&J`iz%*x4bP7$aiR<5?iYa)MzIm-G~1=n%=Ihv@1eBU6YBCJDam z+5zAV6XIa?5PLhsR8J4-^1jJk?xZF{Q3W=G!U-1wZz?JtboHpxshT$5wqcQ36jCq2 zQ{5it#Vs18F+e{WIied=!n}$FCB_^o@%l2tQ6P3BZ;UqHWCyb}|BoBLrp>DMk))alE!80fY=NkkGT?Ymo3g z!e&D3G%^liwh`X5Of+1nD_h0*X*_Qnf0?Cz@5NoX>_5KU5Jf2%P{)(tdIi>QjFmUu zA7M*ZuKL$l>Il6bp)*gM`kO$-(Z1LHiIa^~6 z0q;tzIe8V`#p<3Z*!M^lf1p_GYZn>4TW7tfmB5jHNl@Yn(5Qe6U4S6t4uM0YI3y;6 zbIZqj0rzGKk<7rtBa_(F6k|s$UepM5ztOD31OvQ*nH4}O*SQu-XHeo0Ckm0t1jQ)^ zL3;=53=$6&K@hYb2;^XaO!QrA81}v{wwNF3bU*c4R9};_^|J@X4oWB??!H02PaTS( zB+{|iQ2rF*BLqG}3=uR-1ttlaB1B=Kfmh%GMle6&Hv|q1=4PS=OrkkGMx&v_T@(jP zfw*B4P^h|xG4}DbFgZAu6_ZfWfFY1u9KXd5__(WH*f*GiHG_Y=sK-t@>HD4iSkdi7 zQWP6_vKS}W2?B}v$|S@UcjFtJW&KMm7z?)+cxjLHxernE=J?KF^KYW&dr{>3*e$w^ zUH7XGa!H@f;Ju3{=xh0l58-@07!P>b95!P<*Wu~6ys%tUj|UZjPg{N%jnm6U|807A zcafei(Zis>Bgab%JogWX@q(|LEO^sLA^w{t-<9D7pZ-RI|C?FdxV0;`b_^Vip6ER-taEQXt7UsfUsvi*K(DZ0Ms_bx;i zH9oG#5W60?$&Cbww2(#nLuQ+RJ@^v6CjHlC8hKkzsC|&h$w>hVMCM9M}K0L{H}lBJW=~o3gy=^7{~37>mFB=;4wMzL15uF-mC3#@?*h$5vqlB&6I^m^ z4vY*F>bR2Wk4zHSvwXw(cl|e}-`e$2brsF=4JA<^qLzf(lmMZ5r2)D!G&B>qtAQTo z8k`ab*#vRch%+gcM1?$Z1ad&onrAqkO&Cid1`Wr<71HFn8Ew5eIMF}}0XHp;@kh+d06w~P76(u4N@f`nasi?nYebK-gUdrc>mlsQd{R`{ceKENUt=UuM(%wJ| z>>j^m<{WSNKLlAiCXU_bE+7!{)If94Ai2~701TDjh-gX^2jT1yX*7o)5Rj)^a7DVG z3YakAW1@*AH(-L3-`tmgi5{L5gddbMC4iU4FeZbAm0bEA!4bcEz?^MIhl!5Tm`II- zrH;l~;kc!51=gR3;hN~a2y7STm3HIy07W=xB!nIh6gLGi5iC`L6)_>wpz0_>rXfK@ zavG7=OLPQET2a@UBhM6t-E|s}1dKi$O$t~g$9To{%b}Ktp6urTWwxFh(k zwTfe0=S3IvDeA-&=HzJ4PgWFw_D(I;xR2?MoH{|@OM2v(!hnM_|FXACARDsld%L*G z{)4;94Y=Z!@IXh>6EWx&T03nBcr$>!&Y5(|tlau8e3-zZQQ*NYQ64>22@s4*;eiVe zwJ?dYOAq$FN}n8yeJAtl1yXpyc-Z)S=rJS;0$y3D-+?fR8BlTwt1E>%T%ZJd421-h ztUywZAwkhBs6`M5f9N#exTwPn6R1&k`x^(Sg~OxO82BNBoS2>v4+q3E2ybHIz^h4x z#F1DKI?Vighk`ndx(y{X5&YaxBFGtA7X}IPogwlMA^;LuNDP}2(`7`k{T#O z*fk1$C>Z(ibU_|y{x#W!S0@N>YSAUw(^Np!?>*QP4GZn^WOvyG00qboWPD=2Jh(%p zgJ`Jx6${laj2r^}1eWWUgFQ`t^CUR(3}@)v*jJ9q&f`B&ZH6z%;L)4zl8h62`T+uk z&NwyWLa|jq9K4;87;yi^fOrD|3A~NuT3j*XB1asBZT|n0+5j>Wpi)dX4Dtlx0$D^f z4!sHR@b+e6McWJ^@;sIl_cvoSY;U*m1c6u@PiBzPAU2nYz)2EhN(Pbwbpn54FeY6M z0lkxA9``mx?FM)P-UN%%*TNCdsLyT#^KkS=X)mA`1Ql!J9YKypAbo?Kj!Mfod|wyp zuaB(OM?*i?QsN8rB{I+$pnU=xuBzvyh>EC1jKzXd{U z?Vu{8DPJD=2Z!^mB;Xwg#TtoF8Ig(j5L3`{poSE3G6YcoQ=+GJVZPs!ObEYv*8gyj|h`{xFP z`&Nhw^aw;iaH260XXgN(NXNu*5+YGa6a$R8qNDxib`*~mHS4yccq0=x_em)56JzL5 z)J)q1hx^AC4sX^oS%csys0E4Ea6>6Cg86f3NDQDwGE|2^DaJoI#BWI&wt>I`PwFb=;rKAY3!ms_Kj15A#y>9Kz~pA4ccU#mE*r-r!|l_YYi||M zM!2wR4p_&xh{H9<+{!DOjMWVRnC)VFfi)G_vL4kDz9qDWmE*qH#1t%Myf<^U4NGL> zMyvh&f^xS)Fc1~X$l}#Igvs$tB3ug^Y9ZqmvEZ((fSIh5cyyhwV*ujh<>CM}Z22Qa z-E@M5c)7uDptW{U4$(MD-h}ZyT<~!T?bP?6{4zM!H6f4$GlTGk%eCPA$l$|I|LHXA zbd%Qwa)o}WZ#2%uQNSw1gIF9c)zp}yg9sQ0fCX~0*S;AKM63FOCgSFW1hJvgcnlql z`eneU&SWB$PK$#WR#(uX5H~LZ0>v$HHt@>?{l&dP5X1q2QB0%m;z3`RgJ&)4?o)=OumABCL9qY}Q0Q?pHN*7=_uQwk9N-ud2`nEV*`j4qyMrkP z_fV@Bg50tGFnJx-R3YFU9A|J;6BD7)p-?@Gk%2Y`MLU^90+AlILGl`-vR6VPrcy%f zSPadu*m;K_4t&!v%*n}&tzUTILC zKM|%uXG5$$7>5CI!77T{#n6m9bZF?Pc?DJ=g$ER(Z}6v2YsyC+KA@o>_Uokf#~>kS z0sWR7azj1 z>A*vp2xJPi_W%h*6(cHk&H_f1IGY9(&yD1Y<(d;XuLMwl6oM|JKwuMj9#{A-9z8Sz zYG8IDwNU?gBACyKVBk06OoU9s@*Y8Lg*E^H31|Wa>@=JhMuFi3kSL^yXm%lLd%})7 zMS%|*f!YCqpF|c~b)H3@h~_V#uHHl#1UL}l*iaJ$2}TdrV6kZsJ_DvT^aYry4`C3= zOz1la&SgXZywboL^9_*v%qsuWu!1L8^+Y~=;0OvVK8Rq&ryoHuX_pWWFRUU!ui)T^ z)?0vDc<3^tOp5^v1KbK-G4xalU~YUQ*M<{o0dRmrqBRD<5RI*61-w0U*h?sxh_J{M61OevIWaaCwwZx#GioRU<2LLH%8Rk%MF5}U zAnHe;=WlVk>pcId4dK+F>{5HCtBly4b$dfFCI-{6Y~0$?jv&GDX^b(-%>;B&^b&K~ za4h=081(rPG?-wz>mEO&cADehP_)0x!QH9s{C2hT_l>)|N(jr}J({B@>0L0g{C`R9 zJCFAypaPeukE@k1?#?!f=h;{T{9gWxR?CpsNC6SFrt$|aozXL~`E8C3J) z9sUGz2-JuG`3J%TkT^Km7!z2SZ1jY9G}i(>^a`Y8h~b9XU;G+9sH_B>6kZuej*ka% z79K<&LSK#+_W==xf@ILyToITG=gdR*z$rmK2X4&-K^T>)F!@(-G~Wm|eVZ_!gLaEY z2Ho+0V9q`3hrdsF?*eN$^Y6l%IbRm*RPZMk z1m!0UTuxwlhje6Asq5?(g%gf-0bq`vjG7QYKVw5dZ3fR#g~g2k1%YQdnVA5p8fc!0K>gx~aFicxJs2Ha z*bI6Kq%#4<1Feskz((bNH0%X5`3%f(hc-fi5-buhHH^w(;EGKVdI2bb6C#0Z6A=L5 z3;`m_36X-f{HeewvC_DPaLgTNVZcETnj&P5#e!Pu+zC|R2nQt-H6D_|l>{zvG~T8g zEcInWPzzkod-BhMnP4b6OoU@`?F2Kf6BuZc2Nf&U2Pn#4HN<5ik;3MfPdOXB^G#1pX zfME$A7|^hBKnIl7g87JJ8sQkAGJsgIP~-#Z9mIzWpvow60jtO02EZ5eTOyo#1uAqr z!k|O-2y_p$V1B(Of9-Rj^5F(AE2&1r%79j3| z?*?3v08(MW3<6{u5E-r2k5X4E8_Z>pZiAkl3dqG<*KhUbK5h6v0jxc!)O?A!JMR5= zYtv3nR#tyoxcJ|wP5-`e|9_@Ua~JL>wCNw7OVN$l^yoU|IBz-URQ#+)%|HI)zrtzz zg9ZFWeVQ}JU)H97U26bcsgt*IT{@knKE7i0TfD0=6mX96^7Ok(dq(G5^p-AO=jfxmTn zFO>?n6}x3Hy`P!?J-M>(an>4S!2$j!+JA#+XPatwi;Ko^1h9k)X{OrKWq-Fzqt5}N zFrWjCb(|@5JJ66BIv_)ZKC?d5x9kM8){H1L2x7xF9k2=5At*RU@Q2_t7=JA54is~* z5Hhw00ZL6ppK)IY(zKb`<)GTbj{&&Fg8qOVK@q^4j0Lm72?Aj)XcOP8XrCg#8N*?R z#mtdU0lhekHUlw-~!Rg36$6zeL%Z8mBC=?2vLnj)tfJ6s;6-yYR zOmhK0uh6&fsbieVXv)A=U@~Rm0+J@)jroo6VAy_=*5LoH%G<5r+ASm+P1wu6i z0?S2=HO06fM6q_Db&wY>djxcaBG_o%A)&&(3zrG<{4oTJ7CyS$@cR|+8-Py`k=qR% z&+tw37>VlZfh=oe`-2M*%v@|(bpHs3d(NFk0n9tYipRDiqH2bBf}hQo3M&G~57-zW z+!P}W57U4-!qG;8D-HDxwsSDV>wPdQ72eALuw!q=e2Mt{FrEf`-8T|GL*I!6YpiKH zGRVouc1O*jCCeOT_c@AP>;V}5ibet_8RJ>R)QWCfwD$n(07JA!5F51B(T-qtF%UKY znCf9n^b6J+W|X68bBCnF5DZk{K?^}SXqbtQcrj@38O9YF5k|uNMa(`TiNZG!jKLFN z2Q-FUiDWtjUnfLxP>}oy;Icq@N*2U$f~_xTOnSz;1W5fvK2K~`5o`=NvN3BO3l5;E z3ZTN-h68($_|bvZPapWvy8d$;QVG;l$m&-bNJF(DQ6ZL!I8GR7M9@n6_MBj9V1yDw zqzN_@4}?unBN!7w$@G@S7C&+d$jZuobD#FEVbAj3AeRYR7gh+42X`>6FKK*3GqPc@ zh!Fm2P*f503Q|+L{f6+JP$=gDTR@u89ki5KJ%sIyqxo>)j6Knl6aZwSz7&GKjDoz1 zyfkwY0MLO>Pz(pn5H=H%COFd(<{lO~fk>r5zapsgABz`x90xT|e@O1=C<^ag83yns zc)`Tp4pk(-e=bBq8U8_K)CaW0e+mXL00+Qtbn5)Ne*c#_br=&jc&82%d^phYrq{bj z+~B=C%tn9GztiV^{}9;352p0*xp{gI_22C6QTW~79>zNAcK9fK-{HgT5L~C&`3mL$ zoW~;Hx+EP)(?NChh7g7?D-eW|`Amob$T$Eq19zz)R36-!aJhkHg7A7s9qTUr;OI^X z$6PO%W`$xR5R?WDN7vRDxqJ`=f&%}6^By>*LG{EE?~ry3Ru1Dj#ajzRkE5(ScptnB z^7qiq2v1=RgPjC=F8q$+c=0A8xM2SnN6(S7uD$*)kpCZp|Ly*Q{!8%tL2QNYAU3}G z2nMifzL~S352iHaoMXN~(9J!NZ4MSMQ_uHCET`~WMx9E4k2332Vo@_`0Pdg_jx8lj zFJt6x;3^`9qQ@<(ZVen2QwBW?(Y>Q(j0NAkV98<@6jQf{=sOE)j;w7@(E30<>!)t_ z93pG2{U%$Nc{%hr4F<%LcYANT!Q?&qsQ@r?*yGj|q9<4r-#!{J&=Kr4<_x3B3INbH z3T_T45HO`^0Q-h*8c9U+7lv^9xpv`7m%+V zxfCGF0NfA^;~hy9xy%^*yyqT={`MEsPY?Nz$!`Gjrnf@!D?`_itlXVg2vdpiLiH!~ z`7Laq%JLF)0DJ-PLJN>M|4=qiWx&DXxcC1!HqdX)FF;2AO>CfOGXDe{=(k4x?_>i- zWABj$%}mH01RE&qQ7eqD?WgG8SnF2wf8>PSso4J`C;Tn$rk`J)kf6^=MN=AAQ{uUNE%ObRRo2BnTXA{XfGgXA^@AG9X|DVo??m_ww5h!k4{Lai*ZZfW(XW3{$;uN2SWwmgi;)PlGYGMG0j?qNPxfvAnjJtjfHIFEIB^4sK=cI+ zh_a%LJq6GdkaSO=M}USI@F)A(pEAbK(;IrCO9qbu)F&r_222f!j07;VC&_~r0g;G7 zlfwN1A;a0O)x5J;Ynaiw3ZL4<=>jAM9EGS;E{+UgQv8Po@V6HUNZCJy1CE&-F}sfNcOhKxJ0J zw1ui`6g-AQCz45juvh)r!VtTkCke9a0R;gzHd3#U?Tp-OgX|Y0yO;@O8}tH`*I+I% zrSDN*f$`3yH-$>`I1v^E<^Ejf`X3bf=ro`}Dmx{Fiku4pC{heHav{`887xiSFPOFd ziysLS;>vUe)t~{!)rbQBUNor0JJ{3pU+>xgOpVsyr11_x7C&U*L&62v|ARj6`?${s zzrxfRD@;+o|H8L{ZqUJ!f!RU@jR{tYR_F@#1JB_g*Vez>Ed`bSSNXg^u;BU&_CCw{)T{&o+(NLq66OzD6AO#2>~=|2v`NKY|#LUJE*fzq3VxyQfVMz0(M0o za)tCUtTJX30C)_Xba3E7f+mUf=X%$Fqv~2)K#ms1h>N&c02Mvh?l4kke_qj0WnKdV zaBE^q3Y{0gObRF>)FXtif!hJX3WJ=dU(m7se9(3_1cP~Ipoo!BFq4%MNs{qEbA}xx z6u2V(To?O`(h35-2#=5QgB4&7;bcRGF#yr<%d2PK5Tz!@(S<$?$U#5gZ+|-zm)hTvgL+~5&B%pm4KkvM%=?jZ;RVb~pU?rXRYhz(A@lYMhM%C+zrMU00#XY zLg|*20MHK1Lj0j%L^uv_&_@{qC|uu-VDJ6}Sat^=3W72NFqw|{6%Y;x3-U9w9wHDK zAfBQOImhrI!U6dL;hKe&62Tv8R)9*0N*x9e{Xhi)R|Ak^f;ofIslh#orD5O+PAHL@ zh#3?_&rkq#FaRE?89;lZk_gZ^oa8Z(uzS zxl3@62Z1?p;3@1qt~_I?!oV5=R3C7@QxK<9&lEn!Z6*uShSX&%16?qk;GkxDy0I^!I=|Qeh@PG( zeg^r46n{h&<>`s>>7qO%sKCGgQZZ7XQJxoc657JBiQxT$lo8-RL5wJnEduGwh*wjZ z;Ef!@SnCkR#Da&2Km}XFFcNg3_gGXgUT|C?7F7V10hd(2)%7#N`15N@en9*qb4_)l zA1xS41Kiz^#TAGp`=Q7dx`pwh;hW5Fy*IlG5LAH<(4DL*OPCi38UV-;evMuEXr^Jo z0T@w_L1AtH5JgaiFqtql3jjyDW8WbYLDG=@&HNJcc1LyaFxEH}eST z#R&F45zyA)Ily zsme3+cBGL)fl89$HyQ)U4>u#ac`^D1EI$_4l@SR&-Vcl*g$Aw#2i(ksS0K~^gP}e+ zf{HTiAt4*oW>ApH$jZV)^ypT^Xzg+G70hRi;Ou~f$NU1`z&8ifb1*DM7CDx@ub_zZ zKPY!F2W2EMI9aXq6&2uq@9q?eHv;vgE>_3`sp@!YFDw6`$FQ->9nl6b6Vp+8G4mVv z7ocPzXrLifhOwYa1p*1kLx%Dqs;d3;uJ1~Sb%pm&YWkm$exs0nx4}EWmR1~)be6fL z6}w4i@zrGsd&UN8(D)GaAPntI(j?g1sw?WNs;laOK>{2^K==R~6RRenYpW}V)_eCR z@BYLfxzZ zAezAsi51mBdl@UkjC~jV)V)a{C#JhPGo~1OfiDdaI)F=(Q4j)k7vY=G0YyZWOAyg$ z02Ng!fj*&rVf}$!XsU0bIH#}X`Hd+=mNat`zB!AmE%}@5=>e98{D8$Fm`j6!^?}3Q zjvhh-Q*{pTzuKrO$=kpb;Z6`R6VV*|sw=3F;5n>TkTe{V=p+T_C~{>Yse)S(9iI$} z10^-qQO`IBjjfa&zqN>T$vCS5dJ(Ag$d)D&0z)w72XJfjXufB9D3e_W+^5}qVXT58 z(&*&J-NMM4MMJ5B95zXizXo%NRu@bm?nGkng)mZL(E?=7GENr6*e%#H1dJf; zJumRd1C=l1j$)NX!8;5yiFFxynlL5^aPdaKus|T_yI2gnCzT0~sS4l+2jl2s<}ahQj@Bn~zGDlDK!S(>s$qjxAvy!`SFnyHq&Oj0 z4FyUW0m6gHlZV!$0q`ax$Tt>IK)-NDJ;hdo9Bgf90{jcWb_YAv7Ydbi`;kz@1U=7C zVPNH=pP*JbC`D+b=%=0yFpo=cF7#7L1~p@UPUr);7y9V`eb09+FZ>_vS@=)HD~I{%(Wq1QE6~2BC1M9NG8Y(kB{;kTQ58URg#x7>3UcG#1aPYNXfzCK6fR415{m6$G<-xv zyyxNHO+kWs0)N!Ec92m}R8nMes6#lf2PG?VEimiV5x{c*Ix2t#8R}NwYh=*FW!;7S z&Gdivh<~@8+i$52%xc3lWqOd>D9S1#V1pIdv6wFig;pS%qYn^zGAWEgK~-YsSwmG< z)uF%4kA^inta-aG$v^95BT|IZ^#WYkgr1)2B%b><5u z@WGoeu)l*T0~s#>e6*$XUG3j7TCj$G(qzHk@sBZ8zB_e)&s4!i`0p`MdffVb5)^;6 zk%EaHnJ5e;WI#M%|L(vYXB&cfP#HxHH3{>;Bh0Gg$O7)^(gCHbt7iW#l>~C*F%%#m z#(W{7iD$?lO%ColsA`1)n*sWUlf$z-Y^+wn@eILHhTk3eq**-x$RCk~bpyv71W-Ve zVYuy(X@t7~d%6g1;hn&?1q|5$F$SAQ6P3_FDr&EW89ev6zJ%SUU{o=>+V5uUGfBt; z{QY@i-Ie`Kod0K2^}B7N-YZ*Oe!!K@P`A2qt`=w=Mj-V~7Xlv4#cP385ySk;h}R!q zJ2Jf_*&XWZ{scikM3RB2XefY(FFCaMY-RL(yRn4epvG(?5}4YMbjYgk=H(j>KLkK- zqA!&Usx=DcqY5fa2s_{r{jr^bHW(uch;JmMEkfEoKpKgVdJiwe!YZ)XVLA8L-~R5P zS&Q{I*+{)bs5UU*)hq;b(;jHod5|zkVw_Gu%!ov2rJ`c12pNmmse}YES5-!FrX0c^ zb_=Wf6C+kjCIQsJlL*8$NMd0S?4koX3#5efYBQk6(tv0H#87Djyi^8cZlZVvSV<_N z3jd<&8K6s}gbZ}NLG?!{OiKcYhAl)dAoT+z27VGy=VcYt8T74;AR&~~wX(wl53H`^ zKSKQjFcRS4BopxX2b^F&zL2Bw#_!a=C>EYYZ3-QI0XJNcH*eD@H37;X>L`RA4HX*3EDnw_o zP^~$GVi)2_C`t+OL@cmx3E}`R#5Y|Zrl>{OhahX1Sa%@AfelLv25~^r5C{PbZ45O7 zJ_=Sgje9T=btDjCt`JbfZX1BmB1|e`W<@W<7Alc}l7?Q>sZebK80`TqM5U4u-;NdH zkpvUb1H5%OGcgtdg9JMgYzJ>}++dbH9Ax-9!J35?2#XI$5*S!$cs1%T%YOoH9AIf8 zLgi3cirC?TIsz{+#jHW*N`jah*3CIRN~R7wC&&sAwt7 z29<=;s<90K5mjFgxL&c*GRx7xQHK=_fW41x2s$0g8o)y!H+?(_i|zqYIS-$HOLp+$ z#sjfGkoccj(F545CIe~j|9o5Z*MzM8EV)0j8h%Z`{|jx^@5F{sZXt;Vz6)J~iM64T zmZ%(7H+Udh)xg&qN+OX7_He&aej3D!HT#p6>p*Y(2idXTnbyB&#||*wf45c3q+|YF zp*MWBv8>vGxuLtQT4r}Z5kMu4Wt8EAK81>z0Yrj0NWHYgHgBx{>A$PC|F33$7&cu)P!j$f`=b3g^WNd;KhY&7)({XgP&GAFKp4M&r)tCLp@-diC9P=^68b0c0@E6`G?%xh~WoS^(OmPm_gM7yKv zQ3`rN}(uERd-zV+(X(fx+Otp+Frl1AS{5D}8|F8h&fjVjwl7% z5SSNfx2*;>ZLD4On~Z#x$T7=KdEm&kEq683Bjmz9!L$PG1HOP218{taw*Vw03?ZEitrMwr~Tyl_b27g2w6iTNLfxpLqTC+ zA$JpWfIm(_Lqh}I$7tF?KST;8cwXRI^$nDP3{iqHjY#zYEB^bqQgm@hGp;xA2;)iM zV4dPS8$bz|kq_Ww;OB!?;v0zrnvoL*!w_JmD4Kfk6hOs1-zm)W=S(9ZtziGumB+aCt_e*8vD~vThWXrf7*`j`L=(E1^t8R{JR!( zkCFa+Y-cRW0py|RTKrvBGjnCZHLV2Kw7iF;4>=@inkY0mAEuI8>DBH_WsNwEn_`%UD7@fn+SJ1ie*alEOgus`8cPa!^ z1N+@qgX$dXw(4&;{_6hyZu_Z+2o;eCAw6wi5rWo&@M;V#t9zPca49N+6z!p`8y*Pt z2LHP)$-^fQs9wAgj=0$^(Gm0zgvu6N|VE zW0VOb0FeuB7J<10x=8>oe9S`ujAa-t48Q|?ki|no-ir{x7z3saWg^o1VqJc6Jgf!q zn@pU3Qc)a`X2mQ7q@oBUE8mie0!YOO&94=Q zR@^{B!_-p7KJx%45yY$@Is~{~6y3pC>cGR}i9**X@D%}+%^+4{1Vfr&1$jZt6Vzs) zh63jhd>027f7nB(b7 z(?X>q;2$*!4=~+=wGIxlp#XHPciLL>% z-o9SHvfFsEDb!gxFAr}|)I6)^4b&17CG;!-)uS?$uDPw2D3tSt3GVJLF}Q|HkI-~-vDcsLZjP(+lVYi??6sU;fV>j@N9FauEU0~a=w>KVm7 zVg!bo!u~5FBjXbc{vFpq3T8gY$iQkr4`7Rg(4%MihUVrrR=WD8md0A5P(T3vY^7^p z!2Fq6&_`Z=ny5D3gthi;TS(0?HLx|&5(T+*m!-znMqk-rlSX&_SF2w$M$ZVk^nYtV z-LhxbS%Lw*TYEM}KBzy>d>(8NF(d3BQG$`KzM+<=E)D1=q)kZVP(%|?6eZvsg{Y*r z9t!kW>RP~4-cU}2L>JY@$q+G#(fe%DZc^ia=dArLv4c!|&K*3CtB=1$K<0>KZ!RqY zm|ReO785w{O+atJJaGyDgo2ta3DD{Jc>}w6`f(QSWGR9 z2{zXHTB6{Nmt&mO_+DhRG8lpOY4s0Db@0RNFW%lg{w*>_IfTaM0MetmQ-G=w%S%CK zBhdKXHz63CEB2Feul>kWs|Pq(8LIIhM9FAmFrw_;=pT~gpal10y=xQ!R>3kFNU}Egp9ZmQ8I24^s=XWiL)&)HgX}NMUj6+oQv8X8>pp@Ul=uGL#$`4$7%BH@_791f*~38$w7;NxclozS8Vh#mQvy6m;UfLc;a-<1 zINIo_KF2^K(I2RG$M*!sY-})s8?f;|BtB+82R-QiLL8|3zeSY)N_m05w~O)givhGN z9HIQZ1wf?{!+q(45kCX%{AX_2AB?EKbg|z39&z?gpF_57uY4jb^nu0b8A(V#+P>tF zfWU#*G5QO*WWHn10Eas~GZ=B{V^4y^{m%#t@7VW-)n8_eF8&s&Spg0O)gnX)QC-O9 zK|J`@fb;;5@0@-DVqKO@4>acQVioUV{DeEFF*haC(E(O$&!<=(Y!p30hc@0YSh|12 z--zA^FNOahPwBvpQkG*BJY;L^hrTe118Uzz00#4GC2o*rl%Wx|gFG&QxdaU{aBZZ8>DqPodm7*ofSmHfC_IRTE@9_Pg0L(gXWoD_tfQ4SO&V8w3S$>5-5@wWl6av(*d z-$>xv_@0{ZE${>eEoC8DaP$L8Chl&F6iOuHI2T43o(^{l9Nlo=L6S54e{?HA(Qq&H ziHL}sy2*aMDG15|2RU3O=rL4`6tVjPo&eH^J&Ay6ht?QqWJuFQ7ibtI1kzf`zL1*& zM?K=hg`8DH5QV+U7wDbfK@9W?f5w=qQOn&4F9;-nLfu&MDBNj~wu$s5NU#T{2f+2B zRYiUixLA~1f{L~UAmUeyz6#5A#rf$;fRe^8IA%5}yr?G=9Xv%w z>9*({IQ|w?04NWG17N53m|j$#7!{N2mcjIXcp?ZOb<5*hDq!!3l`XuuyGcx~|DRZY zw^(PJ_K;IQ!OoU5)t)X3+ARDFXVEwJ|6ndNh+3j$+3Qm5UI3u-;IYfznmbb^`hR*C zv4Z6PHXX$TQqg+YV}$S6zKk3j&mUO7KUO%c~T%{4X! z=mGc*P*6hDo)j^VuJm*3v!BQA+gd-`KE3QiRe&ckQBdeJuJjMIuD`iGdYc6Vdj$T2 zZ3h6if%n!{e@F2Kq#dh9@xZiS{hCB(HyCB0^;( zlt4))Mn*t_C(wM62-u(Dj#hNpMDkJp$lp?-2MdhN6e)Gq{9-1P*-(JKuxR*s!A;@&xE}u`%K|3EhVT z7&;<;ej^hclFZ>qCu8a4@LkqWpqCgJ1*o7IGt+}TOqO6kL6z+Te4#)qc$eX>M!B*8 z@ki~@0g7#_Yi(=@m~K}b3k&x0zaSLm*}<@)7^~*n*8)?Qm+yBsVE4hl(v|Pr4*y#r zKe0kap%dXBWE3l?U@k%|e}IXgx9^=#(8ICLbcjOm3Dg5fIY9P<3DjIPT>z>AM5UPC zc`Pg7|GzEB8gCCvpE--&Ze)h%m*qxg`stYp8+dI0emKI2MDlcpa6u1q|NsBI|0mht zecfw%+U7)v8}@S0AeGA&3>D_Qunv5rPdfVGQOl=#~s3Ce9eO(`K7}ltsHsh|USOa9SEiT|C=LFl4AA z+b}k1BoXv=HqI`AT^(QLTTH9=sy{lpyUR^7+0!@Qr?Q6pXdhL&Rwv-E@S0~!o^>54 zpqfYvr8Je$n#r0QtqLW~HZQ2XQXP8YN#y$Twc+Nnxu@?dt5yf@{_A<;lCK`;pS|C+ z?DVkqPf^h;VpjSKu38fppOC1!JSjD8?K;nt^z~WUIYybe`5OzeHWZeWZi*hoRx!G4 zb4_hn6;EYFUBiw>_xh3Bw(i`2;Gkvww!M1}H8rcrV|%~h3`s?WEzH(X@D zy#4Bpn+4T-#@xF9VEvs__Z~ib9#{P0^&8r&w;w)wz5n#JYr#kM$tF~RMxm$NQqJ#( z98z-S5i`3TEPLokg1{r&;H)k6#l|ZqjaxQ(#@Rx{wUUB4x3lW+9LNw|)Y2Mza{kF| z^#>zbn{C=ps<>Y2Ji;ypw zD%DQ3lT-2+C4^quQcJ#Nxq!RAx?^`zW@Jpl4!NS@Wt^wkr5o!e9a=qZqi%KMmKyzJ zu`#QqcfKUHWGcxWtKRv_gC}2q`98uf<@JK)HdQVscWr-kxz6K6zQyi_Cs!Nw#c?ra zA~9}a8^IRKHUo(<9K;xF!r`xM)DB`SFc#4FweCH0OcyQEcRmc!m{Ip*hH6*bvA=ftSy4neJC zws#f=Be_C@^+GuVL+vN8N?sLbB_8EwX_g+%6O@wTm@E>Mn;I0(y)J8sYx!K?O|;nL zLWd#AiBnf5kSnXIBlqZ*`mH+XIIO5vWsUZ}{kkW0myRhq%0oY|oO^_)?DVzjhGC7; z7iz-VuF%_KT02jl9ep$HLhg-A_rrKQo;7`pcZE#cILY$^FY_2ao)#wgzqHhjq8yfa8CK=z9Gm`ZzNKGpCu%lK<1YTPa7cm5l#o-Q!>iX< z-aNXf`K@#7gR^(I(r3n2KP(K~r*U1g>eL>QZTFXI1!im`oXWfI);B&LkF#$s8G)BEhSQg6x@Sv8$uLF|!~JDq!- zCJ1h7vkFV5$J9T0qo4Y`bMBX*W7W6V!*iFbq+J$TJo#~K%VH(T^##!mg7-M-!X3sj zE25$%>WNG_bDnM0RL62#ks(qcj^j$sQm-yB(pr_jl9%U}j%42Ca~*oqbjl}fZn+2wg(B}AXTeVU=l$exinys68JUB#r z%yxt4T$B72vt!n)YNBF(rN zs7JUnXE@iow3K**lt_8*n4o#0D~nevWS3*(^@wgDa&hwDp>4IF1_QPe>%SVr!vTIZDlS_1}MgFdKnUqwoNaf{ldb! z*(Ot~cX$1@YFNjT(=S5CM%=t!=El2%INf1+t6j|cB?r^)6?or~E_aK0eMdEZdFy;- z0&m;dOCxApMP-Sjg!r}y#E;?QbDxz;RVd=&qI$Ro$Y-hvuXvDgNzCmy)%$iLDKV`e z`NI5R3+E<|5-eF}-FYT;UY5wtp(D(!!<&pPlJDNKozMUNNcv>=H4})0Q{|4yF$YZN z&3?1Nu5(>*(G1TF|42zO8|{D(>+{j=IDbi{PfCGfActw`Dxz;n z;pK>isdnM*71N`=@+&;j#O2dQm2#9;K2XS;;^$r-aktH>cDFG8O;g7evK z`NJo~1-2x#^A**oj*D6NB99t8?qySAQS|-lol7I7o27R=emP;sK53;fJvXK{8#kLh zyCk|<(8i2!LJEREcMkCV5{F2rv->v6Tdt@-LgV)^xF`)($j zpBMk=%7gYxPbS^?I{7)r6j5GFmpLO2w_MX-pK@uhbn6f^1CKK!wEP|kJyhc7>MGhD zN2uVP>@-$icZGyGe?*g2asJ}Zqrd74)=P|EIgON`y8dkG=8$V-?xA`wJx|$ISi5BH zB#LOSm-jd|$t+`7Z1JA-_*w79OId{tuZmwZf4sj|j+kwY=L4n6qiNHRw_NjW7=EoZ zfj{y~q}7Fv{Rh4ZZXPKwKQnxP<8Hge?Mt>!QJl-Y^A$&9!L&IF z&J=n6ns(18uhf%09Z%O8uA6VScC&s#wVk5ysNJuG7R7u_^BSLc?N036lK4lX;J&)P zthU^6)t-+6TUY3g^pZXEfo^|xj(J(<*e@))t#_K8^Htn#jUs?JtHUFMnY=u^?*71Ru9R@(`|j;Zl`x0M$zXKQd=<8Nu;*qX{WT!WA@T_Rj8 zc}@BIslzQ_9=UG*QRA5BjQOhf^)dy51UoZUhifcM>fAfsM0obnd(An^hpeBF<(>Xv zc&@+Rjy2h#@vkOtSh8#9_`D#^L);tK$D5VOPPLA@C#!zlijTS^lrOJ%54+znN`Zlp zY5wx~*J3Mn+xa~xFUjhMf)iAjfMvAf<6 z${Cv>Rvw@A*5V2wmshhh|C9EMB{CbVH*NK6Q$KJlnXqmzRZM@KR|Qgs`TaY>bwr+9 zIGkVQaPz60wNuG$BJi)7EIPA zf6f--4-h`QUS2Fs=Xk8;7MpA-j>@ARx_csDDMqg|In!ylY*_TtEhh8r=O@qJYIs|4 z+`08LWdaZJ&^XQOCoc~lzQp^yC7&1DhcBNhEg!AbpEUE!r}Hl#9uuXGvy-mMvrtkW~M@xR$oa!|71tho2AkIFQMObffsAKPjJU5ymD$M6!^ zP^S%2h!%; zTRTr(8$rIWIlm)*M#$4wyik$_P*+F4L|RiX#s{B$xi7WXS)`s8C%lK zd?fV4ho5U$NgT2I-lAv@K9lH3UWH4JOMD#Hq%BLS*lw|!Jl1hRtk{jP3>OKb%Nyg0 zL=@L~-W@KAldnttwX*xe=6a6vwO)Oudz)+^!xq;f(a^&Q%+AGhG*d z2#L{M^2kDvd$CE7Yms~MTY>4ST`-5rZDLXwUYmMHyVH{6O+ckgFhGq%- z`=zBK6aoA4J4+oiBl3dQ@tV2w&GX|IHJg@c@Ylu(w*?Pmk2>R1u~ykyWYvb@99$1m zHeOick(=|<)Miaqjg(}fchCr8q2OpU(~S5-LjDDWC#nzD+0|8SnqYKSQXr*RQ^32v zYo{~yc3q|Hn}=}^UTAKdZhF?xIekt2yZqWCJF`X^?b2gjFe>{tar){m^^Fr%oGd7m&%-1NQjF_b|bNhJlZ1GKFOPpf%yz%M~ zigo z&B~xEC?0`XDV6t~;QTU+E$6ecDCg3Iz+GII-Nc4z+$D=`d*$}{Rk_YWiPvY$r*9p) ze8StAAi?26auDSK3@!qLLY;LEwhCe@JET<(_boJGe2_@@mW|!}N<#Ofq z^;o%OM;A_XuYS?Gc;+vZN)Ydw;WeoHdJ^rT6_3(7%hqAKZ1tJRlt z98b=Xk}6FtjSR*uzC6TJamSe!u9H!zcV}(-Xz6q+GDj@0a>>R`uY)V+@LRgfN-U{p zT_b*A+lc(P(s#7mf~8U>JhJ5}9XsK4qoaxRw(~Au$!vydyUJEZ+GbAPo35%~DWoQ7 zo6moes3X&IT7;%tJhim6)bitOgVE!Q?wn}9cWHZ0hP$!D#dcrw=8BmkmRgqYxqenH zw&lX6oZ_RLXo8R4R@M`UJFWH#T< zeRU+>Fx8pw_TDmB#;i`1W z+>H1zrKFWMOI)U`i_=&?rXpv9UP<%{LlRHgq(<*e3G=r3r*2-GS)Wfk!M1JAf#Qam zjg?DI9dEmM$Z6KmW7YM0JM&wF&*U}TKc~DUrl9cZgM-(~rdMp5ePP_XQSNR_h&R1U zH}J3c(m6ukWR-~8;;zgnn+t2Q<47XzTm0=$cM-;?+};%ttdlbI2rV{8MqHqNXf3yZ zx?hvA1lPFKtzYl6jpr3Tk*BzI!=A9hLNl8Q^cmzM!M+9(IulMcuaR^g=`-)k7C)gA z2ckkqZ|x>zkR{u6j+dy4WNeytd52a8Raj?7Me@#&Ty1}|cQb9KY3)^fliTv>a!Smr z%o1I@d#OngAMci$IVxUO)avxpo~~L?@>w#+f#;e7MelIhu#u`u!VB)5Ge3Fs^^)6e zV$I7YjXbt_hr`4}LY$j2cfM=5Ul~VCv8-tvm$hrBcb9C^`w)8F7d^?ZEyuX%huV{7 zo{n)+FuFDGg=6P~!r@ONo+a#a+~}@(ja>cg#OVoJ72h52A~e2eTR!8+J#N1vZT6R) z##P^o^_=Cn+Q4_bX+zS=($^dvD-P!c#ZH;>Tv>bCW{QHZJDp4-~t;Lb&9;MZ$Z+1Km{lCww>Alp5X|F7L8fe~X9TXcLD& zSEGrive5$GyWGxGKHTCm*ZiLcl` zH|wf$1jv4mYU@Qzj@P8-yLncfc&i~Cs%J1srtZ9I?o46lhYG_*Rv4O+wU$ta)e3R<w-rY<0va)s~e(1iFZ$&+q}d!muG#5RO+nr zpXtp*F`TZXB+j^3UWrZRg)My;6;=jQ6aI#sT%=HS}8n|??y_p_R+botvIN4gf@pRBsy z{?kb1ooh~fcI^l|Rq{ryO4#>Z!+N!q3cF}EE-8nNQfl6|T~xWgxmB#tG=FnS)fA0$ zhZ8zK9v%I}<>p<)FwdqEareDlf@gv{ zm0Ip_43qe3H*e|KL&Be_nY)f0ea6opY|&K2Uw=KUZnk?IG|g40i-#8;^?QCv z?_))sD`C_@}wvjv( zf#X{B3UQ9rH%XV83N$jG%LTR;ic}2eGvMP}>G_&4)ggSRhEaX8@r{<@>%zzHoRJ!_ z*)cotJ-gY|bj4MFm#CzUzARQzz}iIY}}qA=g&VW4@PbtGA2&bZ}o6`xK(7iC31zy<|6mAvISH9MEwx z+r#5!P)(TAde4u4)*8MBZ|dxiC6wF5#V&sxh~4ZT&F<_S%^4fzG@r|VO>7cdoI~>3 z7~YH(oM{d#M`on^Z{UwB;vbTfLLQx1UQs!!dPVlC`V}j)wzHS*OkKLisiJiM0fCGq z<96?fY}`I-BUdmbdWn5axkJLb)~KA0`h)upoEd4`aBAIOQKjReAC14*x}dK8uXQ|I zuJE3#9h)(sIZxvH`Dwc66ozt+5p^!MDkvD!I-X;j!HLcxrcawl&G&V>tcSXfeXcTu zuvU1^s5rhP11_GC$1NN`&Zu;=I@HR&MR_mXDRufP=~abt!@iv7hjn> zKAx-e{rD4RYZc@^Uf}f~ac*?Hdr*4&iNM;B;rE4TAG%C@Pxp)`km#*8saXFF|n zMa|&aKjwlN;p+L#oKZoqCTvJIkM&o=39cu)5{Sv+Qzy=&XnI;fh*P@7+@Ew&=#G3>jTM zY^|H$jH2|Sq{e&Mh8)eJX~ZH&@0>24^CPpxmI+SH)8lY-&3^a5S2Qo$>;9&KB`%fs zQ_YhlJ@WJUD>tU4Ye(JHi1B(D7c;#`Gmd@RCBG_q;*?!wo2L0?Mf(RmTrk6eN{flE zy%nN)YeE;{p=4EEv7g#q<1A2!Dyl>M9xrco*;!QY#{KEBu1Vp}ipl~$si)f=k8w+I zl}}5!vyDRZ^{Tfhh?Cxa>d>~ph9`&GCZyEqwajd2qxl|;ttuRmx_4T{iD&z3NAHp< zDs_)|n)#%nD%GsYi0r(7s8mNm$x9>CAi=r27P{;hx%;6)+ydv;Gfm6(CDvu_SQY<7 z*~Uq8M)Ozh4b{!+SMRQk8AnRz-9n!HTG@MQPVwEfHjlP)d1Zgpr=Pyex7{F@YmCg> zE1a7jSx7uwa(TG2&yHJdssXi2N3E_tGo#G?d5QkUi&r0ho_pN=m`6z6ere+iWrq|y zxo!o^%bqsalfE`|oaGDIg$a9!bHiO`28X&o*4{~d9Vb@!zG~D4`%Ot7Pp0pGxULE`LMC?kJDQt}J4;IDK0w;ze zI|~1#_V%9t=!n6ic$kxp8O7Uwy$+A!ZHqjKNAWCcuVPWWXP>&TDBh~ou~-xj+!iQ` zm!6S{qIkJ^8z72TSX2yAyfQdms;VK1XFCG(t+=qmImpGv#n!;CfYjaaUB;eXJcla# zgc_?q8d%RBa_o-!mCb+2NOz@YGD3}t2B|~bSCkhJMo3LjjIq11PHUL-;dc{@WlrBm zoeUd(dPT5o*2PApXPzQc*6rkt=3U4m7q*0bXnb(IS0LU=hoE3<+gSH3&Rpe$`SEtz zA&TP{&50d0wlFa{V@v(kZQCbPIkV_>d>a;5$7RV6o0k~6h^}CtN86R(a0Xob{(E=L zx8uGPyx4;CWV6@NW7^k?IO9gk|V=rIXf3;bq^VDMYT{(Pr*M7;FXvMud zeE2x260X?%8QdQ=@9g&GZH;!$Di5FODA%<{({&|(&4}9va}CGJ>q(sztrtEPa?OR7 zE4j5ubvb*Tdawa?V@syKy+YG1qEQr^*vH$>TgR7gi@2<;TJD>AcV8}Hq2ZnEgyJD( z#vk1XZ8z>W^BOr#p1inhhT}qu`@ZgmAuU_i1W#UiVu6EgL;k+bA_3dN=Ci_Mgsxv_ zKgf|cUDw6&;6YmS4cE0Ya-EOeCgioO97#ISmNk!bFzxNf#at@#or}V3M_w>}M!8&7 zZfe52_2~Wi!{;TtEa7M!5p=@%B*)yqv(nP;&1q6vUnfN-%|5FPLH=8v>xC39AKbK$g{8Mz>qpl-MFCX{h(B{fh|MFyg9{>I~ z^Yue63clgtoO_UHI&_@oxhd8YN33!cdUUd|*kiFQ13 zaAE=VlAV=slEDmb_W85I@Q?@8QFNTki#NPH9Aqg=7x)rU8`Er^k{|bn?pqQ zOH_sS#zE8rr0i7=d>Rb7)>I8=^ z@s8am(5cQT;vTibFQ}t_;gKD-i8hlW=}-Kt61LqiyT6Nj;wJXdd%2Ilkhv4>?AVlS z`1btqY2MXG(l-pbWi`dN{n1PEz50n0j!9KTd7YYF#p@rLl*7R{WoU)K>#ES9?MfqN z$vt^J+{7m6b>@^WF2l9=x0!^VpoI4$mInuTqC+dh-Zr>bLf!c=uV zJvParJ*{9*^h)kWOONdp-*M#K2s4Yw@?Ehr&DPIb#D87>(!}?nYv+g8x(U#`gn34f zxNhnk$lpAYmgYPnZ{h0ceESS1zUPu_dQd!KRl<~K6XHItdTmZqvV7axxT11b=!dtw z0W@*{uO<(SI{Z7fZ>kskG`w`qa-)Ywa&>k-Iv3ytq@=o?=_a?m5D-Y_*NB{+U%A$8rfGb#=KUoWHCHeVPTv*W|lu!pw_zQ_*~wmd0oT5Hp}Z`t`7C+9!oeRp&H zC||aN8edOwy~wqEGi1hOy_=^~J~wyn4lkOcn}5W0ikQok9o|h%2FKN78^yS?*6h1H ze+d9yDStX}oO zb&`d~Y?mp<>t7r`8ckK+^UyTVO=I}&(01>pPln#oXEhh)t_`s;7@eHDtmD#i18+%H zRi&j}aT~e3orFro6{mhaeCIh^aPcVndD-W0Oreecpfb$;M%45b(~cf19qMrIp7D*b zr`|lBHcKTbP_v-qvi3%LmxXKl8g(9-OA{n)v@Y)4nv~Y8^FZ5PUD)m zyo{(RYTYg7_*I-6rgg&N-t99hUdk67h!4pc{hQ zN4zRl?#P$OJ#ON4NR6vSW(a+|<7T~wa=~UF4hP44xK0k2b!l5F{33Ce(Fv~1VT*!I z3Nz0-&E_x|EAJ8%srz1Oh#zl$WNW!c;4ITp_K8c?H_bF!bk%CEPQvE=8{+R01>HvO zmpd%DX3>=G+4@6c-t8RsX3f{e-B-9LsBCHASx240bKN@gobds1D%<=-kr(+#15Q!5 zOl^^m7My5&^xitk^s6_EhdCCeEWI6|_i6H_gImsaoqnfu*V@cnd>>6w-Ts*5jEx^A zn8lh#B-x1vzsbHok=EX15mcsdakthCuAmft-PfyCt|T2(X5V7*v7>zZnikE`^=WSw zG68jS_2b3| zUVWKoRz=&hC+UuNOnYNv-$?GI*{7h29d%=1QdrwpOVK;rTKJN9BZ^QuoR zdFpUnIxmseGWxA3ZSU+Li39~X5$ zM}+;Hu@`6Y?gI}b95shqNra51S3R`3yzt@{+4{m~SFLBeZkV==U*V-@YJiVxG~e0C zro^RtZ|4MPF=RAWx|zLwiPdqjO?T-=DCv}U)y~%WSzy9xer4v zm9OP_q`t9Drz(cmcHC6^EBN@Uht6qJCkdurSy6sx!>e-FB{N&ohGzIg*P2R-iHR0` zxNvn@ztQ2Wp4ZHXd(k7Cd_J5cfVmp4O8b zdrp_Jk+!vTTx+^uce!>y_w|K0V@REk9yjhf+jiylGoKf=4ws&M{FHWA_x_Eh51bs& zCu=VoKJI1q+c8l>E@vJph~IyHePf*ec)t$yOqy&SXEe2ExFo%e z^^q(#pKdiOmsmZdjJ@EgypY?0Q5?1vcjM+CtRB95bVE^dydkAPqg_J4%HQMpFb>Z2 zs3%csN1~3KkD4u!7qj`Q5cQVSs>7M}E00apk$e6rr8bIYutmH2-G}<5hN=9Vse5&m zXPi(y<05fAf~UQcmrU206s@d#zC59|W0n<1d_yq%bJYXEn(GBFO+0APN|MhPxG;%e zxtoI=>bp8dZnJoV&U?d{ie!cfFrE6IO@krOx!gr2QeAl`DiduQnVdL@_ zrI*=!UdhxI1b>`yz*XY2g4NWh{OuD76x*HN8)MV6Clsz+7Z-Meda(Qu!(p@K z6h(_2#?+NwAX#c<@((d8EOlHEu(?c(oc*RzXMttJCc!mYHDx;KHCmFTt8>0cZgAfE zq&zCl$?`*bR!+s6h0ZHUP7_jH0xQ}`#>o|TIYl(tymIx{n%b>!k_z(L;HoWnFD3iv zogAnAGUv)xQR*AB6V$b%oDEwnbW)Tyn>I=WNc%h(U%cCQ1RL31vC=+wbQ6C`(QCWy z!W$f z1sBtzxpX8#jwF)`>Yl3j3vN9n#C@?|Gk;flbaBnqyZLL!Ub@LCw@h?QQrg=yd5*F6 zrc#_66&G~o9F-OH%UQ3Lb8FL(TMri;u;<(JWOHC!`?Q)zV;_}ghTo1aS#;SqkDMD` z_h{3RU3T^Nk6IZzWvn;tjLkZ-=3fCbn-=(=2jBDwqZ)bu+!3yKL%z`8uNj+)yRLOZ)q2wdHc3~ zU#)bcoUIq0I*@#N!55WFi;O<`oE2Ma5wceM;kBAh5+(HQts1?+fU1O-WYO(3|BpL! z#`rr+QpMg$UAEpTR3Sk=pr6p#mSidI|7PaG+|ujen?0+t5KiQOwnk;cP4NH$QDXZ@6@}F2 zXCGKu-)i^Z57n#;h~uw*wBXWnHL2S#=22!JKKW$X+YJWO;vFNb3D>Re==kq6^ijwa zCUyCc*g2iJRE@dqc%4)?t7e<8+;fhPKgdC{S@4B>{ii9L$R!%JXSS^VylY`uu%xC4 z-xjy|yNN?=L$=Q`A{dNX;n5)4q@$C4N6RwZX81ML2I+_86SjOxJ7X;&{jh{!VBIDd zb}mFqukbl0j&+I`Qw1l;@{(R~~q zlM_>URag|CFI^ilCkYS-sj126#~05lSa_D$q>TGEsDK)*-lMM_J2H<>ht?&wgUy&Z z4eqTjHd&>G*DG;~EJ}oEWa^^fsO_EFP+aR{0a1&?>ZmDLV|oSb8nKU<^&NlKgrRJ2q7UM8k)E$p%fb%n->}u1*JI{Y-J+g zCND2KfqXhsyr{EG<)&DgCHl;}U%W153DsWR8krfvH)gi&I-@NLXxaY<6~b zXjo@$O>Iw4Pj7GE&O&5z%Kgf!2ZP;@@87@wI ze?}cQ__qgh&N&5n(AD3aQ-Gc!!he4P;cv0adog6i1v>rD;!eRFVdHyVwn1c36K)@= z@Sv^oeuPSmqIqMtLPGrgxqiehqr&|H6GLrnQtfWUC%6Rqr;vME8~j)7Qqk1R!pOTJ z-^0AtySbs`?p^0wLBY1U{W+Ntv7@o^gUKl_X%7A2VGLXWO-=<>%PWsp*Vb3+NozK1 zHtI|}clRtC9c;pehU3THj!*PWrJf=Wdy@PfGI&(QP;NO+a=AYtGV>IcE*^2ksSX!h ziHPfT-{9%5@kumgP3$frjeWtp+M9NqivI8}*QFkx9tED()*I2vvZUebHYx9lub*ke z$bF>=;Fw2`so^p+QMn)Y$eVkAR40>`n zvY#O>2k%7EA@6#nVP|PuKXU5UDS=-9`t-BptF?vu^g~8!<8fK7L6@);S!v!b52(6$`iN@$-%t79$CpdPC@S|k>j`sYE5 z3+pW>oB#lgyg#02jdZS~8OoJ@!YoY}sInj$<%ivYVMcqzEoMR3Xy{8%v|~eZrsz*0 zE^J`X)lP`P_u(2@zDhX3T_x)@?yxBjUEN1Hv;&tPrP9hFnn%X&et+wY*1 zA;Y9Kq^?-*z+z&^As(Ku_11qfFR+F+PR#9eb6l*AFAVB&K+ut`(j(2Vp2=oPRO-sa zBN~+ezn4-PAIS`06XL=J25+p=BiXY;sXWpPq0^7F85DRvaTJ*Ni(bF(@WSg!hIGpK zqNemTv3QDh>p5cv?AHUTE!vE^S+zW@6L?`-hF3EC)6PisnZK1f z#3w%V%T54$r)INkGdxl-lDmeC2Cq0|)#)vdPlKJ?$Wm^k%~GM+XrNnT-ps`2WEdT6 z!j(E?z~v3CttIy4YG!Z>uX{1Z!n?*l#L{Zf#g#PjJ_le zeFnFKZnk*6bS-ADK8tLu0|^@%ZEVYYUF}h|YPu4{ZAn|Z$|2l3BbpSW@7PUQP+lU$ zGKfjbHj?jky1B`B%Za4{%TR8SiN^ZN9fZLc$ra1dC!-&h8L3MKp9=H#daS5?4#wP! zs>2E0G2$LtkdC&jz?(}N9`!6|z*RK4Ji+GaTKP_(K$R!(YikU*&I8x8r|Dd(f;O{} z8a%a6Q_x&H)*PG`eFme6=S62@W)q?t!>$Bjg8V<$?*L0@1*b!@JcZ1!*DqCZV;i>? zwCjyqO?19`Isy}U@z7cH=?iLQZ)4rqX|b5tH=XuNJ+F)6dlxoZy%6P0c6*otqwoR- zCM3mU1wOC*~+dfwwgC1-~O@x&k;dHB%N z`lKYAy8GlK6?bt+wSw1-O_s}|`e{p&;=|#C__s$R;8&i*->*Hsuh+spZZT#rp+$1- z&L(@|=6LL0C&12`3|xCCqv_2Tn(yN~DGqIkP@vEPsOFf2w^XwD!i&Dru_|6=KxFmm zjBdRWxvYoE0pJX0A&4NGsw znw_pv(u{jgd)dFCdCj&FtVdsMKtUhHo-F}6#@X?^!d9gRT~J1!aC%bWS%!) zyX|nqk`?%ZrnGC`;lQORytjg%zDCSNKr0IUTLu3}m&Rm*8rd12n(d9_35MO1q=H8t zyZXIar3pdzk;F=>ei9_{ka3-ml*tl8E{UO|==7p(p*>&s#okOT68+Ef_@GFb)=LfD zFxnY<%$^*r%b6L@+t~XQgr63o60ax3?No?KPRq*SIRL8;`fN7r#}i=YTc$?Bz1^VFL2_L2F3Yv`zbsmA0y|HasCIHkRxwrNYRZk(6Ux|V9}XeIP5;_N%9 z3!KOnVoNhD7wVRW`LxmS<4nvl8{Ff5MixAhev{=xiG2FyMB>NC>x$PBqSv0g`xlJB ziepbxQw2C0NmdP?La&eA`@+WmW>oimVpBi0vvsOzt)zHFHLdjucgiBiPD=k`naBGI zI`S@JFkibbu?7)HW|@dt;nYh{M15Zi0^`|kB>!9%$$fUM8E$Kl-NWFB9%I~v{$bjU z6<$Qg;9h4l*MGyB+2zd!S@+^m$YATrP&=42W%3H3pA>Yc+fYWK@y!)doqu^moo4L;Wp2;mV`Gm~|k0()aA> zpoMh1;q1OK;f)SbbB4Fq-)oX?PUNv zV9_)I$AgyTn;WHFX_GGJKF1mFy728L9=)!qw{trgbT39_IW{o*>o6!H@iqGvO;Sqm zEdiJdaNEfH86>(-F%GC2D&z?Vbb5W$3O^6M>JfgJtPIH=$mSp|eoyo9ZUb@r>y@tL zSx$Q3ZCzonynCUE5tw{_wf3tA{h5O4{W{RFdRMr1mTzAelcU&~6DdB0SvZr;uJU`; z>dF+qgy_T!7%C=&RT^L2Hiu+aU0sO?bys_MkqEr#r8?~Yi{Frw1W^xl|% zAC#lYmQj7Dc-v|B7WZ9Y#f@A3!c2R2FM;;RUwlNK0i8&YJ+j{8HhAo|@d$D$1;ER` zHRvV3IjTxKd7CbcG*Q}c00E;ExqdxN=fND?2W zb6Zw)!<@&m<;T5B5e*X}Br~{u%>b$4r*Gp2aTdFsogI^D52;EqiYpDVKE3r$G`7q> zCT}l>JX#?ZZuHU)qSr~Qx5DwP3H{aGn|W}$vxd`K#DkF*@Y}@j+i5J&IAZniEDT?< zsOymovr)b>+ZL^FTsP_Aaq|WdnCLSr7+bzrC5(7A>9$cNg!<{h=?3U%!0n`oM3s$1 zji$uol?YwT+wc71`t8uW({&3el8Q3o8q0{5$mL`f^jqMxdEqo7?>PV+%L6?+Dh2w; z$%OlJuIO6mOdk@;_&}kU(NX%r&#MGAJ)w2uZuP~u-`LPKPhqDNv6XXvAytfM$^^R$ zwp$(QrkdKk(Rkll60`?X%tRdZ-4jDAaV5okEs}Aq!o(GIIq>?8-3U zj=KXv=qcHTc;2<-JD9+oE=qWzMYhvarmRK52mb;Y%>0Nw+F?qHSC3UP+Va5?MOQzC znN3k|cLcq%$zS>eV2V>~TL5Q^4h7G|i}B!hZ~}@;*rK1N6d!a!C=Y-mhhp4~^rB>p zr|b}DQwgUd2O2p1lAiJ^Ybga`iJW4QSZ=8bl5P9Bg3^1dQVdbnjqQlU{P7 z)bV78sHs4R91Ed*05L&HsrVgY4h`vc#JYH~wnQP-eldve&PPfBjWFvi`z;u}@VZek zUUJU$=}ZV;CG^-_VayhJnzvy`T@SAyt}aDVRh?$4e0VE&Z8TJ!gfwuY7!SeJ>y=yc z3D_FSbBf8uvnfVH0D2ODjbmZDeqJ^^9i1cU(_%S-5;TI68v!IqM)}$Mi1zB-GRhK$ z1CA7<%3eyG7IB}mxPaU&P<2iW71`>gHOi{-fYh*9Y#TzH95AEuBMDnX!N+|7T$PLK znD6qq0DlhXF@oe8RTu;mYID>tRns>6*XQKaKRUSc+`ndv3aH_L?tZRVIVeksZD5Ga zd&HsqDyL?(rXFvuj1+P&x239Q4lHanYUNpL`Fc=J_oexf zM6Pa4%SZpFk(wr)z%~h1IzDu(HtnkWLp*>SW6?GS?s2Qabp4`3*_YMUEi5CqgK7iG z`tKa&JvwD)pr&@rFRe-hCAkuHak=ewfrXOB1t1IHQ7mvZPrv4%7z^2K0a$;#yXRy3f*`Ew+EJN- zxn&y6rkg0g&oprGQ&kD^^x*DHkD<{pcifQZdb{;TozREmt#kehQ0rp4XLxEx>fF}lMRYV656$zh25*wdLYHfQuV^t~?uiLT9I z*M))D#hiQd&}S6Gx7WLDW)k(CyEp^7ZK*nVj4QjH${<|Rdz^zEoMSHWL(V35B{+xA z_*CobRL63trxRw2Ix(jr@`iPR*W2Ge*t0jFp5u*VEeC=BbeoSKca zw4BX=!&OG(Oy=a`Aq>WSH`j^=zBa7K=50%i?wCN1jK@UQ2c2?(XYn&4PLo=P#c!Mo z%7(i2^1D7dcbYMw&%S4;Zw~z$XYit=(@~?YsBS{!^8B-zX6=Cc4~%F0^V|1l$Dbco zm#<$!zudX|xto@IA&M&(vHpnSi;etD$)muB5ntG;KACb#k#eaCf0$#?;LI^2OF8>U zd{2d7`0AHw$9jm=lPa{q`>&~baD)1`ooB?Jl-tzSc(^R@sWvj;_8kYzRjtkh;4Ys? zbUIPq=XF{{O1K?=s-)dg$w^7ZhAr(ZVf4?-)28@oA(ytMM_lg>+1+dY*4#scv)q|m zj;7I9^lg&lUcW9)XG71b2X)&Wj@8#M%b(E9TnidyuWgJEZZjM7Y$c%3kaghkV;6n@ z5M;w}$AK`^0X;4r==)aj*{H#(08)|gq&)t~!sW>kiQyfr$=tQ}iYJ#AP4jI(FI5IU zF^X%h|1y7k*#GRPWznU@Ah%?wuL&R`wak~hKU9~E(@wDzCmFzIkh~Nvoz=KRn_H^$Co^e?#hoQ4jXEfT=eVyFd2MA|Qqs)y1+{GBeW@To_q)w$gk-Od#F<3*j1JeWQth6Jz_Bmm zaR}GxjInp!{d{+Kz%Rt6D!$n#m|tqR5l?J{H_XFx=*9*u!j@Rh?h zGpf_Tbq6R}ys-gZmk?+3*p=qQ@(tK^i;Qc0FTbC@I)0kgf=qvZ>#&|{FKy+>gRqyg zw@y)xBT|A}ZyX;Vb}avRi*Wcg*ow}GpmgF^cv_|oP9fI%#_Kav_U8h}J0Cp2HlEg* zVaDoocSl}hZyi6kxP3|yeS;SATM8sD_#dK}F~5jn{=7#ertaJf%+~N*KkiZaTLxwz zGCquxixZWBnU?f312a4Ejt3_@D+@g%Jt_l}o`sc-jiV*C81?OUXIE@dw+#nd1wAzx z83~E}_|)hO89gmiV{=O1!s62MLT@*F#mIyl$><36&d$u#<`@wfH6tU_!?Ir;+m8gKHG^guRk*Kh9K-M#rOlTAY2Ov1BZcVrIiwD1j(8_}M7v5aDhy z8pfn`$6%_38KyH6t}zD?-oc8c^gLLPaVjl3Q_66~5-wMl>BL1>Ba`bQ8sju<;evg8 zpOSqImx@7sXR5tcU*XC-ITa92Mvdiee2DgV;*$Xax~I}{WY~_(M%FA5O?;zZJ$xpe zAlx=!5K|Bg2?r%_#$)07P~?FST^=DgYy`@;&=As;=)i##S?gmb1Bvz768VYl_Enbe zT76DfGq3LTq<%hj<2L_8~kGHr4yu?ZeJqsRM119$oeaMs9$n=r@ui`=l zFRa>bUw(2!r)hCFy36c=#Pqzj=l*J+P3UV0TnZt-Q`+9^pfMW~pJA$v%gY9o>j^2K zn_Wy|P%lHzCrY|3brBEzhZk+j%UTtxsH8Wv?rdIF)tj-{2o z15>J=(PI#rwq8t;Cw>6ALb`1t|BI|m(qn56agL8H8CW7&Ly1f#vUe!SvC`1!q)^47yp8E0h1t*=Ab6EK|EVh~{A%2EKJljs>*&nZWSdZV+!5tUpB zMXKD*dlXRndN3SFXb!DFdQ(ioa)IEMrW&t?VGfRlCD^fzSKHGXmWGkHt04^oECx9? zGb+nmK6N74NQ_&026T}#ej{g=5-&9g8A^$0+yTJ1+f;x_v{)Ixz3;mO6y zxpRXOtrG!SnKGywM)%C8snU2mJB-=*!r)%v_$$WyVzX`I5k_xCOyy(fG`bV}g%ai( z2YiEKnP5$sG@KrHOS+C9u=7&9$*~RM+NBto#~cK=lf8V8XPxAhum@XhubJfD!Z7___`g;f@c zgPb#yjXHfyqK%RJL`5d=Oyq8RmPzj8riuHEwsuJgB9sI#`V6c`_5*g(8k2AfFlw{n z#<8BHGve`|S|UUES7iYZ6k7~8@dJh5gQ`c4|^%=T>){x`J?(J{066p?jM@)K==-i5Wowd4NctT)^PlaE7Z9yHGVDpyrF~T|^ zqoH#_3b&-jXW7b>H;AE2N8=R@E1PsQ13?J>N^+!7_~46h0x;!$f~a?SS+Xh{BbX4) zXjym&j%O!;w>}qrBx_|pnRS)?N#t!W3XpYVnxrP7hBM1G1CSV!_9>;Cp6%)N8xW*u zLxD!9-4{|ybFyAOyfa=kON(uab)`r`E=*S#S}BN8uZBNJC8B#piH{{K(^~9JjKT>W zUP9*xUhhnha9PL^Rlw*G-D(6CPSN<9ejdw+fuXn?sJY z-Ec;l1ELhrK>!-uQ?DMcRZ@6fD{HBG8$zih^_mZn%_}*Z&NkeM;1IOJ-g?+fkb@l* z1R-4tOt|*ebBc`z8I#vK_;Gd$bUii+jIH#%q(o`prj(x#Htq#STXLAa-BJ>Q`T|UnI)2fs#n#mMUM7qHGVNBO3yz3ps0VWw+h@|L8o&Y>c z&yPEHgevZG?9+19PfK@S92i2#ZUPLTJ_hM0Md0aUj^a6Gvzr`Blpy*^F?Q z&PWmy(_*@D`z76d@w7{~06AUmVVGQ-E~5reYjl~J=&dYq)0MFd>*r`N27v^^Dn24e z4l|v?257Sd)H$XGxfu}$4#i1F?|J@^stnr@nB=C;L678+cxgzgqifcP%K*(3o2ux@ z#H?LBt8vPpGHzfQDlDm0mhw=22D^tNS&LP4GHQW^6U+#sws5mw<~Q;|ra~_ofcCkSdd=sfG2twVTK8N;njGjUr9ecFo6ohD8POQl^=wJt>*z6G)~{)y!EQvo z>dzfo-+Q_=8XA^F&^FPkg;)P&YsxLS@ZmE-XlGzbu}f|p(ZtitsI#p;ZmSe&1)NL1 z)JU>7iC22JV53x5^x*A;fp_~>$U+A}+{cW7$&9gxU)Ie$cgMk=t$8co(OnlPwt~rk z!?4)Bi8Mq0Iygj4Ok^@I`S~n8s9(6h>AR6Se%^y(7e~fODeo?-; zZ|W5OzW-xEH?bB|xs<*$JzH~HiuxC_r8{2bJ$pw>aOtM;gdBk);EnfbP#RMiY`!pL zB(wO72jUWR&qa0CMeJiM+>CO+yI-J*6%8YP0rn{B=%w>u)XwP^4sO07=JPzCaOT%^ z(~mkjpoZO2VsqZQ+P;llrDz|N(R$UK&rWtld^OB71FmY>eYF!4r8F~}eLE8HmErm5 z$0J9KpzL8btRWSQ4-ZfM_VYgJ5a6+61lN+_X6xgIRysZ|acoc3ylLU8qD7epgq%5O z1gAGk*&za-GPr`1gYDg2m&-$%NCw(A$c#_tmF7zP8IEQhKWDJQCWZz;81Q1aC1vo&a4Q2a3q!lI@w!WJY4*lx{n3 zg}W8uvchq+OK+F8f?GC7cnO8|-bAV-atXH+9$=~Q<` ziRj9tiUz$8nWblK1?q}HWW5#*cwZYc+;fvv0n32qm@P6k8i5KKUS{yLPfok)&3Gk- z3xD5Vlj!DTF&KZ*+O8a|z8hkj%>RZZ^uBaP^$LxCP6kMuYHdsVY;#c6y@;x^z|gWM`$nYMbLuaTQgq&=U`P{~+u|vQ;WdTe%?yT7Ri_eY60zN6 z&iF4%BF7>8z+S(=kdn5^U4Rst5CNqf%;|_CUo}GZHIQ3K$M-A=zstD3^FZ)=T2s)qoh8~w@idb_h z#8xiX1__>em*cgFB%BP*pcidzrNLw}^$?A;-zb!(jC4j&p3xP7OrvgDA_FLQp-e@f zg(1$v$_yK1F>KiKx>iyB1afDYqSaH6YcA@geNj}0V6_Y--{%OYrkk=iY-?C{x2wM)#V z7(9ckVn^A019F7YQ5yZKu_l{9R*4AC^L4$b7b&D0|$^SQ;Vv4~}FZwunuEa8F` zs?w*Q>$%`;AT}aU3dwaUcD9G{8J}AblGW)z+INq{2Uf11%fqGjb7H!0l~FdW2iQ+N zM&hit&FweA1Hh)NGJ@JE<66Pkewk|rEpK0Vo#9ogT6~G2lcg+~41LH^RHKYYC*L;Y7%ihPF)i#&uju?AYgHlu(u4*Qz}>zHS|=aD|rT- zrrMQb+;wWyl`9EV^Xy8?>xzIUJCABA*t@!WQZOt~)MB;cdWBp?tM%@osj8&mje^!= zo02UcYXhNgC*A#sdyQ8*)&!u~R5#lcdUwYog1VVp<621kdd58x*J`Q+KKG!n)r(U3 zOuWzfV1#i;vVR-9>$y``VO-ZY&oKAwa8Y2F&2j%B=ZMI)5#htG$T<+wm(ssDWYL%sJXoxt zR9gd+0=T%%PqnXH8|;<~l#LHpG-)^OOxMlMMOszd!*-ToZ(=Hnt-=iCC>q;>YS|of zv@H!iQppYU&LN2J({>&fSnFHb7(T)t;q4t3b?z^f91zACKpsv+!3(WAjO!kmEayNY zr7*TXnYffgqw6M_HlZ|`pctBxpeT&Ue3SJ2sYpb|7-|2FrpbhjzPlC^{y`Hyy%XZ` z{Ssd%>S<=0@~xG=Fx1RodgA!{<|hwxIFGb^oyk@mc^f#ve{FU=sNecVx25q=Wb#aR z9jvz(Hu-gCcWqeWYv(Y|z;bU_oryi(dffvlz4?6NMwTM}XJ`BS z`*U(~JUu-X6%~IrfV%7%l`9PWnMC=cECTa8fQw0^)KoMShB~8cGTBr-5=Fqsz@>o% zLO@`!J&6XQWFiSJOU0Iab5IFj(+2a2dki8Ip=eDc%B?RZz#s^P#*{YmH8eCKJh(+` z)qIk4%&WsGAzL5>;ziY)eREqQRbjBO4MaeWKm2#W` z74+#8XXGS=x{wajfJJ)LUzo$?GVuqU_~@Rev=r3b8bB#_(P7oRwQgePgJCJ>j;_~n zJjQsWlV7=<_xh*04||_DdG4w#es|64m+CT{6G>`aa!PrJSZvlGu)8|f;m|jRyR)SB zR>1p%*eAt;0PUk2MY7*Eqb_Meo-XSm#ih%OLRG32HbW@D5ru}>2bIf)WJ~Xh!vsth ziXFiVx|$kQwtHJ~eB*4}@j^@X+X-SSB<6nRZx(V~#h*r}sbBs;vMgO=OU@Ke30ok! zUP_ouq-w>j%xE!FzL1iBQ$9jV#<4oRM8-BaYt7KxP&~tlt^P%x6J;^^!`O+T^g^Y! z_9_-NGQ%>0f=lX(a~1%=PE_P|8S>1D8ur30m895!Jl3TenrjrWwYZWEh9R{a+{Z`< zv!HS-$q^Oz%i&d-Dr`EzX94Z)=B4^2u{V@(JEn~boA$BDgA2wFEEMgGSg38u46*2| z7#CrNVL>0dYUM*Mg-qpdePCzxev-m`)OM?7$25M- zJh)n$zFH~E*hXnA=cGh(FCQ#yT%7-{tVY8lAV+KQdrdCG?6vPzsj2{*_mbN6Bo_i8 zUOM=BEw^glnu!(+V}0U#uE$baoL4S0TRd$kc~f?fXgGJQ>^E9X9mPHRy7qqV0TZH#i3nT8uEFKXt74FtU%|MRV^+nzn;=-H_9Ud=7 z#%^8R6DPQRH?9zJJ2mg|H3Dz(eK_P%%O#%#{A+swLc%vFtMES?p6Ktk1D>2^-C(h$0L8nw5 z^eV(%pB!BE#j*Z)YlQeyXL1nhNa;a@3Pqtcq*ddJFqvdB1Pb>6gzd5)pUu)iq96;Q?HB1@EEe>)EDn3u#MPOM^-b3 z#K*ctt6XEZhEinqHn7svFu@80Iy3oQC7M1eWA4+6Ka;F-6Zu6!Jk^aj5pnq8J>d zir-d?s!V0VZSSBhLrL+J(}eFeD-{?$RMx*YULPtL|Gec9)yYTbFwt z?Zx^oI@#}i2V27jkysf%&GuvJ?W=TFKCOt*deEAc*yd6P$I!M`Q-D!7rtn8uT7T~M zkuy~ZoxBR1@;b`I4?9dlT07b07%c`CS6yK+0hxMNcd{@u+9A21NEo*)yfkC`FiIsl zfhTa?TK+33e@9~K=I1S6vUkevJ>Sp>K$S~E55NSBSY_PaE~Slk=8xQjAasgUJ8QW+ zj=s<1lIrxF@@O75@{`7tJZBSsPx4;cr+GS>!Q}7qG717+#&uXUr84CY>&CGuARv$n(py@37*~q7 zd+e{NCFnkt&pW^zS7Vp|sx-u4kBU4wI#5JgjT}0%2Q#=r*+Gtd6Z1)E(}{&@@0=$y z?OJd~YY?v5i%f%T^@F*)eG6UDh0*z$Hk(2>z7;g&#X;4xzWP6&OYCT?R6BAs{<6Aq zzoX;sy(3pfCiuVNqF(I($?9qUFL1#88~iV#!UBKszx?Ok-JjR+=kqV`>gC~J>-pzZ zom=8h{C`mq5urc&|NNqYD0-m3_+QSI=>Ogay#Efx4=+CtKd+9rEnLOh84eeR3kXQ? z2} zIY7}r09`EYY(34bEL~BQ)8;>@f6YB@Ej_I5t=#;6Jof&&4t~C0)bX+aqcHY{`z^1?R% zsNuiY5*r6kcNAmYh3)=I&423H-_RGfeZI8+z=Qg0Jrg=#*ndY~)ODfrg>C0y>2B{} zeIfdMJ^dT{qJayYFLZl1UoW={vFD2%Mfc}w-mF4`y2XvfeHP?#`Om@ ziWL#nuA{r%uQdEZtcHenX=+SO=dAfWK0TAHbhG%>}?;>BA48Eouch zpO54J)z0_>=V1Q#4gCV}Ig^3{|9x+{0DPW=QDArP3vlPj*1_Dy!Op?U(%JksZ92b( zUwQ*S$NaY);sWgXz5bh#y#RaOS&&ep@l@&fS-|4NR(ufWmL{X+bo3Bl39_JR=z|9XS{eFvP}JZ#VJ0jh#u zP2}$@_@N1&_UFkERly(h_xH#@oj_p;{y*&0J`O0w{V)Do7tb4B_AWkre1d%ZmX_vx z;sWA)d@fez9&WBeB4U0bC=GG&u(kFww|6i{{p0Ikj(Xdi4@G~BQXYO3x2_NhW6mdv zdh7h&|KUMV4(osK>Hp98pMS*vv~1noJRMLznE$`q?w`beP#^z8{0Ai*6kYIN@t=QJ z;Qs=S*V)b5(wW!Z&Bd12+Q*aknx&P$hl8t^J+C$@g2Ia;$3~e*-V39I|Ev1=FLeE{ zqW=pLxNv59e_Q`Ca>7?(S^MgCcjA_y+^=*JA%?r279(nTyx|FXQR|^5Fh#{R;{4{c-&Z z@CynF{taZ~*=z{|oghECgOZ;C=AG0szj=9u%IPp?=PO=6`{I=70St zi@k-^7&Gwlp37m^o?OOjZ&2YiH!20YSP)!WaJTcxG$wBY3My$Q zOsOAs0Ki}v_9gXo-)GyC=1|DL@=f}0;`@K@*PpEaKlxhhpBwI)9On+3f7uEbwiD=qu_@&b_@44Lq;k55FD& zUWZe?_V9RBUw;_S_tKf$AhIXDz@pclWj0+BGBEWlfR=TF^sP)j53N z!B*pg3Sd@Ha8?kQ1%OF1vVq4H135tBgZ##Lpzt=3GnZ0R--s32*`6h9GL}XQ+<;{e`;!Q(Er2 zjJ$-h7C#Rk`03G)gYzH&K;^anDDq>J2-NkTp}#*kuQr4xS8vp)7Y!J$Wki=g;i-hz z`7jRSnBqJrI`(@fi>`wR!$KB=>=^($fRG*o2N$YKsmN_*&1}gjo8aJ-C@JIWk(V!z z>7^HFP^yEeNGob3PJ2T#HP@+*y`espL{hjNa<{A1oLQ3F(X3!>d_vAHb*gQ0Lh1)A z(2s-jOT;Tu46wDe)n_QiOxje+k z*i1B^Nmcp~vC;Hd2Ajy%AVz|$6xG>RHIwN!c9BT+(o`oRASAr@l7P)1+!7SZeSbLi zNjMyhOtY*?hyuYJ#?EK8I;ZkJ^j@xz`?L5boI5fF(0~)Zxp#I1NN6zLV;E>lCIv4^ zp)I;NuF+NlXuKp$h|``UZo8 zv9Z1A3qD`KAeFPi8c=_3H*#$pm$b;7V~E%iyr=AaY6|*FgKE6nw=94n{WF=hQckj0{b> zi3padG!&+`O`GU6Nx^uC{a(+N1ll`@djTJu9(!y!j<<1p5V(&D__)rQ<63S3XcBVJRB%oZARY zmYHWOPZbqf;o}!p;a(u@-3uYfN^nRBX)C@?sR=kwk|zSHOZs>-J@FnPB8v>u)qziUTLmcbbS zX^_nYK~%DlsxX#y_j(Fv31#PW=Doei^mf+fLDKkppAqeH(L>xB)k;=U)c(Q)asWZT z@J<~$1Wumn(k+0U?qeF7#qyLjrTmmL*HAuAjtvfdr_;Zsl<(23^);SvU<79nFK})I zm}QEF!nX*Za{%cTi*Ui6A_#NzP-pJVxDTXGl*iOXgeFmyJp0vrp{J=JI9nBCysA2b zTqNYcJqio60-x0SL7&HX)#ntMQjb?F{F2NP1m z-*&`UDdv}mO)woA^-2!?yAh>@@LM8^pnFW|BNJEOPhIbpR%&ckd=0osY~_nt^ox%taZC$}Y9_e#I42@LyS z>T;*D|MZ^QUg-bd&NltsE%@v2`4af2{Qp1Zr2R~4IKRsO@yVa~|NO$j|M>hbAT01# z{QrN*@&AiA{`>iV@we*Hz+h}FYzlG;awwW09z#WcTyb_rWqDC8vd4e$55Uo7X(PS1{wj4eD`Sbe-Y|KP#S_Rh)435qh{@a4<>o#o!{-rv0Z zpYe(B0PTMK1~TjL!Eu{sxn~XL)}11s}P@D zEQ^r{g+OQ~k5k4HU;t#N$}*&E5KDxI%VKU2K%z;yVgg7@40Q+v2ZhjMdb!0Y1_qtM z!O$oLYILHiy<%|a1593nTuj0d%VSR1kN4d~PLM0(9<`xe;GRDLI*RWz%XT7?-ap`?f#TPBNxY z-J+f@zs-V$DP&1wL@VJNJP(0ee4>HLOroa`!eVNo0QYn2T4E;^VlhcOl--$=HQ_$A zpapnr{7CRcR$@T-T$4(3=uDIFCwQc67DG_{SLGumqqoXJmB#VHr7b0r-*2GvNU;F& z4O>OSitH4MM9`~;$S~}K$8u?a$k(QH^fTIHLv95Dxoj zBp#Q=L}(0_VB4@2v~197?Dpj%)(J5B|HW~nf5ZO&OicS1jM1Oie<6YYasF38_%HsK ze?h?iLD8S~9~EQ)e%gNs8X6fon1YNP8-~S&k0B-^D$K#g%FL`z40fjm*>F;!EWfC3(4c22hlrgRiEa$yhbT zLOs?_JNiUDcWtglNt*s_tMbvj)8kR6-2u+fTcI&gu{oJJDG4bhcS@=&s!+!KZd*rl zLsM;W>TqxK&f=ZX;Zcz_~?i6e|Pfz`}fbEKB4UY-p=aKz|e2@|HoK< zoKL3wdwlxG`DBDlG%mG-T)G$`!zckhR3V$MSU!#nK>TB}i|JPX38)493Dicd`F zG7abV9EqZY%j2nqghkW`K!7lZd4@0#q9$Q5B4|K{FsMOh zL<|ZFiq=k;5jD(%q5%;QQKJIlRFyCZP8Ads6|JD4pjH(sT2_^%U+SFibf4;e`#SCE z{@$nX!Mg3~Zm6}KN=X;bF{%myR>QZ8yV#7}aHm7MK{<(X0@n<(nZL zBB3bDSJjp)55ZRo0sy?{oY)uti<21`rTO`gzmX7NFggJ!}st#{EU=G(F_Q|>X^;I zl{VdpzA8sIiWw*e`GT}+D#fv9_CvVq3IH&)CTkEec_SYT!xnDsexdoLW zkNR}M;901fV~3B7Q*ta`-FF*RKkt#41{+jMeN}8A^RtmQG{(UzxbY+)=gQJvM;`Gv zf*Qto5vYwaAE&XR+-Db%gim?04?>bhs|bz-g2+z^*0hH)>CVoVM84|BcD)TUg!#%E znH)HS>aIB{RocMCd^m0e7Xd`0M+^tw=P#@zQ3i+U$blpM(ieC;R$+gN=b$!#UmwLe z+~m4&={eSrbW_;mCE+tc1XUEaw(KE5$$`ix)*jm#47d=ST?SKC9Qt_30m2H#3lxPR zWp!pf7!^M8oSQ+My!ck^fuFWr)X!h`G$@k8=xlF=UA)*}4pD?W6$C_K`ee#NPy-kX zAokx0M@0Y^A>ys|7!LT;vp361Zmx0E&SA#e@tB0LO)b6GS<+6W1- zJaW;iPXbt&cU7q0Oz0#K7URdfYV_R~}(BgMl<0 zRHTS6FjO;mtDZUyBK%vy)F57u&-&Iw0vjhL+G7>9Kws0gW0 zYmR5W?N=#IO3~7pJF$dukV3d+)}V?PBTOLxx^XXm_mvrzDGkIW!5U|?=F$6KsV7Hs z%=AVa9o87b_{x0WD`7nIrEKPB;+vZ!k;2w+K=9C8Ox0Z!x8u5`(35wFy6;0#T`vR@ z0A}BUx9rQfRN}du5wLe0f-L5)69$t`Blv0ucj^EqKJlf9kE89(dUZQru9sJKA+E=f z%k=$hEMtq$lCfM~-p44P12 zUXN|62nB`uVu)|Mod{)F@tg`7y?^uEwPmlsB_j1oM9z2n}j zC5i299U%ngSFl|79kNgh5V}i$EOT2cnE7!3^okZHl*e@-@U$GR*hni>B|_Bx0L*g6 zw)OjNU%mnH05pGEqXzQsfZo;SjPhfIsN>I!Gs}>#?>?t?Qnd9?j4q`M%&XO;NkK!}y3MAoh~+tO5|M7|d+;FxcS&hH8oY&v z`5zoD{}%$S|DjvIApZYbQ{flClYbEZE4zLF?fge4SNA{rf4}&g|CtT{8vhUeWxJAB zRT8X9rd3I~#;gRCgluN?@4W48UFdfL*Ttn_CvZQUI+vuYq<58suaXW{(zr@KSIPh0 zYz2NOF;|ksN=kO&8{o5CU&#)?I(hPUHu>}CUl$hs5T85!eS9ua6r!;v0W)N#(gs{j zBQ|9uvsqYTNMkROrv=3rJs&&IpT*|Is_Gh9hZ^MI@Ik7cd}{Pu`?vX;0AS?_!XO&J zQvo`N1e;k0H(CWMo-k^fNnbxqf#!NHTw$g-sOPd{oIfqxfWn1( zNW{$il>KZBn@59LW0w$h?z=n3;eunF!j|1ldJF)kj!&?f;B#T0~)hmRbgq#N`V% z{pQpv2tG1B4hV6iEGD8Ud{GBukU)tpFtWD@#gx=!g$CMg7D+K`mnmxt5Wl^nZZtM2 zs>E1l@apsdM|+MOOn3G>n3pcq$Km3Ac=SEto=hMK_ z=DEo-JLe86WZanb{Yv%C1p5O-llPMw)p8bO2Jf6{A6MV;sDM!ffEP9<4YOrCyR6TN90cVBUy(y!{#Y ztj4Yh9LT-Df#X{`s<|6gox1gKxIg>I)p)m`l7~0#pV(GVqiYFnL*B2+`;xqWwpSnE!y6`z5b=YLWk}~fpsyztrsS7ybysSht+A`x?INuMq;&{sJxbO{=s&DI z*kV51?tbdvx@%{mMow|A^=?T?E#9@OczaHLdPe1r-1dmbEyYD;rDgSXwG9VEr`p?3 z^!8jlapK%D@u8s$jdzCXw zDSn)vf4#W)(~~DpPfLdXQ2)2Z>X*dv3W<7lVUyDQtNV*csdI3gqy??(wRPkJbE99W zx=HAWydrbmg#h6PWH4(QgOe=Jq&e|dWt>9MHDJZiIFx4NPwN3IZ* zV(@6Vw`AaI5nh}BYO-PsS)@|4#iOV>zj&BpR(XA-BY$T9!=xoCCD!i;4(NM_Qn5ke zOFIx4#3$k$-LzOmd$nyer%x=yY1*uY7fQqoP-)}`lS7_BW%qD?Fi3Qo3>To*?B*c= zV^^9KXX43cCAi$+JRmmR32|S)Z^|ELpA|fiHG0ClK0l*)*iS||HZa#LublDAQ zf0_@IevqNtMfW9qK6$qhXL-4efg})>Qx(oxn{m)il#%KT((7S86(`RNPnkL?3kafa zjwmF+$f{a~_s#Ztnlq|I@|ExPM{ssQm8m&I~SNJ~|P{FGAR1^?(toO*p75U9&0x$?xz>7Qt+MGI) zsQh-_C8GE3a1rnv#)2Z!3@08<8t~*#Erc9>J+9};;@-5O0tJRX8LmSirmr~^Rb3zY zYX&%bt@ea&_?h?>`;F+v3SMR-4>Is^ZllR!&;bUfJE*_uarp&CURkYlULE}QIYiPg zmzyX--@eD)vzax7BO9oFqFBK+5FncbDk)-bkoAIXS`Uz01h9sQ{voK;&aDRFzcHw7h@5!4uTVC(4~iWILNj%E^;=V(XZIc4FsBpc3q<52q% zxrns9oQA+T(_L#xOAZaPNcu#6VrcX=1_Dc?^Q4E+)pQo#p0Xn*&@N$x9H%;1$XF-$ z+5yC7H@EkrwYhgA{(|RwXr8plb$`Y46kV&;#@*bhh}xxe3gJVk8~|`wniN^nwSGdH ztaAB$KZ7hmF$gLUY=bqIL@TkJ-^U8CJVUlgL*`gU6Kp@iPgVA12H1DH9Fj;IQA~+Y z#iKy4X6-(&?MQ-s*r+Kc=sstlkYhbLNwgieY+hCG|1RV5Oh!)2E}zhm{KBT1m`VI! zV7%=$mbrHE_7aU?5-8PS7IDk$NU3&E^e+DyiibNs*PwFc8V*LMN_7?#D0sgzX z{QLM{*#Z1#{QqA9_W$JOf35#0`CkZvG&Qw7JiM)~?KHJqxNF?Bss0X5p&ni-hQ`5c zb|9A<%?aJCjQ>+ocI?=Zo3t@%<;t+#JJKq1&3fvU{;4{@rvUYkGX5WE(ijx$4IQ-{ z?(l4>j2h_*xOpz}de7z^J4&`>in4dKM@5(I5i}JQ6pKW)b@lD#`?}lPjvqhX)7H{- zzW4lX*}glYr#m`tG#nhbaB*_v>gd&x`{U!|%J~2OouO;jpHAL?IX>}te(u%t=WpM? z|M2wb(~B2}{)+!vf5rd5@xb;<{O8b$2q?lvDTfRlF!V85_KI0yazNiTK{1l)>)U^T zhDuvdgorU(&d%3hHB&TkpI4S*((3h-y_MSJq!03q$IA5`$VEXTacC8NwQV43Zn5*UR|>{zc7@Q{Tc^ZqeK4@*{U7aYu`?Uyg5@T&UO` zP=dMj)h8e9{>zt9_$7I-xCffNvyEQdxm5S#*E^qU*{rV5p+yQ4-lhvUW2C!7SEsVS z&wii3#cJ*+DFV;n3HMmI0>&sH35y6;&Lpiw{hkMucvaW?s_2Ea2?#FJ{DH4@q9rn- zzKyvr(bV(ZIM%04JQiS&ZkWKJ5=D1VdL5`Ina>iHF+ZJ_coe&1zDJw)m5$gPgi=xg z5J?1NOg)$%7Mk!I&>#J59Zd$PadZ0dS?*jRHm6JhAS2%A0!V~N3vt+39?sfCa_2Pz zYB?!_swH_+4ojOSZAA_Ch#vqpavemfiT+ONQDgDK0P$vXw2_KYQiMB~}~8*48~DR}b&1%TLXp_qM?v+HL|+^4J`vl)2X%dS;N`!ng* zTeY(!4CF3v(et~Z-={`G;lF6sBX>L*wM3G#GU7J!Q40)JL%W}yN_6vRQD}pDSlIjg z6!6niV^_LvY9~r`5P9LqLmKkzN%=v%${UOziCluu!hgj=9&=26iFTZ$58wo7CHp^d2WL(^GA7Q??syTDoVD;{dBWSN-f{)0znA&CG7E;#F=jE&V$wgWpq{Oo<&-{{- zWNqdoxn?Uxdxl(voQ4U0i!C#GxBV5>2f~!3x&am4m5oEYYT)SFMH7t|yvPE4@AIU8{NnD>G@92fSxF)#ub(sp;lx za%1H=7NfMykPGnwfK3o;?oX#7@hYVl=a&4vQ|v^>)97_=m8P=bO0+$|M5?s}=^jr= zRy!_`UVGYFQ%%AA8kTzRa=`c{5iQJo4nW!PJwNo!wN>EeSGX@At-dFkIw>C3ycrI+ ze`g(JK&`v(eiq5QR&89Oe+`{NMhsyUK=s=P5oZ!SkRN9O;c>zvB7E6-2*Bqlf{w+^sO@ z*J14eR|R-0)79#=~l8O6-<^VC9kP;P-J zE{lNzCjzwkUVurGr~x9EEWZ1FM!^ zhyr`_286xBRW#R!pz5+}jVGRO3nqSMBD>G~4|*~(x=1)C3pa9zKMP{POfK9;(=1Fh()1Cd-1>|y+!V8fHGcCxz z*^^r)G#HwE8Ql4n^@{jlS-{}8muP0o;x}jRH}{z)iN9xhAmv{7->6&)Qo#0&FiIu* z{6@t(78y&3xh#9fzjMrpU{4!%y_~W6zJUcuo{F2jS*!MFC{wWfBSb8Y&o_m%KpeJG z#JQfxv?7nxs=k>mfUK1R?f)kQ-~Y)N?f=VVUljlUy}#-gJk&pk|D9a^7y3_Uw?E_m zFF4|Vdg&kPKVJ3@E8Xm(ylmOt?yGD(QJ-4rdmIu9!dBPu{i;)gPwrT`cYDUx4SQr+ZhfWRy%iB>_Xi)$Ppv83(N(o& z^q}9hQ^8j|)3;?7=I<;#b$H+T>|J#(~} zWVAf5kE*P*V{mxs(`jWW?HsnlAjZ=INc<(-PnNH( zcs7AG)>Cm* zzBhscKr;sy_l4iZ8;^=-N%SGgS``P8xF1Az18Yf^gKQ)oQOaNu9iDTrF!bAkl93_u8e+{&!dSTw8A1SL6d8u(rFG*N1Ry!ePyyu0 zyI&vce9`&+e|w4ipZ?$aKVjoPf&X7z0s05{@9Ofu=>Ky0v;P0T<>T|O^`B<|;9zd< zW^J|9-EE13ou7;SDtEiJ9yY#i&TMaw2yge5wk}CNHheF)Rm`PPex5N)?Q;EWli04g z5nkKa^kqu|qpkf|%T}yevO38+Fx_IU@|wu9j7V{b+~OR#!!IjLu!ZlD#S^Y;9^p)Q;6_HYama(-RWX5;kS0 zrlcn4WMyRKW$)OPxv4nPvzqI=Kghl#+MzDl^H{P+Z<_15tsVp0-T!*a2+iXPJvZ(R zTUC-ASe6!Eof+Jov#KaNrC?WXRaR>G+Fch*d`9;z`L=WE!ThM6V!ty7IQ99dRRuZ6 z_9l1M=JYmZpRP*3*s^7$&TnAfs?m-W_j&?uoC+B|xkYwl-Mt}Yze7n{T4BtFuL|=@ z_mm&mTTobCR#LsM?nL9hi)|(6kJt5_>O5F?^lEqQ^)sa-eH|m0&rDt2KX<$O+rjhm z_arw)h9BO)dv|Q)`Sis6{M_Q(H*ep({DVHK_;2^uzsy(D#^2|Fppa~$OZ226id8g? zq3XVnejy5P#f1CB#wKVr3oSNR0w4--1pcymvN7V@!)p52eY}>G5{%928}-vI#|hLm zH^)6gkOgc#cQ%)ymS3>97Q1&wq3&N^@8EOlW67H#0@Yz@mf3~dZTs}SGN0VIu&wx( z;nH32FNb92``5d#2#P%}M6J}Y4-b@cW^H@>{Sq^}bh!YjhNFlP8Xgp$7;D1) zNr1(=${ASWYFd7v%|2dpq5U{xm|!pE_!4M4-g2i&0sC3M8leC)p5fFdN6WPf~Jw_%sO0%P>m$FZw=R%Bi~wB`ei30f9N4A8{M>Vl}8%OFNa*`=?p zv0A@C00mA?Uo|>CD=R?WTW5xd^EkwSk?$)a*Q*6Hcv3*cie|%N@n}<>pI;8yyzJ_} zoA&Z#-?N=3(0Z|CAmmA<wIM9cSvf@601F}wvZum}4YE@NPw}7Z6fjaFNGz{{!siMHC?P== zR8X}~utICEfzws}G^NLhj!TIct&{9$$HC_e?<>@b4a!7mhO(8Kwyht|tT5ayA6xNi zm6>!5$GSi7OCsotS%6+nFR02)kfHIeP-*T0YBTJo8b2w(7@Z1vutGoYvM~~Y(wD=; z-G&Sp?@5U}tai-Ak_Bj*nL#xc3OS=2B693iY+Px}c1RlAL3OefP~$8m6P2RqduKGz zuJYyUycPuHaxrAdmf@opgwz{iG_D0yp$L%u_Z5r>RYDCpW0|WJ6X`s38P{7JWzCre zAi22FnCE@f8wP^<1?W@BCNDmP!v1+X5I=4%!|^%3=U4Oc%g))u~m-pjEv|d+{45j7C%SK4`OHVQ|90fxAut?V? z#~9Ba6R1Dn7dq6N6QVi@6OR=|ojQ0@vL~q3D;0vCJb*1lkZQ?YGgg*>^#Vi9U1Fmm zQQ$JKBgoJ2_Xg6L#5gfabt@mTy&R{Sm!e_tv8C9j3q+yl0^PHULVHCpDV&W+=wi56 zUzDkEePx)%lx0E+h)93k|6&kmJ4f7%kCXZuy%!bI>xb-;(tPzl{UF77PXVARxlvV% z4wH#eK!d~5>ZKK4>|-it%t_TvB)oh?w^DSBkI zC_+=FBqCQh3EFe8K$BMtP}x{DSdwpQCr}E4nMEpDD|evI=K@m$6k#le#owT~D##m5i~y_ien|&R_0`Nj)7ag3|=h zpB)ANVJ!J2@&Df@-28_x_8AH@I4`p>`he{gbj`&0kx|Wv$4@}burM=G%+x+*VnT#&^I+Vv$wOeH#al)_O>#nxmcKc+1f0%wQ=+ITH@mD z8W?D`Hq>U_I)}9!&-i$!_;}~k)Flq~ey+|z9`63jd}6#j!q_VUqNAfjf>&m44b0gY z>C05c{)wvsQ<9UF(+?7Jb92+uw&fRYDk|EZomHazs;MhdP9m?TeohFjg3uAOgwt@NJ;*_c=2L>e*O>jpMU8uz(rWmWXdK2^VK;vvp=`>SuY5#R(y@W7>^A!O>&o7jSm^H)v9U0JOdM zMp5y`?AqPsIazIS{YVG_xkx*}c$omB>OGf}id;d`bzNV8b&3^MN_!7-78Vx;{&tjrTL2(EjsMGEq~7wHq~Dwfn=k7ZQ9);nNHE(L^6l4qDBVgMifKy!;~11#$Q$%hBzJ z2u3~}n5jjCmGtCgx%wta)1t5H(pU7@NM|29kb&4o_f?@y)zoHsbt#R^hBDu`;%RJ& zbPpQ#7cg`r%E%mdsJE8nb%Tt=Tjg8;AUuOF1&{^WQpi@sA>&+fTw$bMy%+{TPqGw4 z{@ALW`)sqTkQfpm1zP|jIc!4(sg_AFVWd&=T5Hp6SRnXkasNxv;mh#d_5WJ`QTBg4lNl@uVQm$f9GtG?b~p?FRKHW1|?UNO#LH&Tq{< z|F4aZ=^9#|W+p2(wwowRz zWE#U-3@bCteKx@tdp|#D)4nk)P#W1SFpxz3HaS8!RxHccpwIv$ipJ;puVL1JYctmI z$7A*QKpkdD6rcmOO=#<66DQGHh;H+%4_HKRtf0W~W+V{K3-8euVyPC5o2Pcm*P@JW z%*8T0gC%g~ssQWR>ad8^*&6OI0f7Jb%Byu*b6!&EhEPLo06DHnhW#;knrsCc;sZNG z>&Q9~b=2}ZP)&_DnQ}C{bu5yU;Bg;NgXm01EldH%GBerLAsGgVVJHes3I~DRSLKL< z89PIe%=IE|$N(rDKbq;L+49xrRp1DS&Rn;{p!}v=79*8N6VD`pBqE`7gVgJAUQ}P$Ec(MU}9{@a|RL- z1|I}6wigMQ+AXD(CqGeAJe)GFMCcnxy7QRPk;t=%3^*~q@ z3I;Ls{?^Z+{xClUBzp1IC&+OFn z;sN@{q$*cBk)#=Ur+4)?qnY=iyB zDTbGLV#K3|xRm#E{!X*|!%~DH-xg7T!ebUm_~yEN3;wy=se_T4d!_T^#~iN5me^7{ zM#9}!HWv8P+)jWotYr)K`|h{7AACSSu8wR9HVE)i;T{-FzW@+iZ?2RzMBW@vzBXo% z;uxMf=4`3~wtXK^Hz0s>xAz?Nc^~Lnn~Tf1c)YQeVNdtiS-LrTJFLn}N387EdVts- z|1ECN?nn%wgMkT@3w0M$|9=WzzTp1qj1}{vK>42?b=l>*liqIU=~(r6ItXIvD-VbA}GCbQ(AG( zj?$eu)oIz)@SfUaK}(Uaw4u19xUiwNyuP-k{&;;u^MQSPOIqve+N&y$w>P#miO+Q& z?YMHHtEct%VB&md_r-G;P9Hvet@pz4+3t&dL)R}4OkN$mfAjX_#Qo8s8_(}eepr0} z{OR*QO~SAHhxck&h20is zK7mj;G&DR?fyC_BO~_R!>G~B143=b#Ob7;w_Nr4>Pf9|V0+fp9`aX6X0-n}!2nsqh zFYr^EMCs;sbm;s@3BCi?t|AUFSF(3remY2)|(#A_S3Gf*Aw5SI$C{TtBeL zbU+F`28F*GGGcfodLB6+xj!7e@VoB!^BhywTBv2cY9>pp#+;%0u z?-1k%Y#>lyoMn$q1F(^gpX=mYGqMD2#t#d@*+~GTifNb>2I2c+1jeMEh6pxF2}7vf zx*%sFanfo;gl3Rf5wccBAIQ`9YGo0uU7yusA9w*F7!9^^vxXgyflZu{)UoOMIl_J9 zAQ2Bm8MgwF1cqV;p&>7lVdxjS`^)Uh#pabOuk|vjFge8lgkiwU%~}QgSuDv_2i$`E z7{CCBnsa4MInQ!IG&M!>{K%dR3CMJ^>X}jCSGa2_-rpak0{oyUSCvK_X7SlVZ-65dQCAiP}Q3phdB}8IY9F4 z5S>i%xKc2IWjgUP0(Vp-oj5bR{}}`4Lc2DwhU6-qjhrpwJi(cFh!8>QJ6;NsJujS~ zq9}b4(Ie40MVSSbK@2A3v~P zaV&kUg}HWA^3NT%c*}A=A~GaW!msl!EEEvJE4=G&CsZU3?2L$;I8!BA$+u|yss`3+ z*z(Cj**HUmWvFyQH#1W0!`It^Ek!s>sREkW?D_CNzFfW>|Gzv3{0I2&=H%x3@A2Q` zPyN?F4eDR8@n7>lW&a0-q~c_4Yp!o#=MiMLdYcD(LwNAo6mE1vNLXY&p-LWk3dl@Fu9c;VM{yXyb zp6Kc8zIgm-$G|DcXwUicJ%cwc_1_yFxj%9L*67W-dy_vtc<^HO`KMogU3~fKyYJ@y zkY8H=U4BVr6)QbdvtQMFRuuaiY8d<=7aTR+uSa7(5Hl->%c~qhJF|?R4wmaVSOk@D zL__RKdO{bcLfDSiveEacAgXw0rHI5}i8ej<26=C2 z(G4{!c70#wRy(4mf%*)vJG3=2WUKiR@WnK;z($=MHKt!YO6C( z3T8D-6Rwr>#W3Tb)!Ke;^Ry*LbJD?^x7OCA(}Y z=PR52{1#x44AG>e2#5?oc4*GMz1xprz~XonFLdgds^^Scts&_d8HuyK3?WtAr+5QI ztC2;JsX4<}5X~jW5oi*Fp-s9nD+SP8H@Y5{rf+FWj7CvnW-Up=n^q3X7Ay*n5_N!FM z6hiHS=203_s@_6pCB1hNr47hQP54<;Fw3Jz)?WF*U%*(pTwmi9b zTRVMbk)-`I?cI1l#O8ORwK0BUzV0J4j4JO*g#xR0=$?6^lY$pQa_feC5z9wlBaW3jxL7TZ)EKDSI9(uL4 z=%<*pqegS@gt)#2#lSgdS{ZT1!a%3{B}ih+&}H{*{p|rI2Rw@3d0SX*p1ud+q<=g@ zE+i6uiRpnGGbx&5aK zBBoBLdpLcQP_UAC&|3^|x+3+lki*#Ri3s!{4XuTPafSHJCH|&Vf;!3h!IDr7^tQLuM?sy`1mUXey~&TAz)TDr;A!VjPpD zFxtmyHTl@kIKFcsr0c$GThuu$?8-u()^tcWV@{2(epb0}7D6|?Tze#fcGF^PGW!$VRF%I&{3oeEU-K zCL}=yyho{tio5Eaj6x#g9vHmA0~%ED>1sfqIJ8j7@^~8X}393l;pq> zQD3cGYE9j*>{tV^Gg9=W3T7xZ{PN>Of>YT}!D)-^eu_jPvE&(&m%C|fT)ibfFa$(= z&$6NtQBc#t;L!b%R8Jc~`rwRKZz!N+Y}02>e0HPoZsmHN%SqwcYEq0J57zhL2@E_R zZ>RPwQMmgfg|AnGm6cCN>Ipp1mXyr$2Q81)Sz717DiBW_fMCq|iX>7rokH_?u{mSu z*ESn zD233BgD;CKrDh5weL+y@wP5cTbzF+LxKz3G0)N6mwytao$|^HRkY&@*AnO`8h3+|brw z7VH8OXtVyG`MWejr{z(H9+KWx5$E1VpYJ8{?`<<=>Y;6&IRdP!0=Nt0-Xo=OWn?}e zbfPVfPp{S4M2;or%vLl#1lCY$o(>$^1U-LKmMdxjw1O5k7ggNA8a_Mwi=0s7dcDp~ z4OgQ}duJV)w`=M&*4{{n3p&49u;G|X)3v~>SL{cVI)jvLiz!((r-&~Ov(BmO=oeRG zl`I)lH1LG%Q-8ITI##+`qP*cvRqwOin3c$iLG{2-cmf$rdWEglMb*Dnj^kWI*7AeW zw81OB%WjK3n;Gb@wfCxUfP9VWL6l&LclXCx$56*tM<`h4+mR>DqK`eMC#$RGLw-D+ zTZg_K_pF>-D79W)60!Kvkk0tv_D$|DG=@K!c5JB%2S&{G-q;t+=zMj0Ob|gsIV%tg znOSIwiG_*l3s)fEs1d{gN!c8f8(9+uodpO7k%o164#U*ds&dVC*&6xt)!I@Yd$nD- zqrnfWR~xVsoqAW>I4jN7gg`i`O-4Mtjo9T!DZFZ8-m=;eo9|2&u&7Gi;-B2y7lh^i z+m?Po{+E;(mzBLWF@gU3pz<$yz<-ecxx2akTmH}4)#=aqA766B|Mc3w<$tRHrT#lT zD=&r4IpYYmTS0?fP{UdaISYCajhzdHep(NGOoD#lQ)ja11tGhN(&J{Ud5~cZq*sbE z?L^sJ&~QDi=hUbde8C~)95<;kb7w7kog_T1chipJsd?wwVdaqZFxu@JWIu`ZoPg+a zs-Djw=U-9oA2t0)u&nzkK@SMryZT}GEMv#4gT~xa#?h;u6JlNw!e^ zWYNnt`xduV&!+ADF|YZ3;l8T!s>1~(#kGfzRyA}B_V*oZIeDbx^oh2kou|*8ID7eQ z-{r6OrabC7{I%>-apSku$HvcH7-~KJ@MPcQ@lyl&Ew3s%p46OKXzO`?SvquSV6sd4 zL(jn6!0`3qYd5~VedGGAiLvp?sYg?@lk)d-_ij$iJ$UqN;MS`Lip3{SW}nZ!n3DQ9a#_NQ<=tt= zmYKxy4zUjkZ&G#bL{k21|J4R`dI@_ms-0xuy;=P;BNL&*J>y02E|^RXBHC*{Rd1Ml zdt*>Wxw*i|oc;ml=(Rc}E)%g*MJ3^Kb?H;|Xc;NCe}B!P!r*V0@i$(ce05Hhs<(XR zGC$<%jrC^b7x-=19=d^NK*}MW`kg>cOHuZxme=d@o({WnxPx#U5?!wSGIgX~Eq>`P zO>H`TrG}-`LATUFKXmX0f3@|@T?J$oj@ZZ%=98R1DDs`h0f@}DGA^RV^XHnWJgbVq zLbnm6?-stb<4GCb42D7IRh-;VBTs>%m;=UzgorQ>h&HLtWa8E-b+=lU0MlQjTTe%0 zyc3KOZ|cVYs{b}CV~FHF$VRWx0rxn7`oe04}i+?f7~oHPMNH`r`gZN$Dy8eLu&u1Vb6=aWyUus^XZ$oG>A=$l=zFkVs6K3ezQCTCsw+P1>s=b3FDB4BT%Cy!BvllFaJ z?wUGtb*_1DhWGrA)>FT{IR07o%ga-rjemXB{q25v!m=e(E-6cs6AX@6=6`Rc?SA3a z<|wsU2bVZLoC&G^c;D_ff)(dLe_%wg_&3NhLG4c0r)!q zN$Dd9j01mZ7c9o6iE4KA6`lzEf7pBPxTdmoeSGhoUI+=jo6x(VgMuc6E+td}QA6(< zii%ifC!vEFs-UPr5y2W2728ZgS5bq4Vw(vnh>kOZj$<1~f7?0toO9=#@8{0-+;h+G zd_UjW{6os#du6S?-u15cectC$nIU^h!Q)T)G7lL@QGed2*GE0#^qz-VJ}K80Q$-oi zYq={weA|bBqJ;CsTT1HdpfJ~@672+uU^9SH74x+<#ffpgd~K2v7HTNym_-VRTm|SY zZoyJ?Jc4DD3JuFxu(F|e#7D*y(OZU9^YR1*d)8oeUh*jVa9^P*gj?_uB(l5u4eG_H zp+W}E4lg1dmmF}M1zhOR zFVpM+C^iA$%LR%u$M;HfbkV~%_zX-qRBoD2ukpD#EnIXQrmTM{%3w)LH9R9p+zb&G z5fE^HqlPgE;Al0wj+V)4($`2QNn+T=VSwkftPAq%nJf9x>e{+B_>UZ7Gz>aR7^I-& z?L|p54UWAsulX>j(&b)`ibp#a=%92qi@nPpyqrnsl>g z!5g&k;PjpIVc3<)~yx7K+B6utJUTr@ug@}tG;pI03`(~!lqyGyhL?Q(V!JkD-5ZqN zbwKi}DkSIoO-DDPUVi=4)ums4812SqM_{a@P7>nW@!uCN-NoCvdV%f}L+Z~cNlR3F z8_HZ7R^(sjJ|ZV4x(jKWWmEI$4DxY7zurnU8+)p1Uj*G!u-*^nz^uph#a#^Yp+kpk zUk}l{gzy4uS*Ob*M(n{6o->3CnS#9n(nblEd{BkYLvgRpBX!|~gjnA2iKh;6m-a7| zM7_jXO91R1sYO?>l&M>XQak^Fo)n!65|2IYy1wXLvi;9Klxyn5%`M8Z7m9YP-J=z{ zJuLM6#ts*iuUBjKwE0{zaCi1rIAIULw945V7|MNoB$p>&B+f@!SOzw+VaV^Uj4+F;{ciRgxrOgGq|gbBE~mUP=)yfx68&wqt!#z}`Jk)1^AF zY~TRak?;NDBl<^RD8Y@-o>##W8COg#Uo-37YeP%Imy9)_lIQeA>_qKEEL())&4582;m0FvhGy&>XVbZ2=vm@C z4=Kt|!q7j?;PKF&b0}wp6>lx5%MD&NH_zUk4t59@HRJpPXq;xASwF^*4_Zi|pQeoX z0Vr!8sD~&?a3fdtTUNTNC+c8A<{~#pN~1V|XGKE1R`fe_&yPv!>Tz_NZ^qCeN&qvr zJQU@kngk(YYg|cGsAOYVtf3%DXC=y2uL+|(hK~ISAS+`U@lnQrTmD13BOSGXhmMzG zR?;!yN_0R|RE#Djat<9TjtZVbhtn}Dm6&8PMpYJ_J80bUQ%vrUAU`sO>c~*Zk4ZCQ zP?I2wK4YcMmczZc@c@rhGlrv#{-k9~fjUDo0?OJ4)JJ2I`>LGs6HJ8YKyj@Lj1Caj z21-yoG1^>$$>f;eFt$VJ&IAX7<9!UF(DHOEPSl`gfz(-;FT zWG}<`h%u+jFm@~~=Q>88ZyM>1xoFCZHK$??SZ0Ajj8moAH!a4oVk|}su;aEeJWTRj zmM&*ujhGNuiCGDQrgIo=uGoN%%H*P1O02qt}2pZ`h63q)a`pbws*vB?+i@nB7ih104cT~xxM_b2XNd2Sjt~< zYW)rj^6tWacz5={f8sx||Nm#}e=^;ef4~2CbND0w`@cW>0Pt7*&!6-k)YSoJ=Li5u z)7D>&C!{*K6|sXNgQAk+Qu9)??04@r`tSjK^jPoJYs!`D4i9H65cL7c0p9rm@9*b$ z5eZuW;G?eIO!oRR7=~+GJ3fAdWilBe{_xYQryoC#{%L=U`Yk^z?mzaoIHy9XOv>n| zP)(5N5`uHZs+tR-zwdHPDXTGBN;}_66QSS|l+aq`A_$D{h&_=t7{q6f;UIF5<^eGWdsM}U$KuhuIpr>u zomcph-0R&Y%lmpZXwM%|HFFr>`9#~ew3=dWNoVy+aa;6htbGAzj!$21Y|r}I7M2Tl zZ`%LBfG%T?5p-E3gJn*lIAFz3L*&CRP0F$4AoBp3PR3M)k$qZQi2l)ggmZ5xQFsaG z$H!Oqa&UmaG`KbC3r?W|SPxBK*5-U^_ye*sZJ9jLu<{$KeCX?^x4*go-%W)NKA3hp zUsTKt`i0^pjtSF|J=R)py&l1a>czUKPbZ}z2{T=>;>H5d~|38n|Klk0g&VK~|VQp{c#r6W6($LN+WVd9Eg(+@9 zah87R^SOEEtmuH?fS|}F!EsAt;-lkZeG<|V($a&{vg5N0wYoqN|_Jf0Pmv$bGj zY391><;9&v!lsIf(xxpXO-+?8td%~NI@HzJ)xGb;!HzRMU1v|7s@%G5@XV1B z+4jo=r|yh(-MVq*$;`~dZ|-f|fA%-{Kg^%)3ZW;%0mXr_I(nY5Ql&tM*R}PA5yqTy z9GXf@p(T}7X)u^2844wY(^^#As}n9nD4`v)=sNTW8PU*vmBFl4J{%6=>$T{Y8hL=8 zy@u@wzrB2Gi?$~$6DJ}_K9i(IU`o!qM$`*h1=BeG6g9fFZEn!%Bg@bEk)&dQiGQsQ zoGL@4WBM^znp#*9Pu_*rTL zDEq&wwg^%JU^&3x*UzCaHV(Av^Q(1C>O*=r|Kz~ zA`xgy1(zD608k)9oYu@nd$KtAW;=ers_9jh9$tmlD8TPoLx*tsT2U;LZHDv?#u?#r zB%GLNu#>E*eK3S<1z@_DY0^fbblE zBJnllB!d7Yn_%8T_r|Qyb7m2lqx?RMZjy2aXDVj)VQ}<|8ldguu$)Aq%wJmLUrP(V6G&A7UMl<`$XB@JjFx3J8o2iir)3Sr#1-6&;rv zmzEiyQ4pV-%MFanS(>^kJv%kKFm3Jn%%bALY<@vP@{;u>>6?UWHgD$D2!jr7k1nss zDl0E)-c}^8E7-RqyQgdQ(9w+1qp@c@V#2cPvx=(2_?_!3wpUe^G}n~0G*{F&)$iL; zf26Cvwq^h6L;HH9huS)J51cvDf42VG@UfY@M<;G5et7on%-7eCUKsfe{*UyZ@+KqF z_Wp8J+WD3@4~Djobq$zQo*YDDNd^fO01JSzBmm%1<0!>3J5!DW~X|@>=SWhsYFz;5JK|{PDF) z9iK_bbIxFureQ(_49k5{SVI^0H^o!fTBC^E61qc@4?%rvNXaBM2}?1sH_~|%r!1{N z0ELRVa0UlWb4;6695caGX;=l<^ujRk_%6m}T-lDo{h*^qQ5uDw?|uGo1YGq02oN*!0pJZG#9gXh$B}z^Ty2urgs1?-RC{hBCja558E+-lC zd2CeBZRHLXQ?UY}s|l7pK?`wKmkN)bioC2q?@k8tJ11vA}`cWr$2WIqR; zp%hkV@#ciB=~ua&)ozExaPAlODKJTII|0SliQ*eS&!nNB~zlhac z=FnKk6OryI$NRkIsQnm5(HiL&j7Qa41OqX%AI~V_O<>iW>75+CjG{P<0V?pG;eDNWH zb^wnTL3@ueLm6$P_TfxtRUkY|eJzMH3;^DGYw-QgT#8vrvgX-0o*lcYU-(t>K_*QW zlJ5xbj7_zW=EE;E^7m+$*kh?uI0!A?cFkF4LY>vDUZ7ATIah2}tANq&N(4YG&Ay>7 zPy(G|33(dhM2+qR`1D_9_a~ag0VqAOEjd;OjemF-b$;`N;K`=ak9(Wb&7xO)qe7uAf^;P+x9Ik z{0tjWeC<}Nkwj4|07ASFR7EmTTQbSx9m4{qhv~9%?=2WKzwu}ZdGY(W7OW}IN-08$ zCv6_$yQYOl#Di!LSqsjyQ@0{`z`3!Cg>9KoGq}g&QZfK^@Q+Qenkqnnft(b;Z9;wD z5sklxoZ3Q#dS#BTT>?Nyq5T7oWyQ>ZzsTX5@=l@`hYI9)EC3r^>GHc;&mJsEJ6vuF zTQX%bmC=2mH26{K6OWHF)CzjbTE+;dUIbF~oPufY)o9DPWX71Wv)T13L{mtOwEdJ& zTSjWs0xsGciY25;IC1f;*gXW$SC`bg+;}2`G`-Jd_#MRr#0!Wq<`7|a&T`)+;Jjr4 zh%I^)U2FqxJKKn&nZm8A;5F4fTB5s$C6HAk3unM{i}NEaDZU%=4KEUU&CqnytN>4E z@kE8;N~rkQ*Mh!n(BVFFj2V{!eOc8Ow?fHv>jls}SoC#IAkK3{FmK^p*Lbufcw40a z@ROpB{p5nRQvjH%vIQrX`{A1J%CnB&6cV{wYp@Ejs#epP<65uQKx|;zJ{hH5q;;}> zZ(9&0@ow;)JFialUOBw#=YKD`jsNz#{IB}rXZU{^tJf8-{(SEb_`Ur<)6MPg;(tu% zKlcCsl1JdL{@{ zQ{c&y7031rZ>4jp8oTOPf(DE;5zmy!;3kvgOXM@*vWwenT$1i}Meg$jbyt?1pDpMd z+iQZM{IntX|QBfHYI=*1xyZ$O_uBm{uHlkaZ3MXc4>ED(=L?$ zt}Lx1cdB;!AN@uD*1pGs`q4*ob0YUH*@ZEuP|iD>WZXXEwIg~%v1QW!>V`CpO+A@8 zr#9!Q9kzugcuR%e%wA`tp~b=eDf9 zw#ev7Xxp^M#LAUviG|nWTtF9I!M^s!okEh)sqh45p7zvQ^}e6fGLn~DHpJVVOuL)Z zy*}VZ(&6?V?Zlgy!QDAMt*7S&6YS0CzIHECbt?GlJN2ul-^wL7 zFLd3_58WKKBJyDOK*O?$uzh|>g4R{;>2{cLkOS(Tx_BiSOqV1=6Ejj@oR2E(ncxN)K`? z2ys~(>6snu9F{qMVY0sGf`v=`{UQT>mM!5#g)CVb>>n2sy)-g7DaK@atp(NS%>Y0ti@a z5!uL{4>%aN%ZSXhm$7p~G^l2#MGug*m#P{r!g*8aFeuWnp>M1yo)d6XD8bLV+&M^T zFew6@>%++Ox z#%Qd>bFQxpr{-QzN|gZ7>gL1_=6SXaW-Joau#|cy)fhOg9jI`4c$lb3f^-0G(zh&9 zRJv-$oLn?@LeJgQy&dkqtWJq#X2^wuBD_ZMhy6u6I7t+JdsY!Z>mR~tGl(rfn-U?U z@=^(vNd+trBF!mTs%8=ejI)O)gd~f`Iq%JTd=Y@W0hNV>f+cVqK=o@8qj&gbw3ROk zm%&)Q9#`W^D4Ys_kh@FYB>2@mc^NUX;O`rV#0TA;DJS!pZ_i6(BZ|m;#_qXvzd6 zFH5Be%E{sjv370n%}PB$CMT^d(~@HrUQHMA$Zd)~@{65Z)DiftUQL+bN$R6$G@Yv&_bn0~geN>$p#ia8< z_&8*Fy-lVRg$W7dLK$5qgjGPTlo9$=|JRV}J%lG#E-XDnv$2&TnVJ$T*)o7Gg&{Nv zW9yv3W%NO0EmLj=4AUVDl}X0efE?_t4Q3@9scdr;L6^>orGuza{NX$&9#5WD@({vn zz|41j$SC3y@YWjb5RU4;u}dQFM^%4w<3p#}&r>FO56tX>TaM%N;BF;50H-k^rhD^l~AJk60@pu2NfoWT*jz$+yw}F4RxMvbQs$S(C-BY&RC_=fvJF z)R#ZGUqARUXlyNg3qEvi*MVN6!aIl0yn1TmPuRHsZWb2(#-@y7<(mz9+A-w<>LNFI z&#-Z$W|;YRX#i+R>(ujgjGi;bknjKu3O0$yjuK(hv2{kFVl}jWkLeFswS0*n6?;fq zj#{(|*4_?ngayYYtN?o-s(}s*Q{XT+4q=^dGa@yjN>ftQ$2;}Wt#%5tE$Ey%HtJjJ zMp<9@<`foqbl*+(&`)LKk1qR#NZXn;gWog>HN3cTAOR!3jh;U1BB+JTc((+=``1*| zv8m2Hlk?3_ulGm&Jj**7WM2)Wz9tA#KK2oVjs{bH;LPW63fsuc7H?+lMb* z;FOBuvVh4Uje#gQzdHJ6J2>Vd>EfVLT(9$v?(4m^LL*8nz}&q*(=y-@A_Xy8DSS3k z`mB;1jwV~&#-wd(%=m)%e#5fS{O;h91&gGM?|^1e}{XZYJ=HEGoDB7Jvjqt`vh4jZ9omfjVkHvBZw z@XDz^7zVDLn72`9x}}dE3?sVY5TOx1ZO2?h0Rp#E-pFb#VIUyl(pQCP?ZitKz{eAn zO~y+F_$QqrBio9yl$T$9oa|VV*&2?nD(NGhx@>-M>W;AIM@^}67Ul4vZls4QhJkmN z7BkwzBVr0p5JoW(R%*8tU%n7f_`caLQB7aeK;31n2Ls*4uBN+-1;iFxbE|g%ev>o& z!cqdo87My%cbuL8c-EL$0+!76ZMC$5V(N{SuINy2K+8}U&pePDbRGBqF3c2{RC$FJ zDQM*Kd`cTwm;|Txhwr~dtr)A^YQ)=(gb^@Ms%jpo4 zzLQp%2$n>dhE8QV<<}>LT6XT38ZWTDTv_n~%LS(~2qL&U7;Rh7Cz`Xg(|U8w)+Nr5 zoB)GbZ&_X{L%{K8Wf0ljaOKP+w;aGkoS|g>Ptn7O%jW_QTKZ6<7AR$p>IqitBtSoLF~IBo)QGnU z5dlt7-k70}yq|X5@fIOi{C5Kbeun?IDs^4K=WhLf^PGtywGA9%RRu)FCk&s(wOLo(BP!y%W^`z zvvaajQ&W&&;f4(xir1~p%gL%?0M*7|xdpMtp0>l+rZU*QGumrgtZ!E;ci)E9TUV!^ ztk@tB2un&!D@%oq4fSn1cC@rKZ>ibR-BjDNXXn9#hmIXTe*XMae+(Brc$FE&^IC*Po>cRB%^wZhdSFe8h&Hmr! z&;F&2L5p$^hNR;VR6(aPgw<4w*f#feVF?-wsZlo8ams4+T=-oBg5&$h>eikWro9i# zRgFBdMq2XnEl6srYNoM#aHNpoM86_3_8RkAP!qx(SzUjn!%DrWHO>3U4C0tY% zx66rFk}>u`bd#vN`K2;(@2XlOk9@^Rgkh|jK>j*rR%|>-pfOCHVQSIz1wnrYQxJ5 zNFta=Eyx_Vyt=2fN=*%6itwibR8|Jwyo=|JWH{+)YQ#yHi%=`a0~{~7j$qcy^)5FP zD>cw$OECb(RHn!vhGgg_$L_tRx39GiuaBTUuC3;++r?}nyX0#KDs0fheMH*JbZ=A~ z!$&P!wT;duFh`j83S7E)5ZN}Ec>}XxoPICXycK6yWPXSxDkdNINeHtF)Ly>ase&pB z9(^u}D6)Q%%31PBd3Tpn-Yrp4!OXt&CCnbW0JS<%$x&VOh-XM?e!=e|GYd5uc`j2D zi}ede6c#Ghh{ipHfwLl29KB`>uaj*%-hC1#kjiSE1oWL*UtKU?hClBs1wf2}WeW!9 z4g(O@0A@FkVr;mqe>cPYFPZ%S@EP`>pPyKi`H!pszhnQIPR@VJ|L^GF_J{rdmplP~ z#ee=@{^!#g!NMO#^)LZ1N1Qu{ zsw3vTy7z1Thu2?aIO%LMZ~#F(XWXXc4xY4g2wL-Vq@CcTb*bOs%;@hT%3>cwTETUu zQ$5ZE{mz9y{@^!c;`Ft_5+wh#>)+4Y`j-spXWis8=6^wIVt#VQKi~oW-u!oU`1|?) zhyLGZ4dXxj<-gAV696!8-aG^d7ZDM`=ktHKHXmT_R_A>Lc7L3Q)N#P@ZsfT35n*yy zDis$$y#DZE?oag`=-<|J5dQ3U5y(1HNn(GgicvrtLgkG@+%4-u{xJaxLnPbk07#al z!O|>gJb({~wlQ@z++igwK;$;kQmmMQYr9#Std(cN_xX$I{@Z;j>jlD{o;b@QD}Z%n z2SLXtiqO<`>nN|^+}-2Yp@Ht@s^+mur62~!H?;J%e!fRonu(*p-@Y=v-fh-ezh=j2 zGfuh55~8fz#VqkCYV_*)OYRRYNwMj7$ncpHkFQB8&6!KyJ-LM@MXo*>d(#xbLF+Ck zB3%atj7)!O#aL|89Su_0%AYrmyQ;`NZYpT;IMh_yn`{n=$Y-m3!nW-TL!liqGUpX zYYXrHN9W^n=6~Vp{KWLs&o=3{!NQ&59oIyt-fIXW15c&Wt3x&{OSX=z|;Dj_>tb9J6Qzc9)t zB%8}!8kLo`Jhvn?<#oliF2b^i`lkG{mfX&+ zZ57)q;cXq|Z3n8h?rQFCYdI~hIoiEr|B;p>%?D1NI&kK|-czH8d#27vb{@L8zjLVP z@W9!gi)YV`A2@bn==8|Q*|9T&lgEcgFAh!Kymb4{jk{y=OH-rQZ{M1^eB$E`HYgJl`)?n7qCUe@r+? zx@(hv)SWFvSLrVaw59Xh+OevJMGALN=v$$#r9ovfqmBx&P|5fAuUdni!+wA+r@UTh>7LhLvW3L#;^}(pJQCl*nX~wE2=q~|Orai# z8N*@|6+)cFBbETI7OeCxUVf7AO=6BK`!f$r00I?VjS?7R@=VGhnY1?ct60=9A(AsU zs!4U(TNomGHgb1@gjl{e-nhp3PKNUcT|}}U;F(cmx49gZdCqfpSekrk49>VQGp*Io zXAUGX@68F2J#e}K&RpuONh&%*^(L8+E%t}wiuN z+8>y{f0{Y@eEa{o+27yA|2a9j{lWkIPaDwBywG3qe~A5ewy`&yXG~rii&%biTAI%4 ze5=)kwo8Jemqg|UhD1l?u8PlHlUm4iTev^Nq9%83eN^;1H^=eqD<^903;DH6*OhE3 zs&x{Ug*7x4bRTUJHXo{LE-CG7ZSJkFJ=|5*vA?Bj|Mt_Tnhqc6ICHYQcl6M)%e!|s z9~$WD8a{jS@|m;a$BtgvxodE!_tMb$8>2lVCx<654I*ZL^2X)yX~o3kt(hxVA3VA@ z`{dEH@4o$UcIL&)7eBpu^X~cgFYZ2^of$mxoBZ;h>x%z^Q>2o#WIPmZtDa%bKv&}4 zGSzvStM4hoQT|)>^|T6mS#;w*vIBoaCP*H};%UY#>hnD%XdF#zK$^IB@S@RztQV7G zCb+Ez+zrZExyGF&TB02M6KuVLzamGxhR)}W}s}Ik}U?BnmGIwvX zU93XZ$_;(Y1+_k555SJ@nKpzs>oLOr-))hjo(lB)?;oUhsaV0hE{x7>Ya3;Wm1`qr z9+%rs(xCH}VVbVeuag?4xHCy!Z2<|O#Us8b5^Sc6C}y)S0q7&>GdGj6bbImrvIQ(m z3nk<`R)dQ16J`G^- z@GeQ;X@?>j7QuZgPM%^}Yr+1g@qtqjf+~lIz(Y8S?1-^$D^K(#-Xe-`4 z6o2B)YFxVN?Q~0es0WBifaR5MQa7`)i|(<6n1bDJWq8ZbRlpOkxrw@GuCqXnN%7Yv9=}`$=Fsy)mN}}@DotQ^ew%QOk#NIS4RaIqfT~Brwl#3tm3MG=5Jx41od)! z!c9gUFVjj@gRHs&K7BCLrxb6+iv7Sjg=ECHIptTMJmM=<**LspdmqDi%;hWG+0muO zi8m)xj4z0EB=*3NsE#?yTl@(l+-g#J9aBv5w=oL5` zg>_@TV9C7oOmtLoGj_6ptCmlp!DCe}RM~#u<(crK6AtK34oq1NY~MwsIFqEZi7YXs z(MzvzVl79{b+aA@5O@u7aTJ}@g>#4L=vZIN8m$vMoIEN!htJI9*s?%sUU!BGS8#U$ z6?F+<@o|97PCUzBt#BN&)Df(ArwX-3V7Jx3Y)N?Daakn*3u*xKcweaB8XcPmNf$;Y zyDX)mqF8$yuN+EqyL|iV9V`0(qXGNRT;G51>!0EO6|T-j_WoJ?^xwPY-+ul(`+p?; z`?vT%2N&ia`cHq`jsGjJKTdvB0@NVCKtBYW00IHXAMo)m!1?s*e{_7h$p7d9pHBYR z2hi|<9Y9Bc#sEYEQ8e)50HFPAs zkaJOgxh5Ke!Xh%6cy)#&a$P)fI}iii&B?CaH#^<_5QdaaXp^#O0P<%JmZ<(9HHGZ|-&%HHYoKHI2bs%fY?I<6GLFT+$BOQAyYaNib zThjmtgwQDbU)l~rG?W^EX0VMN5;2_ch@?D$u&(`2t%p9f{sQXG3}cDU!21t@HTFqO zOJauhFTK2G@GvIu;K8A^n-|8xMyOH5&9Qx11Git%bg+ ze(U<>_O2!Lv=x(gGK+~KE|Lm>3o@Ef zuYWvzdG((AmQUT@CTomw2W=zA`_i9%dokF+)xkzLm$AjPpFFg5f--e7psDaAJ6aKV zMecR`!iAA@%_$99-+4lIhtG=m2bUj+f4g`8{5X1*{mvT)3NkSs%=Xc)??2qQclq$y z9l71Y;-c=v*srZLCmQL;Fkx=<7B6UyFJEt(?&y4E@av`7ZTIgy8`#lo(ePupYsHad zkLW$Ox1O9IznqgA-OKw% zGxFN^?+)Ly+4*RDXJ`6{lnTWqAO3LDcLto3xErw_zIgoZs~=V(kC_1#F&fC!{Hvt` zX#j)mkQbi#XN$6!5z6Y`h;sQ5aeMM0-l2qk&iALdZw@UJS6-mr4+ox70#a6Qcy|P< zr-MuVUOaITonQ!F`sk=96n?)?-8;k9Uo+&67wL%tynS$>n$=^cMr7^CFJ0VGL<-uuvFn2OPz<`Z7$YTrJ4`Q@w48Vc?7n?>6Vo@Fj_h~L-52v*Z>~GxD#nxgZb@B)OG`ODC-k$Mi z*qz=L2LO?dq3^NT1k28F18^-m4H(%_j2fGGr&x#FMDIUt^4H}8q&YAEcKEM%`DA;j z8l{5?z4kJ71ujfSWjTHUCZN*{w-L%vmUX9?)m&mn3VCz_rLBFEOl+3hX2;1toFE#c z(o^TYUC^M^{NdA0kfHwd_{;L~X{a68d4Cyb>bhxn;J_hBe+&7#?#S>*;F?eGl`WgU zBkNpMQWVZBf^;TC3jY#Hwn_^Id)RBq4?9Lh8M+5;ECt5VCJ~88sOylh^2>5Y*PfI0 z6FK8Wz=K7_bD1NR;VqBq8&T=5U9Vop`rb%N9!aL!_+WB6@{>!h>L1N@Yd&=1oL15~ z%#J(beL88X!lTz(;4IBOMe_`t9@hynkG&4r2-kjJC-~89FF*N@fBubo;4}RH zwV5fYt3N;c_q*|52Upj>i~lkaO2|L*fB%B#<~R92G#W!9kuey&y1KfSrjCJu5ml9{ zqhqF{?T*LW+gRIJSXkNFIwFKkUY=fVuI^5Dwx%Y=NL^@RfCrK2PoqYgnMTdG4+el_ z2udd4v(!{_^we|o)$`2s*0@=0bg<@!Iu{2oS>os8>*pI69TmAOF3!idI3+nLJ0rcY zprCl&y8P9vb3)_9%VWyE*cjm`%1>_CTU=aTR<^yhrJ;7qk%}$*cJ1iizwh*sqt}}1 zE}lI8plkQ@Z=cNEy?y=CpZI_Ngj4zecofblr#N^Wd}7HPmJ}($)H6<#v5xKWCF`Tr zUeY076kf$|G&a1?hp1s0-l4-_$p)%5?9eS9tUgtBxBLnwBJwBNtzz)zePE*i1>r66 z08)ckW8l6*Qk0i0hauJYtlY|^l1nr!QG+EDC~-ROo8Qc~_xqB{D2$+z^$y0uRy9+_ zn?w#yb>8BPMoTITi?pd!#mN8xT&ZTZq@zm?m5RVPln;~6I)U(z;L+3_%A_(RB8vv- zfB-|aNV>c$}PMrIAv&>k!|dxbc$1>>l~w@ z!xF3-sIkcZ@J1%+8>rE>j*_+rMA%o_W>^jTRpBT>Gu3?LO&$tEqER~LppBFo1&wgM zPC_SWM{(~F%*lx09YsQoCSr8NO@Pxg{_U9f$~6F%z{J31R$bygqK&I0afwNXB}Afq zs*I%J>CH)KrY6hZrfa_%8qL$ZQx{;|%>uP_9zSZ(Xo?oEaYfRvWIJ0Q1&2m^-QkCw zmL;eze6Q8UUw++Rd)2&+{C*1mj-qc_`lZr%gmNY>9M`*^-?zg(7~#KB?cj4%tgGf) zh{kvxyl(t?rU0T@GQCS}r2L2=lMCGbU`^S}`yk4e#Zh&aoc30E0In4g?(Sf$0da+? zyp`!{y)vPy=PXZzr;!ymh~-C=aMDn!6v)Ot+P0kNY{`Q`FnHl%Y2OQH_#{|ZPD35S zAOTe?S!>@ZeS0Pr*jpj}qa{dRv-6rxuwEuTrALs=(9)7y~9P++Bh5 zyQC0$K2glvYgVWwM?J5L0V5H@Q5dqgz=ICy9ruIrCJ8wY@n(;Dld)K)Cfnb(3-&Ii zX|PzR@1ElK#FBaRorO3b1x(;!mSuq?=leYn(ftBzoW#t$hb?+an7*0N|Ibc+ey;uh z{OsTF+J9FEq}cOs@E=TvKjJ_C0_*>0{@+hIm>I;)1|bXv3qfdP3BY3U1Oib-g@UXI zcpQO3QPU=w8Ea{oQ>m^dCZ;wv2z`L1o2`|dy@R#Y z0%vEJg$q61UEQ4KJ0K(i2zNl3n|-LadtR8UmS!LxAFrhuPoac(E@WGo$1xF{=%-a9 z357}}60!;Sbaj@tVSo8;UosU$=_ChU3kxijHVV&FU;HY)MPFu{xtvu<2>( zh7dE# zFB3<^;d|*@5S?#Jv^ut?znoX}2;uVdlj}M1&KHgCN%lu-0lIVok9S;bFu|xD%46cT z8f7A7vU|%_cY76G&zY*`MNgZuDHkLdrW`tXNy@kpmb+qHID+C>*JKTcoGbUIA zm36M`@4N?JObyd4GHxso2wzo*RaNkGOTKL2dcCdZPyiyMAcBZOzH$zCNY^I)=18Ub z{?Ofvil0h79{S=jXb^DAU?rk3SdD;thKC_c8LE{;1?E@>sSDSPq8UjR*IF$!jC7bX zSgva9Q;S~g{fWPBP=K?@j}y+;t5Y^IlYH=e6K+-T)&~QZTdgwpe&8~d^gb#gb8G7! zF6aYZqKVFL5>4?ah-e%8X2+rnSVUWqDIgLg<}v{g#T?Yl9iLJfW^oz5wD6X(AzcFi zV4-PDg>3yV?XP!LJfSHEXskjmc5RG%;ye)j{xu9)*2F->g((UdNTf^J%OEt5g$*W$ zWAp;dyC2mD+XoIcgslh{5+Pk56vbXJHEftLGd3KOnZig@TNIK~$Mwle(FicEJJlEz z^R<{mSs{}T>1E3V!$x^2bv}3oJx}E8+6ZvAXAMbEdeVvTAypM7Re)Z5rdt@UpXW?cbkGda2-? zv9V0;*U-^Hm>q~2%3(c&BJO~C`Wrb`Kg)6oK;atQd;qf;ez{R-5jOb?jcxA6H6IP7 ztbNwOOcsd2Bi2E+kUlUkruF&osTgkJz&tyBhi&EbFHZ|-VFrl}<|Jf@PU##<{H(Zq+NHNs-Y95usr+Dj&aVz~m8me0HPLCtL;4>p**dc7Oe8qaug zmp>db&5B97h~gwVw-0{(A^D}9pE_^UW7gL(B`b;)aB+D=6ZYcU>-u@4QR?$H-K)cD z8;h;NeRT-Yjo|?&yWJn+Zmaku@jF6?pXSXqqFd9jF5{1l&ai|8Q!(}Ez0k4y?i8>0 z&&v#|w=8q&>Zc|M@3_Z~Yy@X5Fg00#o4KW7+SV2Xll+F1hJ zvkfdZZgI(3IU&}aHmIRoByUz*uoqKW5^mYA_mo$XI9Q&%&f^}5t7yk?W%$iq7mdbQ z^8SD+!t1>gx|7@;UeDO7>s$H_F0s(0k{W;FEI_T5q4i^lR`wOJv}_GXtDuvDx`gxI zyeyqh4WpEQaPY<$DYs!>rp2eWa13uMG1lmIkiz2Kixoo~25~M_1rgt@EG22O@qmp8 zqs0R-p0dny3ltZGje6oU;VvKxsJS`fSEn*!x8B4=v;9Na}!2SqX zxsLfBjKLH++T9zaa6ML8+O^mK;G&9s>vg2lD(e*@!#y(4iZ#_3%Iw$m^WANM1{Tk( zHv`FhVdTz4#AoeOy^{yd&XHX$4q(yF*<698=WlW1xpiAO6khzN^> zRZ`|k@aT3FM^cM*=L%kNa%0tH)cK5_~UN!zmHhYt%ZM*Y60Y>*ht`;dRUVOP%g!TY=tNHO%=W8tUF z=6fI%0dV<3rGRo$(~ip&cJ&_%JiOU%=aNx)zsrF9Y>8om>UQQG2|2~Gyqb+=BIrFd z9aL8s-n;W|sRx^(k|(}s_)c2xVhW-!av+r)F-T(aaIM8`%80Ve)rWy+we;y9;0iFd zaBM_Ekl*`wRLMOhezieJmx6?V z!F-GD+3(r$p6%wmXZxMsInF<`W-Vqt!+M_Ux%;~FBsH&x(7x0P=UN=WJztb_j6Aj| zn%AN6k+~-0frz;YwsCph0xgB zA&GIowM_t#^)?fc7i^O*-{a2J^coS$D4Ed7?MU(qosd_Bh}#r~ArN9jH;xhLhPwln zP}mZ#{Gl{W?@TZj65sX(ojoS)TriH$rCvJXE+S!MFv@3cfuW?SQero9Ts%tb01c2Mp5N%rNyznH42V#iK=BN+Gqdv>y~i^QboqyDyrDpCpki zKvp`mCx^s$g5{v^2+%>OC8Y=hB%bgafNp2Vp@AIW9vK`M8^_nQadlRQ{c}e%#JDO_ z@S-Fa$q+Cs7m&OZ&ZwPeH7E|Ol*`H|4I+esuwc8`dfpful$dW0u+6rm^tW9+^|WNQ z&SD}pWRX~QP&(N;POs-@uwYh{9vF&b%)k4){a^ozRicriB ze=L4k5IHgU5{@oEg)Ti3>peQAG(v!(11y9YHn86X5|Tk9B!+^K3i`cjm%&1TACgTa` zEEqdLuS!6K%N7ep2@nL>2p*_XgT@9!BZY$LDHQRNz~WGJE;t%%HQMLN#N)$6P+uZ9 zanemnk>*DU_UXpX_ml9ak_g3U0SErSbLX4yVqX2*5Avt%f1vXJv^{@+`Hz1i{{se8 z`~SxN2h9H;_Wv&*;a_(A)&F}2gbzvvpA7O-yPlH+ptcJ*0sdOsb#fhqCLiY>62mkz zA2{+QX|?`lX&+1mFk&6oao+|&a?c@AZ2Nu z!6#+C_;mH^dODyVo5IQC{dal&S^S&x!C(&VKISg&_U@fhXdKe+UKX=iP7e{*oDcWGx~ zbAM%U>A}*@tDU2brJaevrHbx(uPVe*en@c;LOFPX=J9SGt6-zt7rJ|$H zYfC$EOFJn`JK0M+#%p^HJ4eAgM;@=|B2Xwy6bgbu5u;F4C=??K#fCziN1;SeC{Ywj z8ii6pp|nvbT@*?Wg}RJF*`iQ(D3m)2<$*%^qfh}TR1i=(i$X=BP*EsU5(<@#Lgk=P zw@|2j6sjDBsz9Ocqfie~s2&um7lj%{p{7u%xrGJbcmai4MWKMEX#flJ77Fzqh1vnS zsG(2?DAdQ#TNgiXX&%kW?2nKgyf}{<1byCW-D$_)X{Xs~XWnV&+-c|gyfv`XeqpCw zVRo!;r(JF99&l23r`>q#p7>6?#k&UVEop$fp z`@TEvfjjM2X768HOFXld$gdKkorq3WBaBioJ}wuviBCapLU# zjCl{HSqti=AhlTw=E*>{r68RtIL3??)nuSHKovCw$DIr`n1T~b!HFjWO{U;vQ*g?8 z58x8*6r6rC&|(6HKLux;f-#8~qlj*r|Nr{EU`L7)+0{1IZ}F(`Bb z2AhIkoPxt=w6ta|Eap8tmV$!T5)*gY+xJICj%H^8w(Fn#uP0c5mTVX5L|F;0KeuMTuV5Li$Dwkak^Qrg zQ+iiio=j-}8pn3xtJa_~2KA4{bi>!^QV2;RbfeA8_Gn#BitNy_F6I69eHgAxt*nf?0~L^ zlXkwDqBD~y4<~ib56858BfY^fsU@z2_l7%y)Kx1FWtw2giTTROD{>+=^7av86T`u2vA8#ufPr?xA36G876 z#dP^{82fw_ONPUI^jXSKQdahc)%@7JaHfSg!3l?jc+vhQHD|-c)rGi>xD}v{M}!|1 ztzvG?C0ue*e#VRReUCy&>_z*?)6&MPA19CWvJk0$HmbH|=N@{LB5{s8ug_*X&A0oe z1C%BQ=)1nAAk-c_MhT9+U%O(ZKi517tJIe^&?&f;oycesvUzJzf_lnxLrm$Mc&POZ@E!r%yJmY+q z6e=l+5|bHb6f3X1KbK ziQ1F@8QGd@r{787+m4 zK0KHwMhA|$@7f2)q!_($hL+y*F}UZmhtcj$_FEsagG#g}+o_FWgJsILdpIFD!HDWw z@aOqPxM)}eA#og(q5l0%y-iIn{b2p#q8$tfuL4bFpiCLJQOB7iVgrFBB!+BgBxMUR z(cED?7kr6>R^u)%AGf}9PEwg+S|YZj3m*P^v%{{@%{Ng>Gw5PBWbx>9;700s@ay&Y zVXXY+Li%#iQYmOW37gD3Vh&a&dP$F2BD#sLD>2i4LL|(pSxF2f_ed3;#Yv-wCZJXg zNnSQ(b#oWt6nosdxD!w*IfsGas8&cTiyoyQPD;E`(gRH$Q}Vrr%eXt*BPCf4gWKdY zWDYJ$jdg*QRK^&4^E<>|TN3GMVB*A^VrPhk5Cyp)&DlIy*fHh$6w%HKhT#;!BBMh{ z;w-Yll!6c0M}x_sx)63FJAvd&YStg2SwgU7oGP(Fx+o}zvKW{oiDu9tB=y!s?XaGS zzG1%>Z|ik@oF97m_t3Zg-NyLS`oE=(pRJdVqqn1*{l8fMhY1P)j{il7|40Ad@3K_B z>i;)^nu_F~#sjpVuj2ytKkon7|0mbsIL9FLpSfLr?)^c`%!mQ6IV&GbDS*~dQd6K9 zOD`2eFUG&9n98D?!d+5(cOVlcjTNO_S2P$be8T-yXD^>YBNjm~zB{j$4_D{pX(1_o zTC5fAmqwe;p?^pHwiVF(gG&=>25>)dk#4G{U3}Wl@=4d#u+BBJA^c@pl~#!F%JSu# z_sd=*4Ypnq3{q6hv>AUorugiC&#XHtmd#8pU`zjw$5hHtMRw8S5u|J^qV0|2uz(f2aB=&w`(N|InZ0q{LuqmYMdQ;2)~nbqm1%P&&UDR#Q`Iu|_-t z*atr*xuo-^QtA$UNqy+LV4*>&12^$RbI zSJ*%8XHYdbH`yXNy?(#d@7`=X9V>)Ut*QFWqbM>iv%w}l-Hs&Y$aJ-%doS9~eVVTv z%-*zayt9#U-87B&@<`5wbNjUZbg5m0jn}55t3LJTUTFO=F>U;!env|dv>{PaOI+lZ=ZllsJP!HY272Q33VlXcFT z^u+(Uw$Y!)zb(-I%jKVf|2O;p0g0l&@&5yqa6kP2-vRwU=l}jW{r|%sF7`n&-Ai+aDTh$dO=O_UNqqZZS1&`wmix^CL9$2?M`RiJWL z*`sW{+~~H!5P<)&V#Nzs@|@%jI?1;2W-ROXdAftS#*6gDg}HTFyxz9F!aI@wR=<(| zCLKxOgLt*(w~Kx3XNsSjig6m{OTT$dF|^B}I(WO?O`n$Po^z$i8E=iDJ#U@5dyhhf z%MW;6%QFqBC|pJMOy=*}qaH?IY4*M~bVoIDt*K>yBMKeuKNtL`k^he7R=$AoZ|m)S z>P_IA`akTq@*fEQ3ICA)-(v&#S^g7$!~Q1*?Ej|#{>gEWzwG@IKCVm~}t5BZ=)$2DebrEx`Xja$7PK!XQpoBAdxA!Zx&)%mMiS^d zD!X59c*nFohJlWsd#cWXCg*a=^D>hP#|53+SDu$XZ&fFHm^NT|{&J2>aMxQ^qjh++ z>+brVNfY1jqXcH>%UsR;BZ&WKrTx^i{ExqI3jEtR+B^DKx|sjO196(2;9K|?6#A|F z2X+M55B>ii&)UE4%4zU_694;0`acz(*$j0DR56}`$oO+s5(_AmUDj?;sfP7YGKJ+8 z{39LKp$Km2nEFy!@xUFptt5S*H*05_VD!3a)-wmiV(xIX+Ym1(VE@-SJ>jIV*Ur_i z%)RF1Su|P0+Rn>hBE0#c&V<9Sve~;-yVdDEfA~!=*URmm)?M)%0)YRYY~?KA|Mz^^ z$%}_dXAg8AxtVZ}^P$A9{Zij;*=Iwye7#?`Uw>M*+(zrGQ(d-Ib-Xz#*i~X-d-E2- zCt>qRdfR@sFIf!^uY|o<;^S!qcgvi0$qooEmA_w`yx4gE;lo@%X9Ri$&=|cnxuZ0t;h?tU=4PEk*X3PL3zg#&5{_VXiJscdZ{|fvI|Hl8%&&U5m|NmcR>tBEBH28nx~6y|Oiqct{~$^42b5`E9|hYEx}zxx03 zF3`BqlY2qD!L=iPVdCKs9sEB($o~h+<`nn`0)TE-?v`FQr`-X*DgS|DpWoE~ zoP-2_#Q*lpx0cJ zrxGq=DLzPNpG0(>t) z8vQjnIbOfP!tKBT>Eh?>+afjyuYv-vwfdM?qua@i`j!K)Ke*xhD=qAO9E=3~|DPYC zh^W~`sqO3ols-f>^+r9We5zM4=^%96|mGyeZf{J;Aj%Ky$7N&++PruXv-36$uF=j^2Lo)mK3GSg^SpflgaK2J1C(o5VHkA;#K*An7h0S=8YMuDwvTd8e zdwN7yUah58Ow^Gz=Rav`cso$$w$RU7=2!Kqm1ra8y0I7g>vpC66uC>3F6K>qJqeg? zdLCW5b_7B3^unG>U2*8le#RdPth(-0sti{==QC?Byq}ZMD(*YMR5N|F1ZFH^wUU+OLei96vi+q>!v}{iU|!Sc=0Gp)Hs2rcs)0-g+fn=DX>F zE7?U1^y$3%t^SE+>Vr)+hS5pPs<~>-Ua~z|0^Scwf!@xUwj}d%w|w6BR2NF!8Qkz+ zH@zPlne$;okJos(>Q(JT+b5T~hgL&p8!lvSZOyvrE3#I#y1$=`0iS7f&Dvgj9)I;* z=Eu)4w&1uo z70Zf)VTU3|VN1H&BqrfkLX9QBS*b|PfP8}JBYgJx@v;waOfi5m|OeK=cI z&m|=OWM#!qkMb&ZQzn?oVB$s3{j+!FvgF509nhqDJPy`&B|kuT*gb@^N}C84Kw-KDe= zFSCT|NS)rFoqEmxM(GX0VZu$bzW8_3`nh!R@z;aYU){WMdrgPm)5UHaNyTl67Yd=H zbiw4ym(vBh0R5*knEh$|yEwWzpHlAsywbjjf56!PwfyHhNeTQR|9^gff8qPz@&Cv9 zKPUCS08{Y)TK}7z-w{JC-~_n+{$Bs59RI)6|8e;}p7gXI38uk)O|MdK`;-395ahf*U-St-k zjX?fC;QwP(GkW{#k=NQ;vui>;rVVEZ1aj#Exn4IqcSeL)WO-fg$r5QCr~gp1@&x(7 zi;^p+eC^pC9%uD6zrCg5>XG^3q3M#%*B$1Rj2dl+v;T#r!Jo#zE0FnbX>V)(PecH| zg?}N~@BDuvKkEPfLeT%>)~CV$Kdk@%TK_lGTXTYcDYLKjKa4-s|Jn8>^IG@oah%lu ziF)f4M)TQr-XV=LRFK}AqIPw4Um7di9Z|H@XRmu>w>TgUI zssxj=mNmG(Y;?yy8^5u~K9y}D^72({{T5KC_iE=$?9;W&nZ`t!LKRteANPFK|7({9 zvILwnrkm>QQ=_F~85zX)R-5fLFAT?0!Zu=Wi517YW>)F63p$rm_T_B9D7=r3qHv=V zGN~{14@y_hYVvNc3YI;Cf52hAbmb~lM8Ck{`&HLF)I=+}^q)R#ERz&y-fNKfbRa4+ za7VM<3;zGIlJKYT?`CQ3;N@uT;A4C0BH(Z0U-)0fvFufYFT`ESrx zQe&-{z$kr%9v8l-m<(0|>i@l%J2QT=|Lcm>Q!w36_&2UlU+4W?s^5`tLyJ+>t4E;+PPfX1-%XDogH-5$=KnAo zYPrABo@YH!)a=*rcKV#9ltEv!_q&%|SLu9T>if;lo8IfN7^PmXeL@T2FcPc0T)A;wWbUc0K&)0SP4g3r8 z|IYu<$M>WD=dZ*3FYo*n{|Jyc=fz?*9^|cBl%YP-r0}v!W#)j6)C#;7w)DXiyG1%)#-G*dl26Vx;cMMOLk z5>l$Fs&caLO+Tyf^s4+?Sp@pZDSR^K38xVFmo|l#B?wGRq;#vqGFYB~mW`1b3WYyP zgvv^WiNXsa@YuDDjrzQ7!y!BZy=@4R0y#7cQLJt1lsCadH0(GJsx3QuKp525jB+|< zF!O+#;@beHz<4O9#|2(>UVtQR30QEYzKcpC%`2?b*j`@~<7 zMhnBn#AlgQ4KBgJB_Wj({VcL=QGVvLWJm0r^I|(84$cH!Bd0bY1ccKuT3=_{LPRTC zGVsyeX$V);aFRIBcYdM?yfOr*YIL6<#PEOnrPbHzO%aEY(tss;C&>1W8T4|xzh^5t zUWQOh8WB5LqKD>UVB%YJAknc28N|8u*T}2&LD=|7RG`3ZTow=*&mt*B^?W#WK7#!&72|aZzqB_oXwnXP zApBvG*BaEdCp?RUK5xM1`WDGCVd+W+*zC&~$spWhK?E9}>2^VogC)Wyfi@#7Ma?K= zbv7u2iBcN9H&`eglja%%9Ljl?1#w9>`7RsQ#|OUYzAuh4F1ct2YEApLcv4beU!_&N z0*2|lQHtUXzen+rP^>u`?UC5J$bgUAwh7!F@^$f$z zAcB6@t0>I%l3>*${W24@*S2>z%G=xwJALS8?8&9~D;2?5^lF!qK=_5{?C*_!ptT9M z)>qQf=u{CsbDh9!`ix$?RW&?EIOTCcq$Czj#Z`gj5;!&~XEhVLlR9nL=ZSGC^5*Dx4oMT1B%-4TG}G&f&#^3|pbc2IiP@AfCOv+f=Egno9rtcV zR3c`M_0^LQSo;Ldqd9g2uHzVmwSJ~0INaNCSLH4J;1KLEPEPcc%i`$u?iu(o(pe zaw^%!GApvM5yLZ{#yBZM94rKxJGFOGkr*A}Dt5_u$O_hyO-)3VeX?@IPWl;+X!(#L zR;3&VZVbo>7LFW}sGit#E@!yF;z;F4kmK?*&e(|$_fx$HEDT`piL_hf)#$Vb)7+Jd zh{TAMcogE2_=8oi?ii^T_L4HQU$EtT(WjABgTYEMl?jzkVf2hyF;^-@;Ruf(RT9~O z%LJ(p$7fq6|3Nn$vBeO`` zqbK@uiSOn&{sBhDjR)SSR&iO30Oz%w6SpPLeO)K?Tv|Rg=Id*l< zC}%vO1@z*@;Bc@K9=RQD$BS{$IW=++`Pk6nMlRN-LLx8fW+MqQwOA#X2?Fx zJ`7GMRm1Xm(S~nKAwt;e9?uH5=-*R+5MVso~CR~;A9dnOLOVk40V-dSY5KxE4vraU+%?dETYErLKm;b_s1?9MKptJ$45eIr|d`IO7ZZ7@+gFi@dbqM40#-Zo%!S3$Hp zSz7+uFyuwO>}WuTF;uMM{M15jppJ5e;Z;b{lr4*R#>yR|1iPd<^Kxs3;gi^f0y;~cl#gl(|Etn|Dysrf9(8E{O@IK z-Ro;1C-J|G<>;dI{s!my?vwmK+}V%A2VU>+Adwf418{CE$zGcg9IdRJ;Ux0$LIZcL zGQU_8{wKQpMuEhEPkM!KwrPZVZD?QTPJFl$#fMTG!#v2y5Tb5c@wfLaIatBD)QHoY zx#C}Hdsy-UyRWIaG&=im=@Nu}a?P=&p1o|s$spVR+?90&$KorvpGqgGIX=ZINjO!s z<_sM9I%gbxUcHht=zO!6^A?xU-~ev9lg(PW>Qx5G_?GgxwuBp4_X$c?cu5f%h4fg;1$lurH^{4UgZEFcIfSOwZ9KhBtr^^8PHvWH` z|0nQ+|L41)|Cjt3^)Yluv@bsJ zsZj$-)2-!s8@VV+|LN(ai_d54yC)P&!m)PKeYOqJqD0w?dql(>g~>6`9X0yjPY>v( z<}?w8f0VBl)~I>UMMMM?Lddj^T^BeNy5MAc{75Exs& zqJP7`_%+eI|BfBtPvPIk))lDy^|2L&!OU%dCP2UjV0j8>;J5J42m7u6UqBG{L;io4 z9pJ0{2Lp}10Q`R?|7JR-R#%5AIC|Lv3180MP%U38K;?tV*!o!h)D?^z_+dYFN;&x! z2n|i{zok~@yG+P;9^};cx3hHfar~F&|MBzj{Vx75^n?HV`z(a7_-6)Df(}3+DJiMr z&0U%s50nwp%PeDUJN#Kgq-`1teZ&!0VeHa0f)^y$;l(b18Sk>TOtp`oF{ z!NGxnf&TvfzP`TR-rk;`p6>4MCr_R{e*E~+qeop`U7eksKlpN zWo4zMr6naL#l^)%MMZb--YqOFEGQ_*&(F`x%R?fOckbND&CR`i`}VC{w{G6NnUj-~ zot>SPm6e&9nURr^o}QkTmX?~Dnv#-|oSdALl$4m5n2?YVA0HnV7Z)2F8xs=~9UUDN z6%`p784(c?9v&VR78V*B8WIu`92|^5AcBH|Zrr$W{rdH5*REZ?diBbcD}jN50RaL2 z{{DV`e!jlGK0ZF)-rinbUY?$w9v&X5R+g5Q78Vxf=H_N*W|uEtHZ?UhF)=YVHokP}l97>-p`oFHfq}lh zzMh_*uCA_*j*hmrww9KbrlzKbhK9Pjx|*7rs;a7rii)zbvXYXLqN1XLf`Yufyquhz ztgNhzjEuCjG#m~G){ms5^ z$OHWZVdu}E=jG+);o;%t=H}w!;^gGy;NW0qXFqrD92*-OD=RAt3kx$d^Vzd!nV6WM zQ0SR6XBZh785kJo>FMd{=xAwaX=rGusi~=`s3<8ZDJUq&$;rvc$Vf>^Nk~YDiHV7b zhzJP@2?z-A@$vES@E{NfE-o$(4h|6H!otGB#KgqFz(7YwM?*sc0|lQy^}PHEbw5eB z6HF)qeZaopl22+FvZohDuO3He96e4%-YL6wi0$e~GvQmJed zMSI1=U3X>K*m6giI>IEv6WCM)_et`Ez>?HEPPTHOEL9TL;a=;SVwGstyj)Y7^fI_L z>G|vRXFK4~;^SJ0GzxVDi7pYt6dmS6*Vd5T?){*^nZRJ+2_~!zX1LBkN&^kWwHES{^x^ET7YhCff5rz!z!SM zAkYd36mYUFe%1C*_Cq*M9Ej*|@p^0ma--hryhoA5479|=$owaDs zyk&;^_ZKIsEO6B@;0-4^K+ke1;O|RJ5?p8dZB+pdpw@t02+og|W&igja%%iLS$doj z{@<+s7Zmti|6idW{2%}Kx&1SD_&fgVK%irwzbx9Hd?6B_3No1WlnKZ+A&)ZE0>MFX z^b~Gt%~~CxSdf`9JtAdECE+|CdseS*XK88*{@C~kp3&Pe?}*GC*X?O-^~73Lr3+C$`MW&Mgbq5 znw8gtetDm=s+htOaiKCN>my&M95$MGNHTi>@_`(Zm9{$nskI^AhkEb_Zl+TB)gZFT zngZ+6i&SK+S+y5oH6XSW43?Npbx=~Wo8$^fY5mb|_zjr?(h`EGA&hHO>lCVUEVbh6 z$x@Q6j{IM`_P3{7{m=YJ!TF1Jk1AN(J1lfS(rd@d6HEz=sTYo`HVAC>+os4h7255v8I6d?LU&Gz9fYNTAw4u7E2W z@PPx86Y#nN4)&v{jKoCLUVancr3W1QsMoI_JU{`V0U)w?uy^o3`|3&F|3w`7ET%^t zp*UoaTNYYxItkIGSl}MWc`ybpR1}e9AuAWjCNVp{n zhyWLl8m0y90)^3Wvujy&E=Z%1LH6jk!8R(`WF&BlsahwsV!#d23nJO*B%(P>?7?Y? z2umexgQUTv5g3IKDF^8G1pF~34*U90D{{>kOo8RI?_{|pkF9TFrNyO%u6zqkOiO*H zwsSlQ%&+Bf*vSLV#iWkqQGMp#HB5FE-(b44(H4f zE(SG?nGPSUNppeK=U2A7KKE}D>}Bha*{lR>V(Jsa{TMttr2Wodz`&R^#Kgg}G;!o0 z^*D<9HxU}aFfsnQw8&HA|0Ms<+u>9Jz;EH7?|OaMy62*3*nbOIAi&XW%(7jOb9fvum! z0-Zo4R%;4Rn1EF1f9eDbR07hMoOA*^VFGd#fc|q!_Pacn|CT}i82|sr#Gk)C#BbvN zclkg3FySBk|KDW^e#QTf{Gadgu>TDQ;XTiL9e z?0*562>%cM-|wWcH|a$dK9Q7bSz0tsY{!ZK24$pmQB7}#Jy5*Pz1I}I@& z@VJh_Xy4_b{Z)f7q3|^1^>k&WwdDDEVdy9S4bw4$jIX1M&(C(40#w}{*p;D*Kn6aP zpI7)KBO9X^g!*cooy;Q$`xqe=5*ijB5g8R76B`$wkeHO5lA4yDk(rg9bMw~i+_3X` z`2~e{i;7E1%gQS%tL|0T)YjGCZ)j|4ZjqE?#m2@9!E0|PVCCWAk|ckOO)ViMTqGq1 z6%cHx51E>I^?G*h&HTdRQl(&5yNDDIb~g_z1@0~`g~X%Bc&t(v?@9?lon|~N-#u># zImwwj$q{i8zcF(dE_7{&XRi*F&w1&8-h1 zkLHq*;m8N#4*+&L1XV}ARFcAhaBJ=UOLmnv3drfkgRMD7`5Em)!)gX&)J{?{BUZ$c zBo+M!={>p8`e)7hjl=Dgk(+rg*wO(Qlnzji)x%MEU^{iDHYOL``_WZ=KfMs|56Ump zeTkbu(m@lx2VH)I^bYgU54G=Ggm-R3(a*o@G-ToChs_)r%J$Is5^4S-Y zyx$||;@UTlnbE_QG8z${pXV~weKX@j(4ycwhG&ya{iaBXF7&PzW~qnBg9WALa7=DA z>h~|A@|_( z6p2#?rC$-$DMq)1EAnMvOk$K1DBsszqinrwWv}{CO!o24Bf^VM)}MukASs56D+VVl zxtRA>Rud~Ioj2J9XMAOG2Zg7(F-H|tgR^*!JM0DS8>@h^Hnu~Ds$BZ{Z$?!jVVk9{ ztXDQ$0@yyGYj$^dJZjsUxQZ?@oT2rsp5lSO5$=Ex$hD4V^6DeP3(xUFA7XEe$`ZBs zJ#yx(JJ!b?$Y0IP;cTTZa0n%Aqqlcf0XtG{rFSnKVS`#kix;B2)gcadG3ZI9?3 zrAIx2hjUZC*sJ?w_&nT*U?LG4I_JK{4$~Oyq?hvrLy2WKcgNqTQ_v4c;iv8iY`xVL z9FT0{_H1GaLpDGPN|1gyoK48!l6s&o`m2DI%0?{xhYV=A2g1qNV{4`UZQkq=?V8^TiPl@*s_(kme$fXiJIIZ zjml4lGM$7H6`#)$+1b}MuilBR{kTe`?ja7MD)G9ual4)I)86ZCNiXk1x!e%~39-=n zv14^RLSBwrR|#8I3q@Eub|9kX#rHr;TVt3+&)wUu?z+KT+D4|W)9xbW>9sFHyt%5?u`Hm%qT*S zJg79`WvUoZZbGc?s|#4$!BFx(#kO5-9ZWM*#QaKw5AHDJ3<~VoLJun+WzaY>-;_7Un1m6Jw;Z>~eTllEXD=0)1ixw8bj* z#WhS^naLjNi1~bz}rdttS60Yd>i zKG@;8%bzk5P)+!p8$qR%Khuy@Q;U@rhshlL#m*^0gy0#8&fO zPY+miDbk-7l_nk4PibH=gXOiDE_#y1EyXg6KQJ;Us|jh$)j>ArFwWt`8@_ylFSBW3NsSo4t2D@SYX*TSX9>OzH-TBzBXwJ- zU%Nf^msrx!iu0wYIwIT@%lJ4Ht8^V4l+32xISrFR?Mq?@`tlRlF! zCDk&;rq#1)g^#`(AWl(d=?6^>hatrA9(Zg*XXY9N=zPe<;?LX;y)l z9XLj*=u;CN*e}o`h*UVIQuFohDhM;aM_w~}zMm5^RLEp{mp;bjI792+nyjU6Hojhw zp8yCka98=#!GcTJRJ9zXGwoG|$(`F>(<^U%-y5w;p;NVxPx1;1U3k$(VyEqDRv};< ze$-G;BU&M|yhBxYea5NwsMLde$9;h0?m%OJsfy|>|Y3k_5L1#w@SCi3_QWh~P zvA~h)H1%^+GCfffz9!B`&QkMK;c`WD3A33)uljG+vR70!@6v8c-En()b%|A^>bg7s z0?F*r2c{b}@$O&1-gj1bVPnrYR;9^uB3#s0F!10${4ZJ};6xhEtY;# znpa-CRSax%=HX=iO&|6{oEIpe-Js~m9ZG-3!7^srna_k*IN)1HBY`y_vaH?3?1XpO z16#${To=BqpWC`@95{HV=U!voJ2A#t&FS#=dUi-cTp;^`7*xp@&92SQCAyZ_nppvt z@^NU#U;$^WSLhximLnDJEx6G#RM$I65coi@^+Digha zA5Q{dB1S16lIeA|+x}YE4R(JCCZtjOxIH9EooY^m=Y{<^i<;56`%{~sr|5D_dX@=_ z4yKttjUC=Ed<>}B-Il4YJ&RDh+bCWbs#aK_%eIK{7GEdt~coOHbQBcoak7IHX?lu?=L+PyGq2x|^Lkq}$EP z&T{Nf-iA`jBg2bm*};BUzJ19xhFUFd6(Wc*Aryd!!{suYt}#nn3uK@TuHbbh5rzkY zZwG+byg|qs3fvBKXm<$p3N3jO+7?<^Bk_&Mg9t$zHAf{xgOTc0C7C;qOz&zbp5wS0 zO=W5vpdNEyV%FDZI7|^$jA!`)ZNmUG>JyP?k8oX3or;Q(30E#G0M;L3-bbC>&o^jQ z6-;b&T?umWC{@N!VreCU_)t12UGf9Fa;&ILl?6KSF4`Ar(gJe)ZfQ~uSd5uA0r%uJ zBp(-r4q6ykY)ThRyapY;FO*3bou(U4wCI@N%?^ltNs|hpld-G=*3$5?lVE>xBb5dc zdr345BhFAz&qY8n>k=gQlBkET0vHKm@yNcoCxvO@7|sGOXqHbFgTx+Xm0*ikaS)=7 z6F4sTqT6b+VT62HxLK8S^BI<5N46`*zNWtcG0`qxAp(~4%n|B=F4Bu9C!HAr)mgH< z@NvxVaUR+E2>)PZe92KK?GQW-*^BFI#4?xS&%e1<2%{i?p=aMs<{G6Mg_$ttMNf$_ z+oL5DQ$^ES5<%HWia+4(DMz=>c~&LmZX6+TpXTNjlhUt66^_EgI?xBtI<c;HA+nkT(v*crbQ1L21l0fw z6{DoK{~1U!qz@|mo<(sHeH0ETD5k|l5zcY}d7gI_KGcCeK8HTaXR_3Xe$;1KPE2=;OvYtV8vGox zDCp)eL9kB-k-aM&S7=IwEa)tbuvICtd3wvClx;OhZfFkt;u04U>}eq_C?yS)Pm$S< zWt0Tm1%nw_q;*Q6C1_eVnzH2eF>Xbc-6}!`Nz12;Lvot?HCW(E0C`0r64cLmiC(Yt zj9?Li&E;bZt<0BveIZ51Z>+>9YMoeB&RjzLbJy3**uxI7+D0IJ3wr-Yjae>G$Ssf5e2j_pB(L_c)mVI9ExA^rZ&!Vj{IWi| zBH5_vm`}xWJvfpX^lGAl{fStI?d2YYnlbBIH7*7ASOFsDa);}LEzvt0)yg+3;tiWWs6dAM>%-H8$DWmhlLHi4%{J2w4Bk{t;e-?+*I%uZkipi=8DR zLo1YRrQrJyXf6bH?b%d((rCqK9an8l0VWE;yo$8S+pA@$0r{IS`YBrx{D16y2S8KT z*LavBD&pSyhzckpi!DS#!cvwY;H)tu0U{*9B%oNe2wJUs)w=86T6b-2D~`Hraa%`= zt*u%|U9GmZ@;~>jyo3Z0{e545-(OlGdGC&M?>+b2v#)yi2cj>&9Y5vk4q4GJv>zMe zcC8ONdnh5XZwfX~m928$+F|$JVv z+xz*!`-``EH#&4=$IQzm9-57Z&Q3bi>CCL36&(eltQUj5BDsUxA058sK>N6k?jBd- zeO_!nFevTbyzKSSOP*#na{JnS&KEHi?njUOC|J2Xt?|lzg?ZkqfBoR1W8?eW6Q8|1 z#o<8v(Vw5_ows+==Hok-_-OugjCwe0;s~cvN&ID3ib`j7YgEDFFK!=sd23XoP7NYY zo;cO>cE$1D!}fo({N%nyzQ4TJcxP$Bz_Hg(-Was($f>Qz)~(&y{^ZHX)2?UN^t|d6 zQOVtDXzVKJxTW==w$a=_9KBu3INeLQ0xxMJK|n?GZ~v5X?{b|4m8+ZoyzaNGZqsHv z_DFMd^*Vj??}{(SJGykO5TrS^D>&2U8^@88&a@dja%6m~(`SaiIGgsT^sM(gj!l9& z_qI8SCzSeL9^P4dreoB(py_8apE!Qd_)J8nR)Mn|ga0`fz0@Iasl&I8gEnUjXSF}y zXUqBNE57LU&-t(VIrfdZ5OiM%kwdyYc{uIb^}()3J-=-rFmX~|N*-jR!!_4Zr3gdN#Ch|}8# z`(#_>d`i=^H>!8o+NEL3SFZK$%`0EOam%*t`@XF>bN1Z%onIb1zF~j)(jzO@o)B*R z28-Nu;r5+h@7|jc)O+={Bf^EeKm4Bm=_d@2{H}NKu@8G)+PeHenOoj>B{`*o8?@+= z@;o7W`^vA~BU4UQuASx*Zfq!?(lPO|i+ATHonq$YZdW@_Yu~9Tf9=NA;0Lhc_rHF5 zs5tyVpx?o3zJd>r_765fG|)9pC+qdjGwf(5;XYcm;beqCdwEf1|0phHQkP`g2 zUJha0FS>+ySA4ST&e@fsM&74B+kH3T%OA%tOYX4X>fTR`cjH>V zFy8-Rmpk4a@zQ(|eomtW)#~xjpPq&xqA6Z%ppy?RKiv=N@(_^X8VcA16GU<{Q&E#I(N5 zqr)%0(#a1BOAclJoPV}7zNxg0(~Jo3m+hL*ym6g%)8kx|&-xdaciM3C!v?&C9eYMU zuI%6=Z9TC2oB{JU%$UD_VY&FDDGQr>f4FN)^e+KTTc(vPoF4hG+-1`Gv>b;HmyfRt z80~SzW6=T4?|nQ}Bc6DVU4DE+Uk4Ve!fnmSo&z;&C#?63Uc-t^yW{j}{&3HgvtJgR zZ(QJbsMIg(w6`X3-k=k1Yx^%6bj*42gYe-SSOq6MHjZj&Y}rW0PWWL{dd#4Uo6pbk zEOnpY=DFFcXVTS#Jzm|K$9%dop|6&GZARYYy%SY^w``p-*`2j__VUGB_uTVn)Oo02 zJnN%|euuXmQh)TQYM^x+TN_u0Ph;QQ0Ivs^AGZQSSJ z#vaZ(KeS?mgZHGyJ-=P|{oqrRAC59P4sq;~>o}JEaO!fu=DRmOT(T!9f9I)gz24cr zrrWF`@@KxHTBNLxRes=V{>&#ExyIvjScA|8Bz9V^-~025qN>1OmVNx4XH#rjiFlCTHCCfv8^#wN3KPs4FN~Wz zvu$Nbm!a&z0jK`(+daN-|9dUUF>ZF?!7s7FYYmrN7v1{w%P+qj``)<@FG~Li(0*C2 z;vE|LqT_SNy$!P_T>G`tlT)|8>eDaJ=|gFBL%;5#Hbc4N?o`eW8(y$~*TZOz|Ew8( z9ys)9cKB$aX2mi0_D`JJ`Oa$Hc!<}N%(bD5M{LY|$e!^0V$r&QjrqmboV?nE@7^$F zc2DQRO_%?SJ`!2s61MLicw$DS_~>;0p;ejZqh0$Yl{bC*yHjyT{|3Pc zv5Uh*`#W{xJEUKm+REqUnwW^S{rV5>=-f8y`S!F$+sktQUjC%~(vfvHDwItxmz??~ zH|T-G4%S$eSCd<=tcDw#d^Fnqm-Y=D4(C=Zcj>a%p{aYr(srA%*;AcGU6UVuu&O*} zVfld7-CKO-m@vg#yz|&fpWbc9 zH=VTbgl=K#*!_QXJ~njQ`0wxUTyW;O$hoz9+55W=F07Eahb@?0+Ik-5^2y%uSxMVI z)W(f)5rnO7T&`(2X2-0lcRQ|m(C0Gs2gWMvY#Z`$&=S`Pm5-=&ZRd9?Y@`$ z*B<4G*mbGr5_UoM_IG3Ubw0MWLCL-z+U(>_fm`>wT^OR8zq4^+zl1FjCA%tFtpy3k zRi1a6Z~LpHMXym`H(d5-zl0;p8-%z0cGS4&&YhoE#zn2~7xYzz=w)F*>EK!92=Lgd_&4vjVoAZj@)W>`sRej3I0yU2HbSO zjveqG>i>;%$8wf1q$GD@Qpxrm<<3#%xzSJ8{E)fVqp*F9@3OWEr>T2}HCX)f=A7h$ z`AvtFu$ttSe9+L-p=D^v(H`ZlO(W-&hJ0K3&6+3C|MY40&6jD15Bqg4SVc6a04Ie&v)Z@i+m)q(;SN5*F;$hk%Y4+oY zF|z}H>-K#|_Q|c|FW!hOo8Mwz%Y=(zZmg7cGd`}I61#tn$LQtXxs9p3?=SZ~r%^sK zm`ZFHzakwG7kJM8YLjq)MvPTRs7edXNP!?VO;?hMh-Uk`QK6rBBV@uj9s z<`tKHvnT3s(x)XZ5#NjEElYNkwaTM` z>34CvZoiMM{M5;7eqQ;lL386+9V;B}glal*HFqvKJR0G6Zg#Ua@e+5RE=#!CT?UM8 zhK=bo%pr_ba^`7P--~U7(@I<~cVZuP3Vm6gwtwBIUKI|`v)(&&bljn%4js3pReUO6 zTHthXb-tjav3G%SNx^%E;>Wk#YuKbeIi%Vr+KO60F zyR7NuOnKk9Ir`U zJtt0`=+(5%G-M*3J8251+sqH=%$PNyr&qTntJlnCtzYlZVRciMOKDS=Rcm*zUGK%| zuwhTx)@>8^e|c!$Mi+>caZ$@R_N5Ij3DJW_NHXpL*)RCueVzt#A4b%VA2- z7A`I=uFve*^qBhzPK%}$Z60vi+-tg^>B~olLT4TJ7rVQ=wQR}0;heNL2J=h%ZDK@` z`<{39M$cOKX`%asfzBUnSrL=;V~T_CM-5x~Ioz7n(D$jIq-Q}{OV)x7jwPjSwmOze zo|P`zX}GxT{*|JXerY+5EpHemPFajCaGx!TaBsO}TceCkgXV3>xD=ivN$0aeb=?P; zUiLik*XUO67n}!`CM=h3&l7)}b74$tms1zoy_2&!Boccxa-QGFy|Qvy$tBN?11k5r zw>XmFXin~wW7ezM|8^FXXTb>jkudmg8jtZ_e7 zw86Ep+wrizF~c&ppTGBeaiF5|n{@}@4ZUCX&hYn-oxhO8@qgBYd%or4Hmncs@2(u} zVNmyDdkxsxh;=7FOWrlC*}*RUXZl@kGH*7hiQ*5IUigzu^qR?^-#A# zWv5n6pVH!=i_5TMl`ntl6W(GXD}C&QPN9b39hc^@ru*e3aq)pti|PEQx#n9@Z@r@Of)h4#xm7k+SsTgs4I zlO-2YR{ee4rw>2V;O4VJ)_O|Hhw3?QzLyhX4z8Optxu2c5!(}og|ArRzH!sS)>*^X z>^j>mbIYFFvYcp#+mr8pa=CbJn+@fCq#b(swAz%vrF~%D6#u0We%gRK$*uT58c|8U#HAz;r(K9+`6Avwiz}luJ2Rs9O?b!C=ufx$ z^zf5r^Rjz>-fY2?@!FqbcBo6Hck+<+pT5L&vNd1(NbYrW-LVKkS#HzVt=!v_FRi%t zjl!4LJmwpDt3H8ygK~SsoxXDZl=$b*_=Rl;&OFxGt=HuDqPVNwhc(=G;C|LG0~2P3 z{dQAzV%0PD9lwYh#!-P?E-rk0ot0G5*zahAhl#&`9KCW8`s~>m*WB;(!;3ztdinRW->Ry1Pi_^ze8r4?&J$XG#GRhC zLp{}D%1`4;e`-9u?e6B+WbBw9mruzUePEYja<|gTf?;Wr5z#5bxE*hLF7DB>?Tn^t zyM>JFG0Evm#hg)Fa)LC<$aW21ihUfz z4y(U^xpMNNPQ#-O_fGq4XkPMb`Hyqu@49JEIW}tK(yem~8Ov{P*7g;Jx8`5sP94qa z_F4b-Gu!9-t@2Wd)_0iCTae?G5?#>zM08YF-znQJ55t~J`=sG=*4MJRtVIhx*6zLQ zD}U0VXXCRSmxMVk{?K_+$cEgh`@Pb0D=RKIt;{~&fo<&X(5}S<$7fx0eidl_6;sc~ z@VoqW{qW2&Su=ZmmVP?m!UxML!@duD*CC?(&Yd>$MoW1ehMzgXbMEq4-@$wKK5jF> z@sOz1^i#)64)$z5D>{7r4bRatq-UCL86Mm2!p}`IDy0kNcOAbb_Z{AfIco+kkD34V z=5^eP%zam{-wy5i&fKlKy|b2P43n-taBgYJY152Gdv#9BG(!$Ybp4`n@YB46!^2=tWBP2{U&z#?9uuWV?BhGW#2pBNbeeT z=Nq3XzFm8Cde$o1W!|XyJHA_d`B_iRkd3mQs-`*Z97Jb-`PTDKzbz9|@&<8rvv(gF zF!)h~Te;@zpSDPp3hmTZ|I0~C%>I7{MUgsRuhf`|1C@F$=MDNeak)V#y$|l=8;b7w zfgf-Rwe!BKGE1IHegyrl$no#%gRIeRP1LHwVzmYBFY4yxAu9|Al-&Hv;4 zAEXOrVca^l|60ZVKj;4=3XEz)k=hWE2cn-^r&2^i94M&Y3JUVoNDhp!A`owP{A*#` zzpk>~{cq+AUmNBc_dib%92#Vm|CbjM#C^N}Uwhu`(mxA`5K)X1Fj-ZZ8G{}xq6d2AO0#82KWtE%mKrp z*BK))EM5I3#-0|FbtPk@h4Yc+5%lX>D$S=6tQS_||5uK9t*L9;-B zL{EpppdlJ2YvHq%4PT7pd?|C)iUPW+?0ij5uE~gH>GgS-MwhLJq~U1JG2#WLfzhiC z3PUmd3G@uqL@+0idPd?4{S_YvrpSS0q(*vLjhNCf zLqzj}f5#^XrV(E~{MSg-Aq4|Dxkd$CxrU}3;UBd}Ftk`YXvJcJ$qv!Xz=2MW7Q{IC z0?q2w#TXz_z6zE?Z_ua|7<>WL)ni(XLaV_PCirGjU?N!(CV{O7qm{(<$0TAAmLy7t ze*>_TfnqFGD#6m@Qc-bCl|2$uDHUjX;NK`rSFD6aRhThbkM&m=a{)vXEWIR99EgoH ze^)7CL`K*kIchYzB={^MKkL*Zv0}J<2upzv1JMWi2~tp-AB)kqbcGI!GbmuZuyB}B zq06SfWW$hvdVm_M03j;=g`PjF??$WLX3%HpP0YO}N=mXW0!XdPVQj~EHA3rrx>$lt zmKG4(FC#HCik+4yP7eV2N}X@6;Ny!w1E zWK2LR8a9@M#mA;#GHFIEP_N`Nx-<;DS+; zU5pRHsK{0u3k}&E3-AFlj2#HiVg_Ptomv$LTfvkYZB%3#aLyA4EIobPICSFh2$0gn z(!?|wAYn>;hA1A$`EW&%A{{5_Xv)zc#Nl8G8pvDKhkoN;1lw3+lnbyZtN=Eb8fdz& zPEn-EQNVGBSlvvxtQ?3_k6!NX*@ZeKPN?$r3YE;DfK$qV`6^XCuy-+c4AW$zFPK*p z=Hmm8;0cBeH_A=YILMV3HZT2J#4{g(ia5k6!=p3pgze0)c{f6Xxb?Z9#xqKtO1$r;UaPb&pRHjM)$4QHALV!T@56 z!Z_$Sq0m^*uNg>Ntum(_wQ5lVjQq@6!k;Xla-wf zEfUWI({WZeS#8SIs|Iu52?WLvh^Pwd4W}>|7b4&o22zF7EL7K+rLt3(S7Tj7SW&+e z9BA#U%`*uSK7;r)2O5FbP@2>#99MB5sEYKQ(<9O73gjv^{4>c_#d4m#y4LGJc1lce zjlDA0#G+TIYwp=jzqO1FCY4K%k1Si`fNWK;I|f^YQR_7TPFEq$E3|%S?Jd?1o>{LU z48x)fS}qDf5yeK|(GSro`c(VGSoT3TQO8+AwJBt=u3OWDS#DVCnzhd!s&CORoY`o* zGWI58#}bI19wYH3Cxo6wH1l56ELrSU#*Sky3pp?LibmlZ8y^n|5#2Z3xJENn!1!o2 zrr1#hAT1ef0!31mKnhJ2h61@#1se|-nL;(mCSj2n(A6?O^XJ^`PsC=&Do#&&(Z52?Tga3UDLQ{u7ogjA_aoFT(vL{cmf zw72P`ZW#&w>5#|Mgca&EFk;Y`1<1q$G0;hZmKM}ZIeJnNn}g*T)M}(uA!b1g8kATm z^h@+ffEB{$VlklMij_ujF>!2CQhJ(53;>Yd(jai3_y)5PpAtp1fn^fkV63P)sW4I| zLDK~V&|FZjV^U?Z)MShte`qj9jy)t?7@3$1W0Z=c*lr=Cpc@T>eq~W?kxgAYrcgptS`e6!Dgo)=RFrvWx}2%rD5%CnriIuy$mzkYL6PKm&1L7Qo^};@GH!*rZHYRI$ik zBux}0fieq6Ik6bw8J3!W!1pKG7my zD9VTHD^$gB;A_>|EVZFG<{l}+5~Q(lQAqy=H{_}cjJ!ZXi)!|U1q{-`KaDO>Y0B@N zov+A|7b>F&9fB?8f=~=srso0v0Y3qdLsd{l1V(a16u_|Q@F_)@tJ8xLItz4`ssN0~ z4;~d1hU^!>*9Bluxd1aD!Jj}^dIfkO2$KsRjPFW7Gb!3cFv}tg*AG$S!E>@!8xdfE zrT~<}2983dM8F2BM}fZwJc(iso}n<|s7ERDL5W_ZjzaDt1%RG`0A3c{O03uMI0}W< zI64a89}pDAA;-hix1a*qT2qt`*#h!GvxziJQ9-=mpiq7|PY@a&8WJW53lYGoTkHcG zP`N^d3@d7b93Yh=NaYMjdsXRE|Rm3270eauQOD>I9^60#Z2vsoVyn zRvVGr)4(#4D-#q3%Pm5P3FwJ0IA9wGNCW%<^=C2$ww;7jNmP8S3=@fEiK!_R5*mw? z)m982u`w6ayvjn8k;C=(XAIe&%f&Usu>6#whvvLZ5F$gUC4IB>qd)-GBC84Fg;8>U z>t_v-juXQ>L+YeJJ#H*B4zBjZQZ9Xm;L@=u(1WT#$7JZN!8GwT5FcTu1pX zT*6Gq0>o3$QH_OJp`fNoCw&Z&Cl5KNykLrw0-;4@188$fl)wsUNa6{LE(e8Tk(yX3 za)Icb!wW_frUt4+QVoha5eK5sieT7UD+=v6fT7AfPVam)l~D*BDD7=fk0=C7PE>b3 z*kBlhrMn>8WRL@CF3eX)Nn>Tw?)(rNnoIN)beA>|(i_${3K1}JP!TN* zWQd^R#P2c8FRwL5*s`X&4Khud8u!KrDS`tI?03}BU?#f6fk7Q*#Mz7!O*79!ARFwW z#FR8(G-LzQ;H-i(4U8_h0U2LNgn=2c#B!qjh&EkpQmj};l%aPDSY5;kV5@+l<}GN- z)ffYjL9~bMlMp{6spE=R68A`A6OzIWDARC>I124EVLA{(ES(|?bWuhLxM1Dt$2~GN z4UrpiAPCiH?67J*o?_ zVrHx)Q7V*xWQ=%334VAYKFO+u{;~uq@FoiI5inT25@$%IFk=QV8pA0r*6ZNNf^*iY zl)bTF)LIh@7$Xx4V<^itIeB6r-__bnPESn|ChM~_`G5`j{6d_$v+7eO&4k4yTS2}a z^<2nUQL<2`R%o$8u=rDanRQ>8Ns!B!>kb;<-W zj~?ngszy63*%$I8Qi7(zV8t)cEs*CD!6M)g)TwJemX(7`c1To{NP^)sv*4WS+cgK5 zg<$v`S~{XXXu-(?Kg-yK#@vD|la8lAmRImSQDDYgMS&U#FG>>|I9lYX62<0)a{U8> z{P_aDe=r!E3Dy+1bpx+m_oGvz)a!tm17D%K9V`i{vZQ(+ENsvznWESUxNB0)!wU=X z=lb)4LSKJyAbizrXkw8x{dI>X2HRrI1LMNDVCi0a&A_*%Zo?8KO5hD)ktAbdDXB=(LzoSC41cO&GrtyW7Vtv-19(CHf{-x(kk>_Lm0Dqe z%~JR-fqzEe3oW^Od3u_d;_z`EFJG+zj|w%3sCcECmy;J31PdzQzJV1*zH9W7a=@X^ zgwtFjCr7Q9XTxP6CKc>`JMsy^p+X%RblMRP!<(sP7+e9OCg33I9~}Ie)C7FR=wZN& zXHu?*@L7zzkyTrU8kT^lQOlkRLwhRBKRD<$AqNj8dyre=O$`9k!$lKLZU;gKMk|(( z=F6<>vebhSM;20)DS*$?MJaKfgmFGXt5&CH7~?HyMsRP2VEPE7WGkc=v3&%Fk-8*O z-DZY>R6P-zHRxBP&B2TYr42P2Ipm zEI7~9hA6JE4(;<5%=QJLHMGxHSho*GGgy%tropUeq`|H>jsGD=0D*>7Rs^Q-LF*bT zl8O@oOnQC3F#rr-COFdJeH@Tq&`=J5PyIzQae_@{>zhV2;Fu9Af|L!uHpp!Tlw=4E zac%M|bcS?m<~fEIUR_sXCI2I&)D-~xX(|Q|DOaOXsdWS!MaYw+um)sNPIw9+< zP?U-mWG1>9plu{ZGS;8b780@E2ufP3Q)*so1~6u1w6D3&bZT)fGwV@=Mlj;POI$u!?)+BIUL_YQqI*}2W9tb}ep>E6uzOb%l z8hS6AcT!{)c=6{6!RAAJAf^m&6tmJ*zNx9`sx%T)SL?WDaMhHy7S{|;1gl~1VT_-nZW4jDh-_@gmz2gm za|0}-Pfi(;wjc6E4gZsCY z#qt*wU`%(-h1_Bf$XzKc;aw4PY=+p(rVW8O6Xp1so{hT7kSQko~&WS+U>- zr6NgUDkZEiT*7IQB?g3vI6w;&d#N@+NK`_sxNock+02p>#eJjL48K-iv(bz#ROpH^ za9&X}&6UJwCT`c-f0BMA>OQ6zd9|Yesam=<7O0h)Y>g7{8*HeQ8IfcztyT+J`K__C z=EY^uA~VNV`>gYYNf6$EY*nCo(?;Mc#n`WG#O6~%BjqDVxtX$U^8Xh6H4byVL5tTT zz)bqu!D4!p))g%CG*O!u4x!qx6kLG7ylyfQATiChY&1OuicxZ<4z!c_PDhLwVJQ{z zz-NQ}$frLE=ubiPr(pV12%NJ-2i2#vW~`|r9jJp?%ol>UIylBf0Qk(onjK%k)nl|8 zJn{58aW0C*jAGO7+l+08A04F8n9x>$mlkgGjzykf7H@dMJ_?=XBfcas0J`06s`Bvq^grdS6tLDOiBP=jk)&**ts871`I03cu4yUAc-r*$G&O4m8+Ifc)S=;XjYHQ~m zPIm3Q!|AV`cQ_%o^A4xTcHZHn+0HwhM%#IZ6Kgx~aH?(R9ZtS&za!|lop%I5ufCOQ zqU_YJwxI68K-~*~x?2k|a7ZylC_Oh>$V_%CkoTb?v1Fp%;A6eJcvlWHgPGlr(XT$5COQ1e*_F@jcbTWdTJN?`pJCW!JjRMT+4)HA1- zhWyq0r*#-q|2d{!wBDbYcZ19aL8+l_s?oAXsjmVw=o@)>+ z71cEx{}Dp^0i#|AmgUiEq;w@!JsiTELH(hP_3jOk2?_l+t8u6mB0^(qD?=gr1Leb# zhteB}(rr_#Hr%GZH>4-=v?tK`VdvfV1-$JDPuVxaXwj<@2 zPkG`al)!T`!R|EWd&6eU*JMSJ8`c|%bcD_%Dke4E+pMdIN*1TmZ*^MqR+gGV7l0?J zQb<-KN%e-TA@Xe4D{=*dz`&T?t^YgdmX@o@ zhj_jGf?SP)8YR7t-XzZPxWKRd*Wz4SLQ>5*mzI#2B$C7?!C#Rj;=#b*A|4*f3UrQ< za10TM^P^nWQhMB%!6!iG%-`Eq96er6Z4W%)BR9%OH!2_~qb)EI=HbntBIPbbG14gR+8hvGm-GG2^RSkI#|38Y z6^pZA)k#JI5DsS`XrT#7FOUbiCcyC~tmNLK;MIT%x_^YhabDizqhAX@+X((a73P^ z03ULO4-a^2nq85Q=vXZ@U`&iio(zG9)%=faV?2@7Axj|-5scyo6CROx%ux(DDrt<6 z$5Ue%3I23!a)Lqx)cinnxmh$MJR;GQQQMj3m&0kl2TJaI%^5L`GDm&D@Ly*}5Cdd8 z_?3!#C8q(MkK{~5QnEHRQVRsDKY}m>$ol)R;Yg!Z+C& zNlS-RD6(qk1MX`!NhZXN>y2`)vKj&Dc#$g*L&h*?9E2BJ2p+p&pg*5rq#q166l9#ajGqaERK_l9YA?Ysr8v9qSwwxfw_ zrr%bhwnd^zhX#nas8y|Dm7T!smIOQ zgo!#7Jz+w5aq#rudOYb0RUEP}A+Kt91`#gI3@$c~DS8eVyie`Z!3P6t0k~>IPmr7e zrIgp9e7Hov{{NFRfdUVRqlDN3Kz$jb#5t8(PGj>7P{GZB57p0e20jsS%eC!QyVy*4 z+#&Xij4yw4i2O>62sm9|lm)(0t|gKn(@4t^Ly9KIWo0VnB*!GF0Ree-9QNseN+Fd< zIYtj;3>Y$?U$B7n-%1EBgStqg9%%-PjvC}h@i+F;&@h8k=^OwUS?A4wW`fOP222Lu zY703PqCyZ~BT}JU(4<>Fp^U*N%8aL0s7^*4GO*S*?~3Fbb0d^&#HjX~$d0G_NT6kx z8d2Q_B(;+w@OQJu7hBO3keN&|8i*+;8*-`1HAZ8h+Roey;~;k%GxiEjTB0t61g}Bs z@jNRg$U{MpN*Wn}J2j3}WJ8vtLOflUjTAaKerChvmO7QOdMXPFHtV^lyA(lyhMyb- z27NXpG=|$-^~}5M+TQ8>@vx z3@XHU%0ReDOQ*Qg-U(^oAPzpd5SnFz*jOV9vNOTblDUOmi|pW2r-FPEV52Kw&Kmv< z`mnpEwI)T9pjKZQ%o^us4B;s+hozH20wBn#LroHuX9d>81Q{_Phs+y7D?AGZnsw&n z*h49l2cv!{MP$DK$3>JYPf=hG_*X}%G3k(lUy=wJ9qFk`2Np|(C6brIz_lfBu(z1F zIJzI?b57{N;&89?H`q;bYD{8MtQ@lNWFRb{_e!;#Jmx+LLx8PVZ-&*pE=1cKtl{-$ zKk)sAPI(9`VPX^^;1gn)ZIuT~x+9k*n&|>gRS`l!Mjy~{LxXr8In1nXgLpuE{C0khJFwV`)nQbm7$f?T1*cu}?G$uULn6E>F5d)4pEA#8K5;VHbauW;t}E19 zW)X)pg_e2c@gP}Wwnf%3$cs9n5Hf&4SSxjL6*L4{Lv1Bsrn;$Xa$l5&orF-4uao1s z775RL@^%80O7WFo)FG`Qes34i4!SAEM#gfwHxg2F4t>I6p}%xewqUNI2MVS;Rfzshx_FX_Y$E3&=(8Z_A^sZIr%}VP)aMYP z+^-H5n2QvaY20kdi1kT6084^T2}}{nKTeJs;%)F$&FCIV{Q5~?B9dT+;i5B`W@IfV{l8&ntDd)Fm=k1r`99{A@iQ zm<#M*Moe-dq~IoLizPw9!>YjD@J+_z#%IJr5HJ|SATMbRak!G$G`TEU&Lc~Pb{B}a zTt7(XXg6sLgXWT1U}`Okh%H@~#(Uzl=YxlH?RZaJ6H3LP5|oVijakI8v8mIHjM#%% zD}axTOQHhQ$kDRdAg7}1f2gZ3X~%rJ1~GwbQ8HU7QXBNi>QRt*(0(y76oV@=iDaer zi^UPe@H+}Y!D=1pLUo!B#o*q&JaB%qQzRh`ijX(_^#@tTZb6ZVE(l_$oz`NYkd?jB zep!jRY_dj$Zj7{BRt!+$Q=)+|Kzp5w!TTE}nE*8sx?9t3IY|;5sC2%`{-nf(vxRXe z?VJX=Aln&hVhmfD2%H=8EVNT3E)j}=#U5o+(%5e)DS<6aD$F)Pu%yv`V*>}Ug)mR} zg`H%Kzuk_LQCWm(p!kOicQH|s23!V^zQ7KoDgD_HnF!ZCqUP8u6|S2}2SExZ{G_ z!LXM}M~`4E7sNWa3^fc(1gDcU0vG<*7Loriy*b3rBJ$rZB7O&qFq#->?1C&qV3Nk*0%vsfJKQ@Fh$Vt)7FX4wG@?`%N75AuSz2v_Sa(}>E{;xe zka-||EYkwSE5Cve9wF1WQs zUj&+B75a`1METmJ3N75lLJou{2=-!_Fd4D~Ed@{#$D5{9gnXcd?8$J)Nmh=Sh|?w5 zZdxz`?#3K!z#yfhp3}aJLAMZ82U*mL=O;8%piid#qezK^Obc&IyUwuj()1IL52}+e zYz08Qt-lcHU`ynn$59QBY@yE^5jkFMbuB{wk=Vkpvw$>96a8RJn%W;6obfBd2uT;A zCvlW!gVzeW@fVV9<3SxrKT%)ljijP*sQ{CTf}0$9rvqG+fJ_a@Nv#_F6iYMYyfC;O zfVjhrDb3loG!x+i2z*E?00#~zwzP#Rg*=QqDwrEMyda0XU4cM9L}Ni!P6rdfHJ+4M z&$#E3kzSeb9E{|cR4|qB>)$siwV&MJ%dN@EQY(Ni1QOw>Od|`P|S@~=YZ;y>=*-Eg&MlFbg3mc zI;5Au7+6U1a}>uCRvmc(u^A++NMxPy9%AM#G&PVQ!n^@sU)VR;TN^GJDgaVT2dOd9 zPQ!J03?Qugqf0ZlWbM2bMbQus3DLO>Vv14DI!JAS*2_ZqgaBeD=*P36)_$8Jr9+@H z0T4Iz0XYPZ7sy8mBdtdkeTKS_O=S6}QZE|ueEq4}{R-iVD>}^<#4aLpg`J)(lkX!+ zO~VFgU|t`gr9}i$1mHvv8^FfQ=*zT1{-(cxW)&oPNSincz^|&Y&!`uPNt4X9=)bH5$7B!Ob|e z+Ff}3aDXR9kqevuyqi}6tU2cZbOPn8P0g~EcvpbRjWc1!R9Y?{c~Ed^6l zixCTE2$_=9kTMu$Y`5DIz!Qtd7S&RY&m)!vSVp^T@nJUM1`D8;X<+Gqq^kBy3ZUCU z1IR=6i|`Rb0m@^fY0Pd(9#;UP6@k6U01lZJvric*tP(on{w4Baa1LN@C99oeoh#J5 zLGbK&cEPd47kcXuAI!Bd%A85=J03p(nZeN}B@E;ES9AG>))lxsR041g(sDuu^kV#5 zP37?ppgiR4G}Nhrfb0Oz=viy?L1bw>)n~1xgXy+w2RwujTH6jMi=#xNxbs47HF#XI24o@C13Oo1d1_4|L#fRU?4|nCLV{aJv5M}FF`o@} zMrg=F50MkTpq;>o(DEK;JhDR5I%2m~EgnMbZt&Y~yKq4Xlz`uMO9bO>z;C-HpnbBN z8p;sO@M>y@*oTnAsD{1}u<#!9V?aYu8^l^N4QV8EMTmw}sv{;-fnVuJ@f6g>DAn?@ zk+*Y0AY3ge*~mEbEInM|tu@CLw3cK0*{NislvMPISo*NVv*eG|9=Z5*YY%D)Tjv%R-`20PCW{62Mr1-li&Y z3kmU5B%(L9k(NpsdNN9RM@gk5Z2%;u_egy%$iO|uErrKg6nR0^E~8ZW&_4=itU&-p zGzF9!l%3#p6nP8*h`5*XU+p*mDj;jWfqGxe`8vux%f+ed0$b?v@VuL5^&F6J2-!iV zuA(9vgcPR_gu;Pr1%E=y#uiCI!p)SHN)cFh8wr9!PHu?;4fFQRID{$01*mX4QF@+6 zWKb*M6Yh~Ffs0V_JBxxsgTk366AOxq8i%vhmeI^w(H8@kD}#5jL8Ho1%Z+)OYD52H zn;Iv+b)&i|;M$F@+{H#hrceYd6F;@QdZ^f*xfv<}jX`Mwj@@OM2J2s1KxTh;25K@|9>msE3h>{u^_8v4vW}X}8 zv#eyhYDNVbLntoIrmqNNW$T4pRsti6XtLprQ3smPn^5oL$9R?+JkAjjXZkvj*+W2J zih&(yMRHpE~v+mCNS%2Svs3Bmvp83@Bt5I8;PA>7>n z9GfoB7(m#wta9bi>C5VJzc{*qiRAc+?HgZmIg8qMKbiLkT=!Zw4;tPqih-}Fn~Uj_!Q`r4mS9z%Iy9uudj zaBM3)3oOhNX7oj9Li9R@?EJNQRw`=mSwTdFfLY*;cCE75$TkP9QVZk3L=HE{5xc{# zA<=ACBV`B6CAYoi7@Od_I0>i7`9gEhwKG(?y}_oaI1XD+o{4K$^Q8t1Lbg1u&z!s>lGSPFBFXvpH|Ctdmw`L$V_ciZo{u zEPOM9A_V`7Z%SM%!qkYM84|_CB_<_`fNnuLop=gpGuaZ+joaOiW(QrXQ%?*0RGqU{ z5$TkOdt8|btKQ5U4cBK`%nrVKFd?zpf_!~33Ky?7I~H?6Vu7#^v{Tze)SWj5F9}E+ zSD#huFOo{=d^e2M!W(>Z0K(QnnTDAV*6AP=gLDJI(QrR_O03idoH)M?O2+;~`)>|l z$SrC#8uWTC6XZH>g*0hwdb%_wWyhz~aT$47xyC4oMFL`Q1cY#EfnKZCFKZLjj9=`Lzwo2guoSX*a+ip?^ zXbgdnPY`l#5?z26E+5y7;Rp;eM4C0Jvw5^bE;X$lTqwi1T!`QZ4>zb);60B#ojAR1 zWO)-}3E-6nsyb9ot;KLvUAORX&~IoVu?1AaeYBCHi`HyW{@b`eI-v~3J@+7i14BHZ zq@PF*E!>!;pkP`G%2I$r5b;{ZTu_%O3n4!Np~SB4hF9~&Pbg`)B`ZovMU=*bP7p0H zi$_#MBC_OJ8;NbDR3goqR1$X{>1qg3fVO0#ntLWv9sXx}w$y=8Y9LCYt1ci4BW=M! zGpvRpHIadv&RI%@&mox*cY+1EfOc~vgidhfx7BD3)5@n5Y!=f>HBYQA5rayO2+X6_ zosy2`1W<%Mj6y}G93B#YDc~F?4q^~TVx+NHQfhoECQeNoNc4d#x){jFkgiF2xK@NC z(FNTaNBJt)ni3*aHO?3qkq4t9-<Jg2Gl6pJzJsB8b?P3g@g?V;c}FExF}Dj zin1uK&}PG(YC1jWck(&twO$)#BU!2y37`R!!*rm1VUPo4IFlo1KqhB&1$V%y6?8N= z8A3`x20k!2WR}Ho$m9fMaso2B4akU9r__)bdH6uX6qSJ6F;J+tk2%!ahZ(wUbHzC^ zsS=b3h?5{oP7<>0{bVVOY7XqRYSI!=3y!@?ulStH4dR9d2eZ&l2n`|rf)h0U9X*2| z7An9G;fI89c`PodyrCEt{EGe5t2k(!fJwtxd1_sa^%W|ursfhgR{yuYta1Itndxr= z2kNo@!0*0Y|NjY`sdfFqn-bDw8(#+&E{KF7K|%KRKcCMFvD*KkykI^HqqvwJ^lt1@btuLN(T>FdxIhF+M+n8yq1JAXbyl3CPRhxYJdw?yj{{HN-|$ zT3WJGC(K42iZihAZnj+?`0VQ7R=;}5PGwtTt-C*#okners6Y<4mYAJtt3`9#X)D<7 z=*(@|bkMck9*CRvW{c@aZl|(+V1Q>eD0AgOLFC=Wb{YU2tA<*{beojLAkWBop+TcU z!V$A%tA&sVE}kCJ3OR`u3XSkL%cSEeYN&31X{hS_8mja7HsH4{`q~Dc$Zlx`KG6VE zJg`&Q*6t!IGw+D9Q`y$k+mnrLH^H~HSs<($%z>nK#ZEmY+!FV?679F;-qZ}#dj7-R zM0ya{^oHVkcUjB%53dE*=YJ@V_xAj+_k_PfMGgqyAU2~zm7^>&a*`BT#gJFml*>s6 z8J&YN32T&`ny}>UrhSF!{?`?)X=OP`{sR+}={2FQZU1vaK<2lQ|3iX8K>mBn|G(zM z*P(hu0ipbg$OAL)HST{qvf--^ueSZq z3$;4`A%y@p^zHtC)p@Q@`S`@RuyBPt%bm58#q#YvdBE^hdGBs9mF<}P;g_?P99+Ei z*p@wKZrptErdx~=(|7qh1y`b`LZ0`IwoveexS_J33E;x=2bee zksCH-d35;!mzGW19-hoQFy6u4!P%MB3srji^S?X;b=v<{3Z7R5xwiceMghz7pARu8 zg17tsRp+@r<%#{@fYqE;!eUibU57ScS39?4RS~-yy($*97TK9j5_4&``!=tzSe?8~>RjLvD-+|@8n$2Q8 zdi02{YjL)t_bfMO*4uNNo}d3CAL_FIZCYGjVf?l1f3Wsj$^U#lczwOy|F1B`^)5>6 z|ITpA|H5MJ{H1EZ#&bO7yXmV>b&cy^bokz;?;akyTh+3MpnY(R@?=%<@kc334_|mx z_2chVU*4%YaldNTm8ylG9=ZCYYWb>^R*8N=7ysOt0K=PN6#hV1=$`01+S zXD(>YRW19WYQ~yv19yD?>+>q_B>8)%o@gh1`10k;I}aX(8)n8$-!^3YoO4$z6K3zu zI{dq2(uTWF{+xc`>b0A9=3lG&>t)sEpQ>~Rew};#r=*4Z(g6RDJxF)o4h7W zKXvFQmnL0$Ipc68mXtO5?DKKkPRu*=XyK*j{@G=VulyDL-p7k8?)s!Eb3XlH&ef`o zKOvC{1gq>*RX}s`g~a74v?i3vu176a$C(Q6*uAYS>Ert`}?~eJ$CH9lm3~b zot#3&<65-f`?@Fi2S!B&2A;fe%Kt{U#=}%%FV7aNqk-L=`}A@4tGs$Mu&+<$d;YvO zW7@hIS)~oL-fQl=eb|borM&}BZ1#Q9#G!PY|B0KG(w`4FxSt%-@y<_&CN5@$z3jMf zrD{t1HVvCUEjw0zyuG{T58sl@6`dP25+?W_KkI#Br%%uFQJ) z;{M|O7yo?lncJ|Z6Wa9l=(%3ux$4xOi{)keQdW41=7<#MZ$2F1_4Vvq6|2Ol2M#=H z>D)ZuZHJ=ksRg~lcA375U-QMEPZC>T3ua4RbnDHcnWI=s3a#I`q53=_E0EZC%Tm8?gO>#X;6ZF3~s~zhw zPKBO6{r%4EyH~H?di2eOlP7;Tb?Vg9?W^|fyZq;ZiR;##x-xso(^0t#7oIw&n|yZY z=&@sW-j-z)7H;iZx;{5|%{%Wbz1UqUlPzXtFPz1bCM3*q=s)WeOCS)u-@Q8!r2-4d z67|V)slu=sD$TMS%uRB)^TQjbwI$#CzUx2cx5((_>IDBm>}IZAoAvEBuR(_gt<##d zp6Qiy^8V;A<8RJs*jM7eWRhvPw2ABcdliq)jr(oMic#OGBzrva(=#0P1tX$N9=%1= zr+P&4<}_;8uC;UNLRQ8SzhxgUU-7X^i?$s)k6*NLQ+EfKCT-Vt=+JWWo<&aXYqsy) z*`%A3o106B<3Sfk_7VNTZ(P33a5>o1&1rGPmQVI=-|nUQ_<}2O$-zeQbsgqE)?UAR?-li@^McbY`{3venTV%^GW3v<`9-UhT8);G6gvb}q^&5;a&AAa)!t~) z`1e0;zr%G_+6vYL)8Fo@?r8@nbP6H2bn&9(8Q10?!(X16A zy8bOHu&xG{Qs)?%6N;dTM7`#f%0MH(Zz% zy@@4pNdK;x_kiN>-r;72{~1&=Klu9(xaS+RnmsYP!QqD4%Zi$u32vqI`$+K5R4RorZf_c{u-l-8dtyeM|BAT*>2g<Na_cs=(%s#bUUZ}usw=ATqc|FzKn&`@jpA3rFR z|5pC5WmezJ>#ECDl`PLbafxv(2S*l51^=W{K&dpq0Ju$E5En4z)^#p8`i7^bmQpY z=;8vv;y(_oX3$zch3CT&<7Z}Jl@V@VVnAbsdME$+*P4~5imdg(3u6gp!_WpOh=5EQ}y|Sa{ zcHyl#k9C8E*`1OXAG~NvS?(S&Eb2~|)sio|J@c(h`fdBiO2b}3_-JUVdB=bjHg`|(!aj{!(G7=(k1 zF3Fc&PkxWR zTikcer|BbGX(Ok-zpQlXm9T#lBhF}t?aWJm{P{cGQl>9Dx#H^SpzA$0c8FWru8Oth zqkC)fwUOype%Kzo_|mnz%`dz5ZQ*=(ZrSK-J7W8OsN1+R?c4dQI^A37-Kxi$t#|HU zoS!E={y4PxoK|yx3}x+Vyk)j_^PFC3!RIxfo!(b;^ZmR>1LhCB@^Pfr_>1xM(SQ1J zZoClv+2z6yQ+n?ItBQrsf+L!R6WumH4No4;8G6#U)x6G&zW=P9yutV`6RKD}9t6ad zci*}4@sBAjvK_{L_=n>Reb%66lUw~h=&QNuKY6tsJJ&DByZpk#32dhoxBHBob8UH= zC}+ihl!wa}oNrt5ThtGDCxEpsj?s`qV!6a*_*Rz|>oV<=jES?)T^Rj|?3d?%4842H zHzn=h9}ev<9qa#j;QfOm$E7_kOMk(;(rZ5fq@!zZ$IRwCr}gzx&n+XGM32r8uN@rV z^V~B(>=4|2)No-$$#uUAGd63!x^`vB?ukopKRNPr@Z;^P92EDDONY0Aa5ZzEuBCq4 z+Ew4o?9yuc_nh}bK{J~&%#4q9>4L`j;8BI$91?Bf+Y?lqfJ3TWem0!|k z@MKvrkAGS)kiBTwiJ}>!V|o~V_iO*CmGMLa}0{EfvZ?Jw5l_bI!f*9=Y#7#(QJ@ z5+LksSy?N|+;e{S{LH0v2f(^$kskP*_Ox$k%KPo%$_vpn2PfNNtC3v04{@qkh7a7t z*WbK-YWU593qBR6fw0YEDeEL-2nm+zGcDM_{`3&HrEi*`9B*`!gmd-fES|Jx_HuYI z8R^E$dx9|!$d5P(tBd+2diFFq<&OgcH|C?6xu0gtF3i?@Z7#7YyaLOXW7dCH>CQ}} zptd|?a3^{?%ATr_y@i?O8mJZbNQ9#MVPYcw)X^OP^%*d5LuDyoq6s&tBgyCE!ns`g zt4u7e!zxsd{cREKDH~VKirg9v0X`vGTpAK67^o#0{o3;9}EgT56i%8cb>S zWKGj`@t&EquMEdLSvLpf5hyWa9hN2OW4K7xFmDEZ-;_Khnn+bO!MAn2=P75+wRXAF zw~fXX`1U8&#F5v4&r? z_0K|{vPF8Vz)OaM;j36FZQi&Y_}^2HWOYs%WvLr1))H z`&eYsW^wmma4Y$;*0&U+cEU97@v(-n!~F!g7piryJQTK`w>!p(FpwTzj=GvJ>`r3I zdX5C%q=xWDDF3u8*4{~zoy;O;_!j7F6~drl=L6nfmYWp|XolX`FJE*?>dg^6Tfezn z#aMsl{mEHBo~*on?{>6qL76f`R#kgPx8sVV-1KPuAn0cvD#bHLyC(OwGJGb}2H?ll zRp!0P%F=jF6ZgK$@~#h4Q)#*Ho+VZv5=@X!10+^3?f~N-YCg=9F($XPdv5vrM^O3+ zn`(k6-1{;uuNIF@8VsvW#!96Yd$P4|ul0rQ02>1oG)0QsXuCU;4sBDNAf2_UW>t;x zEAr~r2p+&?wX4@sRb}T2$}OX=4=X87c&NZz==4lbhglF|##%QQhCxg^e&ETIi(Xl0 z8_FR~laSF-_`UA?AzjYU$^>2JYGK?xGjqBpOU>!4PSj) ziXHx<{M-GCTbfNx+jEickHg9TWH^9epcLJ+G+P?s2b|B!oo4s;Sv85wZqQ>Wz{LXs z5LL2W$59a5APxsrbZ8~SH+CvOXexfaQ>wzxr`zdASuO4-4T{_4{ z9!PB3mz(HR|}BXzVX ziBaS6_Uy&*id`uZ$f$7;Hj`MZ?r&I}FU;7uU*ouOP^O^>o##?yJ>JMLjV=C)BfGZaQDjTWX(>!7b)d|in%-8^1s+{4e>ohGNzN%_UrFBXqkAX?9tkvUqJRI0& zK1*gDscRSx2By*}6*+WOy)I#*t5?;a=vE`med>j8^Hgn$RLpzJ9Fa~pIm2=Hi!n5aN2`&D!1{u$lC?_}qYPS|4j#zqY8Pp9q z%H(m$!Z||RVazN*56SPH`mKR}FCW^xONrO?pyem(#+)NyYBsj@DJU_Ab>0)AbsIbO z1HHxa!-!N6GNh zLmQj7Mq{XpYrzXlB%pxHMIkM9>{P>$igX+&t+av{6Bd9ra0#O#V=cGI%vl}bJMNe}jQ*zGY8JpHZ zN|4ViN!WaQMGRjx&`PL(w{N&7akJMJ&}L>(3$&FZw|J;}PvuDzOQcq=AV9a>#ClGb z&4y#2#XPu33_sUDB^N@Y{U#b^x%+2}2z(5V)3ilGTXDZy6znp9)r6CUj!vn71Bnzt zRT2I0Ia3!HS(>ZbA7$gN-<<2Q%k71x)v9I0U#j4J6LmU9b&{vcd=xNk#e|Z!RF@!3 zZ>$a17gNmW9nv!3(ao|uDDOlakv1iH#>xIcJ0&OPbGF-aQ?^(X^T;}~nYe9Q_R~Hp zb@CoY=jA>?4K@+!Cz%mMtT#F(nOCGWhc3|N8<%M=QBx9mMFzmQT)V^R!EOb%B5Itg zDX}Ze2GI|jzO*Owb17JZU-iW7X7oU(u<}g{Jjy3)l5|ereJ+$rR#N9QX3x!kMu1hg z(d=g+edyehR>lyay1}dZC>RPqLs@VmtF`(aI1i_(~@*z^~*6+ze6AJ#&Jiq=Y>IA8vJY&&n5f6eljFC0wc z5?g*)X=RSHtJC&FsrZyqNSMSOp#7oW$8n0vb56y;7BbmrkGJG^02}t4lfaWNpCSnA zBx`mY_3MP0al9eZ_fl+MP=%Fsb3LD=F*2wkd8Vb0r{wBiJZjT>2k@PG8?R`$+xWzS z{1lVU-YDScIL_sqpGVb`c29#iwEu+npoQ?uv+Wm>)o@%p%cIqC`qOI}2Cw&=q3^}l z#OFTcmES`3cFE1ZzR6`9^f1G&VfBe=BKpE{vofIP`h)umYmP^Zkx-6If( z8$DOW#dwTTQW;5li6#f_QVYrZ;Y!bX7s^gC)2}?t zx2pP>9PCDJ?$Z!hz8brUPydTyfKf7bY>o$8rM5Tw5^^S~k7gIJ6-8roW>qp^hp5&S zAZYJB&X1o02*!5m00rkyf=Oq`NB1N{K zGMt?QDnlga2r_LhD0=l~&j?7>At=pmQoY2hINM@yC?S|V8Vw_tE7pK~%4JqQ5irJH z+)k8JWDkRU3DFF_pMLl9&!OypJp4QQ&;N4~^8YyM-#-2${fD3b@Az*%Awm8>_|Lx` z#Q#f6|9kyM3VD^X44M9!2LRx#{eM~id4m*6kebS02|Z{?tp=$~L6JHaQULnvHAsOA zf&xNC`y~MZ!N?z!KktT&xAjGP_OFD>YAB`6qD3!=s2 z(b5L}l7oF% z0-@`QoBssfKgh8w|AjGE|5e|ahWx~*%V?;mzZB_=C?}nrGNEExG1H;cpX}tHw4pfq zF3W?btoH4>j@iuzkS_(XLvx&G)}FqYAq9Fqq8T$bvCTNT8Mb{Fqq86H8;Ft~yznG! z4<@M&HY}GXNqy;L)^15N+VraZsAM=jCVr;y$scg ziHz9R5rfzzM2#b9{;hSj#ajUewaq?h^;CsA{9Nzr8;>j zFJ$^N>o!ichH=1=mEg9+=jzmv54g!}04yE?S3*V&DqC3D4aT0g{^W!d&( z+2B=$9sRJz>^;@3XK$W)%{qU=J3XzA*Sox_aR`txVHRx2{0Z(!dX{cM7nqp*kNuA<;(uw+fH7^(9^|TMWw0qCEj*8KpQa`EPst90T znSXOBSRZpde(U+$7x<+SDce;fv9<_LxoMjIJ_Y`IQoXY}*Vw)_#VMYJSV1W5tvbX@ z&hM|pq>PUpOpXWpKxfS|d)X5uB^3ieTQ?d-xYH(NhI#6HA=~nTSgRJ_E3%yBuLVL{ z%Ci--YfTy_#Va+dE5T7_(z9LcdWfpx7$R$ntI`jiUsuoBey-gCivMous!pUJlD z@DqI_I#jWXIM#aU|1O#7FsAK>=D9(Rsdcq-++ijWF%BzMqg$~CgJB-w`7Np9&v%v| znM?OcimPAb&Gm-1ygM-TtAq<4ev280d%gCqfMhjhz9h>Ac|8>}dn+hPtu({VpCmi~ z$gQg=jA*QyO_9hH5RmFm(K@Qgk8kQ6BvGjH##PK)+9_>e#V@rYPe?#sHvegCL9ygW z6=2u<6H{>ejs%N;y*p7`y!K@5<5{RUj=lbPzT$09=rM+DrryIh_@=$<+LQ<7&1PGs zUGYn1my560HSK%Cee5I8aqMSxamvJIcHM10x88>5c5+PvZ>C62Bcr0a2H;Pr-;nD$ zAAT$knCTJ~&8BEusz?TTK3-e9R~?Z=-ZlOB9!KiOeHVSLRJe!OqyyQnHN%;lPW5M`A=>?vqg(L%>&XDwAU= z6ZcZ-71IJd74IQ%UPj~z>advKO6xNV{u1HjiCfLxSC1bPwZ@+8xZIee?|Z(q#0*`% zmR;9A8fMjU^xn}=?rgp(a}G$~l`*tudFTbXlV#&s5ZDWLIXBYN73TJ5@N?B#v# z03@t}tI8PZJ3aP`q7mdc>Vf_R{l!cM2i#jT^#zgTSMT`4#zwtdKaZYVrAOg3F_bU= zK-*ZT@osJh)+lj$KE|oYST~hLdBr8nF)FZbn3}=9WwFOI%03_vRI7B!4%Asi3CYIZ z&r$W2WS@M{@){g#Wie_=XT0_1zXagwr1Ga9l%5mJDSHMwM1kSm_r|J(?6?AByNg9fay1svf9$uXvKyHHs%P3 z=d>T08T&$&diKMa#^*j7=GdMcr&oZ9@e`)0WL~zqv%)U~pAXDDT=vX!##)Q}3PSWi zRB2PXK1^5#uY+6%^i+&C141rQusO~%)!9c@8&<}TZMmLs%T{)MDe9PteEYeO=BVfn zVDv&RQ0=#U{q^>f=kt?YIq-X4!2#V^bDW_4crKUZ}co_2uKi-;|Iqa>5*+Po>Jq2Fg*Q(c+%9X626Mqi8;o9%$F%-C7{OJ}J z@!MkmY9{2mbi@WT;tC{3XeR6Se0b_BT4ZfLv1$5VnmSXkVUy{MYKJxYc<_&T^^BGu zVfO;AG;QbLZlCg|oIas4IWSUbOJaGd++rFEFH5Ri@8o~f!RptP$*XNGd+`&k71_>T zDILAT6%a3<9qW_!;|J~wFKfrGW;y)MbV;hWf4`tV2_3a$Jc%gA{IDdHlvq$SLypjL zc~q$dF&;;h52S8k8UYM?08CW;zE!6d)46<)BiQwH{|ATxZAaeMo`F`=WfQ=mt7ARd z6Gu3)zGLn5IK#RRrSenla;F$t8_7dqRez58wSH4Z>=;YZX5oq8UFTALzI;j-wh2yg z^M-UPZQnwQgxE)L?I67ueA9Sx4D_3YxPf$Fy4)Ys9EJ$Y%_+g2F+Qw-bu?Aty&-4P zlBg@=XnSMh#KK4!jmR9gUTRp@dp6k;o@XYh55%JBNX+GX$RV~Cv?!0W^_|42<;{rX zI0LFsMG>=B)~}$qAo`sv*(@_rMS0HIfm!L@5S%)bHVD3nyhEeBcLV2!h}MwZ_Mz&8 zH_l?J)u7TSdPSyDhEkE6)!cDwq4QJy{J?DmvE53777hJ*BP9>gr?FNOvci;b>!;Kamb|7FQnep>;0ztLF*$@BDf^gZfO$4|lEL`+j z2PSW^ejTTAbgS}qwz_+^Fy8&=llEi4hx7HVwL5yx)5Ae=GX>{iA^I_lT)5_5IE%OO}Y!Z3l_f9nn-Z z-8DL|k8`37xCI9^{Bs|L--HfB9RKolhT+%SwZ}+%Oxzc|AM#!C$o4c$F?0J{y7=fP z@m92zpf|X6R}wVZ@9US+sF%ibU!iJ+TIYfu6lQg`xfmMQ=qJu#g_qX1e(2A8{=$8j zhz5QYLCV}Hnk^guQ9~rwzxR_S*$>q{`~CniFP1?2GN5Yo5~oB6Iv-ik|=ff7pLV|M_og3jGg5@elMLK4AgjzvKS|g?Nzl z|Nh|r|A#^Se`(cU>pw^Zgae4oJx7W-vH%z+77i8$3SkfbpH7=~OA zKxXdXBlBobky$xt^xlMgk(uRC2ATFzBAvwxMt&QgD0B>B5>hg9CT12^Hg*9)Az=|w zFNm&oGb8_?Y3koYL ztEy{i>*^aiI=i}idi(kZ#-5H(OioSD%q}gjtgfwZyxiQ`-Fvrx@c!`V`10!G^{3BY zZoYm)zHAy~auTvnzi+?a-@ohEuVf<-1OkSj{puGG^Z@w_#)F{H@uK2OYol3v6VUTT zLJ4Iuk*W|n1HaA%k&VwH1~H?+4%6kYuKlTJ|6IqS{;i( zmN%-EkyV>mu!4!v$Eb)IPS-O@BIUeFt!2`Eil=kq}#fH~l(D z1i7s1w{8>kV?OSo285`$$GXJZGx}RnuHv##`4wm2NkSgWThbdct=AM{mjG*l=M5Vn3{f$or zK6ne^Z2i=GY)N$opwm5NjC}MhMZ4|MHrVjF}a1O5{QPSkq(tc&b0>F72G+uRZm56*oFB zw(W`43(y1T;3+qrG&$Oh>l2t^L_F;_D8{?FDNEg3uH$CQXC<_qzaE z6EE`f2})uG5HH|lOx*!OlkUGj`*E56^DCh?9PMQp&DEsT_jfu?usDbuB6@|jA_)@l zKe$8x{Q3W{YXJUhC!c?C{{L_IKVBh$Kd%4$YlHl6Zv6-U_Xq#?2mkj6|M%b4fB$p+ zr{6VH|GtdtKW}jUk^L9`FZ>@LvH<)a@!vl`!vFr3zwJNAZ~j}a`gzB}9l3xs68`43 z4MnouNF1Dyl@AGmBk}IvEckB*e$}+ zUykI$e^=G|d;a^^d-99_4vUInw#E~p=Rxw{scFf?#PmRt=-e;`5`272yZ~TXIWpob zqZC5tq0$a@%qt*)Sp#|G)qe$^gMBEEsRV;ra-tM)`Is@8II-rRzgSpYjELYgBy~X* ziy|T63*c1Y-rHOG6^usg9~k2V`iL^)li)>Qaf_RvQ8REK1LnH{nbPx8zNkoO5atjW zgTI@0gSWjig$sLU(dCrs{aPgLox;smcndiU+q^-}2v#;Rz!|R4N466=kq~Au+m`PQ zPbP62M9!IxC3;-X4^8ENOO%*$u@FS3@tp|sQ|ExOTbAH4rw2=n~wz3M+DYw z*N#Qfpx%Y^Sbvlqc|wBIq}FCtiCFb#Xri3noJh~bQro^SJvWXhMdwa=4A>pvMHe>7 z-;(Swh>ZoUSU3gp;UKJ~AotzMG7BaVli{IqJ(%wjY_mW(Td#Q#>IfK}+2b24qqNXHZ;H$zuv7(@_p1MEtGGX1$M)L2+NMyTxo z031~$usv`Kt&;G16b;qAtxa2$hG`m4i9Dy1HVQk0ijX0sgxFCm*u>kH8=H|DPV<|HX#C?SBhE{#X4!q#@ec+CnnlU0q!T z1qJEp>6cajtdbY@p@|L-4jc)9MZ8K?Rn=flJVr)FWTSt>bN@O90CESLR&E>?Ihh~4 zvtmV(-3I91Ep8`|D=S9)+&g7j&O=*qJ0d-mwqB=Ar;l7ZiIpzY=`uH)l;TMHJZpxw zY_kcf1-J|zzUy_%VcXdE4Yn|ST7LG0ilg?sX+Vg2P?TX35A|p{_DJhFGY-vYX(JqgkPF^Nrfobog{aw9yhD+5(o%aK)aosiqK%`Em#0L#aN}l%UJVv=K`Wa#6eelS#IiALu?=Z!?r_|57!Q z3o^2KL67W)851LGpM%;6)k=t_KmXmo_rs5jR)G#h|SUmY|8ys@WG zzz)p=5CBi7;cOBh7$YG%ty5{dMjuP$gA%o}bRQ&19(f;1dNdxx{h6r*A}+?unExqe z2A*aU$7&TSEF?{yy`s$m&r$!;M-}`bvYz1K6G^2v;DGx)4gecI<-+^yWyZB7xC!x2 zsNY0jhh)?$4Vqa1sBjU1vPT~%m~JW0rbc~3p{}UveifTd#KlrS-VF1t^cHLYI0u74OE;uNp;dWuyXbZwJ0u@LZzM z$`d}-KfpI-b-!8eINbgzSI#+}$T=*{uz&KObO+`YNaCOjXLiC;ZBo)iP`^0wZO z7W*(3pmoDMJImJG=AGS^eD+L4(R_48p~jp)jJ$EaeN7_5jkj)?I#gf*@UH(PSXsRN zYOHB<*gaJ1#3k}+7_RVxVRw=OK^#-v(4)H-&&{W5p1Y=eEz2M=i8DQatA0mITxKpL3{FH{R#&@#eBz0lalIlKj7&Nu>77+757?X&7 zBoB1M^ke+F(nL87HBA=*CR0S9U}XZNcmcpoCkYToCV)>a6Lmnt(3{MHjYEka6qo^G z<`^NP?Hj{7X2JFd*}=4BmHpV%635*Y4fXD$JkL*#CxRke`e@}G?GXwJg!BINagp0* zN;)cKq}UkS2$r*qc>Qep`K#(`t2?TAK=X}?j|Jm6CWciC<;Z+W!v+mc)}oYxOy$Nq zrAU6U1(CBdhUQ27Q907DgO z+4c@)GY4q-`GrF2QWkO4!)aM#AO4x_d=6Q8Iv2c;kiPy5Lr`KFsDaN3B(}&xwyuh2 zQ44^=;TS>}>Th|~;W}3}J^`ZCLiCf%mn2q+Wo8} zlT3&BT2tk@1Nm$6v0^CRVr-k+g0g~u4V3fz)dmPZo6bzaY@}9V10#ypM@==4F33^U zLS25PI(pEK43rf9HRa)ROmmoMe!>C@32Aw;0lXH(zE~$lD5=UtClfD%7snApqvk&i zs({e5L5`#LM6BveKFOL{Ar{*T1%J`ce-x7aU!4E{dH?S}CPDc+Y=i?tRLuwbi=~rOl<* z&57tIBP&%iZNnWMzK{E>E5?!DVNR;IPWB5#RJmzZNkE|IGLIxvfFHX}v#FU;KNXXd zRH=l5y!Sm$S~(Ya9v%uRE&u@WH~!+UHvdxp$Eo3$m*~au!q5F}Aks@bzZ)s@QhG)<1B8{pv#R-;n;YFb$p$ED+ zpK)YLcw$aopk zd6s@m2U+>S#sBIvc=`h;5YPO@-6F&}&}w@u4nc~4yEK~m3LR)vIB~gP4bJj7=Bsh- zR)%NWd;}#BDz}zMfSX6qA##ndEFeLbpkJQzr)z7phvHkylW1LIbLd4S^4A5wFYXTm=` z!6B#Qc*i14i&BC^DDnf?wJ?sOjX9z`+(1$UC?pU!4~;&ADD*Eh6{G-w;xn|Dcx@cS zqkaa=X_M#4wmAdWJ8fIj0gR@@ai&KzNDxe=3_wc62+%dKPu>@Ls04~5TM~&; z!Xd4SOv4k=eFM>IV}wij%j+%&TIey3i_9S$#*EPtVvKu7l9Z{+2aO|R#=k? zD!m^Ow}Dd>U9Cac_=Oe{B~m5@Ug|I{D+Q7e!f|UT_mG@cru@_{>{&SpB|NQDF*rQPX-`)@Le7jsdzBb*0q1?V86?%x zD9sH`KYm`)+w|aGm8nTQAH_7wU;sHmvmLJ{MnZwEO4iyk1|q_buRhI_Es#RgpF;%4 zf~2uh;IMNp1fuZ=BCy|y&6qo9r$6SAU{-VU-pRE~rbjN(f5BE1M=;RS(y zV`>#(+&d$A5PlrGG&<0ZwUnEh4eaODo|QBAj%iO&!LB94L*jx_vLY|)-o^7&%8l1E z`9Nt*9t3vfqav_F;Fu}xHldf%E{zt$nAz2?O+9=ZTn3TAG+7{#5t%Z4G^6>0li#55 z^gVx&R!(4cm5h!vdhoaH$(4mlz&sEWEqn!6?uQbG7Htit3ol^%^MKO0_oG(w%F3nttk4$k6T+2M7vH2OLDoI}uJdpcRArg-V)+=k@P`6*e2vHr^3uAY zE-NhIVwH7W1If+L3BjT``bLD;en>D^(ZZQGD=VXl@zaPapopLe@ToCHu_;;)&om#s z`PgeiixQp1)c9Gh0cs|PMdbqtQEf%VaZ!pfxM>E6L_OljMFzr@YG}GWVg0zv$&eo+yap`VttR|DCy<{AT3s zexu(70B^y2d+1QVHRk0+LeiMws7CaUp{*Il9ZH zBoT)8_ee;d*;CJQ9``0&Q~{O0^p6yS=bhFLj9=*1+&N0_hhXvv2cv=jZ4mDHBbr{~ zCAD0%uNeEhLS_z&Ks;~uI_qc^%KH(KKR1`I8enb%IrzvD$ofIA#YnY zX&qSyz(1oWbe_mBZ-W=&0#E@Lk(Jp(A=2ZX~N02s2g>YJ>*-CEF0KMQ;EL z4?1#&V`56hcQ;Vss8zSX(incdvI_uLzu&G@BP1dvxT9d0?}|#&@mfq=)*A4QQNz!I4l|& zaX>gw<^hu@ZXVRc`T0{%L@>+N${9?&mPKoDTk+A+8)E38sjbLrXdNh>T@5LzEyp(E^;{oitL8UBgUF&oNr{0u_Y4F5qWPC>c0CXP>qh zY^un4is&Jan-1y`K+#9 zHFln&bO0E=`bOyLp}-VwY0_8(coPK+M+EN*5siksu*nnSU`>c%Bp+)qFbA}o&f>y~ zv)Joq5m0N1SU*$HS=3PY%`L$fLz(SCOlR zK)j(G!e$LrLveCg2L8|@eMtSt%PpW0ug zpq`ogz{4b33;=93av(#<3==KX<3MRYQ_ss80RX9Eu|`3T7%$SzM25k-%AD4Hu|D_? zqR%{!=c+8l&ocH_hze((CP3agmr;X2P6!}sS-DXPgxY*J5)~r07M+5pr?Xm$8=75* z;-j**SNYi=8lOcj??sTEBGAw1F)+Fq3!ua?Qk5i_?cV12CYX;S-hf~$NBJOPwN2CV zNI*kP!Dqdc(gX{hAqL?b87+=rKLEC)LX!82=YkhXAyH>undP~4??>;z7>s4oasWh9 zA}Av+WGaJM$Gb56)+zH)Q9}hKUS)8$?!?X2hu+m9@-n)S;|o2Sb$%P)gLCEMYkjz- z%bM#15R|t4qHR2UjU#6WKF3kAqP(DstJfbn;|NIl_>%W3NXW7;BMmP{AsEh=5FUM4 zqX^Mj>ro_?4H)+zI54oA_2x`0a1c3$PUSVWJqKAc1SR&DLAKZ=Cc$(dFT^7f$FTQI z;Ywbo6G6LUqjpPty3M8Q0YdetFt_hHpwe=zqjW=<&8)LOf<1@8{E_d+2)E`#`4z96 z3Frcll!Jf-^#{-)2EWIaDet6g$!u)Pi6dj}(ca7`4YBaa$(=1MI~_gR!6@%L)c(K`@}LmzhuGX=~}DklCS+ z#Q>B;^wb}8_|^-?1Zv(`xT$3fmVMZs3jU9bZkW_j*~z)Hd`AUVpAzkqY5C-S!Nena z$N#pCpyW8?akHR?k?|mL%D0Qhq=+~WaRNAvb%|3tFgfD(J55!&WT=c!6-Itr<<>@n{3!8reX`uGAP6F2rbs6cQvWD1uX1M`qd?u+RlE+0r`h;cp$# zf6d6u#(6K#6r)9H7`#BTd`&U31!37UDkM7}NdUtt(kFCMFi#R#ZlMdVR?C1S4cQ(l zo)}Pc=t#Gkl{hvj{(}UwRM_V9^dyxHNd#gx3$iGCt{$laVBJELpd~ZHxvUK6ACh>- zjsm9HWyVF(R}5zE;oo;KZelR-(W_Ghj$PPLE<8l7s0Md;BLH6D-IFY18ajbxfI-EQ zh+2DX@c!5SX!6|cdu`xd6dhTuRgSF8hy3_;&q0Vd>GmwEjd=tNkPqQNt910qs6V5_ z@vf37ZtYkSL6u&*2Pt!B{zZYj=1gRJ|Q z98GXx3!i-k_#0}>&m8^t64MQ`jV0k@E426eA5u_?WOf*B_7e$l`B96!W+kT0=0!|^ ze>|kJJ;cbR<-t$XTPgt0d6UP3giy<~mYm-RY#6E^T2ZK1i&OXJc~;2bh7ZfwgUV`2 zWKx=Vt8_5=RWtA?0U$X6nNS~cLueqN;BH2*3OB7T(%a9DL?a_k#ivYIx(C>~qDD{+Pi_WeiBRqUPK<)5$cNkb==1c&1|RVTMTzppU4z3`meOy2VD5>uw2@M>&Tt7%8oc2}@P2RPI!#i0*LQY}KPk}R zLTaW9q;F^J3T*BoOr>cV8GDxLdIyVZ8%lnhu%|yOz3GFvcc24F#*0T30&r;WiwBo6 z27q{^hYo-<9_2W?6-RgmJ*23C5Rlk#F(_dE#NxaV=-&9ru!_8AmF1)%$HDE1A`Sp)m+;xG7))H;u5bnJl(3mzSUj3{XsxEn`lef z1j~bDn_gIT-Sh;3)5Wz;>keMCsW=Itot|s()4_qY=H9svAMhNOXIIMrC3~Jh`c_;KD=Ie7iBF#wgwRD+#0pGMAL_}Fk2sBOM%9Y zXF=ci3n%P5YvinG+9*N%p07@K#m);}nFBph#z3UcuZtDS&NU;xje#|9MsQ0m)VV`Z z$Z21N+)BeX-(*?!%@(&(#8V*)%!-K2QwZ*YUel%L+qD`zmP-kP7B9BH-cLJO+L?YG z5Fa*NN)f|DYJS=GV)*Pq#P=S|-`COk(U~TG zR_71INcEn5B;dU_=nkJ&cju{DFg==9Cg-kK_}h3_mqibpLj=~L&AK84ya4D$i%6^u z1lL5ykVuO#_&3=(I55&b>QPbV5oxrG(lP*zjRRj^6KpMrr!wGNE7%1JM@sa$wqzh| z%kDuJ0CLlQnp1%|vN4)6G1zb`Ye1Ctm#A2{mlhoykifT)zynA$&PYg30A)j!Z7&i&I)bv4AQTrs%LM=p4^RM}L=Q^> z-T<4XlkSxIKm-@S;y_6AbP@&3jKV4js+Gje1Ein@(Oe|+!;`vil9*vBOt9q68*n#i zN_cm2O(3KyA!gPIXRsm>#}~69U;Q>R_2oi>h-`94zIsz1T4@4i?*(HFAQ4Oq8NFd_ zCr#Z_N{EG~9<-&M1Y%B$q#qjLyh*@3S4yi$NW9%aSv`#S+82NCA`J>lf9a(BX*zkU zFGY|CfIpK2>Q8TxKQl_1OcF*L?WTx==Rbt%Lzlaxr4 zngX$e*fQ_8r2}9|`WX*JUMAISBvDwUk19PJamo@!2aqRbGa08bdSw9MG1eo=3T!EN zLS#u(JXyNN$%N=&iKB;-FO#O=DF!piqHO8#vZT)&fG2e+gEz_d69K(SNd!Cqlf*ol zg`5=OynUxUwf;PhuQ>v=ISg%?1hBl3o7@i4WbM4O&dZiOo}Vmb zoJ1k|unZmYge>cwahlALmZNAk4_iv&bfy|v>7sI4ZGEy>P$?~0;WzZsA20Lo-qq(& z%oJf1fR2>&PWtm`oFCpemn4cp7Wz`l50gOy_uBK5*V&4{7#E+jfrtl6;cZ#;@Eo+G z;uPat(fYg`0?b8*U-zo&0ivcF3UG?RnNhvGNkM78F_DE5^zLwt~$m@EU z@$RTVw;(4kD8Is}oKx%}aZ;(!agwZ8HWf0G6Rm83<`WL&tr}I`ea$pAfe5o@aI#@f z*X0)$WX&3-s!SJ|*XKTFOYsm(^PLS0NURiVsI+7+{4842aafD9m$GzJ>fcbgT9<=x zt}sfhl59&4GRakEEetU(_S-C+NvyVYei&9?Ev`~Z)=;)&TyEf!UJh*tiP}g>d63cQ zlB_(CtoSvV-?+RNBS-vY3btKx-%(?QQg!D{onm7BlfLwJ@~Y3QRTJb*BN%1Lyj~gGLH|h5`PXw27Aewi@THcwo93*8r1-Bdzv>XmJo_=e&AaA`AYt1?? zx^`)a%y0cR&^m!uMd^fu zgtl5)MuZr9d;56%+SHktIylTV>gZJIX*)O|N>o&lX{83X{^e3~CMKqeCWr!lejRNc zU!q&omWQ9&t=jgv_sFNc=Rke7=@vRq6|941!H&+mYoR0zOdz|P7>Pm8=14xk_- zM|S&f@(X_T34nSBM|df5kf%>q`OLWe$~N^=X*Oxy_&@A@2Yggz*8U^}NJ6LrqM}{~ zgangmDI_5YnG})$At4DxMZ>gY1|~DZloV{CDRwL7}pt zlsDY`mp$9gntS`BuMB*^Fe>eby`Dg>k^#LgbV+me`pY@R`)cdRNt%Hp^^+#$>I-vc z+;;n#&6Cb{-u^##}`2B~cUp;l|l~aZuWjcQ7@yC8WX6T5ohK`x~{nVp|O!@qa z>}~CzTRuM~ebxI*wj^IU;%({p2_<_j*wa;$>OL(##n5FeUODu*^mQrrlaUj?E%ljB zgQafmfFX;Ea}8g2tsOWtYjLIFzLHgYhYTIH>&yo`uemz$)^jdi`t((&9(~*0gRXx$ zZsa?|$G4YkyW+>Gvo!<8m2Dn3d;5UP?kjMoN>4qLu>Fo6FuJV@*o;=5}J!$pnj3;fq)OeL&ftYi%#xe6A-Y#WjNXWd4_?}mIbuKbDXuba8?lUp}sJv~@+{LJ>`o2y!Gs(SM% z>%2V+M!fLQ`M(}`#h%V-D?7K`IXd3nWo{p}&iBm)+umFs|J=wox=xOZYhVAX_yJve z{LkJqc8TekvCi@4yYg~(bw0b`w&zMdEZVv&Zb-qVuiEc^=Gx~5q>N0d-Wwcx;yanI zFFyJ#->TCu|KgR)2K|)fi%S^u+lK84BknkAc+FF_mp|Yfrki?W+N-~6{b_h(!POJq zIlu1m)b#7F9kt4Nnk#!q(u7Y9Ups!X&KNl0q>EEm-f`2Do9`Jo;NP$PbJ#FVmuCDm z@n6|fChaWg`fK9WyulkU)r^&{j&~Q|^}_F7NSNGt?ZCzJr@z!*yfAOk?7Xj59X0fe zOD8`!@w~-n?RfaHFLuZ4M$D=`BXzXLtUY7%@)5VxF2DAvAg(#M=-0PtTJN0yPSQE^ zE3Z1SYeCUJm&ezQxcrs39$vY@oN{A!y(VtZqpMaOwPn{usarPpzP({PW$RzmW`c?ZdOrtxO*E-R}x#UH!i@{=*-(_Qbj$|pt?&GM zU}DGeKMhaZ@%ViEXVYFR+j;gKmZ903#;qNdGFOw*Rcy#KRE}G;q+oBNZ{FZI!>yB6 z1~kUPcQwy_78hS8ojNSF?(W+XR$DtXgG{4}FTY}E{NPk+;QeP_swr4MY2t*g)>9Mz zyjYS3j9I)ne%$UM)l%F_(@C2PcdWj$=8X2v;PtN#ynI_pneFn6hs_^8_1?tK%D$O( zUH$!f?LU8<`LCPek6rt}8OfVXpCxvt#U&)RXa;Ux5ZF2~VbeJkcRgXgK$=V!cAT-|X>XOgG*?Xz}15ckfH#b*>PS#{3Voz;$2 zn%Y<1*KOK7ar1)WKW5dg%z1R?M^`WO>C(5&+pzAeh6}&`@NvtZi&uVS>bmb*$L!Ko%X z?}|Ta+mQ2~|N5py+eZwXzNl-&rF)JUecfhXO8iYti`JYs?YZ|$D}Q)gn*8{QlS@9h z;NKH=rp~?R!iCR$F!rGz63xFv;Py%5`guLvd;Q;PwfY@yS5Dt_f12$9^#9DPX+7e9 zjfP+DfBruq6rum0syR{fF^UJ%pRf1sy=(8@%)S4t-TTGly`P`C_tQ`JzJKf9*VpWQ z{n)+FAGP_yoD6H?VX_ujc>>^rBQ{!VrEYt_|%E-HHQ*kfU3JeQgI zoJR9Zb@kIvKmGVU#>XCe>=BLT;fEhaO4=Q(r`~+?&9E}Ay*6{hh7Ie_%eiEEMrUW| zx#ymH_UWcG&pfley*=nM`+Po_5;jLkeeKMenwpZTN*D;bX*ClkP8>I>ZuIEU15s4> zXa9%qeWtxAM&9o%wE`3Jel?d38am|4ZiK{PaPnlJC;rywZ zxOpSAGv{2fd;97^z1FiL{n+pF(4)RU#SV>Ee6XoDSscg(Kj-#vugR& zm!5dLx#Wze*3LQyxvO0(%P$^!mD$(X`C-k7+8c{5oH|A`zaja~GG{QR}MpGrvG zmV4(H@lxT6H!4rtbyR9C?u9K_`qBqw7bOMGzrO3#*LAPm`NY<_&Xs@EX&!p~tCt7X z9^JL;@z7~Odv52Ompr@C_GxO}Zhy+LIVEpz{-*lIq>(?>j^9%o|HOl%w6#|)>9odQ zuxa$1+C_ys$_6EAW<7l6m(y1#X+{N4PQToo`uN>(H_aaWuRzK36@&N8+*;&~U!Bzc z;EGS?o}h2jym|cV1+_>0`?XJA`S96a*F5%U$q#Ybj5}`G+;!glCvKa6Ov0{rZr`al zC#_mCwN%<(n=v!R`l{jlE!rDxkIyN7|GX7((rSCk$gP?>$4iDaL$6NQUUJ$Eoh4Fj z?kl6Vr<)T^AFiB{SaR`%KP1NQNdJAx6}DBgHc5#ib5mC)>>c)g+}b$}V@%bugal(#5>unpg z_dlr#EPcTxX$Gx}-#PM?(aYCts2YFcrz76>ow8==z=B;3zO<`$#iymsleSmHT~K`4 zkg3}=Bl7LHX#d3Jy!>OmCVoV1*Sg`0mY8QIyZ^Rs zc*$<*l#2K&%_j4g4YT7?CXZh-zWDE1=f|a_tiR>6iPxQwb#k)iR!wQb>yN(v^v=-> z-QVopIqa?5zj<=}p9VKpyfk5b*V9Rouj|(1Z~yJLPsK@Fy9Nxof4*kO_3iPu4!C8` z%*2MZi|$BXST)RgaqaKkINDsj=d-68Pr7knTv@00g7~JXGp4?D^C&4dH{sQ-BbL8$ z`IJ}IeZT&x#T!4oV*4$t5=QOZwxd>)Y;RaF_{!GW&Og6q^WP3AzUYd3YBv9Pa%JMB`JZPztegI|DPiRb{pt&yZ#r^zjwl)N z;)g@8b7lqO<9x@Te*1{DwX8N@7g(k$ZvRX=!oN;9hbxx zPP!*)+J?C;msUM>?dRtE{vH4NwY=PVjB=orI>>*n5jciX3va=tIVoSkhyfUIt z=X`DGcb6AE7FVoU{!-lEq=9RW%N?3n`EcBbO|50ergjDYnX5^;Yi<0vb(-wE>Q*LC z@{Kxg`_6=fw_o3s5Z|fUAq||``Ml=&8`o!E_}B9XzSuebqjB+}?1@P?eAaowKi<$> zwdKQ+DO->BzcC@MZuiCUCsh9Bk*C*OKVVWq-tHweC0gle=j9(>QhH2Ryziuu7v8b# zrqi3Mx)u(a8Mpk!n-jj&BtBkSvg(+(3*K~P@lL)y`O^4fKECqTTc2B8 zd&Rn8!6hT_P2HRpdcSz!Ijd%${prqu?Gq9;JI%*+R%%ZBNA3K9FU{MsVoqTEXCt;J zuDJ8QEoDz>1{oH{B`(p#mEAr%bB}pg)1E8Su8zNWqIuVh#a;ScWnC6SXPl;@cGz`` zUOHpg$saDSdog{Wwazi(k~_}2YDD6HMVw;q^}iO|VY>g_WX$ZY{~2@OeflN;>;FJu z5&9q9#r`qlzyJHsfBf|Qmp^^^@sE4H{`c4K|M10!U;Oope|_@NkDtBu&ktYt{FB}P zeD94Pc0K*|uDAaF)+2Af_wL7Uzy6Qc?)&)lr{8_^jqje`{{8d!{_XjjzkT+W&!2tr z?LR*C+VjtR|KycW@IHR(;qSIz^VZ{AUVdW7*AM;v`$y0H_K{1zdt~+d4?gh3&L`e_ zXzP3TZP;`7?Jqv^;Lb-M`S$*{=kNRNxA(Z;y6dK$58Siox0bKAT=wafbHBRr+P7}I z=F$K8&DXar`uH~I*SFMuxvBE2>kHobmE(gAmw$NCd4IY#@bP-v=NE*&yi)hkmF6d| zIsb#JXMTQh^B0#+dG+eLcUQK5ak2Eph2tN(DEPr8`a3SaX!n{E-Z-oE!?xugdz(L7 zG3jmJvPaHtex|kQopZGRv#R5h!124B^IvP7yxV%pqiwT3a-HzLW65vZY`c5R#g zl~d=Rcg~sbpEhCF{F)a}nfFe^?B6ss+}B*X#WCygg(ZKfp7!g;Iq%KZK6={Gf2u5e zr)1(ar!BmB!Hl~rGT+Y1csW1g-Ry}M)XjZty6Nqy+E>%0wuOiDuBd2s`i$8H#&G;sZSzuI*Dnv|(^9cSHgOJLU2l+^=(*KQj{PC-|Ha`8uy94)Z8WVWs^Pm2B^Q}wFXTP(4@u$ts z&Z|1(&)t4)?z|y8T1-C}$2Ux|{nbJuR&mC!k|VAQVpB_AiOc_Bgbl&|Zi0m<1TFLdT^ z-Ld_=L`&A<&J7<9x@f@hV+)L$vWw%6nO^3-c*RFMFNjMY>wLO)l6iFg=$!HEca*Fi zbF$8~HR+||ic6DH7Z<;=WWq&p#~Ma`y6quj=g^Z+Ufi(AymIZzlpz~8Z;v;QUvEBU z?f3Inj<=<+?@Blxh@@-W){!gY1{HLcCdEIT&^b7C|2^lAUvdAuig8}lgc<96!#EQu zEtju7cIjs0;G>siy)@uB%Ws$8G;-0NJ7$h5P2W9XfGgq8PyOMFIXQWQ$JUl44LquL zW5Y)qo>`pq#IUa)o>Wt|{kaLZZ5(_0Eh$42+EWt;oL)S7KH z-Z9|X=Z@{V_qm+oaQTrWWyHnjzWrNGe9Go654?8jvsKc6g?#)!V8KVUi{8usfCc!E z&Fg8*&22a3_5}qx0RCglG_uub*{q?usej7r2 z@9np5*|KHtx#t3b+1u2#diCnP)zy39d~Isld-TzJ2M>;tSJXzg`ahm0cH|DbFY$); z4_6spxOreeR@$Rjam1 zLq?BE+0Za5)jIs5gyB-|8$-TdoxW+^-M?R4k+R~bxRi=v>G2i0!wLpYnc3vYyP$LI zMHdebEF7*sL$iK)QmY|JGx)09lk-xNJk{5XS$|!8Tx+Z5_wDI%mch3Vyz0FCrRPtN zTR80Aqfg3p4LNsh+@q~KbGL6O+hQuZZuoPfw!QYsm{+^jdm8f#lIFZO{evf5FTStI ze|FSkjaL=?bZxHt`@eqM6*pqlDbKCDbH^8N3|KfM^`1Xk&QE^${9(r=_E0nvY}ndb zy!t`U^FzBjS_iG%GSoh zCRG=A&zkLtmtOh1zaHBj_;ABz$K6o-!;kh4t;?r>^_vafBs{h7&S{UmeQcX|cS6I> zA3gkT-oSr7G1C3@3kB;Iy*#R5a$LuX??P8^Oo@N;$@xo{|5Op@yZw~%m7Tv|S^nPO z=Y}rX*!lS*Q{Gtg(i6?&LiafaL2lTc4u zn}N$tAM=+5-xtoj`Vv#hot>7h@=wNH^1oZ2cyh7(o|nds=y>M)%~yTo{LFF9>1*>! z5`Gak2g5LW!~cU`U!yJLZ*}yA=|>Fa0Q?`ZKHd4h(S(qoU+lk#H9TBD3jUw0NhbcE zI%D0Ur8h4-b4zgbz3VnSvVPN!U)}cfmIq#XfA?44{q2W;{re}l2O_qH(H`_WS{yo?w?*G?^D-E+sJxHHfIri6#J@P<{5ySyKhgDnj9Jr6IRDxG zHiG>$6bb|_eo4|Sb9nailtyE*x48EI#C~7@xqi8y{V!cm-#;|a_x;b#%z^*+m;FEd zRC9p+FZTrfE=S@hg9da1cDB`lvyTKSb&%`OLHA@^`uLN9BG!tBN_AZ43fc+PyZRE zis}X}4WUOPwSG%;izT8Bk2k|+u{j<5c#9)wkvx_bN1@i{^+CUBb_TT)e3?OqCs?R0 zRX&p@Pc-J_O{Y%tr05CiB+2Y{OZ;j;!gz^m+I8XPoxz|l!?8T%YAw{(R+ZLgK$CK~ z!@W#NhhhO3TbMv*j_#&%_v1tjG30DyPF@#{xJ4 zSkdkaQBqoBE>k*@kuDl&^ zt#IT^#vETeeZ(Zo6bm+EP#N8W8VEf#;X%adXC z27}%fG|K(RAG#e)!EPV1#OU@J9IEmsJQuwl5*C~m);3rzej=`G^SgXO$!+m8hb+xt zy-O{v7V%-2`8I_-HfE+iuP@}Qc6nT>Y0}W-Gx2{CWUs5S&E+Zd`W&8At&H;pElo2l z{7xY~piP&w%7gTCo68<_7G@a?=}tZZg_${qboARcNQdlmt*}_#4*E@- zHeFI0&^38&p+IVypwsZAcqaRp)hx`ao*&Rk0l%$KOAupYfR0+D$I-T+T(=aOK@pZl zX{A6a}-B7UGnJT3O;~C2KR&06q~U04XXS$Sch=ml(Ayh4}fI_@k9tyMOKV ziJdIeX5n4zrt+(iSDolVYO>g{A2JzZ*dX>ot%)Q(KrSLX+ zTj+FWV4tq;k zo%#*>Bbvf1Sf^$WlpiP&4nL+X|K8%V+ucG%3fd)`+Y$&AYDuW^WG#}@?`SGyZKbiX zk+hWDHoZ|Y zXFgUe`h|$6qTfCnOIlJVmPDD6P}!?mAU;48Z2c(H3v*hYQWS|3i;*eCVhzYFLXuY- z8&g-U{H)N39>m3;73c-I6+}=QlX5g~DcBzyMMF%q1>ziq#k-IVGV_3JXoN&E_82)a z#|UQFSR66t#rWB-%w3FIVaO)Pj>uOFtVJL_}sz1@|94Ki}8j0eFpB7k|bM=am zh7VP&h9hXWuMN{mxE(==B<3G6Mm?AGaCZj}TRd5yH#4QnECMTZc<3Z*w-13(z_}zT zNhO!=^bt#!h$a`i!w1~~LOG~V4ambv$BpTPWa2((2Wt~%!P;I^Pct}0Kp$(X0q8g| z2yB4NpPA!yBhg4w7eDuoXq|2P5|kFBXal|7?*gO{5I{&#oukR&cX(_LsZ4y%bS9r5 zLC4XjM!7pPM1xk~*Yg0%amFHBckRB7?s+bn)Zyk` zhrOk2U{Zdsr&(sf`{#}hCFDcjy8O17)>lt*DRo+cJzM`T=Oly*OD<27H$t;Ipor`z$;E{+U8G;h zV#7?8GWmm^`_MnqgJ27#w>k9l;p&KdB(S8EiCMj{l;+3i?a&l{vTqpx>2Gbnn--_2 z`n^{3W!*|q_WQ2AiQ{PrER*bx)@}-%s=qpNyTtU;+L#P@W zJxuplQ-sy&@DS5xY({}i0J%g#G_nP#KHTW@ds}1#sT)co3{*nlV%iCM(Ucx`$iW$t z-N-A_mh2;m;nhPWG8_256B*~Z^bVd-+&}2qP3H~9Y2meO!n*BgoiW0ZqgCH7ItYF59Tn>4L^9VU|$w+N2 zKomL`#An4z0+5aX=p&$P`4Of&j5vuvoK!eMUCkDRQtEteOORlz32=2=Y_+we+B9kM zWcXjzClG!!mjD|)-~##{fHEVoG2(Fq;d1u@XaN~UU+qqjKH58VUVT}<9$n;UCT7XZn_caIMBQ__m6Ez2A-Sk5a>NCk{cco}32@MpV} z5o-jei{0C%gTLG1r&`%&yM3mm)ys>2fE7re5{;n4We^=mF(qxWwg?SMC1AwxO~7)p zh~)v9>Gc$fAFiA?1KcSPLek%+p@eN^mGC)XV38+iKQ$+|6gS!a1sH`a~)K-)? zbVqtcEBifYb1ZOGIoTT%fS$&0(8(yMFP~Fh+93B%5EYRfR9FvuUOm^8f>p`k1zeQF z)=Bgc_ZCae4yit)v(phd0k<;oE;!}d+cN_2wYn8_IH{nfwxOzKt^x#myjn?&xxB2X z9%ocq$lEQ?sN2)zAu9qx20=kIAszzE&65^;L5mQHszz`(*NDLO^_bjZN1 z(gskMm4E~AC?Ob=T9N;RAr?y2mY`GTw_v0#@FPx@GRXr>yo-WR(xh&DWJ*l2>}ZoQ zSp_Yn*b)Ur&C82&hOo=1B-Eh>5iP{PCG;;@5pd$9xEHURP|Fr?lUK5^lXrr)XbN$I zB!@cyjUR)<&L;U9-37=ojjG5<*at3szanJU_!J*`g;JQ^^0Ulk9lh!POYBtj(&pKLn*!uF95 zOxCpA@PWyW@`UzqW^{LU?8AI&0$3JoTpsd*zcyN%#q!JCM{zLnI8+}a4?=bV$zxTg z#Lhjz$uM?O&6Q=F*3-!w1Um_c4kPCm_K3=!2y{;)=#A2*`q|Cd=B$z&ZP9{qh{=Tx z#38_00ENu9jG2eq;b{&!()l0_cKXX_*T#eHO_Ns`N@3 z);3k|lm{YDQ=vc_q98)?lkE28Pf5L2zQsfGSJ8XR#H6g2@gOKGmLVi|m%^zUfjb5o zT^^@56yRL_Xew4ZHo+O+a|0r&R^4JES%r~@sZxww4YkNF$7=z?%Csu1vI5?j}sN-0tECvoc2u zu+_ef$%J<1d+Z$)2d+BP`reEY&D2A7BlxN^L_RrQrh{E{16rGxDH(O9X;^glWTZNW z+hGX^H(X!VDKigEmCc=^hg64i*CCm720*i6+GeOhuqZY$6cz_> zyVTtR>Ltt2_aD#TruvI%aAW<&HMp_n>}KkyB1r~eoSH`h;`gWBph*1?VS6Yt=* z`hj_HJBP$QxP?P!AKXko@DFaM&kQ62j{`@Eh+&rb3;&~<9MHXFn~cl|HYezT2xZuq z+t2!2OpCvVpUEb&j{@vyqR2^jnVaN`MNPnrbxZj9F$`5O=|0k7>R5<(+>YDys;R# zp8L_aIBZThmi&OLvvdI}b^*zT&$5{JbDM@-wN2m(F-D9?b>Q3FsL$qi^H>{$juxNJ z67bESehTe@Jit~>5G)Rl!2KG4V$I~=WA+rQ9~wJ61VH+^F9CE?7xYD8cBX+md~<8& z%!Ek`MX`5-$C4n}+T*fBEJ_o?btynaUXPi;-YW2W#6WY@B{_(Jn(}hsYAkaAhAD5C zs%wQ_OWSA2-fz3H#)>f1ptsG_VzC3r37C{ISG(*wz?S@>WQrJhnEYamJXQ~IoOxT6 zc7-R@j$9Rd7}0FzJ_p{D=3sN$)WtQ^FA)tH_t_9dsasuM#SN;r(jJ-ckBPTi8DWXV zZ4dbaV#mk?k!b;1ZJydT2ss939BcMgOAtw&-X<%&6fTP=+zWjyd7GpX@r5#lsBXG< z;lm*9wp3~fW8^)AEW@x3jP7PrmcFL*ABRnSznk0W3#EA&C78D z0lnV~?|jf6YHET(CWku8&dxgiN-Cr8qGqtBSS)q?kQtoi(T?~EbW?^X3(9gW;|~|*awlQVelXKO9to^5 z#8|V@K=Zz3uHPMGsyUEGBfI2os%&$Wzz7eS~QAVf^YQTiba3X#xyQ zPnI~3QM4Ww0|z&Hl?|f#FbBlw1%YCH43Wa1SL0WyXsIRO^*BK=>S2?Ks1l!r;T)cc z@eulnI^&);Pl&^iVXzsJV8R?BfNOkUBHWqeG+K^8}L zx5B=~@Lt8_yS*Zd{j%BrkI%$DRyi-%e0ZF;L{s6T$0@M~)6srTd5`85uceS-1*NE6 zR9*)b80pcZx&a&r!m&}&e%k$|*n_O10xjS*mi@`$Fb?w4_V|zk?yalclJJ!*X(*l|6+fbi1C^}~78)npEgb=55_LQkkUCus6cc9Y% ze$hR~tQR3kIKNbIrOXuoY|E~06%gBRfdoXvD)kfWG%|@45S>&?G1p;RQ+=8+o5q=eHIR5DxC%N!EQBzZRR1_yd@0KchQg_C`=QHd(m5Z96| zh-eOrLJ=iVDVoSCY;Xd!1j|a7)NB!BRyu(OU{!cpj2p&J#CRxUrP9*skOGJ!=S7lG zXUy&eBGv(LNos=^!6Q+Q4WgH&`Zfn*obny(%uuv>u_#NCqZ$7Pf zag_Z@s3nGpDgsg{fQl3pnP@GFFgPg-f!Hss# z)C~)Oo+W>}XB4ObG+ZAiRcn}*Z_JWvt7V_H9Nr0&SA^pzt0|UJ?yg(SCXj9h5w8ku z$O~gZRFu;ZYiVSpa59AxPB-&o;%9&|0Iex^!%U4l5%M*SG8LVS)mnmK3qVBeD#(l_D#P^BM{R|PYU3Xt_I{6kJ35G4X|kdadcN<&#hiyiJ2(oRsk z&f@XHP2{ID-lM{fogVko(~O_1FcP6w$aG?4r_pH4&6V+y*l|eaqI4|XG6KvjQZtqg z&IgR8#O+$K0y*ah$O!qcEcAV5Mj7BP3qp{nyczg~*dd!G;6y>KHXVQ-n>%E8*wYb# zjaH;4V4pZQ5{L{jMqpT#U_xloLOnY2!4XR4)RfMiH@~K#oWi7RYM7KO5IKS-mmi_s z@H@bT7Nh_uv`6kI3#B~Jh@uBX3y?0gIbCphfzR4-`thRE5s5Bl|ICRx8PUUhb{1RU@rI;5&0fs*<8;NoCJ#mPJ%=g%9i0L{GkBiL0n71Hb#qm2~ge@rC*^AnmiWlaGQ(bO!064qnD7OMV`TC6rgLP zWG%dG_lBRb;TgY02k?~iN;h~ULzPIHKvGNvN54y@h~z~zE(xhO4urA7X+?|Cfskj6 zm%>~9Ef}F>!QYqy{5DP4BzRCUVF15~Es|FPU9a#0ipPo&)3ivO`y?@Lh~Gt3zBb~5 z7Awyab7*oo+;F$mQwTTqTMU<42qTYe7Q|e;+Ck&k5?&`t7jRjT zl^g7!RoO>R5J6$ml{oR@K*Nb^4g|m>awNkk~BUoX83ccuBO+6^M~4I%qH*yM=#o$X=cRYn%!wrCpF+a zb0-Q*#V!-fk2ni)Fu_DnQV}eSuzpOBs}Lf0f=+ip5;emiG>AiGU;tp;;I@H4i1I5a zr~^zAC!bjWq9$B|N#V>Y#cUAO$O5)k#|t$dO7|Vv+JDE(^z%MmwEbX}(F)tXlqWbU zj>wTZROJccv<_^fB`}3#H9P_xAk=0DA1*5eH4FC;1;0bK#yV%2cG4c?k}u2f3UXE{ z3_9Yf8=NzU9Fa56$4uxIcDxq|3k~@_WTQdk*&%x)gR7xn;S3S|%Swsa=WTW%K1no% z^Q6uMwh3jREJHAX4(@^(iHnp_I|qsDM14P~ zc~oyZWP$zy0ZFg&3_Eb*J+6S01TE_T$Y_f?e_ zG99K}fI0+=!GHA*ACyR{JRpx8N2J*sl;C)^(IB8|IkEI`4S+`>83-$qibjb&aXL@~ z`eDt5I>hMxj07V?Rwc}WA%K@jl}bfR&z(IHQQJPtH+ zM0C5+FWxo#{4P}2PM7jbY0Avao{ly$isjKEvPWoYpd#kyn4~;)^oZ&3IINClP%&C; z!QzUY;Bo16V6L!E4_29hnZA$M|9<4OIX`Pfrcay}c<_HDr>%E6{C?Dr4~Fb6Z-5!B zs!GJ-s{wwV%~BDq36gH|g8>GXhFW|xOu5s5gjv`gu~0Qz5mpZ{fE0Zk2^ao`8Gy>% zuquQoBYI7j>KB?Dq|AINit1o^N={_-L6M+q#|a=17Mt4(Cct(KP6zctS-=2-U`u(X zz-)7a`=c~4Y&+_dk1E=l0(;2{3kau$L<$Z*n61p6n28hTVoM8W5XKN2qE=UM0$?MQ zeZc?1%bFp{%SHwtokQYxWXsW!hxG8OMn3or3^gnyXBBCiIA|pa1znrJz?xNV1%%+-(rb3TQSq2t@}% z__p}8&!r&FDu`IUAw4tQkdbXPn9>afMxbT{;KsM6-1Cr6m1Bd#^Vj&>a zhkW?98f8Ac2<7tvJtX^*c9ZoSp+170Hf8W1DHuZfn$W11QgNVWLiPj{M$dNpNym4z zzyW~EeC<&G2+t&Vj|nIgm`?f?v?gRp(-zM3yWokCJe)R8t>Ig|$KTb%_*K5c8qjok zy=hXg1t7yYZl|V-e?ukJ45a?<&Pej?e9W8+I=uQHjez#H5OFR!40;Fux{$K+g z0TN%>LelHKKHdq*6C%A9=LdrkJ1WyY;d_Lw(HA($c*Wts(u!|sHwoyo(7xj}=*i72 zB9*7DuI6TXm~!L!e2QJ@w(wX^%s_62$cN1+8W=Zh#mVBH!k>UTAg^iBsYf`(ac4Xf z47wZwgTw-Ph0CTn1j;=mB^5rQ{bq#rpA5@HmgwPdu^eg4Eiz`{KgqjN1^MA7zQ`Vu z-U&34Ic{R)!mA?OC;@!{*c~i3lg?aU%c`sRA_5U0mj>C-ZVEWY@sO*!3IvXLh75Fq zh1R=TLT(1LBjpcCpO~0jcj}E08bGP#tP9~LAl1@oVFNUPwp zEfB7(qEoyf)Md-cnGU9m8a%AV@A;%H~h9C);306vTC#RQq zNhxiuxaJ~iQ1K-zqK27VeJLhc$wdWa+R_J{SyYZ^;(e5GqD zu+8B?QQu-MS~_AZgvAC|7;{!dlD1fuVllyl2`waX#pEKd5t%sC`2({VU<+Y3&JMfZ z>vIB`!7nl{LY^(Z51u1fSWTo{5%37ZjTf9Yq=6(C1glIaK#AbZ%YXy|Ji{Boas!k> zG{la2g7cuVQF$JTQV>AHXaUqEv}%@=@CFiIf~q-AV9XZrnadC7EYtv60oY0K%PVw8 zWR+n-Z9;Z2f*c_C2tp$H&L$^DkLIxDxNA(tTGUlO1cXGSJ|en4Rsn(jk~~@Y*`}Yh z~PO_@lz z6&WNaT>`cM+ZfRIg?{cO_ZYfDz=0x?NQZ}Az?e6dRK?#^*huHHQyEZ%*ocwg*C4X> z^gPx~JzV>lCjGoj&d0739>GSVX|wfhBel&j z1z!o53okbLHw6KRk=(%>tc}^+F}}* z90F>J;5lIh4<$#?0@~U~J67Dy6QCF_-YfF22J|u4WqBsks7&8tUF5Xq610J>BaB11 zuJ+sG0e!eRxhPhmx`YqV;__y|>I5G4&S z&*at9fqwO(Eo#7+m7Pb4`hvaSyU3RGv`4-7!)BtT{ZzZ@Kfz~0U4g@4a`jtOTVF&U zR_#cMJ~=t^5JcZXPAiAHHbJU&HItJ7AY341w>yZ11ps!0$n#HuMWjhmzz~T&u(1{J zuTiEGvu0w`X1{BN7ir(62tdO{FHqFEu{N2D3uLIo+eVg$%>sT42WlNoW`zUS;{y33 z$rHf4+yRFg09^?)%7~(of&L_E8CR z0bGh8J+Mbyn!AvEnv9gd%iuueWfJ9OA;|8z_^U-i4?+c?$Cp7zZF5O2W)I0u8?L++ z4hyeTQ6gy@uolGrROOkJVGpVWvwM~_07h4^iZ-_wtAHQiJSMY+WCZmKIil0{<=lcN z?Ypv6KOS4-;W@T#2B)|{e>aI`xrYEwO5#bCQ`N7sz8|+GTtxr9u<|xZIv0IWLW*UfU*OY9ijc{QB5eW zaV7i|XdK2g^2-#&zq}#p#KX4%U6-p;XA|+u z-RCAo$$BY*YDoLzkQ`R|n6&O1-=$tglg)xf*_Ln5c z%+Ja_Jd&WFF!O3$bSqA4bwqF?T>DD&d+(&fe`b_Q z&r>J{E@<}6@RFsGnTP5KMQoWjc@fu*8#5>s1XjC*oBcRD2dY*Ym@nLO!qO$mW-W(G zz6ZgVsoFbuRw)5~O~TzyaM9f4zBKRn8W zPOIfHS>+<7jh%7~O?ssUcu^~K%#@jZLF+>{5KH9VgsdXHq(|w@emq`=pY`#QFRbfb zTm>cK{733o<|cA0{cLgTSf+@YT=Lr4hcU%23^PpXMm*UHAbkF zeqS>i#KNI#d__2sJra6;e zky*A_b0$pe0JLdgya!`i*v*yR({sm!8Ka?NZc`&9TVR3X@U%MjWl_!|*DticGL77iPeBLL`{FA=0l zZXn7JpbTg$YLy3F*ch;kh?B8pk8>!4PQY!5bn_#Eo)9R6*g~qX$HvWu3EU_Szm@VM*|djC2|f|Z(;&tVM+`^@ zW>E&rGF%b{NoIjo2DA)w#vJq>jggVF9D{K| zjKXV-5tCob>a`;XAF*qI-B7QPZYBpWBpa5T)|BMgLjE_zIr#B}6P{<%9btQtV+RX{ zH32+{@MCh@A?p&hKS7HWzNc=74{uS=fyuq}kJ z2r!21XoNqL9W5xq!mEh|b+mf}%djFr3NBz*B-PH>A)!CuqZg=Qu_acFSO$JraPthX zGNgB)svN>Q5Cz7_DhLU00s(>H4nP=jaI{^Jv9zb`_!r3$c$p(fAuK2y!N&nAST-o_ zL?WEMu5kX2$v>m_H5ZQPvJ6Tu}v;ZYB|F>S~!V@n9pD32elJjq+o3 zF%m*Slu```o6nJnIPciy^ZQGT8S{;YDRJ&lkzd7h%%^0ma=tjAx038gg?k?=^jk%N zz9@`~+$&-d;Eb^Z7t~3FVzJ*5{zd#!F^7I(EtSPYte2W_34@*VJ)M~NSdc!@GkA0TR%Xf(K7aNO;n-uiFzppvCM@=Pn+qp~ zhKAsPI{9RYQG*PU_E;lUo<#?8aFJLM#Bm@^OO%qW@*rwn`K6v%z48mRR3yoPF#_q% zYuB5W>E|{Gu|Qe_tr7Nt0YNZd=D7rT!%c+SaydvNBB}w}I7yl|J%$;9Uhu~f(nEmP zBZ>~j7_Are$xMm?Pr$@neG>ADizAR!fi%eoc%jSlN9piI5lFp=uov8TNHNmX223Dc zf`A_J-DpJ)G!e=2;aHPQ8DbT~5MoPYD?>eW!n%cIM00?6xK$Jz7mhXbz_DmHvCdxW zQefqXa5#h%wM<0+mhS&5kACEBhshazsJxBUauisx*hs(X9b$Q;Vt!MNa-ru#(9dIW zB&v%IJr{bK(7Xwhw6*w6J{$RWiAdD%nGGo%2*-=gesr2zDsJm!bp^T*F$(ZegeXeE z4j%&j?Ut4nWP_y=wk- zQg}bj0jdxFhbD*oWSH%?Wn!NE6gW7N)}YS8F-AiV57!}S&3+p=5+bqe4y`hT2I1k3 zwH;CMI8^XB#1Qb5zy#R=w-B|Qedt`)O-ReTi^ay$u>F#=KTex%Fb0Vme z)PaRyGB_!?FdD3(Lz*KufP-J+YR;%dKs-*m8%~~3yG~NT2s&yo*>T;1?DHgNELUGp%9VTmCNKGvW~so`}Js#nB7XOKOF+VLi%i5{YB#8GY^KQRnU!;jS- zG!~fpP+1TM2}qri$W+f1_{2QrLvEzWP1kS-;DI8aD!4K40B)nlwbIKtQ?CdnGEErh zJFdZS)5PJNC;bJ;B(eT(i%GU6RSpn~#1*JWr-SWoX`w)a7MRfF3Py);i`zpmZ-G}3 z9?LwBUUeZhy%q7Th^qn@Cp-y}u@*%7H_!-)D0r0QS0*?}>5IpOHaYm;1NSxYQMkTC zZYW~patBzU_Ait*e2x@4LTyDO%G<(*ZwDJAG$Pg{m2vSp&=X|i%T=yuzCaVy$Xt>< z9_|Jc7nlYwD6nF5O^bo|k$6e^uU#@%rITqUE8js}$>Z_5y{HgJ8_xa-cIH#6*)kc4 z5TFA|RMJ#YvH=BgAa-e0iKxgq9}38Foj7*q&_p(=W{p5(gwE|R=W~zJ|cRYjs`f-38RGEAdM7kf%QpXoK_-x zs$~*ul(8IB$dcTjR}8X8i5;@L5X6L`5OW9S1_lD0l0&=*8Ku(&mL3SfYX_!P!q){k zEp5wC;?bCwW#aR?C<7*Nb3P^E0>!kE*Ar+gSR@WT0AvwM9)J#td^#{Xg#EBZi)NiN z?959-%#`}0*J(inOQui2QVCv00X(&4Oc+D(97?GiR4S!FA1V?-pfXCdAO)HVH&W3a zQ6mq^F`xqMXD~X5fX2v+jGzL_bfE2)m3!iVu-8%JkAx=iDio@*3pJZO!~n!)ali^Z zl}(dfm?*wQ7;k_s5-p+fvM4u-E3P>QnoxLxNHG-Dxd78AjGZJ3Bhw%y@I|=ENay!h zgb~n&OerBCkkJ(e)Wzg>^yamW@GtN}zU>e|q!pm6929M}qJ2pxjAo-T!A$rc`y3`etyq&6qW5yRp& z1cmV#q+ni10?r=8ciatKH$~H;fuYz2YU`5A6kDPSVETrW!iC43ueyqI9#aOhvMs{I z@KX^=k;MpMO?9X;vt^$uCW>FN5(It#%y&o1M!E}0YFI#piP}II=#a}uA_Nn$(}0xV zZD5HBjervwF>XpdrOZZ369)m19cTAj;JRQ+c=}ffCZk;ge`c)ts^Ro?-`EX<$^pmL-RYkW~ zP!E>x2#MfBFR2()xb@;nJeLD%pBl~13Sj~;1oV#b^&~eCb6oje5gGZ zz({-!%`HmSs5BQ~5FHZ&aP**YMOdmK9S1q+a=`E?ua*JX&m|Va!xNB6sydUoUffBA z%l#r@9Rh4PDAg5I;F(eQd<)ww7;v|xH3b0x#;)rvrr!S}qt%&7=Uf)+x z#Dx4eb9I?mW73O67FB1y*lS(dB zI>7Qt?QHXg5IqTi0|l2!F9O;I=_35}ieozn;e?X0Zd3<{H4dEw5(A=Mq-unG0iYgC zjD%fGZVpaIxw;uLJUA1Xu3iu9K@uqqDDO;HQZ~RS6hzK~U4~CorCatvV-u7U5bGpT zk!fm-EKJtpmAEw4;LV~EB<{7%%4U177WO`VgPTE&0wM^;I7@nTgx|{i-~+V?(nj<- z^O95oWo3z5TgPP#smNn9sD#)CZpuaY25A@&^*D;qtvThV$zmlWnoMX+EV@K7LQs(| z#Wfx&MgguFp~z4pqAMtQU~5#rD3z9ldZAQzTr9w@CAGX@tQDc43#>K!^YnhMum}fG z3o^TGGAg6o3yTM9uqm``n0eG;mk@t|m6S}p2ADn>DlQ+w-;h(n*aR31!s`ilpu!bU ziMYfxVp(|Dtb}1XI!N_0~tLK#fuRz>kjUiAf4=J0I7#SxHG297RnEx_FZ*rRYC z*b$JXr5T}=i0L3DjW!LLz);G;2YCrag$Z|fh#a#|YP-7Gi1t9CX;N&$-(lT}ox*{p z(wv?K1vI%&h_VS$!u16CaDnz(oD9WWt9DprHj zQO(cEnOSp?4ad}?=4JIInG!2@WLRiFAPZOtNMJ7Q;s$3#T`JH~1=RL>O0Akdn`@S0 zS-~5c{YYD+qAzkeDtroc9|w?l2^UR8(Nl$P5bo-Rmxc+t428SshGdylh=aveqguw5 z(xs>w95c~bEL@chEDQ^Wp1@`J)09v22>8_p5GmD2pNkZ*#wO%3i(9qTA@hk-Q^YLD z1DJzoE(}ar0|ExP;9?!s_##`*fpkf#HDGZA09E;<+y-&H@SL#}m@pwDuygrJ0#bDN z6RNO}!%n=Czych9>a-b%3PG!ArF#f98}`JOXjLF3fYrm=>I-m)IMH%2FxIuOB0vls ze4|U$%^QSGALKKolq~1 zcAGflbOHpX2iXV|fiw_0WWeb8CJ6C{926)6JrS-|rfAk`@H)FD0(`v=1!mG|krQsJ zt7|HxRN)6fVGCfCF68-;al+^#SdU%ea8;3mfH-$iOclTxX$vThjN8}%oQW8CQ!Z6w zkm|$1-Qx3l+(-jd1(KK?%Yf*p!U>&ctQ~wb)RK6R-d>3F?n6u{AURr)>ROy1s&k73 z0a8cBgEe40RjOBnMg#N)0qdw&SJ1~;aTDRbZm$*U2!e-%r-R-7{c8^y4x2p$S#Tue z`H?D~jJwpu&B%vv@KK<;0W zL{PE-+R+omN6U6ZxG+Lb>bCNY+zRXCIA^NQN{pe*i;!=eyHY=`P&q07B#8;4B=*DQ z&XIfqBpW7$Isqzo52XY$9lV1wl$mpIvbGXaOpRh;;i*JKJUp7znXHcU9Xljt1+NLm z2vTlMNm1lQOo$@{s$K%C~yP`;;=<1Ls8)IWUv)iE@QLFh~0&2Cabd1rV9a=bV*c8q_Rti!r5VC^T1?AKX9P*YH zIQ*#eG1h`M4-w-C^IgFo2y{x@W8zu~@p9qv$Ow6)9Pe(C9%vTm3Z*!4@Dx!goZ_Hc zkTmxsd#$PXYB?*Qs+M1ZnJsGf0kEUP1^yV~a-swd;vPG0lMWrNkd^mM z9RS21<={87h#`Veifz#IIQOA9U5T7e>zyix~&;qcr4>D2*N1&v_ z1UX+K%Hq=aO0dCf%Jq})!H}14%K5n)-D(WxL3jxNQ!`uyj>J-*_FdI=0hQy3EraKs zkTVE0#8b0%j03?G%(|gaT0x+*yiO|YW$~l@uwN_TCL_eZ$f1}F%5})$7PzC3l?gg# zh?Ay(2)@dRWl$_mE}$}z87=GN0X=YazN5%sKq8pQYC-u%Sc!5hvzF+%A_QhmK_6hR zthck_O>m&glY#pX!1;u?Quc?VfCaZf7pe;Oz-+q>;!D1@$Xtf9(%AxlIY?Ke5;NfI!$9K-`IJF}fU*+nlqzS3+;4JWG*r$e zqSL!t=|XCRB4;Ue3<7AAWi)Hn)RSD6P)k1x$%<@RtuzNUvqSBCd`Zg<&qu}q>2c1$ zhPakX@WNEG1Ug`~DfSt-IDAb1R@ zf-4m(A!jrl*|HFYS4fkWw4~%@V5w0A#iy0;KVcfNv%RP8nW&*cs*IAYhP)b7Z}Cj0 zg+jhKt4tL1#oD4;5Fb8nD6zCNvqzM)`cKeKGa*!?$oGLKjq%%N9> zjfB$Rx1{r-WVOWRwNbDpITRI3Pk@{9Z;hmt;Nmk=qvB0e*}gzDh_C>y;4(y8g@cuS zpao7!JSCip4m~anpvnuR>`=HZuC)XACxJoimM+!C59Hw^6vYLr7df#M9~s3|VeCij+eq)<$N#RagrO6&AdJ5C{(75pWAa zJrG~&>7XxR`bCz)Ls!h670?EjH4Q1E)*3mhpmsu0mJLuu;?k;vYZ9O!gmygaO-;vK#{2^mRP zA3$9sd#RSy(8pgQa=!C%(t7c^$3ZEc@dTqSY{?kRj4xk#N6Em zOatM5@O)v&r5HZbIm2u~0|~SBBK(+JLx5V9(2^*nm4k{AnC>L>odGFzK2#9~nXG;w zcPynv!F+y!mdoex(&1nNYC=yyhB06_j-Gr%=`;yMqKb=^P`H1alPbZ8-q?vqPD>yG zM0I9}U`k~r+NR6cK$7ZO5Ijq8V9c*@83{pkw3St!08}_E1#A|?yfaULB!-!S$Yr!C z@2yPw=o^R2E3XUk66l^VR9fa!LIM1QhKVVNQX&L~qop9M5n!C24wy0#$X_3%r4b26 zW?Xk;!+O++QiY|UhJF^4#-DwpKs5nJTr4+|=VWl|0S z3bk?>J&RYzsy}YZVCR1iDnU>(*?{<-Bd3&<9Td7@Mv3A=NYKUu;_yJRgm;WET9z5g zb$F`f!Wd?RIfAkgl=lO6j-$+FIN{Gn*)(iKG_^uX63fB)#E}AkC)^~ESi;#tM-lK~ zi!{;VMJg)sYjKSpDrLyvhh&@@{S&_?z^N7k7g7k=s zp!RzBXi-oR;t?a5f*NgD4_l5h0P8`qq;G)g6zkrb)cqb@rxyQWwI*5w26A`|Y=VTlc(D4QfSb#h_?BSqm%LIvdULeF5m z9NHxY1+9o(ii+Qg^+)hkN@J#l_)iASn1 zT>;0L?fj@fOyrKC`YS*TBQ@c)Nlt5|DMLC0vCbk1&*uUd0x<*pjuJ`1#=+&Gzw<5j zothZD@D+hH~4W!=a85`)6Th!p=irtTJ(S3nHZ-B83!4JFY;*Us#2R31Q1v zsVDouLgo7~BT%R)1E@@mNCC+&AngEDPNjJuLAa)bEdom$d}8z}!SL8o`9%@XLSPPG z?!-f{_d;&b_Efv5R3VZM$dQO+B-?gCL$twsJrNurpK|f*i?MZ#fH^{158X9g@PVbBN?5B$EEBg zb1@6g=^&a2(R&;jn?sBERU8jB6wMui>%KXSj~MbE(eAd7f z1zQzNBET=E{8V#?krWPD)1$&fY6FE~3G^54H*};hCBgq>@+Uq`)+v(v#1SLdqDR0y z4mPXj;Q@k=BH|@%AkZvjg&P(1ATBu0sGb5Z7zYWf>N%vU8x0voBSe2~J&M|aw;*#G zJb|_WDmM%bKMZ>MQRhV64)UWQCWIGF9wbKN@j%v2>{gwC8WNE>U`J>dKL?OFE@U=< zDv_N4okcG4)P0}n#F17iH^B9gQNma%o2TT5?w##^q%O`#J#^b0SJy8CXoXO8IaXjE zh?e|Tkf04*V2$xKx>1*oGITFuDbTd(+)?xZJ_$z;;2iBk@29hXW}zHVqfFW=X0EE- zxWPJzfFJ1Y4u8atiqlekPN-D1z{g;GC@+vbP>W*J4ftQFlPaawp`@IjoURQWfDb)% zONL%D!}D0f2_KzPQ#yOz{F;Vx5$ZdyAyWpx)yJv` zK_~57C^%pPl)DO>0XHRC0T7Z_REG*u9q^Ws?o1b+5{C$M$Jx8DqVR7j+<+A;Mh`eD z13X)9o3v2E_R(!=ctYYz2+0pvk<>N59M5G%d1An-i14OR&ZXE8`cAey5c>;d5(+Qq z3z{*PKH{$gGAnRPB`_LHl)tNoyOLxFRqz0wjaXe)n2C$?hEc?f)j=_hsz*WbAL9Kf zSQ===P2%2Vaw3p|uFTk!&e9-2SHc2q7Aq;gg=thfJR!T-y&jXThtPvVm!}y<++i2O zna|_4dOaEVAF476JyFCre`?IkV50a$X5FDU(B$mNMqGH(#2|fd|&DC&VE+9!5SCy0R1f(Y~ZQm%5=06JolOPG3 zR7+fn%xg9k_%;d;)&bsQ(*23BxFaF}T*vtT*n88qwz4c+_jBG~p-`PC1J|_>0=Kw3 zbjCy&n=phOSzmYr5}>deN{wye*WY)Hxz?5hawZsDIM2CR=QwPT_FnC5#~d?GT%aif z9631*ORniB`>8_kGC#4A6d7NBKt4mowHgkOKhxnkX&&Kpe^$U=@bFb+TJj}HrgiFH z;y@u>`e$Nb=O}82NJJ2*KRBa4oKt0Jr85!(;nLk<1s}5LWoD@xzAJ{sNI3qKKGR5y zc#!=l{jY<7`+qcb-oM#Fp@erGiu;DL@2p56b8plfSP~cHcS(L7SXPu+>cUJ0DUKE$7V%hl$gE&@#7{@L;W_@1 zts>%rSYVhXck`eAg39gI9f4gT4*T6 zF20b<`DwRRk$n@znWE4Z6*ir!1hCjd@Vr(ic9!^-RBH1}+$@2Uhz@h2tBNOonLj-_ zeStmQeAYQUZZ=_kOzyt2E=x6VqUGns&s6mfrQ*BZF~uw!`eZJ8M24R`gn@Mtk*ZQ7 zI8Qi|T#+ptu3$qY;8bjv2IyNKV5KB`ieOc=vz>N?o^EVE-+a9c&>-JSKZF-z`aDT? zI@MQ_SB6d^6j>30EGWL=BGa}}4$(4vA8{^G5l$rT0Ca{6I0 z=|H3)7e8R7H~TV2%OR|)3|c-2$aXb3P^cYu1JQySp{b3N;F2qHKqO%`rR3N}l)hj@ zmz1^4dSYqZ#FLY#)R)fH9_dHUBgjcGI}x9g=b*5hpDM!?4@h7dFv;;)jY=5>Co+<} zSFoG!8f#>qA4N<2D*&Lpo_eGxf-`B-WQ8W8kodboj9qFFrK0JRRB()GTN27D(l>+? zc%@n@$>5~zj>3~()hC`I<}MJZ=4p%G99@G!IgkS$5lgB3f?kNCM}wZ2%#fEm9~H3* zYXdEe>aQ3JJ$cwD9-yCLjFUwv$InR53O>f9M-iFqP<%mwl~045NVSo&!i&#`Q>&u_ zPYF0;st+42E&vHb`{(+D%VO_oi}7-aWbKnO{C3z4rTObkQkWZGaExT)yffX=jaukP z|L;Upc5~7{Y8$K=h1%W!ytquxcsClYg$fb^3)t9~gsPm}$YH#~>b)mLUd-x!k_t8bt+5mZ# ztXKkQaSBtuSn(k4x(NvtDBQ0ptFOMco4#h_GXS%SaIg$2`A`Xp z)=58de9LxiUh)vNXb2g>1KNdsYoe2q##g)V>;q{`@9$ObGrb#@QH$RRLVtZ3^{Sv# zTxuMBxujIOtqR7ud)H5E?y<=Vdpns9&aT@q(cvufw65P4%!R4~Z}i;Yrv0J?;rJtt zPVjIg`%~v98I@klaAA|3gr|r`J!$bDNOMMg^Xn@#_z9C?vbB_+;;)DA$$8`o2*VUs zK*~m7f26BMH_5{jVH=py&wzxx#Qad)2sP{~9!8?W#l~Y~1J)3B0^x@+3-v<8AN{=P z4z)53kyN_xGRt7^Rie|uk*i>HvE$#;;iA*}OP8I{FAcqb`&FEJzsYMzW0(66zfUml zCa+;`;tl5H4cs%AypjLLMJ;d5l0n4gl#B2SM+i%{tj6_cm396cbp~Z@>^2c(vNB2y zp&wQ@-@sOi?Q2q+oSYB;QBc24{FDA*9dlD4bVX1&;}blW#Im>qUw2CT10YRi;pX>`cBqYw-Hmr_d3sq;3F!k9uNKO$NsBzC2{!Rj#9SSrxxEmC$cr#|b#bc_U#*d_+c>-~Lt(Aj&dTqU}>#fX2Lw=HT zp2?ZR;6Enak;8XDpm5LZvK&xSgTFc=Meh)$!u-Gr$c(8HKyOm55&1Et1~hERjGo%+ z>35h=m^6|nYLMz5sn5FZb8-ij$5I6ip{?#2a+EqbT-D^2A*t9$yd6E1VCxfYmJ@pV zKoH%qhrM$GOrI8C0{Iq)d}qooIjUFM%!tE%izHj1${@-<+2q&iHp>zH4p?L4*u5V# zDWPjeV~Ukt^8CrX(5#mr5cPg`< z1!QQnml}{EEUmBX_>P~3V}{5=a1{Zzi2TGfamc!=Ujoq}{y$Ql#5JNoV$8eD__zQC zn3J({4QN32H;GKi zILD>p+BuwqCK!9FO1{=h_*CYFw(s z57w^f#R4V}6iuK6?O24T9LnVPB*fG?HmU&A2(d~z2wphj;?Oun<0<;BkZV|_ZO-JW ziiO$Z>BaD-?wZs@;vsS@5GAYNs8rkuCTY# zRHt^$Yx;#uz_X#1IyW#9FL`Xv`yDmgX{m60#|^@Y$E98H9{9ZYy$&n-nY>^kLOD+y znWc5SQ3eb_G`x1~8JcjDP>2O))+S`r@rb9Pt3lgGWhi}gqZ}QMVtqcHQ6}!p5X4R#Cm!ble!+!!H(>j=!(3%m^{eJUzI^Uwnc*%g zDfFX8^B9244D-Re$I8YG<-*LGA0H4RyeN=71O^G;5t~kf^AkK7R@8sXXK-Rs>8L`f zu?e-(0X3ky__#;l^YpcI7nqG4DTZy%pbw9fT^9f(KsyesEUw2n7uA-Nbwbr7=j`0Z zr5kXCSCdW2^gM^~D(>h}9Jzv<}%BktN?TGhGO=|I@cd zX%;Bo+9u~YUwUnP@Zg3+G}u&2->H7*?YeR zGfnJxcXUjQ(pe-qKM9Nw@M)b-aXzP;M~E3c1>l3kBY6_?uqZq3R3fPq=EDbPM{vcW zh7ql^GCaZEDSeW*BY!F6z|hQx9N3KY2zwz}4R6t(AgQsD(pS+VB!ShI0ja8C)iz)K zg$VBR!IZp;M~A53M%mQvf5=v`riY(&8ZRk8Q{ z_q}S}t6BLps5G>gn3oE%RU-Ri21 zb}aoadO5G+KboAwSxy9%8_dUhoI~=}C;uxIIkX!8>&=IS_nWnqm6g@iz5m*Kvv}|K zf2^+k*Kg(LZ*a_Afu*=XQPniPJQFCYIHHjPaKyq^Zu)qO4Rd<{WnQ#d-WCOY&a{VN z&-5ux*3Xq?=e~>4)bR?o@!TG*w8_qvHr_u{h*WJ{WgX{}RowQO%OPVCvC->6Dl;86 zjU>V(9ju%~TOnHJX@@G_Or)&nVC*xgxK1qgvidFaPuVm)(Qq~705z2Dwks;bCKe38 zGPM}vsI{w2!+I}PB)Q*+dTtvMM&*M#BB>`Z%Cn>L!13P8OyOTbJwP?Qr5Z+!Syx8m zBC$oqWLhUh^1|lV`O#x-6EUY`$jSeJK10kYm}@*qZH)anaC@$LnY5)nbac*3SIy>y zAzf%}Af16#z@S0cPr_ie9UeB8pUSv9;F?3n71LFMf9zSI%lHN)`)YhYOa_DrAau~Y z|M=tm((d+Ngcp1_(hz7o$cbRiq#O7!uhRUOivqFko@3d2G(y+Pa*WF;e02cTFm=Pw z#*?(HS9r7O{AXSq@btaVow>`YU}^JZOV+E_`7cnnxV=m1#2+9J8FT^--Ebb^N3|8# zSY4@!s`gabR8o7>@wK@!|hR2!%+tu|fnaT(eEm;OHn+ zE@VBO79|-0tLK{S>@NBQ|Dh$bmqlcyQ$OiJw|rKbb3{C`BMn=X{KP=y+K{vPfRdVO z%-$M&Ek-BLN%UCFzE!O9J=HB*rd1d2F5O+I++TS7@b1Ebp$#uihx47mm-(Z{{QU8u zdL8GlPHK~jF}va*5V8A(@H;L<>H}r*ip!?zY=!AJR``go4f2DyrEO|%wH3gh^i)BH zBt7I$sea_MVs3HkGek8NQQA#Js#vq6mAZo_7D+Jn(%=5}H#+NLayY;TBMX8^5U6tL z&C2%1v+|?I3)K4Ujyg0s3~2PQAW!+dOjh8E#e(y9qGBBiNj8b{2Xooifwp;meK(x z4g(+0Y}2?HB%d9h)XB*5y2Xq2_ovnX-h)*8gTbSV9~J`A~*kXRyL^NEHA>#*h{Sgx>E@r>vj$K>B_Z9OJaFy0BEMF5IhCKl^a( zr-PAzerua=eb?RPltZV4)%fgiI17PQC zUOqVL%TS3i9oGpaK(0WBzYv{M1w}G?1m;vInx%faRjks_DC(`}4upj-7KT2b4}qi} zFEI14eE40!4kDzD6ILG^ZH%ETy7VIJfMV-@EQ5YP9~`y@fXZ#2Si%u|24*c+nz=$V zq|Dus1UHTq76`mZI3Z+TKQ%G52s^13m(&-clJ6*#GEpama8>)2N<3z$6zZYsN7-)z z8Cn~qZOcq|<19j_c)kBuq$k#a2d^aK7x_;Bh)U3J%~6$08Rt?A^UG$4f~iI%2D00TxP5>;yXK1 zpcawZv;k+C5S$c}rcIJqZTm86mfS@y;o#J{dObP5qG;9^94VE17_Ccq3Sa0C$eMVE z#@h|CrPpzt<9bq36V){1kKD{+exF8ddHf`eiOh180}hiN^1JvD$F0K(c_oIU*QbSY zyCb%zW58>iL{#Uu7hNq-bhUM;j+zZB7P$x;JJ=dR7SmYo=D2%){B+4TDAe03y1H(b z1Pr-ES|ZlcWiKCclcHl|+I*l1MFovz2zQGpvK?bnNAfj9P>SH4*UxmG{p7Bg1hcFh z3m}P$NUE*R4KQ8BOS5r~1b**ZImuIPtJkqkBtXXJD_~XJSVr&OSHE0WHQbaw^ zk4tugLp;hpdSE~&boTdoFnW9PCM=g;QFdc_M_3tA<}n;J!6@Vu3muy$!4_lvSqy-t zT*y8YFpBH&qZSh0Ga2Zhc&RYHig!zG42=3GH=oC>eJ7~-b@Q0xf^|0ckc{+i# zL2rv8kXEyLfK z3vh6th7n=Orlwqxe2&RYi{Y+t$S}%_W_aVXKwhVtqXt@M-h*asewg4Lg1O6lve;qvzQPijxWlfPW#f+5uEHKmGX;z zX*U1TMF%?1%ix=CvCR2e=qjo_PgmKf#l=#sy66q(<|#9*STgS03;Xl=jEs-8Q3ujdF~mDwY$T&XgWdp$@JzCjc)V(kU%BWke9~0*b-8E8=Ae zaof43fDSxa_gRGZpFiE&-sIharm2%;Y0y7>R;K8t+ERz%&LPf!_v2tc{bm2*!eIWm zbtE6MF+6$pc#-An<6%BqcpmOS4x>M9N~>qsaasO zb%)Wk`QUiJJ&XxC;c&TGKPX*q){h>Of&5pmy2`9s=XZ?%ssEhV*mJ9WCIet0=adgFIHFH?1IW%aeW8-KzW6K6WgNM@(1A1W1&ssxWdQ(D`2t^2pO z^=6a9tbgsStgpwvCe(wEK242>zF!xG7KPC7(*;qBxUXM^3+kwbd!9t|B1&zBMw&eQ zNoW=mB;Tz2&U7@>^Rv9l932^cR+a*;7;1gCjExM3Z?}H8q~gs_{CA~KFQmJK9B@t) zLIoUvcC82%bM!>BzPK{e%Jasz{2JnXrjWd_KUYwk`S@Q}lyg#UK#uDvHzvequE{yY zp%?zoOYfN@yUuR?Um&?-idWT>|1&H7oz3XNV!xVmaE04GVR>c$jr>qjp}{q{3`tPL;H8GoGR-cAVJRtLhQ z?0JD-B4;z$f6ZrB{rAN%6(?LRQYO`6Fql?y?RXA8*LmR5z*5~MY|$ZMK*RNCWx~84 zngk*SxYLvEn3nFA1eO;@JVlL(h)#ZyR?M$(y6stpzQWCPuGtAc2M2MoKiWkd2YO6! z3zO?v3E*~<#wG^>S-pC<@$y+&Nb+HCS;}t~r`?`HDWd^3I-2#t^AgO3b~E#||21R_ zLX1t?L=FKUu92wyi+JR(b)o^i(*G{K-?+&P6x|~hAC-2t%XgkguUD(KR@k9{8|Oux zYF1Gnk&Nu`E1`KzpN#VJb3y2|KG!F67>BwI?>P6GDu5y3n+HCws!7>ee+J&|)<{(z z-vIdXh`>t@5*cxn`WqA}Y=zMr!&Laukw=GyavK|0MH6X;fKtgE#SC{`8cVYrI%&=( zCb=jHgsU1I>cK==TPRcUaoz&LLO zh7$Fisj^sk30wU{A5~up#HR_rq%idbK7~Q!J*E60Vtb;(l1z?bjw2dRQvY5=n797^ zAGLcAp6IjMx(S3Hu$5f=?W$H)Fbp8b*Bew`Mwv2zNK_Z8fG9?2h<4n)u^H1ls>*mE zVQolj$t%Rr=xad4vb0M@+OS3Ebl@JsVc@d(k|-!U5&SG_ohTaN1XP4?(&6;|QY>C4 zNul=nT*|wr7_W0j2>dSIP;`r>Lqdfe7axhRA~__D&{MSev!*^@dh>p3eQO2h>7_ct zRMUS;izQgVgqX+g3W?L4YHBmuJgv=)*iZ4!D(#?;DXpN0HjT&tkMMhe z9uL4Xb57kWLhA~($!OSOr9~0XmmK_OlC&b{^r{$H>@#V^%IF1Mk_h}i)z#rvr!NSb zO7}sC=^3sBG0aIZb#XZdYzOE#Mo(RoaU`VxPzA8)+*vvp(N&d?=sK9UGPq>46Gbu~ zY?h=G;253(rznSrhF|d3abVk2w2_b*mt^=X@id@iarB@YPFaruvxEYM^MP&>_{@1f z?QxTm-$S4`KAyz+8B0@TduhwaK=E1AQ_UlEinhqfX1bO@w0T`vYoV3*4SwA}_Lr~CS6N`Xy)fM|q>wrwU1`usCh8@Z zNw{{K1Wjj#TMA!lB3oKs0vn%lt!1^mNDh6O)F(czyxZ_=(N~H==pPsja@X;}1f_je z#x7Ar7sRo6MaZ4L^#97w{~-%PX=UuxD1ud~u~4JfuhN(UV|cKZ5}rd42kf>HB#k_QaGc$jiEQmiByr``rt^k>uca5RKLgGh|+?JM1Nl7+u5EtmGx zJbDH5ss5d`EV3F)D}7xuMkrYX32K>`P8*Vxh2|(xT|jw5Q0U) z{m`Q)0Ls&>37~(h?xHm&;RI?;(xv!qY2pySpbH)Mg8+y|p9LwFzG=j+bU}bT{Em+& zmuu&{*pYN$`akGq+*Xpwtq7iVsW|aVM2i8(DMYk`uu?~+Po2p;#j>(X)XM7Rz{*G6S7R+*TYxX#ol_0;PC zCtUA?C5I8Bb<#c4w;k#N^{XMuFco$e+|qGy;9a^z`q5)bq_^L`b?*|C(NPTY2FRg1}&frK~sQjZl1V(Ww3O2IfV*Kx_io7lu z!S!WqGDKZoG}sYt8^-a^1mEaL@QIuBDhGY3^~NJ~^omS+inI^fK!^#>x$>?ih9OC{v`RIWOIsb1EYbZyG0J3u@9~CLgu7+W6OFd6ADpzPV@u?l z3TT!|1qcO7ymG2?@ufshH(bB3qY^( zI2B@tf1(mpzl&(UOSPkj60k1INy5OnC=0NX+ILd+Tmt8%WV@nj9^4|DoY(lIWltFKE=Ecx{ zv5V^XTifY`6T}6^f2=Xa$jeGy*dNjm&5GBdAzZH#$(mRMDI+N*WoKA(_<@uVN=K1B zb6}Y4Le}t6N}y;A4Mh<#QgZATy>j^x$52aF7EuB>wwzilsVD`;0?^Y1ok&E++1;Q4 z(^i+t1pC7&Q66l@GQREPr!r|m5cBQo!%xe6BUtDW5sZtUjb+Dm1&wRE?mY_DtY?s4LN?^4Kv z_&{7vZGW$;0$?f>byeNzPR`zW{nL?!PyJYl`%_wnVywq7oW;()T4v9G}dGIGf67vDETuCK2gOV~@_n*Y;BD>`$|K6sU zU60&Cu(yZcVFb8Id8(Hx{73n_*Qf~@XbLKYgiAnH@>g25AXCSAt(CSy&&We%EzdNT z2%u*gU^3mL1NpvvZi!?6UGyya$uT-7$tTyaR=3FZJ%g7B?aP~j^;$32 z;BzV*W*A9zZO(BoECu~N4M3^fB8SNG;_aOOBv=|;u*?}f&S>{JlPox96-ivxpJ}dgQe*C)2_5VjdcCFR;%R>4??cEwfCV4O!v_e z01PX-|F*&^wI%c_9_b)rr^PS0y)H>DZTlN?MDM2bA!-bId>h>|lvlCRMMP!I8*o7h zC=&}o-rf!|E3r9s(jyU(Q7VNl#_4+5Z>f%Q?BiZu*XB29mEJUmq#qDr7V~#y{I6mq z$2ec%vmxdDdb^h4?IErE%?h5DG(*-RCNGp*!FQ8l$?pkl56~9f{?OD%cr<#5z(EqA z>0#4abaH9k`URphC2}v05hGA7Y;hckv4NZ+V{;@!0xxrTBJoNjy{VP;u1kg_pK=12 zF4A_2ub*}cS|l8Do4ZAu#eg!^smrTC`C1EMM_J>S-ZM71tg|DXn|Z0n;mAW z4u=un_Q8(H{(3dShv2V_OnydCCEDh*lP)qjm?jk<;Fu+CpSzp~2JI8gE)huQ6 z7a)E0A*bJ)R)ywoRb4a^`(yOW!rj`!qX&=gE5#tppAzP0|!w-V10JDMb#x@#jU>~}y6 zV3?yXzoZ8dD`X5`F6J!Xisvz1$00)wu{Yhupu!I=NmS?PhD$;=W<~|vL`BXpGl&_X zQ++|Suc5i{cymb1dPe>u4iu>22sPWA(Qh<`(wsz`T}69;j$jJ!q`B$8IsxI;qC+HU z?TV$r>IucDcAb@S)HID9cSM28q*k;wN#a&RLFGY+FCjsyadZkM_QGwPbrY_3(2D5D zc=Z(x(XqS8Gf3>d|ExU(?JSnQXXWjccbi*pD(^%yuv}U={gR4k#?Oj{*J{XfQ6ybF z4%!A{s%Uult#lpKhz9LR%!KtDaP}3E$6JgrJwFJ)PfH$gYmp-2r?gw(Pl!x}(@1!e zsH0%8gll+T+Kc+Bg0yF+@KmTjX;@m;t6FBc%~ILT90~WCoE(n&I%-fc2A^b4f@n9b zJmLteB!t+y4+R&y1N1zc)jS9V$ca~r_ou?k_+$X)o2KP)5n@*qM_^_(mqHfFR+0H();w0r zxLjyO`rMQ`=vIK-+&RAop1&jZOi%_ARxEL7_8<;zyZ#01k*Em3Ywa-4r=N=}l207+ zNN@|xG9dAuaM%}qaH|`fLEiYdW0<=q^-~^CvM?SvY=KAT4M)U;h2CK9(KmwWXb>q} zh4=f-Oni?XQwy~MWlI-pEM3|g^@Ax#`A(RKo3bjd+U#CS_U{=do+U-4soR!YR@4!Z z8B}p@bR_1<F%Pm~O-Pykr{NX1`ze72NChS|97U3M4^g1xuysO#c&3 zTYXoJa={2qm<(wg)JCO4x-5r{ICH%tF&e(lwpc4amfju=z!=qS#K3-pScT+?>>bpZ zyc+8PsHS}A@H^4d+b;{%RV3^Z4uek@DhyF323t5sQK1I*LtGmr86wZJk|It@txYyZ zUS(w_f?L{1e7lCpS98)OwJ=-%J8ZE})+@~c4!`2C$lW7~Wms%a!Azbc*FV=0-YkVG z{P_=sD_%4HHa3|~>^o9XBI8BjLCH8)Af7r78%r(OvP;EQd_-a>S!xNfq6`G5sMjU| zCPR+z=tB|kx0Wb!&hw>R?G7~{Y>*TuTwU}D8qpmy{XpNA$sw6Jol6{BSq>083P@&_ zgAlJQUgAO$j4_)q@?6LBQOlHpY_>#R%wZ*1qu{V6 zu(Wq$q^_G$?xG~MjRJ*i?b!2lnUd0_h3zyokBhoOx;EQ8`I70fD1srSQ!l-29`r|o zMu4NJF$CA{r3V?HtjgAZ(I(;1W9m5GaDP^U+cI`)*QG``i$`BtzV~kePyHr5`fb&7 z+yEd*8e}(npZ0iWDWrem;Hn~=mLoW~4;Sp*-dlPwc5W@5<3L3hj?hZ0BKdtw~FGjw{$nj7)xLNe#TvnkmuyVCXYnO zE83poT}py!bW4p2T_-{6km`~uk?=z%>+eMh>Sul+spk;W5tSf_zOeRinH2&X$^=DD z%NPutM`@P{kmW_)Lg^<`7iZ(*ib?Y#sf;_9SU^-s9IFzOiW1Dph^JbFu^cXzq_)_R zEIWVz67WxY!Y)SNKY4JVXjT{`n#fMAjPjJ$!BkbTUP}orGu#!e)t}DbNI;wPhCQ5J z1b##cthZPITzHnYsxry}O_PPCa_HbcA2awwpWL#G0o$`0p3`si}-`h{CE zmggQ^J6ZIL8c(aEkY*c-8}%oSTr6RH)o3e}jlK)QEFGo!X59v@aAX)qgQ_e=p(018 zM8q1+F9~8%96c#tu($;A@nb>d@^Y-rqCJ`ITQ2mUKnZmN)4=pp-C`k(28NL-ZDBEH zivz16K^f&0%cMxV8kaA{g6y0E7YJTU%!(X0;Y&)?Qy$c86jpO#=cBI`L zd>1Vz>sUU6MA@*kLYM&oG>$$7wSKp>p5U6Ldyu>?XNvD&sT^aWvZ?Z~LNgy6j3Dz;B)y?`@gd!MsHl1h`&38+W1r`@7y7{87} z!r(f!?9Y=+;RD9Z%3JL?3!UD$Ic@Fqhu zDQpo6h=7rn8Q(zhBywCrC5X;5;HvBg(M%z6X?!U@fTXL?;B_TVzCFnCh$_g{dYdk< z=*Ug2zfgvBh8+N9zd^aaxV-qCFmX2|*RNgx$b9?c@Ddu z%W&peJu;RKGIQ|W5rN$v{dM+H!C_I9q+dIzB1kVV9)%g5FSXP!j%jJ`(Za%)2MY^# z5VHWv5Lkejbh)OE^<4D->Wq zq9}8%*Cj|J1=ttjEEr+{N*f2R`8Z2(EV!*pji?E zxI1|Q?jqvHf=3nl{t-SEKSNSvqsxF@3n3vmeIar|n}d9_Tq=TqN=xP}aafpyabM^c z&+acRJ|yi*vf{LLbOievzGv+*fw$w*%KNP_x+YGk@eg4L*>9Z0@}kYr`LZzb`Cb+w z5Vi!{jMy7w>GF0QX^bFR(d!eV6U4;NCW9G#rl!Sap^ODtV#k;ZYBQG2&afZ(ja!Y$ zLM^&Qq^@L$Fscw#B_k&l`y#N6GHMF3q6$0<5Cy&GOV}|K^$$ufcYYf4)L-R(Q&ajD zrcN_ZNV@(CZ^R$=Mf;`N=v^H+M*mBN?@grUx} z;pq{NX*R0eD8DIq^s2SmaTmG5*E(gq#1bpq% zx}Y>5xW&3w0oJAxfmIA~QlX{trs$ux=`f})x9?y!VK&$gU52O^=40N&Gwq~eA+o3e zPyEBNt3WewQ3;;tG7Rn{!6N^Um)qdsUECGlbfk*D0!FSvFzBF(VV?Nm)<*Uh!zb7A*@KpjPFilmR7yU1~#}(i&fA$VEJ?Cm9 z>q7Pr1M+k3Tr`TF6T9DR_C)*OzTsG0a)!vMU~d?QuFMFSb;0fA=eU0ruUP+sX6$5^ za+#lO7(2y`uRS7q#qxTe2Bc>=k55|Lb#|fM>R@CHLDi$kDs5U>x z=ymPEE(8HvFSpiK-s~yLNTS7K(|x? zr(Tec5~^J;0IZYOKwq(w%vQ${j^o50=?Ua`w3GygF~$=FbJ?eDY9o}%nc53I zgvph9c{AjE^QxjIBg#99qL41lL575poapB6h8>CXRM%Cccnnkbza_7jcB7;n9pQ z1OyLp%xz_7ix9yXQXu+?d@Gnz$g^#McwdhWnC9SyyPGZ4ess_SHOFELz)Do>tF#K2 zG{nn)DIZRHaNG+DgzE_`VTAi9@vrNplZ^^`ks^=2Vkzap1(rgh53F<$j--Wl z^!_4J4sh62sC!sn{=Q>(_)^gF1@t7vshXk z9hY9xx92q|_@~wMsjTU;?k`X1eymw8Gc5#dZ}49|syaAbq}FVJZkjX)(kjvn)K z#x0JsQV}tMOfu!?4B3-Bl;Yy-klEu2L`R7;V1T6)LqSxh$FmRkH1tq{Ud&{&wrL`^UW{K z^7EG%LtyM|QxwqTp384o_>(07qEUF+OKX zqL=}M((aqpHBBVmF_(5`)(e&z9DGW6QP;#SNeLf*)EDuGQ>}yd!m3~W)mQ=5Ss?Rv zb{B0Cj8i_GdIDgWwu=4Z)1(Pr{pCNE;;SpR!In$qmDjH;0BPU8*(hyp{nz%}gjG^k z(hAJKROzaha!?}Ab1N`Nbw!O&Q@TL59z%u^fOuW1e{>xPH(Mnk*k?j!>8cvn-XV=9 z6q3Fa{L{K7gb8>SVq8`~0n>TYOk;XWuE;duEh2r48z;uBVYBjvJ+V!L=Dl`!nEe(K=U;+C45#_qh6C=`j!d6`qF< zYGD(mhSO3!z7jr0oMW@&q839pP&QNE|zkh9w? z11U9cu38<)dT6(v(Px!NkkVK-?7HU2{FM6lXkd<0@mw^49yv8%zC$+`u!|LMV z{d@QCS8ET+$+5h|7E~_JnZ0^A>?I;ku34 zwYZ#aqhP&&Y#k6yi5vpgaV|eAi1E*@A}f`9R7z&D8X#AIj<%Flm?%%c!Yg`M>I{N5 z{U9=Xk!(g^%BNNBS?pW7!Ccgbs3z}65~z%Bh04MnuK!nc=o`T71NaA~)g0VqGe9*` zr@?b#WuUJ)C3UKL(-&+8rDQtr`LLrSA4Y41B=CsGa6hO$UH27Bj4p!aYJglm7f0fT z-A!@{T{xcT8y>x0P|g;-ouxNBYh0pFgpitze{vu>H<$%zemHAA{zO)fy}nrOo*oX6 zCdf@blU^e4H$PV#{Q!XL6wcPkMkxZN*E(C5i)Pu+S*u28OV`x;o$>lbUd`LalPQK` zTU76vntA!XIoLOKI2{oAdDP`VVA4_isjWS3_1goaymx=Q-o?h05vYiEv+LY9tv-QJ zuYvj3xjX3f4g!QUYs42!ip59w@7bhS=ysk}Y7cg?DjXQJ%=d}xK;Ty zipQN|DD`Ega!qXct2+zlT7J_OpAk!Ax)qMWj4@@L8e2yM1LLB_gggfUj|r!tHdSUS z^-NaZ!YOyTU=iFPL=+_B|nQi{9TXe$}n+<2cjlZhb#R&Jh2Kb*u$?BoWCs=oVnV= zYv$_96-oO<{4&dau@aHjB$F9!snTo33u36KnM?KwlBtTzi)vZ&%Lvtl zT==W93P!AsoiHT)E3b$OIh1D?&1p;PU6aaRmYoszw>9WEMwx53 z89=t+WP#zAsQge8gx^T0XoP}A2|ZyMrdQ3AxKLTP2=isBDcYh@*?v=XmDtGGT+JN7 z)miu<3cmM(wkO&Gh1Ex(1I+*F$rL3?2-m*xP z_s2jl7pI`C5TK4Lzk6Q?b6DC?!j)Pd~K2!3}dqt%_Vcg_ZIeRQ>o#6iYa8UDBY$I^#ob|x<@5|qKk@z zgsS28F>;E76yc;8z*kw<+7ri=6gX5otVjwk5GFL?#x?Q)z0$5}BCpg};t@W?8mbQz z+{!%sCp>nS@>nG-Z~EFT{pi1tZpG~S(%q9?CRB=QLTSpI&9zAElgwAu zmeR)&hlE8yzyblnO? z?vW3Ab36pyT-QA86UXDRnfN_FQi+o+UkIrnwNrEs+r#2o1Mg!0iO2v^O+MQNm&Ej1 z1R{t^2;4bU*)TRW##4&MAw`;H#-Ml~8IA-Z)r%UcfP&k|cu{(G0pje2Kn^&nI*|mz zLjI53r^9Hi$mjZxznK4ck@}mj2kb)wNNqw?!H-cYUvV z&p~O(DM%4WxSBr)Nw&FC+1=V!VoWzr9v>oamH~8JufW)8Kf5?U`(^_=JnFod_)+6o zEzX4)X7$&~Y|jl%j_=MI|d%JcyJJs-nUI3U7z>^hq6ZJlQ`mEIZF* z?i=A5_1UBF~jiu4w_iP@o!8ySf7(CirWc_ z%sw!gtZ8REkH#8|&JhIn$(#ll*b9<|uNp|+{IWgzk_542BYK0zR}t%Q8fNkHk71O*m}&K^oG@bw}zz{>+U)|86G<e;W2CO72Ga z18NJ)_aFS=x@a@S887Ez+!|v*?cR;Vb3Z7ao68;~EoW<(4*gzJEVp~w*dM}qHmK@C zj86S`Cq{_u*6#amD?aqBR;w;P04mL~dbhi0EP&7i$LhZu!Cs`8E`d=4TxWlQI{;2B zT}PZhgvOz2thlIqXRyX~v6Fxy(AJg%s&A83F_JsP6+hT*8GKD8u^RmdQ6w3TEIA}{ zIZijpxd*Rnfg`&(SIX*{@@^tA+sjc){&^ihEbRU%&WKI&Q31hBRDP*5L_-w1g#h9Ihng=&0YjTX4!x%|mGH#6>$@5bYsO$<{DNFYrPjIDdR)h`W zz9;a7n5OG05S_rgiC-_a;-!RC3PoThru%-}mvx;NWCv`2X&qyugE7atIZZ;Qxdz#zlA9XDoDlez|oADWuZ!OG_dlS60`yWwAOGpz_vvO=Wna zf@$ILcgr~3kYKv5Ps~EzQf24j^_}8b_i+gnHpp*0i}G{*ePvzu9v^ZYarCjYOK6@V zWQ2laj#j-sl>hu$RUfVD!C}XLsXYjQcd7h5AdN15Jk$XMBO6I-u8R)49HGfm8m+!` zoAukmE&CU*Pl*MHOAb33TfRyv0+dmIL~j((LP&yUx7!+ZEF=?;u6eyJ-nid5Q05D| z?7NOZ6efcF&CH!jG7{O{D7`gZkY0t<5-b!sq=b%pJQlN}O69Ow#i$}}1GZWeP9Tjj z3oDZ82(dp_dtVaJGs3R?O!qpx-$4P>dzIq=gglyU96{F3HRpjUn`1fq(6%X4gs^se zS_|*ZVo-dGFC+kc+9c$eb_h|Hwg-*o+%)2qfGKhFhP9if6=z2Taeh8)Nk{o(wptGOirl=W?xRDgI(qLsn7 zZudq4r#nbFhdU_&9-$D~n2j^gtYo}f^O0(k(Fzu-ck(Ybq45Lg?`)gZdl=Fu*9;TxCvM-T50@!>qmR>4kK`16h?UT z>vozx0P*_CPo)hpTuLm6!MDwMKIAA)Xt=Jr1WI(Qt}Xp)yzv)V0^ktnNM5=}B}-g2 zRs+;FZ>L~xsGlz^eC%+Tny2zIoI_|kRiStJyGdBZ*Gn77NOvHgusGahRmA?A&^Jbi zg?Rso6*pxLJI~jtsj#7>h)f`&6Cq=I`1oEksnqk(NDW`Y$unfBMW<7m_YggkxKWL# zs}w_mVK)>qM$|McpU60L?~OO{6WuE!85Z9LXm|*5#2ds&!3D7Lc7t9BvPo|;_Wt8r z8ShBqSM~&1xms?O1-u>W;<^ZjyV5=8PI5`Yi>crM}``*AZi= zZRFq)E{+2ym{|pDHV^ zBbyce%@9}D!YIYv5uL~zvK=%oGRg7bu+Msvy#MLv*T-WrN=NE)Cl8sFuD@ zs7K8RFw16Pb+=)9p;2D~>#COqAIxZ7x{}*uE}**GH^#j9@U~bst}Fj`F}IqKV+riZ zVf{fCP@fEJJ=f3qFdx(pWEMsAY!7mXIQVXYX|tRp zj!+Qv#h{m^-x0RO=?MkBAj!B&{0BjX@u|O-X;a~U&61W1cz_}1H5QcIOu-=s)$aIA zcU?UM#F#pa^7Hfwj0s5>xWEYFD&JTb7vh|qyb*8wbsd-a((gvOXiX9kcxeexhM)=z zqD1FBp-?Y=S?g)bSl$>4COS;1h7ALX?Cv2=>Sgkrs)nni0gN#e*}ziXY{U(XEK;6@ z4RxfLdM#MswJq*Jslw@9QIT{Ykf{zZswA6Be3st{D}!U>4=WyX`B)5<{BOIZ-VPZI-ZpSvd0UGI*$Ve5>^7;;H5yl76DdMv)KxpS?VMHs3@y z9=l`ekMe+2RJNK-pJ`VK%KczyLFlwVI>4c41UC3EWP&V2>)&ys-&AX|4lfL4O2O?M zW5@+~vzFr%Fp6G}RJ$;`VLC>z8N1QND-AubcvadAi)H$I(wadLVavL!MrSG9cp08K zvcD;pDdT8wuILA^iK3tHf>^pCY4FnFBttnEnYicyvNOX*KFW@ zQ!+|jD#+B`L_TFCNkI@W>&X5Eq}(Sp1$GoZ#5x#MhX-x2)1L>l?Tn+OT(U^?OeRqr zujI~5AHKV#|4NTVs8HsRXtgH^nCHs2#cfX$HO9b!lgF_>4@AC(qAXNrV~kK`mqI{T z3*CD8PU*u3j`+mS73#?;ls$zQW6W?V5kRah+2A3tWLBj#QB-jG8ZbXD?OF;mHR z>EVa!J9CJ8p6Ul65hYVjP7g4+x`3+&h?$B`N~~NaFHoNoUNrqkE&V1yD9j-(0Hkn& z2$S3bRVKv&2UskPP7I*dV8`Bh4)q8^{AUeav1l^!Ov8wRfQgbtof3(6{c)`2TqFcu z0YWXC&FQ#s>WmYX*(bYB4AJ)eIEZ|Sz7*os_;2EBol*xHdB*Yi9k+Y7T1cc6 zY33^J(gc)Bt@l;6ueERp^8Cyxbo#0iCn!yeFRDZ=2MlkhN-U5#aI6=Ru(gFwFX9-v zhg|Z2FK@R}uJlXqqzj`yKyb0Dv18J?H)^v!TE2hpht^V8vRQAdVrlNd^_i&G;szxr za~-=93l4UYkFJ?OsGo6cD{2B{Qm9m?%w?Z-ng+jbc9Jmaq)#a7sNu4p*>$LD9SXfV?M}8|DK5|A$3I3Jq2lO@W$QenD zi6gBFOQaEyTcm?7B0(`F>P{S_w4_nn<7ha-N4acT9f>`WSm*_ONYt#3$OrmZ&t!pW z@J$w@TV&AmXnygN{!jFFawc6VAcD*eanZlGhfm0+1TRd0DAiYN(E0oE@JW_sTQcpD zHpRlE*|-M8;Z{f7q(Z{WL}^;Sq(B_s^Waq^CaHjiROJY~6W(-933FXa8!KOG3;SEl zw;CL{m*W!+CP@3-{h>%d{({nxU=spNmO4w|oia{Y>I%aG`+!bksx`4&PmTm8+-3Dq zylM<|m6oh#GF=XcaxT5l`HZt^K`Z^oU?}-FhD2>h^A6(BNaqbyC5I5!khOWK##Tem z4wq)-hd3XU+K5@`z9@xUCvMwt0Zua9n5cdqJEbA%P|bdcf#8Y?nFSN-e{F-`mWyii zB-U<%ARMBU)#uTDGUPIg;N#j78w2JBNIfF1yq?`uw`=#w_$RX~PAOr0K!p*2@(dJ6 zN+%~+#A54pWX9NC!TMC}t3|7KxOfKSKw(oC=}rto8-&wnE(Jf(p=vF%<4@oTn;?re zzIZ9Q5RyERD2TEhB@Bc!*KrQ;J`vfNe#i?>13S&yl-$SF2}ma>fKVn z=K74u+Vzhu)zK#K+$+lQhq(WQXg-=m4pk@-u5(U-6ek07OAviomMVn^vJib-RrP$z zBJd2de!g_1n=vRoyOWGr3|T22W8t}`d^%;&v0`0z;M*J3T$byq+B)eS9AKl1;SuCQ z+|zVCjWN%gHxE@9Dd^DwC4SR3w?!cLi!_hKj9DNNP+)NpLEI_DWvyT&`wvw1h&T{M zYiJ!^J|Z~E=2*p8tm5!V(1r`+Var~Z0>PEw(azJjjs`Dmf(mJt(ZD)RFS_uKx_%11 zl%I!n?H$s+|E9wx!e#%IN5@nuZ#psshGyNCiPm`j#R<{OqDp$J(HGVdg@fi6X{ zSCmQH(273b@iKiT@hoW9h1+$A3wPku4-p0|?6dLnu@5D_F`6+>EdS(l=x0E{HO&0> zcxg;P9O;ebkCcH)<9g2IX&smQm1R5rD9^YvboRQ0DYF;=(kfC3**t3(uQJ6%E!w55Usl^ z=Mf3B1U6hCU`BIM9Nqd2#=r1(VTQSBb5-S1aG7@!Gl1uUMEOas>- z)1{Eiay%-A#}$HEqH}h91D{e8;5z>mtrO|XIkh&)I=MjDE1tIuCtBn2;4T@Xqv#}weX6bo zLwd7j9@$`?lp7*wc%!rdJ^*_%4eQ{!Sj5(i?g>KG@h2y0y1mPkwM7qG7Vg!%jhD|d z8#%{19zKum6E^~5NCL}Fz}A)FtSYGXnfKtV+e|0v~kvI&xmYuenOP-Xm!o0_$kF` zlbNsdEOtC`d}e+{cEbmhph)Gr&k_zw8;lG~r0aUa0c4s({m3fk=HOB+=`DHKH<9*q z4=c_dbZq23lc!yJPX-UsKPOXZ7K7*k^tuDfcnoOqWsV4l=>P?6lu8xznd5lN=n7{V z!JdWZL_-2>I(fL%)pbP%-LYv;_-as{bxw2E#FBH?z%D#agRIsT@6Z1k!uMh?v^tWE zj>S+QsLAIqSg0T|E5iJP)Hme9&@jc@xyw*C{@J2d1_sxp5%v`Pr56NY01t~vq*R|o zx6II?irZ3f+)}I%_X`ha5zMsqkmE7dCFIL8Y-qL0m{xmU$!LqwBceBi(I!Qelm z5M<2vzBMeZzunkHsJS^&EL?8A!({Pbq8NnKq}GTEf`0Tl6gGuSf+CcPY?}_LXt!7% ze-7>D8Zv-&JD+wezQV5WomB8G3K(i$w3XBy!SnR=7=uu15pYM@{HH_d|EaNx^Gq~p ze9qm>GtS1rQb(Mzh5R`mkEk!T&NqnWsu{fp;PrnUy(FBs`F34Cm_oS}4oE@WuuNX~ zP6P$=tMH3jhqHp5@6PbxBCxr4(%kmvQk?TO^1;SmfnrT6yn4kL2y1vtGWhyYPEd`Q z+d^iM=IJ-(;9{Ae;y1Ad2kSjEs!I^F%95coh`VJs4jTTXWoUzLBJ{=J&uVSyUe4zg z!HJTrLOu>mKtacsz$uV{ot{n`ZPBWFPj_}9vxCwuPo=> zzvv}-yY-^4Jnoii@-&Pjy~ooOy{cs_Pk^|D0*nJ$kU5tJ{@66H`YwzwENz})dDN{; zzY)Q7X_&!-=uR1s4)Bbvp%T0r_f3nW9~%vq;3#wP!MYLVRFJ`WNDQZ@AWI#2MjzS zG8oKA0NWtSP^sEbE2hA~m997l_?4}_^`Kq2aR|}F@0L$xCvM2vc%>Lb|8j}c2e*cN zU%EEBReXDnyq7rL>fn@>g!|a(oE~FyiWNnA=fp1r^Luz$7Z%DWNwD-RPL!fF_baOy~Bvy@zd~Xb%wtr}fWjq+~fGMi|1N z1K_`6g2(IKpqDnYd_&$IU$7~gqe#O@D4x;zRw3D+c_P>urF72frE{Pemk~Z6FZ?pG zwZwZ*B_0wZ+#2~Jw3=%kgY={t+Hy+60t3Su%fvy{LV*aYs418cltFfvZ@e~44pYo! zf@=kvB^C&WO1#cIF`z`eo44v|sY#9jqLZ(FdeEm~P(P+{VP9h=7nXY2w1{s|94qAm_Rb<;IdegNl>Wag%Y0$xI=mt4uoPsrVFxJKM;QA1c8xr{bdo*wU(ztDRC zwq6DMr`|zEK-PBi%SlV;8!wbdD9$G)p|LvZ!p6gShJeLh9$guTusB9y{d&5ZHwy%t z8U7j4u{4Axm6l0=&Fv3tcb*hI&;p0mq842%VjW5usIRmeUUB1q+YK1hvY>TQY{H=o zBV7-6uK|1jwnMMuF=Nt4`LcCBt5`9|k%!R*P%qLKVV|0lQC(-mn%zYVQVvmqRqMf$5{3mO4V?i>z?jVO<29ms-?xP2)tR zdx5hij!?zly|WTXMAa2nALAddQjGk7BBH6fr@0pN-QS^m&;s3q7JkeK`&PH|O5F^B ztFfGy#Hq1xx8*!tpVDa$fF}*H#EgWr>#Eh64%I=sexhc8r%Jt*=6o@WXy%7z10#!H zVE5;^c+QO}4Rx^&&MF@871uZnroKzzNI?Z1>==hqe8$d^%{bt&2DS#Z{^SuQkRqjJ z?ibXs1+DA@J+5*rQkUX!K$8VM&+_}o5!_{3kgB z>E0nci&rQJhQfB71Ko)xM&d%}2PrVBMACOp(exG7Fd-KP^kK(vJw#Oq21>L?w3n9S z3AwAUOdxf`Z{m$wO;ot_7*P}HT?7d$5zo{VF+7zRuz~m6l9Y@S8T`spICc_&Wp+*L z9KSx~+}?^}QdwBf3{IEk z?LqI24>bNW9Ei`#ok6dHipGVgz~t9}pNKtJW*%Lzx4BdGdslIS9(Eb0(9qaV+DVx( zYFdYm;4D;2unZ-|Rt*Lx-;(+PfJC_!a#ywdPN>SDF03Hv zmN~@rHt_7!;WQUMecR+#pFiE267RBwX|Rc9|J(a*@;9~;Nk^b?2QvSFQpfpGR5zHq z=_bioi(b$HkFl1z5fL)Cfr8_1dglLf69{gr^XdMaR#nTIm$f#up z_7=5ggcd_d{_!)^78EU_)F{qHGOk zNQ)?MlE}{6x6oG+Mj>uZtR}$yV~L{n9-dD!^~e1juk!_u@kq-e;jAr{N<%_=2-k==pZMWsTEsb+; zHep2Ps_&FAx_;*>;*|*#zpMVIJ4mFI`z>u%Nk&{QVtZ?qVK+c=y_V=Se3T{|h@vub zn{N8Nu9V=gJ1Sr|GA-mAiHHM1M62{>&xVDgF-B|6tG9xB@75lxsX}zeI#BvW%9D_3 z2DxN-l2q)@Ze@z3l|y;Aw2DX6a+#59d!62qdKQd^E5m;h5LSpK-LMoYrzLOX#@gPl#3uD}$f)qfv_H5*@RBEgKD;@mnjK?B>@gH1R%DKio!(!2 z-QGtWWb4OfUjb-F)2Ix475!KB5+`>26@EuPTHb$d*2Qa)yyf}QJ0~SmpnOmDzIzmO zOV?TGY0Xb`jwo0F$Hn`F;g-2cw1a4sKhzMj_n2#fXTyZ(Xbv5Ukdp{Wx;axPV-9i; zt=K3*zLVXCHVMB!i{0GxJ)Y&~3_2tn)L6t;LKnMSEQdt#se`YC;}^s+awUN!vv}$g zaWo=EMFBMQlD-CH+hh=a>a`uPuqp@1O=V(FC}ex1if<`zM|`4D!T5(Fhu)jfB$}LI z57(bX0!qTDgJN;AexG~DexO6Nf*gOEC=nkaUNEc#=S}LwBwXG%st0PPUgC==-n*wQ zCi=OCqPo!}UTyi_5343N<$=;5Q~@OE2wl6PT;Os#;oPUAsx5cl7LsC6j0TsU%Aw1^UJNO)f8k|_vh|MWP}zc>I^ANp_=df@;Z zzX^6b$LcLtbj;lXi1?N^;@rtxF0JR!I&^K~DHqQ0XkZ4*Cc9phbe7Nr_cOxINN>-(kC`Odsvoj=)EICMBX zU9MKYvJBj7*24@J|G@%zrDQHk&mD>Abk4Fv-fYKjgmY0bO7sN!LAJj_Tc%}jiP+Y= zH6Y|($I;&fB|M|j8-4nlOguD{*fdKpV)C%$@HrYxR*^%Q7OF^ zYE9R2`pdtPSixQZ2V;1MKgAhL0caYJxwAr$GrTS5IWi(U^lcF%e z-Q5b~G|Er~`R6NB^k57=m#!+vpg0E^3#2@O##t`P*P@@99C46`&5+|~TGlJUA1FE% z>@wN^H+++q{!g}u{#^@Bw>RIunR(he#~{#AnnmSKP;I`z2fnwow6x&HPh4;}I(yda z795;hg^O59okZA&!Iihj_ku=-$Z{}7N*Y;?p#9ltIJ`J3$Fz zAnAvXom^cK5raA#2M&c%jdAT)*3@G`#_`(^;qOC?Wx0Eb5A*@rV9tqeSWckA%39 zYEEQgP|$WJC9fkiH01_F^Ag?ZS#NVnPyVN0m)?Bhj4oS>*{CwJT(Tj>>K%8no zZIB;|y^9~zj+*mwSQWB-=<`DQ(4`}?GZN8~pjA$`1zU&&!T9s!UsDo>fEGT^1YCuy zFCm2&X2K?gK8abDPN~l9rEpknvHGAiM`W=BwV}K!_@#$Je~?@ZQ2LqcWh6&j4MQpm z0nNum#KRYk+T3!9Ttq~KGJ}u~5ot_~`c=pv#A13?IRL*xA+Y2p9wZD##Kp)M3C_Vs z`0)U^T3WM}E)XUAd&;=QuS*gGcEJmmuju!RXpH$fHTohwWjCYaPI&c*FxH-AcjP?i z;ypZ^&!3!i2F{;21B=)@<{Eo7PmdpIwH69fSTD-t@p@HM-Hcgm@uQxm@&=y&r{ps+K@ zveRE7WQ|jkY~Sw2jfJaBrdXrF8Gnf}&TCKplN4J>X9nSel5+ zm!k*}qes825j9hvYQjK(IRPL?SgiWc<|vn>E+ZMU&!H!>}T=;H(NS^#IVZkFxvF7xJTDaI>KFv^=786BKtogRhZww(nwFQEQOBg3_v zf|BS&s?u~67$#6Z;!Zg^HK5R@0Z~4OAoNiPYGzZXx712BGgP{!Xj&-6>eK|`K*-qS z_9qPn>XEAcZt=)(5B1-tjBp#cVCm(`Z;_S&rVW_Iyb(7?U|m~WUiv|CXPdg>V~(^- zMfX{?e^1f)bku$>+Jil=P)QgE~c|Iy5;C;*mO$clC)E$VZ_WA7ODrwi=rWOSPc2PT5kigK&m3{OsT%9*#73| ztW;!Sd`xYBDu&CH)<@!Hme5oh6bnYTC1sysK$f9(3aE}tq_mb(+*4@@rMNZBKD^sB zD-H4QyHHK+J=GKZ+=m45fB^po6}FTMUQ>_b1kz|ibPztwdHJFUVc zEvwrq`Ma)VWo}q;5sfFF@DNcPm%N(`d_s)iJ0IOz!s|c z@p^h{53#hqtG7U<8ec}@Aw)=?;(xsCPNJv6YpF4X;_PaO35RHS7&Mgvg`Ir z9ovFB)&K(W$7-P%D7Ne=FhEE8BoWqFaMuGO^a)l4$B$s`Cc>17C6^Z05cqPaWF^Y1l57_E zL~eZZ3&FBPh<6(4{XT7++ZgQByRh2AsVF}fCK2`COwNl4Qik7yFSd_QlDq{p!&VzW zq5P_Bd^?v;f`o2*6X0YaibQlxETVN<_}yb}`}4DHVCtT!PW zW^8#PO)7K_1zclfbtpQt3BGHI}pqJ-Q*aJvA}qXiX8rg;Xr0iN7cS02^>Rfi1KS~RKjbk9ARaR(pk%``Ni znFbYT6=uCg=$KC}t5ErisSRxP<3aV|!=R8z zN?NLrmwQ}Dx7W5^Eel%S3Oee%_zY!n^aUo0R?z$Tnbo6Fw?8V__0q+W`|!DmQ6EuR z`3cBOny7#~L=irme{5P-3CFS4b(lc{g3p*MT=_Jn5zm}aCy`zz6Mth+} zb!Lr45V!|pLDR#Z5}c_4_lc&!FgZzR*`!$TMC#c|1Ixou8j9IBE9nTh6m`g_JEbyQ zV@Tt6qb&8h^>PKEa1*YHZiL&6JxBc(rm>%x$=49Ey>s*XdX%0)Tv4AKl&5tpKGpT1-hDjkEHlO4j zFnm}w6@F^`k^|R}`E>3)UB%s|Ky_L>Bf~CIf(&jz$L3h@84dP z=>2Q6aQw^ulYdbWI?+Ii*i}_Xbo`X6yoTz+-P*#VhYNQX9}tp%c#n=~$tOaXcZ}!OQ%Md+}=>d*1c+ z2Tfhj%upsbPt#<^1|q5^K0smpUkF2UeaQJ_65TQm)}NE?$yHk{ zwqm}N+iGFbm;(pz-dSs#Z(TXcRVOz{O$^1Pl0S34CwIvThe~Ta{B9VZ}4#^KPDis>hxXhMS;kLZuQuA5S zpmkc6lcsXS(Bk$FzG_3gO@`5^e}w&>5{x2%#@4}TArXoNtULq~xd9b4P94!nI&6!F zh&_?`#;6@)DN%-;*HQ(@Y0}9O6s(X(@Xfl!58_ZRA42{syV9C(&WGuJ4A!K;?#Z8JqdHrRp_lfHZptW}?#P%Q&R_48A~gl3{C*jttWnf!iJT`_oWKty z&|_irfUD8?joZG`62rdqC$>dnWO)Wb!*JkFynHzpHF}U9>m@N?BIg#FkrhRb5d$ zP=DFL&E!pYOE1j~q^9lKJpGI(?6kyeGh~Z)dhxLx{Hf8g_HL&?VlF)5UHb2C{R^cV zv^qKU5#0UUq=W;c&j>}!kAMHDqsgN*vG){yh<0cLwIvM?YoPLntUMdxaz=EXIq3wL z;Gj@qM@Q+y9;AvES?w1$vCQRDbqTP2{c-#ZJ1K|rHm%_H1Q9Rxo5@V;1+|>b&L8v z{A?~H-V|pAznvf?HhiDeIph~@{Y8=%@7jN5p}P9H1_c+ueCbWvZ{x9qDrK+4To$}l zzST^laQ5N{@?vEe5yNh`k#3yD8NSEC^ROlqpIv4T$6dO!h&U&15g#+cto9}&T{=Jd zSUo*-4wVMyGD5wAXQ4ax_1j3kB;6sEA&ay0`>&IU6{0{y; z2&3du#4k7R(A9oWs?;&x&nol2Wa9L;sw(I1EnM4?6HTX*Pp0gkh8x>m2^k4Iq#P0> zm%1nqB3!C~qp~kdg*{i^%QVQnrMEfFg>35{iJ0ilTr>yqRxt+8KYHkdyc=F2h$h(s?Eq&Pm_i86M~fc81VDjr!vTAuz)v`V*!|u+3}GOk z08|PA7la6c2cWty2#f!w@h5l$0~08k6^7u941*OQis2~=R)s=5Jns^AIdqID(V*rz zuv4LjGQwrB5C~otpe`mn}BM>A4vtC0P@OjkLgx9IK zfa@Co)dP44+A?sqhNm%z5&+K{aRO5`RA)f-KG-ke;sAI6murc^F5w9RV)hT_0o2jO z3moK7W`QCvVDD0u#cDYVf&2Oi?q zjFT{J3m|8L0`@!BRuKU+KBB222oeB#&_HKI9?j7J6ZS`}i7-}Bt??~MXnHa(^2&O(3lWlJ>c{LQ&yr(1+9Ym5fJDY@=wsp>IK9wkHo5G7}7Mz z01ZY6vr$7>SIzbCg;yBf6&^?74NE{W13w5J9D;BYyg$;Ac0=A z0eeNS%lvU_V2WsPiu;BnLx5fYHG%d(UC=5j@p%G*2kLnsWx*u^Vfu#s8F@^Uf35EeR9LmaJK{Pk7 zH@LhP_>BVD0I)@%UL)Kf49;<3(1XMa7#KW4z5#BzI(*30!69@tnG_nU1dt1ksVJ}@ zS^^|``ral;i;Jd7f-?kpD;5VAJfKiGGIyW{ClrQQfSHXzax3s0r9=oc4(wRyN{ayJ zc!DZ&RUQSdC!jpQBn+!s3+Ny$5)jP=CLCn#hBDRn{=ue*u4kC^3r(U&AeHY79ZZ84 zFcUze`vsv48!Q2EVFp2m213H%5gVj(MD=YTG#xG{NVVu2EoUBNZ4cvfT0CpOHjZDj(jk{4Xj>p_VoiPLBOR6ARQR!78NOh`RrQ&I_Lqi zMUa0O#2EwPb?3$^39V@vHNgTw^MgZnyO!Y(2T$10SP7OdXbGa2u#mu0u#E7KIfH9e zz~YDJnblicem!fuxVk}&w3sKsi3OO^P;piqW;_9s6>t!ehHy>5P#!>-{*bD|fO-O0nO5y-=75s` zW2!1txO;$vy@n?GpjoJ%QI(Uy;zQh2f#)1v+}jDD)!z-+slfg9@VgU8iSOyX691zKt5L>7s9zAz}9>TfqC^H)s)HSgaXpzL2YCGoeLlKZo!zN4EG&>^s$YU`R>=~{rv z{FSdj7mq)N{sTsj+Jw<*4h!*9g~j|pUdSl$BZ?5;184YWf(GXUkeLMUv;~yWLcdE9 zDEo&M1iYxkSAiiIbpgS`hQveN;jd8OLxQe593*^C;5`u-qKe}Iu6h#EkpAHU`nEQ3 ze^^UEZ4v-@Cpv;D-Mu*|msWpWW4~j`Kcea96Dlwu5>Bk&PjD(hY6J;#?d%E8wQ9dRMR-ETRWzsvh$+C3 zBK`-j;NPEr*XphAe_>#d0Y4oZAXfwN1*$mx)gDk%SUaHO6aZsg<5SWg#SlFE0F#xR zgz~@o`6tkO!+Ssfec)j=Cm_oH73i?se;M#U9Nzu~+EEPtoFp8`+y+2h6NNQ#(}MEP zkL39yO8-EV;T}H?c9nZ70Isk~J|LSoa6fYQgZat-(R2VA9pumf>NPkSe>S3@3IZ-+ z0tHv#pA6Mb0nij11?*fvV#gW*+T3i0wFN?7DDi%X~ORXjrgiXU%fC#=iK*9R4O4%X0Z?1xMlKn(-(BLdyZs<#RBEb$Bk-k}6fdw&ntKw!6kN(^BB z1+p!0EeFm5sD2R`v4Jq^3$(2u2nrYzR)?pG-2z$w&d$J03=}T_tDYdG6jl{gq^&CR zJ^WCe0i2c9)Ssw~{cp~yEp+8aW3D7Yur{z}`#}dgH}onBpzr~T)YULB;BX7HKQ0*OT0X<oMv3&;<4B7=izjkp2K?O$$Ie?i0pz?FoUIQ!^V78!R(|-UwaM*$~`$vqd zq0$6(A4N0BK-UI%-vjEC2^RtM{Qzoe)OfNA3ING%4dvh+C=8ub{MK4CMB|{LGX$`v zL**MR3~gXgkcaLoU~hse1vK+xXFy*H*B{iOLxmoy7ze615ZVl89#RgpF@iM-ngjmZ zP{~XHm~bcSTIW`vie?z74s_P=x)Fe9sKo|JwN_(Vp(YSTC_(E^ph-{;KnL=!!poAd zLEgYK7S-Ob-uVH2RiO$J*ool0KtCv`Dkcm8+#7|mdC((N*%I81pwj|e;*iTg&Vpv6 za6>@{vFj*u;Zu;SBvkx|;017@q&GC_z_13i)c0Yn(E<2vYG#ElmtR>Iu!Vy4K;S`e zm_K6orwIgkkbvm~^+O3H08I#L`%dF))l!G#k7oB~~duKc&_3EcSS65#PWX7IOQ1lNWFqlp>X z2oCQ3AXEeLj#akt-H&9IvqFhNOIP2}6l<%iWof9RYiVU>VUN`|)6vC-%L08gWHGRi zwwbxTg`vKI6;7VgHW(hJEYgz%F z8`fOcRL9U%Uu?DQKdOXR5d~bv2)Pb%KEREM@DQg49r}QF9UrPHp$s-vG(t)Zt755b zVQ6lJ-J)r#Z>^~hRJh;kNQwbAi2Z(IbMnE9`QX(-GQdz(+pV(TegP?Y15;a5DFt0q z34VXo2uVpf{s2{IDiARTqzr^UsEs4^0F=Q0x+kdr1EwlL6g*W4A#4l^tvlGj@!_hH z65tnJ6$dCw6c2Rm@V6h(i{M0q{NT@!ouaM*qCPI7uHmAQlA@7PqLI>~E+L-EG*lrw zRY5SAOOS`)8n+fh8AS-Nw~63z%HBH#1wk2A9Q3XL_6(4#P$)K*@CYX)6a(JjT!AG8 z?tnPuT{Kj#;b45=Vgpq1CJ4+Kcn>`gW)dn0JjT3%2PTM`cL@pt3jva_kg%kLgpjgp zfa*_gO@W~Szy|tu4d7PA0oOkiM4V8Jd#I`)P~Cy+I72-Ig@nX_LD>M>kpzX5cR^TP zL7-e1h!lfKk_0706@>ug-<;(^eb5um#L`d~1r?4BJXn1q#LrIv7sL<w zIMNbQpm84;6t4iRNJ&-P+CD3=mL%I9_*i*|0$Um?(1f`E3nCC$3*HoP0#cuV8V
    i8WC}PHI*6tDt~N4G<7O5ug%8k%()62>2EbzlDQukhnzfc=!#Fmk8bsd;?Q~ z6LAlP&tN%xIH3g*&;-Plh>r_+1<6AsWGDCr=~2WFHVbJ|WR>WG{DhRh5gzJfBN!F7LbwyXp)ddBqYIiNdznVU+MiX8Uc>lV7tU3 zz8(R8TGGWG1Y`bbiT_W&{EPWtUGV?e&?La-C?_NHFXmrTN>)PthxwNT^A95DWD%^y zf7b2atNs7;`PVnpQ&4oVL)4H56bK11aa{)Oc)RTV+pS&8*Lx31FZLSum5?tkE{t5t zdfQi#LrlE<$ZM&MIWL?uJ3CuLL7a?udDu*-pO{!puIq^e$Ay}6JBf*39rFDeVwbM8 zX}XcRp-f`=_3`C~Ltr|%SJs*8T3Kpqn(Io5NnnWJqc0?sw-7Ew6wVd|10h|(-rMi) zeZuQ(wO_%80MWajd=#1g@*xsGji+4f~(7ddNp{v&;S&6*ciJ@hhFtBEC<8 zmuF5HzBwGo#S-)EP>C1LIjJ>;cIK_b#mORs6vKSMnSxmhUg6sO(=CmJrbCTwHljU}exQmtX<)TJJx|xj`_=MStMom}ilu zOkcK>MsnT}DQ4S~Nn66LNOZMTlI;@kVZEdIis{d@82qT7?zB6RrI?i3neX)?&Ue=K z-U-eY_R_2bsxG#o1va1LyjZe>#1=Aav&a1oJhm^}lZ|`LPBrSHl$3ugoJuIq%KWI8 zWmrO_#_2FMBbQ9ei%LF}-09(rg|+3;Z_-`TeT23beEFi4QaA8Sh(3z=sZYwS06n`E znzAzvZ)&UK9dz_l-@1%c+~^saDiq$t?OjH@KPE3}ut$RHd~?8+*E(U6g6c*M# zS99Fg_p;8jiuZNz()r%IgbpcJT9efdS05nGs1T(**WZ7>wnEQXM<1J18MKbw_p0RO zlZZJTqiEyQ$8L!Zj@k=+DWnOv6>9yOA{6JQX1eJsVLs|N& zm$W7_vrR7!=Iu7Gsn01;i+<@Ozg=N6vSV4ZllYY$XJ;6(fxw*vhQjMvZDWKc$oAMHcI;9L`-AVsexX zIz1%*K!a7e^*R5e0LX0Ru(m9 z>Y?022aL6SQ%>Y%r10bv7MB%V;tWHXP<{Y^vgKzS(l5 zy6lQd(g}gKS{@3Dj=R0BRq5qc8fkZg+wR@3853ztyL?uCw4L*QpWx%C?*?UVCUxDe z<9#CUP=(P6;N0g@a;uc>M0neLg$-75lk~h&g3CmI=E{IWSPCQW&FlQk zFa5uE_7q+eEbi~Ov)N!17yae)9tEq(wB}^GYc6d~6Wt`6G*WCbwrc4`WR6yGHi=K^ z(`_Pa%BgA+eH=w4)uNp2wy~07U!cSGW3$0N-dSJBHV-!@;$JA)YQ&EX>r5YRmCV^6 z%K^+KqLw*fyYQvjOtfWz-p;r2UJp+hnmNZ^{u)72t>3km=1TZXJy$>fz0l!X!4$51 z)7r;YWX_oMTJ2z~IWyu;lzDpBCp=RHrtWD#@gp_SFvt$R*KsB0=Tr_HD7=GahGQt(pJ z*l2X>NC!XUw$u%yKP4k}=+-0&<0&>~KlbHQ*^1i(`Y?H#LSODCDXTr2IBIj>nnf(Q zTD~-4Vd}Iw)nQ%tmqk4fwX<@&>AQN=H_KR+YvdE*>583 zW z`tcU8=VEiGU}@#Yu2r@oDt(*bK}HCP@I-9w9f3C^_%5~Gh4?!XWPDyA4*T zKix53$NBkzh3!)410(UbAp)d$irGYW7L8qks6=-mh;X`qBk<$UfOGy&N(cxNkK4i4~n{ z#Ndg+r4S;NE0F$r*l^}QuzJ`?uMZNvE8KvL7r%#xjU9YN=G2>5yPZ4zXb<(KgeukZ zlBHG35jA-vjs+=53-TW{DqWzgH!puy)lk4R{GN$=>r+#4hIn6N|3HJCA=`FD?$gxv z&^IuNPe@F*ib+ii%Q&XYXiMd3cqltDX{%*seyG#&>S&K$ahStr{0yznrdC!TXNlIm z&~T(|uUIdn00S30{Q+3k&cYI_?mT6h%QDtH)fs}tb$WQ+eB3*E_q z=P#UZ+gso5eV?n_|H+^#H~sjb z9EF!=0qUN_Pi2@iSP^P{nr*S~nySoJ2C6rzd>rZNZ)iXqzxaK55yO@HHNSECVQ2mv z67+#cBEhZgcw^H_!pTcS8<0=-wuSM1?2%51bQhm*^H?d@b&AZk!)^#FWe9gpOt}{3 zu)B=tqdi_sOJMsha)%Tr{6fv_Ca=62IjjTUhR9P@V}%Q9u-=xuPFZ!)HrI`j7;vYwNToBi3~`Pu^yGaL!+_uc2aqSYAU`kLVNY zdD7a+y*M+D==d{xR3`bI-x;RPe`emXp7)r<)xoZfdZZ%*1*FaMWGa%iGpQwrM4^9) zF46sll4;WEcE`J%j1Pw2UYkEOL&tz&Hm_-Oy*F|=HDrHfQ0MliTQ$2FR~*F{;zea@ zn_Szt@f{(4~zJ;fc|U6P_Xy@++f-x7-4|CxbG=Sku?X%eNjdn~v0`-A|j-q;pP9;VFInJH@H! zH_lRTX_vOiS|{+lm3q!KSds8}E4g^gON`+TaUCs8VoW!a+c~L;d%2=t6ZdFdzyI=~ zQ*3mH<}URM6YE+wu7C1^%Ph)&W9<&{i6(OK-Cu6*OSkgtxG=h>Wyh1R+vjiUt07eM z6zv5Z-RWdmJ+c7_Eqyj*SD#hWMo%YUZ||eoz}muibUHcYOFWhBtrphH(|aT`il{ve zS~v7a5G!nRA#u2<&H3DXk17dnUDABQrt#@i4HZ}VBL+GfTY}QGI8M=)+UW>8)TG-T z#<3K^k6+zEyZ8^6<7y8Jd7Myad>YF_4zoj@dGIFxyqd($&JJq6;A>3VfM zY}#r1?0Zq+j=*n;5Msm{k%YqCm;mIrWr|gPZ>|SXmxlUxM^>AKzt6l&<{`(sRe1gUJ z-8Yi&!6j^T$H(j?KbRGE(4CPfhQ^+qhCE`YW6YsgpUkYJtsXocjFB|#I5)o-bACLo zfRw4ABEDK=&-L7>XnX;?Lb3;Y9anK#enWjeE;797IKIWRHAb}mTDL_hZ&jGNj~7qO zvy*50xN7kiT1l&Ga`JpT5`1%9T-n(?wB{pE^ZOr63IFBEF+QZN=1iuDswhONvwvwnl`eRQ2505k(D)4To8-NEy1jm75o5 zj@k%gQl{89>Y1}`_F=Em(JhH(exCo#WCw;dLAW@B#CwE-l6d<=bbc`~rqZatdHu*j44^o$=kbl*rgOm^yP~5oaP?I3v%94` z+wB(V>b&>o7@j2CC3=gc!|{_xXx^uJb<5b21@=jry?Uw7CL@vFM9wM~q~y z&8TwZOzOROg}txo*eM@k7xReTkdsin@N$kxpka$-#a=IJBBBn@=u5kDrEZ@*nO*F9 z<%sohkNXV|CJ?ce>E(usQ0Q-4NhH%KO$t4Bsp+_?s9$2jdP*|OgrLe>xSp`5+dgon zFlD5WBun~zejtX%8b=Ut&;h<*f;NvNHzH!u$^^G>7Gf zMx-4MAG?>f?z7z&PIC<$L(wi8%EpAlT84XGO7^p}kMR>1M{FYVs>#|EOFE{1J1&vd zh{TgIbv;jDGfO^qc^8}K2zzr|jZ0ko{q;Hw=SE+Q`DAGBeN&zNY6FI?!6$2Y{r1~( zQ(l?Z;-92SY3dGYJCOEg);&>W-nYVTVAew9ng8Q?8Ad4^ze+YUtp~>fP~C z>UwcKb$8pQ{ghek;YJU{)Fv9nf=@Utj5v@Mhc@K(a@A=WtCCN(OeRkfSC+41n(3uD zf;m*qKEQ$%HZQq)Wa@5m&ykEBG27S025t-x_mLeqpSp0IWSjTlBk9XyjbyS!cCdrN_RGDUvW0ru@Jd$PhBb7!g4k121|IGqQPf@9Hpj zd8q%Bim&ftZJst^&webhlDj$?AkCx{%y^ukyi!ie%t5#1ty~J@Ymw}lqc!%2#q3p% zWN)mo|6-Cod8Of%YT!*e@<^3%{zRH+KK8vTyWQPwyyRHOW%jB&x+jotjx`G2c%aBe zK5%1dgmv~Vn?gR(&DLQ)hFN_3Dy+8%=p0wRP;En=s(-O;15jMbJ-sf0o{x#F;iBd4ri^S^Y{No&(lcr(BMYiV+-fZuxcl?BQm7b5z7`!3%5 zXl0swb8j&6k|c;IMK{@)lOorr!A)BbO>@innlBf`&{(ol3;d6 z=5Y+YU8)~ZGiDtvmb&+gj;T)3B(=+6hT^j%d_dD;aRe|W#j3h4KK&{Nwf>{&~O7vT28b=b7zAa z)zSD)pwI;IY9Rjy3R_-M*e{>2MX$6cvYZI6_U!>HJ=Jt=MT^V zzl`sWAJ`bw8zfv!6+~f>Xj_cPUfB>6C04l7eRUKU9I8N^(|^+*YOAn^-@}W6677};fFqf?lPd7s=znT z9s!{k@IWBIML>Di?|@Me$BE!TJKjN|zXkSB$0z;UDsX(#%73S`f9;$CSD1(!n5Vz# zrULz3{(Uc%|FYZ9zvcDw*A72F`1|g@uKKgM*u! zo3F1g9*>WSiAhdQ&dA6(eE9IOW5-HLN~)@=>g(&TUAxxa-rm#GGcYjl`0?WxFJ8QV z|9)<6jsijG5rmBb(PBe{=n+LW#E2Vl5JI@=5lJ?L9z5qpEQAm@Nd&KmBx@mujga>- zNQMz|%mTUQhV=L%FJh3nWMm~7F%m)?B$2}wNWB}Iydl8RbJT1FP&Hw8T#0tU^-&BiSW1_6cw zMg~Sn7%q5$AgizgaRWhw5U9xd-{=2844_UZa4l$1tRQU^%xq*CxngdN2VRYnZplla z=P^2Fu+=#iE0MZ5Pc%-6AnV0qtqSQ4DE3eyq4b6HMJ>5h zHC4lsiaj3%FO;+-9hDbgn;vU!iqFK*mvOiiVh{`yV$O!|Yi4UDr$9Cp5+R-9^sQFg z6J2%pu_`9YY=6^G_o{k(PUXX`6DjswD#^t!6Tj5GO>iC?dic_iMt)9e;M-GI8So(&1Gz}ZgCft2}R5b5~P8QVYno%dL;O3$Y~~&t!B+N zq~eJg)uK}i@rDn%)H1Ldq+GkKH1Vvl#R)DXg&joXT&le%Tr-Hq@?0nuNf9D9^XV)S zH;T!AN~tNb2lgA^(kJ5^>kZ7Uxe5=qdWxo=VR96EEO&~!+B;>OS}WvMI6`~PtF0uG zGP#blSC*PuDJ^x1beXn>y4+_r=LMQc15t)}Clb*h9WA4IS-m7t7H17)J2pWFaib_i zFb2sAeEnxz+N=(6-XNgXc;8R z15qb1|B|>kr38URpv$UA4Z?zDgoFS*lrUc9$3iY*Xf`9Woq{-XoRH{R1tF}e zDi&vM01yPtc!-8ut3Pysa_e30Kv%Mx>j^%2$KrIm61ZR_QL}O_+S;0g7EofG`Ay&p@F{j(V!KxojXA; zI1pHa6$c}L1A@3j<9T+1d}$$qk?1HPA^i~K0|vYq8wJrX2ZDK4u@?=o2NW@|EKDjO zf{k8#6@>)>n*gyfpeRZuKXecUdWP@#uu_mNKm)5pfx~K=z#tXMp9lko1%!h>g@8r@ zI0S#w7?=gZ^nm!JU#hP*3TYLzpo;eWt;f~2zr6&|pfJO}2t-Qxt?X(;um?hU6$tzf z#UVYQkbbMO+B~fCv#Q81001L`g^DMDHt-*<0v-S$VF)H%k3v9cLPG`Wii?9tx_^gt z{jcnQ0Rw-r|GS{~o;bne+ju8W^u7}(LQ-)j2}PLie_9jlP>f-vKe1@PW@r2--E^4NrGx~=CBEEAcc;g3t zlA%wCR-Y8*AN}@33cMjg9Kg@DGB7}h2-*Do3EJj7_!~ijz&L*U!Mud8fBS0XKY53a znScQ}RxnOt4Z?o{21tOwh#)kz;0MG(JoxVlzJlM`;44io!iEt2b~cs~0X@{9xf)jw zuOo5~1esmG%~2Uv229e*JA@W}fw+T4L1V*6GC~a$I+PUDl$6vA>!{W-u+ULc)3LBI zF|jZ)u`y7ipVeQ4KYsm5M6+%k4J{2lEiFAWEiElG{6Wi1sKW4f8dzyU7%0F<<1s`y zgqVQ{!$7n$ijW`_D>sSM0hFXf=m!7{KNvuTB&1~I6qHo!0FC|p5_l0|)?U&hL?lEQ zViICfaxw~147D_P$$%l@W|Sn=-0H%F3r>(CW6mn7(c!}M#{5siI?z%0fL*>@rw;uQSSexA17dA1YCvdoUPu-E54<=C%ApC0x1ipi?GK5fr z7#c8a21FgXRnmsA=Myuc$LNxy78(f zR;q)NHM$4*FJVu_?(4Tl5T5GflTVf&t{_RQcG)*I)g-z4{XkI6?EVgmddHIopWIcK zO)@^(k#d|TvFcG?M_uzXU4^83N2OFpk4Bdy*(z+hwZG@_`{GOIw$>KuR?lHJ^GOeJ zt`EMp-Nv?Vz3Sy@KKrWA7d3dSyE6K&Qb>+Ews&5h+S|Y1@rldRs<%DWOHWSa1t0!^ z=^wdNYdBkfcgl6QaOrHcbFO01#48^evp@@l0P*MIWBD~nH@To^OmoS(ih>`Fq-R5yxdp!lVm?qfB1OGk72TyA=A3}L~7+-d_szFgQJ(UL><{W zeS~+4^-^hQlva@B#?83xPAk35ET!C|x95fYLjp~nS&}U@c!fLqW`?#mo_MWQK$*!L z6SO3PA?+V=H9KR786O|0=fTo2%33?=ohx;gQv6`?Il$$1=(WKV{g_xQ zll}v5)bW`iCt`bf`Jb%ZyG^Y|Ijh|4z%u-`d`WqCu>04?Chu5_+)`6**wzK_FqpF& z+c+Iiy;!!t`h|iF%{FJc^eef02Xgw921a?>I>K)}+B(^d->WpBpSj2pcW%M=^oER* zXd3nQkZ_e*5^AovhO!*1>nx+<$ZCtY6o86RYD#&fmN;0~BCFFE4Ii zr~jHHamS+rpapX}bq#T+Q9;_&A9YEAw4gr55FM&k;% z%=%tAby_c!gjzraliRNOePiH>1m8>e2KKA{ul*v^^qqFLJ!1~UmB>$ z4``oKy=x%(a+lL+q=Fh{Q$*r`+_qQgN4ez|PmW^VTOaV6^DGq~9kWPTe&t}ZZYqso z6Ghyf$KKaJS)0(Dn-=oho#3!(f9LXDmr1_&dxCDP+<&ZY{qm&$?BW~2s)g&iE>$(p zm5=t^NPnzYjGsT4+;gg9*uw;Gas=^ne@(O?b!q01#d|R>n_;=noO|Z4K6_$Y-R^q< z)4fOI>i**3v#0MlysPf6a!a_}NaPVrLQK}N+dJIsPRWer-P@6 zU_BYhGEw)^*zuj*l`m?i4?n!_Dy4^$9I&XedvTMjU<#8PsNdx#(zbI@E^&22>w~qc$-i-g~6I3(aNZ%5b)9Kr=#Qf;E(hE1%hk7p< z=qo2AbH^UGe0(GM2Ae=1igz6TBD|%TQm2b}=cj=T_3B#I`$+%$@tH3Q!In}Y;SCo9 zoUsQvE3Vxz_Vu8tJWpe{UBILw=FF!dsSlWZch&Qv-sIYtI~<>wM(Ur)%d8+z`nQcp zop)>9e&dy#PT9Me+h+&!Sh(^r^Jlu;YDB8LhlvOMiK1!)^`ED2&2q`;c))_p{`M1zsIlWs*1gI zVj7hL>xXkr$5l?)G&Nr;q(JTxDZXThM^u8w4KmxxPm$f39yIB18+TgidsEplOm@3) z-0a>#qK^y4OlLkVpUZqO)zvA+@(4G~>HP3{$9=Dp({WGERJr#bIWarYAK5%K`tH1Z zOy|Z7a^(lZUrru9x9vmP{Wsk`Vi&Jf2ABulqnA_a^39nVd0$%Zp-;J&C_7zXlwXBm zkT=qPsZX?&jl6G1In{w1SNP*{))n0ruODri)Bk8B*?hCB=)v}k!3SSR&v9jSj69h- zo0m`5>3ec-v$cEY!AH_%Hmyo~pS*CJWD&Ac?vL;c7FsA)im(n3-`Fa7@=|p>t73AZ z>h%?5(k|m})e=La{JL_Bsg1&3+j{B?3ovOz)ao5` z%wE@DYkDyf^@?2FZM(38Ou77~?@}F+wpEbm8-57OwVcu70v#^+auLi9*n#R2sF7~c{|q;UxoMb52J5C zr2W?S-Z))h?xaZpGNZ+9y%{WJ;p8mjs3zGUpuiG+S;UWU%2J9$Z4k{`o zH@}TBq?4RDJF&m5YWErA4FKouFDXu*#>|4nrSOtM2li#PfbV z{YA*tDaO0DujaPz^=yITboUI*Rj`TT&$<0BFiA2oxkrSFx7LajJ{zC(-8raqXiH8G zQTXVShd%Y61!yi_qiWp0{m|Stvn*xy6+|;V*C0&uS-Xjjf&$a{p!`sMw2i5lyh&TT zXlTFXhR6+j)818{@H=1{Tb9R=iuR1I)`gt%&=JPu_~>Ga4E5^e=?&_MANS;ZbbMAs5R}^G_weoXfM& z-0oE7xY+dKRcybAg1YhZ>%NBe^O@bfy!6&E8dtbP(oOr@F(_(bcldd;l zas?r!+qC}fE1~tYnKurYaq&(ZnOQJ6LUVHE5h}rw5Ts6WAfo`Wg$P;s2XYw{aR_o5 z6*)OM1vwQ31r;3?_|Hf~MMcBNOi#~9ProW%QUAGIwvL*bg^2~n#)kV( zneTELEs)Dj0Wisb6w442QVcN}5wa?m5ffv6eEYLpMoff(av2#p2K*q#6A@z=NDxvW zm}zb$V{!q48M9PY5jhJ%E_y1>>N?FElK6p7TgLLxsS9rS7FivE?9;V!>#f{FTknrk z@F!7Hv9Tu~*3~Pnv+1)I-0*Q?2Fhk0VSA1c_%;TrNmnpZ|Uk@b)z-zm2XE#&z7vg0~Q>#eeZ)XK)rFQ>afz&+Gj{^RM| zRzab@iJ9cX#dSY}toMUV`J+hr6U=`C^3S4Q+Ie|a##`KE8n4rtse&gyG!DP$o?1aJ zf1JsEz_a*HfVpXqT`e`5*}vFoYkS2^H!iWjZbz3fv)lA%9|T2h(6TI z7j{w#GAEjqw>Pzab`>Pw@cz?WtBXKtxlI`iG2feW3%lS9XwON4ej3YzTeSwSkxS;qFBrSToe$9j{=J;+UM zFWn@|u$`kROItG~%|LHmIg!&om-)&0eHi+Jmo|+@uT36o7R=B|I9_JRcfCuTBR7L+ zbQ3#|$HG8SROzT%0UpOn#m=iM(iy$U=!wUJrAmyT;Ix5Z&zVyi<_tsEmlag>Vub@$ z`sf}T8O*hJ36h=_Y81~AvUQZjRgWAn-jm7r)SLdTS^O&n}Z+G(;#&Y4s2sds-(VYP%L7ftxvq&=+9r1?iuXBF;Wc+&kW@#DnSI=e$A zmUGgMB8`l_=_R-JuOLU&6F%nSM;mziN!CB-wV55dv;SDIXvBx1+y|`E4u(8rY3uwu zugSjXUcAb%rIROI>3oldi^Iv-I^zBdR}Ccuvbp^7>X_ZN__&Yt@7-c)&&Mb>L7cDb zVzTi;>&?2-&#g{={&Xw%_oTLa_9gfx`^LAa7-cD@9n&kb&rbC;|MaY}rE2COUj}Y|!3wlCi4Ja$9G!(D@4KP|TA}EQ}_f?x;B` z-`nLO;h5SVC+rs?%QZPRJ)iBNZ++o%zxZT-si45&AfHcsO1qC7WP8bLD3s5?SDWMX zKHAapx7iGqe1%`1KGkQ6J>Q2B2x0SP9Tc^AXLsu4N?+O@v)G}&vhjedd5%ci{SHIC zQNqmki14309tJ|fFCQ5;yiwN<^c23vf!R^K;Tbk@$b?k#vwILjZaxMvvYXsy)4kwUM?MeW`D zy`4Tfa>r)}tBfBT4ro_h$GyC$uEBn!<=(hrQQgEerDEg;%S|jFn3tHBwdcTKQ{U^U zPpZeMh>R=uIz5x=*t3ae<$-UMjphz{bB0eVh<1TdZp_{Jnq|LSE>WZPPrdeqV^4l5 z<=gyF%Najz9Oy65w=))g&`b?0Il2Z$4l`-@ceLc0gnCpDS zjpEkX%Zpr-I}L78XLQV1y_!Ul^J<3-vW=O__yq*L1icEwR}hcnSC7Umpva@ z`ekw*is0zFl%iurJ!oQU>QyA{B}}pVk?s8MD;;Uk_}wf0`5PDFS_Yq_F4lyX4D_Wse}j|SG1R)q!pCvj`Dw3ouhT2A>7?q zp4-%dvuIDmQbT}!W9aNrD3hQoSIPj!p{8oO~ zT}5o&uyVukbV>K@$R`ae$c0Ch1s5~<{Pj&v2o)YRL=Iu?Q(sM8oXEPC*HaO;U9aoO zQipn3%epj5akJVxKh-J4vlm6sIyxJid{I~ z$`$z}chS(6m%=&Z{-%lULp|3E(l!Yv>8o~}_X{`ZqM}>m^4&l(|G?rf-(|WR{B#8v zosWKBEQSxxTlrsFI^FnXxkt1zLVaaG;l%yhMF!P&cLd!JSUQlqw0Tc2-FSAV_*T{9 zK>8yOmq}>%pT2&CBQ4y*t|Vkj&_|!ktklu5n_J&@d}ZIpzxmc(>FnI;QU*O%vytH- zi}0Pex&{2^L8j+PGwX9h-|kdcz9OtCY!%%^{LJ7h`EIU#IGRZJv(FrpW+;ENAI}gKJE2^R&RgM2qKui z+b1c#_CtHvwxNmA!yd17H0E;Ja)bwNP_U=UhnOUu(QuHJ47$yEI%TEn@p1`(Xv~-RR2w{7TA! zi6^nFCs;GQz|Bk^ky>|+)U?lae+{wO+QPLmD4|`_DLQ-k=q{fz?d6QIlkt)&$0L)z z8ZKWqu9FGr7JN`bNB89b`OY^z6kVr3FDo!?=>ObSWa$4qU10-@badB}!RK9eOOkER zgS(G5_;DYSVAf|k_jKGU$;_UGH{9nUweMiC6UU7`Egw{lv={hns8kf+qo=}cs&$~= z*iO^V4UxMoVjjd+f5?bm5XVrrwUs&eJWpc$>0qOKdRrBUhp8{5&-=YyTIcPdVqYfz z&i35vJE4@<*W-osE~d*FhkjZVj_y0(*%8v?mdrRP>0l`>bnnAvY23T;))p&6-`A|2 zJM<2-2yju?ejp}YynBX6>7zhOG(8QC;E}IU)_d>tZn%-p$7(+6-8v>U9n!jZXoP*Y zXO8O|>0{=MnKMfP6E$^qpY2OB1(3w|F&;GzP<*AC^Sm&#d38P&( zO|ndj=eWK&&95MUH-C(yd!`Nqgj+FV3)f=f=(y%iP7kj1DhxWQXEy zE85%5I=YTaUpUpcKF=s`#b5=e7mmv%ZKZHxn=n#oE`BY4wEl3glK}(wo-9KVJuTx~ zSJfytxd%S(NYuy|Xk$owD5YJZ*Tj|;&*e_s8d&_?v2r}r!Q__n9d(j-$M$isCW-Sl z*)=827Ti1(6wJzcQJ?KA?(m$#Bi(vwi3X}O7j(Awp8S|FA2*YCf|5}huUBYsVde&|&1La1}UdiQJ`^%-`YA@eCc9o(3R*pXdSj^`!0FILD4FL;=Q zV`if!!`N<4cd2?m3JV+iC;+C)+;xGz~>pbXxY$ zUsJbQjP<%Px~T5f_jI{cL~YBnwtlHNj<`+g2XrI^gOna*7Sg@RIWITSa*`$PScI#8 z&8xoXu~FKkL6^DgB}uvRszLFJj+^4@TXvnU7p}h(M>QTX)IELU&c1bnaa9W%(e>-M z>8tA{Th2z!oN>x+Sr!wp-PiW2pw%-n#qZ4i$uU#+Rbv*7| z@T-NZs?u*lzV0~rcGt;Aw@2bQSv~jd3oMu8I-_v%Js{N!-An5Cd`E#$`d|6{bNj!P z^nb_xFC`@fjQzjb|0SjW=l}O#nc%-@*_Quj|6g?#_$%Llzi0nv5C#+S z8~Z;4?f>lm05kuy|D!Gl|G@q~v5$>xubGELd)~%NQy|m8+rH3`RQYEglHTLYs9<~M z8BQ#tBFDi6OeQ@XOwAh2%f^|r6~Z$+unhWlUKZF%<6 z0okjA25u>BH|7Saxk^7RW(;$5g_$<#`8I{BrA#!hHHX6srTzhi)*?=@@zFl*D>o&auDqNrU*q(As*gJAo z^k&Qjnzqjl11~8sp05Nx#m$Pa1#VJwTQ9iyWYj(h#F9jr6GIn^dhP_8jSZ zxAcBeWVg-7{9PSIpYOLn(#VK#*Ti`9P5Ebi`8>7wc~c-BTXuUwc4XS@Zpx>8SGUX^ z41)V#MxS2tx>{fL+SU($lyqu#y+r%-%+puA=j?BU+a8G3NTd&ao9lVsYF#-?1-yyk(2r41#hnwKzVcu|R3< z4d=~txVThw-UE2uo1G5b*sknlj$g)0B4sI|$FT>4&mRSu$lQ;v0lYu8*}Pwp9qm0V zBvSZQDi{fZ>i_bS#C@KgbCN3a9^keONK}SRqc%ki zX9m~XUcSh6Ll^$?zvb$82%uBh=hr^!DkmO8Mp-=wBPu%<2z!>OQO`}$nj8!+#9ed? zw;!W5x-dC%U*4!Nf)`Zg*7h{nv5gA4o*guf6xNRnx0T!|ULrGovv|8*e7}O4PTcgm z=qY~)%BEul0#9_DlT4#}H#oz@3#giGOA%2m1MZLznLF3nI52ts)?50}QQKXAQpP0XquG`t4GvYu1X zse`W!ePd$dx3IElJS0sHK5aRsIfr-Gf6rd-Z6GyLz$@;as25!myZFm+;xq3j8vD2E z{N&x>mp$hE!%Tq@1c~lWBp7uMIEADl+a@DqwCcl`v!HnfdG_t&25@hmp}9sX*tB3# zqwcS*CJ%OPoC4PJMt$1{7q`6k0D(H_?yGj^#8>{VfGEg>xF!D6Zz3vB$>pYZjG&Jj zxCc2Z$<`m~U1nKWn62yj_OI)@bPV)3Rda%>YMe!0U#xGHn_E{O&YY`^8Re2>3;ZZj z2_q7`qkSXErSR^p%p|WnqyJ|*e?y$XzzFn=PX1^27NHP+S9qy@N{5 zBIiuUJjO{-inS)d*r()Cx?;`{?PFE+Y(K$Ql`dQZvMuWrnK&=@IgpP34GFf ze;!q1{Ko{MKmG~WV(+@GWyI$5r|ofx6`|#>J-Yt~R~%Qj*ixX$vCPkjfe_9PYPtq; z&x4yXoq?W<#qUuwqH{(ygS6Cj669BhNTwX*FEqQ;@??7WB>C>Ko$DA_j=Igx&J+(R zTnI91{4}tf9I`wyiP8fI96HTkz@r-MLlMxDElZB;NwUB5`byKX5YwS)gNxRLO*6}$ zlt-)|=?;7SECYXl(MVR?acevhjQ`IEv`_h{!~{%&y~3-ih$pfD-#Pjj ziEt6@KV|MLESauvf=causfFp+ zsq1^-41e=IxBXo7&AcO#zD#ZyQX{M1q_ug{H9`mCmjo%TYZfRWKq|m$;7Oy$gZgh= z3+Me80t57ljBMNJRT@e!Z|e%wLj5LO&RIHbxmcPccmqP_S$wB$(dtv1H^ucgo@cW- z#IK%qShkG}4RpM<+WMYJFEVxq_xwG>L9R5lHNJQV2(2cA)PvA5&jqKa3F!IKpT-w~ z=kz^n@aek1<}2%@F67nMynuT^fo3*UcIm+lSNAR*vdNiRAeW4q(8BjaH?PtsVJ|yR zj_ihrTWDP6`#-e+y!Qi>8ex~Xk>a7%F{sB?QKcXqR$u62Q%eqW~h>0KPY zv`iOi`X!!d=jgccT6STZ+n)2|$EAl{ok}{=BwG(JXFTr5H;_QtszStq?X$&)J-%@f z1_nNt@Vh@PsdP_xW2R5Arz2U36HtnK)fZ_^=c2=RX>}D-lilehxT3Lj0^7()W6WT^ zPX#ilJ#bOWW_lxH6YBRZX6u&OvgYuzcqHW0mg4DV1lQG9Gnq)06wApkI?gw%q)DfE zB7@MvLP5%~D|kekUQu2`MbEcdL++aoN4DA@)hptNW~4{AETrs;2DdJL*^NX~lj?Z! z$=SWKqncLyUf2wo>gHiE{QXUH`9}}7r)SzIxwOoQ#lYaeJOPywv-^*OK%pI;TX0_{ z^KtQ)B)_~_YjUb?fx*dp0Asv;_dyjkIq7c0ky9)IHFPC{eR=1>{sZXOL;}J+7;E)uh*5%9*;E3WU zX|HVLq1YB9Ns=EbEHe)ltpE)uWOS)H_`UkVQ0ji7dj~~aY7jD9@IBz5@F`C{`*)O6 z&C;>M@uAW7q)Cydk3a%Kc!E^m01{4T^uusv{CL>CL!WQ5F*On)rlZQ@RN1Y#-*9ws zrE;05Wn@77BNMv83canhiMg!23E@mvTC=ra&eOeDFRnXWGwnru$j!VGdVUMSjEp z6AsHe7t$(HJkowmY-FXf&TruiWvS!V?wYRlaoHOb{R_LP(d|B5=orq;TMWM>pm$4G z!d6*#K&v3>D4>_TXh4?vp(G-pmK*T&c+tukFW%W4vDbjiN>Le5^WK@_a0Ovi= zuXYWj8PHmNe86U1ivsYl!c7WD|Ff8>7=*^-&@i~da-S^VYMC7MOGtiU8m`XFzP@rPl3 zLd^0oE0FE3k2HZ&c_#L+qR;Ke5W}F1v#4`n+lnnks3b7&sn7E#^-1A#EEK7S1>vTi zS6nVmS6~<^m@V}#6f!+D#l||xrAS*hBm|m_8yt5S zQ~L%NLl&M;Ll$VkH3ydgrz1~wrWzwgFBd45heSi^w(oKjBO0bi$fjGf@Nvd$zpfO7 zxjd*=!r1vc%#vV6XSTLj8?K_yUthK0)M@04p=u`a0{Zh+yvo#Rz7!-+v_F zHuLRHZvl!H>Vf}0Vz#Y5qHwG@J+VXB0lW*{hh>;DoAy<7E0Tr~HZ%vcTgXom+1^UN z+je%|@DrY4t(nFZK9M@kD(|}4*O4xnHn70dtpMRsf^S!1Kn@fIZ1Enz*V)K_67!Vv zBGwD~1Ebq8wS6iYg`~Jdn#`irlaMlzu;+nt3Nt&MNL=_3{;&C)R*eiOJOV17 zW-tlbWE)1}A`Km(+4q394@XFFA-UCWE z{bOw5GD8w&v5Ob*Eog_cFYNql#7hUXBMQ@RRCX?rOd)clw%R=&6&@_xu%Ydrba(UU zM3j?L@VmVFGh?c3F0@M34vN=l#O*VDXUYedxx6h31E$qq#AZ(n$ygR2E^oGbwI(4A zBlrztmshr0RSlDgT3;MUG+b)Bb4lXRq>kV(T61GiuCEhS40gZ z96{iy%8`N0cI1r?3PD7959oKgb9ruZ(bXhr)ywW9&RR3VxmYcpW4-M%aHD4M17nESU*O+?YdSoqweIy1=Ey6{E7%lxm`ArX2T~xQbSmNGz)0N*43IQO z!4U9NUbTtNp7Gt`%CE+y@1X)sBnbMb*Un>X2Lf-i|7^yL6ACc%m{D0D)N0Qp{8~@y zd3USEelMSP(<@jf**G&NUK=AC}dcauDlY$nDt!vaeW z9}bURQ#zjzj@@m z?o2WI;cY>xbsd@1Bv7X@9&CX%8byMe7!REu6gYiU6+NchPTpBH$$bs}nOSe)pdC2* zVxYqUhTiU`3@@dGkp1mYEGBQj!54`rm?c&!xM@?YUrAEGMEji?H7sS z1ZUf5do9J(lBMSaY6l@T6bH1-RRSlstGr-Cah(bjM~tJ%cr<(DbO)|9zxBUW;2Wd0 zWsg35pcU^=y9Zb%o?A-1*b*b!U5y;w!y_PlndsT0I0;h>uH+0uU)YZxpjT{v{_4vPsj0R+8HD`yue&77&WY zwkLxUs;6~pWXjt76L&>DnN}2(9k{20>jfIlI9C z<-I2D7`t2e+-fosmrA&f?!CmdFKioyCz{QjT}3pZqc(mw>RKXKKO9T$`P0)?x|SD z+HmCHuMAD%c?&CV6}LYaMMdu(pTE3^{Mf^HG{@`7GIIFx57P`+mBhC|JWkFxbyCC$ zbuexAh94j4l1T{5$nTg-O#Dx86_O>Tb&pVr{NWQMQ+6eXN82HMkHOLL)+@N2tIq-T zxua6Qtm;)Ki8?3V7sm4jEvUV@BL3LE`;3M3wFHm&oFw`HJ?}ffc4lFU?I-gDdOyCU z`pz+jj9_v@ADKI60TbDrn{OAl$YVUnL{CtJai0yak~Bp1Q!}?n&#O#SD+pQHr5l2} zm?phq8V{E7HKiRYMh>JfD6Yk=g5NiiZ@UPA7n_~Bhl38UBCVP2UfHA__NkqE`PUWb z-!bj^9;0s3a!#Y^KnOV%)cp9syA_h2n|B>3(8GHG-Lmy1@^|IpLg19W*#(vxRhlC< z3bU|xm*Xr0UYGHu(BVJ(L`8~%9wzgPMqbxR6>tjB-E|I}Yj=0Qy$3j*zJpu;L>#o3 z#FRbx0zWvtP7ScIuI}OGG{11X#+ZF;bIvx{!r$-<)F+0t6GgQW)~pph*r}OwjTJZW z=vM8}GhHbpmuB7iiK9o#g>Qu=8n))7(!Bhem#o5jW5db~Ip3LqQ5zp^=tQ-O2)pRW z5}(Is2QZhfaiWfi*YD80I%QVui+V-#PsaBcP@No)C3bs^sj}$!u3*ip1M7psJ)3l2 zp(9RB%5ziI!7EQ)D!iz`5qwMny{Exhb;DBU%(F0O`{6D zY;;x@pcrd8I_qPr-aydG}C4HvY2iC^5ioP_xGfDiky3Zuf?0Jm%{?cv|`ST zM{boKkZ1Y^of6u6ro&q>b6u);(f5F;;CldW{7x1Jm;)W_UPYf5C5y4CN8@Y+KO~1u zmzJONeCfT0+zluv4KRgwEW|bwb0jcgHv7YOznNtbNJp0o$c}yA>QtB9d!K0Wir2=! zEJajqYCViL?#UA#p0~LzE_htjsdm&atC9x3YQu5wC;dE4BxAK_epUYdgg)E2mQJm^ zqtxQm1$TXLa%*U2mNx0S!`EsW-=HxKwlX}x32+!}15UXbrKe6QiDxR=?@X?%d+2Zoa;YvT%>A{enXJX)McOT(zQGq~*mOu`2eV{Jc`=lnPR7Bfx(TSP z*lT+UwoWYx(Oa!a#t#;6MBSWMJvM*^v9QI&krSrdh&YgK?j_C zZDw9(oysnAG7(H{T6S9zB!ya@8j0U|)Z)VYlZoz>l4Vzd(4U{JfiE_(6<&VxdQ-$A zP8U`30mo*YB8?unRTXFZvJsO@hmS#BH)7(QPApsnSJN=7qny zR@b}GhkL%-Eq>Y|LK`1*i;Ke>bTqmWZD+rr-wFXccTRRT^G2AR5srDpYWZsy%khq4 z7j}dE9`ZavH}U!TxXWDJTWPG5(If`rESfnbm1A`vX~Ez#M^{};7Kv+3)@=4=qw;#m z5KRec#$YTa{F}TFYxUvj=oAXtMvf92xteOCnWp0_*UG&t3X=cs|+Prp4|PHY}}8{-!K?&I{hONc4g>t7mG zkLO{X%Q#(^=lG%t0^b;~4OR>IH>5;d`ZJ7uh!q2-QYVvbCi-U6(eIyNXv)+lLG83O z6DJ!3ahr)#^y8bF@zQ&IdA%DeUNw84c^@-Qw$U_=9wsLlsX*`-plOGk0dN{q&32<1x9_9J%_&E6xjzm6`|eSyb_#5s`)b z=gc04=_s-IYkj!yXHtPva^@d;l&=U*!UJ?@2eIVB;!D9X^DkGbsb(J<01ONBz~5sn zUYk_WnB zKv_IOr1h<`vZr~E8z~HCnCN4-hBaQwH(+Q~+{88irZh_3u)T;~PEVLTXG53*gYuvh z&ccR;WgsmDMN^0p?KJflNT(#E+y%bC84RY*kAGJ3H+@{(#ZCC?gIrP*8&&J_NrNdj zuU%K8c;Q~+L4Qa^);GYB74MM?o+F+sZO>6yC1-O$&V|5FMs_T9$+p)~qv+B84O0J) zi9qYfT6KdTgLImwl^UV7LVHhGB^EFIf#c*A3Pp5JV<#fthF1O z%sSjh5#6o$nE$Jz9}tvrQDln14smhBInH^OBV#fPB)oI&!!{{Q%22h zJS97&0p91wCwX;me2u@XzVV6?jwtLTl>KzrMsE^$gMJa{2i)dAomL*|*o_&ubzttX ziNwpwIYCec({t+h$%m>`mVVhBZ424y%h~556bqbSyS}AFUPh~KArw14Ws*HmsW#Y5 zT9?DeE}L0{PAnsHFE|fL(^dOAb^?G%y&F&H#P+gHORLCo24qTtmZx^X~ z30i`-Rwm3cI3m4O>-Fu$a2%RHYrIxN7+W63-_{{HaSKa2#uN8eeJgcVIb+rCx<&FQ zoNh@(c9yfG@PA8Rv@ZIJYHb>0KvLGl;&Bci`DdCDckaD%92%7D`iD08a~SYlTxRN8D4>W%3{M{gy@3 z5y=vd+2v&;IxiHBf2(Ad-)f3tVBthzoS6QJP81(Hc+cyjgDld}!$diH=Ej$b0=i`k z_VPd`QBjUwL33IQfYTx%g)s;D=AzwGWkU#BnxF%^P4Bpzp0hrFp*+yu61*{{;WX^IydOvGcM28~*Q~{J;O7^v!?I{}EXI!~gxa3PJxh{2%@m z=C%GC{ttitAN~*1GXL;@|D*ihSxzEm`z$|pKZKyL3bPZM@Oeh$@ANdkfysSmHdz5%EdEieu55GG#1mjZ&RgB{ZdPM^}Rhtrz ztkw8e*$OYsSOqHvnCZ^Rkivor^`Nz)f`GoEyt^5UdO{?cr$v!OAP%43 zwdGcM#Lp)%6TK(s^XYcCXO-_8;o5nD@u<;6NO`J-;GUB5eJ>?U_C(NnfIWsDP z#U$B>)K?!W<;I3$X#EREO^NDjEzZ|ehx~J{D#BPj10v*9tX?f&I&UE}ao%_U0-7*( zpoaPTUWdFNpK0;til-a4$mp|BDcuz#E@1mikN121l?~y(t9L|Uq4?udpeLJcIE=60 zMfxoLE-xiNi1Lo}EjL%Ip5VA-N`cd)OQ^FOXPT5B2B~ij48XQdbr8Yeo);b4eZBzN zDtxjrqYGCcl`+r+pN3i2~VgHFz%SHCW_L z?KN{8^4LLwtgVEMnpNOCtci4cd5W$3hD#+Hwq^kYxEANfNQU`zon77|NWxo>sil(f z2ksIicb*Rt$4|EUu5gEtZVoVu%OZ*lVYTR>)~7RB#$|?3xx7^R-vnk(J^2?%`M>s+ zDfU^Zp-g@D161w$1|Z3F_|}n8TTl&hPt}@yYNS!6%SHbv_KCk#TVw%w$6Q8ux%#jYL~?FRen)E}&ui8=Gn&-K|%) zkcH`oP|qVfrF%dgShK8dEdQ^kwbi4+sHt`z`^M>uEB@AXi<9lz)0!biH--{(@58x~ zMHKB!-99Uo5C37YgzYCMp(N?GN2vzGC;iJUup#(Gh``wvE!u`&K2e4}s-?`bVUO}{ z(U1Xv$jzQw(%Tq#5AYGQl(JXRZ7N*wjjOG-?v6*hA73cxiwG5%nt|1?L~4v`eqXeb zUDo3}{ylasnDNTxF%sOX0O|ErgL=fSPr@%{2p0PX_gqb; zcH29xE+kl39SPX1ZJiF0ESFgZ=9*rgx3S5MnTn|lujC*yH$@3`1sCY}_@B{`j5dWd z+sBo%El+suvy=QSVhLk3zWJ1B%|*0U()G=!zn2NABov2LdF6GM@LLEA zTz@t^Sc~5^T8ZWF3`XE(7@AkNusNtV(K`Hy`OD()5A`nlZoT4Ze#VtN60wMsP(3kk8G#6-_Whs8f>n%1oIb%NAcbweT9?Zu#cUfDOch|CKZTXPzJt^)r zRF1k^x}uwUW@vV&XlQV!{?+G+aGGK(^8|aqE^Fkn-WvpK!wk9mYd7+0HwQbdoyFzs z>2~+JU0>(rJtL1?p}iJK|OoS6exR;ufwDOKBxtH=pw=SC_Et&U0l+L}6%>^WJt7w&&ii$#2Ur3Y!b zpYV5%8xj((E@2w($G_1JifY@3c4sbHYet=yNO}YZn96}e^@2ysX#={5J|Br!Q!}k2 z@h*^xNbc!z-`LtkgW7w5wL*Z$k<7bQVW*76K^=MO&s0m<-@e^qE8{5cJ#0;nH#m4$ zD=0E#S#1x@wV1N5Ue_F{m}zJfdnx;U-W!f#YkD;IuJr;+8Z=jVb3@LYPO%j{2+9iH zc){T4$HqIJvw9*NGv?&Dc4(XZ-CLoB(S7Wzsd_Zn;HIXivg=*X;#+Q6%ryJ)^U8$} zZ{9-NL zPP~@4A*##@*B1Mm%2`MWtGp^={Q}}{5Op0#kHtVl>xwRV)>^jm*^s5;N;+b=vE6(K zm@=1*=9<5&>2woYik;?CpwLTL2-K7KGXah)&b-yz3kYor{j-Q|2kdsFQ>v=1$sv@wTUT|b|OFB3&{uj$yh$3 z7N6|ccd2M;*zp|MxkVY<VfafqnQHaghGsPdGKlckD-2xu+l~Dot|04GxzsXi20mqg@cC9%fFxx zE9x=}FlWD$Bjdu*9mf4_#YY$RA^ z%J9?g2-E53hmDs)v8u%hXf1R2I&d#rd27~Nc1AuDE$2xlAJ#yj&Z`(0?MfH*U7vUi zjTsBWloO}CAnfJo)}drq4TJN4$}!*a`%sLbL}^mw8%i?IYC1Q%lYjZh)u!2rfo3!F zGoAD6X_PD>uZqWv%JnF+rJ~c|iz8KcfS@Rz77WeVNVM96;X_NRNG_NpT>AwbVbu@~j)O^mYH^^bYp2kKP?>3JETW7D3j92kbk zj*s=Nk(*!!sr#w3oESNV_w+Gx@^bVs>M?TkasQVSnA`r*koreM>VIbqsdfIM3Z2iT zT}B~IuiZZ!X#M@qpBUfL`+Gn@jAvEH2@rNGP&*rZG}+*RJJxM;B3teCjKfa|2p**&~xsrQ+L;L7R!!6R}#0- zzrF_qnK1-5R0?KKQ99gMZxk4W`dC9QRf<7CKaMkS5;@=cMxhTBrVx ziu2(;B|*04;q#V8=Iu(rXgqBXia>W^z;kJ{@OOLb>8_1zq5ts&(4)@u!0Kwy>5H(7 zKPbkZX*`vC{E2-xo|^%{My`SrYn=VnB$u`n;d+Zr3B3qI)D!YZTC1qYa7(qjg}wLZ z>v2x9lnc?+(p}g~8lzJE)QA>ZC4;D4iNi#vXXseUq_&?dUPV}c^I^ymK1o!Pg|6&L}? zYqVcF1z|R+@6`+VrsX=Sg4f9N$icPEk{p{e&{_6>O)DhLqVM*g){RUa5en`7bt&j*! z!B;Myv@GXKjQ-siVL#a8ph&279eG{GNP1Oc_PS4gPWFgKZf!{bU?zf#rx4Q4FAvZC z%C2wi{OdS4=8I-o>Cg0rXfT(&dkD>~5?aHz9e@67-dp3B^N~OTbclXpf)jlx;_q-7 zKUTl)s~2!!7Ra1tKH&4y8I2ycGg#z`GcFaZDe?q#KfyM6AbdF;E55@u-$fd{{y<-! ze@*nkKw{fv;^7t^*Xj}eL{ahd!%uN7aURQR_Y%33+-x*VtQ7`vForm0Mv?8=h?97m}Klpe!DX4t%< zi81`W@xTJcNgkFrvc^1*!kWh}zR<#D}W~Rw}#G6m8%vPux*Z8CHo$Qv*0G@fVDwk-)N9^1Hr?xbLWj@*|_i77Y&~u znyHt?9dE!#KQ+{UJ}<0NzJ<+s@h;7}a@sX%8@h2mRM}z^RI&Fh%I)fg&PQLFm#GA1 z!EXd~A{1hA-)-rJPi-~1dM+;XZlDKha7OEewO1oVUJ3M%I`7g_QFXVR{M~96nz)}- z7piAAH_<-YP~p;odcWW3uvdI}>QHs-8RFzOh#mdjmDyw@CBCQR@xa)Um|Aid$u}E; z^2K`Jo-;G-cQKo$L+^f&l;px)u=)h0b7ge}iS#weN@uz9C=Xi&nC}67RMq-Em%mCn z&)aMwV`#vW52@!e^RaAI(r?!{2vpKf`Dt!37oZK;g2UV7);Gb6?xCf|WzhS*g2 z-5c=6Pz>jG=U?_e5h@Q_cypyxR6@I9Esjb?S2lI#`yH!;vx}7-1lq=-8`fI^eI+H4 zNYe_vETui)`LCdZbk63#+br2AD!!LyU5~oBI=Td;iO_hU%kDR=IUa-x&bo?*)gc|e zT1C#Aw|W8!K7PC9PgCtG)n7u1V%ZG$+)iWs zcVb@c?9Xm8yAM;EHa{hP&_rg&-_)oax;(4Dj*Dg8U@3`!(WJbliwdIo#B?i~ z`G+3EJz7wXNS@WDer<7#eFFD*%1p0j$W9?6Wiy2 zO>-l8+&=7K76Ym~zO0vpZ*Fi{5Ul}+os~(!VNZ}1zhQA7U!6Wt5eXJiV8#?agURGjrnKRG_-R#nPInZAciI_ zlO6_6u}K1j4dzt}OiHo+|21(eWJ=vYG`gBudJ_&|NmkIc}ECT+3iE+tVyf8Ty0n`0KiT z#rDZPNz3}Ru(ZV&icaGayn#>xnwRpe94Tn*qz;V;2^bDyp#{(D4))OLzoP(cgO{aQWsrv|z!^*SQOwQsC#@TKJ(gSr`fC`e;E1@>C zJbLyRC9~75UvDpZ9(HO+jMa6Z6}}22xrjxog{lPtC_tLN0SXRT)|cfSE>31=%HNdS zs2MiA>_4l7n!AH6(fEuMu2Mel6MU&XJkbs0yNyHrjQoqaTwUx85DHjxa3W?NFwN-d z?b!=Lhw_i54tk^jclm2l>(|4mtm-(A+q1HYmmv`*B$AJ$OGxqOGHzilR1*|*#(&3kNd_^#oCOx z2{C^^qQBmZX(A>+F>bah>ELi1BM5rm!9{Dw%@NOBM#`deh2?Egc^vEW{sgtm_M?^R zhH3G2)%}d}_-=Z3gh2(?Gtrm1-!zt?p#ptBuseb|U^n?46hsyJ=SL>dBBGo9{5j;j z?|Ng!>QpNWIk@vh#QPnXW56%B%O~_Dd4Fli%x#{cgkF<;m2<1D!k~^Uhq1vCx@4;F zaxJ#!?KxQ4qlG*7kuSpNpyM*)g{cNf?LRH!#UIAyGnrI3EVTFLWhAfi`cH8i;S9#i zXnbF7_)WMbve|JqQeaYgDB1!fKKlI48jN0(U@fQuaVJ*F0Z$mtfu?AT)HoEYDt( zUz73!k=ZpomEmdk*HC3$dB8({-N59-i-a$4wxlF$C1}DxdGtTKXntzGJU*qZB?OyH z*)%LIm2$&XCN?W;H3@=@)rQ&_6T42G3d%atmcA}H!&gIVf~Y^p8^(lf#J}RUc@*Ep zo2$?IkxltqMDwMPS^jyo#{KA)-_TsIytTBk=ZWy$Padr0Q3`Atv zNmQNU1qldmmMIi=6bbh`u>8?Y{qYlk4FqE_dUI*XfzYC_j*>F|KJPB>2G7-H&GfRi zykZGg`oGGa4D2dX5OlG=Ln$|4t{L?e$4X5EKV*0aV=j6_^9X#MT8Tar=0uY^{Z2H7 zOdTEhRtZU;P3Z!ate)XL?ex}Q5+m@Xk zdLr)*&=)TJh#-sy%`nA35%cx>+4{|wvH;-y*nf9z_CKiu_Wy?evG=eyVdwaNO8xvN zzVhGC|Ha9{%k|&p|Kw!n`A7fjKO69W;nBb6e_o0H!~guR;eQB+Ffa4p@IQnV|L{MU zmidSO`5)$g=B#UP4V0L9b+I%`n3$mxA zZ?T~|q9a)B9sWApP*JPS3=?>Fr6V4iGW;7MKE*laq1Sz}fLn@U;6={+XxlF$jczp* z!$&Q`0FeYUC8EyO)$D(Dj}&D&?^JwT&@pw@kf5U$ zfOPk2^@E`k%C^SWM1eLU_38ESuCFDpOg9s;z1S9ZzUj-1BZ1p&A1fnLkxcg%3sPwzDYPcKrE0%i;M2(qbF5#@FT7I0Aw z26B77nZwwCG`9n-foGsJ^v7)^d@2vYI1xLZDpB;;z!WmqZI968RI4Dq45b}zVda`T z-h0&L(ZfBwd_}faEluI&J?uNKb1Gx+S4*hD@M!UxQ~1P{BFSj%%~(Uf?&aKod5Mb& zLB;vwJQ*L_U~@&VUc-=ks`0oRL(3&B2Q~?|p-qrp@$Q8MHoUF_Luzp=!dkBMj1Nr* zKjD~c+7xV7)YKH0X*Z{G&!}XLq2eu4N*0vDXcE5k&|!S87xBJ1Cw6w9#7ZhwcxEJ@ z?c5DX#>ipo+>f5W5MF2|Z~3ZVq*QLu67T|;^ExAZ3N|75ZNNooh?Auh{3RV(ABZ9+ z8+eTslM_r}jITF_t^gIesfAA$BRGydd1_V&_LL87GPZciE?QKOGk0XmJFc@1vj@Gq zQ%yWuJ*oQLQekB~!FG1HBGtEWE=*-&mv1s0q(-v#j*2_>9KBV(TQ3l+V68D^gNaAxawO67gydzi}!#hNnitP-3`vs-e6w`LYZ1%>&B3-xISBT5FXh zj;m8`>s-40zxZJkI*JY;p@tK98;vhwGO**O=}D8H?_cK?y=uL*0|+dQPP~*`?Y(>u z*jjPaFiz6Fj|WW4?dGhUu@A&|NfBmiVX_)x&qy8uEqg3%Z+$v6r)} zy8)il+I}UZ`T{1pGg4YRQH{6q1Iy;c$cIv8sc*c6`bs0~RM6+LUAK z&R@e12Sa~l^17jbHN)bDQAK!~6EX2Iw_hV;s1_lSXHMb<5uJYqUyWCt8WzWuIG0O63W%i4Wxcb|` zP38lS$$`JO;%;`FTR}6&8om9*oE24&zceE_yN<%3n3$-S;?!qvu4ItqT;-I>@h%l9 zS7fJRrk>tO6Xs=ZZbxK!zPub?FHDBnqX5+83yW(!i$QT2o=AmQEM@{2K6Gj^OE+w74 z#iFSc)Cu2f4l7DT2O!YeZZ;_o*?x|I+LjMK@QE*Mf=A z;xq`3%oXLJtxH~XNvEonf~W2+TxQ}mk}GyeCIf^7s{dYnu79aWLiv40OHhCMyF+~o zT&g9uIVEK-lYr_hDXnQ5i=Kg>I-jH%LRMPwTFI&u`>I3p%X;?fSBm19OdxE zsZxSqECbj#sD%-@STy_Wk-n}RULet~m*$~QV$~$tDNHAIhMcBWXE)J1rH}jJ)>ZXJ zMc73xbcQcWCo#2kuEHtl3R~pwjfx|<@U>t4-bfL)fCo3gajgX4GE8*hd5 z-6k|%SF8oTLhqXuudpu0#g-u~V!PR@zhmfViM+7TQjm4A>Ba2>I){fHwf%d&PP5AQ z0EMOE^$DZbtq0rK*t*Zd6nU~E4|z(x%+=!EX6c^>#g^Eg3A6w~xq5uH)Hu}<6cZP= zV7Nf3R@$Rrt5x(C@af&u1j7E;Wtvb4J@%51p;sSQm5cuLA*ipwrPQkQ1z>ugaj*|p zsc^I;A+YIw{0zylXuZLcoyfmavgLZ<<@9sXc;AT5Md7(C^^xP$vebZx2`bxU)=2H~ zv5z;-r`hnHtMqnxD>^VTUZjo#!vG`z=jDs zL;-A*<<&*AZQT6-nhXRdf4IaYoe|GXT-t6Vo90gM2``zeTKT%^1(R*c_0d5#4%dM3 zq;(&+aAwNJJSm*V;C-agv6h!4K?bZNAdjhL-*hc^AJcw&o=Y)QqB!KtXL$%&3mjcP znn$W^i*WlkWZdCJyvJ@9JeXUshp8d#sGSd*j+SeR9pD$XMbP5P-E!Y?5fy%NX9w@_ zPH)LZONbt>u8;VY!Q`P&_C-XMDnD8l13QDp>6Ro>-yN|0o5b)>L%nm{u-7dn=k)8Ed775_trsiJ@3EgnZbPqcV=*RmoT`yYZzRDOMnD| z1PwB{C%8L7V^|0hG7MC6eV*st z&r26Z&!GG1@2K??bylHprdN}k3}OdwId=Xoled3QFnjX~WyeLhviIsN_jmQVLeB2u z&ywHg+#W@dIWgZpx!jun^nCbCDOANau%jmQj6Tt2Y72UPytoDE5ToYffb!e*4F@V!={_$^*Q zd`#tGQhnoe)Kvd;C&ak(r}iJ6@0~tDbdrno=YsCe%m?5{=ao*-J}R(|8rl_0zGe=T zee#xAR-Nzu+i@Yz1lOEj4OdyF;DGtX_)ebGOW*GgZ8g@cEnD$=KSLXGAz-sAy?f61 zGyg)gNpGHu8hRSe^po#qe@soaKLpwxBKyVIrMTe(xeC$57JAEOXhZ0mt1)h~{> z%?1a^?%rMbJuTB?8)|SbY)u3xB z*bOf+N569SJVQPnt{-sh91EEJq(47_xKPXC-k-pHKw~37EmRoIXwjFHjTe!%!-nj{4uOyGzec7J92gYru zhp#s0j`Q3-KD18y(wP;viPXB$ijoUr-UB5!Z_|J5%IZqC8}&EvzG_-93PUu0RBUY% z3s_vf-U;#C(=ptolUP<@yyC8I7fB+^^2o|&&~9To^*oBnnF@a9#nn^11%UjcrUF_M zJYRU8ILkc!_2Y%bZvF1X`Zps_Uu!GVNFJe;)cgQH?ecTO^KU#KK9;HYiagn0KK<}X z5aoJfT+?)a)y5V9`^Q&Q2RN!l< zMLqB4`N;C>X`Gt2)ILA;xSL%vm377)?-f(<&l%dQ51v{xOIy)U?kkb`sm(1elfn?E zy<70w-J78LceDgE&gPed51PMiTCsoab9OK|>5WWL4y zWoNBrK;-{AkLJU<`?*lCzuU9KySSWh<8oU)pNw6KUbnVqEseH`HvY8BCHfHcWvO*{ zn2Ct>M8R@|GXz{=Y^Ph=*a?7?!F58FRWVB2l`!**? z4taU=dT+ctNqRGDY9&=U7d35>eMN(srMQb8FMf(8wtQ5k7 zICYIN)AT@GQ?amUQt4M7i7ZK;-EF84Ox(aq{Z$i56Ha^t+{)x-)P8&|)OeIH+an#_ z;bXpSxH`PS*J$CNi5ZR6(ZTOEp}FsQX56lMHE<(YQ+$P~$v%|QQM#4e6TEq!JMkfWA#S!x!!Pnsw&_AqH24z`0v>?$4O}7 z>mQ)?Xb%bffuHzqoquuxCa=tDs$ zF**Pj_y;R5&qOMxr;oIafIN^1eS{S3$Y4#A&Avyey=w*~%!-)A55+Oi!2s63jr?P8 zghKe?U}Bg6qoBOL?xCDsM5@rg3_;L;@bLifm#%mbZuWj?uM9T+>U+*Q7hXzkLM|f2zqc#RN{R~|qMRK^~3@rzl$s$!O z@waL(KjIn8iL@8BtE-KII*-zdCo&pJUEn0Tn+7jGLPi;YioB(R8PuaD|K%S#xg35>b!zZg6~qc{i~i?qWPA7%*S$* zOdIAvr(%{Gjhu-Y7xU0YEo$&~a(th05Acl*j&12~Q`Qox{7T9y>819Huu$xEfhk$I zR}fJFdKh*HxRQnQvh`=j2Qvy#;KIjTt%N}Fhr~@(E@i&eQ~-Qq#|1IJco-sV5EuYq z0P46kebyp+YK2pYJk7bRajn)@AXn|W7xa4^@^wwd?84ep>ZGI?mXkG$C`oW^DP3Q` z8asLLTx-No$zoeBxK53&OsdRwY=s=JgQksniaFG>=(q zUn*o6O<&mk8iRL(HMWeMnaC^TOt48pD&l}3(L%0r;%Nodl9oM2s+0i?y(5C`U8{9; zdD?fK#V^++bT}MZJ0N4afZrIQz2GXfri338wCF!;>6lqu@k`6t=2}@$8Rs{c=gA+J zyZ-IkgS8a{U~M-#?I?VKb9Op)6+HK%-}Nk*n)z`Vf-udM`bRnkyKu=oVVVi4B*w1m zk|o^ej@hELJZuJsxk`Dzh*Q0Ut`KGDAuOY26s2?!@U6NlPnXH%gGH&y9x5d24C1MJ z*7-}NND{1MU0}4s9RGbbZ7JSGO-&Cyx3hSa1NZ#wq9S1FpyXG>f5!S@`M?0a*sU}|cr>WHEgA_! z`S=5+&3<3Ob>t7Z#MmE7KZMeJgNVV5nBQ?b-M>)C^cL0lFt~q|%5r%BEH1+P3sbm{ z6D;dkaL>$p9-n{hyUyU_Atc7mTUG%_F6RFr_!`BXYf4;pt>l z`swA5&6j(WFbpL|D;N2;~k5erIC2^ z7qUxFr(?eLt)qa7V{T0kvh1)~{~UoLA4^{^Q~lB2bWX$aAI^9z$~~V+`U8H8$cSn!5ao>OH zsXS0&c-)${v4m1$__oqmKbV5j^vX&6xbE!zS#kxKN<7thYg_Ud`=-jX>%`UhunH{n zK0ZJmQz32q%g0k%SEkRrEVT{PZn)%|wBb0zwz@q|cj+U$mGNop`470; zwfnyl5R54cXx_|@IJC9JT^G7r)X%}JHwHHKtH{4886@Fk{yK^xV{Wmm7MM_^r9n|! zmj8bB_h!2=eYi~0yS$6G;@qOQ0dnJA#!NsKTSQ~T;?y~t9cQgvV^WAajg7NuY^HzPdG$kb?y zw^vUSmFSi5w5W%{(-UGDACGsfwZeZ)xzrcPmloG_7CO)f{-)6&uKx4B_RD7b&STMd z_O9rcOnNaZ_du53890Yb>Fq)+4cevA%w6E{Hq&^6ypG&Pei-U3P@Ns*SpY z?Kq=3wW>J>wT{LRxugnVMl(xBc@9sYm5iZ};aRQIM!>VQian*NGZA`aW5f9tyqPm4E2x)~K z1wC3}x@jXV^*{4eYu+n_GYH+rF(oOhZUXA@s`!{I;`BViW-Zr#`zO5CQvL1)Igu*1 z#x*<*-=5iTwp7)cgl;ro!C%umujVXAR`;F{ISj402EVS*>1l9~Zq7_)4b+$CjZI@5 zA^U2~psef|MRpaM*;QDBJ;|FSWI7oUXyDUUCtY`WidToT;u`eHy41`~_hk`l^or;w z4d#+5c||?1@3$X$$T|(fyFq&O#jQgRk@?cjowLlJcEqXQ!^HCwXs}j4j%q`&FCm9AbWAM3qg47HXfN*_ zidGsL+#O9uZ{gLfa;6z_JLeM?N7O{%*;lW2W z9+#j{@co<^!skZf3;Y5m%CVV&{frZnHA0UP zCcY$Qr&I|B?5biSzU0k5#{XTj)2_#yZ17ZjarDh1>#3kV(nFcH=3d&&tkejnmh!A6s|gw$Zmb(YZgT2^6u@9m5_b#AkFxg z-)}YEfwH8Hw3Au&AG-+?@s$f2(RfrTy^)H+=IJ_pFYLA-%1sEk_(t}Jk946PD16k-78DBE2Ulv zk`8_us(^D&uZQ@JWJ#xWFrzV%Gu`g(^e-7s?3tAfBs~u>z>Bt;mrc~Le4m@us(3fo z8e?Wc3^2+kpf#A;F^{l3z%$Mcnkvk^<*O16b!ozk>PMW^g&gxb{3W&uGGG-kQ=&9 zn_3I4X9O=z-jPqGdezzKhb$!+{_!*Z!W8s;@c<<~)fY))0BSoGEv@Lc#)^x zbfMXi4Yn$e;4gno!;{gJmzneO?I<4L70^s6&^yqEs{j)?U*3c7j& zH@?ZD*KawJLGPz6c~f-R_N~~?*UsCo^X5vv)m_Y`Rd|YA1iH_HFD~DyoKaW2PvxLl zUf#UWv->>ttKq0FFYmx5lkC-1mY!!y9$Uk=!o$y=4=>{%uBo*PZgt{B>SX(rua@O* z7k?Zi4&=Lc<=uX-o4pZfbvc^*e<29g|Aqd`7U|*P;N$yP)88&g{y*OZd7WGw|Hq5v z|K8{Sss2kqh+kMt;QzpX6yz5c{r~xo|9hkR|E!dXnzFbAavCHJT-*awQ&aaaSZ{AH z1OoX&N}8FOc>n-o0C0DFTmS$iqM`u-0dL;C@la9W1AvBxhVL94p#Xq`gEKrltOo!$ zMMXb<{@eimF^ssmx&40mvPDZv766QljK1~u{`vEV0RV2-*6yaJP66QT>}-2#N*xYg z>+SvgQ03Dnet!P@-rklcPly0udwcsHiIkC%85kJ&{P-~o3riw1^W(>luK++oLZS`; z^78V^%gd{(sx}1$$6Z|3oFg4GneT=3ZD>h=_>r@bH+OoqZi19vd6$>+9>_ z;P5^?{Cjx#uV25~+S*>ddXkkhblTi}d3l-iV06;ey@x=40>FD? zVOC z>3d4b#pdRtwY8(EsZuD^+}yl}kWg1k>%)f+L;U=#H&{23lzS6A2Tl$7$K zA{QhwQb?#B0G6kwrU5{jpMMDl=U!5>wxGZs3LU}26NJOLV6fj~B686xFwRJEq?)~`q z!`%5t<_7>d4|j5Z55LFLRx&hDkkeHXdb`(byeSSqL#5nE45-&V~P+VoMp6u3^kXHWbu<6 zt^zpd2E6G)5KTq$(YA;d~o|1j9Jt4V9nBG_Lz$}vuE z@;08%LNMY>6Xr#V8r-mAE(h%qw$%XQVDepHxcZC_NACxYjON1q7?7e4gw|YKMk??R zS&a;bFuhxMt^py+$%mi6Q%IFII!H46d3TRa(Rjeef?ZAaB?t23VcshNJZ>xBkBZc$ zGr#x)?HW$~8ueGmK1)+QBVTxS_Hk36=;aTr%%@wE6D@3-hvZy~Xgu0j_gVto5;|=N zs#8PcSJNzq5&izxAtrXE&t!(4z@w2ek)#~rLft^F^Gt?wKD6IThs>p7666VuLG!_p z93&2uQ4*Q*yH>PWjWLI9r^nd0+9X)*=Csqt-@r=NfC26k;MFNSYBGe!?}$Ng^Gp~( ztIROT*Ut=@v60JhIe{zZjBX$zuy{F$qoq?!CnBVc*vp)hg3Iy^E%)ud>W)_K7`n+( z*|F-_3zPhO-r^uU2J9@HCgcjGgn!fJjewD53YkUfW(m1;mdW)>%*aQPe)X$V#`Nmg zk%OF*&XyE-584=)jZR~{Vp!?i3X(I^eVsSrSF~6uP1VAtM~QJi@kM96yHZ|nP}qP? zR*EW>G((!sOc!07AZ{0d8JkTj7wzr!TZvYjg~$sJq+N5Ku3u8~ znQR*EdYW`vh@*S%wZQ7fvoJley`gcmCy8e17z2evIyp1UGo^2^p>DgaXmsMVa^hc4 zS$Z*87SozAtT3BQZ$Bt`Yfk3Uq+3{9u=PB8Hf-8Ko4B`ryg5-l|JwQ{+eYlQ(?t$;F+$4QMV{b7u zy>i|Z&;GC%n=HhCUBKwWu3>LVPlay+jeX-5qHKjj@EtXVk5Hglx)Rnkej~}V(f3Ov zyV86@-EaXinQsGNsui+776Bh9J>#L8L4Sr_Ga+l&PeR^nWMWkt8C2paVQ%C7Js{C7 zZlnIGOD;X3nLIQ11tocHc>i_z=|CvSdwa{D!8xw_c4LZsBAw4Rtf{WpPo`ZK?_SRl zE&F4`^?#{tV^gN?$nZ!CapY+!iiNcXIfP?yOaWoGtb+ZoSeuct>@ORMNJ9|3QZA!d zgDVL{(uLBTsGn$=;rOn<6%@Xj5rETT3Y>6sEYUcKG4G3%>r3g-!^G`j8pUFYS zdpaql9k8|=A#{!eBcn=Vb=0y&`B7orGKZ$&Oq9{qLDDjJ+AvBlfY2*!*nzB>CG(l7 zer#F8gwi3Ej$?#aYwoSqKmpkWf#RbvAc%?0Av zlwxh-H&4I3X2wpkUR~#-ac*sbj6C-LrAJY|b5CZ#*w2}t4}ZRL!k|4H%YX}wnmfSA zqMT8caSV)ONSsgh4&HRe?&&7eW*m=jE@CDHxAQM04tGjp$PUS?aw69 zrt-wEhQ??XfMj=*?8cC4%pzTss*3Q{wf^%@YoB_WGpd9ns^tuGO>;_Xq}?@ilDS!X zb4YzVrxXXzo}_Y#hScJX#wKFqLXmltO!#~$`;Xpkm`|B2^xOh$Zdlwh=;SHjd^H;z zw;B=SoYaBoBZg-UfjJL4=uY;1qA4rst>|!U;w! za}B-efW=pqM1GWGjdINsJb9*G_pF=sP&CM0og zOPVhuSA}@XZyqm_GqRE(IA?q^6V=f?;=y}C{Y@W zY7_3mg+r*np>1HbXW@`)m#aUfI6!SD3>tsKr>eE%ON2yyXfBuq|4x?~7LEv8goTPO z8m51+MFBY@hs?)vV`kbqo{L;bq_OG+_$01q&tQcvR=Wwd;a*0;u(-A28kfFL0{eAr zmYM|5rn1XJ22~jN;(k90?Sk<968`31H`SQGMn_g+{C<@#7Sy+#?9D(K48>JTBa&YH z8f;Q4R7Wm{K4#1pDa~4PZ{;G7kEl0jcSs+I-NG6cPQxT&E>-IN^*)O6k)X7`WUI z)UDgMrT;)*Cw8dw2?9wzntoeUEtk7w^Wox3PFwIVh{26=81FOKjqCBUEpK`+S~8P0 zR43O;{85D;96l+TcrQSIh)=I{!V2u!=erXNo$0Pzx?bq34!p9cyUi?qf5d>|7~2`4 z96lfrHP@LVRul=wM?S?8^~m`QuPw6)u6WUcMY6kLA9<#}1hsnZ!>N!0<}3{1k*8Bx zgDe(uFxu*VPv^Au7Hdj@M0-=~Pcs$@(>MzY!M8N1SIM52Yf|__0@yU=M8fdx?7`ju zhaG`du|_$Cck|O=0|EO#nUM7WNctx8cV#3w$o`{>dpD5M{?iBN(wT=nX3Wo^eGfTZqRg+!cuUUDru#y@ve~iQW-RriCAk( z)}Z5QtdE8bx&KRnXF5)ZxH7xIbTakW=hl-py#Wx4erC^AS zfozIj3JJ8B9>zrk=2Pl_C+XjJP)k1WNln;x*6^JIDaau-uEZ3eh**qpb!8Ufl(MAa zHk;`|2zX9PEXx12Ln2;Gr1`3os1p>kUn(Ww#pTn$DpN?XSSsbJm4=et;uPuPQ_o*w zG?MoM(H8?GI@m-6hsi7D1mcAl28V$jCBZ^HjQIS(n69lN66CiNRGh{p-h-zz?;^8` zB0RUkl=G?FjwLUWJx+JunSN$K<>m-ia@5eken<9R0J%(t0wW+lH@Z2jcWfo)&z2 zp{PUP!LqJjiPUI?tGp*BI_;J?Ja{3I%I+~mrng7>zh zWBh&-6+#1rI9!tgO{@55>=9W#AmXBYYBiTq(*VpStK8Ul!_$=Na#%fE9?UHN+C@pE zjGHx*7zg#tBsG(6;RzauTRY_$F{dGsnl_!5xpwwk79as3KF5! zr`QgVRvQz=aIKLE*MM*I$4rtM{1B}kA+aWeUfI)%O+Wm}XiotHjw~b2a|e}|meO0K zX028us?s%0k8uhqF|I7u$>F3aGFqY}3G1Z;`bEbX5Rz0L=sIn$Er3;Aq+(}~GehDe z;M@~P@ry)mUr=|uf>lZ`>tzu!BUJg5DP(VgX=aEhgi@GukvCr=l&BEQch3(An86Sa zci0`^++j(#3NVunSMXA&+ctf(V-%3YQYtU*vr;bpCO9SUid^kf+=W8Kx`L7RVWs|@ zJSL#8%_&YCL;GmhA>)V)?aF4c+GO?FD$s=5s{a>3AonI>7- zav{QMo@h`UR=~-*1pMSkz9W#rWs{3(orCQZTYe%p{i=k+jyMMd4%m(|hC|Iu^ol0I zL_HEJ@`8_%2%}bNy&?=H!)FTf`k!(wL<6BVi}ma$^`wQ|uc9JxZ24{U0&p75EVpTC z`I%)TEt<>Vm?zeU(X@o!g+#$VrMMAHC;IMf;Zg?l?(&lC;Ed|~NenNrpzPV><-ttl zzph{?V8hH>Cu-uH{pj-`QSnQUNe7BT8K9Q1Nd$zH_ zNL&Ej8%D$?AfJ;ioy9hWdMj3ByuL?XG*8r`(qV<;hxks!EDS_;1=1LDf+LJE$%Kqd zpdZ3W$Pe*_dWkqD@bbOO`jG^Wx>$`~I;Zqd)o@U&G?y);!ff0!Igh<=!>XnQ(y2=X zucA7^)$HPjlpepB8KvG+>%Su;DN0`i|L93Pny%?{G0nJFdV|rUKnCsDAtS@}<u9LL=*o0k;qdcQv62Lt-K`uirB^)AcMwsDKGYm z)9ZazQ#vkq!1g_p(L3>IW=}5Bo|@K+sEig0vH&(lT_|z0()&6Gf{vQfZS_~;ex>aA zwT+zIAD;;~l_I`AgK$ZczzX3zBFvLhwIdFo(NeC~W+Ii=vS4*cKXKQKMWU)kBKJPN zMm@0`h!AHmpGY@O;RODHH-Vi^y$J%d<`s3*BoH`~L0{JE$oTXk$lRzkmteq$vo}~g zIORi{Pvl7bR4UAb)7U%?GI`!3^qJJrNB{0^*|U3Tl|;g>3JH}Os+>6?=zISAjwYx zbA>XQY5E;2e8n9hA@wpl&0$|023-}?BbqCTCis+`@Ikwd-UtZOitvDdG7&!mIgH`r zxSTQ!bhRYKMwdg`WFUU{l56z6Fxj`e`_F9(ff$Y{Q-j6t;~76%cu!F`O%14%QHxCD z7GbazOv$@{qhj%*E&PUWVZa>%#S(N}?M+8BiXl^!>;R`vJTw1VqY^3xkq6LBEVVo` z`DWG`wbd%cy8Nf*K$IxFaefB>QOz|s?3u>7*7tJ?Y0w}2#KEI;2CH-MqBgxnBD2Q1 zt!n5it$A|f{K@pRV;2ivaq;uYuI=qE=}8Pr8PcjIYH@z^*tl|A=tC-h_ z%9CX^0ax3z54_i2L>vmd@jdA&O>9i=wv^$3C~^fW6z9dnGAxkmci`&n|ZU=3pOccyPp zuX1KZfxWSxS4tf&MNH0#@IsIVEVn@LU!Yu z-)%c@w&Hnqk-EE>P$2ckcB|#D4DG$jAG>Y&+lh%9gGbZ$55c&L zDMzalLIO#xR=CaGSUJO;VL(&TZZb-D>;2#c55IS)cGqM>0D0ll-3K zJ1PQ)!ywVCz(HvLa3rV^#Kv(rZGtDA(TlIJij!*%7G1?L^8(UrNDRBtmrnkqjuWMI zqpQE!NfsfA<~xMiV2Q3`yzwMqgMio$mk@Gj8evzWaDu;dAnu71XyN4z>{rq^i}?{R zCY`HtPZIZu>l&FIZj}THlaJhz+A91v>r4>)2)mrP%%#AT6mgnbNdty{y;*V&?7B@4Y@@p zWHy~xk$Z`A?ee`n`KLlG^sj&y>k%?OgcjZ0ZGO^DMUde#gz~T{Djb`EhE;bySx3Q+ z{C4z|qAwdag`A4}dP39Ti?FcN(tHKj?2F*w4QRI)W{ZnMTnZGK`Lhb*5L7ulXj9Ak z!6K4^OkiN`V*~1D6mkfmX>lR~nU=*Fam~eAGngZ;y?Q^k-4v=iAET&+InT79L$al!clLTZmgU!YZhZW;+~L+8&&vm5*7=VG0y1A-_u7Vi~YlK$>1 z)J0w>u)U<${>}zBAhf$qmH9n&u!`>rIYY!FTb2Dnf%A+wxtLeDvG&ZSDGBE9Qet#5 z5&1Y3$e1q9mdUcmKkq_rjFx}3T^=rc>|pNQiLPnB8Y*$T;TmG%xY3hi!AWmU4v%I{ z8{`Bfz?q_Axp#^giHMfi;;O@R;d!;pVI|d|%(xviGSz;fq`vGTN5GX)gFrMknq7^W zu0n!~=K`EIh;i*~KcGzO-@nC0ao(dXyrsVGq}G03l=x;~Z1D?2JAH9qH6eBCc)Yr8yl+!3@)%fwi=g!yy)ZoZBE{#Ezr7gN6_6!x5a`$%XUz5OE6BFlD zHsH9^LY&y2m#f8af!T;Uxcc7|OcBT0-}3D_&72CKk_`v{7@67?sBr_=uVNF>S$rJd zkbNg@DzW6aVUH8RKV=uXzS{T$@9I)h=$jjyk4bPyy*|?{VlEu6W|j{=igy3=%wF6M z6O~3a58JFjDgNEH{qUuG-6@X>60!rbt2~NKlJ94kTZ+j}nOpAu;U|v)|10quPMi?_ zb|j{`8N!HJTm3YwTJ%>XX72Inh;^vof{*re?hb$*YB>mD^mq8a9T$7*yi@!A(xo?> z0et70hoAd5EYGRbikVS#LU4fC33nmdjDmjnX$N6yV=)eBW%E7;6}S6*hng$Rj!)|n z_tY7{aS*xwokSDdZ5)5mgeZPEt)sU7m}|``CwcHk!_2j)-nINySDZW+8@=hFiJE72 zQ9{xRC2UE<2qoPe^C%nS^J`_k-InranEt<3u{v4G@N_Q?F|gJ zh)E>?!vNxAI*uxKC9rfq?gzlv@It?J zY81_Cmov}QnnYY!Rndno0HJRG4EfND)v+Mm5hg`Bj{sM0HknX zv_IGT9mC+RVQ83Y)dUPWo6!hoOTfm#oq)I$qMoPVYVL-@Xr>F3(e(=HWv9^dJSLQI z337A@2Mr0^ecLnRY0?NIQLF-8@VRTxheqFI2kxK+2rC8WY z0yxgIuWEn!CtE|hZ4z#%1TYxU>yFSsSOQx*=H00g(*{g9^EP+`)*h^`pnhj^4fM89piS)vp6!;r8J*Z14uo5c;4knV*f7=yrE@5HP zE<()dW6|0T9dtsjzC{@Bq!Q_cpByl0L57hx`mh1? za1qX~?4w^8FIy$a&f>(L6pm+ z3zwM@d$3oFAXs-))V>%?m(w(eGbz>(UR3shi_68;z%=+J_>(ZgFfC{#du+P2o+TFK z`pl%;)~M?nfh!4GY)Sx&Q#D!-i2c>t+hk^-P!_o}K&5kIbMn?Nyka)U~mO zgQ1Nax( zcKn@x#26lH6_>NDiRv*9>cSZPlehoeNm`*5p8K9TATE9acz0&<*u|zGqst&_I?a5P zUF~&b9+aHI9v#!!^EHo*l`si&CvIF7+Q9Q&_=^m1FpIB@$cTY%h4~D2Qx8V>(6&Y@ z5+J_}%O&y&Yq-OuTDgq{0mI=ttQ%}u^{3T|Ay4etEEYx_+vJod;=+0*!`=mJDX4~^ z))>bqM^tOnXVvX9&>v0}Joq?q|MhXw0;3@M|M)m>acJ2g3!nb=aW<~X!qA!2NwMvb zZE=)Lvo?Wx#kkRf%=Kp3%yx?6_!>!;rpmbeaa?4XIqXrZ1Zm>FW4hu@PRclV&(yyT zK*su$amp@9O?{CBaf4yJmMx^)125z;0&FVfVR|t(ee~&GeaIZtU2eS9Gl-p1o0owx zSs)p5wo_A1-a*`8%{YoBB(q?T52p`A$2O}q52`kd;ydDH;a>P@5tYb77%lBxG+E|w z>bhZJwq}9jj1|4b;pMb6CvEamb-!T%m?sn{?!T2h(l52E$_yxI{Ie6KE|Y4hE{*J= z8HHZ4c1RR?MZ6;;WZysG>iwEQ!E}#Ldn6!_LqfoH^E>TV|989|-^WZM$K4|V81-9p zSU@>YLaC$yFYPN&rftlDjj25Z|&9Dm`Eu16r7vJBu-(jY8a zAw?<{S`lXC8^m6#2sB>RwE`vZm8G=Qeg-bQf%w7EZ|jafl$8>Q^&z_~0lg}NGzH(v z#Vm2@Z`zjG5~yeM)g27&aSF6fZcUc8>+`1UBl0WflDnmDWDHiK8YGmGdZEk|t#)Bs zQD;H|CHF?#NZ*f&@U1d|gYtb9m^RDtrDo2$5-FL&&gdYu_6zuzb$Q~RpoyF)k+)Wg z5yZIm#9rAZ%IW&kkSe3(YIaCHmIS+VvUtb{%Ez79%+2Y3C0kE^@6dtSj-y1rVOqQ#Oy3Y}-gY8u#~C>HI5}0!U*X)Lfwt&bJ)QTU#4QjXKG zyig&TUupV*;=otz5b{ge7M~2oPj)k2rP*_!rX2JEZI!ln-BhobAT>OT2h{ya^d7@r zqlX)5oY^Lk5k;Kbpxrtrg(ZSNtiqA=wG4iJzlbo+S&#*HF$eG$JU@82lqG?~C?@Znqx!XVgD0l`6Ry!aiT1iFP&L}YJD>vYoW`Lwf_ z;q%)b3JtB1D@vX6*aKc+$sj$l%#A>9b`2r*+%aFY%XDNER*^b!EE9&_s(sWQ)mLz& z66_8Kk13|9NbNpW0kX5KfomwBtdIarCCOyR(MQ27INv^+jzW(X>`dD17DRh1to!&r z7-xDwzc5{qOG*Cg;N4hSBH@z>Za(-*kTs){&@vk@@y=lV*JJTaX&zg|wHi6zdM<_s ztB|Ln{xx;8Kw6~(%;gaI64fjsAE?V(mGZ+46Q$4rEluLInWSMUEal^@g*(LJgQ1vE zrbmvLRQ)&?q2B$)BXsFkBf~mOZ9-LqUJx(v zpJb-}#@|3#xef^Kg+c6@?XckBS1dQ)^6oRonT7F7^myWQ+;{6Ml&4PJ-QZuWW0#Zy0HDo>OM1i|yo^#eR zcTZ@akeWc$LrpR90{^C!;-FY5`UR=LeGH{J0tJDh#hKwo{?ZOQ_hpV^+q z?@&c>W19pMzXu~^@6QV~OKY%6R0U!9VAy@Q&5-7N`$=zOu$VMOjYMe*?Z6QALJjvT z9z~44C$Tk;%Fs9T_WL=luqVRHN2x<9IXa8fVNeUETPs45@rhzhlP+FDg~|BY)u+FCBrWTz#<|4%BIjO81|m zVk7d4Xq+TeKwXwzy>cDiPT_uiW6RiCdFwAx_B)6%&?7%muqKv-5DZg*(noOXX8Sou zKSRJ+Rx#BRe!;7Ce}0Mm#~^vxQgfoT zXYoDfU1?IU7fUgkz6y2O06lM=@BUu8=+(QrjQA&60UvojiPXQbhSbqx$Zw3A7@N&{ zi9O0_D2LPz${pckO|8V-?%L2`Jsd6EX+)9YU%~VaWAI1?(bHE@BnzFVN$I$PSyYSobLheFaQM z&)b(6mczv4+q`!ocfx0mc!T6Uv>?IvCS6f01252cjxr*Vo1_)7hJq~vmF7}%^VV!n z@MD!Ac+6<#@{19`LGt%>r0x)|x~bdes+XDwIJx*BIwkOum6n;L$xD^=^d^~ATy6*Q z^pyetV0qlFV}-~LLRJ8rmp~ASB>!`T6#%2B559j-+17h$c>e0E%VE_07bff%D0{`f zSl?{0H!u!MooM@sK*ySE_fS0X+DEuid{gw7s}&#QWc=m2NDJ0%!IP{9@+5FBec$&ooz08 z^llUbCH(d<`P0p|&i&Q*`@75WPj?sN_jlJ1+A+#7uy`1{X&7c;7G+n z7=$u>)r1P72W>P|sZ^j_Z_#y4g<_+l8;Vj|F_Y<|=-??3RfN1yBQ7-6yxmt!#vAUo z60%Z(SzJL_%nOXF>P3HxUU_tzmN)Y z+d^Pf652vd(L|*Tr~mmh#_ouC)fb`#jTH2Ts>mCO+>1kg$3XJ8xb6|;#Z!^-Lgc!! zmZ58WEpiUe*dekPu>=Njkw{X+1T9UhFSfUDbT2PtGAeVG&lW;F*cj(6PiA2nRcZ>E z6aap*MYGC9qpxavA$gL)vWJG$7%+$nfUbH79fC3wC_U&6^&~(Mm765-4%Ef|3{ghr zq|l_U=ES-bh$TNnfEdps1-%9f=*1$*QQ`_jn(YUg7^glLfH?E(aaBi|zl`Gic8K3s zp6Ftaiqki3D^u3dN5kVt_!YrC77<<;fj<$cNtt4qs%PT28ryeFw1u9c!}e+(8e^UT z>0wVb7b9O|x5a^Da#E!kMZbD13SH}^vBHw0MP{dfK>u}b3_R?O|JDE9|5yFr1c0kz zLM+~E6ZWtEPdE$|^&kBot#>yxiA$VTg!o_mpWSf2nlEd-_Gh2HuR)vgqi=8}*1iS- zm3l7|$9^xl5cEw}h-gS2W4BftC1Cn3JcJ|2`fpsl_g9nMpZ%SXgc>BFha#bOq&E=) zBtU3}-j&|bAVoR}H8klRDblO-s@`-EL1{`?nuv-@QxH%d?wNVkXXg6{Tx(rFoORAV z`|SOCBWqH4_LA`<%f@vUPSkeRV(QB!ym+za(x#uX;rEZMRgmUxg3k#q)bxyEtPNtI zg&or@nGZ$ftbu{n!mwzo$L=6E(@FX2om`ePX0L+odoBNzsFm;9%651qTd{ug&)(H5 ze{ABMj5wMo>{38wpN;6@f4)w9%5rB{<#)f!=1ZA7-9>YsbY@04Fp*w_GsAByLkyS6 zK2t^C#oy^thdP7okS9TNJ9Q@`sZpbiYg1WVPpUrQ0&BjG@v_K>k;YVF0}qsLBEh1y!Kt2>aV_S&nKxl zJmh%v)TOMSoGC`t4O@GXH10#KaG`xFD{gD{|hX~%FToYGEyMc0b3o$t!4ZWU@ zkNS_9%0K3nxTJH--qP36O#kkI8WR03++3mmC!B=Kl2;Wfat3qa`3tgJpq(8s!t{}iWutuHDovLBfmqpkSsAT`Rv>8&%2|AEuX(O zT{M5J8M`O5cCY01k+$OxF`^N}r)lB~kM*ScjJE!~&)~0A24nd#vae&|sr@zq>-p88 zU1}b-jgoI$hlI;@2t2u(-m+)P;-33I` z-=-`*cocsl623`wDl#Z--<;rOY7ii#XCYId9s^0^@m`3&J1%i5dBQ#56gaoOG@RQ* zf|t>t0AygMPAPcrwEdx1*{4H_jKoIuNb;?yx#To*4KXK#?(QJql1c~7d-{XQcHer1 zF-O|}kA&aZ=6f1pt-)!BA5q4HHAbIb&nMSXLU4Q^n8$Sb1d1QUaampc-LK4q0ThLn zHya>HM_ZzQ9eC&FhcB}~hbQGU9nooV^vcN5C_4}(q8TiVR*>S6jgFQ~(~#llZesfW z>Vd^q4GKd6h~D_Vy+@k0Ohm3~G`9l~u?rAZ{oSFeDrRRlS;Q#hp@Y6>oCKk9mg!CF zOQ=+5YuZBz)5U?&BD3KTno3!%B|X;f_1*;AogZmfDW(`c_ES*eFf{E4>fb`>JbO5}G0s>0_ z;)^Oh%nIM6r0jGEj?6UVll;b+PBd!^T>Lq4mag9A+5YZ~RDrZHp6%&po`{h};iqXW zQf^H3ciHL8!K~}AB7cOuKj2ts=MIea)y28JUF?#4ByMy!*_P$=buGOB_118Pq)JBp zx~H%wNi{llUr;u>lIf59?ch^+x*Oz}v@^}p^Dkr)N;y3hgY@C_nq+*rIa20vKOM}? zSgcRv^xXzaYbo0JpkI`v(pP`nUshqA`;O^pr@ldru_OSJkp#%DX^<{1Zb7B48G6U5 zm=i~4|2AO$H+-*&+ONKM7ND-@KjnO^pKJfI!>sBu$}H#LINtoXh=Ne-Yp&WDbrzN2 z=Cvb`8+FlvJUp1>UnT`Jkx$Rx2%Irnc8$1} zIK5i>04rh_EoG6k{C2^ULdCk_?+@?Lw-$H#<3`!cCky117TNx~p}+lkRir?>?)-zF zFeY9~sk{Dkd?$1*H#X=WNT{dTfcabK1M^C;H4DFmYzIVw4jR)5b=?Xl8c z>zrD>Y02FOnFi+_Ag&Ypag?u~*mDUcXz6`n`NfkgWV`Z_-c{9)j2j>X&|4R!9V}iQ z6WjQlRuWo{t+aGjUpT3-2wOsf(@nQB} z_804b@UCY!-iD;UD3E8Bb_HY(U7x&9Zes=iUJ23zv;?0@FOyv#`%3)qs`a+y^?Cm^ ziwvrQcT98l!=8V!S5?hg%K(cpT3NZq!o}a`U)Dd3XSnrzQoYcz-monm`$%%7&dYU> zFE4^BNdgO6@^bh#Sf|J0B0n}f1+f7Y`RX)(;GU+`omN)}QFKyK+k}sWf>h3^$}`q^kX zS!=ftb-?iBYli&HA7TvD8A&QSIworOeR)(k)eY}l^qza%VsNfG5vtbM%e4INY0r0` z^4EEcz6P0Dz>P|X5m1_gF8k=#En3~?txK{v*0a#x`3t_Ltn{)EcAs4h0r`G|a-DY8 zna4I}?AP4@mIukOKV0Ym)WB^$3i?Vp0+>4#frsT(fLY7#(%8eAv!xdH>1~_{;cir9 z>Et_(aEAalBRnbx74fkP0IV?i+XkSCv1d~^C9i>>RT3fG_qP0C{%(=X2Tlxm&K0mo z@(qVs01?y~p~g+*-Uw84hp7p~Kw6Ypfu6T&JZ`|v15IFeI{YEcMCc60QX4PX41H)G zF~$qXgviCfAgRqz6?eF(tR4@yyB!{OeUw1XZ7DwvtH~jj$EZ>gqsa%HDgcbefiXWU zG$>~5DF%$Gg5X~QVXA^8o=bSRt|BbH)Bi6amgWF0S*7_3Z{^Piu-ymiO8TaznU8K! z1dPKFIdN<=<`hKFx>LHSz(nc|v->(Qe~Tn?^(54IBJ7lYV3=NoJU+=C=Dz@C;SQy< zgr&+8p9jI0%B4bU{T zImr~17)c$NsyqDpyD03h$Y(k*wa&ZbL@?_j{Ru{v=RiH1oT!>h0{hbTj>Ev%7%-ez zQ(|+QK*;Mo}ZOn5?~AbFvK*}O9>{HMeH8WA={t` zkk7~)fzV7tY;;hm```~XAjk=2FO@9DUS-r0hC=4q@ME8zT6I*$ykW)OiHX-0&`ZA* zN{FM%2mAVVTAIa-7lN1)T8?v}>Et!$HsH!Tc=yNZO0X&=%d=qVD5b|z-KO(za~!hL zEQaD()WK}K%8tM39(MR&Ve&u&kczedurrnAC&dg%-0k&PGPwEFoT6h-$uR;e>k%4= zy&IlOqRux~ait;-s~Zz^E0nTzkT{vTc<_MFC7u@6{(!3hn;{J2hZyeV7VzuhI^9BZ zn$agQA(D$2Jq%15Y7B4~2rQlO5 z8;gXB!zaX6w+AM*cR`TbWWZXojoQRBx>N)f)$D0JC*M&AHxq!MkhI0UW}YsE9obDw zUmo34z#SJ5b#!G%`TgCL3!%QIF3R<09T8-2OLN8zb`(`gSp(<<4Z-NLAG0Zc1|dQf z%4i0NSvAO#1p*~`k_p4i&uS|O^)><7m-dgFFtPk15avsdrpx}k!O9p*UFxsem30%f zCxXQ}wcyo>m<-ZW-SNE7btTwkV3}}J2coT}%e^NbzWSx@BO8{okNEw8)#@pj3X26eZ@|)`vWDZYXhp4PcTG0tvO4_t*_v!Yr%6ptP!d_W-$YEvAC6zyW z9(-w+1x45PMvHO#{APRm#{pnT%81OLl*(!3xh}2OmgPC8J1zm>DV+6re6!9v zPX1L-1J=IkW`27faE>NvOEa^VhDfGZC?c!+UCT6-YH`jn(_u7>#KLfsFuX z>|G<}AQ=Hbge&?bt1cS#OMz4~T--O54x|#|-#&2H|rEqR0RxG)Mz40J&P(Xjhm(QBi3{kS3vBCA@ zu3|V&)Wd|mmy+BT_juip^d_`7DDH1#$Jzj_i6}0e>cR5<*T3oXHK|#S`#dnzJ{!u!OCYaK{ zh)i>eDJcZE%cO?Bq9nhWm_(WqIT~St_5H5?}3ut*b{^hV^!Kz3>9B z`@JJ@h0mN--cZh9E_X{2M~Tp>ERO9*p(C#uZZW(p1v7`Jl(0gof@6LAq?@wM*+^ha ze?lq}V%#5z_yf<&Z2gibedAJ`-j0tXEi@zdjeZe^b`u3qqpfyan*Opr|8x^p0SHMr zdU3N6K5r6_h$}Tn=@`VowB_H*8Bs!D=(2IyQIU>pk0gVeFhQ`B(KHm3{PxptDa)Qh z&v1BN^c?fZ(0y9^*itC88Kj)ncr2&8tXWs|B{fGk!e|=k@#oz?(MiUm^#P4AhmViE zf)-Pz=sEc-v_537XW=?+{RqvePvus2;6PHp#*VyDT zQAqho&A;*8k;t2dwRbwtRxIGDGHp5Le*^O8#Q(!`DGAM}ol}UK4seC_R3i{;%{qpI~mO^_KW> zE+W(m36#NsE}nm2P~GIavndd4~R)*%dDK8n)+uP0UeKc3Xpd+mQZsgktx zJON)|>X~u>?MdlJlPCO_CndHYqmu?vC)qOmPbc+nA-1h*s_@eB3u6KwHm(E}DM4s$ z+r>OmjZ~GI$l8!Ysz)=c&$ZXR%|NSI%aPhdUqA6kg9o>gV;?pCZNk!s_^7AXSkFXZ zGG*O4d(3IT3B9FF(_}%Q=&)91clu|ji6A@uqpc-b!V(nCCa0N^Xf^{jXf;L_bfLDW znXx_6(=(W|t3-W3>xZElCqcAh$Y*mTJ?qzZdC{F4WJ*m-QyXJ+NVnGjnb@Gd+O%NavegOk#&M%P!3g}z$yI*BmuJN;IsZc1677ycQF z`1CjwXomI&|Av5rS%3dDp`Vb7FV$HsdpPZ<=5kVM4>T9BHo~q>-w8#0Tug9#p1LfH6Y{23+`;Ye8bVw$$e#n766KSQbX2GXJlQcvjy7 z@D*>40nI7eN&+XG{~RY6UUAT2aHBu*+bBrUNv6A(IDQ91gO=mfFk1U5U|r?1US;If zd{V)PuUTi(@~)_Xg80bOKSt1jf#VVF;fTzr8;=lg(;uD6^aQ>kLU;h*2!IhXO^$h^V4-y~7=C0Mj8mUxEM3bl zUvqLPU8(rBT~__qdAPFvkwX91rab*?A~}>KE+w6cpooZ|J-$it=4qAaGbt zXTMM3B>A8(JmzHUw#?C!f|qiKKVwcH5URgh*SleP{S^s1SA!RapF%rosH5npl@!@J zkI@W-k1vC0hp7NcC#lF5@&Io1o#NNO=+?~yV_&c2Oxp*wLnYU7YAy6!N}(z<%A4dS4DX zj193P4r($ZX{7|FqK(S1haxh_r?Tmk_tYJJO#@>17|U)!P#_K#g4R>iK*H?eb;I#- z?Jh}In|q9%BMV3No=4JWdego8SNh# z)$SOuS>&7Sh~=rxR9WC$WQEPEin1>#@_&I|Jo@N{NqWWoJ1|Yro^#6O#w$eUlc38? zHgyWYGbjDSM1Y~E(HmLyeYfK2m-2H#Ciztk?z4w{hNk8MR8tpYJA}bE1@3c@%*}dju^y&Li^l3wqi*)tNU1B zF;T$4aKh**<9c|2BKveQnjw$5k(8}ehc%c}d-Hb3C)ktox;TT@Qz2Opf@y`zMgZ9g z_eqe$x?nsqO#NPWh_Z7Q>W7mmkC*uIIwVd(O$1oh*)%rW=u4*7;(SEGPV?}Vxxt0- zYg)3AL>Vkdn)i2V+xwqfi`MmXhjkV?OLT%2fA;i?O~8yh9RemPiRPCZt&c9x#Ij>6 zxTT%_YkC1+GtYuK7{6DRP%M7pR#)_{kEyd>tB@|Q{x(t7n>h6#=P;>=U))VW(PlL6 z$Y;U8BQ)=9t*{#=)boemOdK&5O-?IlZq_s_Bx2G;^;#9xJ{?8{RUQYyk&ZUS!pWC+r|S7k|Ay8m zUnEiz>kGmeF>X#D0n{SPG@xEx36N8st($=;=h)<{!fwcf>`N1DeXr!*)^6`Ak9%+4 z6#;p_3UuU+E*Ushm~FsjTh=P@F54@0Jaz&N*~um?QT+tY`S|X0@z;qLxcKy2NKlwd zhsCMfXF7;~Hhk(m%!dpCDcqS>GQr*O8T=d{7gTxwT&TTd_%pYS*|QCgmg5vs@i9gH+o3Jq_r1&=o=KVzW!M-@LpuP1{OwVIc&{g{SvXX{fZQVJO1UR>3f zmom)T-A#ntN}S(fUhE4buXS=~hG&{~=DSX|uqW8%YveQO-B7(mll|Upa1``5o2Q z{kqNaTxdEwb+h9cW^YmD3kO)OdYSWSB&B>?Fk#KbQ&RqE4a3lNFWf0ghi*+j6D4op zoq|3)eapl6!f(MKG17IEzwote8`GDb)KSZU$Z;12if>Qux5`#MjNOtawtcg~Y`SK! z9KHrE3Sz*dhqLFvNW&W1KlZFlQpgi^x`|H#ej(a@#U$m0l*>ite|Bc?hRP^x+$?0V zTGv|8uPJL{FnrhG@srHb zr}~b9T08}Ty*iwK%r%J&l9S6%uy>+EfnU&rJpeMkjyEO%lqH{F=qo=9314K9=^M8C z(k1VkDLB5M5$tHQpBu|^N(_Etx!MwI_*3rF3`U3uE`G;!Fca>ZEm*`P5b36q(_z3h z@9VK}{o_X_Z>d{;QH+!n>4dI`KLh5Hl1ZvK4Ey+Fu~9H9L# zM_qo0N`5=cys~7a>1lgBn~PQF&p6ldP;;{@>)yaEHk#QSosN$G)Xut47CUc_);0r7 zO2sM+*rNg9%>a~|Q$!QPZMJS9^=WpjWN=>~o@xXD#Zf53Jd8BKA`dKLh-SgY7|l`L z_au$<5jI5&jkyssL~MfPTje-`hdX&8A5Sf>V~E?v0OOq$8knVvX2RD`cY?dEOVtxf zDp|+|?*pi!XMSOP#zWnPINo*Y%P?A;d?cTk(vWS=QH1w>AsND=2Hi{`+su5w$gC`_R6Cd% zY|J9}n-0$mFXNVf>}Sx!=dF;QKuj>p%y*ncfn}+bbP<@wadBN~1s!utZ2FDn6S{?U z^D@gBFJr)KMum+J>@fRa|ATxMNY4A3!mQ6Jj_vlC z`C>Jv$2ksZG`x@a$&-`H1ai3x0p*2-(qUzDQrnqOoMg%w5ggsk!@MN*$WdA;?MC?! z@+HBG#H09XpH4U@N`{!dFHGB=V8;0|brDf~WTm{G5Q&K~QZhl$N-7n-1&=BOt^Fz&krND6l zSl9?KzpIZeEfQ@7om{bZe)@UpKWtY_Vn`6Vd{;#c+6KSsN75%*FGBCt^K1 zq8WrGxG{m1WYa-P(`c~@mXl2iD1hU~tdf5>fb0y6B8aOg#A^P=ppkca^0JfCYpyQa zTI7;gB>eV%pjLc1q#ZeykdhFag%&_Exf_dGC0tMj1Z0Gsb|V%ibUlqRCP483uSqIyk}v>@#{!aCKKf6+}&N=iCKLu|_r> zc2b4U+&hBGbM=IB1vIMAD~d@^;*3ZJJWgI{A;sbfuD5j^_X;0h)VAGEy7hu&R}@V+1dp(y6BF$b)YcrE}$Xag7J{P? zOxJ=vHl-NR;KyX}Z_bf`n+&R~jCA$T%o9L*Utif!gBV(PmR-YvOhZqmZ{eI6 z$s~5}dvhTlM*u*cjgrf>Fh_uirz7f0eZAsc70;Dh*FqJjqYY&q{&Sjn&k-%#`|6+G zGLXdsQe+OaGAIBCH~YuI_{fMS0tdzb{K>*p6f~b)=IS%;sZjgrT6KoA?_DkHWPa(G zROy&@#R`pI%!ft{3W+9I_QA1C-g|9EPXveRj+lKd>=Y-ZQSBLt?g+XsDGVowDOprW z78Hf-x@9ZlOK*T4dTvl8tFSdNoz-gM%}_l7X;*&Sawc=$a*UgM!MWb>|w$Q(UnYJo}tn*(3;3b!mmSni!_h;Dl znwfGPHR?(s$wU)nvOkLXx@p${ED~|UfZ3x@!c>^{;bH4o55IIusaD zvWGa1!yiG~_mp8gz-#Q2cF$I`sxM*VgeS$1xTpi#Gak2}Uy)LdWXJ^ra?RdYf3kR; zIt+MvF)aneB&}+LF~T|yR2UpoVTSgn!L|l19`%GP^3T8qI9j23IQ5!0t^&ll!^uZW z#cFIpU}F8!tV_>&cmfTReYcnvR@H+WRVBk!4AU|iXwo8H>d(he1L73Y;kdo-H?j=j zNTMub`UX->>2*IZW*i{IcU1!il`_~I9;qWHCEcO)5qw9S>YVfH=>U=CbYYLKeX$f!bM{w^SSHkrx3>k=L>Q^b%WFNX zgwz~$l;M@A0e7$EvZo_zshCrXQyFLiMDW*Tu z$93VSX}Bn~u%BJ!BLf;;C3BCV=S0CLz=mnFbr}1LO+VRJQn~j7v^v zBOicEOFu+Q<*m%L-Bh^=9%gtbzTA6pQ7YCYc_c#wtl;>h+d)MlC|V_;;!KnM4QctD zcH5Hq7n%|7@-O<^VP4fQAc;bOtN zY_GbCCkXLM*n4Zml%ODk!H|{nB2;pmvhcBzk<2Z%mz49L%lk5<`Zt|eI!brq0% zub%q-1spw;1=4RFGQ4V&ST8yxCuQzZIfpAbFq55d!w48UtfTdaS_bSE)u6Z_J!%v+ z`LRq0|Augh&uC6=K@l&+1YxqHwB)UEMbGNlF9CPzhxw|QCh+8BM6=ba{ve0e4>kB+ zzuIL~2c4q6WQgL0_VEO&Uw~OskPH}g?LJGX`rN(rV`YO2*z9N;QfW!;l*E?tFmVFj>Jvw&FX{c@+11&quc#=}Vid1GOe z@@+~m&K*AX#jGmDv4o6kiXH%Cl$K)3Z@R!vzrwv?0gfVB5WXoh@B8Y`P0gOmH{q&t z$TLPA)CR)v0b9GkS+bxi)dVi~y-e0Mml`!HYFv<^e;Mt^9d!lkjO38xawKi7&Tpl( z^tg5|p>Ns%N_@h7^j4*03OOBepEgKwvr2K~GmCLuEJ$&a9@Z~R?mbNhf)OaBIOD~= zi8P=J#!8OHbZoWm+q&Mi3Ui-b6Ej`HgJj;SDkMPV3H)7A!P{D4xqhI8J&pF_6Zq{B z0NC*?MXxlV-l)>Z{A6Mw+41d@&^1pr9w4!azO??4kha6r#A4s!Jo6(=EpTGPIPaZY z>z{Gau(OG!*BbL}D~w{gyl{YH9y2J}K%D##_#~zj{Z*D97O!D-6szpI_@8>!KfN3jE`__T7`A+~j99 zis8(v-aES54<;p5gAVE@T<{yT*w40!YZ?>qg+KmV^IidVNt zr{&4NOh?bv@s{$j{~S?5CUv&|$#nkfpDX%(S$)}7{ifu9n2uLRRHlgCM0@RAHLhIu zv2I7*+j`43&$Wq;`h}{-ra|i)%dK>oUsQPwQpfI-1tx+Y_Yjiq zGZiugj~aXBjoy_&w3eRVTtX>7D?b&e*%HrtE^$0;kHpJ+MoL9#Cm89R;fejh3&a%V z{9~eW#n($A9XC>v&qeph^Y6D#Pl+?ZcT+bugF;v|-`^Db9>xBT&&!#CRdxSe2d)Tz z)?-ePCdXLH^;k;Nahnx_)G(p5Bc{-cOpbX374z*Uci666=Yss&=@!QWvXSXU`B+KZ z<{eGgHrHJ*{MZvUqwSs4I|RFGO_D%wKSx^F2;h#>3ns^sgbSf1Tq>@Lgbr3wKI6G+`2LMDwX3B|WzT!&XPq6&-{xrlmvNev3euiWWxqmc zstHd)lsnmD`^$#hy!wqOGRdU&owFs{m(bpvC?Kl>SvtY37z&j95@{FcCz9;lOO;n6 zV0~%ilH%S};d=Lc?`Wr(SJn5+oz=b1gJdZNCID&ry>bmF;cG}*`w&W+G1bYiKvA_9 zjlN5@lY5#5PS9-GQvoY_3i)K67g6DhZSXl-b>uZ=CeHQ!n^FH2qS& zliGE`i1O7rax(S0V|yIO;;VwwXuxEDGmbXp=&er^DDQE~{c%GmU`YrhKm6_@?8R-C z6e^s2rA0}W+-I&s>$uI(-^64_=T8ObwJRLdUH9|jXDk9WM`li=VK)QCS=f#saVwy0 zRf5|1cTFuPdRD`+_JLGgQ4P@a>r^f;bkR-NUw_!INi0CEg{ESt!P{xlZ*n1^G4uHB z%r;(LQq8EDtJXR@g%4S-loU04LOG@&g!8!p*LXiV+{O7~q}~9FDna49gaQ)2`G72~ zorFwaNeQV+g~~U^y$s^q|F`@Kmp7W!KeO)o>cZke-lj`6p>nbh26w4CllT8Dm)S#HY!WVRvbN#A3gu z&p?cVw46}&$P}qH)xV$O`A(@Mqixv~05BRivMSfj6>vH@hwTe z@iE(_LsOtizLa)%HO}79vpa^BBWZXL<1&$bVy)Hm;%7Zl>;64~)+CgKM{J-@3j2cb zV}(cvK#KL)g6r%P6vQ@3q&E%wOL{N&TPh`*Y&uK?>Ex7LDxdV=MsVN;bd_!BrA{xZ zR+Zn<=_0KmT;)NLfmw;!`EM;3s_fc@M6!Kjr8+7}R4wTAu1?>X0D*eGYIwU`?>WC5 zAdPt62sO$gBRKETz+ISGduJDLRGg~8s5v<6NXZV0&8KgY;n|J{$O^%nw>@(&g07P_ zvb^Q{EzsaqQ#V~IOFQv8+q(1u$VSd%V!sS)LK=xIk@MJ?UP^1S#VCGLU6+I*O@BI% zmc}jBI6$R1_U}3us`L7F(Frrgxai7WS106(ex%-R7fBU=+vU3H^iDr@Iwytm(o4beIJ`RMfbz!dJ-E#s%q9us0{UuhIOET-q@H{PWe zH$Q}jv2^-QajJXnuY_lD8~5l*{#?gx*kVgTb5oB4Y8N*CIRh!i;-ah%wAaFugR&+A znjTWks_vLC4DTlZSt``E9yh9Y@kHRGk$t^y>)U@-H0A(Qi(E|;_v=CDr;u77atdsi>G@kES54W9`Ox}n$ z3>l`xp4E8xc9Stlgi3~=bC&=qb%xYaoy`d6n}-nJ&gaAk1YaQ4bCFXXS^8dp@0|Ba z#eHu5DQE;e{N7%N;Tc-RB40>u6xVA%|6&~tM);GrMLM*S->RQ}*MF_EIo@E;k*fmc z&M}TyV}(C90xwPe(rHbx^Ad!MsOv;gM(YT{y*{+gvRN^7Scr>8WUZ{Cf~uW3j47>r zZ}NOpeTbIJh~XoJuBMTbai40$A@)aD6OXh5LU{MrPvd9|0XcZ^EbV)+6!+Oq*FQ&$ z#X@{Fn^Y6mK#t8E#CAahEm!JXPb1nfJVJn3GSzeL61w0oo;BtiwR-L9NX#Bv0 z8R;mh6|Bdw6Z^XA^{Oj=9Y%MU=o^M9od{g-$n~4cxPcE^fUV;Lw6)g+{!l(!r?`DO z$o_YqbUSQ=b~-BMdzsX*T)GfFO1_OY*-3Dhg2FJG)-}lf#+9DT zttAtlQ$D;=LNk2FbS&4lw(Nc=oVfY${^>uVF(>_WFZL<8fG5VF`L0hC@=aDi*q$ca z%ZG>^-n9Pb4S<6YE{VgF){Eyj$J$yogUg4vo#emYH){R*is^dyKe;T>l9Lxd#?P<% zPJ>+zH|8X@tWO4^Bb@Uvt9}+cfbqq?CS^a+W`xccW~;YP7MB)uGG=ntB{7Lpvct1& zbg>-3Oq&E{Jnf;K=+MxapqUO9D_kUrC6a>}B_&ezFPxMSkRV(*Nzc=l8D@X-36O6V@iWc5=`nNWvvQ#h>4 zS_8Dgh!AVVAd4U-Ykw<%0>Jx)yv>db=>9w&2-M@2@1bIk1O0eHhWSW=Bx3Q0Az zGE!pn=4dII2*E)bBs*$Y_05f z7IEr*Mv@j#%aQpnN$aMA#ELCG`#i_n$_I%%6fJ<&;0muimwzSg5aJvRP4NtH$Os?J zG90O6@?2Ja~EYWZE`T3--DtDF~0lVxqF(}O9!?)}x)s2^w9GLWijkM1Qg>PO=+)oWz+lYF+k>HKrdqaay4e~&HBFA}VX&sJ zA3xG#^WAWsun{Far+I%ZuO@U`K_HWic!e|4^(`MNywSVBYlPn$noKjCsK7z-=I?5B z$;!&O*uD1JZnNlqJAI>ygJLLh#S99JH45bOG%AE|mDf`1c3dhDWPP|Zsp?l4E#UeM zvt3Jc4cCZYR2%BhQ5mAr=r3vs5_K*mwVc1-FpN}XCD-bS<7-it-#`rpqOMzw1}l=y zVx2?FZXO*7_r%2vGN5nGweeNSdAdpefqq#{sueiwg4wGSHC}4fP*iJvv+BCai?2>? z$y(>zYI$I929O;tI%P!UGf})>(_lzTV^c(#ap+P9SZ^>`EZS0DLLcf(!BHP$Fv?!i zAS`G8cWwY+{(iqiciz3%Ll@9~1PbJQ3vkyb!)Z>v@S)F-F`h#KF;l{|h_*qedvkaj znA*zrtE|5!phit5pY}E>BJo?7lmTd11GEQ{b!xkIi79)fS^Y=OX=z_2OIGX0P~d9E zw;?$V89ep9D&o=60NI*AM6@=lVb)_a+pl~HdhO^)^Ll(sZtFV+v;s)nU+)^ z^ChX@i4xNE_A;hIOY_J$aDn4cvg~LYna{_wjv?HWb7zE!!lCk>+`8`X^6){xp~Rnv z0lKHcpfPr*{`)Lpt#NQUsQchiZRbPN^g1{9n@rlXsqxjbJ&y? z<=nBa^WU42uH^;E@5GYWTZqmGS+h$SA;xsBmm<#k*Iuf4kIqR`CRC}NEusotGH#DA zR#%N9X}vG}0$>9ZB1WD0oA$3v629;-TCrsMy_U|EoLg7Ek6?%i8+rI(fLh=P_J5V$5~J6_YeOVl#Cx8)Hdn(jW}%~>4GyFr+Z7YP+@Nb_;5ymfljNMO|(B*%|C<+d=FbTi7{MXk# zOHZQX@VwMUuxZ@H&-aux&bK&P5_}q0VD*PA9TjU0(aeWyvJukZlwvt==Bt~%9=F?6 zZfW~>C>WRuRCvv-CTaY7^@jI+VfZhlNF!^Q{kebz*(DN`oy0cDw_3*?GLDWHw~?Uz z2Ytuhw>2GOlTYomb;-lO_C5fyxfzMi8I^X`Nugb4=2H!*d9bl|ni$LN&z&B;N^*@Q zR@wphmZbDvcphJCfC0IdxT3z}Vod7jw>6BZOB@?rZroe~SOm`rClJ*plWihP@8x-4 zOD9$;0#sen@~(A$$ESOK0{Jey?B5nGnc932p2i(0T&DFIEIp_u%FirhVAJ)t!IO>0 zcjAxuaCt{-+WHyj)u+dKtsbH<7`5|&rz)PBF=WiZ?Dvahry6S4o1T^W$c(Pll!_DJ z*N_!wvf{dZz4uKC z0J7(bx>+7Ll6P6D*R>@MlUCg0Qfuz6vD&309vdM?k&04Aq6DarY3Lf8pIaB)K>cfq zC->l}^rq*AoVG&E=zErEU|LEndfwfRQu;O`Eyi8o*<0*xKqRLG1F1Sa9*-MmW33@` z?S709sZrla9!*RBI>kC0)VGo%MQAS{t*2?}n^E5PgAFEjzBLS9wrw?QD=()4lSjp}6>!;q;8q$O4&ba&ktP4~^F2hG1Vk8( z_{Rz^L!R^ACX>Sn(W(6mxpU)=NgCR5)6qN7`$;%AD$RY99QLcntBxDH_}t=zJI+{x zX5aI}i%W2X<+1cSsgrN)#{v6YKVrkc*=1>jhwzQPz55^BWhnbTIn*D$_OvPc=@@c{ zpZsjh|IXWhfll&EzsOrzwCA7bmh8i|c!3Id?ZK|Fb6l9i!?5$TFv5wS8jymAlH$D^ zBX%0dD-?w#get3RzU(*mba5>HMVP9-g-VMW(T;u}>misIg-@eZWAt7=in?4U`&wxy zfr`fBK&pzm+uG3|Dsg(d(M!$baul&%X|%$Y+PI)tyKb|)Lf#oO^b(dXC-69T%2=6XSVhvK z%j)QWT~bC~d=_h5=q`N*IZ0VM;h`l-uIARruiMlPkPHl|m^HR2FR{j*6cUsmK=df! z@ede+d{!V;Qzp={CVU@crNbo!=7kosBq$3d435WDkB8meO?WiOmaiACe%2owo#U8p zfMxQO+oRLPh%})XdUwC=>eO?gxShOIf6KJ(-AAC8$+4En3#X4H)cN%(Ddcbj@NXEk z68+pRj9xg3smBeLo(>64=S9%-d+M3e!I_Fl2?<-{ z88`DYRext9XENo2Q&Cn~T2^p$0*hd9mi|(f;qNRQBHLIg+te!CJUH7jKij$|+jc4Y z&hKn{M2@3Ujwoc&q< zmr;!eiUaHb*Zy18Q!!c!S+x@XYxvNAfAv>%_$kkj28hpdl{9Ufm`vxu%I*OrAEGc9 zIdpO#U>(b4E4dYPTFN7GkE#5^CJvUZn?yxy*j#|RYDj4@Tsy^=JLGdQyp*9T7bmIl^N`%9g;-PSxudhxgScyebo0rNFTxk@ebYI$^rps zMT9^5HH24;g``nZ(4qDj2A&NJ{-u4__v6PuETS6KyhACkHzJ$HWA8XbHGr9&n6C9# z1$Z$*S=}%E@FV^9ZyZcR(no(ReYO@g<%x#+ec+R(i8kes)OR67u=6}@$|Gn-^Xkb? z7xBC}#5ehAFHif$HTY7;37@7P*v!D5u`ZhpBA(s9N@$4Sv$Md_Yt3%}qmn1|h>M2S zG^q=H83WA9JmCMM>^;Mp3fr~KbV5%;FG2!@4$^x`s6l#>-U$$jN*6^T^iT~&nut_E zKq-OjPm8J-y(gj4Ni6Cf(x9mOd-rpQ^%=}LBD^ISqaY zamR$qbAU4mYVW;Bgx+yQ$%?*Yh*i57B90N*`cxHh}i(B_^Xb z9gCWmbYZYav}>L9qFy3WMu$m#To9kcmiMiB@SnCQpDyYCCeabS4}tG86%d&gv7Wqt zGj_s1^cLtG?VQvK*S@Y9ihUR1B_A+W4oYQO>B!3N5!didKXVIVfufi5uX7vOjlbE< zDKi~hX}g?QQup}ViNnJEo7HwQLbtZ<%3Wh4f;I_#ILYTd@E^M)PYPL{-&bZ7kp~qv z`WNF`pY9uXDQ(2@AS!d6k%RRmfP;I3aWu&Uwaxw73pOIa}6GE`R6M)9lb0Y zJNxe0r;}=)hY)$MZy!33LZ8H&FI@U?61GJHTTM9@zoGXpw-g8Rlos4wzQb8mE_ygZ zufBC_;1aLm?n!WqrO$~R&J!vV0lcN8jPXQjDkHg5Vo!GVJj{P?C7PRq;0t(eCv<)f z8HrLG)RE-&83lmJGp}?G=y79Lm0F4By6lcboUYcvx(|g$mMc>NM~IFCkGH1Cc2aP4 z07w_Ja4t8OkZfqkuuX@{IU!L+gv^ZO%6z=gDtmqY)lYFhfm>lTdFSZd1&+nv3zh<@iR%p7+qFhq1JibR zSzV;`Z^9+KKVW!(XVdYhQFcsb9XAc<6E_>ExlfJ&kbJb z&HiDeF^Npaq>;1JirF?3rt6vyE>8k(4R7*~l{R4BId(|DV_6 zz;q2DX;Ejv+_r-8IGWZ_Y9T3d<%JHojudSkQ70!BoGjl(NM_o@YtN$YT?UQ z3+rCLFHF1lIz9pZ)_Ee=cXL#FZ~}XI5dP*FxnDYXg0exbq(};vsL7)}Hu~TmmRDP> zjD^HA7H^6DOo+3)dC0yOEx26bx(*K)>U|22?#xyqtm@8)7;lzxV=oGE?|2IM)x;TM zFrRX1_YJ`0TyuK5+=>1Pb4pb_Lcs*?34qci{lW&oc5Zp(!a{U?=F5flKcxP#W0#lM zO1yq7XZn1&Txe=`LvZKF({O>DIZ19-GU-8^25!sA!y$0r?HK?WP3`?@3Q~?X$^Eo< zgO||bA$vlHuqv8qqO&J5%WusvaZq}HO`{WNJzfYyHAEXF1QrCZ2(S@n1Hi_w!GU^! z018zZj^HWV@kaHiA>_kauop#q%my3*B8}PU(FT+NN7TQr3huyDC0!pt2GH~Gkoogp zSB3u>GL`=;WIB;TeQAPuk=;cTm8VL&Q^KYgF{_i5e7F(eM7m{h+ZvW|G<3S07AH@+ zsCgJB{=EEe#Ni3OGLQ9bS!s>80d@Huyno&u zUcq&Pm&|p~L1FjR#sZPEkb2P9-6svU#wZw(UU+)sMw5pI@rZ-qofJH77!#Lr!L)0C zjt6Azb{|f>X#qHn0Lbj=ixu-}bVhpK%`1j*X_yGP8YvC)&YXCTtZ@YiUW%Q}bW%v8 zKDsb}^7v!VI~TnRvFZmv+IYaI<87jAGwpo`?u*LQ_VSbNiL>#qf1Lc@`25D}vr_Do zoT7lP%NCeNmxjs62oX}oZ&W#qwNTnTm0O5aYpxFNkb?i$8!k$BWdzg zdjOw*w!FEHDI-JaB-cfHbigM>N)iqxu|hTA3|PteV*p5qp4_ivqtcyDWWWyhn^ypE zL^4^*=3E#DCth+}@N^>qjTJg?gcfk}B1HQZ=wjq<hF3)Z_u|oCe5C@m={LCxXi#k7uM&gyz_NJ##=v}?Y z`MMii1D5Vu|4f>y)1*03!gXoTV*usHY9lvzq)wDf{Z5h^*gDsC!!z;$KNQm}-XfCI zy0&)Nda88q=NaY$f8SgES@KG9G{5($BK! zpjJG{JIRmd(VgB}&bBZv4L9K1S4+I4x%6nc)dCA&1nLHMAF@dq^H%@`!=Xq#AG=Ja#U@*`kp^g3n8|Mv!H>^6kIafW=FFRsc- z`I2&vxI}Fp>9f-ZH?zF@ilh_sJ!89ZnlHzVpgBvULzY({n_RCLU)SiuS>@w$YYAPE z@!l@^DKPo>;Vv*3c`7A(mZl3PNc2js_Aan)tBPd9^ae#Lp8vJ^1c3auDT)96UaSV# z^M+fsj&OXi^K7@VPtb-^l)pfQkZ)FKNe-syQeO!xUs~+V_rQ_Ex~hPvby9{R&-jPw!tRBC{04kx`%iw4La%3dTrWVEO~>C!64tteCw1 z?sudl0q}9M27|l@shN+=}ni2FtDbSFZeXt&l@Ke|{*hwjfd3Brt=! z0{i;Eu!u=c?W%KsQsX^A2${AkB3E|3CT>{#8;dBms;$QkRn&9dMoW;SoZc>SRQd01 zejMp&n(Pb$n?7wlPhGH|Eu3xO#~Y6 z+!&7-s!&dCqiL}!i3o`#aQ&&5@hht7W5{T`upHIt@@Qw7O`hUzflA_he>c%WJA1(= z@@wH=c1u#-?;q(iO*ERmr;{*j)icQ3Uaj+F>s1N^?0vUYSUUhBwk)W2CF~@z=ue@C zGU!0jBkq^s!TZ=j4k92N;{)TyG8iSA+l<0$6yy90!o%gY zhM`#AAxsJ7?m$Yv5VJBtrs3Id>%SySwloLPgFf;GKCsf!nB?PL zX<4h4NT?>3{;_*pdJeX(ex8v|TqXA$qr8o{58akXFadjQ#e|d2Y!}I4w#9DrjAqtn z@ZbY#`l1Pkf#)k@ckYu3dSodeH(E)0C&UEVylu^a>_28r(#r)oEb!8axuAEUnpSTvBcX}(3rVNwP&vLNa%TKZ zU}L0dE~iam1j=3S{Xh;ODvZ4ATx0OEjgYwh!ScZ!>dK%6oNQ#1CgK%JrkjzJp(d}R zR_=SE_w|7;^oBp2K;tt`p{dg&R8K@9lSkmuo-i zK}NW)o+AJ~L{PBn={S(p8Z5`o>l}t2|MhQ-EwKoAXJ069DzIM-0@-fc4E$)3H+EnY! z6`jf~FexWPa7SnZC-<;|Jt;y4?xR}YY&Ej@k!$ouV z$CL0`Il*w1cKVUMo^`E{M7Rd?uDPhqB#f)4##2e6e-b_bc(X{BM52KI@gE!jK%Ss=ShNPGK>~P|H6A!2jZz#|l{NA7qXr5?|kuy7W&0@IPQNPDn|v zzP`0tRf^reVX@cKqRK?ZRJWSIf5Bn|%M{<)@#VQYq~+n;rX8|+{OC^!{o~u|?zf}B zi~?pwb-<1|nwt{=nAF}c$!J<;)~R3s=10dx)LVsHjg;$W2wX!qeTloq8n_d~yShHp z?Bj1f{@aI92HY+(?#D~am=pA66tw7G^I1qgJ~Nn>n*f|^&oI4X@l+`6gR8BE9D4h3 zV{_p}2F>H@brHI?xyP(#<9xe^zqT_9xr&`J-7p(<(u)e;;psyFjC<}HdS``-sXsyD zA^b}3Jt6d-A!NKx3w9xyo55&77hT6S#ZU7UU!wS5D8iXza_g4T&tIrBw?s~hS*J_C zBUM@PJz7}A!=f)Q8I1l3U#1$o-sg+g6|gHIu${|y3NbX2@HJ8kCYkGrN3O4=xJGTP z7J8;gtQ8Rp0@jL2ckiv01V7qXyA?7Z@uf84UBH*y(QEg3_n+?qa zXC=Qjw!I7ddjIiS{nrQG2b*7;dSFsp&HbD~!H%|~4UGoE5n~XJwt#0-={zGMLT!?2^^jtol_?Mzk$O)M#H5?tp5!h`uBoaNDSDGhyP&WPl3ZL zgl1wGavdcxk$aDr{O%zxwStoZ(h%>1gLe|568OAA4@Ey)RRBwn0q4 zqayUcch8TMne#0IM+$kI_Z**eT$*i`aq%JbZ2VXr6!YmBtMJ-b8Lyg>$$H}DyYc>E zM$JVhQ+>Ms9Ebq`@&M(34#ds?{zr$wf81;sru^q8{*&7L&&7hGkp5&NIu@l#g@k{# z9`IMJCj7JYplt`i#o(I7MENgjQ=psNn=^Jx#kwwkXiDf+iHi0Cf7f^quvG0r0A{#t zNjw;n)pdT&vO1e3|3V;`%ZA-Oe9qC7OT@gCyPBa@ z-a83>AM{3unXcg;XSXIT02z}P{E?b4F?VhB;aBq-uyOyGX=ivJWA2#|b|pIhPSs|n zh3HqP8#j}yXXcY%=fIg4L^(;q7loI{jYVD^T@w#5 zhB)iPRf~+As;pIdh>{51_Tso9JWqU719^p>~sdRkwZdrb|wcXcEQ($Fgr+IUld%!stJ`9XfNa6`H+3k1^V zBOYIvZ<}qtNO3}Ig`2IQ(zEj!FH$)BzEWh2Qly%23l@^HIWOEtQFSE;A{6axSH3aT zluz(A)km=}z?Xp^`oRzc#Yxua%hh3toUc(uiWWahW_DUpLD#7Lsxe!9Hu}#+279ur zCCf+P3;x;H}-z3;Y+zb{#^QU9P(uDl?m19E(m@_E7P%ie5pXW_g{oHydg6ZCr zJA?&veewVdpmNli`@iPKW%&)%&@s7TlER} zSm^;V|5wLj-9WW=pAEw;8a6=K9W&FO9}!@{qy1QuZ?^rMuj1AZE{ASZkYinE1z@fIU_eTZxN7G|9RDCXqo)rEN4+vP^4AE> zd_fd@0=fKbA=gh`&)l%ehGNw7v~^5GI_7uTAK8bcUohCS65aF+=qMn!Km%H)o7IxW zoubAz_Z~O6C#?;HGeT9Ud=KOz! z0Q4?;o&AJVcU11^Ux5yU&+JmVO2GVv)nqwYhL2lSPju$d8%*dhYf)pJ*{G0){;w*!K& zZ37S#qaR#X!I1R1c($Rd|2F=}yF9Ydk1%|hnjr8^ z;c)2VRWmjDUH*J67V|oSlp>bm6@Hb##N1j(s%>T#@#$S&)$#Dw!`ELhZS6CWcoCi! zc>b$ZHg~E-{bDW;icMrjiGYr=6HHjK5Wkn{cQy7%v<=dpt5Fm11E(D6H|6o(Hsg~&(UV`_Q)G=1-D~XGXYp(=cCWJIXkHhrAaYL6A3wz6 z48a15`d0DLxS`C^?MAM&TKqW|htg7I>18R(hfk3&&Yv^7$fHMl3>(9@q$|1dkOFjkHU zvBk$kX1*A~jFqS7~cr3)^6KEc5?e}vYaQxaggW$cyF%+jf$ zBQY*FX`i^BYaAT>5%>5>8N(mH%+`b+?Bn^>P(9Dgt9)lXWO5rd6p2Nc){0!Z+kP4B z_l3s1zgdK@eu?2#A0UKo)rvec$>oK}m@jV^`${e^ue9ii*V`nI+X+iA2HkV}j=Ep{ zGiye=pybOvkNa^9t756eExBH=fm`R?S_SrA=$pI~J)7I2(ZW*xHc{DV#Z}(sp~wTA z5J&PAXkTH)7;x!RmP6jr|~5U3)B7)`jpZvyocAIe$}b zQU}Un-+#wxEv`B&PGyzdN`L@JAtrfwT z+j3#bRRMp2Q|tJ`nuSBt>i2%rfsSZ@UBzG$(*S>2ot4-(6Ha`;a~+h2QjS zb$phU_grWw@cb9i#n%U&l<%`2f5_|XoIhy1YT8Z}T&h(%T$)^G@YOJ^U<>>yYLsTJ zTz(fB(!^u4#%b*_^7Mh!%{-$6QVff9vF@#5v&v4#lV=egOUXiUf_Kd|j5^0;b>b5E zU*{({{~9pWJUDS@H9)7ZRVewRofa&nALpMj{K@;=$;hAfNj7vi?mf{8zB}i(tBU=J znf#T8`Jf#-b)ePv)Z#{|&8uvwoiyh2gt`v?0lmnjN~bLccdewWQT{PGwbz*R2(ga@ zov@eRb8_Rn7*oWA!matp{Y1bz9E5>C^JM$|5?hEsf4BFLvRBO91l4op9HYKVObv1Of_-DKT#zbFg2my z6VFGgWDiMIZ&K7bs$%o5g1Yx6-WGLfR3T;dx(iN-YQK=;9^}Z}VYT#O>-5z)T{F4g z>MM1C)x{c#<%#F_+1RKhc1*YEcJj>6j&aMn9ukE)VR|-#Sodl#KWzxdBh8x@&J$J(`bP7 zi51hTLz{RyOh+`rC;~_%WvRBYWxlro0n@GV6dLjR>>&CAkl*Bxqc$Z=)ga@Fi1(8S zywoenMO7pIer!UdmPe%w2b8rv9++I2;Izy9Y@4+Pt_oAbmQm~*952323bG+Fz7WdJ z@u%M)pO>AMx13`7a(wgvRG4rCGk&SJR_7 zdti`vHvA*j!+KH*4wNs8_4TN-5A5w}duR>I{Go9GK zV|22UL7w(njXT(cpV+%JeZXc&5vUrfHJCs z?%X@nM*C`8h29>`$>u>(?||++%eliP4|+FshoQH8XO?)PE@%(Uzd4};4@5p|#@+>J zIHS-@JR0T_!VvUTKiKUIdyl2^gbJVXXAe0t)N;?xVPKwQ&^h*SM5ecm^4?8V5K7Kf zNG`xXg>RpEkE29v5C1vGLNQQ?Wj)G#Sm0;JwWA$aHo!u`rg&!8aCHSv4@Mq1$XVMd zZ*^8%mk8RXgYsU+_)BserJC9M^S{Dr6*fzHg(b-3+GUD5*4nW#8fY`oD5u=+5a>8}Pfn>14Bs-U|qk2SPDG zb237ciV(3vcs4f&ARc_%WQ~*{y>{j#Rf^U}pFdLx##14&&G%2cRmkN`XEh%v#V|u? zKxpJP#E=R!#6ch!W~=7=LsoP%&CNz%SwlP#Jhu?~asW_E8yrY)l7Wy7X*<+thXC8b ziy-7z6xtLK(cDZzJTPQzO=C|LcH!JyI$z5n5^DvJ;)6)t0-jPDc-+J2poh?Sm>~cP z3uQJT-=8aC!i6;1-)g#1j!fSG>E3wRL%uV`nBK`=Ep zGg5(*)TYV9qyQ<7FW#-^s_&F7(rNZUV|xIT#D%(!NN3HpHnpbZxPFw%-n6Wzw> z`PkS69MVkB)!Rw)g!uNLykfeC8W0(th!QE3ttlN?9%7`~WkPKlS_MViJJ!tqDW%;h z0mVU{n09CdJ$d9pcUt~yNQTe=&~IJ$@c>AwX8So$s1qZcVSt^7T0w z4_cK(FlZrWOcAKi zGdEjHqn(5+lrg%0&79-CxZZ2HLnHQPSG(AF^-ENKqz1@%QVJjH&eQTpb`b0y8Z{?* z+Slsn1S@-bZ{6>ix`q78R+|kP)}l5v$Dz*sZEQ&U?261IyO4SB82JnfO5g5yr4#q+ zKh+zh|E=CI%-O6lZH{=IUZw2bJbDNqe(H5{Ctu6^GC1~k)2a_nsS02QM@TBr&0nSk9m%q-!A9WUn*-Q7Z03>`!wF?uHVey-RTa4Zv}nDwS! z#49Zj%3w;}dSxJ;VWrPWaAfDwP4LDeZakedeXX9r8j*;<^l^4NsNkD~EvJJPx2O_t zx84iR1vKe(=D7I6@C~{1l)RgCzT6*g!yxCV=HkBtta3?MNS$jXDl*Wb2z7q6a(Rg6 zDSBn0duf=HSBW88l^3_14pMmP$do~6cy!vawP{FAeP45qdMjLrc(35~L7Sw-x1Ypp zp-=m2P-X_D-<}pOnJw$EPnm2}ZL0K=<8V^vu}3Y4L6q~>+h+|T?QrZZ`)3MnE~EK6 zXR0Wm)sOX_kLl;u)1_3eB(5be^e9f4?zKzFIP>MMpY^{J$h57yb@A#cV~}++*9QZK7>FA%JMNsROOD9kFbRoRHWixg~GHly$jDe6FUbTkHY7+41i2jTWcLk3yU3ZX_XpdvNe&i|(gc z_M{fp2e#JDCtJS#N(QervlZBVhE1=TY9n??z5bFgG3z)g5Q{~`|7JYXUaaiz`uE0H zwSXNL-FVBTZzBsycw49Deb zR7GBq2`p9$cC|i{Gl9dvR&{7$of9Mz1jtn!l;C0MrWEM?eWPGY6mGbdi`9&6WV__* zyqhxJkwh{&%fm;No|%$Adv_a69xlfps!C_zg0=K~5D7hAEYSUPU=GN5 zs5;1^6kM1k<(#EB9ACDR|66rrFye-6R+_uiFm*C1z(IYZH__nt{f8J5-e(-g?VkJ6 zn-GFoGt05Ql9m@Ix~lXkVi|v01(JKl9=*F#i>l>9U8fD(XL+uyn7a>N_B)JIS7@y+JFfCKYAbqh}vt$+-23g5=o>V4N}PCSXcQ^|p11J9Pd<`gd6 zkRk*d`xf7UjVd@lAvm*=cv>qj1=gl}hRE0s{HWineu90iNA=F$+4p2f*WAo}9=z4W9B9$!K~C$Fqi6C6$h&y@mwuNc-UazV&~OTD81-eb?=q3b73;!Sn5I zWamt|+?{6E3*H`;l@{MR4tnYHpFf$kodM#&~6}q$lq?$--s|cix6RE_42CWsP%s zkvzCZ1U+h4lMb_VxVrNkGr=4cA@#EABgDq#^sKUvs~Ox7dzcz1Vo}HcsnpRKgH3$s zt06jL^H4dm?;C`rkM~=_gZEoe(D z#=<)^Hi$&9BX(uB&zhTB%uCIE`$`v3?!ZXfg{hIkw|u>=M4YD8hNQtkej3Le=g#zk z;$0ADH(6^8oi>Wk+9+H;${%qXAY6~kEU54|=s08Ge=F;}0Z;TY$DBbMjMxn1wTfn9 z3ZpW;uBVnia>Xc}<$Mz=YnMT6tcbg*UQ(r;yU@!!&U@5M*sfc86tzCbxG1~TU5xL( zAt?^qcep0pHAokKp8^+}l6p3$%@d6A*V#)~<)2PGhm-Ja5%^W}aJnVQrN5mWD~;bj z^03c!V2`NXAC7!if7JZ1{b2=R+XXSm4o8q>dsi-HNr> z|2#d)155P3Ky+gY1qLb!h2>#oSIkcrWEvsF=AR^RjtNX0(Kev;TTF{*0={d&&yI=v z9l>TRoM^Ng=Td+eu#O$kvz)CAmwJrI{K?7yF>2bAon`}kwq|;5EYKw?VS0e}X$I!c zfaxAFf)~ka3+RL-uKj&`f3%BLTgr8#WN=&X4#dCEbP3uq;6%4|O z%AmSP^j3hm~68;q)st_0%G#NsI3j zS?{)$!a8%3OcM8}b3>-x!|=iM@y5}ItS~Y-fZhWVYIzl}Bzahx{5H#hDs$1kNTC?se? z{Wc1ux%7(XReyoM3Mk6N{drpc>0_vCvwTXg_@b_aNQXMSR7WZ2WE@uM>N-}0Q8+D< zLIdtq$YHH(Cvt=aP*g%CGM>MVAYlIm?Qw|JSzurg6~)^k!b1Sv@*t&gDW7q$3pH{f z1moPp@30U|7XmvLx}a>A^>q>M8Ih!#9DJ!TGmy(F8(m$MdtrA{V?X|;@1VyV3E9t9 z>W~DcJAb<0EMlzZ>UE&Th;fc z0<&+4fkKf*unLcq%FkJcMn)6H(byraDsA2zFgT-(VRJe$@5ArJ}|uw-GkN*~JqVxkHx@U}j7Z_7In4({y^-1Ahdt zii?hH6jCYGXl6VXG^=BaTWuEB`%a#Lc>-tmnB@d5~2&O9M2j`@n!*dMt=)kRpCk5mU?R^&?E+&jeO^;Oh%WPDqJ=8x{XWAtua zPM+3#q<0+jQKDvb^O4M=Xi8qXpa4M8T2AAo&Q-O8Sb zS25j+WP}wN0YC%kT9`*-x*4qy*5loDi>xqtpmh&mgm$Z&Zi0m#!wdt`e=L7WXAOUK z3s@t?{OW60Eh89b_4FX-`C&}ATs-r+ap;ZhPLLI3#1jJ4dR}V^fy6@!01z7h*oF#( z;2A8pJFPwG;iFGnFw8YEy?+;;)Jj2TLb}1tPe&LbpcZ=QB1rgz)gFiVFb)Kr&T1x@ z4`QA|b3h>A3&JyRSW0w1yA& z05r?N)wlte8N=8((9N@p2geYqgrr7X&r|0p&13TE@O>Av6|PTjUU@ z(6(qMqV|LpH_i<0efF0OscCrC7ep_Z33=K*5#!1pKn0F44X^}{!h-3OrJ*w!kPs^D zP6K3&JZ30Auz$?TxK19aX@DHLAe806_rKDC${}Fj_~~GX9uEWI5PG*^kyKbR87Alj zEJDA?F+(&^VF6Uod)4+{#9}6SYJK{g08v7ez8T?I1U`Sw=XjOQ-Njh(`tcAmS z8F`sQ@cV)>)a4TP->Z*QAqCY?Ip!iRwW~`#Z);cex9yKO4t&QC44;^& zEFI^9lW?2SzZ#y?WG7WsqNGGJXq~*A;($0sI&RV8_?I>iKBG%Q7vXy#;CobW}Isfj}+5yTz4XauEBcnszFGHdNCc zDbyzIGMAq8Egz^`GpsXKTKhF&S&|~mLtIfJmoU8xd1G+a#m@b0G#L_NS1p zjF0$}wf*2;Zssld5&7$(uXI*+_kh*9l}A9H*Vndj(UJz;Z@?qyslTg^)v{5>zu+3 zyOp=J%o@_3Oov~#XY?J`xP5RV?E5C;Bg6ZW&!Wu~6}L~DSnbMGiq~1>0x4{!>Am*;@hOgVN?t!vqDB6eprt7IxO5k_D5?4R z&s~BrJ|v2Vhn_F9ih^AT0f?n2Qe*@`37pd7*f$?u z;o3S1fGh@ab3OD23}G-sEvrPPPO^|5TW{if?>L!|dBVBqzU1n3qKFd4f+(&7-&)4M z88=a+p^WbOSC{*#*y5wrdh5T6n4-}Q8F-cuz4bFIqCq@f_~4x0>%q*i?CDEBT2auf zo#u4S_}hfCU)7k6YN)g8qD?fxP-5bS0ss8a8M-C%Q*&#d7$r*idP;pe!sZ%ny-#OU zQTAZo&56ic>Xj3UBE}ZHiuqyq3pan{i7J#PWSqs7g>O+ zp~&xW1%%oX+VaUbe)sVW&WkOI^xZR@P5SlXzjKqyi3H%U#dAA`jao)QRtY-e$$o$l z&{#AvA=5g(a62qgPz!TTOB^w}jVQR?|6!fqll%>?p24tG8zdAF+ljh^R2#UMfeJPzhVY#wS+Q7Isz-{qny>zp<*6 zM^qSQRp+K&SzN)x&Q-PsZxHrxebIryOVUsxH<_MVn1^-BQ|nj?i_+G0rIX^#WtlI{ z@RSctN}zmfBGB1Xj-n*d2ICD1X#`+@MH*4&7lGlzj=|3+cTvRycWVD$6;92LsEHqI zKx=)owP9A!zD+&v*$<(Y<_T1-L=&%0Xuidnr96*L`6+zy_J%FgrbPZIP>hvqMR>9L z=)!klC?_00P{fW(JttQeQt6IYi!QnJy{ZltYMld*p+>Jg#9n-P$8h^f<2Rbgeiqb( z=VRFy)3Qn>5jQRA_e<5{`|B%JZJT{rt?AZ_5*;MAu$~~9U9B+L>IYp)1do`FQ(;@S zg%ZbXWLwdQcGo-fwm!yue%LOhT)Cs(0PbdAAj!D)<{@Ay_LChpz(#v?Jl2Tr-$`+bzQVmRkbm33&VsXlM4WJDA`u8WC0wr4yB41=i zCW4&*hP-?E4MPYH_NUsZ*hcofB!uI7rt&Z-v0I7*;4+}VebGURwt^*tTG!j_&2NC} zMwATD<|h>REtPI(j@<-mdU6JLPFQp>>ekSQJ1Y}?471^ZQUu+9dnYS&ho&WG>Q*NW}X~_P?0w>JkD#voe$M$kZ^!t~#V_!B8 zGS+3pfPZFUneNNnF3JKD%&5hs6Uhx{6M=*4#pC@7WIAm!2Uqb~)5^y^-HCguMe@Hr zYqSv^Do?&akUo>eWjPzkPEFOXZf({btUeTj6dc3duI^mcNO{GI(br&J^zxN7#FKdV zW^xp%PwHglhPj&@=`CVkvih6NVCetUo>KtrechLMx_Rb0Z424zmVh+)E=eb^uyad@ zC3OYFoIm1vH*9x5)$Q}ArZ0~;5{|bSMao8rh;tK>tJRLFDK4N1_>)AqI^F=Gr!{i= zd&-e=5L0sEg6}Fyz1dcltk$UC4|1K>?!1Z5_Ho`Wu%B7f9a&K;j!2-5`>d%tT7<~} z)CAdE5Fr!Vf2R^m`glIRI9+b#8WZ;WXe;vZO9G=8nPo-3t4j689`j-g>!`oLLwgAm z7)GL*DNBq9;e>%F$Zp%{c#$Lp4!c(dh6>3_aWmS_LX-BY4KeSvrEI+n-fM5Rq!hI% z$FfDx$EW%paw8Yy?b9WN=Fiszk!Qz-g0N86!(wWwac2l;}PJC`%`nL4R# zW_N`p$!J|4bN&vd*9eiOe6~w_z#AcS2ftEvi%_C?E}3SxMiq8c#X0OW4=W~B&YN)r z6&#zJdR9$COf&$VL~5ste!3R_VBNAAj{N0q^lVXel?&)gbdZDdL|4IY_X4~3`6njN zjrDQ;6eDMe>z3yWdiub9gr!i90=jkrj}zq9VVK*B2nRU<69NUt5nlY<`6X(wf9;s~rnA7Mw5y%xVklXvvf_-;M_^h&e;psiF#J z%II)fIhRlDIoZknQwR2kg=~han9HeHMVcbOwg{~|721J^vECKt48d^pGO&6B-)sY@ zxu8Z*E&!Z|y(iO`TiJIV5Vd$^W!(h8>uAj`**&sy$sG`X=afCy44_Nv0Ywe`yAc zc`~^H;I&rFxp){s!l@?#j-_?7Z$tnd9T_n~Vr5pYj70#I>m(|w1bS%w8UjDP}3 zI8-R~C(Lg@K~rn73KDweAQ}I{g#V@=A-)I^3_TkQ2c;AgYMfKx8n+CVN3V8NftH0l zH#O1a;#>LxkOP2!A0X=s`GA`h;swyh@R0TZ&c47RsHhz<&fh9KIvhsU2x%f_9l`4S ztxB&k)CHdIzR~;{UzRf?7ixuf%wvYs$o0sSt94wV0BrR=Jg_deSYP6gH zfUU0Y)S(Br0k&L9L_JuK99PF6(wRoxp%+{jem;v6!u1^ zezZnz@(QRax1E)_oO!&C&H9UEKw|B}@B`dp3VPh38rCehm?&8#|H8i+(+knB0$m(t z9otUJ+jU&Od)K|LSYAm9)yL+K6A`PCK`zR1Ye%}k~Pj8*h)H@TAejoL67L0T$gyAcod9m!|!9-+OoLwO2(FdcGU z5VhTGmIGj5*cmH1#K38*%G;Jt2@skUAD-!RTtA0vVc;>bq%6{(irI9au5sy9He&Di~zt$=l~ApKmy*L zy7uuQJ;WN~J1(Q%!T`Yl;|_q5xbBh|BvUKv_%UnV6LuWpDK|zQ(%Y$N4O61UKUtD` zro4a(vHHK*d+)d=m#ts?Nr5EP&?NNGJA@vpp;wU(BGP*egeIUSgkF@YBA}t86zQO# zJ5)gtX(B2pRj{L?VuKsE`~BUs&)M63&Ux?seD1x!^ZY?cX02z|nwhn}vu4fARr5)9 z^A`G+!$?0o?L&G98^mU^m#c>rr+IBK1jz)xLf4A$B^n8}Fzhy5V_*|}8FIx^pMgG< z?cVb%V9-@9}Cddt>945{Dx1?&CZ{@PpD zTc5M;cSG`*UFFR|nzb<426ml*U#HV&_(G)`V*s0$1BO;Z^uqL-!dHF!INshGF^}&t zqYP>H4;}bAgc`qECwo;cA9~mgX-@35O=8ot<=0IXE{=YO!&GX(B)p>gj^9@wg9)4H z_>Y-Z@V8FwzY(vD`IwMS=FrdvNI}$B1EArt5xT3@=R&ze(MWnv#$2R`L#0Ng&iRPm zn^U*gq}dt^ljx<{KpUTLsxAYicDx>|8pFZk6JN*oNG(bUNP0Y|mFf0;*=?7o+Yc6Q zKXT)ug(YZ*hW|hDczY526yxIJ6k;PHd?OD~KV8TC?#AvA~YpJRIDEYk@!OttoC-5g+Rer~n5FHfe=MnA~=Vbin?6LnJ zdoR3~PoSR%AuuAE;1Lky6;AsV|7w3V|R0zfg{6htQi1J$ne~9uECdw*5VM0^P z|J29Nn5g|Z6IJCuWfC42?txMI390Jel6rfEhxxALDWT~*_6NdtqT zy(8j1XlDMW?XRZvw?skT8!61kJ2WUfgy8YpA08SQ!k@qOzq-W_t^b|@jhRQR-%n_N zr|h6GuK+)ShgWEjUwE8Xl%EGaDk3c6&!{!DFu$+*4{DmcVScm@^Aob)Y52F7`bLER z(DhH~)PJX`AFuO^Q~C+TABpE56%iio;T@BZ;Ncw-;zf}N7MQjtp8+PXzhBmHQ(>;yt|oS{Rkzjq9JX`I$f}f7L3qar;|sek#;o>LuPIIs*UG z=27|0>i#x*e{|~K>GlVYpNXUTmreYG$IoO@{hh=3N6q@gM8*1f`1uC>WT2@2&i?-+ zkH6A|>R;&MJH1attY1_N{?GgS-`UfDQ0T8rz6Qw>ZG0}dZp06K}7m zKee}5Eu}x|LaR~m>0n#G$PAX5yD@bL;&42%f#Q}l@?C|Y@WAB_qMj}BC{4~q6v zqy%SWR7xH9D?vE;X;qjrrMuD~d&OrQUtp8JL{lBKrUyT2M zh!g!gg8h8_D=DjCG=4w+l`$I1%KsVv|BkNzRT@)s6Rf6}3!n$g!T~54+>yhwGNLv; zK6rEY`ecF1*GbEn8ravbpBJv=znp0}4F>Pt5BxUFc{Wy{u&@w^Rip>+K0GLW7Yx=@ zzxf!$-`0BB9}Iq45b`C;B}+?itDC8-9<%$be7CEBRx{x}Mr&gSdqaI2V`T*l1oZu* zPf)}tAOy&LulVe$Qz!h z(-Sq(&kUbc=S;MtY7)*kt*hPw!uir(#mO@zj{QRTJYLm)?Nwaeg0{v}`q(&!qjrZ6 zd21iWBxMDYCN2M?uNCufzFop&toNQb-Di`KZtmK`{8 z@jS)9QSY!oTSt3$Oor%zCd2Cnq^tFkLfb58$UpixuMAQdi$qnm;d!5aLQ)FQ^F=@gxtXv%GtW=~=4)=pdYJo^ZAm z^{fU1_BDra95cK1t38BEjZ8HsdGOI#*+uauy&#E${_UBbWKs!^ZEFRjB6XWyT}fi{ zs5fLJjt`0|*X+=rij(y1&&w=?%n)EKa1;gCXcZSw+Vq7@C0|@ZrT4hwzOHZ=7HpzH z$Hgx8!;Sv&E1Z~n#Ko(itrZ>M%|`F_@MH6wB`*X_+B}$r^r*r(fH8YeYpr48^4dk0 zZjqiw;>9O}{QTIR(27`ao2jMgtA3ThlHi7jZoT`SDjTpif!XFv3Jju?Zxkl-$xCDps6^cuO%aVp3s*|lQA$TFlfG*TCa^6uDA25UvDGGM>afjAX53P`y&+uRxm<1E0&$oelg*BmRDA=^pVm}pA6DF=GLW=N5RX% z>7(H$E_=-NwXVIJ}tm0hm;#oJq$8~p8U;^}mxacp}iHBR&6i+8t>jl?A{jXnN%Ff+-f?P)8G z+Z|TcCp`Tw$HpMv-*wRz=$|t;ZRxmogpjK`?;}|bz8hoP(m5~Gcsq8^rI1`Y2?gW7)!<+7Jm}SbV>f>`|_+@dAd|DVbeq72zD+0#;*Ptc;5Q+^A_4M2QNBbHz&d}1l+Ga zy%uu2>tX!`h3?nQr(Pc2K0`hq1OF?t67}7zSm6G~tb9=C!!`SaYF)6Yu;XrWy?kAo zVe`cZlCtx6N&q!3Y8Cs)c6FGzO02QS6M|Y#l^-&5u6j463Lla**UtT+uztX|JzOxze^!ry*!pmN!l=ucRCWTC2?p zB-Hjqa6xU!P}bEJp7@RtpPQ!yRQz}1-ujQ^>nVwtA)^gQXVXU~#a3Gl(&}tfJV#5W zAp7&-n80BhP}OV`#3)=K+pA`@4s||uc&EV$ttqIoqeb#sy?bhJ&NU{TU2N#O1m|Yh zm$3;-k5u*DyDm<=PRA2Iy-&qDtY!A6uwL^Trmo(C3gXh8a%>Gu;!Z6#2~ZVZn6e7e zQ%^Th_ zkevPLm}7)GLk^buh#=2#Lg0L*`9aU)SHHwTn@w+~G55y4>lC^xF%|uAG!pJDzGYap zr&@bp(!m|oTDuU&d?1bJdHQATAuVm{dNBi|I~<)l>eay=zxc+G(^_=xgBPMh&M)8j zm*OQ`pF{WQN-_&-u)?NdEl>`-#L;;N2V2|Js<{37*#69&Oyko|42^Ix1hW%v%t$42 zUfA9^23e`9P%yd%Wv@hWhVtxI7HS>|pMjj!m;Q8ztgUx{^_?JSrL5Cdj5A~$y;^U~I~?V0P9 z%L^}EYIL*D)p)&d)7n3K3)4_HZ1q-JIvX%_xqLl}H%PJd^z@kG1UQ>X_yPQ;kj^5#-%zpSp}hUqgUjvdZP@&gzr~}G+jCt{lHXVv;OdF%IjC9ulshV zdGY&hetvlQm-e~Dt?LNZ7cJ~i9m>!Ur*r6=VN^iln-TtiBnXQ@y4>4Qv4F4rV^VdE zZ*Tr)R^(L1*=BR1pfamT?YAYLFA#3(ouCkI8-29uxMK>_CEPOGW7@uL!zl26*3S7` z^sI&A%cwag?c47sWns**6V8ODn0Yx_UG@7qkn)ZxW5#3K6Ok8kKP-4a+`aSnzD0q4wF-29 z4>mj{PW}cqvO4i{cVxPNmFm~u!G^ndg$Csx9V)U7f>L99L@)91a zA|;V$QTG|qX>)PCsjHOZ;cE^i+huD-He!fnScI8>l$(2ew!WdCso4P{DLKUQ{pBix!zf<+Y!`nChl*R`VPrulUaCUM0UT2Os=W@#AKQjM!F&XsuRU$+gQqvtU%lm~lFf-|2*vTztpHq#r9Qws+8+poY+l#9%}XLb zfLG6+e0jDrq?1SI48ts)26(vwXTk~Tj9|8Ou5QgM4T;5IHBVD)x;sv%3 zIa7!;JnDOXhPt=3n9wI0hNFF%`b4~Xkd~W?9 z7RA}HsC4s{1;+6XeQST*h`2t=VxJdfI$MS%UewnDi@X6!E zgY_=oz|!|HT#W72`PJiL7q3+M*wq_b#z&t`uZv}=zektItXv|VgTKU8P1LYHR3G$S zAN3$8&+)8e80$IMLvpaS2!BN^TfS&?*p-VHIIe!Gdm7&b;^wb`;MA*v1x$K^lDs2r z{X>x6^->`$pEvj`#ygA2UU^&}T)5dc)y{wm7m91aQMvV@?xi5S{+=oAk{M@ux_Kzj zF+Ao-4>tC+NpW+|`xquQ)73Bs*1)NmfVTIw(6z6ni5%olAl9bptVwvjGSAp~&*{!B zR)*=jcazVAZegyJu78JKN2&c?Mh$?Wgw+^>rn_pk=(a`<-w|M+efaX)PQg1?HVCIp z>#+CKLQzIkZXOR3T#9<)pn})urT39ROrRI0kL;4TJFd^l!eWlE$fKB z?sPi`5Mgm^cn4-2e5fLcgB^>cTHbpQaRYg`k$Cse&{;S7cTfdsYKvS2gw)DWg6Sx7P4EG5fN( zi5i0^4{pU9vgERyrW#$=!!9E`UunKbc zqLBe4Iq?>U&t>J+sWWn4l2i4sPjAk9BqiL?KeoSZm2rTN`|*a*!J}b(?e2=JRG8w4 zPea*R4xu;N7E=e@AAdQrGi0g3AcH z&5Za4@RuN6dx}E4{VJ_IM$}<1uffa{f)a zp|3Z4zKfCg=e(1_ZdHQaqay-QtvR+vRr}s;8mpgY%W(>=LbH|(tFkNSlbFOf`Nn8d zGPZ(KMZ$vXE+$y;+boj~QIuh(DNovu8%2J#w;%uvIMNRKrcLgaB){9+dd;TL=hyK} zbNaSX+TFwwz@7_%TKq7E7a*$sBN#jz2A(KhFBH(N-N1} zZY%!i;YW>P>vv1Ta=RsiBNZfk`CzFcBtBn4Vj3(jKPJzYogds2_VgGmnT*Xrhe-L8O$9qqKq8ESq}$%+UlwDGxTqkEcVZy1t~VvqU65mRe32 z2pCM1yL;`HU7c7{j7@N$XyW>XOEW_4gtkGt=GN0^LvD~lPJ4Otp!^IzHabfCcR5L| zs(MwFrv*g689USDd=awiQdCc6*jK`ouC7xWBjTm#UaGfe?fLOyX%$zx@&vk7mbp&% z@=~!T&W^W;t5@0F*XN>5^{GWC8A$pI9zGKrlzcExlaX;v66ceW^#ksZeI%Lc9B9x2 z905LZUv8+VSr)rij?IXRJJkdGyz_pyx0sd?U~^k;IIO--o_lK?O0z z=FDXF_I6}z(7PmYYsYaPe{|P8j|4*1o1BT3g`2wVCDY^T$kAn2sO7qHp~)m}1id{8 z-#98V5wq;}Mj)LdCmoui6#7=cmZN@qAnR_iFx3Jx7iqU&d{^QiS@P<>$t*4+d@w_{ zD=q!#Yk_vbgx6u7<}n=brL0UtG@R_xYL2jT`o-n#q7p~&G&Pl-ekK`zrg3x?NndNW z9ut;_?T;ymj>{~HU7E^deDCr}zy>G6R&k6O(M>8cFi+i7y350}Bmu6D6QmDp%@<6f zTQVI#p3Gta4PejU7LDlVDiOYT6BV$)(?8tmb(}cOZNzqYabqbsM?dX(bKz572&yYM z{~`C0arGC0r>+qnXDI6%-!pWjyL+nRu`Xx!9*>iqdVS8a8b(wp_Zg{H@|R3iM$6n?v#pJU#EF$R&U{z3lyh`W%lUNin!XXueD9W#er@IAL&Widt{X!6 zlkRVouUB_6-5M6mMdb6uTFffwt#&O%p7;2?;7V5=-F0?SsKdZg7xrRcEoBYdc#)Cg z-6XsiQgD%HjtebgQ`1-c;!es$agKZ95yqqlzHr50wYipz&*f0JprYce-KB2&NI%*2 zSE%6YZ#9-$kS5^E9Wm;f>uR2QqjhCpmNcPkl=Qzb4Dp@UvW2bZS`QT| z9MUN+!edSpaXER%m|*jK@$3diD@mhr?Y3qoScYlOFrTzsa*^S&w(b$~XmV%f z9p+p1Bgv6Ezld_RN}oJdD>8TCVRD@a`$cK?lXL7t{+mxy)9iNMI9+2c;XQSVE^m+m)P~vAnUbq7Ox`jh|3cE3o%fWP#RLlvq5ww_2h=yXLtQ zw*fTVM_0x!YL)MQ z>DK6TX$?4-4T8B-P!$|ys+-H1Qnj>OLgczOSF$l9QliYlw4St^><}14KzoJLQdy$? ze9^RkCfYwJ)DIo!ML_#RgcG8pVtl@T5km+H4?sJH`g#2*r2i{LM3fvlHi)*oP5U10 z6^#yzj>c;#{+baV=SNGx2nr2~rX@drPl!iHN6(>AY6`un|2%wl(xI(0XT{TLbGzj3Rf)UJLA?78kBO$nt1X{< zEUG?KCO3G1Al=g+XBw-T&y`8Qy06QMQ&pI1PEu}kT^B*Nh_tC3wMA5_FpqWL z5kj)5T)R1Im6ERVQ0C&z%_%!ixy@HHstT_+&#uY8yZK)FtTf$IMNNb=@cEI*-E->d@x6xBYT@E8w0vGRC>aDYW5Tv9k)ZHLb8X+~AO*>AwtdiA z5}-UL?{dh?zZW+Efmn+2JBg^zXT#2m=+I{DwBrt$B(l+yIMqkf#)6H4!W2@GQ{*i+|`RvlrPCli4t)M?kC}sy)&!9a_ze z94#hNBQA`806^?^X5NDL-lNMPOFbf_T+oh2IfPki3#T$J#*G7o>tmjP5hzbw*r&(< zJ}|iK;(EML(M~BZC?}&7fH2{3*=xq0RoNop1pW#HQS-3x=NcSPEg?r)I>sETkx`NV zs<0XnIKWlM$rkt^2*G5831)*>y{mVXKX7x287fBw2WJQ-$RPMvG7SJ2W^#~aDbq%< z(a15*ModWzpumguahuJOyGYNn%i>mt>o1AKw?R7lxB?!vOG7;$6X2*xvij(C`^95- zyt1Kvd7b^-JwnJy2!v6NLTuu`8Vn9*;9R(T!eB)mh;69l=5}G-wzWZ=63;mtV<0gI zaC0z@fUo2WW)GrbcjoZbu=-m0F;O$ei%CliEeBe$p3{*CalJ{;>gzG$bUKnu7?qy# zp!K&XcDV+R38^x-L7$hEt64Lh(pwK&61G~%l7%&2sW){jTc}Ep1`^!}LWqYDUv%76 zFNX5|Qr}CMkLl9arOk2uk2uGhYBRstV)~(WE7zo<99zdK;KK$jarn2qdIp(D)YgNh z3%)PIl8Khq$-wUXQ&;kMS;8x;XiB06GHcFR`R{}RVQM=ZNkUW;l;Vdrv(S;Dc?RUTnJhq(9ho2{Rp0iB}P>z zcHI6f*vWc-KCktc17Dt#4>ket9qrq@Uk`Ffg1<2?{j!;&!7xiD3dQq3hIUhjVzNj~ zR{Y=qBK4ZBO>$=867)?!Rmx$Kyss>MsclPN7CR{*Dpmnkho^GN_<+%F6->R<0o&OY zxU>fPhNv70_-XtNwijiiXC2*8l${CI6d+fB1hKfCHZF0W=p5 zhr^LbBnpL+mX=mhQqt7aw6L&nb#?u>aRCh<{4HFd0f-++f(9dKsG_OqT4(3TwQCbK zHJxQ;O*uJbMMX6!DMg8iIRrvVNJyfO55d(nBr&mwK*$LRN%8SXbaf@z*@akG_!t|<3jrtzZR2D`K>EQonWh|W^&9~}>E%l`ptFOo zV-E-k!=x!bWMu-PPh2aC%$_ zIL(_@oiwutjk@^v`ECoYRGNaC;tPH$w z1{@aEoDb%waDvEth*d1)w2D9<)j=4mbGHmBg!i=5cT7O81sg_FNleC^`bH%I=MOzO z=l3L!1k+eI8_g5j28O<0b{PO)9Myz#u9>YpMCh@^4k3Waxyh&sc@c=F$3&e0LcAVx zu|}rFMw(Fu8EC|O&LCg9P8=^2T%-8;&?xdUY8mXH)nikCDc}munO=auFprI2I!~V- zl$3mu!FlRjGCdRx08j{%!(n?G#Z_Pe4#;UaQeFoLUCsmprN^n_?10pFtzO z#gPpaZ36;iP;VHKEcR;V)w$4$74&E*@_?|WSSKmTnr}$~A-#q)VpIL75~F|n1sX1A z_=0>ucxJY(0X-{qc-zW&4M&EHsXjdj6NnEULfm>E(*@%t5^ut!XOY9o#-S7;J^im+ zhOGKYxyuj9Yik9CV?^Wz&OZU}Zou+0!5oRSA-%09dFIBP$V2%0GoJt6`Z zrmTXDqV~N>e3}Y>GYMA%^zWfH=G|WeEA8SXqkz20O%d}904%S!aOJDNaNGlfPDYiE zB?HFyXDbI74-RdmFv}(RWkJ?YJx+!Lvn{SH{HCr(NR1tU0p9{ak3Z9!1X<(l0ANJ` z3{x~TN}X>N;m2(ptpdQ&$0?T*q%LtUxbQUva|>QFsuh=70N~g_#dO`LshH>ySWsum zMNb>HrZJ%=lgYZ+`ay!`3W#=|S%2)Tq0!`FI%d=x8Iv6fm)tlb>xW33Ar+UFTR*w5 z#GZ0-2$_bi2i?97AFBKgDvX$H@D`Aak*^qOl%e)fFT{pzYP~=W-KG7ZGl*#hh?9=h0x)_Ja1pl7%{JvC(lBn?gtnJE|fg9<3KtKHx zbF(~Nenzb+&50Pe*^nr5G{z>!JJx#MXgr?+JAbQkUpG7jIop(FMVX@GusidNEg!y{ z`OqY}1;m6pfEV4Vv~7W^^qcp4dMJ$}HZ=qUX=|J?RfeN4OfCqOi6zqOPg)}DOx97t zhN_;UMyM6?Tc&&sGb{+GKZ_K_n?^IxEUQEyr(ksEDSA>rC*L$CptIH)g&II+pe`q(k^yjNm$cH~qpEk4s6WWGL(UWFbworZMo|JLlHWN)P8-0WY1svpLPbWu_U`&$C zrE zzXt82|K$Jw3p)OHi~hj>@qi9+cR!Gmll`{Lil0wlXlTgP()v!2$g^ip7Z(<~ySto@ zlz*Elku|>Po^e+WQxF>)bKRc%)8|h~RcrU!PuJJiucxZ{`T6ZV?-Lb|ASaV*!pv(1 z-^+Mh-`idD7KUl;Pcn$U<*lzU{B$=>g=u+dF)g##-qFeKaMDDIb!23?oBNUJl89HY zUVZDqdxk`WMOBraJ2x{k-PF`LHgzY@Mj|vM=sblwK7MO^`<&n&hJ?fRNZd_Vi?#J{7fg|9u zV<_wm;P?^f@nN^gV@-OuZ!A8XzXZX0gIiE-;hGoDUwa8rSMU2}sLD-8m&KhXF^jI& zRpOFq-USx$*B-Xn4WEGl1ugjXCA${NsjRQ?cs85mVF2$1rRaYYp}!pW%gS)+$K*2I z6T0y)o_|za;^s%Ris$S^q_FOl$pS-b%3HumF5S_Xv7QbXi2tD4adXg;4-Y8I_rR#q z9eW)f%<-diEic9O(l~>_P;$$KiQ{Y)?>EoB78+zDcs;OUtPC>7U@`ovgZZ$lD5>T9 zSmfMuM!e#l^r{Hj>i|{rSchYV4<$!XHfgEwP(OtQWi?}QZIe^Rfg0>oxQu!}e6{F} zC+5S0(Ob8sfiFw%KSc~nL}3?q7fKww^rr5-8QAji33IJ!)I9R;n|C4)f8YXTmKj2? z({P;}SwbvA=dfdBMeg)zR+^+#cxg!;^AxqKx!CHIZ)NXA1ey6FJ?9y(ezki9%DKNK zh*B)~UQTuPS|WzFcOv(0X>DzG4T9Kd>s<+`+InwpE>9dJ*$0Wd1!XqC8l+&d(pIu` zTu~^7EiQIJMHsw-&(*_Wezl;6vLq7w*vqDXC7TCd#cWfn0WWkDqy=J74tb&|@Q`-_ zvvy<4AY3Btja^Au#~K}3i&C7+0{x5&z>VQ&OiQQp>`CUwhn56Hboz+;45>vn2(UVe z@&u%R_2PLO)Oy_^{fA;OUcY@uoRFl*Vj|oAL%i(s(Cm{}Y{fN4TLzfv=a-&YvaOHh zusqxnn}xceXHDG|hkWn5e&sYhd2DA0Q^!(#+71LX)-K8Tu@w0ZGIx06=$oyD+s$Ra zMv@#n23Df?aDK85bF6wGr2t4k?5CCxp>#nJVv#05G`QqZL<`kHQ20R>AP%IEgvBmV zLCXd@20~_ZDfT!v$GSVMZ?2{mK_b7chLz}SMGLdcJ_BkyeU_*rGMEmYwB%=8A!S1K zr(;!y%@Mu)flc^vUhdlDC!F|Fbn%9?v?mcIj?xiND>{4t`BGVY2w9jA#T89djz8*L zc!xo$2-#;yu$8+6ZgHMuxOSvR5y&`zW&~7mZ|Q&>5_novYN%yk$s#r=URcUr8^;pT zBW%fQ_n-yL6i>-BV7NchGJg)nWV5qOIpuXy{MZ_j%pc1Hkn=BK^!zf`k0nz#D(=17 zV_*o|w9|5S7#U=diY?pj-Ozpz-pAdb_kcxVK=C!pJIDg=%bO7n3cXfE-)ixPi5q0V z{TH>tJV?q1CH;X}(d4^wis+VWAH2g9E0{GMV1~YRPJo;7xmv}K9qAS97Aqf5zWpi! z)6N6YZ>8_6z&64rl1JUY#+{Hc}OQ}Ngqw0Tz)h^=lUHUg+NPQAUFNZKk6xUE^$)XMbaGSORq$4Dx{iMG6SV@LqZytYm6sWRMlL*<@3WtqL3K`FcYmT*cIf=orduw>-(xj)5 zKDq5G`!RYPyarBjR2o{Rx0}4SYP$#4n9pXZPRYsD+Dg#a)?kf7^QIK<~4b#9-)|#MKRr zVjose2h8MS%1w>(cKd}cI&+4a5cf~Z916bNE^qQnF!7mgkEPpky5 z;!Q6s^ z+*mL^G0XR$;R!4jibcpP@JTT8F)N5+BeN-o^hjWF6dRkCu!gWOFB=n+P&*%jmz&$O zqSpeOf?(rq5{0O-NC+l#ODMGQF)Hvfj~(foGvnrCsuvSaPcB3OV)bktj0i}|d53$i zjKG3I4==N+H8nKxUT$j>+T_&{qxi3v_X{yUnR+N`^;nkq;n%SG8U<3OAswqbM|BIo zp%;_w@MjF0Cm9O4uQt7DjT<=0{3bOIgg(8$0I)r0h6hbq?47>H8;Vy_bb&H)$(Zpf z7p$oq7IdSmed4I^Jfkk^z-5rU&${0J=-JWr!Dl8F?II7@COc@y^KP=!5`m{eCz;zh z6GT#P89glMqL{}BzfV3AqF`Q|>o-w*z?I{|wNwdb1$tI2%e$NEk#E%V50qQDBSGt) z13K`9sc{pVwLW8^K?P||wAU2{OizzlHS2RV1MS4vB$ck4u< z8N%GElSI~@9sdjau%Tzhz**}x9w&CywjPD2suHtFumbiyvqOx^J&P)zj5F?Ka=Bvf z(jfvjN!e9!91fk9de)e{;kPn-QmP=HKZ@|JvI4;`B7zfBc@V!!x3Ml+RyZPjCJ!Oc zRPU8-r4d02%1(e^xoP5p5n zl~tO$1sT+RSlX7x41Z}bMZz61$iR?sFQ<)EU#be9O==9j;Cw-B+po|yRC?a*YH7-S z37^An$6PKL4OS!Ii{>q+A1u44mF_Kc-(b0PTVw9%z8)O2LE@Ixa7n9WH}!ICU)MDW zjoqW9M+FMe%m}wfm#=(~XEa|i;r#aL#i?$YJ?>V7jXT74l*>InVoDm`#}VUT+b3|a z@6{`zSn9)$qRB5gYEKIc;x!()KHj`Z zg+{2XDVX0|Kw>r{Cwn{q`TFySaDoUDbcMK)VE1gSO#(Y2%C49*^hJbomwQku`t}KO z4x5J#XMMp?!d3*QF2ZjH8P)c{@6KVyjI~$sl@;os zp^(YspkIizh3z@d_GfC1rcB*dXb}mgrpZWz?t5n9di@$R9@e z*BQ+p8|7+EOyQYrt|n{ARu_eI9KLs{C0xfOr)0AuLD%XHKL-g&m%ZWve06wESGea( zo3;2Sho)y_{5oebj-t(3jvnRk_xB-dm6j!+Q%}pRsy4^wK(J=u0#uQMCOP>+J8fQa zzCw$u=GyiBU@k?-DRZ!Ov!c@Z&Wi5tD~gwXnXQrrhAi~ovjOtH~}#ThV!9wf-cPW_l{Uta+GdY@=(P;+okgi#5LLlL~P&09mw z7a~13vM<=A&NdK9^y8J=aI15)J&N#haFx5&Jc}`+@qO7WXSC-HmQ0qRU5AWH8J3QB z52RFhO4XQ^RwF^EI+K~+yIW!7Rd6h}Hu_^6qxWgZ*PW8LXTTslJbA|##t0S0^gfCx5eQG`+04MV8T)M+D~(Z6uJGPA<6rDN zP<<-q4#h272zO?1_!oDhF$Tw7FOkmZ-rFP*&w8B`ePXS?=4r@^slNE+TtAAQ>T`Sa zkfnLWS__$J@M-4AxucF-DTYb?LDeeaB}L}OS<3zOy0NqG2TDywf*_g)o>EO?Tvy%? z*1m)18PMr$exO}G^s>la%AJXtf4(uCH;1E5?_G{jH_PNOkSR0gd-?jb&6yA^`(bPJ z!Kp%t_R{2{ab+w6!yx{>Tef@^7JF`7qa-hKk5Tdc8!d&Z=Bp_;2$&J9e$3mBTU7?; zeGh}fZK*B+h{Z#);XP(MmInncdlC)%-%IyK76QnC(BO+s2_4$-kb$s{)w(poqekMZ> zI=85pKJ4?1evt5y3ek0cy>MjNXOL545^Z{nxa<#+-<~jTKk{gTqp^h$WX&N@e4?IL zcjXC;DKdc7d5X5Xb(L+mBN2Ux=W0`zPJp226$KZVwV4J>+?_FJ5bS?D7$kHW4C$?LgHZhzf6b zG-1+$d-u&VEbM!hFkaii*@0kCj*73!Cf_xkR}$(6#@ zVLjLtkx@)+#8-WOQG|g=S#yeBiwCQTr&iSgN|yGZ;8E~~v7!Ik(Ws*ITmJqk+4(QL zC1zM}n#8srnh^c5XY79o20pTKF_GkZ&=|ZQ%EF?9QkOj`yB~{BE^@V@L18I%2t-2{ zc|o_T3L{?NS$xR?+XU?AsMLli0*WXUZ9@bF#-dv9*f40O1Jka8as0y4189l%_SM{$ z1`iC~H$wGkKSItdS0S(WVDC9Sc(#9G<<-pE?H=gnvFG=}FJFJr5Pbol_={Qyr_NrF z(+DM!H(1g101JFx){F`0Ln+$$4hV~xV&U4mnhnI0m0e_AZ=}dd*@pQVm zH(2g%f>!|b#vYqexu#{LN~yJ-R&zNA5uS#H(+h$D?EB)*%1cpcha-UzP|z!Pi(^t; zXi(#&ldl;0il3djWG~9wni-orml`s-=mP2vb%gOhZ)|KZ33ER~Uwb{3@g8ZZKV{fu zDDiBO=!j#)w{~@zaB1Bav#Xg#Hh?toi9ZmCGqNb;l1QNE6!I$=A@VVxsxkUzT3gk=zW(ROgbS@Lo<1qXyJ~t%De_=I3Oe&8W^@1w1IStI zW;#-AOr! zg>~;OxHvxshoJcOo)Lv%ALNv)ZrS8Qw5h;g*2be0uR>=c^%cvhM!=Cl6^Xmt^>L+l zuqx9m%Q763gU4A7vL#G#K~XK_mKg)OThh9~b9nEKAv_<$E`5ptLUUWCA4z9##9AR% z`XaX}QQvBiQ8(wq=m0DyZ*csrC)JPvz!`gt!aiCV)l0sf49}E5Rk=Ow9w*m6`-)C1 zh7R?DjvOsAbIz##29tc)u;OL(HVce@tK)VibWNOr7=hz&Od~)1~K~j6SXY57o`OmA5+?tOpz3jB<2RTgR_h9IzMBwlAey~y)zJ`Rp zS?qY~&Zr%I@08Fxo$BE3dlbp}mUmUm<8an#QvdTTMaqfcsIVD_Yt z@A=_mela7lIN_Cck49j2o|kXkw4vJr-H`~|0x^$ow65|XkBz=_c^pfp+pkGg|7C~W zx!DAoIG<<5`}O>88AbTb5oF3E!+v<5ff2{)iIm&VEu3TT;`$N8mRvX@$P<5&_pLQ~ zA5;V#j+J71xuq0?)2C*|_stv?jY_m%1|Af`QR-${4&&~E(L004=7AxEZE}IY1tN$+ z z57iJp3a~%0a-9oGk-LnYaMEod0UgB}70k3fBov3)wYoYsCMrETWG?rW%54IJl_$}y zzwIPwRQS66Awa4|CsgSgLm#y)gwx>v78Gp>{+}RvnFgYt{tBXv_4ez%dq)G&`@e(e zwPnT4S%lGGI2e=w=lBf&4MlG=atHj1qQCwGMfdzb(Vu@q(edvwSS*U8g1E2H`+h;s zDs_T;e-(qi3kbq|*7zygS=E032{tW=#kI3}0$J>b*rs=E?I%eB+G1KLJ~d&62JG~N zeT@}tKg2W4s;WU*7zChXJaZ*4uZjY*WWu84**^?msD1@3 zs1KbE=43QwCCeB=9N;YL+sXCl9yNe-k4u%ToC@7^v=M}lSDF_(9e+Dm3|Royg%j9- zRN2&7_LC)P^S%(U==R4N-URvRTtUb4zW$nN)n?W#>e~Q0OG(Y-6eam{?P20^HFCgt z@zjDr7G+N$u&n5`V?PIrcyK^L1-#!!g3H|HY5jZJJRrt(X-*E}9?-2TJt2J$P1a{1M*bhZ?^y~SlTMvAcVexg z&FODbxLo)jYvZDw=-^vMdJcU+!z0j?Cl=qQeTG2}YVXX|03R-+rpgqh*AY_F3HerXYx>l3VA*84^Yj5sB9vQ|$ zKc*dB6A0IQ`D+zD^cX~&WO$y5izj^>S@^YzzUjz2`t0{A`pag|{)(6x^DTQ$Y|uhqWCL$5(8y65HvDSO+1TJmI7H_C#xoIq7DxaPcBZHH zS*>^Hp*O^Y73IgWb5zAXOi6u-9nhViawP1gExn=2TWzw(#Y?;~h2~N(uA-I>${QY= z+dOIVHsEyfrf#rhi`8WQ3E5OzhWGU9`JRSr>cOV}gWr<>vW~Vtl#*58nPCDh0hj6G zc{K#(1vNM|0Nt>{<6g$PP)z|qm75#asRRPa!RVYYHU;p$#z8Bvpqjdrj)>8ykq94~ zk^&EmXNC^rQxNQ@UYNHKWaHx#8Bs*wfEr0jQOO?AOi!O2@7;y>f=Uk;`v5tG?d>yX zZqN}5pW8*#^X&lkeUAp&pM~0+0v@ZCMomO?V_zmTe*AhhO~5=z39o*{iwP9(#}Uah zt0)K>_F(W@CCar;J&ad|$vuU8Vz*N|k`pf=5inXPC{@EtLXb|fA#&1R;3$&7Ob(9V z1~>;>T7+>X=s#aEk38Q=2nwY?`}E?r_jXcey7NNx2)BfukNi^3Nh-qssbq1Ntr=`6 zRlNN?0dy6EeJ=0rpm5(kz@1x2%Tx(rH9s5?l@~l7xZ=>Rpkh~$Ib!d2GqS_@d)?Oa z)q)?vMgpgO+za(R$deOMkNU$42A%ks8Q!KPsCPN}8;0LrhTr}!f91wKzfk~1%C_UY z1B&|;G->t@{XIn|K=|n;JF@h_VLmL6&z>tk2}8YJFiO~12sbm^G-E3OG#WPlc9K)y zR{0Yn7SutVL2-A|G3c5$U}sbl6`R?3@N2-p@f2=w^({p~4_=0kaRI>`RiE2IKDbt1 z;Aa9juCfsYg8@7E>hSheDare_;|1S{!GRh#R<#4%<%Yq0CUW;Ttq+gR&6=S#YiXmk zP$v0BwbnB0v_`Lf%fCqBIBg{7<{*v;vND!D24LFOpEvsJGtAM3n6DuyS$u9#>9=rx zyCNR9FMLWW>SK4(bjj-{nyE$JqbEa_@qo*2^?K1V7qG|k9JA3tIT-$-6&2!NKbuv1 zydLPRYgs0~&ORZFsLtWGRFFG%wlugHo6h#~WaB_P5Q%D8f4BzIQ0fgmxVYS2sdUwt zB$LOyDCCUL_L$unt-bi#mRQ&9quAN9SStPI&|6-`hzo*82{;bz+qA5+wiI*Q{_R8>BBil zNezuLG@*^^c5N5m`f{6`HB(jJFJPu_;(a}l$fmB?+|l1&NHgbDe}myWI&pi~*;%O@ zi~_0K0YvI;HGfl$%4vB>7K8xc&B`dZ5A@I!7&Oy1P+E*;pwODn=+J)Q`2K!d=h;k@ z4wBeA##!sixYpA_1_4xOf_d-$P2j`RkiFfB51UM?O%cq|2WihHF7w_(ssUSpy_vmj z-3S8Y-Oj$H9IMspS4N(CFQ4H`2#m+6fhr;#%EMg;-dNZ}i+y7+3BG$(#yZCVBc_;v zAW`Vvr;=y&KqB}Eyeb>W1dCnUUPhbtXhd*cAJU6!#C%7pcQBkjlM^?7L|Lqw^WV2Z zf}5BJUimhP%Hl4)1cj%!cZm(Uk+UK9$>49?Ra}dp%K#2c6|2l@yongx;-Vnm9}&Oh zc+Y^(hyyM~&oq`_Z)QKZt|j`haT{)(%SVabr=yh3c{E>j&~!HGvcV+K!w)IAOE{41 zZNZU?XDHC)4j5bDy;G*fdyq{93c*M9WZg_Ks8`VY*BiOjQi^x&Ezft3&${2Ids+YB zG_Bya;-1b4Ym@kLMIzhw2-Pb4t*s9qK5TAoZftC&A^6Gb~ZQ>({5Jr>|YRHaR&tv0rU`e0*$dY;<&#rL=S9%9YEPFSB%whlhuU_NlQ% z{VrU%FgQ3kz!F95?`NqY_x1Jl_V#vncb_|V?(EsKot>R0Po8XVZ)fQ#x3#r3H#avm zH8nOi9zTBk*s)^`4GlFlHPzMCRaI5x<>fRQ?eO8l#l^)%MMZ^$g#`r#`T6;|xw$NT z=j`n4tgNhq2M@B;pVQOR_wC!q@{O0ml6FjHd9_Gl$r>gkB*e$ZQz(?UxVYHZ*qE4@ z$jHcuh=}m;@UXBjmIP#Qa4<_(D#%PAFfcG6Ab?CJ`}_Ov-Me?so;`kke!jlGEM+Qh zZ*LC|4|jKWH#av|S63Go7iVW@5{cyGln$ zWMyTgrKP2$q$DLJB_t&9c)Yl{xR{ujsHmujhzLv3i=UsLkB<+B!*OwOad2=zp->0} z0tSOYAkgprg#T~!s{co;{L#Pa{v#~<>zyDXcYq+2h`^eg3^8|V<&<<$)0o$3N!yZb zLbW{4No_q{-Zd^jrMqYlD^p}|?g4edF&XMGgrNE&z0(VoSuANt3=ZEWP@NhT+cCeTx?0*bjps{qyJT0R2?|Qmt77iLb}MAo5(2ncj(nk= z@igg$``xDA3D)IVtEWmD{3r)j$XNw>xnPr!c^BE;ohJwH6Em|Af~9U6o;)YuXnrlP zZrzbL1WB*q(#GRG5|ZWtCA=B+$K}fb=ln9FA_mSu8psZjbU$9sB zw3JE$Y24OcBck61?q%3>O}30I0gl*w{E|fc-!;Mi1Fyk9Hvj)C2WbCvtNx4mUrk#_ z`QM9WgySjzutt4hIGpU`qot-)2LLQv5zYMkbW6+Y z2M%b?YqqtvvSjQ(uCKqGoP2z|5zqhfpS|5*jC_j&M3#|n=aPRh@(qVc++vw~N=w8z zJku-?h_zNK0&>R!uSKgzu)hRL*m<2>$mDClTGt?Q?n-bUsw*M_%n&yCwZykGZ8#CT zacXe}hQ}YHiE&|z-Uk#$gTN(@95Cw~w1zD@SiL$l84h(}&$dfTwu3u6LPHVN!SF6b zdxHAO^7ybU?UN2Ebq-*#2|I)Xbi@In-lLH;rGd<&f~~7vQZrrL*xA4b9;19Xz*L6? zmx&YQj}D>PZ?j?8qc>o1OLd*vONr zx803U6m53Vzb23j_r3@R)oRkK`W;>6kbQ4Z%rlRG>dH|uBU$*vEPo8>dl16>H8)rf z?F706jeVw+a!fO5Z6$g%6^)58y36;rMp!-dhBtwk88?0fWUV%caTYFkcK^p$u)=Mj z-LtKBjgFTtCa;yDB8H4FQN5&?W5wbo!B7X=kokHp=?VancEo=~;WD7=;;iF8|7dFE z8Q9eR*z&Xs`KYIjFQU{E*vTZ{4Jb2JS7Y$Ys69Sn>wt_MC3AY~C3`6=WlHkOjybe9 zXbej*$AGupp=Gu&MBqpA`|zeu4nx=RH%%~%%x7hM``Q=SRTjvAKL>`J19E$v4uwdJ z3rxpoGEWGa=VVsexjT(~fO~L=Fo|W?^p@sw8n2O`%4te}Jg({e1PrTbAD_>LcwwXv z^=xbpppYWM#$L|&CoP`kX~!of^&P33xrZE%S_qSmJPf@Vv-@&$ev2QyfGsgY>z#MUM zRy*=zNICj@3*GXHJn`kY`5}TJ*Ogz!dj4m2-2d44{})G=|Lptzm-7Gl_^+m^^Z&8` z!1Dj}zxrSQO>X~l)&7kC!9XzZ835Q2C^Q?C9nFSCq4+qsu~@Va7n++3C&0}k$Ri*s z%quJ)D8w%%!lx)EA}K1YBF?8RE}((u7nTv`l@J!%B`zc(Dk&kNB*AAWA*3NGsJ~0d zh#+ntB_XOPEuy$fl%OQW+J?wTD(;e!Qjp%Is35JlOF>pbLk6!er=Yn@T3tcfP+3V$ zRZ(9_Q&WwVp(w4csHm$Vr?0G_Bdx2UtVU2aFy5u5sV=Rqrl_x>XrQOa+Wu&18EEP1 z>1${hXz3a1X&D+ANb(V7MTzoarizlLs=J7UT|_N{xt^App#jmv*xuO8+)`P?R8!f) zP?@NsW2&udW}sAY;7GJT^(6lIjh|+wieFz_TEkw-cB~o zP9ztSnX8MPkF$l3tF4chor?=g`_0Q^&mLblXD@fJy*{q2t)Z`9z@C7BATPT>Pv<~i z*I+;I2tU^-fA0XlfWQFvz<|9`f$mX3zKIcjtQ}@>XhcYOU`Rw{bZAgyaCme?aAZ_e zbWD64B{nu8Au%#AAvz|VWfLzZ{y<`QVq#KC%D&{Zw0+4*=_&it(^FX++>DHzgP9o_ znVD2q(L68VQa^#J0N$ga+?{b8ZBf{sB=m)S$egsO?EQ(<0|$#Tk{B8A%#5s(+pouE(@1MM-qh7pcDl8?zrFfW_pvjbP3OB>hI(4Z&Kw`@J~n!``PyLnZ zx3`!#x1P_l-kU%BKl4BPzhCbJfcy#MBSoy~O(WSzZjO(poExBk$B|X!QEo35$Xne%*w-*1e$)7@-0zYQ)UCPK)x8q^L%-v*g(L0rUC{VEY(@JGvE5~ax})cd`PIVjo!*me$uiw|!d6Nz0ork+ zPD4`Df-$WVWW{S(zq-!?b>~qJBa3T4T)AG^sWHbUTUNhOrm(vQDlq zQ${DrPHicIVeQcm&-mS>{|wOxE6oD2sRhog&lZY&q0ChC23a2RqVH*xd>#?_47&T( z0WF$2cVcDRF||cCS9|S8X&M~*uRHGCRIeMxk72TBM;-KEOiA6+U#*1PRA1C>ogpxe z;;xB>ZsX08fQ7qYUaH0NHI-@ku^G*!T31IsuKqhW4c@eAI2yiIO2nw#KdRxV_mUzX zV6<5xRjRwLr%{qn{oOf_P3>WlsoAknMZqt8Oa>vow^LXOT zsso#KrTOul+&9%_6?)OKrEMc-wVDrRtz;O;JA2e`7CdX$drcGw&cROHanxC+rk}`O zPUDW$d4+sXn)7;QvPA7?Z(7TgkR$<+YCUnDZYkabe6ZJgNHM>u|Dqu1rtYhw&&c|( zELO<|tK@74ok!M+F&$5+y$-s}g0WJ=H%G^A8oZ?>E~_*{Z|AWOEbBuZ<&>I{vhAzZ zjwhD^$PAH`1;YcnrL?S~@yHu$iPCexvSNQRjZEm&ul z-f|L}gK;ALj>Et*F0ycjkoTX%2(cBuS+9>(fWrH5fG9H6g=b=2@b^ zY3hX7abVIx-7AmVvA;b%`|x~IX(Gq5}#-|1R|#%8k8F#^OKU z6x-SdQ#Zo-*BNm6A^TPbwMnH`eQj8(*_5Qcqi=ut@_n1Me*ZgxQ?mB48W(0Br?s9m z*m{%AX}m@m!yHV%OXqJjtmQ)PiqLn(Xm6Z)H>1`N-7~eU;%~EGZ^LUpLHCK$ohiw~ zS0$Bo{ZplO`j!jU9E~QfA90LtgGyT1Hx98uHrETB7cCt+?V4Uw<_aBWvyyMKJ?UVm zl_pzYGi2-<@Io65r25U^%`S0+#qP36^ko7r~R=Y})iA-t5A~_n};4DO%I7Z2ZQD#0`6zF)q3-?7NZNXc15m*-c9D zgSX4;N*?iu5J*-)l!$gtnnh@dLv)db0Jo`(N&N#=@plCXhLRpN7^rR>ByU^(J71E`u9!C4&Ij%`%K7J%bCa)P?q3qw?2|p zT|VU}EhSj!w@0I3btFVLyl~?~(=|hRlP>|JwDUuPDAgLyM8X(fHDL^WA_#7=ZYD@h zf-89!7W*>I@_Taxl>_<@`%$7ozhrsObb4qVgt>}t$nQ1TZZ1mzf_U~ZP4QabOf5Gv zmyMshELA8Y(;0hRGw&lgXNKo=YW67mpU_{pRwS>G=o8`O9Ei|=>uh+aFHxX>I~&`U zm}y8}7Q8bhrgF9peTdIIxmT%HIKYE+>XVJX3}o+v*ZE3kcAxTokH^VvyyQG|I$Pip z)k3gMD$6)+S+MKCqIHc=$q}%d&qlnIMt%9=Xxf-9zPF-kJGfK-1Vr@4R|UsOUe0}2 zvqfJmS~)FkVD@5Sjtg7^&|nZ7?TOhbyFHyI-16>k^u`2xRxM;>B~EumCi@fEqjLC! zn|sm=Y&QxJPCr0p;e*NSceu=?9i7=jW&=+x4CjXLHn^>(@T#OQ4IQoXm-5qGQVMcusP$ z?Jgl}%H21UaooV%&fB_p@5b4b@kF#{2?H!DkeL%tDSnt<)%`BSJx)roEPWO-h@Vi6 z|E9*7K#<}or4#*CnAv(WV1YRTOeH*%41MYD^SvaOLmtQyxr#@)hFj=Ly7?lXyP1gz zRm6$gIq$z))3R~KD&FpNi4)H#G~*hTbCX;ga8;Lops71N)%n>86&hbWZR97<3avrK zeu=$GQoTJv!I@+KRJVQm>JgK=rw1#$ifA-Be-csF)!v*B!PgreaXP$0C5Q`8HIr>8 zfH+I2xVlvak9s#p+G!~>{oRU2t6XJW%@6@8@qM0BTtn$2jvZdp`y|( zR4XNl%NJ_r0%T)cYq}xWMNLq^NgGYgu&8>PRVX~Gd-~PM%3jBL4&jr zQEVSlfoO_IAm`x);!n-i>}}~d*ZWHFZ2H2`W$~}HeC?ENz4k7V}JoWYN^zqF8wn^CP}nE>;sL{F~uW2G)AhL^C1)MY?T%j z4o+Ur`&iDN>J@s~Bj3&pO=yBtHto4dV~?po6;s)3134`F72Yzv-je+Nk$w(a1r_f8 zM=LphQ1lj==*Rhmn$2o4ShkE+%phGFCF?`3Cfg;$#ORO&JmLTanLmp>Jd3(clAEm9 z1=~Jkw(0c&&w0Vxxosh!qn~qJgYyBtVtRMnKR$Ef+G} zr*0kONYUrN0Uv0^ZL;3Hb({<>&O5Yh zj;Znie#{&NJx#&*)p&mQa*@hK7+`%FO?ZbYb_O1uz)Ycd9?AcNFNSf7-9Dmf?ObY| zv9%tsMdREi1>R(2*wM>1K_CTMl&)E3+WoZ4RQ;cQ()v)lJ~~8~ro)qlzOyd1$b|Vb z(XoNjzT-+weAG?G5wVu)56l3(2j>?W=Qlj(A{8^djUZGRB zb<3XF-k8N)pri13NIjOVm4ePEA;(D^S8pRp6l86S*7B^9X;zrsme(;{WSV(VZ66+&8v`>(^) zDTw7Uudb|s3!e^^?M{EqtUg|-H|@H+d=`RPrxKeGO)T^3L=bu%a$ycZn??0d!{E5PF@qxAN72*;I|yoG?ADNVf#eO(Mtm61tj>*hS&Bq(xl@ z*hlbSmXsb63xG&~I30F?fIK>hY#^eA(;XI)T$UtaZ{n+sS~;%mI|9;IIg_d}E9Y-e zX!3=@vAnJ`K}NSyP|-}V*G6kO1HCYdK$8F*0RUqGFbQCr1%2?Q=`-O!QvlzRrsiW< zbkA&B>Urh!K^%>I(km6g?{>$7!#!$taegMZKEk4lX{c!|=F0}ccpZqZM^q6{n$Z9R z6@bm2gi(Mq7XefgfF^<@$Y7>B*q099%Y;P{kq)mBxeTPDciiJ6sK>pix>@4&ho}ZD z`nD~)n>UfCLI+U~y+e2mz6R_|m_$@k% zq44YD#~{rh!*%4{L=*=FKvRG>`d#me05tO_@IDg6M+7ZtfyGH+>2;h086-s$Q^i7z zgdsa@5VduP1{UUqg}TyVo^+V&EG&E$=F5b|61w+N;mLIP7?G`N7HXNzD}V<(kWt)T zaJfgFJ?Q`#--TxMD6at@^v~hQAPLGj2|QSG9Vbl$E71nNcAnE>K=jC9LjY>XQVAo$ zL$FX^Jk$;kHN`^B=rF4_xI+N@5EkV#d)_k>Bte5WG0?ZLP^GB0Gqyla5%A8Zi-Xpy z9|e+JC*x9jWyu55Scnt}qSbUxi9V#qgj`sI7?TE#u~0hz>Ht9P=un>~SV0#|iv*9M zB5#q=zFikQe~v)XNj&LPAnbb2NjpHP0YEVUQT)J#Nbo)bury)l;?RH+0Zb%8)M$xH z*g+YfPj7v|+;`9vfSNYJ+yI6T6&_9=jv}y+k=e@dQ1LL{V=Uzk5_=ToVs{aMBm&Dr z{qKCvi4sBTk3e0*EEZqv9=d!14bf|Y=uxhitg~1QRXzL0GP8|_G4aB1Zw)6*ZTNl^tz}ow-eE1e5L+mqL zhv?7xs3}dDP{v#-Fi#@PWfo>&2#cTz-NIt335cXI{*WeQ8xb=-3-3$s`H5q&>?B_1 z@##vi1L4+BaxH+QNg#bYFs}Xb*J%iWF|IW`8v1>(_WPg%3GPCLd(dIw^aR21N@2$k}W*E zc^&dY7)E45oC%D^1F#SP;mHh*1rYN@OfME0MF(e;!wU%Lxpf4J3}T~j)?l;3JQqfy?iQ0hjM5m$iC-DEy>pps&4d5c?K6bY5{5^aHZlHA6$s zx)ET8N-#J2VE8(>&pKw5$d*phJZ%W&m_;1LVisr!D7EWQ^hlu+=)A(MWp|M1f%&he z$5~6BS4*QlZ*CvD4sj;l(I5?)U?+6^;BFL{9UbOOg-4O$CbJ&L0fa2M(<=aU2+uZx zXVans5=0Q6(s;D*?ZMYm;-@da{szt%x@_hP2|G43{e3{63GtyV5J?N_(R~%Za1-{2 z6zpU@9y3H|sE+dUF_CRp%yA-kX*UQ(1ulJ`+*BG!5Z>!|=G+Hg@Lo{}?aln5wfQSI z#slmh__IS>X6`^2q2YvwL^9^ePa+$27Hp-A?fQWdfI)GQ z9}qKgU-aUF3wUof}Gs7S_eI0=$-80fbJ zt=V^p4Fg|JkFWYJX#mhSZ+kDD5i7k8F{6(eUK);8f*Hni`@z|Vn5dg`!0k*BXA?9A zi>xK`RhhC+tz)L>=u#Sj0w7`t2nrn@Hp}AxLL|;24y?0g4}=+ZVzZ%lz@X0!n2q=W zId%CCF!MH+fI9Q#UMT}CM^n?nL-#R}%&0RlhIS;hb>H*J~3GV8c31}i69^jVNvD4 zPgE5Z)k0uv0r-_T`Fm&4RsrHgbMNP{>|tE&BUDs90pY?j6v+e=NDxD1s7n*<0G_R% zfPPBF+@WG9uBb?A$h$0VMKV;0G-$|#L{Z+P&%*caeA?H9NTeYSF_Bdy)Da4*W}UB% z%ocqGy=7Y8zK%Lh`rJbK+>B=n&cs-5pnD1E7V7f|I{12$rgbZb{~1@00a%g*KD=}B z$Q$lZGHaj_DqTm?s7NY+DkGroccVWaH}6^Z#tVs#!c*SdI5+_n%N z?EQ4`p(@mYF}V2jnlTy7f#sg}{|Vy)Nt8U=Q~;w@2JXfDTo>QjG}-y+zq55{$I2CU zk-qcIABF&7PsL&+yk?oEEVC`0LgobfGg;@u<=edGmT3xSRW5e6(9Ej};awB~v!J%A zOvD&nvZHf>Axvj`vg$>jzE-S<3N;)odXDwz61$v`oXz@9aj`R4f=!Xv((8=hybxq< zUNK8;&mN;G&@#;Pa`qdxuqf8G;U+OVdfXsc_Lv{Pgnn3!8Ii ztk0gYdGX=#@cGzCk-%?pR(tjZWT+Gr+1KWIMU^j3SFd7kpU(?n`J4oEKxcmEQucWo6BwAG=?a( z_X+7wRW-&^iko`L@i4yXvyw&ToW+_2vbhs?3fn)uR^KI4Qm>g{tI*ZAY0FZIOt4cK z`nYLFIQPrs=ii?Y{bT2Up$T!ZN&bP!>FNG~5wVH>5wYQM$%!E~pQ%miC{lEN|eEpv&@aO!`1S|kt75;TSF^rIefSSCxEMv*S zLS;kLs87YZ$F$pi8EGt&uSpTqtZlhRPg6Q*7SzWrQ1`@QVI|G}RLCZ&ZQ#JI_t&fV z1qFGP1q1|D_Xu<2aJ<5lgB3@D9QRRTB3e}*hbMw&}&zwCcYb%(S z!r&|$Io{{$9A~u_|1opEPMK92ko@kciDmJ zh7On2#D>a+t~R?g6?@;nc2EK**ZovBn<(yau#E!{L7%U*YQ#&tdrR<;nU@K_?j%Cq|l zF1i<^uCsMWx4o`c@UFistn^XzdpLnv8kWht+R43EotVsbg)tc3ff-p_&-jt4W0f5p zatws4)XsJ;i2guD_Ji>1u`N zmFmOaiweZH_g!(nc}fcYBl>pM&PA!Z zjCasu7cV`od4#<3W0@U3y31;MC-Q+&jdynX;aRs3oc-scvAkXa_DE%-nhdg54;RF1Ywcyr!P zNXHUs;eveDk%cosnaLMT9MqFfz44D%XbNT>MR!oSx?=l zdgzDjcR#-GsQ_KlU+wbXi;N#4=8ugNUNi+2PG$n&4pKhl zS=`VQzEr_Ie4*$_biy`Q&9wkZn5I{=zFBkgsP`TzSC&Pp+~z>J(W?F@U;SIe#Judv zElOKn!e&}lJ7EW1bfeGQvEhHcLmytXgwTgMETU1xlDfeOX8N{MN-vKiS9C7CDSDgd zsB*!vUwEosv2w7b?p(;|lh<9HV%ZjxYh?$dvW5>XXH;`NDE2G%Bq29Cgp#wLM^zEJ5GqF;1?{yoYCPt`F$y8+X z@)*aZ=39N~Yv+;0oiEkzPTK^@6`nN~EpKmRpH95SkR2;g=lopKb5f|~d;j!Vq+i7y zn4*00Rn$OhVossz&#uI9A?^D+i=Q71 zgyvE$>mxB%)*tfVMXBic|wYb(z`Xn$$H0NLgm)th92PT_gvU3Z^jhJX-F7oEO>$ z9HPAdDu7I#8Wa1vo=;2yzrTNi-GH4`GqN}l#O}3OA;h?)z(za2%G_N7DtBnGg$;icq?^P7 z(o!d^A zHJStTq+^WWO^)`eQZf6JyyJ-jZ>}97FGuo9;Mgo1JR%^2iqGJ~RO2hgFB^Bb1S_V4 zkDWdUFT#ih;|#n^3)vD1t&}M%qg}_}DwL?-~S#m!T8G50~TSn7s9~h)zW?$90 zBZ`N|e@)2bpdf*()-V{r00|1daBD%YalF^{=oV9>MebSS7<*+A-|h-oYwK!T=ruxz z12S}<%0nl;oUFc|hlnCq;kw>l4MObQrf8wMlvb^%n_LY7d!@x;U#N4D3k^q)g^QvD zU2dol%hGr@EF@kDa9w0nAf}|ie0YG}@CXC|s478C?!y%3qzHxj3ZRmQOLQi&L;_5S z2!c*>jQ~wVSn1I*w)DzEtNB-yftlyZc1ay3y2o?{uZ=^sXK|x%MnLB-iz0Eqva;GsA^1)ZKoujJR7}3mGQ?=?I+k& zmABtR0D7)Ms1F3dQyNpvks_%8SQzN(JS39op4c>Rven&{c{E7U;LCztta_FNZAIRx zZc4a7GB3vFL9s1gj+p36Jnt)qV#%-7UY3u!^9KP_?G2#z>dGrD)dpnos5Q!KS!i?c zna~^hqST;9ryboQsSH2y^a;i1`h(}`j~c4|Q*=1ezC=H*@SZ{-2i4K6k!jne0LGaH zavTcPKKCF$;XCHszGJhZ+T>-dR|ic>#i|JH$K($^r=4-#ygZDroGBvLdZ^$*<)hD+ zYjOfl1YM4>|EhD>`RIjqnHZa++}jHS{Te*InIl@#Zg%>91IV5A@41``8PHTs?bZed z=Rp;NQ)ceV-n;EB_Q~ykfF`f$JdFyuQ@XV#4t-T+D2lOs(nmtl0DDn(%b+u2<*FM;T@Be;4`F&g! z|HHYkikOxo2?k=LVK{bItBJNv7q}O0oF2@QuM}3oFs6vum!{v}3PoG6qr;lanE6g6F!Ox2M3-^0!)b>ZkJ#W4E>CwIS#+xsHJeq4b zbbVzZv(Mq?w)7UZ=iOxVeqPmuy`y_Je9pb6XCMRJdy+pC^&e_Pr0-ZH9fTuyGq=1_ z?xyp~#o#`X4&)|_-_1zp$)rq@8qe=5p0paUNFGXc_O3n<>YhF{us?q?b=uS7+C)l1 zO{(PcES|p9+VRv6=Uvgy9bypHk87+mr4LqlS|J2-jNSdddVmLXtnZ(U_L)e?o!I+v zG9fwD?fK-Pk`=q4DvuSb(3d%Gr32=YwFzeO>A3Upyq|r`V9wm`&SrPh54Wc#*8oml z``fBABRq32tz^W=rAb*Q2i3SLy2teQWzAI|*q0Po@X^6zVz1$9?uMmL!+iA9tIp`{ z{rVk&%buxnd|A%h8Jft5fbGK5(#~KiBtR#@sLyW{zHj|ru7G<=s?Dby`LN_^Sr7hC zDRx&qdzG5b*u*Dqfbqliv))x=R4Y*ClzdYOohhGYRCN036xze zD1^tvO$FQyjmZwT;2E^axJxSj7;?2e{8{Zj4f$O0l@jsXe4cPaZr;L~t;0(ni?`*Y z`H~{m(-`#Z(Py3U^f{$20W?}Rm=8XC&V ziDt#{-x$zeFwJ%Kf5oV?azKC&EB==O1cMj^B77n98~~Xy*}2 ziX6l8_l81ZP$&!+nhnjx%Zb5o@(OTsv$n?qEECMX!e4&=B>rs-Vn?IdIoPor99SNf z@*vNzh=b=(6|R5e0y_+V3(0CI1p<-;z+4~*7ii}(iz$ems~{5=l`xhX;=gDj0sw^7 zNue+}0*PWnv%28F&IAEq$iHN=&PSmj2p9^6A>c?D1f#*qQI-;?R7jEtV zfgZYg<6}1WUY!3{bvm=UK);=OM?>zKftQ6f;x3Let@bBs%uCk3{DE#HZgiwWD(lFB z{iVioIY*g9?BO!6PoT7F51nDKQ1Y951|PQCk2xMA-Ml!a7$I)$G;}5Idj-+_z=e%D zy+uXkIfhN+(6=Li2;%xQXa1K?CmD@scufLvHtoXWtsOu@VXUO@7{0=KndgSNt?N5!U3wVLyI z>t_~*F%Hcku}PXgq@WhoKjzgJGGD{rNijO*XRcAAy3#nKas*c*Iq5$)DHTT+ZcuA3 z+LbhNip$8odq^~XsdGj4;E^l)*kET>PHlePyz`dQ`1t!hok%I4<(Eb`loN^3#}RRH zTh1`+SErU%1}*2_8nta3te)BvaEhw)N?i5B$|odQ+srOtA2W{RQag;z4MPAfAl?ln8Z{6S!cD@f%{#}&fEvL3Y(}iE;iCE zIc^*26VeqnyX-uLMIPBHwa+Coen_G6AxrPR&sU!G?0T(p`|)e1f#`RQD{rlF+O7%D zqJ&<+_n!w0tiV>cxj$APLK9b3zE+7fyFQtS#X$LR_I889i}MDj#?BAb1(}-E1>9d+ zuRQU3ZMS3OF|DuF@Z)-^jL75DK6A?Z_lUMRExk=J#s+zP#-)k|T&xwZKa{$Et4T7p zz;)-r@0kVqXEs3W{A7)zEFI>ZWsH}Nxw${d#fc@Ozxx*oz*yTy#Ky7Y9)OtGqy!f$ zGrX6#4<2z700Su2Y@!AL0YQlr2Ukls)<_B1>^8?IvI_lz{}#3uevi|@9c6109{)G| zKLl|FQ4*5=jP8I&a7bbh3(jHHj809W{KBuZV4lFJUoiOB48fDYB9H~MKA8eMVSiwy z-(~*5#9wf5Ol&Z#%rBZL!7;(V;HxaSASF431w-sva9&D8NGc1y%Yvn&lVc)S@UQui zCnh8yku@3pnuDa1LW06sFo6YQ65L$OSuo3Q4iXdgcW~g}!AT)$EII+eJdUz2AtEe1 z2`?YC3(xW$s*AS{NsSIkN>U~T1VsfT1mn%)VkiNz`vBlin}5{;aKCtqXE9k@O;1}} zSzU$2{=bI*H1n^e{&V2hv;9-zgY)la2I8Cf8}4s)|AvceVa?I3wFrdvH(Ve~BXS^@ zQj!RC!CsG1}Lh#D}wiExiEB+l>e@BOsOGs!)LP#v@ zRvxTg77-i9dfc(W5lInovG|DC|L6(-H>>>}4ZpxY{h9@ExBUco{8a$#Egk^!b_RfQ zqXCHDaaIoKug}dML~5Cnt+F+c*43LF43fjpoX zpaE4tJ4JIPi^jexF!=0FcXOQ2Vv zP0&{`1dIXmfJMQwU{$a#*c5CBb_4GLhk@h4>EIl2DYzEg0zM7y2akZSgXh6a@EZ6N z1c0C+d=LqUGDH_*4sn9`Ktdr2kb{sSNHwGdau#wCG6}f@VM5+OzChtnZYUnA3^jmS zv;4OQLF1tZp(W6IXa}^P<$?7MbP2i+{Rv}-iNF+L`Y;=q7c2~x3d@64!`flzVdJoQ z*mKwx91iD$%fWTv)^KllBz!--1bz&D4$gqj!JolDArJ^bgd)NS;e-f4Bq8z;b%@i5 zD~Q{O=ZI}28YzxcM_M9%kg>=tWHquAc^P>d`4agJg+`CmU?5Ehr*q^X(b8vI0aM*AJa~$Gm;OOVL&GC*C z#VNyS%DI;_owJ&=m-80q8!QSdi#5jvU=Ly&uotlRu%EcNxzxCvxMH|UxH`G6ajoJI zI9c3oTre&N*NPj%J>!OOOL3cX2XSX}w{eeiKj(q-$nn_lMDi5#oZ-32!*Wx_tI6xZ zo5tI~dx@9H2jP?Dv*C;8E92|oTj2Z3FUoJqAHrYAf0q9?|7QVV0ir;NK#{;Xfq8+i zf_TB*f>DCyf&+q&g`h$TLe4^|LdS*1h29AB2pb3o2^R_X2tO17iztY=i0l_>6`2wF zBq}CqB}x&k6CD$MBgQ926pIwA6uT_;N}OBVSUf_!Qv8beYdkOB6d#SR#b3p*ONdBV zOC(D)OWc(BCMhTBE}12HPV%u7o0P6ps8prYsMNZ&xU_@x0qHL3hcYM`U72v18ktF% z&$4o|p0fF}1G1}f0&+HT>2h6ii}LL9Ci3y}E%JAF!FTEIirRH-*Q^3qK}#WAp+Vu6 zB3MydF+%Z};+zspNlz(OsYU6YGDg`{IYqfkc}ay&#a<;#WkBVfsQ90e zA)3%ec%+6?vsKGdyQsFQuAm;I-k^S0gI&W?m1d&r^};D(k;=Q(u3)l=^fG=*88Hbt)HadqyOGO*&xcG(_qz5 z&M?HV&G4C#q)~uTvk}u6Z%j6BGG>}cm;{)#m@E^eh{42m;!D$Arje$nP2ZUj%o5Db zn|(IdH_tFGLEs115SXGjnfgQ$0RvYJZZ=o z?o4uSaDL&U=5oMg(v{oQ-?h_q%gxNK%)t}%5#ED72p;=3HX6{UNa9HM$ayrbNfi1d$~0;qnl%~~{WwM~rZJX0)-U#c-1)fDcyPRH{6d06 zLVm)xM2EzgB+;atq%X<#$ul>^Zsgs-rZ}Z6q)Mljq!FZfrQJ(cNUzJF%m~eRoT-!9 zlLgO8%sR=o$)3)U%qh(!&JE1PaUmq&A=}ux?kOlM0McUMt2b$4P9 zs3)Z7sMn@)mg#ChcL zsLkkuvCCtt;|AjkceL(IO{h+cO(G_TrY=m~nwFdHpOKmAot2*LnUk99o|l^MUXWhs zSvw*>krm|1#Hz;X?3(V{@;&2w>-R11W7Zwk_cuH?jyHogKR-Zi zLADaNVcR)7EISns`5(4oq%niL$X#4o+M@@L?H@ni^WXdOB>E}Y)0}5#p4IP*@83F5 zJy<%lIDGQl=lSOsu`elK7QNzo)%9BO_1w|rqbJ9H$JjT?ZyDd#o=BdIzSDoV^WO9Q z=MRaejHh)UWj;=RGX3=I^VKheU-G{4e;xRy^=%95iL)5}Pb@Dql$1(IQ}P=m)Cd~e`9&!!j1!pIAI9?f16#t zi#s5kafRR?2A6-8lyD{vd)lF+h~Qcw$uSI4em<#lIUd-iVi> zC@Q9);8lRY7!Gq~EjDd#o<*iu$U15eXJN9LpU|q@h7cCx4Ud{gJz+^bBhIy0=kqGO*=_o ztFE1(3o4<8{-!N=wiR@T-hZhUN%YwpZZ_p{DQn`|b-9)9$QXPCxoZ-hVEDk>BU9e} zV(DGun)@(X{mu+4&X*%}T^u~-C)P{C=JhAYjqc;?uXwtnGq+k^4pKb=kB=pDxw=(b zzEZOi&oFq#9o8x$*xNzL3)LN$zujj)(8gmQVa%v0cVI?URLW~Nm|nrY=&JPhsy@sLJd)q|+R0pza>aUHw#hKugD zg}a8pH3D2CqKIKUO;R)hd9Q;-uUuqZgBFiuZI(~{P^j@N-dZxz0+EK7i#|1@Py@oK zkT*4BapbZiR9%A_3<~7SNZ4zmaf6<9>{pfqz={Akx3{N0PCU?|PaX|Gx-&UXH}LP}3`eDMy^z+K`&-!>W@VKYa%&%~Rz{M&1- z1^J)}ZUMBHT)hpYtYxXb*5SwYOQSU{Y4nJ7_-?rk=X&vXA8|BlVgU(?oyVhlm_h0Y zi6T(-wXC4fL2^&gfS|#gsi$Vs;CS#$ZXkiD;WAyT<&&YV#!;;x_x02JDKG9QokmJX zM{D_B4B%9Oc%7DUP_Hf~_aSepy0=T}_lrtuS_i0J%gH^G^p0^nw8dF!*EZKQ9KEcy zZ|r9shXSr@IR^FbLEJp$HfTDgHLY@dY4W28YLux`adBR~h z-Lltwjt&8_hcnQ}+a z`xm{?cT6iv!f##MFN9KV)Dhg{R6cKIO5|nzP(UJ3M|Yn{MpQz0 zDcbD%HKy%>=PjBpt|4FKwjZijnC(d|)t3=7o$1P^J0(fBf@F_2JQtrl(y@F3E4)tH z`(=D>KI7zD8PB2Jx#Fq7n0@+wy>v1VnIw_^(bQa|AkVgOj>9cxv!kk4!_}{)gFX|_ zJxQNMTWAU04aUok)p>3*NHqR!H%ZusK%R$F>A<#&>p>_MP|veQId8lAI5FqK0f4As z>miGs{aZ$3C$fSUkG(e$Bzwiu7%9ESAu5_bble&3HhV*`sv z2Fv#^sZm^1_h*Y{h;nIeJGvD6nVJxL_l^8|P|#}K`N4c5I2{>vlAy;tOa0N6E~jp< zwNoa>aWA96%`SwJK0Jd+5kNRpkKEKyJ*X_|<(VG=Q>DANLTDfv79BH`5MvABJHmci zQ!2E1E8yy)v~dubGTlNrk$T(}ViakatBqUGXUhCq@9v``flj&5yA{QO@AHhc&NV(- zVYR*3C@`O1;2A!7?ORPsv)BC@-|8rRoBA2S&D{zr*DxQR=T@4+j;UoKxfwo z`A*O%?dnQ&&E4y^v<9O0+PR&aC&rK#Nbse`5<13OZ?%K9%^vS##yMG&So7`e;_Lv| zaCQFsUgn2ZYyI0D4=ZW4oSPG$@J@QWs@OeheEjl@&B-Kx&QXs@b9}^whjS{8AKar+ zS2lw=1(ldwZ>rMI&K{*T)5cRRG-W%)jAGl@iAA>CT!!NBo%_wela22%+cm`Jl zK$3=2lFu80ZC#B?GTe~IjbXSWqVA(n-unxvGMx5(e~RgD#_0i5##V2~5tS?VUfjz% z#*H_AvJ=E8NuA584;T|{uVYt^kKh?xuTLGgP#VZ4g5fAd1Q%6;1E2}r85CK|Zune7 zXk&HwQ2G(2^EgX&y2+DiM^OW=PhM2+T)p{QOVvJaT;630QgvlP9%M9EnF{5aq!D^U zEYh?Z>siN&sLAtn*sL9WPhE<>xnl?Ka;2oL_9z$Gh2m*ec{Te^bu$er~z-O&>qc z2k(fVCz=;B2CfvMSy}pKRLnwy%=7Azrmjnkx;?JV^fTsZ1zr~B*I@^ZW1)J2Lo*01 z6B8eUM*X#mA@MdZ#rz&N@(o(nO9kmSR9LqReT_AzDy2OiNg~u;VyHjM)%~@`-)XxW z@2HVjd_$0}Z8yP<7qx zVT+;Df1}-S_!d(Tc5TrUF+L!u2{|I^X(=nYiC$$+b%OvSB`S#~l

    S_q7u%HA`kDZD zr5L2JuF8ur{!!!=$SN&S(85(NNa${?*a0)Yp(>$YMA;0~dsuhUzDb!0;Kiia*~19w zEo*M*)Bu>XTd>YB#x`nkkh96R4aGz%)J=%jMy;DI*u`M&M@?=B&BG~mT!&_7z0&>9TD9Ywd%avq?I9h*;-m%n=rZc7be%c(sdxo#6Yt^W6sUw>Ig7r zy)d}~3UW*FuNfKCX)9Nj*IO-$YP$57ot)8l0QsD~tL9#GJ-+?y)_U5=p2-mSwiwnO zr;Sad!?hE7Pg z7BdO*z>RCAn||dAHB9m;hF%!5+OFyO13*K7Ht|{{7I|8k78<)6n>uFCa*4F&gH9V( z?1jQ`Qwt~i^>;H}6sKp33#hD%qz-)-yVYjMu*OOX^bfw)ZA;Mf%?T$|T29lGZ2N4;cBe*}3l1M)rfm$X^(TFyt zEH<*=`ojWz0}YS_5`j4VlM0@ZDvxJv9`F^?nT+O&rN?x6*i?~hL(`oTS}>s$WthJi zFp;Ysr+6KB4fc_m%Urhhpmt_35<=m)UVl#>7x>z0-h919;{Rw6ixR zR_rHU#CM>C1`7iK6J$f`FJb0dNy=(e_fAj(KxXwjlPlnnR4fiaXef|`kdW*+iycfS z)%7dD$a{FRFYH3E+UPJ?3;E?PH15b#n1Y8Ir~%ao>+FU#wodlk2xrX; zii@*zOS5y+3#h=Q!FA43=W~-qR>YFTypm}tX0(`!Jdx$EiezzAK)`*1%&er?nwyvy zW2C+qihX(?c0i6r zVfI_j?^H>M6cz7>OQ%9Vnjv(jP7}D@(<+cgRi^|%V4%ZC#Um%CJ~XQUuE^rj{L<3m zEF+QQ#!QjG*`LBlKc@~7lTB45OIE*1$L_kY;&hO5lH5>w$R3$Ue7?Sf>~-K!9VCUg zI){U-JCC$Dh*Kj_WYzc?-V%&hX+MV7OS^!ddH~H{ucQEPv*|+^Lv1JkPqb{kqC~_< zo9^elNMHDvH|03dhj;x1={{KGVzHkft*tL`Z$RvllEN3s^c-^doMQ zWJYaT-|BQjwx}>G4L;9+u&RL3zuCJ!D_Sc(60YGptT^|o4Co{rOS@34OJcVXdqUlH z$rI;2G#vC-si|3qUz2jeykjl7rFs&rK{zI;)*J~vneqD}vLYn#UmNa4g8<;(Q32)M zi6dcSx>(m2-dGAP9$?RIX&EYQyF6J#_iqi49cE5%_Bsc>g=AS*b}=r`dVSI zJDl?>^z1AIXI(%f zGK+Li7m%J(VsqZwX%E(H*D znjQ?DT~{|*G`(KZ6k0$qi89qfq#2j_)+o{(m*(bX7Z;1OFkcXRBM^mMCwOs3gc~oo z?n98mZ30GQj%Uybmvd@-3^{t8FAydNfH=*6FxsIEHH@Fk&J|COhx_=LQ3xBFfOoDQ zvv}y}Q3%vIx*B63cq|*&6=k8BfLWx*P2MT&3V1=7Mj#9EIWK!z(M6+m;s+24$tRL{ z;7)!V$x8ZMipX}aw<6YHW5;}7uc(~aAkt}Mq8!S=7~SURN27sVxpZ8vpZV&cK?<#n zS*-fDRAP+SAsJ`5vB^QwJUnni^AdzqsDPakNu#7t!0Q|f%H-61NtgE&x?Q)8yUK&^ z>=OIXC0GU(4jSGSWJr+#c4y2ml0@=LCQ6X5J!#ky&1m*^vG+43mIB%8U> zB#r{O>@t-=HDJhKqG+RjuTrNk0NycnzSRPKRCa}`K*&I+T9T$xzjdi$C!7W%2^hcO z?kEK&^O(ajVbBurIHC=oIPWIX2T8)ZZa-TR%W^C9kil?!d}m(7obRq|u0K;)M^omy z5Dgbeo)xrRE!QTwHd;kdsbFQCf|!&FFT{t{O+q@TwB@l)Cn@=m2dVihLK11>agT#NDfdy3Jy^7HIj05CC^w~i~zbgd1xdk(66C+#&S|9G6HaQhuA5Rtw;ZH zW1%BdBNo}tI6t>M zu@Yaw!IX<;wL-V3t9NLOMlANcyXPpNBf%F&p}ivaW{Cl zw6~#D38i=xUo6l`HS~;)K}Qz9 z2OR*XR!aX#x@`+l*tIwz=46wZe*QEs0%h&A&o%afR1~SaEg`yYFh$4MqvlPr9UGU0 zaIelb%QjDfQQkr;mY73W;J9tMuGw3@psdpiD2p%$n`zLaqZ7$RS-ah6B4Kv|3+?oQ zyU&j+ft{UOo?BSF39;uaZK)IyM{7h?uJ!UWq8c}T<%Eb0U_Pa)!Q05o=ETs@wn;Jl#IB?BG8Fy&os%!&qpnnwAM2QaH}#? zZ{mFx{fbL;qm&Nn5*;_RHIbJWMEJVuIuY_yH3e!d-OkF`=a$IDrDRDPBgo?Fs*2HU z8bk&n$SXh<+p$d>j=ErDC8~d?g*io93*3n4zj2HpC8Ee70(4cjDbkBt@06@i9YlPrN0) z0`8ce)L1E@cw%r2p7Oe=7ptY$oezK*tIt~fWaJ`aeg*PcvkH%o&o1>UP^f^GCy1W< zygD=_!nD;OHIHV3-VD5So%l5uxbC^iLx*g%^nR|0Hp}#izxcJgboC; zt8)NtOiJiGF%!Nkh8-esAzM!OTvIq)B%6{yL5~%*281ku0-8*VArg_`1+`4{-8eUd z2a7BiM4i=L>dLAz_dctjMCO8K#>WsYf?z%gzmR1_6^m$mWwjzEnzFDqkWA9B(Qgp7 zVynkB2n5tUBwk|=MZ6H2A`U2I&Z5bI)EvO>oThk592_O|96^*U<4(q)wVzb3AXl|c zEj~;F!9%u24&qu!(qMZS>Q$gIEk%TuGz- zcj#2g^YO~&*0b9i&#&&F@9vFfcRE^3DdCUSPNo7%>BaPfYSy>vwd^9|O9|_qc(Db+ zx{aTwlDbCMDFves6@00wOebnnFJ+Wvmj1W0@1{I&Kp6Xn8Z&y~#OUsODc}MRBY^kex0{a0l+^jiGmViBz;_n6QYxMu;dGI z!YKQNI1$z64E0ZPwQY(rbD|$D!g$k6>giP4n>S~QtFzNcs9QTk5wbm4-q%a*lFAfW zIXXKKXcdK1FNlpO*zTd1-EE55W5pSC7k5nKll`L)>)3=QTa%K`}lRT?J;hgk_CR2utM#3O`6 z7G(e-W1}_82+NM3EoumACrL|tJ)g$@K7itLhMet)16aO@r0i-7GkwKEv&n~HI-)7XR(U4g$JiBvqvbdln?X(kE z3+a{>wuy#tR9u+cty-oL2RlI)4bpfDo2r2ABV)U9AG$Wr0s=ldk%z5xI4X3sNsgg@ z3jII_4KaE^HnEwp@it<=n_lvTRT}+6Tdh(PsL873S{jRJNDCg)CaLuU9~0Oj$V*Mp zCvtHk@ziINQJq}Gb-k|4uJ(WY&4}_z+?TwVOsC2B2YDV@`8Wgx5S6x&Q4HlG&`Y&( zjAnl3aJ{?ddlx$QS3s>gRs+D&NEJKNgY=H&%g6y5CsJzRvplJ{PoF_`uYtVnA z`c%$09cpoA^~TcdJYrnSUaC<+#dPXnS(+H)AzqcGmPSfe;ox92v@AJ~j*s=HD+8>< zGvQ$A@{ec=tSgx5Ng|8kl$zjkO){2R^@x^wkWNliIwC0{E95qn)A0S^LcuYX3Vy5} z0vy+jJch=7@-#5qL_KbsmSZztK@6PWYFq;|Oh9|lpU|SMCLpkIIc_It>P-Gew+zyN z>j(4}4GVqPk-#(<$0dbLm9ML*5KBWqea%F&1OYdT1lHi#gqZuhfC;+UY#cXTY)Py7 z662qat7PZN#z#RoPZuYQxY^@dr;sv@94fH^l8O3$jF}E>3dJ=Er9^v!&U5ca6L@4$ zFtwv)@b>2CC#~%QGhq1r#tG^%Vjpn16pr8|Rp5CFK>~n#qn80!Vc07GmmLt5j!q>4 zI!)@nLVjVcJ4YB!Q68bJ`=MHZLp zM)yk9n!1Y*o2sS>e^7RztU?Xa=AU!gZzf&Q3@(ses2fl}c1Y<-{lw!}(6|%+4$>7guL)POJn`GV(J7=9jqIzS_>JHtpt)ReGi( zq)ft<VNl!=->v1F@ z5RNIa7?Ola8FFaG5%S=m-JnxQVqUR`W=sKvtb-ScnnH0vSE?Npw8vn+xZB5`hHY-G zZ@jfrsMQ$K5H0GiP~yy-;EBAE$^jTJ?mNu*iQ;&2OMPFY#3{kr8M%fdJ}s%YU8YZ< zhG{1@JMn!8ij4bWB~zIQ1o2857K@yfYP}fvQ@R!K*%Rd1jrAJ~%kvP-g3WCJg1o7{ zRiS{3Q4?lSA$wk=2~yFZ0yYegl(B<|tvK@dkkTNJI-&~Lc#^8X9)OhQjNZs4TZy#o zOLc>Tj!Izb*wqEGqsC%=)y|LDy}W7G#{Ali)y11Pd`pP+q%F3eHhH%q71>QdQ!h12 z30lG7(-W~w(v?|>N9pF{L)9ED6Jf|xGZPRA)<;7^bZ(9g5s_}K3>i+M2K4iUEa1h& z@LodN7dvr=te7nks$}B4(EwGY{AA&>nrkT0R1onCwE-p`5o!_mCZ6e7p3yu_lc=3_ zh}P){xA>l@M^_R5KtDBY&Rjn_DZx&tyHwRWHBhyF54B_3=r?!eWyP5!SR|yKsP3p; zvIQ;@9U$isZTo_CJsj3`A*VOW8HVtM`Pt%)wKd4;DMNAYPHP)4N*4lzBL(Y;=&3@> zMWv#vE_SW3jUb0ztxN&>R#`OyPN>w_5&`ZJIp3cFH}_~{AuM1~sr zRJ$xyzYpq9PqZ7y_z(foLk3}CERKichQW0wK`s1wq!@5F-b)76o&5?w)USJUUk)RV z8MEIbU{DYXi}NNKg(vg%ULgfKUS6gcYPelIrXAKDZzYx(K^CxNJ}C;Shroehk$)Hm zDD)CoehN>$dUDcwoKH@QL5P=#qyc{=f5Zjv-MS{qMp{M14K>|l#o5XY)k~xgsxQ*V zjlf>zvVs|~8pXFU(gR{+Cy_v~=>Q2><2w(I(bBUfHPj*5QZf}kskksTR+mi3dxNDY zy@lUOxQS)LjSHiYucWxSPYr3AWoNL?+UCy1I<`<@Rr)d=N$q`4 z#4Hz(ZVUG86{qkCT$&sNyX#}g$(2;0suzpuWB~ArQtyq!kaFp8*X)M0Rj>SvM$=L*ewE)yrAS?#;bb#rBGaZ|0GBH7i{fYtA7B8HFf+UaST#Ub z$SF?ei%q`Td zfe$F&x_fTrdRaQ)K52(wE1}Yf?79&N_h>bs*dx}jejrV@_&nRjBd$U8Tg@&_5j|ov zryUVxh)5u(CmEFUlja@V$rqfU^d}M-n24?txb%eb6a^7{YUQ9;M`KrTMaon$j-=}d zFkX!ot?OEE1YdJ1KLSWc3-K_(#wdLkH==sLrX{R;EyI!^!i?vqAP^Gcbgtydkj!o+ z3b7;1&l-fl7}rUJM2RCw)TLjRmUfak1tV_}m=xcoIp&h2VV)&x403Fb0d+Jl;Gp_Prom%}*f zjUk@XxB(R`6417|(oO`2%b;B%CnXKACNPo*fh-t+8Pd8`&$bm4qY+5jf|1JZR17CM z@XM_$(sBit@~yX?K`%X!K4H}kA4tby35QcVS|L%VAocL!;~lK4rEyiWam+<)yi0s*G}$8?w;51`@~ODQYU)m@3?;?3Hk6JR}~Ph%;;Cbig{1jD*e+?#7da zGeK?vszHt^A@rD5%<#1wq~3k9L22`2!C!a{!Nhf|Bf7q`P7iTw4|(=>S8?UAmLtCE zn7XXX@3+Gn*>1dmwn2!`#ilDqEB@EueL*X!^toHKAv4y=#RT7lP)RR)G{| zK{nqKgiwJb#DEjt9+fC&3aDddaTOa1Zt2%Z)4)YR@~C?b41BD4X<=r5W_e~2Xyh+u zCeVcfyUXmAE4w8DPoxY$Vwp?>k7Oj(2TCRqsR+<$Ru9-;O{kiw*OZ+w68=+YKuj>j zFDWC5uS%cU2kW+nltw0n1TPCaJ}4qABP6s}XcEF#g=ZKqp+N1;i2Q|-z6h$*J0V1> zLlP)lHUY?h7oWe40j?b&jMu zatiiR!AtfgIw^|9p&nHghuCK=;QSdnV4vB>T#OycJ4=G~n_({yOhwY%j!@Hb-zoPN=y9)V) zypmIJP6wqdoN}weL@;NLdQbjlzGm~*oo6;T);ssbUvTC7~--7VT&sZ@)m6mA8 z&hg-e*JEkYYz9hzkY+S&;c>AH6%`yBs)SIs(%HQI5Fw(~cBI#Mqr^w!tjlR{n1@D& z+i_;5xUhhRD034la-Nwis#A&ZvZSdH{)0$)2+Zqt9bgbWuT)do=8=b>@(bk6HTMmv zWNCcN#m|J?cLC%9Qs~)AJX^(b!69m@<6%_6`DI4r_-|J*VXdVhy)ME+p^gSpt0r{0 zZJ1u`ktjp-%PF9E+ltaefW+mnJ9ezdhCO!?g8J)wqM8apCs0r7FzcdhrIzgmpuCOB zK)N{v(;+P?K9Z3%1l9`BVCdD7(ugYm!n zf-%l=1+i6W1!Tvhbx(@_WGy|YGpfkMLPO_Ud5V<~JHvA1f~F<%u*mdJS+$91PR&@U#`TiI zNW+uP#h!jv4xUbJj)>z%+!T!^iaY_Qu7Nn?gsWCAz+B1cPw`YkIb zwHOinNHe-%Ngfz>cmxYHK@woyn9c}B9l_SSZuxvme-)?a7M5m~it`gIPFNYGF)aAV zf?14OZt(f}7{V!5D}@EUL=l_<^mXw_hl)s4g(r7GLSCTV0%|bqf3K~zpLE*ohQ5io zwx=(ZVST*x+Jm+RtO-+^nwl!eFln<|-5>G-)z z$zd-!or;xFLs$t6eP)_vL9R*B<(m?n2Xv6A4%+{y2_kI38H0n_)II^fRd1ApAyLl| zsa$P{x;|CzQj2G#g6bs}G^0Df+}sls2^ebO>nWVTQr+YVS!?!)hj>tGmTNGJ*%IVS z_nr>YYMe9?@FJ@Tb_DN7jLat%{d=o|lCNbb(!1In4WA?Qo=Fz^1R-vrpQ>bJm~s~u z7B)7f*`7Hj?-33M#7kJgbU6lzeu zgqv35@Ou4tgwOlAIHpev`aPOIyW1&*Q>>v?KR^2cD5}*HC7IA&%B^f`wM!T zh~?5HL)smqMkC1MWTOtt2*_rLUR6gFES}<(x8POpRL0TKa-me>9J9y#>Z8UGXBFKNM1FlaH80k_r?qs|-z0 zZ3Ut1ib=rn{U=3ue1)hSZlR8(Sdh^^v^mG98oua#_g)B0~ur#VTtObEspwJeg z&DxlUQ6G&*Tdbnlr9-fi&m!6Y#kk#UluuA*gI1HLcI_M_bFW9BX%6kj^TvT(hI)#i zJAq?@*jxx=$moUO>T?J63@HsU8FmMflLz;OAjU2rQ-|%N+H1<~$ycTzmV;iNFBOg? zdpQv@IU&f2%PqYKp}sn1c~YwxPtGL8QDEdFN{oxkvrEgxrFD_eIy__%CC*`3LTz(e z3;ab-(AD|bg_-5W;^LwyFQor;(!~-pO?EH^`Vl%v1rx3j3SO$aEYWtYAgA$_h93CwXsARs8JjAAmuj?E^1J^^tqQ*qm+l3Rfz+~dyi+E z$2?e_pku2DmxN;)I3oLJpiLH@h?D`4UB$BL2jJq*$e7RZ}hlG^sVG+C@KerBK;UV}4GrmB-`r9S)jBSymE@+i(N%%5o zr1EJgKbfE=783l3GO3N)8#FFrVkHich$Pz4+ZKd3DUhNZ9+obU2=rh>O9-K&WtgKp z_L9+04LQ%oZ3+^b)77qkyPp39O~eze%IZPIL?AlAzFuJ)j4AQi&fyDL&t$RgvRN(#utH>$mSm(l_&wE4OR6LS3HxUYdUJ+`@ScfGZb{W zbxq>cQsLH-9M<2m$aI%fJd8Pht-yc|k31kBegp`dF+Kz3#?yzdAk^&_k;fz;L)< zebLE=$Hz59BBE`h<_(J@TbpFXE9~KPl1Z2e6??B!Ab%MhN+~}kOn0Jx2ZuBbZLSw>| zp~SI*8t9cT*I9eOBasFtT0f4dnc9~lqF5Y=ghz_tB2gZqtTLFuet9!1cX#CHJ+P&&*kXmG4bVqd8*c{7(7I-x>u(EOx%VfE$H;8F4TT*sLXfM=CDo6IC zkFikA=A%2$-@N_oRtLdXOJeF;K^CMbE}@??3xQR*crQlan8;SmlT+uC0T&b@Ljge)-g3pWE;BfnPq!Y_+oc!j55|IgnJukgf)Y7Wrr8bS3s_&Fb|58| zAthjpxa5|a6KJ&+Co>DuAG1wDQ*9Y;D8x;bSj`eP1R{~o{LxaLV!YOE+;3LfZTPDi zC)mO!{%uMV3oC}`hD#ijLQ7!l{D*K_rR!pA^%PhrnguC$sin}ua6__gq4vi$)Zinm zvj^#4RSlfjt)$Bc0~XU}cabU@MiA7|X|U1`gD>RB+=PILGwj8eX-mW=O*H_fXdy}> z8V;X>D#(G!t{P4v(2$WGFd<>QBn5F^$APmT5(|6zWakrYemdM(uu^%n^YX=3R~ zh|AiQ6Uq{k`tafblf0gzwS~llrwvM|b^j!hIa+K!>E^LFeQj<%xBATH`txgVSiQTt zwzF}!Q@et-#H$s;R*YiNWKyWsYRLVrg<^?>;SdJ3$3$t{sBMP?*YqtvD|6aF%-nUj1`w2SWi9{@Cpkf%Mp}_#23%ZOb5!lb=luD(pJyxqe zNH?))?za9*FCNt{frF~@>SnUor{prqRW!S2S4lCl>e?^)JAc@2A78(A?f(7yQ}<`5 z8qI@isQ7fPxV*e{&2I~VdpVw>W$9AXQe0>1u{(f>+o-qvM&eie?5Eq!%=Gm1HJRmF z);6NAW&MNO>(0}&zO=MBGrLfnM~i??>A-6OVy=gsknL?FkAp8Rl_lCsCR0D-o4r810YN$aC#b>}sZjElS#u4x)%LFPJt@kVR6 zW*Ht1A@Dyvkx0tyCk~&be}<<3zDOv(B3(0^F?Vn!ckS3bKn$amxq#@OVHw5WN1F2ppygX?PCDYE2t^^TkhW8dj0e3x7VJ%wXwC678o4w zOkPMh&tQIl8-rbjr9L?FIXoY=N`lmTU6pmI-3}j!y@UHQKIVNur?pN|CVO^!V>`sT&levjNkHu;huvHAw+Qe30+|b4hhSyqZU($ld$5@~&_yeLYXY8O8DGvit zEcS+HuU1eNwCAE)41gWcGOEjRkaMZEg9N&b&VA<0ZnW_;lr4*Uc$PcjShg$<-HSN~ z!y83HIv|}pPE=?MX--?;dNXJEpwyF@;LDF)@LBR+Q$aOF`Y~X%l7&97gCHUGDO=E{ zI_c2Qj0d}W?+1&B?Z>(j;SYoHSXv;Bzfxfcbj{~oNvNe)aXQQza$SN+Lw;4&gCBaE zhNxHFM~M{_wT<{sbTCm|(BPJe#aXle3+`Wc+)Dx++Njx!|I?Z=Ecd5!Zrprm34nt< zGExBWSrIebm;odKsZ>fqK*x~ifDuUpBFAP313J?gO9W7!hH0S{M=R{0rJA7KwcZW1 z^f?U|2t8x+be+0+bEddDJH234dDhU*wX_FU_j;*aiV$B&7L*M2uW1kh8@{3cgJj9j z3UnE-!SFRc7F-{l=AE6pY6H5vu{H_o$s`Rz(=)~C*JxY}`3WeS?^ahR%Q_sfqZ|h- zl2j!GvGyc1AtFXS$g+e`!jlgD?3eqo7ZH{qQu>;EF1!bQ@uXS2Z*n!E*+YPfQfLB8 zjD%y(gvoecWcRR<*g*}Ihj!mt*~1g&KBJCD-B`DfeZbCeC(lXEU+ppPjO9iiT#A&g zSeMHnDI62zco)S4q)}DeL#2baRqOi=_yv!YBk?!%K4SG{j8!>8+@3oljC-++`?ygD-LE!LUgxNU z+Mp$Cf?K#(EyX%MH};%N0ve)AY3@CRikn{D^S`%_!VFUL3vE>Gn-cdA?);a@vU$ARVdwOX(~a6 z7&Gsq37M!t?$UBzjMu8r3oT`{5rNjeU(p81(3Etsdc}A{D3V_-Xcx@~SQS#;82HAv zIj%S76^w`4`7M?-vazVvA(5`l^|nw$pY^##<1?cH@rFIKE?+UVP_1Ni+I#d%-01#| zvW_ZfLai}i8fVx2Nc5tycQt_HuOIi`?ZhF?j=sef(I5S_67;t4g)m&o7i90@PYZ$G zZGKMBpMcUFz{-O39zeLUzYqQKv<+r*G~u{4iuMJwOH1>!YeiI>^IKB(CO5F3dHDv+ zCNGfn;GWBQDb>2qqUO~3K|M$@Lx7LcP6d&}wX1~}DwSj6<}TPjDKKAQP##0;JoZ>v>!xG`3E;I*#n)#z3=R%`?pFr~o=pm?<=4$%W$v zHi{|4WGx$a6kfCus-4UYsDe_tIT#OKL&!?& zdXh*%dzE5(`u-_)J6w9jBt>j)t#7>b`R&cm@30#4CI&L>5R2eJbY;7Gk99T$$qvL2 z-UKal=I;8*(JtsH;2WVRsfZ(1stpM8oquR%9}DoX`rhKq(#+!W>K;VrSbua zA`$LGPvsm(s#*62j9U8lLl;dQnyNJmXS071SHkC4xnuvp9kSmC?8tz1r6D z;-H{{(T)kdXzXM4>d8q*JtoMO+yJQUN*d#yo1A37Dtj!Wxs)(b6lJJ_kU`FLgT(73 z>S(7a*QfTF>TPuo>`KL3#C1d1J~)J&iz@j1%#G4+G-@j5d!0Qe+5=J;b&&GP+Fu!c%}d98ULU3P{hpabtCDeQkQlH`cLga(n=y z4xHpLTRuI3M>nPy7T4#OS%?7o^Y~MTGi*H;e=~VFGm(71I5mqdWE(F+(J4a$*ks*Y zqAld6!rq2JKlnSEKvkFu>huCVJ8Su328`rSTa{ZGuv{qt7erwcQ!vp40vVEdkkq4?#W8U33B5XJd#ku8aAc&A>Y-Q7I83IW+8g~-T zgd$nFLc0;0R3i-ut0p_BJdl#7EwpB9i1-L~6uPJCk^8zl>^5XO7$FKnGfS#P$x~!} zkj)nCD`KudbPz~_j}0oYZZoNe7(_13Oif=(T;vsxxP_-+hKnx6!ouR*!tzX!lzV-3 zXLVa==uW=nDO(7nbYL@pFL4kWN3FI7?K?+F*$MQdi4wK0wmFhzC_DEXC&)1pD<-S_ z5vR3v9Y%z>t;PZcnV|0YSh-TG9x=FE2LMo_1T?^@R7k9lY5>lnaOoZIAR)eF*(J^o zh-EH&;!|4vzNE<4e(2Ht9Jy^+FjnE#1~RPe>Oq?t1!g5eYNXkVY}(I)6^RW~ zxI_wjrwX8W(lb&il5E9aQ6W-+THvQxlM#|S#U?5Qs_R*z#+FBm0`v%=*B;25%W;XxkdR#94c)zh@qh|m ztyfz|1-y`c3vn?{W63%aks%-wn6D+=6^ug( zhd6He-r@fH=i|+IS)F9{W~o{O;})(8%^mlKEP^pH$XC`rI#RN1lF}8R3PP$;k+;Ep zk8v2t+9jQB)J~LDs(H-7p%M`Wf(!>W1jGuIRwISS#}bqR_m~h9yzj~$g>;CHg_QtJiY*Gj#0!frddTx!J} zg~tp|);u|;+yirZ;@~h4kA%@?)xDD%s$X2wT4$p-ZpTOuy+usgUpSsmU4ae-qt~;K_^ZI$*oS>`<~ak@nTl5q4G+05T8eLs|m(l z3UK7DfU~9Ip-CS&kP19Gz(0LCiq|JX7=f@g=pKXy`{7i$R}oGJ$#^=!!~{zq!-%Tn z#=(WX2j`>^yoevE!_VAoa>XW@FmXWDdi^GOhBS&X%f07x^y^D)T!&shMn1vE;N2OFv zsDj98^ax~-GHMx%OVe{pOUtw)DlW(8A5pZdF7>OY9n_QzV^q#Tth^g!1$G)Js^EvP z1~ma;Ap-_(Y7?-JxTZ=Z4!HhPg*)(5L;3^(HE4*&%-auq(?4E1nkuZHNIk5!lXlBh z$aW}RQl1(gyD1E~M0*6N<@Ln9By1uJKW~DhQ9Yc7oL3Z_qI8}&n@aNo!#QycssfPOojqaT35E_S76K8B8Vlr5 zL}HK=@u(zqDphBx7fqnWlVS>`gGswDN}eWGlE3F96`m*?$ovNp)B=rwp+7j=7#R*{5BLJ8#aP_g2eG7CR-_6Cs+AgiN>5M;VU5Rw@+ zNEbrr53pXYMZy$Gfr>&m>c1E6;4B1A z{-u}1`Ujw_nT-%@T#tAcFO{4_}sR2JbFEIA9J$;8)A zHy&aN4k|Df2pGI@H~&fG)3ph6r%uFqK5ZLW=+n2>8oX^98AU5bw_}vm-u1cO4 z24%Vewk&=L96N1;@}b{s@LG|KpbB2?m7)~-JW##pTRBlGMd~UDxBw3z%bn!z%miBw;h`2O^#w3RT{RN)dNB)Gk zOsK8`xzzkvDYOb2dt}Yp00go)?hx+J+1PPx34_{jj4M%hv^_@IXP)UeofjoU&Fs;` zq-ykTga(TFxtlXL=GI}Juoa&T%ScL~UAQ8!xo+5MU0}w?Iv-}aVmxTXi+SuKGvR$j zoX9RaEMwhRT3x+SBw*}l&I2%AIAbfNcMDCHwfbCDm7R?KyZLJ>Ov0>Ij%0U zJ3P!ndTdMbiyI|oWJjEd{ENPXT_#-AD*KY^0&$_n=mtk*9lyneccUcOjS*#swiq;% zap)F-1sSX(k{1SK9?sCF@QPW6!cHi$0z4?hRIuUkmsqR@EQD0T+Z7n?5uimkfV@hd zgYy=;O%vG4=jqE7;E{J7qc$DbpkrTv5%f{|C-K!@3H}FREt00<#z8~_+{vE9BsV-@ zMPHpNxIZLifSXnnb6n;KyTWnm2~ZNOPr?^e#b-QyJ{o{SLhlwzShz1txQoz-h6*!~ zb*KW2q*dJa{2V~>`hquIcvze5qf)Ay#YC<|EL-wO;^74QlPZXtRDwrHT^T(hhl&$| z2&+*VHJ+FRGese1ka5)ogg|p$IfsV?js7+jI`f?S%v2w_@nWlS^LXP<2>W*fbq)gD z@Q`3CkmM%y4DkLzb|aI@6@w72=f!y!C)A zcs2tRAh%+tZB|ID%A>ha4)UakSPsy~fz8G1by5Ie6{9Gbu&1ce{p>>SrAIcRiNmA&5GE}4m60ueK7ll{>h2;kh+D!s>xwA=V;GI$`GIJryAAkZ z17dXSl?+2lhG@w--LU@<#E;c?y;v{T#2tqTX*NJqw9Qe7mhc(|#VUsfPiA#jrkPRt5yWdXPMY|@bZXji-C)M3 zoZMM$A^n83UMHtAo*p(1TK6%cZZto)3RTgs7!uNgr3%TIR96@l29bne>y+>Cl#e8j z^%Am7X4o(QFR6}6nFH9`{YrF9FY}|Wi3$N4g^%ooXX{le{LC$`Ld(Na3aG2Vct5c9 zI<=t8P2Yk?AAKL2*4LR!N-jmz<_={!2?M`zK` zh&bpE(O~0YY0eaG&cQ;HOdv3K$=OOseEk<71;wC-;F#SNazbZUCFZW(J14-Yn67uw z!m6;g#_@xcA~c!>3&fmcJXLr@h>OMwh?!0c7g5+z3!HC7c+Lbd zXtpX;AY;Bbs9SsY)%blwMM^7J_$VlqVyn|sD?i$RSWP4Wc>3OKA>VH0UNi2YC+31E zXnkK`FTB~PEXIx6z7+UvlAoANlVF6nEMQWEDE$s{1XHPa5Fn{ zzTxT+vF?glIUCJMvutAwaRA5pCX$_zxHl$noQ>Zu6B^;*@@aDFkERRH|M9-u&aiE! zY$TrbFJ=9J*y|=+1h+0j-}b#SQ3j1E9&H+z$Im%dd1-cWX=Y}28A!;jj8bV#djFh} zQdu2XP&W3dRa?Y!pF*QCt+2r(D}&jCTCcTpi6JvzivX|P~;Bnoh&)Vb&KOTjIa z@_k-ZpMa=Yy=QseKHW!REOuA?p$XSA17bP z*+q3N^YlCO(!NLw);q$8u2w*S(kJ^0w{Ami zyH~B;*J2HhGU0;TPd&z{+896y#BrCAN^sadsxgKeKg){>O#pqjQGUQn!v|KzpSbw* z@F1`Y$8yxd2DScgJu|Zg4gMNz*w;q0F35A!i}UkOpr6e2;)4ELoSBy2`5FE^!3Sm* zkoGt|`^0o{ZeeleiNgG7rtdw<3G03p3QvF-^?a~YMg@i#bjp(b4L|I>jz*W1^R5k(2D|N0Av!C#Fq^9!xQuwK9c( z=Ibc}adFvmf%UO@sQ3Mkgu_$psL%Z`F3e=e{}=cF6cEq<>Q~;`di^Jk|0Q1QPuzUN z`d$3{=}$cIQ5zroG5F~}{qfrm@z2K|tlnCE;)x&mz~aZf>p$Z6k80h0{f#Gn_~$=^ zzs%lwW@qDx&;Qm}mA`BH!H+!qHSe#y=b!)J2R`)U|Mu5^{y%)A(D;G%ulUC&-}lpB z`M>_+H^2W^KJ?+=`|UsY&wu)-e~R}$^^^X=y(gad=s(#+UC|eR^|#(~>+npcK)35*X z$IkzQ-MO!-e)Nq`{;W5yzxg9S^_%~4?aIghz3==tzx-vdoqYFef8n2e_$R;l6W;x? ztAFWDzwr-$_r2GC|L1=8zwYmU%s<@w;0HhHCU^~T>iQbee>tt zEgyX1r+(lE7yp+}|F7@)yi{JU=&Ap#`@iV^UZ~WD7 z{L-u6@ZY}lcRn!vfe+99(x1HdfBwPmdgoLB<3DYD&%b!_lYa8&{_f|#d;7CKd*j}_ zzw615zx%$Q`SDNr{;&P^|NRet;-7uh&-}`VzxYdlT^{1}>{qKDLtG@Uh|KeM!<9}uQYrpb`f9|LM@Dpdh=tn>CQ&)ay?}_T>tH137 z-~Wq0{$u~)qdxNIKk&Y9-Tac*{j)FrJKy#>U;h&mAKdwgU-_HIpZ)$X8e97d@BcgB zQ+VU&e#fOx`GNO-+WS7?J)ie++duGSZ~X1&{`{xcf96-e?eK@+@s>+p^H1OU#<@@U zg^mC6)qnIU-}3q!?|S~<{=220`#(ST|M-`!?|N|ZnP2<0lY5``zR%lS{0rZ6_`!o; zy7_g#F!RyVU-iz(CqCmF|MM@s_KWU)jg@<*%FjrYqZD`aS>Tzx%TNzrFdM^*{aRul@f%;g|o~ z@4xh>iSL{Jq|LwenT^Rm_doo`FMh^rwtxMje`3D;J0JPXcfI;Y-|@bWU%Rw*@b~}R zZ+zfq-}Oze{oo(GY2yF-oWK4R-`@Vy-<){I&;HSCXFl+ezxwJQ{N26!;qILey{GnV zzkTaZ-u%H|Sp74b@7?*F_UGSNtbWv&{=a|lBU7LH^lyFrU%pd*@S|V-gFn6TqtE?b z`NO|go__MHf9d-U-!$>Refz(f|EAyh^vnPH?WGUB?z{i^)y@C%uRi)-TaU-F~hyYxff{h^=wmLL10zxOlW z@r|GLXTIYb3vYkjPo8|%U;fIkd+rOj-u3(6@M#C1{1^Xy?XSG|#lN=xo4@fJZ~U$0 ze|Piezx#Xt(Zr{H^56QH^8e4?cK|k3?f<7xpo6_-$R$8qup>!#X`y=nrKJs1prmcu z2HGSf=|p^GDMR+&Wp8AP2r7c8D9RENYxZd@Mw>_*Ig?_u#*EKe%q&a;WVe4hQGpJV@fA21f1=aNGo{X;o&-9GzCj zeAaYtD(a>{4CUnd0xHj`L6#NrrN+@u%)50lHq5!Qn9YyH) zX{2Y+|M+Q)MV1t+PWRuPhm#Y8YOx&Ge|;+Iv>X**8H}Gw6?-7Sw3^_?GR-kItPUJQ zGPe05)}*2sH1Na8(;P!0T*y^(ccbwasX$5rgDK*4kY{9hRyF1u8EF}SuL1mkGl&d~ z@{11OXJF1le4r^rN3jv;pg0X4;AzsOxpN8Zm772rc^*bnVK$H+F&^rPPLXj#=n`)5 z0Q}#b6F(*lz&+dqxX0lW_n^evAWmj;bp&l?a&lS3A;TFy-< zx7F6aD{Ow}35fL-AWCcmVfh*pNK+bM#KMs$R6<2KTmZMcC))}Zm;tOV0~M?g7tu9* z)vfznWRBse;=1Zl*?;a;mGl3h-Vx*%fUW;gXHWdU3jeQNygW$eGczTWc3{Qptm zUY+~Bdhw;=D11lDB`3$BRINdyM^0}dm~dJl6+Y$M5!N2o_3j_sBs# zZpuZ-_cnpM=H!Itdwc2(h?~sd3U#@x^el@Fa_R-&Q7JiRo6wG zHx#PYa`CD(E-s4mW_?<$Z*Zj{I6j-eEjbqg6lx%#4loy-O)sH2s%4?)}z(hyC`H}(^rOPS{Mc3`rQo#4twaHW(MG^|7< zQV^ReOK=e`q>eK5yDA%zt42<)(6eFr5&2nrbJd)3_qg;R&O$2O^H4`g&N~5R{$4UT z5t(C9?$2eS#-QHFMHT3|?t~6b6a~cO0-i<(aSD)UBGL5fFVh#8CC!S3(8^gnmP`SW zOsuqsh0Kiw1PcOG^=2v8YKI|-ppZ6Y=m#Nstw7DH_*(srFkv)iA#Uu!zh$i7g#I|D zbg&xWH$u{U2z_k?U2EYPOe#x`a_kEH2c*gJ!GFH^&krNmO5tEumTU35DA+>24hxK6 zzv5fsl#rYKWj(BhRt9~I?(1pgK8Br%Nx{k9$3*L(%foGZG9mc&nv z;iN~J3j1GvEGN$_BsJk$6tqQ+1SlIM?qC6oQ)l5E;5UJfqsFcYMrnp7JSS(rXF=o; zFTv(ARO*dLRaDRp;*X2f#T9aM;9PIp5ikXk71$FrIhlBbumL=FnN=2ky0rfWbq+G0 zgdc=j_rNtYfyq=evZlvr*TcaE#Red;#qdtK*-U(%fE8E^*HlNjx1%Gb z!_!Ar#0F8NAh|iLEeGdHJM79IZ0kGeYeoZv-B9HkQ1}^}fhUwXxJV*EfG5yW)|*4u zjx2Nu!lyt$0auFX4`YjJoEiC1m9-46G$J^`>f1=;`5sggo|Th6){u zX*32zJ+&I~;ET@CQ+u$V_}ylY@zCdLsSYhM+#nvZJVpQtV7l5&l$}HJpVrtD;G=#K zXdy?fn6#*EgZKH=&=s5rP@<;Z7=%@^AqaU|eOLZS3xFzfO(l0|w4_U5U$OrdUSUCG z4|b}8xLiZF8^tPG`6_y{O{tFf^MC#ti~LVzLr4~>fq*|7s6Kf7pSRq{`*HlA4H#?X zV+H$PGeMtLvwevD_x1OCy#H1pthKk5?Ej+&eOk@no@D-^cNvRzR$! zw_cW1jfz7$eT48&=`21S|v6kN2gm>LH{!^3^ zA0NwF+K@UPwzBj8$U&c0>$vavFBkvm}|AMt~v+>>H20ltAAaw$s;=O=>}=%}iSjt&N0zA;29@8#|vASLe& zZ-5Sw%B0MXWA%}Lo3BYXWwD?6&si)~iG9J3iC7{SIq3^Lj(x=$4QV0LN>rS_Qm%sQ zY*ZRt1amxU7qF2BCa{%=OJJ)aNLRfbb^dDw=f4sdJp9zEJpVZ9-Z1u*_5b_(%OCUq zhX?or-08$0dD`LIn$%BdR=^;MfD>K`NB0OrvKq?>>lQ z1tY?#st0>KBPCStD@2+BpDW7br_d)WB2vYp=-^omK$MMK2@iF%DiyvPwCuCG*=BfD z^cn|}WOV^~Oi)TrO&5ZmR=n0I1S%4s`EUzvK-j>T!C^5`A<}+`ROG+J{cHdjL7Xzk zUqgNt13dn^oa9_2?G(D90cf_mrxQGNj_B$~1?mw)q2@wZ)9^@o>jqy4`wi{1aYuws zH%`O4D&Qh1|D9C00=_t^U6O###&8AjPrz03-tcEx4KV--gKQ=kfSH86^0g`aNX#5$ z9!{sv)q_C{g**X=Q3x6ef@rt9&SKWQ%CBi%2wnF zCZMENAmg6qX8;Cko$;7R2FfumX0vuAH=>+1*a6jB-moJ61p z{A9L&1V40H#>!Lp?$#k(jM~J*%Z;C<1$YEh{0VSLPY=QQ;RxOg+-cenxDriSo-7>I zEj``SGFvZlfcNBj& z&C4~PKOR+VSBiMoG8kZ)0KtLk)#7Jdc(SpVzTm?AMakk8zeE9qyO;dw8f=-BEA@BroU~U>Nm@S~H!RhX?xLbpR zL9nn4A`V77Zo7WV)@aUc_8cVv6Uac+0a=TVCv0p~zuU6(BVs zr_hS0TZtPs{2#FlC^f7$SY2$9dTg%ct4mksN_65dT1za$qmnBTCp-m7g6e58wFxU_ zp>?U5EL+KocxqobiYLGi*zFh=}Abwa8y`{;*1DVHaF_Vz{BMU%ZM;NNy_0jhf~JJC3E<{GB%1E7&Vj|7&e3p4@*KMCP_+s+?Jr) zQ5cz22()5)U79*On^HsswT`3DdR02rfELs|lL3|75UFQ@ivS3W4ZRh0aYLk}y{4q3 z$!4wk4lt!=;FaH#|T&_s*2~?!WyuDG~ zN+wI;izk48l2C!jiWHKvQ&`xFF@+7ELP0Aj-kzD73@PLuQd;G5KTcq;@<8kXHcSaQ zX#mZJ8_3VZyl@#R)KLL-6gLEXDp(pq>GBOK>YYoq=~&!ZpJ0lh;;8&-h;)eBfc`8h z_hfT=4<>yU0@Om})GDQFFiC}xE%!&Dak;b)KlNBtm`7D&145m? z`j5ydti}T33;CTbKP(R*zTLP0H7a501uPZ|WLgke+$w+`XFwYwRbU;DhMz3m%3zI| zQn^&bOnS>ulLOgcSBA*AEa450k8GyqTAr4v5;Y-e^FJ_Efjs;Jr)sV{O6EG`jdBUm z)9St64p@6Nik8%8lmV2K1~rpYUHUtBltw)%aC}foMtTABm;c$UOYqQ z!^EfJG0tTn@nx5-xbLb3zF&u{X8g>Aq>!?N15&={*EXzD!=6FizM7V2(k>}w$4+LM0Ry-;`Wbbw~m!}u(H!^n=QTBFsm&teojwt3x zNzSPXtUjpRcV9uLELbV1n1&TdMH%>Fc4jp3!Ktu-f{6?QIQd1JmztwVPlry#ua=S@ z9~BMQQ7p^&VDhlc3=^w@^`&ArtOYDGQlXCkdx7|t&n3aQp>;?86jG@L*-Gkd5xSzI z3CpE@lsx}W;9n92afyFP=3mNQlEi-*$G=1gR|;|kGy<9zO6FG}`^BiW>O7UZB}qk` z7MQ#!%ZbyDALx6gYCl`r&fSepzEQASMVzQF@$wL=mG7FHN$)>btjARS= zDPW~FibAR(E0Wcw-yi=O?gQ-~b;~J>tqdkAaJWT+rGQI{Uj=(o1pws23>sCoI~S`) z&o`7yQ(=3p@CRoOXuO}5Td;mJo0>GUjhb~DNmbCEZ=xrG*hO7)hlwpI|@D{EwC3ang6P6>Xf{h^n&of(x z1lhRE=;T?i(1KC})V2Z!E4SjW_g5{+)PdDgR~3PbBq14&h(}OA&Y{C@dWfZQoB_b7&_v-LRV%o&EVI)b83QLNJ<@s-HR9NJIxPej0d?O5jDe}zN z>PcxJ`x>$!T37{`wN{TbT@yklU;&C6rj!b69iOWp+KiBEq~27AaOl4|IB_4+_sCQ(2Ig07y?WPqF|v(BI1#=~O;6X;0B()KwR4J&Y|e#^CAh3L26Zmb_ddM7+*k^kdjMo2(nlY0EDVFeXl9j-X4LBp zrU#v%x5C{o(A@`yzKSMTJyF4C)&4X^HdD*6mDua^jb0hqDr1%xTBV|l4uiB(r}xU! znbf4GR4DDj2~pMd`S?Rk4#cV|UJ{RNeMzq^Owpu=gp;odntO^oC5=4}xM0g{s(Kt& z8yMiuP_%*_wtX7%wbTaKU9?oa;Ncz_80d~?%Dw#v#MN6Pl?Wk0_2C|f$S-%uS%iAk zU1l;v#i}01OSIU^GNO-6G=RthAYNGP3e}K#V8-N2j~U3Y$f8srX5mYmcF124Ma*Lp z|9>>{bsy0P!H-p#9vDsK=_-h;`3)07SsanL4s!!BGMAu6OQzbq97qs#xu9yudTc_1 z*?<>tMfn-lxITO|88Y1wIEIY>bQG}>3dadcVm1YDW*!oE$~;v&=`d($vg+n9sP3+mGj1 zSyY`5g=5O;lQsF+SeOW+JYt1MnJo?E>`XNq9w1U!Ka)4ZR7cD;8(+yu0eRG@(;}jV zWKD`h)1mAD%&z08Xa~-D6Ed8E@@S0|9Y$@B%|;Y~{TQqi3j>A2i6BaWbqB@uEly?n z%mlMsqnBFim7ZnvLJSP?e=4;JE0QtAyC6k)@8d&^qiLsdYxTDp z&Ioa%qavYp5@o`9;k&HEA|ZUPdb8_>j$~?za&)yzMPgK7ZivMtt`Nf>XNEvcZ+ur! z5(?BHhbl_3faT!HD7}TKJA=`arz6}06A~UqDF%d&q*AGAf)2PLnHqH}<5wEoDalPe%e*S@oIra&V`J%g4Z*5;IwuH)OFtdQx zcp(azF+(rJ$RZ3#?KL(xNAIPOGc@Z9{?jApp@>nK(nV)F{}LuR*vnh1sX(78UVLO&^#b0Vu$>EWLtm+^hO9X8iQBl^RbpmMdRy( zs{_1@6qoE3r{v=BM%=?m!5SkGrfj5(sLKe!!dDNE zG-3RhX0fK)Qf%E24vk({tAryiF@a0SHDx0SqLy(1`iPjCqu1!+sfK3skhq}NRYEtU zT#e8TLBeg~Wc@!gc>W3U42r($blJ6v8S%{I$Y^|w0l|Le_1CbpD@{N#z+|=_DX0Y` zY!cQi)VpeM*Uc$R*JNt)b-MIg1vm^8*@g5JP6=1x!;Ku_VKU@}RAcdB*-b&F_DvJ#A?h?Zx(@qvXU29rw2UhRoX zX1G+17Ikw9)df&oZ9N|~DIi7R0l6lGP;tq*Imq@eG%vq~X|1EZ2$C=@DWKzNJ`lKpaYA;X5o1cVKZ@$q(HIuf~idyI8SrM$L~p>YFa z9_n-t6($!hOs))CmkqY$JwX3OJ3U(MXrTVWvtFB|eXwV;Czt2R#cNPjg{oec0Z9#- z=18(YLNZ)Hkgtg8%Vb85Yz}19eK4;7P+Kn&_6MZsbwg)ZBd0tK?3J~;*|Y~qYHUF* z8p0mYJFm)3*XUCC33*ajDYfD|=?+G|HvCuc83+(Qea&7mR}}-6{%ukViE#C?h_3rh6?eC0$2>| zh=ciCMR|FP<0&3>q7?+MSk$}Fw>we6en0IeEpFMA!NEM%D}qD)>0Ed$7*p%fAxM9hjkj7`mppBv_(3=1C+g}~Jap|p#iUvxAT z;SeIB`Qw}@RLhaG3zMvP_1+b(UdrkX@#As9(FsZM<{UF2@kI$VU>RwM6J-f8AyRQu z&2_KDYdq-(mfP&JB41d3Pd~@VS28h)Yhk!7T9#Gai}0s0eG!KZ;mq{=(*J0V629UR*MJ z4Ngc@#w83CGY(0OKn7qrEM$r6`+>Y*l=o)Vl!fi7(9;q6wmmZ;W zX&O^u-{iQ+5M`pb%YgpT^osCl;d%}!a%u!p*Zj090hCD#U_qTBVEHI~8L-e&(_jHu z5-0)y7NLT8I$_@bs~Q3V!N z2pqP*7Vrr8RQvlT6gv0H%tc*5D-@R_+o>#yD^Xf_oPgmq4z4OUjXzb!M2IYXjm8LF zI5{uk(nAzJE@;!++h{~JTUD|;Gek}$*=b7=?x9Z4ML=#%Z>!ZjZE(v=?k<;sF38K! z1>t%kUNt?HG8iUqqe^3-v@I6dfNAw8LQZ9y_hgzLc7F?DLCh~GH0lI)@QxU?7Xk)M!&w0!87h8dX zIJB22R|>2#SQ#nWAo%XKHbXq5Xdt&4CT?KjU_mb6r2xJ(0559_963g3!?CL|f2_w! zf}-V#5sT!)INbV?iMo7dx2MFaFdA zV6QN%rIeKyt+&=1ECj`*c;U7(0I~*-c(-t;`8xA8Op_!HO`NW^9?9#P4{dNEB{e)M zCT<`X9~Kif0wpK7D=FfwG)i>cW7o>_-^vzA!w0`Mi9 z7K8D_TJa#g#2JmbYA(Q2t^j%CjsBE5YPDVLj4-4AKV!chVX-J;P?m;PwAtVqR2Vx| zEvB7%`3DY-we7l0eO*2brfzi)!VRQ(kVsF!2{Isz48m4%D7X zW=QnMn2StANMGfKNfv&n^lt1Z)iTO97h|`D6x4ZEsYrafV7spn^ZyZ2kVtVJ1@CDL z;)?9ms>~H8Y@~RCsR$T!nDjq3{zMK)@wNJ|Wr(R1~yS3=$CiLnPI+Vk$6wGMSsiKoSN?E|>dq zdQAcJalsqR%jD()w(#me_Cef82pfU-wkiT@K@d@(evDcA5(KVF>$h7wzA_PIWzeJn zC5+<)mBKvzazzIpwS-p%YDSs*yP~LAap`$F71VKvnn&Tkig@~c%7m10`|>UcaC7*3 zBVYpM5|IIbz`lqqjUHK_n9N~F41j5GZZQh+F&}x_z9IiVM0>`DBOKyetsyYT5-KtCFE#hC+)`RJI&<){kbXhp3C9W2ZSPLCXR;2dfI@U8;t6$u8W zMNt-byjYkn`EyvX56WR7GZ6t|2uU^+BHRby$w8oZA*VqjHkDx9;l|a0 z8z|t|Qn0T)vYgXs92-f<%tvp^92PPJe>-(l@#Mk_xhVMUR9rab1VSSQ5mgS3>Qti< z0bw0ez!R(TTUgod2~qm|e)GF!Rfd@-*uYl)WIWQoA?`rh$Ac68XM+%g6^@SZn?uN~ zJ~~6Ewnb;$k3(0MbejvgGIaJPboRISi)^Z^h39JE+hLm?P9c2;>{&Jn9diP+A^r&W zmVnRnI9BV)YSLor_I=Kx6}=EQl8Z;qHq{)#ai=Zh#_F&?z*;mZAzcckl-1cp_Bj-! zqdDfN(y}PGmO2OWNU6!8zCvoG?IRTe=Yc~nGy`ENzD8{alFHIJW1$fZ2PkM=kM@9B z9K1p4e6bVq@F6M|4M|m6&~6kUp`ejmEtQ%^w-f5mm=9h~lSwtu45%_5mm~VZ=zH`+ zMHpR?+Mx49imn+>JfN&MSA^4ppgKj>-)DELz;vIryWcWCJAUD<47 zQ8R8BmxLf7BUEVAUvM4jDiYILLqB>bBW;8@S_BMms&r5?P%OSe6c7-&!OB6vZK2g= zqD4?vA^gh>)8fd>h%nf`h{xxNFk;=gEVvXn_#RN!1{O@hQyRP<2rf!(!r!M?8B7$C zAkb8}RPi-NL@+#JGR21g`#_y>GGf#^v{K@Rf~MvgvoN|5oh{Ma3>DlmQN|E~oMc|m z8Y!_4$`^I$0TRcm5z7S6qK+b6bOs|X&(OzaGN{Q>BbHu4iAY>#(rG;{DD)V?#n@`*miO}~Ive0u8G^^7V;9-ij9j8YmjT8) zRAtZtsI`vdM9?THC?BR;M6?k#V?3R4bJ+U`AwVoKC4tXFw#X(|17WY0dO#wFnBg*H z1Ty#%k4VRjpnWRNh)dChl%>C+9GjN05~x5Hjx2~6Af-@>;6MpEC(wzl zs_KBp)d6+1ohUJBMP;*%Rz`3M{f%5$!T^q1WH98RY!RAyE%Il=og8(h%7f+6Ba~}= zu7=nm=oPDGK%~u-m79}lq`EogdYRE`MDKxe!oQlX<|1@CV3?FY=#FxMETWR`Lqw%n zKt&*WCRGDt^cGvgGTO30hfyS!C?8Km_KlyJWRLaa&=i&`&>Pk0TVi4bsf?)bss0}(Yh{#= z2a!+35Npnyza|R4<@JO6=mphOYAg(e*sY+Y`}FAV^hr5WIzt&(`q5tf#-Tc zuH>_GAPo}F=0Isl#56+T=5Lb5xuUfLlr<1eBz>t-JDVO=C)BR|hE%o}pm$2MjfLL< zOAWia;kM-`>m&2^Me~x1Z9FU&AQ?SDL2oFre>jdk%veHypju_Q@tX8}5HM&K;JhYC z|J0L);S=mS2%XB$LahO!UU&m6fN2=&tSF|D$Of92ttl#kitEV@&}A}hMMvx!cqo== zK&R4lcM!*1gGXwi2fc!*B778XX4GE7*lJ`A0CS;=tJ73QP*!kTf`w5>%8!oEFQgcI zp&Br2;i}U@>kyO>W&`REd?%epRVR8w`8}>|d;b9lS&@yVQr%$)xQq^dDYQrn zflPnU0S%S)sAZBiM5BW_(Zo^rW*`!qMFtQAy;uk%$jhApBTHs3Fjl3_MZ;XG_Gd7< z!ejzOg(3<(C1WLBo&$^`ECmi*85~VW%@Kq_9oV#4v?B{8jY}bhI0#%O%3tWoz)9j_ zolrU3eX0Vb9>m)6=!{p?UV_NH9*(v+8D`bIwpg&Od`o8XfXV<8spP~EaC1LqbNk_1 z#@HAnvjW2qi;ZI6IfBxQGJr-HN?_AA0*~O9041aMu;5VFYDjV6eZpWe38K6SE`m&a zlpITy{cx2+0g`L2|1ecW;Mau^O+E3)4TBZ1fcokPcftLkRdJ9(d3zGOhG;jP0#6jq zK(ezaHzA9PEUUF(Ftpva%61HtMMSFVFzH7};s2`a=;K|fEfVvB=tYUpM%dp>Tm+0A z2#3hw1|n=3oVnI1ZdfX`8P1nnP%;wjOj%G!(qP$!4g|@O&`q?!K=ok;Y_-7vod+JX z3=`x7c+AF;$p$8LT^dt{NJxZfl9y*F6N(o_dGjQq)-&)6I-_XxAgf^l0cKvIH1ua- zws&Fi9@!d{d(x}b1`m_YgI=v|J$ND%Et&!{$r0^9QxK;JQG!6qBm7h=WBA8G|kz<$;++iNf9~mXyaDsw##XneuHh zVCJ&5Qji5Qh#@L4BM+QFkc6;!l0PsBBmm-=B9z{pEScm**6JX>@FpmHLW6H6yYTms zHJ-=H{*Y9(TrwnXgerN~5qY-R>ME!+Z1W^pRfjlRvyqz7ziqjQkIcufQVI$XGE&3% zAC!Vfoyj8t1T+x^wX=l<)S|@*kAhR1OoQq|HIY1$n8D<;(=iv()(Dx>h~!X%AcnH6 zOo*G=s?44-ik z3968WNqr~6sLqCs6r3M1Ebz;i;9>!~sbNq8!t#zzBP^Hj>ab=!2yHW0Z()zgDddLc zmUYa;l9i)B{;3lRYKsC@pz4DN5_N&Ae&~o+iLReaHoYJ&2CnB!cgu^m_R*9**&XtG znkVoQmTOiZn6!EoPZB}V;N2tKAq38Xf=)*ARCMxI8?fU3Zkh!j9#(B8AQF|PB@l+5gZs}ZqIyQvy{nQz# zh)@U%jsds~_Yt`D|Cr2bPADPUSef`N7QBTHSRTrxu*j%nddL2#ml33K{A-DG;H08~ zRIG|2IP%Lku~xAADHe*qUkut1t)@{(9p}wAN*y{x3E&hXq(tbN=g<}Q>*PTL;Cw?^ zD#!>B1hH|%o~-95eQ-LDMOvZ@gwRBmMn`yt%_kcY6eus)oiw0ztnOpBs*nt@a!RI? z1<1-DE9zR`2j@QvI89FNFhD&WHJEvw&n6DW0$ww8@3V{w!bqHgk%FvdUL>=7 zftv;*KL#zn%rVUjPVh1!Rs;efacZFh8W+nd31*t5UYk|aB)$z!4uiDK&TpOL82Et! zwN^+Q1JvNY%k<2|SRUQO=FW zLLt5@NsWL8D2_er61+J^Eknv2o+bFo6u!QGRPw4Ud7~o}O(i`@{(}=9v=Gb`JqrtS zbZ}57qKF^BS-X&oPaYT^QJ1hu(`p$HU}&d|iiibWBSgYV1uWEOq1?4zPi6v7NGXt2 zRi4xvnlC$00ZO_uehM$XK?4h!D;En-aH4q-E-pt;Ml}|ar=;4(wR)T*1`dS0530>d zo~i2+v^gwXd@KUM`I8ON0+mV%Q$Wkoh<%{83&aliS1N#E0>wyZ(3w4xOVE;urdEN( zi*xaOczZvZ@P9#yGpe#-10v~{2_d}0OYLPv4}}VvDS8T)s}%h}2qDMm;C}_ncIT4V zi5{rScjpo)HXu=f;vBWec#~-vb%|yKErb@L4mJaxpgI`6#;UY3Icg}#WspVqPT%F} zozfg80BM27fZAER{8dmLY@hpIK)7lE4thFVu@GS@IHJ(nHCm5&AwZtd7`t+ zlRscpi>@$Z7#R5zv;U}vdYP8xe10E)kx(O;$|;g9M)=3N@`oJtZOc?<)C-jvZOX19 z(@pFF&Od-95DE{bv_j!g{`4rCC5#`4w1HNMEH;zQYfvtPFP3^%*5D%AgLsQYtU5c7 z)mV2oB1p>vwc9iqs8@xSZ~N@2=2?)07E0Z;4m|Ka&Z)J zgwRVWb;jb4z}Yx0f`Gx!$fKjyA^m}3JTNeBfd7vf5)r`W&bcO{zAH?g@JrGV*%Y8B zq(}(mqdZ-uaE!ymh$K2BVwL%G=?1e?Z}h;-C2L4-CNv2|CS_6VLz!49rgIF9h)7@$ zrs+jQCD7a=(d!JhQZAw}4Qvr{oUoLZ34B7XjgTcv8naL!!i&^IYxTz*fLKuo8B?`w z1E@e*h^Tm$TaviFy!#*j68=$|Yz5fI9|Jn;e3^m=L+S{GVZ-Y{IUvynRVEkCYPGT? zTXwwolU3$CQHm*M9wL5IDa;;9jc=W7|t~_et z{0Uo=3?&bScoyOs$S0!8D|1{VA(g|(xgco@5zp0US(Q%JYG=f$qR|Mo<)&jYT+yGS z5Es-D$Uy=UpMx%9FWajB0(`vXFr-!nA5`W8RU;opl*bVA@zxHE6117*I)bkd{~A45 zjugXOYrXSNa0YM50!BRU(AYzpgH7v$b zpjoK=Y^en!Fe0J^Wvjgk)!)SmO}3k1h);Z2QvWD484puN#4^n=B9>SuO83hcH3jQcQ)559@SH^fRR=dV)Jc(s} zjfFX>hKL~$>w`lDPfd< zP-W*rl8Zrgd!E|S=7@RM_nj;JXXDfcv(mw@x=%8jyU>DzP9f%w%`oHu#Yj@9{`h?E zzR~spRw+8%GZ?(u^CiKI#hV+=0Ja^QC09gHOgba1?8p+v(%*wk9(|z8>SO|VsDE=5 z@@NS%+%pe2D8ms{I#3tbPMj~5!pelRk;~4!T&*Osh%;1U_6+t8{Mw7sV>5K{wexsr zEMveGuv({$Kxu|?AyVWKAW0I{r`1|F*UD?a@VHJML(omwmGpu!&eh#j$U>rbnsifE zh&Q4Gg&HM33Yj|vP@}g&h|C?jiz(L_B6k-n;Nv^g9nut$Sw2MW+7mU)6UDi+o#V+F zFY*BANa!(BY4%x^H`xaoM$kssE$sS-)vv%~>n%-Rp=;0IC;X&_Q};k)uc;GYgL|9q0aS&SmZ7p*8rSB5ht zopNCyTq1G|5w0Y>TOw$X;;KVhG1X8p!468gt&Za@*+QTnf^3ozSx#kD7?}F$vb4NP z8y5$~nPlfrYSNN7h%GnM`=iP%r&G@ z^hG36#z>8Xe*@9x1TqxKFli7`l#Bcc+=$!w&@_X3EP0otMzrIDgOu_uhz-F#0OE<7 zh61F86+q_(JZO=Chl-QxVMc%j0j?=}Tpr?oDXfzSB*hdVS(1-x!xIsV#H{5RP~a&n z81-jRMO%e{IIu2MO`@(~ENq$XM}Y&tSbR2FgY^)xq4F@(Lb@u4Kx6}2K_MXy&A7C+ zI$eg?JeY(Df>+}w6~*bT%1l9Qtm3d*3BqOMXIL>1)@5TOP0ol?ru3M(8kDqTa-VqjI2OqRydm7U50q*{At z4eZJ~jf>sElW|PdWPW;hNM)l$M0SM>Qc_z%#%LpSs13px0(*`~s8MMHVhGg-tU~YP zPl;emui#`-D1ptWF0{Ng|`_&zmKk;X6*Mh6@M0%ddS)gefZAv-)J z$iUp{4hyr7yBwXTAVXw?NST=s)uqZ-aIAa)IWn6$Z}dDUJA#)vg8Ko+qR44?pMY{> z3Bo|RLs$8%d|-icM{f_?Sy`E@Y<0ED2lGQdjC+80xxwgkf$fwh29*yL023k_Xei2! zMR6sNkSbWB7d90e$lLkAPMIN`Kd4MAD*u_;l6fx6b8R7D4|_@_0GJ(Kn?|7LTS7gg<}bBI1fIoYCK zAme159RI`AB>(6CQjx*L+B22qz$rRYiYh&Yz{Y6IBf&|A=4prvmXMO;@8`>2(cF){ z(s#bzc<=A)tMEhou*_Q`ll#m46%tPNNKdWi%_PGcI8HK7t*!D7Rza=GEB+^c4CYTp zFlk&k?Q{U+6Go)O4NQ(oQl{V-Dx(G}Q(_Ym`m@8vpI~;1>1ouc$vvG0My)2*9e=h0qQTS52%(gE8NBkfDH%vANl6=T z-Gvgr=~d&I5Q#z~P?K5ihb`qTtMHJtnZk?i)L;_#tI{n!C9Q1Vyn|iJPm|fQVGRUf zG0z*807h&CTJyhx3>BPzQZs6F`ZAdh9q&rdKk&xp{CoR*`$#z78l6QYgZ&>r|CQ|j z1FM;;+;ojD1#w(jH2y=J2&tMP#P3J{<-{AT>A$y3?(6@U{)_Od&DWT?=zu^~TS*Ja zeD;`9_J_A!|FpN0Na{)4>1+C3QqOnM+->i*Jhy(*`L1I-zPW$@(n0MrLq6$Rw6*@6 zCl4PSx9rWYc3kpb?UBFY*Ncv2Ix?{tv?YpzTdrj|tWb?F31wVdP zP*QsAg)=^lJIp;fsO6aUjT;YeT^|@4+dL_*D+jPZ2N&o?WER8f!1f$$aJ+^%8x()e{!Bezte< zz;wy;_4~|B?lW@q)2Z81gI8s!ix#b0x4LA}n%CBE=>F`aR>}q=rnMRwG3DKv10yuK zIb+8iS*FQ&dHtt_1>q+*@7Q|by}=D%Jh<=OhTrWe%3afD;o47EeqOL-@rhO&gW5m+ zTV%bUh*|4fL_YuJyu~A1{`T?8;%{1dj$UP$ICKBDgc&`QeFi=;GOFw8h~Wnh1Wb*5 zBiV0M^R)AOjhml*bIyqAoj!h|`?W@EgQqO{)=s(gT%V|j)5G39upR+nnErAA|EVPWaSiKSDflunygx^iXdwr!9XZ3R<2sTsB4{{tg1orPx-Z`&Oem=6qwuf zXx5=N@^Szweq=LI;C|;{?&n|j{CmrNy&uc}b%G-N`EM*4ESX;_A=#fj_1Ljvy!>CE zm;dQ^NxfK-|9@z5?T&CQX`DR8%y2^yuW|97^s(+8=DxGha4I`! z?b)rSe!E7zczI{udp{Jter->|0MC_YzCKX&zV^uHw_ko{;ESL9bT_#1p!N<88#tss z^K9|tQB(glY5K&O&*wWelq|GgC~4?4dj66|OO}mTxzKUV@?qLd zmh857Y&c?PBS&Y))k}x(l-N7(KbGrYx4zYGySc+pz0~Mc=OgwX3_B$`a(eaUAy+QG zX@5cTxv|0e)y^k&H)!)>OG&F=e_7c2&iB9lw&dS`e*Z`G#%_5fEf1$kuD;>yrb~(V zSL0vf1~eFSt#5(Tf3AP`NAtBIbN(vrqdj`J>t}wW-TtMvcWAjd`uVPDe;YsEd*i)1 z-J=>O`ZsG+YT4n|9ZaHjO){AXBKjr6nerHIs!!@7l?Id>2nL+7o4ydlqz2lIO7+mkR z*P?}+?L7Op$r-RNqlN!#OAmeZ`Eir?(t~4{@16c?%aP|6_%BzyzpBq4onPzp%8%-~ zfw^z>3H&A}_V8W3$>|>d(WtD$IVD`bSGSthj9T_XyZJ>Ma=*UnaAoI`E8V}E?sIpmwAFn)+!Q)p|uno8vxr)Sb7q-{914zT1?365Z$)TM|r5Qn%O{ zMl8sDaz=YaY`4jZq<5qv?PqR%@&&(dzuqt}y4N=w7Y!Nv&8B4;+rQboD(~BE4PoT^ zzhRPF@tGeKS^S9dJ|IC@pd~0M8EN2k>-vrhFm$R;e{lB06S0VGk`M0+Ju=Kab z@?Tvb954SJfPS}L)c=;3F3%`6JMU-`OwOZgB=t*UU-|TJ*}M0Z^@fZgSub{@>{NEI z;U8r6=$GTUy8f8yoa`1hH6zwq{6y?XoGXAk-8&TG{%`kDOsYlnFlo9mw) z+#<$h;xiMRX1p+K^0?xGEvGD+Hg9g%+4d_}FK_yT&w#%CQ#ycW1;@VAW zwq@hOm+Yp`-F@RU76!|IUSuhdy}y*tt(% zy|(r9^ZP!!cJ$**Uv&E9yKmpTaP;Q&FVBB};*Fobzw+l-o9`}bFg5dqYkdkYZvD@% zLtb3{div#t{jwcejER`l>cYz&WC4=0zz&yh}fZs*|^?M}`3wB@yecw3?=HJ-y~+``1QheYdUO zi+fhR61+mO?cGg7R&EadI(Ky3yb-5HhdljZ_j8AhN1PV_b?1kKCBwelyl+B6w~H_J z@oqk+YNPzq3-3$NteRk2ydoq@+x?Xhk%EunxoXpy_ zX2{ItFMY7`m0roaJ5TsN`;{gB{fDfWusQ2;u(xx&e;+z@>Bi*zMu$RH{r=M@19nUq zviNSm$gf^l+I#e?Ejyb&`f$svc?<7M?X>;tNgoY)>$QIudfq;=Va?}zU;9tX(x2vU zSy^DZd#H1`BpnA!WU zce>kqH(lOsZeq}%>CO9fC{)`I(LNzvJgDudO^ah&hDu+EELz@uap$RpJyvAw8-8n9 z((%Ka7d5@SZPLn=8-bhF8qW{kxMu3RhwavC-pa}C5%GWE`ZGUC#61O$)x@_O(dHCC1{g2Q5a_7;a4w>6` zkC?e*&*AOEHt#Gxe`V9IpH?lo^2PjE>5*;w(#Hnw+<$UK!S@?{&i6XL@$z%B?M<#e zxALp?PZZx9w`aoo{+@?&kH6>H@Y^~4Up(Tw=*W+oe%D^^wd1vyI^I6=+M1p}ZTjZ# z2|qOY&j)8;+}p-|!lYM5gwMKp;!5<$U9Ugucl5=RdvDzP`PhvLY&?>{GC+qkB_DpCakKfKlw#)hLT&(NtZIS{0Km2wfF~;N0 zhsvQjcP*fn|2Y278j7{^p6CD1BEDli{6D3o@cF_D1TQc?n4ieog6(-ZfUdQb1BOnL zy%5e#yP3E~s)^qE-sY!1-TqS}N43Ph>l<^TJI<+h@@dvWT#C9hrdK0cxNUje$lZh?i}M&^UN~@vDmm zbURircV6sU(qrAlU%yyw)5a^{Mpt_byH;iQ?AGIXc;A zdw%OS6Zgk%`%AU;=6uch@JoMXxkv5}UXhx+{KHwZN*ZJgSzLG^c44Ak>bwKDiue6`esHsh0qd^L`?lBig#KLUWu z%Kr*Kx%{#J*9^bfe8ZoAJBgj7xKskS51z%Jc0uZ=UnKSFMLrJWs?A;a?~Pq!=ijy< zk=2s!cm5T!a{S*1F5$=g-wKAc^_D;XyCjYj{|Sx{5x|-X2=SlvyQE&S;Qw89fcbwj zB`zHI+&jY-Y$+_+ab@3g9Z&3cKYM8P&7w2+94EfK=;z#>J@WgHF}Cj>y(K}j_^VT* z|M%@L_Wk+7z#Sib|I)pr$NEKWZEQ8it*P^$FFJcGc<%kqzs$#$|NF|32K4y+R{+bJ z{)*1Ozl!mHcK9(qv-Uma`!x;ef97~KcK%UrJ_WTw^E7Gd6g~2_be0s5`<#D;qFnr! z%->u7`25!e#_;_AfFz#cKVkVN5ujbWQa86!PtQ_s@6x2C(u|B!y}oq(_|jRkN|!G$ zUA3xo-MZ2jUo3s&jnWe*U@$2C=%doV{t`pSs+zRmM~FxKXDP?A_|I}tBB8wJpyDVI z*`;Ii26S&crQm(-tOic8(w5V^b54^cocSrDO_TbKA{*6j;`Ho{nKK$TbDkSH*SXo) znAWW$mM&jrw<3Azsv&EVHmqJZYeZuQJLg6VcH22Lj$Lzb%i2|kCX_^O+B&SI{my7- zJNuS#E8boA(&|@V+q`7MyDQIK+I;%#<-;F;eD1=P8LgZfoQ(Ryxz(v<@10rs{@J4! zU%LJ2#UFqE{;ywu|KX$8Bf7Vq-u!y#q$!OYo_zZ4_dn^Ic>QbN6PZ7Cjnw?q;nM!R z7GorhnhxvH-NAX|f*F7GD~%dZ_}sZak`Y(bcL7N99?=l<)!JZo*I4n<-IrG9@aHFN3ndy?xz-a zeev*s!$V#Ap6;XB-Ex1&UF&=z_9wsc+l<{yFRaQv{r%nBUwv{|yP@gq-fCTDziihZ zR!`Xc)w!6dzj}V~r~mC6XH>?vqZhqwycRp(wf6^~w*2F#%j=p=+xKtdA2%-^Tsp&g6=Y=ep?pzR5^!(May;2Wtn1A+MWcQGbi{5&2 z`hf9{H=c1^qPev^YxA~SE3#ku=GMy0aPF&Brf`Ytq&%0dU#+fptEZhJ>h!71XY=~a z3zZZ%4Rc+q=s6@y;ut%xZHvOIjgs?r`+hrhbK^;APfVL}x92w-XLbnvHgc8cpjpzb ze=prGUA$tZz5TwcU!B?1VxOPO;=ey1e}Ce9^pQdK z>HEXu#(h&7{c4eM+}0TP{yX*^-1pJh_@C4+gAzX+-Qm`_gdY~}IuP}X>Z`qE_mgYep_@#--GoR?=O94NA@Pu_PskNlxDPhaq9kqU-aDjeQNj3bKBjMzi792 z#rE5;P6_hU?TdErq)0C;I=%Ch>#R@h-+Sh|dgarT_9~XWKka((ukZW3H_~|K+5epW z_5INwYJOYA9Xh(~-2wi)eoKpwS$$yn$@PKXw;i0nZT1Vp7j9d&V~KCUhQ&`Uh#$Q` zHLJ(ZFLye1>8ZD_@6GYd|IB0h&+2gtzw`TK;=jL4U3hDJle=S&*6WjZJt8Qs%L|83 zX83h^Hf_er&z^4U`N@~<{^R!k_NC3V+qS)tP%=^XU;j@Q$_OG~@tAWdj+IU(WlzkfZu;fWeIf>lMc z{y+ciQTRWL@<7@&%E=g0DB2?+h3Y3+5tY2|wazhVapRblDmwq>JcDwekA9*?Dh1dHhB_99gKR+E_ zIB(Vz&oQ$WKkc&M$hUuObGK{M)>-Q595AMJ%T}LV{wO%SZ})E9Cidw)xM%BE^MgCI zZ(o>~1Ir>?6O#kznPudFr#rNdmaN@6(WxX@F{R0YPGd?WzbK?9^v_=pnRg;=z@Sfh z8qPP8H00bI+BaNx>xkcrbD!up@05c?7jSD=3y0QACxv!t7koK?;=i19c~c}gdG-1| znb)C6YwVzJ_-wl=#SOJit@C=$(%MhXZ!^376GdIt=%=pK85ido>$Pt!?b2m+_Vm2^ zjf)rPi(Z>Lb$!CL9j?yOCM{bwkvM;FPI6H)B0e^-{iuldB`q&qYw}UI5gFYBeI=iL zbmQEOo9AxzaByh)$K6(c-TmX=o{_hYES-DpHOB@~Z*I+>obtxxzqx_2Ex6E0v)Vfk zJDnxxieKO&+Hz;dT=#Z#UQ-&?N?~_1dVc%lFM8`GCnnWv--&xOvECG zVOP&*;Z=8;>KpF{EgeQ?f4oofZl~~Or%lHOZ#}n35qH4eDfH_%_qjATDPy@F7dD^m z5K!Ff`mL!;5*=f2J0;Z{b>!0e@tsvBx0wf@a7_7PcyXlvi%$KXEqv>@)T^_KdVHGm z=a@I1Z;<5r^{e&n^i#gz+%_HM^5jk@UXZV9@ZN_b7A_k7&HN>|^S=0Ib93eAcV@5a ze(S?+7b5$F`hFR|XIGQ8XB|vgH}gVfJ(*R)MUQ`{rEJ+~{n9@hIdmD3SKxPa{Ha&l zy%)Cdc1a)mTOMn#zdn4_D>JrTa`#&>exy2P#pwRuL>()Yboub3PwGEA++}D&+O&46 zgppm9E$!Nx_6#5E;c>Eq078{<#$eJm5gs_H)Z*qw#!F;puDKGOPo0L ziRjL;8DaJ()*VQ(>sGY5UbI8dn0EcvPkZ^8MEUHkby?3ItUp*aKkj6={N(G(mU*#; zTxDbX#A{uX0~NW+3;td#yJ%O^LiTB4myyGZGlzcNU`>JP&MnEZY`@UKc3<9|o)!4g zjE_|Fa}Uqh=+I*c_vt9-l0(BAanH5C*n0jiUoUO z3+&pj-Gy9Zii04`~H>2DF=ppw_=8F?4_0Cl?QLGKG3pH z$1w>f125dLYaY5sYxlBjURa~Wo!O?@T;a{MD1!R_8aE;QVaw#hDQ=%D!ClG*{T5?ZzJ_tbJ|A*@%WO?-_9H z=VteQjOu-?-h_U~BVGSB>5C4Fn*Mphz1f`pQ=amE=g4uhzhb*ycTEG={c=?!}-Sf^(f?j;~+>|w? z3ca20R!JLsy`=qbJ?y7tUvKj1*>--7uQ|86;-w0>TiobIrld*MnCV@=C~p5&bKiS$ zKjh6h(&e|2`kDPoPIS}-tbH=uZSoU4&phAw{Fn|>uDI0sz`7>UO6fWK61!u*gY=Vk zq_qFx?cxsmN?J9~lGwjhQtb5gv?nete50A{Y)QlEUNd_xx>CRWSqHzov(uvnOzqrw zUj3~Xw>;b9i_foJX+N)-lB?HXda<4R7(0jdT)nLuTQ=$*^X~WRV`Elb;7TQLPr56= zR<9s=YUk%-?V8N{x!w}xoQ@X~kKR)so913n+@N9TLC4^0W1A;7OCBA)u-VzEV>@Rh zPCOdgA=?4yqc47M`;zz_2j{qGw@&Wpu_gYP-H)M94*%lAKC;D4LnSMR>~}uVRKMp( z`!lQMJEykJI^N-@H+va<21WZHjacC&F{z(?qLW>a%=fvdW265(Jv{lx@IkF_l&6nXpGA)(@B?I_f9&t4XXFtvu|{ps+2^XaXA;|_jTTdg`dCIr^NBVrsmBG_uRUe z8k@NB^vSV@MyCIEWqH%N%ZlguFOLpPFPOc4(Y`TLo_4X{=Ni=^?sjntF6-7S>)Wh6 z`=;c{lJGVCzE(6j|J#DR?67pVsgmv=4|Z+EWsY`jJ}D$=-5f>w6L(vO9%y{_i{<~$ z9yPT4t&R14CQC9S8?^Qf4Coi++abj6%X*zcKX5p(du-vWBRWV9z4ZK@_wyuo8`RHA z@~zjsxW41%&_>cdlP>r1E*$H7_2bqVNBsuO?KghYXOiGqzGv3AT(tk-)PG968VwnDett{kiSD~b)SLc?Y+VocDKpcbn0ln`ySei3 zm$fPwp3pw8$Ej0uvo`OrZ``4I@ukANog=@IG>ly#{UEQn;T7fBPd4TqJui2A**nrs z_d?P^htX42%KiQAUB0@`wL91B{P{hZ;}*0!d28zX9WvtYzN86k7;|_+kCNiH2VUsc z^lsrx&H-Bc-;StW8!@lwm!~>6STtr~lbs*O?ftB@IJ?z6NsoNauKRN1&z`3=sW+C} z*9*;X%q!ux-VP1>@^;kI?!$bzmAfY%*yEV9EBc##&v14DZoh2maVxlyZpDR2*`$UU zM>8i*TbG7L(R+e>zTRu)pQnRm-N*OdV<&rO&r_{l{q6G0A0P5s_Qtv&?Uy(n`)E$9 z=KI$L3|r1=d?Za;U;23W=$nmRSy$X|VXK$+ZrZgWu%lgC#|h(|?<_qO-Te50<;U$; zcFc)*^*{ALKX~u$Gk%{v+4}gTOHUqK@!=AW9N(j_>h85lZ0vF99o-vm_1m+-{>SDW zFYlbRM&4SxW9JJyKhrm_-}IfA#%3(=iF1AB`i()`W-R?JcVcn>+s>UjT_5>py`iP4 zTZ>)1rmvr}@(2AEPhfZ^^o-Vw)v3t9ap`!)}i$W@4I{&?hyXn&2`t~4`;ZNx_7%&GjC>eYF<@7w>Vp{Z-bTOyjdJCBBm0=vK0Q z^p@D9U;j1rjzh$l=%zx!uM41aHwygpc+vB7Tj7*k$o+ZLhut=ij# z4r)}g!8vcSVi4*CvmUG`w0b zK(0^z*R&x8Q~F0gADP>{QQw6UyR%99(C!`1w(eXksTXSZW2>O8$C_w|1vf15zqVhJ zv9Mv%hKSFaXM3OReCk%z<&p`*0;Yd(CoK9y$5Ov9MzonPN$)D@q?fcVmb5x%=fF+b zu`GDzye2=~p0YMA*ZI8Plw`Z_C2kS(nw+Wkl;_6&ALK^vaGRZbJ3T0LR+|=*=iDTb z;dX^l-REaT-f)}qTuJjGn?3g>`@Fp{Bs{=R*}nhvn>oKmJG2`XJtB5?^u}qe_t^cB zKW1<2tT$r2w>vh-;h5ce@348T`{v3V*Ebw~dP?uD&Ash6)>pRd`^N9?uU&XvKc^nyVRG+Ms?ITE15FOVT`2yBuVtrxw*}wGg_sT-kjFE%_&J> zPs6HTb?r;+yET$HFQ0dF>$KEmlcNvYwVyY=9rxUT!db5b*j=42>B!B9?jD}4TMNTs`FL^GG1u@efpgBkJlAQ^({1*qOKvaemo{(S-Rb&M z3rbqeSf12x*VMt^)(hOUsYlo!4gMb5$vbiGu!1G?md~wsZ0@My>21#Wcbp-KoIJ|m zT8gPqGB4Kdg|EA|E}1pzQc$bgeWw_sC-EC zH!JE=lf1-vLyfck%}x1t^EDHuJyUPqs%K7in&97W(i4FrdkzeKPWEjJyXTI}`u{)n z-UF(sbz2)=Ng$LY7zqi4CLp~?M?gV3NRuXA1Ox;HqzfV%dg!5d3{|=`=_tMT4g%7P z6-4Y?{_r~S>YZe= zPWs3Le9;3u{OAiPB3?#l`pr!lH+`%5ay|CRJrqyb3TI1T|Es?j5{ahLqt4-4H7{kAIT}IK#^=pi&W|9 zlsJP-+S-nN0G9%pJcR%F@g>CkhmS6+T6qZXkP(|H2(ln%UrUe99;2)6R!5 zWCDwkJ!Y8;j`!X4vWTaHq3H=R?{(sR3-Zh~T~A9Y=Tqf$IrbNEo!=80FjZ@$%OoTf zh-q*#-~hZv$*luL;~P;#ab&`$6HC4)7=bKGqz>~;n2AE@lb-Xi$I{1SyQ(sE@o%Pz z7G#oGYk+1fkQ51=z(p~RXEypiyqpnr+1#Bxf`}r5ka{M=AjG9$DI+l%N3g3HQgMmw z?g@P8huvazi6j-d!hAo@C3OvsQEL9 zk^sulS86GwQdkp~@_H1e0nWpzxGWa4vSpz(OB$&w>%Y_-6Xt0z_@>^T$omMS?k*%9 z?GPggiVlY7+TZCaZIFvrQDx;DtM2POyA$WkSVGxe3x!qgyH_?cL^NyML9K#pqYBBG zB7D+81kVA6OY{7kJ2`&Wyn=Qq zqSUQ=Lp5cHHe(VNE+;`KZ^K}Mk>%XdbLPJczS z0{KN!YUIP1hjPehTeSQeJb?qq~wHfu0geH8In;PNP#)bvhT2 zS4zie)V!qbU~bqAIL3{uwS){03}3CD*N||eV0{%eMLu@RY^=GiV#BwhStatcNMwhv zKbIZ^OF#gPS|!8nWy7QRc}na!K(C=luOVF-0Yeugo2N_JY=Wpk9s?i9FC@~S=2Q{n zWg=OFbT~XSAtq*;T=^_ywM*T7vC!#w&R<(1wkOFs$@LT_#_1&&DmJX*nN3L14*&gI(G zC&?g#?26B(J){$-0avE+l!fqRRRzV-mDTBwCXoJa=-sn(mrdg$CJxBFpp2 zJ=aPdnfhs&!>;*Zr#RK@mE&;uGWT*Xh|ntUTkx*pX|vZ%iJaWy>G_sJ*QO2VPcNVQ zB33z~@knG8m0L@S%fgGLr~ZV#M-Er1D`T&jP?h?s?6H(N56%g>PIEga1YBEfW!94=&N(x+Y`kZ=$h$K4Jzya@yM>-GxnN4XG_>yPvN7^{)^3Abh0e@TS*9dr zB3WTWKz?APV(x+GGz1BV?Jnu*t`VL&@fs?*8FBHRQLj zentO+@5&|Cy{MHNw&7cb%1maLU48sl_FlZ&x-Zm@W*>O5{6hLWrJv;z6KsWg&-K#F zEmf-xKlz0>6$}3NUfqg#*+=1?a(-Q{`vuB%gK%cYH@`cERjJ=<^Ua}-$vrjpKWmEq zgN@@q&;R}x{_mgXe?3ST??2<~{sYZ~gsAur^!R^CGx00@pI>l5Z@G~epFEsM%*6j^ zPUt^y(LXQ!AJo9Vk^lRn_WxJse?`vzBmS>A>HPnn^}qjvR{vYmzvTaT0imDq-$=zj zVDRyY6UQjjF%#1<3(K*n=#MHOMa5$^wPRh~AJA|X7ROdr$5*c&dwCt-zI_}QcbuAf zTw8lwSNEeFh=dC_ICwlddOR_4ytH(@w|D&0Pk${9`Z@3SLl!CTXU+5X^*?^9(V}F* z9V)3A5$i}GR->R@@uZK$iEFv+)y~pPQ3d({B`c%3Du_)%gbyA9=o#6e$=F1lbZCL@ zuZ8TwV!~LMi_Mu6o;V(W7wdcC3>}!vJ5rq&MF!Rpqydn;6dDw~NPtF=9!&0-tij7b z4p!tp2_SecR`MW#lLBynmM6Cf$mga7-~vzpQ_;hN0iXg9fQh@OiJJ+42!H@)uI^{* zeW#fL(Cj?d&JyR!D*wpX>4S;WQ#1VSohoTl;jSt*_I1u%r+FVigs<`&RFs0WFg%we zHM4C`I!(g0GvMrz6O`?z=>q`OZ&VT*itP06+j{2iJY%d3*9NmL))tM7Fz6NNRR^iU z=!LDbkfI*01Kd0uuAB1{8-0SsrnNVg2OpQsJ+khKWYNOh{BMAZ{MYgSqwgo7^-EtR zk-q#6$IuUku4{jRP5+y3{pGiRp8qHPmjw3xcjy1bB&A440{*Q3{fh$s2S0y_|GNP8 z2mTW&P)R2Me|)DO4?B>G{nFFLkJH76(*aTupaTgD_8%VP@ACOS+5r9$|CNLT#m}#m z`^2ray3+Z13h;vV3U6cvCkSppt#aBm{UkGzgaZ{Ry>D9Hqa=FK@#*7E69Kynp6T~q zL8=L$bqp?<;mnKowN`m=PS4+#^RTsavj{q4@p0g54n`g8g>M}m#Bj_^ThV|Q{VL^8P0YgogQ}4Jai_js)f?jLy2f4NarVfERPlp z-`D86b@J^`oNE`?_2Y9DnJA77*oH-sA))Fx`*Y#3$Icm2I#K3AQLRh$5$395_yI=o z+AZz(b<&MI-#*pUHyrMai>m**iuwm<|NrNo|1JH$=RZ08MN-?p=>J82-|9SrF|ADIiSBm(Z_*XVI{O{v{`Oo=ZB*cH5|NN8x<$vB~{)zonT}ia0 z_MU(I8U988FHTxH{Qdl&#QyRp{_7vt`@hq|e@-a-TTDN~qGv>fjlAvIG)V-=Y%*+O zVzMIAvf|P|XeY&lg>KpkQ~&3J{*hATw}nWE{vjcM;Vt-`#wGqxwiu^aq z`x^-J?+7E==?|Fa?_cgW5FdX_s*J3N*dLYpcQ`}8BSi8K3HckC$?r7(#~l0rm@fae z6wyEC**~Ai{+*Vk{*Zcp*!nlldj7U7vH#qqfA?I;?@0LFApN5|*S};gen;x>MbCe_ zU-sM0i;Mq`iT;h||4siAKl^JD|BMOow;%EEdR`Uke`mD$^P2x{8u%ykKLdNWTO>B< zTONLY@S*?3{EtKmOX7z7HU6upl*HLT*Z+S|>;K;E!p^s@**FV3{!A&3zL%LB+_Z&-}aI}L;l~>@&D$le%rFbKi2;S{{j*H-+rxs8UIrM!2dx4 zgctiW|NC$2_m5mC>-Gb*!`?&o=B;Z^_O5m|3M3u?zcV&&ZqD{UszGG`p@aA{=KqMc z|M%VdJMsU|W`qCnOZ@ZrmpCgW`j7cvQPDr^KmKDi|6kqk%l>~WSQpr~1xS?~NbB;F zD;CGIv*+$rj*w{oC@K5;`d$t|Yinz)EF6Cj1d_fuIO0H{x!Kuc35ng^9lCOxAN3+6 zQa}~|;faz$749)J22r>dTmlr+F6wXCKyF)?v)@VaMgl>4sM`sK?nWMxN8u0Ezi&kT>u zTzA~q*dRgM9vyu+U}yjK`Nh)G(!s&ImoHzowzLfAzA)zj$53Z z_V?d@{rdI$Pd|P8_N}^DdcU9}yW99TOWzh)?(x)nU#9Vs2i3L1EFu;*!#` z@`}nwRn;}Mb&u;C8k?G1THBsHZSUyp>h9_7>mL{#8Xg%P8=sh*nx2`Rn_pObwzRzR ze06PoV{>bJXLs+#%U7@8yxl)|cliG3!^cmbzkL1n)AwTlLd~pEMeGQsMDbhpSLJqv zBTs8)X;kO+L@|ipSn99N?~7woj%2=AQ!tRoYglSIP*XUR%17Uyv;dqWOAoVCV&L>t zVuy&+Gpu60c!u*e_H0ZCCA!9yfE0O_?&<4kaE54Vb7XRfagi21CyQ3fvVkHp&zN@_ zS7NH9b4+eCBgp#iw*e>?7^-u4Edp(RV#Rvy&e7qnw@@h1vG2Q$omXzZ5m@?u z0n?0`CFUvKCA0{Xh$OdQja>Nmj(OBY_`G}dNp(FiCz{L3Ws7F-gjH}l>UZm zg=qi9Kt~M-H_aqF8JX+udXz{n??$x5tm8(E^mg$^?D-G78*vIyzDDTx0$G?#2BWd5F+h8B!=<7C@vU9QT_mh{lyPUNMzs=q@RDw52Kh1 z3XpgVGdipQ6O3j?grcfSQNe`;FnDVlT|+3OwLQ44#)b|K3qdos4fc#Nw+3N4fly>y zS;&*1fuSJ8C^HHL>zZ3YD@52+E(r}lM zP-x{RQQn!=t6d_PO;FZ+jA9F%UU=5um_VovJ^%#!iSEl1e&bI>R~>e*K6QdXb$n-E z(shcULJnx9V{*D1RpOI(_12P!^R7Er*JcpQt2CbbGSB!n5Q0V!+?9mx_H{o#imPS{od9_ zcod=9y-V7(s@>I6BQ8iRDXX8YD=1{o^%hT+U`VKKxNUGS9v_5^4v&N(@C+#_Kv+07l>tjYr92>H=Y^%% zqOxH4EK-l0iYj0TM*<9J+hSV`LwP2{qpHTn_Tb4U36tO zw#zmvwXclzTcnI=w2y>qZGp}A715BGNJ*@$X{p&8-zZE&C_6>PV&7Rju&KJsAC-gif8!jssG9uKH z+$9;yjr^NSX8^2#!w)R`{~Azjprip68WI^E6cHDb5EUO2nwm-o#ixZOpol0$UOq80 zw+NqGT3k_FUJ;v|SpJ|SDUMhOZALzM0)st46y`leb~hvX^ShsRkM{KpP3A{bmJJS+ zjz3Fko$l|2VbEyoE&!lAhml*m%w5P$W;EtKhM5`DfjQn0Te482xe^wDDGz)(82sd0FEd_0tjcq*6+Ozh z8J%p|%EiSmZwa?67*cBRQ82vf4!}M?=%tnTp%oMHuYB!%& zWAXJzmZEF?7|EPVmux>gyP(Uhj+E=LlVQ}2=2D6Cz8Y^lb)g=+HyL}{NfLFz&fV^r z!8%SnI@z?j2bGi~L^g6hsU!T7_-UQXqvq}J$@G*q0I!q_J4@d2XJN~>!y+4^bum2i z?>*q|t%RDLtOA9)=(99(s1fn%;h7RaR9MFKqQ>#b5`nr_u>t;vb{VDIIsIZ$+=*TZ z5nP?`WChOz_unY58kRbz@vGiAo#eXL|LVFn(9qxzlJkZ}1V_h32E`>Ng@q@@CdZ^D zB*x=Wxp8^!>W)7udubEQw67Fe`@Y?@qnLd+=s`jmFgmx#Q@Xvj#HIB;ERK= z`fpuri-bu7?Esry4K+WA0N)#RP`-TnoRqfFh|>5y1(OWAhla(Iah$i`ZB|)loQXYW z63HSkeO(N8j?dbW51~X}A$Y7K3(3f}lA_e@@p&~^w`>7Fe-YfTVsbXj(} zcZFpuR>ZLgASzkZb|+xZRa_3rU^TKh3^_xQ^rH7hRX^Fc3g;U-}f?@Gnqnpb{eQxn`{YC9IwGh=y4Mv5c0NKq=$eM&n#Rq+cQ-Guwc@}eyt z<9osA+gE;SD6k)Mlrg-rTd1-lms#yGBy|c z1*-Lw2l$@ub7&WLFiyr)HQ&p7RTJq}BPcXttVCH^=}TK7FicJR%Lps>V=Vf6NB-?a zO$;+LG8mQ_nwbd;MdoEkJjg^NLeR_=;rY2)K?q_{UTsimW^ou24hMoEouQorkdT2+ zOa$`?d@P6#UJ!=p90~#83_&a1L6gkE6C>MUuujJMf%#3i4U7?v-ly#)X!QzvmbLJjsPe?Hswai$LT&K$=GMFG{hbZ>Ua-=%`t+xXdIxu_GCi!$Yog+4 z5fxDz=Im4K<7Vi({xY#GC|BAzO$N_am99+wWNMs{{#1v`0a^4Nw1ppfO?D2TxOIvp=t2G;jjZKxLK_)g(Q&X*3YV3)ph>eS4|LPObLkKh?K%9 zg@v3B43lYUXVeNMbakIk)rLG*?%UP9cJ}SdJnKUHWkI_ng1Qr3HsfNeXmE8$=)91> zj{f}hkrHL0Dh1Rg`%PwyAbv|I_}!fw_Rj)XXHJp%^HNY@>~3XM`_^@}qwD7yXS~)k z!^&}rKBT7&p0hsf8CE540~>^x;Rxa#mlF7^3+@);hJ`%T!iaU3~q+CT`2 z_-iec!J&99EQ$>LxAFB9h!u$aYbQmrZ4eY678y*M^~S`85fUS8k`hx=lcHiG30c{3 z$srjJ(xE6+Zd!OuX;MjUdP&{m>S7e4xxTXg$)ot%hIstrnzq!svc`tqo~C9*`*7m; zWc%zSVH~-I1 zL8Ddc+*~CZG~*c@(ai=*gXNFToOc2B!m(T_kcXwKYMx|0?kZ-Jo3iG6(yS`>BH1$c zHa&Ec9K@G;J>=<4=Sv1jt8xZj%aF7{FfQt3ylfAE1BXQ-#5oJw(aNEZI09dwUJ!~0 zb7gLAbDTALZ5B^)%=7J)#+k*jEalg;F-3`6<`HL^aF(Bvg4asbK?>TkIDydKQ=;Yp z)M6WRc;DNRU5m)A#wr)@0Gg4w!*1LI?`^pjgW~PPyenlaFjGb{0!IE!h2~?C4Ny!V zk83F%XIB_Zz%5CrnZtCf#!&f@&R36TI7EL+c4c~bQ&V&QnY7OhhmYav0w&u5UZT*| zeG2Pcm!o`-+_2<6DX-1UNpwi-t?F-rQzzWKf|AOIgGXq8kY|ekDO;(ujAQEKzG9Rh!uP zh}(vuFgJYCu@RfG$SL4JQpzkKc%)C!|Kwz7Le%FN6Fn~{gvO%zS+UK+AUk>b*qcM4 zMUyul7uwlbQpsJM34bl)cm3{_lOLxIEptB_S=hL4KaVW8ms(C+2q4#w?Pe&wdNBg? zr6^7fqmd0laV@al(M4=;K8Q6_MHeStE;PE67I9>pm4Eb@+nZd5GhQmZoZLw6_Q{?& zi`yWkB7U~&j0eVAlGCgj7B=sTjSFq9Ez6$VGb?`Fwa%GRZ%ckSrbT@ZrfWHFJ!hy1 zO{QbZbf#TAy`GBwfC}rm-PoJCPmWj1t_k#tbix&9w1Z(Chy8}|b6)^X!c(7_ z&8m*4jlosYA}!X2)x0&7!VT1eG0yDld=9f0S5JQdV0RSzk|zr?$%YrjClxmag{ZZfH|q@59z772|`g$eAZC zbH#15h>4lmx<$nEP2}=4Y;U{m)yC%Qt>v;etBY^neOM|Pdp;Mw@uEIZ`FbuflzeA5 zdn5VHD%f)xF5eyQ8W>8=Aj(Q+%B~Ehp?E6UYMN`^98b%xi?goY>~%#5GQ!jKxOIZg zu)Eqi)?^HOBQ=ayaqhOmK??MC1u}0qCStzE${uM*26x3WkeI*tP^T$qPCZEYmQlSa zTWA!);ru1pnLJ|;$4{(gz6&jCl~^_-U#(wZn7#=G2p~st zr$7imO($ZarpPlykkEgg`T7(U8#N=a5X zSvenn`Q>verrWVu-Zwko3?i4l^M5_Gh_XIQZy6x#V+R-q6s>$edJi624D|Un3bNr> z7kFJH`H0E)vzPKuc?jXSwJ$wiiBd^+W|HbyugSn2eJ89O-SoA!p28H>ajc`&J;aO& z)-Ec>5ERHfD@7^1GBTTU$(ri+1Dh`kk|xsLBhX|qoeKIZ4(3fE)(+1_P3dkReI8~S zBpl4Ms-uj#=a0iiOKxN1&vuE!dtW!q^DC_Ivba~PKD->q zEg$;ad5+I-CQ+s`)cE53nku8aZVq-UX`f5Y+V}gwOloikJ2l3{>-ERQ^N#3&(;3Wk z#ny37O?HKz0p2Dy*`b9g6NbF^_Ur;p!J5}1)N43wTpvk(pfz^|OETk%i4NGJITyy1 z>zB8TS@gHkyJ$_Rzj#|(u*k~NJ1;b)%<(y=qmw(#ueuCwqEI{|)zWf({Lz zvw?eW^(M;aETB`4QY44ntv*jUA3TQVxNaEz^mUeU{yFYPSz<%zkB4G%UL)V4hF%SG z5G2;i548ps@U)Tak3$ZrCZ?9|)^PTT7}kkiI#GLKy3kQfORz?vB9hnAGsb)F;ax-& zpUNq))=X?j%mBA-aD~)@hX1+`!+))xf1b1aeJK9+oFzRYGb@`kZwYx2ig-W_C2fX; zVTusJ=ptrxMD+voqu`R7Fl13~2&%p;q_C*Fs-{12o}DyG&2lm z4nabe*MjM`=_2;F`sC!4ysJ?B;etmp+6x@f9z&HMfo3Gdd4Xa+>y_ za7ll&dm2MU%StZcO5YlrkqSwbEeM5(Dpu+H#T$81&dp3=fku~a`cTAXLV-9$a@o-8 z!KUq{)BJZo-R6H=y6gtK&9sc1Q{3`sdxa5`-cu}5^`0UujZ0<3JPJ?$;Nq|HVU~hP zvoAOA&b**|{sWV!1LY2hPp{R6jp4pYtkT$|d=|dta>;%v(Ew@K1AP+IBQh*j# z7Y%|TJ@tU+TfN%$sF0*Yc8Zx$cLW4$)Qbx}Tj;&$T55;86ho%^fg^lPVfE@Q4za<) zQ3aM7Bi*w{Ac@={8*5%;mpvT-d5vzsVa@bmK;vR+6`E`&<_py%5Q*1zD`3BMN1{KI zCFXEFith#AY?SR<(?fQTPAAF-A&g%fB#^J19-i^v-YY7IkzXA6D>MC%jacf7zghrJ zk%j}UzYYh%A*AJBXizvlGAb%KHl7d`8 zhZ&){Rfva=N(+!k*b`&}3G4o82MW>JTH5~vgMqa-)+P0|j!#td51^NrSD3NP==BXO zu)03JG_o|dxw?j3LyyB(!uZE@0;H&PJIt4}Lu58ik9IYDOt1}VOe1gUJ4mMl`GiFt`*Jyj7aOrqmo{P_u zYaC?EbjHiqXQwFv5`52l-mP3FMtMq#@<{xR1#Y8Nu0=JKH6$8(L@T(P+NB+iwW5Xd z*XOO~vbbNajPiKZFwm)~d1S8VsOV1Z=M#YccynPg{DiAeX|w1{qicOL2#hyZ_^=5* zO?%sAE0^B_ju4ESu`BEM(ZTzr#GKw&__schg+NT%e?e za8d3tOfoDZta7j@P42}K7jA?DeJllN74j{y--V5SHGFSsO16Nvpd zu!+HNmGFvy|02Iv2#&Vs$t~e$SZ0#{;j%##^}{KOTbd=Wl{B3-Pb!f6Vi6L&>3YSF zsQFIDs+4}P)O~pAm})YK@paBjnFo`6)^1WEd9;mMV2IO!Ag;{nvyiV0deNrwlG!Mi z>BlPFY(IPBP_4l0!Bs)ZHR3nN#KK%76LankH{H~1{w{d+&7E;}=qUC~kgJI4_7hXb zn|a^s<_n$`1@J9eR+@1cc0Xp~IOS&E&|Cd+(eEYw1joTEo-*68i}Ktpb2~iS=+~`V zst-`|P*t__%hLBw9mjW39kBZy$B1$ps!$GW(OB2H)xqQ%H#;v0jadfkNNpP_uPM=~ z9mWcO#~bQOtvk+7h}D(n4GWYyifIP7!8i0pnHD?Q)VuF`!sM`6B`w|r!JxsoEW%_& zTs|;xEjEdBGLl+APO79pO~?4ZR^eZMtiu1%J^qi>VkCk&of#IIk)9QTN=JmkaxkdE z9OjURB?K6}riL!0wx&D;U4zYTfHR^ip4K-oK8me=Oj=wcgKHufY9LR_5!jjn((Zp# z=mY|?5{}$}GxQGzZ4hlH!V&EwZ)}#IPqi&=hV3sr59XFA1At|sDMTA2P~`MX9v}z7 zzd8geRs_(AQ3dx}D~39ZQNLy+P+6s!){2DCy)RplhM^_3&pW#7HJH(xjWSxV={11p zg0@xo%2v)n4D_AP(^7_ZCF!u* zpZ!Q!)`KZYQ3mMk2f5^%gax{pkMA~@QnX>Tiz|s#^+J0qBP|VYpSSx{{Az8S2|xfG zNbBdlXWQRP=0-tL2m~tQZ^_)^EN!HUG8!!}T=th_Zcv4ayt1-}1~XQ}=*ch1+%#x= zXU}Ypp`qO4iJz0X1yF76j_$cxRSglW>frj1WbSgscBiVq%bstl$Me?CW$HhYxw$xm z02DGH@2y&;k%Z@bM(s;UO6I1;FDl&>dH++CbTuc2!H~eP)>}ykRXdW=`+t7&#(S@a^_CXx0uZf0HOT*4ov45GaAALjBT8gJlK$}*mrd6WBgYV0H z#PaC~G1O|9)H?|fpvxwuB0h6?AAb!qZ`Xj~$TEIg#M zBU9qG3_sv1;XI~1*UuIlPHtJBqRRcn(cXs0emOeniT-WQyITAu?NmC0B1?Fl!tRY^ zXIIrxu(!)a&I|{4N{6(?_=Q9;oAl>R8hu-+QD%s3j|#b=gxyG%r*YVoAYX33pqykK zb8ebL_Xt{>P@fmHGIG0(yHPQVR89qK+NC(VbJ{mb61&W}(;RYUOHZQYSM^l#&K?~x zmAqNT?om;fe@QA!48l33b7a&xCD*G7#DV15s*_@&rS)t1VtE;*IepE81vNvRk@>X| zO1!U|*IV@}48U|qUd;WAboN!9VNQHy{hHfXbL_v%*gB8b+^iB8ZXJivf(5y5Wt*ye zwtu3@aZ~WPrm~r$>cKXvx~&IAc=SHZXt&3_`|t}ozk#74s~WJY*W~WI_hvQY;)$SC zDl#OFLj!W2zEgY*K_}KRE`J&)rR`56Fa|WH5!8qp4uH&igS;KiGTH z@S}78G}O!GXv~TyK$1)=xTc-~D##W^?ivO1nz(a9C~WrPGa)Ima6qVcN?*O=vV^8Q% z@N%O78S6d1;Eg)-V&jG3s-@iu)T=-vBf4vZFvPa_bJRs+-G6{ro6iXbvv zKCetQAiD@9EAIm_%j(^kNMxm$lzIZE(}VXOuCS%e;jXQYJAW`Fve#1vHmAEInThRK z3VpR5m+Jc{{8j3>c!_PkxV!G>Gq4T)fq9DUF`rLA2P2x=Wub()#VP9#jPtlpp!Q=F zmPo?X?QbW~sfzcQTH!fmHmJNl0tTw=pv@F@pVl4)V3Eon_<=|&ob8<`%Ph`E4xJBs zgduI43X~DI8_!jWrg{o;omNe)LWZ=5g8{|XJR=~p$-zv5W1UJ^^7Eh#qKU^1|Xl(718H+!LU*kfE%F7r(3QQW_V126IdCl%pAexAS z-1^+1$nXevB!Pn-G%0+b;_&a&V$u-bKS#kqm+^Xo^_%n!(3^`ogwM_yRIoI?{VQXE ztZlpMw`8ACdbEdFows5_~IQ2^4xKy=s15{ku{M=vr2$o(!KMwSKrk);-If+@6zQJFvPC)mU7G% z&{#UM#-CLp51Y&n4}PWa2%}UiGv$kJ7np6{x$w=U2DIkS`uSUL>zk8DkGNclPDf$Q zSz7tDPFDUDBGYci3bUKP3L;mr5N0j6A3T1`Bi&82xHJ9#Gdea^S9*55=F z&lxGxtHBlMjg zwaNpky!9wUPJF`osZC`5tjWM^vK9F!A2>wX3+K-LJm7>)U#M{$B;NB`&}UxF#tvEt za&*((-+xV%mVlH+letbc4(tX=j}vGL?YC~*?ySd`h_+=ga5m!#P9po&mrq~6ov|_Y z;!-owCFhVVW(*yf5R%U1R2jo>&Xf^9FxPXYND3$Bhu9gs#-c@4besSdboOgaQ4&t; z5ftXdWM-R62LdX2*6@Yk}&LY58Lp!%6bdbUi9_hMN`cfgZBKB zR}SXSHQwc%x&>Z1vSFMpk-GB~74=+(Xu z9O$*-J3-;3Kq5Co-GS;!*cnplNQZE3`R0bJS#1WZriEziirb$J3A490-3>N%)c=5T z_Y)7ZF%7*iC1H*aF*!WvpC}~{IeSSx)VeP;JwHs*QOdC(RQ^XMfS6r7~bE>*Y3OjKiwXLlK9K-K+pViR_;i#or z>(ZjQc1H~ddG_9zNe?W)L%*KKlDKwC&)wzYJ0{*;XO#3|RQ;%~C z4ADlM0-Q<$&rRbRkg+2SqDCo#v$;a84A_?4*thtYC=F*WMUf9_gwj>JN4_raL^<0S zqUP0vk2<3u5i$DP5g&5JsTbnYkg?4DS6FMJuFUAZ7L5sTkEf3y*YhA4t;dV-QR{94 z5e%Y&dyJe;2~R#TCc8)Q%MjcO`EJlAs-#neHwMx=iC39A12QpAYl#0l;+66*N$wFHAr^t%~f!+)B zXtT8212OM?GovHo?)#kHj^JbJj>t5fA-tYu9L7e!>ZgBN6HAZH>aXUW zXiB}epqrZ>Gq}eg&z>>M$3=zxdu#!Dl&Mc22Bb(|=gur3})#o(r5*9M281#)aI%>4O1MT_JLLq9; z5#A{DorGDNybA-d&C=KrTC{O|q2rgBvVkO_2r;<@6vq64rp@W6Hq5X5iu_6mml#D) zmBwy<%Aou5&_Ys0JBT}T5)$zu{>)2E^r5M0Vs(GQfnVMc6@w}p zv$bj|mwvn>`$_zr^5z%m_ZK2~G|S0o5xOm(lHRZj%-wky{a>Yn{Xf>^nWSoA9Oz$^ z`-VepP)Ha|J1gUF<-R3QZ53q^11kupQRQFCeQls9ZFvn21AS47lNJ=x!kxdA`=)kl z*K(W^U8NX4!F#E3;pcMShut;goTt<^S3j(3>cRD;U;ilgEea;TG#E~H{>J%F>~B~b zDJ(c%5xA>17enGD+5#Cb$%S@kBza}#(hd>ID%YYMeedt&|0yM!#2bvU zH*&&RweMc6E7o@=v+=#AhPn>sV)N6`X&=8HeM+mIVCq*#0=6ra!hFJT_6I@~WAC2i z;2eZ-T|G9~Z!~|m0wRvLzgQmnIB|{>I#DkopxQmdsC1@V@7-y&7&6hkyPs|&L;)ANlE39^JnfZG-dP!Qhdx(8GhB$avQhQilEnFRP)$UmAxnJudtK4dp?J? zIDTCvobH6?cZJWPFG(fg#@C{KyZ8;nv11xPSn1!Fcy z2D7@|er%|FSFbx!74Oz=EiBeGd_otW*iQbz41XFSle4c77Nyz_NYG(P%$Bj;;4X>_ ztxyx{t9B78>iXIxi)Pv}dt{c>UVa;?5_INk^e5*%aXyzRiP%hnnruIrN~@WLoF;Ea zF!(&#L?^{5U-K=q$6NpFhFY8&wK=UAXu@B1Be7rKW7w?K0-blGh z_F}7MpTEi(xWa~0prBR=TsFIqN2F~4Zc}8@RodSW@sVVRKI6YCPY6L3^TXbDOG6ca zV-WqkMJJUar)FvT1xKd+{=3*J01y|Xdzh6THdNJojr%|ueAK2T+KMS7DAUkCdlnjd zQt(v>#@bo+-Gp^pRS^B9wC0*dLGkkj)zXD*2P218<>F%?GJ+_WX|8wr#N}60?30eD zBc&7P96weK8g1P^Q_>?}WnXGKmRUM>a2@OmW_5D91++pY>s#zHJpkMLpf# zj?z6}MbJ$M5cM8DoUyc7G5c82xqBay0|p&&xOGw`*M4kA!KYVGZPY>DgHc32f)d6u zt$CcDUPJX+*IAc4lC$?eW<#EnCEaTVgUJX%t1O&IkiRC7Om_S6?dPK~BaH*d@d+N4 z4uCHCLc22cC9abl!#Ve9WLNV)F5i7epE%wMwtD7&i~77lDvHF*mGAc!x9i&hQ)0t$ z@vVY+6#`4xjHTHeOVy;5tpMkC#jnY4Y{@hfXas$#VFkL^SlnR#_pG_OvJinH1-)Qp z9At5NhhoPws5%cBYS&h#clH?@g^X$QJ%g26i$QC^s*008a5d~x+OSC`Dg`OB@11nHYpK$fS)VKs1 zo5Ssd8+TQa)7F;MfF>FL92X`_0aWfW3*}N6kZL}N;quDke)$RD6%0HE)n*u@t5QQ= zTk8{wwaM98ssdStcgPZMnxlR7*cr=RFQZXluG@SdEh}0#2JtoS>#JlZEI~=cyPYqr zBoiontzkcX)+Co!7`Y*(fJCe+kVE4~Tx@GIrdx|R1g%Gu>=HAOBHc1PB6z1ehDcbk z19|sFJXOdc5|zeHfvLj#8hGZsD0h%Op*ZSKZJV)PzZO)lX8r{JdxY-#lPJ#tzM2+WZPvK$A~pBWEi zWT3Hhpw-NXRtn4v^2mi*1EeRLF6^8thRKnULEQ{#kQ@-TV{!#{X+ZOqE|8>aU#u^r zho{DgLBfhjgod)XXx5;zvs^FPs_qz8(At(>W>L}qOa(yeNaQMyZ!oN8%r(R&BX6`h z8HsnO#<~JzF9n`|<{*&g)Zn0O_EDN=%fKlfBBG+%qxWJXhJ}djkW2V>S{mG=K`K2M zs|e8~!<=$aUb4LY3fW~*w-NI3#4^b0bz5=)W2p5iv7eL7L`Ed=2@Mg+0Bm_u#Ty|^ zy+JKH-5!}Q=M({x#+zKO3_i~+?!1{PXJja5Q%I-$z;D|!y5-=@BN9m7m|V?d&qetn z5iF8)K&4+y0DCo=S;e}NaqkLhiArTs`nDHa0A0r@A` f&S^I(Ws8a5cGm0!?i~ zhRL$)Ror0kvRt?M%+1+7>bzp2-F2^PudYBTXWQoOaM0Q2`CZxukhD~{$J`K3vAi*x zj|LKX#S)+AVO{Z-)5AaNn-!CmS-H>UEilWoLHnGzPDze^2XzrJ6!5L zSD-51{X)iPAi(&XV7N`i$HEu3k}fma0x|>H?V=`3E|d%wO-Q034||aFyaA6)v&UuC zduOXaU-xk^RyQ|jvtzuR6?t1YOxa* zhPnH{rvLPzgL#?=HHhfosI7W^%q3_?wJ85lC%bC+o82JQ$)pN>pV&7!i57XX+%0Ur z=kdA?OwZv}Jk8j0ZTyai-H5$D{eFo?@IBx3RXJf;uG}S-?)<0CGvt{kqa=T zNwlc~bS2{Q%QI}vjGu(^yA?$wDk>-ztcVReI`(nou7n~8I>+U8N zJ3Qkkd#}CryWZaRT9)Xm1IpKW`4DRweAk;ESvl?-wW)B^Gs$Q^2=v}NGGk;l-YDS_ zhm%wg6nr@2yJyw$tKpBV(LU{-RtX!pulk=aVjn?B2T~lGT3{=4VUFWOB+mRA-fNN2 z1}gi6c)&P^?~wStYowL$D5((W{v!n6C{M8gic?IOgCwWBFXmIs=Fj$PHb!|i_=Kkh zt#^uwvhnlfm*V{MgIl6OBKy(!K}ffUeHFq(*LMrQkczwz`&LicgCG>UCh{&SYP+$9Kxmq9Xkf+wgyFs_ z$vsfSk9!x~?IG97RXu4HW68zF+`D6a<=}*R2kyEOZUzX;hSFkc(jFd3KQ5J6!OdGP zm2T~qzHdDKL^K;$6HFNfLx)hE-VztX#g{~Su56OI_+G&)k3*f3n#%3e#c83^A(h@e zVO~GPE1E!NZ%WL>WG;bND&%rFBZ%_3X7+CtTA{wx*a^`tDrBnZ$M7PD{pN+c9c~x-~S4VLrJW3Je&dTE|#d(tsjG~HIL-J%9kkma{Ju!P9%m1<>vM*R(^- z3L#li%lL)Zb+Coejy%Vs*>uNoKFK;#ZyYy1+R)N0Dpkc{`^j{5dscdJ$-|(D2=5W7 z`alssgX5!;EjYr;eMCLxSn2kl%n$bh3&evy9pvy6feI8D@oSSBu2Idgs3?O}(O2oXTBJuZ3kU$;)~jyE@2r&(K8WU7kER zJddLc79Y(vSX{*)6o80@Tu&`}+zV6Bg^3yNG{qTQwO)GRt^KLA-3o0ueQ9U;V)Uz0 zy!J;_VrrHfBkS?|t^Na%6=J1~?f{juLYZi_o3!0NpUZn&1Cy6*fIix45S!|gfI9s~ zs#+v9$v2?M7TvH%lQ?#oc45QTs;SeDVk$AOL!}4xv+G-zsZ0w`=TQS z2TgYEuaAXBL*3i+Z~GSKIqmT)iGk%Ypt|2RN)2Ln zElE&idyu37sc$@63cV4&q6sE^qwuP4z*lji^P8B(dFlgO72O#yVV}Gq$BA;aGq6M5 z?9xk%zX+wB3oE>L4AxN#GsA7S<|XbKRW{RCyZ%}%$0)-2Mx;Uz%=&YMQJ<+voq5@@ z{rf*hpD5B1ZicO3M5^CI?bermsi$VVs=y${MLh^F5>Re+7Utfz@k@S0-~c-}-;Rn> z2!AeYWdfT)mC#yu_E#Tc{TZUm?{S1afkt?5`Aalh2kG&tDrQ;6!Tp=81ymm6WVaw7cgboQyqokV_ zuZF=pWOx{nE8Lqn_Cjo*9j(`|=XeUujA09Xa>Ph6l?Mu2lN-DErheAznD)!om*03^ zpjU1@cWmb$dtdayoEeAAR83Yhj&H0L?O>PQT5_150kbOIreeW1*kLX6K|%&uDi?OV zF1aw6idxwoU?HP_TSg@03AD4U>ZOxM9yG$hf^9h*;?Y!g$jjXP4J4q6Lo(>#knHvs zGQ=Jet*}IE?{+JN5r#&9?egwCq0tyNI7G#L@jg%OcM#>zLa=3w{qM?c9ah7HUvm`h zgV>J?>>6rGmHN%<6LC=3Ge1v=_lrXyK{h?f_%Wh`_e^%Y<4*6O#VG0o1h@ULL7A%I zA5cHW^3KcJiB-#aen)smE?NS0^?ur!h|QGEWjj=VNG}Ge;0}ZQQDKsTGCVHI6(pBS zH`;eO+kjzB9#oEoiYY30IAvPI9V>RX@Q}f)`IxozAFJYqN$GazP}up*HSYuvKz7^kbAOE~DVNp>3AUmNb*cRyhLtBJ4P9Dn58^{SN1 z4Y(zZkX*N0_esUA5Z$Hd1F4>?3d7V%ZRw|Pz3EmRuD6L03GdKcUD_P9r`1XDcG^L; z<@-~NmViRU3xZGK?-HLiuQu2S1`KLAU%RaCS&~xl<~i31q|>$FMSOeu+CD8gZ6>aW z-$7q%JH}-@8j*Z$t>;O(tc*|n5=|;&(&>l2m)txSZ{yWrMB0nO5zn?4uMn(nqaF6S zU0S4I@0xc=bTzy5`#VYOJ<)#H=atcUc1P;jef_vxjSFn;U_e@9xt^_(n&8J3h+E5|+xioaQ`qy~}dvz9QSA z9S293KRdP4r5&4@|LIJw^Yc><^|fV{%4y~)Z^ncnu9o~OExF>nh9`D8iu(z3dTPN{ z)I^QjY7Rf~<8wT=uhV*EyI9lG)Z^*xe^6Vr1VSAeKiw(wRenEkwpux@_0S&F*vB|$ z|6Vrdvm9L3{en%t2K^mfPocg zQ0jpLcfTdy^7n9s!L;9rAHeyDO32^*a&NcD}8^ zkGwx>68eZ8Syk@ZW-3#uB_4ZfH4jamOlvSvFy}(y=qu8gmb&#*!Lw^F+(p~WO z_-T)o$Ir!cVZ#4tjrUl_b>;2Sm#-_=3kEcrp#mBoTnU!kd?`^JA zcC&~`Qpi?R@h4|ZI1={7PHKfo{T4T!z5H19RZw-pMX~qr^juT5>KfR7&G(afr;J1S!jBnliY{k(JwiH*bUx?8Bodrgjv^&Py>MAxX;z%l zp5j$`HSzk9{UN3_IY^nLiG_w>7^+3CpU$n^P|EH0pwsq>evMjyhP+46_Tp;=j#{m0 z>DfeGvG$Qv^CXSm*7A34NU!te@=fff7g?jPmT(wM+)wZNVxJ#Fhxz74bBCEKtGf-? zs7T2StoBYWziLwl=hATB99`ul_eqFj1Gdkm$Fo}HPqp_pWkq?P9YoeGFSBhQ=H0~@ z*DQ>!H~45RQF7zZCW}f=zYPyWt@As@N8}c{4}B0^rkY;d%Sc`+V_D=RrCj)Af`hQ? z?9rx{L1iWUK39j&2d_L!c_n_3C(uS0ns_QXSt9k>(ls|dQ{#?c!z>-eb;e)Yyq13~ z+nT7M8T@4D0nQZ3K!H_SLNSunL!G+PW{qTEcVu%1j&L5}_lR9jYd;M!5W~U0DNj3AbPRg5_ecU+;U<{4$2 z;AtojAEIo$d5gbY*sm`_d$m{9qV=bi99%|Sa-dVv566=p6TR`YFxjJgwQl$R3lTvR zF?`CMJe#iyR~#-4gkN5_c_+8T6Y(KiAC98J!3I-oV$ZUC<Yf8cKO$&`^V7iZD9 zkz~{2BVVP-JJ5U!XG|gn<}788M~(J5{9(!WG*Mhm)O#$pHm@PZ%+{Q|^UZ#%^?nqI zA*CIp{<;sNeAOzv536^OdD-WfmKI|R3eg>Y7e0#kt_34n3 zbL0S4din50!)lfDqpsPe$15-2>E4{bF(Q1m%HEs%4dL4h&u5A&E52*qXYY%?A9eh= z=oe_CeL(u1m_15LYmXc~wd#Cz>$)19``jF?Pu!fKphz>@znIyRWhYhe@)Fve8#{cyh|~=rTlyAX}^i`XIzr#!W$$oMK|@#jpwNHrZ@k8}6Sz zsQMe{gb1lrS_q;nz#cU=)U2y|kVir^dj}+8w+*`@J896-6P}QUR#TC0O|e?eF20^^ zO`GR33*P!Q>GJV?7Vb4~ThCt(Qq1fvfJ`9!dJ^;)*}Q0p?&@^OWv8`bC5KeGAqlM= z{B|<2bzb$}>7LSKv1&%_Dcd>n@^1J0A80=#q2?Oe#OO3BVH@6LdM*K7!n>uIvp@If zOOHkcJ@}gIMM{u_t5z|j3TH0o{r{z51s;FsCK?(!6w7d1K_Z*|U z`3LL}_S=WoGq5fjA3Zp%ETAM8^}6iyt_h1okM4l(Bnsn-#Bf^rAl%po52f(lOtHjK zq3s=P*ByBGV?TJsHk3hN{*k*RcWd0>*sT==?U!94S#|s_)?LBNX|YBhBhZ_wWoO~* z>eS9>xJ7z3$7-ptjOE2QXcsQj)g*GRT)SGFs|1Tk@D0j3Z@E;0A2L4ZnuMV#Dfz;k z)DM2|B3eXmRNSLdW4GSP+bTwUoK<6HL*oZe1Jv|eigVUu|a zQ`XG2vPocDnpIb+tv24Jb}3g$Bx}ESws2JO8CAnqwqU^j6GYCT% zsdeXi*rakzi*7wl@$>4A&+h4R+b~Y3fN*kVZp~PJD$L1m`2G@gKYI%Jz|}a??&;^l z+#Z@EF?$@g?fqQH%iqzQn|Gq}z`!bt%3}=^^2G=j{X6&0#H-wwQFscU6e{6G6u9jMQ2`3$)xd9_M4@@}c|Mm+UIC7%TM<@?PV=JeR%6 zJtPP!%JWcLwS#*d@A>uRL$cJlt2&FkS?{P-Aq=jiB{u;^yLm1 zr5@bZf`iCEUURO1H}XKC7lRo6tlRQ(XLlUGH5a^dk?w#G&nJN(WFI5sH%QaIIILsx z{kM;UrIeQNCj7qkaAb$UHep_Yv37|a-8@{iy1g$?T(0@Z!DYCzc9;5B!NpE3-rjJ? zMY5Q!>QNB2@6h+4TTo#GdnlttMfLm**;_!E571% ziCu0kdyzraSmeF8+cHLhFXlc{`1HZG65g#10w%l(SrF zeRxEIq{w+0qC!QAI?d);*}2$YI~$v7gwRlSe5BWb*4>RI2_m{_*`3k*vLbe_yKzFB z$8Lq0!AprE+_47|4|g|2W$-aF0sXQv}W4{5IJ0Fln(0#EqtAKMBjX zi|;HuYji{geCkl6MOnYqz~c2HyhC^6r?m&e&<96e=DKt3j=!Irvj*Yr&RCjquV!@- zwI>}N6r}ykW*IrsZJAw9<@*sVA{V+Sp|D$8I+bt9?hjHC@Gi&=O0V8Bcwf3uiI9X4 zHucsc{)Btckd^fgfilSgxdp9=o$EMxYqwQ(`mTO2{6gvl{==o=kL|o$ z5_&P)GIg`%Pdpdvh}b)VhKos*u4WfRLR8+iny z1N#4MXaBJ1uZut!>VrLA!Hbfcnooy7 z!s24JL+KI3d8a%eO!f3lr_b-u;kD7Bf|J3)&p&%WFNDeeZ(jR>{QqrdKQOWK^ZlQJ z{2R^N|DAax_&?`A{s&mimZpFYzB8@E;(~f8Z5AlK;Q!><8u&{!;$uo&TV( zuMhk`unW-t{hugs#0eD+hlJxuKYbY*8$tN_h@U?G-+J?(^B?|ODf6F!YXSNH<`Mo) zApBhZ_4Gk}IM4t8NB;jN9XX6t%SAt}6oq9o;-_J-h;~SGsxG zx_JdUtX$~~*U|z5=ma_uhw^78ixkbkCu_{#c+DbkbTmAaPN!($BBKb==1T64)}C76 zEGZmO363F?=r|JHe2F^iDmW?>uEZQ`s-qJV6QfO~p)uNIDqe>Qj+!FjY0(H>Ryd*r zC&KYK5}Zy2=Zc1qsdFBh@k5m0RJb|`j)2p^pJ?!h2uEmWEJ2y+uvTOiOvc8c%rM~n zI4a5vOcMb|W9S4j$$Sa~8V*gxglf-Bs1r;e=}cZknMI%}a1uHKXC8qvLsM~Ruof~E zOEXtOXd*NXkl;ThcqkPYVoudT>wY)HKo5-3Me5ETMEQP@E)vNcWin?}#P_50^>vx= z(`CMM=7lk&?_a3P8f9cMdlcdOxeSb%up8E;G{@L;fR9Mv2FkD}qgKyxMK2qid;iZN%#gb@bONNqeJ1db-s%~`yGG6P+7 zW^{Bg5%=v;430=-9<2$e3?^d!MnPk-%-{5;->HuPPcfgwg1HEIlKCX%rfwq<27uW@ z06zgj5Xn^YkPvWyDFOvfs{zc&ypDpq6VY+-5GoGGf&g$OlRQeS1J39=E2fAJv|c!l z9*iauwL{P(I+_+oqmZd|+AKC81*4U~Do}Ql_u+01hPpa7<}CKp@ia#of#3B_Ox@gdEY0=x z4NMS*I!mV}Bob(JZFCfiduKyxfG{ycXkpNF93Gt2$C8~DXx6cAICI@7ni3p1ICvc0 zTq%%FrhqklBQa7BF->A{-XxQnN=$NwQUa%6qst_#5{s@%EW#?nEvFz*nj!3ukur;J ze}Nuw2DE{pzP2tx-w33Lw2?;oy7~yDww^B1ctQNwGVx<&+C_0m2&~)Y%<`8Bod@jLtSd2NzoPhlR zCzAl<&Sq19TM{LT4yO^;n-Q~1|1rSnkGLJtoZ{lAt-Ainnojp5O7%9!eeNm(=VX_*`LPo{JH38lou5pjUz5R zO&kT~4^#*_2JVjk!J8r|C|5Lvb(2?(6ilOlwFIMFaaaO+;q_rjC^uZp4`z#_p*&ey zVqth_k*sCW$(V5XswgrY2d0_S7Yi&6kMi(6$%@t-k zQ|gChTmMx}XEeu)0IW9UI{@vy&p2h19@}@Y&O*Ypxzhg*9V}NW1dYL&qp1YIBC|9-FqOa^ z44!iJXRQ7=da>Lsvq`GKwcu6+tR_4-Dozs)1c(L{GaOBdqlW?w4_veFX$#_rNjo|V z#;G+R4VdVjdSD)WK$}haIV_dLR49{R0MpGoX{~12QnU{6-B6Y!Iw3M@QiCxCdcko~ zU|iIc@cd{HhD-n=Kp?RM0zi;JA}<7YEp zFv^jRivSb;C0!{%n*%=|0KoM1egG^F0juxouE&a$W;5vm{6i#@@Mx3^^Z&p+Pnq8ZRys#t&)4AduJD=x-SRI-hx#+> zcb3>py0CLK#iZX2pUqPahc4p9-nkWKnEOlD)obTf+Nn-U}vP%hvU zY>=3UqOyprIm;KOgiabk-#E}L>wLm3>g;gO(K9(l4*oV;hK&8a3soEOBcxm^4EX? z`5OQX6M1wrffNB!R6nIXh6n&66X7o4fM%A`oee|;8Rbfjp7PUY-w2ID0cIz&^x5p| z5m6{tzp6E()45Wf5jCgdRN=t^N|$sWc{p9ykohn=+*hz&Ra0|3vJ7U7a2^S4#kg@mn@v zHgxEyZ?4trlyWfUC?61Fq=|Cg0B6*$~X*h7Frz*4I}ftVN!j6^UMIM55Q1_p2q zD`B_b?MOO`nJHkQ=idO5#nv7;JU}jbCcIvd{1`gW9Z@9uLNHSCV4=)8=1FK24dv|# zXF6H`hS1S4OcZ)D50z)yrJo=W9RYlF0!Tj10{~4!S<;wpF3T>?+-4>elTpW{ zw?7quu*7q!s4*FbGt(Y3&h>O^M?I9Q)Uow@5)o~`%$kAkw zX!ilBP*AP`+6NvC^bCmxCy?Mo;8QV^P4LNKa1hh7)FhMf;B%v>*=YEch5Vb)dwc4* zgCYn43;Z#l8vVb8ulk_+!*hW(X(s)-36oi5Fvm zdp?f=-?3&^ItJ&)%1(kKm)xne`4b_Yg6hiIEp|7&J+nwCJ}*C3#1l-mOZVLCdcCmy<)3j&!_j?`0V&Lg@u^4#Lc<7LT z>Cv&I64rx2O2=->?&vU83ywqqZhN40MF zAOnd36a9Qme`z=Yqx|n0PDc{ceVZxC{z?y@|1!-cSr)O-egt8){2~@Z*fsP4m$`-m)ajqe&CGRJVeA5B{+nOV0&s3<$?boB$SHR}!*2O3zYpwz?4*UY&^po3x~ znmGRkiHve1Q)8xLq1m(HnEgK>Q$G&?8V=x<6w9w1;rN`uu*^&Jpl6qFMh^oq=TBAkkH29C}Achm4FPmsq$ zg9fW9muMCp=`kSlPl%bE?^h5Q0g{8jiJ6Z)JV@pN!w4Fe=7R#V#8y=FdS=Jccgw_}-b#=`a*f=Uk<^m;b%SuDdBU8BUq+JBD9GXN^{3*JpvZXWV1Uh=Qzd291 zLdla^`{_LS9C+hE$#W{8_-_4p3doFZuLYuKnxv3ck>+;S`5k^Br-sY*L<#^A!k)l=d7DfLV4jZ zp`@8A)||UB$T`i&^L@-8xhn2a!5~~_cKgj^ieSC(T32TyCyL22)9uN#ZxEt^G_d^R zc}NSD9?lzX10CZ-3@P2 zP$msP*U3EFJROt#G~SqcY9<*EzD;ugjs75B^NhlSGAbR8hI@i#&%+sp0_q3MF6B6o ziVT_W=wRZ&eM;P9+Mg*tnE8T5rvVWGiCj221T>3NqY0CJRdWOd!)$?K*3*MQ*XUH= z`fN@NrOtF$&3O(DY$Fz68>C;Rsl|kN8X`3e_~&vsv(z+&a+2bT{hthe0Q28^ z`Tz0#AAUlA5alr)+W$GWfByYH0-+0p{oDRuO!+r3LjJS=$NwDh|H2IOKK7lr3mDQA z0ZLLPOs52?qZJ;k!#nf6_rhZhkh8|x{IgNezd(imy&*r5|G#Yyu)mUjAp76RzoEX7 z;XnKT{3p0VhqX}vtAwV5iKhL_`+w;GFYzDI{!dWo|L!|}CjWoe9$ zKl^|F-=+KX?EmclHI0e?H~;>D{C~d%%>M{EKbL=9-TD5%5dsO~|9|%X`yZkGUwYWy z(azWe{RpB6X@Ni{CME>=dD}{ZKRzA4*;4i5&bg-ptyj;r9H_~wUSs~Qzu?x@&Ob-% zMp`#@9^XSFdMSS5;OGOd(PX}gIR}JeLa0w8Pe|u(@9~MCF`OW-qFrgf)48_5#0z_@ ziN@&X8(vMcZ+U64Od^%N*Hy9A0A}w`m4QjPa;;Izi;uHU%Y0k*x${D3aemkBT)g3u z{U-c3UY#?tZM{hmQvu{5PXN@{ava#Reqy5N{fZD3{_!&k5=e+NS5lze;TZfcJ6;X2Ee?&zJ9m;IVT1ObjgM?=S6L}OD)!~l~DI` z*y6Pflf||sH`SuTESkGHV%0Uug=U(-#K>Ue;YN3d_~LP%Qi(CgUHCr_VcS%5cj@}8 zPVhUabEFvL+~;`M;OB_Hz{tKum(y+HlT~w#K77w=aA!u?*MK_|TtwRWfXmm<^DlXO zdt3cxHaX%^24`Plwu+Pd-pJiBoS(wWZs}LSC+ZGL4V7PE6P8JcZ6(4^BtLUl67a!R z>1J({_qotkTeH?hI<-e_qfqY7E9rzvM_PMiWn!*b-7WnkK|;rGId+wef9`*JQN{86 zY5}-huV~uEh!D!IPp)M<)M+(eq^`KPy&Cj=6upIUp_^=Ok+gQ5RJ)}~h(Sj%?-J?M zeWUeSI|UQ1ON{h?$FB`M=UtU#J+^)jS1^&#XSqk7Zwt@+1d*1W7EbYxwj~uCqt$y| zvF@#0r7I|2686cDQ(}8XYk3ShHbeHq7ukjh*se+E68Rk-B6L+fIL_96%r(Wd`zjnR z;Sswg_s?7ES#mT7hE=+Y;U|gAI90AHv|&;SzrfP5x;wG!2*bO0ZU|xeaIr2vTepXz z(rQf$WKnHx*XAFRll!sw5hIMPFQlCOSsL#kFzCOeBKMJW zjnl@W$4ho5v3(S-+%ZZ~uS)MsyUUej`Z=_E4?{?0*JIl^-ZknWVHZN{qs~65W~eQF zT36j0`n0}|8rxZ$-?~(d`yiXGCjHK^t@^}%ow2Zb{~i52mk(U8_2A-t(|qOJzMw4C z{)YSdpM)FBwaahQ$b-f&j&o=B?c;hIF}A4nbwya>k%780C9k2c?_Q{%S$gilvGWGc z2HTt@p1zDgV3Ycm{EmG3?Bs{rF*fp_l+KW~ZdDmmx&=iys2#IBJZ2ABN*75Z-$E$g43O1bo0_}qO9d4nh(XVU8M`W(8l`(E3GivYXK7kHZ)x0Tix za_l3-9X5HdJc)kyp#DGX`OZL9c6deVWcV)?QwgX1qBq+>XJ|1lpVEH1`s{5vW z(}U_)e)h5=8hx_wxO$phg|}Un=FG*4NbetV=Q2sU_i)3QG2itDVM8%7kJPb_y*$mC zmX*C8C8`O=k0SMhb$Pk0Q%?jjY}Y?vb93&*=07ywqE_&G7aVUZ_LZ)lwOg@D<^%gV zhdXTQu4nobt+$JL)!aTWbQem?Jh5cY!VIRvr zsru~v@d;1$Y-^s1NBAJD^In4HMf#&Vul6pE%JG!q;tNYIyr5v zTJ(lIdL}VGUyz%-c=I+*jrCDCgbdfN-h0ZH}S$_r@lqH6o5qdO|vuzO@G_VV)Q zuS(C@TW6ZBU0HSN@cuJuadsDvUA-b{RQ%gub97VexqUJBAB-M+c;s%EoZ^lP7hAiY zUKf8%zjgb}wtJ(!17VOGep~ks3dZffwW@px2ilydB_Z)9WM$xQgjG&G`JNVxL#YxI z0&o0A5c!2M{Elq>1vS;?0rKpLPxKNpVI_+XXI*MV)|%{4QoPb#m8QB%6XO2VnJ|Rw z+F-HG$pB&CcY4R!J8zLbg&5zxip_1yLJ_wItDU+&n~hK+PU)|b&5FvsQm|tGg%j)F z=5A?N({e|FgM0jafL=i)j(?rp2-F9fDO)Ub;(8>OD^FQ6u02lfMp>{8T!??a=;I5z zZY$LP%t3}bP25q<&Kr(=+Mlnn=t#d5^kq*uS4QJpkK8(5+L@b6>ygi=#up@0>AlWzR)wRtWm&dj443MtL!F{t|Le_6|YQuT> zPsp@2K2pHbcXHn4zo2_<1aj|+O$GG0>&PuqC(L)m;ceg7-RvVL_nfZC`}5kv#{TPg&7I|= zWltvP<@smTj9txd>|peX^xdyNuke0^YH*5Y$ySfgr8l!z#X9c6?9bwSRAlmXFC$*D zXnlC>OPPK9Th0X^A(r8e$UdzdLgAdrl9_2w8mXM{c3u)^-e|%7JA0K62tFI$b8NKI zKDkm_DqVdqx5$(0vBTLG2PwCnmLq>t$c#pEA$@9jvL4-L3#=|FVw{k+{{qVBi{`5JMRCv~#k+}HO$0x-)!oh>j)|&DAG_v{Zjz4!f-7SDB zbaVqu$Tgq7bf%XKr$m&X|(5htUg=}~GTmJlUx?MHZbx}*t++Ak(#@ZdB znu@*0vuHU(V7Ci*GonIv@yq?52i`gSMU zLD5pVb};9uXp-Q)$O4fz-7U|b?3Q}gYODRVJ%j%CF5jRql%-%#Gd*G$gdK7ZBE|BE z8?16#jGmpndq1cZiY1h7wG|*fJB4VdJ=Q)wt zg&T7(ZD}2JFgLjrZ8W|iVZd2Wvq-o%R541S^^Sw5Dcj14fqk1dI+?q!^jpWZd2yIO z)O>B~Di3d>p?H{LT%?{ftRTD)n@nC-6R9Pbh}TZ^@{RM_w6T#!-jZBiyvmy|Gxt=! zREOv;nDpdPKh-=eJexhC~RMj?$^wBP+YCgUe-yF?y<4Z3~!iN zQ&@t5ta7Jq;yP3~mch!}p zhLASZ&#fL|y<4s*RMPXDoO$XW$P6E=$E~g}ejIe6+W#z@PVq@%RN>8Y_in|?N`5Tw zO~MU_dagT&&67A_v^D0up|qJF_U_Ssp{3Q%!;gHtXfEyR`@=8r9?Y)0;%T4Ws1cu| z-|B?k^Za&Wn!>nh!+Gx@_5rJ97)u&-j|F z44rUXma4Z7x~#`~K%>?m6&CyIM2}_E6aHFX-Ipf@F8Z9kef5ej?@s;OdhRt3{9)OJ zEq5{LgrgpOU+JC~Qn89$@Z@9FulvkXydQYVFG};ihFy9lwR7{EWaDCYvUptS_O>2H zHw`m28^g3#ySZmPKeXq8P~Fjco197Rm-26Bw%u5|y%1T#7G81q z_Q808*80)$6zQjT_7Phtwc+I7j*_13Km4qF8Tt6Tr=k0QTl82K(ec7ew);qAm8?b& zY|#l%mBq?c<2tAHcgUzQ9{Ig&mh&a@bnEEtd)=#ll>g!Z<5%fn7ff?bB%E2YJ@srG z0&muGp6wh5VvnQF1KmMBdo6>DUOH=@AC_PAr~WyI`+QFZ4NmtbUBB3{JnHzB;1e&d zgq6PtyT0xKKS@x%OWtspaCGC*j&Sy@!{_r0b-K zAASwoTyR4mWn)C-7A+T*ZQ+Vs8JjbUV`Idkoy#`IL(`!-^0}4SNddllyl_<}#m#wv z5I(ej(XkTs;0@O97`BbS#q{(fZaOS}aznx??3$Co+&WeR+4~lyQudu$cGSNk`_fU_ z^RQG*tHRSoLn?wDqq3OFfvt>6k=u-yy*o>9+=@M_w77wn)1H7xeRic?vL!(Eo?iGx zh;8e~7nMcs<=mT|P4JF9!=HtBBujrbK6AwVE}LR??ujZiBqPD8pegodSHJ2-a~B2D z&8kb~RZwMf?UDLaW$Q9CbA*5jFJ>!AgErE&8`;(2-KGwyAwcBZR>0bVZEw&^IFG6& z3mRN%c$SX3tJHDwBf_;@Ec{E`iS+lX0j-bQT$S0c`k&*;>Qa!hQ@!WtvsU9kpUK(% zeKgevPMV|RURNP;x*4Z@;7USlMqIK*8(Vck3-T88an^djSsG^WwZdR$+|^5R6_{-* z*3P9nl6gN>Y47vZxA8f|ap30iH*c2@Z2w(An%iG1jy<|?U|66!Cjs|(wdjh#GmTX| zi488{+3ApX?r8O`Lfvs?w~NdC0-;7c&X0C*6|YT`r|(+*ddK~Byppxh+^uh=RM_ko zC$3$zyI1O!>z0xi6cjDxWeahv`IH3IHGb7!k) zL9d;?%(0T9*zru8DjxgS*MhxN?nx;Y_&i|WQMAS6tzeEtV!h(l4lzA}GPW?@W{&{De&U9&m2W<;%$qdKiUUg^_^JuVqbTSv6=LaIV5Gj4bg zoL+J$TXH~_Gjl`#{QS3K;0O8N=^fqw7O?*!|EmXfLI1A)Yk<`K=lr+71^0h7$z=X_ z6Pp3#$^>KrqF1UHQW{cvq4ZLz&0bf>5ReltE&V+tq_n?(A|$0hq_i}=w6uR>qM)=? zZ{kx(e<==(?gv-;*M{g#Oh8IYLnbErKiyWi-(OG~z0^`q?rOG5zboWIX;wd&B_w15 zOaw;s_g7R@l$MsZx3~Wlguiefq&J`th}vX6nz<$m&Iya{6bDV2oW5%68KUW~fjYWV zW59vy4bkPW*ps)KVqLV$Yj(TXsmK)G8UKJrZOgg-ba1%D-{HEbNYa+%B|-(FEcB1TeG;*^Bg zDcRqClT?zF2s@%Cslc|4o$b=)p&>;jMO6jqbLaWEiup$GKX|Z>D?QUGEP}k~)gm4_ z2`MQBIT=|wDLFZ)EEl4uqbs7Hn>WhQ|7*9+_N=A~?kAd~>X!ggFvk~vFsb&_KlR6GZit#zlek~NRH(y>sv zYDJE1LgGTc<3dnfP62jx(sfs~dnZiPrTR`1kFY};pOr`EcB)km8}FFZO8A<fcgqrV5DwdyV3DR6<=Mca;=Rs7extuuVeycG}_V)f}T@qqn#> z^@plt1#F-@s&c8EzOE>0lORmb>#uxRbS)CE5bNBG?~ZwhJ6hl|{ON7l&f8b2lVcM; zn>^kL=@#>hqqdDYV^8&aTe0({d9~-DJesz0pF$jbn1^-{^K>g5JHT}|(*xZ|mY?)^j>zbTfK0m>iT%EYame%0C5>?Qf0?p7C@wzHR zSaUy(O+bz!wL*%XaFLUj2ruJ;WC?Js>%!|oUpjAHQ_CsoH4+Vz-e8e$%hTGN2#?rd z#z|PL+H}cg{~g~|9Oqq=A@YQ?CmLK{L|%+mvp3l(u1Gc6zI_!x_mU4M(s=E7f-0r@ z($=lPuIhAX=j7O}EdN?fvqscXyU#rd-y~=yrJlg~v{_#pp#^F~e(yRO`U z=ci#YVO|2#R<+Wuk6l!Rq%9l{2r^7bN}c7RjtRZgD0v6F-1?3(>GM+l7J-UgrExA> zf*td>?ol};JZzj%-vn(ri;R}NICe!ANlDmtL~-L2WyjCe5-`<#Zb9fL2Ma+)=Y9Xbp=bdo?GEK?%k53dCTPsFGL+az@2?=2Rz4J z&qj?Rwgw2rjpR&7VK2U&k-&Mx@+4crI4Z+qB4y7drM;nyOWMx;MA$Lk6@~N{X~bi} z8QqG)J{nNui(Gbjg{H%TO(|AY8p^~oYBx10k&b+&7ErbE+|Qx;0+Pm#WECq_y}nf( zxs(FD&KhB(*h@KQ&T7*aeQ50#&gfyIzh->KI?(Nk)o)~Bx1{CXvJKYm^>XE`WmHw# zRtrLv;CDGSP56ZZEDECa`t&&97x`OLWN!9ZnBU<$r#B$tyx9`+k;HD+^?;hAJz6Q7 z1qoVd#(?sUBozH|@5BZQgB?|7Vb&lieTe#h*!vE^wyNuIXD3cV24u1FqU^-6wq-l9 z6WNwW;uTBIgeqFLg=I^Tb$eetUozumt6**n*F9xN*G9KUwuSr=T(-Qg;_;?ouH zZXNmfC7yFnywZ8zO5F)xFKNmeyXnr2&%E%n-Hu}>yftmW&f0Ud*Vc~y?1Yks|M+aN zch}VOzZp30iaq;m?w^#ozkKu$Cs+S`z@@GOCmeU**z?!DS22A1i_HsO-7)&^+Cl&R z`N`frW6#?%Tr=>*M|YcZ&gwqUcI(t1FMRfv4<|Og^SIU$b}Sii@>^#;_VH&ozJAp# ztMR0#rU!`f|vWYj4#1PyF}UMYrrbCwoTY@hj$7X8!KQW6tb)@#$S3cbw4q%7R}! zUYv8`>4q!LzwdR6=irpw=Yy6qE{PWU)`@w}%uPnWI%f}ka-PfFb zVdpKD&Kc{U{9e<8-SN`8J(oQ`@tcWzI_Ld#&w+pJy86M9Qy#kU_21WK{6B8?#L$f&-d1zx zOS7&S^x8+inmf%~e8&36BE!z9+4$a9)2E)#HJ`9&-m(R|x}Tmn_Q9*JJN4OTOmhd; zAHU^y=9&L~vylr%$DVuhMQ@(<+b^%X^t^o~6Q^Ei+*|SEMK^sNZTmobVYRX2vf{JW z-{;MGvTox|C;VmKsdM%2pYEyH_wMQ|Z#=PP-03ggGNitH;%YX9AQ+Jn+y86Am(#e}o**9wV=Nra{c~bxF;9<*`bJ4HHcdy&zcyCyhy-GLvyob*kQBgchXB;-@!0`V(z4`w> zUtc)!>?;R#UG{$cwdW0W|HJq~#sx#o)lUqY`tmx{D@#nTtUJE@jg2pET{LUB`GQ)* z$@^CS`=P<5XAge+z046F<3Y;@gG-;O+r2+qYd!m!SI&Pvcj%D6>ngWixaZ@G;P*PE zcKI9kUo_A&(E;Of6TH-FN!;je8Od-Bs+6J8&8*{+q@{`1$3z5J|OPkAvsZt;Ux zY`R=KNuM#(Ynr*$RPaL9w5`MMFK?;u8nVZ+;;IjaKJ@gd8vDTG-(PXo&JhRC-hagt z?-@4O$8WfG&Ds%JB~!Xe{UfiQ6F&Qk`P1GpZdyL>U$ZWF^Y7zZ=VSyXugG{Ua#v^8 zVbL*t&iV)T3O4Cub&+`W_5ofRIw?u+qfe_iu(baU>0+v?B9e|GuGJ3Cf9ZqH9k0&6-gwT=uSXuwP24_rqNBb$@Xn8RUS{f=vG9$TGdjv^AK8;} z?tR-YzIyPw9c8PI9d_4GEp21h{`lcx(>Cwe5<26pH)jNQ7j}NO_FCN<=Tn=m+*)zj zs*9}Mx!-)X{#O(7@@~8S#k`@B)mPlw9&V|t=o(yf^MfZ;x6ifSoH=g$q?X;&KAqWp z+xYH#o*yx*bJ(6P%_r>}>Kf-C+|Ny~Tr%UT)dL5N8#7iv_p#rMao@ag`hBBM&uBU| zY8dt8+O?0gU1qTC?7DpQ*i-JbUBB)!%ZNKyYhT!Mq4Cs{Evsx>uetNKo3A;~QxQ6~ zJKULjP3IdgkL=ie#qRq?Z+ddVZ{GKIynO2AQ-;nwZpz5_^2ZN%wywJMl#GU%Ur&1B z-GyI2Gx5>c<7R%o>NfL=DQnh!5gIe%!!aWtF3DaqWSA>B(mG)GHrI~EaiPuQvNjC3 zarMw0+=#}ab06^*pJuqCe8jPZnWxo%J^0eS)l1L2V@u6)bA^*In&*94I++apswKaA($@ zclPg}y!W%mhCQ)+=#tIj>R-+I<7V$2Z+W>HQzxz)`f`XHyyUhq??r0<$OQ*1?BGT> zoHg@=^A>*oYS8=evPU1%?8(cF=~9xOQaM^8LFpz+-S$L(ugI`N$6P%QSWk#CG0J?DyL zV+Kz9s%rw=8M-*S4TJsxdhRyw>r+va%b^;kM8_54<$!!GG=> zaCx}#^bbdrl?0FPzUSC?TEn*uovh3FFyfljJ^nA7XI}E`kORm1%daY1+FUk%>*5)g z`M(`he({>wH_uvoXWlJ;pZo9=3m^LO&a*uut>+&Xe(}I@11}r(3*9KE%X{kmhF=T~ z9J6fb%ln!q{=cG8?@hdWb~MucNaX%8lhrU;mwL?UTZGjzW&<{chvp)-jc_T{mJXspLq3gGp~O9 z%emXH{%Yj>mqVrJ>^^1NnCy>6-cmej+3~(pYA5W!?}^CE6DPmJy>t4s(v=ybHr@YN z_egK8x$>)dOa2kPe^bLFTPD??e|P4AV?KDjYTM2!*Sn^?vU$LOcOLQ%y6XCW54(H$ zfI&Mozui6If%PYJ&KzKV%X+Fe{A7XPd#u)W$wLa zZ~E!q)?|HrrUU~wSm{h4L$g%p~aCkdDgNAW@&!$?$W`337LQNjpg+B zr_7$V_}kF4*WWVgf~FzU9<11uQF!s26DGeC*4(%7xOG3y{%XSDM^@}R<%0Fzd9KgB z({HNSllSwk!3D3}82pX(R~M~WvU5ZDq>k$PwYP8|J(YFs*;i(DZ9RU;1uu<=F4Js( z?#T(C)!tjbchogce%Ll@)3LwwJ$KHCr?{Gu?QN zCWrR^e#J4he}DR>M;-`nHILk9HC#9SPbUnU&NckA-S*@yL*AG-VCsFtPutl(|Jd^j z->VpT-+=v-I#wCl?_4zGz|F1Cdducm#}(g_k$K-wu2^;cKSu5Ae(2`ae}3($6YgF2 zZRbI2=HsXQ_U4&?$sC#Monm!g`%uR8_9@f#-dSU-##ap)clx|tkGye$`^Dz* z_%DIqu>&Y{WHzC zEZcSdUC%zh?dJ9Nwa00v-8p#SgiGCJTgQ+1%i|UQa*c9FFI;nA>8*`--RbpRIBoPB zx(m9t4_S8caQjEy^XvBiX4Wy=YA00wa;Emv)^){i9=LA$)xWIWpK1vbK#GtT7Q4=FV}2YbJx9BKmXgW^MCr(6KDD_ zK7Z0rJYVGh^w|^6zJBkB2S3c4J8s;L8+dTas85~?f9RP1`d-^dP2X<0Zuf_O_GbO^?2oz%hyLDt=cgHgt2d4Q zr2a$SJLg>f!O;6&9hWil+E;!wbpEH;-uqPT-pAfw8d@>gUcb&i?3nEL>fakX_`Iv? zZ#w2@CqMJeu>%M1TKRC{FyHpKUew+2`SEkC7aZHRdd=mIdkx==JU&w6uD|o;|NN=r z{ZYTWN8fO(e)H--eg62cRhnbC&ugc=T71i@&#KqWINtupy_a3yzG(9&_UR{UuQ_S? z7X9TJ*{(l5QgHRR)pr=j%o*^9^Y55GVD-bJr(O2>8~We8HTI^8&7Yt1_VD{Y7`mf& zV&R#8uMFNAJ^7A-H=JL!_zTCcwV!Ptyl;;Fq+7Ma@-8af`o*eCueqn@*Jsw(T>AU{ zmzHha`p?cU*6#fB<&WpT{(Sa-Ixn5@nr_(UFMsd8v{C!jTb*CF{rXGOt(Ojb^Ws^y zOGdnD_ucUIOGS>a_J1At_17DwZaXk%>l@|&9QNuLXH6aYRQcB%@7;Rk-@f`?=U1N% z{IYw@KR2EE)s2^adCSx*Z$#>8~*UGk9K|i(82jz$NcNkzg_atd0&4#{NJB_ z{ngG(zrO2+uXY9h`O})M&)x9N-d}uUFn{yX!Eg3W{q~hhwbqQI-l8N);{n1Vi@{w=zr`TzeF zY)CWzUy>4!@__%!_8j(?B%}ZS%KfJW^h*B;`Tr)98S>xJ{NKaA{TWB|{|`TmkK{L~ z(0@!K?5Bwn{X@K0m;Vh$iw?y;;^lv+1V`z=pWxrqFqxT)rY%^&t?)O({6qcBQO>lB zs-F77oQZQZwQ(gr52rVAI$gfOlyB1W#Yq<|DD3sY>R>yk*K_)ue3LQXY~=KLd3hW? z$Ss;yQd8_$U2EgY9aWWFZGBN?MKPyYpw+H47HhR7juQS0Q?`zJIH8>jHPdnhv|3xW z1}~pq}mtFN2Oe$ zLhvFje?4Gb&k z3F@?#RXJ!*31ifv&u)uLHbiR>{m48`KDwJ=UQ%Mn=kx}x-lSy(Uj+!~vPtvfRa>iU z1sYqWt%_DuQ6d|S9>I^MaFM;ZuAaAtCf2ph8W%q>rp{Vex%*=+iR@PsU z!}~qWHTF4kxzjT_&fhSn)zyv~@Ywb2HWZe%Qd5L%#sO*?=FCQ~>9)?ThF1EakV3zv8!AjX~t?}<9jqsL$4M2pmAUgqEBd8 z_?~ak$b)=g<{6op@(qyob75vCYp+>{rsY)Y9h=jDmb$)$S}n-fAK}pd(Tmn`sGRHu z4x{@`wW}Qj)`^y+t|;g0^m(Ys7;8}K38D*3G#KPS4W8yeS9WG5MnQKds$7i5ssW&p zE9~;1E;$|ua@3e6j6NIm5W2^-gaZBsv{yr&W)wN**nC}$(E_y{i3Tg_;bJ^IXYN9d z-ZO9BJg%s&W+kYZTVboSSJYIqYxG?;nu+FfHLYBQ&74JZ#XAM~n6kJ?kOLBP{)p4> zGq;6kHeO#8oki*PYLX$2rBAU~)49_`42XgNK5ZUOtAArH|U{UqFs zE^;9>8FUAHz_tQLpour3l};G%OJ%$cpF7$v+$viDgIt;XOdYI7I5)*qlsP@4>sj93UF%{VnG^_xp5meateU+&(ptgPjT|c z=5osQo0H8FJ7kVq6QQVbeiCG{CjM>_q5M8f1UJj^Nz)SX`=kZL@YU}#vU@Qa9#ibt zA|y+?z%2W- zEkuXv2sSLH5)HTc7UCmD;7>~&qM8`*XZP|q*A~ZaKZDCWLp(@DqQgG0acP#ZJ9`_L zUsLRU#mM5&v5|>z*_21n5fkwR8nRo_auioJ;FFLFa3pFL#smp)mR5*{bK1gzEKo!X z#G?*$L8bvk%0Z{Wwh$h}7#-}8&ZdXtPt1mp<=;Tf#R~LU5lRQAvzmO=b+mvkG|`3Ga~HDr;7n);dfFnw8@M@)^il4fjyGPg;edL^Y#lE=5Y*%X z2N-@eEt74IA2Wyq8*p4ugBu9MoUJnyKnsR2sEkk)J1z)Iv4bKzg8mh#l-$}lN0$Yz z4(!z!aX8RTbENT8NaN5Ie1Ilw+jl0}Cr!g*ZO7o(Ah z57aVq0gg#8q!1jzt-&bQh;jMmrnt=cs0$2z)c`3Q`-j_T9D0tMvv~1b#q0Wc^}VfI zlek{RbZEmwh7rF}K>U8*s@6zv^Tj?vt%-PCAt)9JTZO4JRZYt)3D7(a33Ym#4CxzM zUM3hE0-^T9_We)94(+zR2dPG>Y07i&1H z@Hq!RrKK9K%34=eQC)7UC@aS(It*7+%U@%k_&--xlsL-S=So|tBlb0^o;_$w`fN0< z6j(kx8nC|!`&m-4f@4Hipa}(e#WbI~`$hfjzJ<|XC||cQ;A@ED7h_@hIeO@5*q1W^ z8F3S!07L(?JFImMn!m$ZRB7Y2K3tbBS6f#wZCOy!aU+LIob2u>Ys<*9N)5e;a|gqq zI<|BVTC;>)UTPd8eU5}k_uxOf8_|V4h&~O4T))=rdj+$$E&^azrFgpsy(mb1M3i}!gW|KON7TKPr=1??SavNybXYB@W zQz+UB#g|(0#=eY%d>%j4{04u3R10myqxFC}hh5s)T-1ezeK-J|fbnd!SEI|U@zEkI z3ax8}DMWnumYX$QZ!j&SPWJeYx}%6+r#VAZJXg*z>}&U<@pk-l>iEmlj^?mV#~3#q z>hBuDh9=ISxKezCb8`ugY=lu!ANiZX(pJJ$@p5 zGqJ-95xo&Tei$Jt@mPh@Lf%9&D~HVhF!UaNLd%T+pNmB`btN{48#oIEDS(}e#kR`IT5Cy3 zMRghbjy~IKt;ND;2nLxW7CGt)7s2!lk)y1-KtrMf*vKTZn*+!6F z3NtZEm6aw-c3XC^p$ldZN9%}1);gP&vzJ>Tqu1Gr9WX6ps`dhnDa(+TWiez~ETY7& zMzIidAo#8E3C6<|X~cuq%WnuMuaH4_M&TX9Gu-vleA1z0OSH z6-LBLB&ZcGDypMFwGNop0TKxu#jrrz>S6$?swgR`w5bAN1c^7i7*ktYX(u6O1pO~@ zi+b4>aSQcE6GR)Ar@1j4Y-{z#t<)3nxx)N9*_0D^5&N>J6m9{)Tq%p%E7oA27LeEn zk-?M)k-;jcO})x5p^#3m^}q-RvuT(e#J;dhmVp}Pk3bL8V!NPC2XK$a749JvU#BMkIi{U$QflicMXO&wU_+voAPIG-^uA4P^t2EiYQ2i-2*7*Firm_`|Xd$f%OVUsR*mZ!jFwir#i zS$=P40Xg2X^@eP{DO;bLZ8m2c@_HwZXj8Ba_NxfoCO%Mypv(xoT)FRlXQPwe>hw7I zw>t4wC%x6FH#qesr#{zdHaiV@PJu=FTVOYdIN53A^aNXwQb&Fo7=K$rPLDn}*PM$l zoiOb<-LBSFU)ZS=js+2ga&VZ5d!#c8_*9JMn9b1j!oF$B1A_PsAm}3qg0ZsmLf8$$ zW|h52V^8^WX9U;7$s^)Q>Zl^alpLK+t&^W6+E6&y5)`;A^?0SD1TA*mE?LZO0xJ1i z8o5Z=!yl0hl`sfxBhjN`_Kfd2?RHxw!+s(FyS=#FsmHHsyX;zRofDTF zwN59@Wsr9k6W!>I^Ybh@xyD?*A#Z*dK$stHDu~%Gz%>QCi5?rOcyB1|kF+=~X}wti z1HCY`o~ILjY1E}PMm4+zh{z=YAyXq3K|muxEq0&~=fyi{*nVX3B14yvq`GVzv-Kg; z13!$TE18=lo~j&bNslzFD)CSo0b?s8URo_!f@BsuWDB1bCcb!!9f_|b!S-rBWd0t( zvqa|MMC*0h21FxoK+GI*2Fc~34N>LTPEnd>7D7oTvVWA`$T(m#();diS+$}NdBdI-LB+L>iSSE4&;I(4& zW04&vH#w5^F9NAu$#*54SsS8I1jIcAB3eyhyj15R<$@gqqTN)~`gnm_;AVZ8P`r^5 zjNjYliP9u$`9C?Cf$?z7f)|J54k4Bh==1uc=n&Tt4Z7R9FsVgF=ycwNUF6Eh_yLKx zi1G8oHM4j-qw0n=^05`X*j`xbia;xq3+0Dz`^?%l*v@c1%S1;3ed_ry=&(Cnz=^js z##{C};9`UCkC3S>$gLDU2{V!zT?EsA8l;y#_ zxUSG;3E!*i)sipxaHD&k79mSb=)9}Ir*i)S2QG6iqjJ2&A8Jvc6thDBzYlYr>8p@jRsrjjFs8VHN1kI8&k09 z%XmA2bS(EYu*?o13V%weT21m3r2~an&U6JFG7@i+AeGA0A!cW)OKAu%kwwHx0kMeQ zXz@p#2*qGAu}prGoW2{p2u^6p_PW>VPtArE521uUFNt*=HzFq4dBIdYQFdoNMPFpY zVcJHKGx6idzD2Yag~_N6!cU1}MR0={ZNXki!3Xh!Vsbj=WELMfI{FvAYiHjs0Xc>a(#cs3K6_@kg>jV>gFA^yR=56lu2N|SfhG?#r zXGJr;V3!t#Dy^xjlC1BvBZwHVIm&BF3N-K@!?IEAKsaeZ@1kOaF%QuV)Jc+~j2(L# z{R`awRxoNZ^0IG*fBEMG<6*Fshi8FC!ZPeCAFn!xMd!|42uzO|+2gEYqK%z`VPO_4 z&@drcA&;|Z;`HQsU1>0!FWDc-f-f68nE_uhxM(eodseCMsZXn-y0#wS3@iqz36TQ6 zR*kR|Kt5*atB0+fI8YCFM!OKkLQWUDw?tDoLU}jEj!2^tscAUggs+!)n6LslkfPo& zbD1oHDS_?d@Hb*D$|n#*D?UOt z?Ug=v!UI}<65ww%MZr8T+$9GLk1-M~IIgUQ<1}2b)kAhUB}NgqRNXO^y%i^G>ep)9@gql*na_Wf<5aDHZUJcX`IU;q*{opoU0agm$rByGiu?4P4o#%o_(@(i6$_#ouKnL zT~S1M7kipQ{rCXx#Mr?@8Cb#n;?0xHmIwTZ8S~(26PdYS%1hZ0i$_JrP@HcOf}eny zu@}KH75^$i)C4b{bU=&p2_pl@kw|($;2@l1OwhyyH$2VFWL=`5DduA$p_6_D1xZvJ zm{C!tEv2j>i2;qwq$nqF3QC1$1p^@TpaKmcgTgf+DKR*m`2Y)XvT(0;Fz18hS73k< zLnR@fh~5wiO<_7tk+@C@1S94c_0m72zzD_|aiMrt3f63B@OW}^Vu~HDA=xZtM)ufH zynZDGagzIky*cU?JtC&Qj*bU=A6=gZDIy72RVJK^pkN7#;`nJiulh7;iD_XI9Ha^Q zwzN$Oy;wpX$m)u7j7)?unXqhHN+m_=s4?G^%hgtKwGJ^-HHHJy=)%sWxaCdAZso)L zonfEX=?aH~9lUcYHjV^Nkhfgh#w&q=a{EBLo>t-FLwYp`+ih({E3_+fT9=)B>|Qx>FVNUyS)A&Me7B*N=nQ4VL-r?XUyvX0@j+!1r9&5ZdL*p zASyGmk8q`qVy>wzj2QDD1{BQto}qxm7=%}FjYyxRg(O(JiM6BQCp2{|_plNBrJ+1uxngSQ#e-Xu9d5PXLJAQg({0%p? z7}5yKchLk$3dQM)+nBfvQOV`SHj`5pN2z@Gg)Vj~p8yNLUxEb_R#3kLQESWT-b4_Dd1xgC0nj} zC{RfvE7TsjU@wNY3kHDyn#`@DK^)4eB&C5@SHxAZ04FdoQ7Ph4k{M|L+W2n?zj^hJ zMJ<0P$7;uZYNTs-CDtNz!@>s$Nqt>J%rb5UG3B^vaO|D@1ZA6+LO1 zG4<@b)btc;CV@yaX2)xYq{FG)jD1U)QfLHG5rJ|n>LH|=F?3*2ty}|w&Jh-#HcqJN zYZ9;(I3ZyG=p1jBbIf+VO0Z{g!?A!Hz%+yyiQHWo(n5p zHhd1FXiQ`pSLMUu$~+;nBgo!v_i+eOjdGOb9zd~_5L^?eFas9QfP{aPnrU!Bibd=y z>3dy}?l`0&WpflWO#dej=wbMQXrRYSQa)&D;{yIjRA&;mP3g#pv>|(mH_l4p3YFNQ zR8W#w47!}WEMtz@Xpv+*O<_%-3*o#Gu4I8JPsgnZ23z=jD&kk(m)XV8s`vTv$^<_< zi!Nbybr2H-g@dNWZR``ckRF>Np36WO(Gsjtmq#!aur!!rvb^aGrdc86#MJ6|V9w$f z;lu$_(1mJTg~e373PuCJM>yOCJi>+>`n2H^o%RmUgbml{ne-+}LXB;B@dBgH*gre2 zKZG5RpI*Q0xc*4l@g!UWh+ym!B1nkb2ShNKb?8?uYImB#YJW3WXEDM^L;g-KFHa{Y z{65gV;SjJOes2AO1%|_h1^jeVrh7zy7ZsZNwBgC}qElw|xv>pj7WBHBxsqa2E^NB} z!Rd{Mu;Yw%$|lz@J8nE|JI+rxy&Xp>w?2@OSv;%yMB)a$oWyOR2uQpZ8bJ`nn~XTR z*1$DJVp!jgck>}^x&aJGKEHn1bn{``bbh)iZMsy$gO_Y$7Qh5)UNYPyO24u+SV{U# zqN&7;8tMB_65J=e?5+Ctw1iV61E?5+L|s%efXIzO!k2=KmuLz}v<3md3Uz>=yv%JY zfevbtd>=&ZU$~morlF!RCfS5U!%AwNMWs&4{G|P7<)GzJe6FCM`k>#4J3#6wi;090 z69Q@^+SbrO*ACT+aTtsks62|oIj9BO?sNK4&y&oqLI$5;gXqEY+t$QVmOKcW*t_sqR!{#%K5qC zTLhaFBU}_Wu8939FKGeG|LDxo>3RGyTD-?!jU4-l$SG8rYw;mX9MvsYq%zTH5HTpC zf}OOE7Ei^3VchR$dk5o78)_1EIZ4%~(3EUf1Ysf!i$&{~Sj{T|lUtF6%uygNUrSIU z#LGru+d&~jAq^TPI}AjTeGYbgPGl~P?~gsqM-K`Qx1gf1^aL4x>1K9_$ZWK!%t#E2 zuhF1RXMkq9bgNjaL0Y0eM(dv$b7Rvwa|GA4fEW+G{ zfL5T*;`MF5a94p*Q&<@cHlz3{zu~;N8#4KhCue&36ioCCnkp^xNzjml_?v%eAhHiN#f!>kN|BoV}p?AXyEcebV@FvLX_lUr79frvYpL^)Dmk`#iW&e0Ch z*aP<{t46_R+KMbWFMUR*V%&l6T@*#-W*x6Tf@0^?pCUz*4q&eWsealAf-EVnvUf;w z41bNb{;=xh^6?L=geF_qG*J|jiB}|_!5j>#5DIWI`;TyE!WT?*W2Tr^xId}2(UEK} z66ctnkhZ*y`o92C7b~b$lp;lPQIV<@K|9H4H_=8YMYAV}QF1ZO$0wo{GYQ?vrC`H~E#*3(06a`x1^=#Idw#0!9m=~``OZN!3(M_qZEB&?U zR7wiB2Go~T4Lgu8jAjf}cbPv=WvhdUfMQ9Rek@F$U#GBF;)nmjh9!{~vt4cK3$v0@ z3Q+#OY#NH82!eCWXGl%e)NrvDrk%D%7gAV`=p9p$Yu!joQd?1xFVN_3L)cQnf+XTO zf(Q&1ViNW$oCFW+NQ6>D!Xt^c)PvEoJ+11yRSY>?ZAnMuUa4TACz!p#rM@(Kuni&n z)&|6Vsjcux+BB6QgNCsBs!Gw=(t`w_?+0}ys*MYv%O*XU?IEOIsI2Ws+N+#Ih5;vq zDl07Wgt$sYZR|~Ep_3V3ich5#HE6USXvw9LaHpSK6{yzB6no!U3wK| z5({chf_}@89r)cbLSElyngT-({6i)~UON|+Rc2-2Kd@|3{P|z|B$_oOqbOY63cLW0 zD0^uLQh=m}V@Z5u7?1rjgTvvrHmO+8`omzx?@?@7f*mu_Vu>%%a1;5aJbUo5gg((% zo%juGN%SS}o<0qgOpjR4G)<0gsgR!4v-qfMnw9_8=#N;}G#HCA@lAA3r*5qz>`*a& zq17sK+>o3^f}56ZV*jxEciEnXmcIikto>_X*aNbwYXiq>QBM^nNb$SjKZFLZ;V@**yH8M-zg6AxK4U11Hugf+kMwom!D+ zNYyaN%gA$IX6seRPYHY+j<_U_zf_zDKPV?7?TOOMsDi7^9g2`mLe+ThBUQkpL0BM# zLTF0JsgLsrk_!-V5U{UH2kfD3%>TC6kv4%&O}I5uj|5V4?ufghaNs0FxWzUNW#Pnp zZE{hmd(=}QEGf825#q;JmIJcHO3P70+rAdDqi4miVK@f)K6iX&Yxsv)@l&coi3meh zln;OOP+JksEGmMSYOO*Vo|Yk>yP|xbSZ>gmhq424y@C5&eUJuIyaj7wD~th@-6EeA zf(TQu)z{bRh1iKAYw@zOx|;fG)M2K6T);n?k<{76kOLAB_nj3Cq_3@M7TgxATw*X`__P))ZZX{5jcAzH zs@MqD{8DIWmoVAXhq1gufL z`o4TY`&Or5?kw)1cT(>W`xz`H3Z_ytDGS?##F#?57>|-1Ee!3EP`JnQA$v9wk4)!=>dR4pO6rbqd+j~tYt(a%2Jlt z<0jbhILp!nMRuSgKP%Mp5XCfID<(=v5$d!Bw7nnT<9U|GKZ zA!)U!WHMUF^GRncP~ahhLe&}H({Y&y3bQQuJDurQ*EnoNH8slwaKxC!cLw%t4)(O5Vazl34H^&=to0=oHJlaAa#vK?>#db4fJvRB3UVyT=n2AY zN*6JJya^2ZD5(dciY1rfdzE!1ZC-BXNkiI=v1)~72h$`wiJW=MRR~eH&{I>BLsBP% z5oqna)USAr1PTbnF`a`I&4X4T9w#)3B!^SH$-={{1LE;yz_^N0gtJO%+>+g)P^8fF zT`pWGf6|Go0AIYe%Vonnh3KGg%r}_>&C@xW98DlW+qXA4$&BkbtRCh|uYoU%G zF?)IH1_EAp;CCklu*UDJ{Bd!+Xe#kgVB{xXgm|-3Mef_Yli@%rlTDl|PY&Yz^w?4b zY4pk&MAM5x3r^X6LGKgykz9gqp%?2ZwyLG9{4XkNPAEubUN5Mi*$e&*O1% zK4V_K!Jso4SldNr-*UTPUWhj#y1WsitmLdm+gK3R=UVvkFXkMJeiq8eh6+6TT%9SG zF9idZlC3vn>rL7E+-$Qs+rZa`LD6v`2OE}DBtWA=KXvN$g|(=Ggc7jY7S`Vb(tkwj zMVoK-5BU?tiZSlOYLw(gzH~EZ??P|pmWWik7XCt|H;EOLp?R{3GBi)Vq73Hd)Ek_7 zlT)ATG@G4VU|M48yRWyHa`XDO`$ks$$865kiMwyfHR$_o_ZcFf$BVBi*cS0=5u@wtWEE(r zF$~cUTHr*Q0p8T{z{ukPW_%P6U{vfUE?{DKkfS$QL_Ekf<_QI%RJcGK-OJdDRLPpJ z83P|)q%9DQ$jkepux~pG`{wC#NI(Dz2vw|$(TOwc;!031Aq9S5Vt7C^K8go%cyI{( zz|8Q#VzvMw_|w2*&NU|G2Li{9_&lh~o{c_|s7TX__Q%;cAhcp%+>T&4fPPo5Y;Pd2 zxX1uk5$(EA7NR}`A1iu)^nL)C*@n~9j@%7b9$jkQWAT`gOA;0UB+(qySII^$^d*zM zWJjPVN~wxkF^NA;?t&1hkh^3DY04s)e4;4`w<>e)NtP8!f5bxl22S^-Osquj>9j9yAjugfY*(Pgj*Y)3GL2^MmSs7$y@b@k=%?!mk+ zQUf6YnSNAuI_1m6ad_{#wCRT$K9CTzlPbm}JSewLNOVa>B|`|b!s>-qC0>NxBFca? z1v)}%4+f3J<4DRa3&U5$c=p;R_t1-e2t_noFi%v)X+i1Frm(Leg<__7AlV*> zh_5M>U??IWN`5F&&>to}Bjw^F?5)Y(8y^x7@xZvjP&1;{6xJ4FFI|OMX%IU9wiLbY zcpGY{F~bSHPBfy3FLkHA$`n0RcyGw-!W+wx6wu@gP$?3C8>WveBKowKo1#};Y<7qj zuaxyYOdq@{I+ug0BT!$OUQe2gq=yb^Fk` zu*DT_rX6+Q1_oPMS2{)g8d)}(ynGF!sVGBE$fHZId<_;?Txqr23p9PB&}2A7X9pIG zRk33Pf5r}p{-99=s)>PaI2+|=NHueWC(;nc-tu;cwgTn38uz@m38x%ctz!1da^Z@o zrlyO7IjOf#@IHivN%QCf@0yRzK|Ij-Nj8J z(gJ~1hC+7w%oX`Js8AV^0waeb@I*@zsRF?#1i~oCFAzm}uw#KE*eh8Sr74qH5-4K> zNn9amUn3zj`)vYAztz1i0Z4`URqmI7Va1snf~RHt-l-vXlS@l7fqHp`ffxbslj$TX4`<)Tos zwhgj0B*7R%z;a5F1jE(yU-S)nIa-ikI120_=WNVH+Yq9L1B(MLa@7wu>?FYNopPr`k!a-c;XL zi$q+mrZrxqlebP^%#29|Aes;U@CDLUpAEOcKpIJW5OP%=`-+~5L%t*V+(;7B$M<9bl>u@1 z7D@P*`a>7Wl@Leh*unN58BVhH=fdu%DZ%7Q2SR)|878wk!%d96FwcGg2m`Ks zMjREjH9W$k&m(gs{w%ywY-8_?cwDV~`;>B_vppvgVY-I^f?Nbr6J8>9W8q&w6+BtH z78M-)pU@DJ*i0IsL=y)r!*6>i$d3B{!()?x$A}N`1=*`u7`YdDWi5DV3H|oCB7G7t zOadmeVKH+yGTH3nc$46-Np71b_G%JvG;X4yNGBiUB3KS;aqJ?$i*#o879xf;3D6`U zYTTPzb4-diRp*%cwhmsCPyi()SXX1_k6PhMU(FvTL03?`1~p2Bzz_)4^tTGB9m(uo zweD66)As`Y2A?PB^eVeyrK2na%%g(Ub zM$zeAkO3=QZH-Owl2J+=gciW&s(?5Q4^_2B(cTaz`}|LwJ4t{qwNe1&OT@Mc{YzHV zb62_Jv6l*dADHc-s0n1>B$Y^9#M$zF(K>Tj`1b zx-^G3B@B;{D43qZiWfNeYkhl#IpGyJJgCnoywl_;R=laU307tvT50b`PQr^Cp_eFz z=M@#}_v!GJ&Y_krnW)s##mx8M`c+*lP>lFo|Bgla90lyi5^} zNXvrpz}4(SonAL`Bw4^J3iMh-DE^C3+vRO2|LZ^-SR6o(SAoZN3OQbje^CTU?SuU*=djs579orl-7*NagbF3M=_pO za-dqJcv{3`_hpyk6?4HCP0`$>15(^AT<~Udo{564jV5_mg>sMh{igY%0&|$+pBV&e zpjx>&b2b!uLJy`83oKswJio^k6dnWZorB*SVcXbAD$fiX8eAeFKmeH*hzw;QAqP3< z4hK6T6mm_`&;S(ea3w39jL0zxp+=AZyE_!@@P!-N0;~$Ow8=n6af0bFSGJ*az^G8vb9|@)r^kHfWq6c)OS&Fh}G5jnD$zsf<{Wj^$@=7Es z^leAwY#3uvkh=vSae=HGu{|z|)sA*?$d?QI;KWE}=WXr2Rvu+s-gasd#e(H2sHhbI z{EcWPj5d10yLjsE2)53~rnjL^wu=K7Xz&vXAgHdfi6g}2??+_33xWOtRQIO%^bV9D zCxXII0hHHnMd*ABcoe!Os;D3aF@1GKW=o9Nzj$<>J07)J|DK(2V0u*V4iV0iTComA+a#D1#4-v_vc95UDs4$;HfFO0D7n@DMhyr;J zv0-7(hr=O2Oah-obP>2usu+WyP6iXn;N6e?c12{OvHJi?$>@px+axv0Qs&AcPWAyG zCDV_HXfnG&kNC(J*5ENRfb8l5{jB;(I9fnKrL*dJ9EEG8q=WIiSEh1($JC0*^_ybL@`Jk@&|$l9Otv5kVNf^z~|kp)f;q55Bm?1 zmG>WTlHi>yfTrNYyvyMbM|-A7gej!>McN42mbiwt_~ww`YtEg_ha1B;1%~}F8E5)H zNP<6tSX$f!K~+#o!NE{E$IZE2jika*$c-C%=MPUNl|tD1RR(Y)3BV(X0>w5Q>blj2 zEdGzWWx^j;o$yD6N%&)BF8>E|?Sw12b>bhj;#WrTibMQkx%fxD_(zTShy90%`~M5u zrcSNJtb}qtN73=D;g}GhLN=m0I5s%GHUXKOI>_kUcalw6U{{Loai1Wv@Ghw&N4u=1 zl&I^+RDEduvYL-bS4=Vp>y*dRu2{z^R~WW;-n<};DJvSPM-3xkP`*?s|8Hjc3Iv_3 zaXw65ah00&g?ZP56&6xa31#s*io;j9Nfxli8@%NEkH29VL!Dcpx@oLb2>~VX&g3>U zgowB{P=i?5!C^!bO5-GftE56R6S_0hCiEO)@MGA`e$qYagLk%ldl&sGHs+M##l#+<>B>^xs#VUA25X;cS8=U!kKUTt(Ou!MU+Zso> zphm@r$uUCkwkckpG7#-8OTw^E!%cC9MlkBNSNs%`p&$Cq$*21Y$gq9o$2pklC+{=C?S*t zhbU;bh8j1cCl*(qZO`Tu8D|MNdjxH15(U!Nm}Hr;$X0Pvt8o4`1rP+Bu*@THTa(4v zhY&GFiNR`I2*vKI1c6Cqkw?&8O8x>RdHOmKMwDc2zLhrHGL=;wiCdS%DeZUrH_+yZ z@$yU$K%#z<70Y%rCMJqic2pp71nqAUBVuPV#N~@~5S@NsPELK269xjKI&H>@stGLU z2--c#T%npXs>XQuJW_HgB&_R5q|YQr37==Gwmx-bEn%%k&>kj9fk4)D4?LDBqX-Tn zZDl1`@%Lmqlbj~3yp330D*2(g#^2DumAH_p!J+;X)X76;v2ivfMftWqe+N1eEK`Zq zUO5DcQlOS6fU+zQVx4uxdc9L<@S!MKOa;?gocOZ1(#hY&8=hhfexycDU}IFYm~XX3 z|FUA@{od(b-pGqJv-dY}bNrDCo2j;VE_b>&=xL*nx$KTG%nWm8FVdD&tVrm3UsT5x zSK6#~1sZE*B}F>LT|mX|V)TP_aFy2TvU+Qotw2L5dC0;<&YV6QF;JPkycTce?2gry zcrp}(#RK77`C(rGI()ltA;LoQbqlEnBYrU(UVe^Vw-EWBi0^g<7O-HgeB7l;m^t4^ zU8q=&hftNhrmn<>l~6%=TV-XfwWOq?x=i|v!rH~cXGElrppw_jgd!^@4?Coy%zGK? zVb@^9>80!k8>_$xwXOrggfNl}Gpv=40*#0k&@|CpSS+cI)`3zBupAxim$5cu;!8mW ze69D|nreGZovnnctf*dQXIM%x!(uOG;nhexoS6Y9~x)>@Q1?+v|Z>6z^=q5Tum5}Xu%;nWq( zppDYq<-pY4d z+y{oUnOZH2UexjnEnHMxBm9-AL?+gK$z;qCdT-=doG!C2*P_EOlLf7qT;`lSvjM-* zm%~iIa&q(V%WTTaq3?|7(1be?*Gb>$_=~yd*@RCPLoR;lEIIT5KIJ(h=o8-QgjZhb z?1bh{PF)}RI*D5fYrC{=0VZIB(qel-j2P0B3yo@|$3X`X*;E+IiDV0>vawX`t+J`e z2@bDjG=c(hpgXC;J+Ut34y5xA(1Xf5fU0(fwa&rWm88lrKp-ih4{n$udt)#&gJdNF z;}a38Y*jUNs~O-xOj0}YT*a+z;eg~Uh|5`2>p}+n657t>ShQ*MlEJBnI9NNy9q4s4 zDSVSsi&#d(0yGz6wU)W!a2vCZ)LE;h@$ujZ%s{#LxCIy0uO_yDXW8jVo5fd4j)eNS zOrjqc?|Ug(?Cl^!Ji-vAwrQduBNoGFc@Y%qQ(UrAl5)6WR!KFx=cU$Fl$ARY_Le1> z7ojU#KQ5NIgciLCvdy{Kd3o8UT-Fu{b#h$+Ef_R&17(K-i>phlMYU_nms&N2Mou!{ z(PSblhG~W#k8?g33a8HJ^jvA3&Bk?TkzLW^Myz|2Kh(?Ss;`*pnMWW*Q9ZW)+FoLa z+LqvH!3I~jC7b!Kkl4jiEVT$(M&MD7A#XuWZtemkRht%o;#c@_SaC?l;A^Y1Y#yWs zHNZp0QO_100wG@z;}C|^o;L>jv|t9%{#z??eXYAS+fC_Zte_U?u9>0|wH_peH8181 z=u%-xORfctq=Y69UAUsx1sfWKOt=|(9S1umMe7&2kmnRZfz|4uJK&=+IhO0!r{z|4 zadtnlS^9CsIN+GuwWTXUBlDTFMK-$wsWxblfz*mtu4F~YY~)m6ebh9Aa`FO*U&#WY zBCCSJqN2gBNWy}^r)}udqQ<516~tBI;T6>mTP0^NuUT1awcAMA;?#s1wT>+^x2(|a zC4m#l&Y>8alS@{lQU+j^jAflrlMvJ*kND*NZ28{_nfHx;nO6d5erxk$L!Q|}ZYX;d z1b#SGA-PpiTe-zdSCpssS9mz+HqK)oIiB7YbX;=pUQAR#fer&*HhnrxN^T`oFqniis9kj`MS zENqp}lFwAeZq6O z94g9_I@LKKtWm$J-gsyldQuKF=s3jgy(g71FUKe=VTHh@e2(UZASMT^ET=;Xf6$8t z9}r<0gce`!LO!}Fj-pBENpc$Z$bl*-=d~Phf&B;!vLk4bPR&erGQmR7oB3YU+7{F` z5HjcC(5bRl#}esbC??Gj_Cr4!^FZX}q=Z0Z!;+$b*;3wUdfc`Sq==>VuWmus5|$ww zaXOvkYz4t1&XQijq;I7Bw?pLAQWX|0;^!jHrDbAvq`R=L!oF;QupsO#Wg;URoF((Z zkr3pwk;Suy@{pw@^8|Hr8ZWCRrwO@KrqVsIKV(tSH%^)ZbU>92l24-F%_@nkU1qcV zVHk|6tYy|U71cK0w3{-^<6HMQ{2_i%n4RcQjV5FujN^G5yoBM}E{eQ_q=r^n9*cnN zKdJ=sUwCa9HV?-H@#H-r!t#o3(7)?q3#_Ur zDXFxnEl{-k(%|At38Ku)Q(Z%yL!`!QZcG!?sk4=)&=t|$3W1wgGfWDx^G>Ko%r_On z#N`cJY50f_-YP*YpRPBU7V>{Xx30BTGn+X1Y~X-8#HksmEd&~n#9C~zgGnQly^39C zXX%s#2mhT;FJ8J6BaB#vKI9jwWfAa2;Ts0a`VKc+y_b!=3e$JB!Kkg> zOGUl!5NsB*fyYQ!%iF+ma&ycmE+O_>`3~pDZ1joq(_wc@0DO?&vK^mcm;&(S=M1LwnBZc`x72zEi-z6ENoUHnRdzzbEQ0_K= z01@yBOOSmBCme1p;%{V2fsd8N03=nKlyU-#H;9QYBt7RK>Oed<|4TvwIr>UZo*Yo4;hn8^y_ zJmF7icX_DzH8O8dG>iZE-Oe@H$qdHR5&;?T`ZwpGkKgS~<7?%6zz7?HQn0ei%Rb_~ zVKEHoyZPNtH_=k7m~MwJ;DKcyxL|ct(p5bVU4hN;+7YiB;a?%LjZ_}3n$Ck@nMJ$; zBqL}!`Sl*DMcHT+r^Qq-l^71B$>6II3NgGL;b5e*6$e9IEYO0R<-wl|nXQd77%N&m z*__ZC9#$zAYPs=88B9rnWrx*dBl}$3?Uhh+IQC4k8`*StX`dz?W6VhCkzfY-pVu?- zi^5YRSoRta)l0mcT9_XXKT0PWv54aFDoP48%Y0qv5rG!*tp1NII1eqe$*JSx!}4RBK z?0uR#tj(S_4^5j`)?7QtK6DNF80$@am>jy6Ov!HH`X zmGL-TJtkL(#s~2Yv=$K_cry@QuCMq`1Iv_4kmL%L6lTd9%r-zCJQ+6)Uef8|HB{dM zXEASRrU|gVq9{+C$fSC)#z>3dWe5sR7GWf}QUQ|kb@EBh5aAkIIW*qpYcx}o0xMX{ z`C3m4Qe$r9t)n^|JO=1k??X*d<|asR?l(1uiHJ7xU{{2(DQze1$k;EOHC=DYi?f)J0f!A8!~Q(= zrwFe4spFn0y*3EGNOMM>YUjNW6<7 zy>mzgUF~Byxm^O*;+l}t`J3bF=aK5@qOQ5VN4}1dX1xM zWoc2#vejZUZRCUTQPCwVcDi>!$kaQz-bcbAASN=I6sS8bX2mE{7?d)pm`cWH4AuGE zK99%6`HXq_dJ6*Sgv>VR>uwiZlJTV>)S~qA%qBi%z-ZPXsJJCm;L+z=Eaq8^Zv$zv z^@eP{DO;bLZ8m2oxQ^oq6X7#0L9})7d%~0rh7J!ZabQAPUV(+3APwn!BE>0o zEb%p__&P0Ahie+9E0%Hwn0*B1%uKo21Y)tM>_g9D8ZTlDYf4tr2}iYe3p0-X{Lmrb zMi_V85r$Hh+J0R&+7Ie1W^)Faz)?q={f5Pb{ibX9$)FnyIaHL%l!3xl7Lz4|GxzH( zk_?6@5#;o78O^@dBzN$aU0#%x>G6*5<(EnJU(T82X>NU5qYjy%IVS8YepL70Y*g;Q zL6>7NW^lSby)Dg${>S&ftfDkG&ov-pK*m`a83zv@1oWo;bMOEHVix^F-((CNSTZ1E zA$>gh^8C=CX#b7>4|4G2vua_0{zkBy?41SdU`xU}R_F&2ApXv=b z?RHxwOU}o^jSt1;$j!IgtL?IDwRKKha@0DVtr5~y)K=R&{Tt%We^lr+9HoCXSoZfd z1^r`ihyW_|KcM93@!#K&KQhKkLjT1p?ER+$rmz1Y!w~d;RR25tIMT!Z+ghX4`Sj4| z&Xm^|9Yf`ALajt4)_#CKo*U9K^v_;Td#Gr`M9O%6wBpt21CAHm#;HX=#oLZ zpxLd>TYyZSCBpjUm8iaJD`dXmzTJg2_QWX%qe43ew*ax@*JnmkS_ZqnF> z`r23m0#cJt#%SnqoUo6YUPqi1-(xiPFpL7NBq)m05r=UlAHk%KI|(BMqK$}PVO=KG zA!9P8v?A8>Ajt^klt%FMu$a`qfgDq3WPKZYO!qL9I)28(rK1VXmE@zC)p1U01mQ-^ z9kr=-QV2v3!z7uE*i&AN8j%`-ssUJ^uT!TSX*Ouu;}r9*lT8MrB-vW-9Ol&<6__Nx-YgUyw3rU}>lLRId%e-b zZ#^oP35(A|=n#r~3sm8R2iYl?mOT0#BPto{ExJyFf%*UmY5C5i$B{nYq+l>T4&VD0 zniY#c?u1HVST)=;#PK=)NlRMho@CUCu@#3D-_+F^V$G5kpz>22%A!Rg3DeT$8%_CU z0VyC_DxZUGDfvSJ6yhIB_JlcKClJ0ivm`SG5%~vwOAq>A9YicdMxbNUAwr-R{SQt- z_=FYy-yE~Q}p`O~~TD~qL$@p4Ndqi95awAg(T{g6o-v=^;T;b8GW6A$K@uUXg zBl<4&oz;^4uPzvj_RHLRrT-j#9Q~UOrlaVC&qaPpm>{dLy=*~XuD;r>UKO+M%AjfLHR`scy3x;Jeu*f415$Qiohmk+q)(yiOZ z>X&XCHdVJ{^`b)av6;h1%qqO4VdOYVp~q_&6B;q^&cP#x583cY*U5QX9)IEyTiMi! z$M1RO+2>B$v0&=hu@k3e>33YCN5PL19vVJ!*1UNqj?T;+H_Pzhykp-TK78~C_q0Fy zS-SbjNm_oi1*nG=2Ty#WIUjX1t!`&jF5Hw_y%r}n(D zH+G*iC{tJ3x$~V%9`D@v*E{yqFXMd#UjZC*?93$>$<&-(hjCDuU)FBI|HvaBG#s<}nZN&GO#AEOfAqxT zTQg1DH4C}791e#Wp*{x_7IBqy&@O!uaVZ(^PJ8z%% z>jAr}R}U`jys*3Kx?6rdXzrfZo*MC4-ta3kw~Rk$`?>2L&v^Fjc4JHKrsiV@e=%*9 z=GolA=LfF4_0sV2_0PM@w0l3Ee)4hShfXe^Gx4FPE|^mL5ALGHIa6kEmrS^kt1SES z;g>I~Y8c`DaqYl{)#tqG7;(~7Yp%+>bj=mE9o+Z@chC95q*r&$y*=ZNTR-_A=Y%c0 zyEne~t@-wA+pf9owvrQveEiW3kqzr^zk2L~oyVSduI68}{nm^l$D5u8{}+55>GPOg z_`ktuKy0X7{{#Ow>yGmO^dX)86C(egm+^&>`2T;t`s!aFeDLKobHGjJL>iu`GK#=HXJF52GZvXg_OU8~Ky6@t$ z$1kt=$<_@YMf2ZnX}SHJ;g7H!?CzrX5D(j+X{x;5c|8 zBjdS@jNKU-iw#reabx4w%kzJu$p7aN|KGhMRGxMGrO)3IegXV{->&G=d)C~$|L%zw zes=Au-`>}`amMxu7ytF@ms;(=41GQA(;+|q+t==mQ_DQBcXfL=ZdpGh+P>+66=z?3 z&UqJZtG(ok^^r3#+fi}lwP%bz*>KHG#_Mhk`_I35(`|P*oV)$bu6rIFeDCc0TOaz_ zy>~pi=4ZPHU;V`Y)jxUh(Bb2!3>$WF)9f2@7@YpX_<82+@xy<0$*x!JuZ7-t6Kzvw zj2b@V%6;!%{{G$%Kl&(pV&>ado_q411EsHBv13=+*z5A!Z#!FS}APq0`2X4nHy-m~rQE4oA59+-9UxRbko*>(Q? zR}4Nlc209RpuFa+A zwvAfz$LBwr=KT5S%eB$>w>&%OCq=^zyY72eGvKUOci9K6%J7_h+G~SMk8=a80|uS6 zu>Irh`*KSDx;H#hKm6rQPgd7&Ec$;-K6&rS=GO+k@{{2Q7JV`3rr`RICf@(o-RGV( zw@9~h)vhJy9XFwKYHjYk>ZS?S=DT+u*!iD9nIm`I{Q5i5{L=;u8oqN)#)-QIb+`ZQ zvvbZ0&OLAE^;1Ua)?KaB%-H_w>}z%}-yI(EbWe&>%STp&qZZPa@P=l>BgUQwwt5cTuQRZ zjz(GASIp&{cku>PbRGWsIV|Csa$hq`O!0G-SZrc^TzeKr8ZB2fyuVf4UBWf1nIPd! z#~Filp#xwL!1R6{}J=wBE|!WOJw6wK5?c@jelqA>?Pj*~xaxKrBQQ z^KrGHP!me6g1dm0y% z7Zghb^k`S)rp-caP6pm&P{SgW9@F;uiamDOhIe}V_Q7}s_ZKzoU)Qr0kxF5J{^!`% z-)X1+$Upzc{{L5!!e4m$Kd}GO(!a0&kWrFTqSXKVs{i;4O#eaB-{gP(%K!dBuKmBW z?1$w4@99Q=^4NbU|MLG*|0OG{_)Gr(B)fl#>^JiNo$^=R*H3ZqfA``)lK+278vN4- z{Xfe;WhC0a+J8z8#xME*(+vL!!te6G2yz4FWWVD7PcL4)9T=d1fAYlFDDa07r=32B zm)AVV-I~v@*go$tCpU^eZM4|P%Oh7{ZdCg%RGUA$s7EeDkn?~?h2oF14aZANr;;PP zGW72eG#0~rmz|uZy_GT}@FjTlF&DXff5m~LVhaZj+|l57w@JRLEfC?jw^WzEO^NF! z7CXYtWT2hdAi_LCPqj}uXO05+p%4oAFJq>nfdBDt_}^eZcOC!`06>%%O@o5cg8>MH zQla|w%-`|9?05YC^-N#mzyCe{51M!pc5S&S#7L^(#(Hbmly}dA&CUqpOLt%G_D0=! z_3>N$HzqbNJ|QvbTyo0S_-}efW>$7iZeD)Dg~FnX#U-U>AHls}?TJbQnFVjxy5H%jd zRw0-ByksO5tCdtP(tI)gESp?yW=k4(Ot1hY{;U6{44)_hYFxT~i1J!!kfn1m7WN<% z3oDHv*LZ8qQFr8r&yVzvjWybHUmO;&CxH_&@-_jc_UhI1Ev}~xRIU0QkKwPzXjtYe z+TtO$ZtHU!nvmPwI7q4_fakx|(bza%A%U?~=oQ>CIM2u54;oI9^RU%h^feePS^?iP zO5FfovKKOZ`7x(;W8r=2suL(IeWkwXN#6YCu{NJ^TB$W2Hnyj~u* zk2W;cMTg(5f_i`U_T%gaiK5QTDfa?bs1!5ZR`Xo5t)gue%0pN4XT-(?a{_|cpX3-p zUCOB0D(mkzHJGN#sQqk=z)C8bQW3=?|Kt?pj&OJN#YdS()0k`3mvSO z9-Ir{YyL!s7VrvjAF4mA(AlKXfi&b)ua)sEXlh#)wvN7lVnO%Q9d!DnMK6+Tco?qY z8leT}(F#z9@?B`EtN6@F4Z19+qOfTzle{V2Pj|~yYe30=1K0T^+nI#GczhZd^`|oh zM)@9|L=^9x*u%tm%I}^`)+LKCH&r!T)hsyG+oM%%cG_0VJV`@3In-4CQwUi)%u6$d!K<{ zxl|dn+?kbn-cKcvOu|D3EzUJqsuJ!F1Mx}|s?lyY&fNzh0tuYTn{bg`AR{InkB(8d zWxor83WQvG9Xf3(w4AT*;)olS*E=nGE030A{+fr(sNa`~`8;=>c6TolOwckN2rO<~ zOB)IukG4(az_vYh+dK&)TF@hNn}x(*#q%VW$|ITjlZn&dy*3QAU4e>o&{QvH$D?_} z@MZ?UH(sgp#Fe+PBrJz1=q>m)*Ko?0jkxe=7{dg01Fap^2Is z&trQkvd8l_U>s(}Cvas5#POKu%I=8;!A|28lZ@@a7ue{lDx1%9FT_;Jeg<= zJV`(2`lx#EK?4Y9%q?rd3J{GSDcb0|`NfydPWNiF&c@BOy1q2SS@u+^X6@0pi}@&~ zd~z)*-~4U%)wHS`!$O67U&@{^%93a+Rhg^he*+fnIWgB7){)Zem$~2c$;}JHYOz-t zIowm8%d0TynMuBMI+SJHM>pS7F1}qDDpW?>H)B!9^A=wFR^xu@(_zKcBdKAtY*vBx zN9Xi++9800cv1y$uJ%>+yfsGkAoXzS9g_Xh9l))|eXg0R9iPN`a0TOWa2!up#z@kV$|#4nj?%4qoRb(fIn}K&}9SpSYK9=NtqjiMysO zjfa-Y*nOe1Xd~(ysuvXO+&k3&N2LDkiI@D0nPi#ohP6NYA}a{pMU! zb_2?S831?2#kTY*2$Yg_4!dh_=b9#%^&!**NEA*ug%%P_zS- zrg%wibX{@Mk)|u>d%4#qbZNt-wQb?bL*^z7g4&Y%ghpQ``@*i0z_jycF7-_UXYcX` zje4hN2k3~9QCG6KSK6B_lcD~dun*;4aK-Cq&O@>#j|SCyZ8&(Nt9P#nBLm{rxLvhO zqL-dZ$&a0urp+^XbXDqLORh!K3-uf9_d_1~5-J?t(9YU$OzFrW6JBnyPm)&a2ULu;lnF@vn z;{%X>v?a-?YY0`Ca5Ruo`*7Yt2sHIKu zkJMwINIg6TYU_|9tC)H+`QkCkpx_)Zzchr?#lb84^z$dq-ovNkg6zcXL6JFrPA-Hk zT&VDILPT7^2Atkbm_P`M=2Rp=hykuHu3PibZx00!=E3q+gjGd=92oFWFfbb{M^y}p zHHTO(oMji%633c-X#rh>h(OjY4&cCa3a9!`hZ}01GCOrcwtS!@rz85eTP#nmvuD^ZD_dDwduL9bs8iffO4wrb0%L)eoY^E}I8#U*rh+LJvy z=8#3gL7^j=%gi=6f#dNuAnBxX%cRPXq$;G8!`rjlZ}v3uOATzts!E@G{EiLkD_cEi z!0{GzwH+WIDU(uLhV(1zHUvQUmQM~G2URmC*Oo(=)j{l-l;G2eoGvli>wXLHz|G-= z)yfpbb(h=0&d+k36&L)&N9?wRc*Y5u$4>W|x!#uoY`z+9@&3)V(^~j^w*^LRHY2DWj~#25IWmI9OWXNYp;7c z(Xl-g9hZSsPnl{D-7n^He<5;F#0qX^mAJ{=flS(XBy8Q4Dsw=iCuPglv3rZb7!!ishxnhL>IR9C<)8F9IMC-R377Wu#hrs_EQ&OQcQHh zi92r`Q;S(5vs&|njT8zTy7*6ZvGH#bXOF7MDI7hc2iWj=FyKtN7fesLF&9*3 zbB*ZMvlsF?0F7fv>oZx$PYc~~(-YO^p1(!<6< zw3)p1KIiqmi#KwC5gpJop~6r5=x?D;#rd)}=ULsgDpsB;P&1=VD`n0tDMoA-qidPT z*(=2i1`(e_OK4wTJQiB$CI*IoDA6wkJqaxmv@S)VZADdrAF-scyIz!1xrpH?`(Roa zi(_qms*KGqdjdp!j1N z>#9>tpS#dNzQ>i-Y{3sT#Z(u~R4U30YF`HDrm)pTD%s&XLXsE2rSC$$6(QTlLSH*) zppQ4)%jbqIgEYkvI8gnQB!QT8@Zfm%u!?dQDDW<89n7VA`kgm^_|lg2S*eBK^@WtV z_DX~YuXjEI=U^E=B+z}^w+%i%)6K< zMStN)nB9z**Si!4k3OG&8QPy1gvPMMmPwzmkis^foHJdFK0ef(kA~Zm7w5r;^b?Fc zysTEew~FhC3Gva@b>{oA@&<@7KiR!KZ8jTie5NfcW9859GzPqDR15E9CIU{Zt&%|j zC}B|SYU_Ph@Afhr1d>4jCgI39vdlh;W8H z$_KkywRgQ)I}uVa5|Ox*S-{D6oEkxRc)4W1=*j)fxbPMsl}=OZPRXRsggU&V4wz%n z6T#}WF&cgRnI9uIGi_gGX>fkvs8<=g!}*0C2EPvPX-qM73&S}ub9kJ^sjFMzylLG{ z&S>GVk4-Yt880P{ZiZLA;Uul&LCZ<-yymNZ-Pg)KUUg)-2L41M@8GY(ldqBE%Bi@H zez{8mX!^LGH(aTO=f6IltCE4KzrbOn!hNB?i?7c~T__h;D!ad#oyJeJzF+YZ$F;lt zdChKDD+*<7`gz}JDMSotKj)C7ffs0)A5d+fksLhqX|UHFUeGsCq{wq{X^@d>$U2#a zs%}8arjOQdNH(yWwR^~Ai3_RQ4mK{ueF%!}u?yFywpj*4GL*I|n~MpWv^xUq5ri|8xBJYg54A=l{wo z$o$Ix`WY7g>9ybEzi@#1Z~gx$p;by06~;{2@Y_Am*G~X2Jx!EDHT9L^w6|^Lx#8=~ zzj7@8G{gVH2>(d_|6a~d5&7TuZTR7n{Gt5+{{BZ+PDbWe{{Ij2_pdDc{r&Iv{$JmA z{B;lfR~Y-hg!V_}|L=`b{?Tvc#}D|&^8dT~KUqpj_^wq41m>bcS5YZEQ1)=$)mddvx@3 z4{q`?!m1=0)C2cCfBH0#gPv!R?q*O00=S; zNr?V?9!io*a%zm437nWkR5_oWq{hgGMrY=i#^&agr7`MXl)<2}RZYmsDuWtBv>~Rx z<5F{eZj*sY!^JMl2&O~vYR=`BtV1R;7ty05^&=g;lgW8El6Ax-6c4iLuj!AhZ=iV} zs0eU!w&(~5JRrQy zLqR>a+|tm|Bhs_dae&nE1hfD=(ATPuzl4F?cJP*HH8Md&*d!{GVR;~)Ni)7yn>15F zNFaz$w~D=aqLy;tU}#AH_86KT%|o|Q314IeWW!$_~LXq~{Wj;tX3s<)jX_?*blpvYT zUY0a6!o&(lBh4JooM%*U(k$AR@H-yLv;*Z(X zMDJ~Cvh=*Hb}LO6{pnb=p}=H35RUZRG}BfwM}ryOEWe$BzoVJa1PZRMy9x6X?*KI*d*50Wh&#Hk^_KAl11*=l zh6a?LSw|hpL_;K{Qb{x5K-q4>EP%`t|Al5kb@B7dv^1L0K~#;TBC=%$x0)U0LbhmQz4{Z<59IQ!x?EWnfa!}#bOFbh{tdu$!^pQ zUS+7QDsR&>0;_`PA#5Vl0ZWd@{^}geNWhZpx~v5~k4nC5D1I~;DA4v@W}wq-Ldn6D zBed~zd{3503lprS{ZyJrhrZhmTg&}-JTIM8_dZ;YRibCQrKT}!$XxtxoEIt$Lf}q+ z7D6yHU&k+BVY$EEYq#M0NQ;j+tqBUUuvPLjDMCzg-y{Rop!?;e8Cn&eC}$n^m3)6}NMi*lg^ZP{B5J7Ml$X;g@x{$jWv%CL3)wSVkLaGwc3!V3C zk{NNVOLX}CG)DJ&w+AwcO#=ln{M1KCF+#aOIOibS`X|-{)Otx#=fwc}TBP>oJvvYO z0ZfuPbl|=i5h1ufnfUl!ceesDMPI{V*BGJ8KW~UznBcKr6{(pF)QLYY#{4-1qF16V zeU_fjiSMZbjykuP>{G|?0LZ>0vf3EqjXIABnP}n-4Wu&$?+TL56N>Yd7z_-$)aA){|{Ne%8@k=@S@1ICSCtf?;Zk%Hzs?L5RVVqfAE`J}V zAXT4Etw-riZ=0Dixsz)HK9?C`D_o}+Rn}B`P{U_tW=o_P)~*vxvCt-MzM7=O@uMGT zFS^)>P-?JlL>|EwgN4@JY3>MkWy|6lIe~-WdHC~TZ_C&_`@Zle$&3$O&%0y3#-9g3 zh}~~1q*KI#P^X=i9sI8cuCnFLve~73Nxo z>4wzVzT=qhRar)c(n{K2qgrh4m$9MZCQ(5rEc?S)nxbJI_GBunaaq>Oxl{EneBse} z#bxhmCruP<)9so3o!08Z4KDi)#cTV$TWeDqJY{--nfdm1T~dRWSHWF@fSt-M2|NJw z++BLP)847z?c?KNb5FdZYeG%RugdV=-TTXxr7Y@!9TWFnhP~@qZg@d!07P%*zw4c2 z!G*O=+~2MZ2E7Wr6!C=m!S;N|m7Oa-5l{C&`24Kn8bH^CLl`ZCId@4&<0b;z>%}kAnXbHWOTDPgCc@%sS1CjeZ`zy_qSY0ec7gv9U1|6O%o|VzjOBn3x!iIt^4El&Kz7R$jKX zwG|o`3ULGF7vzgQ78N?ry|B3O83ECi#|oana4pc)%2ONe zpmsPrlXu2a`vkqby!IqB*z@xp)aI5j;5naqUc63FEQdhy}~`xNy@1fcp_ zb(4mYn^XVp-Mc@@vws`eZ}9)uck&hg^MAwt(FWh@P?AyK>QFLalsc4L#_x3~B`ja- zP%5M-btv`w>XBdTP+H?V;?H;YBxYT`mXY6|Q#v$URy|fO&eCwbUbwbx_7<{pA%Va5 zZYt@1-$4GzqhS`t@yZM08y9ZWA%(%hn{(Tj2?ipRSHl14lR>N42i;9*89~x`*RijO zPm7u;seEDGbV&pwA?t4QI&o+?WmV8}w^Q>rtqTjYWY5jXJUH8yQEo^@pKY6lhTi%T zySDcALX~LAQkel@x=fH}5-3d|nG``IV0oZYaU`P#P92;+TWfI%PC!Ex<|Go?B=7WhjYL1nd|Me>{;? zFc@1N6PG+8>$-cnlC4IF*iz5u(rN5&Bl@Oi{O)yU zFn$`hfi1>P_Q$4aUUEAu^*L<^DF z+z{?0Sbc~H@|BRONN{(vJv5zmB?LvSdL7YEm21?mp7G}WyNl46Qd0=6JaXL$mSN!g zgn>4x>V$7OR0bL?3au`R)*vM2bxzIFDxtR40%dpYarAR9P>(Oo zrvL;PtGT-?D1i|LreOud#>%t}K3r^}K@we~XYb675kwa|i$FA;M1zQ>Jx5M<$sw_q z>YCI27#pO}RVCD$z5SI1-m5tE3oW^)miD#L5S~XQxz#*x4ifJ1Y|&n^^dh$!e_1#! zxL9-o+`{}|ltlHQ6wstz33CUk=``WaY6f%`Az_S23S`*E&5<1@N3 zwL*aQu1>t79h)lk9i)-l#b2IdZIYhj6VV?S5;Cc4E|Z$I=pV6SQ}J66^%nxkI#TBS7Js}QUe|A61K!QtAB&6VSr*Aaa@LUav_S5yQCOYUXby7_D@yPAL z>)y0p3%3lKWCXc&RTNv6(j~p_u+XTKRIHa6R7?hRsB@=vKfR)KC9+ITZh0?Cs?tAZ ztaL$NiP_EtX8e(A8)?VU^yzYrjd9q}2}4|S=`HJtGmG$K+xCikrD`9@gd-k_{nbG= zW?)qQ^>@Yhw}#Cw$wv0PVJzV8M)U89f1@%rD`K7fwiMB(PMZ`q+0E0bBP?o^1_Ug< zv0bI4pf%StYRF>naOWoImNXC~Bz-c~8aN0di3hLe-fbYTrS!`iM>&i0yf)v|^gwEw zj4={mzRC*RI(v2Itu&Ffj*XhfOz<_AsX}z@dH9?S2`q2$^!-7Xo6~L>9+$yo+OoDR zcdExE@t5=(SMNW%RLe3|6Z;Syk1OBP7#F=r*W_sr+Gnk+bPPgYyW`*3U{xIW0Y6zG z)z_#OISoe82u6QsAu!(Z4Ae@#Q_pKQS0{aq>{2hUJ7(9U-fh1t+TWK8Z2Q5$eK15_=|3Z7p?# z^%C?UQ3t81dW|t#W=8#DKweHS;BI2LLtC`N+%K>8e#`^h$noXlMa8#$XpCj1HQSWy z&V7GWN*FWzess33)ExqANNYBR&rP4x4bNEJS}q;?^o3FG&2%brKxV22rQZz3Jib*a zTwW={{lRo!3X<1Ak0hj?jUsmWpE3-rHNSG&IIT6n(~>O2IjVeSuHLu}szh6dYEe}sH4XHQ|E+vgCkyv_Yrrb*d z2MApsZ640EA!rn3&RR^ad=6UdH`&~b*)O?-30NNH7NuM$;G!|w#Ykm3KLEXSl5SZU zY($h!Ic@ZaZ6J5-u(xbvp{fJtBg>JOPc|c-Qsa1l_ro$6-*Y2NE6juHAem)c{=(#{ z!aFQnE#WnjGMbe7wbjZ&Lhx3(?W?9q(_td&|?6 zUw9zO)O|hVfK=%#PKdzUeQ?5gnLOPFJ1%V;D9SkSB0D;oTSNoo>AejBrtt@K?Wc?q z`XH(}2$%B18NLKu0)wRcCzTR}q-on_EwX8hbWX^m32r<8#0wBTSJ=eo6#T_NuNQ0S zAMWnJNSAX8pF%9(4n zxbO!(2sLa|AN`jY!3+CGK-Ee>ZqsIx4=1X{J77rSI$p`-&Vyw-sU|JpsqVxF5b32l zph$Xoz#oTX$^{q{eetmAu-mxvzRguj(LoDcNFkpVa8RWGei3%ap-XQ_^u#UT)&*1% zT}a`nCXk?X-`XSZ_FS#|xP2e3K%DeF-E71ykWulImpmlud1HS;X08W8^GXQETpB5kNlLo2H zRnChbe&8;6uo1n(BJpvD^+QE+Y6JHXjF2<(%FuPY+aY@RiRy#05So`FdaS= z9C>@;v<~qU0~)ed-G_cTvU&l+j`gq0ftuJyt+RQ`kf5ks-1CLATL_;mUFZ&5Fk~9{ zUMJXi8T!HE^ryA6QLJPq4Mlv5ZWIRao8F1oR~@aS7@506P+li2=7cjy1MU`q+wI{b zc!2*%B+oMb?KTvFCeWzICw>&*M;t~}UJ;D~iWgoyKwouMWx{4ZgaV zbW1d;+?AZPTp7#b>uE$h|E%-;^HGQ@HtIARU|b!K-^F!c5?)rFn`;O5F2^u$rZS`b z6LVwrmqDM_Q-M4pl|Jaz;#s*4&}Sskcrg{SnHq)++ggt~h>eodO=IaIlGo4g>Ono? ziP$j+=f0$hTxeCN1c#K7AbVed2hoXIu; zR@o=m^V0LOUyAs!HD##X&dRUJKgK`3S8HwlI*?r1taw}?b4q$Sm;y?&u zW^Pwr>sTI_vX7o`o}{urXxf!PBChBr1y$Le7t5Ds^OvhS*N?GjO3d9qmJ!8XIP*Sd z>~`cZyZ>TdVK}=_cUR8a)kwC@yjlIi3PjP$zCsyY|Je7@d<(vMc?D%%1zTblRow6~ z2?d?(MYZoC+Fc$zqBc{Z_)T`7L!n;VbH2K$qMVuxnmffRR$)DHnc(q4W&{5xUE#Y{ zK0U}Hy76MDwNHmq3H7sLUU#pF_g=ZdneP%WN~-wuu$9aSm+*z*6K`j|w9w2=S`3^L zE7{u}LB4H=951`4RIVKsJ{M=x6N1;iQzj!`HW6&2-(7z1bh!?Dg&9?;unNwmqr&D+ zh3$t5`|b)#y!zMV>i-$B{%ri`+ia=-dAtAilRt?6$WXey|7-rouldjaEieCX|MPqN zhXAkvlopT1NIFVvr!qQjwr?Oz$KdVerWG6a{hKpSmmgjT2yqgT^ikX&cg(suBWvVx zOPaG=Z)y2YJuCYkQ*@u8QzmN z23^jei9kUeXRbxUg94H5u%;&)cV&etk$RxYO@Tw!CW$%Di4_AkL5wmPDbUP%jcF)saG8UsUR}>X zO@%yUPg+ZW2O2xFd?==aWYNi^Uc|K2-)?c8tvxx>-f%bADnvDbGlnXi2StNp7g*Ln zNvM7D-Iti^EyEa`$S%4?5UGGk&|m4B$@V%mc=X^=uSM z>jVR}JC9JksEjc;bT2KD;VuRhE0uyarKCNs=cz(iKgAv8#J*}O7|ov+Qhl_??YxVj zSChR0$|o`eHL`B3Dupx&xCA~_dtB75MJTcMWg}~Z{=l;^Tjr#qTQ?UUj-WVbJ%_9f zyA$O#Z$|ihvLGCVz%2Ngy*6Kkf0Bw79q=DTdN? zJ&~!`PMJcMPIiEFI^(U7IX>z5L#X^3fxHO$AhRG*OCiFs6Jl%TV4CE(Iq^U}gu3}r zF|i}u2y-C>5SorXCYuO1Ab5-^10+yX^FXqx>Jh3^gF-9;*q?sY`B_bMW$m-t`u1nf z>SSX6mzkTN)&IYp4ESTx{|EY?(*N=I`G1t_zhC+PKgQg@xazz9hXPOl2LR1TnrRV< z-)QNtp8#N33^zW^^p_*`7n%JZNdB|(|6k)gf8s2EDF6S`|4~*+`d9w{PjL9pFa7)d zKM25myZ@)`^tao75Jm36+P{)-{ycC0H&Fhe{QrF}>%R=*{qfWNf&9xTD*PV*$w|xn z!hb)`;J>i)tNbfDi~@{b@gJq_XFg8@oo$A=!k9S304cJK62pznxik2e2+I?$@f*)9px3o})6(AHpp zi?r|}BtWSw{-#;JeisGzEsOjf_k}dRig-mP6@Q!8piCd1F=ivhob>p$t2`@}Hi!hn zV7ZT!ZWJcVJ2m3WpQ`9!q#iOMkn-Ds+{N#eJ6Qx+PC1K&N1g@nu5KPD`QbJgUM3qf zFDs1=+(qwDj1vvNTQr4N4#jD23X%Txz%kWYk4Ql@|(jblF5!mGHXra-PhH z;b6T|Bxhh`Y-(nH+!A?`Gn_ZMGtq+=UC*?d!5?_Jfj@E8rsidD%didq19U#%FO&$l zqz-58x44mgna=M(eg3j1uRLF<&TWsy+5$~|kuMm`z{_aKL*VBzT}TpPM2hJdxykTt zB@e*FORkBDNrTqWe*glMVbk{!n)IjiJhrsQGsP{KJwemr>_-hMIFdGG)1m!mxenPl zThBg;YiP0!{D7&}B0y_&aL(A{rPmqjN!Rag@;$yr&oT*vr6ZFM$i)bIT5h|TowYVQ%q$my%0vm2wSLVu70MpfO}|cwH;f z3Qm<&{ds0?%GwrrQ*CH3Y%|5i^WKY1?x zYOln8{!x&xeP=E5jm?md|}3<9;Cv@U)4MnU(Na zKQ(jC^d8GyJzg27!_`I&L!Ex1Mf)#RaEB20@!RSqGLQfD{zzcKGp3M?M;zI^x2YC8L~zyy6kur%P+%KPual|QWi|7C*uk1L%& z(Erl1lwz;n&i|q4|6lzdew@L7VdZ!Kj}Bk}N-6rEOs1r6J$Ue7a&q$8wQDUcE%o*F zd3kvhLiI;K)-B zy9e^P4SO^dXKYsgJbF_#cBsYy9RVjiL$qVjnS%OQF7|3>mx@K{O>cf^o!~ED^Dn%} zKS}z-^6%;sVCU=S;}m!*!2c&3!2E&y%P7eGUjAj3e)WI&lP~lq$^PO0z5V9@k;m-G zgU8-qvnO9QAa`kyTNNpeAh~G|xrX<7sJFP&Ai*h07@HgivL&13>4ELD9#_{=b!z*e~tV9#{X+oSI1(Rso+rlG)qa$ zqNL)=>j3S7m#3h80Sf4}@`(cllb$I~(1SPhpZHswyG`hOLIB@jAe84U;Nj&>&l;qc zCUlOHl;?@yXG-Sr5Az)rz+O3?t=?zTJaJZjj1rVP6H`ZsG z=N7ncqw5PN^0zg&F3p#Q0Hj#!1?NEx=1d^q4Pb9ok=U*(S-vpErRF|HQ*-w*=%MbR zO&xMXjGS*Aqp)$YUWwxnh82N_$3lJgq^S9;>@NYT>bVTeSW>p0ugtm*hE9^E!Rmev zCWZ#ltocIBgc!{|iAGN56Gibx49 zt=@-hY?Gy;-Pp1)a*#jAUM4*rjYT%emQqQsYd^8Jxf?JVv(H^K0Jy`mXKspHi$2bf zTCy*65I0TD&gOP{kKCNp@w_Btf}>=;4E}b2^rsVL=JaT(z%fCu>!qfcRDOAl3o(T0 zQvugPP)4gw`HK6Dgc6BFRijr1nuCV9p=Ns-Hxqq%chyJM+RTH^g{*0Ha<#;6?xa5U zSb^~sI>W%EW1d$Jxe{<0n_2f__z!L0(j{Xm7tEUOjTDE|Ft{F%mLk4eG#XqSjCFgI zyOJZ{#TVDFkeIg2qudx7BcP|L_V$kd!$>HdIAi0JyU~*H*V9QitklgCUj^Q@LeaaJ z5zgD(JCl;-iBVjI+PpY(7&ZfJ)91}5nsTPG>TSAYN_JvslGokRH1sNDI+3DI=9c|u zTVakC5itkW5rkw3qP3KsfU_)CiBa+WZ@3EhVf{~;3GeLZa4Ntp$l1=#JIL8Tz{gMa#|*(A z=zm#x`QP{dkXMlXRsZvon*7f#|L*^N#pH98_}{24dED{q@P{7lulm3L2zkiz)6gk$ z6&JadpIk3QZWJRoOH+&jxkHU&BPfvqia8(`K*<;2=@!ddB ztiw$oWr~5IScj_yLKFi*u@2u&!++U@KlkYWO7&m%Mg7~{-`~!Ctfc{HVEv?<_L7VV zR6?3kx=3)whb_}OEiQ%AqUrSa==t?uFu2|lJQK+-BrF&h0rnCChYNEixhI1Y{58GV z+}xwwdGm!s^>e+veS^F&2p5GMiWTiWxZDVWi=)%AV<_j7Z zX3xZFaZYRUdRNqUUeUzF@^fgjafTOx&&*%aoVha=q?wRXVQQ2dV*kpHxWFy zw(d-{07nCXALDXc+6@jDd7>guj$N*p$dNvkd?*)dUyRb>IgEi~42u#OZr96jIC#Yf z@p0KOMC8$>P524xhB(C-B-D}VpefIvue+3U1PaG}qInj7dn$I1M=kq96TnbONeEo0 zOjD)}9+zq+$0`K5NrP(-hI7Ct1esw0eE@V4`RSZj$bp3oSxVY)73>J8zRVIMhi8tf>ni z4V=%-HJk8#RG*_`c>mCe%zD;C)!$(+M`>At(c@1e;~KNTV-37_g71Y0n+6vNrBl~*jQldzzU`x1P{;L#GieTH;o`VqDme)AEQeg%uZ}E_nirWi?3hcmeMZb!1NBFli%dJ zO=ZqyE^7pFcPVRodOvqFE9i~n9}G>NIjUXaa3Fi83K#Rtwlb;vVPYUehyO-q>B;RB zflDE+x$&h3bi~w8#|GG=^6W{;i108*gxY-Kos4}~?mQFAPd^r#%hBOdyV2TcUa-nt zpz1H&niEti9Nf19CEo#QJq_V*_o}dB^fPTF)v=WF)IBZDKx zS~k!xz*{eK5RlBxedmUBnELJl7woRQJKtWY)*C5582aS;qr0%l&Lf0t`gupsSw-=E zv|tb%IpxTGpR_YPrV}BlJDRaPIl%?=@tr#h7DV`nGg#@K-y>$YRpuH()YLQ(PWm{L zq#rC^f*$t-uqa6f%XW?Pm_cf1>*)P_r(%f%+YHAbgl$Qep$6gN!XR#`JqP&4OZjeJ z*lu%06E`Z2O7t*E`#K)RU22Pr&njg&3*Ld(=PBD-U3%3-yU#ntp=f?ZBF@(8afKXY z*e7^GjGk8euwc*JnRTe!s&Md)VB2?=jhi4BVf zLr>4l$H@fKOYiq(JE6gGyfieC@>5!7{;##6|L-HxpR@no4gqdH-VUBWX7~TDp#Q-B z%g89o{!9Ev{#X3x@9g`x{{Dykr^J7TEW|I%u#;Ql)-D)R>^8-=Q*ax_9r#T~z_<84 zgdEbn^hJ7HzwV0i##9g4Ui2T){9^14KZge)8UVE9ZA_mApbDgF@Xwr9rD8K!Eqe)s5iIVh~R!E6s;=uLs?%uenyl;Ns-F_1-48*tbOL zv7Aa!=QE$G8f`}mgzacCPEQ{U(Y{!^B2j#utI+k*^?PGa)=YZUE&_3&{N{yHtM^d& zA%kj;Cdb1*mv_y57kKOZjPIj@5lj_j@C%BNT4PD8(D>_N&Tl6ewHi45s21H$aaCBm zZ6AYue6HW?MBg`0C}_{rIA=3-EKAU+p6KZHy3)7CquIco0Fg6YkT_?&Iih7v|*c9Po3>pYlY1r2mzqf3N>#<>Y?hzn^}We}>>6`v1Sde|@Ik zA>iNe-*3U+SLBxu{to;8hWUsG{u%a7xyp~8l>CnTD6p@A`)geAZ^)18A3?!C^VI(X z&41y)uXF$K-|mq|%l*bYRW43f2N*P1Us|mH=ed8kfMt6u4M%b;Kc1+~v)lWHZ**5g zi zdYey^>558b6d01GxUs2hl<6M4FcdBxd4e?S3-9@S5 zW&dYO8aeUmHw?hoQ?0>FH8C6YG03%h%q!A&hfc&NU^0{g zR`wj(X9(2hKD@6$v#FQ6Ma`n$PAwK|a1xxBYj<=>JTDeOa29M?khDY#Ii0yDe`thH zp(FEYG*w58)7|&-oO>B#Im3izXjWylgR`1$?f08EPDm!uJz}-FeJH9$`D`4EInt2c zGefC2@JIrrAU1I+BRKqWc|?A){)B|nOBw4^u^QV~BMg+w9;X+bqACG8aI$+UUXJx? z-ngiR$vDR_oZxrDe`t5d&?HTLfX<}FXr57<-PNUUFS6YN4lmLUTswZ6p%!-1n^I9} zZFG_ae?d{9A_3|GtR7EO9Zkepq2%vxQF}?bBZtCEv&xuN1TvfYlHxCnV#D7*t30waF^Mf^LScic4(Rp#ITo#Yri29 z&~!>t7!u#$Z*D&D*Qee8u>SXQc5-vD^9}qH4M6@t|I14&{XYLkR_0g#kN-i({a^m~ zcm013#PcoxhfLmFT$}`h+x7Kp#l$Gi|B$!$lipq!3|3TBbn4Wp^~A*YFJDegP0b1m zPbVdC>0bpBMM< z{|%1#`knu6{Rib9NR>nVT+!e4H|iq_N(cAK*yPJ~#b#CkV zCHn)|avDkf2;(({zLtvC=h zFE7B|)C5qoHgof^*K;u-kszL4T45g4|Hs~!05(-+4W|@JTUm-Apn|>zr7gDElQ!LG zx);0Aw19wyG^di9_`T zu<`RG^HMwiA^B?Y!DAD5T>Zlpf7mvD)Q8)zpFHfb&#Ou=NV;ZF#fiDuPdxT<$(l(c z#?MN=iJT@m{z*;2)dzRgCT3K9b(2)px_wnr$rSbajLTMQB@Yx`le}!)^5mYi+HL2g zmppM6}saBV(8TG*i~PcXdJKBN;AH?KQCVfCXKrC0o8_qaI;$B!I6m|(5RE4^~djv2GBcqyT0PJ&dC zdFz-TcD|eL-ugj{q~w>Hf1F*GAWQ5?>hPy0=q@dPcTbX}#FH>6rF_!`H-2#;dF+^HW|RzR{$%{6lAc>WSo~;$VuEBr*5)SrkUzeC zi}}`;v!y9x*Q~C){_|hD2QB^dx|#>Cu_jzFYei?EZQSj?v7Srj+J3yM?dH4p-BfqQ zNbAdO3GXS^eXQ-+{_G=A_)Me@D8d+uS~Gv2oA(`(AwOdV9{3 zPhUEA!p1Y6_)9|KrGv?3iO}|O+0gOxUMxv^IAvW&;tqvUFVf-xwC9a=7zbJ@pVqy64GIPzCB>z>*6NZ;KoM*0Id*CK%$vs0B&r#og^QJ28TXlOb+g0}Z zyu({w95p_<`S7_r2Oa7u%lvuU@T<~#wE2qcKdviHobbJ5=;SoXaEEo;lAnifdhJQW zgG;uq8T$Unls#?f`#=5uiY>cFjX3(u-6w`rCJ$MV`rh2U%!*-whelp8f6lqbt=qr( zPS$-^d(D{dw*2YppTAZczHWVY>C6Yd{Ce%2?7=-p_RcCwsdMK{+&WhG&%~@5Z%(;- z!?(M}RX1wtpB&mS{hQXC3$5E!k4n1V>G<=UgWfIoEy=8^zT^$*iL35C_M*j>b@{6Q z)xY(MZ0m!|E?j!a)Au&ZzexXP)xy#1&uDln;pMq6%Wl<=atz+^r!(iDvFeNun{In9 zoZ4**gZ8WU!8T8`rL6W~-MSS2$&pCGWT^r6$a{Zv(``@20xuwYYuzGd3WW^sh zJo?nnDUO-D4wjC1e^36BJ!RxYbvplw$CgdAU$^kd$qD|yoHPFb`B1|6BguKI4)hG0 zeC``(e$g=L>31JVdUWD1JJUPX+Rne}`cFKWKfZZ*w&&%nga->YOAYgiCf$~L^&s=R zWjE#A=YM|TjX!Mt?%-wQSEW03`e!7sUUac$`_;M2kE{(mne__!wfBSZ+pA?KMm5y@ zc>K?=w{+_MeP;c8U)EH-uqE^HLF;-ho0InJXA^IHa_gOQOJ)-1CTiZ8C9#lK{q$6} zTzc(;stGq)(w>ry{NcyDp7)+z()dWh_SWm3cu$M{_@`)FfS= zal;?}d5QMIDfbTBKIyR|fqSm&*|6+*=juU04Kt_rO!9s+cIayB@<-Qv^3a&^s$Cg9 z+s@ETSh3w+bL)#039HX;G@tF6m3jX4pPfZQZjRIb^Vh!)_gx^=qw^pf7z4kAE-StWzH|J%{uVpEzdeu zru`Oz+kI>+{T_!CZU6h+0hiU}ZflF%{S(vwqkv>DVg9E|smYZPic^8`fX{FC5`?6K zbVZ%cY<1eBzY+E8r|Uz`{{#O2myH?V{NI){?&uvS;s2k9{r}GmmkcV=B;Iv{A#=ot z6`vj3RG73rb@TKa$0Xl!#zU%}ch0=NZo_jIC^o#YbjT-;vDpV+eL8(f-ihQdKVEv> z>Q8=|TYY(3>WZW)k7dmW@c8S!Gi|Aho!8u)luBN;e2I77>Z%d8JABhuxHdS3Cfs!G z;}h;!&{lQFRBxAa)gNo`A9_cs*Z$myEA2PC{sgU*Hzf^vqiXNAZP%%9$a|)CM&hF@ zhwi>|(e~GzZy$L+Y1SD}-ns9ZVY|zhyz}GOE5G^IpKpKhyFD*>zPj+nXM4`gXx(tX z~$uyi@Go@$+-a=cbUmZynv7 z^XBS(6H9DY{^t+A%{LtAF}&LNkC&6*er31hEcdo40rloPu1s3-=4X?%AM2Aemwqt+ zOV1_hD=xft?9-p!G^2U_r+fFc-t@?wilO;+?|!;UYh5w1)jXkY>n(?#zy8I;2i|Dj z`t9D%;d9f!_+_>0@T;DGy|a7F{g3CrraLn0>HB_JHu3VwH|0Ed+rmlKv5PO7UtIRU zn8M3nYTEMo;ByaOx~b(o{g7Qh`**)Pe&}`Z@_(DZ@vZkzTSSv&H5?C zqeatZy zUB;Qo!)E0a*36n!TG}#WdP_}V?IqK%IyWh4@`^EEWfrQw8nt}#SLYULzZ$b#|JCH9 zKP^{mdi~ay(+U#*{>j zGrxMMA@$tApd)7OH_e9h4QHNp!TN8~6A}h*YPqBH(GQ>TocQ3iB?Y;%zrN7Z30Oe)w#~;9G~+-@mc;`6rLOzCk^5&_8-EOc*-pvg?Qv zxcB|saj9cI*_Jr;sxytZ&zipLi#6*moVA{Ke%H#Y*I!hfdgPsHofjl^t=RRy=Bny; z<9S2x%fHo}ylTN0g=_D<@39Fl7`I3lW>#Ibtox^BAAPvPGR6IK!yDg!{`!^vdw0J6 ze?OZpBkr-Bx%-Kx?v;N?m}buy>2F-{?)9CLJD*LHPI^easp-wH-yzZ`Y1=muZ>F~| z?X3C-aqz0E{*(LhHJMu$?oB>t##Uy3{pB5=%brmE2z zvU>oXJ7p0_LY)B zXV&WXElt09$f3s)?zw5u$h1{g5sm5pT>8y}@BZ}yNS@f4e`C|?OxvNWKfmQ-SJ6N3 zy>I>E3;vqe^wi*^3kO|XcDQS2vS#j?hUMocJp74o#zU5SPi(8zKDe=a)xmsa!(T>i ze*3vq6a3~^{%^#QO?wlsd*RdckvGlye!u4WrQb`^{`j->jl$#K{_D>rLv#Eaud7om zO?qU+qd&Y=d&ZNA>q-w-)xO<4vrau?ibt|6aqiS@lK1A`w8e1cj9ZsDhfxf8a-o7!jQ4` zdCP{3DJ+>@@$rhaUyN=T|2OM-kG*u}@{3B&y>`Ra^j9+OR$VixscNqw|M?X!R=r)- zvZS$f$lft08t%DOzIWvPQx(gJyp5myFU7d^`<*F=?pC~UR@L`utH#b8wk-F|lJTW! zooPcpTz~bXecg9GHmq^|!t%AtKHk+cbRublH~|e_AZ_B&0p}{VMs3CH6|m@-zHN2`PD!;_vxCf0&K$d7-9tp_lcm*vSp3E$^Fzb7CCKvkmaeS6 zH}$;@iNi1W_PU&}B_BwikUceT?d3xkyjr<_`ICYFep8w_y*2&sd((exUTYdUW%rhK zPrZ80L!Ym+UViX})uq{s9(w)Kj^_0FpIm+Ss!N(aK6BJL<@+D}{L#s&!)7IxeqNZj zVb6C<<&z5AlZWWYok^wp*C(zai`(~YTz1XM#kV!550~}qTlIlt^hdLYR;{t^Sh28V zu+mqxKXp*W(X%&Qd*PhPi<-7vzu|1cejp{`iNYWDw|j3Idias*ClwVh8Lt>!1A=(u zXZnWjxBhk4Py1~}$FFI);+v=Lmi+gDlK<8mTsqdjDXA{Ablld4@?oQ=rmfp|Kx5eZ z<=RZ+idpY9lsB#$r5w6OUN$&Yw&qUznvo^1O}MLa-^sdc+-wRTsBP#g8xUvR@W`jJrog#4>e>frtl?g#t@ zO5FdWw$C7lG7xkA_qyHwD6dJn+DXz8?SCDODz=#-z+MX|*Pm-qh~*drT&i-D$RwbcT@0;&z(M)=tvv_rU{?$?Eo79HiMB zzwhX`iPhf@)TdzoWBLD}|5wocKWexUXdwUVln@bh{!5TR{~uic4UNXh{{j7f8dJ`I z{y&X3=M;c8p#KN-zr3rfOGd@@g7v=!>wg`jV+`p3Q^1XK>YtyQCl?muhvlEf2B@IAOH2y!~7P=Q>@vGl(>H~9V^wNee~LIe6g&b{o->y-ZADj6#| zj_?0TPEJlsOB+9ae0q9%R#ui$snqNBrO?K2+O(#orrEP+Ll*$Zoc8&Aix)3mxpL*& zwQJX}U%zqV#?6~IKl-xZf1BVVBI(+!>(W6HpGyC}Q<0s&M$Bvyi zdK7*;hWMa_Q7l1Nr1 zpDk&BfA2Go&e1e~_T+7<&2QYUHNL-}Tyg7~!`cN$yy>4lv#sap)uS(}%)C(c$*Wg9 z^wE*m_dM}&RZDH!RjE(!NTc|F`!BrFbNt zn03n!o!{V=tV>9cB#oG?seNj4$~9wTgLm!y*C5Fm<11ZzlmC?60m|9$GxUBtob!P?My>@)^!gnPd zh96rK+b#_lW{zs~+?+J={r3;MHtE+VBqk?sDw(}_;X#0M{I(ej9>{w4>LeD3-0? zefG0ev*#{?`q06TY&LinZ_vX<>QfpoC~d!5Bb8jR5V|>O)5@2pm1L4-;|6u#^XiBr zJM!+kR(|_r%VO<0Ywo*pPT=Ouq=avmz1foYl76~p?3w69~a^G>{3dRERsNz!GGZ+qTO9Gorb89bOcXn^}L=4B_G)u>pSaBg#n9|?|Mr=`{r!ccSJEraY1;IM zq#e`WDR}&)_Uciu?D%ixJ(cHFuivzDXL80P-|rfh`>o>T@28EwalGQArDY@L?SEqR zINhv`iDNG=`9tD}If|X{jp=B==ba&=noH&m9=$N_zQLNR9z)WxoiE;T$*~&GvXXz+ z^dux{7H?WMc=W8@hQY&16dyf5^3tU}@1zzMrQd#TP5PO4wp=~y)d}5;=Dl+63~R#f z6v+nSua|B=uj}yT6UU#`lK|ayiG-Wm2DeBoL!h6^3`ymM%VwUlx9HG$ui3Y+lZ>7< zar2<$|IGd9osP46mL`n)PyW*h<7%((nVqayI`+o9yRKO}{XBh%zT;1mpKIJWDIsln z)6D(TEB`|H({_z1_ID{I6As+-5xGp1FN0^#dTHN+nndFZAC(M~=yL;U+TqJ4-r2Ko z-srTF^oEtAl7}xRr1`7nC3TccZ@6NYG=cc0VpMg5M5eeUVWA{@#P@HWciyI(C;qoQ zaY@H5_x!Xj>se3grE|O+OYbikM+{C^x2CNay=h)mMxJ3<v!LOL5_6Yi1vAj)AZ)u=Zv{(@sW#$|FovG=V02Z z8TT%``SG=zcYHEWG2BX+pM7z2&d4nnuR3z3`A^?&RxEq|;+5C^bHm=+Evj4hty>x^ z(L9p<*O%G6G3x(9^FLJ@XaF@}|Mica6OKCI{}JNj|F^#)@W01v_c={UrKzmeWNIpd zUryo#A2H8zW1IxcOhDQL6^-e?28MGr<3+1kI=IBoX-E=kInvHJ`^}hN^%ZhusxeD6{yW z6+~}-qVvB>qlL>ph5bJiTE#&AS8q@q_jml}RtGu9?6BKhMGmsfe<`tecxpF7vC!?QnbZCskIWKpy{XS!*lMPX`(m z56!+#8#nk> zdSC?_IB1kElEQGS+hGlX2k~G&VfVxCSa=U91QL_V%2-s(Xw)&A5ozu50n5S4Oj(J4 zc(863LLi8!~TfJ^iUr$Mm>?1`C%+XfxM)PQZgD(iJ^h65+c5ffi zarCKtP?2qE=iZ65Loru{ScV%0vxk7N@xt0&=1%UVi2M}iWDE+SeUDnNrx@4KPMWQ} zskmQz$+=i01dSqGAoq{~NU!I(69d$ztk4^X5InSKmN`I-f=FiNMKHNC!ZJRAf%nLHj5IH$xB3H_J`!%+bh||2GbZok#Zp0d2c1?s zU&lwA`(QG;GZYRm%IpW5}oHFJDxk(sCRVZ}2va$k#T{@ppd%bq7?3v}M zxmkO^G>lC=VqZ~%MjSPW=jWK)Ba$NM8T(`-bjWt)@E^*;+%twE_@diM!_p^P7!%>4 zu&C7(byB1xPG}pvcC$l-LCR4S(gtD#r>G6)77>bUipfOEOHs2?Bet5oeZ>_qX_Q+Z zLol>ij6t!IoqYvKFUUoq;LIR^#P7Cn&_)zJVbme_t9md`z7L=i(|6f24pwDIi+9@=->9kM8h_;}~AgN0c9XPTI*fG4nmHvsXPuOE+D zK1Y9Ut{ILUonkEV_(+G_kr2lb=gZ?>VsHv6sPID_?tRX_Qm^{>EknMS!RPFANs8!= zTYaeJ4MT2x`_SiX?FORg+ihcwL`dcrcvX17#9}XzYr@0ubw1)DYoBA8J({%&JyJnX zGU6h{nhtu8Xa58}5!fi)vk=n9K2z>FL-l;C5`ij0w4FAvit?6*ksTZsf{B595*9yh zYd7~sL`ydWKfy#COnt51UK4$Up@kL=vzD?losRL%;W>M0MsYX@l^#LQcyvo0T+DvH zqUbq34#ErX6h+v*8dwa4iyxRJ%}!CI-m8Jd(7gD8S>o>$Mf|-Q zSPU14ADCr_PNf)j5I-=>7oAEme9?=6%>f*Y^u@(>+{=+I`e+)S(WHFOw$Ed>kX|vg zA4|Hc=*%V=HKZ8gj5VZ2IHVZri8UmSVIh%6K`CZ?V-1<8EWC@MnOO0fWsdj)$)c6CR@Bvdd$8c zK`!A82F*ErT-gDS6;6a=&{k(8jAoaQFp^$-n~0MZYw^)jGFJ^(LJjEue%SBeAy2#dACS~km5~g^JcWP3aVxlp2&c58k6R(i zWAnNpjQ|xPRaT;uUeMGci-LsmlN0yC!yi=z6>nh>Bk=JYk)$YgLfNEA9)N0MJu=vzo{ zyyGsP;G&|KT8d9(v5;`SAVkw%oYm%|UWCbb zDvU%;i=F4u7Ro*2Sf&?MMxuaW{i40{r-bl6tqd?`G4e!aQHX*yW-$&XO{V6C!{TC| z5E9r1qGlCIC2>?8iJCU%V!8D(RKgec3>M;ckww~4Z7fM23J>4QAvWDr6mB^3LOC&F zB&_IRxm83Eti5ueMM5gKkX|~@q7EEwE!;DPdiV}A@nuM&5gW{d0&6W48h*ew{!%2N z4(CP>-P53FJYyCMleo)~gfj;(nvHnIZ#D6mJN}ZSeglhd%=M-$Nfcm0lRI=1sjZ4P zKTh=2-0)&VP5c&B5Df}AgPOaKr9&L!GR5=HU70gKrTWb(ydwj>HH_DmOl=~BGo$6vlAdIoMsLtI;ZUcw}b^GY>bR73Agem&2xalMy?k!ZJe7SMKB{YN>(&t<5y@@7AJw#xdh_{YO zG|6#W&n)KTYMF!+bEAi{S_K#SaMu?*p@KcqXQ_OU$%Ns-`GH z5mjINxWwT-yi~%(>x(;$R>(KOc;l%caj-Eo!HOEdQD#<(Nu?LHb~c}0Tz!+M zF|jKY=|!_rOn$zoG1(-2v#7!jQDf#ZVKB3(nhsH8vYG#J);mR~CYI{sEOv@MDogjB zqUb(Ina8C3KFxz;X}?nx?Tdt!rT#bzoTB5ErT6G9@UeJ>mRu|t-F21ly2upZ%&q{dl#Z6*{Wl546wyy*zOFiO?oWwxO zZggK1IWqMcaBnEj88_5X+GO06~*@_)5`F?p;p0zSXlOAwL{(iQbpv(;&j{zlZVpRNyM z?SI(}<4My%{QIv{so?&nf&K4)su8pQ6)ry%|Mv3o4_HF<{C^MvNG5=QQ0Y|A1qtqg zSHd5;1Nr~`zxxu2+zxkWER?nToesHDrj$1aNMc&RK@fUErN~!n^HmD?MWK?*Q_JO` ztL5;MdMW@LnB$aSKn(vkksi0t?st2;dk0c1{#Pn=JpKn+pi-z+1NVRS4%u;jOYU%6 z%nmu~zc06R`sB6d)^4xe~G_}Sp3hKhrM41HW+c5xzlXKAHq}^NvUlC7w)D;!2Fhu z24iLxu^8^-vbPbLQ1@)NnPCfL0T9jx8?0A``LLlaGou#W#hH;sq!$r6$}D_?*J7d* zTv!brW4DheBBb~YDU{E_L(<_R@tDyEooRQmLlToGv-g4#F@Vu)*{_8K1;(|yyL@_W zFgQ_{$cHA}0_joJG9}^m67|h-4PIxqurP-k9G-*u>-M$tM-9TT+uu%l>E~Y3AMm;; z>=&diNloSN1-rKesqiD0Bk~2F@)Kr<12*35g+x`->m&Sb!r|^By%sZU7yRL~J3S72 zTQ>m>xcqjPjliRtZT_Ngi1WK^(U;5M%b8gP1e#~clqp1MQ^QPPLSjZmld-0u9)E_O zx!iuZR?_VvYAUqZ1S|#Sq*tNICVXxJsE)AvOmMlgj&3ScA^eU2Ez$y*SjtEZ z;_}N00b-a?2k<)|*+Am_uVoQJIJJ?W1Wam!)`Un&2p@|9SQGU&v+;Hk;DMI~pg4VY zl3f5tS9Vg3--XfOYXZy`3K453HId!~cr~G%qzFc>U|UJ-&Up3qpYAS%M?LPRYu?+oE55&m*Mt`CP0fkf# z9!G=dgZd3-qJ9TD(DHr_cqny65e^<5Ao6OMS2N!u0M^u0AL(e5Av*#-mV$Hy zH!{E)vM)lH zHy0_h!QOB?98hB9gFkS?#G(x1BBBfaKO?&xUonh7Xh$DpWKmlLnxM^X3Haz4h)gU< z+K@(N><!)@zXzo3BJ8z8)Q{Wpr6OkwZ|HS24mc9|oF&foS^z7&x)nEgg)mAjg6b<7Z4rP} zI4AflW)B$Y!FZ)%T_Qv_q7ig3NiCF9b~qUKz1VZ{Xikk`@1p|)Wfp>ztE&Q@X3=VQ z!tuaYfEAy?>veazUHm`V+E}p+U!(;D{T>Vh7nBn|Bbg>4!3(*Mj5^qF*x_ z*W`A|Z1y$~Lx42urM9+cL$tMp83R6K2WbuX{ce|1FosgC&Q^iyL6gwW`J;F&CSRA` zZ)xweTS>P7Ba1OZmN-&z=?NJDZ z((1C6T56T(8Gjf61i8|Kzb{0S@cYW3?|aEkJK5z69zuv4Z5|&40bT$EPlPdq7|{vF z5MTqwaFSNLIT#3}XgQRkbZxDcj8$=s4NIRUxLI%(Y z20+W;2G9i!03v`SUHlqeL4|vdJmGOKKr18zQ(SXteI4 zC9sK>z$QfItu`fQW1`iD(~yd!lc+=-5X7MW;7<~MEEXwuY{fuFWEDbY#)ZH6E8 z*ic(je=$67!#`5OY4+Oea96e6)()d6U^usj`V9X?{Ysf9=&6Hj^K*}pz{bt!z#f5) z&qdPQTzIF|4VOxK@z*V+!{ISotza&&f1^}E`fu<=fdN+N_ZAoWt>6%GfG-Oay4!<% zI1YFb{!&Zf;Eg}GfJFed2@eJ6N*$dJd4fP(!|@r;&lOcQ^+a<+W4&PpQPxn`*ia8% zA#{wMg7gda1GSQ{Vzf@MZy5g;GRk_r2($oLg;g*>5YWuxoOY|#L4vJ9V_XFYW7nz* zzc@2tahQF+q72-9ErYUiGLWmyWHNPib;%Z4!Ft1~Up^0Mfs2IYZFUE8Qh+vF@-j6G~e8VR0bheZe!; z!)JZJrZ9vGz3W4eT5Wbg(XYeW4-jBWH+Zp(Z@d2&3`UvX7679vbj@xD^y%*Idk|Rd z9=z&uM(y{*oMb2IK;F2JIhhA|PPrciBIH<*%CSnJeeMLrH<7GHPAx2~Sy5k6Umiu! zqXDV$f|WyKt)af6nJ~cDOAYn);A~~J1FeW?(T#K+C{X&ZRyWwrPAMbfA+W#~);b-! z!y7(fJDNsO<{o?m1)WZ*^y1VMkgwF?HLOr)&ScW!Lc7yOz&RoI;D9n}bXqfGcp0UW z3$U9Vpzi@-R#^kOKozutE~Ykv(`P!>g&|6qK?|eLIJ@LzQGtS5lp1ID$54)UJ_T#< zCbAXm95X>`H2JDLeO?}|!r^PJX3+74sImi`@r&TZuK|n&VHRv#HBVn!}?5sDAVlq#80BU345YOPGGmm@{%HFttx3O*C8Y)Novkl=i=kaDn_ zDD5gm+BJBi>?WHD&tkHes98)fiwVtQQmRZ!jY*|6skJ7p-b51sb;vYf#cr~=ohGvt z#UQ|8>hzc_$~>)759e{0i}dQKZKk(Yr=ST`qswFVR!Qx(5ga^??GSIEVi%PVSOYlG zp34!+aEz?gVnZktP?^O+n!P5Yv7*)l|1GOV|E)Ko|28(E|28+8OyCp%c{Y_=+eP|Z zU7iN6gV0}u7k!ZzEJN1dQF1I4j3$rQ?sJ-QVazCV36`s*SF6O(lN9ubgn=4JL=9ku zW2!;Ig64LbnuLqAdCi`7yTxb1s}*pL25}3+IZA*T#z&$G1Qs%XS*uT_;JCz#%xO+` zFig@*@c{Bcup?1`Mdl<2D`PoR;80P}VE)Ms<{tx5-BeLoB&8`a9K+CkbA}0R7Qz3%qcKDViY|5$uWvTtD@63bIRc?th`=#xB0OHV z6>it^rAvv@hNkk0CUnFBZZh!6PxQ_yb%L$qlNqfS)9Et~qUG31jDI3y4;ZjaPEgYa z$RKu)LR`SQ9Bol*f(DIN+4NzM(P8FpUk$kUz#%)};u~=B^^uDYgcoCXauF5ACj)Ua zMV?lXO=l-%gQL4*M) zU{Jg-LL;^_}3=#(uGoz)Qg(d@hxhXub=~s9&@~4b6ry^udZc@l80z=*rKPGrk z@yFnUma+tZhyPy!j%daYO>Hn`z4HB@O0@=jkF35Z}( z9$a(^6WXuA9&W4KAI9(wXKrxjHYhcL=M)|MyiOdOFOpK51m11Z-|n^+Nx_f6xvq=<9BeAJWT^l@@@bIV0Tw zAX+>WR{>d|ywXBB^=im>7FnfK4r;_VAeT#8+zb}`OtO{tlAM}@ULi+A2;Yp=Nc(qy zR9$dnq49^0;Zhmyb2!`!wCr z`yPHtJn?n%YoZ4ezoHgPJG&xCd+p6?INm`?qXhB{Fvm4k6%&x4+`{SEAb}Yo&M-5J zvmz8)4QoXJB{|)Y4eADeQIV92s^bW45f!@xV)a;f@$QTQDf^WGxCEnqgAREz0uIGr z*>32c=LHfmnizr9sJ1B9Si(fh@sa zN zT3Ej#&l6a*2*u2QCGyKvM8_QkUIf%}4}&q+h*#CGi1T`WJ&Ma!M#mb!76E1SlVE%` zxgBHXQm^{B0$*H0vj{`9R4uvlSqteK(uzwNhaYM-J*F&N@ z1`;uNkr2o}3_%`#(!YrFd!Z4st^3zQoxq+9wN@Yl90M2$dA!FV=%b(YIRb;ur^rA8 zb0&;Y2)4N>vl<#;2_%1rS&g$NIkOrkx5l)rBY!E1aSe`{D3ST*j6r!cWD(HEdm4;7c3fl_*QK1%72u)yYmR(zb&Z$!W;?`bejE2y>hJ5C{^_gBIv%*@9n{27@v;b8<6 z(ocfXS4xe>kYkM88lr=RFkZvy!NFXc1=_j1*8=RXSQrppN zD6Oqvv$j#PJCn_=hu^s@Y@)29w$|8aD66Tj!iA^k??yv;IsG@At_0<P$OE= z6qKdJ6m2MR(MGOTrwNyft}{Um2hBlIi#7nqyxIaLxXiDH;AulD866~RDL^G6As;GO zl(>QgfjJo}K0QTHB%)WU!&S5BWC{f&M_3@FD}($GXm90$L_8UkkjgD|4pf)h>wvrX z%rdLPF|`a%M?nQKXb5DX2y*w~%O*&mGI3*?;Oj`GL>xlIR)S#w3H4lRQZrzrxx837 zHNQH>PeLCq@J^$CSJ2^v`Y)25j4{F_{qxC33DzD>KG2>HRRSQRjLnB)^4k&dLS6@5 zT0-k=P8CDvt{F9D6-FV&i&Me4m`H^Ftw2Rb1nTo=w?K0}x=w)0bHL5^z=rEb$tEm0 zW=%(@9aS5nUVq4h46hTI#}OnN|8cNbE2Bqd!4kU4iz57h%ZynML-+(Fc@!@cv1a|H#;QTcVF#E;!8=gRbV|Spm9dc(x6VLH3)1&a0b=Nx0@1W9KoS8#^taK| zU>qUc3ST5zs6Gq*g(+-So&r3fsF~M=i5PmJgx9JVmI#<)p9SM-CbEkmu+Ecz;yIaP zWn)DJ7@5X~-te)HB%#Pa3@aN+5;`>d+@Ut2+6uKus55gE>*?g23CKjGXNjVN=r=AkAL*oEOqmU=M)wz!AE$f|-ls!*qqQ-CjQ+xDkd zCBoT*(%{|Dn#%$QJ+@RQGz3q-7zv3K{OD;oEE+xC(1;Jsz-jV+P$)i6Hyl>`kvnN5 z;1e-kF&%gbPj(bI5irI*jDRpSiNHD98-ZD8s4~p1sqfv%8oDjw_7rR$e|XEM&TKO; zLam(`dFeExt~02@0gZs%9ncZeOh8*U)OHjVFQNi8h+z1@#gq;8oNzKxLx}+HLdrA6 zxhM;1bIPNSqk~k4Y^7S2jT<>c9?4?siZPNRTdmC2X|kdHeKe33+G32O(`Bm>Na}1Y z*oaXU2YusUs6siQ4Nw)EEx2ugS_t?OG^N9M4qF(4=H`M$L?;lD1vUYd7Gh&XG*J~I z;KIhoz^_9DIUx1a-2hl|Q_W?lZg(^!3S2FTKtcWNsK1zQcM8_UNSAprfw*4ur_tr% zb{kq~siKjatum`S0PX5Si zgH_+-Mh=150m#`Ucc>!zccwt!a;oOql=kB*;GF;^;*#Tsg;LORS3L7)~K zwH1}k&|l&=7yaLANlkqmNKmomQ`4E-1nd{sem*sUsimdllOD0ud>%C58LgE&<%cWO#V{~B87u=7*iSs(6ni4$mpyI0{+8J{^@Y6UVW939hwf?xFyUj{R#msS6K2Nmiifw`f1W&Dd6CoP5C3aXpAM_$MZ@gMey$D5n?|^G6I( z2_8L@%}aI*qHCBCS?U3ug?AC!f`J+ln=Hk2bP3rt$SmbjnnQMttGJ*x4hbBvXJFbe zLKQZy5^WZkn8XY_G*R;rD(GtgjlQ#C7wPnHbo~&pFrm^APIS)#NV=+0gD)F|TLa!u zxTXl&0%wB=4&A(<_;Q33cARS!vw4(ULuL?KJFD(EZ!mKQLA)DCk0``uHz3H}h1i~P zj0sv+1S2024A@Z!GI0oELRB0wK=}|{j;&HFdHL-uG4K#%s58_z5H%2V>C9o@w z!W^C&(8!WLvI-fUz*)!Waso)x!4JStN1i-~+aJc>gQzH{5rbN>(;AWKObJt?12p(6 z@Zl;HLQMI>I|8+bto)XEr4PJcUrEVp)gvG`LAZF-2lh{{n+YiNd| z=>g>)3&sEn1FO_JB?<#W19)Cvg>b~(Y`C}r8gGEHP9SB8T4FKeO{);VKcz}~1yrXk z1SlI8EyZyyWw1g3Do5Ev`1Z%MK?qE5Tl)5M&ibW+ylt zA_s^DT4{%PKzgqcra7jw8J|Abl^fY_2AQhK)l@oZVz-vDfBe=!DmdpJ@%Sp6Ctqixhg?Z)%?An1_BP1-jWiMSJY-S$+#iHVad~jz7UYBbn1}$} zKSOC+xRcULgm;`qpxE$ua>9-f)J8Hx12<9fj5>(MtIBD~Vyu}Z5GvE zLmi`oYa0^P6p>-NJ*^oYZs3HIKV1A_Qbl0-CTydi>&aC@rtjUlp#0HAnrx615LS{k z&x9llBC}qnISG*of~?i-um-%oh^s2a&w=)NY+cx>@Vjgn`EVvuKy((QPZA^W%Dv_evn!uyKvx^0Gd~16iAo31Kxn_w z$Vrt*_?c)SsP5b2N@M_I$VBRkM3)&tsNfv5yTH@fjm|6(inivU(iHd%PWiaeC>6Cu zr+pMSEt3)TZg3r-Lk>oi6>|=L#&47qdO8W>+&F;---aif$5rgP|FmK% zjaHey?Y2T9p$p}L zpvWB<)5vAuwZoN3)*N(c9}MgDPmSB77TGBiX=lXnk4W|jR$KVirC&pB_1>Yz*x>lU z*pJ70B>n{E1a5%BrU~(k3x;!qka6*2e6WdSg|nd~G!5l|h6KRAJmNdu;7g}`#@LL4 zBp(696eC4F{9l6dfgoYX?C64~f)L#%32+fwDFsB0pG`nskljKBwXq8xd+>?i*+SJ% z7;8Zs{`-+X>XBv5_kQ8MjMKCWJ$H$)>-vB}ghADQW|c60OeRzqR3@s`D&bP6$Pt_} zx6?{4Bv5fXF%xb81eXTKOW~bT5H$fO1-j;w3We~7pa`)Yu81V)5GLWJg3M6Xi={p; zOZOA)X0Npia>-f3q&WfY`0Vm}64_J25#TF6xY-*5?@9lY}59l8JnRK5cs&KB4Trxt^V}!mDdEHt( z$Z<*egaorwmLC-~L4*|38N;dp7qqg1d;;*wKvH&}=>b;YLnM*Gk+hgc=@F8h%FM0| zKhZ&w9`G#O-XP|*lBm)oI zX6^)c2z-K_C}O(6fn{+0ay59tue)Zn6EwBoKv9Pycnir@d!n;9n{~y}OwZgUWW!+6YvPKp&)t9#wCr4$U^pt`wxRItrJ4m&&Wu^@mkBwl9 zM_jFn-#Rwh)WW{66bQ1g_C^TzFd{Qfll<2@hXOmG%c>~O0AtZ?qbjxg#4ZmaZbpNN zB-#i^DloXCrbjhbLB6WFSTvzVm2!bt=>}`UgCVc$qA3Eg;*JgJ|w;Mb92n-wTQK6GWvikstNL0)N0ueIh z(6P|l##jy1i4PqF8Lte^Wj#5xM51*bL~M}`pYACkjLl7`Kg8L$*%)<5O;C^`&nauV z@>nChiY>QWaSbIt^ddFaYPS(k_-F-Z6k?I7kQ@4I5keQ`TEivVtsu(K9-JK7Pl^yw zfaSCzgK)bXY}rzdNyf0Hjuw=1#&w=_Za_sXP7c5yQQ80474#d?-r(4RhJvT^hziF& zm@(YBv=)0|o6U|6%$98aBz>q8^$u@=%P9#Z$vr-}*q{}0Z4QT>iaCtF61+57~2DkTuce@o@Zc|6^ zY}Q>4zd@8I7EBQxM>c-KPUyyCiA`0ThSm}=S%|@08B|BWvL)SKg2$ji)!4X$1lWEe z>$az`%p5ch#r&leRnWfxlHcj!nrf=5+1?bP-=OP)_*LNWT?jMAT?I~6lR=FnKTQcd ze-*}NqNxHEGa3akEukR7lk#i9RjS-vAnfS=5%9xM#o#JIJum8c!Ity(KJT)LM2%Xw zLJG<_jdXs%E8us#z>y)F*A4mns6|kiYCZ(M*Wz{roGw$Vjaou*=`TzQR~qMqy}hoG zYC*%6z$-2c+BoPUi#8IC0d7Cs{hHS~2Su);!iSv7yhhb{Z|QC0FH~3oZ-bT*&;SBz z10l;VwxtYLT*5GOYHGE++kq}Hg0L7R z$mvu52`dK34;dkkD`^hm9(zW%2v+i8APhv50gL7n|X_ zZ};yPC3>Yst%_FuoSItJ4&BnhVc=`GdkA9yDq5i=04M7I4oO6v3)NWB@zETqBMeZ9 zQ3YwgCyy48en>17Ns+HPhOnpFP`W5N$;fy9mF&z7pYe$jItoa6522MbTmlA#YT+I^kuetp6uybr2QfuMT`Nur7g95JVxe8^Wu6xQZrJ z=SS6@r>FK8o1{FT{vBo?bU*B0_0PB&nP5G?L|dcCi>~qDwpK43f$ZkrypoHC2DMrp zE_AiB4jaz4j)(SXf(&xwCfVx?~KlK*|J!*v>S~o}Y2hlJg#0KZbLML=s5 zs)NGs!Y?4;B1K+276Mj)jC&-?u{n(HtZRT{^KV{x*5Rt30quEOy3BFMP^v4FLXizO zL+0wE9|H^y=rcku*5^ zj;o;)?r&ZhR-;sf0bO`n>cTej0_G5@168O|qFZ+q^rca3XoTZgsH8z1(TT|@-F`s; zq*-X!o!^m83__1OPZ{0CUg5LAjYx3521B9F?dl-Ap|t_@Qn3E!^&sPN$9YFo*a7q& zbcWUF_0jzf6_7G)1DgOHj(%@CkHrQ!Vf5LMbr370Tn#;DAtM-CUsOSFJ_0qW`fVw` zC^;!CGU7WdLKqpVxzpH}9I`Uej%03S;=RZ<^~PpHeKW2&<99)b>V!SbqQ^BZ)acbu zS1@v!PY^Rlcc2LFLHRX8$I#E&?t%Mu%r091yf{P=A)RLKG#l~9sNZ{Az(uurLe-j$ zZck zZy8wysi{lAKO(2VfoWr=v}sOJN*iQ_I_XYVMN<0yG>gs7yD55+6|D{$adwiZ@RYr1 z(imuU+WkdR7I9Lzqr>0shAcpj+Xoi~(iaJKgU1XSDuO@FM$)eXPEi_+3yO6Ke>Yq$ z*lxF4AvX(u1C0ln{czq1K(~IC0utXNHRh)ZH)ponE$u{wfq-N=2=@BBi7t1*LDvQV zBvhdtzAr>{y&apVaLL_NwDql!y-e{3B_Yu7OerY*9y$4u z|011r05idmJp4h?gWXLde1S><1c>}vIS3LsUnvZm5N7~K|_5CcU) zBYrF{MYFZI+U&*E%jib7UJa(_0X7XKD?{2M7*S9l)|=tr`Uh^E^`!>7i4kBv&PC=z zQZ$RO`s!Mu8ZKfYyL$x_>=ipy9dyD5GOw?sDvaZW3UW=^p&(}snsuSlfnF?+OZY?$ zg2Ar?wcdzmAqO4ZbI**(+=UV*Wt5`=0a1s!Ws)XSnw?R_ImiOU^HMvCw@Zm=*>EN# z3`{;OX@XLp`MJ+fXw1v^#kYG<(n*T9J`DUE1_ba^Y(T@>MEU{_KU{?zC%BLUjlOph z@X7&?ATF5F7bXF%P>!TEVtwvW7!@10i4c_k%;Z_~lFI>)+>~rO9IzEgFlc30L|rAx z&xsF8!Naj0{GIR@Bx&l0RMlY~g4`kh>p>BG?Z>>OTC-qlJf`~!&KuG#}v zHvBErm`tw~N_3+78wOlj{yJ?@E``VaOCvCd4mCJnu9~D-1OaJfFQW{(H_zr1f>TaX zCLv^F_Z3w7SWxA~!ch~XiNUtY8zD=K+uRU#3^MPjz2yj$xsZ^(1vomrhR3l+!&?mq zZB7jF$`TlXg*QLGr0CH43Y9)Dtcl0nr3MuiW=C62t-XzevI3}k0qZBn2+b>@odX*e zMywE%7H|a#*cwQgGi@~K%Q9?kFowLOAA(SD@gK)tf-zwyL$DmQehb|a2P$Hrx2Bh8 z*Tdv?u2@HooP6EbxSwi)d`W9j8MKH~DDu>kJ@7}PLW2>*dcQ60q@}}y2t-<3hJJ@+ zLii)n;hx^2KA;iAKLXV%Adw*P&I+V{q82qc2y(-vq4KGv(QL_q@CW2wT2ZG4bPq03 z<06_-W1U{oix&=K4yq*|>H~yE!k3ZJQ=J|ZLm_8?VgeRF<$Fh$13?%%4}1fmzIQ&w zl%d8;&2I3jbb;rc?FA1G_qfE0!3D-ONVraDm`_5*kC)784cHx4l=y@KTWk?_=&+|! zvQQ`)ppy_fi78o{?U0xRUC!KAAJJH40Fr?=1HvS(xCjR6A-Z8F5-ac*JE{*-#!27l zAy^Q>K-DbcJsD6%j9^iRi(2soOO)Gy;ubFGFyi*M1>lNZog%}RLnWGmodHLD?`b4j z)Zh!FBb)=2f+z(Q&FW$qEmg>+7yv^Bw9jOsW(F^)7oSM!a#Ps1TToXPL>q8(0yKfg z(gp6JKP`+~3MB({B2Ym%*E~vnC>&f;QzK`aSCyixzv2}u=w>4>W!>k8(-qv(K`A2` z@$?`U3Nr)bA|w}et|n}jIbQ*xj!fMU4sQxLp`;dFH34lS;P2j@gTTOr{>Uy!L4*e7 zsP|P4NR=Gi{>8lzS-CzEj=BgTb}#$iGl&>xGAoTmuVRg~IXLEkKeAcCVPX4(ZY!D=BQ zl$t!`7>AvNl+sqxVlfk>Mw73~)92-Kz1>>PfW+X2iBJfs<~gt}a$AuXhEq+p6q&U; zNYI~bfyOpP7G<7RrJ8KFE-V6Hh(e}R$&?zIN-0z8WC{gN-a-CT=)&AaU1dl*pzAq= zR`DgXOrDAf%!pvj*-bVRp3!76Q8Sug789BUuC_BNH71qPq}G|>Pdb$b$GCkaoK0r} zU%bf-K47okX9CBZi2~H*>*$6c5ag43b<{?48vwh(?2IN)5E-L_+;AgABixgM&Qy@! zQVGp}5p96ngU}X2F^SL!zV8(D!_j#L_!l#Z=})Qn42x`><76_KEbSd0KOfuZZ@JIz zbh~Umr9w_G5T!ynyYa{PT1Y!w1=uc!oGEglY<|1n>6mIM!WRZ3hojSMffPIFhu3L` zE50XtY!F#Mfr-gAC>7{pvKw8%SJcQ|q<4{OGUQzpwUl8TEA+}d6NLEGN(D5Sg@#)y zs6NnS(5L$hn~%0M6&XynQ3kY4GrKx6f;j-Cn!rVtCLdI>kXE&cUV+Ku6LeV1$ji%M z*darygmF6|5@R8YGE^B%m@-2NqcbR%)5yfA#mWNy16#p}KDh0H3F^~4fFukhO=uB= z=$?5U1QGpOtJ{x@l5hh%O1=cg;{-e^&4pkX1ELgujTM(RJK(C7A}N*^ycjDA0ihr! z=4l+-h0TW2+6rQ3O?h*5krdiJL*Kj7hNkk0Cfwq#tfIEI(NJCvmj$qY z8ygK}%-^L|pavV@-AT|Z1%A*jHa8U)HkUI)s`Y>zcnQ8$k6Kd^pGgV9(d z^?6Y9YzAFM59(wO`~!JbP(55IN3X&jHJ79RG;y=>XQ;-P;uT3zEVrhviZC{n(Om<> zV2xg^f-uxJ7fGd{&rz30K!uc90qR~UZbJADw>pNbPYDRcg~qa`n#N|L)=*#7VyLPp z;^m+!Whj{skw9uER2<`U8k@b%gf7Z4DT*>70g)(&-!rqaWRO3Jf`*w{1y;8u;DlJB ztP5S(k(nXnJw{C_v6{-&>NF>%rXVuU>y8+0D^Q}VT#m#O5CdLwabbM}^BZrU1Urwx z%~Md&YI1Xxpj$P0O7xEwx`@L+xhka={R968|LC-O^r2Rx*P*|ly$k%K(ZB%kih}wu z4|Fm7m8;5we-yboJ@uC!u6+v9*zlq<*Q61pu!WciM~yV40#WkU4ZOgzo}sp;3YZP| zE9J;o3#>hZepK4f+}uzHge_z}D+Jl4#mGMfNs{gkIFfMu2BVk5)Oh6Dipu7Y!5DtY zgNYbvCmcTDb-wkAK`-T{gB{pcOXkaMwHVXM9{UX2($f+OT2kiEj8s8zcwzB z(A*f!WYMHJdlcT-2q=Q|Od=xzG#|?khl+j*+xLh6dFo8VVY{ zQ1%QSXjIw-?Ov(B`WcBRMa_r6{k3t3#ID@wp6_lmdz~^|H|}wOT@Rqi%~rXkL!PJA z=IB+qIVup%Ign+JOn0!}9O0U5gBKs_3rR$w=>%pv+=(0VVO-#Q>rW2HvgTJuCMYj? zt4r3}2KRVj6t;p0L=~5E3-lf6nCgSzy@iAmktR1U7t*dE3yZY5z1{GMQsHiEgETQH zD<>{cD&X=X5)uf=F{d98Xn{pk9X1iX}VNGjPGQhqTzCC1AT7i~t~1Kq|Oz@Rb~h`!;cf03NH%n!V){TEbYB2L z<;53|!2PHsHFoHKgLS&Fx(D5M-!WCC*XE*gjIqv8TU%UDf=yqCVk*_7!!s4O8GlSM zX*BB|>^^~I2j!q4o+jor!&&oi?x2jySf+fa{obqj;3ObwzJ6GZ(D-9dRg`IG1WyRC zau={KAQ>AV>>JoRqp7DfE;9|8$sny|R(Ak|1Qsx5W zZz|8LV}*|D8Yk&?v8AAJ8xV#OL{B+9L}rs4G7pX58>Q}_f)fcU1Tqw-!ey*+n3Bkb zj|8Jikq5muGzD6PP65603tW5{SC`d8RXbjS%RK8(F?8|V?ZP@MM3 zA(tHNV-@uwwSi?AcPKW-EjrE}MCY!!A@jSzyl*uNAZuI*LfE%mU&g%e|pUnc0J$9J++!f61+{D6;z z$ANuy@WprVMPh#DW#oq$@gindStjPKR<2O;-;_PPG&I@kRDa`~UQ z_|c)b;xp>`=$P=q6ZQA-?J#%;4Mt>uG3-o!&u<40?G!7DU_{Wz(;XfpP+Ta8?;9%6 zqze4|1WF2lYu_-x^BHUi_@;lB2mkN6WebEt|J%20R|p4CU=a@y`#-&N1){YfRZs#{ z83}Yj5UOCpBSF`OcyXwjN``JBMj?^$Ax6-TGa+E=l=p`&+^4RNZqvrT7fZmM2_3~@ zS~z%Fk4S{Sp+XB<^H4q<*+V|6tdNKpXmuK%_7yh$cQMQ3Wesp^|@qCo&q+WlgZQ73hUNuxnpZdJR8?`O@HZUXYw78OBx`4%ab!)&8R{ z#l{nc^c5&r)PL6|MaIBDg`q5{Zii+L&?q1XN&piA*wEoTAs~S*5Jb&^I{4w25(0w4 z!XjfL6Vn316AWiVhi}-$5BiJu-LZ%Azdv?{^6}p%dfkuO+u!x=@7<#*LjxbSAbGFQ zg&NV}VU2K;{U?;SpSY#cjG_D1X5~xbG`a=d3`)aoVEkA?M8v;kOMS5&Dr`u7f-Ah=$A|u1 z4ZT;qeKK|N(B=(hyNicvz2Of6<%#-)sj<)!?(dw+kNbFNgT3zuT(4nG;NLZmU$kqQ z9V`$M4S7eh;-PiZ$gX_y3@V7=i?#wcN`a^gF0H`S>Z4W92eXk6R$HSW?Z?aiXCB)l zn*I|=JHm2FeF)<}AgwWs^zgSL?T5a918GML#pnZKghBDLASWZlsP~`#rltLIbI?gW zIVdCz626bXJrcU93;z5^n}oCyogh#p4qbjI?t(x6kp@3#hM})kOjs-&qQJ#GJ`q~i z{UgnVK#GUWd|1d7Ruq&QumsHxC9m}u9^@a0;iIXP;J^=uf5pOxF&ZCja6Ub5lLgkT zB;ur4cG|F2oOTHOIBrOK0kH=9&4(CLhCxT5?GAz=5{4lOUWwn|HKD<7{2ak;@w3;R zV#8yH%Y5a%XueMI5!e|a=WEi8jl zfe7FLxIoJX2M5)D!3@o@f#9d$2|#7!EM9x;k=V+*EtiTmFAMrrY=W|hzZN^sxk*oX z4u8oNdg5=|Z4+J+7IZ$%Xq&ak)J}f!VU?EELQ_NB&z^1C6TIESApXr&iTYikRRyNY z&+mV3^3Wsu$Oiq4i|1NbUirE1iTx{dMCG|{PKrOVQA=bo7Z#E38@T3c$Fb z?)>=iPt3q~(Lb~>XNL?0?1GjZUnTRecJCYX4-Ld1=8vF%s8jht|6iTYzw^N`{pSJ& zaBd=iw~w%zuCOoxj4SHWwY0R1Ci~ks`+3h>sidSNDk?fPIBk+|yeoV0RCWb*{4{uY zkM~QbTaKsOxk^b%sj8~tNFutrx|WQ|0mVDeX!Q8WOxKh;*NleAzOl};b762lo$)RK zi}x{;YUSkQd~#bSx`jI@)M%O5SWopbca0fi;W#sY3(eGgX2BLb9v`x#T~b+FV~n1N zq=J=8gnRmO=(Z8Kc)xGgaQDf^)p&(PsJKmON$hUB|BieJkYb}vg4ug18IfC+0 zz8ym76ecTQS^)@g>16C~jN#1&Q8kvY=7H1x9atg1LW4FW(`U0;tp6zz&+mMYk{;mq z2750Ia8YKhs_i{M#B-GGS^_6&?l7CR*}F*JxMuqDyaPLbi{!Q5IjXh-iP&_rmDS{r z1V$Z`1w?G4iyQNvQF}JJCFDS5H}*Q_ViT{hc#P55&~0TiSEe%dSj5Q#x&x<0BlG9G z4Mu$pQhSeW^N@6piKKT;+5eN4%bRUd#>SD)PUo?<@6tQydFsrX#~J(W+Y5q@?n)(# zAIr>D>0{CS!5!po*}T`%e1C2AMk>ee^znLo1nur{U52c~ypgBmDHl>JBOTGLmQRXU za|6i6>~KOU2FILWMAZ2qSYs6UJUL)p{+BmjLI z{~>QU0{>}r(;xW%CujMuy*>i}fk{}`)j^Y*L0A`koE^}b=Fdu^2QIGIcpfO315qXa z%=P|h%hGGw=`*6zb89NRymf5?T!Q}h8&VI6rySKQ+6@?8x>)S+X)`y*Jzj5h}DPyNG zOZ*hL-5a#?+1U-iu=T1CB`5358r@aTU-8>AFSG>A=+ByA8|Be$+fkPP@~Q8U_46#` zoHJgF07Y#(ol@S;gwrxlU9+ySF6$9>x0@=SU$NYI$(Xq_QN*<8sgVa-yk=?H&WX6^ znzZY>@r?si)~pCl0k%GC(KDX{S&+8>h5Pk+*!5LJf`KsED={I$g%6}oY`4ddn2k5` zq_S2AgiXr^>vVDOr3H%-ZV_r`p|8HMUz8C)!U>MAh z2tlH*fIoc)_!j<~QcXU?e<%Q;{kZ@CHAMe&r9R-l95|>t#Q%qd_0IqT9M+DP0rlf}r47afyw?uPOxv4t;MfL|Yj zd)?TY_UeYUq*;oKD85V6&69SIf`k$d68Oc)xyHaE!;YR1Cj_~OUTpYAJ58Wd z3jY7uJHR*bpZ2NzUm*WAHZ%Ky|6g3Mzx&J2@qe%e40eHSOQ0MDK;-wHCIzKHd2tGz zD@C5{M@rL_TpSG`{@c+3V?5QGu9V~ta-zk;T#E)0LPPjZ5POgR^5Y@?pKezW zpua5Y*6mwl(w*B9^7rm3E8TpA!YV)e`K9c@Gnt3KVy%c62MfLi4@0^o+)L=G=cDH0 zEI89nYaQM}5H+5iNR0{MBRDH7LP48NPMo6QU`&?-Pb0I6I+LVRBaWV0VRkr;%8gT+ zE+!2~1p~2D7%OBj!WP}J?YJfS%25;o@H~vdi!!ME7wTCXUoc8E*p$c|k{Y%%D!-Sp zCtjHhy2TJh6Co42Tsk!R=Bq#NBUYzto&4U{r6IgbpKxZV{jl!{PF%y~ML z=y987BT8etXK3dU8eN{uW2hzNASfv*-Z=h-TtxJFj7m{W#Nty}F*Ik9VM6!f4H`}a zt5Q;!@DY?=Z=;NMR5!*>)$mbSR?d^_Vm&A$wMcx8INjZQ|2xjf{!N>2?I`f>2gL0L znt`AWu@nxCH0Pw;w&9`;>KaUt+@xobvNpaK7kT<--RnAEf^t4}7@d3DshgK)9l`Xo z!h!9@&RvB%GwhCglutrvZ8_(rS-JQ2Af~9mTN5q9@FB&fs9#P`ob+-ar1*vO#Yu}9 zDlNB)j9hS_jOGdt0q>V_tV%z@Au!ChcLd6d*sdPJ|9gE)*&P@EZyy5Ri~mERhW?@o z;9K}lr~VQDp-SL~{_pPw`!Ce@0slY9|7*HThUNeBR+{M2MIrd7FNaD1*~A*X;4~A) zWE0do>z>H zf0B{qcoTg~GBZ-e%0bmT%1FydV%`dvHdQtCr?EQ5(uG^8VFl_YcH)u>xR2+{KPLY# zEwAt?10)QF5B(m z)qr|j5(jvVbbbK9SSUz&cea3S^2c3GLkrp_n-C?nOv~zX{XwCmP+%{c7P48iM~*(J zg&D#@nS16L^k(~lVl|pw&l>!xib1(?wQbJU;5dQYjNg6{95F)Ao_~*i^@Ob0>7CTJ z1n0{0=J@sf8Qt1hC%v^*l?3wtW7Qki%RD$@60ubiZOvf(l>TsgoQp}o<87R{TV9kz z>SJbe?xn02J0Zoao~cXkX+Ce90vLP2Sc}EZ=4x+pM9CO}jp%Atc))Ca&K;ZaB<|^{ z!Lx(HdZeZ8G^^(BJ@hlcsToxNbOJBV8ECUmZJ~l_pVa>2dGEBUD9NiM*Z6uXkgG+- z2AUfs(R&7i@Bm1HeUGWyR8mZ_B9H^xUL?B|@rr#~fCLJ5tEV@s0yK!JRjg>! z0!ARFUQxsttuP&zUZYBn6s7x!(t|~TD$uqfxv-@C^JGQH=z>;t5e9nSQ)=r?1A2g{ z|9shs!&(Xy9Nkm2ph-PunWBG|tbzs3&f|Ca(m#y1(Lcld@8cC zBTTx*EGmz4qXS@LTBLjcUaU-=rX#?A=|OqZ+UX9b9-@RrRK**4jQYG`{KwTFfcQUS z{p-63#D67pu;c7D{j<%8Tw*SX&IeKG743cl6(N^#8ZE(Qy}U+`z3NWYX#Nc8bA;o5 zIh4|JUqB3o_-~Gk%@*MQi-Yktm0_5I^K&mpaYCyRvjb5}W9|wO?gevuEyoBw03x`S z&V#3ED2V?W0{nlfFh~t>nME;<&Ed~5(UAwJtOpl@cIVFBWl7zwv`BG(D=+J5e&pD0 znH(*JDPjlHFU;v(se*tPC_dZJ>gw|a(gu`Xlty`n^8Chm_%gx^O~zFHf`(k5Ag_lM z7r&=!w|gwefxY!e_B}ry2Q6EikST=js>BvtOLVx(@@br0JM(HoM=24zdgXz+XAx|6xt{R(JeH#{6gX2j7MN@$s=Ke_rhW5v#s||5O+u<1_g`jcW3P|Nl6D|Kx{Z z{KrG+=6q;oSV{wirSyU)0EH9S|1HA)XSeEy{{8sWBcQ~DQn3QTM4eblpLnzG0Lb&bhCx*Y%Z%D;#H zp;KZ24DJ|^!U_(FjfsKbM*~8mqQ2h_cy#)w(ah;Fy6Xg}_M|CYTlO#i9CS784O zjsFFWmJgmdaRN&Iwq5%*JR-u=(+h+&?A*Cit?rdt`CZ^!2j-qnI6BzT(E(Gms?DjJ zJ9qArCr{MoZUu8sT)TG7b=O;4Tif#T@`Q(j4Gj%BIXSjl2cc@Hxw#oy1iX6n>h9gU z+WAMOTpUbj=-AtF;{5sZP)w-1cd)p)IHY3`*d_qi;;B=oCL|;PIa>4Hj=H)!pljQF z;@0`QPZEk7LUQU{6N-zQPgD;M?md64_{5-V!wK7*27%|oppdh@yW1oiroFKt6^)>W zzzo~@!6aBPOo2&oCNwShXcCO(Bu;G>m=*|3f_JxXOm#9`+IDJl`tg`)2OjUpn4f#* z$?L7-Pd-`s8z(aSbpHxQY&A%D~=b_M$o%H4mk3yM;O6P}UwG^rL}#Mn{1)0kSF!tqJzK*Pcoz)jHS`NV zTz?IN#`|;b3-=~OFeOf2+`905?M$yU`^ODSd@5%JM~v^ut)Ba8TH3m1hh+P}&8)rE zk-s#|j-QGv*~qZWzvhzeSAq#LG9Z{?qap$5c^wrsLl5SD0sR0nsEX)lZq4Ch$<#J(e*=~f)>$C;hceKJ0#MQc#Z zZy*qZ%2zot>BcmSGpCy~dyfprkG?&bGwa6N3ePF$Ezq{CvC*fOV-Jkq>Nn#|D7ZDP zkEc=OHaQQ^u)NEUsGfV4V=ts5Ina1IM$!o^S+v2f%@s@tcDY%0wk>Q?73!SZ&3Lg@ zjtqk>Etssb#92E}SJ}i!|bM|hv(Gym-vhiu4{*25q-<4CD zpzU61k&O&3|fK=rpge)%N6SB**=dbkL&Lc$s5UT?S=s zQy=Ma1I|0gtz@}sRo%xazO}OFE}ePSe-|8hlMilZNqVjY{%xdt$xLL+YQcNITI&rC`YCO*^~zhJKS1w zGvhj$x5vm%g;nOxhvs=xEEMNHsX9@(@aGG! z=NC>iTzdP3y>l9+GT`x)zS^JL((a~ah*~MHSZp}u-s*|%srQ#|JhAKUhW#q(4_nKe z2j@OobG>Bu{oNWDcBk$d+0R~fho5dtxwq$OoBqTOpwQ2=A?fPyetUT( z<;icadh?Cmy}n%)yYH2d0n-L+wPi*YAQ4(PZ=auxUGUrM>l+umd;8?cf;g@qC1nE!NX_}Y_O(*^9T+I(U3bHNgc?h2-g#)IJ8UD4&-2U_#}tw zcIjmUxf**YC^C7!6n`MkqN|?Rz(h$rW9D0|=L_E(!x2rS%qLM-;1})4(rBMiX#bEQ zSxT_i=n%^xc|$P{+g{%)FxNBZI+ojLZ7Md_Xe+$;=G6DjPpk&%F+z8e~Am;iC82cRcYOHCIz$pkK` zx}vGLj-NgKO~XhQ#C(|SJp7tkREw5SdTL{Ik3#q zJ9u(5l?iT}lEjWjiktYNoP2x1^|$rY8z^U&lK2Xik20ku4@}B;-dsD^j-l$I$00bW zp>`OEOxml5ZFv{DK0xFFM$Xp>X$(cl@-+c<*J{t&-sZT9EZv5IOqDIJwblpM`FZ)) z3MrjNNjK_wD&Kb&YubWxkz=6c0v8FVl3R^xqF6?XKF8m&)}R72?Wcu+V%t!BLn^cs=rF|bA1uT<$?g@RJW1ND&yn}8 z0@Oy3{y^XVo%$A(a3E)_KJcR`c;{*REhmT@*s5LQwyEyn%@0a#1Jhn}Fmzs?dDjim zxjPO#__ZZ}QU+fvT<(CFO)kf0$j>wPEv_t6OIsdy#c0Q7lVRU0!Lj zGf_fsj9QkM8dxkTCZRe-ji@J~WGpsAOs_ZERPe{H0Qt)&x@X}H zgN>W7Ux*Lc+($%XW?{fvEG5t;hY_&bU6V|6%FUDnwuD54SCfws6ZN%F>yzLFBFrtV zFT+dr0bEHV8TXJdE}4PjPGnM^OJ^}jsfq9Y{_=(B=X(GR_F@iwW62ugMl;zY@cme!V@Qs9j3 zbTvL0m|@!JvD1)39e8A$c%jI5Fu8Jk!9Yxz|9X{9iCz6+ZCk`elv3lOqsFZnv+~rs z&SJfOjpRvmleO-};jzKiSNyKtZ+mE{le$rwu;PIm8i!*<&)##%5N%{*cZprih#Ida ziZ+@a-A=SwUCVhl|K%-Ynpdt%+;iUBEV3MZTT4)`5H{z_Tk- zYDFq(DmjN0=2yv=3FCHmmrgGZ&$xvkMKA7PCY0_BE*4jl>R;*T;1rM1%F@(m$JJ?a zi#4;(nyb2~6XM%3@{NHSjzE}MDY-F1_PY2yDUFI*hq_&a-69uep0z5lf94#cvbQ5- z!U^Rw!o~O6jBT8p37SZN=iaQ$v7vj^X8_w5zjuI=^?8jbEyi0 zQ#yNGyf*16f1Ju~i#+SoPYJfFKQ*1f=&G4sv`4*OWtzz_CX!f2=hfQ#BBREKIM0gJ zT!_pd_S{5mJdNuW*Upa)ta6xeF8u6@%AJH~cg#;rICU(TvWH}7Eq;}FS80>z(acqa z`z~S}?jCQrzj3zCG@UTlo{-Gs6Z5%>NcpDr*i1D0fd_aTB+0=aUoS2f@(KrRJ*Et> zn&jNLq2>7SS(lv6uk5mJJ*4iMw54~cPZEAw z`&PkTd_QvP*PH|C^c!akbpq9-*bfwxv9+r>1C+7OUCF5Jn{dFS9A*FDVDRI4jEl$% zA2t~;^U64P{B)&Ie$iDh4BMnDOoz}Hk}~|NxY|cZq$QA4Is5odU6qaevY+yo zVRPh^xNVgy)`;4ZN5Vkhdl=wQSGA|25V24Vf${L&KB;EUHOEE5<~;JX$E@;>8c3da zBmd$;(Z*bfr|F`E#ZQR4epZ|RAUDHdzEb=GPvc;nGBmnAp$(`490LCgDngkA2V)X znXsI8P&NT9TEaD!W_Xq51}jXkOQEz)uo-g@gC>s!B>jiZD8h3wa3~+R7i`+PriL5E zicvq}AAmj-t-N0$(uRb`<)F^-Ok$|{AG+9 z&bq(&-d>fT#kv(Qo!q}4UQcm4y&Q~8L~kbHeh}iWv+9nj3{fK03GDstLY|NKn^!Y| z9HVFOy1)FpG3|Kyz2YbxB?k&RPo|T56X(flbsV!i$M~qqwZxSx0&dxS1A7KVj z4o(q$XU=gN7fo%$>&fwplnnuuVFO;c#CGQmLhuA&p#)W^fJ}HBN@;K$f`m zQ)e5}v(vHEV`5f;o8-!UXAV|YlUPeKt7dn|mL~0#mu3Cj=y=1^Arae1)>7t8&Bbgx zn$v`^*^Wy+)PpLpxJIT>LDF;?ls||#cd%iqj=mjAH=egVE0{_v9%Hccq8)Mht}6BT4t{yYb02Y(ms;QYd?CD& z+u9QhFIv!Y8`)X85RTaloR_E^x1!N3LwIhc`biAQ|`5NzMbZ?#wdEt z{vuljymX(RW<#81wdgwA)k61$Oi!Z6CY?vchl8yrsNfza%-uJE79FDzG22sPf;mkl zF+MP`$j>pcxRfa=L!(QHxXqT%Q$))Yb62ouEomrAO$wDnD^Ade6q2GZmyrx9D%mw- z<(mBg%~evKLb>#U9n%)tl`UT4bm~-4B|Q_hnXZaH8hq_~@AY#NmKEH%+kbCjvzY3U zAe%4sUY)`DRAd18ir+;B0x#k^Vbqt3{TTHBw<{g`KfAq0M$`B%`EL{}C_cc=&E6>h z{+#3>`04B>_{nq?{B&mq1jHnKT^>BT{1*lhFf;y4|6@isHvVD%Bap@Z)BlF$zX(9y z>wkyizX+`VhxI>#Cjf=m{ZRe>(<||xssDTEf0C!$zZ3)P&&B_Ox?q@!mIn2|KjMG= z^LyfZ*WVsyY=g0V|5ArW$A22l*yMBjf2s)#3HHPO|1Zt* zH?ZEs%53zthQJo^F$4LRsoHGxbr#eR9?weq`qF#@U4}!)!b~9$>WAD*N7*i>R@BkQ zGgJYrX=ttk!jmFHSqV`vRfaLmlu9+6%?|(47-6lWBiG1U*&*Lm<>=EkROL5kANFi? zk{_yu9Wpd=Fx&dKhB-Q|4ONyLK2({>H!Guk$DF;d?Aty223~*Y85Bc>4t@UCNNJ-_ zTXb4NWOQsy06XEUe1WOeH&7eSda!`A_$qS(YZx6#U=86(g0vn1QD0>*U?rmu<@ZWp zj^3}F@TT8_d{~L#B#Zf&Xk?U{M&H*T4vzQfX}(NuCZnU;?{$o_I^O{NA%y-kAfSI6vzd(l2EX-(@unW*iIG+CXZDclrLHp1N z+E6FV&FH3I>I6Li_UU^%0daNIL(SC6Y{U*6YMyRkKHNG?-1{%J9zwIEQca+}bUI9@ z_f>Ar%!)cnelH2RcJM9Cn z33nOCeXwv(U;%$_lNBO`b-SR$Gg8W}Wt zkrA5)7J;09awNpeQA>>!S-?`?Rp|5aB!tAXSTN7pX!BO#rjH zBt!?8kAA8D8fBYVjg&47H$L1EIQCI{@hNv=NBVP8tRHXx)fxC+`L8RB9SgHH#m1-o z`IbhP|5B+?0{of&k4A$b!G6ep|NK<{=@Leei4BS}5&))ANOFRaQ&2EW5EPRbVI)Y$ zWdxI>Bu0i9ea9~OL9u^&?*AJKe8a}6~urUT+zt^luE)fBlI6@I6!eFTeBN{}YP?=Z5N17dH_H>guv~3JMB>bTDB} z^78WHK+Vq1PEFicjZ6~*%F1E}Fx!i)u!e+$gtW9Yg-nH3*s`*+Bp|IMswWI&MSubs zP{e?$g2))?`6*3Og&v-wFi?(|p^S{ozuf1qRsiizhn@{*u7YC{c!V4X{KVOlxdvg3 zWxjXz9LoPV|IJ$L@XIij+dqKpVdLWo2{?({*s)B6t|K6?CQ;OVoUpTBtd z>h&*getrAfyFq{^DLJ(C?sMNLq374hbu<7;>5g>{n^qhuk~3LW*tkh!FBrUpKA6w{hOGZ|A_zbJyZKHzca%A+e95k_Yu(lP_;u` z)Uf?G$`1KK=l}9t|2J0fm+61#Quuuc@D2K>nVEbp|1~wC{;>c3w``YT`Y#5`!}mXv zuC76N=Yvht>2?5U!7Cu09_jC&1Vg|2`$b{~T@YDcagpJ3C(&7Y+dG>FGQ= zokgby10eO;6pcVG!I%X1zY)QHPG+8km(@@6f6550LN{&gg7-i6>ong*m!G`eBj0@f z*FjDUjCwdP6W;&45+aipF6O2b=ap7ehLn|5Ev@sdne$Wq((K$?K#@S2)~(Z52J1)x zq;=71itBeGt%Q!L#_K+UdGo7OlZe%&9Z9A5lHxt{2rnWXcw^PFJah)sx-S?p z3g@jO-0rMqUl+#hb5FXmy+uWJ`fHq&_s;mti8y3;vz|pB<=9evjZi1HWV_Q~1}1fv zaCh&aqs0?E)V%pybk7LO21X=YGM$u3(7wlMzrfG*+Su27NXcTeu+3OWDIE(i&7)8} zK$-ozW)lFh0~;vHuP7*-%z3thz8&$p@usQRc*{90QI%X8X}uyiYv_+lx7XIn=WV`w zLgC>q-qVYl>AQ=ZW9}5RsNV!qDoWMU=f1pJymd~9ck%9*e(}N;R;%<+KRed-3tcjm zzsE8`UR*Dc9Hf!?;z0<~qez#$%S`R#Nt45)5zj5Rwmo|2XuUjcMfK&rW7L>~x!i7d zoomZnkKG|@d!wC6=esv!GmoWG8SKZbQdidYwtOW7dzOtd9q4^^j7VC-P4Up+0VYtG zsY$_x$?`ZI3-$ejkRqzy>O)1;6+vy%5xl%Z1+E3vx1_a2$*N%Dk^!4V5rG|GiE9Qs zWPDDI`qA>mQB&?z6nGcjshl5iFT-7$7pmZaN95iUVUjkleFtpAb+d0tHp_ zcrq}gQ*E9+9vDycdi?mYFwi)0;^eh!*K5nyoIG*L*)C{9({=^2ksif*h@%v=1%tZ; zQc7UnHw~U3@7qoNlTl9BH!OO>IdOg8^{$S_2y$oWGqR;#X)S4`EK^x0Ykl&x{;2)s z1ZjS6C~e^u-=Nfp3nZt?0|m;$KKRhKCjnP{=4OyZeQ@~XRFo(dUxM-Fpkzz%*j!Y8 zVH!rC>m%fgT~=M|fmaC#P$Vlh%~UP$5XPcqHp)wiNy=}OK`)|92#F9o4iiOWF|vm` zJ4A$jvXj7IFZ5tBcwzkci#-x~Kl^)_{&Rsb=mUcIk1)gr{7(=Da_AHMCHVO6-LEfR zp3*~($l~-R4YXt?mI{k*B$CESR+uW>UC6zljwO*uH zz3qR{W9`{cSaNau-t$Mhw%~PbWmKzzqRy^Zzx}5bl?2^ZU5EMXg!@-}v+dl9@(VPH z;-1>3kuw7Z?mf8Nb1_Q7bT-`yhrybgm`%5JWGLCFD62|~X#KRR;qc9y{V!kc>*(mY zd#8Df^igxwdsArVJZvv$OD@q;S~K3{f(X)=oB6V3od*vd+_!HZjC9%B+PZP$MwsSo)v8rI90Dh3OV1bAMEsthqrfVjWlV2c0Qe6(GL}^)_dj9X6HI={ zMr`abW4S z^>Kp}?7W%v4qTEr$Dt9dBIIosS5Ix^1{IWw$z{l;(SkFNPv&Y&TbA+j;)1Mf`z;Kv zT8?_xF~c(Ih5mRv&MIlE_l+c6c0SFRzqwC6=d7G&>yiy`$J|Cyteu~egEjNX!bTZ8 zdNyU}7u?j-$>?wCy_hXNPU*D+M*~ZiwTypGxw$g`m!JF3tV^lbJr*aobCIonDsliL z{p^=>1DCRF>?I6)&Tzb>)COz_hC8_J1fyzoTxnj1B*aSav<~&Ad zFGEcEIWvbKMixhi8jTc;xJCivpqP9C6+>2La^=MJ3(H-n88$R<^fgSg+l36cy~TqB zIk`fVh(U1~UxcTwXhO$y4R{)=xE4pDhyGt{zGjcON)0v93X`4JRR`h}2J( z($5sr5O+CA9$ZUr=M#A&{8;aLV+<8}9d zp~ljdUt{(ZnyMS^+5YTTLiwVM+e^hUYPRy?sjd&Iv#ltg_SX| z!(eW(GUxBS*N zUUHA5wvFbMUK1Ogp7U%WwX@m4b-o7AR`|(|7WcMUVFNa}jVjZ<4wK)?$T>cF2yBiT zK0LzC;s@Jx3r*_jIzaY*%FoVxDjoGpEW>?avc6$RO=MF_5$C#X zSbG^R?~@K+p2x1Fs9{}R5XGXVamkX3{n^L;&@Pr(ati(>`AG&fbI?mOk-6ijvIS+{ zdClGN84Gl|jP@~`rkIJNRp-<=p$><)*q(T;QBY~|YP&+`aWh#8f^&FEy1r^XW!~B= zMo7=nuLQ+$VlE0?U3qlQdnJT7jXQX4&)lf060weqm_ zb#Mc#cFQJJ>LSV#8Dnipy-M_70puK?p%y;mll}Q<=}_iisdc9)+jcctsqT?$bEA#W zs)B6MItnIGeA-%VN~PSvB{=hfHliFEC0@tFnisGZw1f&_@xD7hz?{NW@znZ$oFd@trYZ zX)TQ_QEHf(-rOwNREi$4iJ|7-jmS{KFi|#$sD0oR@l^o3d;kzy`H~P);t6ixx;GJm_*IJ_R znqMbG9V4znMaIUL5j4^{WbJM=-iblb)bP@83_jmy^=jvuwV6VCy_q5p4RDxrgd~%b z`IA|L&Tqc}_tio(iE`~a(kq(NFYFdQxFa|!&YKo`b={QN{rV8KWK(gt)2;VGCkqq-n*93p;doL!*M^Dq9+1P>R-ReBz%NVv z!Rv!&I+@tjU6}-S?@{kQe)%+ZiN;LcQ6JH+^05FV*Hx+P)!8oH(wl4kR!!KGnXPc1 za+l5xl8M}bl3K>dHEIbFa%Zy3_eWva((6&a^BL-^qL5vcaY_U(1G73R%x2H4y)BS$ zTEWKvhc=uygCo0PAZLu74atMwF1dq?)6WPZEl8at$sNeiR2h(NCoFU=iGK#>3; zJ00B-qUSZ8HMyH#oj;fhG%&aoW!pG7r$CfR73Y%n4*J%uiyp;z{i+RH1>Cr2%9G74) zI;DD`>oyl{HxZz%dl;BJewOt5K%8$MLnw@rr9Fj%GvRSM9rwj6_Vi-psxw8x7}-m< zt6!N4LrotA9D`Mth4HphvmG30|v9b~*d1qfNm9#pR7aEx^J2>ZRxQWPcQ zfVY}(bShe*e<0s1qK)+GUAAHe$hT}{2)F1ULTm;~p^k$)Y>jXtIoSu7QP6r3h-fk| zYmms~<8~@}U`#0}`A!b*Voc^Odp2@-4FyH#wt3~NXS*aVL!0CI63;mJgmsjw;f>jn zCH!1%i~0vHy$6tI$8ly6Z-`-?2UOpQaJ21gMBM<8S;fVe4`dLh%N>vgEqP{2L8Raa zlw{uk_Qn*OGk$D)v=S#f=OXXd!@^p<0n}%*y&MCh)HdNf?k}QJZAJmhGH-?R5Yf&6 z+~GuPtU3j)m$DlVnPpf~G@sl<-xdjWjxNr`}n+?u+;bw3!Gq+=$d3ZbpHbL;Q;t^;g>Pdfibac5W>p}1;CMqvko7`Zh#w^ENeD@%2!Y4*mOk`Y}BdJG#)=Oa>Vbjh0Bk}I1w1IvP z6EU*Mh^E7Y0yE01xLvF6eK>n#q+tY%FXBXsvFx zC=(TLtgbPD>UxS&rKrWbqAsZC(pyk_HMwJ%tbkm!Sw3Rsg-On@&@o4Ekjfo%0VUoW zngxIZBe}V|Kx=JMj|I-SF*1ZgaBIQ%x8Op#7%3erpx|N|Y_9uD7jS@yy@Qg^UX7ewVXQDEtk@Hi^fW5d1#>Ey)q_Kw4XeF&K6*l4 zG^>ZS?-j|n8xsktr!ufU-5AyYKA{EUKq*)-fOY0#9C;WwE^bLbW*P;Xz`$yDVrO(? zQ<&Ikd`x(E`kWSg5EJVai0z2PF_}0#1@GF8-PFrc>ec_%ZL)m}YnwXju8+YPiRA^8 z!@`myU+xr*8X(1SG3ED2@qFAqd7)^IXe198HGm86#>D`92pbp4#LXTcnRSPRB(oIQ z^)J>$*{z;O9RLB9EFXFpD>+PKH75lZJdKN)&dFf%F-9sjO> ze_8$`@E8q_O-zi9{-zS}8}c72&Ga+-Z)39``5*sH8{mWfj|57GT7=3!sPls#Khvc_ zyKj_nG0Xz?NNi=Dn>W&WZO^Y_c{d#@`wCazKf3L)(BWrJ7hW#9`{u-}cVfb%{DUi= z7F?13pHYMSn`ZmJubF>|{y)ZY8GT&epnsYv+;AiHKW4Na{vV^y>EHGAgZx)YkpBnj zf1qF#LO?7l6Aeh?$JvIn=FDNG2my)+(3vtW&|J?=2xtU*Cqt!>is*#A+(H=orj6ge zFt_~ViS8)Y+!)sU)%6?kK)RjZ0kuGW-k~Z=nm8b_b@NUWy~z#r>%~Q7SJbasRo{dK zVs_)ap;}24=uaBw>M=D+U&&z(D|PGU-EyJ^n>TL}1BMEsCO+Q&5v*t;kPq-?J56N@ z1Ff2}Rpn(>{@!!!#(5Uy))?p+yG;$#QnG@uH7q~>S*$;ym z8_yt#hdko8|N26AexitHLKYf`iR6_NVmu_C6A?&WZX_f4DWaF;!28a~ZRUVOFkJs9TjFsA@vw!;n|v2Acj5Xt>xU$-amf{ArC0wZ(q1eHavf+o0HK>5n4K{d7A_AwaSGB&S}g-2I6@(^V>*F%W0Hvy#ua9_{`pqN zVCZ&+Cg=S94z$5pf@wh@FB0**q9RefByp-Car$P3Ue3a!_-33YhRdgv6IyTtcb2>f zCJTT3W_&e53GC40^<^%~ywQehzJ-cnQ=>0)r128Vjpy=Cln50)zFC^#k$3Z;r9bmV z$PHtfEI=0&uzvvyn}BuKBt~_#lVt6q4ykfk)V*U9;5E1|HH@RMWxX|Xo{$ZCmbj1SZp~1G-2a2d2I=6~V&qv%^WYO1ntHkO-%m4|G}8RKm32cF|B{g<4^G4T7dr${NWMs5&t3b!y^FV zIRtG8?C=zTAP)}$i2U#rfJXxaYG?&8d>p{jVHn{dl0!U)01giei0uR*_y5>?54a}Q zZGCvsLujFQ2)$$I2&nWf0@6V`NGDXO8hTZFM-3eW=^fO7^d^cTRk6@4h#f2caeL0a zr`-SEr+@eRz8!xukV$4HZ)QEude^(wvp^*GbC2na!n=;jDUdJ1&qN(n(UKQC?qnV0?H&w* z|4(oA=UDv2f7L&(pZ$XWpK($xb;(d%*_=g(5NK)z#8KRZTUPTe6{Cke$>56$UzMco{lc4qt1jgo<)p zX;C8ANHAP3hgZ=d?jY!(6v%R#`FRn}a@0JkT(M*2p}^9e@;fvOTyrb;P_mrQpv!k| zEueSiAM!k}>13EIF9u>Lj3lf*ogJkhl%9>UEiI$U$XQiuPmy(?>jFKqk{wYR0yX1P z!&~=OR6?jJZzS65O;$}O@~LRB_F|u?e~3rZ8P!kRT8^#MqmZ-iR+}_~AfoAky~itw zncRWj;O=)8uQZxnXJdUfw~-g1a!x7;nI~dX%0^OO7%hDAm4Zz_E#teY^OVtssQz*5jxYw%6maIwFq}7?r^m z1phBdzxtQh@IP~qe+vKq#vG8}!he~+s{fP+MInC2|9|Ft{afGrC-|@YKj1$I{vZW_ z_zxmKi1r{0fcOs*0f_$~u!G1CasfyLATonc55hhO>>#{@L;!-boR|Sf2O#W&AP>?6 z=UTR{lmwO<{0^n={BoUA% zL^*$8zPW+-5P77!ya}WOK~AMVMgE^3_b2`<|HJt2rq;Z|Z*$|Ql33Md~VbuCo3yb;w<-w2iCJ=91m+JP#v zszD%VpfrP}2+py=At)ubfqQC75M4SlH6~2~UtL9(!W$^>4c{q6ifr8(6sKBW+q-UA z1E<(UVkyRUp-8F&juKw%eco7gY6dy$#SYxfV`mXUa~R=0`=jw&+%3ylq)}0ZxThB7 zR#zOGV;VCmBK0Sf+G`*qSP7ebIf6PFf#Ivqy6d)HMTCA` zk2&deSDTArc$|%R#)z+#3Nw^6(<-yYc*$`jX+%0X-j)NZ8m*`7Uat>`Ah31f*mx>a z76UbW|J(ZeCu#l72kd(4)9mra7lGTcyLqtHDyM}BNyz54LW-6SJe0eemKh+-i&no? zm|vsEVXu||&zG;^$h%*c-l3}s;wgEI2YOyV8Q;;cnH}hTyEPZ8ciH$_-}~o_?LH4@ zul0X?wSF_5=fw4aU-B*-9gqGV)BRh``R{(+KZXB)s(t$_XZ|hxm;bB&&+-b2zvKU} zjOf2^*Pr13FY%v0_5VTe2SY$0{{Qs+LHz$Y5dbkCgmDn|W6q?4o}r<#gkac(6z3jn#Jvb+{#jn4KykQBh!5g71su=c7duLFZT zAa{Thf&AQJ5c3&n_`$gV80SF%G@$i8}6#MM@mg+0YBI@jymo zerj?Ybcd;;Z3DpcJcVPjxHa5xDHX)j^ zw!W?-Q&-8gZ7h<5^kCK>l!^t)xrSWlX+>-x#UHP7LZ8*~)WU0@BRO!;)d#Op<|cHk zdUMbl{tsElS*>WelS0r4GB!CLHyE`hFkBfp=NJovO493L8_5)u`~qQsE;KfMNwQKcX zFd{Ab?|95023N~uym;Z1RN~HU6+~X48_;md#=7^f9iXxA7d9o;aBH#Fyb3_sW0IBw z2CDoNt2U^M?q)qow8L#YI0_T68EnkrJ0!;TzN(7j3tj8u(M*0_kqFXg9D=7UNFhaC zTY^H65q-m?y&0GzMvXE^MJGF-X0)HaB;y2q%Q8mIoD#^BZ5R6x+SwWtvf zk({Bk25ow3S!7t7NlPrnCsEeec#c)w5hz?wL>mexAc2fBL2SGpij2ml3sA#>bbu3g zM^8h_(v3+o2MbA;GT@EV@V%I7J23^krDbirfmkHj6!L>NiVH zt3BE*C5(!0l^y#-{m0g&=np$vmx)NRZBhcW_jY-T(3S0q425SR760oBL;flJ{}ajb zUqhtd!habs*z*_hfBE0zKfgAj|GItuGya3Ye=r2}U-5qs_RC3C;1mEP0+0?s{QtQM z@H3L5sd5se0}$Imw;vABfOG)*_Mnpw`t2Z+gPuI-{DYqSxic3)NC$oX)Wn>w_5l#; zL4p9e0Avji;q9$GK<)s;M4yuYyvI{fQ$gn9sV!z|GxwOeG|d>e>H2=H%O7{yC2d2NLI6R(N<@P@HpWN;Xrp* zXnsKf6}+&JjfS$c0EIE9Cgt-1moHlJ*FaI?3N`E;Ij$v8L|;DwcA0CSj~AWKGKdhM zGVd8+fl>%vra)WeBVmh6F#3glWWIElOCAZQjJaGRNY@0#be`-%GQJbLg}!sw@+ygf zp}Ln<#Kfe+EY|cfxdl(o;)O%7s_MRrSqX6l6e2R5V3x+Q=#PwRq-`U$G!`TsRJCZ& z5C-L@8CL}~)KHX{ajZq6xueL649;-wthv^lu7LTVpt`rtgD3zWJk4mDic*BIh|I;B zio%Bq>{T7E+}6}VP}e9QAqaXG-wyvcTe2KGWD&=v6kX&kje}YrqUvyOUkB9SlyR-5 z!C9=OGGeiZjVX*?5?sB{qi_TWS<992oMt-r@xG3o`MQ%QVuya}zZ?`D@9%oK(i8mr z!AyVmtB2(O^8a(i9cNd=vA@S^{&nX3cOU5=#{WNWHSw$G{Vn{L$1D6L{>%R8|Aqh6 zqyCF_hJq58K{y=X{fM|5`c^ZNBy{Oa5Px9$MZ1&^6bj{S-Q%8H2$%W!|ujZxokS zl2*~;PY^-KtY8oNgJ3TYY>AWop0_uN3R5`5Zsf$S{ z2W~b}5&Gig8VDP=6=eg7tqi!-T2KM-;JYbpb8YgwArdUWm2Nn~p7kb#1~WE$7-*R- zP#hg^om}WfQrM8KhahzD?QO2YLjby9Yv&D|dCG1B`F2P8_N&d$g=pelf&bbuC{oIc zfI8vW7x^8kq@~EuSrBNoXF4Zc&VRuW#)`zNl@lj&g?S00x;ThI-ssotXtow&H$=$C zy5umVO78$A$BO2fBx^y?<5XC#Pyn!=)Zq)9||63f#QoFp8kGPn8&i#M-pW z2RPiukn9(nImH0-x{Gz1qbZkrRmu8I3KWq`tHnuEphx~xyLGy_O!4u{NjH1Hd6C*S zCV49$o~@7D+^;x5oP4KP018B%=}D8FLqqYf7T22vbBKrVr7NV=4BT*5tPFvutJ;BGF&@}KdfguRi1_fp$OM!oyb&kkhaaz5|VMt z)?=r4%rO$%am_VZ4s^>iZ@QhrXzfwIQDE=Fc8~UOlIZ3i{r`zawEyc|`o9Zm{&D>G zb@q1;`9oKpUq9t<;lC^x?D-4-|M&XOUmwzc+1{V{j{!`7)PI5xun;jl{9!`iYEtl8 zaq`ouysZGc1s|)sk*613jc>V|-p-17WX&UPRy01Z=Ca8K6B>GIq#LkptTE8>oML-Nx=_XElZL^7c`U|qCJ+mS(_=L5B#j} zoi@9Z5%G}dyZSF1xqrifK>qsWsK3<7|M*UR)PJ(a#V4qOI+QA)4kZPsLx}}-C1FZiP2J1iRK^;nJP=^wB{RSB`baNO!IyTM%>QD-S zI+T>44yD?{{YCxdl~pL%|D5jelcxrt4y7WfL&>%KY7Y(SP|AZklzN~JB^9Vc8H483 zBP0&SqiIF#$4wG%CSy(Y%JfW=K^;mi&(-nQv16Gy!xT>awzwZUly&wK^hux&rTci9 zemfD=p***}I?#|xZn#&+B@ph%2uE?oL#`yVK6JfoJ2Kh<%8mtvP*Cy{JfijeZ zDO`pNDNF61QFW)Lx>7(HO3T3Ui-u=X*80N_Z?8?=CxSYZ$I#qHi;0hJreumZOot~u z8OsvYyJWN!w=q>T=*5h!YTvrWtC7x4T>;KR_{GV~c>SzNVd*Ytms^y;cOxfuUjQ z$wUX6h{r6#_IlIrlMla-j``lh{9ZvQ$mX+^pz_B+_OkO&zrFLhaCU=~_ZXBrZm)mR zRP_DcjC6hJ^Mi55OL>#2Q8#BsE&7^Ys)J#~_Zp@P z#QE=!3=31XxtY*Kg;m)xyEhGF&V;1iEIpWRJ>cbJo^LpKp^Vp5bxiiEIZ#weI`cRq z`su>BcNTGTUJhq%64Fw=UR}6(Kt)y8l9ZpkzUnS}u&okxdTF4ZDLwLOSsowJcjc^# zquNpPO&jjHzJn*Lhj+H#4mBNogh1*pKB_*i)s=m)@x&^NxPI{JRb@zfan{h%;=`9~ zj5|HdqeDfH_+-glyWbDt3zMHF`CbEwzOVJk)--2#_u_^oR$KSNzY1w!M41Kaj_i8MQ$SAwSXKd18Ec*FvhuDXS{y!@=U> z8Q<=60S`UwOZO>g^5TZyyf*pj=t4z}qoSaqreeB92<=jLjrV^SmzJ~LKnL2@&-vrQ z&-{TOHUXePF$@Y&hnWQO9|Nev+){osnYPoS6#Y|&*~Mrco;sGPCzl5DUzNJ66FKFx zOs#$#oIYSpM!&u0ctSScOs}kt`J^KKH z&6L+k2w2F4;od}kl?+`_hIy*!(A#%xolkTpNVFc@$3F-4+z@-ERA8tW;)%|8zIg%V z9Ok!_=d(2{*{@K>R)2&x^wfSAxD1~we&d_U`!er-_F;a9GrjMhPo4-i&UM1SZ@4m) ze(-Z0{^_yvyeBat?~v5jSuEbCe69TQe(e6O6X%Y7d;9(T)?FI6Xz6=~Z|)^L{6ij= z%%Z*dV=WfPIDw6}Nip`#JLSn7{%F2rft)($RKBD|=QQD_H>oPsc`oaQXqO_>6eWY! zaz@q1JqDS_cDG$ql%MrfW^4NIuh6)z22w_|EL+oMnp=8p3d8yJ1wD5$wJ7PAWf^KlJF7IVb!F$0p-$&i^#$&yBXv~;-p}eIyW*(izeMLk4(-StWbM>Zcw(PSvh?WIjvQYb` zoF4jMoEt!=`_4zY_l<9C)9^}|z2vnrHHkL^vM)$J18>exPsrK9ooMOsV-m8{p>9MC zK}Jpjag<5VWN7rmrV3%4pU1vU+OaN89Gm?O)+R)slQC6Ci!tSsBoZ8A$&@=d)~zNpf$5Kl#ElNvRdIkfA1A} z@4`KNW6Sw_(`9=Q2v1S}2rqQLjS7;mNBki7c31NA{BDb)j?(s?-oo_p7-Q;dg2PCMoXhB|H?-{pjeCGU#c+@ymd&-Vi-<&i}%Motse# z0Ie9Z9&1a!hru-=xf?h(=WUN=IH^Jt;^ORNwNM97oSHCdnTdLGhcs4wh5v_oft_(;^sb(&&T zgR@}<{7m7b$I4G4Bvh@Tw2F1Z3SF-c(hSO+IFiuXf@0-p?r0pNFiDM~2AdwFBg@Q0 z_TVruiBo4RhbM~+9$mhjgy|?Rzooh?{LZbw+GViZr)Y@RjL=$O+XxFZNid3-gJDE8 zxDhYaj|VRsW?U?b0NtvZBAz_qlqWQ zvO29vNr#)|{%~E>(7nd*jCBsD>PM2KGbXsx+cZgVten?zKg*MK3vMDN8yK5NstPXF zjX`CjK&by$2xETMAa{6q3i*JB5AaF!mgus*reajZZoMI9QVUr4oXu~`%TEZ(PhZ_M zsKDl7hfqx3tKO039qRJ_=DMY8m~DVPdP7~>9EV~{fG`^G$D?}!p$=+KP|9m@x}gmg z!(A?RT69uJLa;=DvAmw~@4HH?db4d`q`YjrQ8mkr=epti>0@|BU1<8x)ML8@{WElH_6o*&BVM_Ie=oY`g zEcxR6XOuISF~c51m9U%EXTI2R$YS#fQLLY$q_WxQ)m z0{b+F>M%1TYg9<)xIfBwh*7+Vh@QN-gI^?*r#!l0-|-N}mM04vmVPV&a`ztOYV{~%Zcvb*L zcj15>OW{I_Q=$8b{KVEb z1vdt`BgSDgM95o#MPOTcJYFi?A*ca%>Y1r7{Fa?@a?Km1Cre@PSgvT$OB?Y5QLKY# z!W@OzoI1KOtDjm9_mNJE$T+tBh3EVFNBwb5)V^l|Oipc|ZX3!YMNmHkJqG0%|AxsT zK(O{?M6Yn{DfN(%n&1JJ@On zfR0@rL`2|p8OM)(lojB^WEH_#t~@-;pGBnoly&&i^T9-8bS&q4le6bcU^;3LCSqW3 zA+dKX>MM?cj~6+$2QzenrVx%h!9I)ez2Bgb;FLN1X}x#SSJxo9CQ#5{|39|!+9 zhn8NC6#~wF!olBK#c`%UW3op_Z4|tPf zk7m(U0Tkx=)WSWuArW$R5q%yXX+?zKvM5*qigq=aDS>8{1r`TD1Gixx*P&Tt6gxKg z1QEi$4y(dK$oo{KdKs()non71ej=nO3t`ie%AFOTi#_)Zizre{dAm(j1;9&jnXFkb z>;1G=k@T3BC`%Iq69QcfsM*j74@`lL?^89dLktP<69kG8HE5R_Ovwoh@k12OP$-cx zHbjc=CRB}TuoF%cHUx_AP5^QajU+)>53(q9aoILmDE~S1trm*Htn5eIR3l`BArAef z2vIzj@!p!sA5ZzY2!R8jhQ06+JS96Wo9z?OtOl7cV;h0uk8 zY7$OfhWJc5C(64iljwdvNY7L>#{GF&g^51{qSHT-pP-AB9Ut zP=xM4UXQ~g>yvF-;K9X+6L?5dOEJAyVLA@Yy;uAUmr1_^F(^hDnZVQtP+k(k#S7)> zRnS8L#NuJ_yIKDFRJK^?F)|#7LytzBFWQ0Tk+O@)#rNxwBG?EK5)wx)Hq4?pL4fD2 zL+5SE#wehnCNQZ3a=-(xGF(>K)F*f`q3Awak!TAXmj#Q$Mq4wMhgL22*4B>CWD6rkdWSFID-jH1Aqta0U}NmL=uwN z5S{ z4PLHQ#KCDvH1LS3rC#_mT=6kAiY5~B@eW*PvaUI+ddh@!>RGj;7?mTLL3ka}lI2djZCZ0vn)B-)RPMQ4?7D|AH?A0`5YgN}#)!wA0XID-UAn%qDA0i0y~NXppDnzC)P1idoXVTOj-;kN~Y!LIk!W(y+cQ(lgFo1H@(AzqtkAM<_oTI z1@JyLS8lWiyS4{_5-SAdE|?RVI|@*ms($;dJuIqwog4*pV2}7TFPb1M07_yy^&++f zLfMnzgGzYbeJ;JnLais!u;;>;o2X2TDyf^5fC$xUq>-v%h zmDy`hck-aI>ug!?Q%&zbV{SZJC>x76pNXOn+x&GAd`exMi?b7Sd`mgUV z_t;{)dY_@vq@z^~|7r+p9dpys6qCj;#IC`Q) zVmww2xs9iR4I(S1k&^hyn&`6!u(L-4l(ALrMvgyfz>FL$!*{{=coHKV+XYNwX#IDnHe1R+v%&e}?Joq}Z z&N=&7b@r+K>}K@r5Z{<{8OR`&P)AOG4w@Big!KjXg{00tob)PLqX^JlA2 zKlXsiA5<59Dt~lba%y}q5OpC2RQ@pYta;W~{(^GMO6dNF?FXNYH@?!E@5gC9Xh~^A zV1Cc)`oE0$|E{P1Vf+8t)Z5o93~aRS;qj{)K)+%C(sF;*|4Tte=J)lV|HzH<)BY2| zwjIMfzvO>;cx;~qj`9Iro>brk%mu^2%r7B9fg}q~Z)M=Lo>_QVuX2!w1EfYSoh;&=9Z==6$!(;Zt zc#=9z?v!gsc%xr`lzmCzx9XLbK7{YzcO9SbD@Xc9IVZ)P_BoqwNi_8E@;V)toRE~3 zQLJ+zI4UvJ!{u^Gm3CQmUH#G8D_5^HHno7P~^xvqL|;xI=S2S7PGq|}0hZftI#x3*|0pFKlzKHY_)-t3~@LgBC9!e4$v zg7}Cxz1RAwTWe%9k5)n}NI2-9OPCO3fe%NzHMBV3Jl6EG&{O1#c zcc3U_A3u>;VUZq$$FQ2n4-Q4UPC@k|*LjX(FlM#8QR<=Ilu+)4PPG+{1W2?>`e?T4 zYnO*9=bdk(!q_{E;lI~j|l*uGuc zz;*-@F*8JqX(6vOKcKD(Ev|G5Q;FH5vJNW_Rtn!VM&4!0(j=NKiRzVjAs@(QLQcFN z)lArOBjEy4-?sqvn`&7PWmKg{>MyvcG1-KwFD&UkOWr;|aF#jO!4lWoBrc&95?Q9e}jS|_YkNsEOhHqDK z4Vw4=?+R7_F#d;mxw!}YXdC~V@DKbJ{wv_|f06&CfS3Ng|L=bk|Nof(TRaU)fc(h+ zjj5CsRiFV=fFm!1Nx&>2#bPcIvT8cAw!y+j^aa2q-^4bFpGm>d)uM!aL7kK0UI{V` z3=9^2!dyZa3lCXwDM2vFS5}?%M<(w%$;|6`JAy2jz^ijYmXIk6W(Q{v${ad$D4|K_ zOtGweB#*JZESN!j#FP<34fD?uv+@^l2t9Q8h^+Wwtce%5vL27M?;*iM^f47O5;8pD z7bQhxm{L3O9w~gXT67HTNbs8f&H2CCdHFWE00s`n*p!svN^#|-)zwVW0Gmk7Re+EG zYAHXTeM4I*Q*&z@KPAx9#%6W7r>}d|x`+}oLv1xZqs%fRduV2H2_nU}yi89g_+U|x z#&+$=3a< z!5}D?Tb}3uq%u%CtrMhO+i4bA6*OB+T!~Oc%Or{Qcv~QYS6XYa7Ii!SfK{a=(B$?D z&2(yRIyvGXF)p_DL@Tf72i#z6gEfcAJ`40pENlh?AI`ZOXH{nhGup;5`4S zEF7&)Q{#Tx(VLvGp?(CDb;rQP+u380iAhVKFzVXKTL8%`QFL(@MMvBlRN`sD1AaE) z+cQbu1q*RuHD0y0)}TTb4ej35I)=!jUagS8EoTTM5OVgkJ!Id@f5!g(e|6UX-$V49_OI}l^}lj5_}}Zl{(Aubjlcbg{X>9*;vZ-FY5$Nv zwSOujr--`smy0=uTwsUb-?g>=jbF%r_|X55{e!)~9bJ9horC^10QgP&|EvDra5B=>Pv^ z{f8V_6Y{(L|0nK>|F-|^AAKJWw6wH-p7xg-v_DwC5d`G?-&y}Z@qPTK&+!l0zo)yi zn|n~OqqDEC<1ZoLU#|lD4gQyt0gJuor=NJ!}D=s=-R0RaK9eJL0P=I7@JyO|0J34uXg zCnqPcn<-d99336a#>U3Y&CSfrOhrWnb~!aRHda$pOHEA`7Z(Sk#;U5SiHV6g9FB#B z1q?UG$H(*X^2Wr(XlQ5@6%~Op6y@dRV4GEYd;60oPdYj}g6&re3kx|oIKVcmpbUk! zwzjXYueG%`xb%4W@?{wrnV_JckdP42bNOY=e!;FEpXsmk|L5vL46goIM+}>Kc@(nV z5^f|_dTYC*k24njV6P|osAD=;h|&S~gENs<)EU)Rf{3IsSuHAGtPX9F8_-z zu(}=!LvJ*#RI|eYx8@~Ow}(*8X>17{)+?!%ENZl_eWb0_F+EizvvV&m@fGvzsc$qQ zA0~RFfp$UQ?m&C=Fjf6DfTqx&=Qk71AWp~XFRJop*elV3! zgMUXzoY-@MCcfvA%CdfKJT{&v*aMe8e5yK3=H?FNdc>u~owIe&)97;+{Yz=ksSd3l_NAgX@S^7j8p~ z+~Stv3fv=iVo^$8)t8AYjP*$&fxgJ~^L*dRE7{==IYeR+#7ie#;(V+#a5OD&J7SLs zS|N(Ry|oe}M3ekD&jXJq*NCLdZPdU*Fr#P*qW6`0DLhsOQQNhAh1O+zJ+7fPhu{We z$mp;LB@6ZOiaa8Rb6r@$IlX8dXUCa}Xnd35Z4Gi`9OUyx*Vl3x z0S=>P+>c|wi^zEid+1Y#1cYaKO$*>KvF<>U&jv;M`G|Gq`&Kh^5!(3?PC|$iMM+FG z<@p}*yt{5i3}2V#+@ALds=msHt>+V=)0B^K)QVTaAhe$9nwxAB+l+2(?@ZQGg(7_C zk4rhsmy3O-5f}>7E&%hqG1$}h9?$XOB_=Z(sF2EAr!OlkpC}km(L`o2+`>1SOCP+J z7^Gg`2TsJQLr3+w0c&<-nb;=52|EZ|4+n@x=k;1C1%;!l=I;0EXqNc0*(c+Dc zl>i`BjG7A?SF9T3YpgtqTo`i&7FzpS^q(aNs?fiji$@-*t=b>*_{-&rX>{*-Y6tcD$VNc7*{TD z%*tzqYD?Y0O)kZ;zq>v*=_9IA?l8}$7HnkEq}Cyx+0rB5!tE`=&O`ZN#UN~;?|fy% zeRd7k1oa$ml3O%{{$6$qf5tSuWK8IWHe5KIr247p<&a^~#Ip(|28Dn`b<+_=UzS9A z6{+O>2J@2+;iXOtTS5^su1QeWE=tQvznRbLt7eu%(hk{Lw@^qb{*kfcq0E_9cj!^? ziUirYWKPsXQ^QT}#bB64<820AY;8$kN_aza5w^v zL?Dn9Nbo-;8i_mk= zyo~PWhUyQSzkKV@zYoY@uW>*J@Pa|;04N;{1mL@a+_HV09PaYa@e6y}t6l^?HP@86$ECIDc)}z`V;ka~aeV4l zPiDu$^`>n@)~f`6VgGi95I>H@OB(c8y10!u6_42JPnz-PbzG%Bhtg4QFPR>uUyYjk zh!?wfC-kk=wXt?ZUSH&fAMfQLE1Y4kt|%3L$>Yg!;xol*qUy+`anmWm8l}M!&FtP{ z_4hT_H^oGZpD-<;1T%CVgnkr=Q@VPT#}jS+vgZ)IWG|O`b2=||Vyk*ffkbnLz&C6!yne$)M57o_@ zJ0k99f8(^b)3CEZo~`OU=O*?!;l+(tK#Fm*gUjUkKV;&V|1;N~;&e@>Uep<)nS_GB;}Bn9*JcgMW$%Od^_& z!6}wIhTF6S86T&X1dioCvwnL1X68KisGk=D*VHntzmnP=*~TgF9ThI-I6-`sk=1co zp*tNl->Pt;B& zQkQxKcpmwtXgs=IyQa{s@KvEmfLF1ILSQ)=9&9mc#Ke>^o?yqYpOj(M^=KyiT}9!Y z^eX(z&F6*}tLui--Dt%o+EA#{6&gK&G*Ex4 z+FOqE+8UE;6zKWb^tp23`{KRqZijK!@9S%C*cI=PnHTj$zwPesk7@B4%^k1y;-VT@ zvsMmyck)4i`&p6M4=;G4Z9Y=u^$*(R66v`T?aZn)Gxo;(=$7GTnllK`nvl%enXivV z1_+WDNpEvsHN7;NT$(TA2$a>}cd{>59Lv1mQ_=fG#)QF!Z+#)G?d9n6@OvY)T8T&s(9?|hLS+PCQa z7{AOoq;R{IS+i`HE{>1D=V+8uE>uTa<&NfHf75pNY{0XN4jMG=r9C5_i3ll~(yfy^ z!?u_QA?cG4gN3upX<3j>0$KWy4EYRWMNUlJE`N5dTVYhOn9$?)8w!WJo;H}5Z78tO zZO<}JEWaBwL42^duKx5M``)IQd>dr1<>P4^Mt3s5D920zA5Ia9I`tUxb_ZJhZ%$M&^m-g$-^F`{HVr!J=L=J$n z7Fo3p236j%HU2c_@60r;le5dzMK0d1^0Vx_==3V=F8fkWQY@U`y=Fz{Hr){|iA1@c zptOCbi<0^S6vs|{RdZkC5M>NIV|SiKp2o#~MCA1WFw}E>r)ONte3W_VrR9!fD`8D* zzSYeDUGK>}b==-Vvq>N>6mlg`zl&(=a`~h^`fF?&vm}xuW%%cl_=J5*0hvsDb zEE&|$VW;&uu^1N9_C|4SD^S1o>2X$(&m4z(*YbbNy$6)+#2# zz(x(|+a)e48u=VKZbxQ?l-;zJQ{>_RhlV^zYS21sczM}EJ~yi-A>j`1$6=1JwS3?H z#mACO@*DMWVVdC^xe{`fY@-f=o2EDKPp<~np1dulSx*|F$_O;z4vad1Qdr5Ayl_Ll zA{$b;sBqT311IA*Vo=IL*Z65?y#A|w&#BVmVD|-ic1>}Mbq7yTKbU|za##s1tXEt4 z!stYA`6au$WvTbF51zd#bDutP>D7yQ4&5BzMX|TKj9a~z59Ti_gf95i7(Gwm*Lm8? z>M5utu$f2B5tE82rx0mEh281P_t){2MpoGNdrvOxE?H7mU)`(bi4E~BW5nH0icr2? zL9L-?TmFi&JT*1VuM_fuBW7`L9PWeqQs3pTaOC3kr(JP(4X4Lt;ey_KC*d{v&u4`0 z^zhSZ!t20CnKrGxS_M(>z6kcS93Qh+PaF5_yQ0Y@E68lC?F;9qN_+;JeVuLYrk&J! z=*Ybi{I6?O@m!)NlI_{lx;SP?aJ&Z^)O+Z+%*030|->4gGj{x$(n#?92rYbU;G z6Z>HF{oXC9&&f)o28R!=eamrn%+<^M+<||>=w5tqxA>}Io=V@hY}m)1{fX?Wiw-aS zFJ28#JsqbmbUUnMie9q0V(!8O-ksZP5Fu2yeXG7(b>{vvHxz}3Clds z9-X<>Jw=E+tVgSKy2Y^9j+<%rJ9Sxjpj$h4Xz_=9OAS(7JvQCN&txgy?>e{Z4&Fb* z@LJB5yAG$9$})x}J0_7^{g3S={iauqVvf{e>Bh|MBZ!I!Cd5shxzbJBh@p~R@1dEP z#Vp<7vdA`K8^!MBH9C$jeIHzNc}vl4@2WLUh5BhH?UU{nw?E6t4$9OWaM0jB$|fBA zF~)l30lI{JxO$SZ{b^|~yewkFiZfK(o6llK--7M6eIzC1aF~Ao&Ek(7odNdoX8e0gP5&k0cmO~#g&xIqK$`%hkz+^HMZE?f4v(wZ=x&F~Ti$b5x{L-a(Hp3J-S z80mYKgeY|?%-ar-?{Ywo(=2=O>-N{kH?;cA#K;>R%?yV^sc+gSY&zu2vV^UDTykJn*pgDuXED0@x-@kCvW)|iB{>Oi!1%UFoF`LSdf*N zm}1@A*@3d{^F+Rl%QYA1fj93h;?tcA3nP`fwks|jJz6JopWyPq`5W^Nz2RO}#i-Xx zDMo5QaD**~55C0mO_-Q)E3XVVbC>KdD}spDeE#v8=yv2;+kW2wx|Egc6YV$G0&b>D zZZ)pgH8n^tXcd$i<*i7Rs0&aX0LP9Eti_nWa184-1J2FMm$B(n=*VgkUan}Y*cN)I z2dVJu6`eQe*e~Cl(c9|Csvl!Mq~tA^n0fZ`HJ-BfE0WWx{`yRn7x?aGPjplxVp8gc zn9r^%1!Fo@cpu8Ws+P+*)hxv{t4t>+vMx!B;1Vo2yKpjAnC^SM^U4_*`ti|6s@=O| z?W>Yc1BU(XX>IWNdY|aC_0-(A;>xCg?y>bAEd1FmaKpJumZz^Dluu%6?de+HdZn5+ zE)~)o+jDf)ce>#FcQ--X#KtQOe7^G%`>gbb@>*FMBG7L-Dq|lXn-_dA6}@6bnW3QG zCDgI3!XBwmp;2MZU|iP`_taI;Prq}ghP1C=w2~E(_v!2*#Yn0B^r)a1ZnmY6-J0EA z<9y_UMcdM(G^_u^-djh-(XMH~jk~)$1b2tv?(XgmP4M8s-5nC#-QC?axRc-x!NTeH z-QUdYJ@cKJIb-XrS-bwAx~o@rQBPIN^}Db8dT3|h@g=|}rDK~*l~iEyiCYjR36Bug zk5d=HeMWxfy8n>ZQ`n}OF%^wnu0Ps0-8qvYbZEVVZJ@dni&s)p?YwY^^^-t7c`PkY zSbE_g1*;)2ZK+gAM#1SoVa&p?U(b-K%cmOO%UIzuU>b9tqy1Y7Zt8s$Q(7|<^@{p>AU+X4%^n?(j?QCle}GxOWF$0TpxqZc>cRZUHxH4E z32C^sNJ1!WU@J;S0(+ZSglkKo+k1w$B*kKcufZ(*nw;?Umx~xL#;T5p4OfzOdz(S- zb4QJ+gbk90ijAVVk_~mD)vHZp>bZxtd31cWV$!|Yh7!f#LM&Z)N1thUquLdkwF_fp_~Xp?<<*=4iI%0Q>|B0 z;NiUOd-#zSv?2S&)So}|AhVgztv8RsxrN+iHCnX24hSh}4lCx%EGppBnN_G}x`dk7 zFnJK~@>*fG>uN;MkyRAlQqS|Be^W14nb{efyl>X(7LM7+M&t@FKu`7w+S8LJ<8F<~ zceF-pxH*3gs^;Se1nV#$H_^=bJgu%99IFC7*ZKIl6Qn?Z=W301I4%6{r%&X1A(Pmf z_cYxmgi?3iB_nD^AMQ>MHSoK2?>>Joq@~&@KL4yzv1+!#YF{t9xZt{Ef!@6j4gNv) zyE%O+BQxYL=a55!r&u9|3>U4V<$}w%237AzxXtmGhp$}HK)C}Ju7rFJ`99&FpU`D! zjuuYU6rsnn^t?#?ceyH@JUlDWyIZK*0|znJpHJM zWvt3^Pgw2Q-DEV$^gp5>AxVYX+M8mZIxtcJla5duqWhL-dv*P0FKA49U{a4X zuqw?@hp6#+@d7nu2y2J4v}83^(n#wx3#nA^MoJ`Gl!M1~Na-AQ28^h)A0QSZH)TM44 z(%**IDy`dl;F&J>GxCCHdGD)##j*ZtZvGeWUuUy_4gP}u&3~Q$vT(C;{B!>YC=vMY z{*V8f6Z~(y%D=&X13*vz3;#s~wR6M4BErETq9MQ|pkbjPBBEg7VqjolVBr3H@GWR= zY6K)?BvfQ%)c-X9CI4&w3j^Z6^∨0>FQDtWeMpkT4)R`xh?!PY;0TFNo2if*t|E zUvOwhco2g9;~2pq&>=zW7mAFW0-BXwgiX{`3{yo_&DF#O7?f`ooYb&z6-b%THwWUm z^LqsY`?nnGg;+3u@LzBUCxWDWIbPs?=h7QU42mMts#kevFRL!sNhjOXw116dU z2hHzMu!~`GK>sZPo^H0iXX5x?aBPkz18GGmB#D1P%J1)}0K6St;f6A4u`HW%wDo2; zOcS9#F;TO;W%~Hjk0c72@DV5FMb_H1ky|3NfiI5C?6hkecBxI3E9#-ul;;vMrpub) zA(!)*tBX#r`IsG*Ci|E9x9p^hEB(MeAL|w{BvlzwrndaVNxSjF$ZrI0Hn;Qz;FU*c zgXfs?7yAm~Gz{w#SFuIj-DCGGid6$1U268EA=T#EWOeZ62+b-&@M9G$UFhtw46N5j81^iTs$PowOOxT_q1mr6YBLH)DFtUwTx+C?}y&tA7zXmzri7v zpm2WpzUG)X`mNf6^bPUH>js-6J@Qb~kegTbt^8si7%zJ~orkGv)rTkB*G@UJ2Ene; zQo>dgwco@79`|9>7kZ3Ap9&M<*fY|2hMkh#W}EU)Xf%~ni4^1!w9p5LO}ZoUQ%ch4 zjZVHQY$Q^tp@CVDNkk6oNRP?Mt~6-BcR+m^!5xxUK1eR;Fa@f3}D;K(FuB4dY_$c)?j2f;Yq@I8TF?} zc@VYpO*~E|vSdl274g&hIYB>Ir@`PXMKMG7S$e-8dr)?U7r=^o1#?OM>d7d$F^L!- zq4^}ekjgN(Kz4NygSC(bZD8An7DsCtzrP_ikQ;#=Z~~Y3ByNU$%Z#mCb#r}A(7%2< z;z5WmMJETLp7_Bcg-%vCLsv+bSD;1>MX&kV%x67q->F&K@cLAC(tExT8jq>Q(ZswM z*Hn5haz)X`vb}BLr{=H8jAiVih45>bP@{qfRaz>}egyJ_Ntm!g^*bLP&4;#L+M9I+ z-3NJ{g{iBB-0dcUYX|f2>oLMO*UsrDwy$QYVZQi&Hv8_<`*B+5ZhRQWEDjGiT6zug zv*Hx7l1njSu)P-IO~IM0YL)(LmTze^df@Kqju;kAp_Z{*^Rtb4{49saLphnavT%+^ zKNf<&4>E49Bsd&5um8ZCie9L;lqyX+!a8`|o_gt2SWL?>j|J4QQiF@^MAEV~jOFOX z^rVcv)nLSy_95mHn~-YsKV7LKR%P82EE*oN7&^JHa}HkdKIO20Qz~lm{aV2oE?*qY zJ@*82+sYZQw;fcICdQt^bDKE1N85g@CaVkW-y3ejP*Y=(A=DZI67i)$aI@4>%f(CV zK%hv~!^mOz8N35N)`p~N@#a8fa#`%1PfTQ8%(tJrXR=XfAnJt;rMO1mxgRQ0MP~Up zb#R?O?`Us|Hv1&p^v7lw!e^*9RnxvzF+1({)Wu#B2r|A{w&z>weWzZ}$yZ+FvefgC zu*mO{3tfDZH>w!6LAq|-sJh&N&|NmqkP2WVfWukRcy3*5&Uvx9$Z4OyStcx&(VoDJ zQqz--T3qn9`Jt00xxXj;4zQ`hv|2jS&g8b=_0oGRR~ONAOXVE(C|&(ofvv}x=Wy=9 z-QmzPWmIcp>19+#L3rRfZxL~~+;AomLVS4PyQoufv3#_~Yq0#i{=h)}$8_V^lDPTe zFQ=>8y{xVV2@Vdp;wD}>rxAfJWbom$B_B*`EW0eX4bqKjMR$Jr=!a+x5gR%kbPmrw z?L%pN-100XwUQDVO~dS8ff;kCh7Y^Mw`vcgHIxDRZrt_ZAKZUfXBj!Iufys%(imlQ zO!1t`LpIQdC>jv!`LCLG(|K_1EKKW>L$F*C%FtXq)j8qB##?IpGj_vAQt?LT+<(0H zf1jJ?Dnqn990~v8k4=acc@>=wuT*#-G}l`}k*sBPPw}hPxOkz7;3%5Yw0RT|7XFHk zxu6fNJz(k==`U8s3J&9NQgkxJo?%c=d0psV7N^;fs3$y29)wHG04CtijX2VHc5$Y^ zw%AZojmwhA4Y8OA9a}{`T~iYxx7mEu?~2s#3cy807ALWB6^Vll6ehsh{8_!O+OI}w zqLJ=GV5Ujg(~$vY#Y=t=a0G<-uD_Cop(9@}kqDNz2N`_%=?ZVPQ;<0BI2HDsr8Dwb zPE9@d+A0rYBJ{3)pv0~|;EQ%k#gA&pdBt7*RBRp}Z519Gy-y}7bcz=BgeVuaT<-vb za1TwehQfrwz^8Pkbrn7Sh#$t3UsCi#9IQIRm9R9g!7pRSyJw&UlqOHTebKIxo^u&*jQ06pQf;-qKS_P z`R>!txXTqu)rZdX5h1%7$g3$;SsyOq2<(UxGtc1LgC{vIU?Y} zkT8LurzAYr8R^AAzTjB1dThJP?PeF1v~Djtd&7b=4*tB+R!;Ds(BfqW0T0_5LbUYJb+1<3+Ji9#GlpbPZC#h^bS$AL#`atSlc+CEFZ{_8L)zsa$;aoI% zwN`nx`JEvxVGK(FL53+AxFN+=-rblhKfi-DeBP+Lxo+TaHq*jU<>2aCI3B=e3(0Uz zp`Luw!`$EZiJb$3aRpg*d2`)+N*ZHWnv#Wp`9WD>i#pcaq%R?u3?kMzQYkGMH@KDS zDAG0qJ{IZZu=kd^-^dDM?>N~%zTU(>=1Sd!z|->M&8x=y{1k(T^+hk(r=m}MzcJ;+W+Y}4^pkk5U9cDPVsO7|us84AW2e7J><2|*r6hzl`{(-Z*q-&srJ zW`1tDn99|FbH@W5;z$VRz}_6>f5=m1t}48I)TZQ8Xz{Ge+`Hi^bjCBuWQa`W=us>%^*_#Yi`hLZ55jUDH>QHPKfU;n2Je(-});*RfF+4)`|h za8oPUZd*ssuJsOJ27B67AU9;eE3DOic4d7)18NS!Ccy7WPb<+~9rktqw$=69+{mtN zgA!+)7O=5A@fB_Ibr4`QTpe@Vks*-UA0MC?c&;nok~D5at3zR>IyC+omJy;l)-S|J zP=s?*m+Lr0(}hXP`(m|5iZR}97vaymG)B*5%oe9LQ69ysBT>mbZ@unNE3x+CFfz^f z6RSbD3P!lTg0nM@xJ6ZS!S7SZRh^x;N=Zb4PI1R^W!zr$RBq+x$_kpEBbtGsiDZeE zy@Hf*=y)D5lBU9{(}o>~u6F$s^17$|amHO`#c!5lVPT92Va9}$-f>pUX&NXx{Ru^v zcFTS5fSJd)E(TTlj?y&euGU0eQ_1nRl;f4y6$R>ui)HQ2{kRtrxg(*5Db8sepFH4q z=8p2UBP9ASu_v6}XgShM;Ee8%=*k?995+K9;K})SdS)l|6bm+w+&_uk-q3;@z;;lDW>5&X9DS zywVCWgR?Z)mthru{gEjDR8I+(w;P4{ofl;%WTth0WB2Q(Ym&qMwbuK>ls%RK(^8HZ zG}`p)0bi}Jg!>zzx1MzujyEIO#CHG%MwUt5oBBr~ z@x0OAGj{|OZq4bKrUEmEwGZX%O=hYm=-u&<8Hd04aIKp4u00$@q7M(~5)wG_mKF}5 zJjF&#gfjI$3dZ~%w%_PUQxN+cGu6A#N(f| z;NNcn0RM6R^Y3p0{x|r~|E2$rlb!AF{eS->m*+qA{{{TL|M!1n#Q*=blmGbp-`VWX z-aihb|2Nz3KOX46@&4yxVgKj(ADrB*f6xE@$MO5`yz#$-{}zDwF9-nt)j&Z)K|q73 zF3i6Gz#z9S01OHQfWZNfAQ%jV3e&+ESG`-O7m}ZbBR=FApbDP`U?e$`~S-V20#NRV?`H%Pzi)IN%%&dc;(VJ z2gG1gH4Uoo$NXF1dz+I#n36kqeON^f<$Ct?U5c<)b$i1qp~z+vH@lzAxZnU5D-Cdd zyeKDg`iHD{nhFRw&3w`EKXhh;%~vC%T8F%|S7gArmB^Aq_X|Ik2vb@%Wd)uPp>Xt# z*e3S=mgHX-Y8nWwuF z&t5QQBY)V7Lv`>&i1XR7OfjosxTK6mBUha~8)*+OZ_mg=CST*G!_(gO028;ily#yI zOtX~yS<@~`Y5nvL(A(&{9_)~>X?W%S;rJDEqh*Ts3$IOL@n#~oB zk~w>~JA=&Rtz1@f58C1!w+}+@<>AU=PSb+|zu$CFc}#OL6Z2eMfq=`Xl>MUma|r<7|2QMqn1F_Hu32 zVLf6PGU3Ghk>rTR$zq4Gj8&PY^mN6XRy4Z|?z65-JM4bKdde%@Z4URqw@xZx!PYTN zi!w3w#HajC4}y=U;!^^Hw#IN85;GJG^XW@u5xy;b4e1Yal&A_+FO*QJ>$WUqkVnbi ztY2rWwk+OKsmfZj_=Q2~kdCrjp>2aJ}6^&*!Sn^KZ~z!2+4}cgIGqOF_Hl9o=wXY+|xh zkr)MvCSGI~aRp;zyZw)_6mgipbJ3^5dm2;HjMoYZ6hB~r2_VLlL}9FLbB3iZbB0Od zS*;E%ymTT^d90gPLGIvL1X_|Z>DW@qS}j~sXCt|v)CdHB=oNh)Ny#6^mk$vh7%jkPM7FI{BNHAMltx*j?p7I_@~^D2~RPh^XjqA zq*P?;$*4C+r4Yaz$J*vxd&PA|YeN5ft`X35E}QRwbD28F)hNE}786!>VyM!Pil(X{ zMB!myd7+djYMcQ?jTse(^Z6^@a>d^3-A#`D0Yr?gGEV}w_qp4gJVAH1H|5_9LKMai zl(py(3ozMq*Ao}6Q3xOC*>u$}aV3qqg3(`cW_fb)yyJfEx<;i*!PQe6xn+9cXR}G@ zJF9TXZ)UsML@6=|LHFq}uXXrSmbCPz(zpX43ZGbSCAKpa)rX{4>N|aW1;g%~ACQKh zXMZn%g{w7c9NmZ{Y;m0oQf8IZ$a=D%hl4lw0Np3YHjrEo@9B}crtb%995>q^&&7v| zZAVJcDETs()916Z!}G4MlQf&!bd_t{7s73Ph}ge^I`MS)@HtzUa6Vl|B0!O0%1b*ig=eMTvg?m#u4mkE(X*xgkMKF$I%wI&lj3I(P}<(3N}}qSxOoYRAqi=G)vE z78}O761l?{u(?CwYdY|UMY~b0@dYDe8-AITzQm~{t$U z5rp}$;~3>5Bp%^jhH(7v0F9VeGehaaUtY+LQ=$SlkSFn}C*01rG8Cpd?mCW2kkMeM z%?)UZq8ng`$G+20+f|n+otkw5;hLF&@>0-W!kOJDrg`xixrNd%zX+QXE-pS+u=j?2 zMf!xiD>`MFO3%3kjZYvRu2KIn*ZQ+IxNFOZj+Crs_e}3ixTx=?oZeXM20bT%3qq;*1d!A}1#TAlRh@X6P(JC>h)0achU9c_xL#)qim{elu~FbBU4 z8Cy%c7d#km`LVj%1%3PXH*zEC=9kX0>(-FBA#lu2N8@RK1?)=bX!|`bmCOMV? zFd?*Ajicj}WP?q*NKd7AQq1L2&?t**@hz=ID!ci5UE`WeE*lUM#bTs{nHgiIXc3)~4y&Z*C7K3x(2UmK zVvzGWtI-XxP~P8PmG-s0y&s*EdbB$4cK zA%1sqSTfhKDrOci&ifR9fP2`R{mt))-wX6pDyM=Hj-Hisj!i<2rxkd`*5K)I!BNcPj5Nu!pBS_nK|5IBUb|pcm-y&|B#rwi-Rf>rhL*>QX zpvez6$aua4AF^7NAYws&v`@E(Gn!uBLM8qBmf#*Fn4@~?Ti!Rgq3*`ozZJ}XGvL<| zVwIzue6xHKiyIF{U`?NE&W;~{zEwCA0V8}MHM&~#Cr6ZPUdeWeT~siN{VL|&-A+g` zY$iLru^e-+i5=Ubj-43iX$eN$qm&Yh{oz)S)&~0OaQ&5#Y}i=L$2`2<23Ywjc(S4E ziwDQ{4q!s!Il{k(xo1iG<(~tMz0czPIX>%kf!D5A-=+z^CrsG&3Dx-LZZ@^*3=Jl`<=~ocGpHvHtD)I@douCy@v;8Qtpt&ffmdFZ=(^tN*zE zcenae|Fi$+^*`IcnE!*5`|tekf99(D-=Y6Y{)PVk!~gXU`u}f6@(-c^7yB0kILOcj z`=@*dZTv_37fAlAn&z|bV?v9l{Ner*Q(O4fZ|0g*z=4&JSRdRlAP#dCIKM|}{wD$e z2Zx1#`I8`k_VNb;K!+e>6;b)4_csV5&=m5@1eloL&+d}Yw=4F~7{F$*+8Xt|X*Kzj z^!YBO5Dcf06mtA`8GrM~<)VT0!}I0d?EOjLhGe7GH}ZP{1*Ss3pd0#6+wQ|2iLqO0 zKZb6&NSdQMrs|LQPpOdTs-UUy7)l2PQmgmKN=i2#8r}gV9q)jZ)>e7cKr!D)v+tK_ z)7xROA<Oui?yM*J zZhaLINKeYoZ<4nB`LC`?*Nt|qUVFl#=mhe(7x!yFgZ}Q+BWpMv#-!Q#84U~(4XG|I zQ@Q)3sg40m;UH?Csf*invvC;@p1MmA);Akty7go-ViD4pD3fWaAm!yZ+KqrGudO=R z5oDaTH-KZhrrZNdcbx%=lHB}7TcZpEz8(>0M}9VC9!m>j_!e|n0gW)F{yu`PmW`1$ z|6l7C!#@(OBX&Z?$kI6Z>Q~UxQrzf|y+{gsPjRW5>qD27#RePMQubg4mw!GcwS_bQ z8%QN((;Vi>CG)JuJkGqXCgYA@1%M1P_QBkTuLABS44z~{T8n#=TuxWf-8E%Hy^kNt zJ+P@ilvn-$bp|}MB2#TLk%!}kq4RLkr;|t@n=(+jpI8yLT~p`V-{so3y4AeT3O_pi z8uQn9y8av!7WE05A@T@zkM^EN^3nBIo4>|yb0Z3qy>$xQL(t&D3YRr!-8NhRvzFM- zwZ3!>%p>&C2O?%gYM@t0DUeK>T?^f`=Z4|5IFvQN{0Jyz6;j?#xd^Sld*!aYk@H>tO0K3=i zR5n2Rl{5}!>YfL!%aM4Dsx6YpF8n};b^;V8Q@Y7?cRq2)Vktf1@X@KP7i9fgR(Kxf zb-2&Hl*wa*{ItY@cA^16H-Al;c*2M;C?LBF4hpSuR_Dj^GobNwbYj^2s@Qu?Y-i>=Wu{Li8b*6kk zzrcY?21`I4?qZoxkWLw+X7~1bm|V@&A1*ht`=R?LZ-+L377CtOwkk-gdvaby#bWy* zLs6AfEZd*BZ1(aAA&{G(d6xxmbZ&TrAzpcq1gcQl?k$z_G3c17<=8QwoagWdlA?L^ zcmdt9N1^)S^DhF1Ija675?Q9vRnKPM%1!3;y}h$yFg~+rNmEZfWkolJUi2&LCr!^tyeDzy(1oMwc>fCkkf9C0y90+J_4q~A)CKyCe^Vcx3$HdL9 z)9lZ~0iDp$n>ojPSoH|BVDWuUI#(>!QzSV}qsE1#vunL|M=MAjJ&iQGR>F_vLrRyd ziZV6$2DC+qES{+4sMi+@Mc}`*#oTejeC?}9lsv!}_X876l#6i0nK(B;Ch?J8*9d@l7I!Mx-(u4P-kz!R>~;s;2kx z7p$#wfhF9MCW+HQbi|Y;s*YMo33twY&h-^iP&qwK%_5nwX3!QflF2~H=Br~LAx1uL zn`fFdIlv|wE7X*}Gy>$XYOhMRZ+A*9+|}o8wQ${2hxIMNseQSzeM_xIfwoeuV5+3m zb;W&^lepd&p?PDs`?qIV2h-YC9h*{d6XOF*He10Q!#t36wxcCY!eT?meNo_boM_C{ z(`E!Wwx@)dW^>n3kqv-82le}7^0LW?MB#FAEww4Y;cPm_j!=@#L>3wl)P)B_eOcwBIi} zj5-=3n%y#wenryf#TqY^5wZ-SgPeSR4HHS=Emi%eJ{^fV4Hkw~2RlG0MYljeoSMYP zINcxjp5d{iun7Qz!-`$4>}fW(HS*M0x6k^e>h=0vgJ0UF-6vC2Vfr?Xm+N{M`>-y7h)|PyOVzi_o@`z)LqvS9v}bCupa}EXy5h98#H)KCX*LN zgrEi)Cj$5}MQwgWXNpOzuRp}UF>vYHW5)*RWHzd7?*trP-{}_pE@t1(Htkm>{jh2D&mSTp|^<7n#Zmz>EaE8vd8wm5t`Zg8$K!1LlLZ^MWCaDiRG(_Dgt80=? z#Z9LFOr_|*vtv=F$A83HB_QpL!<-}}7SXTFn&(I)%p=OwrTVWe1L%POlK7~G5UpMgt_T~#fP%ZI9tgB1Zg?Nv+ePk zi|%Jfz1C3fW^H1+NmWVdQBJ(&U5f1~ zuGDnB%uM)l9DME~U+Ry7Nl!SQfi^d?b7SuSd{6UW&mfpEr`iZrDq|C5Bv~}u!rB&J zDO*nd?3)wc3w+T)h0=2pd_N1^1a^&Mdn5>pSMrEe|CZ_8`IU}f*z*8QIi4Uq!pO!% z55toit=aySEQONMQ{m*QqrUO7cQ&Cqr3W%U{{|@e>*n8TAA|+=V>n8 zqT(*cMmHKN%umiuKK}l`ufsl*2bp_e41KM1d=s)u1RY)p$8XYCwK%rusl?|5Qk&zM z2UV&j;J@u{F{P%a>xW50xvg*T*qZHb1Gd7jTO6i}T3}C*6jU&;AmMS&+UkZ9VyePh zqw8~7>ucCBcD?bvuDEVk7QTq2JJB%oc!U+o?k7aEEe2+PGnb^~xINN{cA&tX2>bPIeVG8wB|<%lEm5+fu;R@<}grGz;_F)gOsnNb^o*uY;taov$4F5Nx$o(K?U z;Xc7M9NR2?AN2Fq`XX=1?j7oUo`&&OVN~qSsQH=WZS0`3Q<_$5P}|}+Hq7?0&NNUs z(VTuiZ)C6ExhlGU)%KUSt$ODj(M7qML7~=QOKkvJ<)APN8c0X(OcaUch6kuiINK|*La7jDCwvxJ;}$A;vNDuK<$%`J1;->Tfd4{89p)jd#V2-8_S_riqJX#ZAdKAv38p zHeoLYACDL>PFvbhqZ4EiY|&-JM#>D(+LyF0S&E_uuq*wMQ<+76cPG2^kgWE~h07uj zObz<=SBf$Ymk@*_SRML7Lz=OQ6j9d4KIr-_0_A*y3i#6jzxcNUL!-U6*dZPihDOpN z|4teHMxOjn-}z7L|NngbpOc;YpU?jW(*J*-|Koq;QuyDY|119Q`X5yO|4aSA0muSrvLqdP{iw^~yO1V*RWZ*WPq# zuI%Upi6u^Gr23X+AH~dnQE3uE4{v*Dn(mCTZNgo@j^|406bz92Id@0qPjIYSEzRem zh^cuLzskV9l_vCp7dS$XFH?2;vwh18ErdsCusOhYD#$AnzZHC-7%${4!2HSs%uPGKJx z8ldjGWns}}AdPFm{gdRn>}J-&YDvo?>F3tTHjWy?t1MPpP9K5vTo^xf(v2?E+e!V+ zVE-YWL-7&2)Avx>!tW8dvMK^wg@NwEdlY1285r*XY~BdaF+IL2|1uQHP&x1{)cF!i z3Hwxmwd(%8l=>8Vl;3f|Ml-r?I9j&OBs%e1P=F(!rufKAaG9!_CpsJtvnVzND;|U+ z`KKn;IHNE4wkrPNJ=Dx3la-*?t{7MP(KA_w=L)iSNRJLgP$KG5Lpnaji~RT~m0jw* ztw@lY$S0H{zl2uy`))!HcaxEzu2)hrT~^m>XNhU8EO%lA(;`)Y;%m|?7LrV!`YNj% zpG0MQiIN@mNS(^^w%D^*B~kLnuevL{Y~}Hr^zXCc57I^vtW8*Ye zBS^(%bc}=QJ<)+s5iY+9FLwLI14;3N{LDW6lvoK4haX<$2IilWr*V@qF|$>y*SHFB z-rVA1j$w`>n79qLLo?L|^0~F&i=xCnKs-&e1B`B3MTQS?m! zBf#nxwV_SJB+x0t43%Xvn#;?Xnq45nB9ZCsb>A!YqSE4ULLLDQ-x6^uNZDl%20P{FL4<0UR)qRU9u^sfIy2wX3U{h! zIJyqeYtABV6U_z(gGEW`P&0unq6KQ^6HWV#3i?Ku@y>8D79TrB3K#fC6+62srr^Ve zXRH!8hc6w20g#!Y5!IKLf`V$Z1^YUFXz)j75xSPq?czU(q5zS62_qQ!Tnqk`m@y$)I`5gcy z_dX}`V7k>qH8ebtv_Evg`N_UomG>(coMekseznWlY`43Lk7G|PGt$R{P!n}ymm6O! ziB7&yl%NK?U7n+s6!tc~&}GQAhc}HE0|-+o~SoAqr_nY=`-^7 zZ+@G*h98m7C@`RX>oyz@sH*04X#sxz(S2t8^~T~U2Y$Q$1k^nNTeWNuon;KiM&zqf z~~Tnr~nEzceO-9*zF6vVLdJZyBnlwgb};ttF{~!{Y-uIN zU2uNq#PoT5s;^ks65}B$nj5=_Z7w=EDbW%?f4mvr9{jrv&$@6}RbBk`5sNB)< zaIHsrze_8|%|17r!i)O1kOcXcuf5NUJXj>S&g0>!xa;bSYRq2)8*CS72=?*(NK&HB zn_Vr7@slJ~rT6QaHdBy!-wuQ(leSdj5V-D>CfZ1RP+AuiWTo?2u_mnR@IM}<07tU} zc>)tRm}LRsJBrqy>@p`)S%+`4wq(Fld17-sdZ!{Ph9@j36begC6oEh2P&zsa63nmA z0zf07XALoS@7-LkZf9q`P|op^GsKyS2OG-ZOm5O@@-4jnmTqs;{lvP+(*%ft{;*g> z)4fo4UL+hrmL~fp#=#{_=J#}!Hf$wf{%K$#)X$$AvszM6_>GR{(ZZ;lkw5z-vuyfM zYVU%3rs+-*@e@)I1>e`7K zpuN|lqhaz5p4WZ$P{)wGevDLHIn%y?xcYSL+?}p?fZf>;&J<>vFI&h%vL3OT>veDM zVV2d7i)cufvT0IVhKS#`o_z|n3-x{3X?m?5nWTE>q1KuE@1Mwg~q z@L6%(Pn%VCXR6wKvR`xs_f)_c3m)^fj}+Y4sUr9v=XrKCXi&{8ZMZ$nV)Q!n`IQ=O zV=4x5ZeXq|Tu7njW%lE$u=g`w`Uh~h4_6B_X@=NOX7lDo{gFepY>`j%Oy3udURlKu z=Tl)3DRgQ~y27?9^V+m-W(OO{5~6kFVQMVwTU z_Ka09fWvVWR(F!xRaLVXe5gz}j_NA4`^7#KZrJ;9wlFI<+Uef-r9!hy#*}X zHeEw_D0Fz$R5-;|xiS0aVWD{;Pi> zA7~0V^FQZ*`PVJr|GNL1gOl}N)PK1+xc;vH{^1n;x32$2{{cXO&!EWX_cH*RxSN@s z7f8)Og7z-(H<8f2pe_F&BB7B{P*IQ(F)%POF)#>0Gq@0fCYJd>%U?x8<71&=;s3+- zfA{(?kFhy7zVt3Mz4rxAsK1OtZxK*RhY2miEl zLqNmAARzrI2hl)5(df`*7@#Z<6%#g07#9kxz;B@1FnaB|Xn+D}C>=iUnHuj6DabW+gTBPdroW_VZ-ybpB=xSUTc}p=3 zDPr1{Yd(S>jVukTNKg~zI~`x0@lgXppY6>j0hCDU$Z(QJCq>PN-voBr43!f0zfX3q zaC?e?s=h4~=dr8bX(QPw$_pBTMrIYbGG`ZbjTWdtUo@`Q6y7kGm~~#gPe{$WGlbt~ znb>lkSmWVH6QzQn4W!|oD}t&-Itow)b&GO7hr zRm)7^%en5EtyYa#`R_b~JSLl-OSPgUpn<#Vd>9a!*DGL*iJ#UnepA5IdJ)rkbga|t+TJ5%UZoxsOleqc_o$7pmOW1tQ(*WL_< zGVV`#h_RfIss=73I9=~A2Ok^kd26kI1k35@V{)gL4rNU^yzCfGjuc!!FdkG97PbBK z!RCHG)`a#q`5W?A(PQKvMOcUa@&^Mtx?_&{IuwmQXNQC5h+NGslKCAuqm&)k>lczV zxg%3+9LwMEEHYFGCTdn5I_ zL3$p?7zV3g-(4sw{ifKe0ZxvL%jk>Ut*~UADY89pl1I^vG`V6((WUPb9FUfg=YP!a z=2Nz50%gh3j=~YTlEkTgZE@?RysLOpgcz}B-Kd~m&>yoJ{;t=L{$XNs^FdV&lj5#| z^18pLrPa$$>)HJD^)xSnWHxQ<1JRF#ZVi(!Y0U8>RF&A*a2NY*{pOKEMAP3on^FXs znn|D^5rjhe{kRibBG>WJC~Y#Ohqq42B?~n>G7dBl_6=O>s-j)- zWO{stWI|?%W@KrGx^woOYL%@TTIO}M4L1kO;)1qVZWR~@Cmg?MHWCfLsm)?@Kqy*s ztW=K(T*xB>BP=%x2@}I^P>OZJ+o~Rkdp($U>Y74tjviFwN8o3=BPgTCv%1fkU<`^I z=bVl?(UL@g6pzW{i+$fdNQ^8vx@QOMKt*K-e9_OTFR>PuG2EByFeXTj1tnsZl%tQ| zyvnvY@@t62KO5b{udthhJz1tc(hxT2gj-2T#)1cFG2us+ZOWz|pAcI~a5a$z+|%;XcPOxe`UEhntO7jHZ=2Cl1z0wD{!28D=d9Pj?C2d9L-OgDc6_wr~%rjQSEj z$9hRh!9=E9<_|xF3@dfl>Rn`VI;VKicRCg?oZJ@A!?Ct}!Up=$$Fy~Sa7ddcsleF? zqX>*J*AHdlDeBPdP!43GU!&Xo>2YT38>R}i;?(5)Wito7qaP@5XuFRT-<|@*4uM*v z=S^y!m#hylt<-W~!6G)q*S$YYV33iDmbDzX?)>uNAxE#ZHtC-xmm@#2=&iDkBY$;` zyVNXy@Nx41{}&41FB`9y=zQ(bonIG9s}HAX6zT9xd0~{ZkBl4b_;bm*jStq_6C!WtJm&M4WrG27o!zM^A4pI52vHwlWeQGCoP4KWwqmSRS(sF zXYM(XKI`Y-E{ysWo3H672h{gWY+|RLM0XdFPxEHrcj1K@*eDr79tc)UDbrd*?>WU&XJz zTjbJobk}*8vFf6V+|%J8bTY%-O*7SZf@&~?JM^9rcD89HSXhow^-*8}BB*8bcd_e7 zhkFdhKAzX+^hwAT3N*LuNNipVNYk|NB>wb~iuO`b-_Wj4llKWNV6>ly(6u^OHB%D1 zy829Rak%ChGqkZ0X-Gy5+GVH)R}2~>n)|URqV=b-QdE>SQ$OZ3LUQ)j`l$=2+<0gu z`O5A2%RA!$*IjbCW924aSvmQyrJ5M4jvT9dA6C4Vqe+$waPGhAPJ5)1*ap)Dl>2+x z{~CYeAJo$s?_Z(MlJiN?#mq&}X!Yi#S7+;w{Wv92Wy0GU{^(I|m?a*c@k?LLWs828 zMe}Fz3%|=P&f5@D^C|_q{AAS&9O1`LRwN0G)TN>@MH1nMkrg4C`b{f~#A3lY#pCA8 zT5c8D4vBa0=f@mZ>%s{#wDoG5~2Od+%<9f1+3!{dJ#dDo3ugQrz7`pFY&QFz%W^ zwDln4`)QkHM@Yv-ffwWN+I9@7Gc?;0{cAQ{eupb~B9T$2`X{-co=XR**e!%Lq}$=9 zrY$y(?*N!apsrj*%$Nkmx^Nvy`&S#T*d_<*6==2%?wj-PZOdx+{%KacHH%TNP~9R6 zQO3oQ8@iG&CaD+j0`+n&d#vN@0LsATZoYHH2C8_EQ8%i49Nj=WfzxOmrPy8_!y~Kx zSLW!ouDjI^`sAio?(it6+E`tFu(d>YQz#h=2(h{`FC0>UHxJA z)4T&V9#%WAi2X4Xk~}owhDRC}{V4%9bxP|929uO9!?{}sWw%~&p(UfBA0of1(nv;b z{nWDeAJq<7H}vpZUma;{4EGT1O2h=0y3#Y&craR!>XnJg*VDf0A}Hw#M=fw$PPa0( zN_R9r8w^{?*y9s6v``#8RYpFNM(W7)Twv)qbYC;AQ9(9gDX)|+ZmfXuN_jGX{}AET zT14zdId-(m&^0J|k(s=lUx#tSlw@H{x?n7frS{6eTog5E)xxu@*u%tRjl)AR0kvU=hkyHU_t|UQB*gantP~LE;J{Gan z`kEi?hVpSvNIQPM6erIf_L(?uwt_ zubZlxQ`FBN61&vFGV+HNd%sswVfGCK1-o>bW9$ zKeyBz3eXQsPE%|C#bYJ%Eko-3N_ub)vlb({8%nqC@3_-MM5D2;LBZ__za3Z|UuuLt z6zY#axU`191Gv&L#LU^RB;Sl~jS^qGr)-7Zs5HfIaAR4MB2n_jOb}~J*V1?yfD?G6 zj;e|BMEC`Zh2SW$wT{|LqGywknW{Wa<&!BL8BtDjO*81b9>|nwQ~@@y-{KEhEyBTb zl>EAhIJKqp@WH555Q0+lYfyIcAt1fv(F>pn)aYYKPzyYjjs)B&?F=T(I~Yg2YYGCd zp_6UIe^QylRx$jbu z>TjI3@i?L6BF~QPBAQv#wdp&+%BDcVJqN0Zl#*0Ne6Ck{?Hkg^MP|ebtWBZ`=9-4t zlt~^=CR0+9$<2YC^(E5Db;08cgzE^|j3tQK-?8&#Yn3iAxk9Ywlpv@H^Pkb^C|S~H zG9%Z*l}{604|Wbsp9Jy{oq1?o%RAUA*ctxLL|(xfE34`X(MiEOz|503gxo$AEQP+7u$X1Oo8#q8@AuPYVXNdN zT_Q2wfJ#QesBs19J=WO1uYvEv{b~8ceF+*J?cGJra3tA)r#YLv5zQAyR>AWpc^d|q zvQ3@m`=y>sX<{7}mype!itig9IKzXgD~usAe9vmMu@E)2aCZo61_u2%(UJR(mW7x? z6eBz_cc%hR`eNr)LD|&;r8H$6m-8i3O-SYtuqiGGF@efP*INY6*t|fVRAn)>YX&dK z0O2Z{Q(?s#NBq%6@e0^UM>_uhhrP23sw3*!^ugWTP1W4}b2Aq+Rdd(9clYY<-Br7G_j=d!Ca?}wbZ9w5(3ZsX$n0^$ zqUX=vmy6U!|6Dd=D`2SKG>;S`P5vZ-9}#ZwNqiie&@WQ1_w~-j(;`$%ec@1Re}9u- z60`L23HlCTsMp5$XTd0^HKCTEItjT418v`1jPhb5Yw0hfZlnuTxq*a2g-{_@A9n}c zv;3332j+G$VZsw{QVK>fOkIjSb%oa^CBV zY1k{c9f}rH7FW5)9#TXb$tQYSlE_b4U&oRbN($qr^h}t^aRO9T{qK65;Mrk9q@tq~ zn|5z-#GHMdbNfRPmtJRD=ixJ?VajK~+@AME4Lv&Jyy?)p2#B{#J4x5hm6r!)t-1IQ zyo0uQ`=6ae>5WxUWqO9>wm7_onHkyJXHgVFXZRunXauq`!)e|1G!yb<3NC%mSniV0 z9Y-8b+5mB73b!|>kQJ8k-3C+r8f{B`K3em)v`1V{*j|f8n@aG#jr-y^N+nFL{*6!W zGWX^7^|q!-NkH5htdr>bWMdONn!pNW&}}20-j5=-u_olQAFclYb@YEO?Nyk9=a*WV zuLJFWJ=Ge$izVx&r(1O9$R4W7LY11H3fS(y61PpwsC9tGx+<+5N7}3N6`91>wq!82 z$3(I7GXa=7yKl7fOcNi)oU&uu?v|e-YwD!JM)YR3Y>U|`o#p%V&Qv0ceQn%&NT-#s zxIod+0HLkwr>3?T#5#w%99v76UIjTFD^B+NX^$5)54xS|svlWqV@_H(w1a<{+_Y<4 zG1uvtrpFdHj-eg{`krGmo1rlV=~Ul|lJ2>RI#H;i=^9KC_mKNqEs2h(?&^ys$VG_~py_6xNnH-LJO5Cm0zFWZyV~QNl9$+E*7`I<^}2n|8jPmIVsZJ; zA?l@+EThp!!*_EIrxILp>RMCixY#4sKK-T#wBop?QrE5zCVdzZRp|@91RS4Zc2hWO z4*{aN7MdiYl*@h&_o+n&$?64g)|WXuJ>zZQAK%)ei7A{R1zl~Sbxkk8o9sWJdgk;uF?p{lWCsB4s5PXv0o zG-z}OSS|NEvQ-L>=H$)j5rlA6FN(@T&2Y41J|ucPkhN>f`+Wx5P!AHul@9}NJf9a#ng8m@@96*qEYyIB-So@isDft6~ zpmv(?E6xlBr5Mp1bpCXEH6LG+{fh#fadtE6llpHj3J!sBpGmO!`83+6C-DX+-l^p( zqi=2HpD3v>X2#I&t`r8bJ{7T62 zhND!Sr29rznlJmY!Y>&{JWdjgNO5-4iNaK5*L8oOD^1cAX=-z%S5_nz`z_fd4~B8f z3uo;<&_jhM4OJK+li;#iZeM$hV5egQ-Cy%V9wU6v-qVi%;SG|3HFY`UzCd2{yH5GX zP(1+y31KEFc$8Bs9MN%P%$ph*J}ejc95@d2k<7%mi2}*y#O-`}F6U3Dj3K_eo;UX} z>Qvs(3?g)U08Sp+cXd9xvG6YOp}cD9sNZMM`r+&9!GsAj>grbAt1g|OnTCB5_5O1u z^*uHNql41e{qYH;t5#g8tplZ2IglPRv9fswEbmd`MsR+UUlE%;U-u^L^! zA2F_1bhq_}@XNT{(-P9OqWAY$Ay?R35_57QB?gLjv=elNdc{;cd)-(>yFK_ zK*g%=M5QUQYw#>-x6aBgBFYo9wbB6Nzc@HajR-<&Ie9-Oo{M!iMW_<1k zssJ`}qj#tCg$*z%(njq<#fjLTr}=eWpE;5zp?>g|O`dg`hvDFtu^ z3Re>#RM|spM(8P2eh(-;ntnWYNXXa2Nr1s85I2a zLf&sQ1DISY-FEUGD{QVs$ZkK^x(*I>w6cJ@Ae6Q+n!kej3VdOI;qqsnqJ}4Zr>~5G zY$iP&Fl1*<(MfVw5;ra6>HmD~thlsy7Y`^n0{bWqq4na2-+~il;)h7Gohar0t_Wnr z_X#AYdWiFbLjy5R@6@{`^n!&(%?~Sr@mLZ_1fvgD)xl%doYt0Vv?%-?mi&(AxQvTq zdL7e*&=#-6xdAxb;}&{UllL``_GzC=t0lLC1~3enNSxQ=rAWQlTjC$v6Qp3jT@OSa zg&beH|8NR-5wGJGo`G^6lFjnuZ1H>fF;i6xCCu8v(L@EuR@IUMG^I8g0}5v1=zD!1 z72U{{Y6L--b=$21sm9U&T&apqPF67NuV%x=GZ$*xSjGBvs$nQtLM5Cz<3Na)I=r~g zBZGdxMwGugz8*%(Vn*BZhtgow0ls7e&tiCvotm&s#Oot!haa~_i-bcme3eNWXGMVxr41&%(t(%Ib z?hVmj#+NdSgJGg-?}$m^YNJ$!aSHozkB=L(iJ*fV6a%0~e^$Y4b<@^obo$gtG9yo& zHW2>=c|p7lcO34pNEqsDPpVV}WfHQRfld`iA9nKDur1^L4Q{>LFCX)eJ_Ru{JIp!P z@}D5}0U>)SLbLSUP&t|}2IJ@FcGJU;kH=Kp)L0Y+5nKG2=(Xa9@=hA0>NU>gi^jyk z8ziI-Ad^EIvUBOgmHc^Q4NMUa}$x5et3cJ==<^FM){{lV?h1=LuX{CF{=^3rjnp5e;)^Y z5lnstaUjGbzk+Ua8k{=(w&f%(^|(D-aDsSCV|y4Y%keV@w2rDJ+;9;OD~nJCdGM}` zVH&=_{Al?lLB;!hWjoSGzp0BzI-O*&BPxN>Mw)wr5OQu3N259#$|c%I7t@Cj(fi&w zsc}bR2h)H97LI_GF56qh;A~Y4Ml2UwO}!UsCaqQVranAY8!SMMW*QUq;OTveJErUx9T5 zm7hNPIf7T`=*q}y4Y0erRJEx;aII}cH$@MX(d09q^W$i=z$)J1=~r-!g>)qb&7jaM zh_UP|h*2QuV0S2$uOr;naJ;ogP%vXf+vPR&9s;SumS!hF z(f2TEplnAG+Y`E7k;|~f8P4CfH0@jBe)P=b@;Y7=*ZZlNvJOi_ICp_@y*nfljZo2| z*#}I6C-e9G#GC_U+ha*)AQn!?!(wx$u=%Edd~tdy<5mMQEsr@oO1tB7%1st)FeY(I zpD)4GOs8p@VbYL+7AFiv4YgDK2M{<6=Q4r$vHrW0R}?fvStHm{sKj{)jGmv_2qOuB z)^J{J$jpq04rWoyM33**Dts9f8gn@8KIG9pLzW?Z(7xPs0L~vF93SJ$k*_NV3UEo8z?&LK}P_vRJ$Yl%W z0kH{jLbRc!&_|ejVigRuu4J1b&fQkc9bhPFGg)t+%^KVaiTy%pqKjUYG}o~vkXkal zmCEb{=yZGO@JQj1!qt_!%I0hF_|}LHBSO=_31p>I4(N115P%~>E=CkzqKfC&D5kP- zve?Qg5HnBr_tT(0bB?8X6r6eUuDI%jFnS<^kP+-#PJO$tlEjAEHV-u^8;1#*Sp0J)Ni|flDwGedz}#=9bPfhddff`!xnwN9ImwW zj*{W{0p}IaD9n7oWd`f26;^NfB;%INq)B$6KrvID+lzxa_f=1`D$Fjup+HUT6;#qK zXa?(wZO zEOF~;=IjkBoOwugM{J0u5Kb$C>2y8($jCtgSE)zWMWbF$b8sa$K_I5ik&y#+ITRV9 zbfs=@E0f|fGx%zMLuHt zln`@@o?7&eUDToQAYw&C^jiZ{b5i2WJx$*;8n4PprEFF%-xUh^r@i3`3su?sJ9Z|Az1dRa-fnlCY+beRfP4L2on@Vcd?$i2kDsd)X zI=ndyu8~p}u{cJvju$pQb#=KD_oh7WswPu87T0JCpK8qn)o*{djG7U838~|o-CRjq zn@2gqwD#$(V&3X&%_7OflK379w^n@=qC#N$qOKhp=hczipu|<&=d4ctd6qpEyLHR3Ky@FN!}b%1J7SiB>_=&!7+6*_Cn+InP*73@g`@RNyqc zL}XZ%oe#Igi@xK?Z!_I5MB(6ou4TV0Zmq{jILGZm8ENJ10ZeW6X0z^05>LkV|F zJp?x!kL{F}-N=qXEv`i)YwrE9WN+sWf!AUB;rkhDx6s-M8`%)m+nQ`If*$9T?0Z1D|F60R1t&RpbP)+*W4OY1F1is;7+RlwSl7R0x z07~z!Yy+}Bg#36EK~*P1EJQi~+{oKih%m)eIWapD6=SA?ltJ4NyPYhLNHm!r1{u6x z0*ZtZ#GGiU1SP>IT0GYapv3>x82LoP^R(UEjvZI4G(MwNmbwoiF)}|2rAS#|+1hN( zl}mUF7q&=Q>mT51@+5JxY3IEeXqjTulEESMkZfpdxVF_~=U}sW4)W0{ldhs%U}$IQ zYvg6_!E|D|B*BQv*m*ywRy%z`C1>eY5xCN$)sB<#{BzXV%GFF6p%i_b@hfW(4=tt zYA*O%CLkESXjUNyN>r^Z4}2oJp45}bx;la!;TZ*u+onvmB{29x6c<1v%uR*n>c~8+>K38_2WXth&LPoxv5WyM|YV(>fMXBW;*19VLEQIAefFYwPIS@IF zqO()HB@*i29Fe0!OP*LX_zVFNemhV+Gu%R%wCoA6@B}HAjD%vO3`siGv~urC*774W za<`WNQ{~jqBR4&5Cy@!h1deyf@tLUp7SC6XL7})5WwkOjj~PTJyIgrjRsY#m&S!sO z)h}O})>5;0E*@&Y?H0N+PGQb*H*tZp+{f1_YL0n>L*Vg^X(8J_(UN3B^soRXLFvXe zKO%8a{TuzR>!fYkFL6B%pgw|jy*9)wOxiE88EC(<3v%IB9pnikz9!&V}{ZK46mF<7Rz^&oBNyV`%g>;aUl8rDL|kCF@0iZ zWHn<{yPC}5HSuCXwQCeSf^+D3b;U#t?hc^soIo6xKl!T&-(?qyx6lXxOWf-$X}c+R&0DS$~>-vduS8O$MnqQF@M? zlcm=;3d)dupjN!a4)J&$&}%rRray!VucErovz&EIrGf|1Z+CCUT3lOlQnA^{H7;c* z!@{gxtXm+ByN&^-n`K(j+*bgd#MG>&=hlw``DBK9S3oV7jdC$ug;GsTynm1BFy#D+ zR(#239SHr+`;3XwN7HVBRm-IH9f;EctYol1g%f*yAy6=+YXT|jWSDjq5ElS5UdHd! zLg#hde^KG-F5CWr2*D?fTYo~@5{fp=&~2c%V!pV}Tz%4mIM!aU(z33%hcoYjkny5% zb)4mcn#$y=K7+&`QK4wu?;G^&RR{s>7A?V6Ll@6ZWH!RoN(f?4RTazz+jRmgc=rC- z%g~{rwZo4#somWxS+HUfG>nb7%wnQ|W5F}S;XJ_7G9MwJfkvv>dBu{;iZ&W}+n0Xt zvna}87S0xCB#s-S8RL7>z zbwM)Gm)%pE0ZC7{ijutbdVU-_+Tz7yp0?MX`|`-qK5?VYKSsh>B3V0I+YbwOwqN##X|1AlC6G0Zza}wZ z;iRO+A;ReymsR#cZ9lX$=PwPN3FAUHQEDU0_{g4n)ZpiaCQFfR#xte(BTkn%ygkM6 z6{hL=rAnz&Ds{YXS|K|sRy$6)fQB!%-3-9!;o3-o&>vj%W+TP8@&lrGFne3*&42C8 zADRyT0iw-Q9?J#E;xbk{<~}eGSz`*Q=cdx8s40bMaQL@e8cOs+Vp!Pm0h_)UkC|VR zHoZ1uWGugAM2y01pf6c=z%2gOb?5-@6iFMYS|q?wYqQB+XL8RM3GGOFUl7sZ7lmlI zLGs4R=vU>pI!P6(^Dbglr(?|=8k(xl!RA(RrT5NAKH21v_QhZbB>nmd!4T1!uaVTt za{*AIwzl7l7;S0hEP!}Dl;~!jv+4#Bp@AS?jI`IS2fyJI5B}!Z#K8LTP#K;fhBGE% zZyt|ghkw|NT}to1ZozO0m3$O7SchA(i$qy@f49QgrJwJeWb?H{WWdkahWol#$?V9$ zw`ss=(j}iZ^N)6PAdCWSoIHf8h=XUiX-fC_xIC_?m!xtb!;{AW%obhR-6chlii!h! z)XIwaMRGB&b+b24X& zyk7VFXJYr;zXPA#90RGz zQPE)|V|15BPZ@*&+7(-vOY-vbF$<2^Lr96QGC;|gLY8I23&`(E==!4*kS$3jX|uOd zdHT9#RJF`6gDp3~&c5*`Zm&B90Z-F*+A1sXWtEVSl8TnlPdKH~3T3bxt6upcimJ_? zcUjzb5GkzPefA)>bE zl1)2`5@(303kjcgJxBX1q!P__^>ET`nU)?usPyjgOyYbley?z*T8(p` z=aW!OJs-WCREaVHLk~+jitng{|FRRN;2fPQ#vqP0e{UAXnSu;H4 zO3e6xRR4c~rMyH8Asg#=xWw2&-S5 zJNyo^@xxsAHq$gAyxU&adZYZ4{_}Qy>ogtl-(f4E`hYt%qra(um5q*y!xuZlu12BH zB6kWAuJs~h1)mSU7+6eYlk?U6rFrtC44mDk0AU7h1?EKC)XN)bBlQp;OM_)o@_iB5 zQcwHQ{~-OW|J*VxhEyOlMI%QU0gE_u-6XB4z}cW;v;pW3^bknKkIbp$=%v~FjJJQ5 z>)GM%YE9SGiq=Hyq2*LuD9B`NTd^S&b`mYw=*KS`694;?o|(DF+3_6%g{Z|T9rWOP zkmrh3HB&%OaMfooN>c7K6;d-2=MkuQG5uJDBt0OratzpR&a+IYdwgj+O2;GOJxIM0 z+VvHC*Yye?zksffrwB)3i%UqI4)OA2?u^?V{UB2Wuz8V)lU5UrDOUyoD(t}YI5)Oh zIKtGwxcG6&$9ODBg8|AUoe$KKIH583cj@p`egazl5TXW+)*R-}Q;dkR7UCS2Vl#H= z*n9H#S%i+%&)z#sH5jI;ZKSn?;X)(dTqt?MIngAoKV!zC8klc%n|z1vh(2gEzj4*u z?oH%eXyty=ZC7%KhUuc>xaZ!K)_hdxOmuFV(s2j#g-im5dHAfEd{h4c76N5aGGb+s z!yx$F*G##8a9dBkB6?cm6r33-7TKAsbn}8`S?*pq+aRbcLr+RqZ*j#t-O6mY^)cw) zSL*v0AinEt!g9U*qix6bj2J6F$Kvs;TKzYfpBj1#_b*LJ5fZa5=T5^1eS=Fygco5Y z3G~7@1o5-wHzv(0#1q||n;)5F7;#$YFS}wVBBt}VH(hq(l=+9LmHlFA6C+wYM}i+LoYy@oF&A=iB8 z9%d_NxRzZ9$OS%jN85m~MmH+*mOVeHp2AgWOv(g=$WWR#oIV$+Eb~i=u6PzE( zebA+G4lFvW;mg9x5E7dFDa{KPOcB?KZ^;5=Q*iz4*{*hwti*^LW6A~9{mm%sSn`kw zN(1x4ho$zCV=ApXJ37TXDVv4?g&1l%I?6Zra8YGc2@}tpcwV5`ypcDWLl5!3RIXF9 z$Ug<^nXX7m#i$$P?lxd!%bC){)btiD0v!J{V?;Y#)96^sR+7I&D+|vbE`C>0GuU=n zp4`_C_GGm#nIE0j4e&{mp|JGzW`|_B$!!Y45vr2s^W*h!WEbbInqz4i@{%q8zSM* z-8g12<#VA^Sw9!pEj0Cw4vO9FHWr$YyGmeHK5P#P9I{nq|pH-l>QnfLr-ciNl>lb$&*gP3xTgUCW^Z2zuVzqH%wc zt#2B68VxB|gi?Ck)Mh2H#LHk=AVJX$_H=f}9>Z)%ED|LPxcyAivn-0HG&Lv!>O^>9 zzXQ@oHN{%y4b@#xZ$iD~mUD*VV$7ww(cPo@Gh^M|mc7S3lscidI57%dBsW&ieeSYf z9jo6FVK_mpiBkR!ePQc9&xC(!#%{oB$NK;S6dkHFcP8rxjXyA&=(E@>Z+o=vt<_;! zunku^!*Irh6Oq`}@5^`Ab)624+v9Ilurdh?9Z#2ZWYR2rWp+H9LrkehdZFZeQLb~t z;zf}9MvYGhw(p6WS?@9{%5a-!lTk-9+DGx5^N;83o1RA_>=;A0v`vwK1znFJ&I@wS zhp#tE-C#n;x96^_>OY4Z!|za#(PHRg%8J13Rgn&`TJhe+Uq}Nj?MXSFEpRrZXvAni z&f5hH{xK?F(H22oEVFF3DZY;$b!aT@kb+EfP2avIsSq*|Qj z*yRtd|HgSake~2ZQCIoeq z`qnGq*=~<qf@h zY;+t&mAYy<;!Q1A9EBhKK_Z(l% zx|xF=w}766>D<5yo2q{R_?*R4H>FX!FN^;GOmembTQ@B8S5xE2$YMTnCV=Yk7{7uq zAAiedR#LMc(z)gD5J>WjMtO|G;w>@bj+Y*qhU~5>qA-;B@2=+#kRz&Z#+I^uwthWi z?q_@t-RVNvgQTn|jffjYm#1J4_Q*1yTwVe7{q$S#3GvlP`^&UV?|5E*Twn0H2B(kc zf6{@q^ewg*>$ah`+AP*Zz9?P^tCNCL;_12zENB1YSgKlE`zBv8sOUWR zHbG`z#x?J6;TUx&r^xTxJn{25{I{Jdd#%ab<3E5}DO#CH?7D@cdGRPT@=9KDA_2FRL8P(^`;$Jy>vAN1(aAJ2$KB*Xyl@Hb<9= ziOh3d!0U`m9EA6*YL_Rrw!QtjaYHpumbQe+szv*~V^kpr62#0FJtNz9wBam`mtnK`3*!o>tQwA!IDIggga(&6lzQcDYW}WZD(pPki@z-n9USz96J* z|F=03Ccl?e{H$$8()1_&9f`l9EJXlJIoz_2#>Mk_^jd)q<51<`O`aOryN3#Ubgj5{ z5N+O6F#m~2%BIcLLzm3SnI2EysM|1Hz)cUa#^pyQ{zUE{;OBhs8}9q>6FD-AP6i!= z5h#~miVg7%q{{f`t5&Fghg={z;Y9db(K_|_f+_>C21u568w~m2kXVMAc^Z^Ik1 zAl3f>3QM3pEJr)Dr=+kai`jM1Uq=6aSwYv4?7FSKU(;BI%>7+~?@3sz)h}Szp=@iy4og8xrc*tnMrlio*ce(}G)A)|nu_;* z)oQ-fW=^G8!K`S+sU}HDbpkq0UUj8m4tHnlZO_7`4Uifh(OpGjLg;3Jn+B2t`pbVx^!u`w z9OojYac#R%64s*Y>g5C?2Bg*gs3FN1wGVU z6oe4htI~Iv9TihCPY#$fZ=EyEkA{s}9$y4&QYCt8{1L0h9?XJ_SKd`iAE-09b^TVI zxt?x{jzON^)qbz)MLFF+aPPCS!?>YH=Fr~~`F+Ki&hnLqtS?|J(*B7vL#+U9N;}Ao)fxJS!he;V>@& zPy@YtEas9Z<8*iC5?9PWb-20gup53CM&_@Id1`eXDaRY9Cv(qvfY)H5Ljs{Q4R%~ zk}^Lyu8N%Je*o(?L_wtKTd_V9C`IiNn=CNt)(;YWdzmpaR|>A|o_tCJ&IDlF9mU6I zh09-KWY!M-dk0V$EFnH>ZhRvQ(+(9`wF@dgX~=-V&1T7jqwa65_QtN{i}avtAa(Pa zbTXVah0it!b3rfe1Dhawzi3kF2tXv6H~72widRAYMYrsFN9e6yfP58Bu9F961Vw2B zu~fQP#+g;#>CrRSd##r6Ne)|rU$zaeW#~OyZaOmtbYRsvGlJCFKUP}UiwOrSM~@`M zv>=Hm2Okg8kbDm>A34}O4VHubI!l5wdigz2QeA}dKz+&`uPb%lIbI#aN9s_2ortZv zxTJsQk>9X>4sNwTn*QdkLOAkJmVa^|{M~u^`X6AgCb+%#Y5X7HFS^FNx5)cl+sR_( zFU&t($~+im+cY`rM;GJqs>{WR3K$rX>(x^Vr&?ZSY#^bXhv>sqEb84R?R$r67=uk5 zs@ITnL;PPYR#n=GRm>CiRFhp5)LB71<4&~F!ae$4=YwD4>AV~f&Wl$1GdF6%EI!mS z3iK2lphMSv<~qveh;1Jy>f|iW;;%~~M3JDo!c*z54NL3YfUoYvj7II0B(SY?MY)L)MZQ0X2GmJxeLfNhk)CkP$+O-9yNHA8$@GAyWdkkw41Ils`vC5|Mng z7Rop-9Er}w1eZu#^(2FQjlT;`_{K?&Lb`FUZJ(k-0F|bU*psIyqrBsEQ4;uUzB5*eDM`(U%_cvgnMZ zAcf}&>**CR%scd??g2?Gsdu+cJ;_2#?2qVk5cB;(&J+nupS&VsTd`Vaew@xaW|lfk zmD#%3=F^TsBJFlW{?%b}pIV)#@MQj3;L6FQp4wHa?jN8x=#!BYx19mH+QJaI0~=Jv zR+&{^hJKY(bT+g%F(NM9rt}KeohrU$j8!6w&?G~gt4b9q3Dodq#%pAX*~LhtJFSoA zY{yKn04F#;=P%3j&G@u_`ENv{!ov8omgFg-z&r*rCh(ijPa`vD^IWvdFMqzk0JD>+ z+e<)F)QBcZ4|ue7j;3Ev0jCF8i_&RvDl^3BMh9QK7~U#Y?NR!rCYyEErpxlmwP$xI zqPjcuy?Z($2+ORk;>*}0{?1PKDCjJ9s@iDu{)D2GPc&kwbp2IhphGf2JEMC!6-z>D zC1~#R)>g|M?fTiHMuiLP4Mcf~N(QjVRKBNk+3pk)4gDSI$5lHUS@`(*Hc>QSMUvsh zsQ338gR^553(O>~$5L)~@OCzwpXs(kkkN7nnim*IOrz~nJLMbTb}Ojkjmyi|A&B~E zxf`S;sP?D98Lg9j-63JyvqQHcqtMh0~jxl-IwLv?LDzjYfwVQCl=CY ztscJLoM*E1g#T^{Z10Sq8i>e25v5YCwNm^_IB%`ErFLE%`MS3?LtO(?SyWL?~o3S5P9FXGdqHWy_!D0 zqZYVIN`*mCi@&=-vMxd1-US)!B3z$W!W19TQ=ime{(6iJm5ib;SB38Br22cU_^1)| z9CpPuoW2?5z_)JSPO*_}^i2-&ER;T1XYou+-K5H)%Thko4=Zp50<9nm;!t3fi2gU< z7sbOQtEZ{bps|mN$BeCifccNLvfO+oebKkXrC^6H;mHkf;-e0NX2x1|nlz#-Sqr$Q zVCOAorS-b(^TPGyT~M3&q>b6I&P9DiMIJLGAozZpzckD{b#=S5Do#6aynV}Hp${6o zvFZ)M;jW%DH`=~4sUD#qdy0P1At1Y0ufo)KMCsHS1>wIdVa6bE1|jsx4H(8S8M_H@ zO@qBhcHugl_l>^&{h_~JghkvX@IZd2IzBR}AFwr_V*6tF574g_Ly=J8sN(LO*dvzp zZQsZlkD+#c?X}q{-_B8JrV)H`g?F(6`Um*bi6|^&n66r#)wC0{P0&@)vy{kK05U&o8wr{vqtrA3n)OdND)@4#KX$5MhH^Q9zvD86Z2R{=0~IT?)#q5Ik>uA@S7sfT_*bY$`IeEP4>rD z!SN{v=p#DJO{LAp2rwqiKhYRp{JQnz`%i4Br=?b({6svoeSL?QgGB3_8Ij+o_q&cK z^dDWTQ2)6d1*-`#1xxbz1K)c>l^cG3^M9`3inZq_sL7RjC-bD!`fBtG10$#pMt?8( zxmP$}gj=xSRB7=I<^QA9{ufQ^|G_OYQ+G>NZ*OlFKMN;I4;FK0M`IaNM@x4X=l|Ma zb+dG5wf>(C#_l$zZk85bj2(U5Z5^GRj9uJ0SgdWW{&$c4-}B!%IM_LP0Bk&5TpZjS z+}vy*Uf>*@+?-qhO1A%9;Qtf-p6(u|Zj_V&drPPPHk_%2qwRlx#D9DG|E--ea?-qf zrn&$pz|p_|+~dE0|L~w;FreX)q2UQ&(4P*kP@z%aq2WR1ausEJ%q+&j{)zuHKZ~f0D8HyEGkbV= z4F9*xL>A^xku3cDk)I1vqGF1ZnPa3=atjJRGs{#kr&ZH_VgVKkRP#gQS>OT8un;hz z&CvYt5zw%wFaZd|1*bM6-;Ip?2e7#@4G<{p~v1r z1O#CXJBZ;&O!51`@oT#54@QOKW3-U^x|EJ43o_HqH8y?|M`8a&+B^4q5E@fR29fk+ z4*Dy)&}aU0%#sp`X+l36o5HVGyX0iJ2~k)Z)YB+P0)nlNi_~Gt#6j|!yhRn^2$XmU zh&EVa%dxm0j%+BYWARzYrtmIUm!B00*@yoDlAtJezY@awB7Z+@9{U<1G){idL`nJK zw}y4?Fb*8}N+<+?J(w?v6#WV7KlzHK0WbPTh=j?9ewxS)n%y8uY7MSvn2^z<`*z+< zT7iU$J_mP#vPU6A7~Y9ujzd5c1B!hRFfUFzO+sKj>yf=(cAriI>mf^t9ny{m0K%r} zN_-X#LH#rHPjpD4n`pzZA6D00d^$?fSKFour!bZX4*7O|j2QaXRT_YNn`uJf5eM~? z$V$>%8V~QFDTH{*ut>)5gr04S@GJ>ShQh7Vbrd>SRdo~@;d&*~xwlSCoC2zsYLJ9C zrZEH#Kdfj7iyYHcn!>YJbpTx#^9ueS2JfScBt9GB*(d?W>H&a( zW0iD4!o*GrF(Sf8#SDdYV#|ndwjIU^6>-kGl7=<;-ZV&T0vj>_O@#R*O+f8~NrgnE zJEw#N6$Jpm8{e`=z+A#hPB)Y;_>w~07e5=Po1Vpz&?@d%k z4=4oOzjdbH2)8#>BXAtgABISTRA-N{C6WrmiGPbzg`oaO78Un|zo-eprx^$QM9Dm0 zA0u>wHIWW>H7=4wMj4-vByxTrkRd?|!`dRo)}_K<=JYvpW(J)H7%lfnJl(hg z4-mb?xDj0$o}jP?_p%A60pE8o)H5Cu)oIuRY!AdP6v)$)-k6bxXArvNTJu#DvSiWs z`vDc89x_X}gv^G7dl_uNjA8@X3+RX<7b0en&>TQr<^)q9|7HqA8v;}ws^d)kcmR#f zzOQpO_er)Vv`plQo^C29aqlRsDW+=_o?Ss6jDmoT>`(~?x^dmHY>hztdqDwM>nWGB zkpmbB@CrjsFqzQxgP9P80A`8LbGl|H0VF&$0F}4^c)Spgd1#?ZD|Au?SYQ z>XOsU64~9rOsqvW@fo~wxxtpg^74%ee8Y1Jsn~j*_^kwzv4?}V0RD%+7*E{aee|dZ zb_sog*Lw85QmkamqM*sLvpTy;W9YE|;LXJ?sXaj9r2@AQJYI32M~@kfS56Sp6XB+TK9!0Astf~Gs15Sea4!mxQdfCKhRxEBb{wC&_t>} z+oN?JC?fa?VUzeSwMHh+vYmsUZ`PeNhP+z8y{n0N-<_@soco-qm>g-y`0APZ7Iqrk!|V{b+%JtMkMUh(-&`Mb)qbiJ5G zwkl&Q5*R{FOtL#>*Cqv-P@xmXD<#LClu6L=&@B|=q(+q%7!Hya3v8B~1E|I=x?2ub z^p8F|eF3*ywS!+7AOLBZxEb>h zjfjWGIT=7U2fFlDVL0u@6BR7St&npO`D-!-&}4cOGG#Aa8xZ0Qtk`m~q3{BC_dG4H zJQLUH9L+vZW-+U~ZNDmxl$ofQw|x_On1@%OV`$>(R2upAh2+?=CAM$Ns2#&zR)u11 zXOw=)Vni^<^gc)SI0VelG<-xFic-)W@I=}taR>vOilYu}+O<+6*DDbqu9H^>?aW~C z`PjTy^Irj~#Da`_QP;Hsy8ySl!^umMNjxtO5D*%U9N@=1pWlv*n$dzmr4TiKj-lyaaYE0vh1_e|hf^C(L8q6R^|!Wy)C=BeO;3VS_;D zKARD)kgtnN9#|`9COPzv@91)NBD%#ZJlr{77()?5a_=Q|$`Ut7!-j*#OYNWQ3k94; zASm~Y#nL>_f9$&vkRwQP)mG6VH8TLgF`Dp0Q9yP)+iiEKob7=3hKRml=L1tgB$P>E zANQQs8Siz#i%D80+`GGBJHGd|;W4%N-6(;7IQ9mt?ee@(gTN>xQ*RaXF7?EOA40c| z;U^aQbAYnY-HQU*mx)~2$m_Y@3;0(r6EL=R!Tk$qUgAp^=KiR6{a*R?iFpcZ~b=IZSl08?#>8IZG!cu zlF!CaPXWATW66@2(=B+V2RD{d>L!Ukc?XNnN#KS(8?dOKy^0i zNI|;&%6B-$d$OUbdenhg874sA@e|E?ke(RC{m4Uzs3T*+J3!`1ybnRJ7!g$IT&mJD zPuhh;-wjpnc#WSdK^QzVWsb(k#^6CQuzesWM_ff6u2Q8|A&e?(QR*P(*59K**R1vU zF?AM#24g7Qt6I0P+G=BPgv4t~x_tj_g&jlqblcj{;|gS~O2r&pA<(>JUsUO|Job2T zh7%KOiM{OH{4JgEm;*TN*m<`_pUP)x*T#Oi{DV<>u9Q`EEtP!Ml~wDI?YP3|N;3 zjlJA5ejh4-DQ!|dP$UKbF>tsTB?wvrFSkx^%)NqeFc!SR84VF4!NSHR{?(p$5P$Z% zY2oV_3|Q3;NKqvd*l4h%WXk3Bfp635Y17TtqJey)-b|rb_8r* zSyi~Isi|*M`#??m>2Pb&oAz@STTTXSxme=OGH^>B%ss9&0-CT?!iR9*y~=)pEm9ET zNfcmsAO6ARtxvSJJ>G}Ee`4#4Mcbau+a@X5_QU;c@3gk%uz+L{07w9$81UGYj$k+i zcNh)TP~?L?`{dQM!Jszz%k1rk`P+~1wyVqT(6-#6e`UMD{2hi@QZt*jizRU$T>0c z2SDO>?`2i^*#f)@zW@Sc06q+eRH&G;-gZ@ludI6(YJaeA^A%{zW^kMK{@t$ocjfHw zu-q@WvVZT}{re|^E^NhJIfx2?EMr1SEX0})hx_d`-GetElNAL%cf-Fs!v603{O_)A z{_bL_`L+Gu-I6_cO$4U!5q}2WR&an41={eSK5YbGL1dAl`dLT=LsTfxbVn6{ z3@ZYNiS0f)VYjv-l4fj{dus%Kx*cA`B8J=q)r6201DVR6sU*O8DQPNV^2tI&@_iuu zC7{Lzy~%iQ!Nh0=n!s2xTLnDxgLgI`aiZs|OI#Px!7fLj4@**E1L_jIRU;b9L$!FQ zIRkbe|qAiInQ0{lb~E)4*|UAXpKSPjCn7>E%CpMXILJUpI_WASh?$w0=5*-ZRalm>#E5c=g+b%R$oqF^Xc#(~UKBtdYaw1? zEL1hYfX;O;Q|S0{0$>gUPho?T_>f08oX8mK=!ayI;i?*(s{k#%pywsTQJH6D>BuZP zvN{7dNrl87%~vR?sc0^3S;A}M7U@PZX#vv7?zt86ZiTslpw%ch)^eyeBV)Enh>191RqAA z**sK6jIktWqQFX1go|aN(zrE9U_M?l0tQJyjE%-X_!tV#NB{)Uanr~%r>8(U_PEsO z8D`k53<^A-iPp9NZUX$HE?9$!dItfn0$`j3oh}VM9>MQxOj!~noOO8u3r8}AQyAwa z2#{a_UV7TabO!7u1pQbmW$1`L3&MoRWG0%5A$n}Y9D{?{kOKuC%gUB%!p#ui7hD$Urpq9{3R|1AH&>*499UL%Sgljo(&F#a{-XYI_K)u*_ zGs*~VM;DCZ(bDI*=@ej!2=%02St5j$D9BvaWj7wE-wHSj@DqffCjdAy@m~C^6Uly_ zd&h}Kp`|$6-bgSO*X+NQs!$3LS*^C z0x{6;0mTd4Smb*%c=#FL0ahoBa|8fL!6k@rOL)@2X{;RY`-o;_A~wm94|ofp3^vSP zgVPd&7$aLt2j?chNoT?KY`Xy3B*?q65!4yOj}xB*CFkBYp*jLMj6A`I zhmRF%y6&k)>VXIrNEQR?Jbab_yto;GoupyhHiX7N z?IoZc2oAZh_D@Ne3@1XA5r`)k<00Y&RfDU3%g>ru^1M2OXATJE10H8GwpiuCo zb5dU3#>v?uN*%1iXwXi0pDghI(Ht3_y>WZ3rI=QW#LovU_(2RRPnlmzH9K~hbVT&N0pDNk+R?z91% z#xj6Lbqx{0Ze(5!%!4vE4qy^c8va-UgaCaleFy!b0IVoX%Up}<(4Qi>x1Im_+>i=v-pE9EGn*$UYN05V@>{FVX|0Gkm+u<(=~V4!tf)?jR(^yU+C zJ|F_v(rZ<)dzb9_&>%H@Xw`7{(VmqyOWts4HDD1!tT)K%%0){?j;UIPq<4U~aLLyW zsD3XZpX(tu(o%c|LZnI92~=X4UDbvfSx1|3lj6?`2~*un%-%8Rv1Q9GDTfab&b261 zxs62@TNs2a4c87FPYFAV_$t4%pxAmX3uH6Bs;PS#RAatLH~G=ab2WXpYYEFv3p%lpgu~ zje=ZXPm5bC<#ly~U{rrqY%mJ@u{c!I64IeT>V&q4S21y%W=LNM@0Ebljy-cvNS3PDPM{w_u$V` zhaf;P;$;y&Cqz($lz~8(r;@9j9*SC;dji01w>M0Q@zER}5D!gWXN)uiyU(rXXH`7bhrRKnl^6b!; zcTQj6nUxPGJ1wSn^%putdB_6wBg|mLmUW9x9G4^smYuoq9~lG2S(DVvqjjDhla21< z<7J|St4~zR>M}cf^3INQcV?JOsoy4BIllWb?yysA+5+TTIVz=ZF zhwdlY3%X|zqlN_DQ~R9pt4(vLuXHATKk-H}$>8eYm$L00*3v8PJ0Lg+ktXnE1O3^{ zZ=65y!krv6L@_6_Z_wKmwGa-pE>I#1Vj}jbjVC;`dqsusdBO?tW_ofV*ytLn!g&}( zSaj)TD^5CLL@Z4W(-9h3L1sA^Hk+3#%DSzsD!EJBt9e-zm`X5lZd&R>?jarq@~!>6 zC(^yxE7+Z~1~_Bx?8`UT&j#4KV?fI&zB_?O&eeU$!DVNGP=(?)j1q61bo0zioeOG3 zvplsXcb=D(t39fwb5qA;CU>KscYW}w?ID>us(L?&LD0-V-bllfbXlB7%@Swskm=n) zh;DFe1;A(tU2T;Zxxo|SJCC<292Mso$hR5w40BalS%_{{v)rjJC3y?_YMp)|)bzTP z_#9Kk(wT_VXX!_XIi`a`nOQ?!s`* z$|5RRU`P&qkO`{!@OKVD_b^92pP9|=USF^wMdsrROmo~k^C)~ zAn@WXR$~|+4cibnvhO7;kkuHvz^GfZorg1e2ojZf?kFx30tq)| z?Nd36t}=38=!%t12%fV2O569e^T)Yqz=|P2zCYSa=LW>61yG<(!|oKGCG7c9;*z;) z-n2UBD#9gAODmNog{1mCjd48%6arn2E8nHFScId|g)u6DBOq`BD=?^YZdKiU}&A?!QoM*i;F1pIjkTw9Vn22`4A-r701AO?-Qv*mh@Yo`BWnV$UT&<{0zu!GQ$dEe`D;kmkAYWw4w5WF={j$iMPsB>q?r0N zP75DLiikoFmE=9+IhfY2t$596pc3-e?i($VlC zSia&4&881S?0|*n8UfPW4UlH_c9ZsrP=|MPqT5h+$H^9y)GH*8V{%kaFNVhq@@2iV zay9n}M>u*+jClHV_tLC1NXkPU!$I^Q%+ zeY;S{gw9(r&7G9Gk%NkvIO=&iI4|B)SBFwqy1_spk>RN`4?`7M%!Sx?kl05?btu>H z`b@U`5VJ@nu?te+a%8!->_u({3e&FdkvnLRtLZkCkP_Mrap^@SLm)1({tBzy4!Hdc zlbJ#Wv-7_2|0 zt9I8LNS43=sSzMaBeYJ#k6xtOXMrX;dFppia3vK@!wUsWPZKguXQabGW`a75iiIFm z(gjQv!3c$no}a+fpFt362(a9-gLIh!hP&cr2CTC<3N&3$mmd^zEY4%-Ufw2I4N)H2 z8jTBo+ASAEfkjrrNIM3EZx+L^huo#>dZ;rUnY&(fwk^(sEweNgU1A5XK$531{Om=v zFd>{OK|&>nHy=$B!j|Oe!K`cx3amxXwG#l-vC*0ASV^{YP7%!l^~j(!zZ%8^8aQ}c zE_?_FMlkR&sx8f2L2OV~I!z*@ls!0EAue?q4iex=VlwUQ6R*z)u2Jn!@@NL^`+A zXXZL!aAkL{JqV}>@O9q#YuqChm==qrw^9S(d_HbI1;6W-g83K=GFdYkb0wu)=rR=E zBU1n}j=;wgy})c9Ky?D$e*mZP2~!~`fC&e%JSQ{Y5&#Ni5w5=mX!mW= zVBSqYExn9)u9_^V9tOZOpGxS=S2tP?Up%0!#rU_#7nv z3ZjT|jU|w=kYz)G#NAH53`iW*?86_Y;9|T~k)-ZoY$N91VnR0=kXATk!i0>ATdesl zwhYLJ1=&)J4Y5`Z0JuuSo4=p`MGE|>`af1oWOU+!nEAF}Q~d`3zhD1Hk$!FeY5kua zF1emsJzlmP$vXOG zR@8cSV_3=Y@V|BYzrv>f7?3}!|8q0a)8kSj6Vt!K1bk8d?d^W1|1@d+uLH$_@^}63 ze~jrr>-eAguM1R3i+|?;US3{fqmp2)!~0VG5N}*8b6i4&BD)U{J;F?H|l@tU!woE)L-jA?Qi}6 zZ^+HR^`HF#oK*j%{{O?DKhu1}vSs}JT~B7$)a3eYKQEen#x|;sv);jCxM)qB?4f6K z#?TmlYy5wMU4J=@Kdb-AQJIm+ank(`aiej-?*{>2@c*_{TWK}(zxMx(`hOb5@$dNm zFX#2=I{c{r1%M`SSRVk?9qs2dT)TG7b%H0LWVvb6CLPMexYRrVl?7$gU3^00k{1?~ zROyVd5OyD)JT)XPe!gp9%+6h%fPzs|OKZ~xLDRbS(70?sm2&!wXd$N(P@@KfC6f$X zEo|(i&_B*B^gqrlMqvWz2otM_O;{7ZX=~zxgVxxY^rRbETc0d`G9u)&{H(N!3SvP) ztwY_U_5BU4(^vOfQeCcuS2AO*-#oNCHpg!IsUvOM?+F$=mLF@H^{8{{(Yf1b3o_I4 z(=+2(2_>wFiQ{s)1=Y*4V>6b96~`@|?HIARrm4B5b=~?68{0N*_Qm113Gg^O#qHbF zX}h<{*lpbh>{0}_b{@3T+1II#@22VQ+i~#FuH$wmcXx|)T@<0~Hy}-2b@2@~WrsUA zaJc)|mGO`)a_!zVNb>le>NA8!daQCac*T@!&bY^S_tppuj(rD`4YIV!mEhr0J*8G< zRtg)bxMq}|&&BleiPy|Vj5>?h`Y1w)F%d89KYF-I*~Lr)t1|SL9xYO$!>hX6i&H+} z&K;U$NLsFCwOB>OYEBj+U!hR|Xc2bQ@*bc*DP8+}#Q_0F7z#%2 zf`oM8rhu*Q&YKG<+w;z|2s(>A$#qZx-gsO0sqI;~Ltu<9ec-^4?$A#28Plf=H6gS^ z`TFGp;aVQi;dS#52PcF9c^Bjffku3HHr!kC6sqU(v%)%Lqi;S7*WS5+AlvMF#y1M| zz+X@wTXPU=4_I+rA$}u!qWLRSevY88;DR}@RPMCG^=k&O@3JW|=P1lWSDo+LMfeCq z?x+k_%;#`wI0bWcp5sqL%Fj(gX9$NJdlDa~@Oa6uKyoE~WsnX8Ix@-UiXWe%-;yIP zM(L%d)lTkZrp<6n+50j-Ll^sgu0G&$of1>xa+FI7eEnj8Y#B%!9;^xM#_rUHOi#E| zrytvPXL&^C@SPRRLi4-zvC9+gHpH)QyW5z!d-(23)=_iQl?MNZeb=9}|A|r3&7zUf z3(~(T1M~&^Z%3tkYX7MYw7>U%e$HI~<)3}D|4RT1;QI+cLqo&+DN{y3aHOzk`t<1| zYHHH$pl)t%9v&WpgM+1|rQ3pnTE>noO-_!9iOI{$yL|cb$lZILot@6k&L>ZvtgEYA zl%36*I+aSL+S=M$TU)oZwvJr9n3$M2;^e#{KR+!kjZUZ6*Vm7vrb;A|z`#IWW#!0@ z9V1rOBTt`Rad3E~sd?Dn|CEZ#-E-&enV2*sCB1(A`aO~8>+AaueS>ET3h&>(9XWht z<;s=ahYoEM2x_XUM;aR+OrYnuxO|LUrJ1VO=^8L5%@k~k0%rD3QxLg^G zWWQv7A}6J=wl1W&z63)ES_xGPX8A2|UDvRItDuW0uMJCXj$F4hf8%bT6fs!J-=5bY zjNa2TW|4jTvZMtyU8jP3L~Xjpy;ZE1)0YCzUIi3#zCUsB^5C_*H|*Ces~#BaxGT9% zT7CTCp~tOHpQ^6h^5EnniDthqql@YgdO4!TSfJKbbR+X0rQeHA_mpOlF0_PhmpfXi zM$mcPDw=rARzFxP(9u@xZ*Cs*tmQ)gos%ZEQ;P>Q$Hs0RnE_~CKiptHwLr!-`{-Mm zlG(AQi6zhg=!urgkK7b{(KbCS?Zx7}X`aGfOix ziC!<3 zt9gmnuQor8Ib?fnawvXxv-2j4*!Js>dUg`mIqQ>!^!?BG$9HBtxqdB|9W&ss?0r$a zI+n3`_q)bWelz>k6LC+@jH@fh0*b0{#weXt?>s$ROcxj}In!a?XXrF^*5DQ`QVX`MQZyFDio(L|wZmu0tUpKv>UM!5i7?(CuLf9Cm#+Jv`#y1x`@`YW+ zrt2xWz<4&DQ#@ud&5)=tPSTh@vw_E!m$RTmnRF|@3P|c=LecZ)9A|kT3=hq`V)HD9 zutZu(7$;*&Vlqk6yIVEuiEN-7cGcZ=J;X=@=$h@Zuc#O`j%T%|kPL!2^RkYMyVkOO zn705(#J)o`%OVSbTrH-jg8C4%S-Lp{!AOghmt45KH!m6tOb`;~62)f4&gobJL`rApZ8NreP2XaCu-GDTBLP37 zXuUAJ3p!aI8eKQ%&OG7PlGTi8#Es`X5+kQZD77LaRb#oWxFMh$7ksdxJ%%R_dzdcV z=R$6GII-zcoykEBo8^PI9E5woPVrqh_&&>ghe>TG2PXB^x1mYWB~*|knfS=MyUqQ^ z<_Af8v=mI%Fo4;&Xo(kkaIIw9^~QZeZ7WHlm3ahhBPKx970w4xW3qTADnaI$CM=hP z%B{^ph3i1YEPm*z66fq>1tn8T9vXJ{fpDGG@{I|-Mk^QFQDw+{yWQDqW^hhYW7>Y` zlCz}Iw~P~EwnT&saEi(8vzifCfbBW`c=r-+@P z5zx$~o49K|JNIUo3td-8GBKgkkK*bnp67PE@~NoNGLw7GNMQLZ9rypke*d42hSmc@1Gp{&;I_W|JVA-|4W^JMN*Q~d#9$RN}d1d)2DNCa)PK- zBO{{{Tic|hq!DIRTwGkl%$cW1B&jDKynXwWxp_xN$B$>vCR$iXeSUd)`8sLf00320 zRoiJab8~ZPTyPhUpFDZ;J2Nx(`0*hjAyQw>VY5ftHoacHyqL?at*tFADB$Yp{X;`z zSW|O(M8wGR=g%SN*|TR4ckZ;exBrny9C`fM-OX(Tf+qR1+mJIG)xZ*CLGVj}V#FfX$ta=K^;DX-)*noWY%)KBV$e zP~enrDBFFrpF=NvePGRihLMvRoNG6sps(1ZBy-$#WyDC`Z2Qhf9;Rc6d-fi9QF>6TQuOxSKi+|W{Q-$&OkOT7 zRgKCL-32&BGTLRX*yLLrW#@stX&2{S$8ui0q|;M8awjYU;D-|%`U_723I`dBvoLQN zC6fB#w(K$9lSk6;QY`Gv>8e7c2FLMwW51EVDX-N=k6QC6qMcd~NxFK!Oob3L$X zSB0o)N6_NV0?W4koP#c{Jj$-E*VOT2=XsxPT2Qei>_;{CrfEGcuJLE@vM>emcY6wB zFP#;27hXGQ<;J8-n!0p$3Oq{nme5l6S5%p9foYZ_(g(7$KPqXRzgpSu@a-lKRy?*7bu*BZd6Y9Jn#bBb&d-NqNJybsEX9}Tte^QWtWkY5e}?l#B`te zvNQOw;tqq*3qA6Cj+{M#IuFg5oo^;{R(jY%^gwB$^EkWj6UD_s5jf0S7+o@M(~$4H zhX!M!@al!V5KHn^Y=ixObdRlXGu8)Om zQ(X7DsJdBGsbgv;1!$SoT5nR*4A-8`+!PhLXwxPu{;lSdO`DJ2A1qNDZ}MQv&QzXO zd*{m&`Y}3-2OkLDxntd1|3b(0r|f@bLTucE$gfTTeqsJ+OSPBg{C=7LquJX3o&W#O zTK+(RQK#wwcD{rtph!{b??@0ja>)!ZaYZZe?TDY>gnIB z(SI1Ytl^?6J@d#8fn?-mZr;DCgr^c8+($Ikp5By`mxB~FQRvZoNw(nC6S~vVebVxN z@fp4GOI}{C+j*=K%a?QMSBz&&VHc9#sK{wJ2YKc#gs>5w4mmk@LY1X{pvY0oK7`7l zjCyi1n7fv)oxeE@UUQ-jCWmk-*tMw*iuE3p89^I?R+y%tB47^YF2B+3Y!7@S_f7Qj=0o?M-8jBParL8Abg~`{nRPhgZweA6@Fe+nJS(dk*Eb z>5v}^PDb?{-)RaC)kt2>xT<;c{{0AH;|uoU882=<-=oaVyC5q)$+e^!c#M)v`uNrd zaPj9Omd)2|x6PfStKszAi#=5zC2s32q|KV?Gw-sj5qE`HO!p&RID2e~!|dFbEE$11 zLx@4+ZagwhG)=zUxp3=`ZdhpI*&|2uCaf;F%U+rOfGiPa0>X3G*a5bkr#)p-$l#Qh zWM=iO2VN{;$jgTd8&h&l@krj)nnMbp`g4(R$~s*@g^~I_GbY9E9YV)B-XaJQ_v=HG zs|bPYvt{1sls8}kMGPodiX z{QS3%^&j@Of7}26p8byn6o6(axH)~&m>)0?0<`S&cijc1HlMrm@}u4UfXjy!;n8;i zcrd=>>U+uw|IGyj>{I(km}b&doZP%j=_=0dVaqdA?IL%<9s224u&w@rqzKfb`>71pRoSuarXnKcN(?N)t<|_z)8M*eceDiaPg-2_SL&R ze20gRsD~dveP#@!@T=E9zL7@X??(Vw=HZI}3+aJBt^a8m(MbtkQ~mMf`cHeiPwPLZ z(vu+n*8l%M^#7yg|6~PzNBGntXWv!u)cLeTP_N2*}6@zeaFs@UAy;m z?j-(S@Y;W!WPFwWr$({j6JpXLV-n+{zEJD&In2J~|0xbXum2wP|8^AHzt{ghN6Nqa zvybyXP+IQI1^}T@C?Ec8z;T%J<9dt>uCv#;#@E)jg|G&2Mgm8=EkSH zV9^T_V_mVB1&Iq%T`)r*A15aY#T84B%SyM7jgvx*N>5mj?1CjPNRC?~FY`|{?7j&N zJG;LK4f{{g_$n&c{#D?qpMw8G%&`AfW{k2!dgOb2TvTja>er(33wf|}`XVEooxdOt z(pV$*TTq~WI||q8%hw_GB^&XFkaCa`S&GyLT4l#2 zCN5ZLOZik`zYZ&phrYi>%D>e2x5)38`u-Nl z{8HcFB6DBr`&*>xOMTP+oTPq;v%b`~aa0R_tM3mIo+i!3#Kix(-alCTf5+xN z(&smz{iM>Y1!?JVv3~(D#}Ci%0gH)`i*B7J@j+}yNpfc0f- z`33MFI4Lcp_@)r&pM#Z_X-l8a8qd#4(oeh{1^+D;=Pv+nyCC_SnJt}Tew5=6)7W47 zjxP@X&%*x@&3z=mpMw8^|I$En{$KB_e&X(j&i`^}_4CfZMRtCVF&{Ah%iYz_G5^c` z)oAA*SUNW~F8iBU`jbpaH&#fW->_fU$FTbYtZ(7)ABFWT4F99BzJ>pP6xO$h!`H%+ zmvMKAUywPPSNYgvG&lCqZv9FZGLohFm(f|M>nNu`{@A3Cs>P?qa(Y~9Y*g~Ua&tdr z?S45S{{udM6x>f}{tMnu0~|$_M*ECF{t{W6^t3qEr&#_p1Nlt;(Dt*)jf!^~D=H=~ z^|z$^b6v5rKIp~AhQB4MpJ^yH;AOW*NDPzX8yl2@1GGIyI-h_r>Ata zL>l9cA{dvJFgH2lSDN?9=ss&7KI9%o`}j;S`bqm=Qs=`EM;oTGMpI*-66ce)zYY5{ zaof*Lq^IY{A*QjU>j!_z0{#rqjMT(GgXb@}Dcx{jKkA!DhaR2!nUVi9QTi_me42v! zB^^I7^>>Nj==j@nnNQM{(k#lq@QVI)sDB2rf3m{+!}A#j@X=O$2LDkH_U}CEN5rHg zlTN&(b%Y<2slSEb?-I=JOS7*zAD-VpRZ5)?NPLJgZRe&&Wq*pqr@%kE@@4x$B)(wJ zXdj+mK(zbw5I?HwW=oFn7Y(^-*`kqJprbK}w?KinxFIeMpjRBUEkYI>UV3sz)|t&@YT zv$UirIXNzs_B9&_{vV+8|LPF_3;h4W`M;x+mrv?H?I|?dzxRLqS48Gx{pWdb9Pqs( z0D_>BhN+H$j+PSh0*&3GUA&wfJws>{=Le|BdFmK==wV*E zV}kU?1W_TzSo?W8zKjudUwW;85-wxovwYIuG{S~;qVf8$X)NThoNLf zR9;TrE{L`vXi|-f<4_C-gY+9 zGb^MNloqq1R^U%t!bgV*;NH{OqeqKX_WtZhnDA`_?U^SZEjl!MB#h0%5smD+m>;28-U!^Sv`m6SXvkWYL=F2hJD9GB8z_WLmns3 z_V=AXf58Je(|`Vo$gCSMICtkt$o(s3yCy%mYB}WfT-1H@;b7l!gdt2bVy&hn9M2z& zG1;cDGfQSqhUKvh7zmk9FEg8CL}!BpkCH&T9S1^<{R;!JAoo0ZN=$M*edqeXdWZRI z0xA3r?|au8bTi%sKrND=6X4$=$ zfQa-^9H-t@a$|fePS$z`-xY~l2aj+asD45^oCoIDV6%3gzfZt-{)1nzyt&3D)q(+Z z&uYRtBB!msn<%6o5 z`VGg!S9Y&C`n0ocd`cq-E>C?Os4jxu1AElqAtRo`hojWctL#=<~Tra?hvwxWN{EPc(VKE>sh z+`1zKi&kFlw3i|HDW1YwRIg_CBQB48;l~&?%5A#JTAv@{LT=OrJXEh=b_8J!fKbQq zdR*c@bNVVBF=cLyHpOi2N*y*m3a=ke0pQKY{d*vwcP~9&_My3u4V^C@0?p=B0nxAs z0q{gZ*SV5blH6QBC=s5avG`(*0+ou?{E$nm}qkKPkyRWqFElL)E<7WFk(b)Vh| zMi{MLn|qd5Tdf#h*f7IInUj6CV_p5F$V8CJ?`mmD;dA!fNX3Lv+&g>@`MuKgm+s(j zKV@s23XP^Y>DgU@5G=bXq_;X#06KilZubH{WF)v;8cG#EiGf++p)etyt}-S3aA@r2 zz2r8FhW5sN&*q+ z?rA{V)HCn}dyR`;9pD0aHZCMseiF(4px@p(5%**R2nD$m;{#?(%r~h(OnVhu%AL6Z z)v_`^Ecy3g<{8=%U1#cBRcuI{R1MAB^lrsY8qNl360eeZ&!SncC-i{H>4rLE2V7R5 zo74N9RzDODxzw3Ih||o!R(;vS=U}?cB$zpgOYk;ZiTO}(jcM)#?j9(d)j!{ryap#Q z2^gNX&Hl-bHQlXhX7UD)?3)b+Vs{(&tU4cCZIuvhJD#RH)0_Obi4P$JO?k4yWmojmz$DQ*IK5s!9=<7QFgU$tycMg3&r(=iny5des_-& zF4@{GY4;s;!Yd}O3mkL)j=^aaQ>W$Udy_iZN~>Zf(h}a&_Dz^9A*eny)YtEqtv=1jS8>_IFG1)bO8|nW47zT+gV3^a^seVKj#Op^L_JW3n#3zES{W5JD|&zL zl@T)4V|Isv+|?o4;b&9p3Od3{a{Tl%POP}Pu0yBTa`43N;r`?k4_8`!pE$`NC)ie% z6Mk+J0CK|d4!T&i`Ba|K6zcKIFL^M3Ur305n>G7vTDGfj)Aa3ctcN*t`?org`*765 zR}Z!pb-0~PR2EDh?)F)F{>YYhcE;N$6_^2LZ~Oq({`ZX+y{cu&@@Lv{Z#R#Xc$9eSg?#&nbcAws?y2<`=du1FL=RP>ugnQ?e|Ko&zd5Vexqo4?%=y> zUo9L46xeHS%e9;4-}&anw39>-3|95IIkwp8L=*N335lAb=ER@h z=3HpM+Lz1=^^)nznv>6+-ZWRMxA&Q|{uQ}*M#pwM)I1Ya{Isj?@JrjKV%tf%8yII) z&UBhxH!Ysj4lBF5bedh*u(n-2!Sk3>4JnAoSfu3m-XpHG+Av?EQuhr;%E}M+Zis>( zZbDx__72#KF%8=cCT(grbOkvMA-x+RlRJ*xnzqaYh3@bbd)Yd+X87>QDRXwcn_}LB z_@0m~ET897aQtGrk$vh0S2Ld=@cKOYgn2<5z`9covZ1`W2fXvzAJZe{I`8k-lnjZJ z73RtI?#XYzXU$59&mqc8-M1Tm1=}?49Y2p3cHwV5zg+n~5yQ{PF(3#^HV&bV*;ENfAuuox z9(*z1S=a^TdrVLM@%1iC8DWdom^-3_Px@a|PBuTyJ%il-v7*A4x%5ec-vP1Wg4bt$xW9hov2i!MroK6I zJC}mui=k&7V>R!#)zGap_}Vcqvz7v&EN@Sz8V}xn4lt4%;tV{xW};+Lxb}?e%4nvC zX7%C+Z{kipWymD6T60F;iWNqbJEy#V_V%!GdBeGaK2^5(iEK`5;`wJz>o^N*2I1%@ zUGtapf!iy;dr(?9?Rt$_ky--3YSt_VGkXqj=i>V%ffBD<>Kr8}&O8xY?X|ndcBSg6 zUT^1&l{XxB%iisR;kd&q;B}mtb9chg3vJ?ilw7b(7i{5-IGbD39o`2eD^}Z>202_w zGhgv^{L0;4R~B;a_;P%*^8K<9ukBuRP-Xqoe6uJm6R=>4Q~Z>LrW6%_iV+}7alqb~kl}T5)w&!gOWe(aUh@ov@FU+_-ZbmS{wT6~XWEnd@IF z!dOYX-vU==a%Uaz>h1zUYP=2Nb-mwA{yjXgroObQmw`l2++{q|_@;*e6^G};N8`(A z0z`{d))!xvIR>E#%kFs~Cp+DoL}jPAZ~(b{fLrFtD!;Z7KAwfhk}LYSpg#tP2g-k( zQ*k{MIhj><#tFGIRB=1Y;{mrkRTVG2;rIRP%DTen7c?H?&zo~jDpy4X#kHDhn?@*!C1+_IQg8ANtQoLL0;WBC1MoAOkH#+%Elvy~HyCz`u+gH=4P zs^gsZ)&vzJ4tuM#*kF824Y$9+G8B=eSHT{QvBNNp-bfRT@n!(DHn?SP8Ex;FWtuAq z9xJD4*0na|`AO=!j{_Rgo5FZ2_x{+}M_hF@p=K=+K*^16yp>JEFd%5`Zdi4~xiL+U z9~jCVbXMZ{6-*z{fW;0v0*By*w16HHg8|Lc%5LL@;M|=xOPqnD1InOBsZGeZ+l5;G zw>=(dDkDF<*RTf*?u4yr^v`D;#;tCHshV{G*lPFxkG=1Ji|X3;KGQ2OGxVYkP3a81 z>(IN>q>Do@BE5*Tq4(Yqlq$U=MNx;M(o|4U?1+krM#0{K-$7#XlAD|4<>lUYzwgWZ zaOQZ*7{HY(97eS%GnIzu}=#136-0$Stl@ngJ>9H2F`~qG^N(`h;Flg z5~~4J=#bMjax2Bf;B(&9TDdhh(jbc5wSMuE1fv*!tJJL!uTM2q8f+qg7QlXz;X9op z!He8aF?Hr;@$O1&&>2>!nYL{MkBH_T7#V<*`H^B?cVwkrjC$)Y)9-{As^*GRt5oXI zs~^`?OD9Z1nsJQrjO?2nDws_?}0noHhAvtGr+ z6NLwi;JM3XMdh(2SYW$d!>zK|3ZF{rG}v_vpk-flFTC{*lC-_6E+^1g11@rc-GzUN zJNszCo2}kZ@lNw&&hZ|`5;BQQjfn^wylYwPosT6Nv?7D5hMDD936Zwf@2hY4w8de& zZ#LKWr@<#mvaUa=d4Mfer5+Nsuhk<1WglxV-Dp}g>Y%B#ABT|+^_6Y9$GYUr+Q-Jq z_A&`$?2S+hn|kDx*0;+DC(YJf?43p;>`NEtC#~JIaow`Y%F<#SYSwNt*mdznL$qp} zz`mNb@HXkEU4lAV7SYDDQZ0JooR4IT#?MDtYROy{)e3Fb`4j&D|vD&FB0Ms!u zlm;JuG}tfN6K4!p%_vN*>A5jpoow83_*40IW9I}dm}+jNVcOtk2i?eo@&QcohX!t! z)IyDw-2xsiF`st#E|=w{b*m0)h{OR4Z`aB%8In@?J9L_0dGh2iGEl49T*Grpm(k^g z>(-*Sk&U{IX4n;>9RXJ`Jp6yNRJt-agnB=D_{^zJ3_Ajw!!Jc`cxedeEAWP`-$sNP%<^yTc+%&WP?Sq}&uh4i!9} zKc{p8zKgF|R3gj|m-F&zU-VR=)biO!A5Unllq*te>>{*OBcy2&=fZPE-9$zDbsQpO z(>wA)N=QW~=TZ$PfcWAXRkMWjS%{L=#jCFh3~RZHoRh^LN7YXh?3PPEd9dj2;-nKS zQ;2`U!H2?7);;l=akjKpBojWxHJq=SljZ{BsI2v|fnO78N*#gE4$N|Y$|Bx|@t=ev z$Q>M&r#7AMm$-dNO0~H5VB<^G*&F4jr1s2`ZVT{8Hd*Ul8o)#jSr#bL0m%Ij3w5{0 zCZ%j2NL*XbD6WJ=kjkt1T-L4>^uE2tZKz^oY}}$e1H^R8Z{wS(;WifiC|S)tai2p# zx~uRbr#i)&2S1P+7Jbd2ajSEGe5e3Vuk8i(s0#|k7t{?6pG%x^-sHNovJ2wv#Y?^D zaQ>nq#RW1Lx;e56-8?Z>5c`D0Qysx&UIy?2N?>gIG+e@JvUmTdnFF_Pv}d6niJw-i znu*&pk!YHi7!M%tUvW0|dl`8oXU|3Q*^4Gkus2iJhVADnGNdT;^L{KKvC<~ z0{rxij>_9NzC)IEUo&gsDUg`IeEz1kBCv4u0`?Wx%gD-D==C}6TLxu{y{gxwX0^+s zr+Ehf;C}45T%f7sX&J9Ix0@OZ@C&z@7H%(kO zI3DJ}Pq}x;u`;&xY0h2QyF&*_yN7Pci#3^ZPZZ8x;COe}uxTMI;|#*-zM>N{VetwN z^~|MuQq9RLs8^a*d*+vP?{yB^aGuIb6wqlAW3~VOUVKFKNdpl+YO&E!l{EhuRmzx) zrvSFQ@MZy6M>n6yi8Mqf>lBm9(r#N4pz3GjHWe|8c3M(| zgc+YkC{tHH`+?p^MQho3r6j2A%JQStW!X-s6+i6b{pD_{r{B3l2Jbw*OCZP+V10h@ zfjduSSCk!S6AIi{4K=(}cd`zgxasQj;K50r9?o*b1(&?CTf?RrpP$XeSRCVkUJU-8 zB&vGTW4n_w<|my%_e@5g1y|m z!fOucIV@Cg0gv2b-XZ0Cl=jqbr`^Qa7nap4J+e<6;P_!DJ++4`XOPci2zIhe(|E~HM6t<=&*N{qv&ZJkEhev9WB2Hrr$}m-$cb6vfwnX zi!0u=lmG5^epz##x6vaw_9>6=U=J20Uof-UT!-yr<(IR%no-SDa|v-GZvO%RbYH@h zBn3luh&PjA+k2oa9jh_{n}>+zBT}ny+EbAv4oU~MrSrwwEY6TcZYF>edRq1vnV?B} zM06J~B>0x@di6<4{&5`i1V8LFLnT&lCGR;ktrI%3wr}@~6`)JEde;YA*{3p{MAF+8 z?Sv0jr(f8dexc|8%AO*EUn%F%xVi7hBIo&=LS1S*E6;7$JM+c&G#`!U;+t*WS=W^{ zlXprqtB6%%B-Un5F~PTQY44g{NF2G7Z|FOpzun^%0dVZH`>r@6tIb+;gaf}BhQ3Qt zRnUra=b)ZZFgoK_JLt=f+k=_3m@#`l){S;sYv*&cb~Edic+b`^_THKUHg%j&P)D}+dU3WL1;oR_5t7Oqs8Bm<>DQ;*xXU zhQPV#YuVelDN+~QWcn8Iy$W!PL~;p=eh4dCbKbnRDHEraQvpd&s3%Gomg*@J9EJ~d z__$8BK7O4>x9w++Z$Fsqous5CIDRJ8?Hq@MU8zq}@XVvU0qRNHW6`)0oDz2cJJaQ` z30`5(nNroNK4?-BmZOTaFMYy~BVZAjPUmmfb`ijH;i;(!iu*SybF>;8UhK=hsSy1% zRf%!r*}^J`pp+UIwz8ne^D=>}YdB?dzog&H``r6MOz6;C&*Dat)xT4Yy1#R+W9z|9 zGcxTx<|q1-VXK_e4Z9o?E?oUG2l!-Er;iAc>a-}$J#~uCldTsdxFFduTpqu;JN-%e znyAEhgibPxxC~B5q1jHHXBYLssMIdoV3Pu?Qp_lnt2*8-lNrXE!h0c1^BE_brcgQ# zw_vs`gV~a1#tTperwdQ1f9}NZ36o&TuxQj|;=8)0roRbkrAnQa!7ZX86yie47MX|6 zv}v*S_xb1Fq!)N@o?n@^te0=NY>=QXV?o;mSH9$3ueRz4^u4DU(@hsYt6VmhQS%8t zuQX*MC#=OHGHzMf`Z&J}I3pRw4M^miOX6i%OX$op_ph zPXaF~Zw2rzZQCW!eYL6fIeNF;VzS{*E|a7WnpO95wq;+oG_cVtJCZG@H#n0JAz)3F zM7xbq71w}m+)kU|8T8sbB%Jp`P+MYNNE?JK9jpTxWoe343>>u{<%0E)?@=V!TkqM1 z-aPH~p-*?a3mWIRw?c2SLrN>dr$C^?tDDjI(M60&`C0QzUK8wFjz^=!U5=|~xc!HW zcNZY4o}Y|xJ0|YtQ?{FBZ~M~XRW7M3MdHz?#m?n7&5tJ=OBV0Gkt<`i7EleX!{p}j zVBb*F*%g-*4^XaV2Jt64OlI9oV)_0ybYgEiJ)MW!%=M;I->dInZ0Fjy?GK>z%HLXj zG0d{}^D4_-Vh3U7%V-o%VC>ND_L3_B!BQ=ds7_|AKoCZDh|T#8Nm#d9Dd^>!?9&bDN@Q)m z=*x(qg-)ie{>lcMqZ9t%qf);?M!oSjFYXQ?K`!WV6zW9K4!oIJ*_ zYRV>>KE)<^rHzG2i<@k}hvTr8xLTB#p4FIE`rF+df#i#x0x}Ctlu~*t?%7Up=@o7l%63gNM(zbegwweU4R_|})2sGel8BgaL_G9L zHMk*sv3g?XK~g~(n=p@8c)FDyv9RGvyoid5kySRSuu-U9!t;Znqji4C$=4611T5MfWyJ%*Iq~qh zc>DEu?(g-JH^xJE;|EdlxSHK&J5B{^BNF3b(1i5L*-MrAC1twh`K(3A%Xe~)ptS00 z5^zB$cfjaud%Ilw-BwopJy8f7C=L1^8U^JE2pHJ5%xK?cjQxHA@$hng3L(k&P!)zZ zE`7ewoiTu+pWCuoJDtyvL?`CmQ~wAf&?=F!m{#hn88FHz$>Teo&WST!lXOs~*Ib7p z7TTc+R+na0Eim0yS|90Rk0fqQY@$QY<`!-W zw}rv&mXMRn-z&Sh85Ki-u`3IxJqwV)=7kU?mOJY5FUE51EOGi3iGbv%gvGqG%zSYx zX~6=I5AWEHY*CdMnR|Zcc$?-aj_cud^ZZ`7q2x~M?{3}li@kVzPa4&?v)i+O>xYtE z^c`*XTUSc$S6wFZdQKm5Jgav|*@^HWEkWb~bdy>inzVb&t`RWU-GNl=e(QVfO@a6$ zHQCWbfs)IJD!+cOcP%W;VfcQ_vG#% z8j@TFhOqT6qYTq=HSQILYY0qT9x2{CKkuHK2w=RKKZz$352qEFDwlB~-CQ!qOSxTp z$Bm^+m)=b^$Ak@-XdGIQoLVmwjDQmNtMcm2I-A|6KjemFM@t$dwu}d1~*{Jl^ z)M`QMrr3)2y6N4(nU>1ngAgS00%0^ozs6QGU2YG>3=oIXX7EIWCa+}QXWew2x^sb{ z?fRG?to!~Ow7`+L0$=WH@t?Wht(NY!9$!sLPkg|);}O7^5_tx+x>Ts0T)Ws)1&~Bz9rSpxkdc>v-I0D({Iz`SW)wA`kV2}o3^k{O3d7uf+~t&_>zC zi&WOlQ!DMXs;G_=otJc+>r6HWLVT8|LujSiEh;A*{5y_a6W%}Our(mZ?yBBLjOH-j ze)sYdKkqYlO_8oDTJPTR+Z~IvkUV)M7K(%br;yiLSm!2oPPS+-dUX@j_~IcrGd*)2 z3;cBeh9`I1za2{15fUN2?`h4R_=QJJTdc5xx;0d$*EMahCSgr>nLUDi9{e_t$t}aQ{7YTa=jF(x}B*}gEOl5TPuyXS;l~cac z!SZZ|b^}-1UTQSiYcYUNuk-6nv&1a77TyzB8$s*wNtPO1UqNO#LMyn zEIX*?-jlYpZe&`4T$>>0rsJa|s{B~4)hx>+t{l$Z1Nu@y7x!&pW35%xs_!n%3-kIM z$FrNA^s#a$s}%|Q(F1*|{h@St&c4I1lB;oBn6qsr6BdM6oD=Gw)CF=?QQ46b1{G{m zI110AMxnx3{A*Dz%o8mwj9f3J&CHB>OsPrem2u}H5882cX?>N ztjwFvHg3qzU3)wxAf9Jvr?@*eH2&%uwBGJQp5L3#@K6#^Yfgb5Xd;}0?p#TKhPH^< z#+ZY82S5+oqavJgZBy9pQqMjA|ym=j83nb~ zZf?D!KxEo4(#Yg%h7vGZk=9;ZwsEPg=v?(kEIfF`COIIUyMkR@Ds-FVyH|~;ue_;2 z$eh`9Hn-*Qc*4$@k1e#KqrGE@mokUk0I0pi^%_8kQb|Nh1PI$X<~euU6^ZWOu2eVc z(^uqL4mdQ)={_wEMY0TBgorTKhyq?p0*4v7r`B0dEZ-Z$dywOHQmRIDs|+gBXkE!`3w-fhi_hPiNssgm;D=SK)ZQbW zD4QdhY`jK9axDhe)bA1*-Kuo=s`2xhk=ofBkK^Qh7>~T_RA=5qQqJ>Kpv=+QLd5$w z@8BONZ!!CD;HD_7+d#)XqSw1xd3v?XN$bp6)nPUUy1OH`bqHDeDyCv|{`lk*BHoHi zM^G5rBHf9xZsmt?%XHtaVo$Z7TJ{L?s#q10!^P-&*nGO3#(AJ?Mr7;}8~-c{dG<(mcYY98JlmtI^D)GIhqc{|`jNDK9d8t6c!=m-> z^sd0-5N&wL(@J%FTE)k?;PIGom9FA8NS;u^*Kr9o&j*nT z%5mrzDg?WBOK`izyxicCIGx)s7oO5kDoo4@;L6F+19#PV=9aA~jQIzs(dW|BTQ+%= zX>Z+{cVd+Nu|3@ye&6hf$E|H_J6}Kb^FK`DNxPophL^3N!-Z(WINQ!glNW(yHZ*@eU$JNE6waW}-hb?w9e{HcpoES-S9 z{y0)?Vwe(V(PJ3CFM5e2gHK&R2$x1ZZrJh>ilWduwD8git@A`M|G+X$ z3Y$W>mX>6NkfLA5%ao`^z#c?6#*c{hu>&W(% zAkSP0ItAT@*rL+oVGgH51_E>&WX|=guxzvEMDv;=WQ0(( zL9xZu0E$UF_Edbzp)RB#n(GB@dTNaUW!E}FvvzALW#l{Wc=v3zQf ze{Rm4XybG3Y;t3ekTX%})>(Ea!)J|_BBTI|;KKNY61O0eX30q*9xAD${e~*Ys{`f}jhSkX zg^xYZz4nmE7RcdiuDV~rLfs6;R3BJB=b1%QH5;*R3Jn`bP#G8AvYT=6*rH8{{x+9f zfz5_i2?$#kGpmRdN)w=2%K#F(bU)c1fJB6R;fmr>5Du>9xFIZjQ_FfsZtfz(C;F%! zp(@21sUNyEdqyi>BF`lqvE^-%^tQ!)@go@nr2WiZdpmx zgyB{$_EioQKWLEw!qG}JT(Q&PL(yKI+@g$oPLBvGGDO73)Ut9Frba8L<}~>1Be*aF z%H&?2nOkyM#Q02_dqpCfa%o-+MLt1pFTY*vOG^H6JF9K767ummC23`4c9q#?g?eRh zf!ydFGZhzAV40mIHKS$wcUOK&}lnMu7t5)fzi6qPN zO?;hIl;QkwboC-ByYpU-(?b!|0eZl74(Q9`QB5H>hAL=DYkgGmn^f6T!!D(3JtusW zeK5ze(8a<>;Je27jK_H|S5SFJQ=I{U=v=hZBtOlF|Db)rp;XCLpiv9~Krnf`4&^6OFr!35~*wl|3IT z7a|&M>RT?&wM3ZfHypP=&2u#1gPn0cUlEC4wIBtt& z)xLPv5+&>s{@QGBI>t7>2&qMsV0LTIPH%6{S9MUJJ2`XgyR7L#lB#y%PX-fgsIv8)^Tx*5bBv7W{9D!RM>+6~S8a|J!@Q$1XV+B_!$+E!)5Ru#W= zh3J1GLa5EVTDFjvTDbK4PamWsGRiIh>QbJOeRDPrDz^UJT!MzS>I(UB@V*nx%}s(v zVGi`dNtrEzZI~L4{erx9l%t?bi~KNfXrH8O#=#|{V^2yub&3u(9@@LxCUmkO&hGm0 zi8^)BZu#`7mhh(o+XvD%3H2V8+b*rszt@NJ)yKh|&||el4V&CFkNa3sp0@2dWU@O& zXG(BjX6iUZ*vxF~_)yJ2#)%#$olfP&i?Js)}UP13-jv6FqcrqIzfb2p==r#`#^c^3S~IM5^ePY#zk%UD;9 z**RPB+Euq0n6pu)_8#TMv78Wp@tDg&6lqu3^F*)}8mX4`iB_^$%LIi1`Q#U4DMh)p z0!#IlWYq4bL;V)9va0RzJQS|6lTXt|&x$td(sI{~;NE#9?FnNB3*FDVwAtPa4=|2> zOl}m54}eUcwD?S`4q`H}ciQ!MiwED?=(IB4&lM-CJY-gfX#kwFOXP070?%AlJvpWw;Gbt$GVJ$~-5>dypH)CpX$i5U`w-|LydFzB*)PzcF z|Kx&y)T`in@pC%C;>yHE)7ko^<%xF0Gc*{-=cf(IpjUmsvj?uqw+i-?K$9y=z>?#3b8Bh`0IG>ZAOcu$|Kh*Mp=M++Fj zc{Z>uzcNNdR;E|BzekqCjrn@-4e?t`vZc=K*JU2{%ZSMi@0p6e1bWSX-*$e^4W2pM zy--y(j2%3yETS|+8^$hoD${K#XWEExtUa0PW>yzX)=oF+MVU^>K|H;K30}@J_C!d% z$h)kWyd1&cl#c9nbGsyqPPa zpL0vybV8uI)VUA6S>9o5^I+2(+uKt{{eI&yPUq0VZ!MD4+3s=GWN6x+MQc0Xx_S$1 zm38}E?vbMAw=Bg}`Tc0rPoLJ9`&sHNWQ7%k~*?jP>`|Z?qwdi zf{5_EsW!6}%U7<)!{5A58T$T{QE|)Rx~I28kK&K5+_AYS+!rt1SosbcgI9dNC;D|+ z9u&)3L#vkP9iWx^9b0QOyO+oj!MVjWKtU-zK_tClOJekl_00@Xwt=Y(d1etLL^|JN zF-`RCxV_5)btCDThMGqc`QQr1;$exkYFT-) z8&aUYjCQn%-Nn7ndy!YIS+rrN1Lnz6<@u;U!>vbbM|6%9p^1+x62)YoN>!`Jw6GZV zm!p)JvZME-pdg3plg#{O?|?Mzf-E;aAH4H;`f#?|9bZ8fC3jkIhUD|ibcEtm{%Drs zs{l8+TI!lnw%XdTdikt5^W$Z|)(q8La|E>70|B{hSeJ#p!8XojchgJlY&E)uW~Rr& zt_(Frs>u_%ua?VcX~IL&%kbav1U~k7xmlg4Up~;XuXTXv>=Pe<*msz)IDg5PE5&}? zEYs6hy^wK!eyG}auDGSvOkTIC3y;nwznnG6t!O74-ITh_^4=r-3HvDJ^-G&2w%5$f zE)tG7tiEtkT`4f{cqPrFihB8C)!E!YqGAUdkYSi8Dp`qJEA-_{>J6h8#Fswz_#K6-=ybYjtH z2i696jB9Pka>pGpndd_#dbhNX333=mHAWk&CEkA7w=@)z%KhkEf|J)BDXW8@Uc?CU zcw<{H1ig`xj|{?JuvuBNcwHJ!3V$85zo3ij>dU9`O{Ie?gJ(a*Y!zR+aQf2)X=r`> zaV6er9mL{nM#;nl1g91R-0}yF%@gN!4cv3pH@wGq+?eD8%W@X$J2uUJFHU;I`qj&A z+w!^b&TOwZPfa42`Fo!Qt(BYK_q(@4!iuUoqp6wV!r+j2Y(kq$Exk`tIxTpMkfJ)2 zgfeX0I?Ga0eJH<{ruG74?<4Q}aPE{iD$~d@%VbyqNMGoiQ z?o$2PK*YE`|Am^qEYmU>BpX&Z$;-J(ty|NRjCIG(kDfaAAzGTcD?WZ%u|^j^_km zb}h7?J2YT;L1aOw;&F&c#pJ|=t+u*MPaFyAX9h2X-LRB;l(|jyVn}l29aghqIvC~- zZnpDreU$^ri<)Mc82>SNr?eHDq@oJ+6xz*2EuK?`nRCm-+c_MflqI`VBCC-4BiX)E z-OQJ3aWH^Z!=Epy=PA%TGeC6zGds*hIZkpNMYqDM=C<7bXf>qHJ_=}IgP9CHbkKoytT zq>M2QjAeOrgx(L1$!k*^>OF4P^)O~MQ0mK7t=_|?8NygC%~3QxY)PTQxdwK+T!)LR zIQ6DNR={3-!K35+TYb5-rX22n&)>bQ;Kd3I;}r3v3pI5d3WJYxPxk;*gI0SjiF&I9Rd z)Ar7S@()KnPZ^XqjXfA)2V&9}{et<-qzQ5n7TreA8Oo~O4vvc1V#4qm5#?>P}EO$G3=5fO5_n1XM^1jbUbo8!Nhek9C7&hZ1DFB0M>v3wM6uF3R4%m zH)F<(Z>;7Oy9fzOenPW53zJO0nVr2+nzGx^WZ{|f);{{@Wy{I~x9*LRLTEdLdil{VDB zlEVK?{kzJ5kzeHYx_BS-_4oAu+x^SGzKwq?hkrx+|DOJrp@6~Oe-{58^#7vpxBmaF zX8X&YZRmenU<)t?0AI>tzf7P0;z9k=edG(3@a1&Jmxp)1n3BKPQNFx<@g*zZ3!V1m z`o%B7W?$-azR0aJv0*a&L3TiAEMHSftbecP2_U|Zg}}(chrOEHpYfawkhmDK|Ly^& zjDs(}Q2C@mCoSHiwLwpeWsjJZ$r-utY?)tFnA)#(oVK87ayV=1@wnN_0kl)xu*6Kv z_~j`D#tK>oiU?*Q!V=72c-lT37LFu>>!!Xe@YrZvF$4woN5I2~NK`e(*T0~SIdOkJ z3=R(pL8D}_XtXo{MTb|Suuv!l4eUcfyK?i17%;gu;0Q8X!L7ddBVCeSEAuq7Clbo=LR#-QmdX9m$M zTt>17a<6akz>!X3fZV%XZdiEgCFcWAXj%xyRmt4294aM{&D`C1!Wg2SjaVQGUVBE3 zgEZ!`7xmG^rwY8%z0`GA!I>b{dX;Ycn@K+5n{5Bu+}qK6lD&h4%Nl;4Y; zqaOisKHj^IyN|ys74yXdBQb!zH)75#7*lf~aC2-nyJq%uy^OnLfi$n*@Lf9U>?BB!DxyEoX&KOn$8NcL|7 z@PDi6zvlaIX#d}{|KyYuWdFhbQw05gQvMw^^UeR~K6k(0%+A?uzxQva_|4bvkOMqCmZ_SOGi27B11TLJTADbJHOfFNG6VdD7#wrGjQ!LWPft|D5m`1Awf zB7*|Gf+Ly39q<5Om|3>@J^;c@qZL>I`;+}r%`y`m3y_ff9E)a)Lzb0+r4EN%T5DP$ zT8(@egT2{#O=kOxE!&T2A!-^k@Q@RH5JbeJMfCBhu$j2NxR$x*=F4qBM7fT6Si-q9 zK1STw^VZ5v%doPCx75%LMS%DWH;qtR6F)3v5HEW|cLto@cgbGu4hYx3k*?rF{SNZIevnz!7!T!_!G3?h_VEH*QZ4_IO@El6N^B zL@aYmCss-f8mnX)i8oprmYSaE+kXQfgv{S|F65qlG7h9@1wRnC=G7|r#26ZU_2_)C z(u?!<&k2-k>48)AMBaXWF9%hJDb(k>=A<`-wFT#L`a9@RcKVL2!H}hsQ>L{zoXHKR zIL8qtE}z#5MD>0uiRxrC7kb+?s9u;Q5+HOkl5qGuMlx&-plyL(X0JAbAm%LZ7-d?) z^JGby(CnBJWeWk<$cV=f0OwWZnv5}7xDSWHSDaH^~~g0hA7%dL%X*<7E~a5kF6B z!It1K)P=perT zxG!}Ct7^Apt}KvL)F*pr8vvy;#Nko#pB^@@jXL3qISfhGIF8#;3Q%(KNaI*}2BBj~^XyhHxBl*!iQc9_HeR7x-=dwlnME4SWLawV-fm7s&U36<-`~#LwMBwM=*gvX!!0*_>LXAC zXKxYp$9S&I+#ntJSO}ZCYvo6+*@Pz(POLrax+(mrLC>T|&iCLOW(S4t3Lj3rQnDeg z=m{GD4Y?qBUalRtl*m)QG^@#K;Ld9Pe?;qz{1y#MgLNMwu<>Q0{Tp%|wGZecOeU$y9-@2Mws?{J)tF~v%dVeod2NyO%<%;p zPK;OZpH~p%VuVT@!jV2Fs23btEbD2U;(s#^p2SRsm|YRXs)+8w&sgSgQRwRCoT0E+%t3(wM$u49n!SMJehChdU& zof9Iu*igi+7&Fbm{bs{N16!Dv?tw(D%wj(M1tYoXF4?EV#r7cC{nylQoW8+)p>F_D z{XT5!=ADlm7;x*xx^vsF$_);%0tf)yL5k$0X0N) zZS(j;_Me}tZ>XC)=)^mCudDO^0B119Oz_@-uP(lW1N_z_Xn>x*HxdQ!b@uS^_VW&j z*y|ZAM1f5ilV&y*ExPA#f`as8QCA#{N#@keLr`1`Nl29x-@dxU^LA^rgy>D}G^Y=6A6)1ZJ{W3l8P zKI@ILQA%rP-_Z2}{M0r-l^$gE+Y8zhC6Pu=6dkw};5LwCX>+wca42 zA!I|p5ceQI z_Ykt~fdF6sp!F_F-n#WysC^|W5&$-dJNVAe>4K4&g28?)N>(S!i~c$@-%3CZ2fMC+ z_>X;1L*(aJ01N$(C5d+T4R-&vBL0%9e}KE+F9=F(+sI&>#K!N}F8GUFFl2J{KekLX z7QFdmdwGQVxqb!fPd#V7I@e44BNsnhd~MQ=u)-STuXPT>Q3LFdzf8E^LO-H%qxVSp zy8C&Cc#*f0DIjUGv@{t^6yoI`8|K}I+Lq`t&2WsD_gRlkrB-ojLN&2hM*adc> zue|+A_xeU*ov$CL@N1AIWq#shgGsPUdk2U7a}K`I`GJPG26-dPZ-x8En)vp{w_mW_ z>t*=LG1=dP?Bed}?dRw1=eho$uyqXo)8c<4;qK@58+9O{1|oBVzu%~cZ?t~N&N^+7 zksoT~kMXl!sb6{8sL@|%Z=?19dHn>rhlB?Ckwg7{5bD2d;^0u1U{G!NdH&FTp!D%` z6aBG-(d)Gqjs1bjxyD=RA~D9FUbq`A3SSy{QXv{YJJT2oWAy1F_tGIICs-A+zUo}QkGiHQ*r z5#Y?;@8%W#{AnL^zMpb};5Oau*4#ZrDgXg?c?Tq^K zWCT=!M~G_xfK{jC#d;ic?IB*B4SvF`3lG`nhkC5|mzo~!u-3%l@ECi5kc5lE1H^11 z3lfuzGjT#E7onMOs3QO~yvo%DpBm@Bg9TG#U+de(1ZTov&=_VHCQ_;sVPKGOGR+l7 zI19#Nz#eF}*?~dibosl*Z&gdKDFl|mv3 z!!qCey)2DRtPae+1)=u)X2LN5$t=NR2@usmfTMh^3@ii%8Fi1R(lp`bI1cdv?W%=b z-NF}#-{hi>9yO)N`!C;W@)@BYp(bEA8TB^K*6NFP+D`U*UncysG2HLg`)?%pgZTII z_5-6g{R!-^XZ^eQUmp|x*YTgMjGQ94|LgDh|KDi1zv$67{4@VL{z34AA^=1_2zwCx zpdbK|58@vb2O#)C5%533Kl3{NtG?kMg#8BomA4PPvXGF43+V5YPnF>(^+ir#6XPXF zO`Dh%Q{6BWu7UI1y>w-0;&$r2RI>W~=~C!pxg+%x$(&aiu#aIT>bu}bjQJj&y4AI7jjzyJwT0L92(iDT2GnJj`7r)`(yp|0rvS+fl>2iZvtx@H1dH7!{2L34i z{r9{7S@{1h{uLBueu;k>@Ydh>|BEpGTVyuyulyVOAH+N;1vUT=3IY)SKUx8x=HCzj ze@6eW=LsO5f7AczT2I&Yzq|$lTJ>UG|C0mgtjk!I+MsX|zRgL_vj!B25`@+;HFqg$ zMyTqeEhUe>1X*y)$ocMB-zUMC2s{1IXVhn$Ow3GJfQbO29`2#a%#2|&wRd#d?nual zC!)~+h6v!`cq|r=AvKub0la-sVW_1#3d_Vqa<#5FuDY9mIXXP3iXt)-I|@R!hi%7M zWA{W3p_x(b=1dq=PA1@pazu1aYh2L4Vc<-yS1NHam{tH=iNvTcm!~}}vH@U|#|1md zQ~_3`h~s!?^=Jw~P^+%9rshn>*8jj=R(}xx``z8Vo&T%=_&xovAglCC{L9JwJ^%Y# zu>H%PeZ&8+>3sKKfS6rz7@|F#35@{Yju9jbzyim5IJj!bBl2Qw<07OZ zuyB@={9If$!hs0K=qI?>!0V6*W;|0I;DK&H6ZWH+@GLCBdHqR)Cs2sqK88&Mz6Te| zgzI&jF?jIM?crk`6;{}H&tI&pzI^ri6&nQff${0{_iJAOSmOUpdnx}Q{sV&C!@S+Y z|J)GZck!?EOZ>~qtjGWT+y4K{VE#`DZQx(^SM~n}>^H{$pdi>7_Ww8w0OEgR{11wN zKZF1EJORY#Z~8xfL;r_pr2U}(X`ue+iN%~*HNZb8o*9LT`EHNI=vb6YL%HznB>a5L zsJ)KeNmHSit6QoA$tI5yQ$}e40GFpeAENC!xIU}BowIq zu~|68VYqX0RZSRyfTMRLk?=+uB^t>90-ls|0>!{#BPvdw9%ezdPsSaDGdmaSmL5jM z46?xO5Jo6u%E{|Djq=fvcr>ne@Y2qpJY?enkqJ)nX;vM4{nm$Y7?G|^rY=zHH}xOr ztR2ankat|*F@j%m8=+@#$@$zG@2b_$VY5!s z-2W#lqa>s7H~xRK;r^nB-}L`K%>RL~2cZtm0)mlUpU_%7_ zN&Iiv|Bt@m|5xpQp75lRz$U?^QcWc6UQ~U zxfTTMpnK=gEm4HJ>TG%q0o62Yi69|Sc* zy%%WCF)E$t#RrqTh;f%xvB4eptv-G-?f(2lFV%#L+F3Q6fMykQY|I@=2krlIG~_=3 z>c84!{viIrb!~8+`p>EV-^aiFFZDm@|3T?*{Qqi${lz!G>HmMQ|3UnN;NQ^pApSR| z{Xy7+A^?;KpcDWn0yf6~pcU}v^#8j3|KOYb-)>2UZp{C^TfiQ8@kQ}A&Oibgu7T7( zOJU%#$xwp(P6$46_`~$(6vdJ1z?sb?Px`<@Km`l-%uR@h5IPA#bC#Cy)>2nO5X}G* z6M$qvyP&ZM763y^1qg^-QUTnD$zgB2A^{VIgjdQm+J-eUyEMX)5k8ejB7!NOZlH)} zF^lj+9eW&{F`Mh~E7npl{Q-bJ87dRtgfgO1lu>b=sN zfBlZC#R}W7|FL|^x$zla@xMO)PXzZ>|L6MH`J?y`_YQIO3iEbz_y6zD0{o8sFC)M1 z^W|sr|FYm_u)p#D7eoD5$!*|23E%?8z~h*5!1NbzZ~xbnyntg4XU8q^qO-!MUQqUg zax(3Jfr0?o3KSg|4y@&aumDQl%sj$KMIB~EQ|7ITSO5h8QozBoEj)_It#()d2Kc4% z`c?97F-0rVK(MdxSA+oIvCpsPKiBgF=l>VBVK>fy`hxR+73r_H0SDT@&i{eye-h8( z3FYUHMu(min@bICUhODa8{Myd?&YoVA z?qdUk8vVyl4)!A;5QNGwgc(4M0ECeX7smnSi&qGju3VT^!%ogaP|BC@jGe!80nH8E zT7oPimll-!u`eK8%V-Fi1%4aGjp9M`*|KOOosmefs2NE0NW6L`!fKv2nveh?k=XRA zD$Yi2fyvXzc`gY!n9&!DUJ+@-626C0wuBOD0wNZxZj!oE^(X;8A~aS(?G;HvJtSGJ zVC3m=oLZ)#?Q)N&zOzvomNz%VI{~met$2VYp*dTlK6SVuG14x(X z6XAkLp0(x5l&KM!XXdD|twkoa*_JTNH+u;(Z^MQydZ}C;7Xak1+7A0(_#hxGY`)XG zp09qq>S3{C*b{fW)LhkrQnzC7r82LhO-tpT=>+J1uwedGwEp!s|B(C-@($j=S81=M zrLM_d@LStp{d=e7`nQ?I`nQ$Y-rv|2@;mbXAN~KxD#*+Heg6NiZ|q;8xFP=`00f|a zJIuc!rT_N-^DDLW|K6=Xg8vP(FZino2<`>@Z|?&69sJA4$^3HsC%e8R{P+CtzoEPR z!v6D+EBoRx{l&2SESR@Z@kyxzEqhKrhiq1Zi0lN7KgG~8fG7wcusEG?0K=-9e9YqL zj8XMvUdJ3>?Y+FJ#?sD_fVj0y*Ij@@V>6G36L@$vEJUpKv5F~!1b^NBL;lSEU~~f|{LEotQ+tdNsuc z%tBv(LTtvUKZWZoD0RS~fl$gyK{#mtL9a1SXH?;}wB1=gNYbi?d50sI4i8NccTr(* zHj6J(Ex9y17?R>TGQ`l1@5b`FomFp~9)Xp;_2`v0y)E_jg zdOLxUnVIjz0iSq|FX7Yq{yx0=z|+E{<9e3hqlSbgrbkER+yB~rNT_QSO6UOeu1VAFgu!R3>N(_k1+r$d$ -#include -#include -#include -#include -#include -#include -#include "cfSimpleGet.h" - -#define MAX_PATH_LEN 256 -#define MAX_URL_LEN 1024 -#define MAX_THREADS 100 - -#define DEBUG_PRINT 0 -#if DEBUG_PRINT -#define dprintf(args...) printf(args) -#else -#define dprintf(args...) -#endif - -/* - * Until Radar 2731877 (CFURLCreateWithBytes chokes on '|') is fixed, we skip the - * fetching of anything with that character. - */ -#define SKIP_MULTI_QUERIES 1 - -/* - * List of servers known to NOT support SSL; if images from these servers are - * needed, get them via http:. - */ -static const char *nonSslSites[] = { - "cover2.cduniverse.com", - "a248.e.akamai.net", - NULL -}; - -/* return nonzero if specified host is in nonSslSites */ -static int isHostNonSsl( - const char *host) -{ - const char **nss = nonSslSites; - while(*nss != NULL) { - if(!strcmp(*nss, host)) { - return 1; - } - nss++; - } - return 0; -} - -/* - * Used to force single-threaded access to URLSimpleDownload. - */ -static Mutex urlLock; - -static void urlThreadLock() -{ - urlLock.lock(); -} - -static void urlThreadUnlock() -{ - urlLock.unlock(); -} - -/* - * Parameters for one thread, which fetches the contents of one URL (in this - * case, an image source). - */ -typedef struct { - /* in */ - const char *host; - char path[MAX_PATH_LEN]; - bool isSsl; - bool useCfNet; - int singleThread; - int quiet; - pthread_t pthr; - unsigned threadNum; - - /* out */ - OSStatus ortn; - unsigned bytesRead; -} ThreadParams; - -static void usage(char **argv) -{ - printf("%s hostname path [options]\n", argv[0]); - printf("Options:\n"); - printf(" u (URLAccess; default is CFNetwork)\n"); - printf(" s connect via SSL\n"); - printf(" t single thread access to URLSimpleDownload\n"); - printf(" q quiet\n"); - exit(1); -} - -static void printUrl( - const char *host, - const char *path, - int isSsl) -{ - if(isSsl) { - printf("https://%s%s", host, path); - } - else { - printf("http://%s%s", host, path); - } -} - -/* - * Given a hostname, path, and SSL flag, fetch the data, optionally - * returning it in the form of a CFDataRef. - */ -static OSStatus fetchUrl( - const char *host, - const char *path, - bool isSsl, - bool useCfNet, - int singleThread, - unsigned *bytesRead, // RETURNED, always - CFDataRef *cfData) // optional, RETURNED -{ - char url[MAX_URL_LEN]; - char *scheme; - OSStatus ortn; - - *bytesRead = 0; - if(isSsl) { - scheme = "https://"; - } - else { - scheme = "http://"; - } - sprintf(url, "%s%s%s", scheme, host, path); - if(singleThread) { - urlThreadLock(); - } - if(useCfNet) { - CFDataRef cd = cfSimpleGet(url); - if(cd) { - /* always report this */ - *bytesRead = CFDataGetLength(cd); - if(cfData) { - /* optional */ - *cfData = cd; - } - else { - /* caller doesn't want */ - CFRelease(cd); - } - ortn = noErr; - } - else { - printf("implied ioErr from cfnet\n"); - ortn = ioErr; - } - } - else { - /* original URLAccess mechanism */ - - Handle h = NewHandle(0); - ortn = URLSimpleDownload(url, - NULL, - h, - 0, //kURLDisplayProgressFlag, - NULL, //eventCallback, - NULL); // userContext - *bytesRead = GetHandleSize(h); - if((cfData != NULL) && (ortn == noErr)) { - CFDataRef cd = CFDataCreate(NULL, (UInt8 *)*h, *bytesRead); - *cfData = cd; - } - if(ortn) { - printf("%d returned from URLSimpleDownload\n", (int)ortn); - } - DisposeHandle(h); - } - if(singleThread) { - urlThreadUnlock(); - } - dprintf("...read %d bytes from %s\n", (int)(*bytesRead), url); - return ortn; -} - -/* - * Main pthread body, fetches source for one image. - */ -static void *imageThread(void *arg) -{ - ThreadParams *params = (ThreadParams *)arg; - - params->ortn = fetchUrl(params->host, - params->path, - params->isSsl, - params->useCfNet, - params->singleThread, - ¶ms->bytesRead, - NULL); // don't want the data - pthread_exit(NULL); - /* NOT REACHED */ - return NULL; -} - -/* - * Given a Handle supposedly associated with a page of HTML, do an el-cheapo parse - * of the HTML looking for IMG SRC tags. Fork off a thread for each image. Wait for - * each thread to complete. Returns total number of errors of any kind found. - */ -static int fetchImages( - CFDataRef cfData, - const char *host, - const char *origPath, - int isSsl, - bool useCfNet, - int singleThread, - int quiet) -{ - char *mungedHtml; - Size mungedLen; - char *cp; - char *imageNameStart; - char *imageNameEnd; - unsigned imageNameLen; - ThreadParams *params = NULL; // big array - ThreadParams *thisThread; - unsigned threadDex; - int prtn; - unsigned numThreads = 0; // valid entries in params[] - int totalErrors = 0; - char *basePath = NULL; - - /* - * If the original path ends in '/', use it as basePath. - * Else strip off trailing component. - */ - unsigned origPathLen = strlen(origPath); - basePath = strdup(origPath); - if(origPath[origPathLen - 1] != '/') { - /* trim */ - unsigned basePathLen = origPathLen; - for(char *cp=basePath + origPathLen - 1; cp > basePath; cp--) { - basePathLen--; - if(*cp == '/') { - /* found the last one - string ends here */ - cp[1] = '\0'; - break; - } - } - } - /* re-alloc the raw source as a NULL-terminated C string for easy str-based - * parsing */ - mungedLen = CFDataGetLength(cfData); - if(mungedLen == 0) { - printf("***size() of main page is zero!\n"); - return 0; - } - mungedLen++; - mungedHtml = (char *)malloc(mungedLen); - memmove(mungedHtml, CFDataGetBytePtr(cfData), mungedLen-1); - mungedHtml[mungedLen - 1] = '\0'; - - /* create a ThreadParams array big enough for most purposes */ - params = (ThreadParams *)malloc(sizeof(ThreadParams) * MAX_THREADS); - - /* start of el cheapo parse. Upper-case all "img src" into "IMG SRC". */ - for(;;) { - cp = strstr(mungedHtml, "img src"); - if(cp == NULL) { - break; - } - memmove(cp, "IMG SRC", 7); - cp += 7; - } - - /* convert all '\' to '/' - some URLs (e.g. from cduniverse.com) out there - * use the backslash, but CF's URL can't deal with it */ - for(;;) { - cp = strchr(mungedHtml, '\\'); - if(cp == NULL) { - break; - } - *cp = '/'; - } - - /* search for "IMG SRC", fork off thread to fetch each one's image */ - cp = mungedHtml; - for(;;) { - cp = strstr(cp, "IMG SRC="); - if(cp == NULL) { - break; - } - - /* get ptr to start of image file name */ - cp += 8; - if(*cp == '"') { - /* e.g., */ - imageNameStart = ++cp; - imageNameEnd = strchr(imageNameStart, '"'); - } - else { - /* e.g., */ - char *nextSpace; - imageNameStart = cp; - imageNameEnd = strchr(imageNameStart, '>'); - nextSpace = strchr(imageNameStart, ' '); - if((imageNameEnd == NULL) || (imageNameEnd > nextSpace)) { - imageNameEnd = nextSpace; - } - } - if(imageNameEnd == NULL) { - printf("***Bad HTML - missing quote/bracket after image file name\n"); - continue; - } - cp = imageNameEnd; - - /* fill in a ThreadParams */ - thisThread = ¶ms[numThreads]; - thisThread->host = host; - thisThread->isSsl = isSsl; - thisThread->useCfNet = useCfNet; - thisThread->singleThread = singleThread; - thisThread->threadNum = numThreads; - thisThread->quiet = quiet; - thisThread->ortn = -1; - - /* path may be relative to basePath or a fully qualified URL */ - imageNameLen = imageNameEnd - imageNameStart; - if(imageNameStart[0] == '/') { - /* absolute path, use as is */ - memmove(thisThread->path, imageNameStart, imageNameLen); - thisThread->path[imageNameLen] = '\0'; - } - else if(strncmp(imageNameStart, "http", 4) == 0) { - /* skip "http://" or "https://"; host name goes from after - * tha until next '/' */ - const char *hostStart = strstr(imageNameStart, "//"); - if((hostStart == NULL) || (hostStart > (imageNameEnd-2))) { - /* hmmm...punt */ - continue; - } - hostStart += 2; - const char *hostEnd = strchr(hostStart, '/'); - if(hostEnd >= imageNameEnd) { - /* punt */ - continue; - } - /* we're gonna leak this host string for now */ - unsigned hostLen = hostEnd - hostStart; - char *hostStr = (char *)malloc(hostLen + 1); - memmove(hostStr, hostStart, hostLen); - hostStr[hostLen] = '\0'; - thisThread->host = (const char *)hostStr; - /* remainder is path */ - /* FIXME - may have to deal with port number, currently in host string */ - memmove(thisThread->path, hostEnd, imageNameEnd-hostEnd); - thisThread->path[imageNameEnd-hostEnd] = '\0'; - - if(isSsl && isHostNonSsl(hostStr)) { - /* some sites, e.g., cdu1.cduniverse.com, reference images - * which are NOT available via SSL */ - thisThread->isSsl = 0; - } - } - else { - /* path := basePath | relativePath */ - unsigned basePathLen = strlen(basePath); - memmove(thisThread->path, basePath, basePathLen); - memmove(thisThread->path + basePathLen, imageNameStart, imageNameLen); - thisThread->path[basePathLen + imageNameLen] = '\0'; - } - - #if SKIP_MULTI_QUERIES - if(strchr(thisThread->path, '|')) { - /* CFURLCreateWithBytes will choke, so will URLSimpleDownload */ - continue; - } - #endif - - /* fork off a thread to fetch it */ - if(!quiet) { - printf(" "); - printUrl(thisThread->host, thisThread->path, thisThread->isSsl); - printf(": thread %u : forking imageThread\n", - thisThread->threadNum); - } - prtn = pthread_create(&thisThread->pthr, - NULL, - imageThread, - thisThread); - if(prtn) { - printf("***Error creating pthread (%d)\n", prtn); - totalErrors++; - break; - } - numThreads++; - if(numThreads == MAX_THREADS) { - /* OK, that's enough */ - break; - } - } - free(mungedHtml); - - /* wait for each thread to complete */ - if(!quiet) { - printf(" waiting for image threads to complete...\n"); - } - for(threadDex=0; threadDexpthr, &status); - if(prtn) { - printf("***pthread_join returned %d, aborting\n", prtn); - totalErrors++; - break; - } - if(!quiet || thisThread->ortn) { - printf(" "); - printUrl(thisThread->host, thisThread->path, thisThread->isSsl); - printf(": thread %u : fetch result %d, read %d bytes\n", - thisThread->threadNum, - (int)thisThread->ortn, thisThread->bytesRead); - } - if(thisThread->ortn) { - totalErrors++; - } - } - free(params); - return totalErrors; -} - -int main(int argc, char **argv) -{ - bool isSsl = false; - bool useCfNet = true; - int singleThread = 0; - int quiet = 0; - OSStatus ortn; - int arg; - CFDataRef cfData; - char *host; - char *path; - int ourRtn = 0; - - if(argc < 3) { - usage(argv); - } - host = argv[1]; - path = argv[2]; - for(arg=3; arg 1) ? "errors" : "error", host); - } - return ourRtn; -} diff --git a/SecurityTests/clxutils/userTrustTest/Makefile b/SecurityTests/clxutils/userTrustTest/Makefile deleted file mode 100644 index f091380f..00000000 --- a/SecurityTests/clxutils/userTrustTest/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -# name of executable to build -EXECUTABLE=userTrustTest -# C++ source (with .cpp extension) -CPSOURCE= userTrustTest.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -# -# Optional files on which *.{c,cpp} depend -# -HDR_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/clxutils/userTrustTest/amazon_v3.100.cer b/SecurityTests/clxutils/userTrustTest/amazon_v3.100.cer deleted file mode 100644 index 6adab1e777dfde6f6c3cbdc91de916fb24a1cfca..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 945 zcmXqLVqR;|#4NRdnTe5!Ng!s6&O7Izls2hFU#~OmiDES1W#iOp^Jx3d%gD&e%3u(0 z$Zf#M#vIDRCd?EXY^Y!$2jXxEiw6ZeD!3$;Bq{`_CYKgvmQ?B}c;+SR8R{A6fK+e` ztAZs`f$~LVsYMFTsYNB3X_?81C7Jno3XY{E8TlYx26E!O2BwBaM#ctU5C!C#fw)G- zrk19bQ3mO#4iGjF1R2jE%oUzkoROKAUXq_@C}6+`5@Z))4^B-iDalDSlrRtjyHkYU zF*mU)KTj_?KNsRYaRX7146_Jdd3m{BB3#y>aXzx&8Ce;a8+#cH8atU98yQYS=H830 zzWJu`Tz;gC=V?)aIh9>a`;T9&6V`lqGeNDT`=sdhgI%wa&0dvBlv>2CX$$^#|AxQm z{=nK*Yj35OKRR zOVsUmpP0RTwe+9IP2NHY*=rTdd$)c*-O0qv$iTR`i7~~Xi7^2jAF{$MOa=@F+(5s` z^0TloGqEl(umN%8SxgO#4Gb6PFVJn%&L}AP&@#|qeKGy_Egc>{JfR&73JCMgz?{->9v+Sc^;WgkA@ zkafjFLZ@0%&p=g78EQvPetJHN9r|U(U@?$Ms9Auyjv=$i;pnY8%{PMgt|v@qX7}~( z`k{Q7L;J6k#w@jOdQUqQa?khN$=Vc^ziO(4#NlHRM$TGYU+unDE^@nj{9tv7;w69o z>s1A!(mvl9rwJ4Xt)7e& Nk8i%VD)H!PW&nH?DSH3_ diff --git a/SecurityTests/clxutils/userTrustTest/userTrustTest.cpp b/SecurityTests/clxutils/userTrustTest/userTrustTest.cpp deleted file mode 100644 index 7b87318d..00000000 --- a/SecurityTests/clxutils/userTrustTest/userTrustTest.cpp +++ /dev/null @@ -1,244 +0,0 @@ -/* - * userTrustTest.cpp - simple test of SecTrustSetUserTrustLegacy() and - * SecTrustGetUserTrust() - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define IGNORE_EXISTING_STATE 0 - -static void usage(char **argv) -{ - printf("usage: %s [options] known_good_leaf_cert [ca_cert...]\n", argv[0]); - printf("Options:\n"); - printf(" -q -- quiet\n"); - exit(1); -} - -static char *secTrustResultStr( - SecTrustResultType result) -{ - static char unknownStr[100]; - - switch(result) { - case kSecTrustResultInvalid: return "kSecTrustResultInvalid"; - case kSecTrustResultProceed: return "kSecTrustResultProceed"; - case kSecTrustResultConfirm: return "kSecTrustResultConfirm"; - case kSecTrustResultDeny: return "kSecTrustResultDeny"; - case kSecTrustResultUnspecified: return "kSecTrustResultUnspecified"; - case kSecTrustResultRecoverableTrustFailure: - return "kSecTrustResultRecoverableTrustFailure"; - case kSecTrustResultFatalTrustFailure: return "kSecTrustResultFatalTrustFailure"; - case kSecTrustResultOtherError: return "kSecTrustResultOtherError"; - default: - sprintf(unknownStr, "UNKNOWN ResultType (%d)\n", - (int)result); - return unknownStr; - } -} - -/* do a SecTrustEvaluate, ensure resultType is as specified */ -static int doEval( - CFArrayRef certs, - SecPolicyRef policy, - SecTrustResultType expectedResult, - bool quiet) -{ - OSStatus ortn; - SecTrustRef trustRef = NULL; - SecTrustResultType result; - int ourRtn = 0; - - ortn = SecTrustCreateWithCertificates(certs, policy, &trustRef); - if(ortn) { - cssmPerror("SecTrustCreateWithCertificates", ortn); - return -1; - } - ortn = SecTrustEvaluate(trustRef, &result); - if(ortn) { - /* shouldn't fail no matter what resultType we expect */ - cssmPerror("SecTrustEvaluate", ortn); - ourRtn = -1; - goto errOut; - } - if(expectedResult == result) { - if(!quiet) { - printf("...got %s as expected\n", secTrustResultStr(result)); - } - } - else { - printf("***Expected %s, got %s\n", secTrustResultStr(expectedResult), - secTrustResultStr(result)); - ourRtn = -1; - } -errOut: - CFRelease(trustRef); - return ourRtn; -} - -/* Do a SecTrustGetUserTrust(), ensure result is as specified */ -static int doGetUserTrust( - SecCertificateRef certRef, - SecPolicyRef policy, - SecTrustResultType expectedResult) -{ - SecTrustResultType foundResult; - OSStatus ortn = SecTrustGetUserTrust(certRef, policy, &foundResult); - if(ortn) { - cssmPerror("SecTrustGetUserTrust", ortn); - return -1; - } - if(foundResult != expectedResult) { - printf("***Expected current resultType %s; found %s\n", - secTrustResultStr(expectedResult), secTrustResultStr(foundResult)); - return -1; - } - return 0; -} - -/* Do SecTrustSetUserTrustLegacy() followed by SecTrustGetUserTrust() */ -static int doSetVerifyUserTrust( - SecCertificateRef certRef, - SecPolicyRef policy, - SecTrustResultType result) -{ - OSStatus ortn; - ortn = SecTrustSetUserTrustLegacy(certRef, policy, result); - if(ortn) { - cssmPerror("SecTrustSetUserTrustLegacy", ortn); - return -1; - } - return doGetUserTrust(certRef, policy, result); -} - -static int doTest( - CFArrayRef certArray, - SecPolicyRef policy, - bool quiet) -{ - int ourRtn = 0; - SecCertificateRef leafCert = (SecCertificateRef)CFArrayGetValueAtIndex( - certArray, 0); - - if(!quiet) { - printf("Verifying cert is good as is...\n"); - } - ourRtn = doEval(certArray, policy, kSecTrustResultUnspecified, quiet); - if(ourRtn && !IGNORE_EXISTING_STATE) { - return ourRtn; - } - - if(!quiet) { - printf("Verifying cert currently has kSecTrustResultUnspecified...\n"); - } - if(doGetUserTrust(leafCert, policy, kSecTrustResultUnspecified)) { - ourRtn = -1; - /* but keep going */ - } - - if(!quiet) { - printf("setting and verifying SecTrustResultDeny...\n"); - } - if(doSetVerifyUserTrust(leafCert, policy, kSecTrustResultDeny)) { - ourRtn = -1; - } - - if(!quiet) { - printf("Verify cert with SecTrustResultDeny...\n"); - } - ourRtn = doEval(certArray, policy, kSecTrustResultDeny, quiet); - if(ourRtn) { - ourRtn = -1; - } - - if(!quiet) { - printf("setting and verifying kSecTrustResultConfirm...\n"); - } - if(doSetVerifyUserTrust(leafCert, policy, kSecTrustResultConfirm)) { - ourRtn = -1; - } - - if(!quiet) { - printf("Verify cert with kSecTrustResultConfirm...\n"); - } - ourRtn = doEval(certArray, policy, kSecTrustResultConfirm, quiet); - if(ourRtn) { - ourRtn = -1; - } - - if(!quiet) { - printf("setting and verifying kSecTrustResultUnspecified...\n"); - } - if(doSetVerifyUserTrust(leafCert, policy, kSecTrustResultUnspecified)) { - ourRtn = -1; - } - - if(!quiet) { - printf("Verify cert with kSecTrustResultUnspecified...\n"); - } - ourRtn = doEval(certArray, policy, kSecTrustResultUnspecified, quiet); - - if(!quiet) { - printf("Verify SecTrustSetUserTrust(kSecTrustResultConfirm) fails...\n"); - } - /* verify Radar 4642125 - this should fail, not crash */ - OSStatus ortn = SecTrustSetUserTrust(leafCert, policy, kSecTrustResultConfirm); - if(ortn != unimpErr) { - printf("***SecTrustSetUserTrust returned %ld; expected %ld (unimpErr)\n", - (long)ortn, (long)unimpErr); - ourRtn = -1; - } - return ourRtn; -} - -int main(int argc, char **argv) -{ - bool quiet = false; - - int arg; - while ((arg = getopt(argc, argv, "qh")) != -1) { - switch (arg) { - case 'q': - quiet = true; - break; - case 'h': - usage(argv); - } - } - - unsigned numCerts = argc - optind; - if(numCerts == 0) { - usage(argv); - } - CFMutableArrayRef certArray = CFArrayCreateMutable(NULL, 0, - &kCFTypeArrayCallBacks); - for(int dex=optind; dexTM;J*S^3O}zB;*(2>HhOEM*k|hhSS)`wTblb#r`m_f*-u}@u9tcZT#h>~- zd(pYw7v}reO|a7PQmu$$l?dCO8LJVvO83|W^NE3zmIpR7F*7nSE^cC6ZP3KH+<*`0 z5m|ml#{VoV%uH+t4CFz4WfowBHHbX&J+VrUM>2nUREg(o*$BxM67CFOpUd*Gh_Q&Q z6lOoos91SA?0gzm@HMu}+($o&fa6(KfrZ}y6l9zUZ61uNOpM%|290eXgN0b?4Qkt} zb5arutn~FWQ&Nic@-j>GQZkDZ^>QcjZ;98t!iWdjBX$ajBp?cj&dMv48)!w zVP{8GqvZTjplYxJ2otO$IUgtpN@YM*h;#;2oeUBWHfY=oa)>-j<7$J(6$Xt<7c?$f z&^W)Xan1lb%04-@s3bEjGdZy&wJ5bLA4q5B=jCJ;mslrd<|P(YBBv%`_F@JmBQuQ$ z=Pe5S*B&(x-y!-FlE hW=Y!kPO&oU5%}Fhd4@PE z02L?zg%zB05{ru!j1_znGjkN29S!8fc@2yVER75d&5ex>4WfWtQv+iopqQb#p=p#s zF*V%6YrqY0CrfCsv%8_Zfh@#nVj-@so;#|Q zj{l{W%&OK24Owd&d+OSXq!Sm;w4}-=-@K!0GxgTZhYyV2exA zK@*dJ0UyvKviyvU|5;d=nb-~($b0- zb6GwXF%}Wdb!n_U{>HZI?B99oetmXwo02UHj%is17JdUzkZ~roc`&9jF>-SnG{P60)?s*wRO!hs|(%7G*} z(t)%w5Q8EfB;=@Sl$>7*R1a1HVS@D}=K}>nDGjI!k=B5!lR@Ia28~-lPLXG6Tw~C< z(x7qKg2u%Q8W*%R&K*cs*(awKm1L%6CMTAp7NwTu1L@5CyqwJ966>VQyu_kP15J>t zRauk_6xg`5*%(!LJYO`t~a|-5IWiN{=ehvli$ef zn-w!ZXXf?ip~eAbY^$QKY-3VMqNGt diff --git a/SecurityTests/clxutils/vfyCacCert/certs/joe2.ID.cer b/SecurityTests/clxutils/vfyCacCert/certs/joe2.ID.cer deleted file mode 100644 index 9391e5c03b0bdca562cecfa500db3e058f3b1d7c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 962 zcmXqLV%}%a#H_x6nTe5!iHRlOfR~L^tIebBJ1-+6D=ULRm?5_TCmVAp3!5-gXt1G# zff$IxCCneH7p$k?o?n()l$V>DS7OLxzy*@w7G`$IcR}I>czYTO8t{YUn1wlH<_3j85kEgF_sxLF%}u{0sSM(&&c?ng@u`k?SO$ih_B27jHCvU z>6`Y$5xg@UN#%CZ4QozR|#v<}ZJ?5e1y}~M8(dZ`esYZGKS8Wyo z$E~aa3%>!c0XG|GLYoI;Dib3&r$G)#n-EK?L2_GSPD)~dmA-yvN=mU_US^42N@j7Q zUT$WNesZ3waf-9Cs*!=G3y^SjR5eP@F9nJLQvi$!Od232P!N=SfT|D)2q>Nm5)U?L zoC&f{o~3c3L1UjmWA}o_js=aaZH-Mdx7t2AwWuUBEi*Z>B(*5DEFVZ`=I7;P7MEBj zW#%OoRU#)0VD4ZBrijMe!k=N^Y?TghMQS)KD~xz~Xj+MWeR;|M=dG3e&jRKK_A^cp z<1%s2Zk-qWZE{z-Zn`k_Q@Bp?M`Nf;+h_h8tAeGDwXqmazH9a9qQK#(PL=J~S5MBCoavgq9{`PYFR%ar diff --git a/SecurityTests/clxutils/vfyCacCert/certs/joe2.encrypt.cer b/SecurityTests/clxutils/vfyCacCert/certs/joe2.encrypt.cer deleted file mode 100644 index c020d46a5aeda697b2b5842ef09127ea2f03ec15..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1004 zcmXqLVt!%J#2mPQnTe5!iHYNy0WTY;R+~rLcV0$DR#pas2t#fIPB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzIna?}Ee&@b)wmHV_2KF$;4!8!PxG zX67h3I~vG|^BNc#7#bTIfI$?HYl6fzsHBF?2v>y$`x&Yks6gBy>lEbg?&0X`8l>mt zAM6_7p%T!>Z@I|=DyjS z|M0H6_k*$>oyn`(|J{iFZFY3x4RwuuD{jW-+X$WBA!K1tT9~Y`USEP?xtVtRDxLzi z8iNU|S$lF9%f8AK6U@GPTBTif#sjK?XLOmv&?>{R_~-o z`#1B*eBcZ3F})zoAo*&NIukP^1LNW*#(4%!jI#{*fc}x?XJq`(!otkNssQ$%tRRc5 zfpnv!Q&E0;Mq+Mik)Bt6szXMhUS48ZrCx4kj)6Q#mof`5G8;rz9_*Vb(VS>l(q3G2C^Upd@N!tA|gK@L}bjppi*V6m=#};qx0^~Hc4UWmiYdG9$wmofu z^R|;azCGTz=45_`*}M2pQiieql9#8?O;Pn@y}Wd?WY1@}cOlM?>~HLx?)%iI{p0oR ipI^;&-5VBV8(GjBy1%rO`%v4z2g2H7&$w?kiva+dut2>4 diff --git a/SecurityTests/clxutils/vfyCacCert/certs/joe2.sign.cer b/SecurityTests/clxutils/vfyCacCert/certs/joe2.sign.cer deleted file mode 100644 index 6412eb6715dd52954a5c6b4dcb65948e26ce1ffb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1072 zcmXqLV$m^ZVxGEynTe5!iHYN?0WTY;R+~rLcV0$DR#pas2t#fIPB!LH7B*p~&|pIe z12GVXOPD`YFIZ2(J-;lqC@(iPuf&kYfD0tUEzIna?}Ee&@b)wmHV_2KF$;4!8!PxG zX67h3I~vG|^BNc#7#bTIfI$?HYl6fzsHBF?2v>y$`x&Yks6gBy>lEbg?&0X`8l>mt zAM6_7p%JDv$Z~(?0Uhy; zEGJlUHc#`}n|yeGzLBob(PYJ`xesO?K4`H2`@_HW0rR4J{DQ2ct{;@Dm%5#5x*#BZ z75n`MSz9umzjQsdBY5t_nu}|q!o*i}-9F}jh-K=v3(AKzxo4-{oD-3hxUWRUblaKo zt|QyRr%_{06)R+-#f)Z61uNOpM%|2Du<@LM&+pDQ!tPDTxJE`ueFU#d>*}C3-2D z#ff^knK}B&d8)=K&c>=n2B0VgQqGR5M#=f5Kv7^KfH8ro1H=Rhf>IDr6(S7*#gjqe z!3K@9K=#SAG)^*T>^EraSVQyu_kP10|5#R6$`5$_-rFY>X_7P39s@Ol%xLHY+PTGmC)>NR1$it$}r;q*GCT zdPZVyYLT8-eyT%8p -#include -#include -#include /* private */ -//#include "clutils.h" -#include /* private cssmErrorString() */ -#include -#include -#include - -/* - * More-or-less hard-coded locations of system-wide keychains containing - * intermediate certs (which are required for this operation) and - * CRLs (which is optional; it's just a cache for performance reasons). - */ -#define X509_CERT_DB "/System/Library/Keychains/X509Certificates" -#define X509_CRL_DB "/private/var/db/crls/crlcache.db" - -static void usage(char **argv) -{ - printf("Usage: %s certFileName [options]\n", argv[0]); - printf("Options:\n"); - printf(" a allow unverified certs\n"); - printf(" d disable CRL verification\n"); - printf(" n no network fetch of CRLs\n"); - exit(1); -} - -/*** Display verify results ***/ - -static void statusBitTest( - CSSM_TP_APPLE_CERT_STATUS certStatus, - uint32 bit, - const char *str) -{ - if(certStatus & bit) { - printf("%s ", str); - } -} - -static void printCertInfo( - unsigned numCerts, // from CertGroup - const CSSM_TP_APPLE_EVIDENCE_INFO *info) -{ - CSSM_TP_APPLE_CERT_STATUS cs; - - for(unsigned i=0; iStatusBits; - printf(" cert %u:\n", i); - printf(" StatusBits : 0x%x", (unsigned)cs); - if(cs) { - printf(" ( "); - statusBitTest(cs, CSSM_CERT_STATUS_EXPIRED, "EXPIRED"); - statusBitTest(cs, CSSM_CERT_STATUS_NOT_VALID_YET, - "NOT_VALID_YET"); - statusBitTest(cs, CSSM_CERT_STATUS_IS_IN_INPUT_CERTS, - "IS_IN_INPUT_CERTS"); - statusBitTest(cs, CSSM_CERT_STATUS_IS_IN_ANCHORS, - "IS_IN_ANCHORS"); - statusBitTest(cs, CSSM_CERT_STATUS_IS_ROOT, "IS_ROOT"); - statusBitTest(cs, CSSM_CERT_STATUS_IS_FROM_NET, "IS_FROM_NET"); - printf(")\n"); - } - else { - printf("\n"); - } - printf(" NumStatusCodes : %u ", - thisInfo->NumStatusCodes); - for(unsigned j=0; jNumStatusCodes; j++) { - printf("%s ", - cssmErrorString(thisInfo->StatusCodes[j]).c_str()); - } - printf("\n"); - printf(" Index: %u\n", thisInfo->Index); - } - return; -} - -/* we really only need CSSM_EVIDENCE_FORM_APPLE_CERT_INFO */ -#define SHOW_ALL_VFY_RESULTS 0 - -static void dumpVfyResult( - const CSSM_TP_VERIFY_CONTEXT_RESULT *vfyResult) -{ - unsigned numEvidences = vfyResult->NumberOfEvidences; - unsigned numCerts = 0; - printf("Returned evidence:\n"); - for(unsigned dex=0; dexEvidence[dex]; - #if SHOW_ALL_VFY_RESULTS - printf(" Evidence %u:\n", dex); - #endif - switch(ev->EvidenceForm) { - case CSSM_EVIDENCE_FORM_APPLE_HEADER: - { - #if SHOW_ALL_VFY_RESULTS - const CSSM_TP_APPLE_EVIDENCE_HEADER *hdr = - (const CSSM_TP_APPLE_EVIDENCE_HEADER *)(ev->Evidence); - printf(" Form = HEADER; Version = %u\n", hdr->Version); - #endif - break; - } - case CSSM_EVIDENCE_FORM_APPLE_CERTGROUP: - { - const CSSM_CERTGROUP *grp = (const CSSM_CERTGROUP *)ev->Evidence; - numCerts = grp->NumCerts; - #if SHOW_ALL_VFY_RESULTS - /* parse the rest of this eventually */ - /* Note we depend on this coming before the CERT_INFO */ - printf(" Form = CERTGROUP; numCerts = %u\n", numCerts); - #endif - break; - } - case CSSM_EVIDENCE_FORM_APPLE_CERT_INFO: - { - const CSSM_TP_APPLE_EVIDENCE_INFO *info = - (const CSSM_TP_APPLE_EVIDENCE_INFO *)ev->Evidence; - printCertInfo(numCerts, info); - break; - } - default: - printf("***UNKNOWN Evidence form (%u)\n", - (unsigned)ev->EvidenceForm); - break; - } - } -} - -/* free a CSSM_CERT_GROUP */ -void tpFreeCertGroup( - CSSM_CERTGROUP_PTR certGroup, - CSSM_BOOL freeCertData, // free individual CertList.Data - CSSM_BOOL freeStruct) // free the overall CSSM_CERTGROUP -{ - unsigned dex; - - if(certGroup == NULL) { - return; - } - - if(freeCertData) { - /* free the individual cert Data fields */ - for(dex=0; dexNumCerts; dex++) { - APP_FREE(certGroup->GroupList.CertList[dex].Data); - } - } - - /* and the array of CSSM_DATAs */ - if(certGroup->GroupList.CertList) { - APP_FREE(certGroup->GroupList.CertList); - } - - if(freeStruct) { - APP_FREE(certGroup); - } -} - - -/* - * Free the contents of a CSSM_TP_VERIFY_CONTEXT_RESULT returned from - * CSSM_TP_CertGroupVerify(). - */ -CSSM_RETURN freeVfyResult( - CSSM_TP_VERIFY_CONTEXT_RESULT *ctx) -{ - int numCerts = -1; - CSSM_RETURN crtn = CSSM_OK; - - for(unsigned i=0; iNumberOfEvidences; i++) { - CSSM_EVIDENCE_PTR evp = &ctx->Evidence[i]; - switch(evp->EvidenceForm) { - case CSSM_EVIDENCE_FORM_APPLE_HEADER: - /* Evidence = (CSSM_TP_APPLE_EVIDENCE_HEADER *) */ - APP_FREE(evp->Evidence); - evp->Evidence = NULL; - break; - case CSSM_EVIDENCE_FORM_APPLE_CERTGROUP: - { - /* Evidence = CSSM_CERTGROUP_PTR */ - CSSM_CERTGROUP_PTR cgp = (CSSM_CERTGROUP_PTR)evp->Evidence; - numCerts = cgp->NumCerts; - tpFreeCertGroup(cgp, CSSM_TRUE, CSSM_TRUE); - evp->Evidence = NULL; - break; - } - case CSSM_EVIDENCE_FORM_APPLE_CERT_INFO: - { - /* Evidence = array of CSSM_TP_APPLE_EVIDENCE_INFO */ - if(numCerts < 0) { - /* Haven't gotten a CSSM_CERTGROUP_PTR! */ - printf("***Malformed VerifyContextResult (2)\n"); - crtn = CSSMERR_TP_INTERNAL_ERROR; - break; - } - CSSM_TP_APPLE_EVIDENCE_INFO *evInfo = - (CSSM_TP_APPLE_EVIDENCE_INFO *)evp->Evidence; - for(unsigned k=0; k<(unsigned)numCerts; k++) { - /* Dispose of StatusCodes, UniqueRecord */ - CSSM_TP_APPLE_EVIDENCE_INFO *thisEvInfo = - &evInfo[k]; - if(thisEvInfo->StatusCodes) { - APP_FREE(thisEvInfo->StatusCodes); - } - if(thisEvInfo->UniqueRecord) { - CSSM_RETURN crtn = - CSSM_DL_FreeUniqueRecord(thisEvInfo->DlDbHandle, - thisEvInfo->UniqueRecord); - if(crtn) { - cuPrintError("CSSM_DL_FreeUniqueRecord", crtn); - break; - } - thisEvInfo->UniqueRecord = NULL; - } - } /* for each cert info */ - APP_FREE(evp->Evidence); - evp->Evidence = NULL; - break; - } /* CSSM_EVIDENCE_FORM_APPLE_CERT_INFO */ - } /* switch(evp->EvidenceForm) */ - } /* for each evidence */ - if(ctx->Evidence) { - APP_FREE(ctx->Evidence); - ctx->Evidence = NULL; - } - return crtn; -} - -static int testError(CSSM_BOOL quiet) -{ - char resp; - - if(quiet) { - printf("\n***Test aborting.\n"); - exit(1); - } - fpurge(stdin); - printf("a to abort, c to continue: "); - resp = getchar(); - return (resp == 'a'); -} - -/* - * The heart of CAC certification verification. - */ -int vfyCert( - CSSM_TP_HANDLE tpHand, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const void * certData, - unsigned certLength, - - /* these three booleans will eventually come from system preferences */ - bool enableCrlCheck, - bool requireFullCrlVerify, - bool enableFetchFromNet, - CSSM_DL_DB_HANDLE_PTR certKeychain, - CSSM_DL_DB_HANDLE_PTR crlKeychain) -{ - /* main job is building a CSSM_TP_VERIFY_CONTEXT and its components */ - CSSM_TP_VERIFY_CONTEXT vfyCtx; - CSSM_TP_CALLERAUTH_CONTEXT authCtx; - CSSM_TP_VERIFY_CONTEXT_RESULT vfyResult; - - memset(&vfyCtx, 0, sizeof(CSSM_TP_VERIFY_CONTEXT)); - memset(&authCtx, 0, sizeof(CSSM_TP_CALLERAUTH_CONTEXT)); - - /* CSSM_TP_CALLERAUTH_CONTEXT components */ - /* - typedef struct cssm_tp_callerauth_context { - CSSM_TP_POLICYINFO Policy; - CSSM_TIMESTRING VerifyTime; - CSSM_TP_STOP_ON VerificationAbortOn; - CSSM_TP_VERIFICATION_RESULTS_CALLBACK CallbackWithVerifiedCert; - uint32 NumberOfAnchorCerts; - CSSM_DATA_PTR AnchorCerts; - CSSM_DL_DB_LIST_PTR DBList; - CSSM_ACCESS_CREDENTIALS_PTR CallerCredentials; - } CSSM_TP_CALLERAUTH_CONTEXT, *CSSM_TP_CALLERAUTH_CONTEXT_PTR; - */ - /* two policies */ - CSSM_FIELD policyIds[2]; - CSSM_APPLE_TP_CRL_OPTIONS crlOpts; - policyIds[0].FieldOid = CSSMOID_APPLE_X509_BASIC; - policyIds[0].FieldValue.Data = NULL; - policyIds[0].FieldValue.Length = 0; - if(enableCrlCheck) { - policyIds[1].FieldOid = CSSMOID_APPLE_TP_REVOCATION_CRL; - policyIds[1].FieldValue.Data = (uint8 *)&crlOpts; - policyIds[1].FieldValue.Length = sizeof(crlOpts); - crlOpts.Version = CSSM_APPLE_TP_CRL_OPTS_VERSION; - crlOpts.CrlFlags = 0; - if(requireFullCrlVerify) { - crlOpts.CrlFlags |= CSSM_TP_ACTION_REQUIRE_CRL_PER_CERT; - } - if(enableFetchFromNet) { - crlOpts.CrlFlags |= CSSM_TP_ACTION_FETCH_CRL_FROM_NET; - } - /* optional, may well not exist */ - /* FIXME: as of 12/4/02 this field is ignored by the TP - * and may well go away from the CSSM_APPLE_TP_CRL_OPTIONS - * struct. */ - crlOpts.crlStore = crlKeychain; - - authCtx.Policy.NumberOfPolicyIds = 2; - } - else { - /* No CRL checking */ - authCtx.Policy.NumberOfPolicyIds = 1; - } - authCtx.Policy.PolicyIds = policyIds; - authCtx.Policy.PolicyControl = NULL; - - authCtx.VerifyTime = NULL; - authCtx.VerificationAbortOn = CSSM_TP_STOP_ON_POLICY; - authCtx.CallbackWithVerifiedCert = NULL; - - /* anchors */ - const CSSM_DATA *anchors; - uint32 anchorCount; - OSStatus ortn; - ortn = SecTrustGetCSSMAnchorCertificates(&anchors, &anchorCount); - if(ortn) { - printf("SecTrustGetCSSMAnchorCertificates returned %u\n", ortn); - return -1; - } - authCtx.NumberOfAnchorCerts = anchorCount; - authCtx.AnchorCerts = const_cast(anchors); - - /* DBList of intermediate certs and CRLs */ - CSSM_DL_DB_HANDLE handles[2]; - unsigned numDbs = 0; - if(certKeychain != NULL) { - handles[0] = *certKeychain; - numDbs++; - } - if(crlKeychain != NULL) { - handles[numDbs] = *crlKeychain; - numDbs++; - } - CSSM_DL_DB_LIST dlDbList; - dlDbList.NumHandles = numDbs; - dlDbList.DLDBHandle = &handles[0]; - - authCtx.DBList = &dlDbList; - authCtx.CallerCredentials = NULL; - - /* CSSM_TP_VERIFY_CONTEXT */ - vfyCtx.ActionData.Data = NULL; - vfyCtx.ActionData.Length = 0; - vfyCtx.Action = CSSM_TP_ACTION_DEFAULT; - vfyCtx.Cred = &authCtx; - - /* cook up cert group */ - CSSM_CERTGROUP cssmCerts; - cssmCerts.CertType = CSSM_CERT_X_509v3; - cssmCerts.CertEncoding = CSSM_CERT_ENCODING_DER; - cssmCerts.NumCerts = 1; - CSSM_DATA cert; - cert.Data = (uint8 *)certData; - cert.Length = certLength; - cssmCerts.GroupList.CertList = &cert; - cssmCerts.CertGroupType = CSSM_CERTGROUP_DATA; - - CSSM_RETURN crtn = CSSM_TP_CertGroupVerify(tpHand, - clHand, - cspHand, - &cssmCerts, - &vfyCtx, - &vfyResult); - if(crtn) { - cuPrintError("CSSM_TP_CertGroupVerify", crtn); - } - else { - printf("...verify successful\n"); - } - dumpVfyResult(&vfyResult); - freeVfyResult(&vfyResult); - if(crtn) { - return testError(0); - } - else { - return 0; - } -} - -int main(int argc, char **argv) -{ - int rtn; - CSSM_RETURN crtn; - CSSM_DL_HANDLE dlHand; - CSSM_CSP_HANDLE cspHand; - CSSM_CL_HANDLE clHand; - CSSM_TP_HANDLE tpHand; - CSSM_DL_DB_HANDLE certKeychain; - CSSM_DL_DB_HANDLE crlKeychain; - CSSM_DL_DB_HANDLE_PTR certKeychainPtr = NULL; - CSSM_DL_DB_HANDLE_PTR crlKeychainPtr = NULL; - unsigned char *certData; - unsigned certLength; - bool requireFullCrlVerify = true; - bool enableFetchFromNet = true; - bool enableCrlCheck = true; - int arg; - char *argp; - - if(argc < 2) { - usage(argv); - } - for(arg=2; arg -#include -#include -#include -#include -#include -#include - -static void usage(char **argv) -{ - printf("Usage: %s rootCertFile [subjCertFile]\n", argv[0]); - exit(1); -} - -int main(int argc, char **argv) -{ - CSSM_DATA rootCert; - CSSM_DATA subjCert; - int rtn; - CSSM_CL_HANDLE clHand; - CSSM_RETURN crtn; - char *subjName; - unsigned len; - - if((argc < 2) || (argc > 3)) { - usage(argv); - } - rtn = readFile(argv[1], &rootCert.Data, &len); - if(rtn) { - printf("Error reading %s; %s\n", argv[1], strerror(rtn)); - exit(1); - } - rootCert.Length = len; - - if(argc == 2) { - subjName = argv[1]; // vfy a root cert - } - else { - subjName = argv[2]; - } - rtn = readFile(subjName, &subjCert.Data, (unsigned *)&subjCert.Length); - if(rtn) { - printf("Error reading %s; %s\n", argv[1], strerror(rtn)); - exit(1); - } - clHand = clStartup(); - if(clHand == CSSM_INVALID_HANDLE) { - return 1; - } - crtn = CSSM_CL_CertVerify( - clHand, - CSSM_INVALID_HANDLE, // CCHandle - &subjCert, - &rootCert, - NULL, // VerifyScope - 0); // ScopeSize - if(crtn) { - printError("CSSM_CL_CertVerify", crtn); - } - else { - printf("cert %s verifies OK\n", subjName); - } - return 0; -} - diff --git a/SecurityTests/clxutils/vfyCertChain/Makefile b/SecurityTests/clxutils/vfyCertChain/Makefile deleted file mode 100644 index 380feb20..00000000 --- a/SecurityTests/clxutils/vfyCertChain/Makefile +++ /dev/null @@ -1,54 +0,0 @@ -# name of executable to build -EXECUTABLE=vfyCertChain -# C++ source (with .cpp extension) -CPSOURCE= vfyCertChain.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/clxutils/vfyCertChain/vfyCertChain.cpp b/SecurityTests/clxutils/vfyCertChain/vfyCertChain.cpp deleted file mode 100644 index 8d4f08bc..00000000 --- a/SecurityTests/clxutils/vfyCertChain/vfyCertChain.cpp +++ /dev/null @@ -1,426 +0,0 @@ -/* - * Gather up user-specified raw cert files, attempt to verify as a - * cert chain - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static void usage(char **argv) -{ - printf("Usage: %s [options] certFile ..., leaf first\n", argv[0]); - printf("Options:\n"); - printf(" -s SSL policy (default is basic)\n"); - printf(" -e allow expired cert\n"); - printf(" -E allow expired root\n"); - printf(" -S serverName\n"); - printf(" -t timeBaseString (default = now)\n"); - printf(" -T use SecTrustEvaluate\n"); - printf(" -v verbose\n"); - exit(1); -} - -static void printResult( - CSSM_RETURN crtn) -{ - switch(crtn) { - case CSSM_OK: - printf(" ...successful verification\n"); - break; - case CSSMERR_TP_INVALID_CERTIFICATE: - printf(" ...invalid leaf cert\n"); - break; - case CSSMERR_TP_INVALID_ANCHOR_CERT: - printf(" ...cert chain valid (unknown root)\n"); - break; - case CSSMERR_TP_NOT_TRUSTED: - printf(" ...no root cert found\n"); - break; - case CSSMERR_TP_VERIFICATION_FAILURE: - printf(" ...bad root cert\n"); - break; - case CSSMERR_TP_VERIFY_ACTION_FAILED: - printf(" ...policy verification failed\n"); - break; - case CSSMERR_TP_CERT_EXPIRED: - printf(" ...expired cert in chain\n"); - break; - case CSSMERR_TP_CERT_NOT_VALID_YET: - printf(" ...not-yet-valid cert in chain\n"); - break; - default: - printError("tpCertGroupVerify", crtn); - break; - } - -} -int main(int argc, char **argv) -{ - CSSM_CL_HANDLE clHand; // CL handle - CSSM_TP_HANDLE tpHand; // TP handle - CSSM_CSP_HANDLE cspHand = 0; // CSP handle - CSSM_DATA_PTR rawCerts = NULL; - unsigned numCerts; // num certs in *rawCerts - unsigned i; - CSSM_CERTGROUP cgrp; - const CSSM_OID *policyId = &CSSMOID_APPLE_X509_BASIC; - uint32 evidenceSize = 0; - CSSM_TP_VERIFY_CONTEXT_RESULT vfyResult; - CSSM_CERTGROUP_PTR outGrp = NULL; - int fileArg; - CSSM_RETURN crtn; - CSSM_BOOL allowExpiredCert = CSSM_FALSE; - bool allowExpiredRoot = false; - bool useSecTrust = false; - int arg; - CSSM_APPLE_TP_SSL_OPTIONS sslOpts; - CSSM_APPLE_TP_ACTION_DATA tpAction; - char *serverName = NULL; - bool verbose = false; - unsigned numEvidences = 0; - CSSM_DATA fieldOpts; - CSSM_DATA_PTR fieldOptsPtr = NULL; - CSSM_DATA actionData; - CSSM_DATA_PTR actionDataPtr = NULL; - char *cssmTimeStr = NULL; - SecTrustRef theTrust = NULL; - - if(argc < 2) { - usage(argv); - } - for(arg=1; argData, &len)) { - printf("Error reading %s=n", argv[fileArg]); - exit(1); - } - c->Length = len; - fileArg++; - } - - if(useSecTrust) { - SecPolicyRef policy = NULL; - SecPolicySearchRef policySearch = NULL; - SecCertificateRef cert; // only lives in CFArrayRefs - SecTrustResultType secTrustResult; - OSStatus ortn; - const char *evalResStr = NULL; - CSSM_TP_APPLE_EVIDENCE_INFO *evidence = NULL; - - /* convert raw certs to a CFArray of SecCertificateRefs */ - CFMutableArrayRef certGroup = CFArrayCreateMutable(NULL, numCerts, - &kCFTypeArrayCallBacks); - for(i=0; iData, actionDataPtr->Length); - - ortn = SecTrustSetParameters(theTrust, CSSM_TP_ACTION_DEFAULT, - actionData); - if(ortn) { - printf("SecTrustSetParameters returned %s\n", sslGetSSLErrString(ortn)); - exit(1); - } - CFRelease(actionData); - } - - /* - * Here we go; hand it over to SecTrust/TP. - */ - ortn = SecTrustEvaluate(theTrust, &secTrustResult); - if(ortn) { - printf("SecTrustEvaluate returned %s\n", sslGetSSLErrString(ortn)); - exit(1); - } - crtn = CSSM_OK; - switch(secTrustResult) { - case kSecTrustResultInvalid: - /* should never happen */ - evalResStr = "kSecTrustResultInvalid"; - break; - case kSecTrustResultProceed: - /* cert chain valid AND user explicitly trusts this */ - evalResStr = "kSecTrustResultProceed"; - break; - case kSecTrustResultConfirm: - /* - * Cert chain may well have verified OK, but user has flagged - * one of these certs as untrustable. - */ - evalResStr = "kSecTrustResultConfirm"; - break; - case kSecTrustResultDeny: - /* - * Cert chain may well have verified OK, but user has flagged - * one of these certs as untrustable. - */ - evalResStr = "kSecTrustResultDeny"; - break; - case kSecTrustResultUnspecified: - /* cert chain valid, no special UserTrust assignments */ - evalResStr = "kSecTrustResultUnspecified"; - break; - case kSecTrustResultRecoverableTrustFailure: - /* ? */ - evalResStr = "kSecTrustResultRecoverableTrustFailure"; - break; - case kSecTrustResultFatalTrustFailure: - /* ? */ - evalResStr = "kSecTrustResultFatalTrustFailure"; - break; - case kSecTrustResultOtherError: - /* ? */ - evalResStr = "kSecTrustResultOtherError"; - break; - default: - break; - } - printf("...SecTrustEvaluate result : "); - if(evalResStr != NULL) { - printf("%s\n", evalResStr); - } - else { - printf("UNKNOWN (%d)\n", (int)secTrustResult); - } - /* get low-level TP return code */ - OSStatus ocrtn; - ortn = SecTrustGetCssmResultCode(theTrust, &ocrtn); - if(ortn) { - printf("SecTrustGetCssmResultCode returned %s\n", sslGetSSLErrString(ortn)); - /*...keep going */ - } - else { - printResult(ocrtn); - } - CFArrayRef dummy; - ortn = SecTrustGetResult(theTrust, &secTrustResult, &dummy, - &evidence); - if(ortn) { - printf("SecTrustGetResult returned %s\n", sslGetSSLErrString(ortn)); - /*...keep going */ - } - else { - unsigned numEvidences = CFArrayGetCount(dummy); - if(numEvidences && verbose) { - printCertInfo(numEvidences, evidence); - } - } - } - else { - /* connect to CL, TP, and CSP */ - cspHand = cspStartup(); - if(cspHand == 0) { - exit(1); - } - /* subsequent errors to abort: */ - clHand = clStartup(); - if(clHand == 0) { - goto abort; - } - tpHand = tpStartup(); - if(tpHand == 0) { - goto abort; - } - - /* - * Cook up a cert group - TP wants leaf first - */ - memset(&cgrp, 0, sizeof(CSSM_CERTGROUP)); - cgrp.NumCerts = numCerts; - cgrp.CertGroupType = CSSM_CERTGROUP_DATA; - cgrp.CertType = CSSM_CERT_X_509v3; - cgrp.CertEncoding = CSSM_CERT_ENCODING_DER; - cgrp.GroupList.CertList = rawCerts; - - crtn = tpCertGroupVerify( - tpHand, - clHand, - cspHand, - NULL, // dbListPtr - policyId, - fieldOptsPtr, - actionDataPtr, - NULL, // policyOpts - &cgrp, - NULL, // anchorCerts - 0, // NumAnchorCerts - CSSM_TP_STOP_ON_POLICY, - cssmTimeStr, - &vfyResult); // verify result - printResult(crtn); - if((vfyResult.Evidence != NULL) && (vfyResult.Evidence->Evidence != NULL)) { - numEvidences = vfyResult.NumberOfEvidences; - if(numEvidences == 3) { - /* i.e., normal case */ - outGrp = (CSSM_CERTGROUP_PTR)vfyResult.Evidence[1].Evidence; - evidenceSize = outGrp->NumCerts; - } - else { - printf("***Expected numEvidences 3, got %u\n", numEvidences); - evidenceSize = 0; - } - } - printf(" num input certs %d; evidenceSize %u\n", - numCerts, (unsigned)evidenceSize); - if((numEvidences > 0) && verbose) { - dumpVfyResult(&vfyResult); - } - freeVfyResult(&vfyResult); - } - -abort: - if(rawCerts != NULL) { - /* mallocd by readFile() */ - for(i=0; i -#include - -/* Read a line from stdin into buffer as a null terminated string. If buffer is - non NULL use at most buffer_size bytes and return a pointer to buffer. Otherwise - return a newly malloced buffer. - if EOF is read this function returns NULL. */ -char * -readline(char *buffer, int buffer_size) -{ - int ix = 0, bytes_malloced = 0; - - if (!buffer) - { - bytes_malloced = 64; - buffer = (char *)malloc(bytes_malloced); - buffer_size = bytes_malloced; - } - - for (;;++ix) - { - int ch; - - if (ix == buffer_size - 1) - { - if (!bytes_malloced) - break; - bytes_malloced += bytes_malloced; - buffer = (char *)realloc(buffer, bytes_malloced); - buffer_size = bytes_malloced; - } - - ch = getchar(); - if (ch == EOF) - { - if (bytes_malloced) - free(buffer); - return NULL; - } - if (ch == '\n') - break; - buffer[ix] = ch; - } - - /* 0 terminate buffer. */ - buffer[ix] = '\0'; - - return buffer; -} - -void -print_buffer_hex(FILE *stream, UInt32 length, const void *data) -{ - unsigned i; - const unsigned char *cp = (const unsigned char *)data; - - printf("\n "); - for(i=0; i= ' ' && ch <= '~' && ch != '\\') - { - fputc(ch, stream); - } - else - { - fputc('\\', stream); - fputc('0' + ((ch >> 6) & 7), stream); - fputc('0' + ((ch >> 3) & 7), stream); - fputc('0' + ((ch >> 0) & 7), stream); - } - } -} - -void -print_buffer(FILE *stream, UInt32 length, const void *data) -{ - uint8 *p = (uint8 *) data; - Boolean ascii = TRUE; // unless we determine otherwise - UInt32 ix; - for (ix = 0; ix < length; ++ix) { - int ch = *p++; - if ((ch < ' ') || (ch > '~')) { - if((ch == 0) && (ix == (length - 1))) { - /* ignore trailing null */ - length--; - break; - } - ascii = FALSE; - break; - } - } - - if (ascii) { - fputc('"', stream); - print_buffer_ascii(stream, length, data); - fputc('"', stream); - } - else { - print_buffer_hex(stream, length, data); - } -} - -void -print_cfdata(FILE *stream, CFDataRef data) -{ - if (data) - return print_buffer(stream, CFDataGetLength(data), CFDataGetBytePtr(data)); - else - fprintf(stream, ""); -} - -void -print_cfstring(FILE *stream, CFStringRef string) -{ - if (!string) - fprintf(stream, ""); - else - { - const char *utf8 = CFStringGetCStringPtr(string, kCFStringEncodingUTF8); - if (utf8) - fprintf(stream, "%s", utf8); - else - { - CFRange rangeToProcess = CFRangeMake(0, CFStringGetLength(string)); - while (rangeToProcess.length > 0) - { - UInt8 localBuffer[256]; - CFIndex usedBufferLength; - CFIndex numChars = CFStringGetBytes(string, rangeToProcess, - kCFStringEncodingUTF8, '?', FALSE, localBuffer, - sizeof(localBuffer), &usedBufferLength); - if (numChars == 0) - break; // Failed to convert anything... - - fprintf(stream, "%.*s", (int)usedBufferLength, localBuffer); - rangeToProcess.location += numChars; - rangeToProcess.length -= numChars; - } - } - } -} - - -int -print_access(FILE *stream, SecAccessRef access, Boolean interactive) -{ - CFArrayRef aclList = NULL; - CFIndex aclix, aclCount; - int result = 0; - OSStatus status; - - status = SecAccessCopyACLList(access, &aclList); - if (status) - { - cssmPerror("SecAccessCopyACLList", status); - result = 1; - goto loser; - } - - aclCount = CFArrayGetCount(aclList); - fprintf(stream, "access: %lu entries\n", aclCount); - for (aclix = 0; aclix < aclCount; ++aclix) - { - CFArrayRef applicationList = NULL; - CFStringRef description = NULL; - CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR promptSelector = {}; - CFIndex appix, appCount; - - SecACLRef acl = (SecACLRef)CFArrayGetValueAtIndex(aclList, aclix); - CSSM_ACL_AUTHORIZATION_TAG tags[64]; // Pick some upper limit - uint32 tagix, tagCount = sizeof(tags) / sizeof(*tags); - status = SecACLGetAuthorizations(acl, tags, &tagCount); - if (status) - { - cssmPerror("SecACLGetAuthorizations", status); - result = 1; - goto loser; - } - - fprintf(stream, " entry %lu:\n authorizations (%lu):", aclix, (unsigned long)tagCount); - for (tagix = 0; tagix < tagCount; ++tagix) - { - CSSM_ACL_AUTHORIZATION_TAG tag = tags[tagix]; - switch (tag) - { - case CSSM_ACL_AUTHORIZATION_ANY: - fputs(" any", stream); - break; - case CSSM_ACL_AUTHORIZATION_LOGIN: - fputs(" login", stream); - break; - case CSSM_ACL_AUTHORIZATION_GENKEY: - fputs(" genkey", stream); - break; - case CSSM_ACL_AUTHORIZATION_DELETE: - fputs(" delete", stream); - break; - case CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED: - fputs(" export_wrapped", stream); - break; - case CSSM_ACL_AUTHORIZATION_EXPORT_CLEAR: - fputs(" export_clear", stream); - break; - case CSSM_ACL_AUTHORIZATION_IMPORT_WRAPPED: - fputs(" import_wrapped", stream); - break; - case CSSM_ACL_AUTHORIZATION_IMPORT_CLEAR: - fputs(" import_clear", stream); - break; - case CSSM_ACL_AUTHORIZATION_SIGN: - fputs(" sign", stream); - break; - case CSSM_ACL_AUTHORIZATION_ENCRYPT: - fputs(" encrypt", stream); - break; - case CSSM_ACL_AUTHORIZATION_DECRYPT: - fputs(" decrypt", stream); - break; - case CSSM_ACL_AUTHORIZATION_MAC: - fputs(" mac", stream); - break; - case CSSM_ACL_AUTHORIZATION_DERIVE: - fputs(" derive", stream); - break; - case CSSM_ACL_AUTHORIZATION_DBS_CREATE: - fputs(" dbs_create", stream); - break; - case CSSM_ACL_AUTHORIZATION_DBS_DELETE: - fputs(" dbs_delete", stream); - break; - case CSSM_ACL_AUTHORIZATION_DB_READ: - fputs(" db_read", stream); - break; - case CSSM_ACL_AUTHORIZATION_DB_INSERT: - fputs(" db_insert", stream); - break; - case CSSM_ACL_AUTHORIZATION_DB_MODIFY: - fputs(" db_modify", stream); - break; - case CSSM_ACL_AUTHORIZATION_DB_DELETE: - fputs(" db_delete", stream); - break; - case CSSM_ACL_AUTHORIZATION_CHANGE_ACL: - fputs(" change_acl", stream); - break; - case CSSM_ACL_AUTHORIZATION_CHANGE_OWNER: - fputs(" change_owner", stream); - break; - default: - fprintf(stream, " tag=%lu", (unsigned long)tag); - break; - } - } - fputc('\n', stream); - - status = SecACLCopySimpleContents(acl, &applicationList, &description, &promptSelector); - if (status) - { - cssmPerror("SecACLCopySimpleContents", status); - continue; - } - - if (promptSelector.flags & CSSM_ACL_KEYCHAIN_PROMPT_REQUIRE_PASSPHRASE) - fputs(" require-password\n", stream); - else - fputs(" don't-require-password\n", stream); - - fputs(" description: ", stream); - print_cfstring(stream, description); - fputc('\n', stream); - - if (applicationList) - { - appCount = CFArrayGetCount(applicationList); - fprintf(stream, " applications (%lu):\n", appCount); - } - else - { - appCount = 0; - fprintf(stream, " applications: \n"); - } - - for (appix = 0; appix < appCount; ++appix) - { - const UInt8* bytes; - SecTrustedApplicationRef app = (SecTrustedApplicationRef)CFArrayGetValueAtIndex(applicationList, appix); - CFDataRef data = NULL; - fprintf(stream, " %lu: ", appix); - status = SecTrustedApplicationCopyData(app, &data); - if (status) - { - cssmPerror("SecTrustedApplicationCopyData", status); - continue; - } - - bytes = CFDataGetBytePtr(data); - if (bytes && bytes[0] == 0x2f) { - fprintf(stream, "%s", (const char *)bytes); - if ((status = SecTrustedApplicationValidateWithPath(app, (const char *)bytes)) == noErr) { - fprintf(stream, " (OK)"); - } else { - fprintf(stream, " (status %ld)", status); - } - fprintf(stream, "\n"); - } else { - print_cfdata(stream, data); - fputc('\n', stream); - } - if (data) - CFRelease(data); - } - - - if (interactive) - { - char buffer[10] = {}; - if(applicationList != NULL) { - fprintf(stderr, "NULL out this application list? "); - if (readline(buffer, sizeof(buffer)) && buffer[0] == 'y') - { - /* - * This makes the ops in this entry wide-open, no dialog or confirmation - * other than requiring the keychain be open. - */ - fprintf(stderr, "setting app list to NULL\n"); - status = SecACLSetSimpleContents(acl, NULL, description, &promptSelector); - if (status) - { - cssmPerror("SecACLSetSimpleContents", status); - continue; - } - } - else { - fprintf(stderr, "Set this application list to empty array? "); - if (readline(buffer, sizeof(buffer)) && buffer[0] == 'y') - { - /* - * This means "always get confirmation, from all apps". - */ - fprintf(stderr, "setting app list to empty array\n"); - status = SecACLSetSimpleContents(acl, - CFArrayCreate(NULL, NULL, 0, &kCFTypeArrayCallBacks), - description, &promptSelector); - if (status) - { - cssmPerror("SecACLSetSimpleContents", status); - continue; - } - } - } - } - else { - fprintf(stderr, "Remove this acl? "); - if (readline(buffer, sizeof(buffer)) && buffer[0] == 'y') - { - /* - * This make ths ops in this entry completely inaccessible. - */ - fprintf(stderr, "removing acl\n"); - status = SecACLRemove(acl); - if (status) - { - cssmPerror("SecACLRemove", status); - continue; - } - } - } - } - if (description) - CFRelease(description); - if (applicationList) - CFRelease(applicationList); - - } - -loser: - if (aclList) - CFRelease(aclList); - - return result; -} - -/* Simluate what StickyRecord is trying to do.... */ - -/* - * Given an Access object: - * -- extract the ACL for the specified CSSM_ACL_AUTHORIZATION_TAG. We expect there - * to exactly one of these - if the form of a default ACL changes we'll have to - * revisit this. - * -- set the ACL's app list to the provided CFArray, which may be NULL (meaning - * "any app can access this, no problem"), an empty array (meaning "always - * prompt"), or an actual app list. - * -- set or clear the PROMPT_REQUIRE_PASSPHRASE bit per the requirePassphrase - * argument - */ -static OSStatus srUpdateAcl( - SecAccessRef accessRef, - CSSM_ACL_AUTHORIZATION_TAG whichAcl, // e.g. CSSM_ACL_AUTHORIZATION_DECRYPT - CFArrayRef appArray, - bool requirePassphrase) -{ - OSStatus ortn; - CFArrayRef aclList = NULL; - - ortn = SecAccessCopySelectedACLList(accessRef, whichAcl, &aclList); - if(ortn) { - cssmPerror("SecAccessCopySelectedACLList", ortn); - return ortn; - } - - if(CFArrayGetCount(aclList) != 1) { - printf("StickyRecord::updateAcl - unexpected ACL list count (%d)", - (int)CFArrayGetCount(aclList)); - return internalComponentErr; - } - SecACLRef acl = (SecACLRef)CFArrayGetValueAtIndex(aclList, 0); - - CFArrayRef applicationList = NULL; - CFStringRef description = NULL; - CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR promptSelector = {}; - ortn = SecACLCopySimpleContents(acl, &applicationList, &description, &promptSelector); - if(ortn) { - cssmPerror("SecACLCopySimpleContents", ortn); - return ortn; - } - if(applicationList != NULL) { - CFRelease(applicationList); - } - if(requirePassphrase) { - promptSelector.flags |= CSSM_ACL_KEYCHAIN_PROMPT_REQUIRE_PASSPHRASE; - } - else { - promptSelector.flags &= ~CSSM_ACL_KEYCHAIN_PROMPT_REQUIRE_PASSPHRASE; - } - /* update */ - ortn = SecACLSetSimpleContents(acl, appArray, description, &promptSelector); - - /* we got this from SecACLCopySimpleContents - release it regardless */ - if(description != NULL) { - CFRelease(description); - } - if(ortn) { - cssmPerror("SecACLSetSimpleContents", ortn); - } - if(aclList != NULL) { - CFRelease(aclList); - } - return ortn; -} - -OSStatus stickyRecordUpdateAcl( - SecAccessRef accessRef) -{ - OSStatus ortn; - - printf("...updating ACL to simulate a StickyRecord\n"); - - /* First: decrypt. Wide open (NULL app list), !REQUIRE_PASSPHRASE. */ - ortn = srUpdateAcl(accessRef, CSSM_ACL_AUTHORIZATION_DECRYPT, NULL, false); - if(ortn) { - return ortn; - } - - /* encrypt: always ask (empty app list, require passphrase */ - CFArrayRef nullArray = CFArrayCreate(NULL, NULL, 0, &kCFTypeArrayCallBacks); - return srUpdateAcl(accessRef, CSSM_ACL_AUTHORIZATION_ENCRYPT, nullArray, true); - -} diff --git a/SecurityTests/cspxutils/acltool/aclUtils.h b/SecurityTests/cspxutils/acltool/aclUtils.h deleted file mode 100644 index ef0970e7..00000000 --- a/SecurityTests/cspxutils/acltool/aclUtils.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 2004-2005 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/* - * aclUtils.h - ACL utility functions, copied from the SecurityTool project. - */ - -#ifndef _ACL_UTILS_H_ -#define _ACL_UTILS_H_ - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -char *readline(char *buffer, int buffer_size); -void print_buffer_hex(FILE *stream, UInt32 length, const void *data); -void print_buffer_ascii(FILE *stream, UInt32 length, const void *data); -void print_buffer(FILE *stream, UInt32 length, const void *data); -void print_cfdata(FILE *stream, CFDataRef data); -void print_cfstring(FILE *stream, CFStringRef string); -int print_access(FILE *stream, SecAccessRef access, Boolean interactive); - -OSStatus stickyRecordUpdateAcl( - SecAccessRef accessRef); - -#ifdef __cplusplus -} -#endif - -#endif /* _ACL_UTILS_H_ */ - diff --git a/SecurityTests/cspxutils/acltool/acltool.cpp b/SecurityTests/cspxutils/acltool/acltool.cpp deleted file mode 100644 index 9c6a5d69..00000000 --- a/SecurityTests/cspxutils/acltool/acltool.cpp +++ /dev/null @@ -1,327 +0,0 @@ -/* - * acltool.cpp - display and manipluate ACLs on SecKeychainItems - */ - -#include -#include -#include -#include -#include -#include "aclUtils.h" - -static void usage(char **argv) -{ - printf("usage: %s op [options]\n", argv[0]); - printf("op:\n"); - printf(" d -- display ACL\n"); - printf(" a -- add ACL\n"); - printf(" l -- lookup, dump label; no ACL operation\n"); - printf(" m -- modify data (only allowed for password items; must specify -p)\n"); - printf("Options:\n"); - printf(" -k keychain\n"); - printf(" -t itemType : k=privateKey, b=publicKey s=sessionKey, p=password; default is sessionKey\n"); - printf(" -l label_or_printName\n"); - printf(" -p new_password_data\n"); - printf(" -d -- dump data\n"); - printf(" -e -- edit ACL entries\n"); - printf(" -s -- simulate StickyRecord ACL\n"); - /* etc. */ - exit(1); -} - - -/* print an item's label and (optionally) its data */ -static OSStatus printItemLabelAndData( - SecKeychainItemRef itemRef, - SecItemAttr labelAttr, - bool dumpData) -{ - SecKeychainAttributeList attrList; - SecKeychainAttribute attr; - UInt32 length = 0; - void *outData = NULL; - - attr.tag = labelAttr; - attr.length = 0; - attr.data = NULL; - attrList.count = 1; - attrList.attr = &attr; - - OSStatus ortn = SecKeychainItemCopyContent(itemRef, - NULL, // itemClass - we know - &attrList, // for label - dumpData ? &length : 0, - dumpData ? &outData : NULL); - if(ortn) { - cssmPerror("SecKeychainItemCopyContent", ortn); - printf("***Error fetching label %s\n", dumpData ? "and data" : ""); - return ortn; - } - - if(attr.data == NULL) { - printf("**No label attribute found\n"); - } - else { - printf("Label: "); - print_buffer(stdout, attr.length, attr.data); - printf("\n"); - } - if(dumpData) { - if(outData == NULL) { - printf("***Asked for data but none found\n"); - } - else { - printf("Data : "); - print_buffer(stdout, length, outData); - printf("\n"); - } - } - SecKeychainItemFreeContent(&attrList, outData); - return noErr; -} - -/* - * Lookup by itemClass and optional label. Then do one or more of: - * - * -- dump label (always done) - * -- dump ACLs - * -- edit acl - * -- dump data - * -- set (modify) data - */ -static OSStatus dumpAcls( - SecKeychainRef kcRef, - - /* item specification */ - SecItemClass itemClass, - SecItemAttr labelAttr, // to look up by label if specified - const char *label, - - /* what we do with the item(s) found */ - bool dumpData, - bool dumpAcl, - bool editAcl, - bool simulateStickyRecord, - const unsigned char *newData, // if non-NULL, set/modify new data - unsigned newDataLen) -{ - OSStatus ortn; - SecKeychainSearchRef srchRef; - SecKeychainAttributeList attrList; - SecKeychainAttributeList *attrListP = NULL; - SecKeychainAttribute attr; - unsigned numFound = 0; - - /* searching by label, or blindly? */ - if(label) { - attr.tag = labelAttr; - attr.length = strlen(label); - attr.data = (void *)label; - attrList.count = 1; - attrList.attr = &attr; - attrListP = &attrList; - } - ortn = SecKeychainSearchCreateFromAttributes(kcRef, - itemClass, - attrListP, - &srchRef); - if(ortn) { - cssmPerror("SecKeychainSearchCreateFromAttributes", ortn); - return ortn; - } - for(;;) { - SecKeychainItemRef itemRef; - ortn = SecKeychainSearchCopyNext(srchRef, &itemRef); - if(ortn) { - if(ortn == errSecItemNotFound) { - /* normal search end */ - ortn = noErr; - } - else { - cssmPerror("SecKeychainSearchCopyNext", ortn); - } - break; - } - - printf("Item %u:\n", numFound++); - printItemLabelAndData(itemRef, labelAttr, dumpData); - - if(newData) { - ortn = SecKeychainItemModifyAttributesAndData(itemRef, - NULL, // attrList - we don't change any attrs - newDataLen, - newData); - if(ortn) { - cssmPerror("SecKeychainItemModifyAttributesAndData", ortn); - printf("***Cannot modify data of this item***\n"); - goto endOfLoop; - } - } - if(dumpAcl) { - SecAccessRef accessRef = nil; - ortn = SecKeychainItemCopyAccess(itemRef, &accessRef); - if(ortn) { - cssmPerror("SecKeychainItemCopyAccess", ortn); - printf("***No SecAccessRef found***\n"); - goto endOfLoop; - } - print_access(stdout, accessRef, editAcl); - if(simulateStickyRecord) { - ortn = stickyRecordUpdateAcl(accessRef); - if(ortn) { - goto endOfLoop; - } - } - if(editAcl || simulateStickyRecord) { - ortn = SecKeychainItemSetAccess(itemRef, accessRef); - if(ortn) { - cssmPerror("SecKeychainItemSetAccess", ortn); - } - } - } -endOfLoop: - CFRelease(itemRef); - if(ortn) { - break; - } - } - CFRelease(srchRef); - printf("...%u items found\n", numFound); - return ortn; -} - -typedef enum { - AO_Dump, - AO_Add, - AO_Lookup, - AO_ModifyPassword -} AclOp; - -int main(int argc, char **argv) -{ - /* user spec'd variables */ - const char *kcName = NULL; - const char *labelOrName = NULL; // attribute type varies per - AclOp op = AO_Dump; - SecItemClass itemClass = CSSM_DL_DB_RECORD_SYMMETRIC_KEY; - /* FIXME why does this work like this for keys? doc says kSecKeyPrintName but that doesn't work */ - SecItemAttr labelAttr = kSecLabelItemAttr; - bool dumpData = false; - bool editAcl = false; - bool dumpAcl = true; - bool simulateStickyRecord = false; - const char *newPassword = NULL; - unsigned newPasswordLen = 0; - - SecKeychainRef kcRef = nil; - OSStatus ortn; - - if(argc < 2) { - usage(argv); - } - switch(argv[1][0]) { - case 'd': - op = AO_Dump; - break; - case 'a': - op = AO_Add; - break; - case 'l': - op = AO_Lookup; - dumpAcl = false; - break; - case 'm': - op = AO_ModifyPassword; - dumpAcl = false; - break; - default: - usage(argv); - } - - extern char *optarg; - int arg; - extern int optind; - optind = 2; - while ((arg = getopt(argc, argv, "k:t:l:dep:sh")) != -1) { - switch (arg) { - case 'k': - kcName = optarg; - break; - case 't': - switch(optarg[0]) { - case 'k': - itemClass = CSSM_DL_DB_RECORD_PRIVATE_KEY; - break; - case 's': - itemClass = CSSM_DL_DB_RECORD_SYMMETRIC_KEY; - break; - case 'b': - itemClass = CSSM_DL_DB_RECORD_PUBLIC_KEY; - break; - case 'p': - itemClass = kSecGenericPasswordItemClass; - labelAttr = kSecLabelItemAttr; - break; - default: - usage(argv); - } - break; - case 'l': - labelOrName = optarg; - break; - case 'd': - dumpData = true; - break; - case 'e': - editAcl = true; - break; - case 'p': - newPassword = optarg; - newPasswordLen = strlen(newPassword); - break; - case 's': - simulateStickyRecord = true; - break; - case 'h': - usage(argv); - } - } - if(optind != argc) { - usage(argv); - } - if(op == AO_ModifyPassword) { - if(itemClass != kSecGenericPasswordItemClass) { - printf("***You can only modify data on a password item.\n"); - exit(1); - } - if(newPassword == NULL) { - printf("***You must supply new password data for this operation.\n"); - exit(1); - } - } - if(kcName) { - ortn = SecKeychainOpen(kcName, &kcRef); - if(ortn) { - cssmPerror("SecKeychainOpen", ortn); - printf("***Error opening keychain %s. Aborting.\n", kcName); - exit(1); - } - } - - switch(op) { - case AO_Dump: - case AO_Lookup: - case AO_ModifyPassword: - ortn = dumpAcls(kcRef, itemClass, labelAttr, labelOrName, dumpData, dumpAcl, editAcl, - simulateStickyRecord, (unsigned char *)newPassword, newPasswordLen); - break; - case AO_Add: - printf("Add ACL op to be implemented real soon now\n"); - ortn = -1; - break; - } - if(kcRef) { - CFRelease(kcRef); - } - return (int)ortn; -} diff --git a/SecurityTests/cspxutils/aesVect/Makefile b/SecurityTests/cspxutils/aesVect/Makefile deleted file mode 100644 index 0b310023..00000000 --- a/SecurityTests/cspxutils/aesVect/Makefile +++ /dev/null @@ -1,57 +0,0 @@ -# name of executable to build -EXECUTABLE= aesVect -# C++ source (with .cpp extension) -CPSOURCE= -# C source (.c extension) -#CSOURCE= aesVect.c _rijndael-alg-ref.c _rijndaelApi.c enDecryptRef.c enDecryptTest.c \ -# enDecryptCsp.c rijndael.c -CSOURCE= aesVect.c enDecryptRef.c enDecryptTest.c enDecryptCsp.c rijndael.c - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -#PROJ_CFLAGS= -F/System/Library/PrivateFrameworks -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/aesVect/aesVect.c b/SecurityTests/cspxutils/aesVect/aesVect.c deleted file mode 100644 index 53933ebc..00000000 --- a/SecurityTests/cspxutils/aesVect/aesVect.c +++ /dev/null @@ -1,179 +0,0 @@ -/* - * aesVect.c - generate NIST-compatible test vectors for various AES implementations. - * - * Written by Doug Mitchell. - */ - -#include -#include -#include -#include "enDecrypt.h" -#include "rijndael-alg-ref.h" -#include - -static void usage(char **argv) -{ - printf("usage: %s r|t|c vectorStyle [options]\n", argv[0]); - printf("r=reference t=testImple c=CSP\n"); - printf("vectorStyle:\n"); - printf(" k Variable key KAT\n"); - printf(" p Variable plaintext KAT\n"); - printf("options:\n"); - printf(" k=keySizeInBits (default = 128)\n"); - printf(" i=max value of i (default = max per context)\n"); - printf(" h(elp)\n"); - exit(1); -} - -static void setBit( - unsigned char *val, - unsigned valBytes, - unsigned i) -{ - unsigned whichByte; - unsigned whichBit; - - i--; - whichByte = i / 8; - whichBit = 7 - (i % 8); - memset(val, 0, valBytes); - val[whichByte] = 1 << whichBit; -} - -static void printBigNum( - const char *name, - unsigned char *val, - unsigned valBytes) -{ - unsigned i; - printf("%s=", name); - for(i=0; i -#include - -/* - * encrypt/decrypt using test implementation. - */ -CSSM_RETURN encryptDecryptTest( - CSSM_BOOL forEncrypt, - uint32 keyBits, - uint32 blockSizeInBits, - const uint8 *key, // raw key bytes - const uint8 *inText, - uint32 inTextLen, // in bytes - uint8 *outText); - -/* - * encrypt/decrypt using reference AES. - */ -CSSM_RETURN encryptDecryptRef( - CSSM_BOOL forEncrypt, - uint32 keyBits, - uint32 blockSizeInBits, - const uint8 *key, // raw key bytes - const uint8 *inText, - uint32 inTextLen, // in bytes - uint8 *outText); - -/* - * encrypt/decrypt using CSP. - */ -CSSM_RETURN encryptDecryptCsp( - CSSM_BOOL forEncrypt, - uint32 keyBits, - uint32 blockSizeInBits, - const uint8 *key, // raw key bytes - const uint8 *inText, - uint32 inTextLen, // in bytes - uint8 *outText); - -typedef CSSM_RETURN (*encrDecrFcn) ( - CSSM_BOOL forEncrypt, - uint32 keyBits, - uint32 blockSizeInBits, - const uint8 *key, // raw key bytes - const uint8 *inText, - uint32 inTextLen, // in bytes - uint8 *outText); diff --git a/SecurityTests/cspxutils/aesVect/enDecryptCsp.c b/SecurityTests/cspxutils/aesVect/enDecryptCsp.c deleted file mode 100644 index 5f44a6f9..00000000 --- a/SecurityTests/cspxutils/aesVect/enDecryptCsp.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * encrypt/decrypt using CSP implementation of AES. - */ -#include "enDecrypt.h" -#include -#include "cspwrap.h" -#include "common.h" -#include - -static CSSM_CSP_HANDLE cspHand = 0; - -CSSM_RETURN encryptDecryptCsp( - CSSM_BOOL forEncrypt, - uint32 keySizeInBits, - uint32 blockSizeInBits, - const uint8 *key, // raw key bytes - const uint8 *inText, - uint32 inTextLen, - uint8 *outText) -{ - CSSM_KEY_PTR symKey; // mallocd by cspGenSymKey or a ptr - // to refKey - CSSM_RETURN crtn; - CSSM_DATA inData; - CSSM_DATA outData; - - if(cspHand == 0) { - /* attach first time thru */ - cspHand = cspDlDbStartup(CSSM_TRUE, NULL); - if(cspHand == 0) { - return CSSMERR_CSSM_MODULE_NOT_LOADED; - } - } - - /* cook up a raw symmetric key */ - symKey = cspGenSymKey(cspHand, - CSSM_ALGID_AES, - "noLabel", - 8, - CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, - keySizeInBits, - CSSM_FALSE); // ref key - if(symKey == NULL) { - return CSSM_ERRCODE_INTERNAL_ERROR; - } - memmove(symKey->KeyData.Data, key, keySizeInBits / 8); - - inData.Data = (uint8 *)inText; - inData.Length = inTextLen; - outData.Data = outText; - outData.Length = inTextLen; - - if(forEncrypt) { - crtn = cspEncrypt(cspHand, - CSSM_ALGID_AES, - CSSM_ALGMODE_ECB, - CSSM_PADDING_NONE, - symKey, - NULL, // no second key - 0, // effectiveKeyBits - 0, // rounds - NULL, // iv - &inData, - &outData, - CSSM_FALSE); // mallocCtext - } - else { - crtn = cspDecrypt(cspHand, - CSSM_ALGID_AES, - CSSM_ALGMODE_ECB, - CSSM_PADDING_NONE, - symKey, - NULL, // no second key - 0, // effectiveKeyBits - 0, // rounds - NULL, // iv - &inData, - &outData, - CSSM_FALSE); // mallocPtext - } - cspFreeKey(cspHand, symKey); - return crtn; - -} diff --git a/SecurityTests/cspxutils/aesVect/enDecryptRef.c b/SecurityTests/cspxutils/aesVect/enDecryptRef.c deleted file mode 100644 index 5f91b127..00000000 --- a/SecurityTests/cspxutils/aesVect/enDecryptRef.c +++ /dev/null @@ -1,56 +0,0 @@ -#include "enDecrypt.h" -#include "rijndaelApi.h" /* reference */ - -/* - * encrypt/decrypt using reference AES. - */ -CSSM_RETURN encryptDecryptRef( - CSSM_BOOL forEncrypt, - uint32 keySizeInBits, - uint32 blockSizeInBits, - const uint8 *key, // raw key bytes - const uint8 *inText, - uint32 inTextLen, - uint8 *outText) -{ - keyInstance aesKey; - cipherInstance aesCipher; - int artn; - - artn = _makeKey(&aesKey, - forEncrypt ? DIR_ENCRYPT : DIR_DECRYPT, - keySizeInBits, - blockSizeInBits, - (BYTE *)key); - if(artn <= 0) { - printf("***AES makeKey returned %d\n", artn); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - artn = _cipherInit(&aesCipher, - MODE_ECB, - blockSizeInBits, - NULL); - if(artn <= 0) { - printf("***AES cipherInit returned %d\n", artn); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - if(forEncrypt) { - artn = _blockEncrypt(&aesCipher, - &aesKey, - (BYTE *)inText, - inTextLen * 8, - (BYTE *)outText); - } - else { - artn = _blockDecrypt(&aesCipher, - &aesKey, - (BYTE *)inText, - inTextLen * 8, - (BYTE *)outText); - } - if(artn <= 0) { - printf("***AES Reference encrypt/decrypt returned %d\n", artn); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - return CSSM_OK; -} diff --git a/SecurityTests/cspxutils/aesVect/enDecryptTest.c b/SecurityTests/cspxutils/aesVect/enDecryptTest.c deleted file mode 100644 index ccbcd90d..00000000 --- a/SecurityTests/cspxutils/aesVect/enDecryptTest.c +++ /dev/null @@ -1,42 +0,0 @@ -#include "enDecrypt.h" -#include "std_defs.h" -#include -#include - -/* - * encrypt/decrypt using Gladman version of AES. - */ - -CSSM_RETURN encryptDecryptTest( - CSSM_BOOL forEncrypt, - uint32 keySizeInBits, - uint32 blockSizeInBits, - const uint8 *key, // raw key bytes - const uint8 *inText, - uint32 inTextLen, - uint8 *outText) -{ - u4byte aesKey[8]; - uint8 *inPtr = (uint8 *)inText; - uint8 *outPtr = outText; - uint32 blockSizeInBytes = blockSizeInBits / 8; - uint32 blocks = inTextLen / blockSizeInBytes; - - if(blockSizeInBits != 128) { - printf("***This AES implementation supports only 128 bit blocks.\n"); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - memmove(aesKey, key, keySizeInBits / 8); - set_key(aesKey, keySizeInBits); - for( ; blocks > 0; blocks--) { - if(forEncrypt) { - rEncrypt((u4byte *)inPtr, (u4byte *)outPtr); - } - else { - rDecrypt((u4byte *)inPtr, (u4byte *)outPtr); - } - inPtr += blockSizeInBytes; - outPtr += blockSizeInBytes; - } - return CSSM_OK; -} diff --git a/SecurityTests/cspxutils/aesVect/makeVectors b/SecurityTests/cspxutils/aesVect/makeVectors deleted file mode 100755 index cdb5ceb5..00000000 --- a/SecurityTests/cspxutils/aesVect/makeVectors +++ /dev/null @@ -1,31 +0,0 @@ -#! /bin/csh -f -# -# Create an AES vector text file, using aesVect, which will be compared against -# ecb_vk.txt or ecb_vt.txt. -# -# usage: makeVectors r|t vectorStyle headerFile outFile -# -if ( $#argv != 4 ) then - echo Usage: makeVectors r\|t vectorStyle headerFile outFile - exit(1) -endif -# -# start with header -# -set outFile=$argv[4] -set separator="==========" - -cat $argv[3] > $outFile -# -# run thru all three key sizes -# -aesVect $argv[1] $argv[2] k=128 >> $outFile -echo $separator >> $outFile -echo "" >> $outFile -aesVect $argv[1] $argv[2] k=192 >> $outFile -echo $separator >> $outFile -echo "" >> $outFile -aesVect $argv[1] $argv[2] k=256 >> $outFile -echo $separator >> $outFile - - diff --git a/SecurityTests/cspxutils/aesVect/rijndael.c b/SecurityTests/cspxutils/aesVect/rijndael.c deleted file mode 100644 index f953beda..00000000 --- a/SecurityTests/cspxutils/aesVect/rijndael.c +++ /dev/null @@ -1,427 +0,0 @@ - - - -/* This is an independent implementation of the encryption algorithm: */ -/* */ -/* RIJNDAEL by Joan Daemen and Vincent Rijmen */ -/* */ -/* which is a candidate algorithm in the Advanced Encryption Standard */ -/* programme of the US National Institute of Standards and Technology. */ -/* */ -/* Copyright in this implementation is held by Dr B R Gladman but I */ -/* hereby give permission for its free direct or derivative use subject */ -/* to acknowledgment of its origin and compliance with any conditions */ -/* that the originators of the algorithm place on its exploitation. */ -/* */ -/* Dr Brian Gladman (gladman@seven77.demon.co.uk) 14th January 1999 */ - -/* Timing data for Rijndael (rijndael.c) - -Algorithm: rijndael (rijndael.c) - -128 bit key: -Key Setup: 305/1389 cycles (encrypt/decrypt) -Encrypt: 374 cycles = 68.4 mbits/sec -Decrypt: 352 cycles = 72.7 mbits/sec -Mean: 363 cycles = 70.5 mbits/sec - -192 bit key: -Key Setup: 277/1595 cycles (encrypt/decrypt) -Encrypt: 439 cycles = 58.3 mbits/sec -Decrypt: 425 cycles = 60.2 mbits/sec -Mean: 432 cycles = 59.3 mbits/sec - -256 bit key: -Key Setup: 374/1960 cycles (encrypt/decrypt) -Encrypt: 502 cycles = 51.0 mbits/sec -Decrypt: 498 cycles = 51.4 mbits/sec -Mean: 500 cycles = 51.2 mbits/sec - -*/ - -#include "std_defs.h" - -/* enable of block/word/byte swapping macros */ -#define USE_SWAP_MACROS 1 - -static char *alg_name[] = { (char *)"rijndael", (char *)"rijndael.c", (char *)"rijndael" }; - -char **cipher_name() -{ - return alg_name; -} - -#define LARGE_TABLES - -u1byte pow_tab[256]; -u1byte log_tab[256]; -u1byte sbx_tab[256]; -u1byte isb_tab[256]; -u4byte rco_tab[ 10]; -u4byte ft_tab[4][256]; -u4byte it_tab[4][256]; - -#ifdef LARGE_TABLES - u4byte fl_tab[4][256]; - u4byte il_tab[4][256]; -#endif - -u4byte tab_gen = 0; - -u4byte k_len; -u4byte e_key[64]; -u4byte d_key[64]; - -#define ff_mult(a,b) (a && b ? pow_tab[(log_tab[a] + log_tab[b]) % 255] : 0) - -#define f_rn(bo, bi, n, k) \ - bo[n] = ft_tab[0][byte(bi[n],0)] ^ \ - ft_tab[1][byte(bi[(n + 1) & 3],1)] ^ \ - ft_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ - ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n) - -#define i_rn(bo, bi, n, k) \ - bo[n] = it_tab[0][byte(bi[n],0)] ^ \ - it_tab[1][byte(bi[(n + 3) & 3],1)] ^ \ - it_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ - it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n) - -#ifdef LARGE_TABLES - -#define ls_box(x) \ - ( fl_tab[0][byte(x, 0)] ^ \ - fl_tab[1][byte(x, 1)] ^ \ - fl_tab[2][byte(x, 2)] ^ \ - fl_tab[3][byte(x, 3)] ) - -#define f_rl(bo, bi, n, k) \ - bo[n] = fl_tab[0][byte(bi[n],0)] ^ \ - fl_tab[1][byte(bi[(n + 1) & 3],1)] ^ \ - fl_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ - fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n) - -#define i_rl(bo, bi, n, k) \ - bo[n] = il_tab[0][byte(bi[n],0)] ^ \ - il_tab[1][byte(bi[(n + 3) & 3],1)] ^ \ - il_tab[2][byte(bi[(n + 2) & 3],2)] ^ \ - il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n) - -#else - -#define ls_box(x) \ - ((u4byte)sbx_tab[byte(x, 0)] << 0) ^ \ - ((u4byte)sbx_tab[byte(x, 1)] << 8) ^ \ - ((u4byte)sbx_tab[byte(x, 2)] << 16) ^ \ - ((u4byte)sbx_tab[byte(x, 3)] << 24) - -#define f_rl(bo, bi, n, k) \ - bo[n] = (u4byte)sbx_tab[byte(bi[n],0)] ^ \ - rotl(((u4byte)sbx_tab[byte(bi[(n + 1) & 3],1)]), 8) ^ \ - rotl(((u4byte)sbx_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \ - rotl(((u4byte)sbx_tab[byte(bi[(n + 3) & 3],3)]), 24) ^ *(k + n) - -#define i_rl(bo, bi, n, k) \ - bo[n] = (u4byte)isb_tab[byte(bi[n],0)] ^ \ - rotl(((u4byte)isb_tab[byte(bi[(n + 3) & 3],1)]), 8) ^ \ - rotl(((u4byte)isb_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \ - rotl(((u4byte)isb_tab[byte(bi[(n + 1) & 3],3)]), 24) ^ *(k + n) - -#endif - -void gen_tabs(void) -{ u4byte i, t; - u1byte p, q; - - /* log and power tables for GF(2**8) finite field with */ - /* 0x11b as modular polynomial - the simplest prmitive */ - /* root is 0x11, used here to generate the tables */ - - for(i = 0,p = 1; i < 256; ++i) - { - pow_tab[i] = (u1byte)p; log_tab[p] = (u1byte)i; - - p = p ^ (p << 1) ^ (p & 0x80 ? 0x01b : 0); - } - - log_tab[1] = 0; p = 1; - - for(i = 0; i < 10; ++i) - { - rco_tab[i] = p; - - p = (p << 1) ^ (p & 0x80 ? 0x1b : 0); - } - - /* note that the affine byte transformation matrix in */ - /* rijndael specification is in big endian format with */ - /* bit 0 as the most significant bit. In the remainder */ - /* of the specification the bits are numbered from the */ - /* least significant end of a byte. */ - - for(i = 0; i < 256; ++i) - { - p = (i ? pow_tab[255 - log_tab[i]] : 0); q = p; - q = (q >> 7) | (q << 1); p ^= q; - q = (q >> 7) | (q << 1); p ^= q; - q = (q >> 7) | (q << 1); p ^= q; - q = (q >> 7) | (q << 1); p ^= q ^ 0x63; - sbx_tab[i] = (u1byte)p; isb_tab[p] = (u1byte)i; - } - - for(i = 0; i < 256; ++i) - { - p = sbx_tab[i]; - -#ifdef LARGE_TABLES - - t = p; fl_tab[0][i] = t; - fl_tab[1][i] = rotl(t, 8); - fl_tab[2][i] = rotl(t, 16); - fl_tab[3][i] = rotl(t, 24); -#endif - t = ((u4byte)ff_mult(2, p)) | - ((u4byte)p << 8) | - ((u4byte)p << 16) | - ((u4byte)ff_mult(3, p) << 24); - - ft_tab[0][i] = t; - ft_tab[1][i] = rotl(t, 8); - ft_tab[2][i] = rotl(t, 16); - ft_tab[3][i] = rotl(t, 24); - - p = isb_tab[i]; - -#ifdef LARGE_TABLES - - t = p; il_tab[0][i] = t; - il_tab[1][i] = rotl(t, 8); - il_tab[2][i] = rotl(t, 16); - il_tab[3][i] = rotl(t, 24); -#endif - t = ((u4byte)ff_mult(14, p)) | - ((u4byte)ff_mult( 9, p) << 8) | - ((u4byte)ff_mult(13, p) << 16) | - ((u4byte)ff_mult(11, p) << 24); - - it_tab[0][i] = t; - it_tab[1][i] = rotl(t, 8); - it_tab[2][i] = rotl(t, 16); - it_tab[3][i] = rotl(t, 24); - } - - tab_gen = 1; -}; - -#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b) - -#define imix_col(y,x) \ - u = star_x(x); \ - v = star_x(u); \ - w = star_x(v); \ - t = w ^ (x); \ - (y) = u ^ v ^ w; \ - (y) ^= rotr(u ^ t, 8) ^ \ - rotr(v ^ t, 16) ^ \ - rotr(t,24) - -/* initialise the key schedule from the user supplied key */ - -#define loop4(i) \ -{ t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \ - t ^= e_key[4 * i]; e_key[4 * i + 4] = t; \ - t ^= e_key[4 * i + 1]; e_key[4 * i + 5] = t; \ - t ^= e_key[4 * i + 2]; e_key[4 * i + 6] = t; \ - t ^= e_key[4 * i + 3]; e_key[4 * i + 7] = t; \ -} - -#define loop6(i) \ -{ t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \ - t ^= e_key[6 * i]; e_key[6 * i + 6] = t; \ - t ^= e_key[6 * i + 1]; e_key[6 * i + 7] = t; \ - t ^= e_key[6 * i + 2]; e_key[6 * i + 8] = t; \ - t ^= e_key[6 * i + 3]; e_key[6 * i + 9] = t; \ - t ^= e_key[6 * i + 4]; e_key[6 * i + 10] = t; \ - t ^= e_key[6 * i + 5]; e_key[6 * i + 11] = t; \ -} - -#define loop8(i) \ -{ t = ls_box(rotr(t, 8)) ^ rco_tab[i]; \ - t ^= e_key[8 * i]; e_key[8 * i + 8] = t; \ - t ^= e_key[8 * i + 1]; e_key[8 * i + 9] = t; \ - t ^= e_key[8 * i + 2]; e_key[8 * i + 10] = t; \ - t ^= e_key[8 * i + 3]; e_key[8 * i + 11] = t; \ - t = e_key[8 * i + 4] ^ ls_box(t); \ - e_key[8 * i + 12] = t; \ - t ^= e_key[8 * i + 5]; e_key[8 * i + 13] = t; \ - t ^= e_key[8 * i + 6]; e_key[8 * i + 14] = t; \ - t ^= e_key[8 * i + 7]; e_key[8 * i + 15] = t; \ -} - -u4byte *set_key(const u4byte in_key[], const u4byte key_len) -{ u4byte i, t, u, v, w; - - if(!tab_gen) - - gen_tabs(); - - k_len = (key_len + 31) / 32; - - #if USE_SWAP_MACROS - get_key(e_key, key_len); - #else - e_key[0] = in_key[0]; e_key[1] = in_key[1]; - e_key[2] = in_key[2]; e_key[3] = in_key[3]; - #endif - - switch(k_len) - { - case 4: t = e_key[3]; - for(i = 0; i < 10; ++i) - loop4(i); - break; - - case 6: - #if USE_SWAP_MACROS - t = e_key[5]; - #else - /* done in get_key macros in USE_SWAP_MACROS case */ - e_key[4] = in_key[4]; t = e_key[5] = in_key[5]; - #endif - for(i = 0; i < 8; ++i) - loop6(i); - break; - - case 8: - #if USE_SWAP_MACROS - t = e_key[7]; - #else - e_key[4] = in_key[4]; e_key[5] = in_key[5]; - e_key[6] = in_key[6]; t = e_key[7] = in_key[7]; - #endif - for(i = 0; i < 7; ++i) - loop8(i); - break; - } - - d_key[0] = e_key[0]; d_key[1] = e_key[1]; - d_key[2] = e_key[2]; d_key[3] = e_key[3]; - - for(i = 4; i < 4 * k_len + 24; ++i) - { - imix_col(d_key[i], e_key[i]); - } - - return e_key; -}; - -/* encrypt a block of text */ - -#define f_nround(bo, bi, k) \ - f_rn(bo, bi, 0, k); \ - f_rn(bo, bi, 1, k); \ - f_rn(bo, bi, 2, k); \ - f_rn(bo, bi, 3, k); \ - k += 4 - -#define f_lround(bo, bi, k) \ - f_rl(bo, bi, 0, k); \ - f_rl(bo, bi, 1, k); \ - f_rl(bo, bi, 2, k); \ - f_rl(bo, bi, 3, k) - -void rEncrypt(const u4byte in_blk[4], u4byte out_blk[4]) -{ u4byte b0[4], b1[4], *kp; - - #if USE_SWAP_MACROS - u4byte swap_block[4]; - get_block(swap_block); - b0[0] = swap_block[0] ^ e_key[0]; b0[1] = swap_block[1] ^ e_key[1]; - b0[2] = swap_block[2] ^ e_key[2]; b0[3] = swap_block[3] ^ e_key[3]; - #else - b0[0] = in_blk[0] ^ e_key[0]; b0[1] = in_blk[1] ^ e_key[1]; - b0[2] = in_blk[2] ^ e_key[2]; b0[3] = in_blk[3] ^ e_key[3]; - #endif - - kp = e_key + 4; - - if(k_len > 6) - { - f_nround(b1, b0, kp); f_nround(b0, b1, kp); - } - - if(k_len > 4) - { - f_nround(b1, b0, kp); f_nround(b0, b1, kp); - } - - f_nround(b1, b0, kp); f_nround(b0, b1, kp); - f_nround(b1, b0, kp); f_nround(b0, b1, kp); - f_nround(b1, b0, kp); f_nround(b0, b1, kp); - f_nround(b1, b0, kp); f_nround(b0, b1, kp); - f_nround(b1, b0, kp); f_lround(b0, b1, kp); - - #if USE_SWAP_MACROS - put_block(b0); - #else - out_blk[0] = b0[0]; out_blk[1] = b0[1]; - out_blk[2] = b0[2]; out_blk[3] = b0[3]; - #endif -}; - -/* decrypt a block of text */ - -#define i_nround(bo, bi, k) \ - i_rn(bo, bi, 0, k); \ - i_rn(bo, bi, 1, k); \ - i_rn(bo, bi, 2, k); \ - i_rn(bo, bi, 3, k); \ - k -= 4 - -#define i_lround(bo, bi, k) \ - i_rl(bo, bi, 0, k); \ - i_rl(bo, bi, 1, k); \ - i_rl(bo, bi, 2, k); \ - i_rl(bo, bi, 3, k) - -void rDecrypt(const u4byte in_blk[4], u4byte out_blk[4]) -{ u4byte b0[4], b1[4], *kp; - - #if USE_SWAP_MACROS - u4byte swap_block[4]; - get_block(swap_block); - b0[0] = swap_block[0] ^ e_key[4 * k_len + 24]; - b0[1] = swap_block[1] ^ e_key[4 * k_len + 25]; - b0[2] = swap_block[2] ^ e_key[4 * k_len + 26]; - b0[3] = swap_block[3] ^ e_key[4 * k_len + 27]; - #else - b0[0] = in_blk[0] ^ e_key[4 * k_len + 24]; - b0[1] = in_blk[1] ^ e_key[4 * k_len + 25]; - b0[2] = in_blk[2] ^ e_key[4 * k_len + 26]; - b0[3] = in_blk[3] ^ e_key[4 * k_len + 27]; - #endif - - kp = d_key + 4 * (k_len + 5); - - if(k_len > 6) - { - i_nround(b1, b0, kp); i_nround(b0, b1, kp); - } - - if(k_len > 4) - { - i_nround(b1, b0, kp); i_nround(b0, b1, kp); - } - - i_nround(b1, b0, kp); i_nround(b0, b1, kp); - i_nround(b1, b0, kp); i_nround(b0, b1, kp); - i_nround(b1, b0, kp); i_nround(b0, b1, kp); - i_nround(b1, b0, kp); i_nround(b0, b1, kp); - i_nround(b1, b0, kp); i_lround(b0, b1, kp); - - #if USE_SWAP_MACROS - put_block(b0); - #else - out_blk[0] = b0[0]; out_blk[1] = b0[1]; - out_blk[2] = b0[2]; out_blk[3] = b0[3]; - #endif -}; diff --git a/SecurityTests/cspxutils/aesVect/std_defs.h b/SecurityTests/cspxutils/aesVect/std_defs.h deleted file mode 100644 index 9b7965d2..00000000 --- a/SecurityTests/cspxutils/aesVect/std_defs.h +++ /dev/null @@ -1,151 +0,0 @@ - - - -/* 1. Standard types for AES cryptography source code */ - -typedef unsigned char u1byte; /* an 8 bit unsigned character type */ -typedef unsigned short u2byte; /* a 16 bit unsigned integer type */ -typedef unsigned long u4byte; /* a 32 bit unsigned integer type */ - -typedef signed char s1byte; /* an 8 bit signed character type */ -typedef signed short s2byte; /* a 16 bit signed integer type */ -typedef signed long s4byte; /* a 32 bit signed integer type */ - -/* 2. Standard interface for AES cryptographic routines */ - -/* These are all based on 32 bit unsigned values and will therefore */ -/* require endian conversions for big-endian architectures */ - -#ifdef __cplusplus - extern "C" - { -#endif - - char **cipher_name(void); - u4byte *set_key(const u4byte in_key[], const u4byte key_len); - void rEncrypt(const u4byte in_blk[4], u4byte out_blk[4]); - void rDecrypt(const u4byte in_blk[4], u4byte out_blk[4]); - -#ifdef __cplusplus - }; -#endif - -/* 3. Basic macros for speeding up generic operations */ - -/* Circular rotate of 32 bit values */ - -#ifdef _MSC_VER - -# include -# pragma intrinsic(_lrotr,_lrotl) -# define rotr(x,n) _lrotr(x,n) -# define rotl(x,n) _lrotl(x,n) - -#else - -#define rotr(x,n) (((x) >> ((int)(n))) | ((x) << (32 - (int)(n)))) -#define rotl(x,n) (((x) << ((int)(n))) | ((x) >> (32 - (int)(n)))) - -#endif - -/* Invert byte order in a 32 bit variable */ - -#define bswap(x) ((rotl(x, 8) & 0x00ff00ff) | (rotr(x, 8) & 0xff00ff00)) - -/* Extract byte from a 32 bit quantity (little endian notation) */ - -#define byte(x,n) ((u1byte)((x) >> (8 * n))) - -/* For inverting byte order in input/output 32 bit words if needed */ -#ifdef __ppc__ -#define BYTE_SWAP -#endif - -#ifdef BLOCK_SWAP -#define BYTE_SWAP -#define WORD_SWAP -#endif - -#ifdef BYTE_SWAP -#define io_swap(x) bswap(x) -#else -#define io_swap(x) (x) -#endif - -/* For inverting the byte order of input/output blocks if needed */ - -#ifdef WORD_SWAP - -#define get_block(x) \ - ((u4byte*)(x))[0] = io_swap(in_blk[3]); \ - ((u4byte*)(x))[1] = io_swap(in_blk[2]); \ - ((u4byte*)(x))[2] = io_swap(in_blk[1]); \ - ((u4byte*)(x))[3] = io_swap(in_blk[0]) - -#define put_block(x) \ - out_blk[3] = io_swap(((u4byte*)(x))[0]); \ - out_blk[2] = io_swap(((u4byte*)(x))[1]); \ - out_blk[1] = io_swap(((u4byte*)(x))[2]); \ - out_blk[0] = io_swap(((u4byte*)(x))[3]) - -#define get_key(x,len) \ - ((u4byte*)(x))[4] = ((u4byte*)(x))[5] = \ - ((u4byte*)(x))[6] = ((u4byte*)(x))[7] = 0; \ - switch((((len) + 63) / 64)) { \ - case 2: \ - ((u4byte*)(x))[0] = io_swap(in_key[3]); \ - ((u4byte*)(x))[1] = io_swap(in_key[2]); \ - ((u4byte*)(x))[2] = io_swap(in_key[1]); \ - ((u4byte*)(x))[3] = io_swap(in_key[0]); \ - break; \ - case 3: \ - ((u4byte*)(x))[0] = io_swap(in_key[5]); \ - ((u4byte*)(x))[1] = io_swap(in_key[4]); \ - ((u4byte*)(x))[2] = io_swap(in_key[3]); \ - ((u4byte*)(x))[3] = io_swap(in_key[2]); \ - ((u4byte*)(x))[4] = io_swap(in_key[1]); \ - ((u4byte*)(x))[5] = io_swap(in_key[0]); \ - break; \ - case 4: \ - ((u4byte*)(x))[0] = io_swap(in_key[7]); \ - ((u4byte*)(x))[1] = io_swap(in_key[6]); \ - ((u4byte*)(x))[2] = io_swap(in_key[5]); \ - ((u4byte*)(x))[3] = io_swap(in_key[4]); \ - ((u4byte*)(x))[4] = io_swap(in_key[3]); \ - ((u4byte*)(x))[5] = io_swap(in_key[2]); \ - ((u4byte*)(x))[6] = io_swap(in_key[1]); \ - ((u4byte*)(x))[7] = io_swap(in_key[0]); \ - } - -#else - -#define get_block(x) \ - ((u4byte*)(x))[0] = io_swap(in_blk[0]); \ - ((u4byte*)(x))[1] = io_swap(in_blk[1]); \ - ((u4byte*)(x))[2] = io_swap(in_blk[2]); \ - ((u4byte*)(x))[3] = io_swap(in_blk[3]) - -#define put_block(x) \ - out_blk[0] = io_swap(((u4byte*)(x))[0]); \ - out_blk[1] = io_swap(((u4byte*)(x))[1]); \ - out_blk[2] = io_swap(((u4byte*)(x))[2]); \ - out_blk[3] = io_swap(((u4byte*)(x))[3]) - -#define get_key(x,len) \ - ((u4byte*)(x))[4] = ((u4byte*)(x))[5] = \ - ((u4byte*)(x))[6] = ((u4byte*)(x))[7] = 0; \ - switch((((len) + 63) / 64)) { \ - case 4: \ - ((u4byte*)(x))[6] = io_swap(in_key[6]); \ - ((u4byte*)(x))[7] = io_swap(in_key[7]); \ - case 3: \ - ((u4byte*)(x))[4] = io_swap(in_key[4]); \ - ((u4byte*)(x))[5] = io_swap(in_key[5]); \ - case 2: \ - ((u4byte*)(x))[0] = io_swap(in_key[0]); \ - ((u4byte*)(x))[1] = io_swap(in_key[1]); \ - ((u4byte*)(x))[2] = io_swap(in_key[2]); \ - ((u4byte*)(x))[3] = io_swap(in_key[3]); \ - } - -#endif diff --git a/SecurityTests/cspxutils/aesVect/testVectors b/SecurityTests/cspxutils/aesVect/testVectors deleted file mode 100755 index 03dc641e..00000000 --- a/SecurityTests/cspxutils/aesVect/testVectors +++ /dev/null @@ -1,27 +0,0 @@ -#! /bin/csh -f -# -# Generate AES test vectors for Known Asnwers Test, compare against NIST standards. -## -if ( $#argv != 1 ) then - echo Usage: testVectors r\|t\|c - exit(1) -endif -# -# header, known vectors, output file -# -set vk_hdr=ecb_vk.hdr -set vk_ref=ecb_vk.txt -set vk_out=/tmp/vk_out -# -set vt_hdr=ecb_vt.hdr -set vt_ref=ecb_vt.txt -set vt_out=/tmp/vt_out -# -echo Generating Variable Key Known Answer Test vectors in $vk_out.... -./makeVectors $argv[1] k $vk_hdr $vk_out || exit(1) -echo Generating Variable Text Known Answer Test vectors in $vt_out.... -./makeVectors $argv[1] p $vt_hdr $vt_out || exit(1) -echo Comparing against reference vectors.... -diff $vk_out $vk_ref || exit(1) -diff $vt_out $vt_ref || exit(1) -echo === Known Answer Test PASSED === diff --git a/SecurityTests/cspxutils/ascTool/Makefile b/SecurityTests/cspxutils/ascTool/Makefile deleted file mode 100644 index 03b510c6..00000000 --- a/SecurityTests/cspxutils/ascTool/Makefile +++ /dev/null @@ -1,55 +0,0 @@ -# name of executable to build -EXECUTABLE=ascTool -# C++ source (with .cpp extension) -CPSOURCE= ascTool.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= -framework CoreFoundation - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -#PROJ_LDFLAGS= -lMallocDebug -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/ascTool/ascTool.cpp b/SecurityTests/cspxutils/ascTool/ascTool.cpp deleted file mode 100644 index b2b0a5e0..00000000 --- a/SecurityTests/cspxutils/ascTool/ascTool.cpp +++ /dev/null @@ -1,291 +0,0 @@ -/* - * ascCrypt.c - simple ASC (ComCryption) encrypt/decrypt utility - */ - -#include "cspwrap.h" -#include "common.h" -#include -#include -#include -#include -#include -#include -#include -#include - -static void usage(char **argv) -{ - printf("usage:\n"); - printf(" %s op password inFile outFile [k=keysize] [o=optimize]\n", argv[0]); - printf(" op:\n"); - printf(" e encrypt\n"); - printf(" d decrypt\n"); - printf(" optimize:\n"); - printf(" d default\n"); - printf(" s size\n"); - printf(" e Security\n"); - printf(" t time\n"); - printf(" z time+size\n"); - printf(" a ASCII\n"); - exit(1); -} - -int main(int argc, char **argv) -{ - int rtn; - uint32 keySizeInBytes = CSP_ASC_KEY_SIZE_DEFAULT / 8; - uint32 optimize = CSSM_ASC_OPTIMIZE_DEFAULT; - char *password; // ASCII password from cmd line - char *inFileName; // from cmd line - unsigned char *inFile; // raw infile data - unsigned inFileSize; // in bytes - char *outFileName; // from cmd line - CSSM_CSP_HANDLE cspHand; - CSSM_RETURN crtn; - int doEncrypt = 0; - CSSM_DATA passwordData; - CSSM_DATA saltData = {8, (uint8 *)"someSalt"}; - CSSM_DATA inData; // data to encrypt/decrypt, from inFile - CSSM_DATA outData = {0, NULL};// result data, written to outFile - CSSM_KEY_PTR symKey; - int arg; - char *argp; - CFAbsoluteTime start, end; - CSSM_CC_HANDLE ccHand; // crypto context - CSSM_DATA remData = {0, NULL}; - CSSM_SIZE bytesProcessed; - CSSM_DATA iv = {0, NULL}; - - if(argc < 5) { - usage(argv); - } - - /* gather up cmd line args */ - switch(argv[1][0]) { - case 'e': - doEncrypt = 1; - break; - case 'd': - doEncrypt = 0; - break; - default: - usage(argv); - } - password = argv[2]; - passwordData.Data = (uint8 *)password; - passwordData.Length = strlen(password); - inFileName = argv[3]; - outFileName = argv[4]; - - /* optional args */ - for(arg=5; arg -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "bsafeUtils.h" -#include -#include "cspdlTesting.h" - -/* - * Defaults. - */ -#define OLOOPS_DEF 10 /* outer loops, one set of keys per loop */ -#define SIG_LOOPS_DEF 100 /* sig loops */ -#define ENC_LOOPS_DEF 100 /* encrypt/decrypt loops */ -#define MAX_TEXT_SIZE 1025 - -#define LOOP_NOTIFY 20 - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" a=algorithm (r=RSA; d=DSA; default=both)\n"); - printf(" l=outerloops (default=%d; 0=forever)\n", OLOOPS_DEF); - printf(" s=sigLoops (default=%d)\n", SIG_LOOPS_DEF); - printf(" e=encryptLoops (default=%d)\n", ENC_LOOPS_DEF); - printf(" k=keySizeInBits; default is random\n"); - printf(" S (sign/verify only)\n"); - printf(" E (encrypt/decrypt only)\n"); - printf(" r (generate ref keys)\n"); - printf(" R (generate public ref keys)\n"); - printf(" p=pauseInterval (default=0, no pause)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -static const char *algToStr(CSSM_ALGORITHMS sigAlg) -{ - switch(sigAlg) { - case CSSM_ALGID_RSA: return "RSA"; - case CSSM_ALGID_DSA: return "DSA"; - case CSSM_ALGID_SHA1WithRSA: return "SHA1WithRSA"; - case CSSM_ALGID_MD5WithRSA: return "MD5WithRSA"; - case CSSM_ALGID_SHA1WithDSA: return "SHA1WithDSA"; - default: - printf("***Unknown sigAlg\n"); - exit(1); - } - /* NOT REACHED */ - return ""; -} - -/* - * CDSA private key decrypt with blinding option. - */ -static CSSM_RETURN _cspDecrypt(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEED, etc. - uint32 mode, // CSSM_ALGMODE_CBC, etc. - only for symmetric algs - CSSM_PADDING padding, // CSSM_PADDING_PKCS1, etc. - CSSM_BOOL blinding, - const CSSM_KEY *key, // public or session key - const CSSM_DATA *ctext, - CSSM_DATA_PTR ptext) // RETURNED -{ - CSSM_CC_HANDLE cryptHand; - CSSM_RETURN crtn; - CSSM_RETURN ocrtn = CSSM_OK; - CSSM_SIZE bytesDecrypted; - CSSM_DATA remData = {0, NULL}; - - cryptHand = genCryptHandle(cspHand, - algorithm, - mode, - padding, - key, - NULL, // pubKey, - NULL, // iv, - 0, // effectiveKeySizeInBits, - 0); // rounds - if(cryptHand == 0) { - return CSSMERR_CSP_INTERNAL_ERROR; - } - if(blinding) { - CSSM_CONTEXT_ATTRIBUTE newAttr; - newAttr.AttributeType = CSSM_ATTRIBUTE_RSA_BLINDING; - newAttr.AttributeLength = sizeof(uint32); - newAttr.Attribute.Uint32 = 1; - crtn = CSSM_UpdateContextAttributes(cryptHand, 1, &newAttr); - if(crtn) { - printError("CSSM_UpdateContextAttributes", crtn); - return crtn; - } - } - - crtn = CSSM_DecryptData(cryptHand, - ctext, - 1, - ptext, - 1, - &bytesDecrypted, - &remData); - if(crtn == CSSM_OK) { - // NOTE: We return the proper length in ptext.... - ptext->Length = bytesDecrypted; - - // FIXME - sometimes get mallocd RemData here, but never any valid data - // there...side effect of CSPFullPluginSession's buffer handling logic; - // but will we ever actually see valid data in RemData? So far we never - // have.... - if(remData.Data != NULL) { - appFree(remData.Data, NULL); - } - } - else { - printError("CSSM_DecryptData", crtn); - ocrtn = crtn; - } - crtn = CSSM_DeleteContext(cryptHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = crtn; - } - return ocrtn; -} - -/* sign with RSA blinging option */ -static CSSM_RETURN _cspSign(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEE_MD5, etc. - CSSM_KEY_PTR key, // private key - const CSSM_DATA *text, - CSSM_BOOL rsaBlinding, - CSSM_DATA_PTR sig) // RETURNED -{ - CSSM_CC_HANDLE sigHand; - CSSM_RETURN crtn; - CSSM_RETURN ocrtn = CSSM_OK; - const CSSM_DATA *ptext; - CSSM_DATA digest = {0, NULL}; - CSSM_ALGORITHMS digestAlg = CSSM_ALGID_NONE; - - /* handle special cases for raw sign */ - switch(algorithm) { - case CSSM_ALGID_SHA1: - digestAlg = CSSM_ALGID_SHA1; - algorithm = CSSM_ALGID_RSA; - break; - case CSSM_ALGID_MD5: - digestAlg = CSSM_ALGID_MD5; - algorithm = CSSM_ALGID_RSA; - break; - case CSSM_ALGID_DSA: - digestAlg = CSSM_ALGID_SHA1; - algorithm = CSSM_ALGID_DSA; - break; - default: - break; - } - if(digestAlg != CSSM_ALGID_NONE) { - crtn = cspDigest(cspHand, - digestAlg, - CSSM_FALSE, // mallocDigest - text, - &digest); - if(crtn) { - return crtn; - } - /* sign digest with raw RSA/DSA */ - ptext = &digest; - } - else { - ptext = text; - } - crtn = CSSM_CSP_CreateSignatureContext(cspHand, - algorithm, - NULL, // passPhrase - key, - &sigHand); - if(crtn) { - printError("CSSM_CSP_CreateSignatureContext (1)", crtn); - return crtn; - } - if(rsaBlinding) { - CSSM_CONTEXT_ATTRIBUTE newAttr; - newAttr.AttributeType = CSSM_ATTRIBUTE_RSA_BLINDING; - newAttr.AttributeLength = sizeof(uint32); - newAttr.Attribute.Uint32 = 1; - crtn = CSSM_UpdateContextAttributes(sigHand, 1, &newAttr); - if(crtn) { - printError("CSSM_UpdateContextAttributes", crtn); - return crtn; - } - } - crtn = CSSM_SignData(sigHand, - ptext, - 1, - digestAlg, - sig); - if(crtn) { - printError("CSSM_SignData", crtn); - ocrtn = crtn; - } - crtn = CSSM_DeleteContext(sigHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = crtn; - } - if(digest.Data != NULL) { - CSSM_FREE(digest.Data); - } - return ocrtn; -} - - -/* - * Sign/verify test. - * - * for specified numLoops { - * generate random text; - * sign with BSAFE priv key, verify with CDSA pub key; - * sign with CDSA priv key, verify with BSAFE pub key; - * } - */ -static int sigTest( - CSSM_CSP_HANDLE cspHand, - unsigned numLoops, - - /* one matched key pair */ - BU_KEY bsafePrivKey, - CSSM_KEY_PTR cdsaPubKey, - - /* another matched key pair */ - CSSM_KEY_PTR cdsaPrivKey, - BU_KEY bsafePubKey, - - CSSM_DATA_PTR ptext, - unsigned maxPtextSize, - CSSM_ALGORITHMS sigAlg, - CSSM_BOOL rsaBlinding, - CSSM_BOOL quiet, - CSSM_BOOL verbose) -{ - CSSM_RETURN crtn; - CSSM_DATA sig = {0, NULL}; - unsigned loop; - uint32 keySizeInBits = cdsaPrivKey->KeyHeader.LogicalKeySizeInBits; - - if(!quiet) { - printf(" ...sig alg %s keySize %u\n", algToStr(sigAlg), (unsigned)keySizeInBits); - } - for(loop=0; loopKeyHeader.LogicalKeySizeInBits, - (unsigned long)ptext->Length); - } - } - - /* sign with BSAFE, verify with CDSA */ - crtn = buSign(bsafePrivKey, - sigAlg, - ptext, - keySizeInBits, - &sig); - if(crtn) { - return testError(quiet); - } - crtn = cspSigVerify(cspHand, - sigAlg, - cdsaPubKey, - ptext, - &sig, - CSSM_OK); - if(crtn) { - printf("***ERROR: Sign with BSAFE, vfy with CDSA, alg %s\n", - algToStr(sigAlg)); - if(testError(quiet)) { - return 1; - } - } - appFreeCssmData(&sig, CSSM_FALSE); - - /* sign with CDSA, verify with BSAFE */ - crtn = _cspSign(cspHand, - sigAlg, - cdsaPrivKey, - ptext, - rsaBlinding, - &sig); - if(crtn) { - return testError(quiet); - } - crtn = buVerify(bsafePubKey, - sigAlg, - ptext, - &sig); - if(crtn) { - printf("***ERROR: Sign with CDSA, vfy with BSAFE, alg %s\n", - algToStr(sigAlg)); - if(testError(quiet)) { - return 1; - } - } - appFreeCssmData(&sig, CSSM_FALSE); - } - return CSSM_OK; -} - -/* - * RSA Encrypt/decrypt test. - * - * for specified numLoops { - * generate random text; - * encrypt with BSAFE pub key, decrypt with CDSA priv key, verify; - * encrypt with CDSA pub key, decrypt with BSAFE priv key, verify; - * } - */ -static int encryptTest( - CSSM_CSP_HANDLE cspHand, - unsigned numLoops, - - /* one matched key pair */ - BU_KEY bsafePrivKey, - CSSM_KEY_PTR cdsaPubKey, - - /* another matched key pair */ - CSSM_KEY_PTR cdsaPrivKey, - BU_KEY bsafePubKey, - - CSSM_DATA_PTR ptext, - unsigned maxPtextSize, - CSSM_BOOL rsaBlinding, - CSSM_BOOL quiet, - CSSM_BOOL verbose) -{ - CSSM_RETURN crtn; - CSSM_DATA ctext = {0, NULL}; - CSSM_DATA rptext = {0, NULL}; - unsigned loop; - unsigned actKeySizeBytes; - - actKeySizeBytes = cdsaPrivKey->KeyHeader.LogicalKeySizeInBits / 8; - if(actKeySizeBytes < 12) { - printf("***Key with %u key bits is too small for RSA encrypt\n", - (unsigned)cdsaPrivKey->KeyHeader.LogicalKeySizeInBits); - return 1; - } - if(maxPtextSize > (actKeySizeBytes - 11)) { - maxPtextSize = actKeySizeBytes - 11; - } - if(!quiet) { - printf(" ...encr alg RSA\n"); - } - for(loop=0; loopKeyHeader.LogicalKeySizeInBits, - (unsigned long)ptext->Length); - } - } - - /* encrypt with BSAFE, decrypt with CDSA */ - crtn = buEncryptDecrypt(bsafePubKey, - CSSM_TRUE, // encrypt - CSSM_ALGID_RSA, - CSSM_ALGMODE_NONE, - NULL, // iv - cdsaPrivKey->KeyHeader.LogicalKeySizeInBits, - 0, // rounds - ptext, - &ctext); - if(crtn) { - return testError(quiet); - } - crtn = _cspDecrypt(cspHand, - CSSM_ALGID_RSA, - CSSM_ALGMODE_NONE, - CSSM_PADDING_PKCS1, - rsaBlinding, - cdsaPrivKey, - &ctext, - &rptext); - if(crtn) { - printf("***ERROR: encrypt with BSAFE, decrypt with CDSA\n"); - return testError(quiet); - } - if(!appCompareCssmData(ptext, &rptext)) { - printf("***DATA MISCOMPARE: encrypt with BSAFE, decrypt with CDSA\n"); - return testError(quiet); - } - appFreeCssmData(&ctext, CSSM_FALSE); - appFreeCssmData(&rptext, CSSM_FALSE); - - /* encrypt with CDSA, decrypt with BSAFE */ - crtn = cspEncrypt(cspHand, - CSSM_ALGID_RSA, - CSSM_ALGMODE_NONE, - CSSM_PADDING_PKCS1, - cdsaPubKey, - NULL, // (FEE) pub key - 0, // effectiveKeyBits - 0, // rounds - NULL, // IV - ptext, - &ctext, - CSSM_FALSE); // mallocCtext - if(crtn) { - return testError(quiet); - } - crtn = buEncryptDecrypt(bsafePrivKey, - CSSM_FALSE, // encrypt - CSSM_ALGID_RSA, - CSSM_ALGMODE_NONE, - NULL, // iv - cdsaPrivKey->KeyHeader.LogicalKeySizeInBits, - 0, // rounds - &ctext, - &rptext); - if(crtn) { - printf("***ERROR: encrypt with CDSA, decrypt with BSAFE\n"); - return testError(quiet); - } - if(!appCompareCssmData(ptext, &rptext)) { - printf("***DATA MISCOMPARE: encrypt with CDSA, decrypt with BSAFE\n"); - return testError(quiet); - } - appFreeCssmData(&ctext, CSSM_FALSE); - appFreeCssmData(&rptext, CSSM_FALSE); - } - return CSSM_OK; -} - -static int doTest( - CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS keyAlg, // RSA/DSA - CSSM_ALGORITHMS sigAlg, - unsigned sigLoops, // may be zero - unsigned encrLoops, // ditto; it will be zero for DSA - CSSM_BOOL rsaBlinding, - CSSM_DATA_PTR ptext, - unsigned maxPtextSize, - uint32 keySizeInBits, // 0 --> random per alg - CSSM_BOOL pubRefKeys, - CSSM_BOOL privRefKeys, - CSSM_BOOL bareCsp, // for other workarounds - CSSM_BOOL quiet, - CSSM_BOOL verbose) -{ - CSSM_KEY cdsaGenPubKey; - CSSM_KEY cdsaGenPrivKey; // only used to create bsafeDerivePrivKey - CSSM_KEY cdsaTempKey; // raw key if privRefKeys true - CSSM_KEY cdsaDerivePrivKey; // same as bsafeGenPrivKey - BU_KEY bsafeGenPubKey; - BU_KEY bsafeGenPrivKey; // only used to create cdsaDerivePrivKey - BU_KEY bsafeDerivePrivKey; // same as cdsaGenPrivKey - unsigned actKeySizeBits; - CSSM_RETURN crtn; - int rtn; - - if(!keySizeInBits) { - /* random key size */ - actKeySizeBits = randKeySizeBits(keyAlg, OT_Encrypt); - } - else { - /* caller/user specified */ - actKeySizeBits = keySizeInBits; - } - if(verbose) { - printf(" ...generating %s key pair, keySize %d bits...\n", - algToStr(keyAlg), actKeySizeBits); - } - - /* - * Generate two keypairs - */ - if(keyAlg == CSSM_ALGID_DSA) { - CSSM_BOOL doGenParams; - - if(bareCsp || CSPDL_DSA_GEN_PARAMS) { - doGenParams = CSSM_TRUE; - } - else { - /* CSPDL - no gen params */ - doGenParams = CSSM_FALSE; - } - crtn = cspGenDSAKeyPair(cspHand, - "foo", - 3, - actKeySizeBits, - &cdsaGenPubKey, - pubRefKeys, - CSSM_KEYUSE_ANY, - CSSM_KEYBLOB_RAW_FORMAT_NONE, - &cdsaGenPrivKey, - privRefKeys, - CSSM_KEYUSE_SIGN, - CSSM_KEYBLOB_RAW_FORMAT_NONE, - doGenParams, // genParams - NULL); // params - } - else { - crtn = cspGenKeyPair(cspHand, - keyAlg, - "foo", - 3, - actKeySizeBits, - &cdsaGenPubKey, - pubRefKeys, - CSSM_KEYUSE_ANY, - CSSM_KEYBLOB_RAW_FORMAT_NONE, - &cdsaGenPrivKey, - privRefKeys, - CSSM_KEYUSE_ANY, - CSSM_KEYBLOB_RAW_FORMAT_NONE, - CSSM_FALSE); // genSeed not used - } - if(crtn) { - return testError(quiet); - } - crtn = buGenKeyPair(actKeySizeBits, - keyAlg, - &bsafeGenPubKey, - &bsafeGenPrivKey); - if(crtn) { - return testError(quiet); - } - - /* - * Convert private keys to other library. - * NOTE: the reason we're only converting private keys is solely due to the - * fact that BSAFE does not handle PKCS1 formatted public key blobs. Very odd. - * But it's too much of a pain to re-implement that wheel here, and SSL and - * cert handling in general verify the CSP's PKCS1-style public key handling. - */ - if(privRefKeys) { - /* first generate a temporary raw CDSA key */ - crtn = buBsafePrivKeyToCdsa(keyAlg, - actKeySizeBits, - bsafeGenPrivKey, - &cdsaTempKey); - if(crtn) { - return testError(quiet); - } - - /* convert it to the ref key we'll actually use */ - crtn = cspRawKeyToRef(cspHand, &cdsaTempKey, &cdsaDerivePrivKey); - cspFreeKey(cspHand, &cdsaTempKey); - } - else { - crtn = buBsafePrivKeyToCdsa(keyAlg, - actKeySizeBits, - bsafeGenPrivKey, - &cdsaDerivePrivKey); - } - if(crtn) { - return testError(quiet); - } - if(privRefKeys) { - /* we have a CDSA priv ref key; convert it to raw format */ - crtn = cspRefKeyToRaw(cspHand, &cdsaGenPrivKey, &cdsaTempKey); - if(crtn) { - return testError(quiet); - } - /* now convert it to BSAFE */ - crtn = buCdsaPrivKeyToBsafe(&cdsaTempKey, &bsafeDerivePrivKey); - cspFreeKey(cspHand, &cdsaTempKey); - } - else { - crtn = buCdsaPrivKeyToBsafe(&cdsaGenPrivKey, &bsafeDerivePrivKey); - } - if(crtn) { - return testError(quiet); - } - - if(sigLoops) { - rtn = sigTest(cspHand, - sigLoops, - bsafeDerivePrivKey, - &cdsaGenPubKey, - &cdsaDerivePrivKey, - bsafeGenPubKey, - ptext, - maxPtextSize, - sigAlg, - rsaBlinding, - quiet, - verbose); - if(rtn) { - return rtn; - } - } - - if(encrLoops) { - rtn = encryptTest(cspHand, - encrLoops, - bsafeDerivePrivKey, - &cdsaGenPubKey, - &cdsaDerivePrivKey, - bsafeGenPubKey, - ptext, - maxPtextSize, - rsaBlinding, - quiet, - verbose); - if(rtn) { - return rtn; - } - } - - /* free all six keys */ - buFreeKey(bsafeGenPubKey); - buFreeKey(bsafeGenPrivKey); - buFreeKey(bsafeDerivePrivKey); - cspFreeKey(cspHand, &cdsaGenPubKey); - cspFreeKey(cspHand, &cdsaGenPrivKey); - cspFreeKey(cspHand, &cdsaDerivePrivKey); - return 0; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - CSSM_DATA ptext; - CSSM_CSP_HANDLE cspHand; - int i; - int rtn = 0; - - /* - * User-spec'd params - */ - uint32 keySizeInBits = 0; - unsigned oloops = OLOOPS_DEF; - unsigned sigLoops = SIG_LOOPS_DEF; - unsigned encrLoops = ENC_LOOPS_DEF; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - unsigned pauseInterval = 0; - CSSM_BOOL bareCsp = CSSM_TRUE; - CSSM_BOOL doDSA = CSSM_TRUE; - CSSM_BOOL doRSA = CSSM_TRUE; - CSSM_BOOL pubRefKeys = CSSM_FALSE; - CSSM_BOOL privRefKeys = CSSM_FALSE; - - for(arg=1; arg -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include -#include - -/* - * Defaults. - */ -#define ENC_LOOPS_DEF 1000 -#define KEYSIZE_DEF 1024 -#define PTEXT_SIZE 20 /* e.g., a SHA1 digest */ - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" a=algorithm (r=RSA; f=FEED; F=FEEDExp; default=RSA)\n"); - printf(" l=numLoop (default=%d)\n", ENC_LOOPS_DEF); - printf(" k=keySizeInBits; default=%d\n", KEYSIZE_DEF); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" b (RSA blinding enabled)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - - -int main(int argc, char **argv) -{ - int arg; - char *argp; - CSSM_CSP_HANDLE cspHand; - unsigned i; - CSSM_KEY pubKey; - CSSM_KEY privKey; - CSSM_DATA_PTR ptext; // different for each loop - CSSM_DATA_PTR ctext; // ditto - CSSM_DATA_PTR rptext; // ditto - CSSM_RETURN crtn; - CFAbsoluteTime start, end; - CSSM_CC_HANDLE ccHand; - unsigned ctextSize; - CSSM_ACCESS_CREDENTIALS creds; - CSSM_SIZE processed; - CSSM_DATA remData; - - /* - * User-spec'd params - */ - uint32 keySizeInBits = KEYSIZE_DEF; - unsigned encLoops = ENC_LOOPS_DEF; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_BOOL bareCsp = CSSM_TRUE; - CSSM_BOOL rsaBlinding = CSSM_FALSE; - CSSM_ALGORITHMS keyAlg = CSSM_ALGID_RSA; - CSSM_ALGORITHMS encrAlg = CSSM_ALGID_RSA; - CSSM_PADDING padding = CSSM_PADDING_PKCS1; - - for(arg=1; arg -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "cspdlTesting.h" - -#define USAGE_NAME "noUsage" -#define USAGE_NAME_LEN (strlen(USAGE_NAME)) -#define USAGE2_NAME "noUsage2" -#define USAGE2_NAME_LEN (strlen(USAGE2_NAME)) -#define LOOPS_DEF 10 -#define MIN_EXP 2 /* for data size 10**exp */ -#define DEFAULT_MAX_EXP 2 -#define MAX_EXP 4 - -/* - * Enumerate algs our own way to allow iteration. - */ -#define ALG_RSA 1 -#define ALG_FEED 2 -#define ALG_FEEDEXP 3 -#define ALG_FEE_CFILE 4 -#define ALG_FIRST ALG_RSA -#define ALG_LAST ALG_FEEDEXP -#define MAX_DATA_SIZE (10000 + 100) /* bytes */ -#define FEE_PASSWD_LEN 32 /* private data length in bytes, FEE only */ - -#define DUMP_KEY_DATA 0 - -/* - * RSA encryption now allows arbitrary plaintext size. BSAFE was limited to - * primeSize - 11. - */ -#define RSA_PLAINTEXT_LIMIT 0 - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" a=algorithm (f=FEED; x=FEEDExp; c=FEE_Cfile; r=RSA; default=all)\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" n=minExp (default=%d)\n", MIN_EXP); - printf(" x=maxExp (default=%d, max=%d)\n", DEFAULT_MAX_EXP, MAX_EXP); - printf(" k=keySize\n"); - printf(" P=primeType (m=Mersenne, f=FEE, g=general; FEE only)\n"); - printf(" C=curveType (m=Montgomery, w=Weierstrass, g=general; FEE only)\n"); - printf(" e(xport)\n"); - printf(" r(eference keys only)\n"); - printf(" K (skip decrypt)\n"); - printf(" N(o padding, RSA only)\n"); - printf(" S (no staging)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" p (pause on each loop)\n"); - printf(" u (quick; small keys)\n"); - printf(" t=plainTextSize; default=random\n"); - printf(" z(ero data)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -static int doTest(CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS alg, // CSSM_ALGID_xxx - CSSM_PADDING padding, - CSSM_DATA_PTR ptext, - CSSM_BOOL verbose, - CSSM_BOOL quiet, - uint32 keySizeInBits, // may be 0, i.e., default per alg - uint32 primeType, // FEE only - uint32 curveType, // ditto - CSSM_BOOL pubIsRef, - CSSM_KEYBLOB_FORMAT rawPubForm, - CSSM_BOOL privIsRef, - CSSM_KEYBLOB_FORMAT rawPrivForm, - CSSM_BOOL secondPubIsRaw, // FEED via CSPDL: 2nd key must be raw - CSSM_BOOL stagedEncr, - CSSM_BOOL stagedDecr, - CSSM_BOOL mallocPtext, // only meaningful if !stagedDecr - CSSM_BOOL mallocCtext, // only meaningful if !stagedEncr - CSSM_BOOL skipDecrypt, - CSSM_BOOL genSeed) // FEE keys only -{ - // these two are always generated - CSSM_KEY recvPubKey; - CSSM_KEY recvPrivKey; - // these two are for two-key FEE algorithms only - CSSM_KEY sendPubKey; - CSSM_KEY sendPrivKey; - // these two are optionally created by cspRefKeyToRaw if (FEED && secondPubIsRaw) - CSSM_KEY sendPubKeyRaw; - CSSM_KEY recvPubKeyRaw; - CSSM_BOOL rawPubKeysCreated = CSSM_FALSE; - - /* two-key FEE, CSP : &{send,recv}PubKey - * two-key FEE, CSPDL: &{send,recv}PubKeyRaw - * else : NULL, &recvPubKey - */ - CSSM_KEY_PTR sendPubKeyPtr = NULL; - CSSM_KEY_PTR recvPubKeyPtr = NULL; - - CSSM_DATA ctext = {0, NULL}; - CSSM_DATA rptext = {0, NULL}; - CSSM_RETURN crtn; - int rtn = 0; - uint32 keyGenAlg; - uint32 mode = CSSM_ALGMODE_NONE; // FIXME - does this need testing? - CSSM_BOOL twoKeys = CSSM_FALSE; - - switch(alg) { - case CSSM_ALGID_FEED: - case CSSM_ALGID_FEECFILE: - twoKeys = CSSM_TRUE; - /* drop thru */ - case CSSM_ALGID_FEEDEXP: - keyGenAlg = CSSM_ALGID_FEE; - break; - case CSSM_ALGID_RSA: - keyGenAlg = CSSM_ALGID_RSA; - break; - default: - printf("bogus algorithm\n"); - return 1; - } - - /* one key pair for all algs except CFILE and FEED, which need two */ - if(keyGenAlg == CSSM_ALGID_FEE) { - uint8 passwd[FEE_PASSWD_LEN]; - CSSM_DATA pwdData = {FEE_PASSWD_LEN, passwd}; - CSSM_DATA_PTR pwdDataPtr; - if(genSeed) { - simpleGenData(&pwdData, FEE_PASSWD_LEN, FEE_PASSWD_LEN); - pwdDataPtr = &pwdData; - } - else { - pwdDataPtr = NULL; - } - /* - * Note we always generate public keys per the pubIsRef argument, even if - * secondPubIsRaw is true, 'cause the CSPDL can't generate raw keys. - */ - rtn = cspGenFEEKeyPair(cspHand, - USAGE_NAME, - USAGE_NAME_LEN, - keySizeInBits, - primeType, - curveType, - &recvPubKey, - pubIsRef, - CSSM_KEYUSE_ANY, - CSSM_KEYBLOB_RAW_FORMAT_NONE, - &recvPrivKey, - privIsRef, - CSSM_KEYUSE_ANY, - CSSM_KEYBLOB_RAW_FORMAT_NONE, - pwdDataPtr); - if(rtn) { - /* leak */ - return testError(quiet); - } - if(twoKeys) { - rtn = cspGenFEEKeyPair(cspHand, - USAGE2_NAME, - USAGE2_NAME_LEN, - keySizeInBits, - primeType, - curveType, - &sendPubKey, - pubIsRef, - CSSM_KEYUSE_ANY, - CSSM_KEYBLOB_RAW_FORMAT_NONE, - &sendPrivKey, - privIsRef, - CSSM_KEYUSE_ANY, - CSSM_KEYBLOB_RAW_FORMAT_NONE, - pwdDataPtr); - if(rtn) { - /* leak recv*Key */ - return testError(quiet); - } - } - if(twoKeys) { - if(secondPubIsRaw && pubIsRef) { - /* - * Convert ref public keys to raw - they're going into a Context; the - * SecurityServer doesn't deal with ref keys there. - * Leak all sorts of stuff on any error here. - */ - crtn = cspRefKeyToRaw(cspHand, &sendPubKey, &sendPubKeyRaw); - if(crtn) { - return testError(quiet); - } - crtn = cspRefKeyToRaw(cspHand, &recvPubKey, &recvPubKeyRaw); - if(crtn) { - return testError(quiet); - } - /* two keys, CSPDL */ - sendPubKeyPtr = &sendPubKeyRaw; - recvPubKeyPtr = &recvPubKeyRaw; - rawPubKeysCreated = CSSM_TRUE; - } - else { - /* two keys, CSP */ - sendPubKeyPtr = &sendPubKey; - recvPubKeyPtr = &recvPubKey; - } - } - else { - /* one key pair, standard config */ - sendPubKeyPtr = NULL; - recvPubKeyPtr = &recvPubKey; - } - } - else { - CSSM_KEYBLOB_FORMAT expectPubForm = rawPubForm; - CSSM_KEYBLOB_FORMAT expectPrivForm = rawPrivForm; - - rtn = cspGenKeyPair(cspHand, - keyGenAlg, - USAGE_NAME, - USAGE_NAME_LEN, - keySizeInBits, - &recvPubKey, - pubIsRef, - twoKeys ? CSSM_KEYUSE_ANY : CSSM_KEYUSE_ENCRYPT, - rawPubForm, - &recvPrivKey, - privIsRef, - twoKeys ? CSSM_KEYUSE_ANY : CSSM_KEYUSE_DECRYPT, - rawPrivForm, - genSeed); - if(rtn) { - return testError(quiet); - } - /* one key pair, standard config */ - sendPubKeyPtr = NULL; - recvPubKeyPtr = &recvPubKey; - - /* verify defaults - only for RSA */ - if(!pubIsRef) { - if(rawPubForm == CSSM_KEYBLOB_RAW_FORMAT_NONE) { - expectPubForm = CSSM_KEYBLOB_RAW_FORMAT_PKCS1; - } - if(recvPubKey.KeyHeader.Format != expectPubForm) { - printf("***Bad raw RSA pub key format - exp %u got %u\n", - (unsigned)expectPubForm, - (unsigned)recvPubKey.KeyHeader.Format); - if(testError(quiet)) { - return 1; - } - } - } - if(!privIsRef) { - if(rawPrivForm == CSSM_KEYBLOB_RAW_FORMAT_NONE) { - expectPrivForm = CSSM_KEYBLOB_RAW_FORMAT_PKCS8; - } - if(recvPrivKey.KeyHeader.Format != expectPrivForm) { - printf("***Bad raw RSA priv key format - exp %u got %u\n", - (unsigned)expectPrivForm, - (unsigned)recvPrivKey.KeyHeader.Format); - if(testError(quiet)) { - return 1; - } - } - } - } - #if DUMP_KEY_DATA - dumpBuffer("Pub Key Data", recvPubKey.KeyData.Data, recvPubKey.KeyData.Length); - dumpBuffer("Priv Key Data", recvPrivKey.KeyData.Data, recvPrivKey.KeyData.Length); - #endif - if(stagedEncr) { - crtn = cspStagedEncrypt(cspHand, - alg, - mode, - padding, - /* Two keys: second must be pub */ - twoKeys ? &sendPrivKey : &recvPubKey, - twoKeys ? recvPubKeyPtr : NULL, - 0, // effectiveKeySize - 0, // cipherBlockSize - 0, // rounds - NULL, // initVector - ptext, - &ctext, - CSSM_TRUE); // multi - } - else { - crtn = cspEncrypt(cspHand, - alg, - mode, - padding, - /* Two keys: second must be pub */ - twoKeys ? &sendPrivKey : &recvPubKey, - twoKeys ? recvPubKeyPtr : NULL, - 0, // effectiveKeySize - 0, // rounds - NULL, // initVector - ptext, - &ctext, - mallocCtext); - } - if(crtn) { - rtn = testError(quiet); - goto abort; - } - if(verbose) { - printf(" ..ptext size %lu ctext size %lu\n", - (unsigned long)ptext->Length, (unsigned long)ctext.Length); - } - if(skipDecrypt) { - goto abort; - } - if(stagedDecr) { - crtn = cspStagedDecrypt(cspHand, - alg, - mode, - padding, - /* Two keys: second must be pub */ - &recvPrivKey, - sendPubKeyPtr, - 0, // effectiveKeySize - 0, // cipherBlockSize - 0, // rounds - NULL, // initVector - &ctext, - &rptext, - CSSM_TRUE); // multi - } - else { - crtn = cspDecrypt(cspHand, - alg, - mode, - padding, - &recvPrivKey, - sendPubKeyPtr, - 0, // effectiveKeySize - 0, // rounds - NULL, // initVector - &ctext, - &rptext, - mallocPtext); - } - if(crtn) { - rtn = testError(quiet); - goto abort; - } - /* compare ptext, rptext */ - if(ptext->Length != rptext.Length) { - printf("Ptext length mismatch: expect %lu, got %lu\n", - (unsigned long)ptext->Length, (unsigned long)rptext.Length); - rtn = testError(quiet); - if(rtn) { - goto abort; - } - } - if(memcmp(ptext->Data, rptext.Data, ptext->Length)) { - printf("***data miscompare\n"); - rtn = testError(quiet); - } -abort: - /* free keys */ - if(cspFreeKey(cspHand, &recvPubKey)) { - printf("Error freeing recvPubKey\n"); - rtn = 1; - } - if(cspFreeKey(cspHand, &recvPrivKey)) { - printf("Error freeing recvPrivKey\n"); - rtn = 1; - } - if(twoKeys) { - if(cspFreeKey(cspHand, &sendPubKey)) { - printf("Error freeing sendPubKey\n"); - rtn = 1; - } - if(cspFreeKey(cspHand, &sendPrivKey)) { - printf("Error freeing sendPrivKey\n"); - rtn = 1; - } - if(rawPubKeysCreated) { - if(cspFreeKey(cspHand, &sendPubKeyRaw)) { - printf("Error freeing sendPubKeyRaw\n"); - rtn = 1; - } - if(cspFreeKey(cspHand, &recvPubKeyRaw)) { - printf("Error freeing recvPubKeyRaw\n"); - rtn = 1; - } - } - } - /* free rptext, ctext */ - appFreeCssmData(&rptext, CSSM_FALSE); - appFreeCssmData(&ctext, CSSM_FALSE); - return rtn; -} - -static const char *formStr( - CSSM_KEYBLOB_FORMAT form) -{ - switch(form) { - case CSSM_KEYBLOB_RAW_FORMAT_NONE: return "NONE"; - case CSSM_KEYBLOB_RAW_FORMAT_PKCS1: return "PKCS1"; - case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: return "PKCS8"; - case CSSM_KEYBLOB_RAW_FORMAT_X509: return "X509"; - case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH: return "SSH1"; - case CSSM_KEYBLOB_RAW_FORMAT_OPENSSH2: return "SSH2"; - default: - printf("***BRRRZAP! formStr needs work\n"); - exit(1); - } -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - CSSM_DATA ptext; - CSSM_CSP_HANDLE cspHand; - CSSM_BOOL pubIsRef = CSSM_TRUE; - CSSM_BOOL privIsRef = CSSM_TRUE; - CSSM_BOOL stagedEncr; - CSSM_BOOL stagedDecr; - const char *algStr; - uint32 encAlg; // CSSM_ALGID_xxx - unsigned currAlg; // ALG_xxx - int i; - CSSM_BOOL mallocCtext; - CSSM_BOOL mallocPtext; - int rtn = 0; - CSSM_BOOL genSeed; // for FEE key gen - CSSM_PADDING padding; - CSSM_KEYBLOB_FORMAT rawPubFormat = CSSM_KEYBLOB_RAW_FORMAT_NONE; - CSSM_KEYBLOB_FORMAT rawPrivFormat = CSSM_KEYBLOB_RAW_FORMAT_NONE; - - /* - * User-spec'd params - */ - unsigned loops = LOOPS_DEF; - CSSM_BOOL verbose = CSSM_FALSE; - unsigned minExp = MIN_EXP; - unsigned maxExp = DEFAULT_MAX_EXP; - CSSM_BOOL quiet = CSSM_FALSE; - uint32 keySizeInBits = CSP_KEY_SIZE_DEFAULT; - CSSM_BOOL keySizeSpec = CSSM_FALSE; - unsigned minAlg = ALG_FIRST; - uint32 maxAlg = ALG_LAST; - CSSM_BOOL skipDecrypt = CSSM_FALSE; - CSSM_BOOL bareCsp = CSSM_TRUE; - CSSM_BOOL doPause = CSSM_FALSE; - CSSM_BOOL smallKeys = CSSM_FALSE; - uint32 primeType = CSSM_FEE_PRIME_TYPE_DEFAULT; // FEE only - uint32 curveType = CSSM_FEE_CURVE_TYPE_DEFAULT; // FEE only - uint32 ptextSize = 0; // 0 means random - dataType dtype = DT_Random; - CSSM_BOOL refKeysOnly = CSSM_FALSE; - CSSM_BOOL noPadding = CSSM_FALSE; - CSSM_BOOL stagingEnabled = CSSM_TRUE; - - for(arg=1; arg MAX_EXP) { - usage(argv); - } - break; - case 'k': - keySizeInBits = atoi(&argv[arg][2]); - keySizeSpec = CSSM_TRUE; - break; - case 'K': - skipDecrypt = CSSM_TRUE; - break; - case 't': - ptextSize = atoi(&argp[2]); - break; - case 'D': - bareCsp = CSSM_FALSE; - #if CSPDL_ALL_KEYS_ARE_REF - refKeysOnly = CSSM_TRUE; - #endif - break; - case 'u': - smallKeys = CSSM_TRUE; - break; - case 'N': - noPadding = CSSM_TRUE; - break; - case 'z': - dtype = DT_Zero; - break; - case 'v': - verbose = CSSM_TRUE; - break; - case 'r': - refKeysOnly = CSSM_TRUE; - break; - case 'S': - stagingEnabled = CSSM_FALSE; - break; - case 'p': - doPause = CSSM_TRUE; - break; - case 'q': - quiet = CSSM_TRUE; - break; - case 'C': - switch(argp[2]) { - case 'm': - curveType = CSSM_FEE_CURVE_TYPE_MONTGOMERY; - break; - case 'w': - curveType = CSSM_FEE_CURVE_TYPE_WEIERSTRASS; - break; - default: - usage(argv); - } - break; - case 'P': - switch(argp[2]) { - case 'm': - primeType = CSSM_FEE_PRIME_TYPE_MERSENNE; - break; - case 'f': - primeType = CSSM_FEE_PRIME_TYPE_FEE; - break; - case 'g': - primeType = CSSM_FEE_PRIME_TYPE_GENERAL; - break; - default: - usage(argv); - } - break; - case 'h': - default: - usage(argv); - } - } - ptext.Data = (uint8 *)CSSM_MALLOC(MAX_DATA_SIZE); - - /* length set in test loop */ - if(ptext.Data == NULL) { - printf("Insufficient heap\n"); - exit(1); - } - if(noPadding) { - if(ptextSize == 0) { - printf("**WARNING NoPad mode will fail with random plaintext size\n"); - } - if(!keySizeSpec) { - printf("**WARNING NoPad mode will fail with random key size\n"); - } - else { - uint32 keyBytes = keySizeInBits / 8; - if(ptextSize != keyBytes) { - /* - * FIXME: I actually do not understand why this fails, but - * doing raw RSA encryption with ptextSize != keySize results - * in random-looking failures, probably based on the plaintext - * itself (it doesn't fail with zero data). - */ - printf("***WARNING NoPad mode requires plaintext size = key size\n"); - } - } - } - printf("Starting asymTest; args: "); - for(i=1; i -#include -#include -#include -#include "cspwrap.h" -#include "common.h" - -static CSSM_API_MEMORY_FUNCS memFuncs = { - appMalloc, - appFree, - appRealloc, - appCalloc, - NULL - }; - -static CSSM_VERSION vers = {2, 0}; - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options: \n"); - printf(" l (do ModuleLoad on each loop)\n"); - printf(" u (do Module{Load,Unload} on each loop)\n"); - printf(" d (CSP/DL; default = bare CSP)\n"); - printf(" t (TP)\n"); - printf(" c (CL)\n"); - exit(1); -} - -static int doPause(const char *state) -{ - char resp; - - fpurge(stdin); - printf("%s\n", state); - printf("q to abort, anything else to continue: "); - resp = getchar(); - return(resp == 'q'); -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - CSSM_HANDLE modHand = 0; - void *foo; - CSSM_SERVICE_TYPE svcType = CSSM_SERVICE_CSP; - const CSSM_GUID *guid = &gGuidAppleCSP; - const char *modName = "AppleCSP"; - CSSM_RETURN crtn; - CSSM_BOOL doLoad = CSSM_FALSE; - CSSM_BOOL doUnload = CSSM_FALSE; - - /* force link against malloc */ - foo = malloc(1); - for(arg=1; arg -#include -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "cspdlTesting.h" -/* - * Enumerate algs our own way to allow iteration. - */ -typedef unsigned privAlg; -enum { - ALG_ASC = 1, - ALG_DES, - ALG_RC2, - ALG_RC4, - ALG_RC5, - ALG_3DES, - ALG_AES, - ALG_RSA, - ALG_FEE, - ALG_ECDSA, - ALG_DSA -}; - -#define SYM_FIRST ALG_ASC -#define SYM_LAST ALG_AES -#define ASYM_FIRST ALG_RSA -#define ASYM_LAST ALG_ECDSA /* DSA if we're patient */ - -/* - * ops expressed at bitfields - */ -#define OP_SIGN 0x0001 -#define OP_VERIFY 0x0002 -#define OP_ENCRYPT 0x0004 -#define OP_DECRYPT 0x0008 -#define OP_GENMAC 0x0010 -#define OP_VFYMAC 0x0020 - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" s(ymmetric only)\n"); - printf(" a(symmetric only)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -/* - * Common, flexible, error-tolerant symmetric key generator. - */ -static int genSymKey( - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR symKey, - uint32 alg, - const char *keyAlgStr, - uint32 keySizeInBits, - CSSM_KEYATTR_FLAGS keyAttr, - CSSM_KEYUSE keyUsage, - CSSM_RETURN expectRtn, - CSSM_BOOL quiet, - CSSM_BOOL freeKey, // true: free the key on exit - const char *testStr) -{ - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand; - CSSM_DATA dummyLabel = {4, (uint8 *)"foo"}; - int irtn; - - memset(symKey, 0, sizeof(CSSM_KEY)); - crtn = CSSM_CSP_CreateKeyGenContext(cspHand, - alg, - keySizeInBits, // keySizeInBits - NULL, // Seed - NULL, // Salt - NULL, // StartDate - NULL, // EndDate - NULL, // Params - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateKeyGenContext", crtn); - return testError(quiet); - } - crtn = CSSM_GenerateKey(ccHand, - keyUsage, - keyAttr, - &dummyLabel, - NULL, // ACL - symKey); - if(crtn != expectRtn) { - printf("***Testing %s for alg %s:\n", testStr, keyAlgStr); - printf(" CSSM_GenerateKey: expect %s\n", cssmErrToStr(expectRtn)); - printf(" CSSM_GenerateKey: got %s\n", cssmErrToStr(crtn)); - irtn = testError(quiet); - } - else { - irtn = 0; - } - CSSM_DeleteContext(ccHand); - if(freeKey && (crtn == CSSM_OK)) { - cspFreeKey(cspHand, symKey); - } - return irtn; -} - -/* - * Common, flexible, error-tolerant key pair generator. - */ -static int genKeyPair( - CSSM_CSP_HANDLE cspHand, - uint32 algorithm, - const char *keyAlgStr, - uint32 keySizeInBits, - CSSM_KEY_PTR pubKey, - CSSM_KEYATTR_FLAGS pubKeyAttr, - CSSM_KEYUSE pubKeyUsage, - CSSM_KEY_PTR privKey, - CSSM_KEYATTR_FLAGS privKeyAttr, - CSSM_KEYUSE privKeyUsage, - CSSM_RETURN expectRtn, - CSSM_BOOL quiet, - CSSM_BOOL freeKeys, // true: free the keys on exit - const char *testStr) -{ - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand; - CSSM_DATA keyLabelData = {4, (uint8 *)"foo"}; - int irtn; - - memset(pubKey, 0, sizeof(CSSM_KEY)); - memset(privKey, 0, sizeof(CSSM_KEY)); - - crtn = CSSM_CSP_CreateKeyGenContext(cspHand, - algorithm, - keySizeInBits, - NULL, // Seed - NULL, // Salt - NULL, // StartDate - NULL, // EndDate - NULL, // Params - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateKeyGenContext", crtn); - return testError(quiet); - } - - /* post-context-create algorithm-specific stuff */ - switch(algorithm) { - case CSSM_ALGID_RSA: - break; - - case CSSM_ALGID_DSA: - /* - * extra step - generate params - this just adds some - * info to the context - */ - { - CSSM_DATA dummy = {0, NULL}; - crtn = CSSM_GenerateAlgorithmParams(ccHand, - keySizeInBits, &dummy); - if(crtn) { - printError("CSSM_GenerateAlgorithmParams", crtn); - return testError(quiet); - } - appFreeCssmData(&dummy, CSSM_FALSE); - } - break; - default: - break; - } - - crtn = CSSM_GenerateKeyPair(ccHand, - pubKeyUsage, - pubKeyAttr, - &keyLabelData, - pubKey, - privKeyUsage, - privKeyAttr, - &keyLabelData, // same labels - NULL, // CredAndAclEntry - privKey); - if(crtn != expectRtn) { - printf("***Testing %s for alg %s:\n", testStr, keyAlgStr); - printf(" CSSM_GenerateKeyPair: expect %s\n", cssmErrToStr(expectRtn)); - printf(" CSSM_GenerateKeyPair: got %s\n", cssmErrToStr(crtn)); - irtn = testError(quiet); - } - else { - irtn = 0; - } - CSSM_DeleteContext(ccHand); - if(freeKeys && (crtn == CSSM_OK)) { - cspFreeKey(cspHand, pubKey); - cspFreeKey(cspHand, privKey); - } - return irtn; -} - -/* - * Perform NULL wrap, generally expecting an error (either - * CSSMERR_CSP_INVALID_KEYATTR_MASK, if the raw key bits should be inaccessible, - * or CSSMERR_CSP_INVALID_KEY_REFERENCE, if the key's header has been munged.) - */ -int nullWrapTest( - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR key, - CSSM_BOOL quiet, - CSSM_RETURN expectRtn, - const char *keyAlgStr, - const char *testStr) -{ - CSSM_CC_HANDLE ccHand; - CSSM_RETURN crtn; - CSSM_ACCESS_CREDENTIALS creds; - CSSM_KEY wrappedKey; // should not get created - int irtn; - - memset(&wrappedKey, 0, sizeof(CSSM_KEY)); - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - crtn = CSSM_CSP_CreateSymmetricContext(cspHand, - CSSM_ALGID_NONE, - CSSM_ALGMODE_NONE, - &creds, // passPhrase, - NULL, // wrappingKey, - NULL, // IV - CSSM_PADDING_NONE, - 0, // Params - &ccHand); - if(crtn) { - printError("cspWrapKey/CreateContext", crtn); - return testError(quiet); - } - crtn = CSSM_WrapKey(ccHand, - &creds, - key, - NULL, // DescriptiveData - &wrappedKey); - if(crtn != expectRtn) { - printf("***Testing %s for alg %s:\n", testStr, keyAlgStr); - printf(" CSSM_WrapKey: expect %s\n", cssmErrToStr(expectRtn)); - printf(" CSSM_WrapKey: got %s\n", cssmErrToStr(crtn)); - irtn = testError(quiet); - } - else { - irtn = 0; - } - CSSM_DeleteContext(ccHand); - return irtn; -} - -/* - * Attempt to wrap incoming key with a DES key that we generate. Expect - * CSSMERR_CSP_INVALID_KEYATTR_MASK since the unwrapped key is marked - * !EXTRACTABLE. - */ -#define WRAPPING_KEY_ALG CSSM_ALGID_DES -#define WRAPPING_KEY_SIZE CSP_DES_KEY_SIZE_DEFAULT - -static int badWrapTest( - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR unwrappedKey, - CSSM_KEYBLOB_FORMAT wrapForm, - CSSM_BOOL quiet, - const char *keyAlgStr, - const char *testStr) -{ - CSSM_CC_HANDLE ccHand; - CSSM_RETURN crtn; - CSSM_ACCESS_CREDENTIALS creds; - CSSM_KEY wrappedKey; // should not get created - CSSM_KEY wrappingKey; - int irtn; - - /* first generate a DES wrapping key */ - if(genSymKey(cspHand, &wrappingKey, CSSM_ALGID_DES, "DES", - CSP_DES_KEY_SIZE_DEFAULT, - CSSM_KEYATTR_RETURN_REF, - CSSM_KEYUSE_ANY, CSSM_OK, quiet, - CSSM_FALSE, "not a test case")) { - return 1; - } - - memset(&wrappedKey, 0, sizeof(CSSM_KEY)); - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - - /* symmetric wrapping context */ - crtn = CSSM_CSP_CreateSymmetricContext(cspHand, - CSSM_ALGID_DES, - CSSM_ALGMODE_CBCPadIV8, - &creds, // passPhrase, - &wrappingKey, - NULL, // IV - CSSM_PADDING_PKCS5, - 0, // Params - &ccHand); - if(crtn) { - printError("cspWrapKey/CreateContext", crtn); - return testError(quiet); - } - - /* do it, demand error */ - crtn = CSSM_WrapKey(ccHand, - &creds, - unwrappedKey, - NULL, // DescriptiveData - &wrappedKey); - if(crtn != CSSMERR_CSP_INVALID_KEYATTR_MASK) { - printf("***Testing %s for alg %s:\n", testStr, keyAlgStr); - printf(" CSSM_WrapKey: expect CSSMERR_CSP_INVALID_KEYATTR_MASK, got %s\n", - cssmErrToStr(crtn)); - irtn = testError(quiet); - } - else { - irtn = 0; - } - CSSM_DeleteContext(ccHand); - cspFreeKey(cspHand, &wrappingKey); - return irtn; -} - - -/* - * Note for these op stubs, the data, mode, padding, etc. are unimportant as - * the ops are expected to fail during key extraction. - */ -static int badEncrypt( - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR key, - const char *keyAlgStr, - CSSM_ALGORITHMS opAlg, - CSSM_RETURN expectRtn, - CSSM_BOOL quiet, - const char *goodUseStr, - const char *badUseStr) -{ - CSSM_CC_HANDLE cryptHand; - CSSM_DATA ptext = {4, (uint8 *)"foo"}; - CSSM_DATA ctext = {0, NULL}; - CSSM_DATA remData = {0, NULL}; - CSSM_RETURN crtn; - CSSM_SIZE bytesEncrypted; - int irtn; - - cryptHand = genCryptHandle(cspHand, opAlg, CSSM_ALGMODE_NONE, CSSM_PADDING_NONE, - key, NULL /* key2 */, NULL /* iv */, 0, 0); - if(cryptHand == 0) { - return testError(quiet); - } - crtn = CSSM_EncryptData(cryptHand, &ptext, 1, &ctext, 1, &bytesEncrypted, &remData); - if(crtn != expectRtn) { - printf("***Testing %s key w/%s during %s:\n", keyAlgStr, goodUseStr, badUseStr); - printf(" CSSM_EncryptData: expect %s\n", cssmErrToStr(expectRtn)); - printf(" CSSM_EncryptData: got %s\n", cssmErrToStr(crtn)); - irtn = testError(quiet); - } - else { - irtn = 0; - } - /* assume no ctext or remdata - OK? */ - CSSM_DeleteContext(cryptHand); - return irtn; -} - -static int badDecrypt( - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR key, - const char *keyAlgStr, - CSSM_ALGORITHMS opAlg, - CSSM_RETURN expectRtn, - CSSM_BOOL quiet, - const char *goodUseStr, - const char *badUseStr) -{ - CSSM_CC_HANDLE cryptHand; - CSSM_DATA ctext = {4, (uint8 *)"foo"}; - CSSM_DATA ptext = {0, NULL}; - CSSM_DATA remData = {0, NULL}; - CSSM_RETURN crtn; - CSSM_SIZE bytesDecrypted; - int irtn; - - - cryptHand = genCryptHandle(cspHand, opAlg, CSSM_ALGMODE_NONE, CSSM_PADDING_NONE, - key, NULL /* key2 */, NULL /* iv */, 0, 0); - if(cryptHand == 0) { - return testError(quiet); - } - crtn = CSSM_DecryptData(cryptHand, &ctext, 1, &ptext, 1, &bytesDecrypted, &remData); - if(crtn != expectRtn) { - printf("***Testing %s key w/%s during %s:\n", keyAlgStr, goodUseStr, badUseStr); - printf(" CSSM_DecryptData: expect %s\n", cssmErrToStr(expectRtn)); - printf(" CSSM_DecryptData: got %s\n", cssmErrToStr(crtn)); - irtn = testError(quiet); - } - else { - irtn = 0; - } - /* assume no ptext or remdata - OK? */ - CSSM_DeleteContext(cryptHand); - return irtn; -} - -/* - * Given a reference key (any class, any alg), attempt to perform null wrap after - * munging various fields in the header. Every attempt should result in - * CSSMERR_CSP_INVALID_KEY_REFERENCE. - */ -static int badHdrTest( - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR key, - CSSM_BOOL quiet, - const char *keyAlgStr) -{ - CSSM_KEYHEADER *hdr = &key->KeyHeader; - CSSM_KEYHEADER savedHdr = *hdr; - - hdr->HeaderVersion++; - if(nullWrapTest(cspHand, key, quiet, CSSMERR_CSP_INVALID_KEY_REFERENCE, - keyAlgStr, "Munged hdr(HeaderVersion)")) { - return 1; - } - *hdr = savedHdr; - - hdr->CspId.Data1++; - if(nullWrapTest(cspHand, key, quiet, CSSMERR_CSP_INVALID_KEY_REFERENCE, - keyAlgStr, "Munged hdr(CspId.Data1)")) { - return 1; - } - *hdr = savedHdr; - - /* can't test BlobType for Format, they're known to differ */ - - hdr->AlgorithmId++; - if(nullWrapTest(cspHand, key, quiet, CSSMERR_CSP_INVALID_KEY_REFERENCE, - keyAlgStr, "Munged hdr(AlgorithmId)")) { - return 1; - } - *hdr = savedHdr; - - /* have to come up with valid KeyClass here */ - switch(hdr->KeyClass) { - case CSSM_KEYCLASS_PUBLIC_KEY: - hdr->KeyClass = CSSM_KEYCLASS_PRIVATE_KEY; break; - case CSSM_KEYCLASS_PRIVATE_KEY: - hdr->KeyClass = CSSM_KEYCLASS_SESSION_KEY; break; - case CSSM_KEYCLASS_SESSION_KEY: - hdr->KeyClass = CSSM_KEYCLASS_PUBLIC_KEY; break; - default: - printf("***BRZZAP! badHdrTest needs work\n"); - exit(1); - } - if(nullWrapTest(cspHand, key, quiet, CSSMERR_CSP_INVALID_KEY_REFERENCE, - keyAlgStr, "Munged hdr(KeyClass)")) { - return 1; - } - *hdr = savedHdr; - - hdr->LogicalKeySizeInBits++; - if(nullWrapTest(cspHand, key, quiet, CSSMERR_CSP_INVALID_KEY_REFERENCE, - keyAlgStr, "Munged hdr(LogicalKeySizeInBits)")) { - return 1; - } - *hdr = savedHdr; - - hdr->KeyAttr++; - if(nullWrapTest(cspHand, key, quiet, CSSMERR_CSP_INVALID_KEY_REFERENCE, - keyAlgStr, "Munged hdr(KeyAttr)")) { - return 1; - } - *hdr = savedHdr; - - hdr->StartDate.Day[0]++; - if(nullWrapTest(cspHand, key, quiet, CSSMERR_CSP_INVALID_KEY_REFERENCE, - keyAlgStr, "Munged hdr(StartDate.Day)")) { - return 1; - } - *hdr = savedHdr; - - hdr->EndDate.Year[1]++; - if(nullWrapTest(cspHand, key, quiet, CSSMERR_CSP_INVALID_KEY_REFERENCE, - keyAlgStr, "Munged hdr(EndDate.Year)")) { - return 1; - } - *hdr = savedHdr; - - hdr->WrapAlgorithmId++; - if(nullWrapTest(cspHand, key, quiet, CSSMERR_CSP_INVALID_KEY_REFERENCE, - keyAlgStr, "Munged hdr(WrapAlgorithmId)")) { - return 1; - } - *hdr = savedHdr; - - hdr->WrapMode++; - if(nullWrapTest(cspHand, key, quiet, CSSMERR_CSP_INVALID_KEY_REFERENCE, - keyAlgStr, "Munged hdr(WrapMode)")) { - return 1; - } - *hdr = savedHdr; - - return 0; -} - -/* - * Given some op alg, return a different op alg which is of the same class - * but should not work with an opAlg-related key. - */ -CSSM_ALGORITHMS badOpAlg( - CSSM_ALGORITHMS opAlg) -{ - switch(opAlg) { - /* symmetric block ciphers */ - case CSSM_ALGID_DES: return CSSM_ALGID_3DES_3KEY_EDE; - case CSSM_ALGID_3DES_3KEY_EDE: return CSSM_ALGID_RC2; - case CSSM_ALGID_RC2: return CSSM_ALGID_RC5; - case CSSM_ALGID_RC5: return CSSM_ALGID_AES; - case CSSM_ALGID_AES: return CSSM_ALGID_DES; - - /* symmetric stream ciphers */ - case CSSM_ALGID_ASC: return CSSM_ALGID_RC4; - case CSSM_ALGID_RC4: return CSSM_ALGID_ASC; - - /* asymmetric ciphers */ - case CSSM_ALGID_RSA: return CSSM_ALGID_FEEDEXP; - case CSSM_ALGID_FEEDEXP: return CSSM_ALGID_RSA; - - /* digital signature */ - case CSSM_ALGID_SHA1WithRSA: return CSSM_ALGID_SHA1WithDSA; - case CSSM_ALGID_SHA1WithDSA: return CSSM_ALGID_SHA1WithECDSA; - case CSSM_ALGID_SHA1WithECDSA: return CSSM_ALGID_SHA1WithRSA; - - default: printf("***BRRZAP! badOpAlg needs work.\n"); exit(1); - } - /* NOT REACHED */ - return 0; -} - -/* - * -- Generate symmetric key with specified alg and usage; - * -- Verify that it can't be used for any of the ops specified - * in badOpFlags using goodEncrAlg/goodSignAlg; - * -- Verify that it can't be used for goodOp/badAlg; - * - * Used by symUsageTest(). - * - */ -#define SYM_USAGE_ENABLE 1 - -static int badSymUsage( - CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS keyAlg, // alg of the key - const char *keyAlgStr, - uint32 keySizeInBits, - CSSM_KEYUSE keyUse, // gen key with this usage - CSSM_ALGORITHMS goodEncrAlg, // key is good for this encryption alg - CSSM_ALGORITHMS goodSignAlg, // key is good for this sign alg (may not be used) - unsigned badOpFlags, // array of (OP_DECRYPT,...) - unsigned goodOp, // one good op... - CSSM_ALGORITHMS badAlg, // ..which fails for this alg - CSSM_BOOL quiet, - const char *useStr) -{ - CSSM_KEY symKey; - int irtn; - - if(genSymKey(cspHand, &symKey, keyAlg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_REF, keyUse, CSSM_OK, quiet, CSSM_FALSE, useStr)) { - return 1; - } - #if SYM_USAGE_ENABLE - if(!quiet) { - printf(" ...testing key usage\n"); - } - if(badOpFlags & OP_ENCRYPT) { - irtn = badEncrypt(cspHand, &symKey, keyAlgStr, goodEncrAlg, - CSSMERR_CSP_KEY_USAGE_INCORRECT, quiet, useStr, "ENCRYPT"); - if(irtn) { - goto abort; - } - } - if(badOpFlags & OP_DECRYPT) { - irtn = badDecrypt(cspHand, &symKey, keyAlgStr, goodEncrAlg, - CSSMERR_CSP_KEY_USAGE_INCORRECT, quiet, useStr, "DECRYPT"); - if(irtn) { - goto abort; - } - } - #endif /* SYM_USAGE_ENABLE */ - - /* now do a good op with an incorrect algorithm */ - if(!quiet) { - printf(" ...testing key/algorithm match\n"); - } - if(goodOp & OP_ENCRYPT) { - irtn = badEncrypt(cspHand, &symKey, keyAlgStr, badAlg, - CSSMERR_CSP_ALGID_MISMATCH, quiet, useStr, "ENCRYPT w/bad alg"); - if(irtn) { - goto abort; - } - } - if(goodOp & OP_DECRYPT) { - irtn = badDecrypt(cspHand, &symKey, keyAlgStr, badAlg, - CSSMERR_CSP_ALGID_MISMATCH, quiet, useStr, "DECRYPT w/bad alg"); - if(irtn) { - goto abort; - } - } -abort: - cspFreeKey(cspHand, &symKey); - return irtn; -} - -/* - * Verify symmetric key usage behavior: - * - * gen key with KEYUSE_ENCRYPT - * make sure you can't use it for decrypt - * make sure you can't use it for encrypting with other alg - * gen key with KEYUSE_DECRYPT - * make sure you can't use it for encrypt - * make sure you can't use it for decrypting with other alg - * gen key with KEYUSE_SIGN (mac) - * make sure you can't use it for encrypt or decrypt - * gen key with KEYUSE_VERIFY (mac verify) - * make sure you can't use it for encrypt or decrypt - */ -int symUsageTest( - CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS keyAlg, - const char *keyAlgStr, - CSSM_ALGORITHMS encrAlg, - CSSM_ALGORITHMS signAlg, - uint32 keySizeInBits, - CSSM_BOOL quiet) -{ - if(!quiet) { - printf(" ...testing encrypt-enabled key\n"); - } - if(badSymUsage(cspHand, keyAlg, keyAlgStr, keySizeInBits, CSSM_KEYUSE_ENCRYPT, - encrAlg, signAlg, OP_DECRYPT, OP_ENCRYPT, badOpAlg(encrAlg), - quiet, "ENCRYPT")) { - return 1; - } - if(!quiet) { - printf(" ...testing decrypt-enabled key\n"); - } - if(badSymUsage(cspHand, keyAlg, keyAlgStr, keySizeInBits, CSSM_KEYUSE_DECRYPT, - encrAlg, signAlg, OP_ENCRYPT, OP_DECRYPT, badOpAlg(encrAlg), - quiet, "DECRYPT")) { - return 1; - } - return 0; -} - -/* - * Verify symmetric key attribute behavior: - * - * check that you can not gen a key with { - * CSSM_KEYATTR_ALWAYS_SENSITIVE - * CSSM_KEYATTR_NEVER_EXTRACTABLE - * CSSM_KEYATTR_PERMANENT - * CSSM_KEYATTR_PRIVATE - * CSSM_KEYATTR_RETURN_DATA | !CSSM_KEYATTR_EXTRACTABLE - * CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_SENSITIVE - * CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_RETURN_REF - * } - */ -int symAttrTest( - CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS alg, - const char *keyAlgStr, - uint32 keySizeInBits, - CSSM_BOOL bareCsp, - CSSM_BOOL quiet) -{ - CSSM_KEY key; - - if(!quiet) { - printf(" ...testing key attr\n"); - } - if(bareCsp || CSPDL_ALWAYS_SENSITIVE_CHECK) { - if(genSymKey(cspHand, &key, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_ALWAYS_SENSITIVE, - CSSM_KEYUSE_ANY, CSSMERR_CSP_INVALID_KEYATTR_MASK, quiet, - CSSM_TRUE, "ALWAYS_SENSITIVE")) { - return 1; - } - } - if(bareCsp || CSPDL_NEVER_EXTRACTABLE_CHECK) { - if(genSymKey(cspHand, &key, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_NEVER_EXTRACTABLE, - CSSM_KEYUSE_ANY, CSSMERR_CSP_INVALID_KEYATTR_MASK, quiet, - CSSM_TRUE, "NEVER_EXTRACTABLE")) { - return 1; - } - } - /* - * bare CSP : CSSMERR_CSP_UNSUPPORTED_KEYATTR_MASK - * CSPDL : CSSMERR_CSP_MISSING_ATTR_DL_DB_HANDLE - */ - if(genSymKey(cspHand, &key, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT, - CSSM_KEYUSE_ANY, - bareCsp ? CSSMERR_CSP_UNSUPPORTED_KEYATTR_MASK : - CSSMERR_CSP_MISSING_ATTR_DL_DB_HANDLE, - quiet, - CSSM_TRUE, "PERMANENT")) { - return 1; - } - if(genSymKey(cspHand, &key, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PRIVATE, - CSSM_KEYUSE_ANY, CSSMERR_CSP_UNSUPPORTED_KEYATTR_MASK, quiet, - CSSM_TRUE, "PRIVATE")) { - return 1; - } - if(bareCsp) { - /* CSPDL doesn't support RETURN_DATA */ - if(genSymKey(cspHand, &key, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_DATA /* and !extractable */, - CSSM_KEYUSE_ANY, - CSSMERR_CSP_INVALID_KEYATTR_MASK, quiet, - CSSM_TRUE, "RETURN_DATA | !EXTRACTABLE")) { - return 1; - } - if(genSymKey(cspHand, &key, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_SENSITIVE, - CSSM_KEYUSE_ANY, CSSMERR_CSP_INVALID_KEYATTR_MASK, quiet, - CSSM_TRUE, "RETURN_DATA | SENSITIVE")) { - return 1; - } - if(genSymKey(cspHand, &key, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_RETURN_REF, - CSSM_KEYUSE_ANY, CSSMERR_CSP_INVALID_KEYATTR_MASK, quiet, - CSSM_TRUE, "RETURN_DATA | RETURN_REF")) { - return 1; - } - } - return 0; -} - -/* - * Verify proper symmetric key null wrap operation. - * - * gen ref key, CSSM_KEYATTR_SENSITIVE, vfy you can't do null wrap; - * gen ref key, !CSSM_KEYATTR_EXTRACTABLE, vfy you can't do null wrap; - */ -int symNullWrapTest( - CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS alg, - const char *keyAlgStr, - uint32 keySizeInBits, - CSSM_BOOL quiet) -{ - CSSM_KEY key; - - if(!quiet) { - printf(" ...testing access to inaccessible key bits via NULL wrap\n"); - } - - /* gen ref key, CSSM_KEYATTR_SENSITIVE, vfy you can't do null wrap */ - if(genSymKey(cspHand, &key, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_SENSITIVE, - CSSM_KEYUSE_ANY, CSSM_OK, quiet, - CSSM_FALSE, "SENSITIVE | RETURN_REF")) { - return 1; - } - if(nullWrapTest(cspHand, &key, quiet, CSSMERR_CSP_INVALID_KEYATTR_MASK, - keyAlgStr, "KEYATTR_SENSITIVE")) { - return 1; - } - cspFreeKey(cspHand, &key); - - /* gen ref key, !CSSM_KEYATTR_EXTRACTABLE, vfy you can't do null wrap */ - if(genSymKey(cspHand, &key, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_REF /* !CSSM_KEYATTR_EXTRACTABLE */, - CSSM_KEYUSE_ANY, CSSM_OK, quiet, - CSSM_FALSE, "!EXTRACTABLE | RETURN_REF")) { - return 1; - } - if(nullWrapTest(cspHand, &key, quiet, CSSMERR_CSP_INVALID_KEYATTR_MASK, - keyAlgStr, "!EXTRACTABLE")) { - return 1; - } - cspFreeKey(cspHand, &key); - - return 0; -} - -/* - * Verify proper symmetric key wrap !EXTRACTABLE handling. - * - * Gen unwrapped ref key, !CSSM_KEYATTR_EXTRACTABLE; - * Gen wrapping key - a simple DES key; - * vfy you can't wrap unwrappedKey with wrappingKey; - */ -int symBadWrapTest( - CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS alg, - const char *keyAlgStr, - uint32 keySizeInBits, - CSSM_BOOL quiet) -{ - CSSM_KEY unwrappedKey; - - if(!quiet) { - printf(" ...testing access to !EXTRACTABLE key bits via PKCS7 wrap\n"); - } - - /* gen ref key, CSSM_KEYATTR_SENSITIVE, !EXTRACTABLE */ - if(genSymKey(cspHand, &unwrappedKey, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_SENSITIVE, - CSSM_KEYUSE_ANY, CSSM_OK, quiet, - CSSM_FALSE, "SENSITIVE | RETURN_REF")) { - return 1; - } - if(badWrapTest(cspHand, - &unwrappedKey, - CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7, - quiet, keyAlgStr, - "!EXTRACTABLE wrap")) { - return 1; - } - cspFreeKey(cspHand, &unwrappedKey); - return 0; -} - -/* - * Verify proper asymmetric key wrap !EXTRACTABLE handling. - * - * Gen unwrapped ref key, !CSSM_KEYATTR_EXTRACTABLE; - * Gen wrapping key - a simple DES key; - * vfy you can't wrap unwrappedKey with wrappingKey; - */ -int asymBadWrapTest( - CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS alg, - const char *keyAlgStr, - uint32 keySizeInBits, - CSSM_BOOL quiet) -{ - CSSM_KEY pubKey; - CSSM_KEY privKey; - - if(!quiet) { - printf(" ...testing access to !EXTRACTABLE key bits via CUSTOM wrap\n"); - } - - /* gen ref key, CSSM_KEYATTR_SENSITIVE, !EXTRACTABLE */ - if(genKeyPair(cspHand, alg, keyAlgStr, keySizeInBits, - &pubKey, CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE, - CSSM_KEYUSE_ANY, - &privKey, CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_SENSITIVE, - CSSM_KEYUSE_ANY, - CSSM_OK, quiet, CSSM_FALSE, "RETURN_REF | SENSITIVE")) { - return 1; - } - if(badWrapTest(cspHand, - &privKey, - CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM, - quiet, keyAlgStr, - "!EXTRACTABLE wrap")) { - return 1; - } - cspFreeKey(cspHand, &privKey); - cspFreeKey(cspHand, &pubKey); - return 0; -} - -/* - * Generate a ref key, munge various fields in the header, verify that attempts - * to use the munged key result in CSSMERR_CSP_INVALID_KEY_REFERENCE. - */ -int symHeaderTest( - CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS keyAlg, - const char *keyAlgStr, - CSSM_ALGORITHMS encrAlg, - CSSM_ALGORITHMS signAlg, - uint32 keySizeInBits, - CSSM_BOOL quiet) -{ - CSSM_KEY key; - - if(!quiet) { - printf(" ...testing munged ref key header\n"); - } - if(genSymKey(cspHand, &key, keyAlg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE, - CSSM_KEYUSE_ANY, CSSM_OK, quiet, - CSSM_FALSE, "RETURN_REF")) { - return 1; - } - if(badHdrTest(cspHand, &key, quiet, keyAlgStr)) { - return 1; - } - cspFreeKey(cspHand, &key); - return 0; -} - -/* - * Generate key pair, specified pub key attr and expected result, standard - * "good" priv key attr. Used by asymAttrTest(). - */ -static int pubKeyAttrTest( - CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS alg, - const char *keyAlgStr, - uint32 keySizeInBits, - CSSM_KEYATTR_FLAGS pubKeyAttr, - CSSM_RETURN expectRtn, - CSSM_BOOL quiet, - const char *testStr) -{ - CSSM_KEY pubKey; - CSSM_KEY privKey; - - return genKeyPair(cspHand, alg, keyAlgStr, keySizeInBits, - &pubKey, pubKeyAttr, CSSM_KEYUSE_ANY, - &privKey, CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_SENSITIVE, CSSM_KEYUSE_ANY, - expectRtn, quiet, CSSM_TRUE, testStr); -} - -/* - * Generate key pair, specified priv key attr and expected result, standard - * "good" pub key attr. Used by asymAttrTest(). - */ -static int privKeyAttrTest( - CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS alg, - const char *keyAlgStr, - uint32 keySizeInBits, - CSSM_KEYATTR_FLAGS privKeyAttr, - CSSM_RETURN expectRtn, - CSSM_BOOL quiet, - const char *testStr) -{ - CSSM_KEY pubKey; - CSSM_KEY privKey; - - return genKeyPair(cspHand, alg, keyAlgStr, keySizeInBits, - &pubKey, CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE, - CSSM_KEYUSE_ANY, - &privKey, privKeyAttr, CSSM_KEYUSE_ANY, - expectRtn, quiet, CSSM_TRUE, testStr); -} - -/* - * Verify asymmetric key attribute behavior. - * - * check that you can't gen pub key with { - * CSSM_KEYATTR_ALWAYS_SENSITIVE - * CSSM_KEYATTR_NEVER_EXTRACTABLE - * CSSM_KEYATTR_PERMANENT - * CSSM_KEYATTR_PRIVATE - * CSSM_KEYATTR_RETURN_DATA | !CSSM_KEYATTR_EXTRACTABLE - * CSSM_KEYATTR_RETURN_REF | !CSSM_KEYATTR_EXTRACTABLE - * CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_SENSITIVE - * CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_SENSITIVE - * } - * check that you can't gen priv key with { - * CSSM_KEYATTR_ALWAYS_SENSITIVE - * CSSM_KEYATTR_NEVER_EXTRACTABLE - * CSSM_KEYATTR_PERMANENT - * CSSM_KEYATTR_PRIVATE - * CSSM_KEYATTR_RETURN_DATA | !CSSM_KEYATTR_EXTRACTABLE - * CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_SENSITIVE - * } - */ -static int asymAttrTest( - CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS alg, - const char *keyAlgStr, - uint32 keySizeInBits, - CSSM_BOOL bareCsp, - CSSM_BOOL quiet) -{ - #if CSPDL_ALL_KEYS_ARE_PERMANENT - printf(" ...SKIPING asymAttrTest due to Radar 3732910\n"); - return 0; - #endif - if(!quiet) { - printf(" ...testing key attr\n"); - } - if(bareCsp || CSPDL_ALWAYS_SENSITIVE_CHECK) { - if(pubKeyAttrTest(cspHand, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_ALWAYS_SENSITIVE, - CSSMERR_CSP_INVALID_KEYATTR_MASK, quiet, "ALWAYS_SENSITIVE pub")) { - return 1; - } - } - if(bareCsp || CSPDL_NEVER_EXTRACTABLE_CHECK) { - if(pubKeyAttrTest(cspHand, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_NEVER_EXTRACTABLE, - CSSMERR_CSP_INVALID_KEYATTR_MASK, quiet, "NEVER_EXTRACTABLE pub")) { - return 1; - } - } - if(pubKeyAttrTest(cspHand, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT | - CSSM_KEYATTR_EXTRACTABLE, - bareCsp ? - /* bare CSP - permanent is checked first, this is the error */ - CSSMERR_CSP_UNSUPPORTED_KEYATTR_MASK : - /* CSPDL - SS strips off permanent, then does key gen (so we'd - * better specify EXTRACTABLE!), *then* checks for DLDB. */ - CSSMERR_CSP_MISSING_ATTR_DL_DB_HANDLE, - quiet, "PERMANENT pub")) { - return 1; - } - if(pubKeyAttrTest(cspHand, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PRIVATE | - CSSM_KEYATTR_EXTRACTABLE, - CSSMERR_CSP_UNSUPPORTED_KEYATTR_MASK, quiet, "PRIVATE pub")) { - return 1; - } - if(bareCsp) { - /* CSPDL doesn't support RETURN_DATA */ - if(pubKeyAttrTest(cspHand, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_DATA /* | !CSSM_KEYATTR_EXTRACTABLE */, - CSSMERR_CSP_INVALID_KEYATTR_MASK, quiet, - "RETURN_DATA | !EXTRACTABLE pub")) { - return 1; - } - } - /* pub key should always be extractable */ - if(pubKeyAttrTest(cspHand, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_REF /* | !CSSM_KEYATTR_EXTRACTABLE */, - CSSMERR_CSP_INVALID_KEYATTR_MASK, quiet, - "RETURN_REF | !EXTRACTABLE pub")) { - return 1; - } - /* pub keys can't be sensitive */ - if(bareCsp) { - /* CSPDL doesn't support RETURN_DATA */ - if(pubKeyAttrTest(cspHand, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_SENSITIVE, - CSSMERR_CSP_INVALID_KEYATTR_MASK, quiet, "RETURN_DATA | SENSITIVE pub")) { - return 1; - } - } - if(pubKeyAttrTest(cspHand, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_SENSITIVE, - CSSMERR_CSP_INVALID_KEYATTR_MASK, quiet, "RETURN_REF | !SENSITIVE pub")) { - return 1; - } - - /* priv key attr tests */ - if(bareCsp || CSPDL_ALWAYS_SENSITIVE_CHECK) { - if(privKeyAttrTest(cspHand, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_ALWAYS_SENSITIVE, - CSSMERR_CSP_INVALID_KEYATTR_MASK, quiet, "ALWAYS_SENSITIVE priv")) { - return 1; - } - } - if(bareCsp || CSPDL_NEVER_EXTRACTABLE_CHECK) { - if(privKeyAttrTest(cspHand, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_NEVER_EXTRACTABLE, - CSSMERR_CSP_INVALID_KEYATTR_MASK, quiet, "NEVER_EXTRACTABLE priv")) { - return 1; - } - } - if(privKeyAttrTest(cspHand, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT, - bareCsp ? CSSMERR_CSP_UNSUPPORTED_KEYATTR_MASK : - CSSMERR_CSP_MISSING_ATTR_DL_DB_HANDLE, - quiet, "PERMANENT priv")) { - return 1; - } - if(privKeyAttrTest(cspHand, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PRIVATE, - CSSMERR_CSP_UNSUPPORTED_KEYATTR_MASK, quiet, "PRIVATE priv")) { - return 1; - } - if(bareCsp) { - /* CSPDL doesn't support RETURN_DATA */ - if(privKeyAttrTest(cspHand, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_DATA /* | CSSM_KEYATTR_EXTRACTABLE */, - CSSMERR_CSP_INVALID_KEYATTR_MASK, quiet, - "RETURN_DATA | !EXTRACTABLE priv")) { - return 1; - } - if(privKeyAttrTest(cspHand, alg, keyAlgStr, keySizeInBits, - CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_SENSITIVE, - CSSMERR_CSP_INVALID_KEYATTR_MASK, quiet, "RETURN_DATA | SENSITIVE priv")) { - return 1; - } - } - return 0; -} - -/* - * Verify asymmetric key null wrap behavior: - * gen ref key, CSSM_KEYATTR_SENSITIVE, vfy you can't do null wrap; - * gen ref key, !CSSM_KEYATTR_EXTRACTABLE, vfy you can't do null wrap; - */ -static int asymNullWrapTest( - CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS alg, - const char *keyAlgStr, - uint32 keySizeInBits, - CSSM_BOOL quiet) -{ - CSSM_KEY pubKey; - CSSM_KEY privKey; - - if(!quiet) { - printf(" ...testing access to inaccessible key bits via NULL wrap\n"); - } - /* gen priv ref key, CSSM_KEYATTR_SENSITIVE, vfy you can't do null wrap */ - if(genKeyPair(cspHand, alg, keyAlgStr, keySizeInBits, - &pubKey, CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE, - CSSM_KEYUSE_ANY, - &privKey, CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_SENSITIVE, - CSSM_KEYUSE_ANY, - CSSM_OK, quiet, CSSM_FALSE, "RETURN_REF | SENSITIVE")) { - return 1; - } - if(nullWrapTest(cspHand, &privKey, quiet, CSSMERR_CSP_INVALID_KEYATTR_MASK, - keyAlgStr, "SENSITIVE")) { - return 1; - } - cspFreeKey(cspHand, &privKey); - cspFreeKey(cspHand, &pubKey); - - /* gen priv ref key, !CSSM_KEYATTR_EXTRACTABLE, vfy you can't do null wrap */ - if(genKeyPair(cspHand, alg, keyAlgStr, keySizeInBits, - &pubKey, CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE, - CSSM_KEYUSE_ANY, - &privKey, CSSM_KEYATTR_RETURN_REF /* | !EXTRACTABLE */, CSSM_KEYUSE_ANY, - CSSM_OK, quiet, CSSM_FALSE, "RETURN_REF | !EXTRACTABLE")) { - return 1; - } - if(nullWrapTest(cspHand, &privKey, quiet, CSSMERR_CSP_INVALID_KEYATTR_MASK, - keyAlgStr, "!EXTRACTABLE")) { - return 1; - } - cspFreeKey(cspHand, &privKey); - cspFreeKey(cspHand, &pubKey); - return 0; -} - -/* - * Generate public and private ref keys, munge various fields in the header, - * verify that attempts to use the munged key result in - * CSSMERR_CSP_INVALID_KEY_REFERENCE. - */ -int asymHeaderTest( - CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS keyAlg, - const char *keyAlgStr, - CSSM_ALGORITHMS encrAlg, - CSSM_ALGORITHMS signAlg, - uint32 keySizeInBits, - CSSM_BOOL quiet) -{ - CSSM_KEY privKey; - CSSM_KEY pubKey; - - if(!quiet) { - printf(" ...testing munged ref key header\n"); - } - if(genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits, - &pubKey, CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE, - CSSM_KEYUSE_ANY, - &privKey, CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE, - CSSM_KEYUSE_ANY, - CSSM_OK, quiet, CSSM_FALSE, "RETURN_REF")) { - return 1; - } - if(badHdrTest(cspHand, &privKey, quiet, keyAlgStr)) { - return 1; - } - if(badHdrTest(cspHand, &pubKey, quiet, keyAlgStr)) { - return 1; - } - cspFreeKey(cspHand, &privKey); - cspFreeKey(cspHand, &pubKey); - return 0; -} - -/* map one of our private privAlgs (ALG_DES, etc.) to associated CSSM info. */ -void privAlgToCssm( - privAlg palg, - CSSM_ALGORITHMS *keyAlg, - CSSM_ALGORITHMS *signAlg, // CSSM_ALGID_NONE means incapable (e.g., DES) - CSSM_ALGORITHMS *encrAlg, // CSSM_ALGID_NONE means incapable (e.g., DSA) - uint32 *keySizeInBits, - const char **keyAlgStr) -{ - *signAlg = *encrAlg = CSSM_ALGID_NONE; // default - switch(palg) { - case ALG_ASC: - *encrAlg = *keyAlg = CSSM_ALGID_ASC; - *keySizeInBits = CSP_ASC_KEY_SIZE_DEFAULT; - *keyAlgStr = "ASC"; - break; - case ALG_DES: - *encrAlg = *keyAlg = CSSM_ALGID_DES; - *keySizeInBits = CSP_DES_KEY_SIZE_DEFAULT; - *keyAlgStr = "DES"; - break; - case ALG_3DES: - *encrAlg = CSSM_ALGID_3DES_3KEY_EDE; - *keyAlg = CSSM_ALGID_3DES_3KEY; - *keySizeInBits = CSP_DES3_KEY_SIZE_DEFAULT; - *keyAlgStr = "3DES"; - break; - case ALG_RC2: - *encrAlg = *keyAlg = CSSM_ALGID_RC2; - *keySizeInBits = CSP_RC2_KEY_SIZE_DEFAULT; - *keyAlgStr = "RC2"; - break; - case ALG_RC4: - *encrAlg = *keyAlg = CSSM_ALGID_RC4; - *keySizeInBits = CSP_RC4_KEY_SIZE_DEFAULT; - *keyAlgStr = "RC4"; - break; - case ALG_RC5: - *encrAlg = *keyAlg = CSSM_ALGID_RC5; - *keySizeInBits = CSP_RC5_KEY_SIZE_DEFAULT; - *keyAlgStr = "RC5"; - break; - case ALG_AES: - *encrAlg = *keyAlg = CSSM_ALGID_AES; - *keySizeInBits = CSP_AES_KEY_SIZE_DEFAULT; - *keyAlgStr = "AES"; - break; - case ALG_RSA: - *keyAlg = CSSM_ALGID_RSA; - *encrAlg = CSSM_ALGID_RSA; - *signAlg = CSSM_ALGID_SHA1WithRSA; - *keySizeInBits = CSP_RSA_KEY_SIZE_DEFAULT; - *keyAlgStr = "RSA"; - break; - case ALG_DSA: - *keyAlg = CSSM_ALGID_DSA; - *signAlg = CSSM_ALGID_SHA1WithDSA; - *keySizeInBits = CSP_DSA_KEY_SIZE_DEFAULT; - *keyAlgStr = "DSA"; - break; - case ALG_FEE: - *keyAlg = CSSM_ALGID_FEE; - *signAlg = CSSM_ALGID_SHA1WithECDSA; - *encrAlg = CSSM_ALGID_FEEDEXP; - *keySizeInBits = CSP_FEE_KEY_SIZE_DEFAULT; - *keyAlgStr = "FEE"; - break; - case ALG_ECDSA: - *keyAlg = CSSM_ALGID_ECDSA; - *signAlg = CSSM_ALGID_SHA1WithECDSA; - *keySizeInBits = CSP_ECDSA_KEY_SIZE_DEFAULT; - *keyAlgStr = "ECDSA"; - break; - default: - printf("***BRRZAP! privAlgToCssm needs work\n"); - exit(1); - } - return; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - CSSM_CSP_HANDLE cspHand; - CSSM_ALGORITHMS keyAlg; // CSSM_ALGID_xxx of the key - CSSM_ALGORITHMS signAlg; // CSSM_ALGID_xxx of the associated signing op - CSSM_ALGORITHMS encrAlg; // CSSM_ALGID_xxx of the associated encrypt op - privAlg palg; - uint32 keySizeInBits; - int rtn; - int i; - const char *keyAlgStr; - - /* - * User-spec'd params - */ - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_BOOL doSym = CSSM_TRUE; - CSSM_BOOL doAsym = CSSM_TRUE; - CSSM_BOOL bareCsp = CSSM_TRUE; - - for(arg=1; arg -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "cspdlTesting.h" - -#define USAGE_NAME "noUsage" -#define USAGE_NAME_LEN (strlen(USAGE_NAME)) - -/* - * HMAC/SHA1 can not do multiple updates with BSAFE (though the CSP's current - * internal implementation can.) - * Fixed in Puma; the bug was in BSAFE. - */ -#define HMACSHA_MULTI_UPDATES 1 - -/* - * Defaults. - */ -#define LOOPS_DEF 10 -#define MIN_EXP 2 /* for data size 10**exp */ -#define DEFAULT_MAX_EXP 2 -#define MAX_EXP 5 -#define INCR_DEFAULT 0 /* munge every incr bytes - zero means - * "adjust per ptext size" */ - -/* - * Enumerate algs our own way to allow iteration. - */ -#define ALG_SHA1HMAC 1 -#define ALG_MD5HMAC 2 -#define ALG_FIRST ALG_SHA1HMAC -#define ALG_LAST ALG_MD5HMAC -#define MAX_DATA_SIZE (100000 + 100) /* bytes */ - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" n=minExp (default=%d)\n", MIN_EXP); - printf(" x=maxExp (default=%d, max=%d)\n", DEFAULT_MAX_EXP, MAX_EXP); - printf(" i=increment (default=%d)\n", INCR_DEFAULT); - printf(" r(eference keys only)\n"); - printf(" m (CSM mallocs MAC)\n"); - printf(" p=pauseInterval (default=0, no pause)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -#define LOG_FREQ 20 -static int doTest(CSSM_CSP_HANDLE cspHand, - uint32 macAlg, // CSSM_ALGID_xxx mac algorithm - CSSM_DATA_PTR ptext, - CSSM_BOOL verbose, - CSSM_BOOL quiet, - unsigned keySize, - unsigned incr, - CSSM_BOOL stagedGen, - CSSM_BOOL stagedVerify, - CSSM_BOOL mallocMac, - CSSM_BOOL refKey) -{ - CSSM_KEY_PTR symmKey; - CSSM_DATA mac = {0, NULL}; - unsigned length; - unsigned byte; - unsigned char *data; - unsigned char origData; - unsigned char bits; - int rtn = 0; - CSSM_RETURN crtn; - uint32 keyGenAlg; - unsigned loop = 0; - - switch(macAlg) { - case CSSM_ALGID_SHA1HMAC: - keyGenAlg = CSSM_ALGID_SHA1HMAC; - break; - case CSSM_ALGID_MD5HMAC: - keyGenAlg = CSSM_ALGID_MD5HMAC; - break; - default: - printf("bogus algorithm\n"); - return 1; - } - symmKey = cspGenSymKey(cspHand, - keyGenAlg, - "noLabel", - 7, - CSSM_KEYUSE_SIGN | CSSM_KEYUSE_VERIFY, - keySize, - refKey); - if(symmKey == NULL) { - rtn = testError(quiet); - goto abort; - } - if(stagedGen) { - crtn = cspStagedGenMac(cspHand, - macAlg, - symmKey, - ptext, - mallocMac, - CSSM_TRUE, // multi - &mac); - } - else { - crtn = cspGenMac(cspHand, - macAlg, - symmKey, - ptext, - &mac); - } - if(crtn) { - rtn = 1; - goto abort; - } - if(stagedVerify) { - crtn = cspStagedMacVerify(cspHand, - macAlg, - symmKey, - ptext, - &mac, - CSSM_TRUE, // multi - CSSM_OK); // expectedResult - } - else { - crtn = cspMacVerify(cspHand, - macAlg, - symmKey, - ptext, - &mac, - CSSM_OK); - } - if(crtn) { - printf("**Unexpected BAD MAC\n"); - return testError(quiet); - } - data = (unsigned char *)ptext->Data; - length = ptext->Length; - for(byte=0; byte MAX_EXP) { - usage(argv); - } - break; - case 'i': - incr = atoi(&argp[2]); - break; - case 'p': - pauseInterval = atoi(&argp[2]); - break; - case 'D': - bareCsp = CSSM_FALSE; - #if CSPDL_ALL_KEYS_ARE_REF - refKeysOnly = CSSM_TRUE; - #endif - break; - case 'r': - refKeysOnly = CSSM_TRUE; - break; - case 'm': - cspMallocs = CSSM_TRUE; - break; - case 'v': - verbose = CSSM_TRUE; - break; - case 'q': - quiet = CSSM_TRUE; - break; - case 'h': - default: - usage(argv); - } - } - ptext.Data = (uint8 *)CSSM_MALLOC(MAX_DATA_SIZE); - /* length set in test loop */ - if(ptext.Data == NULL) { - printf("Insufficient heap\n"); - exit(1); - } - printf("Starting badmac; args: "); - for(i=1; i -#include -#include -#include -#include -#include "cspwrap.h" -#include -#include "cspwrap.h" -#include "common.h" -#include "cspdlTesting.h" - -#define USAGE_NAME "noUsage" -#define USAGE_NAME_LEN (strlen(USAGE_NAME)) - -/* - * Defaults. - */ -#define LOOPS_DEF 10 -#define MIN_EXP 2 /* for data size 10**exp */ -#define DEFAULT_MAX_EXP 2 -#define MAX_EXP 5 -#define INCR_DEFAULT 0 /* munge every incr bytes - zero means - * "adjust per ptext size" */ -#define FEE_PASSWD_LEN 32 /* private data length in bytes, FEE only */ - - -/* - * Enumerate algs our own way to allow iteration. - */ -#define ALG_FEE_MD5 1 -#define ALG_FEE_SHA1 2 -#define ALG_ECDSA 3 -#define ALG_ANSI_ECDSA 4 -#define ALG_RSA 5 -#define ALG_DSA 6 -#define ALG_RAW_RSA_SHA1 7 -#define ALG_RAW_DSA_SHA1 8 -#define ALG_RSA_SHA224 9 -#define ALG_RSA_SHA256 10 -#define ALG_RSA_SHA384 11 -#define ALG_RSA_SHA512 12 -#define ALG_ECDSA_SHA256 13 -#define ALG_ECDSA_SHA384 14 -#define ALG_ECDSA_SHA512 15 - - -#define ALG_FIRST ALG_FEE_MD5 -#define ALG_LAST ALG_ECDSA_SHA512 -#define MAX_DATA_SIZE (100000 + 100) /* bytes */ - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" a=algorithm (f=FEE/MD5; F=FEE/SHA1; e=ECDSA; r=RSA; d=DSA; R=raw RSA; \n"); - printf(" D=raw DSA; 2=RSA/SHA224; 6=RSA/SHA256; 3=RSA/SHA384; 5=RSA/SHA512; default=all)\n"); - printf(" E=ECDSA/ANSI; 7=ECDSA/SHA256; 8=ECDSA/SHA384; 9=ECDSA/512; default=all\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" n=minExp (default=%d)\n", MIN_EXP); - printf(" x=maxExp (default=%d, max=%d)\n", DEFAULT_MAX_EXP, MAX_EXP); - printf(" k=keySize (r=random; default fixed per algorithm)\n"); - printf(" i=increment (default=%d)\n", INCR_DEFAULT); - printf(" R(ef keys only)\n"); - printf(" p=pauseInterval (default=0, no pause)\n"); - printf(" P=primeType (m=Mersenne, f=FEE, g=general; FEE only)\n"); - printf(" C=curveType (m=Montgomery, w=Weierstrass, g=general; FEE only)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -#define LOG_FREQ 20 - -static int doTest(CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS sigAlg, // CSSM_ALGID_xxx signature algorithm - CSSM_ALGORITHMS keyGenAlg, - CSSM_DATA_PTR ptext, - CSSM_BOOL verbose, - CSSM_BOOL quiet, - CSSM_BOOL randKeySize, - uint32 keySize, - unsigned incr, - CSSM_BOOL pubIsRef, - CSSM_KEYBLOB_FORMAT pubFormat, - CSSM_BOOL privIsRef, - CSSM_KEYBLOB_FORMAT privFormat, - CSSM_BOOL stagedSign, - CSSM_BOOL stagedVerify, - CSSM_BOOL genSeed, - uint32 primeType, // CSSM_FEE_PRIME_TYPE_xxx, FEE only - uint32 curveType, // CSSM_FEE_CURVE_TYPE_xxx, FEE only - CSSM_BOOL genParams) // DSA only -{ - CSSM_KEY pubKey; - CSSM_KEY privKey; - CSSM_DATA sig = {0, NULL}; - unsigned length; - unsigned byte; - unsigned char *data; - unsigned char origData; - unsigned char bits; - int rtn = 0; - CSSM_RETURN crtn; - unsigned loop = 0; - - if(keyGenAlg == CSSM_ALGID_FEE) { - uint8 passwd[FEE_PASSWD_LEN]; - CSSM_DATA pwdData = {FEE_PASSWD_LEN, passwd}; - CSSM_DATA_PTR pwdDataPtr; - - if(randKeySize) { - /* random params for this op */ - randFeeKeyParams(sigAlg, &keySize, &primeType, &curveType); - } - /* else use caller's size, primeType, curveType */ - - if(genSeed) { - simpleGenData(&pwdData, FEE_PASSWD_LEN, FEE_PASSWD_LEN); - pwdDataPtr = &pwdData; - } - else { - pwdDataPtr = NULL; - } - if(verbose) { - printf(" key size %u primeType %s curveType %s\n", - (unsigned)keySize, primeTypeStr(primeType), curveTypeStr(curveType)); - } /* verbose */ - rtn = cspGenFEEKeyPair(cspHand, - USAGE_NAME, - USAGE_NAME_LEN, - keySize, - primeType, - curveType, - &pubKey, - pubIsRef, - CSSM_KEYUSE_VERIFY, - pubFormat, - &privKey, - privIsRef, - CSSM_KEYUSE_SIGN, - privFormat, - pwdDataPtr); - } /* FEE */ - else { - if(randKeySize) { - keySize = randKeySizeBits(keyGenAlg, OT_Sign); - } - if(verbose) { - printf(" key size %u\n", (unsigned)keySize); - } - if(keyGenAlg == CSSM_ALGID_DSA) { - rtn = cspGenDSAKeyPair(cspHand, - USAGE_NAME, - USAGE_NAME_LEN, - keySize, - &pubKey, - pubIsRef, - CSSM_KEYUSE_VERIFY, - pubFormat, - &privKey, - privIsRef, - CSSM_KEYUSE_SIGN, - privFormat, - genParams, - NULL); - } - else { - rtn = cspGenKeyPair(cspHand, - keyGenAlg, - USAGE_NAME, - USAGE_NAME_LEN, - keySize, - &pubKey, - pubIsRef, - CSSM_KEYUSE_VERIFY, - pubFormat, - &privKey, - privIsRef, - CSSM_KEYUSE_SIGN, - privFormat, - genSeed); - } - } - if(rtn) { - rtn = testError(quiet); - goto abort; - } - if(stagedSign) { - crtn = cspStagedSign(cspHand, - sigAlg, - &privKey, - ptext, - CSSM_TRUE, // multi - &sig); - } - else { - crtn = cspSign(cspHand, - sigAlg, - &privKey, - ptext, - &sig); - } - if(crtn) { - rtn = 1; - goto abort; - } - if(stagedVerify) { - crtn = cspStagedSigVerify(cspHand, - sigAlg, - &pubKey, - ptext, - &sig, - CSSM_TRUE, // multi - CSSM_OK); - } - else { - crtn = cspSigVerify(cspHand, - sigAlg, - &pubKey, - ptext, - &sig, - CSSM_OK); - } - if(crtn) { - printf("**Unexpected BAD signature\n"); - return testError(quiet); - } - data = (unsigned char *)ptext->Data; - length = ptext->Length; - for(byte=0; byte MAX_EXP) { - usage(argv); - } - break; - case 'k': - if(argp[2] == 'r') { - randKeySize = CSSM_TRUE; - } - else { - keySizeInBits = atoi(&argp[2]); - } - break; - case 'i': - incr = atoi(&argp[2]); - break; - case 'p': - pauseInterval = atoi(&argp[2]); - break; - case 'R': - refKeysOnly = CSSM_TRUE; - break; - case 'C': - switch(argp[2]) { - case 'm': - curveType = CSSM_FEE_CURVE_TYPE_MONTGOMERY; - break; - case 'w': - curveType = CSSM_FEE_CURVE_TYPE_WEIERSTRASS; - break; - default: - usage(argv); - } - break; - case 'P': - switch(argp[2]) { - case 'm': - primeType = CSSM_FEE_PRIME_TYPE_MERSENNE; - break; - case 'f': - primeType = CSSM_FEE_PRIME_TYPE_FEE; - break; - case 'g': - primeType = CSSM_FEE_PRIME_TYPE_GENERAL; - break; - default: - usage(argv); - } - break; - case 'D': - bareCsp = CSSM_FALSE; - #if CSPDL_ALL_KEYS_ARE_REF - refKeysOnly = CSSM_TRUE; - #endif - break; - case 'v': - verbose = CSSM_TRUE; - break; - case 'q': - quiet = CSSM_TRUE; - break; - case 'h': - default: - usage(argv); - } - } - ptext.Data = (uint8 *)CSSM_MALLOC(MAX_DATA_SIZE); - /* length set in test loop */ - if(ptext.Data == NULL) { - printf("Insufficient heap\n"); - exit(1); - } - printf("Starting badsig; args: "); - for(i=1; i -#include -#include -#include -#include - -static void report( - const char *name, - CCOperation op, - CCAlgorithm alg, - size_t definedSize) -{ - char key[4]; - size_t cryptorLength = 0; - CCCryptorStatus crtn; - CCCryptorRef cryptorRef; - char buf[1]; - - crtn = CCCryptorCreateFromData(op, alg, 0, key, 4, NULL, - buf, 1, &cryptorRef, &cryptorLength); - switch(crtn) { - case kCCSuccess: - printf("***Unuexpected success on CCCryptorCreate()\n"); - return; - case kCCBufferTooSmall: - break; - default: - printf("***Unexpected result on CCCryptorCreate: expect %d got %d\n", - (int)kCCBufferTooSmall, (int)crtn); - return; - } - printf("%s : %lu bytes\n", name, (unsigned long)cryptorLength); - if(definedSize < cryptorLength) { - printf("***Defined context size (%u) is less than reported!\n", - (unsigned)definedSize); - } -} - -int main(int argc, char **argv) -{ - report("kCCAlgorithmAES128 ", kCCEncrypt, kCCAlgorithmAES128, kCCContextSizeAES128); - report("kCCAlgorithmDES ", kCCEncrypt, kCCAlgorithmDES, kCCContextSizeDES); - report("kCCAlgorithm3DES ", kCCEncrypt, kCCAlgorithm3DES, kCCContextSize3DES); - report("kCCAlgorithmCAST ", kCCEncrypt, kCCAlgorithmCAST, kCCContextSizeCAST); - report("kCCAlgorithmRC4 ", kCCEncrypt, kCCAlgorithmRC4, kCCContextSizeRC4); - return 0; -} - -/* - -sizeof(CCCryptor) = 24 including the spiCtx[] array -sizeof(struct _CCCryptContext) = 60 including algCtx[] -sizeof(DES_key_schedule) = 128 -sizeof(DES3_Schedule) = 384 -sizeof(GAesKey) = 516 -sizeof(_ccHmacContext) = 180 - -*/ diff --git a/SecurityTests/cspxutils/ccHmacClone/Makefile b/SecurityTests/cspxutils/ccHmacClone/Makefile deleted file mode 100644 index 34f91f91..00000000 --- a/SecurityTests/cspxutils/ccHmacClone/Makefile +++ /dev/null @@ -1,60 +0,0 @@ -# name of executable to build -EXECUTABLE=ccHmacClone -# C++ source (with .cpp extension) -CPSOURCE= ccHmacClone.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -#PROJ_LIBS= -lcommonCrypto -lcrypto -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= -I$(LOCAL_BUILD)/include - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= -F/System/Library/PrivateFrameworks - -# -# Optional link flags (using cc, not ld) -# -#PROJ_LDFLAGS= -lMallocDebug -lBSafe -# -# this is for linking against a custom libSystem...this is where it goes. -# You also need to do a setenv DYLD_LIBRARY_PATH /tmp/System/Debug to run. -#PROJ_LDFLAGS= -L/tmp/System/Debug -PROJ_LDFLAGS= - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/ccHmacClone/ccHmacClone.cpp b/SecurityTests/cspxutils/ccHmacClone/ccHmacClone.cpp deleted file mode 100644 index f63fd13a..00000000 --- a/SecurityTests/cspxutils/ccHmacClone/ccHmacClone.cpp +++ /dev/null @@ -1,422 +0,0 @@ -/* - * ccHmacClone - test CommonCrypto's clone context for HMAC. - * - * Written 3/30/2006 by Doug Mitchell. - */ - -#include -#include -#include -#include "common.h" -#include -#include - -/* - * Defaults. - */ -#define LOOPS_DEF 200 - -#define MIN_DATA_SIZE 8 -#define MAX_DATA_SIZE 10000 /* bytes */ -#define MIN_KEY_SIZE 1 -#define MAX_KEY_SIZE 256 /* bytes */ -#define LOOP_NOTIFY 20 - -/* - * Enumerate algs our own way to allow iteration. - */ -typedef enum { - ALG_MD5 = 1, - ALG_SHA1, - ALG_SHA224, - ALG_SHA256, - ALG_SHA384, - ALG_SHA512, -} HmacAlg; -#define ALG_FIRST ALG_MD5 -#define ALG_LAST ALG_SHA512 - -#define LOG_SIZE 0 -#if LOG_SIZE -#define logSize(s) printf s -#else -#define logSize(s) -#endif - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" a=algorithm (5=MD5; s=SHA1; 4=SHA224; 2=SHA256; 3=SHA384; 1=SHA512; default=all)\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" k=keySizeInBytes\n"); - printf(" m=maxPtextSize (default=%d)\n", MAX_DATA_SIZE); - printf(" n=minPtextSize (default=%d)\n", MIN_DATA_SIZE); - printf(" p=pauseInterval (default=0, no pause)\n"); - printf(" s (all ops single-shot, not staged)\n"); - printf(" S (all ops staged)\n"); - printf(" z (keys and plaintext all zeroes)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -/* - * Given an initialized CCHmacContext, feed it some data and get the result. - */ -static void hmacRun( - CCHmacContext *ctx, - bool randomUpdates, - const unsigned char *ptext, - size_t ptextLen, - void *dataOut) -{ - while(ptextLen) { - size_t thisMoveIn; /* input to CCryptUpdate() */ - - if(randomUpdates) { - thisMoveIn = genRand(1, ptextLen); - } - else { - thisMoveIn = ptextLen; - } - logSize(("###ptext segment (1) len %lu\n", (unsigned long)thisMoveIn)); - CCHmacUpdate(ctx, ptext, thisMoveIn); - ptext += thisMoveIn; - ptextLen -= thisMoveIn; - } - CCHmacFinal(ctx, dataOut); -} - - -#define MAX_HMAC_SIZE CC_SHA512_DIGEST_LENGTH - -static int doTest(const uint8_t *ptext, - size_t ptextLen, - CCHmacAlgorithm hmacAlg, - uint32 keySizeInBytes, - bool stagedOrig, - bool stagedClone, - bool quiet, - bool verbose) -{ - uint8_t keyBytes[MAX_KEY_SIZE]; - uint8_t hmacOrig[MAX_HMAC_SIZE]; - uint8_t hmacClone[MAX_HMAC_SIZE]; - int rtn = 0; - CCHmacContext ctxOrig; - CCHmacContext ctxClone; - unsigned die; /* 0..3 indicates when to clone */ - unsigned loopNum = 0; - size_t hmacLen; - bool didClone = false; - - switch(hmacAlg) { - case kCCHmacAlgSHA1: - hmacLen = CC_SHA1_DIGEST_LENGTH; - break; - case kCCHmacAlgMD5: - hmacLen = CC_MD5_DIGEST_LENGTH; - break; - case kCCHmacAlgSHA224: - hmacLen = CC_SHA224_DIGEST_LENGTH; - break; - case kCCHmacAlgSHA256: - hmacLen = CC_SHA256_DIGEST_LENGTH; - break; - case kCCHmacAlgSHA384: - hmacLen = CC_SHA384_DIGEST_LENGTH; - break; - case kCCHmacAlgSHA512: - hmacLen = CC_SHA512_DIGEST_LENGTH; - break; - default: - printf("***BRRRZAP!\n"); - exit(1); - } - - /* random key */ - appGetRandomBytes(keyBytes, keySizeInBytes); - - /* cook up first context */ - CCHmacInit(&ctxOrig, hmacAlg, keyBytes, keySizeInBytes); - - /* roll the dice */ - die = genRand(0, 3); - - /* - * In this loop we do updates to the ctxOrig up until we - * clone it, then we use hmacRun to finish both of them. - */ - while(ptextLen) { - if((die == loopNum) || !stagedOrig) { - /* make the clone now */ - if(verbose) { - printf(" ...cloning at loop %u\n", loopNum); - } - ctxClone = ctxOrig; - didClone = true; - - /* do all of the clone's updates and final here */ - hmacRun(&ctxClone, stagedClone, ptext, ptextLen, hmacClone); - - /* now do all remaining updates and final for original */ - hmacRun(&ctxOrig, stagedOrig, ptext, ptextLen, hmacOrig); - - /* we're all done, time to check the HMAC values */ - break; - } /* making clone */ - - /* feed some data into cryptorOrig */ - size_t thisMove; - if(stagedOrig) { - thisMove = genRand(1, ptextLen); - } - else { - thisMove = ptextLen; - } - logSize(("###ptext segment (2) len %lu\n", (unsigned long)thisMove)); - CCHmacUpdate(&ctxOrig, ptext, thisMove); - ptext += thisMove; - ptextLen -= thisMove; - loopNum++; - } - - /* - * It's possible to get here without cloning or doing any finals, - * if we ran thru multiple updates and finished ptextLen for cryptorOrig - * before we hit the cloning spot. - */ - if(!didClone) { - if(!quiet) { - printf("...ctxOrig finished before we cloned; skipping test\n"); - } - return 0; - } - if(memcmp(hmacOrig, hmacClone, hmacLen)) { - printf("***data miscompare\n"); - rtn = testError(quiet); - } - return rtn; -} - -bool isBitSet(unsigned bit, unsigned word) -{ - if(bit > 31) { - printf("We don't have that many bits\n"); - exit(1); - } - unsigned mask = 1 << bit; - return (word & mask) ? true : false; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - uint8 *ptext; - size_t ptextLen; - bool stagedOrig; - bool stagedClone; - const char *algStr; - CCHmacAlgorithm hmacAlg; - int i; - int currAlg; // ALG_xxx - uint32 keySizeInBytes; - int rtn = 0; - - /* - * User-spec'd params - */ - bool keySizeSpec = false; // false: use rand key size - HmacAlg minAlg = ALG_FIRST; - HmacAlg maxAlg = ALG_LAST; - unsigned loops = LOOPS_DEF; - bool verbose = false; - size_t minPtextSize = MIN_DATA_SIZE; - size_t maxPtextSize = MAX_DATA_SIZE; - bool quiet = false; - unsigned pauseInterval = 0; - bool stagedSpec = false; // true means caller fixed stagedOrig and stagedClone - - for(arg=1; arg -#include -#include -#include "common.h" -#include -#include -#include - -/* SHA2-based HMAC testing disabled until openssl provides it */ -#define HMAC_SHA2_ENABLE 0 - -/* - * Defaults. - */ -#define LOOPS_DEF 200 - -#define MIN_DATA_SIZE 8 -#define MAX_DATA_SIZE 10000 /* bytes */ -#define MIN_KEY_SIZE 1 -#define MAX_KEY_SIZE 256 /* bytes */ -#define LOOP_NOTIFY 20 - -/* - * Enumerate algs our own way to allow iteration. - */ -typedef enum { - ALG_MD5 = 1, - ALG_SHA1, - ALG_SHA224, - ALG_SHA256, - ALG_SHA384, - ALG_SHA512, -} HmacAlg; -#define ALG_FIRST ALG_MD5 -#if HMAC_SHA2_ENABLE -#define ALG_LAST ALG_SHA512 -#else -#define ALG_LAST ALG_SHA1 -#endif /* HMAC_SHA2_ENABLE */ - -#define LOG_SIZE 0 -#if LOG_SIZE -#define logSize(s) printf s -#else -#define logSize(s) -#endif - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" a=algorithm (5=MD5; s=SHA1; 4=SHA224; 2=SHA256; 3=SHA384; 1=SHA512; default=all)\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" k=keySizeInBytes\n"); - printf(" m=maxPtextSize (default=%d)\n", MAX_DATA_SIZE); - printf(" n=minPtextSize (default=%d)\n", MIN_DATA_SIZE); - printf(" p=pauseInterval (default=0, no pause)\n"); - printf(" s (all ops single-shot, not staged)\n"); - printf(" z (keys and plaintext all zeroes)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -/* - * Test harness for CCCryptor/HMAC with lots of options. - */ -static void doHmacCC( - CCHmacAlgorithm hmacAlg, bool randUpdates, - const void *keyBytes, size_t keyLen, - const uint8_t *inText, size_t inTextLen, - uint8_t *outText) /* returned, caller mallocs */ -{ - CCHmacContext ctx; - size_t toMove; /* total to go */ - const uint8 *inp; - - if(!randUpdates) { - /* one shot */ - CCHmac(hmacAlg, keyBytes, keyLen, inText, inTextLen, outText); - return; - } - - /* random multi updates */ - CCHmacInit(&ctx, hmacAlg, keyBytes, keyLen); - - toMove = inTextLen; /* total to go */ - inp = (const uint8 *)inText; - - while(toMove) { - uint32 thisMoveIn; /* input to CCryptUpdate() */ - - thisMoveIn = genRand(1, toMove); - logSize(("###ptext segment len %lu\n", (unsigned long)thisMoveIn)); - CCHmacUpdate(&ctx, inp, thisMoveIn); - inp += thisMoveIn; - toMove -= thisMoveIn; - } - - CCHmacFinal(&ctx, outText); -} - -/* - * Produce HMAC with reference implementation (currently, openssl) - */ -static int doHmacRef( - CCHmacAlgorithm hmacAlg, - const void *keyBytes, size_t keyLen, - const uint8_t *inText, size_t inTextLen, - uint8_t *outText, size_t *outTextLen) /* caller mallocs */ -{ - const EVP_MD *md; - - switch(hmacAlg) { - case kCCHmacAlgMD5: - md = EVP_md5(); - break; - case kCCHmacAlgSHA1: - md = EVP_sha1(); - break; - #if HMAC_SHA2_ENABLE - case kCCHmacAlgSHA224: - md = EVP_sha224(); - break; - case kCCHmacAlgSHA256: - md = EVP_sha256(); - break; - case kCCHmacAlgSHA384: - md = EVP_sha384(); - break; - case kCCHmacAlgSHA512: - md = EVP_sha512(); - break; - #endif /* HMAC_SHA2_ENABLE */ - default: - printf("***Bad hmacAlg (%d)\n", (int)hmacAlg); - return -1; - } - unsigned md_len = *outTextLen; - HMAC(md, keyBytes, (int)keyLen, - (const unsigned char *)inText, (int)inTextLen, - (unsigned char *)outText, &md_len); - *outTextLen = md_len; - return 0; -} - - -#define LOG_FREQ 20 -#define MAX_HMAC_SIZE CC_SHA512_DIGEST_LENGTH - -static int doTest(const uint8_t *ptext, - size_t ptextLen, - CCHmacAlgorithm hmacAlg, - uint32 keySizeInBytes, - bool staged, - bool allZeroes, - bool quiet) -{ - uint8_t keyBytes[MAX_KEY_SIZE]; - uint8_t hmacCC[MAX_HMAC_SIZE]; - size_t hmacCCLen; - uint8_t hmacRef[MAX_HMAC_SIZE]; - size_t hmacRefLen; - int rtn = 0; - - if(allZeroes) { - memset(keyBytes, 0, keySizeInBytes); - } - else { - /* random key */ - appGetRandomBytes(keyBytes, keySizeInBytes); - } - - hmacCCLen = MAX_HMAC_SIZE; - doHmacCC(hmacAlg, staged, - keyBytes, keySizeInBytes, - ptext, ptextLen, - hmacCC); - - hmacRefLen = MAX_HMAC_SIZE; - rtn = doHmacRef(hmacAlg, - keyBytes, keySizeInBytes, - ptext, ptextLen, - hmacRef, &hmacRefLen); - if(rtn) { - rtn = testError(quiet); - if(rtn) { - goto abort; - } - } - - if(memcmp(hmacRef, hmacCC, hmacRefLen)) { - printf("***data miscompare\n"); - rtn = testError(quiet); - } -abort: - return rtn; -} - -bool isBitSet(unsigned bit, unsigned word) -{ - if(bit > 31) { - printf("We don't have that many bits\n"); - exit(1); - } - unsigned mask = 1 << bit; - return (word & mask) ? true : false; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - uint8 *ptext; - size_t ptextLen; - bool staged; - const char *algStr; - CCHmacAlgorithm hmacAlg; - int i; - int currAlg; // ALG_xxx - uint32 keySizeInBytes; - int rtn = 0; - - /* - * User-spec'd params - */ - bool keySizeSpec = false; // false: use rand key size - HmacAlg minAlg = ALG_FIRST; - HmacAlg maxAlg = ALG_LAST; - unsigned loops = LOOPS_DEF; - bool verbose = false; - size_t minPtextSize = MIN_DATA_SIZE; - size_t maxPtextSize = MAX_DATA_SIZE; - bool quiet = false; - unsigned pauseInterval = 0; - bool stagedSpec = false; // ditto for stagedEncr and stagedDecr - bool allZeroes = false; - - for(arg=1; arg -#include -#include -#include "common.h" -#include -#include -#include - -/* - * Defaults. - */ -#define LOOPS_DEF 200 -#define MIN_DATA_SIZE 1 -#define MAX_DATA_SIZE 10000 /* bytes */ -#define LOOP_NOTIFY 20 - -/* - * Enumerate algs our own way to allow iteration. - */ -typedef enum { - ALG_MD2 = 1, - ALG_MD4, - ALG_MD5, - ALG_SHA1, - ALG_SHA224, - ALG_SHA256, - ALG_SHA384, - ALG_SHA512 -} HashAlg; -#define ALG_FIRST ALG_MD2 -#define ALG_LAST ALG_SHA512 - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" l=loops (default %d)\n", LOOPS_DEF); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -/* the context pointers are void * here for polymorphism later on */ -typedef int (*initFcn)(void *ctx); -typedef int (*updateFcn)(void *ctx, const void *data, CC_LONG len); -typedef int (*finalFcn)(unsigned char *md, void *ctx); -typedef unsigned char (*oneShotFcn)(const void *data, CC_LONG len, unsigned char *md); - -typedef struct { - HashAlg alg; - const char *algName; - size_t digestSize; - initFcn init; - updateFcn update; - finalFcn final; - oneShotFcn oneShot; -} CommonDigestInfo; - -/* casts are necessary to cover the void* context args */ -static const CommonDigestInfo digests[] = -{ - { ALG_MD2, "MD2", CC_MD2_DIGEST_LENGTH, - (initFcn)CC_MD2_Init, (updateFcn)CC_MD2_Update, - (finalFcn)CC_MD2_Final, (oneShotFcn)CC_MD2 - }, - { ALG_MD4, "MD4", CC_MD4_DIGEST_LENGTH, - (initFcn)CC_MD4_Init, (updateFcn)CC_MD4_Update, - (finalFcn)CC_MD4_Final, (oneShotFcn)CC_MD4 - }, - { ALG_MD5, "MD5", CC_MD5_DIGEST_LENGTH, - (initFcn)CC_MD5_Init, (updateFcn)CC_MD5_Update, - (finalFcn)CC_MD5_Final, (oneShotFcn)CC_MD5 - }, - { ALG_SHA1, "SHA1", CC_SHA1_DIGEST_LENGTH, - (initFcn)CC_SHA1_Init, (updateFcn)CC_SHA1_Update, - (finalFcn)CC_SHA1_Final, (oneShotFcn)CC_SHA1 - }, - { ALG_SHA224, "SHA224", CC_SHA224_DIGEST_LENGTH, - (initFcn)CC_SHA224_Init, (updateFcn)CC_SHA224_Update, - (finalFcn)CC_SHA224_Final, (oneShotFcn)CC_SHA224 - }, - { ALG_SHA256, "SHA256", CC_SHA256_DIGEST_LENGTH, - (initFcn)CC_SHA256_Init, (updateFcn)CC_SHA256_Update, - (finalFcn)CC_SHA256_Final, (oneShotFcn)CC_SHA256 - }, - { ALG_SHA384, "SHA384", CC_SHA384_DIGEST_LENGTH, - (initFcn)CC_SHA384_Init, (updateFcn)CC_SHA384_Update, - (finalFcn)CC_SHA384_Final, (oneShotFcn)CC_SHA384 - }, - { ALG_SHA512, "SHA512", CC_SHA512_DIGEST_LENGTH, - (initFcn)CC_SHA512_Init, (updateFcn)CC_SHA512_Update, - (finalFcn)CC_SHA512_Final, (oneShotFcn)CC_SHA512 - }, -}; -#define NUM_DIGESTS (sizeof(digests) / sizeof(digests[0])) - -static const CommonDigestInfo *findDigestInfo(unsigned alg) -{ - unsigned dex; - for(dex=0; dexinit(ctx); - while(ptextLen) { - thisMove = genRand(1, ptextLen); - digestInfo->update(ctx, ptext, thisMove); - ptext += thisMove; - ptextLen -= thisMove; - } - digestInfo->final(md, ctx); -} - -static int doTest( - const CommonDigestInfo *digestInfo, - const unsigned char *ptext, - unsigned ptextLen, - bool quiet) -{ - unsigned char mdStaged[MAX_DIGEST_SIZE]; - unsigned char mdOneShot[MAX_DIGEST_SIZE]; - - digestInfo->oneShot(ptext, ptextLen, mdOneShot); - doStaged(digestInfo, ptext, ptextLen, mdStaged); - if(memcmp(mdStaged, mdOneShot, digestInfo->digestSize)) { - printf("***Digest miscompare for %s\n", digestInfo->algName); - if(testError(quiet)) { - return 1; - } - } - return 0; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - uint8 *ptext; - size_t ptextLen; - unsigned currAlg; - const CommonDigestInfo *digestInfo; - int rtn = 0; - int i; - - /* - * User-spec'd params - */ - unsigned loops = LOOPS_DEF; - bool quiet = false; - - for(arg=1; argalgName); - } - for(loop=1; ; loop++) { - ptextLen = genRand(MIN_DATA_SIZE, MAX_DATA_SIZE); - appGetRandomBytes(ptext, ptextLen); - if(!quiet) { - if((loop % LOOP_NOTIFY) == 0) { - printf("..loop %d ptextLen %lu\n", - loop, (unsigned long)ptextLen); - } - } - - if(doTest(digestInfo, ptext, ptextLen, quiet)) { - rtn = 1; - break; - } - if(loops && (loop == loops)) { - break; - } - } /* main loop */ - if(rtn) { - break; - } - - } /* for algs */ - - if((rtn == 0) && !quiet) { - printf("%s test complete\n", argv[0]); - } - free(ptext); - return rtn; -} - - diff --git a/SecurityTests/cspxutils/ccOpensslCompat/Makefile b/SecurityTests/cspxutils/ccOpensslCompat/Makefile deleted file mode 100644 index d745e1f4..00000000 --- a/SecurityTests/cspxutils/ccOpensslCompat/Makefile +++ /dev/null @@ -1,55 +0,0 @@ -EXECUTABLE=ccOpensslCompat -# C++ source (with .cpp extension) -CPSOURCE= ccOpensslCompat.cpp digestOpenssl.cpp digestCommonCrypto.cpp -# C source (.c extension) -CSOURCE= - -### all of the rest is optional. - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -lcrypto -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= -I$(LOCAL_BUILD)/include - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/ccOpensslCompat/ccOpensslCompat.cpp b/SecurityTests/cspxutils/ccOpensslCompat/ccOpensslCompat.cpp deleted file mode 100644 index d3a6d8b7..00000000 --- a/SecurityTests/cspxutils/ccOpensslCompat/ccOpensslCompat.cpp +++ /dev/null @@ -1,188 +0,0 @@ -/* - * ccOpensslCompat.cpp - verify that the compatibility macros at the end of CommonDigest.h - * result in openssl-compatible calls - */ - -#include -#include -#include -#include -#include "digestCommonExtern.h" -#include "common.h" - -#define MAX_DIGEST_LEN 64 - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" q -- quiet\n"); - /* etc. */ - exit(1); -} - -int main(int argc, char **argv) -{ - int quiet = false; - int arg; - char *argp; - - for(arg=1; arg. - * - * SHA2 functions are declared, but not implemented - * - * For now we'll have to redirect openssl SHA2 calls manually just to get this - * program to build and run correctly. (We could just disable all of the SHA2 - * code but we still get a benefit from compiling openssl-style code). - */ -#define OPENSSL_SHA2_IMPLEMENTED 0 - -#include "digestCommonExtern.h" - -#ifdef COMMON_DIGEST_FOR_OPENSSL - -/* redirecting to CommonDigest */ - -#define doMD2 md2cc -#define doMD4 md4cc -#define doMD5 md5cc -#define doSHA1 sha1cc -#define doSHA224 sha224cc -#define doSHA256 sha256cc -#define doSHA384 sha384cc -#define doSHA512 sha512cc - -#else /* !COMMON_DIGEST_FOR_OPENSSL */ - -/* openssl */ - -#define doMD2 md2os -#define doMD4 md4os -#define doMD5 md5os -#define doSHA1 sha1os -#define doSHA224 sha224os -#define doSHA256 sha256os -#define doSHA384 sha384os -#define doSHA512 sha512os - -#if !OPENSSL_SHA2_IMPLEMENTED - -/* Hack: redirect SHA2 calls after all */ - -#include - -#define SHA256_CTX CC_SHA256_CTX -#define SHA224_Init(c) CC_SHA224_Init(c) -#define SHA224_Update(c,d,l) CC_SHA224_Update(c,d,l) -#define SHA224_Final(m, c) CC_SHA224_Final(m,c) - -#define SHA256_Init(c) CC_SHA256_Init(c) -#define SHA256_Update(c,d,l) CC_SHA256_Update(c,d,l) -#define SHA256_Final(m, c) CC_SHA256_Final(m,c) - -#define SHA512_CTX CC_SHA512_CTX -#define SHA384_Init(c) CC_SHA384_Init(c) -#define SHA384_Update(c,d,l) CC_SHA384_Update(c,d,l) -#define SHA384_Final(m, c) CC_SHA384_Final(m,c) - -#define SHA512_Init(c) CC_SHA512_Init(c) -#define SHA512_Update(c,d,l) CC_SHA512_Update(c,d,l) -#define SHA512_Final(m, c) CC_SHA512_Final(m,c) - -#endif /* OPENSSL_SHA2_IMPLEMENTED */ - - -#endif /* COMMON_DIGEST_FOR_OPENSSL */ - -/* all functions return nonzero on error */ - -int doMD2(const void *p, unsigned long len, unsigned char *md) -{ - /* OPenSSL MD2 is not orthogonal: the pointer is a const unsigned char * */ - MD2_CTX ctx; - const unsigned char *cp = (const unsigned char *)p; - - if(!MD2_Init(&ctx)) { - return -1; - } - if(!MD2_Update(&ctx, cp, len)) { - return -1; - } - if(!MD2_Final(md, &ctx)) { - return -1; - } - return 0; -} - -int doMD4(const void *p, unsigned long len, unsigned char *md) -{ - MD4_CTX ctx; - if(!MD4_Init(&ctx)) { - return -1; - } - if(!MD4_Update(&ctx, p, len)) { - return -1; - } - if(!MD4_Final(md, &ctx)) { - return -1; - } - return 0; -} - -int doMD5(const void *p, unsigned long len, unsigned char *md) -{ - MD5_CTX ctx; - if(!MD5_Init(&ctx)) { - return -1; - } - if(!MD5_Update(&ctx, p, len)) { - return -1; - } - if(!MD5_Final(md, &ctx)) { - return -1; - } - return 0; -} - -int doSHA1(const void *p, unsigned long len, unsigned char *md) -{ - SHA_CTX ctx; - if(!SHA1_Init(&ctx)) { - return -1; - } - if(!SHA1_Update(&ctx, p, len)) { - return -1; - } - if(!SHA1_Final(md, &ctx)) { - return -1; - } - return 0; -} - -int doSHA224(const void *p, unsigned long len, unsigned char *md) -{ - SHA256_CTX ctx; - if(!SHA224_Init(&ctx)) { - return -1; - } - if(!SHA224_Update(&ctx, p, len)) { - return -1; - } - if(!SHA224_Final(md, &ctx)) { - return -1; - } - return 0; -} - -int doSHA256(const void *p, unsigned long len, unsigned char *md) -{ - SHA256_CTX ctx; - if(!SHA256_Init(&ctx)) { - return -1; - } - if(!SHA256_Update(&ctx, p, len)) { - return -1; - } - if(!SHA256_Final(md, &ctx)) { - return -1; - } - return 0; -} - -int doSHA384(const void *p, unsigned long len, unsigned char *md) -{ - SHA512_CTX ctx; - if(!SHA384_Init(&ctx)) { - return -1; - } - if(!SHA384_Update(&ctx, p, len)) { - return -1; - } - if(!SHA384_Final(md, &ctx)) { - return -1; - } - return 0; -} - -int doSHA512(const void *p, unsigned long len, unsigned char *md) -{ - SHA512_CTX ctx; - if(!SHA512_Init(&ctx)) { - return -1; - } - if(!SHA512_Update(&ctx, p, len)) { - return -1; - } - if(!SHA512_Final(md, &ctx)) { - return -1; - } - return 0; -} diff --git a/SecurityTests/cspxutils/ccOpensslCompat/digestCommonCrypto.cpp b/SecurityTests/cspxutils/ccOpensslCompat/digestCommonCrypto.cpp deleted file mode 100644 index 72671cdb..00000000 --- a/SecurityTests/cspxutils/ccOpensslCompat/digestCommonCrypto.cpp +++ /dev/null @@ -1,7 +0,0 @@ -/* - * digestOpenssl.cpp - use the common code in digestCommon.h as CommonCrypto calls - */ - -#define COMMON_DIGEST_FOR_OPENSSL 1 -#include -#include "digestCommon.h" diff --git a/SecurityTests/cspxutils/ccOpensslCompat/digestCommonExtern.h b/SecurityTests/cspxutils/ccOpensslCompat/digestCommonExtern.h deleted file mode 100644 index 5c8b0498..00000000 --- a/SecurityTests/cspxutils/ccOpensslCompat/digestCommonExtern.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - * digestCommonExtern.h - extern declarations of the functions resulting from both kinds of - * instantiations of the code in digestCommon.h - */ - -#ifndef _DIGEST_COMMON_EXTERN_H_ -#define _DIGEST_COMMON_EXTERN_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -/* Openssl versions */ - -extern int md2os(const void *p, unsigned long len, unsigned char *md); -extern int md4os(const void *p, unsigned long len, unsigned char *md); -extern int md5os(const void *p, unsigned long len, unsigned char *md); -extern int sha1os(const void *p, unsigned long len, unsigned char *md); -extern int sha224os(const void *p, unsigned long len, unsigned char *md); -extern int sha256os(const void *p, unsigned long len, unsigned char *md); -extern int sha384os(const void *p, unsigned long len, unsigned char *md); -extern int sha512os(const void *p, unsigned long len, unsigned char *md); - -/* The CommonDigest versions */ - -extern int md2cc(const void *p, unsigned long len, unsigned char *md); -extern int md4cc(const void *p, unsigned long len, unsigned char *md); -extern int md5cc(const void *p, unsigned long len, unsigned char *md); -extern int sha1cc(const void *p, unsigned long len, unsigned char *md); -extern int sha224cc(const void *p, unsigned long len, unsigned char *md); -extern int sha256cc(const void *p, unsigned long len, unsigned char *md); -extern int sha384cc(const void *p, unsigned long len, unsigned char *md); -extern int sha512cc(const void *p, unsigned long len, unsigned char *md); - -#ifdef __cplusplus -} -#endif - -#endif /* _CC_COMMON_DIGEST_H_ */ diff --git a/SecurityTests/cspxutils/ccOpensslCompat/digestOpenssl.cpp b/SecurityTests/cspxutils/ccOpensslCompat/digestOpenssl.cpp deleted file mode 100644 index 94a84efe..00000000 --- a/SecurityTests/cspxutils/ccOpensslCompat/digestOpenssl.cpp +++ /dev/null @@ -1,14 +0,0 @@ -/* - * digestOpenssl.cpp - use the common code in digestCommon.h as actual openssl calls - */ - -#include -#include -#include -#include -/* No OpenSSL implementation nor prototypes for the SHA-2 functions. - #include */ -#include - -#include "digestCommon.h" - diff --git a/SecurityTests/cspxutils/ccPerform/Makefile b/SecurityTests/cspxutils/ccPerform/Makefile deleted file mode 100644 index da6654f5..00000000 --- a/SecurityTests/cspxutils/ccPerform/Makefile +++ /dev/null @@ -1,56 +0,0 @@ -# name of executable to build -EXECUTABLE=ccPerform -# C++ source (with .cpp extension) -CPSOURCE= ccPerform.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= -I$(LOCAL_BUILD)/include - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -# this is for linking against a custom libSystem...this is where it goes. -# You also need to do a setenv DYLD_LIBRARY_PATH /tmp/System/Debug to run. -PROJ_LDFLAGS= -L$(LOCAL_BUILD) - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/ccPerform/ccPerform.cpp b/SecurityTests/cspxutils/ccPerform/ccPerform.cpp deleted file mode 100644 index 01eed2a5..00000000 --- a/SecurityTests/cspxutils/ccPerform/ccPerform.cpp +++ /dev/null @@ -1,240 +0,0 @@ -/* - * ccPerform.cpp - measure performance of CommonCrypto encryption - */ - -#include -#include -#include -#include -#include -#include -#include "common.h" -#include - -#define LOOPS_DEF 1000 -#define BUFSIZE_DEF 10240 -#define MAX_KEY_SIZE kCCKeySizeMaxRC4 /* bytes */ - - -/* - * Enumerate algs our own way to allow iteration. - */ -typedef enum { - ALG_AES_128, - ALG_AES_192, - ALG_AES_256, - ALG_DES, - ALG_3DES, - ALG_CAST, - ALG_RC4 -} SymAlg; -#define ALG_FIRST ALG_AES_128 -#define ALG_LAST ALG_RC4 - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" -a alg -- alg : d=DES; 3=3DES; a=AES128; n=AES192; A=AES256;\n"); - printf(" c=CAST; 4=RC4; default=all\n"); - printf(" -l loops -- loops; default %u\n", LOOPS_DEF); - printf(" -b bufsize -- buffer size; default %u\n", BUFSIZE_DEF); - printf(" -e -- ECB mode; default is CBC\n"); - - exit(1); -} - -static void printCCError(const char *str, OSStatus ortn) -{ - printf("***%s returned %ld\n", str, (long)ortn); -} - -int main(int argc, char **argv) -{ - unsigned loops = LOOPS_DEF; - unsigned bufSize = BUFSIZE_DEF; - unsigned algFirst = ALG_FIRST; - unsigned algLast = ALG_LAST; - bool ecbMode = false; - extern char *optarg; - int arg; - while ((arg = getopt(argc, argv, "a:l:b:eh")) != -1) { - switch (arg) { - case 'a': - switch(optarg[0]) { - case 'a': - algFirst = algLast = ALG_AES_128; - break; - case 'n': - algFirst = algLast = ALG_AES_192; - break; - case 'A': - algFirst = algLast = ALG_AES_256; - break; - case 'd': - algFirst = algLast = ALG_DES; - break; - case '3': - algFirst = algLast = ALG_3DES; - break; - case 'c': - algFirst = algLast = ALG_CAST; - case '4': - algFirst = algLast = ALG_RC4; - } - break; - case 'l': - loops = atoi(optarg); - break; - case 'b': - bufSize = atoi(optarg); - break; - case 'e': - ecbMode = true; - break; - case 'h': - usage(argv); - } - } - if(optind != argc) { - usage(argv); - } - - /* - * encrypt and decrypt on workBuf - * save original ptext in saveBuf, compare at end as sanity check - * for ECB only - */ - unsigned char *workBuf = (unsigned char *)malloc(bufSize); - unsigned char *saveBuf = (unsigned char *)malloc(bufSize); - if((workBuf == NULL) || (saveBuf == NULL)) { - printf("***malloc failure\n"); - exit(1); - } - appGetRandomBytes(workBuf, bufSize); - memmove(saveBuf, workBuf, bufSize); - - uint8_t keyBytes[MAX_KEY_SIZE]; - size_t keyLength; - - appGetRandomBytes(keyBytes, MAX_KEY_SIZE); - - CCCryptorRef cryptor; - CCAlgorithm alg; - CCOptions options = 0; - OSStatus ortn; - - if(ecbMode) { - options |= kCCOptionECBMode; - } - - unsigned currAlg; - for(currAlg=algFirst; currAlg<=algLast; currAlg++) { - const char *algStr = NULL; - - switch(currAlg) { - case ALG_DES: - keyLength = kCCKeySizeDES; - alg = kCCAlgorithmDES; - algStr = "DES "; - break; - case ALG_3DES: - keyLength = kCCKeySize3DES; - alg = kCCAlgorithm3DES; - algStr = "3DES"; - break; - case ALG_AES_128: - keyLength = kCCKeySizeAES128; - alg = kCCAlgorithmAES128; - algStr = "AES128"; - break; - case ALG_AES_192: - keyLength = kCCKeySizeAES192; - alg = kCCAlgorithmAES128; - algStr = "AES192"; - break; - case ALG_AES_256: - keyLength = kCCKeySizeAES256; - alg = kCCAlgorithmAES128; - algStr = "AES256"; - break; - case ALG_CAST: - keyLength = kCCKeySizeMaxCAST; - alg = kCCAlgorithmCAST; - algStr = "CAST"; - break; - case ALG_RC4: - keyLength = kCCKeySizeMaxRC4; - alg = kCCAlgorithmRC4; - algStr = "RC4"; - break; - } - - printf("Algorithm: %s keySize: %u mode: %s loops: %u bufSize: %u\n", - algStr, (unsigned)keyLength, ecbMode ? "ECB" : "CBC", - (unsigned)loops, (unsigned)bufSize); - - CFAbsoluteTime start, end; - unsigned loop; - size_t thisMoved; - - /* encrypt: GO */ - start = CFAbsoluteTimeGetCurrent(); - - ortn = CCCryptorCreate(kCCEncrypt, alg, options, - keyBytes, keyLength, NULL, &cryptor); - if(ortn) { - printCCError("CCCryptorCreate", ortn); - exit(1); - } - - for(loop=0; loop -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "bsafeUtils.h" -#include "ssleayUtils.h" -#include "rijndaelApi.h" -#include -#include - -/* - * Defaults. - */ -#define LOOPS_DEF 200 - -#define MIN_DATA_SIZE 8 -#define MAX_DATA_SIZE 10000 /* bytes */ -#define MAX_KEY_SIZE MAX_KEY_SIZE_RC245_BYTES /* bytes */ -#define LOOP_NOTIFY 20 - -#define NO_PAD_MODE CSSM_ALGMODE_ECB /* doesn't work for BSAFE */ -#define NO_PAD_MODE_BSAFE CSSM_ALGMODE_CBC_IV8 - -/* - * Enumerate algs our own way to allow iteration. - */ -typedef enum { - ALG_AES_128 = 1, /* 128 bit block, 128 bit key */ - ALG_AES_192, /* 128 bit block, 192 bit key */ - ALG_AES_256, /* 128 bit block, 256 bit key */ - ALG_DES, - ALG_3DES, - ALG_CAST, - ALG_RC4, - /* not supported by CommonCrypto */ - ALG_RC2, - ALG_RC5, - ALG_BFISH -} SymAlg; -#define ALG_FIRST ALG_AES_128 -#define ALG_LAST ALG_RC4 - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" a=algorithm (d=DES; 3=3DES3; a=AES128; n=AES192; A=AES256; c=CAST;\n"); - printf(" 4=RC4; default=all)\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" k=keySizeInBits\n"); - printf(" e(ncrypt only)\n"); - printf(" m=maxPtextSize (default=%d)\n", MAX_DATA_SIZE); - printf(" n=minPtextSize (default=%d)\n", MIN_DATA_SIZE); - printf(" p=pauseInterval (default=0, no pause)\n"); - printf(" s (all ops single-shot, not staged)\n"); - printf(" o (no padding, disable CBC if possible)\n"); - printf(" z (keys and plaintext all zeroes)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -/* - * encrypt/decrypt using reference BSAFE. - */ -static CSSM_RETURN encryptDecryptBSAFE( - CSSM_BOOL forEncrypt, - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE encrMode, - const CSSM_DATA *iv, //Êoptional per mode - uint32 keySizeInBits, - uint32 effectiveKeyBits, // optional per key alg - uint32 rounds, // ditto - const CSSM_DATA *key, // raw key bytes - const CSSM_DATA *inText, - CSSM_DATA_PTR outText) // mallocd and returned -{ - CSSM_RETURN crtn; - BU_KEY buKey; - - crtn = buGenSymKey(keySizeInBits, key, &buKey); - if(crtn) { - return crtn; - } - crtn = buEncryptDecrypt(buKey, - forEncrypt, // forEncrypt - encrAlg, - encrMode, - iv, - effectiveKeyBits, - rounds, - inText, - outText); - buFreeKey(buKey); - return crtn; -} - -/* - * encrypt/decrypt using reference ssleay. - */ -static CSSM_RETURN encryptDecryptEAY( - CSSM_BOOL forEncrypt, - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE encrMode, - const CSSM_DATA *iv, // optional per mode - uint32 keySizeInBits, - const CSSM_DATA *key, // raw key bytes, Length ignored - const CSSM_DATA *inText, - CSSM_DATA_PTR outText) // mallocd and returned -{ - CSSM_RETURN crtn; - EAY_KEY eayKey; - CSSM_DATA ckey = *key; - ckey.Length = keySizeInBits / 8; - - crtn = eayGenSymKey(encrAlg, forEncrypt, &ckey, &eayKey); - if(crtn) { - return crtn; - } - crtn = eayEncryptDecrypt(eayKey, - forEncrypt, - encrAlg, - encrMode, - iv, - inText, - outText); - eayFreeKey(eayKey); - return crtn; -} - -/* - * encrypt/decrypt using reference AES. - */ -static CSSM_RETURN encryptDecryptAES( - CSSM_BOOL forEncrypt, - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE encrMode, - const CSSM_DATA *iv, //Êoptional per mode - uint32 keySizeInBits, - uint32 effectiveKeyBits, // optional per key alg - uint32 cipherBlockSize, - uint32 rounds, // ditto - const CSSM_DATA *key, // raw key bytes - const CSSM_DATA *inText, - CSSM_DATA_PTR outText) // mallocd and returned -{ - keyInstance aesKey; - cipherInstance aesCipher; - BYTE mode; - int artn; - BYTE *ivPtr; - - if(cipherBlockSize == 0) { - cipherBlockSize = MIN_AES_BLOCK_BITS; - } - switch(encrMode) { - case CSSM_ALGMODE_CBC_IV8: - mode = MODE_CBC; - ivPtr = iv->Data; - break; - case CSSM_ALGMODE_ECB: - mode = MODE_ECB; - ivPtr = NULL; - break; - default: - printf("***AES reference implementation doesn't do padding (yet)\n"); - return CSSM_OK; - } - /* fixme - adjust for padding if necessary */ - outText->Data = (uint8 *)CSSM_MALLOC(inText->Length); - outText->Length = inText->Length; - artn = _makeKey(&aesKey, - forEncrypt ? DIR_ENCRYPT : DIR_DECRYPT, - keySizeInBits, - cipherBlockSize, - key->Data); - if(artn <= 0) { - printf("***AES makeKey returned %d\n", artn); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - artn = _cipherInit(&aesCipher, - mode, - cipherBlockSize, - ivPtr); - if(artn <= 0) { - printf("***AES cipherInit returned %d\n", artn); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - if(forEncrypt) { - artn = _blockEncrypt(&aesCipher, - &aesKey, - (BYTE *)inText->Data, - inText->Length * 8, - (BYTE *)outText->Data); - } - else { - artn = _blockDecrypt(&aesCipher, - &aesKey, - (BYTE *)inText->Data, - inText->Length * 8, - (BYTE *)outText->Data); - } - if(artn <= 0) { - printf("***AES encrypt/decrypt returned %d\n", artn); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - return CSSM_OK; -} - -/* - * Encrypt/decrypt, one-shot, using one of the various reference implementations. - */ -static CSSM_RETURN encryptDecryptRef( - CSSM_BOOL forEncrypt, - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE encrMode, - const CSSM_DATA *iv, // optional per mode - uint32 keySizeInBits, - uint32 effectiveKeyBits, // optional per key alg - uint32 cipherBlockSize, - uint32 rounds, // ditto - const CSSM_DATA *key, // raw key bytes - const CSSM_DATA *inText, - CSSM_DATA_PTR outText) // mallocd and returned -{ - switch(encrAlg) { - case CSSM_ALGID_AES: - return encryptDecryptAES( - forEncrypt, - encrAlg, - encrMode, - iv, - keySizeInBits, - effectiveKeyBits, - cipherBlockSize, - rounds, - key, - inText, - outText); - case CSSM_ALGID_BLOWFISH: - case CSSM_ALGID_CAST: - return encryptDecryptEAY( - forEncrypt, - encrAlg, - encrMode, - iv, - keySizeInBits, - key, - inText, - outText); - default: - return encryptDecryptBSAFE( - forEncrypt, - encrAlg, - encrMode, - iv, - keySizeInBits, - effectiveKeyBits, - rounds, - key, - inText, - outText); - } -} - -/* - * encrypt/decrypt using CommonCrypto. - */ -static CSSM_RETURN encryptDecryptCC( - CSSM_BOOL forEncrypt, - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE encrMode, - CSSM_PADDING padding, // CSSM_PADDING_PKCS1, etc. - uint32 cipherBlockSize, - CSSM_BOOL multiUpdates, // false:single update, true:multi updates - const CSSM_DATA *iv, // optional per mode - uint32 keySizeInBits, - const CSSM_DATA *key, // raw key bytes - const CSSM_DATA *inText, - CSSM_DATA_PTR outText) // mallocd and returned -{ - CCCryptorRef cryptor = NULL; - uint8 *intext = inText->Data; - uint32 intextLen = inText->Length; - uint8 *outtext; - size_t outtextLen; /* mallocd size of outtext */ - size_t outBytes = 0; /* bytes actually produced in outtext */ - CCCryptorStatus crtn; - uint32 blockSize; - - /* convert crypt params from CDSA to CommonCrypto */ - CCAlgorithm ccAlg; - CCOperation ccOp = forEncrypt ? kCCEncrypt : kCCDecrypt; - CCOptions ccOpts = 0; - uint8 *ccIv = NULL; - - switch(encrAlg) { - case CSSM_ALGID_DES: - ccAlg = kCCAlgorithmDES; - blockSize = kCCBlockSizeDES; - break; - case CSSM_ALGID_3DES_3KEY_EDE: - ccAlg = kCCAlgorithm3DES; - blockSize = kCCBlockSize3DES; - break; - case CSSM_ALGID_AES: - ccAlg = kCCAlgorithmAES128; - blockSize = kCCBlockSizeAES128; - break; - case CSSM_ALGID_CAST: - ccAlg = kCCAlgorithmCAST; - blockSize = kCCBlockSizeCAST; - break; - case CSSM_ALGID_RC4: - ccAlg = kCCAlgorithmRC4; - blockSize = 0; - break; - default: - printf("***BRRZAP! Unknown algorithm in encryptDecryptCC()\n"); - return -1; - } - if(padding != CSSM_PADDING_NONE) { - ccOpts |= kCCOptionPKCS7Padding; - } - switch(encrMode) { - case CSSM_ALGMODE_CBC_IV8: - /* testing DES against BSAFE */ - ccOpts = 0; - ccIv = iv->Data; - break; - case CSSM_ALGMODE_ECB: - ccIv = NULL; - break; - case CSSM_ALGMODE_CBCPadIV8: - /* padding and cbc */ - ccIv = iv->Data; - break; - case CSSM_ALGMODE_NONE: - /* stream cipher */ - ccIv = NULL; - ccOpts = 0; - break; - default: - printf("***Bad mode (%lu)\n", (unsigned long)encrMode); - return 1; - } - if(ccIv == NULL) { - ccOpts |= kCCOptionECBMode; - } - - /* alloc outtext - round up to next cipherblock boundary for encrypt */ - if(blockSize) { - unsigned blocks; - if(forEncrypt) { - blocks = (intextLen + blockSize) / blockSize; - } - else { - blocks = intextLen / blockSize; - } - outtextLen = blocks * blockSize; - } - else { - outtextLen = intextLen; - } - - outtext = (uint8 *)CSSM_MALLOC(outtextLen); - memset(outtext, 0x55, outtextLen); - - if(!multiUpdates) { - /* one shot */ - crtn = CCCrypt(ccOp, ccAlg, ccOpts, - key->Data, keySizeInBits / 8, ccIv, - intext, intextLen, - outtext, outtextLen, &outtextLen); - if(crtn) { - printf("***CCCrypt returned %ld\n", (long)crtn); - return crtn; - } - outText->Data = outtext; - outText->Length = outtextLen; - return kCCSuccess; - } - - /* staged, random sized updates */ - crtn = CCCryptorCreate(ccOp, ccAlg, ccOpts, - key->Data, keySizeInBits / 8, ccIv, - &cryptor); - if(crtn) { - printf("***CCCryptorInit returned %ld\n", (long)crtn); - return crtn; - } - - size_t toMove = intextLen; /* total to go */ - size_t thisMoveOut; /* output from CCCryptUpdate()/CCCryptFinal() */ - uint8 *outp = outtext; - uint8 *inp = intext; - - while(toMove) { - uint32 thisMoveIn; /* input to CCryptUpdate() */ - - thisMoveIn = genRand(1, toMove); - crtn = CCCryptorUpdate(cryptor, inp, thisMoveIn, - outp, outtextLen, &thisMoveOut); - if(crtn) { - printf("***CCCryptorUpdate returned %ld\n", (long)crtn); - goto errOut; - } - inp += thisMoveIn; - toMove -= thisMoveIn; - outp += thisMoveOut; - outtextLen -= thisMoveOut; - outBytes += thisMoveOut; - } - crtn = CCCryptorFinal(cryptor, outp, outtextLen, &thisMoveOut); - if(crtn) { - printf("***CCCryptorFinal returned %ld\n", (long)crtn); - goto errOut; - } - outBytes += thisMoveOut; - outText->Data = outtext; - outText->Length = outBytes; - crtn = kCCSuccess; -errOut: - if(cryptor) { - CCCryptorRelease(cryptor); - } - return crtn; -} - -#define LOG_FREQ 20 - -static int doTest( - const CSSM_DATA *ptext, - const CSSM_DATA *keyData, - const CSSM_DATA *iv, - uint32 keyAlg, // CSSM_ALGID_xxx of the key - uint32 encrAlg, // encrypt/decrypt - uint32 encrMode, - uint32 padding, - uint32 keySizeInBits, - uint32 efectiveKeySizeInBits, - uint32 cipherBlockSize, - CSSM_BOOL stagedEncr, - CSSM_BOOL stagedDecr, - CSSM_BOOL quiet, - CSSM_BOOL encryptOnly) -{ - CSSM_DATA ctextRef = {0, NULL}; // ciphertext, reference - CSSM_DATA ctextTest = {0, NULL}; // ciphertext, test - CSSM_DATA rptext = {0, NULL}; // recovered plaintext - int rtn = 0; - CSSM_RETURN crtn; - uint32 rounds = 0; - - if(encrAlg == CSSM_ALGID_RC5) { - /* roll the dice, pick one of three values for rounds */ - unsigned die = genRand(1,3); - switch(die) { - case 1: - rounds = 8; - break; - case 2: - rounds = 12; - break; - case 3: - rounds = 16; - break; - } - } - - /* - * encrypt with each method; - * verify ciphertexts compare; - * decrypt with test code; - * verify recovered plaintext and incoming plaintext compare; - */ - crtn = encryptDecryptRef(CSSM_TRUE, - encrAlg, - encrMode, - iv, - keySizeInBits, - efectiveKeySizeInBits, - cipherBlockSize, - rounds, - keyData, - ptext, - &ctextRef); - if(crtn) { - return testError(quiet); - } - crtn = encryptDecryptCC(CSSM_TRUE, - encrAlg, - encrMode, - padding, - cipherBlockSize, - stagedEncr, - iv, - keySizeInBits, - keyData, - ptext, - &ctextTest); - if(crtn) { - return testError(quiet); - } - - /* ensure both methods resulted in same ciphertext */ - if(ctextRef.Length != ctextTest.Length) { - printf("Ctext length mismatch (1)\n"); - rtn = testError(quiet); - if(rtn) { - goto abort; - } - } - if(memcmp(ctextRef.Data, ctextTest.Data, ctextTest.Length)) { - printf("Ctext miscompare\n"); - rtn = testError(quiet); - if(rtn) { - goto abort; - } - } - - if(encryptOnly) { - rtn = 0; - goto abort; - } - - /* decrypt with the test method */ - crtn = encryptDecryptCC(CSSM_FALSE, - encrAlg, - encrMode, - padding, - cipherBlockSize, - stagedDecr, - iv, - keySizeInBits, - keyData, - &ctextTest, - &rptext); - if(crtn) { - return testError(quiet); - } - if(rptext.Length != ptext->Length) { - printf("ptext length mismatch (1)\n"); - rtn = testError(quiet); - if(rtn) { - goto abort; - } - } - if(memcmp(rptext.Data, ptext->Data, ptext->Length)) { - printf("ptext miscompare\n"); - const unsigned char *cp = (const unsigned char *)rptext.Data; - printf("rptext %p: %02X %02X %02X %02X...\n", - cp, cp[0], cp[1], cp[2], cp[3]); - rtn = testError(quiet); - } - else { - rtn = 0; - } -abort: - if(ctextTest.Data) { - CSSM_FREE(ctextTest.Data); - } - if(ctextRef.Length) { - CSSM_FREE(ctextRef.Data); - } - if(rptext.Length) { - CSSM_FREE(rptext.Data); - } - return rtn; -} - - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - CSSM_DATA ptext; - CSSM_BOOL stagedEncr; - CSSM_BOOL stagedDecr; - const char *algStr; - uint32 keyAlg; // CSSM_ALGID_xxx of the key - uint32 encrAlg; // CSSM_ALGID_xxx of encr/decr - int i; - unsigned currAlg; // ALG_xxx - uint32 actKeySizeInBits; - uint32 effectKeySizeInBits; - int rtn = 0; - uint32 blockSize; // for noPadding case - CSSM_DATA keyData; - CSSM_DATA initVector; - uint32 minTextSize; - - /* - * User-spec'd params - */ - CSSM_BOOL keySizeSpec = CSSM_FALSE; // false: use rand key size - unsigned minAlg = ALG_FIRST; - unsigned maxAlg = ALG_LAST; - unsigned loops = LOOPS_DEF; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - unsigned pauseInterval = 0; - uint32 mode; - uint32 padding; - CSSM_BOOL noPadding = CSSM_FALSE; - CSSM_BOOL encryptOnly = CSSM_FALSE; - uint32 cipherBlockSize = 0; // AES only, bits, 0 ==> default - unsigned maxPtextSize = MAX_DATA_SIZE; - unsigned minPtextSize = MIN_DATA_SIZE; - CSSM_BOOL oneShotOnly = CSSM_FALSE; - CSSM_BOOL allZeroes = CSSM_FALSE; - - for(arg=1; arg align ptext */ - ptext.Length = (ptext.Length / blockSize) * blockSize; - } - if(allZeroes) { - memset(ptext.Data, 0, ptext.Length); - memset(keyData.Data, 0, MAX_KEY_SIZE); - keyData.Length = MAX_KEY_SIZE; - } - else { - simpleGenData(&keyData, MAX_KEY_SIZE, MAX_KEY_SIZE); - } - - if(!keySizeSpec) { - /* - * CommonCrypto's AES does one key size only - */ - if(keyAlg != CSSM_ALGID_AES) { - effectKeySizeInBits = randKeySizeBits(keyAlg, OT_Encrypt); - /* - * generate keys with well aligned sizes; effectiveKeySize - * differs only if not well aligned - */ - actKeySizeInBits = (effectKeySizeInBits + 7) & ~7; - } - } - /* else constant, spec'd by user, may be 0 (default per alg) */ - /* mix up staging */ - if(oneShotOnly) { - stagedEncr = CSSM_FALSE; - stagedDecr = CSSM_FALSE; - } - else { - stagedEncr = (loop & 1) ? CSSM_TRUE : CSSM_FALSE; - stagedDecr = (loop & 2) ? CSSM_TRUE : CSSM_FALSE; - } - if(!quiet) { - if(verbose || ((loop % LOOP_NOTIFY) == 0)) { - if(cipherBlockSize) { - printf("..loop %d text size %lu keySizeBits %u" - " blockSize %u stagedEncr %d stagedDecr %d mode %s pad %s\n", - loop, (unsigned long)ptext.Length, (unsigned)effectKeySizeInBits, - (unsigned)cipherBlockSize, (int)stagedEncr, (int)stagedDecr, - modeStr, padStr); - } - else { - printf("..loop %d text size %lu keySizeBits %u" - " stagedEncr %d stagedDecr %d mode %s pad %s\n", - loop, (unsigned long)ptext.Length, (unsigned)effectKeySizeInBits, - (int)stagedEncr, (int)stagedDecr, modeStr, padStr); - } - } - } - - if(doTest(&ptext, - &keyData, - &initVector, - keyAlg, - encrAlg, - mode, - padding, - actKeySizeInBits, - actKeySizeInBits, // FIXME - test effective key size - cipherBlockSize, - stagedEncr, - stagedDecr, - quiet, - encryptOnly)) { - rtn = 1; - break; - } - if(pauseInterval && ((loop % pauseInterval) == 0)) { - char c; - fpurge(stdin); - printf("Hit CR to proceed, q to abort: "); - c = getchar(); - if(c == 'q') { - goto testDone; - } - } - if(loops && (loop == loops)) { - break; - } - } /* main loop */ - if(rtn) { - break; - } - - } /* for algs */ - -testDone: - if(pauseInterval) { - fpurge(stdin); - printf("ModuleDetach/Unload complete; hit CR to exit: "); - getchar(); - } - if((rtn == 0) && !quiet) { - printf("%s test complete\n", argv[0]); - } - CSSM_FREE(ptext.Data); - CSSM_FREE(keyData.Data); - return rtn; -} - - diff --git a/SecurityTests/cspxutils/ccSymTest/Makefile b/SecurityTests/cspxutils/ccSymTest/Makefile deleted file mode 100644 index 24179763..00000000 --- a/SecurityTests/cspxutils/ccSymTest/Makefile +++ /dev/null @@ -1,56 +0,0 @@ -# name of executable to build -EXECUTABLE=ccSymTest -# C++ source (with .cpp extension) -CPSOURCE= ccSymTest.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= -I$(LOCAL_BUILD)/include - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -# this is for linking against a custom libSystem...this is where it goes. -# You also need to do a setenv DYLD_LIBRARY_PATH /tmp/System/Debug to run. -PROJ_LDFLAGS= -L$(LOCAL_BUILD) - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/ccSymTest/ccSymTest.cpp b/SecurityTests/cspxutils/ccSymTest/ccSymTest.cpp deleted file mode 100644 index 83401500..00000000 --- a/SecurityTests/cspxutils/ccSymTest/ccSymTest.cpp +++ /dev/null @@ -1,777 +0,0 @@ -/* Copyright (c) 2006,2008 Apple Inc. - * - * ccSymTest.c - test CommonCrypto symmetric encrypt/decrypt. - */ -#include -#include -#include -#include -#include "common.h" -#include - -/* - * Defaults. - */ -#define LOOPS_DEF 500 -#define MIN_DATA_SIZE 8 -#define MAX_DATA_SIZE 10000 /* bytes */ -#define MAX_KEY_SIZE kCCKeySizeMaxRC4 /* bytes */ -#define MAX_BLOCK_SIZE kCCBlockSizeAES128 /* bytes */ -#define LOOP_NOTIFY 250 - -/* - * Enumerate algs our own way to allow iteration. - */ -typedef enum { - ALG_AES_128 = 1, /* 128 bit block, 128 bit key */ - ALG_AES_192, /* 128 bit block, 192 bit key */ - ALG_AES_256, /* 128 bit block, 256 bit key */ - ALG_DES, - ALG_3DES, - ALG_CAST, - ALG_RC4, - /* these aren't in CommonCrypto (yet?) */ - ALG_RC2, - ALG_RC5, - ALG_BFISH, - ALG_ASC, - ALG_NULL /* normally not used */ -} SymAlg; -#define ALG_FIRST ALG_AES_128 -#define ALG_LAST ALG_RC4 - - -#define LOG_SIZE 0 -#if LOG_SIZE -#define logSize(s) printf s -#else -#define logSize(s) -#endif - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" a=algorithm (d=DES; 3=3DES; a=AES128; n=AES192; A=AES256; \n"); - printf(" c=CAST; 4=RC4; default=all)\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" m=maxPtextSize (default=%d)\n", MAX_DATA_SIZE); - printf(" n=minPtextSize (default=%d)\n", MIN_DATA_SIZE); - printf(" k=keySizeInBytes\n"); - printf(" p=pauseInterval (default=0, no pause)\n"); - printf(" o (no padding, well-aligned plaintext)\n"); - printf(" e (ECB only)\n"); - printf(" E (CBC only, no ECB)\n"); - printf(" u (no multi-update ops)\n"); - printf(" U (only multi-update ops)\n"); - printf(" x (always allocate context)\n"); - printf(" X (never allocate context)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -static void printCCError(const char *str, CCCryptorStatus crtn) -{ - const char *errStr; - char unknownStr[200]; - - switch(crtn) { - case kCCSuccess: errStr = "kCCSuccess"; break; - case kCCParamError: errStr = "kCCParamError"; break; - case kCCBufferTooSmall: errStr = "kCCBufferTooSmall"; break; - case kCCMemoryFailure: errStr = "kCCMemoryFailure"; break; - case kCCAlignmentError: errStr = "kCCAlignmentError"; break; - case kCCDecodeError: errStr = "kCCDecodeError"; break; - case kCCUnimplemented: errStr = "kCCUnimplemented"; break; - default: - sprintf(unknownStr, "Unknown(%ld)\n", (long)crtn); - errStr = unknownStr; - break; - } - printf("***%s returned %s\n", str, errStr); -} - -/* max context size */ -#define CC_MAX_CTX_SIZE kCCContextSizeRC4 - -/* - * We write a marker at end of expected output and at end of caller-allocated - * CCCryptorRef, and check at the end to make sure they weren't written - */ -#define MARKER_LENGTH 8 -#define MARKER_BYTE 0x7e - -/* - * Test harness for CCCryptor with lots of options. - */ -CCCryptorStatus doCCCrypt( - bool forEncrypt, - CCAlgorithm encrAlg, - bool doCbc, - bool doPadding, - const void *keyBytes, size_t keyLen, - const void *iv, - bool randUpdates, - bool inPlace, /* !doPadding only */ - size_t ctxSize, /* if nonzero, we allocate ctx */ - bool askOutSize, - const uint8_t *inText, size_t inTextLen, - uint8_t **outText, size_t *outTextLen) /* both returned, WE malloc */ -{ - CCCryptorRef cryptor = NULL; - CCCryptorStatus crtn; - CCOperation op = forEncrypt ? kCCEncrypt : kCCDecrypt; - CCOptions options = 0; - uint8_t *outBuf = NULL; /* mallocd output buffer */ - uint8_t *outp; /* running ptr into outBuf */ - const uint8 *inp; /* running ptr into inText */ - size_t outLen; /* bytes remaining in outBuf */ - size_t toMove; /* bytes remaining in inText */ - size_t thisMoveOut; /* output from CCCryptUpdate()/CCCryptFinal() */ - size_t outBytes; /* total bytes actually produced in outBuf */ - char ctx[CC_MAX_CTX_SIZE]; /* for CCCryptorCreateFromData() */ - uint8_t *textMarker = NULL; /* 8 bytes of marker here after expected end of - * output */ - char *ctxMarker = NULL; /* ditto for caller-provided context */ - unsigned dex; - size_t askedOutSize; /* from the lib */ - size_t thisOutLen; /* dataOutAvailable we use */ - - if(ctxSize > CC_MAX_CTX_SIZE) { - printf("***HEY! Adjust CC_MAX_CTX_SIZE!\n"); - exit(1); - } - if(!doCbc) { - options |= kCCOptionECBMode; - } - if(doPadding) { - options |= kCCOptionPKCS7Padding; - } - - /* just hack this one */ - outLen = inTextLen; - if(forEncrypt) { - outLen += MAX_BLOCK_SIZE; - } - - outBuf = (uint8_t *)malloc(outLen + MARKER_LENGTH); - - /* library should not touch this memory */ - textMarker = outBuf + outLen; - memset(textMarker, MARKER_BYTE, MARKER_LENGTH); - - /* subsequent errors to errOut: */ - - if(inPlace) { - memmove(outBuf, inText, inTextLen); - inp = outBuf; - } - else { - inp = inText; - } - - if(!randUpdates) { - /* one shot */ - if(askOutSize) { - crtn = CCCrypt(op, encrAlg, options, - keyBytes, keyLen, iv, - inp, inTextLen, - outBuf, 0, &askedOutSize); - if(crtn != kCCBufferTooSmall) { - printf("***Did not get kCCBufferTooSmall as expected\n"); - printf(" alg %d inTextLen %lu cbc %d padding %d keyLen %lu\n", - (int)encrAlg, (unsigned long)inTextLen, (int)doCbc, (int)doPadding, - (unsigned long)keyLen); - printCCError("CCCrypt", crtn); - crtn = -1; - goto errOut; - } - outLen = askedOutSize; - } - crtn = CCCrypt(op, encrAlg, options, - keyBytes, keyLen, iv, - inp, inTextLen, - outBuf, outLen, &outLen); - if(crtn) { - printCCError("CCCrypt", crtn); - goto errOut; - } - *outText = outBuf; - *outTextLen = outLen; - goto errOut; - } - - /* random multi updates */ - if(ctxSize) { - size_t ctxSizeCreated; - - if(askOutSize) { - crtn = CCCryptorCreateFromData(op, encrAlg, options, - keyBytes, keyLen, iv, - ctx, 0 /* ctxSize */, - &cryptor, &askedOutSize); - if(crtn != kCCBufferTooSmall) { - printf("***Did not get kCCBufferTooSmall as expected\n"); - printCCError("CCCryptorCreateFromData", crtn); - crtn = -1; - goto errOut; - } - ctxSize = askedOutSize; - } - crtn = CCCryptorCreateFromData(op, encrAlg, options, - keyBytes, keyLen, iv, - ctx, ctxSize, &cryptor, &ctxSizeCreated); - if(crtn) { - printCCError("CCCryptorCreateFromData", crtn); - return crtn; - } - ctxMarker = ctx + ctxSizeCreated; - memset(ctxMarker, MARKER_BYTE, MARKER_LENGTH); - } - else { - crtn = CCCryptorCreate(op, encrAlg, options, - keyBytes, keyLen, iv, - &cryptor); - if(crtn) { - printCCError("CCCryptorCreate", crtn); - return crtn; - } - } - - toMove = inTextLen; /* total to go */ - outp = outBuf; - outBytes = 0; /* bytes actually produced in outBuf */ - - while(toMove) { - uint32 thisMoveIn; /* input to CCryptUpdate() */ - - thisMoveIn = genRand(1, toMove); - logSize(("###ptext segment len %lu\n", (unsigned long)thisMoveIn)); - if(askOutSize) { - thisOutLen = CCCryptorGetOutputLength(cryptor, thisMoveIn, false); - } - else { - thisOutLen = outLen; - } - crtn = CCCryptorUpdate(cryptor, inp, thisMoveIn, - outp, thisOutLen, &thisMoveOut); - if(crtn) { - printCCError("CCCryptorUpdate", crtn); - goto errOut; - } - inp += thisMoveIn; - toMove -= thisMoveIn; - outp += thisMoveOut; - outLen -= thisMoveOut; - outBytes += thisMoveOut; - } - - if(doPadding) { - /* Final is not needed if padding is disabled */ - if(askOutSize) { - thisOutLen = CCCryptorGetOutputLength(cryptor, 0, true); - } - else { - thisOutLen = outLen; - } - crtn = CCCryptorFinal(cryptor, outp, thisOutLen, &thisMoveOut); - } - else { - thisMoveOut = 0; - crtn = kCCSuccess; - } - - if(crtn) { - printCCError("CCCryptorFinal", crtn); - goto errOut; - } - - outBytes += thisMoveOut; - *outText = outBuf; - *outTextLen = outBytes; - crtn = kCCSuccess; - - for(dex=0; dex 31) { - printf("We don't have that many bits\n"); - exit(1); - } - unsigned mask = 1 << bit; - return (word & mask) ? true : false; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - uint8 *ptext; - size_t ptextLen; - bool stagedEncr; - bool stagedDecr; - bool doPadding; - bool doCbc; - bool nullIV; - const char *algStr; - CCAlgorithm encrAlg; - int i; - int currAlg; // ALG_xxx - uint32 minKeySizeInBytes; - uint32 maxKeySizeInBytes; - uint32 keySizeInBytes; - int rtn = 0; - uint32 blockSize; // for noPadding case - size_t ctxSize; // always set per alg - size_t ctxSizeUsed; // passed to doTest - bool askOutSize; // inquire output size each op - - /* - * User-spec'd params - */ - bool keySizeSpec = false; // false: use rand key size - SymAlg minAlg = ALG_FIRST; - SymAlg maxAlg = ALG_LAST; - unsigned loops = LOOPS_DEF; - bool verbose = false; - size_t minPtextSize = MIN_DATA_SIZE; - size_t maxPtextSize = MAX_DATA_SIZE; - bool quiet = false; - unsigned pauseInterval = 0; - bool paddingSpec = false; // true: user calls doPadding, const - bool cbcSpec = false; // ditto for doCbc - bool stagedSpec = false; // ditto for stagedEncr and stagedDecr - bool inPlace = false; // en/decrypt in place for ECB - bool allocCtxSpec = false; // use allocCtx - bool allocCtx = false; // allocate context ourself - - for(arg=1; arg ALG_LAST) { - /* we left them in the switch but we can't use them */ - usage(argv); - } - break; - case 'l': - loops = atoi(&argp[2]); - break; - case 'n': - minPtextSize = atoi(&argp[2]); - break; - case 'm': - maxPtextSize = atoi(&argp[2]); - break; - case 'k': - minKeySizeInBytes = maxKeySizeInBytes = atoi(&argp[2]); - keySizeSpec = true; - break; - case 'x': - allocCtxSpec = true; - allocCtx = true; - break; - case 'X': - allocCtxSpec = true; - allocCtx = false; - break; - case 'v': - verbose = true; - break; - case 'q': - quiet = true; - break; - case 'p': - pauseInterval = atoi(&argp[2]);; - break; - case 'o': - doPadding = false; - paddingSpec = true; - break; - case 'e': - doCbc = false; - cbcSpec = true; - break; - case 'E': - doCbc = true; - cbcSpec = true; - break; - case 'u': - stagedEncr = false; - stagedDecr = false; - stagedSpec = true; - break; - case 'U': - stagedEncr = true; - stagedDecr = true; - stagedSpec = true; - break; - case 'h': - default: - usage(argv); - } - } - ptext = (uint8 *)malloc(maxPtextSize); - if(ptext == NULL) { - printf("Insufficient heap space\n"); - exit(1); - } - /* ptext length set in test loop */ - - printf("Starting ccSymTest; args: "); - for(i=1; i 0 ) - switch ( "$argv[1]" ) - case q: - set QUIET = q - shift - breaksw - default: - cat cspdvt_usage - exit(1) - endsw -end -set CSPXUTILS=`pwd` -#TODO $BUILD_DIR/ccSymCompat $QUIET || exit(1) -#TODO $BUILD_DIR/ccSymCompat o $QUIET || exit(1) -$BUILD_DIR/ccSymTest $QUIET || exit(1) -$BUILD_DIR/ccHmacCompat $QUIET || exit(1) -$BUILD_DIR/ccHmacClone $QUIET || exit(1) -$BUILD_DIR/ccOneShot $QUIET || exit(1) -$BUILD_DIR/ccOpensslCompat $QUIET || exit(1) - -echo ===== ccdvt success ===== diff --git a/SecurityTests/cspxutils/ccmake b/SecurityTests/cspxutils/ccmake deleted file mode 100755 index 9e761ac6..00000000 --- a/SecurityTests/cspxutils/ccmake +++ /dev/null @@ -1,46 +0,0 @@ -#! /bin/csh -f -# -# make all CommonCrypto tests (from scratch). -# -set DO_CLEAN=NO -set LOCAL_CC= - -set TARGETS= (ccSymCompat \ - ccSymTest \ - ccHmacCompat \ - ccHmacClone \ - ccOneShot \ - ccCtxSize \ - ccPerform \ - ccOpensslCompat ) - -while ( $#argv > 0 ) - switch ( "$argv[1]" ) - case clean: - set DO_CLEAN=YES - shift - breaksw - case local: - set LOCAL_CC="-lcommonCrypto -L$LOCAL_BUILD_DIR" - shift - breaksw - default: - echo "Usage: ccmake [clean] [local]" - exit(1) - endsw -end - -set CSPXUTILS=`pwd` - -foreach targ ($TARGETS) - if($DO_CLEAN == YES) then - echo ====== Cleaning $targ ====== - cd $CSPXUTILS/$targ - make clean || exit(1) - else - echo ====== Building $targ ====== - cd $CSPXUTILS/$targ - make PROJ_LDFLAGS="$LOCAL_CC" || exit(1) - endif -end - diff --git a/SecurityTests/cspxutils/clearPubKeyTest/Makefile b/SecurityTests/cspxutils/clearPubKeyTest/Makefile deleted file mode 100644 index e7e04731..00000000 --- a/SecurityTests/cspxutils/clearPubKeyTest/Makefile +++ /dev/null @@ -1,56 +0,0 @@ -# name of executable to build -EXECUTABLE=clearPubKeyTest -# C++ source (with .cpp extension) -CPSOURCE=clearPubKeyTest.cpp -# C source (.c extension) -CSOURCE= - -### all of the rest is optional. - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/clearPubKeyTest/clearPubKeyTest.cpp b/SecurityTests/cspxutils/clearPubKeyTest/clearPubKeyTest.cpp deleted file mode 100644 index 81c73e4a..00000000 --- a/SecurityTests/cspxutils/clearPubKeyTest/clearPubKeyTest.cpp +++ /dev/null @@ -1,395 +0,0 @@ -/* - * clearPubKeyTest.cpp - * - * Test CSSM_KEYATTR_PUBLIC_KEY_ENCRYPT. This cannot be run on a handsoff environment; - * it forces Keychain unlock dialogs. - */ - -#include -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" - -#define KEYCHAIN_NAME "/tmp/clearPubKey.keychain" -#define KEYCHAIN_PWD "pwd" -#define KEY_ALG CSSM_ALGID_RSA -#define KEYSIZE 1024 -#define ENCRALG CSSM_ALGID_RSA - -static void usage(char **argv) -{ - printf("usage: %s -v(erbose)\n", argv[0]); - exit(1); -} - -static void printNoDialog() -{ - printf("*** If you get a keychain unlock dialog here the test is failing ***\n"); -} - -static void printExpectDialog() -{ - printf("*** You MUST get a keychain unlock dialog here (password = '%s') ***\n", - KEYCHAIN_PWD); -} - -static bool didGetDialog() -{ - fpurge(stdin); - printf("Enter 'y' if you just got a keychain unlock dialog: "); - if(getchar() == 'y') { - return 1; - } - printf("***Well, you really should have. Test failed.\n"); - return 0; -} - -static void verboseDisp(bool verbose, const char *str) -{ - if(verbose) { - printf("...%s\n", str); - } -} - -/* generate key pair, optionally storing the public key in encrypted form */ -static int genKeyPair( - bool pubKeyIsEncrypted, - SecKeychainRef kcRef, - SecKeyRef *pubKeyRef, - SecKeyRef *privKeyRef) -{ - /* gather keygen args */ - CSSM_ALGORITHMS keyAlg = KEY_ALG; - uint32 keySizeInBits = KEYSIZE; - CSSM_KEYUSE pubKeyUsage = CSSM_KEYUSE_ANY; - uint32 pubKeyAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT; - if(pubKeyIsEncrypted) { - pubKeyAttr |= CSSM_KEYATTR_PUBLIC_KEY_ENCRYPT; - } - CSSM_KEYUSE privKeyUsage = CSSM_KEYUSE_ANY; - uint32 privKeyAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE | - CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_SENSITIVE; - - OSStatus ortn = SecKeyCreatePair(kcRef, keyAlg, keySizeInBits, 0, - pubKeyUsage, pubKeyAttr, - privKeyUsage, privKeyAttr, - NULL, // default initial access for now - pubKeyRef, privKeyRef); - if(ortn) { - cssmPerror("SecKeyCreatePair", ortn); - return 1; - } - return 0; -} - -/* encrypt something with a public key */ -static int pubKeyEncrypt( - SecKeyRef pubKeyRef) -{ - const CSSM_KEY *cssmKey; - OSStatus ortn; - CSSM_CSP_HANDLE cspHand; - - ortn = SecKeyGetCSSMKey(pubKeyRef, &cssmKey); - if(ortn) { - cssmPerror("SecKeyGetCSSMKey", ortn); - return -1; - } - ortn = SecKeyGetCSPHandle(pubKeyRef, &cspHand); - if(ortn) { - cssmPerror("SecKeyGetCSPHandle", ortn); - return -1; - } - - char *ptext = "something to encrypt"; - CSSM_DATA ptextData = {strlen(ptext), (uint8 *)ptext}; - CSSM_DATA ctextData = { 0, NULL }; - CSSM_RETURN crtn; - - crtn = cspEncrypt(cspHand, CSSM_ALGID_RSA, - 0, CSSM_PADDING_PKCS1, // mode/pad - cssmKey, NULL, - 0, 0, // effect/rounds - NULL, // IV - &ptextData, &ctextData, CSSM_FALSE); - if(crtn) { - return -1; - } - /* slighyly hazardous, allocated by CSPDL's allocator */ - free(ctextData.Data); - return 0; -} - -int main(int argc, char **argv) -{ - bool verbose = false; - - int arg; - while ((arg = getopt(argc, argv, "vh")) != -1) { - switch (arg) { - case 'v': - verbose = true; - break; - case 'h': - usage(argv); - } - } - if(optind != argc) { - usage(argv); - } - - printNoDialog(); - - /* initial setup */ - verboseDisp(verbose, "deleting keychain"); - unlink(KEYCHAIN_NAME); - - verboseDisp(verbose, "creating keychain"); - SecKeychainRef kcRef = NULL; - OSStatus ortn = SecKeychainCreate(KEYCHAIN_NAME, - strlen(KEYCHAIN_PWD), KEYCHAIN_PWD, - false, NULL, &kcRef); - if(ortn) { - cssmPerror("SecKeychainCreate", ortn); - exit(1); - } - - /* - * 1. Generate key pair with cleartext public key. - * Ensure we can use the public key when keychain is locked with no - * user interaction. - */ - - /* generate key pair, cleartext public key */ - verboseDisp(verbose, "creating key pair, cleartext public key"); - SecKeyRef pubKeyRef = NULL; - SecKeyRef privKeyRef = NULL; - if(genKeyPair(false, kcRef, &pubKeyRef, &privKeyRef)) { - exit(1); - } - - /* Use generated cleartext public key with locked keychain */ - verboseDisp(verbose, "locking keychain, exporting public key"); - SecKeychainLock(kcRef); - CFDataRef exportData = NULL; - ortn = SecKeychainItemExport(pubKeyRef, kSecFormatOpenSSL, 0, NULL, &exportData); - if(ortn) { - cssmPerror("SecKeychainCreate", ortn); - exit(1); - } - CFRelease(exportData); - - verboseDisp(verbose, "locking keychain, encrypting with public key"); - SecKeychainLock(kcRef); - if(pubKeyEncrypt(pubKeyRef)) { - exit(1); - } - - /* reset */ - verboseDisp(verbose, "deleting keys"); - ortn = SecKeychainItemDelete((SecKeychainItemRef)pubKeyRef); - if(ortn) { - cssmPerror("SecKeychainItemDelete", ortn); - exit(1); - } - ortn = SecKeychainItemDelete((SecKeychainItemRef)privKeyRef); - if(ortn) { - cssmPerror("SecKeychainItemDelete", ortn); - exit(1); - } - CFRelease(pubKeyRef); - CFRelease(privKeyRef); - - /* - * 2. Generate key pair with encrypted public key. - * Ensure that user interaction is required when we use the public key - * when keychain is locked. - */ - - verboseDisp(verbose, "programmatically unlocking keychain"); - ortn = SecKeychainUnlock(kcRef, strlen(KEYCHAIN_PWD), KEYCHAIN_PWD, TRUE); - if(ortn) { - cssmPerror("SecKeychainItemDelete", ortn); - exit(1); - } - - /* generate key pair, encrypted public key */ - verboseDisp(verbose, "creating key pair, encrypted public key"); - if(genKeyPair(true, kcRef, &pubKeyRef, &privKeyRef)) { - exit(1); - } - - /* Use generated encrypted public key with locked keychain */ - verboseDisp(verbose, "locking keychain, exporting public key"); - SecKeychainLock(kcRef); - printExpectDialog(); - ortn = SecKeychainItemExport(pubKeyRef, kSecFormatOpenSSL, 0, NULL, &exportData); - if(ortn) { - cssmPerror("SecKeychainCreate", ortn); - exit(1); - } - /* we'll use that exported blob later to test import */ - if(!didGetDialog()) { - exit(1); - } - - verboseDisp(verbose, "locking keychain, encrypting with public key"); - SecKeychainLock(kcRef); - printExpectDialog(); - if(pubKeyEncrypt(pubKeyRef)) { - exit(1); - } - if(!didGetDialog()) { - exit(1); - } - - /* reset */ - printNoDialog(); - verboseDisp(verbose, "locking keychain"); - SecKeychainLock(kcRef); - verboseDisp(verbose, "deleting keys"); - ortn = SecKeychainItemDelete((SecKeychainItemRef)pubKeyRef); - if(ortn) { - cssmPerror("SecKeychainItemDelete", ortn); - exit(1); - } - ortn = SecKeychainItemDelete((SecKeychainItemRef)privKeyRef); - if(ortn) { - cssmPerror("SecKeychainItemDelete", ortn); - exit(1); - } - CFRelease(pubKeyRef); - CFRelease(privKeyRef); - - /* - * 3. Import public key, storing in cleartext. Ensure that the import - * doesn't require unlock, and ensure we can use the public key - * when keychain is locked with no user interaction. - */ - - printNoDialog(); - verboseDisp(verbose, "locking keychain"); - SecKeychainLock(kcRef); - - /* import public key - default is in the clear */ - verboseDisp(verbose, "importing public key, store in the clear (default)"); - CFArrayRef outArray = NULL; - SecExternalFormat format = kSecFormatOpenSSL; - SecExternalItemType type = kSecItemTypePublicKey; - ortn = SecKeychainItemImport(exportData, - NULL, &format, &type, - 0, NULL, - kcRef, &outArray); - if(ortn) { - cssmPerror("SecKeychainItemImport", ortn); - exit(1); - } - CFRelease(exportData); - if(CFArrayGetCount(outArray) != 1) { - printf("***Unexpected outArray size (%ld) after import\n", - (long)CFArrayGetCount(outArray)); - exit(1); - } - pubKeyRef = (SecKeyRef)CFArrayGetValueAtIndex(outArray, 0); - if(CFGetTypeID(pubKeyRef) != SecKeyGetTypeID()) { - printf("***Unexpected item type after import\n"); - exit(1); - } - - /* Use imported cleartext public key with locked keychain */ - verboseDisp(verbose, "locking keychain, exporting public key"); - SecKeychainLock(kcRef); - exportData = NULL; - ortn = SecKeychainItemExport(pubKeyRef, kSecFormatOpenSSL, 0, NULL, &exportData); - if(ortn) { - cssmPerror("SecKeychainItemExport", ortn); - exit(1); - } - /* we'll use exportData again */ - - verboseDisp(verbose, "locking keychain, encrypting with public key"); - SecKeychainLock(kcRef); - if(pubKeyEncrypt(pubKeyRef)) { - exit(1); - } - - /* reset */ - verboseDisp(verbose, "deleting key"); - ortn = SecKeychainItemDelete((SecKeychainItemRef)pubKeyRef); - if(ortn) { - cssmPerror("SecKeychainItemDelete", ortn); - exit(1); - } - CFRelease(pubKeyRef); - - /* - * Import public key, storing in encrypted form. - * Ensure that user interaction is required when we use the public key - * when keychain is locked. - */ - - /* import public key, encrypted in the keychain */ - SecKeyImportExportParameters impExpParams; - memset(&impExpParams, 0, sizeof(impExpParams)); - impExpParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; - impExpParams.keyAttributes = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE | - CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_PUBLIC_KEY_ENCRYPT; - verboseDisp(verbose, "importing public key, store encrypted"); - printExpectDialog(); - outArray = NULL; - format = kSecFormatOpenSSL; - type = kSecItemTypePublicKey; - ortn = SecKeychainItemImport(exportData, - NULL, &format, &type, - 0, &impExpParams, - kcRef, &outArray); - if(ortn) { - cssmPerror("SecKeychainItemImport", ortn); - exit(1); - } - if(!didGetDialog()) { - exit(1); - } - CFRelease(exportData); - if(CFArrayGetCount(outArray) != 1) { - printf("***Unexpected outArray size (%ld) after import\n", - (long)CFArrayGetCount(outArray)); - exit(1); - } - pubKeyRef = (SecKeyRef)CFArrayGetValueAtIndex(outArray, 0); - if(CFGetTypeID(pubKeyRef) != SecKeyGetTypeID()) { - printf("***Unexpected item type after import\n"); - exit(1); - } - - /* Use imported encrypted public key with locked keychain */ - verboseDisp(verbose, "locking keychain, exporting public key"); - SecKeychainLock(kcRef); - printExpectDialog(); - ortn = SecKeychainItemExport(pubKeyRef, kSecFormatOpenSSL, 0, NULL, &exportData); - if(ortn) { - cssmPerror("SecKeychainItemExport", ortn); - exit(1); - } - if(!didGetDialog()) { - exit(1); - } - CFRelease(exportData); - - verboseDisp(verbose, "locking keychain, encrypting with public key"); - SecKeychainLock(kcRef); - printExpectDialog(); - if(pubKeyEncrypt(pubKeyRef)) { - exit(1); - } - if(!didGetDialog()) { - exit(1); - } - - SecKeychainDelete(kcRef); - printf("...test succeeded.\n"); - return 0; -} diff --git a/SecurityTests/cspxutils/contextReuse/Makefile b/SecurityTests/cspxutils/contextReuse/Makefile deleted file mode 100644 index 8ead19ca..00000000 --- a/SecurityTests/cspxutils/contextReuse/Makefile +++ /dev/null @@ -1,55 +0,0 @@ -# name of executable to build -EXECUTABLE=contextReuse -# C++ source (with .cpp extension) -CPSOURCE= contextReuse.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -lcrypto -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= -F/System/Library/PrivateFrameworks - -# -# Optional link flags (using cc, not ld) -# -#PROJ_LDFLAGS= -lMallocDebug -lBSafe -PROJ_LDFLAGS= - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/contextReuse/contextReuse.cpp b/SecurityTests/cspxutils/contextReuse/contextReuse.cpp deleted file mode 100644 index 993d1799..00000000 --- a/SecurityTests/cspxutils/contextReuse/contextReuse.cpp +++ /dev/null @@ -1,739 +0,0 @@ -/* - * contextReuse.cpp - * - * Verify proper operation of symmetric CSP algorithms when CSSM_CC_HANDLE - * (crypto context) is reused. Tests specifically for Radar 4551700, which - * dealt with a problem with the Gladman AES implementation handling the - * same context for an encrypt followed by a decrypt; other situations - * are tested here (e.g. encrypt followed by another encrypt including CBC) - * as well as all CSP symmetric algorithms. - */ - -#include -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include -#include "cspdlTesting.h" - -/* - * Defaults. - */ -#define LOOPS_DEF 200 - -#define MIN_DATA_SIZE 8 -#define MAX_DATA_SIZE 10000 /* bytes */ -#define MAX_KEY_SIZE MAX_KEY_SIZE_RC245_BYTES /* bytes */ -#define LOOP_NOTIFY 20 - -#define RAW_MODE CSSM_ALGMODE_ECB /* doesn't work for BSAFE */ -#define RAW_MODE_STREAM CSSM_ALGMODE_NONE -#define COOKED_MODE CSSM_ALGMODE_CBCPadIV8 - -#define RAW_MODE_STR "ECB" -#define RAW_MODE_STREAM_STR "None" -#define COOKED_MODE_STR "CBC/Pad" - -/* - * Enumerate algs our own way to allow iteration. - */ -typedef enum { - ALG_ASC = 1, // not tested - no reference available - ALG_DES = 1, - ALG_RC2, - ALG_RC4, - ALG_RC5, - ALG_3DES, - ALG_AES, - ALG_AES192, /* 192 bit block */ - ALG_AES256, /* 256 bit block */ - ALG_BFISH, - ALG_CAST -} SymAlg; -#define ALG_FIRST ALG_ASC -#define ALG_LAST ALG_CAST - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" a=algorithm (d=DES; 3=3DES3; 2=RC2; 4=RC4; 5=RC5; a=AES; A=AES192; \n"); - printf(" 6=AES256; b=Blowfish; c=CAST; s=ASC; default=all)\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" k=keySizeInBits\n"); - printf(" m=maxPtextSize (default=%d)\n", MAX_DATA_SIZE); - printf(" n=minPtextSize (default=%d)\n", MIN_DATA_SIZE); - printf(" p=pauseInterval (default=0, no pause)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -#define LOG_STAGED_OPS 0 -#if LOG_STAGED_OPS -#define soprintf(s) printf s -#else -#define soprintf(s) -#endif - -/* - * Multipurpose encrypt. Like cspStagedEncrypt(), but it takes a - * context handle and doesn't have as many options. - */ -static CSSM_RETURN stagedEncrypt( - CSSM_CSP_HANDLE cspHand, - CSSM_CC_HANDLE cryptHand, - uint32 algorithm, // CSSM_ALGID_FEED, etc. - uint32 cipherBlockSizeBytes,// optional - const CSSM_DATA *iv, // init vector, optional - const CSSM_DATA *ptext, - CSSM_DATA_PTR ctext, // mallocd by caller, must be big enough! - CSSM_BOOL multiUpdates) // false:single update, true:multi updates -{ - CSSM_RETURN crtn; - CSSM_SIZE bytesEncrypted; // per update - CSSM_SIZE bytesEncryptedTotal = 0; - CSSM_RETURN ocrtn = CSSM_OK; // 'our' crtn - unsigned toMove; // remaining - unsigned thisMove; // bytes to encrypt on this update - CSSM_DATA thisPtext; // running ptr into ptext - CSSM_DATA thisCtext; // running ptr into ctext - CSSM_BOOL restoreErr = CSSM_FALSE; - CSSM_RETURN savedErr = CSSM_OK; - CSSM_SIZE ctextLen; - - if(cipherBlockSizeBytes) { - crtn = AddContextAttribute(cryptHand, - CSSM_ATTRIBUTE_BLOCK_SIZE, - sizeof(uint32), - CAT_Uint32, - NULL, - cipherBlockSizeBytes); - if(crtn) { - printError("CSSM_UpdateContextAttributes", crtn); - ocrtn = crtn; - goto abort; - } - } - - thisPtext = *ptext; - thisCtext = *ctext; - memset(ctext->Data, 0, ctext->Length); - ctextLen = ctext->Length; - - crtn = CSSM_EncryptDataInit(cryptHand); - if(crtn) { - printError("CSSM_EncryptDataInit", crtn); - ocrtn = crtn; - goto abort; - } - - toMove = ptext->Length; - while(toMove) { - if(multiUpdates) { - thisMove = genRand(1, toMove); - } - else { - /* just do one pass thru this loop */ - thisMove = toMove; - } - thisPtext.Length = thisMove; - crtn = CSSM_EncryptDataUpdate(cryptHand, - &thisPtext, - 1, - &thisCtext, - 1, - &bytesEncrypted); - if(crtn) { - printError("CSSM_EncryptDataUpdate", crtn); - ocrtn = crtn; - goto abort; - } - soprintf(("*** EncryptDataUpdate: ptextLen 0x%x bytesEncrypted 0x%x\n", - (unsigned)thisMove, (unsigned)bytesEncrypted)); - - // NOTE: We return the proper length in ctext.... - ctextLen -= bytesEncrypted; // bump out ptr - thisCtext.Length = ctextLen; - thisCtext.Data += bytesEncrypted; - bytesEncryptedTotal += bytesEncrypted; - thisPtext.Data += thisMove; // bump in ptr - toMove -= thisMove; - } - /* OK, one more */ - crtn = CSSM_EncryptDataFinal(cryptHand, &thisCtext); - if(crtn) { - printError("CSSM_EncryptDataFinal", crtn); - savedErr = crtn; - restoreErr = CSSM_TRUE; - goto abort; - } - soprintf(("*** EncryptDataFinal: bytesEncrypted 0x%x\n", - (unsigned)thisCtext.Length)); - bytesEncryptedTotal += thisCtext.Length; - ctext->Length = bytesEncryptedTotal; -abort: - if(restoreErr) { - /* give caller the error from the encrypt */ - ocrtn = savedErr; - } - return ocrtn; -} - -/* - * Multipurpose decrypt. Like cspStagedDecrypt(), but it takes a - * context handle and doesn't have as many options. - */ -CSSM_RETURN stagedDecrypt( - CSSM_CSP_HANDLE cspHand, - CSSM_CC_HANDLE cryptHand, - uint32 algorithm, // CSSM_ALGID_FEED, etc. - uint32 cipherBlockSizeBytes,// optional - const CSSM_DATA *iv, // init vector, optional - const CSSM_DATA *ctext, - CSSM_DATA_PTR ptext, // mallocd by caller, must be big enough! - CSSM_BOOL multiUpdates) // false:single update, true:multi updates -{ - CSSM_RETURN crtn; - CSSM_SIZE bytesDecrypted; // per update - CSSM_SIZE bytesDecryptedTotal = 0; - CSSM_RETURN ocrtn = CSSM_OK; // 'our' crtn - unsigned toMove; // remaining - unsigned thisMove; // bytes to decrypt on this update - CSSM_DATA thisCtext; // running ptr into ptext - CSSM_DATA thisPtext; // running ptr into ctext - CSSM_SIZE ptextLen; - - if(cipherBlockSizeBytes) { - crtn = AddContextAttribute(cryptHand, - CSSM_ATTRIBUTE_BLOCK_SIZE, - sizeof(uint32), - CAT_Uint32, - NULL, - cipherBlockSizeBytes); - if(crtn) { - printError("CSSM_UpdateContextAttributes", crtn); - ocrtn = crtn; - goto abort; - } - } - - thisCtext = *ctext; - thisPtext = *ptext; - memset(ptext->Data, 0, ptext->Length); - ptextLen = ptext->Length; - - crtn = CSSM_DecryptDataInit(cryptHand); - if(crtn) { - printError("CSSM_DecryptDataInit", crtn); - ocrtn = crtn; - goto abort; - } - - toMove = ctext->Length; - while(toMove) { - if(multiUpdates) { - thisMove = genRand(1, toMove); - } - else { - /* just do one pass thru this loop */ - thisMove = toMove; - } - thisCtext.Length = thisMove; - crtn = CSSM_DecryptDataUpdate(cryptHand, - &thisCtext, - 1, - &thisPtext, - 1, - &bytesDecrypted); - if(crtn) { - printError("CSSM_DecryptDataUpdate", crtn); - ocrtn = crtn; - goto abort; - } - soprintf(("*** DecryptDataUpdate: ctextLen 0x%x bytesDecrypted 0x%x\n", - (unsigned)thisMove, (unsigned)bytesDecrypted)); - - // NOTE: We return the proper length in ptext.... - ptextLen -= bytesDecrypted; // bump out ptr - thisPtext.Length = ptextLen; - thisPtext.Data += bytesDecrypted; - bytesDecryptedTotal += bytesDecrypted; - thisCtext.Data += thisMove; // bump in ptr - toMove -= thisMove; - } - /* OK, one more */ - crtn = CSSM_DecryptDataFinal(cryptHand, &thisPtext); - if(crtn) { - printError("CSSM_DecryptDataFinal", crtn); - ocrtn = crtn; - goto abort; - } - soprintf(("*** DecryptDataFinal: bytesEncrypted 0x%x\n", - (unsigned)thisPtext.Length)); - bytesDecryptedTotal += thisPtext.Length; - ptext->Length = bytesDecryptedTotal; -abort: - return ocrtn; -} - -static int doTest( - CSSM_CSP_HANDLE cspHand, - const CSSM_DATA *ptext, - const CSSM_DATA *ctext1, - const CSSM_DATA *ctext2, - const CSSM_DATA *rptext, - const CSSM_DATA *keyData, - const CSSM_DATA *iv, - uint32 keyAlg, // CSSM_ALGID_xxx of the key - uint32 encrAlg, // encrypt/decrypt - uint32 encrMode, - uint32 padding, - uint32 keySizeInBits, - uint32 cipherBlockSizeBytes, - CSSM_BOOL quiet) -{ - CSSM_DATA lctext1; - CSSM_DATA lctext2; - CSSM_DATA lrptext; - int rtn = 0; - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand1 = 0; - CSSM_CC_HANDLE ccHand2 = 0; - CSSM_KEY key1; - CSSM_KEY key2; - uint8 dummy[cipherBlockSizeBytes]; - CSSM_DATA dummyData = {cipherBlockSizeBytes, dummy}; - - /* - * generate two equivalent keys key1 and key2; - * generate two CC handles ccHand1, ccHand2; - * encrypt dummy data with ccHand1 to get it cooked; - * encrypt ptext with ccHand1 ==> ctext1; - * encrypt ptext with ccHand2 ==> ctext2; - * Compare ctext1 and ctext2; - * decrypt ctext1 with ccHand1, compare with ptext; - */ - crtn = cspGenSymKeyWithBits(cspHand, keyAlg, CSSM_KEYUSE_ANY, - keyData, keySizeInBits / 8, &key1); - if(crtn) { - return crtn; - } - crtn = cspGenSymKeyWithBits(cspHand, keyAlg, CSSM_KEYUSE_ANY, - keyData, keySizeInBits / 8, &key2); - if(crtn) { - return crtn; - } - ccHand1 = genCryptHandle(cspHand, - encrAlg, - encrMode, - padding, - &key1, - NULL, // pubKey - iv, - 0, // effectiveKeySizeInBits - 0); // rounds - if(ccHand1 == 0) { - return CSSMERR_CSP_INTERNAL_ERROR; - } - ccHand2 = genCryptHandle(cspHand, - encrAlg, - encrMode, - padding, - &key2, - NULL, // pubKey - iv, - 0, // effectiveKeySizeInBits - 0); // rounds - if(ccHand2 == 0) { - return CSSMERR_CSP_INTERNAL_ERROR; - } - - /* dummy encrypt to heat up ccHand1 */ - appGetRandomBytes(dummy, sizeof(dummy)); - lctext1 = *ctext1; - crtn = stagedEncrypt(cspHand, ccHand1, encrAlg, cipherBlockSizeBytes, - iv, &dummyData, &lctext1, CSSM_FALSE); - if(crtn) { - return crtn; - } - - /* encrypt ptext with ccHand1 and ccHand2, compare ctext */ - lctext1 = *ctext1; - crtn = stagedEncrypt(cspHand, ccHand1, encrAlg, cipherBlockSizeBytes, - iv, ptext, &lctext1, CSSM_TRUE); - if(crtn) { - return crtn; - } - lctext2 = *ctext2; - crtn = stagedEncrypt(cspHand, ccHand2, encrAlg, cipherBlockSizeBytes, - iv, ptext, &lctext2, CSSM_TRUE); - if(crtn) { - return crtn; - } - if(!appCompareCssmData(&lctext1, &lctext2)) { - printf("***Ciphertext miscompare\n"); - if(testError(quiet)) { - return 1; - } - } - - /* decrypt with ccHand1, compare with ptext */ - lrptext = *rptext; - crtn = stagedDecrypt(cspHand, ccHand1, encrAlg, cipherBlockSizeBytes, - iv, &lctext1, &lrptext, CSSM_TRUE); - if(crtn) { - return crtn; - } - if(!appCompareCssmData(&lctext1, &lctext2)) { - printf("***Plaintext miscompare\n"); - if(testError(quiet)) { - return 1; - } - } - - if(ccHand1) { - CSSM_DeleteContext(ccHand1); - } - if(ccHand2) { - CSSM_DeleteContext(ccHand2); - } - return rtn; -} - - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - CSSM_DATA ptext; - CSSM_DATA ctext1; - CSSM_DATA ctext2; - CSSM_DATA rptext; - CSSM_CSP_HANDLE cspHand; - const char *algStr; - uint32 keyAlg; // CSSM_ALGID_xxx of the key - uint32 encrAlg; // CSSM_ALGID_xxx of encr/decr - unsigned currAlg; // ALG_xxx - uint32 keySizeInBits; - int rtn = 0; - CSSM_DATA keyData; - CSSM_DATA initVector; - uint32 minTextSize; - uint32 rawMode; - uint32 cookedMode; - const char *rawModeStr; - const char *cookedModeStr; - uint32 algBlockSizeBytes; - - /* - * User-spec'd params - */ - CSSM_BOOL keySizeSpec = CSSM_FALSE; // false: use rand key size - unsigned minAlg = ALG_FIRST; - unsigned maxAlg = ALG_LAST; - unsigned loops = LOOPS_DEF; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - unsigned pauseInterval = 0; - uint32 padding; - CSSM_BOOL bareCsp = CSSM_TRUE; - unsigned maxPtextSize = MAX_DATA_SIZE; - unsigned minPtextSize = MIN_DATA_SIZE; - - for(arg=1; arg -#include -#include "cputime.h" -#include - -#define WAIT_TIME_SEC 1.0 - -int main() -{ - CPUTime cputimeStart, cputimeEnd; - CFAbsoluteTime start; - - printf("Resolution on this machine: %f nanoseconds\n", - CPUTimeDeltaUs(0ULL, 1ULL) * 1000.0); - - start = CFAbsoluteTimeGetCurrent(); - cputimeStart = CPUTimeRead(); - while((CFAbsoluteTimeGetCurrent() - start) < WAIT_TIME_SEC) { - ; - } - cputimeEnd = CPUTimeRead(); - - printf("Waited %f sec; elapsed CPUTime %f s\n", - WAIT_TIME_SEC, CPUTimeDeltaSec(cputimeStart, cputimeEnd)); - printf("cputimeStart %08X:%08X cputimeEnd %08X:%08X\n", - (unsigned)(cputimeStart >> 32), - (unsigned)(cputimeStart & 0xffffffffULL), - (unsigned)(cputimeEnd >> 32), - (unsigned)(cputimeEnd & 0xffffffffULL)); - printf("cputime raw delta %lu\n", - (unsigned long)(cputimeEnd - cputimeStart)); - - return 0; -} diff --git a/SecurityTests/cspxutils/cryptTool/Makefile b/SecurityTests/cspxutils/cryptTool/Makefile deleted file mode 100644 index e1ab44d8..00000000 --- a/SecurityTests/cspxutils/cryptTool/Makefile +++ /dev/null @@ -1,55 +0,0 @@ -# name of executable to build -EXECUTABLE=cryptTool -# C++ source (with .cpp extension) -CPSOURCE= -# C source (.c extension) -CSOURCE= cryptTool.c - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= ptext - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -#PROJ_LDFLAGS= -lMallocDebug -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/cryptTool/README b/SecurityTests/cspxutils/cryptTool/README deleted file mode 100644 index 5493a4b8..00000000 --- a/SecurityTests/cspxutils/cryptTool/README +++ /dev/null @@ -1,55 +0,0 @@ - cryptTool Info - last update 4/24/2001 - -This directory contains a program, cryptTool, intended to illustrate -the use of the CDSA API to perform simple symmetric encryption -and decryption. The program consists of one source file, cryptTool.c. - -See the README in the parent directory (CDSA_Examples) for information -on building this program. - -The cryptTool program is a command-line utility which does the -following: - - create a symmetric key derived from a user-specified password; - read a user-specified input file; - either encrypt or decrypt that file using a the key generated - above and a user-specified encryption algorithm; - write the result out to a user-specified output file; - -Several different symmetric encryption algorithms are supported, -illustrating the use of both stream and block ciphers. - -Running cryptTool with no command-line arguments gives usage -instructions, like so: - - localhost> ./cryptTool - usage: - ./cryptTool op password keySize inFile outFile [a=algorithm] - op: - e encrypt - d decrypt - algorithm: - 4 RC4 (default if no algorithm specified) - c ASC/ComCryption - d DES - a AES - -All arguments except for the last one are required. A description of the -arguments follows. - - op Indicates whether to encrypt (e) or decrypt (d) - password A user-specified ASCII string which is used to derive a - symmetric key. - keySize The key size in bytes. This is variable for stream ciphers - and fixed for block ciphers. - inFile The name of the file to encrypt or decrypt. - outFile The name of the file to which the result of the encrypt or - decrypt is written. - algorithm An optional algorithm. - -A shell script, runCrypt, is also provided which illustrates the actual -usage of cryptTool to encrypt a file and decrypt the result. Run this -script with no arguments to show a typical sequence of operations. The -runCrypt script and the cryptTool executable must be in the same -directory. diff --git a/SecurityTests/cspxutils/cryptTool/cryptTool.c b/SecurityTests/cspxutils/cryptTool/cryptTool.c deleted file mode 100644 index e4037952..00000000 --- a/SecurityTests/cspxutils/cryptTool/cryptTool.c +++ /dev/null @@ -1,415 +0,0 @@ -/* - File: cryptTool.c - - Description: simple encrypt/decrypt utility to demonstrate CDSA API - used for symmetric encryption - - Author: dmitch - - Copyright: Copyright (c) 2001,2003,2005-2006 Apple Computer, Inc. All Rights Reserved. - - Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple - Computer, Inc. ("Apple") in consideration of your agreement to - the following terms, and your use, installation, modification - or redistribution of this Apple software constitutes acceptance - of these terms. If you do not agree with these terms, please - do not use, install, modify or redistribute this Apple software. - - In consideration of your agreement to abide by the following - terms, and subject to these terms, Apple grants you a personal, - non-exclusive license, under Apple's copyrights in this - original Apple software (the "Apple Software"), to use, - reproduce, modify and redistribute the Apple Software, with - or without modifications, in source and/or binary forms; - provided that if you redistribute the Apple Software in - its entirety and without modifications, you must retain - this notice and the following text and disclaimers in all - such redistributions of the Apple Software. Neither the - name, trademarks, service marks or logos of Apple Computer, - Inc. may be used to endorse or promote products derived from the - Apple Software without specific prior written permission from - Apple. Except as expressly stated in this notice, no other - rights or licenses, express or implied, are granted by Apple - herein, including but not limited to any patent rights that - may be infringed by your derivative works or by other works - in which the Apple Software may be incorporated. - - The Apple Software is provided by Apple on an "AS IS" basis. - APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING - WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, - REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE - OR IN COMBINATION WITH YOUR PRODUCTS. - - IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, - INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION - AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED - AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING - NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE - HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -#include "common.h" -#include -#include -#include -#include - -static void usage(char **argv) -{ - printf("usage:\n"); - printf(" %s op password keySize inFile outFile [a=algorithm]\n", argv[0]); - printf(" op:\n"); - printf(" e encrypt\n"); - printf(" d decrypt\n"); - printf(" algorithm:\n"); - printf(" 4 RC4 (default if no algorithm specified)\n"); - printf(" c ASC/ComCryption\n"); - printf(" d DES\n"); - printf(" a AES\n"); - exit(1); -} - -/* - * Derive symmetric key. - */ -static CSSM_RETURN ctDeriveKey(CSSM_CSP_HANDLE cspHand, - uint32 keyAlg, // CSSM_ALGID_RC5, etc. - const char *keyLabel, - unsigned keyLabelLen, - uint32 keyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - uint32 keySizeInBits, - CSSM_DATA_PTR password, // in PKCS-5 lingo - CSSM_DATA_PTR salt, // ditto - uint32 iterationCnt, // ditto - CSSM_KEY_PTR key) -{ - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand; - uint32 keyAttr; - CSSM_DATA dummyLabel; - CSSM_PKCS5_PBKDF2_PARAMS pbeParams; - CSSM_DATA pbeData; - CSSM_ACCESS_CREDENTIALS creds; - - memset(key, 0, sizeof(CSSM_KEY)); - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - crtn = CSSM_CSP_CreateDeriveKeyContext(cspHand, - CSSM_ALGID_PKCS5_PBKDF2, - keyAlg, - keySizeInBits, - &creds, - NULL, // BaseKey - iterationCnt, - salt, - NULL, // seed - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateDeriveKeyContext", crtn); - return crtn; - } - keyAttr = CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_RETURN_REF | - CSSM_KEYATTR_SENSITIVE; - dummyLabel.Length = keyLabelLen; - dummyLabel.Data = (uint8 *)keyLabel; - - /* passing in password is pretty strange....*/ - pbeParams.Passphrase = *password; - pbeParams.PseudoRandomFunction = CSSM_PKCS5_PBKDF2_PRF_HMAC_SHA1; - pbeData.Data = (uint8 *)&pbeParams; - pbeData.Length = sizeof(pbeParams); - crtn = CSSM_DeriveKey(ccHand, - &pbeData, - keyUsage, - keyAttr, - &dummyLabel, - NULL, // cred and acl - key); - if(crtn) { - printError("CSSM_DeriveKey", crtn); - return crtn; - } - crtn = CSSM_DeleteContext(ccHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - } - return crtn; -} - - -int main(int argc, char **argv) -{ - int rtn; - uint32 keySizeInBytes; // from cmd line - char *password; // ASCII password from cmd line - char *inFileName; // from cmd line - unsigned char *inFile; // raw infile data - unsigned inFileSize; // in bytes - char *outFileName; // from cmd line - CSSM_CSP_HANDLE cspHand; - CSSM_RETURN crtn; - int doEncrypt = 0; - CSSM_DATA passwordData; - CSSM_DATA saltData = {8, (uint8 *)"someSalt"}; - CSSM_DATA inData; // data to encrypt/decrypt, from inFile - CSSM_DATA outData = {0, NULL};// result data, written to outFile - CSSM_CC_HANDLE ccHand; // crypto context - CSSM_DATA remData = {0, NULL}; - CSSM_SIZE bytesProcessed; - CSSM_KEY symKey; - char algSpec = '4'; - CSSM_ALGORITHMS keyAlg = 0; - CSSM_ALGORITHMS encrAlg = 0; - CSSM_ENCRYPT_MODE encrMode = 0; - CSSM_PADDING padding = 0; - /* max of 16 bytes of init vector for the algs we use */ - CSSM_DATA initVect = {16, (uint8 *)"someStrangeInitVector"}; - CSSM_DATA_PTR initVectPtr = NULL; - - if(argc < 6) { - usage(argv); - } - - /* gather up cmd line args */ - switch(argv[1][0]) { - case 'e': - doEncrypt = 1; - break; - case 'd': - doEncrypt = 0; - break; - default: - usage(argv); - } - password = argv[2]; - passwordData.Data = (uint8 *)password; - passwordData.Length = strlen(password); - keySizeInBytes = atoi(argv[3]); - if(keySizeInBytes == 0) { - printf("keySize of 0 illegal\n"); - exit(1); - } - inFileName = argv[4]; - outFileName = argv[5]; - - /* optional algorithm specifier */ - if(argc == 7) { - if(argv[6][0] != 'a') { - usage(argv); - } - algSpec = argv[6][2]; - } - - /* algorithm-specific parameters */ - switch(algSpec) { - case '4': - /* RC4 stream cipher - no padding, no IV, variable key size */ - keyAlg = CSSM_ALGID_RC4; - encrAlg = CSSM_ALGID_RC4; - encrMode = CSSM_ALGMODE_NONE; - padding = CSSM_PADDING_NONE; - break; - case 'c': - /* ComCryption stream cipher - no padding, no IV, variable key size */ - keyAlg = CSSM_ALGID_ASC; - encrAlg = CSSM_ALGID_ASC; - encrMode = CSSM_ALGMODE_NONE; - padding = CSSM_PADDING_NONE; - break; - case 'd': - /* DES block cipher, block size = 8 bytes, fixed key size */ - if(keySizeInBytes != 8) { - printf("***DES must have key size of 8 bytes\n"); - exit(1); - } - keyAlg = CSSM_ALGID_DES; - encrAlg = CSSM_ALGID_DES; - encrMode = CSSM_ALGMODE_CBCPadIV8; - padding = CSSM_PADDING_PKCS7; - initVect.Length = 8; - initVectPtr = &initVect; - break; - case 'a': - /* AES block cipher, block size = 16 bytes, fixed key size */ - if(keySizeInBytes != 16) { - printf("***AES must have key size of 8 bytes\n"); - exit(1); - } - keyAlg = CSSM_ALGID_AES; - encrAlg = CSSM_ALGID_AES; - encrMode = CSSM_ALGMODE_CBCPadIV8; - padding = CSSM_PADDING_PKCS7; - initVect.Length = 16; - initVectPtr = &initVect; - break; - default: - usage(argv); - } - - /* read inFile from disk */ - rtn = readFile(inFileName, &inFile, &inFileSize); - if(rtn) { - printf("Error reading %s: %s\n", inFileName, strerror(rtn)); - exit(1); - } - inData.Data = inFile; - inData.Length = inFileSize; - - /* attach to CSP */ - cspHand = cspStartup(); - if(cspHand == 0) { - exit(1); - } - - /* - * Derive an actual encryption/decryption key from the password ASCII text. - * We could use the ASCII text directly as key material but using the DeriveKey - * function is much more secure (besides being an industry-standard way to - * convert an ASCII password into binary key material). - */ - crtn = ctDeriveKey(cspHand, - keyAlg, - "someLabel", // keyLabel, not important - 9, // keyLabelLen - doEncrypt ? CSSM_KEYUSE_ENCRYPT : CSSM_KEYUSE_DECRYPT, - keySizeInBytes * 8, // keySizeInBits, - &passwordData, - &saltData, - 1000, // iterCount, 1000 is the minimum - &symKey); - if(crtn) { - exit(1); - } - - /* - * Cook up a symmetric encrypt/decrypt context using the key we just derived - */ - crtn = CSSM_CSP_CreateSymmetricContext(cspHand, - encrAlg, // encryption algorithm - encrMode, // mode - NULL, // access cred - &symKey, - initVectPtr, // InitVector - padding, // Padding - NULL, // Params - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateSymmetricContext", crtn); - exit(1); - } - - /* - * Do the encrypt/decrypt. - * We do this with the init/update/final sequence only to demonstrate its - * usage. - */ - if(doEncrypt) { - crtn = CSSM_EncryptDataInit(ccHand); - if(crtn) { - printError("CSSM_EncryptDataInit", crtn); - exit(1); - } - - /* this step can be performed an arbitrary number of times, with - * the appropriate housekeeping of inData and outData */ - crtn = CSSM_EncryptDataUpdate(ccHand, - &inData, - 1, - &outData, - 1, - &bytesProcessed); - if(crtn) { - printError("CSSM_EncryptDataUpdate", crtn); - exit(1); - } - outData.Length = bytesProcessed; - - /* one call more to clean up */ - crtn = CSSM_EncryptDataFinal(ccHand, &remData); - if(crtn) { - printError("CSSM_EncryptDataFinal", crtn); - exit(1); - } - if(remData.Length != 0) { - /* append remaining data to outData */ - uint32 newLen = outData.Length + remData.Length; - outData.Data = (uint8 *)appRealloc(outData.Data, - newLen, - NULL); - memmove(outData.Data + outData.Length, remData.Data, remData.Length); - outData.Length = newLen; - appFree(remData.Data, NULL); - } - } - else { - crtn = CSSM_DecryptDataInit(ccHand); - if(crtn) { - printError("CSSM_DecryptDataInit", crtn); - exit(1); - } - - /* this step can be performed an arbitrary number of times, with - * the appropriate housekeeping of inData and outData */ - crtn = CSSM_DecryptDataUpdate(ccHand, - &inData, - 1, - &outData, - 1, - &bytesProcessed); - if(crtn) { - printError("CSSM_DecryptDataUpdate", crtn); - exit(1); - } - outData.Length = bytesProcessed; - - /* one call more to clean up */ - crtn = CSSM_DecryptDataFinal(ccHand, &remData); - if(crtn) { - printError("CSSM_DecryptDataFinal", crtn); - exit(1); - } - if(remData.Length != 0) { - /* append remaining data to outData */ - uint32 newLen = outData.Length + remData.Length; - outData.Data = (uint8 *)appRealloc(outData.Data, - newLen, - NULL); - memmove(outData.Data + outData.Length, remData.Data, remData.Length); - outData.Length = newLen; - appFree(remData.Data, NULL); - } - } - if(crtn == CSSM_OK) { - rtn = writeFile(outFileName, outData.Data, outData.Length); - if(rtn) { - printf("Error writing %s: %s\n", outFileName, strerror(rtn)); - exit(1); - } - else { - printf("SUCCESS: inFile length %u bytes, outFile length %u bytes\n", - inFileSize, (unsigned)outData.Length); - } - } - /* free resources */ - crtn = CSSM_DeleteContext(ccHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - } - crtn = CSSM_FreeKey(cspHand, - NULL, // access cred - &symKey, - CSSM_FALSE); // don't delete since it wasn't permanent - if(crtn) { - printError("CSSM_FreeKey", crtn); - } - free(inFile); // mallocd by readFile() - - /* this was mallocd by CSP */ - appFree(outData.Data, NULL); - CSSM_ModuleDetach(cspHand); - return rtn; -} - diff --git a/SecurityTests/cspxutils/cryptTool/runCrypt b/SecurityTests/cspxutils/cryptTool/runCrypt deleted file mode 100755 index a77f52b0..00000000 --- a/SecurityTests/cspxutils/cryptTool/runCrypt +++ /dev/null @@ -1,27 +0,0 @@ -#! /bin/csh -f -# -# Simple script to demonstrate usage of cryptTool. -# -# create a simple text file; dump its contents; -# encrypt the file using RC4; -# dump the binary contents of the resulting ciphertext; -# decrypt using RC4; -# dump the resulting plaintext file; -# -set PLAINTEXT_FILE=ptext -set CIPHERTEXT_FILE=ctext -set RECOVERED_FILE=rptext -# -echo Creating plaintext.... -echo "This is a simple plaintext file for demonstration." > $PLAINTEXT_FILE -echo Contents of plaintext: -cat $PLAINTEXT_FILE -echo Encrypting plaintext... -./cryptTool e foobar 16 $PLAINTEXT_FILE $CIPHERTEXT_FILE -echo Contents of ciphertext: -/usr/bin/hexdump $CIPHERTEXT_FILE -echo Decrypting.... -./cryptTool d foobar 16 $CIPHERTEXT_FILE $RECOVERED_FILE -echo Contents of recovered text: -cat $RECOVERED_FILE -echo Done. diff --git a/SecurityTests/cspxutils/cspdvt b/SecurityTests/cspxutils/cspdvt deleted file mode 100755 index 73a76968..00000000 --- a/SecurityTests/cspxutils/cspdvt +++ /dev/null @@ -1,185 +0,0 @@ -#! /bin/csh -f -# -# run CSP/X regression tests. -# -set BUILD_DIR=$LOCAL_BUILD_DIR -# -set QUICK_TEST = 1 -set QUIET= -set VERB= -# -# CSPDL null for bare CSP, 'D' for CSPDL combo -# -set CSPDL= -set RAWCSP=YES -# -# note the 's' option is here for backwards compatibility; the short -# option is now the default. -# -while ( $#argv > 0 ) - switch ( "$argv[1]" ) - case s: - set QUICK_TEST = 1 - shift - breaksw - case l: - set QUICK_TEST = 0 - shift - breaksw - case v: - set VERB = v - shift - breaksw - case q: - set QUIET = q - shift - breaksw - case D: - set CSPDL = D - set RAWCSP = NO - shift - breaksw - default: - cat cspdvt_usage - exit(1) - endsw -end -# -# Select 'quick' or 'normal' test params -# -if($QUICK_TEST == 1) then - set SIGTEST_ARGS= - set BADSIG_ARGS="l=4 i=10" - set MACTEST_ARGS= - set BADMAC_ARGS= - set DSAPARTIAL_ARGS= - set HASHTEST_ARGS="l=100" - set HASHCLONE_ARGS= - set SYMTEST_ARGS= - set ASYMTEST_ARGS="u" - set MINIWRAP_ARGS="l=4" - set WRAPTEST_ARGS="l=2 k" - set PBETEST_ARGS="l=4" - set KEYHASH_ARGS= - set KEYHASH_ASYM_ARGS= - set KEYSTORE_ARGS= - set SYMDELTA_ARGS= - set SYMCOMPAT_ARGS= - set HASHCOMPAT_ARGS= - set ASYMCOMPAT_ARGS="l=2 k=512" - set MACCOMPAT_ARGS= - set BADATTR_ARGS= - set RAWSIG_ARGS="l=2 i=2 s" - set DHTEST_ARGS="i=dhParams_512.der" - set ECDHTEST_ARGS= -else - set SIGTEST_ARGS= - set BADSIG_ARGS="l=20 k=r" - set DSAPARTIAL_ARGS="l=100" - set MACTEST_ARGS= - set BADMAC_ARGS="l=100" - set HASHTEST_ARGS="l=1000" - set HASHCLONE_ARGS="l=200" - set SYMTEST_ARGS="l=500" - set ASYMTEST_ARGS= - set MINIWRAP_ARGS= - set WRAPTEST_ARGS= - set PBETEST_ARGS= - set KEYHASH_ARGS= - set KEYHASH_ASYM_ARGS= - set KEYSTORE_ARGS= - set SYMDELTA_ARGS="l=50" - set SYMCOMPAT_ARGS= - set HASHCOMPAT_ARGS="l=1000" - set ASYMCOMPAT_ARGS="l=10" - set MACCOMPAT_ARGS="l=1000" - set BADATTR_ARGS= - set RAWSIG_ARGS= - set DHTEST_ARGS="k=1024" - set ECDHTEST_ARGS="l=100" -endif -# -# First, test the basic Digest, MAC, and symmetrict algorithms in libSystem. -# -set CSPXUTILS=`pwd` -if($RAWCSP == YES) then - ./ccdvt $QUIET || exit(1) -endif -# -# Basic digest and MAC tests -# -$BUILD_DIR/hashTest $HASHTEST_ARGS $QUIET $VERB $CSPDL || exit(1) -if($RAWCSP == YES) then - $BUILD_DIR/hashClone $HASHCLONE_ARGS $QUIET $VERB $CSPDL || exit(1) -endif -#TODO $BUILD_DIR/hashCompat $HASHCOMPAT_ARGS $QUIET $VERB $CSPDL || exit(1) -$BUILD_DIR/sha2VectorsCdsa $QUIET $CSPDL || exit(1) -#TODO $BUILD_DIR/macCompat $MACCOMPAT_ARGS $QUIET $VERB $CSPDL || exit(1) -$BUILD_DIR/macTest $MACTEST_ARGS $QUIET $VERB $CSPDL || exit(1) -$BUILD_DIR/badmac $BADMAC_ARGS $QUIET $VERB $CSPDL || exit(1) -# -# Basic symmetric encryption tests -# -# symTest - once with padding, once without -$BUILD_DIR/symTest $SYMTEST_ARGS $QUIET $VERB $CSPDL || exit(1) -$BUILD_DIR/symTest $SYMTEST_ARGS $QUIET $VERB $CSPDL o || exit(1) -# -# symCompat - once with the full set of algorithms -# -#TODO $BUILD_DIR/symCompat $SYMCOMPAT_ARGS $QUIET $VERB $CSPDL || exit(1) -# -# And one specifically to test AES padding mode (which uses ssleay instead of -# the NIST reference implementation) -# -$BUILD_DIR/symCompat $SYMCOMPAT_ARGS a=a y $QUIET $VERB $CSPDL || exit(1) -$BUILD_DIR/contextReuse $QUIET $VERB $CSPDL || exit(1) -# -# Signature tests -# -# One for RSA -$BUILD_DIR/sigtest $SIGTEST_ARGS $QUIET $VERB $CSPDL || exit(1) -# Several for for ECDSA, with some keys in blob form for raw CSP only -$BUILD_DIR/sigtest a=E $SIGTEST_ARGS $QUIET $VERB $CSPDL || exit(1) -if($RAWCSP == YES) then - $BUILD_DIR/sigtest a=7 b r $SIGTEST_ARGS $QUIET $VERB $CSPDL || exit(1) - $BUILD_DIR/sigtest a=8 k=256 b $SIGTEST_ARGS $QUIET $VERB $CSPDL || exit(1) - $BUILD_DIR/sigtest a=9 k=521 b r $SIGTEST_ARGS $QUIET $VERB $CSPDL || exit(1) -else - $BUILD_DIR/sigtest a=7 $SIGTEST_ARGS $QUIET $VERB $CSPDL || exit(1) - $BUILD_DIR/sigtest a=8 k=256 $SIGTEST_ARGS $QUIET $VERB $CSPDL || exit(1) - $BUILD_DIR/sigtest a=9 k=521 $SIGTEST_ARGS $QUIET $VERB $CSPDL || exit(1) -endif -# this one tests all algorithms with random key sizes -$BUILD_DIR/badsig $BADSIG_ARGS $QUIET $VERB $CSPDL || exit(1) -# -# Misc. CSP tests -# -$BUILD_DIR/keyDate $QUIET $VERB $CSPDL || exit(1) -$BUILD_DIR/keyHash $KEYHASH_ARGS $QUIET $VERB $CSPDL || exit(1) -cd $CSPXUTILS/keyHashAsym -$BUILD_DIR/keyHashAsym $KEYHASH_ASYM_ARGS $QUIET $VERB $CSPDL || exit(1) -if($RAWCSP == NO) then - $BUILD_DIR/keyStore $KEYSTORE_ARGS $QUIET $VERB || exit(1) -endif -if($RAWCSP == YES) then - $BUILD_DIR/dhTest $DHTEST_ARGS $QUIET $VERB $CSPDL || exit(1) -endif -# -# One run for ECDH, one for ECDH_X963_KDF -# -$BUILD_DIR/ecdhTest $ECDHTEST_ARGS $QUIET $VERB $CSPDL || exit(1) -$BUILD_DIR/ecdhTest X $ECDHTEST_ARGS $QUIET $VERB $CSPDL || exit(1) -# this requires param files in cwd -cd $CSPXUTILS/dsaPartial -$BUILD_DIR/dsaPartial $DSAPARTIAL_ARGS $QUIET $VERB $CSPDL || exit(1) -$BUILD_DIR/symDelta $SYMDELTA_ARGS $QUIET $VERB $CSPDL || exit(1) -$BUILD_DIR/asymTest $ASYMTEST_ARGS $QUIET $VERB $CSPDL || exit(1) -$BUILD_DIR/miniWrap $MINIWRAP_ARGS $QUIET $VERB $CSPDL || exit(1) -$BUILD_DIR/wrapTest $WRAPTEST_ARGS $QUIET $VERB $CSPDL || exit(1) -$BUILD_DIR/pbeTest $PBETEST_ARGS $QUIET $VERB $CSPDL || exit(1) -#TODO $BUILD_DIR/asymCompat $ASYMCOMPAT_ARGS $QUIET $VERB $CSPDL || exit(1) -#TODO $BUILD_DIR/badattr $BADATTR_ARGS $QUIET $VERB $CSPDL || exit(1) -$BUILD_DIR/rawSig $RAWSIG_ARGS $QUIET $VERB $CSPDL || exit(1) -$BUILD_DIR/ssl2Padding $QUIET $VERB $CSPDL || exit(1) - -echo ===== cspdvt success ===== diff --git a/SecurityTests/cspxutils/cspdvt_usage b/SecurityTests/cspxutils/cspdvt_usage deleted file mode 100644 index 1b97bda5..00000000 --- a/SecurityTests/cspxutils/cspdvt_usage +++ /dev/null @@ -1,7 +0,0 @@ -Usage: cspdvt [options] -Options: - l long test - v verbose output - q quiet output - D CSPDL combo; default = bare CSP - h help diff --git a/SecurityTests/cspxutils/cspxutils.pbproj/project.pbxproj b/SecurityTests/cspxutils/cspxutils.pbproj/project.pbxproj deleted file mode 100644 index 848c69ba..00000000 --- a/SecurityTests/cspxutils/cspxutils.pbproj/project.pbxproj +++ /dev/null @@ -1,71 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 38; - objects = { - 055C346A044F0AF9006A3C68 = { - children = ( - ); - isa = PBXGroup; - refType = 4; - }; - 055C346C044F0AF9006A3C68 = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = NO; - }; - isa = PBXBuildStyle; - name = Development; - }; - 055C346D044F0AF9006A3C68 = { - buildRules = ( - ); - buildSettings = { - COPY_PHASE_STRIP = YES; - }; - isa = PBXBuildStyle; - name = Deployment; - }; - 055C346E044F0AF9006A3C68 = { - buildStyles = ( - 055C346C044F0AF9006A3C68, - 055C346D044F0AF9006A3C68, - ); - hasScannedForEncodings = 1; - isa = PBXProject; - mainGroup = 055C346A044F0AF9006A3C68; - projectDirPath = ""; - targets = ( - 055C346F044F0B1B006A3C68, - ); - }; - 055C346F044F0B1B006A3C68 = { - buildArgumentsString = "$ACTION \"SRCROOT=$SRCROOT\" \"OBJROOT=$OBJROOT\" \"DSTROOT=$DSTROOT\" \"SRCROOT=$SRCROOT\""; - buildPhases = ( - ); - buildSettings = { - OPTIMIZATION_CFLAGS = ""; - OTHER_CFLAGS = ""; - OTHER_LDFLAGS = ""; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = cspxutils; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - buildToolPath = /usr/bin/gnumake; - dependencies = ( - ); - isa = PBXLegacyTarget; - name = cspxutils; - passBuildSettingsInEnvironment = 1; - productName = cspxutils; - settingsToExpand = 6; - settingsToPassInEnvironment = 287; - settingsToPassOnCommandLine = 280; - }; - }; - rootObject = 055C346E044F0AF9006A3C68; -} diff --git a/SecurityTests/cspxutils/dbTool/Makefile b/SecurityTests/cspxutils/dbTool/Makefile deleted file mode 100644 index 53bb91cd..00000000 --- a/SecurityTests/cspxutils/dbTool/Makefile +++ /dev/null @@ -1,55 +0,0 @@ -# name of executable to build -EXECUTABLE=dbTool -# C++ source (with .cpp extension) -CPSOURCE= dbTool.cpp dbAttrs.cpp dbCert.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -#PROJ_LDFLAGS= -lMallocDebug -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/dbTool/dbAttrs.cpp b/SecurityTests/cspxutils/dbTool/dbAttrs.cpp deleted file mode 100644 index 1f83765a..00000000 --- a/SecurityTests/cspxutils/dbTool/dbAttrs.cpp +++ /dev/null @@ -1,444 +0,0 @@ -/* Copyright (c) 2002-2003,2006,2008 Apple Inc. - * - * dbAttrs.cpp - Apple DL/DB/Keychain attributes and name/value pairs. - * The attribute lists here are not necessarily complete lists - * of the attrs in any given schema; they are only the ones we want - * to examine with dbTool. - */ - -#include "dbAttrs.h" -#include -#include -#include -#include - -/* declare a CSSM_DB_ATTRIBUTE_INFO with NAME_AS_STRING */ -#define DB_ATTRIBUTE(name, type) \ - { CSSM_DB_ATTRIBUTE_NAME_AS_STRING, \ - {(char *)#name}, \ - CSSM_DB_ATTRIBUTE_FORMAT_ ## type \ - } - -/* declare a CSSM_DB_ATTRIBUTE_INFO with NAME_AS_INTEGER */ -#define DB_INT_ATTRIBUTE(name, type) \ - { CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER, \ - { (char *)name }, \ - CSSM_DB_ATTRIBUTE_FORMAT_ ## type \ - } - - -/* declare one entry in a table of nameValuePairs */ -#define NVP(attr) {attr, #attr} - -/* the NULL entry which terminates all nameValuePair tables */ -#define NVP_END {0, NULL} - -/* declare a RelationInfo */ -#define RELATION_INFO(relationId, attributes, nameValues) \ - { relationId, \ - #relationId, \ - sizeof(attributes) / sizeof(CSSM_DB_ATTRIBUTE_INFO), \ - attributes, \ - nameValues } - -/* CSSM_DB_RECORDTYPE names */ -const NameValuePair recordTypeNames[] = -{ - NVP(CSSM_DL_DB_SCHEMA_INFO), - NVP(CSSM_DL_DB_SCHEMA_INDEXES), - NVP(CSSM_DL_DB_SCHEMA_ATTRIBUTES), - NVP(CSSM_DL_DB_SCHEMA_PARSING_MODULE), - NVP(CSSM_DL_DB_RECORD_ANY), - NVP(CSSM_DL_DB_RECORD_CERT), - NVP(CSSM_DL_DB_RECORD_CRL), - NVP(CSSM_DL_DB_RECORD_POLICY), - NVP(CSSM_DL_DB_RECORD_GENERIC), - NVP(CSSM_DL_DB_RECORD_PUBLIC_KEY), - NVP(CSSM_DL_DB_RECORD_PRIVATE_KEY), - NVP(CSSM_DL_DB_RECORD_SYMMETRIC_KEY), - NVP(CSSM_DL_DB_RECORD_ALL_KEYS), - /* Apple-specific */ - NVP(CSSM_DL_DB_RECORD_GENERIC_PASSWORD), - NVP(CSSM_DL_DB_RECORD_INTERNET_PASSWORD), - NVP(CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD), - NVP(CSSM_DL_DB_RECORD_X509_CERTIFICATE), - NVP(CSSM_DL_DB_RECORD_X509_CRL), - NVP(CSSM_DL_DB_RECORD_USER_TRUST), - /* private to AppleCSPDL */ - NVP(DBBlobRelationID), - /* private to Sec layer */ - NVP(CSSM_DL_DB_RECORD_UNLOCK_REFERRAL), - NVP(CSSM_DL_DB_RECORD_EXTENDED_ATTRIBUTE), - NVP_END -}; - -/* CSSM_CERT_TYPE names */ -const NameValuePair certTypeNames[] = -{ - NVP(CSSM_CERT_UNKNOWN), - NVP(CSSM_CERT_X_509v1), - NVP(CSSM_CERT_X_509v2), - NVP(CSSM_CERT_X_509v3), - NVP(CSSM_CERT_PGP), - NVP(CSSM_CERT_SPKI), - NVP(CSSM_CERT_SDSIv1), - NVP(CSSM_CERT_Intel), - NVP(CSSM_CERT_X_509_ATTRIBUTE), - NVP(CSSM_CERT_X9_ATTRIBUTE), - NVP(CSSM_CERT_TUPLE), - NVP(CSSM_CERT_ACL_ENTRY), - NVP(CSSM_CERT_MULTIPLE), - NVP_END -}; - -/* CSSM_CERT_ENCODING names */ -const NameValuePair certEncodingNames[] = -{ - NVP(CSSM_CERT_ENCODING_UNKNOWN), - NVP(CSSM_CERT_ENCODING_CUSTOM), - NVP(CSSM_CERT_ENCODING_BER), - NVP(CSSM_CERT_ENCODING_DER), - NVP(CSSM_CERT_ENCODING_NDR), - NVP(CSSM_CERT_ENCODING_SEXPR), - NVP(CSSM_CERT_ENCODING_PGP), - NVP(CSSM_CERT_ENCODING_MULTIPLE), - NVP_END -}; - -/* CSSM_CRL_TYPE names */ -const NameValuePair crlTypeNames[] = -{ - NVP(CSSM_CRL_TYPE_UNKNOWN), - NVP(CSSM_CRL_TYPE_X_509v1), - NVP(CSSM_CRL_TYPE_X_509v2), - NVP(CSSM_CRL_TYPE_SPKI), - NVP(CSSM_CRL_TYPE_MULTIPLE), - NVP_END -}; - -/* CSSM_CRL_ENCODING names */ -const NameValuePair crlEncodingNames[] = -{ - NVP(CSSM_CRL_ENCODING_UNKNOWN), - NVP(CSSM_CRL_ENCODING_CUSTOM), - NVP(CSSM_CRL_ENCODING_BER), - NVP(CSSM_CRL_ENCODING_DER), - NVP(CSSM_CRL_ENCODING_BLOOM), - NVP(CSSM_CRL_ENCODING_SEXPR), - NVP(CSSM_CRL_ENCODING_MULTIPLE), - NVP_END -}; - - -/* CSSM_ALGORITHMS names */ -const NameValuePair algIdNames[] = -{ - NVP(CSSM_ALGID_NONE), - NVP(CSSM_ALGID_DES), - NVP(CSSM_ALGID_DESX), - NVP(CSSM_ALGID_3DES_3KEY_EDE), - NVP(CSSM_ALGID_3DES_3KEY), - NVP(CSSM_ALGID_RC2), - NVP(CSSM_ALGID_RC5), - NVP(CSSM_ALGID_RC4), - NVP(CSSM_ALGID_RSA), - NVP(CSSM_ALGID_DSA), - NVP(CSSM_ALGID_FEE), - NVP_END -}; - -/* CSSM_DL_DB_SCHEMA_INFO */ -static const CSSM_DB_ATTRIBUTE_INFO schemaInfoAttrs[] = { - DB_ATTRIBUTE(RelationID, UINT32), - DB_ATTRIBUTE(RelationName, STRING), -}; - -static const NameValuePair *schemaInfoNvp[] = { - recordTypeNames, - NULL -}; - -const RelationInfo schemaInfoRelation = - RELATION_INFO(CSSM_DL_DB_SCHEMA_INFO, - schemaInfoAttrs, - schemaInfoNvp); - -/* CSSM_DL_DB_RECORD_ALL_KEYS (partial) */ -static const CSSM_DB_ATTRIBUTE_INFO allKeysAttrs[] = { - DB_ATTRIBUTE(KeyClass, UINT32), - DB_ATTRIBUTE(KeyType, UINT32), - DB_ATTRIBUTE(PrintName, BLOB), - DB_ATTRIBUTE(Alias, BLOB), - DB_ATTRIBUTE(Permanent, UINT32), - DB_ATTRIBUTE(Private, UINT32), - DB_ATTRIBUTE(Modifiable, UINT32), - DB_ATTRIBUTE(Label, BLOB), - DB_ATTRIBUTE(ApplicationTag, BLOB), - DB_ATTRIBUTE(KeyCreator, BLOB), - DB_ATTRIBUTE(KeySizeInBits, UINT32), - DB_ATTRIBUTE(EffectiveKeySize, UINT32), - DB_ATTRIBUTE(StartDate, BLOB), - DB_ATTRIBUTE(EndDate, BLOB), - DB_ATTRIBUTE(Sensitive, UINT32), - DB_ATTRIBUTE(AlwaysSensitive, UINT32), - DB_ATTRIBUTE(Extractable, UINT32), - DB_ATTRIBUTE(NeverExtractable, UINT32), - DB_ATTRIBUTE(Encrypt, UINT32), - DB_ATTRIBUTE(Decrypt, UINT32), - DB_ATTRIBUTE(Derive, UINT32), - DB_ATTRIBUTE(Sign, UINT32), - DB_ATTRIBUTE(Verify, UINT32), - DB_ATTRIBUTE(SignRecover, UINT32), - DB_ATTRIBUTE(VerifyRecover, UINT32), - DB_ATTRIBUTE(Wrap, UINT32), - DB_ATTRIBUTE(Unwrap, UINT32), -}; - -static const NameValuePair *allKeysNvp[] = { - recordTypeNames, /* KeyClass - in this context, - * a subset of these */ - algIdNames, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL -}; - -const RelationInfo allKeysRelation = - RELATION_INFO(CSSM_DL_DB_RECORD_ALL_KEYS, - allKeysAttrs, - allKeysNvp); - -/* CSSM_DL_DB_RECORD_ANY, with the few attrs that all records have in common */ -static const CSSM_DB_ATTRIBUTE_INFO anyRecordAttrs[] = { - DB_ATTRIBUTE(PrintName, BLOB) -}; - -static const NameValuePair *anyRecordNvp[] = { - NULL -}; - -const RelationInfo anyRecordRelation = - RELATION_INFO(CSSM_DL_DB_RECORD_ANY, - anyRecordAttrs, - anyRecordNvp); - -/* CSSM_DL_DB_RECORD_CERT - obsolete */ -static const CSSM_DB_ATTRIBUTE_INFO certRecordAttrs[] = { - DB_ATTRIBUTE(CertType, UINT32), - DB_ATTRIBUTE(CertEncoding, UINT32), - DB_ATTRIBUTE(PrintName, BLOB), - DB_ATTRIBUTE(Alias, BLOB), - DB_ATTRIBUTE(CertIdentity, BLOB), - DB_ATTRIBUTE(KeyLabel, BLOB) -}; - -static const NameValuePair *certRecordNvp[] = { - certTypeNames, - certEncodingNames, - NULL, - NULL, - NULL, - NULL -}; - -const RelationInfo certRecordRelation = - RELATION_INFO(CSSM_DL_DB_RECORD_CERT, - certRecordAttrs, - certRecordNvp); - -/* Apple-specific CSSM_DL_DB_RECORD_X509_CERTIFICATE */ -static const CSSM_DB_ATTRIBUTE_INFO x509CertRecordAttrs[] = { - DB_ATTRIBUTE(CertType, UINT32), - DB_ATTRIBUTE(CertEncoding, UINT32), - DB_ATTRIBUTE(PrintName, BLOB), - DB_ATTRIBUTE(Alias, BLOB), - DB_ATTRIBUTE(Subject, BLOB), - DB_ATTRIBUTE(Issuer, BLOB), - DB_ATTRIBUTE(SerialNumber, BLOB), - DB_ATTRIBUTE(SubjectKeyIdentifier, BLOB), - DB_ATTRIBUTE(PublicKeyHash, BLOB) -}; - -static const NameValuePair *x509CertRecordNvp[] = { - certTypeNames, - certEncodingNames, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL -}; - -const RelationInfo x509CertRecordRelation = - RELATION_INFO(CSSM_DL_DB_RECORD_X509_CERTIFICATE, - x509CertRecordAttrs, - x509CertRecordNvp); - - -/* Apple-specific CSSM_DL_DB_RECORD_X509_CRL */ -static const CSSM_DB_ATTRIBUTE_INFO x509CrlRecordAttrs[] = { - DB_ATTRIBUTE(CrlType, UINT32), - DB_ATTRIBUTE(CrlEncoding, UINT32), - DB_ATTRIBUTE(PrintName, BLOB), - DB_ATTRIBUTE(Alias, BLOB), - DB_ATTRIBUTE(Issuer, BLOB), - DB_ATTRIBUTE(ThisUpdate, BLOB), - DB_ATTRIBUTE(NextUpdate, BLOB), - DB_ATTRIBUTE(URI, BLOB), - DB_ATTRIBUTE(CrlNumber, UINT32), - DB_ATTRIBUTE(DeltaCrlNumber, UINT32), -}; - -static const NameValuePair *x509CrlRecordNvp[] = { - crlTypeNames, - crlEncodingNames, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL -}; - -const RelationInfo x509CrlRecordRelation = - RELATION_INFO(CSSM_DL_DB_RECORD_X509_CRL, - x509CrlRecordAttrs, - x509CrlRecordNvp); - - -/* generic keychain template, when recordType unknown */ -static const CSSM_DB_ATTRIBUTE_INFO genericKcAttrs[] = { - DB_INT_ATTRIBUTE(kSecInvisibleItemAttr, SINT32), - DB_ATTRIBUTE(PrintName, BLOB), - DB_INT_ATTRIBUTE(kSecDescriptionItemAttr, BLOB), - DB_INT_ATTRIBUTE(kSecTypeItemAttr, UINT32), - /* more to come */ -}; - -static const NameValuePair *genericKcNvp[] = { - NULL, - NULL, - NULL, - NULL, - NULL -}; - -const RelationInfo genericKcRelation = - RELATION_INFO(0, // not used! - genericKcAttrs, - genericKcNvp); - -/* UserTrust */ -static const CSSM_DB_ATTRIBUTE_INFO userTrustAttrs[] = { - DB_ATTRIBUTE(TrustedCertificate, BLOB), - DB_ATTRIBUTE(TrustedPolicy, BLOB), - DB_ATTRIBUTE(PrintName, BLOB), -}; - -static const NameValuePair *userTrustNvp[] = { - NULL, - NULL, - NULL, - NULL, -}; - -const RelationInfo userTrustRelation = - RELATION_INFO(CSSM_DL_DB_RECORD_USER_TRUST, - userTrustAttrs, - userTrustNvp); - -/* remainder added after the schema were publicly available via Schema.h */ - -/* unlock referral record */ - -using namespace Security; -using namespace KeychainCore; - -static const CSSM_DB_ATTRIBUTE_INFO unlockReferralRecordAttrs[] = -{ - Schema::kUnlockReferralType, - Schema::kUnlockReferralDbName, - Schema::kUnlockReferralDbGuid, - Schema::kUnlockReferralDbSSID, - Schema::kUnlockReferralDbSSType, - Schema::kUnlockReferralDbNetname, - Schema::kUnlockReferralKeyLabel, - Schema::kUnlockReferralKeyAppTag, - Schema::kUnlockReferralPrintName, - Schema::kUnlockReferralAlias -}; - -const NameValuePair referralTypeNames[] = -{ - NVP(CSSM_APPLE_UNLOCK_TYPE_KEY_DIRECT), - NVP(CSSM_APPLE_UNLOCK_TYPE_WRAPPED_PRIVATE), - NVP_END -}; - - -static const NameValuePair *referralNvp[] = { - referralTypeNames, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL -}; - -const RelationInfo referralRecordRelation = - RELATION_INFO(CSSM_DL_DB_RECORD_UNLOCK_REFERRAL, - unlockReferralRecordAttrs, - referralNvp); - -/* extended attribute record */ -static const CSSM_DB_ATTRIBUTE_INFO extendedAttrRecordAttrs[] = -{ - Schema::kExtendedAttributeRecordType, - Schema::kExtendedAttributeItemID, - Schema::kExtendedAttributeAttributeName, - Schema::kExtendedAttributeModDate, - Schema::kExtendedAttributeAttributeValue -}; - -static const NameValuePair *extendedAttrNvp[] = { - recordTypeNames, - NULL, - NULL, - NULL, - NULL -}; - -const RelationInfo extendedAttrRelation = - RELATION_INFO(CSSM_DL_DB_RECORD_EXTENDED_ATTRIBUTE, - extendedAttrRecordAttrs, - extendedAttrNvp); - diff --git a/SecurityTests/cspxutils/dbTool/dbAttrs.h b/SecurityTests/cspxutils/dbTool/dbAttrs.h deleted file mode 100644 index a628e184..00000000 --- a/SecurityTests/cspxutils/dbTool/dbAttrs.h +++ /dev/null @@ -1,52 +0,0 @@ -/* Copyright (c) 2002-2003,2006 Apple Computer, Inc. - * - * dbAttrs.h - Apple DL/DB/Keychain attributes and name/value pairs - */ - -#ifndef _DB_ATTRS_H_ -#define _DB_ATTRS_H_ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* entry in a table to map a uint32 to a string */ -typedef struct { - uint32 value; - const char *name; -} NameValuePair; - -/* all the info we need about one Relation (schema) */ -typedef struct { - CSSM_DB_RECORDTYPE DataRecordType; - const char *relationName; - uint32 NumberOfAttributes; - const CSSM_DB_ATTRIBUTE_INFO *AttributeInfo; - const NameValuePair **nameValues; -} RelationInfo; - -extern const NameValuePair recordTypeNames[]; - -extern const RelationInfo schemaInfoRelation; -extern const RelationInfo allKeysRelation; -extern const RelationInfo anyRecordRelation; -extern const RelationInfo genericKcRelation; -extern const RelationInfo certRecordRelation; -extern const RelationInfo x509CertRecordRelation; -extern const RelationInfo x509CrlRecordRelation; -extern const RelationInfo userTrustRelation; -extern const RelationInfo referralRecordRelation; -extern const RelationInfo extendedAttrRelation; - -/* - * DBBlob record type, private to CSPDL. - */ -#define DBBlobRelationID (CSSM_DB_RECORDTYPE_APP_DEFINED_START + 0x8000) - -#ifdef __cplusplus -} -#endif - -#endif /* _DB_ATTRS_H_ */ diff --git a/SecurityTests/cspxutils/dbTool/dbCert.cpp b/SecurityTests/cspxutils/dbTool/dbCert.cpp deleted file mode 100644 index aa73443d..00000000 --- a/SecurityTests/cspxutils/dbTool/dbCert.cpp +++ /dev/null @@ -1,508 +0,0 @@ -/* - * Copyright (c) 2003-2005,2008 Apple Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - * dbCert.cpp - import a possibly bad cert along with its private key - */ - -#include "dbCert.h" -#include -#include -#include -#include -#include -#include -#include -#include - -/* Copied from clxutils/clAppUtils/tpUtils */ -/* defined in SecKeychainAPIPriv.h */ -static const int kSecAliasItemAttr = 'alis'; - -/* Macro to declare a CSSM_DB_SCHEMA_ATTRIBUTE_INFO */ -#define SCHEMA_ATTR_INFO(id, name, type) \ - { id, (char *)name, {0, NULL}, CSSM_DB_ATTRIBUTE_FORMAT_ ## type } - -/* Too bad we can't get this from inside of the Security framework. */ -static CSSM_DB_SCHEMA_ATTRIBUTE_INFO certSchemaAttrInfo[] = -{ - SCHEMA_ATTR_INFO(kSecCertTypeItemAttr, "CertType", UINT32), - SCHEMA_ATTR_INFO(kSecCertEncodingItemAttr, "CertEncoding", UINT32), - SCHEMA_ATTR_INFO(kSecLabelItemAttr, "PrintName", BLOB), - SCHEMA_ATTR_INFO(kSecAliasItemAttr, "Alias", BLOB), - SCHEMA_ATTR_INFO(kSecSubjectItemAttr, "Subject", BLOB), - SCHEMA_ATTR_INFO(kSecIssuerItemAttr, "Issuer", BLOB), - SCHEMA_ATTR_INFO(kSecSerialNumberItemAttr, "SerialNumber", BLOB), - SCHEMA_ATTR_INFO(kSecSubjectKeyIdentifierItemAttr, "SubjectKeyIdentifier", BLOB), - SCHEMA_ATTR_INFO(kSecPublicKeyHashItemAttr, "PublicKeyHash", BLOB) -}; -#define NUM_CERT_SCHEMA_ATTRS \ - (sizeof(certSchemaAttrInfo) / sizeof(CSSM_DB_SCHEMA_ATTRIBUTE_INFO)) - -/* Macro to declare a CSSM_DB_SCHEMA_INDEX_INFO */ -#define SCHEMA_INDEX_INFO(id, indexNum, indexType) \ - { id, CSSM_DB_INDEX_ ## indexType, CSSM_DB_INDEX_ON_ATTRIBUTE } - - -static CSSM_DB_SCHEMA_INDEX_INFO certSchemaIndices[] = -{ - SCHEMA_INDEX_INFO(kSecCertTypeItemAttr, 0, UNIQUE), - SCHEMA_INDEX_INFO(kSecIssuerItemAttr, 0, UNIQUE), - SCHEMA_INDEX_INFO(kSecSerialNumberItemAttr, 0, UNIQUE), - SCHEMA_INDEX_INFO(kSecCertTypeItemAttr, 1, NONUNIQUE), - SCHEMA_INDEX_INFO(kSecSubjectItemAttr, 2, NONUNIQUE), - SCHEMA_INDEX_INFO(kSecIssuerItemAttr, 3, NONUNIQUE), - SCHEMA_INDEX_INFO(kSecSerialNumberItemAttr, 4, NONUNIQUE), - SCHEMA_INDEX_INFO(kSecSubjectKeyIdentifierItemAttr, 5, NONUNIQUE), - SCHEMA_INDEX_INFO(kSecPublicKeyHashItemAttr, 6, NONUNIQUE) -}; -#define NUM_CERT_INDICES \ - (sizeof(certSchemaIndices) / sizeof(CSSM_DB_SCHEMA_INDEX_INFO)) - - -CSSM_RETURN tpAddCertSchema( - CSSM_DL_DB_HANDLE dlDbHand) -{ - return CSSM_DL_CreateRelation(dlDbHand, - CSSM_DL_DB_RECORD_X509_CERTIFICATE, - "CSSM_DL_DB_RECORD_X509_CERTIFICATE", - NUM_CERT_SCHEMA_ATTRS, - certSchemaAttrInfo, - NUM_CERT_INDICES, - certSchemaIndices); -} - - -/* copied verbatim from certTool */ - -/* - * Find private key by label, modify its Label attr to be the - * hash of the associated public key. - */ -static CSSM_RETURN setPubKeyHash( - CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_HANDLE dlDbHand, - const char *keyLabel, // look up by this - CSSM_DATA *rtnKeyDigest) // optionally RETURNED, if so, - // caller owns and must cuAppFree -{ - CSSM_QUERY query; - CSSM_SELECTION_PREDICATE predicate; - CSSM_DB_UNIQUE_RECORD_PTR record = NULL; - CSSM_RETURN crtn; - CSSM_DATA labelData; - CSSM_HANDLE resultHand; - - labelData.Data = (uint8 *)keyLabel; - labelData.Length = strlen(keyLabel) + 1; // incl. NULL - query.RecordType = CSSM_DL_DB_RECORD_PRIVATE_KEY; - query.Conjunctive = CSSM_DB_NONE; - query.NumSelectionPredicates = 1; - predicate.DbOperator = CSSM_DB_EQUAL; - - predicate.Attribute.Info.AttributeNameFormat = - CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - predicate.Attribute.Info.Label.AttributeName = (char *)"Label"; - predicate.Attribute.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - /* hope this cast is OK */ - predicate.Attribute.Value = &labelData; - query.SelectionPredicate = &predicate; - - query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? - query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? - query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA; // FIXME - used? - - /* build Record attribute with one attr */ - CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; - CSSM_DB_ATTRIBUTE_DATA attr; - attr.Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr.Info.Label.AttributeName = (char *)"Label"; - attr.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - - recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_PRIVATE_KEY; - recordAttrs.NumberOfAttributes = 1; - recordAttrs.AttributeData = &attr; - - CSSM_DATA recordData = {0, NULL}; - crtn = CSSM_DL_DataGetFirst(dlDbHand, - &query, - &resultHand, - &recordAttrs, - &recordData, - &record); - /* abort only on success */ - if(crtn != CSSM_OK) { - cuPrintError("CSSM_DL_DataGetFirst", crtn); - return crtn; - } - - CSSM_KEY_PTR keyToDigest = (CSSM_KEY_PTR)recordData.Data; - CSSM_DATA_PTR keyDigest = NULL; - CSSM_CC_HANDLE ccHand; - crtn = CSSM_CSP_CreatePassThroughContext(cspHand, - keyToDigest, - &ccHand); - if(crtn) { - cuPrintError("CSSM_CSP_CreatePassThroughContext", crtn); - return crtn; - } - crtn = CSSM_CSP_PassThrough(ccHand, - CSSM_APPLECSP_KEYDIGEST, - NULL, - (void **)&keyDigest); - if(crtn) { - cuPrintError("CSSM_CSP_PassThrough(PUBKEYHASH)", crtn); - return -1; - } - CSSM_FreeKey(cspHand, NULL, keyToDigest, CSSM_FALSE); - CSSM_DeleteContext(ccHand); - - /* - * Replace Label attr data with hash. - * NOTE: the module which allocated this attribute data - a DL - - * was loaded and attached by the Sec layer, not by us. Thus - * we can't use the memory allocator functions *we* used when - * attaching to the CSPDL - we have to use the ones - * which the Sec layer registered with the DL. - */ - CSSM_API_MEMORY_FUNCS memFuncs; - crtn = CSSM_GetAPIMemoryFunctions(dlDbHand.DLHandle, &memFuncs); - if(crtn) { - cuPrintError("CSSM_GetAPIMemoryFunctions(DLHandle)", crtn); - /* oh well, leak and continue */ - } - else { - memFuncs.free_func(attr.Value->Data, memFuncs.AllocRef); - memFuncs.free_func(attr.Value, memFuncs.AllocRef); - } - attr.Value = keyDigest; - - /* modify key attributes */ - crtn = CSSM_DL_DataModify(dlDbHand, - CSSM_DL_DB_RECORD_PRIVATE_KEY, - record, - &recordAttrs, - NULL, // DataToBeModified - CSSM_DB_MODIFY_ATTRIBUTE_REPLACE); - if(crtn) { - cuPrintError("CSSM_DL_DataModify(PUBKEYHASH)", crtn); - return crtn; - } - crtn = CSSM_DL_DataAbortQuery(dlDbHand, resultHand); - if(crtn) { - cuPrintError("CSSM_DL_DataAbortQuery", crtn); - /* let's keep going in this case */ - } - crtn = CSSM_DL_FreeUniqueRecord(dlDbHand, record); - if(crtn) { - cuPrintError("CSSM_DL_FreeUniqueRecord", crtn); - /* let's keep going in this case */ - crtn = CSSM_OK; - } - - /* free resources */ - if(rtnKeyDigest) { - *rtnKeyDigest = *keyDigest; - } - else { - cuAppFree(keyDigest->Data, NULL); - /* FIXME - don't we have to free keyDigest itself? */ - } - return CSSM_OK; -} - -static CSSM_RETURN importPrivateKey( - CSSM_DL_DB_HANDLE dlDbHand, - CSSM_CSP_HANDLE cspHand, - const char *privKeyFileName, - CSSM_ALGORITHMS keyAlg, - CSSM_BOOL pemFormat, // of the file - CSSM_KEYBLOB_FORMAT keyFormat, // of the key blob itself, NONE means - // use default - CSSM_DATA *keyHash) // OPTIONALLY RETURNED - if so, caller - // owns and must cuAppFree() -{ - unsigned char *derKey = NULL; - unsigned derKeyLen; - unsigned char *pemKey = NULL; - unsigned pemKeyLen; - CSSM_KEY wrappedKey; - CSSM_KEY unwrappedKey; - CSSM_ACCESS_CREDENTIALS creds; - CSSM_CC_HANDLE ccHand = 0; - CSSM_RETURN crtn; - CSSM_DATA labelData; - CSSM_KEYHEADER_PTR hdr = &wrappedKey.KeyHeader; - CSSM_DATA descData = {0, NULL}; - CSSM_CSP_HANDLE rawCspHand = 0; - const char *privKeyLabel = NULL; - - /* - * Validate specified format for clarity - */ - switch(keyAlg) { - case CSSM_ALGID_RSA: - switch(keyFormat) { - case CSSM_KEYBLOB_RAW_FORMAT_NONE: - keyFormat = CSSM_KEYBLOB_RAW_FORMAT_PKCS1; // default - break; - case CSSM_KEYBLOB_RAW_FORMAT_PKCS1: - case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: - break; - default: - printf("***RSA Private key must be in PKCS1 or PKCS8 " - "format\n"); - return CSSMERR_CSSM_INTERNAL_ERROR; - } - privKeyLabel = "Imported RSA key"; - break; - case CSSM_ALGID_DSA: - switch(keyFormat) { - case CSSM_KEYBLOB_RAW_FORMAT_NONE: - keyFormat = CSSM_KEYBLOB_RAW_FORMAT_OPENSSL; - // default - break; - case CSSM_KEYBLOB_RAW_FORMAT_FIPS186: - case CSSM_KEYBLOB_RAW_FORMAT_OPENSSL: - case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: - break; - default: - printf("***DSA Private key must be in openssl, FIPS186, " - "or PKCS8 format\n"); - return CSSMERR_CSSM_INTERNAL_ERROR; - } - privKeyLabel = "Imported DSA key"; - break; - case CSSM_ALGID_DH: - switch(keyFormat) { - case CSSM_KEYBLOB_RAW_FORMAT_NONE: - keyFormat = CSSM_KEYBLOB_RAW_FORMAT_PKCS8; // default - break; - case CSSM_KEYBLOB_RAW_FORMAT_PKCS8: - break; - default: - printf("***Diffie-Hellman Private key must be in" - "PKCS8 format.\n"); - return CSSMERR_CSSM_INTERNAL_ERROR; - } - privKeyLabel = "Imported Diffie-Hellman key"; - break; - } - if(readFile(privKeyFileName, &pemKey, &pemKeyLen)) { - printf("***Error reading private key from file %s. Aborting.\n", - privKeyFileName); - return CSSMERR_CSSM_INTERNAL_ERROR; - } - /* subsequent errors to done: */ - if(pemFormat) { - int rtn = pemDecode(pemKey, pemKeyLen, &derKey, &derKeyLen); - if(rtn) { - printf("***%s: Bad PEM formatting. Aborting.\n", - privKeyFileName); - crtn = CSSMERR_CSP_INVALID_KEY; - goto done; - } - } - else { - derKey = pemKey; - derKeyLen = pemKeyLen; - } - - /* importing a raw key into the CSPDL involves a NULL unwrap */ - memset(&unwrappedKey, 0, sizeof(CSSM_KEY)); - memset(&wrappedKey, 0, sizeof(CSSM_KEY)); - - /* set up the imported key to look like a CSSM_KEY */ - hdr->HeaderVersion = CSSM_KEYHEADER_VERSION; - hdr->BlobType = CSSM_KEYBLOB_RAW; - hdr->AlgorithmId = keyAlg; - hdr->KeyClass = CSSM_KEYCLASS_PRIVATE_KEY; - hdr->KeyAttr = CSSM_KEYATTR_EXTRACTABLE; - hdr->KeyUsage = CSSM_KEYUSE_ANY; - hdr->Format = keyFormat; - wrappedKey.KeyData.Data = derKey; - wrappedKey.KeyData.Length = derKeyLen; - - /* get key size in bits from raw CSP */ - rawCspHand = cuCspStartup(CSSM_TRUE); - if(rawCspHand == 0) { - printf("***Error attaching to CSP. Aborting.\n"); - crtn = CSSMERR_CSSM_INTERNAL_ERROR; - goto done; - } - CSSM_KEY_SIZE keySize; - crtn = CSSM_QueryKeySizeInBits(rawCspHand, CSSM_INVALID_HANDLE, &wrappedKey, &keySize); - if(crtn) { - cuPrintError("CSSM_QueryKeySizeInBits",crtn); - goto done; - } - hdr->LogicalKeySizeInBits = keySize.LogicalKeySizeInBits; - - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - crtn = CSSM_CSP_CreateSymmetricContext(cspHand, - CSSM_ALGID_NONE, // unwrapAlg - CSSM_ALGMODE_NONE, // unwrapMode - &creds, - NULL, // unwrappingKey - NULL, // initVector - CSSM_PADDING_NONE, // unwrapPad - 0, // Params - &ccHand); - if(crtn) { - cuPrintError("CSSM_CSP_CreateSymmetricContext", crtn); - goto done; - } - - /* add DL/DB to context */ - CSSM_CONTEXT_ATTRIBUTE newAttr; - newAttr.AttributeType = CSSM_ATTRIBUTE_DL_DB_HANDLE; - newAttr.AttributeLength = sizeof(CSSM_DL_DB_HANDLE); - newAttr.Attribute.Data = (CSSM_DATA_PTR)&dlDbHand; - crtn = CSSM_UpdateContextAttributes(ccHand, 1, &newAttr); - if(crtn) { - cuPrintError("CSSM_UpdateContextAttributes", crtn); - goto done; - } - - /* do the NULL unwrap */ - labelData.Data = (uint8 *)privKeyLabel; - labelData.Length = strlen(privKeyLabel) + 1; - crtn = CSSM_UnwrapKey(ccHand, - NULL, // PublicKey - &wrappedKey, - CSSM_KEYUSE_ANY, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT | - CSSM_KEYATTR_SENSITIVE |CSSM_KEYATTR_EXTRACTABLE, - &labelData, - NULL, // CredAndAclEntry - &unwrappedKey, - &descData); // required - if(crtn != CSSM_OK) { - cuPrintError("CSSM_UnwrapKey", crtn); - goto done; - } - - /* one more thing: bind this private key to its public key */ - crtn = setPubKeyHash(cspHand, dlDbHand, privKeyLabel, keyHash); - - /* We don't need the unwrapped key any more */ - CSSM_FreeKey(cspHand, - NULL, // access cred - &unwrappedKey, - CSSM_FALSE); // delete - -done: - if(ccHand) { - CSSM_DeleteContext(ccHand); - } - if(derKey) { - free(derKey); // mallocd by readFile() */ - } - if(pemFormat && pemKey) { - free(pemKey); - } - if(rawCspHand) { - CSSM_ModuleDetach(rawCspHand); - } - return crtn; -} - - -CSSM_RETURN importBadCert( - CSSM_DL_HANDLE dlHand, - const char *dbFileName, - const char *certFile, - const char *keyFile, - CSSM_ALGORITHMS keyAlg, - CSSM_BOOL pemFormat, // of the file - CSSM_KEYBLOB_FORMAT keyFormat, // of the key blob itself, NONE means - // use default - CSSM_BOOL verbose) -{ - CSSM_DL_DB_HANDLE dlDbHand = {dlHand, 0}; - CSSM_RETURN crtn; - CSSM_DATA keyDigest = {0, NULL}; - CSSM_DATA certData = {0, NULL}; - unsigned len; - - CSSM_CSP_HANDLE cspHand = cuCspStartup(CSSM_FALSE); - if(cspHand == 0) { - printf("***Error attaching to CSPDL. Aborting.\n"); - return CSSMERR_CSSM_ADDIN_LOAD_FAILED; - } - - /* - * 1. Open the (already existing) DB. - */ - dlDbHand.DBHandle = cuDbStartupByName(dlHand, - (char *)dbFileName, // bogus non-const prototype - CSSM_FALSE, // do NOT create it - CSSM_FALSE); // quiet - if(dlDbHand.DBHandle == 0) { - printf("Error opening %s. Aborting.\n", dbFileName); - return CSSMERR_DL_DATASTORE_DOESNOT_EXIST; - } - - /* - * Import key to DB, snagging its key digest along the way. - */ - crtn = importPrivateKey(dlDbHand, cspHand, - keyFile, keyAlg, pemFormat, keyFormat, - &keyDigest); - if(crtn) { - printf("***Error importing key %s. Aborting.\n", keyFile); - goto errOut; - } - - /* - * Now the cert. - */ - if(readFile(certFile, &certData.Data, &len)) { - printf("***Error reading cert from %s. Aborting.\n", certFile); - goto errOut; - } - certData.Length = len; - crtn = cuAddCertToDb(dlDbHand, &certData, - CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_DER, - certFile, // printName - &keyDigest); - if(crtn == CSSMERR_DL_INVALID_RECORDTYPE) { - /* virgin DB, no cert schema: add schema and retry */ - crtn = tpAddCertSchema(dlDbHand); - if(crtn == CSSM_OK) { - crtn = cuAddCertToDb(dlDbHand, &certData, - CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_DER, - certFile, // printName - &keyDigest); - } - } - if(crtn) { - printf("***Error importing cert %s. Aborting.\n", certFile); - } -errOut: - if(keyDigest.Data) { - cuAppFree(keyDigest.Data, NULL); - } - if(dlDbHand.DBHandle) { - CSSM_DL_DbClose(dlDbHand); - } - if(certData.Data) { - free(certData.Data); - } - return crtn; -} diff --git a/SecurityTests/cspxutils/dbTool/dbCert.h b/SecurityTests/cspxutils/dbTool/dbCert.h deleted file mode 100644 index a6f633af..00000000 --- a/SecurityTests/cspxutils/dbTool/dbCert.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - * dbCert.h - import a possibly bad cert along with its private key - */ - -#ifndef _DB_CERT_H_ -#define _DB_CERT_H_ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -CSSM_RETURN importBadCert( - CSSM_DL_HANDLE dlHand, - const char *dbFileName, - const char *certFile, - const char *keyFile, - CSSM_ALGORITHMS keyAlg, - CSSM_BOOL pemFormat, // of the file - CSSM_KEYBLOB_FORMAT keyFormat, // of the key blob itself, NONE means - // use default - CSSM_BOOL verbose); - -#ifdef __cplusplus -} -#endif - -#endif /* _DB_CERT_H_ */ - diff --git a/SecurityTests/cspxutils/dbTool/dbTool.cpp b/SecurityTests/cspxutils/dbTool/dbTool.cpp deleted file mode 100644 index 937d88ea..00000000 --- a/SecurityTests/cspxutils/dbTool/dbTool.cpp +++ /dev/null @@ -1,747 +0,0 @@ -/* Copyright (c) 2002-2006 Apple Computer, Inc. - * - * dbTool.cpp - DL/DB tool. - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "dbAttrs.h" -#include "dbCert.h" -#include "cspdlTesting.h" - - -static void usage(char **argv) -{ - printf("usage: %s dbFileName command [options]\n", argv[0]); - printf("Commands:\n"); - printf(" r Dump Schema Relations\n"); - printf(" k Dump all keys\n"); - printf(" c Dump certs\n"); - printf(" a Dump all records\n"); - printf(" d Delete records (interactively)\n"); - printf(" D Delete records (noninteractively, requires really arg)\n"); - printf(" i Import bad cert and its (good) private key\n"); - printf("Options:\n"); - printf(" v verbose\n"); - printf(" q quiet\n"); - printf(" R really! (for D command)\n"); - printf(" d dump data\n"); - printf(" c=certFile\n"); - printf(" k=keyFile\n"); - exit(1); -} - - -static unsigned indentVal = 0; -static void indentIncr() -{ - indentVal += 3; -} - -static void indentDecr() -{ - if(indentVal) { - indentVal -= 3; - } -} - -static void doIndent() -{ - unsigned i; - for(i=0; iAttributeNameFormat) { - case CSSM_DB_ATTRIBUTE_NAME_AS_STRING: - { - char *attrName = attrInfo->Label.AttributeName; - printf("%s", attrName); - int len = strlen(attrName); - if(len > NORM_KEY_LEN) { - return; - } - int numSpaces = NORM_KEY_LEN - len; - for(int i=0; iLabel.AttributeID); - for(unsigned i=0; i<4; i++) { - putchar(*cp++); - } - printf(" "); - break; - } - default: - printf("Unknown attribute name format (%u)\n", - (unsigned)attrInfo->AttributeNameFormat); - break; - } -} - -/* - * Attempt to print a numeric value as a string, per a NameValuePair table. - * If the value is in fact a collection of legal values (per the nameValues - * array), the value will just be printed in hex. - */ -static void printValueAsString( - unsigned val, - const NameValuePair *nameValues) -{ - if(nameValues != NULL) { - while(nameValues->name != NULL) { - if(nameValues->value == val) { - printf("%s", nameValues->name); - return; - } - nameValues++; - } - } - /* Oh well */ - printf("0x%x", val); -} - -static void safePrint( - uint8 *cp, - uint32 len) -{ - for(unsigned i=0; iData; - for(unsigned i=0; iLength; i++) { - if(*cp == 0) { - if(i != (dp->Length - 1)) { - /* data contains NULL character before end */ - printable = false; - } - /* else end of string */ - break; - } - if(!isprint(*cp)) { - printable = false; - break; - } - cp++; - } - return printable; -} - -#define MAX_BLOB_TO_PRINT 12 -static void printBlob( - const CSSM_DATA *data) -{ - unsigned toPrint = data->Length; - if(toPrint > MAX_BLOB_TO_PRINT) { - toPrint = MAX_BLOB_TO_PRINT; - } - for(unsigned i=0; iData[i]; - printf("%02X ", dat); - } - if(toPrint < data->Length) { - printf("..."); - } -} - -static void printAttrData( - const CSSM_DB_ATTRIBUTE_INFO *attrInfo, - const CSSM_DATA *attrData, - const NameValuePair *nameValues) // optional -{ - void *data = attrData->Data; - - switch(attrInfo->AttributeFormat) { - - case CSSM_DB_ATTRIBUTE_FORMAT_STRING: - putchar('\''); - safePrint(attrData->Data, attrData->Length); - putchar('\''); - break; - case CSSM_DB_ATTRIBUTE_FORMAT_SINT32: - case CSSM_DB_ATTRIBUTE_FORMAT_UINT32: - { - unsigned val = *(unsigned *)data; - printValueAsString(val, nameValues); - break; - } - case CSSM_DB_ATTRIBUTE_FORMAT_BLOB: - { - printf("BLOB length %u : ", (unsigned)attrData->Length); - /* see if it happens to be a printable string */ - if(isPrintable(attrData)) { - putchar('\''); - safePrint(attrData->Data, attrData->Length); - putchar('\''); - } - else { - printBlob(attrData); - } - break; - } - case CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32: - { - printf("multi_int["); - uint32 numInts = attrData->Length / sizeof(uint32); - uint32 *uip = (uint32 *)data; - for(unsigned i=0; i 0) { - printf(", "); - } - printValueAsString(*uip++, nameValues); - } - printf("]"); - break; - } - case CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE: - putchar('\''); - safePrint(attrData->Data, attrData->Length); - putchar('\''); - break; - - default: - printf("***UNKNOWN FORMAT (%u), Length %u", - (unsigned)attrInfo->AttributeFormat, (unsigned)attrData->Length); - break; - } -} - -/* free attribute(s) allocated by DL */ -static void freeAttrs( - CSSM_DB_RECORD_ATTRIBUTE_DATA *recordAttrs) -{ - unsigned i; - - for(i=0; iNumberOfAttributes; i++) { - CSSM_DB_ATTRIBUTE_DATA_PTR attrData = &recordAttrs->AttributeData[i]; - if(attrData == NULL) { - /* fault of caller, who allocated the CSSM_DB_ATTRIBUTE_DATA */ - printf("***freeAttrs screwup: NULL attrData\n"); - return; - } - unsigned j; - for(j=0; jNumberOfValues; j++) { - CSSM_DATA_PTR data = &attrData->Value[j]; - if(data == NULL) { - /* fault of MDS, who said there was a value here */ - printf("***freeAttrs screwup: NULL data\n"); - return; - } - CSSM_FREE(data->Data); - data->Data = NULL; - data->Length = 0; - } - CSSM_FREE(attrData->Value); - attrData->Value = NULL; - } -} - -static void dumpDataBlob( - const CSSM_DATA *datap) -{ - doIndent(); - printf("Record data length %lu ", datap->Length); - if(datap->Length != 0) { - printf(" : "); - printBlob(datap); - } - printf("\n"); -} - -static void dumpRecordAttrs( - const CSSM_DB_RECORD_ATTRIBUTE_DATA *recordAttrs, - const NameValuePair **nameValues, // parallel to recordAttrs - const CSSM_DATA *recordData = NULL) // optional data -{ - unsigned valNum; - unsigned dex; - - for(dex=0; dexNumberOfAttributes; dex++) { - const CSSM_DB_ATTRIBUTE_DATA *attrData = &recordAttrs->AttributeData[dex]; - doIndent(); - printName(&attrData->Info); - printf(": "); - if(attrData->NumberOfValues == 0) { - printf("<>\n"); - continue; - } - for(valNum=0; valNumNumberOfValues; valNum++) { - printAttrData(&attrData->Info, &attrData->Value[valNum], nameValues[dex]); - if(valNum < (attrData->NumberOfValues - 1)) { - printf(", "); - } - } - printf("\n"); - } - if(recordData) { - dumpDataBlob(recordData); - } -} - -static void dumpRelation( - CSSM_DL_DB_HANDLE dlDbHand, - const RelationInfo *relInfo, - CSSM_BOOL dumpData) -{ - CSSM_QUERY query; - CSSM_DB_UNIQUE_RECORD_PTR record = NULL; - CSSM_RETURN crtn; - CSSM_HANDLE resultHand; - CSSM_DB_ATTRIBUTE_DATA *attrs; - CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; - unsigned attrDex; - unsigned recNum = 0; - uint32 numAttrs = relInfo->NumberOfAttributes; - CSSM_DATA data = {0, NULL}; - CSSM_DATA_PTR datap = NULL; - - if(dumpData) { - datap = &data; - } - - /* build an attr array from known schema */ - attrs = (CSSM_DB_ATTRIBUTE_DATA *)CSSM_MALLOC( - sizeof(CSSM_DB_ATTRIBUTE_DATA) * numAttrs); - memset(attrs, 0, sizeof(CSSM_DB_ATTRIBUTE_DATA) * numAttrs); - for(attrDex=0; attrDexAttributeInfo[attrDex]; - } - recordAttrs.DataRecordType = relInfo->DataRecordType; - recordAttrs.NumberOfAttributes = numAttrs; - recordAttrs.AttributeData = attrs; - - /* just search by recordType, no predicates */ - query.RecordType = relInfo->DataRecordType; - query.Conjunctive = CSSM_DB_NONE; - query.NumSelectionPredicates = 0; - query.SelectionPredicate = NULL; - query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? - query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? - query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA...FIXME - used? - - crtn = CSSM_DL_DataGetFirst(dlDbHand, - &query, - &resultHand, - &recordAttrs, - datap, - &record); - switch(crtn) { - case CSSM_OK: - break; // proceed - case CSSMERR_DL_ENDOFDATA: - printf("%s: no record found\n", relInfo->relationName); - CSSM_FREE(attrs); - return; - default: - printError("DataGetFirst", crtn); - CSSM_FREE(attrs); - return; - } - printf("%s:\n", relInfo->relationName); - printf(" record %d; numAttrs %d:\n", - recNum++, (int)recordAttrs.NumberOfAttributes); - indentIncr(); - - dumpRecordAttrs(&recordAttrs, relInfo->nameValues, datap); - CSSM_DL_FreeUniqueRecord(dlDbHand, record); - freeAttrs(&recordAttrs); - if(datap) { - CSSM_FREE(datap->Data); - } - - /* now the rest of them */ - /* hopefully we don't have to re-init the recordAttr array */ - for(;;) { - crtn = CSSM_DL_DataGetNext(dlDbHand, - resultHand, - &recordAttrs, - datap, - &record); - switch(crtn) { - case CSSM_OK: - printf(" record %d; numAttrs %d:\n", - recNum++, (int)recordAttrs.NumberOfAttributes); - dumpRecordAttrs(&recordAttrs, relInfo->nameValues, datap); - CSSM_DL_FreeUniqueRecord(dlDbHand, record); - freeAttrs(&recordAttrs); - if(datap) { - CSSM_FREE(datap->Data); - } - break; // and go again - case CSSMERR_DL_ENDOFDATA: - /* normal termination */ - break; - default: - printError("DataGetNext", crtn); - break; - } - if(crtn != CSSM_OK) { - break; - } - } - indentDecr(); - CSSM_FREE(attrs); -} - -/* - * Given a record type and a CSSM_DB_UNIQUE_RECORD, fetch and parse all the - * attributes we can. - */ -static void fetchParseRecord( - CSSM_DL_DB_HANDLE dlDbHand, - CSSM_DB_RECORD_ATTRIBUTE_DATA *inRecordAttrs, - CSSM_DB_UNIQUE_RECORD_PTR record, - const CSSM_DATA_PTR datap, - CSSM_BOOL dumpData) -{ - const RelationInfo *relInfo = NULL; - - /* infer RelationInfo from recordType */ - switch(inRecordAttrs->DataRecordType) { - case CSSM_DL_DB_RECORD_PUBLIC_KEY: - case CSSM_DL_DB_RECORD_PRIVATE_KEY: - case CSSM_DL_DB_RECORD_SYMMETRIC_KEY: - relInfo = &allKeysRelation; - break; - case CSSM_DL_DB_RECORD_GENERIC_PASSWORD: - case CSSM_DL_DB_RECORD_INTERNET_PASSWORD: - case CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD: - relInfo = &genericKcRelation; - break; - case CSSM_DL_DB_RECORD_CERT: - relInfo = &certRecordRelation; - break; - case CSSM_DL_DB_RECORD_X509_CERTIFICATE: - relInfo = &x509CertRecordRelation; - break; - case CSSM_DL_DB_RECORD_X509_CRL: - relInfo = &x509CrlRecordRelation; - break; - case CSSM_DL_DB_RECORD_USER_TRUST: - relInfo = &userTrustRelation; - break; - case CSSM_DL_DB_RECORD_UNLOCK_REFERRAL: - relInfo = &referralRecordRelation; - break; - case CSSM_DL_DB_RECORD_EXTENDED_ATTRIBUTE: - relInfo = &extendedAttrRelation; - break; - case DBBlobRelationID: - relInfo = NULL; - doIndent(); - printf("--- No attributes ---\n"); - if(dumpData) { - dumpDataBlob(datap); - } - return; - default: - doIndent(); - printf("<>\n"); - if(dumpData) { - doIndent(); - printf("Record blob (length %ld): ", datap->Length); - printBlob(datap); - printf("\n"); - } - return; - } - - CSSM_DB_ATTRIBUTE_DATA *attrs = NULL; - CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; - unsigned attrDex; - uint32 numAttrs = relInfo->NumberOfAttributes; - CSSM_RETURN crtn; - CSSM_DATA recordData = {0, NULL}; - CSSM_DATA_PTR recordDataP = dumpData ? &recordData : NULL; - - /* build an attr array from known schema */ - attrs = (CSSM_DB_ATTRIBUTE_DATA *)CSSM_MALLOC( - sizeof(CSSM_DB_ATTRIBUTE_DATA) * numAttrs); - memset(attrs, 0, sizeof(CSSM_DB_ATTRIBUTE_DATA) * numAttrs); - for(attrDex=0; attrDexAttributeInfo[attrDex]; - } - - /* from inRecordAttrs, not the relInfo, which could be a typeless template */ - recordAttrs.DataRecordType = relInfo->DataRecordType; - recordAttrs.NumberOfAttributes = numAttrs; - recordAttrs.AttributeData = attrs; - - crtn = CSSM_DL_DataGetFromUniqueRecordId(dlDbHand, - record, - &recordAttrs, - recordDataP); - if(crtn) { - printError("CSSM_DL_DataGetFromUniqueRecordId", crtn); - goto abort; - } - dumpRecordAttrs(&recordAttrs, relInfo->nameValues, recordDataP); - freeAttrs(&recordAttrs); - if(recordData.Data) { - CSSM_FREE(recordData.Data); - } -abort: - if(attrs) { - CSSM_FREE(attrs); - } - return; -} - -static void deleteRecord( - CSSM_DL_DB_HANDLE dlDbHand, - CSSM_DB_UNIQUE_RECORD_PTR record, - CSSM_BOOL interact) -{ - if(interact) { - fpurge(stdin); - printf("\nDelete this record [y/anything] ? "); - char resp = getchar(); - if(resp != 'y') { - return; - } - } - CSSM_RETURN crtn; - crtn = CSSM_DL_DataDelete(dlDbHand, record); - if(crtn) { - printError("CSSM_DL_DataDelete", crtn); - } - else if(interact) { - printf("...record deleted\n\n"); - } -} - -/* - * In this case we search for CSSM_DL_DB_RECORD_ANY. The current schema results - * in no single attribute which all interesting records have in common, so we - * can't grab any attributes at GetFirst/GetNext time. Instead we have - * to deal with the returned record per its record type. - */ -static void dumpAllRecords( - CSSM_DL_DB_HANDLE dlDbHand, - CSSM_BOOL deleteAll, - CSSM_BOOL interact, - CSSM_BOOL dumpData) -{ - CSSM_QUERY query; - CSSM_DB_UNIQUE_RECORD_PTR record = NULL; - CSSM_RETURN crtn; - CSSM_HANDLE resultHand; - CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; - CSSM_DATA data = {0, NULL}; - CSSM_DATA_PTR datap = NULL; - - if(dumpData) { - datap = &data; - } - - recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_ANY; - recordAttrs.NumberOfAttributes = 0; - recordAttrs.AttributeData = NULL; - - /* just search by recordType, no predicates */ - query.RecordType = CSSM_DL_DB_RECORD_ANY; - query.Conjunctive = CSSM_DB_NONE; - query.NumSelectionPredicates = 0; - query.SelectionPredicate = NULL; - query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? - query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? - query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA...FIXME - used? - - crtn = CSSM_DL_DataGetFirst(dlDbHand, - &query, - &resultHand, - &recordAttrs, - datap, - &record); - switch(crtn) { - case CSSM_OK: - break; // proceed - case CSSMERR_DL_ENDOFDATA: - printf("CSSM_DL_DB_RECORD_ANY: no record found\n"); - return; - default: - printError("DataGetFirst", crtn); - return; - } - - /* could be anything; check it out */ - if(interact) { - doIndent(); - printValueAsString(recordAttrs.DataRecordType, recordTypeNames); - printf("\n"); - indentIncr(); - fetchParseRecord(dlDbHand, &recordAttrs, record, datap, dumpData); - indentDecr(); - } - if(deleteAll && (recordAttrs.DataRecordType != DBBlobRelationID)) { - /* NEVER delete a DBBlob */ - deleteRecord(dlDbHand, record, interact); - } - CSSM_DL_FreeUniqueRecord(dlDbHand, record); - - /* now the rest of them */ - /* hopefully we don't have to re-init the recordAttr array */ - for(;;) { - crtn = CSSM_DL_DataGetNext(dlDbHand, - resultHand, - &recordAttrs, - datap, - &record); - switch(crtn) { - case CSSM_OK: - if(interact) { - doIndent(); - printValueAsString(recordAttrs.DataRecordType, recordTypeNames); - printf("\n"); - indentIncr(); - fetchParseRecord(dlDbHand, &recordAttrs, record, datap, dumpData); - indentDecr(); - } - if(deleteAll && (recordAttrs.DataRecordType != DBBlobRelationID)) { - /* NEVER delete a DBBlob */ - deleteRecord(dlDbHand, record, interact); - } - CSSM_DL_FreeUniqueRecord(dlDbHand, record); - break; // and go again - case CSSMERR_DL_ENDOFDATA: - /* normal termination */ - break; - default: - printError("DataGetNext", crtn); - break; - } - if(crtn != CSSM_OK) { - break; - } - } -} - -int main( - int argc, - char **argv) -{ - int arg; - char *argp; - char *dbFileName; - char cmd; - CSSM_DL_DB_HANDLE dlDbHand; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - char *certFile = NULL; - char *keyFile = NULL; - CSSM_BOOL interact = CSSM_TRUE; - CSSM_BOOL dumpData = CSSM_FALSE; - - /* should be cmd line opts */ - CSSM_ALGORITHMS keyAlg = CSSM_ALGID_RSA; - CSSM_BOOL pemFormat = CSSM_FALSE; - CSSM_KEYBLOB_FORMAT keyFormat = CSSM_KEYBLOB_RAW_FORMAT_NONE; - CSSM_RETURN crtn = CSSM_OK; - - if(argc < 3) { - usage(argv); - } - dbFileName = argv[1]; - cmd = argv[2][0]; - - for(arg=3; arg -#include -#include -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "cspdlTesting.h" - - -static void usage(char **argv) -{ - printf("usage: %s dbFileName alg class keysize [options]\n", argv[0]); - printf(" alg : rsa|dsa|dh|ecdsa\n"); - printf(" class : priv|pub\n"); - printf("Options:\n"); - printf(" -q quiet\n"); - exit(1); -} - -static const char *recordTypeStr( - CSSM_DB_RECORDTYPE recordType) -{ - static char unk[100]; - - switch(recordType) { - case CSSM_DL_DB_RECORD_PRIVATE_KEY: - return "Private Key"; - case CSSM_DL_DB_RECORD_PUBLIC_KEY: - return "Public Key"; - case CSSM_DL_DB_RECORD_SYMMETRIC_KEY: - return "Symmetric Key"; - default: - sprintf(unk, "**Unknown record type %u\n", (unsigned)recordType); - return unk; - } -} - -/* - * Search for specified record type; verify there is exactly one or zero - * of them as specified. - * Verify key algorthm and key size. Returns nonzero on error. - */ -static int doVerify( - CSSM_DL_DB_HANDLE dlDbHand, - unsigned numRecords, // zero or one - CSSM_DB_RECORDTYPE recordType, - uint32 keySize, - CSSM_ALGORITHMS keyAlg) -{ - CSSM_QUERY query; - CSSM_DB_UNIQUE_RECORD_PTR record = NULL; - CSSM_RETURN crtn; - CSSM_HANDLE resultHand; - CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; - - /* no predicates, all records of specified type, no attrs, get the key */ - query.RecordType = recordType; - query.Conjunctive = CSSM_DB_NONE; - query.NumSelectionPredicates = 0; - query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? - query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? - query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA; // FIXME - used? - - recordAttrs.DataRecordType = recordType; - recordAttrs.NumberOfAttributes = 0; - recordAttrs.AttributeData = NULL; - - CSSM_DATA recordData = {0, NULL}; - - crtn = CSSM_DL_DataGetFirst(dlDbHand, - &query, - &resultHand, - &recordAttrs, - &recordData, - &record); - switch(crtn) { - case CSSM_OK: - if(numRecords == 0) { - printf("***Expected zero records of type %s, found one\n", - recordTypeStr(recordType)); - CSSM_DL_FreeUniqueRecord(dlDbHand, record); - CSSM_DL_DataAbortQuery(dlDbHand, resultHand); - return 1; - } - break; // proceed - case CSSMERR_DL_ENDOFDATA: - if(numRecords == 0) { - /* cool */ - return 0; - } - printf("**Error: no records of type %s found\n", - recordTypeStr(recordType)); - return 1; - default: - printError("DataGetFirst", crtn); - return 1; - } - - CSSM_KEY_PTR theKey = (CSSM_KEY_PTR)recordData.Data; - int ourRtn = 0; - CSSM_KEYHEADER &hdr = theKey->KeyHeader; - if(hdr.AlgorithmId != keyAlg) { - printf("***Algorithm mismatch: expect %u, got %u\n", - (unsigned)keyAlg, (unsigned)hdr.AlgorithmId); - ourRtn++; - } - if(hdr.LogicalKeySizeInBits != keySize) { - printf("***Key Size: expect %u, got %u\n", - (unsigned)keySize, (unsigned)hdr.LogicalKeySizeInBits); - ourRtn++; - } - CSSM_DL_FreeUniqueRecord(dlDbHand, record); - - /* see if there are any more */ - crtn = CSSM_DL_DataGetNext(dlDbHand, - resultHand, - &recordAttrs, - NULL, - &record); - if(crtn == CSSM_OK) { - printf("***More than 1 record of type %s found\n", - recordTypeStr(recordType)); - ourRtn++; - CSSM_DL_FreeUniqueRecord(dlDbHand, record); - } - CSSM_DL_DataAbortQuery(dlDbHand, resultHand); - return ourRtn; -} - -int main( - int argc, - char **argv) -{ - int arg; - char *argp; - char *dbFileName; - CSSM_ALGORITHMS keyAlg; - CSSM_DB_RECORDTYPE recordType; - uint32 keySize; - CSSM_DL_DB_HANDLE dlDbHand; - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_RETURN crtn = CSSM_OK; - - if(argc < 5) { - usage(argv); - } - dbFileName = argv[1]; - - /* key algorithm */ - if(!strcmp(argv[2], "rsa")) { - keyAlg = CSSM_ALGID_RSA; - } - else if(!strcmp(argv[2], "dsa")) { - keyAlg = CSSM_ALGID_DSA; - } - else if(!strcmp(argv[2], "dh")) { - keyAlg = CSSM_ALGID_DH; - } - else if(!strcmp(argv[2], "ecdsa")) { - keyAlg = CSSM_ALGID_ECDSA; - } - else { - usage(argv); - } - - /* key class */ - if(!strcmp(argv[3], "priv")) { - recordType = CSSM_DL_DB_RECORD_PRIVATE_KEY; - } - else if(!strcmp(argv[3], "pub")) { - recordType = CSSM_DL_DB_RECORD_PUBLIC_KEY; - } - else { - usage(argv); - } - - keySize = atoi(argv[4]); - - for(arg=5; arg -#include -#include -#include "cspwrap.h" -#include "common.h" -#include -#include -#include "cspdlTesting.h" - -#define USAGE_DEF "noUsage" -#define LOOPS_DEF 10 -#define KEY_SIZE_DEF 512 -#define DERIVE_KEY_SIZE 128 -#define DERIVE_KEY_ALG CSSM_ALGID_AES -#define ENCR_ALG CSSM_ALGID_AES -#define ENCR_MODE CSSM_ALGMODE_CBCPadIV8 -#define ENCR_PADDING CSSM_PADDING_PKCS7 -#define MAX_PTEXT_SIZE 1024 - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" k=keySize (default = %d)\n", KEY_SIZE_DEF); - printf(" l=loops (0=forever)\n"); - printf(" p=pauseInterval (default=0, no pause)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" o=fileName (dump key and param blobs to filename)\n"); - printf(" i=filename (obtain param blobs from filename\n"); - printf(" q(uiet)\n"); - printf(" v(erbose))\n"); - exit(1); -} - -/* - * Translate blob format to strings. - */ -typedef struct { - CSSM_KEYBLOB_FORMAT form; - const char *str; -} BlobDesc; - -static const BlobDesc BlobDescs[] = { - { CSSM_KEYBLOB_RAW_FORMAT_NONE, "NONE" }, - { CSSM_KEYBLOB_RAW_FORMAT_PKCS3, "PKCS3" }, - { CSSM_KEYBLOB_RAW_FORMAT_PKCS8, "PKCS8" }, - { CSSM_KEYBLOB_RAW_FORMAT_X509, "X509" }, -}; -#define NUM_BLOB_DESCS (sizeof(BlobDescs) / sizeof(BlobDesc)) - -static const char *blobFormStr( - CSSM_KEYBLOB_FORMAT form) -{ - for(unsigned i=0; iform == form) { - return bdp->str; - } - } - return "***UNKNOWN BLOB FORM"""; -} - -/* - * Generate a Diffie-Hellman key pair. Optionally allows specification of - * algorithm parameters, and optionally returns algorithm parameters if - * we generate them. - */ -static int dhKeyGen( - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR pubKey, - CSSM_BOOL pubIsRef, - CSSM_KEYBLOB_FORMAT pubForm, // NONE, PKCS3, X509 - CSSM_KEYBLOB_FORMAT expectPubForm, // PKCS3, X509 - CSSM_KEY_PTR privKey, - CSSM_BOOL privIsRef, - CSSM_KEYBLOB_FORMAT privForm, // NONE, PKCS3, PKCS8 - CSSM_KEYBLOB_FORMAT expectPrivForm, // PKCS3, PKCS8 - const CSSM_DATA *inParams, // optional - CSSM_DATA_PTR outParams, // optional, we malloc - uint32 keySizeInBits, - CSSM_BOOL quiet) -{ - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand; - CSSM_DATA labelData = { strlen(USAGE_DEF), (uint8 *)USAGE_DEF }; - - if(inParams && outParams) { - printf("***dhKeyGen: inParams and outParams are mutually " - "exclusive.\n"); - return -1; - } - memset(pubKey, 0, sizeof(CSSM_KEY)); - memset(privKey, 0, sizeof(CSSM_KEY)); - - crtn = CSSM_CSP_CreateKeyGenContext(cspHand, - CSSM_ALGID_DH, - keySizeInBits, - NULL, // Seed - NULL, // Salt - NULL, // StartDate - NULL, // EndDate - inParams, // Params, may be NULL - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateKeyGenContext", crtn); - return testError(quiet); - } - - if((inParams == NULL) && (outParams != NULL)) { - /* explicitly generate params and return them to caller */ - outParams->Data = NULL; - outParams->Length = 0; - crtn = CSSM_GenerateAlgorithmParams(ccHand, - keySizeInBits, outParams); - if(crtn) { - printError("CSSM_GenerateAlgorithmParams", crtn); - return testError(quiet); - } - } - - if((privForm != CSSM_KEYBLOB_RAW_FORMAT_NONE) && !privIsRef) { - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT, - sizeof(uint32), - CAT_Uint32, - NULL, - privForm); - if(crtn) { - printError("AddContextAttribute(CSSM_ATTRIBUTE_PRIVATE_KEY_" - "FORMAT)", crtn); - return crtn; - } - } - if((pubForm != CSSM_KEYBLOB_RAW_FORMAT_NONE) && !pubIsRef) { - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT, - sizeof(uint32), - CAT_Uint32, - NULL, - pubForm); - if(crtn) { - printError("AddContextAttribute(CSSM_ATTRIBUTE_PUBLIC_KEY_" - "FORMAT)", crtn); - return crtn; - } - } - - uint32 privAttr; - uint32 pubAttr = CSSM_KEYATTR_EXTRACTABLE; - if(pubIsRef) { - pubAttr |= CSSM_KEYATTR_RETURN_REF; - } - else { - pubAttr |= CSSM_KEYATTR_RETURN_DATA; - } - if(privIsRef) { - privAttr = CSSM_KEYATTR_RETURN_REF; - } - else { - privAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE; - } - crtn = CSSM_GenerateKeyPair(ccHand, - /* - * Public key specification. We specify raw key format - * here since we have to have access to the raw public key - * bits in order to perform D-H key exchange. - */ - CSSM_KEYUSE_DERIVE, // only legal use of a Diffie-Hellman key - pubAttr, - &labelData, - pubKey, - /* private key specification */ - CSSM_KEYUSE_DERIVE, - privAttr, - &labelData, // same labels - NULL, // CredAndAclEntry - privKey); - if(crtn) { - printError("CSSM_GenerateKeyPair", crtn); - return testError(quiet); - } - if(!privIsRef && (privKey->KeyHeader.Format != expectPrivForm)) { - printf("***Expected priv format %s got %s\n", - blobFormStr(expectPrivForm), - blobFormStr(privKey->KeyHeader.Format)); - return testError(quiet); - } - if(!pubIsRef && (pubKey->KeyHeader.Format != expectPubForm)) { - printf("***Expected pub format %s got %s\n", - blobFormStr(expectPubForm), - blobFormStr(pubKey->KeyHeader.Format)); - return testError(quiet); - } - CSSM_DeleteContext(ccHand); - return crtn; -} - -/* - * Perform Diffie-Hellman key exchange. - * Given "our" private key (in the form of a CSSM_KEY) and "their" public - * key (in the form of a raw blob of bytes), cook up a symmetric key. - */ -static int dhKeyExchange( - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR myPrivKey, - CSSM_KEY_PTR theirPubKey, - CSSM_KEY_PTR derivedKey, // RETURNED - uint32 deriveKeySizeInBits, - CSSM_ALGORITHMS derivedKeyAlg, - uint32 derivedKeyUsage, - uint32 derivedKeyAttr, - CSSM_BOOL quiet) -{ - CSSM_RETURN crtn; - CSSM_ACCESS_CREDENTIALS creds; - CSSM_CC_HANDLE ccHand; - CSSM_DATA labelData = - { strlen(USAGE_DEF), (uint8 *)USAGE_DEF }; - - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - memset(derivedKey, 0, sizeof(CSSM_KEY)); - - crtn = CSSM_CSP_CreateDeriveKeyContext(cspHand, - CSSM_ALGID_DH, - derivedKeyAlg, - deriveKeySizeInBits, - &creds, - myPrivKey, // BaseKey - 0, // IterationCount - 0, // Salt - 0, // Seed - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateDeriveKeyContext", crtn); - return testError(quiet); - } - - /* - * Public key passed in as CSSM_DATA *Param - only if - * the pub key is in raw PKCS3 form - */ - CSSM_DATA nullParam = {0, NULL}; - CSSM_DATA_PTR paramPtr; - CSSM_KEYHEADER &hdr = theirPubKey->KeyHeader; - if((hdr.BlobType == CSSM_KEYBLOB_RAW) && - (hdr.Format == CSSM_KEYBLOB_RAW_FORMAT_PKCS3)) { - /* simple case */ - paramPtr = &theirPubKey->KeyData; - } - else { - /* add this pub key as a context attr */ - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_PUBLIC_KEY, - sizeof(CSSM_KEY), - CAT_Ptr, - (void *)theirPubKey, - 0); - if(crtn) { - printError("AddContextAttribute(CSSM_ATTRIBUTE_PUBLIC_KEY)", - crtn); - return crtn; - } - paramPtr = &nullParam; - } - - crtn = CSSM_DeriveKey(ccHand, - paramPtr, - derivedKeyUsage, - derivedKeyAttr, - &labelData, - NULL, // cread/acl - derivedKey); - if(crtn) { - printError("CSSM_DeriveKey", crtn); - } - CSSM_DeleteContext(ccHand); - return crtn; -} - -static CSSM_DATA someIv = {16, (uint8 *)"Some enchanted init vector" }; - -/* - * Encrypt ptext with myDeriveKey ==> ctext - * decrypt ctext with theirDeriveKey ==> rptext - * ensure ptext == rptext - */ -static int doEncryptTest( - CSSM_CSP_HANDLE cspHand, - const CSSM_DATA *ptext, - CSSM_KEY_PTR myDeriveKey, - CSSM_KEY_PTR theirDeriveKey, - CSSM_ALGORITHMS encrAlg, - uint32 encrMode, - CSSM_PADDING encrPadding, - CSSM_BOOL quiet) -{ - CSSM_DATA ctext = {0, NULL}; - CSSM_DATA rptext = {0, NULL}; - CSSM_RETURN crtn; - - crtn = cspEncrypt(cspHand, - encrAlg, - encrMode, - encrPadding, - myDeriveKey, - NULL, // 2nd key - 0, // effective key size - 0, // rounds - &someIv, - ptext, - &ctext, - CSSM_FALSE); // mallocCtext - if(crtn) { - return testError(quiet); - } - crtn = cspDecrypt(cspHand, - encrAlg, - encrMode, - encrPadding, - theirDeriveKey, - NULL, // 2nd key - 0, // effective key size - 0, // rounds - &someIv, - &ctext, - &rptext, - CSSM_FALSE); // mallocCtext - if(crtn) { - return testError(quiet); - } - if(!appCompareCssmData(ptext, &rptext)) { - printf("***DATA MISCOMPARE***\n"); - return testError(quiet); - } - appFree(ctext.Data, NULL); - appFree(rptext.Data, NULL); - return 0; -} - -int doTest( - CSSM_CSP_HANDLE cspHand, - const CSSM_DATA *ptext, - CSSM_BOOL pubIsRef, - CSSM_KEYBLOB_FORMAT pubForm, // NONE, PKCS3, X509 - CSSM_KEYBLOB_FORMAT expectPubForm, // PKCS3, X509 - CSSM_BOOL privIsRef, - CSSM_KEYBLOB_FORMAT privForm, // NONE, PKCS3, PKCS8 - CSSM_KEYBLOB_FORMAT expectPrivForm, // PKCS3, PKCS8 - CSSM_BOOL sym1IsRef, - CSSM_BOOL sym2IsRef, - const CSSM_DATA *inParams, // optional - CSSM_DATA_PTR outParams, // optional - uint32 keySizeInBits, - CSSM_BOOL quiet) -{ - CSSM_KEY myPriv; - CSSM_KEY myPub; - CSSM_KEY theirPriv; - CSSM_KEY theirPub; - int rtn = 0; - - /* generate two key pairs */ - if(dhKeyGen(cspHand, - &myPub, - pubIsRef, - pubForm, - expectPubForm, - &myPriv, - privIsRef, - privForm, - expectPrivForm, - inParams, - outParams, - keySizeInBits, - quiet)) { - return 1; - } - - /* note this MUST match the params either specified or generated - * in previous call */ - if((inParams == NULL) && (outParams == NULL)) { - printf("***BRRZAP! Must provide a way to match D-H parameters!\n"); - exit(1); - } - const CSSM_DATA *theParams = inParams; - if(theParams == NULL) { - theParams = outParams; - } - if(dhKeyGen(cspHand, - &theirPub, - pubIsRef, - /* let's always use default for this pair */ - CSSM_KEYBLOB_RAW_FORMAT_NONE, - CSSM_KEYBLOB_RAW_FORMAT_PKCS3, // we know this is the default - &theirPriv, - privIsRef, - /* let's always use default for this pair */ - CSSM_KEYBLOB_RAW_FORMAT_NONE, - CSSM_KEYBLOB_RAW_FORMAT_PKCS3, // we know this is the default - theParams, - NULL, // outParams - keySizeInBits, - quiet)) { - return 1; - } - - /* derive two keys, ensure they match */ - CSSM_KEY myDerive; - CSSM_KEY theirDerive; - uint32 myDeriveAttr; - uint32 theirDeriveAttr; - if(sym1IsRef) { - myDeriveAttr = CSSM_KEYATTR_RETURN_REF; - } - else { - myDeriveAttr = - CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE; - } - if(sym2IsRef) { - theirDeriveAttr = CSSM_KEYATTR_RETURN_REF; - } - else { - theirDeriveAttr = - CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE; - } - if(dhKeyExchange(cspHand, - &myPriv, - &theirPub, - &myDerive, - DERIVE_KEY_SIZE, - DERIVE_KEY_ALG, - CSSM_KEYUSE_ENCRYPT, - myDeriveAttr, - quiet)) { - return testError(quiet); - } - if(dhKeyExchange(cspHand, - &theirPriv, - &myPub, - &theirDerive, - DERIVE_KEY_SIZE, - DERIVE_KEY_ALG, - CSSM_KEYUSE_DECRYPT, - theirDeriveAttr, - quiet)) { - return testError(quiet); - } - - if(doEncryptTest(cspHand, - ptext, - &myDerive, - &theirDerive, - ENCR_ALG, - ENCR_MODE, - ENCR_PADDING, - quiet)) { - return 1; - } - - cspFreeKey(cspHand, &myPub); - cspFreeKey(cspHand, &myPriv); - cspFreeKey(cspHand, &theirPub); - cspFreeKey(cspHand, &theirPriv); - cspFreeKey(cspHand, &myDerive); - cspFreeKey(cspHand, &theirDerive); - return rtn; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - CSSM_CSP_HANDLE cspHand; - unsigned loop; - int i; - CSSM_DATA inParams = {0, NULL}; - CSSM_DATA outParams = {0, NULL}; - CSSM_DATA_PTR inParamPtr = NULL; - CSSM_DATA_PTR outParamPtr = NULL; - CSSM_DATA ptext; - CSSM_BOOL pubIsRef; - CSSM_BOOL privIsRef; - CSSM_BOOL sym1IsRef; - CSSM_BOOL sym2IsRef; - CSSM_KEYBLOB_FORMAT pubForm; // NONE, PKCS3, X509 - CSSM_KEYBLOB_FORMAT expectPubForm; // PKCS3, X509 - CSSM_KEYBLOB_FORMAT privForm; // NONE, PKCS3, PKCS8 - CSSM_KEYBLOB_FORMAT expectPrivForm; // PKCS3, PKCS8 - - /* user-spec'd parameters */ - unsigned keySize = KEY_SIZE_DEF; - unsigned pauseInterval = 0; - unsigned loops = LOOPS_DEF; - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL bareCsp = CSSM_TRUE; - char *inFileName = NULL; - char *outFileName = NULL; - - for(arg=1; argEEmsmSY~68UIS qAu0iZ4uD@iG^#3=3Wc#i7UvKss$%81A>WzP@|N?o!ZTd60s#Udt|AHm diff --git a/SecurityTests/cspxutils/dhTest/Makefile b/SecurityTests/cspxutils/dhTest/Makefile deleted file mode 100644 index 1c885a6f..00000000 --- a/SecurityTests/cspxutils/dhTest/Makefile +++ /dev/null @@ -1,61 +0,0 @@ -# name of executable to build -EXECUTABLE=dhTest -# C++ source (with .cpp extension) -CPSOURCE= dhTest.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -#PROJ_LDFLAGS= -lMallocDebug -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PARAM_FILE_NAME= dhParams_512.der -PARAM_FILE= $(LOCAL_BUILD)/$(PARAM_FILE_NAME) -PROJ_DEPENDS= $(PARAM_FILE) - -include ../Makefile.cdsa - -$(PARAM_FILE): $(PARAM_FILE_NAME) - cp -p $(PARAM_FILE_NAME) $(LOCAL_BUILD) - diff --git a/SecurityTests/cspxutils/dhTest/README b/SecurityTests/cspxutils/dhTest/README deleted file mode 100644 index 54f8b996..00000000 --- a/SecurityTests/cspxutils/dhTest/README +++ /dev/null @@ -1,63 +0,0 @@ - Diffie-Hellman Sample Code Info - last update 4/24/02 dmitch - -Introduction ------------- -This directory contains a program which demonstrates how to -write code performing Diffie-HEllman key generation and key exchange -using the CDSA API. One command-line executable program, called dhTest, -currently resides here. - -Building --------- - -See the README in the parent directory (CDSA_Examples) for -information on building this program. - -Running rsatool ---------------- - -DhTest is a UNIX command-line program which performs a the following -sequence a specified number of times: - - 1. generate a D-H key pair, optionally using D-H parameters - stored in a file. Call this key pair "myPublic" and - "myPrivate". - 2. Optionally store the D-H parameters generated in step 1 - in a file. - 3. Generate another D-H key pair using the same D-H parameters - as used (or generated) in step 1. Call this key pair - "theirPublic" and "theirPrivate". - 4. Perform a D-H key exchange operations using myPrivate and - theirPublic, resulting in symmetric key myDerive. - 5. Perform a D-H key exchange operations using myPublic and - theirPrivate, resulting in symmetric key theirDerive. - 6. Ensure that the key bits in myDerive and theirDerive - are identical. - -Run the program with the single 'h' command line argument for -usage information. - -Two functions are of particular interest for the purposes of -illustrating Diffie-Hellman operation. One, dhKeyGen(), performs -D-H key pair generation, using optional existing D-H parameters -and optionally returning D-H parameters if they were generated -by this function (i.e., if they were not supplied to the function -as input). D-H parameters are expressed at the CDSA API as an -opaque blob in the form of a CSSM_DATA. The generation of D-H -parameters is very time consuming - it takes about 90 seconds -to calculate the parameters for 1024 bit D-H keys on an 800 MHz G4. -Therefore any application which will be performing a number of key -pair generations should establish a common set of D-H parameters -to be shared between the two parties. Public disclosure of the -D-H parameters does not compromise the security of D-H key exchange -at all. - -The second function of interest is dhKeyExchange(), which takes as -its input one private key (e.g., "myPrivate") and one public key -blob in the form of a CSSM_DATA. That public key blob is obtained -from the peer when performing D-H key exchange. The result of -this function is a CSSM_KEY, derivedKey. This derived key is -typically used to perform symmetric encryption. See the cryptTool -example in this same package for illustration of symmetric -encryption. diff --git a/SecurityTests/cspxutils/dhTest/dhParams_512.der b/SecurityTests/cspxutils/dhTest/dhParams_512.der deleted file mode 100644 index 371b79371500605f13e6c1349250ba92c2a8a061..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 84 zcmV-a0IUBnQU(YrhDe6@4FLl%MglEEmsmSY~68UIS qAu0iZ4uD@iG^#3=3Wc#i7UvKss$%81A>WzP@|N?o!ZTd60s#Udt|AHm diff --git a/SecurityTests/cspxutils/dhTest/dhTest.cpp b/SecurityTests/cspxutils/dhTest/dhTest.cpp deleted file mode 100644 index 3017eebf..00000000 --- a/SecurityTests/cspxutils/dhTest/dhTest.cpp +++ /dev/null @@ -1,468 +0,0 @@ -/* - * dhTest - simple Diffie-Hellman exerciser. - */ -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include -#include - -#define USAGE_DEF "noUsage" -#define LOOPS_DEF 10 -#define KEY_SIZE_DEF 512 -#define DERIVE_KEY_SIZE 128 -#define DERIVE_KEY_ALG CSSM_ALGID_AES - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" k=keySize (default = %d)\n", KEY_SIZE_DEF); - printf(" l=loops (0=forever)\n"); - printf(" p=pauseInterval (default=0, no pause)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" o=fileName (dump key and param blobs to filename)\n"); - printf(" i=filename (obtain param blobs from filename)\n"); - printf(" 8 (private key in PKCS8 format, default is PKCS3)\n"); - printf(" x (public key in X509 format, default is PKCS3)\n"); - printf(" f (public key is ref form; default is raw)\n"); - printf(" q(uiet)\n"); - printf(" v(erbose))\n"); - exit(1); -} - -/* - * Generate a Diffie-Hellman key pair. Optionally allows specification of - * algorithm parameters, and optionally returns algorithm parameters if - * we generate them. - */ -static int dhKeyGen( - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR pubKey, - CSSM_KEY_PTR privKey, - const CSSM_DATA *inParams, // optional - CSSM_DATA_PTR outParams, // optional, we malloc - uint32 keySizeInBits, - CSSM_KEYBLOB_FORMAT privForm, - CSSM_KEYBLOB_FORMAT pubForm, - CSSM_BOOL pubIsRef, - CSSM_BOOL quiet) -{ - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand; - CSSM_DATA labelData = { strlen(USAGE_DEF), (uint8 *)USAGE_DEF }; - - if(inParams && outParams) { - printf("***dhKeyGen: inParams and outParams are mutually " - "exclusive.\n"); - return -1; - } - memset(pubKey, 0, sizeof(CSSM_KEY)); - memset(privKey, 0, sizeof(CSSM_KEY)); - - crtn = CSSM_CSP_CreateKeyGenContext(cspHand, - CSSM_ALGID_DH, - keySizeInBits, - NULL, // Seed - NULL, // Salt - NULL, // StartDate - NULL, // EndDate - inParams, // Params, may be NULL - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateKeyGenContext", crtn); - return testError(quiet); - } - - if((inParams == NULL) && (outParams != NULL)) { - /* explicitly generate params and return them to caller */ - outParams->Data = NULL; - outParams->Length = 0; - crtn = CSSM_GenerateAlgorithmParams(ccHand, - keySizeInBits, outParams); - if(crtn) { - printError("CSSM_GenerateAlgorithmParams", crtn); - return testError(quiet); - } - } - - uint32 privAttr = CSSM_KEYATTR_RETURN_REF; - uint32 pubAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE; - if(privForm != CSSM_KEYBLOB_RAW_FORMAT_NONE) { - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT, - sizeof(uint32), - CAT_Uint32, - NULL, - privForm); - if(crtn) { - printError("AddContextAttribute(CSSM_ATTRIBUTE_PRIVATE_KEY" - "_FORMAT)", crtn); - return crtn; - } - privAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE; - } - if(pubIsRef) { - pubAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE; - } - else if(pubForm != CSSM_KEYBLOB_RAW_FORMAT_NONE) { - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT, - sizeof(uint32), - CAT_Uint32, - NULL, - pubForm); - if(crtn) { - printError("AddContextAttribute(CSSM_ATTRIBUTE_PUBLIC_KEY" - "_FORMAT)", crtn); - return crtn; - } - } - crtn = CSSM_GenerateKeyPair(ccHand, - CSSM_KEYUSE_DERIVE, // only legal use of a Diffie-Hellman key - pubAttr, - &labelData, - pubKey, - /* private key specification */ - CSSM_KEYUSE_DERIVE, - privAttr, - &labelData, // same labels - NULL, // CredAndAclEntry - privKey); - if(crtn) { - printError("CSSM_GenerateKeyPair", crtn); - return testError(quiet); - } - - CSSM_DeleteContext(ccHand); - return crtn; -} - -/* - * Perform Diffie-Hellman key exchange. - * Given "our" private key (in the form of a CSSM_KEY) and "their" public - * key (in the form of a raw blob of bytes), cook up a symmetric key. - */ -static int dhKeyExchange( - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR myPrivKey, - CSSM_KEY_PTR theirPubKey, - CSSM_KEY_PTR derivedKey, // RETURNED - uint32 deriveKeySizeInBits, - CSSM_ALGORITHMS derivedKeyAlg, - uint32 derivedKeyUsage, - uint32 derivedKeyAttr, - CSSM_BOOL quiet) -{ - CSSM_RETURN crtn; - CSSM_ACCESS_CREDENTIALS creds; - CSSM_CC_HANDLE ccHand; - CSSM_DATA labelData = { strlen(USAGE_DEF), (uint8 *)USAGE_DEF }; - - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - memset(derivedKey, 0, sizeof(CSSM_KEY)); - - crtn = CSSM_CSP_CreateDeriveKeyContext(cspHand, - CSSM_ALGID_DH, - derivedKeyAlg, - deriveKeySizeInBits, - &creds, - myPrivKey, // BaseKey - 0, // IterationCount - 0, // Salt - 0, // Seed - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateDeriveKeyContext", crtn); - return testError(quiet); - } - - /* - * Public key passed in as CSSM_DATA *Param - only if - * the pub key is in raw PKCS3 form - */ - CSSM_DATA nullParam = {0, NULL}; - CSSM_DATA_PTR paramPtr; - CSSM_KEYHEADER &hdr = theirPubKey->KeyHeader; - if((hdr.BlobType == CSSM_KEYBLOB_RAW) && - (hdr.Format == CSSM_KEYBLOB_RAW_FORMAT_PKCS3)) { - /* simple case */ - paramPtr = &theirPubKey->KeyData; - } - else { - /* add this pub key as a context attr */ - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_PUBLIC_KEY, - sizeof(CSSM_KEY), - CAT_Ptr, - (void *)theirPubKey, - 0); - if(crtn) { - printError("AddContextAttribute(CSSM_ATTRIBUTE_PUBLIC_KEY)", - crtn); - return crtn; - } - paramPtr = &nullParam; - } - crtn = CSSM_DeriveKey(ccHand, - paramPtr, - derivedKeyUsage, - derivedKeyAttr, - &labelData, - NULL, // cread/acl - derivedKey); - if(crtn) { - printError("CSSM_DeriveKey", crtn); - } - CSSM_DeleteContext(ccHand); - return crtn; -} - -int doTest( - CSSM_CSP_HANDLE cspHand, - const CSSM_DATA *inParams, // optional - CSSM_DATA_PTR outParams, // optional - uint32 keySizeInBits, - CSSM_KEYBLOB_FORMAT privForm, - CSSM_KEYBLOB_FORMAT pubForm, - CSSM_BOOL pubIsRef, - CSSM_BOOL quiet) -{ - CSSM_KEY myPriv; - CSSM_KEY myPub; - CSSM_KEY theirPriv; - CSSM_KEY theirPub; - int rtn = 0; - - /* generate two key pairs */ - if(dhKeyGen(cspHand, - &myPub, - &myPriv, - inParams, - outParams, - keySizeInBits, - privForm, - pubForm, - pubIsRef, - quiet)) { - return 1; - } - - /* note this MUST match the params either specified or generated in previous - * call */ - if((inParams == NULL) && (outParams == NULL)) { - printf("***BRRZAP! Must provide a way to match D-H parameters!\n"); - exit(1); - } - const CSSM_DATA *theParams = inParams; - if(theParams == NULL) { - theParams = outParams; - } - if(dhKeyGen(cspHand, - &theirPub, - &theirPriv, - theParams, - NULL, // outParams - keySizeInBits, - privForm, - pubForm, - pubIsRef, - quiet)) { - return 1; - } - - /* derive two keys, ensure they match */ - CSSM_KEY myDerive; - CSSM_KEY theirDerive; - if(dhKeyExchange(cspHand, - &myPriv, - &theirPub, - &myDerive, - DERIVE_KEY_SIZE, - DERIVE_KEY_ALG, - CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, - CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE, - quiet)) { - return testError(quiet); - } - if(dhKeyExchange(cspHand, - &theirPriv, - &myPub, - &theirDerive, - DERIVE_KEY_SIZE, - DERIVE_KEY_ALG, - CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, - CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE, - quiet)) { - return testError(quiet); - } - - if(!appCompareCssmData(&myDerive.KeyData, &theirDerive.KeyData)) { - printf("***Key Exchange data miscompare***\n"); - rtn = testError(quiet); - } - cspFreeKey(cspHand, &myPub); - cspFreeKey(cspHand, &myPriv); - cspFreeKey(cspHand, &theirPub); - cspFreeKey(cspHand, &theirPriv); - cspFreeKey(cspHand, &myDerive); - cspFreeKey(cspHand, &theirDerive); - return rtn; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - CSSM_CSP_HANDLE cspHand; - unsigned loop; - int i; - CSSM_DATA inParams = {0, NULL}; - CSSM_DATA outParams = {0, NULL}; - CSSM_DATA_PTR inParamPtr = NULL; - CSSM_DATA_PTR outParamPtr = NULL; - - /* user-spec'd parameters */ - unsigned keySize = KEY_SIZE_DEF; - unsigned pauseInterval = 0; - unsigned loops = LOOPS_DEF; - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL bareCsp = CSSM_TRUE; - char *inFileName = NULL; - char *outFileName = NULL; - /* default: "use default blob form", i.e., PKCS3 */ - CSSM_KEYBLOB_FORMAT privForm = CSSM_KEYBLOB_RAW_FORMAT_NONE; - CSSM_KEYBLOB_FORMAT pubForm = CSSM_KEYBLOB_RAW_FORMAT_NONE; - CSSM_BOOL pubIsRef = CSSM_FALSE; - - for(arg=1; args zTk_pg?`{jD)3y)IZjotNvX91rg6Ud!rw<8MY&0zm+Z zf94C;9Pq^S7GN1poM&qy&;B;DwUrC)*+Ur;(GZL}w`a`LX#xpu&h9 O?j%}%aai~eLZnw?l~APs diff --git a/SecurityTests/cspxutils/dsaPartial/dsaParam512_2.der b/SecurityTests/cspxutils/dsaPartial/dsaParam512_2.der deleted file mode 100644 index 4a9ede96618b7d43a1fd666cd3a94eb57928497d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 160 zcmV;R0AK$wft>7Y%$hE(c`jC-KiDxnhg8~%*sG0T$yA3OouL&XrJtyMt;<&C?0zm+X zg}2;Z34ad`YwH0LVM}$A(`4su;_RuPE&pg3!V|mgp4KwvJ*>ejHwAeioClZ=Vd{Or O7QMNvsJ<=-e6aas8A$yA diff --git a/SecurityTests/cspxutils/dsaPartial/dsaPartial.cpp b/SecurityTests/cspxutils/dsaPartial/dsaPartial.cpp deleted file mode 100644 index 1434162d..00000000 --- a/SecurityTests/cspxutils/dsaPartial/dsaPartial.cpp +++ /dev/null @@ -1,724 +0,0 @@ -/* - * dsaPartial.cpp - test for partial DSA public handling - */ -#include -#include -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include -#include "nssAppUtils.h" - -/* - * generate key pairs with one set of parameters, dsa1Priv and dsa1Pub; - * genenate another pair with a different set of params, dsa2Priv and - * dsa2Pub; - * manually cook up dsa1PubPartial from dsa1Pub; - * manually cook up dsa2PubPartial from dsa2Pub; - * - * with all legal and/or specified combos of {ref,raw} keys { - * sign with dsa1Priv; - * vfy with dsa1Pub; - * vfy with dsa1PubPartial: CSSMERR_CSP_APPLE_DSA_PUBLIC_KEY_INCOMPLETE - * vfy with dsa1PubPartial and dsa1Pub (attrs) - * vfy with dsa2PubPartial and dsa1Pub (attrs) --> vfy fail - * vfy with dsa1PubPartial and dsa2Pub (attrs) --> vfy fail - * merge dsa1PubPartial + dsa1Pub --> merged; - * vfy with merged, should be good - * merge dsa1PubPartial + dsa2Pub -->merged; - * vfy with merged; vfy fail; - * } - */ - -/* - * Static parameter files. - * - * Regenerate these every once in a while with rsatool: - * - * # rsatool g a=d k=/tmp/foo M=dsaParam512_1.der - */ -#define PARAMS_512_1 "dsaParam512_1.der" -#define PARAMS_512_2 "dsaParam512_2.der" - -#define MAX_PTEXT_SIZE 512 -#define KEY_ALG CSSM_ALGID_DSA -#define SIG_ALG CSSM_ALGID_SHA1WithDSA -#define LOOPS_DEF 32 -#define KEY_SIZE_DEF 512 - -static void usage(char **argv) -{ - printf("Usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" l=loops\n"); - printf(" p(ause on loop)\n"); - printf(" q(uiet)\n"); - printf(" v(erbose)\n"); - printf(" D (CSPDL)\n"); - printf(" r (all keys are raw)\n"); - printf(" f (all keys are ref)\n"); - exit(1); -} - -/* - * Generate DSA key pair with required alg parameters. - */ -static CSSM_RETURN genDsaKeyPair( - CSSM_CSP_HANDLE cspHand, - uint32 keySize, // in bits - CSSM_KEY_PTR pubKey, // mallocd by caller - CSSM_BOOL pubIsRef, // true - reference key, false - data - CSSM_KEY_PTR privKey, // mallocd by caller - CSSM_BOOL privIsRef, // true - reference key, false - data - const CSSM_DATA *params) -{ - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand; - CSSM_DATA keyLabelData; - uint32 pubAttr; - uint32 privAttr; - - if(params == NULL) { - return CSSMERR_CSSM_INVALID_POINTER; - } - - keyLabelData.Data = (uint8 *)"foobar", - keyLabelData.Length = 6; - memset(pubKey, 0, sizeof(CSSM_KEY)); - memset(privKey, 0, sizeof(CSSM_KEY)); - - crtn = CSSM_CSP_CreateKeyGenContext(cspHand, - CSSM_ALGID_DSA, - keySize, - NULL, // Seed - NULL, // Salt - NULL, // StartDate - NULL, // EndDate - params, - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateKeyGenContext", crtn); - return crtn; - } - - /* cook up attribute bits */ - if(pubIsRef) { - pubAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE; - } - else { - pubAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE; - } - if(privIsRef) { - privAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE; - } - else { - privAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE; - } - - crtn = CSSM_GenerateKeyPair(ccHand, - CSSM_KEYUSE_VERIFY, - pubAttr, - &keyLabelData, - pubKey, - CSSM_KEYUSE_SIGN, - privAttr, - &keyLabelData, // same labels - NULL, // CredAndAclEntry - privKey); - if(crtn) { - printError("CSSM_GenerateKeyPair", crtn); - } - CSSM_DeleteContext(ccHand); - return crtn; -} - - -/* - * Create new public key by merging specified partial key and - * parameter-bearing key. All keys can be in any format (though - * it's the caller's responsibility to avoid using a ref paramKey - * with the CSPDL). - */ -static CSSM_RETURN dsaMergeParams( - CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *partialKey, - const CSSM_KEY *paramKey, - CSSM_KEY &fullKey, // RETURNED - bool fullIsRef) // ref/raw -{ - /* - * First step is a null wrap or unwrap depending on - * format of partialKey. - */ - CSSM_CC_HANDLE ccHand; - CSSM_RETURN crtn; - CSSM_ACCESS_CREDENTIALS creds; - CSSM_DATA label = {10, (uint8 *)"dummyLabel"}; - CSSM_DATA descrData = {0, NULL}; - const CSSM_KEYHEADER &hdr = partialKey->KeyHeader; - - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - crtn = CSSM_CSP_CreateSymmetricContext(cspHand, - CSSM_ALGID_NONE, - CSSM_ALGMODE_NONE, - &creds, - NULL, // wrapping key - NULL, // initVector - CSSM_PADDING_NONE, - 0, // Params - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateSymmetricContext", crtn); - return crtn; - } - - /* add in paramKey */ - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_PARAM_KEY, - sizeof(CSSM_KEY), - CAT_Ptr, - paramKey, - 0); - if(crtn) { - printError("AddContextAttribute", crtn); - return crtn; - } - - /* go */ - CSSM_KEY targetKey; - memset(&targetKey, 0, sizeof(targetKey)); - if(hdr.BlobType == CSSM_KEYBLOB_RAW) { - /* raw --> ref : null unwrap */ - crtn = CSSM_UnwrapKey(ccHand, - NULL, // PublicKey - partialKey, - hdr.KeyUsage, // same as original - CSSM_KEYATTR_EXTRACTABLE |CSSM_KEYATTR_RETURN_REF, - &label, - NULL, // CredAndAclEntry - &targetKey, - &descrData); // required - if(crtn) { - printError("dsaMergeParams CSSM_UnwrapKey (1)", crtn); - return crtn; - } - } - else { - /* ref --> raw : null wrap */ - crtn = CSSM_WrapKey(ccHand, - &creds, - partialKey, - NULL, // DescriptiveData - &targetKey); - if(crtn) { - printError("dsaMergeParams CSSM_WrapKey (1)", crtn); - return crtn; - } - } - - if(targetKey.KeyHeader.KeyAttr & CSSM_KEYATTR_PARTIAL) { - printf("***merged key still has CSSM_KEYATTR_PARTIAL\n"); - return CSSMERR_CSSM_INTERNAL_ERROR; - } - - CSSM_KEYBLOB_TYPE targetBlob; - if(fullIsRef) { - targetBlob = CSSM_KEYBLOB_REFERENCE; - } - else { - targetBlob = CSSM_KEYBLOB_RAW; - } - - if(targetKey.KeyHeader.BlobType == targetBlob) { - /* we're done */ - fullKey = targetKey; - CSSM_DeleteContext(ccHand); - return CSSM_OK; - } - - /* - * We're going to reuse the context, but since the parameter merge - * has already been done, remove the CSSM_ATTRIBUTE_PARAM_KEY - * attribute. - */ - CSSM_CONTEXT_ATTRIBUTE attr; - memset(&attr, 0, sizeof(attr)); - attr.AttributeType = CSSM_ATTRIBUTE_PARAM_KEY; - crtn = CSSM_DeleteContextAttributes(ccHand, 1, &attr); - if(crtn) { - printError("CSSM_DeleteContextAttributes", crtn); - return crtn; - } - - /* one more conversion */ - if(targetBlob == CSSM_KEYBLOB_REFERENCE) { - /* raw --> ref : null unwrap */ - crtn = CSSM_UnwrapKey(ccHand, - NULL, // PublicKey - &targetKey, - hdr.KeyUsage, // same as original - CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_RETURN_REF, - &label, - NULL, // CredAndAclEntry - &fullKey, - &descrData); // required - if(crtn) { - printError("dsaMergeParams CSSM_UnwrapKey (2)", crtn); - return crtn; - } - } - else { - /* ref --> raw : null wrap */ - crtn = CSSM_WrapKey(ccHand, - &creds, - &targetKey, - NULL, // DescriptiveData - &fullKey); - if(crtn) { - printError("dsaMergeParams CSSM_WrapKey (2)", crtn); - return crtn; - } - } - CSSM_FreeKey(cspHand, NULL, &targetKey, CSSM_FALSE); - CSSM_DeleteContext(ccHand); - return CSSM_OK; -} - -/* - * Custom cspSigVerify with optional CSSM_ATTRIBUTE_PARAM_KEY - */ -CSSM_RETURN sigVerify(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_SHA1WithDSA, etc. - CSSM_KEY_PTR key, // public key - CSSM_KEY_PTR paramKey, // optional parameter key - const CSSM_DATA *ptext, - const CSSM_DATA *sig, - CSSM_RETURN expectResult, - const char *op, - CSSM_BOOL verbose) -{ - CSSM_CC_HANDLE sigHand; - CSSM_RETURN ocrtn = CSSM_OK; - CSSM_RETURN crtn; - - if(verbose) { - printf(" ...%s\n", op); - } - crtn = CSSM_CSP_CreateSignatureContext(cspHand, - algorithm, - NULL, // passPhrase - key, - &sigHand); - if(crtn) { - printError("CSSM_CSP_CreateSignatureContext", crtn); - return crtn; - } - if(paramKey) { - crtn = AddContextAttribute(sigHand, - CSSM_ATTRIBUTE_PARAM_KEY, - sizeof(CSSM_KEY), - CAT_Ptr, - paramKey, - 0); - if(crtn) { - printError("AddContextAttribute", crtn); - return crtn; - } - } - crtn = CSSM_VerifyData(sigHand, - ptext, - 1, - CSSM_ALGID_NONE, - sig); - if(crtn != expectResult) { - if(!crtn) { - printf("%s: Unexpected good Sig Verify (expect %s)\n", - op, cssmErrToStr(expectResult)); - ocrtn = CSSMERR_CSSM_INTERNAL_ERROR; - } - else { - printError(op, crtn); - ocrtn = crtn; - } - } - CSSM_DeleteContext(sigHand); - return ocrtn; -} - -static int doTest( - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR privKey_0, - CSSM_KEY_PTR pubKeyBase_0, - CSSM_KEY_PTR pubKeyPartial_0, - CSSM_KEY_PTR pubKeyParam_0, // full, raw format if CSPDL - CSSM_KEY_PTR pubKeyPartial_1, - CSSM_KEY_PTR pubKeyParam_1, // full, raw format if CSPDL - bool mergedIsRef, - CSSM_BOOL quiet, - CSSM_BOOL verbose) -{ - uint8 ptextBuf[MAX_PTEXT_SIZE]; - CSSM_DATA ptext = {0, ptextBuf}; - simpleGenData(&ptext, 1, MAX_PTEXT_SIZE); - CSSM_DATA sig = {0, NULL}; - CSSM_RETURN crtn; - - /* the single sign op for this routine */ - crtn = cspSign(cspHand, SIG_ALG, privKey_0, &ptext, &sig); - if(crtn) { - return testError(quiet); - } - - /* normal verify with full key */ - crtn = sigVerify(cspHand, SIG_ALG, pubKeyBase_0, NULL, - &ptext, &sig, CSSM_OK, "vfy with full key", verbose); - if(crtn) { - return testError(quiet); - } - - /* good verify with partial key plus params */ - crtn = sigVerify(cspHand, SIG_ALG, pubKeyPartial_0, pubKeyParam_0, - &ptext, &sig, CSSM_OK, "vfy with partial key and params", - verbose); - if(crtn) { - if(testError(quiet)) { - return 1; - } - } - - /* partial key failure */ - crtn = sigVerify(cspHand, SIG_ALG, pubKeyPartial_0, NULL, - &ptext, &sig, - CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE, - "vfy with partial key no params", verbose); - if(crtn) { - if(testError(quiet)) { - return 1; - } - } - - /* partial key, wrong params */ - crtn = sigVerify(cspHand, SIG_ALG, pubKeyPartial_0, pubKeyParam_1, - &ptext, &sig, - CSSMERR_CSP_VERIFY_FAILED, - "vfy with partial key wrong params", verbose); - if(crtn) { - if(testError(quiet)) { - return 1; - } - } - - /* wrong partial key, good params */ - crtn = sigVerify(cspHand, SIG_ALG, pubKeyPartial_1, pubKeyParam_0, - &ptext, &sig, - CSSMERR_CSP_VERIFY_FAILED, - "vfy with wrong partial key, good params", verbose); - if(crtn) { - if(testError(quiet)) { - return 1; - } - } - - /* - * Test merge via wrap/unwrap. - * First, a good merged key. - */ - CSSM_KEY merged; - crtn = dsaMergeParams(cspHand, - pubKeyPartial_0, - pubKeyParam_0, - merged, - mergedIsRef); - if(crtn) { - return testError(quiet); - } - crtn = sigVerify(cspHand, SIG_ALG, &merged, NULL, - &ptext, &sig, CSSM_OK, "vfy with good merged key", verbose); - if(crtn) { - return testError(quiet); - } - CSSM_FreeKey(cspHand, NULL, &merged, CSSM_FALSE); - - /* now with a badly merged key (with the wrong params) */ - crtn = dsaMergeParams(cspHand, - pubKeyPartial_0, - pubKeyParam_1, - merged, - mergedIsRef); - if(crtn) { - return testError(quiet); - } - crtn = sigVerify(cspHand, SIG_ALG, &merged, NULL, - &ptext, &sig, - CSSMERR_CSP_VERIFY_FAILED, - "vfy with merged key wrong params", verbose); - if(crtn) { - if(testError(quiet)) { - return 1; - } - } - CSSM_FreeKey(cspHand, NULL, &merged, CSSM_FALSE); - - CSSM_FREE(sig.Data); - return CSSM_OK; -} - - -int main(int argc, char **argv) -{ - char *argp; - CSSM_CSP_HANDLE cspHand; - CSSM_RETURN crtn; - - /* user spec'd variables */ - unsigned loops = LOOPS_DEF; - CSSM_BOOL doPause = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_BOOL rawCSP = CSSM_TRUE; - CSSM_BOOL verbose = CSSM_FALSE; - uint32 keySize = KEY_SIZE_DEF; - CSSM_BOOL allRaw = CSSM_FALSE; - CSSM_BOOL allRef = CSSM_FALSE; - - for(int arg=1; arg these were created as ref keys - !allRaw && // allRaw --> don't want ref keys - !allRef) { // allRef --> these were created as ref keys - if(cspRawKeyToRef(cspHand, &dsa1Pub, &dsa1PubRef) || - cspRawKeyToRef(cspHand, &dsa2Pub, &dsa2PubRef)) { - exit(1); - } - } - if(!rawCSP || !allRaw) { - /* these were created in raw form unconditionally */ - if(cspRawKeyToRef(cspHand, &dsa1PubPartial, - &dsa1PubPartialRef) || - cspRawKeyToRef(cspHand, &dsa2PubPartial, - &dsa2PubPartialRef)) { - exit(1); - } - - /* verify that these came back with the partial flag set */ - if(!(dsa1PubPartialRef.KeyHeader.KeyAttr & - CSSM_KEYATTR_PARTIAL)) { - printf("***CSSM_KEYATTR_PARTIAL not set after null unwrap" - " of partial DSA key\n"); - if(testError(quiet)) { - exit(1); - } - } - if(!(dsa2PubPartialRef.KeyHeader.KeyAttr & - CSSM_KEYATTR_PARTIAL)) { - printf("***CSSM_KEYATTR_PARTIAL not set after null unwrap" - " of partial DSA key\n"); - if(testError(quiet)) { - exit(1); - } - } - } - - int rtn = 0; - for(unsigned loop=0; loop -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" - -#define LOOPS_DEF 32 -#define KEY_SIZE_DEF 256 - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" k=keySize (default = %d)\n", KEY_SIZE_DEF); - printf(" X (X9.63 key derivation)\n"); - printf(" l=loops (0=forever)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" q(uiet)\n"); - printf(" v(erbose))\n"); - exit(1); -} - -#define LABEL_DEF "noLabel" -#define MAX_SHARED_INFO_LEN 400 -#define MAX_DERIVED_SIZE 1024 - -static int doECDH( - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR privKey, - /* - * pubKey: - * Ref form - use key as pubKey as is - * X509 form - use as is - * OCTET_STRING form - use key data as Param - */ - CSSM_KEY_PTR pubKey, - CSSM_BOOL bareCsp, // false --> derive ref key and NULL-wrap it - CSSM_BOOL x963KDF, - CSSM_DATA *sharedInfo, - uint32 deriveSizeInBits, - CSSM_BOOL quiet, - CSSM_BOOL verbose, - - /* result RETURNED here */ - CSSM_KEY_PTR derivedKey) - -{ - CSSM_DATA paramData = {0, NULL}; - CSSM_KEY_PTR contextPubKey = NULL; - CSSM_KEYHEADER_PTR hdr = &pubKey->KeyHeader; - - if((hdr->BlobType == CSSM_KEYBLOB_RAW) && - (hdr->Format == CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING)) { - paramData = pubKey->KeyData; - } - else { - contextPubKey = pubKey; - } - - /* create key derivation context */ - CSSM_RETURN crtn; - CSSM_ACCESS_CREDENTIALS creds; - CSSM_CC_HANDLE ccHand; - - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - - CSSM_ALGORITHMS deriveAlg; - if(x963KDF) { - deriveAlg = CSSM_ALGID_ECDH_X963_KDF; - } - else { - deriveAlg = CSSM_ALGID_ECDH; - } - - crtn = CSSM_CSP_CreateDeriveKeyContext(cspHand, - deriveAlg, - CSSM_ALGID_RC4, // doesn't matter, just give us the bits - deriveSizeInBits, - &creds, - privKey, // BaseKey - 0, // IterationCount - sharedInfo, // Salt - 0, // Seed - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateDeriveKeyContext", crtn); - return testError(quiet); - } - - if(contextPubKey != NULL) { - /* add pub key as a context attr */ - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_PUBLIC_KEY, - sizeof(CSSM_KEY), - CAT_Ptr, - (void *)contextPubKey, - 0); - if(crtn) { - printError("AddContextAttribute(CSSM_ATTRIBUTE_PUBLIC_KEY)", - crtn); - return crtn; - } - } - - /* D-H derive key */ - CSSM_DATA labelData = { strlen(LABEL_DEF), (uint8 *)LABEL_DEF }; - CSSM_KEYATTR_FLAGS keyAttr = bareCsp ? - (CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE) : - (CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE); - memset(derivedKey, 0, sizeof(CSSM_KEY)); - crtn = CSSM_DeriveKey(ccHand, - ¶mData, - CSSM_KEYUSE_ANY, - keyAttr, - &labelData, - NULL, // cread/acl - derivedKey); - if(crtn) { - printError("CSSM_DeriveKey", crtn); - } - CSSM_DeleteContext(ccHand); - if(crtn) { - return testError(quiet); - } - - if(!bareCsp) { - /* Got a ref key, give caller raw */ - CSSM_KEY refKey = *derivedKey; - crtn = cspRefKeyToRaw(cspHand, &refKey, derivedKey); - cspFreeKey(cspHand, &refKey); - } - return 0; -} - -/* define public key style */ -typedef enum { - PKT_Ref, /* ref key */ - PKT_Wrap, /* generate ref key, wrap to OCTET_STRING */ - PKT_X509, /* raw key X509 format */ - PKT_Octet /* generate to OCTET_STRING form */ -} PubKeyType; - -#define BoolStr(v) (v ? "true " : "false") - -static const char *KeyStypeStr( - PubKeyType keyType) -{ - switch(keyType) { - case PKT_Ref: return "Ref"; - case PKT_Wrap: return "Ref->Wrap"; - case PKT_X509: return "X509"; - case PKT_Octet: return "X9.62"; - default: return "BRRZAP"; - } -} - -static int doTest( - CSSM_CSP_HANDLE cspHand, - CSSM_BOOL ourKeysRef, /* our keys are reference */ - CSSM_BOOL theirPrivKeyRef, /* their private key is reference */ - PubKeyType theirPubKeyType, - unsigned keySizeBits, - CSSM_BOOL bareCsp, - CSSM_BOOL x963KDF, - CSSM_BOOL useSharedInfo, /* use the optional SharedInfo for x963KDF */ - CSSM_BOOL verbose, - CSSM_BOOL quiet) -{ - - CSSM_RETURN crtn; - CSSM_KEY ourPriv; - CSSM_KEY ourPub; - bool ourKeysGend = false; - bool theirKeysGend = false; - bool wrappedTheirPub = false; - bool wrappedOurPub = false; - bool derivedKey1 = false; - bool derivedKey2 = false; - CSSM_DATA sharedInfo = {0, NULL}; - uint32 deriveSizeInBits; - - if(x963KDF) { - /* arbitrary derived size */ - deriveSizeInBits = genRand(1, MAX_DERIVED_SIZE); - } - else { - deriveSizeInBits = keySizeBits; - } - if(useSharedInfo) { - /* length should be totally arbitrary */ - appSetupCssmData(&sharedInfo, MAX_SHARED_INFO_LEN); - simpleGenData(&sharedInfo, 1, MAX_SHARED_INFO_LEN); - } - - - if(!quiet) { - if(x963KDF) { - printf("...sharedInfoLen %4lu deriveSize %4lu ", - (unsigned long)sharedInfo.Length, (unsigned long)deriveSizeInBits); - } - else { - printf("..."); - } - printf("ourRef %s theirPrivRef %s theirPub %s\n", - BoolStr(ourKeysRef), BoolStr(theirPrivKeyRef), - KeyStypeStr(theirPubKeyType)); - } - - crtn = cspGenKeyPair(cspHand, CSSM_ALGID_ECDSA, - LABEL_DEF, strlen(LABEL_DEF), keySizeBits, - &ourPub, ourKeysRef, CSSM_KEYUSE_DERIVE, CSSM_KEYBLOB_RAW_FORMAT_NONE, - &ourPriv, ourKeysRef, CSSM_KEYUSE_DERIVE, CSSM_KEYBLOB_RAW_FORMAT_NONE, - CSSM_FALSE); - if(crtn) { - return testError(quiet); - } - ourKeysGend = true; - - CSSM_KEY theirPriv; - CSSM_KEY theirPub; /* the generated one */ - CSSM_KEY theirWrappedPub; /* optional NULL unwrap */ - CSSM_KEY_PTR theirPubPtr; - CSSM_KEY ourWrappedPub; /* optional NULL unwrap */ - CSSM_KEY_PTR ourPubPtr; - CSSM_KEY derived1; - CSSM_KEY derived2; - CSSM_BOOL pubIsRef = CSSM_FALSE; - CSSM_KEYBLOB_FORMAT blobForm = CSSM_KEYBLOB_RAW_FORMAT_NONE; - int ourRtn = 0; - - switch(theirPubKeyType) { - case PKT_Ref: - case PKT_Wrap: - pubIsRef = CSSM_TRUE; - break; - case PKT_X509: - pubIsRef = CSSM_FALSE; - break; - case PKT_Octet: - pubIsRef = CSSM_FALSE; - blobForm = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING; - break; - } - - crtn = cspGenKeyPair(cspHand, CSSM_ALGID_ECDSA, - LABEL_DEF, strlen(LABEL_DEF), keySizeBits, - &theirPub, pubIsRef, CSSM_KEYUSE_DERIVE, CSSM_KEYBLOB_RAW_FORMAT_NONE, - &theirPriv, theirPrivKeyRef, CSSM_KEYUSE_DERIVE, CSSM_KEYBLOB_RAW_FORMAT_NONE, - CSSM_FALSE); - if(crtn) { - ourRtn = testError(quiet); - goto errOut; - } - - if(theirPubKeyType == PKT_Wrap) { - /* - * This test mode is here mainly to ring out the key wrap and - * OCTET_STRING format functionality in the CrypkitCSP, it's - * not really relevant to ECDH... - */ - crtn = cspRefKeyToRawWithFormat(cspHand, &theirPub, - CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING, &theirWrappedPub); - if(crtn) { - ourRtn = testError(quiet); - goto errOut; - } - theirPubPtr = &theirWrappedPub; - wrappedTheirPub = true; - } - else { - theirPubPtr = &theirPub; - } - - if(!bareCsp) { - /* - * For CSPDL, convert our pub key to OCTET_STRING format so it - * is sent as a Param - can't send a ref key (or any other pub - * key) in the context - */ - crtn = cspRefKeyToRawWithFormat(cspHand, &ourPub, - CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING, &ourWrappedPub); - if(crtn) { - ourRtn = testError(quiet); - goto errOut; - } - ourPubPtr = &ourWrappedPub; - wrappedOurPub = true; - } - else { - ourPubPtr = &ourPub; - } - - /* - * Here we go, do the two sides of D-H key agreement, results to - * to CSSM_KEYs. - */ - ourRtn = doECDH(cspHand, &ourPriv, theirPubPtr, bareCsp, - x963KDF, useSharedInfo ? &sharedInfo : NULL, - deriveSizeInBits, quiet, verbose, &derived1); - if(ourRtn) { - goto errOut; - } - ourRtn = doECDH(cspHand, &theirPriv, ourPubPtr, bareCsp, - x963KDF, useSharedInfo ? &sharedInfo : NULL, - deriveSizeInBits, quiet, verbose, &derived2); - if(ourRtn) { - goto errOut; - } - - if(!appCompareCssmData(&derived1.KeyData, &derived2.KeyData)) { - printf("***Data Miscompare on ECDH key derivation\n"); - } -errOut: - if(ourKeysGend) { - cspFreeKey(cspHand, &ourPub); - cspFreeKey(cspHand, &ourPriv); - } - if(theirKeysGend) { - cspFreeKey(cspHand, &theirPub); - cspFreeKey(cspHand, &theirPriv); - } - if(wrappedTheirPub) { - cspFreeKey(cspHand, &theirWrappedPub); - } - if(wrappedOurPub) { - cspFreeKey(cspHand, &ourWrappedPub); - } - if(derivedKey1) { - cspFreeKey(cspHand, &derived1); - } - if(derivedKey2) { - cspFreeKey(cspHand, &derived2); - } - if(sharedInfo.Data != NULL) { - appFreeCssmData(&sharedInfo, CSSM_FALSE); - } - return ourRtn; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - CSSM_CSP_HANDLE cspHand; - unsigned loop; - int ourRtn = 0; - - unsigned keySize = KEY_SIZE_DEF; - unsigned loops = LOOPS_DEF; - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL bareCsp = CSSM_TRUE; - CSSM_BOOL x963KDF = CSSM_FALSE; - - for(arg=1; arg 0 ) - switch ( "$argv[1]" ) - case s: - set QUICK_TEST = 1 - shift - breaksw - default: - if("$argv[1]" == "C=m") then - set WEIERSTRASS = 0 - endif - set CMD_ARGS = "$CMD_ARGS $argv[1]" - shift - breaksw - endsw -end -# -# Select 'quick' or 'normal' test params -# -if($QUICK_TEST == 1) then - set SIGTEST_ARGS= - set BADSIG_ARGS="l=4 i=10" - set ASYMTEST_ARGS= -else - set SIGTEST_ARGS= - set BADSIG_ARGS="l=20" - set ASYMTEST_ARGS= -endif -# -cd $BUILD_DIR -# -# sigtest - FEE/MD5, FEE/SHA1 for all curves; ECDSA for Weierstrass only -# -sigtest a=f $SIGTEST_ARGS $CMD_ARGS || exit(1) -sigtest a=F $SIGTEST_ARGS $CMD_ARGS || exit(1) -if($WEIERSTRASS == 1) then - sigtest a=e $SIGTEST_ARGS $CMD_ARGS || exit(1) -endif -# -# badsig - FEE/MD5, FEE/SHA1 for all curves; ECDSA for Weierstrass only -# -badsig a=f $BADSIG_ARGS $CMD_ARGS || exit(1) -badsig a=F $BADSIG_ARGS $CMD_ARGS || exit(1) -if($WEIERSTRASS == 1) then - badsig a=e $BADSIG_ARGS $CMD_ARGS || exit(1) -endif -# -# asymtest - FEED, FEEDExp for all curves -# -asymTest a=f $ASYMTEST_ARGS $CMD_ARGS || exit(1) -asymTest a=x $ASYMTEST_ARGS $CMD_ARGS || exit(1) diff --git a/SecurityTests/cspxutils/feedvt b/SecurityTests/cspxutils/feedvt deleted file mode 100755 index 145be9aa..00000000 --- a/SecurityTests/cspxutils/feedvt +++ /dev/null @@ -1,22 +0,0 @@ -#! /bin/csh -f -# -# run FEE tests for CSP/X. -# -set BUILD_DIR=$LOCAL_BUILD_DIR -# -set CMD_ARGS= -# -while ( $#argv > 0 ) - set CMD_ARGS = "$CMD_ARGS $argv[1]" - shift -end -# -# run thru the known curves -# -./feeCurve $CMD_ARGS k=31 C=m || exit(1) -./feeCurve $CMD_ARGS k=31 C=w || exit(1) -./feeCurve $CMD_ARGS k=127 C=m || exit(1) -./feeCurve $CMD_ARGS k=128 C=w || exit(1) -./feeCurve $CMD_ARGS k=161 C=w || exit(1) -./feeCurve $CMD_ARGS k=161 P=g || exit(1) -./feeCurve $CMD_ARGS k=192 C=w || exit(1) diff --git a/SecurityTests/cspxutils/genErrorStrings/Makefile b/SecurityTests/cspxutils/genErrorStrings/Makefile deleted file mode 100644 index 1fbd4479..00000000 --- a/SecurityTests/cspxutils/genErrorStrings/Makefile +++ /dev/null @@ -1,35 +0,0 @@ -EXECUTABLE=genErrorStrings -# C++ source (with .cpp extension) -CPSOURCE= genErrorStrings.cpp -# C source (.c extension) -CSOURCE=fileIo.c -OFILES = $(CSOURCE:%.c=%.o) $(CPSOURCE:%.cpp=%.o) - -FRAMEWORKS= -FRAME_SEARCH= -FINCLUDES= -PINCLUDES= -CINCLUDES= $(FINCLUDES) $(PINCLUDES) -WFLAGS= -Wno-four-char-constants -Wno-deprecated-declarations -CFLAGS= -g $(CINCLUDES) $(WFLAGS) $(FRAME_SEARCH) - -# -# This assumes final load with cc, not ld -# -LIBS= -lstdc++ -LIBPATH= -LDFLAGS= $(LIBS) $(LIBPATH) $(FRAME_SEARCH) - -first: $(EXECUTABLE) - -$(EXECUTABLE): $(OFILES) - $(CC) -o $(EXECUTABLE) $(FRAMEWORKS) $(OFILES) $(LDFLAGS) - -clean: - rm -f *.o $(EXECUTABLE) - -.c.o: - $(CC) $(CFLAGS) -c -o $*.o $< - -.cpp.o: - $(CC) $(CFLAGS) -c -o $*.o $< diff --git a/SecurityTests/cspxutils/genErrorStrings/fileIo.c b/SecurityTests/cspxutils/genErrorStrings/fileIo.c deleted file mode 100644 index 3f666ac0..00000000 --- a/SecurityTests/cspxutils/genErrorStrings/fileIo.c +++ /dev/null @@ -1,89 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include "fileIo.h" - -int writeFile( - const char *fileName, - const unsigned char *bytes, - unsigned numBytes) -{ - int rtn; - int fd; - - fd = open(fileName, O_RDWR | O_CREAT | O_TRUNC, 0600); - if(fd <= 0) { - return errno; - } - rtn = lseek(fd, 0, SEEK_SET); - if(rtn < 0) { - return errno; - } - rtn = write(fd, bytes, (size_t)numBytes); - if(rtn != (int)numBytes) { - if(rtn >= 0) { - printf("writeFile: short write\n"); - } - rtn = EIO; - } - else { - rtn = 0; - } - close(fd); - return rtn; -} - -/* - * Read entire file. - */ -int readFile( - const char *fileName, - unsigned char **bytes, // mallocd and returned - unsigned *numBytes) // returned -{ - int rtn; - int fd; - char *buf; - struct stat sb; - unsigned size; - - *numBytes = 0; - *bytes = NULL; - fd = open(fileName, O_RDONLY, 0); - if(fd <= 0) { - return errno; - } - rtn = fstat(fd, &sb); - if(rtn) { - goto errOut; - } - size = sb.st_size; - buf = (char *)malloc(size); - if(buf == NULL) { - rtn = ENOMEM; - goto errOut; - } - rtn = lseek(fd, 0, SEEK_SET); - if(rtn < 0) { - goto errOut; - } - rtn = read(fd, buf, (size_t)size); - if(rtn != (int)size) { - if(rtn >= 0) { - printf("readFile: short read\n"); - } - rtn = EIO; - } - else { - rtn = 0; - *bytes = (unsigned char *)buf; - *numBytes = size; - } -errOut: - close(fd); - return rtn; -} diff --git a/SecurityTests/cspxutils/genErrorStrings/fileIo.h b/SecurityTests/cspxutils/genErrorStrings/fileIo.h deleted file mode 100644 index 4c74ac12..00000000 --- a/SecurityTests/cspxutils/genErrorStrings/fileIo.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Read entire file. - */ -#ifdef __cplusplus -extern "C" { -#endif - -int readFile( - const char *fileName, - unsigned char **bytes, // mallocd and returned - unsigned *numBytes); // returned - -int writeFile( - const char *fileName, - const unsigned char *bytes, - unsigned numBytes); - -#ifdef __cplusplus -} -#endif diff --git a/SecurityTests/cspxutils/genErrorStrings/genErrorStrings.cpp b/SecurityTests/cspxutils/genErrorStrings/genErrorStrings.cpp deleted file mode 100644 index 35e6e8dc..00000000 --- a/SecurityTests/cspxutils/genErrorStrings/genErrorStrings.cpp +++ /dev/null @@ -1,211 +0,0 @@ -/* - * genErrorStrings.cpp - parse supplied files, generate error table from - * them of the following form: - * - * typedef struct { - * CSSM_RETURN errCode; - * const char *errStr; - * } ErrString; - * - * ErrString errStrings[] = { - * { CSSMERR_CSSM_INTERNAL_ERROR, "CSSMERR_CSSM_INTERNAL_ERROR" }, - * ... - * { CSSMERR_CSP_FUNCTION_FAILED, "CSSMERR_CSP_FUNCTION_FAILED" } - * }; - * - * The error table is written to stdout. - */ - -#include -#include -#include -#include -#include -#include "fileIo.h" - -#define MAX_LINE_LEN 256 - -static void usage(char **argv) -{ - printf("usage: %s inFile [inFile...]\n", argv[0]); - exit(1); -} - -static void writePreamble( - FILE *f) -{ - fprintf(f, "/*\n"); - fprintf(f, " * This file autogenerated by genErrorStrings. Do not edit. \n"); - fprintf(f, " */\n\n"); - fprintf(f, "#include \n\n"); - fprintf(f, "typedef struct {\n"); - fprintf(f, "\tCSSM_RETURN errCode;\n"); - fprintf(f, "\tconst char *errStr;\n"); - fprintf(f, "} ErrString;\n\n"); - fprintf(f, "static const ErrString errStrings[] = {\n"); -} - -static void writePostamble( - FILE *f) -{ - /* generate a null entry as terminator */ - fprintf(f, "\t{0, NULL}\n"); - fprintf(f, "};\n"); -} - -static void writeToken( - const char *token, - FILE *f) -{ - printf("\t{ %s,\"%s\"},\n", token, token); -} - -/* skip whitespace (but not line terminators) */ -static void skipWhite( - const char *&cp, - unsigned &bytesLeft) -{ - while(bytesLeft != 0) { - switch(*cp) { - case ' ': - case '\t': - cp++; - bytesLeft--; - break; - default: - return; - } - } -} - -static void getLine( - const char *&cp, // IN/OUT - unsigned &bytesLeft, // IN/OUT bytes left - char *lineBuf) -{ - char *outp = lineBuf; - char *endOfOut = outp + MAX_LINE_LEN - 2; - while(bytesLeft != 0) { - switch(*cp) { - case '\n': - case '\r': - cp++; - bytesLeft--; - *outp = 0; - return; - default: - *outp++ = *cp++; - bytesLeft--; - break; - } - if(outp == endOfOut) { - printf("***getLine: line length exceeded!\n"); - break; - } - } - /* end of file */ - *outp = 0; -} - -/* incoming line is NULL terminated even if it's empty */ -static bool isLineEmpty( - const char *cp) -{ - for( ; *cp; cp++) { - switch(*cp) { - case ' ': - case '\t': - break; - default: - return false; - } - } - return true; -} - -/* process one file */ -static void processFile( - const char *fileName, - const char *in, - unsigned inLen, - FILE *f) -{ - char lineBuf[MAX_LINE_LEN]; - unsigned lineLen; - const char *cp; - const char *endOfToken; - char tokenBuf[MAX_LINE_LEN]; - unsigned tokenLen; - const char *lastSlash = fileName; - const char *nextSlash; - - while((nextSlash = strchr(lastSlash, '/')) != NULL) { - lastSlash = nextSlash + 1; - } - fprintf(f, "\t/* Error codes from %s */\n", lastSlash); - - while(inLen != 0) { - /* get one line, NULL terminated */ - getLine(in, inLen, lineBuf); - if(isLineEmpty(lineBuf)) { - continue; - } - - /* skip leading whitespace */ - lineLen = strlen(lineBuf); - cp = lineBuf; - skipWhite(cp, lineLen); - - /* interesting? */ - if(strncmp((char *)cp, "CSSMERR_", 8)) { - continue; - } - - /* - * cp is the start of the CSSMERR_ token - * find end of token - */ - endOfToken = cp + 8; - for(;;) { - if(isalnum(*endOfToken) || (*endOfToken == '_')) { - endOfToken++; - continue; - } - else { - break; - } - } - - /* endOfToken is one past the end of the CSSMERR_ token */ - tokenLen = endOfToken - cp; - memmove(tokenBuf, cp, tokenLen); - tokenBuf[tokenLen] = '\0'; - - /* write the stuff */ - writeToken(tokenBuf, f); - } -} - -int main(int argc, char **argv) -{ - unsigned char *inFile; - unsigned inFileLen; - int dex; - - if(argc < 2) { - usage(argv); - } - - writePreamble(stdout); - writeToken("CSSM_OK", stdout); - for(dex=1; dex $DST || exit(1) - -echo "=== Error strings generated in $DST. ===" diff --git a/SecurityTests/cspxutils/genKeyPair/Makefile b/SecurityTests/cspxutils/genKeyPair/Makefile deleted file mode 100644 index 6b20de55..00000000 --- a/SecurityTests/cspxutils/genKeyPair/Makefile +++ /dev/null @@ -1,55 +0,0 @@ -# name of executable to build -EXECUTABLE=genKeyPair -# C++ source (with .cpp extension) -CPSOURCE= genKeyPair.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -#PROJ_LDFLAGS= -lMallocDebug -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/genKeyPair/genKeyPair.cpp b/SecurityTests/cspxutils/genKeyPair/genKeyPair.cpp deleted file mode 100644 index 8d9bba78..00000000 --- a/SecurityTests/cspxutils/genKeyPair/genKeyPair.cpp +++ /dev/null @@ -1,238 +0,0 @@ -/* - * genKeyPair.cpp - create a key pair, store in specified keychain - */ -#include -#include -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" - -static void usage(char **argv) -{ - printf("usage: %s keychain [options]\n", argv[0]); - printf("Options:\n"); - printf(" -l label -- no default\n"); - printf(" -a r|f|d -- algorithm RSA/FEE/DSA, default = RSA\n"); - printf(" -k bits -- key size in bits, default is 1024/128/512 for RSA/FEE/DSA\n"); - exit(1); -} - -/* - * Generate key pair of arbitrary algorithm. - * FEE keys will have random private data. - * Like the cspGenKeyPair() in cspwrap.c except this provides a DLDB handle. - */ -static CSSM_RETURN genKeyPair(CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_HANDLE dlDbHand, - uint32 algorithm, - const char *keyLabel, - unsigned keyLabelLen, - uint32 keySize, // in bits - CSSM_KEY_PTR pubKey, // mallocd by caller - uint32 pubKeyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - CSSM_KEY_PTR privKey, // mallocd by caller - uint32 privKeyUsage) // CSSM_KEYUSE_DECRYPT, etc. -{ - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand; - CSSM_DATA keyLabelData; - uint32 pubAttr; - uint32 privAttr; - CSSM_RETURN ocrtn = CSSM_OK; - - /* pre-context-create algorithm-specific stuff */ - switch(algorithm) { - case CSSM_ALGID_FEE: - if(keySize == CSP_KEY_SIZE_DEFAULT) { - keySize = CSP_FEE_KEY_SIZE_DEFAULT; - } - break; - case CSSM_ALGID_RSA: - if(keySize == CSP_KEY_SIZE_DEFAULT) { - keySize = CSP_RSA_KEY_SIZE_DEFAULT; - } - break; - case CSSM_ALGID_DSA: - if(keySize == CSP_KEY_SIZE_DEFAULT) { - keySize = CSP_DSA_KEY_SIZE_DEFAULT; - } - break; - default: - printf("cspGenKeyPair: Unknown algorithm\n"); - break; - } - keyLabelData.Data = (uint8 *)keyLabel, - keyLabelData.Length = keyLabelLen; - memset(pubKey, 0, sizeof(CSSM_KEY)); - memset(privKey, 0, sizeof(CSSM_KEY)); - - crtn = CSSM_CSP_CreateKeyGenContext(cspHand, - algorithm, - keySize, - NULL, // Seed - NULL, // Salt - NULL, // StartDate - NULL, // EndDate - NULL, // Params - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateKeyGenContext", crtn); - ocrtn = crtn; - goto abort; - } - /* cook up attribute bits */ - pubAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT; - privAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT; - - /* post-context-create algorithm-specific stuff */ - switch(algorithm) { - case CSSM_ALGID_DSA: - /* - * extra step - generate params - this just adds some - * info to the context - */ - { - CSSM_DATA dummy = {0, NULL}; - crtn = CSSM_GenerateAlgorithmParams(ccHand, - keySize, &dummy); - if(crtn) { - printError("CSSM_GenerateAlgorithmParams", crtn); - return crtn; - } - appFreeCssmData(&dummy, CSSM_FALSE); - } - break; - default: - break; - } - - /* add in DL/DB to context */ - crtn = cspAddDlDbToContext(ccHand, dlDbHand.DLHandle, dlDbHand.DBHandle); - if(crtn) { - ocrtn = crtn; - goto abort; - } - - crtn = CSSM_GenerateKeyPair(ccHand, - pubKeyUsage, - pubAttr, - &keyLabelData, - pubKey, - privKeyUsage, - privAttr, - &keyLabelData, // same labels - NULL, // CredAndAclEntry - privKey); - if(crtn) { - printError("CSSM_GenerateKeyPair", crtn); - ocrtn = crtn; - goto abort; - } -abort: - if(ccHand != 0) { - crtn = CSSM_DeleteContext(ccHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = CSSM_ERRCODE_INTERNAL_ERROR; - } - } - return ocrtn; -} - -int main(int argc, char **argv) -{ - char *kcName = NULL; - char *label = NULL; - CSSM_ALGORITHMS keyAlg = CSSM_ALGID_RSA; - unsigned keySizeInBits = CSP_KEY_SIZE_DEFAULT; - - if(argc < 2) { - usage(argv); - } - kcName = argv[1]; - - extern char *optarg; - extern int optind; - - optind = 2; - int arg; - while ((arg = getopt(argc, argv, "l:a:k:h")) != -1) { - switch (arg) { - case 'l': - label = optarg; - break; - case 'a': - switch(optarg[0]) { - case 'r': - keyAlg = CSSM_ALGID_RSA; - break; - case 'f': - keyAlg = CSSM_ALGID_FEE; - break; - case 'd': - keyAlg = CSSM_ALGID_DSA; - break; - default: - usage(argv); - } - break; - case 'k': - keySizeInBits = atoi(optarg); - break; - default: - usage(argv); - } - } - if(optind != argc) { - usage(argv); - } - - SecKeychainRef kcRef = nil; - OSStatus ortn; - - ortn = SecKeychainOpen(kcName, &kcRef); - if(ortn) { - cssmPerror("SecKeychainOpen", ortn); - exit(1); - } - - CSSM_CSP_HANDLE cspHand = 0; - CSSM_DL_DB_HANDLE dlDbHand = {0, 0}; - ortn = SecKeychainGetCSPHandle(kcRef, &cspHand); - if(ortn) { - cssmPerror("SecKeychainGetCSPHandle", ortn); - exit(1); - } - ortn = SecKeychainGetDLDBHandle(kcRef, &dlDbHand); - if(ortn) { - cssmPerror("SecKeychainGetDLDBHandle", ortn); - exit(1); - } - - CSSM_KEY privKey; - CSSM_KEY pubKey; - CSSM_RETURN crtn; - - crtn = genKeyPair(cspHand, dlDbHand, - keyAlg, - label, (label ? strlen(label) : 0), - keySizeInBits, - &pubKey, - CSSM_KEYUSE_ANY, // may want to parameterize - &privKey, - CSSM_KEYUSE_ANY); // may want to parameterize - if(crtn) { - printf("**Error creating key pair.\n"); - } - else { - printf("...key pair created in keychain %s.\n", kcName); - } - - cspFreeKey(cspHand, &privKey); - cspFreeKey(cspHand, &pubKey); - CFRelease(kcRef); - return 0; -} diff --git a/SecurityTests/cspxutils/hashClone/Makefile b/SecurityTests/cspxutils/hashClone/Makefile deleted file mode 100644 index 14df35d3..00000000 --- a/SecurityTests/cspxutils/hashClone/Makefile +++ /dev/null @@ -1,55 +0,0 @@ -# name of executable to build -EXECUTABLE=hashClone -# C++ source (with .cpp extension) -CPSOURCE= -# C source (.c extension) -CSOURCE= hashClone.c - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -#PROJ_LDFLAGS= -lMallocDebug -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/hashClone/hashClone.c b/SecurityTests/cspxutils/hashClone/hashClone.c deleted file mode 100644 index 9a05928a..00000000 --- a/SecurityTests/cspxutils/hashClone/hashClone.c +++ /dev/null @@ -1,354 +0,0 @@ -/* - * hashClone.c - test CSSM_DigestDataClone function - */ - -#include -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" - -/* - * Defaults - */ -#define LOOPS_DEF 50 -#define MAX_PTEXT (8 * 1024) -#define MIN_PTEXT 16 -#define LOOP_NOTIFY 20 - -/* - * Enumerated algs - */ -typedef unsigned privAlg; -enum { - ALG_MD5 = 1, - ALG_SHA1, - ALG_MD2, - ALG_SHA224, - ALG_SHA256, - ALG_SHA384, - ALG_SHA512 -}; - -#define ALG_FIRST ALG_MD5 -#define ALG_LAST ALG_SHA512 - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" a=algorithm (s=SHA1; m=MD5; M=MD2; 4=SHA224; 2=SHA256; 3=SHA384; 5=SHA512; " - "default=all\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" p=pauseInterval (default=0, no pause)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -static int doTest(CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS alg, - const char *algStr, - CSSM_DATA_PTR ptext, - CSSM_BOOL verbose, - CSSM_BOOL quiet) -{ - CSSM_CC_HANDLE digHand1 = 0; // reference - CSSM_CC_HANDLE digHand2 = 0; // to be cloned - CSSM_CC_HANDLE digHand3 = 0; // cloned from digHand2 - CSSM_DATA dig1 = {0, NULL}; - CSSM_DATA dig2 = {0, NULL}; - CSSM_DATA dig3 = {0, NULL}; - CSSM_RETURN crtn; - unsigned thisMove; // this update - unsigned toMove; // total to go - unsigned totalRequest; // originally requested - CSSM_DATA thisText; // actually passed to update - - /* cook up two digest contexts */ - crtn = CSSM_CSP_CreateDigestContext(cspHand, - alg, - &digHand1); - if(crtn) { - printError("CSSM_CSP_CreateDigestContext (1)", crtn); - return testError(quiet); - } - crtn = CSSM_CSP_CreateDigestContext(cspHand, - alg, - &digHand2); - if(crtn) { - printError("CSSM_CSP_CreateDigestContext (2)", crtn); - return testError(quiet); - } - crtn = CSSM_DigestDataInit(digHand1); - if(crtn) { - printError("CSSM_DigestDataInit (1)", crtn); - return testError(quiet); - } - crtn = CSSM_DigestDataInit(digHand2); - if(crtn) { - printError("CSSM_DigestDataInit (2)", crtn); - return testError(quiet); - } - - /* do some random updates to first two digests, until we've digested - * at least half of the requested data */ - totalRequest = ptext->Length; - toMove = ptext->Length; - thisText.Data = ptext->Data; - while(toMove > (totalRequest / 2)) { - thisMove = genRand((MIN_PTEXT / 2), toMove); - thisText.Length = thisMove; - if(verbose) { - printf(" ..updating digest1, digest2 with %d bytes\n", thisMove); - } - crtn = CSSM_DigestDataUpdate(digHand1, &thisText, 1); - if(crtn) { - printError("CSSM_DigestDataUpdate (1)", crtn); - return testError(quiet); - } - crtn = CSSM_DigestDataUpdate(digHand2, &thisText, 1); - if(crtn) { - printError("CSSM_DigestDataUpdate (2)", crtn); - return testError(quiet); - } - thisText.Data += thisMove; - toMove -= thisMove; - } - - /* digest3 := clone(digest2) */ - crtn = CSSM_DigestDataClone(digHand2, &digHand3); - if(crtn) { - printError("CSSM_DigestDataClone", crtn); - return testError(quiet); - } - - /* finish off remaining ptext, updating all 3 digests identically */ - while(toMove) { - thisMove = genRand(1, toMove); - thisText.Length = thisMove; - if(verbose) { - printf(" ..updating all three digests with %d bytes\n", thisMove); - } - crtn = CSSM_DigestDataUpdate(digHand1, &thisText, 1); - if(crtn) { - printError("CSSM_DigestDataUpdate (3)", crtn); - return testError(quiet); - } - crtn = CSSM_DigestDataUpdate(digHand2, &thisText, 1); - if(crtn) { - printError("CSSM_DigestDataUpdate (4)", crtn); - return testError(quiet); - } - crtn = CSSM_DigestDataUpdate(digHand3, &thisText, 1); - if(crtn) { - printError("CSSM_DigestDataUpdate (5)", crtn); - return testError(quiet); - } - thisText.Data += thisMove; - toMove -= thisMove; - } - - /* obtain all three digests */ - crtn = CSSM_DigestDataFinal(digHand1, &dig1); - if(crtn) { - printError("CSSM_DigestDataFinal (1)", crtn); - return testError(quiet); - } - crtn = CSSM_DigestDataFinal(digHand2, &dig2); - if(crtn) { - printError("CSSM_DigestDataFinal (2)", crtn); - return testError(quiet); - } - crtn = CSSM_DigestDataFinal(digHand3, &dig3); - if(crtn) { - printError("CSSM_DigestDataFinal (3)", crtn); - return testError(quiet); - } - - /* ensure all three digests identical */ - if(!appCompareCssmData(&dig1, &dig2)) { - printf("***Digest miscompare(dig1, dig2)***\n"); - if(testError(quiet)) { - return 1; - } - } - if(!appCompareCssmData(&dig2, &dig3)) { - printf("***Digest miscompare(dig2, dig3)***\n"); - if(testError(quiet)) { - return 1; - } - } - - /* free resources */ - appFreeCssmData(&dig1, CSSM_FALSE); - appFreeCssmData(&dig2, CSSM_FALSE); - appFreeCssmData(&dig3, CSSM_FALSE); - CSSM_DeleteContext(digHand1); - CSSM_DeleteContext(digHand2); - CSSM_DeleteContext(digHand3); - return 0; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - CSSM_DATA ptext; - CSSM_CSP_HANDLE cspHand; - const char *algStr; - privAlg alg; // ALG_MD5, etc. - CSSM_ALGORITHMS cssmAlg; // CSSM_ALGID_MD5, etc. - int j; - - /* - * User-spec'd params - */ - unsigned loops = LOOPS_DEF; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - unsigned minAlg = ALG_FIRST; - unsigned maxAlg = ALG_LAST; - unsigned pauseInterval = 0; - CSSM_BOOL bareCsp = CSSM_TRUE; - - for(arg=1; arg -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "bsafeUtils.h" -#include - -/* - * Defaults. - */ -#define LOOPS_DEF 200 -#define MIN_EXP 2 /* for data size 10**exp */ -#define DEFAULT_MAX_EXP 4 -#define MAX_EXP 5 - -#define MAX_DATA_SIZE (100000 + 100) /* bytes */ -#define LOOP_NOTIFY 20 - -/* - * Enumerate algs our own way to allow iteration. - */ -enum { - ALG_SHA1 = 1, - ALG_MD5, - ALG_MD2 -}; - -#define ALG_FIRST ALG_SHA1 -#define ALG_LAST ALG_MD2 - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" a=algorithm (s=SHA1; 5=MD5; 2=MD2; default=all\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" n=minExp (default=%d)\n", MIN_EXP); - printf(" x=maxExp (default=%d, max=%d)\n", DEFAULT_MAX_EXP, MAX_EXP); - printf(" p=pauseInterval (default=0, no pause)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -/* - * generate digest using reference BSAFE. - */ -static CSSM_RETURN genDigestBSAFE( - CSSM_ALGORITHMS hashAlg, - const CSSM_DATA *inText, - CSSM_DATA_PTR outText) // mallocd and returned -{ - CSSM_RETURN crtn; - - crtn = buGenDigest(hashAlg, - inText, - outText); - return crtn; -} - -/* - * Generate digest using CSP. - */ -static CSSM_RETURN genDigestCSSM( - CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS hashAlg, - const CSSM_DATA *inText, - CSSM_DATA_PTR outText) // mallocd and returned if doGen -{ - - outText->Data = NULL; - outText->Length = 0; - return cspStagedDigest(cspHand, - hashAlg, - CSSM_TRUE, // mallocDigest - CSSM_TRUE, // multiUpdates - inText, - outText); -} - -#define LOG_FREQ 20 - -static int doTest(CSSM_CSP_HANDLE cspHand, - const CSSM_DATA *ptext, - uint32 hashAlg, - CSSM_BOOL quiet) -{ - CSSM_DATA hashRef = {0, NULL}; // digest, BSAFE reference - CSSM_DATA hashTest = {0, NULL}; // digest, CSP test - int rtn = 0; - CSSM_RETURN crtn; - - /* - * generate with each method; - * verify digests compare; - */ - crtn = genDigestBSAFE(hashAlg, - ptext, - &hashRef); - if(crtn) { - return testError(quiet); - } - crtn = genDigestCSSM(cspHand, - hashAlg, - ptext, - &hashTest); - if(crtn) { - return testError(quiet); - } - - /* ensure both methods resulted in same hash */ - if(hashRef.Length != hashTest.Length) { - printf("hash length mismatch (1)\n"); - rtn = testError(quiet); - if(rtn) { - goto abort; - } - } - if(memcmp(hashRef.Data, hashTest.Data, hashTest.Length)) { - printf("hash miscompare\n"); - rtn = testError(quiet); - } - else { - rtn = 0; - } -abort: - if(hashTest.Length) { - CSSM_FREE(hashTest.Data); - } - if(hashRef.Length) { - CSSM_FREE(hashRef.Data); - } - return rtn; -} - - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - CSSM_DATA ptext; - CSSM_CSP_HANDLE cspHand; - const char *algStr; - uint32 hashAlg; // CSSM_ALGID_xxx - int i; - unsigned currAlg; // ALG_xxx - int rtn = 0; - - /* - * User-spec'd params - */ - unsigned minAlg = ALG_FIRST; - unsigned maxAlg = ALG_LAST; - unsigned loops = LOOPS_DEF; - CSSM_BOOL verbose = CSSM_FALSE; - unsigned minExp = MIN_EXP; - unsigned maxExp = DEFAULT_MAX_EXP; - CSSM_BOOL quiet = CSSM_FALSE; - unsigned pauseInterval = 0; - CSSM_BOOL bareCsp = CSSM_TRUE; - - - for(arg=1; arg MAX_EXP) { - usage(argv); - } - break; - case 'v': - verbose = CSSM_TRUE; - break; - case 'D': - bareCsp = CSSM_FALSE; - break; - case 'q': - quiet = CSSM_TRUE; - break; - case 'p': - pauseInterval = atoi(&argp[2]);; - break; - case 'h': - default: - usage(argv); - } - } - if(minExp > maxExp) { - printf("***minExp must be <= maxExp\n"); - usage(argv); - } - ptext.Data = (uint8 *)CSSM_MALLOC(MAX_DATA_SIZE); - if(ptext.Data == NULL) { - printf("Insufficient heap space\n"); - exit(1); - } - /* ptext length set in test loop */ - - printf("Starting hashCompat; args: "); - for(i=1; i -#include -#include -#include -#include -#include "cspwrap.h" -#include -#include -#include "cspwrap.h" -#include "common.h" - -/* - * Defaults. - */ -#define LOOPS_DEF 50 -#define MIN_EXP 2 /* for data size 10**exp */ -#define DEFAULT_MAX_EXP 3 -#define MAX_EXP 5 -#define INCR_DEFAULT 0 /* munge every incr bytes - zero means - * "adjust per ptext size" */ -typedef enum { - ALG_MD2 = 1, - ALG_MD5, - ALG_SHA1, - ALG_SHA224, - ALG_SHA256, - ALG_SHA384, - ALG_SHA512 -}; - -#define ALG_FIRST ALG_MD2 -#define ALG_LAST ALG_SHA512 -#define MAX_DATA_SIZE (100000 + 100) /* bytes */ -#define LOOP_NOTIFY 20 - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" a=algorithm (s=SHA1; m=MD5; M=MD2; 4=SHA224; 2=SHA256; 3=SHA384; 5=SHA512; " - "default=all\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" n=minExp (default=%d)\n", MIN_EXP); - printf(" x=maxExp (default=%d, max=%d)\n", DEFAULT_MAX_EXP, MAX_EXP); - printf(" i=increment (default=%d)\n", INCR_DEFAULT); - printf(" p=pauseInterval (default=0, no pause)\n"); - printf(" z (zero data)\n"); - printf(" I (incrementing data)\n"); - printf(" g (good digest only)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -#define LOG_FREQ 20 - -static int doTest(CSSM_CSP_HANDLE cspHand, - uint32 alg, - CSSM_DATA_PTR ptext, - CSSM_BOOL verbose, - CSSM_BOOL quiet, - CSSM_BOOL mallocDigest, - unsigned incr, - CSSM_BOOL goodOnly) -{ - CSSM_DATA refDigest = {0, NULL}; - CSSM_DATA testDigest = {0, NULL}; - unsigned length; - unsigned byte; - unsigned char *data; - unsigned char origData; - unsigned char bits; - int rtn = 0; - CSSM_RETURN crtn; - unsigned loop = 0; - - /* - * generate digest in one shot; - * generate digest with multiple random-sized updates; - * verify digests compare; - * for various bytes of ptext { - * corrupt ptext byte; - * generate digest in one shot; - * verify digest is different; - * restore corrupted byte; - * } - */ - crtn = cspDigest(cspHand, - alg, - mallocDigest, - ptext, - &refDigest); - if(crtn) { - rtn = testError(quiet); - goto abort; - } - crtn = cspStagedDigest(cspHand, - alg, - mallocDigest, - CSSM_TRUE, // multi updates - ptext, - &testDigest); - if(crtn) { - rtn = testError(quiet); - goto abort; - } - if(refDigest.Length != testDigest.Length) { - printf("Digest length mismatch (1)\n"); - rtn = testError(quiet); - goto abort; - } - if(memcmp(refDigest.Data, testDigest.Data, refDigest.Length)) { - printf("Digest miscompare (1)\n"); - rtn = testError(quiet); - if(rtn) { - goto abort; - } - } - if(goodOnly) { - rtn = 0; - goto abort; - } - appFreeCssmData(&testDigest, CSSM_FALSE); - testDigest.Length = 0; - data = (unsigned char *)ptext->Data; - length = ptext->Length; - for(byte=0; byte MAX_EXP) { - usage(argv); - } - break; - case 'i': - incr = atoi(&argp[2]); - break; - case 'p': - pauseInterval = atoi(&argp[2]);; - break; - case 'v': - verbose = CSSM_TRUE; - break; - case 'q': - quiet = CSSM_TRUE; - break; - case 'D': - bareCsp = CSSM_FALSE; - break; - case 'z': - dt = DT_Zero; - break; - case 'I': - dt = DT_Increment; - break; - case 'g': - goodOnly = CSSM_TRUE; - break; - case 'h': - default: - usage(argv); - } - } - ptext.Data = (uint8 *)CSSM_MALLOC(MAX_DATA_SIZE); - /* length set in test loop */ - if(ptext.Data == NULL) { - printf("Insufficient heap\n"); - exit(1); - } - - printf("Starting hashTest; args: "); - for(i=1; i 10/06/98 ap Changed to compile with C++. - - To Do: -*/ - -/* Copyright (c) 1998,2004-2005 Apple Computer, Inc. All Rights Reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * MD5.c - */ - -/* - * This code implements the MD5 message-digest algorithm. - * The algorithm is due to Ron Rivest. This code was - * written by Colin Plumb in 1993, no copyright is claimed. - * This code is in the public domain; do with it what you wish. - * - * Equivalent code is available from RSA Data Security, Inc. - * This code has been tested against that, and is equivalent, - * except that you don't need to include two pages of legalese - * with every copy. - * - * To compute the message digest of a chunk of bytes, declare an - * MD5Context structure, pass it to MD5Init, call MD5Update as - * needed on buffers full of bytes, and then call MD5Final, which - * will fill a supplied 16-byte array with the digest. - */ - -/* - * Revision History - * ---------------- - * 06 Feb 1997 Doug Mitchell at Apple - * Fixed endian-dependent cast in MD5Final() - * Made byteReverse() tolerant of platform-dependent alignment - * restrictions - */ - -#include "MD5.h" -#undef __LITTLE_ENDIAN__ -#undef __BIG_ENDIAN__ -#define __BIG_ENDIAN__ - -#include -#include - -static inline void intToByteRep(int i, unsigned char *buf) -{ - *buf++ = (unsigned char)((i >> 24) & 0xff); - *buf++ = (unsigned char)((i >> 16) & 0xff); - *buf++ = (unsigned char)((i >> 8) & 0xff); - *buf = (unsigned char)(i & 0xff); -} - -#define MD5_DEBUG 0 - -#if MD5_DEBUG -static inline void dumpCtx(struct MD5Context *ctx, char *label) -{ - int i; - - printf("%s\n", label); - printf("buf = "); - for(i=0; i<4; i++) { - printf("%x:", ctx->buf[i]); - } - printf("\nbits: %d:%d\n", ctx->bits[0], ctx->bits[1]); - printf("in[]:\n "); - for(i=0; i<64; i++) { - printf("%02x:", ctx->in[i]); - if((i % 16) == 15) { - printf("\n "); - } - } - printf("\n"); -} -#else // MD5_DEBUG -#define dumpCtx(ctx, label) -#endif // MD5_DEBUG - -static void MD5Transform(uint32 buf[4], uint32 const in[16]); - -#ifdef __LITTLE_ENDIAN__ -#define byteReverse(buf, len) /* Nothing */ -#else -static void byteReverse(unsigned char *buf, unsigned longs); - -#ifndef ASM_MD5 -/* - * Note: this code is harmless on little-endian machines. - */ -static void byteReverse(unsigned char *buf, unsigned longs) -{ -#if old_way - /* - * this code is NOT harmless on big-endian machine which require - * natural alignment. - */ - uint32 t; - do { - t = (uint32) ((unsigned) buf[3] << 8 | buf[2]) << 16 | - ((unsigned) buf[1] << 8 | buf[0]); - *(uint32 *) buf = t; - buf += 4; - } while (--longs); -#else // new_way - - unsigned char t; - do { - t = buf[0]; - buf[0] = buf[3]; - buf[3] = t; - t = buf[1]; - buf[1] = buf[2]; - buf[2] = t; - buf += 4; - } while (--longs); -#endif // old_way -} -#endif // ASM_MD5 -#endif // __LITTLE_ENDIAN__ - -/* - * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious - * initialization constants. - */ -void MD5Init(struct MD5Context *ctx) -{ - ctx->buf[0] = 0x67452301; - ctx->buf[1] = 0xefcdab89; - ctx->buf[2] = 0x98badcfe; - ctx->buf[3] = 0x10325476; - - ctx->bits[0] = 0; - ctx->bits[1] = 0; -} - -/* - * Update context to reflect the concatenation of another buffer full - * of bytes. - */ -void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len) -{ - uint32 t; - - dumpCtx(ctx, "MD5.c update top"); - /* Update bitcount */ - - t = ctx->bits[0]; - if ((ctx->bits[0] = t + ((uint32) len << 3)) < t) - ctx->bits[1]++; /* Carry from low to high */ - ctx->bits[1] += len >> 29; - - t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */ - - /* Handle any leading odd-sized chunks */ - - if (t) { - unsigned char *p = (unsigned char *) ctx->in + t; - - t = 64 - t; - if (len < t) { - memcpy(p, buf, len); - return; - } - memcpy(p, buf, t); - byteReverse(ctx->in, 16); - MD5Transform(ctx->buf, (uint32 *) ctx->in); - dumpCtx(ctx, "update - return from transform (1)"); - buf += t; - len -= t; - } - /* Process data in 64-byte chunks */ - - while (len >= 64) { - memcpy(ctx->in, buf, 64); - byteReverse(ctx->in, 16); - MD5Transform(ctx->buf, (uint32 *) ctx->in); - dumpCtx(ctx, "update - return from transform (2)"); - buf += 64; - len -= 64; - } - - /* Handle any remaining bytes of data. */ - - memcpy(ctx->in, buf, len); -} - -/* - * Final wrapup - pad to 64-byte boundary with the bit pattern - * 1 0* (64-bit count of bits processed, MSB-first) - */ -void MD5Final(struct MD5Context *ctx, unsigned char *digest) -{ - unsigned count; - unsigned char *p; - - dumpCtx(ctx, "final top"); - - /* Compute number of bytes mod 64 */ - count = (ctx->bits[0] >> 3) & 0x3F; - - /* Set the first char of padding to 0x80. This is safe since there is - always at least one byte free */ - p = ctx->in + count; - *p++ = 0x80; - #if MD5_DEBUG - printf("in[%d] = %x\n", count, ctx->in[count]); - #endif - /* Bytes of padding needed to make 64 bytes */ - count = 64 - 1 - count; - - /* Pad out to 56 mod 64 */ - dumpCtx(ctx, "final, before pad"); - if (count < 8) { - /* Two lots of padding: Pad the first block to 64 bytes */ - bzero(p, count); - byteReverse(ctx->in, 16); - MD5Transform(ctx->buf, (uint32 *) ctx->in); - - /* Now fill the next block with 56 bytes */ - bzero(ctx->in, 56); - } else { - /* Pad block to 56 bytes */ - bzero(p, count - 8); - } - byteReverse(ctx->in, 14); - - /* Append length in bits and transform */ - #ifdef __LITTLE_ENDIAN__ - /* l.s. byte of bits[0] --> in[56] */ - ((uint32 *) ctx->in)[14] = ctx->bits[0]; - ((uint32 *) ctx->in)[15] = ctx->bits[1]; - #else - /* l.s. byte of bits[0] --> in[60] */ - intToByteRep(ctx->bits[0], &ctx->in[56]); - intToByteRep(ctx->bits[1], &ctx->in[60]); - #endif - - dumpCtx(ctx, "last transform"); - MD5Transform(ctx->buf, (uint32 *) ctx->in); - byteReverse((unsigned char *) ctx->buf, 4); - memcpy(digest, ctx->buf, MD5_DIGEST_SIZE); - dumpCtx(ctx, "final end"); - - bzero(ctx, sizeof(*ctx)); /* In case it's sensitive */ -} - -#ifndef ASM_MD5 - -/* The four core functions - F1 is optimized somewhat */ - -/* #define F1(x, y, z) (x & y | ~x & z) */ -#define F1(x, y, z) (z ^ (x & (y ^ z))) -#define F2(x, y, z) F1(z, x, y) -#define F3(x, y, z) (x ^ y ^ z) -#define F4(x, y, z) (y ^ (x | ~z)) - -/* This is the central step in the MD5 algorithm. */ -#define MD5STEP(f, w, x, y, z, data, s) \ - ( w += f(x, y, z) + data, w = w<>(32-s), w += x ) - -/* - * The core of the MD5 algorithm, this alters an existing MD5 hash to - * reflect the addition of 16 longwords of new data. MD5Update blocks - * the data and converts bytes into longwords for this routine. - */ -static void MD5Transform(uint32 buf[4], uint32 const in[16]) -{ - register uint32 a, b, c, d; - - a = buf[0]; - b = buf[1]; - c = buf[2]; - d = buf[3]; - - MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); - MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); - MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); - MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); - MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); - MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); - MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); - MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); - MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); - MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); - MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); - MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); - MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); - MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); - MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); - MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); - - MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); - MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); - MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); - MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); - MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); - MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); - MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); - MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); - MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); - MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); - MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); - MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); - MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); - MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); - MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); - MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); - - MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); - MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); - MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); - MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); - MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); - MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); - MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); - MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); - MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); - MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); - MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); - MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); - MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); - MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); - MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); - MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); - - MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); - MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); - MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); - MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); - MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); - MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); - MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); - MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); - MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); - MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); - MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); - MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); - MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); - MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); - MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); - MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); - - buf[0] += a; - buf[1] += b; - buf[2] += c; - buf[3] += d; -} - -#endif // ASM_MD5 diff --git a/SecurityTests/cspxutils/hashTime/MD5.h b/SecurityTests/cspxutils/hashTime/MD5.h deleted file mode 100644 index 29e17df1..00000000 --- a/SecurityTests/cspxutils/hashTime/MD5.h +++ /dev/null @@ -1,63 +0,0 @@ -/* - File: MD5.h - - Written by: Colin Plumb - - Copyright: Copyright (c) 1998,2004 Apple Computer, Inc. All Rights Reserved. - - Change History (most recent first): - - <8> 10/06/98 ap Changed to compile with C++. - - To Do: -*/ - -/* Copyright (c) 1998,2004 Apple Computer, Inc. All Rights Reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * MD5.h - * derived and used without need for permission from public domain source - */ - -#ifndef _CK_MD5_H_ -#define _CK_MD5_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef __alpha -typedef unsigned int uint32; -#elif defined (macintosh) -typedef unsigned int uint32; -#else -#include -//typedef unsigned long uint32; -#endif - -struct MD5Context { - uint32 buf[4]; - uint32 bits[2]; // bits[0] is low 32 bits of bit count - unsigned char in[64]; -}; - -#define MD5_DIGEST_SIZE 16 /* in bytes */ -#define MD5_BLOCK_SIZE 64 /* in bytes */ - -void MD5Init(struct MD5Context *context); -void MD5Update(struct MD5Context *context, unsigned char const *buf, - unsigned len); -void MD5Final(struct MD5Context *context, unsigned char *digest); - -#ifdef __cplusplus -} -#endif - -#endif /*_CK_MD5_H_*/ diff --git a/SecurityTests/cspxutils/hashTime/Makefile b/SecurityTests/cspxutils/hashTime/Makefile deleted file mode 100644 index 618a7c95..00000000 --- a/SecurityTests/cspxutils/hashTime/Makefile +++ /dev/null @@ -1,56 +0,0 @@ -# name of executable to build -EXECUTABLE=hashTime -# C++ source (with .cpp extension) -CPSOURCE=hashTime.cpp -# C source (.c extension) -CSOURCE= MD5.c SHA1_priv.c SHA1.c - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -lcrypto -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -# temp for old cputime -PROJ_FRAMEWORKS=-framework IOKit - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES=-I$(LOCAL_BUILD)/include - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS=-Os - -# -# Optional link flags (using cc, not ld) -# -#PROJ_LDFLAGS= -lMallocDebug -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/hashTime/SHA1.c b/SecurityTests/cspxutils/hashTime/SHA1.c deleted file mode 100644 index 89844dce..00000000 --- a/SecurityTests/cspxutils/hashTime/SHA1.c +++ /dev/null @@ -1,176 +0,0 @@ -/* Copyright (c) 1998,2004 Apple Computer, Inc. All Rights Reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * SHA1.c - generic, portable SHA-1 hash object - * - * Revision History - * ---------------- - * 10/06/98 ap - * Changed to compile with C++. - * 07 Jan 1998 Doug Mitchell at Apple - * Created. - */ - -#include "SHA1.h" -#include "SHA1_priv.h" -#include - -/* for now map falloc to malloc, FIXME */ -#include -#define fmalloc(s) malloc(s) -#define ffree(p) free(p) - -/* - * Private data for this object. A sha1Obj handle is cast to a pointer - * to one of these. - */ -typedef struct { - SHS_INFO context; - int isDone; - - /* - * For storing partial blocks - */ - BYTE dataBuf[SHS_BLOCKSIZE]; - unsigned bufBytes; // valid bytes in dataBuf[p] -} sha1Inst; - -/* - * Alloc and init an empty sha1 object. - */ -sha1Obj sha1Alloc(void) -{ - sha1Inst *sinst; - - sinst = (sha1Inst *)fmalloc(sizeof(sha1Inst)); - if(sinst == NULL) { - return NULL; - } - shsInit(&sinst->context); - sha1Reinit((sha1Obj)sinst); - return (sha1Obj)sinst; -} - -/* - * Reusable init function. - */ -void sha1Reinit(sha1Obj sha1) -{ - sha1Inst *sinst = (sha1Inst *) sha1; - - shsInit(&sinst->context); - sinst->isDone = 0; - sinst->bufBytes = 0; -} - -/* - * Free an sha1 object. - */ -void sha1Free(sha1Obj sha1) -{ - sha1Inst *sinst = (sha1Inst *) sha1; - - memset(sha1, 0, sizeof(sha1Inst)); - ffree(sinst); -} - -/* - * Add some data to the sha1 object. - */ -void sha1AddData(sha1Obj sha1, - const unsigned char *data, - unsigned dataLen) -{ - sha1Inst *sinst = (sha1Inst *) sha1; - unsigned toMove; - unsigned blocks; - - if(sinst->isDone) { - /* - * Log some kind of error here... - */ - return; - } - - /* - * First deal with partial buffered block - */ - if(sinst->bufBytes != 0) { - toMove = SHS_BLOCKSIZE - sinst->bufBytes; - if(toMove > dataLen) { - toMove = dataLen; - } - memmove(sinst->dataBuf+sinst->bufBytes, data, toMove); - data += toMove; - dataLen -= toMove; - sinst->bufBytes += toMove; - if(sinst->bufBytes == SHS_BLOCKSIZE) { - shsUpdate(&sinst->context, sinst->dataBuf, SHS_BLOCKSIZE); - sinst->bufBytes = 0; - } - } - - /* - * Now the bulk of the data, in a multiple of full blocks - */ - blocks = dataLen / SHS_BLOCKSIZE; - toMove = blocks * SHS_BLOCKSIZE; - if(toMove != 0) { - shsUpdate(&sinst->context, data, toMove); - data += toMove; - dataLen -= toMove; - } - - /* - * Store any remainder in dataBuf - */ - if(dataLen != 0) { - memmove(sinst->dataBuf, data, dataLen); - sinst->bufBytes = dataLen; - } -} - -/* - * Obtain a pointer to completed message digest, and the length of the digest. - */ -unsigned char *sha1Digest(sha1Obj sha1) -{ - sha1Inst *sinst = (sha1Inst *) sha1; - - if(!sinst->isDone) { - /* - * Deal with partial resid block - */ - if(sinst->bufBytes != 0) { - shsUpdate(&sinst->context, sinst->dataBuf, - sinst->bufBytes); - sinst->bufBytes = 0; - } - shsFinal(&sinst->context); - sinst->isDone = 1; - } - /* - * FIXME - should do explicit conversion to char array....? - */ - return (unsigned char *)sinst->context.digest; -} - -/* As above, with copy. */ -void sha1GetDigest(sha1Obj sha1, - unsigned char *digest) -{ - unsigned char *dig = sha1Digest(sha1); - memmove(digest, dig, SHS_DIGESTSIZE); -} - -unsigned sha1DigestLen(void) -{ - return SHS_DIGESTSIZE; -} diff --git a/SecurityTests/cspxutils/hashTime/SHA1.h b/SecurityTests/cspxutils/hashTime/SHA1.h deleted file mode 100644 index 8a8a04de..00000000 --- a/SecurityTests/cspxutils/hashTime/SHA1.h +++ /dev/null @@ -1,76 +0,0 @@ -/* Copyright (c) 1998,2004 Apple Computer, Inc. All Rights Reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * SHA1.h - generic, portable SHA-1 hash object - * - * Revision History - * ---------------- - * 05 Jan 1998 Doug Mitchell at Apple - * Created. - */ - -#ifndef _CK_SHA1_H_ -#define _CK_SHA1_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#define SHA1_DIGEST_SIZE 20 /* in bytes */ -#define SHA1_BLOCK_SIZE 64 /* in bytes */ - -/* - * Opaque sha1 object handle. - */ -typedef void *sha1Obj; - -/* - * Alloc and init an empty sha1 object. - */ -sha1Obj sha1Alloc(void); - -/* - * reinitialize an sha1 object for reuse. - */ -void sha1Reinit(sha1Obj sha1); - -/* - * Free an sha1 object. - */ -void sha1Free(sha1Obj sha1); - -/* - * Add some data to the sha1 object. - */ -void sha1AddData(sha1Obj sha1, - const unsigned char *data, - unsigned dataLen); - -/* - * Obtain a pointer to completed message digest. This disables further calls - * to sha1AddData(). This pointer is NOT malloc'd; the associated data - * persists only as long as this object does. - */ -unsigned char *sha1Digest(sha1Obj sha1); - -/* As above, with copy. */ -void sha1GetDigest(sha1Obj sha1, - unsigned char *digest); - -/* - * Obtain the length of the message digest. - */ -unsigned sha1DigestLen(void); - -#ifdef __cplusplus -} -#endif - -#endif /*_CK_SHA1_H_*/ diff --git a/SecurityTests/cspxutils/hashTime/SHA1_priv.c b/SecurityTests/cspxutils/hashTime/SHA1_priv.c deleted file mode 100644 index 75a55367..00000000 --- a/SecurityTests/cspxutils/hashTime/SHA1_priv.c +++ /dev/null @@ -1,311 +0,0 @@ -/* Copyright (c) 1998,2004-2005 Apple Computer, Inc. All Rights Reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * SHA1_priv.c - low-level SHA-1 hash algorithm. - * - * Revision History - * ---------------- - * 05 Jan 1998 Doug Mitchell at Apple - * Created, based on source by Peter C. Gutmann. - * Mods: made reentrant, added NIST fix to expand(), eliminated - * unnecessary copy to local W[] array. - */ - - -/* NIST proposed Secure Hash Standard. - - Written 2 September 1992, Peter C. Gutmann. - This implementation placed in the public domain. - - Comments to pgut1@cs.aukuni.ac.nz */ - - -#include "SHA1_priv.h" -#include - -/* The SHS f()-functions */ - -#define f1(x,y,z) ( ( x & y ) | ( ~x & z ) ) /* Rounds 0-19 */ -#define f2(x,y,z) ( x ^ y ^ z ) /* Rounds 20-39 */ -#define f3(x,y,z) ( ( x & y ) | ( x & z ) | ( y & z ) ) /* Rounds 40-59 */ -#define f4(x,y,z) ( x ^ y ^ z ) /* Rounds 60-79 */ - -/* The SHS Mysterious Constants */ - -#define K1 0x5A827999L /* Rounds 0-19 */ -#define K2 0x6ED9EBA1L /* Rounds 20-39 */ -#define K3 0x8F1BBCDCL /* Rounds 40-59 */ -#define K4 0xCA62C1D6L /* Rounds 60-79 */ - -/* SHS initial values */ - -#define h0init 0x67452301L -#define h1init 0xEFCDAB89L -#define h2init 0x98BADCFEL -#define h3init 0x10325476L -#define h4init 0xC3D2E1F0L - -/* 32-bit rotate - kludged with shifts */ - -#define S(n,X) ( ( X << n ) | ( X >> ( 32 - n ) ) ) - -/* The initial expanding function */ - -/* - * 06 Jan 1998. Added left circular shift per NIST FIPS-180-1 (at - * http://www.nist.gov/itl/div897/pubs/fip180-1.htm). Also see - * B. Schneier, Applied Cryptography, Second Edition, section 18.7 - * for info on this addenda to the original NIST spec. - */ -#define expand(count) { \ - W[count] = W[count - 3] ^ W[count - 8] ^ W[count - 14] ^ W[count - 16]; \ - W[count] = S(1, W[count]); \ -} - -/* The four SHS sub-rounds */ - -#define subRound1(count) \ - { \ - temp = S( 5, A ) + f1( B, C, D ) + E + W[ count ] + K1; \ - E = D; \ - D = C; \ - C = S( 30, B ); \ - B = A; \ - A = temp; \ - } - -#define subRound2(count) \ - { \ - temp = S( 5, A ) + f2( B, C, D ) + E + W[ count ] + K2; \ - E = D; \ - D = C; \ - C = S( 30, B ); \ - B = A; \ - A = temp; \ - } - -#define subRound3(count) \ - { \ - temp = S( 5, A ) + f3( B, C, D ) + E + W[ count ] + K3; \ - E = D; \ - D = C; \ - C = S( 30, B ); \ - B = A; \ - A = temp; \ - } - -#define subRound4(count) \ - { \ - temp = S( 5, A ) + f4( B, C, D ) + E + W[ count ] + K4; \ - E = D; \ - D = C; \ - C = S( 30, B ); \ - B = A; \ - A = temp; \ - } - -/* Initialize the SHS values */ - -void shsInit( SHS_INFO *shsInfo ) - { - /* Set the h-vars to their initial values */ - shsInfo->digest[ 0 ] = h0init; - shsInfo->digest[ 1 ] = h1init; - shsInfo->digest[ 2 ] = h2init; - shsInfo->digest[ 3 ] = h3init; - shsInfo->digest[ 4 ] = h4init; - - /* Initialise bit count */ - shsInfo->countLo = shsInfo->countHi = 0L; - } - -/* Perform the SHS transformation. Note that this code, like MD5, seems to - break some optimizing compilers - it may be necessary to split it into - sections, eg based on the four subrounds */ - -static void shsTransform( SHS_INFO *shsInfo ) -{ - LONG *W, temp; - LONG A, B, C, D, E; - - /* Step A. Copy the data buffer into the local work buffer. */ - /* 07 Jan 1998, dmitch: skip this bogus move, and let the caller - * copy data directly into the W[] array. To minimize changes, - * we'll just increase the size of shsInfo->data[] and make W - * a pointer here. - */ - W = shsInfo->data; - - /* Step B. Expand the 16 words into 64 temporary data words */ - - /* - * Note: I tried optimizing this via a for loop, and for some reason, - * the "optimized" version ran slower on PPC than the original - * unrolled version. The optimized version does run faster on i486 than - * the unrolled version. - * - * Similarly, the set of subRounds, below, runs slower on i486 when - * optimized via 4 'for' loops. The "optimized" version of that is - * a wash on PPC. - * - * Conclusion: leave both of 'em unrolled. We could ifdef per machine, - * but this would get messy once we had more than two architectures. - * We may want to revisit this. --dpm - */ - expand( 16 ); expand( 17 ); expand( 18 ); expand( 19 ); expand( 20 ); - expand( 21 ); expand( 22 ); expand( 23 ); expand( 24 ); expand( 25 ); - expand( 26 ); expand( 27 ); expand( 28 ); expand( 29 ); expand( 30 ); - expand( 31 ); expand( 32 ); expand( 33 ); expand( 34 ); expand( 35 ); - expand( 36 ); expand( 37 ); expand( 38 ); expand( 39 ); expand( 40 ); - expand( 41 ); expand( 42 ); expand( 43 ); expand( 44 ); expand( 45 ); - expand( 46 ); expand( 47 ); expand( 48 ); expand( 49 ); expand( 50 ); - expand( 51 ); expand( 52 ); expand( 53 ); expand( 54 ); expand( 55 ); - expand( 56 ); expand( 57 ); expand( 58 ); expand( 59 ); expand( 60 ); - expand( 61 ); expand( 62 ); expand( 63 ); expand( 64 ); expand( 65 ); - expand( 66 ); expand( 67 ); expand( 68 ); expand( 69 ); expand( 70 ); - expand( 71 ); expand( 72 ); expand( 73 ); expand( 74 ); expand( 75 ); - expand( 76 ); expand( 77 ); expand( 78 ); expand( 79 ); - - /* Step C. Set up first buffer */ - A = shsInfo->digest[ 0 ]; - B = shsInfo->digest[ 1 ]; - C = shsInfo->digest[ 2 ]; - D = shsInfo->digest[ 3 ]; - E = shsInfo->digest[ 4 ]; - - /* Step D. Serious mangling, divided into four sub-rounds */ - subRound1( 0 ); subRound1( 1 ); subRound1( 2 ); subRound1( 3 ); - subRound1( 4 ); subRound1( 5 ); subRound1( 6 ); subRound1( 7 ); - subRound1( 8 ); subRound1( 9 ); subRound1( 10 ); subRound1( 11 ); - subRound1( 12 ); subRound1( 13 ); subRound1( 14 ); subRound1( 15 ); - subRound1( 16 ); subRound1( 17 ); subRound1( 18 ); subRound1( 19 ); - subRound2( 20 ); subRound2( 21 ); subRound2( 22 ); subRound2( 23 ); - subRound2( 24 ); subRound2( 25 ); subRound2( 26 ); subRound2( 27 ); - subRound2( 28 ); subRound2( 29 ); subRound2( 30 ); subRound2( 31 ); - subRound2( 32 ); subRound2( 33 ); subRound2( 34 ); subRound2( 35 ); - subRound2( 36 ); subRound2( 37 ); subRound2( 38 ); subRound2( 39 ); - subRound3( 40 ); subRound3( 41 ); subRound3( 42 ); subRound3( 43 ); - subRound3( 44 ); subRound3( 45 ); subRound3( 46 ); subRound3( 47 ); - subRound3( 48 ); subRound3( 49 ); subRound3( 50 ); subRound3( 51 ); - subRound3( 52 ); subRound3( 53 ); subRound3( 54 ); subRound3( 55 ); - subRound3( 56 ); subRound3( 57 ); subRound3( 58 ); subRound3( 59 ); - subRound4( 60 ); subRound4( 61 ); subRound4( 62 ); subRound4( 63 ); - subRound4( 64 ); subRound4( 65 ); subRound4( 66 ); subRound4( 67 ); - subRound4( 68 ); subRound4( 69 ); subRound4( 70 ); subRound4( 71 ); - subRound4( 72 ); subRound4( 73 ); subRound4( 74 ); subRound4( 75 ); - subRound4( 76 ); subRound4( 77 ); subRound4( 78 ); subRound4( 79 ); - - /* Step E. Build message digest */ - shsInfo->digest[ 0 ] += A; - shsInfo->digest[ 1 ] += B; - shsInfo->digest[ 2 ] += C; - shsInfo->digest[ 3 ] += D; - shsInfo->digest[ 4 ] += E; -} - -#ifdef __LITTLE_ENDIAN__ - -/* When run on a little-endian CPU we need to perform byte reversal on an - array of longwords. It is possible to make the code endianness- - independant by fiddling around with data at the byte level, but this - makes for very slow code, so we rely on the user to sort out endianness - at compile time */ - -static void byteReverse( LONG *buffer, int byteCount ) - - { - LONG value; - int count; - - byteCount /= sizeof( LONG ); - for( count = 0; count < byteCount; count++ ) - { - value = ( buffer[ count ] << 16 ) | ( buffer[ count ] >> 16 ); - buffer[ count ] = ( ( value & 0xFF00FF00L ) >> 8 ) | ( ( value & 0x00FF00FFL ) << 8 ); - } - } - -#else /* __LITTLE_ENDIAN__ */ - -/* - * Nop for big-endian machines - */ -#define byteReverse( buffer, byteCount ) - -#endif /* __LITTLE_ENDIAN__ */ - - -/* Update SHS for a block of data. This code assumes that the buffer size - is a multiple of SHS_BLOCKSIZE bytes long, which makes the code a lot - more efficient since it does away with the need to handle partial blocks - between calls to shsUpdate() */ - -void shsUpdate( - SHS_INFO *shsInfo, - const BYTE *buffer, - int count) - - { - /* Update bitcount */ - if( ( shsInfo->countLo + ( ( LONG ) count << 3 ) ) < shsInfo->countLo ) - shsInfo->countHi++; /* Carry from low to high bitCount */ - shsInfo->countLo += ( ( LONG ) count << 3 ); - shsInfo->countHi += ( ( LONG ) count >> 29 ); - - /* Process data in SHS_BLOCKSIZE chunks */ - while( count >= SHS_BLOCKSIZE ) - { - memcpy( shsInfo->data, buffer, SHS_BLOCKSIZE ); - byteReverse( shsInfo->data, SHS_BLOCKSIZE ); - shsTransform( shsInfo ); - buffer += SHS_BLOCKSIZE; - count -= SHS_BLOCKSIZE; - } - - /* Handle any remaining bytes of data. This should only happen once - on the final lot of data */ - memcpy( shsInfo->data, buffer, count ); - } - -void shsFinal(SHS_INFO *shsInfo) - { - int count; - LONG lowBitcount = shsInfo->countLo, highBitcount = shsInfo->countHi; - - /* Compute number of bytes mod 64 */ - count = ( int ) ( ( shsInfo->countLo >> 3 ) & 0x3F ); - - /* Set the first char of padding to 0x80. This is safe since there is - always at least one byte free */ - ( ( BYTE * ) shsInfo->data )[ count++ ] = 0x80; - - /* Pad out to 56 mod 64 */ - if( count > 56 ) - { - /* Two lots of padding: Pad the first block to 64 bytes */ - memset( ( BYTE * ) &shsInfo->data + count, 0, 64 - count ); - byteReverse( shsInfo->data, SHS_BLOCKSIZE ); - shsTransform( shsInfo ); - - /* Now fill the next block with 56 bytes */ - memset( &shsInfo->data, 0, 56 ); - } - else - /* Pad block to 56 bytes */ - memset( ( BYTE * ) &shsInfo->data + count, 0, 56 - count ); - byteReverse( shsInfo->data, SHS_BLOCKSIZE ); - - /* Append length in bits and transform */ - shsInfo->data[ 14 ] = highBitcount; - shsInfo->data[ 15 ] = lowBitcount; - - shsTransform( shsInfo ); - byteReverse( shsInfo->digest, SHS_DIGESTSIZE ); - } diff --git a/SecurityTests/cspxutils/hashTime/SHA1_priv.h b/SecurityTests/cspxutils/hashTime/SHA1_priv.h deleted file mode 100644 index b208044d..00000000 --- a/SecurityTests/cspxutils/hashTime/SHA1_priv.h +++ /dev/null @@ -1,54 +0,0 @@ -/* Copyright (c) 1998,2004 Apple Computer, Inc. All Rights Reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * SHA1_priv.h - private low-level API for SHA-1 hash algorithm - * - * Revision History - * ---------------- - * 22 Aug 96 Doug Mitchell at NeXT - * Created. - */ - -/* Useful defines/typedefs */ - -#ifndef _CK_SHA1_PRIV_H_ -#define _CK_SHA1_PRIV_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -typedef unsigned char BYTE; -typedef unsigned long LONG; - -/* The SHS block size and message digest sizes, in bytes */ - -#define SHS_BLOCKSIZE 64 -#define SHS_DIGESTSIZE 20 - -/* The structure for storing SHS info */ - -typedef struct { - LONG digest[ 5 ]; /* Message digest */ - LONG countLo, countHi; /* 64-bit bit count */ - LONG data[ 80 ]; /* SHS data buffer */ - } SHS_INFO; - -extern void shsInit(SHS_INFO *shsInfo); -extern void shsUpdate(SHS_INFO *shsInfo, - const BYTE *buffer, - int count); -extern void shsFinal(SHS_INFO *shsInfo); - -#ifdef __cplusplus -} -#endif - -#endif /* _CK_SHA1_PRIV_H_ */ diff --git a/SecurityTests/cspxutils/hashTime/hashTime.cpp b/SecurityTests/cspxutils/hashTime/hashTime.cpp deleted file mode 100644 index d928a44a..00000000 --- a/SecurityTests/cspxutils/hashTime/hashTime.cpp +++ /dev/null @@ -1,723 +0,0 @@ -/* - * hashTime.cpp - measure performance of digest ops - */ - -#include -#include -#include -#include -#include "cputime.h" -#include "cspwrap.h" -#include "common.h" -#include -#include -#include -#include "MD5.h" /* CryptKit version used Panther and prior */ -#include "SHA1.h" /* ditto */ - -/* enumerate digest algorithms our way */ -typedef int HT_Alg; -enum { - HA_MD5 = 0, - HA_SHA1, - HA_SHA224, - HA_SHA256, - HA_SHA384, - HA_SHA512 -}; - -#define FIRST_ALG HA_MD5 -#define LAST_ALG HA_SHA512 - -static void usage(char **argv) -{ - printf("Usage: %s [option ...]\n", argv[0]); - printf("Options:\n"); - printf(" t=testspec; default=all\n"); - printf(" test specs: c : digest context setup/teardown\n"); - printf(" b : basic single block digest\n"); - printf(" d : digest lots of data\n"); - printf(" a=alg; default=all\n"); - printf(" algs: m : MD5\n"); - printf(" s : SHA1\n"); - printf(" 4 : SHA224\n"); - printf(" 2 : SHA256\n"); - printf(" 3 : SHA384\n"); - printf(" 5 : SHA512\n"); - printf(" l=loops (only valid if testspec is given)\n"); - printf(" o (use openssl implementations, MD5 and SHA1 only)\n"); - printf(" c (use CommonCrypto implementation)\n"); - printf(" k (use CryptKit implementations, MD5 and SHA1 only\n"); - printf(" v verify digest by printing it\n"); - exit(1); -} - -static void dumpDigest( - const unsigned char *digest, - unsigned len) -{ - for(unsigned dex=0; dexloops; loop++) { - crtn = CSSM_CSP_CreateDigestContext(params->cspHand, - params->algId, &ccHand); - if(crtn) { - return crtn; - } - crtn = CSSM_DeleteContext(ccHand); - if(crtn) { - return crtn; - } - } - timeSpentMs = CPUTimeDeltaMs(startTime, CPUTimeRead()); - printf(" context setup/delete : %u ops in %.2f ms; %f ms/op\n", - params->loops, timeSpentMs, timeSpentMs / (double)params->loops); - return CSSM_OK; -} - -/* Minimal CSP init/digest/final */ -#define BASIC_BLOCK_SIZE 64 // to digest in bytes -#define MAX_DIGEST_SIZE 64 // we provide, no malloc below CSSM - -static CSSM_RETURN hashBasic( - TestParams *params) -{ - CSSM_CC_HANDLE ccHand; - CSSM_RETURN crtn; - unsigned loop; - CPUTime startTime; - double timeSpentMs; - uint8 ptext[BASIC_BLOCK_SIZE]; - uint8 digest[MAX_DIGEST_SIZE]; - CSSM_DATA ptextData = {BASIC_BLOCK_SIZE, ptext}; - CSSM_DATA digestData = {MAX_DIGEST_SIZE, digest}; - - /* we reuse this one inside the loop */ - crtn = CSSM_CSP_CreateDigestContext(params->cspHand, - params->algId, &ccHand); - if(crtn) { - return crtn; - } - - /* random data, const thru the loops */ - appGetRandomBytes(ptext, BASIC_BLOCK_SIZE); - - /* start critical timing loop */ - startTime = CPUTimeRead(); - for(loop=0; looploops; loop++) { - crtn = CSSM_DigestDataInit(ccHand); - if(crtn) { - return crtn; - } - crtn = CSSM_DigestDataUpdate(ccHand, &ptextData, 1); - if(crtn) { - return crtn; - } - crtn = CSSM_DigestDataFinal(ccHand, &digestData); - if(crtn) { - return crtn; - } - } - CSSM_DeleteContext(ccHand); - timeSpentMs = CPUTimeDeltaMs(startTime, CPUTimeRead()); - printf(" Digest one %u byte block : %u ops in %.2f ms; %f ms/op\n", - BASIC_BLOCK_SIZE, params->loops, - timeSpentMs, timeSpentMs / (double)params->loops); - return CSSM_OK; -} - -/* Lots of data */ -#define PTEXT_SIZE 1000 // to digest in bytes -#define INNER_LOOPS 1000 - -static CSSM_RETURN hashDataRate( - TestParams *params) -{ - CSSM_CC_HANDLE ccHand; - CSSM_RETURN crtn; - unsigned loop; - unsigned iloop; - CPUTime startTime; - double timeSpent, timeSpentMs; - uint8 ptext[PTEXT_SIZE]; - uint8 digest[MAX_DIGEST_SIZE]; - CSSM_DATA ptextData = {PTEXT_SIZE, ptext}; - CSSM_DATA digestData = {MAX_DIGEST_SIZE, digest}; - - /* we reuse this one inside the loop */ - crtn = CSSM_CSP_CreateDigestContext(params->cspHand, - params->algId, &ccHand); - if(crtn) { - return crtn; - } - - /* random data, const thru the loops */ - initPtext(ptext, PTEXT_SIZE); - - /* start critical timing loop */ - startTime = CPUTimeRead(); - for(loop=0; looploops; loop++) { - crtn = CSSM_DigestDataInit(ccHand); - if(crtn) { - return crtn; - } - for(iloop=0; ilooploops * bytesPerLoop; - - /* careful, KByte = 1024, ms = 1/1000 */ - printf(" Digest %.0f bytes : %u ops in %.2f ms; %f ms/op, %.0f KBytes/s\n", - bytesPerLoop, params->loops, - timeSpentMs, timeSpentMs / (double)params->loops, - ((float)totalBytes / 1024.0) / timeSpent); - if(params->dumpDigest) { - dumpDigest(digest, digestData.Length); - } - return CSSM_OK; -} - -/* Lots of data, openssl version */ - -typedef union { - MD5_CTX md5; - SHA_CTX sha; -} OS_CTX; - -typedef void (*initFcn)(void *digestCtx); -typedef void (*updateFcn)(void *digestCtx, const void *data, unsigned long len); -typedef void (*finalFcn)(unsigned char *digest, void *digestCtx); - -static CSSM_RETURN hashDataRateOpenssl( - TestParams *params) -{ - OS_CTX ctx; - initFcn initPtr = NULL; - updateFcn updatePtr = NULL; - finalFcn finalPtr = NULL; - unsigned loop; - unsigned iloop; - CPUTime startTime; - double timeSpent, timeSpentMs; - uint8 ptext[PTEXT_SIZE]; - uint8 digest[MAX_DIGEST_SIZE]; - unsigned digestLen = 16; - - /* we reuse this one inside the loop */ - switch(params->algId) { - case CSSM_ALGID_SHA1: - initPtr = (initFcn)SHA1_Init; - updatePtr = (updateFcn)SHA1_Update; - finalPtr = (finalFcn)SHA1_Final; - digestLen = 20; - break; - case CSSM_ALGID_MD5: - initPtr = (initFcn)MD5_Init; - updatePtr = (updateFcn)MD5_Update; - finalPtr = (finalFcn)MD5_Final; - break; - default: - printf("***Sorry, Openssl can only do SHA1 and MD5.\n"); - return 1; - } - - /* random data, const thru the loops */ - initPtext(ptext, PTEXT_SIZE); - - /* start critical timing loop */ - startTime = CPUTimeRead(); - for(loop=0; looploops; loop++) { - initPtr(&ctx); - for(iloop=0; ilooploops * bytesPerLoop; - - /* careful, KByte = 1024, ms = 1/1000 */ - printf(" Digest %.0f bytes : %u ops in %.2f ms; %f ms/op, %.0f KBytes/s\n", - bytesPerLoop, params->loops, - timeSpentMs, timeSpentMs / (double)params->loops, - ((float)totalBytes / 1024.0) / timeSpent); - if(params->dumpDigest) { - dumpDigest(digest, digestLen); - } - return CSSM_OK; -} - -/* Lots of data, CommonCrypto version (not thru CSP) */ - -typedef union { - CC_MD5_CTX md5; - CC_SHA1_CTX sha; - CC_SHA256_CTX sha256; - CC_SHA512_CTX sha512; -} CC_CTX; - -typedef void (*ccUpdateFcn)(void *digestCtx, const void *data, CC_LONG len); -typedef void (*ccFinalFcn)(unsigned char *digest, void *digestCtx); - -static CSSM_RETURN hashDataRateCommonCrypto( - TestParams *params) -{ - CC_CTX ctx; - ccUpdateFcn updatePtr = NULL; - ccFinalFcn finalPtr = NULL; - initFcn initPtr = NULL; - unsigned loop; - unsigned iloop; - CPUTime startTime; - double timeSpent, timeSpentMs; - uint8 ptext[PTEXT_SIZE]; - uint8 digest[MAX_DIGEST_SIZE]; - unsigned digestLen = 16; - - /* we reuse this one inside the loop */ - switch(params->algId) { - case CSSM_ALGID_SHA1: - initPtr = (initFcn)CC_SHA1_Init; - updatePtr = (ccUpdateFcn)CC_SHA1_Update; - finalPtr = (ccFinalFcn)CC_SHA1_Final; - digestLen = CC_SHA1_DIGEST_LENGTH; - break; - case CSSM_ALGID_SHA224: - initPtr = (initFcn)CC_SHA224_Init; - updatePtr = (ccUpdateFcn)CC_SHA224_Update; - finalPtr = (ccFinalFcn)CC_SHA224_Final; - digestLen = CC_SHA224_DIGEST_LENGTH; - break; - case CSSM_ALGID_SHA256: - initPtr = (initFcn)CC_SHA256_Init; - updatePtr = (ccUpdateFcn)CC_SHA256_Update; - finalPtr = (ccFinalFcn)CC_SHA256_Final; - digestLen = CC_SHA256_DIGEST_LENGTH; - break; - case CSSM_ALGID_SHA384: - initPtr = (initFcn)CC_SHA384_Init; - updatePtr = (ccUpdateFcn)CC_SHA384_Update; - finalPtr = (ccFinalFcn)CC_SHA384_Final; - digestLen = CC_SHA384_DIGEST_LENGTH; - break; - case CSSM_ALGID_SHA512: - initPtr = (initFcn)CC_SHA512_Init; - updatePtr = (ccUpdateFcn)CC_SHA512_Update; - finalPtr = (ccFinalFcn)CC_SHA512_Final; - digestLen = CC_SHA512_DIGEST_LENGTH; - break; - case CSSM_ALGID_MD5: - initPtr = (initFcn)CC_MD5_Init; - updatePtr = (ccUpdateFcn)CC_MD5_Update; - finalPtr = (ccFinalFcn)CC_MD5_Final; - digestLen = CC_MD5_DIGEST_LENGTH; - break; - default: - printf("***BRRRZAP!\n"); - return 1; - } - - /* random data, const thru the loops */ - initPtext(ptext, PTEXT_SIZE); - - /* start critical timing loop */ - startTime = CPUTimeRead(); - for(loop=0; looploops; loop++) { - initPtr(&ctx); - for(iloop=0; ilooploops * bytesPerLoop; - - /* careful, KByte = 1024, ms = 1/1000 */ - printf(" Digest %.0f bytes : %u ops in %.2f ms; %f ms/op, %.0f KBytes/s\n", - bytesPerLoop, params->loops, - timeSpentMs, timeSpentMs / (double)params->loops, - ((float)totalBytes / 1024.0) / timeSpent); - if(params->dumpDigest) { - dumpDigest(digest, digestLen); - } - return CSSM_OK; -} - -/* Lots of data, CryptKit version */ - -/* cryptkit final routines are not orthoganal, fix up here */ -static void ckSha1Final( - unsigned char *digest, - void *ctx) -{ - sha1GetDigest((sha1Obj)ctx, digest); -} - -static void ckMD5Final( - unsigned char *digest, - void *ctx) -{ - MD5Final((struct MD5Context *)ctx, digest); -} - -typedef void (*ckUpdateFcn)(void *digestCtx, const void *data, unsigned len); -typedef void (*ckFinalFcn)(unsigned char *digest, void *digestCtx); - -static CSSM_RETURN hashDataRateCryptKit( - TestParams *params) -{ - ckUpdateFcn updatePtr = NULL; - ckFinalFcn finalPtr = NULL; - initFcn initPtr = NULL; - struct MD5Context md5; - sha1Obj sha; - void *ctx; - - unsigned loop; - unsigned iloop; - CPUTime startTime; - double timeSpent, timeSpentMs; - uint8 ptext[PTEXT_SIZE]; - uint8 digest[MAX_DIGEST_SIZE]; - unsigned digestLen = 16; - - /* we reuse this one inside the loop */ - switch(params->algId) { - case CSSM_ALGID_SHA1: - sha = sha1Alloc(); - ctx = sha; - initPtr = (initFcn)sha1Reinit; - updatePtr = (ckUpdateFcn)sha1AddData; - finalPtr = (ckFinalFcn)ckSha1Final; - digestLen = 20; - break; - case CSSM_ALGID_MD5: - ctx = &md5; - initPtr = (initFcn)MD5Init; - updatePtr = (ckUpdateFcn)MD5Update; - finalPtr = (ckFinalFcn)ckMD5Final; - break; - default: - printf("***Sorry, CryptKit can only do SHA1 and MD5.\n"); - return 1; - } - - /* random data, const thru the loops */ - initPtext(ptext, PTEXT_SIZE); - - /* start critical timing loop */ - startTime = CPUTimeRead(); - for(loop=0; looploops; loop++) { - initPtr(ctx); - for(iloop=0; ilooploops * bytesPerLoop; - - /* careful, KByte = 1024, ms = 1/1000 */ - printf(" Digest %.0f bytes : %u ops in %.2f ms; %f ms/op, %.0f KBytes/s\n", - bytesPerLoop, params->loops, - timeSpentMs, timeSpentMs / (double)params->loops, - ((float)totalBytes / 1024.0) / timeSpent); - if(params->dumpDigest) { - dumpDigest(digest, digestLen); - } - return CSSM_OK; -} - -typedef CSSM_RETURN (*testRunFcn)(TestParams *testParams); - -/* - * Static declaration of a test - */ -typedef struct { - const char *testName; - unsigned loops; - testRunFcn run; - char testSpec; // for t=xxx cmd line opt -} TestDefs; - -static TestDefs testDefs[] = -{ - { "Digest context setup/teardown", - 100000, - hashContext, - 'c', - }, - { "Basic single block digest", - 100000, - hashBasic, - 'b', - }, - { "Large data digest", - 1000, - hashDataRate, - 'd', - }, -}; - -static TestDefs testDefsOpenSSL[] = -{ - { "Digest context setup/teardown", - 100000, - NULL, // not implemented - 'c', - }, - { "Basic single block digest", - 100000, - NULL, // not implemented - 'b', - }, - { "Large data digest, OpenSSL", - 1000, - hashDataRateOpenssl, - 'd', - }, -}; - -static TestDefs testDefsCommonCrypto[] = -{ - { "Digest context setup/teardown", - 100000, - NULL, // not implemented - 'c', - }, - { "Basic single block digest", - 100000, - NULL, // not implemented - 'b', - }, - { "Large data digest, CommonCrypto", - 1000, - hashDataRateCommonCrypto, - 'd', - }, -}; - -static TestDefs testDefsCryptKit[] = -{ - { "Digest context setup/teardown", - 100000, - NULL, // not implemented - 'c', - }, - { "Basic single block digest", - 100000, - NULL, // not implemented - 'b', - }, - { "Large data digest, CryptKit", - 1000, - hashDataRateCryptKit, - 'd', - }, -}; - - -static void algToAlgId( - HT_Alg alg, - CSSM_ALGORITHMS *algId, - const char **algStr) -{ - switch(alg) { - case HA_MD5: - *algId = CSSM_ALGID_MD5; - *algStr = "MD5"; - break; - case HA_SHA1: - *algId = CSSM_ALGID_SHA1; - *algStr = "SHA1"; - break; - case HA_SHA224: - *algId = CSSM_ALGID_SHA224; - *algStr = "SHA224"; - break; - case HA_SHA256: - *algId = CSSM_ALGID_SHA256; - *algStr = "SHA256"; - break; - case HA_SHA384: - *algId = CSSM_ALGID_SHA384; - *algStr = "SHA384"; - break; - case HA_SHA512: - *algId = CSSM_ALGID_SHA512; - *algStr = "SHA512"; - break; - default: - printf("***algToAlgId screwup\n"); - exit(1); - } -} - -#define NUM_TESTS (sizeof(testDefs) / sizeof(testDefs[0])) - -int main(int argc, char **argv) -{ - TestParams testParams; - TestDefs *testDef; - TestDefs *ourTestDefs = testDefs; - CSSM_RETURN crtn; - int arg; - char *argp; - unsigned cmdLoops = 0; // can be specified in cmd line - // if not, use TestDefs.loops - char testSpec = '\0'; // allows specification of one test - // otherwise run all - HT_Alg alg; - const char *algStr; - int firstAlg = FIRST_ALG; - int lastAlg = LAST_ALG; - - memset(&testParams, 0, sizeof(testParams)); - - for(arg=1; argtestSpec != testSpec)) { - continue; - } - if(testDef->run == NULL) { - continue; - } - printf("%s:\n", testDef->testName); - if(cmdLoops) { - /* user specified */ - testParams.loops = cmdLoops; - } - else { - /* default */ - testParams.loops = testDef->loops; - } - for(alg=firstAlg; alg<=lastAlg; alg++) { - algToAlgId(alg, &testParams.algId, &algStr); - printf(" === %s ===\n", algStr); - crtn = testDef->run(&testParams); - if(crtn) { - exit(1); - } - } - } - return 0; -} diff --git a/SecurityTests/cspxutils/hashTimeLibCrypt/Makefile b/SecurityTests/cspxutils/hashTimeLibCrypt/Makefile deleted file mode 100644 index 825a8ab3..00000000 --- a/SecurityTests/cspxutils/hashTimeLibCrypt/Makefile +++ /dev/null @@ -1,55 +0,0 @@ -# name of executable to build -EXECUTABLE=hashTimeLibCrypt -# C++ source (with .cpp extension) -CPSOURCE=hashTimeLibCrypt.cpp pbkdDigest.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -lcrypto -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -#PROJ_LDFLAGS= -lMallocDebug -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/hashTimeLibCrypt/hashTimeLibCrypt.cpp b/SecurityTests/cspxutils/hashTimeLibCrypt/hashTimeLibCrypt.cpp deleted file mode 100644 index f8cfd3b5..00000000 --- a/SecurityTests/cspxutils/hashTimeLibCrypt/hashTimeLibCrypt.cpp +++ /dev/null @@ -1,272 +0,0 @@ -/* - * hashTimeLibCrypt.cpp - measure performance of libcrypt digest ops. - * - * Thjis is obsolete; hashTime does this a lot better,a dn it also measures raw - * CommonCrypto and CryptKit versions. - */ - -#include -#include -#include -#include -#include -#include "cputime.h" -#include "cspwrap.h" -#include "common.h" -#include "pbkdDigest.h" - -/* enumerate digest algorithms our way */ -typedef int HT_Alg; -enum { - HA_MD5 = 0, - HA_SHA1 -}; - -#define FIRST_ALG HA_MD5 -#define LAST_ALG HA_SHA1 - -static void usage(char **argv) -{ - printf("Usage: %s [option ...]\n", argv[0]); - printf("Options:\n"); - printf(" t=testspec; default=all\n"); - printf(" test specs: c digest context setup/teardown\n"); - printf(" b basic single block digest\n"); - printf(" d digest lots of data\n"); - printf(" l=loops (only valid if testspec is given)\n"); - exit(1); -} - -/* passed to each test */ -typedef struct { - unsigned loops; - bool isSha; -} TestParams; - -/* just digest context setup/teardown */ -/* returns nonzero on error */ -static int hashContext( - TestParams *params) -{ - unsigned loop; - CPUTime startTime; - double timeSpentMs; - DigestCtx ctx; - int rtn; - - startTime = CPUTimeRead(); - for(loop=0; looploops; loop++) { - rtn = DigestCtxInit(&ctx, params->isSha); - if(!rtn) { - return -1; - } - } - timeSpentMs = CPUTimeDeltaMs(startTime, CPUTimeRead()); - - printf(" context setup/delete : %u ops in %.2f ms; %f ms/op\n", - params->loops, timeSpentMs, timeSpentMs / (double)params->loops); - return 0; -} - -/* Minimal init/digest/final */ -#define BASIC_BLOCK_SIZE 64 // to digest in bytes -#define MAX_DIGEST_SIZE 20 // we provide, no malloc below CSSM - -static int hashBasic( - TestParams *params) -{ - unsigned loop; - CPUTime startTime; - double timeSpentMs; - uint8 ptext[BASIC_BLOCK_SIZE]; - uint8 digest[MAX_DIGEST_SIZE]; - DigestCtx ctx; - int rtn; - - /* random data, const thru the loops */ - appGetRandomBytes(ptext, BASIC_BLOCK_SIZE); - - /* start critical timing loop */ - startTime = CPUTimeRead(); - for(loop=0; looploops; loop++) { - rtn = DigestCtxInit(&ctx, params->isSha); - if(!rtn) { - return -1; - } - rtn = DigestCtxUpdate(&ctx, ptext, BASIC_BLOCK_SIZE); - if(!rtn) { - return -1; - } - rtn = DigestCtxFinal(&ctx, digest); - if(!rtn) { - return -1; - } - } - DigestCtxFree(&ctx); - timeSpentMs = CPUTimeDeltaMs(startTime, CPUTimeRead()); - printf(" Digest one %u byte block : %u ops in %.2f ms; %f ms/op\n", - BASIC_BLOCK_SIZE, params->loops, - timeSpentMs, timeSpentMs / (double)params->loops); - return 0; -} - -/* Lots of data */ -#define PTEXT_SIZE 1000 // to digest in bytes -#define INNER_LOOPS 1000 - -static int hashDataRate( - TestParams *params) -{ - unsigned loop; - unsigned iloop; - CPUTime startTime; - double timeSpent, timeSpentMs; - uint8 ptext[PTEXT_SIZE]; - uint8 digest[MAX_DIGEST_SIZE]; - DigestCtx ctx; - int rtn; - - /* random data, const thru the loops */ - appGetRandomBytes(ptext, PTEXT_SIZE); - - /* start critical timing loop */ - startTime = CPUTimeRead(); - for(loop=0; looploops; loop++) { - rtn = DigestCtxInit(&ctx, params->isSha); - if(!rtn) { - return -1; - } - for(iloop=0; ilooploops * bytesPerLoop; - - /* careful, KByte = 1024, ms = 1/1000 */ - printf(" Digest %.0f bytes : %u ops in %.2f ms; %f ms/op, %.0f KBytes/s\n", - bytesPerLoop, params->loops, - timeSpentMs, timeSpentMs / (double)params->loops, - ((float)totalBytes / 1024.0) / timeSpent); - return 0; -} - - -typedef int (*testRunFcn)(TestParams *testParams); - -/* - * Static declaration of a test - */ -typedef struct { - const char *testName; - unsigned loops; - testRunFcn run; - char testSpec; // for t=xxx cmd line opt -} TestDefs; - -static TestDefs testDefs[] = -{ - { "Digest context setup/teardown", - 100000, - hashContext, - 'c', - }, - { "Basic single block digest", - 100000, - hashBasic, - 'b', - }, - { "Large data digest", - 1000, - hashDataRate, - 'd', - }, -}; - -static void algToAlgId( - HT_Alg alg, - bool *isSha, - const char **algStr) -{ - switch(alg) { - case HA_MD5: - *isSha = false; - *algStr = "MD5"; - break; - case HA_SHA1: - *isSha = true; - *algStr = "SHA1"; - break; - default: - printf("***algToAlgId screwup\n"); - exit(1); - } -} - -#define NUM_TESTS (sizeof(testDefs) / sizeof(testDefs[0])) - -int main(int argc, char **argv) -{ - TestParams testParams; - TestDefs *testDef; - int rtn; - int arg; - char *argp; - unsigned cmdLoops = 0; // can be specified in cmd line - // if not, use TestDefs.loops - char testSpec = '\0'; // allows specification of one test - // otherwise run all - HT_Alg alg; - const char *algStr; - - for(arg=1; argtestSpec != testSpec)) { - continue; - } - printf("%s:\n", testDef->testName); - if(cmdLoops) { - /* user specified */ - testParams.loops = cmdLoops; - } - else { - /* default */ - testParams.loops = testDef->loops; - } - for(alg=FIRST_ALG; alg<=LAST_ALG; alg++) { - algToAlgId(alg, &testParams.isSha, &algStr); - printf(" === %s ===\n", algStr); - rtn = testDef->run(&testParams); - if(rtn) { - printf("Test returned error\n"); - exit(1); - } - } - } - return 0; -} diff --git a/SecurityTests/cspxutils/hashTimeLibCrypt/pbkdDigest.cpp b/SecurityTests/cspxutils/hashTimeLibCrypt/pbkdDigest.cpp deleted file mode 100644 index aca055e7..00000000 --- a/SecurityTests/cspxutils/hashTimeLibCrypt/pbkdDigest.cpp +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright (c) 2003-2005 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ -/* - * pbkdDigest.cpp - SHA1/MD5 digest object - */ - -#include "pbkdDigest.h" -#include -#include - -/* the casts are necessary to cover the polymorphous context types */ -DigestOps Md5Ops = { - (DigestInitFcn)MD5_Init, - (DigestUpdateFcn)MD5_Update, - (DigestFinalFcn)MD5_Final -}; -DigestOps Sha1Ops = { - (DigestInitFcn)SHA1_Init, - (DigestUpdateFcn)SHA1_Update, - (DigestFinalFcn)SHA1_Final -}; - -/* Ops on a DigestCtx */ -int DigestCtxInit( - DigestCtx *ctx, - CSSM_BOOL isSha1) -{ - if(isSha1) { - ctx->ops = &Sha1Ops; - } - else { - ctx->ops = &Md5Ops; - } - ctx->isSha1 = isSha1; - return ctx->ops->init(&ctx->dig); -} - -void DigestCtxFree( - DigestCtx *ctx) -{ - memset(ctx, 0, sizeof(DigestCtx)); -} - -int DigestCtxUpdate( - DigestCtx *ctx, - const void *textPtr, - uint32 textLen) -{ - return ctx->ops->update(&ctx->dig, textPtr, textLen); -} - -int DigestCtxFinal( - DigestCtx *ctx, - void *digest) -{ - return ctx->ops->final(digest, &ctx->dig); -} diff --git a/SecurityTests/cspxutils/hashTimeLibCrypt/pbkdDigest.h b/SecurityTests/cspxutils/hashTimeLibCrypt/pbkdDigest.h deleted file mode 100644 index fcb582d2..00000000 --- a/SecurityTests/cspxutils/hashTimeLibCrypt/pbkdDigest.h +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright (c) 2003-2005 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ -/* - * pbkdDigest.h - SHA1/MD5 digest object - */ - -#ifndef _PBKD_DIGEST_H_ -#define _PBKD_DIGEST_H_ - -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define kSHA1DigestSize SHA_DIGEST_LENGTH -#define kSHA1BlockSize SHA_CBLOCK - -#define kMD5DigestSize MD5_DIGEST_LENGTH -#define kMD5BlockSize MD5_CBLOCK - -typedef int (*DigestInitFcn)(void *ctx); -typedef int (*DigestUpdateFcn)(void *ctx, const void *data, unsigned long len); -typedef int (*DigestFinalFcn)(void *md, void *c); - -/* callouts to libcrypt */ -typedef struct { - DigestInitFcn init; - DigestUpdateFcn update; - DigestFinalFcn final; -} DigestOps; - -typedef struct { - union { - SHA_CTX sha1Context; - MD5_CTX md5Context; - } dig; - DigestOps *ops; - CSSM_BOOL isSha1; -} DigestCtx; - -/* Ops on a DigestCtx */ -int DigestCtxInit( - DigestCtx *ctx, - CSSM_BOOL isSha1); -void DigestCtxFree( - DigestCtx *ctx); -int DigestCtxUpdate( - DigestCtx *ctx, - const void *textPtr, - uint32 textLen); -int DigestCtxFinal( - DigestCtx *ctx, - void *digest); - -#ifdef __cplusplus -} -#endif - -#endif /* _PBKD_DIGEST_H_ */ - diff --git a/SecurityTests/cspxutils/hashTimeSA/MD5.c b/SecurityTests/cspxutils/hashTimeSA/MD5.c deleted file mode 100644 index 9ae199eb..00000000 --- a/SecurityTests/cspxutils/hashTimeSA/MD5.c +++ /dev/null @@ -1,367 +0,0 @@ -/* - File: MD5.c - - Written by: Colin Plumb - - Copyright: Copyright (c) 1998,2004-2005 Apple Computer, Inc. All Rights Reserved. - - Change History (most recent first): - - <7> 10/06/98 ap Changed to compile with C++. - - To Do: -*/ - -/* Copyright (c) 1998,2004-2005 Apple Computer, Inc. All Rights Reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * MD5.c - */ - -/* - * This code implements the MD5 message-digest algorithm. - * The algorithm is due to Ron Rivest. This code was - * written by Colin Plumb in 1993, no copyright is claimed. - * This code is in the public domain; do with it what you wish. - * - * Equivalent code is available from RSA Data Security, Inc. - * This code has been tested against that, and is equivalent, - * except that you don't need to include two pages of legalese - * with every copy. - * - * To compute the message digest of a chunk of bytes, declare an - * MD5Context structure, pass it to MD5Init, call MD5Update as - * needed on buffers full of bytes, and then call MD5Final, which - * will fill a supplied 16-byte array with the digest. - */ - -/* - * Revision History - * ---------------- - * 06 Feb 1997 Doug Mitchell at Apple - * Fixed endian-dependent cast in MD5Final() - * Made byteReverse() tolerant of platform-dependent alignment - * restrictions - */ - -#include "MD5.h" -//#include "platform.h" -#undef __LITTLE_ENDIAN__ -#undef __BIG_ENDIAN__ -#define __BIG_ENDIAN__ - -#include -#include - -static inline void intToByteRep(int i, unsigned char *buf) -{ - *buf++ = (unsigned char)((i >> 24) & 0xff); - *buf++ = (unsigned char)((i >> 16) & 0xff); - *buf++ = (unsigned char)((i >> 8) & 0xff); - *buf = (unsigned char)(i & 0xff); -} - -#define MD5_DEBUG 0 - -#if MD5_DEBUG -static inline void dumpCtx(struct MD5Context *ctx, char *label) -{ - int i; - - printf("%s\n", label); - printf("buf = "); - for(i=0; i<4; i++) { - printf("%x:", ctx->buf[i]); - } - printf("\nbits: %d:%d\n", ctx->bits[0], ctx->bits[1]); - printf("in[]:\n "); - for(i=0; i<64; i++) { - printf("%02x:", ctx->in[i]); - if((i % 16) == 15) { - printf("\n "); - } - } - printf("\n"); -} -#else // MD5_DEBUG -#define dumpCtx(ctx, label) -#endif // MD5_DEBUG - -static void MD5Transform(uint32 buf[4], uint32 const in[16]); - -#ifdef __LITTLE_ENDIAN__ -#define byteReverse(buf, len) /* Nothing */ -#else -static void byteReverse(unsigned char *buf, unsigned longs); - -#ifndef ASM_MD5 -/* - * Note: this code is harmless on little-endian machines. - */ -static void byteReverse(unsigned char *buf, unsigned longs) -{ -#if old_way - /* - * this code is NOT harmless on big-endian machine which require - * natural alignment. - */ - uint32 t; - do { - t = (uint32) ((unsigned) buf[3] << 8 | buf[2]) << 16 | - ((unsigned) buf[1] << 8 | buf[0]); - *(uint32 *) buf = t; - buf += 4; - } while (--longs); -#else // new_way - - unsigned char t; - do { - t = buf[0]; - buf[0] = buf[3]; - buf[3] = t; - t = buf[1]; - buf[1] = buf[2]; - buf[2] = t; - buf += 4; - } while (--longs); -#endif // old_way -} -#endif // ASM_MD5 -#endif // __LITTLE_ENDIAN__ - -/* - * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious - * initialization constants. - */ -void MD5Init(struct MD5Context *ctx) -{ - ctx->buf[0] = 0x67452301; - ctx->buf[1] = 0xefcdab89; - ctx->buf[2] = 0x98badcfe; - ctx->buf[3] = 0x10325476; - - ctx->bits[0] = 0; - ctx->bits[1] = 0; -} - -/* - * Update context to reflect the concatenation of another buffer full - * of bytes. - */ -void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len) -{ - uint32 t; - - dumpCtx(ctx, "MD5.c update top"); - /* Update bitcount */ - - t = ctx->bits[0]; - if ((ctx->bits[0] = t + ((uint32) len << 3)) < t) - ctx->bits[1]++; /* Carry from low to high */ - ctx->bits[1] += len >> 29; - - t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */ - - /* Handle any leading odd-sized chunks */ - - if (t) { - unsigned char *p = (unsigned char *) ctx->in + t; - - t = 64 - t; - if (len < t) { - memcpy(p, buf, len); - return; - } - memcpy(p, buf, t); - byteReverse(ctx->in, 16); - MD5Transform(ctx->buf, (uint32 *) ctx->in); - dumpCtx(ctx, "update - return from transform (1)"); - buf += t; - len -= t; - } - /* Process data in 64-byte chunks */ - - while (len >= 64) { - memcpy(ctx->in, buf, 64); - byteReverse(ctx->in, 16); - MD5Transform(ctx->buf, (uint32 *) ctx->in); - dumpCtx(ctx, "update - return from transform (2)"); - buf += 64; - len -= 64; - } - - /* Handle any remaining bytes of data. */ - - memcpy(ctx->in, buf, len); -} - -/* - * Final wrapup - pad to 64-byte boundary with the bit pattern - * 1 0* (64-bit count of bits processed, MSB-first) - */ -void MD5Final(struct MD5Context *ctx, unsigned char *digest) -{ - unsigned count; - unsigned char *p; - - dumpCtx(ctx, "final top"); - - /* Compute number of bytes mod 64 */ - count = (ctx->bits[0] >> 3) & 0x3F; - - /* Set the first char of padding to 0x80. This is safe since there is - always at least one byte free */ - p = ctx->in + count; - *p++ = 0x80; - #if MD5_DEBUG - printf("in[%d] = %x\n", count, ctx->in[count]); - #endif - /* Bytes of padding needed to make 64 bytes */ - count = 64 - 1 - count; - - /* Pad out to 56 mod 64 */ - dumpCtx(ctx, "final, before pad"); - if (count < 8) { - /* Two lots of padding: Pad the first block to 64 bytes */ - bzero(p, count); - byteReverse(ctx->in, 16); - MD5Transform(ctx->buf, (uint32 *) ctx->in); - - /* Now fill the next block with 56 bytes */ - bzero(ctx->in, 56); - } else { - /* Pad block to 56 bytes */ - bzero(p, count - 8); - } - byteReverse(ctx->in, 14); - - /* Append length in bits and transform */ - #ifdef __LITTLE_ENDIAN__ - /* l.s. byte of bits[0] --> in[56] */ - ((uint32 *) ctx->in)[14] = ctx->bits[0]; - ((uint32 *) ctx->in)[15] = ctx->bits[1]; - #else - /* l.s. byte of bits[0] --> in[60] */ - intToByteRep(ctx->bits[0], &ctx->in[56]); - intToByteRep(ctx->bits[1], &ctx->in[60]); - #endif - - dumpCtx(ctx, "last transform"); - MD5Transform(ctx->buf, (uint32 *) ctx->in); - byteReverse((unsigned char *) ctx->buf, 4); - memcpy(digest, ctx->buf, MD5_DIGEST_SIZE); - dumpCtx(ctx, "final end"); - - bzero(ctx, sizeof(*ctx)); /* In case it's sensitive */ -} - -#ifndef ASM_MD5 - -/* The four core functions - F1 is optimized somewhat */ - -/* #define F1(x, y, z) (x & y | ~x & z) */ -#define F1(x, y, z) (z ^ (x & (y ^ z))) -#define F2(x, y, z) F1(z, x, y) -#define F3(x, y, z) (x ^ y ^ z) -#define F4(x, y, z) (y ^ (x | ~z)) - -/* This is the central step in the MD5 algorithm. */ -#define MD5STEP(f, w, x, y, z, data, s) \ - ( w += f(x, y, z) + data, w = w<>(32-s), w += x ) - -/* - * The core of the MD5 algorithm, this alters an existing MD5 hash to - * reflect the addition of 16 longwords of new data. MD5Update blocks - * the data and converts bytes into longwords for this routine. - */ -static void MD5Transform(uint32 buf[4], uint32 const in[16]) -{ - register uint32 a, b, c, d; - - a = buf[0]; - b = buf[1]; - c = buf[2]; - d = buf[3]; - - MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); - MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); - MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); - MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); - MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); - MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); - MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); - MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); - MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); - MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); - MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); - MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); - MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); - MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); - MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); - MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); - - MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); - MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); - MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); - MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); - MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); - MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); - MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); - MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); - MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); - MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); - MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); - MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); - MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); - MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); - MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); - MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); - - MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); - MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); - MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); - MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); - MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); - MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); - MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); - MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); - MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); - MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); - MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); - MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); - MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); - MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); - MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); - MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); - - MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); - MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); - MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); - MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); - MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); - MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); - MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); - MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); - MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); - MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); - MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); - MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); - MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); - MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); - MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); - MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); - - buf[0] += a; - buf[1] += b; - buf[2] += c; - buf[3] += d; -} - -#endif // ASM_MD5 diff --git a/SecurityTests/cspxutils/hashTimeSA/MD5.h b/SecurityTests/cspxutils/hashTimeSA/MD5.h deleted file mode 100644 index 29e17df1..00000000 --- a/SecurityTests/cspxutils/hashTimeSA/MD5.h +++ /dev/null @@ -1,63 +0,0 @@ -/* - File: MD5.h - - Written by: Colin Plumb - - Copyright: Copyright (c) 1998,2004 Apple Computer, Inc. All Rights Reserved. - - Change History (most recent first): - - <8> 10/06/98 ap Changed to compile with C++. - - To Do: -*/ - -/* Copyright (c) 1998,2004 Apple Computer, Inc. All Rights Reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * MD5.h - * derived and used without need for permission from public domain source - */ - -#ifndef _CK_MD5_H_ -#define _CK_MD5_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef __alpha -typedef unsigned int uint32; -#elif defined (macintosh) -typedef unsigned int uint32; -#else -#include -//typedef unsigned long uint32; -#endif - -struct MD5Context { - uint32 buf[4]; - uint32 bits[2]; // bits[0] is low 32 bits of bit count - unsigned char in[64]; -}; - -#define MD5_DIGEST_SIZE 16 /* in bytes */ -#define MD5_BLOCK_SIZE 64 /* in bytes */ - -void MD5Init(struct MD5Context *context); -void MD5Update(struct MD5Context *context, unsigned char const *buf, - unsigned len); -void MD5Final(struct MD5Context *context, unsigned char *digest); - -#ifdef __cplusplus -} -#endif - -#endif /*_CK_MD5_H_*/ diff --git a/SecurityTests/cspxutils/hashTimeSA/Makefile b/SecurityTests/cspxutils/hashTimeSA/Makefile deleted file mode 100644 index c3b60c0a..00000000 --- a/SecurityTests/cspxutils/hashTimeSA/Makefile +++ /dev/null @@ -1,42 +0,0 @@ -EXECUTABLE=hashTimeSA -# C++ source (with .cpp extension) -CPSOURCE= hashTimeSA.cpp -# C source (.c extension) -CSOURCE= SHA1_priv.c MD5.c SHA1.c -OFILES = $(CSOURCE:%.c=%.o) $(CPSOURCE:%.cpp=%.o) - -LOCAL_BUILD= $(shell echo $(LOCAL_BUILD_DIR)) - -FRAMEWORKS= -framework CoreFoundation -FRAME_SEARCH= -FINCLUDES= -PINCLUDES= -I$(LOCAL_BUILD)/include -CINCLUDES= $(FINCLUDES) $(PINCLUDES) -WFLAGS= -Wno-four-char-constants -Wno-deprecated-declarations -CFLAGS= -g $(CINCLUDES) $(WFLAGS) $(FRAME_SEARCH) -Os - -# -# This assumes final load with cc, not ld -# -###LIBS= -lstdc++ -lcommonCrypto -LIBS= -lstdc++ -LIBPATH= -L$(LOCAL_BUILD) -L/usr/local/lib/system -LDFLAGS= $(LIBS) $(LIBPATH) $(FRAME_SEARCH) - -first: $(EXECUTABLE) - -$(EXECUTABLE): $(OFILES) - $(CC) -o $(EXECUTABLE) $(FRAMEWORKS) $(OFILES) $(LDFLAGS) - -clean: - rm -f *.o $(EXECUTABLE) - -installhdrs: - -install: - -%.o: %.c - $(CC) $(CFLAGS) -c -o $*.o $< - -%.o: %.cpp - $(CC) $(CFLAGS) -c -o $*.o $< diff --git a/SecurityTests/cspxutils/hashTimeSA/SHA1.c b/SecurityTests/cspxutils/hashTimeSA/SHA1.c deleted file mode 100644 index 89844dce..00000000 --- a/SecurityTests/cspxutils/hashTimeSA/SHA1.c +++ /dev/null @@ -1,176 +0,0 @@ -/* Copyright (c) 1998,2004 Apple Computer, Inc. All Rights Reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * SHA1.c - generic, portable SHA-1 hash object - * - * Revision History - * ---------------- - * 10/06/98 ap - * Changed to compile with C++. - * 07 Jan 1998 Doug Mitchell at Apple - * Created. - */ - -#include "SHA1.h" -#include "SHA1_priv.h" -#include - -/* for now map falloc to malloc, FIXME */ -#include -#define fmalloc(s) malloc(s) -#define ffree(p) free(p) - -/* - * Private data for this object. A sha1Obj handle is cast to a pointer - * to one of these. - */ -typedef struct { - SHS_INFO context; - int isDone; - - /* - * For storing partial blocks - */ - BYTE dataBuf[SHS_BLOCKSIZE]; - unsigned bufBytes; // valid bytes in dataBuf[p] -} sha1Inst; - -/* - * Alloc and init an empty sha1 object. - */ -sha1Obj sha1Alloc(void) -{ - sha1Inst *sinst; - - sinst = (sha1Inst *)fmalloc(sizeof(sha1Inst)); - if(sinst == NULL) { - return NULL; - } - shsInit(&sinst->context); - sha1Reinit((sha1Obj)sinst); - return (sha1Obj)sinst; -} - -/* - * Reusable init function. - */ -void sha1Reinit(sha1Obj sha1) -{ - sha1Inst *sinst = (sha1Inst *) sha1; - - shsInit(&sinst->context); - sinst->isDone = 0; - sinst->bufBytes = 0; -} - -/* - * Free an sha1 object. - */ -void sha1Free(sha1Obj sha1) -{ - sha1Inst *sinst = (sha1Inst *) sha1; - - memset(sha1, 0, sizeof(sha1Inst)); - ffree(sinst); -} - -/* - * Add some data to the sha1 object. - */ -void sha1AddData(sha1Obj sha1, - const unsigned char *data, - unsigned dataLen) -{ - sha1Inst *sinst = (sha1Inst *) sha1; - unsigned toMove; - unsigned blocks; - - if(sinst->isDone) { - /* - * Log some kind of error here... - */ - return; - } - - /* - * First deal with partial buffered block - */ - if(sinst->bufBytes != 0) { - toMove = SHS_BLOCKSIZE - sinst->bufBytes; - if(toMove > dataLen) { - toMove = dataLen; - } - memmove(sinst->dataBuf+sinst->bufBytes, data, toMove); - data += toMove; - dataLen -= toMove; - sinst->bufBytes += toMove; - if(sinst->bufBytes == SHS_BLOCKSIZE) { - shsUpdate(&sinst->context, sinst->dataBuf, SHS_BLOCKSIZE); - sinst->bufBytes = 0; - } - } - - /* - * Now the bulk of the data, in a multiple of full blocks - */ - blocks = dataLen / SHS_BLOCKSIZE; - toMove = blocks * SHS_BLOCKSIZE; - if(toMove != 0) { - shsUpdate(&sinst->context, data, toMove); - data += toMove; - dataLen -= toMove; - } - - /* - * Store any remainder in dataBuf - */ - if(dataLen != 0) { - memmove(sinst->dataBuf, data, dataLen); - sinst->bufBytes = dataLen; - } -} - -/* - * Obtain a pointer to completed message digest, and the length of the digest. - */ -unsigned char *sha1Digest(sha1Obj sha1) -{ - sha1Inst *sinst = (sha1Inst *) sha1; - - if(!sinst->isDone) { - /* - * Deal with partial resid block - */ - if(sinst->bufBytes != 0) { - shsUpdate(&sinst->context, sinst->dataBuf, - sinst->bufBytes); - sinst->bufBytes = 0; - } - shsFinal(&sinst->context); - sinst->isDone = 1; - } - /* - * FIXME - should do explicit conversion to char array....? - */ - return (unsigned char *)sinst->context.digest; -} - -/* As above, with copy. */ -void sha1GetDigest(sha1Obj sha1, - unsigned char *digest) -{ - unsigned char *dig = sha1Digest(sha1); - memmove(digest, dig, SHS_DIGESTSIZE); -} - -unsigned sha1DigestLen(void) -{ - return SHS_DIGESTSIZE; -} diff --git a/SecurityTests/cspxutils/hashTimeSA/SHA1.h b/SecurityTests/cspxutils/hashTimeSA/SHA1.h deleted file mode 100644 index 8a8a04de..00000000 --- a/SecurityTests/cspxutils/hashTimeSA/SHA1.h +++ /dev/null @@ -1,76 +0,0 @@ -/* Copyright (c) 1998,2004 Apple Computer, Inc. All Rights Reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * SHA1.h - generic, portable SHA-1 hash object - * - * Revision History - * ---------------- - * 05 Jan 1998 Doug Mitchell at Apple - * Created. - */ - -#ifndef _CK_SHA1_H_ -#define _CK_SHA1_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#define SHA1_DIGEST_SIZE 20 /* in bytes */ -#define SHA1_BLOCK_SIZE 64 /* in bytes */ - -/* - * Opaque sha1 object handle. - */ -typedef void *sha1Obj; - -/* - * Alloc and init an empty sha1 object. - */ -sha1Obj sha1Alloc(void); - -/* - * reinitialize an sha1 object for reuse. - */ -void sha1Reinit(sha1Obj sha1); - -/* - * Free an sha1 object. - */ -void sha1Free(sha1Obj sha1); - -/* - * Add some data to the sha1 object. - */ -void sha1AddData(sha1Obj sha1, - const unsigned char *data, - unsigned dataLen); - -/* - * Obtain a pointer to completed message digest. This disables further calls - * to sha1AddData(). This pointer is NOT malloc'd; the associated data - * persists only as long as this object does. - */ -unsigned char *sha1Digest(sha1Obj sha1); - -/* As above, with copy. */ -void sha1GetDigest(sha1Obj sha1, - unsigned char *digest); - -/* - * Obtain the length of the message digest. - */ -unsigned sha1DigestLen(void); - -#ifdef __cplusplus -} -#endif - -#endif /*_CK_SHA1_H_*/ diff --git a/SecurityTests/cspxutils/hashTimeSA/SHA1_priv.c b/SecurityTests/cspxutils/hashTimeSA/SHA1_priv.c deleted file mode 100644 index 276fdb65..00000000 --- a/SecurityTests/cspxutils/hashTimeSA/SHA1_priv.c +++ /dev/null @@ -1,313 +0,0 @@ -/* Copyright (c) 1998,2004 Apple Computer, Inc. All Rights Reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * SHA1_priv.c - low-level SHA-1 hash algorithm. - * - * Revision History - * ---------------- - * 05 Jan 1998 Doug Mitchell at Apple - * Created, based on source by Peter C. Gutmann. - * Mods: made reentrant, added NIST fix to expand(), eliminated - * unnecessary copy to local W[] array. - */ - - -/* NIST proposed Secure Hash Standard. - - Written 2 September 1992, Peter C. Gutmann. - This implementation placed in the public domain. - - Comments to pgut1@cs.aukuni.ac.nz */ - - -#include "SHA1_priv.h" -#include - -/* The SHS f()-functions */ - -#define f1(x,y,z) ( ( x & y ) | ( ~x & z ) ) /* Rounds 0-19 */ -#define f2(x,y,z) ( x ^ y ^ z ) /* Rounds 20-39 */ -#define f3(x,y,z) ( ( x & y ) | ( x & z ) | ( y & z ) ) /* Rounds 40-59 */ -#define f4(x,y,z) ( x ^ y ^ z ) /* Rounds 60-79 */ - -/* The SHS Mysterious Constants */ - -#define K1 0x5A827999L /* Rounds 0-19 */ -#define K2 0x6ED9EBA1L /* Rounds 20-39 */ -#define K3 0x8F1BBCDCL /* Rounds 40-59 */ -#define K4 0xCA62C1D6L /* Rounds 60-79 */ - -/* SHS initial values */ - -#define h0init 0x67452301L -#define h1init 0xEFCDAB89L -#define h2init 0x98BADCFEL -#define h3init 0x10325476L -#define h4init 0xC3D2E1F0L - -/* 32-bit rotate - kludged with shifts */ - -#define S(n,X) ( ( X << n ) | ( X >> ( 32 - n ) ) ) - -/* The initial expanding function */ - -/* - * 06 Jan 1998. Added left circular shift per NIST FIPS-180-1 (at - * http://www.nist.gov/itl/div897/pubs/fip180-1.htm). Also see - * B. Schneier, Applied Cryptography, Second Edition, section 18.7 - * for info on this addenda to the original NIST spec. - */ -#define expand(count) { \ - W[count] = W[count - 3] ^ W[count - 8] ^ W[count - 14] ^ W[count - 16]; \ - W[count] = S(1, W[count]); \ -} - -/* The four SHS sub-rounds */ - -#define subRound1(count) \ - { \ - temp = S( 5, A ) + f1( B, C, D ) + E + W[ count ] + K1; \ - E = D; \ - D = C; \ - C = S( 30, B ); \ - B = A; \ - A = temp; \ - } - -#define subRound2(count) \ - { \ - temp = S( 5, A ) + f2( B, C, D ) + E + W[ count ] + K2; \ - E = D; \ - D = C; \ - C = S( 30, B ); \ - B = A; \ - A = temp; \ - } - -#define subRound3(count) \ - { \ - temp = S( 5, A ) + f3( B, C, D ) + E + W[ count ] + K3; \ - E = D; \ - D = C; \ - C = S( 30, B ); \ - B = A; \ - A = temp; \ - } - -#define subRound4(count) \ - { \ - temp = S( 5, A ) + f4( B, C, D ) + E + W[ count ] + K4; \ - E = D; \ - D = C; \ - C = S( 30, B ); \ - B = A; \ - A = temp; \ - } - -/* Initialize the SHS values */ - -void shsInit( SHS_INFO *shsInfo ) - { - /* Set the h-vars to their initial values */ - shsInfo->digest[ 0 ] = h0init; - shsInfo->digest[ 1 ] = h1init; - shsInfo->digest[ 2 ] = h2init; - shsInfo->digest[ 3 ] = h3init; - shsInfo->digest[ 4 ] = h4init; - - /* Initialise bit count */ - shsInfo->countLo = shsInfo->countHi = 0L; - } - -/* Perform the SHS transformation. Note that this code, like MD5, seems to - break some optimizing compilers - it may be necessary to split it into - sections, eg based on the four subrounds */ - -static void shsTransform( SHS_INFO *shsInfo ) -{ - LONG *W, temp; - LONG A, B, C, D, E; - - /* Step A. Copy the data buffer into the local work buffer. */ - /* 07 Jan 1998, dmitch: skip this bogus move, and let the caller - * copy data directly into the W[] array. To minimize changes, - * we'll just increase the size of shsInfo->data[] and make W - * a pointer here. - */ - W = shsInfo->data; - - /* Step B. Expand the 16 words into 64 temporary data words */ - - /* - * Note: I tried optimizing this via a for loop, and for some reason, - * the "optimized" version ran slower on PPC than the original - * unrolled version. The optimized version does run faster on i486 than - * the unrolled version. - * - * Similarly, the set of subRounds, below, runs slower on i486 when - * optimized via 4 'for' loops. The "optimized" version of that is - * a wash on PPC. - * - * Conclusion: leave both of 'em unrolled. We could ifdef per machine, - * but this would get messy once we had more than two architectures. - * We may want to revisit this. --dpm - */ - expand( 16 ); expand( 17 ); expand( 18 ); expand( 19 ); expand( 20 ); - expand( 21 ); expand( 22 ); expand( 23 ); expand( 24 ); expand( 25 ); - expand( 26 ); expand( 27 ); expand( 28 ); expand( 29 ); expand( 30 ); - expand( 31 ); expand( 32 ); expand( 33 ); expand( 34 ); expand( 35 ); - expand( 36 ); expand( 37 ); expand( 38 ); expand( 39 ); expand( 40 ); - expand( 41 ); expand( 42 ); expand( 43 ); expand( 44 ); expand( 45 ); - expand( 46 ); expand( 47 ); expand( 48 ); expand( 49 ); expand( 50 ); - expand( 51 ); expand( 52 ); expand( 53 ); expand( 54 ); expand( 55 ); - expand( 56 ); expand( 57 ); expand( 58 ); expand( 59 ); expand( 60 ); - expand( 61 ); expand( 62 ); expand( 63 ); expand( 64 ); expand( 65 ); - expand( 66 ); expand( 67 ); expand( 68 ); expand( 69 ); expand( 70 ); - expand( 71 ); expand( 72 ); expand( 73 ); expand( 74 ); expand( 75 ); - expand( 76 ); expand( 77 ); expand( 78 ); expand( 79 ); - - /* Step C. Set up first buffer */ - A = shsInfo->digest[ 0 ]; - B = shsInfo->digest[ 1 ]; - C = shsInfo->digest[ 2 ]; - D = shsInfo->digest[ 3 ]; - E = shsInfo->digest[ 4 ]; - - /* Step D. Serious mangling, divided into four sub-rounds */ - subRound1( 0 ); subRound1( 1 ); subRound1( 2 ); subRound1( 3 ); - subRound1( 4 ); subRound1( 5 ); subRound1( 6 ); subRound1( 7 ); - subRound1( 8 ); subRound1( 9 ); subRound1( 10 ); subRound1( 11 ); - subRound1( 12 ); subRound1( 13 ); subRound1( 14 ); subRound1( 15 ); - subRound1( 16 ); subRound1( 17 ); subRound1( 18 ); subRound1( 19 ); - subRound2( 20 ); subRound2( 21 ); subRound2( 22 ); subRound2( 23 ); - subRound2( 24 ); subRound2( 25 ); subRound2( 26 ); subRound2( 27 ); - subRound2( 28 ); subRound2( 29 ); subRound2( 30 ); subRound2( 31 ); - subRound2( 32 ); subRound2( 33 ); subRound2( 34 ); subRound2( 35 ); - subRound2( 36 ); subRound2( 37 ); subRound2( 38 ); subRound2( 39 ); - subRound3( 40 ); subRound3( 41 ); subRound3( 42 ); subRound3( 43 ); - subRound3( 44 ); subRound3( 45 ); subRound3( 46 ); subRound3( 47 ); - subRound3( 48 ); subRound3( 49 ); subRound3( 50 ); subRound3( 51 ); - subRound3( 52 ); subRound3( 53 ); subRound3( 54 ); subRound3( 55 ); - subRound3( 56 ); subRound3( 57 ); subRound3( 58 ); subRound3( 59 ); - subRound4( 60 ); subRound4( 61 ); subRound4( 62 ); subRound4( 63 ); - subRound4( 64 ); subRound4( 65 ); subRound4( 66 ); subRound4( 67 ); - subRound4( 68 ); subRound4( 69 ); subRound4( 70 ); subRound4( 71 ); - subRound4( 72 ); subRound4( 73 ); subRound4( 74 ); subRound4( 75 ); - subRound4( 76 ); subRound4( 77 ); subRound4( 78 ); subRound4( 79 ); - - /* Step E. Build message digest */ - shsInfo->digest[ 0 ] += A; - shsInfo->digest[ 1 ] += B; - shsInfo->digest[ 2 ] += C; - shsInfo->digest[ 3 ] += D; - shsInfo->digest[ 4 ] += E; -} - -#ifdef __LITTLE_ENDIAN__ - -/* When run on a little-endian CPU we need to perform byte reversal on an - array of longwords. It is possible to make the code endianness- - independant by fiddling around with data at the byte level, but this - makes for very slow code, so we rely on the user to sort out endianness - at compile time */ - -static void byteReverse( buffer, byteCount ) - LONG *buffer; - int byteCount; - - { - LONG value; - int count; - - byteCount /= sizeof( LONG ); - for( count = 0; count < byteCount; count++ ) - { - value = ( buffer[ count ] << 16 ) | ( buffer[ count ] >> 16 ); - buffer[ count ] = ( ( value & 0xFF00FF00L ) >> 8 ) | ( ( value & 0x00FF00FFL ) << 8 ); - } - } - -#else /* __LITTLE_ENDIAN__ */ - -/* - * Nop for big-endian machines - */ -#define byteReverse( buffer, byteCount ) - -#endif /* __LITTLE_ENDIAN__ */ - - -/* Update SHS for a block of data. This code assumes that the buffer size - is a multiple of SHS_BLOCKSIZE bytes long, which makes the code a lot - more efficient since it does away with the need to handle partial blocks - between calls to shsUpdate() */ - -void shsUpdate( - SHS_INFO *shsInfo, - const BYTE *buffer, - int count) - - { - /* Update bitcount */ - if( ( shsInfo->countLo + ( ( LONG ) count << 3 ) ) < shsInfo->countLo ) - shsInfo->countHi++; /* Carry from low to high bitCount */ - shsInfo->countLo += ( ( LONG ) count << 3 ); - shsInfo->countHi += ( ( LONG ) count >> 29 ); - - /* Process data in SHS_BLOCKSIZE chunks */ - while( count >= SHS_BLOCKSIZE ) - { - memcpy( shsInfo->data, buffer, SHS_BLOCKSIZE ); - byteReverse( shsInfo->data, SHS_BLOCKSIZE ); - shsTransform( shsInfo ); - buffer += SHS_BLOCKSIZE; - count -= SHS_BLOCKSIZE; - } - - /* Handle any remaining bytes of data. This should only happen once - on the final lot of data */ - memcpy( shsInfo->data, buffer, count ); - } - -void shsFinal(SHS_INFO *shsInfo) - { - int count; - LONG lowBitcount = shsInfo->countLo, highBitcount = shsInfo->countHi; - - /* Compute number of bytes mod 64 */ - count = ( int ) ( ( shsInfo->countLo >> 3 ) & 0x3F ); - - /* Set the first char of padding to 0x80. This is safe since there is - always at least one byte free */ - ( ( BYTE * ) shsInfo->data )[ count++ ] = 0x80; - - /* Pad out to 56 mod 64 */ - if( count > 56 ) - { - /* Two lots of padding: Pad the first block to 64 bytes */ - memset( ( BYTE * ) &shsInfo->data + count, 0, 64 - count ); - byteReverse( shsInfo->data, SHS_BLOCKSIZE ); - shsTransform( shsInfo ); - - /* Now fill the next block with 56 bytes */ - memset( &shsInfo->data, 0, 56 ); - } - else - /* Pad block to 56 bytes */ - memset( ( BYTE * ) &shsInfo->data + count, 0, 56 - count ); - byteReverse( shsInfo->data, SHS_BLOCKSIZE ); - - /* Append length in bits and transform */ - shsInfo->data[ 14 ] = highBitcount; - shsInfo->data[ 15 ] = lowBitcount; - - shsTransform( shsInfo ); - byteReverse( shsInfo->digest, SHS_DIGESTSIZE ); - } diff --git a/SecurityTests/cspxutils/hashTimeSA/SHA1_priv.h b/SecurityTests/cspxutils/hashTimeSA/SHA1_priv.h deleted file mode 100644 index b208044d..00000000 --- a/SecurityTests/cspxutils/hashTimeSA/SHA1_priv.h +++ /dev/null @@ -1,54 +0,0 @@ -/* Copyright (c) 1998,2004 Apple Computer, Inc. All Rights Reserved. - * - * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT - * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE - * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE COMPUTER, INC. AND THE - * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE COMPUTER, - * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL - * EXPOSE YOU TO LIABILITY. - *************************************************************************** - * - * SHA1_priv.h - private low-level API for SHA-1 hash algorithm - * - * Revision History - * ---------------- - * 22 Aug 96 Doug Mitchell at NeXT - * Created. - */ - -/* Useful defines/typedefs */ - -#ifndef _CK_SHA1_PRIV_H_ -#define _CK_SHA1_PRIV_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -typedef unsigned char BYTE; -typedef unsigned long LONG; - -/* The SHS block size and message digest sizes, in bytes */ - -#define SHS_BLOCKSIZE 64 -#define SHS_DIGESTSIZE 20 - -/* The structure for storing SHS info */ - -typedef struct { - LONG digest[ 5 ]; /* Message digest */ - LONG countLo, countHi; /* 64-bit bit count */ - LONG data[ 80 ]; /* SHS data buffer */ - } SHS_INFO; - -extern void shsInit(SHS_INFO *shsInfo); -extern void shsUpdate(SHS_INFO *shsInfo, - const BYTE *buffer, - int count); -extern void shsFinal(SHS_INFO *shsInfo); - -#ifdef __cplusplus -} -#endif - -#endif /* _CK_SHA1_PRIV_H_ */ diff --git a/SecurityTests/cspxutils/hashTimeSA/hashTimeSA.cpp b/SecurityTests/cspxutils/hashTimeSA/hashTimeSA.cpp deleted file mode 100644 index 04cd2993..00000000 --- a/SecurityTests/cspxutils/hashTimeSA/hashTimeSA.cpp +++ /dev/null @@ -1,420 +0,0 @@ -/* - * hashTimeSA.cpp - measure performance of digest ops, standalone version (no - * dependency on Security.framewortk or on CommonCrypto portion of libSystem). - */ - -#include -#include -#include -#include /* static lib used in Tiger */ -#include "MD5.h" /* CryptKit version used in Panther and prior */ -#include "SHA1.h" /* ditto */ -#include /* for ALGID values */ -#include /* more ALGID values */ -#include - -/* enumerate digest algorithms our way */ -typedef int HT_Alg; -enum { - HA_MD5 = 0, - HA_SHA1, - HA_SHA224, - HA_SHA256, - HA_SHA384, - HA_SHA512 -}; - -#define FIRST_ALG HA_MD5 -#define LAST_ALG HA_SHA512 - -static void usage(char **argv) -{ - printf("Usage: %s c|k [option ...]\n", argv[0]); - printf(" c=CommonCrypto; k=CryptKit\n"); - printf("Options:\n"); - printf(" a=alg; default=all\n"); - printf(" algs: m : MD5\n"); - printf(" s : SHA1\n"); - printf(" 4 : SHA224\n"); - printf(" 2 : SHA256\n"); - printf(" 3 : SHA384\n"); - printf(" 5 : SHA512\n"); - printf(" l=loops (only valid if testspec is given)\n"); - printf(" v verify digest by printing it\n"); - exit(1); -} - -static void dumpDigest( - const unsigned char *digest, - unsigned len) -{ - for(unsigned dex=0; dexalgId) { - case CSSM_ALGID_SHA1: - sha = sha1Alloc(); - ctx = sha; - initPtr = (ckInitFcn)sha1Reinit; - updatePtr = (ckUpdateFcn)sha1AddData; - finalPtr = (ckFinalFcn)ckSha1Final; - digestLen = 20; - break; - case CSSM_ALGID_MD5: - ctx = &md5; - initPtr = (ckInitFcn)MD5Init; - updatePtr = (ckUpdateFcn)MD5Update; - finalPtr = (ckFinalFcn)MD5Final; - break; - default: - printf("***Sorry, CryptKit can only do SHA1 and MD5.\n"); - return 1; - } - - /* random data, const thru the loops */ - initPtext(ptext, PTEXT_SIZE); - - /* start critical timing loop */ - startTime = CFAbsoluteTimeGetCurrent(); - for(loop=0; looploops; loop++) { - initPtr(ctx); - for(iloop=0; ilooploops * bytesPerLoop; - - /* careful, KByte = 1024, ms = 1/1000 */ - printf(" Digest %.0f bytes : %u ops in %.2f ms; %f ms/op, %.0f KBytes/s\n", - bytesPerLoop, params->loops, - timeSpentMs, timeSpentMs / (double)params->loops, - ((float)totalBytes / 1024.0) / timeSpent); - if(params->dumpDigest) { - dumpDigest(digest, digestLen); - } - return CSSM_OK; -} - -typedef union { - CC_MD5_CTX md5; - CC_SHA1_CTX sha; - CC_SHA256_CTX sha256; - CC_SHA512_CTX sha512; -} CC_CTX; - -typedef void (*ccInitFcn)(void *digestCtx); -typedef void (*ccUpdateFcn)(void *digestCtx, const void *data, CC_LONG len); -typedef void (*ccFinalFcn)(unsigned char *digest, void *digestCtx); - -static CSSM_RETURN hashDataRateCommonCrypto( - TestParams *params) -{ - CC_CTX ctx; - ccUpdateFcn updatePtr = NULL; - ccFinalFcn finalPtr = NULL; - ccInitFcn initPtr = NULL; - unsigned loop; - unsigned iloop; - double startTime, endTime; - double timeSpent, timeSpentMs; - uint8 ptext[PTEXT_SIZE]; - uint8 digest[MAX_DIGEST_SIZE]; - unsigned digestLen = 16; - - /* we reuse this one inside the loop */ - switch(params->algId) { - case CSSM_ALGID_SHA1: - initPtr = (ccInitFcn)CC_SHA1_Init; - updatePtr = (ccUpdateFcn)CC_SHA1_Update; - finalPtr = (ccFinalFcn)CC_SHA1_Final; - digestLen = 20; - break; - case CSSM_ALGID_SHA224: - initPtr = (ccInitFcn)CC_SHA224_Init; - updatePtr = (ccUpdateFcn)CC_SHA224_Update; - finalPtr = (ccFinalFcn)CC_SHA224_Final; - digestLen = 28; - break; - case CSSM_ALGID_SHA256: - initPtr = (ccInitFcn)CC_SHA256_Init; - updatePtr = (ccUpdateFcn)CC_SHA256_Update; - finalPtr = (ccFinalFcn)CC_SHA256_Final; - digestLen = 32; - break; - case CSSM_ALGID_SHA384: - initPtr = (ccInitFcn)CC_SHA384_Init; - updatePtr = (ccUpdateFcn)CC_SHA384_Update; - finalPtr = (ccFinalFcn)CC_SHA384_Final; - digestLen = 48; - break; - case CSSM_ALGID_SHA512: - initPtr = (ccInitFcn)CC_SHA512_Init; - updatePtr = (ccUpdateFcn)CC_SHA512_Update; - finalPtr = (ccFinalFcn)CC_SHA512_Final; - digestLen = 64; - break; - case CSSM_ALGID_MD5: - initPtr = (ccInitFcn)CC_MD5_Init; - updatePtr = (ccUpdateFcn)CC_MD5_Update; - finalPtr = (ccFinalFcn)CC_MD5_Final; - digestLen = 16; - break; - default: - printf("***BRRRZAP!\n"); - return 1; - } - - /* random data, const thru the loops */ - initPtext(ptext, PTEXT_SIZE); - - /* start critical timing loop */ - startTime = CFAbsoluteTimeGetCurrent(); - for(loop=0; looploops; loop++) { - initPtr(&ctx); - for(iloop=0; ilooploops * bytesPerLoop; - - /* careful, KByte = 1024, ms = 1/1000 */ - printf(" Digest %.0f bytes : %u ops in %.2f ms; %f ms/op, %.0f KBytes/s\n", - bytesPerLoop, params->loops, - timeSpentMs, timeSpentMs / (double)params->loops, - ((float)totalBytes / 1024.0) / timeSpent); - if(params->dumpDigest) { - dumpDigest(digest, digestLen); - } - return CSSM_OK; -} - -typedef CSSM_RETURN (*testRunFcn)(TestParams *testParams); - -/* - * Static declaration of a test - */ -typedef struct { - const char *testName; - unsigned loops; - testRunFcn run; - char testSpec; // for t=xxx cmd line opt -} TestDefs; - -static TestDefs testDefsCryptKit = -{ "Large data digest, CryptKit", - 1000, - hashDataRateCryptKit, - 'd', -}; - -static TestDefs testDefsCommonCrypto = -{ "Large data digest, CommonCrypto", - 1000, - hashDataRateCommonCrypto, - 'd', -}; - -static void algToAlgId( - HT_Alg alg, - CSSM_ALGORITHMS *algId, - const char **algStr) -{ - switch(alg) { - case HA_MD5: - *algId = CSSM_ALGID_MD5; - *algStr = "MD5"; - break; - case HA_SHA1: - *algId = CSSM_ALGID_SHA1; - *algStr = "SHA1"; - break; - case HA_SHA224: - *algId = CSSM_ALGID_SHA224; - *algStr = "SHA224"; - break; - case HA_SHA256: - *algId = CSSM_ALGID_SHA256; - *algStr = "SHA256"; - break; - case HA_SHA384: - *algId = CSSM_ALGID_SHA384; - *algStr = "SHA384"; - break; - case HA_SHA512: - *algId = CSSM_ALGID_SHA512; - *algStr = "SHA512"; - break; - default: - printf("***algToAlgId screwup\n"); - exit(1); - } -} - -int main(int argc, char **argv) -{ - TestParams testParams; - TestDefs *testDefs = NULL; - CSSM_RETURN crtn; - int arg; - char *argp; - unsigned cmdLoops = 0; // can be specified in cmd line - // if not, use TestDefs.loops - HT_Alg alg; - const char *algStr; - int firstAlg = FIRST_ALG; - int lastAlg = LAST_ALG; - - memset(&testParams, 0, sizeof(testParams)); - - if(argc < 2) { - usage(argv); - } - switch(argv[1][0]) { - case 'c': - testDefs = &testDefsCommonCrypto; - break; - case 'k': - testDefs = &testDefsCryptKit; - break; - default: - usage(argv); - } - - for(arg=2; argtestName); - if(cmdLoops) { - /* user specified */ - testParams.loops = cmdLoops; - } - else { - /* default */ - testParams.loops = testDefs->loops; - } - if((lastAlg > HA_SHA1) && (testDefs == &testDefsCryptKit)) { - /* CryptKit can only do MD5 and SHA1 */ - lastAlg = HA_SHA1; - } - for(alg=firstAlg; alg<=lastAlg; alg++) { - algToAlgId(alg, &testParams.algId, &algStr); - printf(" === %s ===\n", algStr); - crtn = testDefs->run(&testParams); - if(crtn) { - printf("***Error detected in test, somehow....aborting.\n"); - exit(1); - } - } - return 0; -} diff --git a/SecurityTests/cspxutils/keyDate/Makefile b/SecurityTests/cspxutils/keyDate/Makefile deleted file mode 100644 index 8e59ebea..00000000 --- a/SecurityTests/cspxutils/keyDate/Makefile +++ /dev/null @@ -1,57 +0,0 @@ -# -# sample Makefile fragment for csputils projects. -# - -### fill in these: - -# name of executable to build -EXECUTABLE=keyDate -# C++ source (with .cpp extension) -CPSOURCE=keyDate.cpp -# C source (.c extension) -CSOURCE= - -### all of the rest is optional. - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= -framework CoreFoundation - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/keyDate/keyDate.cpp b/SecurityTests/cspxutils/keyDate/keyDate.cpp deleted file mode 100644 index 683efca0..00000000 --- a/SecurityTests/cspxutils/keyDate/keyDate.cpp +++ /dev/null @@ -1,1415 +0,0 @@ -/* - * keyDate.cpp - test handling of KeyHeader.{StartDate,EndDate} - */ -#include -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include - -/* - * Enumerate algs our own way to allow iteration. - */ -typedef unsigned privAlg; -enum { - ALG_ASC = 1, - ALG_DES, - ALG_AES, - ALG_BFISH, - ALG_RSA, -}; - -#define SYM_FIRST ALG_ASC -#define SYM_LAST ALG_BFISH -#define ASYM_FIRST ALG_RSA -#define ASYM_LAST ALG_RSA - -#define KD_DB_NAME "keyDate.db" -#define KD_KEY_LABEL "keyStoreKey" - -static CSSM_DATA keyLabelData = {12, (uint8 *)KD_KEY_LABEL}; - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" s(ymmetric only)\n"); - printf(" a(symmetric only)\n"); - printf(" t (key store only)\n"); - printf(" D (CSPDL; default is bare CSP)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -#pragma mark - -#pragma mark --- Utilities --- - -/* - * Set a CSSM_DATE to "today plus delta days". Delta can be positive - * or negative. - */ -static void setDate( - CSSM_DATE &cdate, - int deltaDays) -{ - CFAbsoluteTime cfTime = CFAbsoluteTimeGetCurrent(); - float fdelta = 60.0 * 60.0 * 24.0 * deltaDays; - cfTime += fdelta; - CFDateRef cfDate = CFDateCreate(NULL, cfTime); - CssmUniformDate cud(cfDate); - CFRelease(cfDate); - cdate = cud; -} - -/* - * Compare two CSSM_DATEs. Returns nonzero on error. - */ -static int compareDates( - const CSSM_DATE *refDate, // what we tried to set, or NULL - const CSSM_DATE *keyDate, - const char *op, - CSSM_BOOL quiet) -{ - if(refDate == NULL) { - /* make sure key date is empty */ - bool isZero = true; - unsigned char *cp = (unsigned char *)keyDate; - for(unsigned i=0; iDLHandle, - dlDbHand->DBHandle); - if(crtn) { - return testError(quiet); - } - } - crtn = CSSM_GenerateKey(ccHand, - keyUsage, - keyAttr, - &keyLabelData, - NULL, // ACL - symKey); - if(crtn) { - printError("CSSM_GenerateKey", crtn); - return testError(quiet); - } - CSSM_DeleteContext(ccHand); - - CSSM_KEYHEADER &hdr = symKey->KeyHeader; - CSSM_DATE *cdp = NULL; - if(setStartDate) { - cdp = &startDate; - } - if(compareDates(cdp, &hdr.StartDate, keyAlgStr, quiet)) { - return 1; - } - if(setEndDate) { - cdp = &endDate; - } - else { - cdp = NULL; - } - if(compareDates(cdp, &hdr.EndDate, keyAlgStr, quiet)) { - return 1; - } - return 0; -} - -/* - * Common, flexible, error-tolerant key pair generator. - */ -static int genKeyPair( - CSSM_CSP_HANDLE cspHand, - uint32 algorithm, - const char *keyAlgStr, - uint32 keySizeInBits, - CSSM_KEY_PTR pubKey, - CSSM_KEYATTR_FLAGS pubKeyAttr, - CSSM_KEYUSE pubKeyUsage, - CSSM_KEY_PTR privKey, - CSSM_KEYATTR_FLAGS privKeyAttr, - CSSM_KEYUSE privKeyUsage, - CSSM_BOOL quiet, - bool setStartDate, - int startDeltaDays, - bool setEndDate, - int endDeltaDays, - CSSM_DL_DB_HANDLE *dlDbHand = NULL) // optional -{ - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand; - CSSM_DATE startDate; - CSSM_DATE endDate; - - if(setStartDate) { - setDate(startDate, startDeltaDays); - } - if(setEndDate) { - setDate(endDate, endDeltaDays); - } - - memset(pubKey, 0, sizeof(CSSM_KEY)); - memset(privKey, 0, sizeof(CSSM_KEY)); - - crtn = CSSM_CSP_CreateKeyGenContext(cspHand, - algorithm, - keySizeInBits, - NULL, // Seed - NULL, // Salt - setStartDate ? &startDate : NULL, - setEndDate ? &endDate : NULL, - NULL, // Params - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateKeyGenContext", crtn); - return testError(quiet); - } - - if(dlDbHand) { - /* add in DL/DB to context */ - crtn = cspAddDlDbToContext(ccHand, dlDbHand->DLHandle, - dlDbHand->DBHandle); - if(crtn) { - return testError(quiet); - } - } - - crtn = CSSM_GenerateKeyPair(ccHand, - pubKeyUsage, - pubKeyAttr, - &keyLabelData, - pubKey, - privKeyUsage, - privKeyAttr, - &keyLabelData, // same labels - NULL, // CredAndAclEntry - privKey); - if(crtn) { - printError("CSSM_GenerateKeyPair", crtn); - return testError(quiet); - } - CSSM_DeleteContext(ccHand); - CSSM_KEYHEADER &pubHdr = pubKey->KeyHeader; - CSSM_KEYHEADER &privHdr = privKey->KeyHeader; - CSSM_DATE *cdp = NULL; - if(setStartDate) { - cdp = &startDate; - } - if(compareDates(cdp, &pubHdr.StartDate, keyAlgStr, quiet)) { - return 1; - } - if(compareDates(cdp, &privHdr.StartDate, keyAlgStr, quiet)) { - return 1; - } - if(setEndDate) { - cdp = &endDate; - } - else { - cdp = NULL; - } - if(compareDates(cdp, &pubHdr.EndDate, keyAlgStr, quiet)) { - return 1; - } - if(compareDates(cdp, &privHdr.EndDate, keyAlgStr, quiet)) { - return 1; - } - return 0; -} - -/* map one of our private privAlgs (ALG_DES, etc.) to associated CSSM info. */ -void privAlgToCssm( - privAlg palg, - CSSM_ALGORITHMS *keyAlg, - CSSM_ALGORITHMS *signAlg, // CSSM_ALGID_NONE means incapable - // (e.g., DES) - CSSM_ALGORITHMS *encrAlg, // CSSM_ALGID_NONE means incapable - CSSM_ENCRYPT_MODE *encrMode, - CSSM_PADDING *encrPad, - uint32 *keySizeInBits, - const char **keyAlgStr) -{ - *signAlg = *encrAlg = CSSM_ALGID_NONE; // default - *encrMode = CSSM_ALGMODE_NONE; - *encrPad = CSSM_PADDING_NONE; - switch(palg) { - case ALG_ASC: - *encrAlg = *keyAlg = CSSM_ALGID_ASC; - *keySizeInBits = CSP_ASC_KEY_SIZE_DEFAULT; - *keyAlgStr = "ASC"; - break; - case ALG_DES: - *encrAlg = *keyAlg = CSSM_ALGID_DES; - *keySizeInBits = CSP_DES_KEY_SIZE_DEFAULT; - *keyAlgStr = "DES"; - *encrMode = CSSM_ALGMODE_CBCPadIV8; - *encrPad = CSSM_PADDING_PKCS7; - break; - case ALG_AES: - *encrAlg = *keyAlg = CSSM_ALGID_AES; - *keySizeInBits = CSP_AES_KEY_SIZE_DEFAULT; - *keyAlgStr = "AES"; - *encrMode = CSSM_ALGMODE_CBCPadIV8; - *encrPad = CSSM_PADDING_PKCS7; - break; - case ALG_BFISH: - *encrAlg = *keyAlg = CSSM_ALGID_BLOWFISH; - *keySizeInBits = CSP_BFISH_KEY_SIZE_DEFAULT; - *keyAlgStr = "Blowfish"; - *encrMode = CSSM_ALGMODE_CBCPadIV8; - *encrPad = CSSM_PADDING_PKCS7; - break; - case ALG_RSA: - *keyAlg = CSSM_ALGID_RSA; - *encrAlg = CSSM_ALGID_RSA; - *signAlg = CSSM_ALGID_SHA1WithRSA; - *keySizeInBits = 512; - *keyAlgStr = "RSA"; - *encrPad = CSSM_PADDING_PKCS1; - break; - default: - printf("***BRRZAP! privAlgToCssm needs work\n"); - exit(1); - } - return; -} - -#pragma mark - -#pragma mark --- basic ops to detect INVALID_KEY_{START,END}_DATE --- - -#define PTEXT_SIZE 64 -#define IV_SIZE 16 - -static int doEncrypt( - CSSM_CSP_HANDLE cspHand, - const char *algStr, - CSSM_KEY_PTR key, // session, public - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE encrMode, - CSSM_PADDING encrPad, - CSSM_RETURN expRtn, // expected result - CSSM_BOOL quiet) -{ - uint8 ptextData[PTEXT_SIZE]; - CSSM_DATA ptext = {PTEXT_SIZE, ptextData}; - uint8 someIvData[IV_SIZE]; - CSSM_DATA someIv = {IV_SIZE, someIvData}; - - simpleGenData(&ptext, PTEXT_SIZE, PTEXT_SIZE); - simpleGenData(&someIv, IV_SIZE, IV_SIZE); - - CSSM_CC_HANDLE cryptHand = 0; - CSSM_RETURN crtn; - CSSM_ACCESS_CREDENTIALS creds; - - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - - if(key->KeyHeader.KeyClass == CSSM_KEYCLASS_SESSION_KEY) { - crtn = CSSM_CSP_CreateSymmetricContext(cspHand, - encrAlg, - encrMode, - NULL, // access cred - key, - &someIv, - encrPad, - NULL, // Params - &cryptHand); - if(crtn) { - printError("CSSM_CSP_CreateSymmetricContext", crtn); - return testError(quiet); - } - } - else if(key->KeyHeader.KeyClass == CSSM_KEYCLASS_PUBLIC_KEY) { - crtn = CSSM_CSP_CreateAsymmetricContext(cspHand, - encrAlg, - &creds, // access - key, - encrPad, - &cryptHand); - if(crtn) { - printError("CSSM_CSP_CreateAsymmetricContext", crtn); - return testError(quiet); - } - } - else { - printf("***BRRZAP! Only encrypt with session and public keys\n"); - exit(1); - } - - CSSM_DATA ctext = {0, NULL}; - CSSM_DATA remData = {0, NULL}; - CSSM_SIZE bEncr; - int irtn = 0; - - crtn = CSSM_EncryptData(cryptHand, - &ptext, - 1, - &ctext, - 1, - &bEncr, - &remData); - if(crtn != expRtn) { - if(expRtn == CSSM_OK) { - printError("CSSM_EncryptData", crtn); - printf("Unexpected error encrypting with %s\n", algStr); - } - else { - printf("***Encrypt with %s: expected %s, got %s.\n", - algStr, cssmErrToStr(expRtn), - cssmErrToStr(crtn)); - } - irtn = testError(quiet); - } - appFreeCssmData(&ctext, CSSM_FALSE); - appFreeCssmData(&remData, CSSM_FALSE); - CSSM_DeleteContext(cryptHand); - return irtn; -} - -/* - * Decrypt bad cipher text. If the key is bad the CSP won't even get - * to the ciphertext. Bad ciphertext can result in a number of errors, - * in some cases it can even result in complete success, which we handle - * OK if the key is supposed to be good. - */ - -typedef enum { - DR_BadStartDate, // must be CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE - DR_BadEndDate, // must be CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE - DR_BadData // CSSMERR_CSP_INVALID_DATA. etc. -} DecrResult; - -#define CTEXT_SIZE (PTEXT_SIZE ) - -static int doDecrypt( - CSSM_CSP_HANDLE cspHand, - const char *algStr, - CSSM_KEY_PTR key, // session, private - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE encrMode, - CSSM_PADDING encrPad, - DecrResult expResult, - CSSM_BOOL quiet) -{ - uint8 ctextData[CTEXT_SIZE]; - CSSM_DATA ctext = {CTEXT_SIZE, ctextData}; - uint8 someIvData[IV_SIZE]; - CSSM_DATA someIv = {IV_SIZE, someIvData}; - - /* - * I have not found a way to guarantee decrypt failure here, no matter - * what ctext and IV I specify. We can't just do an encrypt and - * munge because we might be testing a bad (expired) key. - * We might have to redesign, first generating a good key, then an - * expired key from it...? Until then this test is loose about - * handling "key is good" detection. - */ - memset(ctextData, 0, CTEXT_SIZE); // guaranteed bad padding - memset(someIvData, 0, IV_SIZE); - - CSSM_CC_HANDLE cryptHand = 0; - CSSM_RETURN crtn; - CSSM_ACCESS_CREDENTIALS creds; - - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - - if(key->KeyHeader.KeyClass == CSSM_KEYCLASS_SESSION_KEY) { - crtn = CSSM_CSP_CreateSymmetricContext(cspHand, - encrAlg, - encrMode, - NULL, // access cred - key, - &someIv, - encrPad, - NULL, // Params - &cryptHand); - if(crtn) { - printError("CSSM_CSP_CreateSymmetricContext", crtn); - return testError(quiet); - } - } - else if(key->KeyHeader.KeyClass == CSSM_KEYCLASS_PRIVATE_KEY) { - crtn = CSSM_CSP_CreateAsymmetricContext(cspHand, - encrAlg, - &creds, // access - key, - encrPad, - &cryptHand); - if(crtn) { - printError("CSSM_CSP_CreateAsymmetricContext", crtn); - return testError(quiet); - } - } - else { - printf("***BRRZAP! Only decrypt with session and private" - " keys\n"); - exit(1); - } - - CSSM_DATA ptext = {0, NULL}; - CSSM_DATA remData = {0, NULL}; - CSSM_SIZE bDecr; - int irtn = 0; - - crtn = CSSM_DecryptData(cryptHand, - &ctext, - 1, - &ptext, - 1, - &bDecr, - &remData); - switch(expResult) { - case DR_BadStartDate: - if(crtn != CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE) { - printf("***Decrypt with %s: expected INVALID_KEY_START_DATE, " - "got %s.\n", algStr, cssmErrToStr(crtn)); - irtn = testError(quiet); - } - break; - case DR_BadEndDate: - if(crtn != CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE) { - printf("***Decrypt with %s: expected INVALID_KEY_END_DATE, " - "got %s.\n", algStr, cssmErrToStr(crtn)); - irtn = testError(quiet); - } - break; - case DR_BadData: - switch(crtn) { - case CSSM_OK: // good data, seen sometimes - case CSSMERR_CSP_INVALID_DATA: // common case - case CSSMERR_CSP_INTERNAL_ERROR: // default case in CSP's - // throwRsaDsa() :-( - break; - default: - printf("***Decrypt with %s: expected INVALID_DATA or OK, " - "got %s.\n", - algStr, cssmErrToStr(crtn)); - irtn = testError(quiet); - break; - } - break; - } - appFreeCssmData(&ptext, CSSM_FALSE); - appFreeCssmData(&remData, CSSM_FALSE); - CSSM_DeleteContext(cryptHand); - return irtn; -} - -static int doSign( - CSSM_CSP_HANDLE cspHand, - const char *algStr, - CSSM_KEY_PTR key, // private - CSSM_ALGORITHMS sigAlg, - CSSM_RETURN expRtn, // expected result - CSSM_BOOL quiet) -{ - uint8 ptextData[PTEXT_SIZE]; - CSSM_DATA ptext = {PTEXT_SIZE, ptextData}; - CSSM_DATA sig = {0, NULL}; - - simpleGenData(&ptext, PTEXT_SIZE, PTEXT_SIZE); - - CSSM_CC_HANDLE cryptHand = 0; - CSSM_RETURN crtn; - - crtn = CSSM_CSP_CreateSignatureContext(cspHand, - sigAlg, - NULL, // passPhrase - key, - &cryptHand); - if(crtn) { - printError("CSSM_CSP_CreateSignatureContext (1)", crtn); - return testError(quiet); - } - int irtn = 0; - crtn = CSSM_SignData(cryptHand, - &ptext, - 1, - CSSM_ALGID_NONE, - &sig); - if(crtn != expRtn) { - if(expRtn == CSSM_OK) { - printError("CSSM_SignData", crtn); - printf("Unexpected error signing with %s\n", algStr); - } - else { - printf("***Sign with %s: expected %s, got %s.\n", - algStr, cssmErrToStr(expRtn), - cssmErrToStr(crtn)); - } - irtn = testError(quiet); - } - appFreeCssmData(&sig, CSSM_FALSE); - CSSM_DeleteContext(cryptHand); - return irtn; -} - -/* - * Verify bad signature. If the key is bad the CSP won't even get - * to the sig verify. Otherwise expect KD_VERIFY_FAIL_ERR. - */ -#define KD_VERIFY_FAIL_ERR CSSMERR_CSP_VERIFY_FAILED - -static int doVerify( - CSSM_CSP_HANDLE cspHand, - const char *algStr, - CSSM_KEY_PTR key, // private - CSSM_ALGORITHMS sigAlg, - CSSM_RETURN expRtn, // expected result - CSSM_BOOL quiet) -{ - uint8 ptextData[PTEXT_SIZE]; - CSSM_DATA ptext = {PTEXT_SIZE, ptextData}; - uint8 sigData[PTEXT_SIZE]; - CSSM_DATA sig = {PTEXT_SIZE, sigData}; - - simpleGenData(&ptext, PTEXT_SIZE, PTEXT_SIZE); - memset(sigData, 0, PTEXT_SIZE); - - CSSM_CC_HANDLE cryptHand = 0; - CSSM_RETURN crtn; - - crtn = CSSM_CSP_CreateSignatureContext(cspHand, - sigAlg, - NULL, // passPhrase - key, - &cryptHand); - if(crtn) { - printError("CSSM_CSP_CreateSignatureContext (2)", crtn); - return testError(quiet); - } - int irtn = 0; - crtn = CSSM_VerifyData(cryptHand, - &ptext, - 1, - CSSM_ALGID_NONE, - &sig); - if(crtn != expRtn) { - if(expRtn == CSSM_OK) { - printError("CSSM_VerifyData", crtn); - printf("Unexpected error verifying with %s\n", algStr); - } - else { - printf("***Verify with %s: expected %s, got %s.\n", - algStr, cssmErrToStr(expRtn), - cssmErrToStr(crtn)); - } - irtn = testError(quiet); - } - CSSM_DeleteContext(cryptHand); - return irtn; -} - - -#pragma mark - -#pragma mark -- test suites --- - -int doSymTests( - CSSM_CSP_HANDLE cspHand, - privAlg palg, - CSSM_BOOL refKeys, - CSSM_BOOL quiet) -{ - CSSM_ALGORITHMS keyAlg; - CSSM_ALGORITHMS signAlg; - CSSM_ALGORITHMS encrAlg; - CSSM_ENCRYPT_MODE encrMode; - CSSM_PADDING encrPad; - uint32 keySizeInBits; - const char *keyAlgStr; - - privAlgToCssm(palg, &keyAlg, &signAlg, &encrAlg, &encrMode, - &encrPad, &keySizeInBits, &keyAlgStr); - - CSSM_KEY symKey; - int irtn; - CSSM_KEYATTR_FLAGS keyAttr; - if(refKeys) { - keyAttr = CSSM_KEYATTR_RETURN_REF; - } - else { - keyAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE; - } - - if(!quiet) { - printf("...testing %s with %s keys\n", keyAlgStr, - refKeys ? "Ref" : "Raw"); - printf(" ...verifying empty Dates\n"); - } - irtn = genSymKey(cspHand, &symKey, keyAlg, keyAlgStr, keySizeInBits, - keyAttr, CSSM_KEYUSE_ANY, quiet, - CSSM_FALSE, 0, // no StartDate - CSSM_FALSE, 0); // no EndDate - if(irtn) { - return irtn; - } - irtn = doEncrypt(cspHand, keyAlgStr, &symKey, encrAlg, encrMode, - encrPad, CSSM_OK, quiet); - if(irtn) { - printf("***Failure on encrypting with empty Key Dates\n"); - return irtn; - } - irtn = doDecrypt(cspHand, keyAlgStr, &symKey, encrAlg, encrMode, - encrPad, DR_BadData, quiet); - if(irtn) { - printf("***Failure on decrypting with empty Key Dates\n"); - return irtn; - } - cspFreeKey(cspHand, &symKey); - - if(!quiet) { - printf(" ...verifying Good Dates\n"); - } - irtn = genSymKey(cspHand, &symKey, keyAlg, keyAlgStr, keySizeInBits, - keyAttr, CSSM_KEYUSE_ANY, quiet, - CSSM_TRUE, 0, // StartDate = today - CSSM_TRUE, 1); // EndDate = tomorrow - if(irtn) { - return irtn; - } - irtn = doEncrypt(cspHand, keyAlgStr, &symKey, encrAlg, encrMode, - encrPad, CSSM_OK, quiet); - if(irtn) { - printf("***Failure on encrypting with good Key Dates\n"); - return irtn; - } - irtn = doDecrypt(cspHand, keyAlgStr, &symKey, encrAlg, encrMode, - encrPad, DR_BadData, quiet); - if(irtn) { - printf("***Failure on decrypting with good Key Dates\n"); - return irtn; - } - cspFreeKey(cspHand, &symKey); - - if(!quiet) { - printf(" ...verifying Bad StartDate\n"); - } - irtn = genSymKey(cspHand, &symKey, keyAlg, keyAlgStr, keySizeInBits, - keyAttr, CSSM_KEYUSE_ANY, quiet, - CSSM_TRUE, 1, // StartDate = tomorrow - CSSM_TRUE, 1); // EndDate = tomorrow - if(irtn) { - return irtn; - } - irtn = doEncrypt(cspHand, keyAlgStr, &symKey, encrAlg, encrMode, - encrPad, CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE, quiet); - if(irtn) { - printf("***Failure on encrypting with bad StartDate\n"); - return irtn; - } - irtn = doDecrypt(cspHand, keyAlgStr, &symKey, encrAlg, encrMode, - encrPad, DR_BadStartDate, quiet); - if(irtn) { - printf("***Failure on decrypting with bad StartDate\n"); - return irtn; - } - cspFreeKey(cspHand, &symKey); - - if(!quiet) { - printf(" ...verifying Bad EndDate\n"); - } - irtn = genSymKey(cspHand, &symKey, keyAlg, keyAlgStr, keySizeInBits, - keyAttr, CSSM_KEYUSE_ANY, quiet, - CSSM_TRUE, 0, // StartDate = today - CSSM_TRUE, -1); // EndDate = yesterday - if(irtn) { - return irtn; - } - irtn = doEncrypt(cspHand, keyAlgStr, &symKey, encrAlg, encrMode, - encrPad, CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE, quiet); - if(irtn) { - printf("***Failure on encrypting with bad StartDate\n"); - return irtn; - } - irtn = doDecrypt(cspHand, keyAlgStr, &symKey, encrAlg, encrMode, - encrPad, DR_BadEndDate, quiet); - if(irtn) { - printf("***Failure on decrypting with bad EndDate\n"); - return irtn; - } - cspFreeKey(cspHand, &symKey); - - return 0; -} - -int doAsymTests( - CSSM_CSP_HANDLE cspHand, - privAlg palg, - CSSM_BOOL refKeys, - CSSM_BOOL quiet) -{ - CSSM_ALGORITHMS keyAlg; - CSSM_ALGORITHMS sigAlg; - CSSM_ALGORITHMS encrAlg; - CSSM_ENCRYPT_MODE encrMode; - CSSM_PADDING encrPad; - uint32 keySizeInBits; - const char *keyAlgStr; - - privAlgToCssm(palg, &keyAlg, &sigAlg, &encrAlg, &encrMode, - &encrPad, &keySizeInBits, &keyAlgStr); - - CSSM_KEY pubKey; - CSSM_KEY privKey; - int irtn; - CSSM_KEYATTR_FLAGS pubKeyAttr = CSSM_KEYATTR_EXTRACTABLE; - CSSM_KEYATTR_FLAGS privKeyAttr = CSSM_KEYATTR_EXTRACTABLE; - if(refKeys) { - pubKeyAttr |= CSSM_KEYATTR_RETURN_REF; - privKeyAttr |= CSSM_KEYATTR_RETURN_REF; - } - else { - pubKeyAttr |= CSSM_KEYATTR_RETURN_DATA; - privKeyAttr |= CSSM_KEYATTR_RETURN_DATA; - } - - if(!quiet) { - printf("...testing %s with %s keys\n", keyAlgStr, - refKeys ? "Ref" : "Raw"); - printf(" ...verifying empty Dates\n"); - } - irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits, - &pubKey, pubKeyAttr, CSSM_KEYUSE_ANY, - &privKey, privKeyAttr, CSSM_KEYUSE_ANY, - quiet, - CSSM_FALSE, 0, // no StartDate - CSSM_FALSE, 0); // no EndDate - if(irtn) { - return irtn; - } - irtn = doEncrypt(cspHand, keyAlgStr, &pubKey, encrAlg, encrMode, - encrPad, CSSM_OK, quiet); - if(irtn) { - printf("***Failure on encrypting with empty Key Dates\n"); - return irtn; - } - irtn = doDecrypt(cspHand, keyAlgStr, &privKey, encrAlg, encrMode, - encrPad, DR_BadData, quiet); - if(irtn) { - printf("***Failure on decrypting with empty Key Dates\n"); - return irtn; - } - irtn = doSign(cspHand, keyAlgStr, &privKey, sigAlg, - CSSM_OK, quiet); - if(irtn) { - printf("***Failure on signing with empty Key Dates\n"); - return irtn; - } - irtn = doVerify(cspHand, keyAlgStr, &pubKey, sigAlg, - KD_VERIFY_FAIL_ERR, quiet); - if(irtn) { - printf("***Failure on verifying with empty Key Dates\n"); - return irtn; - } - cspFreeKey(cspHand, &pubKey); - cspFreeKey(cspHand, &privKey); - - if(!quiet) { - printf(" ...verifying Good Dates\n"); - } - irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits, - &pubKey, pubKeyAttr, CSSM_KEYUSE_ANY, - &privKey, privKeyAttr, CSSM_KEYUSE_ANY, - quiet, - CSSM_TRUE, 0, // StartDate = today - CSSM_TRUE, 1); // EndDate = tomorrow - if(irtn) { - return irtn; - } - irtn = doEncrypt(cspHand, keyAlgStr, &pubKey, encrAlg, encrMode, - encrPad, CSSM_OK, quiet); - if(irtn) { - printf("***Failure on encrypting with good Key Dates\n"); - return irtn; - } - irtn = doDecrypt(cspHand, keyAlgStr, &privKey, encrAlg, encrMode, - encrPad, DR_BadData, quiet); - if(irtn) { - printf("***Failure on decrypting with Good Key Dates\n"); - return irtn; - } - irtn = doSign(cspHand, keyAlgStr, &privKey, sigAlg, - CSSM_OK, quiet); - if(irtn) { - printf("***Failure on signing with Good Key Dates\n"); - return irtn; - } - irtn = doVerify(cspHand, keyAlgStr, &pubKey, sigAlg, - KD_VERIFY_FAIL_ERR, quiet); - if(irtn) { - printf("***Failure on verifying with Good Key Dates\n"); - return irtn; - } - cspFreeKey(cspHand, &pubKey); - cspFreeKey(cspHand, &privKey); - - if(!quiet) { - printf(" ...verifying Bad StartDate\n"); - } - irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits, - &pubKey, pubKeyAttr, CSSM_KEYUSE_ANY, - &privKey, privKeyAttr, CSSM_KEYUSE_ANY, - quiet, - CSSM_TRUE, 1, // StartDate = tomorrow - CSSM_TRUE, 1); // EndDate = tomorrow - if(irtn) { - return irtn; - } - irtn = doEncrypt(cspHand, keyAlgStr, &pubKey, encrAlg, encrMode, - encrPad, CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE, quiet); - if(irtn) { - printf("***Failure on encrypting with bad StartDate\n"); - return irtn; - } - irtn = doDecrypt(cspHand, keyAlgStr, &privKey, encrAlg, encrMode, - encrPad, DR_BadStartDate, quiet); - if(irtn) { - printf("***Failure on decrypting with bad StartDate\n"); - return irtn; - } - irtn = doSign(cspHand, keyAlgStr, &privKey, sigAlg, - CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE, quiet); - if(irtn) { - printf("***Failure on signing with bad StartDate\n"); - return irtn; - } - irtn = doVerify(cspHand, keyAlgStr, &pubKey, sigAlg, - CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE, quiet); - if(irtn) { - printf("***Failure on verifying with bad StartDate\n"); - return irtn; - } - cspFreeKey(cspHand, &pubKey); - cspFreeKey(cspHand, &privKey); - - if(!quiet) { - printf(" ...verifying Bad EndDate\n"); - } - irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits, - &pubKey, pubKeyAttr, CSSM_KEYUSE_ANY, - &privKey, privKeyAttr, CSSM_KEYUSE_ANY, - quiet, - CSSM_TRUE, 0, // StartDate = today - CSSM_TRUE, -1); // EndDate = yesterday - if(irtn) { - return irtn; - } - irtn = doEncrypt(cspHand, keyAlgStr, &pubKey, encrAlg, encrMode, - encrPad, CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE, quiet); - if(irtn) { - printf("***Failure on encrypting with bad EndDate\n"); - return irtn; - } - irtn = doDecrypt(cspHand, keyAlgStr, &privKey, encrAlg, encrMode, - encrPad, DR_BadEndDate, quiet); - if(irtn) { - printf("***Failure on decrypting with bad EndDate\n"); - return irtn; - } - irtn = doSign(cspHand, keyAlgStr, &privKey, sigAlg, - CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE, quiet); - if(irtn) { - printf("***Failure on signing with bad EndDate\n"); - return irtn; - } - irtn = doVerify(cspHand, keyAlgStr, &pubKey, sigAlg, - CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE, quiet); - if(irtn) { - printf("***Failure on verifying with bad EndDate\n"); - return irtn; - } - cspFreeKey(cspHand, &pubKey); - cspFreeKey(cspHand, &privKey); - - return 0; -} - -/* - * fetch stored key from DB, ensure it has same start/end date - */ -static int fetchStoredKey( - CSSM_DL_DB_HANDLE dlDbHand, - CT_KeyType lookupType, - CSSM_KEY_PTR compareKey, - const char *op, - CSSM_BOOL quiet, - CSSM_KEY_PTR *lookupKey) // RETURNED -{ - CSSM_KEY_PTR lookup = cspLookUpKeyByLabel(dlDbHand.DLHandle, - dlDbHand.DBHandle, - &keyLabelData, - lookupType); - if(lookup == NULL) { - printf("%s: Error looking up key in DB\n", op); - return testError(quiet); - } - if(compareDates(&compareKey->KeyHeader.StartDate, - &lookup->KeyHeader.StartDate, - op, quiet)) { - return 1; - } - *lookupKey = lookup; - return 0; -} - -int doStoreTests( - CSSM_CSP_HANDLE cspHand, // must be CSPDL - CSSM_DL_DB_HANDLE dlDbHand, - privAlg palg, - CSSM_BOOL isAsym, - CSSM_BOOL quiet) -{ - CSSM_ALGORITHMS keyAlg; - CSSM_ALGORITHMS signAlg; - CSSM_ALGORITHMS encrAlg; - CSSM_ENCRYPT_MODE encrMode; - CSSM_PADDING encrPad; - uint32 keySizeInBits; - const char *keyAlgStr; - - privAlgToCssm(palg, &keyAlg, &signAlg, &encrAlg, &encrMode, - &encrPad, &keySizeInBits, &keyAlgStr); - - CSSM_KEY symKey; - CSSM_KEY privKey; - CSSM_KEY pubKey; - int irtn; - CSSM_KEY_PTR lookupKey = NULL; // obtained from DB - CSSM_KEY_PTR compareKey; // &symKey or &pubKey - CT_KeyType lookupType; - CSSM_KEYATTR_FLAGS pubKeyAttr = - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE | - CSSM_KEYATTR_PERMANENT; - CSSM_KEYATTR_FLAGS privKeyAttr = - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT; - - if(!quiet) { - printf("...testing %s key storage\n", keyAlgStr); - printf(" ...verifying empty Dates\n"); - } - if(isAsym) { - lookupType = CKT_Public; - compareKey = &pubKey; - irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits, - &pubKey, pubKeyAttr, CSSM_KEYUSE_ANY, - &privKey, privKeyAttr, CSSM_KEYUSE_ANY, - quiet, - CSSM_FALSE, 0, // no StartDate - CSSM_FALSE, 0, // no EndDate - &dlDbHand); - } - else { - lookupType = CKT_Session; - compareKey = &symKey; - irtn = genSymKey(cspHand, &symKey, keyAlg, keyAlgStr, - keySizeInBits, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT, - CSSM_KEYUSE_ANY, quiet, - CSSM_FALSE, 0, // no StartDate - CSSM_FALSE, 0, // no EndDate - &dlDbHand); - } - if(irtn) { - return irtn; - } - - /* - * fetch stored key from DB, ensure it has same start/end date - */ - if(fetchStoredKey(dlDbHand, lookupType, - compareKey, "Store key with empty Dates", quiet, - &lookupKey)) { - return 1; - } - - /* quickie test, use it for encrypt */ - irtn = doEncrypt(cspHand, keyAlgStr, lookupKey, encrAlg, encrMode, - encrPad, CSSM_OK, quiet); - if(irtn) { - printf("***Failure on encrypt, lookup with empty Key Dates\n"); - return irtn; - } - - /* free and delete everything */ - if(isAsym) { - cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle, - &keyLabelData, &pubKey); - cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle, - &keyLabelData, &privKey); - } - else { - cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle, - &keyLabelData, &symKey); - } - cspFreeKey(cspHand, lookupKey); - - /*********************/ - - if(!quiet) { - printf(" ...verifying Good Dates\n"); - } - if(isAsym) { - lookupType = CKT_Public; - compareKey = &pubKey; - irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits, - &pubKey, pubKeyAttr, CSSM_KEYUSE_ANY, - &privKey, privKeyAttr, CSSM_KEYUSE_ANY, - quiet, - CSSM_TRUE, 0, // StartDate = today - CSSM_TRUE, 1, // EndDate = tomorrow - &dlDbHand); - } - else { - lookupType = CKT_Session; - compareKey = &symKey; - irtn = genSymKey(cspHand, &symKey, keyAlg, keyAlgStr, - keySizeInBits, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT, - CSSM_KEYUSE_ANY, quiet, - CSSM_TRUE, 0, // StartDate = today - CSSM_TRUE, 1, // EndDate = tomorrow - &dlDbHand); - } - if(irtn) { - return irtn; - } - - /* - * fetch stored key from DB, ensure it has same start/end date - */ - if(fetchStoredKey(dlDbHand, lookupType, - compareKey, "Store key with Good Dates", quiet, - &lookupKey)) { - return 1; - } - - /* quickie test, use it for encrypt */ - irtn = doEncrypt(cspHand, keyAlgStr, lookupKey, encrAlg, encrMode, - encrPad, CSSM_OK, quiet); - if(irtn) { - printf("***Failure on encrypt, lookup with Good Key Dates\n"); - return irtn; - } - - /* free and delete everything */ - if(isAsym) { - cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle, - &keyLabelData, &pubKey); - cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle, - &keyLabelData, &privKey); - } - else { - cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle, - &keyLabelData, &symKey); - } - cspFreeKey(cspHand, lookupKey); - - /*********************/ - - if(!quiet) { - printf(" ...verifying Bad StartDate\n"); - } - if(isAsym) { - lookupType = CKT_Public; - compareKey = &pubKey; - irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits, - &pubKey, pubKeyAttr, CSSM_KEYUSE_ANY, - &privKey, privKeyAttr, CSSM_KEYUSE_ANY, - quiet, - CSSM_TRUE, 1, // StartDate = tomorrow - CSSM_TRUE, 1, // EndDate = tomorrow - &dlDbHand); - } - else { - lookupType = CKT_Session; - compareKey = &symKey; - irtn = genSymKey(cspHand, &symKey, keyAlg, keyAlgStr, - keySizeInBits, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT, - CSSM_KEYUSE_ANY, quiet, - CSSM_TRUE, 1, // StartDate = tomorrow - CSSM_TRUE, 1, // EndDate = tomorrow - &dlDbHand); - } - if(irtn) { - return irtn; - } - - /* - * fetch stored key from DB, ensure it has same start/end date - */ - if(fetchStoredKey(dlDbHand, lookupType, - compareKey, "Store key with Bad StartDate", quiet, - &lookupKey)) { - return 1; - } - - /* quickie test, use it for encrypt */ - irtn = doEncrypt(cspHand, keyAlgStr, lookupKey, encrAlg, encrMode, - encrPad, CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE, quiet); - if(irtn) { - printf("***Failure on encrypt, lookup with Bad Start Dates\n"); - return irtn; - } - - /* free and delete everything */ - if(isAsym) { - cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle, - &keyLabelData, &pubKey); - cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle, - &keyLabelData, &privKey); - } - else { - cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle, - &keyLabelData, &symKey); - } - cspFreeKey(cspHand, lookupKey); - - /*********************/ - - if(!quiet) { - printf(" ...verifying Bad EndDate\n"); - } - if(isAsym) { - lookupType = CKT_Public; - compareKey = &pubKey; - irtn = genKeyPair(cspHand, keyAlg, keyAlgStr, keySizeInBits, - &pubKey, pubKeyAttr, CSSM_KEYUSE_ANY, - &privKey, privKeyAttr, CSSM_KEYUSE_ANY, - quiet, - CSSM_TRUE, 0, // StartDate = today - CSSM_TRUE, -1, // EndDate = yesterday - &dlDbHand); - } - else { - lookupType = CKT_Session; - compareKey = &symKey; - irtn = genSymKey(cspHand, &symKey, keyAlg, keyAlgStr, - keySizeInBits, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_PERMANENT, - CSSM_KEYUSE_ANY, quiet, - CSSM_TRUE, 0, // StartDate = today - CSSM_TRUE, -1, // EndDate = yesterday - &dlDbHand); - } - if(irtn) { - return irtn; - } - - /* - * fetch stored key from DB, ensure it has same start/end date - */ - if(fetchStoredKey(dlDbHand, lookupType, - compareKey, "Store key with Bad EndDate", quiet, - &lookupKey)) { - return 1; - } - - /* quickie test, use it for encrypt */ - irtn = doEncrypt(cspHand, keyAlgStr, lookupKey, encrAlg, encrMode, - encrPad, CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE, quiet); - if(irtn) { - printf("***Failure on encrypt, lookup with Bad End Dates\n"); - return irtn; - } - - /* free and delete everything */ - if(isAsym) { - cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle, - &keyLabelData, &pubKey); - cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle, - &keyLabelData, &privKey); - } - else { - cspDeleteKey(cspHand, dlDbHand.DLHandle, dlDbHand.DBHandle, - &keyLabelData, &symKey); - } - cspFreeKey(cspHand, lookupKey); - - return 0; -} - - -int main(int argc, char **argv) -{ - CSSM_CSP_HANDLE cspHand; - int irtn; - CSSM_DL_DB_HANDLE dlDbHand = {0, 0}; - char dbName[100]; /* KD_DB_NAME_pid */ - - /* user-spec'd variables */ - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_BOOL doSym = CSSM_TRUE; - CSSM_BOOL doAsym = CSSM_TRUE; - CSSM_BOOL doKeyStore = CSSM_TRUE; - CSSM_BOOL bareCsp = CSSM_TRUE; - - int arg; - for(arg=1; arg -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "cspdlTesting.h" - -#define USAGE_NAME "noUsage" -#define USAGE_NAME_LEN (strlen(USAGE_NAME)) -#define LOOPS_DEF 10 - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" p(ause on each loop)\n"); - printf(" q(uiet)\n"); - printf(" v(erbose))\n"); - exit(1); -} - -static void dumpBuf(uint8 *buf, - unsigned len) -{ - unsigned i; - - printf(" "); - for(i=0; iKeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE) { - printf("Hey! this only works on ref keys!!\n"); - exit(1); - } - - /* get raw key */ - crtn = cspWrapKey(cspHand, - refKey, - NULL, // wrappingKey - CSSM_ALGID_NONE, - CSSM_ALGMODE_NONE, - CSSM_KEYBLOB_WRAPPED_FORMAT_NONE, - CSSM_PADDING_NONE, - NULL, // iv - NULL, // descData - &rawKey); - if(crtn) { - return testError(quiet); - } - - /* hash of both keys */ - crtn = cspKeyHash(cspHand, refKey, &refHash); - if(crtn) { - return testError(quiet); - } - else { - if(verbose) { - printf(" ...Ref key hash:\n "); - dumpBuf(refHash->Data, refHash->Length); - } - } - crtn = cspKeyHash(rawCspHand, &rawKey, &rawHash); - if(crtn) { - return testError(quiet); - } - else { - if(verbose) { - printf(" ...Raw key hash:\n "); - dumpBuf(rawHash->Data, rawHash->Length); - } - } - if(!appCompareCssmData(refHash, rawHash)) { - printf("***Key Hash Miscompare!\n"); - return testError(quiet); - } - appFreeCssmData(refHash, CSSM_TRUE); - appFreeCssmData(rawHash, CSSM_TRUE); - cspFreeKey(cspHand, &rawKey); - return 0; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - CSSM_CSP_HANDLE cspHand; - CSSM_CSP_HANDLE rawCspHand; - int rtn = 0; - CSSM_KEY pubKey; - CSSM_KEY privKey; - CSSM_KEY_PTR symKey; - int i; - - /* - * User-spec'd params - */ - unsigned loops = LOOPS_DEF; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_BOOL bareCsp = CSSM_TRUE; - CSSM_BOOL doPause = CSSM_FALSE; - - for(arg=1; argEEmsmSY~68UIS qAu0iZ4uD@iG^#3=3Wc#i7UvKss$%81A>WzP@|N?o!ZTd60s#Udt|AHm diff --git a/SecurityTests/cspxutils/keyHashAsym/dsaParams_512.der b/SecurityTests/cspxutils/keyHashAsym/dsaParams_512.der deleted file mode 100644 index fb8048624d53d856dc39206ce90330dab8b19cfd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 160 zcmV;R0AK$wft>IV#7xd=}zR{|9P%ioK5w1=zowXfw6rFwlF0wA zh~j3vP8^dz89QA$t29sDqX}^M(xoT -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "cspdlTesting.h" -#include - -#define USAGE_NAME "noUsage" -#define USAGE_NAME_LEN (strlen(USAGE_NAME)) -#define LOOPS_DEF 10 - -#define DSA_PARAM_FILE "dsaParams_512.der" -#define DH_PARAM_FILE "dhParams_512.der" - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" p(ause on each loop)\n"); - printf(" q(uiet)\n"); - printf(" v(erbose))\n"); - exit(1); -} - -static CSSM_DATA dsa512Params; -static CSSM_DATA dh512Params; - -/* - * Describe parameters for one test iteration. - */ -typedef struct { - CSSM_ALGORITHMS keyAlg; - CSSM_KEYBLOB_FORMAT pubKeyForm; - CSSM_KEYBLOB_FORMAT privKeyForm; - uint32 keySizeInBits; - CSSM_DATA *algParams; // optional -} KeyHashTest; - -KeyHashTest KeyHashTestParams[] = -{ - /* RSA */ - { CSSM_ALGID_RSA, - CSSM_KEYBLOB_RAW_FORMAT_NONE, CSSM_KEYBLOB_RAW_FORMAT_NONE, - 512, NULL - }, - { CSSM_ALGID_RSA, - CSSM_KEYBLOB_RAW_FORMAT_PKCS1, CSSM_KEYBLOB_RAW_FORMAT_NONE, - 512, NULL - }, - { CSSM_ALGID_RSA, - CSSM_KEYBLOB_RAW_FORMAT_X509, CSSM_KEYBLOB_RAW_FORMAT_NONE, - 512, NULL - }, - { CSSM_ALGID_RSA, - CSSM_KEYBLOB_RAW_FORMAT_NONE, CSSM_KEYBLOB_RAW_FORMAT_PKCS1, - 512, NULL - }, - { CSSM_ALGID_RSA, - CSSM_KEYBLOB_RAW_FORMAT_NONE, CSSM_KEYBLOB_RAW_FORMAT_PKCS8, - 512, NULL - }, - - /* ECDSA */ - { CSSM_ALGID_ECDSA, - CSSM_KEYBLOB_RAW_FORMAT_NONE, CSSM_KEYBLOB_RAW_FORMAT_NONE, - 192, NULL - }, - { CSSM_ALGID_ECDSA, - CSSM_KEYBLOB_RAW_FORMAT_X509, CSSM_KEYBLOB_RAW_FORMAT_PKCS8, - 256, NULL - }, - { CSSM_ALGID_ECDSA, - CSSM_KEYBLOB_RAW_FORMAT_NONE, CSSM_KEYBLOB_RAW_FORMAT_PKCS8, - 384, NULL - }, - { CSSM_ALGID_ECDSA, - CSSM_KEYBLOB_RAW_FORMAT_X509, CSSM_KEYBLOB_RAW_FORMAT_PKCS8, - 521, NULL - }, - - /* DSA */ - { CSSM_ALGID_DSA, - CSSM_KEYBLOB_RAW_FORMAT_NONE, CSSM_KEYBLOB_RAW_FORMAT_NONE, - 512, &dsa512Params - }, - { CSSM_ALGID_DSA, - CSSM_KEYBLOB_RAW_FORMAT_FIPS186, CSSM_KEYBLOB_RAW_FORMAT_NONE, - 512, &dsa512Params - }, - { CSSM_ALGID_DSA, - CSSM_KEYBLOB_RAW_FORMAT_X509, CSSM_KEYBLOB_RAW_FORMAT_NONE, - 512, &dsa512Params - }, - { CSSM_ALGID_DSA, - CSSM_KEYBLOB_RAW_FORMAT_NONE, CSSM_KEYBLOB_RAW_FORMAT_FIPS186, - 512, &dsa512Params - }, - { CSSM_ALGID_DSA, - CSSM_KEYBLOB_RAW_FORMAT_NONE, CSSM_KEYBLOB_RAW_FORMAT_OPENSSL, - 512, &dsa512Params - }, - { CSSM_ALGID_DSA, - CSSM_KEYBLOB_RAW_FORMAT_NONE, CSSM_KEYBLOB_RAW_FORMAT_PKCS8, - 512, &dsa512Params - }, - { CSSM_ALGID_DSA, - CSSM_KEYBLOB_RAW_FORMAT_X509, CSSM_KEYBLOB_RAW_FORMAT_PKCS8, - 512, &dsa512Params - }, - - /* Diffie-Hellman */ - { CSSM_ALGID_DH, - CSSM_KEYBLOB_RAW_FORMAT_NONE, CSSM_KEYBLOB_RAW_FORMAT_NONE, - 512, &dh512Params - }, - { CSSM_ALGID_DH, - CSSM_KEYBLOB_RAW_FORMAT_PKCS3, CSSM_KEYBLOB_RAW_FORMAT_NONE, - 512, &dh512Params - }, - { CSSM_ALGID_DH, - CSSM_KEYBLOB_RAW_FORMAT_NONE, CSSM_KEYBLOB_RAW_FORMAT_PKCS3, - 512, &dh512Params - }, - { CSSM_ALGID_DH, - CSSM_KEYBLOB_RAW_FORMAT_NONE, CSSM_KEYBLOB_RAW_FORMAT_PKCS8, - 512, &dh512Params - }, - { CSSM_ALGID_DH, - CSSM_KEYBLOB_RAW_FORMAT_X509, CSSM_KEYBLOB_RAW_FORMAT_NONE, - 512, &dh512Params - }, - { CSSM_ALGID_DH, - CSSM_KEYBLOB_RAW_FORMAT_X509, CSSM_KEYBLOB_RAW_FORMAT_PKCS8, - 512, &dh512Params - }, - - /* FEE */ - { CSSM_ALGID_FEE, - CSSM_KEYBLOB_RAW_FORMAT_NONE, CSSM_KEYBLOB_RAW_FORMAT_NONE, - 127, NULL - }, - { CSSM_ALGID_FEE, - CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING, CSSM_KEYBLOB_RAW_FORMAT_NONE, - 128, NULL - }, - { CSSM_ALGID_FEE, - CSSM_KEYBLOB_RAW_FORMAT_NONE, CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING, - 161, NULL - }, - { CSSM_ALGID_FEE, - CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING, - CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING, - 192, NULL - }, - -}; -#define NUM_TEST_PARAMS\ - (sizeof(KeyHashTestParams) / sizeof(KeyHashTestParams[0])) - -static void dumpBuf(uint8 *buf, - unsigned len) -{ - unsigned i; - - printf(" "); - for(i=0; ikeyAlg), - formStr(testParam->pubKeyForm), - formStr(testParam->privKeyForm)); - -} - -/* - * Generate key pair of specified alg and raw format. - * Alg params are optional, though they are expected to be here - * for DH and DSA. - */ -static CSSM_RETURN genKeyPair( - CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS keyAlg, - uint32 keySize, // in bits - CSSM_KEY_PTR pubKey, - CSSM_KEYBLOB_FORMAT pubFormat, - CSSM_KEY_PTR privKey, - CSSM_KEYBLOB_FORMAT privFormat, - const CSSM_DATA *inParams) // optional -{ - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand; - CSSM_DATA keyLabelData; - CSSM_RETURN ocrtn = CSSM_OK; - - keyLabelData.Data = (uint8 *)USAGE_NAME, - keyLabelData.Length = USAGE_NAME_LEN; - memset(pubKey, 0, sizeof(CSSM_KEY)); - memset(privKey, 0, sizeof(CSSM_KEY)); - - crtn = CSSM_CSP_CreateKeyGenContext(cspHand, - keyAlg, - keySize, - NULL, // Seed - NULL, // Salt - NULL, // StartDate - NULL, // EndDate - inParams, // Params, may be NULL - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateKeyGenContext", crtn); - return crtn; - } - - /* optional format specifiers */ - if(pubFormat != CSSM_KEYBLOB_RAW_FORMAT_NONE) { - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT, - sizeof(uint32), - CAT_Uint32, - NULL, - pubFormat); - if(crtn) { - printError("AddContextAttribute(" - "CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT)", crtn); - return crtn; - } - } - if(privFormat != CSSM_KEYBLOB_RAW_FORMAT_NONE) { - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT, - sizeof(uint32), - CAT_Uint32, - NULL, - privFormat); - if(crtn) { - printError("AddContextAttribute(" - "CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT)", crtn); - return crtn; - } - } - CSSM_KEYATTR_FLAGS attrFlags = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE; - crtn = CSSM_GenerateKeyPair(ccHand, - CSSM_KEYUSE_DERIVE, - attrFlags, - &keyLabelData, - pubKey, - CSSM_KEYUSE_DERIVE, - attrFlags, - &keyLabelData, // same labels - NULL, // CredAndAclEntry - privKey); - if(crtn) { - printError("CSSM_GenerateKeyPair", crtn); - ocrtn = crtn; - } - if(ccHand != 0) { - crtn = CSSM_DeleteContext(ccHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = CSSM_ERRCODE_INTERNAL_ERROR; - } - } - return ocrtn; -} - -/* - * Given two keys (presumably, in this test, one a raw key and - * one an equivalent ref key), calculate the key digest of both of them - * and ensure they're the same. - */ -static int compareKeyHashes( - const CSSM_DATA *key1Hash, - const char *key1Descr, - const CSSM_DATA *key2Hash, - const char *key2Descr, - CSSM_BOOL verbose) -{ - if(appCompareCssmData(key1Hash, key2Hash)) { - return 0; - } - printf("***Key Digest miscompare (%s,%s)***\n", key1Descr, key2Descr); - if(!verbose) { - printf("...%s hash:\n", key1Descr); - dumpBuf(key1Hash->Data, key1Hash->Length); - printf("...%s hash:\n", key2Descr); - dumpBuf(key2Hash->Data, key2Hash->Length); - } - return 1; -} - -/* - * Given a KeyHashTest: - * -- cook up key pair, raw, specified formats - * -- NULL unwrap each raw to ref; - * -- obtain four key digests; - * -- ensure all digests match; - */ -static int doTest( - CSSM_CSP_HANDLE rawCspHand, // generate keys here - CSSM_CSP_HANDLE refCspHand, // null unwrap here - KeyHashTest *testParam, - CSSM_BOOL verbose, - CSSM_BOOL quiet) -{ - CSSM_RETURN crtn; - CSSM_KEY pubKey; - CSSM_KEY privKey; - CSSM_KEY pubKeyRef; - CSSM_KEY privKeyRef; - CSSM_DATA_PTR rawPubHash; - CSSM_DATA_PTR rawPrivHash; - CSSM_DATA_PTR refPubHash; - CSSM_DATA_PTR refPrivHash; - int rtn = 0; - - /* generate key pair, specified raw form */ - crtn = genKeyPair(rawCspHand, - testParam->keyAlg, - testParam->keySizeInBits, - &pubKey, - testParam->pubKeyForm, - &privKey, - testParam->privKeyForm, - testParam->algParams); - if(crtn) { - return testError(quiet); - } - - /* null unwrap both raw keys to ref form */ - crtn = cspRawKeyToRef(refCspHand, &pubKey, &pubKeyRef); - if(crtn) { - return testError(quiet); - } - crtn = cspRawKeyToRef(refCspHand, &privKey, &privKeyRef); - if(crtn) { - return testError(quiet); - } - - /* calculate four key digests */ - crtn = cspKeyHash(rawCspHand, &pubKey, &rawPubHash); - if(crtn) { - return testError(quiet); - } - crtn = cspKeyHash(rawCspHand, &privKey, &rawPrivHash); - if(crtn) { - return testError(quiet); - } - crtn = cspKeyHash(refCspHand, &pubKeyRef, &refPubHash); - if(crtn) { - return testError(quiet); - } - crtn = cspKeyHash(refCspHand, &privKeyRef, &refPrivHash); - if(crtn) { - return testError(quiet); - } - - if(verbose) { - printf("...raw pub key hash:\n"); - dumpBuf(rawPubHash->Data, rawPubHash->Length); - printf("...ref pub key hash:\n"); - dumpBuf(refPubHash->Data, refPubHash->Length); - printf("...raw priv key hash:\n"); - dumpBuf(rawPrivHash->Data, rawPrivHash->Length); - printf("...ref priv key hash:\n"); - dumpBuf(refPrivHash->Data, refPrivHash->Length); - } - - /* compare */ - rtn += compareKeyHashes(rawPubHash, "Raw public", - refPubHash, "Ref public", verbose); - rtn += compareKeyHashes(rawPrivHash, "Raw private", - refPrivHash, "Ref private", verbose); - rtn += compareKeyHashes(refPubHash, "Ref public", - refPrivHash, "Ref private", verbose); - if(rtn) { - rtn = testError(quiet); - } - cspFreeKey(rawCspHand, &pubKey); - cspFreeKey(rawCspHand, &privKey); - cspFreeKey(refCspHand, &pubKeyRef); - cspFreeKey(refCspHand, &privKeyRef); - appFreeCssmData(rawPubHash, CSSM_TRUE); - appFreeCssmData(rawPrivHash, CSSM_TRUE); - appFreeCssmData(refPubHash, CSSM_TRUE); - appFreeCssmData(refPrivHash, CSSM_TRUE); - return rtn; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - CSSM_CSP_HANDLE rawCspHand; // always Raw CSP - CSSM_CSP_HANDLE refCspHand; // CSPDL if !bareCsp - int rtn = 0; - int i; - unsigned len; - - /* - * User-spec'd params - */ - unsigned loops = LOOPS_DEF; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_BOOL bareCsp = CSSM_TRUE; - CSSM_BOOL doPause = CSSM_FALSE; - - for(arg=1; arg -#include -#include -#include -#include -#include - -#define kRSAKeySizePrefsDomain "com.apple.crypto" -#define kRSAMaxKeySizePref CFSTR("RSAMaxKeySize") -#define kRSAMacPublicExponentPref CFSTR("RSAMaxPublicExponent") - -static void usage(char **argv) -{ - printf("usage: \n"); - printf(" %s set keysize|pubexpsize \n", argv[0]); - printf(" %s get keysize|pubexpsize\n", argv[0]); - printf(" %s illegal -- set illegally large values for both\n", argv[0]); - exit(1); -} - -int main(int argc, char **argv) -{ - bool doSet = false; - CFStringRef which = NULL; - char *cWhich = NULL; - int ourRtn = 0; - bool doIllegal = false; - - if(argc < 2) { - usage(argv); - } - if(!strcmp(argv[1], "set")) { - doSet = true; - if(argc != 4) { - usage(argv); - } - } - else if(!strcmp(argv[1], "get")) { - if(argc != 3) { - usage(argv); - } - } - else if(!strcmp(argv[1], "illegal")) { - if(argc != 2) { - usage(argv); - } - doIllegal = true; - } - else { - usage(argv); - } - if(!doIllegal) { - if(!strcmp(argv[2], "keysize")) { - which = kRSAMaxKeySizePref; - cWhich = "Max Key Size"; - } - else if(!strcmp(argv[2], "pubexpsize")) { - which = kRSAMacPublicExponentPref; - cWhich = "Max Public Exponent"; - } - else { - usage(argv); - } - } - - if(doSet || doIllegal) { - MutableDictionary *prefs = NULL; - UInt32 iVal = 0; - try { - prefs = new MutableDictionary(kRSAKeySizePrefsDomain, Dictionary::US_System); - } - catch(...) { - /* create a new one */ - prefs = new MutableDictionary(); - } - - if(doIllegal) { - SInt64 bigBad = 0x100000000LL; - CFNumberRef cfVal = CFNumberCreate(NULL, kCFNumberSInt64Type, &bigBad); - prefs->setValue(kRSAMaxKeySizePref, cfVal); - prefs->setValue(kRSAMacPublicExponentPref, cfVal); - } - else { - iVal = atoi(argv[3]); - if(iVal == 0) { - /* this means "remove" */ - prefs->removeValue(which); - } - else { - CFNumberRef cfVal = CFNumberCreate(NULL, kCFNumberSInt32Type, &iVal); - prefs->setValue(which, cfVal); - } - } - bool success = prefs->writePlistToPrefs(kRSAKeySizePrefsDomain, - Dictionary::US_System); - if(success) { - if(doIllegal) { - printf("Both prefs set to 0x100000000LL\n"); - } - else if(iVal == 0) { - printf("%s preference removed.\n", cWhich); - } - else { - printf("%s set to %lu\n", cWhich, (unsigned long) iVal); - } - } - else { - printf("***Error setting %s\n", cWhich); - ourRtn = -1; - } - delete prefs; - } - else { - try { - Dictionary prefs(kRSAKeySizePrefsDomain, Dictionary::US_System); - CFNumberRef cfVal = (CFNumberRef)prefs.getValue(which); - if(cfVal == NULL) { - printf("...no %s pref found\n", cWhich); - return 0; - } - if(CFGetTypeID(cfVal) != CFNumberGetTypeID()) { - printf("***Badly formatted %s pref (1)\n", cWhich); - return -1; - } - UInt32 u; - if(!CFNumberGetValue(cfVal, kCFNumberSInt32Type, &u)) { - printf("***Badly formatted %s pref (2)\n", cWhich); - } - printf("%s preference is currently %lu\n", cWhich, (unsigned long)u); - } - catch(...) { - printf("...no %s prefs found\n", kRSAKeySizePrefsDomain); - } - } - return 0; -} diff --git a/SecurityTests/cspxutils/keyStore/Makefile b/SecurityTests/cspxutils/keyStore/Makefile deleted file mode 100755 index 5f52885b..00000000 --- a/SecurityTests/cspxutils/keyStore/Makefile +++ /dev/null @@ -1,55 +0,0 @@ -# name of executable to build -EXECUTABLE=keyStore -# C++ source (with .cpp extension) -CPSOURCE= -# C source (.c extension) -CSOURCE= keyStore.c - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -#PROJ_LDFLAGS= -lMallocDebug -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/keyStore/keyStore.c b/SecurityTests/cspxutils/keyStore/keyStore.c deleted file mode 100644 index 7a40b68c..00000000 --- a/SecurityTests/cspxutils/keyStore/keyStore.c +++ /dev/null @@ -1,816 +0,0 @@ -/* Copyright (c) 2001,2003-2006,2008 Apple Inc. - * - * keyStore.c - basic key pair store/lookup routines. - * - * create key pair, varying pub is permanent, priv is permanent; - * sign some data with priv; - * lookUpPub = lookup pub by label; - * vfy with lookUpPub; - * lookUpPriv = lookup priv by label; - * if(privIsPerm) { - * ensure lookUpPriv == priv; - * freeKey(lookUpPriv); - * obtainedPriv = obtainPubFromPriv(lookUpPub); - * ensure obtainedPriv == priv; - * freeKey(obtainedPriv); - * delete priv; // cspwrap does implicit freeKey here... - * } - * else { - * free priv; - * } - * lookUpPriv = lookup priv by label; verify fail; - * lookUpPriv = obtainPubFromPriv(pub); verify fail; - * freeKey(lookUpPub); - * if pub is permament { - * lookUpPub = lookup pub by label; verify OK; - * deleteKey(lookUpPub); - * lookUpPub = lookup pub by label; verify fail; - * } - * lookUpPub = lookup pub by label; verify fail; - */ - -#include -#include -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "cspdlTesting.h" - -#define LOOPS_DEF 10 -#define MAX_DATA_SIZE 100 -#define DB_NAME "keyStore.db" - -/* can't lookup non-permanent keys! */ -#define FORCE_PUB_PERMANENT 0 - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" r(RSA; default = FEE)\n"); - printf(" p(ermanent keys, implies l=1)\n"); - printf(" k=keyChainFile\n"); - printf(" n(o sign/verify)\n"); - printf(" N(o lookup of nonexistent keys)\n"); - printf(" x (privKey always extractable)\n"); - printf(" P(ause for MallocDebug)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -#define FEE_PRIV_DATA_SIZE 20 - -/* - * NULL wrap, error tolerant. - */ -CSSM_RETURN cspNullWrapKey( - CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *refKey, - CSSM_KEY_PTR rawKey) // RETURNED on success, caller must FreeKey -{ - CSSM_CC_HANDLE ccHand; - CSSM_RETURN crtn; - CSSM_ACCESS_CREDENTIALS creds; - CSSM_DATA descData = {0, 0}; - - memset(rawKey, 0, sizeof(CSSM_KEY)); - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - crtn = CSSM_CSP_CreateSymmetricContext(cspHand, - CSSM_ALGID_NONE, - CSSM_ALGMODE_NONE, - &creds, // passPhrase, - NULL, // wrappingKey, - NULL, // initVector, - CSSM_PADDING_NONE, - 0, // Params - &ccHand); - if(crtn) { - printError("cspNullWrapKey/CreateContext", crtn); - return crtn; - } - crtn = CSSM_WrapKey(ccHand, - &creds, - refKey, - &descData, // DescriptiveData - rawKey); - if(CSSM_DeleteContext(ccHand)) { - printf("CSSM_DeleteContext failure\n"); - } - return crtn; -} - - -/* - * Generate key pair, default size. This is like cspGenKeyPair in cspwrap.c, - * tweaked for this test To allow varying permanent attribute. - */ -static CSSM_RETURN genKeyPair(CSSM_CSP_HANDLE cspHand, - CSSM_DL_HANDLE dlHand, - CSSM_DB_HANDLE dbHand, - const CSSM_DATA_PTR keyLabel, - CSSM_KEY_PTR pubKey, // mallocd by caller - uint32 pubKeyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - uint32 pubKeyAttr, - CSSM_KEY_PTR privKey, // mallocd by caller - uint32 privKeyUsage, // CSSM_KEYUSE_DECRYPT, etc. - uint32 privKeyAttr, - uint32 keyGenAlg) -{ - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand; - CSSM_RETURN ocrtn = CSSM_OK; - uint32 keySize; - - if(keyGenAlg == CSSM_ALGID_FEE) { - keySize = CSP_FEE_KEY_SIZE_DEFAULT; - } - else { - keySize = CSP_RSA_KEY_SIZE_DEFAULT; - } - memset(pubKey, 0, sizeof(CSSM_KEY)); - memset(privKey, 0, sizeof(CSSM_KEY)); - - crtn = CSSM_CSP_CreateKeyGenContext(cspHand, - keyGenAlg, - keySize, - NULL, // Seed - NULL, // Salt - NULL, // StartDate - NULL, // EndDate - NULL, // Params - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateKeyGenContext", crtn); - ocrtn = crtn; - goto abort; - } - - /* add in DL/DB to context */ - crtn = cspAddDlDbToContext(ccHand, dlHand, dbHand); - if(crtn) { - ocrtn = crtn; - goto abort; - } - crtn = CSSM_GenerateKeyPair(ccHand, - pubKeyUsage, - pubKeyAttr, - keyLabel, - pubKey, - privKeyUsage, - privKeyAttr, - keyLabel, // same labels - NULL, // cred/acl - privKey); - if(crtn) { - printError("CSSM_GenerateKeyPair", crtn); - ocrtn = crtn; - goto abort; - } - - /* basic checks...*/ - if(privKey->KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE) { - printf("privKey blob type: exp %u got %u\n", - CSSM_KEYBLOB_REFERENCE, (unsigned)privKey->KeyHeader.BlobType); - } - if(pubKeyAttr & CSSM_KEYATTR_RETURN_REF) { - if(pubKey->KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE) { - printf("pubKey blob type: exp %u got %u\n", - CSSM_KEYBLOB_REFERENCE, (unsigned)privKey->KeyHeader.BlobType); - ocrtn = -1; - goto abort; - } - } - else { - if(pubKey->KeyHeader.BlobType != CSSM_KEYBLOB_RAW) { - printf("pubKey blob type: exp %u got %u\n", - CSSM_KEYBLOB_RAW, (unsigned)privKey->KeyHeader.BlobType); - ocrtn = -1; - goto abort; - } - } - -abort: - if(ccHand != 0) { - crtn = CSSM_DeleteContext(ccHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = crtn; - } - } - return ocrtn; -} - -#define KEY_LABEL "testKey" - -/* - * when true, keyref in key obtained from DL differs from - * keyref in key from CSP - */ -#define DL_REF_KEYS_DIFFER 1 - -/* - * ObtainPrivateKeyFromPublicKey doesn't work yet - */ -#define DO_OBTAIN_FROM_PUB CSPDL_OBTAIN_PRIV_FROM_PUB - -/* we're assumed to be logged in for access to private objects */ -static int doTest(CSSM_CSP_HANDLE cspHand, - CSSM_DL_HANDLE dlHand, - CSSM_DB_HANDLE dbHand, - CSSM_BOOL pubIsPerm, // pub is permanent - CSSM_BOOL privIsPerm, // priv is permanent - CSSM_BOOL privIsExtractable, - CSSM_BOOL permKeys, // leave them in the KC - CSSM_BOOL doSignVerify, - CSSM_BOOL doFailedLookup, - CSSM_DATA_PTR ptext, - CSSM_BOOL verbose, - CSSM_BOOL quiet, - uint32 keyGenAlg, - uint32 sigAlg) -{ - CSSM_KEY pubKey; // from GenerateKeyPair - CSSM_KEY privKey; - CSSM_KEY_PTR lookUpPub; // from cspLookUpKeyByLabel, etc. - CSSM_KEY_PTR lookUpPriv; - CSSM_RETURN crtn; - CSSM_DATA sig; - CSSM_DATA labelData; - CSSM_KEY obtainedPriv; - uint32 pubAttr; - uint32 privAttr; - CSSM_KEY rawPrivKey; - labelData.Data = (uint8 *)KEY_LABEL; - labelData.Length = strlen(KEY_LABEL); - CSSM_BOOL doLookup; - - /* create key pair */ - if(verbose) { - printf(" ...generating key pair (pubIsPerm %d privIsPerm %d privIsExtract" - " %d)\n", (int)pubIsPerm, (int)privIsPerm, (int)privIsExtractable); - } - pubAttr = CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_RETURN_REF; - if(pubIsPerm) { - pubAttr |= CSSM_KEYATTR_PERMANENT; - } - - /* - * To use a NULL wrap to test detection of !EXTRACTABLE, we're relying on - * being able to create !SENSITIVE private keys. We'll make 'em sensitive - * if we're not trying to null wrap them. - */ - privAttr = CSSM_KEYATTR_RETURN_REF; - if(privIsPerm) { - privAttr |= CSSM_KEYATTR_PERMANENT; - } - if(privIsExtractable) { - privAttr |= CSSM_KEYATTR_EXTRACTABLE; - } - else { - privAttr |= CSSM_KEYATTR_SENSITIVE; - } - #if CSPDL_KEYATTR_PRIVATE - privAttr |= CSSM_KEYATTR_PRIVATE; - #endif - crtn = genKeyPair(cspHand, - dlHand, - dbHand, - &labelData, - &pubKey, - CSSM_KEYUSE_VERIFY, // pubKeyUsage - pubAttr, - &privKey, - CSSM_KEYUSE_SIGN, - privAttr, - keyGenAlg); - if(crtn) { - return testError(quiet); - } - - /* lookUpPub = lookup pub by label; */ - doLookup = CSSM_TRUE; - if(verbose) { - if(pubIsPerm) { - printf(" ...lookup pub by label\n"); - } - else { - if(doFailedLookup) { - printf(" ...lookup (nonexistent) pub by label\n"); - } - else { - doLookup = CSSM_FALSE; - lookUpPub = NULL; - } - } - } - if(doLookup) { - lookUpPub = cspLookUpKeyByLabel(dlHand, dbHand, &labelData, CKT_Public); - } - if(pubIsPerm) { - if(lookUpPub == NULL) { - printf("lookup pub by label failed\n"); - return testError(quiet); - } - - /* sign some data with priv; */ - sig.Data = NULL; - sig.Length = 0; - if(doSignVerify) { - if(cspSign(cspHand, - sigAlg, - &privKey, - ptext, - &sig)) { - return testError(quiet); - } - } - /* verify header compare */ - if(memcmp(&lookUpPub->KeyHeader, &pubKey.KeyHeader, - sizeof(CSSM_KEYHEADER))) { - printf("**pubKey header miscompare\n"); - return testError(quiet); - } - - /* vfy with lookUpPub; */ - if(doSignVerify) { - if(cspSigVerify(cspHand, - sigAlg, - lookUpPub, - ptext, - &sig, - CSSM_OK)) { - return testError(quiet); - } - - CSSM_FREE(sig.Data); - sig.Data = NULL; - sig.Data = 0; - } - } - else { - if(doLookup && (lookUpPub != NULL)) { - printf("***Unexpected success on cspLookUpKeyByLabel(pub, not perm)\n"); - return testError(quiet); - } - } - - /* - * Ensure proper behavior of extractable bit - */ - if(verbose) { - printf(" ...null wrap %s private key\n", - privIsExtractable ? "EXTRACTABLE" : "!EXTRACTABLE"); - } - crtn = cspNullWrapKey(cspHand, &privKey, &rawPrivKey); - if(privIsExtractable) { - if(crtn) { - printError("Null Wrap(extractable private key)", crtn); - return testError(quiet); - } - if(verbose) { - printf(" ...free rawPrivKey\n"); - } - cspFreeKey(cspHand, &rawPrivKey); - } - else { - if(crtn != CSSMERR_CSP_INVALID_KEYATTR_MASK) { - printError("Null Wrap of !extractable private key: expected " - "INVALID_KEYATTR_MASK, got", crtn); - if(crtn == CSSM_OK) { - cspFreeKey(cspHand, &rawPrivKey); - } - return testError(quiet); - } - } - /* lookUpPriv = lookup priv by label; ensure == privKey; */ - doLookup = CSSM_TRUE; - if(verbose) { - if(privIsPerm) { - printf(" ...lookup priv by label\n"); - } - else { - if(doFailedLookup) { - printf(" ...lookup (nonexistent) priv by label\n"); - } - else { - doLookup = CSSM_FALSE; - lookUpPriv = NULL; - } - } - } - if(doLookup) { - lookUpPriv = cspLookUpKeyByLabel(dlHand, dbHand, &labelData, CKT_Private); - } - if(privIsPerm) { - if(lookUpPriv == NULL) { - printf("lookup priv by label failed\n"); - return testError(quiet); - } - - /* note we "know" that both keys are ref keys...*/ - if(lookUpPriv->KeyData.Length != privKey.KeyData.Length) { - printf("priv key data length mismatch\n"); - return testError(quiet); - } - #if DL_REF_KEYS_DIFFER - if(!memcmp(lookUpPriv->KeyData.Data, privKey.KeyData.Data, - privKey.KeyData.Length)) { - printf("priv key ref data mismatch\n"); - return testError(quiet); - } - #else /* DL_REF_KEYS_DIFFER */ - if(memcmp(lookUpPriv->KeyData.Data, privKey.KeyData.Data, - privKey.KeyData.Length)) { - printf("unexpected priv key ref data match\n"); - return testError(quiet); - } - #endif /* DL_REF_KEYS_DIFFER */ - - /* verify header compare in any case */ - if(memcmp(&lookUpPriv->KeyHeader, &privKey.KeyHeader, - sizeof(CSSM_KEYHEADER))) { - printf("**privKey header miscompare\n"); - return testError(quiet); - } - - /* sign with lookUpPriv, verify with pubKey */ - sig.Data = NULL; - sig.Length = 0; - if(doSignVerify) { - if(verbose) { - printf(" ...sign with lookup priv\n"); - } - if(cspSign(cspHand, - sigAlg, - lookUpPriv, - ptext, - &sig)) { - return testError(quiet); - } - if(verbose) { - printf(" ...verify with pub\n"); - } - if(cspSigVerify(cspHand, - sigAlg, - &pubKey, - ptext, - &sig, - CSSM_OK)) { - printf("***sign with lookUpPriv, vfy with pub FAILED\n"); - return testError(quiet); - } - CSSM_FREE(sig.Data); - sig.Data = NULL; - sig.Data = 0; - } - - /* free lookUpPriv from cache, but it's permanent */ - if(verbose) { - printf(" ...free lookupPriv\n"); - } - if(cspFreeKey(cspHand, lookUpPriv)) { - printf("Error on cspFreeKey(lookUpPriv)\n"); - return testError(quiet); - } - CSSM_FREE(lookUpPriv); // mallocd during lookup - lookUpPriv = NULL; - - #if DO_OBTAIN_FROM_PUB - /* obtainedPriv = obtainPubFromPriv(pub); ensure == priv; */ - if(verbose) { - printf(" ...ObtainPrivateKeyFromPublicKey\n"); - } - obtainedPriv.KeyData.Data = NULL; - obtainedPriv.KeyData.Length = 0; - crtn = CSSM_CSP_ObtainPrivateKeyFromPublicKey(cspHand, - lookUpPub, - &obtainedPriv); - if(crtn) { - printError("ObtainPrivateKeyFromPublicKey", crtn); - return testError(quiet); - } - - /* free obtainedPriv from cache, but it's permanent */ - if(verbose) { - printf(" ...free obtainedPriv\n"); - } - if(cspFreeKey(cspHand, &obtainedPriv)) { - printf("Error on cspFreeKey(obtainedPriv)\n"); - return testError(quiet); - } - - #endif /* DO_OBTAIN_FROM_PUB */ - - if(!permKeys) { - /* delete priv - implies freeKey as well */ - if(verbose) { - printf(" ...delete privKey\n"); - } - crtn = cspDeleteKey(cspHand, dlHand, dbHand, &labelData, &privKey); - if(crtn) { - printf("Error deleting priv\n"); - return testError(quiet); - } - - /* lookUpPriv = lookup priv by label; verify fail; */ - if(doFailedLookup) { - if(verbose) { - printf(" ...lookup (nonexistent) priv by label\n"); - } - lookUpPriv = cspLookUpKeyByLabel(dlHand, dbHand, &labelData, CKT_Private); - if(lookUpPriv != NULL) { - printf("Unexpected success on cspLookUpKeyByLabel(priv)\n"); - return testError(quiet); - } - } - else { - lookUpPriv = NULL; - } - } - } - else if(doLookup) { - /* !privIsPerm - just free it and it's all gone */ - if(lookUpPriv != NULL) { - printf("***Unexpected success on cspLookUpKeyByLabel(priv, not perm)\n"); - return testError(quiet); - } - if(verbose) { - printf(" ...free privKey\n"); - } - if(cspFreeKey(cspHand, &privKey)) { - printf("Error on cspFreeKey(privKey)\n"); - return testError(quiet); - } - } - /* CSP, DL have no knowledge of privKey or its variations */ - - /* obtainedPriv = obtainPubFromPriv(pub); verify fail;*/ - /* Note this should be safe even if DO_OBTAIN_FROM_PUB == 0 */ - obtainedPriv.KeyData.Data = NULL; - obtainedPriv.KeyData.Length = 0; - if(verbose) { - printf(" ...obtain (nonexistent) priv by public\n"); - } - crtn = CSSM_CSP_ObtainPrivateKeyFromPublicKey(cspHand, - &pubKey, - &obtainedPriv); - switch(crtn) { - case CSSM_OK: - printf("Unexpected success on ObtainPrivateKeyFromPublicKey\n"); - return testError(quiet); - case CSSMERR_CSP_PRIVATE_KEY_NOT_FOUND: - break; - #if !CSPDL_OBTAIN_PRIV_FROM_PUB - case CSSMERR_CSP_FUNCTION_NOT_IMPLEMENTED: - /* OK */ - break; - #endif - default: - printf("Unexpected err ObtainPrivateKeyFromPublicKey\n"); - printError("got this", crtn); - return testError(quiet); - } - - /* free one or both copies of pub as appropriate */ - if(verbose) { - printf(" ...free pubKey\n"); - } - crtn = cspFreeKey(cspHand, &pubKey); - if(crtn) { - printf("Error freeing pubKey\n"); - return testError(quiet); - } - if(pubIsPerm) { - if(verbose) { - printf(" ...free lookUpPub\n"); - } - crtn = cspFreeKey(cspHand, lookUpPub); - if(crtn) { - printf("Error freeing lookUpPub\n"); - return testError(quiet); - } - } - if(lookUpPub) { - CSSM_FREE(lookUpPub); // mallocd by lookup in any case - } - - if(pubIsPerm) { - /* pub should still be there in DL */ - /* lookUpPub = lookup pub by label; verify OK; */ - if(verbose) { - printf(" ...lookup pub by label (2)\n"); - } - lookUpPub = cspLookUpKeyByLabel(dlHand, dbHand, &labelData, CKT_Public); - if(lookUpPub == NULL) { - printf("lookup pub by label (2) failed\n"); - return testError(quiet); - } - - if(!permKeys) { - /* now really delete it */ - if(verbose) { - printf(" ...delete lookUpPub\n"); - } - crtn = cspDeleteKey(cspHand, dlHand, dbHand, &labelData, lookUpPub); - if(crtn) { - printf("Error deleting lookUpPub\n"); - return testError(quiet); - } - CSSM_FREE(lookUpPub); // mallocd by lookup - } - } - /* else freeKey should have removed all trace */ - - if(!permKeys && doFailedLookup) { - /* lookUpPub = lookup pub by label; verify fail; */ - if(verbose) { - printf(" ...lookup (nonexistent) pub by label\n"); - } - lookUpPub = cspLookUpKeyByLabel(dlHand, dbHand, &labelData, CKT_Public); - if(lookUpPub != NULL) { - printf("Unexpected success on cspLookUpKeyByLabel(pub) (2)\n"); - return testError(quiet); - } - } - return 0; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - CSSM_DATA ptext; - CSSM_CSP_HANDLE cspHand; - CSSM_DB_HANDLE dbHand; - CSSM_DL_HANDLE dlHand; - CSSM_BOOL pubIsPerm; - CSSM_BOOL privIsPerm; - CSSM_BOOL privIsExtractable; - uint32 keyGenAlg = CSSM_ALGID_FEE; - uint32 sigAlg = CSSM_ALGID_FEE_MD5; - int rtn = 0; - CSSM_RETURN crtn; - - /* - * User-spec'd params - */ - unsigned loops = LOOPS_DEF; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_BOOL permKeys = CSSM_FALSE; - char dbName[100]; /* DB_NAME_pid */ - CSSM_BOOL useExistDb = CSSM_FALSE; - CSSM_BOOL doPause = CSSM_FALSE; - CSSM_BOOL doSignVerify = CSSM_TRUE; - CSSM_BOOL doFailedLookup = CSSM_TRUE; - CSSM_BOOL privAlwaysExtractable = CSSM_FALSE; - - dbName[0] = '\0'; - - for(arg=1; arg -#include -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "cspdlTesting.h" - -#define LOOPS_DEF 10 -#define DB_NAME "keyStore.db" - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" r(RSA; default = FEE)\n"); - printf(" k=keyChainFile\n"); - printf(" P(ause for MallocDebug)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -#define FEE_PRIV_DATA_SIZE 20 - -/* - * Generate key pair, default size. This is like cspGenKeyPair in cspwrap.c, - * tweaked for this test To allow varying permanent attribute. - */ -static CSSM_RETURN genKeyPair(CSSM_CSP_HANDLE cspHand, - CSSM_DL_HANDLE dlHand, - CSSM_DB_HANDLE dbHand, - const CSSM_DATA_PTR keyLabel, - CSSM_KEY_PTR pubKey, // mallocd by caller - uint32 pubKeyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - uint32 pubKeyAttr, - CSSM_KEY_PTR privKey, // mallocd by caller - uint32 privKeyUsage, // CSSM_KEYUSE_DECRYPT, etc. - uint32 privKeyAttr, - uint32 keyGenAlg) -{ - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand; - CSSM_RETURN ocrtn = CSSM_OK; - uint32 keySize; - - if(keyGenAlg == CSSM_ALGID_FEE) { - keySize = CSP_FEE_KEY_SIZE_DEFAULT; - } - else { - keySize = CSP_RSA_KEY_SIZE_DEFAULT; - } - memset(pubKey, 0, sizeof(CSSM_KEY)); - memset(privKey, 0, sizeof(CSSM_KEY)); - - crtn = CSSM_CSP_CreateKeyGenContext(cspHand, - keyGenAlg, - keySize, - NULL, // Seed - NULL, // Salt - NULL, // StartDate - NULL, // EndDate - NULL, // Params - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateKeyGenContext", crtn); - ocrtn = crtn; - goto abort; - } - - /* add in DL/DB to context */ - crtn = cspAddDlDbToContext(ccHand, dlHand, dbHand); - if(crtn) { - ocrtn = crtn; - goto abort; - } - crtn = CSSM_GenerateKeyPair(ccHand, - pubKeyUsage, - pubKeyAttr, - keyLabel, - pubKey, - privKeyUsage, - privKeyAttr, - keyLabel, // same labels - NULL, // cred/acl - privKey); - if(crtn) { - printError("CSSM_GenerateKeyPair", crtn); - ocrtn = crtn; - goto abort; - } - - /* basic checks...*/ - if(privKey->KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE) { - printf("privKey blob type: exp %u got %u\n", - CSSM_KEYBLOB_REFERENCE, (unsigned)privKey->KeyHeader.BlobType); - } - if(pubKeyAttr & CSSM_KEYATTR_RETURN_REF) { - if(pubKey->KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE) { - printf("pubKey blob type: exp %u got %u\n", - CSSM_KEYBLOB_REFERENCE, (unsigned)privKey->KeyHeader.BlobType); - ocrtn = -1; - goto abort; - } - } - else { - if(pubKey->KeyHeader.BlobType != CSSM_KEYBLOB_RAW) { - printf("pubKey blob type: exp %u got %u\n", - CSSM_KEYBLOB_RAW, (unsigned)privKey->KeyHeader.BlobType); - ocrtn = -1; - goto abort; - } - } - -abort: - if(ccHand != 0) { - crtn = CSSM_DeleteContext(ccHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = crtn; - } - } - return ocrtn; -} - -#define KEY_LABEL "testKey" - -static int doTest(CSSM_CSP_HANDLE cspHand, - CSSM_DL_HANDLE dlHand, - CSSM_DB_HANDLE dbHand, - CSSM_BOOL pubIsPerm, // pub is permanent - CSSM_BOOL privIsPerm, // priv is permanent - CSSM_BOOL privIsExtractable, - CSSM_BOOL permKeys, // leave them in the KC - CSSM_BOOL verbose, - CSSM_BOOL quiet, - uint32 keyGenAlg) -{ - CSSM_KEY pubKey; // from GenerateKeyPair - CSSM_KEY privKey; - CSSM_KEY_PTR lookUpPub; // from cspLookUpKeyByLabel, etc. - CSSM_KEY_PTR lookUpPriv; - CSSM_RETURN crtn; - CSSM_DATA labelData; - uint32 pubAttr; - uint32 privAttr; - labelData.Data = (uint8 *)KEY_LABEL; - labelData.Length = strlen(KEY_LABEL); - - /* create key pair */ - if(verbose) { - printf(" ...generating key pair (pubIsPerm %d privIsPerm %d privIsExtract" - " %d)\n", (int)pubIsPerm, (int)privIsPerm, (int)privIsExtractable); - } - pubAttr = CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_RETURN_REF; - if(pubIsPerm) { - pubAttr |= CSSM_KEYATTR_PERMANENT; - } - - /* - * To use a NULL wrap to test detection of !EXTRACTABLE, we're relying on - * being able to create !SENSITIVE private keys. We'll make 'em sensitive - * if we're not trying to null wrap them. - */ - privAttr = CSSM_KEYATTR_RETURN_REF; - if(privIsPerm) { - privAttr |= CSSM_KEYATTR_PERMANENT; - } - if(privIsExtractable) { - privAttr |= CSSM_KEYATTR_EXTRACTABLE; - } - else { - privAttr |= CSSM_KEYATTR_SENSITIVE; - } - #if CSPDL_KEYATTR_PRIVATE - privAttr |= CSSM_KEYATTR_PRIVATE; - #endif - crtn = genKeyPair(cspHand, - dlHand, - dbHand, - &labelData, - &pubKey, - CSSM_KEYUSE_VERIFY, // pubKeyUsage - pubAttr, - &privKey, - CSSM_KEYUSE_SIGN, - privAttr, - keyGenAlg); - if(crtn) { - return testError(quiet); - } - - /* lookUpPub = lookup pub by label; */ - if(verbose) { - if(pubIsPerm) { - printf(" ...lookup pub by label\n"); - } - else { - printf(" ...lookup (nonexistent) pub by label\n"); - } - } - lookUpPub = cspLookUpKeyByLabel(dlHand, dbHand, &labelData, CKT_Public); - if(pubIsPerm) { - if(lookUpPub == NULL) { - printf("lookup pub by label failed\n"); - return testError(quiet); - } - } - else { - if(lookUpPub != NULL) { - printf("***Unexpected success on cspLookUpKeyByLabel(pub, not perm)\n"); - return testError(quiet); - } - } - - /* lookUpPriv = lookup priv by label; ensure == privKey; */ - if(verbose) { - if(privIsPerm) { - printf(" ...lookup priv by label\n"); - } - else { - printf(" ...lookup (nonexistent) priv by label\n"); - } - } - lookUpPriv = cspLookUpKeyByLabel(dlHand, dbHand, &labelData, CKT_Private); - if(privIsPerm) { - if(lookUpPriv == NULL) { - printf("lookup priv by label failed\n"); - return testError(quiet); - } - - /* free lookUpPriv from cache, but it's permanent */ - if(verbose) { - printf(" ...free lookupPriv\n"); - } - if(cspFreeKey(cspHand, lookUpPriv)) { - printf("Error on cspFreeKey(lookUpPriv)\n"); - return testError(quiet); - } - CSSM_FREE(lookUpPriv); // mallocd during lookup - lookUpPriv = NULL; - - if(!permKeys) { - /* delete priv - implies freeKey as well */ - if(verbose) { - printf(" ...delete privKey\n"); - } - crtn = cspDeleteKey(cspHand, dlHand, dbHand, &labelData, &privKey); - if(crtn) { - printf("Error deleting priv\n"); - return testError(quiet); - } - } - } - else { - /* !privIsPerm - just free it and it's all gone */ - if(lookUpPriv != NULL) { - printf("***Unexpected success on cspLookUpKeyByLabel(priv, not perm)\n"); - return testError(quiet); - } - if(cspFreeKey(cspHand, &privKey)) { - printf("Error on cspFreeKey(privKey)\n"); - return testError(quiet); - } - } - /* CSP, DL have no knowledge of privKey or its variations */ - - /* free one or both copies of pub as appropriate */ - if(verbose) { - printf(" ...free pubKey\n"); - } - crtn = cspFreeKey(cspHand, &pubKey); - if(crtn) { - printf("Error freeing pubKey\n"); - return testError(quiet); - } - if(pubIsPerm) { - if(verbose) { - printf(" ...free lookUpPub\n"); - } - crtn = cspFreeKey(cspHand, lookUpPub); - if(crtn) { - printf("Error freeing lookUpPub\n"); - return testError(quiet); - } - } - CSSM_FREE(lookUpPub); // mallocd by lookup in any case - - if(pubIsPerm) { - /* pub should still be there in DL */ - /* lookUpPub = lookup pub by label; verify OK; */ - if(verbose) { - printf(" ...lookup pub by label (2)\n"); - } - lookUpPub = cspLookUpKeyByLabel(dlHand, dbHand, &labelData, CKT_Public); - if(lookUpPub == NULL) { - printf("lookup pub by label (2) failed\n"); - return testError(quiet); - } - - if(!permKeys) { - /* now really delete it */ - if(verbose) { - printf(" ...delete lookUpPub\n"); - } - crtn = cspDeleteKey(cspHand, dlHand, dbHand, &labelData, lookUpPub); - if(crtn) { - printf("Error deleting lookUpPub\n"); - return testError(quiet); - } - CSSM_FREE(lookUpPub); // mallocd by lookup - } - } - /* else freeKey should have removed all trace */ - - if(!permKeys) { - /* lookUpPub = lookup pub by label; verify fail; */ - if(verbose) { - printf(" ...lookup (nonexistent) pub by label\n"); - } - lookUpPub = cspLookUpKeyByLabel(dlHand, dbHand, &labelData, CKT_Public); - if(lookUpPub != NULL) { - printf("Unexpected success on cspLookUpKeyByLabel(pub) (2)\n"); - return testError(quiet); - } - } - return 0; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - CSSM_CSP_HANDLE cspHand; - CSSM_DB_HANDLE dbHand; - CSSM_DL_HANDLE dlHand; - CSSM_BOOL pubIsPerm; - CSSM_BOOL privIsPerm; - CSSM_BOOL privIsExtractable; - uint32 keyGenAlg = CSSM_ALGID_FEE; - int rtn = 0; - CSSM_RETURN crtn; - - /* - * User-spec'd params - */ - unsigned loops = LOOPS_DEF; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_BOOL permKeys = CSSM_FALSE; - char dbName[100]; /* DB_NAME_pid */ - CSSM_BOOL useExistDb = CSSM_FALSE; - CSSM_BOOL doPause = CSSM_FALSE; - - dbName[0] = '\0'; - - for(arg=1; arg -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "bsafeUtils.h" -#include -#include "cspdlTesting.h" -#include - -/* - * Defaults. - */ -#define LOOPS_DEF 200 -#define MIN_EXP 2 /* for data size 10**exp */ -#define DEFAULT_MAX_EXP 4 -#define MAX_EXP 5 - -#define MAX_DATA_SIZE (100000 + 100) /* bytes */ -#define MIN_KEY_SIZE 20 /* bytes - should be smaller */ -#define MAX_KEY_SIZE 64 /* bytes */ -#define LOOP_NOTIFY 20 - -/* - * Enumerate algs our own way to allow iteration. - */ -#define ALG_MD5 1 -#define ALG_SHA1 2 -#define ALG_SHA1_LEGACY 3 -#define ALG_FIRST ALG_MD5 -#define ALG_LAST ALG_SHA1_LEGACY - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" n=minExp (default=%d)\n", MIN_EXP); - printf(" x=maxExp (default=%d, max=%d)\n", DEFAULT_MAX_EXP, MAX_EXP); - printf(" k=keySizeInBytes\n"); - printf(" P=plainTextLen\n"); - printf(" z (keys and plaintext all zeroes)\n"); - printf(" p=pauseInterval (default=0, no pause)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -/* - * generate MAC using reference BSAFE with either one update - * (updateSizes == NULL) or specified set of update sizes. - */ -static CSSM_RETURN genMacBSAFE( - CSSM_ALGORITHMS macAlg, - const CSSM_DATA *key, // raw key bytes - const CSSM_DATA *inText, - unsigned *updateSizes, // NULL --> random updates - // else null-terminated list of sizes - CSSM_DATA_PTR outText) // mallocd and returned -{ - CSSM_RETURN crtn; - BU_KEY buKey; - - crtn = buGenSymKey(key->Length * 8, key, &buKey); - if(crtn) { - return crtn; - } - crtn = buGenMac(buKey, - macAlg, - inText, - updateSizes, - outText); - buFreeKey(buKey); - return crtn; -} - -/* - * Produce HMACMD5 with openssl. - */ -static int doHmacMD5Ref( - const CSSM_DATA *key, // raw key bytes - const CSSM_DATA *inText, - CSSM_DATA_PTR outText) // mallocd and returned -{ - const EVP_MD *md = EVP_md5(); - unsigned md_len = 16; - appSetupCssmData(outText, 16); - HMAC(md, key->Data, (int)key->Length, - inText->Data, inText->Length, - (unsigned char *)outText->Data, &md_len); - return 0; -} - -/* - * Generate MAC, CSP, specified set of update sizes - */ -static CSSM_RETURN cspGenMacWithSizes(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, - CSSM_KEY_PTR key, // session key - const CSSM_DATA *text, - unsigned *updateSizes, // null-terminated list of sizes - CSSM_DATA_PTR mac) // RETURNED -{ - CSSM_CC_HANDLE macHand; - CSSM_RETURN crtn; - CSSM_DATA currData = *text; - - crtn = CSSM_CSP_CreateMacContext(cspHand, - algorithm, - key, - &macHand); - if(crtn) { - printError("CSSM_CSP_CreateMacContext", crtn); - return crtn; - } - crtn = CSSM_GenerateMacInit(macHand); - if(crtn) { - printError("CSSM_GenerateMacInit", crtn); - goto abort; - } - /* CSP mallocs */ - mac->Data = NULL; - mac->Length = 0; - - while(*updateSizes) { - currData.Length = *updateSizes; - crtn = CSSM_GenerateMacUpdate(macHand, - &currData, - 1); - if(crtn) { - printError("CSSM_GenerateMacUpdate", crtn); - goto abort; - } - currData.Data += *updateSizes; - updateSizes++; - } - crtn = CSSM_GenerateMacFinal(macHand, mac); - if(crtn) { - printError("CSSM_GenerateMacFinal", crtn); - } -abort: - crtn = CSSM_DeleteContext(macHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - } - return crtn; -} - -/* - * Verify MAC, CSP, specified set of update sizes - */ -static CSSM_RETURN cspVfyMacWithSizes(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, - CSSM_KEY_PTR key, // session key - const CSSM_DATA *text, - unsigned *updateSizes, // null-terminated list of sizes - const CSSM_DATA *mac) -{ - CSSM_CC_HANDLE macHand; - CSSM_RETURN crtn; - CSSM_DATA currData = *text; - - crtn = CSSM_CSP_CreateMacContext(cspHand, - algorithm, - key, - &macHand); - if(crtn) { - printError("CSSM_CSP_CreateMacContext", crtn); - return crtn; - } - crtn = CSSM_VerifyMacInit(macHand); - if(crtn) { - printError("CSSM_VerifyMacInit", crtn); - goto abort; - } - - while(*updateSizes) { - currData.Length = *updateSizes; - crtn = CSSM_VerifyMacUpdate(macHand, - &currData, - 1); - if(crtn) { - printError("CSSM_GenerateMacUpdate", crtn); - goto abort; - } - currData.Data += *updateSizes; - updateSizes++; - } - crtn = CSSM_VerifyMacFinal(macHand, mac); - if(crtn) { - printError("CSSM_GenerateMacFinal", crtn); - } -abort: - crtn = CSSM_DeleteContext(macHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - } - return crtn; -} - -/* - * Generate or verify MAC using CSP with either random-sized staged updates - * (updateSizes == NULL) or specified set of update sizes. - */ -static CSSM_RETURN genMacCSSM( - CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS macAlg, - CSSM_ALGORITHMS keyAlg, - CSSM_BOOL doGen, - const CSSM_DATA *key, // raw key bytes - CSSM_BOOL genRaw, // first generate raw key (CSPDL) - const CSSM_DATA *inText, - unsigned *updateSizes, // NULL --> random updates - // else null-terminated list of sizes - CSSM_DATA_PTR outText) // mallocd and returned if doGen -{ - CSSM_KEY_PTR symKey; - CSSM_KEY refKey; // in case of genRaw - CSSM_BOOL refKeyGenerated = CSSM_FALSE; - CSSM_RETURN crtn; - - if(genRaw) { - crtn = cspGenSymKeyWithBits(cspHand, - keyAlg, - CSSM_KEYUSE_SIGN | CSSM_KEYUSE_VERIFY, - key, - key->Length, - &refKey); - if(crtn) { - return crtn; - } - symKey = &refKey; - refKeyGenerated = CSSM_TRUE; - } - else { - /* cook up a raw symmetric key */ - symKey = cspGenSymKey(cspHand, - keyAlg, - "noLabel", - 8, - CSSM_KEYUSE_SIGN | CSSM_KEYUSE_VERIFY, - key->Length * 8, - CSSM_FALSE); // ref key - if(symKey == NULL) { - return CSSM_ERRCODE_INTERNAL_ERROR; - } - if(symKey->KeyData.Length != key->Length) { - printf("***Generated key size error (exp %lu, got %lu)\n", - key->Length, symKey->KeyData.Length); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - memmove(symKey->KeyData.Data, key->Data, key->Length); - } - if(doGen) { - /* CSP mallocs */ - outText->Data = NULL; - outText->Length = 0; - } - - /* go for it */ - if(doGen) { - if(updateSizes) { - crtn = cspGenMacWithSizes(cspHand, - macAlg, - symKey, - inText, - updateSizes, - outText); - } - else { - crtn = cspStagedGenMac(cspHand, - macAlg, - symKey, - inText, - CSSM_TRUE, // multiUpdates - CSSM_FALSE, // mallocMac - outText); - } - } - else { - if(updateSizes) { - crtn = cspVfyMacWithSizes(cspHand, - macAlg, - symKey, - inText, - updateSizes, - outText); - } - else { - crtn = cspMacVerify(cspHand, - macAlg, - symKey, - inText, - outText, - CSSM_OK); - } - } - cspFreeKey(cspHand, symKey); - if(!refKeyGenerated) { - /* key itself mallocd by cspGenSymKey */ - CSSM_FREE(symKey); - } - return crtn; -} - -#define LOG_FREQ 20 -#define MAX_FIXED_UPDATES 5 - -static int doTest(CSSM_CSP_HANDLE cspHand, - const CSSM_DATA *ptext, - const CSSM_DATA *keyData, - CSSM_BOOL genRaw, // first generate raw key (CSPDL) - uint32 macAlg, - uint32 keyAlg, - CSSM_BOOL fixedUpdates, // for testing CSSM_ALGID_SHA1HMAC_LEGACY - CSSM_BOOL quiet) -{ - CSSM_DATA macRef = {0, NULL}; // MAC, BSAFE reference - CSSM_DATA macTest = {0, NULL}; // MAC, CSP test - int rtn = 0; - CSSM_RETURN crtn; - unsigned updateSizes[MAX_FIXED_UPDATES+1]; - unsigned *updateSizesPtr; - - if(fixedUpdates) { - /* calculate up to MAX_FIXED_UPDATES update sizes which add up to - * ptext->Length */ - int i; - unsigned bytesToGo = ptext->Length; - - memset(updateSizes, 0, sizeof(unsigned) * (MAX_FIXED_UPDATES+1)); - for(i=0; i MAX_EXP) { - usage(argv); - } - break; - case 'v': - verbose = CSSM_TRUE; - break; - case 'D': - bareCsp = CSSM_FALSE; - #if CSPDL_ALL_KEYS_ARE_REF - genRaw = CSSM_TRUE; - #endif - break; - case 'q': - quiet = CSSM_TRUE; - break; - case 'p': - pauseInterval = atoi(&argp[2]); - break; - case 'z': - allZeroes = CSSM_TRUE; - break; - case 'k': - keySizeSpecd = atoi(&argp[2]); - break; - case 'P': - ptextLenSpecd = atoi(&argp[2]); - break; - case 'h': - default: - usage(argv); - } - } - if(minExp > maxExp) { - printf("***minExp must be <= maxExp\n"); - usage(argv); - } - ptext.Data = (uint8 *)CSSM_MALLOC(MAX_DATA_SIZE); - if(ptext.Data == NULL) { - printf("Insufficient heap space\n"); - exit(1); - } - /* ptext length set in test loop */ - - keyData.Data = (uint8 *)CSSM_MALLOC(MAX_KEY_SIZE); - if(keyData.Data == NULL) { - printf("Insufficient heap space\n"); - exit(1); - } - /* key length set in test loop */ - - printf("Starting macCompat; args: "); - for(i=1; i -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#define DATA_SIZE_DEF 100 -#define LOOPS_DEF 10 - -#define KEY_ALG_DEF CSSM_ALGID_SHA1HMAC -#define MAC_ALG_DEF CSSM_ALGID_SHA1HMAC - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" d=dataSize (default = %d)\n", DATA_SIZE_DEF); - printf(" l=loops (0=forever)\n"); - printf(" p=pauseInterval (default=0, no pause)\n"); - printf(" m (HMACMD5; default is HMACSHA1)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" q(uiet)\n"); - printf(" v(erbose))\n"); - exit(1); -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - CSSM_CSP_HANDLE cspHand; - CSSM_CC_HANDLE macHand; - CSSM_RETURN crtn; - CSSM_DATA randData; - CSSM_KEY_PTR symmKey; - CSSM_DATA macData = {0, NULL}; - unsigned loop; - int i; - unsigned dataSize = DATA_SIZE_DEF; - unsigned pauseInterval = 0; - unsigned loops = LOOPS_DEF; - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL bareCsp = CSSM_TRUE; - CSSM_ALGORITHMS macAlg = MAC_ALG_DEF; - CSSM_ALGORITHMS keyAlg = KEY_ALG_DEF; - - for(arg=1; arg -#include -#include -#include -#include // for TP OIDs -#include "common.h" -#include - -/* the memory functions themselves are in utilLib/common.c. */ -static CSSM_MEMORY_FUNCS memFuncs = { - appMalloc, - appFree, - appRealloc, - appCalloc, - NULL - }; - -static void usage(char **argv) -{ - printf("Usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" k keep connected and go again\n"); - exit(1); -} - -#define NORM_KEY_LEN 10 - -/* print a key name, padding out to NORM_KEY_LEN columns */ -static void printName( - const char *attrName) -{ - printf(" %s", attrName); - int len = strlen(attrName); - if(len > NORM_KEY_LEN) { - return; - } - int numSpaces = NORM_KEY_LEN - len; - for(int i=0; iLength; dex++) { - printf("%c", attrValue->Data[dex]); - } - printf("'\n"); -} - -/* Print one attribute value */ -static void dumpAttr( - CSSM_DB_ATTRIBUTE_FORMAT attrForm, - const CSSM_DATA *attrData) -{ - if((attrData == NULL) || (attrData->Data == NULL)) { - printf("\n"); - return; - } - void *data = attrData->Data; - switch(attrForm) { - case CSSM_DB_ATTRIBUTE_FORMAT_STRING: - printValue(attrData); - break; - case CSSM_DB_ATTRIBUTE_FORMAT_SINT32: // not really supported in MDS - case CSSM_DB_ATTRIBUTE_FORMAT_UINT32: - { - unsigned val = *(unsigned *)data; - printf("0x%x\n", val); - break; - } - case CSSM_DB_ATTRIBUTE_FORMAT_BLOB: - { - printf("BLOB length %u : ", (unsigned)attrData->Length); - for(unsigned i=0; iLength; i++) { - unsigned dat = attrData->Data[i]; - printf("%02X ", dat); - } - printf("\n"); - break; - } - case CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32: - { - printf("multi_int["); - uint32 numInts = attrData->Length / sizeof(uint32); - uint32 *uip = (uint32 *)data; - for(unsigned i=0; i 0) { - printf(", "); - } - printf("0x%x", (unsigned)*uip++); - } - printf("]\n"); - break; - } - default: - printf("***UNKNOWN FORMAT (%u), Length %u\n", - (unsigned)attrForm, (unsigned)attrData->Length); - break; - } -} - -/* - * Vanilla "dump one record" routine. Assumes format of all attribute labels - * as string. - */ -static void dumpRecord( - const CSSM_DB_RECORD_ATTRIBUTE_DATA *recordAttrs) -{ - unsigned dex; - for(dex=0; dexNumberOfAttributes; dex++) { - const CSSM_DB_ATTRIBUTE_DATA *attrData = &recordAttrs->AttributeData[dex]; - if(attrData->Info.AttributeNameFormat != - CSSM_DB_ATTRIBUTE_NAME_AS_STRING) { - printf("***BAD ATTR_NAME FORMAT (%u)\n", - (unsigned)attrData->Info.AttributeNameFormat); - continue; - } - const char *attrName = attrData->Info.Label.AttributeName; - printName(attrName); - printf(": "); - for(unsigned attrNum=0; attrNumNumberOfValues; attrNum++) { - dumpAttr(attrData->Info.AttributeFormat, - &attrData->Value[attrNum]); - } - if(attrData->NumberOfValues == 0) { - printf("<>\n"); - } - } -} - -/* free attribute(s) allocated by MDS */ -static void freeAttrs( - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR recordAttrs) -{ - unsigned i; - - for(i=0; iNumberOfAttributes; i++) { - CSSM_DB_ATTRIBUTE_DATA_PTR attrData = &recordAttrs->AttributeData[i]; - if(attrData == NULL) { - /* fault of caller, who allocated the CSSM_DB_ATTRIBUTE_DATA */ - printf("***freeAttrs screwup: NULL attrData\n"); - return; - } - unsigned j; - for(j=0; jNumberOfValues; j++) { - CSSM_DATA_PTR data = &attrData->Value[j]; - if(data == NULL) { - /* fault of MDS, who said there was a value here */ - printf("***freeAttrs screwup: NULL data\n"); - return; - } - appFree(data->Data, NULL); - data->Data = NULL; - data->Length = 0; - } - appFree(attrData->Value, NULL); - attrData->Value = NULL; - } -} - -/* - * Core MDS lookup routine. Used in two situations. It's called by main() to perform - * a lookup in the CDSA Directory Database based one one key/value pair; this - * call fetches one attribute from the associated record - the GUID ("ModuleID" - * in MDS lingo). Then the function calls itself to do a lookup in the Object DB, - * based on that GUID, in order to fetch the path of the module associated with - * that GUID. The first call (from main()) corresponds to an application's - * typical use of MDS. The recursive call, which does a lookup in the Object - * DB, corresponds to CSSM's typical use of MDS, which is to map a GUID to a - * bundle path. - * - * The ModuleID and Path of all modules satisfying the initial search criteria - * are displayed on stdout. - * - * Caller specifies one search attribute, by name, value,Êand value format. - * Whether this is the first or second (recursive) call is indicated by the - * cdsaLookup argument. That determines both the DB to search and the attribute - * to fetch (ModuleID or Path). - */ -static void doLookup( - MDS_FUNCS *mdsFuncs, - - /* Two DBs and a flag indicating which one to use */ - MDS_DB_HANDLE objDlDb, - MDS_DB_HANDLE cdsaDlDb, - bool cdsaLookup, // true - use cdsaDlDb; false - objDlDb - - /* Record type, a.k.a. Relation, e.g. MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE */ - CSSM_DB_RECORDTYPE recordType, - - /* key, value, valForm, and valOp are the thing we search on */ - /* Note CSSM_DB_ATTRIBUTE_NAME_FORMAT - the format of the attribute name - - * is always CSSM_DB_ATTRIBUTE_NAME_AS_STRING for MDS. */ - const char *key, // e.g. "AlgType" - const void *valPtr, - unsigned valLen, - CSSM_DB_ATTRIBUTE_FORMAT valForm, // CSSM_DB_ATTRIBUTE_FORMAT_STRING, etc. - CSSM_DB_OPERATOR valOp, // normally CSSM_DB_EQUAL - - /* for display only */ - const char *srchStr) -{ - CSSM_QUERY query; - CSSM_DB_UNIQUE_RECORD_PTR record = NULL; - CSSM_HANDLE resultHand; - CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; - CSSM_SELECTION_PREDICATE predicate; - CSSM_DATA predData; - CSSM_DB_ATTRIBUTE_DATA outAttr; - CSSM_DB_ATTRIBUTE_INFO_PTR attrInfo; - CSSM_RETURN crtn; - MDS_DB_HANDLE dlDb; - const char *attrName; - - if(cdsaLookup) { - /* first call, fetching guid from the CDSA Directory DB */ - dlDb = cdsaDlDb; - attrName = "ModuleID"; - } - else { - /* recursive call, fetching path from Object DB */ - dlDb = objDlDb; - attrName = "Path"; - } - - /* We want one attributes back, name and format specified by caller */ - recordAttrs.DataRecordType = recordType; - recordAttrs.SemanticInformation = 0; - recordAttrs.NumberOfAttributes = 1; - recordAttrs.AttributeData = &outAttr; - - memset(&outAttr, 0, sizeof(CSSM_DB_ATTRIBUTE_DATA)); - attrInfo = &outAttr.Info; - attrInfo->AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attrInfo->Label.AttributeName = (char *)attrName; - attrInfo->AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_STRING; - - /* one predicate - the caller's key and CSSM_DB_OPERATOR */ - predicate.DbOperator = valOp; - predicate.Attribute.Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - predicate.Attribute.Info.Label.AttributeName = (char *)key; - predicate.Attribute.Info.AttributeFormat = valForm; - predData.Data = (uint8 *)valPtr; - predData.Length = valLen; - predicate.Attribute.Value = &predData; - predicate.Attribute.NumberOfValues = 1; - - query.RecordType = recordType; - query.Conjunctive = CSSM_DB_NONE; - query.NumSelectionPredicates = 1; - query.SelectionPredicate = &predicate; - query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? - query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? - query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA...FIXME - used? - - crtn = mdsFuncs->DataGetFirst(dlDb, - &query, - &resultHand, - &recordAttrs, - NULL, // No data - &record); - switch(crtn) { - case CSSM_OK: - break; // proceed - case CSSMERR_DL_ENDOFDATA: - printf("%s: no record found\n", srchStr); - return; - default: - printError("DataGetFirst", crtn); - return; - } - /* dump this record, one attribute */ - if(srchStr) { - /* not done on recursive call */ - printf("%s found:\n", srchStr); - } - dumpRecord(&recordAttrs); - mdsFuncs->FreeUniqueRecord(dlDb, record); - - if(srchStr != NULL) { - /* - * Now do a lookup in Object DB of this guid, looking for path. - * Apps normally don't do this; this is what CSSM does when given - * the GUID of a module. - */ - if(outAttr.Value == NULL) { - printf("***Screwup: DataGetFirst worked, but no outAttr\n"); - return; - } - doLookup(mdsFuncs, - objDlDb, - cdsaDlDb, - false, // use objDlDb - MDS_OBJECT_RECORDTYPE, - "ModuleID", // key - outAttr.Value->Data, // valPtr, ModuleID, as string - outAttr.Value->Length, // valLen - CSSM_DB_ATTRIBUTE_FORMAT_STRING, - CSSM_DB_EQUAL, - NULL); // srchStr - } - freeAttrs(&recordAttrs); - - /* now the rest of them */ - for(;;) { - crtn = mdsFuncs->DataGetNext(dlDb, - resultHand, - &recordAttrs, - NULL, - &record); - switch(crtn) { - case CSSM_OK: - dumpRecord(&recordAttrs); - mdsFuncs->FreeUniqueRecord(cdsaDlDb, record); - if(srchStr != NULL) { - if(outAttr.Value == NULL) { - printf("***Screwup: DataGetNext worked, but no outAttr\n"); - return; - } - doLookup(mdsFuncs, - objDlDb, - cdsaDlDb, - false, // use objDlDb - MDS_OBJECT_RECORDTYPE, - "ModuleID", // key - outAttr.Value->Data, // valPtr, ModuleID, as string - outAttr.Value->Length, // valLen - CSSM_DB_ATTRIBUTE_FORMAT_STRING, - CSSM_DB_EQUAL, - NULL); // srchStr - } - freeAttrs(&recordAttrs); - break; // and go again - case CSSMERR_DL_ENDOFDATA: - /* normal termination */ - break; - default: - printError("DataGetNext", crtn); - break; - } - if(crtn != CSSM_OK) { - break; - } - } -} - -int main(int argc, char **argv) -{ - MDS_FUNCS mdsFuncs; - MDS_HANDLE mdsHand; - CSSM_RETURN crtn; - int arg; - CSSM_DB_HANDLE dbHand = 0; - MDS_DB_HANDLE objDlDb; - MDS_DB_HANDLE cdsaDlDb; - bool keepConnected = false; - uint32 val; - - for(arg=2; arg -#include - -/* - * There appears to be a bug in AppleDatabase which prevents our assigning - * schema to the meta-tables. - */ -#define DEFINE_META_TABLES 0 - -// -// Schema for the lone table in the Object Directory Database. -// -static const CSSM_DB_ATTRIBUTE_INFO objectAttrs[] = { - DB_ATTRIBUTE(ModuleID, STRING), - DB_ATTRIBUTE(Manifest, BLOB), - DB_ATTRIBUTE(ModuleName, STRING), - DB_ATTRIBUTE(Path, STRING), - DB_ATTRIBUTE(ProductVersion, STRING), - - /* not in the CDSA spec; denotes a plugin which is statically linked to CSSM */ - DB_ATTRIBUTE(BuiltIn, UINT32), -}; - -static const CSSM_DB_INDEX_INFO objectIndex[] = { - UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING) -}; - -const RelationInfo kObjectRelation = - RELATION_INFO(MDS_OBJECT_RECORDTYPE, - objectAttrs, - objectIndex); - -// -// Schema for the various tables in the CDSA Directory Database. -// - -// CSSM Relation. -static const CSSM_DB_ATTRIBUTE_INFO cssmAttrs[] = -{ - DB_ATTRIBUTE(ModuleID, STRING), - DB_ATTRIBUTE(CDSAVersion, STRING), - DB_ATTRIBUTE(Vendor, STRING), - DB_ATTRIBUTE(Desc, STRING), - DB_ATTRIBUTE(NativeServices, UINT32), -}; - -static const CSSM_DB_INDEX_INFO cssmIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING) -}; - -// KRMM Relation. -static const CSSM_DB_ATTRIBUTE_INFO krmmAttrs[] = -{ - DB_ATTRIBUTE(CSSMGuid, STRING), - DB_ATTRIBUTE(PolicyType, UINT32), - DB_ATTRIBUTE(PolicyName, STRING), - DB_ATTRIBUTE(PolicyPath, STRING), - DB_ATTRIBUTE(PolicyInfo, BLOB), - DB_ATTRIBUTE(PolicyManifest, BLOB), - /* - * This attribute is not defined in the CDSA spec. It's only here, in the schema, - * to avoid throwing exceptions when searching a DB for any records associated - * with a specified GUID - in all other schemas, a guid is specified as a - * ModuleID. - */ - DB_ATTRIBUTE(ModuleID, STRING), -}; - -static const CSSM_DB_INDEX_INFO krmmIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(CSSMGuid, STRING), - UNIQUE_INDEX_ATTRIBUTE(PolicyType, UINT32) -}; - -// EMM Relation. -static const CSSM_DB_ATTRIBUTE_INFO emmAttrs[] = -{ - DB_ATTRIBUTE(ModuleID, STRING), - DB_ATTRIBUTE(Manifest, BLOB), - DB_ATTRIBUTE(ModuleName, STRING), - DB_ATTRIBUTE(Path, STRING), - DB_ATTRIBUTE(CDSAVersion, STRING), - DB_ATTRIBUTE(EMMSpecVersion, STRING), - DB_ATTRIBUTE(Desc, STRING), - DB_ATTRIBUTE(PolicyStmt, BLOB), - DB_ATTRIBUTE(EmmVersion, STRING), - DB_ATTRIBUTE(EmmVendor, STRING), - DB_ATTRIBUTE(EmmType, UINT32), // does this need a name/value table? -}; - -static const CSSM_DB_INDEX_INFO emmIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING) -}; - -// Primary EMM Service Provider Relation. -static const CSSM_DB_ATTRIBUTE_INFO emmPrimaryAttrs[] = -{ - DB_ATTRIBUTE(ModuleID, STRING), - DB_ATTRIBUTE(SSID, UINT32), - DB_ATTRIBUTE(ServiceType, UINT32), - DB_ATTRIBUTE(Manifest, BLOB), - DB_ATTRIBUTE(ModuleName, STRING), - DB_ATTRIBUTE(ProductVersion, STRING), - DB_ATTRIBUTE(Vendor, STRING), - DB_ATTRIBUTE(SampleTypes, MULTI_UINT32), - DB_ATTRIBUTE(AclSubjectTypes, MULTI_UINT32), - DB_ATTRIBUTE(AuthTags, MULTI_UINT32), - DB_ATTRIBUTE(EmmSpecVersion, STRING), -}; - -static const CSSM_DB_INDEX_INFO emmPrimaryIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), - UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32), - UNIQUE_INDEX_ATTRIBUTE(ServiceType, UINT32) -}; - -// Common Relation. -static const CSSM_DB_ATTRIBUTE_INFO commonAttrs[] = -{ - DB_ATTRIBUTE(ModuleID, STRING), - DB_ATTRIBUTE(Manifest, BLOB), - DB_ATTRIBUTE(ModuleName, STRING), - DB_ATTRIBUTE(Path, STRING), - DB_ATTRIBUTE(CDSAVersion, STRING), - DB_ATTRIBUTE(Desc, STRING), - DB_ATTRIBUTE(DynamicFlag, UINT32), - DB_ATTRIBUTE(MultiThreadFlag, UINT32), - DB_ATTRIBUTE(ServiceMask, UINT32), -}; - -static const CSSM_DB_INDEX_INFO commonIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING) -}; - -// CSP Primary Relation. -static const CSSM_DB_ATTRIBUTE_INFO cspPrimaryAttrs[] = -{ - DB_ATTRIBUTE(ModuleID, STRING), - DB_ATTRIBUTE(SSID, UINT32), - DB_ATTRIBUTE(Manifest, BLOB), - DB_ATTRIBUTE(ModuleName, STRING), - DB_ATTRIBUTE(ProductVersion, STRING), - DB_ATTRIBUTE(Vendor, STRING), - DB_ATTRIBUTE(CspType, UINT32), - DB_ATTRIBUTE(CspFlags, UINT32), - DB_ATTRIBUTE(CspCustomFlags, UINT32), - DB_ATTRIBUTE(UseeTags, MULTI_UINT32), - DB_ATTRIBUTE(SampleTypes, MULTI_UINT32), - DB_ATTRIBUTE(AclSubjectTypes, MULTI_UINT32), - DB_ATTRIBUTE(AuthTags, MULTI_UINT32), -}; - -static const CSSM_DB_INDEX_INFO cspPrimaryIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), - UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32) -}; - -// CSP Capabilities Relation. -static const CSSM_DB_ATTRIBUTE_INFO cspCapabilitiesAttrs[] = -{ - DB_ATTRIBUTE(ModuleID, STRING), - DB_ATTRIBUTE(SSID, UINT32), - DB_ATTRIBUTE(UseeTag, UINT32), - DB_ATTRIBUTE(ContextType, UINT32), - DB_ATTRIBUTE(AlgType, UINT32), - DB_ATTRIBUTE(GroupId, UINT32), - DB_ATTRIBUTE(AttributeType, UINT32), - DB_ATTRIBUTE(AttributeValue, MULTI_UINT32), - DB_ATTRIBUTE(Description, STRING), -}; - -static const CSSM_DB_INDEX_INFO cspCapabilitiesIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), - UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32), - UNIQUE_INDEX_ATTRIBUTE(UseeTag, UINT32), - UNIQUE_INDEX_ATTRIBUTE(ContextType, UINT32), - UNIQUE_INDEX_ATTRIBUTE(AlgType, UINT32), - UNIQUE_INDEX_ATTRIBUTE(GroupId, UINT32), - UNIQUE_INDEX_ATTRIBUTE(AttributeType, STRING) -}; - -// special case "subschema" for parsing CSPCapabilities. These arrays correspond -// dictionaries within a CSPCapabilities info file; they are not part of -// our DB's schema. They are declared only to streamline the -// MDSAttrParser::parseCspCapabilitiesRecord function. No index info is needed. - -// top-level info, applied to the dictionary for the whole file. -static const CSSM_DB_ATTRIBUTE_INFO kAttributesCSPCapabilitiesDict1[] = -{ - DB_ATTRIBUTE(ModuleID, STRING), - DB_ATTRIBUTE(SSID, UINT32), -}; -const RelationInfo CSPCapabilitiesDict1RelInfo = - RELATION_INFO( - MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE, // actually a don't care - kAttributesCSPCapabilitiesDict1, - NULL); // no index - -// "Capabilities" is an array of dictionaries of these -static const CSSM_DB_ATTRIBUTE_INFO kAttributesCSPCapabilitiesDict2[] = -{ - DB_ATTRIBUTE(AlgType, UINT32), - DB_ATTRIBUTE(ContextType, UINT32), - DB_ATTRIBUTE(UseeTag, UINT32), - DB_ATTRIBUTE(Description, STRING), -}; -const RelationInfo CSPCapabilitiesDict2RelInfo = - RELATION_INFO( - MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE, // actually a don't care - kAttributesCSPCapabilitiesDict2, - NULL); // no index - -// Within a Capabilities array, the Attributes array is an array of -// Dictionaries of these. -static const CSSM_DB_ATTRIBUTE_INFO kAttributesCSPCapabilitiesDict3[] = -{ - DB_ATTRIBUTE(AttributeType, UINT32), - DB_ATTRIBUTE(AttributeValue, MULTI_UINT32), -}; -const RelationInfo CSPCapabilitiesDict3RelInfo = - RELATION_INFO( - MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE, // actually a don't care - kAttributesCSPCapabilitiesDict3, - NULL); - - - -// CSP Encapsulated Products Relation. -static const CSSM_DB_ATTRIBUTE_INFO cspEncapsulatedAttrs[] = -{ - DB_ATTRIBUTE(ModuleID, STRING), - DB_ATTRIBUTE(SSID, UINT32), - DB_ATTRIBUTE(ProductDesc, STRING), - DB_ATTRIBUTE(ProductVendor, STRING), - DB_ATTRIBUTE(ProductVersion, STRING), - DB_ATTRIBUTE(ProductFlags, UINT32), - DB_ATTRIBUTE(CustomFlags, UINT32), - DB_ATTRIBUTE(StandardDesc, STRING), - DB_ATTRIBUTE(StandardVersion, STRING), - DB_ATTRIBUTE(ReaderDesc, STRING), - DB_ATTRIBUTE(ReaderVendor, STRING), - DB_ATTRIBUTE(ReaderVersion, STRING), - DB_ATTRIBUTE(ReaderFirmwareVersion, STRING), - DB_ATTRIBUTE(ReaderFlags, UINT32), - DB_ATTRIBUTE(ReaderCustomFlags, UINT32), - DB_ATTRIBUTE(ReaderSerialNumber, STRING), -}; - -static const CSSM_DB_INDEX_INFO cspEncapsulatedIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), - UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32) -}; - -// CSP Smartcardinfo Relation. -static const CSSM_DB_ATTRIBUTE_INFO cspSmartCardAttrs[] = -{ - DB_ATTRIBUTE(ModuleID, STRING), - DB_ATTRIBUTE(SSID, UINT32), - DB_ATTRIBUTE(ScDesc, STRING), - DB_ATTRIBUTE(ScVendor, STRING), - DB_ATTRIBUTE(ScVersion, STRING), - DB_ATTRIBUTE(ScFirmwareVersion, STRING), - DB_ATTRIBUTE(ScFlags, UINT32), - DB_ATTRIBUTE(ScCustomFlags, UINT32), - DB_ATTRIBUTE(ScSerialNumber, STRING), -}; -static const CSSM_DB_INDEX_INFO cspSmartCardIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), - UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32), - UNIQUE_INDEX_ATTRIBUTE(ScDesc, STRING), - UNIQUE_INDEX_ATTRIBUTE(ScVendor, STRING), - UNIQUE_INDEX_ATTRIBUTE(ScVersion, STRING), - UNIQUE_INDEX_ATTRIBUTE(ScFirmwareVersion, STRING), - UNIQUE_INDEX_ATTRIBUTE(ScFlags, UINT32) -}; - -// DL Primary Relation. -static const CSSM_DB_ATTRIBUTE_INFO dlPrimaryAttrs[] = -{ - DB_ATTRIBUTE(ModuleID, STRING), - DB_ATTRIBUTE(SSID, UINT32), - DB_ATTRIBUTE(Manifest, BLOB), - DB_ATTRIBUTE(ModuleName, STRING), - DB_ATTRIBUTE(ProductVersion, STRING), - DB_ATTRIBUTE(Vendor, STRING), - DB_ATTRIBUTE(DLType, UINT32), - DB_ATTRIBUTE(QueryLimitsFlag, UINT32), // a completely bogus attr; see spec - DB_ATTRIBUTE(SampleTypes, MULTI_UINT32), - DB_ATTRIBUTE(AclSubjectTypes, MULTI_UINT32), - DB_ATTRIBUTE(AuthTags, MULTI_UINT32), - DB_ATTRIBUTE(ConjunctiveOps, MULTI_UINT32), - DB_ATTRIBUTE(RelationalOps, MULTI_UINT32), -}; -static const CSSM_DB_INDEX_INFO dlPrimaryIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), - UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32) -}; - -// DL Encapsulated Products Relation. -static const CSSM_DB_ATTRIBUTE_INFO dlEncapsulatedAttrs[] = -{ - DB_ATTRIBUTE(ModuleID, STRING), - DB_ATTRIBUTE(SSID, UINT32), - DB_ATTRIBUTE(ProductDesc, STRING), - DB_ATTRIBUTE(ProductVendor, STRING), - DB_ATTRIBUTE(ProductVersion, STRING), - DB_ATTRIBUTE(ProductFlags, UINT32), - DB_ATTRIBUTE(StandardDesc, STRING), - DB_ATTRIBUTE(StandardVersion, STRING), - DB_ATTRIBUTE(Protocol, UINT32), - DB_ATTRIBUTE(RetrievalMode, UINT32), -}; - -static const CSSM_DB_INDEX_INFO dlEncapsulatedIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), - UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32) -}; - -// CL Primary Relation. -static const CSSM_DB_ATTRIBUTE_INFO clPrimaryAttrs[] = -{ - DB_ATTRIBUTE(ModuleID, STRING), - DB_ATTRIBUTE(SSID, UINT32), - DB_ATTRIBUTE(Manifest, BLOB), - DB_ATTRIBUTE(ModuleName, STRING), - DB_ATTRIBUTE(ProductVersion, STRING), - DB_ATTRIBUTE(Vendor, STRING), - DB_ATTRIBUTE(CertTypeFormat, UINT32), - DB_ATTRIBUTE(CrlTypeFormat, UINT32), - DB_ATTRIBUTE(CertFieldNames, BLOB), - DB_ATTRIBUTE(BundleTypeFormat, MULTI_UINT32), - DB_ATTRIBUTE(XlationTypeFormat, MULTI_UINT32), - DB_ATTRIBUTE(TemplateFieldNames, BLOB), -}; - -static const CSSM_DB_INDEX_INFO clPrimaryIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), - UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32) -}; - -// CL Encapsulated Products Relation. -static const CSSM_DB_ATTRIBUTE_INFO clEncapsulatedAttrs[] = -{ - DB_ATTRIBUTE(ModuleID, STRING), - DB_ATTRIBUTE(SSID, UINT32), - DB_ATTRIBUTE(ProductDesc, STRING), - DB_ATTRIBUTE(ProductVendor, STRING), - DB_ATTRIBUTE(ProductVersion, STRING), - DB_ATTRIBUTE(ProductFlags, UINT32), - DB_ATTRIBUTE(StandardDesc, STRING), - DB_ATTRIBUTE(StandardVersion, STRING), -}; - -static const CSSM_DB_INDEX_INFO clEncapsulatedIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), - UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32) -}; - -// TP Primary Relation. -static const CSSM_DB_ATTRIBUTE_INFO tpPrimaryAttrs[] = -{ - DB_ATTRIBUTE(ModuleID, STRING), - DB_ATTRIBUTE(SSID, UINT32), - DB_ATTRIBUTE(Manifest, BLOB), - DB_ATTRIBUTE(ModuleName, STRING), - DB_ATTRIBUTE(ProductVersion, STRING), - DB_ATTRIBUTE(Vendor, STRING), - DB_ATTRIBUTE(CertTypeFormat, UINT32), - DB_ATTRIBUTE(SampleTypes, MULTI_UINT32), - DB_ATTRIBUTE(AclSubjectTypes, MULTI_UINT32), - DB_ATTRIBUTE(AuthTags, MULTI_UINT32), -}; - -static const CSSM_DB_INDEX_INFO tpPrimaryIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), - UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32) -}; - -// TP Policy-OIDs Relation. -static const CSSM_DB_ATTRIBUTE_INFO tpPolicyOidsAttrs[] = -{ - DB_ATTRIBUTE(ModuleID, STRING), - DB_ATTRIBUTE(SSID, UINT32), - DB_ATTRIBUTE(OID, BLOB), - DB_ATTRIBUTE(Value, BLOB), -}; - -static const CSSM_DB_INDEX_INFO tpPolicyOidsIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), - UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32), - UNIQUE_INDEX_ATTRIBUTE(OID, BLOB) -}; - -// special case "subschema" for parsing tpPolicyOidsAttrs. These arrays correspond -// dictionaries within a tpPolicyOidsAttrs info file; they are not part of -// our DB's schema. They are declared only to streamline the -// MDSAttrParser::parseTpPolicyOidsRecord function. No index info is needed. - -// top-level info, applied to the dictionary for the whole file. -static const CSSM_DB_ATTRIBUTE_INFO tpPolicyOidsDict1[] = -{ - DB_ATTRIBUTE(ModuleID, STRING), - DB_ATTRIBUTE(SSID, UINT32), -}; -const RelationInfo TpPolicyOidsDict1RelInfo = - RELATION_INFO( - MDS_CDSADIR_TP_OIDS_RECORDTYPE, // actually a don't care - tpPolicyOidsDict1, - NULL); // no index - -// One element of the "Policies" array maps to one of these. -static const CSSM_DB_ATTRIBUTE_INFO tpPolicyOidsDict2[] = -{ - DB_ATTRIBUTE(OID, BLOB), - DB_ATTRIBUTE(Value, BLOB), -}; -const RelationInfo TpPolicyOidsDict2RelInfo = - RELATION_INFO( - MDS_CDSADIR_TP_OIDS_RECORDTYPE, // actually a don't care - tpPolicyOidsDict2, - NULL); // no index - -// TP Encapsulated Products Relation. -static const CSSM_DB_ATTRIBUTE_INFO tpEncapsulatedAttrs[] = -{ - DB_ATTRIBUTE(ModuleID, STRING), - DB_ATTRIBUTE(SSID, UINT32), - DB_ATTRIBUTE(ProductDesc, STRING), - DB_ATTRIBUTE(ProductVendor, STRING), - DB_ATTRIBUTE(ProductVersion, STRING), - DB_ATTRIBUTE(ProductFlags, UINT32), // vendor-specific, right? - DB_ATTRIBUTE(AuthorityRequestType, MULTI_UINT32), - DB_ATTRIBUTE(StandardDesc, STRING), - DB_ATTRIBUTE(StandardVersion, STRING), - DB_ATTRIBUTE(ProtocolDesc, STRING), - DB_ATTRIBUTE(ProtocolFlags, UINT32), - DB_ATTRIBUTE(CertClassName, STRING), - DB_ATTRIBUTE(RootCertificate, BLOB), - DB_ATTRIBUTE(RootCertTypeFormat, UINT32), -}; -static const CSSM_DB_INDEX_INFO tpEncapsulatedIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), - UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32) -}; - -#if DEFINE_META_TABLES -// MDS Schema Relations (meta) Relation. -static const CSSM_DB_ATTRIBUTE_INFO mdsSchemaRelationsAttrs[] = -{ - DB_ATTRIBUTE(RelationID, UINT32), - DB_ATTRIBUTE(RelationName, STRING), -}; - -static const CSSM_DB_INDEX_INFO mdsSchemaRelationsIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(RelationID, UINT32), -}; - -// MDS Schema Attributes (meta) Relation. -static const CSSM_DB_ATTRIBUTE_INFO mdsSchemaAttributesAttrs[] = -{ - DB_ATTRIBUTE(RelationID, UINT32), - DB_ATTRIBUTE(AttributeID, UINT32), - DB_ATTRIBUTE(AttributeNameFormat, UINT32), - DB_ATTRIBUTE(AttributeName, STRING), - DB_ATTRIBUTE(AttributeNameID, BLOB), - DB_ATTRIBUTE(AttributeFormat, UINT32), -}; - -static const CSSM_DB_INDEX_INFO mdsSchemaAttributesIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(RelationID, UINT32), - UNIQUE_INDEX_ATTRIBUTE(AttributeID, UINT32) -}; - -// MDS Schema Indexes (meta) Relation. -static const CSSM_DB_ATTRIBUTE_INFO mdsSchemaIndexesAttrs[] = -{ - DB_ATTRIBUTE(RelationID, UINT32), - DB_ATTRIBUTE(IndexID, UINT32), - DB_ATTRIBUTE(AttributeID, UINT32), - DB_ATTRIBUTE(IndexType, UINT32), - DB_ATTRIBUTE(IndexedDataLocation, UINT32), -}; - -static const CSSM_DB_INDEX_INFO mdsSchemaIndexesIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(RelationID, UINT32), - UNIQUE_INDEX_ATTRIBUTE(IndexID, UINT32) -}; - -#endif /* DEFINE_META_TABLES */ - -// AC Primary Relation. -static const CSSM_DB_ATTRIBUTE_INFO acPrimaryAttrs[] = -{ - DB_ATTRIBUTE(ModuleID, STRING), - DB_ATTRIBUTE(SSID, UINT32), - DB_ATTRIBUTE(Manifest, BLOB), - DB_ATTRIBUTE(ModuleName, STRING), - DB_ATTRIBUTE(ProductVersion, STRING), - DB_ATTRIBUTE(Vendor, STRING), -}; - -static const CSSM_DB_INDEX_INFO acPrimaryIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), - UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32) -}; - -// KR Primary Relation. -static const CSSM_DB_ATTRIBUTE_INFO krPrimaryAttrs[] = -{ - DB_ATTRIBUTE(ModuleID, STRING), - DB_ATTRIBUTE(SSID, UINT32), - DB_ATTRIBUTE(Manifest, BLOB), - DB_ATTRIBUTE(ModuleName, STRING), - DB_ATTRIBUTE(CompatCSSMVersion, STRING), - DB_ATTRIBUTE(Version, STRING), - DB_ATTRIBUTE(Vendor, STRING), - DB_ATTRIBUTE(Description, STRING), - DB_ATTRIBUTE(ConfigFileLocation, STRING), -}; - -static const CSSM_DB_INDEX_INFO krPrimaryIndex[] = -{ - UNIQUE_INDEX_ATTRIBUTE(ModuleID, STRING), - UNIQUE_INDEX_ATTRIBUTE(SSID, UINT32) -}; - -// list of all built-in schema for the CDSA Directory DB. -const RelationInfo kMDSRelationInfo[] = -{ - RELATION_INFO(MDS_CDSADIR_CSSM_RECORDTYPE, - cssmAttrs, - cssmIndex), - RELATION_INFO(MDS_CDSADIR_KRMM_RECORDTYPE, - krmmAttrs, - krmmIndex), - RELATION_INFO(MDS_CDSADIR_EMM_RECORDTYPE, - emmAttrs, - emmIndex), - RELATION_INFO(MDS_CDSADIR_EMM_PRIMARY_RECORDTYPE, - emmPrimaryAttrs, - emmPrimaryIndex), - RELATION_INFO(MDS_CDSADIR_COMMON_RECORDTYPE, - commonAttrs, - commonIndex), - RELATION_INFO(MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE, - cspPrimaryAttrs, - cspPrimaryIndex), - RELATION_INFO(MDS_CDSADIR_CSP_CAPABILITY_RECORDTYPE, - cspCapabilitiesAttrs, - cspCapabilitiesIndex), - RELATION_INFO(MDS_CDSADIR_CSP_ENCAPSULATED_PRODUCT_RECORDTYPE, - cspEncapsulatedAttrs, - cspEncapsulatedIndex), - RELATION_INFO(MDS_CDSADIR_CSP_SC_INFO_RECORDTYPE, - cspSmartCardAttrs, - cspSmartCardIndex), - RELATION_INFO(MDS_CDSADIR_DL_PRIMARY_RECORDTYPE, - dlPrimaryAttrs, - dlPrimaryIndex), - RELATION_INFO(MDS_CDSADIR_DL_ENCAPSULATED_PRODUCT_RECORDTYPE, - dlEncapsulatedAttrs, - dlEncapsulatedIndex), - RELATION_INFO(MDS_CDSADIR_CL_PRIMARY_RECORDTYPE, - clPrimaryAttrs, - clPrimaryIndex), - RELATION_INFO(MDS_CDSADIR_CL_ENCAPSULATED_PRODUCT_RECORDTYPE, - clEncapsulatedAttrs, - clEncapsulatedIndex), - RELATION_INFO(MDS_CDSADIR_TP_PRIMARY_RECORDTYPE, - tpPrimaryAttrs, - tpPrimaryIndex), - RELATION_INFO(MDS_CDSADIR_TP_OIDS_RECORDTYPE, - tpPolicyOidsAttrs, - tpPolicyOidsIndex), - RELATION_INFO(MDS_CDSADIR_TP_ENCAPSULATED_PRODUCT_RECORDTYPE, - tpEncapsulatedAttrs, - tpEncapsulatedIndex), - #if DEFINE_META_TABLES - RELATION_INFO(MDS_CDSADIR_MDS_SCHEMA_RELATIONS, - mdsSchemaRelationsAttrs, - mdsSchemaRelationsIndex), - RELATION_INFO(MDS_CDSADIR_MDS_SCHEMA_ATTRIBUTES, - mdsSchemaAttributesAttrs, - mdsSchemaAttributesIndex), - RELATION_INFO(MDS_CDSADIR_MDS_SCHEMA_INDEXES, - mdsSchemaIndexesAttrs, - mdsSchemaIndexesIndex), - #endif /* DEFINE_META_TABLES */ - RELATION_INFO(MDS_CDSADIR_AC_PRIMARY_RECORDTYPE, - acPrimaryAttrs, - acPrimaryIndex), - RELATION_INFO(MDS_CDSADIR_KR_PRIMARY_RECORDTYPE, - krPrimaryAttrs, - krPrimaryIndex) -}; - -const unsigned kNumMdsRelations = sizeof(kMDSRelationInfo) / sizeof(RelationInfo); - -// Map a CSSM_DB_RECORDTYPE to a RelationInfo *. -extern const RelationInfo *MDSRecordTypeToRelation( - CSSM_DB_RECORDTYPE recordType) -{ - const RelationInfo *relInfo = kMDSRelationInfo; - unsigned dex; - - for(dex=0; dexDataRecordType == recordType) { - return relInfo; - } - relInfo++; - } - if(recordType == MDS_OBJECT_RECORDTYPE) { - return &kObjectRelation; - } - return NULL; -} - -// same as above, based on record type as string. -extern const RelationInfo *MDSRecordTypeNameToRelation( - const char *recordTypeName) -{ - const RelationInfo *relInfo = kMDSRelationInfo; - unsigned dex; - - for(dex=0; dexrelationName)) { - return relInfo; - } - relInfo++; - } - return NULL; -} - diff --git a/SecurityTests/cspxutils/mdsdump/MDSSchema.h b/SecurityTests/cspxutils/mdsdump/MDSSchema.h deleted file mode 100644 index c33e877a..00000000 --- a/SecurityTests/cspxutils/mdsdump/MDSSchema.h +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright (c) 2000-2001,2004,2008 Apple Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -// -// MDSSchema.h - COPIED FROM libsecurity_mds since this is not exported from -// Security.framework - -// -// Declarations of structures which define the schema, including attributes -// and indexes, for the standard tables that are part of the MDS database. -// - -#ifndef _MDSSCHEMA_H -#define _MDSSCHEMA_H - -#include - -// Structure used to store information which is needed to create -// a relation with indexes. The info in one of these structs maps to one -// record type in a CSSM_DBINFO - both record attribute info and index info. -// The nameValues field refers to an array of MDSNameValuePair array pointers -// which are used to convert attribute values from strings to uint32s via -// MDS_StringToUint32. The nameValues array is parallel to the AttributeInfo -// array. -struct RelationInfo { - CSSM_DB_RECORDTYPE DataRecordType; - const char *relationName; - uint32 NumberOfAttributes; - const CSSM_DB_ATTRIBUTE_INFO *AttributeInfo; - uint32 NumberOfIndexes; - const CSSM_DB_INDEX_INFO *IndexInfo; -}; - -// Macros used to simplify declarations of attributes and indexes. - -// declare a CSSM_DB_ATTRIBUTE_INFO -#define DB_ATTRIBUTE(name, type) \ - { CSSM_DB_ATTRIBUTE_NAME_AS_STRING, \ - {(char *)#name}, \ - CSSM_DB_ATTRIBUTE_FORMAT_ ## type \ - } - -// declare a CSSM_DB_INDEX_INFO -#define UNIQUE_INDEX_ATTRIBUTE(name, type) \ - { CSSM_DB_INDEX_UNIQUE, \ - CSSM_DB_INDEX_ON_ATTRIBUTE, \ - { CSSM_DB_ATTRIBUTE_NAME_AS_STRING, \ - {(char *)#name}, \ - CSSM_DB_ATTRIBUTE_FORMAT_ ## type \ - } \ - } - -// declare a RelationInfo -#define RELATION_INFO(relationId, attributes, indexes) \ - { relationId, \ - #relationId, \ - sizeof(attributes) / sizeof(CSSM_DB_ATTRIBUTE_INFO), \ - attributes, \ - sizeof(indexes) / sizeof(CSSM_DB_INDEX_INFO), \ - indexes } - -// Object directory DB - one built-in schema. -extern const RelationInfo kObjectRelation; - -// list of all built-in schema for the CDSA Directory DB. -extern const RelationInfo kMDSRelationInfo[]; -extern const unsigned kNumMdsRelations; // size of kMDSRelationInfo[] - -// special case "subschema" for parsing CSPCapabilities. -extern const RelationInfo CSPCapabilitiesDict1RelInfo; -extern const RelationInfo CSPCapabilitiesDict2RelInfo; -extern const RelationInfo CSPCapabilitiesDict3RelInfo; - -// special case "subschema" for parsing TPPolicyOids. -extern const RelationInfo TpPolicyOidsDict1RelInfo; -extern const RelationInfo TpPolicyOidsDict2RelInfo; - -// Map a CSSM_DB_RECORDTYPE to a RelationInfo *. -extern const RelationInfo *MDSRecordTypeToRelation( - CSSM_DB_RECORDTYPE recordType); - -// same as above, based on record type as string. -extern const RelationInfo *MDSRecordTypeNameToRelation( - const char *recordTypeName); - -#endif // _MDSSCHEMA_H diff --git a/SecurityTests/cspxutils/mdsdump/Makefile b/SecurityTests/cspxutils/mdsdump/Makefile deleted file mode 100644 index 8c8c64c8..00000000 --- a/SecurityTests/cspxutils/mdsdump/Makefile +++ /dev/null @@ -1,54 +0,0 @@ -# name of executable to build -EXECUTABLE=mdsdump -# C++ source (with .cpp extension) -CPSOURCE= mdsdump.cpp MDSSchema.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= -framework CoreFoundation - -# -# project-specific includes, with leading -I -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -#PROJ_LDFLAGS= -lMallocDebug -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/mdsdump/mdsdump.cpp b/SecurityTests/cspxutils/mdsdump/mdsdump.cpp deleted file mode 100644 index 15d50cc4..00000000 --- a/SecurityTests/cspxutils/mdsdump/mdsdump.cpp +++ /dev/null @@ -1,558 +0,0 @@ -/* - * mdsdump.cpp - dump contents of system MDS databases - */ - - /**** FIXME this uses a private API not currently exported in any way from - **** Security project - ****/ - -#include -#include -#include -#include -#include -#include -#include "MDSSchema.h" -#include - -#define MAX_MDS_ATTRS 32 - -static CSSM_MEMORY_FUNCS memFuncs = { - appMalloc, - appFree, - appRealloc, - appCalloc, - NULL - }; - -static void showInfoTypes() -{ - printf(" o Object records\n"); - printf(" C CSSM records\n"); - printf(" p Plugin Common records\n"); - printf(" c CSP records\n"); - printf(" l CL records\n"); - printf(" t TP records\n"); - printf(" d DL records\n"); - printf(" a All records from Object DB\n"); - printf(" A All records from CDSA directory DB\n"); -} - -static void usage(char **argv) -{ - printf("Usage: %s info_type [options...]\n", argv[0]); - printf("info_type values:\n"); - showInfoTypes(); - printf(" h help\n"); - printf("Options:\n"); - printf(" i perform MDS_Install()\n"); - printf(" v verbose\n"); - printf(" k keep connected and go again\n"); - exit(1); -} - -#define NORM_KEY_LEN 20 - -/* print a key name, padding out to NORM_KEY_LEN columns */ -static void printName( - const char *attrName) -{ - printf(" %s", attrName); - int len = strlen(attrName); - if(len > NORM_KEY_LEN) { - return; - } - int numSpaces = NORM_KEY_LEN - len; - for(int i=0; iname != NULL) { - if(nameValues->value == val) { - printf("%s", nameValues->name); - return; - } - nameValues++; - } - } - /* Oh well */ - printf("0x%x", val); -} -#endif - -/* print value string, surrounded by single quotes, then a newline */ -static void printValue( - const CSSM_DATA *attrValue) -{ - printf("'"); - for(uint32 dex=0; dexLength; dex++) { - printf("%c", attrValue->Data[dex]); - } - printf("'\n"); -} - -/* Print one attribute value */ -static void dumpAttr( - CSSM_DB_ATTRIBUTE_FORMAT attrForm, - const CSSM_DATA *attrData) -{ - if((attrData == NULL) || (attrData->Data == NULL)) { - printf("\n"); - return; - } - void *data = attrData->Data; - switch(attrForm) { - case CSSM_DB_ATTRIBUTE_FORMAT_STRING: - printValue(attrData); - break; - case CSSM_DB_ATTRIBUTE_FORMAT_SINT32: // not really supported in MDS - case CSSM_DB_ATTRIBUTE_FORMAT_UINT32: - { - unsigned val = *(unsigned *)data; - printf("0x%x\n", val); - break; - } - case CSSM_DB_ATTRIBUTE_FORMAT_BLOB: - { - printf("BLOB length %u : ", (unsigned)attrData->Length); - for(unsigned i=0; iLength; i++) { - unsigned dat = attrData->Data[i]; - printf("%02X ", dat); - } - printf("\n"); - break; - } - case CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32: - { - printf("multi_int["); - uint32 numInts = attrData->Length / sizeof(uint32); - uint32 *uip = (uint32 *)data; - for(unsigned i=0; i 0) { - printf(", "); - } - printf("0x%x", (unsigned)(*uip++)); - } - printf("]\n"); - break; - } - default: - printf("***UNKNOWN FORMAT (%u), Length %u\n", - (unsigned)attrForm, (unsigned)attrData->Length); - break; - } -} - -/* - * Vanilla "dump one record" routine. Assumes format of all attribute labels - * as string. Uses a MDSNameValuePair ptr array in parallel to the attributes - * themselves to facilitate displaying numeric values as strings (e.g. - * "CSSM_ALGID_SHA1") where possible. - */ -static void dumpRecord( - const CSSM_DB_RECORD_ATTRIBUTE_DATA *recordAttrs) -{ - unsigned dex; - for(dex=0; dexNumberOfAttributes; dex++) { - const CSSM_DB_ATTRIBUTE_DATA *attrData = &recordAttrs->AttributeData[dex]; - if(attrData->Info.AttributeNameFormat != CSSM_DB_ATTRIBUTE_NAME_AS_STRING) { - printf("***BAD ATTR_NAME FORMAT (%u)\n", - (unsigned)attrData->Info.AttributeNameFormat); - continue; - } - const char *attrName = attrData->Info.Label.AttributeName; - printName(attrName); - printf(": "); - /* note currently in MDS NumberOfValues is always one or zero */ - for(unsigned attrNum=0; attrNumNumberOfValues; attrNum++) { - dumpAttr(attrData->Info.AttributeFormat, - &attrData->Value[attrNum]); - } - if(attrData->NumberOfValues == 0) { - printf("<>\n"); - } - } -} - -/* free attribute(s) allocated by MDS */ -static void freeAttrs( - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR recordAttrs) -{ - unsigned i; - - for(i=0; iNumberOfAttributes; i++) { - CSSM_DB_ATTRIBUTE_DATA_PTR attrData = &recordAttrs->AttributeData[i]; - if(attrData == NULL) { - /* fault of caller, who allocated the CSSM_DB_ATTRIBUTE_DATA */ - printf("***freeAttrs screwup: NULL attrData\n"); - return; - } - unsigned j; - for(j=0; jNumberOfValues; j++) { - CSSM_DATA_PTR data = &attrData->Value[j]; - if(data == NULL) { - /* fault of MDS, who said there was a value here */ - printf("***freeAttrs screwup: NULL data\n"); - return; - } - appFree(data->Data, NULL); - data->Data = NULL; - data->Length = 0; - } - appFree(attrData->Value, NULL); - attrData->Value = NULL; - } -} - -/* - * Fetch and display all records of specified CSSM_DB_RECORDTYPE. - */ -static void fetchAllAttrs( - MDS_FUNCS *mdsFuncs, - MDS_DB_HANDLE dlDb, - CSSM_DB_RECORDTYPE recordType) -{ - CSSM_QUERY query; - CSSM_DB_UNIQUE_RECORD_PTR record = NULL; - CSSM_RETURN crtn; - CSSM_HANDLE resultHand; - CSSM_DB_ATTRIBUTE_DATA attrs[MAX_MDS_ATTRS]; - CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; - const RelationInfo *relInfo; - - relInfo = MDSRecordTypeToRelation(recordType); - if(relInfo == NULL) { - printf("***UNKNOWN recordType %d\n", (int)recordType); - return; - } - - /* build an attr array from schema so we get all known attrs */ - memset(attrs, 0, sizeof(CSSM_DB_ATTRIBUTE_DATA) * MAX_MDS_ATTRS); - unsigned attrDex; - for(attrDex=0; attrDexNumberOfAttributes; attrDex++) { - attrs[attrDex].Info = relInfo->AttributeInfo[attrDex]; - } - recordAttrs.DataRecordType = recordType; - recordAttrs.NumberOfAttributes = relInfo->NumberOfAttributes; - recordAttrs.AttributeData = attrs; - - /* just search by recordType, no predicates */ - query.RecordType = recordType; - query.Conjunctive = CSSM_DB_NONE; - query.NumSelectionPredicates = 0; - query.SelectionPredicate = NULL; - query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? - query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? - query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA...FIXME - used? - - crtn = mdsFuncs->DataGetFirst(dlDb, - &query, - &resultHand, - &recordAttrs, - NULL, // No data - &record); - switch(crtn) { - case CSSM_OK: - break; // proceed - case CSSMERR_DL_ENDOFDATA: - printf("%s: no record found\n", relInfo->relationName); - return; - default: - printError("DataGetFirst", crtn); - return; - } - unsigned recNum = 0; - printf("%s:\n", relInfo->relationName); - printf(" record %d; numAttrs %d:\n", - recNum++, (int)recordAttrs.NumberOfAttributes); - - dumpRecord(&recordAttrs); - mdsFuncs->FreeUniqueRecord(dlDb, record); - freeAttrs(&recordAttrs); - - /* now the rest of them */ - /* hopefully we don't have to re-init the recordAttr array */ - for(;;) { - crtn = mdsFuncs->DataGetNext(dlDb, - resultHand, - &recordAttrs, - NULL, - &record); - switch(crtn) { - case CSSM_OK: - printf(" record %d; numAttrs %d:\n", - recNum++, (int)recordAttrs.NumberOfAttributes); - dumpRecord(&recordAttrs); - mdsFuncs->FreeUniqueRecord(dlDb, record); - freeAttrs(&recordAttrs); - break; // and go again - case CSSMERR_DL_ENDOFDATA: - /* normal termination */ - break; - default: - printError("DataGetNext", crtn); - break; - } - if(crtn != CSSM_OK) { - break; - } - } -} - -/* - * This is different - it's schema-independent. Fetch all records from specified - * DlDb which contain a ModuleID attribute. - */ -static void fetchAllRecords( - MDS_FUNCS *mdsFuncs, - MDS_DB_HANDLE dlDb) -{ - CSSM_QUERY query; - CSSM_DB_UNIQUE_RECORD_PTR record = NULL; - CSSM_RETURN crtn; - CSSM_HANDLE resultHand; - CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; - CSSM_DB_ATTRIBUTE_DATA theAttr; - CSSM_DB_ATTRIBUTE_INFO_PTR attrInfo = &theAttr.Info; - CSSM_DATA attrValue = {0, NULL}; - - recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_ANY; - recordAttrs.SemanticInformation = 0; - recordAttrs.NumberOfAttributes = 1; - recordAttrs.AttributeData = &theAttr; - - attrInfo->AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attrInfo->Label.AttributeName = (char *)"ModuleID"; - attrInfo->AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_STRING; - - theAttr.NumberOfValues = 1; - theAttr.Value = &attrValue; - - /* just search by recordType, no predicates */ - query.RecordType = CSSM_DL_DB_RECORD_ANY; - query.Conjunctive = CSSM_DB_NONE; - query.NumSelectionPredicates = 0; - query.SelectionPredicate = NULL; - query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? - query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? - query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA...FIXME - used? - - crtn = mdsFuncs->DataGetFirst(dlDb, - &query, - &resultHand, - &recordAttrs, - NULL, // No data - &record); - switch(crtn) { - case CSSM_OK: - break; // proceed - case CSSMERR_DL_ENDOFDATA: - printf("no record found\n"); - return; - default: - printError("DataGetFirst", crtn); - return; - } - unsigned recNum = 0; - printf("Records containing a ModuleID attribute:\n"); - printf(" record %d:\n", recNum++); - - dumpRecord(&recordAttrs); - mdsFuncs->FreeUniqueRecord(dlDb, record); - freeAttrs(&recordAttrs); - - /* now the rest of them */ - /* hopefully we don't have to re-init the recordAttr array */ - for(;;) { - crtn = mdsFuncs->DataGetNext(dlDb, - resultHand, - &recordAttrs, - NULL, - &record); - switch(crtn) { - case CSSM_OK: - printf(" record %d:\n", recNum++); - dumpRecord(&recordAttrs); - mdsFuncs->FreeUniqueRecord(dlDb, record); - freeAttrs(&recordAttrs); - break; // and go again - case CSSMERR_DL_ENDOFDATA: - /* normal termination */ - break; - default: - printError("DataGetNext", crtn); - break; - } - if(crtn != CSSM_OK) { - break; - } - } -} - -static void doInstall( - MDS_HANDLE mdsHand) -{ - CFAbsoluteTime start, end; - - start = CFAbsoluteTimeGetCurrent(); - CSSM_RETURN crtn = MDS_Install(mdsHand); - end = CFAbsoluteTimeGetCurrent(); - if(crtn) { - printError("MDS_Install", crtn); - } - else { - printf("MDS_Install took %gs\n", end - start); - } -} - -int main(int argc, char **argv) -{ - MDS_FUNCS mdsFuncs; - MDS_HANDLE mdsHand; - CSSM_RETURN crtn; - int arg; - char op; - char *dbName; - CSSM_DB_HANDLE dbHand = 0; - MDS_DB_HANDLE dlDb; - bool verbose = 0; - bool keepConnected = false; - bool install = false; - - if(argc < 2) { - usage(argv); - } - op = argv[1][0]; - if(op == 'h') { - usage(argv); - } - for(arg=2; arg -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "cspdlTesting.h" - -/* - * Temporary hack to use CSSM_KEYBLOB_WRAPPED_FORMAT_{PKCS7,PKCS8}, which - * are no longer supported as of 7/28/00 - */ -#define PKCS8_FORMAT_ENABLE 1 -#define PKCS7_FORMAT_ENABLE 0 - -#define ENCR_USAGE_NAME "noLabel" -#define ENCR_USAGE_NAME_LEN (strlen(ENCR_USAGE_NAME)) -#define WRAP_USAGE_NAME "noWrapLabel" -#define WRAP_USAGE_NAME_LEN (strlen(WRAP_USAGE_NAME)) -#define LOOPS_DEF 10 -#define MAX_PTEXT_SIZE 1000 -#define LOOP_PAUSE 10 - -/* - * A new restriction for X: when wrapping using an RSA key, you can't - * wrap a key which is bigger than the RSA key itself because the - * wrap (Encrypt) is a one-shot deal, unlike the OS9 CSP which - * handled multiple chunks. This only effectively restricts the - * use of an RSA key to wrap symmetric keys, which doesn't seem like - * an unreasonable restriction. - */ -#define RSA_WRAP_RESTRICTION 1 - -/* - * Currently the CSP can use wrapping keys flagged exclusively for wrapping - * (CSSM_KEYUSE_{WRAP,UNWRAP} for the actual wrap sinceÊthe wrap/unwrap op is - * done with an encrypt/decrypt op. The WrapKey op doesn't even see the - * wrapping key - it's in the context we pass it. Thus for now wrap/unwrap - * keys have to be marked with CSSM_KEYUSE_ANY. - */ -#define WRAP_USAGE_ANY 0 - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" f (only wrap RSA private key)\n"); - printf(" d (only wrap DES key)\n"); - printf(" S (do symmetric wrap only)\n"); - printf(" a (do asymmetric wrap only)\n"); - printf(" n (do null wrap only)\n"); - printf(" m (dump malloc info)\n"); - printf(" r (ref keys only)\n"); - printf(" w (wrap only)\n"); - printf(" e (export)\n"); - printf(" q (quiet)\n"); - printf(" k (force PKCS7/8)\n"); - #if PKCS7_FORMAT_ENABLE || PKCS8_FORMAT_ENABLE - printf(" K (skip PKCS7/8) (pkcs normally enable)\n"); - #else - printf(" K (allow PKCS7/8) (pkcs normally disabled)\n"); - #endif /* PKCS_FORMAT_ENABLE */ - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" p(ause every %d loops)\n", LOOP_PAUSE); - printf(" h(elp)\n"); - exit(1); -} - -/* not all algs need this, pass it in anyway */ -CSSM_DATA initVector = {8, (uint8 *)"someVect"}; - -/* - * local verbose wrap/unwrap functions. - */ -/* wrap key function. */ -static CSSM_RETURN wrapKey(CSSM_CSP_HANDLE cspHand, - const CSSM_KEY_PTR unwrappedKey, // must be ref - const CSSM_KEY_PTR wrappingKey, - CSSM_ALGORITHMS wrapAlg, - CSSM_ENCRYPT_MODE wrapMode, - CSSM_KEYBLOB_FORMAT wrapFormat, // NONE, PKCS7, PKCS8 - CSSM_PADDING wrapPad, - CSSM_KEY_PTR wrappedKey) // RETURNED -{ - CSSM_CC_HANDLE ccHand; - CSSM_RETURN crtn; - CSSM_RETURN crtn2; - #if WRAP_KEY_REQUIRES_CREDS - CSSM_ACCESS_CREDENTIALS creds; - #endif - - #if 0 - if(unwrappedKey->KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE) { - printf("Hey! you can only wrap a reference key!\n"); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - #endif - memset(wrappedKey, 0, sizeof(CSSM_KEY)); - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - /* special case for NULL wrap - no wrapping key */ - if((wrappingKey == NULL) || - (wrappingKey->KeyHeader.KeyClass == CSSM_KEYCLASS_SESSION_KEY)) { - crtn = CSSM_CSP_CreateSymmetricContext(cspHand, - wrapAlg, - wrapMode, - &creds, // accessCred - wrappingKey, - &initVector, - wrapPad, // Padding - NULL, // Reserved - &ccHand); - if(crtn) { - printError("cspWrapKey/CreateContext", crtn); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - } - else { - crtn = CSSM_CSP_CreateAsymmetricContext(cspHand, - wrapAlg, - &creds, // passPhrase - wrappingKey, - wrapPad, // Padding - &ccHand); - if(crtn) { - printError("cspWrapKey/CreateContext", crtn); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - /* CMS requires 8-byte IV */ - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_INIT_VECTOR, - sizeof(CSSM_DATA), - CAT_Ptr, - &initVector, - 0); - if(crtn) { - printError("CSSM_UpdateContextAttributes", crtn); - return crtn; - } - } - if(wrapFormat != CSSM_KEYBLOB_WRAPPED_FORMAT_NONE) { - /* only add this attribute if it's not the default */ - CSSM_CONTEXT_ATTRIBUTE attr; - attr.AttributeType = CSSM_ATTRIBUTE_WRAPPED_KEY_FORMAT; - attr.AttributeLength = sizeof(uint32); - attr.Attribute.Uint32 = wrapFormat; - crtn = CSSM_UpdateContextAttributes( - ccHand, - 1, - &attr); - if(crtn) { - printError("CSSM_UpdateContextAttributes", crtn); - return crtn; - } - } - crtn = CSSM_WrapKey(ccHand, - #if WRAP_KEY_REQUIRES_CREDS - &creds, - #else - NULL, // AccessCred - #endif - unwrappedKey, - NULL, // DescriptiveData - wrappedKey); - if(crtn != CSSM_OK) { - printError("CSSM_WrapKey", crtn); - } - if((crtn2 = CSSM_DeleteContext(ccHand))) { - printError("CSSM_DeleteContext", crtn2); - } - return crtn; -} - -/* unwrap key function. */ -static CSSM_RETURN unwrapKey(CSSM_CSP_HANDLE cspHand, - const CSSM_KEY_PTR wrappedKey, - const CSSM_KEY_PTR unwrappingKey, - CSSM_ALGORITHMS unwrapAlg, - CSSM_ENCRYPT_MODE unwrapMode, - CSSM_PADDING unwrapPad, - CSSM_KEY_PTR unwrappedKey, // RETURNED - const unsigned char *keyLabel, - unsigned keyLabelLen) -{ - CSSM_CC_HANDLE ccHand; - CSSM_RETURN crtn; - CSSM_RETURN crtn2; - CSSM_DATA labelData; - uint32 keyAttr; - CSSM_DATA descData = { 0, NULL }; - CSSM_ACCESS_CREDENTIALS creds; - - memset(unwrappedKey, 0, sizeof(CSSM_KEY)); - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - if((unwrappingKey == NULL) || - (unwrappingKey->KeyHeader.KeyClass == CSSM_KEYCLASS_SESSION_KEY)) { - crtn = CSSM_CSP_CreateSymmetricContext(cspHand, - unwrapAlg, - unwrapMode, - &creds, // accessCreds - unwrappingKey, - &initVector, - unwrapPad, // Padding - 0, // Reserved - &ccHand); - if(crtn) { - printError("cspUnwrapKey/CreateContext", crtn); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - } - else { - crtn = CSSM_CSP_CreateAsymmetricContext(cspHand, - unwrapAlg, - &creds, // passPhrase, - unwrappingKey, - unwrapPad, // Padding - &ccHand); - if(crtn) { - printError("cspUnwrapKey/CreateContext", crtn); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - /* CMS requires 8-byte IV */ - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_INIT_VECTOR, - sizeof(CSSM_DATA), - CAT_Ptr, - &initVector, - 0); - if(crtn) { - printError("CSSM_UpdateContextAttributes", crtn); - return crtn; - } - } - labelData.Data = (uint8 *)keyLabel; - labelData.Length = keyLabelLen; - - /* - * New keyAttr - clear some old bits, make sure we ask for ref key - */ - keyAttr = wrappedKey->KeyHeader.KeyAttr; - keyAttr &= ~(CSSM_KEYATTR_ALWAYS_SENSITIVE | CSSM_KEYATTR_NEVER_EXTRACTABLE); - keyAttr |= CSSM_KEYATTR_RETURN_REF; - crtn = CSSM_UnwrapKey(ccHand, - NULL, // PublicKey - wrappedKey, - CSSM_KEYUSE_ANY, // FIXME - keyAttr, - &labelData, - NULL, // CredAndAclEntry - unwrappedKey, - &descData); // required - if(crtn != CSSM_OK) { - printError("CSSM_UnwrapKey", crtn); - } - if((crtn2 = CSSM_DeleteContext(ccHand))) { - printError("CSSM_DeleteContext", crtn2); - } - return crtn; -} - -#define UNWRAPPED_LABEL "unwrapped thing" -#define NULL_TEST 0 -#if NULL_TEST - -static int doTest(CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR encrKey, - CSSM_KEY_PTR decrKey, // we wrap this one - CSSM_KEY_PTR wrappingKey, // ...using this key, NULL for null wrap - CSSM_KEY_PTR unwrappingKey, - CSSM_ALGORITHMS wrapAlg, - CSSM_ENCRYPT_MODE wrapMode, - CSSM_PADDING wrapPad, - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE encrMode, - CSSM_PADDING encrPad, - CSSM_BOOL wrapOnly, - uint32 maxPtextSize, // max size to encrypt - CSSM_BOOL quiet) -{ - return 0; -} -#else /* NULL_TEST */ -/* - * NULL Wrapping decrKey - a private key - only works for DEBUG CSPs. - * We'll always wrap decrKey, except for NULL wrap when - * NULL_WRAP_DECR_KEY is false. - */ -#define NULL_WRAP_DECR_KEY 1 - -static int doTest(CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR encrKey, // we wrap this one - CSSM_KEY_PTR decrKey, // ...or this one, depending on WRAP_DECR_KEY - CSSM_KEY_PTR wrappingKey, // ...using this key, NULL for null wrap - CSSM_KEY_PTR unwrappingKey, - CSSM_ALGORITHMS wrapAlg, - CSSM_ENCRYPT_MODE wrapMode, - CSSM_KEYBLOB_FORMAT wrapFormat, // NONE, PKCS7, PKCS8 - CSSM_PADDING wrapPad, - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE encrMode, - CSSM_PADDING encrPad, - CSSM_BOOL wrapOnly, - uint32 maxPtextSize, // max size to encrypt - CSSM_BOOL quiet) -{ - CSSM_DATA ptext; - CSSM_DATA ctext; - CSSM_DATA rptext; - CSSM_KEY wrappedKey; - CSSM_KEY unwrappedKey; - CSSM_RETURN crtn; - CSSM_KEY_PTR realEncrKey; // encrKey or &unwrappedKey - CSSM_KEY_PTR realDecrKey; // decrKey or &unwrappedKey - - /* wrap decrKey or encrKey using wrappingKey ==> wrappedKey */ - if((wrappingKey == NULL) && !NULL_WRAP_DECR_KEY) { - /* NULL wrap of pub key */ - crtn = wrapKey(cspHand, - encrKey, - wrappingKey, - wrapAlg, - wrapMode, - wrapFormat, - wrapPad, - &wrappedKey); - realEncrKey = &unwrappedKey; - realDecrKey = decrKey; - } - else { - /* normal case, wrap priv key (may be NULL if NULL_WRAP_DECR_KEY) */ - crtn = wrapKey(cspHand, - decrKey, - wrappingKey, - wrapAlg, - wrapMode, - wrapFormat, - wrapPad, - &wrappedKey); - realEncrKey = encrKey; - realDecrKey = &unwrappedKey; - } - - if(crtn) { - return testError(quiet); - } - if((wrappingKey != NULL) && // skip for NULL wrap - (wrapFormat != CSSM_KEYBLOB_WRAPPED_FORMAT_NONE)) { - /* don't want default, verify we got what we want */ - if(wrappedKey.KeyHeader.Format != wrapFormat) { - printf("wrapped key format mismatch: expect %u; got %u\n", - (unsigned)wrapFormat, (unsigned)wrappedKey.KeyHeader.Format); - if(testError(quiet)) { - return 1; - } - } - } - if(wrapOnly) { - cspFreeKey(cspHand, &wrappedKey); - goto done; - } - /* unwrap wrappedKey using unwrappingKey ==> unwrappedKey; */ - crtn = unwrapKey(cspHand, - &wrappedKey, - unwrappingKey, - wrapAlg, - wrapMode, - wrapPad, - &unwrappedKey, - (uint8 *)UNWRAPPED_LABEL, - 15); - if(crtn) { - return testError(quiet); - } - - /* cook up ptext */ - ptext.Data = (uint8 *)CSSM_MALLOC(maxPtextSize); - simpleGenData(&ptext, 1, maxPtextSize); - /* encrypt using realEncrKey ==> ctext */ - ctext.Data = NULL; - ctext.Length = 0; - crtn = cspEncrypt(cspHand, - encrAlg, - encrMode, - encrPad, - realEncrKey, - NULL, // no 2nd key - 0, // effectiveKeySize - 0, // rounds - &initVector, - &ptext, - &ctext, - CSSM_TRUE); // mallocCtext - if(crtn) { - return testError(quiet); - } - - /* decrypt ctext with realDecrKey ==> rptext; */ - rptext.Data = NULL; - rptext.Length = 0; - crtn = cspDecrypt(cspHand, - encrAlg, - encrMode, - encrPad, - realDecrKey, - NULL, // no 2nd key - 0, // effectiveKeySize - 0, // rounds - &initVector, - &ctext, - &rptext, - CSSM_TRUE); - if(crtn) { - return testError(quiet); - } - - /* compare ptext vs. rptext; */ - if(ptext.Length != rptext.Length) { - printf("ptext length mismatch\n"); - return testError(quiet); - } - if(memcmp(ptext.Data, rptext.Data, ptext.Length)) { - printf("***data miscompare\n"); - return testError(quiet); - } - /* free resources */ - cspFreeKey(cspHand, &wrappedKey); - cspFreeKey(cspHand, &unwrappedKey); - CSSM_FREE(ptext.Data); - CSSM_FREE(ctext.Data); - CSSM_FREE(rptext.Data); -done: - return 0; -} -#endif /* NULL_TEST */ - -int main(int argc, char **argv) -{ - int arg; - char *argp; - int i; - CSSM_CSP_HANDLE cspHand; - CSSM_RETURN crtn; - CSSM_KEY origPub; // we generate if !desSubj - CSSM_KEY origPriv; - CSSM_KEY_PTR origSess; // we generate if desSubj - CSSM_KEY_PTR origEncrKey; // pts to origPub or origSess - CSSM_KEY_PTR origDecrKey; // pts to origPriv or origSess - CSSM_ALGORITHMS encrAlg; - CSSM_ENCRYPT_MODE encrMode; - CSSM_PADDING encrPad; - int rtn = 0; - CSSM_BOOL genRsaKey; - uint32 maxPtextSize; - CSSM_BOOL encrIsRef = CSSM_TRUE; - CSSM_BOOL decrIsRef = CSSM_TRUE; - CSSM_KEYBLOB_FORMAT wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_NONE; - unsigned loop; - - /* user-specified vars */ - unsigned loops = LOOPS_DEF; - CSSM_BOOL pause = CSSM_FALSE; - CSSM_BOOL doSymmWrap = CSSM_TRUE; - CSSM_BOOL doAsymmWrap = CSSM_TRUE; - CSSM_BOOL doNullWrap = CSSM_TRUE; - CSSM_BOOL doSymmEncrOnly = CSSM_FALSE; - CSSM_BOOL doAsymmEncrOnly = CSSM_FALSE; - CSSM_BOOL wrapOnly = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_BOOL bareCsp = CSSM_TRUE; - CSSM_BOOL forcePkcs = CSSM_FALSE; - CSSM_BOOL refKeysOnly = CSSM_FALSE; - #if PKCS_FORMAT_ENABLE - CSSM_BOOL skipPkcs = CSSM_FALSE; - #else - CSSM_BOOL skipPkcs = CSSM_TRUE; - #endif - - for(arg=1; arg PKCS7 */ - wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7; - } - else { - /* default */ - wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_NONE; - } - if(doTest(cspHand, - origEncrKey, - origDecrKey, - wrapKey, - wrapKey, - CSSM_ALGID_DES, // wrapAlg - CSSM_ALGMODE_CBCPadIV8, // wrapMode - wrapFormat, - CSSM_PADDING_PKCS5, // wrapPad - encrAlg, - encrMode, - encrPad, - wrapOnly, - maxPtextSize, - quiet)) { - rtn = 1; - goto testDone; - } - cspFreeKey(cspHand, wrapKey); - CSSM_FREE(wrapKey); // mallocd by cspGenSymKey - wrapKey = NULL; - } - if(doAsymmWrap && - !(RSA_WRAP_RESTRICTION && (origEncrKey != origDecrKey))) { - /* skip wrapping asymmetric key with asymmetric key */ - CSSM_KEY wrapPrivKey; - CSSM_KEY wrapPubKey; - - if(!quiet) { - printf(" ...Doing asymmetric wrap\n"); - } - crtn = cspGenKeyPair(cspHand, - CSSM_ALGID_RSA, - WRAP_USAGE_NAME, - WRAP_USAGE_NAME_LEN, - CSP_RSA_KEY_SIZE_DEFAULT, - &wrapPubKey, - CSSM_TRUE, // both are ref - WRAP_USAGE_ANY ? CSSM_KEYUSE_ANY : CSSM_KEYUSE_WRAP, - CSSM_KEYBLOB_RAW_FORMAT_NONE, - &wrapPrivKey, - CSSM_TRUE, // FIXME privIsRef - WRAP_USAGE_ANY ? CSSM_KEYUSE_ANY : CSSM_KEYUSE_UNWRAP, - CSSM_KEYBLOB_RAW_FORMAT_NONE, - CSSM_FALSE); // genSeed - if(crtn) { - rtn = 1; - goto testDone; - } - if(forcePkcs) { - /* asymmetric wrapping key ==> PKCS8 */ - wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8; - } - else { - wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_NONE; - } - if(doTest(cspHand, - origEncrKey, - origDecrKey, - &wrapPubKey, - &wrapPrivKey, - CSSM_ALGID_RSA, // wrapAlg - CSSM_ALGMODE_NONE, // wrapMode - wrapFormat, - CSSM_PADDING_PKCS1, // wrapPad - encrAlg, - encrMode, - encrPad, - wrapOnly, - maxPtextSize, - quiet)) { - rtn = 1; - goto testDone; - } - cspFreeKey(cspHand, &wrapPubKey); - cspFreeKey(cspHand, &wrapPrivKey); - } - //if(doNullWrap && (origDecrKey != origEncrKey)) { - if(doNullWrap) { - /* with X, we can do NULL wrap/unwrap of any key */ - if(!quiet) { - printf(" ...Doing NULL wrap\n"); - } - if(doTest(cspHand, - origEncrKey, - origDecrKey, - NULL, - NULL, - CSSM_ALGID_NONE, // wrapAlg - CSSM_ALGMODE_NONE, // wrapMode - CSSM_KEYBLOB_WRAPPED_FORMAT_NONE, - CSSM_PADDING_NONE, // wrapPad - encrAlg, - encrMode, - encrPad, - wrapOnly, - maxPtextSize, - quiet)) { - rtn = 1; - goto testDone; - } - } - - if(origSess != NULL) { - cspFreeKey(cspHand, origSess); - CSSM_FREE(origSess); - } - if(genRsaKey) { - cspFreeKey(cspHand, &origPub); - cspFreeKey(cspHand, &origPriv); - } - if(loops && (loop == loops)) { - break; - } - } -testDone: - CSSM_ModuleDetach(cspHand); - if((rtn == 0) && !quiet) { - printf("%s test complete\n", argv[0]); - } - return rtn; -} diff --git a/SecurityTests/cspxutils/pbeTest/Makefile b/SecurityTests/cspxutils/pbeTest/Makefile deleted file mode 100644 index 82a48f6c..00000000 --- a/SecurityTests/cspxutils/pbeTest/Makefile +++ /dev/null @@ -1,54 +0,0 @@ -# name of executable to build -EXECUTABLE=pbeTest -# C++ source (with .cpp extension) -CPSOURCE= -# C source (.c extension) -CSOURCE= pbeTest.c - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/pbeTest/pbeTest.c b/SecurityTests/cspxutils/pbeTest/pbeTest.c deleted file mode 100644 index ddce2c73..00000000 --- a/SecurityTests/cspxutils/pbeTest/pbeTest.c +++ /dev/null @@ -1,1270 +0,0 @@ -/* Copyright (c) 1998,2003-2005,2008 Apple Inc. - * - * pbeTest.c - test CSP PBE-style DeriveKey(). - * - * Revision History - * ---------------- - * 15 May 2000 Doug Mitchell - * Ported to X/CDSA2. - * 13 Aug 1998 Doug Mitchell at NeXT - * Created. - */ -#include -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "cspdlTesting.h" - -/* we need to know a little bit about AES for this test.... */ -#define AES_BLOCK_SIZE 16 /* bytes */ - -/* - * Defaults. - */ -#define LOOPS_DEF 10 -#define MIN_PTEXT_SIZE AES_BLOCK_SIZE /* for non-padding tests */ -#define MAX_PTEXT_SIZE 1000 -#define MAX_PASSWORD_SIZE 64 -#define MAX_SALT_SIZE 32 -#define MIN_ITER_COUNT 1000 -#define MAX_ITER_COUNT 2000 -#define MAX_IV_SIZE AES_BLOCK_SIZE - -/* min values not currently exported by CSP */ -#define APPLE_PBE_MIN_PASSWORD 8 -#define APPLE_PBE_MIN_SALT 8 - -/* static IV for derive algorithms which don't create one */ -CSSM_DATA staticIv = {MAX_IV_SIZE, (uint8 *)"someIvOrOther..."}; - -/* - * Enumerate algs our own way to allow iteration. - */ -typedef unsigned privAlg; -enum { - /* PBE algs */ - pbe_pbkdf2 = 1, - // other unsupported for now - pbe_PKCS12 = 1, - pbe_MD5, - pbe_MD2, - pbe_SHA1, - - /* key gen algs */ - pka_ASC, - pka_RC4, - pka_DES, - pka_RC2, - pka_RC5, - pka_3DES, - pka_AES -}; - -#define PBE_ALG_FIRST pbe_pbkdf2 -#define PBE_ALG_LAST pbe_pbkdf2 -#define ENCR_ALG_FIRST pka_ASC -#define ENCR_ALG_LAST pka_AES -#define ENCR_ALG_LAST_EXPORT pka_RC5 - -/* - * Args passed to each test - */ -typedef struct { - CSSM_CSP_HANDLE cspHand; - CSSM_ALGORITHMS keyAlg; - CSSM_ALGORITHMS encrAlg; - uint32 keySizeInBits; - uint32 effectiveKeySizeInBits; // 0 means not used - const char *keyAlgStr; - CSSM_ENCRYPT_MODE encrMode; - CSSM_PADDING encrPad; - CSSM_ALGORITHMS deriveAlg; - const char *deriveAlgStr; - CSSM_DATA_PTR ptext; - CSSM_DATA_PTR password; - CSSM_DATA_PTR salt; - uint32 iterCount; - CSSM_BOOL useInitVector; // encrypt needs an IV - uint32 ivSize; - CSSM_BOOL genInitVector; // DeriveKey generates an IV - CSSM_BOOL useRefKey; - CSSM_BOOL quiet; -} testArgs; - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" e(xport)\n"); - printf(" r(epeatOnly)\n"); - printf(" z(ero length password)\n"); - printf(" p(ause after each loop)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -/* - * Given a privAlg value, return various associated stuff. - */ -static void algInfo(privAlg alg, // pbe_MD5, etc. - CSSM_ALGORITHMS *cdsaAlg, // CSSM_ALGID_MD5_PBE, etc. RETURNED - // key alg for key gen algs - CSSM_ALGORITHMS *encrAlg, // encrypt/decrypt alg for key - // gen algs - CSSM_ENCRYPT_MODE *mode, // RETURNED - CSSM_PADDING *padding, // RETURNED - CSSM_BOOL *useInitVector, // RETURNED, for encrypt/decrypt - uint32 *ivSize, // RETURNED, in bytes - CSSM_BOOL *genInitVector, // RETURNED, for deriveKey - const char **algStr) // RETURNED -{ - /* default or irrelevant fields */ - *mode = CSSM_ALGMODE_NONE; - *useInitVector = CSSM_FALSE; - *genInitVector = CSSM_FALSE; // DeriveKey doesn't do this now - *padding = CSSM_PADDING_PKCS1; - *ivSize = 8; // thje usual size, if needed - *encrAlg = CSSM_ALGID_NONE; - - switch(alg) { - case pbe_pbkdf2: - *cdsaAlg = CSSM_ALGID_PKCS5_PBKDF2; - *algStr = "PBKDF2"; - return; - /* these are not supported */ - #if 0 - case pbe_PKCS12: - *cdsaAlg = CSSM_ALGID_SHA1_PBE_PKCS12; - *algStr = "PKCS12"; - return; - case pbe_MD5: - *cdsaAlg = CSSM_ALGID_MD5_PBE; - *algStr = "MD5"; - return; - case pbe_MD2: - *cdsaAlg = CSSM_ALGID_MD2_PBE; - *algStr = "MD2"; - return; - case pbe_SHA1: - *cdsaAlg = CSSM_ALGID_SHA1_PBE; - *algStr = "SHA1"; - return; - case pka_ASC: - *cdsaAlg = CSSM_ALGID_ASC; - *algStr = "ASC"; - return; - #endif - case pka_DES: - *cdsaAlg = *encrAlg = CSSM_ALGID_DES; - *useInitVector = CSSM_TRUE; - *mode = CSSM_ALGMODE_CBCPadIV8; - *algStr = "DES"; - return; - case pka_3DES: - *cdsaAlg = CSSM_ALGID_3DES_3KEY; - *encrAlg = CSSM_ALGID_3DES_3KEY_EDE; - *useInitVector = CSSM_TRUE; - *mode = CSSM_ALGMODE_CBCPadIV8; - *algStr = "3DES"; - return; - case pka_AES: - *cdsaAlg = *encrAlg = CSSM_ALGID_AES; - *useInitVector = CSSM_TRUE; - *mode = CSSM_ALGMODE_CBCPadIV8; - *padding = CSSM_PADDING_PKCS5; - *ivSize = AES_BLOCK_SIZE; // per the default block size - *algStr = "AES"; - return; - case pka_RC2: - *cdsaAlg = *encrAlg = CSSM_ALGID_RC2; - *useInitVector = CSSM_TRUE; - *mode = CSSM_ALGMODE_CBCPadIV8; - *algStr = "RC2"; - return; - case pka_RC4: - *cdsaAlg = *encrAlg = CSSM_ALGID_RC4; - /* initVector false */ - *mode = CSSM_ALGMODE_NONE; - *algStr = "RC4"; - return; - case pka_RC5: - *cdsaAlg = *encrAlg = CSSM_ALGID_RC5; - *algStr = "RC5"; - *mode = CSSM_ALGMODE_CBCPadIV8; - *useInitVector = CSSM_TRUE; - return; - case pka_ASC: - *cdsaAlg = *encrAlg = CSSM_ALGID_ASC; - /* initVector false */ - *algStr = "ASC"; - *mode = CSSM_ALGMODE_NONE; - return; - default: - printf("BRRZZZT! Update algInfo()!\n"); - testError(CSSM_TRUE); - } -} - -/* a handy "compare two CSSM_DATAs" ditty */ -static CSSM_BOOL compareData(const CSSM_DATA_PTR d1, - const CSSM_DATA_PTR d2) -{ - if(d1->Length != d2->Length) { - return CSSM_FALSE; - } - if(memcmp(d1->Data, d2->Data, d1->Length)) { - return CSSM_FALSE; - } - return CSSM_TRUE; -} - -/* generate random one-bit byte */ -static uint8 randBit() -{ - return 1 << genRand(0, 7); -} - -/* - * Writer debug - assertion failure when ctext[1].Data is NULL - * but length is nonzero - */ -#define SAFE_CTEXT_ARRAY 0 - -/* - * Encrypt ptext using specified key, IV, effectiveKeySizeInBits - */ -static int encryptCom(CSSM_CSP_HANDLE cspHand, - const char *testName, - CSSM_DATA_PTR ptext, - CSSM_KEY_PTR key, - CSSM_ALGORITHMS alg, - CSSM_ENCRYPT_MODE mode, - CSSM_PADDING padding, // CSSM_PADDING_PKCS1, etc. - CSSM_DATA_PTR iv, // may be NULL - uint32 effectiveKeySizeInBits, // may be 0 - CSSM_DATA_PTR ctext, // RETURNED - CSSM_BOOL quiet) -{ - CSSM_CC_HANDLE cryptHand; - CSSM_RETURN crtn; - CSSM_SIZE bytesEncrypted; - CSSM_DATA remData; - int rtn; - #if SAFE_CTEXT_ARRAY - CSSM_DATA safeCtext[2]; - safeCtext[0] = *ctext; - safeCtext[1].Data = NULL; - safeCtext[1].Length = 10; // lie, but shouldn't use this! - #else - // printf("+++ ctext[0] = %d:0x%x; ctext[1] = %d:0x%x\n", - // ctext[0].Length, ctext[0].Data, - // ctext[1].Length, ctext[1].Data); - #endif - - cryptHand = genCryptHandle(cspHand, - alg, - mode, - padding, - key, - NULL, // no 2nd key - iv, // InitVector - effectiveKeySizeInBits, - 0); // rounds - if(cryptHand == 0) { - return testError(quiet); - } - - remData.Data = NULL; - remData.Length = 0; - crtn = CSSM_EncryptData(cryptHand, - ptext, - 1, - #if SAFE_CTEXT_ARRAY - &safeCtext[0], - #else - ctext, - #endif - 1, - &bytesEncrypted, - &remData); - #if SAFE_CTEXT_ARRAY - *ctext = safeCtext[0]; - #endif - - if(crtn) { - printError("CSSM_EncryptData", crtn); - rtn = testError(quiet); - goto done; - } - if(remData.Length != 0) { - //printf("***WARNING: nonzero remData on encrypt!\n"); - /* new for CDSA2 - possible remData even if we ask the CSP to - * malloc ctext */ - ctext->Data = (uint8 *)appRealloc(ctext->Data, bytesEncrypted, NULL); - memmove(ctext->Data + ctext->Length, - remData.Data, - bytesEncrypted - ctext->Length); - appFreeCssmData(&remData, CSSM_FALSE); - } - /* new for CDSA 2 */ - ctext->Length = bytesEncrypted; - rtn = 0; -done: - if(CSSM_DeleteContext(cryptHand)) { - printError("CSSM_DeleteContext", 0); - rtn = 1; - } - return rtn; -} - -/* - * Decrypt ctext using specified key, IV, effectiveKeySizeInBits - */ -static int decryptCom(CSSM_CSP_HANDLE cspHand, - const char *testName, - CSSM_DATA_PTR ctext, - CSSM_KEY_PTR key, - CSSM_ALGORITHMS alg, - CSSM_ENCRYPT_MODE mode, - CSSM_PADDING padding, - CSSM_DATA_PTR iv, // may be NULL - uint32 effectiveKeySizeInBits, // may be 0 - CSSM_DATA_PTR ptext, // RETURNED - CSSM_BOOL quiet) -{ - CSSM_CC_HANDLE cryptHand; - CSSM_RETURN crtn; - CSSM_SIZE bytesDecrypted; - CSSM_DATA remData; - int rtn; - - cryptHand = genCryptHandle(cspHand, - alg, - mode, - padding, - key, - NULL, // no 2nd key - iv, // InitVector - effectiveKeySizeInBits, - 0); // rounds - if(cryptHand == 0) { - return testError(quiet); - } - remData.Data = NULL; - remData.Length = 0; - crtn = CSSM_DecryptData(cryptHand, - ctext, - 1, - ptext, - 1, - &bytesDecrypted, - &remData); - if(crtn) { - printError("CSSM_DecryptData", crtn); - rtn = testError(quiet); - goto done; - } - if(remData.Length != 0) { - //printf("***WARNING: nonzero remData on decrypt!\n"); - /* new for CDSA2 - possible remData even if we ask the CSP to - * malloc ptext */ - ptext->Data = (uint8 *)appRealloc(ptext->Data, bytesDecrypted, NULL); - memmove(ptext->Data + ptext->Length, - remData.Data, - bytesDecrypted - ptext->Length); - appFreeCssmData(&remData, CSSM_FALSE); - } - /* new for CDSA 2 */ - ptext->Length = bytesDecrypted; - rtn = 0; -done: - if(CSSM_DeleteContext(cryptHand)) { - printError("CSSM_DeleteContext", 0); - rtn = 1; - } - return rtn; -} - -/* - * Common test portion - * encrypt ptext with key1, iv1 - * encrypt ptext with key2, iv2 - * compare 2 ctexts; expect failure; - */ - -#define TRAP_WRITER_ERR 1 - -static int testCommon(CSSM_CSP_HANDLE cspHand, - const char *testName, - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE encrMode, - CSSM_PADDING encrPad, - uint32 effectiveKeySizeInBits, - CSSM_DATA_PTR ptext, - CSSM_KEY_PTR key1, - CSSM_DATA_PTR iv1, - CSSM_KEY_PTR key2, - CSSM_DATA_PTR iv2, - CSSM_BOOL quiet) -{ - CSSM_DATA ctext1; - CSSM_DATA ctext2; - ctext1.Data = NULL; - ctext1.Length = 0; - ctext2.Data = NULL; - ctext2.Length = 0; - if(encryptCom(cspHand, - testName, - ptext, - key1, - encrAlg, - encrMode, - encrPad, - iv1, - effectiveKeySizeInBits, - &ctext1, - quiet)) { - return 1; - } - #if TRAP_WRITER_ERR - if(ctext2.Data != NULL){ - printf("Hey! encryptCom(ptext, ctext1 modified ctext2!\n"); - if(testError(quiet)) { - return 1; - } - } - #endif - if(encryptCom(cspHand, - testName, - ptext, - key2, - encrAlg, - encrMode, - encrPad, - iv2, - effectiveKeySizeInBits, - &ctext2, - quiet)) { - return 1; - } - if(compareData(&ctext1, &ctext2)) { - printf("***%s: Unexpected Data compare!\n", testName); - return testError(quiet); - } - appFreeCssmData(&ctext1, CSSM_FALSE); - appFreeCssmData(&ctext2, CSSM_FALSE); - return 0; -} - -/** - ** inidividual tests. - **/ -#define KEY_LABEL1 "noLabel1" -#define KEY_LABEL2 "noLabel2" -#define KEY_LABEL_LEN strlen(KEY_LABEL1) -#define REPEAT_ON_ERROR 1 - -/* test repeatability - the only test here which actually decrypts */ -static int repeatTest(testArgs *targs) -{ - /* - generate two keys with same params; - encrypt ptext with key1; - decrypt ctext with key2; - compare; expect success; - */ - CSSM_KEY_PTR key1; - CSSM_KEY_PTR key2; - CSSM_DATA iv1; - CSSM_DATA iv2; - CSSM_DATA_PTR ivp1; - CSSM_DATA_PTR ivp2; - CSSM_DATA ctext; - CSSM_DATA rptext; - CSSM_BOOL gotErr = CSSM_FALSE; - - if(targs->useInitVector) { - if(targs->genInitVector) { - ivp1 = &iv1; - ivp2 = &iv2; - } - else { - staticIv.Length = targs->ivSize; - ivp1 = ivp2 = &staticIv; - } - } - else { - ivp1 = ivp2 = NULL; - } - /* these need to be init'd regardless */ - iv1.Data = NULL; - iv1.Length = 0; - iv2.Data = NULL; - iv2.Length = 0; - ctext.Data = NULL; - ctext.Length = 0; - rptext.Data = NULL; - rptext.Length = 0; -repeatDerive: - key1 = cspDeriveKey(targs->cspHand, - targs->deriveAlg, - targs->keyAlg, - KEY_LABEL1, - KEY_LABEL_LEN, - CSSM_KEYUSE_ENCRYPT, - targs->keySizeInBits, - targs->useRefKey, - targs->password, - targs->salt, - targs->iterCount, - &iv1); - if(key1 == NULL) { - return testError(targs->quiet); - } - key2 = cspDeriveKey(targs->cspHand, - targs->deriveAlg, - targs->keyAlg, - KEY_LABEL2, - KEY_LABEL_LEN, - CSSM_KEYUSE_DECRYPT, - targs->keySizeInBits, - targs->useRefKey, - targs->password, - targs->salt, - targs->iterCount, - &iv2); - if(key2 == NULL) { - return testError(targs->quiet); - } -repeatEnc: - if(encryptCom(targs->cspHand, - "repeatTest", - targs->ptext, - key1, - targs->encrAlg, - targs->encrMode, - targs->encrPad, - ivp1, - targs->effectiveKeySizeInBits, - &ctext, - targs->quiet)) { - return 1; - } - if(decryptCom(targs->cspHand, - "repeatTest", - &ctext, - key2, - targs->encrAlg, - targs->encrMode, - targs->encrPad, - ivp2, - targs->effectiveKeySizeInBits, - &rptext, - targs->quiet)) { - return 1; - } - if(gotErr || !compareData(targs->ptext, &rptext)) { - printf("***Data miscompare in repeatTest\n"); - if(REPEAT_ON_ERROR) { - char str; - - gotErr = CSSM_TRUE; - fpurge(stdin); - printf("Repeat enc/dec (r), repeat derive (d), continue (c), abort (any)? "); - str = getchar(); - switch(str) { - case 'r': - appFreeCssmData(&ctext, CSSM_FALSE); - appFreeCssmData(&rptext, CSSM_FALSE); - goto repeatEnc; - case 'd': - appFreeCssmData(&ctext, CSSM_FALSE); - appFreeCssmData(&rptext, CSSM_FALSE); - appFreeCssmData(&iv1, CSSM_FALSE); - appFreeCssmData(&iv2, CSSM_FALSE); - cspFreeKey(targs->cspHand, key1); - cspFreeKey(targs->cspHand, key2); - goto repeatDerive; - case 'c': - break; - default: - return 1; - } - } - else { - return testError(targs->quiet); - } - } - appFreeCssmData(&ctext, CSSM_FALSE); - appFreeCssmData(&rptext, CSSM_FALSE); - appFreeCssmData(&iv1, CSSM_FALSE); - appFreeCssmData(&iv2, CSSM_FALSE); - cspFreeKey(targs->cspHand, key1); - cspFreeKey(targs->cspHand, key2); - CSSM_FREE(key1); - CSSM_FREE(key2); - return 0; -} - -/* ensure iterCount alters key */ -static int iterTest(testArgs *targs) -{ - /* - generate key1(iterCount), key2(iterCount+1); - encrypt ptext with key1; - encrypt ptext with key2; - compare 2 ctexts; expect failure; - */ - CSSM_KEY_PTR key1; - CSSM_KEY_PTR key2; - CSSM_DATA iv1; - CSSM_DATA iv2; - CSSM_DATA_PTR ivp1; - CSSM_DATA_PTR ivp2; - if(targs->useInitVector) { - if(targs->genInitVector) { - ivp1 = &iv1; - ivp2 = &iv2; - } - else { - staticIv.Length = targs->ivSize; - ivp1 = ivp2 = &staticIv; - } - } - else { - ivp1 = ivp2 = NULL; - } - /* these need to be init'd regardless */ - iv1.Data = NULL; - iv1.Length = 0; - iv2.Data = NULL; - iv2.Length = 0; - key1 = cspDeriveKey(targs->cspHand, - targs->deriveAlg, - targs->keyAlg, - KEY_LABEL1, - KEY_LABEL_LEN, - CSSM_KEYUSE_ENCRYPT, - targs->keySizeInBits, - targs->useRefKey, - targs->password, - targs->salt, - targs->iterCount, - &iv1); - if(key1 == NULL) { - return testError(targs->quiet); - } - key2 = cspDeriveKey(targs->cspHand, - targs->deriveAlg, - targs->keyAlg, - KEY_LABEL2, - KEY_LABEL_LEN, - CSSM_KEYUSE_ENCRYPT, - targs->keySizeInBits, - targs->useRefKey, - targs->password, - targs->salt, - targs->iterCount + 1, // the changed param - &iv2); - if(key2 == NULL) { - return testError(targs->quiet); - } - if(testCommon(targs->cspHand, - "iterTest", - targs->encrAlg, - targs->encrMode, - targs->encrPad, - targs->effectiveKeySizeInBits, - targs->ptext, - key1, - ivp1, - key2, - ivp2, - targs->quiet)) { - return 1; - } - appFreeCssmData(&iv1, CSSM_FALSE); - appFreeCssmData(&iv2, CSSM_FALSE); - cspFreeKey(targs->cspHand, key1); - cspFreeKey(targs->cspHand, key2); - CSSM_FREE(key1); - CSSM_FREE(key2); - return 0; -} - -/* ensure password alters key */ -static int passwordTest(testArgs *targs) -{ - /* - generate key1(password), key2(munged password); - encrypt ptext with key1; - encrypt ptext with key2; - compare 2 ctexts; expect failure; - */ - CSSM_KEY_PTR key1; - CSSM_KEY_PTR key2; - CSSM_DATA iv1; - CSSM_DATA iv2; - CSSM_DATA_PTR ivp1; - CSSM_DATA_PTR ivp2; - uint32 mungeDex; - uint32 mungeBits; - if(targs->useInitVector) { - if(targs->genInitVector) { - ivp1 = &iv1; - ivp2 = &iv2; - } - else { - staticIv.Length = targs->ivSize; - ivp1 = ivp2 = &staticIv; - } - } - else { - ivp1 = ivp2 = NULL; - } - /* these need to be init'd regardless */ - iv1.Data = NULL; - iv1.Length = 0; - iv2.Data = NULL; - iv2.Length = 0; - key1 = cspDeriveKey(targs->cspHand, - targs->deriveAlg, - targs->keyAlg, - KEY_LABEL1, - KEY_LABEL_LEN, - CSSM_KEYUSE_ENCRYPT, - targs->keySizeInBits, - targs->useRefKey, - targs->password, - targs->salt, - targs->iterCount, - &iv1); - if(key1 == NULL) { - return testError(targs->quiet); - } - /* munge password */ - mungeDex = genRand(0, targs->password->Length - 1); - mungeBits = randBit(); - targs->password->Data[mungeDex] ^= mungeBits; - key2 = cspDeriveKey(targs->cspHand, - targs->deriveAlg, - targs->keyAlg, - KEY_LABEL2, - KEY_LABEL_LEN, - CSSM_KEYUSE_ENCRYPT, - targs->keySizeInBits, - targs->useRefKey, - targs->password, // the changed param - targs->salt, - targs->iterCount, - &iv2); - if(key2 == NULL) { - return testError(targs->quiet); - } - if(testCommon(targs->cspHand, - "passwordTest", - targs->encrAlg, - targs->encrMode, - targs->encrPad, - targs->effectiveKeySizeInBits, - targs->ptext, - key1, - ivp1, - key2, - ivp2, - targs->quiet)) { - return 1; - } - /* restore */ - targs->password->Data[mungeDex] ^= mungeBits; - appFreeCssmData(&iv1, CSSM_FALSE); - appFreeCssmData(&iv2, CSSM_FALSE); - cspFreeKey(targs->cspHand, key1); - cspFreeKey(targs->cspHand, key2); - CSSM_FREE(key1); - CSSM_FREE(key2); - return 0; -} - -/* ensure salt alters key */ -static int saltTest(testArgs *targs) -{ - /* - generate key1(seed), key2(munged seed); - encrypt ptext with key1; - encrypt ptext with key2; - compare 2 ctexts; expect failure; - */ - CSSM_KEY_PTR key1; - CSSM_KEY_PTR key2; - CSSM_DATA iv1; - CSSM_DATA iv2; - CSSM_DATA_PTR ivp1; - CSSM_DATA_PTR ivp2; - uint32 mungeDex; - uint32 mungeBits; - if(targs->useInitVector) { - if(targs->genInitVector) { - ivp1 = &iv1; - ivp2 = &iv2; - } - else { - staticIv.Length = targs->ivSize; - ivp1 = ivp2 = &staticIv; - } - } - else { - ivp1 = ivp2 = NULL; - } - /* these need to be init'd regardless */ - iv1.Data = NULL; - iv1.Length = 0; - iv2.Data = NULL; - iv2.Length = 0; - key1 = cspDeriveKey(targs->cspHand, - targs->deriveAlg, - targs->keyAlg, - KEY_LABEL1, - KEY_LABEL_LEN, - CSSM_KEYUSE_ENCRYPT, - targs->keySizeInBits, - targs->useRefKey, - targs->password, - targs->salt, - targs->iterCount, - &iv1); - if(key1 == NULL) { - return testError(targs->quiet); - } - /* munge salt */ - mungeDex = genRand(0, targs->salt->Length - 1); - mungeBits = randBit(); - targs->salt->Data[mungeDex] ^= mungeBits; - key2 = cspDeriveKey(targs->cspHand, - targs->deriveAlg, - targs->keyAlg, - KEY_LABEL2, - KEY_LABEL_LEN, - CSSM_KEYUSE_ENCRYPT, - targs->keySizeInBits, - targs->useRefKey, - targs->password, - targs->salt, // the changed param - targs->iterCount, - &iv2); - if(key2 == NULL) { - return testError(targs->quiet); - } - if(testCommon(targs->cspHand, - "saltTest", - targs->encrAlg, - targs->encrMode, - targs->encrPad, - targs->effectiveKeySizeInBits, - targs->ptext, - key1, - ivp1, - key2, - ivp2, - targs->quiet)) { - return 1; - } - /* restore */ - targs->salt->Data[mungeDex] ^= mungeBits; - appFreeCssmData(&iv1, CSSM_FALSE); - appFreeCssmData(&iv2, CSSM_FALSE); - cspFreeKey(targs->cspHand, key1); - cspFreeKey(targs->cspHand, key2); - CSSM_FREE(key1); - CSSM_FREE(key2); - return 0; -} - -/* ensure initVector alters ctext. This isn't testing PBE per se, but - * it's a handy place to verify this function. */ -static int initVectTest(testArgs *targs) -{ - /* - generate key1; - encrypt ptext with key1 and initVector; - encrypt ptext with key1 and munged initVector; - compare 2 ctexts; expect failure; - */ - CSSM_KEY_PTR key1; - CSSM_DATA iv1; - CSSM_DATA iv2; - uint32 mungeDex; - uint32 mungeBits; - - if(targs->genInitVector) { - iv1.Data = NULL; - iv1.Length = 0; - } - else { - iv1 = staticIv; - } - key1 = cspDeriveKey(targs->cspHand, - targs->deriveAlg, - targs->keyAlg, - KEY_LABEL1, - KEY_LABEL_LEN, - CSSM_KEYUSE_ENCRYPT, - targs->keySizeInBits, - targs->useRefKey, - targs->password, - targs->salt, - targs->iterCount, - &iv1); - if(key1 == NULL) { - return testError(targs->quiet); - } - - /* get munged copy of iv */ - iv2.Data = (uint8 *)CSSM_MALLOC(iv1.Length); - iv2.Length = iv1.Length; - memmove(iv2.Data, iv1.Data, iv1.Length); - mungeDex = genRand(0, iv1.Length - 1); - mungeBits = randBit(); - iv2.Data[mungeDex] ^= mungeBits; - if(testCommon(targs->cspHand, - "initVectTest", - targs->encrAlg, - targs->encrMode, - targs->encrPad, - targs->effectiveKeySizeInBits, - targs->ptext, - key1, - &iv1, - key1, - &iv2, // the changed param - targs->quiet)) { - return 1; - } - if(targs->genInitVector) { - appFreeCssmData(&iv1, CSSM_FALSE); - } - appFreeCssmData(&iv2, CSSM_FALSE); - cspFreeKey(targs->cspHand, key1); - CSSM_FREE(key1); - return 0; -} - -#if 0 -/* only one algorithm supported */ -/* ensure deriveAlg alters key */ -static int deriveAlgTest(testArgs *targs) -{ - /* - generate key1(deriveAlg), key2(some other deriveAlg); - encrypt ptext with key1; - encrypt ptext with key2; - compare 2 ctexts; expect failure; - */ - CSSM_KEY_PTR key1; - CSSM_KEY_PTR key2; - CSSM_DATA iv1; - CSSM_DATA iv2; - CSSM_DATA_PTR ivp1; - CSSM_DATA_PTR ivp2; - uint32 mungeAlg; - - if(targs->useInitVector) { - if(targs->genInitVector) { - ivp1 = &iv1; - ivp2 = &iv2; - } - else { - staticIv.Length = targs->ivSize; - ivp1 = ivp2 = &staticIv; - } - } - else { - ivp1 = ivp2 = NULL; - } - - /* these need to be init'd regardless */ - iv1.Data = NULL; - iv1.Length = 0; - iv2.Data = NULL; - iv2.Length = 0; - key1 = cspDeriveKey(targs->cspHand, - targs->deriveAlg, - targs->keyAlg, - KEY_LABEL1, - KEY_LABEL_LEN, - CSSM_KEYUSE_ENCRYPT, - targs->keySizeInBits, - targs->useRefKey, - targs->password, - targs->salt, - targs->iterCount, - &iv1); - if(key1 == NULL) { - return testError(quiet); - } - - /* munge deriveAlg */ - switch(targs->deriveAlg) { - case CSSM_ALGID_MD5_PBE: - mungeAlg = CSSM_ALGID_MD2_PBE; - break; - case CSSM_ALGID_MD2_PBE: - mungeAlg = CSSM_ALGID_SHA1_PBE; - break; - case CSSM_ALGID_SHA1_PBE: - mungeAlg = CSSM_ALGID_SHA1_PBE_PKCS12; - break; - case CSSM_ALGID_SHA1_PBE_PKCS12: - mungeAlg = CSSM_ALGID_MD5_PBE; - break; - default: - printf("BRRRZZZT! Update deriveAlgTest()!\n"); - return testError(quiet); - } - key2 = cspDeriveKey(targs->cspHand, - mungeAlg, // the changed param - targs->keyAlg, - KEY_LABEL2, - KEY_LABEL_LEN, - CSSM_KEYUSE_ENCRYPT, - targs->keySizeInBits, - targs->useRefKey, - targs->password, // the changed param - targs->salt, - targs->iterCount, - &iv2); - if(key2 == NULL) { - return testError(quiet); - } - if(testCommon(targs->cspHand, - "deriveAlgTest", - targs->encrAlg, - targs->encrMode, - targs->encrPad, - targs->effectiveKeySizeInBits, - targs->ptext, - key1, - ivp1, - key2, - ivp2, - targs->quiet)) { - return 1; - } - appFreeCssmData(&iv1, CSSM_FALSE); - appFreeCssmData(&iv2, CSSM_FALSE); - cspFreeKey(targs->cspHand, key1); - cspFreeKey(targs->cspHand, key2); - CSSM_FREE(key1); - CSSM_FREE(key2); - return 0; -} -#endif - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - CSSM_DATA ptext; - testArgs targs; - CSSM_DATA pwd; - CSSM_DATA salt; - privAlg pbeAlg; - privAlg encrAlg; - privAlg lastEncrAlg; - int rtn = 0; - CSSM_BOOL fooBool; - CSSM_BOOL refKeysOnly = CSSM_FALSE; - int i; - - /* - * User-spec'd params - */ - unsigned loops = LOOPS_DEF; - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_BOOL doPause = CSSM_FALSE; - CSSM_BOOL doExport = CSSM_FALSE; - CSSM_BOOL repeatOnly = CSSM_FALSE; - CSSM_BOOL bareCsp = CSSM_TRUE; - CSSM_BOOL zeroLenPassword = CSSM_FALSE; - - #if macintosh - argc = ccommand(&argv); - #endif - for(arg=1; arg -#include -#include -#include -#include -#include -#include "common.h" -#include -#include -#include -using namespace std; - -/* - * Default values - */ -#define ALG_DEFAULT CSSM_ALGID_AES -#define ALG_STR_DEFAULT "AES" -#define CHAIN_DEFAULT CSSM_TRUE -#define KEY_SIZE_DEFAULT 128 - -#define BEGIN_FUNCTION try { - -#define END_FUNCTION } \ - catch (const CssmError &e) \ - { \ - cssmPerror(__PRETTY_FUNCTION__, e.error); \ - } \ - catch (...) \ - { \ - fprintf(stderr, "%s: failed\n", __PRETTY_FUNCTION__); \ - } \ - -static void usage(char **argv) -{ - printf("usage: %s iterations bufsize [options]\n", argv[0]); - printf(" Options:\n"); - printf(" a=algorithm (s=ASC; d=DES; 3=3DES; 2=RC2; 4=RC4; 5=RC5;\n"); - printf(" a=AES; b=Blowfish; c=CAST; n=NULL; default=AES)\n"); - printf(" k=keySizeInBits\n"); - printf(" b=blockSizeInBits\n"); - printf(" e (ECB mode; default is CBC)\n"); - printf(" i (re-set IV in each loop)\n"); - printf(" v(erbose)\n"); - printf(" h(elp)\n"); - exit(1); -} - -static void -cdsaSetupContexts(int iterations, - auto_ptr &encrypt, - auto_ptr &decrypt, - CSSM_ALGORITHMS keyAlg, - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE encrMode, - uint32 keySizeInBits, - uint32 blockSizeInBits) // optional -{ - BEGIN_FUNCTION - Security::CssmClient::CSP csp(gGuidAppleCSP); - //CssmData keyData((uint8 *)"1234567812345678", 16); - Security::CssmClient::GenerateKey keyGenerator(csp, keyAlg, keySizeInBits); - Security::CssmClient::Key key = keyGenerator(Security::CssmClient::KeySpec( - CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, - CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE)); - for (int ix=0; ix < iterations; ++ix) - { - encrypt.reset(new Security::CssmClient::Encrypt(csp, encrAlg)); - encrypt->mode(encrMode); - encrypt->key(key); - if(blockSizeInBits) { - encrypt->add(CSSM_ATTRIBUTE_BLOCK_SIZE, blockSizeInBits / 8); - } - //encrypt->activate(); - - decrypt.reset(new Security::CssmClient::Decrypt(csp, encrAlg)); - decrypt->mode(encrMode); - decrypt->key(key); - if(blockSizeInBits) { - decrypt->add(CSSM_ATTRIBUTE_BLOCK_SIZE, blockSizeInBits / 8); - } - //decrypt->activate(); - } - END_FUNCTION -} - -static void -cdsaEncrypt(int iterations, Security::CssmClient::Encrypt &encrypt, - uint8 *inBuf, uint32 bufLen, uint8 *outBuf, bool useIv, uint32 blockSizeBytes, - CSSM_BOOL resetIv) -{ - BEGIN_FUNCTION - CssmData iv((uint8 *)"12345678123456781234567812345678", blockSizeBytes); - CssmData inData(inBuf, bufLen); - CssmData outData(outBuf, bufLen); - CssmData nullData(reinterpret_cast(NULL) + 1, 0); - if(useIv) { - encrypt.initVector(iv); - } - if(useIv && resetIv) { - for (int ix=0; ix < iterations; ++ix) - { - encrypt.initVector(iv); - encrypt.encrypt(inData, outData, nullData); - } - } - else { - for (int ix=0; ix < iterations; ++ix) - { - encrypt.encrypt(inData, outData, nullData); - } - } - END_FUNCTION -} - -static void -cdsaDecrypt(int iterations, Security::CssmClient::Decrypt &decrypt, - uint8 *inBuf, uint32 bufLen, uint8 *outBuf, bool useIv, uint32 blockSizeBytes, - CSSM_BOOL resetIv) -{ - BEGIN_FUNCTION - CssmData iv((uint8 *)"12345678123456781234567812345678", blockSizeBytes); - CssmData inData(inBuf, bufLen); - CssmData outData(outBuf, bufLen); - CssmData nullData(reinterpret_cast(NULL) + 1, 0); - if(useIv) { - decrypt.initVector(iv); - } - if(useIv && resetIv) { - for (int ix=0; ix < iterations; ++ix) - { - decrypt.initVector(iv); - decrypt.decrypt(inData, outData, nullData); - } - } - else { - for (int ix=0; ix < iterations; ++ix) - { - decrypt.decrypt(inData, outData, nullData); - } - } - END_FUNCTION -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - CSSM_ENCRYPT_MODE mode; - uint32 blockSizeBytes = 8; - - /* - * User-spec'd params - */ - CSSM_BOOL chainEnable = CHAIN_DEFAULT; - uint32 keySizeInBits = KEY_SIZE_DEFAULT; - uint32 blockSizeInBits = 0; - const char *algStr = ALG_STR_DEFAULT; - uint32 keyAlg = ALG_DEFAULT; // CSSM_ALGID_xxx of the key - uint32 encrAlg = ALG_DEFAULT; // CSSM_ALGID_xxx for encrypt - int iterations; - int bufSize; - CSSM_BOOL resetIv = CSSM_FALSE; - CSSM_BOOL verbose = false; - - if(argc < 3) { - usage(argv); - } - iterations = atoi(argv[1]); - bufSize = atoi(argv[2]); - for(arg=3; arg buffer(bufSize), plain(bufSize); - auto_ptr encrypt(NULL); - auto_ptr decrypt(NULL); - - uint8 *bp = buffer.get(); - for(int ix=0; ix -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include -#include -#include - -using namespace std; - -/* - * Default values - */ -#define ALG_DEFAULT CSSM_ALGID_AES -#define ALG_STR_DEFAULT "AES" -#define CHAIN_DEFAULT CSSM_TRUE -#define ALG_MODE_DEFAULT CSSM_ALGMODE_CBC_IV8 -#define ALG_MODE_STR_DEFAULT "CBC" -#define KEY_SIZE_DEFAULT 128 -#define BLOCK_SIZE_DEFAULT 16 - -static void usage(char **argv) -{ - printf("usage: %s iterations bufsize [options]\n", argv[0]); - printf(" Options:\n"); - printf(" a=algorithm (s=ASC; d=DES; 3=3DES; 2=RC2; 4=RC4; 5=RC5;\n"); - printf(" a=AES; b=Blowfish; c=CAST; n=NULL; default=AES)\n"); - printf(" k=keySizeInBits\n"); - printf(" e (ECB mode; default is CBC)\n"); - printf(" c (re-create context in each loop)\n"); - printf(" v(erbose)\n"); - printf(" h(elp)\n"); - exit(1); -} - -static int doEncrypt( - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR symKey, - CSSM_BOOL resetContext, - unsigned iterations, - uint8 blockSizeBytes, - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE encrMode, - const CSSM_DATA *ptext, // pre-allocd - CSSM_DATA *ctext) -{ - CSSM_CC_HANDLE ccHand = 0; - char *someIv = "some Initialization vector"; - CSSM_DATA iv = {blockSizeBytes, (uint8 *)someIv}; - CSSM_DATA remData = {0, NULL}; - CSSM_SIZE moved; - CSSM_RETURN crtn; - - for(unsigned dex=0; dex /dev/null -if($status != 0) then - echo Please set env var LOCAL_BUILD_DIR. - exit(1) -endif -set BUILD_DIR=$LOCAL_BUILD_DIR -# -if( ( ! -e $BUILD_DIR/perform ) || \ - ( ! -e $BUILD_DIR/certTime) || \ - ( ! -e $CLXUTILS/certTime)) then - echo === You do not seem to have all of the required executables. - echo === Please build all of cspxutils and clxutils. - echo === See the README files in those directories for info. - exit(1) -endif -# -cd $CSPXUTILS/perform -set cmd="./doPerform 1000 10240" -echo $cmd -$cmd || exit(1) -echo ============================================================== -cd $BUILD_DIR -set cmd="./hashTime" -echo $cmd -$cmd || exit(1) -echo ============================================================== -cd $BUILD_DIR -set cmd="./sigPerform a=r l=1000 k=1024" -echo $cmd -$cmd || exit(1) -echo ============================================================== -set cmd="./asymPerform k=1024" -echo $cmd -$cmd || exit(1) -echo ============================================================== -cd $CLXUTILS/certTime || exit(1) -set cmd="./runTime" -echo $cmd -$cmd || exit(1) -echo ============================================================== -cd $CLXUTILS/kcTime || exit(1) -set cmd="$BUILD_DIR/kcTime" -echo $cmd -$cmd || exit(1) -echo ============================================================== -cd $CLXUTILS/secTime || exit(1) -set cmd="$BUILD_DIR/secTime" -echo $cmd -$cmd || exit(1) -echo ============================================================== -echo Performance suite complete. diff --git a/SecurityTests/cspxutils/pubKeyTool/Makefile b/SecurityTests/cspxutils/pubKeyTool/Makefile deleted file mode 100644 index b23914db..00000000 --- a/SecurityTests/cspxutils/pubKeyTool/Makefile +++ /dev/null @@ -1,57 +0,0 @@ -# -# sample Makefile fragment for csputils projects. -# - -### fill in these: - -# name of executable to build -EXECUTABLE=pubKeyTool -# C++ source (with .cpp extension) -CPSOURCE= pubKeyTool.cpp -# C source (.c extension) -CSOURCE= - -### all of the rest is optional. - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/pubKeyTool/derive_pub.der b/SecurityTests/cspxutils/pubKeyTool/derive_pub.der deleted file mode 100644 index 21144dfe27e56bc6de259280ce8b79f43eb71f35..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 140 zcmV;70CWE^fr$cvfdIu)|5OYt!rK*nXlt6jG3`ZCTu6tPt+{2gB}tIGqbgD*AyX^^ z^jqK@iAn7tvNC{`GH~NFy)aBHw;y=kIap9bj_Njkt?HznBvPumPHsMeyG6S6HOg;2 u;Qlg#wl+E(qEUZi^<=VVarfWi`DJlt!r%S;nCzBsm=@n2c#8r90RRE5wnAh8 diff --git a/SecurityTests/cspxutils/pubKeyTool/pubKeyTool.cpp b/SecurityTests/cspxutils/pubKeyTool/pubKeyTool.cpp deleted file mode 100644 index ce53b0eb..00000000 --- a/SecurityTests/cspxutils/pubKeyTool/pubKeyTool.cpp +++ /dev/null @@ -1,672 +0,0 @@ -/* - * pubKeyTool.cpp - calculate public key hash of arbitrary keys and certs; derive - * public key from a private key or a cert. - */ - -#include -#include -#include -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" -k priv_key_file -- private key file to read\n"); - printf(" -b pub_key_file -- public key file to read\n"); - printf(" -c cert_file -- cert file to read\n"); - printf(" -d -- print public key digest\n"); - printf(" -o out_file -- write public key to out_file\n"); - printf(" -f pkcs1|pkcs8|x509 -- input key format\n"); - printf(" -- default is PKCS8 for private key, PKCS1 for" - " public\n"); - printf(" -K keychain -- import pub key to this keychain; workaround " - "for Radar 4191851)\n"); - exit(1); -} - -/* Convert raw key blob into a respectable CSSM_KEY. */ -static CSSM_RETURN inferCssmKey( - const CSSM_DATA &keyBlob, - bool isPrivKey, - CSSM_KEYBLOB_FORMAT keyForm, - CSSM_CSP_HANDLE cspHand, - CSSM_KEY &outKey) -{ - memset(&outKey, 0, sizeof(CSSM_KEY)); - outKey.KeyData = keyBlob; - CSSM_KEYHEADER &hdr = outKey.KeyHeader; - hdr.HeaderVersion = CSSM_KEYHEADER_VERSION; - /* CspId blank */ - hdr.BlobType = CSSM_KEYBLOB_RAW; - hdr.AlgorithmId = CSSM_ALGID_RSA; - hdr.KeyAttr = CSSM_KEYATTR_EXTRACTABLE; - hdr.Format = keyForm; - hdr.KeyClass = isPrivKey ? CSSM_KEYCLASS_PRIVATE_KEY : CSSM_KEYCLASS_PUBLIC_KEY; - hdr.KeyUsage = CSSM_KEYUSE_ANY; - hdr.WrapAlgorithmId = CSSM_ALGID_NONE; - hdr.WrapMode = CSSM_ALGMODE_NONE; - /* - * LogicalKeySizeInBits - ask the CSP - */ - CSSM_KEY_SIZE keySize; - CSSM_RETURN crtn; - crtn = CSSM_QueryKeySizeInBits(cspHand, CSSM_INVALID_HANDLE, &outKey, - &keySize); - if(crtn) { - cssmPerror("CSSM_QueryKeySizeInBits", crtn); - return crtn; - } - hdr.LogicalKeySizeInBits = keySize.LogicalKeySizeInBits; - return CSSM_OK; -} - -/* - * Given any key in either blob or reference format, - * obtain the associated public key's SHA-1 hash. - */ -static CSSM_RETURN keyDigest( - CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *key, - CSSM_DATA_PTR *hashData) /* struct and contents cuAppMalloc'd and RETURNED */ -{ - CSSM_CC_HANDLE ccHand; - CSSM_RETURN crtn; - CSSM_DATA_PTR dp; - - *hashData = NULL; - - /* validate input params */ - if((key == NULL) || - (hashData == NULL)) { - printf("keyHash: bogus args\n"); - return CSSMERR_CSSM_INTERNAL_ERROR; - } - - /* cook up a context for a passthrough op */ - crtn = CSSM_CSP_CreatePassThroughContext(cspHand, - key, - &ccHand); - if(ccHand == 0) { - cssmPerror("CSSM_CSP_CreatePassThroughContext", crtn); - return crtn; - } - - /* now it's up to the CSP */ - crtn = CSSM_CSP_PassThrough(ccHand, - CSSM_APPLECSP_KEYDIGEST, - NULL, - (void **)&dp); - if(crtn) { - cssmPerror("CSSM_CSP_PassThrough(KEYDIGEST)", crtn); - } - else { - *hashData = dp; - crtn = CSSM_OK; - } - CSSM_DeleteContext(ccHand); - return crtn; -} - -/* - * Here's a tricky one. Given a private key, obtain the correspoding public key. - * This uses a private key blob format that's used internally in the CSP - * to generate key digests. - */ - -/* - * this magic const copied from BinaryKey.h - */ -#define CSSM_KEYBLOB_RAW_FORMAT_DIGEST \ - (CSSM_KEYBLOB_RAW_FORMAT_VENDOR_DEFINED + 0x12345) - -static CSSM_RETURN pubKeyFromPrivKey( - CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *privKey, // assumed to be raw format - CSSM_KEY *pubKey) -{ - /* first convert to reference key */ - CSSM_KEY refKey; - CSSM_RETURN crtn; - crtn = cspRawKeyToRef(cspHand, privKey, &refKey); - if(crtn) { - return crtn; - } - - /* now a NULL wrap with the magic format attribute */ - CSSM_CC_HANDLE ccHand; - CSSM_ACCESS_CREDENTIALS creds; - CSSM_DATA descData = {0, 0}; - - crtn = CSSM_CSP_CreateSymmetricContext(cspHand, - CSSM_ALGID_NONE, - CSSM_ALGMODE_NONE, - NULL, // passPhrase, - NULL, // key - NULL, // initVector, - CSSM_PADDING_NONE, - NULL, // Reserved - &ccHand); - if(crtn) { - cssmPerror("CSSM_CSP_CreateSymmetricContext", crtn); - return crtn; - } - crtn = AddContextAttribute(ccHand, - /* - * The output of the WrapKey is a private key as far as the CSP is - * concerned, at the level that this attribute is used anyway.... - */ - CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT, - sizeof(uint32), - CAT_Uint32, - NULL, - CSSM_KEYBLOB_RAW_FORMAT_DIGEST); - if(crtn) { - cssmPerror("CSSM_CSP_CreateSymmetricContext", crtn); - goto errOut; - } - memset(pubKey, 0, sizeof(CSSM_KEY)); - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - crtn = CSSM_WrapKey(ccHand, - &creds, - &refKey, - &descData, - pubKey); - if(crtn) { - cssmPerror("CSSM_WrapKey", crtn); - goto errOut; - } - - /* now: presto chango - don't do this at home! */ - pubKey->KeyHeader.KeyClass = CSSM_KEYCLASS_PUBLIC_KEY; -errOut: - CSSM_FreeKey(cspHand, NULL, &refKey, CSSM_FALSE); - CSSM_DeleteContext(ccHand); - return crtn; -} - -/* - * Import a key into a DLDB. - */ -static CSSM_RETURN importToDlDb( - CSSM_CSP_HANDLE cspHand, - CSSM_DL_DB_HANDLE_PTR dlDbHand, - const CSSM_KEY *rawPubKey, - CSSM_DATA_PTR labelData, - CSSM_KEY_PTR importedKey) -{ - CSSM_CC_HANDLE ccHand = 0; - CSSM_RETURN crtn; - uint32 keyAttr; - CSSM_ACCESS_CREDENTIALS creds; - CSSM_CONTEXT_ATTRIBUTE newAttr; - CSSM_DATA descData = {0, 0}; - - memset(importedKey, 0, sizeof(CSSM_KEY)); - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - crtn = CSSM_CSP_CreateSymmetricContext(cspHand, - CSSM_ALGID_NONE, - CSSM_ALGMODE_NONE, - &creds, - NULL, // unwrappingKey - NULL, // initVector - CSSM_PADDING_NONE, - 0, // Params - &ccHand); - if(crtn) { - cssmPerror("CSSM_CSP_CreateSymmetricContext", crtn); - return crtn; - } - keyAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT; - - /* Add DLDB to context */ - newAttr.AttributeType = CSSM_ATTRIBUTE_DL_DB_HANDLE; - newAttr.AttributeLength = sizeof(CSSM_ATTRIBUTE_DL_DB_HANDLE); - newAttr.Attribute.Data = (CSSM_DATA_PTR)dlDbHand; - crtn = CSSM_UpdateContextAttributes(ccHand, 1, &newAttr); - if(crtn) { - cssmPerror("CSSM_UpdateContextAttributes", crtn); - goto errOut; - } - - /* import */ - crtn = CSSM_UnwrapKey(ccHand, - NULL, // PublicKey - rawPubKey, - CSSM_KEYUSE_ANY, - keyAttr, - labelData, - NULL, // CredAndAclEntry - importedKey, - &descData); // required - if(crtn) { - cssmPerror("CSSM_UnwrapKey", crtn); - } -errOut: - if(ccHand) { - CSSM_DeleteContext(ccHand); - } - return crtn; -} - -/* - * Free memory via specified plugin's app-level allocator - */ -void impExpFreeCssmMemory( - CSSM_HANDLE hand, - void *p) -{ - CSSM_API_MEMORY_FUNCS memFuncs; - CSSM_RETURN crtn = CSSM_GetAPIMemoryFunctions(hand, &memFuncs); - if(crtn) { - return; - } - memFuncs.free_func(p, memFuncs.AllocRef); -} - -/* - * Key attrribute names and values. - * - * This is where the public key hash goes. - */ -#define SEC_KEY_HASH_ATTR_NAME "Label" - -/* - * This is where the publicly visible name goes. - */ -#define SEC_KEY_PRINT_NAME_ATTR_NAME "PrintName" - -/* - * Look up public key by label - * Set label to new specified label (SHA1 digest) - * Set print name to new specified user-visible name - */ -static CSSM_RETURN setPubKeyLabel( - CSSM_CSP_HANDLE cspHand, // where the key lives - CSSM_DL_DB_HANDLE *dlDbHand, // ditto - const CSSM_DATA *existKeyLabel, // existing label, a random string, for lookup - const CSSM_DATA *keyDigest, // SHA1 digest, the new label - const CSSM_DATA *newPrintName) // new user-visible name -{ - CSSM_QUERY query; - CSSM_SELECTION_PREDICATE predicate; - CSSM_DB_UNIQUE_RECORD_PTR record = NULL; - CSSM_RETURN crtn; - CSSM_HANDLE resultHand = 0; - - /* - * Look up the key in the DL. - */ - query.RecordType = CSSM_DL_DB_RECORD_PUBLIC_KEY; - query.Conjunctive = CSSM_DB_NONE; - query.NumSelectionPredicates = 1; - predicate.DbOperator = CSSM_DB_EQUAL; - - predicate.Attribute.Info.AttributeNameFormat = - CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - predicate.Attribute.Info.Label.AttributeName = (char *)"Label"; - predicate.Attribute.Info.AttributeFormat = - CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - /* hope this cast is OK */ - predicate.Attribute.Value = (CSSM_DATA_PTR)existKeyLabel; - query.SelectionPredicate = &predicate; - - query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? - query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? - query.QueryFlags = 0; // CSSM_QUERY_RETURN_DATA; // FIXME - used? - - /* build Record attribute with two attrs */ - CSSM_DB_RECORD_ATTRIBUTE_DATA recordAttrs; - CSSM_DB_ATTRIBUTE_DATA attr[2]; - - attr[0].Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr[0].Info.Label.AttributeName = (char *)SEC_KEY_HASH_ATTR_NAME; - attr[0].Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - attr[1].Info.AttributeNameFormat = CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - attr[1].Info.Label.AttributeName = (char *)SEC_KEY_PRINT_NAME_ATTR_NAME; - attr[1].Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - - recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_PUBLIC_KEY; - recordAttrs.NumberOfAttributes = 2; - recordAttrs.AttributeData = attr; - - crtn = CSSM_DL_DataGetFirst(*dlDbHand, - &query, - &resultHand, - &recordAttrs, - NULL, // theData - &record); - /* abort only on success */ - if(crtn != CSSM_OK) { - cssmPerror("CSSM_DL_DataGetFirst", crtn); - goto errOut; - } - - /* - * Update existing attr data. - * NOTE: the module which allocated this attribute data - a DL - - * was loaded and attached by the keychain layer, not by us. Thus - * we can't use the memory allocator functions *we* used when - * attaching to the CSP - we have to use the ones - * which the client registered with the DL. - */ - impExpFreeCssmMemory(dlDbHand->DLHandle, attr[0].Value->Data); - impExpFreeCssmMemory(dlDbHand->DLHandle, attr[0].Value); - impExpFreeCssmMemory(dlDbHand->DLHandle, attr[1].Value->Data); - impExpFreeCssmMemory(dlDbHand->DLHandle, attr[1].Value); - attr[0].Value = const_cast(keyDigest); - attr[1].Value = const_cast(newPrintName); - - crtn = CSSM_DL_DataModify(*dlDbHand, - CSSM_DL_DB_RECORD_PUBLIC_KEY, - record, - &recordAttrs, - NULL, // DataToBeModified - CSSM_DB_MODIFY_ATTRIBUTE_REPLACE); - if(crtn) { - cssmPerror("CSSM_DL_DataModify", crtn); - } -errOut: - /* free resources */ - if(resultHand) { - CSSM_DL_DataAbortQuery(*dlDbHand, resultHand); - } - if(record) { - CSSM_DL_FreeUniqueRecord(*dlDbHand, record); - } - return crtn; -} - -#define SHA1_LABEL_LEN 20 -#define IMPORTED_KEY_NAME "Imported Public Key" - -/* - * Import a public key into a keychain, with proper Label attribute setting. - * A workaround for Radar 4191851. - */ -static int pubKeyImport( - const char *kcName, - const CSSM_KEY *pubKey, - CSSM_CSP_HANDLE rawCspHand) /* raw CSP handle for calculating digest */ -{ - CSSM_CSP_HANDLE cspHand; - CSSM_DL_DB_HANDLE dlDbHand; - OSStatus ortn; - CSSM_RETURN crtn; - SecKeychainRef kcRef = NULL; - int ourRtn = 0; - CSSM_DATA_PTR digest = NULL; - CSSM_KEY importedKey; - CSSM_DATA newPrintName = - { (uint32)strlen(IMPORTED_KEY_NAME), (uint8 *)IMPORTED_KEY_NAME}; - - /* NULL unwrap stuff */ - uint8 tempLabel[SHA1_LABEL_LEN]; - CSSM_DATA labelData = {SHA1_LABEL_LEN, tempLabel}; - - ortn = SecKeychainOpen(kcName, &kcRef); - if(ortn) { - cssmPerror("SecKeychainOpen", ortn); - return -1; - } - /* subsequent errors to errOut: */ - - /* Get CSSM handles */ - ortn = SecKeychainGetCSPHandle(kcRef, &cspHand); - if(ortn) { - cssmPerror("SecKeychainGetCSPHandle", ortn); - ourRtn = -1; - goto errOut; - } - ortn = SecKeychainGetDLDBHandle(kcRef, &dlDbHand); - if(ortn) { - cssmPerror("SecKeychainGetCSPHandle", ortn); - ourRtn = -1; - goto errOut; - } - - /* public key hash from raw CSP */ - crtn = keyDigest(rawCspHand, pubKey, &digest); - if(crtn) { - ourRtn = -1; - goto errOut; - } - - /* random label for initial storage and later retrieval */ - appGetRandomBytes(tempLabel, SHA1_LABEL_LEN); - - /* import the key into the keychain's DLDB */ - memset(&importedKey, 0, sizeof(CSSM_KEY)); - crtn = importToDlDb(cspHand, &dlDbHand, pubKey, &labelData, &importedKey); - if(crtn) { - ourRtn = -1; - goto errOut; - } - - /* don't need this */ - CSSM_FreeKey(cspHand, NULL, &importedKey, CSSM_FALSE); - - /* update the label and printName attributes */ - crtn = setPubKeyLabel(cspHand, &dlDbHand, &labelData, digest, &newPrintName); - if(crtn) { - ourRtn = -1; - } -errOut: - CFRelease(kcRef); - if(digest) { - APP_FREE(digest->Data); - APP_FREE(digest); - } - return ourRtn; -} - -int main(int argc, char **argv) -{ - char *privKeyFile = NULL; - char *pubKeyFile = NULL; - char *certFile = NULL; - char *outFile = NULL; - bool printDigest = false; - CSSM_KEYBLOB_FORMAT keyForm = CSSM_KEYBLOB_RAW_FORMAT_NONE; - char *kcName = NULL; - - if(argc < 3) { - usage(argv); - } - extern char *optarg; - int arg; - while ((arg = getopt(argc, argv, "k:b:c:do:f:K:h")) != -1) { - switch (arg) { - case 'k': - privKeyFile = optarg; - break; - case 'b': - pubKeyFile = optarg; - break; - case 'c': - certFile = optarg; - break; - case 'd': - printDigest = true; - break; - case 'o': - outFile = optarg; - break; - case 'f': - if(!strcmp("pkcs1", optarg)) { - keyForm = CSSM_KEYBLOB_RAW_FORMAT_PKCS1; - } - else if(!strcmp("pkcs8", optarg)) { - keyForm = CSSM_KEYBLOB_RAW_FORMAT_PKCS8; - } - else if(!strcmp("x509", optarg)) { - keyForm = CSSM_KEYBLOB_RAW_FORMAT_X509; - } - break; - case 'K': - kcName = optarg; - break; - case 'h': - usage(argv); - } - } - if(optind != argc) { - usage(argv); - } - - CSSM_DATA privKeyBlob = {0, NULL}; - CSSM_DATA pubKeyBlob = {0, NULL}; - CSSM_KEY thePrivKey; // constructed - CSSM_KEY thePubKey; // null-wrapped - CSSM_KEY_PTR pubKey = NULL; - CSSM_KEY_PTR privKey = NULL; - CSSM_RETURN crtn; - CSSM_CL_HANDLE clHand = 0; - CSSM_CSP_HANDLE cspHand = cuCspStartup(CSSM_TRUE); - - /* gather input */ - if(privKeyFile) { - /* key blob from a file ==> a private CSSM_KEY */ - - if(pubKeyFile || certFile) { - printf("****Specify exactly one of {cert_file, priv_key_file, " - "pub_key_file}.\n"); - exit(1); - } - unsigned len; - if(readFile(privKeyFile, &privKeyBlob.Data, &len)) { - printf("***Error reading private key from %s. Aborting.\n", privKeyFile); - exit(1); - } - privKeyBlob.Length = len; - if(keyForm == CSSM_KEYBLOB_RAW_FORMAT_NONE) { - /* default for private keys */ - keyForm = CSSM_KEYBLOB_RAW_FORMAT_PKCS8; - } - crtn = inferCssmKey(privKeyBlob, true, keyForm, cspHand, thePrivKey); - if(crtn) { - goto errOut; - } - privKey = &thePrivKey; - } - if(pubKeyFile) { - /* key blob from a file ==> a public CSSM_KEY */ - - if(privKeyFile || certFile) { - printf("****Specify exactly one of {cert_file, priv_key_file, " - "pub_key_file}.\n"); - exit(1); - } - - unsigned len; - if(readFile(pubKeyFile, &pubKeyBlob.Data, &len)) { - printf("***Error reading public key from %s. Aborting.\n", pubKeyFile); - exit(1); - } - pubKeyBlob.Length = len; - if(keyForm == CSSM_KEYBLOB_RAW_FORMAT_NONE) { - /* default for public keys */ - keyForm = CSSM_KEYBLOB_RAW_FORMAT_PKCS1; - } - crtn = inferCssmKey(pubKeyBlob, false, keyForm, cspHand, thePubKey); - if(crtn) { - goto errOut; - } - pubKey = &thePubKey; - } - if(certFile) { - /* cert from a file ==> a public CSSM_KEY */ - - if(privKeyFile || pubKeyFile) { - printf("****Specify exactly one of {cert_file, priv_key_file, " - "pub_key_file}.\n"); - exit(1); - } - - CSSM_DATA certData = {0, NULL}; - unsigned len; - if(readFile(certFile, &certData.Data, &len)) { - printf("***Error reading cert from %s. Aborting.\n", certFile); - exit(1); - } - certData.Length = len; - - /* Extract public key - that's what we will be using later */ - clHand = cuClStartup(); - crtn = CSSM_CL_CertGetKeyInfo(clHand, &certData, &pubKey); - if(crtn) { - cssmPerror("CSSM_CL_CertGetKeyInfo", crtn); - goto errOut; - } - } - - /* now do something useful */ - if(printDigest) { - CSSM_KEY_PTR theKey = privKey; - if(theKey == NULL) { - /* maybe we got public key from a cert */ - theKey = pubKey; - } - if(theKey == NULL) { - printf("***Can't calculate digest because I don't have a key or a clue.\n"); - goto errOut; - } - CSSM_DATA_PTR dig = NULL; - crtn = keyDigest(cspHand, theKey, &dig); - if(crtn) { - printf("Sorry, can't get the digest for this key.\n"); - goto errOut; - } - if((dig == NULL) || (dig->Length == 0)) { - printf("Screwup calculating digest.\n"); - goto errOut; - } - printf("Key Digest:\n"); - for(unsigned dex=0; dexLength; dex++) { - printf("%02X ", dig->Data[dex]); - } - printf("\n"); - APP_FREE(dig->Data); - APP_FREE(dig); - } - - if(outFile || kcName) { - /* get a public key if we don't already have one */ - if(pubKey == NULL) { - if(privKey == NULL) { - printf("***PubKey file name specified but no privKey or cert. " - "Aborting.\n"); - goto errOut; - } - crtn = pubKeyFromPrivKey(cspHand, privKey, &thePubKey); - if(crtn) { - goto errOut; - } - pubKey = &thePubKey; - } - } - if(outFile) { - if(writeFile(outFile, pubKey->KeyData.Data, pubKey->KeyData.Length)) { - printf("***Error writing to %s.\n", outFile); - } - else { - printf("...%lu bytes written to %s.\n", pubKey->KeyData.Length, outFile); - } - } - if(kcName) { - if(pubKeyImport(kcName, pubKey, cspHand) == 0) { - printf("....public key %s imported to %s\n", pubKeyFile, kcName); - } - else { - printf("***Error importing public key %s to %s\n", pubKeyFile, kcName); - } - } -errOut: - /* clean up here if you must */ - return 0; -} diff --git a/SecurityTests/cspxutils/pubKeyTool/rsa_priv.der b/SecurityTests/cspxutils/pubKeyTool/rsa_priv.der deleted file mode 100644 index ce17ceb7da687c58713a2a21318bbe92599f7a20..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 635 zcmV->0)+iAf&zB}0RS)!1_>&LNQUpVK9OMT>=3B0)c@5#Zv!N3@pOi z6@6%Hn!YjZMN(WyhnKCnWwIqnkh`NQQY9f%ECcjg;2eob?IE%XK7zYNy7V>5Z$04tGJ>`?Ivk==e`EDzvS)Gk-{SdY zac08b{rs5hmT#CA-yV320s{d60Rn-5QN_k*_b;i0j}T07qfG>LwvV0+w46ut7tqe3 z0O+xTeNIEvD&B0Wl44;7kj=3II>i}W?iYjF8$H0zm-g zw}*K39%J;~|3<@8k!1D>pF~ft)(R#!)*K1Nvmt10gP0xR5=U217tq7LBi-30MXaxu zr~@AIaJ{S}z7od*K>*tFt)8CxLT%MQlxF|X{c$NUZDN8#%hH)yl!V{6z3DZ&PFIz)Uv$=n@B2mbw)hsJA@*%fg-pV%TWvJ;sK_h#ou)ou^f zbUi~Ev8CM|UTxV9a&%70@+MsDH2MUUeVEDr^t845lH6o?;Y8;z*bs#nD{3;C7#nx73R-HMfo24k| z=J<&MK>(s^vn~}+3H5LjwvJ;LXIN17wS@`Q -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" - -#define RAND_ALG CSSM_ALGID_APPLE_YARROW -#define BUFSIZE 32 - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - exit(1); -} - -static void dumpBuf(uint8 *buf, - unsigned len) -{ - unsigned i; - - printf(" "); - for(i=0; i gen a new one - // else use this - CSSM_CRYPTO_DATA_PTR seed, // optional - unsigned len, - CSSM_BOOL weMalloc) -{ - CSSM_RETURN crtn; - CSSM_DATA data = {0, NULL}; - - /* optional existing context */ - if(ccHand == 0) { - crtn = CSSM_CSP_CreateRandomGenContext( - cspHand, - RAND_ALG, - seed, - len, - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateRandomGenContext", crtn); - return; - } - } - - /* who mallocs the data? */ - if(weMalloc) { - data.Data = (uint8 *)appMalloc(len, NULL); - if(data.Data == NULL) { - printf("***malloc failure\n"); - return; - } - data.Length = len; - } - - /* go for it */ - crtn = CSSM_GenerateRandom(ccHand, &data); - if(crtn) { - printError("CSSM_GenerateRandom", crtn); - return; - } - - dumpBuf(data.Data, data.Length); - appFree(data.Data, NULL); - return; -} - -#define SEED_SIZE 32 - -/* - * CryptoData callback for optional random seed. - */ -CSSM_RETURN seedCallback( - CSSM_DATA_PTR OutData, - void *CallerCtx) -{ - int i, j; - static unsigned char seed[SEED_SIZE]; - - OutData->Length = SEED_SIZE; - OutData->Data = seed; - for(i=SEED_SIZE, j=0; i>0; i--, j++) { - seed[j] = i; - } - return CSSM_OK; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - CSSM_CSP_HANDLE cspHand; - CSSM_CC_HANDLE ccHand = 0; - CSSM_RETURN crtn; - CSSM_BOOL bareCsp = CSSM_TRUE; - char resp = 'n'; - // initial op = get random data - CSSM_BOOL weMalloc = CSSM_FALSE; - unsigned char seed[SEED_SIZE]; - CSSM_CRYPTO_DATA cseed; - int i; - unsigned reqLen = 16; - CSSM_BOOL explicitSeed; - - for(arg=1; arg -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "bsafeUtils.h" -#include - -/* - * Defaults. - */ -#define OLOOPS_DEF 10 /* outer loops, one key pair per loop */ -#define ILOOPS_DEF 10 /* sig loops */ -#define MAX_TEXT_SIZE 1024 - -#define LOOP_NOTIFY 20 -#define DO_MULTI_UPDATE CSSM_TRUE - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" a=alg (r=RSA, d=DSA; default=RSA)\n"); - printf(" l=outerloops (default=%d; 0=forever)\n", OLOOPS_DEF); - printf(" i=innerLoops (default=%d)\n", ILOOPS_DEF); - printf(" k=keySizeInBits; default is random\n"); - printf(" p=pauseInterval (default=0, no pause)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned oloop; - unsigned iloop; - CSSM_DATA ptext = {0, NULL}; - CSSM_CSP_HANDLE cspHand; - int i; - int rtn = 0; - uint32 keySizeInBits = 0; - CSSM_KEY pubKey; - CSSM_KEY privKey; - CSSM_DATA sig = {0, NULL}; - CSSM_DATA digest = {0, NULL}; - CSSM_RETURN crtn; - const char *digestStr; - - /* - * User-spec'd params - */ - CSSM_BOOL keySizeSpec = CSSM_FALSE; - unsigned oloops = OLOOPS_DEF; - unsigned iloops = ILOOPS_DEF; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - unsigned pauseInterval = 0; - CSSM_BOOL bareCsp = CSSM_TRUE; - CSSM_ALGORITHMS rawSigAlg = CSSM_ALGID_RSA; - - for(arg=1; arg -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "bsafeUtils.h" -#include "cspdlTesting.h" -#include - -/* - * Defaults. - */ -#define OLOOPS_DEF 10 /* outer loops, one key pair per loop */ -#define ILOOPS_DEF 10 /* sig loops */ -#define MAX_TEXT_SIZE 1024 - -#define LOOP_NOTIFY 20 - -/* - * Enumerate algs our own way to allow iteration. - */ -#define ALG_RSA_MD5 1 -#define ALG_RSA_SHA1 2 -#define ALG_RSA_MD2 3 -#define ALG_FEE_MD5 4 -#define ALG_FEE_SHA1 5 -#define ALG_ECDSA_SHA1 6 -#define ALG_DSA_SHA1 7 -#define ALG_ANSI_ECDSA_SHA1 8 -#define ALG_ECDSA_SHA256 9 -#define ALG_ECDSA_SHA384 10 -#define ALG_ECDSA_SHA512 11 -#define ALG_FIRST ALG_RSA_MD5 -#define ALG_LAST ALG_ECDSA_SHA512 - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" a=alg (5=RSA/MD5; 2=RSA/MD2; R=RSA/SHA1; d=DSA/SHA1; f=FEE/MD5; F=FEE/SHA1; \n"); - printf(" e=ECDSA/SHA1; E=ANSI_ECDSA/SHA1; 7=ECDSA/SHA256; 8=ECDSA/SHA384; 9=ECDSA/512; default=all)\n"); - printf(" l=outerloops (default=%d; 0=forever)\n", OLOOPS_DEF); - printf(" i=innerLoops (default=%d)\n", ILOOPS_DEF); - printf(" k=keySizeInBits; default is random\n"); - printf(" p=pauseInterval (default=0, no pause)\n"); - printf(" s(mall keys)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned oloop; - unsigned iloop; - CSSM_DATA ptext = {0, NULL}; - CSSM_CSP_HANDLE cspHand; - int i; - int rtn = 0; - uint32 keySizeInBits = 0; - CSSM_KEY pubKey; - CSSM_KEY privKey; - CSSM_DATA sig = {0, NULL}; - CSSM_DATA digest = {0, NULL}; - CSSM_RETURN crtn; - unsigned currAlg; - - /* current alg (e.g. ALG_FEE_SHA1) parsed to come up with these */ - CSSM_ALGORITHMS digestAlg; - CSSM_ALGORITHMS rawSigAlg; - CSSM_ALGORITHMS sigAlg; - CSSM_ALGORITHMS keyGenAlg; - const char *sigAlgStr; - - /* - * User-spec'd params - */ - CSSM_BOOL keySizeSpec = CSSM_FALSE; - unsigned oloops = OLOOPS_DEF; - unsigned iloops = ILOOPS_DEF; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - unsigned pauseInterval = 0; - CSSM_BOOL bareCsp = CSSM_TRUE; - unsigned minAlg = ALG_FIRST; - uint32 maxAlg = ALG_LAST; - CSSM_BOOL smallKeys = CSSM_FALSE; - - for(arg=1; arg rsatool -usage: ./rsatool op [options] - op: - g generate key pair - e encrypt - d decrypt - s sign - v verify - S SHA-1 digest - M MD5 digest - options: - k=keyfileBase keys are keyFileBase_pub.der, keyFileBase_priv.der) - p=plainFile - c=cipherFile - s=sigfile - b=keySizeInBits (default 512) - w (swap key class) - r (raw sign/verify) - P (no padding) - a=alg d=DSA r=RSA, e=ECDSA, default = RSA -localhost> - - -Some examples: --------------- - -To perform any operations using RSA, one must first have a key pair. -You generate them like so: - -localhost> rsatool g k=mykey b=1024 -...wrote 140 bytes to mykey_pub.der -...wrote 636 bytes to mykey_priv.der -localhostl> - -This generates a 1024-bit key pair, places the public key -in mykey_pub.der, and the private key in mykey_priv.der. - -Now, say you want to encrypt a file. You encrypt with a public key. -So first we create a file to encrypt: - -localhost:> cat > plaintext -this is what we will encrypt -localhostl> - -Now we encrypt it, placing the result in ciphertext: - -localhost> rsatool e k=mykey p=plaintext c=ciphertext -...wrote 128 bytes to ciphertext -localhost> - -The result looks like this: - -localhost> hexdump ciphertext -0000000 8272 4ff9 d7ab 8ff0 3dee 543d 3f36 3d89 -0000010 ef80 f958 3b4f 1be1 bde8 6557 c215 9728 -0000020 4262 0c6a b81b 5782 444d 225c db3e 17d7 -0000030 7079 d3af 7e1e c215 2b14 bf35 20f7 ed33 -0000040 f311 6258 fd85 6679 e0bb ae33 4b26 c1f8 -0000050 4f33 ac24 1972 e048 915c 8386 5fc3 7f56 -0000060 e7b3 9b4a ad6b a192 84c3 fa6e 25ba 91a0 -0000070 05ef fe42 ebba 0290 99b1 5cc9 5e36 7954 -0000080 -localhost> - -We decrypt it like so: - -localhost> rsatool d k=mykey p=recovered c=ciphertext -...wrote 29 bytes to recovered -localhost> - -Yielding: - -localhost> cat recovered -this is what we will encrypt -localhost> - -To generate a digital signature, putting the signature in sigfile: - -localhost> rsatool s k=mykey p=plaintext s=sigfile -...wrote 128 bytes to sigfile -localhost> - -To verify the signature: - -localhost> rsatool v k=mykey p=plaintext s=sigfile -...signature verifies OK -localhost> - -Note what happens if we specify a file other than 'plaintext' to -verify with plaintext's signature: - -localhost> rsatool v k=mykey p=ciphertext s=sigfile -CSSM_VerifyData: CSP_VERIFY_FAILED -sigVerify: CSP_VERIFY_FAILED -localhost> diff --git a/SecurityTests/cspxutils/rsatool/rsatool.c b/SecurityTests/cspxutils/rsatool/rsatool.c deleted file mode 100644 index 234662d5..00000000 --- a/SecurityTests/cspxutils/rsatool/rsatool.c +++ /dev/null @@ -1,1182 +0,0 @@ -/* - * rsatool.c - RSA/DSA/ECDSA key pair generator, en/decrypt, sign/verify with file I/O - */ - -#include -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include - -/* For 3141770 - defined true when PR-3074739 merged to TOT Security */ -#define OPENSSL_ENABLE 1 - -#define USAGE_NAME "noUsage" -#define USAGE_NAME_LEN (strlen(USAGE_NAME)) -#define DEFAULT_KEY_SIZE_BITS 512 - -typedef struct { - CSSM_ALGORITHMS alg; - uint32 keySizeInBits; - CSSM_CSP_HANDLE cspHand; - char *keyFileName; - char *outKeyFileName; // for pub key convert - char *plainFileName; - char *sigFileName; - char *cipherFileName; - char *dsaParamFileIn; - char *dsaParamFileOut; - CSSM_BOOL swapKeyClass; - CSSM_BOOL rawSign; - CSSM_BOOL noPad; - CSSM_BOOL quiet; - CSSM_KEYBLOB_FORMAT pubKeyFormat; // FORMAT_NONE ==> default - CSSM_KEYBLOB_FORMAT privKeyFormat; // FORMAT_NONE ==> default - CSSM_KEYBLOB_FORMAT outPubKeyFormat;// FORMAT_NONE ==> default, for pub key convert - CSSM_ALGORITHMS digestAlg; // optional digest alg for raw sign/verify -} opParams; - -static void usage(char **argv) -{ - printf("usage: %s op [options]\n", argv[0]); - printf(" op:\n"); - printf(" g generate key pair\n"); - printf(" e encrypt\n"); - printf(" d decrypt\n"); - printf(" s sign\n"); - printf(" v verify\n"); - printf(" S SHA-1 digest\n"); - printf(" M MD5 digest\n"); - printf(" C convert public key format\n"); - printf(" options:\n"); - printf(" k=keyfileBase keys are keyFileBase_pub.der, " - "keyFileBase_priv.der)\n"); - printf(" K=outputPublicKey\n"); - printf(" p=plainFile\n"); - printf(" c=cipherFile\n"); - printf(" s=sigfile\n"); - printf(" z=keySizeInBits (default %d)\n", DEFAULT_KEY_SIZE_BITS); - printf(" w (swap key class)\n"); - printf(" r (raw sign/verify)\n"); - printf(" P (no padding)\n"); - printf(" d=digestAlg digestAlg: s(SHA1) 5(MD5) for raw signing\n"); - printf(" m=dsaParamFileIn\n"); - printf(" M=dsaParamFileOut (must specify one of dsaParamFile{In,Out}\n"); - printf(" b=[1xboOL] (pub key in PKCS1/X509/BSAFE/OpenSSH1/OpenSSH2/OpenSSL form)\n"); - printf(" RSA = {PKCS1,X509,OpenSSH1,OpenSSH2} default = PKCS1\n"); - printf(" DSA = {BSAFE,X509,OpenSSH2} default = X509\n"); - printf(" ECDSA = {X509, OpenSSL} default = X509\n"); - printf(" Note: RSA and DSA public keys in OpenSSL form are X509.\n"); - printf(" v=[18sbo] (priv key in PKCS1/PKCS8/OpenSSH/BSAFE/OpenSSL form)\n"); - printf(" RSA = {PKCS1,PKCS8,OpenSSH1} default = PKCS8\n"); - printf(" DSA = {BSAFE,OpenSSL,PKCS8} default = OpenSSL\n"); - printf(" ECDSA = {PKCS8,OpenSSL} default = OpenSSL}\n"); - printf(" Note: RSA private key in OpenSSL form is PKCS1.\n"); - printf(" B=[1xboO] output public key format\n"); - printf(" a=alg d=DSA, r=RSA, e=ECDSA; default = RSA\n"); - printf(" q(uiet)\n"); - exit(1); -} - -/* NULL wrap a key to specified format. */ -static CSSM_RETURN nullWrapKey(CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *refKey, - CSSM_KEYBLOB_FORMAT blobFormat, - CSSM_KEY_PTR rawKey) // RETURNED -{ - CSSM_CC_HANDLE ccHand; - CSSM_RETURN crtn; - CSSM_ACCESS_CREDENTIALS creds; - CSSM_DATA descData = {0, 0}; - - memset(rawKey, 0, sizeof(CSSM_KEY)); - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - crtn = CSSM_CSP_CreateSymmetricContext(cspHand, - CSSM_ALGID_NONE, - CSSM_ALGMODE_NONE, - &creds, // passPhrase - NULL, // unwrappingKey - NULL, // initVector - CSSM_PADDING_NONE, - 0, // Params - &ccHand); - if(crtn) { - printError("cspWrapKey/CreateContext", crtn); - return crtn; - } - if(blobFormat != CSSM_KEYBLOB_WRAPPED_FORMAT_NONE) { - /* only add this attribute if it's not the default */ - CSSM_ATTRIBUTE_TYPE attrType; - - switch(refKey->KeyHeader.KeyClass) { - case CSSM_KEYCLASS_SESSION_KEY: - attrType = CSSM_ATTRIBUTE_SYMMETRIC_KEY_FORMAT; - break; - case CSSM_KEYCLASS_PUBLIC_KEY: - attrType = CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT; - break; - case CSSM_KEYCLASS_PRIVATE_KEY: - attrType = CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT; - break; - default: - printf("***Bogus KeyClass in nullWrapKey\n"); - return -1; - } - CSSM_CONTEXT_ATTRIBUTE attr; - attr.AttributeType = attrType; - attr.AttributeLength = sizeof(uint32); - attr.Attribute.Uint32 = blobFormat; - crtn = CSSM_UpdateContextAttributes( - ccHand, - 1, - &attr); - if(crtn) { - printError("CSSM_UpdateContextAttributes", crtn); - return crtn; - } - } - crtn = CSSM_WrapKey(ccHand, - &creds, - refKey, - &descData, - rawKey); - if(crtn != CSSM_OK) { - printError("CSSM_WrapKey", crtn); - } - if(CSSM_DeleteContext(ccHand)) { - printf("CSSM_DeleteContext failure\n"); - } - return crtn; -} - -/* - * Sign/verify optional "no padding" context attr - */ -static CSSM_RETURN sigSign(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEE_MD5, etc. - CSSM_KEY_PTR key, // private key - const CSSM_DATA *text, - CSSM_DATA_PTR sig, - uint32 digestAlg, // optional for raw signing - CSSM_BOOL noPad) // true --> add PADDING_NONE to context -{ - CSSM_CC_HANDLE sigHand; - CSSM_RETURN crtn; - - crtn = CSSM_CSP_CreateSignatureContext(cspHand, - algorithm, - NULL, // passPhrase - key, - &sigHand); - if(crtn) { - printError("CSSM_CSP_CreateSignatureContext", crtn); - return crtn; - } - if(noPad) { - crtn = AddContextAttribute(sigHand, - CSSM_ATTRIBUTE_PADDING, - sizeof(uint32), - CAT_Uint32, - NULL, - CSSM_PADDING_NONE); - if(crtn) { - return crtn; - } - } - crtn = CSSM_SignData(sigHand, - text, - 1, - digestAlg, - sig); - if(crtn) { - printError("CSSM_SignData", crtn); - } - CSSM_DeleteContext(sigHand); - return crtn; -} - -static CSSM_RETURN sigVerify(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEE_MD5, etc. - CSSM_KEY_PTR key, // public key - const CSSM_DATA *text, - const CSSM_DATA *sig, - uint32 digestAlg, // optional for raw signing - CSSM_BOOL noPad) // true --> add PADDING_NONE to context -{ - CSSM_CC_HANDLE sigHand; - CSSM_RETURN crtn; - - crtn = CSSM_CSP_CreateSignatureContext(cspHand, - algorithm, - NULL, // passPhrase - key, - &sigHand); - if(crtn) { - printError("CSSM_CSP_CreateSignatureContext", crtn); - return crtn; - } - if(noPad) { - crtn = AddContextAttribute(sigHand, - CSSM_ATTRIBUTE_PADDING, - sizeof(uint32), - CAT_Uint32, - NULL, - CSSM_PADDING_NONE); - if(crtn) { - return crtn; - } - } - crtn = CSSM_VerifyData(sigHand, - text, - 1, - digestAlg, - sig); - if(crtn) { - printError("CSSM_VerifyData", crtn); - } - CSSM_DeleteContext(sigHand); - return crtn; -} - -/* - * Generate DSA key pair. Algorithm parameters are - * either specified by caller via inParams, or are generated here - * and returned to caller in outParams. Exactly one of (inParams, - * outParams) must be non-NULL. - */ -static CSSM_RETURN genDsaKeyPair( - CSSM_CSP_HANDLE cspHand, - const char *keyLabel, - unsigned keyLabelLen, - uint32 keySize, // in bits - CSSM_KEY_PTR pubKey, // mallocd by caller - CSSM_BOOL pubIsRef, // true - reference key, false - data - uint32 pubKeyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - CSSM_KEYBLOB_FORMAT pubFormat, // Optional. Some algorithms (currently, FEE) - // provide for multiple key blob formats. - // Specify 0 or CSSM_KEYBLOB_RAW_FORMAT_NONE - // to get the default format. - CSSM_KEY_PTR privKey, // mallocd by caller - CSSM_BOOL privIsRef, // true - reference key, false - data - uint32 privKeyUsage, // CSSM_KEYUSE_DECRYPT, etc. - CSSM_KEYBLOB_FORMAT privFormat, // optional 0 ==> default - const CSSM_DATA *inParams, // optional - CSSM_DATA_PTR outParams) // optional, we malloc -{ - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand; - CSSM_DATA keyLabelData; - uint32 pubAttr; - uint32 privAttr; - CSSM_RETURN ocrtn = CSSM_OK; - - /* Caller must specify either inParams or outParams, not both */ - if(inParams && outParams) { - return CSSMERR_CSSM_INVALID_POINTER; - } - if(!inParams && !outParams) { - return CSSMERR_CSSM_INVALID_POINTER; - } - - keyLabelData.Data = (uint8 *)keyLabel, - keyLabelData.Length = keyLabelLen; - memset(pubKey, 0, sizeof(CSSM_KEY)); - memset(privKey, 0, sizeof(CSSM_KEY)); - - crtn = CSSM_CSP_CreateKeyGenContext(cspHand, - CSSM_ALGID_DSA, - keySize, - NULL, // Seed - NULL, // Salt - NULL, // StartDate - NULL, // EndDate - inParams, // Params, may be NULL - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateKeyGenContext", crtn); - return crtn; - } - /* cook up attribute bits */ - if(pubIsRef) { - pubAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE; - } - else { - pubAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE; - } - if(privIsRef) { - privAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE; - } - else { - privAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE; - } - - if(outParams) { - /* explicitly generate params and return them to caller */ - outParams->Data = NULL; - outParams->Length = 0; - crtn = CSSM_GenerateAlgorithmParams(ccHand, - keySize, outParams); - if(crtn) { - printError("CSSM_GenerateAlgorithmParams", crtn); - CSSM_DeleteContext(ccHand); - return crtn; - } - } - - /* optional format specifiers */ - if(pubFormat != CSSM_KEYBLOB_RAW_FORMAT_NONE) { - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT, - sizeof(uint32), - CAT_Uint32, - NULL, - pubFormat); - if(crtn) { - printError("AddContextAttribute(CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT)", crtn); - return crtn; - } - } - if(privFormat != CSSM_KEYBLOB_RAW_FORMAT_NONE) { - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT, - sizeof(uint32), - CAT_Uint32, - NULL, - privFormat); - if(crtn) { - printError("AddContextAttribute(CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT)", crtn); - return crtn; - } - } - crtn = CSSM_GenerateKeyPair(ccHand, - pubKeyUsage, - pubAttr, - &keyLabelData, - pubKey, - privKeyUsage, - privAttr, - &keyLabelData, // same labels - NULL, // CredAndAclEntry - privKey); - if(crtn) { - printError("CSSM_GenerateKeyPair", crtn); - ocrtn = crtn; - } - if(ccHand != 0) { - crtn = CSSM_DeleteContext(ccHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = CSSM_ERRCODE_INTERNAL_ERROR; - } - } - return ocrtn; -} - -/* - * Given keyFileBase, obtain name of public or private name. Output names - * mallocd by caller. - */ -#define KEY_FILE_NAME_MAX_LEN 256 - -static void rtKeyFileName( - const char *keyFileBase, - CSSM_BOOL isPub, - char *outFileName) -{ - if(isPub) { - sprintf(outFileName, "%s_pub.der", keyFileBase); - } - else { - sprintf(outFileName, "%s_priv.der", keyFileBase); - } -} - -/* - * Given keyFileBase and key type, init a CSSM_KEY. - */ -static int rt_readKey( - CSSM_CSP_HANDLE cspHand, - const char *keyFileBase, - CSSM_BOOL isPub, - CSSM_ALGORITHMS alg, - CSSM_KEYBLOB_FORMAT format, // FORMAT_NONE ==> default - CSSM_KEY_PTR key) -{ - char fileName[KEY_FILE_NAME_MAX_LEN]; - int irtn; - CSSM_DATA_PTR keyData = &key->KeyData; - CSSM_KEYHEADER_PTR hdr = &key->KeyHeader; - CSSM_RETURN crtn; - CSSM_KEY_SIZE keySize; - unsigned len; - - memset(key, 0, sizeof(CSSM_KEY)); - rtKeyFileName(keyFileBase, isPub, fileName); - irtn = readFile(fileName, &keyData->Data, &len); - if(irtn) { - printf("***error %d reading key file %s\n", irtn, fileName); - return irtn; - } - keyData->Length = len; - hdr->HeaderVersion = CSSM_KEYHEADER_VERSION; - hdr->BlobType = CSSM_KEYBLOB_RAW; - hdr->Format = format; - hdr->AlgorithmId = alg; - hdr->KeyClass = isPub ? CSSM_KEYCLASS_PUBLIC_KEY : - CSSM_KEYCLASS_PRIVATE_KEY; - hdr->KeyAttr = CSSM_KEYATTR_EXTRACTABLE; - hdr->KeyUsage = CSSM_KEYUSE_ANY; - - /* ask the CSP for key size */ - crtn = CSSM_QueryKeySizeInBits(cspHand, 0, key, &keySize); - if(crtn) { - printError("CSSM_QueryKeySizeInBits", crtn); - return 1; - } - hdr->LogicalKeySizeInBits = keySize.LogicalKeySizeInBits; - return 0; -} - -static int rt_generate(opParams *op) -{ - CSSM_RETURN crtn; - CSSM_KEY pubKey; - CSSM_KEY privKey; - char fileName[KEY_FILE_NAME_MAX_LEN]; - int irtn; - CSSM_DATA paramIn = {0, NULL}; - CSSM_DATA paramOut = {0, NULL}; - CSSM_DATA_PTR paramInPtr = NULL; - CSSM_DATA_PTR paramOutPtr = NULL; - - if(op->keyFileName == NULL) { - printf("***Need a keyFileName to generate key pair.\n"); - return 1; - } - memset(&pubKey, 0, sizeof(CSSM_KEY)); - memset(&privKey, 0, sizeof(CSSM_KEY)); - - if(op->alg == CSSM_ALGID_DSA) { - /* must specify either inParams or outParams, not both */ - if(op->dsaParamFileIn && op->dsaParamFileOut) { - printf("***DSA key generation requires one parameter file spec.\n"); - return 1; - } - if(!op->dsaParamFileIn && !op->dsaParamFileOut) { - printf("***DSA key generation requires one parameter file spec.\n"); - return 1; - } - if(op->dsaParamFileIn) { - /* caller-specified params */ - unsigned len; - irtn = readFile(op->dsaParamFileIn, ¶mIn.Data, &len); - if(irtn) { - printf("***Error reading DSA params from %s. Aborting.\n", - op->dsaParamFileIn); - } - paramIn.Length = len; - paramInPtr = ¶mIn; - } - else { - /* generate params --> paramOut */ - paramOutPtr = ¶mOut; - } - crtn = genDsaKeyPair(op->cspHand, - USAGE_NAME, - USAGE_NAME_LEN, - op->keySizeInBits, - &pubKey, - CSSM_FALSE, // not ref - CSSM_KEYUSE_VERIFY, // not really important - op->pubKeyFormat, - &privKey, - CSSM_FALSE, // not ref - CSSM_KEYUSE_SIGN, - op->privKeyFormat, - paramInPtr, - paramOutPtr); - if(crtn) { - return 1; - } - if(paramOutPtr) { - irtn = writeFile(op->dsaParamFileOut, paramOut.Data, paramOut.Length); - if(irtn) { - printf("***Error writing DSA params to %s. Aborting.\n", - op->dsaParamFileOut); - return 1; - } - if(!op->quiet) { - printf("...wrote %lu bytes to %s\n", paramOut.Length, - op->dsaParamFileOut); - } - CSSM_FREE(paramOut.Data); - } - else { - /* mallocd by readFile() */ - free(paramIn.Data); - } - } - else { - /* RSA, ECDSA */ - crtn = cspGenKeyPair(op->cspHand, - op->alg, - USAGE_NAME, - USAGE_NAME_LEN, - op->keySizeInBits, - &pubKey, - CSSM_FALSE, // not ref - CSSM_KEYUSE_VERIFY, // not really important - op->pubKeyFormat, - &privKey, - CSSM_FALSE, // not ref - CSSM_KEYUSE_SIGN, - op->privKeyFormat, - CSSM_FALSE); // genSeed, not used here - if(crtn) { - return 1; - } - } - - /* write the blobs */ - rtKeyFileName(op->keyFileName, CSSM_TRUE, fileName); - irtn = writeFile(fileName, pubKey.KeyData.Data, pubKey.KeyData.Length); - if(irtn) { - printf("***Error %d writing to %s\n", irtn, fileName); - return irtn; - } - if(!op->quiet) { - printf("...wrote %lu bytes to %s\n", pubKey.KeyData.Length, fileName); - } - rtKeyFileName(op->keyFileName, CSSM_FALSE, fileName); - irtn = writeFile(fileName, privKey.KeyData.Data, privKey.KeyData.Length); - if(irtn) { - printf("***Error %d writing to %s\n", irtn, fileName); - return irtn; - } - if(!op->quiet) { - printf("...wrote %lu bytes to %s\n", privKey.KeyData.Length, fileName); - } - cspFreeKey(op->cspHand, &pubKey); - cspFreeKey(op->cspHand, &privKey); - return 0; -} - -/* encrypt using public key */ -static int rt_encrypt(opParams *op) -{ - CSSM_KEY pubKey; - int irtn; - CSSM_DATA ptext; - CSSM_DATA ctext; - CSSM_RETURN crtn; - CSSM_BOOL isPub; - CSSM_ENCRYPT_MODE mode = CSSM_ALGMODE_NONE; - CSSM_KEYBLOB_FORMAT format = op->pubKeyFormat; - unsigned len; - - if(op->keyFileName == NULL) { - printf("***Need a keyFileName to encrypt.\n"); - return 1; - } - if((op->plainFileName == NULL) || (op->cipherFileName == NULL)) { - printf("***Need plainFileName and cipherFileName to encrypt.\n"); - return 1; - } - if(op->swapKeyClass) { - isPub = CSSM_FALSE; - mode = CSSM_ALGMODE_PRIVATE_KEY; - format = op->privKeyFormat; - } - else { - isPub = CSSM_TRUE; - } - irtn = rt_readKey(op->cspHand, op->keyFileName, isPub, op->alg, - format, &pubKey); - if(irtn) { - return irtn; - } - irtn = readFile(op->plainFileName, &ptext.Data, &len); - if(irtn) { - printf("***Error reading %s\n", op->plainFileName); - return irtn; - } - ptext.Length = len; - ctext.Data = NULL; - ctext.Length = 0; - - crtn = cspEncrypt(op->cspHand, - op->alg, - mode, - op->noPad ? CSSM_PADDING_NONE : CSSM_PADDING_PKCS1, - &pubKey, - NULL, - 0, // effectiveKeySize - 0, // rounds - NULL, // initVector - &ptext, - &ctext, - CSSM_FALSE); // mallocCtext - if(crtn) { - printError("cspEncrypt", crtn); - return 1; - } - irtn = writeFile(op->cipherFileName, ctext.Data, ctext.Length); - if(irtn) { - printf("***Error writing %s\n", op->cipherFileName); - } - else { - if(!op->quiet) { - printf("...wrote %lu bytes to %s\n", ctext.Length, op->cipherFileName); - } - } - - free(pubKey.KeyData.Data); // allocd by rt_readKey --> readFile - free(ptext.Data); // allocd by readFile - appFreeCssmData(&ctext, CSSM_FALSE); // by CSP - return irtn; -} - -/* decrypt using private key */ -static int rt_decrypt(opParams *op) -{ - CSSM_KEY privKey; - int irtn; - CSSM_DATA ptext; - CSSM_DATA ctext; - CSSM_RETURN crtn; - CSSM_BOOL isPub; - CSSM_ENCRYPT_MODE mode = CSSM_ALGMODE_NONE; - CSSM_KEYBLOB_FORMAT format = op->privKeyFormat; - unsigned len; - - if(op->keyFileName == NULL) { - printf("***Need a keyFileName to decrypt.\n"); - return 1; - } - if((op->plainFileName == NULL) || (op->cipherFileName == NULL)) { - printf("***Need plainFileName and cipherFileName to decrypt.\n"); - return 1; - } - if(op->swapKeyClass) { - isPub = CSSM_TRUE; - mode = CSSM_ALGMODE_PUBLIC_KEY; - format = op->pubKeyFormat; - } - else { - isPub = CSSM_FALSE; - } - irtn = rt_readKey(op->cspHand, op->keyFileName, isPub, op->alg, - format, &privKey); - if(irtn) { - return irtn; - } - irtn = readFile(op->cipherFileName, &ctext.Data, &len); - if(irtn) { - printf("***Error reading %s\n", op->cipherFileName); - return irtn; - } - ctext.Length = len; - ptext.Data = NULL; - ptext.Length = 0; - - crtn = cspDecrypt(op->cspHand, - op->alg, - mode, - op->noPad ? CSSM_PADDING_NONE : CSSM_PADDING_PKCS1, - &privKey, - NULL, - 0, // effectiveKeySize - 0, // rounds - NULL, // initVector - &ctext, - &ptext, - CSSM_FALSE); // mallocCtext - if(crtn) { - return 1; - } - irtn = writeFile(op->plainFileName, ptext.Data, ptext.Length); - if(irtn) { - printf("***Error writing %s\n", op->cipherFileName); - } - else { - if(!op->quiet) { - printf("...wrote %lu bytes to %s\n", ptext.Length, op->plainFileName); - } - } - free(privKey.KeyData.Data); // allocd by rt_readKey --> readFile - free(ctext.Data); // allocd by readFile - appFreeCssmData(&ptext, CSSM_FALSE); // by CSP - return irtn; -} - -static int rt_sign(opParams *op) -{ - CSSM_KEY privKey; - int irtn; - CSSM_DATA ptext; - CSSM_DATA sig; - CSSM_RETURN crtn; - CSSM_ALGORITHMS alg; - unsigned len; - - if(op->keyFileName == NULL) { - printf("***Need a keyFileName to sign.\n"); - return 1; - } - if((op->plainFileName == NULL) || (op->sigFileName == NULL)) { - printf("***Need plainFileName and sigFileName to sign.\n"); - return 1; - } - irtn = rt_readKey(op->cspHand, op->keyFileName, CSSM_FALSE, op->alg, - op->privKeyFormat, &privKey); - if(irtn) { - return irtn; - } - irtn = readFile(op->plainFileName, &ptext.Data, &len); - if(irtn) { - printf("***Error reading %s\n", op->plainFileName); - return irtn; - } - ptext.Length = len; - sig.Data = NULL; - sig.Length = 0; - switch(op->alg) { - case CSSM_ALGID_RSA: - if(op->rawSign) { - alg = CSSM_ALGID_RSA; - } - else { - alg = CSSM_ALGID_SHA1WithRSA; - } - break; - case CSSM_ALGID_DSA: - alg = CSSM_ALGID_SHA1WithDSA; - break; - case CSSM_ALGID_ECDSA: - if(op->rawSign) { - alg = CSSM_ALGID_ECDSA; - } - else { - alg = CSSM_ALGID_SHA1WithECDSA; - } - break; - default: - printf("Hey! Try another alg!\n"); - exit(1); - } - crtn = sigSign(op->cspHand, - alg, - &privKey, - &ptext, - &sig, - op->digestAlg, - op->noPad); - if(crtn) { - printError("cspSign", crtn); - return 1; - } - irtn = writeFile(op->sigFileName, sig.Data, sig.Length); - if(irtn) { - printf("***Error writing %s\n", op->sigFileName); - } - else if(!op->quiet) { - printf("...wrote %lu bytes to %s\n", sig.Length, op->sigFileName); - } - free(privKey.KeyData.Data); // allocd by rt_readKey --> readFile - free(ptext.Data); // allocd by readFile - appFreeCssmData(&sig, CSSM_FALSE); // by CSP - return irtn; -} - -static int rt_verify(opParams *op) -{ - CSSM_KEY pubKey; - int irtn; - CSSM_DATA ptext; - CSSM_DATA sig; - CSSM_RETURN crtn; - CSSM_ALGORITHMS alg; - unsigned len; - - if(op->keyFileName == NULL) { - printf("***Need a keyFileName to verify.\n"); - return 1; - } - if((op->plainFileName == NULL) || (op->sigFileName == NULL)) { - printf("***Need plainFileName and sigFileName to verify.\n"); - return 1; - } - irtn = rt_readKey(op->cspHand, op->keyFileName, CSSM_TRUE, op->alg, - op->pubKeyFormat, &pubKey); - if(irtn) { - return irtn; - } - irtn = readFile(op->plainFileName, &ptext.Data, &len); - if(irtn) { - printf("***Error reading %s\n", op->plainFileName); - return irtn; - } - ptext.Length = len; - irtn = readFile(op->sigFileName, &sig.Data, (unsigned *)&sig.Length); - if(irtn) { - printf("***Error reading %s\n", op->sigFileName); - return irtn; - } - switch(op->alg) { - case CSSM_ALGID_RSA: - if(op->rawSign) { - alg = CSSM_ALGID_RSA; - } - else { - alg = CSSM_ALGID_SHA1WithRSA; - } - break; - case CSSM_ALGID_DSA: - alg = CSSM_ALGID_SHA1WithDSA; - break; - case CSSM_ALGID_ECDSA: - if(op->rawSign) { - alg = CSSM_ALGID_ECDSA; - } - else { - alg = CSSM_ALGID_SHA1WithECDSA; - } - break; - default: - printf("Hey! Try another alg!\n"); - exit(1); - } - crtn = sigVerify(op->cspHand, - alg, - &pubKey, - &ptext, - &sig, - op->digestAlg, - op->noPad); - if(crtn) { - printError("sigVerify", crtn); - irtn = 1; - } - else if(!op->quiet){ - printf("...signature verifies OK\n"); - irtn = 0; - } - free(pubKey.KeyData.Data); // allocd by rt_readKey --> readFile - free(ptext.Data); // allocd by readFile - free(sig.Data); // ditto - return irtn; -} - -static int rt_digest(opParams *op) -{ - int irtn; - CSSM_DATA ptext; - CSSM_DATA digest = {0, NULL}; - CSSM_RETURN crtn; - unsigned len; - - if((op->plainFileName == NULL) || (op->sigFileName == NULL)) { - printf("***Need plainFileName and sigFileName to digest.\n"); - return 1; - } - irtn = readFile(op->plainFileName, &ptext.Data, &len); - if(irtn) { - printf("***Error reading %s\n", op->plainFileName); - return irtn; - } - ptext.Length = len; - crtn = cspDigest(op->cspHand, - op->alg, - CSSM_FALSE, // mallocDigest - let CSP do it - &ptext, - &digest); - if(crtn) { - printError("cspDigest", crtn); - return 1; - } - irtn = writeFile(op->sigFileName, digest.Data, digest.Length); - if(irtn) { - printf("***Error writing %s\n", op->sigFileName); - } - else if(!op->quiet){ - printf("...wrote %lu bytes to %s\n", digest.Length, op->sigFileName); - } - free(ptext.Data); // allocd by readFile - appFreeCssmData(&digest, CSSM_FALSE); // by CSP - return irtn; -} - -static int rt_convertPubKey(opParams *op) -{ - CSSM_RETURN crtn; - int irtn; - CSSM_KEY pubKeyIn; - CSSM_KEY pubKeyOut; - CSSM_KEY refKey; - char fileName[KEY_FILE_NAME_MAX_LEN]; - - if((op->keyFileName == NULL) || (op->outKeyFileName == NULL)) { - printf("***I need input and output key file names for public key concersion.\n"); - return 1; - } - irtn = rt_readKey(op->cspHand, op->keyFileName, CSSM_TRUE, op->alg, - op->pubKeyFormat, &pubKeyIn); - if(irtn) { - return irtn; - } - crtn = cspRawKeyToRef(op->cspHand, &pubKeyIn, &refKey); - if(crtn) { - printf("***Error on NULL unwrap of %s\n", op->keyFileName); - return -1; - } - crtn = nullWrapKey(op->cspHand, &refKey, op->outPubKeyFormat, &pubKeyOut); - if(crtn) { - printf("***Error on NULL wrap\n"); - return 1; - } - - /* write the blobs */ - rtKeyFileName(op->outKeyFileName, CSSM_TRUE, fileName); - irtn = writeFile(fileName, pubKeyOut.KeyData.Data, pubKeyOut.KeyData.Length); - if(irtn) { - printf("***Error %d writing to %s\n", irtn, fileName); - return irtn; - } - if(!op->quiet) { - printf("...wrote %lu bytes to %s\n", pubKeyOut.KeyData.Length, fileName); - } - cspFreeKey(op->cspHand, &pubKeyOut); - free(pubKeyIn.KeyData.Data); - cspFreeKey(op->cspHand, &refKey); - return 0; -} - -/* parse public key format character */ -static CSSM_KEYBLOB_FORMAT parsePubKeyFormat(char c, char **argv) -{ - switch(c) { - case '1': - return CSSM_KEYBLOB_RAW_FORMAT_PKCS1; - case 'x': - return CSSM_KEYBLOB_RAW_FORMAT_X509; - case 'b': - return CSSM_KEYBLOB_RAW_FORMAT_FIPS186; - case 'o': - return CSSM_KEYBLOB_RAW_FORMAT_OPENSSH; - case 'O': - return CSSM_KEYBLOB_RAW_FORMAT_OPENSSH2; - case 'L': - /* This is the "parse a private+public key as public only" option */ - return CSSM_KEYBLOB_RAW_FORMAT_OPENSSL; - default: - usage(argv); - } - /* not reached */ - return -1; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - int rtn; - opParams op; - - if(argc < 2) { - usage(argv); - } - memset(&op, 0, sizeof(opParams)); - op.keySizeInBits = DEFAULT_KEY_SIZE_BITS; - op.alg = CSSM_ALGID_RSA; - op.swapKeyClass = CSSM_FALSE; - op.rawSign = CSSM_FALSE; - op.noPad = CSSM_FALSE; - - for(arg=2; arg -#include -#include -#include -#include "cputime.h" -#include "common.h" - -static void usage(char **argv) -{ - printf("Usage: %s bytecount [q(uiet)]\n", argv[0]); - exit(1); -} - -#define BUFSIZE (8 * 1024) - -int main(int argc, char **argv) -{ - bool quiet = false; - unsigned byteCount; - - if(argc < 2) { - usage(argv); - } - byteCount = atoi(argv[1]); - for(int arg=2; arg BUFSIZE) { - thisMove = BUFSIZE; - } - else { - thisMove = toMove; - } - toMove -= thisMove; - CC_SHA1_Update(&ctx1, text, thisMove); - } while(toMove); - CC_SHA1_Final(dig1, &ctx1); - timeSpentMs = CPUTimeDeltaMs(startTime, CPUTimeRead()); - printf("SHA1: Digest %u bytes : %.2f ms\n", byteCount, timeSpentMs); - - /* SHA256 */ - if(!quiet) { - printf("...testing SHA256\n"); - } - - CC_SHA256_CTX ctx256; - unsigned char dig256[CC_SHA256_DIGEST_LENGTH]; - toMove = byteCount; - CC_SHA256_Init(&ctx256); - - /* start critical timing loop */ - startTime = CPUTimeRead(); - do { - if(toMove > BUFSIZE) { - thisMove = BUFSIZE; - } - else { - thisMove = toMove; - } - toMove -= thisMove; - CC_SHA256_Update(&ctx256, text, thisMove); - } while(toMove); - CC_SHA256_Final(dig256, &ctx256); - timeSpentMs = CPUTimeDeltaMs(startTime, CPUTimeRead()); - printf("SHA256: Digest %u bytes : %.2f ms\n", byteCount, timeSpentMs); - - /* SHA256 */ - if(!quiet) { - printf("...testing SHA512\n"); - } - - CC_SHA512_CTX ctx512; - unsigned char dig512[CC_SHA512_DIGEST_LENGTH]; - toMove = byteCount; - CC_SHA512_Init(&ctx512); - - /* start critical timing loop */ - startTime = CPUTimeRead(); - do { - if(toMove > BUFSIZE) { - thisMove = BUFSIZE; - } - else { - thisMove = toMove; - } - toMove -= thisMove; - CC_SHA512_Update(&ctx512, text, thisMove); - } while(toMove); - CC_SHA512_Final(dig512, &ctx512); - timeSpentMs = CPUTimeDeltaMs(startTime, CPUTimeRead()); - printf("SHA512: Digest %u bytes : %.2f ms\n", byteCount, timeSpentMs); - - return 0; -} diff --git a/SecurityTests/cspxutils/sha2Vectors/Makefile b/SecurityTests/cspxutils/sha2Vectors/Makefile deleted file mode 100644 index d97513b1..00000000 --- a/SecurityTests/cspxutils/sha2Vectors/Makefile +++ /dev/null @@ -1,49 +0,0 @@ -EXECUTABLE=sha2Vectors -# C++ source (with .cpp extension) -CPSOURCE= sha2Vectors.cpp -# C source (.c extension) -CSOURCE= -OFILES = $(CSOURCE:%.c=%.o) $(CPSOURCE:%.cpp=%.o) - -LOCAL_BUILD= $(shell echo $(LOCAL_BUILD_DIR)) - -VARIANT_SUFFIX= - -FRAMEWORKS= -FRAME_SEARCH= -F$(LOCAL_BUILD) -FINCLUDES= -PINCLUDES= -I$(LOCAL_BUILD)/include -CINCLUDES= $(FINCLUDES) $(PINCLUDES) -WFLAGS= -Wno-four-char-constants -Wno-deprecated-declarations -CFLAGS= -g $(CINCLUDES) $(WFLAGS) $(FRAME_SEARCH) - -# -# This assumes final load with cc, not ld -# -#LIBS= -lstdc++ -lcommonCrypto$(VARIANT_SUFFIX) -LIBS= -lstdc++ - -# this is temporary -LIBPATH= -L$(LOCAL_BUILD) -L/usr/local/lib/system -LDFLAGS= $(LIBS) $(LIBPATH) $(FRAME_SEARCH) - -first: $(EXECUTABLE) - -$(EXECUTABLE): $(OFILES) - $(CC) -o $(EXECUTABLE) $(FRAMEWORKS) $(OFILES) $(LDFLAGS) - -debug: - make "VARIANT_SUFFIX=_debug" - -clean: - rm -f *.o $(EXECUTABLE) - -installhdrs: - -install: - -%.o: %.c - $(CC) $(CFLAGS) -c -o $*.o $< - -%.o: %.cpp - $(CC) $(CFLAGS) -c -o $*.o $< diff --git a/SecurityTests/cspxutils/sha2Vectors/sha2Vectors.cpp b/SecurityTests/cspxutils/sha2Vectors/sha2Vectors.cpp deleted file mode 100644 index dec315bf..00000000 --- a/SecurityTests/cspxutils/sha2Vectors/sha2Vectors.cpp +++ /dev/null @@ -1,361 +0,0 @@ -/* - * Verify SHA2 against FIPS test vectors. - */ - -#include -#include -#include -#include - -static void usage(char **argv) -{ - printf("Usage: %s [q(uiet)]\n", argv[0]); - exit(1); -} - -/* - * These test vectors came from FIPS Processing Standards Publication 180-2, - * 2002 August 1. - * - * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf - */ - -/* SHA256 vectors */ -static const char *v1_256_text = "abc"; -static int v1_256_textLen=3; -static unsigned const char v1_256_digest[] = { - 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, - 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, - 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, - 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad -}; - -static const char *v2_256_text = "abcdbcdecdefdefgefghfghighijhi" - "jkijkljklmklmnlmnomnopnopq"; -#define v2_256_textLen strlen(v2_256_text) -static unsigned const char v2_256_digest[] = { - 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, - 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, - 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, - 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 -}; - -/* Vector 3: text = one million 'a' characters */ -static unsigned const char v3_256_digest[] = { - 0xcd, 0xc7, 0x6e, 0x5c, 0x99, 0x14, 0xfb, 0x92, - 0x81, 0xa1, 0xc7, 0xe2, 0x84, 0xd7, 0x3e, 0x67, - 0xf1, 0x80, 0x9a, 0x48, 0xa4, 0x97, 0x20, 0x0e, - 0x04, 0x6d, 0x39, 0xcc, 0xc7, 0x11, 0x2c, 0xd0 -}; - -/* SHA384 vectors */ -static const char *v1_384_text = "abc"; -static int v1_384_textLen=3; -static unsigned const char v1_384_digest[] = { - 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b, - 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07, - 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63, - 0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed, - 0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23, - 0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7 -}; - -static const char *v2_384_text = "abcdefghbcdefghicdefghijdefghij" - "kefghijklfghijklmghijklmn" - "hijklmnoijklmnopjklmnopqklmnopqr" - "lmnopqrsmnopqrstnopqrstu"; -#define v2_384_textLen strlen(v2_384_text) -static unsigned const char v2_384_digest[] = { - 0x09, 0x33, 0x0c, 0x33, 0xf7, 0x11, 0x47, 0xe8, - 0x3d, 0x19, 0x2f, 0xc7, 0x82, 0xcd, 0x1b, 0x47, - 0x53, 0x11, 0x1b, 0x17, 0x3b, 0x3b, 0x05, 0xd2, - 0x2f, 0xa0, 0x80, 0x86, 0xe3, 0xb0, 0xf7, 0x12, - 0xfc, 0xc7, 0xc7, 0x1a, 0x55, 0x7e, 0x2d, 0xb9, - 0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39 -}; - -/* Vector 3: text = one million 'a' characters */ -static unsigned const char v3_384_digest[] = { - 0x9d, 0x0e, 0x18, 0x09, 0x71, 0x64, 0x74, 0xcb, - 0x08, 0x6e, 0x83, 0x4e, 0x31, 0x0a, 0x4a, 0x1c, - 0xed, 0x14, 0x9e, 0x9c, 0x00, 0xf2, 0x48, 0x52, - 0x79, 0x72, 0xce, 0xc5, 0x70, 0x4c, 0x2a, 0x5b, - 0x07, 0xb8, 0xb3, 0xdc, 0x38, 0xec, 0xc4, 0xeb, - 0xae, 0x97, 0xdd, 0xd8, 0x7f, 0x3d, 0x89, 0x85 -}; - -/* SHA512 vectors */ -static const char *v1_512_text = "abc"; -static int v1_512_textLen=3; -static unsigned const char v1_512_digest[] = { - 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, - 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31, - 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, - 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a, - 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, - 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd, - 0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, - 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f -}; - -static const char *v2_512_text = "abcdefghbcdefghicdefghijdefgh" - "ijkefghijklfghijklmghijklmn" - "hijklmnoijklmnopjklmnopqklmn" - "opqrlmnopqrsmnopqrstnopqrstu"; -#define v2_512_textLen strlen(v2_512_text) -static unsigned const char v2_512_digest[] = { - 0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda, - 0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f, - 0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1, - 0x72, 0x99, 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18, - 0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, 0xe4, - 0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a, - 0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54, - 0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09 -}; - -/* Vector 3: one million 'a' characters */ -static unsigned const char v3_512_digest[] = { - 0xe7, 0x18, 0x48, 0x3d, 0x0c, 0xe7, 0x69, 0x64, - 0x4e, 0x2e, 0x42, 0xc7, 0xbc, 0x15, 0xb4, 0x63, - 0x8e, 0x1f, 0x98, 0xb1, 0x3b, 0x20, 0x44, 0x28, - 0x56, 0x32, 0xa8, 0x03, 0xaf, 0xa9, 0x73, 0xeb, - 0xde, 0x0f, 0xf2, 0x44, 0x87, 0x7e, 0xa6, 0x0a, - 0x4c, 0xb0, 0x43, 0x2c, 0xe5, 0x77, 0xc3, 0x1b, - 0xeb, 0x00, 0x9c, 0x5c, 0x2c, 0x49, 0xaa, 0x2e, - 0x4e, 0xad, 0xb2, 0x17, 0xad, 0x8c, 0xc0, 0x9b -}; - -/* - * SHA224 vectors, not part of the FIPS standard; these were obtained from RFC 3874. - */ -static const char *v1_224_text = "abc"; -static int v1_224_textLen=3; -static unsigned const char v1_224_digest[] = { - 0x23, 0x09, 0x7d, 0x22, 0x34, 0x05, 0xd8, 0x22, - 0x86, 0x42, 0xa4, 0x77, 0xbd, 0xa2, 0x55, 0xb3, - 0x2a, 0xad, 0xbc, 0xe4, 0xbd, 0xa0, 0xb3, 0xf7, - 0xe3, 0x6c, 0x9d, 0xa7 -}; - -static const char *v2_224_text = "abcdbcdecdefdefgefghfghighi" - "jhijkijkljklmklmnlmnomnopnopq"; -static int v2_224_textLen=56; -static unsigned const char v2_224_digest[] = { - 0x75, 0x38, 0x8b, 0x16, 0x51, 0x27, 0x76, 0xcc, - 0x5d, 0xba, 0x5d, 0xa1, 0xfd, 0x89, 0x01, 0x50, - 0xb0, 0xc6, 0x45, 0x5c, 0xb4, 0xf5, 0x8b, 0x19, - 0x52, 0x52, 0x25, 0x25 -}; - -/* Vector 3: one million 'a' characters */ -static unsigned const char v3_224_digest[] = { - 0x20, 0x79, 0x46, 0x55, 0x98, 0x0c, 0x91, 0xd8, - 0xbb, 0xb4, 0xc1, 0xea, 0x97, 0x61, 0x8a, 0x4b, - 0xf0, 0x3f, 0x42, 0x58, 0x19, 0x48, 0xb2, 0xee, - 0x4e, 0xe7, 0xad, 0x67 -}; - -static void dumpBuffer( - const char *bufName, // optional - const unsigned char *buf, - unsigned len) -{ - unsigned i; - - if(bufName) { - printf("%s\n", bufName); - } - printf(" "); - for(i=0; i -#include -#include -#include "cspwrap.h" -#include "common.h" -/* this is for hard-coded lengths only */ -#include - -static void usage(char **argv) -{ - printf("Usage: %s [option...]\n", argv[0]); - printf("Options:\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" q(uiet)\n"); - exit(1); -} - -/* - * These test vectors came from FIPS Processing Standards Publication 180-2, - * 2002 August 1. - * - * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf - */ - -/* SHA256 vectors */ -static const char *v1_256_text = "abc"; -static int v1_256_textLen=3; -static unsigned const char v1_256_digest[] = { - 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, - 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, - 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, - 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad -}; - -static const char *v2_256_text = "abcdbcdecdefdefgefghfghighijhi" - "jkijkljklmklmnlmnomnopnopq"; -#define v2_256_textLen strlen(v2_256_text) -static unsigned const char v2_256_digest[] = { - 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, - 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, - 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, - 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 -}; - -/* Vector 3: text = one million 'a' characters */ -static unsigned const char v3_256_digest[] = { - 0xcd, 0xc7, 0x6e, 0x5c, 0x99, 0x14, 0xfb, 0x92, - 0x81, 0xa1, 0xc7, 0xe2, 0x84, 0xd7, 0x3e, 0x67, - 0xf1, 0x80, 0x9a, 0x48, 0xa4, 0x97, 0x20, 0x0e, - 0x04, 0x6d, 0x39, 0xcc, 0xc7, 0x11, 0x2c, 0xd0 -}; - -/* SHA384 vectors */ -static const char *v1_384_text = "abc"; -static int v1_384_textLen=3; -static unsigned const char v1_384_digest[] = { - 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b, - 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07, - 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63, - 0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed, - 0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23, - 0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7 -}; - -static const char *v2_384_text = "abcdefghbcdefghicdefghijdefghij" - "kefghijklfghijklmghijklmn" - "hijklmnoijklmnopjklmnopqklmnopqr" - "lmnopqrsmnopqrstnopqrstu"; -#define v2_384_textLen strlen(v2_384_text) -static unsigned const char v2_384_digest[] = { - 0x09, 0x33, 0x0c, 0x33, 0xf7, 0x11, 0x47, 0xe8, - 0x3d, 0x19, 0x2f, 0xc7, 0x82, 0xcd, 0x1b, 0x47, - 0x53, 0x11, 0x1b, 0x17, 0x3b, 0x3b, 0x05, 0xd2, - 0x2f, 0xa0, 0x80, 0x86, 0xe3, 0xb0, 0xf7, 0x12, - 0xfc, 0xc7, 0xc7, 0x1a, 0x55, 0x7e, 0x2d, 0xb9, - 0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39 -}; - -/* Vector 3: text = one million 'a' characters */ -static unsigned const char v3_384_digest[] = { - 0x9d, 0x0e, 0x18, 0x09, 0x71, 0x64, 0x74, 0xcb, - 0x08, 0x6e, 0x83, 0x4e, 0x31, 0x0a, 0x4a, 0x1c, - 0xed, 0x14, 0x9e, 0x9c, 0x00, 0xf2, 0x48, 0x52, - 0x79, 0x72, 0xce, 0xc5, 0x70, 0x4c, 0x2a, 0x5b, - 0x07, 0xb8, 0xb3, 0xdc, 0x38, 0xec, 0xc4, 0xeb, - 0xae, 0x97, 0xdd, 0xd8, 0x7f, 0x3d, 0x89, 0x85 -}; - -/* SHA512 vectors */ -static const char *v1_512_text = "abc"; -static int v1_512_textLen=3; -static unsigned const char v1_512_digest[] = { - 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, - 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31, - 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, - 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a, - 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, - 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd, - 0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, - 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f -}; - -static const char *v2_512_text = "abcdefghbcdefghicdefghijdefgh" - "ijkefghijklfghijklmghijklmn" - "hijklmnoijklmnopjklmnopqklmn" - "opqrlmnopqrsmnopqrstnopqrstu"; -#define v2_512_textLen strlen(v2_512_text) -static unsigned const char v2_512_digest[] = { - 0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda, - 0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f, - 0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1, - 0x72, 0x99, 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18, - 0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, 0xe4, - 0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a, - 0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54, - 0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09 -}; - -/* Vector 3: one million 'a' characters */ -static unsigned const char v3_512_digest[] = { - 0xe7, 0x18, 0x48, 0x3d, 0x0c, 0xe7, 0x69, 0x64, - 0x4e, 0x2e, 0x42, 0xc7, 0xbc, 0x15, 0xb4, 0x63, - 0x8e, 0x1f, 0x98, 0xb1, 0x3b, 0x20, 0x44, 0x28, - 0x56, 0x32, 0xa8, 0x03, 0xaf, 0xa9, 0x73, 0xeb, - 0xde, 0x0f, 0xf2, 0x44, 0x87, 0x7e, 0xa6, 0x0a, - 0x4c, 0xb0, 0x43, 0x2c, 0xe5, 0x77, 0xc3, 0x1b, - 0xeb, 0x00, 0x9c, 0x5c, 0x2c, 0x49, 0xaa, 0x2e, - 0x4e, 0xad, 0xb2, 0x17, 0xad, 0x8c, 0xc0, 0x9b -}; - -/* - * SHA224 vectors, not part of the FIPS standard; these were obtained from RFC 3874. - */ -static const char *v1_224_text = "abc"; -static int v1_224_textLen=3; -static unsigned const char v1_224_digest[] = { - 0x23, 0x09, 0x7d, 0x22, 0x34, 0x05, 0xd8, 0x22, - 0x86, 0x42, 0xa4, 0x77, 0xbd, 0xa2, 0x55, 0xb3, - 0x2a, 0xad, 0xbc, 0xe4, 0xbd, 0xa0, 0xb3, 0xf7, - 0xe3, 0x6c, 0x9d, 0xa7 -}; - -static const char *v2_224_text = "abcdbcdecdefdefgefghfghighi" - "jhijkijkljklmklmnlmnomnopnopq"; -static int v2_224_textLen=56; -static unsigned const char v2_224_digest[] = { - 0x75, 0x38, 0x8b, 0x16, 0x51, 0x27, 0x76, 0xcc, - 0x5d, 0xba, 0x5d, 0xa1, 0xfd, 0x89, 0x01, 0x50, - 0xb0, 0xc6, 0x45, 0x5c, 0xb4, 0xf5, 0x8b, 0x19, - 0x52, 0x52, 0x25, 0x25 -}; - -/* Vector 3: one million 'a' characters */ -static unsigned const char v3_224_digest[] = { - 0x20, 0x79, 0x46, 0x55, 0x98, 0x0c, 0x91, 0xd8, - 0xbb, 0xb4, 0xc1, 0xea, 0x97, 0x61, 0x8a, 0x4b, - 0xf0, 0x3f, 0x42, 0x58, 0x19, 0x48, 0xb2, 0xee, - 0x4e, 0xe7, 0xad, 0x67 -}; - -static void dumpBuffer( - const char *bufName, // optional - const unsigned char *buf, - unsigned len) -{ - unsigned i; - - if(bufName) { - printf("%s\n", bufName); - } - printf(" "); - for(i=0; i -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include -#include - -/* - * Defaults. - */ -#define SIG_LOOPS_DEF 1000 /* sig loops */ -#define KEYSIZE_DEF 512 -#define PTEXT_SIZE 20 /* e.g., a SHA1 digest */ - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" a=algorithm (r=RSA; d=DSA; s=SHA1/RSA; f=FEE/SHA1; F=FEE/MD5; e=ECDSA;\n"); - printf(" E=ECDSA/ANSI; default=RSA)\n"); - printf(" l=numLoop (default=%d)\n", SIG_LOOPS_DEF); - printf(" k=keySizeInBits; default=%d\n", KEYSIZE_DEF); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" b (RSA blinding enabled)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - - -int main(int argc, char **argv) -{ - int arg; - char *argp; - CSSM_CSP_HANDLE cspHand; - unsigned i; - CSSM_KEY pubKey; - CSSM_KEY privKey; - CSSM_DATA_PTR ptext; // different for each sign/vfy - CSSM_DATA_PTR sig; // ditto - unsigned sigSize; - CSSM_RETURN crtn; - CFAbsoluteTime start, end; - CSSM_CC_HANDLE sigHand; - - /* - * User-spec'd params - */ - uint32 keySizeInBits = KEYSIZE_DEF; - unsigned sigLoops = SIG_LOOPS_DEF; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_BOOL bareCsp = CSSM_TRUE; - CSSM_ALGORITHMS sigAlg = CSSM_ALGID_RSA; - CSSM_ALGORITHMS keyAlg = CSSM_ALGID_RSA; - CSSM_ALGORITHMS digestAlg = CSSM_ALGID_SHA1; - CSSM_BOOL rsaBlinding = CSSM_FALSE; - - for(arg=1; arg -#include -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include - -#define DATA_SIZE_DEF 100 -#define USAGE_DEF "noUsage" -#define LOOPS_DEF 10 -#define FEE_PASSWD_LEN 32 /* private data length in bytes, FEE only */ - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" a=algorithm\n"); - printf(" f=FEE/MD5 F=FEE/SHA1 e=ECDSA r=RSA/MD5 2=RSA/MD2 \n"); - printf(" s=RSA/SHA1 d=DSA R=rawRSA (No digest) \n"); - printf(" 4=RSA/SHA224 6=RSA/SHA256 3=RSA/SHA384 5=RSA/SHA512;\n"); - printf(" E=ECDSA/ANSI; 7=ECDSA/SHA256; 8=ECDSA/SHA384; 9=ECDSA/512; default=RSA/SHA1\n"); - printf(" d=dataSize (default = %d)\n", DATA_SIZE_DEF); - printf(" k=keySize\n"); - printf(" b (pub is blob)\n"); - printf(" r (priv is blob)\n"); - printf(" B=[1xboOt] (pub key in PKCS1/X509/BSAFE/OpenSSH1/OpenSSH2/Octet form)\n"); - printf(" RSA = {PKCS1,X509,OpenSSH1,OpenSSH2} default = PKCS1\n"); - printf(" DSA = {BSAFE,X509,OpenSSH2} default = X509\n"); - printf(" ECDSA = {X509, Only!} default = X509\n"); - printf(" P=primeType (m=Mersenne, f=FEE, g=general; FEE only)\n"); - printf(" C=curveType (m=Montgomery, w=Weierstrass, a=ANSI; FEE only)\n"); - printf(" l=loops (0=forever)\n"); - printf(" s(ign only)\n"); - printf(" V(erify only)\n"); - printf(" c(ontexts only)\n"); - printf(" S (we generate seed, for FEE only)\n"); - printf(" n(o padding; default is PKCS1)\n"); - printf(" p=pauseInterval (default=0, no pause)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" L (dump key and signature blobs)\n"); - printf(" o (key blobs in OCTET_STRING format)\n"); - printf(" q(uiet)\n"); - printf(" v(erbose))\n"); - exit(1); -} - -/* parse public key format character */ -static CSSM_KEYBLOB_FORMAT parsePubKeyFormat(char c, char **argv) -{ - switch(c) { - case '1': - return CSSM_KEYBLOB_RAW_FORMAT_PKCS1; - case 'x': - return CSSM_KEYBLOB_RAW_FORMAT_X509; - case 'b': - return CSSM_KEYBLOB_RAW_FORMAT_FIPS186; - case 'o': - return CSSM_KEYBLOB_RAW_FORMAT_OPENSSH; - case 'O': - return CSSM_KEYBLOB_RAW_FORMAT_OPENSSH2; - default: - usage(argv); - } - /* not reached */ - return -1; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - CSSM_CSP_HANDLE cspHand; - CSSM_CC_HANDLE pubSigHand; - CSSM_CC_HANDLE privSigHand; - CSSM_RETURN crtn; - CSSM_DATA randData = {0, NULL}; - CSSM_KEY privKey; - CSSM_KEY pubKey; - CSSM_DATA sigData = {0, NULL}; - unsigned loop; - int i; - unsigned dataSize = DATA_SIZE_DEF; - unsigned keySize = CSP_KEY_SIZE_DEFAULT; - uint32 sigAlg = CSSM_ALGID_SHA1WithRSA; - uint32 keyGenAlg = CSSM_ALGID_RSA; - unsigned pauseInterval = 0; - unsigned loops = LOOPS_DEF; - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_BOOL pubIsRef = CSSM_TRUE; - CSSM_BOOL privIsRef = CSSM_TRUE; - CSSM_BOOL doSign = CSSM_TRUE; - CSSM_BOOL doVerify = CSSM_TRUE; - CSSM_BOOL contextsOnly = CSSM_FALSE; - CSSM_BOOL noPadding = CSSM_FALSE; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL bareCsp = CSSM_TRUE; - CSSM_BOOL genSeed = CSSM_FALSE; - CSSM_BOOL dumpBlobs = CSSM_FALSE; - CSSM_KEYBLOB_FORMAT privKeyFormat = CSSM_KEYBLOB_RAW_FORMAT_NONE; - CSSM_KEYBLOB_FORMAT pubKeyFormat = CSSM_KEYBLOB_RAW_FORMAT_NONE; - uint32 primeType = CSSM_FEE_PRIME_TYPE_DEFAULT; // FEE only - uint32 curveType = CSSM_FEE_CURVE_TYPE_DEFAULT; // FEE only - - for(arg=1; arg -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define dprintf(s...) printf(s) - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" -i inFile\n"); - printf(" -o outFile\n"); - printf(" -v -- private key input; default is public\n"); - printf(" -V -- private key output; default is public\n"); - printf(" -d -- DSA; default is RSA\n"); - printf(" -r -- parse & print inFile\n"); - printf(" -f ssh1|ssh2 -- input format; default = ssh2\n"); - printf(" -F ssh1|ssh2 -- output format; default = ssh2\n"); - printf(" -p password\n"); - printf(" -P -- no password; private keys in the clear\n"); - printf(" -c comment\n"); - exit(1); -} - -static const char *authfile_id_string = "SSH PRIVATE KEY FILE FORMAT 1.1\n"; - -/* from openssh cipher.h */ -#define SSH_CIPHER_NONE 0 /* no encryption */ -#define SSH_CIPHER_IDEA 1 /* IDEA CFB */ -#define SSH_CIPHER_DES 2 /* DES CBC */ -#define SSH_CIPHER_3DES 3 /* 3DES CBC */ -#define SSH_CIPHER_BROKEN_TSS 4 /* TRI's Simple Stream encryption CBC */ -#define SSH_CIPHER_BROKEN_RC4 5 /* Alleged RC4 */ -#define SSH_CIPHER_BLOWFISH 6 -#define SSH_CIPHER_RESERVED 7 - -#define SSH2_RSA_HEADER "ssh-rsa" -#define SSH2_DSA_HEADER "ssh-dss" - -#pragma mark --- commmon code --- - -static uint32_t readUint32( - const unsigned char *&cp, // IN/OUT - unsigned &len) // IN/OUT -{ - uint32_t r = 0; - - for(unsigned dex=0; dex=0; dex--) { - buf[dex] = ui & 0xff; - ui >>= 8; - } - CFDataAppendBytes(cfOut, buf, sizeof(uint32_t)); -} - -static void appendUint16( - CFMutableDataRef cfOut, - uint16_t ui) -{ - UInt8 buf[sizeof(uint16_t)]; - - buf[1] = ui & 0xff; - ui >>= 8; - buf[0] = ui; - CFDataAppendBytes(cfOut, buf, sizeof(uint16_t)); -} - -/* parse text as decimal, return BIGNUM */ -static BIGNUM *parseDecimalBn( - const unsigned char *cp, - unsigned len) -{ - for(unsigned dex=0; dex '9')) { - return NULL; - } - } - char *str = (char *)malloc(len + 1); - memmove(str, cp, len); - str[len] = '\0'; - BIGNUM *bn = NULL; - BN_dec2bn(&bn, str); - free(str); - return bn; -} - -/* Read BIGNUM, OpenSSH-1 version */ -static BIGNUM *readBigNum( - const unsigned char *&cp, // IN/OUT - unsigned &remLen) // IN/OUT -{ - if(remLen < sizeof(uint16_t)) { - dprintf("readBigNum: short record(1)\n"); - return NULL; - } - uint16_t numBits = readUint16(cp, remLen); - unsigned bytes = (numBits + 7) / 8; - if(remLen < bytes) { - dprintf("readBigNum: short record(2)\n"); - return NULL; - } - BIGNUM *bn = BN_bin2bn(cp, bytes, NULL); - if(bn == NULL) { - dprintf("readBigNum: BN_bin2bn error\n"); - return NULL; - } - cp += bytes; - remLen -= bytes; - return bn; -} - -/* Write BIGNUM, OpenSSH-1 version */ -static int appendBigNum( - CFMutableDataRef cfOut, - const BIGNUM *bn) -{ - /* 16 bits of numbits */ - unsigned numBits = BN_num_bits(bn); - appendUint16(cfOut, numBits); - - /* serialize the bytes */ - int numBytes = (numBits + 7) / 8; - unsigned char outBytes[numBytes]; // gcc is so cool... - int moved = BN_bn2bin(bn, outBytes); - if(moved != numBytes) { - dprintf("appendBigNum: BN_bn2bin() screwup\n"); - return -1; - } - CFDataAppendBytes(cfOut, (UInt8 *)outBytes, numBytes); - return 0; -} - -/* read BIGNUM, OpenSSH-2 mpint version */ -static BIGNUM *readBigNum2( - const unsigned char *&cp, // IN/OUT - unsigned &remLen) // IN/OUT -{ - if(remLen < 4) { - dprintf("readBigNum2: short record(1)\n"); - return NULL; - } - uint32_t bytes = readUint32(cp, remLen); - if(remLen < bytes) { - dprintf("readBigNum2: short record(2)\n"); - return NULL; - } - BIGNUM *bn = BN_bin2bn(cp, bytes, NULL); - if(bn == NULL) { - dprintf("readBigNum2: BN_bin2bn error\n"); - return NULL; - } - cp += bytes; - remLen -= bytes; - return bn; -} - -/* write BIGNUM, OpenSSH v2 format (with a 4-byte byte count) */ -static int appendBigNum2( - CFMutableDataRef cfOut, - const BIGNUM *bn) -{ - if(bn == NULL) { - dprintf("appendBigNum2: NULL bn"); - return -1; - } - if (BN_is_zero(bn)) { - appendUint32(cfOut, 0); - return 0; - } - if(bn->neg) { - dprintf("appendBigNum2: negative numbers not supported\n"); - return -1; - } - int numBytes = BN_num_bytes(bn); - unsigned char buf[numBytes]; - int moved = BN_bn2bin(bn, buf); - if(moved != numBytes) { - dprintf("appendBigNum: BN_bn2bin() screwup\n"); - return -1; - } - bool appendZero = false; - if(buf[0] & 0x80) { - /* prepend leading zero to make it positive */ - appendZero = true; - numBytes++; // to encode the correct 4-byte length - } - appendUint32(cfOut, (uint32_t)numBytes); - if(appendZero) { - UInt8 z = 0; - CFDataAppendBytes(cfOut, &z, 1); - numBytes--; // to append the correct number of bytes - } - CFDataAppendBytes(cfOut, buf, numBytes); - memset(buf, 0, numBytes); - return 0; -} - -/* Write BIGNUM, OpenSSH-1 decimal (public key) version */ -static int appendBigNumDec( - CFMutableDataRef cfOut, - const BIGNUM *bn) -{ - char *buf = BN_bn2dec(bn); - if(buf == NULL) { - dprintf("appendBigNumDec: BN_bn2dec() error"); - return -1; - } - CFDataAppendBytes(cfOut, (const UInt8 *)buf, strlen(buf)); - OPENSSL_free(buf); - return 0; -} - -/* write string, OpenSSH v2 format (with a 4-byte byte count) */ -static void appendString( - CFMutableDataRef cfOut, - const char *str, - unsigned strLen) -{ - appendUint32(cfOut, (uint32_t)strLen); - CFDataAppendBytes(cfOut, (UInt8 *)str, strLen); -} - -/* skip whitespace */ -static void skipWhite( - const unsigned char *&cp, - unsigned &bytesLeft) -{ - while(bytesLeft != 0) { - if(isspace((int)(*cp))) { - cp++; - bytesLeft--; - } - else { - return; - } - } -} - -/* find next whitespace or EOF - if EOF, rtn pointer points to one past EOF */ -static const unsigned char *findNextWhite( - const unsigned char *cp, - unsigned &bytesLeft) -{ - while(bytesLeft != 0) { - if(isspace((int)(*cp))) { - return cp; - } - cp++; - bytesLeft--; - } - return cp; -} - - -/* - * Calculate d mod{p-1,q-1} - * Used when decoding OpenSSH-1 private RSA key. - */ -static int -rsa_generate_additional_parameters(RSA *rsa) -{ - BIGNUM *aux; - BN_CTX *ctx; - - if((rsa->dmq1 = BN_new()) == NULL) { - dprintf("rsa_generate_additional_parameters: BN_new failed"); - return -1; - } - if((rsa->dmp1 = BN_new()) == NULL) { - dprintf("rsa_generate_additional_parameters: BN_new failed"); - return -1; - } - if ((aux = BN_new()) == NULL) { - dprintf("rsa_generate_additional_parameters: BN_new failed"); - return -1; - } - if ((ctx = BN_CTX_new()) == NULL) { - dprintf("rsa_generate_additional_parameters: BN_CTX_new failed"); - BN_clear_free(aux); - return -1; - } - - BN_sub(aux, rsa->q, BN_value_one()); - BN_mod(rsa->dmq1, rsa->d, aux, ctx); - - BN_sub(aux, rsa->p, BN_value_one()); - BN_mod(rsa->dmp1, rsa->d, aux, ctx); - - BN_clear_free(aux); - BN_CTX_free(ctx); - return 0; -} - -#pragma mark --- OpenSSH-1 crypto --- - -static int ssh1DES3Crypt( - unsigned char cipher, - bool doEncrypt, - const unsigned char *inText, - unsigned inTextLen, - const char *password, // C string - unsigned char *outText, // data RETURNED here, caller mallocs - unsigned *outTextLen) // RETURNED -{ - switch(cipher) { - case SSH_CIPHER_3DES: - break; - case SSH_CIPHER_NONE: - /* cleartext RSA private key, e.g. host key. */ - memmove(outText, inText, inTextLen); - *outTextLen = inTextLen; - return 0; - default: - /* who knows how we're going to figure these out */ - printf("***Unsupported cipher (%u)\n", cipher); - return -1; - } - - /* key starts with MD5(password) */ - unsigned char pwdDigest[CC_MD5_DIGEST_LENGTH]; - CC_MD5(password, strlen(password), pwdDigest); - - /* three keys from that, like so: */ - unsigned char k1[kCCKeySizeDES]; - unsigned char k2[kCCKeySizeDES]; - unsigned char k3[kCCKeySizeDES]; - memmove(k1, pwdDigest, kCCKeySizeDES); - memmove(k2, pwdDigest + kCCKeySizeDES, kCCKeySizeDES); - memmove(k3, pwdDigest, kCCKeySizeDES); - - CCOperation op1_3; - CCOperation op2; - if(doEncrypt) { - op1_3 = kCCEncrypt; - op2 = kCCDecrypt; - } - else { - op1_3 = kCCDecrypt; - op2 = kCCEncrypt; - } - - /* the openssh v1 pseudo triple DES. Each DES pass has its own CBC. */ - size_t moved = 0; - - CCCryptorStatus cstat = CCCrypt(op1_3, kCCAlgorithmDES, - 0, // no padding - k1, kCCKeySizeDES, - NULL, // IV - inText, inTextLen, - outText, inTextLen, &moved); - if(cstat) { - dprintf("***ssh1DES3Crypt: CCCrypt()(1) returned %u\n", (unsigned)cstat); - return -1; - } - cstat = CCCrypt(op2, kCCAlgorithmDES, - 0, // no padding - SSH does that itself - k2, kCCKeySizeDES, - NULL, // IV - outText, moved, - outText, inTextLen, &moved); - if(cstat) { - dprintf("***ssh1DES3Crypt: CCCrypt()(2) returned %u\n", (unsigned)cstat); - return -1; - } - cstat = CCCrypt(op1_3, kCCAlgorithmDES, - 0, // no padding - SSH does that itself - k3, kCCKeySizeDES, - NULL, // IV - outText, moved, - outText, inTextLen, &moved); - if(cstat) { - dprintf("***ssh1DES3Crypt: CCCrypt()(3) returned %u\n", (unsigned)cstat); - return -1; - } - - *outTextLen = moved; - return 0; -} - -#pragma mark --- OpenSSH-1 decode --- - -/* Decode OpenSSH-1 RSA private key */ -static int decodeSSH1RSAPrivKey( - const unsigned char *key, - unsigned keyLen, - char *password, - RSA *rsa, // returned - char **comment) // returned -{ - const unsigned char *cp = key; // running pointer - unsigned remLen = keyLen; - unsigned len = strlen(authfile_id_string); - - /* length: ID string, NULL, Cipher, 4-byte spare */ - if(remLen < (len + 6)) { - dprintf("decodeSSH1RSAPrivKey: short record(1)\n"); - return -1; - } - - /* ID string plus a NULL */ - if(memcmp(authfile_id_string, cp, len)) { - dprintf("decodeSSH1RSAPrivKey: bad header\n"); - return -1; - } - cp += (len + 1); - remLen -= (len + 1); - - /* cipher */ - unsigned char cipherSpec = *cp; - switch(cipherSpec) { - case SSH_CIPHER_NONE: - if(password != NULL) { - dprintf("decodeSSH1RSAPrivKey: Attempt to decrypt plaintext key\n"); - return -1; - } - break; - case SSH_CIPHER_3DES: - if(password == NULL) { - dprintf("decodeSSH1RSAPrivKey: Encrypted key with no decryptKey\n"); - return -1; - } - break; - default: - /* I hope we don't see any other values here */ - dprintf("decodeOpenSSHv1PrivKey: unknown cipherSpec (%u)\n", cipherSpec); - return -1; - } - - /* skip cipher, spares */ - cp += 5; - remLen -= 5; - - /* - * Clear text public key: - * uint32 bits - * bignum n - * bignum e - */ - if(remLen < sizeof(uint32_t)) { - dprintf("decodeSSH1RSAPrivKey: bad len(1)\n"); - return -1; - } - /* skip over keybits */ - readUint32(cp, remLen); - rsa->n = readBigNum(cp, remLen); - if(rsa->n == NULL) { - dprintf("decodeSSH1RSAPrivKey: error decoding n\n"); - return -1; - } - rsa->e = readBigNum(cp, remLen); - if(rsa->e == NULL) { - dprintf("decodeSSH1RSAPrivKey: error decoding e\n"); - return -1; - } - - /* comment string: 4-byte length and the string w/o NULL */ - if(remLen < sizeof(uint32_t)) { - dprintf("decodeSSH1RSAPrivKey: bad len(2)\n"); - return -1; - } - uint32_t commentLen = readUint32(cp, remLen); - if(commentLen > remLen) { - dprintf("decodeSSH1RSAPrivKey: bad len(3)\n"); - return -1; - } - *comment = (char *)malloc(commentLen + 1); - memmove(*comment, cp, commentLen); - (*comment)[commentLen] = '\0'; - cp += commentLen; - remLen -= commentLen; - - /* everything that remains is ciphertext */ - unsigned char ptext[remLen]; - unsigned ptextLen = 0; - if(ssh1DES3Crypt(cipherSpec, false, cp, remLen, password, ptext, &ptextLen)) { - dprintf("decodeSSH1RSAPrivKey: decrypt error\n"); - return -1; - } - /* subsequent errors to errOut: */ - - int ourRtn = 0; - - /* plaintext contents: - - [0-1] -- random bytes - [2-3] -- copy of [01] for passphrase validity checking - buffer_put_bignum(d) - buffer_put_bignum(iqmp) - buffer_put_bignum(q) - buffer_put_bignum(p) - pad to block size - */ - cp = ptext; - remLen = ptextLen; - if(remLen < 4) { - dprintf("decodeSSH1RSAPrivKey: bad len(4)\n"); - ourRtn = -1; - goto errOut; - } - if((cp[0] != cp[2]) || (cp[1] != cp[3])) { - /* decrypt fail */ - dprintf("decodeSSH1RSAPrivKey: check byte error\n"); - ourRtn = -1; - goto errOut; - } - cp += 4; - remLen -= 4; - - /* remainder comprises private portion of RSA key */ - rsa->d = readBigNum(cp, remLen); - if(rsa->d == NULL) { - dprintf("decodeSSH1RSAPrivKey: error decoding d\n"); - return -1; - } - rsa->iqmp = readBigNum(cp, remLen); - if(rsa->iqmp == NULL) { - dprintf("decodeSSH1RSAPrivKey: error decoding iqmp\n"); - return -1; - } - rsa->q = readBigNum(cp, remLen); - if(rsa->q == NULL) { - dprintf("decodeSSH1RSAPrivKey: error decoding q\n"); - return -1; - } - rsa->p = readBigNum(cp, remLen); - if(rsa->p == NULL) { - dprintf("decodeSSH1RSAPrivKey: error decoding p\n"); - return -1; - } - - /* calculate d mod{p-1,q-1} */ - ourRtn = rsa_generate_additional_parameters(rsa); - -errOut: - memset(ptext, 0, ptextLen); - return ourRtn; -} - -/* Decode OpenSSH-1 RSA public key */ -static int decodeSSH1RSAPubKey( - const unsigned char *key, - unsigned keyLen, - RSA *rsa, // returned - char **comment) // returned -{ - const unsigned char *cp = key; // running pointer - unsigned remLen = keyLen; - - *comment = NULL; - skipWhite(cp, remLen); - - /* - * cp points to start of size_in_bits in ASCII decimal' we really don't care about - * this field. Find next space. - */ - cp = findNextWhite(cp, remLen); - if(remLen == 0) { - dprintf("decodeSSH1RSAPubKey: short key (1)\n"); - return -1; - } - skipWhite(cp, remLen); - if(remLen == 0) { - dprintf("decodeSSH1RSAPubKey: short key (2)\n"); - return -1; - } - - /* - * cp points to start of e - */ - const unsigned char *ep = findNextWhite(cp, remLen); - if(remLen == 0) { - dprintf("decodeSSH1RSAPubKey: short key (3)\n"); - return -1; - } - unsigned len = ep - cp; - rsa->e = parseDecimalBn(cp, len); - if(rsa->e == NULL) { - return -1; - } - cp += len; - remLen -= len; - - skipWhite(cp, remLen); - if(remLen == 0) { - dprintf("decodeSSH1RSAPubKey: short key (4)\n"); - return -1; - } - - /* cp points to start of n */ - ep = findNextWhite(cp, remLen); - len = ep - cp; - rsa->n = parseDecimalBn(cp, len); - if(rsa->n == NULL) { - return -1; - } - cp += len; - remLen -= len; - skipWhite(cp, remLen); - if(remLen == 0) { - /* no comment; we're done */ - return 0; - } - - ep = findNextWhite(cp, remLen); - len = ep - cp; - if(len == 0) { - return 0; - } - *comment = (char *)malloc(len + 1); - memmove(*comment, cp, len); - if((*comment)[len - 1] == '\n') { - /* normal case closes with a newline, not part of the comment */ - len--; - } - (*comment)[len] = '\0'; - return 0; - -} - -#pragma mark --- OpenSSH-1 encode --- - -/* Encode OpenSSH-1 RSA private key */ -static int encodeSSH1RSAPrivKey( - RSA *rsa, - const char *password, - const char *comment, - unsigned char **outKey, // mallocd and RETURNED - unsigned *outKeyLen) // RETURNED -{ - CFMutableDataRef cfOut = CFDataCreateMutable(NULL, 0); - - /* ID string including NULL */ - CFDataAppendBytes(cfOut, (const UInt8 *)authfile_id_string, strlen(authfile_id_string) + 1); - - /* one byte cipher */ - UInt8 cipherSpec = SSH_CIPHER_3DES; - CFDataAppendBytes(cfOut, &cipherSpec, 1); - - /* spares */ - UInt8 spares[4] = {0}; - CFDataAppendBytes(cfOut, spares, 4); - - /* - * Clear text public key: - * uint32 bits - * bignum n - * bignum e - */ - uint32_t keybits = RSA_size(rsa) * 8; - appendUint32(cfOut, keybits); - appendBigNum(cfOut, rsa->n); - appendBigNum(cfOut, rsa->e); - - /* comment string: 4-byte length and the string w/o NULL */ - if(comment) { - uint32_t len = strlen(comment); - appendUint32(cfOut, len); - CFDataAppendBytes(cfOut, (const UInt8 *)comment, len); - } - - /* - * Remainder is encrypted, consisting of - * - * [0-1] -- random bytes - * [2-3] -- copy of [01] for passphrase validity checking - * buffer_put_bignum(d) - * buffer_put_bignum(iqmp) - * buffer_put_bignum(q) - * buffer_put_bignum(p) - * pad to block size - */ - CFMutableDataRef ptext = CFDataCreateMutable(NULL, 0); - - /* [0..3] check bytes */ - UInt8 checkBytes[4]; - DevRandomGenerator rng = DevRandomGenerator(); - rng.random(checkBytes, 2); - checkBytes[2] = checkBytes[0]; - checkBytes[3] = checkBytes[1]; - CFDataAppendBytes(ptext, checkBytes, 4); - - /* d, iqmp, q, p */ - appendBigNum(ptext, rsa->d); - appendBigNum(ptext, rsa->iqmp); - appendBigNum(ptext, rsa->q); - appendBigNum(ptext, rsa->p); - - /* encrypt it */ - unsigned ptextLen = CFDataGetLength(ptext); - unsigned padding = 0; - unsigned rem = ptextLen & 0x7; - if(rem) { - padding = 8 - rem; - } - UInt8 padByte = 0; - for(unsigned dex=0; dex - * e, bignum in decimal - * - * n, bignum in decimal - * - * optional comment - * newline - */ - int ourRtn = 0; - unsigned numBits = BN_num_bits(rsa->n); - char bitString[20]; - UInt8 c = ' '; - - snprintf(bitString, sizeof(bitString), "%u ", numBits); - CFDataAppendBytes(cfOut, (const UInt8 *)bitString, strlen(bitString)); - if(appendBigNumDec(cfOut, rsa->e)) { - ourRtn = -1; - goto errOut; - } - CFDataAppendBytes(cfOut, &c, 1); - if(appendBigNumDec(cfOut, rsa->n)) { - ourRtn = -1; - goto errOut; - } - if(comment != NULL) { - CFDataAppendBytes(cfOut, &c, 1); - CFDataAppendBytes(cfOut, (UInt8 *)comment, strlen(comment)); - } - c = '\n'; - CFDataAppendBytes(cfOut, &c, 1); - *outKeyLen = CFDataGetLength(cfOut); - *outKey = (unsigned char *)malloc(*outKeyLen); - memmove(*outKey, CFDataGetBytePtr(cfOut), *outKeyLen); -errOut: - CFRelease(cfOut); - return ourRtn; -} - -#pragma mark --- OpenSSH-2 public key decode --- - -/* - * Decode components from an SSHv2 public key. - * Also verifies the leading header, e.g. "ssh-rsa". - * The returned decodedBlob is algorithm-specific. - */ -static int parseSSH2PubKey( - const unsigned char *key, - unsigned keyLen, - const char *header, // SSH2_RSA_HEADER, SSH2_DSA_HEADER - unsigned char **decodedBlob, // mallocd and RETURNED - unsigned *decodedBlobLen, // RETURNED - char **comment) // optionally mallocd and RETURNED, NULL terminated -{ - unsigned len = strlen(header); - const unsigned char *endOfKey = key + keyLen; - *decodedBlob = NULL; - *comment = NULL; - - /* ID string plus at least one space */ - if(keyLen < (len + 1)) { - dprintf("parseSSH2PubKey: short record(1)\n"); - return -1; - } - - if(memcmp(header, key, len)) { - dprintf("parseSSH2PubKey: bad header (1)\n"); - return -1; - } - key += len; - if(*key++ != ' ') { - dprintf("parseSSH2PubKey: bad header (2)\n"); - return -1; - } - keyLen -= (len + 1); - - /* key points to first whitespace after header */ - skipWhite(key, keyLen); - if(keyLen == 0) { - dprintf("parseSSH2PubKey: short key\n"); - return -1; - } - - /* key is start of base64 blob */ - const unsigned char *encodedBlob = key; - const unsigned char *endBlob = findNextWhite(key, keyLen); - unsigned encodedBlobLen = endBlob - encodedBlob; - - /* decode base 64 */ - *decodedBlob = cuDec64(encodedBlob, encodedBlobLen, decodedBlobLen); - if(*decodedBlob == NULL) { - dprintf("parseSSH2PubKey: base64 decode error\n"); - return -1; - } - - /* skip over the encoded blob and possible whitespace after it */ - key = endBlob; - keyLen = endOfKey - endBlob; - skipWhite(key, keyLen); - if(keyLen == 0) { - /* nothing remains, no comment, no error */ - return 0; - } - - /* optional comment */ - *comment = (char *)malloc(keyLen + 1); - memmove(*comment, key, keyLen); - if((*comment)[keyLen - 1] == '\n') { - /* normal case closes with a newline, not part of the comment */ - keyLen--; - } - (*comment)[keyLen] = '\0'; - return 0; -} - -static int decodeSSH2RSAPubKey( - const unsigned char *key, - unsigned keyLen, - RSA *rsa, // returned - char **comment) // returned -{ - /* - * Verify header - * get base64-decoded blob plus optional comment - */ - unsigned char *decodedBlob = NULL; - unsigned decodedBlobLen = 0; - if(parseSSH2PubKey(key, keyLen, SSH2_RSA_HEADER, &decodedBlob, &decodedBlobLen, comment)) { - return -1; - } - /* subsequent errors to errOut: */ - - /* - * The inner base64-decoded blob, consisting of - * ssh-rsa - * e - * n - */ - uint32_t decLen; - unsigned len; - int ourRtn = 0; - - key = decodedBlob; - keyLen = decodedBlobLen; - if(keyLen < 12) { - /* three length fields at least */ - dprintf("decodeSSH2RSAPubKey: short record(2)\n"); - ourRtn = -1; - goto errOut; - } - decLen = readUint32(key, keyLen); - len = strlen(SSH2_RSA_HEADER); - if(decLen != len) { - dprintf("decodeSSH2RSAPubKey: bad header (2)\n"); - ourRtn = -1; - goto errOut; - } - if(memcmp(SSH2_RSA_HEADER, key, len)) { - dprintf("decodeSSH2RSAPubKey: bad header (1)\n"); - return -1; - } - key += len; - keyLen -= len; - - rsa->e = readBigNum2(key, keyLen); - if(rsa->e == NULL) { - ourRtn = -1; - goto errOut; - } - rsa->n = readBigNum2(key, keyLen); - if(rsa->n == NULL) { - ourRtn = -1; - goto errOut; - } - -errOut: - free(decodedBlob); - return ourRtn; -} - -static int decodeSSH2DSAPubKey( - const unsigned char *key, - unsigned keyLen, - DSA *dsa, // returned - char **comment) // returned -{ - /* - * Verify header - * get base64-decoded blob plus optional comment - */ - unsigned char *decodedBlob = NULL; - unsigned decodedBlobLen = 0; - if(parseSSH2PubKey(key, keyLen, SSH2_DSA_HEADER, &decodedBlob, &decodedBlobLen, comment)) { - return -1; - } - /* subsequent errors to errOut: */ - - /* - * The inner base64-decoded blob, consisting of - * ssh-dss - * p - * q - * g - * pub_key - */ - uint32_t decLen; - int ourRtn = 0; - unsigned len; - - key = decodedBlob; - keyLen = decodedBlobLen; - if(keyLen < 20) { - /* five length fields at least */ - dprintf("decodeSSH2DSAPubKey: short record(2)\n"); - ourRtn = -1; - goto errOut; - } - decLen = readUint32(key, keyLen); - len = strlen(SSH2_DSA_HEADER); - if(decLen != len) { - dprintf("decodeSSH2DSAPubKey: bad header (2)\n"); - ourRtn = -1; - goto errOut; - } - if(memcmp(SSH2_DSA_HEADER, key, len)) { - dprintf("decodeSSH2DSAPubKey: bad header (1)\n"); - return -1; - } - key += len; - keyLen -= len; - - dsa->p = readBigNum2(key, keyLen); - if(dsa->p == NULL) { - ourRtn = -1; - goto errOut; - } - dsa->q = readBigNum2(key, keyLen); - if(dsa->q == NULL) { - ourRtn = -1; - goto errOut; - } - dsa->g = readBigNum2(key, keyLen); - if(dsa->g == NULL) { - ourRtn = -1; - goto errOut; - } - dsa->pub_key = readBigNum2(key, keyLen); - if(dsa->pub_key == NULL) { - ourRtn = -1; - goto errOut; - } - -errOut: - free(decodedBlob); - return ourRtn; -} - -#pragma mark --- OpenSSH-2 public key encode --- - -static int encodeSSH2RSAPubKey( - RSA *rsa, - const char *comment, - unsigned char **outKey, // mallocd and RETURNED - unsigned *outKeyLen) // RETURNED -{ - unsigned char *b64 = NULL; - unsigned b64Len; - UInt8 c; - - /* - * First, the inner base64-encoded blob, consisting of - * ssh-rsa - * e - * n - */ - CFMutableDataRef cfOut = CFDataCreateMutable(NULL, 0); - int ourRtn = 0; - appendString(cfOut, SSH2_RSA_HEADER, strlen(SSH2_RSA_HEADER)); - ourRtn = appendBigNum2(cfOut, rsa->e); - if(ourRtn) { - goto errOut; - } - ourRtn = appendBigNum2(cfOut, rsa->n); - if(ourRtn) { - goto errOut; - } - - /* base64 encode that */ - b64 = cuEnc64((unsigned char *)CFDataGetBytePtr(cfOut), CFDataGetLength(cfOut), &b64Len); - - /* cuEnc64 added newline and NULL, which we really don't want */ - b64Len -= 2; - - /* Now start over, dropping that base64 into a public blob. */ - CFDataSetLength(cfOut, 0); - CFDataAppendBytes(cfOut, (UInt8 *)SSH2_RSA_HEADER, strlen(SSH2_RSA_HEADER)); - c = ' '; - CFDataAppendBytes(cfOut, &c, 1); - CFDataAppendBytes(cfOut, b64, b64Len); - - /* optional comment */ - if(comment) { - CFDataAppendBytes(cfOut, &c, 1); - CFDataAppendBytes(cfOut, (UInt8 *)comment, strlen(comment)); - } - - /* finish it with a newline */ - c = '\n'; - CFDataAppendBytes(cfOut, &c, 1); - - *outKeyLen = (unsigned)CFDataGetLength(cfOut); - *outKey = (unsigned char *)malloc(*outKeyLen); - memmove(*outKey, CFDataGetBytePtr(cfOut), *outKeyLen); - -errOut: - CFRelease(cfOut); - if(b64) { - free(b64); - } - return ourRtn; -} - -static int encodeSSH2DSAPubKey( - DSA *dsa, - const char *comment, - unsigned char **outKey, // mallocd and RETURNED - unsigned *outKeyLen) // RETURNED -{ - unsigned char *b64 = NULL; - unsigned b64Len; - UInt8 c; - - /* - * First, the inner base64-encoded blob, consisting of - * ssh-dss - * p - * q - * g - * pub_key - */ - CFMutableDataRef cfOut = CFDataCreateMutable(NULL, 0); - int ourRtn = 0; - appendString(cfOut, SSH2_DSA_HEADER, strlen(SSH2_DSA_HEADER)); - ourRtn = appendBigNum2(cfOut, dsa->p); - if(ourRtn) { - goto errOut; - } - ourRtn = appendBigNum2(cfOut, dsa->q); - if(ourRtn) { - goto errOut; - } - ourRtn = appendBigNum2(cfOut, dsa->g); - if(ourRtn) { - goto errOut; - } - ourRtn = appendBigNum2(cfOut, dsa->pub_key); - if(ourRtn) { - goto errOut; - } - - /* base64 encode that */ - b64 = cuEnc64((unsigned char *)CFDataGetBytePtr(cfOut), CFDataGetLength(cfOut), &b64Len); - - /* cuEnc64 added newline and NULL, which we really don't want */ - b64Len -= 2; - - /* Now start over, dropping that base64 into a public blob. */ - CFDataSetLength(cfOut, 0); - CFDataAppendBytes(cfOut, (UInt8 *)SSH2_DSA_HEADER, strlen(SSH2_DSA_HEADER)); - c = ' '; - CFDataAppendBytes(cfOut, &c, 1); - CFDataAppendBytes(cfOut, b64, b64Len); - - /* optional comment */ - if(comment) { - CFDataAppendBytes(cfOut, &c, 1); - CFDataAppendBytes(cfOut, (UInt8 *)comment, strlen(comment)); - } - - /* finish it with a newline */ - c = '\n'; - CFDataAppendBytes(cfOut, &c, 1); - - *outKeyLen = (unsigned)CFDataGetLength(cfOut); - *outKey = (unsigned char *)malloc(*outKeyLen); - memmove(*outKey, CFDataGetBytePtr(cfOut), *outKeyLen); - -errOut: - CFRelease(cfOut); - if(b64) { - free(b64); - } - return ourRtn; -} - - -#pragma mark --- print RSA/DSA keys --- - -static void printBNLong( - BN_ULONG bnl) -{ - /* for now assume it's 32 bits */ - unsigned i = bnl >> 24; - printf("%02X ", i); - i = (bnl >> 16) & 0xff; - printf("%02X ", i); - i = (bnl >> 8) & 0xff; - printf("%02X ", i); - i = bnl & 0xff; - printf("%02X ", i); -} - -static void printBN( - const char *label, - BIGNUM *bn) -{ - printf("%s: %d bits: bn->top %d: ", label, BN_num_bits(bn), bn->top); - for(int dex=bn->top-1; dex>=0; dex--) { - printBNLong(bn->d[dex]); - } - printf("\n"); -} -static void printRSA( - RSA *rsa) -{ - if(rsa->n) { - printBN(" n", rsa->n); - } - if(rsa->e) { - printBN(" e", rsa->e); - } - if(rsa->d) { - printBN(" d", rsa->d); - } - if(rsa->p) { - printBN(" p", rsa->p); - } - if(rsa->q) { - printBN(" q", rsa->q); - } - if(rsa->dmp1) { - printBN("dmp1", rsa->dmp1); - } - if(rsa->dmq1) { - printBN("dmq1", rsa->dmq1); - } - if(rsa->iqmp) { - printBN("iqmp", rsa->iqmp); - } -} - -/* only public keys here */ -static void printDSA( - DSA *dsa) -{ - if(dsa->p) { - printBN(" p", dsa->p); - } - if(dsa->q) { - printBN(" q", dsa->q); - } - if(dsa->g) { - printBN(" g", dsa->g); - } - if(dsa->pub_key) { - printBN(" pub", dsa->pub_key); - } -} - -/* parse format string, returns nonzero on error */ -static int parseFormat( - const char *formatStr, - bool *isSSH1) -{ - if(!strcmp(formatStr, "ssh1")) { - *isSSH1 = true; - return 0; - } - else if(!strcmp(formatStr, "ssh2")) { - *isSSH1 = false; - return 0; - } - else { - return -1; - } -} - -#pragma mark --- main --- - -/* parse format string */ -int main(int argc, char **argv) -{ - char *inFile = NULL; - char *outFile = NULL; - bool privKeyIn = false; - bool privKeyOut = false; - char *password = NULL; - char *comment = NULL; - bool doPrint = false; - bool isDSA = false; - bool inputSSH1 = false; - bool outputSSH1 = false; - bool clearPrivKeys = false; - - int ourRtn = 0; - - extern char *optarg; - int arg; - while ((arg = getopt(argc, argv, "i:o:vVdrf:F:p:Pc:h")) != -1) { - switch (arg) { - case 'i': - inFile = optarg; - break; - case 'o': - outFile = optarg; - break; - case 'v': - privKeyIn = true; - break; - case 'V': - privKeyOut = true; - break; - case 'd': - isDSA = true; - break; - case 'r': - doPrint = true; - break; - case 'f': - if(parseFormat(optarg, &inputSSH1)) { - usage(argv); - } - break; - case 'F': - if(parseFormat(optarg, &outputSSH1)) { - usage(argv); - } - break; - case 'p': - password = optarg; - break; - case 'P': - clearPrivKeys = true; - break; - case 'c': - comment = optarg; - break; - case 'h': - default: - usage(argv); - } - } - - if(inFile == NULL) { - printf("***You must specify an input file.\n"); - usage(argv); - } - if((privKeyIn && !inputSSH1) || (privKeyOut && !outputSSH1)) { - printf("***Private keys in SSH2 format are handled elsewhere - Wrapped OpenSSL.\n"); - exit(1); - } - if((privKeyIn || privKeyOut) && (password == NULL) & !clearPrivKeys) { - printf("***Private key handling requires a password or the -P option.\n"); - usage(argv); - } - unsigned char *inKey = NULL; - unsigned inKeyLen = 0; - if(readFile(inFile, &inKey, &inKeyLen)) { - printf("Error reading %s. Aborting.\n", inFile); - exit(1); - } - - RSA *rsa = NULL; - DSA *dsa = NULL; - - /* parse incoming key */ - if(isDSA) { - if(inputSSH1) { - printf("***SSHv1 did not support DSA keys.\n"); - exit(1); - } - /* already verified that this is not SSH2 & priv (Wrapped OpenSSL) */ - dsa = DSA_new(); - if(decodeSSH2DSAPubKey(inKey, inKeyLen, dsa, &comment)) { - printf("***Error decoding SSH2 DSA public key.\n"); - exit(1); - } - } - else { - rsa = RSA_new(); - if(privKeyIn) { - /* already verified that this is SSH1 (SSH2 is Wrapped OpenSSL) */ - if(decodeSSH1RSAPrivKey(inKey, inKeyLen, password, rsa, &comment)) { - printf("***Error decoding SSH1 RSA Private key.\n"); - exit(1); - } - } - else { - if(inputSSH1) { - if(decodeSSH1RSAPubKey(inKey, inKeyLen, rsa, &comment)) { - printf("***Error decoding SSH1 RSA Public key.\n"); - exit(1); - } - } - else { - if(decodeSSH2RSAPubKey(inKey, inKeyLen, rsa, &comment)) { - printf("***Error decoding SSH2 RSA Public key.\n"); - exit(1); - } - } - } - } - - /* optionally display the key */ - if(doPrint) { - if(isDSA) { - printf("DSA key:\n"); - printDSA(dsa); - printf("Comment: %s\n", comment); - } - else { - printf("RSA key:\n"); - printRSA(rsa); - printf("Comment: %s\n", comment); - } - } - - /* optionally convert to (optionally different) output format */ - - if(outFile) { - unsigned char *outKey = NULL; - unsigned outKeyLen = 0; - - if(isDSA) { - if(outputSSH1 || privKeyOut) { - printf("***DSA: Only public SSHv2 keys allowed.\n"); - exit(1); - } - if(encodeSSH2DSAPubKey(dsa, comment, &outKey, &outKeyLen)) { - printf("***Error encoding DSA public key.\n"); - exit(1); - } - } - else { - if(privKeyOut) { - /* already verified that this is SSH1 (SSH2 is Wrapped OpenSSL) */ - if(encodeSSH1RSAPrivKey(rsa, password, comment, &outKey, &outKeyLen)) { - printf("***Error encoding RSA private key.\n"); - exit(1); - } - } - else { - if(outputSSH1) { - if(encodeSSH1RSAPubKey(rsa, comment, &outKey, &outKeyLen)) { - printf("***Error encoding RSA public key.\n"); - exit(1); - } - } - else { - if(encodeSSH2RSAPubKey(rsa, comment, &outKey, &outKeyLen)) { - printf("***Error encoding RSA public key.\n"); - exit(1); - } - } - } /* RSA public */ - } /* RSA */ - - if(writeFile(outFile, outKey, outKeyLen)) { - printf("***Error writing to %s.\n", outFile); - ourRtn = -1; - } - else { - printf("...wrote %u bytes to %s.\n", outKeyLen, outFile); - } - free(outKey); - } - else if(!doPrint) { - printf("...parsed a key but you didn't ask me to do anything with it.\n"); - } - if(rsa) { - RSA_free(rsa); - } - if(dsa) { - DSA_free(dsa); - } - - return 0; -} diff --git a/SecurityTests/cspxutils/ssl2Padding/Makefile b/SecurityTests/cspxutils/ssl2Padding/Makefile deleted file mode 100644 index 1d7b135f..00000000 --- a/SecurityTests/cspxutils/ssl2Padding/Makefile +++ /dev/null @@ -1,55 +0,0 @@ -# name of executable to build -EXECUTABLE=ssl2Padding -# C++ source (with .cpp extension) -CPSOURCE= ssl2Padding.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -#PROJ_LDFLAGS= -lMallocDebug -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/ssl2Padding/ssl2Padding.cpp b/SecurityTests/cspxutils/ssl2Padding/ssl2Padding.cpp deleted file mode 100644 index 3c842a7d..00000000 --- a/SecurityTests/cspxutils/ssl2Padding/ssl2Padding.cpp +++ /dev/null @@ -1,394 +0,0 @@ -/* Copyright (c) 2005-2006 Apple Computer, Inc. - * - * ssl2Padding.cpp - test CSSM_PADDING_APPLE_SSLv2. - */ - - - /* - * This table illustrates the combinations of: - * - * -- SSLv2 (v2) and SSLv3/TLSv1 (v3+) enables (0/1) on the client and server side - * -- the resulting negotiated protocols (including those forced by a man-in-the-middle - * attacker, denoted by (m)) - * -- the padding generated by the client (client pad) - * -- the padding style checked by the server (server pad) - * -- and the end results - * - * client server - * ------ ------ - * v2 v3+ v2 v3+ negotiate client pad server pad result - * -- -- -- -- --------- ---------- ---------- ------ - * 0 0 x x impossible - * x x 0 0 impossible - * 0 1 0 1 v3+ PKCS1 PKCS1 normal - * 0 1 0 1 v2 (m) Attack fails, client rejects server hello - * 0 1 1 0 fail incompatible - * 0 1 1 1 v3+ PKCS1 PKCS1 normal - * 0 1 1 1 v2 (m) Attack fails, client rejects server hello - * 1 0 0 1 fail incompatible - * 1 0 1 0 v2 PKCS1 PKCS1 normal, both sides are dumb SSL2 - * 1 0 1 0 v3+ Attack fails, server rejects client hello - * 1 0 1 1 v2 PKCS1 SSLv2 normal, dumb client - * 1 0 1 1 v3+ (m) Attack fails, client rejects server hello - * 1 1 0 1 v3+ PKCS1 PKCS1 normal - * 1 1 0 1 v2 (m) Attack fails, server rejects SSL2 handshake - * 1 1 1 0 v2 SSLv2 PKCS1 normal, dumb server - * 1 1 1 0 v3+ (m) Attack fails, server rejects SSL3 handshakes - * 1 1 1 1 v3+ PKCS1 PKCS1 normal - * 1 1 1 1 v2 (m) SSLv2 SSLv2 Attack fails due to SSLv2 pad detect - * - * The client generates SSLv2 padding if it's capable of v3+ but is currently operating - * in v2 per negotiation. - * - * The server checks for SSLv2 padding if it's capable of v3+ but is currently operating - * in v2 per negotiation. If SSLv2 padding is seen, fail. - */ - -#include -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "cspdlTesting.h" - -#define USAGE_NAME "noUsage" -#define USAGE_NAME_LEN (strlen(USAGE_NAME)) -#define LOOPS_DEF 10 - -#define KEY_SIZE_DEF 1024 -#define KEY_SIZE_SMALL 512 - -#define PTEXT_LEN 32 /* bytes */ - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" k=keySizeInBits; default=%d\n", KEY_SIZE_DEF); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" p (pause on each loop)\n"); - printf(" u (quick; small keys)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -/* special-purpose generate-context, encrypt, and decrypt routines just for this test */ -static int genRsaCryptContext( - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR key, - CSSM_PADDING padding, - CSSM_BOOL quiet, - CSSM_CC_HANDLE &ccHand) // RETURNED -{ - CSSM_RETURN crtn; - CSSM_ACCESS_CREDENTIALS creds; - - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - crtn = CSSM_CSP_CreateAsymmetricContext(cspHand, - CSSM_ALGID_RSA, - &creds, // access - key, - padding, - &ccHand); - if(crtn) { - cssmPerror("CSSM_CSP_CreateAsymmetricContext", crtn); - return testError(quiet); - } - return 0; -} - -static int doRsaEncrypt( - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR key, - CSSM_PADDING padding, - CSSM_BOOL quiet, - CSSM_DATA *ptext, - CSSM_DATA *ctext) -{ - CSSM_CC_HANDLE ccHand; - int rtn; - CSSM_RETURN crtn; - CSSM_SIZE bytesMoved; - CSSM_DATA remData = {0, NULL}; - - rtn = genRsaCryptContext(cspHand, key, padding, quiet, ccHand); - if(rtn) { - return rtn; - } - crtn = CSSM_EncryptData(ccHand, - ptext, - 1, - ctext, - 1, - &bytesMoved, - &remData); - CSSM_DeleteContext(ccHand); - if(crtn == CSSM_OK) { - /* - * Deal with remData - its contents are included in bytesMoved. - */ - if(remData.Length != 0) { - /* malloc and copy a new one */ - uint8 *newCdata = (uint8 *)appMalloc(bytesMoved, NULL); - memmove(newCdata, ctext->Data, ctext->Length); - memmove(newCdata+ctext->Length, remData.Data, remData.Length); - CSSM_FREE(ctext->Data); - ctext->Data = newCdata; - } - ctext->Length = bytesMoved; - return 0; - } - else { - cssmPerror("CSSM_EncryptData", crtn); - return testError(quiet); - } -} - -static int doRsaDecrypt( - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR key, - CSSM_PADDING padding, - CSSM_BOOL quiet, - CSSM_RETURN expectRtn, - CSSM_DATA *ctext, - CSSM_DATA *rptext) -{ - CSSM_CC_HANDLE ccHand; - int rtn; - CSSM_RETURN crtn; - CSSM_SIZE bytesMoved; - CSSM_DATA remData = {0, NULL}; - - rtn = genRsaCryptContext(cspHand, key, padding, quiet, ccHand); - if(rtn) { - return rtn; - } - crtn = CSSM_DecryptData(ccHand, - ctext, - 1, - rptext, - 1, - &bytesMoved, - &remData); - CSSM_DeleteContext(ccHand); - if(crtn != expectRtn) { - printf(" CSSM_DecryptData: expect %s\n", cssmErrToStr(expectRtn)); - printf(" CSSM_DecryptData: got %s\n", cssmErrToStr(crtn)); - return testError(quiet); - } - if(crtn) { - /* no need to process further */ - return 0; - } - if(crtn == CSSM_OK) { - /* - * Deal with remData - its contents are included in bytesMoved. - */ - if(remData.Length != 0) { - /* malloc and copy a new one */ - uint8 *newRpdata = (uint8 *)appMalloc(bytesMoved, NULL); - memmove(newRpdata, rptext->Data, rptext->Length); - memmove(newRpdata+rptext->Length, remData.Data, remData.Length); - CSSM_FREE(rptext->Data); - rptext->Data = newRpdata; - } - rptext->Length = bytesMoved; - return 0; - } - else { - cssmPerror("CSSM_DecryptData", crtn); - return testError(quiet); - } -} - -/* - * encrypt with specified pad - * decrypt with specified pad, verify expected result (which may be failure) - */ -static int doTest( - CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR pubKey, - CSSM_KEY_PTR privKey, - CSSM_PADDING encrPad, - CSSM_PADDING decrPad, - CSSM_BOOL quiet, - CSSM_RETURN expectResult) -{ - int rtn; - uint8 ptext[PTEXT_LEN]; - CSSM_DATA ptextData = {PTEXT_LEN, ptext}; - CSSM_DATA ctext = {0, NULL}; - CSSM_DATA rptext = {0, NULL}; - - simpleGenData(&ptextData, PTEXT_LEN, PTEXT_LEN); - rtn = doRsaEncrypt(cspHand, pubKey, encrPad, quiet, &ptextData, &ctext); - if(rtn) { - goto errOut; - } - rtn = doRsaDecrypt(cspHand, privKey, decrPad, quiet, expectResult, &ctext, &rptext); - if(rtn) { - goto errOut; - } - if(expectResult == CSSM_OK) { - if(memcmp(rptext.Data, ptextData.Data, PTEXT_LEN)) { - printf("***Data miscomapare after decrypt\n"); - rtn = testError(quiet); - } - } -errOut: - if(ctext.Data) { - CSSM_FREE(ctext.Data); - } - if(rptext.Data) { - CSSM_FREE(rptext.Data); - } - return rtn; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - CSSM_CSP_HANDLE cspHand; - int rtn = 0; - - /* - * User-spec'd params - */ - unsigned loops = LOOPS_DEF; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - uint32 keySizeInBits = KEY_SIZE_DEF; - CSSM_BOOL bareCsp = CSSM_TRUE; - CSSM_BOOL doPause = CSSM_FALSE; - - for(arg=1; arg -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "bsafeUtils.h" -#include "ssleayUtils.h" -#include "rijndaelApi.h" -#include -#include "cspdlTesting.h" - -/* - * Defaults. - */ -#define LOOPS_DEF 200 - -#define MIN_DATA_SIZE 8 -#define MAX_DATA_SIZE 10000 /* bytes */ -#define MAX_KEY_SIZE MAX_KEY_SIZE_RC245_BYTES /* bytes */ -#define LOOP_NOTIFY 20 - -#define RAW_MODE CSSM_ALGMODE_ECB /* doesn't work for BSAFE */ -#define RAW_MODE_BSAFE CSSM_ALGMODE_CBC_IV8 - -#define COOKED_MODE CSSM_ALGMODE_CBCPadIV8 -#define RAW_MODE_STREAM CSSM_ALGMODE_NONE - -#define RAW_MODE_STR "ECB" -#define RAW_MODE_BSAFE_STR "CBC/noPad" -#define COOKED_MODE_STR "CBC/Pad" -#define RAW_MODE_STREAM_STR "None" - -/* - * Enumerate algs our own way to allow iteration. - */ -typedef enum { - // ALG_ASC = 1, // not tested - no reference available - ALG_DES = 1, - ALG_RC2, - ALG_RC4, - ALG_RC5, - ALG_3DES, - ALG_AES, - ALG_AES192, /* 192 bit block */ - ALG_AES256, /* 256 bit block */ - ALG_BFISH, - ALG_CAST -} SymAlg; -#define ALG_FIRST ALG_DES -#define ALG_LAST ALG_CAST - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" a=algorithm (d=DES; 3=3DES3; 2=RC2; 4=RC4; 5=RC5; a=AES; A=AES192; \n"); - printf(" 6=AES256; b=Blowfish; c=CAST; default=all)\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" k=keySizeInBits\n"); - printf(" e(ncrypt only)\n"); - printf(" m=maxPtextSize (default=%d)\n", MAX_DATA_SIZE); - printf(" n=minPtextSize (default=%d)\n", MIN_DATA_SIZE); - printf(" p=pauseInterval (default=0, no pause)\n"); - printf(" s (all ops single-shot, not staged)\n"); - printf(" o (raw - no padding or CBC if possible)\n"); - printf(" O (cooked - padding and CBC if possible)\n"); - printf(" z (keys and plaintext all zeroes)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" y (use ssleay EVP; AES128 only)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -/* - * encrypt/decrypt using reference BSAFE. - */ -static CSSM_RETURN encryptDecryptBSAFE( - CSSM_BOOL forEncrypt, - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE encrMode, - const CSSM_DATA *iv, //Êoptional per mode - uint32 keySizeInBits, - uint32 effectiveKeyBits, // optional per key alg - uint32 rounds, // ditto - const CSSM_DATA *key, // raw key bytes - const CSSM_DATA *inText, - CSSM_DATA_PTR outText) // mallocd and returned -{ - CSSM_RETURN crtn; - BU_KEY buKey; - - crtn = buGenSymKey(keySizeInBits, key, &buKey); - if(crtn) { - return crtn; - } - crtn = buEncryptDecrypt(buKey, - forEncrypt, // forEncrypt - encrAlg, - encrMode, - iv, - effectiveKeyBits, - rounds, - inText, - outText); - buFreeKey(buKey); - return crtn; -} - -/* - * encrypt/decrypt using reference ssleay. - */ -static CSSM_RETURN encryptDecryptEAY( - CSSM_BOOL forEncrypt, - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE encrMode, - const CSSM_DATA *iv, //Êoptional per mode - uint32 keySizeInBits, - const CSSM_DATA *key, // raw key bytes, Length ignored - const CSSM_DATA *inText, - CSSM_DATA_PTR outText) // mallocd and returned -{ - CSSM_RETURN crtn; - EAY_KEY eayKey; - CSSM_DATA ckey = *key; - ckey.Length = keySizeInBits / 8; - - crtn = eayGenSymKey(encrAlg, forEncrypt, &ckey, &eayKey); - if(crtn) { - return crtn; - } - crtn = eayEncryptDecrypt(eayKey, - forEncrypt, - encrAlg, - encrMode, - iv, - inText, - outText); - eayFreeKey(eayKey); - return crtn; -} - -/* - * encrypt/decrypt using reference AES. - */ -static CSSM_RETURN encryptDecryptAES( - CSSM_BOOL forEncrypt, - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE encrMode, - const CSSM_DATA *iv, //Êoptional per mode - uint32 keySizeInBits, - uint32 effectiveKeyBits, // optional per key alg - uint32 cipherBlockSize, - uint32 rounds, // ditto - const CSSM_DATA *key, // raw key bytes - const CSSM_DATA *inText, - CSSM_DATA_PTR outText) // mallocd and returned -{ - keyInstance aesKey; - cipherInstance aesCipher; - BYTE mode; - int artn; - BYTE *ivPtr; - - if(cipherBlockSize == 0) { - cipherBlockSize = MIN_AES_BLOCK_BITS; - } - switch(encrMode) { - case CSSM_ALGMODE_CBC_IV8: - mode = MODE_CBC; - ivPtr = iv->Data; - break; - case CSSM_ALGMODE_ECB: - mode = MODE_ECB; - ivPtr = NULL; - break; - default: - printf("***AES reference implementation doesn't do padding (yet)\n"); - return CSSM_OK; - } - /* fixme - adjust for padding if necessary */ - outText->Data = (uint8 *)CSSM_MALLOC(inText->Length); - outText->Length = inText->Length; - artn = _makeKey(&aesKey, - forEncrypt ? DIR_ENCRYPT : DIR_DECRYPT, - keySizeInBits, - cipherBlockSize, - key->Data); - if(artn <= 0) { - printf("***AES makeKey returned %d\n", artn); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - artn = _cipherInit(&aesCipher, - mode, - cipherBlockSize, - ivPtr); - if(artn <= 0) { - printf("***AES cipherInit returned %d\n", artn); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - if(forEncrypt) { - artn = _blockEncrypt(&aesCipher, - &aesKey, - (BYTE *)inText->Data, - inText->Length * 8, - (BYTE *)outText->Data); - } - else { - artn = _blockDecrypt(&aesCipher, - &aesKey, - (BYTE *)inText->Data, - inText->Length * 8, - (BYTE *)outText->Data); - } - if(artn <= 0) { - printf("***AES encrypt/decrypt returned %d\n", artn); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - return CSSM_OK; -} - -/* - * Encrypt/decrypt, one-shot, using one of the various reference implementations. - */ -static CSSM_RETURN encryptDecryptRef( - CSSM_BOOL forEncrypt, - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE encrMode, - const CSSM_DATA *iv, // optional per mode - uint32 keySizeInBits, - uint32 effectiveKeyBits, // optional per key alg - uint32 cipherBlockSize, - uint32 rounds, // ditto - CSSM_BOOL useEvp, // AES only - const CSSM_DATA *key, // raw key bytes - const CSSM_DATA *inText, - CSSM_DATA_PTR outText) // mallocd and returned -{ - switch(encrAlg) { - case CSSM_ALGID_AES: - if(useEvp && (cipherBlockSize == 128)) { - return (CSSM_RETURN)evpEncryptDecrypt(encrAlg, forEncrypt, - key, keySizeInBits, encrMode, iv, inText, outText); - } - else { - return encryptDecryptAES( - forEncrypt, - encrAlg, - encrMode, - iv, - keySizeInBits, - effectiveKeyBits, - cipherBlockSize, - rounds, - key, - inText, - outText); - } - case CSSM_ALGID_BLOWFISH: - case CSSM_ALGID_CAST: - return encryptDecryptEAY( - forEncrypt, - encrAlg, - encrMode, - iv, - keySizeInBits, - key, - inText, - outText); - default: - if(useEvp && (encrAlg == CSSM_ALGID_DES)) { - return (CSSM_RETURN)evpEncryptDecrypt(encrAlg, forEncrypt, - key, keySizeInBits, encrMode, iv, inText, outText); - } - else { - return encryptDecryptBSAFE( - forEncrypt, - encrAlg, - encrMode, - iv, - keySizeInBits, - effectiveKeyBits, - rounds, - key, - inText, - outText); - } - } -} - -/* - * encrypt/decrypt using CSSM. - */ -static CSSM_RETURN encryptDecryptCSSM( - CSSM_CSP_HANDLE cspHand, - CSSM_BOOL forEncrypt, - CSSM_ALGORITHMS keyAlg, - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE encrMode, - CSSM_PADDING padding, // CSSM_PADDING_PKCS1, etc. - - CSSM_BOOL multiUpdates, // false:single update, true:multi updates - const CSSM_DATA *iv, //Êoptional per mode - uint32 keySizeInBits, - uint32 effectiveKeyBits, // optional per key alg - uint32 cipherBlockSize, - uint32 rounds, // ditto - const CSSM_DATA *key, // raw key bytes - const CSSM_DATA *inText, - CSSM_BOOL genRaw, // first generate raw key (CSPDL) - CSSM_DATA_PTR outText) // mallocd and returned -{ - CSSM_KEY_PTR symKey; // mallocd by cspGenSymKey or a ptr - // to refKey - CSSM_KEY refKey; // in case of genRaw - CSSM_BOOL refKeyGenerated = CSSM_FALSE; - unsigned keyBytes = (keySizeInBits + 7) / 8; - CSSM_RETURN crtn; - - if(genRaw) { - crtn = cspGenSymKeyWithBits(cspHand, - keyAlg, - CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, - key, - keyBytes, - &refKey); - if(crtn) { - return crtn; - } - symKey = &refKey; - refKeyGenerated = CSSM_TRUE; - } - else { - /* cook up a raw symmetric key */ - symKey = cspGenSymKey(cspHand, - keyAlg, - "noLabel", - 8, - CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, - keySizeInBits, - CSSM_FALSE); // ref key - if(symKey == NULL) { - return CSSM_ERRCODE_INTERNAL_ERROR; - } - if(symKey->KeyData.Length != keyBytes) { - printf("***Generated key size error (exp %d, got %lu)\n", - keyBytes, symKey->KeyData.Length); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - memmove(symKey->KeyData.Data, key->Data, keyBytes); - } - outText->Data = NULL; - outText->Length = 0; - - if(keySizeInBits == effectiveKeyBits) { - effectiveKeyBits = 0; - } - - /* go for it */ - if(forEncrypt) { - crtn = cspStagedEncrypt(cspHand, - encrAlg, - encrMode, - padding, - symKey, - NULL, // no second key - effectiveKeyBits, - cipherBlockSize / 8, - rounds, - iv, - inText, - outText, - multiUpdates); - } - else { - crtn = cspStagedDecrypt(cspHand, - encrAlg, - encrMode, - padding, - symKey, - NULL, // no second key - effectiveKeyBits, - cipherBlockSize / 8, - rounds, - iv, - inText, - outText, - multiUpdates); - } - cspFreeKey(cspHand, symKey); - if(!refKeyGenerated) { - /* key itself mallocd by cspGenSymKey */ - CSSM_FREE(symKey); - } - return crtn; -} - -#define LOG_FREQ 20 - -static int doTest(CSSM_CSP_HANDLE cspHand, - const CSSM_DATA *ptext, - const CSSM_DATA *keyData, - const CSSM_DATA *iv, - uint32 keyAlg, // CSSM_ALGID_xxx of the key - uint32 encrAlg, // encrypt/decrypt - uint32 encrMode, - uint32 padding, - uint32 keySizeInBits, - uint32 efectiveKeySizeInBits, - uint32 cipherBlockSize, - CSSM_BOOL useEvp, // AES only - CSSM_BOOL stagedEncr, - CSSM_BOOL stagedDecr, - CSSM_BOOL quiet, - CSSM_BOOL encryptOnly, - CSSM_BOOL genRaw) // first generate raw key (CSPDL) -{ - CSSM_DATA ctextRef = {0, NULL}; // ciphertext, reference - CSSM_DATA ctextTest = {0, NULL}; // ciphertext, test - CSSM_DATA rptext = {0, NULL}; // recovered plaintext - int rtn = 0; - CSSM_RETURN crtn; - uint32 rounds = 0; - - if(encrAlg == CSSM_ALGID_RC5) { - /* roll the dice, pick one of three values for rounds */ - unsigned die = genRand(1,3); - switch(die) { - case 1: - rounds = 8; - break; - case 2: - rounds = 12; - break; - case 3: - rounds = 16; - break; - } - } - - /* - * encrypt with each method; - * verify ciphertexts compare; - * decrypt with test code; - * verify recovered plaintext and incoming plaintext compare; - */ - crtn = encryptDecryptRef(CSSM_TRUE, - encrAlg, - encrMode, - iv, - keySizeInBits, - efectiveKeySizeInBits, - cipherBlockSize, - rounds, - useEvp, - keyData, - ptext, - &ctextRef); - if(crtn) { - return testError(quiet); - } - crtn = encryptDecryptCSSM(cspHand, - CSSM_TRUE, - keyAlg, - encrAlg, - encrMode, - padding, - stagedEncr, - iv, - keySizeInBits, - efectiveKeySizeInBits, - cipherBlockSize, - rounds, - keyData, - ptext, - genRaw, - &ctextTest); - if(crtn) { - return testError(quiet); - } - - /* ensure both methods resulted in same ciphertext */ - if(ctextRef.Length != ctextTest.Length) { - printf("Ctext length mismatch (1)\n"); - rtn = testError(quiet); - if(rtn) { - goto abort; - } - } - if(memcmp(ctextRef.Data, ctextTest.Data, ctextTest.Length)) { - printf("Ctext miscompare\n"); - rtn = testError(quiet); - if(rtn) { - goto abort; - } - } - - if(encryptOnly) { - rtn = 0; - goto abort; - } - - /* decrypt with the test method */ - crtn = encryptDecryptCSSM(cspHand, - CSSM_FALSE, - keyAlg, - encrAlg, - encrMode, - padding, - stagedDecr, - iv, - keySizeInBits, - efectiveKeySizeInBits, - cipherBlockSize, - rounds, - keyData, - &ctextTest, - genRaw, - &rptext); - if(crtn) { - return testError(quiet); - } - if(rptext.Length != ptext->Length) { - printf("ptext length mismatch (1)\n"); - rtn = testError(quiet); - if(rtn) { - goto abort; - } - } - if(memcmp(rptext.Data, ptext->Data, ptext->Length)) { - printf("ptext miscompare\n"); - rtn = testError(quiet); - } - else { - rtn = 0; - } -abort: - if(ctextTest.Length) { - CSSM_FREE(ctextTest.Data); - } - if(ctextRef.Length) { - CSSM_FREE(ctextRef.Data); - } - if(rptext.Length) { - CSSM_FREE(rptext.Data); - } - return rtn; -} - - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - CSSM_DATA ptext; - CSSM_CSP_HANDLE cspHand; - CSSM_BOOL stagedEncr; - CSSM_BOOL stagedDecr; - const char *algStr; - uint32 keyAlg; // CSSM_ALGID_xxx of the key - uint32 encrAlg; // CSSM_ALGID_xxx of encr/decr - int i; - unsigned currAlg; // ALG_xxx - uint32 actKeySizeInBits; - uint32 effectKeySizeInBits; - int rtn = 0; - CSSM_DATA keyData; - CSSM_DATA initVector; - CSSM_BOOL genRaw = CSSM_FALSE; // first generate raw key (CSPDL) - uint32 minTextSize; - uint32 rawMode; - uint32 cookedMode; - const char *rawModeStr; - const char *cookedModeStr; - uint32 algBlockSize; - - /* - * User-spec'd params - */ - CSSM_BOOL keySizeSpec = CSSM_FALSE; // false: use rand key size - unsigned minAlg = ALG_FIRST; - unsigned maxAlg = ALG_LAST; - unsigned loops = LOOPS_DEF; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - unsigned pauseInterval = 0; - uint32 padding; - CSSM_BOOL bareCsp = CSSM_TRUE; - CSSM_BOOL encryptOnly = CSSM_FALSE; - unsigned maxPtextSize = MAX_DATA_SIZE; - unsigned minPtextSize = MIN_DATA_SIZE; - CSSM_BOOL oneShotOnly = CSSM_FALSE; - CSSM_BOOL allZeroes = CSSM_FALSE; - CSSM_BOOL rawCookedSpecd = CSSM_FALSE; // when true, use allRaw only - CSSM_BOOL allRaw = CSSM_FALSE; - CSSM_BOOL useEvp = CSSM_FALSE; - - for(arg=1; arg -#include -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "cspdlTesting.h" - -/* we need to know a little bit about AES for this test.... */ -#define AES_BLOCK_SIZE 16 /* bytes */ - -/* - * Defaults. - */ -#define LOOPS_DEF 10 -#define MIN_PTEXT_SIZE AES_BLOCK_SIZE /* for non-padding tests */ -#define MAX_PTEXT_SIZE 1000 -#define MAX_IV_SIZE AES_BLOCK_SIZE - -/* - * Enumerate algs our own way to allow iteration. - */ -typedef unsigned privAlg; -enum { - pka_ASC, - pka_RC4, - pka_DES, - pka_RC2, - pka_RC5, - pka_3DES, - pka_AES -}; - -/* - * Ditto for modes. ALGMODE_NONE not iterated, it's a special case for - * RC4 and ASC. - */ -typedef unsigned privMode; -enum { - pma_CBC_PadIV8, - pma_CBC_IV8, // no pad - requires well-aligned ptext - pma_ECB, // no IV, no pad - requires well-aligned ptext -}; - -#define ENCR_ALG_FIRST pka_ASC -#define ENCR_ALG_LAST pka_AES - -#define ENCR_MODE_FIRST pma_CBC_PadIV8 -#define ENCR_MODE_LAST pma_ECB - -/* - * Args passed to each test and to testCommon; these completely define - * the paramters for one encryption op. - */ -typedef struct { - CSSM_CSP_HANDLE cspHand; - CSSM_ALGORITHMS keyAlg; - CSSM_ALGORITHMS encrAlg; - uint32 keySizeInBits; - uint32 effectiveKeySizeInBits; // 0 means not used - uint32 rounds; // ditto - const char *keyAlgStr; - CSSM_ENCRYPT_MODE encrMode; - const char *encrModeStr; - CSSM_PADDING encrPad; - CSSM_DATA_PTR ptext; - CSSM_BOOL useInitVector; // encrypt needs an IV - CSSM_BOOL useRefKey; - CSSM_DATA initVector; // Data mallocd and init in main() - CSSM_KEY_PTR key; // gen'd in main - CSSM_BOOL verbose; - CSSM_BOOL quiet; -} testArgs; - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" e(xport)\n"); - printf(" r(epeatOnly)\n"); - printf(" p(ause after each loop)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -/* - * Given a privAlg value, return various associated stuff. - */ -static void algInfo(privAlg alg, // pka_DES, etc. - CSSM_ALGORITHMS *keyAlg, // CSSM_ALGID_DES, etc. RETURNED - // key alg for key gen algs - CSSM_ALGORITHMS *encrAlg, // encrypt/decrypt alg for key - // gen algs - const char **algStr, // RETURNED - CSSM_SIZE *ivSize) // RETURNED -{ - *ivSize = 8; - switch(alg) { - case pka_DES: - *keyAlg = *encrAlg = CSSM_ALGID_DES; - *algStr = "DES"; - return; - case pka_3DES: - *keyAlg = CSSM_ALGID_3DES_3KEY; - *encrAlg = CSSM_ALGID_3DES_3KEY_EDE; - *algStr = "3DES"; - return; - case pka_RC2: - *keyAlg = *encrAlg = CSSM_ALGID_RC2; - *algStr = "RC2"; - return; - case pka_RC4: - *keyAlg = *encrAlg = CSSM_ALGID_RC4; - /* initVector false */ - *ivSize = 0; - *algStr = "RC4"; - return; - case pka_RC5: - *keyAlg = *encrAlg = CSSM_ALGID_RC5; - *algStr = "RC5"; - return; - case pka_AES: - *keyAlg = *encrAlg = CSSM_ALGID_AES; - *algStr = "AES"; - *ivSize = AES_BLOCK_SIZE; - return; - case pka_ASC: - *keyAlg = *encrAlg = CSSM_ALGID_ASC; - /* initVector false */ - *ivSize = 0; - *algStr = "ASC"; - return; - default: - printf("BRRZZZT! Update algInfo()!\n"); - testError(CSSM_TRUE); - } -} - -/* given a privMode, return related info */ -static void modeInfo( - CSSM_ALGORITHMS alg, - privMode mode, - CSSM_ENCRYPT_MODE *cdsaMode, - const char **modeStr, - CSSM_PADDING *pad, // PKCS5 or NONE - CSSM_BOOL *useInitVector) // RETURNED, for encrypt/decrypt -{ - *useInitVector = CSSM_FALSE; - - /* first deal with modeless algorithms */ - switch(alg) { - case CSSM_ALGID_RC4: - case CSSM_ALGID_ASC: - *cdsaMode = CSSM_ALGMODE_NONE; - *modeStr = "NONE"; - *pad = CSSM_PADDING_NONE; - return; - default: - break; - } - - switch(mode) { - case pma_CBC_PadIV8: - *cdsaMode = CSSM_ALGMODE_CBCPadIV8; - *modeStr = "CBCPadIV8"; - *useInitVector = CSSM_TRUE; - *pad = CSSM_PADDING_PKCS5; - return; - case pma_CBC_IV8: - *cdsaMode = CSSM_ALGMODE_CBC_IV8; - *modeStr = "CBC_IV8"; - *useInitVector = CSSM_TRUE; - *pad = CSSM_PADDING_NONE; - return; - case pma_ECB: - *cdsaMode = CSSM_ALGMODE_ECB; - *modeStr = "ECB"; - *pad = CSSM_PADDING_NONE; - return; - default: - printf("BRRZZZT! Update modeInfo()!\n"); - testError(CSSM_TRUE); - } -} - -/* - * Given alg and mode, determine alignment of ptext size. 0 means no - * alignment necessary. - */ -uint32 alignInfo( - CSSM_ALGORITHMS alg, - CSSM_ENCRYPT_MODE mode) -{ - switch(alg) { - case CSSM_ALGID_RC4: - case CSSM_ALGID_ASC: - return 0; - default: - break; - } - - switch(mode) { - case CSSM_ALGMODE_CBC_IV8: - case CSSM_ALGMODE_ECB: - if(alg == CSSM_ALGID_AES) { - return AES_BLOCK_SIZE; - } - else { - return 8; - } - default: - return 0; - } -} - -/* a handy "compare two CSSM_DATAs" ditty */ -static CSSM_BOOL compareData(const CSSM_DATA_PTR d1, - const CSSM_DATA_PTR d2) -{ - if(d1->Length != d2->Length) { - return CSSM_FALSE; - } - if(memcmp(d1->Data, d2->Data, d1->Length)) { - return CSSM_FALSE; - } - return CSSM_TRUE; -} - -/* generate random one-bit byte */ -static uint8 randBit() -{ - return 1 << genRand(0, 7); -} - -/* - * Copy a key. - */ -static void copyCssmKey( - const CSSM_KEY_PTR key1, - CSSM_KEY_PTR key2) -{ - key2->KeyHeader = key1->KeyHeader; - key2->KeyData.Data = NULL; - key2->KeyData.Length = 0; - appCopyCssmData(&key1->KeyData, &key2->KeyData); -} - -/* - * Encrypt ptext using specified parameters - */ -static int encryptCom(CSSM_CSP_HANDLE cspHand, - const char *testName, - CSSM_DATA_PTR ptext, - CSSM_KEY_PTR key, - CSSM_ALGORITHMS alg, - CSSM_ENCRYPT_MODE mode, - CSSM_PADDING padding, // CSSM_PADDING_PKCS1, etc. - CSSM_DATA_PTR iv, // may be NULL - uint32 effectiveKeySizeInBits, // may be 0 - uint32 rounds, // ditto - CSSM_DATA_PTR ctext, // RETURNED - CSSM_BOOL quiet) -{ - CSSM_CC_HANDLE cryptHand; - CSSM_RETURN crtn; - CSSM_SIZE bytesEncrypted; - CSSM_DATA remData; - int rtn; - - cryptHand = genCryptHandle(cspHand, - alg, - mode, - padding, - key, - NULL, // no 2nd key - iv, // InitVector - effectiveKeySizeInBits, - rounds); - if(cryptHand == 0) { - return testError(quiet); - } - - remData.Data = NULL; - remData.Length = 0; - crtn = CSSM_EncryptData(cryptHand, - ptext, - 1, - ctext, - 1, - &bytesEncrypted, - &remData); - - if(crtn) { - printError("CSSM_EncryptData", crtn); - rtn = testError(quiet); - goto done; - } - if(remData.Length != 0) { - ctext->Data = (uint8 *)appRealloc(ctext->Data, bytesEncrypted, NULL); - memmove(ctext->Data + ctext->Length, - remData.Data, - bytesEncrypted - ctext->Length); - appFreeCssmData(&remData, CSSM_FALSE); - } - ctext->Length = bytesEncrypted; - rtn = 0; -done: - if(CSSM_DeleteContext(cryptHand)) { - printError("CSSM_DeleteContext", 0); - rtn = 1; - } - return rtn; -} - -/* - * Common test portion - * encrypt ptext with args in targ1; - * encrypt ptext with args in targ2; - * compare 2 ctexts; expect failure; - */ -static int testCommon(const char *testName, - testArgs *targs1, - testArgs *targs2) -{ - CSSM_DATA ctext1 = {0, NULL}; - CSSM_DATA ctext2 = {0, NULL}; - - if(encryptCom(targs1->cspHand, - testName, - targs1->ptext, - targs1->key, - targs1->encrAlg, - targs1->encrMode, - targs1->encrPad, - &targs1->initVector, - targs1->effectiveKeySizeInBits, - targs1->rounds, - &ctext1, - targs1->quiet)) { - return 1; - } - if(encryptCom(targs2->cspHand, - testName, - targs2->ptext, - targs2->key, - targs2->encrAlg, - targs2->encrMode, - targs2->encrPad, - &targs2->initVector, - targs2->effectiveKeySizeInBits, - targs2->rounds, - &ctext2, - targs2->quiet)) { - return 1; - } - if(compareData(&ctext1, &ctext2)) { - printf("***%s: Unexpected Data compare!\n", testName); - return testError(targs1->quiet); - } - appFreeCssmData(&ctext1, CSSM_FALSE); - appFreeCssmData(&ctext2, CSSM_FALSE); - return 0; -} - -/** - ** inidividual tests. - **/ -#define KEY_LABEL1 "noLabel1" -#define KEY_LABEL2 "noLabel2" -#define KEY_LABEL_LEN strlen(KEY_LABEL1) -#define REPEAT_ON_ERROR 1 - -/* - * Ensure initVector alters ctext. - */ -static int initVectTest(testArgs *targs) -{ - uint32 mungeDex; - uint32 mungeBits; - testArgs mungeArgs = *targs; - CSSM_DATA mungeIV; - - if(targs->verbose) { - printf(" ...modifying init vector\n"); - } - - /* get munged copy of iv */ - mungeIV.Length = targs->initVector.Length; - mungeIV.Data = (uint8 *)CSSM_MALLOC(mungeIV.Length); - memmove(mungeIV.Data, targs->initVector.Data, mungeIV.Length); - mungeArgs.initVector = mungeIV; - mungeDex = genRand(0, mungeIV.Length - 1); - mungeBits = randBit(); - mungeIV.Data[mungeDex] ^= mungeBits; - if(testCommon("initVectTest", targs, &mungeArgs)) { - return 1; - } - appFreeCssmData(&mungeIV, CSSM_FALSE); - return 0; -} - -/* - * Ensure effectiveKeySizeInBits alters ctext. RC2 only. - */ -static int effectSizeTest(testArgs *targs) -{ - testArgs mungeArgs = *targs; - - if(targs->verbose) { - printf(" ...modifying effective key size\n"); - } - mungeArgs.effectiveKeySizeInBits -= 8; - return testCommon("effectSizeTest", targs, &mungeArgs); -} - -/* - * Ensure rounds alters ctext. RC5 only. - */ -static int roundsTest(testArgs *targs) -{ - testArgs mungeArgs = *targs; - - if(targs->verbose) { - printf(" ...modifying rounds\n"); - } - switch(targs->rounds) { - case 8: - mungeArgs.rounds = 12; - break; - case 12: - mungeArgs.rounds = 16; - break; - case 16: - mungeArgs.rounds = 8; - break; - default: - printf("***ACK! roundsTest needs work!\n"); - return 1; - } - return testCommon("roundsTest", targs, &mungeArgs); -} - - -/* - * ensure encryption algorithm alters ctext. - */ -static int encrAlgTest(testArgs *targs) -{ - testArgs mungeArgs = *targs; - CSSM_KEY mungeKey = *targs->key; - - /* come up with different encrypt alg - not all work */ - switch(targs->encrAlg) { - case CSSM_ALGID_DES: // fixed size key - case CSSM_ALGID_3DES_3KEY_EDE: - default: - return 0; - case CSSM_ALGID_RC4: // no IV - mungeArgs.encrAlg = CSSM_ALGID_ASC; - break; - case CSSM_ALGID_ASC: // no IV - mungeArgs.encrAlg = CSSM_ALGID_RC4; - break; - case CSSM_ALGID_RC2: - mungeArgs.encrAlg = CSSM_ALGID_RC5; - break; - case CSSM_ALGID_RC5: - mungeArgs.encrAlg = CSSM_ALGID_RC2; - break; - case CSSM_ALGID_AES: - mungeArgs.encrAlg = CSSM_ALGID_RC5; - mungeArgs.initVector.Length = 8; - break; - } - - /* we're assuming this is legal - a shallow copy of a key, followed by a blind - * reassignment of its algorithm... */ - mungeKey.KeyHeader.AlgorithmId = mungeArgs.encrAlg; - mungeArgs.key = &mungeKey; - - if(targs->verbose) { - printf(" ...modifying encryption alg\n"); - } - - return testCommon("encrAlgTest", targs, &mungeArgs); -} - -/* - * ensure encryption mode alters ctext. - */ -static int encrModeTest(testArgs *targs) -{ - testArgs mungeArgs = *targs; - - /* come up with different encrypt mode - not all work */ - switch(targs->encrMode) { - case CSSM_ALGMODE_NONE: // i.e., RC4, ASC - case CSSM_ALGMODE_CBCPadIV8: // others, only one which does - // padding - return 0; - case CSSM_ALGMODE_CBC_IV8: - mungeArgs.encrMode = CSSM_ALGMODE_ECB; - mungeArgs.useInitVector = CSSM_FALSE; - break; - case CSSM_ALGMODE_ECB: - mungeArgs.encrMode = CSSM_ALGMODE_CBC_IV8; - mungeArgs.useInitVector = CSSM_TRUE; - break; - default: - printf("Update encrModeTest\n"); - return 1; - } - if(targs->verbose) { - printf(" ...modifying encryption mode\n"); - } - - return testCommon("encrModeTest", targs, &mungeArgs); -} - -/* - * Ensure ptext alters ctext. - */ -static int ptextTest(testArgs *targs) -{ - uint32 mungeDex; - uint32 mungeBits; - testArgs mungeArgs = *targs; - CSSM_DATA mungePtext; - - if(targs->verbose) { - printf(" ...modifying plaintext\n"); - } - - /* get munged copy of ptext */ - mungePtext.Length = targs->ptext->Length; - mungePtext.Data = (uint8 *)CSSM_MALLOC(mungePtext.Length); - memmove(mungePtext.Data, targs->ptext->Data, mungePtext.Length); - mungeArgs.ptext = &mungePtext; - mungeDex = genRand(0, mungePtext.Length - 1); - mungeBits = randBit(); - mungePtext.Data[mungeDex] ^= mungeBits; - if(testCommon("ptextTest", targs, &mungeArgs)) { - return 1; - } - appFreeCssmData(&mungePtext, CSSM_FALSE); - return 0; -} - -/* - * Ensure key alters ctext. Requires raw key, of course. - */ -static int keyTest(testArgs *targs) -{ - uint32 mungeDex; - uint32 mungeBits; - testArgs mungeArgs = *targs; - CSSM_KEY mungeKey; - unsigned minBit; - unsigned maxByte; - - if(targs->verbose) { - printf(" ...modifying key\n"); - } - - /* get munged copy of key */ - copyCssmKey(targs->key, &mungeKey); - mungeArgs.key = &mungeKey; - - maxByte = mungeKey.KeyData.Length - 1; - if(targs->effectiveKeySizeInBits) { - /* skip MS byte - partially used */ - maxByte--; - } - mungeDex = genRand(0, maxByte); - - minBit = 0; - switch(targs->keyAlg) { - case CSSM_ALGID_DES: - case CSSM_ALGID_DESX: - case CSSM_ALGID_3DES_3KEY: - /* skip lsb - DES parity bit */ - minBit++; - break; - default: - break; - } - mungeBits = 1 << genRand(minBit, 7); - mungeKey.KeyData.Data[mungeDex] ^= mungeBits; - if(testCommon("keyTest", targs, &mungeArgs)) { - return 1; - } - appFreeCssmData(&mungeKey.KeyData, CSSM_FALSE); - return 0; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - CSSM_DATA ptext; - CSSM_DATA initVector; - testArgs targs; - privAlg encrAlg; - int rtn = 0; - privMode pmode; - uint32 origLen; - uint32 alignRequired; - CSSM_BOOL refKeys = CSSM_FALSE; - int i; - - /* - * User-spec'd params - */ - unsigned loops = LOOPS_DEF; - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_BOOL doPause = CSSM_FALSE; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL repeatOnly = CSSM_FALSE; - CSSM_BOOL bareCsp = CSSM_TRUE; - - for(arg=1; arghb{Te!}}jq2ew4VW{c0E22orzEQLQp$}? z3)0-hGLVF&aluu?(SWt17)uJ9qWx4S-Wyh}Aso5+4gqp|a8tzm1p{Z*eL7pIia-_Q zlhaHJI1Hr?9$EiG#UnyBwAeU^Kfuz|RF z5z9XXS0&GXCpKUbDN&s#Y`0yi{w|5?nw0HNLy20uEBGu~^(y3v;t)ksFq^*F`hOH* zdnXa!Bb_(aVHcx^U$w7oXi`fE!bn;fAvZsKc&7l;`EfVV8*(-~8Xp0JSc`*xwlSj{ z#5SLtq4Oldydw8b1v<;WJ(j7geqS9uPdFsB^|QUF$_rZOUr}1-(%*iQ>vFAE#AZ<5 zt?|J#(B|W_)V*e$gdy!DbN0;dvpfOXg1tkF$U|O#GDITSmM(^Rvtk`;>cyc6pm8&O WLZUFvb1hY1%-!Dt-)<_c0X&R~{)1Qm diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/ctext_AES192 b/SecurityTests/cspxutils/symReference/blobs/G4/ctext_AES192 deleted file mode 100644 index 72345c05b87b6ca6803ce12a52fa7ad148dc242f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 264 zcmV+j0r&nqHgoW%j}eU?xb*`c+4m-?=TI=tHmd(ugeo&mAf5t(*4v?9;6^VIFOHuJ z(PxRC1anPC%E#%z6>pQJXy#NC z&sBB>4AnmME@)UUrhzZX;dqb0v0(te_q@ribrFb*HzXw*BMhaL3LHU??fUg)?e}m3 zJXI>@Fxyer737jdc9T?*rrh-K^HsIJ7kRIj%%H-Gh$y&;@zmEmXEHaR-U?Zm*_O$< O{cq}wx|^yQRk`|SwSc(* diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/ctext_AES256 b/SecurityTests/cspxutils/symReference/blobs/G4/ctext_AES256 deleted file mode 100644 index 88ba45e72815ec46d71bbaa85b26a2b832d17c77..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 288 zcmV+*0pI>`If^|ZdEkvk4@*0y046_^!oRBMJvs5a3|z6{cHk1B(E-G(K;(r)e@@EM z2dHM0z#Q05M%A3>lJz4G>kd#UJH?Q@vo{k#egP(YVh8vW3Xq?=6SziaARCJV{9~c% zUf(&X(!<4hz8LTUEA!c`GH#2lVofjfZViGB-?512Mz6i*M-|iCL;nwfFJ?mwgL=lW=c;+ zw5WcAY!aKtM~k4S>*2k7!ni90rY- mD+6#HX2FZ)U(H&1-~qD+nTaGXF{$mQ6eN8PI)-8s83tfBHV+xnEB&uc`yzHUl()-lyDyymp3Jz7uT z>ZzACMjKO-9iN3?I?Wp4vTdF5x>-SbuW#{72hI`e=rw{Q9^LhJgHtbi<9nAb d_j>*9%bs!knA7~*yhxJm?ZY{q*REUq1pwAsl@tH~ diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/ctext_Blowfish b/SecurityTests/cspxutils/symReference/blobs/G4/ctext_Blowfish deleted file mode 100644 index 328b82af876bcb3ba9feb2916ed674128a471339..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 264 zcmV+j0r&nV140mm-?uN%L#rXYmxZ~9bdCDQ72TyRW}i15+Yy#sI_eM~hyePM8!LU4 zu9+!>uzeECQCc~BC-wZ2aK;90m91c&F69LCo#7s){AMkqcVZ~Irnx~R?**6du`pec zeKs)!%2}y-adaY-GrT3Vc_p9(FBFY*Y^&5Vi#7{V3Xpa^T^c|bI{;6ZFSzNdL37+k z31^2ªGL©©[) •Éèsr@È" -s¦qŽ1$Úh8–@)ë3ï#Íî`p\+ö£v©ézQ1‡€àªN:û½÷¨ëåâQœ¯ê,іû_T íBÚZLUAšý«.`g@M ˆ¬RSL ¶ €kOýˆ.è9 -t Ûÿ':7pØS§å͕g©Žp|}(+÷Ã+bðç.<±/†ö¾±†aíÏÎ۟{`ç”d6%}kóüf#>LrDœDÑÝ:xЉ \ No newline at end of file diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/ctext_DES b/SecurityTests/cspxutils/symReference/blobs/G4/ctext_DES deleted file mode 100644 index ee4e21256689801ba4ae3598901317c7e7217741..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 264 zcmV+j0r&prheOK3r%r9zgdLQI8_C(~B-a*=`YJ}a)2A+ir4B)6JXsQ<6DPO=>t!93 z9oExA4uAj!Iek`2|193EQJTb3k_A!KrQzo9Up*J7b#oS;=wW)zl{ zP_VR#(`3R+CmvzTRSqeQur1-7yT6zsWXWo^-m%WGRPmJ)DHttH(3*l+PG;zj`ye^I z$`cDD&;MVTh?|28jQT8NKW}^dm%5add_2-jb>EzP!cDcIuxd%inP}w8l>b#eeqo$0 OlDzR(o_s%;F)Cn)?SzQ{ diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/ctext_RC4 b/SecurityTests/cspxutils/symReference/blobs/G4/ctext_RC4 deleted file mode 100644 index 68fc480e..00000000 --- a/SecurityTests/cspxutils/symReference/blobs/G4/ctext_RC4 +++ /dev/null @@ -1,3 +0,0 @@ -dS$4X{˜ÂËùm -:2cf“8B -?|_ÃQRŪC8úT&Øô£!Qô@Òc„:%ÆN7âí|9C1šÇ*_DÊäáQ⇾j½²:õqZèÛ"€Â1â,©Áñ8 +,«8*nœ•ç6 ÷p$yÞq‹¥œ¨{B—4<9ç1øC@ÀÈ÷0¤¢Üè‚/ވý¾H@ãúL/{;[€[,X4Sºmêœb‚žçXçGš#K©µ.žè²N{ˆOó]n¾òqMÏ8†5öãjrÒA†ïsß-~”dý./œNíÒ5‹|(Še¤õæºÄ?ƒõº>}îý,ÃØç˜!ed"ß| \ No newline at end of file diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/ctext_RC5 b/SecurityTests/cspxutils/symReference/blobs/G4/ctext_RC5 deleted file mode 100644 index 0331a835208c4fb5fa1efd1fd467a60e594b5282..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 264 zcmV+j0r&o?zB|6@+B0UdaPCUWE5t5#BWGu#5MN;%sufY{fcUoD+nwj3_}5Nzt7~|FypjFhBTZC!F{= zfP^~NKH}~+CsFK=CPWJgE0YXRQJJQT(wzH<+J#BW@wm^ejqWe`UT_HwTq3}Zjq1i= zQRt@W!sX2@m@+K^i>^O0&tsx&@JV{bwALXVC?6EOHhkyNLkU!}088p_godM6n=&d7 zu#E-CWP>}qESxY30oPqL=Vka_4=BKtaaou1n`3G}-t5mRD8lf!$+p6 O@k*BgV@IY4$8APt(}MT_ diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/iv_3DES b/SecurityTests/cspxutils/symReference/blobs/G4/iv_3DES deleted file mode 100644 index 387aad25..00000000 --- a/SecurityTests/cspxutils/symReference/blobs/G4/iv_3DES +++ /dev/null @@ -1 +0,0 @@ -\SòwŠ£5 \ No newline at end of file diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/iv_AES b/SecurityTests/cspxutils/symReference/blobs/G4/iv_AES deleted file mode 100644 index 826dba4c..00000000 --- a/SecurityTests/cspxutils/symReference/blobs/G4/iv_AES +++ /dev/null @@ -1 +0,0 @@ -Ï»Ù[è˜áHg²æþú6 \ No newline at end of file diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/iv_AES192 b/SecurityTests/cspxutils/symReference/blobs/G4/iv_AES192 deleted file mode 100644 index 5f9bae54..00000000 --- a/SecurityTests/cspxutils/symReference/blobs/G4/iv_AES192 +++ /dev/null @@ -1 +0,0 @@ -£~-…ÚËÕdfJ©SŠ­¯3¯¤œ£W \ No newline at end of file diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/iv_AES256 b/SecurityTests/cspxutils/symReference/blobs/G4/iv_AES256 deleted file mode 100644 index afd5ef70..00000000 --- a/SecurityTests/cspxutils/symReference/blobs/G4/iv_AES256 +++ /dev/null @@ -1 +0,0 @@ -“È)U Hü$?Ô-å$7³²wŒîS9À1çhÂïœM& \ No newline at end of file diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/iv_Blowfish b/SecurityTests/cspxutils/symReference/blobs/G4/iv_Blowfish deleted file mode 100644 index e63798ae..00000000 --- a/SecurityTests/cspxutils/symReference/blobs/G4/iv_Blowfish +++ /dev/null @@ -1 +0,0 @@ -ÿ§Šxº \ No newline at end of file diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/iv_CAST b/SecurityTests/cspxutils/symReference/blobs/G4/iv_CAST deleted file mode 100644 index be426a14..00000000 --- a/SecurityTests/cspxutils/symReference/blobs/G4/iv_CAST +++ /dev/null @@ -1 +0,0 @@ -¾›Ýy¼À¶ \ No newline at end of file diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/iv_DES b/SecurityTests/cspxutils/symReference/blobs/G4/iv_DES deleted file mode 100644 index 02773e89..00000000 --- a/SecurityTests/cspxutils/symReference/blobs/G4/iv_DES +++ /dev/null @@ -1 +0,0 @@ -q&m—ïUb \ No newline at end of file diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/iv_RC2 b/SecurityTests/cspxutils/symReference/blobs/G4/iv_RC2 deleted file mode 100644 index 432dc174..00000000 --- a/SecurityTests/cspxutils/symReference/blobs/G4/iv_RC2 +++ /dev/null @@ -1 +0,0 @@ -/øÚT±rþI \ No newline at end of file diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/iv_RC5 b/SecurityTests/cspxutils/symReference/blobs/G4/iv_RC5 deleted file mode 100644 index 12de1166..00000000 --- a/SecurityTests/cspxutils/symReference/blobs/G4/iv_RC5 +++ /dev/null @@ -1 +0,0 @@ -aík'PKÑ \ No newline at end of file diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/key_3DES b/SecurityTests/cspxutils/symReference/blobs/G4/key_3DES deleted file mode 100644 index 80364d7120aee71d3d665a8802e3d7bb60117cac..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 24 gcmd5vcC0hhN8F8}}l diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/key_AES b/SecurityTests/cspxutils/symReference/blobs/G4/key_AES deleted file mode 100644 index e89c4311..00000000 --- a/SecurityTests/cspxutils/symReference/blobs/G4/key_AES +++ /dev/null @@ -1 +0,0 @@ -ή${ã„t2›jÞè#—Ò \ No newline at end of file diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/key_AES192 b/SecurityTests/cspxutils/symReference/blobs/G4/key_AES192 deleted file mode 100644 index 1b51a329..00000000 --- a/SecurityTests/cspxutils/symReference/blobs/G4/key_AES192 +++ /dev/null @@ -1 +0,0 @@ -~Þ£¬Wßy ò3 á<""c€½cÖJ¸ë?Aÿ˜¬*ZIÏÞ[æ¼‡ú4ɪR 5¤ÉÖrÞG³¶b(º'H* ù¸WÆÛ¶:f“Ú脉»!}¿pªÜg«*‰AºOŠO’pº­£iÞÙÂû‘÷Ë~ý,«¸¦8IÈÅWG’ròšw'`~øÙx"ì½ýwÅMíÙÞ[çüßÇã—œžŒÚ,F  ÛTd£6&”nð.µ\ÙÃXlnjG½2!âr7id(•#ƒq/’…›B½ -8&E0¥rFši…OP¢L©åN75öM] \ No newline at end of file diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/ptext_AES b/SecurityTests/cspxutils/symReference/blobs/G4/ptext_AES deleted file mode 100644 index f24f578c4be91241c4ae5a2cdd1067c749f25472..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 256 zcmV+b0ssEzSO!dn7?f9&7Zhx7Fen#EobV;)zNy@qF0tQE+W!-aokxQG1ruEd>inNy z@|puFy8@WP5jX_ZLRvqDM;2`uc$asHKY)%C3GZ)Ap|vZqofM~-$%)>_1PKR|5xTUo zyx*jHs|vb|CDf(uvV-ola`7QV*33?a9vDfE@(}&1o9-P--R>fz7qG~Fo6uGGn zh#yZ&FbqAHG{1tsfksb&8OuJM*b(3Q-&|oD5r-B-?t3M#h26Zg8L`r9CHa8y-Y!>8 z#FxYN!!0AyEtknD0W#|Mm|g0EUBz9A}i_ckGq&l1h%e8!dxHs=JHX%$Pp G`u3uD(tX*jPx!7v|h4v96xl0sN4 z(b9A7(8$Nn5}AHm#&jy5J_@G?G+C$FCEqs|%?qDI;r2g2B7Z62~5TwgEqA9@jZw)5d);tprk3lbZmtD>K5pLG9l48Dr;K zL>TG&)wcD4xe@#qgrX%YUg>V`qHr2)N*=X$9kD9}0(I2;;Qm?C#{o$E4fH%TSFYU% G^K?XzqJj_r diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/ptext_AES256 b/SecurityTests/cspxutils/symReference/blobs/G4/ptext_AES256 deleted file mode 100644 index 8767dc0811565bcb73cd185255ed5b12f073c9be..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 256 zcmV+b0ssEWS_c*ZbU3r6uD)Mb3`EjIt*b5%R>%$*SLVLf!an+he6`TKotM29>nxB| zMx&l!fb@=i!-cVeJrzqShWpysS+$d>G64Zkr&8=oauT9ncKwBmX+mEqR?~Gg1rki$ zaPtu-R&7uE01H5PX`hi3mE7Oq^KqPu$SR{q@rXtaC+%b`3U+MON?}~_Hqxe$kmj5+ z?C{gOniDw`eF_E|H{Yg~hBh8D>fLofz~KBaY|my*vzTn}TG^RalSF|f3eDCvl})mO zj!M(X8PL1}{X(HnoB0=ziIPs#hmR(;2LL6X=+OD+KrFcZEe5&@P?=WH*w2T4{Q_8> G&?B+VM17F} diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/ptext_ASC b/SecurityTests/cspxutils/symReference/blobs/G4/ptext_ASC deleted file mode 100644 index f968dc0d..00000000 --- a/SecurityTests/cspxutils/symReference/blobs/G4/ptext_ASC +++ /dev/null @@ -1,3 +0,0 @@ -¶àèÿiÒ{±;<‡± -¾\·û9¯êõ„îjëk8%ü™o/ò°Q,å'ñ -›&62º BÖåf¡NjOW»sîAÔ¯CüU—~€í“¦ˆÒ«ë/–Ôù(î²jíVg&K÷d ®j›òЋh`ÒóJX8 \ No newline at end of file diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/ptext_CAST b/SecurityTests/cspxutils/symReference/blobs/G4/ptext_CAST deleted file mode 100644 index 3d5757fbdca4ff7328db8fc590d2406b789cadb1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 256 zcmV+b0ssCHXcv+)sGDJorF=MSgCvOVe?rNV_0@{=`bSi0a6}<{7chPn>aU z`79tiotokK8?EiW@B-(bNAEVN4I@WX;h=GePUpL`?dAm*O`j&8{+&lsVlKP7p(D%> zcUdU19RAjO_~nAtR2jEJ2{sT zg}5d&4w}*xPvIWmVI5l?EMe^=!OPKn_(U`ab^~3MSCfeS=2tSi0JB;#Jj)-}{z>)8 zUWlmzL(ueZIh!yv6rhoEofBE)4!Rw@KqWBf{G1rjz7NCzD33WXK~=_qDtW*3P1^g< zE3U+~(^~lmd7319cTS6m1H;+sRFFDdd#A_FR-~k6BuiekB*JRLUzQ4sG&P~seSKGs zz(?R`Qsd6OW=PxI Gt#wedh_Tk9F@{@p2|Yejm?nfGugNCPN(yLwGzI-rH}e6 GYxP9p!H0kV diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/ptext_RC4 b/SecurityTests/cspxutils/symReference/blobs/G4/ptext_RC4 deleted file mode 100644 index 8745f0969a6706ebb7d41d94a63acdf164790d06..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 256 zcmV+b0ssCr*2`fn;e$2^nc-K}yhpN0=m7VE)|yHPQ=3fdd*}5MQxU0E&I{KRMMcgq zOwdZb#ZLfT0t{!O40ncC6#9{$VSUwckg{Z>N*0wCnL5Ze?L94d!1E4zH7+^ez*$L_J%@8m+LrJo?iv` zTem}BFe)(qnqO37jbLsa6w)w3Lb6ipdc%RcL?9~>dw^%OGxqs3dQtEtP}}%XVK~*w Gl_LefA9@`C diff --git a/SecurityTests/cspxutils/symReference/blobs/G4/ptext_RC5 b/SecurityTests/cspxutils/symReference/blobs/G4/ptext_RC5 deleted file mode 100644 index 6dfa4f441537bbd007972028cb26dcbbfa783122..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 256 zcmV+b0ssC;#z##d^gBzyS->1B+Bg$;(ln~YY}$qstf7skbi^LBjAsPk5r~;M>H6d= zVp6Wgb~0*@4h(7ge_w7Q*LJV`M$Na4H1la`0dTqIw7~mw)NCgvJ$+Jg2yz3CA9wU7 zDoJDQi$x7mtt>gDBXcsUKv~1M0q!QAaer;Uc>rx9*+B(wCxS4L^=;eJ_*2sgxeE2o zF->?|hx^dzt|%He9eQD&^Z4e8XA_QyLhfD5NXRXjaH;YygX-!ug!8*?&?Omg9!&-i zEG2T&_=^@JHv<0pHfT2nzb!55!SRdeW!=vPF7;FJ{nG~H{Nkuu!^|Q3xml}YlZ@WK GfUs -#include -#include -#include -#include -#include "cspwrap.h" -#include -#include "common.h" -#include -#include "cspdlTesting.h" -#include - -/* - * Defaults. - */ -#define LOOPS_DEF 200 -#define PTEXT_SIZE_DEF 256 -#define BLOCK_SIZE_MAX 32 /* bytes */ - -/* - * Enumerate algs our own way to allow iteration. - */ -typedef enum { - ALG_ASC = 0, /* first must be 0 */ - ALG_DES, - ALG_RC2, - ALG_RC4, - ALG_RC5, - ALG_3DES, - ALG_AES, - ALG_AES192, - ALG_AES256, - ALG_BFISH, - ALG_CAST -} SymAlg; - -#define ALG_FIRST ALG_ASC -#define ALG_LAST ALG_CAST - -static void usage(char **argv) -{ - printf("usage: %s e|d dirName [options]\n", argv[0]); - printf(" e=encrypt, d=decrypt; blobs read/written in dirName\n"); - printf(" Options:\n"); - printf(" a=algorithm (d=DES; 3=3DES3; 2=RC2; 4=RC4; 5=RC5; a=AES; b=Blowfish; \n"); - printf(" c=CAST; s=ASC, default=all)\n"); - printf(" p=ptextSize (default=%d)\n", PTEXT_SIZE_DEF); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -/* - * map SymAlg to test params - */ -typedef struct { - SymAlg alg; - const char *algStr; - CSSM_ALGORITHMS cssmAlg; - CSSM_ENCRYPT_MODE mode; - CSSM_PADDING padding; - CSSM_SIZE keySizeBits; - CSSM_SIZE ivLen; // in bytes -} SymAlgParams; - -static const SymAlgParams symAlgParams[] = -{ - { ALG_ASC, "ASC", CSSM_ALGID_ASC, CSSM_ALGMODE_NONE, CSSM_PADDING_NONE, - CSP_ASC_KEY_SIZE_DEFAULT, 0 }, - { ALG_DES, "DES", CSSM_ALGID_DES, CSSM_ALGMODE_CBCPadIV8, CSSM_PADDING_PKCS5, - CSP_DES_KEY_SIZE_DEFAULT, 8 }, - { ALG_RC2, "RC2", CSSM_ALGID_RC2, CSSM_ALGMODE_CBCPadIV8, CSSM_PADDING_PKCS5, - CSP_RC2_KEY_SIZE_DEFAULT, 8 }, - { ALG_RC4, "RC4", CSSM_ALGID_RC4, CSSM_ALGMODE_NONE, CSSM_PADDING_NONE, - CSP_RC4_KEY_SIZE_DEFAULT, 0 }, - { ALG_RC5, "RC5", CSSM_ALGID_RC5, CSSM_ALGMODE_CBCPadIV8, CSSM_PADDING_PKCS5, - CSP_RC5_KEY_SIZE_DEFAULT, 8 }, - { ALG_3DES, "3DES", CSSM_ALGID_3DES_3KEY_EDE, CSSM_ALGMODE_CBCPadIV8, CSSM_PADDING_PKCS5, - CSP_DES3_KEY_SIZE_DEFAULT, 8 }, - { ALG_AES, "AES", CSSM_ALGID_AES, CSSM_ALGMODE_CBCPadIV8, CSSM_PADDING_PKCS5, - CSP_AES_KEY_SIZE_DEFAULT, 16 }, - { ALG_AES192, "AES192", CSSM_ALGID_AES, CSSM_ALGMODE_CBCPadIV8, CSSM_PADDING_PKCS5, - 192, 24 }, - { ALG_AES256, "AES256", CSSM_ALGID_AES, CSSM_ALGMODE_CBCPadIV8, CSSM_PADDING_PKCS5, - 256, 32 }, - { ALG_BFISH, "Blowfish", CSSM_ALGID_BLOWFISH, CSSM_ALGMODE_CBCPadIV8, CSSM_PADDING_PKCS5, - CSP_BFISH_KEY_SIZE_DEFAULT, 8 }, - { ALG_CAST, "CAST", CSSM_ALGID_CAST, CSSM_ALGMODE_CBCPadIV8, CSSM_PADDING_PKCS5, - CSP_CAST_KEY_SIZE_DEFAULT, 8 } -}; - -static void genFileNames( - const char *algStr, - char *keyFile, - char *ptextFile, - char *ctextFile, - char *ivFile) -{ - sprintf(keyFile, "key_%s", algStr); - sprintf(ptextFile, "ptext_%s", algStr); - sprintf(ctextFile, "ctext_%s", algStr); - sprintf(ivFile, "iv_%s", algStr); -} - -/* encrypt, write blobs (key, plaintext, ciphertext, optional IV) to disk */ -static int doEncrypt( - CSSM_CSP_HANDLE cspHand, - const SymAlgParams *algParams, - CSSM_DATA *ptext, // mallocd, length valid, we fill data - CSSM_BOOL quiet, - CSSM_BOOL verbose) -{ - CSSM_KEY_PTR symKey = NULL; - CSSM_KEY rawKey; - CSSM_RETURN crtn; - CSSM_DATA ctext = {0, NULL}; - uint8 iv[BLOCK_SIZE_MAX]; - CSSM_DATA ivd = {BLOCK_SIZE_MAX, iv}; - CSSM_DATA *ivp = NULL; - uint32 blockSize = 0; - char keyFile[FILENAME_MAX]; - char ptextFile[FILENAME_MAX]; - char ctextFile[FILENAME_MAX]; - char ivFile[FILENAME_MAX]; - - if(!quiet) { - printf("...encrypting, alg %s\n", algParams->algStr); - } - - /* generate reference key (works with CSPDL) */ - symKey = cspGenSymKey(cspHand, algParams->cssmAlg, - "noLabel", 7, - CSSM_KEYUSE_ANY, algParams->keySizeBits, CSSM_TRUE); - if(symKey == NULL) { - printf("***Error generating key for alg %s size %u bits\n", - algParams->algStr, (unsigned)algParams->keySizeBits); - return testError(quiet); - } - - /* get key in raw format (to get the raw blob we write to disk) */ - crtn = cspRefKeyToRaw(cspHand, symKey, &rawKey); - if(crtn) { - printf("***Error generating raw key for alg %s size %u bits\n", - algParams->algStr, (unsigned)algParams->keySizeBits); - return testError(quiet); - } - - appGetRandomBytes(ptext->Data, (unsigned)ptext->Length); - - /* - * Hack: we only need to specify block size for AES192 and AES256, which - * we detect by their having an ivLen of greater than 16. - */ - if(algParams->ivLen > 16) { - blockSize = algParams->ivLen; - } - if(algParams->ivLen) { - appGetRandomBytes(iv, algParams->ivLen); - ivd.Length = algParams->ivLen; - ivp = &ivd; - } - - crtn = cspStagedEncrypt(cspHand, - algParams->cssmAlg, algParams->mode, algParams->padding, - symKey, NULL, - 0, blockSize, 0, - ivp, ptext, - &ctext, - CSSM_FALSE); - if(crtn) { - printf("***Error encrypting for alg %s size %u bits\n", - algParams->algStr, (unsigned)algParams->keySizeBits); - return testError(quiet); - } - - /* write: key, IV, ptext, ctext */ - genFileNames(algParams->algStr, keyFile, ptextFile, ctextFile, ivFile); - if(writeFile(keyFile, rawKey.KeyData.Data, (unsigned)rawKey.KeyData.Length) || - writeFile(ptextFile, ptext->Data, (unsigned)ptext->Length) || - writeFile(ctextFile, ctext.Data, (unsigned)ctext.Length)) { - printf("***Error writing result of alg %s size %u bits\n", - algParams->algStr, (unsigned)algParams->keySizeBits); - return testError(quiet); - } - if(ivp != NULL) { - if(writeFile(ivFile, ivp->Data, (unsigned)ivp->Length)) { - printf("***Error writing IV for alg %s size %u bits\n", - algParams->algStr, (unsigned)algParams->keySizeBits); - return testError(quiet); - } - } - - /* Free resources */ - CSSM_FreeKey(cspHand, NULL, symKey, CSSM_FALSE); - CSSM_FreeKey(cspHand, NULL, &rawKey, CSSM_FALSE); - CSSM_FREE(ctext.Data); - return 0; -} - -/* read blobs (key, plaintext, ciphertext, optional IV) from disk, decrypt, compare plaintext */ -static int doDecrypt( - CSSM_CSP_HANDLE cspHand, - const SymAlgParams *algParams, - CSSM_BOOL quiet, - CSSM_BOOL verbose) -{ - CSSM_KEY symKey; - uint8 *symKeyBits; - unsigned symKeyLen; // in bytes - CSSM_DATA symKeyData; - CSSM_RETURN crtn; - uint8 *ctextChars; - unsigned ctextLen = 0; - CSSM_DATA ctext; - CSSM_DATA rptext = {0, NULL}; // recovered/decrytped - uint8 *refPTextChars; - unsigned refPtextLen; - CSSM_DATA refPtext = {0, NULL}; // expected - uint8 *iv = NULL; - unsigned ivLen; - CSSM_DATA ivd = {BLOCK_SIZE_MAX, iv}; - CSSM_DATA *ivp = NULL; - uint32 blockSize = 0; - char keyFile[FILENAME_MAX]; - char ptextFile[FILENAME_MAX]; - char ctextFile[FILENAME_MAX]; - char ivFile[FILENAME_MAX]; - - if(!quiet) { - printf("...decrypting, alg %s\n", algParams->algStr); - } - - /* - * Hack: we only need to specify block size for AES192 and AES256, which - * we detect by their having an ivLen of greater than 16. - */ - if(algParams->ivLen > 16) { - blockSize = algParams->ivLen; - } - if(algParams->ivLen) { - ivp = &ivd; - ivd.Length = algParams->ivLen; - } - - /* read: key, IV, ptext, ctext */ - genFileNames(algParams->algStr, keyFile, ptextFile, ctextFile, ivFile); - if(readFile(keyFile, &symKeyBits, &symKeyLen) || - readFile(ptextFile, &refPTextChars, &refPtextLen) || - readFile(ctextFile, &ctextChars, &ctextLen)) { - printf("***Error reading reference blobs for alg %s size %u bits\n", - algParams->algStr, (unsigned)algParams->keySizeBits); - return testError(quiet); - } - if(ivp != NULL) { - if(readFile(ivFile, &iv, &ivLen)) { - printf("***Error writing IV for alg %s size %u bits\n", - algParams->algStr, (unsigned)algParams->keySizeBits); - return testError(quiet); - } - if(ivLen != algParams->ivLen) { - printf("***Unexpected IV length: expect %u found %u\n", - (unsigned)algParams->ivLen, (unsigned)ivLen); - if(testError(quiet)) { - return 1; - } - } - ivd.Data = iv; - } - ctext.Data = ctextChars; - ctext.Length = ctextLen; - refPtext.Data = refPTextChars; - refPtext.Length = refPtextLen; - - /* generate key */ - symKeyData.Data = symKeyBits; - symKeyData.Length = symKeyLen; - - crtn = cspGenSymKeyWithBits(cspHand, algParams->cssmAlg, - CSSM_KEYUSE_ANY, &symKeyData, symKeyLen, &symKey); - if(crtn) { - printf("***Error creating key for alg %s keySize %u\n", - algParams->algStr, (unsigned)algParams->keySizeBits); - return testError(quiet); - } - - crtn = cspStagedDecrypt(cspHand, - algParams->cssmAlg, algParams->mode, algParams->padding, - &symKey, NULL, - 0, blockSize, 0, - ivp, &ctext, - &rptext, - CSSM_FALSE); - if(crtn) { - printf("***Error decrypting for alg %s size %u bits\n", - algParams->algStr, (unsigned)algParams->keySizeBits); - return testError(quiet); - } - - /* moment of truth */ - if(!appCompareCssmData(&rptext, &refPtext)) { - printf("***DATA MISCOMPARE AFTER DECRYPT alg %s size %u bits\n", - algParams->algStr, (unsigned)algParams->keySizeBits); - return testError(quiet); - } - - /* Free resources */ - CSSM_FreeKey(cspHand, NULL, &symKey, CSSM_FALSE); - free(symKeyBits); // mallocd by readFile() - free(refPTextChars); - free(ctextChars); - CSSM_FREE(rptext.Data); // mallocd by CSP - if(iv) { - free(iv); - } - return 0; -} - - -int main(int argc, char **argv) -{ - int arg; - char *argp; - CSSM_DATA ptext; - CSSM_CSP_HANDLE cspHand; - unsigned currAlg; // ALG_xxx - int rtn = 0; - - /* - * User-spec'd params - */ - unsigned minAlg = ALG_FIRST; - unsigned maxAlg = ALG_LAST; - CSSM_BOOL verbose = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_BOOL bareCsp = CSSM_TRUE; - bool encrypt = false; - unsigned ptextSize = PTEXT_SIZE_DEF; - char *dirName; - - if(argc < 3) { - usage(argv); - } - switch(argv[1][0]) { - case 'e': - encrypt = true; - break; - case 'd': - encrypt = false; - break; - default: - usage(argv); - } - dirName = argv[2]; - - for(arg=3; arg -#include -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "cspdlTesting.h" - -/* - * Defaults. - */ -#define LOOPS_DEF 50 -#define MIN_PTEXT_SIZE 8 -#define MAX_PTEXT_SIZE 0x10000 - -/* - * Enumerate algs our own way to allow iteration. - */ -typedef enum { - ALG_ASC = 1, - ALG_DES, - ALG_RC2, - ALG_RC4, - ALG_RC5, - ALG_3DES, - ALG_AES, - ALG_BFISH, - ALG_CAST, - ALG_NULL /* normally not used */ -} SymAlg; -#define ALG_FIRST ALG_ASC -#define ALG_LAST ALG_CAST - -#define PBE_ENABLE 0 -#define PWD_LENGTH_MAX 64 -#define MAX_DATA_SIZE (100000 + 100) /* bytes */ -#define LOOP_NOTIFY 20 - -#define LOG_SIZE 0 -#if LOG_SIZE -#define logSize(s) printf s -#else -#define logSize(s) -#endif - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" a=algorithm (s=ASC; d=DES; 3=3DES; 2=RC2; 4=RC4; 5=RC5; a=AES;\n"); - printf(" b=Blowfish; c=CAST; n=Null; default=all)\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" n=minPtextSize (default=%d)\n", MIN_PTEXT_SIZE); - printf(" x=maxPtextSize (default=%d)\n", MAX_PTEXT_SIZE); - printf(" k=keySizeInBits\n"); - printf(" r(eference keys only)\n"); - printf(" e(xport)\n"); - printf(" d (no DB open)\n"); - printf(" p=pauseInterval (default=0, no pause)\n"); - printf(" o (no padding, well-aligned plaintext)\n"); - printf(" u (no multi-update ops)\n"); - printf(" U (only multi-update ops)\n"); - printf(" m (CSP mallocs out bufs)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" K (key gen only)\n"); - printf(" v(erbose)\n"); - printf(" q(uiet)\n"); - printf(" h(elp)\n"); - exit(1); -} - -/* constant seed data */ -static CSSM_DATA seedData = {8, (uint8 *)"12345678"}; - -/* alternate between two derivation algs, with different digest sizes */ -#define PBE_DERIVE_ALG_ODD CSSM_ALGID_PKCS5_PBKDF1_MD5 -#define PBE_DERIVE_ALG_EVEN CSSM_ALGID_PKCS5_PBKDF1_SHA1 - -/* - * When expectEqualText is true, encrypt/decrypt in place. - */ -#define EQUAL_TEXT_IN_PLACE 1 - -static int doTest(CSSM_CSP_HANDLE cspHand, - CSSM_DATA_PTR ptext, - uint32 keyAlg, // CSSM_ALGID_xxx of the key - uint32 encrAlg, // encrypt/decrypt - uint32 mode, - uint32 padding, - uint32 effectiveKeySizeInBits, - CSSM_BOOL refKey, - CSSM_DATA_PTR pwd, // password- NULL means use a random key data - CSSM_BOOL stagedEncr, - CSSM_BOOL stagedDecr, - CSSM_BOOL mallocPtext, // only meaningful if !stagedDecr - CSSM_BOOL mallocCtext, // only meaningful if !stagedEncr - CSSM_BOOL quiet, - CSSM_BOOL keyGenOnly, - CSSM_BOOL expectEqualText) // ptext size must == ctext size -{ - CSSM_KEY_PTR symKey = NULL; - CSSM_DATA ctext = {0, NULL}; - CSSM_DATA rptext = {0, NULL}; - CSSM_RETURN crtn; - int rtn = 0; - uint32 keySizeInBits; - CSSM_DATA initVector; - uint32 rounds = 0; - - /* generate keys with well aligned sizes; effectiveKeySize specified in encrypt - * only if not well aligned */ - keySizeInBits = (effectiveKeySizeInBits + 7) & ~7; - if(keySizeInBits == effectiveKeySizeInBits) { - effectiveKeySizeInBits = 0; - } - - if(encrAlg == CSSM_ALGID_RC5) { - /* roll the dice, pick one of three values for rounds */ - unsigned die = genRand(1,3); - switch(die) { - case 1: - rounds = 8; - break; - case 2: - rounds = 12; - break; - case 3: - rounds = 16; - break; - } - } - - if(pwd == NULL) { - /* random key */ - symKey = cspGenSymKey(cspHand, - keyAlg, - "noLabel", - 7, - CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, - keySizeInBits, - refKey); - } - else { - /* this code isn't tested */ - uint32 pbeAlg; - initVector.Data = NULL; // we're going to ignore this - initVector.Length = 0; - /* one of two random PBE algs */ - if(ptext->Data[0] & 1) { - pbeAlg = PBE_DERIVE_ALG_ODD; - } - else { - pbeAlg = PBE_DERIVE_ALG_EVEN; - } - symKey = cspDeriveKey(cspHand, - pbeAlg, - keyAlg, - "noLabel", - 7, - CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, - keySizeInBits, - refKey, - pwd, - &seedData, - 1, // iteration count - &initVector); - if(initVector.Data != NULL) { - CSSM_FREE(initVector.Data); - } - } - if(symKey == NULL) { - rtn = testError(quiet); - goto abort; - } - if(keyGenOnly) { - rtn = 0; - goto abort; - } - - /* not all algs need this, pass it in anyway */ - initVector.Data = (uint8 *)"someStrangeInitVect"; - switch(encrAlg) { - case CSSM_ALGID_AES: - case CSSM_ALGID_NONE: - initVector.Length = 16; - break; - default: - initVector.Length = 8; - break; - } - if(stagedEncr) { - crtn = cspStagedEncrypt(cspHand, - encrAlg, - mode, - padding, - symKey, - NULL, // second key unused - effectiveKeySizeInBits, - 0, // cipherBlockSize - rounds, - &initVector, - ptext, - &ctext, - CSSM_TRUE); // multi - } - else { - const CSSM_DATA *ptextPtr = ptext; - if(expectEqualText && mallocCtext && CSPDL_NOPAD_ENFORCE_SIZE) { - /* - * !pad test: ensure this works when ctextlen == ptextlen by - * mallocing ourself right now (instead of cspEncrypt doing it - * after doing a CSSM_QuerySize()) - */ - ctext.Data = (uint8 *)appMalloc(ptext->Length, NULL); - if(ctext.Data == NULL) { - printf("memmory failure\n"); - rtn = testError(quiet); - goto abort; - } - ctext.Length = ptext->Length; - #if EQUAL_TEXT_IN_PLACE - /* encrypt in place */ - memmove(ctext.Data, ptext->Data, ptext->Length); - ptextPtr = &ctext; - #endif - } - crtn = cspEncrypt(cspHand, - encrAlg, - mode, - padding, - symKey, - NULL, // second key unused - effectiveKeySizeInBits, - rounds, - &initVector, - ptextPtr, - &ctext, - mallocCtext); - } - if(crtn) { - rtn = testError(quiet); - goto abort; - } - if(expectEqualText && (ptext->Length != ctext.Length)) { - printf("***ctext/ptext length mismatch: ptextLen %lu ctextLen %lu\n", - ptext->Length, ctext.Length); - rtn = testError(quiet); - if(rtn) { - goto abort; - } - } - logSize(("###ctext len %lu\n", ctext.Length)); - if(stagedDecr) { - crtn = cspStagedDecrypt(cspHand, - encrAlg, - mode, - padding, - symKey, - NULL, // second key unused - effectiveKeySizeInBits, - 0, // cipherBlockSize - rounds, - &initVector, - &ctext, - &rptext, - CSSM_TRUE); // multi - } - else { - const CSSM_DATA *ctextPtr = &ctext; - if(expectEqualText && mallocPtext && CSPDL_NOPAD_ENFORCE_SIZE) { - /* - * !pad test: ensure this works when ctextlen == ptextlen by - * mallocing ourself right now (instead of cspDecrypt doing it - * after doing a CSSM_QuerySize()) - */ - rptext.Data = (uint8 *)appMalloc(ctext.Length, NULL); - if(rptext.Data == NULL) { - printf("memmory failure\n"); - rtn = testError(quiet); - goto abort; - } - rptext.Length = ctext.Length; - #if EQUAL_TEXT_IN_PLACE - /* decrypt in place */ - memmove(rptext.Data, ctext.Data, ctext.Length); - ctextPtr = &rptext; - #endif - } - crtn = cspDecrypt(cspHand, - encrAlg, - mode, - padding, - symKey, - NULL, // second key unused - effectiveKeySizeInBits, - rounds, - &initVector, - ctextPtr, - &rptext, - mallocPtext); - } - if(crtn) { - rtn = testError(quiet); - goto abort; - } - logSize(("###rptext len %lu\n", rptext.Length)); - /* compare ptext, rptext */ - if(ptext->Length != rptext.Length) { - printf("Ptext length mismatch: expect %lu, got %lu\n", ptext->Length, rptext.Length); - rtn = testError(quiet); - if(rtn) { - goto abort; - } - } - if(memcmp(ptext->Data, rptext.Data, ptext->Length)) { - printf("***data miscompare\n"); - rtn = testError(quiet); - } -abort: - /* free key if we have it*/ - if(symKey != NULL) { - if(cspFreeKey(cspHand, symKey)) { - printf("Error freeing privKey\n"); - rtn = 1; - } - CSSM_FREE(symKey); - } - /* free rptext, ctext */ - appFreeCssmData(&rptext, CSSM_FALSE); - appFreeCssmData(&ctext, CSSM_FALSE); - return rtn; -} - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - CSSM_DATA ptext; - CSSM_CSP_HANDLE cspHand; - CSSM_BOOL stagedEncr; - CSSM_BOOL stagedDecr; - CSSM_BOOL mallocCtext; - CSSM_BOOL mallocPtext; - CSSM_BOOL refKey; - const char *algStr; - uint32 keyAlg; // CSSM_ALGID_xxx of the key - uint32 encrAlg; // CSSM_ALGID_xxx of the encrypt/decrypt/sign - int i; - int currAlg; // ALG_xxx - CSSM_DATA_PTR pPwd; - CSSM_DATA pwd; - uint32 actKeySizeInBits; - int rtn = 0; - uint32 blockSize; // for noPadding case - CSSM_BOOL expectEqualText; - - /* - * User-spec'd params - */ - CSSM_BOOL keySizeSpec = CSSM_FALSE; // false: use rand key size - SymAlg minAlg = ALG_FIRST; - SymAlg maxAlg = ALG_LAST; - unsigned loops = LOOPS_DEF; - CSSM_BOOL verbose = CSSM_FALSE; - unsigned minPtextSize = MIN_PTEXT_SIZE; - unsigned maxPtextSize = MAX_PTEXT_SIZE; - CSSM_BOOL quiet = CSSM_FALSE; - unsigned pauseInterval = 0; - uint32 mode; - uint32 padding; - CSSM_BOOL noDbOpen = CSSM_FALSE; - CSSM_BOOL bareCsp = CSSM_TRUE; - CSSM_BOOL keyGenOnly = CSSM_FALSE; - CSSM_BOOL noPadding = CSSM_FALSE; - CSSM_BOOL multiEnable = CSSM_TRUE; - CSSM_BOOL multiOnly = CSSM_FALSE; - CSSM_BOOL refKeysOnly = CSSM_FALSE; - CSSM_BOOL cspMallocs = CSSM_FALSE; - - #if macintosh - argc = ccommand(&argv); - #endif - for(arg=1; arg maxPtextSize) { - printf("***minPtextSize must be <= maxPtextSize\n"); - usage(argv); - } - pwd.Data = (uint8 *)CSSM_MALLOC(PWD_LENGTH_MAX); - ptext.Data = (uint8 *)CSSM_MALLOC(maxPtextSize); - if(ptext.Data == NULL) { - printf("Insufficient heap space\n"); - exit(1); - } - /* ptext length set in test loop */ - printf("Starting symTest; args: "); - for(i=1; i align ptext */ - ptext.Length = ((ptext.Length + blockSize - 1) / blockSize) * blockSize; - } - if(!keySizeSpec) { - actKeySizeInBits = randKeySizeBits(keyAlg, OT_Encrypt); - } - /* else constant, spec'd by user, may be 0 (default per alg) */ - /* mix up some random and derived keys, as well as staging and "who does - * the malloc?" */ - pPwd = (loop & 1) ? &pwd : NULL; - if(multiEnable) { - if(multiOnly) { - stagedEncr = stagedDecr = CSSM_TRUE; - } - else { - stagedEncr = (loop & 2) ? CSSM_TRUE : CSSM_FALSE; - stagedDecr = (loop & 4) ? CSSM_TRUE : CSSM_FALSE; - } - } - else { - stagedEncr = CSSM_FALSE; - stagedDecr = CSSM_FALSE; - } - if(!stagedEncr && !cspMallocs) { - mallocCtext = (ptext.Data[0] & 1) ? CSSM_TRUE : CSSM_FALSE; - } - else { - mallocCtext = CSSM_FALSE; - } - if(!stagedDecr && !cspMallocs) { - mallocPtext = (ptext.Data[0] & 2) ? CSSM_TRUE : CSSM_FALSE; - } - else { - mallocPtext = CSSM_FALSE; - } - if(refKeysOnly) { - refKey = CSSM_TRUE; - } - else { - refKey = (ptext.Data[0] & 4) ? CSSM_TRUE : CSSM_FALSE; - } - #if !PBE_ENABLE - pPwd = NULL; - #endif - if(!quiet) { - if(verbose || ((loop % LOOP_NOTIFY) == 0)) { - printf("..loop %d text size %lu keySizeBits %u\n", - loop, (unsigned long)ptext.Length, (unsigned)actKeySizeInBits); - if(verbose) { - printf(" refKey %d derive %d stagedEncr %d stagedDecr %d mallocCtext %d " - "mallocPtext %d\n", - (int)refKey, (pPwd == NULL) ? 0 : 1, (int)stagedEncr, (int)stagedDecr, - (int)mallocCtext, (int)mallocPtext); - } - } - } - #if PBE_ENABLE - if(pPwd != NULL) { - /* PBE - cook up random password */ - simpleGenData(pPwd, APPLE_PBE_MIN_PASSWORD, PWD_LENGTH_MAX); - } - #endif - - if(doTest(cspHand, - &ptext, - keyAlg, - encrAlg, - mode, - padding, - actKeySizeInBits, - refKey, - pPwd, - stagedEncr, - stagedDecr, - mallocPtext, - mallocCtext, - quiet, - keyGenOnly, - expectEqualText)) { - rtn = 1; - break; - } - if(pauseInterval && ((loop % pauseInterval) == 0)) { - char c; - fpurge(stdin); - printf("Hit CR to proceed, q to abort: "); - c = getchar(); - if(c == 'q') { - goto testDone; - } - } - if(loops && (loop == loops)) { - break; - } - } /* main loop */ - if(rtn) { - break; - } - - } /* for algs */ - -testDone: - cspShutdown(cspHand, bareCsp); - if(pauseInterval) { - fpurge(stdin); - printf("ModuleDetach/Unload complete; hit CR to exit: "); - getchar(); - } - if((rtn == 0) && !quiet) { - printf("%s test complete\n", argv[0]); - } - CSSM_FREE(pwd.Data); - CSSM_FREE(ptext.Data); - return rtn; -} diff --git a/SecurityTests/cspxutils/testall b/SecurityTests/cspxutils/testall deleted file mode 100755 index 6b273491..00000000 --- a/SecurityTests/cspxutils/testall +++ /dev/null @@ -1,67 +0,0 @@ -#! /bin/csh -f -# -# Run all normal configurations of cspdvt and cltpdvt. -# -# safely look for this required env var -# -setenv | grep LOCAL_BUILD_DIR > /dev/null -if($status != 0) then - echo Please set env var LOCAL_BUILD_DIR. - exit(1) -endif - -# Setup HOME environment with an unlocked login.keychain -setenv HOME "${LOCAL_BUILD_DIR}/home" -# Cleanup after a possible previous test run -rm -rf "${LOCAL_BUILD_DIR}/home" -echo Creating virtual home directory in "$HOME"... -mkdir -p "${HOME}/Library/Preferences" || exit(1) -setenv PATH "${LOCAL_BUILD_DIR}:${PATH}" -# -# Avoid Sec layer overriding what we're trying to do here.... -# -set USERNAME=`whoami` -if($USERNAME == root) then - set LOGIN_KEYCHAIN="${LOCAL_BUILD_DIR}/home/Library/Keychains/login.keychain" -else - set LOGIN_KEYCHAIN=login.keychain -endif -echo Creating virtual login keychain in "$LOGIN_KEYCHAIN"... -security create -p test "$LOGIN_KEYCHAIN" -security set-keychain-settings "$LOGIN_KEYCHAIN" || exit(1) - -set BUILD_DIR=$LOCAL_BUILD_DIR - -set FULL_SSL= -while ( $#argv > 0 ) - switch ( "$argv[1]" ) - case f: - set FULL_SSL=f - shift - breaksw - default: - echo Usage: testall \[f\(ull SSL tests\)\] - exit(1) - endsw -end - -# -# Verify existence of a few random executables before we start. -# -if( ( ! -e $BUILD_DIR/wrapTest ) || \ - ( ! -e $BUILD_DIR/hashTest ) || \ - ( ! -e $BUILD_DIR/sslViewer ) || \ - ( ! -e $BUILD_DIR/threadTest) ) then - echo === You do not seem to have all of the required executables. - echo === Please run \"make all\". - exit(1) -endif - - -echo ===== Running raw CSP regression test ===== -./cspdvt q || exit(1) -echo ===== Running CSPDL regression test ===== -./cspdvt q D || exit(1) -echo ===== Running CL/TP regression test ===== -cd ../clxutils; ./cltpdvt q $FULL_SSL || exit(1) -echo ===== Full CSP/CL/TP regression test SUCCEEDED ===== diff --git a/SecurityTests/cspxutils/utilLib/Makefile b/SecurityTests/cspxutils/utilLib/Makefile deleted file mode 100644 index a2833233..00000000 --- a/SecurityTests/cspxutils/utilLib/Makefile +++ /dev/null @@ -1,59 +0,0 @@ -# name of executable to build -EXECUTABLE=libcsputils.a -# C++ source (with .cpp extension) -CPSOURCE= commonCpp.cpp nssAppUtils.cpp ssleayUtils.cpp -# C source (.c extension) -CSOURCE= common.c cspwrap.c fileIo.c bsafeUtils.c t_stdlib.c rijndael-alg-ref.c \ - rijndaelApi.c cputime.c - -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -#PROJ_CFLAGS= -Os -PROJ_CFLAGS= -fvisibility=hidden - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.lib - -# Special case for this object file...normally we ignore header dependencies, but -# this header is auto generated on a regular basis. -$(OBJROOT)/commonCpp.o: commonCpp.cpp cssmErrorStrings.h - $(CC) $(ALL_CFLAGS) -c -o $(OBJROOT)/commonCpp.o commonCpp.cpp diff --git a/SecurityTests/cspxutils/utilLib/boxes-ref.h b/SecurityTests/cspxutils/utilLib/boxes-ref.h deleted file mode 100644 index b3036019..00000000 --- a/SecurityTests/cspxutils/utilLib/boxes-ref.h +++ /dev/null @@ -1,85 +0,0 @@ -static const word8 Logtable[256] = { - 0, 0, 25, 1, 50, 2, 26, 198, 75, 199, 27, 104, 51, 238, 223, 3, -100, 4, 224, 14, 52, 141, 129, 239, 76, 113, 8, 200, 248, 105, 28, 193, -125, 194, 29, 181, 249, 185, 39, 106, 77, 228, 166, 114, 154, 201, 9, 120, -101, 47, 138, 5, 33, 15, 225, 36, 18, 240, 130, 69, 53, 147, 218, 142, -150, 143, 219, 189, 54, 208, 206, 148, 19, 92, 210, 241, 64, 70, 131, 56, -102, 221, 253, 48, 191, 6, 139, 98, 179, 37, 226, 152, 34, 136, 145, 16, -126, 110, 72, 195, 163, 182, 30, 66, 58, 107, 40, 84, 250, 133, 61, 186, - 43, 121, 10, 21, 155, 159, 94, 202, 78, 212, 172, 229, 243, 115, 167, 87, -175, 88, 168, 80, 244, 234, 214, 116, 79, 174, 233, 213, 231, 230, 173, 232, - 44, 215, 117, 122, 235, 22, 11, 245, 89, 203, 95, 176, 156, 169, 81, 160, -127, 12, 246, 111, 23, 196, 73, 236, 216, 67, 31, 45, 164, 118, 123, 183, -204, 187, 62, 90, 251, 96, 177, 134, 59, 82, 161, 108, 170, 85, 41, 157, -151, 178, 135, 144, 97, 190, 220, 252, 188, 149, 207, 205, 55, 63, 91, 209, - 83, 57, 132, 60, 65, 162, 109, 71, 20, 42, 158, 93, 86, 242, 211, 171, - 68, 17, 146, 217, 35, 32, 46, 137, 180, 124, 184, 38, 119, 153, 227, 165, -103, 74, 237, 222, 197, 49, 254, 24, 13, 99, 140, 128, 192, 247, 112, 7, -}; - -static const word8 Alogtable[256] = { - 1, 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53, - 95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170, -229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49, - 83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205, - 76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136, -131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154, -181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163, -254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160, -251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65, -195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117, -159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128, -155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84, -252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202, - 69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14, - 18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23, - 57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1, -}; - -static const word8 S[256] = { - 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118, -202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192, -183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21, - 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117, - 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132, - 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, -208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, - 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210, -205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115, - 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, -224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, -231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, -186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, -112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, -225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, -140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22, -}; - -static const word8 Si[256] = { - 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251, -124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203, - 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78, - 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37, -114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146, -108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132, -144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6, -208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107, - 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115, -150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110, - 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27, -252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244, - 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95, - 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239, -160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97, - 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125, -}; - -static const word8 iG[4][4] = { -{ 0x0e, 0x09, 0x0d, 0x0b }, -{ 0x0b, 0x0e, 0x09, 0x0d }, -{ 0x0d, 0x0b, 0x0e, 0x09 }, -{ 0x09, 0x0d, 0x0b, 0x0e } -}; - -static const word32 rcon[30] = { - 0x01,0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, }; diff --git a/SecurityTests/cspxutils/utilLib/bsafeUtils.c b/SecurityTests/cspxutils/utilLib/bsafeUtils.c deleted file mode 100644 index 9038a26a..00000000 --- a/SecurityTests/cspxutils/utilLib/bsafeUtils.c +++ /dev/null @@ -1,1009 +0,0 @@ -/* - * bsafeUtils.c - common routines for CDSA/BSAFE compatibility testing - */ - - -#include -#include -#include -#include -//#include -//#include -#include "bsafeUtils.h" -#include -#include "common.h" - -/* - * Convert between BSAFE ITEM and CSSM_DATA - */ -#if 0 -static inline void buItemToCssmData( - const ITEM *item, - CSSM_DATA_PTR cdata) -{ - cdata->Data = item->data; - cdata->Length = item->len; -} - -static inline void buCssmDataToItem( - const CSSM_DATA *cdata, - ITEM *item) -{ - item->data = cdata->Data; - item->len = cdata->Length; -} - -/* - * BSafe's Chooser table - all we'll ever need. - */ -/*static*/ B_ALGORITHM_METHOD *BSAFE_ALGORITHM_CHOOSER[] = { - // digests - &AM_SHA, - &AM_MD5, - &AM_MD2, - - // organizational - &AM_CBC_ENCRYPT, - &AM_CBC_DECRYPT, - &AM_ECB_ENCRYPT, - &AM_ECB_DECRYPT, - &AM_OFB_ENCRYPT, - &AM_OFB_DECRYPT, - - // DES & variants - &AM_DES_ENCRYPT, - &AM_DES_DECRYPT, - &AM_DESX_ENCRYPT, - &AM_DESX_DECRYPT, - &AM_DES_EDE_ENCRYPT, - &AM_DES_EDE_DECRYPT, - - // RCn stuff - &AM_RC2_CBC_ENCRYPT, - &AM_RC2_CBC_DECRYPT, - &AM_RC2_ENCRYPT, - &AM_RC2_DECRYPT, - &AM_RC4_ENCRYPT, - &AM_RC4_DECRYPT, - &AM_RC5_ENCRYPT, - &AM_RC5_DECRYPT, - &AM_RC5_CBC_ENCRYPT, - &AM_RC5_CBC_DECRYPT, - - // RSA - &AM_RSA_STRONG_KEY_GEN, - &AM_RSA_KEY_GEN, - &AM_RSA_CRT_ENCRYPT_BLIND, - &AM_RSA_CRT_DECRYPT_BLIND, - &AM_RSA_ENCRYPT, - &AM_RSA_DECRYPT, - - // DSA - &AM_DSA_PARAM_GEN, - &AM_DSA_KEY_GEN, - - // signatures - &AM_DSA_SIGN, - &AM_DSA_VERIFY, - - // random number generation - &AM_MD5_RANDOM, - &AM_SHA_RANDOM, - - // sentinel - (B_ALGORITHM_METHOD *)NULL_PTR -}; - -/* - * Convert a BSAFE return to a CSSM error and optionally print the error msg with - * the op in which the error occurred. - */ -static CSSM_RETURN buBsafeErrToCssm( - int brtn, - const char *op) -{ - const char *errStr = NULL; - CSSM_RETURN crtn; - - switch (brtn) { - case 0: - return CSSM_OK; - case BE_ALLOC: - crtn = CSSMERR_CSSM_MEMORY_ERROR; - errStr = "BE_ALLOC"; - break; - case BE_SIGNATURE: - crtn = CSSMERR_CSP_VERIFY_FAILED; - errStr = "BE_SIGNATURE"; - break; - case BE_OUTPUT_LEN: - crtn = CSSMERR_CSP_OUTPUT_LENGTH_ERROR; - errStr = "BE_OUTPUT_LEN"; - break; - case BE_INPUT_LEN: - crtn = CSSMERR_CSP_INPUT_LENGTH_ERROR; - errStr = "BE_INPUT_LEN"; - break; - case BE_EXPONENT_EVEN: - crtn = CSSMERR_CSP_INVALID_KEY; - errStr = "BE_EXPONENT_EVEN"; - break; - case BE_EXPONENT_LEN: - crtn = CSSMERR_CSP_INVALID_KEY; - errStr = "BE_EXPONENT_LEN"; - break; - case BE_EXPONENT_ONE: - crtn = CSSMERR_CSP_INVALID_KEY; - errStr = "BE_EXPONENT_ONE"; - break; - case BE_DATA: - crtn = CSSMERR_CSP_INVALID_DATA; - errStr = "BE_DATA"; - break; - case BE_INPUT_DATA: - crtn = CSSMERR_CSP_INVALID_DATA; - errStr = "BE_INPUT_DATA"; - break; - case BE_WRONG_KEY_INFO: - crtn = CSSMERR_CSP_INVALID_KEY; - errStr = "BE_WRONG_KEY_INFO"; - break; - default: - //@@@ translate BSafe errors intelligently - crtn = CSSM_ERRCODE_INTERNAL_ERROR; - errStr = "Other BSAFE error"; - break; - } - if(op != NULL) { - printf("%s: BSAFE error %d (%s)\n", op, brtn, errStr); - } - return crtn; -} - -/* - * Non-thread-safe global random B_ALGORITHM_OBJ and a reusable init for it. - */ -static B_ALGORITHM_OBJ bsafeRng = NULL; -#define BSAFE_RANDSIZE 64 - -static B_ALGORITHM_OBJ buGetRng() -{ - int brtn; - uint8 seed[BSAFE_RANDSIZE]; - - if(bsafeRng != NULL) { - return bsafeRng; - } - brtn = B_CreateAlgorithmObject(&bsafeRng); - if(brtn) { - buBsafeErrToCssm(brtn, "B_CreateAlgorithmObject(&bsafeRng)"); - return NULL; - } - brtn = B_SetAlgorithmInfo(bsafeRng, AI_X962Random_V0, NULL_PTR); - if(brtn) { - buBsafeErrToCssm(brtn, "B_SetAlgorithmInfo(bsafeRng)"); - return NULL; - } - brtn = B_RandomInit(bsafeRng, BSAFE_ALGORITHM_CHOOSER, NULL); - if(brtn) { - buBsafeErrToCssm(brtn, "B_SetAlgorithmInfo(bsafeRng)"); - return NULL; - } - appGetRandomBytes(seed, BSAFE_RANDSIZE); - brtn = B_RandomUpdate(bsafeRng, seed, BSAFE_RANDSIZE, NULL); - if(brtn) { - buBsafeErrToCssm(brtn, "B_RandomUpdate"); - return NULL; - } - return bsafeRng; -} -#endif - -/* - * Create a symmetric key. - */ -CSSM_RETURN buGenSymKey( - uint32 keySizeInBits, - const CSSM_DATA *keyData, - BU_KEY *key) // RETURNED -{ -#if 0 - int brtn; - B_KEY_OBJ bkey = NULL; - ITEM item; - unsigned keyBytes = (keySizeInBits + 7) / 8; - - if(keyBytes > keyData->Length) { - /* note it's OK to give us too much key data */ - printf("***buGenSymKey: Insufficient keyData\n"); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - - /* create a BSAFE key */ - brtn = B_CreateKeyObject(&bkey); - if(brtn) { - return buBsafeErrToCssm(brtn, "B_CreateKeyObject"); - } - - /* assign data to the key */ - item.data = keyData->Data; - item.len = keyBytes; - brtn = B_SetKeyInfo(bkey, KI_Item, (POINTER)&item); - if(brtn) { - return buBsafeErrToCssm(brtn, "B_SetKeyInfo"); - } - else { - *key = bkey; - return CSSM_OK; - } -#endif - return 0; -} - -/* - * Create asymmetric key pair. - * FIXME - additional params (e.g. DSA params, RSA exponent)? - */ -CSSM_RETURN buGenKeyPair( - uint32 keySizeInBits, - CSSM_ALGORITHMS keyAlg, // CSSM_ALGID_{RSA,DSA} - BU_KEY *pubKey, // RETURNED - BU_KEY *privKey) // RETURNED -{ -#if 0 // NO MORE BSAFE - int brtn; - B_KEY_OBJ bPubkey = NULL; - B_KEY_OBJ bPrivkey = NULL; - B_ALGORITHM_OBJ keypairGen = NULL; - const char *op = NULL; - A_RSA_KEY_GEN_PARAMS params; - unsigned char exp[1] = { 3 }; - B_ALGORITHM_OBJ genDsaAlg = NULL; - B_ALGORITHM_OBJ dsaResult = NULL; - B_DSA_PARAM_GEN_PARAMS dsaParams; - A_DSA_PARAMS *kParams = NULL; - - /* create algorithm object */ - brtn = B_CreateAlgorithmObject(&keypairGen); - if(brtn) { - return CSSMERR_CSSM_MEMORY_ERROR; - } - - /* create two BSAFE keys */ - brtn = B_CreateKeyObject(&bPubkey); - if(brtn) { - op ="B_CreateKeyObject"; - goto abort; - } - brtn = B_CreateKeyObject(&bPrivkey); - if(brtn) { - op ="B_CreateKeyObject"; - goto abort; - } - switch(keyAlg) { - case CSSM_ALGID_RSA: - { - /* set RSA-specific params */ - params.modulusBits = keySizeInBits; - /* hack - parameterize? */ - params.publicExponent.data = exp; - params.publicExponent.len = 1; - brtn = B_SetAlgorithmInfo(keypairGen, AI_RSAKeyGen, - (POINTER)¶ms); - if(brtn) { - op ="B_SetAlgorithmInfo(AI_RSAKeyGen)"; - } - break; - } - case CSSM_ALGID_DSA: - { - /* jump through hoops generating parameters */ - brtn = B_CreateAlgorithmObject(&genDsaAlg); - if(brtn) { - op ="B_CreateAlgorithmObject"; - break; - } - dsaParams.primeBits = keySizeInBits; - brtn = B_SetAlgorithmInfo(genDsaAlg, AI_DSAParamGen, (POINTER)&dsaParams); - if(brtn) { - op = "B_SetAlgorithmInfo(AI_DSAParamGen)"; - break; - } - brtn = B_GenerateInit(genDsaAlg, BSAFE_ALGORITHM_CHOOSER, NULL); - if(brtn) { - op = "B_GenerateInit(AI_DSAParamGen)"; - break; - } - brtn = B_CreateAlgorithmObject(&dsaResult); - if(brtn) { - op = "B_CreateAlgorithmObject"; - break; - } - brtn = B_GenerateParameters(genDsaAlg, dsaResult, buGetRng(), NULL); - if(brtn) { - op = "B_GenerateParameters"; - break; - } - - /* dsaResult now has the parameters, which we must extract and then - * apply to the keypairGen object. Cool, huh? */ - brtn = B_GetAlgorithmInfo((POINTER *)&kParams, dsaResult, AI_DSAKeyGen); - if(brtn) { - op = "B_GetAlgorithmInfo(AI_DSAKeyGen)"; - break; - } - brtn = B_SetAlgorithmInfo(keypairGen, AI_DSAKeyGen, (POINTER)kParams); - if(brtn) { - op ="B_SetAlgorithmInfo(AI_DSAKeyGen)"; - } - break; - } - default: - printf("buGenKeyPair: algorithm not supported\n"); - return CSSMERR_CSSM_FUNCTION_NOT_IMPLEMENTED; - } - if(brtn) { - goto abort; - } - - /* keypairGen all set to go. */ - brtn = B_GenerateInit(keypairGen, - BSAFE_ALGORITHM_CHOOSER, - (A_SURRENDER_CTX *)NULL); - if(brtn) { - op = "B_GenerateInit"; - goto abort; - } - brtn = B_GenerateKeypair(keypairGen, - bPubkey, - bPrivkey, - buGetRng(), - NULL); - if(brtn) { - op = "B_GenerateInit"; - } -abort: - B_DestroyAlgorithmObject(&keypairGen); - B_DestroyAlgorithmObject(&genDsaAlg); - B_DestroyAlgorithmObject(&dsaResult); - if(brtn) { - B_DestroyKeyObject(&bPubkey); - B_DestroyKeyObject(&bPrivkey); - return buBsafeErrToCssm(brtn, op); - } - else { - *pubKey = bPubkey; - *privKey = bPrivkey; - return CSSM_OK; - } -#endif - return CSSM_OK; -} - -/* - * Free a key created in buGenSymKey or buGenKeyPair - */ -CSSM_RETURN buFreeKey( - BU_KEY key) -{ -#if 0 // NO MORE BSAFE - B_KEY_OBJ bkey = (B_KEY_OBJ)key; - B_DestroyKeyObject(&bkey); -#endif - return CSSM_OK; -} - -/* - * encrypt/decrypt - */ -CSSM_RETURN buEncryptDecrypt( - BU_KEY key, - CSSM_BOOL forEncrypt, - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE mode, // CSSM_ALGMODE_CBC, etc. - const CSSM_DATA *iv, //Êoptional per mode - uint32 effectiveKeyBits, // optional per key alg (actually just RC2) - // for RSA, key size in bits - uint32 rounds, // optional, RC5 only - const CSSM_DATA *inData, - CSSM_DATA_PTR outData) // mallocd and RETURNED -{ -#if 0 // NO MORE BSAFE - B_ALGORITHM_OBJ alg; - int brtn; - char fbCipher = 1; - uint32 blockSize = 0; - unsigned outBufLen; - unsigned bytesMoved; - CSSM_RETURN crtn; - char useIv; - - // these variables are used in the switch below and need to - // live until after setAlgorithm() - ITEM bsIv; - B_BLK_CIPHER_W_FEEDBACK_PARAMS spec; - A_RC5_PARAMS rc5Params; - A_RC2_PARAMS rc2Params; - - brtn = B_CreateAlgorithmObject(&alg); - if(brtn) { - return buBsafeErrToCssm(brtn, "B_CreateAlgorithmObject"); - } - - /* per-alg setup */ - switch(encrAlg) { - case CSSM_ALGID_RC4: - /* the easy one */ - brtn = B_SetAlgorithmInfo(alg, AI_RC4, NULL); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_SetAlgorithmInfo"); - goto abort; - } - fbCipher = 0; - break; - - case CSSM_ALGID_RSA: - /* assume encrypt via publicm decrypt via private */ - if(forEncrypt) { - brtn = B_SetAlgorithmInfo(alg, AI_PKCS_RSAPublic, NULL); - } - else { - brtn = B_SetAlgorithmInfo(alg, AI_PKCS_RSAPrivate, NULL); - } - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_SetAlgorithmInfo(RSA)"); - goto abort; - } - blockSize = (effectiveKeyBits + 7) / 8; - fbCipher = 0; - break; - - /* common code using AI_FeebackCipher */ - case CSSM_ALGID_DES: - spec.encryptionMethodName = (POINTER)"des"; - blockSize = 8; - break; - case CSSM_ALGID_DESX: - spec.encryptionMethodName = (POINTER)"desx"; - blockSize = 8; - break; - case CSSM_ALGID_3DES_3KEY_EDE: - spec.encryptionMethodName = (POINTER)"des_ede"; - blockSize = 8; - break; - case CSSM_ALGID_RC5: - spec.encryptionMethodName = (POINTER)"rc5"; - spec.encryptionParams = (POINTER)&rc5Params; - rc5Params.version = 0x10; - rc5Params.rounds = rounds; - rc5Params.wordSizeInBits = 32; - blockSize = 8; - break; - case CSSM_ALGID_RC2: - spec.encryptionMethodName = (POINTER)"rc2"; - spec.encryptionParams = (POINTER)&rc2Params; - rc2Params.effectiveKeyBits = effectiveKeyBits; - blockSize = 8; - break; - /* add other non-AI_FeebackCipher algorithms here */ - default: - printf("buEncryptDecrypt: unknown algorithm\n"); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - if(fbCipher) { - useIv = 1; // default, except for ECB - switch(mode) { - case CSSM_ALGMODE_CBCPadIV8: - spec.feedbackMethodName = (POINTER)"cbc"; - spec.paddingMethodName = (POINTER)"pad"; - break; - case CSSM_ALGMODE_CBC_IV8: - spec.feedbackMethodName = (POINTER)"cbc"; - spec.paddingMethodName = (POINTER)"nopad"; - break; - case CSSM_ALGMODE_OFB_IV8: - spec.feedbackMethodName = (POINTER)"cbc"; - spec.paddingMethodName = (POINTER)"nopad"; - break; - case CSSM_ALGMODE_ECB: - /* this does not seem to work yet - need info from - * RSA. Specify block size as the feedbackParams (per manual) - * and get a memmove error trying to copy from address 8; specify - * an IV and get BSAFE error 524 (BE_INPUT_DATA) error on the - * EncryptInit. - */ - spec.feedbackMethodName = (POINTER)"ecb"; - spec.paddingMethodName = (POINTER)"nopad"; - //useIv = 0; - //spec.feedbackParams = (POINTER)8; - break; - default: - printf("buEncryptDecrypt: unknown mode\n"); - return CSSM_ERRCODE_INTERNAL_ERROR; - } - if(useIv && (iv != NULL)) { - buCssmDataToItem(iv, &bsIv); - spec.feedbackParams = (POINTER)&bsIv; - } - - brtn = B_SetAlgorithmInfo(alg, AI_FeedbackCipher, (POINTER)&spec); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_SetAlgorithmInfo"); - goto abort; - } - } - - /* - * OK, one way or another we have an algorithm object. Set up - * output buffer. - */ - if(forEncrypt) { - outBufLen = inData->Length + blockSize; - } - else { - outBufLen = inData->Length; - } - outData->Length = 0; - outData->Data = NULL; - crtn = appSetupCssmData(outData, outBufLen); - if(crtn) { - goto abort; - } - if(forEncrypt) { - brtn = B_EncryptInit(alg, - (B_KEY_OBJ)key, - BSAFE_ALGORITHM_CHOOSER, - (A_SURRENDER_CTX *)NULL); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_EncryptInit"); - goto abort; - } - brtn = B_EncryptUpdate(alg, - outData->Data, - &bytesMoved, - outBufLen, - inData->Data, - inData->Length, - buGetRng(), // randAlg - NULL); // surrender - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_EncryptInit"); - goto abort; - } - outData->Length = bytesMoved; - brtn = B_EncryptFinal(alg, - outData->Data + bytesMoved, - &bytesMoved, - outBufLen - outData->Length, - buGetRng(), // randAlg - NULL); // surrender - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_EncryptFinal"); - goto abort; - } - outData->Length += bytesMoved; - crtn = CSSM_OK; - } - else { - brtn = B_DecryptInit(alg, - (B_KEY_OBJ)key, - BSAFE_ALGORITHM_CHOOSER, - (A_SURRENDER_CTX *)NULL); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_DecryptInit"); - goto abort; - } - brtn = B_DecryptUpdate(alg, - outData->Data, - &bytesMoved, - outBufLen, - inData->Data, - inData->Length, - NULL, // randAlg - NULL); // surrender - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_DecryptUpdate"); - goto abort; - } - outData->Length = bytesMoved; - brtn = B_DecryptFinal(alg, - outData->Data + bytesMoved, - &bytesMoved, - outBufLen - outData->Length, - NULL, // randAlg - NULL); // surrender - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_DecryptFinal"); - goto abort; - } - outData->Length += bytesMoved; - crtn = CSSM_OK; - } -abort: - B_DestroyAlgorithmObject(&alg); -#endif - return 0; //crtn; -} - -#if 0 -/* CSSM sig alg --> B_INFO_TYPE */ -static CSSM_RETURN cssmSigAlgToInfoType( - CSSM_ALGORITHMS cssmAlg, - B_INFO_TYPE *infoType) -{ - switch(cssmAlg) { - case CSSM_ALGID_SHA1WithRSA: - *infoType = AI_SHA1WithRSAEncryption; - break; - case CSSM_ALGID_MD5WithRSA: - *infoType = AI_MD5WithRSAEncryption; - break; - case CSSM_ALGID_SHA1WithDSA: - *infoType = AI_DSAWithSHA1; - break; - default: - printf("cssmSigAlgToInfoType: unknown algorithm\n"); - return CSSMERR_CSSM_FUNCTION_NOT_IMPLEMENTED; - } - return CSSM_OK; -} -#endif - -/* - * Sign/verify - */ -CSSM_RETURN buSign( - BU_KEY key, - CSSM_ALGORITHMS sigAlg, - const CSSM_DATA *ptext, - uint32 keySizeInBits, // to set up sig - CSSM_DATA_PTR sig) // mallocd and RETURNED -{ -#if 0 // NO MORE BSAFE - B_ALGORITHM_OBJ alg = NULL; - int brtn; - B_INFO_TYPE infoType; - CSSM_RETURN crtn; - unsigned sigBytes; - - brtn = B_CreateAlgorithmObject(&alg); - if(brtn) { - return buBsafeErrToCssm(brtn, "B_CreateAlgorithmObject"); - } - crtn = cssmSigAlgToInfoType(sigAlg, &infoType); - if(crtn) { - return crtn; - } - brtn = B_SetAlgorithmInfo(alg, infoType, NULL); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_SetAlgorithmInfo"); - goto abort; - } - brtn = B_SignInit(alg, (B_KEY_OBJ)key, BSAFE_ALGORITHM_CHOOSER, NULL); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_SignInit"); - goto abort; - } - brtn = B_SignUpdate(alg, ptext->Data, ptext->Length, NULL); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_SignUpdate"); - goto abort; - } - - /* prepare for sig, size of key */ - sigBytes = (keySizeInBits + 7) / 8; - sig->Data = (uint8 *)CSSM_MALLOC(sigBytes); - sig->Length = sigBytes; - - brtn = B_SignFinal(alg, sig->Data, &sigBytes, sigBytes, buGetRng(), NULL); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_SignFinal"); - goto abort; - } - sig->Length = sigBytes; - crtn = CSSM_OK; -abort: - B_DestroyAlgorithmObject(&alg); -#endif - return 0;//; -} - -CSSM_RETURN buVerify( - BU_KEY key, - CSSM_ALGORITHMS sigAlg, - const CSSM_DATA *ptext, - const CSSM_DATA *sig) // mallocd and RETURNED -{ -#if 0 // NO MORE BSAFE - B_ALGORITHM_OBJ alg = NULL; - int brtn; - B_INFO_TYPE infoType; - CSSM_RETURN crtn; - - brtn = B_CreateAlgorithmObject(&alg); - if(brtn) { - return buBsafeErrToCssm(brtn, "B_CreateAlgorithmObject"); - } - crtn = cssmSigAlgToInfoType(sigAlg, &infoType); - if(crtn) { - return crtn; - } - brtn = B_SetAlgorithmInfo(alg, infoType, NULL); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_SetAlgorithmInfo"); - goto abort; - } - brtn = B_VerifyInit(alg, (B_KEY_OBJ)key, BSAFE_ALGORITHM_CHOOSER, NULL); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_VerifyInit"); - goto abort; - } - brtn = B_VerifyUpdate(alg, ptext->Data, ptext->Length, NULL); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_VerifyUpdate"); - goto abort; - } - brtn = B_VerifyFinal(alg, sig->Data, sig->Length, buGetRng(), NULL); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_VerifyFinal"); - goto abort; - } - crtn = CSSM_OK; -abort: - B_DestroyAlgorithmObject(&alg); - return crtn; -#endif - return 0; -} - -/* - * generate MAC either one update (updateSizes == NULL) or - * specified set of update sizes. - */ -#define MAX_MAC_SIZE 20 - -CSSM_RETURN buGenMac( - BU_KEY key, // any key, any size - CSSM_ALGORITHMS macAlg, // only CSSM_ALGID_SHA1HMAC for now - const CSSM_DATA *ptext, - unsigned *updateSizes, // NULL --> random updates - // else null-terminated list of sizes - CSSM_DATA_PTR mac) // mallocd and RETURNED -{ -#if 0 // NO MORE BSAFE - B_ALGORITHM_OBJ alg = NULL; - int brtn; - CSSM_RETURN crtn; - B_DIGEST_SPECIFIER digestInfo; - B_INFO_TYPE infoType; - unsigned macBytes; - - brtn = B_CreateAlgorithmObject(&alg); - if(brtn) { - return buBsafeErrToCssm(brtn, "B_CreateAlgorithmObject"); - } - switch(macAlg) { - case CSSM_ALGID_SHA1HMAC: - case CSSM_ALGID_SHA1HMAC_LEGACY: - digestInfo.digestInfoType = AI_SHA1; - infoType = AI_HMAC; - break; - default: - printf("buGenMac: alg not supported\n"); - return CSSMERR_CSSM_FUNCTION_NOT_IMPLEMENTED; - } - digestInfo.digestInfoParams = NULL; - brtn = B_SetAlgorithmInfo(alg, infoType, (POINTER)&digestInfo); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_SetAlgorithmInfo"); - goto abort; - } - brtn = B_DigestInit(alg, (B_KEY_OBJ)key, BSAFE_ALGORITHM_CHOOSER, NULL); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_DigestInit"); - goto abort; - } - if(updateSizes) { - uint8 *currData = ptext->Data; - while(*updateSizes) { - brtn = B_DigestUpdate(alg, currData, *updateSizes, NULL); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_DigestUpdate"); - goto abort; - } - currData += *updateSizes; - updateSizes++; - } - } - else { - /* one-shot */ - brtn = B_DigestUpdate(alg, ptext->Data, ptext->Length, NULL); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_DigestUpdate"); - goto abort; - } - } - /* prepare for mac, magically gleaned max size */ - macBytes = MAX_MAC_SIZE; - mac->Data = (uint8 *)CSSM_MALLOC(macBytes); - mac->Length = macBytes; - - brtn = B_DigestFinal(alg, mac->Data, &macBytes, macBytes, NULL); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_DigestFinal"); - goto abort; - } - mac->Length = macBytes; - crtn = CSSM_OK; -abort: - B_DestroyAlgorithmObject(&alg); - return crtn; -#endif - return 0; -} - -/* generate digest */ -#define MAX_DIGEST_SIZE 20 - -CSSM_RETURN buGenDigest( - CSSM_ALGORITHMS macAlg, // CSSM_ALGID_SHA1, etc. */ - const CSSM_DATA *ptext, - CSSM_DATA_PTR digest) // mallocd and RETURNED -{ -#if 0 // NO MORE BSAFE - B_ALGORITHM_OBJ alg = NULL; - int brtn; - CSSM_RETURN crtn; - B_INFO_TYPE infoType; - unsigned hashBytes; - - brtn = B_CreateAlgorithmObject(&alg); - if(brtn) { - return buBsafeErrToCssm(brtn, "B_CreateAlgorithmObject"); - } - switch(macAlg) { - case CSSM_ALGID_SHA1: - infoType = AI_SHA1; - break; - case CSSM_ALGID_MD5: - infoType = AI_MD5; - break; - case CSSM_ALGID_MD2: - infoType = AI_MD2; - break; - default: - printf("buGenDigest: alg not supported\n"); - return CSSMERR_CSSM_FUNCTION_NOT_IMPLEMENTED; - } - brtn = B_SetAlgorithmInfo(alg, infoType, NULL); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_SetAlgorithmInfo"); - goto abort; - } - brtn = B_DigestInit(alg, NULL, BSAFE_ALGORITHM_CHOOSER, NULL); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_DigestInit"); - goto abort; - } - brtn = B_DigestUpdate(alg, ptext->Data, ptext->Length, NULL); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_DigestUpdate"); - goto abort; - } - - /* prepare for digest, magically gleaned max size */ - hashBytes = MAX_DIGEST_SIZE; - digest->Data = (uint8 *)CSSM_MALLOC(hashBytes); - digest->Length = hashBytes; - - brtn = B_DigestFinal(alg, digest->Data, &hashBytes, hashBytes, NULL); - if(brtn) { - crtn = buBsafeErrToCssm(brtn, "B_DigestFinal"); - goto abort; - } - digest->Length = hashBytes; - crtn = CSSM_OK; -abort: - B_DestroyAlgorithmObject(&alg); - return crtn; -#else - return 0; -#endif -} - -/* - * Convert between BSAFE and CDSA private keys - */ -CSSM_RETURN buBsafePrivKeyToCdsa( - CSSM_ALGORITHMS keyAlg, - uint32 keySizeInBits, - BU_KEY bsafePrivKey, - CSSM_KEY_PTR cdsaPrivKey) -{ -#if 0 // NO MORE BSAFE - B_INFO_TYPE infoType; - ITEM *keyBlob; - int brtn; - CSSM_KEYBLOB_FORMAT format; - CSSM_KEYHEADER_PTR hdr = &cdsaPrivKey->KeyHeader; - - /* what kind of info? */ - switch(keyAlg) { - case CSSM_ALGID_RSA: - infoType = KI_PKCS_RSAPrivateBER; - format = CSSM_KEYBLOB_RAW_FORMAT_PKCS8; - break; - case CSSM_ALGID_DSA: - infoType = KI_DSAPrivateBER; - format = CSSM_KEYBLOB_RAW_FORMAT_FIPS186; - break; - default: - printf("***buBsafePrivKeyToCdsa: bogus keyAlg\n"); - return CSSMERR_CSSM_FUNCTION_NOT_IMPLEMENTED; - } - - /* get the blob */ - brtn = B_GetKeyInfo((POINTER *)&keyBlob, - (B_KEY_OBJ)bsafePrivKey, - infoType); - if(brtn) { - return buBsafeErrToCssm(brtn, "B_GetKeyInfo"); - } - - /* copy blob to CDSA key */ - cdsaPrivKey->KeyData.Data = (uint8 *)CSSM_MALLOC(keyBlob->len); - cdsaPrivKey->KeyData.Length = keyBlob->len; - memmove(cdsaPrivKey->KeyData.Data, keyBlob->data, keyBlob->len); - - /* set up CSSM key header */ - memset(hdr, 0, sizeof(CSSM_KEYHEADER)); - hdr->HeaderVersion = CSSM_KEYHEADER_VERSION; - hdr->BlobType = CSSM_KEYBLOB_RAW; - hdr->Format = format; - hdr->AlgorithmId = keyAlg; - hdr->KeyClass = CSSM_KEYCLASS_PRIVATE_KEY; - hdr->LogicalKeySizeInBits = keySizeInBits; - hdr->KeyAttr = CSSM_KEYATTR_EXTRACTABLE; - hdr->KeyUsage = CSSM_KEYUSE_ANY; -#endif - return CSSM_OK; -} - -CSSM_RETURN buCdsaPrivKeyToBsafe( - CSSM_KEY_PTR cdsaPrivKey, - BU_KEY *bsafePrivKey) -{ -#if 0 // NO MORE BSAFE - int brtn; - B_KEY_OBJ privKey = NULL; - ITEM keyBlob; - B_INFO_TYPE infoType; - - /* what kind of info? */ - switch(cdsaPrivKey->KeyHeader.AlgorithmId) { - case CSSM_ALGID_RSA: - infoType = KI_PKCS_RSAPrivateBER; - break; - case CSSM_ALGID_DSA: - infoType = KI_DSAPrivateBER; - break; - default: - printf("***buCdsaPrivKeyToCssm: bogus keyAlg\n"); - return CSSMERR_CSSM_FUNCTION_NOT_IMPLEMENTED; - } - - /* create caller's key, assign blob to it */ - brtn = B_CreateKeyObject(&privKey); - if(brtn) { - return buBsafeErrToCssm(brtn, "B_CreateKeyObject"); - } - buCssmDataToItem(&cdsaPrivKey->KeyData, &keyBlob); - brtn = B_SetKeyInfo(privKey, infoType, (POINTER)&keyBlob); - if(brtn) { - return buBsafeErrToCssm(brtn, "B_SetKeyInfo"); - } - *bsafePrivKey = privKey; -#endif - return CSSM_OK; -} - diff --git a/SecurityTests/cspxutils/utilLib/bsafeUtils.h b/SecurityTests/cspxutils/utilLib/bsafeUtils.h deleted file mode 100644 index 8ed52346..00000000 --- a/SecurityTests/cspxutils/utilLib/bsafeUtils.h +++ /dev/null @@ -1,109 +0,0 @@ -/* - * bsafeUtils.h - common routines for CDSA/BSAFE compatibility testing - */ - -/* - * Clients of this module do not need to know about or see anything from the - * BSAFE headers. - */ -#ifndef _BSAFE_UTILS_H_ -#define _BSAFE_UTILS_H_ -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* Actually the same as a B_KEY_OBJ, but our callers don't need to know that */ -typedef void *BU_KEY; - -/* - * Create a symmetric key. - */ -CSSM_RETURN buGenSymKey( - uint32 keySizeInBits, - const CSSM_DATA *keyData, - BU_KEY *key); // RETURNED - -/* - * Create asymmetric key pair. - * FIXME - additional params (e.g. DSA params, RSA exponent)? - */ -CSSM_RETURN buGenKeyPair( - uint32 keySizeInBits, - CSSM_ALGORITHMS keyAlg, // CSSM_ALGID_{RSA,DSA} - BU_KEY *pubKey, // RETURNED - BU_KEY *privKey); // RETURNED - -/* - * Free a key created in buGenSymKey or buGenKeyPair - */ -CSSM_RETURN buFreeKey( - BU_KEY key); - -/* - * encrypt/decrypt - */ -CSSM_RETURN buEncryptDecrypt( - BU_KEY key, - CSSM_BOOL forEncrypt, - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE mode, // CSSM_ALGMODE_CBC, etc. - const CSSM_DATA *iv, //Êoptional per mode - uint32 effectiveKeyBits, // optional per key alg (actually just RC2) - // for RSA, key size in bits - uint32 rounds, // optional, RC5 only - const CSSM_DATA *inData, - CSSM_DATA_PTR outData); // mallocd and RETURNED - -/* - * Sign/verify - */ -CSSM_RETURN buSign( - BU_KEY key, - CSSM_ALGORITHMS sigAlg, - const CSSM_DATA *ptext, - uint32 keySizeInBits, // to set up sig - CSSM_DATA_PTR sig); // mallocd and RETURNED - -CSSM_RETURN buVerify( - BU_KEY key, - CSSM_ALGORITHMS sigAlg, - const CSSM_DATA *ptext, - const CSSM_DATA *sig); // mallocd and RETURNED - -/* - * generate MAC either one update (updateSizes == NULL) or - * specified set of update sizes. - */ -CSSM_RETURN buGenMac( - BU_KEY key, // any key, any size - CSSM_ALGORITHMS macAlg, // only CSSM_ALGID_SHA1HMAC for now - const CSSM_DATA *ptext, - unsigned *updateSizes, // NULL --> random updates - // else null-terminated list of sizes - CSSM_DATA_PTR mac); // mallocd and RETURNED - -/* generate digest */ -CSSM_RETURN buGenDigest( - CSSM_ALGORITHMS macAlg, // CSSM_ALGID_SHA1, etc. */ - const CSSM_DATA *ptext, - CSSM_DATA_PTR digest); // mallocd and RETURNED - -/* - * Convert between BSAFE and CDSA private keys - */ -CSSM_RETURN buBsafePrivKeyToCdsa( - CSSM_ALGORITHMS keyAlg, - uint32 keySizeInBits, - BU_KEY bsafePrivKey, - CSSM_KEY_PTR cdsaPrivKey); -CSSM_RETURN buCdsaPrivKeyToBsafe( - CSSM_KEY_PTR cdsaPrivKey, - BU_KEY *bsafePrivKey); - -#ifdef __cplusplus -} -#endif - -#endif /* _BSAFE_UTILS_H_ */ diff --git a/SecurityTests/cspxutils/utilLib/common.c b/SecurityTests/cspxutils/utilLib/common.c deleted file mode 100644 index 5e337bef..00000000 --- a/SecurityTests/cspxutils/utilLib/common.c +++ /dev/null @@ -1,624 +0,0 @@ -/* Copyright (c) 1997,2003-2005,2008 Apple Inc. - * - * common.c - Common CSP test code - * - * Revision History - * ---------------- - * 4 May 2000 Doug Mitchell - * Ported to X/CDSA2. - * 6 Jul 1998 Doug Mitchell at Apple - * Added clStartup(). - * 12 Aug 1997 Doug Mitchell at Apple - * Created. - */ - -#include -#include -#include -#include -#include "common.h" -#include /* apple, not intel */ -#include - -static CSSM_VERSION vers = {2, 0}; -//const static uint32 guidPrefix = 0xFADE; -const CSSM_GUID testGuid = { 0xFADE, 0, 0, { 1,2,3,4,5,6,7,0 }}; - -/* - * We can't enable this until all of these are fixed and integrated: - * 2890978 CSP - * 2927474 CSPDL - * 2928357 TP - */ -#define DETECT_MALLOC_ABUSE 1 - -#if DETECT_MALLOC_ABUSE - -/* - * This set of allocator functions detects when we free something - * which was mallocd by CDSA or a plugin using something other than - * our callback malloc/realloc/calloc. With proper runtime support - * (which is present in Jaguar 6C35), the reverse is also detected - * by malloc (i.e., we malloc something and CDSA or a plugin frees - * it). - */ -#define APP_MALLOC_MAGIC 'Util' - -void * appMalloc (CSSM_SIZE size, void *allocRef) { - void *ptr; - - /* scribble magic number in first four bytes */ - ptr = malloc(size + 4); - *(uint32 *)ptr = APP_MALLOC_MAGIC; - ptr = (char *)ptr + 4; - - return ptr; -} - -void appFree (void *ptr, void *allocRef) { - if(ptr == NULL) { - return; - } - ptr = (char *)ptr - 4; - if(*(uint32 *)ptr != APP_MALLOC_MAGIC) { - printf("ERROR: appFree() freeing a block that we didn't allocate!\n"); - return; // this free is not safe - } - *(uint32 *)ptr = 0; - free(ptr); -} - -/* Realloc - adjust both original pointer and size */ -void * appRealloc (void *ptr, CSSM_SIZE size, void *allocRef) { - if(ptr == NULL) { - /* no ptr, no existing magic number */ - return appMalloc(size, allocRef); - } - ptr = (char *)ptr - 4; - if(*(uint32 *)ptr != APP_MALLOC_MAGIC) { - printf("ERROR: appRealloc() on a block that we didn't allocate!\n"); - } - *(uint32 *)ptr = 0; - ptr = realloc(ptr, size + 4); - *(uint32 *)ptr = APP_MALLOC_MAGIC; - ptr = (char *)ptr + 4; - return ptr; -} - -/* Have to do this manually */ -void * appCalloc (uint32 num, CSSM_SIZE size, void *allocRef) { - uint32 memSize = num * size; - - void *ptr = appMalloc(memSize, allocRef); - memset(ptr, 0, memSize); - return ptr; -} - -#else /* DETECT_MALLOC_ABUSE */ -/* - * Standard app-level memory functions required by CDSA. - */ -void * appMalloc (CSSM_SIZE size, void *allocRef) { - return( malloc(size) ); -} -void appFree (void *mem_ptr, void *allocRef) { - free(mem_ptr); - return; -} -void * appRealloc (void *ptr, CSSM_SIZE size, void *allocRef) { - return( realloc( ptr, size ) ); -} -void * appCalloc (uint32 num, CSSM_SIZE size, void *allocRef) { - return( calloc( num, size ) ); -} -#endif /* DETECT_MALLOC_ABUSE */ - -static CSSM_API_MEMORY_FUNCS memFuncs = { - appMalloc, - appFree, - appRealloc, - appCalloc, - NULL - }; - -/* - * Init CSSM; returns CSSM_FALSE on error. Reusable. - */ -static CSSM_BOOL cssmInitd = CSSM_FALSE; -CSSM_BOOL cssmStartup() -{ - CSSM_RETURN crtn; - CSSM_PVC_MODE pvcPolicy = CSSM_PVC_NONE; - - if(cssmInitd) { - return CSSM_TRUE; - } - crtn = CSSM_Init (&vers, - CSSM_PRIVILEGE_SCOPE_NONE, - &testGuid, - CSSM_KEY_HIERARCHY_NONE, - &pvcPolicy, - NULL /* reserved */); - if(crtn != CSSM_OK) - { - printError("CSSM_Init", crtn); - return CSSM_FALSE; - } - else { - cssmInitd = CSSM_TRUE; - return CSSM_TRUE; - } -} - -/* - * Init CSSM and establish a session with the Apple CSP. - */ -CSSM_CSP_HANDLE cspStartup() -{ - return cspDlDbStartup(CSSM_TRUE, NULL); -} - -/* like cspStartup, but also returns DB handle. If incoming dbHandPtr - * is NULL, no DB startup. */ -CSSM_CSP_HANDLE cspDbStartup( - CSSM_DB_HANDLE *dbHandPtr) -{ - return cspDlDbStartup(CSSM_TRUE, NULL); -} - -CSSM_CSP_HANDLE cspDlDbStartup( - CSSM_BOOL bareCsp, // true ==> CSP, false ==> CSP/DL - CSSM_DB_HANDLE *dbHandPtr) // optional - TO BE DELETED -{ - CSSM_CSP_HANDLE cspHand; - CSSM_RETURN crtn; - const CSSM_GUID *guid; - char *modName; - - if(dbHandPtr) { - *dbHandPtr = 0; - } - if(cssmStartup() == CSSM_FALSE) { - return 0; - } - if(bareCsp) { - guid = &gGuidAppleCSP; - modName = (char*) "AppleCSP"; - } - else { - guid = &gGuidAppleCSPDL; - modName = (char *) "AppleCSPDL"; - } - crtn = CSSM_ModuleLoad(guid, - CSSM_KEY_HIERARCHY_NONE, - NULL, // eventHandler - NULL); // AppNotifyCallbackCtx - if(crtn) { - char outStr[100]; - sprintf(outStr, "CSSM_ModuleLoad(%s)", modName); - printError(outStr, crtn); - return 0; - } - crtn = CSSM_ModuleAttach (guid, - &vers, - &memFuncs, // memFuncs - 0, // SubserviceID - CSSM_SERVICE_CSP, - 0, // AttachFlags - CSSM_KEY_HIERARCHY_NONE, - NULL, // FunctionTable - 0, // NumFuncTable - NULL, // reserved - &cspHand); - if(crtn) { - char outStr[100]; - sprintf(outStr, "CSSM_ModuleAttach(%s)", modName); - printError(outStr, crtn); - return 0; - } - return cspHand; -} - -/* - * Detach and unload from a CSP. - */ -CSSM_RETURN cspShutdown( - CSSM_CSP_HANDLE cspHand, - CSSM_BOOL bareCsp) // true ==> CSP, false ==> CSP/DL -{ - CSSM_RETURN crtn; - const CSSM_GUID *guid; - char *modName; - - if(bareCsp) { - guid = &gGuidAppleCSP; - modName = (char *) "AppleCSP"; - } - else { - guid = &gGuidAppleCSPDL; - modName = (char *) "AppleCSPDL"; - } - crtn = CSSM_ModuleDetach(cspHand); - if(crtn) { - printf("Error detaching from %s\n", modName); - printError("CSSM_ModuleDetach", crtn); - return crtn; - } - crtn = CSSM_ModuleUnload(guid, NULL, NULL); - if(crtn) { - printf("Error unloading %s\n", modName); - printError("CSSM_ModuleUnload", crtn); - } - return crtn; -} - -/* Attach to DL side of CSPDL */ -CSSM_DL_HANDLE dlStartup() -{ - CSSM_DL_HANDLE dlHand = 0; - CSSM_RETURN crtn; - - if(cssmStartup() == CSSM_FALSE) { - return 0; - } - crtn = CSSM_ModuleLoad(&gGuidAppleCSPDL, - CSSM_KEY_HIERARCHY_NONE, - NULL, // eventHandler - NULL); // AppNotifyCallbackCtx - if(crtn) { - printError("CSSM_ModuleLoad(Apple CSPDL)", crtn); - return 0; - } - crtn = CSSM_ModuleAttach (&gGuidAppleCSPDL, - &vers, - &memFuncs, // memFuncs - 0, // SubserviceID - CSSM_SERVICE_DL, - 0, // AttachFlags - CSSM_KEY_HIERARCHY_NONE, - NULL, // FunctionTable - 0, // NumFuncTable - NULL, // reserved - &dlHand); - if(crtn) { - printError("CSSM_ModuleAttach(Apple CSPDL)", crtn); - return 0; - } - return dlHand; -} - -/* - * Delete a DB. - */ -#define DELETE_WITH_AUTHENT 0 -CSSM_RETURN dbDelete( - CSSM_DL_HANDLE dlHand, // from dlStartup() - const char *dbName) -{ - return CSSM_DL_DbDelete(dlHand, dbName, NULL, NULL); -} - -/* - * open a DB, ensure it's empty. - */ -CSSM_DB_HANDLE dbStartup( - CSSM_DL_HANDLE dlHand, // from dlStartup() - const char *dbName) -{ - CSSM_DB_HANDLE dbHand = 0; - - CSSM_RETURN crtn = dbCreateOpen(dlHand, dbName, - CSSM_TRUE, // create - CSSM_TRUE, // delete - NULL, // pwd - &dbHand); - if(crtn == CSSM_OK) { - return dbHand; - } - else { - return 0; - } -} - -#if 0 -/* - * Attach to existing DB or create an empty new one. - */ -CSSM_DB_HANDLE dbStartupByName(CSSM_DL_HANDLE dlHand, - char *dbName, - CSSM_BOOL doCreate) -{ - CSSM_RETURN crtn; - CSSM_DB_HANDLE dbHand; - - /* try to open existing DB in either case */ - - crtn = CSSM_DL_DbOpen(dlHand, - dbName, - NULL, // DbLocation - CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, - NULL, // CSSM_ACCESS_CREDENTIALS *AccessCred - NULL, // void *OpenParameters - &dbHand); - if(dbHand != 0) { - return dbHand; - } - if(!doCreate) { - printf("***no such data base (%s)\n", dbName); - printError("CSSM_DL_DbOpen", crtn); - return 0; - } - /* have to create one */ - return dbStartup(dlHand, dbName); -} -#endif - -/* - * routines which convert various types to untyped byte arrays. - */ -void intToBytes(unsigned i, unsigned char *buf) -{ - *buf++ = (unsigned char)((i >> 24) & 0xff); - *buf++ = (unsigned char)((i >> 16) & 0xff); - *buf++ = (unsigned char)((i >> 8) & 0xff); - *buf = (unsigned char)(i & 0xff); -} -void shortToBytes(unsigned short s, unsigned char *buf) -{ - *buf++ = (unsigned char)((s >> 8) & 0xff); - *buf = (unsigned char)(s & 0xff); -} -unsigned bytesToInt(const unsigned char *buf) { - unsigned result; - result = (((unsigned)buf[0] << 24) & 0xff000000) | - (((unsigned)buf[1] << 16) & 0x00ff0000) | - (((unsigned)buf[2] << 8) & 0xff00) | - (((unsigned)buf[3]) & 0xff); - return result; -} -unsigned short bytesToShort(const unsigned char *buf) { - unsigned short result; - result = (((unsigned short)buf[0] << 8) & 0xff00) | - (((unsigned short)buf[1]) & 0xff); - return result; -} - -/* - * Given a context specified via a CSSM_CC_HANDLE, add a new - * CSSM_CONTEXT_ATTRIBUTE to the context as specified by AttributeType, - * AttributeLength, and an untyped pointer. - * - * This is currently used to add a second CSSM_KEY attribute when performing - * ops with algorithm CSSM_ALGID_FEED and CSSM_ALGID_FEECFILE. - */ -CSSM_RETURN AddContextAttribute(CSSM_CC_HANDLE CCHandle, - uint32 AttributeType, - uint32 AttributeLength, - ContextAttrType attrType, - /* specify exactly one of these */ - const void *AttributePtr, - uint32 attributeInt) -{ - CSSM_CONTEXT_ATTRIBUTE newAttr; - CSSM_RETURN crtn; - - newAttr.AttributeType = AttributeType; - newAttr.AttributeLength = AttributeLength; - if(attrType == CAT_Uint32) { - newAttr.Attribute.Uint32 = attributeInt; - } - else { - newAttr.Attribute.Data = (CSSM_DATA_PTR)AttributePtr; - } - crtn = CSSM_UpdateContextAttributes(CCHandle, 1, &newAttr); - if(crtn) { - printError("CSSM_UpdateContextAttributes", crtn); - } - return crtn; -} - -/* - * Set up a CSSM data. - */ -CSSM_RETURN appSetupCssmData( - CSSM_DATA_PTR data, - uint32 numBytes) -{ - if(data == NULL) { - printf("Hey! appSetupCssmData with NULL Data!\n"); - return CSSMERR_CSSM_INTERNAL_ERROR; - } - data->Data = (uint8 *)CSSM_MALLOC(numBytes); - if(data->Data == NULL) { - return CSSMERR_CSSM_MEMORY_ERROR; - } - data->Length = numBytes; - return CSSM_OK; -} - -/* - * Free the data referenced by a CSSM data, and optionally, the struct itself. - */ -void appFreeCssmData(CSSM_DATA_PTR data, - CSSM_BOOL freeStruct) -{ - if(data == NULL) { - return; - } - if(data->Length != 0) { - CSSM_FREE(data->Data); - } - if(freeStruct) { - CSSM_FREE(data); - } - else { - data->Length = 0; - data->Data = NULL; - } -} - -/* - * Copy src to dst, mallocing dst. - */ -CSSM_RETURN appCopyCssmData(const CSSM_DATA *src, - CSSM_DATA_PTR dst) -{ - return appCopyData(src->Data, src->Length, dst); -} - -/* copy raw data to a CSSM_DATA, mallocing dst. */ -CSSM_RETURN appCopyData(const void *src, - uint32 len, - CSSM_DATA_PTR dst) -{ - dst->Length = 0; - if(len == 0) { - dst->Data = NULL; - return CSSM_OK; - } - dst->Data = (uint8 *)CSSM_MALLOC(len); - if(dst->Data == NULL) { - return CSSM_ERRCODE_MEMORY_ERROR; - } - dst->Length = len; - memcpy(dst->Data, src, len); - return CSSM_OK; -} - -CSSM_BOOL appCompareCssmData(const CSSM_DATA *d1, - const CSSM_DATA *d2) -{ - if(d1->Length != d2->Length) { - return CSSM_FALSE; - } - if(memcmp(d1->Data, d2->Data, d1->Length)) { - return CSSM_FALSE; - } - return CSSM_TRUE; -} - -/* min <= return <= max */ -unsigned genRand(unsigned min, unsigned max) -{ - unsigned i; - if(min == max) { - return min; - } - appGetRandomBytes(&i, 4); - return (min + (i % (max - min + 1))); -} - -void simpleGenData(CSSM_DATA_PTR dbuf, unsigned minBufSize, unsigned maxBufSize) -{ - unsigned len = genRand(minBufSize, maxBufSize); - appGetRandomBytes(dbuf->Data, len); - dbuf->Length = len; -} - -#define MIN_OFFSET 0 -#define MAX_OFFSET 99 -#define MIN_ASCII 'a' -#define MAX_ASCII 'z' - -/* - * Calculate random data size, fill dataPool with that many random bytes. - * - * (10**minExp + MIN_OFFSET) <= size <= (10**maxExp + MAX_OFFSET) - */ -unsigned genData(unsigned char *dataPool, - unsigned minExp, - unsigned maxExp, - dataType type) -{ - int exp; - int offset; - int size; - char *cp; - int i; - char ac; - - /* - * Calculate "random" size : (10 ** (random exponent)) + random offset - */ - exp = genRand(minExp, maxExp); - offset = genRand(MIN_OFFSET, MAX_OFFSET); - size = 1; - while(exp--) { // size = 10 ** exp - size *= 10; - } - size += offset; - switch(type) { - case DT_Zero: - bzero(dataPool, size); - break; - case DT_Increment: - { - int i; - for(i=0; i MAX_ASCII) { - ac = MIN_ASCII; - } - } - break; - case DT_Random: - appGetRandomBytes(dataPool, size); - break; - } - return size; -} - -void dumpBuffer( - const char *bufName, // optional - unsigned char *buf, - unsigned len) -{ - unsigned i; - - if(bufName) { - printf("%s\n", bufName); - } - printf(" "); - for(i=0; i - -#ifdef __cplusplus -extern "C" { -#endif - -#undef COMMON_CSSM_MEMORY -#define COMMON_CSSM_MEMORY 0 - -#if COMMON_CSSM_MEMORY -#define CSSM_MALLOC(size) CSSM_Malloc(size) -#define CSSM_FREE(ptr) CSSM_Free(ptr) -#define CSSM_CALLOC(num, size) CSSM_Calloc(num, size) -#define CSSM_REALLOC(ptr, newSize) CSSM_Realloc(ptr, newSize) -/* used in cspwrap when allocating memory on app's behalf */ -#define appMalloc(size, allocRef) CSSM_Malloc(size) - -#else /* !COMMON_CSSM_MEMORY */ - -void * appMalloc (CSSM_SIZE size, void *allocRef); -void appFree (void *mem_ptr, void *allocRef); -void * appRealloc (void *ptr, CSSM_SIZE size, void *allocRef); -void * appCalloc (uint32 num, CSSM_SIZE size, void *allocRef); - -#define CSSM_MALLOC(size) appMalloc(size, NULL) -#define CSSM_FREE(ptr) appFree(ptr, NULL) -#define CSSM_CALLOC(num, size) appCalloc(num, size, NULL) -#define CSSM_REALLOC(ptr, newSize) appRealloc(ptr, newSize, NULL) - -#endif /* COMMON_CSSM_MEMORY */ - -/* - * As of 23 March 1999, there is no longer a "default DB" available for - * generating keys. This is the standard DB handle created when - * calling cspStartup(). - */ -extern CSSM_DB_HANDLE commonDb; - -/* - * Init CSSM; returns CSSM_FALSE on error. Reusable. - */ -extern CSSM_BOOL cssmStartup(); - -/* various flavors of "start up the CSP with optional DB open" */ -CSSM_CSP_HANDLE cspStartup(); // bare bones CSP -CSSM_CSP_HANDLE cspDbStartup( // bare bones CSP, DB open - CSSM_DB_HANDLE *dbHandPtr); -CSSM_DL_HANDLE dlStartup(); -CSSM_CSP_HANDLE cspDlDbStartup( // one size fits all - CSSM_BOOL bareCsp, // true ==> CSP, false ==> CSP/DL - CSSM_DB_HANDLE *dbHandPtr); // optional -CSSM_RETURN cspShutdown( - CSSM_CSP_HANDLE cspHand, - CSSM_BOOL bareCsp); // true ==> CSP, false ==> CSP/DL -CSSM_RETURN dbDelete( - CSSM_DL_HANDLE dlHand, // from dlStartup() - const char *dbName); -CSSM_DB_HANDLE dbStartup( - CSSM_DL_HANDLE dlHand, // from dlStartup() - const char *dbName); -CSSM_RETURN dbCreateOpen( - CSSM_DL_HANDLE dlHand, // from dlStartup() - const char *dbName, - CSSM_BOOL doCreate, // if false, must already exist - CSSM_BOOL deleteExist, - const char *pwd, // optional - CSSM_DB_HANDLE *dbHand); - -extern void intToBytes(unsigned i, unsigned char *buf); -void shortToBytes(unsigned short s, unsigned char *buf); -unsigned bytesToInt(const unsigned char *buf); -unsigned short bytesToShort(const unsigned char *buf); - -/* specify either 32-bit integer or a pointer as an added attribute value */ -typedef enum { - CAT_Uint32, - CAT_Ptr -} ContextAttrType; - -CSSM_RETURN AddContextAttribute(CSSM_CC_HANDLE CCHandle, - uint32 AttributeType, - uint32 AttributeLength, - ContextAttrType attrType, - /* specify exactly one of these */ - const void *AttributePtr, - uint32 attributeInt); -void printError(const char *op, CSSM_RETURN err); -CSSM_RETURN appSetupCssmData( - CSSM_DATA_PTR data, - uint32 numBytes); -void appFreeCssmData(CSSM_DATA_PTR data, - CSSM_BOOL freeStruct); -CSSM_RETURN appCopyCssmData(const CSSM_DATA *src, - CSSM_DATA_PTR dst); -/* copy raw data to a CSSM_DATAm mallocing dst. */ -CSSM_RETURN appCopyData(const void *src, - uint32 len, - CSSM_DATA_PTR dst); - -/* returns CSSM_TRUE on success, else CSSM_FALSE */ -CSSM_BOOL appCompareCssmData(const CSSM_DATA *d1, - const CSSM_DATA *d2); - -const char *cssmErrToStr(CSSM_RETURN err); - -/* - * Calculate random data size, fill dataPool with that many random bytes. - */ -typedef enum { - DT_Random, - DT_Increment, - DT_Zero, - DT_ASCII -} dataType; - -unsigned genData(unsigned char *dataPool, - unsigned minExp, - unsigned maxExp, - dataType type); -void simpleGenData(CSSM_DATA_PTR dbuf, unsigned minBufSize, unsigned maxBufSize); -unsigned genRand(unsigned min, unsigned max); -extern void appGetRandomBytes(void *buf, unsigned len); - -void dumpBuffer( - const char *bufName, // optional - unsigned char *buf, - unsigned len); - -int testError(CSSM_BOOL quiet); - -void testStartBanner( - const char *testName, - int argc, - char **argv); - -#ifdef __cplusplus -} - -#endif -#endif /* _UTIL_LIB_COMMON_H_*/ - - diff --git a/SecurityTests/cspxutils/utilLib/commonCpp.cpp b/SecurityTests/cspxutils/utilLib/commonCpp.cpp deleted file mode 100644 index f53415a5..00000000 --- a/SecurityTests/cspxutils/utilLib/commonCpp.cpp +++ /dev/null @@ -1,160 +0,0 @@ -// -// throw C++-dependent stuff in here -// -#include -#include -#include "common.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include "cssmErrorStrings.h" /* generated error string table */ - -/* - * Log CSSM error. - */ -void printError(const char *op, CSSM_RETURN err) -{ - cssmPerror(op, err); -} - -const char *cssmErrToStr(CSSM_RETURN err) -{ - const ErrString *esp; - - for(esp=errStrings; esp->errStr!=NULL; esp++) { - if(esp->errCode == err) { - return esp->errStr; - } - } - - static char outbuf[512]; - sprintf(outbuf, "UNKNOWN ERROR CODE %d", (int)err); - return outbuf; -} - - -/* - * Open a DB, optionally: - * - * -- ensuring it's empty - * -- creating it - * -- Specifying optional password to avoid SecurityAgent UI. - */ -CSSM_RETURN dbCreateOpen( - CSSM_DL_HANDLE dlHand, // from dlStartup() - const char *dbName, - CSSM_BOOL doCreate, // if false, must already exist - CSSM_BOOL deleteExist, - const char *pwd, // optional - CSSM_DB_HANDLE *dbHand) -{ - CSSM_RETURN crtn; - CSSM_DBINFO dbInfo; - - if(deleteExist) { - /* first delete possible existing DB, ignore error */ - crtn = dbDelete(dlHand, dbName); - switch(crtn) { - /* only allowed error is "no such file" */ - case CSSM_OK: - case CSSMERR_DL_DATASTORE_DOESNOT_EXIST: - break; - default: - printError("CSSM_DL_DbDelete", crtn); - return crtn; - } - if(!doCreate) { - printf("***Hey! dbCreateOpen with deleteExist and !doCreate\n"); - exit(1); - } - } - else { - /* - * Try to open existing DB. This does not have a means - * to specify password (yet). - */ - crtn = CSSM_DL_DbOpen(dlHand, - dbName, - NULL, // DbLocation - CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, - NULL, // CSSM_ACCESS_CREDENTIALS *AccessCred - NULL, // void *OpenParameters - dbHand); - if(crtn == CSSM_OK) { - return crtn; - } - if(!doCreate) { - printError("CSSM_DL_DbOpen", crtn); - printf("Error opening %s\n", dbName); - return crtn; - } - } - memset(&dbInfo, 0, sizeof(CSSM_DBINFO)); - - /* now create it */ - if(pwd) { - /* - * This glorious code copied from crlRefresh. I didn't pretend - * to understand it when I put it there either. - */ - Allocator &alloc = Allocator::standard(); - CssmClient::AclFactory::PasswordChangeCredentials - pCreds((StringData(pwd)), alloc); - const AccessCredentials* aa = pCreds; - TypedList subject(alloc, CSSM_ACL_SUBJECT_TYPE_ANY); - AclEntryPrototype protoType(subject); - AuthorizationGroup &authGroup = protoType.authorization(); - CSSM_ACL_AUTHORIZATION_TAG tag = CSSM_ACL_AUTHORIZATION_ANY; - authGroup.NumberOfAuthTags = 1; - authGroup.AuthTags = &tag; - - const ResourceControlContext rcc(protoType, - const_cast(aa)); - - crtn = CSSM_DL_DbCreate(dlHand, - dbName, - NULL, // DbLocation - &dbInfo, - // &Security::KeychainCore::Schema::DBInfo, - CSSM_DB_ACCESS_PRIVILEGED, - &rcc, // CredAndAclEntry - NULL, // OpenParameters - dbHand); - } - else { - crtn = CSSM_DL_DbCreate(dlHand, - dbName, - NULL, // DbLocation - &dbInfo, - // &Security::KeychainCore::Schema::DBInfo, - CSSM_DB_ACCESS_PRIVILEGED, - NULL, // CredAndAclEntry - NULL, // OpenParameters - dbHand); - } - if(crtn) { - printError("CSSM_DL_DbCreate", crtn); - } - return crtn; -} - -/* - * *The* way for all tests to get random data. - */ -void appGetRandomBytes(void *buf, unsigned len) -{ - try { - Security::DevRandomGenerator devRand(false); - devRand.random(buf, len); - } - catch(...) { - printf("***Hey! DevRandomGenerator threw an exception!\n"); - /* Yes, exit - I'd really like to catch one of these */ - exit(1); - } -} diff --git a/SecurityTests/cspxutils/utilLib/cputime.c b/SecurityTests/cspxutils/utilLib/cputime.c deleted file mode 100644 index 0238f048..00000000 --- a/SecurityTests/cspxutils/utilLib/cputime.c +++ /dev/null @@ -1,81 +0,0 @@ -#include -#include -#include -#include -#include "cputime.h" - -/* - * This returns the frequency of the TBR in cycles per second. - */ -static double GetTBRFreq(void) { - mach_timebase_info_data_t tinfo; - mach_timebase_info(&tinfo); - - double machRatio = (double)tinfo.numer / (double)tinfo.denom; - return machRatio; -} - -/* - * Return TBR Frequency, getting it lazily once. May not be thread safe. - */ -static double TbrFreqLocal = 0.0; // ration for NANOSECONDS -static double tbrFreq() -{ - if(TbrFreqLocal == 0.0) { - TbrFreqLocal = GetTBRFreq(); - printf("machRatio %e\n", TbrFreqLocal); - } - return TbrFreqLocal; -} - -// seconds -double CPUTimeDeltaSec(CPUTime from, CPUTime to) -{ - CPUTime delta = to - from; - return (double)delta * (tbrFreq() * (double)1e-9); -} - -// milliseconds -double CPUTimeDeltaMs(CPUTime from, CPUTime to) -{ - CPUTime delta = to - from; - return (double)delta * (tbrFreq() * (double)1e-6); -} - -// microseconds -double CPUTimeDeltaUs(CPUTime from, CPUTime to) -{ - CPUTime delta = to - from; - return (double)delta * (tbrFreq() * (double)1e-3); -} - -/* - * Calculate the average of an array of doubles. The lowest and highest values - * are discarded if there are more than two samples. Typically used to get an - * average of a set of values returned from CPUTimeDelta*(). - */ -double CPUTimeAvg( - const double *array, - unsigned arraySize) -{ - double sum = 0; - double lowest = array[0]; - double highest = array[0]; - - for(unsigned dex=0; dex highest) { - highest = curr; - } - } - if(arraySize > 2) { - sum -= lowest; - sum -= highest; - arraySize -= 2; - } - return sum / (double)arraySize; -} diff --git a/SecurityTests/cspxutils/utilLib/cputime.h b/SecurityTests/cspxutils/utilLib/cputime.h deleted file mode 100644 index 5bc08c46..00000000 --- a/SecurityTests/cspxutils/utilLib/cputime.h +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ - -/* - * cputime.h - high resolution timing module - * - * This module uses a highly machine-dependent mechanism to get timestamps - * directly from CPU registers, without the overhead of a system call. The - * timestamps are exported as type CPUTime and you should not concern yourself - * with exactly what that is. - * - * We provide routines to convert a difference between two CPUTimes as a double, - * in seconds, milliseconds, and microseconds. Th - * - * The cost (time) of getting a timestamp (via CPUTimeRead()) generally takes - * two or fewer times the resolution period, i.e., less than 80 ns on a 100 MHz - * bus machine, often 40 ns. - * - * The general usage of this module is as follows: - * - * { - * set up test scenario; - * CPUTime startTime = CPUTimeRead(); - * ...critical timed code here... - * CPUTime endTime = CPUTimeRead(); - * double elapsedMilliseconds = CPUTimeDeltaMs(startTime, endTime); - * } - * - * It's crucial to place the CPUTimeDelta*() call OUTSIDE of the critical timed - * area. It's really cheap to snag the timestamps, but it's not at all cheap - * to convert the difference between two timestamps to a double. - */ - -#ifndef _CPUTIME_H_ -#define _CPUTIME_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -#include - - -typedef uint64_t CPUTime; - -/* - * Obtain machine-dependent, high resolution, cheap-to-read timestamp. - */ -#define CPUTimeRead() mach_absolute_time() - -/* - * Convert difference between two CPUTimes into various units. - * Implemented as separate functions to preserve as much precision as possible - * before required machine-dependent "divide by clock frequency". - */ -extern double CPUTimeDeltaSec(CPUTime from, CPUTime to); // seconds -extern double CPUTimeDeltaMs(CPUTime from, CPUTime to); // milliseconds -extern double CPUTimeDeltaUs(CPUTime from, CPUTime to); // microseconds - -/* - * Calculate the average of an array of doubles. The lowest and highest values - * are discarded if there are more than two samples. Typically used to get an - * average of a set of values returned from CPUTimeDelta*(). - */ -double CPUTimeAvg( - const double *array, - unsigned arraySize); - -#ifdef __cplusplus -} -#endif - -#endif /* _CPUTIME_H_ */ - diff --git a/SecurityTests/cspxutils/utilLib/cspdlTesting.h b/SecurityTests/cspxutils/utilLib/cspdlTesting.h deleted file mode 100755 index 4020528b..00000000 --- a/SecurityTests/cspxutils/utilLib/cspdlTesting.h +++ /dev/null @@ -1,100 +0,0 @@ -/* - * cspdlTesting.h - workaround flags for testing CSPDL using CSP-oriented tests. - */ - -#ifndef _CSPDL_TESTING_H_ -#define _CSPDL_TESTING_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * All generated keys must be reference keys. - */ -#define CSPDL_ALL_KEYS_ARE_REF 1 - -/* - * 2nd/public key in two-key FEE ops must be raw. This is because the Security - * Server doesn't go in and deal with ref keys which are only found in a - * Context. - */ -#define CSPDL_2ND_PUB_KEY_IS_RAW 1 - -/* - * Ease off on restriction of ptext size == ctext size in case of symmetric - * en/decrypt with no padding. The sizes will be equal, but we can't ensure - * that by mallocing exactly the right amount after because CSPDL doesn't - * give an exact (proper) outputSize in this case (yet). - */ -#define CSPDL_NOPAD_ENFORCE_SIZE 1 - -/* - * CSPDL can't do SHA1HMAC_LEGACY with bug-for-bug compatibility with - * BSAFE (sinceÊthe bug-for-bug feature involves doing actual HMAC updates - * exactly as the app presents them). - */ -#define CSPDL_SHA1HMAC_LEGACY_ENABLE 0 - -/* - * CSPDL does not support DSA GenerateAlgorithmParameters. Let the secure CSP - * do it implicitly during key gen. - */ -#define CSPDL_DSA_GEN_PARAMS 0 - -/* - * Can't generate keys with CSSM_KEYATTR_PRIVATE. Is this a bug or a feature? - * Nobody pays any attention to this except the CSP, which rejects it. Shouldn't - * either CSPDL or SS look at this and strip it off before sending the request - * down to the CSP? - */ -#define CSPDL_KEYATTR_PRIVATE 0 - -/* - * ObtainPrivateKeyFromPublic key not implemented yet (if ever). - */ -#define CSPDL_OBTAIN_PRIV_FROM_PUB 0 - -/*** Workarounds for badattr test only ***/ - -/* - * Munged header fields in a ref key should result in CSP_INVALID_KEY_REFERENCE, - * but work fine. - */ -#define CSPDL_MUNGE_HEADER_CHECK 0 - -/* - * ALWAYS_SENSITIVE, NEVER_EXTRACTABLE are ignored, should result in - * CSP_INVALID_KEYATTR_MASK at key gen time. - * FIXED per Radar 2879872. - */ -#define CSPDL_ALWAYS_SENSITIVE_CHECK 1 -#define CSPDL_NEVER_EXTRACTABLE_CHECK 1 - -/*** end of badattr workarounds ***/ - -/* - * certtool can't generate keypair - * - * Until this is fixed - actually the underlying problem is in securityd - - * CSPDL can not generate a key pair without private and public both being - * PERMANENT. - */ -#define CSPDL_ALL_KEYS_ARE_PERMANENT 0 - - -/*** - *** Other differences/bugs/oddities. - ***/ - -/* - * 1. SS wraps (encrypt) public keys when encoding them, thus the CSP has to allow - * wrapping of public keys. This may not be what we really want. See - * AppleCSP/AppleCSP/wrapKey.cpp for workaround per ALLOW_PUB_KEY_WRAP. - */ - -#ifdef __cplusplus -} -#endif - -#endif /* _CSPDL_TESTING_H_ */ diff --git a/SecurityTests/cspxutils/utilLib/cspwrap.c b/SecurityTests/cspxutils/utilLib/cspwrap.c deleted file mode 100644 index 0a86659e..00000000 --- a/SecurityTests/cspxutils/utilLib/cspwrap.c +++ /dev/null @@ -1,3279 +0,0 @@ -/* Copyright (c) 1997,2003-2006,2008,2010,2013 Apple Inc. - * - * cspwrap.c - wrappers to simplify access to CDSA - * - * Revision History - * ---------------- - * 3 May 2000 Doug Mitchell - * Ported to X/CDSA2. - * 12 Aug 1997 Doug Mitchell at Apple - * Created. - */ - -#include -#include -#include "cspwrap.h" -#include "common.h" -#include -#include -#include -/* MCF hack */ -// #include -#include -/* end MCF */ - -#ifndef NULL -#define NULL ((void *)0) -#endif /* NULL */ -#ifndef MAX -#define MAX(a,b) ((a > b) ? a : b) -#define MIN(a,b) ((a < b) ? a : b) -#endif - -#pragma mark --------- Key Generation --------- - -/* - * Key generation - */ -#define FEE_PRIV_DATA_SIZE 20 -/* - * Debug/test only. BsafeCSP only (long since disabled, in Puma). - * This results in quicker but less secure RSA key generation. - */ -#define RSA_WEAK_KEYS 0 - -/* - * Force bad data in KeyData prior to generating, deriving, or - * wrapping key to ensure that the CSP ignores incoming - * KeyData. - */ -static void setBadKeyData( - CSSM_KEY_PTR key) -{ - key->KeyData.Data = (uint8 *)0xeaaaeaaa; // bad ptr - key->KeyData.Length = 1; // no key can fit here -} - -/* - * Generate key pair of arbitrary algorithm. - * FEE keys will have random private data. - */ -CSSM_RETURN cspGenKeyPair(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, - const char *keyLabel, - unsigned keyLabelLen, - uint32 keySize, // in bits - CSSM_KEY_PTR pubKey, // mallocd by caller - CSSM_BOOL pubIsRef, // true - reference key, false - data - uint32 pubKeyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - CSSM_KEYBLOB_FORMAT pubFormat, // Optional. Specify 0 or CSSM_KEYBLOB_RAW_FORMAT_NONE - // to get the default format. - CSSM_KEY_PTR privKey, // mallocd by caller - CSSM_BOOL privIsRef, // true - reference key, false - data - uint32 privKeyUsage, // CSSM_KEYUSE_DECRYPT, etc. - CSSM_KEYBLOB_FORMAT privFormat, // optional 0 ==> default - CSSM_BOOL genSeed) // FEE only. True: we generate seed and CSP - // will hash it. False: CSP generates random - // seed. -{ - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand; - CSSM_DATA privData = {0, NULL}; // mallocd for FEE - CSSM_CRYPTO_DATA privCData; - CSSM_CRYPTO_DATA_PTR privCDataPtr = NULL; - CSSM_DATA keyLabelData; - uint32 pubAttr; - uint32 privAttr; - CSSM_RETURN ocrtn = CSSM_OK; - - if(keySize == CSP_KEY_SIZE_DEFAULT) { - keySize = cspDefaultKeySize(algorithm); - } - - /* pre-context-create algorithm-specific stuff */ - switch(algorithm) { - case CSSM_ALGID_FEE: - if(genSeed) { - /* cook up random privData */ - privData.Data = (uint8 *)CSSM_MALLOC(FEE_PRIV_DATA_SIZE); - privData.Length = FEE_PRIV_DATA_SIZE; - appGetRandomBytes(privData.Data, FEE_PRIV_DATA_SIZE); - privCData.Param = privData; - privCData.Callback = NULL; - privCDataPtr = &privCData; - } - /* else CSP generates random seed/key */ - break; - case CSSM_ALGID_RSA: - break; - case CSSM_ALGID_DSA: - break; - case CSSM_ALGID_ECDSA: - break; - default: - printf("cspGenKeyPair: Unknown algorithm\n"); - /* but what the hey */ - privCDataPtr = NULL; - break; - } - keyLabelData.Data = (uint8 *)keyLabel, - keyLabelData.Length = keyLabelLen; - memset(pubKey, 0, sizeof(CSSM_KEY)); - memset(privKey, 0, sizeof(CSSM_KEY)); - setBadKeyData(pubKey); - setBadKeyData(privKey); - - crtn = CSSM_CSP_CreateKeyGenContext(cspHand, - algorithm, - keySize, - privCDataPtr, // Seed - NULL, // Salt - NULL, // StartDate - NULL, // EndDate - NULL, // Params - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateKeyGenContext", crtn); - ocrtn = crtn; - goto abort; - } - /* cook up attribute bits */ - if(pubIsRef) { - pubAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE; - } - else { - pubAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE; - } - if(privIsRef) { - privAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE; - } - else { - privAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE; - } - - /* post-context-create algorithm-specific stuff */ - switch(algorithm) { - case CSSM_ALGID_RSA: - - #if RSA_WEAK_KEYS - { - /* for testing, speed up key gen by using the - * undocumented "CUSTOM" key gen mode. This - * results in the CSP using AI_RsaKeyGen instead of - * AI_RSAStrongKeyGen. - */ - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_MODE, - sizeof(uint32), - CAT_Uint32, - NULL, - CSSM_ALGMODE_CUSTOM); - if(crtn) { - printError("CSSM_UpdateContextAttributes", crtn); - return crtn; - } - } - #endif // RSA_WEAK_KEYS - break; - - case CSSM_ALGID_DSA: - /* - * extra step - generate params - this just adds some - * info to the context - */ - { - CSSM_DATA dummy = {0, NULL}; - crtn = CSSM_GenerateAlgorithmParams(ccHand, - keySize, &dummy); - if(crtn) { - printError("CSSM_GenerateAlgorithmParams", crtn); - return crtn; - } - appFreeCssmData(&dummy, CSSM_FALSE); - } - break; - default: - break; - } - - /* optional format specifiers */ - if(!pubIsRef && (pubFormat != CSSM_KEYBLOB_RAW_FORMAT_NONE)) { - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT, - sizeof(uint32), - CAT_Uint32, - NULL, - pubFormat); - if(crtn) { - printError("AddContextAttribute(CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT)", crtn); - return crtn; - } - } - if(!privIsRef && (privFormat != CSSM_KEYBLOB_RAW_FORMAT_NONE)) { - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT, - sizeof(uint32), // currently sizeof CSSM_DATA - CAT_Uint32, - NULL, - privFormat); - if(crtn) { - printError("AddContextAttribute(CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT)", crtn); - return crtn; - } - } - crtn = CSSM_GenerateKeyPair(ccHand, - pubKeyUsage, - pubAttr, - &keyLabelData, - pubKey, - privKeyUsage, - privAttr, - &keyLabelData, // same labels - NULL, // CredAndAclEntry - privKey); - if(crtn) { - printError("CSSM_GenerateKeyPair", crtn); - ocrtn = crtn; - goto abort; - } - /* basic checks...*/ - if(privIsRef) { - if(privKey->KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE) { - printf("privKey blob type: exp %u got %u\n", - CSSM_KEYBLOB_REFERENCE, (unsigned)privKey->KeyHeader.BlobType); - ocrtn = CSSM_ERRCODE_INTERNAL_ERROR; - goto abort; - } - } - else { - switch(privKey->KeyHeader.BlobType) { - case CSSM_KEYBLOB_RAW: - break; - default: - printf("privKey blob type: exp raw, got %u\n", - (unsigned)privKey->KeyHeader.BlobType); - ocrtn = CSSM_ERRCODE_INTERNAL_ERROR; - goto abort; - } - } - if(pubIsRef) { - if(pubKey->KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE) { - printf("pubKey blob type: exp %u got %u\n", - CSSM_KEYBLOB_REFERENCE, (unsigned)pubKey->KeyHeader.BlobType); - ocrtn = CSSM_ERRCODE_INTERNAL_ERROR; - goto abort; - } - } - else { - switch(pubKey->KeyHeader.BlobType) { - case CSSM_KEYBLOB_RAW: - break; - default: - printf("pubKey blob type: exp raw or raw_berder, got %u\n", - (unsigned)pubKey->KeyHeader.BlobType); - ocrtn = CSSM_ERRCODE_INTERNAL_ERROR; - goto abort; - } - } -abort: - if(ccHand != 0) { - crtn = CSSM_DeleteContext(ccHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = CSSM_ERRCODE_INTERNAL_ERROR; - } - } - if(privData.Data != NULL) { - CSSM_FREE(privData.Data); - } - return ocrtn; -} - -/* - * Generate FEE key pair with optional primeType, curveType, and seed (password) data. - */ -CSSM_RETURN cspGenFEEKeyPair(CSSM_CSP_HANDLE cspHand, - const char *keyLabel, - unsigned keyLabelLen, - uint32 keySize, // in bits - uint32 primeType, // CSSM_FEE_PRIME_TYPE_MERSENNE, etc. - uint32 curveType, // CSSM_FEE_CURVE_TYPE_MONTGOMERY, etc. - CSSM_KEY_PTR pubKey, // mallocd by caller - CSSM_BOOL pubIsRef, // true - reference key, false - data - uint32 pubKeyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - CSSM_KEYBLOB_FORMAT pubFormat, // Optional. Specify 0 or CSSM_KEYBLOB_RAW_FORMAT_NONE - // to get the default format. - CSSM_KEY_PTR privKey, // mallocd by caller - CSSM_BOOL privIsRef, // true - reference key, false - data - uint32 privKeyUsage, // CSSM_KEYUSE_DECRYPT, etc. - CSSM_KEYBLOB_FORMAT privFormat, // optional 0 ==> default - const CSSM_DATA *seedData) // Present: CSP will hash this for private data. - // NULL: CSP generates random seed. -{ - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand; - CSSM_CRYPTO_DATA privCData; - CSSM_CRYPTO_DATA_PTR privCDataPtr = NULL; - CSSM_DATA keyLabelData; - uint32 pubAttr; - uint32 privAttr; - CSSM_RETURN ocrtn = CSSM_OK; - - /* pre-context-create algorithm-specific stuff */ - if(seedData) { - privCData.Param = *((CSSM_DATA_PTR)seedData); - privCData.Callback = NULL; - privCDataPtr = &privCData; - } - /* else CSP generates random seed/key */ - - if(keySize == CSP_KEY_SIZE_DEFAULT) { - keySize = CSP_FEE_KEY_SIZE_DEFAULT; - } - - keyLabelData.Data = (uint8 *)keyLabel, - keyLabelData.Length = keyLabelLen; - memset(pubKey, 0, sizeof(CSSM_KEY)); - memset(privKey, 0, sizeof(CSSM_KEY)); - setBadKeyData(pubKey); - setBadKeyData(privKey); - - crtn = CSSM_CSP_CreateKeyGenContext(cspHand, - CSSM_ALGID_FEE, - keySize, - privCDataPtr, // Seed - NULL, // Salt - NULL, // StartDate - NULL, // EndDate - NULL, // Params - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateKeyGenContext", crtn); - ocrtn = crtn; - goto abort; - } - /* cook up attribute bits */ - if(pubIsRef) { - pubAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE; - } - else { - pubAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE; - } - if(privIsRef) { - privAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE; - } - else { - privAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE; - } - - /* optional post-context-create stuff */ - if(primeType != CSSM_FEE_PRIME_TYPE_DEFAULT) { - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_FEE_PRIME_TYPE, - sizeof(uint32), - CAT_Uint32, - NULL, - primeType); - if(crtn) { - printError("AddContextAttribute(CSSM_ATTRIBUTE_FEE_PRIME_TYPE)", crtn); - return crtn; - } - } - if(curveType != CSSM_FEE_CURVE_TYPE_DEFAULT) { - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_FEE_CURVE_TYPE, - sizeof(uint32), - CAT_Uint32, - NULL, - curveType); - if(crtn) { - printError("AddContextAttribute(CSSM_ATTRIBUTE_FEE_CURVE_TYPE)", crtn); - return crtn; - } - } - - if(pubFormat != CSSM_KEYBLOB_RAW_FORMAT_NONE) { - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT, - sizeof(uint32), - CAT_Uint32, - NULL, - pubFormat); - if(crtn) { - printError("AddContextAttribute(CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT)", crtn); - return crtn; - } - } - if(privFormat != CSSM_KEYBLOB_RAW_FORMAT_NONE) { - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT, - sizeof(uint32), // currently sizeof CSSM_DATA - CAT_Uint32, - NULL, - pubFormat); - if(crtn) { - printError("AddContextAttribute(CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT)", crtn); - return crtn; - } - } - crtn = CSSM_GenerateKeyPair(ccHand, - pubKeyUsage, - pubAttr, - &keyLabelData, - pubKey, - privKeyUsage, - privAttr, - &keyLabelData, // same labels - NULL, // CredAndAclEntry - privKey); - if(crtn) { - printError("CSSM_GenerateKeyPair", crtn); - ocrtn = crtn; - goto abort; - } - /* basic checks...*/ - if(privIsRef) { - if(privKey->KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE) { - printf("privKey blob type: exp %u got %u\n", - CSSM_KEYBLOB_REFERENCE, (unsigned)privKey->KeyHeader.BlobType); - ocrtn = CSSM_ERRCODE_INTERNAL_ERROR; - goto abort; - } - } - else { - switch(privKey->KeyHeader.BlobType) { - case CSSM_KEYBLOB_RAW: - break; - default: - printf("privKey blob type: exp raw, got %u\n", - (unsigned)privKey->KeyHeader.BlobType); - ocrtn = CSSM_ERRCODE_INTERNAL_ERROR; - goto abort; - } - } - if(pubIsRef) { - if(pubKey->KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE) { - printf("pubKey blob type: exp %u got %u\n", - CSSM_KEYBLOB_REFERENCE, (unsigned)pubKey->KeyHeader.BlobType); - ocrtn = CSSM_ERRCODE_INTERNAL_ERROR; - goto abort; - } - } - else { - switch(pubKey->KeyHeader.BlobType) { - case CSSM_KEYBLOB_RAW: - break; - default: - printf("pubKey blob type: exp raw or raw_berder, got %u\n", - (unsigned)pubKey->KeyHeader.BlobType); - ocrtn = CSSM_ERRCODE_INTERNAL_ERROR; - goto abort; - } - } -abort: - if(ccHand != 0) { - crtn = CSSM_DeleteContext(ccHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = CSSM_ERRCODE_INTERNAL_ERROR; - } - } - return ocrtn; -} - -/* - * Generate DSA key pair with optional generateAlgParams and optional - * incoming parameters. - */ -CSSM_RETURN cspGenDSAKeyPair(CSSM_CSP_HANDLE cspHand, - const char *keyLabel, - unsigned keyLabelLen, - uint32 keySize, // in bits - CSSM_KEY_PTR pubKey, // mallocd by caller - CSSM_BOOL pubIsRef, // true - reference key, false - data - uint32 pubKeyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - CSSM_KEYBLOB_FORMAT pubFormat, // Optional. Specify 0 or CSSM_KEYBLOB_RAW_FORMAT_NONE - // to get the default format. - CSSM_KEY_PTR privKey, // mallocd by caller - CSSM_BOOL privIsRef, // true - reference key, false - data - uint32 privKeyUsage, // CSSM_KEYUSE_DECRYPT, etc. - CSSM_KEYBLOB_FORMAT privFormat, // Optional. Specify 0 or CSSM_KEYBLOB_RAW_FORMAT_NONE - // to get the default format. - CSSM_BOOL genParams, - CSSM_DATA_PTR paramData) // optional -{ - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand; - CSSM_DATA keyLabelData; - uint32 pubAttr; - uint32 privAttr; - CSSM_RETURN ocrtn = CSSM_OK; - - if(keySize == CSP_KEY_SIZE_DEFAULT) { - keySize = CSP_DSA_KEY_SIZE_DEFAULT; - } - keyLabelData.Data = (uint8 *)keyLabel, - keyLabelData.Length = keyLabelLen; - memset(pubKey, 0, sizeof(CSSM_KEY)); - memset(privKey, 0, sizeof(CSSM_KEY)); - setBadKeyData(pubKey); - setBadKeyData(privKey); - - crtn = CSSM_CSP_CreateKeyGenContext(cspHand, - CSSM_ALGID_DSA, - keySize, - NULL, // Seed - NULL, // Salt - NULL, // StartDate - NULL, // EndDate - paramData, - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateKeyGenContext", crtn); - ocrtn = crtn; - goto abort; - } - - /* cook up attribute bits */ - if(pubIsRef) { - pubAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE; - } - else { - pubAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE; - } - if(privIsRef) { - privAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE; - } - else { - privAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE; - } - - if(genParams) { - /* - * extra step - generate params - this just adds some - * info to the context - */ - CSSM_DATA dummy = {0, NULL}; - crtn = CSSM_GenerateAlgorithmParams(ccHand, - keySize, &dummy); - if(crtn) { - printError("CSSM_GenerateAlgorithmParams", crtn); - return crtn; - } - appFreeCssmData(&dummy, CSSM_FALSE); - } - - /* optional format specifiers */ - if(!pubIsRef && (pubFormat != CSSM_KEYBLOB_RAW_FORMAT_NONE)) { - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT, - sizeof(uint32), - CAT_Uint32, - NULL, - pubFormat); - if(crtn) { - printError("AddContextAttribute(CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT)", crtn); - return crtn; - } - } - if(!privIsRef && (privFormat != CSSM_KEYBLOB_RAW_FORMAT_NONE)) { - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT, - sizeof(uint32), // currently sizeof CSSM_DATA - CAT_Uint32, - NULL, - privFormat); - if(crtn) { - printError("AddContextAttribute(CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT)", crtn); - return crtn; - } - } - - crtn = CSSM_GenerateKeyPair(ccHand, - pubKeyUsage, - pubAttr, - &keyLabelData, - pubKey, - privKeyUsage, - privAttr, - &keyLabelData, // same labels - NULL, // CredAndAclEntry - privKey); - if(crtn) { - printError("CSSM_GenerateKeyPair", crtn); - ocrtn = crtn; - goto abort; - } - /* basic checks...*/ - if(privIsRef) { - if(privKey->KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE) { - printf("privKey blob type: exp %u got %u\n", - CSSM_KEYBLOB_REFERENCE, (unsigned)privKey->KeyHeader.BlobType); - ocrtn = CSSM_ERRCODE_INTERNAL_ERROR; - goto abort; - } - } - else { - switch(privKey->KeyHeader.BlobType) { - case CSSM_KEYBLOB_RAW: - break; - default: - printf("privKey blob type: exp raw, got %u\n", - (unsigned)privKey->KeyHeader.BlobType); - ocrtn = CSSM_ERRCODE_INTERNAL_ERROR; - goto abort; - } - } - if(pubIsRef) { - if(pubKey->KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE) { - printf("pubKey blob type: exp %u got %u\n", - CSSM_KEYBLOB_REFERENCE, (unsigned)pubKey->KeyHeader.BlobType); - ocrtn = CSSM_ERRCODE_INTERNAL_ERROR; - goto abort; - } - } - else { - switch(pubKey->KeyHeader.BlobType) { - case CSSM_KEYBLOB_RAW: - break; - default: - printf("pubKey blob type: exp raw or raw_berder, got %u\n", - (unsigned)pubKey->KeyHeader.BlobType); - ocrtn = CSSM_ERRCODE_INTERNAL_ERROR; - goto abort; - } - } -abort: - if(ccHand != 0) { - crtn = CSSM_DeleteContext(ccHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = CSSM_ERRCODE_INTERNAL_ERROR; - } - } - return ocrtn; -} - - -uint32 cspDefaultKeySize(uint32 alg) -{ - uint32 keySizeInBits; - switch(alg) { - case CSSM_ALGID_DES: - keySizeInBits = CSP_DES_KEY_SIZE_DEFAULT; - break; - case CSSM_ALGID_3DES_3KEY: - case CSSM_ALGID_DESX: - keySizeInBits = CSP_DES3_KEY_SIZE_DEFAULT; - break; - case CSSM_ALGID_RC2: - keySizeInBits = CSP_RC2_KEY_SIZE_DEFAULT; - break; - case CSSM_ALGID_RC4: - keySizeInBits = CSP_RC4_KEY_SIZE_DEFAULT; - break; - case CSSM_ALGID_RC5: - keySizeInBits = CSP_RC5_KEY_SIZE_DEFAULT; - break; - case CSSM_ALGID_ASC: - keySizeInBits = CSP_ASC_KEY_SIZE_DEFAULT; - break; - case CSSM_ALGID_BLOWFISH: - keySizeInBits = CSP_BFISH_KEY_SIZE_DEFAULT; - break; - case CSSM_ALGID_CAST: - keySizeInBits = CSP_CAST_KEY_SIZE_DEFAULT; - break; - case CSSM_ALGID_IDEA: - keySizeInBits = CSP_IDEA_KEY_SIZE_DEFAULT; - break; - case CSSM_ALGID_AES: - keySizeInBits = CSP_AES_KEY_SIZE_DEFAULT; - break; - case CSSM_ALGID_SHA1HMAC: - keySizeInBits = CSP_HMAC_SHA_KEY_SIZE_DEFAULT; - break; - case CSSM_ALGID_MD5HMAC: - keySizeInBits = CSP_HMAC_MD5_KEY_SIZE_DEFAULT; - break; - case CSSM_ALGID_FEE: - keySizeInBits = CSP_FEE_KEY_SIZE_DEFAULT; - break; - case CSSM_ALGID_RSA: - keySizeInBits = CSP_RSA_KEY_SIZE_DEFAULT; - break; - case CSSM_ALGID_DSA: - keySizeInBits = CSP_DSA_KEY_SIZE_DEFAULT; - break; - case CSSM_ALGID_ECDSA: - keySizeInBits = CSP_ECDSA_KEY_SIZE_DEFAULT; - break; - case CSSM_ALGID_NONE: - keySizeInBits = CSP_NULL_CRYPT_KEY_SIZE_DEF; - break; - default: - printf("***cspDefaultKeySize: Unknown symmetric algorithm\n"); - keySizeInBits = 0; - break; - } - return keySizeInBits; -} - -/* - * Create a random symmetric key. - */ -CSSM_KEY_PTR cspGenSymKey(CSSM_CSP_HANDLE cspHand, - uint32 alg, - const char *keyLabel, - unsigned keyLabelLen, - uint32 keyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - uint32 keySizeInBits, - CSSM_BOOL refKey) -{ - CSSM_KEY_PTR symKey = (CSSM_KEY_PTR)CSSM_MALLOC(sizeof(CSSM_KEY)); - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand; - uint32 keyAttr; - CSSM_DATA dummyLabel; - - if(symKey == NULL) { - printf("Insufficient heap space\n"); - return NULL; - } - memset(symKey, 0, sizeof(CSSM_KEY)); - setBadKeyData(symKey); - if(keySizeInBits == CSP_KEY_SIZE_DEFAULT) { - keySizeInBits = cspDefaultKeySize(alg); - } - crtn = CSSM_CSP_CreateKeyGenContext(cspHand, - alg, - keySizeInBits, // keySizeInBits - NULL, // Seed - NULL, // Salt - NULL, // StartDate - NULL, // EndDate - NULL, // Params - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateKeyGenContext", crtn); - goto errorOut; - } - if(refKey) { - keyAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE; - } - else { - keyAttr = CSSM_KEYATTR_RETURN_DATA | CSSM_KEYATTR_EXTRACTABLE; - } - dummyLabel.Length = keyLabelLen; - dummyLabel.Data = (uint8 *)keyLabel; - - crtn = CSSM_GenerateKey(ccHand, - keyUsage, - keyAttr, - &dummyLabel, - NULL, // ACL - symKey); - if(crtn) { - printError("CSSM_GenerateKey", crtn); - goto errorOut; - } - crtn = CSSM_DeleteContext(ccHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - goto errorOut; - } - return symKey; -errorOut: - CSSM_FREE(symKey); - return NULL; -} - -/* - * Derive symmetric key. - * Note in the X CSP, we never return an IV. - */ -CSSM_KEY_PTR cspDeriveKey(CSSM_CSP_HANDLE cspHand, - uint32 deriveAlg, // CSSM_ALGID_PKCS5_PBKDF2, etc. - uint32 keyAlg, // CSSM_ALGID_RC5, etc. - const char *keyLabel, - unsigned keyLabelLen, - uint32 keyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - uint32 keySizeInBits, - CSSM_BOOL isRefKey, - CSSM_DATA_PTR password, // in PKCS-5 lingo - CSSM_DATA_PTR salt, // ditto - uint32 iterationCnt, // ditto - CSSM_DATA_PTR initVector) // mallocd & RETURNED -{ - CSSM_KEY_PTR symKey = (CSSM_KEY_PTR) - CSSM_MALLOC(sizeof(CSSM_KEY)); - CSSM_RETURN crtn; - CSSM_CC_HANDLE ccHand; - uint32 keyAttr; - CSSM_DATA dummyLabel; - CSSM_PKCS5_PBKDF2_PARAMS pbeParams; - CSSM_DATA pbeData; - CSSM_ACCESS_CREDENTIALS creds; - - if(symKey == NULL) { - printf("Insufficient heap space\n"); - return NULL; - } - memset(symKey, 0, sizeof(CSSM_KEY)); - setBadKeyData(symKey); - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - if(keySizeInBits == CSP_KEY_SIZE_DEFAULT) { - keySizeInBits = cspDefaultKeySize(keyAlg); - } - crtn = CSSM_CSP_CreateDeriveKeyContext(cspHand, - deriveAlg, - keyAlg, - keySizeInBits, - &creds, - NULL, // BaseKey - iterationCnt, - salt, - NULL, // seed - &ccHand); - if(crtn) { - printError("CSSM_CSP_CreateDeriveKeyContext", crtn); - goto errorOut; - } - keyAttr = CSSM_KEYATTR_EXTRACTABLE; - if(isRefKey) { - keyAttr |= (CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_SENSITIVE); - } - else { - keyAttr |= CSSM_KEYATTR_RETURN_DATA; - } - dummyLabel.Length = keyLabelLen; - dummyLabel.Data = (uint8 *)keyLabel; - - /* passing in password is pretty strange....*/ - pbeParams.Passphrase = *password; - pbeParams.PseudoRandomFunction = - CSSM_PKCS5_PBKDF2_PRF_HMAC_SHA1; - pbeData.Data = (uint8 *)&pbeParams; - pbeData.Length = sizeof(pbeParams); - crtn = CSSM_DeriveKey(ccHand, - &pbeData, - keyUsage, - keyAttr, - &dummyLabel, - NULL, // cred and acl - symKey); - if(crtn) { - printError("CSSM_DeriveKey", crtn); - goto errorOut; - } - /* copy IV back to caller */ - /* Nope, not supported */ - #if 0 - if(pbeParams.InitVector.Data != NULL) { - if(initVector->Data != NULL) { - if(initVector->Length < pbeParams.InitVector.Length) { - printf("***Insufficient InitVector\n"); - goto errorOut; - } - } - else { - initVector->Data = - (uint8 *)CSSM_MALLOC(pbeParams.InitVector.Length); - } - memmove(initVector->Data, pbeParams.InitVector.Data, - pbeParams.InitVector.Length); - initVector->Length = pbeParams.InitVector.Length; - CSSM_FREE(pbeParams.InitVector.Data); - } - else { - printf("***Warning: CSSM_DeriveKey, no InitVector\n"); - } - #endif - crtn = CSSM_DeleteContext(ccHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - goto errorOut; - } - return symKey; -errorOut: - CSSM_FREE(symKey); - return NULL; -} - -/* - * Cook up a symmetric key with specified key bits and other - * params. Currently the CSPDL can only deal with reference keys except when - * doing wrap/unwrap, so we manually cook up a raw key, then we null-unwrap it. - */ -CSSM_RETURN cspGenSymKeyWithBits( - CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS keyAlg, - CSSM_KEYUSE keyUsage, - const CSSM_DATA *keyBits, - unsigned keySizeInBytes, - CSSM_KEY_PTR refKey) // init'd and RETURNED -{ - CSSM_KEY rawKey; - CSSM_KEYHEADER_PTR hdr = &rawKey.KeyHeader; - CSSM_RETURN crtn; - - /* set up a raw key the CSP will accept */ - memset(&rawKey, 0, sizeof(CSSM_KEY)); - hdr->HeaderVersion = CSSM_KEYHEADER_VERSION; - hdr->BlobType = CSSM_KEYBLOB_RAW; - hdr->Format = CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING; - hdr->AlgorithmId = keyAlg; - hdr->KeyClass = CSSM_KEYCLASS_SESSION_KEY; - hdr->LogicalKeySizeInBits = keySizeInBytes * 8; - hdr->KeyAttr = CSSM_KEYATTR_EXTRACTABLE; - hdr->KeyUsage = keyUsage; - appSetupCssmData(&rawKey.KeyData, keySizeInBytes); - memmove(rawKey.KeyData.Data, keyBits->Data, keySizeInBytes); - - /* convert to a ref key */ - crtn = cspRawKeyToRef(cspHand, &rawKey, refKey); - appFreeCssmData(&rawKey.KeyData, CSSM_FALSE); - return crtn; -} - -/* - * Free a key. This frees a CSP's resources associated with the key if - * the key is a reference key. It also frees key->KeyData. The CSSM_KEY - * struct itself is not freed. - * Note this has no effect on the CSP or DL cached keys unless the incoming - * key is a reference key. - */ -CSSM_RETURN cspFreeKey(CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR key) -{ - CSSM_RETURN crtn; - crtn = CSSM_FreeKey(cspHand, - NULL, // access cred - key, - CSSM_FALSE); // delete - OK? maybe should parameterize? - if(crtn) { - printError("CSSM_FreeKey", crtn); - } - return crtn; -} - -/* generate a random and reasonable key size in bits for specified CSSM algorithm */ -uint32 randKeySizeBits(uint32 alg, - opType op) // OT_Encrypt, etc. -{ - uint32 minSize; - uint32 maxSize; - uint32 size; - - switch(alg) { - case CSSM_ALGID_DES: - return CSP_DES_KEY_SIZE_DEFAULT; - case CSSM_ALGID_3DES_3KEY: - case CSSM_ALGID_DESX: - return CSP_DES3_KEY_SIZE_DEFAULT; - case CSSM_ALGID_ASC: - case CSSM_ALGID_RC2: - case CSSM_ALGID_RC4: - case CSSM_ALGID_RC5: - minSize = 5 * 8; - maxSize = MAX_KEY_SIZE_RC245_BYTES * 8 ; // somewhat arbitrary - break; - case CSSM_ALGID_BLOWFISH: - minSize = 32; - maxSize = 448; - break; - case CSSM_ALGID_CAST: - minSize = 40; - maxSize = 128; - break; - case CSSM_ALGID_IDEA: - return CSP_IDEA_KEY_SIZE_DEFAULT; - case CSSM_ALGID_RSA: - minSize = CSP_RSA_KEY_SIZE_DEFAULT; - maxSize = 1024; - break; - case CSSM_ALGID_DSA: - /* signature only, no export restriction */ - minSize = 512; - maxSize = 1024; - break; - case CSSM_ALGID_SHA1HMAC: - minSize = 20 * 8; - maxSize = 256 * 8; - break; - case CSSM_ALGID_MD5HMAC: - minSize = 16 * 8; - maxSize = 256 * 8; - break; - case CSSM_ALGID_FEE: - /* FEE requires discrete sizes */ - size = genRand(1,4); - switch(size) { - case 1: - return 31; - case 2: - if(alg == CSSM_ALGID_FEE) { - return 127; - } - else { - return 128; - } - case 3: - return 161; - case 4: - return 192; - default: - printf("randKeySizeBits: internal error\n"); - return 0; - } - case CSSM_ALGID_ECDSA: - case CSSM_ALGID_SHA1WithECDSA: - /* ECDSA require discrete sizes */ - size = genRand(1,4); - switch(size) { - case 1: - return 192; - case 2: - return 256; - case 3: - return 384; - case 4: - default: - return 521; - } - case CSSM_ALGID_AES: - size = genRand(1, 3); - switch(size) { - case 1: - return 128; - case 2: - return 192; - case 3: - return 256; - } - case CSSM_ALGID_NONE: - return CSP_NULL_CRYPT_KEY_SIZE_DEF; - default: - printf("randKeySizeBits: unknown alg\n"); - return CSP_KEY_SIZE_DEFAULT; - } - size = genRand(minSize, maxSize); - - /* per-alg postprocessing.... */ - if(alg != CSSM_ALGID_RC2) { - size &= ~0x7; - } - switch(alg) { - case CSSM_ALGID_RSA: - // new for X - strong keys */ - size &= ~(16 - 1); - break; - case CSSM_ALGID_DSA: - /* size mod 64 == 0 */ - size &= ~(64 - 1); - break; - default: - break; - } - return size; -} - -#pragma mark --------- Encrypt/Decrypt --------- - -/* - * Encrypt/Decrypt - */ -/* - * Common routine for encrypt/decrypt - cook up an appropriate context handle - */ -/* - * When true, effectiveKeySizeInBits is passed down via the Params argument. - * Otherwise, we add a customized context attribute. - * Setting this true works with the stock Intel CSSM; this may well change. - * Note this overloading prevent us from specifying RC5 rounds.... - */ -#define EFFECTIVE_SIZE_VIA_PARAMS 0 -CSSM_CC_HANDLE genCryptHandle(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEED, etc. - uint32 mode, // CSSM_ALGMODE_CBC, etc. - only for symmetric algs - CSSM_PADDING padding, // CSSM_PADDING_PKCS1, etc. - const CSSM_KEY *key0, - const CSSM_KEY *key1, // for CSSM_ALGID_FEED only - must be the - // public key - const CSSM_DATA *iv, // optional - uint32 effectiveKeySizeInBits, // 0 means skip this attribute - uint32 rounds) // ditto -{ - CSSM_CC_HANDLE cryptHand = 0; - uint32 params; - CSSM_RETURN crtn; - CSSM_ACCESS_CREDENTIALS creds; - - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - #if EFFECTIVE_SIZE_VIA_PARAMS - params = effectiveKeySizeInBits; - #else - params = 0; - #endif - switch(algorithm) { - case CSSM_ALGID_DES: - case CSSM_ALGID_3DES_3KEY_EDE: - case CSSM_ALGID_DESX: - case CSSM_ALGID_ASC: - case CSSM_ALGID_RC2: - case CSSM_ALGID_RC4: - case CSSM_ALGID_RC5: - case CSSM_ALGID_AES: - case CSSM_ALGID_BLOWFISH: - case CSSM_ALGID_CAST: - case CSSM_ALGID_IDEA: - case CSSM_ALGID_NONE: // used for wrapKey() - crtn = CSSM_CSP_CreateSymmetricContext(cspHand, - algorithm, - mode, - NULL, // access cred - key0, - iv, // InitVector - padding, - NULL, // Params - &cryptHand); - if(crtn) { - printError("CSSM_CSP_CreateSymmetricContext", crtn); - return 0; - } - break; - case CSSM_ALGID_FEED: - case CSSM_ALGID_FEEDEXP: - case CSSM_ALGID_FEECFILE: - case CSSM_ALGID_RSA: - crtn = CSSM_CSP_CreateAsymmetricContext(cspHand, - algorithm, - &creds, // access - key0, - padding, - &cryptHand); - if(crtn) { - printError("CSSM_CSP_CreateAsymmetricContext", crtn); - return 0; - } - if(key1 != NULL) { - /* - * FEED, some CFILE. Add (non-standard) second key attribute. - */ - crtn = AddContextAttribute(cryptHand, - CSSM_ATTRIBUTE_PUBLIC_KEY, - sizeof(CSSM_KEY), // currently sizeof CSSM_DATA - CAT_Ptr, - key1, - 0); - if(crtn) { - printError("AddContextAttribute", crtn); - return 0; - } - } - if(mode != CSSM_ALGMODE_NONE) { - /* special case, e.g., CSSM_ALGMODE_PUBLIC_KEY */ - crtn = AddContextAttribute(cryptHand, - CSSM_ATTRIBUTE_MODE, - sizeof(uint32), - CAT_Uint32, - NULL, - mode); - if(crtn) { - printError("AddContextAttribute", crtn); - return 0; - } - } - break; - default: - printf("genCryptHandle: bogus algorithm\n"); - return 0; - } - #if !EFFECTIVE_SIZE_VIA_PARAMS - /* add optional EffectiveKeySizeInBits and rounds attributes */ - if(effectiveKeySizeInBits != 0) { - CSSM_CONTEXT_ATTRIBUTE attr; - attr.AttributeType = CSSM_ATTRIBUTE_EFFECTIVE_BITS; - attr.AttributeLength = sizeof(uint32); - attr.Attribute.Uint32 = effectiveKeySizeInBits; - crtn = CSSM_UpdateContextAttributes( - cryptHand, - 1, - &attr); - if(crtn) { - printError("CSSM_UpdateContextAttributes", crtn); - return crtn; - } - } - #endif - - if(rounds != 0) { - CSSM_CONTEXT_ATTRIBUTE attr; - attr.AttributeType = CSSM_ATTRIBUTE_ROUNDS; - attr.AttributeLength = sizeof(uint32); - attr.Attribute.Uint32 = rounds; - crtn = CSSM_UpdateContextAttributes( - cryptHand, - 1, - &attr); - if(crtn) { - printError("CSSM_UpdateContextAttributes", crtn); - return crtn; - } - } - - return cryptHand; -} - -CSSM_RETURN cspEncrypt(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEED, etc. - uint32 mode, // CSSM_ALGMODE_CBC, etc. - only for symmetric algs - CSSM_PADDING padding, // CSSM_PADDING_PKCS1, etc. - const CSSM_KEY *key, // public or session key - const CSSM_KEY *pubKey, // for CSSM_ALGID_FEED, CSSM_ALGID_FEECFILE only - uint32 effectiveKeySizeInBits, // 0 means skip this attribute - uint32 rounds, // ditto - const CSSM_DATA *iv, // init vector, optional - const CSSM_DATA *ptext, - CSSM_DATA_PTR ctext, // RETURNED - CSSM_BOOL mallocCtext) // if true, and ctext empty, malloc - // by getting size from CSP -{ - CSSM_CC_HANDLE cryptHand; - CSSM_RETURN crtn; - CSSM_SIZE bytesEncrypted; - CSSM_DATA remData = {0, NULL}; - CSSM_RETURN ocrtn = CSSM_OK; - unsigned origCtextLen; // the amount we malloc, if any - CSSM_RETURN savedErr = CSSM_OK; - CSSM_BOOL restoreErr = CSSM_FALSE; - - cryptHand = genCryptHandle(cspHand, - algorithm, - mode, - padding, - key, - pubKey, - iv, - effectiveKeySizeInBits, - rounds); - if(cryptHand == 0) { - return CSSMERR_CSSM_INTERNAL_ERROR; - } - if(mallocCtext && (ctext->Length == 0)) { - CSSM_QUERY_SIZE_DATA querySize; - querySize.SizeInputBlock = ptext->Length; - crtn = CSSM_QuerySize(cryptHand, - CSSM_TRUE, // encrypt - 1, - &querySize); - if(crtn) { - printError("CSSM_QuerySize", crtn); - ocrtn = crtn; - goto abort; - } - if(querySize.SizeOutputBlock == 0) { - /* CSP couldn't figure this out; skip our malloc */ - printf("***cspEncrypt: warning: cipherTextSize unknown; " - "skipping malloc\n"); - origCtextLen = 0; - } - else { - ctext->Data = (uint8 *) - appMalloc(querySize.SizeOutputBlock, NULL); - if(ctext->Data == NULL) { - printf("Insufficient heap space\n"); - ocrtn = CSSM_ERRCODE_MEMORY_ERROR; - goto abort; - } - ctext->Length = origCtextLen = querySize.SizeOutputBlock; - memset(ctext->Data, 0, ctext->Length); - } - } - else { - origCtextLen = ctext->Length; - } - crtn = CSSM_EncryptData(cryptHand, - ptext, - 1, - ctext, - 1, - &bytesEncrypted, - &remData); - if(crtn == CSSM_OK) { - /* - * Deal with remData - its contents are included in bytesEncrypted. - */ - if((remData.Length != 0) && mallocCtext) { - /* shouldn't happen - right? */ - if(bytesEncrypted > origCtextLen) { - /* malloc and copy a new one */ - uint8 *newCdata = (uint8 *)appMalloc(bytesEncrypted, NULL); - printf("**Warning: app malloced cipherBuf, but got nonzero " - "remData!\n"); - if(newCdata == NULL) { - printf("Insufficient heap space\n"); - ocrtn = CSSM_ERRCODE_MEMORY_ERROR; - goto abort; - } - memmove(newCdata, ctext->Data, ctext->Length); - memmove(newCdata+ctext->Length, remData.Data, remData.Length); - CSSM_FREE(ctext->Data); - ctext->Data = newCdata; - } - else { - /* there's room left over */ - memmove(ctext->Data+ctext->Length, remData.Data, remData.Length); - } - ctext->Length = bytesEncrypted; - } - // NOTE: We return the proper length in ctext.... - ctext->Length = bytesEncrypted; - } - else { - savedErr = crtn; - restoreErr = CSSM_TRUE; - printError("CSSM_EncryptData", crtn); - } -abort: - crtn = CSSM_DeleteContext(cryptHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = crtn; - } - if(restoreErr) { - ocrtn = savedErr; - } - return ocrtn; -} - -#define PAD_IMPLIES_RAND_PTEXTSIZE 1 -#define LOG_STAGED_OPS 0 -#if LOG_STAGED_OPS -#define soprintf(s) printf s -#else -#define soprintf(s) -#endif - -CSSM_RETURN cspStagedEncrypt(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEED, etc. - uint32 mode, // CSSM_ALGMODE_CBC, etc. - only for symmetric algs - CSSM_PADDING padding, // CSSM_PADDING_PKCS1, etc. - const CSSM_KEY *key, // public or session key - const CSSM_KEY *pubKey, // for CSSM_ALGID_FEED, CSSM_ALGID_FEECFILE only - uint32 effectiveKeySizeInBits, // 0 means skip this attribute - uint32 cipherBlockSize, // ditto - uint32 rounds, // ditto - const CSSM_DATA *iv, // init vector, optional - const CSSM_DATA *ptext, - CSSM_DATA_PTR ctext, // RETURNED, we malloc - CSSM_BOOL multiUpdates) // false:single update, true:multi updates -{ - CSSM_CC_HANDLE cryptHand; - CSSM_RETURN crtn; - CSSM_SIZE bytesEncrypted; // per update - CSSM_SIZE bytesEncryptedTotal = 0; - CSSM_RETURN ocrtn = CSSM_OK; // 'our' crtn - unsigned toMove; // remaining - unsigned thisMove; // bytes to encrypt on this update - CSSM_DATA thisPtext; // running ptr into ptext - CSSM_DATA ctextWork; // per update, mallocd by CSP - CSSM_QUERY_SIZE_DATA querySize; - uint8 *origCtext; // initial ctext->Data - unsigned origCtextLen; // amount we mallocd - CSSM_BOOL restoreErr = CSSM_FALSE; - CSSM_RETURN savedErr = CSSM_OK; - - - cryptHand = genCryptHandle(cspHand, - algorithm, - mode, - padding, - key, - pubKey, - iv, - effectiveKeySizeInBits, - rounds); - if(cryptHand == 0) { - return CSSMERR_CSP_INTERNAL_ERROR; - } - if(cipherBlockSize) { - crtn = AddContextAttribute(cryptHand, - CSSM_ATTRIBUTE_BLOCK_SIZE, - sizeof(uint32), - CAT_Uint32, - NULL, - cipherBlockSize); - if(crtn) { - printError("CSSM_UpdateContextAttributes", crtn); - goto abort; - } - } - - /* obtain total required ciphertext size and block size */ - querySize.SizeInputBlock = ptext->Length; - crtn = CSSM_QuerySize(cryptHand, - CSSM_TRUE, // encrypt - 1, - &querySize); - if(crtn) { - printError("CSSM_QuerySize(1)", crtn); - ocrtn = CSSMERR_CSP_INTERNAL_ERROR; - goto abort; - } - if(querySize.SizeOutputBlock == 0) { - /* CSP couldn't figure this out; skip our malloc - caller is taking its - * chances */ - printf("***cspStagedEncrypt: warning: cipherTextSize unknown; aborting\n"); - ocrtn = CSSMERR_CSP_INTERNAL_ERROR; - goto abort; - } - else { - origCtextLen = querySize.SizeOutputBlock; - if(algorithm == CSSM_ALGID_ASC) { - /* ASC is weird - the more chunks we do, the bigger the - * resulting ctext...*/ - origCtextLen *= 2; - } - ctext->Length = origCtextLen; - ctext->Data = origCtext = (uint8 *)appMalloc(origCtextLen, NULL); - if(ctext->Data == NULL) { - printf("Insufficient heap space\n"); - ocrtn = CSSMERR_CSP_MEMORY_ERROR; - goto abort; - } - memset(ctext->Data, 0, ctext->Length); - } - - crtn = CSSM_EncryptDataInit(cryptHand); - if(crtn) { - printError("CSSM_EncryptDataInit", crtn); - ocrtn = crtn; - goto abort; - } - - toMove = ptext->Length; - thisPtext.Data = ptext->Data; - while(toMove) { - if(multiUpdates) { - thisMove = genRand(1, toMove); - } - else { - /* just do one pass thru this loop */ - thisMove = toMove; - } - thisPtext.Length = thisMove; - /* let CSP do the individual mallocs */ - ctextWork.Data = NULL; - ctextWork.Length = 0; - soprintf(("*** EncryptDataUpdate: ptextLen 0x%x\n", thisMove)); - crtn = CSSM_EncryptDataUpdate(cryptHand, - &thisPtext, - 1, - &ctextWork, - 1, - &bytesEncrypted); - if(crtn) { - printError("CSSM_EncryptDataUpdate", crtn); - ocrtn = crtn; - goto abort; - } - // NOTE: We return the proper length in ctext.... - ctextWork.Length = bytesEncrypted; - soprintf(("*** EncryptDataUpdate: ptextLen 0x%x bytesEncrypted 0x%x\n", - thisMove, bytesEncrypted)); - thisPtext.Data += thisMove; - toMove -= thisMove; - if(bytesEncrypted > ctext->Length) { - printf("cspStagedEncrypt: ctext overflow!\n"); - ocrtn = crtn; - goto abort; - } - if(bytesEncrypted != 0) { - memmove(ctext->Data, ctextWork.Data, bytesEncrypted); - bytesEncryptedTotal += bytesEncrypted; - ctext->Data += bytesEncrypted; - ctext->Length -= bytesEncrypted; - } - if(ctextWork.Data != NULL) { - CSSM_FREE(ctextWork.Data); - } - } - /* OK, one more */ - ctextWork.Data = NULL; - ctextWork.Length = 0; - crtn = CSSM_EncryptDataFinal(cryptHand, &ctextWork); - if(crtn) { - printError("CSSM_EncryptDataFinal", crtn); - savedErr = crtn; - restoreErr = CSSM_TRUE; - goto abort; - } - if(ctextWork.Length != 0) { - bytesEncryptedTotal += ctextWork.Length; - if(ctextWork.Length > ctext->Length) { - printf("cspStagedEncrypt: ctext overflow (2)!\n"); - ocrtn = CSSMERR_CSP_INTERNAL_ERROR; - goto abort; - } - memmove(ctext->Data, ctextWork.Data, ctextWork.Length); - } - if(ctextWork.Data) { - /* this could have gotten mallocd and Length still be zero */ - CSSM_FREE(ctextWork.Data); - } - - /* retweeze ctext */ - ctext->Data = origCtext; - ctext->Length = bytesEncryptedTotal; -abort: - crtn = CSSM_DeleteContext(cryptHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = crtn; - } - if(restoreErr) { - /* give caller the error from the encrypt */ - ocrtn = savedErr; - } - return ocrtn; -} - -CSSM_RETURN cspDecrypt(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEED, etc. - uint32 mode, // CSSM_ALGMODE_CBC, etc. - only for symmetric algs - CSSM_PADDING padding, // CSSM_PADDING_PKCS1, etc. - const CSSM_KEY *key, // public or session key - const CSSM_KEY *pubKey, // for CSSM_ALGID_FEED, CSSM_ALGID_FEECFILE only - uint32 effectiveKeySizeInBits, // 0 means skip this attribute - uint32 rounds, // ditto - const CSSM_DATA *iv, // init vector, optional - const CSSM_DATA *ctext, - CSSM_DATA_PTR ptext, // RETURNED - CSSM_BOOL mallocPtext) // if true and ptext->Length = 0, - // we'll malloc -{ - CSSM_CC_HANDLE cryptHand; - CSSM_RETURN crtn; - CSSM_RETURN ocrtn = CSSM_OK; - CSSM_SIZE bytesDecrypted; - CSSM_DATA remData = {0, NULL}; - unsigned origPtextLen; // the amount we malloc, if any - - cryptHand = genCryptHandle(cspHand, - algorithm, - mode, - padding, - key, - pubKey, - iv, - effectiveKeySizeInBits, - rounds); - if(cryptHand == 0) { - return CSSMERR_CSP_INTERNAL_ERROR; - } - if(mallocPtext && (ptext->Length == 0)) { - CSSM_QUERY_SIZE_DATA querySize; - querySize.SizeInputBlock = ctext->Length; - crtn = CSSM_QuerySize(cryptHand, - CSSM_FALSE, // encrypt - 1, - &querySize); - if(crtn) { - printError("CSSM_QuerySize", crtn); - ocrtn = crtn; - goto abort; - } - if(querySize.SizeOutputBlock == 0) { - /* CSP couldn't figure this one out; skip our malloc */ - printf("***cspDecrypt: warning: plainTextSize unknown; " - "skipping malloc\n"); - origPtextLen = 0; - } - else { - ptext->Data = - (uint8 *)appMalloc(querySize.SizeOutputBlock, NULL); - if(ptext->Data == NULL) { - printf("Insufficient heap space\n"); - ocrtn = CSSMERR_CSP_MEMORY_ERROR; - goto abort; - } - ptext->Length = origPtextLen = querySize.SizeOutputBlock; - memset(ptext->Data, 0, ptext->Length); - } - } - else { - origPtextLen = ptext->Length; - } - crtn = CSSM_DecryptData(cryptHand, - ctext, - 1, - ptext, - 1, - &bytesDecrypted, - &remData); - if(crtn == CSSM_OK) { - /* - * Deal with remData - its contents are included in bytesDecrypted. - */ - if((remData.Length != 0) && mallocPtext) { - /* shouldn't happen - right? */ - if(bytesDecrypted > origPtextLen) { - /* malloc and copy a new one */ - uint8 *newPdata = (uint8 *)appMalloc(bytesDecrypted, NULL); - printf("**Warning: app malloced ClearBuf, but got nonzero " - "remData!\n"); - if(newPdata == NULL) { - printf("Insufficient heap space\n"); - ocrtn = CSSMERR_CSP_MEMORY_ERROR; - goto abort; - } - memmove(newPdata, ptext->Data, ptext->Length); - memmove(newPdata + ptext->Length, - remData.Data, remData.Length); - CSSM_FREE(ptext->Data); - ptext->Data = newPdata; - } - else { - /* there's room left over */ - memmove(ptext->Data + ptext->Length, - remData.Data, remData.Length); - } - ptext->Length = bytesDecrypted; - } - // NOTE: We return the proper length in ptext.... - ptext->Length = bytesDecrypted; - - // FIXME - sometimes get mallocd RemData here, but never any valid data - // there...side effect of CSPFullPluginSession's buffer handling logic; - // but will we ever actually see valid data in RemData? So far we never - // have.... - if(remData.Data != NULL) { - appFree(remData.Data, NULL); - } - } - else { - printError("CSSM_DecryptData", crtn); - ocrtn = crtn; - } -abort: - crtn = CSSM_DeleteContext(cryptHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = crtn; - } - return ocrtn; -} - -CSSM_RETURN cspStagedDecrypt(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEED, etc. - uint32 mode, // CSSM_ALGMODE_CBC, etc. - only for symmetric algs - CSSM_PADDING padding, // CSSM_PADDING_PKCS1, etc. - const CSSM_KEY *key, // public or session key - const CSSM_KEY *pubKey, // for CSSM_ALGID_FEED, CSSM_ALGID_FEECFILE only - uint32 effectiveKeySizeInBits, // 0 means skip this attribute - uint32 cipherBlockSize, // ditto - uint32 rounds, // ditto - const CSSM_DATA *iv, // init vector, optional - const CSSM_DATA *ctext, - CSSM_DATA_PTR ptext, // RETURNED, we malloc - CSSM_BOOL multiUpdates) // false:single update, true:multi updates -{ - CSSM_CC_HANDLE cryptHand; - CSSM_RETURN crtn; - CSSM_SIZE bytesDecrypted; // per update - CSSM_SIZE bytesDecryptedTotal = 0; - CSSM_RETURN ocrtn = CSSM_OK; // 'our' crtn - unsigned toMove; // remaining - unsigned thisMove; // bytes to encrypt on this update - CSSM_DATA thisCtext; // running ptr into ptext - CSSM_DATA ptextWork; // per update, mallocd by CSP - CSSM_QUERY_SIZE_DATA querySize; - uint8 *origPtext; // initial ptext->Data - unsigned origPtextLen; // amount we mallocd - - cryptHand = genCryptHandle(cspHand, - algorithm, - mode, - padding, - key, - pubKey, - iv, - effectiveKeySizeInBits, - rounds); - if(cryptHand == 0) { - return CSSMERR_CSP_INTERNAL_ERROR; - } - if(cipherBlockSize) { - crtn = AddContextAttribute(cryptHand, - CSSM_ATTRIBUTE_BLOCK_SIZE, - sizeof(uint32), - CAT_Uint32, - NULL, - cipherBlockSize); - if(crtn) { - printError("CSSM_UpdateContextAttributes", crtn); - goto abort; - } - } - - /* obtain total required ciphertext size and block size */ - querySize.SizeInputBlock = ctext->Length; - crtn = CSSM_QuerySize(cryptHand, - CSSM_FALSE, // encrypt - 1, - &querySize); - if(crtn) { - printError("CSSM_QuerySize(1)", crtn); - ocrtn = crtn; - goto abort; - } - - /* required ptext size should be independent of number of chunks */ - if(querySize.SizeOutputBlock == 0) { - printf("***warning: cspStagedDecrypt: plainTextSize unknown; aborting\n"); - ocrtn = CSSMERR_CSP_INTERNAL_ERROR; - goto abort; - } - else { - // until exit, ptext->Length indicates remaining bytes of usable data in - // ptext->Data - ptext->Length = origPtextLen = querySize.SizeOutputBlock; - ptext->Data = origPtext = - (uint8 *)appMalloc(origPtextLen, NULL); - if(ptext->Data == NULL) { - printf("Insufficient heap space\n"); - ocrtn = CSSMERR_CSP_INTERNAL_ERROR; - goto abort; - } - memset(ptext->Data, 0, ptext->Length); - } - - crtn = CSSM_DecryptDataInit(cryptHand); - if(crtn) { - printError("CSSM_DecryptDataInit", crtn); - ocrtn = crtn; - goto abort; - } - toMove = ctext->Length; - thisCtext.Data = ctext->Data; - while(toMove) { - if(multiUpdates) { - thisMove = genRand(1, toMove); - } - else { - /* just do one pass thru this loop */ - thisMove = toMove; - } - thisCtext.Length = thisMove; - /* let CSP do the individual mallocs */ - ptextWork.Data = NULL; - ptextWork.Length = 0; - soprintf(("*** DecryptDataUpdate: ctextLen 0x%x\n", thisMove)); - crtn = CSSM_DecryptDataUpdate(cryptHand, - &thisCtext, - 1, - &ptextWork, - 1, - &bytesDecrypted); - if(crtn) { - printError("CSSM_DecryptDataUpdate", crtn); - ocrtn = crtn; - goto abort; - } - // - // NOTE: We return the proper length in ptext.... - ptextWork.Length = bytesDecrypted; - thisCtext.Data += thisMove; - toMove -= thisMove; - if(bytesDecrypted > ptext->Length) { - printf("cspStagedDecrypt: ptext overflow!\n"); - ocrtn = CSSMERR_CSP_INTERNAL_ERROR; - goto abort; - } - if(bytesDecrypted != 0) { - memmove(ptext->Data, ptextWork.Data, bytesDecrypted); - bytesDecryptedTotal += bytesDecrypted; - ptext->Data += bytesDecrypted; - ptext->Length -= bytesDecrypted; - } - if(ptextWork.Data != NULL) { - CSSM_FREE(ptextWork.Data); - } - } - /* OK, one more */ - ptextWork.Data = NULL; - ptextWork.Length = 0; - crtn = CSSM_DecryptDataFinal(cryptHand, &ptextWork); - if(crtn) { - printError("CSSM_DecryptDataFinal", crtn); - ocrtn = crtn; - goto abort; - } - if(ptextWork.Length != 0) { - bytesDecryptedTotal += ptextWork.Length; - if(ptextWork.Length > ptext->Length) { - printf("cspStagedDecrypt: ptext overflow (2)!\n"); - ocrtn = CSSMERR_CSP_INTERNAL_ERROR; - goto abort; - } - memmove(ptext->Data, ptextWork.Data, ptextWork.Length); - } - if(ptextWork.Data) { - /* this could have gotten mallocd and Length still be zero */ - CSSM_FREE(ptextWork.Data); - } - - /* retweeze ptext */ - ptext->Data = origPtext; - ptext->Length = bytesDecryptedTotal; -abort: - crtn = CSSM_DeleteContext(cryptHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = crtn; - } - return ocrtn; -} - -#pragma mark --------- sign/verify/MAC --------- - -/* - * Signature routines - * This all-in-one sign op has a special case for RSA keys. If the requested - * alg is MD5 or SHA1, we'll do a manual digest op followed by raw RSA sign. - * Likewise, if it's CSSM_ALGID_DSA, we'll do manual SHA1 digest followed by - * raw DSA sign. - */ - -CSSM_RETURN cspSign(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEE_MD5, etc. - CSSM_KEY_PTR key, // private key - const CSSM_DATA *text, - CSSM_DATA_PTR sig) // RETURNED -{ - CSSM_CC_HANDLE sigHand; - CSSM_RETURN crtn; - CSSM_RETURN ocrtn = CSSM_OK; - const CSSM_DATA *ptext; - CSSM_DATA digest = {0, NULL}; - CSSM_ALGORITHMS digestAlg = CSSM_ALGID_NONE; - - /* handle special cases for raw sign */ - switch(algorithm) { - case CSSM_ALGID_SHA1: - digestAlg = CSSM_ALGID_SHA1; - algorithm = CSSM_ALGID_RSA; - break; - case CSSM_ALGID_MD5: - digestAlg = CSSM_ALGID_MD5; - algorithm = CSSM_ALGID_RSA; - break; - case CSSM_ALGID_DSA: - digestAlg = CSSM_ALGID_SHA1; - algorithm = CSSM_ALGID_DSA; - break; - default: - break; - } - if(digestAlg != CSSM_ALGID_NONE) { - crtn = cspDigest(cspHand, - digestAlg, - CSSM_FALSE, // mallocDigest - text, - &digest); - if(crtn) { - return crtn; - } - /* sign digest with raw RSA/DSA */ - ptext = &digest; - } - else { - ptext = text; - } - crtn = CSSM_CSP_CreateSignatureContext(cspHand, - algorithm, - NULL, // passPhrase - key, - &sigHand); - if(crtn) { - printError("CSSM_CSP_CreateSignatureContext (1)", crtn); - return crtn; - } - crtn = CSSM_SignData(sigHand, - ptext, - 1, - digestAlg, - sig); - if(crtn) { - printError("CSSM_SignData", crtn); - ocrtn = crtn; - } - crtn = CSSM_DeleteContext(sigHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = crtn; - } - if(digest.Data != NULL) { - CSSM_FREE(digest.Data); - } - return ocrtn; -} - -/* - * Staged sign. Each update does a random number of bytes 'till through. - */ -CSSM_RETURN cspStagedSign(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEE_MD5, etc. - CSSM_KEY_PTR key, // private key - const CSSM_DATA *text, - CSSM_BOOL multiUpdates, // false:single update, true:multi updates - CSSM_DATA_PTR sig) // RETURNED -{ - CSSM_CC_HANDLE sigHand; - CSSM_RETURN crtn; - CSSM_RETURN ocrtn = CSSM_OK; - unsigned thisMove; // this update - unsigned toMove; // total to go - CSSM_DATA thisText; // actaully passed to update - crtn = CSSM_CSP_CreateSignatureContext(cspHand, - algorithm, - NULL, // passPhrase - key, - &sigHand); - if(crtn) { - printError("CSSM_CSP_CreateSignatureContext (1)", crtn); - return crtn; - } - crtn = CSSM_SignDataInit(sigHand); - if(crtn) { - printError("CSSM_SignDataInit", crtn); - ocrtn = crtn; - goto abort; - } - toMove = text->Length; - thisText.Data = text->Data; - while(toMove) { - if(multiUpdates) { - thisMove = genRand(1, toMove); - } - else { - thisMove = toMove; - } - thisText.Length = thisMove; - crtn = CSSM_SignDataUpdate(sigHand, - &thisText, - 1); - if(crtn) { - printError("CSSM_SignDataUpdate", crtn); - ocrtn = crtn; - goto abort; - } - thisText.Data += thisMove; - toMove -= thisMove; - } - crtn = CSSM_SignDataFinal(sigHand, sig); - if(crtn) { - printError("CSSM_SignDataFinal", crtn); - ocrtn = crtn; - goto abort; - } -abort: - crtn = CSSM_DeleteContext(sigHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = crtn; - } - return ocrtn; -} - -/* - * This all-in-one verify op has a special case for RSA keys. If the requested - * alg is MD5 or SHA1, we'll do a manual digest op followed by raw RSA verify. - * Likewise, if it's CSSM_ALGID_DSA, we'll do manual SHA1 digest followed by - * raw DSA sign. - */ - -CSSM_RETURN cspSigVerify(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEE_MD5, etc. - CSSM_KEY_PTR key, // public key - const CSSM_DATA *text, - const CSSM_DATA *sig, - CSSM_RETURN expectResult) // expected result is verify failure - // CSSM_OK - expect success -{ - CSSM_CC_HANDLE sigHand; - CSSM_RETURN ocrtn = CSSM_OK; - CSSM_RETURN crtn; - const CSSM_DATA *ptext; - CSSM_DATA digest = {0, NULL}; - CSSM_ALGORITHMS digestAlg = CSSM_ALGID_NONE; - - /* handle special cases for raw sign */ - switch(algorithm) { - case CSSM_ALGID_SHA1: - digestAlg = CSSM_ALGID_SHA1; - algorithm = CSSM_ALGID_RSA; - break; - case CSSM_ALGID_MD5: - digestAlg = CSSM_ALGID_MD5; - algorithm = CSSM_ALGID_RSA; - break; - case CSSM_ALGID_DSA: - digestAlg = CSSM_ALGID_SHA1; - algorithm = CSSM_ALGID_DSA; - break; - default: - break; - } - if(digestAlg != CSSM_ALGID_NONE) { - crtn = cspDigest(cspHand, - digestAlg, - CSSM_FALSE, // mallocDigest - text, - &digest); - if(crtn) { - return crtn; - } - /* sign digest with raw RSA/DSA */ - ptext = &digest; - } - else { - ptext = text; - } - crtn = CSSM_CSP_CreateSignatureContext(cspHand, - algorithm, - NULL, // passPhrase - key, - &sigHand); - if(crtn) { - printError("CSSM_CSP_CreateSignatureContext (3)", crtn); - return crtn; - } - - crtn = CSSM_VerifyData(sigHand, - ptext, - 1, - digestAlg, - sig); - if(crtn != expectResult) { - if(!crtn) { - printf("Unexpected good Sig Verify\n"); - } - else { - printError("CSSM_VerifyData", crtn); - } - ocrtn = CSSMERR_CSSM_INTERNAL_ERROR; - } - crtn = CSSM_DeleteContext(sigHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = crtn; - } - if(digest.Data != NULL) { - CSSM_FREE(digest.Data); - } - return ocrtn; -} - -/* - * Staged verify. Each update does a random number of bytes 'till through. - */ -CSSM_RETURN cspStagedSigVerify(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEE_MD5, etc. - CSSM_KEY_PTR key, // private key - const CSSM_DATA *text, - const CSSM_DATA *sig, - CSSM_BOOL multiUpdates, // false:single update, true:multi updates - CSSM_RETURN expectResult) // expected result is verify failure - // CSSM_TRUE - expect success -{ - CSSM_CC_HANDLE sigHand; - CSSM_RETURN crtn; - CSSM_RETURN ocrtn = CSSM_OK; - unsigned thisMove; // this update - unsigned toMove; // total to go - CSSM_DATA thisText; // actaully passed to update - crtn = CSSM_CSP_CreateSignatureContext(cspHand, - algorithm, - NULL, // passPhrase - key, - &sigHand); - if(crtn) { - printError("CSSM_CSP_CreateSignatureContext (4)", crtn); - return crtn; - } - crtn = CSSM_VerifyDataInit(sigHand); - if(crtn) { - printError("CSSM_VerifyDataInit", crtn); - ocrtn = crtn; - goto abort; - } - toMove = text->Length; - thisText.Data = text->Data; - while(toMove) { - if(multiUpdates) { - thisMove = genRand(1, toMove); - } - else { - thisMove = toMove; - } - thisText.Length = thisMove; - crtn = CSSM_VerifyDataUpdate(sigHand, - &thisText, - 1); - if(crtn) { - printError("CSSM_VerifyDataUpdate", crtn); - ocrtn = crtn; - goto abort; - } - thisText.Data += thisMove; - toMove -= thisMove; - } - crtn = CSSM_VerifyDataFinal(sigHand, sig); - if(crtn != expectResult) { - if(crtn) { - printError("CSSM_VerifyDataFinal", crtn); - } - else { - printf("Unexpected good Staged Sig Verify\n"); - } - ocrtn = CSSMERR_CSSM_INTERNAL_ERROR; - } -abort: - crtn = CSSM_DeleteContext(sigHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = crtn; - } - return ocrtn; -} - -/* - * MAC routines - */ -CSSM_RETURN cspGenMac(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEE_MD5, etc. - CSSM_KEY_PTR key, // session key - const CSSM_DATA *text, - CSSM_DATA_PTR mac) // RETURNED -{ - CSSM_CC_HANDLE macHand; - CSSM_RETURN crtn; - CSSM_RETURN ocrtn = CSSM_OK; - crtn = CSSM_CSP_CreateMacContext(cspHand, - algorithm, - key, - &macHand); - if(crtn) { - printError("CSSM_CSP_CreateMacContext (1)", crtn); - return crtn; - } - crtn = CSSM_GenerateMac(macHand, - text, - 1, - mac); - if(crtn) { - printError("CSSM_GenerateMac", crtn); - ocrtn = crtn; - } - crtn = CSSM_DeleteContext(macHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = crtn; - } - return ocrtn; -} - -/* - * Staged generate mac. - */ -CSSM_RETURN cspStagedGenMac(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEE_MD5, etc. - CSSM_KEY_PTR key, // private key - const CSSM_DATA *text, - CSSM_BOOL mallocMac, // if true and digest->Length = 0, we'll - // malloc - CSSM_BOOL multiUpdates, // false:single update, true:multi updates - CSSM_DATA_PTR mac) // RETURNED -{ - CSSM_CC_HANDLE macHand; - CSSM_RETURN crtn; - CSSM_RETURN ocrtn = CSSM_OK; - unsigned thisMove; // this update - unsigned toMove; // total to go - CSSM_DATA thisText; // actaully passed to update - - crtn = CSSM_CSP_CreateMacContext(cspHand, - algorithm, - key, - &macHand); - if(crtn) { - printError("CSSM_CSP_CreateMacContext (2)", crtn); - return crtn; - } - - if(mallocMac && (mac->Length == 0)) { - /* malloc mac - ask CSP for size */ - CSSM_QUERY_SIZE_DATA querySize = {0, 0}; - crtn = CSSM_QuerySize(macHand, - CSSM_TRUE, // encrypt - 1, - &querySize); - if(crtn) { - printError("CSSM_QuerySize(mac)", crtn); - ocrtn = crtn; - goto abort; - } - if(querySize.SizeOutputBlock == 0) { - printf("Unknown mac size\n"); - ocrtn = CSSMERR_CSSM_INTERNAL_ERROR; - goto abort; - } - mac->Data = (uint8 *)appMalloc(querySize.SizeOutputBlock, NULL); - if(mac->Data == NULL) { - printf("malloc failure\n"); - ocrtn = CSSMERR_CSSM_MEMORY_ERROR; - goto abort; - } - mac->Length = querySize.SizeOutputBlock; - } - - crtn = CSSM_GenerateMacInit(macHand); - if(crtn) { - printError("CSSM_GenerateMacInit", crtn); - ocrtn = crtn; - goto abort; - } - toMove = text->Length; - thisText.Data = text->Data; - - while(toMove) { - if(multiUpdates) { - thisMove = genRand(1, toMove); - } - else { - thisMove = toMove; - } - thisText.Length = thisMove; - crtn = CSSM_GenerateMacUpdate(macHand, - &thisText, - 1); - if(crtn) { - printError("CSSM_GenerateMacUpdate", crtn); - ocrtn = crtn; - goto abort; - } - thisText.Data += thisMove; - toMove -= thisMove; - } - crtn = CSSM_GenerateMacFinal(macHand, mac); - if(crtn) { - printError("CSSM_GenerateMacFinal", crtn); - ocrtn = crtn; - goto abort; - } -abort: - crtn = CSSM_DeleteContext(macHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = crtn; - } - return ocrtn; -} - -CSSM_RETURN cspMacVerify(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEE_MD5, etc. - CSSM_KEY_PTR key, // public key - const CSSM_DATA *text, - const CSSM_DATA_PTR mac, - CSSM_RETURN expectResult) // expected result - // CSSM_OK - expect success -{ - CSSM_CC_HANDLE macHand; - CSSM_RETURN ocrtn = CSSM_OK; - CSSM_RETURN crtn; - crtn = CSSM_CSP_CreateMacContext(cspHand, - algorithm, - key, - &macHand); - if(crtn) { - printError("CSSM_CSP_CreateMacContext (3)", crtn); - return crtn; - } - crtn = CSSM_VerifyMac(macHand, - text, - 1, - mac); - if(crtn != expectResult) { - if(crtn) { - printError("CSSM_VerifyMac", crtn); - } - else { - printf("Unexpected good Mac Verify\n"); - } - ocrtn = CSSMERR_CSSM_INTERNAL_ERROR; - } - crtn = CSSM_DeleteContext(macHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = crtn; - } - return ocrtn; -} - -/* - * Staged mac verify. Each update does a random number of bytes 'till through. - */ -CSSM_RETURN cspStagedMacVerify(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEE_MD5, etc. - CSSM_KEY_PTR key, // private key - const CSSM_DATA *text, - const CSSM_DATA_PTR mac, - CSSM_BOOL multiUpdates, // false:single update, true:multi updates - CSSM_RETURN expectResult) // expected result is verify failure - // CSSM_OK - expect success -{ - CSSM_CC_HANDLE macHand; - CSSM_RETURN crtn; - CSSM_RETURN ocrtn = CSSM_OK; - unsigned thisMove; // this update - unsigned toMove; // total to go - CSSM_DATA thisText; // actaully passed to update - - crtn = CSSM_CSP_CreateMacContext(cspHand, - algorithm, - key, - &macHand); - if(crtn) { - printError("CSSM_CSP_CreateMacContext (4)", crtn); - return crtn; - } - crtn = CSSM_VerifyMacInit(macHand); - if(crtn) { - printError("CSSM_VerifyMacInit", crtn); - ocrtn = crtn; - goto abort; - } - toMove = text->Length; - thisText.Data = text->Data; - - while(toMove) { - if(multiUpdates) { - thisMove = genRand(1, toMove); - } - else { - thisMove = toMove; - } - thisText.Length = thisMove; - crtn = CSSM_VerifyMacUpdate(macHand, - &thisText, - 1); - if(crtn) { - printError("CSSM_VerifyMacUpdate", crtn); - ocrtn = crtn; - goto abort; - } - thisText.Data += thisMove; - toMove -= thisMove; - } - crtn = CSSM_VerifyMacFinal(macHand, mac); - if(crtn != expectResult) { - if(crtn) { - printError("CSSM_VerifyMacFinal", crtn); - } - else { - printf("Unexpected good Staged Mac Verify\n"); - } - ocrtn = CSSMERR_CSSM_INTERNAL_ERROR; - } -abort: - crtn = CSSM_DeleteContext(macHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = crtn; - } - return ocrtn; -} - -#pragma mark --------- Digest --------- - -/* - * Digest functions - */ -CSSM_RETURN cspDigest(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_MD5, etc. - CSSM_BOOL mallocDigest, // if true and digest->Length = 0, we'll malloc - const CSSM_DATA *text, - CSSM_DATA_PTR digest) -{ - CSSM_CC_HANDLE digestHand; - CSSM_RETURN crtn; - CSSM_RETURN ocrtn = CSSM_OK; - - crtn = CSSM_CSP_CreateDigestContext(cspHand, - algorithm, - &digestHand); - if(crtn) { - printError("CSSM_CSP_CreateDIgestContext (1)", crtn); - return crtn; - } - if(mallocDigest && (digest->Length == 0)) { - /* malloc digest - ask CSP for size */ - CSSM_QUERY_SIZE_DATA querySize = {0, 0}; - crtn = CSSM_QuerySize(digestHand, - CSSM_FALSE, // encrypt - 1, - &querySize); - if(crtn) { - printError("CSSM_QuerySize(3)", crtn); - ocrtn = crtn; - goto abort; - } - if(querySize.SizeOutputBlock == 0) { - printf("Unknown digest size\n"); - ocrtn = CSSMERR_CSSM_INTERNAL_ERROR; - goto abort; - } - digest->Data = (uint8 *)appMalloc(querySize.SizeOutputBlock, NULL); - if(digest->Data == NULL) { - printf("malloc failure\n"); - ocrtn = CSSMERR_CSSM_MEMORY_ERROR; - goto abort; - } - digest->Length = querySize.SizeOutputBlock; - } - crtn = CSSM_DigestData(digestHand, - text, - 1, - digest); - if(crtn) { - printError("CSSM_DigestData", crtn); - ocrtn = crtn; - } -abort: - crtn = CSSM_DeleteContext(digestHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = crtn; - } - return ocrtn; -} - -CSSM_RETURN cspStagedDigest(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_MD5, etc. - CSSM_BOOL mallocDigest, // if true and digest->Length = 0, we'll - // malloc - CSSM_BOOL multiUpdates, // false:single update, true:multi updates - const CSSM_DATA *text, - CSSM_DATA_PTR digest) -{ - CSSM_CC_HANDLE digestHand; - CSSM_RETURN crtn; - CSSM_RETURN ocrtn = CSSM_OK; - unsigned thisMove; // this update - unsigned toMove; // total to go - CSSM_DATA thisText; // actually passed to update - - crtn = CSSM_CSP_CreateDigestContext(cspHand, - algorithm, - &digestHand); - if(crtn) { - printError("CSSM_CSP_CreateDigestContext (2)", crtn); - return crtn; - } - if(mallocDigest && (digest->Length == 0)) { - /* malloc digest - ask CSP for size */ - CSSM_QUERY_SIZE_DATA querySize = {0, 0}; - crtn = CSSM_QuerySize(digestHand, - CSSM_FALSE, // encrypt - 1, - &querySize); - if(crtn) { - printError("CSSM_QuerySize(4)", crtn); - ocrtn = crtn; - goto abort; - } - if(querySize.SizeOutputBlock == 0) { - printf("Unknown digest size\n"); - ocrtn = CSSMERR_CSSM_INTERNAL_ERROR; - goto abort; - } - digest->Data = (uint8 *)appMalloc(querySize.SizeOutputBlock, NULL); - if(digest->Data == NULL) { - printf("malloc failure\n"); - ocrtn = CSSMERR_CSSM_MEMORY_ERROR; - goto abort; - } - digest->Length = querySize.SizeOutputBlock; - } - crtn = CSSM_DigestDataInit(digestHand); - if(crtn) { - printError("CSSM_DigestDataInit", crtn); - ocrtn = crtn; - goto abort; - } - toMove = text->Length; - thisText.Data = text->Data; - while(toMove) { - if(multiUpdates) { - thisMove = genRand(1, toMove); - } - else { - thisMove = toMove; - } - thisText.Length = thisMove; - crtn = CSSM_DigestDataUpdate(digestHand, - &thisText, - 1); - if(crtn) { - printError("CSSM_DigestDataUpdate", crtn); - ocrtn = crtn; - goto abort; - } - thisText.Data += thisMove; - toMove -= thisMove; - } - crtn = CSSM_DigestDataFinal(digestHand, digest); - if(crtn) { - printError("CSSM_DigestDataFinal", crtn); - ocrtn = crtn; - goto abort; - } -abort: - crtn = CSSM_DeleteContext(digestHand); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - ocrtn = crtn; - } - return ocrtn; -} - -#pragma mark --------- wrap/unwrap --------- - -/* wrap key function. */ -CSSM_RETURN cspWrapKey(CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *unwrappedKey, - const CSSM_KEY *wrappingKey, - CSSM_ALGORITHMS wrapAlg, - CSSM_ENCRYPT_MODE wrapMode, - CSSM_KEYBLOB_FORMAT wrapFormat, // NONE, PKCS7, PKCS8 - CSSM_PADDING wrapPad, - CSSM_DATA_PTR initVector, // for some wrapping algs - CSSM_DATA_PTR descrData, // optional - CSSM_KEY_PTR wrappedKey) // RETURNED -{ - CSSM_CC_HANDLE ccHand; - CSSM_RETURN crtn; - CSSM_ACCESS_CREDENTIALS creds; - - memset(wrappedKey, 0, sizeof(CSSM_KEY)); - setBadKeyData(wrappedKey); - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - /* special case for NULL wrap - no wrapping key */ - if((wrappingKey == NULL) || - (wrappingKey->KeyHeader.KeyClass == CSSM_KEYCLASS_SESSION_KEY)) { - crtn = CSSM_CSP_CreateSymmetricContext(cspHand, - wrapAlg, - wrapMode, - &creds, // passPhrase, - wrappingKey, - initVector, - wrapPad, // Padding - 0, // Params - &ccHand); - } - else { - crtn = CSSM_CSP_CreateAsymmetricContext(cspHand, - wrapAlg, - &creds, - wrappingKey, - wrapPad, // padding - &ccHand); - if(crtn) { - printError("cspWrapKey/CreateContext", crtn); - return crtn; - } - if(initVector) { - /* manually add IV for CMS. The actual low-level encrypt doesn't - * use it (and must ignore it). */ - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_INIT_VECTOR, - sizeof(CSSM_DATA), - CAT_Ptr, - initVector, - 0); - if(crtn) { - printError("CSSM_UpdateContextAttributes", crtn); - return crtn; - } - } - } - if(crtn) { - printError("cspWrapKey/CreateContext", crtn); - return crtn; - } - if(wrapFormat != CSSM_KEYBLOB_WRAPPED_FORMAT_NONE) { - /* only add this attribute if it's not the default */ - CSSM_CONTEXT_ATTRIBUTE attr; - attr.AttributeType = CSSM_ATTRIBUTE_WRAPPED_KEY_FORMAT; - attr.AttributeLength = sizeof(uint32); - attr.Attribute.Uint32 = wrapFormat; - crtn = CSSM_UpdateContextAttributes( - ccHand, - 1, - &attr); - if(crtn) { - printError("CSSM_UpdateContextAttributes", crtn); - return crtn; - } - } - crtn = CSSM_WrapKey(ccHand, - &creds, - unwrappedKey, - descrData, // DescriptiveData - wrappedKey); - if(crtn != CSSM_OK) { - printError("CSSM_WrapKey", crtn); - } - if(CSSM_DeleteContext(ccHand)) { - printf("CSSM_DeleteContext failure\n"); - } - return crtn; -} - -/* unwrap key function. */ -CSSM_RETURN cspUnwrapKey(CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *wrappedKey, - const CSSM_KEY *unwrappingKey, - CSSM_ALGORITHMS unwrapAlg, - CSSM_ENCRYPT_MODE unwrapMode, - CSSM_PADDING unwrapPad, - CSSM_DATA_PTR initVector, // for some wrapping algs - CSSM_KEY_PTR unwrappedKey, // RETURNED - CSSM_DATA_PTR descrData, // required - const char *keyLabel, - unsigned keyLabelLen) -{ - CSSM_CC_HANDLE ccHand; - CSSM_RETURN crtn; - CSSM_DATA labelData; - uint32 keyAttr; - CSSM_ACCESS_CREDENTIALS creds; - - memset(unwrappedKey, 0, sizeof(CSSM_KEY)); - setBadKeyData(unwrappedKey); - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - if((unwrappingKey == NULL) || - (unwrappingKey->KeyHeader.KeyClass == CSSM_KEYCLASS_SESSION_KEY)) { - crtn = CSSM_CSP_CreateSymmetricContext(cspHand, - unwrapAlg, - unwrapMode, - &creds, - unwrappingKey, - initVector, - unwrapPad, - 0, // Params - &ccHand); - } - else { - crtn = CSSM_CSP_CreateAsymmetricContext(cspHand, - unwrapAlg, - &creds, // passPhrase, - unwrappingKey, - unwrapPad, // Padding - &ccHand); - if(crtn) { - printError("cspUnwrapKey/CreateContext", crtn); - return crtn; - } - if(initVector) { - /* manually add IV for CMS. The actual low-level encrypt doesn't - * use it (and must ignore it). */ - crtn = AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_INIT_VECTOR, - sizeof(CSSM_DATA), - CAT_Ptr, - initVector, - 0); - if(crtn) { - printError("CSSM_UpdateContextAttributes", crtn); - return crtn; - } - } - } - if(crtn) { - printError("cspUnwrapKey/CreateContext", crtn); - return crtn; - } - labelData.Data = (uint8 *)keyLabel; - labelData.Length = keyLabelLen; - - /* - * New keyAttr - clear some old bits, make sure we ask for ref key - */ - keyAttr = wrappedKey->KeyHeader.KeyAttr; - keyAttr &= ~(CSSM_KEYATTR_ALWAYS_SENSITIVE | CSSM_KEYATTR_NEVER_EXTRACTABLE); - keyAttr |= CSSM_KEYATTR_RETURN_REF; - crtn = CSSM_UnwrapKey(ccHand, - NULL, // PublicKey - wrappedKey, - wrappedKey->KeyHeader.KeyUsage, - keyAttr, - &labelData, - NULL, // CredAndAclEntry - unwrappedKey, - descrData); // required - if(crtn != CSSM_OK) { - printError("CSSM_UnwrapKey", crtn); - } - if(CSSM_DeleteContext(ccHand)) { - printf("CSSM_DeleteContext failure\n"); - } - return crtn; -} - -/* - * Simple NULL wrap to convert a reference key to a raw key. - */ -CSSM_RETURN cspRefKeyToRaw( - CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *refKey, - CSSM_KEY_PTR rawKey) // init'd and RETURNED -{ - CSSM_DATA descData = {0, 0}; - - memset(rawKey, 0, sizeof(CSSM_KEY)); - return cspWrapKey(cspHand, - refKey, - NULL, // unwrappingKey - CSSM_ALGID_NONE, - CSSM_ALGMODE_NONE, - CSSM_KEYBLOB_WRAPPED_FORMAT_NONE, - CSSM_PADDING_NONE, - NULL, // IV - &descData, - rawKey); -} - -/* - * Convert ref key to raw key with specified format. - */ -CSSM_RETURN cspRefKeyToRawWithFormat( - CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *refKey, - CSSM_KEYBLOB_FORMAT format, - CSSM_KEY_PTR rawKey) // init'd and RETURNED -{ - memset(rawKey, 0, sizeof(CSSM_KEY)); - CSSM_ATTRIBUTE_TYPE attrType; - - switch(refKey->KeyHeader.KeyClass) { - case CSSM_KEYCLASS_PUBLIC_KEY: - attrType = CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT; - break; - case CSSM_KEYCLASS_PRIVATE_KEY: - attrType = CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT; - break; - case CSSM_KEYCLASS_SESSION_KEY: - attrType = CSSM_ATTRIBUTE_SYMMETRIC_KEY_FORMAT; - break; - default: - printf("***Unknown key class\n"); - return CSSMERR_CSP_INVALID_KEY; - } - - CSSM_DATA descData = {0, 0}; - CSSM_CC_HANDLE ccHand; - CSSM_RETURN crtn; -// uint32 keyAttr; - CSSM_ACCESS_CREDENTIALS creds; - - memset(rawKey, 0, sizeof(CSSM_KEY)); - memset(&creds, 0, sizeof(CSSM_ACCESS_CREDENTIALS)); - crtn = CSSM_CSP_CreateSymmetricContext(cspHand, - CSSM_ALGID_NONE, - CSSM_ALGMODE_NONE, - &creds, - NULL, // unwrappingKey - NULL, // initVector - CSSM_PADDING_NONE, - NULL, // Reserved - &ccHand); - if(crtn) { - printError("cspRefKeyToRawWithFormat/CreateContext", crtn); - return crtn; - } - - /* Add the spec for the resulting format */ - crtn = AddContextAttribute(ccHand, - attrType, - sizeof(uint32), - CAT_Uint32, - NULL, - format); - - crtn = CSSM_WrapKey(ccHand, - &creds, - refKey, - &descData, // DescriptiveData - rawKey); - if(crtn != CSSM_OK) { - printError("CSSM_WrapKey", crtn); - } - if(rawKey->KeyHeader.Format != format) { - printf("***cspRefKeyToRawWithFormat format scewup\n"); - crtn = CSSMERR_CSP_INTERNAL_ERROR; - } - if(CSSM_DeleteContext(ccHand)) { - printf("CSSM_DeleteContext failure\n"); - } - return crtn; -} - -/* unwrap raw key --> ref */ -CSSM_RETURN cspRawKeyToRef( - CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *rawKey, - CSSM_KEY_PTR refKey) // init'd and RETURNED -{ - CSSM_DATA descData = {0, 0}; - - memset(refKey, 0, sizeof(CSSM_KEY)); - return cspUnwrapKey(cspHand, - rawKey, - NULL, // unwrappingKey - CSSM_ALGID_NONE, - CSSM_ALGMODE_NONE, - CSSM_PADDING_NONE, - NULL, // init vector - refKey, - &descData, - "noLabel", - 7); -} - - -#pragma mark --------- FEE key/curve support --------- - -/* - * Generate random key size, primeType, curveType for FEE key for specified op. - * - * First just enumerate the curves we know about, with ECDSA-INcapable first - */ - -typedef struct { - uint32 keySizeInBits; - uint32 primeType; // CSSM_FEE_PRIME_TYPE_xxx - uint32 curveType; // CSSM_FEE_CURVE_TYPE_xxx -} feeCurveParams; - -#define FEE_PROTOTYPE_CURVES 0 -#if FEE_PROTOTYPE_CURVES -/* obsolete as of 4/9/2001 */ -static feeCurveParams feeCurves[] = { - { 31, CSSM_FEE_PRIME_TYPE_MERSENNE, CSSM_FEE_CURVE_TYPE_MONTGOMERY }, - { 127, CSSM_FEE_PRIME_TYPE_MERSENNE, CSSM_FEE_CURVE_TYPE_MONTGOMERY }, - { 127, CSSM_FEE_PRIME_TYPE_GENERAL, CSSM_FEE_CURVE_TYPE_MONTGOMERY }, - #define NUM_NON_ECDSA_CURVES 3 - - /* start of Weierstrass, IEEE P1363-capable curves */ - { 31, CSSM_FEE_PRIME_TYPE_MERSENNE, CSSM_FEE_CURVE_TYPE_WEIERSTRASS }, - { 40, CSSM_FEE_PRIME_TYPE_FEE, CSSM_FEE_CURVE_TYPE_WEIERSTRASS }, - { 127, CSSM_FEE_PRIME_TYPE_MERSENNE, CSSM_FEE_CURVE_TYPE_WEIERSTRASS }, - { 160, CSSM_FEE_PRIME_TYPE_FEE, CSSM_FEE_CURVE_TYPE_WEIERSTRASS }, - { 160, CSSM_FEE_PRIME_TYPE_GENERAL, CSSM_FEE_CURVE_TYPE_WEIERSTRASS }, - { 192, CSSM_FEE_PRIME_TYPE_FEE, CSSM_FEE_CURVE_TYPE_WEIERSTRASS }, -}; -#else /* FEE_PROTOTYPE_CURVES */ -static feeCurveParams feeCurves[] = { - { 31, CSSM_FEE_PRIME_TYPE_MERSENNE, CSSM_FEE_CURVE_TYPE_MONTGOMERY }, - { 127, CSSM_FEE_PRIME_TYPE_MERSENNE, CSSM_FEE_CURVE_TYPE_MONTGOMERY }, - #define NUM_NON_ECDSA_CURVES 2 - - /* start of Weierstrass, IEEE P1363-capable curves */ - { 31, CSSM_FEE_PRIME_TYPE_MERSENNE, CSSM_FEE_CURVE_TYPE_WEIERSTRASS }, - { 128, CSSM_FEE_PRIME_TYPE_FEE, CSSM_FEE_CURVE_TYPE_WEIERSTRASS }, - { 161, CSSM_FEE_PRIME_TYPE_FEE, CSSM_FEE_CURVE_TYPE_WEIERSTRASS }, - { 161, CSSM_FEE_PRIME_TYPE_GENERAL, CSSM_FEE_CURVE_TYPE_WEIERSTRASS }, - { 192, CSSM_FEE_PRIME_TYPE_GENERAL, CSSM_FEE_CURVE_TYPE_WEIERSTRASS }, -}; -#endif /* FEE_PROTOTYPE_CURVES */ -#define NUM_FEE_CURVES (sizeof(feeCurves) / sizeof(feeCurveParams)) - -void randFeeKeyParams( - CSSM_ALGORITHMS alg, // ALGID_FEED, CSSM_ALGID_FEE_MD5, etc. - uint32 *keySizeInBits, // RETURNED - uint32 *primeType, // CSSM_FEE_PRIME_TYPE_xxx, RETURNED - uint32 *curveType) // CSSM_FEE_CURVE_TYPE_xxx, RETURNED -{ - unsigned minParams; - unsigned die; - feeCurveParams *feeParams; - - switch(alg) { - case CSSM_ALGID_SHA1WithECDSA: - minParams = NUM_NON_ECDSA_CURVES; - break; - default: - minParams = 0; - break; - } - die = genRand(minParams, (NUM_FEE_CURVES - 1)); - feeParams = &feeCurves[die]; - *keySizeInBits = feeParams->keySizeInBits; - *primeType = feeParams->primeType; - *curveType = feeParams->curveType; -} - -/* - * Obtain strings for primeType and curveType. - */ -const char *primeTypeStr(uint32 primeType) -{ - const char *p; - switch(primeType) { - case CSSM_FEE_PRIME_TYPE_MERSENNE: - p = "Mersenne"; - break; - case CSSM_FEE_PRIME_TYPE_FEE: - p = "FEE"; - break; - case CSSM_FEE_PRIME_TYPE_GENERAL: - p = "General"; - break; - case CSSM_FEE_PRIME_TYPE_DEFAULT: - p = "Default"; - break; - default: - p = "***UNKNOWN***"; - break; - } - return p; -} - -const char *curveTypeStr(uint32 curveType) -{ - const char *c; - switch(curveType) { - case CSSM_FEE_CURVE_TYPE_DEFAULT: - c = "Default"; - break; - case CSSM_FEE_CURVE_TYPE_MONTGOMERY: - c = "Montgomery"; - break; - case CSSM_FEE_CURVE_TYPE_WEIERSTRASS: - c = "Weierstrass"; - break; - default: - c = "***UNKNOWN***"; - break; - } - return c; -} - -/* - * Perform FEE Key exchange via CSSM_DeriveKey. - */ -#if 0 -/* Not implemented in OS X */ -CSSM_RETURN cspFeeKeyExchange(CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR privKey, - CSSM_KEY_PTR pubKey, - CSSM_KEY_PTR derivedKey, // mallocd by caller - - /* remaining fields apply to derivedKey */ - uint32 keyAlg, - const char *keyLabel, - unsigned keyLabelLen, - uint32 keyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - uint32 keySizeInBits) -{ - CSSM_CC_HANDLE dkHand; - CSSM_RETURN crtn; - CSSM_DATA labelData; - - if(derivedKey == NULL) { - printf("cspFeeKeyExchange: no derivedKey\n"); - return CSSMERR_CSSM_INTERNAL_ERROR; - } - if((pubKey == NULL) || - (pubKey->KeyHeader.KeyClass != CSSM_KEYCLASS_PUBLIC_KEY) || - (pubKey->KeyHeader.BlobType != CSSM_KEYBLOB_RAW)) { - printf("cspFeeKeyExchange: bad pubKey\n"); - return CSSMERR_CSSM_INTERNAL_ERROR; - } - if((privKey == NULL) || - (privKey->KeyHeader.KeyClass != CSSM_KEYCLASS_PRIVATE_KEY) || - (privKey->KeyHeader.BlobType != CSSM_KEYBLOB_REFERENCE)) { - printf("cspFeeKeyExchange: bad privKey\n"); - return CSSMERR_CSSM_INTERNAL_ERROR; - } - memset(derivedKey, 0, sizeof(CSSM_KEY)); - - crtn = CSSM_CSP_CreateDeriveKeyContext(cspHand, - CSSM_ALGID_FEE_KEYEXCH, // AlgorithmID - keyAlg, // alg of the derived key - keySizeInBits, - NULL, // access creds - // FIXME - 0, // IterationCount - NULL, // Salt - NULL, // Seed - NULL); // PassPhrase - if(dkHand == 0) { - printError("CSSM_CSP_CreateDeriveKeyContext"); - return CSSM_FAIL; - } - labelData.Length = keyLabelLen; - labelData.Data = (uint8 *)keyLabel; - crtn = CSSM_DeriveKey(dkHand, - privKey, - &pubKey->KeyData, // Param - pub key blob - keyUsage, - CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE | - CSSM_KEYATTR_SENSITIVE, - &labelData, - derivedKey); - - /* FIXME - save/restore error */ - CSSM_DeleteContext(dkHand); - if(crtn) { - printError("CSSM_DeriveKey"); - } - return crtn; -} -#endif - -#pragma mark --------- Key/DL/DB support --------- - -/* - * Add a DL/DB handle to a crypto context. - */ -CSSM_RETURN cspAddDlDbToContext( - CSSM_CC_HANDLE ccHand, - CSSM_DL_HANDLE dlHand, - CSSM_DB_HANDLE dbHand) -{ - CSSM_DL_DB_HANDLE dlDb = { dlHand, dbHand }; - return AddContextAttribute(ccHand, - CSSM_ATTRIBUTE_DL_DB_HANDLE, - sizeof(CSSM_ATTRIBUTE_DL_DB_HANDLE), - CAT_Ptr, - &dlDb, - 0); -} - -/* - * Common routine to do a basic DB lookup by label and key type. - * Query is aborted prior to exit. - */ -static CSSM_DB_UNIQUE_RECORD_PTR dlLookup( - CSSM_DL_DB_HANDLE dlDbHand, - const CSSM_DATA *keyLabel, - CT_KeyType keyType, - CSSM_HANDLE *resultHand, // RETURNED - CSSM_DATA_PTR theData, // RETURED - CSSM_DB_RECORDTYPE *recordType) // RETURNED -{ - CSSM_QUERY query; - CSSM_SELECTION_PREDICATE predicate; - CSSM_DB_UNIQUE_RECORD_PTR record = NULL; - CSSM_RETURN crtn; - - switch(keyType) { - case CKT_Public: - query.RecordType = *recordType = CSSM_DL_DB_RECORD_PUBLIC_KEY; - break; - case CKT_Private: - query.RecordType = *recordType = CSSM_DL_DB_RECORD_PRIVATE_KEY; - break; - case CKT_Session: - query.RecordType = *recordType = CSSM_DL_DB_RECORD_SYMMETRIC_KEY; - break; - default: - printf("Hey bozo! Give me a valid key type!\n"); - return NULL; - } - query.Conjunctive = CSSM_DB_NONE; - query.NumSelectionPredicates = 1; - predicate.DbOperator = CSSM_DB_EQUAL; - - predicate.Attribute.Info.AttributeNameFormat = - CSSM_DB_ATTRIBUTE_NAME_AS_STRING; - predicate.Attribute.Info.Label.AttributeName = (char *) "Label"; - predicate.Attribute.Info.AttributeFormat = CSSM_DB_ATTRIBUTE_FORMAT_BLOB; - /* hope this cast is OK */ - predicate.Attribute.Value = (CSSM_DATA_PTR)keyLabel; - query.SelectionPredicate = &predicate; - - query.QueryLimits.TimeLimit = 0; // FIXME - meaningful? - query.QueryLimits.SizeLimit = 1; // FIXME - meaningful? - query.QueryFlags = CSSM_QUERY_RETURN_DATA; // FIXME - used? - - crtn = CSSM_DL_DataGetFirst(dlDbHand, - &query, - resultHand, - NULL, - theData, - &record); - /* abort only on success */ - if(crtn == CSSM_OK) { - crtn = CSSM_DL_DataAbortQuery(dlDbHand, *resultHand); - if(crtn) { - printError("CSSM_DL_AbortQuery", crtn); - return NULL; - } - } - return record; -} - -/* - * Look up a key by label and type. - */ -CSSM_KEY_PTR cspLookUpKeyByLabel( - CSSM_DL_HANDLE dlHand, - CSSM_DB_HANDLE dbHand, - const CSSM_DATA *labelData, - CT_KeyType keyType) -{ - CSSM_DB_UNIQUE_RECORD_PTR record; - CSSM_HANDLE resultHand; - CSSM_DATA theData; - CSSM_KEY_PTR key; - CSSM_DB_RECORDTYPE recordType; - CSSM_DL_DB_HANDLE dlDbHand; - - dlDbHand.DLHandle = dlHand; - dlDbHand.DBHandle = dbHand; - - theData.Length = 0; - theData.Data = NULL; - - record = dlLookup(dlDbHand, - labelData, - keyType, - &resultHand, - &theData, - &recordType); - if(record == NULL) { - //printf("cspLookUpKeyByLabel: key not found\n"); - return NULL; - } - key = (CSSM_KEY_PTR)theData.Data; - CSSM_DL_FreeUniqueRecord(dlDbHand, record); - return key; -} - -/* - * Delete and free a key - */ -CSSM_RETURN cspDeleteKey( - CSSM_CSP_HANDLE cspHand, // for free - CSSM_DL_HANDLE dlHand, // for delete - CSSM_DB_HANDLE dbHand, // ditto - const CSSM_DATA *labelData, - CSSM_KEY_PTR key) -{ - CSSM_DB_UNIQUE_RECORD_PTR record; - CSSM_HANDLE resultHand; - CT_KeyType keyType; - CSSM_RETURN crtn = CSSM_OK; - CSSM_DB_RECORDTYPE recordType; - CSSM_DL_DB_HANDLE dlDbHand; - - if(key->KeyHeader.KeyAttr & CSSM_KEYATTR_PERMANENT) { - /* first do a lookup based in this key's fields */ - switch(key->KeyHeader.KeyClass) { - case CSSM_KEYCLASS_PUBLIC_KEY: - keyType = CKT_Public; - break; - case CSSM_KEYCLASS_PRIVATE_KEY: - keyType = CKT_Private; - break; - case CSSM_KEYCLASS_SESSION_KEY: - keyType = CKT_Session; - break; - default: - printf("Hey bozo! Give me a valid key type!\n"); - return -1; - } - - dlDbHand.DLHandle = dlHand; - dlDbHand.DBHandle = dbHand; - - record = dlLookup(dlDbHand, - labelData, - keyType, - &resultHand, - NULL, // don't want actual data - &recordType); - if(record == NULL) { - printf("cspDeleteKey: key not found in DL\n"); - return CSSMERR_DL_RECORD_NOT_FOUND; - } - - /* OK, nuke it */ - crtn = CSSM_DL_DataDelete(dlDbHand, record); - if(crtn) { - printError("CSSM_DL_DataDelete", crtn); - } - CSSM_DL_FreeUniqueRecord(dlDbHand, record); - } - - /* CSSM_FreeKey() should fail due to the delete, but it will - * still free KeyData.... - * FIXME - we should be able to do this in this one single call - right? - */ - CSSM_FreeKey(cspHand, NULL, key, CSSM_FALSE); - - return crtn; -} - -/* - * Given any key in either blob or reference format, - * obtain the associated SHA-1 hash. - */ -CSSM_RETURN cspKeyHash( - CSSM_CSP_HANDLE cspHand, - const CSSM_KEY_PTR key, /* public key */ - CSSM_DATA_PTR *hashData) /* hash mallocd and RETURNED here */ -{ - CSSM_CC_HANDLE ccHand; - CSSM_RETURN crtn; - CSSM_DATA_PTR dp; - - *hashData = NULL; - - /* validate input params */ - if((key == NULL) || - (hashData == NULL)) { - printf("cspKeyHash: bogus args\n"); - return CSSMERR_CSSM_INTERNAL_ERROR; - } - - /* cook up a context for a passthrough op */ - crtn = CSSM_CSP_CreatePassThroughContext(cspHand, - key, - &ccHand); - if(ccHand == 0) { - printError("CSSM_CSP_CreatePassThroughContext", crtn); - return crtn; - } - - /* now it's up to the CSP */ - crtn = CSSM_CSP_PassThrough(ccHand, - CSSM_APPLECSP_KEYDIGEST, - NULL, - (void **)&dp); - if(crtn) { - printError("CSSM_CSP_PassThrough(PUBKEYHASH)", crtn); - } - else { - *hashData = dp; - crtn = CSSM_OK; - } - CSSM_DeleteContext(ccHand); - return crtn; -} - diff --git a/SecurityTests/cspxutils/utilLib/cspwrap.h b/SecurityTests/cspxutils/utilLib/cspwrap.h deleted file mode 100644 index 73bb61cf..00000000 --- a/SecurityTests/cspxutils/utilLib/cspwrap.h +++ /dev/null @@ -1,454 +0,0 @@ -/* Copyright (c) 1997,2003,2005-2006,2008 Apple Inc. - * - * cspwrap.h - wrappers to simplify access to CDSA - * - * Revision History - * ---------------- - * 3 May 2000 Doug Mitchell - * Ported to X/CDSA2. - * 12 Aug 1997 Doug Mitchell at Apple - * Created. - */ - -#ifndef _CSPWRAP_H_ -#define _CSPWRAP_H_ -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Bug/feature workaround flags - */ - -/* - * Doing a WrapKey requires Access Creds, which should be - * optional. Looks like this is not a bug. - */ -#define WRAP_KEY_REQUIRES_CREDS 1 - -/* - * encrypt/decrypt - cook up a context handle - */ -CSSM_CC_HANDLE genCryptHandle(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEED, etc. - uint32 mode, // CSSM_ALGMODE_CBC, etc. - only for symmetric algs - CSSM_PADDING padding, // CSSM_PADDING_PKCS1, etc. - const CSSM_KEY *key0, - const CSSM_KEY *key1, // for CSSM_ALGID_FEED only - must be the - // public key - const CSSM_DATA *iv, // optional - uint32 effectiveKeySizeInBits, // 0 means skip this attribute - uint32 rounds); // ditto -/* - * Key generation - */ -/* - * Specifying a keySize of CSP_KEY_SIZE_DEFAULT results in using the default - * key size for the specified algorithm. - */ -#define CSP_KEY_SIZE_DEFAULT 0 - -/* symmetric key sizes in bits */ -#define CSP_ASC_KEY_SIZE_DEFAULT (16 * 8) -#define CSP_DES_KEY_SIZE_DEFAULT (8 * 8) -#define CSP_DES3_KEY_SIZE_DEFAULT (24 * 8) -#define CSP_RC2_KEY_SIZE_DEFAULT (10 * 8) -#define CSP_RC4_KEY_SIZE_DEFAULT (10 * 8) -#define CSP_RC5_KEY_SIZE_DEFAULT (10 * 8) -#define CSP_AES_KEY_SIZE_DEFAULT 128 -#define CSP_BFISH_KEY_SIZE_DEFAULT 128 -#define CSP_CAST_KEY_SIZE_DEFAULT 128 -#define CSP_IDEA_KEY_SIZE_DEFAULT 128 /* fixed */ -#define CSP_HMAC_SHA_KEY_SIZE_DEFAULT (20 * 8) -#define CSP_HMAC_MD5_KEY_SIZE_DEFAULT (16 * 8) -#define CSP_NULL_CRYPT_KEY_SIZE_DEF (16 * 8) - -/* asymmetric key sizes in bits */ -/* note: we now use AI_RSAStrongKeyGen for RSA key pair - * generate; this requires at least 512 bits and also that - * the key size be a multiple of 16. */ -#define CSP_FEE_KEY_SIZE_DEFAULT 128 -#define CSP_ECDSA_KEY_SIZE_DEFAULT 256 -#define CSP_RSA_KEY_SIZE_DEFAULT 1024 /* min for SHA512/RSA */ -#define CSP_DSA_KEY_SIZE_DEFAULT 512 - -/* - * Generate key pair of arbitrary algorithm. - */ -extern CSSM_RETURN cspGenKeyPair(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, - const char *keyLabel, - unsigned keyLabelLen, - uint32 keySizeInBits, - CSSM_KEY_PTR pubKey, // mallocd by caller - CSSM_BOOL pubIsRef, // true - reference key, false - data - uint32 pubKeyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - CSSM_KEYBLOB_FORMAT pubFormat, // Optional. Specify 0 or CSSM_KEYBLOB_RAW_FORMAT_NONE - // to get the default format. - CSSM_KEY_PTR privKey, // mallocd by caller - always returned as ref - CSSM_BOOL privIsRef, // true - reference key, false - data - uint32 privKeyUsage, // CSSM_KEYUSE_DECRYPT, etc. - CSSM_KEYBLOB_FORMAT privFormat, // optional 0 ==> default - CSSM_BOOL genSeed); // FEE only. True: we generate seed and CSP - // will hash it. False: CSP generates random - // seed. - -/* - * Generate FEE key pair with optional primeType, curveType, and seed (password) data. - */ -extern CSSM_RETURN cspGenFEEKeyPair(CSSM_CSP_HANDLE cspHand, - const char *keyLabel, - unsigned keyLabelLen, - uint32 keySize, // in bits - uint32 primeType, // CSSM_FEE_PRIME_TYPE_MERSENNE, etc. - uint32 curveType, // CSSM_FEE_CURVE_TYPE_MONTGOMERY, etc. - CSSM_KEY_PTR pubKey, // mallocd by caller - CSSM_BOOL pubIsRef, // true - reference key, false - data - uint32 pubKeyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - CSSM_KEYBLOB_FORMAT pubFormat, // Optional. Specify 0 or CSSM_KEYBLOB_RAW_FORMAT_NONE - // to get the default format. - CSSM_KEY_PTR privKey, // mallocd by caller - CSSM_BOOL privIsRef, // true - reference key, false - data - uint32 privKeyUsage, // CSSM_KEYUSE_DECRYPT, etc. - CSSM_KEYBLOB_FORMAT privFormat, // optional 0 ==> default - const CSSM_DATA *seedData); // Present: CSP will hash this for private data. - // NULL: CSP generates random seed. - -/* - * Generate DSA key pair with optional generateAlgParams. - */ -extern CSSM_RETURN cspGenDSAKeyPair(CSSM_CSP_HANDLE cspHand, - const char *keyLabel, - unsigned keyLabelLen, - uint32 keySize, // in bits - CSSM_KEY_PTR pubKey, // mallocd by caller - CSSM_BOOL pubIsRef, // true - reference key, false - data - uint32 pubKeyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - CSSM_KEYBLOB_FORMAT pubFormat, // Optional. Specify 0 or CSSM_KEYBLOB_RAW_FORMAT_NONE - // to get the default format. - CSSM_KEY_PTR privKey, // mallocd by caller - CSSM_BOOL privIsRef, // true - reference key, false - data - uint32 privKeyUsage, // CSSM_KEYUSE_DECRYPT, etc. - CSSM_KEYBLOB_FORMAT privFormat, // Optional. Specify 0 or CSSM_KEYBLOB_RAW_FORMAT_NONE - // to get the default format. - CSSM_BOOL genParams, - CSSM_DATA_PTR paramData); // optional - -/* - * Create a symmetric key. - */ -extern CSSM_KEY_PTR cspGenSymKey(CSSM_CSP_HANDLE cspHand, - uint32 alg, - const char *keyLabel, - unsigned keyLabelLen, - uint32 keyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - uint32 keySizeInBits, - CSSM_BOOL refKey); // true - reference key, false - data - -/* - * Derive symmetric key using PBE. - */ -CSSM_KEY_PTR cspDeriveKey(CSSM_CSP_HANDLE cspHand, - uint32 deriveAlg, // CSSM_ALGID_MD5_PBE, etc. - uint32 keyAlg, // CSSM_ALGID_RC5, etc. - const char *keyLabel, - unsigned keyLabelLen, - uint32 keyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - uint32 keySizeInBits, - CSSM_BOOL isRefKey, - CSSM_DATA_PTR password, // in PKCS-5 lingo - CSSM_DATA_PTR salt, // ditto - uint32 iterationCnt, // ditto - CSSM_DATA_PTR initVector); // mallocd & RETURNED - -/* - * Encrypt/Decrypt - these work for both symmetric and asymmetric algorithms. - */ -CSSM_RETURN cspEncrypt(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEED, etc. - uint32 mode, // CSSM_ALGMODE_CBC, etc. - only for - // symmetric algs - CSSM_PADDING padding, // CSSM_PADDING_PKCS1, etc. - const CSSM_KEY *key, // public or session key - const CSSM_KEY *pubKey, // for CSSM_ALGID_{FEED,FEECFILE} only - uint32 effectiveKeySizeInBits, // 0 means skip this attribute - uint32 rounds, // ditto - const CSSM_DATA *iv, // init vector, optional - const CSSM_DATA *ptext, - CSSM_DATA_PTR ctext, // RETURNED - CSSM_BOOL mallocCtext); - -CSSM_RETURN cspStagedEncrypt(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEED, etc. - uint32 mode, // CSSM_ALGMODE_CBC, etc. - only for - // symmetric algs - CSSM_PADDING padding, // CSSM_PADDING_PKCS1, etc. - const CSSM_KEY *key, // public or session key - const CSSM_KEY *pubKey, // for CSSM_ALGID_{FEED,FEECFILE} only - uint32 effectiveKeySizeInBits, // 0 means skip this attribute - uint32 cipherBlockSize, // ditto, block size in bytes - uint32 rounds, // ditto - const CSSM_DATA *iv, // init vector, optional - const CSSM_DATA *ptext, - CSSM_DATA_PTR ctext, // RETURNED, we malloc - CSSM_BOOL multiUpdates); // false:single update, true:multi updates - -CSSM_RETURN cspDecrypt(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEED, etc. - uint32 mode, // CSSM_ALGMODE_CBC, etc. - only for - // symmetric algs - CSSM_PADDING padding, // CSSM_PADDING_PKCS1, etc. - const CSSM_KEY *key, // private or session key - const CSSM_KEY *pubKey, // for CSSM_ALGID_{FEED,FEECFILE} only - uint32 effectiveKeySizeInBits, // 0 means skip this attribute - uint32 rounds, // ditto - const CSSM_DATA *iv, // init vector, optional - const CSSM_DATA *ctext, - CSSM_DATA_PTR ptext, // RETURNED - CSSM_BOOL mallocPtext); - -CSSM_RETURN cspStagedDecrypt(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEED, etc. - uint32 mode, // CSSM_ALGMODE_CBC, etc. - only for - // symmetric algs - CSSM_PADDING padding, // CSSM_PADDING_PKCS1, etc. - const CSSM_KEY *key, // private or session key - const CSSM_KEY *pubKey, // for CSSM_ALGID_{FEED,FEECFILE} only - uint32 effectiveKeySizeInBits, // 0 means skip this attribute - uint32 cipherBlockSize, // ditto, block size in bytes - uint32 rounds, // ditto - const CSSM_DATA *iv, // init vector, optional - const CSSM_DATA *ctext, - CSSM_DATA_PTR ptext, // RETURNED, we malloc - CSSM_BOOL multiUpdates); // false:single update, true:multi updates - -/* - * Signature routines - */ -CSSM_RETURN cspSign(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEE_MD5, etc. - CSSM_KEY_PTR key, // private key - const CSSM_DATA *text, - CSSM_DATA_PTR sig); // RETURNED -CSSM_RETURN cspStagedSign(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEE_MD5, etc. - CSSM_KEY_PTR key, // private key - const CSSM_DATA *text, - CSSM_BOOL multiUpdates, // false:single update, true:multi updates - CSSM_DATA_PTR sig); // RETURNED -CSSM_RETURN cspSigVerify(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEE_MD5, etc. - CSSM_KEY_PTR key, // public key - const CSSM_DATA *text, - const CSSM_DATA *sig, - CSSM_RETURN expectResult); // expected result is verify failure - // CSSM_OK - expect success -CSSM_RETURN cspStagedSigVerify(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEE_MD5, etc. - CSSM_KEY_PTR key, // private key - const CSSM_DATA *text, - const CSSM_DATA *sig, - CSSM_BOOL multiUpdates, // false:single update, true:multi updates - CSSM_RETURN expectResult); // expected result is verify failure - // CSSM_OK - expect success - -/* - * MAC routines - */ -CSSM_RETURN cspGenMac(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_DES, etc. - CSSM_KEY_PTR key, // session key - const CSSM_DATA *text, - CSSM_DATA_PTR mac); // RETURNED -CSSM_RETURN cspStagedGenMac(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_FEE_MD5, etc. - CSSM_KEY_PTR key, // private key - const CSSM_DATA *text, - CSSM_BOOL mallocMac, // if true and digest->Length = 0, we'll - // malloc - CSSM_BOOL multiUpdates, // false:single update, true:multi updates - CSSM_DATA_PTR mac); // RETURNED -CSSM_RETURN cspMacVerify(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, - CSSM_KEY_PTR key, // public key - const CSSM_DATA *text, - const CSSM_DATA_PTR mac, - CSSM_RETURN expectResult); -CSSM_RETURN cspStagedMacVerify(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, - CSSM_KEY_PTR key, // private key - const CSSM_DATA *text, - const CSSM_DATA_PTR mac, - CSSM_BOOL multiUpdates, // false:single update, true:multi updates - CSSM_RETURN expectResult); - -/* - * Digest functions - */ -CSSM_RETURN cspDigest(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_MD5, etc. - CSSM_BOOL mallocDigest, // if true and digest->Length = 0, we'll malloc - const CSSM_DATA *text, - CSSM_DATA_PTR digest); -CSSM_RETURN cspStagedDigest(CSSM_CSP_HANDLE cspHand, - uint32 algorithm, // CSSM_ALGID_MD5, etc. - CSSM_BOOL mallocDigest, // if true and digest->Length = 0, we'll malloc - CSSM_BOOL multiUpdates, // false:single update, true:multi updates - const CSSM_DATA *text, - CSSM_DATA_PTR digest); -CSSM_RETURN cspFreeKey(CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR key); - -/* - * Perform FEE Key exchange via CSSM_DeriveKey. - */ -CSSM_RETURN cspFeeKeyExchange(CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR privKey, - CSSM_KEY_PTR pubKey, - CSSM_KEY_PTR derivedKey, // mallocd by caller - - /* remaining fields apply to derivedKey */ - uint32 keyAlg, - const char *keyLabel, - unsigned keyLabelLen, - uint32 keyUsage, // CSSM_KEYUSE_ENCRYPT, etc. - uint32 keySizeInBits); - -/* - * wrap/unwrap key functions. - */ -CSSM_RETURN cspWrapKey(CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *unwrappedKey, - const CSSM_KEY *wrappingKey, - CSSM_ALGORITHMS wrapAlg, - CSSM_ENCRYPT_MODE wrapMode, - CSSM_KEYBLOB_FORMAT wrapFormat, // NONE, PKCS7, PKCS8 - CSSM_PADDING wrapPad, - CSSM_DATA_PTR initVector, // for some wrapping algs - CSSM_DATA_PTR descrData, // optional - CSSM_KEY_PTR wrappedKey); // RETURNED -CSSM_RETURN cspUnwrapKey(CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *wrappedKey, - const CSSM_KEY *unwrappingKey, - CSSM_ALGORITHMS unwrapAlg, - CSSM_ENCRYPT_MODE unwrapMode, - CSSM_PADDING unwrapPad, - CSSM_DATA_PTR initVector, // for some wrapping algs - CSSM_KEY_PTR unwrappedKey, // RETURNED - CSSM_DATA_PTR descrData, // required - const char *keyLabel, - unsigned keyLabelLen); - -/* generate a random and reasonable key size in bits for specified CSSM algorithm */ -typedef enum { - OT_Sign, - OT_Encrypt, - OT_KeyExch -} opType; - -#define MAX_KEY_SIZE_RC245_BYTES 64 /* max bytes, RC2, RC4, RC5 */ - -uint32 randKeySizeBits(uint32 alg, opType op); -uint32 cspDefaultKeySize(uint32 alg); - -/* - * Generate random key size, primeType, curveType for FEE key for specified op. - */ -void randFeeKeyParams( - CSSM_ALGORITHMS alg, // ALGID_FEED, CSSM_ALGID_FEE_MD5, etc. - uint32 *keySizeInBits, // RETURNED - uint32 *primeType, // CSSM_FEE_PRIME_TYPE_xxx, RETURNED - uint32 *curveType); // CSSM_FEE_CURVE_TYPE_xxx, RETURNED - -/* - * Obtain strings for primeType and curveType. - */ -const char *primeTypeStr(uint32 primeType); -const char *curveTypeStr(uint32 curveType); - -/* - * Given any key in either blob or reference format, - * obtain the associated SHA-1 hash. - */ -CSSM_RETURN cspKeyHash( - CSSM_CSP_HANDLE cspHand, - const CSSM_KEY_PTR key, /* public key */ - CSSM_DATA_PTR *hashData); /* hash mallocd and RETURNED here */ - -/* wrap ref key --> raw key */ -CSSM_RETURN cspRefKeyToRaw( - CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *refKey, - CSSM_KEY_PTR rawKey); // init'd and RETURNED - -/* - * Convert ref key to raw key with specified format. - */ -CSSM_RETURN cspRefKeyToRawWithFormat( - CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *refKey, - CSSM_KEYBLOB_FORMAT format, - CSSM_KEY_PTR rawKey); // init'd and RETURNED - -/* unwrap raw key --> ref */ -CSSM_RETURN cspRawKeyToRef( - CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *rawKey, - CSSM_KEY_PTR refKey); // init'd and RETURNED - -/* - * Cook up a symmetric key with specified key bits and other - * params. Currently the CSPDL can only deal with reference keys except when - * doing wrap/unwrap, so we manually cook up a raw key, then we null-unwrap it. - */ -CSSM_RETURN cspGenSymKeyWithBits( - CSSM_CSP_HANDLE cspHand, - CSSM_ALGORITHMS keyAlg, - CSSM_KEYUSE keyUsage, - const CSSM_DATA *keyBits, - unsigned keySizeInBytes, - CSSM_KEY_PTR refKey); // init'd and RETURNED - -/* - * Add a DL/DB handle to a crypto context. - */ -CSSM_RETURN cspAddDlDbToContext( - CSSM_CC_HANDLE ccHand, - CSSM_DL_HANDLE dlHand, - CSSM_DB_HANDLE dbHand); - -/* - * Look up a key by label and type. - */ -typedef enum { - CKT_Public = 1, - CKT_Private = 2, - CKT_Session = 3 - /* any others? */ -} CT_KeyType; - -CSSM_KEY_PTR cspLookUpKeyByLabel( - CSSM_DL_HANDLE dlHand, - CSSM_DB_HANDLE dbHand, - const CSSM_DATA *labelData, - CT_KeyType keyType); - -/* - * Delete and free a key - */ -CSSM_RETURN cspDeleteKey( - CSSM_CSP_HANDLE cspHand, // for free - CSSM_DL_HANDLE dlHand, // for delete - CSSM_DB_HANDLE dbHand, // ditto - const CSSM_DATA *labelData, - CSSM_KEY_PTR key); - -// temp hack -#define CSSM_ALGID_FEECFILE (CSSM_ALGID_VENDOR_DEFINED + 102) - -#ifdef __cplusplus -} -#endif -#endif /* _CSPWRAP_H_ */ diff --git a/SecurityTests/cspxutils/utilLib/cssmErrorStrings.h b/SecurityTests/cspxutils/utilLib/cssmErrorStrings.h deleted file mode 100644 index e5a82472..00000000 --- a/SecurityTests/cspxutils/utilLib/cssmErrorStrings.h +++ /dev/null @@ -1,532 +0,0 @@ -/* - * This file autogenerated by genErrorStrings. Do not edit. - */ - -#include - -typedef struct { - CSSM_RETURN errCode; - const char *errStr; -} ErrString; - -static const ErrString errStrings[] = { - { CSSM_OK,"CSSM_OK"}, - /* Error codes from cssmerr.h */ - { CSSMERR_CSSM_INVALID_ADDIN_HANDLE,"CSSMERR_CSSM_INVALID_ADDIN_HANDLE"}, - { CSSMERR_CSSM_NOT_INITIALIZED,"CSSMERR_CSSM_NOT_INITIALIZED"}, - { CSSMERR_CSSM_INVALID_HANDLE_USAGE,"CSSMERR_CSSM_INVALID_HANDLE_USAGE"}, - { CSSMERR_CSSM_PVC_REFERENT_NOT_FOUND,"CSSMERR_CSSM_PVC_REFERENT_NOT_FOUND"}, - { CSSMERR_CSSM_FUNCTION_INTEGRITY_FAIL,"CSSMERR_CSSM_FUNCTION_INTEGRITY_FAIL"}, - { CSSMERR_CSSM_INTERNAL_ERROR,"CSSMERR_CSSM_INTERNAL_ERROR"}, - { CSSMERR_CSSM_MEMORY_ERROR,"CSSMERR_CSSM_MEMORY_ERROR"}, - { CSSMERR_CSSM_MDS_ERROR,"CSSMERR_CSSM_MDS_ERROR"}, - { CSSMERR_CSSM_INVALID_POINTER,"CSSMERR_CSSM_INVALID_POINTER"}, - { CSSMERR_CSSM_INVALID_INPUT_POINTER,"CSSMERR_CSSM_INVALID_INPUT_POINTER"}, - { CSSMERR_CSSM_INVALID_OUTPUT_POINTER,"CSSMERR_CSSM_INVALID_OUTPUT_POINTER"}, - { CSSMERR_CSSM_FUNCTION_NOT_IMPLEMENTED,"CSSMERR_CSSM_FUNCTION_NOT_IMPLEMENTED"}, - { CSSMERR_CSSM_SELF_CHECK_FAILED,"CSSMERR_CSSM_SELF_CHECK_FAILED"}, - { CSSMERR_CSSM_OS_ACCESS_DENIED,"CSSMERR_CSSM_OS_ACCESS_DENIED"}, - { CSSMERR_CSSM_FUNCTION_FAILED,"CSSMERR_CSSM_FUNCTION_FAILED"}, - { CSSMERR_CSSM_MODULE_MANIFEST_VERIFY_FAILED,"CSSMERR_CSSM_MODULE_MANIFEST_VERIFY_FAILED"}, - { CSSMERR_CSSM_INVALID_GUID,"CSSMERR_CSSM_INVALID_GUID"}, - { CSSMERR_CSSM_INVALID_CONTEXT_HANDLE,"CSSMERR_CSSM_INVALID_CONTEXT_HANDLE"}, - { CSSMERR_CSSM_INCOMPATIBLE_VERSION,"CSSMERR_CSSM_INCOMPATIBLE_VERSION"}, - { CSSMERR_CSSM_PRIVILEGE_NOT_GRANTED,"CSSMERR_CSSM_PRIVILEGE_NOT_GRANTED"}, - { CSSMERR_CSSM_SCOPE_NOT_SUPPORTED,"CSSMERR_CSSM_SCOPE_NOT_SUPPORTED"}, - { CSSMERR_CSSM_PVC_ALREADY_CONFIGURED,"CSSMERR_CSSM_PVC_ALREADY_CONFIGURED"}, - { CSSMERR_CSSM_INVALID_PVC,"CSSMERR_CSSM_INVALID_PVC"}, - { CSSMERR_CSSM_EMM_LOAD_FAILED,"CSSMERR_CSSM_EMM_LOAD_FAILED"}, - { CSSMERR_CSSM_EMM_UNLOAD_FAILED,"CSSMERR_CSSM_EMM_UNLOAD_FAILED"}, - { CSSMERR_CSSM_ADDIN_LOAD_FAILED,"CSSMERR_CSSM_ADDIN_LOAD_FAILED"}, - { CSSMERR_CSSM_INVALID_KEY_HIERARCHY,"CSSMERR_CSSM_INVALID_KEY_HIERARCHY"}, - { CSSMERR_CSSM_ADDIN_UNLOAD_FAILED,"CSSMERR_CSSM_ADDIN_UNLOAD_FAILED"}, - { CSSMERR_CSSM_LIB_REF_NOT_FOUND,"CSSMERR_CSSM_LIB_REF_NOT_FOUND"}, - { CSSMERR_CSSM_INVALID_ADDIN_FUNCTION_TABLE,"CSSMERR_CSSM_INVALID_ADDIN_FUNCTION_TABLE"}, - { CSSMERR_CSSM_EMM_AUTHENTICATE_FAILED,"CSSMERR_CSSM_EMM_AUTHENTICATE_FAILED"}, - { CSSMERR_CSSM_ADDIN_AUTHENTICATE_FAILED,"CSSMERR_CSSM_ADDIN_AUTHENTICATE_FAILED"}, - { CSSMERR_CSSM_INVALID_SERVICE_MASK,"CSSMERR_CSSM_INVALID_SERVICE_MASK"}, - { CSSMERR_CSSM_MODULE_NOT_LOADED,"CSSMERR_CSSM_MODULE_NOT_LOADED"}, - { CSSMERR_CSSM_INVALID_SUBSERVICEID,"CSSMERR_CSSM_INVALID_SUBSERVICEID"}, - { CSSMERR_CSSM_BUFFER_TOO_SMALL,"CSSMERR_CSSM_BUFFER_TOO_SMALL"}, - { CSSMERR_CSSM_INVALID_ATTRIBUTE,"CSSMERR_CSSM_INVALID_ATTRIBUTE"}, - { CSSMERR_CSSM_ATTRIBUTE_NOT_IN_CONTEXT,"CSSMERR_CSSM_ATTRIBUTE_NOT_IN_CONTEXT"}, - { CSSMERR_CSSM_MODULE_MANAGER_INITIALIZE_FAIL,"CSSMERR_CSSM_MODULE_MANAGER_INITIALIZE_FAIL"}, - { CSSMERR_CSSM_MODULE_MANAGER_NOT_FOUND,"CSSMERR_CSSM_MODULE_MANAGER_NOT_FOUND"}, - { CSSMERR_CSSM_EVENT_NOTIFICATION_CALLBACK_NOT_FOUND,"CSSMERR_CSSM_EVENT_NOTIFICATION_CALLBACK_NOT_FOUND"}, - { CSSMERR_CSP_INTERNAL_ERROR,"CSSMERR_CSP_INTERNAL_ERROR"}, - { CSSMERR_CSP_MEMORY_ERROR,"CSSMERR_CSP_MEMORY_ERROR"}, - { CSSMERR_CSP_MDS_ERROR,"CSSMERR_CSP_MDS_ERROR"}, - { CSSMERR_CSP_INVALID_POINTER,"CSSMERR_CSP_INVALID_POINTER"}, - { CSSMERR_CSP_INVALID_INPUT_POINTER,"CSSMERR_CSP_INVALID_INPUT_POINTER"}, - { CSSMERR_CSP_INVALID_OUTPUT_POINTER,"CSSMERR_CSP_INVALID_OUTPUT_POINTER"}, - { CSSMERR_CSP_FUNCTION_NOT_IMPLEMENTED,"CSSMERR_CSP_FUNCTION_NOT_IMPLEMENTED"}, - { CSSMERR_CSP_SELF_CHECK_FAILED,"CSSMERR_CSP_SELF_CHECK_FAILED"}, - { CSSMERR_CSP_OS_ACCESS_DENIED,"CSSMERR_CSP_OS_ACCESS_DENIED"}, - { CSSMERR_CSP_FUNCTION_FAILED,"CSSMERR_CSP_FUNCTION_FAILED"}, - { CSSMERR_CSP_OPERATION_AUTH_DENIED,"CSSMERR_CSP_OPERATION_AUTH_DENIED"}, - { CSSMERR_CSP_OBJECT_USE_AUTH_DENIED,"CSSMERR_CSP_OBJECT_USE_AUTH_DENIED"}, - { CSSMERR_CSP_OBJECT_MANIP_AUTH_DENIED,"CSSMERR_CSP_OBJECT_MANIP_AUTH_DENIED"}, - { CSSMERR_CSP_OBJECT_ACL_NOT_SUPPORTED,"CSSMERR_CSP_OBJECT_ACL_NOT_SUPPORTED"}, - { CSSMERR_CSP_OBJECT_ACL_REQUIRED,"CSSMERR_CSP_OBJECT_ACL_REQUIRED"}, - { CSSMERR_CSP_INVALID_ACCESS_CREDENTIALS,"CSSMERR_CSP_INVALID_ACCESS_CREDENTIALS"}, - { CSSMERR_CSP_INVALID_ACL_BASE_CERTS,"CSSMERR_CSP_INVALID_ACL_BASE_CERTS"}, - { CSSMERR_CSP_ACL_BASE_CERTS_NOT_SUPPORTED,"CSSMERR_CSP_ACL_BASE_CERTS_NOT_SUPPORTED"}, - { CSSMERR_CSP_INVALID_SAMPLE_VALUE,"CSSMERR_CSP_INVALID_SAMPLE_VALUE"}, - { CSSMERR_CSP_SAMPLE_VALUE_NOT_SUPPORTED,"CSSMERR_CSP_SAMPLE_VALUE_NOT_SUPPORTED"}, - { CSSMERR_CSP_INVALID_ACL_SUBJECT_VALUE,"CSSMERR_CSP_INVALID_ACL_SUBJECT_VALUE"}, - { CSSMERR_CSP_ACL_SUBJECT_TYPE_NOT_SUPPORTED,"CSSMERR_CSP_ACL_SUBJECT_TYPE_NOT_SUPPORTED"}, - { CSSMERR_CSP_INVALID_ACL_CHALLENGE_CALLBACK,"CSSMERR_CSP_INVALID_ACL_CHALLENGE_CALLBACK"}, - { CSSMERR_CSP_ACL_CHALLENGE_CALLBACK_FAILED,"CSSMERR_CSP_ACL_CHALLENGE_CALLBACK_FAILED"}, - { CSSMERR_CSP_INVALID_ACL_ENTRY_TAG,"CSSMERR_CSP_INVALID_ACL_ENTRY_TAG"}, - { CSSMERR_CSP_ACL_ENTRY_TAG_NOT_FOUND,"CSSMERR_CSP_ACL_ENTRY_TAG_NOT_FOUND"}, - { CSSMERR_CSP_INVALID_ACL_EDIT_MODE,"CSSMERR_CSP_INVALID_ACL_EDIT_MODE"}, - { CSSMERR_CSP_ACL_CHANGE_FAILED,"CSSMERR_CSP_ACL_CHANGE_FAILED"}, - { CSSMERR_CSP_INVALID_NEW_ACL_ENTRY,"CSSMERR_CSP_INVALID_NEW_ACL_ENTRY"}, - { CSSMERR_CSP_INVALID_NEW_ACL_OWNER,"CSSMERR_CSP_INVALID_NEW_ACL_OWNER"}, - { CSSMERR_CSP_ACL_DELETE_FAILED,"CSSMERR_CSP_ACL_DELETE_FAILED"}, - { CSSMERR_CSP_ACL_REPLACE_FAILED,"CSSMERR_CSP_ACL_REPLACE_FAILED"}, - { CSSMERR_CSP_ACL_ADD_FAILED,"CSSMERR_CSP_ACL_ADD_FAILED"}, - { CSSMERR_CSP_INVALID_CONTEXT_HANDLE,"CSSMERR_CSP_INVALID_CONTEXT_HANDLE"}, - { CSSMERR_CSP_PRIVILEGE_NOT_GRANTED,"CSSMERR_CSP_PRIVILEGE_NOT_GRANTED"}, - { CSSMERR_CSP_INVALID_DATA,"CSSMERR_CSP_INVALID_DATA"}, - { CSSMERR_CSP_INVALID_PASSTHROUGH_ID,"CSSMERR_CSP_INVALID_PASSTHROUGH_ID"}, - { CSSMERR_CSP_INVALID_CRYPTO_DATA,"CSSMERR_CSP_INVALID_CRYPTO_DATA"}, - { CSSMERR_CSP_INPUT_LENGTH_ERROR,"CSSMERR_CSP_INPUT_LENGTH_ERROR"}, - { CSSMERR_CSP_OUTPUT_LENGTH_ERROR,"CSSMERR_CSP_OUTPUT_LENGTH_ERROR"}, - { CSSMERR_CSP_PRIVILEGE_NOT_SUPPORTED,"CSSMERR_CSP_PRIVILEGE_NOT_SUPPORTED"}, - { CSSMERR_CSP_DEVICE_ERROR,"CSSMERR_CSP_DEVICE_ERROR"}, - { CSSMERR_CSP_DEVICE_MEMORY_ERROR,"CSSMERR_CSP_DEVICE_MEMORY_ERROR"}, - { CSSMERR_CSP_ATTACH_HANDLE_BUSY,"CSSMERR_CSP_ATTACH_HANDLE_BUSY"}, - { CSSMERR_CSP_NOT_LOGGED_IN,"CSSMERR_CSP_NOT_LOGGED_IN"}, - { CSSMERR_CSP_INVALID_KEY,"CSSMERR_CSP_INVALID_KEY"}, - { CSSMERR_CSP_INVALID_KEY_REFERENCE,"CSSMERR_CSP_INVALID_KEY_REFERENCE"}, - { CSSMERR_CSP_INVALID_KEY_CLASS,"CSSMERR_CSP_INVALID_KEY_CLASS"}, - { CSSMERR_CSP_ALGID_MISMATCH,"CSSMERR_CSP_ALGID_MISMATCH"}, - { CSSMERR_CSP_KEY_USAGE_INCORRECT,"CSSMERR_CSP_KEY_USAGE_INCORRECT"}, - { CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT,"CSSMERR_CSP_KEY_BLOB_TYPE_INCORRECT"}, - { CSSMERR_CSP_KEY_HEADER_INCONSISTENT,"CSSMERR_CSP_KEY_HEADER_INCONSISTENT"}, - { CSSMERR_CSP_UNSUPPORTED_KEY_FORMAT,"CSSMERR_CSP_UNSUPPORTED_KEY_FORMAT"}, - { CSSMERR_CSP_UNSUPPORTED_KEY_SIZE,"CSSMERR_CSP_UNSUPPORTED_KEY_SIZE"}, - { CSSMERR_CSP_INVALID_KEY_POINTER,"CSSMERR_CSP_INVALID_KEY_POINTER"}, - { CSSMERR_CSP_INVALID_KEYUSAGE_MASK,"CSSMERR_CSP_INVALID_KEYUSAGE_MASK"}, - { CSSMERR_CSP_UNSUPPORTED_KEYUSAGE_MASK,"CSSMERR_CSP_UNSUPPORTED_KEYUSAGE_MASK"}, - { CSSMERR_CSP_INVALID_KEYATTR_MASK,"CSSMERR_CSP_INVALID_KEYATTR_MASK"}, - { CSSMERR_CSP_UNSUPPORTED_KEYATTR_MASK,"CSSMERR_CSP_UNSUPPORTED_KEYATTR_MASK"}, - { CSSMERR_CSP_INVALID_KEY_LABEL,"CSSMERR_CSP_INVALID_KEY_LABEL"}, - { CSSMERR_CSP_UNSUPPORTED_KEY_LABEL,"CSSMERR_CSP_UNSUPPORTED_KEY_LABEL"}, - { CSSMERR_CSP_INVALID_KEY_FORMAT,"CSSMERR_CSP_INVALID_KEY_FORMAT"}, - { CSSMERR_CSP_INVALID_DATA_COUNT,"CSSMERR_CSP_INVALID_DATA_COUNT"}, - { CSSMERR_CSP_VECTOR_OF_BUFS_UNSUPPORTED,"CSSMERR_CSP_VECTOR_OF_BUFS_UNSUPPORTED"}, - { CSSMERR_CSP_INVALID_INPUT_VECTOR,"CSSMERR_CSP_INVALID_INPUT_VECTOR"}, - { CSSMERR_CSP_INVALID_OUTPUT_VECTOR,"CSSMERR_CSP_INVALID_OUTPUT_VECTOR"}, - { CSSMERR_CSP_INVALID_CONTEXT,"CSSMERR_CSP_INVALID_CONTEXT"}, - { CSSMERR_CSP_INVALID_ALGORITHM,"CSSMERR_CSP_INVALID_ALGORITHM"}, - { CSSMERR_CSP_INVALID_ATTR_KEY,"CSSMERR_CSP_INVALID_ATTR_KEY"}, - { CSSMERR_CSP_MISSING_ATTR_KEY,"CSSMERR_CSP_MISSING_ATTR_KEY"}, - { CSSMERR_CSP_INVALID_ATTR_INIT_VECTOR,"CSSMERR_CSP_INVALID_ATTR_INIT_VECTOR"}, - { CSSMERR_CSP_MISSING_ATTR_INIT_VECTOR,"CSSMERR_CSP_MISSING_ATTR_INIT_VECTOR"}, - { CSSMERR_CSP_INVALID_ATTR_SALT,"CSSMERR_CSP_INVALID_ATTR_SALT"}, - { CSSMERR_CSP_MISSING_ATTR_SALT,"CSSMERR_CSP_MISSING_ATTR_SALT"}, - { CSSMERR_CSP_INVALID_ATTR_PADDING,"CSSMERR_CSP_INVALID_ATTR_PADDING"}, - { CSSMERR_CSP_MISSING_ATTR_PADDING,"CSSMERR_CSP_MISSING_ATTR_PADDING"}, - { CSSMERR_CSP_INVALID_ATTR_RANDOM,"CSSMERR_CSP_INVALID_ATTR_RANDOM"}, - { CSSMERR_CSP_MISSING_ATTR_RANDOM,"CSSMERR_CSP_MISSING_ATTR_RANDOM"}, - { CSSMERR_CSP_INVALID_ATTR_SEED,"CSSMERR_CSP_INVALID_ATTR_SEED"}, - { CSSMERR_CSP_MISSING_ATTR_SEED,"CSSMERR_CSP_MISSING_ATTR_SEED"}, - { CSSMERR_CSP_INVALID_ATTR_PASSPHRASE,"CSSMERR_CSP_INVALID_ATTR_PASSPHRASE"}, - { CSSMERR_CSP_MISSING_ATTR_PASSPHRASE,"CSSMERR_CSP_MISSING_ATTR_PASSPHRASE"}, - { CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH,"CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH"}, - { CSSMERR_CSP_MISSING_ATTR_KEY_LENGTH,"CSSMERR_CSP_MISSING_ATTR_KEY_LENGTH"}, - { CSSMERR_CSP_INVALID_ATTR_BLOCK_SIZE,"CSSMERR_CSP_INVALID_ATTR_BLOCK_SIZE"}, - { CSSMERR_CSP_MISSING_ATTR_BLOCK_SIZE,"CSSMERR_CSP_MISSING_ATTR_BLOCK_SIZE"}, - { CSSMERR_CSP_INVALID_ATTR_OUTPUT_SIZE,"CSSMERR_CSP_INVALID_ATTR_OUTPUT_SIZE"}, - { CSSMERR_CSP_MISSING_ATTR_OUTPUT_SIZE,"CSSMERR_CSP_MISSING_ATTR_OUTPUT_SIZE"}, - { CSSMERR_CSP_INVALID_ATTR_ROUNDS,"CSSMERR_CSP_INVALID_ATTR_ROUNDS"}, - { CSSMERR_CSP_MISSING_ATTR_ROUNDS,"CSSMERR_CSP_MISSING_ATTR_ROUNDS"}, - { CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS,"CSSMERR_CSP_INVALID_ATTR_ALG_PARAMS"}, - { CSSMERR_CSP_MISSING_ATTR_ALG_PARAMS,"CSSMERR_CSP_MISSING_ATTR_ALG_PARAMS"}, - { CSSMERR_CSP_INVALID_ATTR_LABEL,"CSSMERR_CSP_INVALID_ATTR_LABEL"}, - { CSSMERR_CSP_MISSING_ATTR_LABEL,"CSSMERR_CSP_MISSING_ATTR_LABEL"}, - { CSSMERR_CSP_INVALID_ATTR_KEY_TYPE,"CSSMERR_CSP_INVALID_ATTR_KEY_TYPE"}, - { CSSMERR_CSP_MISSING_ATTR_KEY_TYPE,"CSSMERR_CSP_MISSING_ATTR_KEY_TYPE"}, - { CSSMERR_CSP_INVALID_ATTR_MODE,"CSSMERR_CSP_INVALID_ATTR_MODE"}, - { CSSMERR_CSP_MISSING_ATTR_MODE,"CSSMERR_CSP_MISSING_ATTR_MODE"}, - { CSSMERR_CSP_INVALID_ATTR_EFFECTIVE_BITS,"CSSMERR_CSP_INVALID_ATTR_EFFECTIVE_BITS"}, - { CSSMERR_CSP_MISSING_ATTR_EFFECTIVE_BITS,"CSSMERR_CSP_MISSING_ATTR_EFFECTIVE_BITS"}, - { CSSMERR_CSP_INVALID_ATTR_START_DATE,"CSSMERR_CSP_INVALID_ATTR_START_DATE"}, - { CSSMERR_CSP_MISSING_ATTR_START_DATE,"CSSMERR_CSP_MISSING_ATTR_START_DATE"}, - { CSSMERR_CSP_INVALID_ATTR_END_DATE,"CSSMERR_CSP_INVALID_ATTR_END_DATE"}, - { CSSMERR_CSP_MISSING_ATTR_END_DATE,"CSSMERR_CSP_MISSING_ATTR_END_DATE"}, - { CSSMERR_CSP_INVALID_ATTR_VERSION,"CSSMERR_CSP_INVALID_ATTR_VERSION"}, - { CSSMERR_CSP_MISSING_ATTR_VERSION,"CSSMERR_CSP_MISSING_ATTR_VERSION"}, - { CSSMERR_CSP_INVALID_ATTR_PRIME,"CSSMERR_CSP_INVALID_ATTR_PRIME"}, - { CSSMERR_CSP_MISSING_ATTR_PRIME,"CSSMERR_CSP_MISSING_ATTR_PRIME"}, - { CSSMERR_CSP_INVALID_ATTR_BASE,"CSSMERR_CSP_INVALID_ATTR_BASE"}, - { CSSMERR_CSP_MISSING_ATTR_BASE,"CSSMERR_CSP_MISSING_ATTR_BASE"}, - { CSSMERR_CSP_INVALID_ATTR_SUBPRIME,"CSSMERR_CSP_INVALID_ATTR_SUBPRIME"}, - { CSSMERR_CSP_MISSING_ATTR_SUBPRIME,"CSSMERR_CSP_MISSING_ATTR_SUBPRIME"}, - { CSSMERR_CSP_INVALID_ATTR_ITERATION_COUNT,"CSSMERR_CSP_INVALID_ATTR_ITERATION_COUNT"}, - { CSSMERR_CSP_MISSING_ATTR_ITERATION_COUNT,"CSSMERR_CSP_MISSING_ATTR_ITERATION_COUNT"}, - { CSSMERR_CSP_INVALID_ATTR_DL_DB_HANDLE,"CSSMERR_CSP_INVALID_ATTR_DL_DB_HANDLE"}, - { CSSMERR_CSP_MISSING_ATTR_DL_DB_HANDLE,"CSSMERR_CSP_MISSING_ATTR_DL_DB_HANDLE"}, - { CSSMERR_CSP_INVALID_ATTR_ACCESS_CREDENTIALS,"CSSMERR_CSP_INVALID_ATTR_ACCESS_CREDENTIALS"}, - { CSSMERR_CSP_MISSING_ATTR_ACCESS_CREDENTIALS,"CSSMERR_CSP_MISSING_ATTR_ACCESS_CREDENTIALS"}, - { CSSMERR_CSP_INVALID_ATTR_PUBLIC_KEY_FORMAT,"CSSMERR_CSP_INVALID_ATTR_PUBLIC_KEY_FORMAT"}, - { CSSMERR_CSP_MISSING_ATTR_PUBLIC_KEY_FORMAT,"CSSMERR_CSP_MISSING_ATTR_PUBLIC_KEY_FORMAT"}, - { CSSMERR_CSP_INVALID_ATTR_PRIVATE_KEY_FORMAT,"CSSMERR_CSP_INVALID_ATTR_PRIVATE_KEY_FORMAT"}, - { CSSMERR_CSP_MISSING_ATTR_PRIVATE_KEY_FORMAT,"CSSMERR_CSP_MISSING_ATTR_PRIVATE_KEY_FORMAT"}, - { CSSMERR_CSP_INVALID_ATTR_SYMMETRIC_KEY_FORMAT,"CSSMERR_CSP_INVALID_ATTR_SYMMETRIC_KEY_FORMAT"}, - { CSSMERR_CSP_MISSING_ATTR_SYMMETRIC_KEY_FORMAT,"CSSMERR_CSP_MISSING_ATTR_SYMMETRIC_KEY_FORMAT"}, - { CSSMERR_CSP_INVALID_ATTR_WRAPPED_KEY_FORMAT,"CSSMERR_CSP_INVALID_ATTR_WRAPPED_KEY_FORMAT"}, - { CSSMERR_CSP_MISSING_ATTR_WRAPPED_KEY_FORMAT,"CSSMERR_CSP_MISSING_ATTR_WRAPPED_KEY_FORMAT"}, - { CSSMERR_CSP_STAGED_OPERATION_IN_PROGRESS,"CSSMERR_CSP_STAGED_OPERATION_IN_PROGRESS"}, - { CSSMERR_CSP_STAGED_OPERATION_NOT_STARTED,"CSSMERR_CSP_STAGED_OPERATION_NOT_STARTED"}, - { CSSMERR_CSP_VERIFY_FAILED,"CSSMERR_CSP_VERIFY_FAILED"}, - { CSSMERR_CSP_INVALID_SIGNATURE,"CSSMERR_CSP_INVALID_SIGNATURE"}, - { CSSMERR_CSP_QUERY_SIZE_UNKNOWN,"CSSMERR_CSP_QUERY_SIZE_UNKNOWN"}, - { CSSMERR_CSP_BLOCK_SIZE_MISMATCH,"CSSMERR_CSP_BLOCK_SIZE_MISMATCH"}, - { CSSMERR_CSP_PRIVATE_KEY_NOT_FOUND,"CSSMERR_CSP_PRIVATE_KEY_NOT_FOUND"}, - { CSSMERR_CSP_PUBLIC_KEY_INCONSISTENT,"CSSMERR_CSP_PUBLIC_KEY_INCONSISTENT"}, - { CSSMERR_CSP_DEVICE_VERIFY_FAILED,"CSSMERR_CSP_DEVICE_VERIFY_FAILED"}, - { CSSMERR_CSP_INVALID_LOGIN_NAME,"CSSMERR_CSP_INVALID_LOGIN_NAME"}, - { CSSMERR_CSP_ALREADY_LOGGED_IN,"CSSMERR_CSP_ALREADY_LOGGED_IN"}, - { CSSMERR_CSP_PRIVATE_KEY_ALREADY_EXISTS,"CSSMERR_CSP_PRIVATE_KEY_ALREADY_EXISTS"}, - { CSSMERR_CSP_KEY_LABEL_ALREADY_EXISTS,"CSSMERR_CSP_KEY_LABEL_ALREADY_EXISTS"}, - { CSSMERR_CSP_INVALID_DIGEST_ALGORITHM,"CSSMERR_CSP_INVALID_DIGEST_ALGORITHM"}, - { CSSMERR_CSP_CRYPTO_DATA_CALLBACK_FAILED,"CSSMERR_CSP_CRYPTO_DATA_CALLBACK_FAILED"}, - { CSSMERR_TP_INTERNAL_ERROR,"CSSMERR_TP_INTERNAL_ERROR"}, - { CSSMERR_TP_MEMORY_ERROR,"CSSMERR_TP_MEMORY_ERROR"}, - { CSSMERR_TP_MDS_ERROR,"CSSMERR_TP_MDS_ERROR"}, - { CSSMERR_TP_INVALID_POINTER,"CSSMERR_TP_INVALID_POINTER"}, - { CSSMERR_TP_INVALID_INPUT_POINTER,"CSSMERR_TP_INVALID_INPUT_POINTER"}, - { CSSMERR_TP_INVALID_OUTPUT_POINTER,"CSSMERR_TP_INVALID_OUTPUT_POINTER"}, - { CSSMERR_TP_FUNCTION_NOT_IMPLEMENTED,"CSSMERR_TP_FUNCTION_NOT_IMPLEMENTED"}, - { CSSMERR_TP_SELF_CHECK_FAILED,"CSSMERR_TP_SELF_CHECK_FAILED"}, - { CSSMERR_TP_OS_ACCESS_DENIED,"CSSMERR_TP_OS_ACCESS_DENIED"}, - { CSSMERR_TP_FUNCTION_FAILED,"CSSMERR_TP_FUNCTION_FAILED"}, - { CSSMERR_TP_INVALID_CONTEXT_HANDLE,"CSSMERR_TP_INVALID_CONTEXT_HANDLE"}, - { CSSMERR_TP_INVALID_DATA,"CSSMERR_TP_INVALID_DATA"}, - { CSSMERR_TP_INVALID_DB_LIST,"CSSMERR_TP_INVALID_DB_LIST"}, - { CSSMERR_TP_INVALID_CERTGROUP_POINTER,"CSSMERR_TP_INVALID_CERTGROUP_POINTER"}, - { CSSMERR_TP_INVALID_CERT_POINTER,"CSSMERR_TP_INVALID_CERT_POINTER"}, - { CSSMERR_TP_INVALID_CRL_POINTER,"CSSMERR_TP_INVALID_CRL_POINTER"}, - { CSSMERR_TP_INVALID_FIELD_POINTER,"CSSMERR_TP_INVALID_FIELD_POINTER"}, - { CSSMERR_TP_INVALID_NETWORK_ADDR,"CSSMERR_TP_INVALID_NETWORK_ADDR"}, - { CSSMERR_TP_CRL_ALREADY_SIGNED,"CSSMERR_TP_CRL_ALREADY_SIGNED"}, - { CSSMERR_TP_INVALID_NUMBER_OF_FIELDS,"CSSMERR_TP_INVALID_NUMBER_OF_FIELDS"}, - { CSSMERR_TP_VERIFICATION_FAILURE,"CSSMERR_TP_VERIFICATION_FAILURE"}, - { CSSMERR_TP_INVALID_DB_HANDLE,"CSSMERR_TP_INVALID_DB_HANDLE"}, - { CSSMERR_TP_UNKNOWN_FORMAT,"CSSMERR_TP_UNKNOWN_FORMAT"}, - { CSSMERR_TP_UNKNOWN_TAG,"CSSMERR_TP_UNKNOWN_TAG"}, - { CSSMERR_TP_INVALID_PASSTHROUGH_ID,"CSSMERR_TP_INVALID_PASSTHROUGH_ID"}, - { CSSMERR_TP_INVALID_CSP_HANDLE,"CSSMERR_TP_INVALID_CSP_HANDLE"}, - { CSSMERR_TP_INVALID_DL_HANDLE,"CSSMERR_TP_INVALID_DL_HANDLE"}, - { CSSMERR_TP_INVALID_CL_HANDLE,"CSSMERR_TP_INVALID_CL_HANDLE"}, - { CSSMERR_TP_INVALID_DB_LIST_POINTER,"CSSMERR_TP_INVALID_DB_LIST_POINTER"}, - { CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER,"CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER"}, - { CSSMERR_TP_INVALID_IDENTIFIER_POINTER,"CSSMERR_TP_INVALID_IDENTIFIER_POINTER"}, - { CSSMERR_TP_INVALID_KEYCACHE_HANDLE,"CSSMERR_TP_INVALID_KEYCACHE_HANDLE"}, - { CSSMERR_TP_INVALID_CERTGROUP,"CSSMERR_TP_INVALID_CERTGROUP"}, - { CSSMERR_TP_INVALID_CRLGROUP,"CSSMERR_TP_INVALID_CRLGROUP"}, - { CSSMERR_TP_INVALID_CRLGROUP_POINTER,"CSSMERR_TP_INVALID_CRLGROUP_POINTER"}, - { CSSMERR_TP_AUTHENTICATION_FAILED,"CSSMERR_TP_AUTHENTICATION_FAILED"}, - { CSSMERR_TP_CERTGROUP_INCOMPLETE,"CSSMERR_TP_CERTGROUP_INCOMPLETE"}, - { CSSMERR_TP_CERTIFICATE_CANT_OPERATE,"CSSMERR_TP_CERTIFICATE_CANT_OPERATE"}, - { CSSMERR_TP_CERT_EXPIRED,"CSSMERR_TP_CERT_EXPIRED"}, - { CSSMERR_TP_CERT_NOT_VALID_YET,"CSSMERR_TP_CERT_NOT_VALID_YET"}, - { CSSMERR_TP_CERT_REVOKED,"CSSMERR_TP_CERT_REVOKED"}, - { CSSMERR_TP_CERT_SUSPENDED,"CSSMERR_TP_CERT_SUSPENDED"}, - { CSSMERR_TP_INSUFFICIENT_CREDENTIALS,"CSSMERR_TP_INSUFFICIENT_CREDENTIALS"}, - { CSSMERR_TP_INVALID_ACTION,"CSSMERR_TP_INVALID_ACTION"}, - { CSSMERR_TP_INVALID_ACTION_DATA,"CSSMERR_TP_INVALID_ACTION_DATA"}, - { CSSMERR_TP_INVALID_ANCHOR_CERT,"CSSMERR_TP_INVALID_ANCHOR_CERT"}, - { CSSMERR_TP_INVALID_AUTHORITY,"CSSMERR_TP_INVALID_AUTHORITY"}, - { CSSMERR_TP_VERIFY_ACTION_FAILED,"CSSMERR_TP_VERIFY_ACTION_FAILED"}, - { CSSMERR_TP_INVALID_CERTIFICATE,"CSSMERR_TP_INVALID_CERTIFICATE"}, - { CSSMERR_TP_INVALID_CERT_AUTHORITY,"CSSMERR_TP_INVALID_CERT_AUTHORITY"}, - { CSSMERR_TP_INVALID_CRL_AUTHORITY,"CSSMERR_TP_INVALID_CRL_AUTHORITY"}, - { CSSMERR_TP_INVALID_CRL_ENCODING,"CSSMERR_TP_INVALID_CRL_ENCODING"}, - { CSSMERR_TP_INVALID_CRL_TYPE,"CSSMERR_TP_INVALID_CRL_TYPE"}, - { CSSMERR_TP_INVALID_CRL,"CSSMERR_TP_INVALID_CRL"}, - { CSSMERR_TP_INVALID_FORM_TYPE,"CSSMERR_TP_INVALID_FORM_TYPE"}, - { CSSMERR_TP_INVALID_ID,"CSSMERR_TP_INVALID_ID"}, - { CSSMERR_TP_INVALID_IDENTIFIER,"CSSMERR_TP_INVALID_IDENTIFIER"}, - { CSSMERR_TP_INVALID_INDEX,"CSSMERR_TP_INVALID_INDEX"}, - { CSSMERR_TP_INVALID_NAME,"CSSMERR_TP_INVALID_NAME"}, - { CSSMERR_TP_INVALID_POLICY_IDENTIFIERS,"CSSMERR_TP_INVALID_POLICY_IDENTIFIERS"}, - { CSSMERR_TP_INVALID_TIMESTRING,"CSSMERR_TP_INVALID_TIMESTRING"}, - { CSSMERR_TP_INVALID_REASON,"CSSMERR_TP_INVALID_REASON"}, - { CSSMERR_TP_INVALID_REQUEST_INPUTS,"CSSMERR_TP_INVALID_REQUEST_INPUTS"}, - { CSSMERR_TP_INVALID_RESPONSE_VECTOR,"CSSMERR_TP_INVALID_RESPONSE_VECTOR"}, - { CSSMERR_TP_INVALID_SIGNATURE,"CSSMERR_TP_INVALID_SIGNATURE"}, - { CSSMERR_TP_INVALID_STOP_ON_POLICY,"CSSMERR_TP_INVALID_STOP_ON_POLICY"}, - { CSSMERR_TP_INVALID_CALLBACK,"CSSMERR_TP_INVALID_CALLBACK"}, - { CSSMERR_TP_INVALID_TUPLE,"CSSMERR_TP_INVALID_TUPLE"}, - { CSSMERR_TP_NOT_SIGNER,"CSSMERR_TP_NOT_SIGNER"}, - { CSSMERR_TP_NOT_TRUSTED,"CSSMERR_TP_NOT_TRUSTED"}, - { CSSMERR_TP_NO_DEFAULT_AUTHORITY,"CSSMERR_TP_NO_DEFAULT_AUTHORITY"}, - { CSSMERR_TP_REJECTED_FORM,"CSSMERR_TP_REJECTED_FORM"}, - { CSSMERR_TP_REQUEST_LOST,"CSSMERR_TP_REQUEST_LOST"}, - { CSSMERR_TP_REQUEST_REJECTED,"CSSMERR_TP_REQUEST_REJECTED"}, - { CSSMERR_TP_UNSUPPORTED_ADDR_TYPE,"CSSMERR_TP_UNSUPPORTED_ADDR_TYPE"}, - { CSSMERR_TP_UNSUPPORTED_SERVICE,"CSSMERR_TP_UNSUPPORTED_SERVICE"}, - { CSSMERR_TP_INVALID_TUPLEGROUP_POINTER,"CSSMERR_TP_INVALID_TUPLEGROUP_POINTER"}, - { CSSMERR_TP_INVALID_TUPLEGROUP,"CSSMERR_TP_INVALID_TUPLEGROUP"}, - { CSSMERR_AC_INTERNAL_ERROR,"CSSMERR_AC_INTERNAL_ERROR"}, - { CSSMERR_AC_MEMORY_ERROR,"CSSMERR_AC_MEMORY_ERROR"}, - { CSSMERR_AC_MDS_ERROR,"CSSMERR_AC_MDS_ERROR"}, - { CSSMERR_AC_INVALID_POINTER,"CSSMERR_AC_INVALID_POINTER"}, - { CSSMERR_AC_INVALID_INPUT_POINTER,"CSSMERR_AC_INVALID_INPUT_POINTER"}, - { CSSMERR_AC_INVALID_OUTPUT_POINTER,"CSSMERR_AC_INVALID_OUTPUT_POINTER"}, - { CSSMERR_AC_FUNCTION_NOT_IMPLEMENTED,"CSSMERR_AC_FUNCTION_NOT_IMPLEMENTED"}, - { CSSMERR_AC_SELF_CHECK_FAILED,"CSSMERR_AC_SELF_CHECK_FAILED"}, - { CSSMERR_AC_OS_ACCESS_DENIED,"CSSMERR_AC_OS_ACCESS_DENIED"}, - { CSSMERR_AC_FUNCTION_FAILED,"CSSMERR_AC_FUNCTION_FAILED"}, - { CSSMERR_AC_INVALID_CONTEXT_HANDLE,"CSSMERR_AC_INVALID_CONTEXT_HANDLE"}, - { CSSMERR_AC_INVALID_DATA,"CSSMERR_AC_INVALID_DATA"}, - { CSSMERR_AC_INVALID_DB_LIST,"CSSMERR_AC_INVALID_DB_LIST"}, - { CSSMERR_AC_INVALID_PASSTHROUGH_ID,"CSSMERR_AC_INVALID_PASSTHROUGH_ID"}, - { CSSMERR_AC_INVALID_DL_HANDLE,"CSSMERR_AC_INVALID_DL_HANDLE"}, - { CSSMERR_AC_INVALID_CL_HANDLE,"CSSMERR_AC_INVALID_CL_HANDLE"}, - { CSSMERR_AC_INVALID_TP_HANDLE,"CSSMERR_AC_INVALID_TP_HANDLE"}, - { CSSMERR_AC_INVALID_DB_HANDLE,"CSSMERR_AC_INVALID_DB_HANDLE"}, - { CSSMERR_AC_INVALID_DB_LIST_POINTER,"CSSMERR_AC_INVALID_DB_LIST_POINTER"}, - { CSSMERR_AC_INVALID_BASE_ACLS,"CSSMERR_AC_INVALID_BASE_ACLS"}, - { CSSMERR_AC_INVALID_TUPLE_CREDENTIALS,"CSSMERR_AC_INVALID_TUPLE_CREDENTIALS"}, - { CSSMERR_AC_INVALID_ENCODING,"CSSMERR_AC_INVALID_ENCODING"}, - { CSSMERR_AC_INVALID_VALIDITY_PERIOD,"CSSMERR_AC_INVALID_VALIDITY_PERIOD"}, - { CSSMERR_AC_INVALID_REQUESTOR,"CSSMERR_AC_INVALID_REQUESTOR"}, - { CSSMERR_AC_INVALID_REQUEST_DESCRIPTOR,"CSSMERR_AC_INVALID_REQUEST_DESCRIPTOR"}, - { CSSMERR_CL_INTERNAL_ERROR,"CSSMERR_CL_INTERNAL_ERROR"}, - { CSSMERR_CL_MEMORY_ERROR,"CSSMERR_CL_MEMORY_ERROR"}, - { CSSMERR_CL_MDS_ERROR,"CSSMERR_CL_MDS_ERROR"}, - { CSSMERR_CL_INVALID_POINTER,"CSSMERR_CL_INVALID_POINTER"}, - { CSSMERR_CL_INVALID_INPUT_POINTER,"CSSMERR_CL_INVALID_INPUT_POINTER"}, - { CSSMERR_CL_INVALID_OUTPUT_POINTER,"CSSMERR_CL_INVALID_OUTPUT_POINTER"}, - { CSSMERR_CL_FUNCTION_NOT_IMPLEMENTED,"CSSMERR_CL_FUNCTION_NOT_IMPLEMENTED"}, - { CSSMERR_CL_SELF_CHECK_FAILED,"CSSMERR_CL_SELF_CHECK_FAILED"}, - { CSSMERR_CL_OS_ACCESS_DENIED,"CSSMERR_CL_OS_ACCESS_DENIED"}, - { CSSMERR_CL_FUNCTION_FAILED,"CSSMERR_CL_FUNCTION_FAILED"}, - { CSSMERR_CL_INVALID_CONTEXT_HANDLE,"CSSMERR_CL_INVALID_CONTEXT_HANDLE"}, - { CSSMERR_CL_INVALID_CERTGROUP_POINTER,"CSSMERR_CL_INVALID_CERTGROUP_POINTER"}, - { CSSMERR_CL_INVALID_CERT_POINTER,"CSSMERR_CL_INVALID_CERT_POINTER"}, - { CSSMERR_CL_INVALID_CRL_POINTER,"CSSMERR_CL_INVALID_CRL_POINTER"}, - { CSSMERR_CL_INVALID_FIELD_POINTER,"CSSMERR_CL_INVALID_FIELD_POINTER"}, - { CSSMERR_CL_INVALID_DATA,"CSSMERR_CL_INVALID_DATA"}, - { CSSMERR_CL_CRL_ALREADY_SIGNED,"CSSMERR_CL_CRL_ALREADY_SIGNED"}, - { CSSMERR_CL_INVALID_NUMBER_OF_FIELDS,"CSSMERR_CL_INVALID_NUMBER_OF_FIELDS"}, - { CSSMERR_CL_VERIFICATION_FAILURE,"CSSMERR_CL_VERIFICATION_FAILURE"}, - { CSSMERR_CL_UNKNOWN_FORMAT,"CSSMERR_CL_UNKNOWN_FORMAT"}, - { CSSMERR_CL_UNKNOWN_TAG,"CSSMERR_CL_UNKNOWN_TAG"}, - { CSSMERR_CL_INVALID_PASSTHROUGH_ID,"CSSMERR_CL_INVALID_PASSTHROUGH_ID"}, - { CSSMERR_CL_INVALID_BUNDLE_POINTER,"CSSMERR_CL_INVALID_BUNDLE_POINTER"}, - { CSSMERR_CL_INVALID_CACHE_HANDLE,"CSSMERR_CL_INVALID_CACHE_HANDLE"}, - { CSSMERR_CL_INVALID_RESULTS_HANDLE,"CSSMERR_CL_INVALID_RESULTS_HANDLE"}, - { CSSMERR_CL_INVALID_BUNDLE_INFO,"CSSMERR_CL_INVALID_BUNDLE_INFO"}, - { CSSMERR_CL_INVALID_CRL_INDEX,"CSSMERR_CL_INVALID_CRL_INDEX"}, - { CSSMERR_CL_INVALID_SCOPE,"CSSMERR_CL_INVALID_SCOPE"}, - { CSSMERR_CL_NO_FIELD_VALUES,"CSSMERR_CL_NO_FIELD_VALUES"}, - { CSSMERR_CL_SCOPE_NOT_SUPPORTED,"CSSMERR_CL_SCOPE_NOT_SUPPORTED"}, - { CSSMERR_DL_INTERNAL_ERROR,"CSSMERR_DL_INTERNAL_ERROR"}, - { CSSMERR_DL_MEMORY_ERROR,"CSSMERR_DL_MEMORY_ERROR"}, - { CSSMERR_DL_MDS_ERROR,"CSSMERR_DL_MDS_ERROR"}, - { CSSMERR_DL_INVALID_POINTER,"CSSMERR_DL_INVALID_POINTER"}, - { CSSMERR_DL_INVALID_INPUT_POINTER,"CSSMERR_DL_INVALID_INPUT_POINTER"}, - { CSSMERR_DL_INVALID_OUTPUT_POINTER,"CSSMERR_DL_INVALID_OUTPUT_POINTER"}, - { CSSMERR_DL_FUNCTION_NOT_IMPLEMENTED,"CSSMERR_DL_FUNCTION_NOT_IMPLEMENTED"}, - { CSSMERR_DL_SELF_CHECK_FAILED,"CSSMERR_DL_SELF_CHECK_FAILED"}, - { CSSMERR_DL_OS_ACCESS_DENIED,"CSSMERR_DL_OS_ACCESS_DENIED"}, - { CSSMERR_DL_FUNCTION_FAILED,"CSSMERR_DL_FUNCTION_FAILED"}, - { CSSMERR_DL_INVALID_CSP_HANDLE,"CSSMERR_DL_INVALID_CSP_HANDLE"}, - { CSSMERR_DL_INVALID_DL_HANDLE,"CSSMERR_DL_INVALID_DL_HANDLE"}, - { CSSMERR_DL_INVALID_CL_HANDLE,"CSSMERR_DL_INVALID_CL_HANDLE"}, - { CSSMERR_DL_INVALID_DB_LIST_POINTER,"CSSMERR_DL_INVALID_DB_LIST_POINTER"}, - { CSSMERR_DL_OPERATION_AUTH_DENIED,"CSSMERR_DL_OPERATION_AUTH_DENIED"}, - { CSSMERR_DL_OBJECT_USE_AUTH_DENIED,"CSSMERR_DL_OBJECT_USE_AUTH_DENIED"}, - { CSSMERR_DL_OBJECT_MANIP_AUTH_DENIED,"CSSMERR_DL_OBJECT_MANIP_AUTH_DENIED"}, - { CSSMERR_DL_OBJECT_ACL_NOT_SUPPORTED,"CSSMERR_DL_OBJECT_ACL_NOT_SUPPORTED"}, - { CSSMERR_DL_OBJECT_ACL_REQUIRED,"CSSMERR_DL_OBJECT_ACL_REQUIRED"}, - { CSSMERR_DL_INVALID_ACCESS_CREDENTIALS,"CSSMERR_DL_INVALID_ACCESS_CREDENTIALS"}, - { CSSMERR_DL_INVALID_ACL_BASE_CERTS,"CSSMERR_DL_INVALID_ACL_BASE_CERTS"}, - { CSSMERR_DL_ACL_BASE_CERTS_NOT_SUPPORTED,"CSSMERR_DL_ACL_BASE_CERTS_NOT_SUPPORTED"}, - { CSSMERR_DL_INVALID_SAMPLE_VALUE,"CSSMERR_DL_INVALID_SAMPLE_VALUE"}, - { CSSMERR_DL_SAMPLE_VALUE_NOT_SUPPORTED,"CSSMERR_DL_SAMPLE_VALUE_NOT_SUPPORTED"}, - { CSSMERR_DL_INVALID_ACL_SUBJECT_VALUE,"CSSMERR_DL_INVALID_ACL_SUBJECT_VALUE"}, - { CSSMERR_DL_ACL_SUBJECT_TYPE_NOT_SUPPORTED,"CSSMERR_DL_ACL_SUBJECT_TYPE_NOT_SUPPORTED"}, - { CSSMERR_DL_INVALID_ACL_CHALLENGE_CALLBACK,"CSSMERR_DL_INVALID_ACL_CHALLENGE_CALLBACK"}, - { CSSMERR_DL_ACL_CHALLENGE_CALLBACK_FAILED,"CSSMERR_DL_ACL_CHALLENGE_CALLBACK_FAILED"}, - { CSSMERR_DL_INVALID_ACL_ENTRY_TAG,"CSSMERR_DL_INVALID_ACL_ENTRY_TAG"}, - { CSSMERR_DL_ACL_ENTRY_TAG_NOT_FOUND,"CSSMERR_DL_ACL_ENTRY_TAG_NOT_FOUND"}, - { CSSMERR_DL_INVALID_ACL_EDIT_MODE,"CSSMERR_DL_INVALID_ACL_EDIT_MODE"}, - { CSSMERR_DL_ACL_CHANGE_FAILED,"CSSMERR_DL_ACL_CHANGE_FAILED"}, - { CSSMERR_DL_INVALID_NEW_ACL_ENTRY,"CSSMERR_DL_INVALID_NEW_ACL_ENTRY"}, - { CSSMERR_DL_INVALID_NEW_ACL_OWNER,"CSSMERR_DL_INVALID_NEW_ACL_OWNER"}, - { CSSMERR_DL_ACL_DELETE_FAILED,"CSSMERR_DL_ACL_DELETE_FAILED"}, - { CSSMERR_DL_ACL_REPLACE_FAILED,"CSSMERR_DL_ACL_REPLACE_FAILED"}, - { CSSMERR_DL_ACL_ADD_FAILED,"CSSMERR_DL_ACL_ADD_FAILED"}, - { CSSMERR_DL_INVALID_DB_HANDLE,"CSSMERR_DL_INVALID_DB_HANDLE"}, - { CSSMERR_DL_INVALID_PASSTHROUGH_ID,"CSSMERR_DL_INVALID_PASSTHROUGH_ID"}, - { CSSMERR_DL_INVALID_NETWORK_ADDR,"CSSMERR_DL_INVALID_NETWORK_ADDR"}, - { CSSMERR_DL_DATABASE_CORRUPT,"CSSMERR_DL_DATABASE_CORRUPT"}, - { CSSMERR_DL_INVALID_RECORD_INDEX,"CSSMERR_DL_INVALID_RECORD_INDEX"}, - { CSSMERR_DL_INVALID_RECORDTYPE,"CSSMERR_DL_INVALID_RECORDTYPE"}, - { CSSMERR_DL_INVALID_FIELD_NAME,"CSSMERR_DL_INVALID_FIELD_NAME"}, - { CSSMERR_DL_UNSUPPORTED_FIELD_FORMAT,"CSSMERR_DL_UNSUPPORTED_FIELD_FORMAT"}, - { CSSMERR_DL_UNSUPPORTED_INDEX_INFO,"CSSMERR_DL_UNSUPPORTED_INDEX_INFO"}, - { CSSMERR_DL_UNSUPPORTED_LOCALITY,"CSSMERR_DL_UNSUPPORTED_LOCALITY"}, - { CSSMERR_DL_UNSUPPORTED_NUM_ATTRIBUTES,"CSSMERR_DL_UNSUPPORTED_NUM_ATTRIBUTES"}, - { CSSMERR_DL_UNSUPPORTED_NUM_INDEXES,"CSSMERR_DL_UNSUPPORTED_NUM_INDEXES"}, - { CSSMERR_DL_UNSUPPORTED_NUM_RECORDTYPES,"CSSMERR_DL_UNSUPPORTED_NUM_RECORDTYPES"}, - { CSSMERR_DL_UNSUPPORTED_RECORDTYPE,"CSSMERR_DL_UNSUPPORTED_RECORDTYPE"}, - { CSSMERR_DL_FIELD_SPECIFIED_MULTIPLE,"CSSMERR_DL_FIELD_SPECIFIED_MULTIPLE"}, - { CSSMERR_DL_INCOMPATIBLE_FIELD_FORMAT,"CSSMERR_DL_INCOMPATIBLE_FIELD_FORMAT"}, - { CSSMERR_DL_INVALID_PARSING_MODULE,"CSSMERR_DL_INVALID_PARSING_MODULE"}, - { CSSMERR_DL_INVALID_DB_NAME,"CSSMERR_DL_INVALID_DB_NAME"}, - { CSSMERR_DL_DATASTORE_DOESNOT_EXIST,"CSSMERR_DL_DATASTORE_DOESNOT_EXIST"}, - { CSSMERR_DL_DATASTORE_ALREADY_EXISTS,"CSSMERR_DL_DATASTORE_ALREADY_EXISTS"}, - { CSSMERR_DL_DB_LOCKED,"CSSMERR_DL_DB_LOCKED"}, - { CSSMERR_DL_DATASTORE_IS_OPEN,"CSSMERR_DL_DATASTORE_IS_OPEN"}, - { CSSMERR_DL_RECORD_NOT_FOUND,"CSSMERR_DL_RECORD_NOT_FOUND"}, - { CSSMERR_DL_MISSING_VALUE,"CSSMERR_DL_MISSING_VALUE"}, - { CSSMERR_DL_UNSUPPORTED_QUERY,"CSSMERR_DL_UNSUPPORTED_QUERY"}, - { CSSMERR_DL_UNSUPPORTED_QUERY_LIMITS,"CSSMERR_DL_UNSUPPORTED_QUERY_LIMITS"}, - { CSSMERR_DL_UNSUPPORTED_NUM_SELECTION_PREDS,"CSSMERR_DL_UNSUPPORTED_NUM_SELECTION_PREDS"}, - { CSSMERR_DL_UNSUPPORTED_OPERATOR,"CSSMERR_DL_UNSUPPORTED_OPERATOR"}, - { CSSMERR_DL_INVALID_RESULTS_HANDLE,"CSSMERR_DL_INVALID_RESULTS_HANDLE"}, - { CSSMERR_DL_INVALID_DB_LOCATION,"CSSMERR_DL_INVALID_DB_LOCATION"}, - { CSSMERR_DL_INVALID_ACCESS_REQUEST,"CSSMERR_DL_INVALID_ACCESS_REQUEST"}, - { CSSMERR_DL_INVALID_INDEX_INFO,"CSSMERR_DL_INVALID_INDEX_INFO"}, - { CSSMERR_DL_INVALID_SELECTION_TAG,"CSSMERR_DL_INVALID_SELECTION_TAG"}, - { CSSMERR_DL_INVALID_NEW_OWNER,"CSSMERR_DL_INVALID_NEW_OWNER"}, - { CSSMERR_DL_INVALID_RECORD_UID,"CSSMERR_DL_INVALID_RECORD_UID"}, - { CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA,"CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA"}, - { CSSMERR_DL_INVALID_MODIFY_MODE,"CSSMERR_DL_INVALID_MODIFY_MODE"}, - { CSSMERR_DL_INVALID_OPEN_PARAMETERS,"CSSMERR_DL_INVALID_OPEN_PARAMETERS"}, - { CSSMERR_DL_RECORD_MODIFIED,"CSSMERR_DL_RECORD_MODIFIED"}, - { CSSMERR_DL_ENDOFDATA,"CSSMERR_DL_ENDOFDATA"}, - { CSSMERR_DL_INVALID_QUERY,"CSSMERR_DL_INVALID_QUERY"}, - { CSSMERR_DL_INVALID_VALUE,"CSSMERR_DL_INVALID_VALUE"}, - { CSSMERR_DL_MULTIPLE_VALUES_UNSUPPORTED,"CSSMERR_DL_MULTIPLE_VALUES_UNSUPPORTED"}, - { CSSMERR_DL_STALE_UNIQUE_RECORD,"CSSMERR_DL_STALE_UNIQUE_RECORD"}, - /* Error codes from cssmapple.h */ - { CSSMERR_CSSM_NO_USER_INTERACTION,"CSSMERR_CSSM_NO_USER_INTERACTION"}, - { CSSMERR_AC_NO_USER_INTERACTION,"CSSMERR_AC_NO_USER_INTERACTION"}, - { CSSMERR_CSP_NO_USER_INTERACTION,"CSSMERR_CSP_NO_USER_INTERACTION"}, - { CSSMERR_CL_NO_USER_INTERACTION,"CSSMERR_CL_NO_USER_INTERACTION"}, - { CSSMERR_DL_NO_USER_INTERACTION,"CSSMERR_DL_NO_USER_INTERACTION"}, - { CSSMERR_TP_NO_USER_INTERACTION,"CSSMERR_TP_NO_USER_INTERACTION"}, - { CSSMERR_CSSM_USER_CANCELED,"CSSMERR_CSSM_USER_CANCELED"}, - { CSSMERR_AC_USER_CANCELED,"CSSMERR_AC_USER_CANCELED"}, - { CSSMERR_CSP_USER_CANCELED,"CSSMERR_CSP_USER_CANCELED"}, - { CSSMERR_CL_USER_CANCELED,"CSSMERR_CL_USER_CANCELED"}, - { CSSMERR_DL_USER_CANCELED,"CSSMERR_DL_USER_CANCELED"}, - { CSSMERR_TP_USER_CANCELED,"CSSMERR_TP_USER_CANCELED"}, - { CSSMERR_CSSM_SERVICE_NOT_AVAILABLE,"CSSMERR_CSSM_SERVICE_NOT_AVAILABLE"}, - { CSSMERR_AC_SERVICE_NOT_AVAILABLE,"CSSMERR_AC_SERVICE_NOT_AVAILABLE"}, - { CSSMERR_CSP_SERVICE_NOT_AVAILABLE,"CSSMERR_CSP_SERVICE_NOT_AVAILABLE"}, - { CSSMERR_CL_SERVICE_NOT_AVAILABLE,"CSSMERR_CL_SERVICE_NOT_AVAILABLE"}, - { CSSMERR_DL_SERVICE_NOT_AVAILABLE,"CSSMERR_DL_SERVICE_NOT_AVAILABLE"}, - { CSSMERR_TP_SERVICE_NOT_AVAILABLE,"CSSMERR_TP_SERVICE_NOT_AVAILABLE"}, - { CSSMERR_CSSM_INSUFFICIENT_CLIENT_IDENTIFICATION,"CSSMERR_CSSM_INSUFFICIENT_CLIENT_IDENTIFICATION"}, - { CSSMERR_AC_INSUFFICIENT_CLIENT_IDENTIFICATION,"CSSMERR_AC_INSUFFICIENT_CLIENT_IDENTIFICATION"}, - { CSSMERR_CSP_INSUFFICIENT_CLIENT_IDENTIFICATION,"CSSMERR_CSP_INSUFFICIENT_CLIENT_IDENTIFICATION"}, - { CSSMERR_CL_INSUFFICIENT_CLIENT_IDENTIFICATION,"CSSMERR_CL_INSUFFICIENT_CLIENT_IDENTIFICATION"}, - { CSSMERR_DL_INSUFFICIENT_CLIENT_IDENTIFICATION,"CSSMERR_DL_INSUFFICIENT_CLIENT_IDENTIFICATION"}, - { CSSMERR_TP_INSUFFICIENT_CLIENT_IDENTIFICATION,"CSSMERR_TP_INSUFFICIENT_CLIENT_IDENTIFICATION"}, - { CSSMERR_CSSM_DEVICE_RESET,"CSSMERR_CSSM_DEVICE_RESET"}, - { CSSMERR_AC_DEVICE_RESET,"CSSMERR_AC_DEVICE_RESET"}, - { CSSMERR_CSP_DEVICE_RESET,"CSSMERR_CSP_DEVICE_RESET"}, - { CSSMERR_CL_DEVICE_RESET,"CSSMERR_CL_DEVICE_RESET"}, - { CSSMERR_DL_DEVICE_RESET,"CSSMERR_DL_DEVICE_RESET"}, - { CSSMERR_TP_DEVICE_RESET,"CSSMERR_TP_DEVICE_RESET"}, - { CSSMERR_CSSM_DEVICE_FAILED,"CSSMERR_CSSM_DEVICE_FAILED"}, - { CSSMERR_AC_DEVICE_FAILED,"CSSMERR_AC_DEVICE_FAILED"}, - { CSSMERR_CSP_DEVICE_FAILED,"CSSMERR_CSP_DEVICE_FAILED"}, - { CSSMERR_CL_DEVICE_FAILED,"CSSMERR_CL_DEVICE_FAILED"}, - { CSSMERR_DL_DEVICE_FAILED,"CSSMERR_DL_DEVICE_FAILED"}, - { CSSMERR_TP_DEVICE_FAILED,"CSSMERR_TP_DEVICE_FAILED"}, - { CSSMERR_CSP_APPLE_ADD_APPLICATION_ACL_SUBJECT,"CSSMERR_CSP_APPLE_ADD_APPLICATION_ACL_SUBJECT"}, - { CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE,"CSSMERR_CSP_APPLE_PUBLIC_KEY_INCOMPLETE"}, - { CSSMERR_CSP_APPLE_SIGNATURE_MISMATCH,"CSSMERR_CSP_APPLE_SIGNATURE_MISMATCH"}, - { CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE,"CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE"}, - { CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE,"CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE"}, - { CSSMERR_CSPDL_APPLE_DL_CONVERSION_ERROR,"CSSMERR_CSPDL_APPLE_DL_CONVERSION_ERROR"}, - { CSSMERR_CSP_APPLE_SSLv2_ROLLBACK,"CSSMERR_CSP_APPLE_SSLv2_ROLLBACK"}, - { CSSMERR_APPLEDL_INVALID_OPEN_PARAMETERS,"CSSMERR_APPLEDL_INVALID_OPEN_PARAMETERS"}, - { CSSMERR_APPLEDL_DISK_FULL,"CSSMERR_APPLEDL_DISK_FULL"}, - { CSSMERR_APPLEDL_QUOTA_EXCEEDED,"CSSMERR_APPLEDL_QUOTA_EXCEEDED"}, - { CSSMERR_APPLEDL_FILE_TOO_BIG,"CSSMERR_APPLEDL_FILE_TOO_BIG"}, - { CSSMERR_APPLEDL_INVALID_DATABASE_BLOB,"CSSMERR_APPLEDL_INVALID_DATABASE_BLOB"}, - { CSSMERR_APPLEDL_INVALID_KEY_BLOB,"CSSMERR_APPLEDL_INVALID_KEY_BLOB"}, - { CSSMERR_APPLEDL_INCOMPATIBLE_DATABASE_BLOB,"CSSMERR_APPLEDL_INCOMPATIBLE_DATABASE_BLOB"}, - { CSSMERR_APPLEDL_INCOMPATIBLE_KEY_BLOB,"CSSMERR_APPLEDL_INCOMPATIBLE_KEY_BLOB"}, - { CSSMERR_APPLETP_HOSTNAME_MISMATCH,"CSSMERR_APPLETP_HOSTNAME_MISMATCH"}, - { CSSMERR_APPLETP_UNKNOWN_CRITICAL_EXTEN,"CSSMERR_APPLETP_UNKNOWN_CRITICAL_EXTEN"}, - { CSSMERR_APPLETP_NO_BASIC_CONSTRAINTS,"CSSMERR_APPLETP_NO_BASIC_CONSTRAINTS"}, - { CSSMERR_APPLETP_INVALID_CA,"CSSMERR_APPLETP_INVALID_CA"}, - { CSSMERR_APPLETP_INVALID_AUTHORITY_ID,"CSSMERR_APPLETP_INVALID_AUTHORITY_ID"}, - { CSSMERR_APPLETP_INVALID_SUBJECT_ID,"CSSMERR_APPLETP_INVALID_SUBJECT_ID"}, - { CSSMERR_APPLETP_INVALID_KEY_USAGE,"CSSMERR_APPLETP_INVALID_KEY_USAGE"}, - { CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE,"CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE"}, - { CSSMERR_APPLETP_INVALID_ID_LINKAGE,"CSSMERR_APPLETP_INVALID_ID_LINKAGE"}, - { CSSMERR_APPLETP_PATH_LEN_CONSTRAINT,"CSSMERR_APPLETP_PATH_LEN_CONSTRAINT"}, - { CSSMERR_APPLETP_INVALID_ROOT,"CSSMERR_APPLETP_INVALID_ROOT"}, - { CSSMERR_APPLETP_CRL_EXPIRED,"CSSMERR_APPLETP_CRL_EXPIRED"}, - { CSSMERR_APPLETP_CRL_NOT_VALID_YET,"CSSMERR_APPLETP_CRL_NOT_VALID_YET"}, - { CSSMERR_APPLETP_CRL_NOT_FOUND,"CSSMERR_APPLETP_CRL_NOT_FOUND"}, - { CSSMERR_APPLETP_CRL_SERVER_DOWN,"CSSMERR_APPLETP_CRL_SERVER_DOWN"}, - { CSSMERR_APPLETP_CRL_BAD_URI,"CSSMERR_APPLETP_CRL_BAD_URI"}, - { CSSMERR_APPLETP_UNKNOWN_CERT_EXTEN,"CSSMERR_APPLETP_UNKNOWN_CERT_EXTEN"}, - { CSSMERR_APPLETP_UNKNOWN_CRL_EXTEN,"CSSMERR_APPLETP_UNKNOWN_CRL_EXTEN"}, - { CSSMERR_APPLETP_CRL_NOT_TRUSTED,"CSSMERR_APPLETP_CRL_NOT_TRUSTED"}, - { CSSMERR_APPLETP_CRL_INVALID_ANCHOR_CERT,"CSSMERR_APPLETP_CRL_INVALID_ANCHOR_CERT"}, - { CSSMERR_APPLETP_CRL_POLICY_FAIL,"CSSMERR_APPLETP_CRL_POLICY_FAIL"}, - { CSSMERR_APPLETP_IDP_FAIL,"CSSMERR_APPLETP_IDP_FAIL"}, - { CSSMERR_APPLETP_CERT_NOT_FOUND_FROM_ISSUER,"CSSMERR_APPLETP_CERT_NOT_FOUND_FROM_ISSUER"}, - { CSSMERR_APPLETP_BAD_CERT_FROM_ISSUER,"CSSMERR_APPLETP_BAD_CERT_FROM_ISSUER"}, - { CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND,"CSSMERR_APPLETP_SMIME_EMAIL_ADDRS_NOT_FOUND"}, - { CSSMERR_APPLETP_SMIME_BAD_EXT_KEY_USE,"CSSMERR_APPLETP_SMIME_BAD_EXT_KEY_USE"}, - { CSSMERR_APPLETP_SMIME_BAD_KEY_USE,"CSSMERR_APPLETP_SMIME_BAD_KEY_USE"}, - { CSSMERR_APPLETP_SMIME_KEYUSAGE_NOT_CRITICAL,"CSSMERR_APPLETP_SMIME_KEYUSAGE_NOT_CRITICAL"}, - { CSSMERR_APPLETP_SMIME_NO_EMAIL_ADDRS,"CSSMERR_APPLETP_SMIME_NO_EMAIL_ADDRS"}, - { CSSMERR_APPLETP_SMIME_SUBJ_ALT_NAME_NOT_CRIT,"CSSMERR_APPLETP_SMIME_SUBJ_ALT_NAME_NOT_CRIT"}, - { CSSMERR_APPLETP_SSL_BAD_EXT_KEY_USE,"CSSMERR_APPLETP_SSL_BAD_EXT_KEY_USE"}, - { CSSMERR_APPLETP_OCSP_BAD_RESPONSE,"CSSMERR_APPLETP_OCSP_BAD_RESPONSE"}, - { CSSMERR_APPLETP_OCSP_BAD_REQUEST,"CSSMERR_APPLETP_OCSP_BAD_REQUEST"}, - { CSSMERR_APPLETP_OCSP_UNAVAILABLE,"CSSMERR_APPLETP_OCSP_UNAVAILABLE"}, - { CSSMERR_APPLETP_OCSP_STATUS_UNRECOGNIZED,"CSSMERR_APPLETP_OCSP_STATUS_UNRECOGNIZED"}, - { CSSMERR_APPLETP_INCOMPLETE_REVOCATION_CHECK,"CSSMERR_APPLETP_INCOMPLETE_REVOCATION_CHECK"}, - { CSSMERR_APPLETP_NETWORK_FAILURE,"CSSMERR_APPLETP_NETWORK_FAILURE"}, - { CSSMERR_APPLETP_OCSP_NOT_TRUSTED,"CSSMERR_APPLETP_OCSP_NOT_TRUSTED"}, - { CSSMERR_APPLETP_OCSP_INVALID_ANCHOR_CERT,"CSSMERR_APPLETP_OCSP_INVALID_ANCHOR_CERT"}, - { CSSMERR_APPLETP_OCSP_SIG_ERROR,"CSSMERR_APPLETP_OCSP_SIG_ERROR"}, - { CSSMERR_APPLETP_OCSP_NO_SIGNER,"CSSMERR_APPLETP_OCSP_NO_SIGNER"}, - { CSSMERR_APPLETP_OCSP_RESP_MALFORMED_REQ,"CSSMERR_APPLETP_OCSP_RESP_MALFORMED_REQ"}, - { CSSMERR_APPLETP_OCSP_RESP_INTERNAL_ERR,"CSSMERR_APPLETP_OCSP_RESP_INTERNAL_ERR"}, - { CSSMERR_APPLETP_OCSP_RESP_TRY_LATER,"CSSMERR_APPLETP_OCSP_RESP_TRY_LATER"}, - { CSSMERR_APPLETP_OCSP_RESP_SIG_REQUIRED,"CSSMERR_APPLETP_OCSP_RESP_SIG_REQUIRED"}, - { CSSMERR_APPLETP_OCSP_RESP_UNAUTHORIZED,"CSSMERR_APPLETP_OCSP_RESP_UNAUTHORIZED"}, - { CSSMERR_APPLETP_OCSP_NONCE_MISMATCH,"CSSMERR_APPLETP_OCSP_NONCE_MISMATCH"}, - { CSSMERR_APPLETP_CS_BAD_CERT_CHAIN_LENGTH,"CSSMERR_APPLETP_CS_BAD_CERT_CHAIN_LENGTH"}, - { CSSMERR_APPLETP_CS_NO_BASIC_CONSTRAINTS,"CSSMERR_APPLETP_CS_NO_BASIC_CONSTRAINTS"}, - { CSSMERR_APPLETP_CS_BAD_PATH_LENGTH,"CSSMERR_APPLETP_CS_BAD_PATH_LENGTH"}, - { CSSMERR_APPLETP_CS_NO_EXTENDED_KEY_USAGE,"CSSMERR_APPLETP_CS_NO_EXTENDED_KEY_USAGE"}, - { CSSMERR_APPLETP_CODE_SIGN_DEVELOPMENT,"CSSMERR_APPLETP_CODE_SIGN_DEVELOPMENT"}, - { CSSMERR_APPLETP_RS_BAD_CERT_CHAIN_LENGTH,"CSSMERR_APPLETP_RS_BAD_CERT_CHAIN_LENGTH"}, - { CSSMERR_APPLETP_RS_BAD_EXTENDED_KEY_USAGE,"CSSMERR_APPLETP_RS_BAD_EXTENDED_KEY_USAGE"}, - { CSSMERR_APPLETP_TRUST_SETTING_DENY,"CSSMERR_APPLETP_TRUST_SETTING_DENY"}, - { CSSMERR_APPLETP_INVALID_EMPTY_SUBJECT,"CSSMERR_APPLETP_INVALID_EMPTY_SUBJECT"}, - { CSSMERR_APPLETP_UNKNOWN_QUAL_CERT_STATEMENT,"CSSMERR_APPLETP_UNKNOWN_QUAL_CERT_STATEMENT"}, - { CSSMERR_APPLE_DOTMAC_REQ_QUEUED,"CSSMERR_APPLE_DOTMAC_REQ_QUEUED"}, - { CSSMERR_APPLE_DOTMAC_REQ_REDIRECT,"CSSMERR_APPLE_DOTMAC_REQ_REDIRECT"}, - { CSSMERR_APPLE_DOTMAC_REQ_SERVER_ERR,"CSSMERR_APPLE_DOTMAC_REQ_SERVER_ERR"}, - { CSSMERR_APPLE_DOTMAC_REQ_SERVER_PARAM,"CSSMERR_APPLE_DOTMAC_REQ_SERVER_PARAM"}, - { CSSMERR_APPLE_DOTMAC_REQ_SERVER_AUTH,"CSSMERR_APPLE_DOTMAC_REQ_SERVER_AUTH"}, - { CSSMERR_APPLE_DOTMAC_REQ_SERVER_UNIMPL,"CSSMERR_APPLE_DOTMAC_REQ_SERVER_UNIMPL"}, - { CSSMERR_APPLE_DOTMAC_REQ_SERVER_NOT_AVAIL,"CSSMERR_APPLE_DOTMAC_REQ_SERVER_NOT_AVAIL"}, - { CSSMERR_APPLE_DOTMAC_REQ_SERVER_ALREADY_EXIST,"CSSMERR_APPLE_DOTMAC_REQ_SERVER_ALREADY_EXIST"}, - { CSSMERR_APPLE_DOTMAC_REQ_SERVER_SERVICE_ERROR,"CSSMERR_APPLE_DOTMAC_REQ_SERVER_SERVICE_ERROR"}, - { CSSMERR_APPLE_DOTMAC_REQ_IS_PENDING,"CSSMERR_APPLE_DOTMAC_REQ_IS_PENDING"}, - { CSSMERR_APPLE_DOTMAC_NO_REQ_PENDING,"CSSMERR_APPLE_DOTMAC_NO_REQ_PENDING"}, - {0, NULL} -}; diff --git a/SecurityTests/cspxutils/utilLib/fileIo.c b/SecurityTests/cspxutils/utilLib/fileIo.c deleted file mode 100644 index 3ad1fae5..00000000 --- a/SecurityTests/cspxutils/utilLib/fileIo.c +++ /dev/null @@ -1,128 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include "fileIo.h" - -int cspWriteFile( - const char *fileName, - const unsigned char *bytes, - unsigned numBytes) -{ - int rtn; - int fd; - - fd = open(fileName, O_RDWR | O_CREAT | O_TRUNC, 0600); - if(fd <= 0) { - return errno; - } - rtn = lseek(fd, 0, SEEK_SET); - if(rtn < 0) { - return errno; - } - rtn = write(fd, bytes, (size_t)numBytes); - if(rtn != (int)numBytes) { - if(rtn >= 0) { - printf("writeFile: short write\n"); - } - rtn = EIO; - } - else { - rtn = 0; - } - close(fd); - return rtn; -} - -/* - * Read entire file. - */ -int cspReadFile( - const char *fileName, - unsigned char **bytes, // mallocd and returned - unsigned *numBytes) // returned -{ - int ourRtn = 0; - int fd; - char *buf; - char *thisBuf; - struct stat sb; - unsigned size; - size_t toMove; - ssize_t thisMoved; - int irtn; - off_t lrtn = 0; - - *numBytes = 0; - *bytes = NULL; - fd = open(fileName, O_RDONLY, 0); - if(fd <= 0) { - perror("open"); - return errno; - } - irtn = fstat(fd, &sb); - if(irtn) { - ourRtn = errno; - if(ourRtn == 0) { - fprintf(stderr, "***Bogus zero error on fstat\n"); - ourRtn = -1; - } - else { - perror("fstat"); - } - goto errOut; - } - size = sb.st_size; - buf = thisBuf = (char *)malloc(size); - if(buf == NULL) { - ourRtn = ENOMEM; - goto errOut; - } - lrtn = lseek(fd, 0, SEEK_SET); - if(lrtn < 0) { - ourRtn = errno; - if(ourRtn == 0) { - fprintf(stderr, "***Bogus zero error on lseek\n"); - ourRtn = -1; - } - else { - perror("lseek"); - } - goto errOut; - } - toMove = size; - - /* - * On ppc this read ALWAYS returns the entire file. On i386, not so. - */ - do { - thisMoved = read(fd, thisBuf, toMove); - if(thisMoved == 0) { - /* reading empty file: done */ - break; - } - else if(thisMoved < 0) { - ourRtn = errno; - perror("read"); - break; - } - size_t uThisMoved = (size_t)thisMoved; - if(uThisMoved != toMove) { - fprintf(stderr, "===Short read: asked for %ld, got %lu\n", - toMove, uThisMoved); - } - toMove -= thisMoved; - thisBuf += thisMoved; - } while(toMove); - - if(ourRtn == 0) { - *bytes = (unsigned char *)buf; - *numBytes = size; - } -errOut: - close(fd); - return ourRtn; -} diff --git a/SecurityTests/cspxutils/utilLib/fileIo.h b/SecurityTests/cspxutils/utilLib/fileIo.h deleted file mode 100644 index b079359e..00000000 --- a/SecurityTests/cspxutils/utilLib/fileIo.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Read entire file. - */ -#ifdef __cplusplus -extern "C" { -#endif - -int cspReadFile( - const char *fileName, - unsigned char **bytes, // mallocd and returned - unsigned *numBytes); // returned - -int cspWriteFile( - const char *fileName, - const unsigned char *bytes, - unsigned numBytes); - -#ifdef __cplusplus -} -#endif diff --git a/SecurityTests/cspxutils/utilLib/nssAppUtils.cpp b/SecurityTests/cspxutils/utilLib/nssAppUtils.cpp deleted file mode 100644 index d1c7e216..00000000 --- a/SecurityTests/cspxutils/utilLib/nssAppUtils.cpp +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (c) 2003-2004 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ -/* - * nssAppUtils.cpp - */ - -#include "nssAppUtils.h" -#include "common.h" -#include "cspwrap.h" -#include -#include -#include -#include -#include - -/* - * Create pubKeyPartial as copy of pubKey without the DSA params. - * Returned partial key is RAW. Incoming key can be raw or ref. - */ -CSSM_RETURN extractDsaPartial( - CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *pubKey, - CSSM_KEY_PTR pubKeyPartial) -{ - const CSSM_KEY *thePubKey = pubKey; - CSSM_KEY rawPubKey; - CSSM_RETURN crtn; - - if(pubKey->KeyHeader.BlobType == CSSM_KEYBLOB_REFERENCE) { - /* first get this in raw form */ - crtn = cspRefKeyToRaw(cspHand, pubKey, &rawPubKey); - if(crtn) { - return crtn; - } - thePubKey = &rawPubKey; - } - - /* decode raw public key */ - NSS_DSAPublicKeyX509 nssPub; - SecAsn1CoderRef coder; - - OSStatus ortn = SecAsn1CoderCreate(&coder); - if(ortn) { - cssmPerror("SecAsn1CoderCreate", ortn); - return ortn; - } - memset(&nssPub, 0, sizeof(nssPub)); - if(SecAsn1DecodeData(coder, &thePubKey->KeyData, kSecAsn1DSAPublicKeyX509Template, - &nssPub)) { - printf("***Error decoding DSA public key. Aborting.\n"); - return 1; - } - - /* zero out the params and reencode */ - nssPub.dsaAlg.params = NULL; - CSSM_DATA newKey = {0, NULL}; - if(SecAsn1EncodeItem(coder, &nssPub, kSecAsn1DSAPublicKeyX509Template, - &newKey)) { - printf("***Error reencoding DSA pub key\n"); - return 1; - } - - /* copy - newKey is in coder space */ - *pubKeyPartial = *thePubKey; - appCopyCssmData(&newKey, &pubKeyPartial->KeyData); - - if(pubKey->KeyHeader.BlobType == CSSM_KEYBLOB_REFERENCE) { - /* free the KeyData mallocd by cspRefKeyToRaw */ - CSSM_FREE(thePubKey->KeyData.Data); - pubKeyPartial->KeyHeader.BlobType = CSSM_KEYBLOB_RAW; - } - pubKeyPartial->KeyHeader.KeyAttr |= CSSM_KEYATTR_PARTIAL; - SecAsn1CoderRelease(coder); - return CSSM_OK; -} diff --git a/SecurityTests/cspxutils/utilLib/nssAppUtils.h b/SecurityTests/cspxutils/utilLib/nssAppUtils.h deleted file mode 100644 index b05676fb..00000000 --- a/SecurityTests/cspxutils/utilLib/nssAppUtils.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please - * obtain a copy of the License at http://www.apple.com/publicsource and - * read it before using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - */ -/* - * nssAppUtils.h - */ - -#ifndef _NSS_APP_UTILS_H_ -#define _NSS_APP_UTILS_H_ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -CSSM_RETURN extractDsaPartial( - CSSM_CSP_HANDLE cspHand, - const CSSM_KEY *pubKey, - CSSM_KEY_PTR pubKeyPartial); - -#ifdef __cplusplus -} -#endif - -#endif /* _NSS_APP_UTILS_H_ */ - diff --git a/SecurityTests/cspxutils/utilLib/rijndael-alg-ref.c b/SecurityTests/cspxutils/utilLib/rijndael-alg-ref.c deleted file mode 100644 index aba67c46..00000000 --- a/SecurityTests/cspxutils/utilLib/rijndael-alg-ref.c +++ /dev/null @@ -1,373 +0,0 @@ -/* rijndael-alg-ref.c v2.0 August '99 - * Reference ANSI C code - * authors: Paulo Barreto - * Vincent Rijmen - */ - -#include -#include - -#include "rijndael-alg-ref.h" - -#define SC ((BC - 4) >> 1) - -#include "boxes-ref.h" - -static const word8 shifts[3][4][2] = { - { { 0, 0 }, - { 1, 3 }, - { 2, 2 }, - { 3, 1 } - }, - { { 0, 0 }, - { 1, 5 }, - { 2, 4 }, - { 3, 3 } - }, - { { 0, 0 }, - { 1, 7 }, - { 3, 5 }, - { 4, 4 } - } -}; - - -static word8 mul(word8 a, word8 b) { - /* multiply two elements of GF(2^m) - * needed for MixColumn and InvMixColumn - */ - if (a && b) return Alogtable[(Logtable[a] + Logtable[b])%255]; - else return 0; -} - -static void KeyAddition(word8 a[4][MAXBC], word8 rk[4][MAXBC], word8 BC) { - /* Exor corresponding text input and round key input bytes - */ - int i, j; - - for(i = 0; i < 4; i++) - for(j = 0; j < BC; j++) a[i][j] ^= rk[i][j]; -} - -static void ShiftRow(word8 a[4][MAXBC], word8 d, word8 BC) { - /* Row 0 remains unchanged - * The other three rows are shifted a variable amount - */ - word8 tmp[MAXBC]; - int i, j; - - for(i = 1; i < 4; i++) { - for(j = 0; j < BC; j++) tmp[j] = a[i][(j + shifts[SC][i][d]) % BC]; - for(j = 0; j < BC; j++) a[i][j] = tmp[j]; - } -} - -static void Substitution(word8 a[4][MAXBC], const word8 box[256], word8 BC) { - /* Replace every byte of the input by the byte at that place - * in the nonlinear S-box - */ - int i, j; - - for(i = 0; i < 4; i++) - for(j = 0; j < BC; j++) a[i][j] = box[a[i][j]] ; -} - -static void MixColumn(word8 a[4][MAXBC], word8 BC) { - /* Mix the four bytes of every column in a linear way - */ - word8 b[4][MAXBC]; - int i, j; - - for(j = 0; j < BC; j++) - for(i = 0; i < 4; i++) - b[i][j] = mul(2,a[i][j]) - ^ mul(3,a[(i + 1) % 4][j]) - ^ a[(i + 2) % 4][j] - ^ a[(i + 3) % 4][j]; - for(i = 0; i < 4; i++) - for(j = 0; j < BC; j++) a[i][j] = b[i][j]; -} - -static void InvMixColumn(word8 a[4][MAXBC], word8 BC) { - /* Mix the four bytes of every column in a linear way - * This is the opposite operation of Mixcolumn - */ - word8 b[4][MAXBC]; - int i, j; - - for(j = 0; j < BC; j++) - for(i = 0; i < 4; i++) - b[i][j] = mul(0xe,a[i][j]) - ^ mul(0xb,a[(i + 1) % 4][j]) - ^ mul(0xd,a[(i + 2) % 4][j]) - ^ mul(0x9,a[(i + 3) % 4][j]); - for(i = 0; i < 4; i++) - for(j = 0; j < BC; j++) a[i][j] = b[i][j]; -} - -int _rijndaelKeySched (word8 k[4][MAXKC], int keyBits, int blockBits, word8 W[MAXROUNDS+1][4][MAXBC]) { - /* Calculate the necessary round keys - * The number of calculations depends on keyBits and blockBits - */ - int KC, BC, ROUNDS; - int i, j, t, rconpointer = 0; - word8 tk[4][MAXKC]; - - switch (keyBits) { - case 128: KC = 4; break; - case 192: KC = 6; break; - case 256: KC = 8; break; - default : return (-1); - } - - switch (blockBits) { - case 128: BC = 4; break; - case 192: BC = 6; break; - case 256: BC = 8; break; - default : return (-2); - } - - switch (keyBits >= blockBits ? keyBits : blockBits) { - case 128: ROUNDS = 10; break; - case 192: ROUNDS = 12; break; - case 256: ROUNDS = 14; break; - default : return (-3); /* this cannot happen */ - } - - - for(j = 0; j < KC; j++) - for(i = 0; i < 4; i++) - tk[i][j] = k[i][j]; - t = 0; - /* copy values into round key array */ - for(j = 0; (j < KC) && (t < (ROUNDS+1)*BC); j++, t++) - for(i = 0; i < 4; i++) W[t / BC][i][t % BC] = tk[i][j]; - - while (t < (ROUNDS+1)*BC) { /* while not enough round key material calculated */ - /* calculate new values */ - for(i = 0; i < 4; i++) - tk[i][0] ^= S[tk[(i+1)%4][KC-1]]; - tk[0][0] ^= rcon[rconpointer++]; - - if (KC != 8) - for(j = 1; j < KC; j++) - for(i = 0; i < 4; i++) tk[i][j] ^= tk[i][j-1]; - else { - for(j = 1; j < KC/2; j++) - for(i = 0; i < 4; i++) tk[i][j] ^= tk[i][j-1]; - for(i = 0; i < 4; i++) tk[i][KC/2] ^= S[tk[i][KC/2 - 1]]; - for(j = KC/2 + 1; j < KC; j++) - for(i = 0; i < 4; i++) tk[i][j] ^= tk[i][j-1]; - } - /* copy values into round key array */ - for(j = 0; (j < KC) && (t < (ROUNDS+1)*BC); j++, t++) - for(i = 0; i < 4; i++) W[t / BC][i][t % BC] = tk[i][j]; - } - - return 0; -} - -int _rijndaelEncrypt (word8 a[4][MAXBC], int keyBits, int blockBits, word8 rk[MAXROUNDS+1][4][MAXBC]) -{ - /* Encryption of one block. - */ - int r, BC, ROUNDS; - - switch (blockBits) { - case 128: BC = 4; break; - case 192: BC = 6; break; - case 256: BC = 8; break; - default : return (-2); - } - - switch (keyBits >= blockBits ? keyBits : blockBits) { - case 128: ROUNDS = 10; break; - case 192: ROUNDS = 12; break; - case 256: ROUNDS = 14; break; - default : return (-3); /* this cannot happen */ - } - - /* begin with a key addition - */ - KeyAddition(a,rk[0],BC); - - /* ROUNDS-1 ordinary rounds - */ - for(r = 1; r < ROUNDS; r++) { - Substitution(a,S,BC); - ShiftRow(a,0,BC); - MixColumn(a,BC); - KeyAddition(a,rk[r],BC); - } - - /* Last round is special: there is no MixColumn - */ - Substitution(a,S,BC); - ShiftRow(a,0,BC); - KeyAddition(a,rk[ROUNDS],BC); - - return 0; -} - - -#ifndef __APPLE__ - -int rijndaelEncryptRound (word8 a[4][MAXBC], int keyBits, int blockBits, - word8 rk[MAXROUNDS+1][4][MAXBC], int rounds) -/* Encrypt only a certain number of rounds. - * Only used in the Intermediate Value Known Answer Test. - */ -{ - int r, BC, ROUNDS; - - switch (blockBits) { - case 128: BC = 4; break; - case 192: BC = 6; break; - case 256: BC = 8; break; - default : return (-2); - } - - switch (keyBits >= blockBits ? keyBits : blockBits) { - case 128: ROUNDS = 10; break; - case 192: ROUNDS = 12; break; - case 256: ROUNDS = 14; break; - default : return (-3); /* this cannot happen */ - } - - /* make number of rounds sane */ - if (rounds > ROUNDS) rounds = ROUNDS; - - /* begin with a key addition - */ - KeyAddition(a,rk[0],BC); - - /* at most ROUNDS-1 ordinary rounds - */ - for(r = 1; (r <= rounds) && (r < ROUNDS); r++) { - Substitution(a,S,BC); - ShiftRow(a,0,BC); - MixColumn(a,BC); - KeyAddition(a,rk[r],BC); - } - - /* if necessary, do the last, special, round: - */ - if (rounds == ROUNDS) { - Substitution(a,S,BC); - ShiftRow(a,0,BC); - KeyAddition(a,rk[ROUNDS],BC); - } - - return 0; -} -#endif /* __APPLE__ */ - -int _rijndaelDecrypt (word8 a[4][MAXBC], int keyBits, int blockBits, word8 rk[MAXROUNDS+1][4][MAXBC]) -{ - int r, BC, ROUNDS; - - switch (blockBits) { - case 128: BC = 4; break; - case 192: BC = 6; break; - case 256: BC = 8; break; - default : return (-2); - } - - switch (keyBits >= blockBits ? keyBits : blockBits) { - case 128: ROUNDS = 10; break; - case 192: ROUNDS = 12; break; - case 256: ROUNDS = 14; break; - default : return (-3); /* this cannot happen */ - } - - /* To decrypt: apply the inverse operations of the encrypt routine, - * in opposite order - * - * (KeyAddition is an involution: it 's equal to its inverse) - * (the inverse of Substitution with table S is Substitution with the inverse table of S) - * (the inverse of Shiftrow is Shiftrow over a suitable distance) - */ - - /* First the special round: - * without InvMixColumn - * with extra KeyAddition - */ - KeyAddition(a,rk[ROUNDS],BC); - Substitution(a,Si,BC); - ShiftRow(a,1,BC); - - /* ROUNDS-1 ordinary rounds - */ - for(r = ROUNDS-1; r > 0; r--) { - KeyAddition(a,rk[r],BC); - InvMixColumn(a,BC); - Substitution(a,Si,BC); - ShiftRow(a,1,BC); - } - - /* End with the extra key addition - */ - - KeyAddition(a,rk[0],BC); - - return 0; -} - -#ifndef __APPLE__ - -int rijndaelDecryptRound (word8 a[4][MAXBC], int keyBits, int blockBits, - word8 rk[MAXROUNDS+1][4][MAXBC], int rounds) -/* Decrypt only a certain number of rounds. - * Only used in the Intermediate Value Known Answer Test. - * Operations rearranged such that the intermediate values - * of decryption correspond with the intermediate values - * of encryption. - */ -{ - int r, BC, ROUNDS; - - switch (blockBits) { - case 128: BC = 4; break; - case 192: BC = 6; break; - case 256: BC = 8; break; - default : return (-2); - } - - switch (keyBits >= blockBits ? keyBits : blockBits) { - case 128: ROUNDS = 10; break; - case 192: ROUNDS = 12; break; - case 256: ROUNDS = 14; break; - default : return (-3); /* this cannot happen */ - } - - - /* make number of rounds sane */ - if (rounds > ROUNDS) rounds = ROUNDS; - - /* First the special round: - * without InvMixColumn - * with extra KeyAddition - */ - KeyAddition(a,rk[ROUNDS],BC); - Substitution(a,Si,BC); - ShiftRow(a,1,BC); - - /* ROUNDS-1 ordinary rounds - */ - for(r = ROUNDS-1; r > rounds; r--) { - KeyAddition(a,rk[r],BC); - InvMixColumn(a,BC); - Substitution(a,Si,BC); - ShiftRow(a,1,BC); - } - - if (rounds == 0) { - /* End with the extra key addition - */ - KeyAddition(a,rk[0],BC); - } - - return 0; -} - -#endif /* __APPLE__ */ diff --git a/SecurityTests/cspxutils/utilLib/rijndael-alg-ref.h b/SecurityTests/cspxutils/utilLib/rijndael-alg-ref.h deleted file mode 100644 index 083378e0..00000000 --- a/SecurityTests/cspxutils/utilLib/rijndael-alg-ref.h +++ /dev/null @@ -1,53 +0,0 @@ -/* rijndael-alg-ref.h v2.0 August '99 - * Reference ANSI C code - * authors: Paulo Barreto - * Vincent Rijmen - */ -#ifndef __RIJNDAEL_ALG_H -#define __RIJNDAEL_ALG_H - -#ifdef __APPLE__ -#define MIN_AES_KEY_BITS 128 -#define MID_AES_KEY_BITS 192 -#define MAX_AES_KEY_BITS 256 -#define MAX_AES_KEY_BYTES (MAX_AES_KEY_BITS / 8) - -#define MIN_AES_BLOCK_BITS 128 -#define MID_AES_BLOCK_BITS 192 -#define MAX_AES_BLOCK_BITS 256 -#define MIN_AES_BLOCK_BYTES (MIN_AES_BLOCK_BITS / 8) - -#endif -#define MAXBC (MAX_AES_BLOCK_BITS/32) -#define MAXKC (MAX_AES_KEY_BITS/32) -#define MAXROUNDS 14 - -#ifdef __cplusplus -extern "C" { -#endif - -typedef unsigned char word8; -typedef unsigned short word16; -typedef unsigned long word32; - - -int _rijndaelKeySched (word8 k[4][MAXKC], int keyBits, int blockBits, - word8 rk[MAXROUNDS+1][4][MAXBC]); -int _rijndaelEncrypt (word8 a[4][MAXBC], int keyBits, int blockBits, - word8 rk[MAXROUNDS+1][4][MAXBC]); -#ifndef __APPLE__ -int rijndaelEncryptRound (word8 a[4][MAXBC], int keyBits, int blockBits, - word8 rk[MAXROUNDS+1][4][MAXBC], int rounds); -#endif -int _rijndaelDecrypt (word8 a[4][MAXBC], int keyBits, int blockBits, - word8 rk[MAXROUNDS+1][4][MAXBC]); -#ifndef __APPLE__ -int rijndaelDecryptRound (word8 a[4][MAXBC], int keyBits, int blockBits, - word8 rk[MAXROUNDS+1][4][MAXBC], int rounds); -#endif - -#ifdef __cplusplus -} -#endif - -#endif /* __RIJNDAEL_ALG_H */ diff --git a/SecurityTests/cspxutils/utilLib/rijndaelApi.c b/SecurityTests/cspxutils/utilLib/rijndaelApi.c deleted file mode 100644 index f7927d35..00000000 --- a/SecurityTests/cspxutils/utilLib/rijndaelApi.c +++ /dev/null @@ -1,357 +0,0 @@ -/* - * rijndaelApi.c - AES API layer - * - * Based on rijndael-api-ref.h v2.0 written by Paulo Barreto - * and Vincent Rijmen - */ -#include -#include - -#include "rijndael-alg-ref.h" -#include "rijndaelApi.h" - -#define CBC_DEBUG 0 -#if CBC_DEBUG -static void dumpChainBuf(cipherInstance *cipher, char *op) -{ - int t,j; - int columns = cipher->blockLen / 32; - - printf("chainBuf %s: ", op); - for (j = 0; j < columns; j++) { - for(t = 0; t < 4; t++) { - printf("%02x ", cipher->chainBlock[t][j]); - } - } - printf("\n"); -} -#else -#define dumpChainBuf(c, o) -#endif - -int _makeKey( keyInstance *key, - BYTE direction, - int keyLen, // in BITS - int blockLen, // in BITS - BYTE *keyMaterial) -{ - word8 k[4][MAXKC]; - unsigned keyBytes; - unsigned i; - - if (key == NULL) { - return BAD_KEY_INSTANCE; - } - if(keyMaterial == NULL) { - return BAD_KEY_MAT; - } - if ((direction == DIR_ENCRYPT) || (direction == DIR_DECRYPT)) { - key->direction = direction; - } else { - return BAD_KEY_DIR; - } - - if ((keyLen == 128) || (keyLen == 192) || (keyLen == 256)) { - key->keyLen = keyLen; - } else { - return BAD_KEY_MAT; - } - key->blockLen = blockLen; - - /* initialize key schedule: */ - keyBytes = keyLen / 8; - for(i = 0; i < keyBytes; i++) { - k[i % 4][i / 4] = keyMaterial[i]; - } - _rijndaelKeySched (k, key->keyLen, key->blockLen, key->keySched); - memset(k, 0, 4 * MAXKC); - return TRUE; -} - -int _cipherInit( cipherInstance *cipher, - BYTE mode, - int blockLen, // in BITS - BYTE *IV) -{ - int t, j; - int columns = blockLen / 32; - - /* MODE_CFB1 not supported */ - if ((mode == MODE_ECB) || (mode == MODE_CBC)) { - cipher->mode = mode; - } else { - return BAD_CIPHER_MODE; - } - cipher->blockLen = blockLen; - - if (IV != NULL) { - /* Save IV in rectangular block format */ - for (j = 0; j < columns; j++) { - for(t = 0; t < 4; t++) { - /* parse initial value into rectangular array */ - cipher->chainBlock[t][j] = IV[t+4*j]; - } - } - } - dumpChainBuf(cipher, "init "); - return TRUE; -} - - -int _blockEncrypt(cipherInstance *cipher, - keyInstance *key, BYTE *input, int inputLen, BYTE *outBuffer) -{ - int i, j, t, numBlocks; - unsigned blockSizeBytes; - int columns; - - /* check parameter consistency: */ - if (key == NULL || - key->direction != DIR_ENCRYPT || - (key->keyLen != 128 && key->keyLen != 192 && key->keyLen != 256)) { - return BAD_KEY_MAT; - } - if (cipher == NULL || - (cipher->mode != MODE_ECB && cipher->mode != MODE_CBC) || - (cipher->blockLen != 128 && cipher->blockLen != 192 && cipher->blockLen != 256)) { - return BAD_CIPHER_STATE; - } - - numBlocks = inputLen/cipher->blockLen; - blockSizeBytes = cipher->blockLen / 8; - columns = cipher->blockLen / 32; - - switch (cipher->mode) { - case MODE_ECB: - for (i = 0; i < numBlocks; i++) { - for (j = 0; j < columns; j++) { - for(t = 0; t < 4; t++) - /* parse input stream into rectangular array */ - cipher->chainBlock[t][j] = input[4*j+t]; - } - _rijndaelEncrypt (cipher->chainBlock, key->keyLen, cipher->blockLen, key->keySched); - for (j = 0; j < columns; j++) { - /* parse rectangular array into output ciphertext bytes */ - for(t = 0; t < 4; t++) - outBuffer[4*j+t] = (BYTE) cipher->chainBlock[t][j]; - } - input += blockSizeBytes; - outBuffer += blockSizeBytes; - dumpChainBuf(cipher, "encr ECB"); - } - break; - - case MODE_CBC: - for (i = 0; i < numBlocks; i++) { - for (j = 0; j < columns; j++) { - for(t = 0; t < 4; t++) - /* parse input stream into rectangular array and exor with - IV or the previous ciphertext */ - cipher->chainBlock[t][j] ^= input[4*j+t]; - } - _rijndaelEncrypt (cipher->chainBlock, key->keyLen, cipher->blockLen, key->keySched); - for (j = 0; j < columns; j++) { - /* parse rectangular array into output ciphertext bytes */ - for(t = 0; t < 4; t++) - outBuffer[4*j+t] = (BYTE) cipher->chainBlock[t][j]; - } - /* Hey! This code was broken for multi-block ops! */ - input += blockSizeBytes; - outBuffer += blockSizeBytes; - dumpChainBuf(cipher, "encr CBC"); - } - break; - - default: return BAD_CIPHER_STATE; - } - - return numBlocks*cipher->blockLen; -} - -int _blockDecrypt(cipherInstance *cipher, - keyInstance *key, BYTE *input, int inputLen, BYTE *outBuffer) -{ - int i, j, t, numBlocks; - word8 block[4][MAXBC]; // working memory: encrypt/decrypt in place here - unsigned blockSizeBytes; - word8 cblock[4][MAXBC]; // saved ciphertext - int columns; - - if (cipher == NULL || - key == NULL || - key->direction == DIR_ENCRYPT || - cipher->blockLen != key->blockLen) { - return BAD_CIPHER_STATE; - } - - /* check parameter consistency: */ - if (key == NULL || - key->direction != DIR_DECRYPT || - (key->keyLen != 128 && key->keyLen != 192 && key->keyLen != 256)) { - return BAD_KEY_MAT; - } - if (cipher == NULL || - (cipher->mode != MODE_ECB && cipher->mode != MODE_CBC) || - (cipher->blockLen != 128 && cipher->blockLen != 192 && cipher->blockLen != 256)) { - return BAD_CIPHER_STATE; - } - - numBlocks = inputLen/cipher->blockLen; - blockSizeBytes = cipher->blockLen / 8; - columns = cipher->blockLen / 32; - - switch (cipher->mode) { - case MODE_ECB: - for (i = 0; i < numBlocks; i++) { - for (j = 0; j < columns; j++) { - for(t = 0; t < 4; t++) - /* parse input stream into rectangular array */ - block[t][j] = input[4*j+t]; - } - _rijndaelDecrypt (block, key->keyLen, cipher->blockLen, key->keySched); - for (j = 0; j < columns; j++) { - /* parse rectangular array into output ciphertext bytes */ - for(t = 0; t < 4; t++) - outBuffer[4*j+t] = (BYTE) block[t][j]; - } - input += blockSizeBytes; - outBuffer += blockSizeBytes; - dumpChainBuf(cipher, "decr ECB"); - } - break; - - case MODE_CBC: - for (i = 0; i < numBlocks; i++) { - for (j = 0; j < columns; j++) { - for(t = 0; t < 4; t++) - /* parse input stream into rectangular array */ - block[t][j] = input[4*j+t]; - } - - /* save a copoy of incoming ciphertext for later chain; decrypt */ - memmove(cblock, block, 4*MAXBC); - _rijndaelDecrypt (block, key->keyLen, cipher->blockLen, key->keySched); - - /* - * exor with last ciphertext --> plaintext out - * save this ciphertext in lastBlock - * FIXME - we can optimize this by avoiding the copy into - * lastBlock on all but last time thru... - */ - for (j = 0; j < columns; j++) { - for(t = 0; t < 4; t++) { - outBuffer[4*j+t] = (block[t][j] ^ cipher->chainBlock[t][j]); - } - } - memmove(cipher->chainBlock, cblock, 4 * MAXBC); - input += blockSizeBytes; - outBuffer += blockSizeBytes; - dumpChainBuf(cipher, "decr CBC"); - } - break; - - default: return BAD_CIPHER_STATE; - } - memset(block, 0, 4 * MAXBC); - memset(cblock, 0, 4 * MAXBC); - return numBlocks*cipher->blockLen; -} - -/* - * Apple addenda 3/28/2001: simplified single-block encrypt/decrypt. - * Used when chaining and padding is done in elsewhere. - */ -#define AES_CONSISTENCY_CHECK 1 - -int _rijndaelBlockEncrypt( - cipherInstance *cipher, - keyInstance *key, - BYTE *input, - BYTE *outBuffer) -{ - int j, t; - unsigned blockSizeBytes; - int columns; - - #if AES_CONSISTENCY_CHECK - /* check parameter consistency: */ - if (key == NULL || - key->direction != DIR_ENCRYPT || - (key->keyLen != 128 && key->keyLen != 192 && key->keyLen != 256)) { - return BAD_KEY_MAT; - } - if (cipher == NULL || - (cipher->mode != MODE_ECB && cipher->mode != MODE_CBC) || - (cipher->blockLen != 128 && cipher->blockLen != 192 && cipher->blockLen != 256)) { - return BAD_CIPHER_STATE; - } - #endif /* AES_CONSISTENCY_CHECK */ - - blockSizeBytes = cipher->blockLen >> 3; /* was / 8; should just save in cipher */ - columns = cipher->blockLen >> 5; /* was / 32; ditto */ - - for (j = 0; j < columns; j++) { - for(t = 0; t < 4; t++) - /* parse input stream into rectangular array */ - cipher->chainBlock[t][j] = input[4*j+t]; - } - _rijndaelEncrypt (cipher->chainBlock, key->keyLen, cipher->blockLen, - key->keySched); - for (j = 0; j < columns; j++) { - /* parse rectangular array into output ciphertext bytes */ - for(t = 0; t < 4; t++) - outBuffer[4*j+t] = (BYTE) cipher->chainBlock[t][j]; - } - return cipher->blockLen; -} - -int _rijndaelBlockDecrypt( - cipherInstance *cipher, - keyInstance *key, - BYTE *input, - BYTE *outBuffer) -{ - int j, t; - word8 block[4][MAXBC]; // working memory: encrypt/decrypt in place here - unsigned blockSizeBytes; - int columns; - - #if AES_CONSISTENCY_CHECK - if (cipher == NULL || - key == NULL || - key->direction == DIR_ENCRYPT || - cipher->blockLen != key->blockLen) { - return BAD_CIPHER_STATE; - } - - /* check parameter consistency: */ - if (key == NULL || - key->direction != DIR_DECRYPT || - (key->keyLen != 128 && key->keyLen != 192 && key->keyLen != 256)) { - return BAD_KEY_MAT; - } - if (cipher == NULL || - (cipher->mode != MODE_ECB && cipher->mode != MODE_CBC) || - (cipher->blockLen != 128 && cipher->blockLen != 192 && cipher->blockLen != 256)) { - return BAD_CIPHER_STATE; - } - #endif /* AES_CONSISTENCY_CHECK */ - - blockSizeBytes = cipher->blockLen >> 3; /* was / 8; should just save in cipher */ - columns = cipher->blockLen >> 5; /* was / 32; ditto */ - - for (j = 0; j < columns; j++) { - for(t = 0; t < 4; t++) - /* parse input stream into rectangular array */ - block[t][j] = input[4*j+t]; - } - _rijndaelDecrypt (block, key->keyLen, cipher->blockLen, key->keySched); - for (j = 0; j < columns; j++) { - /* parse rectangular array into output ciphertext bytes */ - for(t = 0; t < 4; t++) - outBuffer[4*j+t] = (BYTE) block[t][j]; - } - - return cipher->blockLen; -} - diff --git a/SecurityTests/cspxutils/utilLib/rijndaelApi.h b/SecurityTests/cspxutils/utilLib/rijndaelApi.h deleted file mode 100644 index d9c2734f..00000000 --- a/SecurityTests/cspxutils/utilLib/rijndaelApi.h +++ /dev/null @@ -1,108 +0,0 @@ -/* - * rijndaelApi.h - AES API layer - * - * Based on rijndael-api-ref.h v2.0 written by Paulo Barreto - * and Vincent Rijmen - */ - -#ifndef _RIJNDAEL_API_REF_H_ -#define _RIJNDAEL_API_REF_H_ - -#include -#include "rijndael-alg-ref.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#define DIR_ENCRYPT 0 /* Are we encrpyting? */ -#define DIR_DECRYPT 1 /* Are we decrpyting? */ -#define MODE_ECB 1 /* Are we ciphering in ECB mode? */ -#define MODE_CBC 2 /* Are we ciphering in CBC mode? */ - -#define TRUE 1 -#define FALSE 0 - -/* Error Codes */ -#define BAD_KEY_DIR -1 /* Key direction is invalid, e.g., - unknown value */ -#define BAD_KEY_MAT -2 /* Key material not of correct - length */ -#define BAD_KEY_INSTANCE -3 /* Key passed is not valid */ -#define BAD_CIPHER_MODE -4 /* Params struct passed to - cipherInit invalid */ -#define BAD_CIPHER_STATE -5 /* Cipher in wrong state (e.g., not - initialized) */ -#define BAD_CIPHER_INSTANCE -7 - -#define MAX_AES_KEY_SIZE (MAX_AES_KEY_BITS / 8) -#define MAX_AES_BLOCK_SIZE (MAX_AES_BLOCK_BITS / 8) -#define MAX_AES_IV_SIZE MAX_AES_BLOCK_SIZE - -typedef unsigned char BYTE; - -/* The structure for key information */ -typedef struct { - BYTE direction; /* Key used for encrypting or decrypting? */ - int keyLen; /* Length of the key in bits */ - int blockLen; /* Length of block in bits */ - word8 keySched[MAXROUNDS+1][4][MAXBC]; /* key schedule */ - } keyInstance; - -/* The structure for cipher information */ -typedef struct { - BYTE mode; /* MODE_ECB, MODE_CBC, or MODE_CFB1 */ - word8 chainBlock[4][MAXBC]; - int blockLen; /* block length in bits */ - } cipherInstance; - - -int _makeKey( - keyInstance *key, - BYTE direction, - int keyLen, // in BITS - int blockLen, // in BITS - BYTE *keyMaterial); - -int _cipherInit( - cipherInstance *cipher, - BYTE mode, - int blockLen, // in BITS - BYTE *IV); - -int _blockEncrypt( - cipherInstance *cipher, - keyInstance *key, - BYTE *input, - int inputLen, // in BITS - BYTE *outBuffer); - -int _blockDecrypt( - cipherInstance *cipher, - keyInstance *key, - BYTE *input, - int inputLen, // in BITS - BYTE *outBuffer); - -/* - * Apple addenda 3/28/2001: simplified single-block encrypt/decrypt. - * Used when chaining and padding is done in elsewhere. - */ -int _rijndaelBlockEncrypt( - cipherInstance *cipher, - keyInstance *key, - BYTE *input, - BYTE *outBuffer); -int _rijndaelBlockDecrypt( - cipherInstance *cipher, - keyInstance *key, - BYTE *input, - BYTE *outBuffer); - -#ifdef __cplusplus -} -#endif // cplusplus - -#endif // RIJNDAEL_API_REF - - diff --git a/SecurityTests/cspxutils/utilLib/ssleayUtils.cpp b/SecurityTests/cspxutils/utilLib/ssleayUtils.cpp deleted file mode 100644 index 5b430b21..00000000 --- a/SecurityTests/cspxutils/utilLib/ssleayUtils.cpp +++ /dev/null @@ -1,266 +0,0 @@ -/* - * ssleayUtils.c - common routines for CDSA/openssl compatibility testing - */ - -#include -#include -#include -#include -#include -#include -#include "ssleayUtils.h" -#include -#include "common.h" - -/* - * Caller sees EAY_KEY, we see a pointer to this. - */ -typedef struct { - CSSM_ALGORITHMS alg; - union { - BF_KEY bf; // blowfish - CAST_KEY cast; - } key; -} EayKeyPriv; - -/* - * Create a symmetric key. - */ -CSSM_RETURN eayGenSymKey( - CSSM_ALGORITHMS alg, - CSSM_BOOL forEncr, - const CSSM_DATA *keyData, - EAY_KEY *key) // RETURNED -{ - EayKeyPriv *ekp = (EayKeyPriv *)malloc(sizeof(EayKeyPriv)); - memset(ekp, 0, sizeof(*ekp)); - switch(alg) { - case CSSM_ALGID_BLOWFISH: - BF_set_key(&ekp->key.bf, keyData->Length, keyData->Data); - break; - case CSSM_ALGID_CAST: // cast128 only - CAST_set_key(&ekp->key.cast, keyData->Length, keyData->Data); - break; - default: - printf("***eayGenSymKey: bad alg\n"); - return -1; - } - ekp->alg = alg; - *key = (EAY_KEY)ekp; - return CSSM_OK; -} - -/* - * Free a key created in eayGenSymKey - */ -CSSM_RETURN eayFreeKey( - EAY_KEY key) -{ - memset(key, 0, sizeof(EayKeyPriv)); - free(key); - return CSSM_OK; -} - -/* - * encrypt/decrypt - */ -CSSM_RETURN eayEncryptDecrypt( - EAY_KEY key, - CSSM_BOOL forEncrypt, - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE mode, // CSSM_ALGMODE_CBC ONLY! - const CSSM_DATA *iv, //Êoptional per mode - const CSSM_DATA *inData, - CSSM_DATA_PTR outData) // CSSM_MALLOCd and RETURNED -{ - EayKeyPriv *ekp = (EayKeyPriv *)key; - if((mode != CSSM_ALGMODE_CBC_IV8) && (mode != CSSM_ALGMODE_ECB)) { - printf("***eayEncryptDecrypt only does CBC_IV8, ECB\n"); - return -1; - } - - bool cbc = (mode == CSSM_ALGMODE_ECB) ? false : true; - - outData->Data = (uint8 *)CSSM_MALLOC(inData->Length); - outData->Length = inData->Length; - - /* BF_cbc_encrypt actually writes to IV */ - CSSM_DATA ivc = {0, NULL}; - if(cbc) { - ivc.Data = (uint8 *)malloc(iv->Length); - ivc.Length = iv->Length; - memmove(ivc.Data, iv->Data, ivc.Length); - } - switch(encrAlg) { - case CSSM_ALGID_BLOWFISH: - if(cbc) { - BF_cbc_encrypt(inData->Data, - outData->Data, - inData->Length, - &ekp->key.bf, - ivc.Data, - forEncrypt ? BF_ENCRYPT : BF_DECRYPT); - } - else { - CSSM_DATA intext = *inData; - CSSM_DATA outtext = *outData; - while(intext.Length) { - BF_ecb_encrypt(intext.Data, - outtext.Data, - &ekp->key.bf, - forEncrypt ? BF_ENCRYPT : BF_DECRYPT); - intext.Data += 8; - outtext.Data += 8; - intext.Length -= 8; - } - } - break; - case CSSM_ALGID_CAST: // cast128 only - CAST_cbc_encrypt(inData->Data, - outData->Data, - inData->Length, - &ekp->key.cast, - ivc.Data, - forEncrypt ? CAST_ENCRYPT : CAST_DECRYPT); - break; - default: - printf("***eayEncryptDecrypt: bad alg\n"); - return -1; - } - if(ivc.Data) { - free(ivc.Data); - } - return CSSM_OK; -} - -/*** EVP-based encrypt/decrypt ***/ - -int evpEncryptDecrypt( - CSSM_ALGORITHMS alg, // AES 128 only for now - CSSM_BOOL forEncr, - const CSSM_DATA *keyData, // may be larger than the key size we use - unsigned keyLengthInBits, - CSSM_ENCRYPT_MODE mode, // CSSM_ALGMODE_CBC_IV8, ECB, always padding - const CSSM_DATA *iv, // optional per mode - const CSSM_DATA *inData, - CSSM_DATA_PTR outData) // CSSM_MALLOCd and RETURNED -{ - EVP_CIPHER_CTX ctx; - const EVP_CIPHER *cipher; - unsigned blockSize; - unsigned outLen = inData->Length; - bool noPad = false; - - switch(alg) { - case CSSM_ALGID_AES: - switch(mode) { - case CSSM_ALGMODE_CBCPadIV8: - switch(keyLengthInBits) { - case 128: - cipher = EVP_aes_128_cbc(); - break; - case 192: - cipher = EVP_aes_192_cbc(); - break; - case 256: - cipher = EVP_aes_256_cbc(); - break; - default: - printf("***Bad AES key length (%u)\n", keyLengthInBits); - return -1; - } - break; - case CSSM_ALGMODE_ECB: - switch(keyLengthInBits) { - case 128: - cipher = EVP_aes_128_ecb(); - break; - case 192: - cipher = EVP_aes_192_ecb(); - break; - case 256: - cipher = EVP_aes_256_ecb(); - break; - default: - printf("***Bad AES key length (%u)\n", keyLengthInBits); - return -1; - } - noPad = true; - break; - default: - printf("***evpEncryptDecrypt only does CBC and ECB for now\n"); - return -1; - } - blockSize = 16; - break; - case CSSM_ALGID_DES: - switch(mode) { - case CSSM_ALGMODE_CBCPadIV8: - cipher = EVP_des_cbc(); - break; - case CSSM_ALGMODE_ECB: - cipher = EVP_des_ecb(); - noPad = true; - break; - default: - printf("***evpEncryptDecrypt only does CBC and ECB for now\n"); - return -1; - } - blockSize = 8; - break; - default: - printf("***evpEncryptDecrypt only does DES and AES 128 for now\n"); - return -1; - } - outLen += blockSize; - unsigned char *outp = (uint8 *)CSSM_MALLOC(outLen); - int outl = outLen; - outData->Data = outp; - - if(forEncr) { - int rtn = EVP_EncryptInit(&ctx, cipher, keyData->Data, iv ? iv->Data : NULL); - if(!rtn) { - printf("EVP_EncryptInit error\n"); - return -1; - } - if(noPad) { - EVP_CIPHER_CTX_set_padding(&ctx, 0); - } - if(!EVP_EncryptUpdate(&ctx, outp, &outl, inData->Data, inData->Length)) { - printf("EVP_EncryptUpdate error\n"); - return -1; - } - } - else { - int rtn = EVP_DecryptInit(&ctx, cipher, keyData->Data, iv ? iv->Data : NULL); - if(!rtn) { - printf("EVP_DecryptInit error\n"); - return -1; - } - if(noPad) { - EVP_CIPHER_CTX_set_padding(&ctx, 0); - } - - if(!EVP_DecryptUpdate(&ctx, outp, &outl, inData->Data, inData->Length)) { - printf("EVP_DecryptUpdate error\n"); - return -1; - } - } - outData->Length = outl; - outp += outl; - outl = outLen - outl; - if(forEncr) { - if(!EVP_EncryptFinal(&ctx, outp, &outl)) { - printf("EVP_EncryptFinal error\n"); - return -1; - } - } - else { - if(!EVP_DecryptFinal(&ctx, outp, &outl)) { - printf("EVP_DecryptFinal error\n"); - return -1; - } - } - outData->Length += outl; - return 0; -} diff --git a/SecurityTests/cspxutils/utilLib/ssleayUtils.h b/SecurityTests/cspxutils/utilLib/ssleayUtils.h deleted file mode 100644 index 9725a3d1..00000000 --- a/SecurityTests/cspxutils/utilLib/ssleayUtils.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * ssleayUtils.h - common routines for CDSA/openssl compatibility testing - */ - -/* - * Clients of this module do not need to know about or see anything from the - * libcrypt headers. - */ -#ifndef _SSLEAY_UTILS_H_ -#define _SSLEAY_UTILS_H_ -#include - -typedef void *EAY_KEY; - -/* - * Create a symmetric key. - */ -CSSM_RETURN eayGenSymKey( - CSSM_ALGORITHMS alg, - CSSM_BOOL forEncr, - const CSSM_DATA *keyData, - EAY_KEY *key); // RETURNED - -/* - * Free a key created in eayGenSymKey - */ -CSSM_RETURN eayFreeKey( - EAY_KEY key); - -/* - * encrypt/decrypt - */ -CSSM_RETURN eayEncryptDecrypt( - EAY_KEY key, - CSSM_BOOL forEncrypt, - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE mode, // CSSM_ALGMODE_CBC ONLY! - const CSSM_DATA *iv, //Êoptional per mode - const CSSM_DATA *inData, - CSSM_DATA_PTR outData); // mallocd and RETURNED - -/*** EVP-based encrypt/decrypt ***/ - -int evpEncryptDecrypt( - CSSM_ALGORITHMS alg, // AES 128 only for now - CSSM_BOOL forEncr, - const CSSM_DATA *keyData, // may be larger than the key size we use - unsigned keyLengthInBits, - CSSM_ENCRYPT_MODE mode, // CSSM_ALGMODE_CBC_IV8, ECB, always padding - const CSSM_DATA *iv, // optional per mode - const CSSM_DATA *inData, - CSSM_DATA_PTR outData); // CSSM_MALLOCd and RETURNED - -#endif /* _EAY_UTILS_H_ */ diff --git a/SecurityTests/cspxutils/utilLib/t_stdlib.c b/SecurityTests/cspxutils/utilLib/t_stdlib.c deleted file mode 100644 index 8fac2df9..00000000 --- a/SecurityTests/cspxutils/utilLib/t_stdlib.c +++ /dev/null @@ -1,59 +0,0 @@ -#include -#include -#include -//#include - -#define POINTER void * -#define NULL_PTR NULL - -void T_free(POINTER block) -{ - if (block != NULL_PTR) { - free(block); - } -} - -POINTER T_malloc(unsigned int len) -{ - return (POINTER) malloc(len ? len : 1); -} - -/* these are not needed - they are in system.c in security_bsafe */ -#if 0 -int T_memcmp(POINTER firstBlock, POINTER secondBlock, unsigned int len) -{ - if (len == 0) { - return 0; - } - return memcmp(firstBlock, secondBlock, len); -} - -void T_memcpy(POINTER output, POINTER input, unsigned int len) -{ - if (len != 0) { - memcpy(output, input, len); - } -} - -void T_memmove(POINTER output, POINTER input, unsigned int len) -{ - if (len != 0) { - memmove(output, input, len); - } -} - -void T_memset(POINTER output, int value, unsigned int len) -{ - if (len != 0) { - memset(output, value, len); - } -} -#endif - -POINTER T_realloc(POINTER block, unsigned int len) -{ - if (block == NULL_PTR) - return (POINTER) malloc(len ? len : 1); - - return (POINTER)realloc(block, len); -} diff --git a/SecurityTests/cspxutils/wrap/Makefile b/SecurityTests/cspxutils/wrap/Makefile deleted file mode 100644 index 92ec8d5d..00000000 --- a/SecurityTests/cspxutils/wrap/Makefile +++ /dev/null @@ -1,55 +0,0 @@ -# name of executable to build -EXECUTABLE=wrap -# C++ source (with .cpp extension) -CPSOURCE= -# C source (.c extension) -CSOURCE= wrap.c - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -#PROJ_LDFLAGS= -lMallocDebug -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/cspxutils/wrap/wrap.c b/SecurityTests/cspxutils/wrap/wrap.c deleted file mode 100644 index 7052a4c6..00000000 --- a/SecurityTests/cspxutils/wrap/wrap.c +++ /dev/null @@ -1,249 +0,0 @@ -/* - * encypt/decrypt using wrapped key - */ - -#include -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include -#include - -static void usage(char **argv) -{ - printf("Usage: \n"); - printf(" %s w keyFile passPhrase1 passPhrase2 textToEncrypt textFile\n", argv[0]); - printf(" %s u keyFile passPhrase1 textFile\n", argv[0]); - exit(1); -} - -char *iv = (char *)"someInit"; -char *salt = (char *)"some20bytesOfGrainySalt"; - -char *wrapLabel = (char *)"wrapLabel"; -char *encrLabel = (char *)"encrLabel"; - -#define IV_LEN 8 -#define SALT_LEN 20 -#define ITER_COUNT 1000 -#define WRAPPING_KEY_ALG CSSM_ALGID_3DES_3KEY -#define WRAPPING_ALG CSSM_ALGID_3DES_3KEY_EDE -#define WRAPPING_KEY_SIZE 192 -#define ENCRYPTING_KEY_ALG CSSM_ALGID_3DES_3KEY -#define ENCRYPTING_ALG CSSM_ALGID_3DES_3KEY_EDE -#define ENCRYPTING_KEY_SIZE 192 - -int main(int argc, char **argv) -{ - int doWrap = 0; - CSSM_RETURN crtn; - CSSM_CSP_HANDLE cspHand; - CSSM_KEY_PTR wrappingKey; - CSSM_DATA saltData = {SALT_LEN, (uint8 *)salt}; - CSSM_DATA ivData = {IV_LEN, (uint8 *)iv}; - CSSM_DATA phraseData; - unsigned char *keyFileData; - unsigned keyFileLen; - unsigned char *textFileData; - unsigned textFileLen; - CSSM_DATA ptext; - CSSM_DATA ctext; - CSSM_KEY wrappedKey; - unsigned i; - - if(argc < 2) { - usage(argv); - } - switch(argv[1][0]) { - case 'w': - doWrap = 1; - if(argc != 7) { - usage(argv); - } - break; - case 'u': - doWrap = 0; - if(argc != 5) { - usage(argv); - } - break; - default: - usage(argv); - } - cspHand = cspDlDbStartup(CSSM_TRUE, NULL); - if(cspHand == 0) { - exit(1); - } - - /* passphrase1 ==> wrappingKey */ - phraseData.Data = (uint8 *)argv[3]; - phraseData.Length = strlen(argv[3]); - wrappingKey = cspDeriveKey(cspHand, - CSSM_ALGID_PKCS5_PBKDF2, - WRAPPING_KEY_ALG, - wrapLabel, - strlen(wrapLabel), - CSSM_KEYUSE_ANY, - WRAPPING_KEY_SIZE, - CSSM_TRUE, // ref key - &phraseData, - &saltData, - ITER_COUNT, - &ivData); - if(wrappingKey == NULL) { - printf("Error creating key from \'%s\'\n", argv[3]); - exit(1); - } - - if(doWrap) { - /* passphrase2 ==> encrKey */ - CSSM_KEY_PTR encrKey; - phraseData.Data = (uint8 *)argv[4]; - phraseData.Length = strlen(argv[4]); - encrKey = cspDeriveKey(cspHand, - CSSM_ALGID_PKCS5_PBKDF2, - ENCRYPTING_KEY_ALG, - encrLabel, - strlen(encrLabel), - CSSM_KEYUSE_ANY, - ENCRYPTING_KEY_SIZE, - CSSM_TRUE, // ref key - &phraseData, - &saltData, - ITER_COUNT, - &ivData); - if(encrKey == NULL) { - printf("Error creating key from \'%s\'\n", argv[4]); - exit(1); - } - - /* encrypt textToEncrypt, write it to textFile */ - ptext.Data = (uint8 *)argv[5]; - ptext.Length = strlen(argv[5]); - ctext.Data = NULL; - ctext.Length = 0; - crtn = cspEncrypt(cspHand, - CSSM_ALGID_3DES_3KEY_EDE, - CSSM_ALGMODE_CBCPadIV8, - CSSM_PADDING_PKCS5, - encrKey, - NULL, - 0, - 0, - &ivData, - &ptext, - &ctext, - CSSM_FALSE); - if(crtn) { - printf("Error encrypting.\n"); - exit(1); - } - if(writeFile(argv[6], ctext.Data, ctext.Length)) { - printf("Error writing to %s\n", argv[6]); - exit(1); - } - - /* now wrap encrKey with wrappingKey and write the wrapped blob */ - crtn = cspWrapKey(cspHand, - encrKey, - wrappingKey, - WRAPPING_ALG, - CSSM_ALGMODE_CBCPadIV8, - CSSM_KEYBLOB_WRAPPED_FORMAT_NONE, - CSSM_PADDING_PKCS5, - &ivData, - NULL, - &wrappedKey); - if(crtn) { - exit(1); - } - if(writeFile(argv[2], wrappedKey.KeyData.Data, wrappedKey.KeyData.Length)) { - printf("error writing to %s\n", argv[2]); - exit(1); - } - printf("...wrote %lu bytes of encrypted text to %s\n", - ctext.Length, argv[6]); - printf("...wrote %lu bytes of wrapped key data to %s\n", - wrappedKey.KeyData.Length, argv[2]); - } - else { - /* read in encrypted text and wrapped key blob */ - CSSM_KEY decrKey; - CSSM_DATA outDescData2 = {0, NULL}; - - if(readFile(argv[2], &keyFileData, &keyFileLen)) { - printf("Error reading %s\n", argv[2]); - } - if(readFile(argv[4], &textFileData, &textFileLen)) { - printf("Error reading %s\n", argv[2]); - } - - /* cook up a reasonable "wrapped key" */ - memset(&wrappedKey, 0, sizeof(CSSM_KEY)); - wrappedKey.KeyHeader.HeaderVersion = CSSM_KEYHEADER_VERSION; - wrappedKey.KeyHeader.BlobType = CSSM_KEYBLOB_WRAPPED; - wrappedKey.KeyHeader.Format = CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM; - wrappedKey.KeyHeader.AlgorithmId = CSSM_ALGID_3DES_3KEY; - wrappedKey.KeyHeader.KeyClass = CSSM_KEYCLASS_SESSION_KEY; - wrappedKey.KeyHeader.LogicalKeySizeInBits = ENCRYPTING_KEY_SIZE; - wrappedKey.KeyHeader.KeyAttr = CSSM_KEYATTR_EXTRACTABLE; - wrappedKey.KeyHeader.KeyUsage = CSSM_KEYUSE_ANY; - wrappedKey.KeyHeader.WrapAlgorithmId = WRAPPING_ALG; - wrappedKey.KeyHeader.WrapMode = CSSM_ALGMODE_CBCPadIV8; - wrappedKey.KeyData.Data = keyFileData; - wrappedKey.KeyData.Length = keyFileLen; - - /* unwrap the key to get decrypting key */ - crtn = cspUnwrapKey(cspHand, - &wrappedKey, - wrappingKey, - WRAPPING_ALG, - CSSM_ALGMODE_CBCPadIV8, - CSSM_PADDING_PKCS5, - &ivData, - &decrKey, - &outDescData2, - encrLabel, - strlen(encrLabel)); - if(crtn) { - printf("Error on unwrap.\n"); - exit(1); - } - - /* decrypt the text file and print its result */ - ctext.Data = textFileData; - ctext.Length = textFileLen; - ptext.Data = NULL; - ptext.Length = 0; - crtn = cspDecrypt(cspHand, - CSSM_ALGID_3DES_3KEY_EDE, - CSSM_ALGMODE_CBCPadIV8, - CSSM_PADDING_PKCS5, - &decrKey, - NULL, - 0, - 0, - &ivData, - &ctext, - &ptext, - CSSM_FALSE); - if(crtn) { - printf("Error on decrypt.\n"); - exit(1); - } - printf("...original text: "); - for(i=0; i -#include -#include -#include -#include -#include "cspwrap.h" -#include "common.h" -#include "cspdlTesting.h" - -/* - * Currently the CSP can use wrapping keys flagged exclusively for wrapping - * (CSSM_KEYUSE_{WRAP,UNWRAP} for the actual wrap sinceÊthe wrp/unwrap op is - * done with an encrypt/decrypt op. The WrapKey op doesn't even see the - * wrapping key - it's in the context we pass it. Thus for now wrap/unwrap - * keys have to be marked with CSSM_KEYUSE_ANY. - */ -#define WRAP_USAGE_ANY 0 - -/* - * When false, the CMS wrap algorithm can't deal with RSA encryption - we - * have to encrypt something twice with the same key. An impossibility with - * BSAFE-based RSA encryption because the output of the first encrypt is - * the size of the key modulus, and you can't encrypt something that big - * with that key. - * This is not a limitation with openssl-based RSA. - */ -#define WRAP_WITH_RSA 1 - -/* - * When false, can't wrap with RC4 because the RC4 context is stateful - * but doesn't get reinit'd for the second CMS encrypt. - */ -#define WRAP_WITH_RC4 1 - -/* - * Temporary hack to use CSSM_KEYBLOB_WRAPPED_FORMAT_{PKCS7,PKCS8}, which - * are no longer supported as of 7/28/00 - */ -#define PKCS7_FORMAT_ENABLE 1 // for wrapping symmetric keys -#define PKCS8_FORMAT_ENABLE 1 // for wrapping private keys - - -#define ENCR_LABEL "encrKey" -#define ENCR_LABEL_LEN (strlen(ENCR_LABEL)) -#define WRAP_LABEL "wrapKey" -#define WRAP_LABEL_LEN (strlen(WRAP_LABEL)) -#define LOOPS_DEF 10 -#define MAX_PTEXT_SIZE 100 -#define LOOP_PAUSE 100 -#define MAX_DESC_DATA_SIZE 16 - -/* - * Enumerate algorithms our way to allow loop interations. - */ -typedef unsigned PrivAlg; -enum { - ALG_DES = 1, - ALG_3DES, - ALG_RC2, - ALG_RC4, - ALG_RSA, - ALG_NULL, - ALG_FEEDEXP, - ALG_ASC, - ALG_AES -}; - -#define ALG_MIN ALG_DES -#define ALG_MAX_WRAP ALG_AES -#define ALG_MAX_ENCR ALG_AES - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf(" Options:\n"); - printf(" w=wrapAlg (d=DES, 3=3DES, f=FEEDEXP, r=RSA, A=ASC, 4=RC4, " - "a=AES, n=null)\n"); - printf(" e=encrAlg (d=DES, 3=3DES, f=FEEDEXP, r=RSA, A=ASC, 4=RC4, " - "a=AES)\n"); - printf(" l=loops (default=%d; 0=forever)\n", LOOPS_DEF); - printf(" r (ref keys only)\n"); - printf(" p(ause every loop)\n"); - printf(" D (CSP/DL; default = bare CSP)\n"); - printf(" v(erbose)\n"); - printf(" k (quick; small keys)\n"); - printf(" h(elp)\n"); - exit(1); -} - -/* wrapped format to string */ -static const char *formatString(CSSM_KEYBLOB_FORMAT format) -{ - static char noform[100]; - - switch(format) { - case CSSM_KEYBLOB_WRAPPED_FORMAT_NONE: - return "NONE (default)"; - case CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7: - return "PKCS7"; - case CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8: - return "PKCS8"; - case CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM: - return "APPLE_CUSTOM"; - default: - sprintf(noform, "***UNKNOWN (%u)***", (unsigned)format); - return noform; - } -} - -static int vfyWrapHeader( - const CSSM_KEYHEADER *srcHdr, - const CSSM_KEYHEADER *dstHdr, - CSSM_KEYBLOB_TYPE expectBlob, - const char *op, - CSSM_BOOL bareCsp, - int quiet) -{ - if(dstHdr->BlobType != expectBlob) { - printf("***%s.BlobType error: expect %u got %u\n", - op, (unsigned)expectBlob, (unsigned)dstHdr->BlobType); - if(testError(quiet)) { - return 1; - } - } - if(srcHdr->KeyClass != dstHdr->KeyClass) { - printf("***%s.KeyClass error: expect %u got %u\n", - op, (unsigned)srcHdr->KeyClass, (unsigned)dstHdr->KeyClass); - if(testError(quiet)) { - return 1; - } - } - if(srcHdr->AlgorithmId != dstHdr->AlgorithmId) { - printf("***%s.AlgorithmId error: expect %u got %u\n", - op, (unsigned)srcHdr->AlgorithmId, (unsigned)dstHdr->AlgorithmId); - if(testError(quiet)) { - return 1; - } - } - if(srcHdr->KeyUsage != dstHdr->KeyUsage) { - printf("***%s.KeyUsage error: expect 0x%x got 0x%x\n", - op, (unsigned)srcHdr->KeyUsage, (unsigned)dstHdr->KeyUsage); - if(testError(quiet)) { - return 1; - } - } - if(bareCsp) { - /* GUIDs must match */ - if(memcmp(&srcHdr->CspId, &dstHdr->CspId, sizeof(CSSM_GUID))) { - printf("***%s.CspId mismatch\n", op); - if(testError(quiet)) { - return 1; - } - } - } - else { - /* CSPDL - GUIDs do NOT match - ref keys are in the CSPDL's domain; - * wrapped keys are in the bare CSP's domain. */ - if(!memcmp(&srcHdr->CspId, &dstHdr->CspId, sizeof(CSSM_GUID))) { - printf("***Unexpected %s.CspId compare\n", op); - if(testError(quiet)) { - return 1; - } - } - } - return 0; -} - -#define UNWRAPPED_LABEL "unwrapped thing" -#define SHOW_WRAP_FORMAT 0 - -/* not all algs need this */ -CSSM_DATA initVector = {16, (uint8 *)"SomeReallyStrangeInitVect"}; - -static int doTest(CSSM_CSP_HANDLE cspHand, - CSSM_KEY_PTR encrKey, - CSSM_BOOL wrapEncrKey, // wrap encrKey before using - CSSM_KEY_PTR decrKey, // we wrap this one - CSSM_KEY_PTR wrappingKey, // ...using this key - CSSM_KEY_PTR unwrappingKey, - CSSM_ALGORITHMS wrapAlg, - CSSM_ENCRYPT_MODE wrapMode, - CSSM_KEYBLOB_FORMAT wrapFormat, // NONE, PKCS7, PKCS8, APPLE_CUSTOM - CSSM_KEYBLOB_FORMAT expectFormat, // PKCS7, PKCS8, APPLE_CUSTOM - CSSM_PADDING wrapPad, - uint32 wrapIvSize, - CSSM_ALGORITHMS encrAlg, - CSSM_ENCRYPT_MODE encrMode, - CSSM_PADDING encrPad, - uint32 encrIvSize, - uint32 effectiveKeySizeInBits, // for encr/decr - 0 means none specified - CSSM_DATA_PTR ptext, - CSSM_DATA_PTR descData, - CSSM_BOOL quiet, - CSSM_BOOL bareCsp) -{ - CSSM_DATA ctext; - CSSM_DATA rptext; - CSSM_KEY wrappedDecrKey; - CSSM_KEY unwrappedDecrKey; - CSSM_KEY wrappedEncrKey; - CSSM_RETURN crtn; - CSSM_KEY_PTR actualEncrKey; - uint32 maxPtextSize = MAX_PTEXT_SIZE; - CSSM_DATA outDescData1 = {0, NULL}; // for encr key - CSSM_DATA outDescData2 = {0, NULL}; // for decr key, must match descData - CSSM_DATA nullInitVect = {0, NULL}; // for custom unwrap - CSSM_DATA_PTR wrapIvp; - CSSM_DATA_PTR encrIvp; - - /* Hack to deal with RSA's max encrypt size */ - #if 0 - /* no more */ - if(encrAlg == CSSM_ALGID_RSA) { - uint32 keySizeBytes = encrKey->KeyHeader.LogicalKeySizeInBits / 8; - maxPtextSize = keySizeBytes - 11; - if(maxPtextSize > MAX_PTEXT_SIZE) { - maxPtextSize = MAX_PTEXT_SIZE; - } - } - else { - maxPtextSize = MAX_PTEXT_SIZE; - } - #endif - simpleGenData(ptext, 1, maxPtextSize); - - /* - * Optionaly wrap/unwrap encrKey. If encrKey is a ref key, do a - * NULL wrap. If encrKey is a raw key, do a NULL unwrap. - */ - if(wrapEncrKey) { - CSSM_KEYBLOB_TYPE expectBlob; - - if(encrKey->KeyHeader.BlobType == CSSM_KEYBLOB_REFERENCE) { - crtn = cspWrapKey(cspHand, - encrKey, - NULL, // wrappingKey - CSSM_ALGID_NONE, - CSSM_ALGMODE_NONE, - wrapFormat, - CSSM_PADDING_NONE, - NULL, // iv - descData, - &wrappedEncrKey); - expectBlob = CSSM_KEYBLOB_RAW; - } - else { - crtn = cspUnwrapKey(cspHand, - encrKey, - NULL, // unwrappingKey - CSSM_ALGID_NONE, - CSSM_ALGMODE_NONE, - CSSM_PADDING_NONE, - NULL, // iv - &wrappedEncrKey, - &outDescData1, - WRAP_LABEL, - WRAP_LABEL_LEN); - expectBlob = CSSM_KEYBLOB_REFERENCE; - } - if(crtn) { - return testError(quiet); - } - if(vfyWrapHeader(&encrKey->KeyHeader, - &wrappedEncrKey.KeyHeader, - expectBlob, - "wrappedEncrKey", - bareCsp, - quiet)) { - return 1; - } - actualEncrKey = &wrappedEncrKey; - } - else { - actualEncrKey = encrKey; - } - /* encrypt using actualEncrKey ==> ctext */ - ctext.Data = NULL; - ctext.Length = 0; - if(encrIvSize) { - initVector.Length = encrIvSize; - encrIvp = &initVector; - } - else { - encrIvp = NULL; - } - crtn = cspEncrypt(cspHand, - encrAlg, - encrMode, - encrPad, - actualEncrKey, - NULL, // no 2nd key - effectiveKeySizeInBits, - 0, // rounds - encrIvp, - ptext, - &ctext, - CSSM_TRUE); // mallocCtext - if(crtn) { - return testError(quiet); - } - /* wrap decrKey using wrappingKey ==> wrappedDecrKey */ - /* Note that APPLE_CUSTOM wrap alg REQUIRES an 8-byte IV */ - if(expectFormat == CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM) { - initVector.Length = 8; - } - else { - initVector.Length = wrapIvSize; - } - crtn = cspWrapKey(cspHand, - decrKey, - wrappingKey, - wrapAlg, - wrapMode, - wrapFormat, - wrapPad, - &initVector, - descData, - &wrappedDecrKey); - if(crtn) { - return testError(quiet); - } - if(wrapAlg != CSSM_ALGID_NONE) { - if(wrappedDecrKey.KeyHeader.Format != expectFormat) { - printf("***Wrap format mismatch expect %s got %s\n", - formatString(wrappedDecrKey.KeyHeader.Format), - formatString(expectFormat)); - if(testError(quiet)) { - return 1; - } - } - } - - if(vfyWrapHeader(&decrKey->KeyHeader, - &wrappedDecrKey.KeyHeader, - (wrapAlg == CSSM_ALGID_NONE) ? CSSM_KEYBLOB_RAW : CSSM_KEYBLOB_WRAPPED, - "wrappedDecrKey", - bareCsp, - quiet)) { - return 1; - } - - if(wrappedDecrKey.KeyHeader.Format == CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM) { - /* special case - no IV needed - test it */ - wrapIvp = &nullInitVect; - } - else { - wrapIvp = &initVector; - initVector.Length = wrapIvSize; - } - - /* unwrap wrappedDecrKey using unwrappingKey ==> unwrappedDecrKey; */ - crtn = cspUnwrapKey(cspHand, - &wrappedDecrKey, - unwrappingKey, - wrapAlg, - wrapMode, - wrapPad, - wrapIvp, - &unwrappedDecrKey, - &outDescData2, - "unwrapped thing", - 15); - if(crtn) { - return testError(quiet); - } - - if(vfyWrapHeader(&wrappedDecrKey.KeyHeader, - &unwrappedDecrKey.KeyHeader, - CSSM_KEYBLOB_REFERENCE, - "unwrappedDecrKey", - bareCsp, - quiet)) { - return 1; - } - - /* compare descData to outDescData2 */ - if(descData) { - if(descData->Length != outDescData2.Length) { - printf("descData length mismatch\n"); - if(testError(quiet)) { - return 1; - } - } - if(memcmp(descData->Data, outDescData2.Data, outDescData2.Length)) { - printf("***descDatadata miscompare\n"); - if(testError(quiet)) { - return 1; - } - } - } - - /* decrypt ctext with unwrappedDecrKey ==> rptext; */ - rptext.Data = NULL; - rptext.Length = 0; - if(encrIvSize) { - initVector.Length = encrIvSize; - } - crtn = cspDecrypt(cspHand, - encrAlg, - encrMode, - encrPad, - &unwrappedDecrKey, - NULL, // no 2nd key - effectiveKeySizeInBits, - 0, // rounds - &initVector, - &ctext, - &rptext, - CSSM_TRUE); - if(crtn) { - return testError(quiet); - } - /* compare ptext vs. rptext; */ - if(ptext->Length != rptext.Length) { - printf("ptext length mismatch\n"); - return testError(quiet); - } - if(memcmp(ptext->Data, rptext.Data, ptext->Length)) { - printf("***data miscompare\n"); - return testError(quiet); - } - /* free resources */ - cspFreeKey(cspHand, &wrappedDecrKey); - cspFreeKey(cspHand, &unwrappedDecrKey); - if(wrapEncrKey) { - cspFreeKey(cspHand, actualEncrKey); - } - CSSM_FREE(ctext.Data); - CSSM_FREE(rptext.Data); - if(outDescData2.Data != NULL) { - CSSM_FREE(outDescData2.Data); - } - if(outDescData1.Data != NULL) { - CSSM_FREE(outDescData1.Data); - } - return 0; -} - -/* - * values associated with a private algorithm (e.g., ALG_DES). - */ -typedef enum { - WT_Symmetric, - WT_Asymmetric, - WT_Null -} wrapType; - -typedef struct { - uint32 keyGenAlg; - wrapType wtype; - CSSM_ALGORITHMS encrAlg; - CSSM_ENCRYPT_MODE encrMode; - CSSM_PADDING encrPad; - uint32 ivSize; // in bytes; 0 means no IV - const char *algName; -} AlgInfo; - -/* - * Convert our private alg to CDSA keygen alg, encr alg, encr mode, pad - */ -static void getAlgInfo(PrivAlg privAlg, // e.g., ALG_DES - AlgInfo *algInfo) -{ - switch(privAlg) { - case ALG_DES: - algInfo->keyGenAlg = CSSM_ALGID_DES; - algInfo->wtype = WT_Symmetric; - algInfo->encrAlg = CSSM_ALGID_DES; - algInfo->encrMode = CSSM_ALGMODE_CBCPadIV8; - algInfo->encrPad = CSSM_PADDING_PKCS5; - algInfo->ivSize = 8; - algInfo->algName = "DES"; - break; - case ALG_3DES: - algInfo->keyGenAlg = CSSM_ALGID_3DES_3KEY; - algInfo->wtype = WT_Symmetric; - algInfo->encrAlg = CSSM_ALGID_3DES_3KEY_EDE; - algInfo->encrMode = CSSM_ALGMODE_CBCPadIV8; - algInfo->encrPad = CSSM_PADDING_PKCS5; - algInfo->ivSize = 8; - algInfo->algName = "3DES"; - break; - case ALG_FEEDEXP: - algInfo->keyGenAlg = CSSM_ALGID_FEE; - algInfo->wtype = WT_Asymmetric; - algInfo->encrAlg = CSSM_ALGID_FEEDEXP; - algInfo->encrMode = CSSM_ALGMODE_NONE; - algInfo->encrPad = CSSM_PADDING_NONE; - algInfo->ivSize = 0; - algInfo->algName = "FEEDEXP"; - break; - case ALG_RSA: - algInfo->keyGenAlg = CSSM_ALGID_RSA; - algInfo->wtype = WT_Asymmetric; - algInfo->encrAlg = CSSM_ALGID_RSA; - algInfo->encrMode = CSSM_ALGMODE_NONE; - algInfo->encrPad = CSSM_PADDING_PKCS1; - algInfo->ivSize = 0; - algInfo->algName = "RSA"; - break; - case ALG_ASC: - algInfo->keyGenAlg = CSSM_ALGID_ASC; - algInfo->wtype = WT_Symmetric; - algInfo->encrAlg = CSSM_ALGID_ASC; - algInfo->encrMode = CSSM_ALGMODE_NONE; - algInfo->encrPad = CSSM_PADDING_NONE; - algInfo->ivSize = 0; - algInfo->algName = "ASC"; - break; - case ALG_RC2: - algInfo->keyGenAlg = CSSM_ALGID_RC2; - algInfo->wtype = WT_Symmetric; - algInfo->encrAlg = CSSM_ALGID_RC2; - algInfo->encrMode = CSSM_ALGMODE_CBCPadIV8; - algInfo->encrPad = CSSM_PADDING_PKCS5; - algInfo->ivSize = 8; - algInfo->algName = "RC2"; - break; - case ALG_RC4: - algInfo->keyGenAlg = CSSM_ALGID_RC4; - algInfo->wtype = WT_Symmetric; - algInfo->encrAlg = CSSM_ALGID_RC4; - algInfo->encrMode = CSSM_ALGMODE_CBCPadIV8; - algInfo->encrPad = CSSM_PADDING_PKCS5; - algInfo->ivSize = 0; - algInfo->algName = "RC4"; - break; - case ALG_NULL: - algInfo->keyGenAlg = CSSM_ALGID_NONE; - algInfo->wtype = WT_Null; - algInfo->encrAlg = CSSM_ALGID_NONE; - algInfo->encrMode = CSSM_ALGMODE_NONE; - algInfo->encrPad = CSSM_PADDING_NONE; - algInfo->ivSize = 0; - algInfo->algName = "Null"; - break; - case ALG_AES: - algInfo->keyGenAlg = CSSM_ALGID_AES; - algInfo->wtype = WT_Symmetric; - algInfo->encrAlg = CSSM_ALGID_AES; - algInfo->encrMode = CSSM_ALGMODE_CBCPadIV8; - algInfo->encrPad = CSSM_PADDING_PKCS7; - algInfo->ivSize = 16; - algInfo->algName = "AES"; - break; - default: - printf("Bogus privAlg\n"); - exit(1); - } - return; -} - -/* argv letter to private alg */ -static PrivAlg letterToAlg(char **argv, char letter) -{ - switch(letter) { - case 'd': return ALG_DES; - case '3': return ALG_3DES; - case 'f': return ALG_FEEDEXP; - case 'r': return ALG_RSA; - case 'A': return ALG_ASC; - case '4': return ALG_RC4; - case 'a': return ALG_AES; - default: - usage(argv); - return 0; - } -} - -/* - * Null wrapping of symmetric keys now allowed - */ -#define SYMM_NULL_WRAP_ENABLE 1 - -/* indices into algInfo[] */ -#define AI_WRAP 0 -#define AI_ENCR 1 - -int main(int argc, char **argv) -{ - int arg; - char *argp; - unsigned loop; - CSSM_CSP_HANDLE cspHand; - CSSM_RETURN crtn; - CSSM_DATA ptext; - uint32 encrKeySizeBits; // well aligned - uint32 wrapKeySizeBits; - uint32 effectiveKeySizeInBits; // for encr, may be odd - int rtn = 0; - uint32 maxRsaKeySize = 1024; - uint32 maxFeeKeySize = 192; - CSSM_KEYBLOB_FORMAT wrapFormat; // NONE, PKCS7, PKCS8, APPLE_CUSTOM - CSSM_KEYBLOB_FORMAT expectFormat; // PKCS7, PKCS8, APPLE_CUSTOM - CSSM_DATA descData = {0, NULL}; - CSSM_DATA_PTR descDataP; - - /* - * key pointers passed to doTest() - for symmetric algs, the pairs - * might point to the same key - */ - CSSM_KEY_PTR encrKeyPtr; - CSSM_KEY_PTR decrKeyPtr; - CSSM_KEY_PTR wrapKeyPtr; - CSSM_KEY_PTR unwrapKeyPtr; - - /* persistent asymmetric keys - symm keys are dynamically allocated */ - CSSM_KEY pubEncrKey; - CSSM_KEY privEncrKey; - CSSM_KEY pubWrapKey; - CSSM_KEY privWrapKey; - - /* we iterate these values thru all possible algs */ - PrivAlg privEncrAlg; // ALG_xxx - PrivAlg privWrapAlg; - - /* two AlgInfo which contain everything we need to know per alg */ - AlgInfo algInfo[2]; - AlgInfo *encrInfo; - AlgInfo *wrapInfo; - CSSM_BOOL wrapEncrKey = CSSM_FALSE; // varies loop-to-loop - CSSM_BOOL encrKeyIsRef = CSSM_TRUE; // ditto - - CSSM_BOOL genSeed; // for FEE key gen - int i; - - /* user-specified vars */ - unsigned loops = LOOPS_DEF; - CSSM_BOOL pause = CSSM_FALSE; - CSSM_BOOL verbose = CSSM_FALSE; - PrivAlg minWrapAlg = ALG_MIN; - PrivAlg maxWrapAlg = ALG_MAX_WRAP; - PrivAlg minEncrAlg = ALG_MIN; - PrivAlg maxEncrAlg = ALG_MAX_ENCR; - CSSM_BOOL quick = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_BOOL bareCsp = CSSM_TRUE; - CSSM_BOOL refKeysOnly = CSSM_FALSE; - - for(arg=1; argkeyGenAlg, OT_Encrypt); - if(!refKeysOnly) { - encrKeyIsRef = (loop & 2) ? CSSM_TRUE : CSSM_FALSE; - } - - switch(encrInfo->wtype) { - case WT_Symmetric: - /* round up to even byte */ - encrKeySizeBits = (effectiveKeySizeInBits + 7) & ~7; - if(encrKeySizeBits == effectiveKeySizeInBits) { - effectiveKeySizeInBits = 0; - } - encrKeyPtr = decrKeyPtr = cspGenSymKey(cspHand, - encrInfo->keyGenAlg, - ENCR_LABEL, - ENCR_LABEL_LEN, - CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, - encrKeySizeBits, - encrKeyIsRef); - if(encrKeyPtr == NULL) { - rtn = 1; - goto testDone; - } - #if SYMM_NULL_WRAP_ENABLE - /* wrapEncrKey every other loop */ - if(!refKeysOnly) { - wrapEncrKey = (loop & 1) ? CSSM_TRUE : CSSM_FALSE; - } - #else - wrapEncrKey = CSSM_FALSE; - #endif /* SYMM_NULL_WRAP_ENABLE */ - break; - case WT_Asymmetric: - /* handle alg-specific cases */ - genSeed = CSSM_FALSE; - switch(privEncrAlg) { - case ALG_RSA: - if(effectiveKeySizeInBits > maxRsaKeySize) { - effectiveKeySizeInBits = maxRsaKeySize; - } - break; - case ALG_FEEDEXP: - if(effectiveKeySizeInBits > maxFeeKeySize) { - effectiveKeySizeInBits = maxFeeKeySize; - } - if(loop & 4) { - genSeed = CSSM_TRUE; - } - break; - default: - break; - } - encrKeySizeBits = effectiveKeySizeInBits; - effectiveKeySizeInBits = 0; // i.e., not specified - crtn = cspGenKeyPair(cspHand, - encrInfo->keyGenAlg, - ENCR_LABEL, - ENCR_LABEL_LEN, - encrKeySizeBits, - &pubEncrKey, - encrKeyIsRef, // pubIsRef - CSSM_KEYUSE_ENCRYPT, - CSSM_KEYBLOB_RAW_FORMAT_NONE, - &privEncrKey, - CSSM_TRUE, // privIsRef - CSSM_KEYUSE_DECRYPT, - CSSM_KEYBLOB_RAW_FORMAT_NONE, - genSeed); - if(crtn) { - rtn = testError(quiet); - goto testDone; - } - encrKeyPtr = &pubEncrKey; - decrKeyPtr = &privEncrKey; - /* wrapEncrKey every other loop */ - if(!refKeysOnly) { - wrapEncrKey = (loop & 1) ? CSSM_TRUE : CSSM_FALSE; - } - break; - case WT_Null: - printf("***BRRZAP: can't do null encrypt\n"); - goto testDone; - } - if(verbose) { - printf(" ...encrAlg %s wrapEncrKey %d encrKeyIsRef %d size %u " - "bits effectSize %u\n", - encrInfo->algName, (int)wrapEncrKey, (int)encrKeyIsRef, - (unsigned)encrKeySizeBits, (unsigned)effectiveKeySizeInBits); - } - /* iterate thru all wrap algs */ - for(privWrapAlg=minWrapAlg; privWrapAlg<=maxWrapAlg; privWrapAlg++) { - /* handle disabled algs */ - if((privWrapAlg == ALG_AES) && (privEncrAlg == ALG_FEEDEXP)) { - /* - * Can't do it. FEED can't do PKCS8 because it doesn't - * support PKCS8 private key format, and AES can't - * do APPLE_CUSTOM because AES needs a 16-byte IV. - */ - continue; - } - /* any other restrictions/ */ - - /* generate wrapping key(s) */ - getAlgInfo(privWrapAlg, wrapInfo); - switch(wrapInfo->wtype) { - case WT_Symmetric: - /* note we can't do odd-size wrapping keys */ - wrapKeySizeBits = randKeySizeBits(wrapInfo->keyGenAlg, - OT_KeyExch); - wrapKeySizeBits &= ~7; - wrapKeyPtr = unwrapKeyPtr = cspGenSymKey(cspHand, - wrapInfo->keyGenAlg, - WRAP_LABEL, - WRAP_LABEL_LEN, - WRAP_USAGE_ANY ? CSSM_KEYUSE_ANY : - CSSM_KEYUSE_WRAP | CSSM_KEYUSE_UNWRAP, - wrapKeySizeBits, - CSSM_TRUE); - if(wrapKeyPtr == NULL) { - rtn = 1; - goto testDone; - } - break; - case WT_Asymmetric: - wrapKeySizeBits = randKeySizeBits(wrapInfo->keyGenAlg, - OT_KeyExch); - genSeed = CSSM_FALSE; - switch(privWrapAlg) { - case ALG_RSA: - if(wrapKeySizeBits > maxRsaKeySize) { - wrapKeySizeBits = maxRsaKeySize; - } - break; - case ALG_FEEDEXP: - if(wrapKeySizeBits > maxFeeKeySize) { - wrapKeySizeBits = maxFeeKeySize; - } - if(loop & 2) { - genSeed = CSSM_TRUE; - } - break; - default: - break; - } - crtn = cspGenKeyPair(cspHand, - wrapInfo->keyGenAlg, - WRAP_LABEL, - WRAP_LABEL_LEN, - wrapKeySizeBits, - &pubWrapKey, - CSSM_TRUE, // pubIsRef - WRAP_USAGE_ANY ? CSSM_KEYUSE_ANY : CSSM_KEYUSE_WRAP, - CSSM_KEYBLOB_RAW_FORMAT_NONE, - &privWrapKey, - CSSM_TRUE, // privIsRef - WRAP_USAGE_ANY ? CSSM_KEYUSE_ANY : CSSM_KEYUSE_UNWRAP, - CSSM_KEYBLOB_RAW_FORMAT_NONE, - genSeed); - if(crtn) { - rtn = testError(quiet); - goto testDone; - } - wrapKeyPtr = &pubWrapKey; - unwrapKeyPtr = &privWrapKey; - break; - case WT_Null: - #if !SYMM_NULL_WRAP_ENABLE - if(encrInfo->wtype == WT_Symmetric) { - /* can't do null wrap of symmetric key */ - continue; - } - #endif - wrapKeySizeBits = 0; - wrapKeyPtr = NULL; - unwrapKeyPtr = NULL; - break; - } - - /* special case for 3DES/3DES */ - #if 0 - if((wrapKeyPtr != NULL) && - (wrapKeyPtr->KeyHeader.AlgorithmId == CSSM_ALGID_3DES_3KEY) && - (decrKeyPtr->KeyHeader.AlgorithmId == CSSM_ALGID_3DES_3KEY)) { - isAppleCustom = CSSM_TRUE; - } - else { - isAppleCustom = CSSM_FALSE; - } - #endif - - /* cook up a wrapFormat - every other loop use default, others - * specify a reasonable one */ - if(wrapInfo->wtype == WT_Null) { - wrapFormat = expectFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_NONE; - } - else if((loop & 1)) { - /* - * FORMAT_NONE - default - figure out expected format; - * this has to track CSP behavior - */ - wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_NONE; - switch(encrInfo->wtype) { - case WT_Symmetric: - expectFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7; - break; - case WT_Asymmetric: - if(privEncrAlg == ALG_FEEDEXP) { - expectFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM; - } - else { - expectFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8; - } - break; - default: - /* NULL encr not done */ - printf("**GAK! Internal error\n"); - } - } - else { - /* pick a good explicit one - this encapsulates the - * range of legal wrap formats per wrap/encrypt alg */ - int die = loop & 2; - switch(encrInfo->wtype) { - case WT_Symmetric: - if(privWrapAlg == ALG_AES) { - /* can't do APPLE_CUSTOM - 16 byte IV */ - wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7; - } - else if(die) { - wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS7; - } - else { - wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM; - } - break; - case WT_Asymmetric: - /* Can't wrap FEE key with AES no way, no how - - * this is detected at the top of the privWrapAlg - * loop - */ - if(privEncrAlg == ALG_FEEDEXP) { - /* FEE doesn't do PKCS8 private key format */ - wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM; - } - else if(die) { - wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8; - } - else if(privWrapAlg == ALG_AES) { - /* AES can't do APPLE_CUSTOM - 16 byte IV */ - wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_PKCS8; - } - else { - wrapFormat = CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM; - } - break; - default: - /* NULL encr not done */ - printf("***GAK! Internal error\n"); - exit(1); - } - expectFormat = wrapFormat; - } - - /* - * If wrapping with apple custom - either by default or - * explicitly - generate some descriptive data. - */ - if(expectFormat == CSSM_KEYBLOB_WRAPPED_FORMAT_APPLE_CUSTOM) { - simpleGenData(&descData, 1, MAX_DESC_DATA_SIZE); - descDataP = &descData; - } - else { - descDataP = NULL; - } - - if(verbose) { - printf(" ...wrapAlg = %s size %u bits format %s expect %s\n", - wrapInfo->algName, (unsigned)wrapKeySizeBits, formatString(wrapFormat), - formatString(expectFormat)); - } - /* OK, here we go! */ - if(doTest(cspHand, - encrKeyPtr, - wrapEncrKey, - decrKeyPtr, - wrapKeyPtr, - unwrapKeyPtr, - wrapInfo->encrAlg, - wrapInfo->encrMode, - wrapFormat, - expectFormat, - wrapInfo->encrPad, - wrapInfo->ivSize, - encrInfo->encrAlg, - encrInfo->encrMode, - encrInfo->encrPad, - encrInfo->ivSize, - effectiveKeySizeInBits, - &ptext, - descDataP, - quiet, - bareCsp)) { - rtn = 1; - goto testDone; - } - /* end of wrap alg loop - free/delete wrap key(s) */ - switch(wrapInfo->wtype) { - case WT_Symmetric: - cspFreeKey(cspHand, wrapKeyPtr); - /* mallocd by cspGenSymKey */ - CSSM_FREE(wrapKeyPtr); - break; - case WT_Asymmetric: - cspFreeKey(cspHand, wrapKeyPtr); - cspFreeKey(cspHand, unwrapKeyPtr); - break; - default: - break; - } - } /* for wrapAlg */ - /* end of encr alg loop - free encr key(s) */ - cspFreeKey(cspHand, encrKeyPtr); - if(encrInfo->wtype == WT_Symmetric) { - /* mallocd by cspGenSymKey */ - CSSM_FREE(decrKeyPtr); - } - else { - cspFreeKey(cspHand, decrKeyPtr); - } - } - } -testDone: - cspShutdown(cspHand, bareCsp); - if(pause) { - fpurge(stdin); - printf("ModuleDetach/Unload complete; hit CR to exit: "); - getchar(); - } - if((rtn == 0) && !quiet) { - printf("%s test complete\n", argv[0]); - } - return rtn; -} diff --git a/SecurityTests/nist-certs/Expectations.plist b/SecurityTests/nist-certs/Expectations.plist index 3da9e137..984e46e2 100644 --- a/SecurityTests/nist-certs/Expectations.plist +++ b/SecurityTests/nist-certs/Expectations.plist @@ -2,39 +2,16 @@ - AllCertificatesanyPolicyTest11EE.crt - - valid - - reason - All Certificates AnyPolicy Test11 should validate successfully - - DifferentPoliciesTest12EE.crt - Check PDF - DifferentPoliciesTest4EE.crt - Check PDF - DifferentPoliciesTest5EE.crt - Check PDF Validpre2000UTCnotBeforeDateTest3EE.crt Can't parse 1950 UTCTime - DifferentPoliciesTest7EE.crt - Check PDF - DifferentPoliciesTest8EE.crt - Check PDF - DifferentPoliciesTest9EE.crt - Check PDF InvalidBasicSelfIssuedNewWithOldTest5EE.crt Check PDF InvalidBasicSelfIssuedOldWithNewTest2EE.crt Check PDF InvalidLongSerialNumberTest18EE.crt Check PDF - InvalidMappingFromanyPolicyTest7EE.crt - Check PDF InvalidNegativeSerialNumberTest15EE.crt Check PDF - InvalidPolicyMappingTest2EE.crt - Check PDF InvalidcRLIssuerTest27EE.crt Check PDF InvalidcRLIssuerTest31EE.crt @@ -45,12 +22,6 @@ Check PDF InvalidcRLIssuerTest35EE.crt Check PDF - InvalidinhibitAnyPolicyTest1EE.crt - Check PDF - InvalidinhibitAnyPolicyTest6EE.crt - Check PDF - InvalidinhibitPolicyMappingTest1EE.crt - Check PDF InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt Check PDF InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt @@ -75,41 +46,13 @@ Check PDF ValidDSASignaturesTest4EE.crt Check PDF - ValidPolicyMappingTest11EE.crt - Check PDF - ValidPolicyMappingTest12EE.crt - Check PDF - ValidPolicyMappingTest1EE.crt - Check PDF - ValidPolicyMappingTest3EE.crt - Check PDF - ValidPolicyMappingTest5EE.crt - Check PDF - ValidPolicyMappingTest6EE.crt - Check PDF ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt Check PDF - ValidSelfIssuedinhibitAnyPolicyTest7EE.crt - Check PDF - ValidSelfIssuedinhibitAnyPolicyTest9EE.crt - Check PDF - ValidSelfIssuedinhibitPolicyMappingTest7EE.crt - Check PDF - ValidSelfIssuedpathLenConstraintTest15EE.crt - Check PDF - ValidSelfIssuedpathLenConstraintTest17EE.crt - Check PDF ValidUTF8StringCaseInsensitiveMatchTest11EE.crt Check PDF - ValidinhibitPolicyMappingTest2EE.crt - Check PDF - ValidinhibitPolicyMappingTest4EE.crt - Check PDF InvalidDNnameConstraintsTest13EE.crt Check PDF ValidDNnameConstraintsTest14EE.crt Can't evaluate empty subject name. - ValidDNnameConstraintsTest19EE.crt - Chains must be cryptographically valid. diff --git a/SecurityTests/nist-certs/DifferentPoliciesTest12EE.crt b/SecurityTests/nist-certs/InvalidDifferentPoliciesTest12EE.crt similarity index 100% rename from SecurityTests/nist-certs/DifferentPoliciesTest12EE.crt rename to SecurityTests/nist-certs/InvalidDifferentPoliciesTest12EE.crt diff --git a/SecurityTests/nist-certs/DifferentPoliciesTest4EE.crt b/SecurityTests/nist-certs/InvalidDifferentPoliciesTest4EE.crt similarity index 100% rename from SecurityTests/nist-certs/DifferentPoliciesTest4EE.crt rename to SecurityTests/nist-certs/InvalidDifferentPoliciesTest4EE.crt diff --git a/SecurityTests/nist-certs/DifferentPoliciesTest5EE.crt b/SecurityTests/nist-certs/InvalidDifferentPoliciesTest5EE.crt similarity index 100% rename from SecurityTests/nist-certs/DifferentPoliciesTest5EE.crt rename to SecurityTests/nist-certs/InvalidDifferentPoliciesTest5EE.crt diff --git a/SecurityTests/nist-certs/DifferentPoliciesTest7EE.crt b/SecurityTests/nist-certs/InvalidDifferentPoliciesTest7EE.crt similarity index 100% rename from SecurityTests/nist-certs/DifferentPoliciesTest7EE.crt rename to SecurityTests/nist-certs/InvalidDifferentPoliciesTest7EE.crt diff --git a/SecurityTests/nist-certs/DifferentPoliciesTest8EE.crt b/SecurityTests/nist-certs/InvalidDifferentPoliciesTest8EE.crt similarity index 100% rename from SecurityTests/nist-certs/DifferentPoliciesTest8EE.crt rename to SecurityTests/nist-certs/InvalidDifferentPoliciesTest8EE.crt diff --git a/SecurityTests/nist-certs/DifferentPoliciesTest9EE.crt b/SecurityTests/nist-certs/InvalidDifferentPoliciesTest9EE.crt similarity index 100% rename from SecurityTests/nist-certs/DifferentPoliciesTest9EE.crt rename to SecurityTests/nist-certs/InvalidDifferentPoliciesTest9EE.crt diff --git a/SecurityTests/regressions/Makefile b/SecurityTests/regressions/Makefile deleted file mode 100644 index ee173848..00000000 --- a/SecurityTests/regressions/Makefile +++ /dev/null @@ -1,190 +0,0 @@ -# Makefile - -.PHONY: build all install installsrc installhdrs test check Makefile testexcldebug -PRODUCT=regressions - -TESTDIRS := . - -HFILES := $(shell find $(TESTDIRS) -type f -name \*.h -print) -ALL_CFILES := $(shell find $(TESTDIRS) -type f -name \*.c -print) -ALL_CXXFILES := $(shell find $(TESTDIRS) -type f -name \*.cpp -print) -ALL_MFILES := $(shell find $(TESTDIRS) -type f -name \*.m -print) -SHFILES := $(shell find $(TESTDIRS) -type f -name \*.sh -print) -TFILES := $(shell find $(TESTDIRS) -type f -name \*.t -print) - -PAREN := ( -CTESTS := $(shell grep -l 'main[ \t]*$(PAREN)' $(ALL_CFILES) /dev/null) -CXXTESTS := $(shell grep -l 'main[ \t]*$(PAREN)' $(ALL_CXXFILES) /dev/null) -MTESTS := $(shell grep -l 'main[ \t]*$(PAREN)' $(ALL_MFILES) /dev/null) -SHTESTS := $(SHFILES) - -EXCLSTR := NO_AUTOMATED_TESTING -EXCL_CTESTS := $(shell grep -l $(EXCLSTR) $(CTESTS) /dev/null) -EXCL_CXXTESTS := $(shell grep -l $(EXCLSTR) $(CXXTESTS) /dev/null) -EXCL_MTESTS := $(shell grep -l $(EXCLSTR) $(MTESTS) /dev/null) -EXCL_SHTESTS := $(shell grep -l $(EXCLSTR) $(SHTESTS) /dev/null) -EXCL_TESTS := $(EXCL_CTESTS) $(EXCL_CXXTESTS) $(EXCL_MTESTS) $(EXCL_SHTESTS) - -CFILES = $(filter-out $(CTESTS),$(ALL_CFILES)) -CXXFILES = $(filter-out $(CXXTESTS),$(ALL_CXXFILES)) -MFILES = $(filter-out $(MTESTS),$(ALL_MFILES)) - -BUILT_PRODUCTS_DIR ?= $(shell echo $(LOCAL_BUILD_DIR)) -ifeq "" "$(BUILT_PRODUCTS_DIR)" - BUILT_PRODUCTS_DIR = $(SYMROOT) - ifeq "" "$(BUILT_PRODUCTS_DIR)" - BUILT_PRODUCTS_DIR = build - endif -endif -SYMROOT ?= $(BUILT_PRODUCTS_DIR) -OBJROOT ?= $(BUILT_PRODUCTS_DIR)/intermediates/$(PRODUCT).build -SRCROOT ?= $(shell /bin/pwd) -DSTROOT ?= "" - -INSTALLDIR := $(DSTROOT)/usr/local/bin - -SRCFILES := Makefile $(HFILES) $(CTESTS) $(CFILES) $(CXXTESTS) $(CXXFILES) $(MTESTS) $(MFILES) - -BUILT_CTARGETS := $(addprefix $(BUILT_PRODUCTS_DIR)/,$(notdir $(basename $(CTESTS)))) -BUILT_CXXTARGETS := $(addprefix $(BUILT_PRODUCTS_DIR)/,$(notdir $(basename $(CXXTESTS)))) -BUILT_MTARGETS := $(addprefix $(BUILT_PRODUCTS_DIR)/,$(notdir $(basename $(MTESTS)))) -BUILT_TARGETS := $(BUILT_CTARGETS) $(BUILT_CXXTARGETS) $(BUILT_MTARGETS) -EXCL_TARGETS := $(addprefix $(BUILT_PRODUCTS_DIR)/, $(notdir $(basename $(EXCL_TESTS)))) -TEST_TARGETS := $(filter-out $(EXCL_TARGETS),$(BUILT_TARGETS)) - -COFILES := $(addprefix $(OBJROOT)/,$(addsuffix .o, $(basename $(CFILES)))) -CXXOFILES := $(addprefix $(OBJROOT)/,$(addsuffix .o, $(basename $(CXXFILES)))) -MOFILES := $(addprefix $(OBJROOT)/,$(addsuffix .o, $(basename $(MFILES)))) -OFILES := $(COFILES) $(CXXOFILES) $(MOFILES) - -TEST_COFILES := $(addprefix $(OBJROOT)/,$(addsuffix .o, $(basename $(CTESTS)))) -TEST_CXXOFILES := $(addprefix $(OBJROOT)/,$(addsuffix .o, $(basename $(CXXTESTS)))) -TEST_MOFILES := $(addprefix $(OBJROOT)/,$(addsuffix .o, $(basename $(MTESTS)))) -TEST_OFILES := $(TEST_COFILES) $(TEST_CXXOFILES) $(TEST_MOFILES) - -OBJDIRS := $(sort $(OBJROOT) $(dir $(OFILES) $(TEST_OFILES))) - -# -# Assume final load with cc, not ld -# - -C_FRAMEWORK_SEARCH_PATHS = $(BUILT_PRODUCTS_DIR) -CPP_FRAMEWORK_SEARCH_PATHS = $(BUILT_PRODUCTS_DIR) \ - /System/Library/PrivateFrameworks /usr/local/SecurityPieces/Frameworks -M_FRAMEWORK_SEARCH_PATHS = $(BUILT_PRODUCTS_DIR) \ - /System/Library/PrivateFrameworks -STD_HEADER_SEARCH_PATHS = $(SRCROOT)/test -STD_LIBARY_SEARCH_PATHS = $(BUILT_PRODUCTS_DIR) - -ALL_HEADER_SEARCH_PATHS = $(HEADER_SEARCH_PATHS) $(STD_HEADER_SEARCH_PATHS) -ALL_LIBARY_SEARCH_PATHS = $(LIBARY_SEARCH_PATHS) $(STD_LIBARY_SEARCH_PATHS) - -STD_LIBRARIES = -ALL_LIBRARIES = $(STD_LIBRARIES) $(LIBRARIES:lib%.a=%) - -C_FRAMEWORKS = Security CoreFoundation -CPP_FRAMEWORKS = $(C_FRAMEWORKS) #security_utilities -M_FRAMEWORKS = $(C_FRAMEWORKS) SecurityFoundation Foundation - -C_FINCLUDES = $(addprefix -F,$(C_FRAMEWORK_SEARCH_PATHS) \ - $(FRAMEWORK_SEARCH_PATHS)) -CPP_FINCLUDES = $(addprefix -F,$(CPP_FRAMEWORK_SEARCH_PATHS) \ - $(FRAMEWORK_SEARCH_PATHS)) -M_FINCLUDES = $(addprefix -F,$(M_FRAMEWORK_SEARCH_PATHS) \ - $(FRAMEWORK_SEARCH_PATHS)) -ALL_INCLUDES = $(addprefix -I,$(ALL_HEADER_SEARCH_PATHS)) - -# -# Override this from the make command line to add e.g. -lMallocDebug -# -CMDLINE_LDFLAGS= - -# -C_LDFLAGS = $(CMDLINE_LDFLAGS) \ - $(C_FINCLUDES) \ - $(addprefix -framework ,$(C_FRAMEWORKS) $(FRAMEWORKS)) \ - $(addprefix -L,$(ALL_LIBARY_SEARCH_PATHS)) \ - $(addprefix -l,$(ALL_LIBARIES)) \ - $(OTHER_LDFLAGS) -CPP_LDFLAGS = $(CMDLINE_LDFLAGS) \ - $(CPP_FINCLUDES) \ - $(addprefix -framework ,$(CPP_FRAMEWORKS) $(FRAMEWORKS)) \ - $(addprefix -L,$(ALL_LIBARY_SEARCH_PATHS)) \ - $(addprefix -l,$(ALL_LIBARIES)) \ - $(OTHER_LDFLAGS) /usr/local/lib/libsecurity_utilities.a -M_LDFLAGS = $(CMDLINE_LDFLAGS) \ - $(M_FINCLUDES) \ - $(addprefix -framework ,$(M_FRAMEWORKS) $(FRAMEWORKS)) \ - $(addprefix -L,$(ALL_LIBARY_SEARCH_PATHS)) \ - $(addprefix -l,$(ALL_LIBARIES)) \ - $(OTHER_LDFLAGS) - -###WARNING_CFLAGS = -Wno-four-char-constants -Wall -Werror -WARNING_CFLAGS = -Wno-four-char-constants -Wall -Wno-deprecated-declarations -STD_CFLAGS= -g -DEBUG_CFLAGS= - -ALL_CFLAGS = $(C_FINCLUDES) $(ALL_INCLUDES) $(STD_CFLAGS) \ - $(WARNING_CFLAGS) $(OTHER_CFLAGS) $(DEBUG_CFLAGS) -ALL_CXXFLAGS = $(CPP_FINCLUDES) $(ALL_INCLUDES) $(STD_CFLAGS) \ - $(WARNING_CFLAGS) $(OTHER_CXXFLAGS) $(DEBUG_CFLAGS) -ALL_MFLAGS = $(M_FINCLUDES) $(ALL_INCLUDES) $(STD_CFLAGS) \ - $(WARNING_CFLAGS) $(OTHER_CFLAGS) $(DEBUG_CFLAGS) - -build: $(OTHER_DEPENDENCIES) $(OBJDIRS) $(BUILT_TARGETS) - -all: build - -ppc64: - make CMDLINE_LDFLAGS="-arch ppc64" DEBUG_CFLAGS="-arch ppc64" - -install: build - install -d -m 0755 $(INSTALLDIR) - install -p -m 0755 $(BUILT_TARGETS) $(INSTALLDIR) - -installhdrs: - -installsrc: - mkdir $(DSTROOT) - -clean: - rm -f $(BUILT_TARGETS) $(OFILES) $(TEST_OFILES) $(OTHER_TO_CLEAN) -# echo rm -rf $(OBJDIRS) - -test: build - @perl -Iinc -e 'use MyHarness; Test::Harness::runtests @ARGV;' $(sort $(TEST_TARGETS)) $(sort $(TFILES)) - -testexcldebug: build - @echo EXCL_CTESTS: $(EXCL_CTESTS) - @echo EXCL_CXXTESTS: $(EXCL_CXXTESTS) - @echo EXCL_MTESTS: $(EXCL_MTESTS) - @echo EXCL_SHTESTS: $(EXCL_SHTESTS) - @echo EXCL_TESTS: $(EXCL_TESTS) - @echo BUILT_TARGETS: $(BUILT_TARGETS) - @echo TEST_TARGETS: $(TEST_TARGETS) - -LOCAL_OFILES := $(addsuffix .o, $(basename $(CFILES) $(CXXFILES) $(MFILES))) -OFILES := $(LOCAL_OFILES:%=$(OBJROOT)/%) - -$(BUILT_CTARGETS): $(COFILES) $(TEST_COFILES) - $(CC) -o $@ $(filter %/$(notdir $@).o,$(TEST_COFILES)) $(OFILES) $(C_LDFLAGS) - -$(BUILT_CXXTARGETS): $(COFILES) $(CXXOFILES) $(TEST_CXXOFILES) - $(CXX) -o $@ $(filter %/$(notdir $@).o,$(TEST_CXXOFILES)) $(OFILES) $(CPP_LDFLAGS) - -$(BUILT_MTARGETS): $(COFILES) $(MOFILES) $(TEST_MOFILES) - $(CC) -o $@ $(filter %/$(notdir $@).o,$(TEST_MOFILES)) $(OFILES) $(M_LDFLAGS) - -$(OBJDIRS): - @mkdir -p $@ - -$(OBJROOT)/%.o: %.c - $(CC) $(ALL_CFLAGS) -c -o $(OBJROOT)/$*.o $< - -$(OBJROOT)/%.o: %.cpp - $(CXX) $(ALL_CXXFLAGS) -c -o $(OBJROOT)/$*.o $< - -$(OBJROOT)/%.o: %.m - $(CC) $(ALL_MFLAGS) -c -o $(OBJROOT)/$*.o $< - -$(OFILES) $(TEST_OFILES): $(HFILES) diff --git a/SecurityTests/regressions/README b/SecurityTests/regressions/README deleted file mode 100644 index 256c3666..00000000 --- a/SecurityTests/regressions/README +++ /dev/null @@ -1,220 +0,0 @@ -regression test suite for security components. -by Michael Brouwer - - -GOALS -===== - -The goals of this test setup are to have something that required -0 configuration and setup and allows developers to quickly write -new standalone test cases. - - -USAGE -===== - -The tests are runnable from the top level Makefile by typing - make test -or individually from the command line or with gdb. Tests will be -built into a directory called build by default or into LOCAL_BUILD_DIR -if you set that in your environment. - - -DIRECTORY LAYOUT -================ - -Currently there are subdirectories for a number of different parts -of the security stack. Each directory contains some of the unit -tests I've managed to find from radar and other places. - -The test programs output their results in a format called TAP. This -is described here: - http://search.cpan.org/~petdance/Test-Harness-2.46/lib/Test/Harness/TAP.pod -Because of this we can use perl's Test::Harness to run the tests -and produce some nice looking output without the need to write an -entire test harness. - -Tests can be written in C, C++ or Objective-C or perl (using -Test::More in perl). - - -WRITING TESTS -============= - -To add a new test simply copy one of the existing ones and hack away. -Any file with a main() function in it will be built into a test -automatically by the top level Makefile (no configuration required). - -To use the testmore C "library" all you need to do is #include -"testmore.h" in your test program. - -Then in your main function you must call: - -plan_tests(NUMTESTS) where NUMTESTS is the number of test cases you -test program will run. After that you can start writing tests. -There are a couple of macros to help you get started: - -The following are ways to run an actual test case (as in they count -towards the NUMTESTS number above): - -ok(EXPR, NAME) - Evaluate EXPR if it's true the test passes if false it fails. - The second argument is a descriptive name of the test for debugging - purposes. - -is(EXPR, VALUE, NAME) - Evaluate EXPR if it's equal to VALUE the test passes otherwise - it fails. This is equivalent to ok(EXPR == VALUE, NAME) except - this produces nicer output in a failure case. - CAVEAT: Currently EXPR and VALUE must both be type int. - -isnt(EXPR, VALUE, NAME) - Opposite of is() above. - CAVEAT: Currently EXPR and VALUE must both be type int. - -cmp_ok(EXPR, OP, VALUE, NAME) - Succeeds if EXPR OP VALUE is true. Produces a diagnostic if not. - CAVEAT: Currently EXPR and VALUE must both be type int. - -ok_status(EXPR, NAME) - Evaluate EXPR, if it's 0 the test passes otherwise print a - diagnostic with the name and number of the error returned. - -is_status(EXPR, VALUE, NAME) - Evaluate EXPR, if the error returned equals VALUE the test - passes, otherwise print a diagnostic with the expected and - actual error returned. - -ok_unix(EXPR, NAME) - Evaluate EXPR, if it's >= 0 the test passes otherwise print a - diagnostic with the name and number of the errno. - -is_unix(EXPR, VALUE, NAME) - Evaluate EXPR, if the errno set by it equals VALUE the test - passes, otherwise print a diagnostic with the expected and - actual errno. - -Finally if you somehow can't express the success or failure of a -test using the macros above you can use pass(NAME) or fail(NAME) -explicitly. These are equivalent to ok(1, NAME) and ok(0, NAME) -respectively. - - -LEAKS -===== - -If you want to check for leaks in your test you can #include -"testleaks.h" in your program and call: - -ok_leaks(NAME) - Passes if there are no leaks in your program. - -is_leaks(VALUE, NAME) - Passes if there are exactly VALUE leaks in your program. Useful - if you are calling code that is known to leak and you can't fix - it. But you still want to make sure there are no new leaks in - your code. - - -C++ -=== - -For C++ programs you can #include "testcpp.h" which defines these -additional macros: -no_throw(EXPR, NAME) - Success if EXPR doesn't throw. - -does_throw(EXPR, NAME) - Success if EXPR does throw. - -is_throw(EXPR, CLASS, FUNC, VALUE, NAME) - Success if EXPR throws an exception of type CLASS and CLASS.FUNC == VALUE. - Example usage: - is_throw(CssmError::throwMe(42), CssmError, osStatus(), 42, "throwMe(42)"); - - -TODO and SKIP -============= - -Sometimes you write a test case that is known to fail (because you -found a bug). Rather than commenting out that test case you should -put it inside a TODO block. This will cause the test to run but -the failure will not be reported as an error. When the test starts -passing (presumably because someone fixed the bug) you can comment -out the todo block and leave the test in place. - -The syntax for doing this looks like so: - - TODO: { - todo(" ER: AAPL target: $4,000,000/share"); - - cmp_ok(apple_stock_price(), >=, 4000000, "stock over 4M"); - } - -Sometimes you don't want to run a particular test case or set of -test cases because something in the environment is missing or you -are running on a different version of the OS than the test was -designed for. To achieve this you can use a skip block. - -The syntax for a skip block looks like so: - - SKIP: { - skip("only runs on Tiger and later", 4, os_version() >= os_tiger); - - ok(tiger_test1(), "test1"); - ok(tiger_test2(), "test2"); - ok(tiger_test3(), "test3"); - ok(tiger_test4(), "test4"); - } - -How it works is like so: If the third argument to skip evaluates -to false it breaks out of the skip block and reports N tests as -being skipped (where N is the second argument to skip) The reason -for the test being skipped is given as the first argument to skip. - - -Utility Functions -================= - -Anyone writing tests can add new utility functions. Currently there -is a pair called tests_begin and tests_end. To get them -#include "testenv.h". Calling them doesn't count as running a test -case, unless you wrap them in an ok() macro. tests_begin creates -a unique dir in /tmp and sets HOME in the environment to that dir. -tests_end cleans up the mess that tests_begin made. - -When writing your own utility functions you will probably want to use -the setup("task") macro so that any uses of ok() and other macros -don't count as actual test cases run, but do report errors when they -fail. Here is an example of how tests_end() does this: - -int -tests_end(int result) -{ - setup("tests_end"); - /* Restore previous cwd and remove scratch dir. */ - return (ok_unix(fchdir(current_dir), "fchdir") && - ok_unix(close(current_dir), "close") && - ok_unix(rmdir_recursive(scratch_dir), "rmdir_recursive")); -} - -Setup cases all tests unil the end of the current funtion to not count -againt your test cases test count and they output nothing if they -succeed. - -There is also a simple utility header called "testcssm.h" which -currently defines cssm_attach and cssm_detach functions for loading -and initializing cssm and loading a module. - - -EXCLUDING TESTS -=============== - -Some tests cannot be automated, notably those that require user -interaction. Such tests should be built, to ensure that API/SPI changes -are caught, but they should not be run via 'make test' since that is how -our automated testing is invoked. To keep your test from being run via -'make test,' add the string NO_AUTOMATED_TESTING as a comment to your main -test file. - -Excluded tests can and should still be run by hand, of course. diff --git a/SecurityTests/regressions/auth/auth-01-immediate-agent.c b/SecurityTests/regressions/auth/auth-01-immediate-agent.c deleted file mode 100644 index df7102ab..00000000 --- a/SecurityTests/regressions/auth/auth-01-immediate-agent.c +++ /dev/null @@ -1,41 +0,0 @@ -/* NO_AUTOMATED_TESTING */ -#include -#include -#include -#include -#include "testmore.h" - -/* - * XXX/gh These should be in AuthorizationTagsPriv.h - */ -#ifdef AUTHHOST_TYPE_AGENT -#warning AUTHHOST_TYPE_AGENT defined, clean up immediate-agent test -#else -#define AUTHHOST_TYPE_AGENT 1 // SecurityAgent -#endif - -#ifdef AUTHHOST_TYPE_PRIVILEGED -#warning AUTHHOST_TYPE_PRIVILEGED defined, clean up immediate-agent test -#else -#define AUTHHOST_TYPE_PRIVILEGED 2 // authorizationhost -#endif - -int main(__unused int ac, const char *av[]) -{ - uint32_t hostType = AUTHHOST_TYPE_AGENT; - AuthorizationItem item = { AGENT_HINT_IMMEDIATE_LAUNCH, sizeof(hostType), &hostType, 0 }; - AuthorizationEnvironment hints = { 1, &item }; - const char *hostTypeStr; - - plan_tests(1); - - switch(hostType) - { - case AUTHHOST_TYPE_AGENT: hostTypeStr = "SecurityAgent"; break; - case AUTHHOST_TYPE_PRIVILEGED: hostTypeStr = "authorizationhost"; break; - default: hostTypeStr = "unknown host type"; break; - } - ok_status(AuthorizationCreate(NULL, &hints, kAuthorizationFlagDefaults, NULL), "force immediate agent launch"); - - return 0; -} diff --git a/SecurityTests/regressions/auth/auth-02-aewp-basic.c b/SecurityTests/regressions/auth/auth-02-aewp-basic.c deleted file mode 100644 index c3c38b9e..00000000 --- a/SecurityTests/regressions/auth/auth-02-aewp-basic.c +++ /dev/null @@ -1,40 +0,0 @@ -/* NO_AUTOMATED_TESTING */ -#include -#include -#include -#include -#include "testmore.h" - -#define EXECUTABLE "/bin/ls" -#define LSTARGET "/private/var/db/shadow" - -/* XXX/gh interactive, so inappropriate for auto-regressions */ -int main(__unused int ac, const char *av[]) -{ - AuthorizationRef authRef = NULL; - char *lsargs[2] = { "-l", LSTARGET }; - FILE *commPipe = NULL; - DIR *dir = NULL; - char lsbuf[6]; /* "total" */ - /* uint32_t total; */ - - plan_tests(5); - - /* make sure LSTARGET isn't readable by mere mortals */ - dir = opendir(LSTARGET); - is(errno, EACCES, "AEWP-basic: opendir()"); - ok_status(AuthorizationCreate(NULL, NULL, kAuthorizationFlagDefaults, &authRef), - "AEWP-basic: AuthCreate()"); - ok(authRef != NULL, "AEWP-basic: NULL authRef"); - ok_status(AuthorizationExecuteWithPrivileges(authRef, - EXECUTABLE, - kAuthorizationFlagDefaults, - lsargs, - &commPipe), - "AEWP-basic: AEWP()"); - - /* stops at first white space */ - is_status(fscanf(commPipe, "%s", lsbuf), 1, "AEWP-basic: fscanf()"); - printf("ls output: %s\n", lsbuf); - return 0; -} diff --git a/SecurityTests/regressions/auth/auth-SessionCreate-01-basic.c b/SecurityTests/regressions/auth/auth-SessionCreate-01-basic.c deleted file mode 100644 index 5cede143..00000000 --- a/SecurityTests/regressions/auth/auth-SessionCreate-01-basic.c +++ /dev/null @@ -1,34 +0,0 @@ -/* NO_AUTOMATED_TESTING */ - -#include -#include /* getenv(3) */ -#include -#include "testmore.h" - -#define SSID_ENV_STR "SECURITYSESSIONID" /* hard-coded in Authorization.cpp */ - -/* - * Not automated because SessionCreate() implicitly invokes task_for_pid(), - * which in turn can trigger an Authorization call (and thus UI) via - * taskgated. - */ -int main(__unused int ac, __unused const char *av[]) -{ - char *ssid = NULL; - - plan_tests(1); - - if ((ssid = getenv(SSID_ENV_STR)) != NULL) - printf("Current SecuritySessionID: %s\n", ssid); - /* - * @@@ SessionCreate() is documented to return "noErr" on success, but - * errSessionSuccess is part of the SessionStatus enum - */ - is(SessionCreate(0/*SessionCreationFlags*/, - sessionHasGraphicAccess|sessionHasTTY/*SessionAttributeFlags*/), - errSessionSuccess, "SessionCreate()"); - if ((ssid = getenv(SSID_ENV_STR)) == NULL) - fprintf(stderr, "Missing %s in environment!\n", SSID_ENV_STR); - printf("New SecuritySessionID: %s\n", ssid); - return 0; -} diff --git a/SecurityTests/regressions/dl/dl-10-create-delete.c b/SecurityTests/regressions/dl/dl-10-create-delete.c deleted file mode 100644 index bdae3acf..00000000 --- a/SecurityTests/regressions/dl/dl-10-create-delete.c +++ /dev/null @@ -1,285 +0,0 @@ -/* - * Copyright (c) 2005-2006 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - * - * 00DL_Create-Delete.c - */ - -#include -#include -#include -#include - -#include "testmore.h" -#include "testenv.h" -#include "testcssm.h" -#include "testleaks.h" - -#define DBNAME "testdl.db" - -static CSSM_APPLEDL_OPEN_PARAMETERS openParameters = -{ - sizeof(CSSM_APPLEDL_OPEN_PARAMETERS), - CSSM_APPLEDL_OPEN_PARAMETERS_VERSION, - CSSM_FALSE, - kCSSM_APPLEDL_MASK_MODE, - 0600 -}; -static CSSM_DBINFO dbInfo = -{ - 0 /* NumberOfRecordTypes */, - NULL, - NULL, - NULL, - CSSM_TRUE /* IsLocal */, - NULL, /* AccessPath - URL, dir path, etc. */ - NULL /* reserved */ -}; - -int -static test1(CSSM_DL_HANDLE dl) -{ - int pass = 1; - CSSM_DL_DB_HANDLE dldb = { dl }; - - /* Case 1 regular create close delete. */ - pass &= ok_status(CSSM_DL_DbCreate(dldb.DLHandle, DBNAME, - NULL /* DbLocation */, - &dbInfo, - CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, - NULL /* CredAndAclEntry */, - NULL /* &openParameters */, - &dldb.DBHandle), - "CSSM_DL_DbCreate"); - - pass &= ok_status(CSSM_DL_DbClose(dldb), "CSSM_DL_DbClose"); - pass &= ok_status(CSSM_DL_DbDelete(dldb.DLHandle, DBNAME, - NULL /* DbLocation */, - NULL /* AccessCred */), "CSSM_DL_DbDelete"); - pass &= is_unix(unlink(DBNAME), ENOENT, "unlink"); - - return pass; -} - -int -static test2(CSSM_DL_HANDLE dl) -{ - int pass = 1; - CSSM_DL_DB_HANDLE dldb = { dl }; - - /* Case 2 regular create delete then close. */ - pass &= ok_status(CSSM_DL_DbCreate(dldb.DLHandle, DBNAME, - NULL /* DbLocation */, - &dbInfo, - CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, - NULL /* CredAndAclEntry */, - NULL /* &openParameters */, - &dldb.DBHandle), - "CSSM_DL_DbCreate"); - - pass &= ok_status(CSSM_DL_DbDelete(dldb.DLHandle, DBNAME, - NULL /* DbLocation */, - NULL /* AccessCred */), "CSSM_DL_DbDelete"); - pass &= ok_status(CSSM_DL_DbClose(dldb), "CSSM_DL_DbClose"); - pass &= is_unix(unlink(DBNAME), ENOENT, "unlink"); - - return pass; -} - -int -static test3(CSSM_DL_HANDLE dl) -{ - int pass = 1; - CSSM_DL_DB_HANDLE dldb = { dl }; - - /* Case 3 non autocommit create close delete. */ - pass &= ok_status(CSSM_DL_DbCreate(dldb.DLHandle, DBNAME, - NULL /* DbLocation */, - &dbInfo, - CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, - NULL /* CredAndAclEntry */, - &openParameters, - &dldb.DBHandle), - "CSSM_DL_DbCreate"); - - pass &= ok_status(CSSM_DL_DbClose(dldb), "CSSM_DL_DbClose"); - pass &= ok_status(CSSM_DL_DbDelete(dldb.DLHandle, DBNAME, - NULL /* DbLocation */, - NULL /* AccessCred */), "CSSM_DL_DbDelete"); - pass &= is_unix(unlink(DBNAME), ENOENT, "unlink"); - - return pass; -} - -int -static test4(CSSM_DL_HANDLE dl) -{ - int pass = 1; - CSSM_DL_DB_HANDLE dldb = { dl }; - - /* Case 4 non autocommit create delete then close. */ - pass &= ok_status(CSSM_DL_DbCreate(dldb.DLHandle, DBNAME, - NULL /* DbLocation */, - &dbInfo, - CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, - NULL /* CredAndAclEntry */, - &openParameters, - &dldb.DBHandle), - "CSSM_DL_DbCreate"); - - pass &= ok_status(CSSM_DL_DbDelete(dldb.DLHandle, DBNAME, - NULL /* DbLocation */, - NULL /* AccessCred */), "CSSM_DL_DbDelete"); - pass &= ok_status(CSSM_DL_DbClose(dldb), "CSSM_DL_DbClose"); - pass &= is_unix(unlink(DBNAME), ENOENT, "unlink"); - - return pass; -} - -int -static test5(CSSM_DL_HANDLE dl) -{ - int pass = 1; - CSSM_DL_DB_HANDLE dldb = { dl }; - - /* Case 5 non autocommit create rollback close delete. */ - pass &= ok_status(CSSM_DL_DbCreate(dldb.DLHandle, DBNAME, - NULL /* DbLocation */, - &dbInfo, - CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, - NULL /* CredAndAclEntry */, - &openParameters, - &dldb.DBHandle), - "CSSM_DL_DbCreate"); - pass &= ok_status(CSSM_DL_PassThrough(dldb, CSSM_APPLEFILEDL_ROLLBACK, - NULL, NULL), "CSSM_APPLEFILEDL_ROLLBACK"); - pass &= ok_status(CSSM_DL_DbClose(dldb), "CSSM_DL_DbClose"); - pass &= is_status(CSSM_DL_DbDelete(dldb.DLHandle, DBNAME, - NULL /* DbLocation */, NULL /* AccessCred */), - CSSMERR_DL_DATASTORE_DOESNOT_EXIST, "CSSM_DL_DbDelete"); - pass &= is_unix(unlink(DBNAME), ENOENT, "unlink"); - - return pass; -} - -int -static test6(CSSM_DL_HANDLE dl) -{ - int pass = 1; - CSSM_DL_DB_HANDLE dldb = { dl }; - - /* Case 6 non autocommit create rollback delete then close. */ - pass &= ok_status(CSSM_DL_DbCreate(dldb.DLHandle, DBNAME, - NULL /* DbLocation */, - &dbInfo, - CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, - NULL /* CredAndAclEntry */, - &openParameters, - &dldb.DBHandle), - "CSSM_DL_DbCreate"); - - pass &= ok_status(CSSM_DL_PassThrough(dldb, CSSM_APPLEFILEDL_ROLLBACK, - NULL, NULL), "CSSM_APPLEFILEDL_ROLLBACK"); - pass &= is_status(CSSM_DL_DbDelete(dldb.DLHandle, DBNAME, - NULL /* DbLocation */, NULL /* AccessCred */), - CSSMERR_DL_DATASTORE_DOESNOT_EXIST, "CSSM_DL_DbDelete"); - pass &= ok_status(CSSM_DL_DbClose(dldb), "CSSM_DL_DbClose"); - pass &= is_unix(unlink(DBNAME), ENOENT, "unlink"); - - return pass; -} - -int -static test7(CSSM_DL_HANDLE dl) -{ - int pass = 1; - CSSM_DL_DB_HANDLE dldb = { dl }; - - /* Case 7 non autocommit create delete rollback then close. */ - pass &= ok_status(CSSM_DL_DbCreate(dldb.DLHandle, DBNAME, - NULL /* DbLocation */, - &dbInfo, - CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, - NULL /* CredAndAclEntry */, - &openParameters, - &dldb.DBHandle), - "CSSM_DL_DbCreate"); - - pass &= ok_status(CSSM_DL_DbDelete(dldb.DLHandle, DBNAME, - NULL /* DbLocation */, NULL /* AccessCred */), "CSSM_DL_DbDelete"); - pass &= ok_status(CSSM_DL_PassThrough(dldb, CSSM_APPLEFILEDL_ROLLBACK, - NULL, NULL), "CSSM_APPLEFILEDL_ROLLBACK"); - pass &= ok_status(CSSM_DL_DbClose(dldb), "CSSM_DL_DbClose"); - pass &= is_unix(unlink(DBNAME), ENOENT, "unlink"); - - return pass; -} - -int -static test8(CSSM_DL_HANDLE dl) -{ - int pass = 1; - CSSM_DL_DB_HANDLE dldb = { dl }; - - /* Case 8 delete non existant db. */ - pass &= is_status(CSSM_DL_DbDelete(dldb.DLHandle, DBNAME, - NULL /* DbLocation */, NULL /* AccessCred */), - CSSMERR_DL_DATASTORE_DOESNOT_EXIST, "CSSM_DL_DbDelete"); - - - return pass; -} - -int -main(int argc, char * const *argv) -{ - int guid_alt = argc > 1 && !strcmp(argv[1], "-g"); - /* {2cb56191-ee6f-432d-a377-853d3c6b949e} */ - CSSM_GUID s3dl_guid = - { - 0x2cb56191, 0xee6f, 0x432d, - { 0xa3, 0x77, 0x85, 0x3d, 0x3c, 0x6b, 0x94, 0x9e } - }; - const CSSM_GUID *guid = guid_alt ? & s3dl_guid : &gGuidAppleFileDL; - CSSM_DL_HANDLE dl; - - /* Total number of test cases in this file. */ - plan_tests(45); - - ok(cssm_attach(guid, &dl), "cssm_attach"); - ok(tests_begin(argc, argv), "setup"); - - /* Run tests. */ - ok(test1(dl), "create close delete"); - ok(test2(dl), "create delete close"); - ok(test3(dl), "autocommit off create close delete"); - ok(test4(dl), "autocommit off create delete close"); - ok(test5(dl), "autocommit off create rollback close delete"); - ok(test6(dl), "autocommit off create rollback delete close"); - ok(test7(dl), "autocommit off create delete rollback close"); - ok(test8(dl), "delete non existant db"); - - ok(cssm_detach(guid, dl), "cssm_detach"); - ok(tests_end(1), "cleanup"); - TODO: {ok_leaks("leaks");} - - return 0; -} diff --git a/SecurityTests/regressions/dl/dl-11-create-relation.c b/SecurityTests/regressions/dl/dl-11-create-relation.c deleted file mode 100644 index bc01119c..00000000 --- a/SecurityTests/regressions/dl/dl-11-create-relation.c +++ /dev/null @@ -1,269 +0,0 @@ -/* - * Copyright (c) 2005 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - * - * 01DL_CreateReleation.c - */ - -#include -#include -#include -#include - -#include "testmore.h" -#include "testenv.h" -#include "testcssm.h" - -#define DBNAME "testdl" - -CSSM_APPLEDL_OPEN_PARAMETERS openParameters = -{ - sizeof(CSSM_APPLEDL_OPEN_PARAMETERS), - CSSM_APPLEDL_OPEN_PARAMETERS_VERSION, - CSSM_FALSE, - kCSSM_APPLEDL_MASK_MODE, - 0600 -}; -CSSM_DBINFO dbInfo = -{ - 0 /* NumberOfRecordTypes */, - NULL, - NULL, - NULL, - CSSM_TRUE /* IsLocal */, - NULL, /* AccessPath - URL, dir path, etc. */ - NULL /* reserved */ -}; -CSSM_DB_SCHEMA_ATTRIBUTE_INFO attributeInfo[] = -{ - { - 1, - "One", - {}, - CSSM_DB_ATTRIBUTE_FORMAT_STRING - }, - { - 2, - "Two", - {}, - CSSM_DB_ATTRIBUTE_FORMAT_STRING - } -}; -CSSM_DB_SCHEMA_INDEX_INFO indexInfo[] = -{ - { - 1, - 0, - CSSM_DB_INDEX_UNIQUE, - CSSM_DB_INDEX_ON_ATTRIBUTE - }, - { - 1, - 1, - CSSM_DB_INDEX_NONUNIQUE, - CSSM_DB_INDEX_ON_ATTRIBUTE - }, - { - 2, - 2, - CSSM_DB_INDEX_NONUNIQUE, - CSSM_DB_INDEX_ON_ATTRIBUTE - } -}; -CSSM_DATA values[] = -{ - { 5, (uint8 *)"value" } -}; -CSSM_DB_ATTRIBUTE_DATA attributeData[] = -{ - { - { - CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - { "One" }, - CSSM_DB_ATTRIBUTE_FORMAT_STRING - }, - sizeof(values) / sizeof(CSSM_DATA), - values - }, - { - { - CSSM_DB_ATTRIBUTE_NAME_AS_STRING, - { "Two" }, - CSSM_DB_ATTRIBUTE_FORMAT_STRING - }, - sizeof(values) / sizeof(CSSM_DATA), - values - } -}; -CSSM_DB_RECORD_ATTRIBUTE_DATA attributes = -{ - 42, - 0, - sizeof(attributeData) / sizeof(CSSM_DB_ATTRIBUTE_DATA), - attributeData -}; - -int -static test1(CSSM_DL_HANDLE dl) -{ - int pass = 1; - CSSM_DL_DB_HANDLE dldb = { dl }; - CSSM_DB_UNIQUE_RECORD_PTR uniqueId; - - pass &= ok_status(CSSM_DL_DbCreate(dl, DBNAME, NULL /* DbLocation */, - &dbInfo, - CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, - NULL /* CredAndAclEntry */, - &openParameters, - &dldb.DBHandle), - "CSSM_DL_DbCreate"); - - pass &= is_status(CSSM_DL_DataInsert(dldb, - attributes.DataRecordType, - &attributes, - NULL, - &uniqueId), - CSSMERR_DL_INVALID_RECORDTYPE, "CSSM_DL_DataInsert no table"); - - pass &= ok_status(CSSM_DL_CreateRelation(dldb, - 42, - "Fourty Two", - sizeof(attributeInfo) / sizeof(CSSM_DB_SCHEMA_ATTRIBUTE_INFO), - attributeInfo, - sizeof(indexInfo) / sizeof(CSSM_DB_SCHEMA_INDEX_INFO), - indexInfo), "CSSM_DL_CreateRelation"); - - pass &= ok_status(CSSM_DL_DataInsert(dldb, - attributes.DataRecordType, - &attributes, - NULL, - &uniqueId), "CSSM_DL_DataInsert"); - - pass &= is_status(CSSM_DL_DataInsert(dldb, - attributes.DataRecordType, - &attributes, - NULL, - &uniqueId), - CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA, "CSSM_DL_DataInsert dupe"); - - pass &= ok_status(CSSM_DL_FreeUniqueRecord(dldb, uniqueId), - "CSSM_DL_FreeUniqueRecord"); - - pass &= ok_status(CSSM_DL_DbClose(dldb), - "CSSM_DL_DbClose"); - - return pass; -} - -int -static test2(CSSM_DL_HANDLE dl) -{ - int pass = 1; - CSSM_DL_DB_HANDLE dldb = { dl }; - CSSM_DB_UNIQUE_RECORD_PTR uniqueId; - - pass &= ok_status(CSSM_DL_DbCreate(dl, DBNAME, NULL /* DbLocation */, - &dbInfo, - CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, - NULL /* CredAndAclEntry */, - NULL, - &dldb.DBHandle), - "CSSM_DL_DbCreate"); - - pass &= ok_status(CSSM_DL_DbClose(dldb), - "CSSM_DL_DbClose"); - - pass &= ok_status(CSSM_DL_DbOpen(dl, DBNAME, NULL /* DbLocation */, - CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, - NULL /* CredAndAclEntry */, - &openParameters, - &dldb.DBHandle), - "CSSM_DL_DbOpen"); - - pass &= is_status(CSSM_DL_DataInsert(dldb, - attributes.DataRecordType, - &attributes, - NULL, - &uniqueId), - CSSMERR_DL_INVALID_RECORDTYPE, "CSSM_DL_DataInsert no table"); - - pass &= ok_status(CSSM_DL_CreateRelation(dldb, - 42, - "Fourty Two", - sizeof(attributeInfo) / sizeof(CSSM_DB_SCHEMA_ATTRIBUTE_INFO), - attributeInfo, - sizeof(indexInfo) / sizeof(CSSM_DB_SCHEMA_INDEX_INFO), - indexInfo), "CSSM_DL_CreateRelation"); - - pass &= ok_status(CSSM_DL_DataInsert(dldb, - attributes.DataRecordType, - &attributes, - NULL, - &uniqueId), "CSSM_DL_DataInsert fails unless 4039735 is fixed"); - - pass &= is_status(CSSM_DL_DataInsert(dldb, - attributes.DataRecordType, - &attributes, - NULL, - &uniqueId), - CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA, - "CSSM_DL_DataInsert dupe"); - - pass &= ok_status(CSSM_DL_FreeUniqueRecord(dldb, uniqueId), - "CSSM_DL_FreeUniqueRecord"); - - pass &= ok_status(CSSM_DL_DbClose(dldb), - "CSSM_DL_DbDelete"); - - return pass; -} - -int -main(int argc, char * const *argv) -{ - int guid_alt = argc > 1 && !strcmp(argv[1], "-g"); - /* {2cb56191-ee6f-432d-a377-853d3c6b949e} */ - CSSM_GUID s3dl_guid = - { - 0x2cb56191, 0xee6f, 0x432d, - { 0xa3, 0x77, 0x85, 0x3d, 0x3c, 0x6b, 0x94, 0x9e } - }; - const CSSM_GUID *guid = guid_alt ? & s3dl_guid : &gGuidAppleFileDL; - - int pass = 1; - - plan_tests(23); - - CSSM_DL_HANDLE dl; - pass &= ok(cssm_attach(guid, &dl), "cssm_attach"); - pass &= ok(tests_begin(argc, argv), "tests_begin"); - - pass &= ok(test1(dl), "insert record in new table with ac off"); - pass &= ok_status(CSSM_DL_DbDelete(dl, DBNAME, NULL /* DbLocation */, - NULL /* AccessCred */), "CSSM_DL_DbDelete"); - pass &= ok(test2(dl), - "insert record in existing db in new table with ac off"); - pass &= ok_status(CSSM_DL_DbDelete(dl, DBNAME, NULL /* DbLocation */, - NULL /* AccessCred */), "CSSM_DL_DbDelete"); - pass &= ok(cssm_detach(guid, dl), "cssm_detach"); - - return !tests_end(pass); -} diff --git a/SecurityTests/regressions/dl/dl-12-modify.c b/SecurityTests/regressions/dl/dl-12-modify.c deleted file mode 100644 index 9d591480..00000000 --- a/SecurityTests/regressions/dl/dl-12-modify.c +++ /dev/null @@ -1,687 +0,0 @@ -/* - * Copyright (c) 2005-2006,2010 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - * - * 01DL_CreateReleation.c - */ - -#include -#include -#include -#include - -#include "testmore.h" -#include "testenv.h" -#include "testcssm.h" -#include "testleaks.h" - -#define DBNAME "testdl" - -CSSM_APPLEDL_OPEN_PARAMETERS openParameters = -{ - sizeof(CSSM_APPLEDL_OPEN_PARAMETERS), - CSSM_APPLEDL_OPEN_PARAMETERS_VERSION, - CSSM_FALSE, - kCSSM_APPLEDL_MASK_MODE, - 0600 -}; -CSSM_DBINFO dbInfo = -{ - 0 /* NumberOfRecordTypes */, - NULL, - NULL, - NULL, - CSSM_TRUE /* IsLocal */, - NULL, /* AccessPath - URL, dir path, etc. */ - NULL /* reserved */ -}; -CSSM_DB_SCHEMA_ATTRIBUTE_INFO attributeInfo[] = -{ - { - 1, - "string-1", - {}, - CSSM_DB_ATTRIBUTE_FORMAT_STRING - }, - { - 2, - "sint32-2", - {}, - CSSM_DB_ATTRIBUTE_FORMAT_SINT32 - }, - { - 3, - "uint32-3", - {}, - CSSM_DB_ATTRIBUTE_FORMAT_UINT32 - }, - { - 4, - "big_num-4", - {}, - CSSM_DB_ATTRIBUTE_FORMAT_BIG_NUM - }, - { - 5, - "real-5", - {}, - CSSM_DB_ATTRIBUTE_FORMAT_REAL - }, - { - 6, - "time-date-6", - {}, - CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE - }, - { - 7, - "blob-7", - {}, - CSSM_DB_ATTRIBUTE_FORMAT_BLOB - }, - { - 8, - "multi-uint32-8", - {}, - CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32 - }, -#if 0 - /* @@@ DL bug if you create a relation with a - CSSM_DB_ATTRIBUTE_FORMAT_COMPLEX type attribute it succeeds but - subsequent inserts in that table fail. */ - { - 9, - "complex-9", - {}, - CSSM_DB_ATTRIBUTE_FORMAT_COMPLEX - } -#endif -}; -CSSM_DB_SCHEMA_INDEX_INFO indexInfo[] = -{ - { - 1, - 0, - CSSM_DB_INDEX_UNIQUE, - CSSM_DB_INDEX_ON_ATTRIBUTE - }, - { - 1, - 1, - CSSM_DB_INDEX_NONUNIQUE, - CSSM_DB_INDEX_ON_ATTRIBUTE - }, - { - 2, - 2, - CSSM_DB_INDEX_NONUNIQUE, - CSSM_DB_INDEX_ON_ATTRIBUTE - } -}; -CSSM_DATA values_str_1[] = -{ - { 7, (uint8 *)"value-1" } -}; -CSSM_DATA values_str_2[] = -{ - { 7, (uint8 *)"value-2" } -}; -CSSM_DATA values_sint32_1[] = -{ - { sizeof(sint32), (uint8 *)"1111" } -}; -CSSM_DATA values_sint32_2[] = -{ - { sizeof(sint32), (uint8 *)"2222" } -}; - -CSSM_DB_ATTRIBUTE_DATA attributeData[] = -{ - { - { - CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER, - { (char *)((uint64_t)1<<32|1) }, - CSSM_DB_ATTRIBUTE_FORMAT_STRING - }, - sizeof(values_str_1) / sizeof(CSSM_DATA), - values_str_1 - }, - { - { - CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER, - { (char *)((uint64_t)2<<32|2) }, - CSSM_DB_ATTRIBUTE_FORMAT_SINT32 - }, - sizeof(values_sint32_1) / sizeof(CSSM_DATA), - values_sint32_1 - } -}; -CSSM_DB_RECORD_ATTRIBUTE_DATA attributes = -{ - 42, - 0x00008000, - sizeof(attributeData) / sizeof(CSSM_DB_ATTRIBUTE_DATA), - attributeData -}; - -CSSM_DB_ATTRIBUTE_DATA newAttributeData[] = -{ - { - { - CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER, - { (char *)((uint64_t)1<<32|1) }, - CSSM_DB_ATTRIBUTE_FORMAT_STRING - }, - sizeof(values_str_2) / sizeof(CSSM_DATA), - values_str_2 - }, - { - { - CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER, - { (char *)((uint64_t)2<<32|2) }, - CSSM_DB_ATTRIBUTE_FORMAT_SINT32 - }, - sizeof(values_sint32_2) / sizeof(CSSM_DATA), - values_sint32_2 - } -}; -CSSM_DB_RECORD_ATTRIBUTE_DATA newAttributes = -{ - 42, - 0x80000001, /* Semantic Information. */ - sizeof(newAttributeData) / sizeof(CSSM_DB_ATTRIBUTE_DATA), - newAttributeData -}; - -static void free_attributes_data(const CSSM_API_MEMORY_FUNCS *memfuncs, - CSSM_DB_RECORD_ATTRIBUTE_DATA_PTR attributes, CSSM_DATA_PTR data) -{ - if (data && data->Data) - { - memfuncs->free_func(data->Data, memfuncs->AllocRef); - data->Data = NULL; - } - - if (attributes && attributes->AttributeData) - { - uint32 aix; - for (aix = 0; aix < attributes->NumberOfAttributes; ++aix) - { - if (attributes->AttributeData[aix].Value) - { - uint32 vix; - for (vix = 0; - vix < attributes->AttributeData[aix].NumberOfValues; ++vix) - { - if (attributes->AttributeData[aix].Value[vix].Data) - { - memfuncs->free_func( - attributes->AttributeData[aix].Value[vix].Data, - memfuncs->AllocRef); - } - } - - memfuncs->free_func(attributes->AttributeData[aix].Value, - memfuncs->AllocRef); - attributes->AttributeData[aix].NumberOfValues = 0; - attributes->AttributeData[aix].Value = NULL; - } - } - } -} - -static int test_is_attributes_data( - const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes1, const CSSM_DATA *data1, - const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes2, const CSSM_DATA *data2, - const char *description, const char *directive, - const char *reason, const char *file, unsigned line) -{ - if (attributes1 || attributes2) - { - if (!attributes1 || !attributes2) - return test_ok(0, description, directive, reason, file, line, - "# got CSSM_DB_RECORD_ATTRIBUTE_DATA %p\n" - "# expected CSSM_DB_RECORD_ATTRIBUTE_DATA %p\n", - attributes1, attributes2); - - if (attributes1->DataRecordType != attributes2->DataRecordType || - attributes1->SemanticInformation != - attributes2->SemanticInformation || - attributes1->NumberOfAttributes != attributes2->NumberOfAttributes) - return test_ok(0, description, directive, reason, file, line, - "# got CSSM_DB_RECORD_ATTRIBUTE_DATA:\n" - "# DataRecordType: %08x\n" - "# SemanticInformation: %08x\n" - "# NumberOfAttributes: %lu\n" - "# expected CSSM_DB_RECORD_ATTRIBUTE_DATA:\n" - "# DataRecordType: %08x\n" - "# SemanticInformation: %08x\n" - "# NumberOfAttributes: %lu\n", - attributes1->DataRecordType, - attributes1->SemanticInformation, - attributes1->NumberOfAttributes, - attributes2->DataRecordType, - attributes2->SemanticInformation, - attributes2->NumberOfAttributes); - uint32 ai; - for (ai = 0; ai < attributes1->NumberOfAttributes; ++ai) - { - const CSSM_DB_ATTRIBUTE_DATA *a1 = &attributes1->AttributeData[ai]; - const CSSM_DB_ATTRIBUTE_DATA *a2 = &attributes2->AttributeData[ai]; - if (a1->Info.AttributeFormat != a2->Info.AttributeFormat || - a1->NumberOfValues != a2->NumberOfValues) - return test_ok(0, description, directive, reason, file, line, - "# got AttributeData[%lu]:\n" - "# AttributeFormat: %08x\n" - "# NumberOfValues: %lu\n" - "# expected AttributeData[%lu]:\n" - "# AttributeFormat: %08x\n" - "# NumberOfValues: %lu\n", - ai, a1->Info.AttributeFormat, a1->NumberOfValues, - ai, a2->Info.AttributeFormat, a2->NumberOfValues); - uint32 vi; - for (vi = 0; vi < a1->NumberOfValues; ++vi) - { - const CSSM_DATA *d1 = &a1->Value[vi]; - const CSSM_DATA *d2 = &a2->Value[vi]; - if (d1->Length != d2->Length || !d1->Data || !d2->Data || - memcmp(d1->Data, d2->Data, d1->Length)) - return test_ok(d1->Data == d2->Data, description, - directive, reason, file, line, - "# got AttributeData[%lu].Value[%lu]:\n" - "# length: %lu\n" - "# data: '%.*s'\n" - "# expected AttributeData[%lu].Value[%lu]:\n" - "# length: %lu\n" - "# data: '%.*s'\n", - ai, vi, d1->Length, (int)d1->Length, d1->Data, - ai, vi, d2->Length, (int)d2->Length, d2->Data); - } - } - } - if (data1 || data2) - { - if (!data1 || !data2) - return test_ok(0, description, directive, reason, file, line, - "# got CSSM_DATA %p\n" - "# expected CSSM_DATA %p\n", data1, data2); - if (data1->Length != data2->Length || !data1->Data || !data2->Data || - memcmp(data1->Data, data2->Data, data1->Length)) - return test_ok(data1->Data == data2->Data, description, directive, - reason, file, line, - "# got CSSM_DATA:\n" - "# length: %lu\n" - "# data: '%.*s'\n" - "# expected CSSM_DATA:\n" - "# length: %lu\n" - "# data: '%.*s'\n", - data1->Length, (int)data1->Length, data1->Data, - data2->Length, (int)data2->Length, data2->Data); - } - - return test_ok(1, description, directive, reason, file, line, NULL); -} - -#define is_attributes_data(A1, D1, A2, D2, TESTNAME) \ -( \ - test_is_attributes_data((A1), (D1), (A2), (D2), \ - TESTNAME, test_directive, test_reason, __FILE__, __LINE__) \ -) - -static void test1(CSSM_DL_HANDLE dl) -{ - CSSM_DL_DB_HANDLE dldb = { dl }; - CSSM_DB_UNIQUE_RECORD_PTR uniqueId; - - CSSM_DATA data = { 4, (uint8 *)"test" }; - ok_status(CSSM_DL_DbCreate(dl, DBNAME, NULL /* DbLocation */, - &dbInfo, - CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, - NULL /* CredAndAclEntry */, - NULL /* &openParameters */, - &dldb.DBHandle), - "CSSM_DL_DbCreate"); - - is_status(CSSM_DL_DataInsert(dldb, - attributes.DataRecordType, - &attributes, - &data, - &uniqueId), - CSSMERR_DL_INVALID_RECORDTYPE, "CSSM_DL_DataInsert no table"); - - ok_status(CSSM_DL_CreateRelation(dldb, - 42, - "Fourty Two", - sizeof(attributeInfo) / sizeof(CSSM_DB_SCHEMA_ATTRIBUTE_INFO), - attributeInfo, - sizeof(indexInfo) / sizeof(CSSM_DB_SCHEMA_INDEX_INFO), - indexInfo), "CSSM_DL_CreateRelation"); - - ok_status(CSSM_DL_DataInsert(dldb, - attributes.DataRecordType, - &attributes, - &data, - &uniqueId), "CSSM_DL_DataInsert"); - - is_status(CSSM_DL_DataInsert(dldb, - attributes.DataRecordType, - &attributes, - &data, - &uniqueId), - CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA, "CSSM_DL_DataInsert dupe"); - - ok_status(CSSM_DL_DataModify(dldb, - attributes.DataRecordType, - uniqueId, - &newAttributes, - &data, - CSSM_DB_MODIFY_ATTRIBUTE_REPLACE), "CSSM_DL_DataModify"); - - ok_status(CSSM_DL_FreeUniqueRecord(dldb, uniqueId), - "CSSM_DL_FreeUniqueRecord"); - - ok_status(CSSM_DL_DataInsert(dldb, - attributes.DataRecordType, - &attributes, - &data, - &uniqueId), "CSSM_DL_DataInsert old one again"); - - CSSM_API_MEMORY_FUNCS memfuncs = {}; - ok_status(CSSM_GetAPIMemoryFunctions(dldb.DLHandle, &memfuncs), - "CSSM_GetAPIMemoryFunctions"); - - ok_status(CSSM_DL_DataGetFromUniqueRecordId(dldb, uniqueId, NULL, NULL), - "CSSM_DL_DataGetFromUniqueRecordId get nothing"); - - CSSM_DATA resultData = {}; - ok_status(CSSM_DL_DataGetFromUniqueRecordId(dldb, uniqueId, - NULL, &resultData), - "CSSM_DL_DataGetFromUniqueRecordId get data"); - is_attributes_data(NULL, &resultData, NULL, &data, "Does data match?"); - free_attributes_data(&memfuncs, NULL, &resultData); - - CSSM_DB_RECORD_ATTRIBUTE_DATA baseNoAttrs = attributes; - baseNoAttrs.NumberOfAttributes = 0; - baseNoAttrs.AttributeData = NULL; - CSSM_DB_RECORD_ATTRIBUTE_DATA resultNoAttrs = {}; - ok_status(CSSM_DL_DataGetFromUniqueRecordId(dldb, uniqueId, - &resultNoAttrs, NULL), - "CSSM_DL_DataGetFromUniqueRecordId get 0 attributes"); - is_attributes_data(&resultNoAttrs, NULL, &baseNoAttrs, NULL, - "Do attrs match?"); - free_attributes_data(&memfuncs, &resultNoAttrs, NULL); - - ok_status(CSSM_DL_DataGetFromUniqueRecordId(dldb, uniqueId, - &resultNoAttrs, &resultData), - "CSSM_DL_DataGetFromUniqueRecordId get data and 0 attributes"); - is_attributes_data(&resultNoAttrs, &resultData, &baseNoAttrs, &data, - "Do attrs and data match?"); - free_attributes_data(&memfuncs, &resultNoAttrs, &resultData); - - CSSM_DB_ATTRIBUTE_DATA resultAttributeData[] = - { - {{ CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER, { (char *)((uint64_t)1<<32|1) } }}, - {{ CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER, { (char *)((uint64_t)2<<32|2) } }} - }; - CSSM_DB_RECORD_ATTRIBUTE_DATA resultAttrs = - { - 0, 0, - sizeof(resultAttributeData) / sizeof(*resultAttributeData), - resultAttributeData - }; - ok_status(CSSM_DL_DataGetFromUniqueRecordId(dldb, uniqueId, - &resultAttrs, &resultData), - "CSSM_DL_DataGetFromUniqueRecordId get data and 2 attributes"); - is_attributes_data(&resultAttrs, &resultData, &attributes, &data, - "Do attrs and data match?"); - free_attributes_data(&memfuncs, &resultAttrs, &resultData); - - ok_status(CSSM_DL_FreeUniqueRecord(dldb, uniqueId), - "CSSM_DL_FreeUniqueRecord"); - - CSSM_SELECTION_PREDICATE predicates[] = - { - { - CSSM_DB_EQUAL, - { - { CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER, { (char *)((uint64_t)1<<32|1) } }, - 1, values_str_1 - } - } - }; - CSSM_QUERY query = - { - attributes.DataRecordType, - CSSM_DB_AND, - sizeof(predicates) / sizeof(*predicates), - predicates, - { CSSM_QUERY_TIMELIMIT_NONE, CSSM_QUERY_SIZELIMIT_NONE }, - 0 /* CSSM_QUERY_RETURN_DATA -- for keys only to return raw key bits */ - }; - CSSM_HANDLE search = CSSM_INVALID_HANDLE; - is_status(CSSM_DL_DataGetFirst(dldb, &query, NULL, - NULL, NULL, NULL), CSSM_ERRCODE_INVALID_POINTER, - "CSSM_DL_DataGetFirst no search handle, no unique_record"); - is_status(CSSM_DL_DataGetFirst(dldb, &query, &search, - NULL, NULL, NULL), CSSM_ERRCODE_INVALID_POINTER, - "CSSM_DL_DataGetFirst no unique_record"); - is_status(CSSM_DL_DataGetFirst(dldb, &query, NULL, - NULL, NULL, &uniqueId), CSSM_ERRCODE_INVALID_POINTER, - "CSSM_DL_DataGetFirst no search handle"); - - ok_status(CSSM_DL_DataGetFirst(dldb, &query, &search, - NULL, NULL, &uniqueId), - "CSSM_DL_DataGetFirst no data no attrs"); - ok_status(CSSM_DL_FreeUniqueRecord(dldb, uniqueId), - "CSSM_DL_FreeUniqueRecord"); - ok_status(CSSM_DL_DataAbortQuery(dldb, search), - "CSSM_DL_DataAbortQuery"); - - ok_status(CSSM_DL_DataGetFirst(dldb, &query, &search, - &resultNoAttrs, NULL, &uniqueId), - "CSSM_DL_DataGetFirst 0 attrs"); - is_attributes_data(&resultNoAttrs, NULL, &baseNoAttrs, NULL, - "Do attrs match?"); - free_attributes_data(&memfuncs, &resultNoAttrs, NULL); - ok_status(CSSM_DL_FreeUniqueRecord(dldb, uniqueId), - "CSSM_DL_FreeUniqueRecord"); - ok_status(CSSM_DL_DataAbortQuery(dldb, search), - "CSSM_DL_DataAbortQuery"); - - ok_status(CSSM_DL_DataGetFirst(dldb, &query, &search, - NULL, &resultData, &uniqueId), - "CSSM_DL_DataGetFirst data"); - is_attributes_data(NULL, &resultData, NULL, &data, "Does data match?"); - free_attributes_data(&memfuncs, NULL, &resultData); - ok_status(CSSM_DL_FreeUniqueRecord(dldb, uniqueId), - "CSSM_DL_FreeUniqueRecord"); - ok_status(CSSM_DL_DataAbortQuery(dldb, search), - "CSSM_DL_DataAbortQuery"); - - ok_status(CSSM_DL_DataGetFirst(dldb, &query, &search, - &resultNoAttrs, &resultData, &uniqueId), - "CSSM_DL_DataGetFirst 0 attrs and data"); - is_attributes_data(&resultNoAttrs, &resultData, &baseNoAttrs, &data, - "Do attrs and data match?"); - free_attributes_data(&memfuncs, &resultNoAttrs, &resultData); - ok_status(CSSM_DL_FreeUniqueRecord(dldb, uniqueId), - "CSSM_DL_FreeUniqueRecord"); - ok_status(CSSM_DL_DataAbortQuery(dldb, search), - "CSSM_DL_DataAbortQuery"); - - ok_status(CSSM_DL_DataGetFirst(dldb, &query, &search, - &resultAttrs, &resultData, &uniqueId), - "CSSM_DL_DataGetFirst 2 attrs and data"); - is_attributes_data(&resultAttrs, &resultData, &attributes, &data, - "Do attrs and data match?"); - free_attributes_data(&memfuncs, &resultAttrs, &resultData); - ok_status(CSSM_DL_FreeUniqueRecord(dldb, uniqueId), - "CSSM_DL_FreeUniqueRecord"); - ok_status(CSSM_DL_DataAbortQuery(dldb, search), - "CSSM_DL_DataAbortQuery"); - - SKIP: { - skip("nothing to free", 2, - ok_status(CSSM_DL_DataGetFirst(dldb, &query, &search, - &resultAttrs, &resultData, &uniqueId), - "CSSM_DL_DataGetFirst 2 attrs and data")); - is_attributes_data(&resultAttrs, &resultData, &attributes, &data, - "Do attrs and data match?"); - free_attributes_data(&memfuncs, &resultAttrs, &resultData); - ok_status(CSSM_DL_FreeUniqueRecord(dldb, uniqueId), - "CSSM_DL_FreeUniqueRecord"); - } - - is_status(CSSM_DL_DataGetNext(dldb, search, - &resultAttrs, &resultData, &uniqueId), - CSSMERR_DL_ENDOFDATA, "CSSM_DL_DataGetNext returns eod"); - - CSSM_QUERY query2 = - { - attributes.DataRecordType, - CSSM_DB_NONE, - 0, - NULL, - { CSSM_QUERY_TIMELIMIT_NONE, CSSM_QUERY_SIZELIMIT_NONE }, - 0 /* CSSM_QUERY_RETURN_DATA -- for keys only to return raw key bits */ - }; - ok_status(CSSM_DL_DataGetFirst(dldb, &query2, &search, - &resultAttrs, &resultData, &uniqueId), - "CSSM_DL_DataGetFirst 2 attrs and data"); - free_attributes_data(&memfuncs, &resultAttrs, &resultData); - ok_status(CSSM_DL_FreeUniqueRecord(dldb, uniqueId), - "CSSM_DL_FreeUniqueRecord"); - ok_status(CSSM_DL_DataGetNext(dldb, search, - &resultAttrs, &resultData, &uniqueId), - "CSSM_DL_DataGetNext 2 attrs and data"); - free_attributes_data(&memfuncs, &resultAttrs, &resultData); - ok_status(CSSM_DL_FreeUniqueRecord(dldb, uniqueId), - "CSSM_DL_FreeUniqueRecord"); - ok_status(CSSM_DL_DataAbortQuery(dldb, search), - "CSSM_DL_DataAbortQuery"); - - ok_status(CSSM_DL_DbClose(dldb), - "CSSM_DL_DbClose"); -} - -static void test2(CSSM_DL_HANDLE dl) -{ - CSSM_DL_DB_HANDLE dldb = { dl }; - CSSM_DB_UNIQUE_RECORD_PTR uniqueId; - - ok_status(CSSM_DL_DbCreate(dl, DBNAME, NULL /* DbLocation */, - &dbInfo, - CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, - NULL /* CredAndAclEntry */, - NULL, - &dldb.DBHandle), - "CSSM_DL_DbCreate"); - - ok_status(CSSM_DL_DbClose(dldb), - "CSSM_DL_DbClose"); - - ok_status(CSSM_DL_DbOpen(dl, DBNAME, NULL /* DbLocation */, - CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, - NULL /* CredAndAclEntry */, - &openParameters, - &dldb.DBHandle), - "CSSM_DL_DbOpen"); - - is_status(CSSM_DL_DataInsert(dldb, - attributes.DataRecordType, - &attributes, - NULL, - &uniqueId), - CSSMERR_DL_INVALID_RECORDTYPE, "CSSM_DL_DataInsert no table"); - - ok_status(CSSM_DL_CreateRelation(dldb, - 42, - "Fourty Two", - sizeof(attributeInfo) / sizeof(CSSM_DB_SCHEMA_ATTRIBUTE_INFO), - attributeInfo, - sizeof(indexInfo) / sizeof(CSSM_DB_SCHEMA_INDEX_INFO), - indexInfo), "CSSM_DL_CreateRelation"); - - ok_status(CSSM_DL_DataInsert(dldb, - attributes.DataRecordType, - &attributes, - NULL, - &uniqueId), "CSSM_DL_DataInsert fails unless 4039735 is fixed"); - - is_status(CSSM_DL_DataInsert(dldb, - attributes.DataRecordType, - &attributes, - NULL, - &uniqueId), - CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA, - "CSSM_DL_DataInsert dupe"); - - ok_status(CSSM_DL_DataDelete(dldb, uniqueId), - "CSSM_DL_Delete"); - - is_status(CSSM_DL_DataDelete(dldb, uniqueId), - CSSMERR_DL_RECORD_NOT_FOUND, "delete again should fail"); - - ok_status(CSSM_DL_FreeUniqueRecord(dldb, uniqueId), - "CSSM_DL_FreeUniqueRecord"); - - ok_status(CSSM_DL_DataInsert(dldb, - attributes.DataRecordType, - &attributes, - NULL, - &uniqueId), "Insert again after delete"); - - ok_status(CSSM_DL_FreeUniqueRecord(dldb, uniqueId), - "CSSM_DL_FreeUniqueRecord"); - - ok_status(CSSM_DL_DbClose(dldb), - "CSSM_DL_DbDelete"); -} - -int -main(int argc, char * const *argv) -{ - int guid_alt = argc > 1 && !strcmp(argv[1], "-g"); - /* {2cb56191-ee6f-432d-a377-853d3c6b949e} */ - CSSM_GUID s3dl_guid = - { - 0x2cb56191, 0xee6f, 0x432d, - { 0xa3, 0x77, 0x85, 0x3d, 0x3c, 0x6b, 0x94, 0x9e } - }; - const CSSM_GUID *guid = guid_alt ? & s3dl_guid : &gGuidAppleFileDL; - - plan_tests(70); - - CSSM_DL_HANDLE dl; - ok(cssm_attach(guid, &dl), "cssm_attach"); - ok(tests_begin(argc, argv), "tests_begin"); - - test1(dl); - ok_status(CSSM_DL_DbDelete(dl, DBNAME, NULL /* DbLocation */, - NULL /* AccessCred */), "CSSM_DL_DbDelete"); - test2(dl); - ok_status(CSSM_DL_DbDelete(dl, DBNAME, NULL /* DbLocation */, - NULL /* AccessCred */), "CSSM_DL_DbDelete"); - ok(cssm_detach(guid, dl), "cssm_detach"); - ok_leaks("no leaks"); - - return !tests_end(1); -} diff --git a/SecurityTests/regressions/inc/MyHarness.pm b/SecurityTests/regressions/inc/MyHarness.pm deleted file mode 100644 index 781b828c..00000000 --- a/SecurityTests/regressions/inc/MyHarness.pm +++ /dev/null @@ -1,29 +0,0 @@ -use warnings; -use strict; - -package MyStraps; -use base qw( Test::Harness::Straps ); - -sub _command_line { - my $self = shift; - my $file = shift; - - $file = qq["$file"] if ($file =~ /\s/) && ($file !~ /^".*"$/); - my $line = "$file"; - - return $line; -} - -sub _default_inc { - return @INC; -} - -package MyHarness; -use base qw( Test::Harness ); - -#my $Strap = MyStraps->new(); -$Test::Harness::Strap = MyStraps->new(); - -sub strap { return $Test::Harness::Strap } - -1; diff --git a/SecurityTests/regressions/inc/Test.pm b/SecurityTests/regressions/inc/Test.pm deleted file mode 100644 index f2cddc09..00000000 --- a/SecurityTests/regressions/inc/Test.pm +++ /dev/null @@ -1,955 +0,0 @@ - -require 5.004; -package Test; -# Time-stamp: "2004-04-28 21:46:51 ADT" - -use strict; - -use Carp; -use vars (qw($VERSION @ISA @EXPORT @EXPORT_OK $ntest $TestLevel), #public-ish - qw($TESTOUT $TESTERR %Program_Lines $told_about_diff - $ONFAIL %todo %history $planned @FAILDETAIL) #private-ish - ); - -# In case a test is run in a persistent environment. -sub _reset_globals { - %todo = (); - %history = (); - @FAILDETAIL = (); - $ntest = 1; - $TestLevel = 0; # how many extra stack frames to skip - $planned = 0; -} - -$VERSION = '1.25'; -require Exporter; -@ISA=('Exporter'); - -@EXPORT = qw(&plan &ok &skip); -@EXPORT_OK = qw($ntest $TESTOUT $TESTERR); - -$|=1; -$TESTOUT = *STDOUT{IO}; -$TESTERR = *STDERR{IO}; - -# Use of this variable is strongly discouraged. It is set mainly to -# help test coverage analyzers know which test is running. -$ENV{REGRESSION_TEST} = $0; - - -=head1 NAME - -Test - provides a simple framework for writing test scripts - -=head1 SYNOPSIS - - use strict; - use Test; - - # use a BEGIN block so we print our plan before MyModule is loaded - BEGIN { plan tests => 14, todo => [3,4] } - - # load your module... - use MyModule; - - # Helpful notes. All note-lines must start with a "#". - print "# I'm testing MyModule version $MyModule::VERSION\n"; - - ok(0); # failure - ok(1); # success - - ok(0); # ok, expected failure (see todo list, above) - ok(1); # surprise success! - - ok(0,1); # failure: '0' ne '1' - ok('broke','fixed'); # failure: 'broke' ne 'fixed' - ok('fixed','fixed'); # success: 'fixed' eq 'fixed' - ok('fixed',qr/x/); # success: 'fixed' =~ qr/x/ - - ok(sub { 1+1 }, 2); # success: '2' eq '2' - ok(sub { 1+1 }, 3); # failure: '2' ne '3' - - my @list = (0,0); - ok @list, 3, "\@list=".join(',',@list); #extra notes - ok 'segmentation fault', '/(?i)success/'; #regex match - - skip( - $^O =~ m/MSWin/ ? "Skip if MSWin" : 0, # whether to skip - $foo, $bar # arguments just like for ok(...) - ); - skip( - $^O =~ m/MSWin/ ? 0 : "Skip unless MSWin", # whether to skip - $foo, $bar # arguments just like for ok(...) - ); - -=head1 DESCRIPTION - -This module simplifies the task of writing test files for Perl modules, -such that their output is in the format that -L expects to see. - -=head1 QUICK START GUIDE - -To write a test for your new (and probably not even done) module, create -a new file called F (in a new F directory). If you have -multiple test files, to test the "foo", "bar", and "baz" feature sets, -then feel free to call your files F, F, and -F - -=head2 Functions - -This module defines three public functions, C, C, -and C. By default, all three are exported by -the C statement. - -=over 4 - -=item C - - BEGIN { plan %theplan; } - -This should be the first thing you call in your test script. It -declares your testing plan, how many there will be, if any of them -should be allowed to fail, and so on. - -Typical usage is just: - - use Test; - BEGIN { plan tests => 23 } - -These are the things that you can put in the parameters to plan: - -=over - -=item C I> - -The number of tests in your script. -This means all ok() and skip() calls. - -=item C [I<1,5,14>]> - -A reference to a list of tests which are allowed to fail. -See L. - -=item C sub { ... }> - -=item C \&some_sub> - -A subroutine reference to be run at the end of the test script, if -any of the tests fail. See L. - -=back - -You must call C once and only once. You should call it -in a C block, like so: - - BEGIN { plan tests => 23 } - -=cut - -sub plan { - croak "Test::plan(%args): odd number of arguments" if @_ & 1; - croak "Test::plan(): should not be called more than once" if $planned; - - local($\, $,); # guard against -l and other things that screw with - # print - - _reset_globals(); - - _read_program( (caller)[1] ); - - my $max=0; - while (@_) { - my ($k,$v) = splice(@_, 0, 2); - if ($k =~ /^test(s)?$/) { $max = $v; } - elsif ($k eq 'todo' or - $k eq 'failok') { for (@$v) { $todo{$_}=1; }; } - elsif ($k eq 'onfail') { - ref $v eq 'CODE' or croak "Test::plan(onfail => $v): must be CODE"; - $ONFAIL = $v; - } - else { carp "Test::plan(): skipping unrecognized directive '$k'" } - } - my @todo = sort { $a <=> $b } keys %todo; - if (@todo) { - print $TESTOUT "1..$max todo ".join(' ', @todo).";\n"; - } else { - print $TESTOUT "1..$max\n"; - } - ++$planned; - print $TESTOUT "# Running under perl version $] for $^O", - (chr(65) eq 'A') ? "\n" : " in a non-ASCII world\n"; - - print $TESTOUT "# Win32::BuildNumber ", &Win32::BuildNumber(), "\n" - if defined(&Win32::BuildNumber) and defined &Win32::BuildNumber(); - - print $TESTOUT "# MacPerl version $MacPerl::Version\n" - if defined $MacPerl::Version; - - printf $TESTOUT - "# Current time local: %s\n# Current time GMT: %s\n", - scalar(localtime($^T)), scalar(gmtime($^T)); - - print $TESTOUT "# Using Test.pm version $VERSION\n"; - - # Retval never used: - return undef; -} - -sub _read_program { - my($file) = shift; - return unless defined $file and length $file - and -e $file and -f _ and -r _; - open(SOURCEFILE, "<$file") || return; - $Program_Lines{$file} = []; - close(SOURCEFILE); - - foreach my $x (@{$Program_Lines{$file}}) - { $x =~ tr/\cm\cj\n\r//d } - - unshift @{$Program_Lines{$file}}, ''; - return 1; -} - -=begin _private - -=item B<_to_value> - - my $value = _to_value($input); - -Converts an C parameter to its value. Typically this just means -running it, if it's a code reference. You should run all inputted -values through this. - -=cut - -sub _to_value { - my ($v) = @_; - return ref $v eq 'CODE' ? $v->() : $v; -} - -sub _quote { - my $str = $_[0]; - return "" unless defined $str; - $str =~ s/\\/\\\\/g; - $str =~ s/"/\\"/g; - $str =~ s/\a/\\a/g; - $str =~ s/[\b]/\\b/g; - $str =~ s/\e/\\e/g; - $str =~ s/\f/\\f/g; - $str =~ s/\n/\\n/g; - $str =~ s/\r/\\r/g; - $str =~ s/\t/\\t/g; - $str =~ s/([\0-\037])(?!\d)/sprintf('\\%o',ord($1))/eg; - $str =~ s/([\0-\037\177-\377])/sprintf('\\x%02X',ord($1))/eg; - $str =~ s/([^\0-\176])/sprintf('\\x{%X}',ord($1))/eg; - #if( $_[1] ) { - # substr( $str , 218-3 ) = "..." - # if length($str) >= 218 and !$ENV{PERL_TEST_NO_TRUNC}; - #} - return qq("$str"); -} - - -=end _private - -=item C - - ok(1 + 1 == 2); - ok($have, $expect); - ok($have, $expect, $diagnostics); - -This function is the reason for C's existence. It's -the basic function that -handles printing "C" or "C", along with the -current test number. (That's what C wants to see.) - -In its most basic usage, C simply takes a single scalar -expression. If its value is true, the test passes; if false, -the test fails. Examples: - - # Examples of ok(scalar) - - ok( 1 + 1 == 2 ); # ok if 1 + 1 == 2 - ok( $foo =~ /bar/ ); # ok if $foo contains 'bar' - ok( baz($x + $y) eq 'Armondo' ); # ok if baz($x + $y) returns - # 'Armondo' - ok( @a == @b ); # ok if @a and @b are the same length - -The expression is evaluated in scalar context. So the following will -work: - - ok( @stuff ); # ok if @stuff has any elements - ok( !grep !defined $_, @stuff ); # ok if everything in @stuff is - # defined. - -A special case is if the expression is a subroutine reference (in either -C syntax or C<\&foo> syntax). In -that case, it is executed and its value (true or false) determines if -the test passes or fails. For example, - - ok( sub { # See whether sleep works at least passably - my $start_time = time; - sleep 5; - time() - $start_time >= 4 - }); - -In its two-argument form, C, I)> compares the two -scalar values to see if they match. They match if both are undefined, -or if I is a regex that matches I, or if they compare equal -with C. - - # Example of ok(scalar, scalar) - - ok( "this", "that" ); # not ok, 'this' ne 'that' - ok( "", undef ); # not ok, "" is defined - -The second argument is considered a regex if it is either a regex -object or a string that looks like a regex. Regex objects are -constructed with the qr// operator in recent versions of perl. A -string is considered to look like a regex if its first and last -characters are "/", or if the first character is "m" -and its second and last characters are both the -same non-alphanumeric non-whitespace character. These regexp - -Regex examples: - - ok( 'JaffO', '/Jaff/' ); # ok, 'JaffO' =~ /Jaff/ - ok( 'JaffO', 'm|Jaff|' ); # ok, 'JaffO' =~ m|Jaff| - ok( 'JaffO', qr/Jaff/ ); # ok, 'JaffO' =~ qr/Jaff/; - ok( 'JaffO', '/(?i)jaff/ ); # ok, 'JaffO' =~ /jaff/i; - -If either (or both!) is a subroutine reference, it is run and used -as the value for comparing. For example: - - ok sub { - open(OUT, ">x.dat") || die $!; - print OUT "\x{e000}"; - close OUT; - my $bytecount = -s 'x.dat'; - unlink 'x.dat' or warn "Can't unlink : $!"; - return $bytecount; - }, - 4 - ; - -The above test passes two values to C -- the first -a coderef, and the second is the number 4. Before C compares them, -it calls the coderef, and uses its return value as the real value of -this parameter. Assuming that C<$bytecount> returns 4, C ends up -testing C<4 eq 4>. Since that's true, this test passes. - -Finally, you can append an optional third argument, in -C,I, I)>, where I is a string value that -will be printed if the test fails. This should be some useful -information about the test, pertaining to why it failed, and/or -a description of the test. For example: - - ok( grep($_ eq 'something unique', @stuff), 1, - "Something that should be unique isn't!\n". - '@stuff = '.join ', ', @stuff - ); - -Unfortunately, a note cannot be used with the single argument -style of C. That is, if you try C, I)>, then -C will interpret this as C, I)>, and probably -end up testing C eq I> -- and that's not what you want! - -All of the above special cases can occasionally cause some -problems. See L. - -=cut - -# A past maintainer of this module said: -# <> -# - -sub ok ($;$$) { - croak "ok: plan before you test!" if !$planned; - - local($\,$,); # guard against -l and other things that screw with - # print - - my ($pkg,$file,$line) = caller($TestLevel); - my $repetition = ++$history{"$file:$line"}; - my $context = ("$file at line $line". - ($repetition > 1 ? " fail \#$repetition" : '')); - - # Are we comparing two values? - my $compare = 0; - - my $ok=0; - my $result = _to_value(shift); - my ($expected, $isregex, $regex); - if (@_ == 0) { - $ok = $result; - } else { - $compare = 1; - $expected = _to_value(shift); - if (!defined $expected) { - $ok = !defined $result; - } elsif (!defined $result) { - $ok = 0; - } elsif (ref($expected) eq 'Regexp') { - $ok = $result =~ /$expected/; - $regex = $expected; - } elsif (($regex) = ($expected =~ m,^ / (.+) / $,sx) or - (undef, $regex) = ($expected =~ m,^ m([^\w\s]) (.+) \1 $,sx)) { - $ok = $result =~ /$regex/; - } else { - $ok = $result eq $expected; - } - } - my $todo = $todo{$ntest}; - if ($todo and $ok) { - $context .= ' TODO?!' if $todo; - print $TESTOUT "ok $ntest # ($context)\n"; - } else { - # Issuing two seperate prints() causes problems on VMS. - if (!$ok) { - print $TESTOUT "not ok $ntest\n"; - } - else { - print $TESTOUT "ok $ntest\n"; - } - - $ok or _complain($result, $expected, - { - 'repetition' => $repetition, 'package' => $pkg, - 'result' => $result, 'todo' => $todo, - 'file' => $file, 'line' => $line, - 'context' => $context, 'compare' => $compare, - @_ ? ('diagnostic' => _to_value(shift)) : (), - }); - - } - ++ $ntest; - $ok; -} - - -sub _complain { - my($result, $expected, $detail) = @_; - $$detail{expected} = $expected if defined $expected; - - # Get the user's diagnostic, protecting against multi-line - # diagnostics. - my $diag = $$detail{diagnostic}; - $diag =~ s/\n/\n#/g if defined $diag; - - $$detail{context} .= ' *TODO*' if $$detail{todo}; - if (!$$detail{compare}) { - if (!$diag) { - print $TESTERR "# Failed test $ntest in $$detail{context}\n"; - } else { - print $TESTERR "# Failed test $ntest in $$detail{context}: $diag\n"; - } - } else { - my $prefix = "Test $ntest"; - - print $TESTERR "# $prefix got: " . _quote($result) . - " ($$detail{context})\n"; - $prefix = ' ' x (length($prefix) - 5); - my $expected_quoted = (defined $$detail{regex}) - ? 'qr{'.($$detail{regex}).'}' : _quote($expected); - - print $TESTERR "# $prefix Expected: $expected_quoted", - $diag ? " ($diag)" : (), "\n"; - - _diff_complain( $result, $expected, $detail, $prefix ) - if defined($expected) and 2 < ($expected =~ tr/\n//); - } - - if(defined $Program_Lines{ $$detail{file} }[ $$detail{line} ]) { - print $TESTERR - "# $$detail{file} line $$detail{line} is: $Program_Lines{ $$detail{file} }[ $$detail{line} ]\n" - if $Program_Lines{ $$detail{file} }[ $$detail{line} ] - =~ m/[^\s\#\(\)\{\}\[\]\;]/; # Otherwise it's uninformative - - undef $Program_Lines{ $$detail{file} }[ $$detail{line} ]; - # So we won't repeat it. - } - - push @FAILDETAIL, $detail; - return; -} - - - -sub _diff_complain { - my($result, $expected, $detail, $prefix) = @_; - return _diff_complain_external(@_) if $ENV{PERL_TEST_DIFF}; - return _diff_complain_algdiff(@_) - if eval { require Algorithm::Diff; Algorithm::Diff->VERSION(1.15); 1; }; - - $told_about_diff++ or print $TESTERR <<"EOT"; -# $prefix (Install the Algorithm::Diff module to have differences in multiline -# $prefix output explained. You might also set the PERL_TEST_DIFF environment -# $prefix variable to run a diff program on the output.) -EOT - ; - return; -} - - - -sub _diff_complain_external { - my($result, $expected, $detail, $prefix) = @_; - my $diff = $ENV{PERL_TEST_DIFF} || die "WHAAAA?"; - - require File::Temp; - my($got_fh, $got_filename) = File::Temp::tempfile("test-got-XXXXX"); - my($exp_fh, $exp_filename) = File::Temp::tempfile("test-exp-XXXXX"); - unless ($got_fh && $exp_fh) { - warn "Can't get tempfiles"; - return; - } - - print $got_fh $result; - print $exp_fh $expected; - if (close($got_fh) && close($exp_fh)) { - my $diff_cmd = "$diff $exp_filename $got_filename"; - print $TESTERR "#\n# $prefix $diff_cmd\n"; - if (open(DIFF, "$diff_cmd |")) { - local $_; - while () { - print $TESTERR "# $prefix $_"; - } - close(DIFF); - } - else { - warn "Can't run diff: $!"; - } - } else { - warn "Can't write to tempfiles: $!"; - } - unlink($got_filename); - unlink($exp_filename); - return; -} - - - -sub _diff_complain_algdiff { - my($result, $expected, $detail, $prefix) = @_; - - my @got = split(/^/, $result); - my @exp = split(/^/, $expected); - - my $diff_kind; - my @diff_lines; - - my $diff_flush = sub { - return unless $diff_kind; - - my $count_lines = @diff_lines; - my $s = $count_lines == 1 ? "" : "s"; - my $first_line = $diff_lines[0][0] + 1; - - print $TESTERR "# $prefix "; - if ($diff_kind eq "GOT") { - print $TESTERR "Got $count_lines extra line$s at line $first_line:\n"; - for my $i (@diff_lines) { - print $TESTERR "# $prefix + " . _quote($got[$i->[0]]) . "\n"; - } - } elsif ($diff_kind eq "EXP") { - if ($count_lines > 1) { - my $last_line = $diff_lines[-1][0] + 1; - print $TESTERR "Lines $first_line-$last_line are"; - } - else { - print $TESTERR "Line $first_line is"; - } - print $TESTERR " missing:\n"; - for my $i (@diff_lines) { - print $TESTERR "# $prefix - " . _quote($exp[$i->[1]]) . "\n"; - } - } elsif ($diff_kind eq "CH") { - if ($count_lines > 1) { - my $last_line = $diff_lines[-1][0] + 1; - print $TESTERR "Lines $first_line-$last_line are"; - } - else { - print $TESTERR "Line $first_line is"; - } - print $TESTERR " changed:\n"; - for my $i (@diff_lines) { - print $TESTERR "# $prefix - " . _quote($exp[$i->[1]]) . "\n"; - print $TESTERR "# $prefix + " . _quote($got[$i->[0]]) . "\n"; - } - } - - # reset - $diff_kind = undef; - @diff_lines = (); - }; - - my $diff_collect = sub { - my $kind = shift; - &$diff_flush() if $diff_kind && $diff_kind ne $kind; - $diff_kind = $kind; - push(@diff_lines, [@_]); - }; - - - Algorithm::Diff::traverse_balanced( - \@got, \@exp, - { - DISCARD_A => sub { &$diff_collect("GOT", @_) }, - DISCARD_B => sub { &$diff_collect("EXP", @_) }, - CHANGE => sub { &$diff_collect("CH", @_) }, - MATCH => sub { &$diff_flush() }, - }, - ); - &$diff_flush(); - - return; -} - - - - -#~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~ - - -=item C, I)> - -This is used for tests that under some conditions can be skipped. It's -basically equivalent to: - - if( $skip_if_true ) { - ok(1); - } else { - ok( args... ); - } - -...except that the C emits not just "C>" but -actually "C # I>". - -The arguments after the I are what is fed to C if -this test isn't skipped. - -Example usage: - - my $if_MSWin = - $^O =~ m/MSWin/ ? 'Skip if under MSWin' : ''; - - # A test to be skipped if under MSWin (i.e., run except under MSWin) - skip($if_MSWin, thing($foo), thing($bar) ); - -Or, going the other way: - - my $unless_MSWin = - $^O =~ m/MSWin/ ? '' : 'Skip unless under MSWin'; - - # A test to be skipped unless under MSWin (i.e., run only under MSWin) - skip($unless_MSWin, thing($foo), thing($bar) ); - -The tricky thing to remember is that the first parameter is true if -you want to I the test, not I it; and it also doubles as a -note about why it's being skipped. So in the first codeblock above, read -the code as "skip if MSWin -- (otherwise) test whether C is -C" or for the second case, "skip unless MSWin...". - -Also, when your I string is true, it really should (for -backwards compatibility with older Test.pm versions) start with the -string "Skip", as shown in the above examples. - -Note that in the above cases, C and C -I evaluated -- but as long as the C is true, -then we C just tosses out their value (i.e., not -bothering to treat them like values to C. But if -you need to I eval the arguments when skipping the -test, use -this format: - - skip( $unless_MSWin, - sub { - # This code returns true if the test passes. - # (But it doesn't even get called if the test is skipped.) - thing($foo) eq thing($bar) - } - ); - -or even this, which is basically equivalent: - - skip( $unless_MSWin, - sub { thing($foo) }, sub { thing($bar) } - ); - -That is, both are like this: - - if( $unless_MSWin ) { - ok(1); # but it actually appends "# $unless_MSWin" - # so that Test::Harness can tell it's a skip - } else { - # Not skipping, so actually call and evaluate... - ok( sub { thing($foo) }, sub { thing($bar) } ); - } - -=cut - -sub skip ($;$$$) { - local($\, $,); # guard against -l and other things that screw with - # print - - my $whyskip = _to_value(shift); - if (!@_ or $whyskip) { - $whyskip = '' if $whyskip =~ m/^\d+$/; - $whyskip =~ s/^[Ss]kip(?:\s+|$)//; # backwards compatibility, old - # versions required the reason - # to start with 'skip' - # We print in one shot for VMSy reasons. - my $ok = "ok $ntest # skip"; - $ok .= " $whyskip" if length $whyskip; - $ok .= "\n"; - print $TESTOUT $ok; - ++ $ntest; - return 1; - } else { - # backwards compatiblity (I think). skip() used to be - # called like ok(), which is weird. I haven't decided what to do with - # this yet. -# warn <(\@FAILDETAIL) if @FAILDETAIL && $ONFAIL; -} - -1; -__END__ - -=head1 TEST TYPES - -=over 4 - -=item * NORMAL TESTS - -These tests are expected to succeed. Usually, most or all of your tests -are in this category. If a normal test doesn't succeed, then that -means that something is I. - -=item * SKIPPED TESTS - -The C function is for tests that might or might not be -possible to run, depending -on the availability of platform-specific features. The first argument -should evaluate to true (think "yes, please skip") if the required -feature is I available. After the first argument, C works -exactly the same way as C does. - -=item * TODO TESTS - -TODO tests are designed for maintaining an B. -These tests are I If a TODO test does succeed, -then the feature in question shouldn't be on the TODO list, now -should it? - -Packages should NOT be released with succeeding TODO tests. As soon -as a TODO test starts working, it should be promoted to a normal test, -and the newly working feature should be documented in the release -notes or in the change log. - -=back - -=head1 ONFAIL - - BEGIN { plan test => 4, onfail => sub { warn "CALL 911!" } } - -Although test failures should be enough, extra diagnostics can be -triggered at the end of a test run. C is passed an array ref -of hash refs that describe each test failure. Each hash will contain -at least the following fields: C, C, and -C. (You shouldn't rely on any other fields being present.) If the test -had an expected value or a diagnostic (or "note") string, these will also be -included. - -The I C hook might be used simply to print out the -version of your package and/or how to report problems. It might also -be used to generate extremely sophisticated diagnostics for a -particularly bizarre test failure. However it's not a panacea. Core -dumps or other unrecoverable errors prevent the C hook from -running. (It is run inside an C block.) Besides, C is -probably over-kill in most cases. (Your test code should be simpler -than the code it is testing, yes?) - - -=head1 BUGS and CAVEATS - -=over - -=item * - -C's special handing of strings which look like they might be -regexes can also cause unexpected behavior. An innocent: - - ok( $fileglob, '/path/to/some/*stuff/' ); - -will fail, since Test.pm considers the second argument to be a regex! -The best bet is to use the one-argument form: - - ok( $fileglob eq '/path/to/some/*stuff/' ); - -=item * - -C's use of string C can sometimes cause odd problems -when comparing -numbers, especially if you're casting a string to a number: - - $foo = "1.0"; - ok( $foo, 1 ); # not ok, "1.0" ne 1 - -Your best bet is to use the single argument form: - - ok( $foo == 1 ); # ok "1.0" == 1 - -=item * - -As you may have inferred from the above documentation and examples, -C's prototype is C<($;$$)> (and, incidentally, C's is -C<($;$$$)>). This means, for example, that you can do C -to compare the I of the two arrays. But don't be fooled into -thinking that C means a comparison of the contents of two -arrays -- you're comparing I the number of elements of each. It's -so easy to make that mistake in reading C that you might -want to be very explicit about it, and instead write C. - -=item * - -This almost definitely doesn't do what you expect: - - ok $thingy->can('some_method'); - -Why? Because C returns a coderef to mean "yes it can (and the -method is this...)", and then C sees a coderef and thinks you're -passing a function that you want it to call and consider the truth of -the result of! I.e., just like: - - ok $thingy->can('some_method')->(); - -What you probably want instead is this: - - ok $thingy->can('some_method') && 1; - -If the C returns false, then that is passed to C. If it -returns true, then the larger expression S<< C<< -$thingy->can('some_method') && 1 >> >> returns 1, which C sees as -a simple signal of success, as you would expect. - - -=item * - -The syntax for C is about the only way it can be, but it's still -quite confusing. Just start with the above examples and you'll -be okay. - -Moreover, users may expect this: - - skip $unless_mswin, foo($bar), baz($quux); - -to not evaluate C and C when the test is being -skipped. But in reality, they I evaluated, but C just won't -bother comparing them if C<$unless_mswin> is true. - -You could do this: - - skip $unless_mswin, sub{foo($bar)}, sub{baz($quux)}; - -But that's not terribly pretty. You may find it simpler or clearer in -the long run to just do things like this: - - if( $^O =~ m/MSWin/ ) { - print "# Yay, we're under $^O\n"; - ok foo($bar), baz($quux); - ok thing($whatever), baz($stuff); - ok blorp($quux, $whatever); - ok foo($barzbarz), thang($quux); - } else { - print "# Feh, we're under $^O. Watch me skip some tests...\n"; - for(1 .. 4) { skip "Skip unless under MSWin" } - } - -But be quite sure that C is called exactly as many times in the -first block as C is called in the second block. - -=back - - -=head1 ENVIRONMENT - -If C environment variable is set, it will be used as a -command for comparing unexpected multiline results. If you have GNU -diff installed, you might want to set C to C. -If you don't have a suitable program, you might install the -C module and then set C to be C. If C isn't set -but the C module is available, then it will be used -to show the differences in multiline results. - -=for comment -If C is set, then the initial "Got 'something' but -expected 'something_else'" readings for long multiline output values aren't -truncated at about the 230th column, as they normally could be in some -cases. Normally you won't need to use this, unless you were carefully -parsing the output of your test programs. - - -=head1 NOTE - -A past developer of this module once said that it was no longer being -actively developed. However, rumors of its demise were greatly -exaggerated. Feedback and suggestions are quite welcome. - -Be aware that the main value of this module is its simplicity. Note -that there are already more ambitious modules out there, such as -L and L. - -Some earlier versions of this module had docs with some confusing -typoes in the description of C. - - -=head1 SEE ALSO - -L - -L, L, L - -L for building your own testing library. - -L is an interesting XUnit-style testing library. - -L and L let you embed tests in code. - - -=head1 AUTHOR - -Copyright (c) 1998-2000 Joshua Nathaniel Pritikin. All rights reserved. - -Copyright (c) 2001-2002 Michael G. Schwern. - -Copyright (c) 2002-2004 and counting Sean M. Burke. - -Current maintainer: Sean M. Burke. Esburke@cpan.orgE - -This package is free software and is provided "as is" without express -or implied warranty. It may be used, redistributed and/or modified -under the same terms as Perl itself. - -=cut - -# "Your mistake was a hidden intention." -# -- /Oblique Strategies/, Brian Eno and Peter Schmidt diff --git a/SecurityTests/regressions/inc/Test/Builder.pm b/SecurityTests/regressions/inc/Test/Builder.pm deleted file mode 100644 index 1a2cdb03..00000000 --- a/SecurityTests/regressions/inc/Test/Builder.pm +++ /dev/null @@ -1,1873 +0,0 @@ -package Test::Builder; - -use 5.006; -use strict; - -our $VERSION = '0.80'; -$VERSION = eval { $VERSION }; # make the alpha version come out as a number - -# Make Test::Builder thread-safe for ithreads. -BEGIN { - use Config; - # Load threads::shared when threads are turned on. - # 5.8.0's threads are so busted we no longer support them. - if( $] >= 5.008001 && $Config{useithreads} && $INC{'threads.pm'}) { - require threads::shared; - - # Hack around YET ANOTHER threads::shared bug. It would - # occassionally forget the contents of the variable when sharing it. - # So we first copy the data, then share, then put our copy back. - *share = sub (\[$@%]) { - my $type = ref $_[0]; - my $data; - - if( $type eq 'HASH' ) { - %$data = %{$_[0]}; - } - elsif( $type eq 'ARRAY' ) { - @$data = @{$_[0]}; - } - elsif( $type eq 'SCALAR' ) { - $$data = ${$_[0]}; - } - else { - die("Unknown type: ".$type); - } - - $_[0] = &threads::shared::share($_[0]); - - if( $type eq 'HASH' ) { - %{$_[0]} = %$data; - } - elsif( $type eq 'ARRAY' ) { - @{$_[0]} = @$data; - } - elsif( $type eq 'SCALAR' ) { - ${$_[0]} = $$data; - } - else { - die("Unknown type: ".$type); - } - - return $_[0]; - }; - } - # 5.8.0's threads::shared is busted when threads are off - # and earlier Perls just don't have that module at all. - else { - *share = sub { return $_[0] }; - *lock = sub { 0 }; - } -} - - -=head1 NAME - -Test::Builder - Backend for building test libraries - -=head1 SYNOPSIS - - package My::Test::Module; - use base 'Test::Builder::Module'; - - my $CLASS = __PACKAGE__; - - sub ok { - my($test, $name) = @_; - my $tb = $CLASS->builder; - - $tb->ok($test, $name); - } - - -=head1 DESCRIPTION - -Test::Simple and Test::More have proven to be popular testing modules, -but they're not always flexible enough. Test::Builder provides the a -building block upon which to write your own test libraries I. - -=head2 Construction - -=over 4 - -=item B - - my $Test = Test::Builder->new; - -Returns a Test::Builder object representing the current state of the -test. - -Since you only run one test per program C always returns the same -Test::Builder object. No matter how many times you call new(), you're -getting the same object. This is called a singleton. This is done so that -multiple modules share such global information as the test counter and -where test output is going. - -If you want a completely new Test::Builder object different from the -singleton, use C. - -=cut - -my $Test = Test::Builder->new; -sub new { - my($class) = shift; - $Test ||= $class->create; - return $Test; -} - - -=item B - - my $Test = Test::Builder->create; - -Ok, so there can be more than one Test::Builder object and this is how -you get it. You might use this instead of C if you're testing -a Test::Builder based module, but otherwise you probably want C. - -B: the implementation is not complete. C, for example, is -still shared amongst B Test::Builder objects, even ones created using -this method. Also, the method name may change in the future. - -=cut - -sub create { - my $class = shift; - - my $self = bless {}, $class; - $self->reset; - - return $self; -} - -=item B - - $Test->reset; - -Reinitializes the Test::Builder singleton to its original state. -Mostly useful for tests run in persistent environments where the same -test might be run multiple times in the same process. - -=cut - -use vars qw($Level); - -sub reset { - my ($self) = @_; - - # We leave this a global because it has to be localized and localizing - # hash keys is just asking for pain. Also, it was documented. - $Level = 1; - - $self->{Have_Plan} = 0; - $self->{No_Plan} = 0; - $self->{Original_Pid} = $$; - - share($self->{Curr_Test}); - $self->{Curr_Test} = 0; - $self->{Test_Results} = &share([]); - - $self->{Exported_To} = undef; - $self->{Expected_Tests} = 0; - - $self->{Skip_All} = 0; - - $self->{Use_Nums} = 1; - - $self->{No_Header} = 0; - $self->{No_Ending} = 0; - - $self->{TODO} = undef; - - $self->_dup_stdhandles unless $^C; - - return; -} - -=back - -=head2 Setting up tests - -These methods are for setting up tests and declaring how many there -are. You usually only want to call one of these methods. - -=over 4 - -=item B - - $Test->plan('no_plan'); - $Test->plan( skip_all => $reason ); - $Test->plan( tests => $num_tests ); - -A convenient way to set up your tests. Call this and Test::Builder -will print the appropriate headers and take the appropriate actions. - -If you call plan(), don't call any of the other methods below. - -=cut - -sub plan { - my($self, $cmd, $arg) = @_; - - return unless $cmd; - - local $Level = $Level + 1; - - if( $self->{Have_Plan} ) { - $self->croak("You tried to plan twice"); - } - - if( $cmd eq 'no_plan' ) { - $self->no_plan; - } - elsif( $cmd eq 'skip_all' ) { - return $self->skip_all($arg); - } - elsif( $cmd eq 'tests' ) { - if( $arg ) { - local $Level = $Level + 1; - return $self->expected_tests($arg); - } - elsif( !defined $arg ) { - $self->croak("Got an undefined number of tests"); - } - elsif( !$arg ) { - $self->croak("You said to run 0 tests"); - } - } - else { - my @args = grep { defined } ($cmd, $arg); - $self->croak("plan() doesn't understand @args"); - } - - return 1; -} - -=item B - - my $max = $Test->expected_tests; - $Test->expected_tests($max); - -Gets/sets the # of tests we expect this test to run and prints out -the appropriate headers. - -=cut - -sub expected_tests { - my $self = shift; - my($max) = @_; - - if( @_ ) { - $self->croak("Number of tests must be a positive integer. You gave it '$max'") - unless $max =~ /^\+?\d+$/ and $max > 0; - - $self->{Expected_Tests} = $max; - $self->{Have_Plan} = 1; - - $self->_print("1..$max\n") unless $self->no_header; - } - return $self->{Expected_Tests}; -} - - -=item B - - $Test->no_plan; - -Declares that this test will run an indeterminate # of tests. - -=cut - -sub no_plan { - my $self = shift; - - $self->{No_Plan} = 1; - $self->{Have_Plan} = 1; -} - -=item B - - $plan = $Test->has_plan - -Find out whether a plan has been defined. $plan is either C (no plan has been set), C (indeterminate # of tests) or an integer (the number of expected tests). - -=cut - -sub has_plan { - my $self = shift; - - return($self->{Expected_Tests}) if $self->{Expected_Tests}; - return('no_plan') if $self->{No_Plan}; - return(undef); -}; - - -=item B - - $Test->skip_all; - $Test->skip_all($reason); - -Skips all the tests, using the given $reason. Exits immediately with 0. - -=cut - -sub skip_all { - my($self, $reason) = @_; - - my $out = "1..0"; - $out .= " # Skip $reason" if $reason; - $out .= "\n"; - - $self->{Skip_All} = 1; - - $self->_print($out) unless $self->no_header; - exit(0); -} - - -=item B - - my $pack = $Test->exported_to; - $Test->exported_to($pack); - -Tells Test::Builder what package you exported your functions to. - -This method isn't terribly useful since modules which share the same -Test::Builder object might get exported to different packages and only -the last one will be honored. - -=cut - -sub exported_to { - my($self, $pack) = @_; - - if( defined $pack ) { - $self->{Exported_To} = $pack; - } - return $self->{Exported_To}; -} - -=back - -=head2 Running tests - -These actually run the tests, analogous to the functions in Test::More. - -They all return true if the test passed, false if the test failed. - -$name is always optional. - -=over 4 - -=item B - - $Test->ok($test, $name); - -Your basic test. Pass if $test is true, fail if $test is false. Just -like Test::Simple's ok(). - -=cut - -sub ok { - my($self, $test, $name) = @_; - - # $test might contain an object which we don't want to accidentally - # store, so we turn it into a boolean. - $test = $test ? 1 : 0; - - $self->_plan_check; - - lock $self->{Curr_Test}; - $self->{Curr_Test}++; - - # In case $name is a string overloaded object, force it to stringify. - $self->_unoverload_str(\$name); - - $self->diag(<todo(); - - # Capture the value of $TODO for the rest of this ok() call - # so it can more easily be found by other routines. - local $self->{TODO} = $todo; - - $self->_unoverload_str(\$todo); - - my $out; - my $result = &share({}); - - unless( $test ) { - $out .= "not "; - @$result{ 'ok', 'actual_ok' } = ( ( $todo ? 1 : 0 ), 0 ); - } - else { - @$result{ 'ok', 'actual_ok' } = ( 1, $test ); - } - - $out .= "ok"; - $out .= " $self->{Curr_Test}" if $self->use_numbers; - - if( defined $name ) { - $name =~ s|#|\\#|g; # # in a name can confuse Test::Harness. - $out .= " - $name"; - $result->{name} = $name; - } - else { - $result->{name} = ''; - } - - if( $todo ) { - $out .= " # TODO $todo"; - $result->{reason} = $todo; - $result->{type} = 'todo'; - } - else { - $result->{reason} = ''; - $result->{type} = ''; - } - - $self->{Test_Results}[$self->{Curr_Test}-1] = $result; - $out .= "\n"; - - $self->_print($out); - - unless( $test ) { - my $msg = $todo ? "Failed (TODO)" : "Failed"; - $self->_print_diag("\n") if $ENV{HARNESS_ACTIVE}; - - my(undef, $file, $line) = $self->caller; - if( defined $name ) { - $self->diag(qq[ $msg test '$name'\n]); - $self->diag(qq[ at $file line $line.\n]); - } - else { - $self->diag(qq[ $msg test at $file line $line.\n]); - } - } - - return $test ? 1 : 0; -} - - -sub _unoverload { - my $self = shift; - my $type = shift; - - $self->_try(sub { require overload } ) || return; - - foreach my $thing (@_) { - if( $self->_is_object($$thing) ) { - if( my $string_meth = overload::Method($$thing, $type) ) { - $$thing = $$thing->$string_meth(); - } - } - } -} - - -sub _is_object { - my($self, $thing) = @_; - - return $self->_try(sub { ref $thing && $thing->isa('UNIVERSAL') }) ? 1 : 0; -} - - -sub _unoverload_str { - my $self = shift; - - $self->_unoverload(q[""], @_); -} - -sub _unoverload_num { - my $self = shift; - - $self->_unoverload('0+', @_); - - for my $val (@_) { - next unless $self->_is_dualvar($$val); - $$val = $$val+0; - } -} - - -# This is a hack to detect a dualvar such as $! -sub _is_dualvar { - my($self, $val) = @_; - - local $^W = 0; - my $numval = $val+0; - return 1 if $numval != 0 and $numval ne $val; -} - - - -=item B - - $Test->is_eq($got, $expected, $name); - -Like Test::More's is(). Checks if $got eq $expected. This is the -string version. - -=item B - - $Test->is_num($got, $expected, $name); - -Like Test::More's is(). Checks if $got == $expected. This is the -numeric version. - -=cut - -sub is_eq { - my($self, $got, $expect, $name) = @_; - local $Level = $Level + 1; - - $self->_unoverload_str(\$got, \$expect); - - if( !defined $got || !defined $expect ) { - # undef only matches undef and nothing else - my $test = !defined $got && !defined $expect; - - $self->ok($test, $name); - $self->_is_diag($got, 'eq', $expect) unless $test; - return $test; - } - - return $self->cmp_ok($got, 'eq', $expect, $name); -} - -sub is_num { - my($self, $got, $expect, $name) = @_; - local $Level = $Level + 1; - - $self->_unoverload_num(\$got, \$expect); - - if( !defined $got || !defined $expect ) { - # undef only matches undef and nothing else - my $test = !defined $got && !defined $expect; - - $self->ok($test, $name); - $self->_is_diag($got, '==', $expect) unless $test; - return $test; - } - - return $self->cmp_ok($got, '==', $expect, $name); -} - -sub _is_diag { - my($self, $got, $type, $expect) = @_; - - foreach my $val (\$got, \$expect) { - if( defined $$val ) { - if( $type eq 'eq' ) { - # quote and force string context - $$val = "'$$val'" - } - else { - # force numeric context - $self->_unoverload_num($val); - } - } - else { - $$val = 'undef'; - } - } - - local $Level = $Level + 1; - return $self->diag(sprintf < - - $Test->isnt_eq($got, $dont_expect, $name); - -Like Test::More's isnt(). Checks if $got ne $dont_expect. This is -the string version. - -=item B - - $Test->isnt_num($got, $dont_expect, $name); - -Like Test::More's isnt(). Checks if $got ne $dont_expect. This is -the numeric version. - -=cut - -sub isnt_eq { - my($self, $got, $dont_expect, $name) = @_; - local $Level = $Level + 1; - - if( !defined $got || !defined $dont_expect ) { - # undef only matches undef and nothing else - my $test = defined $got || defined $dont_expect; - - $self->ok($test, $name); - $self->_cmp_diag($got, 'ne', $dont_expect) unless $test; - return $test; - } - - return $self->cmp_ok($got, 'ne', $dont_expect, $name); -} - -sub isnt_num { - my($self, $got, $dont_expect, $name) = @_; - local $Level = $Level + 1; - - if( !defined $got || !defined $dont_expect ) { - # undef only matches undef and nothing else - my $test = defined $got || defined $dont_expect; - - $self->ok($test, $name); - $self->_cmp_diag($got, '!=', $dont_expect) unless $test; - return $test; - } - - return $self->cmp_ok($got, '!=', $dont_expect, $name); -} - - -=item B - - $Test->like($this, qr/$regex/, $name); - $Test->like($this, '/$regex/', $name); - -Like Test::More's like(). Checks if $this matches the given $regex. - -You'll want to avoid qr// if you want your tests to work before 5.005. - -=item B - - $Test->unlike($this, qr/$regex/, $name); - $Test->unlike($this, '/$regex/', $name); - -Like Test::More's unlike(). Checks if $this B the -given $regex. - -=cut - -sub like { - my($self, $this, $regex, $name) = @_; - - local $Level = $Level + 1; - $self->_regex_ok($this, $regex, '=~', $name); -} - -sub unlike { - my($self, $this, $regex, $name) = @_; - - local $Level = $Level + 1; - $self->_regex_ok($this, $regex, '!~', $name); -} - - -=item B - - $Test->cmp_ok($this, $type, $that, $name); - -Works just like Test::More's cmp_ok(). - - $Test->cmp_ok($big_num, '!=', $other_big_num); - -=cut - - -my %numeric_cmps = map { ($_, 1) } - ("<", "<=", ">", ">=", "==", "!=", "<=>"); - -sub cmp_ok { - my($self, $got, $type, $expect, $name) = @_; - - # Treat overloaded objects as numbers if we're asked to do a - # numeric comparison. - my $unoverload = $numeric_cmps{$type} ? '_unoverload_num' - : '_unoverload_str'; - - $self->$unoverload(\$got, \$expect); - - - my $test; - { - local($@,$!,$SIG{__DIE__}); # isolate eval - - my $code = $self->_caller_context; - - # Yes, it has to look like this or 5.4.5 won't see the #line - # directive. - # Don't ask me, man, I just work here. - $test = eval " -$code" . "\$got $type \$expect;"; - - } - local $Level = $Level + 1; - my $ok = $self->ok($test, $name); - - unless( $ok ) { - if( $type =~ /^(eq|==)$/ ) { - $self->_is_diag($got, $type, $expect); - } - else { - $self->_cmp_diag($got, $type, $expect); - } - } - return $ok; -} - -sub _cmp_diag { - my($self, $got, $type, $expect) = @_; - - $got = defined $got ? "'$got'" : 'undef'; - $expect = defined $expect ? "'$expect'" : 'undef'; - - local $Level = $Level + 1; - return $self->diag(sprintf <caller(1); - - my $code = ''; - $code .= "#line $line $file\n" if defined $file and defined $line; - - return $code; -} - -=back - - -=head2 Other Testing Methods - -These are methods which are used in the course of writing a test but are not themselves tests. - -=over 4 - -=item B - - $Test->BAIL_OUT($reason); - -Indicates to the Test::Harness that things are going so badly all -testing should terminate. This includes running any additional test -scripts. - -It will exit with 255. - -=cut - -sub BAIL_OUT { - my($self, $reason) = @_; - - $self->{Bailed_Out} = 1; - $self->_print("Bail out! $reason"); - exit 255; -} - -=for deprecated -BAIL_OUT() used to be BAILOUT() - -=cut - -*BAILOUT = \&BAIL_OUT; - - -=item B - - $Test->skip; - $Test->skip($why); - -Skips the current test, reporting $why. - -=cut - -sub skip { - my($self, $why) = @_; - $why ||= ''; - $self->_unoverload_str(\$why); - - $self->_plan_check; - - lock($self->{Curr_Test}); - $self->{Curr_Test}++; - - $self->{Test_Results}[$self->{Curr_Test}-1] = &share({ - 'ok' => 1, - actual_ok => 1, - name => '', - type => 'skip', - reason => $why, - }); - - my $out = "ok"; - $out .= " $self->{Curr_Test}" if $self->use_numbers; - $out .= " # skip"; - $out .= " $why" if length $why; - $out .= "\n"; - - $self->_print($out); - - return 1; -} - - -=item B - - $Test->todo_skip; - $Test->todo_skip($why); - -Like skip(), only it will declare the test as failing and TODO. Similar -to - - print "not ok $tnum # TODO $why\n"; - -=cut - -sub todo_skip { - my($self, $why) = @_; - $why ||= ''; - - $self->_plan_check; - - lock($self->{Curr_Test}); - $self->{Curr_Test}++; - - $self->{Test_Results}[$self->{Curr_Test}-1] = &share({ - 'ok' => 1, - actual_ok => 0, - name => '', - type => 'todo_skip', - reason => $why, - }); - - my $out = "not ok"; - $out .= " $self->{Curr_Test}" if $self->use_numbers; - $out .= " # TODO & SKIP $why\n"; - - $self->_print($out); - - return 1; -} - - -=begin _unimplemented - -=item B - - $Test->skip_rest; - $Test->skip_rest($reason); - -Like skip(), only it skips all the rest of the tests you plan to run -and terminates the test. - -If you're running under no_plan, it skips once and terminates the -test. - -=end _unimplemented - -=back - - -=head2 Test building utility methods - -These methods are useful when writing your own test methods. - -=over 4 - -=item B - - $Test->maybe_regex(qr/$regex/); - $Test->maybe_regex('/$regex/'); - -Convenience method for building testing functions that take regular -expressions as arguments, but need to work before perl 5.005. - -Takes a quoted regular expression produced by qr//, or a string -representing a regular expression. - -Returns a Perl value which may be used instead of the corresponding -regular expression, or undef if it's argument is not recognised. - -For example, a version of like(), sans the useful diagnostic messages, -could be written as: - - sub laconic_like { - my ($self, $this, $regex, $name) = @_; - my $usable_regex = $self->maybe_regex($regex); - die "expecting regex, found '$regex'\n" - unless $usable_regex; - $self->ok($this =~ m/$usable_regex/, $name); - } - -=cut - - -sub maybe_regex { - my ($self, $regex) = @_; - my $usable_regex = undef; - - return $usable_regex unless defined $regex; - - my($re, $opts); - - # Check for qr/foo/ - if( _is_qr($regex) ) { - $usable_regex = $regex; - } - # Check for '/foo/' or 'm,foo,' - elsif( ($re, $opts) = $regex =~ m{^ /(.*)/ (\w*) $ }sx or - (undef, $re, $opts) = $regex =~ m,^ m([^\w\s]) (.+) \1 (\w*) $,sx - ) - { - $usable_regex = length $opts ? "(?$opts)$re" : $re; - } - - return $usable_regex; -} - - -sub _is_qr { - my $regex = shift; - - # is_regexp() checks for regexes in a robust manner, say if they're - # blessed. - return re::is_regexp($regex) if defined &re::is_regexp; - return ref $regex eq 'Regexp'; -} - - -sub _regex_ok { - my($self, $this, $regex, $cmp, $name) = @_; - - my $ok = 0; - my $usable_regex = $self->maybe_regex($regex); - unless (defined $usable_regex) { - $ok = $self->ok( 0, $name ); - $self->diag(" '$regex' doesn't look much like a regex to me."); - return $ok; - } - - { - my $test; - my $code = $self->_caller_context; - - local($@, $!, $SIG{__DIE__}); # isolate eval - - # Yes, it has to look like this or 5.4.5 won't see the #line - # directive. - # Don't ask me, man, I just work here. - $test = eval " -$code" . q{$test = $this =~ /$usable_regex/ ? 1 : 0}; - - $test = !$test if $cmp eq '!~'; - - local $Level = $Level + 1; - $ok = $self->ok( $test, $name ); - } - - unless( $ok ) { - $this = defined $this ? "'$this'" : 'undef'; - my $match = $cmp eq '=~' ? "doesn't match" : "matches"; - - local $Level = $Level + 1; - $self->diag(sprintf < - - my $return_from_code = $Test->try(sub { code }); - my($return_from_code, $error) = $Test->try(sub { code }); - -Works like eval BLOCK except it ensures it has no effect on the rest of the test (ie. $@ is not set) nor is effected by outside interference (ie. $SIG{__DIE__}) and works around some quirks in older Perls. - -$error is what would normally be in $@. - -It is suggested you use this in place of eval BLOCK. - -=cut - -sub _try { - my($self, $code) = @_; - - local $!; # eval can mess up $! - local $@; # don't set $@ in the test - local $SIG{__DIE__}; # don't trip an outside DIE handler. - my $return = eval { $code->() }; - - return wantarray ? ($return, $@) : $return; -} - -=end private - - -=item B - - my $is_fh = $Test->is_fh($thing); - -Determines if the given $thing can be used as a filehandle. - -=cut - -sub is_fh { - my $self = shift; - my $maybe_fh = shift; - return 0 unless defined $maybe_fh; - - return 1 if ref $maybe_fh eq 'GLOB'; # its a glob ref - return 1 if ref \$maybe_fh eq 'GLOB'; # its a glob - - return eval { $maybe_fh->isa("IO::Handle") } || - # 5.5.4's tied() and can() doesn't like getting undef - eval { (tied($maybe_fh) || '')->can('TIEHANDLE') }; -} - - -=back - - -=head2 Test style - - -=over 4 - -=item B - - $Test->level($how_high); - -How far up the call stack should $Test look when reporting where the -test failed. - -Defaults to 1. - -Setting L<$Test::Builder::Level> overrides. This is typically useful -localized: - - sub my_ok { - my $test = shift; - - local $Test::Builder::Level = $Test::Builder::Level + 1; - $TB->ok($test); - } - -To be polite to other functions wrapping your own you usually want to increment C<$Level> rather than set it to a constant. - -=cut - -sub level { - my($self, $level) = @_; - - if( defined $level ) { - $Level = $level; - } - return $Level; -} - - -=item B - - $Test->use_numbers($on_or_off); - -Whether or not the test should output numbers. That is, this if true: - - ok 1 - ok 2 - ok 3 - -or this if false - - ok - ok - ok - -Most useful when you can't depend on the test output order, such as -when threads or forking is involved. - -Defaults to on. - -=cut - -sub use_numbers { - my($self, $use_nums) = @_; - - if( defined $use_nums ) { - $self->{Use_Nums} = $use_nums; - } - return $self->{Use_Nums}; -} - - -=item B - - $Test->no_diag($no_diag); - -If set true no diagnostics will be printed. This includes calls to -diag(). - -=item B - - $Test->no_ending($no_ending); - -Normally, Test::Builder does some extra diagnostics when the test -ends. It also changes the exit code as described below. - -If this is true, none of that will be done. - -=item B - - $Test->no_header($no_header); - -If set to true, no "1..N" header will be printed. - -=cut - -foreach my $attribute (qw(No_Header No_Ending No_Diag)) { - my $method = lc $attribute; - - my $code = sub { - my($self, $no) = @_; - - if( defined $no ) { - $self->{$attribute} = $no; - } - return $self->{$attribute}; - }; - - no strict 'refs'; ## no critic - *{__PACKAGE__.'::'.$method} = $code; -} - - -=back - -=head2 Output - -Controlling where the test output goes. - -It's ok for your test to change where STDOUT and STDERR point to, -Test::Builder's default output settings will not be affected. - -=over 4 - -=item B - - $Test->diag(@msgs); - -Prints out the given @msgs. Like C, arguments are simply -appended together. - -Normally, it uses the failure_output() handle, but if this is for a -TODO test, the todo_output() handle is used. - -Output will be indented and marked with a # so as not to interfere -with test output. A newline will be put on the end if there isn't one -already. - -We encourage using this rather than calling print directly. - -Returns false. Why? Because diag() is often used in conjunction with -a failing test (C) it "passes through" the failure. - - return ok(...) || diag(...); - -=for blame transfer -Mark Fowler - -=cut - -sub diag { - my($self, @msgs) = @_; - - return if $self->no_diag; - return unless @msgs; - - # Prevent printing headers when compiling (i.e. -c) - return if $^C; - - # Smash args together like print does. - # Convert undef to 'undef' so its readable. - my $msg = join '', map { defined($_) ? $_ : 'undef' } @msgs; - - # Escape each line with a #. - $msg =~ s/^/# /gm; - - # Stick a newline on the end if it needs it. - $msg .= "\n" unless $msg =~ /\n\Z/; - - local $Level = $Level + 1; - $self->_print_diag($msg); - - return 0; -} - -=begin _private - -=item B<_print> - - $Test->_print(@msgs); - -Prints to the output() filehandle. - -=end _private - -=cut - -sub _print { - my($self, @msgs) = @_; - - # Prevent printing headers when only compiling. Mostly for when - # tests are deparsed with B::Deparse - return if $^C; - - my $msg = join '', @msgs; - - local($\, $", $,) = (undef, ' ', ''); - my $fh = $self->output; - - # Escape each line after the first with a # so we don't - # confuse Test::Harness. - $msg =~ s/\n(.)/\n# $1/sg; - - # Stick a newline on the end if it needs it. - $msg .= "\n" unless $msg =~ /\n\Z/; - - print $fh $msg; -} - -=begin private - -=item B<_print_diag> - - $Test->_print_diag(@msg); - -Like _print, but prints to the current diagnostic filehandle. - -=end private - -=cut - -sub _print_diag { - my $self = shift; - - local($\, $", $,) = (undef, ' ', ''); - my $fh = $self->todo ? $self->todo_output : $self->failure_output; - print $fh @_; -} - -=item B - - $Test->output($fh); - $Test->output($file); - -Where normal "ok/not ok" test output should go. - -Defaults to STDOUT. - -=item B - - $Test->failure_output($fh); - $Test->failure_output($file); - -Where diagnostic output on test failures and diag() should go. - -Defaults to STDERR. - -=item B - - $Test->todo_output($fh); - $Test->todo_output($file); - -Where diagnostics about todo test failures and diag() should go. - -Defaults to STDOUT. - -=cut - -sub output { - my($self, $fh) = @_; - - if( defined $fh ) { - $self->{Out_FH} = $self->_new_fh($fh); - } - return $self->{Out_FH}; -} - -sub failure_output { - my($self, $fh) = @_; - - if( defined $fh ) { - $self->{Fail_FH} = $self->_new_fh($fh); - } - return $self->{Fail_FH}; -} - -sub todo_output { - my($self, $fh) = @_; - - if( defined $fh ) { - $self->{Todo_FH} = $self->_new_fh($fh); - } - return $self->{Todo_FH}; -} - - -sub _new_fh { - my $self = shift; - my($file_or_fh) = shift; - - my $fh; - if( $self->is_fh($file_or_fh) ) { - $fh = $file_or_fh; - } - else { - open $fh, ">", $file_or_fh or - $self->croak("Can't open test output log $file_or_fh: $!"); - _autoflush($fh); - } - - return $fh; -} - - -sub _autoflush { - my($fh) = shift; - my $old_fh = select $fh; - $| = 1; - select $old_fh; -} - - -my($Testout, $Testerr); -sub _dup_stdhandles { - my $self = shift; - - $self->_open_testhandles; - - # Set everything to unbuffered else plain prints to STDOUT will - # come out in the wrong order from our own prints. - _autoflush($Testout); - _autoflush(\*STDOUT); - _autoflush($Testerr); - _autoflush(\*STDERR); - - $self->output ($Testout); - $self->failure_output($Testerr); - $self->todo_output ($Testout); -} - - -my $Opened_Testhandles = 0; -sub _open_testhandles { - my $self = shift; - - return if $Opened_Testhandles; - - # We dup STDOUT and STDERR so people can change them in their - # test suites while still getting normal test output. - open( $Testout, ">&STDOUT") or die "Can't dup STDOUT: $!"; - open( $Testerr, ">&STDERR") or die "Can't dup STDERR: $!"; - -# $self->_copy_io_layers( \*STDOUT, $Testout ); -# $self->_copy_io_layers( \*STDERR, $Testerr ); - - $Opened_Testhandles = 1; -} - - -sub _copy_io_layers { - my($self, $src, $dst) = @_; - - $self->_try(sub { - require PerlIO; - my @src_layers = PerlIO::get_layers($src); - - binmode $dst, join " ", map ":$_", @src_layers if @src_layers; - }); -} - -=item carp - - $tb->carp(@message); - -Warns with C<@message> but the message will appear to come from the -point where the original test function was called (C<$tb->caller>). - -=item croak - - $tb->croak(@message); - -Dies with C<@message> but the message will appear to come from the -point where the original test function was called (C<$tb->caller>). - -=cut - -sub _message_at_caller { - my $self = shift; - - local $Level = $Level + 1; - my($pack, $file, $line) = $self->caller; - return join("", @_) . " at $file line $line.\n"; -} - -sub carp { - my $self = shift; - warn $self->_message_at_caller(@_); -} - -sub croak { - my $self = shift; - die $self->_message_at_caller(@_); -} - -sub _plan_check { - my $self = shift; - - unless( $self->{Have_Plan} ) { - local $Level = $Level + 2; - $self->croak("You tried to run a test without a plan"); - } -} - -=back - - -=head2 Test Status and Info - -=over 4 - -=item B - - my $curr_test = $Test->current_test; - $Test->current_test($num); - -Gets/sets the current test number we're on. You usually shouldn't -have to set this. - -If set forward, the details of the missing tests are filled in as 'unknown'. -if set backward, the details of the intervening tests are deleted. You -can erase history if you really want to. - -=cut - -sub current_test { - my($self, $num) = @_; - - lock($self->{Curr_Test}); - if( defined $num ) { - unless( $self->{Have_Plan} ) { - $self->croak("Can't change the current test number without a plan!"); - } - - $self->{Curr_Test} = $num; - - # If the test counter is being pushed forward fill in the details. - my $test_results = $self->{Test_Results}; - if( $num > @$test_results ) { - my $start = @$test_results ? @$test_results : 0; - for ($start..$num-1) { - $test_results->[$_] = &share({ - 'ok' => 1, - actual_ok => undef, - reason => 'incrementing test number', - type => 'unknown', - name => undef - }); - } - } - # If backward, wipe history. Its their funeral. - elsif( $num < @$test_results ) { - $#{$test_results} = $num - 1; - } - } - return $self->{Curr_Test}; -} - - -=item B

    - - my @tests = $Test->summary; - -A simple summary of the tests so far. True for pass, false for fail. -This is a logical pass/fail, so todos are passes. - -Of course, test #1 is $tests[0], etc... - -=cut - -sub summary { - my($self) = shift; - - return map { $_->{'ok'} } @{ $self->{Test_Results} }; -} - -=item B
    - - my @tests = $Test->details; - -Like summary(), but with a lot more detail. - - $tests[$test_num - 1] = - { 'ok' => is the test considered a pass? - actual_ok => did it literally say 'ok'? - name => name of the test (if any) - type => type of test (if any, see below). - reason => reason for the above (if any) - }; - -'ok' is true if Test::Harness will consider the test to be a pass. - -'actual_ok' is a reflection of whether or not the test literally -printed 'ok' or 'not ok'. This is for examining the result of 'todo' -tests. - -'name' is the name of the test. - -'type' indicates if it was a special test. Normal tests have a type -of ''. Type can be one of the following: - - skip see skip() - todo see todo() - todo_skip see todo_skip() - unknown see below - -Sometimes the Test::Builder test counter is incremented without it -printing any test output, for example, when current_test() is changed. -In these cases, Test::Builder doesn't know the result of the test, so -it's type is 'unkown'. These details for these tests are filled in. -They are considered ok, but the name and actual_ok is left undef. - -For example "not ok 23 - hole count # TODO insufficient donuts" would -result in this structure: - - $tests[22] = # 23 - 1, since arrays start from 0. - { ok => 1, # logically, the test passed since it's todo - actual_ok => 0, # in absolute terms, it failed - name => 'hole count', - type => 'todo', - reason => 'insufficient donuts' - }; - -=cut - -sub details { - my $self = shift; - return @{ $self->{Test_Results} }; -} - -=item B - - my $todo_reason = $Test->todo; - my $todo_reason = $Test->todo($pack); - -todo() looks for a $TODO variable in your tests. If set, all tests -will be considered 'todo' (see Test::More and Test::Harness for -details). Returns the reason (ie. the value of $TODO) if running as -todo tests, false otherwise. - -todo() is about finding the right package to look for $TODO in. It's -pretty good at guessing the right package to look at. It first looks for -the caller based on C<$Level + 1>, since C is usually called inside -a test function. As a last resort it will use C. - -Sometimes there is some confusion about where todo() should be looking -for the $TODO variable. If you want to be sure, tell it explicitly -what $pack to use. - -=cut - -sub todo { - my($self, $pack) = @_; - - return $self->{TODO} if defined $self->{TODO}; - - $pack = $pack || $self->caller(1) || $self->exported_to; - return 0 unless $pack; - - no strict 'refs'; ## no critic - return defined ${$pack.'::TODO'} ? ${$pack.'::TODO'} - : 0; -} - -=item B - - my $package = $Test->caller; - my($pack, $file, $line) = $Test->caller; - my($pack, $file, $line) = $Test->caller($height); - -Like the normal caller(), except it reports according to your level(). - -C<$height> will be added to the level(). - -=cut - -sub caller { - my($self, $height) = @_; - $height ||= 0; - - my @caller = CORE::caller($self->level + $height + 1); - return wantarray ? @caller : $caller[0]; -} - -=back - -=cut - -=begin _private - -=over 4 - -=item B<_sanity_check> - - $self->_sanity_check(); - -Runs a bunch of end of test sanity checks to make sure reality came -through ok. If anything is wrong it will die with a fairly friendly -error message. - -=cut - -#'# -sub _sanity_check { - my $self = shift; - - $self->_whoa($self->{Curr_Test} < 0, 'Says here you ran a negative number of tests!'); - $self->_whoa(!$self->{Have_Plan} and $self->{Curr_Test}, - 'Somehow your tests ran without a plan!'); - $self->_whoa($self->{Curr_Test} != @{ $self->{Test_Results} }, - 'Somehow you got a different number of results than tests ran!'); -} - -=item B<_whoa> - - $self->_whoa($check, $description); - -A sanity check, similar to assert(). If the $check is true, something -has gone horribly wrong. It will die with the given $description and -a note to contact the author. - -=cut - -sub _whoa { - my($self, $check, $desc) = @_; - if( $check ) { - local $Level = $Level + 1; - $self->croak(<<"WHOA"); -WHOA! $desc -This should never happen! Please contact the author immediately! -WHOA - } -} - -=item B<_my_exit> - - _my_exit($exit_num); - -Perl seems to have some trouble with exiting inside an END block. 5.005_03 -and 5.6.1 both seem to do odd things. Instead, this function edits $? -directly. It should ONLY be called from inside an END block. It -doesn't actually exit, that's your job. - -=cut - -sub _my_exit { - $? = $_[0]; - - return 1; -} - - -=back - -=end _private - -=cut - -sub _ending { - my $self = shift; - - my $real_exit_code = $?; - $self->_sanity_check(); - - # Don't bother with an ending if this is a forked copy. Only the parent - # should do the ending. - if( $self->{Original_Pid} != $$ ) { - return; - } - - # Exit if plan() was never called. This is so "require Test::Simple" - # doesn't puke. - if( !$self->{Have_Plan} ) { - return; - } - - # Don't do an ending if we bailed out. - if( $self->{Bailed_Out} ) { - return; - } - - # Figure out if we passed or failed and print helpful messages. - my $test_results = $self->{Test_Results}; - if( @$test_results ) { - # The plan? We have no plan. - if( $self->{No_Plan} ) { - $self->_print("1..$self->{Curr_Test}\n") unless $self->no_header; - $self->{Expected_Tests} = $self->{Curr_Test}; - } - - # Auto-extended arrays and elements which aren't explicitly - # filled in with a shared reference will puke under 5.8.0 - # ithreads. So we have to fill them in by hand. :( - my $empty_result = &share({}); - for my $idx ( 0..$self->{Expected_Tests}-1 ) { - $test_results->[$idx] = $empty_result - unless defined $test_results->[$idx]; - } - - my $num_failed = grep !$_->{'ok'}, - @{$test_results}[0..$self->{Curr_Test}-1]; - - my $num_extra = $self->{Curr_Test} - $self->{Expected_Tests}; - - if( $num_extra < 0 ) { - my $s = $self->{Expected_Tests} == 1 ? '' : 's'; - $self->diag(<<"FAIL"); -Looks like you planned $self->{Expected_Tests} test$s but only ran $self->{Curr_Test}. -FAIL - } - elsif( $num_extra > 0 ) { - my $s = $self->{Expected_Tests} == 1 ? '' : 's'; - $self->diag(<<"FAIL"); -Looks like you planned $self->{Expected_Tests} test$s but ran $num_extra extra. -FAIL - } - - if ( $num_failed ) { - my $num_tests = $self->{Curr_Test}; - my $s = $num_failed == 1 ? '' : 's'; - - my $qualifier = $num_extra == 0 ? '' : ' run'; - - $self->diag(<<"FAIL"); -Looks like you failed $num_failed test$s of $num_tests$qualifier. -FAIL - } - - if( $real_exit_code ) { - $self->diag(<<"FAIL"); -Looks like your test died just after $self->{Curr_Test}. -FAIL - - _my_exit( 255 ) && return; - } - - my $exit_code; - if( $num_failed ) { - $exit_code = $num_failed <= 254 ? $num_failed : 254; - } - elsif( $num_extra != 0 ) { - $exit_code = 255; - } - else { - $exit_code = 0; - } - - _my_exit( $exit_code ) && return; - } - elsif ( $self->{Skip_All} ) { - _my_exit( 0 ) && return; - } - elsif ( $real_exit_code ) { - $self->diag(<<'FAIL'); -Looks like your test died before it could output anything. -FAIL - _my_exit( 255 ) && return; - } - else { - $self->diag("No tests run!\n"); - _my_exit( 255 ) && return; - } -} - -END { - $Test->_ending if defined $Test and !$Test->no_ending; -} - -=head1 EXIT CODES - -If all your tests passed, Test::Builder will exit with zero (which is -normal). If anything failed it will exit with how many failed. If -you run less (or more) tests than you planned, the missing (or extras) -will be considered failures. If no tests were ever run Test::Builder -will throw a warning and exit with 255. If the test died, even after -having successfully completed all its tests, it will still be -considered a failure and will exit with 255. - -So the exit codes are... - - 0 all tests successful - 255 test died or all passed but wrong # of tests run - any other number how many failed (including missing or extras) - -If you fail more than 254 tests, it will be reported as 254. - - -=head1 THREADS - -In perl 5.8.1 and later, Test::Builder is thread-safe. The test -number is shared amongst all threads. This means if one thread sets -the test number using current_test() they will all be effected. - -While versions earlier than 5.8.1 had threads they contain too many -bugs to support. - -Test::Builder is only thread-aware if threads.pm is loaded I -Test::Builder. - -=head1 EXAMPLES - -CPAN can provide the best examples. Test::Simple, Test::More, -Test::Exception and Test::Differences all use Test::Builder. - -=head1 SEE ALSO - -Test::Simple, Test::More, Test::Harness - -=head1 AUTHORS - -Original code by chromatic, maintained by Michael G Schwern -Eschwern@pobox.comE - -=head1 COPYRIGHT - -Copyright 2002, 2004 by chromatic Echromatic@wgz.orgE and - Michael G Schwern Eschwern@pobox.comE. - -This program is free software; you can redistribute it and/or -modify it under the same terms as Perl itself. - -See F - -=cut - -1; diff --git a/SecurityTests/regressions/inc/Test/Builder/Module.pm b/SecurityTests/regressions/inc/Test/Builder/Module.pm deleted file mode 100644 index ea2f2d96..00000000 --- a/SecurityTests/regressions/inc/Test/Builder/Module.pm +++ /dev/null @@ -1,185 +0,0 @@ -package Test::Builder::Module; - -use strict; - -use Test::Builder; - -require Exporter; -our @ISA = qw(Exporter); - -our $VERSION = '0.80'; - -# 5.004's Exporter doesn't have export_to_level. -my $_export_to_level = sub { - my $pkg = shift; - my $level = shift; - (undef) = shift; # redundant arg - my $callpkg = caller($level); - $pkg->export($callpkg, @_); -}; - - -=head1 NAME - -Test::Builder::Module - Base class for test modules - -=head1 SYNOPSIS - - # Emulates Test::Simple - package Your::Module; - - my $CLASS = __PACKAGE__; - - use base 'Test::Builder::Module'; - @EXPORT = qw(ok); - - sub ok ($;$) { - my $tb = $CLASS->builder; - return $tb->ok(@_); - } - - 1; - - -=head1 DESCRIPTION - -This is a superclass for Test::Builder-based modules. It provides a -handful of common functionality and a method of getting at the underlying -Test::Builder object. - - -=head2 Importing - -Test::Builder::Module is a subclass of Exporter which means your -module is also a subclass of Exporter. @EXPORT, @EXPORT_OK, etc... -all act normally. - -A few methods are provided to do the C 23> part -for you. - -=head3 import - -Test::Builder::Module provides an import() method which acts in the -same basic way as Test::More's, setting the plan and controling -exporting of functions and variables. This allows your module to set -the plan independent of Test::More. - -All arguments passed to import() are passed onto -C<< Your::Module->builder->plan() >> with the exception of -C[qw(things to import)]>. - - use Your::Module import => [qw(this that)], tests => 23; - -says to import the functions this() and that() as well as set the plan -to be 23 tests. - -import() also sets the exported_to() attribute of your builder to be -the caller of the import() function. - -Additional behaviors can be added to your import() method by overriding -import_extra(). - -=cut - -sub import { - my($class) = shift; - - # Don't run all this when loading ourself. - return 1 if $class eq 'Test::Builder::Module'; - - my $test = $class->builder; - - my $caller = caller; - - $test->exported_to($caller); - - $class->import_extra(\@_); - my(@imports) = $class->_strip_imports(\@_); - - $test->plan(@_); - - $class->$_export_to_level(1, $class, @imports); -} - - -sub _strip_imports { - my $class = shift; - my $list = shift; - - my @imports = (); - my @other = (); - my $idx = 0; - while( $idx <= $#{$list} ) { - my $item = $list->[$idx]; - - if( defined $item and $item eq 'import' ) { - push @imports, @{$list->[$idx+1]}; - $idx++; - } - else { - push @other, $item; - } - - $idx++; - } - - @$list = @other; - - return @imports; -} - - -=head3 import_extra - - Your::Module->import_extra(\@import_args); - -import_extra() is called by import(). It provides an opportunity for you -to add behaviors to your module based on its import list. - -Any extra arguments which shouldn't be passed on to plan() should be -stripped off by this method. - -See Test::More for an example of its use. - -B This mechanism is I as it -feels like a bit of an ugly hack in its current form. - -=cut - -sub import_extra {} - - -=head2 Builder - -Test::Builder::Module provides some methods of getting at the underlying -Test::Builder object. - -=head3 builder - - my $builder = Your::Class->builder; - -This method returns the Test::Builder object associated with Your::Class. -It is not a constructor so you can call it as often as you like. - -This is the preferred way to get the Test::Builder object. You should -I get it via C<< Test::Builder->new >> as was previously -recommended. - -The object returned by builder() may change at runtime so you should -call builder() inside each function rather than store it in a global. - - sub ok { - my $builder = Your::Class->builder; - - return $builder->ok(@_); - } - - -=cut - -sub builder { - return Test::Builder->new; -} - - -1; diff --git a/SecurityTests/regressions/inc/Test/Builder/Tester.pm b/SecurityTests/regressions/inc/Test/Builder/Tester.pm deleted file mode 100644 index fdb3fb1f..00000000 --- a/SecurityTests/regressions/inc/Test/Builder/Tester.pm +++ /dev/null @@ -1,646 +0,0 @@ -package Test::Builder::Tester; - -use strict; -our $VERSION = "1.13"; - -use Test::Builder; -use Symbol; -use Carp; - -=head1 NAME - -Test::Builder::Tester - test testsuites that have been built with -Test::Builder - -=head1 SYNOPSIS - - use Test::Builder::Tester tests => 1; - use Test::More; - - test_out("not ok 1 - foo"); - test_fail(+1); - fail("foo"); - test_test("fail works"); - -=head1 DESCRIPTION - -A module that helps you test testing modules that are built with -B. - -The testing system is designed to be used by performing a three step -process for each test you wish to test. This process starts with using -C and C in advance to declare what the testsuite you -are testing will output with B to stdout and stderr. - -You then can run the test(s) from your test suite that call -B. At this point the output of B is -safely captured by B rather than being -interpreted as real test output. - -The final stage is to call C that will simply compare what you -predeclared to what B actually outputted, and report the -results back with a "ok" or "not ok" (with debugging) to the normal -output. - -=cut - -#### -# set up testing -#### - -my $t = Test::Builder->new; - -### -# make us an exporter -### - -use Exporter; -our @ISA = qw(Exporter); - -our @EXPORT = qw(test_out test_err test_fail test_diag test_test line_num); - -# _export_to_level and import stolen directly from Test::More. I am -# the king of cargo cult programming ;-) - -# 5.004's Exporter doesn't have export_to_level. -sub _export_to_level -{ - my $pkg = shift; - my $level = shift; - (undef) = shift; # XXX redundant arg - my $callpkg = caller($level); - $pkg->export($callpkg, @_); -} - -sub import { - my $class = shift; - my(@plan) = @_; - - my $caller = caller; - - $t->exported_to($caller); - $t->plan(@plan); - - my @imports = (); - foreach my $idx (0..$#plan) { - if( $plan[$idx] eq 'import' ) { - @imports = @{$plan[$idx+1]}; - last; - } - } - - __PACKAGE__->_export_to_level(1, __PACKAGE__, @imports); -} - -### -# set up file handles -### - -# create some private file handles -my $output_handle = gensym; -my $error_handle = gensym; - -# and tie them to this package -my $out = tie *$output_handle, "Test::Builder::Tester::Tie", "STDOUT"; -my $err = tie *$error_handle, "Test::Builder::Tester::Tie", "STDERR"; - -#### -# exported functions -#### - -# for remembering that we're testing and where we're testing at -my $testing = 0; -my $testing_num; - -# remembering where the file handles were originally connected -my $original_output_handle; -my $original_failure_handle; -my $original_todo_handle; - -my $original_test_number; -my $original_harness_state; - -my $original_harness_env; - -# function that starts testing and redirects the filehandles for now -sub _start_testing -{ - # even if we're running under Test::Harness pretend we're not - # for now. This needed so Test::Builder doesn't add extra spaces - $original_harness_env = $ENV{HARNESS_ACTIVE} || 0; - $ENV{HARNESS_ACTIVE} = 0; - - # remember what the handles were set to - $original_output_handle = $t->output(); - $original_failure_handle = $t->failure_output(); - $original_todo_handle = $t->todo_output(); - - # switch out to our own handles - $t->output($output_handle); - $t->failure_output($error_handle); - $t->todo_output($error_handle); - - # clear the expected list - $out->reset(); - $err->reset(); - - # remeber that we're testing - $testing = 1; - $testing_num = $t->current_test; - $t->current_test(0); - - # look, we shouldn't do the ending stuff - $t->no_ending(1); -} - -=head2 Functions - -These are the six methods that are exported as default. - -=over 4 - -=item test_out - -=item test_err - -Procedures for predeclaring the output that your test suite is -expected to produce until C is called. These procedures -automatically assume that each line terminates with "\n". So - - test_out("ok 1","ok 2"); - -is the same as - - test_out("ok 1\nok 2"); - -which is even the same as - - test_out("ok 1"); - test_out("ok 2"); - -Once C or C (or C or C) have -been called once all further output from B will be -captured by B. This means that your will not -be able perform further tests to the normal output in the normal way -until you call C (well, unless you manually meddle with the -output filehandles) - -=cut - -sub test_out -{ - # do we need to do any setup? - _start_testing() unless $testing; - - $out->expect(@_) -} - -sub test_err -{ - # do we need to do any setup? - _start_testing() unless $testing; - - $err->expect(@_) -} - -=item test_fail - -Because the standard failure message that B produces -whenever a test fails will be a common occurrence in your test error -output, and because has changed between Test::Builder versions, rather -than forcing you to call C with the string all the time like -so - - test_err("# Failed test ($0 at line ".line_num(+1).")"); - -C exists as a convenience function that can be called -instead. It takes one argument, the offset from the current line that -the line that causes the fail is on. - - test_fail(+1); - -This means that the example in the synopsis could be rewritten -more simply as: - - test_out("not ok 1 - foo"); - test_fail(+1); - fail("foo"); - test_test("fail works"); - -=cut - -sub test_fail -{ - # do we need to do any setup? - _start_testing() unless $testing; - - # work out what line we should be on - my ($package, $filename, $line) = caller; - $line = $line + (shift() || 0); # prevent warnings - - # expect that on stderr - $err->expect("# Failed test ($0 at line $line)"); -} - -=item test_diag - -As most of the remaining expected output to the error stream will be -created by Test::Builder's C function, B -provides a convience function C that you can use instead of -C. - -The C function prepends comment hashes and spacing to the -start and newlines to the end of the expected output passed to it and -adds it to the list of expected error output. So, instead of writing - - test_err("# Couldn't open file"); - -you can write - - test_diag("Couldn't open file"); - -Remember that B's diag function will not add newlines to -the end of output and test_diag will. So to check - - Test::Builder->new->diag("foo\n","bar\n"); - -You would do - - test_diag("foo","bar") - -without the newlines. - -=cut - -sub test_diag -{ - # do we need to do any setup? - _start_testing() unless $testing; - - # expect the same thing, but prepended with "# " - local $_; - $err->expect(map {"# $_"} @_) -} - -=item test_test - -Actually performs the output check testing the tests, comparing the -data (with C) that we have captured from B against -that that was declared with C and C. - -This takes name/value pairs that effect how the test is run. - -=over - -=item title (synonym 'name', 'label') - -The name of the test that will be displayed after the C or C. - -=item skip_out - -Setting this to a true value will cause the test to ignore if the -output sent by the test to the output stream does not match that -declared with C. - -=item skip_err - -Setting this to a true value will cause the test to ignore if the -output sent by the test to the error stream does not match that -declared with C. - -=back - -As a convience, if only one argument is passed then this argument -is assumed to be the name of the test (as in the above examples.) - -Once C has been run test output will be redirected back to -the original filehandles that B was connected to -(probably STDOUT and STDERR,) meaning any further tests you run -will function normally and cause success/errors for B. - -=cut - -sub test_test -{ - # decode the arguements as described in the pod - my $mess; - my %args; - if (@_ == 1) - { $mess = shift } - else - { - %args = @_; - $mess = $args{name} if exists($args{name}); - $mess = $args{title} if exists($args{title}); - $mess = $args{label} if exists($args{label}); - } - - # er, are we testing? - croak "Not testing. You must declare output with a test function first." - unless $testing; - - # okay, reconnect the test suite back to the saved handles - $t->output($original_output_handle); - $t->failure_output($original_failure_handle); - $t->todo_output($original_todo_handle); - - # restore the test no, etc, back to the original point - $t->current_test($testing_num); - $testing = 0; - - # re-enable the original setting of the harness - $ENV{HARNESS_ACTIVE} = $original_harness_env; - - # check the output we've stashed - unless ($t->ok( ($args{skip_out} || $out->check) - && ($args{skip_err} || $err->check), - $mess)) - { - # print out the diagnostic information about why this - # test failed - - local $_; - - $t->diag(map {"$_\n"} $out->complaint) - unless $args{skip_out} || $out->check; - - $t->diag(map {"$_\n"} $err->complaint) - unless $args{skip_err} || $err->check; - } -} - -=item line_num - -A utility function that returns the line number that the function was -called on. You can pass it an offset which will be added to the -result. This is very useful for working out the correct text of -diagnostic functions that contain line numbers. - -Essentially this is the same as the C<__LINE__> macro, but the -C idiom is arguably nicer. - -=cut - -sub line_num -{ - my ($package, $filename, $line) = caller; - return $line + (shift() || 0); # prevent warnings -} - -=back - -In addition to the six exported functions there there exists one -function that can only be accessed with a fully qualified function -call. - -=over 4 - -=item color - -When C is called and the output that your tests generate -does not match that which you declared, C will print out -debug information showing the two conflicting versions. As this -output itself is debug information it can be confusing which part of -the output is from C and which was the original output from -your original tests. Also, it may be hard to spot things like -extraneous whitespace at the end of lines that may cause your test to -fail even though the output looks similar. - -To assist you, if you have the B module installed -(which you should do by default from perl 5.005 onwards), C -can colour the background of the debug information to disambiguate the -different types of output. The debug output will have it's background -coloured green and red. The green part represents the text which is -the same between the executed and actual output, the red shows which -part differs. - -The C function determines if colouring should occur or not. -Passing it a true or false value will enable or disable colouring -respectively, and the function called with no argument will return the -current setting. - -To enable colouring from the command line, you can use the -B module like so: - - perl -Mlib=Text::Builder::Tester::Color test.t - -Or by including the B module directly in -the PERL5LIB. - -=cut - -my $color; -sub color -{ - $color = shift if @_; - $color; -} - -=back - -=head1 BUGS - -Calls C<no_ending>> turning off the ending tests. -This is needed as otherwise it will trip out because we've run more -tests than we strictly should have and it'll register any failures we -had that we were testing for as real failures. - -The color function doesn't work unless B is installed -and is compatible with your terminal. - -Bugs (and requests for new features) can be reported to the author -though the CPAN RT system: -L - -=head1 AUTHOR - -Copyright Mark Fowler Emark@twoshortplanks.comE 2002, 2004. - -Some code taken from B and B, written by by -Michael G Schwern Eschwern@pobox.comE. Hence, those parts -Copyright Micheal G Schwern 2001. Used and distributed with -permission. - -This program is free software; you can redistribute it -and/or modify it under the same terms as Perl itself. - -=head1 NOTES - -This code has been tested explicitly on the following versions -of perl: 5.7.3, 5.6.1, 5.6.0, 5.005_03, 5.004_05 and 5.004. - -Thanks to Richard Clamp Erichardc@unixbeard.netE for letting -me use his testing system to try this module out on. - -=head1 SEE ALSO - -L, L, L. - -=cut - -1; - -#################################################################### -# Helper class that is used to remember expected and received data - -package Test::Builder::Tester::Tie; - -## -# add line(s) to be expected - -sub expect -{ - my $self = shift; - - my @checks = @_; - foreach my $check (@checks) { - $check = $self->_translate_Failed_check($check); - push @{$self->{wanted}}, ref $check ? $check : "$check\n"; - } -} - - -sub _translate_Failed_check -{ - my($self, $check) = @_; - - if( $check =~ /\A(.*)# (Failed .*test) \((.*?) at line (\d+)\)\Z(?!\n)/ ) { - $check = "/\Q$1\E#\\s+\Q$2\E.*?\\n?.*?\Qat $3\E line \Q$4\E.*\\n?/"; - } - - return $check; -} - - -## -# return true iff the expected data matches the got data - -sub check -{ - my $self = shift; - - # turn off warnings as these might be undef - local $^W = 0; - - my @checks = @{$self->{wanted}}; - my $got = $self->{got}; - foreach my $check (@checks) { - $check = "\Q$check\E" unless ($check =~ s,^/(.*)/$,$1, or ref $check); - return 0 unless $got =~ s/^$check//; - } - - return length $got == 0; -} - -## -# a complaint message about the inputs not matching (to be -# used for debugging messages) - -sub complaint -{ - my $self = shift; - my $type = $self->type; - my $got = $self->got; - my $wanted = join "\n", @{$self->wanted}; - - # are we running in colour mode? - if (Test::Builder::Tester::color) - { - # get color - eval { require Term::ANSIColor }; - unless ($@) - { - # colours - - my $green = Term::ANSIColor::color("black"). - Term::ANSIColor::color("on_green"); - my $red = Term::ANSIColor::color("black"). - Term::ANSIColor::color("on_red"); - my $reset = Term::ANSIColor::color("reset"); - - # work out where the two strings start to differ - my $char = 0; - $char++ while substr($got, $char, 1) eq substr($wanted, $char, 1); - - # get the start string and the two end strings - my $start = $green . substr($wanted, 0, $char); - my $gotend = $red . substr($got , $char) . $reset; - my $wantedend = $red . substr($wanted, $char) . $reset; - - # make the start turn green on and off - $start =~ s/\n/$reset\n$green/g; - - # make the ends turn red on and off - $gotend =~ s/\n/$reset\n$red/g; - $wantedend =~ s/\n/$reset\n$red/g; - - # rebuild the strings - $got = $start . $gotend; - $wanted = $start . $wantedend; - } - } - - return "$type is:\n" . - "$got\nnot:\n$wanted\nas expected" -} - -## -# forget all expected and got data - -sub reset -{ - my $self = shift; - %$self = ( - type => $self->{type}, - got => '', - wanted => [], - ); -} - - -sub got -{ - my $self = shift; - return $self->{got}; -} - -sub wanted -{ - my $self = shift; - return $self->{wanted}; -} - -sub type -{ - my $self = shift; - return $self->{type}; -} - -### -# tie interface -### - -sub PRINT { - my $self = shift; - $self->{got} .= join '', @_; -} - -sub TIEHANDLE { - my($class, $type) = @_; - - my $self = bless { - type => $type - }, $class; - - $self->reset; - - return $self; -} - -sub READ {} -sub READLINE {} -sub GETC {} -sub FILENO {} - -1; diff --git a/SecurityTests/regressions/inc/Test/Builder/Tester/Color.pm b/SecurityTests/regressions/inc/Test/Builder/Tester/Color.pm deleted file mode 100644 index b479e71a..00000000 --- a/SecurityTests/regressions/inc/Test/Builder/Tester/Color.pm +++ /dev/null @@ -1,50 +0,0 @@ -package Test::Builder::Tester::Color; - -use strict; - -require Test::Builder::Tester; - -=head1 NAME - -Test::Builder::Tester::Color - turn on colour in Test::Builder::Tester - -=head1 SYNOPSIS - - When running a test script - - perl -MTest::Builder::Tester::Color test.t - -=head1 DESCRIPTION - -Importing this module causes the subroutine color in Test::Builder::Tester -to be called with a true value causing colour highlighting to be turned -on in debug output. - -The sole purpose of this module is to enable colour highlighting -from the command line. - -=cut - -sub import -{ - Test::Builder::Tester::color(1); -} - -=head1 AUTHOR - -Copyright Mark Fowler Emark@twoshortplanks.comE 2002. - -This program is free software; you can redistribute it -and/or modify it under the same terms as Perl itself. - -=head1 BUGS - -This module will have no effect unless Term::ANSIColor is installed. - -=head1 SEE ALSO - -L, L - -=cut - -1; diff --git a/SecurityTests/regressions/inc/Test/Harness.pm b/SecurityTests/regressions/inc/Test/Harness.pm deleted file mode 100644 index 1991a60f..00000000 --- a/SecurityTests/regressions/inc/Test/Harness.pm +++ /dev/null @@ -1,1169 +0,0 @@ -# -*- Mode: cperl; cperl-indent-level: 4 -*- - -package Test::Harness; - -require 5.00405; -use Test::Harness::Straps; -use Test::Harness::Assert; -use Exporter; -use Benchmark; -use Config; -use strict; - - -use vars qw( - $VERSION - @ISA @EXPORT @EXPORT_OK - $Verbose $Switches $Debug - $verbose $switches $debug - $Columns - $Timer - $ML $Last_ML_Print - $Strap - $has_time_hires -); - -BEGIN { - eval q{use Time::HiRes 'time'}; - $has_time_hires = !$@; -} - -=head1 NAME - -Test::Harness - Run Perl standard test scripts with statistics - -=head1 VERSION - -Version 2.64 - -=cut - -$VERSION = '2.64'; - -# Backwards compatibility for exportable variable names. -*verbose = *Verbose; -*switches = *Switches; -*debug = *Debug; - -$ENV{HARNESS_ACTIVE} = 1; -$ENV{HARNESS_VERSION} = $VERSION; - -END { - # For VMS. - delete $ENV{HARNESS_ACTIVE}; - delete $ENV{HARNESS_VERSION}; -} - -my $Files_In_Dir = $ENV{HARNESS_FILELEAK_IN_DIR}; - -# Stolen from Params::Util -sub _CLASS { - (defined $_[0] and ! ref $_[0] and $_[0] =~ m/^[^\W\d]\w*(?:::\w+)*$/s) ? $_[0] : undef; -} - -# Strap Overloading -if ( $ENV{HARNESS_STRAPS_CLASS} ) { - die 'Set HARNESS_STRAP_CLASS, singular, not HARNESS_STRAPS_CLASS'; -} -my $HARNESS_STRAP_CLASS = $ENV{HARNESS_STRAP_CLASS} || 'Test::Harness::Straps'; -if ( $HARNESS_STRAP_CLASS =~ /\.pm$/ ) { - # "Class" is actually a filename, that should return the - # class name as its true return value. - $HARNESS_STRAP_CLASS = require $HARNESS_STRAP_CLASS; - if ( !_CLASS($HARNESS_STRAP_CLASS) ) { - die "HARNESS_STRAP_CLASS '$HARNESS_STRAP_CLASS' is not a valid class name"; - } -} -else { - # It is a class name within the current @INC - if ( !_CLASS($HARNESS_STRAP_CLASS) ) { - die "HARNESS_STRAP_CLASS '$HARNESS_STRAP_CLASS' is not a valid class name"; - } - eval "require $HARNESS_STRAP_CLASS"; - die $@ if $@; -} -if ( !$HARNESS_STRAP_CLASS->isa('Test::Harness::Straps') ) { - die "HARNESS_STRAP_CLASS '$HARNESS_STRAP_CLASS' must be a Test::Harness::Straps subclass"; -} - -$Strap = $HARNESS_STRAP_CLASS->new; - -sub strap { return $Strap }; - -@ISA = ('Exporter'); -@EXPORT = qw(&runtests); -@EXPORT_OK = qw(&execute_tests $verbose $switches); - -$Verbose = $ENV{HARNESS_VERBOSE} || 0; -$Debug = $ENV{HARNESS_DEBUG} || 0; -$Switches = '-w'; -$Columns = $ENV{HARNESS_COLUMNS} || $ENV{COLUMNS} || 80; -$Columns--; # Some shells have trouble with a full line of text. -$Timer = $ENV{HARNESS_TIMER} || 0; - -=head1 SYNOPSIS - - use Test::Harness; - - runtests(@test_files); - -=head1 DESCRIPTION - -B If all you want to do is write a test script, consider -using Test::Simple. Test::Harness is the module that reads the -output from Test::Simple, Test::More and other modules based on -Test::Builder. You don't need to know about Test::Harness to use -those modules. - -Test::Harness runs tests and expects output from the test in a -certain format. That format is called TAP, the Test Anything -Protocol. It is defined in L. - -C runs all the testscripts named -as arguments and checks standard output for the expected strings -in TAP format. - -The F utility is a thin wrapper around Test::Harness. - -=head2 Taint mode - -Test::Harness will honor the C<-T> or C<-t> in the #! line on your -test files. So if you begin a test with: - - #!perl -T - -the test will be run with taint mode on. - -=head2 Configuration variables. - -These variables can be used to configure the behavior of -Test::Harness. They are exported on request. - -=over 4 - -=item C<$Test::Harness::Verbose> - -The package variable C<$Test::Harness::Verbose> is exportable and can be -used to let C display the standard output of the script -without altering the behavior otherwise. The F utility's C<-v> -flag will set this. - -=item C<$Test::Harness::switches> - -The package variable C<$Test::Harness::switches> is exportable and can be -used to set perl command line options used for running the test -script(s). The default value is C<-w>. It overrides C. - -=item C<$Test::Harness::Timer> - -If set to true, and C is available, print elapsed seconds -after each test file. - -=back - - -=head2 Failure - -When tests fail, analyze the summary report: - - t/base..............ok - t/nonumbers.........ok - t/ok................ok - t/test-harness......ok - t/waterloo..........dubious - Test returned status 3 (wstat 768, 0x300) - DIED. FAILED tests 1, 3, 5, 7, 9, 11, 13, 15, 17, 19 - Failed 10/20 tests, 50.00% okay - Failed Test Stat Wstat Total Fail List of Failed - --------------------------------------------------------------- - t/waterloo.t 3 768 20 10 1 3 5 7 9 11 13 15 17 19 - Failed 1/5 test scripts, 80.00% okay. 10/44 subtests failed, 77.27% okay. - -Everything passed but F. It failed 10 of 20 tests and -exited with non-zero status indicating something dubious happened. - -The columns in the summary report mean: - -=over 4 - -=item B - -The test file which failed. - -=item B - -If the test exited with non-zero, this is its exit status. - -=item B - -The wait status of the test. - -=item B - -Total number of tests expected to run. - -=item B - -Number which failed, either from "not ok" or because they never ran. - -=item B - -A list of the tests which failed. Successive failures may be -abbreviated (ie. 15-20 to indicate that tests 15, 16, 17, 18, 19 and -20 failed). - -=back - - -=head1 FUNCTIONS - -The following functions are available. - -=head2 runtests( @test_files ) - -This runs all the given I<@test_files> and divines whether they passed -or failed based on their output to STDOUT (details above). It prints -out each individual test which failed along with a summary report and -a how long it all took. - -It returns true if everything was ok. Otherwise it will C with -one of the messages in the DIAGNOSTICS section. - -=cut - -sub runtests { - my(@tests) = @_; - - local ($\, $,); - - my ($tot, $failedtests,$todo_passed) = execute_tests(tests => \@tests); - print get_results($tot, $failedtests,$todo_passed); - - my $ok = _all_ok($tot); - - assert(($ok xor keys %$failedtests), - q{ok status jives with $failedtests}); - - if (! $ok) { - die("Failed $tot->{bad}/$tot->{tests} test programs. " . - "@{[$tot->{max} - $tot->{ok}]}/$tot->{max} subtests failed.\n"); - } - - return $ok; -} - -# my $ok = _all_ok(\%tot); -# Tells you if this test run is overall successful or not. - -sub _all_ok { - my($tot) = shift; - - return $tot->{bad} == 0 && ($tot->{max} || $tot->{skipped}) ? 1 : 0; -} - -# Returns all the files in a directory. This is shorthand for backwards -# compatibility on systems where C doesn't work right. - -sub _globdir { - local *DIRH; - - opendir DIRH, shift; - my @f = readdir DIRH; - closedir DIRH; - - return @f; -} - -=head2 execute_tests( tests => \@test_files, out => \*FH ) - -Runs all the given C<@test_files> (just like C) but -doesn't generate the final report. During testing, progress -information will be written to the currently selected output -filehandle (usually C), or to the filehandle given by the -C parameter. The I is optional. - -Returns a list of two values, C<$total> and C<$failed>, describing the -results. C<$total> is a hash ref summary of all the tests run. Its -keys and values are this: - - bonus Number of individual todo tests unexpectedly passed - max Number of individual tests ran - ok Number of individual tests passed - sub_skipped Number of individual tests skipped - todo Number of individual todo tests - - files Number of test files ran - good Number of test files passed - bad Number of test files failed - tests Number of test files originally given - skipped Number of test files skipped - -If C<< $total->{bad} == 0 >> and C<< $total->{max} > 0 >>, you've -got a successful test. - -C<$failed> is a hash ref of all the test scripts that failed. Each key -is the name of a test script, each value is another hash representing -how that script failed. Its keys are these: - - name Name of the test which failed - estat Script's exit value - wstat Script's wait status - max Number of individual tests - failed Number which failed - canon List of tests which failed (as string). - -C<$failed> should be empty if everything passed. - -=cut - -sub execute_tests { - my %args = @_; - my @tests = @{$args{tests}}; - my $out = $args{out} || select(); - - # We allow filehandles that are symbolic refs - no strict 'refs'; - _autoflush($out); - _autoflush(\*STDERR); - - my %failedtests; - my %todo_passed; - - # Test-wide totals. - my(%tot) = ( - bonus => 0, - max => 0, - ok => 0, - files => 0, - bad => 0, - good => 0, - tests => scalar @tests, - sub_skipped => 0, - todo => 0, - skipped => 0, - bench => 0, - ); - - my @dir_files; - @dir_files = _globdir $Files_In_Dir if defined $Files_In_Dir; - my $run_start_time = new Benchmark; - - my $width = _leader_width(@tests); - foreach my $tfile (@tests) { - $Last_ML_Print = 0; # so each test prints at least once - my($leader, $ml) = _mk_leader($tfile, $width); - local $ML = $ml; - - print $out $leader; - - $tot{files}++; - - $Strap->{_seen_header} = 0; - if ( $Test::Harness::Debug ) { - print $out "# Running: ", $Strap->_command_line($tfile), "\n"; - } - my $test_start_time = $Timer ? time : 0; - my $results = $Strap->analyze_file($tfile) or - do { warn $Strap->{error}, "\n"; next }; - my $elapsed; - if ( $Timer ) { - $elapsed = time - $test_start_time; - if ( $has_time_hires ) { - $elapsed = sprintf( " %8d ms", $elapsed*1000 ); - } - else { - $elapsed = sprintf( " %8s s", $elapsed ? $elapsed : "<1" ); - } - } - else { - $elapsed = ""; - } - - # state of the current test. - my @failed = grep { !$results->details->[$_-1]{ok} } - 1..@{$results->details}; - my @todo_pass = grep { $results->details->[$_-1]{actual_ok} && - $results->details->[$_-1]{type} eq 'todo' } - 1..@{$results->details}; - - my %test = ( - ok => $results->ok, - 'next' => $Strap->{'next'}, - max => $results->max, - failed => \@failed, - todo_pass => \@todo_pass, - todo => $results->todo, - bonus => $results->bonus, - skipped => $results->skip, - skip_reason => $results->skip_reason, - skip_all => $Strap->{skip_all}, - ml => $ml, - ); - - $tot{bonus} += $results->bonus; - $tot{max} += $results->max; - $tot{ok} += $results->ok; - $tot{todo} += $results->todo; - $tot{sub_skipped} += $results->skip; - - my $estatus = $results->exit; - my $wstatus = $results->wait; - - if ( $results->passing ) { - # XXX Combine these first two - if ($test{max} and $test{skipped} + $test{bonus}) { - my @msg; - push(@msg, "$test{skipped}/$test{max} skipped: $test{skip_reason}") - if $test{skipped}; - if ($test{bonus}) { - my ($txt, $canon) = _canondetail($test{todo},0,'TODO passed', - @{$test{todo_pass}}); - $todo_passed{$tfile} = { - canon => $canon, - max => $test{todo}, - failed => $test{bonus}, - name => $tfile, - estat => '', - wstat => '', - }; - - push(@msg, "$test{bonus}/$test{max} unexpectedly succeeded\n$txt"); - } - print $out "$test{ml}ok$elapsed\n ".join(', ', @msg)."\n"; - } - elsif ( $test{max} ) { - print $out "$test{ml}ok$elapsed\n"; - } - elsif ( defined $test{skip_all} and length $test{skip_all} ) { - print $out "skipped\n all skipped: $test{skip_all}\n"; - $tot{skipped}++; - } - else { - print $out "skipped\n all skipped: no reason given\n"; - $tot{skipped}++; - } - $tot{good}++; - } - else { - # List unrun tests as failures. - if ($test{'next'} <= $test{max}) { - push @{$test{failed}}, $test{'next'}..$test{max}; - } - # List overruns as failures. - else { - my $details = $results->details; - foreach my $overrun ($test{max}+1..@$details) { - next unless ref $details->[$overrun-1]; - push @{$test{failed}}, $overrun - } - } - - if ($wstatus) { - $failedtests{$tfile} = _dubious_return(\%test, \%tot, - $estatus, $wstatus); - $failedtests{$tfile}{name} = $tfile; - } - elsif ( $results->seen ) { - if (@{$test{failed}} and $test{max}) { - my ($txt, $canon) = _canondetail($test{max},$test{skipped},'Failed', - @{$test{failed}}); - print $out "$test{ml}$txt"; - $failedtests{$tfile} = { canon => $canon, - max => $test{max}, - failed => scalar @{$test{failed}}, - name => $tfile, - estat => '', - wstat => '', - }; - } - else { - print $out "Don't know which tests failed: got $test{ok} ok, ". - "expected $test{max}\n"; - $failedtests{$tfile} = { canon => '??', - max => $test{max}, - failed => '??', - name => $tfile, - estat => '', - wstat => '', - }; - } - $tot{bad}++; - } - else { - print $out "FAILED before any test output arrived\n"; - $tot{bad}++; - $failedtests{$tfile} = { canon => '??', - max => '??', - failed => '??', - name => $tfile, - estat => '', - wstat => '', - }; - } - } - - if (defined $Files_In_Dir) { - my @new_dir_files = _globdir $Files_In_Dir; - if (@new_dir_files != @dir_files) { - my %f; - @f{@new_dir_files} = (1) x @new_dir_files; - delete @f{@dir_files}; - my @f = sort keys %f; - print $out "LEAKED FILES: @f\n"; - @dir_files = @new_dir_files; - } - } - } # foreach test - $tot{bench} = timediff(new Benchmark, $run_start_time); - - $Strap->_restore_PERL5LIB; - - return(\%tot, \%failedtests, \%todo_passed); -} - -# Turns on autoflush for the handle passed -sub _autoflush { - my $flushy_fh = shift; - my $old_fh = select $flushy_fh; - $| = 1; - select $old_fh; -} - -=for private _mk_leader - - my($leader, $ml) = _mk_leader($test_file, $width); - -Generates the 't/foo........' leader for the given C<$test_file> as well -as a similar version which will overwrite the current line (by use of -\r and such). C<$ml> may be empty if Test::Harness doesn't think you're -on TTY. - -The C<$width> is the width of the "yada/blah.." string. - -=cut - -sub _mk_leader { - my($te, $width) = @_; - chomp($te); - $te =~ s/\.\w+$/./; - - if ($^O eq 'VMS') { - $te =~ s/^.*\.t\./\[.t./s; - } - my $leader = "$te" . '.' x ($width - length($te)); - my $ml = ""; - - if ( -t STDOUT and not $ENV{HARNESS_NOTTY} and not $Verbose ) { - $ml = "\r" . (' ' x 77) . "\r$leader" - } - - return($leader, $ml); -} - -=for private _leader_width - - my($width) = _leader_width(@test_files); - -Calculates how wide the leader should be based on the length of the -longest test name. - -=cut - -sub _leader_width { - my $maxlen = 0; - my $maxsuflen = 0; - foreach (@_) { - my $suf = /\.(\w+)$/ ? $1 : ''; - my $len = length; - my $suflen = length $suf; - $maxlen = $len if $len > $maxlen; - $maxsuflen = $suflen if $suflen > $maxsuflen; - } - # + 3 : we want three dots between the test name and the "ok" - return $maxlen + 3 - $maxsuflen; -} - -sub get_results { - my $tot = shift; - my $failedtests = shift; - my $todo_passed = shift; - - my $out = ''; - - my $bonusmsg = _bonusmsg($tot); - - if (_all_ok($tot)) { - $out .= "All tests successful$bonusmsg.\n"; - if ($tot->{bonus}) { - my($fmt_top, $fmt) = _create_fmts("Passed TODO",$todo_passed); - # Now write to formats - $out .= swrite( $fmt_top ); - for my $script (sort keys %{$todo_passed||{}}) { - my $Curtest = $todo_passed->{$script}; - $out .= swrite( $fmt, @{ $Curtest }{qw(name estat wstat max failed canon)} ); - } - } - } - elsif (!$tot->{tests}){ - die "FAILED--no tests were run for some reason.\n"; - } - elsif (!$tot->{max}) { - my $blurb = $tot->{tests}==1 ? "script" : "scripts"; - die "FAILED--$tot->{tests} test $blurb could be run, ". - "alas--no output ever seen\n"; - } - else { - my $subresults = sprintf( " %d/%d subtests failed.", - $tot->{max} - $tot->{ok}, $tot->{max} ); - - my($fmt_top, $fmt1, $fmt2) = _create_fmts("Failed Test",$failedtests); - - # Now write to formats - $out .= swrite( $fmt_top ); - for my $script (sort keys %$failedtests) { - my $Curtest = $failedtests->{$script}; - $out .= swrite( $fmt1, @{ $Curtest }{qw(name estat wstat max failed canon)} ); - $out .= swrite( $fmt2, $Curtest->{canon} ); - } - if ($tot->{bad}) { - $bonusmsg =~ s/^,\s*//; - $out .= "$bonusmsg.\n" if $bonusmsg; - $out .= "Failed $tot->{bad}/$tot->{tests} test scripts.$subresults\n"; - } - } - - $out .= sprintf("Files=%d, Tests=%d, %s\n", - $tot->{files}, $tot->{max}, timestr($tot->{bench}, 'nop')); - return $out; -} - -sub swrite { - my $format = shift; - $^A = ''; - formline($format,@_); - my $out = $^A; - $^A = ''; - return $out; -} - - -my %Handlers = ( - header => \&header_handler, - test => \&test_handler, - bailout => \&bailout_handler, -); - -$Strap->set_callback(\&strap_callback); -sub strap_callback { - my($self, $line, $type, $totals) = @_; - print $line if $Verbose; - - my $meth = $Handlers{$type}; - $meth->($self, $line, $type, $totals) if $meth; -}; - - -sub header_handler { - my($self, $line, $type, $totals) = @_; - - warn "Test header seen more than once!\n" if $self->{_seen_header}; - - $self->{_seen_header}++; - - warn "1..M can only appear at the beginning or end of tests\n" - if $totals->seen && ($totals->max < $totals->seen); -}; - -sub test_handler { - my($self, $line, $type, $totals) = @_; - - my $curr = $totals->seen; - my $next = $self->{'next'}; - my $max = $totals->max; - my $detail = $totals->details->[-1]; - - if( $detail->{ok} ) { - _print_ml_less("ok $curr/$max"); - - if( $detail->{type} eq 'skip' ) { - $totals->set_skip_reason( $detail->{reason} ) - unless defined $totals->skip_reason; - $totals->set_skip_reason( 'various reasons' ) - if $totals->skip_reason ne $detail->{reason}; - } - } - else { - _print_ml("NOK $curr/$max"); - } - - if( $curr > $next ) { - print "Test output counter mismatch [test $curr]\n"; - } - elsif( $curr < $next ) { - print "Confused test output: test $curr answered after ". - "test ", $next - 1, "\n"; - } - -}; - -sub bailout_handler { - my($self, $line, $type, $totals) = @_; - - die "FAILED--Further testing stopped" . - ($self->{bailout_reason} ? ": $self->{bailout_reason}\n" : ".\n"); -}; - - -sub _print_ml { - print join '', $ML, @_ if $ML; -} - - -# Print updates only once per second. -sub _print_ml_less { - my $now = CORE::time; - if ( $Last_ML_Print != $now ) { - _print_ml(@_); - $Last_ML_Print = $now; - } -} - -sub _bonusmsg { - my($tot) = @_; - - my $bonusmsg = ''; - $bonusmsg = (" ($tot->{bonus} subtest".($tot->{bonus} > 1 ? 's' : ''). - " UNEXPECTEDLY SUCCEEDED)") - if $tot->{bonus}; - - if ($tot->{skipped}) { - $bonusmsg .= ", $tot->{skipped} test" - . ($tot->{skipped} != 1 ? 's' : ''); - if ($tot->{sub_skipped}) { - $bonusmsg .= " and $tot->{sub_skipped} subtest" - . ($tot->{sub_skipped} != 1 ? 's' : ''); - } - $bonusmsg .= ' skipped'; - } - elsif ($tot->{sub_skipped}) { - $bonusmsg .= ", $tot->{sub_skipped} subtest" - . ($tot->{sub_skipped} != 1 ? 's' : '') - . " skipped"; - } - return $bonusmsg; -} - -# Test program go boom. -sub _dubious_return { - my($test, $tot, $estatus, $wstatus) = @_; - - my $failed = '??'; - my $canon = '??'; - - printf "$test->{ml}dubious\n\tTest returned status $estatus ". - "(wstat %d, 0x%x)\n", - $wstatus,$wstatus; - print "\t\t(VMS status is $estatus)\n" if $^O eq 'VMS'; - - $tot->{bad}++; - - if ($test->{max}) { - if ($test->{'next'} == $test->{max} + 1 and not @{$test->{failed}}) { - print "\tafter all the subtests completed successfully\n"; - $failed = 0; # But we do not set $canon! - } - else { - push @{$test->{failed}}, $test->{'next'}..$test->{max}; - $failed = @{$test->{failed}}; - (my $txt, $canon) = _canondetail($test->{max},$test->{skipped},'Failed',@{$test->{failed}}); - print "DIED. ",$txt; - } - } - - return { canon => $canon, max => $test->{max} || '??', - failed => $failed, - estat => $estatus, wstat => $wstatus, - }; -} - - -sub _create_fmts { - my $failed_str = shift; - my $failedtests = shift; - - my ($type) = split /\s/,$failed_str; - my $short = substr($type,0,4); - my $total = $short eq 'Pass' ? 'TODOs' : 'Total'; - my $middle_str = " Stat Wstat $total $short "; - my $list_str = "List of $type"; - - # Figure out our longest name string for formatting purposes. - my $max_namelen = length($failed_str); - foreach my $script (keys %$failedtests) { - my $namelen = length $failedtests->{$script}->{name}; - $max_namelen = $namelen if $namelen > $max_namelen; - } - - my $list_len = $Columns - length($middle_str) - $max_namelen; - if ($list_len < length($list_str)) { - $list_len = length($list_str); - $max_namelen = $Columns - length($middle_str) - $list_len; - if ($max_namelen < length($failed_str)) { - $max_namelen = length($failed_str); - $Columns = $max_namelen + length($middle_str) + $list_len; - } - } - - my $fmt_top = sprintf("%-${max_namelen}s", $failed_str) - . $middle_str - . $list_str . "\n" - . "-" x $Columns - . "\n"; - - my $fmt1 = "@" . "<" x ($max_namelen - 1) - . " @>> @>>>> @>>>> @>>> " - . "^" . "<" x ($list_len - 1) . "\n"; - my $fmt2 = "~~" . " " x ($Columns - $list_len - 2) . "^" - . "<" x ($list_len - 1) . "\n"; - - return($fmt_top, $fmt1, $fmt2); -} - -sub _canondetail { - my $max = shift; - my $skipped = shift; - my $type = shift; - my @detail = @_; - my %seen; - @detail = sort {$a <=> $b} grep !$seen{$_}++, @detail; - my $detail = @detail; - my @result = (); - my @canon = (); - my $min; - my $last = $min = shift @detail; - my $canon; - my $uc_type = uc($type); - if (@detail) { - for (@detail, $detail[-1]) { # don't forget the last one - if ($_ > $last+1 || $_ == $last) { - push @canon, ($min == $last) ? $last : "$min-$last"; - $min = $_; - } - $last = $_; - } - local $" = ", "; - push @result, "$uc_type tests @canon\n"; - $canon = join ' ', @canon; - } - else { - push @result, "$uc_type test $last\n"; - $canon = $last; - } - - return (join("", @result), $canon) - if $type=~/todo/i; - push @result, "\t$type $detail/$max tests, "; - if ($max) { - push @result, sprintf("%.2f",100*(1-$detail/$max)), "% okay"; - } - else { - push @result, "?% okay"; - } - my $ender = 's' x ($skipped > 1); - if ($skipped) { - my $good = $max - $detail - $skipped; - my $skipmsg = " (less $skipped skipped test$ender: $good okay, "; - if ($max) { - my $goodper = sprintf("%.2f",100*($good/$max)); - $skipmsg .= "$goodper%)"; - } - else { - $skipmsg .= "?%)"; - } - push @result, $skipmsg; - } - push @result, "\n"; - my $txt = join "", @result; - return ($txt, $canon); -} - -1; -__END__ - - -=head1 EXPORT - -C<&runtests> is exported by Test::Harness by default. - -C<&execute_tests>, C<$verbose>, C<$switches> and C<$debug> are -exported upon request. - -=head1 DIAGNOSTICS - -=over 4 - -=item C - -If all tests are successful some statistics about the performance are -printed. - -=item C - -For any single script that has failing subtests statistics like the -above are printed. - -=item C - -Scripts that return a non-zero exit status, both C<$? EE 8> -and C<$?> are printed in a message similar to the above. - -=item C - -=item C - -If not all tests were successful, the script dies with one of the -above messages. - -=item C - -If a single subtest decides that further testing will not make sense, -the script dies with this message. - -=back - -=head1 ENVIRONMENT VARIABLES THAT TEST::HARNESS SETS - -Test::Harness sets these before executing the individual tests. - -=over 4 - -=item C - -This is set to a true value. It allows the tests to determine if they -are being executed through the harness or by any other means. - -=item C - -This is the version of Test::Harness. - -=back - -=head1 ENVIRONMENT VARIABLES THAT AFFECT TEST::HARNESS - -=over 4 - -=item C - -This value will be used for the width of the terminal. If it is not -set then it will default to C. If this is not set, it will -default to 80. Note that users of Bourne-sh based shells will need to -C for this module to use that variable. - -=item C - -When true it will make harness attempt to compile the test using -C before running it. - -B This currently only works when sitting in the perl source -directory! - -=item C - -If true, Test::Harness will print debugging information about itself as -it runs the tests. This is different from C, which prints -the output from the test being run. Setting C<$Test::Harness::Debug> will -override this, or you can use the C<-d> switch in the F utility. - -=item C - -When set to the name of a directory, harness will check after each -test whether new files appeared in that directory, and report them as - - LEAKED FILES: scr.tmp 0 my.db - -If relative, directory name is with respect to the current directory at -the moment runtests() was called. Putting absolute path into -C may give more predictable results. - -=item C - -When set to a true value, forces it to behave as though STDOUT were -not a console. You may need to set this if you don't want harness to -output more frequent progress messages using carriage returns. Some -consoles may not handle carriage returns properly (which results in a -somewhat messy output). - -=item C - -Usually your tests will be run by C<$^X>, the currently-executing Perl. -However, you may want to have it run by a different executable, such as -a threading perl, or a different version. - -If you're using the F utility, you can use the C<--perl> switch. - -=item C - -Its value will be prepended to the switches used to invoke perl on -each test. For example, setting C to C<-W> will -run all tests with all warnings enabled. - -=item C - -Setting this to true will make the harness display the number of -milliseconds each test took. You can also use F's C<--timer> -switch. - -=item C - -If true, Test::Harness will output the verbose results of running -its tests. Setting C<$Test::Harness::verbose> will override this, -or you can use the C<-v> switch in the F utility. - -If true, Test::Harness will output the verbose results of running -its tests. Setting C<$Test::Harness::verbose> will override this, -or you can use the C<-v> switch in the F utility. - -=item C - -Defines the Test::Harness::Straps subclass to use. The value may either -be a filename or a class name. - -If HARNESS_STRAP_CLASS is a class name, the class must be in C<@INC> -like any other class. - -If HARNESS_STRAP_CLASS is a filename, the .pm file must return the name -of the class, instead of the canonical "1". - -=back - -=head1 EXAMPLE - -Here's how Test::Harness tests itself - - $ cd ~/src/devel/Test-Harness - $ perl -Mblib -e 'use Test::Harness qw(&runtests $verbose); - $verbose=0; runtests @ARGV;' t/*.t - Using /home/schwern/src/devel/Test-Harness/blib - t/base..............ok - t/nonumbers.........ok - t/ok................ok - t/test-harness......ok - All tests successful. - Files=4, Tests=24, 2 wallclock secs ( 0.61 cusr + 0.41 csys = 1.02 CPU) - -=head1 SEE ALSO - -The included F utility for running test scripts from the command line, -L and L for writing test scripts, L for -the underlying timing routines, and L for test coverage -analysis. - -=head1 TODO - -Provide a way of running tests quietly (ie. no printing) for automated -validation of tests. This will probably take the form of a version -of runtests() which rather than printing its output returns raw data -on the state of the tests. (Partially done in Test::Harness::Straps) - -Document the format. - -Fix HARNESS_COMPILE_TEST without breaking its core usage. - -Figure a way to report test names in the failure summary. - -Rework the test summary so long test names are not truncated as badly. -(Partially done with new skip test styles) - -Add option for coverage analysis. - -Trap STDERR. - -Implement Straps total_results() - -Remember exit code - -Completely redo the print summary code. - -Straps->analyze_file() not taint clean, don't know if it can be - -Fix that damned VMS nit. - -Add a test for verbose. - -Change internal list of test results to a hash. - -Fix stats display when there's an overrun. - -Fix so perls with spaces in the filename work. - -Keeping whittling away at _run_all_tests() - -Clean up how the summary is printed. Get rid of those damned formats. - -=head1 BUGS - -Please report any bugs or feature requests to -C, or through the web interface at -L. -I will be notified, and then you'll automatically be notified of progress on -your bug as I make changes. - -=head1 SUPPORT - -You can find documentation for this module with the F command. - - perldoc Test::Harness - -You can get docs for F with - - prove --man - -You can also look for information at: - -=over 4 - -=item * AnnoCPAN: Annotated CPAN documentation - -L - -=item * CPAN Ratings - -L - -=item * RT: CPAN's request tracker - -L - -=item * Search CPAN - -L - -=back - -=head1 SOURCE CODE - -The source code repository for Test::Harness is at -L. - -=head1 AUTHORS - -Either Tim Bunce or Andreas Koenig, we don't know. What we know for -sure is, that it was inspired by Larry Wall's F script that came -with perl distributions for ages. Numerous anonymous contributors -exist. Andreas Koenig held the torch for many years, and then -Michael G Schwern. - -Current maintainer is Andy Lester C<< >>. - -=head1 COPYRIGHT - -Copyright 2002-2006 -by Michael G Schwern C<< >>, -Andy Lester C<< >>. - -This program is free software; you can redistribute it and/or -modify it under the same terms as Perl itself. - -See L. - -=cut diff --git a/SecurityTests/regressions/inc/Test/Harness/Assert.pm b/SecurityTests/regressions/inc/Test/Harness/Assert.pm deleted file mode 100644 index 29f6c7ad..00000000 --- a/SecurityTests/regressions/inc/Test/Harness/Assert.pm +++ /dev/null @@ -1,64 +0,0 @@ -package Test::Harness::Assert; - -use strict; -require Exporter; -use vars qw($VERSION @EXPORT @ISA); - -$VERSION = '0.02'; - -@ISA = qw(Exporter); -@EXPORT = qw(assert); - - -=head1 NAME - -Test::Harness::Assert - simple assert - -=head1 SYNOPSIS - - ### FOR INTERNAL USE ONLY ### - - use Test::Harness::Assert; - - assert( EXPR, $name ); - -=head1 DESCRIPTION - -A simple assert routine since we don't have Carp::Assert handy. - -B - -=head1 FUNCTIONS - -=head2 C - - assert( EXPR, $name ); - -If the expression is false the program aborts. - -=cut - -sub assert ($;$) { - my($assert, $name) = @_; - - unless( $assert ) { - require Carp; - my $msg = 'Assert failed'; - $msg .= " - '$name'" if defined $name; - $msg .= '!'; - Carp::croak($msg); - } - -} - -=head1 AUTHOR - -Michael G Schwern C<< >> - -=head1 SEE ALSO - -L - -=cut - -1; diff --git a/SecurityTests/regressions/inc/Test/Harness/Iterator.pm b/SecurityTests/regressions/inc/Test/Harness/Iterator.pm deleted file mode 100644 index 2648cea7..00000000 --- a/SecurityTests/regressions/inc/Test/Harness/Iterator.pm +++ /dev/null @@ -1,70 +0,0 @@ -package Test::Harness::Iterator; - -use strict; -use vars qw($VERSION); -$VERSION = 0.02; - -=head1 NAME - -Test::Harness::Iterator - Internal Test::Harness Iterator - -=head1 SYNOPSIS - - use Test::Harness::Iterator; - my $it = Test::Harness::Iterator->new(\*TEST); - my $it = Test::Harness::Iterator->new(\@array); - - my $line = $it->next; - -=head1 DESCRIPTION - -B - -This is a simple iterator wrapper for arrays and filehandles. - -=head2 new() - -Create an iterator. - -=head2 next() - -Iterate through it, of course. - -=cut - -sub new { - my($proto, $thing) = @_; - - my $self = {}; - if( ref $thing eq 'GLOB' ) { - bless $self, 'Test::Harness::Iterator::FH'; - $self->{fh} = $thing; - } - elsif( ref $thing eq 'ARRAY' ) { - bless $self, 'Test::Harness::Iterator::ARRAY'; - $self->{idx} = 0; - $self->{array} = $thing; - } - else { - warn "Can't iterate with a ", ref $thing; - } - - return $self; -} - -package Test::Harness::Iterator::FH; -sub next { - my $fh = $_[0]->{fh}; - - # readline() doesn't work so good on 5.5.4. - return scalar <$fh>; -} - - -package Test::Harness::Iterator::ARRAY; -sub next { - my $self = shift; - return $self->{array}->[$self->{idx}++]; -} - -"Steve Peters, Master Of True Value Finding, was here."; diff --git a/SecurityTests/regressions/inc/Test/Harness/Point.pm b/SecurityTests/regressions/inc/Test/Harness/Point.pm deleted file mode 100644 index df0706ac..00000000 --- a/SecurityTests/regressions/inc/Test/Harness/Point.pm +++ /dev/null @@ -1,143 +0,0 @@ -# -*- Mode: cperl; cperl-indent-level: 4 -*- -package Test::Harness::Point; - -use strict; -use vars qw($VERSION); -$VERSION = '0.01'; - -=head1 NAME - -Test::Harness::Point - object for tracking a single test point - -=head1 SYNOPSIS - -One Test::Harness::Point object represents a single test point. - -=head1 CONSTRUCTION - -=head2 new() - - my $point = new Test::Harness::Point; - -Create a test point object. - -=cut - -sub new { - my $class = shift; - my $self = bless {}, $class; - - return $self; -} - -=head1 from_test_line( $line ) - -Constructor from a TAP test line, or empty return if the test line -is not a test line. - -=cut - -sub from_test_line { - my $class = shift; - my $line = shift or return; - - # We pulverize the line down into pieces in three parts. - my ($not, $number, $extra) = ($line =~ /^(not )?ok\b(?:\s+(\d+))?\s*(.*)/) or return; - - my $point = $class->new; - $point->set_number( $number ); - $point->set_ok( !$not ); - - if ( $extra ) { - my ($description,$directive) = split( /(?:[^\\]|^)#/, $extra, 2 ); - $description =~ s/^- //; # Test::More puts it in there - $point->set_description( $description ); - if ( $directive ) { - $point->set_directive( $directive ); - } - } # if $extra - - return $point; -} # from_test_line() - -=head1 ACCESSORS - -Each of the following fields has a getter and setter method. - -=over 4 - -=item * ok - -=item * number - -=cut - -sub ok { my $self = shift; $self->{ok} } -sub set_ok { - my $self = shift; - my $ok = shift; - $self->{ok} = $ok ? 1 : 0; -} -sub pass { - my $self = shift; - - return ($self->ok || $self->is_todo || $self->is_skip) ? 1 : 0; -} - -sub number { my $self = shift; $self->{number} } -sub set_number { my $self = shift; $self->{number} = shift } - -sub description { my $self = shift; $self->{description} } -sub set_description { - my $self = shift; - $self->{description} = shift; - $self->{name} = $self->{description}; # history -} - -sub directive { my $self = shift; $self->{directive} } -sub set_directive { - my $self = shift; - my $directive = shift; - - $directive =~ s/^\s+//; - $directive =~ s/\s+$//; - $self->{directive} = $directive; - - my ($type,$reason) = ($directive =~ /^\s*(\S+)(?:\s+(.*))?$/); - $self->set_directive_type( $type ); - $reason = "" unless defined $reason; - $self->{directive_reason} = $reason; -} -sub set_directive_type { - my $self = shift; - $self->{directive_type} = lc shift; - $self->{type} = $self->{directive_type}; # History -} -sub set_directive_reason { - my $self = shift; - $self->{directive_reason} = shift; -} -sub directive_type { my $self = shift; $self->{directive_type} } -sub type { my $self = shift; $self->{directive_type} } -sub directive_reason{ my $self = shift; $self->{directive_reason} } -sub reason { my $self = shift; $self->{directive_reason} } -sub is_todo { - my $self = shift; - my $type = $self->directive_type; - return $type && ( $type eq 'todo' ); -} -sub is_skip { - my $self = shift; - my $type = $self->directive_type; - return $type && ( $type eq 'skip' ); -} - -sub diagnostics { - my $self = shift; - return @{$self->{diagnostics}} if wantarray; - return join( "\n", @{$self->{diagnostics}} ); -} -sub add_diagnostic { my $self = shift; push @{$self->{diagnostics}}, @_ } - - -1; diff --git a/SecurityTests/regressions/inc/Test/Harness/Results.pm b/SecurityTests/regressions/inc/Test/Harness/Results.pm deleted file mode 100644 index 4b86bd7a..00000000 --- a/SecurityTests/regressions/inc/Test/Harness/Results.pm +++ /dev/null @@ -1,182 +0,0 @@ -# -*- Mode: cperl; cperl-indent-level: 4 -*- -package Test::Harness::Results; - -use strict; -use vars qw($VERSION); -$VERSION = '0.01_01'; - -=head1 NAME - -Test::Harness::Results - object for tracking results from a single test file - -=head1 SYNOPSIS - -One Test::Harness::Results object represents the results from one -test file getting analyzed. - -=head1 CONSTRUCTION - -=head2 new() - - my $results = new Test::Harness::Results; - -Create a test point object. Typically, however, you'll not create -one yourself, but access a Results object returned to you by -Test::Harness::Results. - -=cut - -sub new { - my $class = shift; - my $self = bless {}, $class; - - return $self; -} - -=head1 ACCESSORS - -The following data points are defined: - - passing true if the whole test is considered a pass - (or skipped), false if its a failure - - exit the exit code of the test run, if from a file - wait the wait code of the test run, if from a file - - max total tests which should have been run - seen total tests actually seen - skip_all if the whole test was skipped, this will - contain the reason. - - ok number of tests which passed - (including todo and skips) - - todo number of todo tests seen - bonus number of todo tests which - unexpectedly passed - - skip number of tests skipped - -So a successful test should have max == seen == ok. - - -There is one final item, the details. - - details an array ref reporting the result of - each test looks like this: - - $results{details}[$test_num - 1] = - { ok => is the test considered ok? - actual_ok => did it literally say 'ok'? - name => name of the test (if any) - diagnostics => test diagnostics (if any) - type => 'skip' or 'todo' (if any) - reason => reason for the above (if any) - }; - -Element 0 of the details is test #1. I tried it with element 1 being -#1 and 0 being empty, this is less awkward. - - -Each of the following fields has a getter and setter method. - -=over 4 - -=item * wait - -=item * exit - -=cut - -sub set_wait { my $self = shift; $self->{wait} = shift } -sub wait { - my $self = shift; - return $self->{wait} || 0; -} - -sub set_skip_all { my $self = shift; $self->{skip_all} = shift } -sub skip_all { - my $self = shift; - return $self->{skip_all}; -} - -sub inc_max { my $self = shift; $self->{max} += (@_ ? shift : 1) } -sub max { - my $self = shift; - return $self->{max} || 0; -} - -sub set_passing { my $self = shift; $self->{passing} = shift } -sub passing { - my $self = shift; - return $self->{passing} || 0; -} - -sub inc_ok { my $self = shift; $self->{ok} += (@_ ? shift : 1) } -sub ok { - my $self = shift; - return $self->{ok} || 0; -} - -sub set_exit { - my $self = shift; - if ($^O eq 'VMS') { - eval { - use vmsish q(status); - $self->{exit} = shift; # must be in same scope as pragma - } - } - else { - $self->{exit} = shift; - } -} -sub exit { - my $self = shift; - return $self->{exit} || 0; -} - -sub inc_bonus { my $self = shift; $self->{bonus}++ } -sub bonus { - my $self = shift; - return $self->{bonus} || 0; -} - -sub set_skip_reason { my $self = shift; $self->{skip_reason} = shift } -sub skip_reason { - my $self = shift; - return $self->{skip_reason} || 0; -} - -sub inc_skip { my $self = shift; $self->{skip}++ } -sub skip { - my $self = shift; - return $self->{skip} || 0; -} - -sub inc_todo { my $self = shift; $self->{todo}++ } -sub todo { - my $self = shift; - return $self->{todo} || 0; -} - -sub inc_seen { my $self = shift; $self->{seen}++ } -sub seen { - my $self = shift; - return $self->{seen} || 0; -} - -sub set_details { - my $self = shift; - my $index = shift; - my $details = shift; - - my $array = ($self->{details} ||= []); - $array->[$index-1] = $details; -} - -sub details { - my $self = shift; - return $self->{details} || []; -} - -1; diff --git a/SecurityTests/regressions/inc/Test/Harness/Straps.pm b/SecurityTests/regressions/inc/Test/Harness/Straps.pm deleted file mode 100644 index 3ee529c2..00000000 --- a/SecurityTests/regressions/inc/Test/Harness/Straps.pm +++ /dev/null @@ -1,648 +0,0 @@ -# -*- Mode: cperl; cperl-indent-level: 4 -*- -package Test::Harness::Straps; - -use strict; -use vars qw($VERSION); -$VERSION = '0.26_01'; - -use Config; -use Test::Harness::Assert; -use Test::Harness::Iterator; -use Test::Harness::Point; -use Test::Harness::Results; - -# Flags used as return values from our methods. Just for internal -# clarification. -my $YES = (1==1); -my $NO = !$YES; - -=head1 NAME - -Test::Harness::Straps - detailed analysis of test results - -=head1 SYNOPSIS - - use Test::Harness::Straps; - - my $strap = Test::Harness::Straps->new; - - # Various ways to interpret a test - my $results = $strap->analyze($name, \@test_output); - my $results = $strap->analyze_fh($name, $test_filehandle); - my $results = $strap->analyze_file($test_file); - - # UNIMPLEMENTED - my %total = $strap->total_results; - - # Altering the behavior of the strap UNIMPLEMENTED - my $verbose_output = $strap->dump_verbose(); - $strap->dump_verbose_fh($output_filehandle); - - -=head1 DESCRIPTION - -B in that the interface is subject to change -in incompatible ways. It is otherwise stable. - -Test::Harness is limited to printing out its results. This makes -analysis of the test results difficult for anything but a human. To -make it easier for programs to work with test results, we provide -Test::Harness::Straps. Instead of printing the results, straps -provide them as raw data. You can also configure how the tests are to -be run. - -The interface is currently incomplete. I contact the author -if you'd like a feature added or something change or just have -comments. - -=head1 CONSTRUCTION - -=head2 new() - - my $strap = Test::Harness::Straps->new; - -Initialize a new strap. - -=cut - -sub new { - my $class = shift; - my $self = bless {}, $class; - - $self->_init; - - return $self; -} - -=for private $strap->_init - - $strap->_init; - -Initialize the internal state of a strap to make it ready for parsing. - -=cut - -sub _init { - my($self) = shift; - - $self->{_is_vms} = ( $^O eq 'VMS' ); - $self->{_is_win32} = ( $^O =~ /^(MS)?Win32$/ ); - $self->{_is_macos} = ( $^O eq 'MacOS' ); -} - -=head1 ANALYSIS - -=head2 $strap->analyze( $name, \@output_lines ) - - my $results = $strap->analyze($name, \@test_output); - -Analyzes the output of a single test, assigning it the given C<$name> -for use in the total report. Returns the C<$results> of the test. -See L. - -C<@test_output> should be the raw output from the test, including -newlines. - -=cut - -sub analyze { - my($self, $name, $test_output) = @_; - - my $it = Test::Harness::Iterator->new($test_output); - return $self->_analyze_iterator($name, $it); -} - - -sub _analyze_iterator { - my($self, $name, $it) = @_; - - $self->_reset_file_state; - $self->{file} = $name; - - my $results = Test::Harness::Results->new; - - # Set them up here so callbacks can have them. - $self->{totals}{$name} = $results; - while( defined(my $line = $it->next) ) { - $self->_analyze_line($line, $results); - last if $self->{saw_bailout}; - } - - $results->set_skip_all( $self->{skip_all} ) if defined $self->{skip_all}; - - my $passed = - (($results->max == 0) && defined $results->skip_all) || - ($results->max && - $results->seen && - $results->max == $results->seen && - $results->max == $results->ok); - - $results->set_passing( $passed ? 1 : 0 ); - - return $results; -} - - -sub _analyze_line { - my $self = shift; - my $line = shift; - my $results = shift; - - $self->{line}++; - - my $linetype; - my $point = Test::Harness::Point->from_test_line( $line ); - if ( $point ) { - $linetype = 'test'; - - $results->inc_seen; - $point->set_number( $self->{'next'} ) unless $point->number; - - # sometimes the 'not ' and the 'ok' are on different lines, - # happens often on VMS if you do: - # print "not " unless $test; - # print "ok $num\n"; - if ( $self->{lone_not_line} && ($self->{lone_not_line} == $self->{line} - 1) ) { - $point->set_ok( 0 ); - } - - if ( $self->{todo}{$point->number} ) { - $point->set_directive_type( 'todo' ); - } - - if ( $point->is_todo ) { - $results->inc_todo; - $results->inc_bonus if $point->ok; - } - elsif ( $point->is_skip ) { - $results->inc_skip; - } - - $results->inc_ok if $point->pass; - - if ( ($point->number > 100_000) && ($point->number > ($self->{max}||100_000)) ) { - if ( !$self->{too_many_tests}++ ) { - warn "Enormous test number seen [test ", $point->number, "]\n"; - warn "Can't detailize, too big.\n"; - } - } - else { - my $details = { - ok => $point->pass, - actual_ok => $point->ok, - name => _def_or_blank( $point->description ), - type => _def_or_blank( $point->directive_type ), - reason => _def_or_blank( $point->directive_reason ), - }; - - assert( defined( $details->{ok} ) && defined( $details->{actual_ok} ) ); - $results->set_details( $point->number, $details ); - } - } # test point - elsif ( $line =~ /^not\s+$/ ) { - $linetype = 'other'; - # Sometimes the "not " and "ok" will be on separate lines on VMS. - # We catch this and remember we saw it. - $self->{lone_not_line} = $self->{line}; - } - elsif ( $self->_is_header($line) ) { - $linetype = 'header'; - - $self->{saw_header}++; - - $results->inc_max( $self->{max} ); - } - elsif ( $self->_is_bail_out($line, \$self->{bailout_reason}) ) { - $linetype = 'bailout'; - $self->{saw_bailout} = 1; - } - elsif (my $diagnostics = $self->_is_diagnostic_line( $line )) { - $linetype = 'other'; - # XXX We can throw this away, really. - my $test = $results->details->[-1]; - $test->{diagnostics} ||= ''; - $test->{diagnostics} .= $diagnostics; - } - else { - $linetype = 'other'; - } - - $self->callback->($self, $line, $linetype, $results) if $self->callback; - - $self->{'next'} = $point->number + 1 if $point; -} # _analyze_line - - -sub _is_diagnostic_line { - my ($self, $line) = @_; - return if index( $line, '# Looks like you failed' ) == 0; - $line =~ s/^#\s//; - return $line; -} - -=for private $strap->analyze_fh( $name, $test_filehandle ) - - my $results = $strap->analyze_fh($name, $test_filehandle); - -Like C, but it reads from the given filehandle. - -=cut - -sub analyze_fh { - my($self, $name, $fh) = @_; - - my $it = Test::Harness::Iterator->new($fh); - return $self->_analyze_iterator($name, $it); -} - -=head2 $strap->analyze_file( $test_file ) - - my $results = $strap->analyze_file($test_file); - -Like C, but it runs the given C<$test_file> and parses its -results. It will also use that name for the total report. - -=cut - -sub analyze_file { - my($self, $file) = @_; - - unless( -e $file ) { - $self->{error} = "$file does not exist"; - return; - } - - unless( -r $file ) { - $self->{error} = "$file is not readable"; - return; - } - - local $ENV{PERL5LIB} = $self->_INC2PERL5LIB; - if ( $Test::Harness::Debug ) { - local $^W=0; # ignore undef warnings - print "# PERL5LIB=$ENV{PERL5LIB}\n"; - } - - # *sigh* this breaks under taint, but open -| is unportable. - my $line = $self->_command_line($file); - - unless ( open(FILE, "$line|" )) { - print "can't run $file. $!\n"; - return; - } - - my $results = $self->analyze_fh($file, \*FILE); - my $exit = close FILE; - - $results->set_wait($?); - if ( $? && $self->{_is_vms} ) { - $results->set_exit($?); - } - else { - $results->set_exit( _wait2exit($?) ); - } - $results->set_passing(0) unless $? == 0; - - $self->_restore_PERL5LIB(); - - return $results; -} - - -eval { require POSIX; &POSIX::WEXITSTATUS(0) }; -if( $@ ) { - *_wait2exit = sub { $_[0] >> 8 }; -} -else { - *_wait2exit = sub { POSIX::WEXITSTATUS($_[0]) } -} - -=for private $strap->_command_line( $file ) - -Returns the full command line that will be run to test I<$file>. - -=cut - -sub _command_line { - my $self = shift; - my $file = shift; - - my $command = $self->_command(); - my $switches = $self->_switches($file); - - $file = qq["$file"] if ($file =~ /\s/) && ($file !~ /^".*"$/); - my $line = "$command $switches $file"; - - return $line; -} - - -=for private $strap->_command() - -Returns the command that runs the test. Combine this with C<_switches()> -to build a command line. - -Typically this is C<$^X>, but you can set C<$ENV{HARNESS_PERL}> -to use a different Perl than what you're running the harness under. -This might be to run a threaded Perl, for example. - -You can also overload this method if you've built your own strap subclass, -such as a PHP interpreter for a PHP-based strap. - -=cut - -sub _command { - my $self = shift; - - return $ENV{HARNESS_PERL} if defined $ENV{HARNESS_PERL}; - #return qq["$^X"] if $self->{_is_win32} && ($^X =~ /[^\w\.\/\\]/); - return qq["$^X"] if $^X =~ /\s/ and $^X !~ /^["']/; - return $^X; -} - - -=for private $strap->_switches( $file ) - -Formats and returns the switches necessary to run the test. - -=cut - -sub _switches { - my($self, $file) = @_; - - my @existing_switches = $self->_cleaned_switches( $Test::Harness::Switches, $ENV{HARNESS_PERL_SWITCHES} ); - my @derived_switches; - - local *TEST; - open(TEST, $file) or print "can't open $file. $!\n"; - my $shebang = ; - close(TEST) or print "can't close $file. $!\n"; - - my $taint = ( $shebang =~ /^#!.*\bperl.*\s-\w*([Tt]+)/ ); - push( @derived_switches, "-$1" ) if $taint; - - # When taint mode is on, PERL5LIB is ignored. So we need to put - # all that on the command line as -Is. - # MacPerl's putenv is broken, so it will not see PERL5LIB, tainted or not. - if ( $taint || $self->{_is_macos} ) { - my @inc = $self->_filtered_INC; - push @derived_switches, map { "-I$_" } @inc; - } - - # Quote the argument if there's any whitespace in it, or if - # we're VMS, since VMS requires all parms quoted. Also, don't quote - # it if it's already quoted. - for ( @derived_switches ) { - $_ = qq["$_"] if ((/\s/ || $self->{_is_vms}) && !/^".*"$/ ); - } - return join( " ", @existing_switches, @derived_switches ); -} - -=for private $strap->_cleaned_switches( @switches_from_user ) - -Returns only defined, non-blank, trimmed switches from the parms passed. - -=cut - -sub _cleaned_switches { - my $self = shift; - - local $_; - - my @switches; - for ( @_ ) { - my $switch = $_; - next unless defined $switch; - $switch =~ s/^\s+//; - $switch =~ s/\s+$//; - push( @switches, $switch ) if $switch ne ""; - } - - return @switches; -} - -=for private $strap->_INC2PERL5LIB - - local $ENV{PERL5LIB} = $self->_INC2PERL5LIB; - -Takes the current value of C<@INC> and turns it into something suitable -for putting onto C. - -=cut - -sub _INC2PERL5LIB { - my($self) = shift; - - $self->{_old5lib} = $ENV{PERL5LIB}; - - return join $Config{path_sep}, $self->_filtered_INC; -} - -=for private $strap->_filtered_INC() - - my @filtered_inc = $self->_filtered_INC; - -Shortens C<@INC> by removing redundant and unnecessary entries. -Necessary for OSes with limited command line lengths, like VMS. - -=cut - -sub _filtered_INC { - my($self, @inc) = @_; - @inc = @INC unless @inc; - - if( $self->{_is_vms} ) { - # VMS has a 255-byte limit on the length of %ENV entries, so - # toss the ones that involve perl_root, the install location - @inc = grep !/perl_root/i, @inc; - - } - elsif ( $self->{_is_win32} ) { - # Lose any trailing backslashes in the Win32 paths - s/[\\\/+]$// foreach @inc; - } - - my %seen; - $seen{$_}++ foreach $self->_default_inc(); - @inc = grep !$seen{$_}++, @inc; - - return @inc; -} - - -{ # Without caching, _default_inc() takes a huge amount of time - my %cache; - sub _default_inc { - my $self = shift; - my $perl = $self->_command; - $cache{$perl} ||= [do { - local $ENV{PERL5LIB}; - my @inc =`$perl -le "print join qq[\\n], \@INC"`; - chomp @inc; - }]; - return @{$cache{$perl}}; - } -} - - -=for private $strap->_restore_PERL5LIB() - - $self->_restore_PERL5LIB; - -This restores the original value of the C environment variable. -Necessary on VMS, otherwise a no-op. - -=cut - -sub _restore_PERL5LIB { - my($self) = shift; - - return unless $self->{_is_vms}; - - if (defined $self->{_old5lib}) { - $ENV{PERL5LIB} = $self->{_old5lib}; - } -} - -=head1 Parsing - -Methods for identifying what sort of line you're looking at. - -=for private _is_diagnostic - - my $is_diagnostic = $strap->_is_diagnostic($line, \$comment); - -Checks if the given line is a comment. If so, it will place it into -C<$comment> (sans #). - -=cut - -sub _is_diagnostic { - my($self, $line, $comment) = @_; - - if( $line =~ /^\s*\#(.*)/ ) { - $$comment = $1; - return $YES; - } - else { - return $NO; - } -} - -=for private _is_header - - my $is_header = $strap->_is_header($line); - -Checks if the given line is a header (1..M) line. If so, it places how -many tests there will be in C<< $strap->{max} >>, a list of which tests -are todo in C<< $strap->{todo} >> and if the whole test was skipped -C<< $strap->{skip_all} >> contains the reason. - -=cut - -# Regex for parsing a header. Will be run with /x -my $Extra_Header_Re = <<'REGEX'; - ^ - (?: \s+ todo \s+ ([\d \t]+) )? # optional todo set - (?: \s* \# \s* ([\w:]+\s?) (.*) )? # optional skip with optional reason -REGEX - -sub _is_header { - my($self, $line) = @_; - - if( my($max, $extra) = $line =~ /^1\.\.(\d+)(.*)/ ) { - $self->{max} = $max; - assert( $self->{max} >= 0, 'Max # of tests looks right' ); - - if( defined $extra ) { - my($todo, $skip, $reason) = $extra =~ /$Extra_Header_Re/xo; - - $self->{todo} = { map { $_ => 1 } split /\s+/, $todo } if $todo; - - if( $self->{max} == 0 ) { - $reason = '' unless defined $skip and $skip =~ /^Skip/i; - } - - $self->{skip_all} = $reason; - } - - return $YES; - } - else { - return $NO; - } -} - -=for private _is_bail_out - - my $is_bail_out = $strap->_is_bail_out($line, \$reason); - -Checks if the line is a "Bail out!". Places the reason for bailing -(if any) in $reason. - -=cut - -sub _is_bail_out { - my($self, $line, $reason) = @_; - - if( $line =~ /^Bail out!\s*(.*)/i ) { - $$reason = $1 if $1; - return $YES; - } - else { - return $NO; - } -} - -=for private _reset_file_state - - $strap->_reset_file_state; - -Resets things like C<< $strap->{max} >> , C<< $strap->{skip_all} >>, -etc. so it's ready to parse the next file. - -=cut - -sub _reset_file_state { - my($self) = shift; - - delete @{$self}{qw(max skip_all todo too_many_tests)}; - $self->{line} = 0; - $self->{saw_header} = 0; - $self->{saw_bailout}= 0; - $self->{lone_not_line} = 0; - $self->{bailout_reason} = ''; - $self->{'next'} = 1; -} - -=head1 EXAMPLES - -See F for an example of use. - -=head1 AUTHOR - -Michael G Schwern C<< >>, currently maintained by -Andy Lester C<< >>. - -=head1 SEE ALSO - -L - -=cut - -sub _def_or_blank { - return $_[0] if defined $_[0]; - return ""; -} - -sub set_callback { - my $self = shift; - $self->{callback} = shift; -} - -sub callback { - my $self = shift; - return $self->{callback}; -} - -1; diff --git a/SecurityTests/regressions/inc/Test/Harness/TAP.pod b/SecurityTests/regressions/inc/Test/Harness/TAP.pod deleted file mode 100644 index deb506db..00000000 --- a/SecurityTests/regressions/inc/Test/Harness/TAP.pod +++ /dev/null @@ -1,492 +0,0 @@ -=head1 NAME - -Test::Harness::TAP - Documentation for the TAP format - -=head1 SYNOPSIS - -TAP, the Test Anything Protocol, is Perl's simple text-based interface -between testing modules such as Test::More and the test harness -Test::Harness. - -=head1 TODO - -Exit code of the process. - -=head1 THE TAP FORMAT - -TAP's general format is: - - 1..N - ok 1 Description # Directive - # Diagnostic - .... - ok 47 Description - ok 48 Description - more tests.... - -For example, a test file's output might look like: - - 1..4 - ok 1 - Input file opened - not ok 2 - First line of the input valid - ok 3 - Read the rest of the file - not ok 4 - Summarized correctly # TODO Not written yet - -=head1 HARNESS BEHAVIOR - -In this document, the "harness" is any program analyzing TAP output. -Typically this will be Perl's I program, or the underlying -C subroutine. - -A harness must only read TAP output from standard output and not -from standard error. Lines written to standard output matching -C must be interpreted as test lines. All other -lines must not be considered test output. - -=head1 TESTS LINES AND THE PLAN - -=head2 The plan - -The plan tells how many tests will be run, or how many tests have -run. It's a check that the test file hasn't stopped prematurely. -It must appear once, whether at the beginning or end of the output. - -The plan is usually the first line of TAP output and it specifies how -many test points are to follow. For example, - - 1..10 - -means you plan on running 10 tests. This is a safeguard in case your test -file dies silently in the middle of its run. The plan is optional but if -there is a plan before the test points it must be the first non-diagnostic -line output by the test file. - -In certain instances a test file may not know how many test points -it will ultimately be running. In this case the plan can be the last -non-diagnostic line in the output. - -The plan cannot appear in the middle of the output, nor can it appear more -than once. - -=head2 The test line - -The core of TAP is the test line. A test file prints one test line test -point executed. There must be at least one test line in TAP output. Each -test line comprises the following elements: - -=over 4 - -=item * C or C - -This tells whether the test point passed or failed. It must be -at the beginning of the line. C indicates a failed test -point. C is a successful test point. This is the only mandatory -part of the line. - -Note that unlike the Directives below, C and C are -case-sensitive. - -=item * Test number - -TAP expects the C or C to be followed by a test point -number. If there is no number the harness must maintain -its own counter until the script supplies test numbers again. So -the following test output - - 1..6 - not ok - ok - not ok - ok - ok - -has five tests. The sixth is missing. Test::Harness will generate - - FAILED tests 1, 3, 6 - Failed 3/6 tests, 50.00% okay - -=item * Description - -Any text after the test number but before a C<#> is the description of -the test point. - - ok 42 this is the description of the test - -Descriptions should not begin with a digit so that they are not confused -with the test point number. - -The harness may do whatever it wants with the description. - -=item * Directive - -The test point may include a directive, following a hash on the -test line. There are currently two directives allowed: C and -C. These are discussed below. - -=back - -To summarize: - -=over 4 - -=item * ok/not ok (required) - -=item * Test number (recommended) - -=item * Description (recommended) - -=item * Directive (only when necessary) - -=back - -=head1 DIRECTIVES - -Directives are special notes that follow a C<#> on the test line. -Only two are currently defined: C and C. Note that -these two keywords are not case-sensitive. - -=head2 TODO tests - -If the directive starts with C<# TODO>, the test is counted as a -todo test, and the text after C is the explanation. - - not ok 13 # TODO bend space and time - -Note that if the TODO has an explanation it must be separated from -C by a space. - -These tests represent a feature to be implemented or a bug to be fixed -and act as something of an executable "things to do" list. They are -B expected to succeed. Should a todo test point begin succeeding, -the harness should report it as a bonus. This indicates that whatever -you were supposed to do has been done and you should promote this to a -normal test point. - -=head2 Skipping tests - -If the directive starts with C<# SKIP>, the test is counted as having -been skipped. If the whole test file succeeds, the count of skipped -tests is included in the generated output. The harness should report -the text after C< # SKIP\S*\s+> as a reason for skipping. - - ok 23 # skip Insufficient flogiston pressure. - -Similarly, one can include an explanation in a plan line, -emitted if the test file is skipped completely: - - 1..0 # Skipped: WWW::Mechanize not installed - -=head1 OTHER LINES - -=head2 Bail out! - -As an emergency measure a test script can decide that further tests -are useless (e.g. missing dependencies) and testing should stop -immediately. In that case the test script prints the magic words - - Bail out! - -to standard output. Any message after these words must be displayed -by the interpreter as the reason why testing must be stopped, as -in - - Bail out! MySQL is not running. - -=head2 Diagnostics - -Additional information may be put into the testing output on separate -lines. Diagnostic lines should begin with a C<#>, which the harness must -ignore, at least as far as analyzing the test results. The harness is -free, however, to display the diagnostics. Typically diagnostics are -used to provide information about the environment in which test file is -running, or to delineate a group of tests. - - ... - ok 18 - Closed database connection - # End of database section. - # This starts the network part of the test. - # Daemon started on port 2112 - ok 19 - Opened socket - ... - ok 47 - Closed socket - # End of network tests - -=head2 Anything else - -Any output line that is not a plan, a test line or a diagnostic is -incorrect. How a harness handles the incorrect line is undefined. -Test::Harness silently ignores incorrect lines, but will become more -stringent in the future. - -=head1 EXAMPLES - -All names, places, and events depicted in any example are wholly -fictitious and bear no resemblance to, connection with, or relation to any -real entity. Any such similarity is purely coincidental, unintentional, -and unintended. - -=head2 Common with explanation - -The following TAP listing declares that six tests follow as well as -provides handy feedback as to what the test is about to do. All six -tests pass. - - 1..6 - # - # Create a new Board and Tile, then place - # the Tile onto the board. - # - ok 1 - The object isa Board - ok 2 - Board size is zero - ok 3 - The object isa Tile - ok 4 - Get possible places to put the Tile - ok 5 - Placing the tile produces no error - ok 6 - Board size is 1 - -=head2 Unknown amount and failures - -This hypothetical test program ensures that a handful of servers are -online and network-accessible. Because it retrieves the hypothetical -servers from a database, it doesn't know exactly how many servers it -will need to ping. Thus, the test count is declared at the bottom after -all the test points have run. Also, two of the tests fail. - - ok 1 - retrieving servers from the database - # need to ping 6 servers - ok 2 - pinged diamond - ok 3 - pinged ruby - not ok 4 - pinged saphire - ok 5 - pinged onyx - not ok 6 - pinged quartz - ok 7 - pinged gold - 1..7 - -=head2 Giving up - -This listing reports that a pile of tests are going to be run. However, -the first test fails, reportedly because a connection to the database -could not be established. The program decided that continuing was -pointless and exited. - - 1..573 - not ok 1 - database handle - Bail out! Couldn't connect to database. - -=head2 Skipping a few - -The following listing plans on running 5 tests. However, our program -decided to not run tests 2 thru 5 at all. To properly report this, -the tests are marked as being skipped. - - 1..5 - ok 1 - approved operating system - # $^0 is solaris - ok 2 - # SKIP no /sys directory - ok 3 - # SKIP no /sys directory - ok 4 - # SKIP no /sys directory - ok 5 - # SKIP no /sys directory - -=head2 Skipping everything - -This listing shows that the entire listing is a skip. No tests were run. - - 1..0 # skip because English-to-French translator isn't installed - -=head2 Got spare tuits? - -The following example reports that four tests are run and the last two -tests failed. However, because the failing tests are marked as things -to do later, they are considered successes. Thus, a harness should report -this entire listing as a success. - - 1..4 - ok 1 - Creating test program - ok 2 - Test program runs, no error - not ok 3 - infinite loop # TODO halting problem unsolved - not ok 4 - infinite loop 2 # TODO halting problem unsolved - -=head2 Creative liberties - -This listing shows an alternate output where the test numbers aren't -provided. The test also reports the state of a ficticious board game in -diagnostic form. Finally, the test count is reported at the end. - - ok - created Board - ok - ok - ok - ok - ok - ok - ok - # +------+------+------+------+ - # | |16G | |05C | - # | |G N C | |C C G | - # | | G | | C +| - # +------+------+------+------+ - # |10C |01G | |03C | - # |R N G |G A G | |C C C | - # | R | G | | C +| - # +------+------+------+------+ - # | |01G |17C |00C | - # | |G A G |G N R |R N R | - # | | G | R | G | - # +------+------+------+------+ - ok - board has 7 tiles + starter tile - 1..9 - -=head1 Non-Perl TAP - -In Perl, we use Test::Simple and Test::More to generate TAP output. -Other languages have solutions that generate TAP, so that they can take -advantage of Test::Harness. - -The following sections are provided by their maintainers, and may not -be up-to-date. - -=head2 C/C++ - -libtap makes it easy to write test programs in C that produce -TAP-compatible output. Modeled on the Test::More API, libtap contains -all the functions you need to: - -=over 4 - -=item * Specify a test plan - -=item * Run tests - -=item * Skip tests in certain situations - -=item * Have TODO tests - -=item * Produce TAP compatible diagnostics - -=back - -More information about libtap, including download links, checksums, -anonymous access to the Subersion repository, and a bug tracking -system, can be found at: - - http://jc.ngo.org.uk/trac-bin/trac.cgi/wiki/LibTap - -(Nik Clayton, April 17, 2006) - -=head2 Python - -PyTap will, when it's done, provide a simple, assertive (Test::More-like) -interface for writing tests in Python. It will output TAP and will -include the functionality found in Test::Builder and Test::More. It will -try to make it easy to add more test code (so you can write your own -C, for example. - -Right now, it's got a fair bit of the basics needed to emulate Test::More, -and I think it's easy to add more stuff -- just like Test::Builder, -there's a singleton that you can get at easily. - -I need to better identify and finish implementing the most basic tests. -I am not a Python guru, I just use it from time to time, so my aim may -not be true. I need to write tests for it, which means either relying -on Perl for the tester tester, or writing one in Python. - -Here's a sample test, as found in my Subversion: - - from TAP.Simple import * - - plan(15) - - ok(1) - ok(1, "everything is OK!") - ok(0, "always fails") - - is_ok(10, 10, "is ten ten?") - is_ok(ok, ok, "even ok is ok!") - ok(id(ok), "ok is not the null pointer") - ok(True, "the Truth will set you ok") - ok(not False, "and nothing but the truth") - ok(False, "and we'll know if you lie to us") - - isa_ok(10, int, "10") - isa_ok('ok', str, "some string") - - ok(0, "zero is true", todo="be more like Ruby!") - ok(None, "none is true", skip="not possible in this universe") - - eq_ok("not", "equal", "two strings are not equal"); - -(Ricardo Signes, April 17, 2006) - -=head2 JavaScript - -Test.Simple looks and acts just like TAP, although in reality it's -tracking test results in an object rather than scraping them from a -print buffer. - - http://openjsan.org/doc/t/th/theory/Test/Simple/ - -(David Wheeler, April 17, 2006) - -=head2 PHP - -All the big PHP players now produce TAP - -=over - -=item * phpt - -Outputs TAP by default as of the yet-to-be-released PEAR 1.5.0 - - http://pear.php.net/PEAR - -=item * PHPUnit - -Has a TAP logger (since 2.3.4) - - http://www.phpunit.de/wiki/Main_Page - -=item * SimpleTest - -There's a third-party TAP reporting extension for SimpleTest - - http://www.digitalsandwich.com/archives/51-Updated-Simpletest+Apache-Test.html - -=item * Apache-Test - -Apache-Test's PHP writes TAP by default and includes the standalone -test-more.php - - http://search.cpan.org/dist/Apache-Test/ - -=back - -(Geoffrey Young, April 17, 2006) - -=head1 AUTHORS - -Andy Lester, based on the original Test::Harness documentation by Michael Schwern. - -=head1 ACKNOWLEDGEMENTS - -Thanks to -Pete Krawczyk, -Paul Johnson, -Ian Langworth -and Nik Clayton -for help and contributions on this document. - -The basis for the TAP format was created by Larry Wall in the -original test script for Perl 1. Tim Bunce and Andreas Koenig -developed it further with their modifications to Test::Harness. - -=head1 COPYRIGHT - -Copyright 2003-2005 by -Michael G Schwern C<< >>, -Andy Lester C<< >>. - -This program is free software; you can redistribute it and/or -modify it under the same terms as Perl itself. - -See L. - -=cut diff --git a/SecurityTests/regressions/inc/Test/Harness/Util.pm b/SecurityTests/regressions/inc/Test/Harness/Util.pm deleted file mode 100644 index 0cda2fee..00000000 --- a/SecurityTests/regressions/inc/Test/Harness/Util.pm +++ /dev/null @@ -1,133 +0,0 @@ -package Test::Harness::Util; - -use strict; -use vars qw($VERSION); -$VERSION = '0.01'; - -use File::Spec; -use Exporter; -use vars qw( @ISA @EXPORT @EXPORT_OK ); - -@ISA = qw( Exporter ); -@EXPORT = (); -@EXPORT_OK = qw( all_in shuffle blibdirs ); - -=head1 NAME - -Test::Harness::Util - Utility functions for Test::Harness::* - -=head1 SYNOPSIS - -Utility functions for Test::Harness::* - -=head1 PUBLIC FUNCTIONS - -The following are all available to be imported to your module. No symbols -are exported by default. - -=head2 all_in( {parm => value, parm => value} ) - -Finds all the F<*.t> in a directory. Knows to skip F<.svn> and F -directories. - -Valid parms are: - -=over - -=item start - -Starting point for the search. Defaults to ".". - -=item recurse - -Flag to say whether it should recurse. Default to true. - -=back - -=cut - -sub all_in { - my $parms = shift; - my %parms = ( - start => ".", - recurse => 1, - %$parms, - ); - - my @hits = (); - my $start = $parms{start}; - - local *DH; - if ( opendir( DH, $start ) ) { - my @files = sort readdir DH; - closedir DH; - for my $file ( @files ) { - next if $file eq File::Spec->updir || $file eq File::Spec->curdir; - next if $file eq ".svn"; - next if $file eq "CVS"; - - my $currfile = File::Spec->catfile( $start, $file ); - if ( -d $currfile ) { - push( @hits, all_in( { %parms, start => $currfile } ) ) if $parms{recurse}; - } - else { - push( @hits, $currfile ) if $currfile =~ /\.t$/; - } - } - } - else { - warn "$start: $!\n"; - } - - return @hits; -} - -=head1 shuffle( @list ) - -Returns a shuffled copy of I<@list>. - -=cut - -sub shuffle { - # Fisher-Yates shuffle - my $i = @_; - while ($i) { - my $j = rand $i--; - @_[$i, $j] = @_[$j, $i]; - } -} - - -=head2 blibdir() - -Finds all the blib directories. Stolen directly from blib.pm - -=cut - -sub blibdirs { - my $dir = File::Spec->curdir; - if ($^O eq 'VMS') { - ($dir = VMS::Filespec::unixify($dir)) =~ s-/\z--; - } - my $archdir = "arch"; - if ( $^O eq "MacOS" ) { - # Double up the MP::A so that it's not used only once. - $archdir = $MacPerl::Architecture = $MacPerl::Architecture; - } - - my $i = 5; - while ($i--) { - my $blib = File::Spec->catdir( $dir, "blib" ); - my $blib_lib = File::Spec->catdir( $blib, "lib" ); - my $blib_arch = File::Spec->catdir( $blib, $archdir ); - - if ( -d $blib && -d $blib_arch && -d $blib_lib ) { - return ($blib_arch,$blib_lib); - } - $dir = File::Spec->catdir($dir, File::Spec->updir); - } - warn "$0: Cannot find blib\n"; - return; -} - -1; diff --git a/SecurityTests/regressions/inc/Test/More.pm b/SecurityTests/regressions/inc/Test/More.pm deleted file mode 100644 index 5842e052..00000000 --- a/SecurityTests/regressions/inc/Test/More.pm +++ /dev/null @@ -1,1569 +0,0 @@ -package Test::More; - -use 5.006; -use strict; - - -# Can't use Carp because it might cause use_ok() to accidentally succeed -# even though the module being used forgot to use Carp. Yes, this -# actually happened. -sub _carp { - my($file, $line) = (caller(1))[1,2]; - warn @_, " at $file line $line\n"; -} - - - -use vars qw($VERSION @ISA @EXPORT %EXPORT_TAGS $TODO); -$VERSION = '0.80'; -$VERSION = eval $VERSION; # make the alpha version come out as a number - -use Test::Builder::Module; -@ISA = qw(Test::Builder::Module); -@EXPORT = qw(ok use_ok require_ok - is isnt like unlike is_deeply - cmp_ok - skip todo todo_skip - pass fail - eq_array eq_hash eq_set - $TODO - plan - can_ok isa_ok - diag - BAIL_OUT - ); - - -=head1 NAME - -Test::More - yet another framework for writing test scripts - -=head1 SYNOPSIS - - use Test::More tests => 23; - # or - use Test::More qw(no_plan); - # or - use Test::More skip_all => $reason; - - BEGIN { use_ok( 'Some::Module' ); } - require_ok( 'Some::Module' ); - - # Various ways to say "ok" - ok($got eq $expected, $test_name); - - is ($got, $expected, $test_name); - isnt($got, $expected, $test_name); - - # Rather than print STDERR "# here's what went wrong\n" - diag("here's what went wrong"); - - like ($got, qr/expected/, $test_name); - unlike($got, qr/expected/, $test_name); - - cmp_ok($got, '==', $expected, $test_name); - - is_deeply($got_complex_structure, $expected_complex_structure, $test_name); - - SKIP: { - skip $why, $how_many unless $have_some_feature; - - ok( foo(), $test_name ); - is( foo(42), 23, $test_name ); - }; - - TODO: { - local $TODO = $why; - - ok( foo(), $test_name ); - is( foo(42), 23, $test_name ); - }; - - can_ok($module, @methods); - isa_ok($object, $class); - - pass($test_name); - fail($test_name); - - BAIL_OUT($why); - - # UNIMPLEMENTED!!! - my @status = Test::More::status; - - -=head1 DESCRIPTION - -B If you're just getting started writing tests, have a look at -Test::Simple first. This is a drop in replacement for Test::Simple -which you can switch to once you get the hang of basic testing. - -The purpose of this module is to provide a wide range of testing -utilities. Various ways to say "ok" with better diagnostics, -facilities to skip tests, test future features and compare complicated -data structures. While you can do almost anything with a simple -C function, it doesn't provide good diagnostic output. - - -=head2 I love it when a plan comes together - -Before anything else, you need a testing plan. This basically declares -how many tests your script is going to run to protect against premature -failure. - -The preferred way to do this is to declare a plan when you C. - - use Test::More tests => 23; - -There are rare cases when you will not know beforehand how many tests -your script is going to run. In this case, you can declare that you -have no plan. (Try to avoid using this as it weakens your test.) - - use Test::More qw(no_plan); - -B: using no_plan requires a Test::Harness upgrade else it will -think everything has failed. See L). - -In some cases, you'll want to completely skip an entire testing script. - - use Test::More skip_all => $skip_reason; - -Your script will declare a skip with the reason why you skipped and -exit immediately with a zero (success). See L for -details. - -If you want to control what functions Test::More will export, you -have to use the 'import' option. For example, to import everything -but 'fail', you'd do: - - use Test::More tests => 23, import => ['!fail']; - -Alternatively, you can use the plan() function. Useful for when you -have to calculate the number of tests. - - use Test::More; - plan tests => keys %Stuff * 3; - -or for deciding between running the tests at all: - - use Test::More; - if( $^O eq 'MacOS' ) { - plan skip_all => 'Test irrelevant on MacOS'; - } - else { - plan tests => 42; - } - -=cut - -sub plan { - my $tb = Test::More->builder; - - $tb->plan(@_); -} - - -# This implements "use Test::More 'no_diag'" but the behavior is -# deprecated. -sub import_extra { - my $class = shift; - my $list = shift; - - my @other = (); - my $idx = 0; - while( $idx <= $#{$list} ) { - my $item = $list->[$idx]; - - if( defined $item and $item eq 'no_diag' ) { - $class->builder->no_diag(1); - } - else { - push @other, $item; - } - - $idx++; - } - - @$list = @other; -} - - -=head2 Test names - -By convention, each test is assigned a number in order. This is -largely done automatically for you. However, it's often very useful to -assign a name to each test. Which would you rather see: - - ok 4 - not ok 5 - ok 6 - -or - - ok 4 - basic multi-variable - not ok 5 - simple exponential - ok 6 - force == mass * acceleration - -The later gives you some idea of what failed. It also makes it easier -to find the test in your script, simply search for "simple -exponential". - -All test functions take a name argument. It's optional, but highly -suggested that you use it. - - -=head2 I'm ok, you're not ok. - -The basic purpose of this module is to print out either "ok #" or "not -ok #" depending on if a given test succeeded or failed. Everything -else is just gravy. - -All of the following print "ok" or "not ok" depending on if the test -succeeded or failed. They all also return true or false, -respectively. - -=over 4 - -=item B - - ok($got eq $expected, $test_name); - -This simply evaluates any expression (C<$got eq $expected> is just a -simple example) and uses that to determine if the test succeeded or -failed. A true expression passes, a false one fails. Very simple. - -For example: - - ok( $exp{9} == 81, 'simple exponential' ); - ok( Film->can('db_Main'), 'set_db()' ); - ok( $p->tests == 4, 'saw tests' ); - ok( !grep !defined $_, @items, 'items populated' ); - -(Mnemonic: "This is ok.") - -$test_name is a very short description of the test that will be printed -out. It makes it very easy to find a test in your script when it fails -and gives others an idea of your intentions. $test_name is optional, -but we B strongly encourage its use. - -Should an ok() fail, it will produce some diagnostics: - - not ok 18 - sufficient mucus - # Failed test 'sufficient mucus' - # in foo.t at line 42. - -This is the same as Test::Simple's ok() routine. - -=cut - -sub ok ($;$) { - my($test, $name) = @_; - my $tb = Test::More->builder; - - $tb->ok($test, $name); -} - -=item B - -=item B - - is ( $got, $expected, $test_name ); - isnt( $got, $expected, $test_name ); - -Similar to ok(), is() and isnt() compare their two arguments -with C and C respectively and use the result of that to -determine if the test succeeded or failed. So these: - - # Is the ultimate answer 42? - is( ultimate_answer(), 42, "Meaning of Life" ); - - # $foo isn't empty - isnt( $foo, '', "Got some foo" ); - -are similar to these: - - ok( ultimate_answer() eq 42, "Meaning of Life" ); - ok( $foo ne '', "Got some foo" ); - -(Mnemonic: "This is that." "This isn't that.") - -So why use these? They produce better diagnostics on failure. ok() -cannot know what you are testing for (beyond the name), but is() and -isnt() know what the test was and why it failed. For example this -test: - - my $foo = 'waffle'; my $bar = 'yarblokos'; - is( $foo, $bar, 'Is foo the same as bar?' ); - -Will produce something like this: - - not ok 17 - Is foo the same as bar? - # Failed test 'Is foo the same as bar?' - # in foo.t at line 139. - # got: 'waffle' - # expected: 'yarblokos' - -So you can figure out what went wrong without rerunning the test. - -You are encouraged to use is() and isnt() over ok() where possible, -however do not be tempted to use them to find out if something is -true or false! - - # XXX BAD! - is( exists $brooklyn{tree}, 1, 'A tree grows in Brooklyn' ); - -This does not check if C is true, it checks if -it returns 1. Very different. Similar caveats exist for false and 0. -In these cases, use ok(). - - ok( exists $brooklyn{tree}, 'A tree grows in Brooklyn' ); - -For those grammatical pedants out there, there's an C -function which is an alias of isnt(). - -=cut - -sub is ($$;$) { - my $tb = Test::More->builder; - - $tb->is_eq(@_); -} - -sub isnt ($$;$) { - my $tb = Test::More->builder; - - $tb->isnt_eq(@_); -} - -*isn't = \&isnt; - - -=item B - - like( $got, qr/expected/, $test_name ); - -Similar to ok(), like() matches $got against the regex C. - -So this: - - like($got, qr/expected/, 'this is like that'); - -is similar to: - - ok( $got =~ /expected/, 'this is like that'); - -(Mnemonic "This is like that".) - -The second argument is a regular expression. It may be given as a -regex reference (i.e. C) or (for better compatibility with older -perls) as a string that looks like a regex (alternative delimiters are -currently not supported): - - like( $got, '/expected/', 'this is like that' ); - -Regex options may be placed on the end (C<'/expected/i'>). - -Its advantages over ok() are similar to that of is() and isnt(). Better -diagnostics on failure. - -=cut - -sub like ($$;$) { - my $tb = Test::More->builder; - - $tb->like(@_); -} - - -=item B - - unlike( $got, qr/expected/, $test_name ); - -Works exactly as like(), only it checks if $got B match the -given pattern. - -=cut - -sub unlike ($$;$) { - my $tb = Test::More->builder; - - $tb->unlike(@_); -} - - -=item B - - cmp_ok( $got, $op, $expected, $test_name ); - -Halfway between ok() and is() lies cmp_ok(). This allows you to -compare two arguments using any binary perl operator. - - # ok( $got eq $expected ); - cmp_ok( $got, 'eq', $expected, 'this eq that' ); - - # ok( $got == $expected ); - cmp_ok( $got, '==', $expected, 'this == that' ); - - # ok( $got && $expected ); - cmp_ok( $got, '&&', $expected, 'this && that' ); - ...etc... - -Its advantage over ok() is when the test fails you'll know what $got -and $expected were: - - not ok 1 - # Failed test in foo.t at line 12. - # '23' - # && - # undef - -It's also useful in those cases where you are comparing numbers and -is()'s use of C will interfere: - - cmp_ok( $big_hairy_number, '==', $another_big_hairy_number ); - -=cut - -sub cmp_ok($$$;$) { - my $tb = Test::More->builder; - - $tb->cmp_ok(@_); -} - - -=item B - - can_ok($module, @methods); - can_ok($object, @methods); - -Checks to make sure the $module or $object can do these @methods -(works with functions, too). - - can_ok('Foo', qw(this that whatever)); - -is almost exactly like saying: - - ok( Foo->can('this') && - Foo->can('that') && - Foo->can('whatever') - ); - -only without all the typing and with a better interface. Handy for -quickly testing an interface. - -No matter how many @methods you check, a single can_ok() call counts -as one test. If you desire otherwise, use: - - foreach my $meth (@methods) { - can_ok('Foo', $meth); - } - -=cut - -sub can_ok ($@) { - my($proto, @methods) = @_; - my $class = ref $proto || $proto; - my $tb = Test::More->builder; - - unless( $class ) { - my $ok = $tb->ok( 0, "->can(...)" ); - $tb->diag(' can_ok() called with empty class or reference'); - return $ok; - } - - unless( @methods ) { - my $ok = $tb->ok( 0, "$class->can(...)" ); - $tb->diag(' can_ok() called with no methods'); - return $ok; - } - - my @nok = (); - foreach my $method (@methods) { - $tb->_try(sub { $proto->can($method) }) or push @nok, $method; - } - - my $name; - $name = @methods == 1 ? "$class->can('$methods[0]')" - : "$class->can(...)"; - - my $ok = $tb->ok( !@nok, $name ); - - $tb->diag(map " $class->can('$_') failed\n", @nok); - - return $ok; -} - -=item B - - isa_ok($object, $class, $object_name); - isa_ok($ref, $type, $ref_name); - -Checks to see if the given C<< $object->isa($class) >>. Also checks to make -sure the object was defined in the first place. Handy for this sort -of thing: - - my $obj = Some::Module->new; - isa_ok( $obj, 'Some::Module' ); - -where you'd otherwise have to write - - my $obj = Some::Module->new; - ok( defined $obj && $obj->isa('Some::Module') ); - -to safeguard against your test script blowing up. - -It works on references, too: - - isa_ok( $array_ref, 'ARRAY' ); - -The diagnostics of this test normally just refer to 'the object'. If -you'd like them to be more specific, you can supply an $object_name -(for example 'Test customer'). - -=cut - -sub isa_ok ($$;$) { - my($object, $class, $obj_name) = @_; - my $tb = Test::More->builder; - - my $diag; - $obj_name = 'The object' unless defined $obj_name; - my $name = "$obj_name isa $class"; - if( !defined $object ) { - $diag = "$obj_name isn't defined"; - } - elsif( !ref $object ) { - $diag = "$obj_name isn't a reference"; - } - else { - # We can't use UNIVERSAL::isa because we want to honor isa() overrides - my($rslt, $error) = $tb->_try(sub { $object->isa($class) }); - if( $error ) { - if( $error =~ /^Can't call method "isa" on unblessed reference/ ) { - # Its an unblessed reference - if( !UNIVERSAL::isa($object, $class) ) { - my $ref = ref $object; - $diag = "$obj_name isn't a '$class' it's a '$ref'"; - } - } else { - die <isa on your object and got some weird error. -Here's the error. -$error -WHOA - } - } - elsif( !$rslt ) { - my $ref = ref $object; - $diag = "$obj_name isn't a '$class' it's a '$ref'"; - } - } - - - - my $ok; - if( $diag ) { - $ok = $tb->ok( 0, $name ); - $tb->diag(" $diag\n"); - } - else { - $ok = $tb->ok( 1, $name ); - } - - return $ok; -} - - -=item B - -=item B - - pass($test_name); - fail($test_name); - -Sometimes you just want to say that the tests have passed. Usually -the case is you've got some complicated condition that is difficult to -wedge into an ok(). In this case, you can simply use pass() (to -declare the test ok) or fail (for not ok). They are synonyms for -ok(1) and ok(0). - -Use these very, very, very sparingly. - -=cut - -sub pass (;$) { - my $tb = Test::More->builder; - $tb->ok(1, @_); -} - -sub fail (;$) { - my $tb = Test::More->builder; - $tb->ok(0, @_); -} - -=back - - -=head2 Module tests - -You usually want to test if the module you're testing loads ok, rather -than just vomiting if its load fails. For such purposes we have -C and C. - -=over 4 - -=item B - - BEGIN { use_ok($module); } - BEGIN { use_ok($module, @imports); } - -These simply use the given $module and test to make sure the load -happened ok. It's recommended that you run use_ok() inside a BEGIN -block so its functions are exported at compile-time and prototypes are -properly honored. - -If @imports are given, they are passed through to the use. So this: - - BEGIN { use_ok('Some::Module', qw(foo bar)) } - -is like doing this: - - use Some::Module qw(foo bar); - -Version numbers can be checked like so: - - # Just like "use Some::Module 1.02" - BEGIN { use_ok('Some::Module', 1.02) } - -Don't try to do this: - - BEGIN { - use_ok('Some::Module'); - - ...some code that depends on the use... - ...happening at compile time... - } - -because the notion of "compile-time" is relative. Instead, you want: - - BEGIN { use_ok('Some::Module') } - BEGIN { ...some code that depends on the use... } - - -=cut - -sub use_ok ($;@) { - my($module, @imports) = @_; - @imports = () unless @imports; - my $tb = Test::More->builder; - - my($pack,$filename,$line) = caller; - - my $code; - if( @imports == 1 and $imports[0] =~ /^\d+(?:\.\d+)?$/ ) { - # probably a version check. Perl needs to see the bare number - # for it to work with non-Exporter based modules. - $code = <ok( $eval_result, "use $module;" ); - - unless( $ok ) { - chomp $eval_error; - $@ =~ s{^BEGIN failed--compilation aborted at .*$} - {BEGIN failed--compilation aborted at $filename line $line.}m; - $tb->diag(< - - require_ok($module); - require_ok($file); - -Like use_ok(), except it requires the $module or $file. - -=cut - -sub require_ok ($) { - my($module) = shift; - my $tb = Test::More->builder; - - my $pack = caller; - - # Try to deterine if we've been given a module name or file. - # Module names must be barewords, files not. - $module = qq['$module'] unless _is_module_name($module); - - my $code = <ok( $eval_result, "require $module;" ); - - unless( $ok ) { - chomp $eval_error; - $tb->diag(< I'm not quite sure what will happen with filehandles. - -=over 4 - -=item B - - is_deeply( $got, $expected, $test_name ); - -Similar to is(), except that if $got and $expected are references, it -does a deep comparison walking each data structure to see if they are -equivalent. If the two structures are different, it will display the -place where they start differing. - -is_deeply() compares the dereferenced values of references, the -references themselves (except for their type) are ignored. This means -aspects such as blessing and ties are not considered "different". - -is_deeply() current has very limited handling of function reference -and globs. It merely checks if they have the same referent. This may -improve in the future. - -Test::Differences and Test::Deep provide more in-depth functionality -along these lines. - -=cut - -use vars qw(@Data_Stack %Refs_Seen); -my $DNE = bless [], 'Does::Not::Exist'; - -sub _dne { - ref $_[0] eq ref $DNE; -} - - -sub is_deeply { - my $tb = Test::More->builder; - - unless( @_ == 2 or @_ == 3 ) { - my $msg = <ok(0); - } - - my($got, $expected, $name) = @_; - - $tb->_unoverload_str(\$expected, \$got); - - my $ok; - if( !ref $got and !ref $expected ) { # neither is a reference - $ok = $tb->is_eq($got, $expected, $name); - } - elsif( !ref $got xor !ref $expected ) { # one's a reference, one isn't - $ok = $tb->ok(0, $name); - $tb->diag( _format_stack({ vals => [ $got, $expected ] }) ); - } - else { # both references - local @Data_Stack = (); - if( _deep_check($got, $expected) ) { - $ok = $tb->ok(1, $name); - } - else { - $ok = $tb->ok(0, $name); - $tb->diag(_format_stack(@Data_Stack)); - } - } - - return $ok; -} - -sub _format_stack { - my(@Stack) = @_; - - my $var = '$FOO'; - my $did_arrow = 0; - foreach my $entry (@Stack) { - my $type = $entry->{type} || ''; - my $idx = $entry->{'idx'}; - if( $type eq 'HASH' ) { - $var .= "->" unless $did_arrow++; - $var .= "{$idx}"; - } - elsif( $type eq 'ARRAY' ) { - $var .= "->" unless $did_arrow++; - $var .= "[$idx]"; - } - elsif( $type eq 'REF' ) { - $var = "\${$var}"; - } - } - - my @vals = @{$Stack[-1]{vals}}[0,1]; - my @vars = (); - ($vars[0] = $var) =~ s/\$FOO/ \$got/; - ($vars[1] = $var) =~ s/\$FOO/\$expected/; - - my $out = "Structures begin differing at:\n"; - foreach my $idx (0..$#vals) { - my $val = $vals[$idx]; - $vals[$idx] = !defined $val ? 'undef' : - _dne($val) ? "Does not exist" : - ref $val ? "$val" : - "'$val'"; - } - - $out .= "$vars[0] = $vals[0]\n"; - $out .= "$vars[1] = $vals[1]\n"; - - $out =~ s/^/ /msg; - return $out; -} - - -sub _type { - my $thing = shift; - - return '' if !ref $thing; - - for my $type (qw(ARRAY HASH REF SCALAR GLOB CODE Regexp)) { - return $type if UNIVERSAL::isa($thing, $type); - } - - return ''; -} - -=back - - -=head2 Diagnostics - -If you pick the right test function, you'll usually get a good idea of -what went wrong when it failed. But sometimes it doesn't work out -that way. So here we have ways for you to write your own diagnostic -messages which are safer than just C. - -=over 4 - -=item B - - diag(@diagnostic_message); - -Prints a diagnostic message which is guaranteed not to interfere with -test output. Like C @diagnostic_message is simply concatenated -together. - -Handy for this sort of thing: - - ok( grep(/foo/, @users), "There's a foo user" ) or - diag("Since there's no foo, check that /etc/bar is set up right"); - -which would produce: - - not ok 42 - There's a foo user - # Failed test 'There's a foo user' - # in foo.t at line 52. - # Since there's no foo, check that /etc/bar is set up right. - -You might remember C with the mnemonic C. - -B The exact formatting of the diagnostic output is still -changing, but it is guaranteed that whatever you throw at it it won't -interfere with the test. - -=cut - -sub diag { - my $tb = Test::More->builder; - - $tb->diag(@_); -} - - -=back - - -=head2 Conditional tests - -Sometimes running a test under certain conditions will cause the -test script to die. A certain function or method isn't implemented -(such as fork() on MacOS), some resource isn't available (like a -net connection) or a module isn't available. In these cases it's -necessary to skip tests, or declare that they are supposed to fail -but will work in the future (a todo test). - -For more details on the mechanics of skip and todo tests see -L. - -The way Test::More handles this is with a named block. Basically, a -block of tests which can be skipped over or made todo. It's best if I -just show you... - -=over 4 - -=item B - - SKIP: { - skip $why, $how_many if $condition; - - ...normal testing code goes here... - } - -This declares a block of tests that might be skipped, $how_many tests -there are, $why and under what $condition to skip them. An example is -the easiest way to illustrate: - - SKIP: { - eval { require HTML::Lint }; - - skip "HTML::Lint not installed", 2 if $@; - - my $lint = new HTML::Lint; - isa_ok( $lint, "HTML::Lint" ); - - $lint->parse( $html ); - is( $lint->errors, 0, "No errors found in HTML" ); - } - -If the user does not have HTML::Lint installed, the whole block of -code I. Test::More will output special ok's -which Test::Harness interprets as skipped, but passing, tests. - -It's important that $how_many accurately reflects the number of tests -in the SKIP block so the # of tests run will match up with your plan. -If your plan is C $how_many is optional and will default to 1. - -It's perfectly safe to nest SKIP blocks. Each SKIP block must have -the label C, or Test::More can't work its magic. - -You don't skip tests which are failing because there's a bug in your -program, or for which you don't yet have code written. For that you -use TODO. Read on. - -=cut - -#'# -sub skip { - my($why, $how_many) = @_; - my $tb = Test::More->builder; - - unless( defined $how_many ) { - # $how_many can only be avoided when no_plan is in use. - _carp "skip() needs to know \$how_many tests are in the block" - unless $tb->has_plan eq 'no_plan'; - $how_many = 1; - } - - if( defined $how_many and $how_many =~ /\D/ ) { - _carp "skip() was passed a non-numeric number of tests. Did you get the arguments backwards?"; - $how_many = 1; - } - - for( 1..$how_many ) { - $tb->skip($why); - } - - local $^W = 0; - last SKIP; -} - - -=item B - - TODO: { - local $TODO = $why if $condition; - - ...normal testing code goes here... - } - -Declares a block of tests you expect to fail and $why. Perhaps it's -because you haven't fixed a bug or haven't finished a new feature: - - TODO: { - local $TODO = "URI::Geller not finished"; - - my $card = "Eight of clubs"; - is( URI::Geller->your_card, $card, 'Is THIS your card?' ); - - my $spoon; - URI::Geller->bend_spoon; - is( $spoon, 'bent', "Spoon bending, that's original" ); - } - -With a todo block, the tests inside are expected to fail. Test::More -will run the tests normally, but print out special flags indicating -they are "todo". Test::Harness will interpret failures as being ok. -Should anything succeed, it will report it as an unexpected success. -You then know the thing you had todo is done and can remove the -TODO flag. - -The nice part about todo tests, as opposed to simply commenting out a -block of tests, is it's like having a programmatic todo list. You know -how much work is left to be done, you're aware of what bugs there are, -and you'll know immediately when they're fixed. - -Once a todo test starts succeeding, simply move it outside the block. -When the block is empty, delete it. - -B: TODO tests require a Test::Harness upgrade else it will -treat it as a normal failure. See L). - - -=item B - - TODO: { - todo_skip $why, $how_many if $condition; - - ...normal testing code... - } - -With todo tests, it's best to have the tests actually run. That way -you'll know when they start passing. Sometimes this isn't possible. -Often a failing test will cause the whole program to die or hang, even -inside an C with and using C. In these extreme -cases you have no choice but to skip over the broken tests entirely. - -The syntax and behavior is similar to a C except the -tests will be marked as failing but todo. Test::Harness will -interpret them as passing. - -=cut - -sub todo_skip { - my($why, $how_many) = @_; - my $tb = Test::More->builder; - - unless( defined $how_many ) { - # $how_many can only be avoided when no_plan is in use. - _carp "todo_skip() needs to know \$how_many tests are in the block" - unless $tb->has_plan eq 'no_plan'; - $how_many = 1; - } - - for( 1..$how_many ) { - $tb->todo_skip($why); - } - - local $^W = 0; - last TODO; -} - -=item When do I use SKIP vs. TODO? - -B, use SKIP. -This includes optional modules that aren't installed, running under -an OS that doesn't have some feature (like fork() or symlinks), or maybe -you need an Internet connection and one isn't available. - -B, use TODO. This -is for any code you haven't written yet, or bugs you have yet to fix, -but want to put tests in your testing script (always a good idea). - - -=back - - -=head2 Test control - -=over 4 - -=item B - - BAIL_OUT($reason); - -Indicates to the harness that things are going so badly all testing -should terminate. This includes the running any additional test scripts. - -This is typically used when testing cannot continue such as a critical -module failing to compile or a necessary external utility not being -available such as a database connection failing. - -The test will exit with 255. - -=cut - -sub BAIL_OUT { - my $reason = shift; - my $tb = Test::More->builder; - - $tb->BAIL_OUT($reason); -} - -=back - - -=head2 Discouraged comparison functions - -The use of the following functions is discouraged as they are not -actually testing functions and produce no diagnostics to help figure -out what went wrong. They were written before is_deeply() existed -because I couldn't figure out how to display a useful diff of two -arbitrary data structures. - -These functions are usually used inside an ok(). - - ok( eq_array(\@got, \@expected) ); - -C can do that better and with diagnostics. - - is_deeply( \@got, \@expected ); - -They may be deprecated in future versions. - -=over 4 - -=item B - - my $is_eq = eq_array(\@got, \@expected); - -Checks if two arrays are equivalent. This is a deep check, so -multi-level structures are handled correctly. - -=cut - -#'# -sub eq_array { - local @Data_Stack; - _deep_check(@_); -} - -sub _eq_array { - my($a1, $a2) = @_; - - if( grep !_type($_) eq 'ARRAY', $a1, $a2 ) { - warn "eq_array passed a non-array ref"; - return 0; - } - - return 1 if $a1 eq $a2; - - my $ok = 1; - my $max = $#$a1 > $#$a2 ? $#$a1 : $#$a2; - for (0..$max) { - my $e1 = $_ > $#$a1 ? $DNE : $a1->[$_]; - my $e2 = $_ > $#$a2 ? $DNE : $a2->[$_]; - - push @Data_Stack, { type => 'ARRAY', idx => $_, vals => [$e1, $e2] }; - $ok = _deep_check($e1,$e2); - pop @Data_Stack if $ok; - - last unless $ok; - } - - return $ok; -} - -sub _deep_check { - my($e1, $e2) = @_; - my $tb = Test::More->builder; - - my $ok = 0; - - # Effectively turn %Refs_Seen into a stack. This avoids picking up - # the same referenced used twice (such as [\$a, \$a]) to be considered - # circular. - local %Refs_Seen = %Refs_Seen; - - { - # Quiet uninitialized value warnings when comparing undefs. - local $^W = 0; - - $tb->_unoverload_str(\$e1, \$e2); - - # Either they're both references or both not. - my $same_ref = !(!ref $e1 xor !ref $e2); - my $not_ref = (!ref $e1 and !ref $e2); - - if( defined $e1 xor defined $e2 ) { - $ok = 0; - } - elsif ( _dne($e1) xor _dne($e2) ) { - $ok = 0; - } - elsif ( $same_ref and ($e1 eq $e2) ) { - $ok = 1; - } - elsif ( $not_ref ) { - push @Data_Stack, { type => '', vals => [$e1, $e2] }; - $ok = 0; - } - else { - if( $Refs_Seen{$e1} ) { - return $Refs_Seen{$e1} eq $e2; - } - else { - $Refs_Seen{$e1} = "$e2"; - } - - my $type = _type($e1); - $type = 'DIFFERENT' unless _type($e2) eq $type; - - if( $type eq 'DIFFERENT' ) { - push @Data_Stack, { type => $type, vals => [$e1, $e2] }; - $ok = 0; - } - elsif( $type eq 'ARRAY' ) { - $ok = _eq_array($e1, $e2); - } - elsif( $type eq 'HASH' ) { - $ok = _eq_hash($e1, $e2); - } - elsif( $type eq 'REF' ) { - push @Data_Stack, { type => $type, vals => [$e1, $e2] }; - $ok = _deep_check($$e1, $$e2); - pop @Data_Stack if $ok; - } - elsif( $type eq 'SCALAR' ) { - push @Data_Stack, { type => 'REF', vals => [$e1, $e2] }; - $ok = _deep_check($$e1, $$e2); - pop @Data_Stack if $ok; - } - elsif( $type ) { - push @Data_Stack, { type => $type, vals => [$e1, $e2] }; - $ok = 0; - } - else { - _whoa(1, "No type in _deep_check"); - } - } - } - - return $ok; -} - - -sub _whoa { - my($check, $desc) = @_; - if( $check ) { - die < - - my $is_eq = eq_hash(\%got, \%expected); - -Determines if the two hashes contain the same keys and values. This -is a deep check. - -=cut - -sub eq_hash { - local @Data_Stack; - return _deep_check(@_); -} - -sub _eq_hash { - my($a1, $a2) = @_; - - if( grep !_type($_) eq 'HASH', $a1, $a2 ) { - warn "eq_hash passed a non-hash ref"; - return 0; - } - - return 1 if $a1 eq $a2; - - my $ok = 1; - my $bigger = keys %$a1 > keys %$a2 ? $a1 : $a2; - foreach my $k (keys %$bigger) { - my $e1 = exists $a1->{$k} ? $a1->{$k} : $DNE; - my $e2 = exists $a2->{$k} ? $a2->{$k} : $DNE; - - push @Data_Stack, { type => 'HASH', idx => $k, vals => [$e1, $e2] }; - $ok = _deep_check($e1, $e2); - pop @Data_Stack if $ok; - - last unless $ok; - } - - return $ok; -} - -=item B - - my $is_eq = eq_set(\@got, \@expected); - -Similar to eq_array(), except the order of the elements is B -important. This is a deep check, but the irrelevancy of order only -applies to the top level. - - ok( eq_set(\@got, \@expected) ); - -Is better written: - - is_deeply( [sort @got], [sort @expected] ); - -B By historical accident, this is not a true set comparison. -While the order of elements does not matter, duplicate elements do. - -B eq_set() does not know how to deal with references at the top -level. The following is an example of a comparison which might not work: - - eq_set([\1, \2], [\2, \1]); - -Test::Deep contains much better set comparison functions. - -=cut - -sub eq_set { - my($a1, $a2) = @_; - return 0 unless @$a1 == @$a2; - - # There's faster ways to do this, but this is easiest. - local $^W = 0; - - # It really doesn't matter how we sort them, as long as both arrays are - # sorted with the same algorithm. - # - # Ensure that references are not accidentally treated the same as a - # string containing the reference. - # - # Have to inline the sort routine due to a threading/sort bug. - # See [rt.cpan.org 6782] - # - # I don't know how references would be sorted so we just don't sort - # them. This means eq_set doesn't really work with refs. - return eq_array( - [grep(ref, @$a1), sort( grep(!ref, @$a1) )], - [grep(ref, @$a2), sort( grep(!ref, @$a2) )], - ); -} - -=back - - -=head2 Extending and Embedding Test::More - -Sometimes the Test::More interface isn't quite enough. Fortunately, -Test::More is built on top of Test::Builder which provides a single, -unified backend for any test library to use. This means two test -libraries which both use Test::Builder B. - -If you simply want to do a little tweaking of how the tests behave, -you can access the underlying Test::Builder object like so: - -=over 4 - -=item B - - my $test_builder = Test::More->builder; - -Returns the Test::Builder object underlying Test::More for you to play -with. - - -=back - - -=head1 EXIT CODES - -If all your tests passed, Test::Builder will exit with zero (which is -normal). If anything failed it will exit with how many failed. If -you run less (or more) tests than you planned, the missing (or extras) -will be considered failures. If no tests were ever run Test::Builder -will throw a warning and exit with 255. If the test died, even after -having successfully completed all its tests, it will still be -considered a failure and will exit with 255. - -So the exit codes are... - - 0 all tests successful - 255 test died or all passed but wrong # of tests run - any other number how many failed (including missing or extras) - -If you fail more than 254 tests, it will be reported as 254. - -B This behavior may go away in future versions. - - -=head1 CAVEATS and NOTES - -=over 4 - -=item Backwards compatibility - -Test::More works with Perls as old as 5.6.0. - - -=item Overloaded objects - -String overloaded objects are compared B (or in cmp_ok()'s -case, strings or numbers as appropriate to the comparison op). This -prevents Test::More from piercing an object's interface allowing -better blackbox testing. So if a function starts returning overloaded -objects instead of bare strings your tests won't notice the -difference. This is good. - -However, it does mean that functions like is_deeply() cannot be used to -test the internals of string overloaded objects. In this case I would -suggest Test::Deep which contains more flexible testing functions for -complex data structures. - - -=item Threads - -Test::More will only be aware of threads if "use threads" has been done -I Test::More is loaded. This is ok: - - use threads; - use Test::More; - -This may cause problems: - - use Test::More - use threads; - -5.8.1 and above are supported. Anything below that has too many bugs. - - -=item Test::Harness upgrade - -no_plan and todo depend on new Test::Harness features and fixes. If -you're going to distribute tests that use no_plan or todo your -end-users will have to upgrade Test::Harness to the latest one on -CPAN. If you avoid no_plan and TODO tests, the stock Test::Harness -will work fine. - -Installing Test::More should also upgrade Test::Harness. - -=back - - -=head1 HISTORY - -This is a case of convergent evolution with Joshua Pritikin's Test -module. I was largely unaware of its existence when I'd first -written my own ok() routines. This module exists because I can't -figure out how to easily wedge test names into Test's interface (along -with a few other problems). - -The goal here is to have a testing utility that's simple to learn, -quick to use and difficult to trip yourself up with while still -providing more flexibility than the existing Test.pm. As such, the -names of the most common routines are kept tiny, special cases and -magic side-effects are kept to a minimum. WYSIWYG. - - -=head1 SEE ALSO - -L if all this confuses you and you just want to write -some tests. You can upgrade to Test::More later (it's forward -compatible). - -L is the old testing module. Its main benefit is that it has -been distributed with Perl since 5.004_05. - -L for details on how your test results are interpreted -by Perl. - -L for more ways to test complex data structures. -And it plays well with Test::More. - -L is like XUnit but more perlish. - -L gives you more powerful complex data structure testing. - -L is XUnit style testing. - -L shows the idea of embedded testing. - -L installs a whole bunch of useful test modules. - - -=head1 AUTHORS - -Michael G Schwern Eschwern@pobox.comE with much inspiration -from Joshua Pritikin's Test module and lots of help from Barrie -Slaymaker, Tony Bowden, blackstar.co.uk, chromatic, Fergal Daly and -the perl-qa gang. - - -=head1 BUGS - -See F to report and view bugs. - - -=head1 COPYRIGHT - -Copyright 2001-2002, 2004-2006 by Michael G Schwern Eschwern@pobox.comE. - -This program is free software; you can redistribute it and/or -modify it under the same terms as Perl itself. - -See F - -=cut - -1; diff --git a/SecurityTests/regressions/inc/Test/Simple.pm b/SecurityTests/regressions/inc/Test/Simple.pm deleted file mode 100644 index e4799ca5..00000000 --- a/SecurityTests/regressions/inc/Test/Simple.pm +++ /dev/null @@ -1,230 +0,0 @@ -package Test::Simple; - -use 5.004; - -use strict 'vars'; -use vars qw($VERSION @ISA @EXPORT); -$VERSION = '0.80'; -$VERSION = eval $VERSION; # make the alpha version come out as a number - -use Test::Builder::Module; -@ISA = qw(Test::Builder::Module); -@EXPORT = qw(ok); - -my $CLASS = __PACKAGE__; - - -=head1 NAME - -Test::Simple - Basic utilities for writing tests. - -=head1 SYNOPSIS - - use Test::Simple tests => 1; - - ok( $foo eq $bar, 'foo is bar' ); - - -=head1 DESCRIPTION - -** If you are unfamiliar with testing B first! ** - -This is an extremely simple, extremely basic module for writing tests -suitable for CPAN modules and other pursuits. If you wish to do more -complicated testing, use the Test::More module (a drop-in replacement -for this one). - -The basic unit of Perl testing is the ok. For each thing you want to -test your program will print out an "ok" or "not ok" to indicate pass -or fail. You do this with the ok() function (see below). - -The only other constraint is you must pre-declare how many tests you -plan to run. This is in case something goes horribly wrong during the -test and your test program aborts, or skips a test or whatever. You -do this like so: - - use Test::Simple tests => 23; - -You must have a plan. - - -=over 4 - -=item B - - ok( $foo eq $bar, $name ); - ok( $foo eq $bar ); - -ok() is given an expression (in this case C<$foo eq $bar>). If it's -true, the test passed. If it's false, it didn't. That's about it. - -ok() prints out either "ok" or "not ok" along with a test number (it -keeps track of that for you). - - # This produces "ok 1 - Hell not yet frozen over" (or not ok) - ok( get_temperature($hell) > 0, 'Hell not yet frozen over' ); - -If you provide a $name, that will be printed along with the "ok/not -ok" to make it easier to find your test when if fails (just search for -the name). It also makes it easier for the next guy to understand -what your test is for. It's highly recommended you use test names. - -All tests are run in scalar context. So this: - - ok( @stuff, 'I have some stuff' ); - -will do what you mean (fail if stuff is empty) - -=cut - -sub ok ($;$) { - $CLASS->builder->ok(@_); -} - - -=back - -Test::Simple will start by printing number of tests run in the form -"1..M" (so "1..5" means you're going to run 5 tests). This strange -format lets Test::Harness know how many tests you plan on running in -case something goes horribly wrong. - -If all your tests passed, Test::Simple will exit with zero (which is -normal). If anything failed it will exit with how many failed. If -you run less (or more) tests than you planned, the missing (or extras) -will be considered failures. If no tests were ever run Test::Simple -will throw a warning and exit with 255. If the test died, even after -having successfully completed all its tests, it will still be -considered a failure and will exit with 255. - -So the exit codes are... - - 0 all tests successful - 255 test died or all passed but wrong # of tests run - any other number how many failed (including missing or extras) - -If you fail more than 254 tests, it will be reported as 254. - -This module is by no means trying to be a complete testing system. -It's just to get you started. Once you're off the ground its -recommended you look at L. - - -=head1 EXAMPLE - -Here's an example of a simple .t file for the fictional Film module. - - use Test::Simple tests => 5; - - use Film; # What you're testing. - - my $btaste = Film->new({ Title => 'Bad Taste', - Director => 'Peter Jackson', - Rating => 'R', - NumExplodingSheep => 1 - }); - ok( defined($btaste) && ref $btaste eq 'Film, 'new() works' ); - - ok( $btaste->Title eq 'Bad Taste', 'Title() get' ); - ok( $btaste->Director eq 'Peter Jackson', 'Director() get' ); - ok( $btaste->Rating eq 'R', 'Rating() get' ); - ok( $btaste->NumExplodingSheep == 1, 'NumExplodingSheep() get' ); - -It will produce output like this: - - 1..5 - ok 1 - new() works - ok 2 - Title() get - ok 3 - Director() get - not ok 4 - Rating() get - # Failed test 'Rating() get' - # in t/film.t at line 14. - ok 5 - NumExplodingSheep() get - # Looks like you failed 1 tests of 5 - -Indicating the Film::Rating() method is broken. - - -=head1 CAVEATS - -Test::Simple will only report a maximum of 254 failures in its exit -code. If this is a problem, you probably have a huge test script. -Split it into multiple files. (Otherwise blame the Unix folks for -using an unsigned short integer as the exit status). - -Because VMS's exit codes are much, much different than the rest of the -universe, and perl does horrible mangling to them that gets in my way, -it works like this on VMS. - - 0 SS$_NORMAL all tests successful - 4 SS$_ABORT something went wrong - -Unfortunately, I can't differentiate any further. - - -=head1 NOTES - -Test::Simple is B tested all the way back to perl 5.004. - -Test::Simple is thread-safe in perl 5.8.0 and up. - -=head1 HISTORY - -This module was conceived while talking with Tony Bowden in his -kitchen one night about the problems I was having writing some really -complicated feature into the new Testing module. He observed that the -main problem is not dealing with these edge cases but that people hate -to write tests B. What was needed was a dead simple module -that took all the hard work out of testing and was really, really easy -to learn. Paul Johnson simultaneously had this idea (unfortunately, -he wasn't in Tony's kitchen). This is it. - - -=head1 SEE ALSO - -=over 4 - -=item L - -More testing functions! Once you outgrow Test::Simple, look at -Test::More. Test::Simple is 100% forward compatible with Test::More -(i.e. you can just use Test::More instead of Test::Simple in your -programs and things will still work). - -=item L - -The original Perl testing module. - -=item L - -Elaborate unit testing. - -=item L, L - -Embed tests in your code! - -=item L - -Interprets the output of your test program. - -=back - - -=head1 AUTHORS - -Idea by Tony Bowden and Paul Johnson, code by Michael G Schwern -Eschwern@pobox.comE, wardrobe by Calvin Klein. - - -=head1 COPYRIGHT - -Copyright 2001, 2002, 2004 by Michael G Schwern Eschwern@pobox.comE. - -This program is free software; you can redistribute it and/or -modify it under the same terms as Perl itself. - -See F - -=cut - -1; diff --git a/SecurityTests/regressions/inc/Test/Tutorial.pod b/SecurityTests/regressions/inc/Test/Tutorial.pod deleted file mode 100644 index b730918c..00000000 --- a/SecurityTests/regressions/inc/Test/Tutorial.pod +++ /dev/null @@ -1,603 +0,0 @@ -=head1 NAME - -Test::Tutorial - A tutorial about writing really basic tests - -=head1 DESCRIPTION - - -I - -I<*sob*> - -I - - -Is this you? Is writing tests right up there with writing -documentation and having your fingernails pulled out? Did you open up -a test and read - - ######## We start with some black magic - -and decide that's quite enough for you? - -It's ok. That's all gone now. We've done all the black magic for -you. And here are the tricks... - - -=head2 Nuts and bolts of testing. - -Here's the most basic test program. - - #!/usr/bin/perl -w - - print "1..1\n"; - - print 1 + 1 == 2 ? "ok 1\n" : "not ok 1\n"; - -since 1 + 1 is 2, it prints: - - 1..1 - ok 1 - -What this says is: C<1..1> "I'm going to run one test." [1] C -"The first test passed". And that's about all magic there is to -testing. Your basic unit of testing is the I. For each thing you -test, an C is printed. Simple. B interprets your test -results to determine if you succeeded or failed (more on that later). - -Writing all these print statements rapidly gets tedious. Fortunately, -there's B. It has one function, C. - - #!/usr/bin/perl -w - - use Test::Simple tests => 1; - - ok( 1 + 1 == 2 ); - -and that does the same thing as the code above. C is the backbone -of Perl testing, and we'll be using it instead of roll-your-own from -here on. If C gets a true value, the test passes. False, it -fails. - - #!/usr/bin/perl -w - - use Test::Simple tests => 2; - ok( 1 + 1 == 2 ); - ok( 2 + 2 == 5 ); - -from that comes - - 1..2 - ok 1 - not ok 2 - # Failed test (test.pl at line 5) - # Looks like you failed 1 tests of 2. - -C<1..2> "I'm going to run two tests." This number is used to ensure -your test program ran all the way through and didn't die or skip some -tests. C "The first test passed." C "The second test -failed". Test::Simple helpfully prints out some extra commentary about -your tests. - -It's not scary. Come, hold my hand. We're going to give an example -of testing a module. For our example, we'll be testing a date -library, B. It's on CPAN, so download a copy and follow -along. [2] - - -=head2 Where to start? - -This is the hardest part of testing, where do you start? People often -get overwhelmed at the apparent enormity of the task of testing a -whole module. Best place to start is at the beginning. Date::ICal is -an object-oriented module, and that means you start by making an -object. So we test C. - - #!/usr/bin/perl -w - - use Test::Simple tests => 2; - - use Date::ICal; - - my $ical = Date::ICal->new; # create an object - ok( defined $ical ); # check that we got something - ok( $ical->isa('Date::ICal') ); # and it's the right class - -run that and you should get: - - 1..2 - ok 1 - ok 2 - -congratulations, you've written your first useful test. - - -=head2 Names - -That output isn't terribly descriptive, is it? When you have two -tests you can figure out which one is #2, but what if you have 102? - -Each test can be given a little descriptive name as the second -argument to C. - - use Test::Simple tests => 2; - - ok( defined $ical, 'new() returned something' ); - ok( $ical->isa('Date::ICal'), " and it's the right class" ); - -So now you'd see... - - 1..2 - ok 1 - new() returned something - ok 2 - and it's the right class - - -=head2 Test the manual - -Simplest way to build up a decent testing suite is to just test what -the manual says it does. [3] Let's pull something out of the -L and test that all its bits work. - - #!/usr/bin/perl -w - - use Test::Simple tests => 8; - - use Date::ICal; - - $ical = Date::ICal->new( year => 1964, month => 10, day => 16, - hour => 16, min => 12, sec => 47, - tz => '0530' ); - - ok( defined $ical, 'new() returned something' ); - ok( $ical->isa('Date::ICal'), " and it's the right class" ); - ok( $ical->sec == 47, ' sec()' ); - ok( $ical->min == 12, ' min()' ); - ok( $ical->hour == 16, ' hour()' ); - ok( $ical->day == 17, ' day()' ); - ok( $ical->month == 10, ' month()' ); - ok( $ical->year == 1964, ' year()' ); - -run that and you get: - - 1..8 - ok 1 - new() returned something - ok 2 - and it's the right class - ok 3 - sec() - ok 4 - min() - ok 5 - hour() - not ok 6 - day() - # Failed test (- at line 16) - ok 7 - month() - ok 8 - year() - # Looks like you failed 1 tests of 8. - -Whoops, a failure! [4] Test::Simple helpfully lets us know on what line -the failure occurred, but not much else. We were supposed to get 17, -but we didn't. What did we get?? Dunno. We'll have to re-run the -test in the debugger or throw in some print statements to find out. - -Instead, we'll switch from B to B. B -does everything B does, and more! In fact, Test::More does -things I the way Test::Simple does. You can literally swap -Test::Simple out and put Test::More in its place. That's just what -we're going to do. - -Test::More does more than Test::Simple. The most important difference -at this point is it provides more informative ways to say "ok". -Although you can write almost any test with a generic C, it -can't tell you what went wrong. Instead, we'll use the C -function, which lets us declare that something is supposed to be the -same as something else: - - #!/usr/bin/perl -w - - use Test::More tests => 8; - - use Date::ICal; - - $ical = Date::ICal->new( year => 1964, month => 10, day => 16, - hour => 16, min => 12, sec => 47, - tz => '0530' ); - - ok( defined $ical, 'new() returned something' ); - ok( $ical->isa('Date::ICal'), " and it's the right class" ); - is( $ical->sec, 47, ' sec()' ); - is( $ical->min, 12, ' min()' ); - is( $ical->hour, 16, ' hour()' ); - is( $ical->day, 17, ' day()' ); - is( $ical->month, 10, ' month()' ); - is( $ical->year, 1964, ' year()' ); - -"Is C<$ical-Esec> 47?" "Is C<$ical-Emin> 12?" With C in place, -you get some more information - - 1..8 - ok 1 - new() returned something - ok 2 - and it's the right class - ok 3 - sec() - ok 4 - min() - ok 5 - hour() - not ok 6 - day() - # Failed test (- at line 16) - # got: '16' - # expected: '17' - ok 7 - month() - ok 8 - year() - # Looks like you failed 1 tests of 8. - -letting us know that C<$ical-Eday> returned 16, but we expected 17. A -quick check shows that the code is working fine, we made a mistake -when writing up the tests. Just change it to: - - is( $ical->day, 16, ' day()' ); - -and everything works. - -So any time you're doing a "this equals that" sort of test, use C. -It even works on arrays. The test is always in scalar context, so you -can test how many elements are in a list this way. [5] - - is( @foo, 5, 'foo has 5 elements' ); - - -=head2 Sometimes the tests are wrong - -Which brings us to a very important lesson. Code has bugs. Tests are -code. Ergo, tests have bugs. A failing test could mean a bug in the -code, but don't discount the possibility that the test is wrong. - -On the flip side, don't be tempted to prematurely declare a test -incorrect just because you're having trouble finding the bug. -Invalidating a test isn't something to be taken lightly, and don't use -it as a cop out to avoid work. - - -=head2 Testing lots of values - -We're going to be wanting to test a lot of dates here, trying to trick -the code with lots of different edge cases. Does it work before 1970? -After 2038? Before 1904? Do years after 10,000 give it trouble? -Does it get leap years right? We could keep repeating the code above, -or we could set up a little try/expect loop. - - use Test::More tests => 32; - use Date::ICal; - - my %ICal_Dates = ( - # An ICal string And the year, month, date - # hour, minute and second we expect. - '19971024T120000' => # from the docs. - [ 1997, 10, 24, 12, 0, 0 ], - '20390123T232832' => # after the Unix epoch - [ 2039, 1, 23, 23, 28, 32 ], - '19671225T000000' => # before the Unix epoch - [ 1967, 12, 25, 0, 0, 0 ], - '18990505T232323' => # before the MacOS epoch - [ 1899, 5, 5, 23, 23, 23 ], - ); - - - while( my($ical_str, $expect) = each %ICal_Dates ) { - my $ical = Date::ICal->new( ical => $ical_str ); - - ok( defined $ical, "new(ical => '$ical_str')" ); - ok( $ical->isa('Date::ICal'), " and it's the right class" ); - - is( $ical->year, $expect->[0], ' year()' ); - is( $ical->month, $expect->[1], ' month()' ); - is( $ical->day, $expect->[2], ' day()' ); - is( $ical->hour, $expect->[3], ' hour()' ); - is( $ical->min, $expect->[4], ' min()' ); - is( $ical->sec, $expect->[5], ' sec()' ); - } - -So now we can test bunches of dates by just adding them to -C<%ICal_Dates>. Now that it's less work to test with more dates, you'll -be inclined to just throw more in as you think of them. -Only problem is, every time we add to that we have to keep adjusting -the C ##> line. That can rapidly get -annoying. There's two ways to make this work better. - -First, we can calculate the plan dynamically using the C -function. - - use Test::More; - use Date::ICal; - - my %ICal_Dates = ( - ...same as before... - ); - - # For each key in the hash we're running 8 tests. - plan tests => keys %ICal_Dates * 8; - -Or to be even more flexible, we use C. This means we're just -running some tests, don't know how many. [6] - - use Test::More 'no_plan'; # instead of tests => 32 - -now we can just add tests and not have to do all sorts of math to -figure out how many we're running. - - -=head2 Informative names - -Take a look at this line here - - ok( defined $ical, "new(ical => '$ical_str')" ); - -we've added more detail about what we're testing and the ICal string -itself we're trying out to the name. So you get results like: - - ok 25 - new(ical => '19971024T120000') - ok 26 - and it's the right class - ok 27 - year() - ok 28 - month() - ok 29 - day() - ok 30 - hour() - ok 31 - min() - ok 32 - sec() - -if something in there fails, you'll know which one it was and that -will make tracking down the problem easier. So try to put a bit of -debugging information into the test names. - -Describe what the tests test, to make debugging a failed test easier -for you or for the next person who runs your test. - - -=head2 Skipping tests - -Poking around in the existing Date::ICal tests, I found this in -F [7] - - #!/usr/bin/perl -w - - use Test::More tests => 7; - use Date::ICal; - - # Make sure epoch time is being handled sanely. - my $t1 = Date::ICal->new( epoch => 0 ); - is( $t1->epoch, 0, "Epoch time of 0" ); - - # XXX This will only work on unix systems. - is( $t1->ical, '19700101Z', " epoch to ical" ); - - is( $t1->year, 1970, " year()" ); - is( $t1->month, 1, " month()" ); - is( $t1->day, 1, " day()" ); - - # like the tests above, but starting with ical instead of epoch - my $t2 = Date::ICal->new( ical => '19700101Z' ); - is( $t2->ical, '19700101Z', "Start of epoch in ICal notation" ); - - is( $t2->epoch, 0, " and back to ICal" ); - -The beginning of the epoch is different on most non-Unix operating -systems [8]. Even though Perl smooths out the differences for the most -part, certain ports do it differently. MacPerl is one off the top of -my head. [9] We I this will never work on MacOS. So rather than -just putting a comment in the test, we can explicitly say it's never -going to work and skip the test. - - use Test::More tests => 7; - use Date::ICal; - - # Make sure epoch time is being handled sanely. - my $t1 = Date::ICal->new( epoch => 0 ); - is( $t1->epoch, 0, "Epoch time of 0" ); - - SKIP: { - skip('epoch to ICal not working on MacOS', 6) - if $^O eq 'MacOS'; - - is( $t1->ical, '19700101Z', " epoch to ical" ); - - is( $t1->year, 1970, " year()" ); - is( $t1->month, 1, " month()" ); - is( $t1->day, 1, " day()" ); - - # like the tests above, but starting with ical instead of epoch - my $t2 = Date::ICal->new( ical => '19700101Z' ); - is( $t2->ical, '19700101Z', "Start of epoch in ICal notation" ); - - is( $t2->epoch, 0, " and back to ICal" ); - } - -A little bit of magic happens here. When running on anything but -MacOS, all the tests run normally. But when on MacOS, C causes -the entire contents of the SKIP block to be jumped over. It's never -run. Instead, it prints special output that tells Test::Harness that -the tests have been skipped. - - 1..7 - ok 1 - Epoch time of 0 - ok 2 # skip epoch to ICal not working on MacOS - ok 3 # skip epoch to ICal not working on MacOS - ok 4 # skip epoch to ICal not working on MacOS - ok 5 # skip epoch to ICal not working on MacOS - ok 6 # skip epoch to ICal not working on MacOS - ok 7 # skip epoch to ICal not working on MacOS - -This means your tests won't fail on MacOS. This means less emails -from MacPerl users telling you about failing tests that you know will -never work. You've got to be careful with skip tests. These are for -tests which don't work and I. It is not for skipping -genuine bugs (we'll get to that in a moment). - -The tests are wholly and completely skipped. [10] This will work. - - SKIP: { - skip("I don't wanna die!"); - - die, die, die, die, die; - } - - -=head2 Todo tests - -Thumbing through the Date::ICal man page, I came across this: - - ical - - $ical_string = $ical->ical; - - Retrieves, or sets, the date on the object, using any - valid ICal date/time string. - -"Retrieves or sets". Hmmm, didn't see a test for using C to set -the date in the Date::ICal test suite. So I'll write one. - - use Test::More tests => 1; - use Date::ICal; - - my $ical = Date::ICal->new; - $ical->ical('20201231Z'); - is( $ical->ical, '20201231Z', 'Setting via ical()' ); - -run that and I get - - 1..1 - not ok 1 - Setting via ical() - # Failed test (- at line 6) - # got: '20010814T233649Z' - # expected: '20201231Z' - # Looks like you failed 1 tests of 1. - -Whoops! Looks like it's unimplemented. Let's assume we don't have -the time to fix this. [11] Normally, you'd just comment out the test -and put a note in a todo list somewhere. Instead, we're going to -explicitly state "this test will fail" by wrapping it in a C block. - - use Test::More tests => 1; - - TODO: { - local $TODO = 'ical($ical) not yet implemented'; - - my $ical = Date::ICal->new; - $ical->ical('20201231Z'); - - is( $ical->ical, '20201231Z', 'Setting via ical()' ); - } - -Now when you run, it's a little different: - - 1..1 - not ok 1 - Setting via ical() # TODO ical($ical) not yet implemented - # got: '20010822T201551Z' - # expected: '20201231Z' - -Test::More doesn't say "Looks like you failed 1 tests of 1". That '# -TODO' tells Test::Harness "this is supposed to fail" and it treats a -failure as a successful test. So you can write tests even before -you've fixed the underlying code. - -If a TODO test passes, Test::Harness will report it "UNEXPECTEDLY -SUCCEEDED". When that happens, you simply remove the TODO block with -C and turn it into a real test. - - -=head2 Testing with taint mode. - -Taint mode is a funny thing. It's the globalest of all global -features. Once you turn it on, it affects I code in your program -and I modules used (and all the modules they use). If a single -piece of code isn't taint clean, the whole thing explodes. With that -in mind, it's very important to ensure your module works under taint -mode. - -It's very simple to have your tests run under taint mode. Just throw -a C<-T> into the C<#!> line. Test::Harness will read the switches -in C<#!> and use them to run your tests. - - #!/usr/bin/perl -Tw - - ...test normally here... - -So when you say C it will be run with taint mode and -warnings on. - - -=head1 FOOTNOTES - -=over 4 - -=item 1 - -The first number doesn't really mean anything, but it has to be 1. -It's the second number that's important. - -=item 2 - -For those following along at home, I'm using version 1.31. It has -some bugs, which is good -- we'll uncover them with our tests. - -=item 3 - -You can actually take this one step further and test the manual -itself. Have a look at B (formerly B). - -=item 4 - -Yes, there's a mistake in the test suite. What! Me, contrived? - -=item 5 - -We'll get to testing the contents of lists later. - -=item 6 - -But what happens if your test program dies halfway through?! Since we -didn't say how many tests we're going to run, how can we know it -failed? No problem, Test::More employs some magic to catch that death -and turn the test into a failure, even if every test passed up to that -point. - -=item 7 - -I cleaned it up a little. - -=item 8 - -Most Operating Systems record time as the number of seconds since a -certain date. This date is the beginning of the epoch. Unix's starts -at midnight January 1st, 1970 GMT. - -=item 9 - -MacOS's epoch is midnight January 1st, 1904. VMS's is midnight, -November 17th, 1858, but vmsperl emulates the Unix epoch so it's not a -problem. - -=item 10 - -As long as the code inside the SKIP block at least compiles. Please -don't ask how. No, it's not a filter. - -=item 11 - -Do NOT be tempted to use TODO tests as a way to avoid fixing simple -bugs! - -=back - -=head1 AUTHORS - -Michael G Schwern Eschwern@pobox.comE and the perl-qa dancers! - -=head1 COPYRIGHT - -Copyright 2001 by Michael G Schwern Eschwern@pobox.comE. - -This documentation is free; you can redistribute it and/or modify it -under the same terms as Perl itself. - -Irrespective of its distribution, all code examples in these files -are hereby placed into the public domain. You are permitted and -encouraged to use this code in your own programs for fun -or for profit as you see fit. A simple comment in the code giving -credit would be courteous but is not required. - -=cut diff --git a/SecurityTests/regressions/kc/kc-11-unlock-referral.c b/SecurityTests/regressions/kc/kc-11-unlock-referral.c deleted file mode 100755 index c3fe6104..00000000 --- a/SecurityTests/regressions/kc/kc-11-unlock-referral.c +++ /dev/null @@ -1,64 +0,0 @@ -#include -#include - -#include "testmore.h" -#include "testenv.h" - -int main(int argc, char *const *argv) -{ - int dont_skip = argc > 1 && !strcmp(argv[1], "-s"); - - plan_tests(10); - - ok_status(SecKeychainSetUserInteractionAllowed(FALSE), "disable ui"); - if (!tests_begin(argc, argv)) - BAIL_OUT("tests_begin failed"); - - char *home = getenv("HOME"); - char source[256], dest[256]; - if (!home || strlen(home) > 200) - plan_skip_all("home too big"); - - sprintf(source, "%s/source", home); - sprintf(dest, "%s/dest", home); - SecKeychainRef sourcekc = NULL, destkc = NULL; - ok_status(SecKeychainCreate(source, 4, "test", FALSE, NULL, &sourcekc), - "SecKeychainCreate source"); - ok_status(SecKeychainCreate(dest, 4, "test", FALSE, NULL, &destkc), - "SecKeychainCreate dest"); - char cmdbuf[1024]; - ok_unix(sprintf(cmdbuf, "systemkeychain -k '%s' -s '%s'", dest, source), - "sprintf"); - SKIP: { - skip("systemkeychain brings up UI", 1, dont_skip); - - ok_unix(system(cmdbuf), "systemkeychain"); - } - ok_status(SecKeychainLock(sourcekc), "SecKeychainLock source"); - SKIP: { - skip("unlocking a source keychain w/ referal before reopen brings " - "up ui", 1, dont_skip); - TODO: { - todo(" Unlocking a source " - "keychain w/ referal before reopen fails"); - - ok_status(SecKeychainUnlock(sourcekc, 0, NULL, FALSE), - "SecKeychainUnlock source"); - } - } - CFRelease(sourcekc); - sourcekc = NULL; - char source2[256]; - sprintf(source2, "%s/source2", home); - ok_unix(rename(source, source2), "rename source -> source2"); - ok_status(SecKeychainOpen(source2, &sourcekc), "SecKeychainOpen source2"); - SKIP: { - skip("systemkeychain brings up UI", 1, dont_skip); - - ok_status(SecKeychainUnlock(sourcekc, 0, NULL, FALSE), - "SecKeychainUnlock source2"); - } - CFRelease(sourcekc); - - return !tests_end(1); -} diff --git a/SecurityTests/regressions/kc/kc-20-item-change-label.m b/SecurityTests/regressions/kc/kc-20-item-change-label.m deleted file mode 100755 index 2bd4c404..00000000 --- a/SecurityTests/regressions/kc/kc-20-item-change-label.m +++ /dev/null @@ -1,327 +0,0 @@ -// -// keychain_test.m -// Keychain item access control example -// -// Created by Perry Kiehtreiber on Wed Jun 19 2002 -// Modified by Ken McLeod, Mon Apr 21 2003 -- added "always allow" ACL support -// Wed Jul 28 2004 -- add test code for persistent ref SPI -// Mon Aug 02 2004 -- add test code to change label attributes -// -// To build and run this example: -// cc -framework Security -framework Foundation keychain_test.m ; ./a.out -// -// Copyright (c) 2003-2005 Apple Computer, Inc. All Rights Reserved. -// - -#define TEST_PERSISTENT_REFS 0 -#define USE_SYSTEM_KEYCHAIN 0 - - -#import - -#include -#include -#include -#include -#include -#include -#include -#include - -#import "testmore.h" -#import "testenv.h" -#import "testleaks.h" - -SecAccessRef createAccess(NSString *accessLabel, BOOL allowAny) -{ - SecAccessRef access=nil; - NSArray *trustedApplications=nil; - - if (!allowAny) // use default access ("confirm access") - { - // make an exception list of applications you want to trust, which - // are allowed to access the item without requiring user confirmation - SecTrustedApplicationRef myself, someOther; - ok_status(SecTrustedApplicationCreateFromPath(NULL, &myself), - "create trusted app for self"); - ok_status(SecTrustedApplicationCreateFromPath("/Applications/Mail.app", - &someOther), "create trusted app for Mail.app"); - trustedApplications = [NSArray arrayWithObjects:(id)myself, - (id)someOther, nil]; - CFRelease(myself); - CFRelease(someOther); - } - - ok_status(SecAccessCreate((CFStringRef)accessLabel, - (CFArrayRef)trustedApplications, &access), "SecAccessCreate"); - - if (allowAny) - { - // change access to be wide-open for decryption ("always allow access") - // get the access control list for decryption operations - CFArrayRef aclList=nil; - ok_status(SecAccessCopySelectedACLList(access, - CSSM_ACL_AUTHORIZATION_DECRYPT, &aclList), - "SecAccessCopySelectedACLList"); - - // get the first entry in the access control list - SecACLRef aclRef=(SecACLRef)CFArrayGetValueAtIndex(aclList, 0); - CFArrayRef appList=nil; - CFStringRef promptDescription=nil; - CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR promptSelector; - ok_status(SecACLCopySimpleContents(aclRef, &appList, - &promptDescription, &promptSelector), "SecACLCopySimpleContents"); - - // modify the default ACL to not require the passphrase, and have a - // nil application list - promptSelector.flags &= ~CSSM_ACL_KEYCHAIN_PROMPT_REQUIRE_PASSPHRASE; - ok_status(SecACLSetSimpleContents(aclRef, NULL, promptDescription, - &promptSelector), "SecACLSetSimpleContents"); - - if (appList) CFRelease(appList); - if (promptDescription) CFRelease(promptDescription); - if (aclList) CFRelease(aclList); - } - - return access; -} - - -void addApplicationPassword(SecKeychainRef keychain, NSString *password, - NSString *account, NSString *service, BOOL allowAny) -{ - SecKeychainItemRef item = nil; - const char *serviceUTF8 = [service UTF8String]; - const char *accountUTF8 = [account UTF8String]; - const char *passwordUTF8 = [password UTF8String]; - // use the service string as the name of this item for display purposes - NSString *itemLabel = service; - const char *itemLabelUTF8 = [itemLabel UTF8String]; - -#if USE_SYSTEM_KEYCHAIN - const char *sysKeychainPath = "/Library/Keychains/System.keychain"; - status = SecKeychainOpen(sysKeychainPath, &keychain); - if (status) { NSLog(@"SecKeychainOpen returned %d", status); return; } - status = SecKeychainSetPreferenceDomain(kSecPreferencesDomainSystem); - if (status) { NSLog(@"SecKeychainSetPreferenceDomain returned %d", status); return; } -#endif - - // create initial access control settings for the item - SecAccessRef access = createAccess(itemLabel, allowAny); - - // Below is the lower-layer equivalent to the - // SecKeychainAddGenericPassword() function; it does the same thing - // (except specify the access controls) set up attribute vector - // (each attribute consists of {tag, length, pointer}) - SecKeychainAttribute attrs[] = { - { kSecLabelItemAttr, strlen(itemLabelUTF8), (char *)itemLabelUTF8 }, - { kSecAccountItemAttr, strlen(accountUTF8), (char *)accountUTF8 }, - { kSecServiceItemAttr, strlen(serviceUTF8), (char *)serviceUTF8 } - }; - SecKeychainAttributeList attributes = - { sizeof(attrs) / sizeof(attrs[0]), attrs }; - - ok_status(SecKeychainItemCreateFromContent(kSecGenericPasswordItemClass, - &attributes, strlen(passwordUTF8), passwordUTF8, keychain, access, - &item), "SecKeychainItemCreateFromContent"); - - if (access) CFRelease(access); - if (item) CFRelease(item); -} - - -void addInternetPassword(SecKeychainRef keychain, NSString *password, - NSString *account, NSString *server, NSString *path, - SecProtocolType protocol, int port, BOOL allowAny) -{ - SecKeychainItemRef item = nil; - const char *pathUTF8 = [path UTF8String]; - const char *serverUTF8 = [server UTF8String]; - const char *accountUTF8 = [account UTF8String]; - const char *passwordUTF8 = [password UTF8String]; - // use the server string as the name of this item for display purposes - NSString *itemLabel = server; - const char *itemLabelUTF8 = [itemLabel UTF8String]; - -#if USE_SYSTEM_KEYCHAIN - const char *sysKeychainPath = "/Library/Keychains/System.keychain"; - status = SecKeychainOpen(sysKeychainPath, &keychain); - if (status) { NSLog(@"SecKeychainOpen returned %d", status); return 1; } - status = SecKeychainSetPreferenceDomain(kSecPreferencesDomainSystem); - if (status) { NSLog(@"SecKeychainSetPreferenceDomain returned %d", status); return 1; } -#endif - - // create initial access control settings for the item - SecAccessRef access = createAccess(itemLabel, allowAny); - - // below is the lower-layer equivalent to the - // SecKeychainAddInternetPassword() function; it does the same - // thing (except specify the access controls) set up attribute - // vector (each attribute consists of {tag, length, pointer}) - SecKeychainAttribute attrs[] = { - { kSecLabelItemAttr, strlen(itemLabelUTF8), (char *)itemLabelUTF8 }, - { kSecAccountItemAttr, strlen(accountUTF8), (char *)accountUTF8 }, - { kSecServerItemAttr, strlen(serverUTF8), (char *)serverUTF8 }, - { kSecPortItemAttr, sizeof(int), (int *)&port }, - { kSecProtocolItemAttr, sizeof(SecProtocolType), - (SecProtocolType *)&protocol }, - { kSecPathItemAttr, strlen(pathUTF8), (char *)pathUTF8 } - }; - SecKeychainAttributeList attributes = - { sizeof(attrs) / sizeof(attrs[0]), attrs }; - - ok_status(SecKeychainItemCreateFromContent(kSecInternetPasswordItemClass, - &attributes, strlen(passwordUTF8), passwordUTF8, keychain, access, - &item), "SecKeychainItemCreateFromContent"); - -//*** code to test persistent reference SPI -#if TEST_PERSISTENT_REFS - CFDataRef persistentRef = NULL; - SecKeychainItemRef item2 = NULL; - status = SecKeychainItemCopyPersistentReference(item, &persistentRef); - if (!status) - { - NSLog(@"Created persistent reference for item %@:\n%@", item, - persistentRef); - status = SecKeychainItemFromPersistentReference(persistentRef, &item2); - if (!status) - NSLog(@"SUCCESS: Got item from persistent reference (%@)", item2); - else - NSLog(@"ERROR: unable to reconsitute item (%d)", status); - } - else - { - NSLog(@"ERROR: unable to create persistent reference (%d)", status); - } - //[(NSData*)pref writeToFile:@"/tmp/persistentData" atomically:YES]; - if (item2) CFRelease(item2); - if (persistentRef) CFRelease(persistentRef); -#endif -//*** end persistent reference test code - - if (access) CFRelease(access); - if (item) CFRelease(item); -} - -void testLabelChange(SecKeychainRef keychain) -{ - // Find each generic password item in any keychain whose label - // is "sample service", and modify the existing label attribute - // by adding a " [label]" suffix. (Note that if the Keychain - // Access app is running, you may need to quit and relaunch it to - // see the changes, due to notification bugs.) - - const char *searchString = "sample service"; - const char *labelSuffix = " [label]"; - -#if USE_SYSTEM_KEYCHAIN - const char *sysKeychainPath = "/Library/Keychains/System.keychain"; - status = SecKeychainOpen(sysKeychainPath, &keychain); - if (status) { NSLog(@"SecKeychainOpen returned %d", status); return 0; } - status = SecKeychainSetPreferenceDomain(kSecPreferencesDomainSystem); - if (status) { NSLog(@"SecKeychainSetPreferenceDomain returned %d", status); return 0; } -#endif - - SecKeychainSearchRef searchRef = nil; - SecKeychainAttribute sAttrs[] = - { { kSecServiceItemAttr, strlen(searchString), (char*)searchString } }; - SecKeychainAttributeList sAttrList = - { sizeof(sAttrs) / sizeof(sAttrs[0]), sAttrs }; - ok_status(SecKeychainSearchCreateFromAttributes(keychain, - kSecGenericPasswordItemClass, &sAttrList, &searchRef), - "SecKeychainSearchCreateFromAttributes"); - - SecKeychainItemRef foundItemRef = NULL; - int count; - for (count = 0; count < 2; ++count) - { - ok_status(SecKeychainSearchCopyNext(searchRef, &foundItemRef), - "SecKeychainSearchCopyNext"); - - // get the item's label attribute (allocated for us by - // SecKeychainItemCopyContent, must free later...) - SecKeychainAttribute itemAttrs[] = { { kSecLabelItemAttr, 0, NULL } }; - SecKeychainAttributeList itemAttrList = - { sizeof(itemAttrs) / sizeof(itemAttrs[0]), itemAttrs }; - - ok_status(SecKeychainItemCopyContent(foundItemRef, NULL, &itemAttrList, - NULL, NULL), "get label"); - - // malloc enough space to hold our new label string - // (length = old label string + suffix string + terminating NULL) - CFIndex newLen = itemAttrs[0].length + strlen(labelSuffix); - char *p = (char*) malloc(newLen); - memcpy(p, itemAttrs[0].data, itemAttrs[0].length); - memcpy(p + itemAttrs[0].length, labelSuffix, strlen(labelSuffix)); - - // set up the attribute we want to change with its new value - SecKeychainAttribute newAttrs[] = { { kSecLabelItemAttr, newLen, p } }; - SecKeychainAttributeList newAttrList = - { sizeof(newAttrs) / sizeof(newAttrs[0]), newAttrs }; - - // modify the attribute - ok_status(SecKeychainItemModifyContent(foundItemRef, &newAttrList, - 0, NULL), "modify label PR-3751523"); - - // free the memory we allocated for the new label string - free(p); - - // free the memory in the itemAttrList structure which was - // allocated by SecKeychainItemCopyContent - ok_status(SecKeychainItemFreeContent(&itemAttrList, NULL), - "SecKeychainItemFreeContent"); - - if (foundItemRef) - CFRelease(foundItemRef); - } - - is_status(SecKeychainSearchCopyNext(searchRef, &foundItemRef), - errSecItemNotFound, "SecKeychainSearchCopyNext at end"); - - if (searchRef) CFRelease(searchRef); -} - -void tests(void) -{ - SecKeychainRef keychain = NULL; - ok_status(SecKeychainCreate("login.keychain", 4, "test", NO, NULL, - &keychain), "SecKeychainCreate"); - - NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init]; - - // add some example passwords to the keychain - addApplicationPassword(keychain, @"sample password", - @"sample account", @"sample service", NO); - addApplicationPassword(keychain, @"sample password", - @"different account", @"sample service", NO); - addApplicationPassword(keychain, @"sample password", - @"sample account", @"sample unprotected service", YES); - addInternetPassword(keychain, @"sample password", - @"sample account", @"samplehost.apple.com", - @"cgi-bin/bogus/testpath", kSecProtocolTypeHTTP, 8080, NO); - - // test searching and changing item label attributes - testLabelChange(keychain); - - [pool release]; - - SKIP: { - skip("no keychain", 1, keychain); - ok_status(SecKeychainDelete(keychain), "SecKeychainDelete"); - CFRelease(keychain); - } - - tests_end(1); -} - -int main(int argc, char * const *argv) -{ - plan_tests(30); - tests_begin(argc, argv); - - tests(); - - ok_leaks("leaks"); - - return 0; -} diff --git a/SecurityTests/regressions/kc/kc-23-item-notify.c b/SecurityTests/regressions/kc/kc-23-item-notify.c deleted file mode 100755 index 34f54299..00000000 --- a/SecurityTests/regressions/kc/kc-23-item-notify.c +++ /dev/null @@ -1,83 +0,0 @@ -#include -#include -#include -#include - -#include "testenv.h" -#include "testleaks.h" -#include "testmore.h" -#include "testsecevent.h" - -static char account[] = "account"; -static char service[] = "service"; -static char password[] = "password"; - -void tests(int dont_skip) -{ - SecKeychainRef keychain = NULL; - ok_status(SecKeychainCreate("test", 4, "test", FALSE, NULL, &keychain), - "create keychain"); - ok_status(test_sec_event_register(kSecEveryEventMask), - "register for all events"); - SecKeychainItemRef itemRef; - ok_status(SecKeychainAddGenericPassword(keychain, - sizeof(account), account, - sizeof(service), service, - sizeof(password), password, - &itemRef), - "add generic password, wait for callback"); - SecKeychainRef eventKeychain = NULL; - SecKeychainItemRef eventItem = NULL; - is_sec_event(kSecAddEvent, &eventKeychain, &eventItem, NULL, - "add event"); - is(eventItem, itemRef, "add event item matches"); - is(eventKeychain, keychain, "add event keychain matches"); - CFRelease(eventKeychain); - eventKeychain = NULL; - CFRelease(eventItem); - eventItem = NULL; - - ok_status(SecKeychainItemDelete(itemRef), "delete item"); - is_sec_event(kSecDeleteEvent, &eventKeychain, &eventItem, NULL, - "delete event"); - is(eventItem, itemRef, "delete event item matches"); - is(eventKeychain, keychain, "delete event keychain matches"); - if (eventKeychain != NULL) // eventKeychain can be null if the test times out - { - CFRelease(eventKeychain); - eventKeychain = NULL; - } - - if (eventItem != NULL) - { - CFRelease(eventItem); - eventItem = NULL; - } - - no_sec_event("no event"); - ok_status(test_sec_event_deregister(), "deregister events."); - - CFRelease(itemRef); - CFRelease(keychain); - - - ok(tests_end(1), "cleanup"); -} - -int main(int argc, char *const *argv) -{ -#ifdef DEBUG - int dont_skip = argc > 1 && !strcmp(argv[1], "-s"); - plan_tests(14); - - if (!tests_begin(argc, argv)) - BAIL_OUT("tests_begin failed"); - - tests(dont_skip); - ok_leaks("no leaks"); -#endif - plan_tests(1); - ok_leaks("no leaks"); - - return 0; -} diff --git a/SecurityTests/regressions/kc/kc-23-notify.c b/SecurityTests/regressions/kc/kc-23-notify.c deleted file mode 100755 index 06393663..00000000 --- a/SecurityTests/regressions/kc/kc-23-notify.c +++ /dev/null @@ -1,99 +0,0 @@ -#include -#include -#include -#include - -#include "testenv.h" -#include "testleaks.h" -#include "testmore.h" -#include "testsecevent.h" - -void tests(int dont_skip) -{ - SecKeychainRef keychain = NULL, default_keychain = NULL; - is_status(SecKeychainCopyDefault(&default_keychain), - errSecNoDefaultKeychain, "no default keychain"); - - ok_status(test_sec_event_register(kSecEveryEventMask), - "register for all events"); - ok_status(SecKeychainCreate("test", 4, "test", FALSE, NULL, &keychain), - "create keychain"); - is_sec_event(kSecKeychainListChangedEvent, NULL, NULL, NULL, - "list changed event"); - SecKeychainRef notKc = NULL; - - is_sec_event(kSecDefaultChangedEvent, ¬Kc, NULL, NULL, - "default changed event"); - - is((intptr_t)keychain, (intptr_t)notKc, - "keychain in notification is keychain"); - - no_sec_event("no event"); - - ok_status(SecKeychainCopyDefault(&default_keychain), - "get default keychain"); - is((intptr_t)default_keychain, (intptr_t)keychain, - "default kc is just created kc"); - if (default_keychain) - { - CFRelease(default_keychain); - default_keychain = NULL; - } - - SecKeychainRef keychain2; - ok_status(SecKeychainCreate("test2", 4, "test", FALSE, NULL, &keychain2), - "create keychain2"); - is_sec_event(kSecKeychainListChangedEvent, NULL, NULL, NULL, - "list changed event"); - no_sec_event("no event"); - - ok_status(SecKeychainCopyDefault(&default_keychain), - "get default keychain"); - - is((intptr_t)default_keychain, (intptr_t)keychain, - "default kc is first created kc"); - - if (default_keychain) - { - CFRelease(default_keychain); - default_keychain = NULL; - } - - ok_status(SecKeychainDelete(keychain), "delete default keychain"); - is_sec_event(kSecKeychainListChangedEvent, NULL, NULL, NULL, - "list changed event"); - - is_sec_event(kSecDefaultChangedEvent, NULL, NULL, NULL, - "default changed event"); - - no_sec_event("no event"); - CFRelease(keychain); - - ok_status(SecKeychainDelete(keychain2), "delete keychain2"); - CFRelease(keychain2); - is_sec_event(kSecKeychainListChangedEvent, NULL, NULL, NULL, - "list changed event"); - no_sec_event("no event"); - - ok_status(test_sec_event_deregister(), "deregister events."); - - - ok(tests_end(1), "cleanup"); -} - -int main(int argc, char *const *argv) -{ -#ifdef DEBUG - int dont_skip = argc > 1 && !strcmp(argv[1], "-s"); - plan_tests(24); - - if (!tests_begin(argc, argv)) - BAIL_OUT("tests_begin failed"); - - tests(dont_skip); -#endif - plan_tests(1); - ok_leaks("no leaks"); - - return 0; -} diff --git a/SecurityTests/regressions/kc/kc-24-login.c b/SecurityTests/regressions/kc/kc-24-login.c deleted file mode 100755 index e30a067b..00000000 --- a/SecurityTests/regressions/kc/kc-24-login.c +++ /dev/null @@ -1,95 +0,0 @@ -#include -#include -#include -#include - -#include "testenv.h" -#include "testleaks.h" -#include "testmore.h" -#include "testsecevent.h" - -void tests(int dont_skip) -{ - const char *user = getenv("USER"); - ok((user != NULL && strlen(user) != 0), "USER must be non-nil and non-zero length"); - fprintf(stdout, "Testing login for user \"%s\"\n", user); - - ok_status(test_sec_event_register(kSecEveryEventMask), - "register for all events"); - - // test SecKeychainLogin for $USER with password "test" - ok_status(SecKeychainLogin(strlen(user), user, 4, "test"), "login user"); - - // wait for a list changed event - is_sec_event(kSecKeychainListChangedEvent, NULL, NULL, NULL, - "list changed event"); - no_sec_event("no event"); - - // get the default keychain (should be login.keychain if none is explicitly set) - SecKeychainRef default_keychain = NULL; - ok_status(SecKeychainCopyDefault(&default_keychain), "get default"); - - // test status of default keychain (should be read/write and unlocked) - SecKeychainStatus status = 0; - ok_status(SecKeychainGetStatus(default_keychain, &status), "get status"); - is(status, kSecUnlockStateStatus|kSecReadPermStatus|kSecWritePermStatus, - "default should be read/write/unlocked"); - - // get the path for the default keychain - char path[1024]; - UInt32 path_len = sizeof(path) - 1; - ok_status(SecKeychainGetPath(default_keychain, &path_len, path), - "get path"); - fprintf(stdout, "Default keychain path is %s\n", path); - path[path_len] = 0; - const char *login_path = "Library/Keychains/login.keychain"; - cmp_ok(path_len, >, strlen(login_path), "path len is enough"); - eq_string(path + path_len - strlen(login_path), login_path, "check path"); - - // check retain count on default keychain (why??) - is(CFGetRetainCount(default_keychain), 1, "default retain count is 1"); - CFRelease(default_keychain); - default_keychain = NULL; - - // lock and unlock events have been removed because they can't be made reliable - - ok_status(test_sec_event_deregister(), "deregister events."); - - // rename login.keychain to $USER to simulate a Panther-style keychain - char testuser_path[1024]; - sprintf(testuser_path, "Library/Keychains/%s", user); - ok_unix(rename(login_path, testuser_path), - "rename login.keychain to $USER"); - - // login and verify that SecKeychainLogin cleans up the $USER keychain - // (either by renaming to $USER.keychain, or renaming to login.keychain) - ok_status(SecKeychainLogin(strlen(user), user, 4, "test"), "login again"); - - // get the default keychain (should be login.keychain if none is explicitly set) - ok_status(SecKeychainCopyDefault(&default_keychain), "get default"); - path_len = sizeof(path) - 1; - ok_status(SecKeychainGetPath(default_keychain, &path_len, path), - "get path"); - path[path_len] = 0; - cmp_ok(path_len, >, strlen(testuser_path), "path len is enough"); - - // lock the default keychain - ok_status(SecKeychainLock(default_keychain), "lock default"); - CFRelease(default_keychain); - - ok(tests_end(1), "cleanup"); -} - -int main(int argc, char *const *argv) -{ - int dont_skip = argc > 1 && !strcmp(argv[1], "-s"); - plan_tests(21); - - if (!tests_begin(argc, argv)) - BAIL_OUT("tests_begin failed"); - - tests(dont_skip); - ok_leaks("no leaks"); - - return 0; -} diff --git a/SecurityTests/regressions/kc/kc-25-bulk-notify.c b/SecurityTests/regressions/kc/kc-25-bulk-notify.c deleted file mode 100755 index e7562428..00000000 --- a/SecurityTests/regressions/kc/kc-25-bulk-notify.c +++ /dev/null @@ -1,90 +0,0 @@ -#include -#include -#include -#include - -#include "testenv.h" -#include "testleaks.h" -#include "testmore.h" -#include "testsecevent.h" - -void tests(void) -{ - SecKeychainRef keychain = NULL; - ok_status(SecKeychainCreate("test", 4, "test", FALSE, NULL, &keychain), - "create keychain"); - ok_status(test_sec_event_register(kSecEveryEventMask), - "register for all events"); - int item_num; - int item_count = 9; - for (item_num = 0; item_num < item_count; ++item_num) - { - char account[64]; - sprintf(account, "account-%d", item_num); - ok_status(SecKeychainAddGenericPassword(keychain, 7, "service", - strlen(account), account, 4, "test", NULL), - "add generic password"); - } - SecKeychainAttribute attrs[] = - { { kSecAccountItemAttr } }; - SecKeychainAttributeList attrList = - { sizeof(attrs) / sizeof(*attrs), attrs }; - - for (item_num = 0; item_num < item_count - 2; ++item_num) - { - char account[64]; - sprintf(account, "account-%d", item_num); - SecKeychainItemRef item = NULL; - is_sec_event(kSecAddEvent, NULL, &item, NULL, "got add event"); - - SKIP: { - skip("no item", 3, item != NULL); - - ok_status(SecKeychainItemCopyContent(item, NULL, &attrList, NULL, - NULL), "get content"); - - eq_stringn(account, strlen(account), attrs[0].data, attrs[0].length, - "account name in notification matches"); - ok_status(SecKeychainItemFreeContent(&attrList, NULL), - "free content"); - } - } - - for (; item_num < item_count; ++item_num) - { - char account[64]; - sprintf(account, "account-%d", item_num); - SecKeychainItemRef item = NULL; - is_sec_event(kSecAddEvent, NULL, &item, NULL, "got add event"); - - SKIP: { - skip("no item", 3, item != NULL); - - ok_status(SecKeychainItemCopyContent(item, NULL, &attrList, NULL, - NULL), "get content"); - eq_stringn(account, strlen(account), attrs[0].data, attrs[0].length, - "account name in notification matches"); - ok_status(SecKeychainItemFreeContent(&attrList, NULL), - "free content"); - } - } - - ok(tests_end(1), "cleanup"); -} - -int main(int argc, char *const *argv) -{ -#ifdef DEBUG - plan_tests(49); - - if (!tests_begin(argc, argv)) - BAIL_OUT("tests_begin failed"); - - tests(); - ok_leaks("no leaks"); -#endif - plan_tests(1); - ok_leaks("no leaks"); - - return 0; -} diff --git a/SecurityTests/regressions/kc/kc-30-trust.c b/SecurityTests/regressions/kc/kc-30-trust.c deleted file mode 100755 index 7582c009..00000000 --- a/SecurityTests/regressions/kc/kc-30-trust.c +++ /dev/null @@ -1,25 +0,0 @@ -#include - -#include "testmore.h" -#include "testleaks.h" - -static void tests(void) -{ - SecTrustRef trust = NULL; - - ok_status(SecTrustCreateWithCertificates(NULL, NULL, &trust), - "create empty trust"); - ok(trust, "trust not NULL"); - CFRelease(trust); -} - -int main(int argc, char *const *argv) -{ - plan_tests(3); - - tests(); - - ok_leaks("leaks"); - - return 0; -} diff --git a/SecurityTests/regressions/kc/kc-40-item-change-label2.m b/SecurityTests/regressions/kc/kc-40-item-change-label2.m deleted file mode 100755 index 67cb9229..00000000 --- a/SecurityTests/regressions/kc/kc-40-item-change-label2.m +++ /dev/null @@ -1,351 +0,0 @@ -// -// keychain_test.m -// Keychain item access control example -// -// Created by Perry Kiehtreiber on Wed Jun 19 2002 -// Modified by Ken McLeod, Mon Apr 21 2003 -- added "always allow" ACL support -// Wed Jul 28 2004 -- add test code for persistent ref SPI -// Mon Aug 02 2004 -- add test code to change label attributes -// -// To build and run this example: -// cc -framework Security -framework Foundation keychain_test.m ; ./a.out -// -// Copyright (c) 2003-2005,2007 Apple Inc. All Rights Reserved. -// - -#define TEST_PERSISTENT_REFS 0 -#define USE_SYSTEM_KEYCHAIN 0 - - -#import - -#include -#include -#include -#include -#include -#include -#include -#include - -#import "testmore.h" -#import "testenv.h" -#import "testleaks.h" - -void renameItemViaModifyAttributesAndData(SecKeychainItemRef item) -{ - const char *labelSuffix = " [MAD]"; - - // get the item's label attribute (allocated for us by - // SecKeychainItemCopyAttributesAndData, must free later...) - UInt32 itemTags[] = { kSecLabelItemAttr }; - UInt32 itemFmts[] = { CSSM_DB_ATTRIBUTE_FORMAT_STRING }; - SecKeychainAttributeInfo attrInfo = { 1, itemTags, itemFmts }; - SecKeychainAttributeList *attrList = NULL; - SecItemClass itemClass; - - ok_status(SecKeychainItemCopyAttributesAndData(item, &attrInfo, &itemClass, &attrList, NULL, NULL), - "get label attribute"); - - ok(attrList && attrList->count == 1, "check that exactly one attribute was returned"); - - // malloc enough space to hold our new label string - // (length = old label string + suffix string + terminating NULL) - CFIndex newLen = attrList->attr[0].length + strlen(labelSuffix); - char *p = (char*) malloc(newLen); - memcpy(p, attrList->attr[0].data, attrList->attr[0].length); - memcpy(p + attrList->attr[0].length, labelSuffix, strlen(labelSuffix)); - - // set up the attribute we want to change with its new value - SecKeychainAttribute newAttrs[] = { { kSecLabelItemAttr, newLen, p } }; - SecKeychainAttributeList newAttrList = - { sizeof(newAttrs) / sizeof(newAttrs[0]), newAttrs }; - - // modify the attribute - ok_status(SecKeychainItemModifyAttributesAndData(item, &newAttrList, 0, NULL), - "SecKeychainItemModifyAttributesAndData"); - - // free the memory we allocated for the new label string - free(p); - - // free the attrList which was allocated by SecKeychainItemCopyAttributesAndData - ok_status(SecKeychainItemFreeAttributesAndData(attrList, NULL), - "SecKeychainItemFreeAttributesAndData"); -} - -void renameItemViaModifyContent(SecKeychainItemRef item) -{ - const char *labelSuffix = " [MC]"; - - // get the item's label attribute (allocated for us by - // SecKeychainItemCopyContent, must free later...) - SecKeychainAttribute itemAttrs[] = { { kSecLabelItemAttr, 0, NULL } }; - SecKeychainAttributeList itemAttrList = - { sizeof(itemAttrs) / sizeof(itemAttrs[0]), itemAttrs }; - - ok_status(SecKeychainItemCopyContent(item, NULL, &itemAttrList, - NULL, NULL), "get label"); - - ok(itemAttrs[0].data != NULL, "check that attribute data was returned"); - - // malloc enough space to hold our new label string - // (length = old label string + suffix string + terminating NULL) - CFIndex newLen = itemAttrs[0].length + strlen(labelSuffix); - char *p = (char*) malloc(newLen); - memcpy(p, itemAttrs[0].data, itemAttrs[0].length); - memcpy(p + itemAttrs[0].length, labelSuffix, strlen(labelSuffix)); - - // set up the attribute we want to change with its new value - SecKeychainAttribute newAttrs[] = { { kSecLabelItemAttr, newLen, p } }; - SecKeychainAttributeList newAttrList = - { sizeof(newAttrs) / sizeof(newAttrs[0]), newAttrs }; - - // modify the attribute - ok_status(SecKeychainItemModifyContent(item, &newAttrList, - 0, NULL), "modify label"); - - // free the memory we allocated for the new label string - free(p); - - // free the memory in the itemAttrList structure which was - // allocated by SecKeychainItemCopyContent - ok_status(SecKeychainItemFreeContent(&itemAttrList, NULL), - "SecKeychainItemFreeContent"); -} - -void testRenameItemLabels(SecKeychainRef keychain) -{ - // Find each generic password item in the given keychain whose label - // is "sample service", and modify the existing label attribute - // by adding a " [label]" suffix. - - const char *searchString = "sample service"; - - SecKeychainSearchRef searchRef = nil; - SecKeychainAttribute sAttrs[] = - { { kSecServiceItemAttr, strlen(searchString), (char*)searchString } }; - SecKeychainAttributeList sAttrList = - { sizeof(sAttrs) / sizeof(sAttrs[0]), sAttrs }; - ok_status(SecKeychainSearchCreateFromAttributes(keychain, - kSecGenericPasswordItemClass, &sAttrList, &searchRef), - "SecKeychainSearchCreateFromAttributes"); - - SecKeychainItemRef foundItemRef = NULL; - int count; - for (count = 0; count < 2; ++count) - { - ok_status(SecKeychainSearchCopyNext(searchRef, &foundItemRef), - "SecKeychainSearchCopyNext"); - - renameItemViaModifyAttributesAndData(foundItemRef); // 4 - renameItemViaModifyContent(foundItemRef); // 4 - - if (foundItemRef) - CFRelease(foundItemRef); - } - - is_status(SecKeychainSearchCopyNext(searchRef, &foundItemRef), - errSecItemNotFound, "SecKeychainSearchCopyNext at end"); - - if (searchRef) CFRelease(searchRef); -} - -SecAccessRef createAccess(NSString *accessLabel, BOOL allowAny) -{ - SecAccessRef access=nil; - NSArray *trustedApplications=nil; - - if (!allowAny) // use default access ("confirm access") - { - // make an exception list of applications you want to trust, which - // are allowed to access the item without requiring user confirmation - SecTrustedApplicationRef myself, someOther; - ok_status(SecTrustedApplicationCreateFromPath(NULL, &myself), - "create trusted app for self"); - ok_status(SecTrustedApplicationCreateFromPath("/Applications/Mail.app", - &someOther), "create trusted app for Mail.app"); - trustedApplications = [NSArray arrayWithObjects:(id)myself, - (id)someOther, nil]; - CFRelease(myself); - CFRelease(someOther); - } - - ok_status(SecAccessCreate((CFStringRef)accessLabel, - (CFArrayRef)trustedApplications, &access), "SecAccessCreate"); - - if (allowAny) - { - // change access to be wide-open for decryption ("always allow access") - // get the access control list for decryption operations - CFArrayRef aclList=nil; - ok_status(SecAccessCopySelectedACLList(access, - CSSM_ACL_AUTHORIZATION_DECRYPT, &aclList), - "SecAccessCopySelectedACLList"); - - // get the first entry in the access control list - SecACLRef aclRef=(SecACLRef)CFArrayGetValueAtIndex(aclList, 0); - CFArrayRef appList=nil; - CFStringRef promptDescription=nil; - CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR promptSelector; - ok_status(SecACLCopySimpleContents(aclRef, &appList, - &promptDescription, &promptSelector), "SecACLCopySimpleContents"); - - // modify the default ACL to not require the passphrase, and have a - // nil application list - promptSelector.flags &= ~CSSM_ACL_KEYCHAIN_PROMPT_REQUIRE_PASSPHRASE; - ok_status(SecACLSetSimpleContents(aclRef, NULL, promptDescription, - &promptSelector), "SecACLSetSimpleContents"); - - if (appList) CFRelease(appList); - if (promptDescription) CFRelease(promptDescription); - if (aclList) CFRelease(aclList); - } - - return access; -} - -void addApplicationPassword(SecKeychainRef keychain, NSString *password, - NSString *account, NSString *service, BOOL allowAny, SecKeychainItemRef *outItem) -{ - SecKeychainItemRef item = nil; - const char *serviceUTF8 = [service UTF8String]; - const char *accountUTF8 = [account UTF8String]; - const char *passwordUTF8 = [password UTF8String]; - // use the service string as the name of this item for display purposes - NSString *itemLabel = service; - const char *itemLabelUTF8 = [itemLabel UTF8String]; - -#if USE_SYSTEM_KEYCHAIN - const char *sysKeychainPath = "/Library/Keychains/System.keychain"; - status = SecKeychainOpen(sysKeychainPath, &keychain); - if (status) { NSLog(@"SecKeychainOpen returned %d", status); return; } - status = SecKeychainSetPreferenceDomain(kSecPreferencesDomainSystem); - if (status) { NSLog(@"SecKeychainSetPreferenceDomain returned %d", status); return; } -#endif - - // create initial access control settings for the item - SecAccessRef access = createAccess(itemLabel, allowAny); - - // Below is the lower-layer equivalent to the - // SecKeychainAddGenericPassword() function; it does the same thing - // (except specify the access controls) set up attribute vector - // (each attribute consists of {tag, length, pointer}) - SecKeychainAttribute attrs[] = { - { kSecLabelItemAttr, strlen(itemLabelUTF8), (char *)itemLabelUTF8 }, - { kSecAccountItemAttr, strlen(accountUTF8), (char *)accountUTF8 }, - { kSecServiceItemAttr, strlen(serviceUTF8), (char *)serviceUTF8 } - }; - SecKeychainAttributeList attributes = - { sizeof(attrs) / sizeof(attrs[0]), attrs }; - - ok_status(SecKeychainItemCreateFromContent(kSecGenericPasswordItemClass, - &attributes, strlen(passwordUTF8), passwordUTF8, keychain, access, - &item), "SecKeychainItemCreateFromContent"); - - if (access) CFRelease(access); - - if (outItem) { - *outItem = item; - } else if (item) { - CFRelease(item); - } -} - -// 1 -void addInternetPassword(SecKeychainRef keychain, NSString *password, - NSString *account, NSString *server, NSString *path, - SecProtocolType protocol, int port, BOOL allowAny, SecKeychainItemRef *outItem) -{ - SecKeychainItemRef item = nil; - const char *pathUTF8 = [path UTF8String]; - const char *serverUTF8 = [server UTF8String]; - const char *accountUTF8 = [account UTF8String]; - const char *passwordUTF8 = [password UTF8String]; - // use the server string as the name of this item for display purposes - NSString *itemLabel = server; - const char *itemLabelUTF8 = [itemLabel UTF8String]; - -#if USE_SYSTEM_KEYCHAIN - const char *sysKeychainPath = "/Library/Keychains/System.keychain"; - status = SecKeychainOpen(sysKeychainPath, &keychain); - if (status) { NSLog(@"SecKeychainOpen returned %d", status); return 1; } - status = SecKeychainSetPreferenceDomain(kSecPreferencesDomainSystem); - if (status) { NSLog(@"SecKeychainSetPreferenceDomain returned %d", status); return 1; } -#endif - - // create initial access control settings for the item - SecAccessRef access = createAccess(itemLabel, allowAny); - - // below is the lower-layer equivalent to the - // SecKeychainAddInternetPassword() function; it does the same - // thing (except specify the access controls) set up attribute - // vector (each attribute consists of {tag, length, pointer}) - SecKeychainAttribute attrs[] = { - { kSecLabelItemAttr, strlen(itemLabelUTF8), (char *)itemLabelUTF8 }, - { kSecAccountItemAttr, strlen(accountUTF8), (char *)accountUTF8 }, - { kSecServerItemAttr, strlen(serverUTF8), (char *)serverUTF8 }, - { kSecPortItemAttr, sizeof(int), (int *)&port }, - { kSecProtocolItemAttr, sizeof(SecProtocolType), - (SecProtocolType *)&protocol }, - { kSecPathItemAttr, strlen(pathUTF8), (char *)pathUTF8 } - }; - SecKeychainAttributeList attributes = - { sizeof(attrs) / sizeof(attrs[0]), attrs }; - - ok_status(SecKeychainItemCreateFromContent(kSecInternetPasswordItemClass, - &attributes, strlen(passwordUTF8), passwordUTF8, keychain, access, - &item), "SecKeychainItemCreateFromContent"); - - if (access) CFRelease(access); - - if (outItem) { - *outItem = item; - } else if (item) { - CFRelease(item); - } -} - -void tests(void) -{ - SecKeychainRef keychain = NULL; - ok_status(SecKeychainCreate("login.keychain", 4, "test", NO, NULL, - &keychain), "SecKeychainCreate"); - - NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init]; - - // add some example passwords to the keychain - addApplicationPassword(keychain, @"sample password", - @"sample account", @"sample service", NO, NULL); - addApplicationPassword(keychain, @"sample password", - @"different account", @"sample service", NO, NULL); - addApplicationPassword(keychain, @"sample password", - @"sample account", @"sample unprotected service", YES, NULL); - addInternetPassword(keychain, @"sample password", - @"sample account", @"samplehost.apple.com", - @"cgi-bin/bogus/testpath", kSecProtocolTypeHTTP, 8080, NO, NULL); - - // test searching and changing item label attributes - testRenameItemLabels(keychain); - - [pool release]; - - SKIP: { - skip("no keychain", 1, keychain); - ok_status(SecKeychainDelete(keychain), "SecKeychainDelete"); - CFRelease(keychain); - } - - tests_end(1); -} - -int main(int argc, char * const *argv) -{ - plan_tests(40); - tests_begin(argc, argv); - - tests(); - - ok_leaks("leaks"); - - return 0; -} diff --git a/SecurityTests/regressions/kc/kc-46-dl-add-certificate.c b/SecurityTests/regressions/kc/kc-46-dl-add-certificate.c deleted file mode 100644 index 82008581..00000000 --- a/SecurityTests/regressions/kc/kc-46-dl-add-certificate.c +++ /dev/null @@ -1,247 +0,0 @@ -/* - * Copyright (c) 2005-2007,2009,2011 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - * - * 01DL_CreateReleation.c - */ - -#include -#include -#include -#include -#include - -#include "testmore.h" -#include "testenv.h" -#include "testcssm.h" - -/* Cert File Name: keybank_v3.101.cer */ -static const uint8 keybank_der_bytes[] = -{ - 0x30, 0x82, 0x03, 0x86, 0x30, 0x82, 0x02, 0xef, - 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x78, - 0xee, 0x48, 0xde, 0x18, 0x5b, 0x20, 0x71, 0xc9, - 0xc9, 0xc3, 0xb5, 0x1d, 0x7b, 0xdd, 0xc1, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x5f, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, - 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, - 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, - 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x37, - 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x2e, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, - 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, - 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, - 0x1e, 0x17, 0x0d, 0x39, 0x37, 0x30, 0x34, 0x31, - 0x37, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, - 0x17, 0x0d, 0x31, 0x31, 0x31, 0x30, 0x32, 0x34, - 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, - 0x81, 0xba, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, - 0x55, 0x04, 0x0a, 0x13, 0x16, 0x56, 0x65, 0x72, - 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x54, 0x72, - 0x75, 0x73, 0x74, 0x20, 0x4e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x31, 0x17, 0x30, 0x15, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x0e, 0x56, 0x65, - 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x33, 0x30, 0x31, - 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x56, - 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x20, - 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x20, 0x53, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, 0x20, - 0x2d, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, - 0x33, 0x31, 0x49, 0x30, 0x47, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x13, 0x40, 0x77, 0x77, 0x77, 0x2e, - 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x50, 0x53, - 0x20, 0x49, 0x6e, 0x63, 0x6f, 0x72, 0x70, 0x2e, - 0x62, 0x79, 0x20, 0x52, 0x65, 0x66, 0x2e, 0x20, - 0x4c, 0x49, 0x41, 0x42, 0x49, 0x4c, 0x49, 0x54, - 0x59, 0x20, 0x4c, 0x54, 0x44, 0x2e, 0x28, 0x63, - 0x29, 0x39, 0x37, 0x20, 0x56, 0x65, 0x72, 0x69, - 0x53, 0x69, 0x67, 0x6e, 0x30, 0x81, 0x9f, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, - 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, - 0x00, 0xd8, 0x82, 0x80, 0xe8, 0xd6, 0x19, 0x02, - 0x7d, 0x1f, 0x85, 0x18, 0x39, 0x25, 0xa2, 0x65, - 0x2b, 0xe1, 0xbf, 0xd4, 0x05, 0xd3, 0xbc, 0xe6, - 0x36, 0x3b, 0xaa, 0xf0, 0x4c, 0x6c, 0x5b, 0xb6, - 0xe7, 0xaa, 0x3c, 0x73, 0x45, 0x55, 0xb2, 0xf1, - 0xbd, 0xea, 0x97, 0x42, 0xed, 0x9a, 0x34, 0x0a, - 0x15, 0xd4, 0xa9, 0x5c, 0xf5, 0x40, 0x25, 0xdd, - 0xd9, 0x07, 0xc1, 0x32, 0xb2, 0x75, 0x6c, 0xc4, - 0xca, 0xbb, 0xa3, 0xfe, 0x56, 0x27, 0x71, 0x43, - 0xaa, 0x63, 0xf5, 0x30, 0x3e, 0x93, 0x28, 0xe5, - 0xfa, 0xf1, 0x09, 0x3b, 0xf3, 0xb7, 0x4d, 0x4e, - 0x39, 0xf7, 0x5c, 0x49, 0x5a, 0xb8, 0xc1, 0x1d, - 0xd3, 0xb2, 0x8a, 0xfe, 0x70, 0x30, 0x95, 0x42, - 0xcb, 0xfe, 0x2b, 0x51, 0x8b, 0x5a, 0x3c, 0x3a, - 0xf9, 0x22, 0x4f, 0x90, 0xb2, 0x02, 0xa7, 0x53, - 0x9c, 0x4f, 0x34, 0xe7, 0xab, 0x04, 0xb2, 0x7b, - 0x6f, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, - 0xe6, 0x30, 0x81, 0xe3, 0x30, 0x0f, 0x06, 0x03, - 0x55, 0x1d, 0x13, 0x04, 0x08, 0x30, 0x06, 0x01, - 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x44, 0x06, - 0x03, 0x55, 0x1d, 0x20, 0x04, 0x3d, 0x30, 0x3b, - 0x30, 0x39, 0x06, 0x0b, 0x60, 0x86, 0x48, 0x01, - 0x86, 0xf8, 0x45, 0x01, 0x07, 0x01, 0x01, 0x30, - 0x2a, 0x30, 0x28, 0x06, 0x08, 0x2b, 0x06, 0x01, - 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1c, 0x68, - 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, - 0x77, 0x77, 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, - 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x43, 0x50, 0x53, 0x30, 0x34, 0x06, 0x03, 0x55, - 0x1d, 0x1f, 0x04, 0x2d, 0x30, 0x2b, 0x30, 0x29, - 0xa0, 0x27, 0xa0, 0x25, 0x86, 0x23, 0x68, 0x74, - 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, - 0x2e, 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, - 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x63, - 0x61, 0x33, 0x2d, 0x67, 0x32, 0x2e, 0x63, 0x72, - 0x6c, 0x30, 0x34, 0x06, 0x03, 0x55, 0x1d, 0x25, - 0x04, 0x2d, 0x30, 0x2b, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, - 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, - 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, - 0x42, 0x04, 0x01, 0x06, 0x0a, 0x60, 0x86, 0x48, - 0x01, 0x86, 0xf8, 0x45, 0x01, 0x08, 0x01, 0x30, - 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, - 0x03, 0x02, 0x01, 0x06, 0x30, 0x11, 0x06, 0x09, - 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, - 0x01, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, - 0x81, 0x00, 0x23, 0x5d, 0xee, 0xa6, 0x24, 0x05, - 0xfd, 0x76, 0xd3, 0x6a, 0x1a, 0xd6, 0xba, 0x46, - 0x06, 0xaa, 0x6a, 0x0f, 0x03, 0x90, 0x66, 0xb2, - 0xb0, 0xa6, 0xc2, 0x9e, 0xc9, 0x1e, 0xa3, 0x55, - 0x53, 0xaf, 0x3e, 0x45, 0xfd, 0xdc, 0x8c, 0x27, - 0xdd, 0x53, 0x38, 0x09, 0xbb, 0x7c, 0x4b, 0x2b, - 0xba, 0x95, 0x4a, 0xfe, 0x70, 0x4e, 0x1b, 0x69, - 0xd6, 0x3c, 0xf7, 0x4f, 0x07, 0xc5, 0xf2, 0x17, - 0x5a, 0x4c, 0xa2, 0x8f, 0xac, 0x0b, 0x8a, 0x06, - 0xdb, 0xb9, 0xd4, 0x6b, 0xc5, 0x1d, 0x58, 0xda, - 0x17, 0x52, 0xe3, 0x21, 0xf1, 0xd2, 0xd7, 0x5a, - 0xd5, 0xe5, 0xab, 0x59, 0x7b, 0x21, 0x7a, 0x86, - 0x6a, 0xd4, 0xfe, 0x17, 0x11, 0x3a, 0x53, 0x0d, - 0x9c, 0x60, 0xa0, 0x4a, 0xd9, 0x5e, 0xe4, 0x1d, - 0x0c, 0x29, 0xaa, 0x13, 0x07, 0x65, 0x86, 0x1f, - 0xbf, 0xb4, 0xc9, 0x82, 0x53, 0x9c, 0x2c, 0x02, - 0x8f, 0x23 -}; -static const CSSM_DATA keybank_der = -{ - sizeof(keybank_der_bytes), - (uint8 *)keybank_der_bytes -}; - -static void -certTests(SecKeychainRef keychain) -{ - SecCertificateRef certificate = NULL; - ok_status(SecCertificateCreateFromData(&keybank_der, - CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_DER, &certificate), - "SecCertificateCreateFromData"); - ok(certificate, "certificate non NULL"); - ok_status(SecCertificateAddToKeychain(certificate, keychain), - "SecCertificateAddToKeychain fails unless 4039735 is fixed"); - - is_status(SecCertificateAddToKeychain(certificate, keychain), - errSecDuplicateItem, "SecCertificateAddToKeychain twice"); - - SecCertificateRef certificate2 = NULL; - ok_status(SecCertificateCreateFromData(&keybank_der, - CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_DER, &certificate2), - "SecCertificateCreateFromData"); - is_status(SecCertificateAddToKeychain(certificate2, keychain), - errSecDuplicateItem, "SecCertificateAddToKeychain twice"); - is(CFGetRetainCount(certificate2), 1, "certificate2 retain count is 1"); // 1 because the above test fails, therefore it's not owned by a keychain - CFRelease(certificate2); - - SecKeychainRef certKeychain = NULL; - ok_status(SecKeychainItemCopyKeychain((SecKeychainItemRef)certificate, - &certKeychain), "SecKeychainItemCopyKeychain"); - is((intptr_t)keychain, (intptr_t)certKeychain, "cert's keychain is keychain"); - CFRelease(certKeychain); - - is(CFGetRetainCount(certificate), 1, "certificate retain count is 1"); - CFRelease(certificate); - - ok_status(SecKeychainDelete(keychain), "SecKeychainDelete"); - is(CFGetRetainCount(keychain), 1, "keychain retain count is 1"); - CFRelease(keychain); -} - -CSSM_DBINFO dbInfo = -{ - 0 /* NumberOfRecordTypes */, - NULL, - NULL, - NULL, - CSSM_TRUE /* IsLocal */, - NULL, /* AccessPath - URL, dir path, etc. */ - NULL /* reserved */ -}; - -int -main(int argc, char * const *argv) -{ - int guid_alt = argc > 1 && !strcmp(argv[1], "-g"); - /* {2cb56191-ee6f-432d-a377-853d3c6b949e} */ - CSSM_GUID s3dl_guid = - { - 0x2cb56191, 0xee6f, 0x432d, - { 0xa3, 0x77, 0x85, 0x3d, 0x3c, 0x6b, 0x94, 0x9e } - }; - const CSSM_GUID *guid = guid_alt ? & s3dl_guid : &gGuidAppleFileDL; - - plan_tests(18); - - CSSM_DL_DB_HANDLE dldb = {}; - ok(cssm_attach(guid, &dldb.DLHandle), "cssm_attach"); - - if (!tests_begin(argc, argv)) - return 255; - - const char *dbname = "test.keychain"; - ok_status(CSSM_DL_DbCreate(dldb.DLHandle, dbname, NULL /* DbLocation */, - &dbInfo, - CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, - NULL /* CredAndAclEntry */, - NULL /* &openParameters */, - &dldb.DBHandle), - "CSSM_DL_DbCreate pure dl"); - ok_status(CSSM_DL_DbClose(dldb), "close db"); - ok(cssm_detach(guid, dldb.DLHandle), "cssm_detach"); - - SecKeychainRef keychain = NULL; - ok_status(SecKeychainOpenWithGuid(guid, 0, CSSM_SERVICE_DL, dbname, - NULL, &keychain), "Open pure dl keychain"); - ok(keychain, "keychain non NULL"); - - certTests(keychain); - - return !tests_end(1); -} diff --git a/SecurityTests/regressions/kc/kc-50-iPhone-emulation.c b/SecurityTests/regressions/kc/kc-50-iPhone-emulation.c deleted file mode 100644 index f553148d..00000000 --- a/SecurityTests/regressions/kc/kc-50-iPhone-emulation.c +++ /dev/null @@ -1,325 +0,0 @@ -#include -#include -#include -#include -#include -#include - -#include "testmore.h" -#include "testenv.h" -#include "testcssm.h" -#include "testleaks.h" - - -void AddKeyCFTypePairToDictionary(CFMutableDictionaryRef mdr, CFTypeRef key, CFTypeRef value) -{ - CFDictionaryAddValue(mdr, key, value); -} - - - -void AddKeyNumberPairToDictionary(CFMutableDictionaryRef mdr, CFTypeRef key, uint32 value) -{ - // make a CFNumber out of the value - CFNumberRef number = CFNumberCreate(NULL, kCFNumberSInt32Type, &value); - CFDictionaryAddValue(mdr, key, number); - CFRelease(number); -} - - - -void AddKeyStringPairToDictionary(CFMutableDictionaryRef mdr, CFTypeRef key, const char* string) -{ - // We add the string as a CFData - CFDataRef data = CFDataCreate(NULL, (const UInt8*) string, strlen(string)); - CFDictionaryAddValue(mdr, key, data); - CFRelease(data); -} - - - -int SignVerifyTest() -{ - CFMutableDictionaryRef parameters; - SecKeyRef publicKey, privateKey; - - // start out with an empty dictionary and see if it returns an error - parameters = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - OSStatus result = SecKeyGeneratePair(parameters, &publicKey, &privateKey); - - ok(result != noErr, "result is noErr"); - - // add the algorithm type - AddKeyCFTypePairToDictionary(parameters, kSecAttrKeyType, kSecAttrKeyTypeRSA); - - // see if we can get a 2048 bit keypair - AddKeyNumberPairToDictionary(parameters, kSecAttrKeySizeInBits, 2048); - - // put an application tag on the key - AddKeyStringPairToDictionary(parameters, kSecAttrApplicationTag, "This is a test."); - - // try again - result = SecKeyGeneratePair(parameters, &publicKey, &privateKey); - ok_status(result, "SecKeyGeneratePair"); - if (result != noErr) - { - return 1; - } - - // Make a chunk of data - char data[] = "This is a test of some data. Ain't it grand?"; - - SecPadding paddings[] = {kSecPaddingNone, kSecPaddingPKCS1, kSecPaddingPKCS1MD2, kSecPaddingPKCS1MD5, kSecPaddingPKCS1SHA1}; - const int numberOfPaddings = sizeof(paddings) / sizeof (SecPadding); - - // test each padding mode - int n; - for (n = 0; n < numberOfPaddings; ++n) - { - // sign that data with the private key - uint8 signature[512]; - size_t signatureLength = sizeof(signature); - - result = SecKeyRawSign(privateKey, paddings[n], (uint8_t*) data, strlen(data), signature, &signatureLength); - ok_status(result, "SecKeyRawSign"); - - // verify with the signature - result = SecKeyRawVerify(publicKey, paddings[n], (uint8_t*) data, strlen(data), signature, signatureLength); - ok_status(result, "SecKeyRawVerify"); - } - - // clean up - SecKeychainItemDelete((SecKeychainItemRef) publicKey); - SecKeychainItemDelete((SecKeychainItemRef) privateKey); - - CFRelease(publicKey); - CFRelease(privateKey); - CFRelease(parameters); - - return 0; -} - -int SignVerifyWithAsyncTest() -{ - CFMutableDictionaryRef parameters; - __block SecKeyRef publicKey, privateKey; - - // start out with an empty dictionary and see if it returns an error - parameters = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - OSStatus result = SecKeyGeneratePair(parameters, &publicKey, &privateKey); - dispatch_group_t everyone_called = dispatch_group_create(); - - dispatch_group_enter(everyone_called); - SecKeyGeneratePairAsync(parameters, dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^(SecKeyRef publicKey, SecKeyRef privateKey, CFErrorRef error){ - ok(publicKey == NULL && privateKey == NULL, "keys are NULL"); - ok(error != NULL, "error set"); - dispatch_group_leave(everyone_called); - }); - - // add the algorithm type - AddKeyCFTypePairToDictionary(parameters, kSecAttrKeyType, kSecAttrKeyTypeRSA); - - // see if we can get a 2048 bit keypair - AddKeyNumberPairToDictionary(parameters, kSecAttrKeySizeInBits, 2048); - - // put an application tag on the key - AddKeyStringPairToDictionary(parameters, kSecAttrApplicationTag, "This is a test."); - - // throw some sort of access thingie on it too - SecAccessRef access = NULL; - SecTrustedApplicationRef myself = NULL; - ok_status(SecTrustedApplicationCreateFromPath(NULL, &myself), "create trusted app for self"); - CFArrayRef trustedApplications = CFArrayCreate(NULL, (const void **)&myself, 1, &kCFTypeArrayCallBacks); - ok_status(SecAccessCreate(CFSTR("Trust self (test)"), trustedApplications, &access), "SecAccessCreate"); - CFRelease(trustedApplications); - CFRelease(myself); - AddKeyCFTypePairToDictionary(parameters, kSecAttrAccess, access); - - // try again - dispatch_group_enter(everyone_called); - SecKeyGeneratePairAsync(parameters, dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^(SecKeyRef pubKey, SecKeyRef privKey, CFErrorRef error){ - ok(pubKey != NULL && privKey != NULL, "keys set"); - ok(error == NULL, "no error"); - publicKey = (SecKeyRef)CFRetain(pubKey); - privateKey = (SecKeyRef)CFRetain(privKey); - dispatch_group_leave(everyone_called); - }); - - dispatch_group_wait(everyone_called, DISPATCH_TIME_FOREVER); - if (NULL == publicKey || NULL == privateKey) - { - return 1; - } - - // Make a chunk of data - char data[] = "This is a test of some data. Ain't it grand?"; - - SecPadding paddings[] = {kSecPaddingNone, kSecPaddingPKCS1, kSecPaddingPKCS1MD2, kSecPaddingPKCS1MD5, kSecPaddingPKCS1SHA1}; - const int numberOfPaddings = sizeof(paddings) / sizeof (SecPadding); - - // test each padding mode - int n; - for (n = 0; n < numberOfPaddings; ++n) - { - // sign that data with the private key - uint8 signature[512]; - size_t signatureLength = sizeof(signature); - - result = SecKeyRawSign(privateKey, paddings[n], (uint8_t*) data, strlen(data), signature, &signatureLength); - ok_status(result, "SecKeyRawSign"); - - // verify with the signature - result = SecKeyRawVerify(publicKey, paddings[n], (uint8_t*) data, strlen(data), signature, signatureLength); - ok_status(result, "SecKeyRawVerify"); - } - - // clean up - SecKeychainItemDelete((SecKeychainItemRef) publicKey); - SecKeychainItemDelete((SecKeychainItemRef) privateKey); - - CFRelease(publicKey); - CFRelease(privateKey); - CFRelease(parameters); - - return 0; -} - - - -int EncryptDecryptTest() -{ - CFMutableDictionaryRef parameters; - SecKeyRef encryptionKey, decryptionKey; - - // start out with an empty dictionary and see if it returns an error - parameters = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - - // add the algorithm type - AddKeyCFTypePairToDictionary(parameters, kSecAttrKeyType, kSecAttrKeyTypeRSA); - - // see if we can get a 2048 bit keypair - AddKeyNumberPairToDictionary(parameters, kSecAttrKeySizeInBits, 2048); - - // put an application tag on the key - AddKeyStringPairToDictionary(parameters, kSecAttrApplicationTag, "This is a test."); - - OSStatus result = SecKeyGeneratePair(parameters, &encryptionKey, &decryptionKey); - ok_status(result, "EncryptDecryptTest"); - - // Make a chunk of data - char data[] = "I want to keep this data secure."; - - SecPadding paddings[] = {kSecPaddingPKCS1}; - const int numberOfPaddings = sizeof(paddings) / sizeof (SecPadding); - - // test each padding mode - int n; - for (n = 0; n < numberOfPaddings; ++n) - { - // encrypt that data with the public key - uint8 encryptedData[2048]; - size_t encryptedDataLength = sizeof(encryptedData); - memset(encryptedData, 0xFF, encryptedDataLength); - - result = SecKeyEncrypt(encryptionKey, paddings[n], (uint8_t*) data, sizeof(data), encryptedData, &encryptedDataLength); - if (result != noErr) - { - fprintf(stderr, "Error in encryption.\n"); - cssmPerror(NULL, result); - return 1; - } - - uint8 decryptedData[2048]; - size_t decryptedDataLength = sizeof(decryptedData); - - // decrypt with the private key - result = SecKeyDecrypt(decryptionKey, paddings[n], encryptedData, encryptedDataLength, decryptedData, &decryptedDataLength); - ok_status(result, "SecKeyDecrypt"); - - // what we got back had better equal what we put in - if (memcmp(data, decryptedData, sizeof(data)) != 0) - { - fprintf(stderr, "Decrypted text != original plain text.\n"); - return 1; - } - } - - // clean up - SecKeychainItemDelete((SecKeychainItemRef) encryptionKey); - SecKeychainItemDelete((SecKeychainItemRef) decryptionKey); - - CFRelease(encryptionKey); - CFRelease(decryptionKey); - CFRelease(parameters); - - return 0; -} - - - -#define TEST_ITEM_ACCOUNT CFSTR("SecItemTest_Account") -#define TEST_ITEM_SERVICE CFSTR("SecItemTest_Service") - -int SecItemTest() -{ - // create a dictionary to hold the item - CFMutableDictionaryRef dict = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - - // create our item -- we are only testing generic passwords, since that is the scope of the bug - CFDictionaryAddValue(dict, kSecClass, kSecClassGenericPassword); - CFDictionaryAddValue(dict, kSecAttrAccount, TEST_ITEM_ACCOUNT); - CFDictionaryAddValue(dict, kSecAttrService, TEST_ITEM_SERVICE); - - const char* data = "Shh! It's a secret!!!"; - CFDataRef dataRef = CFDataCreateWithBytesNoCopy(NULL, (const UInt8*) data, strlen(data), NULL); - CFDictionaryAddValue(dict, kSecValueData, dataRef); - - CFTypeRef itemRef; - OSStatus result = SecItemAdd(dict, &itemRef); - ok_status(result, "SecItemAdd"); - - // cleanup - CFRelease(dict); - - // search for the item - dict = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - - // create our item -- we are only testing generic passwords, since that is the scope of the bug - CFDictionaryAddValue(dict, kSecClass, kSecClassGenericPassword); - CFDictionaryAddValue(dict, kSecAttrAccount, TEST_ITEM_ACCOUNT); - CFDictionaryAddValue(dict, kSecAttrService, TEST_ITEM_SERVICE); - CFDictionaryAddValue(dict, kSecReturnAttributes, kCFBooleanTrue); - - result = SecItemCopyMatching(dict, &itemRef); - ok_status(result, "SecItemCopyMatching"); - - return 0; -} - - - -void tests() -{ - SecKeychainRef keychain = NULL; - ok_status(SecKeychainSetUserInteractionAllowed(FALSE), "SecKeychainSetUserInteractionAllowed(FALSE)"); - ok_status(SecKeychainCreate("test", 4, "test", FALSE, NULL, &keychain), "SecKeychainCreate"); - - SignVerifyWithAsyncTest(); - SignVerifyTest(); - SecItemTest(); - - if (keychain) CFRelease(keychain); -} - - - -int main(int argc, char * const *argv) -{ - plan_tests(34); - if (!tests_begin(argc, argv)) - BAIL_OUT("tests_begin failed"); - tests(); - ok(tests_end(1), "cleanup"); - ok_leaks("no leaks"); - return 0; -} diff --git a/SecurityTests/regressions/kc/kc-50-thread.c b/SecurityTests/regressions/kc/kc-50-thread.c deleted file mode 100644 index 933e5d5f..00000000 --- a/SecurityTests/regressions/kc/kc-50-thread.c +++ /dev/null @@ -1,78 +0,0 @@ -#include -#include -#include -#include -#include -#include "testmore.h" -#include "testenv.h" -#include "testleaks.h" -#include - -const double kTestLength = 10.0; // length of a test - -#define MAXIMUM_NUMBER_OF_THREADS 100 - -double GetTimeOfDay() -{ - struct timeval tv; - gettimeofday(&tv, NULL); - - return (double) tv.tv_sec + (double) tv.tv_usec / 1000000.0; -} - - - -void* CopyDefaultAndReleaseInSingleThread(void* arg) -{ - OSStatus result; - - double endTime = GetTimeOfDay() + kTestLength; - do - { - SecKeychainRef kc; - result = SecKeychainCopyDefault(&kc); - CFRelease(kc); - - if (result != noErr) - { - return NULL; - } - - } while (GetTimeOfDay() < endTime); - - return NULL; -} - - - -int CopyDefaultAndDeleteInMultipleThreadsTest() -{ - const int gMax = MAXIMUM_NUMBER_OF_THREADS; - pthread_t threads[gMax]; - - // make the threads - int i; - for (i = 0; i < gMax; ++i) - { - pthread_create(&threads[i], NULL, CopyDefaultAndReleaseInSingleThread, NULL); - } - - // wait for them to complete - for (i = 0; i < gMax; ++i) - { - pthread_join(threads[i], NULL); - } - - return 1; -} - - - -int main(int argc, char* const argv[]) -{ - plan_tests(2); - ok(CopyDefaultAndDeleteInMultipleThreadsTest(), "CopyDefaultAndDeleteInMultipleThreadsTest"); - ok_leaks("kc-50-thread"); - return 0; -} - diff --git a/SecurityTests/regressions/kc/kc-52-testCFEqualAndHash.c b/SecurityTests/regressions/kc/kc-52-testCFEqualAndHash.c deleted file mode 100644 index 8aaabe90..00000000 --- a/SecurityTests/regressions/kc/kc-52-testCFEqualAndHash.c +++ /dev/null @@ -1,73 +0,0 @@ -#include -#include -#include - -#include "testmore.h" -#include "testenv.h" - -/* ========================================================================== - This test is to ensure we do not regress the fix for radar - Security CF runtime objects do not implement CF's Hash function - ========================================================================== */ - -static void tests(void) -{ - CFDictionaryRef query = CFDictionaryCreate(NULL, (const void **)&kSecClass, (const void **)&kSecClassCertificate, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - ok_status(NULL != query, "Dictionary Creation"); // 1 - - CFTypeRef result = NULL; - OSStatus err = SecItemCopyMatching(query, &result); - ok_status(noErr == err && NULL != result, "SecItemCopyMatching"); // 2 - - CFRelease(query); - - - SecCertificateRef cert = (SecCertificateRef)result; - - - CFDataRef cert_data = SecCertificateCopyData(cert); - ok_status(NULL != cert_data, "SecCertificateCopyData"); // 3 - - SecCertificateRef certs[5]; - certs[0] = cert; - - for (int iCnt = 1; iCnt < 5; iCnt++) - { - cert = NULL; - cert = SecCertificateCreateWithData(NULL, cert_data); - ok_status(NULL != cert_data, "SecCertificateCreateWithData"); // 4 5 6 7 - certs[iCnt] = cert; - } - - CFSetRef aSet = CFSetCreate(NULL, (const void **)certs, 4, &kCFTypeSetCallBacks); - ok_status(NULL != aSet, "CFSetCreate"); // 8 - - - CFIndex count = CFSetGetCount(aSet); - ok_status(count == 1, "CFSetGetCount"); // 9 - - - for (int iCnt = 0; iCnt < 5; iCnt++) - { - cert = certs[iCnt]; - if (NULL != cert) - { - CFRelease(cert); - certs[iCnt] = NULL; - } - } - -} - -int main(int argc, char *const *argv) -{ - plan_tests(9); - if (!tests_begin(argc, argv)) - BAIL_OUT("tests_begin failed"); - - tests(); - - //ok_leaks("leaks"); - - return 0; -} \ No newline at end of file diff --git a/SecurityTests/regressions/t/40kc-list.t b/SecurityTests/regressions/t/40kc-list.t deleted file mode 100755 index c494fa4f..00000000 --- a/SecurityTests/regressions/t/40kc-list.t +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/perl -w -use strict; -BEGIN { require 't/security.pl' }; -plan_security tests => 1; - -my($xd, $security) = build_test('test'); - -is_output('security', 'list', ['-d', 'common'], - [' "/Library/Keychains/System.keychain"'], 'list -d common'); -#is_output('security', 'list', ['-d', 'system'], -# [' "/Library/Keychains/System.keychain"'], 'list -d system'); - -1; diff --git a/SecurityTests/regressions/t/40kc-unlock.t b/SecurityTests/regressions/t/40kc-unlock.t deleted file mode 100755 index 5b740794..00000000 --- a/SecurityTests/regressions/t/40kc-unlock.t +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/perl -w - -use strict; -use warnings; -BEGIN { require 't/security.pl' }; -plan_security tests => 6; - -$ENV{HOME}="/tmp/test$$"; -ok(mkdir($ENV{HOME}), 'setup home'); -is_output('security', 'create-keychain', [qw(-p test test-unlock)], - [], - 'create kc'); -TODO: { - local $TODO = " Unlocking an unlocked keychain with the wrong password succeeds"; - is_output('security', 'unlock-keychain', ['-p', 'wrong', 'test-unlock'], - ['security: SecKeychainUnlock test-unlock: The user name or passphrase you entered is not correct.'], - 'unlock unlocked kc w/ wrong pw'); -}; -is_output('security', 'lock-keychain', ['test-unlock'], - [], - 'lock'); -is_output('security', 'unlock-keychain', ['-p', 'wrong', 'test-unlock'], - ['security: SecKeychainUnlock test-unlock: The user name or passphrase you entered is not correct.'], - 'unlock locked kc w/ wrong pw'); -ok(system("rm -rf '$ENV{HOME}'") eq 0, 'cleanup home'); - -1; diff --git a/SecurityTests/regressions/t/41kc-unlock-referral.t b/SecurityTests/regressions/t/41kc-unlock-referral.t deleted file mode 100755 index 441dd3af..00000000 --- a/SecurityTests/regressions/t/41kc-unlock-referral.t +++ /dev/null @@ -1,37 +0,0 @@ -#!/usr/bin/perl -w - -use strict; -use warnings; -BEGIN { require 't/security.pl' }; -plan_security tests => 7; - -$ENV{HOME}="/tmp/test$$"; -ok(mkdir($ENV{HOME}), 'setup home'); -my $source = "$ENV{HOME}/source"; -my $dest = "$ENV{HOME}/dest"; -is_output('security', 'create-keychain', ['-p', 'test', $source], - [], - 'create source'); -is_output('security', 'create-keychain', ['-p', 'test', $dest], - [], - 'create dest'); -SKIP: { - skip "systemkeychain brings up UI", 1; - - is_output('systemkeychain', '-k', [$dest, '-s', $source], - [], - 'systemkeychain'); -} -is_output('security', 'lock-keychain', [$source], - [], - 'lock source'); -SKIP: { - skip "systemkeychain bring up UI", 1; - - is_output('security', 'unlock-keychain', ['-u', $source], - [], - 'unlock source w/ referal'); -} -ok(system("rm -rf '$ENV{HOME}'") eq 0, 'cleanup home'); - -1; diff --git a/SecurityTests/regressions/t/IPC/Run3.pm b/SecurityTests/regressions/t/IPC/Run3.pm deleted file mode 100644 index c011d972..00000000 --- a/SecurityTests/regressions/t/IPC/Run3.pm +++ /dev/null @@ -1,666 +0,0 @@ -package IPC::Run3; - -$VERSION = 0.010; - -=head1 NAME - -IPC::Run3 - Run a subprocess in batch mode (a la system) on Unix, Win32, etc. - -=head1 SYNOPSIS - - use IPC::Run3; ## Exports run3() by default - use IPC::Run3 (); ## Don't pollute - - run3 \@cmd, \$in, \$out, \$err; - run3 \@cmd, \@in, \&out, \$err; - -=head1 DESCRIPTION - -This module allows you to run a subprocess and redirect stdin, stdout, -and/or stderr to files and perl data structures. It aims to satisfy 99% -of the need for using system()/qx``/open3() with a simple, extremely -Perlish API and none of the bloat and rarely used features of IPC::Run. - -Speed (of Perl code; which is often much slower than the kind of -buffered I/O that this module uses to spool input to and output from the -child command), simplicity, and portability are paramount. Disk space -is not. - -Note that passing in \undef explicitly redirects the associated file -descriptor for STDIN, STDOUT, or STDERR from or to the local equivalent -of /dev/null (this does I pass a closed filehandle). Passing in -"undef" (or not passing a redirection) allows the child to inherit the -corresponding STDIN, STDOUT, or STDERR from the parent. - -Because the redirects come last, this allows STDOUT and STDERR to -default to the parent's by just not specifying them; a common use -case. - -B: This means that: - - run3 \@cmd, undef, \$out; ## Pass on parent's STDIN - -B, it passes on the parent's. Use - - run3 \@cmd, \undef, \$out; ## Close child's STDIN - -for that. It's not ideal, but it does work. - -If the exact same value is passed for $stdout and $stderr, then -the child will write both to the same filehandle. In general, this -means that - - run3 \@cmd, \undef, "foo.txt", "foo.txt"; - run3 \@cmd, \undef, \$both, \$both; - -will DWYM and pass a single file handle to the child for both -STDOUT and STDERR, collecting all into $both. - -=head1 DEBUGGING - -To enable debugging use the IPCRUN3DEBUG environment variable to -a non-zero integer value: - - $ IPCRUN3DEBUG=1 myapp - -. - -=head1 PROFILING - -To enable profiling, set IPCRUN3PROFILE to a number to enable -emitting profile information to STDERR (1 to get timestamps, -2 to get a summary report at the END of the program, -3 to get mini reports after each run) or to a filename to -emit raw data to a file for later analysis. - -=head1 COMPARISON - -Here's how it stacks up to existing APIs: - -=over - -=item compared to system(), qx'', open "...|", open "|...": - -=over - -=item + redirects more than one file descriptor - -=item + returns TRUE on success, FALSE on failure - -=item + throws an error if problems occur in the parent process (or the -pre-exec child) - -=item + allows a very perlish interface to perl data structures and -subroutines - -=item + allows 1 word invocations to avoid the shell easily: - - run3 ["foo"]; ## does not invoke shell - -=item - does not return the exit code, leaves it in $? - -=back - -=item compared to open2(), open3(): - -=over - -=item + No lengthy, error prone polling / select loop needed - -=item + Hides OS dependancies - -=item + Allows SCALAR, ARRAY, and CODE references to source and sink I/O - -=item + I/O parameter order is like open3() (not like open2()). - -=item - Does not allow interaction with the subprocess - -=back - -=item compared to IPC::Run::run(): - -=over - -=item + Smaller, lower overhead, simpler, more portable - -=item + No select() loop portability issues - -=item + Does not fall prey to Perl closure leaks - -=item - Does not allow interaction with the subprocess (which -IPC::Run::run() allows by redirecting subroutines). - -=item - Lacks many features of IPC::Run::run() (filters, pipes, -redirects, pty support). - -=back - -=back - -=cut - -@EXPORT = qw( run3 ); -%EXPORT_TAGS = ( all => \@EXPORT ); -@ISA = qw( Exporter ); -use Exporter; - -use strict; -use constant debugging => $ENV{IPCRUN3DEBUG} || $ENV{IPCRUNDEBUG} || 0; -use constant profiling => $ENV{IPCRUN3PROFILE} || $ENV{IPCRUNPROFILE} || 0; -use constant is_win32 => 0 <= index $^O, "Win32"; - -BEGIN { - if ( is_win32 ) { - eval "use Win32 qw( GetOSName ); 1" or die $@; - } -} - -#use constant is_win2k => is_win32 && GetOSName() =~ /Win2000/i; -#use constant is_winXP => is_win32 && GetOSName() =~ /WinXP/i; - -use Carp qw( croak ); -use File::Temp qw( tempfile ); -use UNIVERSAL qw( isa ); -use POSIX qw( dup dup2 ); - -## We cache the handles of our temp files in order to -## keep from having to incur the (largish) overhead of File::Temp -my %fh_cache; - -my $profiler; - -sub _profiler { $profiler } ## test suite access - -BEGIN { - if ( profiling ) { - eval "use Time::HiRes qw( gettimeofday ); 1" or die $@; - if ( $ENV{IPCRUN3PROFILE} =~ /\A\d+\z/ ) { - require IPC::Run3::ProfPP; - $profiler = IPC::Run3::ProfPP->new( - Level => $ENV{IPCRUN3PROFILE}, - ); - } - else { - my ( $dest, undef, $class ) = - reverse split /(=)/, $ENV{IPCRUN3PROFILE}, 2; - $class = "IPC::Run3::ProfLogger" - unless defined $class && length $class; - unless ( eval "require $class" ) { - my $x = $@; - $class = "IPC::Run3::$class"; - eval "require IPC::Run3::$class" or die $x; - } - $profiler = $class->new( - Destination => $dest, - ); - } - $profiler->app_call( [ $0, @ARGV ], scalar gettimeofday() ); - } -} - - -END { - $profiler->app_exit( scalar gettimeofday() ) if profiling; -} - - -sub _spool_data_to_child { - my ( $type, $source, $binmode_it ) = @_; - - ## If undef (not \undef) passed, they want the child to inherit - ## the parent's STDIN. - return undef unless defined $source; - warn "binmode()ing STDIN\n" if is_win32 && debugging && $binmode_it; - - my $fh; - if ( ! $type ) { - local *FH; ## Do this the backcompat way - open FH, "<$source" or croak "$!: $source"; - $fh = *FH{IO}; - if ( is_win32 ) { - binmode ":raw"; ## Remove all layers - binmode ":crlf" unless $binmode_it; - } - warn "run3(): feeding file '$source' to child STDIN\n" - if debugging >= 2; - } - elsif ( $type eq "FH" ) { - $fh = $source; - warn "run3(): feeding filehandle '$source' to child STDIN\n" - if debugging >= 2; - } - else { - $fh = $fh_cache{in} ||= tempfile; - truncate $fh, 0; - seek $fh, 0, 0; - if ( is_win32 ) { - binmode $fh, ":raw"; ## Remove any previous layers - binmode $fh, ":crlf" unless $binmode_it; - } - my $seekit; - if ( $type eq "SCALAR" ) { - - ## When the run3()'s caller asks to feed an empty file - ## to the child's stdin, we want to pass a live file - ## descriptor to an empty file (like /dev/null) so that - ## they don't get surprised by invalid fd errors and get - ## normal EOF behaviors. - return $fh unless defined $$source; ## \undef passed - - warn "run3(): feeding SCALAR to child STDIN", - debugging >= 3 - ? ( ": '", $$source, "' (", length $$source, " chars)" ) - : (), - "\n" - if debugging >= 2; - - $seekit = length $$source; - print $fh $$source or die "$! writing to temp file"; - - } - elsif ( $type eq "ARRAY" ) { - warn "run3(): feeding ARRAY to child STDIN", - debugging >= 3 ? ( ": '", @$source, "'" ) : (), - "\n" - if debugging >= 2; - - print $fh @$source or die "$! writing to temp file"; - $seekit = grep length, @$source; - } - elsif ( $type eq "CODE" ) { - warn "run3(): feeding output of CODE ref '$source' to child STDIN\n" - if debugging >= 2; - my $parms = []; ## TODO: get these from $options - while (1) { - my $data = $source->( @$parms ); - last unless defined $data; - print $fh $data or die "$! writing to temp file"; - $seekit = length $data; - } - } - - seek $fh, 0, 0 or croak "$! seeking on temp file for child's stdin" - if $seekit; - } - - croak "run3() can't redirect $type to child stdin" - unless defined $fh; - - return $fh; -} - - -sub _fh_for_child_output { - my ( $what, $type, $dest, $binmode_it ) = @_; - - my $fh; - if ( $type eq "SCALAR" && $dest == \undef ) { - warn "run3(): redirecting child $what to oblivion\n" - if debugging >= 2; - - $fh = $fh_cache{nul} ||= do { - local *FH; - open FH, ">" . File::Spec->devnull; - *FH{IO}; - }; - } - elsif ( !$type ) { - warn "run3(): feeding child $what to file '$dest'\n" - if debugging >= 2; - - local *FH; - open FH, ">$dest" or croak "$!: $dest"; - $fh = *FH{IO}; - } - else { - warn "run3(): capturing child $what\n" - if debugging >= 2; - - $fh = $fh_cache{$what} ||= tempfile; - seek $fh, 0, 0; - truncate $fh, 0; - } - - if ( is_win32 ) { - warn "binmode()ing $what\n" if debugging && $binmode_it; - binmode $fh, ":raw"; - binmode $fh, ":crlf" unless $binmode_it; - } - return $fh; -} - - -sub _read_child_output_fh { - my ( $what, $type, $dest, $fh, $options ) = @_; - - return if $type eq "SCALAR" && $dest == \undef; - - seek $fh, 0, 0 or croak "$! seeking on temp file for child $what"; - - if ( $type eq "SCALAR" ) { - warn "run3(): reading child $what to SCALAR\n" - if debugging >= 3; - - ## two read()s are used instead of 1 so that the first will be - ## logged even it reads 0 bytes; the second won't. - my $count = read $fh, $$dest, 10_000; - while (1) { - croak "$! reading child $what from temp file" - unless defined $count; - - last unless $count; - - warn "run3(): read $count bytes from child $what", - debugging >= 3 ? ( ": '", substr( $$dest, -$count ), "'" ) : (), - "\n" - if debugging >= 2; - - $count = read $fh, $$dest, 10_000, length $$dest; - } - } - elsif ( $type eq "ARRAY" ) { - @$dest = <$fh>; - if ( debugging >= 2 ) { - my $count = 0; - $count += length for @$dest; - warn - "run3(): read ", - scalar @$dest, - " records, $count bytes from child $what", - debugging >= 3 ? ( ": '", @$dest, "'" ) : (), - "\n"; - } - } - elsif ( $type eq "CODE" ) { - warn "run3(): capturing child $what to CODE ref\n" - if debugging >= 3; - - local $_; - while ( <$fh> ) { - warn - "run3(): read ", - length, - " bytes from child $what", - debugging >= 3 ? ( ": '", $_, "'" ) : (), - "\n" - if debugging >= 2; - - $dest->( $_ ); - } - } - else { - croak "run3() can't redirect child $what to a $type"; - } - -# close $fh; -} - - -sub _type { - my ( $redir ) = @_; - return "FH" if isa $redir, "IO::Handle"; - my $type = ref $redir; - return $type eq "GLOB" ? "FH" : $type; -} - - -sub _max_fd { - my $fd = dup(0); - POSIX::close $fd; - return $fd; -} - -my $run_call_time; -my $sys_call_time; -my $sys_exit_time; - -sub run3 { - $run_call_time = gettimeofday() if profiling; - - my $options = @_ && ref $_[-1] eq "HASH" ? pop : {}; - - my ( $cmd, $stdin, $stdout, $stderr ) = @_; - - print STDERR "run3(): running ", - join( " ", map "'$_'", ref $cmd ? @$cmd : $cmd ), - "\n" - if debugging; - - if ( ref $cmd ) { - croak "run3(): empty command" unless @$cmd; - croak "run3(): undefined command" unless defined $cmd->[0]; - croak "run3(): command name ('')" unless length $cmd->[0]; - } - else { - croak "run3(): missing command" unless @_; - croak "run3(): undefined command" unless defined $cmd; - croak "run3(): command ('')" unless length $cmd; - } - - my $in_type = _type $stdin; - my $out_type = _type $stdout; - my $err_type = _type $stderr; - - ## This routine procedes in stages so that a failure in an early - ## stage prevents later stages from running, and thus from needing - ## cleanup. - - my $in_fh = _spool_data_to_child $in_type, $stdin, - $options->{binmode_stdin} if defined $stdin; - - my $out_fh = _fh_for_child_output "stdout", $out_type, $stdout, - $options->{binmode_stdout} if defined $stdout; - - my $tie_err_to_out = - defined $stderr && defined $stdout && $stderr eq $stdout; - - my $err_fh = $tie_err_to_out - ? $out_fh - : _fh_for_child_output "stderr", $err_type, $stderr, - $options->{binmode_stderr} if defined $stderr; - - ## this should make perl close these on exceptions - local *STDIN_SAVE; - local *STDOUT_SAVE; - local *STDERR_SAVE; - - my $saved_fd0 = dup( 0 ) if defined $in_fh; - -# open STDIN_SAVE, "<&STDIN"# or croak "run3(): $! saving STDIN" -# if defined $in_fh; - open STDOUT_SAVE, ">&STDOUT" or croak "run3(): $! saving STDOUT" - if defined $out_fh; - open STDERR_SAVE, ">&STDERR" or croak "run3(): $! saving STDERR" - if defined $err_fh; - - my $ok = eval { - ## The open() call here seems to not force fd 0 in some cases; - ## I ran in to trouble when using this in VCP, not sure why. - ## the dup2() seems to work. - dup2( fileno $in_fh, 0 ) -# open STDIN, "<&=" . fileno $in_fh - or croak "run3(): $! redirecting STDIN" - if defined $in_fh; - -# close $in_fh or croak "$! closing STDIN temp file" -# if ref $stdin; - - open STDOUT, ">&" . fileno $out_fh - or croak "run3(): $! redirecting STDOUT" - if defined $out_fh; - - open STDERR, ">&" . fileno $err_fh - or croak "run3(): $! redirecting STDERR" - if defined $err_fh; - - $sys_call_time = gettimeofday() if profiling; - - my $r = ref $cmd - ? system {$cmd->[0]} - is_win32 - ? map { - ## Probably need to offer a win32 escaping - ## option, every command may be different. - ( my $s = $_ ) =~ s/"/"""/g; - $s = qq{"$s"}; - $s; - } @$cmd - : @$cmd - : system $cmd; - - $sys_exit_time = gettimeofday() if profiling; - - unless ( defined $r ) { - if ( debugging ) { - my $err_fh = defined $err_fh ? \*STDERR_SAVE : \*STDERR; - print $err_fh "run3(): system() error $!\n" - } - die $!; - } - - if ( debugging ) { - my $err_fh = defined $err_fh ? \*STDERR_SAVE : \*STDERR; - print $err_fh "run3(): \$? is $?\n" - } - 1; - }; - my $x = $@; - - my @errs; - - if ( defined $saved_fd0 ) { - dup2( $saved_fd0, 0 ); - POSIX::close( $saved_fd0 ); - } - -# open STDIN, "<&STDIN_SAVE"# or push @errs, "run3(): $! restoring STDIN" -# if defined $in_fh; - open STDOUT, ">&STDOUT_SAVE" or push @errs, "run3(): $! restoring STDOUT" - if defined $out_fh; - open STDERR, ">&STDERR_SAVE" or push @errs, "run3(): $! restoring STDERR" - if defined $err_fh; - - croak join ", ", @errs if @errs; - - die $x unless $ok; - - _read_child_output_fh "stdout", $out_type, $stdout, $out_fh, $options - if defined $out_fh && $out_type && $out_type ne "FH"; - _read_child_output_fh "stderr", $err_type, $stderr, $err_fh, $options - if defined $err_fh && $err_type && $err_type ne "FH" && !$tie_err_to_out; - $profiler->run_exit( - $cmd, - $run_call_time, - $sys_call_time, - $sys_exit_time, - scalar gettimeofday - ) if profiling; - - return 1; -} - -my $in_fh; -my $in_fd; -my $out_fh; -my $out_fd; -my $err_fh; -my $err_fd; - $in_fh = tempfile; - $in_fd = fileno $in_fh; - $out_fh = tempfile; - $out_fd = fileno $out_fh; - $err_fh = tempfile; - $err_fd = fileno $err_fh; - my $saved_fd0 = dup 0; - my $saved_fd1 = dup 1; - my $saved_fd2 = dup 2; - my $r; - my ( $cmd, $stdin, $stdout, $stderr ); - -sub _run3 { - ( $cmd, $stdin, $stdout, $stderr ) = @_; - - truncate $in_fh, 0; - seek $in_fh, 0, 0; - - print $in_fh $$stdin or die "$! writing to temp file"; - seek $in_fh, 0, 0; - - seek $out_fh, 0, 0; - truncate $out_fh, 0; - - seek $err_fh, 0, 0; - truncate $err_fh, 0; - - dup2 $in_fd, 0 or croak "run3(): $! redirecting STDIN"; - dup2 $out_fd, 1 or croak "run3(): $! redirecting STDOUT"; - dup2 $err_fd, 2 or croak "run3(): $! redirecting STDERR"; - - $r = - system {$cmd->[0]} - is_win32 - ? map { - ## Probably need to offer a win32 escaping - ## option, every command is different. - ( my $s = $_ ) =~ s/"/"""/g; - $s = q{"$s"} if /[^\w.:\/\\'-]/; - $s; - } @$cmd - : @$cmd; - - die $! unless defined $r; - - dup2 $saved_fd0, 0; - dup2 $saved_fd1, 1; - dup2 $saved_fd2, 2; - - seek $out_fh, 0, 0 or croak "$! seeking on temp file for child output"; - - my $count = read $out_fh, $$stdout, 10_000; - while ( $count == 10_000 ) { - $count = read $out_fh, $$stdout, 10_000, length $$stdout; - } - croak "$! reading child output from temp file" - unless defined $count; - - seek $err_fh, 0, 0 or croak "$! seeking on temp file for child errput"; - - $count = read $err_fh, $$stderr, 10_000; - while ( $count == 10_000 ) { - $count = read $err_fh, $$stderr, 10_000, length $$stdout; - } - croak "$! reading child stderr from temp file" - unless defined $count; - - return 1; -} - -=cut - - -=head1 TODO - -pty support - -=head1 LIMITATIONS - -Often uses intermediate files (determined by File::Temp, and thus by the -File::Spec defaults and the TMPDIR env. variable) for speed, portability and -simplicity. - -=head1 COPYRIGHT - - Copyright 2003, R. Barrie Slaymaker, Jr., All Rights Reserved - -=head1 LICENSE - -You may use this module under the terms of the BSD, Artistic, or GPL licenses, -any version. - -=head1 AUTHOR - -Barrie Slaymaker - -=cut - -1; diff --git a/SecurityTests/regressions/t/security.pl b/SecurityTests/regressions/t/security.pl deleted file mode 100755 index 1cee4e2d..00000000 --- a/SecurityTests/regressions/t/security.pl +++ /dev/null @@ -1,66 +0,0 @@ -#!/usr/bin/perl -w - -my $pid = $$; - -END { - return unless $$ == $pid; - rm_test($_) for @TOCLEAN; -} - -use strict; -use Test::More; -use lib 't'; -use IPC::Run3; - -sub plan_security { - - unless (1) { - plan skip_all => "security not installed"; - exit; - }; - plan @_; -} - -use Carp; -our @TOCLEAN; -END { - return unless $$ == $pid; - $SIG{__WARN__} = sub { 1 }; - cleanup_test($_) for @TOCLEAN; -} - -our $output = ''; - -sub build_test { - my $xd = "/tmp/test-$pid"; - my $security = 'security'; - $ENV{HOME} = $xd; - push @TOCLEAN, [$xd, $security]; - return ($xd, $security); -} - -sub rm_test { - my ($xd, $security) = @{+shift}; - #rmtree [$xd]; -} - -sub cleanup_test { - return unless $ENV{TEST_VERBOSE}; - my ($xd, $security) = @{+shift}; -} - -sub is_output { - my ($security, $cmd, $arg, $expected, $test) = @_; - $output = ''; - run3([$security, $cmd, @$arg], \undef, \$output, \$output); -# open(STDOUT, ">&STDERR") || die "couldn't dup strerr: $!"; -# open(my $out, '-|', $security, $cmd, @$arg); -# while (<$out>) { $output .= $_; } - - my $cmp = (grep {ref ($_) eq 'Regexp'} @$expected) - ? \&is_deeply_like : \&is_deeply; - @_ = ([sort split (/\r?\n/, $output)], [sort @$expected], $test || join(' ', $cmd, @$arg)); - goto &$cmp; -} - -1; diff --git a/SecurityTests/regressions/test/00testtest.c b/SecurityTests/regressions/test/00testtest.c deleted file mode 100644 index e8062618..00000000 --- a/SecurityTests/regressions/test/00testtest.c +++ /dev/null @@ -1,45 +0,0 @@ -#include - -#include "testmore.h" - -int main(int argc, char *const *argv) -{ - int rv = 1; - plan_tests(6); - - TODO: { - todo("ok 0 is supposed to fail"); - - rv = ok(0, "ok bad"); - if (!rv) - diag("ok bad not good today"); - } - rv &= ok(1, "ok ok"); -#if 0 - SKIP: { - skip("is bad will fail", 1, 0); - - if (!is(0, 4, "is bad")) - diag("is bad not good today"); - } - SKIP: { - skip("is ok should not be skipped", 1, 1); - - is(3, 3, "is ok"); - } -#endif - isnt(0, 4, "isnt ok"); - TODO: { - todo("isnt bad is supposed to fail"); - - isnt(3, 3, "isnt bad"); - } - TODO: { - todo("cmp_ok bad is supposed to fail"); - - cmp_ok(3, &&, 0, "cmp_ok bad"); - } - cmp_ok(3, &&, 3, "cmp_ok ok"); - - return 0; -} diff --git a/SecurityTests/regressions/test/testcpp.h b/SecurityTests/regressions/test/testcpp.h deleted file mode 100644 index 1f9e92ae..00000000 --- a/SecurityTests/regressions/test/testcpp.h +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (c) 2005 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - * - * testcpp.h - */ - -#ifndef _TESTCPP_H_ -#define _TESTCPP_H_ 1 - -#include "testmore.h" - -#ifdef __cplusplus - -#define no_throw(THIS, TESTNAME) \ -({ \ - bool _this; \ - try { THIS; _this = true; } catch (...) { _this = false; } \ - test_ok(_this, TESTNAME, test_directive, test_reason, \ - __FILE__, __LINE__, \ - "# got: \n" \ - "# expected: \n"); \ -}) -#define does_throw(THIS, TESTNAME) \ -({ \ - bool _this; \ - try { THIS; _this = false; } catch (...) { _this = true; } \ - test_ok(_this, TESTNAME, test_directive, test_reason, \ - __FILE__, __LINE__, \ - "# got: \n" \ - "# expected: \n"); \ -}) -#define is_throw(THIS, CLASS, METHOD, VALUE, TESTNAME) \ -({ \ - bool _this; \ - try \ - { \ - THIS; \ - _this = test_ok(false, TESTNAME, test_directive, test_reason, \ - __FILE__, __LINE__, \ - "# got: \n" \ - "# expected: %s.%s == %s\n", \ - #CLASS, #METHOD, #VALUE); \ - } \ - catch (const CLASS &_exception) \ - { \ - _this = test_ok(_exception.METHOD == (VALUE), TESTNAME, \ - test_directive, test_reason, __FILE__, __LINE__, \ - "# got: %d\n" \ - "# expected: %s.%s == %s\n", \ - _exception.METHOD, #CLASS, #METHOD, #VALUE); \ - } \ - catch (...) \ - { \ - _this = test_ok(false, TESTNAME, test_directive, test_reason, \ - __FILE__, __LINE__, \ - "# got: \n" \ - "# expected: %s.%s == %s\n", \ - #CLASS, #METHOD, #VALUE); \ - } \ - _this; \ -}) -#endif /* __cplusplus */ - -#endif /* !_TESTCPP_H_ */ diff --git a/SecurityTests/regressions/test/testcssm.c b/SecurityTests/regressions/test/testcssm.c deleted file mode 100644 index 1cae1e91..00000000 --- a/SecurityTests/regressions/test/testcssm.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (c) 2005 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - * - * cssmlib.c - */ - -#include -#include -#include - -#include "testcssm.h" -#include "testmore.h" - -const CSSM_API_MEMORY_FUNCS gMemFuncs = -{ - (CSSM_MALLOC)malloc, - (CSSM_FREE)free, - (CSSM_REALLOC)realloc, - (CSSM_CALLOC)calloc, - NULL /* context */ -}; - -int -cssm_attach(const CSSM_GUID *guid, CSSM_HANDLE *handle) -{ - setup("cssm_attach"); - - CSSM_VERSION version = {2, 0}; - CSSM_PVC_MODE pvcPolicy = CSSM_PVC_NONE; - return (ok_status(CSSM_Init(&version, CSSM_PRIVILEGE_SCOPE_NONE, - &gGuidCssm, CSSM_KEY_HIERARCHY_NONE, &pvcPolicy, - NULL /* reserved */), "CSSM_Init") && - ok_status(CSSM_ModuleLoad(guid, CSSM_KEY_HIERARCHY_NONE, NULL, NULL), - "CSSM_ModuleLoad") && - ok_status(CSSM_ModuleAttach(guid, &version, &gMemFuncs, - 0 /* SubserviceID */, CSSM_SERVICE_DL, 0 /* CSSM_ATTACH_FLAGS */, - CSSM_KEY_HIERARCHY_NONE, NULL, 0, NULL, handle), - "CSSM_ModuleAttach")); -} - -int -cssm_detach(const CSSM_GUID *guid, CSSM_HANDLE handle) -{ - setup("cssm_detach"); - - return ok_status(CSSM_ModuleDetach(handle), "CSSM_ModuleDetach") && - ok_status(CSSM_ModuleUnload(guid, NULL, NULL), "CSSM_ModuleUnload") && - ok_status(CSSM_Terminate(), "CSSM_Terminate"); -} diff --git a/SecurityTests/regressions/test/testenv.c b/SecurityTests/regressions/test/testenv.c deleted file mode 100644 index 65696ddf..00000000 --- a/SecurityTests/regressions/test/testenv.c +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright (c) 2005-2006 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - * - * testenv.c - */ - -#include -#include -#include -#include -#include -#include -#include - -#include "testmore.h" -#include "testenv.h" - -static int current_dir = -1; -static char scratch_dir[50]; -static char *home_var; - -int -rmdir_recursive(const char *path) -{ - char command_buf[256]; - if (strlen(path) + 10 > sizeof(command_buf) || strchr(path, '\'')) - { - fprintf(stderr, "# rmdir_recursive: invalid path: %s", path); - return -1; - } - - sprintf(command_buf, "rm -rf '%s'", path); - return system(command_buf); -} - -int -tests_begin(int argc, char * const *argv) -{ - char library_dir[70]; - char preferences_dir[80]; - - setup("tests_begin"); - - /* Create scratch dir for tests to run in. */ - sprintf(scratch_dir, "/tmp/tst-%d", getpid()); - sprintf(library_dir, "%s/Library", scratch_dir); - sprintf(preferences_dir, "%s/Preferences", library_dir); - return (ok_unix(mkdir(scratch_dir, 0755), "mkdir") && - ok_unix(current_dir = open(".", O_RDONLY), "open") && - ok_unix(chdir(scratch_dir), "chdir") && - ok_unix(setenv("HOME", scratch_dir, 1), "setenv") && - /* @@@ Work around a bug that the prefs code in - libsecurity_keychain never creates the Library/Preferences - dir. */ - ok_unix(mkdir(library_dir, 0755), "mkdir") && - ok_unix(mkdir(preferences_dir, 0755), "mkdir") && - ok_unix(home_var = getenv("HOME"), "getenv")); -} - -int -tests_end(int result) -{ - setup("tests_end"); - /* Restore previous cwd and remove scratch dir. */ - return (ok_unix(fchdir(current_dir), "fchdir") && - ok_unix(close(current_dir), "close") && - ok_unix(rmdir_recursive(scratch_dir), "rmdir_recursive")); -} diff --git a/SecurityTests/regressions/test/testenv.h b/SecurityTests/regressions/test/testenv.h deleted file mode 100644 index 411a8ed9..00000000 --- a/SecurityTests/regressions/test/testenv.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (c) 2005 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - * - * testenv.h - */ - -#ifndef _TESTENV_H_ -#define _TESTENV_H_ 1 - -#ifdef __cplusplus -extern "C" { -#endif - -int tests_begin(int argc, char * const *argv); -int tests_end(int result); - -#ifdef __cplusplus -} -#endif /* __cplusplus */ - -#endif /* !_TESTENV_H_ */ diff --git a/SecurityTests/regressions/test/testeventqueue.c b/SecurityTests/regressions/test/testeventqueue.c deleted file mode 100644 index 0aa6dd3c..00000000 --- a/SecurityTests/regressions/test/testeventqueue.c +++ /dev/null @@ -1,95 +0,0 @@ -#include -#include - -#include "testeventqueue.h" - - - -struct CallbackDataQueueElement; -typedef struct CallbackDataQueueElement CallbackDataQueueElement; - -struct CallbackDataQueueElement -{ - CallbackData callbackData; - CallbackDataQueueElement *forward; - CallbackDataQueueElement *back; -}; - -// allocate static storage for the queue header, which is a circularly linked list -static CallbackDataQueueElement gCallbackQueue = {{0, 0, NULL, NULL, 0}, &gCallbackQueue, &gCallbackQueue}; -static int gNumItemsInQueue = 0; - - -void TEQ_Enqueue (CallbackData *cd) -{ - // allocate storage for the queue element and copy it. - CallbackDataQueueElement* element = (CallbackDataQueueElement*) malloc (sizeof (CallbackDataQueueElement)); - memcpy (&element->callbackData, cd, sizeof (CallbackData)); - - // enqueue the new element -- always at the end - CallbackDataQueueElement* tail = gCallbackQueue.back; - element->forward = tail->forward; - element->forward->back = element; - element->back = tail; - tail->forward = element; - - gNumItemsInQueue += 1; -} - - - -bool TEQ_Dequeue (CallbackData *cd) -{ - if (TEQ_ItemsInQueue () == 0) - { - return false; - } - - // pull the element out of the queue and copy the data - CallbackDataQueueElement* element = gCallbackQueue.forward; - element->forward->back = element->back; - element->back->forward = element->forward; - memcpy (cd, &element->callbackData, sizeof (CallbackData)); - - free (element); - - gNumItemsInQueue -= 1; - return true; -} - - - -int TEQ_ItemsInQueue () -{ - return gNumItemsInQueue; -} - - - -void TEQ_FlushQueue () -{ - CallbackDataQueueElement* element = gCallbackQueue.forward; - while (element != &gCallbackQueue) - { - CallbackDataQueueElement* forward = element->forward; - free (element); - element = forward; - } - - gNumItemsInQueue = 0; -} - - - -void TEQ_Release (CallbackData *cd) -{ - if (cd->itemRef != NULL) - { - CFRelease (cd->itemRef); - } - - if (cd->keychain != NULL) - { - CFRelease (cd->keychain); - } -} diff --git a/SecurityTests/regressions/test/testeventqueue.h b/SecurityTests/regressions/test/testeventqueue.h deleted file mode 100644 index dfe70513..00000000 --- a/SecurityTests/regressions/test/testeventqueue.h +++ /dev/null @@ -1,25 +0,0 @@ -#ifndef __TEST_EVENT_QUEUE -#define __TEST_EVENT_QUEUE - - - -#include - -typedef struct CallbackData -{ - UInt32 version; - SecKeychainEvent event; - SecKeychainItemRef itemRef; - SecKeychainRef keychain; - pid_t pid; -} CallbackData; - - - -void TEQ_Enqueue(CallbackData* cd); -bool TEQ_Dequeue(CallbackData* cd); -void TEQ_FlushQueue(); -int TEQ_ItemsInQueue(); -void TEQ_Release(CallbackData* cd); - -#endif diff --git a/SecurityTests/regressions/test/testleaks.c b/SecurityTests/regressions/test/testleaks.c deleted file mode 100644 index a58e7744..00000000 --- a/SecurityTests/regressions/test/testleaks.c +++ /dev/null @@ -1,188 +0,0 @@ -/* - * Copyright (c) 2003-2006 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - * - * testleaks.c - */ - -#include -#include -#include -#include -#include -#include - -#include "testleaks.h" -#include "testmore.h" - -#if 0 -static char *cf_user_text_encoding_var; -#endif - -int -test_leaks(void) -{ - return 0; -#if 0 - int leaks = 0; - pid_t child; - pid_t parent; - - setup("leaks"); - - /* Work around the fact that CF calls setenv, which leaks. */ - cf_user_text_encoding_var = getenv("__CF_USER_TEXT_ENCODING"); - - ok_unix(parent = getpid(), "getpid"); - int cld_stdout[2] = {}; - ok_unix(child = pipe(cld_stdout), "pipe"); - ok_unix(child = fork(), "fork"); - switch (child) - { - case -1: - break; - case 0: - { - /* child. */ - - /* Set childs stdout and stderr to pipe. */ - ok_unix(close(cld_stdout[0]), "close parent end of pipe"); - ok_unix(dup2(cld_stdout[1], 1), "reopen stdout on pipe"); -#if 0 - ok_unix(dup2(cld_stdout[1], 2), "reopen stderr on pipe"); -#endif - - int argc = 0; - char *const *argv = NULL; - char **argvec = (char **)malloc((argc + 2) * sizeof(char *)); - char pidstr[8]; - int ix; - - sprintf(pidstr, "%d", parent); - argvec[0] = "/usr/bin/leaks"; - for (ix = 1; ix < argc; ++ix) - argvec[ix] = argv[ix]; - argvec[ix] = pidstr; - argvec[ix + 1] = NULL; - - ok_unix(execv(argvec[0], argvec), "execv"); - _exit(1); - break; - } - default: - { - /* Parent. */ - ok_unix(close(cld_stdout[1]), "close child end of pipe"); - - /* Set statemachine initial state to 0. */ - int state = 0; - /* True iff the last char read was a newline. */ - int newline = 1; - char buf[4098]; - for (;;) - { - char *p = buf + 2; - ssize_t bytes_read; - bytes_read = read(cld_stdout[0], p, 4096); - if (bytes_read <= 0) - break; - - int start = newline ? -2 : 0; - int ix = 0; - for (ix = 0; ix < bytes_read; ++ix) - { - /* Simple state machine for parsing leaks output. - * Looks for - * '[^\n]*\n[^:]*: ([0-9]*)' - * and sets leaks to atoi of the ([0-9]*) bit. */ - switch (state) - { - case 0: if (p[ix] == '\n') state = 1; break; - case 1: if (p[ix] == ':') state = 2; break; - case 2: if (p[ix] == ' ') state = 3; break; - case 3: - if (p[ix] <= '0' || p[ix] >='9') - state = 4; - else - leaks = leaks * 10 + p[ix] - '0'; - break; - case 4: break; - } - - /* If there is a newline in the input or we are looking - at the last char of the buffer it's time to write the - output. */ - if (p[ix] == '\n' || ix + 1 >= bytes_read) - { - /* If the previous char was a newline we prefix the - output with "# ". */ - if (newline) - { - p[start] = '#'; - p[start + 1] = ' '; - } - fwrite(p + start, ix + 1 - start, 1, stdout); - if (p[ix] == '\n') - { - start = ix - 1; - newline = 1; - } - else - newline = 0; - } - } - } - - int status = 0; - for (;;) - { - /* Wait for the child to exit. */ - pid_t waited_pid = waitpid(child, &status, 0); - if (waited_pid == -1) - { - int error = errno; - /* Keep going if we get interupted but bail out on any - other error. */ - if (error == EINTR) - continue; - - ok_unix(waited_pid, "waitpid"); - break; - } - - if (WIFEXITED(status)) - { - is(WEXITSTATUS(status), 0, "leaks exit status"); - break; - } - else if (WIFSIGNALED(status)) - { - is(WTERMSIG(status), 0, "leaks terminated by"); - break; - } - } - break; - } - } - - return leaks; -#endif -} diff --git a/SecurityTests/regressions/test/testleaks.h b/SecurityTests/regressions/test/testleaks.h deleted file mode 100644 index aff02524..00000000 --- a/SecurityTests/regressions/test/testleaks.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2003-2006,2011 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - * - * testleaks.h - */ - -#ifndef _TESTLEAKS_H_ -#define _TESTLEAKS_H_ 1 - -#ifdef __cplusplus -extern "C" { -#endif - - -#define ok_leaks(TESTNAME) \ -({ \ - int _this = test_leaks(); \ - test_ok(!_this, TESTNAME, test_directive, test_reason, \ - __FILE__, __LINE__, \ - "# found: %d leaks\n", \ - _this); \ -}) -#define is_leaks(THAT, TESTNAME) \ -({ \ - int _this = test_leaks(); \ - int _that = (THAT); \ - test_ok(_this == _that, TESTNAME, test_directive, test_reason, \ - __FILE__, __LINE__, \ - "# found: %d leaks\n" \ - "# expected: %d leaks\n", \ - _this, _that); \ -}) - -int test_leaks(void); - -#ifdef __cplusplus -} -#endif - -#endif /* _TESTLEAKS_H_ */ diff --git a/SecurityTests/regressions/test/testmore.c b/SecurityTests/regressions/test/testmore.c deleted file mode 100644 index 29db3012..00000000 --- a/SecurityTests/regressions/test/testmore.c +++ /dev/null @@ -1,274 +0,0 @@ -/* - * Copyright (c) 2005 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - * - * testmore.c - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "testmore.h" - -static int test_num = 0; -static int test_fails = 0; -static int test_cases = 0; - -const char *test_directive = NULL; -const char *test_reason = NULL; - -void test_skip(const char *reason, int how_many, int unless) -{ - if (unless) - return; - - int done; - for (done = 0; done < how_many; ++done) - test_ok(1, NULL, "skip", reason, __FILE__, __LINE__, NULL); -} - -void test_bail_out(const char *reason, const char *file, unsigned line) -{ - printf("BAIL OUT! (%s at line %u) %s\n", file, line, reason); - fflush(stdout); - exit(255); -} - -void test_plan_skip_all(const char *reason) -{ - if (test_num > test_cases) - { - test_skip(reason, test_cases - test_num, 0); - exit(test_fails > 255 ? 255 : test_fails); - } -} - -static void test_plan_exit(void) -{ - int status = 0; - fflush(stdout); - - if (!test_num) - { - if (test_cases) - { - fprintf(stderr, "# No tests run!\n"); - status = 255; - } - else - { - fprintf(stderr, "# Looks like your test died before it could " - "output anything.\n"); - status = 255; - } - } - else if (test_num < test_cases) - { - fprintf(stderr, "# Looks like you planned %d tests but only ran %d.\n", - test_cases, test_num); - status = test_fails + test_cases - test_num; - } - else if (test_num > test_cases) - { - fprintf(stderr, "# Looks like you planned %d tests but ran %d extra.\n", - test_cases, test_num - test_cases); - status = test_fails; - } - else if (test_fails) - { - fprintf(stderr, "# Looks like you failed %d tests of %d.\n", - test_fails, test_cases); - status = test_fails; - } - - fflush(stderr); - if (status) - _exit(status > 255 ? 255 : status); -} - -void test_plan_tests(int count, const char *file, unsigned line) -{ - if (atexit(test_plan_exit) < 0) - { - fprintf(stderr, "failed to setup atexit handler: %s\n", - strerror(errno)); - fflush(stderr); - exit(255); - } - - if (test_cases) - { - fprintf(stderr, - "You tried to plan twice! Second plan at %s line %u\n", - file, line); - fflush(stderr); - exit(255); - } - else - { - if (!count) - { - fprintf(stderr, "You said to run 0 tests! You've got to run " - "something.\n"); - fflush(stderr); - exit(255); - } - - test_cases = count; - printf("1..%d\n", test_cases); - fflush(stdout); - } -} - -int -test_diag(const char *directive, const char *reason, - const char *file, unsigned line, const char *fmt, ...) -{ - int is_todo = directive && !strcmp(directive, "TODO"); - va_list args; - - va_start(args, fmt); - - if (is_todo) - { - fputs("# ", stdout); - if (fmt) - vprintf(fmt, args); - fputs("\n", stdout); - fflush(stdout); - } - else - { - fflush(stdout); - fputs("# ", stderr); - if (fmt) - vfprintf(stderr, fmt, args); - fputs("\n", stderr); - fflush(stderr); - } - - va_end(args); - - return 1; -} - -int -test_ok(int passed, const char *description, const char *directive, - const char *reason, const char *file, unsigned line, - const char *fmt, ...) -{ - int is_todo = !passed && directive && !strcmp(directive, "TODO"); - int is_setup = directive && !is_todo && !strcmp(directive, "SETUP"); - - if (is_setup) - { - if (!passed) - { - fflush(stdout); - fprintf(stderr, "# SETUP not ok%s%s%s%s\n", - description ? " - " : "", - description ? description : "", - reason ? " - " : "", - reason ? reason : ""); - } - } - else - { - if (!test_cases) - { - atexit(test_plan_exit); - fprintf(stderr, "You tried to run a test without a plan! " - "Gotta have a plan. at %s line %u\n", file, line); - fflush(stderr); - exit(255); - } - - ++test_num; - if (test_num > test_cases || (!passed && !is_todo)) - ++test_fails; - - printf("%sok %d%s%s%s%s%s%s\n", passed ? "" : "not ", test_num, - description ? " - " : "", - description ? description : "", - directive ? " # " : "", - directive ? directive : "", - reason ? " " : "", - reason ? reason : ""); - } - - if (passed) - fflush(stdout); - else - { - va_list args; - - va_start(args, fmt); - - if (is_todo) - { - printf("# Failed (TODO) test (%s at line %u)\n", file, line); - if (fmt) - vprintf(fmt, args); - fflush(stdout); - } - else - { - fflush(stdout); - fprintf(stderr, "# Failed test (%s at line %u)\n", file, line); - if (fmt) - vfprintf(stderr, fmt, args); - fflush(stderr); - } - - va_end(args); - } - - return passed; -} - - -const char * -sec_errstr(int err) -{ - if (err >= errSecErrnoBase && err <= errSecErrnoLimit) - return strerror(err - 100000); - -#ifdef MAC_OS_X_VERSION_10_4 - /* AvailabilityMacros.h would only define this if we are on a - Tiger or later machine. */ - extern const char *cssmErrorString(long); - return cssmErrorString(err); -#else -#if 0 - extern const char *_ZN8Security15cssmErrorStringEl(long); - return _ZN8Security15cssmErrorStringEl(err); -#else - return ""; -#endif -#endif -} diff --git a/SecurityTests/regressions/test/testmore.h b/SecurityTests/regressions/test/testmore.h deleted file mode 100644 index d1f2c8b6..00000000 --- a/SecurityTests/regressions/test/testmore.h +++ /dev/null @@ -1,172 +0,0 @@ -/* - * Copyright (c) 2005-2006 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - * - * testmore.h - */ - -#ifndef _TESTMORE_H_ -#define _TESTMORE_H_ 1 - -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define ok(THIS, TESTNAME) \ - test_ok(!!(THIS), TESTNAME, test_directive, test_reason, \ - __FILE__, __LINE__, NULL) -#define is(THIS, THAT, TESTNAME) \ -({ \ - __typeof__(THIS) _this = (THIS); \ - __typeof__(THAT) _that = (THAT); \ - test_ok((_this == _that), TESTNAME, test_directive, test_reason, \ - __FILE__, __LINE__, \ - "# got: '%d'\n" \ - "# expected: '%d'\n", \ - _this, _that); \ -}) -#define isnt(THIS, THAT, TESTNAME) \ - cmp_ok((THIS), !=, (THAT), (TESTNAME)) -#define diag(MSG, ARGS...) \ - test_diag(test_directive, test_reason, __FILE__, __LINE__, MSG, ## ARGS) -#define cmp_ok(THIS, OP, THAT, TESTNAME) \ -({ \ - __typeof__(THIS) _this = (THIS); \ - __typeof__(THAT) _that = (THAT); \ - test_ok((_this OP _that), TESTNAME, test_directive, test_reason, \ - __FILE__, __LINE__, \ - "# '%d'\n" \ - "# " #OP "\n" \ - "# '%d'\n", \ - _this, _that); \ -}) -#define eq_string(THIS, THAT, TESTNAME) \ -({ \ - const char *_this = (THIS); \ - const char *_that = (THAT); \ - test_ok(!strcmp(_this, _that), TESTNAME, test_directive, test_reason, \ - __FILE__, __LINE__, \ - "# '%s'\n" \ - "# eq\n" \ - "# '%s'\n", \ - _this, _that); \ -}) -#define eq_stringn(THIS, THISLEN, THAT, THATLEN, TESTNAME) \ -({ \ - __typeof__(THISLEN) _thislen = (THISLEN); \ - __typeof__(THATLEN) _thatlen = (THATLEN); \ - const char *_this = (THIS); \ - const char *_that = (THAT); \ - test_ok(_thislen == _thatlen && !strncmp(_this, _that, _thislen), \ - TESTNAME, test_directive, test_reason, \ - __FILE__, __LINE__, \ - "# '%.*s'\n" \ - "# eq\n" \ - "# '%.*s'\n", \ - (int)_thislen, _this, (int)_thatlen, _that); \ -}) -#define like(THIS, REGEXP, TESTNAME) like_not_yet_implemented() -#define unlike(THIS, REGEXP, TESTNAME) unlike_not_yet_implemented() -#define is_deeply(STRUCT1, STRUCT2, TESTNAME) is_deeply_not_yet_implemented() -#define TODO switch(0) default -#define SKIP switch(0) default -#define SETUP switch(0) default -#define todo(REASON) const char *test_directive __attribute__((unused)) = "TODO", \ - *test_reason __attribute__((unused)) = (REASON) -#define skip(WHY, HOW_MANY, UNLESS) if (!(UNLESS)) \ - { test_skip((WHY), (HOW_MANY), 0); break; } -#define setup(REASON) const char *test_directive = "SETUP", \ - *test_reason = (REASON) -#define pass(TESTNAME) ok(1, (TESTNAME)) -#define fail(TESTNAME) ok(0, (TESTNAME)) -#define BAIL_OUT(WHY) test_bail_out(WHY, __FILE__, __LINE__) -#define plan_skip_all(REASON) test_plan_skip_all(REASON) -#define plan_tests(COUNT) test_plan_tests(COUNT, __FILE__, __LINE__) - -#define ok_status(THIS, TESTNAME) \ -({ \ - OSStatus _this = (THIS); \ - test_ok(!_this, TESTNAME, test_directive, test_reason, \ - __FILE__, __LINE__, \ - "# status: %s(%ld)\n", \ - sec_errstr(_this), _this); \ -}) -#define is_status(THIS, THAT, TESTNAME) \ -({ \ - OSStatus _this = (THIS); \ - OSStatus _that = (THAT); \ - test_ok(_this == _that, TESTNAME, test_directive, test_reason, \ - __FILE__, __LINE__, \ - "# got: %s(%ld)\n" \ - "# expected: %s(%ld)\n", \ - sec_errstr(_this), _this, sec_errstr(_that), _that); \ -}) -#define ok_unix(THIS, TESTNAME) \ -({ \ - int _this = (THIS) < 0 ? errno : 0; \ - test_ok(!_this, TESTNAME, test_directive, test_reason, \ - __FILE__, __LINE__, \ - "# got: %s(%d)\n", \ - strerror(_this), _this); \ -}) -#define is_unix(THIS, THAT, TESTNAME) \ -({ \ - int _result = (THIS); \ - int _this = _result < 0 ? errno : 0; \ - int _that = (THAT); \ - _that && _result < 0 \ - ? test_ok(_this == _that, TESTNAME, test_directive, test_reason, \ - __FILE__, __LINE__, \ - "# got: %s(%d)\n" \ - "# expected: %s(%d)\n", \ - strerror(_this), _this, strerror(_that), _that) \ - : test_ok(_this == _that, TESTNAME, test_directive, test_reason, \ - __FILE__, __LINE__, \ - "# got: %d\n" \ - "# expected errno: %s(%d)\n", \ - _result, strerror(_that), _that); \ -}) - - -extern const char *test_directive; -extern const char *test_reason; - -void test_bail_out(const char *reason, const char *file, unsigned line); -int test_diag(const char *directive, const char *reason, - const char *file, unsigned line, const char *fmt, ...); -int test_ok(int passed, const char *description, const char *directive, - const char *reason, const char *file, unsigned line, const char *fmt, ...); -void test_plan_skip_all(const char *reason); -void test_plan_tests(int count, const char *file, unsigned line); -void test_skip(const char *reason, int how_many, int unless); - -const char *sec_errstr(int err); - -#ifdef __cplusplus -} -#endif /* __cplusplus */ - -#endif /* !_TESTMORE_H_ */ diff --git a/SecurityTests/regressions/test/testsecevent.c b/SecurityTests/regressions/test/testsecevent.c deleted file mode 100644 index 0fec9888..00000000 --- a/SecurityTests/regressions/test/testsecevent.c +++ /dev/null @@ -1,171 +0,0 @@ -#include "testsecevent.h" - -#include -#include -#include - -#include "testmore.h" -#include "testeventqueue.h" - -static OSStatus test_sec_event_callback(SecKeychainEvent keychainEvent, - SecKeychainCallbackInfo *info, void *inContext) -{ - if (keychainEvent == kSecLockEvent || keychainEvent == kSecUnlockEvent) - { - return 0; - } - - CallbackData cd; - cd.event = keychainEvent; - cd.version = info->version; - cd.itemRef = info->item; - cd.keychain = info->keychain; - cd.pid = info->pid; - - if (cd.itemRef) - { - CFRetain (cd.itemRef); - } - - if (cd.keychain) - { - CFRetain (cd.keychain); - } - - - TEQ_Enqueue (&cd); - - return 0; -} - -OSStatus test_sec_event_register(SecKeychainEventMask mask) -{ - return SecKeychainAddCallback(test_sec_event_callback, mask, NULL); -} - -OSStatus test_sec_event_deregister() -{ - return SecKeychainRemoveCallback(test_sec_event_callback); -} - -double GetCurrentTime() -{ - struct timeval tv; - gettimeofday(&tv, NULL); - - double d = tv.tv_sec + tv.tv_usec / 1000000.0; - return d; -} - - - -/* Get the next keychain event, and optionally return the events - keychain, item and pid. */ -int test_is_sec_event(SecKeychainEvent event, SecKeychainRef *keychain, - SecKeychainItemRef *item, pid_t *pid, const char *description, - const char *directive, const char *reason, const char *file, unsigned line) -{ - int expected = event == 0 ? 0 : 1; - - if (event == 0) // looking for no event? - { - if (TEQ_ItemsInQueue() == 0) - { - return test_ok(TRUE, - description, directive, reason, file, line, - "", 0, 0); - } - } - - - double startTime = GetCurrentTime(); - double nextTime = startTime + 2.0; - double currentTime; - - while ((currentTime = GetCurrentTime()) < nextTime) - { - /* Run the runloop until we get an event. Don't hang for - more than 0.15 seconds though. */ - SInt32 result = kCFRunLoopRunHandledSource; - - if (TEQ_ItemsInQueue () == 0) // are there events left over? - result = CFRunLoopRunInMode(kCFRunLoopDefaultMode, 0.0, TRUE); - - switch (result) - { - case kCFRunLoopRunFinished: - return test_ok(0, description, directive, reason, file, line, - "# no sources registered in runloop\n"); - case kCFRunLoopRunStopped: - return test_ok(0, description, directive, reason, file, line, - "# runloop was stopped\n"); - case kCFRunLoopRunTimedOut: - continue; - - case kCFRunLoopRunHandledSource: - { - CallbackData cd; - bool dataInQueue; - - if (expected) - { - dataInQueue = TEQ_Dequeue (&cd); - if (dataInQueue) - { - if (keychain != NULL) - *keychain = cd.keychain; - else if (cd.keychain) - CFRelease(cd.keychain); - - if (item != NULL) - *item = cd.itemRef; - else if (cd.itemRef) - CFRelease(cd.itemRef); - - return test_ok(cd.event == event, - description, directive, reason, file, line, - "# got: '%d'\n" - "# expected: '%d'\n", - cd.event, event); - } - else - { - - // oops, we didn't get an event, even though we were looking for one. - return test_ok(0, description, directive, reason, file, line, - "# event expected but not received\n"); - } - } - - /* We didn't expect anything and we got one event or more. Report them */ - dataInQueue = TEQ_Dequeue (&cd); - int unexpected_events = 0; - while (dataInQueue) - { - test_diag(directive, reason, file, line, - " got unexpected event: '%d'", cd.event); - unexpected_events++; - TEQ_Release (&cd); - dataInQueue = TEQ_Dequeue (&cd); - } - return test_ok(unexpected_events == 0, description, directive, reason, file, line, - "# got %d unexpected events\n", unexpected_events); - } - - default: - return test_ok(0, description, directive, reason, file, line, - "# runloop returned: '%d'\n" - "# expected: 'kCFRunLoopRunHandledSource'\n", - result); - } - } - - if (expected) - return test_ok(0, description, directive, reason, - file, line, "# runloop timed out waiting for event : %d\n", - event); - else - return test_ok(TRUE, description, directive, reason, file, line, - "# got %d unexpected events\n", 0); - -} diff --git a/SecurityTests/regressions/test/testsecevent.h b/SecurityTests/regressions/test/testsecevent.h deleted file mode 100644 index 140bc37b..00000000 --- a/SecurityTests/regressions/test/testsecevent.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * testsecevent.h - */ - -#ifndef _TESTSECEVENT_H_ -#define _TESTSECEVENT_H_ 1 -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define is_sec_event(EVENT, KEYCHAIN, ITEM, PID, TESTNAME) \ -( \ - test_is_sec_event((EVENT), (KEYCHAIN), (ITEM), (PID), (TESTNAME), \ - test_directive, test_reason, __FILE__, __LINE__) \ -) - -#define no_sec_event(TESTNAME) \ -( \ - test_is_sec_event(0, NULL, NULL, NULL, (TESTNAME), \ - test_directive, test_reason, __FILE__, __LINE__) \ -) - -OSStatus test_sec_event_register(SecKeychainEventMask mask); - -OSStatus test_sec_event_deregister(); - -int test_is_sec_event(SecKeychainEvent event, SecKeychainRef *keychain, - SecKeychainItemRef *item, pid_t *pid, const char *description, - const char *directive, const char *reason, const char *file, - unsigned line); - -#ifdef __cplusplus -} -#endif /* __cplusplus */ - -#endif /* !_TESTSECEVENT_H_ */ diff --git a/SecurityTests/regressions/ut/ut-00-errors.cpp b/SecurityTests/regressions/ut/ut-00-errors.cpp deleted file mode 100755 index a06e85f3..00000000 --- a/SecurityTests/regressions/ut/ut-00-errors.cpp +++ /dev/null @@ -1,18 +0,0 @@ -#include - -#include "testcpp.h" - -using namespace Security; - -int main(int argc, char *const *argv) -{ - plan_tests(5); - - no_throw(, "doesn't throw"); - does_throw(throw 1, "does throw"); - does_throw(UnixError::throwMe(1), "throws something."); - is_throw(UnixError::throwMe(1), CommonError, unixError(), 1, - "throws UnixError 1"); - is_throw(UnixError::throwMe(1), CommonError, osStatus(), 100001, - "throws osStatus 100001"); -} diff --git a/SecurityTests/regressions/ut/ut-01-devrandom.cpp b/SecurityTests/regressions/ut/ut-01-devrandom.cpp deleted file mode 100755 index 55927d24..00000000 --- a/SecurityTests/regressions/ut/ut-01-devrandom.cpp +++ /dev/null @@ -1,23 +0,0 @@ -#include - -#include "testcpp.h" - -int main(int argc, char *const *argv) -{ - plan_tests(4); - - DevRandomGenerator rnd; - char buf[8] = {}; - no_throw(rnd.random(buf, sizeof(buf)), "read data from rnd."); - TODO: { - todo("writing to read only rnd succeeeds unexpectedly."); - - does_throw(rnd.addEntropy(buf, sizeof(buf)), - "writing to rnd throws"); - } - - - DevRandomGenerator rndw(true); - no_throw(rndw.random(buf, sizeof(buf)), "read data from rndw."); - no_throw(rndw.addEntropy(buf, sizeof(buf)), "write data to rndw."); -} diff --git a/SecurityTests/test-certs/CACert.ecc.pem b/SecurityTests/test-certs/CACert.ecc.pem deleted file mode 100644 index f96e7df1..00000000 --- a/SecurityTests/test-certs/CACert.ecc.pem +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBjTCCATOgAwIBAgIJAMQsXubbJnDAMAkGByqGSM49BAEwJTEjMCEGA1UEAwwa -U2VjdXJpdHlUZXN0IENBIENlcnQgKEVDQykwHhcNMTExMTE0MTkzMTM4WhcNMTIx -MTEzMTkzMTM4WjAlMSMwIQYDVQQDDBpTZWN1cml0eVRlc3QgQ0EgQ2VydCAoRUND -KTBWMBAGByqGSM49AgEGBSuBBAAKA0IABK5O3qLKvKB5vMRqWEKv4Nye+fhkJj/B -8gs36QR0z8CXUVH22c0EXaIZwIOZ4XrZGD1/FUHh3JWqser7B45znOqjUDBOMB0G -A1UdDgQWBBQxswVVmWBV4cMaTe8uIpaa2+11LzAfBgNVHSMEGDAWgBQxswVVmWBV -4cMaTe8uIpaa2+11LzAMBgNVHRMEBTADAQH/MAkGByqGSM49BAEDSQAwRgIhAKZW -WRe6AVtqmdCUjZSpMKnn1N8ErlrRhbPCbXrYWImfAiEAhGdbOPreQ1cGkozAumNt -akSeluukYrPN1dks78s6++c= ------END CERTIFICATE----- diff --git a/SecurityTests/test-certs/CACert.rsa.pem b/SecurityTests/test-certs/CACert.rsa.pem deleted file mode 100644 index 0fe2aa1a..00000000 --- a/SecurityTests/test-certs/CACert.rsa.pem +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICGDCCAYGgAwIBAgIJAJ9QpULLeIQbMA0GCSqGSIb3DQEBBQUAMCUxIzAhBgNV -BAMMGlNlY3VyaXR5VGVzdCBDQSBDZXJ0IChSU0EpMB4XDTExMTExNDE5MzEzOFoX -DTEyMTExMzE5MzEzOFowJTEjMCEGA1UEAwwaU2VjdXJpdHlUZXN0IENBIENlcnQg -KFJTQSkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALqAEyGep4elcmCv1ELx -JrkSGQi4GF/2/fCgR1u6n6T9HeukKOZbmaCCirum7EWb1SbgGohLMqNMhYDyHska -S2KXDB1YhiAkHFuHOJf0oJDxbCFvfAgz/xwBfG6FKrloQk2vGi3DdTUg7hrP3/2m -AfDcvj7kd+YS5tqfV375ljlnAgMBAAGjUDBOMB0GA1UdDgQWBBTj+S/2zKrckMmA -NTFrL1Os0ICojTAfBgNVHSMEGDAWgBTj+S/2zKrckMmANTFrL1Os0ICojTAMBgNV -HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIS3eqZ/6ziu+f2xA+mACWakZNYW -ERLQ9i74mp52noNy3gY10EQdNBjjSfAr73HUDecSZ6EyuP+Q1Oo9JUSleZEne0pb -3MYy5p2OQRwT30XuzwcILjVeibi2BOgupmfuTwbTMRdiLErj/R2R7aHGQMjiEBh9 -DmYhaZn0u/Z/0eMP ------END CERTIFICATE----- diff --git a/SecurityTests/test-certs/CAKey.ecc.pem b/SecurityTests/test-certs/CAKey.ecc.pem deleted file mode 100644 index f9582d6b..00000000 --- a/SecurityTests/test-certs/CAKey.ecc.pem +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQggCn1xg7vmn4iguMpbpiW -NYtOx14IS0MfpbOCJx0YdSShRANCAASuTt6iyrygebzEalhCr+Dcnvn4ZCY/wfIL -N+kEdM/Al1FR9tnNBF2iGcCDmeF62Rg9fxVB4dyVqrHq+weOc5zq ------END PRIVATE KEY----- diff --git a/SecurityTests/test-certs/CAKey.rsa.pem b/SecurityTests/test-certs/CAKey.rsa.pem deleted file mode 100644 index 487b65b3..00000000 --- a/SecurityTests/test-certs/CAKey.rsa.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALqAEyGep4elcmCv -1ELxJrkSGQi4GF/2/fCgR1u6n6T9HeukKOZbmaCCirum7EWb1SbgGohLMqNMhYDy -HskaS2KXDB1YhiAkHFuHOJf0oJDxbCFvfAgz/xwBfG6FKrloQk2vGi3DdTUg7hrP -3/2mAfDcvj7kd+YS5tqfV375ljlnAgMBAAECgYEAkm63FsGcZowH51SHA9yWe99y -2n65XLfwoPsnrCU27fNzh65IEr6/O+Djjv08LFdzn+d7zaHFa6RMencgpuPHZZV0 -17vH8Km4aBr5zL52UbvqkFPsO/1vH0CQu0fhQJMYtCTzkIIn6GbFHDq0iK2LO+ET -09S1l+O+0jf0Ox3+xvkCQQDbEO2VDYAf3XWJhWqMMtziS5XUUgC+H/EsmStkll4l -HGyRmWYFOXTAh6dTNEkMUPYElf1iRi2IbRPF1SOzPZVTAkEA2fGUL7Wi9+1byvSB -f+AiC7uQ5GOJMiVpSiYztORzwfHy5dBksRKH1P4OHeM+qXZtOULkhIU6i/Hb8ynG -nCGVHQJAXvv4B6jS5P4g+H/gsula3MPpMyZbLBStfajsJ7ELIQwyBu98TMec1935 -rxn8klqIUXS3aOUE2SJycFT6Jb2OAQJAGYbOEHh5yggnBDJ3KH8b/bvOULHH0/PF -zUWEMN/BHyozhO9Pm93LwwqupJmFMVwJlvdaxJrGLLX7SRPPi2HzkQJAf9K8Ff3Q -sB9jGsygiP9Z8kAewGyCp2EViJ+zwuNidD64P16zt+IlkMCNuY3EZRrMI+0q0hOh -/xRHfj1n+6rY0g== ------END PRIVATE KEY----- diff --git a/SecurityTests/test-certs/ClientCert.ecc.ecc.pem b/SecurityTests/test-certs/ClientCert.ecc.ecc.pem deleted file mode 100644 index 222a2cf8..00000000 --- a/SecurityTests/test-certs/ClientCert.ecc.ecc.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBNDCB3QICA+wwCQYHKoZIzj0EATAlMSMwIQYDVQQDDBpTZWN1cml0eVRlc3Qg -Q0EgQ2VydCAoRUNDKTAeFw0xMTExMTQxOTMxMzlaFw0xMTEyMTQxOTMxMzlaMCox -KDAmBgNVBAMMH1NlY3VyaXR5VGVzdHMgQ2xpZW50IENlcnQgKEVDQykwWTATBgcq -hkjOPQIBBggqhkjOPQMBBwNCAAQRHXiQO5Xw20eXWvh2ScjSx7XSMt7n5thN5y+d -sG+ezyETQOZg4T5PBF5/qb8rI8iF4pv/KBhA9h585d6Lptx0MAkGByqGSM49BAED -RwAwRAIgBTKxt5A/4UU0X6NePPqT0DqEkjC+NFMpRpAd+Wlv5agCIFIe0yAPgGPO -I1h28CfZamWahpCGDPZGjG1eRNNY7EJP ------END CERTIFICATE----- diff --git a/SecurityTests/test-certs/ClientCert.ecc.rsa.pem b/SecurityTests/test-certs/ClientCert.ecc.rsa.pem deleted file mode 100644 index f56215b4..00000000 --- a/SecurityTests/test-certs/ClientCert.ecc.rsa.pem +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBdzCB4QICA+swDQYJKoZIhvcNAQEFBQAwJTEjMCEGA1UEAwwaU2VjdXJpdHlU -ZXN0IENBIENlcnQgKFJTQSkwHhcNMTExMTE0MTkzMTM5WhcNMTExMjE0MTkzMTM5 -WjAqMSgwJgYDVQQDDB9TZWN1cml0eVRlc3RzIENsaWVudCBDZXJ0IChFQ0MpMFkw -EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEER14kDuV8NtHl1r4dknI0se10jLe5+bY -TecvnbBvns8hE0DmYOE+TwRef6m/KyPIheKb/ygYQPYefOXei6bcdDANBgkqhkiG -9w0BAQUFAAOBgQAq2AQPq3Z+KC9T/irBIWMMymrB7X0zqOHwQlVdBzTx2Hv8y+by -8kuFKrEfulTV8IwTQbGxuqsZpq39EKUkRUYCWI97zODH0vR+XBSaTKnyzHNaijqw -nJJltefGjhT9c2GBokhAJfet9zIxFenFvtfhUeb94hKmPbxrsruf/ryNvw== ------END CERTIFICATE----- diff --git a/SecurityTests/test-certs/ClientCert.rsa.ecc.pem b/SecurityTests/test-certs/ClientCert.rsa.ecc.pem deleted file mode 100644 index 2ca565cf..00000000 --- a/SecurityTests/test-certs/ClientCert.rsa.ecc.pem +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBfjCCASQCAgPqMAkGByqGSM49BAEwJTEjMCEGA1UEAwwaU2VjdXJpdHlUZXN0 -IENBIENlcnQgKEVDQykwHhcNMTExMTE0MTkzMTM5WhcNMTExMjE0MTkzMTM5WjAq -MSgwJgYDVQQDDB9TZWN1cml0eVRlc3RzIENsaWVudCBDZXJ0IChSU0EpMIGfMA0G -CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUKqDI37OiBOScaSNZRZ69ttex5U3g//G7 -dRSWJKVXrumlSW/RISvSUHYDpp6cMrOUOB3g3aFnlFEmLfqrj4lZoIDg0fftZ0yv -r7RmE+57t3yH9gNX8ilWiGIB7ZoVEkiugfTzBRbEiGPeohwatx7Y8gF2c+LbHdY5 -hO6yA+fwwwIDAQABMAkGByqGSM49BAEDSQAwRgIhAOpCpGjJs4/izL1iThvR6h61 -WzpopufKdv6LIyVkoFskAiEA+/fTImPTmAj/PiHZrGK2fxCmfGofdf4DnF3qbiUF -GGg= ------END CERTIFICATE----- diff --git a/SecurityTests/test-certs/ClientCert.rsa.rsa.pem b/SecurityTests/test-certs/ClientCert.rsa.rsa.pem deleted file mode 100644 index 5f8cc8dd..00000000 --- a/SecurityTests/test-certs/ClientCert.rsa.rsa.pem +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBvzCCASgCAgPpMA0GCSqGSIb3DQEBBQUAMCUxIzAhBgNVBAMMGlNlY3VyaXR5 -VGVzdCBDQSBDZXJ0IChSU0EpMB4XDTExMTExNDE5MzEzOVoXDTExMTIxNDE5MzEz -OVowKjEoMCYGA1UEAwwfU2VjdXJpdHlUZXN0cyBDbGllbnQgQ2VydCAoUlNBKTCB -nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1CqgyN+zogTknGkjWUWevbbXseVN -4P/xu3UUliSlV67ppUlv0SEr0lB2A6aenDKzlDgd4N2hZ5RRJi36q4+JWaCA4NH3 -7WdMr6+0ZhPue7d8h/YDV/IpVohiAe2aFRJIroH08wUWxIhj3qIcGrce2PIBdnPi -2x3WOYTusgPn8MMCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCeUHfriInHwURsxBya -vw6PY41TW+o1ega9CeI/GZokPCvxehRNJMXzbgSjNINzbjrJ1lEwWhRbqmkjT7WQ -2xs30KuZ4hcIjR77LRg9xAjcD9Rujvu2b2Vxl5NjOlmt1CXkMKjnz4JqEcPOBQQa -W+oz386aSITi+UJPoUh104asxA== ------END CERTIFICATE----- diff --git a/SecurityTests/test-certs/ClientKey.ecc.pem b/SecurityTests/test-certs/ClientKey.ecc.pem deleted file mode 100644 index b999dd9d..00000000 --- a/SecurityTests/test-certs/ClientKey.ecc.pem +++ /dev/null @@ -1,25 +0,0 @@ -Public Key Info: - Public Key Algorithm: ECC - Key Security Level: High - -curve: SECP256R1 -private key: - 77:dd:c7:4d:4c:54:9a:cc:9a:f3:38:1b:68:77:d8: - 20:96:cf:83:6c:37:33:13:b9:f8:5a:c5:a9:6b:cd: - 14:07: -x: - 11:1d:78:90:3b:95:f0:db:47:97:5a:f8:76:49:c8: - d2:c7:b5:d2:32:de:e7:e6:d8:4d:e7:2f:9d:b0:6f: - 9e:cf: -y: - 21:13:40:e6:60:e1:3e:4f:04:5e:7f:a9:bf:2b:23: - c8:85:e2:9b:ff:28:18:40:f6:1e:7c:e5:de:8b:a6: - dc:74: - -Public Key ID: F0:E8:3C:CF:A0:45:1D:ED:B2:D8:1B:7A:08:3F:4A:79:02:A9:50:22 - ------BEGIN EC PRIVATE KEY----- -MHcCAQEEIHfdx01MVJrMmvM4G2h32CCWz4NsNzMTufhaxalrzRQHoAoGCCqGSM49 -AwEHoUQDQgAEER14kDuV8NtHl1r4dknI0se10jLe5+bYTecvnbBvns8hE0DmYOE+ -TwRef6m/KyPIheKb/ygYQPYefOXei6bcdA== ------END EC PRIVATE KEY----- diff --git a/SecurityTests/test-certs/ClientKey.rsa.pem b/SecurityTests/test-certs/ClientKey.rsa.pem deleted file mode 100644 index 400b7304..00000000 --- a/SecurityTests/test-certs/ClientKey.rsa.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANQqoMjfs6IE5Jxp -I1lFnr2217HlTeD/8bt1FJYkpVeu6aVJb9EhK9JQdgOmnpwys5Q4HeDdoWeUUSYt -+quPiVmggODR9+1nTK+vtGYT7nu3fIf2A1fyKVaIYgHtmhUSSK6B9PMFFsSIY96i -HBq3HtjyAXZz4tsd1jmE7rID5/DDAgMBAAECgYA45lXIiXX7daR57hh00J8J8gdW -xlBkjz+dLoEe4yUUpuwyT8eVJnhCJyH/SKgw68gNcB9TNx0aUkSRILOhXxVOXyPN -StX3ptkNBaHMWxMfjuuHE750lh0K12jlHtaXvJ9ST6IwUDYniQlCWgdDJ4qZ6bh7 -5oH6+/UU55KBAKFyAQJBAOlbbWILMGF7bKdaBZYIkYcFfueX6K+yd+HvoTRdE19y -nzU/RN0EQ0a7m/j30YqalxxPwjco8xmbWTARQg4MPKECQQDowNPSOOhqXbtNlahu -hlP2RnmC3JK7gezq6Fli9SILhgY54k8n3I8Eln/nV10d3hMprAdy8KZxwpzME37U -YW7jAkEAv40RCL3uhNZvph+7HiECdDcKqMiFdFOnHIs7ZGRSlrLcBTVeLZ5mKxWt -Pn0OQBwNlmvSHL08b/SZDV/dPPLGgQJAG3s5B2dEudpbVSvIeVRO8ZMcocDdalpK -2OmaND7xSB8I+SipY/F8yXPjojMEgZRI+vCe6IlVfbUWwlnC7dybNQJBALK5VCDA -Hf9unwk0TaB1C73y+8wCzAdo8F+TuSlJCbrlkk/fWqjr2eBknz3F8hDhAeRijdSG -Vi82fdDpcIDXVm8= ------END PRIVATE KEY----- diff --git a/SecurityTests/test-certs/ClientReq.ecc.pem b/SecurityTests/test-certs/ClientReq.ecc.pem deleted file mode 100644 index ad10779c..00000000 --- a/SecurityTests/test-certs/ClientReq.ecc.pem +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIHjMIGMAgEAMCoxKDAmBgNVBAMMH1NlY3VyaXR5VGVzdHMgQ2xpZW50IENlcnQg -KEVDQykwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRHXiQO5Xw20eXWvh2ScjS -x7XSMt7n5thN5y+dsG+ezyETQOZg4T5PBF5/qb8rI8iF4pv/KBhA9h585d6Lptx0 -oAAwCQYHKoZIzj0EAQNHADBEAiBcP+jUoxoKnIiRaucK5NhHK/miFF9Bp3yHqjL5 -oTw/VwIgMjBXnU9XM7BBzf8ghuIP+f7vvZlpUhT2Z93cV08Yhjg= ------END CERTIFICATE REQUEST----- diff --git a/SecurityTests/test-certs/ClientReq.rsa.pem b/SecurityTests/test-certs/ClientReq.rsa.pem deleted file mode 100644 index dc6d737d..00000000 --- a/SecurityTests/test-certs/ClientReq.rsa.pem +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIBaTCB0wIBADAqMSgwJgYDVQQDDB9TZWN1cml0eVRlc3RzIENsaWVudCBDZXJ0 -IChSU0EpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUKqDI37OiBOScaSNZ -RZ69ttex5U3g//G7dRSWJKVXrumlSW/RISvSUHYDpp6cMrOUOB3g3aFnlFEmLfqr -j4lZoIDg0fftZ0yvr7RmE+57t3yH9gNX8ilWiGIB7ZoVEkiugfTzBRbEiGPeohwa -tx7Y8gF2c+LbHdY5hO6yA+fwwwIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAwNwk -3mDMney97Xc5Wlt9PGjk5KDeJppz6x8oi4voLTqEqDC84j52Z6T7dMAz5Xr4XEwj -W04UFTX/rbtHYV3IWZb7/3Zaf3RZMyLtAhhzc2uRcQZ9QGN8XideheU3uUFkxIVt -6ZFHQFZUGjW6Va06wp3aIsbDKQvrlqzGOOufhXs= ------END CERTIFICATE REQUEST----- diff --git a/SecurityTests/test-certs/SECG_ecc-secp256r1-client.pem b/SecurityTests/test-certs/SECG_ecc-secp256r1-client.pem deleted file mode 100644 index c56218b8..00000000 --- a/SecurityTests/test-certs/SECG_ecc-secp256r1-client.pem +++ /dev/null @@ -1,27 +0,0 @@ -BAG #0 - Elements: 1 - Key ID: 3A:8B:1B:18:22:29:59:28:BC:B2:8B:A4:79:DB:08:DD:9C:75:20:01 ------BEGIN ENCRYPTED PRIVATE KEY----- -MGgwHAYKKoZIhvcNAQwBAzAOBAhoqNgi8tCmswICCAAESPoHMAKQbVR1jzkhHUCK -SH1mEke4QFTVZOf8pDi5nwPlCDQi8Aaqg8AnSDdzHzLcw1p6OdrgrQs5wAMkKkQS -dxwWK23GyVzMcA== ------END ENCRYPTED PRIVATE KEY----- - -BAG #1 - Elements: 1 - Key ID: 3A:8B:1B:18:22:29:59:28:BC:B2:8B:A4:79:DB:08:DD:9C:75:20:01 ------BEGIN CERTIFICATE----- -MIICQDCCAeegAwIBAgICBBkwCQYHKoZIzj0EATCBmzEUMBIGA1UECxMLU0FNUExF -IE9OTFkxFzAVBgNVBAoTDkNlcnRpY29tIENvcnAuMRAwDgYDVQQHEwdUb3JvbnRv -MRAwDgYDVQQEEwdPbnRhcmlvMTkwNwYDVQQDEzB0bHMuc2VjZy5vcmcgRUNDIHNl -Y3AyNTZyMSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxCzAJBgNVBAYTAkNBMB4XDTA2 -MDUwMTAwMDAwMFoXDTE1MDUwMTAwMDAwMFowgYsxFDASBgNVBAsTC1NBTVBMRSBP -TkxZMRcwFQYDVQQKEw5DZXJ0aWNvbSBDb3JwLjEQMA4GA1UEBxMHVG9yb250bzEQ -MA4GA1UEBBMHT250YXJpbzE2MDQGA1UEAxMtdGxzLnNlY2cub3JnIEVDQyBzZWNw -MjU2cjEgQ2xpZW50IENlcnRpZmljYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD -QgAENkiY+LPQxC7KmT0UuxQk9YmCNuM0svU1B9Co3hSE13ikYgF36r2po5+LSF88 -eqGWQNEstt3qIfjtKXBEgEkud6MqMCgwDgYDVR0PAQH/BAQDAgOIMBYGA1UdJQEB -/wQMMAoGCCsGAQUFBwMCMAkGByqGSM49BAEDSAAwRQIgRaKZLOAIsu4JzR1RQmA/ -Vk0toX2r0PVt9/DiIzO8vbMCIQDN+1ccOjLRvGe7Dx0S62MSH1A3Z3dmK+E31I/d -4KrkIg== ------END CERTIFICATE----- diff --git a/SecurityTests/test-certs/SECG_ecc_rsa-secp256r1-client.pem b/SecurityTests/test-certs/SECG_ecc_rsa-secp256r1-client.pem deleted file mode 100644 index f1555b05..00000000 --- a/SecurityTests/test-certs/SECG_ecc_rsa-secp256r1-client.pem +++ /dev/null @@ -1,28 +0,0 @@ -BAG #0 - Elements: 1 - Key ID: 43:85:09:0E:1A:D4:D1:EC:1D:9A:F9:8D:01:8A:38:DC:EC:B3:5E:AC ------BEGIN ENCRYPTED PRIVATE KEY----- -MGgwHAYKKoZIhvcNAQwBAzAOBAhOSQT+jnrhJgICCAAESLYbifvjFHKHe5MGUWMP -amHOJ6674UnDtjmj0Ywh43m4LjZev/YSG4KyhUJEJukStkpHPamx3DtJCj4/XajG -E8u1tw83iMmMIA== ------END ENCRYPTED PRIVATE KEY----- - -BAG #1 - Elements: 1 - Key ID: 43:85:09:0E:1A:D4:D1:EC:1D:9A:F9:8D:01:8A:38:DC:EC:B3:5E:AC ------BEGIN CERTIFICATE----- -MIICgTCCAeqgAwIBAgICBBkwDQYJKoZIhvcNAQEEBQAwgZYxFDASBgNVBAsTC1NB -TVBMRSBPTkxZMRcwFQYDVQQKEw5DZXJ0aWNvbSBDb3JwLjEQMA4GA1UEBxMHVG9y -b250bzEQMA4GA1UEBBMHT250YXJpbzE0MDIGA1UEAxMrdGxzLnNlY2cub3JnIFJT -QSAxMDI0IENlcnRpZmljYXRlIEF1dGhvcml0eTELMAkGA1UEBhMCQ0EwHhcNMDYw -NTAxMDAwMDAwWhcNMTUwNTAxMDAwMDAwWjCBjzEUMBIGA1UECxMLU0FNUExFIE9O -TFkxFzAVBgNVBAoTDkNlcnRpY29tIENvcnAuMRAwDgYDVQQHEwdUb3JvbnRvMRAw -DgYDVQQEEwdPbnRhcmlvMTowOAYDVQQDEzF0bHMuc2VjZy5vcmcgRUNDLVJTQSBz -ZWNwMjU2cjEgQ2xpZW50IENlcnRpZmljYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0D -AQcDQgAENkiY+LPQxC7KmT0UuxQk9YmCNuM0svU1B9Co3hSE13ikYgF36r2po5+L -SF88eqGWQNEstt3qIfjtKXBEgEkud6MqMCgwDgYDVR0PAQH/BAQDAgOIMBYGA1Ud -JQEB/wQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBAUAA4GBAGIzvgvULZtfoBMF -xJyixSRNBsr3VN1IMCf2v5NM45d8p+NjD+YXocWuexA1EF4lpOWjSy2mhjwktOPt -UjnkRsOZoTr/QbOwWb18U9BGmZgkrIojUV4GDcufsJV1c0lgJFzNARr8rcoURMIK -ARC9GeHXLMAvxxe9n9sIW/4RUSus ------END CERTIFICATE----- diff --git a/SecurityTests/test-certs/ServerCert.ecc.ecc.pem b/SecurityTests/test-certs/ServerCert.ecc.ecc.pem deleted file mode 100644 index 07ee989c..00000000 --- a/SecurityTests/test-certs/ServerCert.ecc.ecc.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBNDCB3AIBBDAJBgcqhkjOPQQBMCUxIzAhBgNVBAMMGlNlY3VyaXR5VGVzdCBD -QSBDZXJ0IChFQ0MpMB4XDTExMTExNDE5MzEzOVoXDTExMTIxNDE5MzEzOVowKjEo -MCYGA1UEAwwfU2VjdXJpdHlUZXN0cyBTZXJ2ZXIgQ2VydCAoRUNDKTBZMBMGByqG -SM49AgEGCCqGSM49AwEHA0IABIXbOlTTvCN5E7usCk6YcBOv/pnyh4OQpFXEWnIT -QSLUNmAGZV/KaxHyC+uE+PjiRdjcxKAqJFYxPc5RvL/+mgYwCQYHKoZIzj0EAQNI -ADBFAiEAn0keI44d02aA+FaBXPJ/+ja/zLk60H++8mdPGI+3qvkCIAIjSCL6kn6H -C1WY1/1+d7DHY0JTeUJJf8k7Hb1BWfNG ------END CERTIFICATE----- diff --git a/SecurityTests/test-certs/ServerCert.ecc.rsa.pem b/SecurityTests/test-certs/ServerCert.ecc.rsa.pem deleted file mode 100644 index 0cad0d47..00000000 --- a/SecurityTests/test-certs/ServerCert.ecc.rsa.pem +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBdjCB4AIBAzANBgkqhkiG9w0BAQUFADAlMSMwIQYDVQQDDBpTZWN1cml0eVRl -c3QgQ0EgQ2VydCAoUlNBKTAeFw0xMTExMTQxOTMxMzlaFw0xMTEyMTQxOTMxMzla -MCoxKDAmBgNVBAMMH1NlY3VyaXR5VGVzdHMgU2VydmVyIENlcnQgKEVDQykwWTAT -BgcqhkjOPQIBBggqhkjOPQMBBwNCAASF2zpU07wjeRO7rApOmHATr/6Z8oeDkKRV -xFpyE0Ei1DZgBmVfymsR8gvrhPj44kXY3MSgKiRWMT3OUby//poGMA0GCSqGSIb3 -DQEBBQUAA4GBAJCrP/smtSSBTrtU0SDYRPZ+mLJXUh75BRNpbWUbx4Yqahr+bdi6 -Zr0ZB3hh0Cfsl3mzOwIZwJMfIIIkCB9FjwGyF4PJE7mXFgy5NeiTMcQ/Y8n+c4yi -papKnqVHT39ZFgdrgiPvML9qEprTHmzGag9a5o+5fQ9ZAQbwdvXeGtc6 ------END CERTIFICATE----- diff --git a/SecurityTests/test-certs/ServerCert.rsa.ecc.pem b/SecurityTests/test-certs/ServerCert.rsa.ecc.pem deleted file mode 100644 index 2bd3fc9a..00000000 --- a/SecurityTests/test-certs/ServerCert.rsa.ecc.pem +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBezCCASMCAQIwCQYHKoZIzj0EATAlMSMwIQYDVQQDDBpTZWN1cml0eVRlc3Qg -Q0EgQ2VydCAoRUNDKTAeFw0xMTExMTQxOTMxMzlaFw0xMTEyMTQxOTMxMzlaMCox -KDAmBgNVBAMMH1NlY3VyaXR5VGVzdHMgU2VydmVyIENlcnQgKFJTQSkwgZ8wDQYJ -KoZIhvcNAQEBBQADgY0AMIGJAoGBAMItnQMZpB3gi1CZ8Fh4+3JpT+kIkA3/Moqu -P6P2/adVva/4Uxfd0CV8AE5bZqgrimUVBzswmLVcQgyJ93WI3E2vqAIM90OiP/sn -MJSnIgj2ZaANEFKBDt3hYBDZkzs08g7hBK5vUykaSESQiFCRjRGT7I8IAE6Bvia3 -eGPe4mnlAgMBAAEwCQYHKoZIzj0EAQNHADBEAiBOKPczPb0PkaJw8YHUywnEpAhs -wRaE2PNHWjJwUbmZHgIgXVUy2/K30DEs9SHlUiL991KENDpuldfKVN2obeM0smE= ------END CERTIFICATE----- diff --git a/SecurityTests/test-certs/ServerCert.rsa.rsa.pem b/SecurityTests/test-certs/ServerCert.rsa.rsa.pem deleted file mode 100644 index 65a3b3f1..00000000 --- a/SecurityTests/test-certs/ServerCert.rsa.rsa.pem +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBvjCCAScCAQEwDQYJKoZIhvcNAQEFBQAwJTEjMCEGA1UEAwwaU2VjdXJpdHlU -ZXN0IENBIENlcnQgKFJTQSkwHhcNMTExMTE0MTkzMTM5WhcNMTExMjE0MTkzMTM5 -WjAqMSgwJgYDVQQDDB9TZWN1cml0eVRlc3RzIFNlcnZlciBDZXJ0IChSU0EpMIGf -MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCLZ0DGaQd4ItQmfBYePtyaU/pCJAN -/zKKrj+j9v2nVb2v+FMX3dAlfABOW2aoK4plFQc7MJi1XEIMifd1iNxNr6gCDPdD -oj/7JzCUpyII9mWgDRBSgQ7d4WAQ2ZM7NPIO4QSub1MpGkhEkIhQkY0Rk+yPCABO -gb4mt3hj3uJp5QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAKhBF706RaV39ohZqdOT -QwK0RZ/ES8xtrE+humkhbOctC5x7p9HO0pZbiWQYPwUn/k+5XHwe021Tj6h7v3Tg -I/U2SAW30+3F/6N9fWihmVHmU/92EO2bYmBA+HYSfBERm94s4w97kM2InP/EHyhI -089Tc0wnQdTcDBVFyfEy2L9F ------END CERTIFICATE----- diff --git a/SecurityTests/test-certs/ServerKey.ecc.pem b/SecurityTests/test-certs/ServerKey.ecc.pem deleted file mode 100644 index 7b988b0f..00000000 --- a/SecurityTests/test-certs/ServerKey.ecc.pem +++ /dev/null @@ -1,25 +0,0 @@ -Public Key Info: - Public Key Algorithm: ECC - Key Security Level: High - -curve: SECP256R1 -private key: - 7c:0c:c5:1a:1e:7d:fc:c0:ef:b7:e8:cf:60:b4:da: - c9:e9:0f:d2:bc:21:79:eb:cb:7d:b2:1b:71:cd:f4: - c5:32: -x: - 00:85:db:3a:54:d3:bc:23:79:13:bb:ac:0a:4e:98: - 70:13:af:fe:99:f2:87:83:90:a4:55:c4:5a:72:13: - 41:22:d4: -y: - 36:60:06:65:5f:ca:6b:11:f2:0b:eb:84:f8:f8:e2: - 45:d8:dc:c4:a0:2a:24:56:31:3d:ce:51:bc:bf:fe: - 9a:06: - -Public Key ID: 0E:EC:35:0C:A2:B7:81:2F:2B:D0:44:B3:21:94:5A:C0:AB:1D:C5:F3 - ------BEGIN EC PRIVATE KEY----- -MHcCAQEEIHwMxRoeffzA77foz2C02snpD9K8IXnry32yG3HN9MUyoAoGCCqGSM49 -AwEHoUQDQgAEhds6VNO8I3kTu6wKTphwE6/+mfKHg5CkVcRachNBItQ2YAZlX8pr -EfIL64T4+OJF2NzEoCokVjE9zlG8v/6aBg== ------END EC PRIVATE KEY----- diff --git a/SecurityTests/test-certs/ServerKey.rsa.pem b/SecurityTests/test-certs/ServerKey.rsa.pem deleted file mode 100644 index 3a181fd1..00000000 --- a/SecurityTests/test-certs/ServerKey.rsa.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMItnQMZpB3gi1CZ -8Fh4+3JpT+kIkA3/MoquP6P2/adVva/4Uxfd0CV8AE5bZqgrimUVBzswmLVcQgyJ -93WI3E2vqAIM90OiP/snMJSnIgj2ZaANEFKBDt3hYBDZkzs08g7hBK5vUykaSESQ -iFCRjRGT7I8IAE6Bvia3eGPe4mnlAgMBAAECgYEAqH72QWttmzNvEJkUE2GgJ+60 -le2FO3AYRnjf5oL8JsljGaCtUgd7iBtrFJOBqCpoJEC0Dqujx7Rv5/uMjSQerZPV -azpOYBn/mUqFHSLv2SMMCjHu3YBgQchnMc3iP7xremXhFhdsrkDkghnLHM12RTYL -Lyq6b+w3l0+Y/hgtecECQQDkHhrcgn8WvileMSrzWUihhUuCdgupl7bTF8nETQky -wa9xLCkKttKZKErMB9dL5CH0AQ/+KnyZH3mrHQ7Hm5ZxAkEA2emHnPRwhqD1xlJr -QU4C1Erj8ZSTZhp4DLT2daXtclJ7Z1Ao1p5bJuV8mr6J6pVvysXqiVEsdHMsxUQ8 -d2/MtQJAJ85JCamL28AbH+CcihJOZkEISB+pMVLUCEniX2rB7CV4I9t83e3BGhC5 -3JiRrSCF/DojPErVqzKe3IkZhyNTQQJBALn6iohVQthT9Y7udqWEq/t9cy+SS36f -5oeJxrLAC3g/lxykmEYbXtZCk+cJ6XExWvjnk3Tgt50nUzWFOEoDO+UCQQCzesQy -yk375W0h4KSiHU+rzdqjkLTm5s6RbJ0sUp9gFqiknoAeLeakAfQKyqIz/iFVBGXL -z0AjPVrxWuKkTCFt ------END PRIVATE KEY----- diff --git a/SecurityTests/test-certs/ServerReq.ecc.pem b/SecurityTests/test-certs/ServerReq.ecc.pem deleted file mode 100644 index e26c2087..00000000 --- a/SecurityTests/test-certs/ServerReq.ecc.pem +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIHjMIGMAgEAMCoxKDAmBgNVBAMMH1NlY3VyaXR5VGVzdHMgU2VydmVyIENlcnQg -KEVDQykwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASF2zpU07wjeRO7rApOmHAT -r/6Z8oeDkKRVxFpyE0Ei1DZgBmVfymsR8gvrhPj44kXY3MSgKiRWMT3OUby//poG -oAAwCQYHKoZIzj0EAQNHADBEAiAHUnRoQlOGKfl2OB71WkUi7q5F9Dw1PJDjVeGf -yqZVugIgfDG8F0/dzrgrN1ZiVvrqDdHEZkdxJ3nHFHRBGDoZJFo= ------END CERTIFICATE REQUEST----- diff --git a/SecurityTests/test-certs/ServerReq.rsa.pem b/SecurityTests/test-certs/ServerReq.rsa.pem deleted file mode 100644 index 1404b801..00000000 --- a/SecurityTests/test-certs/ServerReq.rsa.pem +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIBaTCB0wIBADAqMSgwJgYDVQQDDB9TZWN1cml0eVRlc3RzIFNlcnZlciBDZXJ0 -IChSU0EpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCLZ0DGaQd4ItQmfBY -ePtyaU/pCJAN/zKKrj+j9v2nVb2v+FMX3dAlfABOW2aoK4plFQc7MJi1XEIMifd1 -iNxNr6gCDPdDoj/7JzCUpyII9mWgDRBSgQ7d4WAQ2ZM7NPIO4QSub1MpGkhEkIhQ -kY0Rk+yPCABOgb4mt3hj3uJp5QIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAUQxm -ZZU7G1eUyizNJ+x5F6nR8SAiGMPKjPoDMedO4NWU5mmN12+vxe4VwFby1fQJUJG+ -1F0HuP05WJXrCqDy85Xnj80+mS1u6NRapXtWTBWk4XHsjVkE9+2yMdbZ3BNp4Hcy -XqBiwBfTx8mia7rgIEZVjfb3cAk4bxFqMtAULfE= ------END CERTIFICATE REQUEST----- diff --git a/SecurityTests/test-certs/ecparam.pem b/SecurityTests/test-certs/ecparam.pem deleted file mode 100644 index 32d952ea..00000000 --- a/SecurityTests/test-certs/ecparam.pem +++ /dev/null @@ -1,3 +0,0 @@ ------BEGIN EC PARAMETERS----- -BgUrgQQACg== ------END EC PARAMETERS----- diff --git a/SecurityTests/testKeychainAPI/English.lproj/InfoPlist.strings b/SecurityTests/testKeychainAPI/English.lproj/InfoPlist.strings deleted file mode 100644 index 7658fc22..00000000 --- a/SecurityTests/testKeychainAPI/English.lproj/InfoPlist.strings +++ /dev/null @@ -1,5 +0,0 @@ -/* Localized versions of Info.plist keys */ - -CFBundleName = "CarbonApp"; -CFBundleShortVersionString = "CarbonApp version 0.0.1d1"; -CFBundleGetInfoString = "CarbonApp version 0.0.1d1, Copyright 2000, MyGreatSoftware."; diff --git a/SecurityTests/testKeychainAPI/run.sh b/SecurityTests/testKeychainAPI/run.sh deleted file mode 100755 index 80709209..00000000 --- a/SecurityTests/testKeychainAPI/run.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -HOME=/tmp/kc$$ -export HOME -mkdir -p $HOME/Library/Preferences - -echo Running with HOME=$HOME - -${LOCAL_BUILD_DIR}/testKeychainAPI.app/Contents/MacOS/testKeychainAPI -vnall -${LOCAL_BUILD_DIR}/testKeychainAPI.app/Contents/MacOS/testKeychainAPI -vsall - -rm -rf /tmp/kc$$ diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI.cwp/testKeychainAPI/testKeychainAPI b/SecurityTests/testKeychainAPI/testKeychainAPI.cwp/testKeychainAPI/testKeychainAPI deleted file mode 100644 index 4ca84d6bddd7322f21ef2d571168e947127c6c32..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 71104 zcmeI537i~7y~nHf-rV;=t|12rN!Wy3ge5>Wn`^^vcFArIxsu85kW4bWv&_zha7R?c z6Fl((f}AQKCBEI*$ue|TSs(Q9(rn_eYc?!wY=ku%jb=AMB ztN!)>SNHVv(Vk2ulv1TiIkS{AaG!Dp-Jw+VIP#)Si9=#SeX=9AIhsnvlc`8cD!D7x zo_33llGJ$=9X+Si$)_r{j4{i$+N8?$@HZ=?s`K;~g*F{YT4MRJq@|@z=j0qkw zBYgl20TTWl4E@J*s)O`-Fl_rSq3Z8oxElWyi6i?T0SL}`qLJ$0!GrMG@KH%!!C4L; z4G2y%(HKpYa}McPMFsMA!N;jLC%3~dfRFFi=HpxmKL!w-cM(m{R5>@1PE17GW8{Al zK1r!lcfcQpPadO&p=FB6>%BJl5%)&fH5 zZ-`D&kIX=}tOULc{h;qM=1^ht63XTfokstM!B2;uE-MFIY<0OX_)elaO;y~BPCG*#s_q-!k~*#^toNY_~&BR#|NUQ+ZSq5MiB z(H)^&{9?VPs(e4G*ejv@E}|AqRrw>NXIlOw=?2T6C6#d!%6~y5`zDnCiD;vys-lW? zljWmGH(Ne~bc^NlNndBV%IvZkDCx#-reF%_4=x7z%-l5VqH zY%*&3ZKT^Rzniq(@-LBgSpF2L=#EhF9MSp0;4c#4a}p}Vk7VD3%ArJYO;zP&Qt@p< zrP#)9O;zP-qzTJK$DNi-zq%~HfHZ0O8%et@e;=uo5h`ybN@=PpKTXnjb?#y<9g&kT~bEv>vo!v>%!6XnVAp$exIC6z(IX|u{(Tjv5!7N8CY>ozTmCn@viTGe0x5a$r99Snv5arR+gI2Zv& z0$JEbgE2r34&%UhAP4dZz#Vr)A8@?NGa5of8~s3E?d#G^!Aam0a5C5q&H%H( zTreBV0}FvHFrwq>;8-9*bUFjz{%Q$W55$(w1TuHBz{>*K1Y{(OfgBhX0hy~4farSz z=m0Sw3%D%YJAo|JyTEQB3$iT4viQit+YK%NDIg20EU2=O%7Q3Ll6h_bGXJtz$)YYc zaU2jEIvt38$hS{0;1O|YCU?>;{hJz7cBp3xogE3$%7zf6KW55J3 z5ljM;!4wby$AYO~8ki2mzObIbEaj2L`1VvZ6_3e$m#%JTTt)dHn+~w)K-E~epm~^D zUY-~?_l%XIXuVDE$B9kd2mL(;J;@o$4%W>l=e|E@S#H z2Umc70MBqP1+NEJf;Rv>#=%;hH-a~TtH7JV)!;4Qt>A6o?cg2Yo!}a9EqE7T)o|Vo z-UHqX-bc^ar(&OqeJb{)R~GuB*r#HjihXG>r7wzoD)y<^r(&OqeJb{;*r#HjihU~f zso1AJO}mryE^s&aB)9{70^9@c1)l=9gO7txgTH{kg1>?L!2RGe-~sR;_$+t`d=5Me z9swT%e+T~n2N@HIl5xEsTn9b?7`tM;>Vx1z;KKl&DD-q9s^$nUjbhLkAi;#kAts*&x0?5e+Rz?FM{8IC%}{7YvAkPKfpJ@Q{bE6 zTj1N^0C)-f7W_B(AI4PyDnS*f1|^^z3;+YcAi&_AGB6kn0YkwsFdU2kBf%&z8jJy~ z)=nwyKLefxKL9@j-vQqT{|SBso&!&V?}7gU{|kNxeh+>Oo(DexKLtMnKL@`6zXZPm zFM#iYKY%}iKY>4k>0kyp4$K4*Fb&KC$Aj5m3YZG!fVtoVPy^fo&iPwu5$X4%iAhKn$D@&Iad!9bhMjgI!=ZNPtez1(Ki}TmVv_ z2c*Hdpcm``7lOTj`O-()N>b)g8!Pjbb!Nw=KC&~PFY62syU04ro5c1CP!CpuRp2yG z2UdeMU@bTmEC&r>9XJCtf+nyYG=mm!CfER4K^xczHi6T@X0Qdk4xGjC@G}Shay|>L z2RDH006ys42=;@U!27|&;C}Ey@EPz?@CdjMd>-5kZUMJ~2f%IMi{N%}2lxW`82C7N z2z&zE3GM=SgHM9bfe(Otz`fu>Z~%M?e40K_CY=Hz;8-vfj0fn@nFywV>0kyJ2POci zgZ(-)!7PB?%B434dv)dl?A5_u9qiS?ULEY!!CoEg)j0-Wvko@vECDBhtza97g6#lZ zI_Cmx)WKGr4iE$A*}+Dg^8ohh>;O9fb}E~b?aLjBK66xo@62xY3fa+<7#z0)sv32#&&eZy3(pPs!w+L(GY3is#Pi-S+evD z)zq@tySXBoNFU{nb(Mm8Q_A0|$%Z$g($?iUi*4@t<)9Si5Roiz>D!T@S z`89l-kv+=qqo$k*$xNPYIAeA)>!u@FS-E1gn=2++xneSkoYo}EYgXNEC5+Uy{k~4* zWZL#UxqThU$;=n+>x@TKGS@^qWAcZp?0-)z#jL8;iP&ELSdDe3lI^jco@7d`i1*-B zSy{EM=?<|EPruJletCI<((7D7t-st%>7HMncveoncaCQ*i1+!X>u=ea+66ON>^!f% z+776~QEy_h;S#Q(n zc-M{|mS0(kqut$lYejE7(Ggj-H=T<1sFktpy*qZqQV~-}nPpb~O`s0D(W@?h(Rb;p z4I3iO-K>!Diz%}UQAXBoXN0AphedVA+~Y1lIqp{(FK%e@JJJXSV_ z(-li7mUx*A)1%dGEjC-~tw|)eb0FyJRBN&~)gFtqrD9x+$_&oxT(!hf30s?GRkl>E z-*uRlXrfd0YW9CdJ=bTp*5gt&?cLqVv$@mVXicY3khj?8xDpNNSf{60Z@OjfRUl7! zCd-v+igrbrCXa}l<4U0Z9~VGxV)Ba>I)Jg)cX)7>itQ%bRWaHoM(o zx6jnK*vJhn<+@&nGAnleGh@a!x9A&WGL>J z)y&Aum33`(BrOf~ZQROt^aOq2(?=t72t0a5UL0vr14RwE8Yo_{5ltK!KkMB&eYt7g zWviFl&}+Y*J~HO%;LE!#ip@Yv|9JL*HZJugZTm%FPo;!Ma&4Mf#kH$fo)KY!sK(U=1E6 zCBU#>9wncX>7XpvDCv$dv;dI?Z7-E&N~D5 zUo)Td&7gchT}KD$?VzG1-o-Q7`h6Ca(Uv67kn8t0R5kHv4aY3`v$HzALEcCs&$+7s zO|dR{W}Iie)xb1Q$iaEuTn&QC^W<-W4^H;P*uOlluZF}E3E_{yhqmra%5&yFfe%|7 z?~wKn!iP5{_rOc0!$L~pDbz5_lnQQbOVu@4oGf=})0h;_gh!>7fi8CBLsG`(d1 z_0PfO4?F1xq3jx><1|%eypuq`2Sf6|Ml{Rj|BCc@5Rqvkoec=(lFljFf88+n3iw=A z(SiQTx4};Ug!0RXc>jQe@(&ZuGxkt^AAG*Chw|^jPc-&W{wMeXV-FR)`#>!;_E5q5 z3DhEE4;8$7KrJ@*P$7d`V(g*f9q^NkJyd)gzSP)5#pCdkjXhMzywnXUUV| z@UOtnmM6vG&%@6-L#>G7(lVBFd|AAkCw;TH(DD%=G&qX35HpbhDBP&@l#=*~*hb!SSFFWK(OStG}XRI}PKAiPM zzkg*p{B7`EfH3G|M7uRrgB~SKSpHK|89!mL*jU#K+vG-#!874WRWi5{&c0RmH)r&G z3(h{&1v_dZ--KTYPrZP$;2(zf$dd=~2jTK;J^LH{9e6LgWgQ#*JNO=XM4u^>dAV?R zZCyKD=4CIBk7AcY(4)FY9^i*d-!GQuN#XB+Ut-!Hau@tk)Bccez%P>rOp*C-_~rN! z^EebcP*=zkr||jkeexhRybb<(Ko}}(i;RIV^j$=6&{PfmH0c{Hm$mCnmcK-LmEpsN zlD^sUMWk0-zM1qbmS0TzR?9y~D)T`YCU*OFP1P`&YZ)71*dK`Asi_)1n)DjWWo^9H z@{Od@SHkeUMDNyA4gUb?do2GP>3c2z0qOfJ{~PK14IeRq^g7FB4UzhU5$6&~UkM{F zCHj!2YQznsGRK4w2Z%l*4E_v}*fC+mUx-AGFmejfjhd>FD@gZS9wWWUa?$ZeEx&{G zX3M`qdW+@%MS82@qa?Y_@(AhemMVZtb>_X$nasDC59)AFB_ ziailVR}kH;sTw_-^plpaCB4V;9i;bKF7x~;%cX6x8^Y)>6Wyn&8vRq!`wbs6fb=t# zpFsM6jj=WV!59=9Mt!Nuq}}RbyTt6?-C#9Z2+fP1V>rq_Up(ZW_^7G*#p3Nkxx@aUDdDYpTXw zP5M>KMaTbcxs*R)`L9T2421E+iN2<(8oz|}>z1EQ`X82y9e%@dv6rVTm%e|~@*k0Y z%kX0)`L^X#NuRcSCFyr8kCT4a^0$$G&vKdP?^`bIJ!ARrNuM=*!WdG~5n;kIq91Ci zCY(e1pO#-nDt#hM5PN@47+iEIHcgly>5ny46H7^-w_I%RCzdypiVYDarip&0shTK0 zEw)RTD0cA+P1Qu{<1a1$6RGH$Flju|3!17)r;z^I@^eXFwES|?-&nq%^d-w5A^ol8 z(&zs+Twc;B?^}~FS@itBnySfS8^5z$Y(sQMn0yt{A2d~yZzlbtsY+V)^l;f3EA5hN&0uo-$42g%Wow;X!&CtZw*yb(6_lAnNvhE<=t=+BFDi? zEvJ2XH=Kk>C%oM9YvC1^Exb^U<@s^Goxuz$aV&Gx!w4r=ve7V)+dC zv6ioci`@{WPVQ*df+fmnq$}c_Z1s6(5t*pOu~#gaIqEPjqur) zV<+;SF$pu?37>1Z%;O1`i%x1R$4;Gjh9Aec<$Yulj+1#r@0xFdFR*+Me4*v6tIi_J zAA~Qq{8{)C%dus7hna+#qVuJeOZz8VE_TAUgqc^sPqF-FxU4&bnO}yVYPsl~Ig>D} z0)D#XqVwgJuY%WEz6-v>a?yFc(V7ayZ)(=G+KB+ww2LWvwU7`6>Kd!{>_5 znKKDUxzYT8;H+^HYDDKFK0FCE7sD^GTy&nY{4?+# z%fAaxTmC0_ui^7V=X)$a1%9FBqVv6$OZyjDegm9s3G==Hzr^zA;g=ddzZ`y<<)U-u zOv3!t@GC4Ao$Rw*bpCqFKMudr@~^?)VEJ$1Z#4YGf$%q3J{NwK<&E$+TaNzZy|NNc zd{N{mVXb<97|aIC-^4}Uor`Pr{$vayDZ-Vr+*Tb?1eLbnxhYS52of1 z!SA*Fhwx8X{&)DN4L?bAPCq1^B<Q|CGHH zck(LMfd3zPhxTAf)?+D${#47WSUbh8^;ZME>l)hnD_fK+YT$^}fOABSsyL{k1`f9d zMrT~5RDV=Wx!ZC+a=3R^Z11(Dft~4eckR4+yZAO;O;0Z`YE5>|3#1O54lcLYCEtUnSV&q`!ImROtjX|KHRDe}06=WAa+P2_$6%ts{q zn_xZyS)U2>DVJ}zxu5q6D9-xgSAdNDo>@St`#mt9;+!v)1xjSTN9HH7x=EfB@+rys z(wR^BIk5H{1oMuxoXN+ zivG5szX?m_oNo{2*Y|N=sTb_JQX1&EnZm#h`#P;uE8wys66&xX0e^SZ0zuB|7KTq# zkfXY_^V~F3;OC^aFu+BnG}u9r$H z8}cRKa5ofzU^kS~P&X8T5I28_XLfz0K5IkHA(BBPp?NB##C4#0&n$B}Ww^E=ws1@Lb zQZ?8Or8LY9r999L-NK-u6yoiR(q&mFS_d>k^XJl`er zihZ0iPbN!Ad8OGCn^o-Vnm!Ua)|xHhb zGQo<@cCEaMA#>p4URl+B94u2#-9n}=B4MU3LOIY)IB0$okR@#FdwHkzZ0^|MT!e4T4aJ1 zEv0=&k-Wx3=75^HN0O}SVWutzgaWI&h=iHClov2{5eYSQ5ePGNDGxDqw>WGDTp9lv za7zQ!EXCob-X{@cMOwnw)TJcM)TO+jsf$nnQ}>93by6%bz|?gM1x($Q308D~sk;?J z<{-?}rMi!)&zX~PhTv0}93dZb&ynyq_#7cWlg|de6#lv@G*QJsjM0CDbH4X zj)1TE`^x0lR<4ZK1#-%KoFGRc$PIGD{2jqxD7?G*&XC)RzdQIyg{eQ=C44G}&W(>- zW3#iGq$HLIoT{M8X|IBtjj-6$p0>S1M>`-10!>i$EdA=#vSy zG%XY07*ZDQ7$VUR#}KiCj^Pms?=FHlM~NI;5rM+$7pXAyOL^aEk1Mk@@#7r@HTt`5c-2AM`!~L28s9zKjV!M;yJMc& zlacwK!siHuFW%Bj!NpsI3M}3t625qgMCjt}3WTp7u2h!Va)vCs30Iuoe~LMcm<2v~ zHI$Cj2Q1!F7QT3kL_Zd95i7WOdxXNfi?d*0-e0phV-|tJ>KCan^-H<$;;lO>g<1a< z=Jz3F@s=jC7H^+VvFG`PpG=lp_zC2Cg`Z5eQ}{__`Gl`PyeHYkov&T7gz_t2orvuX zDfW7lUv(+Zn$aL3JE1|v?v(kJ=bQ=!i)5_RSH$>|Us0AT`3ZQJ_`ve8A-Mli_*Kq# zQ$ML(FAb3iRfE?@ecQ-&(IBCa33VMbsA`y|sN3hBehn1#&YYvBUmM=TW>9&^_`Ih* zxz*`^!Sz98Le~coD6~F^O!)dB5~1sZ76@4%^e%$e2PqC)AKdcL^}!ViP`6tgWHM4- zV14Kl33LoC;=evfQRw<00%7YzraWv2LF)HgVe5mOVC0@x=juUZLe~coD6~F^ zO!)dB5~1sZ76@4%^e%$e2PqC)AKda#b8>|O)a@1rnT(VdSReXC0v$t(_^%IA6uLf$ zK-l__DGwV$(E1>i3$G6%RcL+i$b_l^^AB7fbQ^`%2UjR$LS-L*>w{Z0OjFbiULT}^ z(DMfoD6l?=NZ9(|mWPbbyFQ46xSv$6gNMk3 zs=@2vzHQ_>c#u%Ygt`tMR5eUfSq|>kK$e613FJ7qpNQANgUUn3=XG!yYas{slgV;$ zKY?5a_mjzXa6gGG2lo?@;kynVRG#JFK|)qvLB;Nz`<3T7c(6#uvVBF2gZmX_Ik=yI z*TDnJ!-n8GxL@Ub2ltc8b?^|GP&G)sunCp&f)gr2ArmUaas-z&*Z6gry+RjI-ggA| z6UcIKKY<(v_Y?6tcu;xB_zF3=p6$kH*N)!kj+n0&R>rpX?${AaMT{H!%B*f{v6trj zx+wctnQYHo?evq8ey-Zv9_voWx#2RTG4b*>iRAWZBGQa-XZ&K`LF?C|FiHQAeL zk44&2F`k3>Ybm3F4ZU6L(O*qkkvyE!8SUy2gA0)|UL+sHig)es-(^cIl?YLSXscgi zYl$X0#R|=3)g$5o*y13LY7GqHy)Gs4sW(-!oNte@<$h~~tYSEtH6V}1A0#XnC5ThMfqCGwFc5~5rRo9+)D%sT; z>q^(wH*~cpdOKo0MT0m34Z;q|V;4isdJ%1JZjH3|c6TRJ>Eg^ExicR=GLK!9`q;(B zuK1o^lJAtxW@n$!=ufyhnn zhuk3Kru0LO&)lgHW`pq#WBdF7IV~&^a>Ge>1ju>Y8-d);06A$& z2ihA6i3iAe+Z%=4t^hgH7%}aQCfOYz=WUNq;;BS{oVUHPY;*?5dD|O@Tvvdcx4rRf zBm?BU?Hz+$cYvI?JwC&yE(nnGw#R1$RVqNv+ukHLdIIFU?M+559U$jzZwec|0dn5< zBFOCtkn^^8EE^XF$a&kFirn4+Id6N@*tjS_&fDH}p;o=+qXHF zJ6BwBP;FHU)uNL9H?<(QP2`+Qoy*9NszuHvmTwmsYI^%XGsRHUKv4rl4HPwSv}hpO z-JO_C$Q%jepPT|mg|8oqoOWoknV+;Vt#2Khnah?}hl`UAsR`dVFg zx0{olo=(s?;^6!mm-E$w2bJ2~uzqD%Zz9;>vzsYy6*X{VYoNd}`N$r8adfT*WSMkB z=@akSR{F$UcC$>C9(?8=pYn*lMzHYuVU%C%)|FK1d$)`H@Mz#@{{-s()YR7b z%hY3~Puyv2ZsFNtpVulU%F%ts-SekxY}WQyHD#I2`;g?#8?bh-s$MZuOI@AGan{Xq z25ma9QZ*cyr=;w-&t%Fxwr*4I)gWka&cF3;2}qikqa+4f9XIc3AL%2sE}DkvM7 zRW>_QR!!N6tg<2Vr>xyPZ=N$sdOi12J-({7Ni|HiXR=3~GwSqt&N1sB`p2fV2ils= z2xokonn_i*Ht9?h**Rmh$`=A%feDU1%5)iI}Ay;*|M5;xoIg_us`~d+BFx)yMtR%a&;h7&oW=;4tKd#-#(g< z+u)?SmX^lc%tPJYMg@NCy%OWnyOegCni>z~`T;}JRr8{zmd4e2nK>Dr-~GYuY_4CK zQ|*v9w^4)38IeL2n_4!zAFvDTPfKHRd!cp;m2X4fu&z+sLochT712Z@$vb7%#u9-R z-Jg{Xi#N}81!~7#F~hFTY0v3rJK+bx{`V(v*m|lCp`Fl%`rS@!Z)iJ(>_^J=e1%WD ztWcqP9_F^w-|Mmg^S;m1PT0&B>Q7%g;Y%6q^z*tb9SaFO5EN2sinN}4Vmk^777*ZD zp5doQ1?o%jHgLF(ls!8W1=lg22Q0WA_N03cOFJ^Y!*+c)DXj&E{;cy-yN3H*3l1)L zH+sHwJFjrkw$X^^iBtbQR=?WLBwmY0xPRuaD!sA<{Gf8DxIZh@D>N>>t8K*nSrOcR zg{8()<@wPg^qiNW`H%k)&v}E}IZWrght&h4sRFj@uM=;sw)lVcxoV)65Aj^JU_1Rh zS1s61_^Dy$9I9|Tp$+xBoqzVZYQVS-`CK)ioqZUjw!{8@#J*rVueNhlugB$chQqrW z^7FkpTk4w&{&p9c%-Lapj$Y&EyaA))NO@@Iyn*eA&i`5Gy#1Lk-Je&{IWKPoS-2n~ z?|29}lNg)1lfi4gIlMo2Vdxbhd;#zKHBEdC5LD^t>1N zs{lLHuM_gt&E=*YUUL%?q>)&Uy#Nv*SG?OUKrv*u*rJ+5JoF-p=U;#TPc;qI6u7F> zpLJeZsyQ5Y+o`wBR%)5*>`CYRDr%de)R=wb=bRP}eO{?b$?vjiv57MaGK>6pcK-Ok zD>cZrU;2x_G6%I*NIva*^9TH1p1m^dd-E%08f^RC{IMKdO6GQU_po1Y{tWh8GO;tg zBd7gYJT>L)YiZ;w^`$S~Nt=vQ!jPX6)pVy=(@UTHEc^t?Rcifrlqzd5`JbyJqef?| zA?QJsnf!Y%gU>VhtCSXQtkjd=a3@TKk=4((HSpI-F8O~UGWscf$M4{0NiOs9b|RynvNoBMvn7{#yr0PQ zv+NB|!L2>M2|d_(EE{<(`MUsNu>6KF{Vcm&{-N6~xk|kizp(u*yIOR7#ZAF`!0!$9sUO0I;ZJuHQ<+|gN)s-{5AQfoBYa``s82y zJ^AO^eCdOcFTJje{H-Rxsx%{CR*vmC@-(1i4J5Mi7hOsI6rHUquO>Z4?{|IbQSz@d z`Txdz4SCSyKg6vh&Ie5X@#w8$l*zyCS@K1Xgx^p;d6>>`9yFMI(H&vlUGPdHf9s2I zbR?njqeP~i=JNgIe}rv9h zZ#4N;V@Xdl`9H(=oc$)hQhdj>v;Gdo=-g!TPkadejFG>JwaAhF5vs&ijo#M3@E7uL z*4e5``nABwA3z7rEhc{#`>$*<`S(3dzStb0@;M@7Z|gfwB>y(H3Dvzs+qHbN^v$_l zXRGQ-q)SaZ7yg<2J4}AnLDIn{Kk-KLKW6izq*k9xI>`UH$*=qgsnzEnzefHiO#Z_6 zl0IhId2$^2cbfdg_=hvj^k)mQ4)Z5rsMyOLCVvxapL4g)R#pE&YW!~fJ13I=Nt3_q zOqM&Vx97!9m>UTLE+d+1+FAA$^6%Bzs!H@=?dliRMV4*8$f*=o@5 zNq3q4KR=3m>_Eawv3X;M&M`dk>D+JfPdk_XOw{r#W@3Ym*csu1mpINXGWp$?lmCFp z@0~`z=}+C`zasxZlRrT0%lJ#(^URU+S(9J=ebTB<{!usEZhR7bQy=M!=H7)dK<3Nn zr~ckX+QI%L4Co}X`4`K)e@oz%i+=CgVFc^ diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI.pbproj/project.pbxproj b/SecurityTests/testKeychainAPI/testKeychainAPI.pbproj/project.pbxproj deleted file mode 100644 index 6c5952d5..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI.pbproj/project.pbxproj +++ /dev/null @@ -1,1871 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 39; - objects = { - 00C85A54FEA53F3711CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.cpp.cpp; - path = Radar.cpp; - refType = 4; - sourceTree = ""; - }; - 00C85A55FEA53F3711CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.c.h; - path = Radar.h; - refType = 4; - sourceTree = ""; - }; - 00C85A58FEA5469711CD2A60 = { - children = ( - 00C85A59FEA5469711CD2A60, - 00C85A5AFEA5469711CD2A60, - 439B82D7FEB134D611CD2A60, - 1B0D0ABCFEAD2FFE11CD2A60, - 15A5F76FFEC0FEAB11CD2A60, - 2AE1C682FEAEB9E511CD2A60, - 15A5F771FEC1024711CD2A60, - 2AE1C686FEAF848911CD2A60, - 15A5F773FEC104FB11CD2A60, - 3C5F1DF5FEAFCCDC11CD2A60, - 15A5F775FEC1058011CD2A60, - 3C5F1DF7FEAFCE0911CD2A60, - 15A5F777FEC1093311CD2A60, - 3C5F1DF9FEAFCEAF11CD2A60, - 15A5F779FEC109BD11CD2A60, - 3C5F1DFBFEAFCF4611CD2A60, - 15A5F77BFEC10AE211CD2A60, - 3C5F1DFDFEAFE1B711CD2A60, - 00E41F6EFEB4C28611CD2A60, - 15A5F77DFEC1116B11CD2A60, - 40894A8BFEB0E0F911CD2A60, - 00E41F70FEB4C54E11CD2A60, - 00E41F71FEB4C54E11CD2A60, - 00E41F72FEB4C54E11CD2A60, - 439B82D3FEB12E9C11CD2A60, - 15A5F77FFEC1185511CD2A60, - 00E41F73FEB4C54E11CD2A60, - 15A5F781FEC1194511CD2A60, - 00E41F74FEB4C54E11CD2A60, - 15A5F783FEC119F911CD2A60, - 00E41F75FEB4C54E11CD2A60, - 15A5F785FEC11AFA11CD2A60, - 00E41F76FEB4C54E11CD2A60, - 1FA1A592FEC38E1611CD2A60, - 00F69664FEB4F50D11CD2A60, - 00F69666FEB4F6DC11CD2A60, - 00F69668FEB4F87D11CD2A60, - 00F6966AFEB4F92A11CD2A60, - 00EFF7F5FEB920BF11CD2A60, - 00EFF7F6FEB920BF11CD2A60, - 00EFF7F7FEB920BF11CD2A60, - 00EFF7F8FEB920BF11CD2A60, - 00EFF7F9FEB920BF11CD2A60, - 098DBF7CFEBA2C3511CD2A60, - 1FA1A58CFEC389EA11CD2A60, - 1FA1A58EFEC38BB411CD2A60, - 1FA1A596FEC3903011CD2A60, - 098DBF7EFEBA2D9E11CD2A60, - 1FA1A590FEC38C3011CD2A60, - 1FA1A598FEC3916E11CD2A60, - 1FA1A59AFEC3920D11CD2A60, - 098DBF80FEBA2E5311CD2A60, - 1FA1A594FEC38F4B11CD2A60, - 1FA1A59CFEC3930C11CD2A60, - 1FA1A59EFEC3937211CD2A60, - 098DBF82FEBA2F3811CD2A60, - 1FA1A5A0FEC3946E11CD2A60, - 098DBF84FEBA2FD711CD2A60, - 1FA1A5A2FEC394EE11CD2A60, - 098DBF86FEBA305A11CD2A60, - 1FA1A5A4FEC395F311CD2A60, - 09A72047FF0ADC1311CD287F, - 033D0E58FF0AD25311CD287F, - 2AE1C684FEAF841411CD2A60, - F51787050086346001CD2B7F, - 03FB9BD10066BA857F000001, - 03FB9BD30066CF0B7F000001, - ); - isa = PBXGroup; - name = scripts; - path = testKeychainAPI/scripts; - refType = 4; - sourceTree = ""; - }; - 00C85A59FEA5469711CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0000; - refType = 4; - sourceTree = ""; - }; - 00C85A5AFEA5469711CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0001; - refType = 4; - sourceTree = ""; - }; - 00C85A5BFEA5469711CD2A60 = { - fileRef = 00C85A59FEA5469711CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 00C85A5CFEA5469711CD2A60 = { - fileRef = 00C85A5AFEA5469711CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 00C8F077FE9ED53D11CD2A60 = { - children = ( - 00C8F08AFE9ED53D11CD2A60, - 1B0D0AB8FEAD1D8211CD2A60, - 00C85A54FEA53F3711CD2A60, - 00C85A55FEA53F3711CD2A60, - 00C8F078FE9ED53D11CD2A60, - 00C8F079FE9ED53D11CD2A60, - 00C8F07AFE9ED53D11CD2A60, - 00C8F07BFE9ED53D11CD2A60, - 00C8F07CFE9ED53D11CD2A60, - 00C8F07DFE9ED53D11CD2A60, - 00C8F07EFE9ED53D11CD2A60, - 00C8F07FFE9ED53D11CD2A60, - 00C8F080FE9ED53D11CD2A60, - 00C8F081FE9ED53D11CD2A60, - 00C8F082FE9ED53D11CD2A60, - 00C8F083FE9ED53D11CD2A60, - 00C8F084FE9ED53D11CD2A60, - 00C8F085FE9ED53D11CD2A60, - 00C8F086FE9ED53D11CD2A60, - 00C8F087FE9ED53D11CD2A60, - 00C8F088FE9ED53D11CD2A60, - 00C8F089FE9ED53D11CD2A60, - ); - isa = PBXGroup; - path = testKeychainAPI; - refType = 4; - sourceTree = ""; - }; - 00C8F078FE9ED53D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.cpp.cpp; - path = KCAPI_Cert.cpp; - refType = 4; - sourceTree = ""; - }; - 00C8F079FE9ED53D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.c.h; - path = KCAPI_Cert.h; - refType = 4; - sourceTree = ""; - }; - 00C8F07AFE9ED53D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.cpp.cpp; - path = KCAPI_CString.cpp; - refType = 4; - sourceTree = ""; - }; - 00C8F07BFE9ED53D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.c.h; - path = KCAPI_CString.h; - refType = 4; - sourceTree = ""; - }; - 00C8F07CFE9ED53D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.cpp.cpp; - path = KCAPI_Item.cpp; - refType = 4; - sourceTree = ""; - }; - 00C8F07DFE9ED53D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.c.h; - path = KCAPI_Item.h; - refType = 4; - sourceTree = ""; - }; - 00C8F07EFE9ED53D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.cpp.cpp; - path = KCAPI_Keychain.cpp; - refType = 4; - sourceTree = ""; - }; - 00C8F07FFE9ED53D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.c.h; - path = KCAPI_Keychain.h; - refType = 4; - sourceTree = ""; - }; - 00C8F080FE9ED53D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.cpp.cpp; - path = KCAPI_Manager.cpp; - refType = 4; - sourceTree = ""; - }; - 00C8F081FE9ED53D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.c.h; - path = KCAPI_Manager.h; - refType = 4; - sourceTree = ""; - }; - 00C8F082FE9ED53D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.cpp.cpp; - path = KCAPI_Password.cpp; - refType = 4; - sourceTree = ""; - }; - 00C8F083FE9ED53D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.c.h; - path = KCAPI_Password.h; - refType = 4; - sourceTree = ""; - }; - 00C8F084FE9ED53D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.cpp.cpp; - path = KCOperation.cpp; - refType = 4; - sourceTree = ""; - }; - 00C8F085FE9ED53D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.c.h; - path = KCOperation.h; - refType = 4; - sourceTree = ""; - }; - 00C8F086FE9ED53D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.cpp.cpp; - path = KCOperationID.cpp; - refType = 4; - sourceTree = ""; - }; - 00C8F087FE9ED53D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.c.h; - path = KCOperationID.h; - refType = 4; - sourceTree = ""; - }; - 00C8F088FE9ED53D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.cpp.cpp; - path = KCParamUtility.cpp; - refType = 4; - sourceTree = ""; - }; - 00C8F089FE9ED53D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.c.h; - path = KCParamUtility.h; - refType = 4; - sourceTree = ""; - }; - 00C8F08AFE9ED53D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.cpp.cpp; - path = testKeychainAPI.cpp; - refType = 4; - sourceTree = ""; - }; - 00C8F08BFE9ED53D11CD2A60 = { - children = ( - 21E9F1C7FF1D12F211CD283A, - ); - isa = PBXGroup; - name = Products; - refType = 4; - sourceTree = ""; - }; - 00E41F6EFEB4C28611CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0010; - refType = 4; - sourceTree = ""; - }; - 00E41F6FFEB4C28611CD2A60 = { - fileRef = 00E41F6EFEB4C28611CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 00E41F70FEB4C54E11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0011.001; - refType = 4; - sourceTree = ""; - }; - 00E41F71FEB4C54E11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0011.002; - refType = 4; - sourceTree = ""; - }; - 00E41F72FEB4C54E11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0011.003; - refType = 4; - sourceTree = ""; - }; - 00E41F73FEB4C54E11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0013; - refType = 4; - sourceTree = ""; - }; - 00E41F74FEB4C54E11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0014; - refType = 4; - sourceTree = ""; - }; - 00E41F75FEB4C54E11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0015; - refType = 4; - sourceTree = ""; - }; - 00E41F76FEB4C54E11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0016; - refType = 4; - sourceTree = ""; - }; - 00E41F77FEB4C54E11CD2A60 = { - fileRef = 00E41F70FEB4C54E11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 00E41F78FEB4C54E11CD2A60 = { - fileRef = 00E41F71FEB4C54E11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 00E41F79FEB4C54E11CD2A60 = { - fileRef = 00E41F72FEB4C54E11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 00E41F7AFEB4C54E11CD2A60 = { - fileRef = 00E41F73FEB4C54E11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 00E41F7BFEB4C54E11CD2A60 = { - fileRef = 00E41F74FEB4C54E11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 00E41F7CFEB4C54E11CD2A60 = { - fileRef = 00E41F75FEB4C54E11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 00E41F7DFEB4C54E11CD2A60 = { - fileRef = 00E41F76FEB4C54E11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 00EFF7F5FEB920BF11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0021; - refType = 4; - sourceTree = ""; - }; - 00EFF7F6FEB920BF11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0022; - refType = 4; - sourceTree = ""; - }; - 00EFF7F7FEB920BF11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0023; - refType = 4; - sourceTree = ""; - }; - 00EFF7F8FEB920BF11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0024; - refType = 4; - sourceTree = ""; - }; - 00EFF7F9FEB920BF11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0025; - refType = 4; - sourceTree = ""; - }; - 00EFF7FAFEB920BF11CD2A60 = { - fileRef = 00EFF7F5FEB920BF11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 00EFF7FBFEB920BF11CD2A60 = { - fileRef = 00EFF7F6FEB920BF11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 00EFF7FCFEB920BF11CD2A60 = { - fileRef = 00EFF7F7FEB920BF11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 00EFF7FDFEB920BF11CD2A60 = { - fileRef = 00EFF7F8FEB920BF11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 00EFF7FEFEB920BF11CD2A60 = { - fileRef = 00EFF7F9FEB920BF11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 00F69664FEB4F50D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0017; - refType = 4; - sourceTree = ""; - }; - 00F69665FEB4F50D11CD2A60 = { - fileRef = 00F69664FEB4F50D11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 00F69666FEB4F6DC11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0018; - refType = 4; - sourceTree = ""; - }; - 00F69667FEB4F6DC11CD2A60 = { - fileRef = 00F69666FEB4F6DC11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 00F69668FEB4F87D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0019; - refType = 4; - sourceTree = ""; - }; - 00F69669FEB4F87D11CD2A60 = { - fileRef = 00F69668FEB4F87D11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 00F6966AFEB4F92A11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0020; - refType = 4; - sourceTree = ""; - }; - 00F6966BFEB4F92A11CD2A60 = { - fileRef = 00F6966AFEB4F92A11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; -//000 -//001 -//002 -//003 -//004 -//010 -//011 -//012 -//013 -//014 - 01349571FFB0B4D211CD287F = { - buildSettings = { - COPY_PHASE_STRIP = NO; - GCC_DYNAMIC_NO_PIC = NO; - GCC_ENABLE_FIX_AND_CONTINUE = YES; - GCC_GENERATE_DEBUGGING_SYMBOLS = YES; - GCC_OPTIMIZATION_LEVEL = 0; - OPTIMIZATION_CFLAGS = "-O0 -fno-inline"; - ZERO_LINK = YES; - }; - isa = PBXBuildStyle; - name = Development; - }; - 01349572FFB0B4D211CD287F = { - buildSettings = { - COPY_PHASE_STRIP = YES; - GCC_ENABLE_FIX_AND_CONTINUE = NO; - ZERO_LINK = NO; - }; - isa = PBXBuildStyle; - name = Deployment; - }; -//010 -//011 -//012 -//013 -//014 -//030 -//031 -//032 -//033 -//034 - 033D0E57FF0ACE4D11CD287F = { - fileRef = 2AE1C684FEAF841411CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 033D0E58FF0AD25311CD287F = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0033; - refType = 4; - sourceTree = ""; - }; - 033D0E59FF0AD25311CD287F = { - fileRef = 033D0E58FF0AD25311CD287F; - isa = PBXBuildFile; - settings = { - }; - }; - 03FB9BD10066BA857F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = error_scripts; - refType = 4; - sourceTree = ""; - }; - 03FB9BD20066BA857F000001 = { - fileRef = 03FB9BD10066BA857F000001; - isa = PBXBuildFile; - settings = { - }; - }; - 03FB9BD30066CF0B7F000001 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = error_sub_cases_scripts; - refType = 4; - sourceTree = ""; - }; - 03FB9BD40066CF0B7F000001 = { - fileRef = 03FB9BD30066CF0B7F000001; - isa = PBXBuildFile; - settings = { - }; - }; -//030 -//031 -//032 -//033 -//034 -//040 -//041 -//042 -//043 -//044 - 04313892FE3035C9C02AAC07 = { - buildActionMask = 2147483647; - files = ( - ); - isa = PBXRezBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; -//040 -//041 -//042 -//043 -//044 -//080 -//081 -//082 -//083 -//084 - 0867D6AAFE840B52C02AAC07 = { - children = ( - 0867D6ABFE840B52C02AAC07, - ); - isa = PBXVariantGroup; - name = InfoPlist.strings; - refType = 4; - sourceTree = ""; - }; - 0867D6ABFE840B52C02AAC07 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text.plist.strings; - name = English; - path = English.lproj/InfoPlist.strings; - refType = 4; - sourceTree = ""; - }; - 0867D6ACFE840B52C02AAC07 = { - fileRef = 0867D6AAFE840B52C02AAC07; - isa = PBXBuildFile; - settings = { - }; - }; -//080 -//081 -//082 -//083 -//084 -//090 -//091 -//092 -//093 -//094 - 098DBF7CFEBA2C3511CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0026; - refType = 4; - sourceTree = ""; - }; - 098DBF7DFEBA2C3511CD2A60 = { - fileRef = 098DBF7CFEBA2C3511CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 098DBF7EFEBA2D9E11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0027; - refType = 4; - sourceTree = ""; - }; - 098DBF7FFEBA2D9E11CD2A60 = { - fileRef = 098DBF7EFEBA2D9E11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 098DBF80FEBA2E5311CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0028; - refType = 4; - sourceTree = ""; - }; - 098DBF81FEBA2E5311CD2A60 = { - fileRef = 098DBF80FEBA2E5311CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 098DBF82FEBA2F3811CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0029; - refType = 4; - sourceTree = ""; - }; - 098DBF83FEBA2F3811CD2A60 = { - fileRef = 098DBF82FEBA2F3811CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 098DBF84FEBA2FD711CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0030; - refType = 4; - sourceTree = ""; - }; - 098DBF85FEBA2FD711CD2A60 = { - fileRef = 098DBF84FEBA2FD711CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 098DBF86FEBA305A11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0031; - refType = 4; - sourceTree = ""; - }; - 098DBF87FEBA305A11CD2A60 = { - fileRef = 098DBF86FEBA305A11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 09A72047FF0ADC1311CD287F = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0032; - refType = 4; - sourceTree = ""; - }; - 09A72048FF0ADC1311CD287F = { - fileRef = 09A72047FF0ADC1311CD287F; - isa = PBXBuildFile; - settings = { - }; - }; -//090 -//091 -//092 -//093 -//094 -//150 -//151 -//152 -//153 -//154 - 15A5F76FFEC0FEAB11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0002.000; - refType = 4; - sourceTree = ""; - }; - 15A5F770FEC0FEAB11CD2A60 = { - fileRef = 15A5F76FFEC0FEAB11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 15A5F771FEC1024711CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0003.000; - refType = 4; - sourceTree = ""; - }; - 15A5F772FEC1024711CD2A60 = { - fileRef = 15A5F771FEC1024711CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 15A5F773FEC104FB11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0004.000; - refType = 4; - sourceTree = ""; - }; - 15A5F774FEC104FB11CD2A60 = { - fileRef = 15A5F773FEC104FB11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 15A5F775FEC1058011CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0005.000; - refType = 4; - sourceTree = ""; - }; - 15A5F776FEC1058011CD2A60 = { - fileRef = 15A5F775FEC1058011CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 15A5F777FEC1093311CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0006.000; - refType = 4; - sourceTree = ""; - }; - 15A5F778FEC1093311CD2A60 = { - fileRef = 15A5F777FEC1093311CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 15A5F779FEC109BD11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0007.000; - refType = 4; - sourceTree = ""; - }; - 15A5F77AFEC109BD11CD2A60 = { - fileRef = 15A5F779FEC109BD11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 15A5F77BFEC10AE211CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0008.000; - refType = 4; - sourceTree = ""; - }; - 15A5F77CFEC10AE211CD2A60 = { - fileRef = 15A5F77BFEC10AE211CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 15A5F77DFEC1116B11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0010.000; - refType = 4; - sourceTree = ""; - }; - 15A5F77EFEC1116B11CD2A60 = { - fileRef = 15A5F77DFEC1116B11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 15A5F77FFEC1185511CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0012.000; - refType = 4; - sourceTree = ""; - }; - 15A5F780FEC1185511CD2A60 = { - fileRef = 15A5F77FFEC1185511CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 15A5F781FEC1194511CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0013.000; - refType = 4; - sourceTree = ""; - }; - 15A5F782FEC1194511CD2A60 = { - fileRef = 15A5F781FEC1194511CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 15A5F783FEC119F911CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0014.000; - refType = 4; - sourceTree = ""; - }; - 15A5F784FEC119F911CD2A60 = { - fileRef = 15A5F783FEC119F911CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 15A5F785FEC11AFA11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0015.000; - refType = 4; - sourceTree = ""; - }; - 15A5F786FEC11AFA11CD2A60 = { - fileRef = 15A5F785FEC11AFA11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; -//150 -//151 -//152 -//153 -//154 -//1B0 -//1B1 -//1B2 -//1B3 -//1B4 - 1B0D0AB8FEAD1D8211CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.c.h; - path = testKeychainAPI.h; - refType = 4; - sourceTree = ""; - }; - 1B0D0ABCFEAD2FFE11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0002; - refType = 4; - sourceTree = ""; - }; - 1B0D0ABDFEAD2FFE11CD2A60 = { - fileRef = 1B0D0ABCFEAD2FFE11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; -//1B0 -//1B1 -//1B2 -//1B3 -//1B4 -//1F0 -//1F1 -//1F2 -//1F3 -//1F4 - 1FA1A58CFEC389EA11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0026.000; - refType = 4; - sourceTree = ""; - }; - 1FA1A58DFEC389EA11CD2A60 = { - fileRef = 1FA1A58CFEC389EA11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 1FA1A58EFEC38BB411CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0026.001; - refType = 4; - sourceTree = ""; - }; - 1FA1A58FFEC38BB411CD2A60 = { - fileRef = 1FA1A58EFEC38BB411CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 1FA1A590FEC38C3011CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0027.000; - refType = 4; - sourceTree = ""; - }; - 1FA1A591FEC38C3011CD2A60 = { - fileRef = 1FA1A590FEC38C3011CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 1FA1A592FEC38E1611CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0016.000; - refType = 4; - sourceTree = ""; - }; - 1FA1A593FEC38E1611CD2A60 = { - fileRef = 1FA1A592FEC38E1611CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 1FA1A594FEC38F4B11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0028.000; - refType = 4; - sourceTree = ""; - }; - 1FA1A595FEC38F4B11CD2A60 = { - fileRef = 1FA1A594FEC38F4B11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 1FA1A596FEC3903011CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0026.002; - refType = 4; - sourceTree = ""; - }; - 1FA1A597FEC3903011CD2A60 = { - fileRef = 1FA1A596FEC3903011CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 1FA1A598FEC3916E11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0027.001; - refType = 4; - sourceTree = ""; - }; - 1FA1A599FEC3916E11CD2A60 = { - fileRef = 1FA1A598FEC3916E11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 1FA1A59AFEC3920D11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0027.002; - refType = 4; - sourceTree = ""; - }; - 1FA1A59BFEC3920D11CD2A60 = { - fileRef = 1FA1A59AFEC3920D11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 1FA1A59CFEC3930C11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0028.001; - refType = 4; - sourceTree = ""; - }; - 1FA1A59DFEC3930C11CD2A60 = { - fileRef = 1FA1A59CFEC3930C11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 1FA1A59EFEC3937211CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0028.002; - refType = 4; - sourceTree = ""; - }; - 1FA1A59FFEC3937211CD2A60 = { - fileRef = 1FA1A59EFEC3937211CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 1FA1A5A0FEC3946E11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0029.000; - refType = 4; - sourceTree = ""; - }; - 1FA1A5A1FEC3946E11CD2A60 = { - fileRef = 1FA1A5A0FEC3946E11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 1FA1A5A2FEC394EE11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0030.000; - refType = 4; - sourceTree = ""; - }; - 1FA1A5A3FEC394EE11CD2A60 = { - fileRef = 1FA1A5A2FEC394EE11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 1FA1A5A4FEC395F311CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0031.000; - refType = 4; - sourceTree = ""; - }; - 1FA1A5A5FEC395F311CD2A60 = { - fileRef = 1FA1A5A4FEC395F311CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; -//1F0 -//1F1 -//1F2 -//1F3 -//1F4 -//200 -//201 -//202 -//203 -//204 - 20286C28FDCF999611CA2CEA = { - buildSettings = { - }; - buildStyles = ( - 01349571FFB0B4D211CD287F, - 01349572FFB0B4D211CD287F, - 30197C39FFFD721711CD283A, - ); - hasScannedForEncodings = 1; - isa = PBXProject; - mainGroup = 20286C29FDCF999611CA2CEA; - projectDirPath = ""; - targets = ( - 20286C34FDCF999611CA2CEA, - ); - }; - 20286C29FDCF999611CA2CEA = { - children = ( - 00C8F077FE9ED53D11CD2A60, - 20286C2CFDCF999611CA2CEA, - 20286C32FDCF999611CA2CEA, - 00C8F08BFE9ED53D11CD2A60, - ); - isa = PBXGroup; - name = testKeychainAPI; - path = ""; - refType = 4; - sourceTree = ""; - }; - 20286C2CFDCF999611CA2CEA = { - children = ( - 0867D6AAFE840B52C02AAC07, - 00C85A58FEA5469711CD2A60, - ); - isa = PBXGroup; - name = Resources; - path = ""; - refType = 4; - sourceTree = ""; - }; - 20286C32FDCF999611CA2CEA = { - children = ( - 20286C33FDCF999611CA2CEA, - F556AF770107963D01CD283A, - ); - isa = PBXGroup; - name = "External Frameworks and Libraries"; - path = ""; - refType = 4; - sourceTree = ""; - }; - 20286C33FDCF999611CA2CEA = { - isa = PBXFileReference; - lastKnownFileType = wrapper.framework; - name = Carbon.framework; - path = /System/Library/Frameworks/Carbon.framework; - refType = 0; - sourceTree = ""; - }; - 20286C34FDCF999611CA2CEA = { - buildPhases = ( - 20286C35FDCF999611CA2CEA, - 20286C36FDCF999611CA2CEA, - 20286C38FDCF999611CA2CEA, - 20286C3BFDCF999611CA2CEA, - 04313892FE3035C9C02AAC07, - ); - buildSettings = { - FRAMEWORK_SEARCH_PATHS = "\"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks/OSServices.framework\" \"$(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Frameworks\" /usr/local/SecurityPieces/Frameworks"; - HEADER_SEARCH_PATHS = "\"$(SRCROOT)\""; - INSTALL_PATH = /AppleInternal/Applications; - LIBRARY_SEARCH_PATHS = ""; - OTHER_CFLAGS = "-DCALL_IN_KEYCHAIN_BUT_NOT_IN_CARBON=1"; - OTHER_LDFLAGS = "-lstdc++"; - OTHER_REZFLAGS = ""; - PRODUCT_NAME = testKeychainAPI; - SECTORDER_FLAGS = ""; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - WRAPPER_EXTENSION = app; - }; - dependencies = ( - ); - isa = PBXApplicationTarget; - name = testKeychainAPI; - productInstallPath = /AppleInternal/Applications; - productName = testKeychainAPI; - productReference = 21E9F1C7FF1D12F211CD283A; - productSettingsXML = " - - - - CFBundleDevelopmentRegion - English - CFBundleExecutable - testKeychainAPI - CFBundleIconFile - - CFBundleInfoDictionaryVersion - 6.0 - CFBundlePackageType - APPL - CFBundleSignature - ???? - CFBundleVersion - 0.0.1d1 - - -"; - }; - 20286C35FDCF999611CA2CEA = { - buildActionMask = 2147483647; - files = ( - 3CB71739FFAE65EC11CD287F, - 3CB7173BFFAE660711CD287F, - 3CB7173FFFAE662911CD287F, - 3CB71741FFAE663611CD287F, - 3CB71743FFAE666411CD287F, - 3CB71744FFAE666411CD287F, - 3CB71745FFAE666411CD287F, - 3CB71746FFAE666411CD287F, - 3CB71747FFAE666411CD287F, - 3CB71748FFAE666411CD287F, - 3CB7174FFFAE66CD11CD287F, - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 20286C36FDCF999611CA2CEA = { - buildActionMask = 2147483647; - files = ( - 0867D6ACFE840B52C02AAC07, - 00C85A5BFEA5469711CD2A60, - 00C85A5CFEA5469711CD2A60, - 1B0D0ABDFEAD2FFE11CD2A60, - 2AE1C683FEAEB9E511CD2A60, - 2AE1C687FEAF848911CD2A60, - 3C5F1DF6FEAFCCDC11CD2A60, - 3C5F1DF8FEAFCE0911CD2A60, - 3C5F1DFAFEAFCEAF11CD2A60, - 3C5F1DFCFEAFCF4611CD2A60, - 3C5F1DFEFEAFE1B711CD2A60, - 40894A8CFEB0E0F911CD2A60, - 439B82D4FEB12E9C11CD2A60, - 439B82D8FEB134D611CD2A60, - 00E41F6FFEB4C28611CD2A60, - 00E41F77FEB4C54E11CD2A60, - 00E41F78FEB4C54E11CD2A60, - 00E41F79FEB4C54E11CD2A60, - 00E41F7AFEB4C54E11CD2A60, - 00E41F7BFEB4C54E11CD2A60, - 00E41F7CFEB4C54E11CD2A60, - 00E41F7DFEB4C54E11CD2A60, - 00F69665FEB4F50D11CD2A60, - 00F69667FEB4F6DC11CD2A60, - 00F69669FEB4F87D11CD2A60, - 00F6966BFEB4F92A11CD2A60, - 00EFF7FAFEB920BF11CD2A60, - 00EFF7FBFEB920BF11CD2A60, - 00EFF7FCFEB920BF11CD2A60, - 00EFF7FDFEB920BF11CD2A60, - 00EFF7FEFEB920BF11CD2A60, - 098DBF7DFEBA2C3511CD2A60, - 098DBF7FFEBA2D9E11CD2A60, - 098DBF81FEBA2E5311CD2A60, - 098DBF83FEBA2F3811CD2A60, - 098DBF85FEBA2FD711CD2A60, - 098DBF87FEBA305A11CD2A60, - 15A5F770FEC0FEAB11CD2A60, - 15A5F772FEC1024711CD2A60, - 15A5F774FEC104FB11CD2A60, - 15A5F776FEC1058011CD2A60, - 15A5F778FEC1093311CD2A60, - 15A5F77AFEC109BD11CD2A60, - 15A5F77CFEC10AE211CD2A60, - 15A5F77EFEC1116B11CD2A60, - 15A5F780FEC1185511CD2A60, - 15A5F782FEC1194511CD2A60, - 15A5F784FEC119F911CD2A60, - 15A5F786FEC11AFA11CD2A60, - 1FA1A58DFEC389EA11CD2A60, - 1FA1A58FFEC38BB411CD2A60, - 1FA1A591FEC38C3011CD2A60, - 1FA1A593FEC38E1611CD2A60, - 1FA1A595FEC38F4B11CD2A60, - 1FA1A597FEC3903011CD2A60, - 1FA1A599FEC3916E11CD2A60, - 1FA1A59BFEC3920D11CD2A60, - 1FA1A59DFEC3930C11CD2A60, - 1FA1A59FFEC3937211CD2A60, - 1FA1A5A1FEC3946E11CD2A60, - 1FA1A5A3FEC394EE11CD2A60, - 1FA1A5A5FEC395F311CD2A60, - 033D0E57FF0ACE4D11CD287F, - 033D0E59FF0AD25311CD287F, - 09A72048FF0ADC1311CD287F, - 03FB9BD20066BA857F000001, - 03FB9BD40066CF0B7F000001, - F51787060086346001CD2B7F, - ); - isa = PBXResourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 20286C38FDCF999611CA2CEA = { - buildActionMask = 2147483647; - files = ( - 3CB7173AFFAE65EC11CD287F, - 3CB7173CFFAE660711CD287F, - 3CB71740FFAE662911CD287F, - 3CB71742FFAE663611CD287F, - 3CB71749FFAE666411CD287F, - 3CB7174AFFAE666411CD287F, - 3CB7174BFFAE666411CD287F, - 3CB7174CFFAE666411CD287F, - 3CB7174DFFAE666411CD287F, - 3CB7174EFFAE666411CD287F, - 3CB71751FFAE6A8B11CD287F, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 20286C3BFDCF999611CA2CEA = { - buildActionMask = 2147483647; - files = ( - 20286C3CFDCF999611CA2CEA, - F556AF780107963D01CD283A, - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 20286C3CFDCF999611CA2CEA = { - fileRef = 20286C33FDCF999611CA2CEA; - isa = PBXBuildFile; - settings = { - }; - }; -//200 -//201 -//202 -//203 -//204 -//210 -//211 -//212 -//213 -//214 - 21E9F1C7FF1D12F211CD283A = { - explicitFileType = wrapper.application; - isa = PBXFileReference; - path = testKeychainAPI.app; - refType = 3; - sourceTree = BUILT_PRODUCTS_DIR; - }; -//210 -//211 -//212 -//213 -//214 -//2A0 -//2A1 -//2A2 -//2A3 -//2A4 - 2AE1C682FEAEB9E511CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0003; - refType = 4; - sourceTree = ""; - }; - 2AE1C683FEAEB9E511CD2A60 = { - fileRef = 2AE1C682FEAEB9E511CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 2AE1C684FEAF841411CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0034; - refType = 4; - sourceTree = ""; - }; - 2AE1C686FEAF848911CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0004; - refType = 4; - sourceTree = ""; - }; - 2AE1C687FEAF848911CD2A60 = { - fileRef = 2AE1C686FEAF848911CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; -//2A0 -//2A1 -//2A2 -//2A3 -//2A4 -//300 -//301 -//302 -//303 -//304 - 30197C39FFFD721711CD283A = { - buildSettings = { - COPY_PHASE_STRIP = NO; - OPTIMIZATION_CFLAGS = "-O0 -fno-inline"; - OTHER_LDFLAGS = "\U0001-dylib_file \"$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Versions/A/Security:$(SYMROOT)/Security.framework/Versions/A/Security\" -dylib_file \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices:$(SYMROOT)/OSServices.framework/Versions/A/OSServices\" -dylib_file \"$(SYSTEM_LIBRARY_DIR)/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI:$(SYMROOT)/SecurityHI.framework/Versions/A/SecurityHI\""; - }; - isa = PBXBuildStyle; - name = "Build Folder"; - }; -//300 -//301 -//302 -//303 -//304 -//3C0 -//3C1 -//3C2 -//3C3 -//3C4 - 3C5F1DF5FEAFCCDC11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0005; - refType = 4; - sourceTree = ""; - }; - 3C5F1DF6FEAFCCDC11CD2A60 = { - fileRef = 3C5F1DF5FEAFCCDC11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 3C5F1DF7FEAFCE0911CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0006; - refType = 4; - sourceTree = ""; - }; - 3C5F1DF8FEAFCE0911CD2A60 = { - fileRef = 3C5F1DF7FEAFCE0911CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 3C5F1DF9FEAFCEAF11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0007; - refType = 4; - sourceTree = ""; - }; - 3C5F1DFAFEAFCEAF11CD2A60 = { - fileRef = 3C5F1DF9FEAFCEAF11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 3C5F1DFBFEAFCF4611CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0008; - refType = 4; - sourceTree = ""; - }; - 3C5F1DFCFEAFCF4611CD2A60 = { - fileRef = 3C5F1DFBFEAFCF4611CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 3C5F1DFDFEAFE1B711CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0009; - refType = 4; - sourceTree = ""; - }; - 3C5F1DFEFEAFE1B711CD2A60 = { - fileRef = 3C5F1DFDFEAFE1B711CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 3CB71739FFAE65EC11CD287F = { - fileRef = 1B0D0AB8FEAD1D8211CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 3CB7173AFFAE65EC11CD287F = { - fileRef = 00C8F08AFE9ED53D11CD2A60; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 3CB7173BFFAE660711CD287F = { - fileRef = 00C85A55FEA53F3711CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 3CB7173CFFAE660711CD287F = { - fileRef = 00C85A54FEA53F3711CD2A60; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 3CB7173FFFAE662911CD287F = { - fileRef = 00C8F07BFE9ED53D11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 3CB71740FFAE662911CD287F = { - fileRef = 00C8F07AFE9ED53D11CD2A60; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 3CB71741FFAE663611CD287F = { - fileRef = 00C8F07DFE9ED53D11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 3CB71742FFAE663611CD287F = { - fileRef = 00C8F07CFE9ED53D11CD2A60; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 3CB71743FFAE666411CD287F = { - fileRef = 00C8F07FFE9ED53D11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 3CB71744FFAE666411CD287F = { - fileRef = 00C8F081FE9ED53D11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 3CB71745FFAE666411CD287F = { - fileRef = 00C8F083FE9ED53D11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 3CB71746FFAE666411CD287F = { - fileRef = 00C8F085FE9ED53D11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 3CB71747FFAE666411CD287F = { - fileRef = 00C8F087FE9ED53D11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 3CB71748FFAE666411CD287F = { - fileRef = 00C8F089FE9ED53D11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 3CB71749FFAE666411CD287F = { - fileRef = 00C8F07EFE9ED53D11CD2A60; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 3CB7174AFFAE666411CD287F = { - fileRef = 00C8F080FE9ED53D11CD2A60; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 3CB7174BFFAE666411CD287F = { - fileRef = 00C8F082FE9ED53D11CD2A60; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 3CB7174CFFAE666411CD287F = { - fileRef = 00C8F084FE9ED53D11CD2A60; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 3CB7174DFFAE666411CD287F = { - fileRef = 00C8F086FE9ED53D11CD2A60; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 3CB7174EFFAE666411CD287F = { - fileRef = 00C8F088FE9ED53D11CD2A60; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 3CB7174FFFAE66CD11CD287F = { - fileRef = 00C8F079FE9ED53D11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 3CB71751FFAE6A8B11CD287F = { - fileRef = 00C8F078FE9ED53D11CD2A60; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; -//3C0 -//3C1 -//3C2 -//3C3 -//3C4 -//400 -//401 -//402 -//403 -//404 - 40894A8BFEB0E0F911CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0011; - refType = 4; - sourceTree = ""; - }; - 40894A8CFEB0E0F911CD2A60 = { - fileRef = 40894A8BFEB0E0F911CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; -//400 -//401 -//402 -//403 -//404 -//430 -//431 -//432 -//433 -//434 - 439B82D3FEB12E9C11CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0012; - refType = 4; - sourceTree = ""; - }; - 439B82D4FEB12E9C11CD2A60 = { - fileRef = 439B82D3FEB12E9C11CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; - 439B82D7FEB134D611CD2A60 = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0001.001; - refType = 4; - sourceTree = ""; - }; - 439B82D8FEB134D611CD2A60 = { - fileRef = 439B82D7FEB134D611CD2A60; - isa = PBXBuildFile; - settings = { - }; - }; -//430 -//431 -//432 -//433 -//434 -//F50 -//F51 -//F52 -//F53 -//F54 - F51787050086346001CD2B7F = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = text; - path = script0035; - refType = 4; - sourceTree = ""; - }; - F51787060086346001CD2B7F = { - fileRef = F51787050086346001CD2B7F; - isa = PBXBuildFile; - settings = { - }; - }; - F556AF770107963D01CD283A = { - isa = PBXFileReference; - lastKnownFileType = wrapper.framework; - name = Security.framework; - path = /System/Library/Frameworks/Security.framework; - refType = 0; - sourceTree = ""; - }; - F556AF780107963D01CD283A = { - fileRef = F556AF770107963D01CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - }; - rootObject = 20286C28FDCF999611CA2CEA; -} diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_CString.cpp b/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_CString.cpp deleted file mode 100644 index 3786f79f..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_CString.cpp +++ /dev/null @@ -1,445 +0,0 @@ -// ====================================================================== -// File: KCAPI_CString.cpp -// -// Operation classes for KC Manager APIs that use "C" strings -// - kcunlock -// - kccreatekeychain -// - kcgetkeychainname -// - kcaddapplesharepassword -// - kcfindapplesharepassword -// - kcaddinternetpassword -// - kcaddinternetpasswordwithpath -// - kcfindinternetpassword -// - kcfindinternetpasswordwithpath -// - kcaddgenericpassword -// - kcfindgenericpassword -// -// -// Copyright: Copyright (c) 2000,2003,2006 Apple Computer, Inc. All Rights Reserved. -// -// Change History (most recent first): -// -// <1> 3/1/00 em Created. -// ====================================================================== -#include "KCAPI_CString.h" -#include "KCParamUtility.h" - -#if TARGET_RT_MAC_MACHO - #include - #include - #include -#else - #include -#endif -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kcunlock -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_kcunlock::COp_kcunlock() - :mPassword("Password") -{ - AddParam(mKeychainIndex); - AddParam(mPassword); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_kcunlock::Operate() -{ - mStatus = ::kcunlock( - GetKeychain(), - (const char *)((StringPtr)mPassword+1)); - return(mStatus); -} - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kccreatekeychain -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_kccreatekeychain::COp_kccreatekeychain() - :mPassword("Password") -{ - AddParam(mPassword); - AddResult(mKeychainIndex); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_kccreatekeychain::Operate() -{ - KCRef aKeychain = NULL; - mStatus = ::kccreatekeychain( - (const char *)((StringPtr)mPassword+1), - (KCRef*)&aKeychain); - AddKeychain(aKeychain); - return(mStatus); -} - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kcgetkeychainname -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_kcgetkeychainname::COp_kcgetkeychainname() - :mKeychainName("KeychainName") -{ - AddParam(mKeychainIndex); - AddResult(mKeychainName); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_kcgetkeychainname::Operate() -{ - mStatus = ::kcgetkeychainname( - GetKeychain(), - (char*)((StringPtr)mKeychainName+1)); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kcaddapplesharepassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_kcaddapplesharepassword::COp_kcaddapplesharepassword() - :mServerSignature("ServerSignature"), - mServerAddress("ServerAddress"), - mServerName("ServerName"), - mVolumeName("VolumeName"), - mAccountName("AccountName"), - mPassword("Password") -{ - AddParam(mServerSignature); - AddParam(mServerAddress); - AddParam(mServerName); - AddParam(mVolumeName); - AddParam(mAccountName); - AddParam(mPassword); - - AddResult(mItemIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_kcaddapplesharepassword::Operate() -{ - KCItemRef aItem = NULL; - mStatus = ::kcaddapplesharepassword( - &static_cast(mServerSignature).data, - (const char *)((StringPtr)mServerAddress+1), - (const char *)((StringPtr)mServerName+1), - (const char *)((StringPtr)mVolumeName+1), - (const char *)((StringPtr)mAccountName+1), - (UInt32)((kcBlob*)mPassword)->length, - (const void *)((kcBlob*)mPassword)->data, - (KCItemRef*)&aItem); - AddItem(aItem); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kcfindapplesharepassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_kcfindapplesharepassword::COp_kcfindapplesharepassword() - :mServerSignature("ServerSignature"), - mServerAddress("ServerAddress"), - mServerName("ServerName"), - mVolumeName("VolumeName"), - mAccountName("AccountName"), - mPassword("Password"), - mActualLength("ActualLength") -{ - AddParam(mServerSignature); - AddParam(mServerAddress); - AddParam(mServerName); - AddParam(mVolumeName); - AddParam(mAccountName); - AddParam(mPassword); - - AddResult(mPassword); - AddResult(mActualLength); - AddResult(mItemIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_kcfindapplesharepassword::Operate() -{ - KCItemRef aItem = NULL; - mStatus = ::kcfindapplesharepassword( - &static_cast(mServerSignature).data, - (const char *)((StringPtr)mServerAddress+1), - (const char *)((StringPtr)mServerName+1), - (const char *)((StringPtr)mVolumeName+1), - (const char *)((StringPtr)mAccountName+1), - (UInt32)((kcBlob*)mPassword)->length, - (void *)((kcBlob*)mPassword)->data, - (UInt32*)mActualLength, - (KCItemRef *)&aItem); - AddItem(aItem); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kcaddinternetpassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_kcaddinternetpassword::COp_kcaddinternetpassword() - :mServerName("ServerName"), - mSecurityDomain("SecurityDomain"), - mAccountName("AccountName"), - mPort("Port"), - mProtocol("Protocol"), - mAuthType("AuthType"), - mPassword("Password") -{ - AddParam(mServerName); - AddParam(mSecurityDomain); - AddParam(mAccountName); - AddParam(mPort); - AddParam(mProtocol); - AddParam(mAuthType); - AddParam(mPassword); - - AddResult(mItemIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_kcaddinternetpassword::Operate() -{ - KCItemRef aItem = NULL; - mStatus = ::kcaddinternetpassword( - (const char *)((StringPtr)mServerName+1), - (const char *)((StringPtr)mSecurityDomain+1), - (const char *)((StringPtr)mAccountName+1), - (UInt16)mPort, - (OSType)mProtocol, - (OSType)mAuthType, - (UInt32)((kcBlob*)mPassword)->length, - (const void *)((kcBlob*)mPassword)->data, - (KCItemRef *)&aItem); - - AddItem(aItem); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kcaddinternetpasswordwithpath -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_kcaddinternetpasswordwithpath::COp_kcaddinternetpasswordwithpath() - :mServerName("ServerName"), - mSecurityDomain("SecurityDomain"), - mAccountName("AccountName"), - mPath("Path"), - mPort("Port"), - mProtocol("Protocol"), - mAuthType("AuthType"), - mPassword("Password") -{ - AddParam(mServerName); - AddParam(mSecurityDomain); - AddParam(mAccountName); - AddParam(mPath); - AddParam(mPort); - AddParam(mProtocol); - AddParam(mAuthType); - AddParam(mPassword); - - AddResult(mItemIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_kcaddinternetpasswordwithpath::Operate() -{ - KCItemRef aItem = NULL; - mStatus = ::kcaddinternetpasswordwithpath( - (const char *)((StringPtr)mServerName+1), - (const char *)((StringPtr)mSecurityDomain+1), - (const char *)((StringPtr)mAccountName+1), - (const char *)((StringPtr)mPath+1), - (UInt16)mPort, - (OSType)mProtocol, - (OSType)mAuthType, - (UInt32)((kcBlob*)mPassword)->length, - (const void *)((kcBlob*)mPassword)->data, - (KCItemRef *)&aItem); - - AddItem(aItem); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kcfindinternetpassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_kcfindinternetpassword::COp_kcfindinternetpassword() - :mServerName("ServerName"), - mSecurityDomain("SecurityDomain"), - mAccountName("AccountName"), - mPort("Port"), - mProtocol("Protocol"), - mAuthType("AuthType"), - mPassword("Password"), - mActualLength("ActualLength") -{ - AddParam(mServerName); - AddParam(mSecurityDomain); - AddParam(mAccountName); - AddParam(mPort); - AddParam(mProtocol); - AddParam(mAuthType); - AddParam(mPassword); - - AddResult(mPassword); - AddResult(mActualLength); - AddResult(mItemIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_kcfindinternetpassword::Operate() -{ - KCItemRef aItem = NULL; - mStatus = ::kcfindinternetpassword( - (const char *)((StringPtr)mServerName+1), - (const char *)((StringPtr)mSecurityDomain+1), - (const char *)((StringPtr)mAccountName+1), - (UInt16)mPort, - (OSType)mProtocol, - (OSType)mAuthType, - (UInt32)((kcBlob*)mPassword)->length, - (void *)((kcBlob*)mPassword)->data, - (UInt32*)mActualLength, - (KCItemRef*)&aItem); - AddItem(aItem); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kcfindinternetpasswordwithpath -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_kcfindinternetpasswordwithpath::COp_kcfindinternetpasswordwithpath() - :mServerName("ServerName"), - mSecurityDomain("SecurityDomain"), - mAccountName("AccountName"), - mPath("Path"), - mPort("Port"), - mProtocol("Protocol"), - mAuthType("AuthType"), - mPassword("Password"), - mActualLength("ActualLength") -{ - AddParam(mServerName); - AddParam(mSecurityDomain); - AddParam(mAccountName); - AddParam(mPath); - AddParam(mPort); - AddParam(mProtocol); - AddParam(mAuthType); - AddParam(mPassword); - - AddResult(mPassword); - AddResult(mActualLength); - AddResult(mItemIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_kcfindinternetpasswordwithpath::Operate() -{ - KCItemRef aItem = NULL; - mStatus = ::kcfindinternetpasswordwithpath( - (const char *)((StringPtr)mServerName+1), - (const char *)((StringPtr)mSecurityDomain+1), - (const char *)((StringPtr)mAccountName+1), - (const char *)((StringPtr)mPath+1), - (UInt16)mPort, - (OSType)mProtocol, - (OSType)mAuthType, - (UInt32)((kcBlob*)mPassword)->length, - (void *)((kcBlob*)mPassword)->data, - (UInt32*)mActualLength, - (KCItemRef*)&aItem); - AddItem(aItem); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kcaddgenericpassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_kcaddgenericpassword::COp_kcaddgenericpassword() - :mServiceName("ServiceName"), - mAccountName("AccountName"), - mPassword("Password") -{ - AddParam(mServiceName); - AddParam(mAccountName); - AddParam(mPassword); - - AddResult(mItemIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_kcaddgenericpassword::Operate() -{ - KCItemRef aItem = NULL; - mStatus = ::kcaddgenericpassword( - (const char *)((StringPtr)mServiceName+1), - (const char *)((StringPtr)mAccountName+1), - (UInt32)((kcBlob*)mPassword)->length, - (const void *)((kcBlob*)mPassword)->data, - (KCItemRef*)&aItem); - AddItem(aItem); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kcfindgenericpassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_kcfindgenericpassword::COp_kcfindgenericpassword() - :mServiceName("ServiceName"), - mAccountName("AccountName"), - mPassword("Password"), - mActualLength("ActualLength") -{ - AddParam(mServiceName); - AddParam(mAccountName); - AddParam(mPassword); - - AddResult(mPassword); - AddResult(mActualLength); - AddResult(mItemIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_kcfindgenericpassword::Operate() -{ - KCItemRef aItem = NULL; - mStatus = ::kcfindgenericpassword( - (const char *)((StringPtr)mServiceName+1), - (const char *)((StringPtr)mAccountName+1), - (UInt32)((kcBlob*)mPassword)->length, - (void *)((kcBlob*)mPassword)->data, - (UInt32*)mActualLength, - (KCItemRef*)&aItem); - AddItem(aItem); - return(mStatus); -} diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_CString.h b/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_CString.h deleted file mode 100644 index 47342f5a..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_CString.h +++ /dev/null @@ -1,213 +0,0 @@ -// ====================================================================== -// File: KCAPI_CString.h -// -// Operation classes for KC Manager APIs that use "C" strings -// - kcunlock -// - kccreatekeychain -// - kcgetkeychainname -// - kcaddapplesharepassword -// - kcfindapplesharepassword -// - kcaddinternetpassword -// - kcaddinternetpasswordwithpath -// - kcfindinternetpassword -// - kcfindinternetpasswordwithpath -// - kcaddgenericpassword -// - kcfindgenericpassword -// -// -// Copyright: Copyright (c) 2000,2003 Apple Computer, Inc. All Rights Reserved. -// -// Change History (most recent first): -// -// <1> 3/1/00 em Created. -// ====================================================================== -#ifndef __KCAPI_CSTRING__ -#define __KCAPI_CSTRING__ -#include "KCOperation.h" -#include "KCOperationID.h" -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kcunlock -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_kcunlock : public KCOperation -{ -public: -OPERATION_ID(kcunlock) - COp_kcunlock(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mPassword; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kccreatekeychain -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_kccreatekeychain : public KCOperation -{ -public: -OPERATION_ID(kccreatekeychain) - COp_kccreatekeychain(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mPassword; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kcgetkeychainname -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_kcgetkeychainname : public KCOperation -{ -public: -OPERATION_ID(kcgetkeychainname) - COp_kcgetkeychainname(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mKeychainName; -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kcaddapplesharepassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_kcaddapplesharepassword : public KCItemOperation -{ -public: -OPERATION_ID(kcaddapplesharepassword) - COp_kcaddapplesharepassword(); - virtual OSStatus Operate(); -protected: - CParamAFPServerSignature mServerSignature; - CParamStringPtr mServerAddress; - CParamStringPtr mServerName; - CParamStringPtr mVolumeName; - CParamStringPtr mAccountName; - CParamkcBlob mPassword; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kcfindapplesharepassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_kcfindapplesharepassword : public KCItemOperation -{ -public: -OPERATION_ID(kcfindapplesharepassword) - COp_kcfindapplesharepassword(); - virtual OSStatus Operate(); -protected: - CParamAFPServerSignature mServerSignature; - CParamStringPtr mServerAddress; - CParamStringPtr mServerName; - CParamStringPtr mVolumeName; - CParamStringPtr mAccountName; - CParamkcBlob mPassword; - CParamUInt32 mActualLength; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kcaddinternetpassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_kcaddinternetpassword : public KCItemOperation -{ -public: -OPERATION_ID(kcaddinternetpassword) - COp_kcaddinternetpassword(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mServerName; - CParamStringPtr mSecurityDomain; - CParamStringPtr mAccountName; - CParamUInt16 mPort; - CParamOSType mProtocol; - CParamOSType mAuthType; - CParamkcBlob mPassword; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kcaddinternetpasswordwithpath -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_kcaddinternetpasswordwithpath : public KCItemOperation -{ -public: -OPERATION_ID(kcaddinternetpasswordwithpath) - COp_kcaddinternetpasswordwithpath(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mServerName; - CParamStringPtr mSecurityDomain; - CParamStringPtr mAccountName; - CParamStringPtr mPath; - CParamUInt16 mPort; - CParamOSType mProtocol; - CParamOSType mAuthType; - CParamkcBlob mPassword; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kcfindinternetpassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_kcfindinternetpassword : public KCItemOperation -{ -public: -OPERATION_ID(kcfindinternetpassword) - COp_kcfindinternetpassword(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mServerName; - CParamStringPtr mSecurityDomain; - CParamStringPtr mAccountName; - CParamUInt16 mPort; - CParamOSType mProtocol; - CParamOSType mAuthType; - CParamkcBlob mPassword; - CParamUInt32 mActualLength; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kcfindinternetpasswordwithpath -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_kcfindinternetpasswordwithpath : public KCItemOperation -{ -public: -OPERATION_ID(kcfindinternetpasswordwithpath) - COp_kcfindinternetpasswordwithpath(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mServerName; - CParamStringPtr mSecurityDomain; - CParamStringPtr mAccountName; - CParamStringPtr mPath; - CParamUInt16 mPort; - CParamOSType mProtocol; - CParamOSType mAuthType; - CParamkcBlob mPassword; - CParamUInt32 mActualLength; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kcaddgenericpassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_kcaddgenericpassword : public KCItemOperation -{ -public: -OPERATION_ID(kcaddgenericpassword) - COp_kcaddgenericpassword(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mServiceName; - CParamStringPtr mAccountName; - CParamkcBlob mPassword; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_kcfindgenericpassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_kcfindgenericpassword : public KCItemOperation -{ -public: -OPERATION_ID(kcfindgenericpassword) - COp_kcfindgenericpassword(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mServiceName; - CParamStringPtr mAccountName; - CParamkcBlob mPassword; - CParamUInt32 mActualLength; -}; -#endif // __KCAPI_CSTRING__ diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Cert.cpp b/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Cert.cpp deleted file mode 100644 index b3734566..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Cert.cpp +++ /dev/null @@ -1,88 +0,0 @@ -// ====================================================================== -// File: KCAPI_Cert.cpp -// -// Operation classes for APIs for working with Certificates -// - KCFindX509Certificates -// - KCChooseCertificate -// -// -// Copyright: Copyright (c) 2000,2003,2008 Apple Inc. All Rights Reserved. -// -// Change History (most recent first): -// -// <1> 3/1/00 em Created. -// ====================================================================== - -#include "KCAPI_Cert.h" -#include "KCParamUtility.h" - -#if TARGET_RT_MAC_MACHO - #include - #include - #include -#else - #include -#endif - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCFindX509Certificates -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCFindX509Certificates::COp_KCFindX509Certificates() -{ -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCFindX509Certificates::Operate() -{ -#if TARGET_RT_MAC_MACHO - throw("KCGetDataNoUI is not implemented"); -#else - KCRef mKeychain = NULL; - CFStringRef mName = NULL; - CFStringRef mEmailAddress = NULL; - KCCertSearchOptions mOptions; - CFMutableArrayRef mCertificateItems; - - mStatus = ::KCFindX509Certificates( - (KCRef)mKeychain, - (CFStringRef)mName, - (CFStringRef)mEmailAddress, - (KCCertSearchOptions)mOptions, - (CFMutableArrayRef *)&mCertificateItems); -#endif - return(mStatus); -} - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCChooseCertificate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCChooseCertificate::COp_KCChooseCertificate() -{ -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCChooseCertificate::Operate() -{ -/* - CFArrayRef mItems = NULL; - KCItemRef mCertificate = NULL; - CFArrayRef mPolicyOIDs = NULL; - KCVerifyStopOn mStopOn; - - mStatus = ::KCChooseCertificate( - (CFArrayRef)mItems, - (KCItemRef *)&mCertificate, - (CFArrayRef)mPolicyOIDs, - (KCVerifyStopOn)mStopOn); -*/ -printf("WARNING : ChooseCertificate cannot be linked\n"); - return(mStatus); -} diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Cert.h b/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Cert.h deleted file mode 100644 index 12937f5e..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Cert.h +++ /dev/null @@ -1,51 +0,0 @@ -// ====================================================================== -// File: KCAPI_Cert.h -// -// Operation classes for APIs for working with Certificates -// - KCFindX509Certificates -// - KCChooseCertificate -// -// -// Copyright: Copyright (c) 2000,2003 Apple Computer, Inc. All Rights Reserved. -// -// Change History (most recent first): -// -// <1> 3/1/00 em Created. -// ====================================================================== - -#ifndef __KCAPI_CERT__ -#define __KCAPI_CERT__ - -#include "KCOperation.h" -#include "KCOperationID.h" - - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCFindX509Certificates -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCFindX509Certificates : public KCOperation -{ -public: -OPERATION_ID(KCFindX509Certificates) - - COp_KCFindX509Certificates(); - virtual OSStatus Operate(); - -protected: -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCChooseCertificate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCChooseCertificate : public KCOperation -{ -public: -OPERATION_ID(KCChooseCertificate) - - COp_KCChooseCertificate(); - virtual OSStatus Operate(); - -protected: -}; - -#endif // __KCAPI_CERT__ diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Item.cpp b/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Item.cpp deleted file mode 100644 index 1c94dc3a..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Item.cpp +++ /dev/null @@ -1,512 +0,0 @@ -// ====================================================================== -// File: KCAPI_Item.cpp -// -// Operation classes for APIs to manage KC items -// - KCNewItem -// - KCSetAttribute -// - KCGetAttribute -// - KCSetData -// - KCGetData -// - KCGetDataNoUI -// - KCAddItem -// - KCAddItemNoUI -// - KCDeleteItem -// - KCDeleteItemNoUI -// - KCUpdateItem -// - KCReleaseItem -// - KCCopyItem -// -// Operation classes for APIs for searching and enumertating KC items -// - KCFindFirstItem -// - KCFindNextItem -// - KCReleaseSearch -// -// -// Copyright: Copyright (c) 2000,2003 Apple Computer, Inc. All Rights Reserved. -// -// Change History (most recent first): -// -// <1> 3/1/00 em Created. -// ====================================================================== - - -#include "KCAPI_Item.h" -#include "KCParamUtility.h" - -#if TARGET_RT_MAC_MACHO - #include - #include - #include -#else - #include -#endif - - - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCNewItem -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCNewItem::COp_KCNewItem() - :mItemClass("Class"), - mItemCreator("Creator"), - mData("Data") -{ - AddParam(mItemClass); - AddParam(mItemCreator); - AddParam(mData); - - AddResult(mItemIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCNewItem::Operate() -{ - KCItemRef aKCItemRef = NULL; - mStatus = ::KCNewItem( - (KCItemClass)mItemClass, - (OSType)mItemCreator, - (UInt32)((kcBlob*)mData)->length, - (const void *)((kcBlob*)mData)->data, - (KCItemRef *)&aKCItemRef); - - AddItem(aKCItemRef); - return(mStatus); -} - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCSetAttribute -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCSetAttribute::COp_KCSetAttribute() - :mAttribute("Attribute") -{ - AddParam(mItemIndex); - AddParam(mAttribute); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCSetAttribute::Operate() -{ - mStatus = ::KCSetAttribute( - (KCItemRef)GetItem(), - (KCAttribute *)mAttribute); - return(mStatus); -} - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCGetAttribute -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCGetAttribute::COp_KCGetAttribute() - :mAttribute("Attribute"), - mActualLength("ActualLength") -{ - AddParam(mItemIndex); - AddParam(mAttribute); - - AddResult(mAttribute); - AddResult(mActualLength); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCGetAttribute::Operate() -{ - mStatus = ::KCGetAttribute( - (KCItemRef)GetItem(), - (KCAttribute *)mAttribute, - (UInt32 *)mActualLength); - return(mStatus); -} - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCSetData -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCSetData::COp_KCSetData() - :mData("Data") -{ - AddParam(mItemIndex); - AddParam(mData); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCSetData::Operate() -{ - mStatus = ::KCSetData( - (KCItemRef)GetItem(), - (UInt32)((kcBlob*)mData)->length, - (const void *)((kcBlob*)mData)->data); - return(mStatus); -} - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCGetData -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCGetData::COp_KCGetData() - :mData("Data"), - mActualLength("ActualLength") -{ - AddParam(mItemIndex); - AddParam(mData); - - AddResult(mData); - AddResult(mActualLength); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCGetData::Operate() -{ - mStatus = ::KCGetData( - (KCItemRef)GetItem(), - (UInt32)((kcBlob*)mData)->length, - (void *)((kcBlob*)mData)->data, - (UInt32 *)mActualLength); - - return(mStatus); -} - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCGetDataNoUI -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -/* -COp_KCGetDataNoUI::COp_KCGetDataNoUI() - :mData("Data"), - mActualLength("ActualLength") -{ - AddParam(mItemIndex); - AddParam(mData); - - AddResult(mData); - AddResult(mActualLength); -} -*/ -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -/* -OSStatus -COp_KCGetDataNoUI::Operate() -{ -//#if TARGET_RT_MAC_MACHO - mStatus = ::KCGetDataNoUI((KCItemRef)GetItem(), - (UInt32)((kcBlob*)mData)->length, - (void *)((kcBlob*)mData)->data, - (UInt32 *)mActualLength); -//#else -// throw("KCGetDataNoUI is not implemented"); -//#endif - return(mStatus); -} -*/ -/* -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Callback1 -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCGetDataNoUI::Callback1( - KCItemRef *outItemRef, - UInt32 *outMaxLength, - void **outData, - UInt32 **outActualLength, - void *inContext) -{ - COp_KCGetDataNoUI *thisObject = static_cast(inContext); - if(thisObject == NULL) return -1; - - *outItemRef = thisObject->GetItem(); - *outMaxLength = thisObject->GetMaxLength(); - *outData = thisObject->GetDataPtr(); - *outActualLength = thisObject->GetActualLengthPtr(); - return(noErr); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ CallBack2 -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCGetDataNoUI::Callback2( - void *inContext) -{ - return noErr; -} -*/ - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCAddItem -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCAddItem::COp_KCAddItem() -{ - AddParam(mItemIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCAddItem::Operate() -{ - mStatus = ::KCAddItem((KCItemRef)GetItem()); - return(mStatus); -} - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCAddItemNoUI -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCAddItemNoUI::COp_KCAddItemNoUI() -{ - AddParam(mItemIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCAddItemNoUI::Operate() -{ -#if TARGET_RT_MAC_MACHO - KCRef keychainRef=NULL; //%%% add test for non-default keychain - mStatus = ::KCAddItemNoUI(keychainRef,GetItem()); -#else - throw("COp_KCAddItemNoUI is not implemented"); -#endif - return(mStatus); -} - -/* -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCAddItemNoUI -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCAddItemNoUI::Callback( - KCItemRef *outItem, - void *inContext) -{ - COp_KCAddItemNoUI *thisObject = static_cast(inContext); - if(thisObject == NULL) return -1; - - *outItem = thisObject->GetItem(); - return noErr; -} -*/ - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCDeleteItem -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCDeleteItem::COp_KCDeleteItem() -{ - AddParam(mItemIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCDeleteItem::Operate() -{ - mStatus = ::KCDeleteItem(GetItem()); - return(mStatus); -} - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCDeleteItemNoUI -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCDeleteItemNoUI::COp_KCDeleteItemNoUI() -{ - AddParam(mItemIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCDeleteItemNoUI::Operate() -{ -#if TARGET_RT_MAC_MACHO -//%%%couldn't link? -// mStatus = ::KCDeleteItemNoUI( -// (KCDeleteItemNoUIProcPtr)COp_KCDeleteItemNoUI::CallBack, -// (void*)this); - throw("KCDeleteItemNoUI is not implemented"); -#else - throw("KCDeleteItemNoUI is not implemented"); -#endif - return(mStatus); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ CallBack -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCDeleteItemNoUI::CallBack( - KCItemRef *outItem, - void *inContext) -{ - COp_KCAddItemNoUI *thisObject = static_cast(inContext); - if(thisObject == NULL) return -1; - - *outItem = thisObject->GetItem(); - return noErr; -} - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCUpdateItem -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCUpdateItem::COp_KCUpdateItem() -{ - AddParam(mItemIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCUpdateItem::Operate() -{ - mStatus = ::KCUpdateItem((KCItemRef)GetItem()); - return(mStatus); -} - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCReleaseItem -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCReleaseItem::COp_KCReleaseItem() -{ - AddParam(mItemIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCReleaseItem::Operate() -{ - KCItemRef aItem = GetItem(); - mStatus = ::KCReleaseItem(&aItem); - return(mStatus); -} - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCCopyItem -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCCopyItem::COp_KCCopyItem() -{ - AddParam(mKeychainIndex); - AddParam(mItemIndex); - AddResult(mItemIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCCopyItem::Operate() -{ - KCItemRef aItem = NULL; - mStatus = ::KCCopyItem( - GetItem(), - GetKeychain(), - &aItem); - AddItem(aItem); - return(mStatus); -} - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCFindFirstItem -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCFindFirstItem::COp_KCFindFirstItem() - :mAttrList("AttributeList") -{ - AddParam(mKeychainIndex); - AddParam(mAttrList); - AddResult(mSearchIndex); - AddResult(mItemIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCFindFirstItem::Operate() -{ - KCSearchRef aSearch = NULL; - KCItemRef aItem = NULL; - mStatus = ::KCFindFirstItem( - GetKeychain(), - (const KCAttributeList *)mAttrList, - &aSearch, - &aItem); - - AddSearch(aSearch); - AddItem(aItem); - return(mStatus); -} - - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCFindNextItem -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCFindNextItem::COp_KCFindNextItem() -{ - AddParam(mSearchIndex); - AddResult(mItemIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCFindNextItem::Operate() -{ - KCItemRef aItem = NULL; - mStatus = ::KCFindNextItem( - GetSearch(), - &aItem); - AddItem(aItem); - return(mStatus); -} - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCReleaseSearch -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCReleaseSearch::COp_KCReleaseSearch() -{ - AddParam(mSearchIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCReleaseSearch::Operate() -{ - KCSearchRef aSearch = GetSearch(); - mStatus = ::KCReleaseSearch(&aSearch); - return(mStatus); -} diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Item.h b/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Item.h deleted file mode 100644 index 946f2b39..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Item.h +++ /dev/null @@ -1,298 +0,0 @@ -// ====================================================================== -// File: KCAPI_Item.h -// -// Operation classes for APIs to manage KC items -// - KCNewItem -// - KCSetAttribute -// - KCGetAttribute -// - KCSetData -// - KCGetData -// - KCGetDataNoUI -// - KCAddItem -// - KCAddItemNoUI -// - KCDeleteItem -// - KCDeleteItemNoUI -// - KCUpdateItem -// - KCReleaseItem -// - KCCopyItem -// -// Operation classes for APIs for searching and enumertating KC items -// - KCFindFirstItem -// - KCFindNextItem -// - KCReleaseSearch -// -// Copyright: Copyright (c) 2000,2003 Apple Computer, Inc. All Rights Reserved. -// -// Change History (most recent first): -// -// <1> 3/1/00 em Created. -// ====================================================================== - -#ifndef __KCAPI_ITEM__ -#define __KCAPI_ITEM__ - -#include "KCOperation.h" -#include "KCOperationID.h" - - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCNewItem -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCNewItem : public KCItemOperation -{ -public: -OPERATION_ID(KCNewItem) - - COp_KCNewItem(); - virtual OSStatus Operate(); - -protected: - CParamKCItemClass mItemClass; - CParamOSType mItemCreator; - CParamkcBlob mData; - -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCSetAttribute -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCSetAttribute : public KCItemOperation -{ -public: -OPERATION_ID(KCSetAttribute) - - COp_KCSetAttribute(); - virtual OSStatus Operate(); - -protected: - CParamKCAttribute mAttribute; -}; - - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCGetAttribute -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCGetAttribute : public KCItemOperation -{ -public: -OPERATION_ID(KCGetAttribute) - - COp_KCGetAttribute(); - virtual OSStatus Operate(); - -protected: - CParamKCAttribute mAttribute; - CParamUInt32 mActualLength; -}; - - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCSetData -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCSetData : public KCItemOperation -{ -public: -OPERATION_ID(KCSetData) - - COp_KCSetData(); - virtual OSStatus Operate(); - -protected: - CParamkcBlob mData; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCGetData -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCGetData : public KCItemOperation -{ -public: -OPERATION_ID(KCGetData) - - COp_KCGetData(); - virtual OSStatus Operate(); - -protected: - CParamkcBlob mData; - CParamUInt32 mActualLength; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCGetDataNoUI -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -/* -class COp_KCGetDataNoUI : public KCItemOperation -{ -public: -OPERATION_ID(KCGetDataNoUI) - - COp_KCGetDataNoUI(); - virtual OSStatus Operate(); - -protected: - CParamkcBlob mData; - CParamUInt32 mActualLength; - -*/ -/* static OSStatus Callback1( - KCItemRef *outItemRef, - UInt32 *outMaxLength, - void **outData, - UInt32 **outActualLength, - void *inContext); - - static OSStatus Callback2( - void *inContext); -*/ -//}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCAddItem -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCAddItem : public KCItemOperation -{ -public: -OPERATION_ID(KCAddItem) - - COp_KCAddItem(); - virtual OSStatus Operate(); - -protected: -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCAddItemNoUI -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCAddItemNoUI : public KCItemOperation -{ -public: -OPERATION_ID(KCAddItemNoUI) - - COp_KCAddItemNoUI(); - virtual OSStatus Operate(); - -protected: - static OSStatus Callback( - KCItemRef *outItem, - void *inContext); -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCDeleteItem -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCDeleteItem : public KCItemOperation -{ -public: -OPERATION_ID(KCDeleteItem) - - COp_KCDeleteItem(); - virtual OSStatus Operate(); - -protected: -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCDeleteItemNoUI -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCDeleteItemNoUI : public KCItemOperation -{ -public: -OPERATION_ID(KCDeleteItemNoUI) - - COp_KCDeleteItemNoUI(); - virtual OSStatus Operate(); - -protected: - static OSStatus CallBack( - KCItemRef *outItem, - void *inContext); -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCUpdateItem -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCUpdateItem : public KCItemOperation -{ -public: -OPERATION_ID(KCUpdateItem) - - COp_KCUpdateItem(); - virtual OSStatus Operate(); - -protected: -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCReleaseItem -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCReleaseItem : public KCItemOperation -{ -public: -OPERATION_ID(KCReleaseItem) - - COp_KCReleaseItem(); - virtual OSStatus Operate(); - -protected: -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCCopyItem -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCCopyItem : public KCItemOperation -{ -public: -OPERATION_ID(KCCopyItem) - - COp_KCCopyItem(); - virtual OSStatus Operate(); - -protected: -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCFindFirstItem -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCFindFirstItem : public KCSearchOperation -{ -public: -OPERATION_ID(KCFindFirstItem) - - COp_KCFindFirstItem(); - virtual OSStatus Operate(); - -protected: - CParamKCAttributeList mAttrList; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCFindNextItem -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCFindNextItem : public KCSearchOperation -{ -public: -OPERATION_ID(KCFindNextItem) - - COp_KCFindNextItem(); - virtual OSStatus Operate(); - -protected: -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCReleaseSearch -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCReleaseSearch : public KCSearchOperation -{ -public: -OPERATION_ID(KCReleaseSearch) - - COp_KCReleaseSearch(); - virtual OSStatus Operate(); - -protected: -}; - -#endif // __KCAPI_ITEM__ - - diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Keychain.cpp b/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Keychain.cpp deleted file mode 100644 index 725d62bf..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Keychain.cpp +++ /dev/null @@ -1,784 +0,0 @@ -// ====================================================================== -// File: KCAPI_Keychain.cpp -// -// Operation classes for core KC APIs: -// - KCMakeKCRefFromFSRef -// - KCMakeKCRefFromFSSpec -// - KCMakeKCRefFromAlias -// - KCMakeAliasFromKCRef -// - KCReleaseKeychain -// - KCUnlockNoUI -// - KCUnlock -// - KCUnlockWithInfo -// - KCLock -// - KCLockNoUI -// - KCGetDefaultKeychain -// - KCSetDefaultKeychain -// - KCCreateKeychain -// - KCCreateKeychainNoUI -// - KCGetStatus -// - KCChangeSettingsNoUI -// - KCGetKeychain -// - KCGetKeychainName -// - KCChangeSettings -// - KCCountKeychains -// - KCGetIndKeychain -// - KCAddCallback -// - KCRemoveCallback -// - KCSetInteractionAllowed -// - KCIsInteractionAllowed -// -// Copyright: Copyright (c) 2000,2003 Apple Computer, Inc. All Rights Reserved. -// -// Change History (most recent first): -// -// <1> 2/25/00 em Created. -// ====================================================================== -#include "KCAPI_Keychain.h" - -#if TARGET_RT_MAC_MACHO - #include -#endif - -#include -#undef check -UInt32 COp_KCAddCallback::sCounter[] = {0,0,0,0,0,0,0,0,0,0,0}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCMakeKCRefFromFSRef -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCMakeKCRefFromFSRef::COp_KCMakeKCRefFromFSRef() - :mFSRef("FSRef") -{ - AddParam(mFSRef); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCMakeKCRefFromFSRef::Operate() -{ - throw("KCMakeKCRefFromFSRef is not implemented"); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCMakeKCRefFromFSSpec -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCMakeKCRefFromFSSpec::COp_KCMakeKCRefFromFSSpec() - :mKeychainFile("KeychainFile") -{ - AddParam(mKeychainFile); - AddResult(mKeychainIndex); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCMakeKCRefFromFSSpec::Operate() -{ - KCRef aKeychain = NULL; - - mStatus = ::KCMakeKCRefFromFSSpec( - (FSSpec*)mKeychainFile, - &aKeychain); - - AddKeychain(aKeychain); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCMakeKCRefFromAlias -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCMakeKCRefFromAlias::COp_KCMakeKCRefFromAlias() -{ - AddParam(mAliasIndex); - AddResult(mKeychainIndex); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCMakeKCRefFromAlias::Operate() -{ - KCRef aKeychain = NULL; - AliasHandle alias = GetAlias(); - - mStatus = ::KCMakeKCRefFromAlias(alias, &aKeychain); - AddKeychain(aKeychain); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCMakeAliasFromKCRef -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCMakeAliasFromKCRef::COp_KCMakeAliasFromKCRef() -{ - AddParam(mKeychainIndex); - AddResult(mAliasIndex); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCMakeAliasFromKCRef::Operate() -{ - AliasHandle alias = GetAlias(); - mStatus = ::KCMakeAliasFromKCRef(GetKeychain(), (AliasHandle*)&alias); - AddAlias(alias); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCReleaseKeychain -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCReleaseKeychain::COp_KCReleaseKeychain() -{ - AddParam(mKeychainIndex); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCReleaseKeychain::Operate() -{ - KCRef aKeychain = GetKeychain(); - mStatus = ::KCReleaseKeychain(&aKeychain); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCLogout -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCLogout::COp_KCLogout() -{ -} - -OSStatus -COp_KCLogout::Operate() -{ - mStatus = ::KCLogout(); - - return(mStatus); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCLogin -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCLogin::COp_KCLogin() - :mName("Name"), - mPassword("Password") -{ - AddParam(mName); - AddParam(mPassword); -} - -OSStatus -COp_KCLogin::Operate() -{ - mStatus = ::KCLogin( (StringPtr)mName, (StringPtr)mPassword ); - - return(mStatus); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCChangeLoginPassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCChangeLoginPassword::COp_KCChangeLoginPassword() - :mOldPassword("OldPassword"), - mNewPassword("NewPassword") -{ - AddParam(mOldPassword); - AddParam(mNewPassword); -} - -OSStatus -COp_KCChangeLoginPassword::Operate() -{ - mStatus = ::KCChangeLoginPassword( (StringPtr)mOldPassword, (StringPtr)mNewPassword ); - - return(mStatus); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCUnlockNoUI -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCUnlockNoUI::COp_KCUnlockNoUI() - :mPassword("Password") -{ - AddParam(mKeychainIndex); - AddParam(mPassword); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCUnlockNoUI::Operate() -{ -//#if TARGET_RT_MAC_MACHO -//%%%¥¥¥¥¥¥¥ - KCRef aKeychain = GetKeychain(); - mStatus = ::KCUnlockNoUI( aKeychain, (StringPtr)mPassword); -// throw("KCUnlockNoUI not implemented"); -//#else -// throw("KCUnlockNoUI not implemented"); -//#endif - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCUnlock -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCUnlock::COp_KCUnlock() - :mPassword("Password") -{ - AddParam(mKeychainIndex); - AddParam(mPassword); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCUnlock::Operate() -{ - mStatus = ::KCUnlock(GetKeychain(), (StringPtr)mPassword); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCUnlockWithInfo -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCUnlockWithInfo::COp_KCUnlockWithInfo() - :mPassword("Password"), mMessage("Mesage") -{ - AddParam(mKeychainIndex); - AddParam(mPassword); - AddParam(mMessage); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCUnlockWithInfo::Operate() -{ -#if 0 //TARGET_RT_MAC_MACHO - mStatus = ::KCUnlockWithInfo(GetKeychain(), (StringPtr)mPassword, (StringPtr)mMessage); -#else - return unimpErr; - //throw("KCUnlockWithInfo is not implemented"); -#endif - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCLock -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCLock::COp_KCLock() -{ - AddParam(mKeychainIndex); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCLock::Operate() -{ - mStatus = ::KCLock(GetKeychain()); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCLockNoUI -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -/* -COp_KCLockNoUI::COp_KCLockNoUI() -{ - AddParam(mKeychainIndex); -} -*/ -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -/* -OSStatus -COp_KCLockNoUI::Operate() -{ -#if TARGET_RT_MAC_MACHO - mStatus = ::KCLockNoUI(GetKeychain()); -#else - throw("KCLockNoUI not implemented"); -#endif - return(mStatus); -} -#pragma mark - -*/ -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCGetDefaultKeychain -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCGetDefaultKeychain::COp_KCGetDefaultKeychain() -{ - AddResult(mKeychainIndex); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCGetDefaultKeychain::Operate() -{ - KCRef aKeychain = NULL; - mStatus = ::KCGetDefaultKeychain(&aKeychain); - AddKeychain(aKeychain); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCSetDefaultKeychain -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCSetDefaultKeychain::COp_KCSetDefaultKeychain() -{ - AddParam(mKeychainIndex); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCSetDefaultKeychain::Operate() -{ - mStatus = ::KCSetDefaultKeychain(GetKeychain()); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCCreateKeychain -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCCreateKeychain::COp_KCCreateKeychain() - :mPassword("Password") -{ - AddParam(mKeychainIndex); - AddParam(mPassword); - AddResult(mKeychainIndex); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCCreateKeychain::Operate() -{ - KCRef aKeychain = GetKeychain(); - mStatus = ::KCCreateKeychain((StringPtr)mPassword, &aKeychain); - AddKeychain(aKeychain); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCCreateKeychainNoUI -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCCreateKeychainNoUI::COp_KCCreateKeychainNoUI() - : mPassword("Password") -{ - AddParam(mKeychainIndex); - AddParam(mPassword); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCCreateKeychainNoUI::Operate() -{ -//#if TARGET_RT_MAC_MACHO - - KCRef aKeychain = GetKeychain(); - - mStatus = ::KCCreateKeychainNoUI(aKeychain, (StringPtr)mPassword); -//#else -// throw("KCCreateKeychainNoUI not implemented"); -//#endif - return(mStatus); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Callback -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCCreateKeychainNoUI::Callback( - KCRef *outKeychain, - StringPtr *outPassword, - void *inContext) -{ -/* COp_KCCreateKeychainNoUI *thisObject = static_cast(inContext); - if(thisObject == NULL) return -1; - -// FSSpec *aFileSpec = thisObject->GetKeychainFile(); - KCRef *aKeychain = thisObject->GetKeychainInCallback(); - StringPtr aPassword = thisObject->GetPassword(); - // OSStatus aStatus = ::KCMakeKCRefFromFSSpec(aFileSpec, aKeychain); - if(aStatus == noErr){ - *outKeychain = *aKeychain; - *outPassword = aPassword; - } - else{ - *outKeychain = NULL; - *outPassword = NULL; - } - - return aStatus; -*/ -return noErr; -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCGetStatus -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCGetStatus::COp_KCGetStatus() - :mKeychainStatus("KeychainStatus") -{ - AddParam(mKeychainIndex); - AddResult(mKeychainStatus); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCGetStatus::Operate() -{ - mStatus = ::KCGetStatus( - GetKeychain(), - (UInt32*)mKeychainStatus); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCChangeSettingsNoUI -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCChangeSettingsNoUI::COp_KCChangeSettingsNoUI() - :mLockOnSleep("LockOnSleep"), - mUseKCGetDataSound("UseKCGetDataSound"), - mUseKCGetDataAlert("UseKCGetDataAlert"), - mUseLockInterval("UseLockInterval"), - mLockInterval("LockInterval"), - mNewPassword("NewPassword"), - mOldPassword("OldPassword") -{ - AddParam(mLockOnSleep); - AddParam(mUseKCGetDataSound); - AddParam(mUseKCGetDataAlert); - AddParam(mUseLockInterval); - AddParam(mLockInterval); - AddParam(mNewPassword); - AddParam(mOldPassword); - AddParam(mKeychainIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCChangeSettingsNoUI::Operate() -{ -#if TARGET_RT_MAC_MACHO - - mChangeSettingsInfo.lockOnSleep = (Boolean)mLockOnSleep; -// mChangeSettingsInfo.useKCGetDataSound = (Boolean)mUseKCGetDataSound; -// mChangeSettingsInfo.useKCGetDataAlert = (Boolean)mUseKCGetDataAlert; - mChangeSettingsInfo.useLockInterval = (Boolean)mUseLockInterval; - mChangeSettingsInfo.lockInterval = (UInt32)mLockInterval; -// mChangeSettingsInfo.newPassword = (StringPtr)mNewPassword; -// mChangeSettingsInfo.oldPassword = (StringPtr)mOldPassword; - mChangeSettingsInfo.keychain = GetKeychain(); - -// mStatus = ::KCChangeSettingsNoUI( -// COp_KCChangeSettingsNoUI::Callback, -// this); - throw("KCChangeSettingsNoUI not implemented"); -#else - throw("KCChangeSettingsNoUI not implemented"); -#endif - return(mStatus); -} - -#if TARGET_RT_MAC_MACHO -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Callback -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCChangeSettingsNoUI::Callback( - KCChangeSettingsInfo * outSettings, - void * inContext) -{ - COp_KCChangeSettingsNoUI *thisObject = static_cast(inContext); - if(thisObject == NULL) return -1; - - // #2462430 - this should be : - // *outSettings = thisObject->GetSettingsInfoPtr(); - // where KCChangeSettingsInfo **outSettings - // - outSettings = thisObject->GetChangeSettingsInfoPtr(); - return noErr; -} -#endif - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCGetKeychain -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCGetKeychain::COp_KCGetKeychain() -{ - AddParam(mItemIndex); - AddResult(mKeychainIndex); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCGetKeychain::Operate() -{ - KCRef aKeychain; - mStatus = ::KCGetKeychain( - GetItem(), - &aKeychain); - AddKeychain(aKeychain); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCGetKeychainName -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCGetKeychainName::COp_KCGetKeychainName() - :mKeychainName("KeychainName") -{ - AddParam(mKeychainIndex); - AddResult(mKeychainName); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCGetKeychainName::Operate() -{ - mStatus = ::KCGetKeychainName( - GetKeychain(), - (StringPtr)mKeychainName); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCChangeSettings -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCChangeSettings::COp_KCChangeSettings() -{ - AddParam(mKeychainIndex); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCChangeSettings::Operate() -{ - mStatus = ::KCChangeSettings(GetKeychain()); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCCountKeychains -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCCountKeychains::COp_KCCountKeychains() - :mCount("Count") -{ - AddResult(mCount); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCCountKeychains::Operate() -{ - mStatus = noErr; - mCount = ::KCCountKeychains(); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCGetIndKeychain -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCGetIndKeychain::COp_KCGetIndKeychain() - :mIndex("Index") -{ - AddParam(mIndex); - AddResult(mKeychainIndex); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCGetIndKeychain::Operate() -{ - KCRef aKeychain = NULL; - mStatus = ::KCGetIndKeychain(mIndex, &aKeychain); - AddKeychain(aKeychain); - return(mStatus); -} -#pragma mark - -KCCallbackUPP COp_KCAddCallback::sCallbacks[] = - { NewKCCallbackUPP(COp_KCAddCallback::Callback0), - NewKCCallbackUPP(COp_KCAddCallback::Callback1), - NewKCCallbackUPP(COp_KCAddCallback::Callback2), - NewKCCallbackUPP(COp_KCAddCallback::Callback3), - NewKCCallbackUPP(COp_KCAddCallback::Callback4), - NewKCCallbackUPP(COp_KCAddCallback::Callback5), - NewKCCallbackUPP(COp_KCAddCallback::Callback6), - NewKCCallbackUPP(COp_KCAddCallback::Callback7), - NewKCCallbackUPP(COp_KCAddCallback::Callback8), - NewKCCallbackUPP(COp_KCAddCallback::Callback9), - NewKCCallbackUPP(COp_KCAddCallback::Callback10) }; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCAddCallback -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCAddCallback::COp_KCAddCallback() - :mEvent("KCEvent") -{ - AddParam(mEvent); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCAddCallback::Operate() -{ - mStatus = ::KCAddCallback( - COp_KCAddCallback::sCallbacks[mEvent], - (KCEventMask)(1 << (KCEvent)mEvent), - (void *)this); - return(mStatus); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -#define KCADDCALLBACK(N) \ -OSStatus \ -COp_KCAddCallback::Callback ## N( \ - KCEvent inKeychainEvent, \ - KCCallbackInfo *inInfo, \ - void *inContext) \ -{ \ - COp_KCAddCallback::sCounter[inKeychainEvent]++; \ - return noErr; \ -} - -KCADDCALLBACK(0) -KCADDCALLBACK(1) -KCADDCALLBACK(2) -KCADDCALLBACK(3) -KCADDCALLBACK(4) -KCADDCALLBACK(5) -KCADDCALLBACK(6) -KCADDCALLBACK(7) -KCADDCALLBACK(8) -KCADDCALLBACK(9) -KCADDCALLBACK(10) - -#undef KCADDCALLBACK - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCRemoveCallback -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCRemoveCallback::COp_KCRemoveCallback() - :mEvent("KCEvent"), - mIdleCount("IdleCount"), - mLockCount("LockCount"), - mUnlockCount("UnlockCount"), - mAddCount("AddCount"), - mDeleteCount("DeleteCount"), - mUpdateCount("UpdateCount"), - mChangeIdentityCount("ChangeIdentityCount"), - mFindCount("FindCount"), - mSystemCount("SystemCount"), - mDefaultChangedCount("DefaultChangedCount"), - mDataAccessCount("DataAccessCount") -{ - AddParam(mEvent); - - AddResult(mIdleCount); - AddResult(mLockCount); - AddResult(mUnlockCount); - AddResult(mAddCount); - AddResult(mDeleteCount); - AddResult(mUpdateCount); - AddResult(mChangeIdentityCount); - AddResult(mFindCount); - AddResult(mSystemCount); - AddResult(mDefaultChangedCount); - AddResult(mDataAccessCount); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCRemoveCallback::Operate() -{ - // Receive a few events so we make sure we get all pending notifications (callbacks) - EventRecord er; - for (int ix = 0; ix < 142; ix++) - GetNextEvent(0, &er); - - mStatus = ::KCRemoveCallback( - COp_KCAddCallback::sCallbacks[mEvent]); - - // Copy the current results - UInt16 i = 0; - tParamList::iterator aIterator = mResultList.begin(); - CParamUInt32 * aParam = static_cast(*aIterator); - while(aIterator != mResultList.end()){ - if(aParam){ - *aParam = COp_KCAddCallback::sCounter[i]; - i++; - } - aParam = static_cast(*(++aIterator)); - } - - // reset the counter - COp_KCAddCallback::sCounter[mEvent] = 0; - - return(mStatus); -} - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCSetInteractionAllowed -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCSetInteractionAllowed::COp_KCSetInteractionAllowed() - :mAllow("AllowInteraction") -{ - AddParam(mAllow); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCSetInteractionAllowed::Operate() -{ - mStatus = ::KCSetInteractionAllowed(mAllow); - return(mStatus); -} - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCIsInteractionAllowed -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCIsInteractionAllowed::COp_KCIsInteractionAllowed() - :mAllow("AllowInteraction") -{ - AddResult(mAllow); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCIsInteractionAllowed::Operate() -{ - mStatus = noErr; - mAllow = ::KCIsInteractionAllowed(); - return(mStatus); -} diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Keychain.h b/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Keychain.h deleted file mode 100644 index d9b99570..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Keychain.h +++ /dev/null @@ -1,463 +0,0 @@ -// ====================================================================== -// File: KCAPI_Keychain.h -// -// Operation classes for core KC APIs: -// - KCMakeKCRefFromFSRef -// - KCMakeKCRefFromFSSpec -// - KCMakeKCRefFromAlias -// - KCMakeAliasFromKCRef -// - KCReleaseKeychain -// - KCUnlockNoUI -// - KCUnlock -// - KCLogin -// - KCChangeLoginPassword -// - KCLogout -// - KCUnlockWithInfo -// - KCLock -// - KCLockNoUI -// - KCGetDefaultKeychain -// - KCSetDefaultKeychain -// - KCCreateKeychain -// - KCCreateKeychainNoUI -// - KCGetStatus -// - KCChangeSettingsNoUI -// - KCGetKeychain -// - KCGetKeychainName -// - KCChangeSettings -// - KCCountKeychains -// - KCGetIndKeychain -// - KCAddCallback -// - KCRemoveCallback -// - KCSetInteractionAllowed -// - KCIsInteractionAllowed -// -// Copyright: Copyright (c) 2000,2003 Apple Computer, Inc. All Rights Reserved. -// -// Change History (most recent first): -// -// <1> 2/25/00 em Created. -// ====================================================================== -#ifndef __KCAPI_KEYCHAIN__ -#define __KCAPI_KEYCHAIN__ -#include "KCOperation.h" -#include "KCOperationID.h" -#include "KCParamUtility.h" - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCMakeKCRefFromFSRef -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCMakeKCRefFromFSRef : public KCOperation -{ -public: -OPERATION_ID(KCMakeKCRefFromFSRef) - COp_KCMakeKCRefFromFSRef(); - virtual OSStatus Operate(); - -protected: - CParamFSRef mFSRef; -private: - OSStatus KCMakeKCRefFromFSRef( - FSRef *inKeychainFSRef, - KCRef *outKeychain) - { - *outKeychain = (KCRef)NULL; - return noErr; - } -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCMakeKCRefFromFSSpec -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCMakeKCRefFromFSSpec : public KCOperation -{ -public: -OPERATION_ID(KCMakeKCRefFromFSSpec) - COp_KCMakeKCRefFromFSSpec(); - virtual OSStatus Operate(); -protected: - CParamFSSpec mKeychainFile; -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCMakeKCRefFromAlias -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCMakeKCRefFromAlias : public KCOperation -{ -public: -OPERATION_ID(KCMakeKCRefFromAlias) - COp_KCMakeKCRefFromAlias(); - virtual OSStatus Operate(); -protected: -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCMakeAliasFromKCRef -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCMakeAliasFromKCRef : public KCOperation -{ -public: -OPERATION_ID(KCMakeAliasFromKCRef) - - COp_KCMakeAliasFromKCRef(); - virtual OSStatus Operate(); -protected: -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCReleaseKeychain -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCReleaseKeychain : public KCOperation -{ -public: -OPERATION_ID(KCReleaseKeychain) - - COp_KCReleaseKeychain(); - virtual OSStatus Operate(); -protected: -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCUnlockNoUI -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCUnlockNoUI : public KCOperation -{ -public: -OPERATION_ID(KCUnlockNoUI) - - COp_KCUnlockNoUI(); - virtual OSStatus Operate(); - virtual StringPtr GetPassword(){ return (StringPtr)mPassword; } -protected: - CParamStringPtr mPassword; -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCUnlock -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCUnlock : public KCOperation -{ -public: -OPERATION_ID(KCUnlock) - - COp_KCUnlock(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mPassword; -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCChangeLoginPassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCChangeLoginPassword : public KCOperation -{ -public: -OPERATION_ID(KCChangeLoginPassword) - - COp_KCChangeLoginPassword(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mOldPassword; - CParamStringPtr mNewPassword; -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCLogin -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCLogin : public KCOperation -{ -public: -OPERATION_ID(KCLogin) - - COp_KCLogin(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mName; - CParamStringPtr mPassword; -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCLogout -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCLogout : public KCOperation -{ -public: -OPERATION_ID(KCLogout) - - COp_KCLogout(); - virtual OSStatus Operate(); -protected: -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCUnlockWithInfo -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCUnlockWithInfo : public KCOperation -{ -public: -OPERATION_ID(KCUnlockWithInfo) - COp_KCUnlockWithInfo(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mPassword; - CParamStringPtr mMessage; -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCLock -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCLock : public KCOperation -{ -public: -OPERATION_ID(KCLock) - COp_KCLock(); - virtual OSStatus Operate(); -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCLockNoUI -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -/* -class COp_KCLockNoUI : public KCOperation -{ -public: -OPERATION_ID(KCLockNoUI) - COp_KCLockNoUI(); - virtual OSStatus Operate(); -protected: -}; -*/ -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCGetDefaultKeychain -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCGetDefaultKeychain : public KCOperation -{ -public: -OPERATION_ID(KCGetDefaultKeychain) - COp_KCGetDefaultKeychain(); - virtual OSStatus Operate(); -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCSetDefaultKeychain -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCSetDefaultKeychain : public KCOperation -{ -public: -OPERATION_ID(KCSetDefaultKeychain) - COp_KCSetDefaultKeychain(); - virtual OSStatus Operate(); -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCCreateKeychain -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCCreateKeychain : public KCOperation -{ -public: -OPERATION_ID(KCCreateKeychain) - COp_KCCreateKeychain(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mPassword; -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCCreateKeychainNoUI -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCCreateKeychainNoUI : public KCOperation -{ -public: -OPERATION_ID(KCCreateKeychainNoUI) - COp_KCCreateKeychainNoUI(); - virtual OSStatus Operate(); - - virtual StringPtr GetPassword(){ return (StringPtr)mPassword; } - virtual KCRef * GetKeychainInCallback(){ return &mKeychainInCallback; } -protected: - CParamStringPtr mPassword; - KCRef mKeychainInCallback; - static OSStatus Callback( - KCRef *outKeychain, - StringPtr *outPassword, - void *inContext); -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCGetStatus -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCGetStatus : public KCOperation -{ -public: -OPERATION_ID(KCGetStatus) - COp_KCGetStatus(); - virtual OSStatus Operate(); -protected: - CParamUInt32 mKeychainStatus; -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCChangeSettingsNoUI -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCChangeSettingsNoUI : public KCOperation -{ -public: -OPERATION_ID(KCChangeSettingsNoUI) - COp_KCChangeSettingsNoUI(); - virtual OSStatus Operate(); - -#if TARGET_RT_MAC_MACHO - virtual KCChangeSettingsInfo - *GetChangeSettingsInfoPtr(){ return &mChangeSettingsInfo; } -#endif - -protected: -#if TARGET_RT_MAC_MACHO - static OSStatus Callback( - KCChangeSettingsInfo *outSettings, - void *inContext); -#endif - - CParamBoolean mLockOnSleep; - CParamBoolean mUseKCGetDataSound; - CParamBoolean mUseKCGetDataAlert; - CParamBoolean mUseLockInterval; - CParamUInt32 mLockInterval; - CParamStringPtr mNewPassword; - CParamStringPtr mOldPassword; - -#if TARGET_RT_MAC_MACHO - KCChangeSettingsInfo mChangeSettingsInfo; -#endif -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCGetKeychain -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCGetKeychain : public KCItemOperation -{ -public: -OPERATION_ID(KCGetKeychain) - COp_KCGetKeychain(); - virtual OSStatus Operate(); -protected: -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCGetKeychainName -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCGetKeychainName : public KCOperation -{ -public: -OPERATION_ID(KCGetKeychainName) - COp_KCGetKeychainName(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mKeychainName; -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCChangeSettings -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCChangeSettings : public KCOperation -{ -public: -OPERATION_ID(KCChangeSettings) - COp_KCChangeSettings(); - virtual OSStatus Operate(); -protected: -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCCountKeychains -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCCountKeychains : public KCOperation -{ -public: -OPERATION_ID(KCCountKeychains) - COp_KCCountKeychains(); - virtual OSStatus Operate(); - -protected: - CParamUInt16 mCount; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCGetIndKeychain -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCGetIndKeychain : public KCOperation -{ -public: -OPERATION_ID(KCGetIndKeychain) - COp_KCGetIndKeychain(); - virtual OSStatus Operate(); - -protected: - CParamUInt16 mIndex; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCAddCallback -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCAddCallback : public KCOperation -{ -public: -OPERATION_ID(KCAddCallback) - COp_KCAddCallback(); - virtual OSStatus Operate(); - -protected: - CParamUInt16 mEvent; - static UInt32 sCounter[11]; - static KCCallbackUPP sCallbacks[11]; - -#define KCADDCALLBACK_DEF(N) \ - static OSStatus Callback ## N( \ - KCEvent inKeychainEvent, \ - KCCallbackInfo *inInfo, \ - void *inContext) - - KCADDCALLBACK_DEF(0); - KCADDCALLBACK_DEF(1); - KCADDCALLBACK_DEF(2); - KCADDCALLBACK_DEF(3); - KCADDCALLBACK_DEF(4); - KCADDCALLBACK_DEF(5); - KCADDCALLBACK_DEF(6); - KCADDCALLBACK_DEF(7); - KCADDCALLBACK_DEF(8); - KCADDCALLBACK_DEF(9); - KCADDCALLBACK_DEF(10); -#undef KCADDCALLBACK_DEF - - - friend class COp_KCRemoveCallback; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCRemoveCallback -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCRemoveCallback : public KCOperation -{ -public: -OPERATION_ID(KCRemoveCallback) - COp_KCRemoveCallback(); - virtual OSStatus Operate(); -protected: - CParamUInt16 mEvent; - CParamUInt32 mIdleCount; - CParamUInt32 mLockCount; - CParamUInt32 mUnlockCount; - CParamUInt32 mAddCount; - CParamUInt32 mDeleteCount; - CParamUInt32 mUpdateCount; - CParamUInt32 mChangeIdentityCount; - CParamUInt32 mFindCount; - CParamUInt32 mSystemCount; - CParamUInt32 mDefaultChangedCount; - CParamUInt32 mDataAccessCount; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCSetInteractionAllowed -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCSetInteractionAllowed : public KCOperation -{ -public: -OPERATION_ID(KCSetInteractionAllowed) - COp_KCSetInteractionAllowed(); - virtual OSStatus Operate(); -protected: - CParamBoolean mAllow; -}; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCIsInteractionAllowed -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCIsInteractionAllowed : public KCOperation -{ -public: -OPERATION_ID(KCIsInteractionAllowed) - COp_KCIsInteractionAllowed(); - virtual OSStatus Operate(); -protected: - CParamBoolean mAllow; -}; -#endif // __KCAPI_KEYCHAIN__ diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Manager.cpp b/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Manager.cpp deleted file mode 100644 index 01764630..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Manager.cpp +++ /dev/null @@ -1,64 +0,0 @@ -// ====================================================================== -// File: KCAPI_Manager.cpp -// -// Operation classes for KC manager APIs: -// - KCGetKeychainManagerVersion -// - KeychainManagerAvailable -// -// -// Copyright: Copyright (c) 2000,2003 Apple Computer, Inc. All Rights Reserved. -// -// Change History (most recent first): -// -// <1> 2/22/00 em Created. -// ====================================================================== - -#include "KCAPI_Manager.h" -#include "KCParamUtility.h" - -#if TARGET_RT_MAC_MACHO - #include - #include - #include -#else - #include -#endif - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCGetKeychainManagerVersion -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCGetKeychainManagerVersion::COp_KCGetKeychainManagerVersion() - :mVersion("Version") -{ - AddResult(mVersion); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCGetKeychainManagerVersion::Operate() -{ - mStatus = ::KCGetKeychainManagerVersion((UInt32*)mVersion); - return(mStatus); -} - -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KeychainManagerAvailable -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KeychainManagerAvailable::COp_KeychainManagerAvailable() - :mAvailable("Available") -{ - AddResult(mAvailable); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KeychainManagerAvailable::Operate() -{ - mAvailable = ::KeychainManagerAvailable(); - return(noErr); -} diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Manager.h b/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Manager.h deleted file mode 100644 index 277c72e0..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Manager.h +++ /dev/null @@ -1,52 +0,0 @@ -// ====================================================================== -// File: KCAPI_Manager.h -// -// Operation classes for KC manager APIs: -// - KCGetKeychainManagerVersion -// - KeychainManagerAvailable -// -// -// Copyright: Copyright (c) 2000,2003 Apple Computer, Inc. All Rights Reserved. -// -// Change History (most recent first): -// -// <1> 2/22/00 em Created. -// ====================================================================== - -#ifndef __KCAPI_MANAGER__ -#define __KCAPI_MANAGER__ - -#include "KCOperation.h" -#include "KCOperationID.h" - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCGetKeychainManagerVersion -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCGetKeychainManagerVersion : public KCOperation -{ -public: -OPERATION_ID(KCGetKeychainManagerVersion) - - COp_KCGetKeychainManagerVersion(); - virtual OSStatus Operate(); - -protected: - CParamUInt32 mVersion; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KeychainManagerAvailable -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KeychainManagerAvailable : public KCOperation -{ -public: -OPERATION_ID(KeychainManagerAvailable) - - COp_KeychainManagerAvailable(); - virtual OSStatus Operate(); - -protected: - CParamBoolean mAvailable; -}; - -#endif // __KCAPI_MANAGER__ diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Password.cpp b/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Password.cpp deleted file mode 100644 index e38935f6..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Password.cpp +++ /dev/null @@ -1,372 +0,0 @@ -// ====================================================================== -// File: KCAPI_Password.cpp -// -// Operation classes for APIs to store and retriev passwords -// - KCAddAppleSharePassword -// - KCFindAppleSharePassword -// - KCAddInternetPassword -// - KCAddInternetPasswordWithPath -// - KCFindInternetPassword -// - KCFindInternetPasswordWithPath -// - KCAddGenericPassword -// - KCFindGenericPassword -// -// -// Copyright: Copyright (c) 2000,2003,2006 Apple Computer, Inc. All Rights Reserved. -// -// Change History (most recent first): -// -// <1> 3/1/00 em Created. -// ====================================================================== -#include "KCAPI_Password.h" -#include "KCParamUtility.h" - -#if TARGET_RT_MAC_MACHO - #include - #include - #include -#else - #include -#endif - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCAddAppleSharePassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCAddAppleSharePassword::COp_KCAddAppleSharePassword() - :mServerSignature("ServerSignature"), - mServerAddress("ServerAddress"), - mServerName("ServerName"), - mVolumeName("VolumeName"), - mAccountName("AccountName"), - mPassword("Password") -{ - AddParam(mServerSignature); - AddParam(mServerAddress); - AddParam(mServerName); - AddParam(mVolumeName); - AddParam(mAccountName); - AddParam(mPassword); - - AddResult(mItemIndex); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCAddAppleSharePassword::Operate() -{ - // ¥¥¥ store fully-specified AFPXVolMountInfo - // record as the password data - - KCItemRef aItem = NULL; - mStatus = ::KCAddAppleSharePassword( - &static_cast(mServerSignature).data, - (StringPtr)mServerAddress, - (StringPtr)mServerName, - (StringPtr)mVolumeName, - (StringPtr)mAccountName, - (UInt32)((kcBlob*)mPassword)->length, - (const void *)((kcBlob*)mPassword)->data, - (KCItemRef*)&aItem); - AddItem(aItem); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCFindAppleSharePassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCFindAppleSharePassword::COp_KCFindAppleSharePassword() - :mServerSignature("ServerSignature"), - mServerAddress("ServerAddress"), - mServerName("ServerName"), - mVolumeName("VolumeName"), - mAccountName("AccountName"), - mPassword("Password"), - mActualLength("ActualLength") -{ - AddParam(mServerSignature); - AddParam(mServerAddress); - AddParam(mServerName); - AddParam(mVolumeName); - AddParam(mAccountName); - AddParam(mPassword); - - AddResult(mPassword); - AddResult(mActualLength); - AddResult(mItemIndex); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCFindAppleSharePassword::Operate() -{ - KCItemRef aItem = NULL; - mStatus = ::KCFindAppleSharePassword( - &static_cast(mServerSignature).data, - (StringPtr)mServerAddress, - (StringPtr)mServerName, - (StringPtr)mVolumeName, - (StringPtr)mAccountName, - (UInt32)((kcBlob*)mPassword)->length, - (void *)((kcBlob*)mPassword)->data, - (UInt32*)mActualLength, - (KCItemRef *)&aItem); - AddItem(aItem); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCAddInternetPassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCAddInternetPassword::COp_KCAddInternetPassword() - :mServerName("ServerName"), - mSecurityDomain("SecurityDomain"), - mAccountName("AccountName"), - mPort("Port"), - mProtocol("Protocol"), - mAuthType("AuthType"), - mPassword("Password") -{ - AddParam(mServerName); - AddParam(mSecurityDomain); - AddParam(mAccountName); - AddParam(mPort); - AddParam(mProtocol); - AddParam(mAuthType); - AddParam(mPassword); - - AddResult(mItemIndex); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCAddInternetPassword::Operate() -{ - KCItemRef aItem = NULL; - mStatus = ::KCAddInternetPassword( - (StringPtr)mServerName, - (StringPtr)mSecurityDomain, - (StringPtr)mAccountName, - (UInt16)mPort, - (OSType)mProtocol, - (OSType)mAuthType, - (UInt32)((kcBlob*)mPassword)->length, - (const void *)((kcBlob*)mPassword)->data, - (KCItemRef *)&aItem); - AddItem(aItem); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCAddInternetPasswordWithPath -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCAddInternetPasswordWithPath::COp_KCAddInternetPasswordWithPath() - :mServerName("ServerName"), - mSecurityDomain("SecurityDomain"), - mAccountName("AccountName"), - mPath("Path"), - mPort("Port"), - mProtocol("Protocol"), - mAuthType("AuthType"), - mPassword("Password") -{ - AddParam(mServerName); - AddParam(mSecurityDomain); - AddParam(mAccountName); - AddParam(mPath); - AddParam(mPort); - AddParam(mProtocol); - AddParam(mAuthType); - AddParam(mPassword); - - AddResult(mItemIndex); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCAddInternetPasswordWithPath::Operate() -{ - KCItemRef aItem = NULL; - mStatus = ::KCAddInternetPasswordWithPath( - (StringPtr)mServerName, - (StringPtr)mSecurityDomain, - (StringPtr)mAccountName, - (StringPtr)mPath, - (UInt16)mPort, - (OSType)mProtocol, - (OSType)mAuthType, - (UInt32)((kcBlob*)mPassword)->length, - (const void *)((kcBlob*)mPassword)->data, - (KCItemRef *)&aItem); - AddItem(aItem); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCFindInternetPassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCFindInternetPassword::COp_KCFindInternetPassword() - :mServerName("ServerName"), - mSecurityDomain("SecurityDomain"), - mAccountName("AccountName"), - mPort("Port"), - mProtocol("Protocol"), - mAuthType("AuthType"), - mPassword("Password"), - mActualLength("ActualLength") -{ - AddParam(mServerName); - AddParam(mSecurityDomain); - AddParam(mAccountName); - AddParam(mPort); - AddParam(mProtocol); - AddParam(mAuthType); - AddParam(mPassword); - - AddResult(mPassword); - AddResult(mActualLength); - AddResult(mItemIndex); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCFindInternetPassword::Operate() -{ - KCItemRef aItem = NULL; - mStatus = ::KCFindInternetPassword( - (StringPtr)mServerName, - (StringPtr)mSecurityDomain, - (StringPtr)mAccountName, - (UInt16)mPort, - (OSType)mProtocol, - (OSType)mAuthType, - (UInt32)((kcBlob*)mPassword)->length, - (void *)((kcBlob*)mPassword)->data, - (UInt32*)mActualLength, - (KCItemRef*)&aItem); - AddItem(aItem); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCFindInternetPasswordWithPath -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCFindInternetPasswordWithPath::COp_KCFindInternetPasswordWithPath() - :mServerName("ServerName"), - mSecurityDomain("SecurityDomain"), - mAccountName("AccountName"), - mPath("Path"), - mPort("Port"), - mProtocol("Protocol"), - mAuthType("AuthType"), - mPassword("Password"), - mActualLength("ActualLength") -{ - AddParam(mServerName); - AddParam(mSecurityDomain); - AddParam(mAccountName); - AddParam(mPath); - AddParam(mPort); - AddParam(mProtocol); - AddParam(mAuthType); - AddParam(mPassword); - - AddResult(mPassword); - AddResult(mActualLength); - AddResult(mItemIndex); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCFindInternetPasswordWithPath::Operate() -{ - KCItemRef aItem = NULL; - mStatus = ::KCFindInternetPasswordWithPath( - (StringPtr)mServerName, - (StringPtr)mSecurityDomain, - (StringPtr)mAccountName, - (StringPtr)mPath, - (UInt16)mPort, - (OSType)mProtocol, - (OSType)mAuthType, - (UInt32)((kcBlob*)mPassword)->length, - (void *)((kcBlob*)mPassword)->data, - (UInt32*)mActualLength, - (KCItemRef*)&aItem); - AddItem(aItem); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCAddGenericPassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCAddGenericPassword::COp_KCAddGenericPassword() - :mServiceName("ServiceName"), - mAccountName("AccountName"), - mPassword("Password") -{ - AddParam(mServiceName); - AddParam(mAccountName); - AddParam(mPassword); - - AddResult(mItemIndex); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCAddGenericPassword::Operate() -{ - KCItemRef aItem = NULL; - mStatus = ::KCAddGenericPassword( - (StringPtr)mServiceName, - (StringPtr)mAccountName, - (UInt32)((kcBlob*)mPassword)->length, - (const void *)((kcBlob*)mPassword)->data, - (KCItemRef*)&aItem); - - AddItem(aItem); - return(mStatus); -} -#pragma mark - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCFindGenericPassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -COp_KCFindGenericPassword::COp_KCFindGenericPassword() - :mServiceName("ServiceName"), - mAccountName("AccountName"), - mPassword("Password"), - mActualLength("ActualLength") -{ - AddParam(mServiceName); - AddParam(mAccountName); - AddParam(mPassword); - - AddResult(mPassword); - AddResult(mActualLength); - AddResult(mItemIndex); -} -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operate -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -OSStatus -COp_KCFindGenericPassword::Operate() -{ - KCItemRef aItem = NULL; - mStatus = ::KCFindGenericPassword( - (StringPtr)mServiceName, - (StringPtr)mAccountName, - (UInt32)((kcBlob*)mPassword)->length, - (void *)((kcBlob*)mPassword)->data, - (UInt32*)mActualLength, - (KCItemRef*)&aItem); - - AddItem(aItem); - return(mStatus); -} diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Password.h b/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Password.h deleted file mode 100644 index 59955af6..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/KCAPI_Password.h +++ /dev/null @@ -1,176 +0,0 @@ -// ====================================================================== -// File: KCAPI_Password.h -// -// Operation classes for APIs to store and retriev passwords -// - KCAddAppleSharePassword -// - KCFindAppleSharePassword -// - KCAddInternetPassword -// - KCAddInternetPasswordWithPath -// - KCFindInternetPassword -// - KCFindInternetPasswordWithPath -// - KCAddGenericPassword -// - KCFindGenericPassword -// -// -// Copyright: Copyright (c) 2000,2003 Apple Computer, Inc. All Rights Reserved. -// -// Change History (most recent first): -// -// <1> 3/1/00 em Created. -// ====================================================================== - -#ifndef __KCAPI_PASSWORD__ -#define __KCAPI_PASSWORD__ -#include "KCOperation.h" -#include "KCOperationID.h" - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCAddAppleSharePassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCAddAppleSharePassword : public KCItemOperation -{ -public: -OPERATION_ID(KCAddAppleSharePassword) - COp_KCAddAppleSharePassword(); - virtual OSStatus Operate(); -protected: - CParamAFPServerSignature mServerSignature; - CParamStringPtr mServerAddress; - CParamStringPtr mServerName; - CParamStringPtr mVolumeName; - CParamStringPtr mAccountName; - CParamkcBlob mPassword; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCFindAppleSharePassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCFindAppleSharePassword : public KCItemOperation -{ -public: -OPERATION_ID(KCFindAppleSharePassword) - COp_KCFindAppleSharePassword(); - virtual OSStatus Operate(); - -protected: - CParamAFPServerSignature mServerSignature; - CParamStringPtr mServerAddress; - CParamStringPtr mServerName; - CParamStringPtr mVolumeName; - CParamStringPtr mAccountName; - CParamkcBlob mPassword; - CParamUInt32 mActualLength; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCAddInternetPassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCAddInternetPassword : public KCItemOperation -{ -public: -OPERATION_ID(KCAddInternetPassword) - COp_KCAddInternetPassword(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mServerName; - CParamStringPtr mSecurityDomain; - CParamStringPtr mAccountName; - CParamUInt16 mPort; - CParamOSType mProtocol; - CParamOSType mAuthType; - CParamkcBlob mPassword; - -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCAddInternetPasswordWithPath -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCAddInternetPasswordWithPath : public KCItemOperation -{ -public: -OPERATION_ID(KCAddInternetPasswordWithPath) - COp_KCAddInternetPasswordWithPath(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mServerName; - CParamStringPtr mSecurityDomain; - CParamStringPtr mAccountName; - CParamStringPtr mPath; - CParamUInt16 mPort; - CParamOSType mProtocol; - CParamOSType mAuthType; - CParamkcBlob mPassword; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCFindInternetPassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCFindInternetPassword : public KCItemOperation -{ -public: -OPERATION_ID(KCFindInternetPassword) - COp_KCFindInternetPassword(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mServerName; - CParamStringPtr mSecurityDomain; - CParamStringPtr mAccountName; - CParamUInt16 mPort; - CParamOSType mProtocol; - CParamOSType mAuthType; - CParamkcBlob mPassword; - CParamUInt32 mActualLength; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCFindInternetPasswordWithPath -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCFindInternetPasswordWithPath : public KCItemOperation -{ -public: -OPERATION_ID(KCFindInternetPasswordWithPath) - COp_KCFindInternetPasswordWithPath(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mServerName; - CParamStringPtr mSecurityDomain; - CParamStringPtr mAccountName; - CParamStringPtr mPath; - CParamUInt16 mPort; - CParamOSType mProtocol; - CParamOSType mAuthType; - CParamkcBlob mPassword; - CParamUInt32 mActualLength; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCAddGenericPassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCAddGenericPassword : public KCItemOperation -{ -public: -OPERATION_ID(KCAddGenericPassword) - COp_KCAddGenericPassword(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mServiceName; - CParamStringPtr mAccountName; - CParamkcBlob mPassword; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COp_KCFindGenericPassword -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COp_KCFindGenericPassword : public KCItemOperation -{ -public: -OPERATION_ID(KCFindGenericPassword) - COp_KCFindGenericPassword(); - virtual OSStatus Operate(); -protected: - CParamStringPtr mServiceName; - CParamStringPtr mAccountName; - CParamkcBlob mPassword; - CParamUInt32 mActualLength; -}; -#endif // __KCAPI_PASSWORD__ diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/KCOperation.cpp b/SecurityTests/testKeychainAPI/testKeychainAPI/KCOperation.cpp deleted file mode 100644 index 0f2299e3..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/KCOperation.cpp +++ /dev/null @@ -1,211 +0,0 @@ -// ====================================================================== -// File: KCOperation.cpp -// -// pure virtual base class for performing operations in KeychainLib -// (based on Dave Akhond's Operation for CDSA -// -// Copyright: Copyright (c) 2000,2003 Apple Computer, Inc. All Rights Reserved. -// -// Change History (most recent first): -// -// <1> 3/28/00 em Created. -// ====================================================================== - -#include "KCOperation.h" - -#include - -vector KCOperation::sKCRefList; -vector KCItemOperation::sKCItemRefList; -vector KCSearchOperation::sKCSearchRefList; -vector KCOperation::sAliasList; - -//vector SecOperation::sSecRefList; -//vector SecOperation::sAliasList; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ SetClient -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -void -Operation::SetClient(void *inClient) -{ - if(inClient == NULL) return; - CTestApp *aTestApp = static_cast(inClient); - if(aTestApp == NULL) return; - mClient = aTestApp; -} - - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ ReadArguments -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -void -Operation::ReadArguments( - FILE *inFile) -{ - - tParamList::iterator aIterator = mParamList.begin(); - CParam * aParam = *aIterator; - - while(aIterator != mParamList.end()){ - - aParam->Read(inFile); - aParam = *(++aIterator); - } -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ WriteArguments -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -void -Operation::WriteArguments( - FILE *inFile) -{ - tParamList::iterator aIterator = mParamList.begin(); - CParam * aParam = *aIterator; - while(aIterator != mParamList.end()){ - aParam->Write(inFile); - aParam = *(++aIterator); - } -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ WriteResults -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -void -Operation::WriteResults( - FILE *inFile) -{ - if (CSSM_BASE_ERROR <= mStatus && mStatus < CSSM_AC_BASE_ERROR + CSSM_ERRORCODE_MODULE_EXTENT) - //fprintf(inFile, " OSStatus CSSMERR_%s (0x%08lx)\n", cssmErrorString(mStatus).c_str(), mStatus); - printf("Error"); - else - fprintf(inFile, " OSStatus %ld\n", mStatus); - - - tParamList::iterator aIterator = mResultList.begin(); - CParam * aParam = *aIterator; - while(aIterator != mResultList.end()){ - aParam->Write(inFile); - aParam = *(++aIterator); - } -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ ReadScript -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -int -Operation::ReadScript( - FILE *inFile, - eKCOperationID &outID) -{ - UInt32 aID; - char aBuffer[1024]; - char aName[256]; - int aResult; - - while(UNIX_fgets(aBuffer, sizeof(aBuffer)-1, inFile)){ - // Read off comment lines - if(aBuffer[0] == '/' && aBuffer[1] == '/') continue; - // instructional comments - if(aBuffer[0] == '#' && aBuffer[0] == '#'){ - for(UInt16 i=0; iIsRelaxErrorChecking()) aResult = false; - if(mClient->IsRelaxErrorChecking() && ((aStatus == noErr) || (mStatus == noErr))) aResult = false; - } - - tParamList::iterator aIterator = mResultList.begin(); - CParam * aParam = *aIterator; - while(aIterator != mResultList.end()){ - if(aParam->Compare(inFile) == false) - aResult = false; - aParam = *(++aIterator); - } - return aResult; -} - diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/KCOperation.h b/SecurityTests/testKeychainAPI/testKeychainAPI/KCOperation.h deleted file mode 100644 index 57e7e6d7..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/KCOperation.h +++ /dev/null @@ -1,259 +0,0 @@ -// ====================================================================== -// File: KCOperation.h -// -// pure virtual base class for performing operations in KeychainLib -// (based on Dave Akhond's Operation for CDSA -// -// Copyright: Copyright (c) 2000,2003,2008 Apple Inc. All Rights Reserved. -// -// Change History (most recent first): -// -// <1> 2/22/00 em Created. -// ====================================================================== - -#ifndef __KC_OPERATION__ -#define __KC_OPERATION__ - -#ifdef _CPP_UTILITIES -#pragma export on -#endif - -#include -#include -#include -#undef check -#if TARGET_RT_MAC_MACHO - #include - #include - #include -#else - #include -#endif - -#include "testKeychainAPI.h" -#include "KCParamUtility.h" -#include "KCOperationID.h" - - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Operation -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class Operation { -public: - // Birth & Death - Operation():mStatus(noErr){} - virtual ~Operation(){} - - virtual void SetClient(void *inClient); - virtual OSStatus Operate() = 0; - virtual eKCOperationID GetID() = 0; - - virtual void ReadArguments( - FILE *inFile); - - virtual void WriteArguments( - FILE *inFile); - - virtual void WriteResults( - FILE *inFile); - - static int ReadScript( - FILE *inFile, - eKCOperationID &outID); - - virtual void ReadScript( - FILE *inFile); - - virtual void WriteScript( - FILE *inFile); - - virtual void GenerateScript( - FILE *inFile); - - virtual bool RunScript( - FILE *inFile); - - virtual bool CompareResults( - FILE *inFile); -protected: - CTestApp *mClient; - OSStatus mStatus; - tParamList mParamList; - tParamList mResultList; - - virtual void AddParam(CParam &inParam){ mParamList.push_back(&inParam);} - virtual void AddResult(CParam &inParam){ mResultList.push_back(&inParam);} - - -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ KCOperation -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class KCOperation : public Operation { -public: - KCOperation():mKeychainIndex("KeychainIndex"), mAliasIndex("AliasIndex") {} - virtual ~KCOperation(){} - - virtual void AddAlias(AliasHandle alias) - { - sAliasList.push_back(alias); - mAliasIndex = (UInt32)(sAliasList.size()-1); - } - - virtual void AddKeychain(KCRef &inKeychain) - { - sKCRefList.push_back(inKeychain); - mKeychainIndex = (UInt32)(sKCRefList.size()-1); - } - - virtual AliasHandle GetAlias() - { - if((UInt32)mAliasIndex < sAliasList.size()) - return sAliasList[(UInt32)mAliasIndex]; - else - return NULL; - } - - virtual KCRef GetKeychain() - { - if((UInt32)mKeychainIndex < sKCRefList.size()) - return sKCRefList[(UInt32)mKeychainIndex]; - else - return NULL; - } - - static void Cleanup() - { - // ¥¥¥ need to release each keychain first - sAliasList.clear(); - sKCRefList.clear(); - } -protected: - class CKeychainIndex : public CUInt32 - { - public: - CKeychainIndex & operator = (const UInt32 &inData){ data = inData; return *this; } - bool operator == (const UInt32 inData) const - { - return (CKCRef(KCOperation::sKCRefList[data]) == KCOperation::sKCRefList[inData]); - } - }; - typedef TParam CParamKeychainIndex; - - class CAliasIndex : public CUInt32 - { - public: - CAliasIndex & operator = (const UInt32 &inData){ data = inData; return *this; } - bool operator == (const UInt32 inData) const - { - return (CAliasHandle(KCOperation::sAliasList[data]) == KCOperation::sAliasList[inData]); - } - }; - typedef TParam CParamAliasIndex; - - CParamKeychainIndex mKeychainIndex; - CParamAliasIndex mAliasIndex; - static vector sKCRefList; - static vector sAliasList; - - friend class CKeychainIndex; - friend class CAliasIndex; -}; - - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ KCItemOperation -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class KCItemOperation : public KCOperation { -public: - KCItemOperation():mItemIndex("ItemIndex"){} - virtual ~KCItemOperation(){} - - virtual void AddItem(KCItemRef &inItem) - { - sKCItemRefList.push_back(inItem); - mItemIndex = (UInt32)(sKCItemRefList.size()-1); - } - - virtual KCItemRef GetItem() - { - if((UInt32)mItemIndex < sKCItemRefList.size()) - return sKCItemRefList[(UInt32)mItemIndex]; - else - return NULL; - } - - static void Cleanup() - { - // ¥¥¥ need to release each item first - sKCItemRefList.clear(); - } -protected: - class CItemIndex : public CUInt32 - { - public: - CItemIndex & operator = (const UInt32 &inData){ data = inData; return *this; } - bool operator == (const UInt32 inData) const - { - return(CKCItemRef(KCItemOperation::sKCItemRefList[data]) == KCItemOperation::sKCItemRefList[inData]); - } - }; - typedef TParam CParamItemIndex; - CParamItemIndex mItemIndex; - - static vector sKCItemRefList; - - friend class CItemIndex; -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ KCSearchOperation -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class KCSearchOperation : public KCItemOperation { -public: - KCSearchOperation():mSearchIndex("SearchIndex"){} - virtual ~KCSearchOperation(){} - - virtual void AddSearch(KCSearchRef &inSearch) - { - sKCSearchRefList.push_back(inSearch); mSearchIndex = (UInt32)(sKCSearchRefList.size()-1); - } - - virtual KCSearchRef GetSearch() - { - if((UInt32)mSearchIndex < sKCSearchRefList.size()) - return sKCSearchRefList[(UInt32)mSearchIndex]; - else - return NULL; - } - - static void Cleanup() - { - // ¥¥¥ need to release each ref first - sKCSearchRefList.clear(); - } -protected: - class CSearchIndex : public CUInt32 - { - public: - CSearchIndex & operator = (const UInt32 &inData){ data = inData; return *this; } - bool operator == (const UInt32 inData) const - { - return (data == inData) || - (KCSearchOperation::sKCSearchRefList[data] == KCSearchOperation::sKCSearchRefList[inData]); - } - }; - typedef TParam CParamSearchIndex; - CParamSearchIndex mSearchIndex; - - static vector sKCSearchRefList; - - friend class CSearchIndex; -}; - -#ifdef _CPP_UTILITIES -#pragma export off -#endif - -#endif // __KC_OPERATION__ diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/KCOperationID.cpp b/SecurityTests/testKeychainAPI/testKeychainAPI/KCOperationID.cpp deleted file mode 100644 index 31eee573..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/KCOperationID.cpp +++ /dev/null @@ -1,124 +0,0 @@ -// ====================================================================== -// File: KCOperationID.cpp -// -// OperationID must be registered so that a test script knows how to -// construct an appropriate KCOperation class -// -// Copyright: Copyright (c) 2000,2003,2008 Apple Inc. All Rights Reserved. -// -// Change History (most recent first): -// -// <1> 2/22/00 em Created. -// ====================================================================== - -//#include "SecAPI_Keychain.h" -#include "KCOperationID.h" -#include "KCAPI_Manager.h" -#include "KCAPI_Keychain.h" -#include "KCAPI_Password.h" -#include "KCAPI_Item.h" -#include "KCAPI_Cert.h" -#include "KCAPI_CString.h" - - - - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Static initialization -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -bool COpRegister::sRegistered = false; -tOperationInfo COpRegister::sOperationInfoTbl[OpID_NumOperations]; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ RegisterAll -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -void -COpRegister::RegisterAll() -{ - if(sRegistered) return; - - // Getting KC manager info - // (KCAPI_Manager) - Register(KCGetKeychainManagerVersion); - Register(KeychainManagerAvailable); - - // High level KC APIs - // (KCAPI_Keychain) -// Register(KCMakeKCRefFromFSRef); - Register(KCMakeKCRefFromFSSpec); - Register(KCMakeKCRefFromAlias); - Register(KCMakeAliasFromKCRef); - Register(KCReleaseKeychain); - Register(KCUnlockNoUI); - Register(KCUnlock); - Register(KCLogin); - Register(KCChangeLoginPassword); - Register(KCLogout); - Register(KCUnlockWithInfo); - Register(KCLock); - //Register(KCLockNoUI); - Register(KCGetDefaultKeychain); - Register(KCSetDefaultKeychain); - Register(KCCreateKeychain); - Register(KCCreateKeychainNoUI); - Register(KCGetStatus); - Register(KCChangeSettingsNoUI); - Register(KCGetKeychain); - Register(KCGetKeychainName); - Register(KCChangeSettings); - Register(KCCountKeychains); - Register(KCGetIndKeychain); - Register(KCAddCallback); - Register(KCRemoveCallback); - Register(KCSetInteractionAllowed); - Register(KCIsInteractionAllowed); - - // Storing and retrieveng passwords - // (KCAPI_Password) - Register(KCAddAppleSharePassword); - Register(KCFindAppleSharePassword); - Register(KCAddInternetPassword); - Register(KCAddInternetPasswordWithPath); - Register(KCFindInternetPassword); - Register(KCFindInternetPasswordWithPath); - Register(KCAddGenericPassword); - Register(KCFindGenericPassword); - - // Managing KC items - // (KCAPI_Item) - Register(KCNewItem); - Register(KCSetAttribute); - Register(KCGetAttribute); - Register(KCSetData); - Register(KCGetData); - //Register(KCGetDataNoUI); - Register(KCAddItem); - Register(KCAddItemNoUI); - Register(KCDeleteItem); - Register(KCDeleteItemNoUI); - Register(KCUpdateItem); - Register(KCReleaseItem); - Register(KCCopyItem); - Register(KCFindFirstItem); - Register(KCFindNextItem); - Register(KCReleaseSearch); - - // Working with Certificates - // (KCAPI_Cert) - Register(KCFindX509Certificates); - Register(KCChooseCertificate); - - // KC Manager calls that use "C" strings - // (KCAPI_CString) - Register(kcunlock); - Register(kccreatekeychain); - Register(kcgetkeychainname); - Register(kcaddapplesharepassword); - Register(kcfindapplesharepassword); - Register(kcaddinternetpassword); - Register(kcaddinternetpasswordwithpath); - Register(kcfindinternetpassword); - Register(kcfindinternetpasswordwithpath); - Register(kcaddgenericpassword); - Register(kcfindgenericpassword); - } diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/KCOperationID.h b/SecurityTests/testKeychainAPI/testKeychainAPI/KCOperationID.h deleted file mode 100644 index 4df03951..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/KCOperationID.h +++ /dev/null @@ -1,159 +0,0 @@ -// ====================================================================== -// File: KCOperationID.h -// -// OperationID must be registered so that a test script knows how to -// construct an appropriate KCOperation class -// -// Copyright: Copyright (c) 2000,2003 Apple Computer, Inc. All Rights Reserved. -// -// Change History (most recent first): -// -// <1> 2/22/00 em Created. -// ====================================================================== -#ifndef __KC_OPERATION_ID__ -#define __KC_OPERATION_ID__ -#include -enum eKCOperationID { - OpID_Unknown = -1, - OpID_COp_KCGetKeychainManagerVersion = 0, - OpID_COp_KeychainManagerAvailable,//1 - OpID_COp_KCMakeKCRefFromFSRef,//2 - OpID_COp_KCMakeKCRefFromFSSpec,//3 - OpID_COp_KCMakeKCRefFromAlias,//4 - OpID_COp_KCMakeAliasFromKCRef,//5 - OpID_COp_KCReleaseKeychain,//6 - OpID_COp_KCUnlockNoUI,//7 - OpID_COp_KCUnlock,//8 - OpID_COp_KCUnlockWithInfo,//9 - OpID_COp_KCLock,//10 - OpID_COp_KCLockNoUI,//11 - OpID_COp_KCGetDefaultKeychain,//12 - OpID_COp_KCSetDefaultKeychain,//13 - OpID_COp_KCCreateKeychain,//14 - OpID_COp_KCCreateKeychainNoUI,//15 - OpID_COp_KCGetStatus,//16 - OpID_COp_KCChangeSettingsNoUI,//17 - OpID_COp_KCGetKeychain,//18 - OpID_COp_KCGetKeychainName,//19 - OpID_COp_KCChangeSettings,//20 - OpID_COp_KCCountKeychains,//21 - OpID_COp_KCGetIndKeychain,//22 - OpID_COp_KCAddCallback,//23 - OpID_COp_KCRemoveCallback,//24 - OpID_COp_KCSetInteractionAllowed,//25 - OpID_COp_KCIsInteractionAllowed,//26 - OpID_COp_KCAddAppleSharePassword,//27 - OpID_COp_KCFindAppleSharePassword,//28 - OpID_COp_KCAddInternetPassword,//29 - OpID_COp_KCAddInternetPasswordWithPath,//30 - OpID_COp_KCFindInternetPassword,//31 - OpID_COp_KCFindInternetPasswordWithPath,//32 - OpID_COp_KCAddGenericPassword,//33 - OpID_COp_KCFindGenericPassword,//34 - OpID_COp_KCNewItem,//35 - OpID_COp_KCSetAttribute,//36 - OpID_COp_KCGetAttribute,//37 - OpID_COp_KCSetData,//38 - OpID_COp_KCGetData,//39 - OpID_COp_KCGetDataNoUI,//40 - OpID_COp_KCAddItem,//41 - OpID_COp_KCAddItemNoUI,//42 - OpID_COp_KCDeleteItem,//43 - OpID_COp_KCDeleteItemNoUI,//44 - OpID_COp_KCUpdateItem,//45 - OpID_COp_KCReleaseItem,//46 - OpID_COp_KCCopyItem,//47 - OpID_COp_KCFindFirstItem,//48 - OpID_COp_KCFindNextItem,//49 - OpID_COp_KCReleaseSearch,//50 - OpID_COp_KCFindX509Certificates,//51 - OpID_COp_KCChooseCertificate,//52 - OpID_COp_kcunlock,//53 - OpID_COp_kccreatekeychain,//54 - OpID_COp_kcgetkeychainname,//55 - OpID_COp_kcaddapplesharepassword,//56 - OpID_COp_kcfindapplesharepassword,//57 - OpID_COp_kcaddinternetpassword,//58 - OpID_COp_kcaddinternetpasswordwithpath,//59 - OpID_COp_kcfindinternetpassword,//60 - OpID_COp_kcfindinternetpasswordwithpath,//61 - OpID_COp_kcaddgenericpassword,//62 - OpID_COp_kcfindgenericpassword,//63 - OpID_COp_KCLogin,//64 - OpID_COp_KCLogout,//65 - OpID_COp_KCChangeLoginPassword,//66 - OpID_NumOperations -}; -#define IS_VALID_OPERATIONID(aID) (aID >= 0 && aID < OpID_NumOperations) - -typedef void * (*tClassCreatorFunc)(void *inClient); -typedef struct tOperationInfo{ - const char * name; - tClassCreatorFunc func; -} tOperationInfo; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ COpRegister -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class COpRegister { -public: - static void * CreateOperation( - eKCOperationID inID, - void *inClient) - { - RegisterAll(); - if(IS_VALID_OPERATIONID(inID)){ - if(sOperationInfoTbl[inID].func) - return (sOperationInfoTbl[inID].func)(inClient); - } - return NULL; - } - - static const char * GetOperationName( - eKCOperationID inID) - { - RegisterAll(); - if(IS_VALID_OPERATIONID(inID)) - return sOperationInfoTbl[inID].name; - else - return "INVALID OPERATION ID"; - } - - static void RegisterAll(); - static void RegisterOne( - eKCOperationID inID, - const char * inName, - tClassCreatorFunc inFunc = NULL) - { - sOperationInfoTbl[inID].name = inName; - sOperationInfoTbl[inID].func = inFunc; - } -protected: - static bool sRegistered; - static tOperationInfo sOperationInfoTbl[OpID_NumOperations]; -}; -template -class TOpRegister{ -public: - static T * Create( - void *inClient) - { - T *aOperation = new T; - if(aOperation) aOperation->SetClient(inClient); - return aOperation; - } - static void RegisterOne( - eKCOperationID inID, - const char * inName) - { - COpRegister::RegisterOne(inID, inName, (tClassCreatorFunc)Create); - } -}; - - // Relax notations so one can avoid typing long names -#define KC_CLASS(funcname) COp_## funcname -#define KC_OP_ID(funcname) OpID_COp_## funcname -#define Register(funcname) TOpRegister::RegisterOne(KC_OP_ID(funcname), (const char*)#funcname "") -#define OPERATION_ID(funcname) enum{ operation_ID = KC_OP_ID(funcname) };\ - eKCOperationID GetID(){ return (eKCOperationID)operation_ID; }; - -#endif // __KC_OPERATION_ID__ diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/KCParamUtility.cpp b/SecurityTests/testKeychainAPI/testKeychainAPI/KCParamUtility.cpp deleted file mode 100644 index 8b137891..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/KCParamUtility.cpp +++ /dev/null @@ -1 +0,0 @@ - diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/KCParamUtility.h b/SecurityTests/testKeychainAPI/testKeychainAPI/KCParamUtility.h deleted file mode 100644 index f842641f..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/KCParamUtility.h +++ /dev/null @@ -1,649 +0,0 @@ -// ====================================================================== -// File: KCParamUtility.h -// -// Wrapper classes for function parameters -// (using Parry's PodWrapper) -// -// -// Copyright: Copyright (c) 2000,2003,2006 Apple Computer, Inc. All Rights Reserved. -// -// Change History (most recent first): -// -// <1> 2/22/00 em Created. -// ====================================================================== -#ifndef __KC_PARAM_UTILITY_ -#define __KC_PARAM_UTILITY_ - -#if TARGET_RT_MAC_MACHO - #include - #include - #include - //#include -#else - #include -#endif -#include - -#include -#include -#include -#include - -#undef check -//typedef const char* SecStringPtr; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ CParam - base class for TParam template -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class CParam -{ -public: - virtual void Write(FILE *inFile)=0; - virtual void Read(FILE *inFile)=0; - virtual bool Compare(FILE *inFile)=0; -}; -typedef std::list tParamList; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ TParam -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -template -class TParam : public CParam -{ -public: - TParam(const char *inName) - :mName(inName), mResult(true) - { - } - - TParam(const char *inName, T&inData) - :mPod(inData), mName(inName), mResult(true) - { - } - - virtual ~TParam(){} - - bool operator == (const T inData) const { return (mPod == inData); } - Wrapper& operator = (const T inData){ return mPod = inData; } - Wrapper& operator = (const T* inData){ return mPod = inData; } - operator T*(){ return (T*)mPod; } - operator T(){ return (T)mPod; } - - virtual void Write(FILE *inFile) - { - WriteTitle(inFile); - mPod.WriteData(inFile); - } - - virtual void Read(FILE *inFile) - { - ReadTitle(inFile); - mPod.ReadData(inFile); - } - - virtual bool Compare(FILE *inFile) - { - ReadTitle(inFile); - Wrapper aWrapper; - aWrapper.ReadData(inFile); - return (mResult = (mPod == aWrapper)); - } - -protected: - Wrapper mPod; - const char *mName; - bool mResult; - - virtual void WriteTitle(FILE *inFile) - { - if(mResult) - fprintf(inFile, " %s : ", mName); - else - fprintf(inFile, "*** %s : ", mName); - } - - virtual void ReadTitle(FILE *inFile) - { - char aTitle[256]; - fscanf(inFile, "%s : ", aTitle); - if(::strcmp(mName, aTitle) != 0){ - throw(mName); - } - } - -}; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Non-struct POD wrapping macros -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -#define POD_STRUCT(type) type##Struct -#define POD_CLASS(type) CParam##type -#define TYPEDEF_POD_STRUCT(type) typedef struct type##Struct { type data; } type##Struct; -#define TYPEDEF_POD_CLASS(type) typedef TParam CParam##type; -#define TYPEDEF_STRUCTPOD_CLASS(type) typedef TParam CParam##type; -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ UInt32 wrapper -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -TYPEDEF_POD_STRUCT(UInt32) -class CUInt32 : public PodWrapper{ -public: - CUInt32(){ data = 0; }; - CUInt32(const UInt32 &inData){ data = inData; } - - CUInt32 & operator = (const UInt32 &inData){ data = inData; return *this; } - bool operator == (const UInt32 inData) const { return data == inData; } - operator UInt32*(){ return &data; } - operator UInt32(){ return data; } - - virtual void WriteData(FILE *inFile) - { - fprintf(inFile, "%ld\n", data); - } - - virtual void ReadData(FILE *inFile) - { - fscanf(inFile, "%ld\n", &data); - } -}; -TYPEDEF_POD_CLASS(UInt32) - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ UInt16 wrapper -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -TYPEDEF_POD_STRUCT(UInt16) -class CUInt16 : public PodWrapper{ -public: - CUInt16(){ data = 0; }; - CUInt16(const UInt16 &inData){ data = inData; } - - CUInt16 & operator = (const UInt16 &inData){ data = inData; return *this; } - bool operator == (const UInt16 inData) const { return data == inData; } - operator UInt16*(){ return &data; } - operator UInt16(){ return data; } - - virtual void WriteData(FILE *inFile) - { - fprintf(inFile, "%ld\n", (UInt32)data); - } - - virtual void ReadData(FILE *inFile) - { - UInt32 aData; - fscanf(inFile, "%ld\n", &aData); - data = aData; - } -}; -TYPEDEF_POD_CLASS(UInt16) - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Boolean wrapper -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -TYPEDEF_POD_STRUCT(Boolean) -class CBoolean : public PodWrapper{ -public: - CBoolean(){ data = false; } - CBoolean(const Boolean &inData){ data = inData; } - operator Boolean*(){ return &data; } - operator Boolean(){ return data; } - - CBoolean & operator = (const Boolean &inData){ data = inData; return *this; } - bool operator == (const Boolean inData) const { return data == inData; } - - virtual void WriteData(FILE *inFile) - { - fprintf(inFile, "%d\n", data); - } - - virtual void ReadData(FILE *inFile) - { - int aValue; - fscanf(inFile, "%d\n", &aValue); - data = ((aValue == 0) ? false : true); - } - -}; -TYPEDEF_POD_CLASS(Boolean) - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ FourCharCode wrapper -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -TYPEDEF_POD_STRUCT(FourCharCode) -class CFourCharCode : public PodWrapper{ -public: - CFourCharCode(){ data = '????'; } - CFourCharCode(const FourCharCode &inData){ data = inData; } - - CFourCharCode & operator = (const FourCharCode &inData){ data = inData; return *this; } - bool operator == (const FourCharCode inData) const { return data == inData; } - operator FourCharCode*(){ return &data; } - operator FourCharCode(){ return data; } - - virtual void WriteData(FILE *inFile) - { - for(UInt16 i=0; i> ((sizeof(FourCharCode)-i-1) * 8))); - } - fprintf(inFile, "\n"); - } - - virtual void ReadData(FILE *inFile) - { - FourCharCode aValue = 0; - for(UInt16 i=0; i{ -public: - CAliasHandle(){ data = NULL; } - CAliasHandle(const AliasHandle &inData){ data = inData; } - - CAliasHandle & operator = (const AliasHandle &inData){ data = inData; return *this; } - bool operator == (const AliasHandle inData) const { return data == inData; } - operator AliasHandle*(){ return &data; } - operator AliasHandle(){ return data; } - - virtual void WriteData(FILE *inFile) - { - fprintf(inFile, "%s\n", mFullPathName); - } - - virtual void ReadData(FILE *inFile) - { - memset(mFullPathName, 0, sizeof(mFullPathName)); - if(UNIX_fgets(mFullPathName, sizeof(mFullPathName), inFile)){ - // fgets grabs the newline code too - mFullPathName[strlen(mFullPathName)-1] = 0; - } - else throw("Syntax error in CAliasHandle"); - - if(strchr(mFullPathName, ':')){ - // Create a alias from the full-path name - //%%%cpm - this WONT work, Keychain mgr does not fill in the FSSpec - ::NewAliasMinimalFromFullPath( - strlen(mFullPathName), - mFullPathName, - NULL, - NULL, - &data); - } - else{ - // Ask KeychainLib to fill in the FSSpec for us - FSSpec tmpSpec = {0,0}; - tmpSpec.name[0] = ::strlen(mFullPathName); - memcpy(tmpSpec.name+1, mFullPathName, tmpSpec.name[0]); - - KCRef aKeychain; - ::KCMakeKCRefFromFSSpec(&tmpSpec, &aKeychain); - ::KCReleaseKeychain(&aKeychain); - //%%%cpm - this WONT work, Keychain mgr does not fill in the FSSpec - ::NewAliasMinimal( - &tmpSpec, - &data); - } - } -protected: - char mFullPathName[1024]; -}; -TYPEDEF_POD_CLASS(AliasHandle) -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ StringPtr wrapper -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -TYPEDEF_POD_STRUCT(StringPtr) -class CStringPtr : public PodWrapper{ -public: - CStringPtr(){ data = new unsigned char[256]; memset(data, 0, 256); } - CStringPtr(const StringPtr &inData){ memset(data, 0, 256); memcpy(data, inData, inData[0]); } - virtual ~CStringPtr(){ delete data; } - - CStringPtr & operator = (const StringPtr inData){ memset(data, 0, 256); memcpy(data, inData, inData[0]); return *this; } - bool operator == (const StringPtr inData) const { return ((data[0] == inData[0]) && (memcmp(data, inData, data[0]+1) == 0)); } - operator StringPtr*(){ return &data; } - operator StringPtr(){ return data; } - - virtual void WriteData(FILE *inFile) - { - fprintf(inFile, "%s\n", data+1); - } - - virtual void ReadData(FILE *inFile) - { - memset(data, 0, 256); - - char cString[256]; - if(UNIX_fgets(cString, 256, inFile)){ - data[0] = strlen(cString)-1; - memcpy(data+1, cString, data[0]); - } - else - throw("Syntax error in CStringPtr"); - } -}; -TYPEDEF_POD_CLASS(StringPtr) - - -TYPEDEF_POD_STRUCT(AFPServerSignature) -class CAFPServerSignature : public PodWrapper{ -public: - CAFPServerSignature(){ memset(data, 0, sizeof(data)); } - CAFPServerSignature(const AFPServerSignature &inData){ memcpy(data, inData, sizeof(data)); } - - CAFPServerSignature &operator = (const AFPServerSignature inData){ memcpy(data, inData, sizeof(data)); return *this; } - bool operator == (const AFPServerSignature inData) const { return (memcmp(data, inData, sizeof(data)) == 0); } - operator AFPServerSignature*(){ return &data; } - - virtual void WriteData(FILE *inFile) - { - for(UInt16 i=0; i CParamAFPServerSignature; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Blob wrapper -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -typedef struct kcBlob{UInt32 length; void* data; } kcBlob; -class CkcBlob : public PodWrapper{ -public: - CkcBlob(){ length = 0; data = NULL; } - CkcBlob(const kcBlob &inData){ length = 0; data = NULL; DeepCopy(inData.length, inData.data); } - CkcBlob & operator = (const kcBlob &inData){ DeepCopy(inData.length, inData.data); return *this; } - bool operator == (const kcBlob inData) const { return ((inData.length == length) && (memcmp(data, inData.data, length) == 0)); } - operator kcBlob*(){ return this; } - -#if defined(__MWERKS__) - operator kcBlob(){ return *this; } -#endif - - virtual void WriteData(FILE *inFile) - { - fprintf(inFile, "/%ld/", length); - if(length > 0){ - for(UInt32 i=0; i 0) data = (UInt8*)new char[aLength+2]; - length = aLength; - } - if(length > 0){ - UNIX_fgets((char*)data, aLength+3, inFile); - ((UInt8*)data)[length] = 0; - } - else - fscanf(inFile, "\n"); - } -protected: - virtual void DeepCopy(UInt32 inLength, const void *inData) - { - if(data != NULL) delete (UInt8*)data; - data = NULL; - - length = inLength; - if(length == 0) return; - data = (UInt8*)new char[length]; - memcpy(data, inData, length); - } -}; -TYPEDEF_STRUCTPOD_CLASS(kcBlob) - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ FSSpec wrapper -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class CFSSpec : public PodWrapper{ -public: - CFSSpec(){ vRefNum = 0; parID = 0; memset(name, 0, sizeof(name)); mFullPathName[0] = 0;} - CFSSpec(const FSSpec &inData){ memcpy(this, &inData, sizeof(*this)); } - CFSSpec & operator = (const FSSpec &inData){ memcpy(this, &inData, sizeof(*this)); return *this; } - bool operator == (const FSSpec inData) const { return (this == &inData) || !memcmp(this, &inData, sizeof(FSSpec)); } - operator FSSpec*(){ return this ; } - - virtual void WriteData(FILE *inFile) - { - fprintf(inFile, "%s\n", mFullPathName); - } - - virtual void ReadData(FILE *inFile) - { - memset(mFullPathName, 0, sizeof(mFullPathName)); - if(UNIX_fgets(mFullPathName, sizeof(mFullPathName), inFile)){ - // fgets grabs the newline code too - name[0] = strlen(mFullPathName)-1; - mFullPathName[name[0]] = 0; - memcpy(name+1, mFullPathName, name[0]); - } - else throw("Syntax error in CFSSpec"); - } -protected: - char mFullPathName[1024]; -}; -TYPEDEF_STRUCTPOD_CLASS(FSSpec) - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ FSRef wrapper -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class CFSRef : public PodWrapper{ -public: - CFSRef(){ memset(hidden, 0, sizeof(hidden)); } - CFSRef(const FSRef &inData){ memcpy(this, &inData, sizeof(*this)); } - - CFSRef & operator = (const FSRef &inData){ memcpy(this, &inData, sizeof(*this)); return *this; } - bool operator == (const FSRef inData) const { return (this == &inData) || !memcmp(this, &inData, sizeof(FSRef)); } - operator FSRef*(){ return this; } - - virtual void WriteData(FILE *inFile) - { - // ¥¥¥ need work - fprintf(inFile, "\n"); - } - - virtual void ReadData(FILE *inFile) - { - // ¥¥¥ need work - fscanf(inFile, "\n"); - } -}; -TYPEDEF_STRUCTPOD_CLASS(FSRef) - - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ KCAttribute wrapper -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class CKCAttribute : public PodWrapper{ -public: - CKCAttribute(){ tag = '0000'; length = 0; data = NULL; } - CKCAttribute(const KCAttribute &inData){ memcpy(this, &inData, sizeof(*this)); } - - CKCAttribute & operator = (const KCAttribute &inData){ memcpy(this, &inData, sizeof(*this)); return *this; } - bool operator == (const KCAttribute inData) const - { - if(inData.tag != tag) return false; - return(memcmp(inData.data, data, ((inData.length < length) ? inData.length : length)) == 0); - } - - operator KCAttribute*(){ return this; } -#if defined(__MWERKS__) - operator KCAttribute(){ return *this; } -#endif - virtual void WriteData(FILE *inFile) - { - fprintf(inFile, "\n"); - - CParamKCAttrType aTag(".tag", tag); - aTag.Write(inFile); - - kcBlob theBlob = {length, data}; - CParamkcBlob aData(".data", theBlob); - aData.Write(inFile); - } - - virtual void ReadData(FILE *inFile) - { - fscanf(inFile, "\n"); - - CParamKCAttrType aTag(".tag"); - aTag.Read(inFile); - tag = aTag; - - CParamkcBlob aData(".data"); - aData.Read(inFile); - - kcBlob aBlob; - aBlob = aData; - length = aBlob.length; - data = aBlob.data; - } -}; -TYPEDEF_STRUCTPOD_CLASS(KCAttribute) - - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ KCAttributeList wrapper -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -class CKCAttributeList : public PodWrapper{ -public: - CKCAttributeList(){ count = 0; attr = NULL; } - CKCAttributeList(const CKCAttributeList &inData){ memcpy(this, &inData, sizeof(*this)); } - - CKCAttributeList & operator = (const CKCAttributeList &inData){ memcpy(this, &inData, sizeof(*this)); return *this; } - bool operator == (const CKCAttributeList inData) const { return (this == &inData) || !memcmp(this, &inData, sizeof(CKCAttributeList)); } - operator CKCAttributeList*(){ return this; } - - virtual void WriteData(FILE *inFile) - { - fprintf(inFile, "\n"); - - CParamUInt32 aCount(".count", count); - aCount.Write(inFile); - - for(UInt32 i=0; i{ -public: - CKCRef(){ data = NULL; } - CKCRef(const KCRef &inData){ data = inData; } - bool operator == (const KCRef inKC) - { - if(inKC == data) return true; - - char thisName[256] = ""; - char aInName[256] = ""; - ::kcgetkeychainname(data, thisName); - ::kcgetkeychainname(inKC, aInName); - return(::strcmp(thisName, aInName)); - } -}; - - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ KCItemRef wrapper -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -TYPEDEF_POD_STRUCT(KCItemRef) -class CKCItemRef : public PodWrapper{ -public: - CKCItemRef(){ data = NULL; } - CKCItemRef(const KCItemRef &inData){ data = inData; } - bool operator == (const KCItemRef inKCItem) - { - if(inKCItem == data) return true; - - KCRef thisKeychain = 0; - KCRef aInKeychain = 0; - ::KCGetKeychain(data, &thisKeychain); - ::KCGetKeychain(inKCItem, &aInKeychain); - if((CKCRef(thisKeychain) == aInKeychain) == false) return false; - -// Bug #2458217 - (KCGetData() causes bus error) -#if TARGET_RT_MAC_MACHO - return true; -#else - UInt32 thisLength; - UInt32 aInLength; - ::KCGetData(data, 0, NULL, &thisLength); - ::KCGetData(inKCItem, 0, NULL, &aInLength); - if(thisLength != aInLength) return false; - - char *thisData = new char[thisLength]; - char *aInData = new char[aInLength]; - ::KCGetData(data, thisLength, thisData, &thisLength); - ::KCGetData(inKCItem, aInLength, aInData, &aInLength); - - int aResult = ::memcmp(thisData, aInData, thisLength); - - delete thisData; - delete aInData; - return(aResult == 0); -#endif - } -}; - - -#endif // __KC_PARAM_UTILITY_ diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/Radar.cpp b/SecurityTests/testKeychainAPI/testKeychainAPI/Radar.cpp deleted file mode 100644 index 10ad3269..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/Radar.cpp +++ /dev/null @@ -1,116 +0,0 @@ -// ====================================================================== -// File: Radar.cpp -// -// Repository of test cases which are entered into Radar. Use them to -// reproduce and regress Radar bugs. -// -// Copyright: Copyright (c) 2000,2003 Apple Computer, Inc. All Rights Reserved. -// -// Change History (most recent first): -// -// <1> 4/12/00 em Created. -// ====================================================================== - -#include "testKeychainAPI.h" -#include "Radar.h" - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Radar_2456779 -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// -// Wrong error number when creating duplicate keychain -// -void Radar_2456779(CTestApp *inClient) -{ - inClient->DoRunTestScript("0001"); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Radar_2458217 -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// -// GetData() causes bus error -// -void Radar_2458217(CTestApp *inClient) -{ - inClient->DoRunTestScript("0002"); - inClient->DoRunTestScript("0003"); - inClient->DoRunTestScript("0004"); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Radar_2458257 -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// -// GetKeychainManagerVersion() returns a wrong version -// -void Radar_2458257(CTestApp *inClient) -{ - inClient->DoRunTestScript("0000"); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Radar_2458503 -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// -// KCAddItem() fails to detect duplicate items -// -void Radar_2458503(CTestApp *inClient) -{ - inClient->DoRunTestScript("0008"); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Radar_2458613 -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// -// FindFirstItem returns an item from an empty keychain -// -void Radar_2458613(CTestApp *inClient) -{ - inClient->DoRunTestScript("0009"); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Radar_2459096 -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// -// InvalidItemRef error when deleting an item not previously added to keychain -// -void Radar_2459096(CTestApp *inClient) -{ - inClient->DoRunTestScript("0012"); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Radar_2462081 -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// -// AddAppleSharePassword returns DL_INVALID_FIELD_NAME -// -void Radar_2462081(CTestApp *inClient) -{ - inClient->DoRunTestScript("0013"); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Radar_2462265 -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// -// GetDataUI does not set ActualLength -// -void Radar_2462265(CTestApp *inClient) -{ - inClient->DoRunTestScript("0027"); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ Radar_2462300 -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// -// No dialog for KCChangeSettings -// -void Radar_2462300(CTestApp *inClient) -{ - inClient->DoRunTestScript("0025"); -} diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/Radar.h b/SecurityTests/testKeychainAPI/testKeychainAPI/Radar.h deleted file mode 100644 index df14cd44..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/Radar.h +++ /dev/null @@ -1,48 +0,0 @@ -// ====================================================================== -// File: Radar.h -// -// Repository of test cases which are entered into Radar. Use them to -// reproduce and regress Radar bugs. -// -// Copyright: Copyright (c) 2000,2003,2008 Apple Inc. All Rights Reserved. -// -// Change History (most recent first): -// -// <1> 4/12/00 em Created. -// ====================================================================== - -#ifndef __RADAR__ -#define __RADAR__ - -void Radar_2456779(CTestApp *inClient); -void Radar_2458217(CTestApp *inClient); -void Radar_2458257(CTestApp *inClient); -void Radar_2458503(CTestApp *inClient); -void Radar_2458613(CTestApp *inClient); -void Radar_2459096(CTestApp *inClient); -void Radar_2462081(CTestApp *inClient); -void Radar_2462265(CTestApp *inClient); -void Radar_2462300(CTestApp *inClient); - -typedef void (*tRadarTestCaseFunc)(CTestApp *inClient); -typedef struct tRadarBug{ - tRadarTestCaseFunc testCaseFunc; - char * ID; - char * desc; -} tRadarBug; - - -static tRadarBug gRadarBugs[] ={ - {Radar_2456779, "2456779", "Wrong error number when creating duplicate keychain"}, - {Radar_2458217, "2458217", "GetData() causes bus error"}, - {Radar_2458257, "2458257", "GetKeychainManagerVersion() returns a wrong version"}, - {Radar_2458503, "2458503", "KCAddItem() fails to detect duplicate items"}, - {Radar_2458613, "2458613", "FindFirstItem returns an item from an empty keychain"}, - {Radar_2459096, "2459096", "InvalidItemRef error when deleting an item not previously added to keychain"}, - {Radar_2462081, "2462081", "AddAppleSharePassword returns DL_INVALID_FIELD_NAME"}, - {Radar_2462265, "2462265", "GetDataUI does not set ActualLength"}, - {Radar_2462300, "2462300", "No dialog for KCChangeSettings"}, - - {0}}; - -#endif // __RADAR__ diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/cleanup b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/cleanup deleted file mode 100644 index f81f9ee7..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/cleanup +++ /dev/null @@ -1,7 +0,0 @@ -# -# Until this gets installed automatically, do the following line -# from your build dir: -# cp ../Tests/testKeychainAPI/testKeychainAPI/scripts/cleanup . -rm ~/Library/Preferences/test00* -rm ~/Library/Preferences/com.apple.securitycore.plist -rm ./*.db diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/error_scripts b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/error_scripts deleted file mode 100644 index 68c8dab5..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/error_scripts +++ /dev/null @@ -1,166 +0,0 @@ -// -// script0025 -// -// KCChangeSettings -// KCSetInteractionAllowed -// KCGetInteractionAllowed -// -// Change keychain settings w/ and w/o interaction allowed enabled -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0025.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -25 KCSetInteractionAllowed - Input Arguments : 1 - AllowInteraction : 0 - Results : 1 - OSStatus 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -20 KCChangeSettings - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus -25308 -25 KCSetInteractionAllowed - Input Arguments : 1 - AllowInteraction : 1 - Results : 1 - OSStatus 0 -26 KCIsInteractionAllowed - Input Arguments : 0 - Results : 2 - OSStatus 0 - AllowInteraction : 1 - -// -## Click the Cancel button ## -20 KCChangeSettings - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus -128 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 - - - 24 KCRemoveCallback - Input Arguments : 1 - KCEvent : 5 - Results : 12 - OSStatus 0 - IdleCount : 0 - LockCount : 0 - UnlockCount : 0 - AddCount : 0 - DeleteCount : 0 - UpdateCount : 1 - ChangeIdentityCount : 0 - FindCount : 0 - SystemCount : 0 - DefaultChangedCount : 1 - DataAccessCount : 1 -24 KCRemoveCallback - Input Arguments : 1 - KCEvent : 6 - Results : 12 - OSStatus 0 - IdleCount : 0 - LockCount : 0 - UnlockCount : 0 - AddCount : 0 - DeleteCount : 0 - UpdateCount : 0 - ChangeIdentityCount : 0 - FindCount : 0 - SystemCount : 0 - DefaultChangedCount : 1 - DataAccessCount : 1 -24 KCRemoveCallback - Input Arguments : 1 - KCEvent : 7 - Results : 12 - OSStatus 0 - IdleCount : 0 - LockCount : 0 - UnlockCount : 0 - AddCount : 0 - DeleteCount : 0 - UpdateCount : 0 - ChangeIdentityCount : 0 - FindCount : 0 - SystemCount : 0 - DefaultChangedCount : 1 - DataAccessCount : 1 -24 KCRemoveCallback - Input Arguments : 1 - KCEvent : 9 - Results : 12 - OSStatus 0 - IdleCount : 0 - LockCount : 0 - UnlockCount : 0 - AddCount : 0 - DeleteCount : 0 - UpdateCount : 0 - ChangeIdentityCount : 0 - FindCount : 0 - SystemCount : 0 - DefaultChangedCount : 1 - DataAccessCount : 1 -24 KCRemoveCallback - Input Arguments : 1 - KCEvent : 10 - Results : 12 - OSStatus 0 - IdleCount : 0 - LockCount : 0 - UnlockCount : 0 - AddCount : 0 - DeleteCount : 0 - UpdateCount : 0 - ChangeIdentityCount : 0 - FindCount : 0 - SystemCount : 0 - DefaultChangedCount : 0 - DataAccessCount : 1 -// remove twice -24 KCRemoveCallback - Input Arguments : 1 - KCEvent : 1 - Results : 12 - OSStatus -25298 - IdleCount : 0 - LockCount : 0 - UnlockCount : 0 - AddCount : 0 - DeleteCount : 0 - UpdateCount : 0 - ChangeIdentityCount : 0 - FindCount : 0 - SystemCount : 0 - DefaultChangedCount : 0 - DataAccessCount : 0 - diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/error_sub_cases_scripts b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/error_sub_cases_scripts deleted file mode 100644 index 9babebde..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/error_sub_cases_scripts +++ /dev/null @@ -1,494 +0,0 @@ -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Orange - Results : 1 - OSStatus -25293 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus -25315 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus -25315 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /5/00000 - Results : 3 - OSStatus 0 - Data : /5/Dog00 - ActualLength : 3 -41 KCAddItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -49 KCFindNextItem - Input Arguments : 1 - SearchIndex : 0 - Results : 2 - OSStatus 0 - ItemIndex : 1 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /50/00000000000000000000000000000000000000000000000000 - Results : 3 - OSStatus 0 - Data : /50/This item is not identical.00000000000000000000000 - ActualLength : 27 -49 KCFindNextItem - Input Arguments : 1 - SearchIndex : 0 - Results : 2 - OSStatus -25300 - ItemIndex : 3 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 1 - Results : 1 - OSStatus 0 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : type - .data : /2/00 - Results : 3 - OSStatus -25301 - Attribute : - .tag : type - .data : /2/00 - ActualLength : 4 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 5 - .0 : - .tag : desc - .data : /21/Description Attribute - .1 : - .tag : icmt - .data : /17/Comment Attribute - .2 : - .tag : labl - .data : /15/Label Attribute - .3 : - .tag : crtr - .data : /4/meme - .4 : - .tag : type - .data : /4/yuyu - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : desc - .data : /25/0000000000000000000000000 - Results : 3 - OSStatus 0 - Attribute : - .tag : desc - .data : /25/Description Attribute0000 - ActualLength : 21 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : icmt - .data : /17/00000000000000000 - Results : 3 - OSStatus 0 - Attribute : - .tag : icmt - .data : /17/Comment Attribute - ActualLength : 17 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : labl - .data : /15/000000000000000 - Results : 3 - OSStatus 0 - Attribute : - .tag : labl - .data : /15/Label Attribute - ActualLength : 15 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : crtr - .data : /5/00000 - Results : 3 - OSStatus 0 - Attribute : - .tag : crtr - .data : /4/meme - ActualLength : 4 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : type - .data : /4/0000 - Results : 3 - OSStatus 0 - Attribute : - .tag : type - .data : /4/yuyu - ActualLength : 4 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : type - .data : /2/00 - Results : 3 - OSStatus -25301 - Attribute : - .tag : type - .data : /2/00 - ActualLength : 4 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : clas - .data : /4/0000 - Results : 3 - OSStatus 0 - Attribute : - .tag : clas - .data : /4/inet - ActualLength : 4 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -49 KCFindNextItem - Input Arguments : 1 - SearchIndex : 0 - Results : 2 - OSStatus -25300 - ItemIndex : 1 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 037 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : type - .data : /2/00 - Results : 3 - OSStatus -25301 - Attribute : - .tag : type - .data : /2/00 - ActualLength : 4 -49 KCFindNextItem - Input Arguments : 1 - SearchIndex : 0 - Results : 2 - OSStatus -25300 - ItemIndex : 1 -49 KCFindNextItem - Input Arguments : 1 - SearchIndex : 0 - Results : 2 - OSStatus -25300 - ItemIndex : 1 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 0 -28 KCFindAppleSharePassword - Input Arguments : 6 - ServerSignature : My Signature.... - ServerAddress : This is my Server Address - ServerName : This is my Server Name - VolumeName : This is my Volume Name - AccountName : This is my Account Name - Password : /8/00000000 - Results : 4 - OSStatus 0 - Password : /8/Apple000 - ActualLength : 5 - ItemIndex : 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -34 KCFindGenericPassword - Input Arguments : 3 - ServiceName : This is my Service Name - AccountName : This is my Account Name - Password : /10/0000000000 - Results : 4 - OSStatus 0 - Password : /10/Apple00000 - ActualLength : 0 - ItemIndex : 1 -7 KCUnlockNoUI - Input Arguments : 2 - KeychainIndex : 0 Password : Apple - OSStatus 0 - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -40 KCGetDataNoUI - Input Arguments : 2 - ItemIndex : 0 - Data : /8/00000000 - Results : 3 - OSStatus -25308 - Data : /8/00000000 - ActualLength : 0 -42 KCAddItemNoUI - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus -25308 -40 KCGetDataNoUI - Input Arguments : 2 - ItemIndex : 0 - Data : /50/00000000000000000000000000000000000000000000000000 - Results : 3 - OSStatus -25308 - Data : /50/00000000000000000000000000000000000000000000000000 - ActualLength : 0 -42 KCAddItemNoUI - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 040 KCGetDataNoUI - Input Arguments : 2 - ItemIndex : 0 - Data : /50/00000000000000000000000000000000000000000000000000 - Results : 3 - OSStatus -25308 - Data : /50/00000000000000000000000000000000000000000000000000 - ActualLength : 0 -42 KCAddItemNoUI - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus -25308 -40 KCGetDataNoUI - Input Arguments : 2 - ItemIndex : 0 - Data : /8/00000000 - Results : 3 - OSStatus -25308 - Data : /8/00000000 - ActualLength : 0 -26 KCIsInteractionAllowed - Input Arguments : 0 - Results : 2 - OSStatus 0 - AllowInteraction : 1 -// -// script0025 -// -// KCChangeSettings -// KCSetInteractionAllowed -// KCGetInteractionAllowed -// -// Change keychain settings w/ and w/o interaction allowed enabled -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0025.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -25 KCSetInteractionAllowed - Input Arguments : 1 - AllowInteraction : 0 - Results : 1 - OSStatus 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -20 KCChangeSettings - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus -25308 -25 KCSetInteractionAllowed - Input Arguments : 1 - AllowInteraction : 1 - Results : 1 - OSStatus 0 -26 KCIsInteractionAllowed - Input Arguments : 0 - Results : 2 - OSStatus 0 - AllowInteraction : 1 - -// -## Click the Cancel button ## -20 KCChangeSettings - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus -128 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 - - - 24 KCRemoveCallback - Input Arguments : 1 - KCEvent : 5 - Results : 12 - OSStatus 0 - IdleCount : 0 - LockCount : 0 - UnlockCount : 0 - AddCount : 0 - DeleteCount : 0 - UpdateCount : 1 - ChangeIdentityCount : 0 - FindCount : 0 - SystemCount : 0 - DefaultChangedCount : 1 - DataAccessCount : 1 -24 KCRemoveCallback - Input Arguments : 1 - KCEvent : 6 - Results : 12 - OSStatus 0 - IdleCount : 0 - LockCount : 0 - UnlockCount : 0 - AddCount : 0 - DeleteCount : 0 - UpdateCount : 0 - ChangeIdentityCount : 0 - FindCount : 0 - SystemCount : 0 - DefaultChangedCount : 1 - DataAccessCount : 1 -24 KCRemoveCallback - Input Arguments : 1 - KCEvent : 7 - Results : 12 - OSStatus 0 - IdleCount : 0 - LockCount : 0 - UnlockCount : 0 - AddCount : 0 - DeleteCount : 0 - UpdateCount : 0 - ChangeIdentityCount : 0 - FindCount : 0 - SystemCount : 0 - DefaultChangedCount : 1 - DataAccessCount : 1 -24 KCRemoveCallback - Input Arguments : 1 - KCEvent : 9 - Results : 12 - OSStatus 0 - IdleCount : 0 - LockCount : 0 - UnlockCount : 0 - AddCount : 0 - DeleteCount : 0 - UpdateCount : 0 - ChangeIdentityCount : 0 - FindCount : 0 - SystemCount : 0 - DefaultChangedCount : 1 - DataAccessCount : 1 -24 KCRemoveCallback - Input Arguments : 1 - KCEvent : 10 - Results : 12 - OSStatus 0 - IdleCount : 0 - LockCount : 0 - UnlockCount : 0 - AddCount : 0 - DeleteCount : 0 - UpdateCount : 0 - ChangeIdentityCount : 0 - FindCount : 0 - SystemCount : 0 - DefaultChangedCount : 0 - DataAccessCount : 1 -// remove twice -24 KCRemoveCallback - Input Arguments : 1 - KCEvent : 1 - Results : 12 - OSStatus -25298 - IdleCount : 0 - LockCount : 0 - UnlockCount : 0 - AddCount : 0 - DeleteCount : 0 - UpdateCount : 0 - ChangeIdentityCount : 0 - FindCount : 0 - SystemCount : 0 - DefaultChangedCount : 0 - DataAccessCount : 0 -25 KCSetInteractionAllowed - Input Arguments : 1 - AllowInteraction : 0 - Results : 1 - OSStatus 0 -25 KCSetInteractionAllowed - Input Arguments : 1 - AllowInteraction : 1 - Results : 1 - OSStatus 0 -25 KCSetInteractionAllowed - Input Arguments : 1 - AllowInteraction : 1 - Results : 1 - OSStatus 0 -26 KCIsInteractionAllowed - Input Arguments : 0 - Results : 2 - OSStatus 0 - AllowInteraction : 1 - - diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0000 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0000 deleted file mode 100644 index cb0fd99a..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0000 +++ /dev/null @@ -1,19 +0,0 @@ -// -// script0000 -// -// KCGetKeychainManagerVersion -// KeychainManagerAvailable -// -// ** note ** update the expected version number for different -// version of SecurityLib -// -0 KCGetKeychainManagerVersion - Input Arguments : 0 - Results : 1 - OSStatus 0 - Version : 33718272 -1 KeychainManagerAvailable - Input Arguments : 0 - Results : 1 - OSStatus 0 - Available 1 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0001 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0001 deleted file mode 100644 index ceb8551e..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0001 +++ /dev/null @@ -1,69 +0,0 @@ -// -// script0001 -// -// KCCreateKeychain -// KCGetDefaultKeychain -// -// Create a keychain & release KCRef twice -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0001.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 1 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0001.002 - Results : 2 - OSStatus 0 - KeychainIndex : 2 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 2 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 3 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0001.001 - Results : 2 - OSStatus 0 - KeychainIndex : 4 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 4 - Password : Apple - Results : 2 - OSStatus -25296 - KeychainIndex : 5 -// First keychain is the default keychain -12 KCGetDefaultKeychain - Input Arguments : 0 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -19 KCGetKeychainName - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 - KeychainName : test0001.001 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 2 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0001.001 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0001.001 deleted file mode 100644 index 4f52f7fd..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0001.001 +++ /dev/null @@ -1,15 +0,0 @@ -// -// script0001.001 -// -// KCUnlock -// -// ** note ** -// Once this script is executed, the Keychain "test0001.001" should not -// be unlocked until the system rebooted. (run this script with discretion) -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0001.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0002 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0002 deleted file mode 100644 index 86593016..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0002 +++ /dev/null @@ -1,69 +0,0 @@ -// -// script0002 -// -// KCNewItem -// KCAddItem -// KCGetData -// -// Create an Apple Share Password item & add it to a default Keychain -// -35 KCNewItem - Input Arguments : 4 - Class : ashp - Creator : meme - Data : /5/apple - Results : 2 - OSStatus 0 - ItemIndex : 0 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0002.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -41 KCAddItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /8/00000000 - Results : 3 - OSStatus 0 - Data : /8/apple000 - ActualLength : 5 -45 KCUpdateItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0002.000 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0002.000 deleted file mode 100644 index e0eeacf7..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0002.000 +++ /dev/null @@ -1,65 +0,0 @@ -// -// script0002.000 -// -// KCNewItem -// KCAddItem -// KCGetData -// -// Check the item created in script0002 still exists -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0002.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 2 - .0 : - .tag : clas - .data : /4/ashp - .1 : - .tag : crtr - .data : /4/meme - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -49 KCFindNextItem - Input Arguments : 1 - SearchIndex : 0 - Results : 2 - OSStatus -25300 - ItemIndex : 1 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /8/00000000 - Results : 3 - OSStatus 0 - Data : /8/apple000 - ActualLength : 5 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0003 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0003 deleted file mode 100644 index 28958fe2..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0003 +++ /dev/null @@ -1,69 +0,0 @@ -// -// script0003 -// -// KCNewItem -// KCAddItem -// KCGetData -// -// Create a Generic Password item & add it to a default Keychain -// -35 KCNewItem - Input Arguments : 4 - Class : genp - Creator : meme - Data : /50/First Generic password:abcdefghijklmnopqrstuvwxyz# - Results : 2 - OSStatus 0 - ItemIndex : 0 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0003.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -41 KCAddItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /50/00000000000000000000000000000000000000000000000000 - Results : 3 - OSStatus 0 - Data : /50/First Generic password:abcdefghijklmnopqrstuvwxyz# - ActualLength : 50 -45 KCUpdateItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0003.000 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0003.000 deleted file mode 100644 index 3c6c525b..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0003.000 +++ /dev/null @@ -1,70 +0,0 @@ -// -// script0003.000 -// -// KCNewItem -// KCAddItem -// KCGetData -// -// Check the item created in script0003 still exists -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0003.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 2 - .0 : - .tag : clas - .data : /4/genp - .1 : - .tag : crtr - .data : /4/meme - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /50/00000000000000000000000000000000000000000000000000 - Results : 3 - OSStatus 0 - Data : /50/First Generic password:abcdefghijklmnopqrstuvwxyz# - ActualLength : 50 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -49 KCFindNextItem - Input Arguments : 1 - SearchIndex : 0 - Results : 2 - OSStatus -25300 - ItemIndex : 1 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0004 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0004 deleted file mode 100644 index 2e6c0862..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0004 +++ /dev/null @@ -1,69 +0,0 @@ -// -// script0004 -// -// KCNewItem -// KCAddItem -// KCGetData -// -// Create a Internet Password item & add it to a default Keychain -// -35 KCNewItem - Input Arguments : 4 - Class : inet - Creator : meme - Data : /48/First Internet password:abcdefghijklmnopqrstuvwx - Results : 2 - OSStatus 0 - ItemIndex : 0 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0004.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -41 KCAddItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /50/00000000000000000000000000000000000000000000000000 - Results : 3 - OSStatus 0 - Data : /50/First Internet password:abcdefghijklmnopqrstuvwx00 - ActualLength : 48 -45 KCUpdateItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0004.000 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0004.000 deleted file mode 100644 index 5eb070ea..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0004.000 +++ /dev/null @@ -1,70 +0,0 @@ -// -// script0004.000 -// -// KCNewItem -// KCAddItem -// KCGetData -// -// Check the item created in script0003 still exists -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0004.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 2 - .0 : - .tag : clas - .data : /4/inet - .1 : - .tag : crtr - .data : /4/meme - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /50/00000000000000000000000000000000000000000000000000 - Results : 3 - OSStatus 0 - Data : /50/First Internet password:abcdefghijklmnopqrstuvwx00 - ActualLength : 48 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -49 KCFindNextItem - Input Arguments : 1 - SearchIndex : 0 - Results : 2 - OSStatus -25300 - ItemIndex : 1 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0005 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0005 deleted file mode 100644 index 8da3b332..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0005 +++ /dev/null @@ -1,77 +0,0 @@ -// -// script0005 -// -// KCSetData -// KCGetData -// -// Create & Add an Apple Share Password item a default Keychain, then modify the data -// -35 KCNewItem - Input Arguments : 4 - Class : ashp - Creator : hehe - Data : /5/Apple - Results : 2 - OSStatus 0 - ItemIndex : 0 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0005.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -41 KCAddItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -38 KCSetData - Input Arguments : 2 - ItemIndex : 0 - Data : /3/Dog - Results : 1 - OSStatus 0 -// -// THIS IS WRONG NOW: - the rogueapp alert does come up and allow access (returns 0) -// -// NOTE! We return errKCInvalid (soon to change to access denied) -// We want to prohibit processes from accessing data that is cached in -// memory that hasn't been written out. We want to stop the process -// from bypassing our rogue-app/access control UI -// -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /5/00000 - Results : 3 - OSStatus 0 - Data : /5/Apple - ActualLength : 5 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0005.000 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0005.000 deleted file mode 100644 index a1a5dd7d..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0005.000 +++ /dev/null @@ -1,61 +0,0 @@ -// -// script0005.000 -// -// KCSetData -// KCGetData -// -// Check the item created in script0005 still exists -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0005.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 2 - .0 : - .tag : clas - .data : /4/ashp - .1 : - .tag : crtr - .data : /4/hehe - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -49 KCFindNextItem - Input Arguments : 1 - SearchIndex : 0 - Results : 2 - OSStatus -25300 - ItemIndex : 1 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0006 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0006 deleted file mode 100644 index 82800acd..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0006 +++ /dev/null @@ -1,80 +0,0 @@ -// -// script0006 -// -// KCSetData -// KCGetData -// -// Create & Add an Generic Password item a default Keychain, then modify the data -// -35 KCNewItem - Input Arguments : 4 - Class : genp - Creator : meme - Data : /50/First Generic password:abcdefghijklmnopqrstuvwxyz# - Results : 2 - OSStatus 0 - ItemIndex : 0 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0006.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -41 KCAddItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -38 KCSetData - Input Arguments : 2 - ItemIndex : 0 - Data : /3/Cat - Results : 1 - OSStatus 0 -45 KCUpdateItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -// -// NOTE! We return errKCInvalid (soon to change to access denied) -// We want to prohibit processes from accessing data that is cached in -// memory that hasn't been written out. We want to stop the process -// from bypassing our rogue-app/access control UI -// -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /3/000 - Results : 3 - OSStatus 0 - Data : /3/Cat - ActualLength : 3 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0006.000 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0006.000 deleted file mode 100644 index afa4e344..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0006.000 +++ /dev/null @@ -1,69 +0,0 @@ -// -// script0006.000 -// -// KCSetData -// KCGetData -// -// Check the item created in script0006 still exists -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0006.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 2 - .0 : - .tag : clas - .data : /4/genp - .1 : - .tag : crtr - .data : /4/meme - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /3/000 - Results : 3 - OSStatus 0 - Data : /3/Cat - ActualLength : 3 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -49 KCFindNextItem - Input Arguments : 1 - SearchIndex : 0 - Results : 2 - OSStatus -25300 - ItemIndex : 1 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0007 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0007 deleted file mode 100644 index b37034e9..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0007 +++ /dev/null @@ -1,82 +0,0 @@ -// -// script0007 -// -// KCSetData -// KCGetData -// -// Create & Add an Internet Password item a default Keychain, then modify the data -// -35 KCNewItem - Input Arguments : 4 - Class : inet - Creator : meme - Data : /48/First Internet password:abcdefghijklmnopqrstuvwx - Results : 2 - OSStatus 0 - ItemIndex : 0 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0007.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -41 KCAddItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -38 KCSetData - Input Arguments : 2 - ItemIndex : 0 - Data : /6/Monkey - Results : 1 - OSStatus 0 -45 KCUpdateItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -// -// THIS IS WRONG NOW - the rogueapp does come up and -// -// NOTE! We return errKCInvalid (soon to change to access denied) -// We want to prohibit processes from accessing data that is cached in -// memory that hasn't been written out. We want to stop the process -// from bypassing our rogue-app/access control UI -// -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /6/000000 - Results : 3 - OSStatus 0 - Data : /6/Monkey - ActualLength : 6 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0007.000 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0007.000 deleted file mode 100644 index 264c9261..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0007.000 +++ /dev/null @@ -1,69 +0,0 @@ -// -// script0007.000 -// -// KCSetData -// KCGetData -// -// Check the item created in script0007 still exists -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0007.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 2 - .0 : - .tag : clas - .data : /4/inet - .1 : - .tag : crtr - .data : /4/meme - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /6/000000 - Results : 3 - OSStatus 0 - Data : /6/Monkey - ActualLength : 6 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -49 KCFindNextItem - Input Arguments : 1 - SearchIndex : 0 - Results : 2 - OSStatus -25300 - ItemIndex : 1 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0008 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0008 deleted file mode 100644 index 616a85e5..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0008 +++ /dev/null @@ -1,94 +0,0 @@ -// -// script0008 -// -// KCSetData -// -// Try adding an identical Internet Password password twice -// -// -35 KCNewItem - Input Arguments : 4 - Class : inet - Creator : meme - Data : /48/First Internet password:abcdefghijklmnopqrstuvwx - Results : 2 - OSStatus 0 - ItemIndex : 0 -35 KCNewItem - Input Arguments : 4 - Class : inet - Creator : usus - Data : /27/This item is not identical. - Results : 2 - OSStatus 0 - ItemIndex : 1 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0008.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -41 KCAddItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -41 KCAddItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus -25299 -45 KCUpdateItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /50/00000000000000000000000000000000000000000000000000 - Results : 3 - OSStatus 0 - Data : /50/First Internet password:abcdefghijklmnopqrstuvwx00 - ActualLength : 48 -39 KCGetData - Input Arguments : 2 - ItemIndex : 1 - Data : /50/00000000000000000000000000000000000000000000000000 - Results : 3 - OSStatus 0 - Data : /50/This item is not identical.00000000000000000000000 - ActualLength : 27 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 1 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0008.000 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0008.000 deleted file mode 100644 index d9fe5bd1..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0008.000 +++ /dev/null @@ -1,57 +0,0 @@ -// -// script0008.000 -// -// KCSetData -// -// Check the items created in script0008 still exist -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0008.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 2 - .0 : - .tag : clas - .data : /4/inet - .1 : - .tag : crtr - .data : /4/meme - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /50/00000000000000000000000000000000000000000000000000 - Results : 3 - OSStatus 0 - Data : /50/First Internet password:abcdefghijklmnopqrstuvwx00 - ActualLength : 48 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0009 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0009 deleted file mode 100644 index 82b16015..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0009 +++ /dev/null @@ -1,50 +0,0 @@ -// -// script0009 -// -// KCFindFirstItem -// -// Find the first item of an empty keychain -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0009.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 0 - Results : 3 - OSStatus -25300 - SearchIndex : 0 - ItemIndex : 0 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus -25305 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0010 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0010 deleted file mode 100644 index e0227887..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0010 +++ /dev/null @@ -1,87 +0,0 @@ -// -// script0010 -// -// Adding an Internet Password to an empty Keychain and -// retrieve it via KCFindFirstItem() -// -35 KCNewItem - Input Arguments : 4 - Class : inet - Creator : meme - Data : /19/Internet Password 1 - Results : 2 - OSStatus 0 - ItemIndex : 0 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0010.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -41 KCAddItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 2 - .0 : - .tag : clas - .data : /4/inet - .1 : - .tag : crtr - .data : /4/meme - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -49 KCFindNextItem - Input Arguments : 1 - SearchIndex : 0 - Results : 2 - OSStatus -25300 - ItemIndex : 2 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /50/00000000000000000000000000000000000000000000000000 - Results : 3 - OSStatus 0 - Data : /50/Internet Password 10000000000000000000000000000000 - ActualLength : 19 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0010.000 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0010.000 deleted file mode 100644 index c5163a20..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0010.000 +++ /dev/null @@ -1,66 +0,0 @@ -// -// script0010.000 -// -// Check the items created in script0010 still exist -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0010.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 2 - .0 : - .tag : clas - .data : /4/inet - .1 : - .tag : crtr - .data : /4/meme - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -49 KCFindNextItem - Input Arguments : 1 - SearchIndex : 0 - Results : 2 - OSStatus -25300 - ItemIndex : 1 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /50/00000000000000000000000000000000000000000000000000 - Results : 3 - OSStatus 0 - Data : /50/Internet Password 10000000000000000000000000000000 - ActualLength : 19 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0011 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0011 deleted file mode 100644 index 93585317..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0011 +++ /dev/null @@ -1,189 +0,0 @@ -// -// script0011 -// -// KCSetAttribute -// -// Adding an Internet Password to an empty Keychain and -// set 5 attributes & retrieve them -// Description (desc) -// Comment (icmt) -// Label (labl) -// Creator Type (crtr) -// File Type (type) -// -35 KCNewItem - Input Arguments : 4 - Class : inet - Creator : meme - Data : /19/Internet Password 1 - Results : 2 - OSStatus 0 - ItemIndex : 0 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0011.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -41 KCAddItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -36 KCSetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : desc - .data : /21/Description Attribute - Results : 1 - OSStatus 0 -36 KCSetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : icmt - .data : /17/Comment Attribute - Results : 1 - OSStatus 0 -36 KCSetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : labl - .data : /15/Label Attribute - Results : 1 - OSStatus 0 -36 KCSetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : crtr - .data : /4/meme - Results : 1 - OSStatus 0 -36 KCSetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : type - .data : /4/yuyu - Results : 1 - OSStatus 0 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : desc - .data : /25/0000000000000000000000000 - Results : 3 - OSStatus 0 - Attribute : - .tag : desc - .data : /25/Description Attribute0000 - ActualLength : 21 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : icmt - .data : /17/00000000000000000 - Results : 3 - OSStatus 0 - Attribute : - .tag : icmt - .data : /17/Comment Attribute - ActualLength : 17 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : labl - .data : /15/000000000000000 - Results : 3 - OSStatus 0 - Attribute : - .tag : labl - .data : /15/Label Attribute - ActualLength : 15 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : crtr - .data : /5/00000 - Results : 3 - OSStatus 0 - Attribute : - .tag : crtr - .data : /4/meme - ActualLength : 4 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : type - .data : /4/0000 - Results : 3 - OSStatus 0 - Attribute : - .tag : type - .data : /4/yuyu - ActualLength : 4 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : type - .data : /2/00 - Results : 3 - OSStatus 0 - Attribute : - .tag : type - .data : /2/yu - ActualLength : 2 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : clas - .data : /4/0000 - Results : 3 - OSStatus 0 - Attribute : - .tag : clas - .data : /4/inet - ActualLength : 4 -45 KCUpdateItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0011.001 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0011.001 deleted file mode 100755 index d37ae156..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0011.001 +++ /dev/null @@ -1,130 +0,0 @@ -// -// script0011.001 -// -// Test all 5 attributes added in script0011 can be retrieved -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0011.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 2 - .0 : - .tag : clas - .data : /4/inet - .1 : - .tag : crtr - .data : /4/meme - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : desc - .data : /25/0000000000000000000000000 - Results : 3 - OSStatus 0 - Attribute : - .tag : desc - .data : /25/Description Attribute0000 - ActualLength : 21 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : icmt - .data : /17/00000000000000000 - Results : 3 - OSStatus 0 - Attribute : - .tag : icmt - .data : /17/Comment Attribute - ActualLength : 17 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : labl - .data : /15/000000000000000 - Results : 3 - OSStatus 0 - Attribute : - .tag : labl - .data : /15/Label Attribute - ActualLength : 15 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : crtr - .data : /5/00000 - Results : 3 - OSStatus 0 - Attribute : - .tag : crtr - .data : /4/meme - ActualLength : 4 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : type - .data : /4/0000 - Results : 3 - OSStatus 0 - Attribute : - .tag : type - .data : /4/yuyu - ActualLength : 4 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : clas - .data : /4/0000 - Results : 3 - OSStatus 0 - Attribute : - .tag : clas - .data : /4/inet - ActualLength : 4 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -49 KCFindNextItem - Input Arguments : 1 - SearchIndex : 0 - Results : 2 - OSStatus -25300 - ItemIndex : 1 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0011.002 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0011.002 deleted file mode 100755 index 3c32f10e..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0011.002 +++ /dev/null @@ -1,27 +0,0 @@ -// -// script0011.002 -// -// Test all 5 attributes added in script0011 can be retrieved -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0011.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0011.003 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0011.003 deleted file mode 100755 index d9a4632b..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0011.003 +++ /dev/null @@ -1,122 +0,0 @@ -// -// script0011.003 [alpha blocker] -// -// Test all 5 attributes added in script0011 can be retrieved -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0011.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 1 - .0 : - .tag : labl - .data : /15/Label Attribute - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : desc - .data : /25/0000000000000000000000000 - Results : 3 - OSStatus 0 - Attribute : - .tag : desc - .data : /25/Description Attribute0000 - ActualLength : 21 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : icmt - .data : /17/00000000000000000 - Results : 3 - OSStatus 0 - Attribute : - .tag : icmt - .data : /17/Comment Attribute - ActualLength : 17 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : labl - .data : /15/000000000000000 - Results : 3 - OSStatus 0 - Attribute : - .tag : labl - .data : /15/Label Attribute - ActualLength : 15 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : crtr - .data : /5/00000 - Results : 3 - OSStatus 0 - Attribute : - .tag : crtr - .data : /4/meme - ActualLength : 4 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : type - .data : /4/0000 - Results : 3 - OSStatus 0 - Attribute : - .tag : type - .data : /4/yuyu - ActualLength : 4 -37 KCGetAttribute - Input Arguments : 2 - ItemIndex : 0 - Attribute : - .tag : clas - .data : /4/0000 - Results : 3 - OSStatus 0 - Attribute : - .tag : clas - .data : /4/inet - ActualLength : 4 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 - diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0012 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0012 deleted file mode 100644 index 02c88caf..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0012 +++ /dev/null @@ -1,60 +0,0 @@ -// -// script0012 -// -// KCDeleteItem -// -// Delete an item not previously added (it shouldn't do anything) -// Delete the same item twice (error) -// -35 KCNewItem - Input Arguments : 4 - Class : genp - Creator : meme - Data : /16/Generic Password - Results : 2 - OSStatus 0 - ItemIndex : 0 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0012.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -41 KCAddItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -43 KCDeleteItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -43 KCDeleteItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus -25300 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0012.000 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0012.000 deleted file mode 100644 index b5384aa5..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0012.000 +++ /dev/null @@ -1,45 +0,0 @@ -// -// script0012.000 -// -// KCDeleteItem -// -// Test if keychain created in script0012 remains empty -// (all items added were deleted in script0012) -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0012.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 2 - .0 : - .tag : clas - .data : /4/genp - .1 : - .tag : crtr - .data : /4/meme - Results : 3 - OSStatus -25300 - SearchIndex : 0 - ItemIndex : 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0012.001 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0012.001 deleted file mode 100644 index 81e8620f..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0012.001 +++ /dev/null @@ -1,17 +0,0 @@ -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFSSpec : test0012.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -7 KCUnlockNoUI - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0013 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0013 deleted file mode 100755 index 27aa509d..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0013 +++ /dev/null @@ -1,79 +0,0 @@ -// -// script0013 -// -// KCAddAppleSharePassword -// KCFindAppleSharePassword -// -// Add an Apple Share password and retrieve it -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0013.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -27 KCAddAppleSharePassword - Input Arguments : 7 - ServerSignature : My Signature.... - ServerAddress : This is my Server Address - ServerName : This is my Server Name - VolumeName : This is my Volume Name - AccountName : This is my Account Name - Password : /5/Apple - Results : 2 - OSStatus 0 - ItemIndex : 0 -// %%%cpm - -// The following stuff won't run correctly because -// Only AppleShare and KeychainAccess can interpret the contents of -// a AppleSharePassword item. It's contains a AppleShare private structure -// with a max of 8 characters inside for the pwd. -// -//## Click the Allow button (to acquire data on the find)## -// -//28 KCFindAppleSharePassword -// Input Arguments : 6 -// ServerSignature : My Signature.... -// ServerAddress : This is my Server Address -// ServerName : This is my Server Name -// VolumeName : This is my Volume Name -// AccountName : This is my Account Name -// Password : /8/00000000 -// Results : 4 -// OSStatus 0 -// Password : /8/Apple000 -// ActualLength : 5 -// ItemIndex : 0 -//45 KCUpdateItem -// Input Arguments : 1 -// ItemIndex : 0 -// Results : 1 -// OSStatus 0 -//46 KCReleaseItem -// Input Arguments : 1 -// ItemIndex : 0 -// Results : 1 -// OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0013.000 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0013.000 deleted file mode 100644 index b50f8ced..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0013.000 +++ /dev/null @@ -1,30 +0,0 @@ -// -// script0013.000 -// -// KCAddAppleSharePassword -// KCFindAppleSharePassword -// -// Find the AppleShare password added in script0013 -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0013.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0014 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0014 deleted file mode 100755 index 5048f073..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0014 +++ /dev/null @@ -1,80 +0,0 @@ -// -// script0014 -// -// KCAddInternetPassword -// KCFindInternetPassword -// -// Add an Internet password and retrieve it -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0014.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -29 KCAddInternetPassword - Input Arguments : 7 - ServerName : This is my Server name - SecurityDomain : This is my Security Domain - AccountName : This is my Accout name - Port : 18 - Protocol : http - AuthType : httd - Password : /5/Apple - Results : 2 - OSStatus 0 - ItemIndex : 0 -29 KCAddInternetPassword - Input Arguments : 7 - ServerName : This is my Server name - SecurityDomain : This is my Security Domain - AccountName : This is my Accout name - Port : 18 - Protocol : http - AuthType : httd - Password : /5/Apple - Results : 2 - OSStatus -25299 - ItemIndex : 1 -31 KCFindInternetPassword - Input Arguments : 7 - ServerName : This is my Server name - SecurityDomain : This is my Security Domain - AccountName : This is my Accout name - Port : 18 - Protocol : http - AuthType : httd - Password : /10/0000000000 - Results : 4 - OSStatus 0 - Password : /10/Apple00000 - ActualLength : 5 - ItemIndex : 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0014.000 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0014.000 deleted file mode 100644 index 24254fbb..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0014.000 +++ /dev/null @@ -1,49 +0,0 @@ -// -// script0014.000 -// -// KCAddInternetPassword -// KCFindInternetPassword -// -// Find the Internet password added in script0014 -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0014.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -31 KCFindInternetPassword - Input Arguments : 7 - ServerName : This is my Server name - SecurityDomain : This is my Security Domain - AccountName : This is my Accout name - Port : 18 - Protocol : http - AuthType : httd - Password : /10/0000000000 - Results : 4 - OSStatus 0 - Password : /10/Apple00000 - ActualLength : 5 - ItemIndex : 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0015 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0015 deleted file mode 100644 index bb67e21d..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0015 +++ /dev/null @@ -1,92 +0,0 @@ -// -// script0015 -// -// -// KCAddInternetPasswordWithPath -// KCFindInternetPasswordWithPath -// -// Add an Internet password and retrieve it -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0015.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -30 KCAddInternetPasswordWithPath - Input Arguments : 8 - ServerName : This is my Server name - SecurityDomain : This is my Security Domain - AccountName : This is my Accout name - Path : This is my Path - Port : 18 - Protocol : http - AuthType : httd - Password : /5/Apple - Results : 2 - OSStatus 0 - ItemIndex : 0 -30 KCAddInternetPasswordWithPath - Input Arguments : 8 - ServerName : This is my Server name - SecurityDomain : This is my Security Domain - AccountName : This is my Accout name - Path : This is my Path - Port : 18 - Protocol : http - AuthType : httd - Password : /5/Apple - Results : 2 - OSStatus -25299 - ItemIndex : 1 -32 KCFindInternetPasswordWithPath - Input Arguments : 8 - ServerName : This is my Server name - SecurityDomain : This is my Security Domain - AccountName : This is my Accout name - Path : This is my Path - Port : 18 - Protocol : http - AuthType : httd - Password : /10/0000000000 - Results : 4 - OSStatus 0 - Password : /10/Apple00000 - ActualLength : 5 - ItemIndex : 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 - - - - - - - - diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0015.000 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0015.000 deleted file mode 100644 index 00adf6fc..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0015.000 +++ /dev/null @@ -1,59 +0,0 @@ -// -// script0015.000 -// -// -// KCAddInternetPasswordWithPath -// KCFindInternetPasswordWithPath -// -// Find the Internet password added in script0015 -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0015.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -32 KCFindInternetPasswordWithPath - Input Arguments : 8 - ServerName : This is my Server name - SecurityDomain : This is my Security Domain - AccountName : This is my Accout name - Path : This is my Path - Port : 18 - Protocol : http - AuthType : httd - Password : /10/0000000000 - Results : 4 - OSStatus 0 - Password : /10/Apple00000 - ActualLength : 5 - ItemIndex : 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 - - - - - - - - diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0016 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0016 deleted file mode 100644 index f6f60d90..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0016 +++ /dev/null @@ -1,86 +0,0 @@ -// -// script0016 -// -// KCAddGenericPassword -// KCFindGenericPassword -// -// Add a Generic password and retrieve it -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0016.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -33 KCAddGenericPassword - Input Arguments : 3 - ServiceName : This is my Service Name - AccountName : This is my Account Name - Password : /5/Apple - Results : 2 - OSStatus 0 - ItemIndex : 0 -33 KCAddGenericPassword - Input Arguments : 3 - ServiceName : This is my Service Name - AccountName : This is my Account Name - Password : /5/Apple - Results : 2 - OSStatus -25299 - ItemIndex : 1 -34 KCFindGenericPassword - Input Arguments : 3 - ServiceName : This is my Service Name - AccountName : This is my Account Name - Password : /10/0000000000 - Results : 4 - OSStatus 0 - Password : /10/Apple00000 - ActualLength : 5 - ItemIndex : 0 -34 KCFindGenericPassword - Input Arguments : 3 - ServiceName : This is my Service Name - AccountName : This is my Account Name - Password : /10/0000000000 - Results : 4 - OSStatus 0 - Password : /10/Apple00000 - ActualLength : 5 - ItemIndex : 3 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 - - - - - - - - diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0016.000 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0016.000 deleted file mode 100644 index 8b4c5141..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0016.000 +++ /dev/null @@ -1,53 +0,0 @@ -// -// script0016.000 -// -// KCAddGenericPassword -// KCFindGenericPassword -// -// Find the Internet password added in script0016 -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0016.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -34 KCFindGenericPassword - Input Arguments : 3 - ServiceName : This is my Service Name - AccountName : This is my Account Name - Password : /10/0000000000 - Results : 4 - OSStatus 0 - Password : /10/Apple00000 - ActualLength : 5 - ItemIndex : 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 - - - - - - - - diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0017 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0017 deleted file mode 100644 index 4d08628d..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0017 +++ /dev/null @@ -1,82 +0,0 @@ -// -// script0017 -// -// KCSetDefaultKeychain -// KCGetDefaultKeychain -// -// Switch default keychain -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0017.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 1 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0017.002 - Results : 2 - OSStatus 0 - KeychainIndex : 2 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 2 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 3 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0017.003 - Results : 2 - OSStatus 0 - KeychainIndex : 4 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 4 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 5 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 1 - Results : 1 - OSStatus 0 -12 KCGetDefaultKeychain - Input Arguments : 0 - Results : 2 - OSStatus 0 - KeychainIndex : 1 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 3 - Results : 1 - OSStatus 0 -12 KCGetDefaultKeychain - Input Arguments : 0 - Results : 2 - OSStatus 0 - KeychainIndex : 3 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 2 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 4 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0018 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0018 deleted file mode 100644 index 996eefbe..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0018 +++ /dev/null @@ -1,32 +0,0 @@ -// -// script0018 -// -// KCNewItem -// -// Create an Apple Share Password item with its data length > 8 -// -// This length is enforced by AppleShare client, but we can't enforce this -// limit in case it is lifted later. -// -35 KCNewItem - Input Arguments : 4 - Class : ashp - Creator : meme - Data : /14/apple computer - Results : 2 - OSStatus 0 - ItemIndex : 0 -35 KCNewItem - Input Arguments : 4 - Class : ashp - Creator : meme - Data : /5/apple - Results : 2 - OSStatus 0 - ItemIndex : 1 -38 KCSetData - Input Arguments : 2 - ItemIndex : 1 - Data : /14/apple computer - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0019 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0019 deleted file mode 100644 index 1316f692..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0019 +++ /dev/null @@ -1,60 +0,0 @@ -// -// script0019 -// -// KCAddAppleSharePassword -// -// Create an Apple Share Password item with its data length > 8 -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0019.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -//%%%why does it expect -25302? (dataTooLarge) - we CANT impose the 8 char limit on our hi level call -27 KCAddAppleSharePassword - Input Arguments : 7 - ServerSignature : My Signature.... - ServerAddress : This is my Server Address - ServerName : This is my Server Name - VolumeName : This is my Volume Name - AccountName : This is my Account Name - Password : /14/apple computer - Results : 2 - OSStatus -25302 - ItemIndex : 0 -27 KCAddAppleSharePassword - Input Arguments : 7 - ServerSignature : My Signature.... - ServerAddress : This is my Server Address - ServerName : This is my Server Name - VolumeName : This is my Volume Name - AccountName : This is my Account Name - Password : /5/apple - Results : 2 - OSStatus 0 - ItemIndex : 1 -38 KCSetData - Input Arguments : 2 - ItemIndex : 1 - Data : /14/apple computer - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0020 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0020 deleted file mode 100644 index b6f01288..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0020 +++ /dev/null @@ -1,44 +0,0 @@ -// -// script0020 @@@needs work -// -// Copy Item -// -35 KCNewItem - Input Arguments : 4 - Class : inet - Creator : meme - Data : /48/First Internet password:abcdefghijklmnopqrstuvwx - Results : 2 - OSStatus 0 - ItemIndex : 0 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0020.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -47 KCCopyItem - Input Arguments : 2 - KeychainIndex : 0 - ItemIndex : 0 - Results : 2 - OSStatus 0 - ItemIndex : 1 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0021 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0021 deleted file mode 100755 index 2cb6e65b..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0021 +++ /dev/null @@ -1,41 +0,0 @@ -// -// script0021 -// -// KCMakeKCRefFromAlias -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0021.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 - KeychainIndex : 1 -5 KCMakeAliasFromKCRef - Input Arguments : 1 - KeychainIndex : 1 - Results : 2 - OSStatus 0 - AliasIndex : 0 -4 KCMakeKCRefFromAlias - Input Arguments : 1 - AliasIndex : 0 - Results : 2 - OSStatus 0 - KeychainIndex : 2 -19 KCGetKeychainName - Input Arguments : 1 - KeychainIndex : 2 - Results : 2 - OSStatus 0 - KeychainName : test0021.001 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 1 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0022 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0022 deleted file mode 100755 index fe6c6c04..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0022 +++ /dev/null @@ -1,170 +0,0 @@ -// -// script0022 -// -// KCAddCallback -// KCRemoveCallback -// -// Add/remove callback for each event type -// -// kLockKCEvent -23 KCAddCallback - Input Arguments : 1 - KCEvent : 1 - Results : 1 - OSStatus 0 -// kUnlockEvent -23 KCAddCallback - Input Arguments : 1 - KCEvent : 2 - Results : 1 - OSStatus 0 -// kAddKCEvent -23 KCAddCallback - Input Arguments : 1 - KCEvent : 3 - Results : 1 - OSStatus 0 -// kDeleteKCEvent -23 KCAddCallback - Input Arguments : 1 - KCEvent : 4 - Results : 1 - OSStatus 0 -// kUpdateKCEvent -23 KCAddCallback - Input Arguments : 1 - KCEvent : 5 - Results : 1 - OSStatus 0 -// kChangeIdentityKCEvent -23 KCAddCallback - Input Arguments : 1 - KCEvent : 6 - Results : 1 - OSStatus 0 -// kFindKCEvent -23 KCAddCallback - Input Arguments : 1 - KCEvent : 7 - Results : 1 - OSStatus 0 -// kDefaultChangedKCEvent -23 KCAddCallback - Input Arguments : 1 - KCEvent : 9 - Results : 1 - OSStatus 0 -// kDataAccessKCEvent -23 KCAddCallback - Input Arguments : 1 - KCEvent : 10 - Results : 1 - OSStatus 0 -// kLockKCEvent (duplicate) -23 KCAddCallback - Input Arguments : 1 - KCEvent : 1 - Results : 1 - OSStatus -25297 -// -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0022.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 1 -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0022.002 - Results : 2 - OSStatus 0 - KeychainIndex : 2 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 2 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 3 -// -35 KCNewItem - Input Arguments : 4 - Class : inet - Creator : meme - Data : /17/Internet password - Results : 2 - OSStatus 0 - ItemIndex : 0 -// generate kLockKCEvent -10 KCLock - Input Arguments : 1 - KeychainIndex : 1 - Results : 1 - OSStatus 0 -// generate kUnlockKCEvent -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 1 - Password : Apple - Results : 1 - OSStatus 0 -// generate kDefaultChangedKCEvent -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 1 - Results : 1 - OSStatus 0 -// generate kAddKCEvent -41 KCAddItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -// generate kDataAccessKCEvent -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /50/00000000000000000000000000000000000000000000000000 - Results : 3 - OSStatus 0 - Data : /50/Internet password000000000000000000000000000000000 - ActualLength : 17 -// generate kUpdateKCEvent -38 KCSetData - Input Arguments : 2 - ItemIndex : 0 - Data : /3/Cat - Results : 1 - OSStatus 0 -45 KCUpdateItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -// generate kDeleteKCEvent -43 KCDeleteItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -// generate kLockKCEvent -10 KCLock - Input Arguments : 1 - KeychainIndex : 1 - Results : 1 - OSStatus 0 -// -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0023 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0023 deleted file mode 100755 index f1c402f1..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0023 +++ /dev/null @@ -1,43 +0,0 @@ -// -// script0023 -// -// KCStatus -// -// Check lock state -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0023.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -// keychain is locked by default -// keychain is now unlocked -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -// status bitmask -// kcUnlockState 1 : unlocked -// kcRdPerm 2 : unlocked with read permission -// kcWrPerm 4 : unlocked with write permission -16 KCGetStatus - Input Arguments : 1 - KeychainIndex : 0 - Results : 2 - OSStatus 0 - KeychainStatus : 7 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0024 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0024 deleted file mode 100755 index 68b419a0..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0024 +++ /dev/null @@ -1,33 +0,0 @@ -// -// script0024 -// -// KCCreateKeychain -// KCSetInteractionAllowed -// KCGetInteractionAllowed -// -// Create a new keychain w/ and w/o interaction allowed enabled -// -25 KCSetInteractionAllowed - Input Arguments : 1 - AllowInteraction : 0 - Results : 1 - OSStatus 0 -26 KCIsInteractionAllowed - Input Arguments : 0 - Results : 2 - OSStatus 0 - AllowInteraction : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : -1 - Password : Apple - Results : 2 - OSStatus -25308 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : -1 - Password : Apple - Results : 2 - OSStatus -25308 - KeychainIndex : 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0025 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0025 deleted file mode 100755 index 263f8115..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0025 +++ /dev/null @@ -1,59 +0,0 @@ -// -// script0025 -// -// KCChangeSettings -// KCSetInteractionAllowed -// KCGetInteractionAllowed -// -// Change keychain settings w/ and w/o interaction allowed enabled -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0025.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -25 KCSetInteractionAllowed - Input Arguments : 1 - AllowInteraction : 0 - Results : 1 - OSStatus 0 -20 KCChangeSettings - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus -25308 -// taken out to avoid any UI for automation purposes -//25 KCSetInteractionAllowed -// Input Arguments : 1 -// AllowInteraction : 1 -// Results : 1 -// OSStatus 0 -//20 KCChangeSettings -// Input Arguments : 1 -// KeychainIndex : 0 -// Results : 1 -// OSStatus -128 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0026 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0026 deleted file mode 100644 index 6999d201..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0026 +++ /dev/null @@ -1,68 +0,0 @@ -// -// script0026 -// -// KCNewItem -// KCAddItemNoUI -// KCGetDataNoUI -// -// Create an Apple Share Password item & add it to a default Keychain -// -35 KCNewItem - Input Arguments : 4 - Class : ashp - Creator : meme - Data : /5/apple - Results : 2 - OSStatus 0 - ItemIndex : 0 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0026.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -15 KCCreateKeychainNoUI - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 -7 KCUnlockNoUI - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -42 KCAddItemNoUI - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /8/00000000 - Results : 3 - OSStatus 0 - Data : /8/apple000 - ActualLength : 5 -45 KCUpdateItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0026.000 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0026.000 deleted file mode 100644 index e7f75d47..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0026.000 +++ /dev/null @@ -1,44 +0,0 @@ -// -// script0026.000 -// -// KCAddItemNoUI -// KCGetDataNoUI -// -// Check the item added in script0026 still exists -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0026.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 2 - .0 : - .tag : clas - .data : /4/ashp - .1 : - .tag : crtr - .data : /4/meme - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0026.001 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0026.001 deleted file mode 100644 index 6fdef795..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0026.001 +++ /dev/null @@ -1,54 +0,0 @@ -// -// script0026.001 -// -// KCAddItemNoUI -// KCGetDataNoUI -// -// Call KCGetDataNoUI (Apple Share Password) to a locked keychain -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0026.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -10 KCLock - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 2 - .0 : - .tag : clas - .data : /4/ashp - .1 : - .tag : crtr - .data : /4/meme - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0026.002 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0026.002 deleted file mode 100644 index 80160c5e..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0026.002 +++ /dev/null @@ -1,42 +0,0 @@ -// -// script0026.001 -// -// KCAddItemNoUI -// KCGetDataNoUI -// -// Call KCAddItemNoUI (Apple Share Password) to a locked keychain -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0026.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -10 KCLock - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -35 KCNewItem - Input Arguments : 4 - Class : ashp - Creator : meme - Data : /6/apple2 - Results : 2 - OSStatus 0 - ItemIndex : 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0027 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0027 deleted file mode 100644 index bd9d843e..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0027 +++ /dev/null @@ -1,68 +0,0 @@ -// -// script0027 -// -// KCNewItem -// KCAddItemNoUI -// KCGetDataNoUI -// -// Create a Generic Password item & add it to a default Keychain -// -35 KCNewItem - Input Arguments : 4 - Class : genp - Creator : meme - Data : /50/First Generic password:abcdefghijklmnopqrstuvwxyz# - Results : 2 - OSStatus 0 - ItemIndex : 0 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0027.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -15 KCCreateKeychainNoUI - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 -7 KCUnlockNoUI - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -42 KCAddItemNoUI - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /50/00000000000000000000000000000000000000000000000000 - Results : 3 - OSStatus 0 - Data : /50/First Generic password:abcdefghijklmnopqrstuvwxyz# - ActualLength : 50 -45 KCUpdateItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0027.000 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0027.000 deleted file mode 100644 index a218934f..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0027.000 +++ /dev/null @@ -1,64 +0,0 @@ -// -// script0027.000 -// -// KCNewItem -// KCAddItemNoUI -// KCGetDataNoUI -// -// Check the item added in script0027 still exists -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0027.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -7 KCUnlockNoUI - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 2 - .0 : - .tag : clas - .data : /4/genp - .1 : - .tag : crtr - .data : /4/meme - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /50/00000000000000000000000000000000000000000000000000 - Results : 3 - OSStatus 0 - Data : /50/First Generic password:abcdefghijklmnopqrstuvwxyz# - ActualLength : 50 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0027.001 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0027.001 deleted file mode 100644 index 550713bb..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0027.001 +++ /dev/null @@ -1,55 +0,0 @@ -// -// script0027.001 -// -// KCNewItem -// KCAddItemNoUI -// KCGetDataNoUI -// -// Call KCGetDataNoUI (Generic Password) to a locked keychain -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0027.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -10 KCLock - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 2 - .0 : - .tag : clas - .data : /4/genp - .1 : - .tag : crtr - .data : /4/meme - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0027.002 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0027.002 deleted file mode 100644 index e2ec25b6..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0027.002 +++ /dev/null @@ -1,43 +0,0 @@ -// -// script0027.002 -// -// KCNewItem -// KCAddItemNoUI -// KCGetDataNoUI -// -// Call KCAddItemNoUI (Generic Password) to a locked keychain -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0027.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -10 KCLock - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -35 KCNewItem - Input Arguments : 4 - Class : genp - Creator : meme - Data : /23/Second Generic password - Results : 2 - OSStatus 0 - ItemIndex : 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0028 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0028 deleted file mode 100644 index f5cc406b..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0028 +++ /dev/null @@ -1,68 +0,0 @@ -// -// script0028 -// -// KCNewItem -// KCAddItemNoUI -// KCGetDataNoUI -// -// Create a Internet Password item & add it to a default Keychain -// -35 KCNewItem - Input Arguments : 4 - Class : inet - Creator : meme - Data : /48/First Internet password:abcdefghijklmnopqrstuvwx - Results : 2 - OSStatus 0 - ItemIndex : 0 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0028.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -15 KCCreateKeychainNoUI - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 -7 KCUnlockNoUI - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -42 KCAddItemNoUI - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /50/00000000000000000000000000000000000000000000000000 - Results : 3 - OSStatus 0 - Data : /50/First Internet password:abcdefghijklmnopqrstuvwx00 - ActualLength : 48 -45 KCUpdateItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0028.000 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0028.000 deleted file mode 100644 index 142570fb..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0028.000 +++ /dev/null @@ -1,63 +0,0 @@ -// -// script0028.000 -// -// KCAddItemNoUI -// KCGetDataNoUI -// -// Check the item added in script0028 still exists -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0028.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 2 - .0 : - .tag : clas - .data : /4/inet - .1 : - .tag : crtr - .data : /4/meme - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /50/00000000000000000000000000000000000000000000000000 - Results : 3 - OSStatus 0 - Data : /50/First Internet password:abcdefghijklmnopqrstuvwx00 - ActualLength : 48 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0028.001 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0028.001 deleted file mode 100644 index df61848f..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0028.001 +++ /dev/null @@ -1,54 +0,0 @@ -// -// script0028.001 -// -// KCAddItemNoUI -// KCGetDataNoUI -// -// Call KCGetDataNoUI (Internet Password) to a locked keychain -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0028.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -10 KCLock - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 2 - .0 : - .tag : clas - .data : /4/inet - .1 : - .tag : crtr - .data : /4/meme - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0028.002 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0028.002 deleted file mode 100644 index 575fdac8..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0028.002 +++ /dev/null @@ -1,42 +0,0 @@ -// -// script0028.002 -// -// KCAddItemNoUI -// KCGetDataNoUI -// -// Call KCAddItemNoUI (Internet Password) to a locked keychain -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0028.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -10 KCLock - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -35 KCNewItem - Input Arguments : 4 - Class : inet - Creator : meme - Data : /24/Second Internet password - Results : 2 - OSStatus 0 - ItemIndex : 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0029 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0029 deleted file mode 100644 index 09b3dce1..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0029 +++ /dev/null @@ -1,73 +0,0 @@ -// -// script0029 -// -// KCSetDataNo -// KCGetDataNoUI -// -// Create & Add an Apple Share Password item a default Keychain, then modify the data -// -35 KCNewItem - Input Arguments : 4 - Class : ashp - Creator : meme - Data : /5/Apple - Results : 2 - OSStatus 0 - ItemIndex : 0 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0029.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -15 KCCreateKeychainNoUI - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 -7 KCUnlockNoUI - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -42 KCAddItemNoUI - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -38 KCSetData - Input Arguments : 2 - ItemIndex : 0 - Data : /3/Dog - Results : 1 - OSStatus 0 -45 KCUpdateItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /5/00000 - Results : 3 - OSStatus 0 - Data : /5/Dog00 - ActualLength : 3 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0029.000 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0029.000 deleted file mode 100644 index ca076280..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0029.000 +++ /dev/null @@ -1,63 +0,0 @@ -// -// script0029.000 -// -// KCSetDataNo -// KCGetDataNoUI -// -// Check the item added in script0029 still exists -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0029.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 2 - .0 : - .tag : clas - .data : /4/ashp - .1 : - .tag : crtr - .data : /4/meme - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /5/00000 - Results : 3 - OSStatus 0 - Data : /5/Dog00 - ActualLength : 3 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0030 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0030 deleted file mode 100644 index d485bc9e..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0030 +++ /dev/null @@ -1,73 +0,0 @@ -// -// script0030 -// -// KCSetData -// KCGetDataNoUI -// -// Create & Add an Generic Password item a default Keychain, then modify the data -// -35 KCNewItem - Input Arguments : 4 - Class : genp - Creator : meme - Data : /50/First Generic password:abcdefghijklmnopqrstuvwxyz# - Results : 2 - OSStatus 0 - ItemIndex : 0 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0030.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -15 KCCreateKeychainNoUI - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 -7 KCUnlockNoUI - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -42 KCAddItemNoUI - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -38 KCSetData - Input Arguments : 2 - ItemIndex : 0 - Data : /3/Cat - Results : 1 - OSStatus 0 -45 KCUpdateItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /3/000 - Results : 3 - OSStatus 0 - Data : /3/Cat - ActualLength : 3 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0030.000 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0030.000 deleted file mode 100644 index 98f08c06..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0030.000 +++ /dev/null @@ -1,63 +0,0 @@ -// -// script0030.000 -// -// KCSetData -// KCGetDataNoUI -// -// Check the item added in script0030 still exists -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0030.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 2 - .0 : - .tag : clas - .data : /4/genp - .1 : - .tag : crtr - .data : /4/meme - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /3/000 - Results : 3 - OSStatus 0 - Data : /3/Cat - ActualLength : 3 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0031 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0031 deleted file mode 100644 index 035cafe6..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0031 +++ /dev/null @@ -1,73 +0,0 @@ -// -// script0031 -// -// KCSetData -// KCGetDataNoUI -// -// Create & Add an Internet Password item a default Keychain, then modify the data -// -35 KCNewItem - Input Arguments : 4 - Class : inet - Creator : meme - Data : /48/First Internet password:abcdefghijklmnopqrstuvwx - Results : 2 - OSStatus 0 - ItemIndex : 0 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0031.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -15 KCCreateKeychainNoUI - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 -7 KCUnlockNoUI - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -42 KCAddItemNoUI - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -38 KCSetData - Input Arguments : 2 - ItemIndex : 0 - Data : /6/Monkey - Results : 1 - OSStatus 0 -45 KCUpdateItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /6/000000 - Results : 3 - OSStatus 0 - Data : /6/Monkey - ActualLength : 6 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0031.000 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0031.000 deleted file mode 100644 index c9a1a0dc..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0031.000 +++ /dev/null @@ -1,63 +0,0 @@ -// -// script0031.000 -// -// KCSetData -// KCGetDataNoUI -// -// Check the item added in script0031 still exists -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0031.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -48 KCFindFirstItem - Input Arguments : 2 - KeychainIndex : 0 - AttributeList : - .count : 2 - .0 : - .tag : clas - .data : /4/inet - .1 : - .tag : crtr - .data : /4/meme - Results : 3 - OSStatus 0 - SearchIndex : 0 - ItemIndex : 0 -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /6/000000 - Results : 3 - OSStatus 0 - Data : /6/Monkey - ActualLength : 6 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -50 KCReleaseSearch - Input Arguments : 1 - SearchIndex : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0032 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0032 deleted file mode 100644 index c7e6ac94..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0032 +++ /dev/null @@ -1,23 +0,0 @@ -// -// script00032 -// -// KCLogin -// KCChangeLoginPassword -// KCLogout -// -64 KCLogin - Input Arguments : 2 - Name : LoginKC - Password : Craig - Results : 1 - OSStatus 0 -66 KCChangeLoginPassword - Input Arguments : 2 - OldPassword : Craig - NewPassword : Craig2 - Results : 1 - OSStatus 0 -65 KCLogout - Input Arguments : 0 - Results : 1 - OSStatus 0 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0033 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0033 deleted file mode 100644 index c49f2836..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0033 +++ /dev/null @@ -1,64 +0,0 @@ -// -// script0033 -// -// KCNewItem -// KCAddItem -// KCGetData -// -// Create a Generic Password item & add it to a default Keychain twice -// Also create new item that is identical and see if it can be added. -35 KCNewItem - Input Arguments : 4 - Class : genp - Creator : meme - Data : /50/First Generic password:abcdefghijklmnopqrstuvwxyz# - Results : 2 - OSStatus 0 - ItemIndex : 0 -35 KCNewItem - Input Arguments : 4 - Class : genp - Creator : meme - Data : /50/First Generic password:abcdefghijklmnopqrstuvwxyz# - Results : 2 - OSStatus 0 - ItemIndex : 1 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0033.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -41 KCAddItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -41 KCAddItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus -25299 -41 KCAddItem - Input Arguments : 1 - ItemIndex : 1 - Results : 1 - OSStatus -25299 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0034 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0034 deleted file mode 100644 index 4ea97534..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0034 +++ /dev/null @@ -1,65 +0,0 @@ -// -// script0025 -// -// KCChangeSettings -// KCSetInteractionAllowed -// KCGetInteractionAllowed -// -// Change keychain settings w/ and w/o interaction allowed enabled -// -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0034.000 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -25 KCSetInteractionAllowed - Input Arguments : 1 - AllowInteraction : 0 - Results : 1 - OSStatus 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -20 KCChangeSettings - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus -25308 -25 KCSetInteractionAllowed - Input Arguments : 1 - AllowInteraction : 0 - Results : 1 - OSStatus 0 -26 KCIsInteractionAllowed - Input Arguments : 0 - Results : 2 - OSStatus 0 - AllowInteraction : 0 -20 KCChangeSettings - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus -25308 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 - - diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0035 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0035 deleted file mode 100644 index 817f11c4..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0035 +++ /dev/null @@ -1,98 +0,0 @@ -35 KCNewItem - Input Arguments : 4 - Class : ashp - Creator : meme - Data : /5/apple - Results : 2 - OSStatus 0 - ItemIndex : 0 -35 KCNewItem - Input Arguments : 4 - Class : ashp - Creator : meme - Data : /5/apple - Results : 2 - OSStatus 0 - ItemIndex : 1 -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0035.001 - Results : 2 - OSStatus 0 - KeychainIndex : 0 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 0 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 0 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -41 KCAddItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 - - -3 KCMakeKCRefFromFSSpec - Input Arguments : 1 - KeychainFile : test0035.002 - Results : 2 - OSStatus 0 - KeychainIndex : 1 -14 KCCreateKeychain - Input Arguments : 2 - KeychainIndex : 2 - Password : Apple - Results : 2 - OSStatus 0 - KeychainIndex : 2 -8 KCUnlock - Input Arguments : 2 - KeychainIndex : 1 - Password : Apple - Results : 1 - OSStatus 0 -13 KCSetDefaultKeychain - Input Arguments : 1 - KeychainIndex : 2 - Results : 1 - OSStatus 0 -41 KCAddItem - Input Arguments : 1 - ItemIndex : 1 - Results : 1 - OSStatus 0 - -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -46 KCReleaseItem - Input Arguments : 1 - ItemIndex : 1 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 0 - Results : 1 - OSStatus 0 -6 KCReleaseKeychain - Input Arguments : 2 - KeychainIndex : 2 - Results : 1 - OSStatus 0 - diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0036 b/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0036 deleted file mode 100644 index e1b79ce0..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/scripts/script0036 +++ /dev/null @@ -1,35 +0,0 @@ -// -// script0036 - designed to run after the default keychain DELETED from disk -// -// KCNewItem -// KCAddItem -// KCGetData -// -// Attempt to add an AppleShare password to the default keychain -// - If there aren't any keychains available, a panel will ask you to create one. -// - If default is deleted, a panel appears asking to select a different -// keychain or create a new one for the item (here you can change the default too). -// -35 KCNewItem - Input Arguments : 4 - Class : ashp - Creator : cind - Data : /8/CindyLou - Results : 2 - OSStatus 0 - ItemIndex : 0 -41 KCAddItem - Input Arguments : 1 - ItemIndex : 0 - Results : 1 - OSStatus 0 -// -## Chose a keychain or create one, then hit 'Select' ## -39 KCGetData - Input Arguments : 2 - ItemIndex : 0 - Data : /8/00000000 - Results : 3 - OSStatus 0 - Data : /8/CindyLou - ActualLength : 5 diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI/testKeychainAPI.cpp b/SecurityTests/testKeychainAPI/testKeychainAPI/testKeychainAPI.cpp deleted file mode 100644 index dbdead3d..00000000 --- a/SecurityTests/testKeychainAPI/testKeychainAPI/testKeychainAPI.cpp +++ /dev/null @@ -1,476 +0,0 @@ -#include "KCAPI_Keychain.h" -#include "KCAPI_Manager.h" -#include "testKeychainAPI.h" -#include "Radar.h" -#include - -#if TARGET_RT_MAC_MACHO - #include - #include - #include -#else - #include - #include - #include - static void GetArg(int &outArgc, char** &outArgv); -#endif - -static char* gResourcePath = NULL; -static char* GetResourcePath(char**argv); -static int gSleep=0; - -#ifndef TEST_SCRIPT_PATH - #define TEST_SCRIPT_PATH (getenv("TESTKEYCHAINAPI_TEST_SCRIPT_PATH") ? getenv("TESTKEYCHAINAPI_TEST_SCRIPT_PATH") : gResourcePath) -#endif - - -int main(int argc, char** argv) -{ - -#if defined(__MWERKS__) - // Set SIOUX window position to top left corner - // so that Security Dialogs will not cover the - // window - SIOUXSettings.toppixel = 40; - SIOUXSettings.leftpixel = 5; - - // emulate argc, argv - GetArg(argc, argv); -#endif - - gResourcePath = GetResourcePath(argv); - - try{ - CTestApp aTestApp(argc, argv); - aTestApp.Run(); - } - catch(const char *inErrorMsg){ - fprintf(stderr, "ERROR : %s\n", inErrorMsg); - } - - if(gSleep) - { - fprintf(stderr, "\n-----> sleeping...\n"); - sleep(60000); - } - -} - -CTestApp::CTestApp( - int inArgc, - char ** inArgv) - :mArgc(inArgc), mArgv(inArgv), - mVerbose(false), mRelaxErrorChecking(false) -{ -} - -void -CTestApp::Run() -{ - int ch; - bool didWork = false; - const char *options = "hH?vlew:f:r:R:n:s:S"; - -#if TARGET_RT_MAC_MACHO - extern char * optarg; - while ((ch = getopt(mArgc, mArgv, options)) != -1){ -#else - char * optarg = NULL; - for(int i=1; i -> -> Running script%04ld ...\n", i); - DoRunScript(aInput, aPass, aFail); - aPassCount += aPass; - aFailCount += aFail; - fclose(aInput); - } - } - } - else{ - -#if TARGET_RT_MAC_MACHO - sprintf(aFullPath, "%s//script%04d", TEST_SCRIPT_PATH, atoi(inScriptNo)); -#else - sprintf(aFullPath, "%s:script%04d", TEST_SCRIPT_PATH, atoi(inScriptNo)); -#endif - - if((aInput = fopen(aFullPath, "r")) != NULL){ - DoRunScript(aInput, aPassCount, aFailCount); - fclose(aInput); - } - else{ - fprintf(stderr, "No script file for [%s]\n", inScriptNo); - return; - } - } - - printf("Total number of test cases executed %ld : (passed = %ld, failed = %ld)\n", aPassCount+aFailCount, aPassCount, aFailCount); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ DoRunSubTestScript -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -void -CTestApp::DoRunSubTestScript( - const char * inScriptNo) -{ - FILE *aInput; - char aFullPath[256]; - UInt32 aPassCount = 0; - UInt32 aFailCount = 0; - UInt32 aStartScript = 0; - UInt32 aEndScript = 50; /* 9999 */ - - // not "all" - run the specified test case's sub-test cases - if(strcmp(inScriptNo, "all")){ - aStartScript = aEndScript = atoi(inScriptNo); - } - - for(UInt32 j=aStartScript; j<=aEndScript; j++){ - for(UInt32 i=0; i<5 /*999*/; i++){ -#if TARGET_RT_MAC_MACHO - sprintf(aFullPath, "%s//script%04ld.%03ld", TEST_SCRIPT_PATH, j, i); -#else - sprintf(aFullPath, "%s:script%04ld.%03ld", TEST_SCRIPT_PATH, j, i); -#endif - - if((aInput = fopen(aFullPath, "r")) != NULL){ - UInt32 aPass, aFail; - if(mVerbose) printf("\n\n-> -> -> Running script%04ld.%03ld ...\n", j, i); - DoRunScript(aInput, aPass, aFail); - aPassCount += aPass; - aFailCount += aFail; - fclose(aInput); - } - } - } - - printf("Total number of test cases executed %ld : (passed = %ld, failed = %ld)\n", aPassCount+aFailCount, aPassCount, aFailCount); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ DoRunScript -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -void -CTestApp::DoRunScript( - const char *inPath, - UInt32 &outPass, - UInt32 &outFail) -{ - Cleanup(); - - FILE *aInput = fopen(inPath, "r"); - if(aInput == NULL){ - fprintf(stderr, "ERROR Cannot open the file %s\n", inPath); - return; - } - DoRunScript(aInput, outPass, outFail); - fclose(aInput); -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ DoRunScript -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -void -CTestApp::DoRunScript( - FILE *inFile, - UInt32 &outPass, - UInt32 &outFail) -{ - Cleanup(); - - eKCOperationID aID; - UInt32 aPassCount = 0; - UInt32 aFailCount = 0; - - try{ - while(KCOperation::ReadScript(inFile, aID) != EOF){ - KCOperation *aOperation = (KCOperation*)COpRegister::CreateOperation(aID, this); - if(aOperation == NULL){ - fprintf(stderr, "ERROR COpRegister::CreateOperation(%d) failed\n", aID); - break; - } - - bool aResult = aOperation->RunScript(inFile); - aPassCount += (aResult) ? 1 : 0; - aFailCount += (!aResult) ? 1 : 0; - if(mVerbose){ - printf("TestCase No.%04ld (%s): %s\n", aPassCount+aFailCount, COpRegister::GetOperationName(aID), (aResult) ? "PASSED" : "FAILED"); - if(!aResult){ - fprintf(stdout, "%d %s\n", aID, COpRegister::GetOperationName(aID)); - aOperation->WriteResults(stdout); - } - } - delete aOperation; - } - } - catch(const char *inErrorMsg){ - fprintf(stderr, "ERROR : %s\n", inErrorMsg); - fprintf(stderr, " Terminating this script\n"); - } - - outPass = aPassCount; - outFail = aFailCount; - -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ DoDumpScript -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -void -CTestApp::DoDumpScript( - const char *inOperationNo) -{ - FILE *aOutput = stdout; - bool aDoAll = (strcmp(inOperationNo, "all") == 0); - - for(long i=0; iOperate(); - aOperation->WriteScript(aOutput); - delete aOperation; - } - } -} - - - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ DoRadar -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -void -CTestApp::DoRadar( - const char *inArg) -{ - UInt32 i=0; - - // -l (list all Radar bug descriptions) - if(inArg == NULL){ - while(gRadarBugs[i].testCaseFunc){ - printf("%s %s\n", gRadarBugs[i].ID, gRadarBugs[i].desc); - i++; - } - } - // -r all (run all Radar bugs) - else if(!strcmp(inArg, "all")){ - while(gRadarBugs[i].testCaseFunc){ - printf(">>>>>>>>>> Radar %s >>>>>>>>>>\n", gRadarBugs[i].ID); - printf("%s\n", gRadarBugs[i].desc); - (gRadarBugs[i].testCaseFunc)(this); - printf("<<<<<<<<<< Radar %s done <<<<<<<<<<\n\n", gRadarBugs[i].ID); - - i++; - } - } - // -r nnnnn (run a specific Radar bug) - else{ - while(gRadarBugs[i].testCaseFunc){ - if(!strcmp(inArg, gRadarBugs[i].ID)){ - (gRadarBugs[i].testCaseFunc)(this); - return; - } - i++; - } - fprintf(stderr, "No such Radar ID\n"); - DoRadar(NULL); - } -} - -void -CTestApp::Cleanup() -{ - KCOperation::Cleanup(); - KCItemOperation::Cleanup(); - KCSearchOperation::Cleanup(); -} - -#if TARGET_RT_MAC_MACHO -char* -GetResourcePath(char **inArgv) -{ - // Can I do better than this ? - const char *aResourcesDir = "../Resources/"; - const char *progname; - char *aResourcePath = NULL; - int len; - - progname = strrchr(inArgv[0], '/'); - len = (progname) ? (strlen(inArgv[0]) - strlen(progname)+1) : 0; - aResourcePath = new char[len + strlen(aResourcesDir)+1]; - if(len) memcpy(aResourcePath, inArgv[0], len); - memcpy(aResourcePath+len, aResourcesDir, strlen(aResourcesDir)); - aResourcePath[len+strlen(aResourcesDir)] = '\0'; - return(aResourcePath); -} -#else -char* -GetResourcePath(char **inArgv) -{ - // ¥¥¥ temp solution - return("Work:CVS Project:Security:Tests:testKeychainAPI:testKeychainAPI:scripts"); -} - -void GetArg( - int &outArgc, - char** &outArgv) -{ - // emulate the command line arg - const char *kProgname = "testKeychainAPI"; - char *aBuffer = new char[1024]; - - memset(aBuffer, 0, 1024); - strcpy(aBuffer, kProgname); - int i = strlen(kProgname)+1; - - cout << kProgname << " "; - cin.getline(aBuffer+i, 1024-i); - for(; i<1028; i++) if(aBuffer[i] == ' ') aBuffer[i] = '\0'; - - int j = 0; - char *p = aBuffer; - char **argv = new char*[128]; - do{ - if(strlen(p) > 0) argv[j++] = p; - p += strlen(p)+1; - } while(p < aBuffer+1024); - - outArgc = j; - outArgv = argv; -} - -char* -UNIX_fgets( - char *inBuffer, - int inSize, - FILE *inFile) -{ - // Scripts are in UNIX format - // so fgets() does not work on ClassicMac - // as is - for(int i=0; i 4/18/00 em Created. -// ====================================================================== - -#ifndef __TESTKEYCHAINAPI__ -#define __TESTKEYCHAINAPI__ - -#include -#include -#undef check - -class CTestApp{ -public: - CTestApp( - int inArgc, - char ** inArgv); - - virtual void Run(); - - virtual void DoRunScript( - const char *inPath, - UInt32 &outPass, - UInt32 &outFail); - - virtual void DoRunScript( - FILE *inFile, - UInt32 &outPass, - UInt32 &outFail); - - virtual void DoRunTestScript( - const char *inScriptNo); - - virtual void DoRunSubTestScript( - const char * inScriptNo); - - virtual void DoDumpScript( - const char *inOperationNo); - - virtual void DoRadar( - const char *inBugNo); - - virtual void Cleanup(); - - bool IsVerbose(){ return mVerbose; } - bool IsRelaxErrorChecking(){ return mRelaxErrorChecking; } -protected: - int mArgc; - char ** mArgv; - bool mVerbose; - bool mRelaxErrorChecking; - -}; - -#if TARGET_RT_MAC_MACHO - #define UNIX_fgets(a, b, c) fgets(a, b, c) -#else - #define UNIX_fgets(a, b, c) UNIXfgets(a, b, c) - char* UNIX_fgets(char *inBuffer, int inSize, FILE *inFile); -#endif - -#endif diff --git a/SecurityTests/testKeychainAPI/testKeychainAPI_user_manual.cwk b/SecurityTests/testKeychainAPI/testKeychainAPI_user_manual.cwk deleted file mode 100644 index 163480e8efa8912e5e83edfb8e5c028654a08dfc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 115775 zcmeIb4S-eGRWE+-of#Mi!#9K=X>L>6(3H#!A4!1H1Og$@0HHAXY;3vA++ikjXYTag zJA4FEs7)1Zs`x}jt2SGh9qPToV)f}UwiGf*Is*{ea}5JV&q>3H{EvAZ6g4~BbD0UzJymJTI-(< zz7Q1r*|4Sl?o<%qfARn-jekLEe=aYyhBIeEo>YnwD{(gBWVtT2zjG#FaM@-2d;<>H z+LUrO*2Stv+n1+C#89ydY5YAvO%!yUT&JW}4MD@MGt^l>bp$aWq2>4|JlDk33||a; zVAuo09tb_q@DPgk1uiG82&M(;)wivAXGjhUNTwSl+XTUP|Mb-m{X-Qb{~_0nJR`|U zGPqOJK(H-fYFsIqJ7{>Ke)pMUXO4{+Q-82-bHl8<)6Dmtnm(GIC05M^E)~?(Q8Kmb z46`3f;nCF?T$b7^mzfZGw!%AtK&-4szD)&UmP@EkZTeGFpOo~P3hEPTI&keIL`tct z)K4b({ z(wE2Ryr_jYj24j|{Le0rO^<`!aE*A!LnWsF^rx1vnEKS!Ph6rn1*st8N~x*eY)wsl z;aHT6DNT-GU$7zlhjlZ8&gC0!ZUe_*_Q&++aGngF)XH+W`ZnhI=YmO`<#Ri6mT_)N z?R^kEg3=?@UH7f}CsKPKnH+S~|53CqmYd#3YI^YHS;2?uwHI82NS$&(sHObDU|#y$ z#Nc2g$}#;pN9~@5+F_X-;RHYZU!CUf9SG9tOO+bN&Bz6U86}@r2M&Hn;d%#C;}uR& zI8oswg)uAdi1*$u2raVqg8J7|8@9Fv_CHSxL)s4xLe^T6#lKk=N%jqC`>85LSaVXJcX)% zOjfV&SNO9E4=DV7h1zdpj_CC_6@J&jrUr%De@)syP483u4GM2m_+f?jD(q9J@zS(c zuYXhF|4{gp!oOGeErtK;;Mi#jXDYl$q1HF{D|-FE6&_ajjKY6+aGb`=I2|YB+7z$; zANR|8{bhwZ4#xc-cRgPHGyb3TTKi{$`f0+u9Dah@IbnfbFI1@GV&ZIfJ@KOsPE!9) z((y4#$LXYxD1EcSPbfUDQ0{3`z_<+KnQ}{~?HU1}Se@y{IHD6yk-|=6ne!O(MUaMV~{;6L7 zi-XhZ6lxxrwoI?H3e^wOKC9P%sqi@mFKbk&adDa2eOXcQKdDg1^)_22Yw>b1uAbZy`CLB*d?_^d*;f4Yu?={jzw>$si%Z;mf@ zht8(Km{c&DWlp*yOPraTQh_Wt1oI$iQJ%4XpX9+9#hg4o6(A`(J>&k;@ccuPXZ)-r z&-i(U=hp;N44Sx}pgrUN#PEDGsb|9VNuCKmV|ex^c_tlC@=X6ml4rW*`6k;O^-qBP z6s)meFZ99W)Zz5qsl%zSrXD9}+rN9mGQy;9*Swe4-=XUa>C#SCr z9<)5cI&#)?rM8=}?n@}4*G7J+?kgzm34%*LEmYjEjQeyQ_KI>3V>9HT^k-2zi1k@> z`WvbJJ+p#fT2uO;QJPIHD~g5QOt~wUX)pBlX8Sra`R=})AWH4U?*4KqlP%^l-F=Ii z%DGbc*4*~?u55ST(siqvv;F-o%L;wvTwl4=vOZTT3>4dQrKYB~t{f#Gm@gGF*-U#r zm+i|qZJDiI-R)hOVy?HaC0EMys5_GnrMLneBxEse5ywyKi%*T*wp$ z`oIIlv?Nm+=q~3n+0C#)&va(H z^Uawi9Br@(c9wI+NH1mHH5*h2NuOm}Tj$J!R4D^5 zslrld%ba=5t*x!%amP+>pypI>Zz-b|W;;5ZR|{Li?qs*ITe{1OnhO0n7zQgly324f zNxj(~bdh(>rhzhhC)c})wihye*5;mzIX(5&O?=JxmwseBy-uwKDPtgywl2!dt<(#xw{6%^&XxyCnbt}b zF@{jls=kigHpsU&H6dScP^-HO17)@keHeA()mL8~Mg-%uSS%EqG5Fx6J{MO$Hd+^= zGv+UV3s-dab*$(vmddNjxn5dP@tpVC+=`i|)W$e!N5;sMQ40cbD>5Ryj!}SacCGSm z30pI2l<2uSv${~|@uQ=YMr1Gs5fDCYW(s}z?M}(ka=F-z0hU{h{0WzgQYCS`&&;{r z{xUKk^0K7XE({AK(_SRPau-E;(4ASYm98xGG`qT*+Y1BeTKHWnG0j%Q%3NQ&n@gMo zl*pXWDvB!oKd+X8YIrZEiI+}AZ1oLDRzd$4HLQxc@<6dK*P%v-QFYDSYv&>To$cT_ zL!!dWLicob=kguM29oHJS!596qKuw!m8i=^<(6!IAjdosRtTG%N99v$zxrwf->u6S zQ)>(56>w*VbM1y)w%Fbki3E7qQOFy^(@10*u>*tnE8Z3{fCC|vcz=_te^qp5V&3Ht z+mvh1B6Ui$BnE)(D#M{ILiLcT+m#0mnLshrDi&oI?@ zm#<=f=bJmg zaVTUnMP@zBEx9Zf66J0r8_Wc3ixcmdt#VQmMY{Vy;do;#ES2@b)-H_rVh#(F5_=dk zl&h+klUW8q%LGQ7oNJ(6)G=E~Y-CHw?eT%De)D13!K!avwzQ+;mRw)1*xkM^TPk6) z0iL;AoZdv2c&EFejeJRDN3JsqH-sY{75k%-fLsz0XZS(Ewc3_!u{*m7{_DtLM($t( zVJx*`)h5Y^j%d0%ZoV{KW=b(iGOK1&pKh9&W$74Mk6atJpS|p+VPxA99NkPWxhh@S z@)|_iHI%Cp_}BFkDr(KJ# zvnVsq@r22{)m=x@Am_a%hYd5V!{KJA9noLJ%FmBEjP-u3JK?)b=FQaRCiU|NBrjAZ z&v3$Lj$$j2|2mqYZlA@~rce6uMJ_t0Bmx-7F5PdMo)EQItPk03!%)lJ8m;&wF9-R zG@Ljxkmd}7P;*mEbCYQ_R>&QQO|JsC`}9g>f!Cb58;L!f?KsXb6_s+xuSMv`$`kVn zRyMN2-rkSJysTba1In_1gtyu;f8%z#D<@XRjO@!SW!Bx$g(+$_R?*0XeYx^%r#^1J zAkhoCBJHKl=FA2})K`5%k)=(hjb>oXadl8G{T*)|VI}4Oxxv$$ul_=*)XmAzugee_ z$OH(C9?5?NU515`0pe9MFS}ls#b2hxq`fFJzeN&8HBswdW>;F|m(Z`-!?$ga7K(F= zIh|VFYL{LA_qyW2Jxr#}FYNmYyyL;@0h>6OGcmKV2RpU(8O+L9+hFO(r48>$GGFB~ z|ErEJ(>5j{xQG4Ew#rZPR%T(+Kge!f?H(c=)`gyON&C61#FNc;>ZN%o; zepx`gU&zA^9hl{1{Re+_h_qW#Gxi1LA{*Yu6up$&S(|d$Cy-IV1tnaKIoIu3FyPo$ zEb%a6{mNWgjG9Vag@HV7<&g_D_0DCK^<}UI-9j4_y9wI^J;+SBW0d>m61<)1p>^m* zrd{5&%6%H{aWfs=*dvhHhRYsxwqp^?B{5+9xV<&*aADPsrre1Ei!S1AsqCkrGfL%w z&dwWeyb&~5m6f%kyJtnMVGz3|m#oitgU$Aqw)d5@+qkObRk%dKjLk6>y(e{(W@LsR zm653(fZ?F?I<6{{I>NZz1Po{M3LB^L7@HfGx50qo)^5F-!Mux|2=o!B;1Z@W?;os! z(ROsAkGm|lUglvvyKHT4>ne0M4XrG*{eAv?XTM8%i_q^djY}3p={GW(Owb6wrpRQL z>)K?_!WN(JGT~i-?6p+Z9lG2}t~+Q=W%=Z90TOu-z6;YJT9U&E$?Oo*%rxNVzS&A< zl0x9ZQfw5lvM>*#53W+KHH8k#&>LY`Udg#}ElkEMVB6;^aIMm?y95+tMwwMVzG@XwR}Xw;3MWlBlB(SkJL+ zpj0mOuEL#6Tub{vDb%vGT{cAG4B7Vf&=(urjYpiJw52_4tu80x3>faA85{H#W_f}8 z7;(N*M{l1umo?=QlVGX1rReEP2g+S|q$K^%#`#%z-*c@i6wC2C`hf|l*>YEc3XG@T zQOFPUCLFpY-y1d+x6oLPC01~lUP2Q$bZ^E&6qzkv2PXc_z7EV(}7JDXoCGgw?psc%!*o}1So zQOC*X!_d-o1Do>Q?Z^Quv!#SvyZU>!`?{Phx36Cv*VH{w3^m=1ossSRi8f=25L&W4 zSB0SiNM8wEAJ-43hp}}Bn%lWOPDikX!{E+hwm(kY3XIo%dmpdj^a0>J9lONEvQ12- zNMgFVuS(|1k)i2<_xo(xRM*sWNnKN2fa4y0%x^8q{6emBr0Tv^xj1VHa&b||z1%&T z^^;n|Ts)vhHa;NrVU$wofn9i*i)U(o@8qgA_(%3qr#43Ef}Rv&Qiq}SZd^irT1}D0 z;i0ezAy*Jwr% zmQtk-Nqi|7UlOl6482ModevdHBwlqGdX+r% zrNd}Ryy`IYDtY+)sl#YVyy`IYDtYKjhtZOFRWP6gsV7^-tAx(0f`Km;qa}J(FobVNyu+wQ85a(twaVCW7`05sm&2&_G6o$+TPWkyVYDx0 zEIW*PO2)gx(5tkNIYBT!3rpT`80{6wEe@kSC;7)=w09*(IgCbt~w{EC4Z+RVdYe7>kexX&q(Q2;+Pr$j~y{45wi9Vzg$U;q^ZKMMv> zG4Qis02M>as2NZ(@Uvh56+{1$2hd@BUXElE_?bMBYy&?F22iEoXTbm}27VR{pkj6_ z22e5dFEs-yhW;f6P%+vH`dKmbFL`i8FzC5RUr>seN`Gl7(xwhtOfvda>PMe7gu8 z#y_!uK} z7;S|_ro$j==|djMqooLswppULq8X*2QkRw@_Uv{VC3>BdS})P-FxoUJs$e___!k#@j>aFy3ZDhw<$qbQs@uLWj|)6+bx)qn9>o z4o2QkKMNEd-zx$g#`hPY!}vZWbQs_7gbw3lgV14o{17^fMy*7h!}vH1TY*p&n*}*D)+`2(nxRzWMnqqD2GXBI%-kL`WC?po@OeMgRL8oqBn|FQR{{LisT|^!s}0H`-6S=)VjF zM;HB|i+<8YKOpJU%VRfA+Br?3JQ%NZ;z1Yvq>KLPC^)+42VL}&9@P)L9O!$|KSQBB zW)Jz@dd=9N{iKWjA49>>ML+1GpY*7H;N?KHiGFSh(O!9IAM&L0n$bx8q>Fwka&*xT zy67i8s-Jp!AihP<6ovA5KjeMAjDPAUUG!g$f}@Lm&_zG#QT^1*16fY=;}@gO{w5S4 z@9XvR2I-=o1xFYCpo@N@qxz|r2gY*TehhQU`+7l-+kZt!7yY1DwV!%%Fl&hZFg~H1 z`n6ukD)dhnpP7(O{iKWjM0|=~a57Jc{z(eCu7Q4EujDc6CtdtQ0Y?}8xD@@QNBkpt zf#N(N`os9)E+FK!UcdIK#Ltx>UGzg<^e5s+^in@^aa{jIC$IJTHC09byF$9?hkRB2 z)Qf|2Sls_?DD2mI{kp8;|Cu3O^h3U?|EU)TXT-SuY$)_=y?(t{vH#s6UGzh~s{Pc9 zgY&ECr`a-oIZ&Wq>-DS0O8>qmq>FyYi+;*S`qX*nuSJn6`@LTA`T>BN(cJSlXBO_WYN>Bw_JXMT**i6R_=@QFaVK#^dcuAmcM@OK=!`G4Pv(be^=sTod{vXz zxRdxIJ!zlDoy1o)y2hQvS2eoEoxg7iGQRySC@{XJ2JU4|{B|xCd?@G(J|7$jegaox z^cy!v2^vo8oxyl=;=8n!sr`Kq;(NElfO`Osq)WL+)1}VUfREt&xBV!SXFlK({5PreQJx9fYQSl!{oT;n_c-v>@dP0Jkb4lc zoq*eL{WQumKwAem9{kUs{1osD0G|egA9CRBgiNj<*GEvE3>y5^*$Dn)C?5rW2_S6i zMZ0par4u&gx^NBuc8&q;O_!F4*o&l(Vkw=3gZFufVBTHKe>wX z&1h36`h7EO?ZLSjKI}w4ZH8}pNJqI7xXtiK&x3&A?S#zcdvW~`Aar$77uwUa4{#-} zQO{=B+j9VL39k15!k(UkfD3TF7jQAI4*|B~dOzTNTt5al3)c?=&c^i)n<4|qBuvw3&Al;01(9st}6{5C-Nxc4C79$b@-KI%OLh;k2bdGvAb zV}Ri8flMAT()$EpKd$!!mT~B|*2F&C7FyKa9KLXf+YqTeS7p@-#ycgHU0N3IA zalkfQ!?yfNTt5l88rQHnzXaD$11`rk+LK>^>mz`OgI=^J--_#_fb$U#^?N6sIs&vNK|U@)r< zhLc%bYK_5I9!!Y|DXcFOn4-bF$6$WSU=|t-rq_h#l)+e=xk!k&Ypuap9&7VY8>x>O z4DX}jby=Gi8JV0hmcugluJ*zkPPVC;yqHuD}iUe|{V#`0L3A2L#X2E+Z@cwN@! z4;UV1$Ngh%=3aK3r_Eq2kG1*dj8u=oTw^f14Q7eK>@t`} zgRwSq4?W(l+YQF@Sey46srwA3*gSo_Dtj*jMiMQ)6 zgRwl;=3g*Un+;};!C0G@8=f5oGsa-7%~u$nyA8(jSey45sZN8LYcSU4n+?zX2Ge9P z*5-`ixyN8EkG1(1ja1HH<{6B&d4=KGZZKmF#@hT&!}DQ-u{_r1Uoui11~cDatj)I= zo^1v*&S0#~R~nvs4aV|Vn}69zwHwT}24ihrX?V68%y@&bHowd8{J6nb9&7V{Belt3 zt}_^G^D4u$#b72FjJ0{D;rWQcSRQNhuNbMU!CY@J*5(fyo&kfIXfW31cN?CM8jR(! zHvg)T+GsEf4941gtKlgd%pQaJ1B3Z*2J`y{^V0@nc^)-9hYaRt494>Ocf<302J>ly zu{?ihcz)Ml9x@oq^GAl~^9J)7gRwl18JbDKXu0<`+<3{SB!PvE*<@pmM^;-sG*IJh63r6a*24mMYmgi56)NdNhFB**H zdBX5KY%srMFqY?whUYg7=9dk|^8A_M`E`S_bCc!ye~i?BH5fY=Se_@1)B%IBx!3Z1 z$w>X0!PuPn_lD;^2J?);*qmv3t};@8XD~KrTAo=(>Z=B0bEf5auaWv&gRwc&@?34C zju?#1nU?2$M(S@2#^y}RGuuf0wZYh&X?dtsUDN)#`}J_+7lQZ6Q_cPt(e==u!Wk_2 z^IiDWFi(7wHiMY(xCEikGvzqtjnN?y=p9gi|7qZOPRIH04=74>yFXZ>&sT_~lVEed z1I}e&e)pc3#0X(?Ph=z{SO+AMb&RYo(FQan+O0%mb&2~_V!M?XRbApIRO08Y#OUf0 zoSJFX?^}sWs!MRXpv0G~#F*+595$5rnw4m(E^$I7Ua}Hnt4n;}Nu=nQM4ykVDv=tm z5?5FWk^&PYsdoX1cBGhu5_L?VfR$ieQDOyPLSiBXti-KAQsN%Kgv2BYScxo0A#o`Mti&GxNeQOigv2xo z7>R%*ilY`IDmiK|t1iJ2MG1_kqy&>il{$VxB`~6r5P)TsAYggd>U) z7*R=y%d6MH5k(1%sHDU@s!MQ0Q34|>DZv2{SnqN~L4qSHDUqRok&qEZ2`EfTytBFl zM-(M6qLLC1%2B~o5lewKh9zU3S6_j8y6BIsl9tv z;yi})IPlTq-vT_{)cXwhTqcjw#><794QJ>d@pM-pj7iDkx0Qw7XyJYjp2fp5FnCY= zm1yCc=lCK+yj5S{5h)@yS}_7dwgP`aL;eM+y+6GKCtC8;oL-{G++Yk^!N$9Fjs%G^ zGzxTf4`qD=bTiT$_%cqBt6|(o5NRBKNEsTJhwx6EyG5|_@ozLPe;{HU=2AUgi*Xa6 zy9;s?k}r`HT{R441vKFCGJ@TbJ>@LH=-ty19F% zAfXF?u102BVY`%AM1{TX3RrW~2p_bjQ#wkm#tW=QqVet(w3RogiTWDG^Ztv*<9Ai~hq#B)kEM4NXW?XyiXP(m|2P;i-kD6E zp^cZ(UL$nIqt=7aGQKDNvPY@ChUHich~-l%mKSHj>iswmh+yTzS$-&DImf#@hPGVp ziE3Cr6_zt*ruI~O5v9~n!+!dMo_EPzJYU?G-c@SE$&iX3wEqMQt>jFX@yIi@{o~12 z!~O~IRtDq=J&BiOQpUgNEjjg5Ax)oLaeb*CW^co}lX8*6ncf&NorB#SLz_OCj5SQ3 z0@L?`Jf)|~3p}NQ8lLC9I?bOHF~1DcPvU$*1S=oTeD;x_ttx#pwE1$!Uc>y!sEy5= z++$xZD)rZ}o*9hRN8-LTnBG;s3+KHeSowhUslB`RMXcv|cgN7y4-xmJ2cc+cPqi1H zN)0var%z~qIMb$g?YtM~Mw}fYSov`FN5?Hky*q}se~4UPW^I#t%u88CeGTK;VF}~Q zPr>oWaSl4W!cQ^&a~wN9bUZwlK|7T3>rl_69`nLjslA5r?9YVp1Nro>ft@&ai(uu0 zalh+h<%sc;MTFt}J%0>(Ci!>cpW8&ml?RQ#3?}JBHLx0nzku_Um{s`@)ZWh@#mQid9&=%RDgSW9 zdYOfUWoYYJORX6TH-4Xg4CID(yo*-!)i8HDh)HvCH}d&caGn;y%7>V{@v(@xlDCE7 zyv_aG0qAMqOTR^54Rd*W7Be@!Yu5~%8Jr75u<}83Pc*hh%yk>cUc@>IlJxdRo3^EUT)_d!nsUxqIFYIv8ox-oNMCSvy! z_zUiz*eQaQ51RY!{+A-=a@@M({LOs=iW>NbB1B;gbGiQKD<5KRBU7GF!|odka-6rhzef!Xe2uPecr0H!{Q^Dz;ue28~H_hiJ}Oh`O`b334`fqw= znPFG|@rbz`sO~s_bD8BE_(v&3VGVQnC0EkiM^k$bjlntISrUG_*nKc!E(fYR&fnaF zP}IP`jUftam^%x^n7Qe}@9)ET0O!LZSov_~MyCl5RCk=exlch+1OHTqD6C=bdqGT? z`-9Wz!P5aw;-d$L+KI+#5%10n$>(WqdhiD)p{s#^GemUOF!yQ@Y1RxF!TBn{Ch2mV zD{-zC!OF+J0Kb0kJqo^7MRK6JBO}1wD2>wZlEx~Wq%gdV!tIgVY9zizxEyuT0hh~n zOWoPNCi&Yy+?YJKuax+;CmZ87XxNw&jcqvZ!g;S4Sozq;Z*6+GJ2pm<9LDZ&zIWyh zW%N|&UIMYH{Of76Gx!T3{j=py70t#tJge(xLyFeE12*s_ycTP(fNs`#MPE7JJG-~kmz~|wpUuuL@&kV|uw!;dXTI#dsI3t({N9%; zMuukZdH}Z@5A4Nx#90)6-Y(zUaSiXCJS(KV7PGN4yYo>Gu#d*mJ}zg} ztuL=k55Bw+XO{?8KE%Er#=f_Y!`B_J#l9x!=DMNj)}?*h{r$11sbORbh%}P%=Zq}% zEWo|*Aq=oV5v+VHf)h_PW+Fy%(7NNb7&!{@&X^mOZct6GZ@-)6puQd z0X&u-JdPxN0!_XVV&<75qCGm#C&>Q5T4;)5I;tj!o5~Lo*2fRV( zydfC)KrvdPHx#2KdP6Z4hGMit zZzx7f^nt_p5`CZ;Ezui_(GtC(7%kBoiqR6ip%^XE8xBKnghv=Hj3gc@_z3=C3BAHY zr8us55IQL>NsKuue2NsHO2Mmg5IQL>aa3wuEU_*?m4fHxAaqh%l2~r7l8OmzHEKJ1JmjVI-ary&^^Eq_iaC-AMr>Qh;h9B3z^hos^a&Cpal! zL<&%)FbYJ9&`D`Y@`jTFMx+2$N@i(b37wRdB)2#zU_=VgNl882fd)MVI6f>%%sUKY zo;-|VhtZP6s>3i=$;0S#7%fSRISgZrJd7HL(UQc5!!R~blHL}KFG){24Ej=d*h>zh zCFu)?VPBvmes&o8nHYM`VYDRv5e#e-nn3h_#2fUF!+39KCIFB32BG8e-p~;Y9`6l8 z$K$=BBM&^@8-$KWy-}H)LT_+f2#@!Rk93Rz?+uM&V7xapLV@w#(C7okdxOwvX0*^_ z8a1$x{(&bFS(F%h0}wn~N@PFs&>N0NONp#S9(u#^Xep6x$V0C<9xaJi1mjEM4ToX0 zpp+Qh#Lyd#M@xxONgjH`@o1?snqZ001iJX41kT84^4=hHJd6_ZXw<-C-W!CDhfzWv zjT-QHZxA{jMhST|YQUr3sEnr28;ll_@_zAAqtOCAK58^th|#FgXdy*v(@2_}i8R@HW(p5@lWKxdVOXLRt<$yf-dBE3k z{quoPI`#WL3H2`v>7pO>s`{yy2hEAukAX)0zFyzMq5kC|UG#%qRX_FeKpe#NUk3#A z`+9x6g!*p|>7pO>s`{yy2cjyj|9T*x-`DG-FVw#xq>FygtLmp-9*9xVf49P50SeIX z>-Dir`f8lPEg@a>gD(0>m;U{bqf;*rM10)-g+M?*>FgIjGD7=ThIG*ndR6l~HYWhVl_3L^_ z)&KtR9N>t}(A{vjpYH zC-QWy{CExVNjzo|$)7Pgc|b@06FT!>H9GN>N1mxlC!TcViK=wsNyj)BI`f0rw;l!5 zPdw=ur&Z;NC!OQBntjBBF5|BXUGSu999R4Uo%BEPq$5tN=@&fdh_kA6;z>uGRHYM7 zI{LXPop{pGzt!lp($A~ptJuFm?3ey!PV@c9viKL!_b+k2ACq+AiSzxKq!Uk^@5dya zc;b9NhW!hi?_bh=KPKggCr3!ZfCM z>DrHmPCV(_kA_Y>>FnPs^>YW`?Z&2IPzq<_y8a1WkBuiCJGGP3gU=pK4-P&KI0*P8 zAa-`2pAYx~&Y3um<2-=#CGal>JPE$10I~Z!_%z@t@B{x`J<79jzJl{%T;ofbZd#Y4ER?Ag7?|QfU^J} z0Yv$m)Yl5WjeyX3q62UN_}c&>^DJ=BEde|P2;4W10j>mJ7a(+>$OEneKg!QR_F2|* z7vQ6Spbc&VgzgjlfMvj)fRKHj^`QJL>jCZA#{eG$Kk1M;u^aFqK;WK3`FYl}4}7d= z58&f~2f$Chz2F1xxr2aD0`3Pt>U!=F_*l=wfKLFTjzQ{s1boKj7T?Yy?DI&p!nC z60TVf>U!zYo{IJ^LUa>U{Pv;AHS00))P@UTvP5e&ONX-z%}HaugCRXz(!m{?)fpe-VZn)*N}UDGOiy6 zoQ7-4&A{~|fEipfG2To!}$WP9|Syw zb2rYHaQzVAD>(PyJdNvp>A`OWDDMTV$MpfgMqKX)9E0nFfa7ufFyLfd9|D|)>qh`* z;QBGZ402ZdEv7&uFkI)xd9W%-U~V)R%ku%l^J#-wVlaG2DPB9*t#QmX2D8*)n7QLp z)@Ek#I1eV@1jh0#F+2|$%rb+)w3pCqZEiL^yyuNu$XO|lu{QHz@Hh|eZQ~frV{OJ1 znULZ=Y+O&qV64q8hUXT8sWTXBGarhG*Uo#=IL7i=n}60w@!m78=bZ*)ZEiI@yvK~| zsW%vF^CZKAMNUGG<*_#ZoRL~>FjpFkwVB_K$6LV#Y#h^IFxKYDhG(t8SRQNhUL$pz z!Mw|0tj%)`&pLw{VKCO_DTar8D{=o=9&7W@8!6s{#r4cI7;E!9!?VF)MjDK@8O!2C z?QI5Qd92O<#Yo+5Fz+@PYcqEo&q#gPV6HM4Yx8x6hmXI-TQS;Ttj(7ho*y?D z%VTZ+MI-eQgPCP8*5>OC&qodB5`(ce^Tz{mZ)`Le%VTZ+B_owJnD-itwRwTz*<>)d z`yJ9|{>mWUu6Bd5Jl5u4Hc}l1bG5-(n-?0MoWV31jJ0`&;psFO%VTZcZ=^OG%=-++ z+Pui{bQ#Q8gRwSWZg{#4#`0L3f5k}MXE3u3#@hUT!_#9hd4t(uF!tVIr{U=}7|UbV z>JJ#HK7+A58N>5&gDDt{<*{qgT}Gu{?Hd^Akp@ zWH6S;t|dNcq{;?kdFN5sod2DX^ zuSV);4aV}=-16&2>gNo`^4Q$+8%Aoc!B`%fTOKx2_MXV{*xd4)MvuJ*u{<`neAei( zYktdPbIWfTJ$8+4d2DVuX!O`Mt>v+~<+qI-jbwRj zZh6G$v1<~`V{^;r-47;4yb@d)dq?qH=;x6Ng2?X?UU5kMOunOdPK+9)$`Ho?G|)UJ z;CvdVpzwiXo_v}&ElvZP5?A3&NX)M;(X0|5uoBl+msqY68?3~2)g|sx2`(8ER$X6R zg6V_p;DRI}v7oxd|5AygR$^gwiEpUHx2?pY>Jl$IiB!Fn;Cd84Vv|UaqV!`9UR7qXirTBga`evZ*Ib66$wT=B@pdNiDeY9buii~0aqp^ z7}ixJh^7RhJt=WB1#BIRc1j@HlM?KrDiVx#N+8;k61Pym*1>3}1fo4Dv62E-g3(S1 zM0-+V6$PvWqa6~A_N2rIt4c_;Qv%VRl(@CJ1f!i2i1wt!>gp1Vc1pmNNePCvZAXe| zN+8;k5^JkVFxn}BXirLTN482GjCM*O+LIFNs!9at^VA=L^c14}U4W5j|4?m-97sFC z{0DJ~_0=Uf{y0WBqOx%bCU4sg8L_NmtgWLhDS_*YSkIOUbupf^S>}sij7Nm&xZ$`Gl_68%sr|#;cg{{p{cYNR97VS16Xx z?L}Ce>uEWj4pz%|ZNtlUwzc9UEqaLM&$mV_M=0tswB_T;S;KO?H*lMTU(dR1xvOG% zMzq&(Iu{)@J@WpmZFptlwuf;Z6v4^|O+V2%D`GkvtH;o$b5&K#biDs+TL$EbJ$DrH z1HHM5@f51{@(M10XnW+fb=wZ4cWqySb2;TAhq(Pa(N}}ih18*KpGe*sZl46(mw=4d z)^&6gbEVR`8PCK@#+;#}$ zDLosyH}_@B1I2Un{Q?Nl{K&h?k zy$j^YJ?n~va-qGDKR4$ugiIoG?#F<=A3s&Ue;@0M9JIcajlKhCL`WUl`9nm`_9vkW z?+hH+bYHIh9J9?Lh|u`R+a~XSD7|Y(fU^=8V8B7+zx}ajIf< z|7?))w#h{(SR4V>#M_ZCBfwuf)khRt}z>JGf}aK|a&qlehuFgs%VsE|Cg?U$0bhVQ4LwlN@2 zl^87EXp@^bpfWL`N;}4c#%c>6}JuIsY;^|1`*#^{gA% zl<#iGJ4sgJ{3b`h=g{U)ByWxI$Bg^He2^#g z+}zh*+}?kVd2=a562^bL9)@H5etajZiyUJ7$a^EkV~MWE`5S)_nkM0u?61N2n;=5t z`6?b4`zPw2OrNNG3g^>mminLd%~$LRz`T0Us*uHuo1xso}AcHZWumOxKKKNiHIuZFqHK}?#v8m8hUbE(53 zSoxs2-|pWXF;}J;VK{$tX-UJDd@t_`Yc70m1}Sdt;P+ec)~f|L7mHx!!d--1zinUtb0Xg4exRrCT{MD^u6g5={-0f3XO3EntP(|P{dqW{|WKD%}w70Jq@K& z_h!*o!(8qGCC%-CsmE~+ieTk~<_?~U2E*i#c>d;Ygsz7Ea(iBM)-ZP^hzWD+j>3n> zaGn&w%7=KjF}fs?C7v*xzq$LNr=f(Utmvy@E_c6@=HgA6^>`m?{T>mle2BT}{zx!P z4T=B0ZH+L`eG?e-_6-8eSbJ+z6a~n3o z)Ms!W6~W4fn7bt(G1qPJkmJ0~l^fEAUMxkW!W!msYcpx?k@SfX%WRs;jCe6i*Jx9*OIV&{A6~x@_D}xtE6==Wp)Q(1kZ_pWWOKfr;j}!-zVZ*j@b&_By|V-=Tb`GVYyK9}C(r zc}&Bb{OAcD?{EO0j(4J5Ux^z59_Ke|EkDAK7xgXLh!; zKQp_W%lEl^jT&9I9yZLy*$6-IUyv?sdIslFoX2QjenLjZy3sA=P!AYxPiV z$4mCI^xdd_-Ki2SH4NMUV#2`92hyd@cnjd>N5kq}VHIYbQuiqs=vVofkRuvf&cNhW zI9Xli&_FI;M)lxTh1~lVEj0{eT+l#wJ0c#uZ(F)_AB?>3VG*o+I1dg+JowI#_*y*J z0Npgu+NR9Q|?ExcZzvq`TD|B2gu$qI=JP+zM@d9r#xCe8i~_ zQJ);nKP=KeIQaFadX<;f&-8}lfjx2%Iz3vFAHq8xSSSafjA0hV~Exs2JKz44`6gAs9f#cze_e z_?flCR)LTP#tFygtLmp-9_Wd<{tp8I{k~rIR7`(1q>FygtLmp-9*Bmx{(FId zeqS%6C8mE1X{XY%_^!s`lgE9T>Azk$A$T0o~mzR@BWB+okEeG`D zTIlRwjm;RHc-9L)R;3e9I{jNso_NyfpK5gCN%vzcX&*>lPTEQOTAXsI{nSf4b!5lr zzFoAl8r`>xc2=YNcG1pibl)!8UyY6%k`XeV(=alHS8!dA$7HSz=F20SW8yCgNxh(B zpP2zK208U`dho?Iz{dga1$+YVE}Zxw{)@O-c@aO_KfModG2WVwo266u0so5|0iOiS z13m@Vg_Ck+oRh&%`6bwh-3vN?*#BZbARc3RaVOwmz->4w_aM$0(2F`=Tn>I*pE`u{ zZonge4*{M8+=G*Hv|}dtc)b!3=cz|gW<93?58w=N?#KBI&Vx8-gAet-xH>)fUC>WG zhVsKW>v0~!*@*KIoX2od*ZlP0_aO7)y7b^HXv2$-Y->W!ZoCVm0YtUZZi|bZE$h-{MS83M*zz+0r{3mZfBrwwqhTrYS zrMPVq$5r&y@ya zd92M>8>x3046}T^E^9NVyExB6gK01rYcroNi0heYFqX&K{5~V~ZiC_Xjq$py&HUye z&a=p1Y>vWYo{*YnFxME2%?XxgzL9D+7&`_n&$ULX#b9jATb}ETRI9<*7_&Tlj4$rz zIR<0<)bcDaQrupPYqou{!tmHRv3+5AY|dO}^w_?zJT^z&Wc1j+ zusk*=EHQd)UsxVH2A8_6()6KVjI2lJ2K;&=2=2tm1LevOluo_kkouYYfzll@YSkYo zec7q>yODQ^MDph?vRj`9i9<9Y!TV2a4vMW(gn{_aAx8;LZ3zk9QC5*)r&D4B&Vq8Hy(U|ky#;raIMF`NX=uWd?FBD%ftUKpM=zS zc^vxOo{8f)qUDvxSqHyc#{JfVIQNJJl@D4z_)7GVK7^$nLtDUBJdQt>*6m^+5HU3#j$$A@zPHIb6%x%J-k{yS?Q8IwQ$* z-sX9hFMk4mlhAXWh4u zI-Y=;m3iBf0Eu?i3i472Q-I8AS-u8APAHL8H?DsKD=-%^skOSc^YIIZ6wIaW8$gm z5_Lv`oII-a4eO|nO5plO&^N3uc`V;>`x@X7Yt@gH%h#>~1uLu#ZFjH6B=~X1SJxO^ zDtBz}2tF93NJET1(U3~*@07s9)l)bR<9r6^F`O^pJPmrRqSR07HzVw+bWlf~^}kM* z`q4q^42~$fTrm(N7-CnRm+_shhrL4OotFONb=`hEa#n}ujKB@Oq&SYWUe^cpu3k|2 zaGIlwRlyH}hM*y&hI)f~l^qd`2&sNn_pz12BWxo>YJ+H|2KS8-2Wz9V8M;Q$5BQgs zKVTaK-w#H~KiXW8$>wXD)LSrFCJLsu8w~}#G{8nKc{y8f4jzAU5mHJosW}SCUlpPD}>(FMj zSnI9B9SrYbTo2MFu^YTxy1fIraiVJGJzA)lITNj!B)0ulRA|ODSp*HHMl&a(kf5oFY_mgh7t6^%B34tKGZbxAA|HmV<-J% zQ1{KpzWy)4$fkz+>B0D>so2$+Ft%aD++fn!hOrZav11!%PY9-tZD^htj2<^~_S9g? zxRK452A516h0ie)cQ$8&rqzoc{!q}^^(TM(k3n$X@Bc$KsK5XBzF7!HJaAK?1AYxs z^MgyI{^{^#dfCdQ>oL-v4*dtW!hSih3dEr|9o(TKlTbZHuE^B@%J?jZ!AE%@d zuaqIBNY021RmkCO!^P@gwCD``4c|_ugAt?CY1Dg33ZD&QQt;O3CYDo8sX9dY*t)v< zVC1+|9Y*Pd29z5oY^!TRR0Tn&=7P!64>zx7PCOF)ytDfXTCc6uz8Q}{b1f|t!z%4_ zm+~pH?p7s~1!0!f6tNswH@72mKx--^zJbFqT13kXT6N3%bt_@j(co3VrAERk2D8da zopdh>Son-QQ-hWY#*h4WrD;8`TOb!+i?Z;;)fdqj@@ahx%PY>J^OBmh2_wHP)%txk zD5~ge@NJ0H2Zj~umAD7%f=P`p1tU}G)P!IJKHnWQq|zfBg2q&OR6|gY&k;c?HL>yK zAU!ITlG~cpm$fhQ^zZuHS9A0Y2LIi)H$_jr?uXRHHRA=SP3l6VrCw#TGOugfw652+ zj)?N=qY7~ezowjTGi*0U;#%!>&R^+UH{84yz5Y^|b9IwJ?C0zu*K!p`VR+?l->TQn zx<*OL=4_{Wk-6T1S!pCJsSnbtZ@qmTxMcl=>juoGBQZOTf@POrMr^_yI}Y>h1k8w& zFvm^BkH)73(;+`2m;x*C&10%HXcT*9Qs3I8Yi`Ckjs7KjsIPLQM=MWe1NYpk9(5s4 z+f7v&fUF;}GMDYhxqHqUObzvz?Y7q-Dtg3-6@^0i?0QBvlBW-BwRJU)^*otXeH}Ty z8>r1MloaP;u7sA;hbz{$aXpb9wKA9Ak}G$&XNM54MTU+Mx8(YATYgvtPz)WHEGrBY zyK}|N+T7M!RhYG+6o!^!f?q}9%qQfM z94NRU?j^a@rCadQcCh(jMwec+Nbs0!_UnNKk~iJ3pX!ppGNqR z@A2Q}gM88FaIGJ%>Fw?T#^!|`ac?e9T_ z)IRN=uesKLo3+y`L$`FYRR*!p|E#{95(A-UYY;n~1O(OVbe;@?L**MFNAUaYbH z*6pR&&vK4wx98_Zw;Sioc^v1A1h;cT3;b23*-P+sjE^)7o z_zU;XWjlJH;tA&uWA}@jXNC@pzi2b6gS2^|YI52ular zr*YrWbJOpXxKJK&matZL@8|00o|Uu7L9PqkUYEOHaBaF6c1F4L=3>w7c*d{X&ZOTB zCC7#8mkU*o-?L;Ku$^opqm*$#T>CV)*XedBO9w8LT^Fhzw#&7eE%#TD}`+uKWDmfZw^k_vaSj8xV#?b9xt zwLj{b3Onxk8t--8nu}xKuS~1eaE2J(_j6xOe-W ze9|r28r~ha`{DL!cl^&$7k+#RBa@tCQm=go`T z@pZ;DJ+SMHeHN^AfHe2*pYwoQC;4v-85=y$rG4}n$BWx*@gwJ4Bwt@1|5PUJV&Aeh z-@kk&*6oHwKiyNBq_`(S&uzEfjT84B0C!zqOU`&bJy6XKx8F}&*+zPZqn5LSzfXQW zExNF}T{dSNbNAQQ?eevcUV6)&E`qCh&+2$HW7xy&RkpC2orN84jMGnkCE(`*LYEJ# zNxl_ue%HTtKhigD4s^StoDnz|IA6HkLq0nZeNvv^gt}{&@q9jUIJd{_Io!9V?#k0W ze{HLNRK9iDpK~0oa^8r?0d3;QcTcgq?}l8ibQ#T+UG6OG;I~Ci!evL7HMquh->vvP zMC$SKuFOxz!xF!ZWK903+F47Fo8R5Dk8U<&zp{R3i~H?^>m6s`>u*ynTVD@6`+#}g z&4TV5AGXtd3+Q~{ec`YdSNj>CejaymNR0D?oBMg?yhA?Dgz?c(ZO(W-dg}Gj$&v4} zxXWv9AJpYL<_5OiXCsz*Md-gLC+79B?80bees=#{+x*&(ZRUAltQf9k*aO2J81}%h z2ZlW`?15nqTsRN#KGy93`)@&b#a%x4y@1>K=lw3R+za5Um}|zj_PY1NdHBs;lk07_ zx9xU%++LsC6Zf&f@50~Q?f7A>b8*d2ehbDs9)8osZ+RHw+zD`+FRr`ZinlnH-42%< z^X{6SaFM}l_iYWoDP-Bjgxj5QvEp~lD_Y+=C4YbG?{WS8t-B9&*o(FA*-Omk?i()m zoen=4_il%mV}QNy?)=>@n7dDQpK-juXO8l{*=Grt`TTwdzvXopw=3du0Ovx#>%;vr zw@(!PWcG0X+}@BIF>V*}%^f{%=g;qPai5DV;E3kw@!Z#a>x}7PONTvht{!ml&avzE zf!$6ouiZE&)=~T}vELsiN3~}r&b8(@2OsBiKL5I&*X8xfJ}FBs$G`Qn z0#`H4@0{_RFW9Dwb+ub7=GdcL@x1l>vsMdh;W@Lr^^cDLhpELsjK8=%;NN<{9Ka|1 zF0R%M-5NgW$<0Z-+rqf{`U8dKjv=#+pp~|BHUd+?*ZR__x4hoYtG?-n{hsW$V_r1wqSS1i{2h7vH$8H=o&(E0($o zeIK}TPIK#(nOt9cp`*KR^9QcHy=}!c3$DEJhS7`Px%{?eZFjG`In$r-E|oLuZog^u zs%4oguW4yn+TWkgWtJ6s`v=OoVoS^Nw&j_1t5>+>_gW15~K8 z{$h7uxp{e^eV{kjS8nTW@5z;$*R9#mUnt~P6pFps^5PasKu{G_*HCtn?ZsTSTqt^( zQHx7uRIoW&AyB>9zU<~4IF)1csIw~WF6Vle7K_>K71dc@!Y~MW(`x8Am*!E8nnE{s zw`a@f)t3H_&ZvnsD)6n(cf*OHg%ynne^+n**>(38I+kb4xv26ET;DLawRP?_t#huK zyRfZw?xML17R|r@p2aOfqHE6T)KVE5R^+prqgoLUIdseot&3ZHQGDFuoxHfkdmihm|9lI7m6FU_qA`>UP5modON%Gxpmocm#;qT$Erc1r-c-yMx3`3z;t;2kN-ekK`f|nY_RRWQZptXKxx2l6I5vM&vDx39D_xXv z7;PA1&JXH2@$r4uMA1H+*ktN;v!xyD{o65Q^O5v?QDrjII)+iXIFM_R*>^Z{M*Xl; z;)?EKsk{#Bpo=i`n6?ckpVwnmwK{vzMo_Y8(Eyq|Xa4o`7tFhE{`JGtn7aq^Yw;gC z88Hv7&-PuE$;h;gvE*-KP_Df!s!(c&TzEr7Mb+-F{jJOJGAgo+Ql~6kx9SeJg%VDJ zdLQ1}+B_F`q2UI>*<6d2*%qw7Ru|fPLN%S)d`Z?QXA>-M@2||hT2XJD3v#~7rXnB*268+vuB3$&$?%8 zBI8vJ>C0Y|$Adue$Gv`3N%1U=KYR1fmKa;FX}$iMxeMCn&Rulv^^02P$F|YVBQct% zE`GSgSn>Pqec1~$tDnWqXA9vUWsIGrtu>NkjXAsq`uchEtEJLwua9Tg*C92Y#kp^@ z7)E5jjO5_~!wjds zLdoja<0i#cj>_%-HPMWf$ihLtC7%&?2D6NkI0j4TwwCC=G~fo-Or;FGO9o0ck# zthDiLg3%`Wifs%1*Okd8`WA-Y)85>6(`r2N-?e*RBFAZ)m%FHQ>kB zEL(qDkeXCqxGBFDaPpd^>u&|j+_~naHoz4d)-GKKxL$rakotvxlAi{o_SK8t)L;C~ Zng4wC^bfxO|GjeR#sBzD_R>e&|9{i0NnQW| diff --git a/SecurityTests/testclient/attributes.cpp b/SecurityTests/testclient/attributes.cpp deleted file mode 100644 index 6fa036dc..00000000 --- a/SecurityTests/testclient/attributes.cpp +++ /dev/null @@ -1,78 +0,0 @@ -#include "attributes.h" - -//#include -//#include - -#include -// -------------------------------------------------------------------- -// Attribute initializations -//-------------------------------------------------------------------- - -// Meta Attributes -CSSM_DB_NAME_ATTR(Attributes::RelationID, 0, "RelationID", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::RelationName, 1, "RelationName", 0, NULL, STRING); -CSSM_DB_NAME_ATTR(Attributes::AttributeID, 1, "AttributeID", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::AttributeNameFormat, 2, "AttributeNameFormat", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::AttributeName, 3, "AttributeName", 0, NULL, STRING); -CSSM_DB_NAME_ATTR(Attributes::AttributeNameID, 4, "AttributeNameID", 0, NULL, BLOB); -CSSM_DB_NAME_ATTR(Attributes::AttributeFormat, 5, "AttributeFormat", 0, NULL, UINT32); - -// Keychain Attributes. -//CSSM_DB_INTEGER_ATTR(Attributes::Protected, kProtectedDataKCItemAttr, "Protected", 0, NULL, BLOB); -CSSM_DB_INTEGER_ATTR(Attributes::Class, kClassKCItemAttr, "Class", 0, NULL, BLOB); -CSSM_DB_INTEGER_ATTR(Attributes::CreationDate, kCreationDateKCItemAttr, "CreationDate", 0, NULL, BLOB); -CSSM_DB_INTEGER_ATTR(Attributes::ModDate, kModDateKCItemAttr, "ModDate", 0, NULL, BLOB); -CSSM_DB_INTEGER_ATTR(Attributes::Description, kDescriptionKCItemAttr, "Description", 0, NULL, BLOB); -CSSM_DB_INTEGER_ATTR(Attributes::Comment, kCommentKCItemAttr, "Comment", 0, NULL, BLOB); -CSSM_DB_INTEGER_ATTR(Attributes::Creator, kCreatorKCItemAttr, "Creator", 0, NULL, BLOB); -CSSM_DB_INTEGER_ATTR(Attributes::Type, kTypeKCItemAttr, "Type", 0, NULL, BLOB); -CSSM_DB_INTEGER_ATTR(Attributes::ScrCode, kScriptCodeKCItemAttr, "ScriptCode", 0, NULL, BLOB); -CSSM_DB_INTEGER_ATTR(Attributes::Label, kLabelKCItemAttr, "Label", 0, NULL, BLOB); -CSSM_DB_INTEGER_ATTR(Attributes::Invisible, kInvisibleKCItemAttr, "Invisible", 0, NULL, BLOB); -CSSM_DB_INTEGER_ATTR(Attributes::Negative, kNegativeKCItemAttr, "Negative", 0, NULL, BLOB); -CSSM_DB_INTEGER_ATTR(Attributes::Custom, kCustomIconKCItemAttr, "CustomIcon", 0, NULL, BLOB); -// for Generic Password items: -CSSM_DB_INTEGER_ATTR(Attributes::Account, kAccountKCItemAttr, "Account", 0, NULL, BLOB); -CSSM_DB_INTEGER_ATTR(Attributes::Service, kServiceKCItemAttr, "Service", 0, NULL, BLOB); -CSSM_DB_INTEGER_ATTR(Attributes::Generic, kGenericKCItemAttr, "Generic", 0, NULL, BLOB); -// for Internet Password items: -CSSM_DB_INTEGER_ATTR(Attributes::SecDomain, kSecurityDomainKCItemAttr, "SecurityDomain", 0, NULL, BLOB); -CSSM_DB_INTEGER_ATTR(Attributes::Server, kServerKCItemAttr, "Server", 0, NULL, BLOB); -CSSM_DB_INTEGER_ATTR(Attributes::AuthType, kAuthTypeKCItemAttr, "AuthType", 0, NULL, BLOB); -CSSM_DB_INTEGER_ATTR(Attributes::Port, kPortKCItemAttr, "Port", 0, NULL, BLOB); -CSSM_DB_INTEGER_ATTR(Attributes::Path, kPathKCItemAttr, "Path", 0, NULL, BLOB); -// for AppleShare Password items: -CSSM_DB_INTEGER_ATTR(Attributes::Volume, kVolumeKCItemAttr, "Volume", 0, NULL, BLOB); -CSSM_DB_INTEGER_ATTR(Attributes::Addr, kAddressKCItemAttr, "Address", 0, NULL, BLOB); -CSSM_DB_INTEGER_ATTR(Attributes::Signature, kSignatureKCItemAttr, "Signature", 0, NULL, BLOB); -// for AppleShare and Interent Password items: -CSSM_DB_INTEGER_ATTR(Attributes::ProtocolType, kProtocolKCItemAttr, "Protocol", 0, NULL, BLOB); - -// Key Attributes -CSSM_DB_NAME_ATTR(Attributes::KeyClass, 0, "KeyClass", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::PrintName, 1, "PrintName", 0, NULL, BLOB); -CSSM_DB_NAME_ATTR(Attributes::Alias, 2, "Alias", 0, NULL, BLOB); -CSSM_DB_NAME_ATTR(Attributes::Permanent, 3, "Permanent", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::Private, 4, "Private", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::Modifiable, 5, "Modifiable", 0, NULL, UINT32); -//CSSM_DB_NAME_ATTR(Attributes::Label, 6, "Label", 0, NULL, BLOB); -CSSM_DB_NAME_ATTR(Attributes::ApplicationTag, 7, "ApplicationTag", 0, NULL, BLOB); -CSSM_DB_NAME_ATTR(Attributes::KeyCreator, 8, "KeyCreator", 0, NULL, BLOB); -CSSM_DB_NAME_ATTR(Attributes::KeyType, 9, "KeyType", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::KeySizeInBits, 10, "KeySizeInBits", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::EffectiveKeySize, 11, "EffectiveKeySize", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::StartDate, 12, "StartDate", 0, NULL, TIME_DATE); -CSSM_DB_NAME_ATTR(Attributes::EndDate, 13, "EndDate", 0, NULL, TIME_DATE); -CSSM_DB_NAME_ATTR(Attributes::Sensitive, 14, "Sensitive", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::AlwaysSensitive, 15, "AlwaysSensitive", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::Extractable, 16, "Extractable", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::NeverExtractable, 17, "NeverExtractable", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::Encrypt, 18, "Encrypt", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::Decrypt, 19, "Decrypt", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::Derive, 20, "Derive", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::Sign, 21, "Sign", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::Verify, 22, "Verify", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::SignRecover, 23, "SignRecover", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::VerifyRecover, 24, "VerifyRecover", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::Wrap, 25, "Wrap", 0, NULL, UINT32); -CSSM_DB_NAME_ATTR(Attributes::UnWrap, 26, "UnWrap", 0, NULL, UINT32); diff --git a/SecurityTests/testclient/attributes.h b/SecurityTests/testclient/attributes.h deleted file mode 100644 index 2ff76737..00000000 --- a/SecurityTests/testclient/attributes.h +++ /dev/null @@ -1,76 +0,0 @@ -#include - -class Attributes -{ -public: - // Meta Attributes. - CSSM_DB_ATTR_DECL(RelationID); - CSSM_DB_ATTR_DECL(RelationName); - CSSM_DB_ATTR_DECL(AttributeID); - CSSM_DB_ATTR_DECL(AttributeNameFormat); - CSSM_DB_ATTR_DECL(AttributeName); - CSSM_DB_ATTR_DECL(AttributeNameID); - CSSM_DB_ATTR_DECL(AttributeFormat); - - // Keychain Attributes - CSSM_DB_ATTR_DECL(Protected); - CSSM_DB_ATTR_DECL(Class); - CSSM_DB_ATTR_DECL(CreationDate); - CSSM_DB_ATTR_DECL(ModDate); - CSSM_DB_ATTR_DECL(Description); - CSSM_DB_ATTR_DECL(Comment); - CSSM_DB_ATTR_DECL(Creator); - CSSM_DB_ATTR_DECL(Type); - CSSM_DB_ATTR_DECL(ScrCode); - CSSM_DB_ATTR_DECL(Label); - CSSM_DB_ATTR_DECL(Invisible); - CSSM_DB_ATTR_DECL(Negative); - CSSM_DB_ATTR_DECL(Custom); - // for Generic Password items: - CSSM_DB_ATTR_DECL(Account); - CSSM_DB_ATTR_DECL(Service); - CSSM_DB_ATTR_DECL(Generic); - // for Internet Password items: - CSSM_DB_ATTR_DECL(SecDomain); - CSSM_DB_ATTR_DECL(Server); - CSSM_DB_ATTR_DECL(AuthType); - CSSM_DB_ATTR_DECL(Port); - CSSM_DB_ATTR_DECL(Path); - // for AppleShare Password items: - CSSM_DB_ATTR_DECL(Volume); - CSSM_DB_ATTR_DECL(Addr); - CSSM_DB_ATTR_DECL(Signature); - // for AppleShare and Interent Password items: - CSSM_DB_ATTR_DECL(ProtocolType); - - // For keys - CSSM_DB_ATTR_DECL(KeyClass); - CSSM_DB_ATTR_DECL(PrintName); - CSSM_DB_ATTR_DECL(Alias); - CSSM_DB_ATTR_DECL(Permanent); - CSSM_DB_ATTR_DECL(Private); - CSSM_DB_ATTR_DECL(Modifiable); - //CSSM_DB_ATTR_DECL(Label); - CSSM_DB_ATTR_DECL(ApplicationTag); - CSSM_DB_ATTR_DECL(KeyCreator); - CSSM_DB_ATTR_DECL(KeyType); - CSSM_DB_ATTR_DECL(KeySizeInBits); - CSSM_DB_ATTR_DECL(EffectiveKeySize); - CSSM_DB_ATTR_DECL(StartDate); - CSSM_DB_ATTR_DECL(EndDate); - CSSM_DB_ATTR_DECL(Sensitive); - CSSM_DB_ATTR_DECL(AlwaysSensitive); - CSSM_DB_ATTR_DECL(Extractable); - CSSM_DB_ATTR_DECL(NeverExtractable); - CSSM_DB_ATTR_DECL(Encrypt); - CSSM_DB_ATTR_DECL(Decrypt); - CSSM_DB_ATTR_DECL(Derive); - CSSM_DB_ATTR_DECL(Sign); - CSSM_DB_ATTR_DECL(Verify); - CSSM_DB_ATTR_DECL(SignRecover); - CSSM_DB_ATTR_DECL(VerifyRecover); - CSSM_DB_ATTR_DECL(Wrap); - CSSM_DB_ATTR_DECL(UnWrap); -private: - static const CSSM_OID noOID; -}; diff --git a/SecurityTests/testclient/csptests.cpp b/SecurityTests/testclient/csptests.cpp deleted file mode 100644 index ac1b575c..00000000 --- a/SecurityTests/testclient/csptests.cpp +++ /dev/null @@ -1,210 +0,0 @@ -#include "csptests.h" - -#include -#include -#include -#include -#include - -using namespace CssmClient; - -static void testCrypt(const Guid &cspGuid); -static void testDigests(const Guid &cspGuid); -static void testRandom(const Guid &cspGuid); -static void testMac(const Guid &cspGuid); -static void testWrap(const Guid &cspGuid); - - -void csptests() -{ - testCrypt(gGuidAppleCSP); - testCrypt(gGuidAppleCSPDL); - testDigests(gGuidAppleCSP); - testRandom(gGuidAppleCSP); - testRandom(gGuidAppleCSPDL); - testMac(gGuidAppleCSP); - testMac(gGuidAppleCSPDL); -} - -void testmac() -{ - testMac(gGuidAppleCSP); -} - -void testwrap() -{ - testWrap(gGuidAppleCSP); -} - -static void testCrypt(const Guid &cspGuid) -{ - printf("\n* performing encrypt/decrypt test...\n"); - - CSP csp(cspGuid); - - printf("Generating key\n"); - GenerateKey genKey(csp, CSSM_ALGID_DES, 64); - Key key = genKey(KeySpec(CSSM_KEYUSE_ANY, CSSM_KEYATTR_RETURN_DEFAULT)); - printf("done\n"); - - // Gnerate IV - printf("Generating iv\n"); - //CssmData iv = Random(csp, CSSM_ALGID_SHARandom)(8); - CssmPolyData iv("12345678"); - - CssmPolyData in("Om mani padme hum"); - printf("input="); - dump(in); - - // Encrypt - printf("Encrypting\n"); - - Encrypt encrypt(csp, CSSM_ALGID_DES); - encrypt.mode(CSSM_ALGMODE_CBCPadIV8); - encrypt.padding(CSSM_PADDING_PKCS1); - encrypt.initVector(iv); - encrypt.key(key); - CssmData cipher; - CssmData remcipher; - encrypt.encrypt(&in, 1, &cipher, 1); - encrypt.final(remcipher); - printf("ciphertext="); - dump(cipher); - printf("remainder="); - dump(remcipher); - - // Decrypt - printf("Decrypting\n"); - - Decrypt decrypt(csp, CSSM_ALGID_DES); - decrypt.key(key); - decrypt.mode(CSSM_ALGMODE_CBCPadIV8); - decrypt.padding(CSSM_PADDING_PKCS1); - decrypt.initVector(iv); - CssmData plain; - CssmData remplain; - CssmData inp[] = { cipher, remcipher }; - decrypt.decrypt(inp, 2, &plain, 1); - decrypt.final(remplain); - printf("plaintext="); - dump(plain); - printf("remainder="); - dump(remplain); - - printf("end encrypt/decrypt test\n"); -} - -static void testDigests(const Guid &cspGuid) -{ - printf("\n* performing digest test...\n"); - CSP csp(cspGuid); - Digest md5(csp, CSSM_ALGID_MD5); - StringData data("Once in a blue moon"); - DataBuffer<20> digest; - md5.digest(data, digest); - printf("digest="); - dump(digest); -} - - -static void testRandom(const Guid &cspGuid) -{ - printf("\n* performing random test...\n"); - CSP csp(cspGuid); - CssmData result = Random(csp, CSSM_ALGID_APPLE_YARROW)(16); - assert(result.length() == 16); - printf("result="); - dump(result); - free(result.data()); -} - - -void dump(const CssmData &data) -{ - unsigned char *p = data; - for (uint32 n = 0; n < data.length(); n++) - printf("%2.2x", p[n]); - printf("\n"); -} - -static void testMac(const Guid &cspGuid) -{ - printf("\n* performing mac test...\n"); - - CssmData keyData; - keyData.Length = 8; - keyData.Data = (uint8 *)"1234567"; - - CSP csp(cspGuid); - - Key key(csp, keyData); - - printf("Generating key\n"); - GenerateKey genKey(csp, CSSM_ALGID_DES, 64); - key = genKey(KeySpec(CSSM_KEYUSE_ANY, CSSM_KEYATTR_RETURN_DEFAULT)); - printf("done\n"); - - GenerateMac mac(csp, CSSM_ALGID_SHA1HMAC); - mac.key(key); - StringData data("Om mani padme hum"); - DataBuffer<20> signature; - mac.sign(data, signature); - printf("signature="); - dump(signature); - - VerifyMac vmac(csp, CSSM_ALGID_SHA1HMAC); - vmac.key(key); - vmac.verify(data, signature); - printf("testing mac verify\n"); - - bool failed = false; - try - { - printf("testing mac verify with bad data\n"); - StringData baddata("not even close to the original"); - vmac.verify(baddata, signature); - } - catch(const CssmError &e) - { - printf("caught verify error\n"); - failed = true; - if (e.osStatus() != CSSMERR_CSP_VERIFY_FAILED) - throw; - } - if (!failed) throw Error(CSSMERR_CSP_VERIFY_FAILED); - - printf("end mac test\n"); -} - -static void testWrap(const Guid &cspGuid) -{ - printf("\n* performing wrap test...\n"); - - CssmData keyData; - keyData.Length = 8; - keyData.Data = (uint8 *)"1234567"; - - CSP csp(cspGuid); - - Key key(csp, keyData); - - Key wrappedKey; - GenerateKey genKey(csp, CSSM_ALGID_RC4, 128); - key = genKey(KeySpec(CSSM_KEYUSE_ANY, CSSM_KEYATTR_RETURN_DEFAULT)); - - WrapKey wrapKey(csp, CSSM_ALGID_RC2); - wrapKey.key(key); - - AccessCredentials(cred); - wrapKey.cred(&cred); - wrapKey.mode(CSSM_ALGMODE_CBC_IV8); - CssmData initVec; - initVec.Length = 8; - initVec.Data = (uint8 *)"12345678"; - wrapKey.initVector(initVec); - - wrappedKey=wrapKey(key); - - - printf("end wrap test\n"); -} diff --git a/SecurityTests/testclient/csptests.h b/SecurityTests/testclient/csptests.h deleted file mode 100644 index 51f1b561..00000000 --- a/SecurityTests/testclient/csptests.h +++ /dev/null @@ -1,9 +0,0 @@ -#include - -#define CSPGUID "{0000fade-000b-0001-0102030405060708}" - -extern void csptests(); -extern void testmac(); -extern void testwrap(); - -extern void dump(const CssmData &data); diff --git a/SecurityTests/testclient/dltests.cpp b/SecurityTests/testclient/dltests.cpp deleted file mode 100644 index 6d70ee7f..00000000 --- a/SecurityTests/testclient/dltests.cpp +++ /dev/null @@ -1,804 +0,0 @@ -#include "dltests.h" -#include "csptests.h" -#include "attributes.h" -#include -#include -#include // For CSPDL. -#include -#include - -using namespace CssmClient; - -// Configuration. -#define HEX_DIGITS_PER_LINE 20 -#define INDENT_SIZE 2 - - -const CSSM_GUID* gSelectedFileGuid = &gGuidAppleFileDL; - - - -static void testDLCreate(const Guid &dlGuid); -static void testDLDelete(const Guid &dlGuid, bool throwOnError); -static void testGen(const Guid &cspDlGuid); -static void testDLCrypt(const Guid &cspDlGuid); -static void testMultiDLDb(const Guid &dlGuid); -static void dumpRelation(uint32 indent, Db &db, uint32 relationID, const char *relationName, bool printSchema); -static void dumpRecord(uint32 indent, const DbAttributes &record, const CssmData &data, const DbUniqueRecord &uniqueId); - -#define CSSM_DB_RELATION(RELATIONID) RecordAttrInfo ## RELATIONID - -#define CSSM_DB_DEFINE_RELATION_BEGIN(RELATIONID) \ -static const CSSM_DB_ATTRIBUTE_INFO AttrInfo ## RELATIONID[] = - -#define CSSM_DB_DEFINE_RELATION_END(RELATIONID) \ -; \ -static const CSSM_DB_RECORD_ATTRIBUTE_INFO CSSM_DB_RELATION(RELATIONID) = \ -{ \ - RELATIONID, \ - sizeof(AttrInfo ## RELATIONID) / sizeof(CSSM_DB_ATTRIBUTE_INFO), \ - const_cast(AttrInfo ## RELATIONID) \ -} - -// GENERIC PASSWORDS -CSSM_DB_DEFINE_RELATION_BEGIN(CSSM_DL_DB_RECORD_GENERIC_PASSWORD) -{ - CSSM_DB_ATTR(Attributes::Class), - CSSM_DB_ATTR(Attributes::CreationDate), - CSSM_DB_ATTR(Attributes::ModDate), - CSSM_DB_ATTR(Attributes::Description), - CSSM_DB_ATTR(Attributes::Comment), - CSSM_DB_ATTR(Attributes::Creator), - CSSM_DB_ATTR(Attributes::Type), - CSSM_DB_ATTR(Attributes::ScrCode), - CSSM_DB_ATTR(Attributes::Label), - CSSM_DB_ATTR(Attributes::Invisible), - CSSM_DB_ATTR(Attributes::Negative), - CSSM_DB_ATTR(Attributes::Custom), - //CSSM_DB_ATTR(Attributes::Protected), - CSSM_DB_ATTR(Attributes::Account), - CSSM_DB_ATTR(Attributes::Service), - CSSM_DB_ATTR(Attributes::Generic) -} -CSSM_DB_DEFINE_RELATION_END(CSSM_DL_DB_RECORD_GENERIC_PASSWORD); - - -// APPLESHARE PASSWORDS -CSSM_DB_DEFINE_RELATION_BEGIN(CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD) -{ - CSSM_DB_ATTR(Attributes::Class), - CSSM_DB_ATTR(Attributes::CreationDate), - CSSM_DB_ATTR(Attributes::ModDate), - CSSM_DB_ATTR(Attributes::Description), - CSSM_DB_ATTR(Attributes::Comment), - CSSM_DB_ATTR(Attributes::Creator), - CSSM_DB_ATTR(Attributes::Type), - CSSM_DB_ATTR(Attributes::ScrCode), - CSSM_DB_ATTR(Attributes::Label), - CSSM_DB_ATTR(Attributes::Invisible), - CSSM_DB_ATTR(Attributes::Negative), - CSSM_DB_ATTR(Attributes::Custom), - //CSSM_DB_ATTR(Attributes::Protected), - CSSM_DB_ATTR(Attributes::Volume), - CSSM_DB_ATTR(Attributes::Addr), - CSSM_DB_ATTR(Attributes::Signature), - CSSM_DB_ATTR(Attributes::ProtocolType) -} -CSSM_DB_DEFINE_RELATION_END(CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD); - -// INTERNET PASSWORDS -CSSM_DB_DEFINE_RELATION_BEGIN(CSSM_DL_DB_RECORD_INTERNET_PASSWORD) -{ - CSSM_DB_ATTR(Attributes::Class), - CSSM_DB_ATTR(Attributes::CreationDate), - CSSM_DB_ATTR(Attributes::ModDate), - CSSM_DB_ATTR(Attributes::Description), - CSSM_DB_ATTR(Attributes::Comment), - CSSM_DB_ATTR(Attributes::Creator), - CSSM_DB_ATTR(Attributes::Type), - CSSM_DB_ATTR(Attributes::ScrCode), - CSSM_DB_ATTR(Attributes::Label), - CSSM_DB_ATTR(Attributes::Invisible), - CSSM_DB_ATTR(Attributes::Negative), - CSSM_DB_ATTR(Attributes::Custom), - //CSSM_DB_ATTR(Attributes::Protected), - CSSM_DB_ATTR(Attributes::Account), - CSSM_DB_ATTR(Attributes::SecDomain), - CSSM_DB_ATTR(Attributes::Server), - CSSM_DB_ATTR(Attributes::AuthType), - CSSM_DB_ATTR(Attributes::Port), - CSSM_DB_ATTR(Attributes::Path), - CSSM_DB_ATTR(Attributes::ProtocolType) -} -CSSM_DB_DEFINE_RELATION_END(CSSM_DL_DB_RECORD_INTERNET_PASSWORD); - -// INTERNET PASSWORDS -CSSM_DB_DEFINE_RELATION_BEGIN(CSSM_DL_DB_RECORD_SYMMETRIC_KEY) -{ - CSSM_DB_ATTR(Attributes::KeyClass), - CSSM_DB_ATTR(Attributes::PrintName), - CSSM_DB_ATTR(Attributes::Alias), - CSSM_DB_ATTR(Attributes::Permanent), - CSSM_DB_ATTR(Attributes::Private), - CSSM_DB_ATTR(Attributes::Modifiable), - CSSM_DB_ATTR(Attributes::Label), - CSSM_DB_ATTR(Attributes::ApplicationTag), - CSSM_DB_ATTR(Attributes::KeyCreator), - CSSM_DB_ATTR(Attributes::KeyType), - CSSM_DB_ATTR(Attributes::KeySizeInBits), - CSSM_DB_ATTR(Attributes::EffectiveKeySize), - CSSM_DB_ATTR(Attributes::StartDate), - CSSM_DB_ATTR(Attributes::EndDate), - CSSM_DB_ATTR(Attributes::Sensitive), - CSSM_DB_ATTR(Attributes::AlwaysSensitive), - CSSM_DB_ATTR(Attributes::Extractable), - CSSM_DB_ATTR(Attributes::NeverExtractable), - CSSM_DB_ATTR(Attributes::Encrypt), - CSSM_DB_ATTR(Attributes::Decrypt), - CSSM_DB_ATTR(Attributes::Derive), - CSSM_DB_ATTR(Attributes::Sign), - CSSM_DB_ATTR(Attributes::Verify), - CSSM_DB_ATTR(Attributes::SignRecover), - CSSM_DB_ATTR(Attributes::VerifyRecover), - CSSM_DB_ATTR(Attributes::Wrap), - CSSM_DB_ATTR(Attributes::UnWrap) -} -CSSM_DB_DEFINE_RELATION_END(CSSM_DL_DB_RECORD_SYMMETRIC_KEY); - - -static const CSSM_DB_RECORD_ATTRIBUTE_INFO KCAttrs[] = -{ - CSSM_DB_RELATION(CSSM_DL_DB_RECORD_GENERIC_PASSWORD), - CSSM_DB_RELATION(CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD), - CSSM_DB_RELATION(CSSM_DL_DB_RECORD_INTERNET_PASSWORD) - //CSSM_DB_RELATION(CSSM_DL_DB_RECORD_SYMMETRIC_KEY) -}; - -static const CSSM_DB_RECORD_INDEX_INFO recordIndex = -{ - CSSM_DB_RECORDTYPE_APP_DEFINED_START, // CSSM_DB_RECORDTYPE - 0, //%%% for now - NULL //%%% for now -}; -static const CSSM_DB_RECORD_INDEX_INFO recordIndexes[] = {recordIndex, recordIndex, recordIndex}; - -// parse info (to improve later) -static const CSSM_DB_PARSING_MODULE_INFO parseInfo = -{ - CSSM_DB_RECORDTYPE_APP_DEFINED_START, - { - {0,0,0,{0}}, - {0,0}, - 0, - 0 - } -}; -static const CSSM_DB_PARSING_MODULE_INFO parseInfos[] = {parseInfo, parseInfo, parseInfo}; - -static const CSSM_DBINFO KCDBInfo = -{ - sizeof(KCAttrs) / sizeof(CSSM_DB_RECORD_ATTRIBUTE_INFO), - const_cast(parseInfos), - const_cast(KCAttrs), - const_cast(recordIndexes), - CSSM_TRUE, - NULL, - NULL -}; - - - -void dltests(bool autoCommit) -{ - testDLDelete(gGuidAppleFileDL, false); - testDLCreate(gGuidAppleFileDL); - testMultiDLDb(gGuidAppleFileDL); - - testDLDelete(gGuidAppleCSPDL, false); - testDLCreate(gGuidAppleCSPDL); - testGen(gGuidAppleCSPDL); - testDLCrypt(gGuidAppleCSPDL); - testMultiDLDb(gGuidAppleCSPDL); - //testDLDelete(gGuidAppleCSPDL, true); -} - -static void testDLCreate(const Guid &dlGuid) -{ - DL appledl(dlGuid); - Db testDb(appledl, DBNAME1); - testDb->dbInfo(&KCDBInfo); - testDb->create(); -} - -static void testDLDelete(const Guid &dlGuid, bool throwOnError) -{ - DL appledl(dlGuid); - Db testDb(appledl, DBNAME1); - try - { - testDb->deleteDb(); - } - catch(CssmError e) - { - if (throwOnError || e.osStatus() != CSSMERR_DL_DATASTORE_DOESNOT_EXIST) - throw; - } -} - -static void testGen(const Guid &cspDlGuid) -{ - printf("\n* performing CSP/DL keygen test...\n"); - CSPDL cspdl(cspDlGuid); - Db db(cspdl, DBNAME1); - - printf("Generating permanent key\n"); - GenerateKey genKey(cspdl, CSSM_ALGID_DES, 64); - genKey.database(db); - CssmPolyData label("First Key!"); - Key key = genKey(KeySpec(CSSM_KEYUSE_ANY, - CSSM_KEYATTR_PERMANENT | CSSM_KEYATTR_SENSITIVE, - label)); - printf("done\n"); -} - -static void testDLCrypt(const Guid &cspDlGuid) -{ - printf("\n* performing encrypt/decrypt test...\n"); - CSPDL cspdl(cspDlGuid); - Db db(cspdl, DBNAME1); - - printf("Finding key\n"); - DbCursor cursor(db); - cursor->recordType(CSSM_DL_DB_RECORD_SYMMETRIC_KEY); - DbUniqueRecord keyId; - CssmDataContainer keyData; - if (!cursor->next(NULL, &keyData, keyId)) - CssmError::throwMe(CSSMERR_DL_ENDOFDATA); - - Key key(cspdl, *reinterpret_cast(keyData.Data)); - - printf("done\n"); - - // Gnerate IV - printf("Generating iv\n"); - //CssmData iv = Random(csp, CSSM_ALGID_SHARandom)(8); - CssmPolyData iv("12345678"); - - CssmPolyData in("Om mani padme hum"); - printf("input="); - dump(in); - - // Encrypt - printf("Encrypting\n"); - - Encrypt encrypt(cspdl, CSSM_ALGID_DES); - encrypt.mode(CSSM_ALGMODE_CBCPadIV8); - encrypt.padding(CSSM_PADDING_PKCS1); - encrypt.initVector(iv); - encrypt.key(key); - CssmData cipher; - CssmData remcipher; - encrypt.encrypt(&in, 1, &cipher, 1); - encrypt.final(remcipher); - printf("ciphertext="); - dump(cipher); - printf("remainder="); - dump(remcipher); - - // Decrypt - printf("Decrypting\n"); - - Decrypt decrypt(cspdl, CSSM_ALGID_DES); - decrypt.key(key); - decrypt.mode(CSSM_ALGMODE_CBCPadIV8); - decrypt.padding(CSSM_PADDING_PKCS1); - decrypt.initVector(iv); - CssmData plain; - CssmData remplain; - CssmData inp[] = { cipher, remcipher }; - decrypt.decrypt(inp, 2, &plain, 1); - decrypt.final(remplain); - printf("plaintext="); - dump(plain); - printf("remainder="); - dump(remplain); - - printf("end encrypt/decrypt test\n"); -} - -static void print(sint32 value) -{ - printf("%ld", value); -} - -static void print(double value) -{ - printf("%g", value); -} - -static void print(uint32 value) -{ - uint8 *bytes = reinterpret_cast(&value); - bool ascii = true; - for (uint32 ix = 0; ix < sizeof(uint32); ++ix) - if (bytes[ix] < 0x20 || bytes[ix] > 0x7f) - { - ascii = false; - break; - } - - if (ascii) - { - putchar('\''); - for (uint32 ix = 0; ix < sizeof(uint32); ++ix) - putchar(bytes[ix]); - - printf("' (0x%08lx)", value); - } - else - printf("0x%08lx", value); -} - -static void printAsString(uint32 indent, const CSSM_DATA &value) -{ - printf("%.*s", static_cast(value.Length), value.Data); -} - -static void print(uint32 indent, const char *value) -{ - printf("%s", value); -} - -static void printIndent(uint32 indent) -{ - //if (indent == 0) - // return; - - putchar('\n'); - for (uint32 ix = 0; ix < indent; ++ix) - putchar(' '); -} - -static void printRange(uint32 length, const uint8 *data) -{ - for (uint32 ix = 0; ix < HEX_DIGITS_PER_LINE; ++ix) - { - if (ix && ix % 4 == 0) - putchar(' '); - - if (ix < length) - printf("%02x", static_cast(data[ix])); - else - printf(" "); - } - - printf(" "); - for (uint32 ix = 0; ix < length; ++ix) - { - if (data[ix] < 0x20 || data[ix] > 0x7f) - putchar('.'); - else - putchar(data[ix]); - } -} - -static void print(uint32 indent, const CSSM_DATA &value) -{ - if (value.Length == 0) - return; - - if (value.Length > HEX_DIGITS_PER_LINE) - { - uint32 ix; - for (ix = 0; ix < value.Length - HEX_DIGITS_PER_LINE; ix += HEX_DIGITS_PER_LINE) - { - printIndent(indent); - printRange(HEX_DIGITS_PER_LINE, &value.Data[ix]); - } - printIndent(indent); - printRange(value.Length - ix, &value.Data[ix]); - printIndent(indent - INDENT_SIZE); - } - else - printRange(value.Length, value.Data); -} - -static void printOID(uint32 indent, const CSSM_OID &value) -{ - print(indent, value); -} - -static const char *format(CSSM_DB_ATTRIBUTE_FORMAT format) -{ - switch(format) - { - case CSSM_DB_ATTRIBUTE_FORMAT_STRING: return "string"; - case CSSM_DB_ATTRIBUTE_FORMAT_SINT32: return "sint32"; - case CSSM_DB_ATTRIBUTE_FORMAT_UINT32: return "uint32"; - case CSSM_DB_ATTRIBUTE_FORMAT_BIG_NUM: return "big_num"; - case CSSM_DB_ATTRIBUTE_FORMAT_REAL: return "real"; - case CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE: return "time_date"; - case CSSM_DB_ATTRIBUTE_FORMAT_BLOB: return "blob"; - case CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32: return "multi_uint32"; - case CSSM_DB_ATTRIBUTE_FORMAT_COMPLEX: return "complex"; - default: abort(); - } -} - -static void print(uint32 indent, const CssmDbAttributeData &attr) -{ - bool multiValues = false; - if (attr.size() == 0) - { - printf(""); - return; - } - - if (attr.size() != 1) - { - printIndent(indent); - printf(""); - indent += INDENT_SIZE; - multiValues = true; - } - - for (uint32 ix = 0; ix < attr.size(); ++ix) - { - if (multiValues) - printIndent(indent); - - printf("<%s>", format(attr.format())); - switch (attr.format()) - { - case CSSM_DB_ATTRIBUTE_FORMAT_STRING: - printAsString(indent + INDENT_SIZE, attr.at(ix)); - break; - case CSSM_DB_ATTRIBUTE_FORMAT_UINT32: - print(attr.at(ix)); - break; - case CSSM_DB_ATTRIBUTE_FORMAT_SINT32: - print(attr.at(ix)); - break; - case CSSM_DB_ATTRIBUTE_FORMAT_REAL: - print(attr.at(ix)); - break; - case CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE: - printf("%*s", 15, attr.at(ix)); - break; - case CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32: - case CSSM_DB_ATTRIBUTE_FORMAT_BIG_NUM: - case CSSM_DB_ATTRIBUTE_FORMAT_BLOB: - case CSSM_DB_ATTRIBUTE_FORMAT_COMPLEX: - default: - print(indent + INDENT_SIZE, attr.at(ix)); - break; - } - printf("", format(attr.format())); - } - - if (multiValues) - { - indent -= INDENT_SIZE; - printIndent(indent); - printf(""); - } -} - -static void print(uint32 indent, const CssmDbAttributeInfo &info) -{ - switch (info.nameFormat()) - { - case CSSM_DB_ATTRIBUTE_NAME_AS_STRING: - { - printf(""); - print(indent + INDENT_SIZE, info.Label.AttributeName); - printf(""); - break; - } - case CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER: - { - printf(""); - print(info.Label.AttributeID); - printf(""); - break; - } - case CSSM_DB_ATTRIBUTE_NAME_AS_OID: - { - printf(""); - printOID(indent + INDENT_SIZE, info.Label.AttributeOID); - printf(""); - break; - } - default: - throw Error(CSSMERR_DL_DATABASE_CORRUPT); - } -} - -void dumpDb(char *dbName, bool printSchema) -{ - DL appledl(*gSelectedFileGuid); - Db db(appledl, dbName); - DbCursor relations(db); - relations->recordType(CSSM_DL_DB_SCHEMA_INFO); - DbAttributes schemaRecord(db, 2); - schemaRecord.add(Attributes::RelationID); - schemaRecord.add(Attributes::RelationName); - CssmDataContainer data; - DbUniqueRecord uniqueId(db); - - uint32 indent = 0; - printf(""); - indent += INDENT_SIZE; - printIndent(indent); - printf("%s", dbName); - while (relations->next(&schemaRecord, &data, uniqueId)) - { - uint32 relationID = schemaRecord.at(0); - if (!printSchema && CSSM_DB_RECORDTYPE_SCHEMA_START <= relationID - && relationID < CSSM_DB_RECORDTYPE_SCHEMA_END) - continue; - - printIndent(indent); - printf(""); - string relationName = schemaRecord.at(1); - dumpRelation(indent + INDENT_SIZE, db, relationID, relationName.c_str(), printSchema); - printIndent(indent); - printf(""); - } - - indent -= INDENT_SIZE; - printIndent(indent); - printf("\n"); -} - -static void dumpRelation(uint32 indent, Db &db, uint32 relationID, const char *relationName, bool printSchema) -{ - TrackingAllocator anAllocator(Allocator::standard()); - - printIndent(indent); - printf(""); - print(indent + INDENT_SIZE, relationName); - printf(""); - printIndent(indent); - printf(""); - print(relationID); - printf(""); - - // Create a cursor on the SCHEMA_ATTRIBUTES table for records with RelationID == relationID - DbCursor attributes(db); - attributes->recordType(CSSM_DL_DB_SCHEMA_ATTRIBUTES); - attributes->add(CSSM_DB_EQUAL, Attributes::RelationID, relationID); - - // Set up a record for retriving the SCHEMA_ATTRIBUTES - DbAttributes schemaRecord(db, 5); - schemaRecord.add(Attributes::AttributeNameFormat); - schemaRecord.add(Attributes::AttributeFormat); - schemaRecord.add(Attributes::AttributeName); - schemaRecord.add(Attributes::AttributeID); - schemaRecord.add(Attributes::AttributeNameID); - - DbAttributes record(db); - CssmDataContainer data; - DbUniqueRecord uniqueId(db); - - if (printSchema) - { - printIndent(indent); - printf(""); - indent += INDENT_SIZE; - } - - while (attributes->next(&schemaRecord, &data, uniqueId)) - { - CssmDbAttributeInfo &anInfo = record.add().info(); - anInfo.AttributeNameFormat = schemaRecord.at(0); - anInfo.AttributeFormat = schemaRecord.at(1); - switch (anInfo.AttributeNameFormat) - { - case CSSM_DB_ATTRIBUTE_NAME_AS_STRING: - { - CssmDbAttributeData &anAttributeName = schemaRecord.at(2); - - string name = static_cast(anAttributeName); - anInfo.Label.AttributeName = reinterpret_cast(anAllocator.malloc(name.size() + 1)); - strcpy(anInfo.Label.AttributeName, name.c_str()); - - // XXX Need to copy the memory. For now avoid it being freed. - anAttributeName.Value[0].Data = NULL; - anAttributeName.Value[0].Length = 0; - break; - } - case CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER: - { - CssmDbAttributeData &anAttributeID = schemaRecord.at(3); - anInfo.Label.AttributeID = anAttributeID; - break; - } - case CSSM_DB_ATTRIBUTE_NAME_AS_OID: - { - CssmDbAttributeData &anAttributeOID = schemaRecord.at(4); - anInfo.Label.AttributeOID = anAttributeOID; - - // XXX Need to copy the memory. For now avoid it being freed. - anAttributeOID.Value[0].Data = NULL; - anAttributeOID.Value[0].Length = 0; - break; - } - default: - throw Error(CSSMERR_DL_DATABASE_CORRUPT); - } - - if (printSchema) - { - printIndent(indent); - print(indent, anInfo); - printf("%s", format(anInfo.format())); - } - } - - if (printSchema) - { - indent -= INDENT_SIZE; - printIndent(indent); - printf(""); - } - - DbCursor records(db); - records->recordType(relationID); - printIndent(indent); - printf(""); - indent += INDENT_SIZE; - while (records->next(&record, &data, uniqueId)) - dumpRecord(indent, record, data, uniqueId); - - indent -= INDENT_SIZE; - printIndent(indent); - printf(""); -} - -static void -dumpRecord(uint32 indent, const DbAttributes &record, const CssmData &data, const DbUniqueRecord &uniqueId) -{ - const CSSM_DB_UNIQUE_RECORD *recId = static_cast(uniqueId); - uint32 recCount = recId->RecordIdentifier.Length; - const uint32 *recArray = reinterpret_cast(recId->RecordIdentifier.Data); - printIndent(indent); - printf(""); - for (uint32 ix = 0; ix < recCount / 4; ++ix) - { - if (ix != 0) - putchar(' '); - printf("0x%08lx", recArray[ix]); - } - printf(""); - - // Print the attributes - printIndent(indent); - if (record.size() == 0) - { - printf(""); - } - else - { - printf(""); - indent += INDENT_SIZE; - for (uint32 ix = 0; ix < record.size(); ix++) - { - const CssmDbAttributeData &anAttr = record.at(ix); - if (anAttr.size()) // Skip zero valued attributes. - { - printIndent(indent); - print(indent + INDENT_SIZE, anAttr.info()); - print(indent + INDENT_SIZE, anAttr); - } - } - - indent -= INDENT_SIZE; - printIndent(indent); - printf(""); - } - - // Print the data - printIndent(indent); - if (data.length()) - { - printf(""); - print(indent + INDENT_SIZE, data); - printf(""); - } - else - printf(""); -} - -static void testMultiDLDb(const Guid &dlGuid) -{ - // Setup a list of DLDbIdentifier object to hand off the MultiDLDb. - vector list; - list.push_back(DLDbIdentifier(CssmSubserviceUid(dlGuid), "multidb1.db", NULL)); - list.push_back(DLDbIdentifier(CssmSubserviceUid(dlGuid), "multidb2.db", NULL)); - - // Create MultiDLDb instance. - MultiDLDb multiDLDb(list, false); - - // Get a handle for the first and second Db. - Db db1(multiDLDb->database(list[0])); - Db db2(multiDLDb->database(list[1])); - - // Until this point no CSSM API's have been called! - - // Delete both databases if they exist. - try - { db1->deleteDb(); } - catch(CssmError e) - { if (e.osStatus() != CSSMERR_DL_DATASTORE_DOESNOT_EXIST) throw; } - - try - { db2->deleteDb(); } - catch(CssmError e) - { if (e.osStatus() != CSSMERR_DL_DATASTORE_DOESNOT_EXIST) throw; } - - // XXX Note to self if you set the schema but do not call create() - // explicitly maybe the db should only be created if it did not yet exist... - - // Set the schema of both databases so they get created on activate. - db1->dbInfo(&KCDBInfo); - db2->dbInfo(&KCDBInfo); - - // Insert a record into each database. - DbAttributes attrs(db1); - attrs.add(Attributes::Comment, "This is the first comment").add("This is the second comment", attrs); - attrs.add(Attributes::Label, "Item1"); - CssmPolyData testdata1("testdata1"); - db1->insert(CSSM_DL_DB_RECORD_GENERIC_PASSWORD, &attrs, &testdata1); - - attrs.clear(); - attrs.add(Attributes::Comment, "This is the second comment"); - attrs.add(Attributes::Label, "Item (in database2)."); - CssmPolyData testdata2("testdata2"); - db2->insert(CSSM_DL_DB_RECORD_GENERIC_PASSWORD, &attrs, &testdata2); - - // Create a cursor on the multiDLDb. - DbCursor cursor(multiDLDb); - // Set the type of records we wish to query. - cursor->recordType(CSSM_DL_DB_RECORD_GENERIC_PASSWORD); - cursor->add(CSSM_DB_EQUAL, Attributes::Comment, "This is the second comment"); - - DbUniqueRecord uniqueId; // Empty uniqueId calling cursor.next will initialize. - CssmDataContainer data; // XXX Think about data's allocator. - - // Iterate over the records in all the db's in the multiDLDb. - while (cursor->next(&attrs, &data, uniqueId)) - { - // Print the record data. - dumpRecord(0, attrs, data, uniqueId); - } -} - -#if 0 - CssmDb::Impl *CssmDL::Impl::newDb(args) { new CssmDbImpl(args); } - - SecureStorage ss(Guid); - CssmDb db(ss, DBNAME); - CssmUniqueId unique; - db.insert(attr, data, unique); - - Cursor cursor(db); - CssmKey key; - cursor.next(key); - - Cssm cssm; - Module module(cssm); - CSPDL cspdl(module); - - - SecureStorage ss(Guid); - CssmDb db = ss->db(DBNAME); - CssmUniqueId unique; - db->insert(attr, data, unique); - - Cursor cursor(db); - CssmKey key; - cursor->next(key); - - -#endif diff --git a/SecurityTests/testclient/dltests.h b/SecurityTests/testclient/dltests.h deleted file mode 100644 index 87ffbe0a..00000000 --- a/SecurityTests/testclient/dltests.h +++ /dev/null @@ -1,11 +0,0 @@ -#include - -//#define DLGUID "{0000fade-0002-0003-0102030405060708}" -#define DLGUID gGuidAppleFileDL - -#define DBNAME1 "dbname1.db" - -extern void dltests(bool autoCommit); -void dumpDb(char *dbName, bool printSchema); - -extern const CSSM_GUID* gSelectedFileGuid; diff --git a/SecurityTests/testclient/testclient.cpp b/SecurityTests/testclient/testclient.cpp deleted file mode 100644 index affb5116..00000000 --- a/SecurityTests/testclient/testclient.cpp +++ /dev/null @@ -1,132 +0,0 @@ -// -// Test driver program for cdsa_client library -// -#include "csptests.h" -#include "dltests.h" - -#include -#include -#include -#include -#include - -using namespace CssmClient; -extern "C" void malloc_debug(int); - -static void usage(); - -static const char *progname; - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ main -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -int main(int argc, char *argv[]) -{ - extern char *optarg; - extern int optind; - bool didWork = false; - bool autoCommit = true; - bool printSchema = false; - int ch; - - progname = strrchr(argv[0], '/'); - progname = progname ? progname + 1 : argv[0]; - - try - { - while ((ch = getopt(argc, argv, "?haAbcdM:D:smwg:")) != -1) - { - switch(ch) - { - case 'a': - autoCommit=true; - break; - case 'A': - autoCommit=false; - break; - case 'b': - setbuf(stdout, NULL); - break; - case 'c': - csptests(); - didWork = true; - break; - case 'm': - testmac(); - didWork = true; - break; - case 'w': - testwrap(); - didWork = true; - break; - case 'd': - dltests(autoCommit); - didWork = true; - break; - case 's': - printSchema = true; - break; - case 'g': - if (strcmp (optarg, "AppleFileDL") == 0) - { - gSelectedFileGuid = &gGuidAppleFileDL; - } - else if (strcmp (optarg, "LDAPDL") == 0) - { - gSelectedFileGuid = &gGuidAppleLDAPDL; - } - else - { - didWork = false; - } - break; - case 'D': - dumpDb(optarg, printSchema); - didWork = true; - break; - case 'M': - malloc_debug(atoi(optarg)); - break; - case '?': - case 'h': - default: - usage(); - } - } - - if (argc != optind) - usage(); - - if (!didWork) - usage(); - - Cssm::standard()->terminate(); - } - catch (CommonError &error) - { - cssmPerror("Tester abort", error.osStatus()); - } - - return 0; -} - -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -// ¥ usage -// ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑ -static void -usage() -{ - printf("usage: %s [-M] [-b] [-c] [[-a|-A] -d] [[-s ] [-g AppleFileDL | LDAPDL] -D ]\n", progname); - printf(" -M debug_level Call malloc_debug(debug_level) to enable malloc debugging.\n"); - printf(" -b turn off stdout buffering.\n"); - printf(" -c run csp (rotty) tests.\n"); - printf(" -m Test Mac\n"); - printf(" -w Test Wrap\n"); - printf(" -d run dl tests.\n"); - printf(" -a Enable AutoCommit for dl modifications (default).\n"); - printf(" -A Disable AutoCommit for dl modifications.\n"); - printf(" -D dbname Dump a db into a human readable format.\n"); - printf(" -s Dump out schema info (use with -D).\n"); - exit(1); -} - diff --git a/SecurityTests/testclient/testclient.pbproj/project.pbxproj b/SecurityTests/testclient/testclient.pbproj/project.pbxproj deleted file mode 100644 index dc9ffeea..00000000 --- a/SecurityTests/testclient/testclient.pbproj/project.pbxproj +++ /dev/null @@ -1,372 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 39; - objects = { - 0A161878000410B011CD287F = { - buildSettings = { - COPY_PHASE_STRIP = NO; - GCC_DYNAMIC_NO_PIC = NO; - GCC_ENABLE_FIX_AND_CONTINUE = YES; - GCC_GENERATE_DEBUGGING_SYMBOLS = YES; - GCC_OPTIMIZATION_LEVEL = 0; - OPTIMIZATION_CFLAGS = "-O0"; - ZERO_LINK = YES; - }; - isa = PBXBuildStyle; - name = Development; - }; - 0A161879000410B011CD287F = { - buildSettings = { - COPY_PHASE_STRIP = YES; - GCC_ENABLE_FIX_AND_CONTINUE = NO; - ZERO_LINK = NO; - }; - isa = PBXBuildStyle; - name = Deployment; - }; - 0A16187B000411F911CD287F = { - isa = PBXFileReference; - lastKnownFileType = wrapper.framework; - path = Security.framework; - refType = 3; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 0A16187C000411F911CD287F = { - fileRef = 0A16187B000411F911CD287F; - isa = PBXBuildFile; - settings = { - }; - }; -//0A0 -//0A1 -//0A2 -//0A3 -//0A4 -//180 -//181 -//182 -//183 -//184 - 1871086CFF15495111CD283A = { - children = ( - 0A16187B000411F911CD287F, - 4C5285110624AB2C00FCEF5B, - 4C5285130624AB2C00FCEF5B, - 4C5285120624AB2C00FCEF5B, - ); - isa = PBXGroup; - name = Frameworks; - refType = 4; - sourceTree = ""; - }; - 1871086DFF15495111CD283A = { - explicitFileType = "compiled.mach-o.executable"; - isa = PBXFileReference; - path = testclient; - refType = 3; - sourceTree = BUILT_PRODUCTS_DIR; - }; -//180 -//181 -//182 -//183 -//184 -//1F0 -//1F1 -//1F2 -//1F3 -//1F4 - 1FF0DAFBFE99550B11CD296C = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.cpp.cpp; - path = testclient.cpp; - refType = 4; - sourceTree = ""; - }; -//1F0 -//1F1 -//1F2 -//1F3 -//1F4 -//240 -//241 -//242 -//243 -//244 - 2416F430FE8A493011CD283A = { - buildSettings = { - }; - buildStyles = ( - 0A161878000410B011CD287F, - 0A161879000410B011CD287F, - ); - hasScannedForEncodings = 1; - isa = PBXProject; - mainGroup = 2416F431FE8A493011CD283A; - projectDirPath = ""; - targets = ( - 2416F446FE8A495F11CD283A, - ); - }; - 2416F431FE8A493011CD283A = { - children = ( - 2416F432FE8A495F11CD283A, - 1871086CFF15495111CD283A, - 25099329FE8A4BB411CD283A, - ); - isa = PBXGroup; - refType = 4; - sourceTree = ""; - }; - 2416F432FE8A495F11CD283A = { - children = ( - 2C3534BEFE9C2E9A11CD283A, - 2C3534BDFE9C2E9A11CD283A, - 2C3534B0FE9C275611CD283A, - 2C3534B1FE9C275611CD283A, - 2C3534ACFE9C268311CD283A, - 2C3534ABFE9C268311CD283A, - 1FF0DAFBFE99550B11CD296C, - ); - isa = PBXGroup; - name = Sources; - path = ""; - refType = 4; - sourceTree = ""; - }; - 2416F446FE8A495F11CD283A = { - buildPhases = ( - 2416F447FE8A495F11CD283A, - 2416F450FE8A495F11CD283A, - 2416F459FE8A495F11CD283A, - ); - buildSettings = { - FRAMEWORK_SEARCH_PATHS = "/usr/local/SecurityPieces/Frameworks \"$(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks\""; - INSTALL_PATH = /usr/local/bin; - PRODUCT_NAME = testclient; - WARNING_CFLAGS = "-Wmost -Wno-four-char-constants -Wno-unknown-pragmas"; - }; - dependencies = ( - ); - isa = PBXToolTarget; - name = testclient; - productInstallPath = /usr/local/bin; - productName = testclient; - productReference = 1871086DFF15495111CD283A; - }; - 2416F447FE8A495F11CD283A = { - buildActionMask = 2147483647; - files = ( - 2C3534BFFE9C2E9A11CD283A, - 2C3534B4FE9C286211CD283A, - 2C3534B5FE9C286211CD283A, - ); - isa = PBXHeadersBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 2416F450FE8A495F11CD283A = { - buildActionMask = 2147483647; - files = ( - 2C3534C0FE9C2E9A11CD283A, - 2C3534B6FE9C286211CD283A, - 2C3534B7FE9C286211CD283A, - 2C3534B8FE9C286211CD283A, - ); - isa = PBXSourcesBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; - 2416F459FE8A495F11CD283A = { - buildActionMask = 2147483647; - files = ( - 0A16187C000411F911CD287F, - 4C5285140624AB2C00FCEF5B, - 4C5285150624AB2C00FCEF5B, - 4C5285160624AB2C00FCEF5B, - ); - isa = PBXFrameworksBuildPhase; - runOnlyForDeploymentPostprocessing = 0; - }; -//240 -//241 -//242 -//243 -//244 -//250 -//251 -//252 -//253 -//254 - 25099329FE8A4BB411CD283A = { - children = ( - 1871086DFF15495111CD283A, - ); - isa = PBXGroup; - name = Products; - path = ""; - refType = 3; - sourceTree = BUILT_PRODUCTS_DIR; - }; -//250 -//251 -//252 -//253 -//254 -//2C0 -//2C1 -//2C2 -//2C3 -//2C4 - 2C3534ABFE9C268311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.cpp.cpp; - path = dltests.cpp; - refType = 4; - sourceTree = ""; - }; - 2C3534ACFE9C268311CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.c.h; - path = dltests.h; - refType = 4; - sourceTree = ""; - }; - 2C3534B0FE9C275611CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.c.h; - path = csptests.h; - refType = 4; - sourceTree = ""; - }; - 2C3534B1FE9C275611CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.cpp.cpp; - path = csptests.cpp; - refType = 4; - sourceTree = ""; - }; - 2C3534B4FE9C286211CD283A = { - fileRef = 2C3534B0FE9C275611CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 2C3534B5FE9C286211CD283A = { - fileRef = 2C3534ACFE9C268311CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 2C3534B6FE9C286211CD283A = { - fileRef = 2C3534B1FE9C275611CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 2C3534B7FE9C286211CD283A = { - fileRef = 2C3534ABFE9C268311CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 2C3534B8FE9C286211CD283A = { - fileRef = 1FF0DAFBFE99550B11CD296C; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; - 2C3534BDFE9C2E9A11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.cpp.cpp; - path = attributes.cpp; - refType = 4; - sourceTree = ""; - }; - 2C3534BEFE9C2E9A11CD283A = { - fileEncoding = 30; - isa = PBXFileReference; - lastKnownFileType = sourcecode.c.h; - path = attributes.h; - refType = 4; - sourceTree = ""; - }; - 2C3534BFFE9C2E9A11CD283A = { - fileRef = 2C3534BEFE9C2E9A11CD283A; - isa = PBXBuildFile; - settings = { - }; - }; - 2C3534C0FE9C2E9A11CD283A = { - fileRef = 2C3534BDFE9C2E9A11CD283A; - isa = PBXBuildFile; - settings = { - ATTRIBUTES = ( - ); - }; - }; -//2C0 -//2C1 -//2C2 -//2C3 -//2C4 -//4C0 -//4C1 -//4C2 -//4C3 -//4C4 - 4C5285110624AB2C00FCEF5B = { - isa = PBXFileReference; - lastKnownFileType = wrapper.framework; - path = security_cdsa_client.framework; - refType = 3; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 4C5285120624AB2C00FCEF5B = { - isa = PBXFileReference; - lastKnownFileType = wrapper.framework; - path = security_cdsa_utilities.framework; - refType = 3; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 4C5285130624AB2C00FCEF5B = { - isa = PBXFileReference; - lastKnownFileType = wrapper.framework; - path = security_utilities.framework; - refType = 3; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 4C5285140624AB2C00FCEF5B = { - fileRef = 4C5285110624AB2C00FCEF5B; - isa = PBXBuildFile; - settings = { - }; - }; - 4C5285150624AB2C00FCEF5B = { - fileRef = 4C5285120624AB2C00FCEF5B; - isa = PBXBuildFile; - settings = { - }; - }; - 4C5285160624AB2C00FCEF5B = { - fileRef = 4C5285130624AB2C00FCEF5B; - isa = PBXBuildFile; - settings = { - }; - }; - }; - rootObject = 2416F430FE8A493011CD283A; -} diff --git a/SecurityTests/xdr_rpc/Makefile.xdr_test b/SecurityTests/xdr_rpc/Makefile.xdr_test deleted file mode 100644 index f26a6e8c..00000000 --- a/SecurityTests/xdr_rpc/Makefile.xdr_test +++ /dev/null @@ -1,36 +0,0 @@ -# Makefile for XDR RPC test program - -xdr_test: xdr_test.cpp securityd_data_saver.h -### XXX ld64 is broken in Leopard, ca. 9A110 - ? -# g++ -F/usr/local/SecurityPieces/Frameworks \ - -g -Wall -arch ppc -arch i386 -arch ppc64 \ - -o $@ $< \ - -framework securityd_client \ - -framework security_cdsa_utilities \ - -framework security_utilities - - g++ -F/usr/local/SecurityPieces/Frameworks \ - -g -Wall -arch ppc -arch i386 \ - -o $@ $< \ - -framework securityd_client \ - -framework security_cdsa_utilities \ - -framework security_utilities - -# only needed when building a "save data" version of securityd -securityd_data_saver.o: securityd_data_saver.cpp securityd_data_saver.h - g++ -F/usr/local/SecurityPieces/Frameworks \ - -g -Wall -arch ppc -arch i386 -c $< - -# run all tests with minimally verbose output -.PHONY: test -test: xdr_test - @for F in TestData/* ; do ./xdr_test -v $${F} ; done - -# run all tests silently (except for errors) -.PHONY: qtest -qtest: xdr_test - @for F in TestData/* ; do ./xdr_test $${F} ; done - -.PHONY: clean -clean: - /bin/rm -f xdr_test *.o diff --git a/SecurityTests/xdr_rpc/Reference/AclOwnerPrototype_getOwner.decoded b/SecurityTests/xdr_rpc/Reference/AclOwnerPrototype_getOwner.decoded deleted file mode 100644 index 0ddf228d..00000000 --- a/SecurityTests/xdr_rpc/Reference/AclOwnerPrototype_getOwner.decoded +++ /dev/null @@ -1,63 +0,0 @@ -preamble: -0000000 00001234 00000001 000003fe 00000004 - byte order version data type ptr size -0000020 03935c50 000000cf - base ptr # of bytes - -CSSM_ACL_OWNER_PROTOTYPE: - 00000000 03935c60 - TypedSubject. TypedSubject. - ListType Head -0000040 03935ca8 00000000 - TypedSubject. Delegate - Tail - -TypedSubject.Head: - 03935c78 0000007b - NextElement WordID -0000060 00000002 00060000 00000023 00000000 - ElementType -TypedSubject.Head->NextElement: -0000100 03935c90 00000001 00000002 000a0000 - NextElement WordID ElementType -0000120 00000023 00000000 - -TypedSubject.Head->NextElement->NextElement: - 03935ca8 00000001 - NextElement WordID -0000140 00000002 00080000 00000023 00000000 - ElementType -TypedSubject.Head->NextElement->NextElement->NextElement: -0000160 00000000 00000000 00000001 00000000 - NextElement WordID ElementType Sublist. - ListType -0000200 03935cc0 03935cf4 - Sublist.Head Sublist.Tail -TypedSubject.Head->NextElement->NextElement->NextElement->Sublist.Head: - 03935cd8 00010000 - NextElement WordID -0000220 00000002 00225c10 00000026 00000000 - ElementType -TypedSubject.Head->NextElement->NextElement->NextElement->Sublist.Head->NextElement: -0000240 03935cf4 00000000 00000000 00000004 - NextElement WordID ElementType Element.Word. - Length -0000260 03935cf0 00000000 - Element.Word. - Data -TypedSubject.Head->NextElement->NextElement->NextElement->Sublist.Head->NextElement->Element.Word.Data: - 01010000 - Data -TypedSubject.Head->NextElement->NextElement->NextElement->Sublist.Head->NextElement->NextElement: - 00000000 - NextElement -0000300 00000000 00000000 00000013 03935d0c - WordID ElementType Element.Word. Element.Word. - Length Data -0000320 00000000 - -TypedSubject.Head->NextElement->NextElement->NextElement->Sublist.Head->NextElement->NextElement->Element.Word.Data: - 49505365 63205368 61726564 - I P S e c S h a r e d -0000340 20536563 72657400 - S e c r e t diff --git a/SecurityTests/xdr_rpc/Reference/transition.cpp b/SecurityTests/xdr_rpc/Reference/transition.cpp deleted file mode 100644 index 77450b2d..00000000 --- a/SecurityTests/xdr_rpc/Reference/transition.cpp +++ /dev/null @@ -1,1244 +0,0 @@ -/* - * Copyright (c) 2000-2004,2006 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - - -// -// transition - securityd IPC-to-class-methods transition layer -// -#include -#include "server.h" -#include "session.h" -#include "database.h" -#include "kcdatabase.h" -#include "tokendatabase.h" -#include "kckey.h" -#include "transwalkers.h" -#include "child.h" -#include -#include "securityd_data_saver.h" // for SecuritydDataSave - -#include -#include - - -// -// Bracket Macros -// -#define UCSP_ARGS mach_port_t servicePort, mach_port_t replyPort, audit_token_t auditToken, \ - CSSM_RETURN *rcode -#define CONTEXT_ARGS Context context, Pointer contextBase, Context::Attr *attributes, mach_msg_type_number_t attrSize - -#define BEGIN_IPCN *rcode = CSSM_OK; try { -#define BEGIN_IPC BEGIN_IPCN RefPointer connRef(&Server::connection(replyPort)); \ -Connection &connection __attribute__((unused)) = *connRef; -#define END_IPC(base) END_IPCN(base) Server::requestComplete(); return KERN_SUCCESS; -#define END_IPCN(base) } \ - catch (const CommonError &err) { *rcode = CssmError::cssmError(err, CSSM_ ## base ## _BASE_ERROR); } \ - catch (const std::bad_alloc &) { *rcode = CssmError::merge(CSSM_ERRCODE_MEMORY_ERROR, CSSM_ ## base ## _BASE_ERROR); } \ - catch (Connection *conn) { *rcode = 0; } \ - catch (...) { *rcode = CssmError::merge(CSSM_ERRCODE_INTERNAL_ERROR, CSSM_ ## base ## _BASE_ERROR); } - -#define BEGIN_IPCS try { -#define END_IPCS(more) } catch (...) { } \ - mach_port_deallocate(mach_task_self(), serverPort); more; return KERN_SUCCESS; - -#define DATA_IN(base) void *base, mach_msg_type_number_t base##Length -#define DATA_OUT(base) void **base, mach_msg_type_number_t *base##Length -#define DATA(base) CssmData(base, base##Length) -#define OPTDATA(base) (base ? &CssmData(base, base##Length) : NULL) - -#define SSBLOB(Type, name) makeBlob(DATA(name)) - -#define COPY_IN(type,name) type *name, mach_msg_type_number_t name##Length, type *name##Base -#define COPY_OUT(type,name) \ - type **name, mach_msg_type_number_t *name##Length, type **name##Base - - -using LowLevelMemoryUtilities::increment; -using LowLevelMemoryUtilities::difference; - - -// -// Setup/Teardown functions. -// -kern_return_t ucsp_server_setup(UCSP_ARGS, mach_port_t taskPort, ClientSetupInfo info, const char *identity) -{ - BEGIN_IPCN - Server::active().setupConnection(Server::connectNewProcess, servicePort, replyPort, - taskPort, auditToken, &info, identity); - END_IPCN(CSSM) - return KERN_SUCCESS; -} - -kern_return_t ucsp_server_setupNew(UCSP_ARGS, mach_port_t taskPort, - ClientSetupInfo info, const char *identity, - mach_port_t *newServicePort) -{ - BEGIN_IPCN - try { - RefPointer session = new DynamicSession(taskPort); - Server::active().setupConnection(Server::connectNewSession, session->servicePort(), replyPort, - taskPort, auditToken, &info, identity); - *newServicePort = session->servicePort(); - } catch (const MachPlusPlus::Error &err) { - switch (err.error) { - case BOOTSTRAP_SERVICE_ACTIVE: - MacOSError::throwMe(errSessionAuthorizationDenied); // translate - default: - throw; - } - } - END_IPCN(CSSM) - return KERN_SUCCESS; -} - -kern_return_t ucsp_server_setupThread(UCSP_ARGS, mach_port_t taskPort) -{ - BEGIN_IPCN - Server::active().setupConnection(Server::connectNewThread, servicePort, replyPort, - taskPort, auditToken); - END_IPCN(CSSM) - return KERN_SUCCESS; -} - - -kern_return_t ucsp_server_teardown(UCSP_ARGS) -{ - BEGIN_IPCN - Server::active().endConnection(replyPort); - END_IPCN(CSSM) - return KERN_SUCCESS; -} - - -// -// Common database operations -// -kern_return_t ucsp_server_authenticateDb(UCSP_ARGS, DbHandle db, - CSSM_DB_ACCESS_TYPE accessType, COPY_IN(AccessCredentials, cred)) -{ - BEGIN_IPC - secdebug("dl", "authenticateDb"); - relocate(cred, credBase, credLength); - // ignoring accessType - Server::database(db)->authenticate(accessType, cred); - END_IPC(DL) -} - -kern_return_t ucsp_server_releaseDb(UCSP_ARGS, DbHandle db) -{ - BEGIN_IPC - connection.process().kill(*Server::database(db)); - END_IPC(DL) -} - - -kern_return_t ucsp_server_getDbName(UCSP_ARGS, DbHandle db, char name[PATH_MAX]) -{ - BEGIN_IPC - string result = Server::database(db)->dbName(); - assert(result.length() < PATH_MAX); - memcpy(name, result.c_str(), result.length() + 1); - END_IPC(DL) -} - -kern_return_t ucsp_server_setDbName(UCSP_ARGS, DbHandle db, const char *name) -{ - BEGIN_IPC - Server::database(db)->dbName(name); - END_IPC(DL) -} - - -// -// External database interface -// -kern_return_t ucsp_server_openToken(UCSP_ARGS, uint32 ssid, FilePath name, - COPY_IN(AccessCredentials, accessCredentials), DbHandle *db) -{ - BEGIN_IPC - relocate(accessCredentials, accessCredentialsBase, accessCredentialsLength); - *db = (new TokenDatabase(ssid, connection.process(), name, accessCredentials))->handle(); - END_IPC(DL) -} - -kern_return_t ucsp_server_findFirst(UCSP_ARGS, DbHandle db, - COPY_IN(CssmQuery, query), - COPY_IN(CssmDbRecordAttributeData, inAttributes), - COPY_OUT(CssmDbRecordAttributeData, outAttributes), - boolean_t getData, - DATA_OUT(data), KeyHandle *hKey, SearchHandle *hSearch, RecordHandle *hRecord) -{ - BEGIN_IPC - relocate(query, queryBase, queryLength); - SecuritydDataSave sds("/var/tmp/Query_findFirst"); - sds.writeQuery(query, queryLength); - relocate(inAttributes, inAttributesBase, inAttributesLength); - - RefPointer search; - RefPointer record; - RefPointer key; - CssmData outData; //OutputData outData(data, dataLength); - CssmDbRecordAttributeData *outAttrs; mach_msg_type_number_t outAttrsLength; - Server::database(db)->findFirst(*query, inAttributes, inAttributesLength, - getData ? &outData : NULL, key, search, record, outAttrs, outAttrsLength); - - // handle nothing-found case without exceptions - if (!record) { - *hRecord = noRecord; - *hSearch = noSearch; - *hKey = noKey; - } else { - // return handles - *hRecord = record->handle(); - *hSearch = search->handle(); - *hKey = key ? key->handle() : noKey; - - // return attributes (assumes relocated flat blob) - flips(outAttrs, outAttributes, outAttributesBase); - *outAttributesLength = outAttrsLength; - - // return data (temporary fix) - if (getData) { - *data = outData.data(); - *dataLength = outData.length(); - } - } - END_IPC(DL) -} - -kern_return_t ucsp_server_findNext(UCSP_ARGS, SearchHandle hSearch, - COPY_IN(CssmDbRecordAttributeData, inAttributes), - COPY_OUT(CssmDbRecordAttributeData, outAttributes), - boolean_t getData, DATA_OUT(data), KeyHandle *hKey, - RecordHandle *hRecord) -{ - BEGIN_IPC - relocate(inAttributes, inAttributesBase, inAttributesLength); - RefPointer search = - Server::find(hSearch, CSSMERR_DL_INVALID_RESULTS_HANDLE); - RefPointer record; - RefPointer key; - CssmData outData; //OutputData outData(data, dataLength); - CssmDbRecordAttributeData *outAttrs; mach_msg_type_number_t outAttrsLength; - search->database().findNext(search, inAttributes, inAttributesLength, - getData ? &outData : NULL, key, record, outAttrs, outAttrsLength); - - // handle nothing-found case without exceptions - if (!record) { - *hRecord = noRecord; - *hKey = noKey; - } else { - // return handles - *hRecord = record->handle(); - *hKey = key ? key->handle() : noKey; - - // return attributes (assumes relocated flat blob) - flips(outAttrs, outAttributes, outAttributesBase); - *outAttributesLength = outAttrsLength; - - // return data (temporary fix) - if (getData) { - *data = outData.data(); - *dataLength = outData.length(); - } - } - END_IPC(DL) -} - -kern_return_t ucsp_server_findRecordHandle(UCSP_ARGS, RecordHandle hRecord, - COPY_IN(CssmDbRecordAttributeData, inAttributes), - COPY_OUT(CssmDbRecordAttributeData, outAttributes), - boolean_t getData, DATA_OUT(data), KeyHandle *hKey) -{ - BEGIN_IPC - relocate(inAttributes, inAttributesBase, inAttributesLength); - RefPointer record = - Server::find(hRecord, CSSMERR_DL_INVALID_RECORD_UID); - RefPointer key; - CssmData outData; //OutputData outData(data, dataLength); - CssmDbRecordAttributeData *outAttrs; mach_msg_type_number_t outAttrsLength; - record->database().findRecordHandle(record, inAttributes, inAttributesLength, - getData ? &outData : NULL, key, outAttrs, outAttrsLength); - - // return handles - *hKey = key ? key->handle() : noKey; - - // return attributes (assumes relocated flat blob) - flips(outAttrs, outAttributes, outAttributesBase); - *outAttributesLength = outAttrsLength; - - // return data (temporary fix) - if (getData) { - *data = outData.data(); - *dataLength = outData.length(); - } - END_IPC(DL) -} - -kern_return_t ucsp_server_insertRecord(UCSP_ARGS, DbHandle db, CSSM_DB_RECORDTYPE recordType, - COPY_IN(CssmDbRecordAttributeData, attributes), DATA_IN(data), RecordHandle *record) -{ - BEGIN_IPC - relocate(attributes, attributesBase, attributesLength); - Server::database(db)->insertRecord(recordType, attributes, attributesLength, - DATA(data), *record); - END_IPC(DL) -} - -kern_return_t ucsp_server_modifyRecord(UCSP_ARGS, DbHandle db, RecordHandle *hRecord, - CSSM_DB_RECORDTYPE recordType, COPY_IN(CssmDbRecordAttributeData, attributes), - boolean_t setData, DATA_IN(data), CSSM_DB_MODIFY_MODE modifyMode) -{ - BEGIN_IPC - relocate(attributes, attributesBase, attributesLength); - CssmData newData(DATA(data)); - RefPointer record = - Server::find(*hRecord, CSSMERR_DL_INVALID_RECORD_UID); - Server::database(db)->modifyRecord(recordType, record, attributes, attributesLength, - setData ? &newData : NULL, modifyMode); - // note that the record handle presented to the client never changes here - // (we could, but have no reason to - our record handles are just always up to date) - END_IPC(DL) -} - -kern_return_t ucsp_server_deleteRecord(UCSP_ARGS, DbHandle db, RecordHandle hRecord) -{ - BEGIN_IPC - Server::database(db)->deleteRecord( - Server::find(hRecord, CSSMERR_DL_INVALID_RECORD_UID)); - END_IPC(DL) -} - -kern_return_t ucsp_server_releaseSearch(UCSP_ARGS, SearchHandle hSearch) -{ - BEGIN_IPC - RefPointer search = Server::find(hSearch, 0); - search->database().releaseSearch(*search); - END_IPC(DL) -} - -kern_return_t ucsp_server_releaseRecord(UCSP_ARGS, RecordHandle hRecord) -{ - BEGIN_IPC - RefPointer record = Server::find(hRecord, 0); - record->database().releaseRecord(*record); - END_IPC(DL) -} - -kern_return_t ucsp_server_getRecordFromHandle(UCSP_ARGS, RecordHandle record, - COPY_IN(CssmDbRecordAttributeData, inAttributes), - COPY_OUT(CssmDbRecordAttributeData, outAttributes), - boolean_t getData, - DATA_OUT(data)) -{ - BEGIN_IPC - secdebug("dl", "getRecordFromHandle"); - relocate(inAttributes, inAttributesBase, inAttributesLength); - // @@@ - END_IPC(DL) -} - - -// -// Internal database management -// -kern_return_t ucsp_server_createDb(UCSP_ARGS, DbHandle *db, - COPY_IN(DLDbFlatIdentifier, ident), - COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner), - DBParameters params) -{ - BEGIN_IPC - relocate(cred, credBase, credLength); - relocate(owner, ownerBase, ownerLength); - relocate(ident, identBase, identLength); - *db = (new KeychainDatabase(*ident, params, connection.process(), cred, owner))->handle(); - END_IPC(DL) -} - -// keychain synchronization -// @@@ caller should be required to call decodeDb() to get a DbHandle -// instead of passing the blob itself -kern_return_t ucsp_server_cloneDbForSync(UCSP_ARGS, DATA_IN(blob), - DbHandle srcDb, DATA_IN(agentData), DbHandle *newDb) -{ - BEGIN_IPC - RefPointer srcKC = Server::keychain(srcDb); - *newDb = (new KeychainDatabase(*srcKC, connection.process(), - SSBLOB(DbBlob, blob), DATA(agentData)))->handle(); - END_IPC(DL) -} - -kern_return_t ucsp_server_commitDbForSync(UCSP_ARGS, DbHandle srcDb, - DbHandle cloneDb, DATA_OUT(blob)) -{ - BEGIN_IPC - RefPointer srcKC = Server::keychain(srcDb); - RefPointer cloneKC = Server::keychain(cloneDb); - srcKC->commitSecretsForSync(*cloneKC); - - // re-encode blob for convenience - if (blob && blobLength) { - DbBlob *dbBlob = srcKC->blob(); - *blob = dbBlob; - *blobLength = dbBlob->length(); - } else { - secdebug("kcrecode", "No blob can be returned to client"); - } - END_IPC(DL) -} - -kern_return_t ucsp_server_decodeDb(UCSP_ARGS, DbHandle *db, - COPY_IN(DLDbFlatIdentifier, ident), COPY_IN(AccessCredentials, cred), DATA_IN(blob)) -{ - BEGIN_IPC - relocate(cred, credBase, credLength); - relocate(ident, identBase, identLength); - *db = (new KeychainDatabase(*ident, SSBLOB(DbBlob, blob), - connection.process(), cred))->handle(); - END_IPC(DL) -} - -kern_return_t ucsp_server_encodeDb(UCSP_ARGS, DbHandle db, DATA_OUT(blob)) -{ - BEGIN_IPC - DbBlob *dbBlob = Server::keychain(db)->blob(); // memory owned by database - *blob = dbBlob; - *blobLength = dbBlob->length(); - END_IPC(DL) -} - -kern_return_t ucsp_server_setDbParameters(UCSP_ARGS, DbHandle db, DBParameters params) -{ - BEGIN_IPC - Server::keychain(db)->setParameters(params); - END_IPC(DL) -} - -kern_return_t ucsp_server_getDbParameters(UCSP_ARGS, DbHandle db, DBParameters *params) -{ - BEGIN_IPC - Server::keychain(db)->getParameters(*params); - END_IPC(DL) -} - -kern_return_t ucsp_server_changePassphrase(UCSP_ARGS, DbHandle db, - COPY_IN(AccessCredentials, cred)) -{ - BEGIN_IPC - relocate(cred, credBase, credLength); - Server::keychain(db)->changePassphrase(cred); - END_IPC(DL) -} - -kern_return_t ucsp_server_lockAll (UCSP_ARGS, boolean_t) -{ - BEGIN_IPC - connection.session().processLockAll(); - END_IPC(DL) -} - -kern_return_t ucsp_server_unlockDb(UCSP_ARGS, DbHandle db) -{ - BEGIN_IPC - Server::keychain(db)->unlockDb(); - END_IPC(DL) -} - -kern_return_t ucsp_server_unlockDbWithPassphrase(UCSP_ARGS, DbHandle db, DATA_IN(passphrase)) -{ - BEGIN_IPC - Server::keychain(db)->unlockDb(DATA(passphrase)); - END_IPC(DL) -} - -kern_return_t ucsp_server_isLocked(UCSP_ARGS, DbHandle db, boolean_t *locked) -{ - BEGIN_IPC - *locked = Server::database(db)->isLocked(); - END_IPC(DL) -} - - -// -// Key management -// -kern_return_t ucsp_server_encodeKey(UCSP_ARGS, KeyHandle keyh, DATA_OUT(blob), - boolean_t wantUid, DATA_OUT(uid)) -{ - BEGIN_IPC - RefPointer gKey = Server::key(keyh); - if (KeychainKey *key = dynamic_cast(gKey.get())) { - KeyBlob *keyBlob = key->blob(); // still owned by key - *blob = keyBlob; - *blobLength = keyBlob->length(); - if (wantUid) { // uid generation is not implemented - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); - } else { - *uidLength = 0; // do not return this - } - } else { // not a KeychainKey - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE); - } - END_IPC(CSP) -} - -kern_return_t ucsp_server_decodeKey(UCSP_ARGS, KeyHandle *keyh, CssmKey::Header *header, - DbHandle db, DATA_IN(blob)) -{ - BEGIN_IPC - RefPointer key = new KeychainKey(*Server::keychain(db), SSBLOB(KeyBlob, blob)); - key->returnKey(*keyh, *header); - flip(*header); - END_IPC(CSP) -} - -// keychain synchronization -kern_return_t ucsp_server_recodeKey(UCSP_ARGS, DbHandle oldDb, KeyHandle keyh, - DbHandle newDb, DATA_OUT(newBlob)) -{ - BEGIN_IPC - // If the old key is passed in as DATA_IN(oldBlob): - // RefPointer key = new KeychainKey(*Server::keychain(oldDb), SSBLOB(KeyBlob, oldBlob)); - RefPointer key = Server::key(keyh); - if (KeychainKey *kckey = dynamic_cast(key.get())) { - KeyBlob *blob = Server::keychain(newDb)->recodeKey(*kckey); - *newBlob = blob; - *newBlobLength = blob->length(); - Server::releaseWhenDone(*newBlob); - // @@@ stop leaking blob - } else { // not a KeychainKey - CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_REFERENCE); - } - END_IPC(CSP) -} - -kern_return_t ucsp_server_releaseKey(UCSP_ARGS, KeyHandle keyh) -{ - BEGIN_IPC - RefPointer key = Server::key(keyh); - key->database().releaseKey(*key); - END_IPC(CSP) -} - -kern_return_t ucsp_server_queryKeySizeInBits(UCSP_ARGS, KeyHandle keyh, CSSM_KEY_SIZE *length) -{ - BEGIN_IPC - RefPointer key = Server::key(keyh); - key->database().queryKeySizeInBits(*key, CssmKeySize::overlay(*length)); - END_IPC(CSP) -} - -kern_return_t ucsp_server_getOutputSize(UCSP_ARGS, CONTEXT_ARGS, KeyHandle keyh, - uint32 inputSize, boolean_t encrypt, uint32 *outputSize) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - RefPointer key = Server::key(keyh); - key->database().getOutputSize(context, *key, inputSize, encrypt, *outputSize); - END_IPC(CSP) -} - -kern_return_t ucsp_server_getKeyDigest(UCSP_ARGS, KeyHandle key, DATA_OUT(digest)) -{ - BEGIN_IPC - CssmData digestData = Server::key(key)->canonicalDigest(); - *digest = digestData.data(); - *digestLength = digestData.length(); - END_IPC(CSP) -} - - -// -// Signatures and MACs -// -kern_return_t ucsp_server_generateSignature(UCSP_ARGS, CONTEXT_ARGS, KeyHandle keyh, - CSSM_ALGORITHMS signOnlyAlgorithm, DATA_IN(data), DATA_OUT(signature)) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - RefPointer key = Server::key(keyh); - OutputData sigData(signature, signatureLength); - key->database().generateSignature(context, *key, signOnlyAlgorithm, - DATA(data), sigData); - END_IPC(CSP) -} - -kern_return_t ucsp_server_verifySignature(UCSP_ARGS, CONTEXT_ARGS, KeyHandle keyh, - CSSM_ALGORITHMS verifyOnlyAlgorithm, DATA_IN(data), DATA_IN(signature)) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - RefPointer key = Server::key(keyh); - key->database().verifySignature(context, *key, verifyOnlyAlgorithm, - DATA(data), DATA(signature)); - END_IPC(CSP) -} - -kern_return_t ucsp_server_generateMac(UCSP_ARGS, CONTEXT_ARGS, KeyHandle keyh, - DATA_IN(data), DATA_OUT(mac)) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - RefPointer key = Server::key(keyh); - OutputData macData(mac, macLength); - key->database().generateMac(context, *key, DATA(data), macData); - END_IPC(CSP) -} - -kern_return_t ucsp_server_verifyMac(UCSP_ARGS, CONTEXT_ARGS, KeyHandle keyh, - DATA_IN(data), DATA_IN(mac)) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - RefPointer key = Server::key(keyh); - key->database().verifyMac(context, *key, DATA(data), DATA(mac)); - END_IPC(CSP) -} - - -// -// Encryption/Decryption -// -kern_return_t ucsp_server_encrypt(UCSP_ARGS, CONTEXT_ARGS, KeyHandle keyh, - DATA_IN(clear), DATA_OUT(cipher)) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - RefPointer key = Server::key(keyh); - OutputData cipherOut(cipher, cipherLength); - key->database().encrypt(context, *key, DATA(clear), cipherOut); - END_IPC(CSP) -} - -kern_return_t ucsp_server_decrypt(UCSP_ARGS, CONTEXT_ARGS, KeyHandle keyh, - DATA_IN(cipher), DATA_OUT(clear)) -{ - BEGIN_IPC - SecuritydDataSave sds("/var/tmp/securityd_Context_decrypt"); // XXX/gh get sample Context for XDR testing - relocate(context, contextBase, attributes, attrSize); - // save attributes base addr for backwards compatibility - intptr_t attraddr = reinterpret_cast(&context->ContextAttributes); - sds.writeContext(&context, attraddr, attrSize); - RefPointer key = Server::key(keyh); - OutputData clearOut(clear, clearLength); - key->database().decrypt(context, *key, DATA(cipher), clearOut); - END_IPC(CSP) -} - - -// -// Key generation -// -kern_return_t ucsp_server_generateKey(UCSP_ARGS, DbHandle db, CONTEXT_ARGS, - COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner), - uint32 usage, uint32 attrs, KeyHandle *newKey, CssmKey::Header *newHeader) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - relocate(cred, credBase, credLength); - relocate(owner, ownerBase, ownerLength); - //@@@ preliminary interpretation - will get "type handle" - RefPointer database = - Server::optionalDatabase(db, attrs & CSSM_KEYATTR_PERMANENT); - RefPointer key; - database->generateKey(context, cred, owner, usage, attrs, key); - key->returnKey(*newKey, *newHeader); - flip(*newHeader); - END_IPC(CSP) -} - -kern_return_t ucsp_server_generateKeyPair(UCSP_ARGS, DbHandle db, CONTEXT_ARGS, - COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner), - uint32 pubUsage, uint32 pubAttrs, uint32 privUsage, uint32 privAttrs, - KeyHandle *pubKey, CssmKey::Header *pubHeader, KeyHandle *privKey, CssmKey::Header *privHeader) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - relocate(cred, credBase, credLength); - relocate(owner, ownerBase, ownerLength); - RefPointer database = - Server::optionalDatabase(db, (privAttrs | pubAttrs) & CSSM_KEYATTR_PERMANENT); - RefPointer pub, priv; - database->generateKey(context, cred, owner, - pubUsage, pubAttrs, privUsage, privAttrs, pub, priv); - pub->returnKey(*pubKey, *pubHeader); - flip(*pubHeader); - priv->returnKey(*privKey, *privHeader); - flip(*privHeader); - END_IPC(CSP) -} - - -// -// Key wrapping and unwrapping -// -kern_return_t ucsp_server_wrapKey(UCSP_ARGS, CONTEXT_ARGS, KeyHandle hWrappingKey, - COPY_IN(AccessCredentials, cred), KeyHandle hKeyToBeWrapped, - DATA_IN(descriptiveData), CssmKey *wrappedKey, DATA_OUT(keyData)) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - relocate(cred, credBase, credLength); - RefPointer subjectKey = Server::key(hKeyToBeWrapped); - RefPointer wrappingKey = Server::optionalKey(hWrappingKey); - if ((context.algorithm() == CSSM_ALGID_NONE && subjectKey->attribute(CSSM_KEYATTR_SENSITIVE)) - || !subjectKey->attribute(CSSM_KEYATTR_EXTRACTABLE)) - CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK); - pickDb(subjectKey, wrappingKey)->wrapKey(context, cred, wrappingKey, *subjectKey, DATA(descriptiveData), *wrappedKey); - - // transmit key data back as a separate blob - OutputData keyDatas(keyData, keyDataLength); - keyDatas = wrappedKey->keyData(); - flip(*wrappedKey); - END_IPC(CSP) -} - -kern_return_t ucsp_server_unwrapKey(UCSP_ARGS, DbHandle db, CONTEXT_ARGS, - KeyHandle hWrappingKey, COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner), - KeyHandle hPublicKey, CssmKey wrappedKey, DATA_IN(wrappedKeyData), - CSSM_KEYUSE usage, CSSM_KEYATTR_FLAGS attrs, DATA_OUT(descriptiveData), - KeyHandle *newKey, CssmKey::Header *newHeader) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - flip(wrappedKey); - wrappedKey.keyData() = DATA(wrappedKeyData); - relocate(cred, credBase, credLength); - relocate(owner, ownerBase, ownerLength); - OutputData descriptiveDatas(descriptiveData, descriptiveDataLength); - RefPointer wrappingKey = Server::optionalKey(hWrappingKey); - RefPointer unwrappedKey; - pickDb(Server::optionalDatabase(db), wrappingKey)->unwrapKey(context, cred, owner, - wrappingKey, Server::optionalKey(hPublicKey), - usage, attrs, wrappedKey, unwrappedKey, descriptiveDatas); - unwrappedKey->returnKey(*newKey, *newHeader); - flip(*newHeader); - END_IPC(CSP) -} - - -// -// Key derivation. -// -// Note that the "param" argument can have structure. The walker for the -// (artificial) POD CssmDeriveData handles those that are known; if you add -// an algorithm with structured param, you need to add a case there. -// -kern_return_t ucsp_server_deriveKey(UCSP_ARGS, DbHandle db, CONTEXT_ARGS, KeyHandle hKey, - COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner), - COPY_IN(CssmDeriveData, paramInput), DATA_OUT(paramOutput), - uint32 usage, uint32 attrs, KeyHandle *newKey, CssmKey::Header *newHeader) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - relocate(cred, credBase, credLength); - relocate(owner, ownerBase, ownerLength); - relocate(paramInput, paramInputBase, paramInputLength); - if (!paramInput || paramInput->algorithm != context.algorithm()) - CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); // client layer fault - - RefPointer database = - Server::optionalDatabase(db, attrs & CSSM_KEYATTR_PERMANENT); - RefPointer key = Server::optionalKey(hKey); - CssmData *param = paramInput ? ¶mInput->baseData : NULL; - RefPointer derivedKey; - pickDb(Server::optionalDatabase(db, attrs & CSSM_KEYATTR_PERMANENT), - key)->deriveKey(context, key, cred, owner, param, usage, attrs, derivedKey); - derivedKey->returnKey(*newKey, *newHeader); - flip(*newHeader); - if (param && param->length()) { - if (!param->data()) // CSP screwed up - CssmError::throwMe(CSSM_ERRCODE_INTERNAL_ERROR); - if (paramInputLength) // using incoming buffer; make a copy - *param = CssmAutoData(Server::csp().allocator(), *param).release(); - OutputData(paramOutput, paramOutputLength) = *param; // return the data - } - END_IPC(CSP) -} - - -// -// Random generation -// -kern_return_t ucsp_server_generateRandom(UCSP_ARGS, uint32 ssid, CONTEXT_ARGS, DATA_OUT(data)) -{ - BEGIN_IPC - relocate(context, contextBase, attributes, attrSize); - if (ssid) - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); - - // default version (use /dev/random) - Allocator &allocator = Allocator::standard(Allocator::sensitive); - if (size_t bytes = context.getInt(CSSM_ATTRIBUTE_OUTPUT_SIZE)) { - void *buffer = allocator.malloc(bytes); - Server::active().random(buffer, bytes); - *data = buffer; - *dataLength = bytes; - Server::releaseWhenDone(allocator, buffer); - } - END_IPC(CSP) -} - - -// -// ACL management. -// Watch out for the memory-management tap-dance. -// -kern_return_t ucsp_server_getOwner(UCSP_ARGS, AclKind kind, KeyHandle key, - COPY_OUT(AclOwnerPrototype, ownerOut)) -{ - BEGIN_IPC - AclOwnerPrototype owner; - Server::aclBearer(kind, key).getOwner(owner); // allocates memory in owner - Copier owners(&owner, Allocator::standard()); // make flat copy - { ChunkFreeWalker free; walk(free, owner); } // release chunked original - *ownerOutLength = owners.length(); - flips(owners.value(), ownerOut, ownerOutBase); - Server::releaseWhenDone(owners.keep()); // throw flat copy out when done - END_IPC(CSP) -} - -kern_return_t ucsp_server_setOwner(UCSP_ARGS, AclKind kind, KeyHandle key, - COPY_IN(AccessCredentials, cred), COPY_IN(AclOwnerPrototype, owner)) -{ - BEGIN_IPC - relocate(cred, credBase, credLength); - relocate(owner, ownerBase, ownerLength); - Server::aclBearer(kind, key).changeOwner(*owner, cred); - END_IPC(CSP) -} - -kern_return_t ucsp_server_getAcl(UCSP_ARGS, AclKind kind, KeyHandle key, - boolean_t haveTag, const char *tag, - uint32 *countp, COPY_OUT(AclEntryInfo, acls)) -{ - BEGIN_IPC - uint32 count; - AclEntryInfo *aclList; - Server::aclBearer(kind, key).getAcl(haveTag ? tag : NULL, count, aclList); - *countp = count; - Copier aclsOut(aclList, count); // make flat copy - - { // release the chunked memory originals - ChunkFreeWalker free; - for (uint32 n = 0; n < count; n++) - walk(free, aclList[n]); - - // release the memory allocated for the list itself when we are done - Allocator::standard().free (aclList); - } - - // set result (note: this is *almost* flips(), but on an array) - *aclsLength = aclsOut.length(); - *acls = *aclsBase = aclsOut; - if (flipClient()) { - FlipWalker w; - for (uint32 n = 0; n < count; n++) - walk(w, (*acls)[n]); - w.doFlips(); - Flippers::flip(*aclsBase); - } - SecuritydDataSave sds("/var/tmp/AclEntryInfo_getAcl"); - sds.writeAclEntryInfo(*acls, *aclsLength); - Server::releaseWhenDone(aclsOut.keep()); - END_IPC(CSP) -} - -kern_return_t ucsp_server_changeAcl(UCSP_ARGS, AclKind kind, KeyHandle key, - COPY_IN(AccessCredentials, cred), CSSM_ACL_EDIT_MODE mode, CSSM_ACL_HANDLE handle, - COPY_IN(AclEntryInput, acl)) -{ - BEGIN_IPC - relocate(cred, credBase, credLength); - relocate(acl, aclBase, aclLength); - SecuritydDataSave sds("/var/tmp/AclEntryInput_changeAcl"); - sds.writeAclEntryInput(acl, aclLength); - Server::aclBearer(kind, key).changeAcl(AclEdit(mode, handle, acl), cred); - END_IPC(CSP) -} - - -// -// Login/Logout -// -kern_return_t ucsp_server_login(UCSP_ARGS, COPY_IN(AccessCredentials, cred), DATA_IN(name)) -{ - BEGIN_IPC - relocate(cred, credBase, credLength); - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); - END_IPC(CSP) -} - -kern_return_t ucsp_server_logout(UCSP_ARGS) -{ - BEGIN_IPC - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); - END_IPC(CSP) -} - - -// -// Miscellaneous CSP-related calls -// -kern_return_t ucsp_server_getStatistics(UCSP_ARGS, uint32 ssid, CSPOperationalStatistics *statistics) -{ - BEGIN_IPC - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); - END_IPC(CSP) -} - -kern_return_t ucsp_server_getTime(UCSP_ARGS, uint32 ssid, CSSM_ALGORITHMS algorithm, DATA_OUT(data)) -{ - BEGIN_IPC - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); - END_IPC(CSP) -} - -kern_return_t ucsp_server_getCounter(UCSP_ARGS, uint32 ssid, DATA_OUT(data)) -{ - BEGIN_IPC - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); - END_IPC(CSP) -} - -kern_return_t ucsp_server_selfVerify(UCSP_ARGS, uint32 ssid) -{ - BEGIN_IPC - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); - END_IPC(CSP) -} - - -// -// Passthrough calls (separate for CSP and DL passthroughs) -// -kern_return_t ucsp_server_cspPassThrough(UCSP_ARGS, uint32 ssid, uint32 id, CONTEXT_ARGS, - KeyHandle hKey, DATA_IN(inData), DATA_OUT(outData)) -{ - BEGIN_IPC - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); - END_IPC(CSP) -} - -kern_return_t ucsp_server_dlPassThrough(UCSP_ARGS, uint32 ssid, uint32 id, - DATA_IN(inData), DATA_OUT(outData)) -{ - BEGIN_IPC - CssmError::throwMe(CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED); - END_IPC(DL) -} - - -// -// Database key management. -// ExtractMasterKey looks vaguely like a key derivation operation, and is in fact -// presented by the CSPDL's CSSM layer as such. -// -kern_return_t ucsp_server_extractMasterKey(UCSP_ARGS, DbHandle db, CONTEXT_ARGS, DbHandle sourceDb, - COPY_IN(AccessCredentials, cred), COPY_IN(AclEntryPrototype, owner), - uint32 usage, uint32 attrs, KeyHandle *newKey, CssmKey::Header *newHeader) -{ - BEGIN_IPC - context.postIPC(contextBase, attributes); - relocate(cred, credBase, credLength); - relocate(owner, ownerBase, ownerLength); - RefPointer keychain = Server::keychain(sourceDb); - RefPointer masterKey = keychain->extractMasterKey( - *Server::optionalDatabase(db, attrs & CSSM_KEYATTR_PERMANENT), - cred, owner, usage, attrs); - masterKey->returnKey(*newKey, *newHeader); - flip(*newHeader); - END_IPC(CSP) -} - - -// -// Authorization subsystem support -// -kern_return_t ucsp_server_authorizationCreate(UCSP_ARGS, - COPY_IN(AuthorizationItemSet, inRights), - uint32 flags, - COPY_IN(AuthorizationItemSet, inEnvironment), - AuthorizationBlob *authorization) -{ - BEGIN_IPC - relocate(inRights, inRightsBase, inRightsLength); - relocate(inEnvironment, inEnvironmentBase, inEnvironmentLength); - Authorization::AuthItemSet rights(inRights), environment(inEnvironment); - - *rcode = connection.process().session().authCreate(rights, environment, - flags, *authorization, auditToken); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_authorizationRelease(UCSP_ARGS, - AuthorizationBlob authorization, uint32 flags) -{ - BEGIN_IPC - connection.process().session().authFree(authorization, flags); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_authorizationCopyRights(UCSP_ARGS, - AuthorizationBlob authorization, - COPY_IN(AuthorizationItemSet, inRights), - uint32 flags, - COPY_IN(AuthorizationItemSet, inEnvironment), - COPY_OUT(AuthorizationItemSet, result)) -{ - BEGIN_IPC - relocate(inRights, inRightsBase, inRightsLength); - relocate(inEnvironment, inEnvironmentBase, inEnvironmentLength); - Authorization::AuthItemSet rights(inRights), environment(inEnvironment), grantedRights; - *rcode = connection.process().session().authGetRights(authorization, - rights, environment, flags, grantedRights); - if (result && resultLength) - { - size_t resultSize; - grantedRights.copy(*result, resultSize); - *resultLength = resultSize; - *resultBase = *result; - flips(*result, result, resultBase); - Server::releaseWhenDone(*result); - } - END_IPC(CSSM) -} - -kern_return_t ucsp_server_authorizationCopyInfo(UCSP_ARGS, - AuthorizationBlob authorization, - AuthorizationString tag, - COPY_OUT(AuthorizationItemSet, info)) -{ - BEGIN_IPC - Authorization::AuthItemSet infoSet; - *info = *infoBase = NULL; - *infoLength = 0; - *rcode = connection.process().session().authGetInfo(authorization, - tag[0] ? tag : NULL, infoSet); - if (*rcode == noErr) { - size_t infoSize; - infoSet.copy(*info, infoSize); - *infoLength = infoSize; - *infoBase = *info; - flips(*info, info, infoBase); - Server::releaseWhenDone(*info); - } - END_IPC(CSSM) -} - -kern_return_t ucsp_server_authorizationExternalize(UCSP_ARGS, - AuthorizationBlob authorization, AuthorizationExternalForm *extForm) -{ - BEGIN_IPC - *rcode = connection.process().session().authExternalize(authorization, *extForm); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_authorizationInternalize(UCSP_ARGS, - AuthorizationExternalForm extForm, AuthorizationBlob *authorization) -{ - BEGIN_IPC - *rcode = connection.process().session().authInternalize(extForm, *authorization); - END_IPC(CSSM) -} - - -// -// Session management subsystem -// -kern_return_t ucsp_server_getSessionInfo(UCSP_ARGS, - SecuritySessionId *sessionId, SessionAttributeBits *attrs) -{ - BEGIN_IPC - Session &session = Session::find(*sessionId); - *sessionId = session.handle(); - *attrs = session.attributes(); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_setupSession(UCSP_ARGS, - SessionCreationFlags flags, SessionAttributeBits attrs) -{ - BEGIN_IPC - Server::process().session().setupAttributes(flags, attrs); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_setSessionDistinguishedUid(UCSP_ARGS, - SecuritySessionId sessionId, uid_t user) -{ - BEGIN_IPC - Session::find(sessionId).originatorUid(user); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_getSessionDistinguishedUid(UCSP_ARGS, - SecuritySessionId sessionId, uid_t *user) -{ - BEGIN_IPC - *user = Session::find(sessionId).originatorUid(); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_setSessionUserPrefs(UCSP_ARGS, SecuritySessionId sessionId, DATA_IN(userPrefs)) -{ - BEGIN_IPC - CFRef data(CFDataCreate(NULL, (UInt8 *)userPrefs, userPrefsLength)); - - if (!data) - { - *rcode = errSessionValueNotSet; - return 0; - } - - Session::find(sessionId).setUserPrefs(data); - *rcode = 0; - - END_IPC(CSSM) -} - - - -// -// Notification core subsystem -// -kern_return_t ucsp_server_requestNotification(UCSP_ARGS, mach_port_t receiver, uint32 domain, uint32 events) -{ - BEGIN_IPC - connection.process().requestNotifications(receiver, domain, events); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_stopNotification(UCSP_ARGS, mach_port_t receiver) -{ - BEGIN_IPC - connection.process().stopNotifications(receiver); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_postNotification(mach_port_t serverPort, uint32 domain, uint32 event, DATA_IN(data)) -{ - BEGIN_IPCS - Listener::notify(domain, event, DATA(data)); - END_IPCS() -} - - -// -// AuthorizationDB modification -// -kern_return_t ucsp_server_authorizationdbGet(UCSP_ARGS, const char *rightname, DATA_OUT(rightDefinition)) -{ - BEGIN_IPC - CFDictionaryRef rightDict; - - *rcode = connection.process().session().authorizationdbGet(rightname, &rightDict); - - if (!*rcode && rightDict) - { - CFRef data(CFPropertyListCreateXMLData (NULL, rightDict)); - CFRelease(rightDict); - if (!data) - return errAuthorizationInternal; - - // @@@ copy data to avoid having to do a delayed cfrelease - mach_msg_type_number_t length = CFDataGetLength(data); - void *xmlData = Allocator::standard().malloc(length); - memcpy(xmlData, CFDataGetBytePtr(data), length); - Server::releaseWhenDone(xmlData); - - *rightDefinition = xmlData; - *rightDefinitionLength = length; - } - END_IPC(CSSM) -} - -kern_return_t ucsp_server_authorizationdbSet(UCSP_ARGS, AuthorizationBlob authorization, const char *rightname, DATA_IN(rightDefinition)) -{ - BEGIN_IPC - CFRef data(CFDataCreate(NULL, (UInt8 *)rightDefinition, rightDefinitionLength)); - - if (!data) - return errAuthorizationInternal; - - CFRef rightDefinition(static_cast(CFPropertyListCreateFromXMLData(NULL, data, kCFPropertyListImmutable, NULL))); - - if (!rightDefinition || (CFGetTypeID(rightDefinition) != CFDictionaryGetTypeID())) - return errAuthorizationInternal; - - *rcode = connection.process().session().authorizationdbSet(authorization, rightname, rightDefinition); - - END_IPC(CSSM) -} - -kern_return_t ucsp_server_authorizationdbRemove(UCSP_ARGS, AuthorizationBlob authorization, const char *rightname) -{ - BEGIN_IPC - *rcode = connection.process().session().authorizationdbRemove(authorization, rightname); - END_IPC(CSSM) -} - - -// -// Miscellaneous administrative functions -// -kern_return_t ucsp_server_addCodeEquivalence(UCSP_ARGS, DATA_IN(oldHash), DATA_IN(newHash), - const char *name, boolean_t forSystem) -{ - BEGIN_IPC - Server::codeSignatures().addLink(DATA(oldHash), DATA(newHash), name, forSystem); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_removeCodeEquivalence(UCSP_ARGS, DATA_IN(hash), - const char *name, boolean_t forSystem) -{ - BEGIN_IPC - Server::codeSignatures().removeLink(DATA(hash), name, forSystem); - END_IPC(CSSM) -} - -kern_return_t ucsp_server_setAlternateSystemRoot(UCSP_ARGS, const char *root) -{ - BEGIN_IPC -#if defined(NDEBUG) - if (connection.process().uid() != 0) - CssmError::throwMe(CSSM_ERRCODE_OS_ACCESS_DENIED); -#endif //NDEBUG - Server::codeSignatures().open((string(root) + EQUIVALENCEDBPATH).c_str()); - END_IPC(CSSM) -} - - -// -// Child check-in service. -// Note that this isn't using the standard argument pattern. -// -kern_return_t ucsp_server_childCheckIn(mach_port_t serverPort, - mach_port_t servicePort, mach_port_t taskPort) -{ - BEGIN_IPCS - ServerChild::checkIn(servicePort, TaskPort(taskPort).pid()); - END_IPCS(mach_port_deallocate(mach_task_self(), taskPort)) -} diff --git a/SecurityTests/xdr_rpc/TestData/AclEntryInfo_getAcl b/SecurityTests/xdr_rpc/TestData/AclEntryInfo_getAcl deleted file mode 100644 index 5921d523f2f4ec7004c1ff71a28cbd0b53c0045d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1072 zcmZuwL2J}d5S~qfRrFAFk)l!qwIYa{9ux(8sPq(FYhhJ-O}7ubl1)OAip3rkM0zNV zAV~2SsCekzqJozm3iaT@Lkm6hVAJiPvIlAX=DoKPN(a8o%=hNao0<1Qbn+?@m53~W zEQ@}#>cNL#uUVA8W*c(EqU{sV94Ez`Tb}LMtj)}uVHCN8_R)ic@?}oszW^-gkdj5M zGTX@cgCY6-{XM-d75ElIaiv|9w`*o+m*9Uda?C48-av0{tUm(`x{^%NRFI0e;#suS z4UX$EFaRlLHa-ac5*$dykKIeLObOJU{pFdV6DUz1LoKJ3(6aA$E~%=T;Q?jk=dM!XR;6 zZYU6`JsbvssHYV#iYO}FXQ$p4xGKO`qv}1)Gq-hrxeZ>`dkz-F%+CDfJ<5|`)SKU+ zo}HDQcb{jTewh!;mD#U%UcLG7cE0ydA&$)f#7?l`)TWbEG@WW=oLhB3Gun8>xpTiJa*SI#$x7pdiF8mFi`r&hE Ok&6)?GKW>{?fVDEX}@0p diff --git a/SecurityTests/xdr_rpc/TestData/AclEntryInput_changeAcl b/SecurityTests/xdr_rpc/TestData/AclEntryInput_changeAcl deleted file mode 100644 index 4434bb4cbe68eb90123281bd89782ae2b884d9af..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 404 zcmZQz5Hew4U|?imVEzxJS(uJ(0C8)81Ot#=0>p1XY#?A`I<_$d!lVrew5tbbay1Y$ zF);gf+20V}Z8roM7=)pcY(Np9 zenu0ZoQ(s-oCu~PjRguo!+~l9fb0`M^=v>k2yj6tnv={x_iRA61;~E@!Z0x)`v=f% zK&L?fknI4(5imX|bbx>f2;l&#z8WI_{{UFRqQwBN034=3O-C9vKo~3zHwUU7Cz5kw6TJ eOMCzrkBvuIA`CVF6>$LB7sA@R+h#wi&;G^b5b8lJ zoO+mmk|f$A05T9_k3Aol0}_A$?DoK9L9|FfCNdYu#;OP8XOP=KfDsrjG7u&z2^6=0 zih%tAeIjgawb-LT7VKDzko0k9(zK7@*n`SCjra@3Cw56 zfwEz86-aKl0F(o{Ap_(F&%Bh>ijc~JR0f3tsCWZJFIKlvBMc0n_V@s4fq@PKkQ)Xd z3=)vSfNy}p0O$lrIsnpqh%f*NgT))bEbM6%l=k_77?S7gj!b~4g^^g(4oD9$zM*<- Kq#wXkgJ=LBiel#g diff --git a/SecurityTests/xdr_rpc/securityd_data_saver.cpp b/SecurityTests/xdr_rpc/securityd_data_saver.cpp deleted file mode 100644 index 8c2b466e..00000000 --- a/SecurityTests/xdr_rpc/securityd_data_saver.cpp +++ /dev/null @@ -1,205 +0,0 @@ -/* - * Copyright (c) 2006 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -#include "securityd_data_saver.h" - -/* - * Please don't use this as an exemplar for new write...() calls. This was - * the first, is messy, and probably should be rewritten. At the very - * least, its correctness should be revisited. - */ -void -SecuritydDataSave::writeContext(Context *context, intptr_t attraddr, - mach_msg_type_number_t attrSize) -{ - // finish the preamble - uint32_t dtype = CONTEXT; - writeAll(&dtype, sizeof(dtype)); - - // save size of a CSSM_CONTEXT (not strictly necessary) - uint32_t csize = sizeof(CSSM_CONTEXT); - writeAll(&csize, sizeof(csize)); // write the length first! - writeAll(context, csize); - - // save the original base address for relocation - csize = sizeof(attraddr); - writeAll(&csize, sizeof(csize)); - writeAll(&attraddr, csize); - - // finally, save off the attributes - csize = attrSize; - writeAll(&csize, sizeof(csize)); - writeAll(context->ContextAttributes, csize); -} - -void -SecuritydDataSave::writeAclEntryInfo(AclEntryInfo *acls, - mach_msg_type_number_t aclsLength) -{ - // finish the preamble - uint32_t dtype = ACL_ENTRY_INFO; - writeAll(&dtype, sizeof(dtype)); - - // write the base pointer, then the ACL itself - uint32_t ptrsize = sizeof(acls); - writeAll(&ptrsize, sizeof(ptrsize)); - writeAll(&acls, ptrsize); - writeAll(&aclsLength, sizeof(aclsLength)); - writeAll(acls, aclsLength); -} - -void -SecuritydDataSave::writeAclEntryInput(AclEntryInput *acl, - mach_msg_type_number_t aclLength) -{ - // finish the preamble - uint32_t dtype = ACL_ENTRY_INPUT; - writeAll(&dtype, sizeof(dtype)); - - // write the pointer, then the ACL itself - uint32_t ptrsize = sizeof(acl); - writeAll(&ptrsize, sizeof(ptrsize)); - writeAll(&acl, ptrsize); - writeAll(&aclLength, sizeof(aclLength)); - writeAll(acl, aclLength); -} - - -// -// Excerpts from securityd's transition.cpp showing where SecuritydDataSave -// is (to be) used -// - -#if 0 -kern_return_t ucsp_server_findFirst(UCSP_ARGS, DbHandle db, - COPY_IN(CssmQuery, query), - COPY_IN(CssmDbRecordAttributeData, inAttributes), - COPY_OUT(CssmDbRecordAttributeData, outAttributes), - boolean_t getData, - DATA_OUT(data), KeyHandle *hKey, SearchHandle *hSearch, RecordHandle *hRecord) -{ - BEGIN_IPC - relocate(query, queryBase, queryLength); - SecuritydDataSave sds("/var/tmp/Query_findFirst"); - sds.writeQuery(query, queryLength); - relocate(inAttributes, inAttributesBase, inAttributesLength); - - RefPointer search; - RefPointer record; - RefPointer key; - CssmData outData; //OutputData outData(data, dataLength); - CssmDbRecordAttributeData *outAttrs; mach_msg_type_number_t outAttrsLength; - Server::database(db)->findFirst(*query, inAttributes, inAttributesLength, - getData ? &outData : NULL, key, search, record, outAttrs, outAttrsLength); - - // handle nothing-found case without exceptions - if (!record) { - *hRecord = noRecord; - *hSearch = noSearch; - *hKey = noKey; - } else { - // return handles - *hRecord = record->handle(); - *hSearch = search->handle(); - *hKey = key ? key->handle() : noKey; - - // return attributes (assumes relocated flat blob) - flips(outAttrs, outAttributes, outAttributesBase); - *outAttributesLength = outAttrsLength; - - // return data (temporary fix) - if (getData) { - *data = outData.data(); - *dataLength = outData.length(); - } - } - END_IPC(DL) -} - -kern_return_t ucsp_server_decrypt(UCSP_ARGS, CONTEXT_ARGS, KeyHandle keyh, - DATA_IN(cipher), DATA_OUT(clear)) -{ - BEGIN_IPC - SecuritydDataSave td("/var/tmp/securityd_Context_decrypt"); // XXX/gh get sample Context for XDR testing - relocate(context, contextBase, attributes, attrSize); - // save attributes base addr for backwards compatibility - intptr_t attraddr = reinterpret_cast(&context->ContextAttributes); - td.writeContext(&context, attraddr, attrSize); - RefPointer key = Server::key(keyh); - OutputData clearOut(clear, clearLength); - key->database().decrypt(context, *key, DATA(cipher), clearOut); - END_IPC(CSP) -} - -// ... - -kern_return_t ucsp_server_getAcl(UCSP_ARGS, AclKind kind, KeyHandle key, - boolean_t haveTag, const char *tag, - uint32 *countp, COPY_OUT(AclEntryInfo, acls)) -{ - BEGIN_IPC - uint32 count; - AclEntryInfo *aclList; - Server::aclBearer(kind, key).getAcl(haveTag ? tag : NULL, count, aclList); - *countp = count; - Copier aclsOut(aclList, count); // make flat copy - - { // release the chunked memory originals - ChunkFreeWalker free; - for (uint32 n = 0; n < count; n++) - walk(free, aclList[n]); - - // release the memory allocated for the list itself when we are done - Allocator::standard().free (aclList); - } - - // set result (note: this is *almost* flips(), but on an array) - *aclsLength = aclsOut.length(); - *acls = *aclsBase = aclsOut; - if (flipClient()) { - FlipWalker w; - for (uint32 n = 0; n < count; n++) - walk(w, (*acls)[n]); - w.doFlips(); - Flippers::flip(*aclsBase); - } - SecuritydDataSave sds("/var/tmp/AclEntryInfo_getAcl"); - sds.writeAclEntryInfo(*acls, *aclsLength); - Server::releaseWhenDone(aclsOut.keep()); - END_IPC(CSP) -} - -kern_return_t ucsp_server_changeAcl(UCSP_ARGS, AclKind kind, KeyHandle key, - COPY_IN(AccessCredentials, cred), CSSM_ACL_EDIT_MODE mode, CSSM_ACL_HANDLE handle, - COPY_IN(AclEntryInput, acl)) -{ - BEGIN_IPC - relocate(cred, credBase, credLength); - relocate(acl, aclBase, aclLength); - SecuritydDataSave sds("/var/tmp/AclEntryInput_changeAcl"); - sds.writeAclEntryInput(acl, aclLength); - Server::aclBearer(kind, key).changeAcl(AclEdit(mode, handle, acl), cred); - END_IPC(CSP) -} - -#endif /* 0 -- example code */ diff --git a/SecurityTests/xdr_rpc/securityd_data_saver.h b/SecurityTests/xdr_rpc/securityd_data_saver.h deleted file mode 100644 index 0464ba6c..00000000 --- a/SecurityTests/xdr_rpc/securityd_data_saver.h +++ /dev/null @@ -1,208 +0,0 @@ -/* - * Copyright (c) 2006 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -#ifndef _SECURITYD_DATA_SAVER_H_ -#define _SECURITYD_DATA_SAVER_H_ - -#include -#include -#include -#include - -// -// Possible enhancement: have class silently do nothing on write if the -// file already exists. This would keep us from writing > 1 of the given -// object. -// -// XXX/gh this should handle readPreamble() as well -// -class SecuritydDataSave: public Security::UnixPlusPlus::AutoFileDesc -{ -public: - // For x-platform consistency, sentry and version must be fixed-size - static const uint32_t sentry = 0x1234; // byte order sentry value - static const uint32_t version = 1; - // define type of data saved; naming convention is to strip CSSM_ - // most of these will probably never be used - enum - { - s32 = 32, // signed 32-bit - u32 = 33, // unsigned 32-bit - s64 = 64, - u64 = 65, - // leave some space: we might need to discriminate among the - // various integer types (although I can't see why we'd care to - // save them by themselves) - DATA = 1000, - GUID = 1001, - VERSION = 1002, - SUBSERVICE_UID = 1003, - NET_ADDRESS = 1004, - CRYPTO_DATA = 1005, - LIST = 1006, - LIST_ELEMENT = 1007, - TUPLE = 1008, - TUPLEGROUP = 1009, - SAMPLE = 1010, - SAMPLEGROUP = 1011, - MEMORY_FUNCS = 1012, - ENCODED_CERT = 1013, - PARSED_CERT = 1014, - CERT_PAIR = 1015, - CERTGROUP = 1016, - BASE_CERTS = 1017, - ACCESS_CREDENTIALS = 1018, - AUTHORIZATIONGROUP = 1019, - ACL_VALIDITY_PERIOD = 1020, - ACL_ENTRY_PROTOTYPE = 1021, - ACL_OWNER_PROTOTYPE = 1022, - ACL_ENTRY_INPUT = 1023, - RESOURCE_CONTROL_CONTEXT = 1024, - ACL_ENTRY_INFO = 1025, - ACL_EDIT = 1026, - FUNC_NAME_ADDR = 1027, - DATE = 1028, - RANGE = 1029, - QUERY_SIZE_DATA = 1030, - KEY_SIZE = 1031, - KEYHEADER = 1032, - KEY = 1033, - DL_DB_HANDLE = 1034, - CONTEXT_ATTRIBUTE = 1035, - CONTEXT = 1036, - PKCS1_OAEP_PARAMS = 1037, - CSP_OPERATIONAL_STATISTICS = 1038, - PKCS5_PBKDF1_PARAMS = 1039, - PKCS5_PBKDF2_PARAMS = 1040, - KEA_DERIVE_PARAMS = 1041, - TP_AUTHORITY_ID = 1042, - FIELD = 1043, - TP_POLICYINFO = 1044, - DL_DB_LIST = 1045, - TP_CALLERAUTH_CONTEXT = 1046, - ENCODED_CRL = 1047, - PARSED_CRL = 1048, - CRL_PAIR = 1049, - CRLGROUP = 1050, - FIELDGROUP = 1051, - EVIDENCE = 1052, - TP_VERIFY_CONTEXT = 1053, - TP_VERIFY_CONTEXT_RESULT = 1054, - TP_REQUEST_SET = 1055, - TP_RESULT_SET = 1056, - TP_CONFIRM_RESPONSE = 1057, - TP_CERTISSUE_INPUT = 1058, - TP_CERTISSUE_OUTPUT = 1059, - TP_CERTCHANGE_INPUT = 1060, - TP_CERTCHANGE_OUTPUT = 1061, - TP_CERTVERIFY_INPUT = 1062, - TP_CERTVERIFY_OUTPUT = 1063, - TP_CERTNOTARIZE_INPUT = 1064, - TP_CERTNOTARIZE_OUTPUT = 1065, - TP_CERTRECLAIM_INPUT = 1066, - TP_CERTRECLAIM_OUTPUT = 1067, - TP_CRLISSUE_INPUT = 1068, - TP_CRLISSUE_OUTPUT = 1069, - CERT_BUNDLE_HEADER = 1070, - CERT_BUNDLE = 1071, - DB_ATTRIBUTE_INFO = 1072, - DB_ATTRIBUTE_DATA = 1073, - DB_RECORD_ATTRIBUTE_INFO = 1074, - DB_RECORD_ATTRIBUTE_DATA = 1075, - DB_PARSING_MODULE_INFO = 1076, - DB_INDEX_INFO = 1077, - DB_UNIQUE_RECORD = 1078, - DB_RECORD_INDEX_INFO = 1079, - DBINFO = 1080, - SELECTION_PREDICATE = 1081, - QUERY_LIMITS = 1082, - QUERY = 1083, - DL_PKCS11_ATTRIBUTE = 1084, // a pointer - NAME_LIST = 1085, - DB_SCHEMA_ATTRIBUTE_INFO = 1086, - DB_SCHEMA_INDEX_INFO = 1087 - }; - static const int sdsFlags = O_RDWR|O_CREAT|O_APPEND; - -public: - SecuritydDataSave(const char *file) : AutoFileDesc(file, sdsFlags, 0644), mFile(file) - { - writePreamble(); - } - SecuritydDataSave(const SecuritydDataSave &sds) : AutoFileDesc(sds.fd()), mFile(sds.file()) { } - - ~SecuritydDataSave() { } - - const char *file() const { return mFile; } - - void writeContext(Security::Context *context, intptr_t attraddr, - mach_msg_type_number_t attrSize); - void writeAclEntryInfo(AclEntryInfo *acls, - mach_msg_type_number_t aclsLength); - void writeAclEntryInput(AclEntryInput *acl, - mach_msg_type_number_t aclLength); - void writeQuery(Security::CssmQuery *query, - mach_msg_type_number_t queryLength) - { - // finish the preamble - uint32_t dtype = QUERY; - writeAll(&dtype, sizeof(dtype)); - - writeDataWithBase(query, queryLength); - } - -private: - // slightly misleading, in that the saved data type is also part of the - // preamble but must be written by the appropriate write...() routine - void writePreamble() - { - uint32_t value = sentry; - writeAll(&value, sizeof(value)); - value = version; - writeAll(&value, sizeof(value)); - } - - // The usual pattern for data structures that include pointers is - // (1) let securityd relocate() the RPC-delivered raw data, thus - // transforming the raw data into walked (flattened) data - // (2) write the size of the data pointer - // (3) write the data pointer (for xdr_test reconstitution) - // (4) write the length (in bytes) of the flattened data, and finally - // (5) write the flattened data - // - // writeDataWithBase() does (2) - (5) - void writeDataWithBase(void *data, mach_msg_type_number_t datalen) - { - uint32_t ptrsize = sizeof(data); - writeAll(&ptrsize, sizeof(ptrsize)); - writeAll(&data, ptrsize); - writeAll(&datalen, sizeof(datalen)); - writeAll(data, datalen); - } - -private: - const char *mFile; -}; - - -#endif /* _SECURITYD_DATA_SAVER_H_ */ diff --git a/SecurityTests/xdr_rpc/xdr_test.cpp b/SecurityTests/xdr_rpc/xdr_test.cpp deleted file mode 100644 index a4c6684a..00000000 --- a/SecurityTests/xdr_rpc/xdr_test.cpp +++ /dev/null @@ -1,2676 +0,0 @@ -/* - * g++ -F/usr/local/SecurityPieces/Frameworks -g -Wall path/to/xdr_test.cpp - * -framework [securityd_client, security_cdsa_utilities, security_utilities] - * - * -W triggers a lot of warnings in Security code.... - */ -#include -#include /* bool_t */ -#include /* exit(3), malloc(3) */ -#include /* memcmp(3), memset(3), strdup(3) */ -#include /* open(2) */ -#include /* errno */ -#include /* read() */ -#include /* read() */ -#include /* read(), getopt(3) */ -#include -#include -#include -#include -#include -#include "securityd_data_saver.h" - -using Security::DataWalkers::Copier; - -const char *testString = "FOOBAR"; - -/* - * securityd is extremely sloppy about zeroing out data fields it doesn't - * use. It's unlikely that sloppiness will be cleaned up in one fell - * swoop, so we'll never be able to set this to 0; instead, search on the - * symbol name and selectively unbracket code as securityd is fixed. - */ -#define SECURITYD_SENDS_GARBAGE 1 - - -/* - * The securityd RPC protocol can't handle 64-bit quantities until both - * securityd itself and our XDR implementation do. Ergo, don't be tempted - * to make ALIGNMENT depend on __LP64__. - * - * ALIGNMENT and ALIGNUP borrowed from libsecurityd, sec_xdr.c. They - * really should be defined once in a more central location, like - * libsecurity_utilities. - */ -#define LP64_FULLY_SUPPORTED 0 - -#if LP64_FULLY_SUPPORTED -#define ALIGNMENT 8 -#else -#define ALIGNMENT 4 -#endif // LP64_FULLY_SUPPORTED - -#define ALIGNUP(LEN) (((LEN - 1) & ~(ALIGNMENT - 1)) + ALIGNMENT) -#define ALIGNSIZE(TYPE) ALIGNUP(sizeof(TYPE)) - -#define NULLCHECK(a, b, func) \ - if (!(a) && !(b))\ - return OK;\ - else if (!(a) && (b) || (a) && !(b))\ - {\ - fprintf(stderr, "%s (NULL and non-NULL parameter)\n", (func));\ - return MISMATCH;\ - } - -#define N_ITERS 3 /* # of encode/decode cycles */ - -#define OK 0 -#define XDR_ENCODE_ERROR -1 -#define XDR_DECODE_ERROR -2 -#define MISMATCH -3 -#define UNKNOWN_TYPE -4 /* invalid union discriminator */ -#define MEM_ERROR -10 -#define BAD_PARAM -11 -#define BAD_FILE -12 -#define BAD_READ -13 -#define READ_EOF -14 /* not an error per se */ -#define INCOMPATIBLE -98 /* input data format not recognized */ -#define NOT_IMPLEMENTED -99 - -/* This isn't publicly exposed */ -#ifdef __cplusplus -extern "C" { -extern unsigned long xdr_sizeof(xdrproc_t, void *); -} -#endif - -/* - * CSSM data structures of interest. Chosen either for their complexity - * (e.g., CSSM_CONTEXT) or their ubiquity (CSSM_DATA). - * - * CSSM_DATA - * CSSM_GUID - * CSSM_CRYPTO_DATA (possible callback) - * CSSM_LIST_ELEMENT (union) - * CSSM_LIST (pointers) - * CSSM_SAMPLEGROUP (array of CSSM_SAMPLEs) - * CSSM_DATE (fixed-size arrays handled via xdr_vector()) - * CSSM_KEY (heavily used) - * CSSM_DB_RECORD_ATTRIBUTE_DATA (exercises a lot of the above) - * CSSM_CONTEXT (exercises a lot of the above) - * AccessCredentials - * CSSM_AUTHORIZATIONGROUP - * CSSM_ACL_VALIDITY_PERIOD - * CSSM_ACL_ENTRY_PROTOTYPE - * CSSM_ACL_OWNER_PROTOTYPE - * CSSM_ACL_ENTRY_INPUT - * CSSM_ACL_ENTRY_INFO - * CSSM_QUERY - */ - -/* utility routines */ -bool_t xdr_stdio(void *data, xdrproc_t proc, enum xdr_op op); /* XXX/gh needed? */ -bool_t xdr_mem_encode(void *input, void **output, u_int *outlen, - xdrproc_t proc); -bool_t xdr_mem_decode(void *input, void *output, u_int bytesNeeded, - xdrproc_t proc); -void flip(uint8_t *addr, size_t size); -int readPreamble(int fd, uint32_t *doflip, uint32_t *vers, uint32_t *type); -int fill_CSSM_CONTEXT_ATTRIBUTE(CSSM_CONTEXT_ATTRIBUTE *attr, - CSSM_ATTRIBUTE_TYPE type, - uint32_t attrlen, - void *attrval); - -/* byte reordering routines */ -void hostorder_CSSM_DATA(CSSM_DATA *data, off_t offset); -void hostorder_CSSM_GUID(CSSM_GUID *guid); -void hostorder_CSSM_VERSION(CSSM_VERSION *version); -void hostorder_CSSM_SUBSERVICE_UID(CSSM_SUBSERVICE_UID *ssuid); -void hostorder_CSSM_CRYPTO_DATA(CSSM_CRYPTO_DATA *crypto, off_t offset); -void hostorder_CSSM_LIST(CSSM_LIST *list, off_t offset); -void hostorder_CSSM_LIST_ELEMENT(CSSM_LIST_ELEMENT *element, off_t offset); -void hostorder_CSSM_SAMPLE(CSSM_SAMPLE *sample, off_t offset); -void hostorder_CSSM_SAMPLEGROUP(CSSM_SAMPLEGROUP *sgrp, off_t offset); -void hostorder_CSSM_ENCODED_CERT(CSSM_ENCODED_CERT *cert, off_t offset); -void hostorder_CSSM_CERTGROUP(CSSM_CERTGROUP *grp, off_t offset); -void hostorder_CSSM_BASE_CERTS(CSSM_BASE_CERTS *certs, off_t offset); -void hostorder_CSSM_ACCESS_CREDENTIALS(CSSM_ACCESS_CREDENTIALS *creds, - off_t offset); -void hostorder_CSSM_AUTHORIZATIONGROUP(CSSM_AUTHORIZATIONGROUP *grp, - off_t offset); -void hostorder_CSSM_ACL_VALIDITY_PERIOD(CSSM_ACL_VALIDITY_PERIOD *period, - off_t offset); -void hostorder_CSSM_ACL_ENTRY_PROTOTYPE(CSSM_ACL_ENTRY_PROTOTYPE *proto, - off_t offset); -void hostorder_CSSM_ACL_OWNER_PROTOTYPE(CSSM_ACL_OWNER_PROTOTYPE *proto, - off_t offset); -void hostorder_CSSM_ACL_ENTRY_INPUT(CSSM_ACL_ENTRY_INPUT *input, off_t offset); -void hostorder_CSSM_ACL_ENTRY_INFO(CSSM_ACL_ENTRY_INFO *info, off_t offset); -void hostorder_CSSM_KEYHEADER(CSSM_KEYHEADER *key); -void hostorder_CSSM_KEY(CSSM_KEY *key, off_t offset); -void hostorder_CSSM_DL_DB_HANDLE(CSSM_DL_DB_HANDLE *handle); -void hostorder_CSSM_RANGE(CSSM_RANGE *range); -void hostorder_CSSM_CONTEXT_ATTRIBUTE(CSSM_CONTEXT_ATTRIBUTE *attr, - off_t offset); -void hostorder_CSSM_CONTEXT(CSSM_CONTEXT *ctx, CSSM_CONTEXT_ATTRIBUTE *attrs); -void hostorder_CSSM_OID(CSSM_OID *oid, off_t offset); -void hostorder_CSSM_DB_ATTRIBUTE_INFO(CSSM_DB_ATTRIBUTE_INFO *attrinfo, - off_t offset); -void hostorder_CSSM_DB_ATTRIBUTE_DATA(CSSM_DB_ATTRIBUTE_DATA *attrdata, - off_t offset); -void hostorder_CSSM_SELECTION_PREDICATE(CSSM_SELECTION_PREDICATE *pred, - off_t offset); -void hostorder_CSSM_QUERY_LIMITS(CSSM_QUERY_LIMITS *limits); -void hostorder_CSSM_QUERY(CSSM_QUERY *range, off_t offset); - -/* comparators */ -int compare_CSSM_DATA(CSSM_DATA *data1, CSSM_DATA *data2); -int compare_CSSM_SUBSERVICE_UID(const CSSM_SUBSERVICE_UID *ssuid1, - const CSSM_SUBSERVICE_UID *ssuid2); -int compare_CSSM_CRYPTO_DATA(CSSM_CRYPTO_DATA *data1, CSSM_CRYPTO_DATA *data2); -int compare_CSSM_LIST(const CSSM_LIST *list1, const CSSM_LIST *list2); -int compare_CSSM_SAMPLE(const CSSM_SAMPLE *sample1, const CSSM_SAMPLE *sample2); -int compare_CSSM_SAMPLEGROUP(CSSM_SAMPLEGROUP *sgrp1, CSSM_SAMPLEGROUP *sgrp2); -int compare_CSSM_ENCODED_CERT(CSSM_ENCODED_CERT *cert1, - CSSM_ENCODED_CERT *cert2); -int compare_CSSM_CERTGROUP(CSSM_CERTGROUP *grp1, CSSM_CERTGROUP *grp2); -int compare_CSSM_BASE_CERTS(CSSM_BASE_CERTS *bases1, CSSM_BASE_CERTS *bases2); -int compare_CSSM_ACCESS_CREDENTIALS(CSSM_ACCESS_CREDENTIALS *creds1, - CSSM_ACCESS_CREDENTIALS *creds2); -int compare_CSSM_AUTHORIZATIONGROUP(CSSM_AUTHORIZATIONGROUP *grp1, - CSSM_AUTHORIZATIONGROUP *grp2); -int compare_CSSM_ACL_VALIDITY_PERIOD(CSSM_ACL_VALIDITY_PERIOD *period1, - CSSM_ACL_VALIDITY_PERIOD *period2); -int compare_CSSM_ACL_ENTRY_PROTOTYPE(CSSM_ACL_ENTRY_PROTOTYPE *proto1, - CSSM_ACL_ENTRY_PROTOTYPE *proto2, - int skipGarbage); -int compare_CSSM_ACL_OWNER_PROTOTYPE(CSSM_ACL_OWNER_PROTOTYPE *proto1, - CSSM_ACL_OWNER_PROTOTYPE *proto2); -int compare_CSSM_ACL_ENTRY_INPUT(CSSM_ACL_ENTRY_INPUT *input1, - CSSM_ACL_ENTRY_INPUT *input2); -int compare_CSSM_ACL_ENTRY_INFO(CSSM_ACL_ENTRY_INFO *info1, - CSSM_ACL_ENTRY_INFO *info2); -int compare_CSSM_DATE(CSSM_DATE *date1, CSSM_DATE *date2); -int compare_CSSM_KEYHEADER(CSSM_KEYHEADER *hdr1, CSSM_KEYHEADER *hdr2); -int compare_CSSM_KEY(CSSM_KEY *key1, CSSM_KEY *key2); -int compare_CSSM_RANGE(CSSM_RANGE *range1, CSSM_RANGE *range2); -int compare_CSSM_CONTEXT_ATTRIBUTE(CSSM_CONTEXT_ATTRIBUTE *attr1, - CSSM_CONTEXT_ATTRIBUTE *attr2); -int compare_CSSM_OID(CSSM_OID *oid1, CSSM_OID *oid2); -int compare_CSSM_CONTEXT(CSSM_CONTEXT *ctx1, CSSM_CONTEXT *ctx2); -int compare_CSSM_DB_ATTRIBUTE_INFO(CSSM_DB_ATTRIBUTE_INFO *attrinfo1, - CSSM_DB_ATTRIBUTE_INFO *attrinfo2); -int compare_CSSM_DB_ATTRIBUTE_DATA(CSSM_DB_ATTRIBUTE_DATA *attrdata1, - CSSM_DB_ATTRIBUTE_DATA *attrdata2); -int compare_CSSM_SELECTION_PREDICATE(CSSM_SELECTION_PREDICATE *pred1, - CSSM_SELECTION_PREDICATE *pred2); -int compare_CSSM_QUERY_LIMITS(CSSM_QUERY_LIMITS *limits1, - CSSM_QUERY_LIMITS *limits2); -int compare_CSSM_QUERY(CSSM_QUERY *query1, CSSM_QUERY *query2); - -CSSM_RETURN dummyCSSMCallback(CSSM_DATA *data, void *context); -CSSM_RETURN dummyACLSubjectCallback(const CSSM_LIST *subjectRequest, - void *callerContext, - const CSSM_MEMORY_FUNCS *MemFuncs); - -/* the actual test functions */ -int test_CSSM_DB_RECORD_ATTRIBUTE_DATA(const char *srcfile); /* TODO/gh */ -int test_xdrwalk_CSSM_CONTEXT(CSSM_CONTEXT *ctx, int dbglvl); -int test_CSSM_CONTEXT(int fd, int doflip, int dbglvl); -int test_xdrwalk_CSSM_ACL_OWNER_PROTOTYPE(CSSM_ACL_OWNER_PROTOTYPE *aclOwnerPrototype, int dbglvl); -int test_CSSM_ACL_OWNER_PROTOTYPE(int fd, int doflip, int dbglvl); -int test_xdrwalk_CSSM_ACL_ENTRY_INPUT(CSSM_ACL_ENTRY_INPUT *aclEntryInput, - int dbglvl); -int test_CSSM_ACL_ENTRY_INPUT(int fd, int doflip, int dbglvl); -int test_xdrwalk_CSSM_ACL_ENTRY_INFO(CSSM_ACL_ENTRY_INFO *aclEntryInfo, - int dbglvl); -int test_CSSM_ACL_ENTRY_INFO(int fd, int doflip, int dbglvl); -int test_xdrwalk_CSSM_QUERY(CSSM_QUERY *query, int dbglvl); -int test_CSSM_QUERY(int fd, int doflip, int dbglvl); - - -/************************************************************************** - * misc utility functions - **************************************************************************/ - -/* XXX/gh needed? */ -/* XXX/gh should "data" be a uint8_t *? */ -bool_t xdr_stdio(void *data, xdrproc_t proc, enum xdr_op op) -{ - XDR xdr; - /* should we call xdrstdio_create(...,..., XDR_FREE) when done? */ - xdrstdio_create(&xdr, stdout, op); - if (proc(&xdr, data)) - return (FALSE); - return (TRUE); -} - -/* note no error-checking of parameters */ -bool_t xdr_mem_encode(void *input, void **output, u_int *outlen, - xdrproc_t proc) -{ - XDR xdr; - char *data; - u_int length; - - length = xdr_sizeof(proc, input); - if ((data = (char *)malloc(length)) == NULL) - { - fprintf(stderr, "xdr_mem_encode(): malloc() error\n"); - return (FALSE); - } - xdrmem_create(&xdr, data, length, XDR_ENCODE); - if (!proc(&xdr, input)) - { - fprintf(stderr, "xdr_mem_encode(): XDR error\n"); - free(data); - return (FALSE); - } - *output = data; - if (outlen) - *outlen = length; - return (TRUE); -} - -/* note no error-checking of parameters */ -bool_t xdr_mem_decode(void *input, void *output, u_int bytesNeeded, - xdrproc_t proc) -{ - XDR xdr; - - xdrmem_create(&xdr, (char *)input, bytesNeeded, XDR_DECODE); - if (!proc(&xdr, output)) - return (FALSE); - return (TRUE); -} - -/* - * Because sometimes ntoh*() isn't enough. Stolen from securityd and - * slightly modified to avoid type dependencies. - */ -void flip(void *inaddr, size_t size) -{ - uint8 *addr = reinterpret_cast(inaddr); - size_t n; - - assert(size > 1 && (size % 2 == 0)); - uint8_t *word = addr; - for (n = 0; n < size/2; n++) - { - uint8_t b = word[n]; - word[n] = word[size-1-n]; - word[size-1-n] = b; - } -} - -/* - * note that if this returns prematurely, you can make no assumption about - * the value of "doflip," "vers," or "type" - */ -int readPreamble(int fd, uint32_t *doflip, uint32_t *vers, uint32_t *type) -{ - const char *func = "readPreamble()"; - uint32_t value; - ssize_t bytesRead; - - /* byte order sentry value */ - if ((bytesRead = read(fd, &value, sizeof(value))) != sizeof(value)) - { - if (bytesRead == 0) - return READ_EOF; - fprintf(stderr, "%s: error reading byte order sentry\n", func); - return BAD_READ; - } - if (value == SecuritydDataSave::sentry) - *doflip = 0; - else if (value == 0x34120000) - *doflip = 1; - else - { - fprintf(stderr, "%s: unrecognized sentry value %d\n", func, value); - return INCOMPATIBLE; - } - - /* version info (for this disk-saving protocol) */ - if (read(fd, &value, sizeof(value)) != sizeof(value)) - { - fprintf(stderr, "%s: error reading data format version\n", func); - return BAD_READ; - } - if (*doflip) - flip(&value, sizeof(value)); - *vers = value; - - switch(*vers) - { - case 1: - /* type of record */ - if (read(fd, &value, sizeof(value)) != sizeof(value)) - { - fprintf(stderr, "%s: error reading data type\n", func); - return BAD_READ; - } - if (*doflip) - flip(&value, sizeof(value)); - *type = value; - break; - default: - fprintf(stderr, "%s: incompatible version (expected <= %d, got %d)\n", - func, SecuritydDataSave::version, *vers); - return INCOMPATIBLE; - break; - } - return OK; -} - -int fill_CSSM_CONTEXT_ATTRIBUTE(CSSM_CONTEXT_ATTRIBUTE *attr, - CSSM_ATTRIBUTE_TYPE type, - uint32_t attrlen, - void *attrval) -{ - if (!attr || !attrval) - return BAD_PARAM; - attr->AttributeType = type; - attr->AttributeLength = attrlen; - /* XXX copy instead of assigning */ - switch (type & CSSM_ATTRIBUTE_TYPE_MASK) - { - case CSSM_ATTRIBUTE_DATA_UINT32: - attr->Attribute.Uint32 = *(reinterpret_cast(attrval)); - break; - case CSSM_ATTRIBUTE_DATA_CSSM_DATA: - attr->Attribute.Data = (CSSM_DATA_PTR)attrval; - break; - case CSSM_ATTRIBUTE_DATA_CRYPTO_DATA: - attr->Attribute.CryptoData = (CSSM_CRYPTO_DATA_PTR)attrval; - break; - case CSSM_ATTRIBUTE_DATA_KEY: - attr->Attribute.Key = (CSSM_KEY_PTR)attrval; - break; - case CSSM_ATTRIBUTE_DATA_STRING: - attr->Attribute.String = (char *)attrval; - break; - case CSSM_ATTRIBUTE_DATA_DATE: - attr->Attribute.Date = (CSSM_DATE_PTR)attrval; - break; - case CSSM_ATTRIBUTE_DATA_RANGE: - attr->Attribute.Range = (CSSM_RANGE_PTR)attrval; - break; - case CSSM_ATTRIBUTE_DATA_ACCESS_CREDENTIALS: - attr->Attribute.AccessCredentials = (CSSM_ACCESS_CREDENTIALS_PTR)attrval; - break; - case CSSM_ATTRIBUTE_DATA_VERSION: - attr->Attribute.Version = (CSSM_VERSION_PTR)attrval; - break; - case CSSM_ATTRIBUTE_DATA_DL_DB_HANDLE: - attr->Attribute.DLDBHandle = (CSSM_DL_DB_HANDLE_PTR)attrval; - break; - /* _KR_PROFILE not supported? */ - default: - return BAD_PARAM; - } - return OK; -} - - -/************************************************************************** - * These do their best to handle byte-ordering issues. - * - * Note that pointers are generally (maybe always) byte-order swapped in - * these routines, since you generally need to do some kind of arithmetic - * with them (relocation). - **************************************************************************/ - -void hostorder_CSSM_DATA(CSSM_DATA *data, off_t offset) -{ - intptr_t newaddr; /* for readability */ - - if (!data) return; - flip(&data->Length, sizeof(data->Length)); - if (data->Data) - { - flip(&data->Data, sizeof(data->Data)); - newaddr = reinterpret_cast(data->Data) + offset; - data->Data = reinterpret_cast(newaddr); - } -} - -void hostorder_CSSM_GUID(CSSM_GUID *guid) -{ - if (!guid) return; - flip(&guid->Data1, sizeof(guid->Data1)); - flip(&guid->Data2, sizeof(guid->Data2)); - flip(&guid->Data3, sizeof(guid->Data3)); -} - -void hostorder_CSSM_VERSION(CSSM_VERSION *version) -{ - if (!version) return; - flip(&version->Major, sizeof(version->Major)); - flip(&version->Minor, sizeof(version->Minor)); -} - -void hostorder_CSSM_SUBSERVICE_UID(CSSM_SUBSERVICE_UID *ssuid) -{ - if (!ssuid) return; - hostorder_CSSM_GUID(&ssuid->Guid); - hostorder_CSSM_VERSION(&ssuid->Version); - flip(&ssuid->SubserviceId, sizeof(ssuid->SubserviceId)); - flip(&ssuid->SubserviceType, sizeof(ssuid->SubserviceType)); -} - -void hostorder_CSSM_CRYPTO_DATA(CSSM_CRYPTO_DATA *crypto, off_t offset) -{ - if (!crypto) return; - hostorder_CSSM_DATA(&crypto->Param, offset); - flip(&crypto->Callback, sizeof(crypto->Callback)); - flip(&crypto->CallerCtx, sizeof(crypto->CallerCtx)); -} - -void hostorder_CSSM_LIST(CSSM_LIST *list, off_t offset) -{ - CSSM_LIST_ELEMENT_PTR ptr; - intptr_t newaddr; /* for readability */ - - if (!list) return; - - flip(&list->ListType, sizeof(list->ListType)); - - if (list->Head) - { - flip(&list->Head, sizeof(list->Head)); - newaddr = reinterpret_cast(list->Head) + offset; - list->Head = reinterpret_cast(newaddr); - } - - if (list->Tail) - { - flip(&list->Tail, sizeof(list->Tail)); - newaddr = reinterpret_cast(list->Tail) + offset; - list->Tail = reinterpret_cast(newaddr); - } - - for (ptr = list->Head; ptr != NULL; ptr = ptr->NextElement) - { - hostorder_CSSM_LIST_ELEMENT(ptr, offset); - } -} - -void hostorder_CSSM_LIST_ELEMENT(CSSM_LIST_ELEMENT *element, off_t offset) -{ - intptr_t newaddr; /* for readability */ - - if (!element) return; - - if (element->NextElement) - { - flip(&element->NextElement, sizeof(element->NextElement)); - newaddr = reinterpret_cast(element->NextElement) + offset; - element->NextElement = reinterpret_cast(newaddr); - } - - flip(&element->WordID, sizeof(element->WordID)); - flip(&element->ElementType, sizeof(element->ElementType)); - switch (element->ElementType) - { - case CSSM_LIST_ELEMENT_DATUM: - hostorder_CSSM_DATA(&element->Element.Word, offset); - break; - case CSSM_LIST_ELEMENT_SUBLIST: - hostorder_CSSM_LIST(&element->Element.Sublist, offset); - break; - case CSSM_LIST_ELEMENT_WORDID: - break; - default: - fprintf(stderr, "hostorder_CSSM_LIST_ELEMENT() (unknown ListElement type)\n"); - } -} - -void hostorder_CSSM_SAMPLE(CSSM_SAMPLE *sample, off_t offset) -{ - CSSM_SUBSERVICE_UID *ptr; - - if (!sample) return; - hostorder_CSSM_LIST(&sample->TypedSample, offset); - if (sample->Verifier) - { - ptr = const_cast(sample->Verifier); - flip(&ptr, sizeof(CSSM_SUBSERVICE_UID *)); - sample->Verifier = reinterpret_cast(reinterpret_cast(ptr) + offset); - /* Verifier had better not be really and truly immutable... */ - hostorder_CSSM_SUBSERVICE_UID(const_cast(sample->Verifier)); - } -} - -void hostorder_CSSM_SAMPLEGROUP(CSSM_SAMPLEGROUP *sgrp, off_t offset) -{ - u_int i; - CSSM_SAMPLE *ptr; - - if (!sgrp) return; - flip(&sgrp->NumberOfSamples, sizeof(sgrp->NumberOfSamples)); - if (sgrp->Samples) - { - ptr = const_cast(sgrp->Samples); - flip(&ptr, sizeof(ptr)); - sgrp->Samples = reinterpret_cast(reinterpret_cast(ptr) + offset); - for (i = 0; i < sgrp->NumberOfSamples; ++i) - { - hostorder_CSSM_SAMPLE(const_cast(&sgrp->Samples[i]), offset); - } - } -} - -void hostorder_CSSM_ENCODED_CERT(CSSM_ENCODED_CERT *cert, off_t offset) -{ - if (!cert) return; - flip(&cert->CertType, sizeof(cert->CertType)); - flip(&cert->CertEncoding, sizeof(cert->CertEncoding)); - hostorder_CSSM_DATA(&cert->CertBlob, offset); -} - -void hostorder_CSSM_CERTGROUP(CSSM_CERTGROUP *grp, off_t offset) -{ - const char *func = "hostorder_CSSM_CERTGROUP()"; - intptr_t newaddr; /* for readability */ - u_int i; - - if (!grp) return; - flip(&grp->CertType, sizeof(grp->CertType)); - flip(&grp->CertEncoding, sizeof(grp->CertEncoding)); - flip(&grp->NumCerts, sizeof(grp->NumCerts)); - /* Any field in the union will do; CertList is the shortest to type */ - if (grp->GroupList.CertList) - { - flip(&grp->GroupList.CertList, sizeof(CSSM_DATA *)); - newaddr = reinterpret_cast(grp->GroupList.CertList) + offset; - grp->GroupList.CertList = reinterpret_cast(newaddr); - } - /* handled out of order of definition since for() loop depends on it */ - flip(&grp->CertGroupType, sizeof(grp->CertGroupType)); - - /* Note: we will crash if GroupList contains NULL and NumCerts > 0 */ - for (i = 0; i < grp->NumCerts; ++i) - { - char *err = NULL; - - switch (grp->CertGroupType) - { - case CSSM_CERTGROUP_DATA: - hostorder_CSSM_DATA(&grp->GroupList.CertList[i], offset); - break; - /* damned if I can find an example of the others */ - case CSSM_CERTGROUP_ENCODED_CERT: - /* See the cautionary note in compare_CSSM_CERTGROUP() */ - hostorder_CSSM_ENCODED_CERT(&grp->GroupList.EncodedCertList[i], - offset); - break; - case CSSM_CERTGROUP_PARSED_CERT: - err = "CSSM_CERTGROUP_PARSED_CERT unimplemented"; - break; - case CSSM_CERTGROUP_CERT_PAIR: - err = "CSSM_CERTGROUP_CERT_PAIR unimplemented"; - break; - default: - err = "unknown type"; - break; - } - if (err) - { - fprintf(stderr, "%s (%s)\n", func, err); - return; - } - } - flip(&grp->Reserved, sizeof(grp->Reserved)); - /* Depending on how Reserved is used, this code might be required - newaddr = reinterpret_cast(grp->Reserved) + offset; - grp->Reserved = reinterpret_cast(newaddr); - */ -} - -void hostorder_CSSM_BASE_CERTS(CSSM_BASE_CERTS *certs, off_t offset) -{ - if (!certs) return; - flip(&certs->TPHandle, sizeof(certs->TPHandle)); - flip(&certs->CLHandle, sizeof(certs->CLHandle)); - hostorder_CSSM_CERTGROUP(&certs->Certs, offset); -} - -void hostorder_CSSM_AUTHORIZATIONGROUP(CSSM_AUTHORIZATIONGROUP *grp, - off_t offset) -{ - intptr_t newaddr; /* for readability */ - uint32_t i; - - flip(&grp->NumberOfAuthTags, sizeof(grp->NumberOfAuthTags)); - if (grp->AuthTags) - { - flip(&grp->AuthTags, sizeof(grp->AuthTags)); - newaddr = reinterpret_cast(grp->AuthTags) + offset; - grp->AuthTags = reinterpret_cast(newaddr); - } - for (i = 0; i < grp->NumberOfAuthTags; ++i) - { - flip(&grp->AuthTags[i], sizeof(CSSM_ACL_AUTHORIZATION_TAG)); - } -} - -void hostorder_CSSM_ACL_VALIDITY_PERIOD(CSSM_ACL_VALIDITY_PERIOD *period, - off_t offset) -{ - hostorder_CSSM_DATA(&period->StartDate, offset); - hostorder_CSSM_DATA(&period->EndDate, offset); -} - -void hostorder_CSSM_ACL_OWNER_PROTOTYPE(CSSM_ACL_OWNER_PROTOTYPE *proto, - off_t offset) -{ - hostorder_CSSM_LIST(&proto->TypedSubject, offset); - flip(&proto->Delegate, sizeof(proto->Delegate)); -} - -void hostorder_CSSM_ACL_ENTRY_PROTOTYPE(CSSM_ACL_ENTRY_PROTOTYPE *proto, - off_t offset) -{ - hostorder_CSSM_LIST(&proto->TypedSubject, offset); - flip(&proto->Delegate, sizeof(proto->Delegate)); - hostorder_CSSM_AUTHORIZATIONGROUP(&proto->Authorization, offset); - hostorder_CSSM_ACL_VALIDITY_PERIOD(&proto->TimeRange, offset); -} - -void hostorder_CSSM_ACL_ENTRY_INPUT(CSSM_ACL_ENTRY_INPUT *input, off_t offset) -{ - hostorder_CSSM_ACL_ENTRY_PROTOTYPE(&input->Prototype, offset); - flip(&input->Callback, sizeof(input->Callback)); - flip(&input->CallerContext, sizeof(input->CallerContext)); -} - -void hostorder_CSSM_ACL_ENTRY_INFO(CSSM_ACL_ENTRY_INFO *info, off_t offset) -{ - hostorder_CSSM_ACL_ENTRY_PROTOTYPE(&info->EntryPublicInfo, offset); - flip(&info->EntryHandle, sizeof(info->EntryHandle)); -} - -void hostorder_CSSM_ACCESS_CREDENTIALS(CSSM_ACCESS_CREDENTIALS *creds, - off_t offset) -{ - if (!creds) return; - hostorder_CSSM_BASE_CERTS(&creds->BaseCerts, offset); - hostorder_CSSM_SAMPLEGROUP(&creds->Samples, offset); - flip(&creds->Callback, sizeof(creds->Callback)); - flip(&creds->CallerCtx, sizeof(creds->CallerCtx)); -} - -void hostorder_CSSM_KEYHEADER(CSSM_KEYHEADER *hdr) -{ - if (!hdr) return; - flip(&hdr->HeaderVersion, sizeof(hdr->HeaderVersion)); - flip(&hdr->BlobType, sizeof(hdr->BlobType)); - flip(&hdr->Format, sizeof(hdr->Format)); - flip(&hdr->AlgorithmId, sizeof(hdr->AlgorithmId)); - flip(&hdr->KeyClass, sizeof(hdr->KeyClass)); - flip(&hdr->LogicalKeySizeInBits, sizeof(hdr->LogicalKeySizeInBits)); - flip(&hdr->KeyAttr, sizeof(hdr->KeyAttr)); - flip(&hdr->KeyUsage, sizeof(hdr->KeyUsage)); - flip(&hdr->WrapAlgorithmId, sizeof(hdr->WrapAlgorithmId)); - flip(&hdr->WrapMode, sizeof(hdr->WrapMode)); - flip(&hdr->Reserved, sizeof(hdr->Reserved)); -} - -void hostorder_CSSM_KEY(CSSM_KEY *key, off_t offset) -{ - if (!key) return; - hostorder_CSSM_KEYHEADER(&key->KeyHeader); - hostorder_CSSM_DATA(&key->KeyData, offset); -} - -void hostorder_CSSM_DL_DB_HANDLE(CSSM_DL_DB_HANDLE *handle) -{ - if (!handle) return; - /* - * XXX/gh offset is needed if these values are being treated as - * as pointers! - */ - flip(&handle->DLHandle, sizeof(handle->DLHandle)); - flip(&handle->DBHandle, sizeof(handle->DBHandle)); -} - -void hostorder_CSSM_RANGE(CSSM_RANGE *range) -{ - if (!range) return; - flip(&range->Min, sizeof(range->Min)); - flip(&range->Max, sizeof(range->Max)); -} - -void hostorder_CSSM_CONTEXT_ATTRIBUTE(CSSM_CONTEXT_ATTRIBUTE *attr, - off_t offset) -{ - if (!attr) return; - flip(&attr->AttributeType, sizeof(attr->AttributeType)); - flip(&attr->AttributeLength, sizeof(attr->AttributeLength)); - if ((attr->AttributeType & CSSM_ATTRIBUTE_TYPE_MASK) == CSSM_ATTRIBUTE_DATA_UINT32) - { - flip(&attr->Attribute.Uint32, sizeof(attr->Attribute.Uint32)); - } - else - { - intptr_t newaddr; /* for readability */ - - /* any pointer accessor of the union will do */ - if (attr->Attribute.String) - { - flip(&attr->Attribute.String, sizeof(attr->Attribute.String)); - newaddr = reinterpret_cast(attr->Attribute.String) + offset; - attr->Attribute.String = reinterpret_cast(newaddr); - } - switch (attr->AttributeType & CSSM_ATTRIBUTE_TYPE_MASK) - { - case CSSM_ATTRIBUTE_DATA_CSSM_DATA: - hostorder_CSSM_DATA(attr->Attribute.Data, offset); - break; - case CSSM_ATTRIBUTE_DATA_CRYPTO_DATA: - hostorder_CSSM_CRYPTO_DATA(attr->Attribute.CryptoData, offset); - break; - case CSSM_ATTRIBUTE_DATA_KEY: - hostorder_CSSM_KEY(attr->Attribute.Key, offset); - break; - case CSSM_ATTRIBUTE_DATA_STRING: - case CSSM_ATTRIBUTE_DATA_DATE: - break; - case CSSM_ATTRIBUTE_DATA_RANGE: - hostorder_CSSM_RANGE(attr->Attribute.Range); - break; - case CSSM_ATTRIBUTE_DATA_ACCESS_CREDENTIALS: - hostorder_CSSM_ACCESS_CREDENTIALS(attr->Attribute.AccessCredentials, offset); - break; - case CSSM_ATTRIBUTE_DATA_VERSION: - hostorder_CSSM_VERSION(attr->Attribute.Version); - break; - case CSSM_ATTRIBUTE_DATA_DL_DB_HANDLE: - hostorder_CSSM_DL_DB_HANDLE(attr->Attribute.DLDBHandle); - break; - /* _KR_PROFILE not supported? */ - default: - fprintf(stderr, "hostorder_CSSM_CONTEXT_ATTRIBUTE(): unrecognized attribute type\n"); - } - } /* end if (CSSM_ATTRIBUTE_DATA_UINT32 */ -} - -void hostorder_CSSM_CONTEXT(CSSM_CONTEXT *ctx, CSSM_CONTEXT_ATTRIBUTE *attrs) -{ - off_t offset; - uint32_t i; - - if (!ctx) return; - flip(&ctx->ContextType, sizeof(ctx->ContextType)); - flip(&ctx->AlgorithmType, sizeof(ctx->AlgorithmType)); - flip(&ctx->NumberOfAttributes, sizeof(ctx->NumberOfAttributes)); - if (ctx->ContextAttributes) - { - flip(&ctx->ContextAttributes, sizeof(ctx->ContextAttributes)); - offset = reinterpret_cast(attrs) - reinterpret_cast(ctx->ContextAttributes); - ctx->ContextAttributes = reinterpret_cast(attrs); - } - for (i = 0; i < ctx->NumberOfAttributes; ++i) - { - hostorder_CSSM_CONTEXT_ATTRIBUTE(&ctx->ContextAttributes[i], offset); - } - flip(&ctx->CSPHandle, sizeof(ctx->CSPHandle)); - flip(&ctx->Privileged, sizeof(ctx->Privileged)); - flip(&ctx->EncryptionProhibited, sizeof(ctx->EncryptionProhibited)); - flip(&ctx->WorkFactor, sizeof(ctx->WorkFactor)); - flip(&ctx->Reserved, sizeof(ctx->Reserved)); -} - -void hostorder_CSSM_OID(CSSM_OID *oid, off_t offset) -{ - hostorder_CSSM_DATA(reinterpret_cast(oid), offset); -} - -void hostorder_CSSM_DB_ATTRIBUTE_INFO(CSSM_DB_ATTRIBUTE_INFO *attrinfo, - off_t offset) -{ - if (!attrinfo) return; - flip(&attrinfo->AttributeNameFormat, sizeof(attrinfo->AttributeNameFormat)); - switch(attrinfo->AttributeNameFormat) - { - case CSSM_DB_ATTRIBUTE_NAME_AS_STRING: - { - intptr_t newaddr; /* for readability */ - flip(&attrinfo->Label.AttributeName, sizeof(attrinfo->Label.AttributeName)); - newaddr = reinterpret_cast(attrinfo->Label.AttributeName) + offset; - attrinfo->Label.AttributeName = reinterpret_cast(newaddr); - break; - } - case CSSM_DB_ATTRIBUTE_NAME_AS_OID: - hostorder_CSSM_OID(&attrinfo->Label.AttributeOID, offset); - break; - case CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER: - flip(&attrinfo->Label.AttributeID, sizeof(attrinfo->Label.AttributeID)); - break; - default: - break; /* error, but no way to tell caller */ - } - flip(&attrinfo->AttributeFormat, sizeof(attrinfo->AttributeFormat)); -} - -void hostorder_CSSM_DB_ATTRIBUTE_DATA(CSSM_DB_ATTRIBUTE_DATA *attrdata, - off_t offset) -{ - uint32_t i; - - if (!attrdata) return; - hostorder_CSSM_DB_ATTRIBUTE_INFO(&attrdata->Info, offset); - flip(&attrdata->NumberOfValues, sizeof(attrdata->NumberOfValues)); - for (i = 0; i < attrdata->NumberOfValues; ++i) - { - hostorder_CSSM_DATA(&attrdata->Value[i], offset); - } -} - -void hostorder_CSSM_SELECTION_PREDICATE(CSSM_SELECTION_PREDICATE *pred, - off_t offset) -{ - if (!pred) return; - flip(&pred->DbOperator, sizeof(pred->DbOperator)); - hostorder_CSSM_DB_ATTRIBUTE_DATA(&pred->Attribute, offset); -} - -void hostorder_CSSM_QUERY_LIMITS(CSSM_QUERY_LIMITS *limits) -{ - if (!limits) return; - flip(&limits->TimeLimit, sizeof(limits->TimeLimit)); - flip(&limits->SizeLimit, sizeof(limits->SizeLimit)); -} - -void hostorder_CSSM_QUERY(CSSM_QUERY *query, off_t offset) -{ - uint32_t i; - - if (!query) return; - flip(&query->RecordType, sizeof(query->RecordType)); - flip(&query->Conjunctive, sizeof(query->Conjunctive)); - flip(&query->NumSelectionPredicates, sizeof(query->NumSelectionPredicates)); - if (query->SelectionPredicate) - { - intptr_t newaddr; /* for readability */ - - flip(&query->SelectionPredicate, sizeof(query->SelectionPredicate)); - newaddr = reinterpret_cast(query->SelectionPredicate) + offset; - query->SelectionPredicate = reinterpret_cast(newaddr); - } - for (i = 0; i < query->NumSelectionPredicates; ++i) - { - hostorder_CSSM_SELECTION_PREDICATE(&query->SelectionPredicate[i], offset); - } - hostorder_CSSM_QUERY_LIMITS(&query->QueryLimits); - flip(&query->QueryFlags, sizeof(query->QueryFlags)); -} - - -/************************************************************************** - * Comparators--data integrity checking routines. - * - * Each comparator compares two of the same high-level data structure, one - * of which is presumed to have been through at least one - * encoding/decoding cycle; these comparators check for errors introduced - * during that cycle. - * - * TODO/gh A hand-crafted function per type seems sloppy, not well thought - * out. I bet I could leverage part of the walker machinery to create a - * more elegant solution (a "comparison walker," anyone?). Whether the - * result would be maintainable is, of course, a different question.... - **************************************************************************/ - -int compare_CSSM_DATA(CSSM_DATA *data1, CSSM_DATA *data2) -{ - const char *func = "compare_CSSM_DATA()"; - - NULLCHECK(data1, data2, func); - if (data1->Length != data2->Length || - memcmp(data1->Data, data2->Data, data1->Length)) - { - fprintf(stderr, "%s (mismatch)\n", func); - return MISMATCH; - } - return OK; -} - -int compare_CSSM_SUBSERVICE_UID(const CSSM_SUBSERVICE_UID *ssuid1, - const CSSM_SUBSERVICE_UID *ssuid2) -{ - const char *func = "compare_CSSM_SUBSERVICE_UID()"; - - NULLCHECK(ssuid1, ssuid2, func); - if (memcmp(&ssuid1->Guid, &ssuid2->Guid, sizeof(CSSM_GUID)) || - memcmp(&ssuid1->Version, &ssuid2->Version, sizeof(CSSM_VERSION)) || - ssuid1->SubserviceId != ssuid2->SubserviceId || - ssuid1->SubserviceType != ssuid2->SubserviceType) - { - fprintf(stderr, "%s (mismatch)\n", func); - return MISMATCH; - } - return OK; -} - -int compare_CSSM_CRYPTO_DATA(CSSM_CRYPTO_DATA *data1, CSSM_CRYPTO_DATA *data2) -{ - const char *func = "compare_CSSM_CRYPTO_DATA()"; - int ret; - - NULLCHECK(data1, data2, func); - if ((ret = compare_CSSM_DATA(&data1->Param, &data2->Param)) != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - if (data1->Callback != data2->Callback || - data1->CallerCtx != data2->CallerCtx) - { - fprintf(stderr, "%s (mismatch)\n", func); - return MISMATCH; - } - return OK; -} - -int compare_CSSM_LIST(const CSSM_LIST *list1, const CSSM_LIST *list2) -{ - const char *func = "compare_CSSM_LIST()"; - CSSM_LIST_ELEMENT_PTR p1, p2; - int ret; - - NULLCHECK(list1, list2, func); - if (list1->ListType != list2->ListType) - { - fprintf(stderr, "%s (ListType)\n", func); - return MISMATCH; - } - for (p1 = list1->Head, p2 = list2->Head; - p1 != NULL && p2 != NULL; - p1 = p1->NextElement, p2 = p2->NextElement) - { - if (p1->ElementType != p2->ElementType) - { - fprintf(stderr, "%s (ListElements' ElementType)\n", func); - return MISMATCH; - } - switch (p1->ElementType) - { - case CSSM_LIST_ELEMENT_DATUM: - ret = compare_CSSM_DATA(&p1->Element.Word, &p2->Element.Word); - if (ret != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - break; - case CSSM_LIST_ELEMENT_SUBLIST: - ret = compare_CSSM_LIST(&p1->Element.Sublist, &p2->Element.Sublist); - if (ret != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - break; - case CSSM_LIST_ELEMENT_WORDID: - if (p1->WordID != p2->WordID) - { - fprintf(stderr, "%s (ListElements' WordID)\n", func); - return MISMATCH; - } - break; - default: - fprintf(stderr, "%s (unknown ListElement type)\n", func); - return UNKNOWN_TYPE; - } - if ((p1->NextElement == NULL && p1 != list1->Tail) || - (p2->NextElement == NULL && p2 != list2->Tail)) - { - fprintf(stderr, "%s (tail mismatch)\n", func); - return MISMATCH; - } - } - if (p1 != NULL || p2 != NULL) /* lists didn't both terminate */ - { - fprintf(stderr, "%s (unequal lists)\n", func); - return MISMATCH; - } - return OK; -} - -int compare_CSSM_SAMPLE(const CSSM_SAMPLE *sample1, const CSSM_SAMPLE *sample2) -{ - const char *func = "compare_CSSM_SAMPLE()"; - int ret; - - NULLCHECK(sample1, sample2, func); - ret = compare_CSSM_LIST(&sample1->TypedSample, &sample2->TypedSample); - if (ret != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - if (sample1->Verifier && sample2->Verifier) - { - ret = compare_CSSM_SUBSERVICE_UID(sample1->Verifier, sample2->Verifier); - if (ret != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - } - else if (sample1->Verifier && !sample2->Verifier || - !sample1->Verifier && sample2->Verifier) - { - fprintf(stderr, "%s (Verifier mismatch)\n", func); - return MISMATCH; - } - return OK; -} - -int compare_CSSM_SAMPLEGROUP(CSSM_SAMPLEGROUP *sgrp1, CSSM_SAMPLEGROUP *sgrp2) -{ - const char *func = "compare_CSSM_SAMPLEGROUP()"; - int ret; - u_int i; - - NULLCHECK(sgrp1, sgrp2, func); - if (sgrp1->NumberOfSamples != sgrp2->NumberOfSamples) - { - fprintf(stderr, "%s (NumberOfSamples mismatch)\n", func); - return MISMATCH; - } - for (i = 0; i < sgrp1->NumberOfSamples; ++i) - { - ret = compare_CSSM_SAMPLE(&sgrp1->Samples[i], &sgrp2->Samples[i]); - if (ret != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - } - return OK; -} - -int compare_CSSM_ENCODED_CERT(CSSM_ENCODED_CERT *cert1, - CSSM_ENCODED_CERT *cert2) -{ - const char *func = "compare_CSSM_ENCODED_CERT()"; - int ret; - - NULLCHECK(cert1, cert2, func); - if (cert1->CertType != cert2->CertType || - cert1->CertEncoding != cert2->CertEncoding) - { - fprintf(stderr, "%s (mismatch)\n", func); - return MISMATCH; - } - if ((ret = compare_CSSM_DATA(&cert1->CertBlob, &cert2->CertBlob)) != OK) - fprintf(stderr, "%s\n", func); - return ret; -} - -int compare_CSSM_CERTGROUP(CSSM_CERTGROUP *grp1, CSSM_CERTGROUP *grp2) -{ - const char *func = "compare_CSSM_CERTGROUP()"; - int ret; - u_int i; - - NULLCHECK(grp1, grp2, func); - if (grp1->CertType != grp2->CertType || - grp1->CertEncoding != grp2->CertEncoding || - grp1->NumCerts != grp2->NumCerts || - grp1->CertGroupType != grp2->CertGroupType || - grp1->Reserved != grp2->Reserved) - { - fprintf(stderr, "%s (mismatch)\n", func); - return MISMATCH; - } - for (i = 0; i < grp1->NumCerts; ++i) - { - char *err = NULL; - - switch (grp1->CertGroupType) - { - case CSSM_CERTGROUP_DATA: - ret = compare_CSSM_DATA(&grp1->GroupList.CertList[i], - &grp2->GroupList.CertList[i]); - break; - /* damned if I can find an example of the others */ - case CSSM_CERTGROUP_ENCODED_CERT: - /* - * This is apparently in use (see CertGroup in - * cdsa_utilities, cssmcert.{cpp,h}), but it's just a - * guess that it's implemented in the same way as - * CSSM_CERTGROUP_DATA... - */ - ret = compare_CSSM_ENCODED_CERT(&grp1->GroupList.EncodedCertList[i], - &grp2->GroupList.EncodedCertList[i]); - break; - case CSSM_CERTGROUP_PARSED_CERT: - err = "CSSM_CERTGROUP_PARSED_CERT unimplemented"; - ret = NOT_IMPLEMENTED; - break; - case CSSM_CERTGROUP_CERT_PAIR: - err = "CSSM_CERTGROUP_CERT_PAIR unimplemented"; - ret = NOT_IMPLEMENTED; - break; - default: - err = "unknown type"; - ret = UNKNOWN_TYPE; - break; - } - if (ret != OK) - { - if (err) - fprintf(stderr, "%s (%s)\n", func, err); - else - fprintf(stderr, "%s\n", func); - return ret; - } - } - return OK; -} - -int compare_CSSM_BASE_CERTS(CSSM_BASE_CERTS *bases1, CSSM_BASE_CERTS *bases2) -{ - const char *func = "compare_CSSM_BASE_CERTS()"; - int ret; - - NULLCHECK(bases1, bases2, func); - if (bases1->TPHandle != bases2->TPHandle || - bases1->CLHandle != bases2->CLHandle) - { - fprintf(stderr, "%s (mismatch)\n", func); - return MISMATCH; - } - ret = compare_CSSM_CERTGROUP(&bases1->Certs, &bases2->Certs); - if (ret != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - return OK; -} - -int compare_CSSM_ACCESS_CREDENTIALS(CSSM_ACCESS_CREDENTIALS *creds1, - CSSM_ACCESS_CREDENTIALS *creds2) -{ - const char *func = "compare_CSSM_ACCESS_CREDENTIALS()"; - int ret; - - NULLCHECK(creds1, creds2, func); - if (memcmp(creds1->EntryTag, creds2->EntryTag, sizeof(CSSM_STRING)) || - creds1->Callback != creds2->Callback || - creds1->CallerCtx != creds2->CallerCtx) - { - fprintf(stderr, "%s (mismatch)\n", func); - return MISMATCH; - } - ret = compare_CSSM_BASE_CERTS(&creds1->BaseCerts, &creds2->BaseCerts); - if (ret != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - ret = compare_CSSM_SAMPLEGROUP(&creds1->Samples, &creds2->Samples); - if (ret != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - return OK; -} - -int compare_CSSM_AUTHORIZATIONGROUP(CSSM_AUTHORIZATIONGROUP *grp1, - CSSM_AUTHORIZATIONGROUP *grp2) -{ - const char *func = "compare_CSSM_AUTHORIZATIONGROUP()"; - - NULLCHECK(grp1, grp2, func); - if (grp1->NumberOfAuthTags != grp2->NumberOfAuthTags || - memcmp(grp1->AuthTags, grp2->AuthTags, grp1->NumberOfAuthTags*ALIGNSIZE(CSSM_ACL_AUTHORIZATION_TAG))) - { - fprintf(stderr, "%s (mismatch)\n", func); - return MISMATCH; - } - return OK; -} - -int compare_CSSM_ACL_VALIDITY_PERIOD(CSSM_ACL_VALIDITY_PERIOD *period1, - CSSM_ACL_VALIDITY_PERIOD *period2) -{ - const char *func = "compare_CSSM_ACL_VALIDITY_PERIOD()"; - int ret; - - NULLCHECK(period1, period2, func); - ret = compare_CSSM_DATA(&period1->StartDate, &period1->StartDate); - if (ret != OK) - { - fprintf(stderr, "%s (StartDate)\n", func); - return ret; - } - ret = compare_CSSM_DATA(&period1->EndDate, &period1->EndDate); - if (ret != OK) - fprintf(stderr, "%s (EndDate)\n", func); - return ret; -} - -int compare_CSSM_ACL_ENTRY_PROTOTYPE(CSSM_ACL_ENTRY_PROTOTYPE *proto1, - CSSM_ACL_ENTRY_PROTOTYPE *proto2, - int skipGarbage) -{ - const char *func = "compare_CSSM_ACL_ENTRY_PROTOTYPE()"; - int ret; - - NULLCHECK(proto1, proto2, func); - ret = compare_CSSM_LIST(&proto1->TypedSubject, &proto2->TypedSubject); - if (ret != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - if (!skipGarbage) - { - if (proto1->Delegate != proto2->Delegate) - { - fprintf(stderr, "%s (Delegate mismatch)\n", func); - return MISMATCH; - } - } - ret = compare_CSSM_AUTHORIZATIONGROUP(&proto1->Authorization, &proto2->Authorization); - if (ret != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - if (!skipGarbage) - { - ret = compare_CSSM_ACL_VALIDITY_PERIOD(&proto1->TimeRange, &proto2->TimeRange); - if (ret != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - } - if (memcmp(proto1->EntryTag, proto2->EntryTag, sizeof(CSSM_STRING))) - { - fprintf(stderr, "%s (EntryTag mismatch)\n", func); - return MISMATCH; - } - return OK; -} - -int compare_CSSM_ACL_OWNER_PROTOTYPE(CSSM_ACL_OWNER_PROTOTYPE *proto1, - CSSM_ACL_OWNER_PROTOTYPE *proto2) -{ - const char *func = "compare_CSSM_ACL_OWNER_PROTOTYPE()"; - - NULLCHECK(proto1, proto2, func); - int ret = compare_CSSM_LIST(&proto1->TypedSubject, &proto2->TypedSubject); - if (ret != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - if (proto1->Delegate != proto2->Delegate) - { - fprintf(stderr, "%s (Delegate mismatch)\n", func); - return MISMATCH; - } - return OK; -} - -int compare_CSSM_ACL_ENTRY_INPUT(CSSM_ACL_ENTRY_INPUT *input1, - CSSM_ACL_ENTRY_INPUT *input2) -{ - const char *func = "compare_CSSM_ACL_ENTRY_INPUT()"; - int ret, skipGarbage = 0; - - NULLCHECK(input1, input2, func); - ret = compare_CSSM_ACL_ENTRY_PROTOTYPE(&input1->Prototype, - &input2->Prototype, - skipGarbage); - if (ret != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - if (input1->Callback != input2->Callback || - input1->CallerContext != input2->CallerContext) - { - fprintf(stderr, "%s (mismatch)\n", func); - return MISMATCH; - } - return OK; -} - -int compare_CSSM_ACL_ENTRY_INFO(CSSM_ACL_ENTRY_INFO *info1, - CSSM_ACL_ENTRY_INFO *info2) -{ - const char *func = "compare_CSSM_ACL_ENTRY_INFO()"; - int ret, skipGarbage = 0; - - NULLCHECK(info1, info2, func); -#if SECURITYD_SENDS_GARBAGE - skipGarbage = 1; - /* fprintf(stderr, "%s: skipping garbage\n", func); */ -#endif - ret = compare_CSSM_ACL_ENTRY_PROTOTYPE(&info1->EntryPublicInfo, - &info2->EntryPublicInfo, - skipGarbage); - if (ret != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - if (info1->EntryHandle != info2->EntryHandle) - { - fprintf(stderr, "%s (EntryHandle mismatch)\n", func); - return MISMATCH; - } - return OK; -} - -int compare_CSSM_DATE(CSSM_DATE *date1, CSSM_DATE *date2) -{ - const char *func = "compare_CSSM_DATE()"; - - NULLCHECK(date1, date2, func); - if (memcmp(date1, date2, sizeof(CSSM_DATE))) - { - fprintf(stderr, "%s (mismatch)\n", func); - return MISMATCH; - } - return OK; -} - -int compare_CSSM_KEYHEADER(CSSM_KEYHEADER *hdr1, CSSM_KEYHEADER *hdr2) -{ - const char *func = "compare_CSSM_KEYHEADER()"; - int ret; - - NULLCHECK(hdr1, hdr2, func); - if (hdr1->HeaderVersion != hdr2->HeaderVersion || - memcmp(&hdr1->CspId, &hdr2->CspId, sizeof(CSSM_GUID)) || - hdr1->BlobType != hdr2->BlobType || - hdr1->Format != hdr2->Format || - hdr1->AlgorithmId != hdr2->AlgorithmId || - hdr1->KeyClass != hdr2->KeyClass || - hdr1->LogicalKeySizeInBits != hdr2->LogicalKeySizeInBits || - hdr1->KeyUsage != hdr2->KeyUsage || - hdr1->WrapAlgorithmId != hdr2->WrapAlgorithmId || - hdr1->WrapMode != hdr2->WrapMode || - hdr1->Reserved != hdr2->Reserved) - { - fprintf(stderr, "%s (mismatch)\n", func); - return MISMATCH; - } - if ((ret = compare_CSSM_DATE(&hdr1->StartDate, &hdr2->StartDate)) != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - if ((ret = compare_CSSM_DATE(&hdr1->EndDate, &hdr2->EndDate)) != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - return OK; -} - -int compare_CSSM_KEY(CSSM_KEY *key1, CSSM_KEY *key2) -{ - const char *func = "compare_CSSM_KEY()"; - int ret; - - NULLCHECK(key1, key2, func); - if ((ret = compare_CSSM_KEYHEADER(&key1->KeyHeader, &key1->KeyHeader)) != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - if ((ret = compare_CSSM_DATA(&key1->KeyData, &key2->KeyData)) != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - return OK; -} - -int compare_CSSM_RANGE(CSSM_RANGE *range1, CSSM_RANGE *range2) -{ - const char *func = "compare_CSSM_RANGE()"; - - NULLCHECK(range1, range2, func); - if (memcmp(range1, range2, sizeof(CSSM_RANGE))) - { - fprintf(stderr, "%s (mismatch)\n", func); - return MISMATCH; - } - return OK; -} - -int compare_CSSM_CONTEXT_ATTRIBUTE(CSSM_CONTEXT_ATTRIBUTE *attr1, - CSSM_CONTEXT_ATTRIBUTE *attr2) -{ - const char *func = "compare_CSSM_CONTEXT_ATTRIBUTE()"; - char *err = NULL; - int ret = OK; - - NULLCHECK(attr1, attr2, func); - if (attr1->AttributeType != attr2->AttributeType || - attr1->AttributeLength != attr2->AttributeLength) - { - fprintf(stderr, "%s (mismatch)\n", func); - return MISMATCH; - } - switch (attr1->AttributeType & CSSM_ATTRIBUTE_TYPE_MASK) - { - case CSSM_ATTRIBUTE_DATA_UINT32: - if (attr1->Attribute.Uint32 != attr2->Attribute.Uint32) - { - err = "Uint32 mismatch"; - ret = MISMATCH; - } - break; - case CSSM_ATTRIBUTE_DATA_CSSM_DATA: - ret = compare_CSSM_DATA(attr1->Attribute.Data, attr2->Attribute.Data); - break; - case CSSM_ATTRIBUTE_DATA_CRYPTO_DATA: - ret = compare_CSSM_CRYPTO_DATA(attr1->Attribute.CryptoData, attr2->Attribute.CryptoData); - break; - case CSSM_ATTRIBUTE_DATA_KEY: - ret = compare_CSSM_KEY(attr1->Attribute.Key, attr2->Attribute.Key); - break; - case CSSM_ATTRIBUTE_DATA_STRING: - if (memcmp(attr1->Attribute.String, attr2->Attribute.String, attr1->AttributeLength)) - { - err = "String mismatch"; - ret = MISMATCH; - } - break; - case CSSM_ATTRIBUTE_DATA_DATE: - ret = compare_CSSM_DATE(attr1->Attribute.Date, attr2->Attribute.Date); - break; - case CSSM_ATTRIBUTE_DATA_RANGE: - ret = compare_CSSM_RANGE(attr1->Attribute.Range, attr2->Attribute.Range); - break; - case CSSM_ATTRIBUTE_DATA_ACCESS_CREDENTIALS: - ret = compare_CSSM_ACCESS_CREDENTIALS(attr1->Attribute.AccessCredentials, - attr2->Attribute.AccessCredentials); - break; - case CSSM_ATTRIBUTE_DATA_VERSION: - if (memcmp(&attr1->Attribute.Version, &attr2->Attribute.Version, sizeof(CSSM_VERSION))) - { - err = "Version mismatch"; - ret = MISMATCH; - } - break; - case CSSM_ATTRIBUTE_DATA_DL_DB_HANDLE: - if (memcmp(&attr1->Attribute.DLDBHandle, &attr2->Attribute.DLDBHandle, sizeof(CSSM_DL_DB_HANDLE))) - { - err = "DLDBHandle mismatch"; - ret = MISMATCH; - } - break; - /* _PADDING and _KR_PROFILE not supported? */ - default: - err = "unknown type"; - ret = UNKNOWN_TYPE; - break; - } - if (ret != OK) - { - if (err) - fprintf(stderr, "%s (%s)\n", func, err); - else - fprintf(stderr, "%s\n", func); - return ret; - } - return OK; -} - -int compare_CSSM_CONTEXT(CSSM_CONTEXT *ctx1, CSSM_CONTEXT *ctx2) -{ - const char *func = "compare_CSSM_CONTEXT()"; - u_int i, ret; - - NULLCHECK(ctx1, ctx2, func); - if (ctx1->ContextType != ctx2->ContextType || - ctx1->AlgorithmType != ctx2->AlgorithmType || - ctx1->NumberOfAttributes != ctx2->NumberOfAttributes || - ctx1->CSPHandle != ctx2->CSPHandle || - ctx1->Privileged != ctx2->Privileged || - ctx1->EncryptionProhibited != ctx2->EncryptionProhibited || - ctx1->WorkFactor != ctx2->WorkFactor || - ctx1->Reserved != ctx2->Reserved) - { - fprintf(stderr, "%s (mismatch)\n", func); - return MISMATCH; - } - for (i = 0; i < ctx1->NumberOfAttributes; ++i) - { - ret = compare_CSSM_CONTEXT_ATTRIBUTE(&ctx1->ContextAttributes[i], - &ctx2->ContextAttributes[i]); - if (ret != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - } - return OK; -} - -int compare_CSSM_OID(CSSM_OID *oid1, CSSM_OID *oid2) -{ - return compare_CSSM_DATA(reinterpret_cast(oid1), - reinterpret_cast(oid2)); -} - -/* oy -- see cdsa_utilities, cssmdb.cpp: CompareAttributeInfos() */ -int compare_CSSM_DB_ATTRIBUTE_INFO(CSSM_DB_ATTRIBUTE_INFO *attrinfo1, - CSSM_DB_ATTRIBUTE_INFO *attrinfo2) -{ - const char *func = "compare_CSSM_DB_ATTRIBUTE_INFO()"; - - NULLCHECK(attrinfo1, attrinfo2, func); - if (attrinfo1->AttributeNameFormat != attrinfo2->AttributeNameFormat || - attrinfo1->AttributeFormat != attrinfo2->AttributeFormat) - { - fprintf(stderr, "%s (mismatch)\n", func); - return MISMATCH; - } - switch(attrinfo1->AttributeNameFormat) - { - case CSSM_DB_ATTRIBUTE_NAME_AS_STRING: - if (strcmp(attrinfo1->Label.AttributeName, attrinfo2->Label.AttributeName)) - { - fprintf(stderr, "%s (string mismatch)\n", func); - return MISMATCH; - } - break; - case CSSM_DB_ATTRIBUTE_NAME_AS_OID: - return compare_CSSM_OID(&attrinfo1->Label.AttributeOID, - &attrinfo2->Label.AttributeOID); - break; - case CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER: - if (attrinfo1->Label.AttributeID != attrinfo2->Label.AttributeID) - { - fprintf(stderr, "%s (integer mismatch)\n", func); - return MISMATCH; - } - break; - default: - fprintf(stderr, "%s (unknown type)\n", func); - return UNKNOWN_TYPE; - } - return OK; -} - -int compare_CSSM_DB_ATTRIBUTE_DATA(CSSM_DB_ATTRIBUTE_DATA *attrdata1, - CSSM_DB_ATTRIBUTE_DATA *attrdata2) -{ - const char *func = "compare_CSSM_DB_ATTRIBUTE_DATA()"; - int ret; - uint32_t i; - - NULLCHECK(attrdata1, attrdata2, func); - ret = compare_CSSM_DB_ATTRIBUTE_INFO(&attrdata1->Info, &attrdata2->Info); - if (ret != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - if (attrdata1->NumberOfValues != attrdata2->NumberOfValues) - { - fprintf(stderr, "%s (mismatch)\n", func); - return MISMATCH; - } - for (i = 0; i < attrdata1->NumberOfValues; ++i) - { - ret = compare_CSSM_DATA(&attrdata1->Value[i], &attrdata2->Value[i]); - if (ret != OK) - { - fprintf(stderr, "%s (Value %d)\n", func, i+1); - return ret; - } - } - return OK; -} - -int compare_CSSM_SELECTION_PREDICATE(CSSM_SELECTION_PREDICATE *pred1, - CSSM_SELECTION_PREDICATE *pred2) -{ - const char *func = "compare_CSSM_SELECTION_PREDICATE()"; - int ret; - - NULLCHECK(pred1, pred2, func); - if (pred1->DbOperator != pred2->DbOperator) - { - fprintf(stderr, "%s (mismatch)\n", func); - return MISMATCH; - } - ret = compare_CSSM_DB_ATTRIBUTE_DATA(&pred1->Attribute, &pred2->Attribute); - if (ret != OK) - fprintf(stderr, "%s\n", func); - return ret; -} - -int compare_CSSM_QUERY_LIMITS(CSSM_QUERY_LIMITS *limits1, - CSSM_QUERY_LIMITS *limits2) -{ - const char *func = "compare_CSSM_QUERY_LIMITS()"; - - NULLCHECK(limits1, limits2, func); - if (limits1->TimeLimit != limits2->TimeLimit || - limits1->SizeLimit != limits2->SizeLimit) - { - fprintf(stderr, "%s (mismatch)\n", func); - return MISMATCH; - } - return OK; -} - -int compare_CSSM_QUERY(CSSM_QUERY *query1, CSSM_QUERY *query2) -{ - const char *func = "compare_CSSM_QUERY()"; - int ret; - uint32_t i; - - NULLCHECK(query1, query2, func); - if (query1->RecordType != query2->RecordType || - query1->Conjunctive != query2->Conjunctive || - query1->NumSelectionPredicates != query2->NumSelectionPredicates || - query1->QueryFlags != query2->QueryFlags) - { - fprintf(stderr, "%s (mismatch)\n", func); - return MISMATCH; - } - for (i = 0; i < query1->NumSelectionPredicates; ++i) - { - ret = compare_CSSM_SELECTION_PREDICATE(&query1->SelectionPredicate[i], - &query2->SelectionPredicate[i]); - } - ret = compare_CSSM_QUERY_LIMITS(&query1->QueryLimits, &query2->QueryLimits); - if (ret != OK) - fprintf(stderr, "%s\n", func); - return ret; -} - -/************************************************************************** - * Support routines for test_...() functions. - **************************************************************************/ - -CSSM_RETURN dummyACLSubjectCallback(const CSSM_LIST *subjectRequest, - void *callerContext, - const CSSM_MEMORY_FUNCS *MemFuncs) -{ - return CSSM_ERRCODE_FUNCTION_NOT_IMPLEMENTED; /* XXX/gh */ -} - -/* - * Dummy func to make sure CSSM_CRYPTO_DATA isn't being corrupted. Kindly - * note the requirement that "context" be a CSSM_CRYPTO_DATA. - */ -CSSM_RETURN dummyCSSMCallback(CSSM_DATA *data, void *context) -{ - CSSM_CRYPTO_DATA_PTR crypto = (CSSM_CRYPTO_DATA *)context; - data->Length = crypto->Param.Length; - data->Data = (uint8 *)malloc(data->Length); /* XXX/gh leaked */ - /* XXX/gh yeah, should check if the malloc() failed */ - memcpy(data->Data, crypto->Param.Data, data->Length); - return CSSM_OK; -} - -/************************************************************************** - * test_CSSM_...() routines read sample data from disk (obtained from - * securityd via the SecuritydDataSave class), set up the named - * top-level structure by byte-reordering (if needed) and pointer - * relocating (using libsecurity_utilities walkers), and let the - * corresponding test_xdrwalk_...() routine test the XDR encoding/decoding - * routines against themselves and against the equivalent walker-generated - * output. - * - * General test methodology: - * - * encode/decode x 3, then compare (1) the encoded original vs. the decoded - * copy, and (2) the flattened encoded version with the equivalent walker's - * flattened output. - **************************************************************************/ - -/* TODO/gh don't worry about this until we get smart cards working */ -int test_CSSM_DB_RECORD_ATTRIBUTE_DATA(const char *srcfile) -{ - CSSM_DB_RECORD_ATTRIBUTE_DATA *data = NULL; - - if (srcfile) - { - /* read binary data from disk */ - } - else - { - /* dummy something up */ - data = (CSSM_DB_RECORD_ATTRIBUTE_DATA *)malloc(sizeof(CSSM_DB_RECORD_ATTRIBUTE_DATA)); - if (!data) - return MEM_ERROR; - data->DataRecordType = CSSM_DL_DB_RECORD_CERT; - /* TODO/gh pick up from here */ - } - if (data) - free(data); - return NOT_IMPLEMENTED; /* TODO/gh */ -} - -int test_xdrwalk_CSSM_CONTEXT(CSSM_CONTEXT *ctx, int dbglvl) -{ - const char *func = "test_xdrwalk_CSSM_CONTEXT()"; - CSSM_CONTEXT *walkcopy, *xdrctxcopy = NULL; - CSSM_CONTEXT_ATTRIBUTE *attrs; - void *flattenedCtxPtr = NULL; - u_int flattenedCtxLen = 0, i; - int ret, iter; - size_t attrsSize, walkedAttrsSize; - - /* - * Reimplement Context::Builder so we control where the memory is - * allocated, thus what pointer values are. - */ - SizeWalker sizer; - for (i = 0; i < ctx->NumberOfAttributes; ++i) - { - walk(sizer, ctx->ContextAttributes[i]); - } - attrsSize = ALIGNUP(ctx->NumberOfAttributes * sizeof(CSSM_CONTEXT_ATTRIBUTE)); - walkedAttrsSize = attrsSize + ALIGNUP(sizer); - - /* create a *flat* copy of ctx for direct memcmp() w/ XDR copy */ - walkcopy = reinterpret_cast(calloc(1, sizeof(CSSM_CONTEXT) + walkedAttrsSize)); - if (walkcopy == NULL) - { - fprintf(stderr, "%s: error allocating walked context\n", func); - return MEM_ERROR; - } - memcpy(walkcopy, ctx, sizeof(CSSM_CONTEXT)); - attrs = reinterpret_cast(reinterpret_cast(walkcopy) + sizeof(CSSM_CONTEXT)); - CopyWalker copier = LowLevelMemoryUtilities::increment(attrs, attrsSize); - for (i = 0; i < ctx->NumberOfAttributes; ++i) - { - attrs[i] = ctx->ContextAttributes[i]; /* shallow copy */ - walk(copier, attrs[i]); /* deep copy */ - } - walkcopy->ContextAttributes = attrs; - - for (iter = 0; iter < N_ITERS; ++iter) - { - if (!xdr_mem_encode(ctx, &flattenedCtxPtr, &flattenedCtxLen, - (xdrproc_t)xdr_CSSM_CONTEXT)) - { - fprintf(stderr, "%s, round %d (encode error)\n", func, iter+1); - return XDR_ENCODE_ERROR; - } - /* always zero out memory before attempting a decode */ - if ((xdrctxcopy = (CSSM_CONTEXT *)calloc(1, sizeof(CSSM_CONTEXT))) == NULL) - { - fprintf(stderr, "%s, round %d (allocation error)\n", func, iter+1); - return MEM_ERROR; - } - if (!xdr_mem_decode(flattenedCtxPtr, xdrctxcopy, flattenedCtxLen, - (xdrproc_t)xdr_CSSM_CONTEXT)) - { - fprintf(stderr, "%s, round %d (decode error)\n", func, iter+1); - return XDR_DECODE_ERROR; - } - if (dbglvl >= 3) - printf("comparing XDR-generated structs...\n"); - if ((ret = compare_CSSM_CONTEXT(ctx, xdrctxcopy)) != OK) - { - fprintf(stderr, "%s: CSSM_CONTEXT old/new XDR comparison, round %d, failed\n", - func, iter+1); - return ret; - } - if (dbglvl >= 3) - printf("comparing walked- and XDR-generated structs...\n"); - if ((ret = compare_CSSM_CONTEXT(xdrctxcopy, walkcopy)) != OK) - { - fprintf(stderr, "%s: CSSM_CONTEXT XDR/walker comparison, round %d, failed\n", - func, iter+1); - return ret; - } - if (dbglvl >= 2) - printf("CSSM_CONTEXT compared OK, round %d\n", iter+1); -#if 0 - if (dbglvl >= 3) - printf("Starting XDR/walker comparison...\n"); - /* - * XXX/gh xdrctxcopy and walkcopy should be identical except for - * pointer offsets. However, xdrctxcopy has extra bytes following - * CSSM_CONTEXT's Reserved field; still investigating why. - */ - /* XXX/gh relocate somebody's pointers */ - if (memcmp(walkcopy, xdrctxcopy, walkedAttrsSize+sizeof(CSSM_CONTEXT))) - { - fprintf(stderr, "%s, round %d (comparison failed)\n", func, iter+1); - return MISMATCH; - } -#endif - if (iter > 0) - free(ctx); - ctx = xdrctxcopy; - free(flattenedCtxPtr); - flattenedCtxPtr = NULL; - flattenedCtxLen = 0; - } - if (dbglvl >= 1) - printf("Successfully finished CSSM_CONTEXT check\n"); - return OK; -} - -int test_CSSM_CONTEXT(int fd, int doflip, int dbglvl) -{ - const char *func = "test_CSSM_CONTEXT()"; - CSSM_CONTEXT ctx; - CSSM_CONTEXT_ATTRIBUTE *attrs; - int ret; - CSSM_CRYPTO_DATA crypto; - - if (fd > -1) /* cheesy hack, but what ya gonna do? */ - { - int csize, attrSize; - u_int i; - intptr_t attraddr; - off_t offset; - /* - * Saved format: - * - size (of CSSM_CONTEXT) - * - CSSM_CONTEXT - * - size (of starting address for attributes) - * - starting address for CSSM_CONTEXT_ATTRIBUTEs - * - total size of CSSM_CONTEXT_ATTRIBUTEs - * - CSSM_CONTEXT_ATTRIBUTEs (contiguous) - */ - - /* context size; not really needed */ - if (read(fd, &csize, sizeof(csize)) != static_cast(sizeof(csize))) - { - fprintf(stderr, "%s: Error reading context size\n", func); - return BAD_READ; - } - if (doflip) flip(&csize, sizeof(csize)); - if (read(fd, &ctx, csize) != static_cast(csize)) - { - fprintf(stderr, "Error reading context\n"); - return BAD_READ; - } - /* Defer reorder of CSSM_CONTEXT until attributes have been read */ - /* attribute array starting address */ - if (read(fd, &csize, sizeof(csize)) != static_cast(sizeof(csize))) - { - fprintf(stderr, "Error reading attribute address size\n"); - return BAD_READ; - } - if (doflip) flip(&csize, sizeof(csize)); - if (read(fd, &attraddr, csize) != csize) - { - fprintf(stderr, "Error reading attribute address\n"); - return BAD_READ; - } - /* - * byte reorder of old attribute address, if needed, handled in - * hostorder_CSSM_CONTEXT() - */ - /* size of attributes */ - if (read(fd, &attrSize, sizeof(attrSize)) != static_cast(sizeof(attrSize))) - { - fprintf(stderr, "Error reading attribute size\n"); - return BAD_READ; - } - if (doflip) flip(&attrSize, sizeof(attrSize)); - if ((attrs = (CSSM_CONTEXT_ATTRIBUTE *)malloc(attrSize)) == NULL) - return MEM_ERROR; - /* attributes */ - if (read(fd, attrs, attrSize) != attrSize) - { - fprintf(stderr, "Error reading attributes\n"); - return BAD_READ; - } - if (doflip) - { - ctx.ContextAttributes = reinterpret_cast(attraddr); - hostorder_CSSM_CONTEXT(&ctx, attrs); - } - else - { - /* NB: this was the working code before byte-reordering */ - offset = reinterpret_cast(attrs) - attraddr; - ReconstituteWalker relocator(offset); - for (i = 0; i < ctx.NumberOfAttributes; ++i) - { - walk(relocator, attrs[i]); - } - ctx.ContextAttributes = attrs; - } - (void)close(fd); - } - else - { - int err; - uint32_t intattr; - - /* - * dummy something up; this is from FakeContext usages in - * securityd/tests/ - */ - ctx.ContextType = CSSM_ALGCLASS_KEYGEN; - ctx.AlgorithmType = CSSM_ALGID_DES; -#define N_TEST_ATTRS 2 - ctx.NumberOfAttributes = N_TEST_ATTRS; - attrs = (CSSM_CONTEXT_ATTRIBUTE *)malloc(N_TEST_ATTRS*sizeof(CSSM_CONTEXT_ATTRIBUTE)); - if (!attrs) - return MEM_ERROR; - ctx.ContextAttributes = attrs; - intattr = 64; - err = fill_CSSM_CONTEXT_ATTRIBUTE(&ctx.ContextAttributes[0], - CSSM_ATTRIBUTE_KEY_LENGTH, - sizeof(uint32_t), - &intattr); - if (err != OK) - return err; - crypto.Param.Length = strlen(testString); - crypto.Param.Data = (uint8 *)testString; -#if 0 - crypto.Callback = dummyCSSMCallback; - crypto.CallerCtx = &crypto; /* dummy cb needs crypto.Param */ -#endif - crypto.Callback = NULL; - crypto.CallerCtx = NULL; /* dummy cb needs crypto.Param */ - err = fill_CSSM_CONTEXT_ATTRIBUTE(&ctx.ContextAttributes[1], - CSSM_ATTRIBUTE_SEED, - sizeof(CSSM_CRYPTO_DATA), - (void *)&crypto); - if (err != OK) - return err; - ctx.CSPHandle = 13; - ctx.Privileged = CSSM_TRUE; /* ! 0 */ - ctx.EncryptionProhibited = CSSM_TRUE; - ctx.WorkFactor = 41; - ctx.Reserved = 0xfeefee; /* sentry value */ - } - - if ((ret = test_xdrwalk_CSSM_CONTEXT(&ctx, dbglvl)) != OK) - { - fprintf(stderr, "%s\n", func); - return ret; - } - return OK; -} - -int test_xdrwalk_CSSM_ACL_OWNER_PROTOTYPE(CSSM_ACL_OWNER_PROTOTYPE *aclOwnerPrototype, - int dbglvl) -{ - const char *func = "test_xdrwalk_CSSM_ACL_OWNER_PROTOTYPE()"; - CSSM_ACL_OWNER_PROTOTYPE *walkcopy, *xdrcopy; - void *flattenedAclOwnerPtr = NULL; - u_int flattenedAclOwnerLen = 0; - int ret, iter; - - /* save off aclOwnerPrototype because we're going to reuse the pointer */ - walkcopy = reinterpret_cast(calloc(1, sizeof(CSSM_ACL_OWNER_PROTOTYPE))); - if (walkcopy == NULL) - { - fprintf(stderr, "%s: error allocating walked CSSM_ACL_OWNER_PROTOTYPE\n", func); - return MEM_ERROR; - } - memcpy(walkcopy, aclOwnerPrototype, sizeof(CSSM_ACL_OWNER_PROTOTYPE)); - /* aclOwnerPrototype *is* a walked copy, so no need to re-walk it */ - - for (iter = 0; iter < N_ITERS; ++iter) - { - if (!xdr_mem_encode(aclOwnerPrototype, &flattenedAclOwnerPtr, - &flattenedAclOwnerLen, - reinterpret_cast(xdr_CSSM_ACL_OWNER_PROTOTYPE))) - { - fprintf(stderr, "%s, round %d (encode error)\n", func, iter+1); - return XDR_ENCODE_ERROR; - } - /* always zero out memory before attempting a decode */ - if ((xdrcopy = (CSSM_ACL_OWNER_PROTOTYPE *)calloc(1, sizeof(CSSM_ACL_OWNER_PROTOTYPE))) == NULL) - { - fprintf(stderr, "%s, round %d (allocation error)\n", func, iter+1); - return MEM_ERROR; - } - if (!xdr_mem_decode(flattenedAclOwnerPtr, xdrcopy, flattenedAclOwnerLen, - (xdrproc_t)xdr_CSSM_ACL_OWNER_PROTOTYPE)) - { - fprintf(stderr, "%s, round %d (decode error)\n", func, iter+1); - return XDR_DECODE_ERROR; - } - if (dbglvl >= 3) - printf("comparing XDR-generated structs...\n"); - if ((ret = compare_CSSM_ACL_OWNER_PROTOTYPE(aclOwnerPrototype, xdrcopy)) != OK) - { - fprintf(stderr, "%s: CSSM_ACL_OWNER_PROTOTYPE old/new XDR comparison, round %d, failed\n", - func, iter+1); - return ret; - } - if (dbglvl >= 3) - printf("comparing walked- and XDR-generated structs...\n"); - if ((ret = compare_CSSM_ACL_OWNER_PROTOTYPE(xdrcopy, walkcopy)) != OK) - { - fprintf(stderr, "%s: CSSM_ACL_OWNER_PROTOTYPE XDR/walker comparison, round %d, failed\n", - func, iter+1); - return ret; - } - if (dbglvl >= 2) - printf("CSSM_ACL_OWNER_PROTOTYPE compared OK, round %d\n", iter+1); - if (iter > 0) - free(aclOwnerPrototype); - aclOwnerPrototype = xdrcopy; - free(flattenedAclOwnerPtr); - flattenedAclOwnerPtr = NULL; - flattenedAclOwnerLen = 0; - } - - if (dbglvl >= 1) - printf("Successfully finished CSSM_ACL_OWNER_PROTOTYPE check\n"); - return OK; -} - -int test_CSSM_ACL_OWNER_PROTOTYPE(int fd, int doflip, int dbglvl) -{ - const char *func = "test_CSSM_ACL_OWNER_PROTOTYPE()"; - CSSM_ACL_OWNER_PROTOTYPE *aclOwnerPrototype; - int ret; - - if (fd > -1) /* cheesy hack, but what ya gonna do? */ - { - int aclsize; - uint32_t ptrsize; /* AKA mach_msg_type_number_t, AKA natural_t */ - intptr_t baseptr; - off_t offset; - /* - * Saved format: - * - sizeof(base pointer) - * - base pointer - * - length - * - CSSM_ACL_OWNER_PROTOTYPE - */ - if (read(fd, &ptrsize, sizeof(ptrsize)) < static_cast(sizeof(ptrsize))) - { - fprintf(stderr, "%s: Error reading base pointer size\n", func); - return BAD_READ; - } - if (doflip) flip(&ptrsize, sizeof(ptrsize)); - if (read(fd, &baseptr, ptrsize) < static_cast(ptrsize)) - { - fprintf(stderr, "%s: Error reading base pointer\n", func); - return BAD_READ; - } - if (doflip) flip(&baseptr, sizeof(baseptr)); - if (read(fd, &aclsize, sizeof(aclsize)) < static_cast(sizeof(aclsize))) - { - fprintf(stderr, "%s: Error reading AclOwnerPrototype size\n", func); - return BAD_READ; - } - if (doflip) flip(&aclsize, sizeof(aclsize)); - aclOwnerPrototype = (CSSM_ACL_OWNER_PROTOTYPE *)malloc(aclsize); - if (aclOwnerPrototype == NULL) - return MEM_ERROR; - if (read(fd, aclOwnerPrototype, aclsize) < aclsize) - { - fprintf(stderr, "Error reading CSSM_ACL_OWNER_PROTOTYPE\n"); - return BAD_READ; - } - offset = reinterpret_cast(aclOwnerPrototype) - baseptr; - if (doflip) - { - hostorder_CSSM_ACL_OWNER_PROTOTYPE(aclOwnerPrototype, offset); - } - else - { - ReconstituteWalker relocator(offset); - walk(relocator, reinterpret_cast(baseptr)); - } - (void)close(fd); - } - else - { - /* TODO/gh cobble something up */ - return NOT_IMPLEMENTED; - } - - ret = test_xdrwalk_CSSM_ACL_OWNER_PROTOTYPE(aclOwnerPrototype, dbglvl); - if (ret != OK) - fprintf(stderr, "%s\n", func); - free(aclOwnerPrototype); - return ret; -} - -int test_xdrwalk_CSSM_ACL_ENTRY_INPUT(CSSM_ACL_ENTRY_INPUT *aclEntryInput, - int dbglvl) -{ - const char *func = "test_xdrwalk_CSSM_ACL_ENTRY_INPUT()"; - CSSM_ACL_ENTRY_INPUT *walkcopy, *xdrcopy; - void *flattenedAclEIPtr = NULL; - u_int flattenedAclEILen = 0; - int ret, iter; - - /* save off aclEntryInput because we're going to reuse the pointer */ - walkcopy = reinterpret_cast(calloc(1, sizeof(CSSM_ACL_ENTRY_INPUT))); - if (walkcopy == NULL) - { - fprintf(stderr, "%s: error allocating walked CSSM_ACL_ENTRY_INPUT\n", func); - return MEM_ERROR; - } - memcpy(walkcopy, aclEntryInput, sizeof(CSSM_ACL_ENTRY_INPUT)); - /* aclEntryInput *is* a walked copy, so no need to re-walk it */ - - for (iter = 0; iter < N_ITERS; ++iter) - { - if (!xdr_mem_encode(aclEntryInput, &flattenedAclEIPtr, &flattenedAclEILen, - (xdrproc_t)xdr_CSSM_ACL_ENTRY_INPUT)) - { - fprintf(stderr, "%s, round %d\n", func, iter+1); - return XDR_ENCODE_ERROR; - } - /* always zero out memory before attempting a decode */ - if ((xdrcopy = (CSSM_ACL_ENTRY_INPUT *)calloc(1, sizeof(CSSM_ACL_ENTRY_INPUT))) == NULL) - { - fprintf(stderr, "%s, round %d (allocation error)\n", func, iter+1); - return MEM_ERROR; - } - if (!xdr_mem_decode(flattenedAclEIPtr, xdrcopy, flattenedAclEILen, - (xdrproc_t)xdr_CSSM_ACL_ENTRY_INPUT)) - { - fprintf(stderr, "%s, round %d\n", func, iter+1); - return XDR_DECODE_ERROR; - } - if (dbglvl >= 3) - printf("comparing XDR-generated structs...\n"); - if ((ret = compare_CSSM_ACL_ENTRY_INPUT(aclEntryInput, xdrcopy)) != OK) - { - fprintf(stderr, "%s: CSSM_ACL_ENTRY_INPUT old/new XDR comparison, round %d, failed\n", - func, iter+1); - return ret; - } - if (dbglvl >= 3) - printf("comparing walked- and XDR-generated structs...\n"); - if ((ret = compare_CSSM_ACL_ENTRY_INPUT(xdrcopy, walkcopy)) != OK) - { - fprintf(stderr, "%s: CSSM_ACL_ENTRY_INPUT XDR/walker comparison, round %d, failed\n", - func, iter+1); - return ret; - } - if (dbglvl >= 2) - printf("CSSM_ACL_ENTRY_INPUT compared OK, round %d\n", iter+1); - if (iter > 0) - free(aclEntryInput); - aclEntryInput = xdrcopy; - free(flattenedAclEIPtr); - flattenedAclEIPtr = NULL; - flattenedAclEILen = 0; - } - - if (dbglvl >= 1) - printf("Successfully finished CSSM_ACL_ENTRY_INPUT check\n"); - return OK; -} - -int test_CSSM_ACL_ENTRY_INPUT(int fd, int doflip, int dbglvl) -{ - const char *func = "test_CSSM_ACL_ENTRY_INPUT()"; - CSSM_ACL_ENTRY_INPUT *aclEntryInput; - int ret; - - if (fd > -1) /* cheesy hack, but what ya gonna do? */ - { - int aclsize; - uint32_t ptrsize; /* AKA mach_msg_type_number_t, AKA natural_t */ - intptr_t baseptr; - off_t offset; - /* - * Saved format: - * - sizeof(base pointer) - * - base pointer - * - length - * - CSSM_ACL_ENTRY_INPUT - */ - if (read(fd, &ptrsize, sizeof(ptrsize)) < static_cast(sizeof(ptrsize))) - { - fprintf(stderr, "%s: Error reading base pointer size\n", func); - return BAD_READ; - } - if (doflip) flip(&ptrsize, sizeof(ptrsize)); - if (read(fd, &baseptr, ptrsize) < static_cast(ptrsize)) - { - fprintf(stderr, "%s: Error reading base pointer\n", func); - return BAD_READ; - } - if (doflip) flip(&baseptr, sizeof(baseptr)); - if (read(fd, &aclsize, sizeof(aclsize)) < static_cast(sizeof(aclsize))) - { - fprintf(stderr, "%s: Error reading AclEntryInput size\n", func); - return BAD_READ; - } - if (doflip) flip(&aclsize, sizeof(aclsize)); - aclEntryInput = (CSSM_ACL_ENTRY_INPUT *)malloc(aclsize); - if (aclEntryInput == NULL) - return MEM_ERROR; - if (read(fd, aclEntryInput, aclsize) < aclsize) - { - fprintf(stderr, "Error reading CSSM_ACL_ENTRY_INPUT\n"); - return BAD_READ; - } - offset = reinterpret_cast(aclEntryInput) - baseptr; - if (doflip) - { - hostorder_CSSM_ACL_ENTRY_INPUT(aclEntryInput, offset); - } - else - { - ReconstituteWalker relocator(offset); - walk(relocator, reinterpret_cast(baseptr)); - } - (void)close(fd); - } - else - { - /* TODO/gh cobble something up */ - fprintf(stderr, "%s: hard-coded test not implemented yet\n", func); - return NOT_IMPLEMENTED; - } - - if ((ret = test_xdrwalk_CSSM_ACL_ENTRY_INPUT(aclEntryInput, dbglvl)) != OK) - fprintf(stderr, "%s\n", func); - free(aclEntryInput); - return ret; -} - -int test_xdrwalk_CSSM_ACL_ENTRY_INFO(CSSM_ACL_ENTRY_INFO *aclEntryInfo, - int dbglvl) -{ - const char *func = "test_xdrwalk_CSSM_ACL_ENTRY_INFO()"; - - CSSM_ACL_ENTRY_INFO *walkcopy, *xdrcopy; - void *flattenedAclEIPtr = NULL; - u_int flattenedAclEILen = 0; - int ret, iter; - - /* save off aclEntryInfo because we're going to reuse the pointer */ - walkcopy = reinterpret_cast(calloc(1, sizeof(CSSM_ACL_ENTRY_INFO))); - if (walkcopy == NULL) - { - fprintf(stderr, "%s: error allocating walked CSSM_ACL_ENTRY_INFO\n", func); - return MEM_ERROR; - } - memcpy(walkcopy, aclEntryInfo, sizeof(CSSM_ACL_ENTRY_INFO)); - /* right now aclEntryInfo *is* a walked copy, so no need to re-walk it */ - for (iter = 0; iter < N_ITERS; ++iter) - { - if (!xdr_mem_encode(aclEntryInfo, &flattenedAclEIPtr, &flattenedAclEILen, - (xdrproc_t)xdr_CSSM_ACL_ENTRY_INFO)) - { - fprintf(stderr, "%s, round %d\n", func, iter+1); - return XDR_ENCODE_ERROR; - } - /* always zero out memory before attempting a decode */ - if ((xdrcopy = (CSSM_ACL_ENTRY_INFO *)calloc(1, sizeof(CSSM_ACL_ENTRY_INFO))) == NULL) - { - fprintf(stderr, "%s, round %d (allocation error)\n", func, iter+1); - return MEM_ERROR; - } - if (!xdr_mem_decode(flattenedAclEIPtr, xdrcopy, flattenedAclEILen, - (xdrproc_t)xdr_CSSM_ACL_ENTRY_INFO)) - { - fprintf(stderr, "%s, round %d\n", func, iter+1); - return XDR_DECODE_ERROR; - } - if (dbglvl >= 3) - printf("comparing XDR-generated structs...\n"); - if ((ret = compare_CSSM_ACL_ENTRY_INFO(aclEntryInfo, xdrcopy)) != OK) - { - fprintf(stderr, "%s: CSSM_ACL_ENTRY_INFO old/new XDR comparison, round %d, failed\n", - func, iter+1); - return ret; - } - if (dbglvl >= 3) - printf("comparing walked- and XDR-generated structs...\n"); - if ((ret = compare_CSSM_ACL_ENTRY_INFO(xdrcopy, walkcopy)) != OK) - { - fprintf(stderr, "%s: CSSM_ACL_ENTRY_INFO XDR/walker comparison, round %d, failed\n", - func, iter+1); - return ret; - } - if (dbglvl >= 2) - printf("CSSM_ACL_ENTRY_INFO compared OK, round %d\n", iter+1); - if (iter > 0) - free(aclEntryInfo); - aclEntryInfo = xdrcopy; - free(flattenedAclEIPtr); - flattenedAclEIPtr = NULL; - flattenedAclEILen = 0; - } - if (dbglvl >= 1) - printf("Successfully finished CSSM_ACL_ENTRY_INFO check\n"); - return OK; -} - -int test_CSSM_ACL_ENTRY_INFO(int fd, int doflip, int dbglvl) -{ - const char *func = "test_CSSM_ACL_ENTRY_INFO()"; - CSSM_ACL_ENTRY_INFO *aclEntryInfo; - int ret, aclsize; - - if (fd > -1) /* cheesy hack, but what ya gonna do? */ - { - uint32_t ptrsize; /* AKA mach_msg_type_number_t, AKA natural_t */ - intptr_t baseptr; - off_t offset; - /* - * Saved format (v. 1 of saved-data protocol): - * - preamble - * - sizeof(base pointer) - * - base pointer - * - length - * - CSSM_ACL_ENTRY_INFO - */ - - if (read(fd, &ptrsize, sizeof(ptrsize)) < static_cast(sizeof(ptrsize))) - { - fprintf(stderr, "%s: Error reading base pointer size\n", func); - return BAD_READ; - } - if (doflip) flip(&ptrsize, sizeof(ptrsize)); - if (read(fd, &baseptr, ptrsize) < static_cast(ptrsize)) - { - fprintf(stderr, "%s: Error reading base pointer\n", func); - return BAD_READ; - } - if (doflip) flip(&baseptr, sizeof(baseptr)); - if (read(fd, &aclsize, sizeof(aclsize)) < static_cast(sizeof(aclsize))) - { - fprintf(stderr, "%s: Error reading AclEntryInput size\n", func); - return BAD_READ; - } - if (doflip) flip(&aclsize, sizeof(aclsize)); - aclEntryInfo = (CSSM_ACL_ENTRY_INFO *)malloc(aclsize); - if (aclEntryInfo == NULL) - return MEM_ERROR; - if (read(fd, aclEntryInfo, aclsize) < aclsize) - { - fprintf(stderr, "Error reading CSSM_ACL_ENTRY_INFO\n"); - return BAD_READ; - } - offset = reinterpret_cast(aclEntryInfo) - baseptr; - if (doflip) - { - hostorder_CSSM_ACL_ENTRY_INFO(aclEntryInfo, offset); - } - else - { - ReconstituteWalker relocator(offset); - walk(relocator, reinterpret_cast(baseptr)); - } - (void)close(fd); - } - else - { - /* TODO/gh cobble something up */ - fprintf(stderr, "%s: hard-coded test not implemented yet\n", func); - return NOT_IMPLEMENTED; - } - if ((ret = test_xdrwalk_CSSM_ACL_ENTRY_INFO(aclEntryInfo, dbglvl)) != OK) - fprintf(stderr, "%s\n", func); - free(aclEntryInfo); - return ret; -} - -int test_xdrwalk_CSSM_QUERY(CSSM_QUERY *query, int dbglvl) -{ - const char *func = "test_xdrwalk_CSSM_QUERY()"; - - CSSM_QUERY *walkcopy, *xdrcopy; - void *flattenedQueryPtr = NULL; - u_int flattenedQueryLen = 0; - int ret, iter; - - /* save off query because we're going to reuse the pointer */ - walkcopy = reinterpret_cast(calloc(1, sizeof(CSSM_QUERY))); - if (walkcopy == NULL) - { - fprintf(stderr, "%s: error allocating walked CSSM_QUERY\n", func); - return MEM_ERROR; - } - memcpy(walkcopy, query, sizeof(CSSM_QUERY)); - /* right now query *is* a walked copy, so no need to re-walk it */ - for (iter = 0; iter < N_ITERS; ++iter) - { - if (!xdr_mem_encode(query, &flattenedQueryPtr, &flattenedQueryLen, - (xdrproc_t)xdr_CSSM_QUERY)) - { - fprintf(stderr, "%s, round %d\n", func, iter+1); - return XDR_ENCODE_ERROR; - } - /* always zero out memory before attempting a decode */ - if ((xdrcopy = (CSSM_QUERY *)calloc(1, sizeof(CSSM_QUERY))) == NULL) - { - fprintf(stderr, "%s, round %d (allocation error)\n", func, iter+1); - return MEM_ERROR; - } - if (!xdr_mem_decode(flattenedQueryPtr, xdrcopy, flattenedQueryLen, - (xdrproc_t)xdr_CSSM_QUERY)) - { - fprintf(stderr, "%s, round %d\n", func, iter+1); - return XDR_DECODE_ERROR; - } - if (dbglvl >= 3) - printf("comparing XDR-generated structs...\n"); - if ((ret = compare_CSSM_QUERY(query, xdrcopy)) != OK) - { - fprintf(stderr, "%s: CSSM_QUERY old/new XDR comparison, round %d, failed\n", - func, iter+1); - return ret; - } - if (dbglvl >= 3) - printf("comparing walked- and XDR-generated structs...\n"); - if ((ret = compare_CSSM_QUERY(xdrcopy, walkcopy)) != OK) - { - fprintf(stderr, "%s: CSSM_QUERY XDR/walker comparison, round %d, failed\n", - func, iter+1); - return ret; - } - if (dbglvl >= 2) - printf("CSSM_QUERY compared OK, round %d\n", iter+1); - if (iter > 0) - free(query); - query = xdrcopy; - free(flattenedQueryPtr); - flattenedQueryPtr = NULL; - flattenedQueryLen = 0; - } - if (dbglvl >= 1) - printf("Successfully finished CSSM_QUERY check\n"); - return OK; -} - -int test_CSSM_QUERY(int fd, int doflip, int dbglvl) -{ - const char *func = "test_CSSM_QUERY()"; - CSSM_QUERY *query; - int ret, querysize; - - if (fd > -1) /* cheesy hack, but what ya gonna do? */ - { - uint32_t ptrsize; /* AKA mach_msg_type_number_t, AKA natural_t */ - intptr_t baseptr; - off_t offset; - ssize_t readPtr; - int nq = 0; /* # of queries */ - /* - * Saved format (v. 1 of saved-data protocol): - * - preamble - * - sizeof(base pointer) - * - base pointer - * - length - * - CSSM_QUERY - */ - do - { - if (nq) /* first readPreamble() was in main() */ - { - /* dummy vars -- let the func params govern */ - uint32_t d1, d2, d3 = 0; - if ((ret = readPreamble(fd, &d1, &d2, &d3)) != OK) - { - if (ret == READ_EOF) - { - readPtr = -1; - continue; - } - return ret; - } - } - readPtr = read(fd, &ptrsize, sizeof(ptrsize)); - if (readPtr == 0) break; /* we're done */ - if (readPtr < static_cast(sizeof(ptrsize))) - { - fprintf(stderr, "%s: Error reading base pointer size\n", func); - return BAD_READ; - } - if (doflip) flip(&ptrsize, sizeof(ptrsize)); - if (read(fd, &baseptr, ptrsize) < static_cast(ptrsize)) - { - fprintf(stderr, "%s: Error reading base pointer\n", func); - return BAD_READ; - } - if (doflip) flip(&baseptr, sizeof(baseptr)); - if (read(fd, &querysize, sizeof(querysize)) < static_cast(sizeof(querysize))) - { - fprintf(stderr, "%s: Error reading CSSM_QUERY size\n", func); - return BAD_READ; - } - if (doflip) flip(&querysize, sizeof(querysize)); - query = (CSSM_QUERY *)malloc(querysize); - if (query == NULL) - return MEM_ERROR; - if (read(fd, query, querysize) < querysize) - { - fprintf(stderr, "Error reading CSSM_QUERY\n"); - return BAD_READ; - } - offset = reinterpret_cast(query) - baseptr; - if (doflip) - { - hostorder_CSSM_QUERY(query, offset); - } - else - { - ReconstituteWalker relocator(offset); - walk(relocator, reinterpret_cast(baseptr)); - } - ++nq; - if (dbglvl >= 2) - printf("%s: read a new CSSM_QUERY (%d)\n", func, nq); - if ((ret = test_xdrwalk_CSSM_QUERY(query, dbglvl)) != OK) - fprintf(stderr, "%s\n", func); - free(query); - } - while (readPtr != -1); - (void)close(fd); - } - else - { - /* TODO/gh cobble something up */ - fprintf(stderr, "%s: hard-coded test not implemented yet\n", func); - return NOT_IMPLEMENTED; - } - return OK; -} - -void usage(const char *progname) -{ - fprintf(stderr, "Usage: %s [-c|-I|-i] \n", progname); - fprintf(stderr, " FILE is binary data saved from securityd\n"); - fprintf(stderr, " -c\trun hard-coded CSSM_CONTEXT test\n"); - fprintf(stderr, " -i\trun hard-coded CSSM_ACL_ENTRY_INFO test\n"); - fprintf(stderr, " -I\trun hard-coded CSSM_ACL_ENTRY_INPUT test\n"); - fprintf(stderr, " -v\tverbose (more -v options mean more output\n"); - fprintf(stderr, " If FILE is not provided, %s will try to run any requested hard-coded test\n", progname); -} - -int main(int ac, char **av) -{ - const char *optstring = "chIiv"; - char *infile = NULL; - int c, fd, ret = OK, debuglevel = 0; - uint32_t doflip, version, type = 0; - - while ((c = getopt(ac, av, optstring)) != EOF) - { - switch(c) - { - case 'c': - type = SecuritydDataSave::CONTEXT; - break; - case 'I': - type = SecuritydDataSave::ACL_ENTRY_INPUT; - break; - case 'i': - type = SecuritydDataSave::ACL_ENTRY_INFO; - break; - case 'h': - usage(av[0]); - exit(0); - break; - case 'v': - debuglevel++; - break; - default: - break; - } - } - ac -= optind; - av += optind; - if (ac >= 1) - { - infile = av[0]; /* XXX/gh need to validate av[0]? */ - if ((fd = open(infile, O_RDONLY, 0)) < 0) - { - fprintf(stderr, "Couldn't open %s (%s)\n", infile, strerror(errno)); - return 2; - } - if ((ret = readPreamble(fd, &doflip, &version, &type)) != OK) - return ret; - } - else - { - fd = -1; /* use a hard-coded test */ - if (!type) - { - type = SecuritydDataSave::CONTEXT; /* the only test that has hard-coded data...*/ - fprintf(stderr, "*** running hard-coded CSSM_CONTEXT test\n"); - } - } - switch (type) - { - case SecuritydDataSave::CONTEXT: - ret = test_CSSM_CONTEXT(fd, doflip, debuglevel); - break; - case SecuritydDataSave::ACL_OWNER_PROTOTYPE: - ret = test_CSSM_ACL_OWNER_PROTOTYPE(fd, doflip, debuglevel); - break; - case SecuritydDataSave::ACL_ENTRY_INPUT: - ret = test_CSSM_ACL_ENTRY_INPUT(fd, doflip, debuglevel); - break; - case SecuritydDataSave::ACL_ENTRY_INFO: - ret = test_CSSM_ACL_ENTRY_INFO(fd, doflip, debuglevel); - break; - case SecuritydDataSave::QUERY: - ret = test_CSSM_QUERY(fd, doflip, debuglevel); - break; - default: - fprintf(stderr, "Unrecognized test\n"); - ret = NOT_IMPLEMENTED; - } - return ret; -} diff --git a/SecurityTool/SecurityTool.xcodeproj/project.pbxproj b/SecurityTool/SecurityTool.xcodeproj/project.pbxproj deleted file mode 100644 index 0edab75c..00000000 --- a/SecurityTool/SecurityTool.xcodeproj/project.pbxproj +++ /dev/null @@ -1,581 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 1865FCA814725B4D00FD79DF /* libsecurity_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1865FCA714725B4C00FD79DF /* libsecurity_utilities.a */; }; - 1865FCAA14725B6F00FD79DF /* libsecurity_cdsa_utils.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1865FCA914725B6F00FD79DF /* libsecurity_cdsa_utils.a */; }; - 1865FCAF14725BC600FD79DF /* libsecurity_cdsa_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1865FCAB14725B8B00FD79DF /* libsecurity_cdsa_client.a */; }; - 1865FCB014725BD100FD79DF /* libsecurity_cdsa_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1865FCAD14725BBA00FD79DF /* libsecurity_cdsa_utilities.a */; }; - 18A25BEE14752A48004F59F8 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C67F36D0468956400CA2E66 /* Security.framework */; }; - 18A25BEF14752A50004F59F8 /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C67F36F0468957300CA2E66 /* CoreFoundation.framework */; }; - 18B6B2A614DB72BC00EDDE5F /* libASN1.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18B6B2A514DB72BC00EDDE5F /* libASN1.a */; }; - 1FCCD2BC1CD96A7F0045DB49 /* translocate.c in Sources */ = {isa = PBXBuildFile; fileRef = 1FCCD2BA1CD96A7F0045DB49 /* translocate.c */; }; - 1FCCD2BD1CD96A7F0045DB49 /* translocate.h in Headers */ = {isa = PBXBuildFile; fileRef = 1FCCD2BB1CD96A7F0045DB49 /* translocate.h */; }; - 5287946E13CCCC32007AFF54 /* createFVMaster.c in Sources */ = {isa = PBXBuildFile; fileRef = 5287946C13CCCC32007AFF54 /* createFVMaster.c */; }; - 5287946F13CCCC32007AFF54 /* createFVMaster.h in Headers */ = {isa = PBXBuildFile; fileRef = 5287946D13CCCC32007AFF54 /* createFVMaster.h */; }; - 5287947713CCD56A007AFF54 /* srCdsaUtils.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5287947513CCD56A007AFF54 /* srCdsaUtils.cpp */; }; - 5287947813CCD56A007AFF54 /* srCdsaUtils.h in Headers */ = {isa = PBXBuildFile; fileRef = 5287947613CCD56A007AFF54 /* srCdsaUtils.h */; }; - 5E26C4DF1CC77EB200C26137 /* security_tool.h in Headers */ = {isa = PBXBuildFile; fileRef = 5E26C4DE1CC77EB200C26137 /* security_tool.h */; }; - 5E87AECD1CC7790C00B2CD90 /* smartcards.m in Sources */ = {isa = PBXBuildFile; fileRef = 5E87AECC1CC7790C00B2CD90 /* smartcards.m */; }; - AACD2C7D0E12D81D00D485EA /* db_commands.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CFE73F3048809CA00CA2E66 /* db_commands.h */; }; - AACD2C7E0E12D81D00D485EA /* key_create.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C2597F4047EFB4900CA2E66 /* key_create.h */; }; - AACD2C7F0E12D81D00D485EA /* keychain_add.h in Headers */ = {isa = PBXBuildFile; fileRef = 83C583DC0484475600933075 /* keychain_add.h */; }; - AACD2C800E12D81D00D485EA /* keychain_create.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C67F35D046885F400CA2E66 /* keychain_create.h */; }; - AACD2C810E12D81D00D485EA /* keychain_delete.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C67F3610468866E00CA2E66 /* keychain_delete.h */; }; - AACD2C820E12D81D00D485EA /* keychain_export.h in Headers */ = {isa = PBXBuildFile; fileRef = 051E64E9060F7A5F00FB8A46 /* keychain_export.h */; }; - AACD2C830E12D81D00D485EA /* keychain_find.h in Headers */ = {isa = PBXBuildFile; fileRef = 83A749330488FE6D0042026C /* keychain_find.h */; }; - AACD2C840E12D81D00D485EA /* keychain_import.h in Headers */ = {isa = PBXBuildFile; fileRef = 051E6450060F668F00FB8A46 /* keychain_import.h */; }; - AACD2C850E12D81D00D485EA /* keychain_list.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CAF1F4A046C88D300CA2E66 /* keychain_list.h */; }; - AACD2C860E12D81D00D485EA /* keychain_lock.h in Headers */ = {isa = PBXBuildFile; fileRef = 83C76BE704704CED00E9A8A8 /* keychain_lock.h */; }; - AACD2C870E12D81D00D485EA /* keychain_set_settings.h in Headers */ = {isa = PBXBuildFile; fileRef = 83CCF86704732AA300C6B016 /* keychain_set_settings.h */; }; - AACD2C880E12D81D00D485EA /* keychain_show_info.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C737568047AE5AD00CA2E66 /* keychain_show_info.h */; }; - AACD2C890E12D81D00D485EA /* keychain_unlock.h in Headers */ = {isa = PBXBuildFile; fileRef = 831FF8BD046F4CCE00CC0098 /* keychain_unlock.h */; }; - AACD2C8A0E12D81D00D485EA /* keychain_utilities.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C7A49B70469F0CB00CA2E66 /* keychain_utilities.h */; }; - AACD2C8B0E12D81D00D485EA /* leaks.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CAEBD830469D90400CA2E66 /* leaks.h */; }; - AACD2C8C0E12D81D00D485EA /* readline.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C67F3690468892B00CA2E66 /* readline.h */; }; - AACD2C8E0E12D81D00D485EA /* cmsutil.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CA9BF2C0637403D0013F16F /* cmsutil.h */; }; - AACD2C8F0E12D81D00D485EA /* mds_install.h in Headers */ = {isa = PBXBuildFile; fileRef = 0599C5F006F77CED00C2A9E0 /* mds_install.h */; }; - AACD2C900E12D81D00D485EA /* keychain_recode.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CEFD16E07BD8E10002A0D93 /* keychain_recode.h */; }; - AACD2C910E12D81D00D485EA /* trusted_cert_dump.h in Headers */ = {isa = PBXBuildFile; fileRef = 058C7A8409F6AC1C00DB7E98 /* trusted_cert_dump.h */; }; - AACD2C920E12D81D00D485EA /* trusted_cert_add.h in Headers */ = {isa = PBXBuildFile; fileRef = 058C7A8809F6AC2D00DB7E98 /* trusted_cert_add.h */; }; - AACD2C930E12D81D00D485EA /* trusted_cert_utils.h in Headers */ = {isa = PBXBuildFile; fileRef = 058C7A8A09F6AC2D00DB7E98 /* trusted_cert_utils.h */; }; - AACD2C940E12D81D00D485EA /* user_trust_enable.h in Headers */ = {isa = PBXBuildFile; fileRef = 057E14A00A1508B600886CB8 /* user_trust_enable.h */; }; - AACD2C950E12D81D00D485EA /* trust_settings_impexp.h in Headers */ = {isa = PBXBuildFile; fileRef = 05DD14A40A1A498300C46534 /* trust_settings_impexp.h */; }; - AACD2C960E12D81D00D485EA /* authz.h in Headers */ = {isa = PBXBuildFile; fileRef = 40F1827A0A4C625B00A6E783 /* authz.h */; }; - AACD2C970E12D81D00D485EA /* verify_cert.h in Headers */ = {isa = PBXBuildFile; fileRef = 056A9CEC0AD57D7C00847C65 /* verify_cert.h */; }; - AACD2C980E12D81D00D485EA /* display_error_code.h in Headers */ = {isa = PBXBuildFile; fileRef = 524654BC0D57D0F10045335E /* display_error_code.h */; }; - AACD2C9A0E12D81D00D485EA /* cmsutil.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CA9BF2606373C200013F16F /* cmsutil.c */; }; - AACD2C9B0E12D81D00D485EA /* db_commands.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CFE73F4048809CA00CA2E66 /* db_commands.cpp */; }; - AACD2C9C0E12D81D00D485EA /* key_create.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C2597F5047EFB4900CA2E66 /* key_create.c */; }; - AACD2C9D0E12D81D00D485EA /* keychain_add.c in Sources */ = {isa = PBXBuildFile; fileRef = 83C583DD0484475600933075 /* keychain_add.c */; }; - AACD2C9E0E12D81D00D485EA /* keychain_create.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C67F35E046885F400CA2E66 /* keychain_create.c */; }; - AACD2C9F0E12D81D00D485EA /* keychain_delete.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C67F3620468866E00CA2E66 /* keychain_delete.c */; }; - AACD2CA00E12D81D00D485EA /* keychain_export.c in Sources */ = {isa = PBXBuildFile; fileRef = 051E64E8060F7A5F00FB8A46 /* keychain_export.c */; }; - AACD2CA10E12D81D00D485EA /* keychain_find.c in Sources */ = {isa = PBXBuildFile; fileRef = 83A749340488FE6D0042026C /* keychain_find.c */; }; - AACD2CA20E12D81D00D485EA /* keychain_import.c in Sources */ = {isa = PBXBuildFile; fileRef = 051E6439060F607800FB8A46 /* keychain_import.c */; }; - AACD2CA30E12D81D00D485EA /* keychain_list.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CAF1F4B046C88D300CA2E66 /* keychain_list.c */; }; - AACD2CA40E12D81D00D485EA /* keychain_lock.c in Sources */ = {isa = PBXBuildFile; fileRef = 83C76BE804704CEE00E9A8A8 /* keychain_lock.c */; }; - AACD2CA50E12D81D00D485EA /* keychain_set_settings.c in Sources */ = {isa = PBXBuildFile; fileRef = 83CCF86804732AA300C6B016 /* keychain_set_settings.c */; }; - AACD2CA60E12D81D00D485EA /* keychain_show_info.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C737567047AE5AD00CA2E66 /* keychain_show_info.c */; }; - AACD2CA70E12D81D00D485EA /* keychain_unlock.c in Sources */ = {isa = PBXBuildFile; fileRef = 831FF8BF046F4CE000CC0098 /* keychain_unlock.c */; }; - AACD2CA80E12D81D00D485EA /* keychain_utilities.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C7A49B80469F0CB00CA2E66 /* keychain_utilities.c */; }; - AACD2CA90E12D81D00D485EA /* leaks.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CAEBD840469D90400CA2E66 /* leaks.c */; }; - AACD2CAA0E12D81D00D485EA /* readline.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C67F36A0468892B00CA2E66 /* readline.c */; }; - AACD2CAB0E12D81D00D485EA /* security.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C67F3550468831300CA2E66 /* security.c */; }; - AACD2CAC0E12D81D00D485EA /* mds_install.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0599C5EE06F77CE300C2A9E0 /* mds_install.cpp */; }; - AACD2CAD0E12D81D00D485EA /* keychain_recode.c in Sources */ = {isa = PBXBuildFile; fileRef = 4CEFD16D07BD8E10002A0D93 /* keychain_recode.c */; }; - AACD2CAE0E12D81D00D485EA /* trusted_cert_dump.c in Sources */ = {isa = PBXBuildFile; fileRef = 058C7A8309F6AC1C00DB7E98 /* trusted_cert_dump.c */; }; - AACD2CAF0E12D81D00D485EA /* trusted_cert_add.c in Sources */ = {isa = PBXBuildFile; fileRef = 058C7A8709F6AC2D00DB7E98 /* trusted_cert_add.c */; }; - AACD2CB00E12D81D00D485EA /* trusted_cert_utils.c in Sources */ = {isa = PBXBuildFile; fileRef = 058C7A8909F6AC2D00DB7E98 /* trusted_cert_utils.c */; }; - AACD2CB10E12D81D00D485EA /* user_trust_enable.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 057E14A10A1508B600886CB8 /* user_trust_enable.cpp */; }; - AACD2CB20E12D81D00D485EA /* trust_settings_impexp.c in Sources */ = {isa = PBXBuildFile; fileRef = 05DD14A50A1A498300C46534 /* trust_settings_impexp.c */; }; - AACD2CB30E12D81D00D485EA /* authz.c in Sources */ = {isa = PBXBuildFile; fileRef = 40F182790A4C625B00A6E783 /* authz.c */; }; - AACD2CB40E12D81D00D485EA /* verify_cert.c in Sources */ = {isa = PBXBuildFile; fileRef = 056A9CEB0AD57D7C00847C65 /* verify_cert.c */; }; - AACD2CB50E12D81D00D485EA /* display_error_code.c in Sources */ = {isa = PBXBuildFile; fileRef = 524654BB0D57D0F10045335E /* display_error_code.c */; }; - AACD2CB80E12D81D00D485EA /* security.1 in CopyFiles */ = {isa = PBXBuildFile; fileRef = C6A0FF2C0290799A04C91782 /* security.1 */; }; - BE2D8DFA0F2D3A7C0047A0F9 /* identity_find.h in Headers */ = {isa = PBXBuildFile; fileRef = BE2D8DF80F2D3A7C0047A0F9 /* identity_find.h */; }; - BE2D8DFB0F2D3A7C0047A0F9 /* identity_find.c in Sources */ = {isa = PBXBuildFile; fileRef = BE2D8DF90F2D3A7C0047A0F9 /* identity_find.c */; }; - BE851CE60E270695008295B3 /* access_utils.c in Sources */ = {isa = PBXBuildFile; fileRef = BE851CE40E270695008295B3 /* access_utils.c */; }; - BE851CE70E270695008295B3 /* access_utils.h in Headers */ = {isa = PBXBuildFile; fileRef = BE851CE50E270695008295B3 /* access_utils.h */; }; - BE926A540F253EBB00371998 /* identity_prefs.h in Headers */ = {isa = PBXBuildFile; fileRef = BE926A520F253EBB00371998 /* identity_prefs.h */; }; - BE926A550F253EBB00371998 /* identity_prefs.c in Sources */ = {isa = PBXBuildFile; fileRef = BE926A530F253EBB00371998 /* identity_prefs.c */; }; - DC1417F71CCED9DC00CFD769 /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = DC1417F61CCED9DC00CFD769 /* libutilities.a */; }; -/* End PBXBuildFile section */ - -/* Begin PBXCopyFilesBuildPhase section */ - AACD2CB70E12D81D00D485EA /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /usr/share/man/man1/; - dstSubfolderSpec = 0; - files = ( - AACD2CB80E12D81D00D485EA /* security.1 in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; - }; -/* End PBXCopyFilesBuildPhase section */ - -/* Begin PBXFileReference section */ - 051E6439060F607800FB8A46 /* keychain_import.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_import.c; sourceTree = ""; }; - 051E6450060F668F00FB8A46 /* keychain_import.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = keychain_import.h; sourceTree = ""; }; - 051E64E8060F7A5F00FB8A46 /* keychain_export.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = keychain_export.c; sourceTree = ""; }; - 051E64E9060F7A5F00FB8A46 /* keychain_export.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = keychain_export.h; sourceTree = ""; }; - 056A9CEB0AD57D7C00847C65 /* verify_cert.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = verify_cert.c; sourceTree = ""; }; - 056A9CEC0AD57D7C00847C65 /* verify_cert.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = verify_cert.h; sourceTree = ""; }; - 057E14A00A1508B600886CB8 /* user_trust_enable.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = user_trust_enable.h; sourceTree = ""; }; - 057E14A10A1508B600886CB8 /* user_trust_enable.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = user_trust_enable.cpp; sourceTree = ""; }; - 058C7A8309F6AC1C00DB7E98 /* trusted_cert_dump.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = trusted_cert_dump.c; sourceTree = ""; }; - 058C7A8409F6AC1C00DB7E98 /* trusted_cert_dump.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = trusted_cert_dump.h; sourceTree = ""; }; - 058C7A8709F6AC2D00DB7E98 /* trusted_cert_add.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = trusted_cert_add.c; sourceTree = ""; }; - 058C7A8809F6AC2D00DB7E98 /* trusted_cert_add.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = trusted_cert_add.h; sourceTree = ""; }; - 058C7A8909F6AC2D00DB7E98 /* trusted_cert_utils.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = trusted_cert_utils.c; sourceTree = ""; }; - 058C7A8A09F6AC2D00DB7E98 /* trusted_cert_utils.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = trusted_cert_utils.h; sourceTree = ""; }; - 0599C5EE06F77CE300C2A9E0 /* mds_install.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = mds_install.cpp; sourceTree = ""; }; - 0599C5F006F77CED00C2A9E0 /* mds_install.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = mds_install.h; sourceTree = ""; }; - 05DD14A40A1A498300C46534 /* trust_settings_impexp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = trust_settings_impexp.h; sourceTree = ""; }; - 05DD14A50A1A498300C46534 /* trust_settings_impexp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = trust_settings_impexp.c; sourceTree = ""; }; - 1865FCA714725B4C00FD79DF /* libsecurity_utilities.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurity_utilities.a; path = /usr/local/lib/libsecurity_utilities.a; sourceTree = ""; }; - 1865FCA914725B6F00FD79DF /* libsecurity_cdsa_utils.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurity_cdsa_utils.a; path = /usr/local/lib/libsecurity_cdsa_utils.a; sourceTree = ""; }; - 1865FCAB14725B8B00FD79DF /* libsecurity_cdsa_client.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurity_cdsa_client.a; path = /usr/local/lib/libsecurity_cdsa_client.a; sourceTree = ""; }; - 1865FCAD14725BBA00FD79DF /* libsecurity_cdsa_utilities.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurity_cdsa_utilities.a; path = /usr/local/lib/libsecurity_cdsa_utilities.a; sourceTree = ""; }; - 18A25BEA14752959004F59F8 /* debug.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 18A25BEB14752959004F59F8 /* project.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = project.xcconfig; sourceTree = ""; }; - 18A25BEC14752959004F59F8 /* release.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 18B6B2A514DB72BC00EDDE5F /* libASN1.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libASN1.a; path = /usr/local/lib/libASN1.a; sourceTree = ""; }; - 1FCCD2BA1CD96A7F0045DB49 /* translocate.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = translocate.c; sourceTree = ""; }; - 1FCCD2BB1CD96A7F0045DB49 /* translocate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = translocate.h; sourceTree = ""; }; - 40F182790A4C625B00A6E783 /* authz.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = authz.c; sourceTree = ""; }; - 40F1827A0A4C625B00A6E783 /* authz.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = authz.h; sourceTree = ""; }; - 4C2597F4047EFB4900CA2E66 /* key_create.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = key_create.h; sourceTree = ""; }; - 4C2597F5047EFB4900CA2E66 /* key_create.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = key_create.c; sourceTree = ""; }; - 4C67F3550468831300CA2E66 /* security.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = security.c; sourceTree = ""; }; - 4C67F35D046885F400CA2E66 /* keychain_create.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychain_create.h; sourceTree = ""; }; - 4C67F35E046885F400CA2E66 /* keychain_create.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_create.c; sourceTree = ""; }; - 4C67F3610468866E00CA2E66 /* keychain_delete.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychain_delete.h; sourceTree = ""; }; - 4C67F3620468866E00CA2E66 /* keychain_delete.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_delete.c; sourceTree = ""; }; - 4C67F3690468892B00CA2E66 /* readline.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = readline.h; sourceTree = ""; }; - 4C67F36A0468892B00CA2E66 /* readline.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = readline.c; sourceTree = ""; }; - 4C67F36D0468956400CA2E66 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = /System/Library/Frameworks/Security.framework; sourceTree = ""; }; - 4C67F36F0468957300CA2E66 /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = /System/Library/Frameworks/CoreFoundation.framework; sourceTree = ""; }; - 4C737567047AE5AD00CA2E66 /* keychain_show_info.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = keychain_show_info.c; sourceTree = ""; }; - 4C737568047AE5AD00CA2E66 /* keychain_show_info.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = keychain_show_info.h; sourceTree = ""; }; - 4C7A49B70469F0CB00CA2E66 /* keychain_utilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychain_utilities.h; sourceTree = ""; }; - 4C7A49B80469F0CB00CA2E66 /* keychain_utilities.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_utilities.c; sourceTree = ""; }; - 4CA9BF2606373C200013F16F /* cmsutil.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = cmsutil.c; sourceTree = ""; }; - 4CA9BF2C0637403D0013F16F /* cmsutil.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cmsutil.h; sourceTree = ""; }; - 4CAEBD830469D90400CA2E66 /* leaks.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = leaks.h; sourceTree = ""; }; - 4CAEBD840469D90400CA2E66 /* leaks.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = leaks.c; sourceTree = ""; }; - 4CAF1F4A046C88D300CA2E66 /* keychain_list.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychain_list.h; sourceTree = ""; }; - 4CAF1F4B046C88D300CA2E66 /* keychain_list.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_list.c; sourceTree = ""; }; - 4CEFD16D07BD8E10002A0D93 /* keychain_recode.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = keychain_recode.c; sourceTree = ""; }; - 4CEFD16E07BD8E10002A0D93 /* keychain_recode.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = keychain_recode.h; sourceTree = ""; }; - 4CFE73F3048809CA00CA2E66 /* db_commands.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = db_commands.h; sourceTree = ""; }; - 4CFE73F4048809CA00CA2E66 /* db_commands.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = db_commands.cpp; sourceTree = ""; }; - 524654BB0D57D0F10045335E /* display_error_code.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = display_error_code.c; sourceTree = ""; }; - 524654BC0D57D0F10045335E /* display_error_code.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = display_error_code.h; sourceTree = ""; }; - 5287946C13CCCC32007AFF54 /* createFVMaster.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = createFVMaster.c; sourceTree = ""; }; - 5287946D13CCCC32007AFF54 /* createFVMaster.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = createFVMaster.h; sourceTree = ""; }; - 5287947513CCD56A007AFF54 /* srCdsaUtils.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = srCdsaUtils.cpp; sourceTree = ""; }; - 5287947613CCD56A007AFF54 /* srCdsaUtils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = srCdsaUtils.h; sourceTree = ""; }; - 5E26C4DE1CC77EB200C26137 /* security_tool.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = security_tool.h; sourceTree = ""; }; - 5E87AECB1CC7789800B2CD90 /* smartcards.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = smartcards.h; sourceTree = ""; }; - 5E87AECC1CC7790C00B2CD90 /* smartcards.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = smartcards.m; sourceTree = ""; }; - 831FF8BD046F4CCE00CC0098 /* keychain_unlock.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = keychain_unlock.h; sourceTree = ""; }; - 831FF8BF046F4CE000CC0098 /* keychain_unlock.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = keychain_unlock.c; sourceTree = ""; }; - 83A749330488FE6D0042026C /* keychain_find.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychain_find.h; sourceTree = ""; }; - 83A749340488FE6D0042026C /* keychain_find.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_find.c; sourceTree = ""; }; - 83C583DC0484475600933075 /* keychain_add.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychain_add.h; sourceTree = ""; }; - 83C583DD0484475600933075 /* keychain_add.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_add.c; sourceTree = ""; }; - 83C76BE704704CED00E9A8A8 /* keychain_lock.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychain_lock.h; sourceTree = ""; }; - 83C76BE804704CEE00E9A8A8 /* keychain_lock.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_lock.c; sourceTree = ""; }; - 83CCF86704732AA300C6B016 /* keychain_set_settings.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = keychain_set_settings.h; sourceTree = ""; }; - 83CCF86804732AA300C6B016 /* keychain_set_settings.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = keychain_set_settings.c; sourceTree = ""; }; - AACD2CBE0E12D81D00D485EA /* security */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = security; sourceTree = BUILT_PRODUCTS_DIR; }; - BE2D8DF80F2D3A7C0047A0F9 /* identity_find.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = identity_find.h; sourceTree = ""; }; - BE2D8DF90F2D3A7C0047A0F9 /* identity_find.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = identity_find.c; sourceTree = ""; }; - BE851CE40E270695008295B3 /* access_utils.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = access_utils.c; sourceTree = ""; }; - BE851CE50E270695008295B3 /* access_utils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = access_utils.h; sourceTree = ""; }; - BE926A520F253EBB00371998 /* identity_prefs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = identity_prefs.h; sourceTree = ""; }; - BE926A530F253EBB00371998 /* identity_prefs.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = identity_prefs.c; sourceTree = ""; }; - C6A0FF2C0290799A04C91782 /* security.1 */ = {isa = PBXFileReference; lastKnownFileType = text.man; path = security.1; sourceTree = ""; }; - DC1417F61CCED9DC00CFD769 /* libutilities.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libutilities.a; path = "../../../Library/Developer/Xcode/DerivedData/Security-fkwwcnddijtngfaslvsedvgyzbou/Build/Products/Debug/libutilities.a"; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - AACD2CB60E12D81D00D485EA /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 18B6B2A614DB72BC00EDDE5F /* libASN1.a in Frameworks */, - 18A25BEF14752A50004F59F8 /* CoreFoundation.framework in Frameworks */, - 18A25BEE14752A48004F59F8 /* Security.framework in Frameworks */, - DC1417F71CCED9DC00CFD769 /* libutilities.a in Frameworks */, - 1865FCAF14725BC600FD79DF /* libsecurity_cdsa_client.a in Frameworks */, - 1865FCB014725BD100FD79DF /* libsecurity_cdsa_utilities.a in Frameworks */, - 1865FCAA14725B6F00FD79DF /* libsecurity_cdsa_utils.a in Frameworks */, - 1865FCA814725B4D00FD79DF /* libsecurity_utilities.a in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 08FB7794FE84155DC02AAC07 /* SecurityTool */ = { - isa = PBXGroup; - children = ( - 18A25BE914752959004F59F8 /* config */, - 08FB7795FE84155DC02AAC07 /* Source */, - C6A0FF2B0290797F04C91782 /* Documentation */, - 4C67F3710468957A00CA2E66 /* Frameworks */, - 1AB674ADFE9D54B511CA2CBB /* Products */, - ); - name = SecurityTool; - sourceTree = ""; - }; - 08FB7795FE84155DC02AAC07 /* Source */ = { - isa = PBXGroup; - children = ( - 5287947513CCD56A007AFF54 /* srCdsaUtils.cpp */, - 5287947613CCD56A007AFF54 /* srCdsaUtils.h */, - 5287946C13CCCC32007AFF54 /* createFVMaster.c */, - 5287946D13CCCC32007AFF54 /* createFVMaster.h */, - 0599C5F006F77CED00C2A9E0 /* mds_install.h */, - 0599C5EE06F77CE300C2A9E0 /* mds_install.cpp */, - 4CA9BF2606373C200013F16F /* cmsutil.c */, - 4CA9BF2C0637403D0013F16F /* cmsutil.h */, - 4CFE73F4048809CA00CA2E66 /* db_commands.cpp */, - 4CFE73F3048809CA00CA2E66 /* db_commands.h */, - 524654BB0D57D0F10045335E /* display_error_code.c */, - 524654BC0D57D0F10045335E /* display_error_code.h */, - 058C7A8309F6AC1C00DB7E98 /* trusted_cert_dump.c */, - 058C7A8409F6AC1C00DB7E98 /* trusted_cert_dump.h */, - BE2D8DF90F2D3A7C0047A0F9 /* identity_find.c */, - BE2D8DF80F2D3A7C0047A0F9 /* identity_find.h */, - BE926A530F253EBB00371998 /* identity_prefs.c */, - BE926A520F253EBB00371998 /* identity_prefs.h */, - 4C2597F5047EFB4900CA2E66 /* key_create.c */, - 4C2597F4047EFB4900CA2E66 /* key_create.h */, - 83C583DD0484475600933075 /* keychain_add.c */, - 83C583DC0484475600933075 /* keychain_add.h */, - 4C67F35E046885F400CA2E66 /* keychain_create.c */, - 4C67F35D046885F400CA2E66 /* keychain_create.h */, - 4C67F3620468866E00CA2E66 /* keychain_delete.c */, - 4C67F3610468866E00CA2E66 /* keychain_delete.h */, - 051E64E8060F7A5F00FB8A46 /* keychain_export.c */, - 051E64E9060F7A5F00FB8A46 /* keychain_export.h */, - 83A749340488FE6D0042026C /* keychain_find.c */, - 83A749330488FE6D0042026C /* keychain_find.h */, - 051E6439060F607800FB8A46 /* keychain_import.c */, - 051E6450060F668F00FB8A46 /* keychain_import.h */, - 4CAF1F4B046C88D300CA2E66 /* keychain_list.c */, - 4CAF1F4A046C88D300CA2E66 /* keychain_list.h */, - 83C76BE804704CEE00E9A8A8 /* keychain_lock.c */, - 83C76BE704704CED00E9A8A8 /* keychain_lock.h */, - 4CEFD16D07BD8E10002A0D93 /* keychain_recode.c */, - 4CEFD16E07BD8E10002A0D93 /* keychain_recode.h */, - 83CCF86804732AA300C6B016 /* keychain_set_settings.c */, - 83CCF86704732AA300C6B016 /* keychain_set_settings.h */, - 4C737567047AE5AD00CA2E66 /* keychain_show_info.c */, - 4C737568047AE5AD00CA2E66 /* keychain_show_info.h */, - 831FF8BF046F4CE000CC0098 /* keychain_unlock.c */, - 831FF8BD046F4CCE00CC0098 /* keychain_unlock.h */, - 4C7A49B80469F0CB00CA2E66 /* keychain_utilities.c */, - 4C7A49B70469F0CB00CA2E66 /* keychain_utilities.h */, - 4CAEBD840469D90400CA2E66 /* leaks.c */, - 4CAEBD830469D90400CA2E66 /* leaks.h */, - 4C67F36A0468892B00CA2E66 /* readline.c */, - 4C67F3690468892B00CA2E66 /* readline.h */, - 4C67F3550468831300CA2E66 /* security.c */, - 5E26C4DE1CC77EB200C26137 /* security_tool.h */, - 058C7A8709F6AC2D00DB7E98 /* trusted_cert_add.c */, - 058C7A8809F6AC2D00DB7E98 /* trusted_cert_add.h */, - 058C7A8909F6AC2D00DB7E98 /* trusted_cert_utils.c */, - 058C7A8A09F6AC2D00DB7E98 /* trusted_cert_utils.h */, - 05DD14A40A1A498300C46534 /* trust_settings_impexp.h */, - 05DD14A50A1A498300C46534 /* trust_settings_impexp.c */, - 057E14A00A1508B600886CB8 /* user_trust_enable.h */, - 057E14A10A1508B600886CB8 /* user_trust_enable.cpp */, - 40F1827A0A4C625B00A6E783 /* authz.h */, - 40F182790A4C625B00A6E783 /* authz.c */, - 056A9CEB0AD57D7C00847C65 /* verify_cert.c */, - 056A9CEC0AD57D7C00847C65 /* verify_cert.h */, - BE851CE40E270695008295B3 /* access_utils.c */, - BE851CE50E270695008295B3 /* access_utils.h */, - 5E87AECB1CC7789800B2CD90 /* smartcards.h */, - 5E87AECC1CC7790C00B2CD90 /* smartcards.m */, - 1FCCD2BA1CD96A7F0045DB49 /* translocate.c */, - 1FCCD2BB1CD96A7F0045DB49 /* translocate.h */, - ); - name = Source; - sourceTree = ""; - }; - 18A25BE914752959004F59F8 /* config */ = { - isa = PBXGroup; - children = ( - 18A25BEA14752959004F59F8 /* debug.xcconfig */, - 18A25BEB14752959004F59F8 /* project.xcconfig */, - 18A25BEC14752959004F59F8 /* release.xcconfig */, - ); - path = config; - sourceTree = ""; - }; - 1AB674ADFE9D54B511CA2CBB /* Products */ = { - isa = PBXGroup; - children = ( - AACD2CBE0E12D81D00D485EA /* security */, - ); - name = Products; - sourceTree = ""; - }; - 4C67F3710468957A00CA2E66 /* Frameworks */ = { - isa = PBXGroup; - children = ( - DC1417F61CCED9DC00CFD769 /* libutilities.a */, - 18B6B2A514DB72BC00EDDE5F /* libASN1.a */, - 1865FCAD14725BBA00FD79DF /* libsecurity_cdsa_utilities.a */, - 1865FCAB14725B8B00FD79DF /* libsecurity_cdsa_client.a */, - 1865FCA914725B6F00FD79DF /* libsecurity_cdsa_utils.a */, - 1865FCA714725B4C00FD79DF /* libsecurity_utilities.a */, - 4C67F36F0468957300CA2E66 /* CoreFoundation.framework */, - 4C67F36D0468956400CA2E66 /* Security.framework */, - ); - name = Frameworks; - sourceTree = ""; - }; - C6A0FF2B0290797F04C91782 /* Documentation */ = { - isa = PBXGroup; - children = ( - C6A0FF2C0290799A04C91782 /* security.1 */, - ); - name = Documentation; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - AACD2C7C0E12D81D00D485EA /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - AACD2C7D0E12D81D00D485EA /* db_commands.h in Headers */, - AACD2C7E0E12D81D00D485EA /* key_create.h in Headers */, - AACD2C7F0E12D81D00D485EA /* keychain_add.h in Headers */, - AACD2C800E12D81D00D485EA /* keychain_create.h in Headers */, - AACD2C810E12D81D00D485EA /* keychain_delete.h in Headers */, - AACD2C820E12D81D00D485EA /* keychain_export.h in Headers */, - AACD2C830E12D81D00D485EA /* keychain_find.h in Headers */, - AACD2C840E12D81D00D485EA /* keychain_import.h in Headers */, - AACD2C850E12D81D00D485EA /* keychain_list.h in Headers */, - AACD2C860E12D81D00D485EA /* keychain_lock.h in Headers */, - AACD2C870E12D81D00D485EA /* keychain_set_settings.h in Headers */, - AACD2C880E12D81D00D485EA /* keychain_show_info.h in Headers */, - AACD2C890E12D81D00D485EA /* keychain_unlock.h in Headers */, - AACD2C8A0E12D81D00D485EA /* keychain_utilities.h in Headers */, - AACD2C8B0E12D81D00D485EA /* leaks.h in Headers */, - AACD2C8C0E12D81D00D485EA /* readline.h in Headers */, - AACD2C8E0E12D81D00D485EA /* cmsutil.h in Headers */, - AACD2C8F0E12D81D00D485EA /* mds_install.h in Headers */, - AACD2C900E12D81D00D485EA /* keychain_recode.h in Headers */, - AACD2C910E12D81D00D485EA /* trusted_cert_dump.h in Headers */, - AACD2C920E12D81D00D485EA /* trusted_cert_add.h in Headers */, - AACD2C930E12D81D00D485EA /* trusted_cert_utils.h in Headers */, - AACD2C940E12D81D00D485EA /* user_trust_enable.h in Headers */, - AACD2C950E12D81D00D485EA /* trust_settings_impexp.h in Headers */, - AACD2C960E12D81D00D485EA /* authz.h in Headers */, - 1FCCD2BD1CD96A7F0045DB49 /* translocate.h in Headers */, - 5E26C4DF1CC77EB200C26137 /* security_tool.h in Headers */, - AACD2C970E12D81D00D485EA /* verify_cert.h in Headers */, - AACD2C980E12D81D00D485EA /* display_error_code.h in Headers */, - BE851CE70E270695008295B3 /* access_utils.h in Headers */, - BE926A540F253EBB00371998 /* identity_prefs.h in Headers */, - BE2D8DFA0F2D3A7C0047A0F9 /* identity_find.h in Headers */, - 5287946F13CCCC32007AFF54 /* createFVMaster.h in Headers */, - 5287947813CCD56A007AFF54 /* srCdsaUtils.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - AACD2C7B0E12D81D00D485EA /* security */ = { - isa = PBXNativeTarget; - buildConfigurationList = AACD2CB90E12D81D00D485EA /* Build configuration list for PBXNativeTarget "security" */; - buildPhases = ( - AACD2C7C0E12D81D00D485EA /* Headers */, - AACD2C990E12D81D00D485EA /* Sources */, - AACD2CB60E12D81D00D485EA /* Frameworks */, - AACD2CB70E12D81D00D485EA /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = security; - productInstallPath = /usr/bin; - productName = SecurityTool; - productReference = AACD2CBE0E12D81D00D485EA /* security */; - productType = "com.apple.product-type.tool"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 08FB7793FE84155DC02AAC07 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD1BA0987FCDB001272E0 /* Build configuration list for PBXProject "SecurityTool" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - English, - Japanese, - French, - German, - ); - mainGroup = 08FB7794FE84155DC02AAC07 /* SecurityTool */; - projectDirPath = ""; - projectRoot = ""; - targets = ( - AACD2C7B0E12D81D00D485EA /* security */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXSourcesBuildPhase section */ - AACD2C990E12D81D00D485EA /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - AACD2C9A0E12D81D00D485EA /* cmsutil.c in Sources */, - AACD2C9B0E12D81D00D485EA /* db_commands.cpp in Sources */, - AACD2C9C0E12D81D00D485EA /* key_create.c in Sources */, - AACD2C9D0E12D81D00D485EA /* keychain_add.c in Sources */, - AACD2C9E0E12D81D00D485EA /* keychain_create.c in Sources */, - AACD2C9F0E12D81D00D485EA /* keychain_delete.c in Sources */, - AACD2CA00E12D81D00D485EA /* keychain_export.c in Sources */, - AACD2CA10E12D81D00D485EA /* keychain_find.c in Sources */, - AACD2CA20E12D81D00D485EA /* keychain_import.c in Sources */, - AACD2CA30E12D81D00D485EA /* keychain_list.c in Sources */, - AACD2CA40E12D81D00D485EA /* keychain_lock.c in Sources */, - AACD2CA50E12D81D00D485EA /* keychain_set_settings.c in Sources */, - AACD2CA60E12D81D00D485EA /* keychain_show_info.c in Sources */, - AACD2CA70E12D81D00D485EA /* keychain_unlock.c in Sources */, - AACD2CA80E12D81D00D485EA /* keychain_utilities.c in Sources */, - AACD2CA90E12D81D00D485EA /* leaks.c in Sources */, - AACD2CAA0E12D81D00D485EA /* readline.c in Sources */, - 5E87AECD1CC7790C00B2CD90 /* smartcards.m in Sources */, - AACD2CAB0E12D81D00D485EA /* security.c in Sources */, - AACD2CAC0E12D81D00D485EA /* mds_install.cpp in Sources */, - AACD2CAD0E12D81D00D485EA /* keychain_recode.c in Sources */, - AACD2CAE0E12D81D00D485EA /* trusted_cert_dump.c in Sources */, - AACD2CAF0E12D81D00D485EA /* trusted_cert_add.c in Sources */, - AACD2CB00E12D81D00D485EA /* trusted_cert_utils.c in Sources */, - AACD2CB10E12D81D00D485EA /* user_trust_enable.cpp in Sources */, - AACD2CB20E12D81D00D485EA /* trust_settings_impexp.c in Sources */, - AACD2CB30E12D81D00D485EA /* authz.c in Sources */, - 1FCCD2BC1CD96A7F0045DB49 /* translocate.c in Sources */, - AACD2CB40E12D81D00D485EA /* verify_cert.c in Sources */, - AACD2CB50E12D81D00D485EA /* display_error_code.c in Sources */, - BE851CE60E270695008295B3 /* access_utils.c in Sources */, - BE926A550F253EBB00371998 /* identity_prefs.c in Sources */, - BE2D8DFB0F2D3A7C0047A0F9 /* identity_find.c in Sources */, - 5287946E13CCCC32007AFF54 /* createFVMaster.c in Sources */, - 5287947713CCD56A007AFF54 /* srCdsaUtils.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin XCBuildConfiguration section */ - AACD2CBA0E12D81D00D485EA /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18A25BEA14752959004F59F8 /* debug.xcconfig */; - buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - INSTALL_PATH = /usr/bin; - }; - name = Debug; - }; - AACD2CBD0E12D81D00D485EA /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18A25BEC14752959004F59F8 /* release.xcconfig */; - buildSettings = { - CLANG_ENABLE_OBJC_ARC = YES; - INSTALL_PATH = /usr/bin; - }; - name = Release; - }; - C27AD1BB0987FCDB001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18A25BEB14752959004F59F8 /* project.xcconfig */; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - HEADER_SEARCH_PATHS = ( - "${CONFIGURATION_BUILD_DIR}/usr/local/include", - "$(PROJECT_DIR)/../OSX/include", - "$(PROJECT_DIR)/../OSX/utilities", - "$(inherited)", - ); - ONLY_ACTIVE_ARCH = YES; - SDKROOT = macosx.internal; - USER_HEADER_SEARCH_PATHS = ""; - }; - name = Debug; - }; - C27AD1BE0987FCDB001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 18A25BEB14752959004F59F8 /* project.xcconfig */; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - HEADER_SEARCH_PATHS = ( - "${CONFIGURATION_BUILD_DIR}/usr/local/include", - "$(PROJECT_DIR)/../OSX/include", - "$(PROJECT_DIR)/../OSX/utilities", - "$(SDKROOT)/usr/local/include", - "$(inherited)", - ); - SDKROOT = macosx.internal; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - AACD2CB90E12D81D00D485EA /* Build configuration list for PBXNativeTarget "security" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - AACD2CBA0E12D81D00D485EA /* Debug */, - AACD2CBD0E12D81D00D485EA /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD1BA0987FCDB001272E0 /* Build configuration list for PBXProject "SecurityTool" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD1BB0987FCDB001272E0 /* Debug */, - C27AD1BE0987FCDB001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 08FB7793FE84155DC02AAC07 /* Project object */; -} diff --git a/SecurityTool/authz.c b/SecurityTool/authz.c index c0526353..44974aed 100644 --- a/SecurityTool/authz.c +++ b/SecurityTool/authz.c @@ -37,7 +37,7 @@ read_auth_ref_from_stdin() { AuthorizationRef auth_ref = NULL; AuthorizationExternalForm extform; - size_t bytes_read; + ssize_t bytes_read; while (kAuthorizationExternalFormLength != (bytes_read = read(STDIN_FILENO, &extform, kAuthorizationExternalFormLength))) { @@ -59,7 +59,7 @@ static int write_auth_ref_to_stdout(AuthorizationRef auth_ref) { AuthorizationExternalForm extform; - size_t bytes_written; + ssize_t bytes_written; if (AuthorizationMakeExternalForm(auth_ref, &extform)) return -1; @@ -94,7 +94,7 @@ write_dict_to_stdout(CFDictionaryRef dict) static CFDictionaryRef read_dict_from_stdin() { - size_t bytes_read = 0; + ssize_t bytes_read = 0; uint8_t buffer[4096]; CFMutableDataRef data = CFDataCreateMutable(kCFAllocatorDefault, 0); CFErrorRef err = NULL; diff --git a/SecurityTool/cmsutil.c b/SecurityTool/cmsutil.c index 79cd8ba5..1c98d51b 100644 --- a/SecurityTool/cmsutil.c +++ b/SecurityTool/cmsutil.c @@ -902,7 +902,10 @@ static OSStatus get_enc_params(struct encryptOptionsStr *encryptOptions) envelopeOptions.options = encryptOptions->options; envelopeOptions.recipients = encryptOptions->recipients; env_cmsg = enveloped_data(&envelopeOptions); - SecCmsMessageEncode(env_cmsg, &dummyIn, tmparena, &dummyOut); + rv = SecCmsMessageEncode(env_cmsg, &dummyIn, tmparena, &dummyOut); + if (rv) { + goto loser; + } fwrite(dummyOut.Data, 1, dummyOut.Length,encryptOptions->envFile); SecArenaPoolFree(tmparena, false); diff --git a/SecurityTool/config/debug.xcconfig b/SecurityTool/config/debug.xcconfig deleted file mode 100644 index 937d1775..00000000 --- a/SecurityTool/config/debug.xcconfig +++ /dev/null @@ -1,3 +0,0 @@ -GCC_OPTIMIZATION_LEVEL = 0 -GCC_PREPROCESSOR_DEFINITIONS = DEBUG=1 $(inherited) -COPY_PHASE_STRIP = NO diff --git a/SecurityTool/config/project.xcconfig b/SecurityTool/config/project.xcconfig deleted file mode 100644 index 3bcf34e0..00000000 --- a/SecurityTool/config/project.xcconfig +++ /dev/null @@ -1,26 +0,0 @@ -ARCHS[sdk=macosx*] = $(ARCHS_STANDARD_32_64_BIT) -CODE_SIGN_IDENTITY = -; -GCC_VERSION = com.apple.compilers.llvm.clang.1_0 -DEBUG_INFORMATION_FORMAT = dwarf-with-dsym -SDKROOT = -CURRENT_PROJECT_VERSION = $(RC_ProjectSourceVersion) -VERSIONING_SYSTEM = apple-generic; -DEAD_CODE_STRIPPING = YES; - -FRAMEWORK_SEARCH_PATHS = $(SYSTEM_LIBRARY_DIR)/PrivateFrameworks - -PRODUCT_NAME = $(TARGET_NAME) - -ALWAYS_SEARCH_USER_PATHS = NO - -GCC_C_LANGUAGE_STANDARD = gnu99 - -WARNING_CFLAGS = -Wmost -Wno-four-char-constants -Wno-unknown-pragmas $(inherited) - -GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO - -GCC_WARN_64_TO_32_BIT_CONVERSION = YES -GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES -GCC_WARN_ABOUT_RETURN_TYPE = YES -GCC_WARN_UNUSED_VARIABLE = YES -GCC_PREPROCESSOR_DEFINITIONS = $(inherited) OSSPINLOCK_USE_INLINED=0 diff --git a/SecurityTool/config/release.xcconfig b/SecurityTool/config/release.xcconfig deleted file mode 100644 index dc5f8761..00000000 --- a/SecurityTool/config/release.xcconfig +++ /dev/null @@ -1,3 +0,0 @@ -GCC_PREPROCESSOR_DEFINITIONS = NDEBUG=1 $(inherited) -COPY_PHASE_STRIP = YES - diff --git a/SecurityTool/createFVMaster.c b/SecurityTool/createFVMaster.c index 3f8d6e89..4cbeb9d3 100644 --- a/SecurityTool/createFVMaster.c +++ b/SecurityTool/createFVMaster.c @@ -25,7 +25,7 @@ #include "createFVMaster.h" -#include "readline.h" +#include "readline_cssm.h" #include "security_tool.h" #include diff --git a/SecurityTool/db_commands.cpp b/SecurityTool/db_commands.cpp index 69533b56..571ed65b 100644 --- a/SecurityTool/db_commands.cpp +++ b/SecurityTool/db_commands.cpp @@ -25,7 +25,7 @@ #include "db_commands.h" -#include "readline.h" +#include "readline_cssm.h" #include "security_tool.h" #include diff --git a/SecurityTool/keychain_add.c b/SecurityTool/keychain_add.c index a53ecb8b..0e70bf39 100644 --- a/SecurityTool/keychain_add.c +++ b/SecurityTool/keychain_add.c @@ -25,7 +25,7 @@ #include "keychain_add.h" #include "keychain_find.h" -#include "readline.h" +#include "readline_cssm.h" #include "security_tool.h" #include "access_utils.h" #include "keychain_utilities.h" diff --git a/SecurityTool/keychain_create.c b/SecurityTool/keychain_create.c index 50f90f0c..00e8549d 100644 --- a/SecurityTool/keychain_create.c +++ b/SecurityTool/keychain_create.c @@ -25,7 +25,7 @@ #include "keychain_create.h" -#include "readline.h" +#include "readline_cssm.h" #include "security_tool.h" #include diff --git a/SecurityTool/keychain_delete.c b/SecurityTool/keychain_delete.c index a74c48b8..6ef85243 100644 --- a/SecurityTool/keychain_delete.c +++ b/SecurityTool/keychain_delete.c @@ -1,15 +1,15 @@ /* - * Copyright (c) 2003-2010,2012,2014 Apple Inc. All Rights Reserved. + * Copyright (c) 2003-2017 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -17,7 +17,7 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_LICENSE_HEADER_END@ * * keychain_delete.c @@ -29,6 +29,7 @@ #include "keychain_utilities.h" #include "security_tool.h" #include +#include #include #include #include @@ -48,49 +49,93 @@ do_delete(CFTypeRef keychainOrArray) } static int -do_delete_certificate(CFTypeRef keychainOrArray, const char *name, const char *hash, Boolean deleteTrust) +do_delete_certificate(CFTypeRef keychainOrArray, const char *name, const char *hash, + Boolean deleteTrust, Boolean deleteIdentity) { - OSStatus result = noErr; - SecKeychainItemRef itemToDelete = NULL; - if (!name && !hash) { - return 2; - } - - itemToDelete = find_unique_certificate(keychainOrArray, name, hash); - if (itemToDelete) { - if (deleteTrust) { - result = SecTrustSettingsRemoveTrustSettings((SecCertificateRef)itemToDelete, - kSecTrustSettingsDomainUser); - if (result && result != errSecItemNotFound) { - sec_perror("SecTrustSettingsRemoveTrustSettings (user)", result); - } - if (geteuid() == 0) { - result = SecTrustSettingsRemoveTrustSettings((SecCertificateRef)itemToDelete, - kSecTrustSettingsDomainAdmin); - if (result && result != errSecItemNotFound) { - sec_perror("SecTrustSettingsRemoveTrustSettings (admin)", result); - } - } - } - result = SecKeychainItemDelete(itemToDelete); - if (result) { - sec_perror("SecKeychainItemDelete", result); - goto cleanup; - } - } else { - result = 1; - fprintf(stderr, "Unable to delete certificate matching \"%s\"", - (name) ? name : (hash) ? hash : ""); - } + OSStatus result = noErr; + SecKeychainItemRef itemToDelete = NULL; + if (!name && !hash) { + return 2; + } + + itemToDelete = find_unique_certificate(keychainOrArray, name, hash); + if (itemToDelete) { + OSStatus status = noErr; + if (deleteTrust) { + status = SecTrustSettingsRemoveTrustSettings((SecCertificateRef)itemToDelete, + kSecTrustSettingsDomainUser); + if (status) { + // if trust settings do not exist, it's not an error. + if (status != errSecItemNotFound) { + result = status; + sec_perror("SecTrustSettingsRemoveTrustSettings (user)", result); + } + } + if (geteuid() == 0) { + status = SecTrustSettingsRemoveTrustSettings((SecCertificateRef)itemToDelete, + kSecTrustSettingsDomainAdmin); + if (status) { + if (status != errSecItemNotFound) { + result = status; + sec_perror("SecTrustSettingsRemoveTrustSettings (admin)", result); + } + } + } + } + if (!result && deleteIdentity) { + SecIdentityRef identity = NULL; + status = SecIdentityCreateWithCertificate(keychainOrArray, + (SecCertificateRef)itemToDelete, + &identity); + if (status) { + // if the private key doesn't exist, and we succeed in deleting + // the certificate, overall result will still be good. + if (status == errSecItemNotFound) { + status = noErr; + } else { + result = status; + } + } else { + SecKeyRef keyToDelete = NULL; + status = SecIdentityCopyPrivateKey(identity, &keyToDelete); + if (status) { + result = status; + } else { + result = SecKeychainItemDelete((SecKeychainItemRef)keyToDelete); + if (result) { + sec_perror("SecKeychainItemDelete", result); + } + } + safe_CFRelease(&keyToDelete); + } + safe_CFRelease(&identity); + + if (status) { + fprintf(stderr, "Unable to obtain private key reference for \"%s\" (error %d)", + (name) ? name : (hash) ? hash : "", (int) status); + } + } + if (!result) { + result = SecKeychainItemDelete(itemToDelete); + if (result) { + sec_perror("SecKeychainItemDelete", result); + goto cleanup; + } + } + } else { + result = 1; + fprintf(stderr, "Unable to delete certificate matching \"%s\"", + (name) ? name : (hash) ? hash : ""); + } cleanup: - safe_CFRelease(&itemToDelete); + safe_CFRelease(&itemToDelete); - return result; + return result; } -int -keychain_delete_certificate(int argc, char * const *argv) +static int +keychain_delete_cert_common(int argc, char * const *argv, Boolean delete_identity) { CFTypeRef keychainOrArray = NULL; char *name = NULL; @@ -98,7 +143,7 @@ keychain_delete_certificate(int argc, char * const *argv) Boolean delete_trust = FALSE; int ch, result = 0; - while ((ch = getopt(argc, argv, "hc:Z:t")) != -1) + while ((ch = getopt(argc, argv, "hc:Z:t")) != -1) { switch (ch) { @@ -123,7 +168,7 @@ keychain_delete_certificate(int argc, char * const *argv) keychainOrArray = keychain_create_array(argc, argv); - result = do_delete_certificate(keychainOrArray, name, hash, delete_trust); + result = do_delete_certificate(keychainOrArray, name, hash, delete_trust, delete_identity); cleanup: safe_CFRelease(&keychainOrArray); @@ -131,13 +176,25 @@ cleanup: return result; } +int +keychain_delete_certificate(int argc, char * const *argv) +{ + return keychain_delete_cert_common(argc, argv, FALSE); +} + +int +keychain_delete_identity(int argc, char * const *argv) +{ + return keychain_delete_cert_common(argc, argv, TRUE); +} + int keychain_delete(int argc, char * const *argv) { CFTypeRef keychainOrArray = NULL; int ch, result = 0; - while ((ch = getopt(argc, argv, "h")) != -1) + while ((ch = getopt(argc, argv, "h")) != -1) { switch (ch) { diff --git a/SecurityTool/keychain_delete.h b/SecurityTool/keychain_delete.h index 03e00878..a184bd48 100644 --- a/SecurityTool/keychain_delete.h +++ b/SecurityTool/keychain_delete.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003-2009 Apple Inc. All Rights Reserved. + * Copyright (c) 2003-2017 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * @@ -32,6 +32,8 @@ extern "C" { extern int keychain_delete_certificate(int argc, char * const *argv); +extern int keychain_delete_identity(int argc, char * const *argv); + extern int keychain_delete(int argc, char * const *argv); #ifdef __cplusplus diff --git a/SecurityTool/keychain_export.c b/SecurityTool/keychain_export.c index e9bdf6e8..23559a88 100644 --- a/SecurityTool/keychain_export.c +++ b/SecurityTool/keychain_export.c @@ -665,8 +665,11 @@ ctk_dump(CFTypeRef secClass, const char *name, const char *tid) stat = SecItemCopyMatching(query, (CFTypeRef *)&result); if(stat) { - sec_error("SecItemCopyMatching: %x (%d) - %s", - stat, stat, sec_errstr(stat)); + if (stat == errSecItemNotFound) { + fprintf(stderr, "No items found.\n"); + } else { + sec_error("SecItemCopyMatching: %x (%d) - %s", stat, stat, sec_errstr(stat)); + } goto cleanup; } @@ -731,7 +734,7 @@ ctk_export(int argc, char * const *argv) const char* names[] = { "certificate", "private key", "identity" }; ItemSpec specs[] = { IS_Certs, IS_PrivKeys, IS_Identities }; - for(int i = 0; i < sizeof(classes)/sizeof(classes[0]); i++) { + for(size_t i = 0; i < sizeof(classes)/sizeof(classes[0]); i++) { if(specs[i] == itemSpec || itemSpec == IS_All) { stat = ctk_dump(classes[i], names[i], tid); if(stat) { diff --git a/SecurityTool/keychain_find.c b/SecurityTool/keychain_find.c index 529ea5fc..51776602 100644 --- a/SecurityTool/keychain_find.c +++ b/SecurityTool/keychain_find.c @@ -26,7 +26,7 @@ #include "keychain_find.h" #include "keychain_utilities.h" -#include "readline.h" +#include "readline_cssm.h" #include "security_tool.h" #include @@ -424,11 +424,11 @@ do_password_item_printing( SecKeychainItemRef itemRef, } else { char *password = (char *) passwordData; int doHex = 0; - for(int i=0; i diff --git a/SecurityTool/keychain_recode.c b/SecurityTool/keychain_recode.c index 25239bfe..ddfba2ab 100644 --- a/SecurityTool/keychain_recode.c +++ b/SecurityTool/keychain_recode.c @@ -26,7 +26,7 @@ #include "keychain_recode.h" #include "keychain_utilities.h" -#include "readline.h" +#include "readline_cssm.h" #include "security_tool.h" #include diff --git a/SecurityTool/keychain_set_settings.c b/SecurityTool/keychain_set_settings.c index 00324a6f..dcbca48f 100644 --- a/SecurityTool/keychain_set_settings.c +++ b/SecurityTool/keychain_set_settings.c @@ -25,7 +25,7 @@ #include "keychain_set_settings.h" #include "keychain_utilities.h" -#include "readline.h" +#include "readline_cssm.h" #include "security_tool.h" #include diff --git a/SecurityTool/keychain_show_info.c b/SecurityTool/keychain_show_info.c index 5dc269ab..0952f051 100644 --- a/SecurityTool/keychain_show_info.c +++ b/SecurityTool/keychain_show_info.c @@ -25,7 +25,7 @@ #include "keychain_show_info.h" #include "keychain_utilities.h" -#include "readline.h" +#include "readline_cssm.h" #include "security_tool.h" #include diff --git a/SecurityTool/keychain_unlock.c b/SecurityTool/keychain_unlock.c index 76f3f0d5..1b5b5cab 100644 --- a/SecurityTool/keychain_unlock.c +++ b/SecurityTool/keychain_unlock.c @@ -24,7 +24,7 @@ */ #include "keychain_unlock.h" -#include "readline.h" +#include "readline_cssm.h" #include "keychain_utilities.h" #include "security_tool.h" diff --git a/SecurityTool/keychain_utilities.c b/SecurityTool/keychain_utilities.c index 3731c780..669f9bed 100644 --- a/SecurityTool/keychain_utilities.c +++ b/SecurityTool/keychain_utilities.c @@ -36,7 +36,7 @@ #include #include -#include "readline.h" +#include "readline_cssm.h" // SecTrustedApplicationValidateWithPath #include @@ -864,7 +864,7 @@ cfFromHex(CFStringRef hex) { CFMutableDataRef bin = CFDataCreateMutable(kCFAllocatorDefault, bytes); CFDataIncreaseLength(bin, bytes); - if(!bin || CFDataGetLength(bin) != bytes) { + if(!bin || (size_t) CFDataGetLength(bin) != bytes) { safe_CFRelease(bin); return NULL; } @@ -884,7 +884,7 @@ CFStringRef cfToHex(CFDataRef bin) { static const char* digits[] = {"0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f"}; const uint8_t* data = CFDataGetBytePtr(bin); - for (size_t i = 0; i < CFDataGetLength(bin); i++) { + for (CFIndex i = 0; i < CFDataGetLength(bin); i++) { CFStringAppendCString(str, digits[data[i] >> 4], 1); CFStringAppendCString(str, digits[data[i] & 0xf], 1); } @@ -950,7 +950,7 @@ void print_partition_id_list(FILE* stream, CFStringRef description) { goto error; } - for(size_t i = 0; i < CFArrayGetCount(partitionIDs); i++) { + for(CFIndex i = 0; i < CFArrayGetCount(partitionIDs); i++) { CFStringRef s = CFArrayGetValueAtIndex(partitionIDs, i); if(!s) { goto error; diff --git a/SecurityTool/readline.c b/SecurityTool/readline.c index a51ad62b..a6ef891a 100644 --- a/SecurityTool/readline.c +++ b/SecurityTool/readline.c @@ -23,7 +23,7 @@ * readline.c */ -#include "readline.h" +#include "readline_cssm.h" #include "security_tool.h" #include diff --git a/SecurityTool/readline.h b/SecurityTool/readline_cssm.h similarity index 93% rename from SecurityTool/readline.h rename to SecurityTool/readline_cssm.h index 570d7b56..3b24de49 100644 --- a/SecurityTool/readline.h +++ b/SecurityTool/readline_cssm.h @@ -20,11 +20,11 @@ * * @APPLE_LICENSE_HEADER_END@ * - * readline.h + * readline_cssm.h */ -#ifndef _READLINE_H_ -#define _READLINE_H_ 1 +#ifndef _READLINE_CSSM_H_ +#define _READLINE_CSSM_H_ 1 #include // For CSSM_DATA @@ -46,4 +46,4 @@ extern int read_file(const char *name, CSSM_DATA *outData); } #endif -#endif /* _READLINE_H_ */ +#endif /* _READLINE_CSSM_H_ */ diff --git a/SecurityTool/security.1 b/SecurityTool/security.1 index 3f002552..a19ef924 100644 --- a/SecurityTool/security.1 +++ b/SecurityTool/security.1 @@ -145,6 +145,8 @@ Find a certificate item. Find an identity (certificate + private key). .It Nm delete-certificate Delete a certificate from a keychain. +.It Nm delete-identity +Delete a certificate and its private key from a keychain. .It Nm set-identity-preference Set the preferred identity to use for a service. .It Nm get-identity-preference @@ -183,6 +185,12 @@ Execute tool with privileges. Run .Pa /usr/bin/leaks on this process. +.It Nm smartcards +Enable, disable or list disabled smartcard tokens. +.It Nm list-smartcards +Display available smartcards. +.It Nm export-smartcard +Export items from a smartcard. .It Nm error Display a descriptive message for the given error code(s). .El @@ -940,6 +948,30 @@ The certificate to be deleted must be uniquely specified either by a string found in its common name, or by its SHA-1 hash. .El .It +.Nm delete-identity +.Op Fl h +.Op Fl c Ar name +.Op Fl Z Ar hash +.Op Fl t +.Op Ar keychain... +.Bl -item -offset -indent +Delete a certificate and its private key from a keychain. If no +.Ar keychain Ns +\& arguments are provided, the default search list is used. +.It +.Bl -tag -compact -width -indent-indent +.It Fl c Ar name +Specify certificate to delete by its common name +.It Fl Z Ar hash +Specify certificate to delete by its SHA-1 hash +.It Fl t +Also delete user trust settings for this identity certificate +.El +.It +The identity to be deleted must be uniquely specified either by a +string found in its common name, or by its SHA-1 hash. +.El +.It .Nm set-identity-preference .Op Fl h .Op Fl n @@ -1256,7 +1288,6 @@ Install (or re-install) the Module Directory Services (MDS) database. This is a .Op Fl k Ar keychain .Op Fl i Ar settingsFileIn .Op Fl o Ar settingsFileOut -.Op Fl D certFile .Bl -item -offset -indent Add certificate (in DER or PEM format) from @@ -1287,8 +1318,6 @@ Specify keychain to which cert is added. Input trust settings file; default is user domain. .It Fl o Ar settingsFileOut Output trust settings file; default is user domain. -.It Fl D -Add default setting instead of per-cert setting. No certFile is specified when using this option .El .It .Sy Key usage codes: @@ -1310,7 +1339,6 @@ Add default setting instead of per-cert setting. No certFile is specified when u .It .Nm remove-trusted-cert .Op Fl d -.Op Fl D certFile .Bl -item -offset -indent Remove certificate (in DER or PEM format) in @@ -1321,8 +1349,6 @@ Options: .Bl -tag -compact -width -indent-indent .It Fl d Remove from admin cert store; default is user. -.It Fl D -Remove Default Root Cert setting instead of an actual cert setting. No certFile is specified when using this option. .El .\"marker. .El @@ -1565,6 +1591,37 @@ Disable smartcard token. .El .El .It +.Nm list-smartcards +.Bl -item -offset -indent +Display +.Ar id Ns +s of available smartcards. +.El +.It +.Nm export-smartcard +.Ar token +.Op Fl i Ar id +.Op Fl t Ar certs Ns | Ns Ar privKeys Ns | Ns Ar identities Ns | Ns Ar all +.Bl -item -offset -indent +Export items from a smartcard. If +.Ar id +isn't provided, items from all smartcards will be exported. +.It +Options: +.Bl -tag -compact -width -indent-indent +.It Fl i Ar id +Export items from token specified by token +.Ar id Ns +, available +.Ar id Ns +s can be listed by list-smartcards command. +.It Fl t Ar certs Ns | Ns Ar privKeys Ns | Ns Ar identities Ns | Ns Ar all +Export items of the specified type (Default: +.Ar all Ns +) +.El +.El +.It .Nm error .Op Fl h .Op Ar diff --git a/SecurityTool/security.c b/SecurityTool/security.c index 0cea23c0..e0df1c8d 100644 --- a/SecurityTool/security.c +++ b/SecurityTool/security.c @@ -1,15 +1,15 @@ /* - * Copyright (c) 2003-2014 Apple Inc. All Rights Reserved. + * Copyright (c) 2003-2017 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -17,7 +17,7 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_LICENSE_HEADER_END@ * * security.c @@ -26,7 +26,7 @@ #include "security_tool.h" #include "leaks.h" -#include "readline.h" +#include "readline_cssm.h" #include "cmsutil.h" #include "db_commands.h" @@ -114,7 +114,7 @@ const command commands[] = "Display or manipulate the keychain search list." }, { "list-smartcards", ctk_list, - "With no parameters, display IDs of available smartcards.", + "Display IDs of available smartcards.", "Display available smartcards." }, { "default-keychain", keychain_default, @@ -441,6 +441,16 @@ const command commands[] = "If no keychains are specified to search, the default search list is used.", "Delete a certificate from a keychain."}, + { "delete-identity", keychain_delete_identity, + "[-c name] [-Z hash] [-t] [keychain...]\n" + " -c Specify certificate to delete by its common name\n" + " -Z Specify certificate to delete by its SHA-1 hash value\n" + " -t Also delete user trust settings for this identity certificate\n" + "The identity to be deleted must be uniquely specified either by a\n" + "string found in its common name, or by its SHA-1 hash.\n" + "If no keychains are specified to search, the default search list is used.", + "Delete an identity (certificate + private key) from a keychain."}, + { "set-identity-preference", set_identity_preference, "[-n] [-c identity] [-s service] [-u keyUsage] [-Z hash] [keychain...]\n" " -n Specify no identity (clears existing preference for service)\n" @@ -573,7 +583,6 @@ const command commands[] = " -k keychain Specify keychain to which cert is added\n" " -i settingsFileIn Input trust settings file; default is user domain\n" " -o settingsFileOut Output trust settings file; default is user domain\n" - " -D Add default setting instead of per-cert setting\n" " certFile Certificate(s)", "Add trusted certificate(s)." }, diff --git a/SecurityTool/sub_commands.h b/SecurityTool/sub_commands.h index 88add2de..3c719493 100644 --- a/SecurityTool/sub_commands.h +++ b/SecurityTool/sub_commands.h @@ -30,3 +30,4 @@ #include "SOSCircle/Tool/keychain_sync_test.h" #include "SOSCircle/Tool/keychain_log.h" #include "SOSCircle/Tool/syncbackup.h" +#include "SOSCircle/Tool/recovery_key.h" diff --git a/SecurityTool/trusted_cert_add.c b/SecurityTool/trusted_cert_add.c index bd79be15..a4cc36ef 100644 --- a/SecurityTool/trusted_cert_add.c +++ b/SecurityTool/trusted_cert_add.c @@ -41,16 +41,7 @@ * * % security add-trusted-cert -p ssl -d anotherRoot.cer * - * The more obscure uses involve default settings and trust settings files. - * - * Specifying a default trust setting precludes specifying a cert. Other - * options apply as usual; note that if the domain for which you are - * specifying a default setting already has a default setting, the old default - * will be replaced by the new one you specify. - * - * -- To specify a default of "deny" for policy SMIME for the admin domain: - * - * % security add-trusted-cert -p smime -r deny -D + * The more obscure uses involve trust settings files. * * This command can also operate on trust settings as files instead of * modifying an actual on-disk Trust Settings record. One standard use for @@ -208,7 +199,6 @@ trusted_cert_add(int argc, char * const *argv) SecTrustSettingsDomain domain = kSecTrustSettingsDomainUser; int ourRtn = 0; SecKeychainRef kcRef = NULL; - int defaultSetting = 0; char *certFile = NULL; SecCertificateRef certRef = NULL; @@ -239,7 +229,7 @@ trusted_cert_add(int argc, char * const *argv) } optind = 1; - while ((arg = getopt(argc, argv, "dr:a:p:s:e:u:k:i:o:Dh")) != -1) { + while ((arg = getopt(argc, argv, "dr:a:p:s:e:u:k:i:o:h")) != -1) { switch (arg) { case 'd': domain = kSecTrustSettingsDomainAdmin; @@ -319,9 +309,6 @@ trusted_cert_add(int argc, char * const *argv) case 'o': settingsFileOut = optarg; break; - case 'D': - defaultSetting = 1; - break; default: case 'h': return 2; /* @@@ Return 2 triggers usage message. */ @@ -344,13 +331,8 @@ trusted_cert_add(int argc, char * const *argv) } /* validate inputs */ - if(defaultSetting && (certFile != NULL)) { - fprintf(stderr, "Can't specify cert when manipulating default setting.\n"); - ourRtn = 2; /* @@@ Return 2 triggers usage message. */ - goto errOut; - } - if((certFile == NULL) && (settingsFileOut == NULL) && !defaultSetting) { - /* no cert file - only legal for r/w file or for default settings */ + if((certFile == NULL) && (settingsFileOut == NULL)) { + /* no cert file - only legal for r/w file */ fprintf(stderr, "No cert file specified.\n"); ourRtn = 2; goto errOut; @@ -475,12 +457,7 @@ trusted_cert_add(int argc, char * const *argv) } } - /* optional cert file */ - if(defaultSetting) { - /* we don't have a cert; use this instead... */ - certRef = kSecTrustSettingsDefaultRootCertSetting; - } - else if(certFile != NULL) { + if(certFile != NULL) { if(readCertFile(certFile, &certRef)) { fprintf(stderr, "Error reading file %s\n", certFile); ourRtn = 1; @@ -542,7 +519,7 @@ trusted_cert_add(int argc, char * const *argv) } } errOut: - if((certRef != NULL) & (certRef != kSecTrustSettingsDefaultRootCertSetting)) { + if(certRef != NULL) { CFRelease(certRef); } CFRELEASE(trustSettings); @@ -558,7 +535,6 @@ trusted_cert_remove(int argc, char * const *argv) OSStatus ortn = noErr; int ourRtn = 0; SecTrustSettingsDomain domain = kSecTrustSettingsDomainUser; - int defaultSetting = 0; SecCertificateRef certRef = NULL; char *certFile = NULL; @@ -567,14 +543,11 @@ trusted_cert_remove(int argc, char * const *argv) int arg; optind = 1; - while ((arg = getopt(argc, argv, "dDh")) != -1) { + while ((arg = getopt(argc, argv, "dh")) != -1) { switch (arg) { case 'd': domain = kSecTrustSettingsDomainAdmin; break; - case 'D': - defaultSetting = 1; - break; default: case 'h': return 2; /* @@@ Return 2 triggers usage message. */ @@ -592,25 +565,15 @@ trusted_cert_remove(int argc, char * const *argv) return 2; } - if((certFile == NULL) && !defaultSetting) { + if(certFile == NULL) { fprintf(stderr, "No cert file specified.\n"); return 2; } - if((certFile != NULL) && defaultSetting) { - fprintf(stderr, "Can't specify cert when manipulating default setting.\n"); - return 2; - } - if(defaultSetting) { - /* we don't have a cert; use this instead... */ - certRef = kSecTrustSettingsDefaultRootCertSetting; - } - else { - if(readCertFile(certFile, &certRef)) { - fprintf(stderr, "Error reading file %s\n", certFile); - return 1; - } - } + if(readCertFile(certFile, &certRef)) { + fprintf(stderr, "Error reading file %s\n", certFile); + return 1; + } ortn = SecTrustSettingsRemoveTrustSettings(certRef, domain); if(ortn) { @@ -618,7 +581,7 @@ trusted_cert_remove(int argc, char * const *argv) ourRtn = 1; } - if((certRef != NULL) & (certRef != kSecTrustSettingsDefaultRootCertSetting)) { + if(certRef != NULL) { CFRelease(certRef); } diff --git a/SharedWebCredentialViewService/SWCViewController.m b/SharedWebCredentialViewService/SWCViewController.m index 35b3a7e5..336232b0 100755 --- a/SharedWebCredentialViewService/SWCViewController.m +++ b/SharedWebCredentialViewService/SWCViewController.m @@ -96,7 +96,7 @@ const NSString* SWC_SERVER_KEY = @"srvr"; self.textLabel.baselineAdjustment = UIBaselineAdjustmentAlignCenters; NSString *title = [dict objectForKey:SWC_ACCOUNT_KEY]; - self.textLabel.text = title ? title : @"--"; + self.textLabel.text = title ? title : NSLocalizedString(@"--", nil); self.detailTextLabel.textColor = [UIColor darkGrayColor]; self.detailTextLabel.textAlignment = NSTextAlignmentLeft; @@ -104,7 +104,7 @@ const NSString* SWC_SERVER_KEY = @"srvr"; self.detailTextLabel.baselineAdjustment = UIBaselineAdjustmentAlignCenters; NSString *subtitle = [dict objectForKey:SWC_SERVER_KEY]; - self.detailTextLabel.text = subtitle ? subtitle : @"--"; + self.detailTextLabel.text = subtitle ? subtitle : NSLocalizedString(@"--", nil); self.backgroundView = [[UIView alloc] init]; self.backgroundView.backgroundColor = self.backgroundColor; diff --git a/SyncTest/KCATableViewController.xib b/SyncTest/KCATableViewController.xib deleted file mode 100644 index d6764755..00000000 --- a/SyncTest/KCATableViewController.xib +++ /dev/null @@ -1,160 +0,0 @@ - - - - 1536 - 12A269 - 2835 - 1187 - 624.00 - - com.apple.InterfaceBuilder.IBCocoaTouchPlugin - 1919 - - - IBProxyObject - IBUITableView - - - com.apple.InterfaceBuilder.IBCocoaTouchPlugin - - - PluginDependencyRecalculationVersion - - - - - IBFilesOwner - IBCocoaTouchFramework - - - IBFirstResponder - IBCocoaTouchFramework - - - - 274 - {{0, 20}, {320, 548}} - - - - - 3 - MQA - - NO - YES - NO - - - IBUIScreenMetrics - - YES - - - - - - {320, 568} - {568, 320} - - - IBCocoaTouchFramework - Retina 4 Full Screen - 2 - - IBCocoaTouchFramework - NO - 1 - 0 - YES - 44 - 22 - 22 - - - - - - - view - - - - 5 - - - - dataSource - - - - 6 - - - - delegate - - - - 7 - - - - - - 0 - - - - - - -1 - - - File's Owner - - - -2 - - - - - 4 - - - - - - - KCATableViewController - com.apple.InterfaceBuilder.IBCocoaTouchPlugin - UIResponder - com.apple.InterfaceBuilder.IBCocoaTouchPlugin - com.apple.InterfaceBuilder.IBCocoaTouchPlugin - - - - - - 7 - - - - - KCATableViewController - UITableViewController - - IBProjectSource - ./Classes/KCATableViewController.h - - - - - 0 - IBCocoaTouchFramework - YES - 3 - YES - 1919 - - diff --git a/SyncTest/spiralsink114.png b/SyncTest/spiralsink114.png deleted file mode 100644 index d69b283a1396dcfb3ea4e04cfe543013db7c12a2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 24752 zcmV)CK*GO?P)4Tx05}naRo`#hR1`jmZ&IWdKOk5~hl<6oRa0BJ8yc;~21%2p?MfD<>DVeH z9(p*dx19w`~g7O0}n_%Aq@s%d)fBDv`JHkDym6Hd+5XuAtvnwRpGmK zVkc9?T=n|PIo~X-eVh__(Z?q}P9Z-Dj?gOW6|D%o20XmjW-qs4UjrD(li^iv8@eK9k+ZFm zVRFymFOPAzG5-%Pn|1W;U4vNroTa&AxDScmEA~{ri9gr1^c?U@uwSpaNnw8l_>cP1 zd;)kMQS_;jeRSUEM_*s96y65j1$)tOrwdK{YIQMt92l|D^(E_=$Rjw{b!QT@q!)ni zR`|5oW9X5n$Wv+HVc@|^eX5yXnsHX8PF3UX~a6)MwxDE0HaPjyrlI!;jX{6Kvuh*8ej?;85ekN$?5uuCiS zBTvvVG+XTxAO{m@bvM#Jr)z6J><&E22D|vq?Y?Vkbo_DijopiF$2PET#mZ8eu=y$(ArYkv7@Ex`GL?QCc!_*KFrd&;n1r7 zqW-CFs9&fT)ZaU5gc&=gBz-DaCw(vdOp0__x+47~U6sC(E(JNe@4cTT*n6*E zVH4eoU1-&7pEV~_PRe`a7v+@vy!^5}8?Y3)UmlaER00009a7bBm000XU000XU0RWnu7ytl307*naRCob( zy?K{j*>#_Hs_Lx?C=|v98Vz(~Z1%urb7+z>mF2{iWSP<8Qf!&d9~qRad=h>IeTaC) zqE?n-JBeb&B1MXlY>Mo802)A}8&hK*3pH2ed4Btzs_Kq>tKRqCdxm}XeD)dceaHUv zfB%!s&DPo`-(zE(+Zfjyq;SI>H*I2K)JCIG%8;1!4T_Al@w(-E%*q@aWE8Biw!XgJ z#>d9n*!Wn|%^wqP6-^z>+DwvxvAMyGMf!DB^1G@PlDV<1-fp3~xz+YYXec-v>(bNO zIC!KvzRVYmvGMUQw7I^vUJZdp%FtfgunxHSSMa>zAiZEhciI465~{w}&$ycy`L z%973>bZn3xnul^=TX4X#s6{pdv6DpO707$^`c| zm@)%H(>V16oQBM#h%l@#vqaQGp_*X1FvrB9Y|=z}tl$Th0;Pxy5QpSYS2z*4)y0R8 zdBWT-Pl5*-;$pdV;RHxSIVX}9Ww2f042Ljiq)lu>J4fLHY|!6a7oe%s0iGX~0mLbX zKx|_;I?SDE))h-i7F@t}o^F*(+D7O!Ez(hm#8Ey-%MRt7n3!xM6UY2eT&okQ5+W@Q zjhHvc4d5V=^2rY3BGv^HcruQLP0zt;1mnP9tFGytAlvbJePcav0&5^<4DO8&Ot+4V zTi>J{fBi7OTax&XqYPS&0?Yxdu7om1_~KXMFUzr9ER8C98tGVGUQT=CDD&#-N)%z& z?5@sC+v(G%+o3~;+Qew0ef;r-_V(LvwdbFIA=X;1t=b*m)I)6Z zOhlyyLZ~BpMKgt`skx}@zTXM znx2~4(voQ8z(iq&833`dG#CWxzM7Tb37A*{wLz7^zgWn?aJje>N%1pFW~8)43Ofv- zVFaVzD(p%VvhJiTQCuXf>XS7HE$O;=?#0V?i{V3&0<)EFd10=tt+iG9#)XB2SmA;F z2ikLokGAi8=R0j`X4+aP`(%6P-FMmwmN^B_#t_~H9we3~KH?gBx%MoP@{qsWbK3+T_^X=mcAGaIVZ?@fYyV{;TdvL8$p0Tzj zlhDFqhFEyWp@9hiQefW6bdSxk!A({35qxMNZ#=f1VlcBTOyqN>Wx4{a&uUv+T>>iYpiH)Q_4|=Ge-F=3hfv%3TLMXUp36@z$pexHuZQ<$Dwz;s>KEHXZ&Cbk*dD95* z$aBxOCr_TV#l^)ow|lNli2Kl9JVxj!Z_$OKHvt)hh~UMYzqAXo=@K|^g0HAokW|Vy zIht&%^nBW8 znPml~$rD(t*>QvNRBH0^8pO=xJ}0gWaMVl*5MH;EblxGs(v~l#_A=Iq8%-MnN;cuW zS`OT_#l5g9OB`t1$6(btE=QSG=HsKzxH`t@~+*x5!^yM zb?Ri?=yj}fir_-m`*h)HJN(QuZDx9=&F-2lng&|LJ3>>4pil}^{0+_E6iW@pt*s5X zj}V?c!4m?P8#i#B=g+qfKcw&b__MbE;GVe7Qzzztw;2y2ZECm8go9j+$`_~Ifzf5` zCCKn&tHRKJfLKGu_%G7l^>4Mb+)HVh?n^B!LKSLRqXSX)$^5yiO);)6MNIQ1ySS(gyZ7G&~06%dOzm8L4k3ugvh=)o& zJvBq0yV^eg{AT;))5{3&!vt0GYwzCqcKYlKfoB_9U-&Cs1Fdps%%D=5OzS?LwyC&X zu3M18)*3x;A0kUxK9yR?mFAZ=a*41TNA+A*OlBhw*gbI|z9J zb6IJ3Z++hW_OE~5&QSOH7hY)l_V3rs+SkAS^|ohjPh6gOZV3`NDsjgtyn$!l^OZam zN*+CU@St6}axFp2d+)!;_2($a!M1PT-UzvbXTL75atgkJ`r=WRi6E6^xg87Wnj%oX zf(SJ;2CSR^A23};F|b;*>>56Po&GH80|64^pGOg@hSkxvHx@?o*4tu6z}9`WqvF+I z**;godikITNbl{>rinO@9zEKYmX_P?JGa}B!$;aPho5QhzV~h-K;5HCyu7@^{iC?G zn>VhtNqCTPC$!nuz4soBzIr7Vd+@-4_Jp$M>9_9Py9@m1LWIJMQiu@$3L@T)`UX56 zdV!laZ(?;Hw~wfQ;nF7wp!VPNVLdDG6^-Q5v&d;|UZ=mXy+Ml& znB;=I2sikyAV{koTB5GSFgVJUvJ_nF86=J3PT#{#&CbrY&#ql(%yk$1*W2k+Cu5zC z4OdoHnuB|p|CGM(!M%s=@xui?NXt-UV`DXL_88;FLx&HxyLaxiySHz(mBoejmp}P` z#kp%sKKdR>;v56P5PY!2M@*q6xvr_ zJe$b#;)RO|QiQ)mXm5YCNMHEm$zuW@qE?!jKpE!dW)S+(cI^0b?S&K1x1+e?kI&I> zE-kjnscEeHnUq~~>_@wqG@-6zOs^k4#C2Z1%9!s0!-fyrrAwbNxv)Qhi~X=&hJAEs z0(TX2V3AbjX6MY5%qV_vwnW{eT;{_2*o+i&<4U}Y&;q%@)_t`lB4@#_~#+vR?mXs^Lf?fy=tgZa&b5d$(R|_sh8kB$v;uqRT(yi)ECehR-Dqg;P z5$l_7uYL8k65P{8#$kICg*vQQT`_W{{4m3{i)eJ;{`vOo(Ie@z6!z?{UG1B1d@CNy zwj3g)|3?Dj1V9s$V{x6=Kfl&4UbxWSdFP!7afC4#xSTn2LK1?fJP_9|3`OI$N)+0M zub!TYd|76z&UV4{(F9>cn0-7VFzm4^bS4oHkl%sWXLLjqh;Bjai{()zRDJ%Evn2O4zQ8NM)eXk22le*IFR5F3b9>twP4<6o6-{ln6ty?$KzZ=oL z{pMR(>8%H0ezo_+S&_UO^0)IEp=8`SOEJ=^vZ*cc>PM*K6210Oc% zV!R(iKobalZFN1cE`4&TeTeIH*l_*&9j5Y*#G+|BuzR4`c_4LxL%sr&_L9xEF<=Zz0c=EW`3?TEm`Y(_0_$hHNul8)Rk_JuIQ!(<{%7jNf?qj z=ep`ty{cQKXkOXdsln)rL*lJ!k*nVmtdrZ z6&q~|7cGqoi%abWR(%22`S!c-GH}0$w^~Ku``U4oMLNW>_m|=p!3_-eT0T_YClBSM zWn{;|L-}GEnUl+0d1uK=ORn`QFTqY2V}|?-BMl_FJDfJ3YnqLL;?FgZ=7yv^Ep9UZygO0sptR}1uP(PES?dM!f>`?&`X?jy*1?e^_E z2zIIMnV)OA%9AHgGUPZyRA@iA8HVrKGnXO7U;gZ;?X}llYbQ>=&_2C%sXZh(dH(qm zZP)ZvEO7$s6Suo}?zM{-FSQR?X)t)XO%ysex4S*_46YcH)$LkN!RQ^tGi>K9^A%k9 zLdF(-$x%T}+b&-VC_$S|9>dD`YsGaX&;XmO3ObUL&G>+|GaaUZ&tq;BM_l zfAP1!Z12DGe!G3^F5}WEEO<{le(bp@b_s90@0Y&Nz(on@i|6E$S8kR(22$23ffOIA zzF?~E*1eS#t!H%I|~ zDAIVtz@0)ctAweARvXqSJi0;^PUc%zTuSi5-C$a4EfJ^Dsq>#D$ouK@<_Jyh-rCedO4m|6l(GJ}D7%tvpp|#f;@cqaAtLOGi;DFn%zN( zHziDGqHf;0)ttIpz`D<3iO=GSAKbgw?%cb>81iIWT3Ks<{vZCL{q$#l*6)bZm z03E-T0E&4PE9|g1g&2V;q@5pkF?f$+ao(~}kn9Q}zUI}b>gLAe;iB^?eEj$S?*Cv- z)Plueuc46-eG`am^^HmIePuO>IEo=4r2DmOM{13%g4Kxxu78y22->$)+q5HNX(K}8 z+FGW0h+7TZmog)xOVtwX8~u3g`(UrG^NL_^)8cRH#AJXhKUlCk~89KtkN>5$n#GW0kqZ&3* zcjggc!hkIRJ1j~hbhVb$^%nC}ZRjg$Uw12&prJrAq{$s^L`if*B|t~n;%uYV5ufU( zsYfIBYtDyuYjn=iiEU?WY+D>>v69`4|Mt>{`I%$oJdrl_ClH>K1D3xI82r^TFCRgk+`_}#N-p7G!=tZ!0a1Vm2|-ltil{fPeX#*G_odU_gR&l3pk zq6GMWht?`g7nWBMI@Go6SnVqA<-*4o!D*av>gNPe&jq%$m7vOt$#@sd-CNU#7}lwD zC{4cZlz%Gw>B5p7IZRK15@eKJ{A8KRFywhIzcmQ_&;QSV!+bK+W>{9a(Q2eKNeEg+ z-50?&=)HISh?R9DOoV_AFSq3NIv8B)DmVpOaBOG0EpgHkcM4KVRG1DsT%Yq=m+R8d z3>IlL`V5P{2XT=q+l?Ea$Lc;Hc)4)#Vy3|68G5)5C_ijp+6-E>TE}CPob5Mt`-gDR zGWrpUaQyi3c$S@cN;7Hdn{D; zS$@cue;#EF+cHr2xua}cE3nJ;$>0!Ykvc?#a3eP&S3)g!rYL2;rPV?Y?>+37y4HDL zsiCLbZ-~SiDc{|xdxZiupvy?y&0D;fu~{o~xZkFtt#`t;ej_V7&sqAXpA z!rr#fa*4JhO{Rx7?!`--Ju1(02_4e84hsfe4oayTkTHF)ixsoe3zS8mBwq|r2xUEk zK&!2|i7MyvSHYu(>_onn~tpuO|3!lFOGNKDf@ z&NRZe|6-F9XS}kvDXNR~qrjXGUFF({RBO{M=|0!EchGONdF9&GM2_a`QunbwM?tDq(_L`Zm*XwAy;2%n&hkzIX_u&KG((KD@+KK1x6?`X*lGKL6`LW z}`l_6iK`}%F7jyu6#Ss^11k0JhWsr8!o2eNVgNAjoW#W zK^^;s9F(@GZiwUvO-s{)OOpm6TaCsd@Zq|<2Z^%m&ci!{DlO5z*HC{I7iw8y=&B}& zL?1G9<4V7lcjM;g^n;6N`y>$}drQ%3=@VADtL`ShD4cG2GEpIkOIaI2?beA<%R05t znlNw%YYp7QM|Wx;eUSceeSI~I@BP>|!;3;`5Vr&D$a@#dz0ZEsfBcVsE2}S-C}9q` zDoA-l8=YSTrM`E7Jgc-$0($a{XhTqPborNYDpPWaC4ST3N0{_C);Qg1SHTL znc}sdG(ei56nLLpkmyp0Qj*NHM37pc*2f@R&>Tj9w{G5MSJ~BUH@t&88%;7!q)&91 z;Sy?T7cEf7jZL;IgB&*W(7(G$&qk7z0CljSk~mjruVo-S7Kq(rBii=K3Q>Wm;E$O4 z`{=_DSlXItCr_Sizxvg$m`uM-^tzkU#thZIG|Pj~Dn7I!zK>WVU1wj^4}bXIwr_m> z8?;M#YK|Kaic73M3>)}ICda^z;FNn{npP!EsrEcef1=j9>6WOuD-0@9(?SAJXoYB5 zqyW?Dmed9$wwuXw5Ga9+6h;Xf$O_PaM(ZOzgwVnrf)*c2xp?6c>xs80XhodLI}A6Jvo~>(*`4Lrr)4#{(?!`t@tsVR!q^ z&A55TsqQ@JQEAG<17Y?7MI@5PeI^FDx6I^Z30+36F+0-t z@r*NvsRcej+pm0fEraz-pImMWPmDU*!Hu?SMg342%EBb1`txmpRKM2+*2~J8F=kn8 zJ6574L=hl5V@2RYoB~`YsB);R6?yMarsi=Ur$67jm+|R6*FG1S$32uGPxaCEl`^3? z&>3yp9`erqeg#@QR;P2%d;*B6r~zVbn#Wrv^q8TcZ;;-~j<(t-!~ z+K+$y$D#GLuYL_7uMEmn?Uk{ldS;=7EnFEZtXwG@8N^XuuJYh5i?j-evxgPRT)lS* zDUb%&RY=-O0-~W2%ZsoC*j_d2J&eYctuv7R{MH@DS(h?kcYC}j$7x=@1{`{_&|piK6UE|Ixw zPJtzAM&MqHpZsuL^42Yc0IkL7PBRt)+=Pv?kG4B+91+-6JYWI*U;pv{*5>|~xpwyK zi<$5U9pD(e!}Z>62|_08U52)th#@5jTshroyj4z-PQLA-wj&k*lyoh_u6MyKEo2+@H^L@alSLKtt}EIK!wr?H~0WzJcLoG<+UgUZ(F){8Lf3H zK&>o-SG@Fd~%Ny^p$@To;Q|k;{;PlWzqbGB5C3PLD>=a| z779lD$fbl>SKgWIcm3Cm3EKx&YVeNm6jM#Fb>Tr)ThpvTUU#v5AYi6iB-*Jm1xS~J zmOaRmMDHA0h~Lc`L~DsbDAemY1Qf zP*|o5S6F@`U}0DjxGLCQ1o#ZA61vj$H68_Uo)pXQ(egu#@p>?&fEHKj?>JAgC&zxY zk0GyJy^>vdakuPDaA>0S%By?#A7N?CKmj+x1wS`9gHG^K^Dzra-nuWPA7wc5+|gt0 z&9~ogC;sv$?O*(hf7y270km9|+M4pe9}!RFI0$pdvy}fTx&y3SRGJo9AaWKKz%8w& z$!wpkm}F){hN`LOKfcu7X9D?sHs)TtaWkFz9<1;1k-0Eg#qiM5WU_}EEQ1xUaC_k4 zwXQ>fL|}4-!@63DeatK?^KP{;c+lO=49a9V^-hbk@Ac^^h4;|@kSQ|D`vjHD6eE?> z_8fA!9mMoytj+%O(kGv=y73^x4&jNnLh>W?R1_b0b)j2Df{;AuXp#cuI$jr+w<2IPqNjPrv*nJNdrW-uULXBS>M%=Neb5sDWnk)?u6BD`{z;oRRDN z6i0Umc=W#r$T6dWoB-M;fsn$svme1s`-M-KF#d?=Al`lN{r1V_&%%)X1TD|9*=cCG z1h3`c<~$_GCxTtsH@p{)jLa@~@)c@=85u3sd}NsTtEHYR@Y1c0N2v2GAp3lWV>_3z zW|$Mzow@;8!Mg}7EQOf1Xs^70+(Cy8VkqaG<=uGfD#le-Pjuf-0h;b1!)hoo6W6-L zz9FX-Edyr3Ps?0@KFj)~myhasOifybIcCcHT#5PO<8+?8|9<()|HK1Er`tZ3$JQCH zP$=caT~=7$k4MsM4gCBIuSn-%D;b9n`BPWIJZqam2(R_|@aa7Q7as$A=iPU)z7LrD zeA4FFALGty`wZ2==vM}m`xDs>9zkRK1W{mC`LRMnezjj$se3CIS8Z=0Z1Wsyzliqq zphY{eWEA5L8P~ojad{&qxxe?l-()A;x3jb)>|F@aWhVvbxK_HfF!MGyrqjlR zLly9T%J4&6RTLE>+f6`C9AvzK&LR7G(tJ!$1zFCJrRH8O=L13V(2pL(mq=JaA&O`3 z7C<03_?6j%}C2u0+4(&nT_}1i~<&+mJzqeZ~`9 z=hf>M+q(oU@4owfyNo5e=_uCstlJFHMCz)UBB@0wNJY@2ItSLeC)+VFnHq*8^wFFZmaY1Ox?NbBGH&0ohV4>93j-Fjbw=21s@Cflg1>&;891_P9T zBO4VNC!=MO%SYE4usd9MlXbUq7cRh<j*jT&^9OG#dL3Lsj`0S(MA&YWwwwBp$M3%Pz5jwXFcILEw+#1!J4^`g zWk|u{o_35WM(IBo6WzPdn2%M4x8HdW0lu4uGv`@hcO%pOy||$;OrtLMX;7j=mN_En z$EYiA6-L=#EG;d>)f54^6>8@zb<3J5Dld|5IfD>|zg5;c@CgwPLiWl^UD7IpRhypFNXGj+s z!CfWv39w&al_yW1&hGftCC9rJpQt=Vt(7GmL2_wY_`?0f_x{0e{^)1F`0Mtk|MuUt z|NGDWob|rz@%;x39vCZmSkXf*P>TYM?`$)~txPc{Q*$k^Fzp8&PugGTRz11~*?L)$ zTE~_5YPHw?RZ}KzmFr0X#8=0s;1)5Kcj(~aukXis!e(PF>&UZ5vei*Hmo`)swTHv@ zrN?e0yXJUw`wo5I1-#H#zxq`XZ9ijEvX3FC@J7kE*c$2D=rZ&j;gJNNdcHw$q+7P% zcaKn6TD43)>Y3Elpw8D4^2Z&G#ug9geaE)3jvk~+Hi^h)_Zlpf_+-)8)zrph$22%>h9Rfbk9e9 zXSYNdVAjM7FFgOFeYgk5NI7JTLi2+Fv(%#YM40xaBgSKFctXP*&nZB)RfHT;Xo&^_ zGD@Oib>b2KX$z3zzeMmS^E^CDxP3z`6o!fYkiCN*5%hlt9NJDn{0(4pDP!Go@#dRv zg40qvM*lvqdqd!T>!XS(eCLAQ2B{J|n{&r^4v^t|>%P4Qn5Ug#=fWzRmz@-lxj`*B z2*Y5?pzbLiNOvs_7V$99Q6LqVxi5(E^uSB~qkIS{ob_Z1{NoMCD6w^{eCpJxOmIvkFi+vxAga&>DPmgR6xwHlYHO?rAqY-F#7%{$2$*XGY*gk#vLUr+qvBZJ zmZsJ-m>my^(~_tim^J-X+x-=e19`2$r6q;8#B!4SP`Okh`)P6Xh&4dd^T(fS@4Wwh z+jn4p`)9xZ&)Wf_NUg9KTR7TBX3i8B`qEck%Im`(KY5f@6E}ak2wpUDLwn&eX}aErFQ<~a|AU@89R3uS;FjnU&$bC@Fgr^x*&d9mZ*!cguG=y(4viEHId|&;Dp(QC~V8&T1!i0&X)BJ zf`w&4PD}K`QE*c=qFq{ph{-IcuIgEdV!kU2D=SNJ5kBswg}Hh$Ls^9<;UXXm6+%<>sZ3vAu}=~JiM4}R|ldFOyMxVzjLEZem&Q)yytAQrw2d>q-$ z5adaO%IIIGRlH+aYTt0c_54|`c**=Q?Ws^6DxpUp3C|C-X#Ekif+P)I_OXqEgeiP< zqYBoCS*KyV4~^(Ue|KHgA9A&`19@izx#d0cYo79y>bPs-UmNepoTx|6J-ez zYAdF@D7ZP!gb2)!m8hs2C@DM@r=3R^ASC3-z5EBZLnwnqc`4o&>A3alY!ZV%Dv4fz zKGHcyv^m1t85Z05Z{ku9WM(4MYg0ZQRd45rHqwAoV}|hw({V>W{(be@Rou%MLfjwA z&=quz>%wzPrgchy^N~JjoPL>m7j-2dK@xR+GnJFkdHdA88plbb9}jVp!A@(r7;Il0 zW`moLrYnF+Egdc1jdyXW?e*8c-d=j~rNSK;G#4Cq23{(l(eLm4*6%Py`7RSBZ)LA- zbt&bB**Adjcr~Z(f;+50$-oO7)7x;qHM~Uwwu5^XzSJ zz4KPP&Qo5F32je7C`9|$ad26pOL1eh!j#$ed(*pWn~9A?s6$(E$+Tgbhn__oqSWHT zz4(Zy=k)2`WAPeL`pQAziCUeyQlJ7hQq@Wo(C*#NUG6Iap;_tk6#-0bfHVXbq2pn$ zuW5FSsW6<2l@R+;XFZ$&aop*>LREO8-^X-nu0*>J)c4&uC^vA4b%B>F39k0<$I6c! zc{aP*oKgAov&(5mkC47j7lw6-zYKC%vAn#9tHq6vzztZ^>8gwj(M`*c3YdsY!MT*J z-0L_`?8-o``32nZ;Umwm1LA7?==}M-&&M`ozI4QW!pjxh;wJP*K&0z^>6cLcz(dczTd|yYVms*#*v|r@9AA;Lav7y3F#4#MCsD9PKc|NQT9g?EkfqYR2k>Ykixxx|9-m$ zlivRIuUR&`L*Rq;Cc^C=gGiT$XjE z;ny+bEDrWTehg0Jtgf{m=6lE!zEa<=Lc9&0UVi13c9LMoeYo%OrpZs)OeUjM(mgyp zyFRnp?(kj$7v2vu@ve0{z7$?}u_^|#A`RNeSBX`A72b(|%Ng~@5-BI|wuH&GUM0$* zg2>NkB9uf!a^7Z|EA29TYS^D@MIS)fB#4o5T8r4YsY+qnpM(jd+5b7~FAS{~jDm2O zL%tK!mVJSDhFi{=5s@`en&TZgGYBZ-PTZD!jUs@s?~HTM?8mJfXHK7Kr_V6C%`2nD zL3ilLUf2$c#>PrQ;%@igd*ckIjKakwxB)*SJ8(>6+{sw4OW{y#CCgzTv%(%AUFq2~ zXW9t@qQCmZ&)Z-8^rulQ%UgFJL6%B}<|9P+`M3o|`1#-ZvLE%3Mse{?B(Y#!C;U*5 z-G!D#!UNLHlb&>Ow1GkzO_lH@2OR+@{S62iQ7T}OQ&XHvbWkqfPME=kFDtV1RwH#+ zBBzCkScDIfHp)$yrxx1Jo;Y!`ojiFeZ>+j}`IGdoGXEgUL}5G{X&Ir-?ZZsQs z1~2D6Iu|@o07IePU{|>9N{>WWccFJdw&D!IGQfV`jmFYN23B05hl=1K&6cx{ft>v4 ziWtGlBY-MUy~@|vqx#XgkLVU^qW&p7F(Nj;us_%GjR)45JQy5n+To^Ho;C@Ti0oA` zyBT?B+p*l>j|CcN(yn-|;X>q*$}X<#G%tREUFF$FkvVhrOf2)KX!8>$+tp;}aD9)CTO|$+k*td1 zd*=2t4BCZ@GRScy{}AKCyIlJUmHqn<#+`|~isH_853Rr<7R}|_x!^OW&!*pYXrrx3 ztIuTAWJC4c(iUqN1S+&VY=n@EA+*Tkli^H~+ccb`U0Y-L1dp^7pW9UN?elbn{ZMU6 zpkZMYMOX^St|;~4r9qVCG#rIh$~CxE1?l*ma`JLCrl907h^u*h3?*PS+UP6=K~4oS zTC$-8A><2OfQ~b}tBMAT0>s+4uC9QHoCKz6DuSBlTIc)ky~l$xPts3zSVx~VQf79A zwvA3dy?iOdkA3tV{?0`<$uR2GAitVmFPm4{^YD&nFL#aVo&rfc5R{^wiY{03I( zS|skBzlk-3BJC(Z)>h$3(Lfu(@gv@w!0$1F)*~IZpcipiHkn0iCIkjgL;%u84zq}6 zYl1^zf{{phMVsD~;xU22q`gmZ$!|A;$vZ`p2o-OkOI1O_r&wbJl+p%>fq&J=mDO0U0qeNcqn(={E z6h&8Lxm&oVyLWCeP9#dknjSsWeeH?+xyd_lzVelq5?MRbq4y9c>v_&FDrc>yWuMV^ zzw=$*%E6n9Y16<(H|Dj66CPTuo5ZrELo1?w&sS;mOxAOi#3?Tj za#gwF`Z(Kni&KP{vnu2PV%*zpNsI1S1yf1nhh2+`k~7!xtFJDZZaHVN>LDJf+;M~% zFt+-m+D+!bS|nw-XNg;69nW#20u(C+?GV5+3eD-V^rzf=7JpkZaM2~+zke?azY>wz z8q&2gSLq%096x@XmHH!Ll>LtcWIZt2xzYZsfArh!MTnRADxEm>wo7T8qh;qG#6H4x z|L})@keAf^s9fAQN~(2>zpn$|qq5^7_HJ9n7HabD2qtov&76sS?_^9bVhojYN)0-|yVwH=w| zvxaYc>y2!gxN`Ms;Hq)D7yHFamoBnz=Gkm{^i?R%@MuB)E{9`DU$3cF+DFR_wN^Yb z;ec0gYGyp6P(E1~S0ssnrB~9b)o}mf&0siw0@ljy@_c#^E%&9DUdnJyrF2WA%HVKBdK9Gm zD&Y=-q)d0S!p^VN2~;I1Q}?bK(F$ddgM9mrUWQx}O&bw2Y2E4}@(!DK4!LSe^9f)Au$eV2PHOSDNfK7r63Dc@1 zN@8Md7`Kh7>E1g$(1JT-e9OPHEQ&Q#Pqb#<72K#ZHtr--FpnNRfVhRg>PtTkRn}G= zjJw@pEKdkV-=~#iV%c65|)+| zPo^cR0eoq}#t?fLXP-U$Vi^bRYY1_d@Vi@__YovG<{AO2SQ?M`Xe4fr(_G>f(h7}7 zVQ5aGeF(?BqQ0w5>$I=)mvHJRp{OZ+Sw#eG#NmT}UuCe55~hQB8{O*5fMvkoQ%VmW z+=J-dnF(3qZT}Am9^%R&TETlfc~XO8-Mq|F;XGSTH{`P>FTY%~E^Z{&4X)FsilLX# zk}U7qsAmH--LIB0iJ)||rt7NRvZ3Y1;DDJ}shX~Ny= zBg-Ob#RFl=aD^gK_Fw+`j8^I6*dFFdq}rXnHM(HmiRA*!aUWpf%5q@?DhY7uRv;d$ zHVFn=KNiM-Un?{~@i73~(A8A`SFY0xGDn56ZTn_}FUO$vr!w7Z8K;|(aayxuGFL|I23!j@y-#q6 zk8{W}PxtH?SPP715sauvT{tT8%2Z9H>q?y({Pml^!Wu7v8+g&KeWx%Lmg}P8>pZjV zDzFF=+Vw=j73b%83$xzCZYTkc0vm+ag%%-hrELd2Wu-g{PrKHYe-p31^4gDVs2>W{ zqYKuC)ohuhmGs#fwOh%!QsLyV?#YIQrJGd%pZ)x2S*|m34x@4DTXa)K58=-&sSIwS5miA@Dd@kP@?V66n5`7kzibM7(KXA+liKP?>NmjOeGBfraKqf-v{8mb=7=v5(h4Z zz^4Qvb1b9vDJ09te62*mb$TS4%E4ciGF`W-hRevZn1a#URe-)Y@Dse!U;N}Jv20gs zgyoO8u8$vy)*!Gbp|AIro&TAQfa2?d#N+wnG( zKfx~;XpPeJlwnE)rV^oa25a)ECL0`E);MvMC*0h^VgR`A9wQf9gJl(~)b01lxojQ3c4D{N^!4!boA^MJU$8u{h&3?k4XW*R}fl+-P zZZiwEwgf_yb!cL+5kUde_H5U_Gj3drK(Y(Uv-P43UMuwcn+7a|tyZtC*WOzhudB^i z4J+~5wmd9vH=wZGqiPUgmvQmp1^Ps0f$$n0Du_chEu=@8E_5FwU~zM^UP?=}pVVCo z*ET%Az+(VTVkk5}Wp&%`GL|R-9C|t3tgdqzE7Yw51fDS>81oq$hBK=RZF*z5&9g^n z5BkLqxRhQBKwkXkj<^Rb$bjSg0dpXX-+8tbBGl7o&SYcM#>V6JjcUD(%itQu z2t!wCX7yDSB*|p0On3_mk9lp{6&|5G&rH$n3}F=9imNFwLuPy7BDiaxZY=XK>NNmS ziFD`A9<5@Lb`8(4u4;g2w5zp8c$8CExrPr4(DxVFNBhWuFrtvQ249qgiZiyd&~~jp zZbv40t<8+II02)j@-H3E%*c#Q2Kn|^VUQRKmIZg!RpRP4M03hQ!t~c3PuX1{c3%p zdNh;qC1*Vc`W~iOMut_L>O&JPGOX~peEBku&+)cphAj%!rLrX~t1UV4&n7Bp78gB` zllYpb3|Bbzxmv6Wp(nDhnq(a7OD9~6mmb})!qKYpfev|LngVo4mB|m%9aqa+ZEGFa zW2+3CHlDV5UJ|f(4`cUDhFO&Jkv$4RqqGq_y!`S@Kho_*vJlmo{$(MCVhYtj93cFw z(IV+@QHhx2IRgd9n=Tc}JcTJ@GRQI#Y=0%A!VLPASUOgt)*Jn0r6j~Ky#OO5E(a$U zo^4l{eo9CXf+A!aA_^EKq=IkUk{JNCCooz!4>FR z z%59s{qc$tR@nt4QRv)#4qm_1emYsD@O5k2K7Ps3VhzL;nGKq6wLBdgu2Z& z!hH{;PWQtuFgY%6S&c!dv<%^!mT{ogry!vrmaBWEO^U%(+NDmE9t)gUVVld^6QWRl z^BD`Yi%?)ulHi1wLK`-~OD4O6Q7*>{p*4NKGWb4%RKpZS7$Q-F`;=c27?DybS6de8 zxF$&@$RU5L4A>|P5pt;FMkyKO9O`2x$9=7}Q(nFy*%voh&c0d~s}(B@k3J9SJgFaX zj5SbJ_%cc*)ctOPdlQI#(qq6CnbtyHDE_uT^%Puj@i(y@PmQ>Oy__{wAL(EO0lIBYP*=cf=d4 zt-qeJqR}dr3QzK5a#YlgRg&o_9q~l8BIpI~*zbP-`}`_yh2{1kHkE!af-P+)g~DZR zu|BUUnrj7H@J#4e)~I~aBvkh)^W1HAh8dn0h4_SN`-RBq0k)` z_>&cJncSDxC<}B6EDT1W6s8ffv{_a~D4URO5Z3~E!^sr0G4qowolW5}NcW{;;wYco zi)7gerVmxLHSRSqWjzhAkYUmkqQZ_hAwXLK#v zx+Prl{mbEX?o%<>l~Hia>qoAJy6H>QXc>|ASqmg!as1^ppD%Q<4XxEaG<_!kWM8>0 zCKnL4TRgNDhb6ip!~0H;ZA-Aza?19K>t+!q(c#`eZSThM|?F zB^J)sry&HO3${%y5O*k_aHFUy89dOl{IE?Uz`X=9yM3h@c(@jVpGbY-%a`43@Mwg=h3h z6cI+J4}<7_=$;+#s+=;)epjJ&SE=B?{83>2)APP~Z@xk^j4^o^osB`~fTU748kM!O zEx8F#bp;Thgi?Tp(Wc)2!If=gpjMY;VCNpDO8gM&M$p}8a${3fT7q)DBRvYjy=q0P zA{ZfU#HCrhm~6QSQ9%gD{zSOSnY0>&bBiz(TnUZyAh-xM0u*L3Q%KcM)_uUzPAM&x zxkf+DvebSC^7GRUgNQ0|jE@7eJlGT#8;*iX7O;Um-jz%=gEvDQI!V#R& zPvu*_Dp)J5ty6#$B&%23Lka8bIJ)+m)UQ47yw>st(M7<$deVjGKV=eJaNpAd$GQp) z#_MegF1Q5`h2Jf(Xw(Wl99oQ)AGKM=f%}-qo}Klv1SY>(qa06HQ0t@Pz@7kx#$xA` zz=pG<0rh%4$_8$DRwoxmxY}hH@{o1Nd%VDSfgo>eoISP9<$|BDPxH`oZYW&v&O6N& z28IaUVpzUk?#IQZii|F|spbGnu8^issS_z!qppP#6ByDd%zdRM>+ktWE?-+rw2X{Q z+K|qD7gj7Na7Y3FvUaX1^M&gOsmcg1f0m(6glHNcty4S;OWHMmXiYEVTA;Lt`nAP2 z#$4#0&6P}M&(cR3y+6gZZotTyT})nBC+=~8AEt#vf#HP73hl0~FkwLlDQvx)fy_gK zn7a!^<@AA|L0rJpCKn0(5b}t=xQ`UHH_$|o`g{NS4^5C5&xw%Mxv&9`VsLk*TAOv` zGuK0zlqF5Ta-;-X_a^=44lN~hg(G8Aknj2zRMOIy4~bm}WnubFt5Ww%0_y#oxON(P z-8$1ZLZ|%DavZP=jN)8rG0f=(0r-TqZ88_St1Y$zlT5NRF}0yUbcdNCqK`A^!L%Ib z6;6sC#w#d3dIEsJ=s>Ix zWPS&b@&kr)z~fTrnUIZPaBgaKu#F zp0TC2j{s&Grmi9UCvu+$X&tD$J;miNXIyl>*a6I@4d^z2%a6A~*I1%kqHxlk0B5DF z-Nsek<;QCtvxQ`A6Bj+fER}K-j)sEZjkZhK#jOlVI>bBf*htHU)a*!@22w$K_^6+r zBauNE!ID&}kR09Px`f$H-pufXs-8Uxj*P62IbLs-NP5pqY4R;#xt*V?Q*d_Vf2o|n zx7=(&8Q@sINGjxD4A^xGOe9JqNEq72aijBC;2eYaS%y2~r2A~Y3r`yvHk75wY~AY! z2?l5G?dx1}@_A2Ev-hZkp+PkIK;8n)KA{K8EKb8{tuPZT;AU5+#fq1_??GD0M&2l| z!O|V}+-Fwb$!+IDgMgK+D}dpMfUVjsMS%|4Wsx#d(6sJ2upde0Yfu2)Ug{xq3CsT= zAgh>W8MT@JO34N3Tj!MeQeD%A`W;?X2u%fxeB0;fidr|MqyFp+jq4jz^I6OtF%LR7 z!JZhR&{?=DRZDEpQf=K9GD*xZ4L{Zq-iAsHXjzi8{i(i=_T0N8@-A^{=}v$z(D&U( zfOi?sI_#e&3Z0?>->I$)++?QRA)f+DDcy1!Ajz|alQen8-)M!YsmG5ucynUCn;hdW zb)cf`4$G<3kH|zp&|m~C<{Wh|ncHQf7|E@#t$X27Ehqqoe-6+6db@nVt@f&X_37L7 zd)+VA8Sb`V>!SQbsUTv&I@n5wuFL*!nxB@K8)rKO7C7ll45%&`v{1ov#G&*@3eLRB zH&D_#Cb^eu%gprXqOETqDAS!!eY{{0v&euR7wXHK7z+w`ZQW-?*J+zYLXcO(9Kgy4$oV9tF!2j8v* zI<+=|``nEMx&pC#hNu&!YQ3w=v_|=H#)TvLHZ3F*A=H&eIvLi&$gJMSE}lP`$QTdN0l}Ocy7y{3#GsKp4)kjBn8Yu_tuImcl)3Dcoxi z!xW(WaQ!jv68eo6#}QHlNISM?&?O(>Yh0}exGO;Cl%+BRZ;=NG@Fo`ci1FaMvp95L zc{4KRTIBN0zcGr3aOHI!%0;D1qkP*Q_)wrc0OCnuy$Q;5Xnt3_dFLL>W$x?5XOrn_ zyCM{@QumO6vbfyl%Qk7I@=PH?rh0_Ib&)cbth_4VwPm&{h!pohJoQq;t16Pb%IJMv z-TCby{K7HbBw8#L1;?fgV#al2Sl~3XFuQr5oGx@48WsLBeV}MmNG~~JLw6y{e#i`8 zECjIH1m#P0-SEtODT<>@buRRlE|j5!xQr&<`bi#E?y$kYHI!1e<1C(9oA;KDXN-GQ zA-i=#AMNS^l!Y`EmI$)3#b6g}C5vuh085vS6tO>sqF~nTc;$c^;mO2M<#i!aSKHq< zAVO(Jl!yB&v6VW2srxFdb`AGmhAoT~%EfTK-M$RdmC1naMnkA(!ZGgnYt4ylEs&K6 zx+f>H1?jNCo>$)~t&tOz>n9s10?DQ+*eD6`T#2yC4CQ6Cs}c{H(Yf_d7s{?V+_Nq; zu=sK)5?@STjJSel@zhPvz!jK6z6n(luHV2YitOTtp*|k5l_I) znTe2m=C_+XrYZ(zKB*m=|th)U>IFl#XFXX3! zr6AV4w5;H;23;UDXfqp(#VU_}1i?+LFSDKEX`5xJG{bfZ`#XtR!a6MHAl^X3wz6J| zB+6u!F> zB-0ff64DlwrR&%ncibpVK_l1V7YbDz6q8Dkhk^$cvX}>Szlcu-FAWppuJze=-*TZa zgO^`4=@DLYZvz>x^;9y<^II5OcU#xiF*#zl00#;6zjfV{bFNg{sXOCCU64~z9+5D1B2|JVaFLG4jSFXc zWQgg)j+li(ne@fXy$+y)Z@p)Sq6V{bhT9B+7bS}Dc**rH^VFOH8Q=s#fq2+}4Vmu& zj(+FgD~}}ATe38HjV*L z9JF4KSaYrsI)H`Ud1RzqEs@GzGgh$?DXZj*>)0xdX!g($_vNccL_mN$kA5p)p_eeK zT=J4(4eJ#GoWdl~-cIXzW_qMdwdF!mvCElLbC#q-W`dqMJ8g7w=)0p*44*vgn)q zWP(@Bhx2F*>szxU25FfxiDt~PE#DuIb~QRr7&8|*>E@Av{4O{N^+UBVUEp4Nl%{ZJ zq~LvWdT!lYW~*FE4PRFCkGcjQ5}kME*$@noL?Ml{18s~6jcMGcyV3Tsono5M-}y}( zD*}XQ7HnsHnS%^L2`U-{hBG+8$QY2T6@<~ntUC{%M?}CDEiG;khY<60Xp~? z6DThaC)WLp(t%S#*P!p+#LXBC%%i!FnE=dUrmRDIB-*1in8t<0N2b;{a0-4>bPGdi z$_PBk`SNn8zLgv~nGO*9J_D>CWEn8nZoN4J*Fq38Vk&K}@w;76F=L<;W=eEonJtEH zGSH_6fe-00#dd|SZac}XEoDCpc?vvT2{=4rIq43Q*|!)6I`iXP=q&ZJ&67I*ieD!8 zWCZ`}Y!n6fu`tpTH1RXVdbuphgF~Wf+r@QSkN@yZfz+I8@l6;$H!9;W{NkVO49ZXu zHar2&Xu}c$^b_tvFm7rF6CT479wN-;4Wlc#1L6wPwK>|Lb(kk$EC1y2ijakFs5Wds&H?9rGm!GMH}#LqigtzzZfiIJeu6 z7030_27kV5Jy20tXHQoVk`L0(u&$^ZTVNpXWcD3gs4MgaBnBViq3}Z|c$p9x^5t?C z_9&MMPls(<2D3dDHByzu;aN(R(6<#|xW+2|aNv)MQAeC=TT2;Am9nILC|wG^f8^q4 zVMuEnB3U?=o88UBBkM$G&K0h~X{U@b0SuFCeQ;YEfe^;;6tInx zAnMM>v^+Al_M{;Q96dV31}j|XJkMgfjO6aJ416IH&xi032F#LR^P+IT(Go~vj?}?A z&rs0zD$DFzrn4+l&^yPNc?@M(a5)JVdJiG4z(F@jrC*js5dz4{ACU)WjaR`V(lF9Q zp~8IXDp*{Do=(f@3Py62S!t_QG9k(VP`6mR562wSRW94nk^@i8*K^uF2dNaR@}nno z-ZO^aGO=<4Ct6L|J_B+(qsI`r&KvV}CQf0={6ti8$(lAs<0Yctk?VpfgDFO)?n2a) z4s#WrJK`j&cBEl30>M>AzY*RfpE*Q3Pd746yQoQY+AW7Zry)$c1Kpxb%S;FgXTL&n z?(Gq?x}X5bOJs?~`u_1J3_I>KjJV4S7FO5AsREqzX$ppRJRmQ)%gho^I;KqR`H)cc zyHKa~TUa7FYaA*w&2cO9O%q1(JpLj0x)sxYR%TIMp;6a`WV@Ce7!~h`9hFyiJm5G3I*G=de>=zvTK4NI%PO!Kp5VI(BX4|5cP)(^P!@)(;Ktl25 z;3R?yPlO{t($c4dU=XG3CbKZ31Tj3J%dWFIBtmvuC2%n~3t>>8Kt_y#qfge;wSuJt zP9Y@AxuMC}RONK?(Nzbv{0SCtTLH4$-9B=PsWj`z8Rt&*0&%18RqTT!82dh21-VLF z$RbLYE+Fn(`T`;fR1{X4!IZN_Wy#W03{v6T8(WVwz<2IrX((prnZmc8!<5K~w!~^3 z!H#%d#)lzb3|sdZGw$IDri@3FzV1)cCU26Eenh0U36YN=Q0=B#1Yr=6hzbU22@>HE zjgs!>Hg+ah={~N&T=9MvYQBRdi`nRy&0^=FqfAUXtWrjffjeFn*= zqJ|!lHW(w@Whh^jIee3cAToCL@C-N<6WxNhhv)lUS3|91MR5ZXLIqz$uz(^wTII$N zJQ`C$hDgW4bh#D|@gmAWnlGg_Tqld=M?;eX~qc|*k%i0Fxb_OXg>9#?RX!9 z2N^gvECh$y5kT=kazI1&53mhlNZ^oug`17k;JKnz^OvAUD+7)t#Y>IPi}$(bF1(2x zxD%Xh7$9jdx;+)iu50U%$9zng}~Tuz$maPHhmxFp=$3Nij0Y z6j9=2>H|9AAdvmLmpmDPKCoXB>u! znlG@|ZR$$xW7T}o5Nr)S5F&I6MR!S~8nU`VaO>?J z2$i@;xRmrq0CGTUpQ456K1c3^#-G{ATbmZZ1SsCKjc}7k&SnteUY<(Y+uFgkxB(eM`f|4`S3l@R9*qg8iZbF0p_D3g$3o32*U;f&2rW*m??0>u|)ermW-{ zLeVK0&^7^qGC7t;8!}I{ZCfF05i%jOK3;2yFdzX*v|Pc$P;mur`ayXLoT{U>QVqaS zJY1|^!hg$CAs?e|yPnVkODgJ?XJ6$L>%4smP;caB#2Mh_d}PwD$K(E`s} z*hl%Z2mR6P;4P&(3eq diff --git a/SyncTest/spiralsink57.png b/SyncTest/spiralsink57.png deleted file mode 100644 index ada42f210c65f4279fe750643c09d06dc9ee8f51..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7978 zcmV+_AJyQAP)4Tx05}naRo`#hR1`jmZ&IWdKOk5~hl<6oRa0BJ8yc;~21%2p?MfD<>DVeH z9(p*dx19w`~g7O0}n_%Aq@s%d)fBDv`JHkDym6Hd+5XuAtvnwRpGmK zVkc9?T=n|PIo~X-eVh__(Z?q}P9Z-Dj?gOW6|D%o20XmjW-qs4UjrD(li^iv8@eK9k+ZFm zVRFymFOPAzG5-%Pn|1W;U4vNroTa&AxDScmEA~{ri9gr1^c?U@uwSpaNnw8l_>cP1 zd;)kMQS_;jeRSUEM_*s96y65j1$)tOrwdK{YIQMt92l|D^(E_=$Rjw{b!QT@q!)ni zR`|5oW9X5n$Wv+HVc@|^eX5yXnsHX8PF3UX~a6)MwxDE0HaPjyrlI!;jX{6Kvuh*8ej?;85ekN$?5uuCiS zBTvvVG+XTxAO{m@bvM#Jr)z6J><&E22D|vq?Y?Vkbo_DijopiF$2PET#mZ8eu=y$(ArYkv7@Ex`GL?QCc!_*KFrd&;n1r7 zqW-CFs9&fT)ZaU5gc&=gBz-DaCw(vdOp0__x+47~U6sC(E(JNe@4cTT*n6*E zVH4eoU1-&7pEV~_PRe`a7v+@vy!^5}8?Y3)UmlaER00009a7bBm000XU000XU0RWnu7ytkotVu*cRA>cl zn%9pc*L8~dg zl}hxu_w?i*(TPsG65Q}G+MPDXzrR(uN2|PO%i^ee(7jOJ?=XhDTYh_}}s1;?JC0jZIyJ-xBp+>529#kh0lPSpB(`=V2^q1GxMc-k`ul>)m*c{u^n zE+IJXnCsPy=x3b7l7DlE|4+l#feRjyRx^qDhp>h!5tTwaP5uJsS} zqXh)liab?XGJ8>M&U%A5Z{iwAuVyjh%S&ExhD-F|C zKzYv&^SGnPJq%uei)>dYt7u{epLJ)>`ETJ$djLzJTCHd_8nM2<9&4N1vG%i{#YZ2X zjn&na=&jabcwi_k({3?FSH!|%xF@|=X@mH&-KfXIM~~vuPp<>)a@@FaGiuc;UNIJ@ zPMwIFT6XZ#wX8>RqMJ+BZ#VuU> z(&fv!FE6ddfdeyfVE?{+MuoQMzsA!Vp#b(2aABR&y{bGS&_aKT${oR1%6394w=OuZ zB(4s9S0I(0Sl`%+dSfRB1_zR0c6N5Sz8Ci&+>49n&c@K-V2lh8#}NC<;*;1N-cqa4 zQ-usGh>ClzZ*0bc`}gCMPp-rz-0{x62Rt(vV`HN+H947{q9Od#BUMTgkHSbm$pqfE zkuuWA@4|Ye(16LCiIu0i*R!3^bit}Q?y8t-t%3_~#-&SF;_;KmF@NN6oH=zW`uqFi z(ZfgaaN%Jz(bv(FC*zgZUWpb~+TPj#>|hKG4aN3$Jsx4vYuB#Dg-e$Jcr9g^oSKLu zhYvDJB?(Mx3#te=uU2qrK=uN&NDt4zDV|%Qk*897B|((;vk@I7XunfIUR62v*Ut6| zdFSq(xP0+^3=Z_gZeu2H!+QJo?~l>Zk(i%99P>vH$LZ52V}dxU5o=9c_z~=Q{rbhY z3@}M#d3gnQAB#f=49Y4 zT91z|T#g_8=$~SEXo9wf`r8fcJj-USQ=NY%Dd_u)o&D;oJ-7vv^ zhG+`VLK85;@!z9`|Lfm=Odo+6mFzJ4q`5Z2T8?>~sO)zvt1 z{i&uYVO^Z2xJz^6D2T8iumY?j>!cJ0hR)DA-cwlrIJESk@tz zAAhhZh*s{}F7Mi^XzN3qP=Q#~?@>Oj5{J6it=o4<+>deHJ*?T6vkJ8?2wlu+RIS>Z z0-4)-v7qkfc+F-j79K9d>dG=ww;`zkN5pFVIqpyX^Cu{9Bi?@dt1&yXkKxm*CpzYQ~P_P({dOM+oE-O03J& zkM|!~K=)+LIW=9xS_w>0T26ohHK!$Di3RI#*Xsz`j4A^<mY%93Ip}`z{ z9XGjg`(B*CaFOJGJu8{vk>S_}a|*-)S^!0y>7GSSlQpRwGj?QHi|wn8^WuyyK>-^uX zD9|+<{Up=UQ&KdVX)t53BDqXKd=7969qU;MO;1gyQra-HE~Ql;LRJe43pxEN(n2-!thsl93A7-!a+^u; z^Dn#7vN#%XG)81|?9zR-&Yd3FDiCn}j zugA`AGbSd+DZ{36&=n@NTjW7=on+y_cB{s-FRh1Fb*bs;>6}Bpg&;0%Y;SMHI2Lm} zQ;h7mySEePDBkbhy&Iz=qcOm<{V3DC+dzT!`c}sK07Rsci#42{m_K$Ze)-NXTxeM{&(IUc(#2B-LaoobVFy}2TFK3eX zX{RynN!|2b#CEr90B>%tlN%S}$>YcI+N-Z+#WT=97}eoI2~KERD5*thXZ*f^uzJ89 z!1`^jH54L-Qkf0%rA#{jYwJam6BFrWAD{a;X8vL}Nc`2S{58O+Tw5)#e>8GJ zA=Nc;B?XyaEoOLlG;6_ah{E_u07z$bBlYWUE=oCg83D4ZO42$xE9YE6T-!0#{NM-w z5a0RE-^JU1`F4!;j-}99ETD*c6cetSs$hY+)}!SF=y4Sfaz>-|9Roe3GF7NGZmT0V zNKSGCo`#Gnx_bQh@$XyInw(9ly230hID)IlqPo@=v8YBRjVDhY#RgNLt?kW>O^KkN zdefRyE39vL(G)Qy6SNH{R)^_w@CT(>et z6;v-tC3=j|E__+m3E2C78%A>n4iE~bkReiWrPXs~P;k17no-CDa|dA2>5KuBx-n_I zY*T>m)OTWZSn%V?g2v1UipX?_3c^r*tENpBy+s!zB{6s4G{SQ8fhpYvaRg!sBD$z2=nU>airU{ME4|%RJmgz}Z z1*V%C#}*kiU8SffIxy)N%XxFjX#Kh(u3;WrWJa*KxR{ohL;(|%6Pdj2(B0{h>!%jf zYJPfVCKY9wcK_bpRG{QzI@qEJ7=w(KnQPj9(uxIZ>-w(T&CX26SKj(^T)loRSL0UK zS2At%;Lf_IX{ofL#_8a?dVU3F#wWs4NaNv#>OVdhm)xZ&_z#QPb}>$ zVU?l?m}JRs1^`;$pf?vDz)jTPd+)wO`Z_s-%8igttFVo zPCZ8Y$agGi8)ItQ&9Jd1R%x%l_If;b=DGOr!{5b+XFp11j^Q=BtDcekko=}a1A?4N zusI`w&}^fD8jOd6n6PGz*_T=x9v&h-s8YyJcH}JIcr^A*CDM~=#NydRuSj<9l$G4!fDq`Vz2xYxY zWix6i$ho0og_Ns{B4hVCWi@OBWiEGhaFejvBt-nKxs0GyDhOjqrj>kJ63~rwv9dD< zknK{NB=8Yj$2HUIpWcd-r%%K<>E{xa%k}G5^B57b%5iYrad@~dV{>Jr5wE`bO0KJV z&rJpBhALcnBo2AN#pE_`*JRi|ih*1SKxQp&DQB1*gv=z#EkM;d*E5{eD7zC1XRzre zolY}-SWRa=31}CimZ@;8N!?5Zxnjpku>SsJ@o`#ahB&gQwlJ7sCi2qDucRxVIB_yr z^U}o&3F6VhBi=SO;=AAd`(##0NHhEc6K7x0q`2fCaIFs##rAE$XT^w8Bxlxz)_eDQ@B2%DJ%sLU!~3|df2dS1)rMPkkx*6Gv&C6tT5Mf??RRIFUIh@M4letZPpG&`}yP?TFQ)Lkb*OBJ5~TYS9oUCB(cL5zR{^q5Ne7|Uxpw*TCEiqB>ORA`Fuz{1Lijkfb4K*?OD|^uvrKwZK`K}) zCxa8eTl7=sdiD9wz4(0r$Wq3J+RzHl_ap{d`}jYuQfMaw5!QX<46_;fx#8 zbHB06HDg%vD*JcQ*~&-~5}?y53jyQERHlF4BHg_E-n*>JenL=C<=|!eQ2G>1t}L$S z&XUGn_}mNGmy2E!j^JD|bPdRgY!wXKOwnph;#r~H6vV;RsAS{x<@29^CI0M}l$TEVvrCSOmMm8)9o@!$TsQn>&Oj4CGRYN!bz{DP^|pCSty`+V8sPSIn3z}UWC9qN%uxCI*S|q!#MBBRsjw%5nzOj6K%O6h z4G$eW6sxSi{N^|B=gORGKUzJPLa?YHjX$r+d|KIKH;aDXGn!+K*CAdDSh(N2caQa= zs|d;R3GCTIIi?^hr7G^fuFK(yR@Hs zlOz4K^0lx1O#u=YD}WMJf=-~&HXyaGmC!-vYtp_9?EA(gYE#pU*6np|6>z$&))1hH zT^D!F$7!1}m`Y&arKKm3+}*UM^TT1^Q&Iw27q6pCt(Pl#$f2T5ISl~mntPOm4c=cm zTN!F@#{`xe>S;tjFMCNcu}ygR-X^CUdeK+^>aPLox@NJWW``zdfm%yiVF*}D8H>X( zrtka}xFiB&!Cj_Q`?_txq&sP`0iJO=vz-1A)@gMWXTtYY_zbIleN$i>~#Y>!;m zrm}K{&Rm))3OOtl`vEuFhM9vUksc@tnF*LADpQ{2Jk#wg;A^s%)`||(6Tq~!DAvdq zCmjH?E3`l@`|7?&yn7oa?!)bP$Im=)W_mU)Bnb18gX}=(f_90qhY3K1T}2s(PK`_( z0=K$p(&q}6l|-yiw3=;wt*2uBZUQX5q_rJmO^Oa;P6N2)%?pZ*cb&7pih>#6Uj}Wl zD7U&p7};62;Q=YT0>F+|?3nNDSbd-&K&lI^uBELHR}qROFfUpJX9|*8O)svb3q(M4 z$xESP@@w5|tnckW_v=a zpb>I)uM>;g{8(ulPomnXseQp2plYguGq(kq`Awj@F3{SAMb%a|=AsrZH`i-qT>DTs z1@+i1$3R)R=A%Uz(~8II#SSRtNNaJ-V_@T>6$4F}vb7ccxMhV^;;2Ao+_zMFCO2&% z%}px7MJDzub=;dyFb%GZ>)Ls-xh_%)UjB*#A<(Gt$rJqhA+Rpc;>fGH6_6Mja0)D_ z5=3dqv=#vM5Uo{OPk|&2<4SN^ZoI>Et3p17|C%md<4rtBJD+#7Lf!@tRvK7ti-N!u zh(&vC%6&1_bUWis?WSe45RYqi0TtFNtyq95KNF0D`Jdkk!0}TH3Ak&m?swj!ZO#eH zXHjClP6FIeyAE4!#BdL;h846>1wqp#bz#RcbYRjwiiqW{y?8_lvKZ(i?F_&hDOXA& z0b=#lwUroyJbcsSCMZD)(1Y%o7re@&B`ATpqt$dX0l9at3CeqUt*~mgE}ojn z))?{)uoiUy83p$2lX(2&cM9=~MwZYbAjB$5;YXi5l zKzI2;M%78&3KvYl^SFE7J?=K~EC_yH#!Yaq2Z5d*CdtS>B1}JLckACR1Lc3a(4o7RS9JyYczW|Hf7P^)K^i)_3^MUqWOkugP3P04X`m|M4;btmZ>k86c zaQ@EjaeXfy;+7kGx+U*1oyOT#EogMckeOACKnj5PFXKC8dWT2g;MHATkFgp{>dguh zQhtHa=Ywf`8r#rDg%I7NE;z3h!|~dS`+!2R8aj$L=BYB zHbF+HrD7~Q%yA3+uwo6i>_rj7`eX%DsdUaYO1ZY9T!Qv>gkox8<<%oC(5QA>8? zLKR^rs+4y0SKp<`rfjnT;Xq%0u-lF5?rt92#wnGSY2)U4LNDN^I;^e6Hp?VU24;1Q z3d%lu(YlJ+#ue?UN`l8Au}X#V2+OVR;>y*&7^KfqXoWROO*D=tZ`eo5{QU&v?7 z>WP{gTogC8EdqKZXYyEqPST=)+{LPvYBnsEw_R z2u4M=vH`=#^{30kr=EQW4fmq zi{Ninc#V)9(iuM{vIy>=ZDXl-j|C-SZoJwk+>k-)Ja1mp*(3v9QHnQrwYa~osr&Lu0 zbNN8`9CSemtq*W>s;^B&PkQcWHH{dxsP_F~9|iLSWHM4^0SW*ngI%X(YLs(}XX98x zaX|b!K`oKzR-IsjW(du7dRRrEtzspq&{W_?gA9#WS*%MY#+`rmNOyd4lilZS%Tsw* g%c+z+1GAw27e(`!o}^;#FaQ7m07*qoM6N<$g0ISZMF0Q* diff --git a/base/SecBase.h b/base/SecBase.h new file mode 100644 index 00000000..b42b3486 --- /dev/null +++ b/base/SecBase.h @@ -0,0 +1,688 @@ +/* + * Copyright (c) 2000-2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +#ifndef _SECURITY_SECBASE_H_ +#define _SECURITY_SECBASE_H_ + +#include +#include +#include + +#if TARGET_OS_OSX + #ifdef SEC_IOS_ON_OSX + #define SEC_OS_IPHONE 1 + #define SEC_OS_IPHONE_INCLUDES 0 + + #define SEC_OS_OSX 0 + #define SEC_OS_OSX_INCLUDES 1 + #endif // SEC_IOS_ON_OSX +#endif // TARGET_OS_OSX + +#ifndef SEC_OS_IPHONE + // block above did not fire; set flags to current platform + #define SEC_OS_IPHONE TARGET_OS_IPHONE + #define SEC_OS_IPHONE_INCLUDES TARGET_OS_IPHONE + + #define SEC_OS_OSX TARGET_OS_OSX + #define SEC_OS_OSX_INCLUDES TARGET_OS_OSX +#endif + +#if SEC_OS_IPHONE +#include +#endif + +#if defined(__clang__) +#define SEC_DEPRECATED_ATTRIBUTE DEPRECATED_ATTRIBUTE +#else +#define SEC_DEPRECATED_ATTRIBUTE +#endif + +__BEGIN_DECLS + +CF_ASSUME_NONNULL_BEGIN +CF_IMPLICIT_BRIDGING_ENABLED + + +#if SEC_OS_IPHONE +#define SECTYPE(a) __##a +#elif SEC_OS_OSX +#define SECTYPE(a) Opaque##a##Ref +#endif + +/*! + @typedef SecCertificateRef + @abstract CFType representing a X.509 certificate. + See SecCertificate.h for details. +*/ +typedef struct CF_BRIDGED_TYPE(id) SECTYPE(SecCertificate) *SecCertificateRef; + +/*! + @typedef SecIdentityRef + @abstract CFType representing an identity, which contains + a SecKeyRef and an associated SecCertificateRef. See + SecIdentity.h for details. +*/ +typedef struct CF_BRIDGED_TYPE(id) SECTYPE(SecIdentity) *SecIdentityRef; + +/*! + @typedef SecKeyRef + @abstract CFType representing a cryptographic key. See + SecKey.h for details. +*/ +typedef struct CF_BRIDGED_TYPE(id) SECTYPE(SecKey) *SecKeyRef; + +/*! + @typedef SecPolicyRef + @abstract CFType representing a X.509 certificate trust policy. + See SecPolicy.h for details. +*/ +typedef struct CF_BRIDGED_TYPE(id) SECTYPE(SecPolicy) *SecPolicyRef; + +/*! + @typedef SecAccessControl + @abstract CFType representing access control for an item. + SecAccessControl.h for details. +*/ +typedef struct CF_BRIDGED_TYPE(id) SECTYPE(SecAccessControl) *SecAccessControlRef; + +#if SEC_OS_OSX_INCLUDES + +/*! + @typedef SecKeychainRef + @abstract Contains information about a keychain. +*/ +typedef struct CF_BRIDGED_TYPE(id) SECTYPE(SecKeychain) *SecKeychainRef; + +/*! + @typedef SecKeychainItemRef + @abstract Contains information about a keychain item. +*/ +typedef struct CF_BRIDGED_TYPE(id) SECTYPE(SecKeychainItem) *SecKeychainItemRef; + +/*! + @typedef SecKeychainSearchRef + @abstract Contains information about a keychain search. +*/ +typedef struct CF_BRIDGED_TYPE(id) SECTYPE(SecKeychainSearch) *SecKeychainSearchRef; + +/*! + @typedef SecKeychainAttrType + @abstract Represents a keychain attribute type. +*/ +typedef OSType SecKeychainAttrType; + +/*! + @struct SecKeychainAttribute + @abstract Contains keychain attributes. + @field tag A 4-byte attribute tag. + @field length The length of the buffer pointed to by data. + @field data A pointer to the attribute data. +*/ +struct SecKeychainAttribute +{ + SecKeychainAttrType tag; + UInt32 length; + void *data; +}; +typedef struct SecKeychainAttribute SecKeychainAttribute; + +/*! + @typedef SecKeychainAttributePtr + @abstract Represents a pointer to a keychain attribute structure. +*/ +typedef SecKeychainAttribute *SecKeychainAttributePtr; + +/*! + @typedef SecKeychainAttributeList + @abstract Represents a list of keychain attributes. + @field count An unsigned 32-bit integer that represents the number of keychain attributes in the array. + @field attr A pointer to the first keychain attribute in the array. +*/ +struct SecKeychainAttributeList +{ + UInt32 count; + SecKeychainAttribute *attr; +}; +typedef struct SecKeychainAttributeList SecKeychainAttributeList; + +/*! + @typedef SecKeychainStatus + @abstract Represents the status of a keychain. +*/ +typedef UInt32 SecKeychainStatus; + +/*! + @typedef SecTrustedApplicationRef + @abstract Contains information about a trusted application. +*/ +typedef struct CF_BRIDGED_TYPE(id) SECTYPE(SecTrustedApplication) *SecTrustedApplicationRef; + +/*! + @typedef SecAccessRef + @abstract Contains information about an access. +*/ +typedef struct CF_BRIDGED_TYPE(id) SECTYPE(SecAccess) *SecAccessRef; + +/*! + @typedef SecACLRef + @abstract Contains information about an access control list (ACL) entry. +*/ +typedef struct CF_BRIDGED_TYPE(id) SECTYPE(SecTrust) *SecACLRef; + +/*! + @typedef SecPasswordRef + @abstract Contains information about a password. +*/ +typedef struct CF_BRIDGED_TYPE(id) SECTYPE(SecPassword) *SecPasswordRef; + +/*! + @typedef SecKeychainAttributeInfo + @abstract Represents an attribute. + @field count The number of tag-format pairs in the respective arrays. + @field tag A pointer to the first attribute tag in the array. + @field format A pointer to the first CSSM_DB_ATTRIBUTE_FORMAT in the array. + @discussion Each tag and format item form a pair. +*/ +struct SecKeychainAttributeInfo +{ + UInt32 count; + UInt32 *tag; + UInt32 *format; +}; +typedef struct SecKeychainAttributeInfo SecKeychainAttributeInfo; + +/*! + @function SecCopyErrorMessageString + @abstract Returns a string describing the specified error result code. + @param status An error result code of type OSStatus or CSSM_RETURN, as returned by a Security or CSSM function. + @reserved Reserved for future use. Your code should pass NULL in this parameter. + @result A reference to an error string, or NULL if no error string is available for the specified result code. Your code must release this reference by calling the CFRelease function. +*/ +__nullable +CFStringRef SecCopyErrorMessageString(OSStatus status, void * __nullable reserved) + __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_NA); + +#endif // SEC_OS_OSX_INCLUDES + +#undef SECTYPE + + +/*! +@enum Security Error Codes +@abstract Result codes returned from Security framework functions. +@constant errSecSuccess No error. +@constant errSecUnimplemented Function or operation not implemented. +@constant errSecDskFull Disk Full error. +@constant errSecIO I/O error. +@constant errSecParam One or more parameters passed to a function were not valid. +@constant errSecWrPerm Write permissions error. +@constant errSecAllocate Failed to allocate memory. +@constant errSecUserCanceled User canceled the operation. +@constant errSecBadReq Bad parameter or invalid state for operation. +@constant errSecInternalComponent +@constant errSecCoreFoundationUnknown +@constant errSecNotAvailable No keychain is available. +@constant errSecReadOnly Read only error. +@constant errSecAuthFailed Authorization/Authentication failed. +@constant errSecNoSuchKeychain The keychain does not exist. +@constant errSecInvalidKeychain The keychain is not valid. +@constant errSecDuplicateKeychain A keychain with the same name already exists. +@constant errSecDuplicateCallback The specified callback is already installed. +@constant errSecInvalidCallback The specified callback is not valid. +@constant errSecDuplicateItem The item already exists. +@constant errSecItemNotFound The item cannot be found. +@constant errSecBufferTooSmall The buffer is too small. +@constant errSecDataTooLarge The data is too large. +@constant errSecNoSuchAttr The attribute does not exist. +@constant errSecInvalidItemRef The item reference is invalid. +@constant errSecInvalidSearchRef The search reference is invalid. +@constant errSecNoSuchClass The keychain item class does not exist. +@constant errSecNoDefaultKeychain A default keychain does not exist. +@constant errSecInteractionNotAllowed User interaction is not allowed. +@constant errSecReadOnlyAttr The attribute is read only. +@constant errSecWrongSecVersion The version is incorrect. +@constant errSecKeySizeNotAllowed The key size is not allowed. +@constant errSecNoStorageModule There is no storage module available. +@constant errSecNoCertificateModule There is no certificate module available. +@constant errSecNoPolicyModule There is no policy module available. +@constant errSecInteractionRequired User interaction is required. +@constant errSecDataNotAvailable The data is not available. +@constant errSecDataNotModifiable The data is not modifiable. +@constant errSecCreateChainFailed The attempt to create a certificate chain failed. +@constant errSecACLNotSimple The access control list is not in standard simple form. +@constant errSecPolicyNotFound The policy specified cannot be found. +@constant errSecInvalidTrustSetting The specified trust setting is invalid. +@constant errSecNoAccessForItem The specified item has no access control. +@constant errSecInvalidOwnerEdit Invalid attempt to change the owner of this item. +@constant errSecTrustNotAvailable No trust results are available. +@constant errSecUnsupportedFormat Import/Export format unsupported. +@constant errSecUnknownFormat Unknown format in import. +@constant errSecKeyIsSensitive Key material must be wrapped for export. +@constant errSecMultiplePrivKeys An attempt was made to import multiple private keys. +@constant errSecPassphraseRequired Passphrase is required for import/export. +@constant errSecInvalidPasswordRef The password reference was invalid. +@constant errSecInvalidTrustSettings The Trust Settings Record was corrupted. +@constant errSecNoTrustSettings No Trust Settings were found. +@constant errSecPkcs12VerifyFailure MAC verification failed during PKCS12 Import. +@constant errSecDecode Unable to decode the provided data. + +@discussion The assigned error space is discontinuous: e.g. -25240..-25279, -25290..-25329, -68608..-67585, and so on. +*/ + +/* + Note: the comments that appear after these errors are used to create SecErrorMessages.strings. + The comments must not be multi-line, and should be in a form meaningful to an end user. If + a different or additional comment is needed, it can be put in the header doc format, or on a + line that does not start with errZZZ. +*/ + +CF_ENUM(OSStatus) +{ + errSecSuccess = 0, /* No error. */ + errSecUnimplemented = -4, /* Function or operation not implemented. */ + errSecDskFull = -34, + errSecIO = -36, /*I/O error (bummers)*/ + errSecOpWr = -49, /*file already open with with write permission*/ + errSecParam = -50, /* One or more parameters passed to a function were not valid. */ + errSecWrPerm = -61, /* write permissions error*/ + errSecAllocate = -108, /* Failed to allocate memory. */ + errSecUserCanceled = -128, /* User canceled the operation. */ + errSecBadReq = -909, /* Bad parameter or invalid state for operation. */ + + errSecInternalComponent = -2070, + errSecCoreFoundationUnknown = -4960, + + errSecNotAvailable = -25291, /* No keychain is available. You may need to restart your computer. */ + errSecReadOnly = -25292, /* This keychain cannot be modified. */ + errSecAuthFailed = -25293, /* The user name or passphrase you entered is not correct. */ + errSecNoSuchKeychain = -25294, /* The specified keychain could not be found. */ + errSecInvalidKeychain = -25295, /* The specified keychain is not a valid keychain file. */ + errSecDuplicateKeychain = -25296, /* A keychain with the same name already exists. */ + errSecDuplicateCallback = -25297, /* The specified callback function is already installed. */ + errSecInvalidCallback = -25298, /* The specified callback function is not valid. */ + errSecDuplicateItem = -25299, /* The specified item already exists in the keychain. */ + errSecItemNotFound = -25300, /* The specified item could not be found in the keychain. */ + errSecBufferTooSmall = -25301, /* There is not enough memory available to use the specified item. */ + errSecDataTooLarge = -25302, /* This item contains information which is too large or in a format that cannot be displayed. */ + errSecNoSuchAttr = -25303, /* The specified attribute does not exist. */ + errSecInvalidItemRef = -25304, /* The specified item is no longer valid. It may have been deleted from the keychain. */ + errSecInvalidSearchRef = -25305, /* Unable to search the current keychain. */ + errSecNoSuchClass = -25306, /* The specified item does not appear to be a valid keychain item. */ + errSecNoDefaultKeychain = -25307, /* A default keychain could not be found. */ + errSecInteractionNotAllowed = -25308, /* User interaction is not allowed. */ + errSecReadOnlyAttr = -25309, /* The specified attribute could not be modified. */ + errSecWrongSecVersion = -25310, /* This keychain was created by a different version of the system software and cannot be opened. */ + errSecKeySizeNotAllowed = -25311, /* This item specifies a key size which is too large. */ + errSecNoStorageModule = -25312, /* A required component (data storage module) could not be loaded. You may need to restart your computer. */ + errSecNoCertificateModule = -25313, /* A required component (certificate module) could not be loaded. You may need to restart your computer. */ + errSecNoPolicyModule = -25314, /* A required component (policy module) could not be loaded. You may need to restart your computer. */ + errSecInteractionRequired = -25315, /* User interaction is required, but is currently not allowed. */ + errSecDataNotAvailable = -25316, /* The contents of this item cannot be retrieved. */ + errSecDataNotModifiable = -25317, /* The contents of this item cannot be modified. */ + errSecCreateChainFailed = -25318, /* One or more certificates required to validate this certificate cannot be found. */ + errSecInvalidPrefsDomain = -25319, /* The specified preferences domain is not valid. */ + errSecInDarkWake = -25320, /* In dark wake, no UI possible */ + + errSecACLNotSimple = -25240, /* The specified access control list is not in standard (simple) form. */ + errSecPolicyNotFound = -25241, /* The specified policy cannot be found. */ + errSecInvalidTrustSetting = -25242, /* The specified trust setting is invalid. */ + errSecNoAccessForItem = -25243, /* The specified item has no access control. */ + errSecInvalidOwnerEdit = -25244, /* Invalid attempt to change the owner of this item. */ + errSecTrustNotAvailable = -25245, /* No trust results are available. */ + errSecUnsupportedFormat = -25256, /* Import/Export format unsupported. */ + errSecUnknownFormat = -25257, /* Unknown format in import. */ + errSecKeyIsSensitive = -25258, /* Key material must be wrapped for export. */ + errSecMultiplePrivKeys = -25259, /* An attempt was made to import multiple private keys. */ + errSecPassphraseRequired = -25260, /* Passphrase is required for import/export. */ + errSecInvalidPasswordRef = -25261, /* The password reference was invalid. */ + errSecInvalidTrustSettings = -25262, /* The Trust Settings Record was corrupted. */ + errSecNoTrustSettings = -25263, /* No Trust Settings were found. */ + errSecPkcs12VerifyFailure = -25264, /* MAC verification failed during PKCS12 import (wrong password?) */ + errSecNotSigner = -26267, /* A certificate was not signed by its proposed parent. */ + + errSecDecode = -26275, /* Unable to decode the provided data. */ + + errSecServiceNotAvailable = -67585, /* The required service is not available. */ + errSecInsufficientClientID = -67586, /* The client ID is not correct. */ + errSecDeviceReset = -67587, /* A device reset has occurred. */ + errSecDeviceFailed = -67588, /* A device failure has occurred. */ + errSecAppleAddAppACLSubject = -67589, /* Adding an application ACL subject failed. */ + errSecApplePublicKeyIncomplete = -67590, /* The public key is incomplete. */ + errSecAppleSignatureMismatch = -67591, /* A signature mismatch has occurred. */ + errSecAppleInvalidKeyStartDate = -67592, /* The specified key has an invalid start date. */ + errSecAppleInvalidKeyEndDate = -67593, /* The specified key has an invalid end date. */ + errSecConversionError = -67594, /* A conversion error has occurred. */ + errSecAppleSSLv2Rollback = -67595, /* A SSLv2 rollback error has occurred. */ + errSecDiskFull = -34, /* The disk is full. */ + errSecQuotaExceeded = -67596, /* The quota was exceeded. */ + errSecFileTooBig = -67597, /* The file is too big. */ + errSecInvalidDatabaseBlob = -67598, /* The specified database has an invalid blob. */ + errSecInvalidKeyBlob = -67599, /* The specified database has an invalid key blob. */ + errSecIncompatibleDatabaseBlob = -67600, /* The specified database has an incompatible blob. */ + errSecIncompatibleKeyBlob = -67601, /* The specified database has an incompatible key blob. */ + errSecHostNameMismatch = -67602, /* A host name mismatch has occurred. */ + errSecUnknownCriticalExtensionFlag = -67603, /* There is an unknown critical extension flag. */ + errSecNoBasicConstraints = -67604, /* No basic constraints were found. */ + errSecNoBasicConstraintsCA = -67605, /* No basic CA constraints were found. */ + errSecInvalidAuthorityKeyID = -67606, /* The authority key ID is not valid. */ + errSecInvalidSubjectKeyID = -67607, /* The subject key ID is not valid. */ + errSecInvalidKeyUsageForPolicy = -67608, /* The key usage is not valid for the specified policy. */ + errSecInvalidExtendedKeyUsage = -67609, /* The extended key usage is not valid. */ + errSecInvalidIDLinkage = -67610, /* The ID linkage is not valid. */ + errSecPathLengthConstraintExceeded = -67611, /* The path length constraint was exceeded. */ + errSecInvalidRoot = -67612, /* The root or anchor certificate is not valid. */ + errSecCRLExpired = -67613, /* The CRL has expired. */ + errSecCRLNotValidYet = -67614, /* The CRL is not yet valid. */ + errSecCRLNotFound = -67615, /* The CRL was not found. */ + errSecCRLServerDown = -67616, /* The CRL server is down. */ + errSecCRLBadURI = -67617, /* The CRL has a bad Uniform Resource Identifier. */ + errSecUnknownCertExtension = -67618, /* An unknown certificate extension was encountered. */ + errSecUnknownCRLExtension = -67619, /* An unknown CRL extension was encountered. */ + errSecCRLNotTrusted = -67620, /* The CRL is not trusted. */ + errSecCRLPolicyFailed = -67621, /* The CRL policy failed. */ + errSecIDPFailure = -67622, /* The issuing distribution point was not valid. */ + errSecSMIMEEmailAddressesNotFound = -67623, /* An email address mismatch was encountered. */ + errSecSMIMEBadExtendedKeyUsage = -67624, /* The appropriate extended key usage for SMIME was not found. */ + errSecSMIMEBadKeyUsage = -67625, /* The key usage is not compatible with SMIME. */ + errSecSMIMEKeyUsageNotCritical = -67626, /* The key usage extension is not marked as critical. */ + errSecSMIMENoEmailAddress = -67627, /* No email address was found in the certificate. */ + errSecSMIMESubjAltNameNotCritical = -67628, /* The subject alternative name extension is not marked as critical. */ + errSecSSLBadExtendedKeyUsage = -67629, /* The appropriate extended key usage for SSL was not found. */ + errSecOCSPBadResponse = -67630, /* The OCSP response was incorrect or could not be parsed. */ + errSecOCSPBadRequest = -67631, /* The OCSP request was incorrect or could not be parsed. */ + errSecOCSPUnavailable = -67632, /* OCSP service is unavailable. */ + errSecOCSPStatusUnrecognized = -67633, /* The OCSP server did not recognize this certificate. */ + errSecEndOfData = -67634, /* An end-of-data was detected. */ + errSecIncompleteCertRevocationCheck = -67635, /* An incomplete certificate revocation check occurred. */ + errSecNetworkFailure = -67636, /* A network failure occurred. */ + errSecOCSPNotTrustedToAnchor = -67637, /* The OCSP response was not trusted to a root or anchor certificate. */ + errSecRecordModified = -67638, /* The record was modified. */ + errSecOCSPSignatureError = -67639, /* The OCSP response had an invalid signature. */ + errSecOCSPNoSigner = -67640, /* The OCSP response had no signer. */ + errSecOCSPResponderMalformedReq = -67641, /* The OCSP responder was given a malformed request. */ + errSecOCSPResponderInternalError = -67642, /* The OCSP responder encountered an internal error. */ + errSecOCSPResponderTryLater = -67643, /* The OCSP responder is busy, try again later. */ + errSecOCSPResponderSignatureRequired = -67644, /* The OCSP responder requires a signature. */ + errSecOCSPResponderUnauthorized = -67645, /* The OCSP responder rejected this request as unauthorized. */ + errSecOCSPResponseNonceMismatch = -67646, /* The OCSP response nonce did not match the request. */ + errSecCodeSigningBadCertChainLength = -67647, /* Code signing encountered an incorrect certificate chain length. */ + errSecCodeSigningNoBasicConstraints = -67648, /* Code signing found no basic constraints. */ + errSecCodeSigningBadPathLengthConstraint = -67649, /* Code signing encountered an incorrect path length constraint. */ + errSecCodeSigningNoExtendedKeyUsage = -67650, /* Code signing found no extended key usage. */ + errSecCodeSigningDevelopment = -67651, /* Code signing indicated use of a development-only certificate. */ + errSecResourceSignBadCertChainLength = -67652, /* Resource signing has encountered an incorrect certificate chain length. */ + errSecResourceSignBadExtKeyUsage = -67653, /* Resource signing has encountered an error in the extended key usage. */ + errSecTrustSettingDeny = -67654, /* The trust setting for this policy was set to Deny. */ + errSecInvalidSubjectName = -67655, /* An invalid certificate subject name was encountered. */ + errSecUnknownQualifiedCertStatement = -67656, /* An unknown qualified certificate statement was encountered. */ + errSecMobileMeRequestQueued = -67657, /* The MobileMe request will be sent during the next connection. */ + errSecMobileMeRequestRedirected = -67658, /* The MobileMe request was redirected. */ + errSecMobileMeServerError = -67659, /* A MobileMe server error occurred. */ + errSecMobileMeServerNotAvailable = -67660, /* The MobileMe server is not available. */ + errSecMobileMeServerAlreadyExists = -67661, /* The MobileMe server reported that the item already exists. */ + errSecMobileMeServerServiceErr = -67662, /* A MobileMe service error has occurred. */ + errSecMobileMeRequestAlreadyPending = -67663, /* A MobileMe request is already pending. */ + errSecMobileMeNoRequestPending = -67664, /* MobileMe has no request pending. */ + errSecMobileMeCSRVerifyFailure = -67665, /* A MobileMe CSR verification failure has occurred. */ + errSecMobileMeFailedConsistencyCheck = -67666, /* MobileMe has found a failed consistency check. */ + errSecNotInitialized = -67667, /* A function was called without initializing CSSM. */ + errSecInvalidHandleUsage = -67668, /* The CSSM handle does not match with the service type. */ + errSecPVCReferentNotFound = -67669, /* A reference to the calling module was not found in the list of authorized callers. */ + errSecFunctionIntegrityFail = -67670, /* A function address was not within the verified module. */ + errSecInternalError = -67671, /* An internal error has occurred. */ + errSecMemoryError = -67672, /* A memory error has occurred. */ + errSecInvalidData = -67673, /* Invalid data was encountered. */ + errSecMDSError = -67674, /* A Module Directory Service error has occurred. */ + errSecInvalidPointer = -67675, /* An invalid pointer was encountered. */ + errSecSelfCheckFailed = -67676, /* Self-check has failed. */ + errSecFunctionFailed = -67677, /* A function has failed. */ + errSecModuleManifestVerifyFailed = -67678, /* A module manifest verification failure has occurred. */ + errSecInvalidGUID = -67679, /* An invalid GUID was encountered. */ + errSecInvalidHandle = -67680, /* An invalid handle was encountered. */ + errSecInvalidDBList = -67681, /* An invalid DB list was encountered. */ + errSecInvalidPassthroughID = -67682, /* An invalid passthrough ID was encountered. */ + errSecInvalidNetworkAddress = -67683, /* An invalid network address was encountered. */ + errSecCRLAlreadySigned = -67684, /* The certificate revocation list is already signed. */ + errSecInvalidNumberOfFields = -67685, /* An invalid number of fields were encountered. */ + errSecVerificationFailure = -67686, /* A verification failure occurred. */ + errSecUnknownTag = -67687, /* An unknown tag was encountered. */ + errSecInvalidSignature = -67688, /* An invalid signature was encountered. */ + errSecInvalidName = -67689, /* An invalid name was encountered. */ + errSecInvalidCertificateRef = -67690, /* An invalid certificate reference was encountered. */ + errSecInvalidCertificateGroup = -67691, /* An invalid certificate group was encountered. */ + errSecTagNotFound = -67692, /* The specified tag was not found. */ + errSecInvalidQuery = -67693, /* The specified query was not valid. */ + errSecInvalidValue = -67694, /* An invalid value was detected. */ + errSecCallbackFailed = -67695, /* A callback has failed. */ + errSecACLDeleteFailed = -67696, /* An ACL delete operation has failed. */ + errSecACLReplaceFailed = -67697, /* An ACL replace operation has failed. */ + errSecACLAddFailed = -67698, /* An ACL add operation has failed. */ + errSecACLChangeFailed = -67699, /* An ACL change operation has failed. */ + errSecInvalidAccessCredentials = -67700, /* Invalid access credentials were encountered. */ + errSecInvalidRecord = -67701, /* An invalid record was encountered. */ + errSecInvalidACL = -67702, /* An invalid ACL was encountered. */ + errSecInvalidSampleValue = -67703, /* An invalid sample value was encountered. */ + errSecIncompatibleVersion = -67704, /* An incompatible version was encountered. */ + errSecPrivilegeNotGranted = -67705, /* The privilege was not granted. */ + errSecInvalidScope = -67706, /* An invalid scope was encountered. */ + errSecPVCAlreadyConfigured = -67707, /* The PVC is already configured. */ + errSecInvalidPVC = -67708, /* An invalid PVC was encountered. */ + errSecEMMLoadFailed = -67709, /* The EMM load has failed. */ + errSecEMMUnloadFailed = -67710, /* The EMM unload has failed. */ + errSecAddinLoadFailed = -67711, /* The add-in load operation has failed. */ + errSecInvalidKeyRef = -67712, /* An invalid key was encountered. */ + errSecInvalidKeyHierarchy = -67713, /* An invalid key hierarchy was encountered. */ + errSecAddinUnloadFailed = -67714, /* The add-in unload operation has failed. */ + errSecLibraryReferenceNotFound = -67715, /* A library reference was not found. */ + errSecInvalidAddinFunctionTable = -67716, /* An invalid add-in function table was encountered. */ + errSecInvalidServiceMask = -67717, /* An invalid service mask was encountered. */ + errSecModuleNotLoaded = -67718, /* A module was not loaded. */ + errSecInvalidSubServiceID = -67719, /* An invalid subservice ID was encountered. */ + errSecAttributeNotInContext = -67720, /* An attribute was not in the context. */ + errSecModuleManagerInitializeFailed = -67721, /* A module failed to initialize. */ + errSecModuleManagerNotFound = -67722, /* A module was not found. */ + errSecEventNotificationCallbackNotFound = -67723, /* An event notification callback was not found. */ + errSecInputLengthError = -67724, /* An input length error was encountered. */ + errSecOutputLengthError = -67725, /* An output length error was encountered. */ + errSecPrivilegeNotSupported = -67726, /* The privilege is not supported. */ + errSecDeviceError = -67727, /* A device error was encountered. */ + errSecAttachHandleBusy = -67728, /* The CSP handle was busy. */ + errSecNotLoggedIn = -67729, /* You are not logged in. */ + errSecAlgorithmMismatch = -67730, /* An algorithm mismatch was encountered. */ + errSecKeyUsageIncorrect = -67731, /* The key usage is incorrect. */ + errSecKeyBlobTypeIncorrect = -67732, /* The key blob type is incorrect. */ + errSecKeyHeaderInconsistent = -67733, /* The key header is inconsistent. */ + errSecUnsupportedKeyFormat = -67734, /* The key header format is not supported. */ + errSecUnsupportedKeySize = -67735, /* The key size is not supported. */ + errSecInvalidKeyUsageMask = -67736, /* The key usage mask is not valid. */ + errSecUnsupportedKeyUsageMask = -67737, /* The key usage mask is not supported. */ + errSecInvalidKeyAttributeMask = -67738, /* The key attribute mask is not valid. */ + errSecUnsupportedKeyAttributeMask = -67739, /* The key attribute mask is not supported. */ + errSecInvalidKeyLabel = -67740, /* The key label is not valid. */ + errSecUnsupportedKeyLabel = -67741, /* The key label is not supported. */ + errSecInvalidKeyFormat = -67742, /* The key format is not valid. */ + errSecUnsupportedVectorOfBuffers = -67743, /* The vector of buffers is not supported. */ + errSecInvalidInputVector = -67744, /* The input vector is not valid. */ + errSecInvalidOutputVector = -67745, /* The output vector is not valid. */ + errSecInvalidContext = -67746, /* An invalid context was encountered. */ + errSecInvalidAlgorithm = -67747, /* An invalid algorithm was encountered. */ + errSecInvalidAttributeKey = -67748, /* A key attribute was not valid. */ + errSecMissingAttributeKey = -67749, /* A key attribute was missing. */ + errSecInvalidAttributeInitVector = -67750, /* An init vector attribute was not valid. */ + errSecMissingAttributeInitVector = -67751, /* An init vector attribute was missing. */ + errSecInvalidAttributeSalt = -67752, /* A salt attribute was not valid. */ + errSecMissingAttributeSalt = -67753, /* A salt attribute was missing. */ + errSecInvalidAttributePadding = -67754, /* A padding attribute was not valid. */ + errSecMissingAttributePadding = -67755, /* A padding attribute was missing. */ + errSecInvalidAttributeRandom = -67756, /* A random number attribute was not valid. */ + errSecMissingAttributeRandom = -67757, /* A random number attribute was missing. */ + errSecInvalidAttributeSeed = -67758, /* A seed attribute was not valid. */ + errSecMissingAttributeSeed = -67759, /* A seed attribute was missing. */ + errSecInvalidAttributePassphrase = -67760, /* A passphrase attribute was not valid. */ + errSecMissingAttributePassphrase = -67761, /* A passphrase attribute was missing. */ + errSecInvalidAttributeKeyLength = -67762, /* A key length attribute was not valid. */ + errSecMissingAttributeKeyLength = -67763, /* A key length attribute was missing. */ + errSecInvalidAttributeBlockSize = -67764, /* A block size attribute was not valid. */ + errSecMissingAttributeBlockSize = -67765, /* A block size attribute was missing. */ + errSecInvalidAttributeOutputSize = -67766, /* An output size attribute was not valid. */ + errSecMissingAttributeOutputSize = -67767, /* An output size attribute was missing. */ + errSecInvalidAttributeRounds = -67768, /* The number of rounds attribute was not valid. */ + errSecMissingAttributeRounds = -67769, /* The number of rounds attribute was missing. */ + errSecInvalidAlgorithmParms = -67770, /* An algorithm parameters attribute was not valid. */ + errSecMissingAlgorithmParms = -67771, /* An algorithm parameters attribute was missing. */ + errSecInvalidAttributeLabel = -67772, /* A label attribute was not valid. */ + errSecMissingAttributeLabel = -67773, /* A label attribute was missing. */ + errSecInvalidAttributeKeyType = -67774, /* A key type attribute was not valid. */ + errSecMissingAttributeKeyType = -67775, /* A key type attribute was missing. */ + errSecInvalidAttributeMode = -67776, /* A mode attribute was not valid. */ + errSecMissingAttributeMode = -67777, /* A mode attribute was missing. */ + errSecInvalidAttributeEffectiveBits = -67778, /* An effective bits attribute was not valid. */ + errSecMissingAttributeEffectiveBits = -67779, /* An effective bits attribute was missing. */ + errSecInvalidAttributeStartDate = -67780, /* A start date attribute was not valid. */ + errSecMissingAttributeStartDate = -67781, /* A start date attribute was missing. */ + errSecInvalidAttributeEndDate = -67782, /* An end date attribute was not valid. */ + errSecMissingAttributeEndDate = -67783, /* An end date attribute was missing. */ + errSecInvalidAttributeVersion = -67784, /* A version attribute was not valid. */ + errSecMissingAttributeVersion = -67785, /* A version attribute was missing. */ + errSecInvalidAttributePrime = -67786, /* A prime attribute was not valid. */ + errSecMissingAttributePrime = -67787, /* A prime attribute was missing. */ + errSecInvalidAttributeBase = -67788, /* A base attribute was not valid. */ + errSecMissingAttributeBase = -67789, /* A base attribute was missing. */ + errSecInvalidAttributeSubprime = -67790, /* A subprime attribute was not valid. */ + errSecMissingAttributeSubprime = -67791, /* A subprime attribute was missing. */ + errSecInvalidAttributeIterationCount = -67792, /* An iteration count attribute was not valid. */ + errSecMissingAttributeIterationCount = -67793, /* An iteration count attribute was missing. */ + errSecInvalidAttributeDLDBHandle = -67794, /* A database handle attribute was not valid. */ + errSecMissingAttributeDLDBHandle = -67795, /* A database handle attribute was missing. */ + errSecInvalidAttributeAccessCredentials = -67796, /* An access credentials attribute was not valid. */ + errSecMissingAttributeAccessCredentials = -67797, /* An access credentials attribute was missing. */ + errSecInvalidAttributePublicKeyFormat = -67798, /* A public key format attribute was not valid. */ + errSecMissingAttributePublicKeyFormat = -67799, /* A public key format attribute was missing. */ + errSecInvalidAttributePrivateKeyFormat = -67800, /* A private key format attribute was not valid. */ + errSecMissingAttributePrivateKeyFormat = -67801, /* A private key format attribute was missing. */ + errSecInvalidAttributeSymmetricKeyFormat = -67802, /* A symmetric key format attribute was not valid. */ + errSecMissingAttributeSymmetricKeyFormat = -67803, /* A symmetric key format attribute was missing. */ + errSecInvalidAttributeWrappedKeyFormat = -67804, /* A wrapped key format attribute was not valid. */ + errSecMissingAttributeWrappedKeyFormat = -67805, /* A wrapped key format attribute was missing. */ + errSecStagedOperationInProgress = -67806, /* A staged operation is in progress. */ + errSecStagedOperationNotStarted = -67807, /* A staged operation was not started. */ + errSecVerifyFailed = -67808, /* A cryptographic verification failure has occurred. */ + errSecQuerySizeUnknown = -67809, /* The query size is unknown. */ + errSecBlockSizeMismatch = -67810, /* A block size mismatch occurred. */ + errSecPublicKeyInconsistent = -67811, /* The public key was inconsistent. */ + errSecDeviceVerifyFailed = -67812, /* A device verification failure has occurred. */ + errSecInvalidLoginName = -67813, /* An invalid login name was detected. */ + errSecAlreadyLoggedIn = -67814, /* The user is already logged in. */ + errSecInvalidDigestAlgorithm = -67815, /* An invalid digest algorithm was detected. */ + errSecInvalidCRLGroup = -67816, /* An invalid CRL group was detected. */ + errSecCertificateCannotOperate = -67817, /* The certificate cannot operate. */ + errSecCertificateExpired = -67818, /* An expired certificate was detected. */ + errSecCertificateNotValidYet = -67819, /* The certificate is not yet valid. */ + errSecCertificateRevoked = -67820, /* The certificate was revoked. */ + errSecCertificateSuspended = -67821, /* The certificate was suspended. */ + errSecInsufficientCredentials = -67822, /* Insufficient credentials were detected. */ + errSecInvalidAction = -67823, /* The action was not valid. */ + errSecInvalidAuthority = -67824, /* The authority was not valid. */ + errSecVerifyActionFailed = -67825, /* A verify action has failed. */ + errSecInvalidCertAuthority = -67826, /* The certificate authority was not valid. */ + errSecInvaldCRLAuthority = -67827, /* The CRL authority was not valid. */ + errSecInvalidCRLEncoding = -67828, /* The CRL encoding was not valid. */ + errSecInvalidCRLType = -67829, /* The CRL type was not valid. */ + errSecInvalidCRL = -67830, /* The CRL was not valid. */ + errSecInvalidFormType = -67831, /* The form type was not valid. */ + errSecInvalidID = -67832, /* The ID was not valid. */ + errSecInvalidIdentifier = -67833, /* The identifier was not valid. */ + errSecInvalidIndex = -67834, /* The index was not valid. */ + errSecInvalidPolicyIdentifiers = -67835, /* The policy identifiers are not valid. */ + errSecInvalidTimeString = -67836, /* The time specified was not valid. */ + errSecInvalidReason = -67837, /* The trust policy reason was not valid. */ + errSecInvalidRequestInputs = -67838, /* The request inputs are not valid. */ + errSecInvalidResponseVector = -67839, /* The response vector was not valid. */ + errSecInvalidStopOnPolicy = -67840, /* The stop-on policy was not valid. */ + errSecInvalidTuple = -67841, /* The tuple was not valid. */ + errSecMultipleValuesUnsupported = -67842, /* Multiple values are not supported. */ + errSecNotTrusted = -67843, /* The trust policy was not trusted. */ + errSecNoDefaultAuthority = -67844, /* No default authority was detected. */ + errSecRejectedForm = -67845, /* The trust policy had a rejected form. */ + errSecRequestLost = -67846, /* The request was lost. */ + errSecRequestRejected = -67847, /* The request was rejected. */ + errSecUnsupportedAddressType = -67848, /* The address type is not supported. */ + errSecUnsupportedService = -67849, /* The service is not supported. */ + errSecInvalidTupleGroup = -67850, /* The tuple group was not valid. */ + errSecInvalidBaseACLs = -67851, /* The base ACLs are not valid. */ + errSecInvalidTupleCredendtials = -67852, /* The tuple credentials are not valid. */ + errSecInvalidEncoding = -67853, /* The encoding was not valid. */ + errSecInvalidValidityPeriod = -67854, /* The validity period was not valid. */ + errSecInvalidRequestor = -67855, /* The requestor was not valid. */ + errSecRequestDescriptor = -67856, /* The request descriptor was not valid. */ + errSecInvalidBundleInfo = -67857, /* The bundle information was not valid. */ + errSecInvalidCRLIndex = -67858, /* The CRL index was not valid. */ + errSecNoFieldValues = -67859, /* No field values were detected. */ + errSecUnsupportedFieldFormat = -67860, /* The field format is not supported. */ + errSecUnsupportedIndexInfo = -67861, /* The index information is not supported. */ + errSecUnsupportedLocality = -67862, /* The locality is not supported. */ + errSecUnsupportedNumAttributes = -67863, /* The number of attributes is not supported. */ + errSecUnsupportedNumIndexes = -67864, /* The number of indexes is not supported. */ + errSecUnsupportedNumRecordTypes = -67865, /* The number of record types is not supported. */ + errSecFieldSpecifiedMultiple = -67866, /* Too many fields were specified. */ + errSecIncompatibleFieldFormat = -67867, /* The field format was incompatible. */ + errSecInvalidParsingModule = -67868, /* The parsing module was not valid. */ + errSecDatabaseLocked = -67869, /* The database is locked. */ + errSecDatastoreIsOpen = -67870, /* The data store is open. */ + errSecMissingValue = -67871, /* A missing value was detected. */ + errSecUnsupportedQueryLimits = -67872, /* The query limits are not supported. */ + errSecUnsupportedNumSelectionPreds = -67873, /* The number of selection predicates is not supported. */ + errSecUnsupportedOperator = -67874, /* The operator is not supported. */ + errSecInvalidDBLocation = -67875, /* The database location is not valid. */ + errSecInvalidAccessRequest = -67876, /* The access request is not valid. */ + errSecInvalidIndexInfo = -67877, /* The index information is not valid. */ + errSecInvalidNewOwner = -67878, /* The new owner is not valid. */ + errSecInvalidModifyMode = -67879, /* The modify mode is not valid. */ + errSecMissingRequiredExtension = -67880, /* A required certificate extension is missing. */ + errSecExtendedKeyUsageNotCritical = -67881, /* The extended key usage extension was not marked critical. */ + errSecTimestampMissing = -67882, /* A timestamp was expected but was not found. */ + errSecTimestampInvalid = -67883, /* The timestamp was not valid. */ + errSecTimestampNotTrusted = -67884, /* The timestamp was not trusted. */ + errSecTimestampServiceNotAvailable = -67885, /* The timestamp service is not available. */ + errSecTimestampBadAlg = -67886, /* An unrecognized or unsupported Algorithm Identifier in timestamp. */ + errSecTimestampBadRequest = -67887, /* The timestamp transaction is not permitted or supported. */ + errSecTimestampBadDataFormat = -67888, /* The timestamp data submitted has the wrong format. */ + errSecTimestampTimeNotAvailable = -67889, /* The time source for the Timestamp Authority is not available. */ + errSecTimestampUnacceptedPolicy = -67890, /* The requested policy is not supported by the Timestamp Authority. */ + errSecTimestampUnacceptedExtension = -67891, /* The requested extension is not supported by the Timestamp Authority. */ + errSecTimestampAddInfoNotAvailable = -67892, /* The additional information requested is not available. */ + errSecTimestampSystemFailure = -67893, /* The timestamp request cannot be handled due to system failure. */ + errSecSigningTimeMissing = -67894, /* A signing time was expected but was not found. */ + errSecTimestampRejection = -67895, /* A timestamp transaction was rejected. */ + errSecTimestampWaiting = -67896, /* A timestamp transaction is waiting. */ + errSecTimestampRevocationWarning = -67897, /* A timestamp authority revocation warning was issued. */ + errSecTimestampRevocationNotification = -67898, /* A timestamp authority revocation notification was issued. */ +}; + + +CF_IMPLICIT_BRIDGING_DISABLED +CF_ASSUME_NONNULL_END + +__END_DECLS + +#endif /* _SECURITY_SECBASE_H_ */ diff --git a/OSX/sec/Security/SecBasePriv.h b/base/SecBasePriv.h similarity index 61% rename from OSX/sec/Security/SecBasePriv.h rename to base/SecBasePriv.h index 86b6f730..10e245b0 100644 --- a/OSX/sec/Security/SecBasePriv.h +++ b/base/SecBasePriv.h @@ -1,15 +1,15 @@ /* - * Copyright (c) 2008-2009,2012-2014 Apple Inc. All Rights Reserved. - * + * Copyright (c) 2008-2009,2011-2014,2016 Apple Inc. All Rights Reserved. + * * @APPLE_LICENSE_HEADER_START@ - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -17,19 +17,33 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_LICENSE_HEADER_END@ */ /*! - @header SecBasePriv - SecBasePriv contains private error codes from the Security framework. + @header SecBasePriv + SecBasePriv contains private error codes from the Security framework. */ #ifndef _SECURITY_SECBASEPRIV_H_ #define _SECURITY_SECBASEPRIV_H_ #include +#include +#include + + +// Macros for allowing use of availability for internal functions without digging for when +// they first existed. +// When publishing any API publicly, don't use these. +#define __SEC_MAC_ONLY_UNKNOWN __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_NA); +#define __SEC_IOS_ONLY_UNKNOWN __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_10_0); +#define __SEC_MAC_AND_IOS_UNKNOWN __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); + +#if SEC_OS_OSX +#include +#endif /* SEC_OS_OSX */ __BEGIN_DECLS @@ -46,46 +60,7 @@ __BEGIN_DECLS enum { - errSecReadOnly = -25292, /* This keychain cannot be modified. */ - errSecNoSuchKeychain = -25294, /* The specified keychain could not be found. */ - errSecInvalidKeychain = -25295, /* The specified keychain is not a valid keychain file. */ - errSecDuplicateKeychain = -25296, /* A keychain with the same name already exists. */ - errSecDuplicateCallback = -25297, /* The specified callback function is already installed. */ - errSecInvalidCallback = -25298, /* The specified callback function is not valid. */ - errSecBufferTooSmall = -25301, /* There is not enough memory available to use the specified item. */ - errSecDataTooLarge = -25302, /* This item contains information which is too large or in a format that cannot be displayed. */ - errSecNoSuchAttr = errSecParam, // -25303, /* The specified attribute does not exist. */ - errSecInvalidItemRef = -25304, /* The specified item is no longer valid. It may have been deleted from the keychain. */ - errSecInvalidSearchRef = -25305, /* Unable to search the current keychain. */ - errSecNoSuchClass = errSecParam, // -25306, /* The specified item does not appear to be a valid keychain item. */ - errSecNoDefaultKeychain = -25307, /* A default keychain could not be found. */ - errSecReadOnlyAttr = -25309, /* The specified attribute could not be modified. */ - errSecWrongSecVersion = -25310, /* This keychain was created by a different version of the system software and cannot be opened. */ - errSecKeySizeNotAllowed = errSecParam, // -25311, /* This item specifies a key size which is too large. */ - errSecNoStorageModule = -25312, /* A required component (data storage module) could not be loaded. You may need to restart your computer. */ - errSecNoCertificateModule = -25313, /* A required component (certificate module) could not be loaded. You may need to restart your computer. */ - errSecNoPolicyModule = -25314, /* A required component (policy module) could not be loaded. You may need to restart your computer. */ - errSecInteractionRequired = -25315, /* User interaction is required, but is currently not allowed. */ - errSecDataNotAvailable = -25316, /* The contents of this item cannot be retrieved. */ - errSecDataNotModifiable = -25317, /* The contents of this item cannot be modified. */ - errSecCreateChainFailed = -25318, /* One or more certificates required to validate this certificate cannot be found. */ - errSecACLNotSimple = -25240, /* The specified access control list is not in standard (simple) form. */ - errSecInvalidTrustSetting = -25242, /* The specified trust setting is invalid. */ - errSecNoAccessForItem = -25243, /* The specified item has no access control. */ - errSecInvalidOwnerEdit = -25244, /* Invalid attempt to change the owner of this item. */ - errSecInvalidPrefsDomain = -25319, /* The specified preferences domain is not valid. */ - errSecTrustNotAvailable = -25245, /* No trust results are available. */ - errSecUnsupportedFormat = -25256, /* Import/Export format unsupported. */ - errSecUnknownFormat = -25257, /* Unknown format in import. */ - errSecKeyIsSensitive = -25258, /* Key material must be wrapped for export. */ - errSecMultiplePrivKeys = -25259, /* An attempt was made to import multiple private keys. */ - errSecPassphraseRequired = -25260, /* Passphrase is required for import/export. */ - errSecInvalidPasswordRef = -25261, /* The password reference was invalid. */ - errSecInvalidTrustSettings = -25262, /* The Trust Settings record was corrupted. */ - errSecNoTrustSettings = -25263, /* No Trust Settings were found. */ - errSecPkcs12VerifyFailure = -25264, /* MAC verification failed during PKCS12 import. */ errSecInvalidCertificate = errSecDecode, // -26265, /* This certificate could not be decoded. */ - errSecNotSigner = -26267, /* A certificate was not signed by its proposed parent. */ errSecPolicyDenied = -26270, /* The certificate chain was not trusted due to a policy not accepting it. */ errSecInvalidKey = errSecDecode, // -26274, /* The provided key material was not valid. */ errSecInternal = -26276, /* An internal error occured in the Security framework. */ @@ -127,6 +102,16 @@ enum errSecPeersNotAvailable = -25336, /* No peers in the circle are available/online. */ }; +// Guard for CFNetwork +#define SECURITY_PROVIDES_INVALIDTRUSTSETTINGS + +#if SEC_OS_OSX +const char *cssmErrorString(CSSM_RETURN error) + __SEC_MAC_ONLY_UNKNOWN; +#endif + +OSStatus SecKeychainErrFromOSStatus(OSStatus osStatus) + __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_NA); __END_DECLS diff --git a/OSX/sec/Security/SecInternal.h b/base/SecInternal.h similarity index 73% rename from OSX/sec/Security/SecInternal.h rename to base/SecInternal.h index d979a05c..92d8f3a9 100644 --- a/OSX/sec/Security/SecInternal.h +++ b/base/SecInternal.h @@ -1,15 +1,15 @@ /* - * Copyright (c) 2007,2009-2010,2012-2013 Apple Inc. All Rights Reserved. - * + * Copyright (c) 2007-2016 Apple Inc. All Rights Reserved. + * * @APPLE_LICENSE_HEADER_START@ - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -17,7 +17,7 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_LICENSE_HEADER_END@ */ @@ -33,31 +33,37 @@ #include #include -#include "utilities/SecCFRelease.h" +#include __BEGIN_DECLS +#include "utilities/SecCFRelease.h" + +#define AssignOrReleaseResult(CF,OUT) { \ + CFTypeRef _cf = (CF), *_out = (OUT); \ + if (_out) { *_out = _cf; } else { if (_cf) CFRelease(_cf); } } + #define DICT_DECLARE(MAXVALUES) \ - CFIndex numValues = 0, maxValues = (MAXVALUES); \ - const void *keys[maxValues]; \ - const void *values[maxValues]; + CFIndex numValues = 0, maxValues = (MAXVALUES); \ + const void *keys[maxValues]; \ + const void *values[maxValues]; #define DICT_ADDPAIR(KEY,VALUE) do { \ - if (numValues < maxValues) { \ - keys[numValues] = (KEY); \ - values[numValues] = (VALUE); \ - numValues++; \ - } else \ - assert(false); \ + if (numValues < maxValues) { \ + keys[numValues] = (KEY); \ + values[numValues] = (VALUE); \ + numValues++; \ + } else \ + assert(false); \ } while(0) #define DICT_CREATE(ALLOCATOR) CFDictionaryCreate((ALLOCATOR), keys, values, \ - numValues, NULL, &kCFTypeDictionaryValueCallBacks) + numValues, NULL, &kCFTypeDictionaryValueCallBacks) /* Non valid CFTimeInterval or CFAbsoluteTime. */ -#define NULL_TIME 0.0 - +#define NULL_TIME 0.0 +#if SEC_OS_IPHONE static inline CFIndex getIntValue(CFTypeRef cf) { if (cf) { if (CFGetTypeID(cf) == CFNumberGetTypeID()) { @@ -70,6 +76,7 @@ static inline CFIndex getIntValue(CFTypeRef cf) { } return -1; } +#endif // SEC_OS_IPHONE __END_DECLS diff --git a/OSX/libsecurity_keychain/lib/SecRandom.h b/base/SecRandom.h similarity index 78% rename from OSX/libsecurity_keychain/lib/SecRandom.h rename to base/SecRandom.h index d15cbbec..5aff4248 100644 --- a/OSX/libsecurity_keychain/lib/SecRandom.h +++ b/base/SecRandom.h @@ -1,15 +1,15 @@ /* - * Copyright (c) 2007-2009,2011 Apple Inc. All Rights Reserved. - * + * Copyright (c) 2007-2009,2011-2013,2016 Apple Inc. All Rights Reserved. + * * @APPLE_LICENSE_HEADER_START@ - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -17,14 +17,14 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_LICENSE_HEADER_END@ */ /*! - @header SecRandom - The functions provided in SecRandom.h implement high-level accessors - to cryptographically secure random numbers. + @header SecRandom + The functions provided in SecRandom.h implement high-level accessors + to cryptographically secure random numbers. */ #ifndef _SECURITY_SECRANDOM_H_ @@ -34,9 +34,7 @@ #include #include -#if defined(__cplusplus) -extern "C" { -#endif +__BEGIN_DECLS CF_ASSUME_NONNULL_BEGIN CF_IMPLICIT_BRIDGING_ENABLED @@ -53,11 +51,11 @@ extern const SecRandomRef kSecRandomDefault __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); /*! - @function SecRandomCopyBytes - @abstract Return count random bytes in *bytes, allocated by the caller. + @function SecRandomCopyBytes + @abstract Return count random bytes in *bytes, allocated by the caller. It is critical to check the return value for error - @result Return 0 on success or -1 if something went wrong, check errno - to find out the real error. + @result Return 0 on success or -1 if something went wrong, check errno + to find out the real error. */ int SecRandomCopyBytes(SecRandomRef __nullable rnd, size_t count, uint8_t *bytes) __attribute__ ((warn_unused_result)) @@ -65,9 +63,7 @@ int SecRandomCopyBytes(SecRandomRef __nullable rnd, size_t count, uint8_t *bytes CF_IMPLICIT_BRIDGING_DISABLED CF_ASSUME_NONNULL_END - -#if defined(__cplusplus) -} -#endif + +__END_DECLS #endif /* !_SECURITY_SECRANDOM_H_ */ diff --git a/OSX/libsecurity_keychain/lib/Security.h b/base/Security.h similarity index 90% rename from OSX/libsecurity_keychain/lib/Security.h rename to base/Security.h index dc9e0f92..592fc2ba 100644 --- a/OSX/libsecurity_keychain/lib/Security.h +++ b/base/Security.h @@ -1,15 +1,15 @@ /* - * Copyright (c) 2000-2011,2013-2014 Apple Inc. All Rights Reserved. - * + * Copyright (c) 2000-2011,2012,2013-2014,2016 Apple Inc. All Rights Reserved. + * * @APPLE_LICENSE_HEADER_START@ - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -17,10 +17,33 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_LICENSE_HEADER_END@ */ +#ifndef _SECURITY_H_ +#define _SECURITY_H_ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if SEC_OS_IPHONE +#include +#endif + +#if SEC_OS_OSX_INCLUDES +#include +#endif + +#if SEC_OS_OSX /* CDSA */ #include #include @@ -49,26 +72,16 @@ #include /* Security */ -#include #include -#include #include -#include #include -#include #include -#include -#include #include #include #include -#include #include -#include #include #include -#include -#include /* Code Signing */ #include @@ -104,3 +117,6 @@ /* DER */ #include +#endif // SEC_OS_OSX + +#endif // _SECURITY_H_ diff --git a/certificates/CertificateTool/CertificateTool.xcodeproj/project.pbxproj b/certificates/CertificateTool/CertificateTool.xcodeproj/project.pbxproj deleted file mode 100644 index 312d495c..00000000 --- a/certificates/CertificateTool/CertificateTool.xcodeproj/project.pbxproj +++ /dev/null @@ -1,653 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXBuildFile section */ - 5D3D603416826C99007B4B06 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5D3D603316826C99007B4B06 /* Foundation.framework */; }; - 5D3D603716826C99007B4B06 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = 5D3D603616826C99007B4B06 /* main.m */; }; - 5D3D604416826D90007B4B06 /* CertificateToolApp.m in Sources */ = {isa = PBXBuildFile; fileRef = 5D3D604316826D90007B4B06 /* CertificateToolApp.m */; }; - 5D3D604716827A86007B4B06 /* PSUtilities.m in Sources */ = {isa = PBXBuildFile; fileRef = 5D3D604616827A86007B4B06 /* PSUtilities.m */; }; - 5D3D604A16827B1A007B4B06 /* PSCert.m in Sources */ = {isa = PBXBuildFile; fileRef = 5D3D604916827B1A007B4B06 /* PSCert.m */; }; - 5D3D604D16827B8B007B4B06 /* PSCertKey.m in Sources */ = {isa = PBXBuildFile; fileRef = 5D3D604C16827B8B007B4B06 /* PSCertKey.m */; }; - 5D3D605016827BF7007B4B06 /* PSCerts.m in Sources */ = {isa = PBXBuildFile; fileRef = 5D3D604F16827BF7007B4B06 /* PSCerts.m */; }; - 5D3D605616827E04007B4B06 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5D3D605516827E04007B4B06 /* Security.framework */; }; - 5D5ECF03169F554500DA8F21 /* PSAssetConstants.c in Sources */ = {isa = PBXBuildFile; fileRef = 5D5ECF02169F554400DA8F21 /* PSAssetConstants.c */; }; - 727A591317345ADF00C8C901 /* DataConversion.m in Sources */ = {isa = PBXBuildFile; fileRef = 727A591217345ADF00C8C901 /* DataConversion.m */; }; - 72C8759E16B1E4D2003ECF12 /* PSCertData.m in Sources */ = {isa = PBXBuildFile; fileRef = 72C8759D16B1E4D2003ECF12 /* PSCertData.m */; }; - 72C94EC6178C6C1400F7E87D /* Info.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = 72C94EC5178C6B8100F7E87D /* Info.plist */; }; - 72C94EC8178C6C3A00F7E87D /* AppleESCertificates.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = 72C94EBD178C6B8100F7E87D /* AppleESCertificates.plist */; }; - 72C94EC9178C6C3A00F7E87D /* AssetVersion.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = 72C94EBE178C6B8100F7E87D /* AssetVersion.plist */; }; - 72C94ECA178C6C3A00F7E87D /* Blocked.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = 72C94EBF178C6B8100F7E87D /* Blocked.plist */; }; - 72C94ECB178C6C3A00F7E87D /* certsIndex.data in CopyFiles */ = {isa = PBXBuildFile; fileRef = 72C94EC0178C6B8100F7E87D /* certsIndex.data */; }; - 72C94ECC178C6C3A00F7E87D /* certsTable.data in CopyFiles */ = {isa = PBXBuildFile; fileRef = 72C94EC1178C6B8100F7E87D /* certsTable.data */; }; - 72C94ECD178C6C3A00F7E87D /* EVRoots.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = 72C94EC2178C6B8100F7E87D /* EVRoots.plist */; }; - 72C94ECE178C6C3A00F7E87D /* GrayListedKeys.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = 72C94EC3178C6B8100F7E87D /* GrayListedKeys.plist */; }; - 72C94ECF178C6C3A00F7E87D /* manifest.data in CopyFiles */ = {isa = PBXBuildFile; fileRef = 72C94EC4178C6B8100F7E87D /* manifest.data */; }; - 72E91D8C16C5A7DA0033D920 /* ValidateAsset.c in Sources */ = {isa = PBXBuildFile; fileRef = 5D3D605316827D17007B4B06 /* ValidateAsset.c */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 7280A8CC16D2AC69000DD5AC /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 5D3D602816826C99007B4B06 /* Project object */; - proxyType = 1; - remoteGlobalIDString = 5D3D602F16826C99007B4B06; - remoteInfo = CertificateTool; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXCopyFilesBuildPhase section */ - 72C94EC7178C6C1F00F7E87D /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 2147483647; - dstPath = SecurityCertificatesAssets/AssetData; - dstSubfolderSpec = 16; - files = ( - 72C94EC8178C6C3A00F7E87D /* AppleESCertificates.plist in CopyFiles */, - 72C94EC9178C6C3A00F7E87D /* AssetVersion.plist in CopyFiles */, - 72C94ECA178C6C3A00F7E87D /* Blocked.plist in CopyFiles */, - 72C94ECB178C6C3A00F7E87D /* certsIndex.data in CopyFiles */, - 72C94ECC178C6C3A00F7E87D /* certsTable.data in CopyFiles */, - 72C94ECD178C6C3A00F7E87D /* EVRoots.plist in CopyFiles */, - 72C94ECE178C6C3A00F7E87D /* GrayListedKeys.plist in CopyFiles */, - 72C94ECF178C6C3A00F7E87D /* manifest.data in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; - 72CF429816E66DD70039F148 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 12; - dstPath = SecurityCertificatesAssets; - dstSubfolderSpec = 16; - files = ( - 72C94EC6178C6C1400F7E87D /* Info.plist in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXCopyFilesBuildPhase section */ - -/* Begin PBXFileReference section */ - 5D0A2B8C1694AA7000024C1B /* BuildAsset.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; name = BuildAsset.rb; path = BuildiOSAsset/BuildAsset.rb; sourceTree = SOURCE_ROOT; }; - 5D0A2B8D1694AA7000024C1B /* BuildPListFiles.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; name = BuildPListFiles.rb; path = BuildiOSAsset/BuildPListFiles.rb; sourceTree = SOURCE_ROOT; }; - 5D3D603016826C99007B4B06 /* CertificateTool */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = CertificateTool; sourceTree = BUILT_PRODUCTS_DIR; }; - 5D3D603316826C99007B4B06 /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = System/Library/Frameworks/Foundation.framework; sourceTree = SDKROOT; }; - 5D3D603616826C99007B4B06 /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; - 5D3D603916826C99007B4B06 /* CertificateTool-Prefix.pch */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "CertificateTool-Prefix.pch"; sourceTree = ""; }; - 5D3D604216826D90007B4B06 /* CertificateToolApp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CertificateToolApp.h; sourceTree = ""; }; - 5D3D604316826D90007B4B06 /* CertificateToolApp.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = CertificateToolApp.m; sourceTree = ""; }; - 5D3D604516827A86007B4B06 /* PSUtilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PSUtilities.h; sourceTree = ""; }; - 5D3D604616827A86007B4B06 /* PSUtilities.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = PSUtilities.m; sourceTree = ""; }; - 5D3D604816827B1A007B4B06 /* PSCert.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PSCert.h; sourceTree = ""; }; - 5D3D604916827B1A007B4B06 /* PSCert.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = PSCert.m; sourceTree = ""; }; - 5D3D604B16827B8B007B4B06 /* PSCertKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PSCertKey.h; sourceTree = ""; }; - 5D3D604C16827B8B007B4B06 /* PSCertKey.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = PSCertKey.m; sourceTree = ""; }; - 5D3D604E16827BF6007B4B06 /* PSCerts.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PSCerts.h; sourceTree = ""; }; - 5D3D604F16827BF7007B4B06 /* PSCerts.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = PSCerts.m; sourceTree = ""; }; - 5D3D605216827CDB007B4B06 /* ValidateAsset.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ValidateAsset.h; sourceTree = ""; }; - 5D3D605316827D17007B4B06 /* ValidateAsset.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ValidateAsset.c; sourceTree = ""; }; - 5D3D605516827E04007B4B06 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = System/Library/Frameworks/Security.framework; sourceTree = SDKROOT; }; - 5D5ECF01169F490200DA8F21 /* PSAssetConstants.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PSAssetConstants.h; sourceTree = ""; }; - 5D5ECF02169F554400DA8F21 /* PSAssetConstants.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = PSAssetConstants.c; sourceTree = ""; }; - 5DFB2FED169741DA00B3EEEA /* buildRootKeychain.rb */ = {isa = PBXFileReference; lastKnownFileType = text.script.ruby; name = buildRootKeychain.rb; path = BuildOSXRootKeychain/buildRootKeychain.rb; sourceTree = ""; }; - 5DFB2FF21697420300B3EEEA /* BuildOSXAsset */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = BuildOSXAsset; sourceTree = BUILT_PRODUCTS_DIR; }; - 7278ECD916D28ADC0026AB4F /* AssetVersion.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = AssetVersion.plist; sourceTree = ""; }; - 727A591117345AC100C8C901 /* DataConversion.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DataConversion.h; sourceTree = ""; }; - 727A591217345ADF00C8C901 /* DataConversion.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = DataConversion.m; sourceTree = ""; }; - 7280A8CB16D2AC45000DD5AC /* BuildOSXAsset copy */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = "BuildOSXAsset copy"; sourceTree = BUILT_PRODUCTS_DIR; }; - 72C8759C16B1E4D2003ECF12 /* PSCertData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PSCertData.h; sourceTree = ""; }; - 72C8759D16B1E4D2003ECF12 /* PSCertData.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = PSCertData.m; sourceTree = ""; }; - 72C8BAB916C58FEE00A65BAD /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = Info.plist; sourceTree = ""; }; - 72C94EBD178C6B8100F7E87D /* AppleESCertificates.plist */ = {isa = PBXFileReference; lastKnownFileType = file.bplist; path = AppleESCertificates.plist; sourceTree = ""; }; - 72C94EBE178C6B8100F7E87D /* AssetVersion.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = AssetVersion.plist; sourceTree = ""; }; - 72C94EBF178C6B8100F7E87D /* Blocked.plist */ = {isa = PBXFileReference; lastKnownFileType = file.bplist; path = Blocked.plist; sourceTree = ""; }; - 72C94EC0178C6B8100F7E87D /* certsIndex.data */ = {isa = PBXFileReference; lastKnownFileType = file; path = certsIndex.data; sourceTree = ""; }; - 72C94EC1178C6B8100F7E87D /* certsTable.data */ = {isa = PBXFileReference; lastKnownFileType = file; path = certsTable.data; sourceTree = ""; }; - 72C94EC2178C6B8100F7E87D /* EVRoots.plist */ = {isa = PBXFileReference; lastKnownFileType = file.bplist; path = EVRoots.plist; sourceTree = ""; }; - 72C94EC3178C6B8100F7E87D /* GrayListedKeys.plist */ = {isa = PBXFileReference; lastKnownFileType = file.bplist; path = GrayListedKeys.plist; sourceTree = ""; }; - 72C94EC4178C6B8100F7E87D /* manifest.data */ = {isa = PBXFileReference; lastKnownFileType = file.bplist; path = manifest.data; sourceTree = ""; }; - 72C94EC5178C6B8100F7E87D /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; - 72CF429A16E66DD70039F148 /* Release */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = Release; sourceTree = BUILT_PRODUCTS_DIR; }; - BE0875B819871FC000357E99 /* AppleBaselineEscrowCertificates.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AppleBaselineEscrowCertificates.h; path = ../../../OSX/sec/Security/AppleBaselineEscrowCertificates.h; sourceTree = ""; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - 5D3D602D16826C99007B4B06 /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 5D3D605616827E04007B4B06 /* Security.framework in Frameworks */, - 5D3D603416826C99007B4B06 /* Foundation.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 5D0A2B8A1694A96500024C1B /* BuildOSXAsset */ = { - isa = PBXGroup; - children = ( - 5DFB2FED169741DA00B3EEEA /* buildRootKeychain.rb */, - ); - name = BuildOSXAsset; - sourceTree = ""; - }; - 5D3D602716826C99007B4B06 = { - isa = PBXGroup; - children = ( - 72C94EB9178C6B8100F7E87D /* Asset */, - 5D0A2B8A1694A96500024C1B /* BuildOSXAsset */, - 5D3D603516826C99007B4B06 /* CertificateTool */, - 5D3D607016827F5F007B4B06 /* BuildiOSAsset */, - 72CF429B16E66DD70039F148 /* Release */, - 5D3D603216826C99007B4B06 /* Frameworks */, - 5D3D603116826C99007B4B06 /* Products */, - ); - sourceTree = ""; - }; - 5D3D603116826C99007B4B06 /* Products */ = { - isa = PBXGroup; - children = ( - 5D3D603016826C99007B4B06 /* CertificateTool */, - 5DFB2FF21697420300B3EEEA /* BuildOSXAsset */, - 7280A8CB16D2AC45000DD5AC /* BuildOSXAsset copy */, - 72CF429A16E66DD70039F148 /* Release */, - ); - name = Products; - sourceTree = ""; - }; - 5D3D603216826C99007B4B06 /* Frameworks */ = { - isa = PBXGroup; - children = ( - 5D3D605516827E04007B4B06 /* Security.framework */, - 5D3D603316826C99007B4B06 /* Foundation.framework */, - ); - name = Frameworks; - sourceTree = ""; - }; - 5D3D603516826C99007B4B06 /* CertificateTool */ = { - isa = PBXGroup; - children = ( - 5D3D605116827CAA007B4B06 /* Asset Validation Source */, - 5D3D604116826D09007B4B06 /* Source */, - 5D3D603816826C99007B4B06 /* Supporting Files */, - ); - path = CertificateTool; - sourceTree = ""; - }; - 5D3D603816826C99007B4B06 /* Supporting Files */ = { - isa = PBXGroup; - children = ( - 7278ECD916D28ADC0026AB4F /* AssetVersion.plist */, - 5D3D603916826C99007B4B06 /* CertificateTool-Prefix.pch */, - 72C8BAB916C58FEE00A65BAD /* Info.plist */, - ); - name = "Supporting Files"; - sourceTree = ""; - }; - 5D3D604116826D09007B4B06 /* Source */ = { - isa = PBXGroup; - children = ( - 5D5ECEE2169F24E100DA8F21 /* Utilities */, - 5D3D603616826C99007B4B06 /* main.m */, - 5D3D604216826D90007B4B06 /* CertificateToolApp.h */, - 5D3D604316826D90007B4B06 /* CertificateToolApp.m */, - 5D3D604516827A86007B4B06 /* PSUtilities.h */, - 5D3D604616827A86007B4B06 /* PSUtilities.m */, - 5D3D604816827B1A007B4B06 /* PSCert.h */, - 5D3D604916827B1A007B4B06 /* PSCert.m */, - 5D3D604B16827B8B007B4B06 /* PSCertKey.h */, - 5D3D604C16827B8B007B4B06 /* PSCertKey.m */, - 5D3D604E16827BF6007B4B06 /* PSCerts.h */, - 5D3D604F16827BF7007B4B06 /* PSCerts.m */, - 5D5ECF01169F490200DA8F21 /* PSAssetConstants.h */, - 5D5ECF02169F554400DA8F21 /* PSAssetConstants.c */, - 72C8759C16B1E4D2003ECF12 /* PSCertData.h */, - 72C8759D16B1E4D2003ECF12 /* PSCertData.m */, - 727A591117345AC100C8C901 /* DataConversion.h */, - 727A591217345ADF00C8C901 /* DataConversion.m */, - BE0875B819871FC000357E99 /* AppleBaselineEscrowCertificates.h */, - ); - name = Source; - sourceTree = ""; - }; - 5D3D605116827CAA007B4B06 /* Asset Validation Source */ = { - isa = PBXGroup; - children = ( - 5D3D605216827CDB007B4B06 /* ValidateAsset.h */, - 5D3D605316827D17007B4B06 /* ValidateAsset.c */, - ); - name = "Asset Validation Source"; - sourceTree = ""; - }; - 5D3D607016827F5F007B4B06 /* BuildiOSAsset */ = { - isa = PBXGroup; - children = ( - 5D0A2B8C1694AA7000024C1B /* BuildAsset.rb */, - 5D0A2B8D1694AA7000024C1B /* BuildPListFiles.rb */, - ); - name = BuildiOSAsset; - path = BuildAsset; - sourceTree = ""; - }; - 5D5ECEE2169F24E100DA8F21 /* Utilities */ = { - isa = PBXGroup; - children = ( - ); - name = Utilities; - sourceTree = ""; - }; - 72C94EB9178C6B8100F7E87D /* Asset */ = { - isa = PBXGroup; - children = ( - 72C94EBA178C6B8100F7E87D /* SecurityCertificatesAssets */, - ); - path = Asset; - sourceTree = ""; - }; - 72C94EBA178C6B8100F7E87D /* SecurityCertificatesAssets */ = { - isa = PBXGroup; - children = ( - 72C94EBB178C6B8100F7E87D /* AssetData */, - 72C94EC5178C6B8100F7E87D /* Info.plist */, - ); - path = SecurityCertificatesAssets; - sourceTree = ""; - }; - 72C94EBB178C6B8100F7E87D /* AssetData */ = { - isa = PBXGroup; - children = ( - 72C94EBC178C6B8100F7E87D /* PKITrustData */, - ); - path = AssetData; - sourceTree = ""; - }; - 72C94EBC178C6B8100F7E87D /* PKITrustData */ = { - isa = PBXGroup; - children = ( - 72C94EBD178C6B8100F7E87D /* AppleESCertificates.plist */, - 72C94EBE178C6B8100F7E87D /* AssetVersion.plist */, - 72C94EBF178C6B8100F7E87D /* Blocked.plist */, - 72C94EC0178C6B8100F7E87D /* certsIndex.data */, - 72C94EC1178C6B8100F7E87D /* certsTable.data */, - 72C94EC2178C6B8100F7E87D /* EVRoots.plist */, - 72C94EC3178C6B8100F7E87D /* GrayListedKeys.plist */, - 72C94EC4178C6B8100F7E87D /* manifest.data */, - ); - path = PKITrustData; - sourceTree = ""; - }; - 72CF429B16E66DD70039F148 /* Release */ = { - isa = PBXGroup; - children = ( - ); - path = Release; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXNativeTarget section */ - 5D3D602F16826C99007B4B06 /* CertificateTool */ = { - isa = PBXNativeTarget; - buildConfigurationList = 5D3D603E16826C99007B4B06 /* Build configuration list for PBXNativeTarget "CertificateTool" */; - buildPhases = ( - 5D3D602C16826C99007B4B06 /* Sources */, - 5D3D602D16826C99007B4B06 /* Frameworks */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = CertificateTool; - productName = CertificateTool; - productReference = 5D3D603016826C99007B4B06 /* CertificateTool */; - productType = "com.apple.product-type.tool"; - }; - 5DFB2FF11697420300B3EEEA /* BuildOSXAsset */ = { - isa = PBXNativeTarget; - buildConfigurationList = 5DFB2FFB1697420300B3EEEA /* Build configuration list for PBXNativeTarget "BuildOSXAsset" */; - buildPhases = ( - 5DFB2FFE1697422700B3EEEA /* Run Script */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = BuildOSXAsset; - productName = BuildOSXAsset; - productReference = 5DFB2FF21697420300B3EEEA /* BuildOSXAsset */; - productType = "com.apple.product-type.tool"; - }; - 7280A8C616D2AC45000DD5AC /* BuildiOSAsset */ = { - isa = PBXNativeTarget; - buildConfigurationList = 7280A8C816D2AC45000DD5AC /* Build configuration list for PBXNativeTarget "BuildiOSAsset" */; - buildPhases = ( - 7280A8C716D2AC45000DD5AC /* Run Script */, - ); - buildRules = ( - ); - dependencies = ( - 7280A8CD16D2AC69000DD5AC /* PBXTargetDependency */, - ); - name = BuildiOSAsset; - productName = BuildOSXAsset; - productReference = 7280A8CB16D2AC45000DD5AC /* BuildOSXAsset copy */; - productType = "com.apple.product-type.tool"; - }; - 72CF429916E66DD70039F148 /* Release */ = { - isa = PBXNativeTarget; - buildConfigurationList = 72CF42A216E66DD70039F148 /* Build configuration list for PBXNativeTarget "Release" */; - buildPhases = ( - 72CF429816E66DD70039F148 /* CopyFiles */, - 72C94EC7178C6C1F00F7E87D /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - ); - name = Release; - productName = Release; - productReference = 72CF429A16E66DD70039F148 /* Release */; - productType = "com.apple.product-type.tool"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 5D3D602816826C99007B4B06 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0500; - ORGANIZATIONNAME = ""; - }; - buildConfigurationList = 5D3D602B16826C99007B4B06 /* Build configuration list for PBXProject "CertificateTool" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 0; - knownRegions = ( - en, - ); - mainGroup = 5D3D602716826C99007B4B06; - productRefGroup = 5D3D603116826C99007B4B06 /* Products */; - projectDirPath = ""; - projectRoot = ""; - targets = ( - 5D3D602F16826C99007B4B06 /* CertificateTool */, - 5DFB2FF11697420300B3EEEA /* BuildOSXAsset */, - 7280A8C616D2AC45000DD5AC /* BuildiOSAsset */, - 72CF429916E66DD70039F148 /* Release */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXShellScriptBuildPhase section */ - 5DFB2FFE1697422700B3EEEA /* Run Script */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - ); - name = "Run Script"; - outputPaths = ( - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "ruby ./BuildOSXRootKeychain/buildRootKeychain.rb"; - showEnvVarsInLog = 0; - }; - 7280A8C716D2AC45000DD5AC /* Run Script */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - ); - name = "Run Script"; - outputPaths = ( - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "echo \"About to call BuildPListFiles.rb\"\nruby $PROJECT_DIR/BuildiOSAsset/BuildPListFiles.rb\n\necho \"Done with BuildPListFiles.rb\"\n\n\necho \"About to call BuildAsset.rb\"\nruby $PROJECT_DIR/BuildiOSAsset/BuildAsset.rb\n"; - }; -/* End PBXShellScriptBuildPhase section */ - -/* Begin PBXSourcesBuildPhase section */ - 5D3D602C16826C99007B4B06 /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - 72E91D8C16C5A7DA0033D920 /* ValidateAsset.c in Sources */, - 727A591317345ADF00C8C901 /* DataConversion.m in Sources */, - 72C8759E16B1E4D2003ECF12 /* PSCertData.m in Sources */, - 5D3D603716826C99007B4B06 /* main.m in Sources */, - 5D3D604416826D90007B4B06 /* CertificateToolApp.m in Sources */, - 5D3D604716827A86007B4B06 /* PSUtilities.m in Sources */, - 5D3D604A16827B1A007B4B06 /* PSCert.m in Sources */, - 5D3D604D16827B8B007B4B06 /* PSCertKey.m in Sources */, - 5D3D605016827BF7007B4B06 /* PSCerts.m in Sources */, - 5D5ECF03169F554500DA8F21 /* PSAssetConstants.c in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - 7280A8CD16D2AC69000DD5AC /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = 5D3D602F16826C99007B4B06 /* CertificateTool */; - targetProxy = 7280A8CC16D2AC69000DD5AC /* PBXContainerItemProxy */; - }; -/* End PBXTargetDependency section */ - -/* Begin XCBuildConfiguration section */ - 5D3D603C16826C99007B4B06 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COPY_PHASE_STRIP = NO; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_DYNAMIC_NO_PIC = NO; - GCC_ENABLE_OBJC_EXCEPTIONS = YES; - GCC_OPTIMIZATION_LEVEL = 0; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_SYMBOLS_PRIVATE_EXTERN = NO; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - MACOSX_DEPLOYMENT_TARGET = ""; - ONLY_ACTIVE_ARCH = YES; - SDKROOT = ""; - SUPPORTED_PLATFORMS = macosx; - VALID_ARCHS = x86_64; - }; - name = Debug; - }; - 5D3D603D16826C99007B4B06 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - ALWAYS_SEARCH_USER_PATHS = NO; - CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x"; - CLANG_CXX_LIBRARY = "libc++"; - CLANG_ENABLE_OBJC_ARC = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - COPY_PHASE_STRIP = YES; - DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; - GCC_C_LANGUAGE_STANDARD = gnu99; - GCC_ENABLE_OBJC_EXCEPTIONS = YES; - GCC_WARN_64_TO_32_BIT_CONVERSION = YES; - GCC_WARN_ABOUT_RETURN_TYPE = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_VARIABLE = YES; - MACOSX_DEPLOYMENT_TARGET = ""; - SDKROOT = ""; - SUPPORTED_PLATFORMS = macosx; - VALID_ARCHS = x86_64; - }; - name = Release; - }; - 5D3D603F16826C99007B4B06 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - GCC_PRECOMPILE_PREFIX_HEADER = YES; - GCC_PREFIX_HEADER = "CertificateTool/CertificateTool-Prefix.pch"; - HEADER_SEARCH_PATHS = /usr/local/include; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - /usr/lib/system, - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - USER_HEADER_SEARCH_PATHS = ../../../sec/Security; - }; - name = Debug; - }; - 5D3D604016826C99007B4B06 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - GCC_PRECOMPILE_PREFIX_HEADER = YES; - GCC_PREFIX_HEADER = "CertificateTool/CertificateTool-Prefix.pch"; - HEADER_SEARCH_PATHS = /usr/local/include; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - /usr/lib/system, - ); - PRODUCT_NAME = "$(TARGET_NAME)"; - USER_HEADER_SEARCH_PATHS = ../../../sec/Security; - }; - name = Release; - }; - 5DFB2FFC1697420300B3EEEA /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - GCC_PRECOMPILE_PREFIX_HEADER = YES; - GCC_PREFIX_HEADER = "BuildOSXAsset/BuildOSXAsset-Prefix.pch"; - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Debug; - }; - 5DFB2FFD1697420300B3EEEA /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - GCC_PRECOMPILE_PREFIX_HEADER = YES; - GCC_PREFIX_HEADER = "BuildOSXAsset/BuildOSXAsset-Prefix.pch"; - PRODUCT_NAME = "$(TARGET_NAME)"; - }; - name = Release; - }; - 7280A8C916D2AC45000DD5AC /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - GCC_PRECOMPILE_PREFIX_HEADER = YES; - GCC_PREFIX_HEADER = "BuildOSXAsset/BuildOSXAsset-Prefix.pch"; - PRODUCT_NAME = "BuildOSXAsset copy"; - }; - name = Debug; - }; - 7280A8CA16D2AC45000DD5AC /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - GCC_PRECOMPILE_PREFIX_HEADER = YES; - GCC_PREFIX_HEADER = "BuildOSXAsset/BuildOSXAsset-Prefix.pch"; - PRODUCT_NAME = "BuildOSXAsset copy"; - }; - name = Release; - }; - 72CF42A016E66DD70039F148 /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - GCC_PREPROCESSOR_DEFINITIONS = ( - "DEBUG=1", - "$(inherited)", - ); - GCC_WARN_UNDECLARED_SELECTOR = YES; - MACOSX_DEPLOYMENT_TARGET = 10.9; - PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = macosx; - }; - name = Debug; - }; - 72CF42A116E66DD70039F148 /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; - ENABLE_NS_ASSERTIONS = NO; - GCC_WARN_UNDECLARED_SELECTOR = YES; - MACOSX_DEPLOYMENT_TARGET = 10.9; - PRODUCT_NAME = "$(TARGET_NAME)"; - SDKROOT = macosx; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - 5D3D602B16826C99007B4B06 /* Build configuration list for PBXProject "CertificateTool" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 5D3D603C16826C99007B4B06 /* Debug */, - 5D3D603D16826C99007B4B06 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 5D3D603E16826C99007B4B06 /* Build configuration list for PBXNativeTarget "CertificateTool" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 5D3D603F16826C99007B4B06 /* Debug */, - 5D3D604016826C99007B4B06 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 5DFB2FFB1697420300B3EEEA /* Build configuration list for PBXNativeTarget "BuildOSXAsset" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 5DFB2FFC1697420300B3EEEA /* Debug */, - 5DFB2FFD1697420300B3EEEA /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 7280A8C816D2AC45000DD5AC /* Build configuration list for PBXNativeTarget "BuildiOSAsset" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 7280A8C916D2AC45000DD5AC /* Debug */, - 7280A8CA16D2AC45000DD5AC /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - 72CF42A216E66DD70039F148 /* Build configuration list for PBXNativeTarget "Release" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - 72CF42A016E66DD70039F148 /* Debug */, - 72CF42A116E66DD70039F148 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 5D3D602816826C99007B4B06 /* Project object */; -} diff --git a/OSX/libsecurity_cssm/lib/certextensions.h b/cssm/certextensions.h similarity index 77% rename from OSX/libsecurity_cssm/lib/certextensions.h rename to cssm/certextensions.h index d215836b..d38a30a5 100644 --- a/OSX/libsecurity_cssm/lib/certextensions.h +++ b/cssm/certextensions.h @@ -1,15 +1,15 @@ /* - * Copyright (c) 2000-2004,2011,2014 Apple Inc. All Rights Reserved. - * + * Copyright (c) 2000-2009,2011,2012,2014,2016 Apple Inc. All Rights Reserved. + * * @APPLE_LICENSE_HEADER_START@ - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -17,7 +17,7 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_LICENSE_HEADER_END@ * * CertExtensions.h -- X.509 Cert Extensions as C structs @@ -26,38 +26,48 @@ #ifndef _CERT_EXTENSIONS_H_ #define _CERT_EXTENSIONS_H_ -#include +#include +#if SEC_OS_OSX + +#include #pragma clang diagnostic push #pragma clang diagnostic ignored "-Wdeprecated-declarations" +#else /* SEC_OS_IPHONE */ + +#include +#include + +#endif /* SEC_OS_IPHONE */ + /*** - *** Structs for declaring extension-specific data. + *** Structs for declaring extension-specific data. ***/ /* - * GeneralName, used in AuthorityKeyID, SubjectAltName, and - * IssuerAltName. + * GeneralName, used in AuthorityKeyID, SubjectAltName, and + * IssuerAltName. * * For now, we just provide explicit support for the types which are * represented as IA5Strings, OIDs, and octet strings. Constructed types * such as EDIPartyName and x400Address are not explicitly handled * right now and must be encoded and decoded by the caller. (See exception - * for Name and OtherName, below). In those cases the CE_GeneralName.name.Data field - * represents the BER contents octets; CE_GeneralName.name.Length is the - * length of the contents; the tag of the field is not needed - the BER - * encoding uses context-specific implicit tagging. The berEncoded field - * is set to CSSM_TRUE in these case. Simple types have berEncoded = CSSM_FALSE. + * for Name and OtherName, below). In those cases the SecECGeneralName.name.Data / CE_GeneralName.name.Data field + * represents the BER contents octets; SecCEGeneralName.name.Length / CE_GeneralName.name.Length is the + * length of the contents; the tag of the field is not needed - the BER + * encoding uses context-specific implicit tagging. The berEncoded field + * is set to true / CSSM_TRUE in these case. Simple types have berEncoded = false / CSSM_FALSE. * * In the case of a GeneralName in the form of a Name, we parse the Name * into a CSSM_X509_NAME and place a pointer to the CSSM_X509_NAME in the - * CE_GeneralName.name.Data field. CE_GeneralName.name.Length is set to - * sizeof(CSSM_X509_NAME). In this case berEncoded is false. + * CE_GeneralName.name.Data field. SecCEGeneralName.name.Length / CE_GeneralName.name.Length is set to + * sizeof(CSSM_X509_NAME). In this case berEncoded is false. * * In the case of a GeneralName in the form of a OtherName, we parse the fields - * into a CE_OtherName and place a pointer to the CE_OtherName in the - * CE_GeneralName.name.Data field. CE_GeneralName.name.Length is set to - * sizeof(CE_OtherName). In this case berEncoded is false. + * into a CE_OtherName and place a pointer to the SecCEOtherName / CE_OtherName in the + * SecCEGeneralName.name.Data / CE_GeneralName.name.Data field. SecCEGeneralName.name.Length / CE_GeneralName.name.Length is set to + * sizeof(SecCEOtherName) / sizeof(CE_OtherName). In this case berEncoded is false. * * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName * @@ -80,6 +90,7 @@ * nameAssigner [0] DirectoryString OPTIONAL, * partyName [1] DirectoryString } */ +#if SEC_OS_OSX typedef enum __CE_GeneralNameType { GNT_OtherName = 0, GNT_RFC822Name, @@ -92,6 +103,24 @@ typedef enum __CE_GeneralNameType { GNT_RegisteredID } CE_GeneralNameType; +#elif SEC_OS_IPHONE + +typedef enum { + GNT_OtherName = 0, + GNT_RFC822Name, + GNT_DNSName, + GNT_X400Address, + GNT_DirectoryName, + GNT_EdiPartyName, + GNT_URI, + GNT_IPAddress, + GNT_RegisteredID +} SecCEGeneralNameType; + +#endif /* SEC_OS_IPHONE */ + +#if SEC_OS_OSX + typedef struct __CE_OtherName { CSSM_OID typeId; CSSM_DATA value; // unparsed, BER-encoded @@ -100,13 +129,33 @@ typedef struct __CE_OtherName { typedef struct __CE_GeneralName { CE_GeneralNameType nameType; // GNT_RFC822Name, etc. CSSM_BOOL berEncoded; - CSSM_DATA name; + CSSM_DATA name; } CE_GeneralName DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; typedef struct __CE_GeneralNames { uint32 numNames; - CE_GeneralName *generalName; -} CE_GeneralNames DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; + CE_GeneralName *generalName; +} CE_GeneralNames DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; + +#elif SEC_OS_IPHONE + +typedef struct { + DERItem typeId; + DERItem value; // unparsed, BER-encoded +} SecCEOtherName; + +typedef struct { + SecCEGeneralNameType nameType; // GNT_RFC822Name, etc. + bool berEncoded; + DERItem name; +} SecCEGeneralName; + +typedef struct { + uint32_t numNames; + SecCEGeneralName *generalName; +} SecCEGeneralNames; + +#endif /* SEC_OS_IPHONE */ /* * id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } @@ -120,6 +169,7 @@ typedef struct __CE_GeneralNames { * * CSSM OID = CSSMOID_AuthorityKeyIdentifier */ +#if SEC_OS_OSX typedef struct __CE_AuthorityKeyID { CSSM_BOOL keyIdentifierPresent; CSSM_DATA keyIdentifier; @@ -128,6 +178,16 @@ typedef struct __CE_AuthorityKeyID { CSSM_BOOL serialNumberPresent; CSSM_DATA serialNumber; } CE_AuthorityKeyID DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; +#elif SEC_OS_IPHONE +typedef struct { + bool keyIdentifierPresent; + DERItem keyIdentifier; + bool generalNamesPresent; + SecCEGeneralNames *generalNames; + bool serialNumberPresent; + DERItem serialNumber; +} SecCEAuthorityKeyID; +#endif /* SEC_OS_IPHONE */ /* * id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } @@ -135,7 +195,11 @@ typedef struct __CE_AuthorityKeyID { * * CSSM OID = CSSMOID_SubjectKeyIdentifier */ +#if SEC_OS_OSX typedef CSSM_DATA CE_SubjectKeyID DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; +#elif SEC_OS_IPHONE +typedef DERItem SecCESubjectKeyID; +#endif /* SEC_OS_IPHONE */ /* * id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } @@ -154,17 +218,33 @@ typedef CSSM_DATA CE_SubjectKeyID DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; * CSSM OID = CSSMOID_KeyUsage * */ +#if SEC_OS_OSX typedef uint16 CE_KeyUsage DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; +#elif SEC_OS_IPHONE +typedef uint16_t SecCEKeyUsage; +#endif /* SEC_OS_IPHONE */ +#if SEC_OS_OSX #define CE_KU_DigitalSignature 0x8000 #define CE_KU_NonRepudiation 0x4000 #define CE_KU_KeyEncipherment 0x2000 #define CE_KU_DataEncipherment 0x1000 #define CE_KU_KeyAgreement 0x0800 -#define CE_KU_KeyCertSign 0x0400 +#define CE_KU_KeyCertSign 0x0400 #define CE_KU_CRLSign 0x0200 -#define CE_KU_EncipherOnly 0x0100 -#define CE_KU_DecipherOnly 0x0080 +#define CE_KU_EncipherOnly 0x0100 +#define CE_KU_DecipherOnly 0x0080 +#else /* SEC_OS_IPHONE */ +#define SecCEKU_DigitalSignature 0x8000 +#define SecCEKU_NonRepudiation 0x4000 +#define SecCEKU_KeyEncipherment 0x2000 +#define SecCEKU_DataEncipherment 0x1000 +#define SecCEKU_KeyAgreement 0x0800 +#define SecCEKU_KeyCertSign 0x0400 +#define SecCEKU_CRLSign 0x0200 +#define SecCEKU_EncipherOnly 0x0100 +#define SecCEKU_DecipherOnly 0x0080 +#endif /* SEC_OS_IPHONE */ /* * id-ce-cRLReason OBJECT IDENTIFIER ::= { id-ce 21 } @@ -184,8 +264,13 @@ typedef uint16 CE_KeyUsage DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; * CSSM OID = CSSMOID_CrlReason * */ +#if SEC_OS_OSX typedef uint32 CE_CrlReason DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; +#elif SEC_OS_IPHONE +typedef uint32_t SecCECrlReason; +#endif /* SEC_OS_IPHONE */ +#if SEC_OS_OSX #define CE_CR_Unspecified 0 #define CE_CR_KeyCompromise 1 #define CE_CR_CACompromise 2 @@ -193,7 +278,17 @@ typedef uint32 CE_CrlReason DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; #define CE_CR_Superseded 4 #define CE_CR_CessationOfOperation 5 #define CE_CR_CertificateHold 6 -#define CE_CR_RemoveFromCRL 8 +#define CE_CR_RemoveFromCRL 8 +#elif SEC_OS_IPHONE +#define SecCECR_Unspecified 0 +#define SecCECR_KeyCompromise 1 +#define SecCECR_CACompromise 2 +#define SecCECR_AffiliationChanged 3 +#define SecCECR_Superseded 4 +#define SecCECR_CessationOfOperation 5 +#define SecCECR_CertificateHold 6 +#define SecCECR_RemoveFromCRL 8 +#endif /* SEC_OS_IPHONE */ /* * id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } @@ -214,11 +309,20 @@ typedef uint32 CE_CrlReason DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; * * CSSM OID = CSSMOID_ExtendedKeyUsage */ +#if SEC_OS_OSX typedef struct __CE_ExtendedKeyUsage { uint32 numPurposes; CSSM_OID_PTR purposes; // in Intel pre-encoded format } CE_ExtendedKeyUsage; +#elif SEC_OS_IPHONE + +typedef struct { + uint32_t numPurposes; + DERItem *purposes; // in Intel pre-encoded format +} SecCEExtendedKeyUsage; +#endif /* SEC_OS_IPHONE */ + /* * id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } * @@ -228,11 +332,32 @@ typedef struct __CE_ExtendedKeyUsage { * * CSSM OID = CSSMOID_BasicConstraints */ +#if SEC_OS_OSX typedef struct __CE_BasicConstraints { CSSM_BOOL cA; CSSM_BOOL pathLenConstraintPresent; uint32 pathLenConstraint; -} CE_BasicConstraints DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; +} CE_BasicConstraints DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; + +#elif SEC_OS_IPHONE + +typedef struct { + bool present; + bool critical; + bool isCA; + bool pathLenConstraintPresent; + uint32_t pathLenConstraint; +} SecCEBasicConstraints; + +typedef struct { + bool present; + bool critical; + bool requireExplicitPolicyPresent; + uint32_t requireExplicitPolicy; + bool inhibitPolicyMappingPresent; + uint32_t inhibitPolicyMapping; +} SecCEPolicyConstraints; +#endif /* SEC_OS_IPHONE */ /* * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } @@ -248,7 +373,7 @@ typedef struct __CE_BasicConstraints { * * PolicyQualifierInfo ::= SEQUENCE { * policyQualifierId PolicyQualifierId, - * qualifier ANY DEFINED BY policyQualifierId } + * qualifier ANY DEFINED BY policyQualifierId } * * -- policyQualifierIds for Internet policy qualifiers * @@ -282,13 +407,63 @@ typedef struct __CE_BasicConstraints { * * We only support down to the level of Qualifier, and then only the CPSuri * choice. UserNotice is transmitted to and from this library as a raw - * CSSM_DATA containing the BER-encoded UserNotice sequence. + * CSSM_DATA containing the BER-encoded UserNotice sequence. */ +#if SEC_OS_OSX typedef struct __CE_PolicyQualifierInfo { CSSM_OID policyQualifierId; // CSSMOID_QT_CPS, CSSMOID_QT_UNOTICE CSSM_DATA qualifier; // CSSMOID_QT_CPS: IA5String contents + +#elif SEC_OS_IPHONE +#if 0 +typedef struct { + DERItem policyQualifierId; // CSSMOID_QT_CPS, CSSMOID_QT_UNOTICE + DERItem qualifier; // CSSMOID_QT_CPS: IA5String contents +} SecCEPolicyQualifierInfo; +#endif + +typedef struct { + DERItem policyIdentifier; + DERItem policyQualifiers; +} SecCEPolicyInformation; + +typedef struct { + bool present; + bool critical; + size_t numPolicies; // size of *policies; + SecCEPolicyInformation *policies; +} SecCECertificatePolicies; + +typedef struct { + DERItem issuerDomainPolicy; + DERItem subjectDomainPolicy; +} SecCEPolicyMapping; + +/* + PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { + issuerDomainPolicy CertPolicyId, + subjectDomainPolicy CertPolicyId } +*/ +typedef struct { + bool present; + bool critical; + size_t numMappings; // size of *mappings; + SecCEPolicyMapping *mappings; +} SecCEPolicyMappings; + +/* + InhibitAnyPolicy ::= SkipCerts + SkipCerts ::= INTEGER (0..MAX) +*/ +typedef struct { + bool present; + bool critical; + uint32_t skipCerts; +} SecCEInhibitAnyPolicy; +#endif /* SEC_OS_IPHONE */ // CSSMOID_QT_UNOTICE : Sequence contents +#if SEC_OS_OSX } CE_PolicyQualifierInfo DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; typedef struct __CE_PolicyInformation { @@ -346,7 +521,7 @@ typedef uint16 CE_NetscapeCertType DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER * * CSSM OID = CSSMOID_CrlDistributionPoints */ - + /* * Note that this looks similar to CE_CrlReason, but that's an enum and this * is an OR-able bit string. @@ -376,7 +551,7 @@ typedef struct __CE_DistributionPointName { /* * The top-level CRLDistributionPoint. - * All fields are optional; NULL pointers indicate absence. + * All fields are optional; NULL pointers indicate absence. */ typedef struct __CE_CRLDistributionPoint { CE_DistributionPointName *distPointName; @@ -390,7 +565,7 @@ typedef struct __CE_CRLDistPointsSyntax { CE_CRLDistributionPoint *distPoints; } CE_CRLDistPointsSyntax DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; -/* +/* * Authority Information Access and Subject Information Access. * * CSSM OID = CSSMOID_AuthorityInfoAccess @@ -398,7 +573,7 @@ typedef struct __CE_CRLDistPointsSyntax { * * SubjAuthInfoAccessSyntax ::= * SEQUENCE SIZE (1..MAX) OF AccessDescription - * + * * AccessDescription ::= SEQUENCE { * accessMethod OBJECT IDENTIFIER, * accessLocation GeneralName } @@ -417,29 +592,29 @@ typedef struct __CE_AuthorityInfoAccess { * Qualified Certificate Statement support, per RFC 3739. * * First, NameRegistrationAuthorities, a component of - * SemanticsInformation; it's the same as a GeneralNames - - * a sequence of GeneralName. + * SemanticsInformation; it's the same as a GeneralNames - + * a sequence of GeneralName. */ typedef CE_GeneralNames CE_NameRegistrationAuthorities DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; /* * SemanticsInformation, identified as the qcType field * of a CE_QC_Statement for statementId value id-qcs-pkixQCSyntax-v2. - * Both fields optional; at least one must be present. + * Both fields optional; at least one must be present. */ typedef struct __CE_SemanticsInformation { - CSSM_OID *semanticsIdentifier; + CSSM_OID *semanticsIdentifier; CE_NameRegistrationAuthorities *nameRegistrationAuthorities; } CE_SemanticsInformation DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; -/* - * One Qualified Certificate Statement. - * The statementId OID is required; zero or one of {semanticsInfo, - * otherInfo} can be valid, depending on the value of statementId. - * For statementId id-qcs-pkixQCSyntax-v2 (CSSMOID_OID_QCS_SYNTAX_V2), +/* + * One Qualified Certificate Statement. + * The statementId OID is required; zero or one of {semanticsInfo, + * otherInfo} can be valid, depending on the value of statementId. + * For statementId id-qcs-pkixQCSyntax-v2 (CSSMOID_OID_QCS_SYNTAX_V2), * the semanticsInfo field may be present; otherwise, DER-encoded * information may be present in otherInfo. Both semanticsInfo and - * otherInfo are optional. + * otherInfo are optional. */ typedef struct __CE_QC_Statement { CSSM_OID statementId; @@ -495,7 +670,7 @@ typedef struct __CE_IssuingDistributionPoint { CE_CrlDistReasonFlags onlySomeReasons; CSSM_BOOL indirectCrlPresent; CSSM_BOOL indirectCrl; -} CE_IssuingDistributionPoint DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; +} CE_IssuingDistributionPoint DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; /* * NameConstraints @@ -640,6 +815,10 @@ typedef struct __CE_DataAndType { CSSM_BOOL critical; } CE_DataAndType DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; +#endif /* SEC_OS_OSX */ + +#if SEC_OS_OSX #pragma clang diagnostic pop +#endif #endif /* _CERT_EXTENSIONS_H_ */ diff --git a/OSX/libsecurity_cssm/lib/cssmapple.h b/cssm/cssmapple.h similarity index 99% rename from OSX/libsecurity_cssm/lib/cssmapple.h rename to cssm/cssmapple.h index 632b308d..3870a86d 100644 --- a/OSX/libsecurity_cssm/lib/cssmapple.h +++ b/cssm/cssmapple.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2015 Apple Inc. All Rights Reserved. + * Copyright (c) 2000-2016 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * @@ -26,12 +26,16 @@ #ifndef _CSSMAPPLE_H_ #define _CSSMAPPLE_H_ 1 +#include + +#if SEC_OS_OSX_INCLUDES #include #include #include /* for CSSM_APPLE_TP_CERT_REQUEST fields */ #include /* ditto */ #include /* for the BSD *_t types */ #include +#endif /* SEC_OS_OSX */ #ifdef __cplusplus extern "C" { @@ -40,6 +44,7 @@ extern "C" { #pragma clang diagnostic push #pragma clang diagnostic ignored "-Wdeprecated-declarations" +#if SEC_OS_OSX /* Guids for standard Apple addin modules. */ /* CSSM itself: {87191ca0-0fc9-11d4-849a-000502b52122} */ @@ -1041,6 +1046,8 @@ typedef struct { * Same number of these as in the cert group in Evidence[1]. */ +#endif /* SEC_OS_OSX */ + /* First, an array of bits indicating various status of the cert. */ typedef uint32 CSSM_TP_APPLE_CERT_STATUS; enum @@ -1077,8 +1084,14 @@ typedef struct { CSSM_DL_DB_HANDLE DlDbHandle; CSSM_DB_UNIQUE_RECORD_PTR UniqueRecord; +#if SEC_OS_IPHONE + /* CRLReason code if cert is revoked */ + sint32 CrlReason; +#endif /* SEC_OS_IPHONE */ } CSSM_TP_APPLE_EVIDENCE_INFO; +#if SEC_OS_OSX + /* * CSSM_TP_VERIFY_CONTEXT_RESULT.Evidence[0], basically defines which version/flavor * of remaining evidence is. @@ -1168,7 +1181,6 @@ typedef struct { #define kSystemKeychainName "System.keychain" #define kSystemKeychainDir "/Library/Keychains/" #define kSystemUnlockFile "/var/db/SystemKey" - /* * CSSM ACL tags used to store partition/integrity data in ACLs @@ -1191,6 +1203,8 @@ const CSSM_OID *cssmAlgToOid(CSSM_ALGORITHMS algId); #define errSecErrnoBase 100000 #define errSecErrnoLimit 100255 +#endif /* SEC_OS_OSX */ + #pragma clang diagnostic pop #ifdef __cplusplus diff --git a/header_symlinks/README.txt b/header_symlinks/README.txt new file mode 100644 index 00000000..4f0dc7ce --- /dev/null +++ b/header_symlinks/README.txt @@ -0,0 +1,6 @@ +This directory is for symlinks to headers which will appear in the SDK under Security/, e.g.: + +#include +#include + +Do not put anything but symlinks in this directory. diff --git a/header_symlinks/Security/SecBase.h b/header_symlinks/Security/SecBase.h new file mode 120000 index 00000000..b731e3ea --- /dev/null +++ b/header_symlinks/Security/SecBase.h @@ -0,0 +1 @@ +./../base/SecBase.h \ No newline at end of file diff --git a/header_symlinks/Security/SecBasePriv.h b/header_symlinks/Security/SecBasePriv.h new file mode 120000 index 00000000..4d26757e --- /dev/null +++ b/header_symlinks/Security/SecBasePriv.h @@ -0,0 +1 @@ +./../base/SecBasePriv.h \ No newline at end of file diff --git a/header_symlinks/Security/SecCertificate.h b/header_symlinks/Security/SecCertificate.h new file mode 120000 index 00000000..abfc83ee --- /dev/null +++ b/header_symlinks/Security/SecCertificate.h @@ -0,0 +1 @@ +./../trust/SecCertificate.h \ No newline at end of file diff --git a/header_symlinks/Security/SecCertificatePriv.h b/header_symlinks/Security/SecCertificatePriv.h new file mode 120000 index 00000000..9499f6f4 --- /dev/null +++ b/header_symlinks/Security/SecCertificatePriv.h @@ -0,0 +1 @@ +./../trust/SecCertificatePriv.h \ No newline at end of file diff --git a/header_symlinks/Security/SecCertificateRequest.h b/header_symlinks/Security/SecCertificateRequest.h new file mode 120000 index 00000000..0ecfd8ea --- /dev/null +++ b/header_symlinks/Security/SecCertificateRequest.h @@ -0,0 +1 @@ +./../trust/SecCertificateRequest.h \ No newline at end of file diff --git a/header_symlinks/Security/SecIdentity.h b/header_symlinks/Security/SecIdentity.h new file mode 120000 index 00000000..cf2695c1 --- /dev/null +++ b/header_symlinks/Security/SecIdentity.h @@ -0,0 +1 @@ +./../keychain/SecIdentity.h \ No newline at end of file diff --git a/header_symlinks/Security/SecIdentityPriv.h b/header_symlinks/Security/SecIdentityPriv.h new file mode 120000 index 00000000..68c25650 --- /dev/null +++ b/header_symlinks/Security/SecIdentityPriv.h @@ -0,0 +1 @@ +./../keychain/SecIdentityPriv.h \ No newline at end of file diff --git a/header_symlinks/Security/SecImportExport.h b/header_symlinks/Security/SecImportExport.h new file mode 120000 index 00000000..5cf7eced --- /dev/null +++ b/header_symlinks/Security/SecImportExport.h @@ -0,0 +1 @@ +./../keychain/SecImportExport.h \ No newline at end of file diff --git a/header_symlinks/Security/SecInternal.h b/header_symlinks/Security/SecInternal.h new file mode 120000 index 00000000..67198bbe --- /dev/null +++ b/header_symlinks/Security/SecInternal.h @@ -0,0 +1 @@ +./../base/SecInternal.h \ No newline at end of file diff --git a/header_symlinks/Security/SecItem.h b/header_symlinks/Security/SecItem.h new file mode 120000 index 00000000..9976098b --- /dev/null +++ b/header_symlinks/Security/SecItem.h @@ -0,0 +1 @@ +./../keychain/SecItem.h \ No newline at end of file diff --git a/header_symlinks/Security/SecItemPriv.h b/header_symlinks/Security/SecItemPriv.h new file mode 120000 index 00000000..a8169111 --- /dev/null +++ b/header_symlinks/Security/SecItemPriv.h @@ -0,0 +1 @@ +./../keychain/SecItemPriv.h \ No newline at end of file diff --git a/header_symlinks/Security/SecKey.h b/header_symlinks/Security/SecKey.h new file mode 120000 index 00000000..0d7004f9 --- /dev/null +++ b/header_symlinks/Security/SecKey.h @@ -0,0 +1 @@ +./../keychain/SecKey.h \ No newline at end of file diff --git a/header_symlinks/Security/SecKeyPriv.h b/header_symlinks/Security/SecKeyPriv.h new file mode 120000 index 00000000..34a07ffa --- /dev/null +++ b/header_symlinks/Security/SecKeyPriv.h @@ -0,0 +1 @@ +./../keychain/SecKeyPriv.h \ No newline at end of file diff --git a/header_symlinks/Security/SecPolicy.h b/header_symlinks/Security/SecPolicy.h new file mode 120000 index 00000000..a9f75265 --- /dev/null +++ b/header_symlinks/Security/SecPolicy.h @@ -0,0 +1 @@ +./../trust/SecPolicy.h \ No newline at end of file diff --git a/header_symlinks/Security/SecPolicyPriv.h b/header_symlinks/Security/SecPolicyPriv.h new file mode 120000 index 00000000..e429b0a9 --- /dev/null +++ b/header_symlinks/Security/SecPolicyPriv.h @@ -0,0 +1 @@ +./../trust/SecPolicyPriv.h \ No newline at end of file diff --git a/header_symlinks/Security/SecRandom.h b/header_symlinks/Security/SecRandom.h new file mode 120000 index 00000000..a7cb3c98 --- /dev/null +++ b/header_symlinks/Security/SecRandom.h @@ -0,0 +1 @@ +./../base/SecRandom.h \ No newline at end of file diff --git a/header_symlinks/Security/SecTask.h b/header_symlinks/Security/SecTask.h new file mode 120000 index 00000000..f1af37f9 --- /dev/null +++ b/header_symlinks/Security/SecTask.h @@ -0,0 +1 @@ +./../sectask/SecTask.h \ No newline at end of file diff --git a/header_symlinks/Security/SecTrust.h b/header_symlinks/Security/SecTrust.h new file mode 120000 index 00000000..44fb96fb --- /dev/null +++ b/header_symlinks/Security/SecTrust.h @@ -0,0 +1 @@ +./../trust/SecTrust.h \ No newline at end of file diff --git a/header_symlinks/Security/SecTrustPriv.h b/header_symlinks/Security/SecTrustPriv.h new file mode 120000 index 00000000..8c596e1e --- /dev/null +++ b/header_symlinks/Security/SecTrustPriv.h @@ -0,0 +1 @@ +./../trust/SecTrustPriv.h \ No newline at end of file diff --git a/header_symlinks/Security/SecTrustSettings.h b/header_symlinks/Security/SecTrustSettings.h new file mode 120000 index 00000000..4950c4f4 --- /dev/null +++ b/header_symlinks/Security/SecTrustSettings.h @@ -0,0 +1 @@ +./../trust/SecTrustSettings.h \ No newline at end of file diff --git a/header_symlinks/Security/SecTrustSettingsPriv.h b/header_symlinks/Security/SecTrustSettingsPriv.h new file mode 120000 index 00000000..dc728bca --- /dev/null +++ b/header_symlinks/Security/SecTrustSettingsPriv.h @@ -0,0 +1 @@ +./../trust/SecTrustSettingsPriv.h \ No newline at end of file diff --git a/header_symlinks/Security/Security.h b/header_symlinks/Security/Security.h new file mode 120000 index 00000000..beb2ef4e --- /dev/null +++ b/header_symlinks/Security/Security.h @@ -0,0 +1 @@ +./../base/Security.h \ No newline at end of file diff --git a/header_symlinks/Security/certextensions.h b/header_symlinks/Security/certextensions.h new file mode 120000 index 00000000..3383f6e5 --- /dev/null +++ b/header_symlinks/Security/certextensions.h @@ -0,0 +1 @@ +./../cssm/certextensions.h \ No newline at end of file diff --git a/header_symlinks/iOS/Security/oidsbase.h b/header_symlinks/iOS/Security/oidsbase.h new file mode 120000 index 00000000..bf5f1dda --- /dev/null +++ b/header_symlinks/iOS/Security/oidsbase.h @@ -0,0 +1 @@ +./../../OSX/libsecurity_cssm/lib/oidsbase.h \ No newline at end of file diff --git a/header_symlinks/macOS/Security/SecAsn1Types.h b/header_symlinks/macOS/Security/SecAsn1Types.h new file mode 120000 index 00000000..02760d75 --- /dev/null +++ b/header_symlinks/macOS/Security/SecAsn1Types.h @@ -0,0 +1 @@ +./../../OSX/libsecurity_asn1/lib/SecAsn1Types.h \ No newline at end of file diff --git a/header_symlinks/macOS/Security/SecCmsBase.h b/header_symlinks/macOS/Security/SecCmsBase.h new file mode 120000 index 00000000..ec3117b2 --- /dev/null +++ b/header_symlinks/macOS/Security/SecCmsBase.h @@ -0,0 +1 @@ +./../../OSX/libsecurity_smime/lib/SecCmsBase.h \ No newline at end of file diff --git a/header_symlinks/macOS/Security/SecCmsContentInfo.h b/header_symlinks/macOS/Security/SecCmsContentInfo.h new file mode 120000 index 00000000..91545181 --- /dev/null +++ b/header_symlinks/macOS/Security/SecCmsContentInfo.h @@ -0,0 +1 @@ +./../../OSX/libsecurity_smime/lib/SecCmsContentInfo.h \ No newline at end of file diff --git a/header_symlinks/macOS/Security/SecCmsDecoder.h b/header_symlinks/macOS/Security/SecCmsDecoder.h new file mode 120000 index 00000000..0b2c542b --- /dev/null +++ b/header_symlinks/macOS/Security/SecCmsDecoder.h @@ -0,0 +1 @@ +./../../OSX/libsecurity_smime/lib/SecCmsDecoder.h \ No newline at end of file diff --git a/header_symlinks/macOS/Security/SecCmsDigestContext.h b/header_symlinks/macOS/Security/SecCmsDigestContext.h new file mode 120000 index 00000000..dc97ff4d --- /dev/null +++ b/header_symlinks/macOS/Security/SecCmsDigestContext.h @@ -0,0 +1 @@ +./../../OSX/libsecurity_smime/lib/SecCmsDigestContext.h \ No newline at end of file diff --git a/header_symlinks/macOS/Security/SecCmsEncoder.h b/header_symlinks/macOS/Security/SecCmsEncoder.h new file mode 120000 index 00000000..28887229 --- /dev/null +++ b/header_symlinks/macOS/Security/SecCmsEncoder.h @@ -0,0 +1 @@ +./../../OSX/libsecurity_smime/lib/SecCmsEncoder.h \ No newline at end of file diff --git a/header_symlinks/macOS/Security/SecCmsEnvelopedData.h b/header_symlinks/macOS/Security/SecCmsEnvelopedData.h new file mode 120000 index 00000000..f619a96c --- /dev/null +++ b/header_symlinks/macOS/Security/SecCmsEnvelopedData.h @@ -0,0 +1 @@ +./../../OSX/libsecurity_smime/lib/SecCmsEnvelopedData.h \ No newline at end of file diff --git a/header_symlinks/macOS/Security/SecCmsMessage.h b/header_symlinks/macOS/Security/SecCmsMessage.h new file mode 120000 index 00000000..8cb491e3 --- /dev/null +++ b/header_symlinks/macOS/Security/SecCmsMessage.h @@ -0,0 +1 @@ +./../../OSX/libsecurity_smime/lib/SecCmsMessage.h \ No newline at end of file diff --git a/header_symlinks/macOS/Security/SecCmsRecipientInfo.h b/header_symlinks/macOS/Security/SecCmsRecipientInfo.h new file mode 120000 index 00000000..071d0598 --- /dev/null +++ b/header_symlinks/macOS/Security/SecCmsRecipientInfo.h @@ -0,0 +1 @@ +./../../OSX/libsecurity_smime/lib/SecCmsRecipientInfo.h \ No newline at end of file diff --git a/header_symlinks/macOS/Security/SecCmsSignedData.h b/header_symlinks/macOS/Security/SecCmsSignedData.h new file mode 120000 index 00000000..d08307f3 --- /dev/null +++ b/header_symlinks/macOS/Security/SecCmsSignedData.h @@ -0,0 +1 @@ +./../../OSX/libsecurity_smime/lib/SecCmsSignedData.h \ No newline at end of file diff --git a/header_symlinks/macOS/Security/SecCmsSignerInfo.h b/header_symlinks/macOS/Security/SecCmsSignerInfo.h new file mode 120000 index 00000000..c97d42b9 --- /dev/null +++ b/header_symlinks/macOS/Security/SecCmsSignerInfo.h @@ -0,0 +1 @@ +./../../OSX/libsecurity_smime/lib/SecCmsSignerInfo.h \ No newline at end of file diff --git a/header_symlinks/macOS/Security/oidsbase.h b/header_symlinks/macOS/Security/oidsbase.h new file mode 120000 index 00000000..bf5f1dda --- /dev/null +++ b/header_symlinks/macOS/Security/oidsbase.h @@ -0,0 +1 @@ +./../../OSX/libsecurity_cssm/lib/oidsbase.h \ No newline at end of file diff --git a/header_symlinks/macOS/security_utilities/casts.h b/header_symlinks/macOS/security_utilities/casts.h new file mode 120000 index 00000000..d46efd15 --- /dev/null +++ b/header_symlinks/macOS/security_utilities/casts.h @@ -0,0 +1 @@ +./../../OSX/libsecurity_utilities/lib/casts.h \ No newline at end of file diff --git a/header_symlinks/macOS/security_utilities/memutils.h b/header_symlinks/macOS/security_utilities/memutils.h new file mode 120000 index 00000000..fca7feb2 --- /dev/null +++ b/header_symlinks/macOS/security_utilities/memutils.h @@ -0,0 +1 @@ +./../../OSX/libsecurity_utilities/lib/memutils.h \ No newline at end of file diff --git a/header_symlinks/utilities/SecCFRelease.h b/header_symlinks/utilities/SecCFRelease.h new file mode 120000 index 00000000..c0522304 --- /dev/null +++ b/header_symlinks/utilities/SecCFRelease.h @@ -0,0 +1 @@ +./../OSX/utilities/src/SecCFRelease.h \ No newline at end of file diff --git a/OSX/libsecurity_keychain/lib/SecIdentity.h b/keychain/SecIdentity.h similarity index 65% rename from OSX/libsecurity_keychain/lib/SecIdentity.h rename to keychain/SecIdentity.h index 50278a03..ea002f3e 100644 --- a/OSX/libsecurity_keychain/lib/SecIdentity.h +++ b/keychain/SecIdentity.h @@ -1,15 +1,15 @@ /* - * Copyright (c) 2002-2011 Apple Inc. All Rights Reserved. - * + * Copyright (c) 2002-2011,2012-2013,2016 Apple Inc. All Rights Reserved. + * * @APPLE_LICENSE_HEADER_START@ - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -17,13 +17,14 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_LICENSE_HEADER_END@ */ /*! - @header SecIdentity - The functions provided in SecIdentity implement a convenient way to match private keys with certificates. + @header SecIdentity + The functions provided in SecIdentity.h implement a convenient way to + match private keys with certificates. */ #ifndef _SECURITY_SECIDENTITY_H_ @@ -31,63 +32,73 @@ #include #include + #include -#include #include -#if defined(__cplusplus) -extern "C" { +#if SEC_OS_OSX +#include #endif +__BEGIN_DECLS + CF_ASSUME_NONNULL_BEGIN CF_IMPLICIT_BRIDGING_ENABLED /*! - @function SecIdentityGetTypeID - @abstract Returns the type identifier of SecIdentity instances. - @result The CFTypeID of SecIdentity instances. + @function SecIdentityGetTypeID + @abstract Returns the type identifier of SecIdentity instances. + @result The CFTypeID of SecIdentity instances. */ CFTypeID SecIdentityGetTypeID(void) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); + __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); +#if SEC_OS_OSX /*! - @function SecIdentityCreateWithCertificate + @function SecIdentityCreateWithCertificate @abstract Creates a new identity reference for the given certificate, assuming the associated private key is in one of the specified keychains. @param keychainOrArray A reference to an array of keychains to search, a single keychain, or NULL to search the user's default keychain search list. - @param certificateRef A certificate reference. + @param certificateRef A certificate reference. @param identityRef On return, an identity reference. You are responsible for releasing this reference by calling the CFRelease function. @result A result code. See "Security Error Codes" (SecBase.h). */ OSStatus SecIdentityCreateWithCertificate( - CFTypeRef __nullable keychainOrArray, - SecCertificateRef certificateRef, + CFTypeRef __nullable keychainOrArray, + SecCertificateRef certificateRef, SecIdentityRef * __nonnull CF_RETURNS_RETAINED identityRef) - __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA); + __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA); +#endif /*! - @function SecIdentityCopyCertificate - @abstract Returns a reference to a certificate for the given identity reference. + @function SecIdentityCopyCertificate + @abstract Returns a reference to a certificate for the given identity + reference. @param identityRef An identity reference. - @param certificateRef On return, a reference to the found certificate. You are responsible for releasing this reference by calling the CFRelease function. + @param certificateRef On return, a pointer to the found certificate + reference. You are responsible for releasing this reference by calling + the CFRelease function. @result A result code. See "Security Error Codes" (SecBase.h). */ OSStatus SecIdentityCopyCertificate( - SecIdentityRef identityRef, + SecIdentityRef identityRef, SecCertificateRef * __nonnull CF_RETURNS_RETAINED certificateRef) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); + __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); /*! - @function SecIdentityCopyPrivateKey + @function SecIdentityCopyPrivateKey @abstract Returns the private key associated with an identity. @param identityRef An identity reference. - @param privateKeyRef On return, a reference to the private key for the given identity. You are responsible for releasing this reference by calling the CFRelease function. + @param privateKeyRef On return, a pointer to the private key for the given + identity. On iOS, the private key must be of class type kSecAppleKeyItemClass. + You are responsible for releasing this reference by calling the CFRelease function. @result A result code. See "Security Error Codes" (SecBase.h). */ OSStatus SecIdentityCopyPrivateKey( - SecIdentityRef identityRef, + SecIdentityRef identityRef, SecKeyRef * __nonnull CF_RETURNS_RETAINED privateKeyRef) - __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); + __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); +#if SEC_OS_OSX /*! @function SecIdentityCopyPreference @abstract Returns the preferred identity for the specified name and key usage, optionally limiting the result to an identity issued by a certificate whose subject is one of the distinguished names in validIssuers. If a preferred identity does not exist, NULL is returned. @@ -99,7 +110,7 @@ OSStatus SecIdentityCopyPrivateKey( @discussion This API is deprecated in 10.7. Please use the SecIdentityCopyPreferred API instead. */ OSStatus SecIdentityCopyPreference(CFStringRef name, CSSM_KEYUSE keyUsage, CFArrayRef __nullable validIssuers, SecIdentityRef * __nonnull CF_RETURNS_RETAINED identity) - DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; + DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; /*! @function SecIdentityCopyPreferred @@ -112,8 +123,8 @@ OSStatus SecIdentityCopyPreference(CFStringRef name, CSSM_KEYUSE keyUsage, CFArr */ __nullable SecIdentityRef SecIdentityCopyPreferred(CFStringRef name, CFArrayRef __nullable keyUsage, CFArrayRef __nullable validIssuers) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); - + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); + /*! @function SecIdentitySetPreference @abstract Sets the preferred identity for the specified name and key usage. @@ -121,11 +132,11 @@ SecIdentityRef SecIdentityCopyPreferred(CFStringRef name, CFArrayRef __nullable @param name A string containing a URI, RFC822 email address, DNS hostname, or other name which uniquely identifies a service requiring this identity. @param keyUsage A CSSM_KEYUSE key usage value, as defined in cssmtype.h. Pass 0 to specify any key usage. @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This API is deprecated in 10.7. Please use the SecIdentitySetPreferred API instead. + @discussion This API is deprecated in 10.7. Please use the SecIdentitySetPreferred API instead. */ OSStatus SecIdentitySetPreference(SecIdentityRef identity, CFStringRef name, CSSM_KEYUSE keyUsage) - DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; - + DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; + /*! @function SecIdentitySetPreferred @abstract Sets the preferred identity for the specified name and key usage. @@ -133,71 +144,71 @@ OSStatus SecIdentitySetPreference(SecIdentityRef identity, CFStringRef name, CSS @param name A string containing a URI, RFC822 email address, DNS hostname, or other name which uniquely identifies a service requiring this identity. @param keyUsage A CFArrayRef value, containing items defined in SecItem.h Pass NULL to specify any key usage. (kSecAttrCanEncrypt, kSecAttrCanDecrypt, kSecAttrCanDerive, kSecAttrCanSign, kSecAttrCanVerify, kSecAttrCanWrap, kSecAttrCanUnwrap) @result A result code. See "Security Error Codes" (SecBase.h). -*/ +*/ OSStatus SecIdentitySetPreferred(SecIdentityRef __nullable identity, CFStringRef name, CFArrayRef __nullable keyUsage) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); /*! - @function SecIdentityCopySystemIdentity - @abstract Obtain the system-wide SecIdentityRef associated with - a specified domain. - @param domain Identifies the SecIdentityRef to be obtained, typically - in the form "com.apple.subdomain...". - @param idRef On return, the system SecIdentityRef assicated with - the specified domain. Caller must CFRelease this when - finished with it. - @param actualDomain (optional) The actual domain name of the - the returned identity is returned here. This - may be different from the requested domain. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion If no system SecIdentityRef exists for the specified - domain, a domain-specific alternate may be returned - instead, typically (but not exclusively) the - kSecIdentityDomainDefault SecIdentityRef. + @function SecIdentityCopySystemIdentity + @abstract Obtain the system-wide SecIdentityRef associated with + a specified domain. + @param domain Identifies the SecIdentityRef to be obtained, typically + in the form "com.apple.subdomain...". + @param idRef On return, the system SecIdentityRef assicated with + the specified domain. Caller must CFRelease this when + finished with it. + @param actualDomain (optional) The actual domain name of the + the returned identity is returned here. This + may be different from the requested domain. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion If no system SecIdentityRef exists for the specified + domain, a domain-specific alternate may be returned + instead, typically (but not exclusively) the + kSecIdentityDomainDefault SecIdentityRef. */ OSStatus SecIdentityCopySystemIdentity( - CFStringRef domain, + CFStringRef domain, SecIdentityRef * __nonnull CF_RETURNS_RETAINED idRef, CFStringRef * __nullable CF_RETURNS_RETAINED actualDomain) /* optional */ - __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA); + __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA); /*! - @function SecIdentitySetSystemIdentity - @abstract Assign the supplied SecIdentityRef to the specified - domain. - @param domain Identifies the domain to which the specified - SecIdentityRef will be assigned. - @param idRef (optional) The identity to be assigned to the specified - domain. Pass NULL to delete a possible entry for the specified - domain; in this case, it is not an error if no identity - exists for the specified domain. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion The caller must be running as root. + @function SecIdentitySetSystemIdentity + @abstract Assign the supplied SecIdentityRef to the specified + domain. + @param domain Identifies the domain to which the specified + SecIdentityRef will be assigned. + @param idRef (optional) The identity to be assigned to the specified + domain. Pass NULL to delete a possible entry for the specified + domain; in this case, it is not an error if no identity + exists for the specified domain. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion The caller must be running as root. */ OSStatus SecIdentitySetSystemIdentity( - CFStringRef domain, + CFStringRef domain, SecIdentityRef __nullable idRef) - __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA); + __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA); /* * Defined system identity domains. */ /*! - @const kSecIdentityDomainDefault The system-wide default identity. + @const kSecIdentityDomainDefault The system-wide default identity. */ extern const CFStringRef kSecIdentityDomainDefault __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA); /*! - @const kSecIdentityDomainKerberosKDC Kerberos KDC identity. + @const kSecIdentityDomainKerberosKDC Kerberos KDC identity. */ extern const CFStringRef kSecIdentityDomainKerberosKDC __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA); +#endif // SEC_OS_OSX + CF_IMPLICIT_BRIDGING_DISABLED CF_ASSUME_NONNULL_END -#if defined(__cplusplus) -} -#endif +__END_DECLS #endif /* !_SECURITY_SECIDENTITY_H_ */ diff --git a/keychain/SecIdentityPriv.h b/keychain/SecIdentityPriv.h new file mode 100644 index 00000000..47697ca8 --- /dev/null +++ b/keychain/SecIdentityPriv.h @@ -0,0 +1,159 @@ +/* + * Copyright (c) 2002-2011,2012-2013,2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +/*! + @header SecIdentityPriv + The functions provided in SecIdentityPriv.h implement a convenient way to + match private keys with certificates. +*/ + +#ifndef _SECURITY_SECIDENTITYPRIV_H_ +#define _SECURITY_SECIDENTITYPRIV_H_ + +#include +#include +#include + +__BEGIN_DECLS + +/*! @function SecIdentityCreate + @abstract create a new identity object from the provided certificate and its associated private key. + @param allocator CFAllocator to allocate the identity object. Pass NULL to use the default allocator. + @param certificate A certificate reference. + @param privateKey A private key reference. + @result An identity reference. +*/ +SecIdentityRef SecIdentityCreate( + CFAllocatorRef allocator, + SecCertificateRef certificate, + SecKeyRef privateKey) + __SEC_MAC_AND_IOS_UNKNOWN; + //__OSX_AVAILABLE_STARTING(__MAC_10_3, __SEC_IPHONE_UNKNOWN); + +#if SEC_OS_OSX +/*! + @function SecIdentityCompare + @abstract Compares two SecIdentityRef instances for equality. + @param identity1 An identity reference. + @param identity2 An identity reference. + @param compareOptions A value containing option flags. Currently there are no compare options, so 0 should be passed for this parameter. + @result An enumerated value of type CFComparisonResult. See CFBase.h. + @discussion Two identities are considered equal if they contain identical certificate and private key components. + @deprecated in Mac OS X 10.5 and later; the CFEqual function should be used instead (CFBase.h). + */ +CFComparisonResult SecIdentityCompare( + SecIdentityRef identity1, + SecIdentityRef identity2, + CFOptionFlags compareOptions) + DEPRECATED_IN_MAC_OS_X_VERSION_10_5_AND_LATER; + +/*! + @function SecIdentityFindPreferenceItem + @abstract Returns an identity preference item, given an identity string. + @param keychainOrArray A reference to an array of keychains to search, a single keychain, or NULL to search the user's default keychain search list. + @param idString A string containing a URI, hostname, or email (RFC822) address. + @param itemRef On return, a reference to the keychain item which was found. The caller is responsible for releasing this reference. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion An identity preference item maps a particular identity to a string, such as a URI or email address. It specifies that this identity should be preferred in transactions which match the provided string. + @deprecated in Mac OS X 10.7 and later; use SecIdentityCopyPreferred() instead (SecIdentity.h) + + WARNING: This function is based on an implementation detail and will go away + in a future release; its use should be avoided at all costs. It does not + provide a way to find a preference item based on key usage, and it can only + find preferences which are stored as keychain items, so it may fail to find + the item you expect. Please use the public API functions to manipulate + identity preferences. +*/ +OSStatus SecIdentityFindPreferenceItem( + CFTypeRef keychainOrArray, + CFStringRef idString, + SecKeychainItemRef *itemRef) + DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; + +/*! + @function SecIdentityAddPreferenceItem + @abstract Adds a new identity preference item to the specified keychain. + @param keychainRef A reference to the keychain in which to store the preference item. Pass NULL to specify the user's default keychain. + @param identityRef An identity reference. + @param idString A string containing a URI, hostname, or email (RFC822) address. + @param itemRef On return, a reference to the new keychain item. The caller is responsible for releasing this reference. Pass NULL if the reference is not needed. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion An identity preference item maps a particular identity to a string, such as a URI or email address. It specifies that this identity should be preferred in transactions which match the provided string. + @deprecated in Mac OS X 10.5; use SecIdentitySetPreference() instead (SecIdentity.h). +*/ +OSStatus SecIdentityAddPreferenceItem( + SecKeychainRef keychainRef, + SecIdentityRef identityRef, + CFStringRef idString, + SecKeychainItemRef *itemRef) + DEPRECATED_IN_MAC_OS_X_VERSION_10_5_AND_LATER; + +/*! + @function SecIdentityUpdatePreferenceItem + @abstract Given an existing identity preference keychain item, update it with the provided identity. + @param itemRef An identity preference keychain item, as returned by SecIdentityFindPreferenceItem or SecIdentityAddPreferenceItem. + @param identityRef An identity reference. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion This function is used to update an existing preference item when a different identity is preferred. + @deprecated in Mac OS X 10.5; use SecIdentitySetPreference() instead (SecIdentity.h). +*/ +OSStatus SecIdentityUpdatePreferenceItem( + SecKeychainItemRef itemRef, + SecIdentityRef identityRef) + DEPRECATED_IN_MAC_OS_X_VERSION_10_5_AND_LATER; + +/*! + @function SecIdentityCopyFromPreferenceItem + @abstract Given an existing identity preference keychain item, obtain a SecIdentityRef for the identity it specifies. + @param itemRef An identity preference keychain item, as returned by SecIdentityFindPreferenceItem or SecIdentityAddPreferenceItem. + @param identityRef On return, an identity reference. The caller is responsible for releasing this reference. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion This function is used to obtain a SecIdentityRef from an existing preference item. + @deprecated in Mac OS X 10.5; use SecIdentityCopyPreference() instead (SecIdentity.h). +*/ +OSStatus SecIdentityCopyFromPreferenceItem( + SecKeychainItemRef itemRef, + SecIdentityRef *identityRef) + DEPRECATED_IN_MAC_OS_X_VERSION_10_5_AND_LATER; + +/*! + @function ConvertArrayToKeyUsage + @abstract Given an array of key usages defined in SecItem.h return the equivalent CSSM_KEYUSE + @param usage An CFArrayRef containing CFTypeRefs defined in SecItem.h + kSecAttrCanEncrypt, + kSecAttrCanDecrypt, + kSecAttrCanDerive, + kSecAttrCanSign, + kSecAttrCanVerify, + kSecAttrCanWrap, + kSecAttrCanUnwrap + If the CFArrayRef is NULL then the CSSM_KEYUSAGE will be CSSM_KEYUSE_ANY + @result A CSSM_KEYUSE. Derived from the passed in Array +*/ +CSSM_KEYUSE ConvertArrayToKeyUsage(CFArrayRef usage) + __SEC_MAC_ONLY_UNKNOWN; +#endif // SEC_OS_OSX + +__END_DECLS + +#endif /* _SECURITY_SECIDENTITYPRIV_H_ */ diff --git a/OSX/libsecurity_keychain/lib/SecImportExport.h b/keychain/SecImportExport.h similarity index 64% rename from OSX/libsecurity_keychain/lib/SecImportExport.h rename to keychain/SecImportExport.h index a0058aed..019d8357 100644 --- a/OSX/libsecurity_keychain/lib/SecImportExport.h +++ b/keychain/SecImportExport.h @@ -1,15 +1,15 @@ /* - * Copyright (c) 2000-2011,2013-2014 Apple Inc. All Rights Reserved. + * Copyright (c) 2000-2011,2012-2014,2016 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -17,84 +17,91 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_LICENSE_HEADER_END@ */ /*! - @header SecImportExport - contains import/export functionality for keys and certificates. + @header SecImportExport + contains import/export functionality for keys and certificates. */ -#ifndef _SECURITY_SEC_IMPORT_EXPORT_H_ -#define _SECURITY_SEC_IMPORT_EXPORT_H_ +#ifndef _SECURITY_SECIMPORTEXPORT_H_ +#define _SECURITY_SECIMPORTEXPORT_H_ + +#include +#include +#include +#include +#include +#include +#if SEC_OS_OSX #include #include #include -#include #include +#endif /* SEC_OS_OSX */ -#ifdef __cplusplus -extern "C" { -#endif +__BEGIN_DECLS CF_ASSUME_NONNULL_BEGIN CF_IMPLICIT_BRIDGING_ENABLED +#if SEC_OS_OSX /* * Supported import/export Formats */ typedef CF_ENUM(uint32_t, SecExternalFormat) { - /* - * When importing: unknown format - * When exporting: default format for item - */ - kSecFormatUnknown = 0, - - /* - * Public and Private Key formats. - * Default for export is kSecFormatOpenSSL. - */ - kSecFormatOpenSSL, /* a.k.a. X509 for public keys */ - kSecFormatSSH, /* OpenSSH v.1 */ - kSecFormatBSAFE, - - /* Symmetric Key Formats */ - kSecFormatRawKey, /* raw unformatted key bits; default */ - - /* Formats for wrapped symmetric and private keys */ - kSecFormatWrappedPKCS8, - kSecFormatWrappedOpenSSL, /* traditional openssl */ - kSecFormatWrappedSSH, /* OpenSSH v.1 */ - kSecFormatWrappedLSH, - - /* Formats for certificates */ - kSecFormatX509Cert, /* DER encoded; default */ - - /* Aggregate Types */ - kSecFormatPEMSequence, /* sequence of certs and/or keys, implies PEM - * armour. Default format for multiple items */ - kSecFormatPKCS7, /* sequence of certs */ - kSecFormatPKCS12, /* set of certs and private keys */ - kSecFormatNetscapeCertSequence, /* sequence of certs, form netscape-cert-sequence */ - - /* Added in Mac OS X 10.5 */ - kSecFormatSSHv2 /* OpenSSH v.2. Note that OpenSSH v2 private keys - * are in format kSecFormatOpenSSL or - * kSecFormatWrappedOpenSSL. */ + /* + * When importing: unknown format + * When exporting: default format for item + */ + kSecFormatUnknown = 0, + + /* + * Public and Private Key formats. + * Default for export is kSecFormatOpenSSL. + */ + kSecFormatOpenSSL, /* a.k.a. X509 for public keys */ + kSecFormatSSH, /* OpenSSH v.1 */ + kSecFormatBSAFE, + + /* Symmetric Key Formats */ + kSecFormatRawKey, /* raw unformatted key bits; default */ + + /* Formats for wrapped symmetric and private keys */ + kSecFormatWrappedPKCS8, + kSecFormatWrappedOpenSSL, /* traditional openssl */ + kSecFormatWrappedSSH, /* OpenSSH v.1 */ + kSecFormatWrappedLSH, + + /* Formats for certificates */ + kSecFormatX509Cert, /* DER encoded; default */ + + /* Aggregate Types */ + kSecFormatPEMSequence, /* sequence of certs and/or keys, implies PEM + * armour. Default format for multiple items */ + kSecFormatPKCS7, /* sequence of certs */ + kSecFormatPKCS12, /* set of certs and private keys */ + kSecFormatNetscapeCertSequence, /* sequence of certs, form netscape-cert-sequence */ + + /* Added in Mac OS X 10.5 */ + kSecFormatSSHv2 /* OpenSSH v.2. Note that OpenSSH v2 private keys + * are in format kSecFormatOpenSSL or + * kSecFormatWrappedOpenSSL. */ }; /* * Indication of basic item type when importing. */ typedef CF_ENUM(uint32_t, SecExternalItemType) { - kSecItemTypeUnknown, /* caller doesn't know what this is */ - kSecItemTypePrivateKey, - kSecItemTypePublicKey, - kSecItemTypeSessionKey, - kSecItemTypeCertificate, - kSecItemTypeAggregate /* PKCS7, PKCS12, kSecFormatPEMSequence, etc. */ + kSecItemTypeUnknown, /* caller doesn't know what this is */ + kSecItemTypePrivateKey, + kSecItemTypePublicKey, + kSecItemTypeSessionKey, + kSecItemTypeCertificate, + kSecItemTypeAggregate /* PKCS7, PKCS12, kSecFormatPEMSequence, etc. */ }; /* @@ -102,7 +109,7 @@ typedef CF_ENUM(uint32_t, SecExternalItemType) { */ typedef CF_OPTIONS(uint32_t, SecItemImportExportFlags) { - kSecItemPemArmour = 0x00000001, /* exported blob is PEM formatted */ + kSecItemPemArmour = 0x00000001, /* exported blob is PEM formatted */ }; /* @@ -110,84 +117,83 @@ typedef CF_OPTIONS(uint32_t, SecItemImportExportFlags) */ typedef CF_OPTIONS(uint32_t, SecKeyImportExportFlags) { - /* - * When true, prevents the importing of more than one private key - * in a given SecKeychainItemImport(). - */ - kSecKeyImportOnlyOne = 0x00000001, - - /* - * When true, passphrase for import/export is obtained by user prompt - * instead of by caller-supplied data (SecKeyImportExportParameters.passphrase). - * This is the preferred method for obtaining a user-supplied passphrase - * as it avoids having the cleartext passphrase appear in the app's - * address space at any time. - */ - kSecKeySecurePassphrase = 0x00000002, - - /* - * When true, imported private keys will have no Access Control List - * (ACL) attached to them. In the absence of both this bit and the accessRef - * field in SecKeyImportExportParameters (see below), imported private - * keys are given a default ACL. - */ - kSecKeyNoAccessControl = 0x00000004 + /* + * When true, prevents the importing of more than one private key + * in a given SecKeychainItemImport(). + */ + kSecKeyImportOnlyOne = 0x00000001, + + /* + * When true, passphrase for import/export is obtained by user prompt + * instead of by caller-supplied data (SecKeyImportExportParameters.passphrase). + * This is the preferred method for obtaining a user-supplied passphrase + * as it avoids having the cleartext passphrase appear in the app's + * address space at any time. + */ + kSecKeySecurePassphrase = 0x00000002, + + /* + * When true, imported private keys will have no Access Control List + * (ACL) attached to them. In the absence of both this bit and the accessRef + * field in SecKeyImportExportParameters (see below), imported private + * keys are given a default ACL. + */ + kSecKeyNoAccessControl = 0x00000004 }; /* * Version of a SecKeyImportExportParameters. */ -#define SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION 0 +#define SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION 0 /* * Parameters specific to SecKeyRefs. */ typedef struct { - /* for import and export */ - uint32_t version; /* SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION */ - SecKeyImportExportFlags flags; /* SecKeyImportExportFlags bits */ - CFTypeRef passphrase; /* kSecFormatPKCS12, kSecFormatWrapped* - * formats only. Legal types are - * CFStringRef and CFDataRef. */ - CFStringRef alertTitle; /* title of secure passphrase alert panel */ - CFStringRef alertPrompt; /* prompt in secure passphrase alert panel */ - - /* for import only */ - SecAccessRef __nullable accessRef; /* specifies the initial ACL of imported - * key(s) */ - CSSM_KEYUSE keyUsage; /* CSSM_KEYUSE_DECRYPT, CSSM_KEYUSE_SIGN, - * etc. */ - CSSM_KEYATTR_FLAGS keyAttributes; /* CSSM_KEYATTR_PERMANENT, etc. */ + /* for import and export */ + uint32_t version; /* SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION */ + SecKeyImportExportFlags flags; /* SecKeyImportExportFlags bits */ + CFTypeRef passphrase; /* kSecFormatPKCS12, kSecFormatWrapped* + * formats only. Legal types are + * CFStringRef and CFDataRef. */ + CFStringRef alertTitle; /* title of secure passphrase alert panel */ + CFStringRef alertPrompt; /* prompt in secure passphrase alert panel */ + + /* for import only */ + SecAccessRef __nullable accessRef; /* specifies the initial ACL of imported + * key(s) */ + CSSM_KEYUSE keyUsage; /* CSSM_KEYUSE_DECRYPT, CSSM_KEYUSE_SIGN, + * etc. */ + CSSM_KEYATTR_FLAGS keyAttributes; /* CSSM_KEYATTR_PERMANENT, etc. */ } SecKeyImportExportParameters; typedef struct { - /* for import and export */ - uint32_t version; /* SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION */ - SecKeyImportExportFlags flags; /* SecKeyImportExportFlags bits */ - CFTypeRef passphrase; /* kSecFormatPKCS12, kSecFormatWrapped* - * formats only. Legal types are - * CFStringRef and CFDataRef. */ - CFStringRef alertTitle; /* title of secure passphrase alert panel */ - CFStringRef alertPrompt; /* prompt in secure passphrase alert panel */ - - /* for import only */ - SecAccessRef __nullable accessRef; /* specifies the initial ACL of imported - * key(s) */ - CFArrayRef __nullable keyUsage; /* An Array containing usage attributes from SecItem.h, e.g. - kSecAttrCanEncrypt;, kSecAttrCanDecrypt, kSecAttrCanDerive, etc. - */ - - CFArrayRef __nullable keyAttributes; /* An array containing zero or more key attributes - for an imported key. Possible values (from SecItem.h): - kSecAttrIsPermanent, kSecAttrIsSensitive, kSecAttrIsExtractable - Pass NULL in this field to use default attributes: - - kSecAttrIsPermanent if a keychain is specified - - kSecAttrIsSensitive for private keys - - kSecAttrIsExtractable by default - */ + /* for import and export */ + uint32_t version; /* SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION */ + SecKeyImportExportFlags flags; /* SecKeyImportExportFlags bits */ + CFTypeRef passphrase; /* kSecFormatPKCS12, kSecFormatWrapped* + * formats only. Legal types are + * CFStringRef and CFDataRef. */ + CFStringRef alertTitle; /* title of secure passphrase alert panel */ + CFStringRef alertPrompt; /* prompt in secure passphrase alert panel */ + + /* for import only */ + SecAccessRef __nullable accessRef; /* specifies the initial ACL of imported + * key(s) */ + CFArrayRef __nullable keyUsage; /* An Array containing usage attributes from SecItem.h, e.g. + * kSecAttrCanEncrypt;, kSecAttrCanDecrypt, kSecAttrCanDerive, etc. + */ + CFArrayRef __nullable keyAttributes; /* An array containing zero or more key attributes + * for an imported key. Possible values (from SecItem.h): + * kSecAttrIsPermanent, kSecAttrIsSensitive, kSecAttrIsExtractable + * Pass NULL in this field to use default attributes: + * - kSecAttrIsPermanent if a keychain is specified + * - kSecAttrIsSensitive for private keys + * - kSecAttrIsExtractable by default + */ } SecItemImportExportKeyParameters; /* @@ -243,12 +249,12 @@ typedef struct * @discussion This API has been deprecated. Please us the SecItemExport API instead. */ OSStatus SecKeychainItemExport( - CFTypeRef keychainItemOrArray, - SecExternalFormat outputFormat, - SecItemImportExportFlags flags, /* kSecItemPemArmor, etc. */ - const SecKeyImportExportParameters * __nullable keyParams, /* optional */ - CFDataRef * __nonnull CF_RETURNS_RETAINED exportedData) /* external representation returned here */ - DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; + CFTypeRef keychainItemOrArray, + SecExternalFormat outputFormat, + SecItemImportExportFlags flags, /* kSecItemPemArmor, etc. */ + const SecKeyImportExportParameters * __nullable keyParams, /* optional */ + CFDataRef * __nonnull CF_RETURNS_RETAINED exportedData) /* external representation returned here */ + DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; /* * SecItemExport() @@ -303,12 +309,12 @@ OSStatus SecKeychainItemExport( * */ OSStatus SecItemExport( - CFTypeRef secItemOrArray, - SecExternalFormat outputFormat, - SecItemImportExportFlags flags, /* kSecItemPemArmor, etc. */ - const SecItemImportExportKeyParameters * __nullable keyParams, /* optional */ - CFDataRef * __nonnull CF_RETURNS_RETAINED exportedData) /* external representation returned here */ - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); + CFTypeRef secItemOrArray, + SecExternalFormat outputFormat, + SecItemImportExportFlags flags, /* kSecItemPemArmor, etc. */ + const SecItemImportExportKeyParameters * __nullable keyParams, /* optional */ + CFDataRef * __nonnull CF_RETURNS_RETAINED exportedData) /* external representation returned here */ + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); /* * SecKeychainItemImport() * @@ -458,15 +464,15 @@ OSStatus SecItemExport( * @discussion This API has been deprecated. Please use the SecItemImport API instead. */ OSStatus SecKeychainItemImport( - CFDataRef importedData, - CFStringRef __nullable fileNameOrExtension, /* optional */ - SecExternalFormat * __nullable inputFormat, /* optional, IN/OUT */ - SecExternalItemType * __nullable itemType, /* optional, IN/OUT */ - SecItemImportExportFlags flags, - const SecKeyImportExportParameters * __nullable keyParams, /* optional */ - SecKeychainRef __nullable importKeychain, /* optional */ - CFArrayRef * __nullable CF_RETURNS_RETAINED outItems) /* optional */ - DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; + CFDataRef importedData, + CFStringRef __nullable fileNameOrExtension, /* optional */ + SecExternalFormat * __nullable inputFormat, /* optional, IN/OUT */ + SecExternalItemType * __nullable itemType, /* optional, IN/OUT */ + SecItemImportExportFlags flags, + const SecKeyImportExportParameters * __nullable keyParams, /* optional */ + SecKeychainRef __nullable importKeychain, /* optional */ + CFArrayRef * __nullable CF_RETURNS_RETAINED outItems) /* optional */ + DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; /* * SecItemImport() @@ -625,59 +631,81 @@ OSStatus SecKeychainItemImport( * The SecItemImportExportFlags argument is currently unused; caller should pass * in 0. */ - OSStatus SecItemImport( - CFDataRef importedData, - CFStringRef __nullable fileNameOrExtension, /* optional */ - SecExternalFormat * __nullable inputFormat, /* optional, IN/OUT */ - SecExternalItemType * __nullable itemType, /* optional, IN/OUT */ - SecItemImportExportFlags flags, - const SecItemImportExportKeyParameters * __nullable keyParams, /* optional */ - SecKeychainRef __nullable importKeychain, /* optional */ - CFArrayRef * __nullable CF_RETURNS_RETAINED outItems) /* optional */ - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); + CFDataRef importedData, + CFStringRef __nullable fileNameOrExtension, /* optional */ + SecExternalFormat * __nullable inputFormat, /* optional, IN/OUT */ + SecExternalItemType * __nullable itemType, /* optional, IN/OUT */ + SecItemImportExportFlags flags, + const SecItemImportExportKeyParameters * __nullable keyParams, /* optional */ + SecKeychainRef __nullable importKeychain, /* optional */ + CFArrayRef * __nullable CF_RETURNS_RETAINED outItems) /* optional */ + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +#endif /* SEC_OS_OSX */ + /*! @enum Import/Export options @discussion Predefined key constants used when passing dictionary-based arguments to import/export functions. @constant kSecImportExportPassphrase Specifies a passphrase represented by a CFStringRef to be used when exporting to (or importing from) PKCS#12 format. - @constant kSecImportExportKeychain Specifies a keychain represented by a SecKeychainRef to be used as the target when importing from PKCS#12 format. - @constant kSecImportExportAccess Specifies an access represented by a SecAccessRef for the initial access (ACL) of a key imported from PKCS#12 format. + @constant kSecImportExportKeychain On OSX, specifies a keychain represented by a SecKeychainRef to be used as the target when importing from PKCS#12 format. + @constant kSecImportExportAccess On OSX, specifies an access represented by a SecAccessRef for the initial access (ACL) of a key imported from PKCS#12 format. */ -extern const CFStringRef kSecImportExportPassphrase; -extern const CFStringRef kSecImportExportKeychain; -extern const CFStringRef kSecImportExportAccess; +extern const CFStringRef kSecImportExportPassphrase + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFStringRef kSecImportExportKeychain + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecImportExportAccess + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); /*! @enum Import/Export item description - @discussion Predefined key constants used by functions which return a CFArray with a CFDictionary per item. - @constant kSecImportItemLabel A CFStringRef representing the item label. This implementation specific identifier cannot be expected to have any format. - @constant kSecImportItemKeyID A CFDataRef representing the key id. Typically this is the SHA-1 digest of the public key. - @constant kSecImportItemIdentity A SecIdentityRef representing the identity. - @constant kSecImportItemTrust A SecTrustRef set up with all relevant certificates. Not guaranteed to succesfully evaluate. - @constant kSecImportItemCertChain A CFArrayRef holding all relevant certificates for this item's identity. + @discussion Predefined key constants used to pass back a CFArray with a + CFDictionary per item. + + @constant kSecImportItemLabel a CFStringRef representing the item label. + This implementation specific identifier cannot be expected to have + any format. + @constant kSecImportItemKeyID a CFDataRef representing the key id. Often + the SHA-1 digest of the public key. + @constant kSecImportItemIdentity a SecIdentityRef representing the identity. + @constant kSecImportItemTrust a SecTrustRef set up with all relevant + certificates. Not guaranteed to succesfully evaluate. + @constant kSecImportItemCertChain a CFArrayRef holding all relevant + certificates for this item's identity */ -extern const CFStringRef kSecImportItemLabel; -extern const CFStringRef kSecImportItemKeyID; -extern const CFStringRef kSecImportItemTrust; -extern const CFStringRef kSecImportItemCertChain; -extern const CFStringRef kSecImportItemIdentity; +extern const CFStringRef kSecImportItemLabel + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFStringRef kSecImportItemKeyID + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFStringRef kSecImportItemTrust + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFStringRef kSecImportItemCertChain + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFStringRef kSecImportItemIdentity + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); /*! - @function SecPKCS12Import - @abstract Imports the contents of a PKCS12 formatted blob. - @param pkcs12_data The PKCS12 data to be imported. - @param options A dictionary containing import options. A kSecImportExportPassphrase entry is required at minimum. Only password-based PKCS12 blobs are currently supported. - @param items On return, an array containing a dictionary for every item extracted. Use kSecImportItem constants to access specific elements of these dictionaries. Your code must CFRelease the array when it is no longer needed. - @result errSecSuccess in case of success. errSecDecode means either the blob can't be read or it is malformed. - errSecAuthFailed means an incorrect password was supplied, or data in the container is damaged. + @function SecPKCS12Import + @abstract Imports the contents of a PKCS12 formatted blob. + @param pkcs12_data The PKCS#12 formatted data to be imported. + @param options A dictionary containing import options. A + kSecImportExportPassphrase entry is required at minimum. Only password-based + PKCS12 blobs are currently supported. + @param items On return, an array containing a dictionary for every item + extracted. Use kSecImportItem constants to access specific elements of + these dictionaries. Your code must CFRelease the array when it is no longer + needed. + @result errSecSuccess in case of success. errSecDecode means either the + blob can't be read or it is malformed. errSecAuthFailed means an + incorrect password was supplied, or data in the container is damaged. */ -OSStatus SecPKCS12Import(CFDataRef pkcs12_data, CFDictionaryRef options, CFArrayRef * __nonnull CF_RETURNS_RETAINED items); +OSStatus SecPKCS12Import(CFDataRef pkcs12_data, CFDictionaryRef options, CFArrayRef * __nonnull CF_RETURNS_RETAINED items) + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); + CF_IMPLICIT_BRIDGING_DISABLED CF_ASSUME_NONNULL_END -#ifdef __cplusplus -} -#endif +__END_DECLS -#endif /* _SECURITY_SEC_IMPORT_EXPORT_H_ */ +#endif /* !_SECURITY_SECIMPORTEXPORT_H_ */ diff --git a/OSX/sec/Security/SecItem.h b/keychain/SecItem.h similarity index 82% rename from OSX/sec/Security/SecItem.h rename to keychain/SecItem.h index 2547dc49..680bf7ec 100644 --- a/OSX/sec/Security/SecItem.h +++ b/keychain/SecItem.h @@ -2,14 +2,14 @@ * Copyright (c) 2006-2014 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -17,7 +17,7 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_LICENSE_HEADER_END@ */ @@ -32,6 +32,7 @@ #define _SECURITY_SECITEM_H_ #include +#include #include #include @@ -56,17 +57,18 @@ extern const CFStringRef kSecClass @enum Class Value Constants @discussion Predefined item class constants used to get or set values in a dictionary. The kSecClass constant is the key and its value is one - of the constants defined here. - @constant kSecClassGenericPassword Specifies generic password items. + of the constants defined here. Note: on Mac OS X 10.6, only items + of class kSecClassInternetPassword are supported. @constant kSecClassInternetPassword Specifies Internet password items. + @constant kSecClassGenericPassword Specifies generic password items. @constant kSecClassCertificate Specifies certificate items. @constant kSecClassKey Specifies key items. @constant kSecClassIdentity Specifies identity items. */ -extern const CFStringRef kSecClassGenericPassword - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); extern const CFStringRef kSecClassInternetPassword __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFStringRef kSecClassGenericPassword + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); extern const CFStringRef kSecClassCertificate __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); extern const CFStringRef kSecClassKey @@ -74,7 +76,6 @@ extern const CFStringRef kSecClassKey extern const CFStringRef kSecClassIdentity __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); - /*! @enum Attribute Key Constants @discussion Predefined item attribute keys used to get or set values in a @@ -82,9 +83,10 @@ extern const CFStringRef kSecClassIdentity below lists the currently defined attributes for each item class: kSecClassGenericPassword item attributes: - kSecAttrAccessible + kSecAttrAccess (OS X only) kSecAttrAccessControl - kSecAttrAccessGroup + kSecAttrAccessGroup (iOS; also OS X if kSecAttrSynchronizable specified) + kSecAttrAccessible (iOS; also OS X if kSecAttrSynchronizable specified) kSecAttrCreationDate kSecAttrModificationDate kSecAttrDescription @@ -100,9 +102,10 @@ extern const CFStringRef kSecClassIdentity kSecAttrSynchronizable kSecClassInternetPassword item attributes: - kSecAttrAccessible + kSecAttrAccess (OS X only) kSecAttrAccessControl - kSecAttrAccessGroup + kSecAttrAccessGroup (iOS; also OS X if kSecAttrSynchronizable specified) + kSecAttrAccessible (iOS; also OS X if kSecAttrSynchronizable specified) kSecAttrCreationDate kSecAttrModificationDate kSecAttrDescription @@ -122,9 +125,9 @@ extern const CFStringRef kSecClassIdentity kSecAttrSynchronizable kSecClassCertificate item attributes: - kSecAttrAccessible - kSecAttrAccessControl - kSecAttrAccessGroup + kSecAttrAccessible (iOS only) + kSecAttrAccessControl (iOS only) + kSecAttrAccessGroup (iOS only) kSecAttrCertificateType kSecAttrCertificateEncoding kSecAttrLabel @@ -136,15 +139,19 @@ extern const CFStringRef kSecClassIdentity kSecAttrSynchronizable kSecClassKey item attributes: - kSecAttrAccessible + kSecAttrAccess (OS X only) kSecAttrAccessControl - kSecAttrAccessGroup + kSecAttrAccessGroup (iOS; also OS X if kSecAttrSynchronizable specified) + kSecAttrAccessible (iOS; also OS X if kSecAttrSynchronizable specified) kSecAttrKeyClass kSecAttrLabel kSecAttrApplicationLabel kSecAttrIsPermanent kSecAttrApplicationTag kSecAttrKeyType + kSecAttrPRF (iOS only) + kSecAttrSalt (iOS only) + kSecAttrRounds (iOS only) kSecAttrKeySizeInBits kSecAttrEffectiveKeySize kSecAttrCanEncrypt @@ -156,6 +163,14 @@ extern const CFStringRef kSecClassIdentity kSecAttrCanUnwrap kSecAttrSynchronizable + Note that the attributes kSecAttrCan* describe attributes of the + key itself at relatively high level. Some of these attributes are + mathematical -- for example, a DSA key cannot encrypt. Others are + key-level policy issues -- for example, it is good cryptographic + hygiene to use an RSA key either for encryption or signing but not + both. Compare these to the certificate-level policy values in + SecPolicy.h. + kSecClassIdentity item attributes: Since an identity is the combination of a private key and a certificate, this class shares attributes of both kSecClassKey and @@ -176,6 +191,12 @@ extern const CFStringRef kSecClassIdentity @constant kSecAttrAccessControl Specifies a dictionary key whose value is SecAccessControl instance which contains access control conditions for item. + IMPORTANT: This attribute is mutually exclusive with kSecAttrAccess + attribute. + + @constant kSecAttrAccess Specifies a dictionary key whose value + is a SecAccessRef describing the access control settings for this item. + This key is available on OS X only. @constant kSecAttrAccessGroup Specifies a dictionary key whose value is a CFStringRef indicating which access group a item is in. The access @@ -234,6 +255,11 @@ extern const CFStringRef kSecClassIdentity The only search constant which may be used is kSecMatchLimit; other constants using the kSecMatch prefix are not supported at this time. + @constant kSecAttrSynchronizableAny Specifies that both synchronizable and + non-synchronizable results should be returned from this query. This may be + used as a value for the kSecAttrSynchronizable dictionary key in a call to + SecItemCopyMatching, SecItemUpdate, or SecItemDelete. + @constant kSecAttrCreationDate (read-only) Specifies a dictionary key whose value is the item's creation date. You use this key to get a value of type CFDateRef that represents the date the item was created. @@ -334,15 +360,16 @@ extern const CFStringRef kSecClassIdentity @constant kSecAttrCertificateType (read-only) Specifies a dictionary key whose value is the item's certificate type. You use this key to get a value of type CFNumberRef that denotes the certificate type - (Currently only the value of this attribute must be equal to the - version of the X509 certificate. So 1 for v1 2 for v2 and 3 for v3 - certificates). Only items of class kSecClassCertificate have this - attribute. + (On iOS, currently the value of this attribute must be equal to the + version of the X509 certificate. So, 1 for v1, 2 for v2, and 3 for v3 + certificates). (On OSX, see the CSSM_CERT_TYPE enum in cssmtype.h). + Only items of class kSecClassCertificate have this attribute. @constant kSecAttrCertificateEncoding (read-only) Specifies a dictionary key whose value is the item's certificate encoding. You use this key to get a value of type CFNumberRef that denotes the certificate - encoding (Currently only the value 3 meaning - kSecAttrCertificateEncodingDER is supported). Only items of class + encoding (On iOS, currently only the value 3 meaning + kSecAttrCertificateEncodingDER is supported). On OSX, see the + CSSM_CERT_ENCODING enum in cssmtype.h. Only items of class kSecClassCertificate have this attribute. @constant kSecAttrKeyClass (read only) Specifies a dictionary key whose value is one of kSecAttrKeyClassPublic, kSecAttrKeyClassPrivate or @@ -357,12 +384,27 @@ extern const CFStringRef kSecClassIdentity @constant kSecAttrIsPermanent Specifies a dictionary key whose value is a CFBooleanRef indicating whether the key in question will be stored permanently. + @constant kSecAttrIsSensitive Specifies a dictionary key whose value is a + CFBooleanRef indicating that the key in question can only be exported + in a wrapped (encrypted) format. OS X only. + @constant kSecAttrIsExtractable Specifies a dictionary key whose value is a + CFBooleanRef indicating whether the key in question can be exported from + its keychain container. OS X only. @constant kSecAttrApplicationTag Specifies a dictionary key whose value is a CFDataRef containing private tag data. @constant kSecAttrKeyType Specifies a dictionary key whose value is a CFNumberRef indicating the algorithm associated with this key - (Currently only the value 42 is supported, alternatively you can use - kSecAttrKeyTypeRSA). + (On iOS, currently only the value 42 is supported, alternatively you can use + kSecAttrKeyTypeRSA). (On OSX, see the CSSM_ALGORITHMS enum in cssmtype.h). + + @constant kSecAttrPRF Specifies a dictionary key whose value is the PRF + (pseudo-random function) for this key (see "kSecAttrPRF Value Constants".) + iOS only. + @constant kSecAttrSalt Specifies a dictionary key whose value is a + CFData containing the salt to use for this key. iOS only. + @constant kSecAttrRounds Specifies a dictionary key whose value is the + number of rounds for the pseudo-random function specified by kSecAttrPRF. + iOS only. @constant kSecAttrKeySizeInBits Specifies a dictionary key whose value is a CFNumberRef indicating the number of bits in this key. @constant kSecAttrEffectiveKeySize Specifies a dictionary key whose value @@ -391,27 +433,31 @@ extern const CFStringRef kSecClassIdentity CFBooleanRef indicating whether the key in question can be used to unwrap another key. @constant kSecAttrSyncViewHint Specifies a dictionary key whose value is - a CFStringRef. This value is part of the primary key of each item, and - can be used to help distiguish Sync Views when defining their - queries. + a CFStringRef. This value is part of the primary key of each item, and + can be used to help distiguish Sync Views when defining their + queries. iOS and sychronizable items only. @constant kSecAttrTokenID Specifies a dictionary key whose presence - indicates that item is backed by external token. Value of this attribute - is CFStringRef uniquely identifying containing token. When this attribute - is not present, item is stored in internal keychain database. - Note that once item is created, this attribute cannot be changed - in other - words it is not possible to migrate existing items to, from or between tokens. - Currently the only available value for this attribute is - kSecAttrTokenIDSecureEnclave, which indicates that item (private key) is - backed by device's Secure Enclave. + indicates that item is backed by external token. Value of this attribute + is CFStringRef uniquely identifying containing token. When this attribute + is not present, item is stored in internal keychain database. + Note that once item is created, this attribute cannot be changed - in other + words it is not possible to migrate existing items to, from or between tokens. + Currently the only available value for this attribute is + kSecAttrTokenIDSecureEnclave, which indicates that item (private key) is + backed by device's Secure Enclave. iOS only. */ extern const CFStringRef kSecAttrAccessible __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); +extern const CFStringRef kSecAttrAccess + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); extern const CFStringRef kSecAttrAccessControl __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0); extern const CFStringRef kSecAttrAccessGroup __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_3_0); extern const CFStringRef kSecAttrSynchronizable __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); +extern const CFStringRef kSecAttrSynchronizableAny + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); extern const CFStringRef kSecAttrCreationDate __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); extern const CFStringRef kSecAttrModificationDate @@ -468,10 +514,20 @@ extern const CFStringRef kSecAttrApplicationLabel __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); extern const CFStringRef kSecAttrIsPermanent __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFStringRef kSecAttrIsSensitive + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFStringRef kSecAttrIsExtractable + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); extern const CFStringRef kSecAttrApplicationTag __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); extern const CFStringRef kSecAttrKeyType __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFStringRef kSecAttrPRF + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecAttrSalt + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecAttrRounds + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); extern const CFStringRef kSecAttrKeySizeInBits __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); extern const CFStringRef kSecAttrEffectiveKeySize @@ -518,14 +574,14 @@ extern const CFStringRef kSecAttrTokenID for anything except system use. Items with this attribute will migrate to a new device when using encrypted backups. @constant kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly Item data can - only be accessed while the device is unlocked. This class is only - available if a passcode is set on the device. This is recommended for - items that only need to be accessible while the application is in the - foreground. Items with this attribute will never migrate to a new - device, so after a backup is restored to a new device, these items - will be missing. No items can be stored in this class on devices - without a passcode. Disabling the device passcode will cause all - items in this class to be deleted. + only be accessed while the device is unlocked. This is recommended for + items that only need to be accessible while the application is in the + foreground and requires a passcode to be set on the device. Items with + this attribute will never migrate to a new device, so after a backup + is restored to a new device, these items will be missing. This + attribute will not be available on devices without a passcode. Disabling + the device passcode will cause all previously protected items to + be deleted. @constant kSecAttrAccessibleWhenUnlockedThisDeviceOnly Item data can only be accessed while the device is unlocked. This is recommended for items that only need be accesible while the application is in the foreground. @@ -561,8 +617,8 @@ extern const CFStringRef kSecAttrAccessibleAlwaysThisDeviceOnly /*! @enum kSecAttrProtocol Value Constants @discussion Predefined item attribute constants used to get or set values - in a dictionary. The kSecAttrProtocol constant is the key and its - value is one of the constants defined here. + in a dictionary. The kSecAttrProtocol constant is the key and its + value is one of the constants defined here. @constant kSecAttrProtocolFTP. @constant kSecAttrProtocolFTPAccount. @constant kSecAttrProtocolHTTP. @@ -661,8 +717,8 @@ extern const CFStringRef kSecAttrProtocolPOP3S /*! @enum kSecAttrAuthenticationType Value Constants @discussion Predefined item attribute constants used to get or set values - in a dictionary. The kSecAttrAuthenticationType constant is the key - and its value is one of the constants defined here. + in a dictionary. The kSecAttrAuthenticationType constant is the key + and its value is one of the constants defined here. @constant kSecAttrAuthenticationTypeNTLM. @constant kSecAttrAuthenticationTypeMSN. @constant kSecAttrAuthenticationTypeDPA. @@ -692,8 +748,8 @@ extern const CFStringRef kSecAttrAuthenticationTypeDefault /*! @enum kSecAttrKeyClass Value Constants @discussion Predefined item attribute constants used to get or set values - in a dictionary. The kSecAttrKeyClass constant is the key - and its value is one of the constants defined here. + in a dictionary. The kSecAttrKeyClass constant is the key + and its value is one of the constants defined here. @constant kSecAttrKeyClassPublic. @constant kSecAttrKeyClassPrivate. @constant kSecAttrKeyClassSymmetric. @@ -708,31 +764,62 @@ extern const CFStringRef kSecAttrKeyClassSymmetric /*! @enum kSecAttrKeyType Value Constants @discussion Predefined item attribute constants used to get or set values - in a dictionary. The kSecAttrKeyType constant is the key - and its value is one of the constants defined here. - @constant kSecAttrKeyTypeRSA. + in a dictionary. The kSecAttrKeyType constant is the key + and its value is one of the constants defined here. @constant kSecAttrKeyTypeECSECPrimeRandom. - @constant kSecAttrKeyTypeEC This is legacy name for kSecAttrKeyTypeECSECPrimeRandom, new applications should not use it. + @constant kSecAttrKeyTypeEC This is the legacy name for kSecAttrKeyTypeECSECPrimeRandom, new applications should not use it. + @constant kSecAttrKeyTypeDSA (OSX only) + @constant kSecAttrKeyTypeAES (OSX only) + @constant kSecAttrKeyType3DES (OSX only) + @constant kSecAttrKeyTypeRC4 (OSX only) + @constant kSecAttrKeyTypeRC2 (OSX only) + @constant kSecAttrKeyTypeCAST (OSX only) + @constant kSecAttrKeyTypeECDSA (deprecated; use kSecAttrKeyTypeEC instead.) (OSX only) */ extern const CFStringRef kSecAttrKeyTypeRSA __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); +extern const CFStringRef kSecAttrKeyTypeDSA + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecAttrKeyTypeAES + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecAttrKeyTypeDES + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecAttrKeyType3DES + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecAttrKeyTypeRC4 + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecAttrKeyTypeRC2 + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecAttrKeyTypeCAST + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecAttrKeyTypeECDSA + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); extern const CFStringRef kSecAttrKeyTypeEC __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_4_0); extern const CFStringRef kSecAttrKeyTypeECSECPrimeRandom __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -/*! - @enum kSecAttrSynchronizable Value Constants - @discussion Predefined item attribute constants used to get or set values - in a dictionary. The kSecAttrSynchronizable constant is the key - and its value is one of the constants defined here. - @constant kSecAttrSynchronizableAny Specifies that both synchronizable and - non-synchronizable results should be returned from this query. This may - be used as a value for the kSecAttrSynchronizable dictionary key in a - call to SecItemCopyMatching, SecItemUpdate, or SecItemDelete. +/* + @enum kSecAttrPRF Value Constants + @discussion Predefined item attribute constants used to specify the PRF + to use with SecKeyDeriveFromPassword. OS X only. + @constant kSecAttrPRFHmacAlgSHA1 + @constant kSecAttrPRFHmacAlgSHA224 + @constant kSecAttrPRFHmacAlgSHA256 + @constant kSecAttrPRFHmacAlgSHA384 + @constant kSecAttrPRFHmacAlgSHA512 */ -extern const CFStringRef kSecAttrSynchronizableAny - __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); +extern const CFStringRef kSecAttrPRFHmacAlgSHA1 + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecAttrPRFHmacAlgSHA224 + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecAttrPRFHmacAlgSHA256 + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecAttrPRFHmacAlgSHA384 + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecAttrPRFHmacAlgSHA512 + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); + /*! @enum Search Constants @@ -743,6 +830,12 @@ extern const CFStringRef kSecAttrSynchronizableAny @constant kSecMatchPolicy Specifies a dictionary key whose value is a SecPolicyRef. If provided, returned certificates or identities must verify with this policy. + @constant kSecMatchItemList OS X only. Specifies a dictionary key whose value is a + CFArray of SecKeychainItemRef items. If provided, returned items will be + limited to the subset which are contained in this list. + @constant kSecMatchSearchList Specifies a dictionary key whose value is a + CFArray of SecKeychainRef items. If provided, the search will be limited + to the keychains contained in this list. @constant kSecMatchIssuers Specifies a dictionary key whose value is a CFArray of X.500 names (of type CFDataRef). If provided, returned certificates or identities will be limited to those whose @@ -754,9 +847,24 @@ extern const CFStringRef kSecAttrSynchronizableAny @constant kSecMatchSubjectContains Specifies a dictionary key whose value is a CFStringRef. If provided, returned certificates or identities will be limited to those containing this string in the subject. + @constant kSecMatchSubjectStartsWith OS X only. Specifies a dictionary key whose value + is a CFStringRef. If provided, returned certificates or identities + will be limited to those with subject names that start with this string. + @constant kSecMatchSubjectEndsWith OS X only. Specifies a dictionary key whose value + is a CFStringRef. If provided, returned certificates or identities + will be limited to those with subject names that end with this string. + @constant kSecMatchSubjectWholeString OS X only. Specifies a dictionary key whose + value is a CFStringRef. If provided, returned certificates or identities + will be limited to those matching this string exactly in the subject. @constant kSecMatchCaseInsensitive Specifies a dictionary key whose value is a CFBooleanRef. If this value is kCFBooleanFalse, or is not provided, then case-sensitive string matching is performed. + @constant kSecMatchDiacriticInsensitive OS X only. Specifies a dictionary key whose + value is a CFBooleanRef. If this value is kCFBooleanFalse, or is not + provided, then diacritic-sensitive string matching is performed. + @constant kSecMatchWidthInsensitive OS X only. Specifies a dictionary key whose + value is a CFBooleanRef. If this value is kCFBooleanFalse, or is not + provided, then string matching is width-sensitive (e.g. 'a' != 0xFF41). @constant kSecMatchTrustedOnly Specifies a dictionary key whose value is a CFBooleanRef. If provided with a value of kCFBooleanTrue, only certificates which can be verified back to a trusted anchor will be @@ -789,8 +897,18 @@ extern const CFStringRef kSecMatchEmailAddressIfPresent __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); extern const CFStringRef kSecMatchSubjectContains __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFStringRef kSecMatchSubjectStartsWith + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecMatchSubjectEndsWith + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecMatchSubjectWholeString + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); extern const CFStringRef kSecMatchCaseInsensitive __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFStringRef kSecMatchDiacriticInsensitive + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecMatchWidthInsensitive + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); extern const CFStringRef kSecMatchTrustedOnly __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); extern const CFStringRef kSecMatchValidOnDate @@ -874,11 +992,14 @@ extern const CFStringRef kSecValuePersistentRef SecCertificateRef, SecIdentityRef, or CFDataRef (for a persistent item reference.) The items in the array must all be of the same type. When this attribute is provided, no keychains are searched. + @constant kSecUseKeychain OS X only. Specifies a dictionary key whose value is a + keychain reference. You use this key to specify a value of type + SecKeychainRef to which SecItemAdd will add the provided item(s). @constant kSecUseOperationPrompt Specifies a dictionary key whose value is a CFStringRef that represents a user-visible string describing the operation for which the application is attempting to authenticate. The application is responsible for the text localization. - @constant kSecUseNoAuthenticationUI Specifies a dictionary key whose value + @constant kSecUseNoAuthenticationUI OS X only. Specifies a dictionary key whose value is a CFBooleanRef. If provided with a value of kCFBooleanTrue, the error errSecInteractionNotAllowed will be returned if the item is attempting to authenticate with UI. @@ -897,6 +1018,8 @@ extern const CFStringRef kSecValuePersistentRef */ extern const CFStringRef kSecUseItemList __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); +extern const CFStringRef kSecUseKeychain + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); extern const CFStringRef kSecUseOperationPrompt __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0); extern const CFStringRef kSecUseNoAuthenticationUI @@ -920,7 +1043,7 @@ extern const CFStringRef kSecUseAuthenticationContext @constant kSecUseAuthenticationUIAllowSkip Specifies that all items which need to authenticate with UI will be silently skipped. This value can be used only with SecItemCopyMatching. - */ +*/ extern const CFStringRef kSecUseAuthenticationUIAllow __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); extern const CFStringRef kSecUseAuthenticationUIFail @@ -941,13 +1064,8 @@ extern const CFStringRef kSecUseAuthenticationUISkip kSecAttrTokenIDSecureEnclave in the parameters dictionary, it is not possible to import pregenerated keys to kSecAttrTokenIDSecureEnclave token. */ -#if !RC_HIDE_J79 && !RC_HIDE_J80 -extern const CFStringRef kSecAttrTokenIDSecureEnclave -__OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0); -#else extern const CFStringRef kSecAttrTokenIDSecureEnclave -__OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_9_0); -#endif + __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0); /*! @enum kSecAttrAccessGroup Value Constants @@ -1014,9 +1132,15 @@ extern const CFStringRef kSecAttrAccessGroupToken SecKeyRef, SecCertificateRef, or SecIdentityRef items. The objects in the provided array must be of the same type. - To convert from a persistent item reference to a normal item reference, + On iOS, to convert from a persistent item reference to a normal item reference, specify a kSecValuePersistentRef whose value a CFDataRef (the persistent reference), and a kSecReturnRef whose value is kCFBooleanTrue. + + On OSX, to convert from persistent item references to normal item references, + specify a kSecMatchItemList whose value is a CFArray containing one or + more CFDataRef elements (the persistent reference), and a kSecReturnRef + whose value is kCFBooleanTrue. The objects in the provided array must be + of the same type. */ OSStatus SecItemCopyMatching(CFDictionaryRef query, CFTypeRef * __nullable CF_RETURNS_RETAINED result) __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); @@ -1038,6 +1162,9 @@ OSStatus SecItemCopyMatching(CFDictionaryRef query, CFTypeRef * __nullable CF_RE at once use the kSecUseItemList key with an array of items as its value. This is currently only supported for non password items. + On OSX, To add an item to a particular keychain, supply kSecUseKeychain + with a SecKeychainRef as its value. + Result types are specified as follows: * To obtain the data of the added item (CFDataRef), specify @@ -1045,7 +1172,7 @@ OSStatus SecItemCopyMatching(CFDictionaryRef query, CFTypeRef * __nullable CF_RE * To obtain all the attributes of the added item (CFDictionaryRef), specify kSecReturnAttributes with a value of kCFBooleanTrue. * To obtain a reference to the added item (SecKeychainItemRef, SecKeyRef, - SecCertificateRef, or SecIdentityRef), specify kSecReturnRef with a + SecCertiicateRef, or SecIdentityRef), specify kSecReturnRef with a value of kCFBooleanTrue. * To obtain a persistent reference to the added item (CFDataRef), specify kSecReturnPersistentRef with a value of kCFBooleanTrue. Note that @@ -1053,7 +1180,8 @@ OSStatus SecItemCopyMatching(CFDictionaryRef query, CFTypeRef * __nullable CF_RE or passed between processes. * If more than one of these result types is specified, the result is returned as a CFDictionaryRef containing all the requested data. - * If a result type is not specified, no results are returned. + * On iOS, if a result type is not specified, no results are returned. + On OSX, the added item is returned. */ OSStatus SecItemAdd(CFDictionaryRef attributes, CFTypeRef * __nullable CF_RETURNS_RETAINED result) __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); @@ -1074,8 +1202,7 @@ OSStatus SecItemAdd(CFDictionaryRef attributes, CFTypeRef * __nullable CF_RETURN @discussion Attributes defining a search are specified by adding key/value pairs to the query dictionary. */ -OSStatus SecItemUpdate(CFDictionaryRef query, - CFDictionaryRef attributesToUpdate) +OSStatus SecItemUpdate(CFDictionaryRef query, CFDictionaryRef attributesToUpdate) __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); /*! @@ -1092,13 +1219,15 @@ OSStatus SecItemUpdate(CFDictionaryRef query, By default, this function deletes all items matching the specified query. You can change this behavior by specifying one of the follow keys: - * To delete an item identified by a transient reference, specify - kSecValueRef with a reference returned by using the kSecReturnRef - key in a previous call to SecItemCopyMatching or SecItemAdd. - * To delete an item identified by a persistent reference, specify + * To delete an item identified by a transient reference, on iOS, specify + kSecValueRef with a item reference. On OS X, give a kSecMatchItemList + containing an item reference. + * To delete an item identified by a persistent reference, on iOS, specify kSecValuePersistentRef with a persistent reference returned by using the kSecReturnPersistentRef key to SecItemCopyMatching or - SecItemAdd. + SecItemAdd. on OSX, use kSecMatchItemList with a persistent reference + returned by using the kSecReturnPersistentRef key with + SecItemCopyMatching or SecItemAdd. * To delete multiple items specify kSecMatchItemList with an array of references. * If more than one of these result keys is specified, the behavior is diff --git a/OSX/sec/Security/SecItemPriv.h b/keychain/SecItemPriv.h similarity index 95% rename from OSX/sec/Security/SecItemPriv.h rename to keychain/SecItemPriv.h index ee9536d5..5ed03647 100644 --- a/OSX/sec/Security/SecItemPriv.h +++ b/keychain/SecItemPriv.h @@ -2,14 +2,14 @@ * Copyright (c) 2006-2014 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ - * + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. - * + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -17,7 +17,7 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * + * * @APPLE_LICENSE_HEADER_END@ */ @@ -34,6 +34,7 @@ #include #include #include +#include #if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) #include @@ -280,8 +281,11 @@ extern const CFStringRef kSecAttrNoLegacy __OSX_AVAILABLE(10.11) __IOS_AVAILABLE(9.3) __TVOS_AVAILABLE(9.3) __WATCHOS_AVAILABLE(2.3); extern const CFStringRef kSecAttrSyncViewHint __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); +extern const CFStringRef kSecAttrMultiUser + __OSX_AVAILABLE(10.11.5) __IOS_AVAILABLE(9.3) __TVOS_AVAILABLE(9.3) __WATCHOS_AVAILABLE(2.3); extern const CFStringRef kSecAttrTokenOID - __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); + __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); + /*! @enum kSecAttrAccessible Value Constants (Private) @@ -295,9 +299,6 @@ extern const CFStringRef kSecAttrAccessibleAlwaysPrivate extern const CFStringRef kSecAttrAccessibleAlwaysThisDeviceOnlyPrivate ;//%%% __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); -extern const CFStringRef kSecAttrMultiUser - __OSX_AVAILABLE(10.11.5) __IOS_AVAILABLE(9.3) __TVOS_AVAILABLE(9.3) __WATCHOS_AVAILABLE(2.3); - /* View Hint Constants */ extern const CFStringRef kSecAttrViewHintPCSMasterKey; @@ -310,7 +311,9 @@ extern const CFStringRef kSecAttrViewHintPCSMailDrop; extern const CFStringRef kSecAttrViewHintPCSiCloudBackup; extern const CFStringRef kSecAttrViewHintPCSNotes; extern const CFStringRef kSecAttrViewHintPCSiMessage; +#if SEC_OS_IPHONE extern const CFStringRef kSecAttrViewHintFeldspar; +#endif /* SEC_OS_IPHONE */ extern const CFStringRef kSecAttrViewHintPCSSharing; extern const CFStringRef kSecAttrViewHintAppleTV; @@ -319,10 +322,7 @@ extern const CFStringRef kSecAttrViewHintThumper; extern const CFStringRef kSecAttrViewHintContinuityUnlock; extern const CFStringRef kSecAttrViewHintAccessoryPairing; -/* - * - */ - +#if SEC_OS_IPHONE extern const CFStringRef kSecUseSystemKeychain __TVOS_AVAILABLE(9.2) __WATCHOS_AVAILABLE(3.0) @@ -334,7 +334,7 @@ extern const CFStringRef kSecUseSyncBubbleKeychain __WATCHOS_AVAILABLE(3.0) __OSX_AVAILABLE(10.11.4) __IOS_AVAILABLE(9.3); - +#endif /* SEC_OS_IPHONE */ /*! @enum Other Constants (Private) @@ -399,6 +399,7 @@ OSStatus SecItemCopyDisplayNames(CFArrayRef items, CFArrayRef *displayNames); */ OSStatus SecItemDeleteAll(void); +#if SEC_OS_IPHONE /*! @function SecItemDeleteAllWithAccessGroups @abstract Deletes all items for each class for the given access groups @@ -408,6 +409,7 @@ OSStatus SecItemDeleteAll(void); Requires entitlement "com.apple.private.uninstall.deletion" */ bool SecItemDeleteAllWithAccessGroups(CFArrayRef accessGroups, CFErrorRef *error); +#endif /* SEC_OS_IPHONE */ /* Ensure the escrow keybag has been used to unlock the system keybag before @@ -421,7 +423,7 @@ CFDataRef _SecKeychainCopyOTABackup(void); OSStatus _SecKeychainRestoreBackup(CFDataRef backup, CFDataRef backupKeybag, CFDataRef password); - +#if SEC_OS_IPHONE bool _SecKeychainWriteBackupToFileDescriptor(CFDataRef backupKeybag, CFDataRef password, int fd, CFErrorRef *error); @@ -430,6 +432,7 @@ _SecKeychainRestoreBackupFromFileDescriptor(int fd, CFDataRef backupKeybag, CFDa CFStringRef _SecKeychainCopyKeybagUUIDFromFileDescriptor(int fd, CFErrorRef *error); +#endif /* SEC_OS_IPHONE */ OSStatus _SecKeychainBackupSyncable(CFDataRef keybag, CFDataRef password, CFDictionaryRef backup_in, CFDictionaryRef *backup_out); OSStatus _SecKeychainRestoreSyncable(CFDataRef keybag, CFDataRef password, CFDictionaryRef backup_in); @@ -443,18 +446,31 @@ CFDataRef _SecItemGetPersistentReference(CFTypeRef raw_item); #endif /* Returns an OSStatus value for the given CFErrorRef, returns errSecInternal if the - domain of the provided error is not recognized. Passing NULL returns errSecSuccess (0). */ + domain of the provided error is not recognized. Passing NULL returns errSecSuccess (0). */ OSStatus SecErrorGetOSStatus(CFErrorRef error); bool _SecKeychainRollKeys(bool force, CFErrorRef *error); CFDictionaryRef _SecSecuritydCopyWhoAmI(CFErrorRef *error); + +#if SEC_OS_IPHONE bool _SecSyncBubbleTransfer(CFArrayRef services, uid_t uid, CFErrorRef *error); +#else /* SEC_OS_IPHONE */ +bool _SecSyncBubbleTransfer(CFArrayRef services, CFErrorRef *error); +#endif /* SEC_OS_IPHONE */ + bool _SecSystemKeychainTransfer(CFErrorRef *error); +#if SEC_OS_IPHONE bool _SecSyncDeleteUserViews(uid_t uid, CFErrorRef *error); +#endif /* SEC_OS_IPHONE */ OSStatus SecItemUpdateTokenItems(CFTypeRef tokenID, CFArrayRef tokenItemsAttributes); +#if SEC_OS_OSX +CFTypeRef SecItemCreateFromAttributeDictionary_osx(CFDictionaryRef refAttributes); +#endif + +#if SEC_OS_IPHONE /*! * @function SecCopyLastError * @abstract return the last CFErrorRef for this thread @@ -466,7 +482,7 @@ OSStatus SecItemUpdateTokenItems(CFTypeRef tokenID, CFArrayRef tokenItemsAttribu * a CFErrorRef internally, but throw it away at the last moment. * This might be your chance to get hold of it. The status code pass in is there * to avoid stale copies of CFErrorRef. - + * Note, not all interfaces support returning a CFErrorRef on the thread local * storage. This is especially true when going though old CDSA style API. */ @@ -485,9 +501,18 @@ SecItemUpdateWithError(CFDictionaryRef inQuery, __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0) __IOS_AVAILABLE(10.0); +#endif // SEC_OS_IPHONE + +#if SEC_OS_OSX +/*! + @function SecItemParentCachePurge + @abstract Clear the cache of parent certificates used in SecItemCopyParentCertificates. + */ +void SecItemParentCachePurge(); +#endif -#if SECTRUST_OSX && !TARGET_OS_IPHONE +#if SEC_OS_OSX_INCLUDES /*! @function SecItemCopyParentCertificates @abstract Retrieve an array of possible issuing certificates for a given certificate. @@ -516,7 +541,7 @@ __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_NA); */ SecCertificateRef SecItemCopyStoredCertificate(SecCertificateRef certificate, void *context) __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_NA); -#endif +#endif /* SEC_OS_OSX */ __END_DECLS diff --git a/OSX/libsecurity_keychain/lib/SecKey.h b/keychain/SecKey.h similarity index 50% rename from OSX/libsecurity_keychain/lib/SecKey.h rename to keychain/SecKey.h index 28b30bec..3abf8086 100644 --- a/OSX/libsecurity_keychain/lib/SecKey.h +++ b/keychain/SecKey.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002-2014 Apple Inc. All Rights Reserved. + * Copyright (c) 2006-2014,2016 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * @@ -27,28 +27,29 @@ type of keychain item that represents a key. A key can be stored in a keychain, but a key can also be a transient object. - You can use a key as a keychain item in most functions. + On OSX, you can use a SecKey as a SecKeychainItem in most functions. */ #ifndef _SECURITY_SECKEY_H_ #define _SECURITY_SECKEY_H_ -#include +#include #include +#include +#include +#include + +#if SEC_OS_OSX #include #include -#include -#include -#include -#include +#endif /* SEC_OS_OSX */ -#if defined(__cplusplus) -extern "C" { -#endif +__BEGIN_DECLS CF_ASSUME_NONNULL_BEGIN CF_IMPLICIT_BRIDGING_ENABLED +#if SEC_OS_OSX /*! @enum KeyItemAttributeConstants @abstract Specifies keychain item attributes for keys. @@ -164,15 +165,17 @@ typedef CF_ENUM(uint32, SecCredentialType) kSecCredentialTypeWithUI, kSecCredentialTypeNoUI }; +#endif /* SEC_OS_OSX */ /*! @typedef SecPadding @abstract Supported padding types. */ -typedef CF_ENUM(uint32_t, SecPadding) +typedef CF_OPTIONS(uint32_t, SecPadding) { kSecPaddingNone = 0, kSecPaddingPKCS1 = 1, + kSecPaddingOAEP = 2, // __OSX_UNAVAILABLE __IOS_AVAILABLE(2.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0), /* For SecKeyRawSign/SecKeyRawVerify only, ECDSA signature is raw byte format {r,s}, big endian. @@ -182,19 +185,40 @@ typedef CF_ENUM(uint32_t, SecPadding) /* For SecKeyRawSign/SecKeyRawVerify only, data to be signed is an MD2 hash; standard ASN.1 padding will be done, as well as PKCS1 padding of the underlying RSA operation. */ - kSecPaddingPKCS1MD2 = 0x8000, + kSecPaddingPKCS1MD2 = 0x8000, // __OSX_DEPRECATED(10.0, 10.12, "MD2 is deprecated") __IOS_DEPRECATED(2.0, 5.0, "MD2 is deprecated") __TVOS_UNAVAILABLE __WATCHOS_UNAVAILABLE, /* For SecKeyRawSign/SecKeyRawVerify only, data to be signed is an MD5 hash; standard ASN.1 padding will be done, as well as PKCS1 padding of the underlying RSA operation. */ - kSecPaddingPKCS1MD5 = 0x8001, + kSecPaddingPKCS1MD5 = 0x8001, // __OSX_DEPRECATED(10.0, 10.12, "MD5 is deprecated") __IOS_DEPRECATED(2.0, 5.0, "MD5 is deprecated") __TVOS_UNAVAILABLE __WATCHOS_UNAVAILABLE, /* For SecKeyRawSign/SecKeyRawVerify only, data to be signed is a SHA1 hash; standard ASN.1 padding will be done, as well as PKCS1 padding of the underlying RSA operation. */ kSecPaddingPKCS1SHA1 = 0x8002, + + /* For SecKeyRawSign/SecKeyRawVerify only, data to be signed is a SHA224 + hash; standard ASN.1 padding will be done, as well as PKCS1 padding + of the underlying RSA operation. */ + kSecPaddingPKCS1SHA224 = 0x8003, // __OSX_UNAVAILABLE __IOS_AVAILABLE(2.0), + + /* For SecKeyRawSign/SecKeyRawVerify only, data to be signed is a SHA256 + hash; standard ASN.1 padding will be done, as well as PKCS1 padding + of the underlying RSA operation. */ + kSecPaddingPKCS1SHA256 = 0x8004, // __OSX_UNAVAILABLE __IOS_AVAILABLE(2.0), + + /* For SecKeyRawSign/SecKeyRawVerify only, data to be signed is a SHA384 + hash; standard ASN.1 padding will be done, as well as PKCS1 padding + of the underlying RSA operation. */ + kSecPaddingPKCS1SHA384 = 0x8005, // __OSX_UNAVAILABLE __IOS_AVAILABLE(2.0), + + /* For SecKeyRawSign/SecKeyRawVerify only, data to be signed is a SHA512 + hash; standard ASN.1 padding will be done, as well as PKCS1 padding + of the underlying RSA operation. */ + kSecPaddingPKCS1SHA512 = 0x8006, // __OSX_UNAVAILABLE __IOS_AVAILABLE(2.0), }; +#if SEC_OS_OSX /*! @typedef SecKeySizes @abstract Supported key lengths. @@ -221,6 +245,7 @@ typedef CF_ENUM(uint32_t, SecKeySizes) kSecRSAMin = 1024, kSecRSAMax = 4096 }; +#endif /* SEC_OS_OSX */ /*! @enum Key Parameter Constants @@ -238,7 +263,6 @@ extern const CFStringRef kSecPrivateKeyAttrs extern const CFStringRef kSecPublicKeyAttrs __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_2_0); - /*! @function SecKeyGetTypeID @abstract Returns the type identifier of SecKey instances. @@ -247,6 +271,8 @@ extern const CFStringRef kSecPublicKeyAttrs CFTypeID SecKeyGetTypeID(void) __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); + +#if SEC_OS_OSX /*! @function SecKeyCreatePair @abstract Creates an asymmetric key pair and stores it in a specified keychain. @@ -341,17 +367,6 @@ OSStatus SecKeyGetCredentials( const CSSM_ACCESS_CREDENTIALS * _Nullable * __nonnull outCredentials) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; -/*! - @function SecKeyGetBlockSize - @abstract Decrypt a block of ciphertext. - @param key The key for which the block length is requested. - @result The block length of the key in bytes. - @discussion If for example key is an RSA key the value returned by - this function is the size of the modulus. - */ -size_t SecKeyGetBlockSize(SecKeyRef key) - __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); - /*! @function SecKeyGenerateSymmetric @abstract Generates a random symmetric key with the specified length @@ -394,11 +409,10 @@ size_t SecKeyGetBlockSize(SecKeyRef key) * kSecAttrCanUnwrap (defaults to true if not explicitly specified) */ -_Nullable +_Nullable CF_RETURNS_RETAINED SecKeyRef SecKeyGenerateSymmetric(CFDictionaryRef parameters, CFErrorRef *error) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); - /*! @function SecKeyCreateFromData @abstract Creates a symmetric key with the given data and sets the @@ -429,48 +443,7 @@ SecKeyRef SecKeyCreateFromData(CFDictionaryRef parameters, __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); -/*! - @function SecKeyGeneratePair - @abstract Generate a private/public keypair. - @param parameters A dictionary containing one or more key-value pairs. - @result A result code. See "Security Error Codes" (SecBase.h). On success, - the result code will be errSecSuccess, and the output parameters will - contain the public SecKeyRef and private SecKeyRef. It is the caller's - responsibility to CFRelease these key references when finished with them. - - @discussion In order to generate a keypair the parameters dictionary must - at least contain the following keys: - - * kSecAttrKeyType with a value of kSecAttrKeyTypeRSA or any other - kSecAttrKeyType defined in SecItem.h - * kSecAttrKeySizeInBits with a value being a CFNumberRef containing - the requested key size in bits. Example sizes for RSA keys are: - 512, 768, 1024, 2048. - - The values below may be set either in the top-level dictionary or in a - dictionary that is the value of the kSecPrivateKeyAttrs or - kSecPublicKeyAttrs key in the top-level dictionary. Setting these - attributes explicitly will override the defaults below. See SecItem.h - for detailed information on these attributes including the types of - the values. - - * kSecAttrLabel default NULL - * kSecUseKeychain default NULL, which specifies the default keychain - * kSecAttrApplicationTag default NULL - * kSecAttrEffectiveKeySize default NULL same as kSecAttrKeySizeInBits - * kSecAttrCanEncrypt default false for private keys, true for public keys - * kSecAttrCanDecrypt default true for private keys, false for public keys - * kSecAttrCanDerive default true - * kSecAttrCanSign default true for private keys, false for public keys - * kSecAttrCanVerify default false for private keys, true for public keys - * kSecAttrCanWrap default false for private keys, true for public keys - * kSecAttrCanUnwrap default true for private keys, false for public keys - -*/ -OSStatus SecKeyGeneratePair(CFDictionaryRef parameters, - SecKeyRef * _Nullable CF_RETURNS_RETAINED publicKey, SecKeyRef * _Nullable CF_RETURNS_RETAINED privateKey) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); - +#ifdef __BLOCKS__ /*! @typedef SecKeyGeneratePairBlock @abstract Delivers the result from an asynchronous key pair generation. @@ -479,10 +452,8 @@ OSStatus SecKeyGeneratePair(CFDictionaryRef parameters, @param error - Any errors returned. You must retain error if you wish to use it after your block returns. */ -#ifdef __BLOCKS__ typedef void (^SecKeyGeneratePairBlock)(SecKeyRef publicKey, SecKeyRef privateKey, CFErrorRef error); - /*! @function SecKeyGeneratePairAsync @abstract Generate a private/public keypair returning the values in a callback. @@ -519,8 +490,8 @@ typedef void (^SecKeyGeneratePairBlock)(SecKeyRef publicKey, SecKeyRef privateKe */ void SecKeyGeneratePairAsync(CFDictionaryRef parameters, - dispatch_queue_t deliveryQueue, SecKeyGeneratePairBlock result) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); + dispatch_queue_t deliveryQueue, SecKeyGeneratePairBlock result) + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); #endif /* __BLOCKS__ */ @@ -535,7 +506,7 @@ void SecKeyGeneratePairAsync(CFDictionaryRef parameters, @param error If the call fails this will contain the error code. @discussion In order to derive a key the parameters dictionary must contain at least contain the following keys: - * kSecAttrSalt - a CFData for the salt value for mixing in the pseudo-random rounds. + * kSecAttrSalt - a CFData for the salt value for mixing in the pseudo-random rounds. * kSecAttrPRF - the algorithm to use for the pseudo-random-function. If 0, this defaults to kSecAttrPRFHmacAlgSHA1. Possible values are: @@ -557,8 +528,8 @@ void SecKeyGeneratePairAsync(CFDictionaryRef parameters, */ _Nullable CF_RETURNS_RETAINED SecKeyRef SecKeyDeriveFromPassword(CFStringRef password, - CFDictionaryRef parameters, CFErrorRef *error) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); + CFDictionaryRef parameters, CFErrorRef *error) + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); /*! @function SecKeyWrapSymmetric @@ -573,13 +544,13 @@ SecKeyRef SecKeyDeriveFromPassword(CFStringRef password, error parameter contains the reason. @discussion In order to wrap a key the parameters dictionary may contain the following key: - * kSecSalt - a CFData for the salt value for the encrypt. + * kSecSalt - a CFData for the salt value for the encrypt. */ _Nullable CFDataRef SecKeyWrapSymmetric(SecKeyRef keyToWrap, - SecKeyRef wrappingKey, CFDictionaryRef parameters, CFErrorRef *error) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); + SecKeyRef wrappingKey, CFDictionaryRef parameters, CFErrorRef *error) + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); /*! @function SecKeyUnwrapSymmetric @@ -594,24 +565,211 @@ CFDataRef SecKeyWrapSymmetric(SecKeyRef keyToWrap, error parameter contains the reason. @discussion In order to unwrap a key the parameters dictionary may contain the following key: - * kSecSalt - a CFData for the salt value for the decrypt. + * kSecSalt - a CFData for the salt value for the decrypt. */ _Nullable SecKeyRef SecKeyUnwrapSymmetric(CFDataRef _Nullable * __nonnull keyToUnwrap, - SecKeyRef unwrappingKey, CFDictionaryRef parameters, CFErrorRef *error) - __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); + SecKeyRef unwrappingKey, CFDictionaryRef parameters, CFErrorRef *error) + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); + +#endif /* SEC_OS_OSX */ + +/*! + @function SecKeyGeneratePair + @abstract Generate a private/public keypair. + @param parameters A dictionary containing one or more key-value pairs. + See the discussion sections below for a complete overview of options. + @param publicKey On return, a SecKeyRef reference to the public key. + @param privateKey On return, a SecKeyRef reference to the private key. + @result A result code. See "Security Error Codes" (SecBase.h). + + @discussion In order to generate a keypair the parameters dictionary must + at least contain the following keys: + + * kSecAttrKeyType with a value of kSecAttrKeyTypeRSA or any other + kSecAttrKeyType defined in SecItem.h + * kSecAttrKeySizeInBits with a value being a CFNumberRef containing + the requested key size in bits. Example sizes for RSA keys are: + 512, 768, 1024, 2048. + + The values below may be set either in the top-level dictionary or in a + dictionary that is the value of the kSecPrivateKeyAttrs or + kSecPublicKeyAttrs key in the top-level dictionary. Setting these + attributes explicitly will override the defaults below. See SecItem.h + for detailed information on these attributes including the types of + the values. + + * kSecAttrLabel default NULL + * kSecUseKeychain default NULL, which specifies the default keychain + * kSecAttrIsPermanent default false + if this key is present and has a Boolean value of true, the key or + key pair will be added to the keychain. + * kSecAttrTokenID default NULL + The CFStringRef ID of the token to generate the key or keypair on. This + attribute can contain CFStringRef and can be present only in the top-level + parameters dictionary. + * kSecAttrApplicationTag default NULL + * kSecAttrEffectiveKeySize default NULL same as kSecAttrKeySizeInBits + * kSecAttrCanEncrypt default false for private keys, true for public keys + * kSecAttrCanDecrypt default true for private keys, false for public keys + * kSecAttrCanDerive default true + * kSecAttrCanSign default true for private keys, false for public keys + * kSecAttrCanVerify default false for private keys, true for public keys + * kSecAttrCanWrap default false for private keys, true for public keys + * kSecAttrCanUnwrap default true for private keys, false for public keys + +*/ +OSStatus SecKeyGeneratePair(CFDictionaryRef parameters, + SecKeyRef * _Nullable CF_RETURNS_RETAINED publicKey, SecKeyRef * _Nullable CF_RETURNS_RETAINED privateKey) + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); + + +#if SEC_OS_IPHONE +/*! + @function SecKeyRawSign + @abstract Given a private key and data to sign, generate a digital + signature. + @param key Private key with which to sign. + @param padding See Padding Types above, typically kSecPaddingPKCS1SHA1. + @param dataToSign The data to be signed, typically the digest of the + actual data. + @param dataToSignLen Length of dataToSign in bytes. + @param sig Pointer to buffer in which the signature will be returned. + @param sigLen IN/OUT maximum length of sig buffer on input, actualy + length of sig on output. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion If the padding argument is kSecPaddingPKCS1, PKCS1 padding + will be performed prior to signing. If this argument is kSecPaddingNone, + the incoming data will be signed "as is". + + When PKCS1 padding is performed, the maximum length of data that can + be signed is the value returned by SecKeyGetBlockSize() - 11. + + NOTE: The behavior this function with kSecPaddingNone is undefined if the + first byte of dataToSign is zero; there is no way to verify leading zeroes + as they are discarded during the calculation. + + If you want to generate a proper PKCS1 style signature with DER encoding + of the digest type - and the dataToSign is a SHA1 digest - use + kSecPaddingPKCS1SHA1. + */ +OSStatus SecKeyRawSign( + SecKeyRef key, + SecPadding padding, + const uint8_t *dataToSign, + size_t dataToSignLen, + uint8_t *sig, + size_t *sigLen) +__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); + + +/*! + @function SecKeyRawVerify + @abstract Given a public key, data which has been signed, and a signature, + verify the signature. + @param key Public key with which to verify the signature. + @param padding See Padding Types above, typically kSecPaddingPKCS1SHA1. + @param signedData The data over which sig is being verified, typically + the digest of the actual data. + @param signedDataLen Length of signedData in bytes. + @param sig Pointer to the signature to verify. + @param sigLen Length of sig in bytes. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion If the padding argument is kSecPaddingPKCS1, PKCS1 padding + will be checked during verification. If this argument is kSecPaddingNone, + the incoming data will be compared directly to sig. + + If you are verifying a proper PKCS1-style signature, with DER encoding + of the digest type - and the signedData is a SHA1 digest - use + kSecPaddingPKCS1SHA1. + */ +OSStatus SecKeyRawVerify( + SecKeyRef key, + SecPadding padding, + const uint8_t *signedData, + size_t signedDataLen, + const uint8_t *sig, + size_t sigLen) +__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); + + +/*! + @function SecKeyEncrypt + @abstract Encrypt a block of plaintext. + @param key Public key with which to encrypt the data. + @param padding See Padding Types above, typically kSecPaddingPKCS1. + @param plainText The data to encrypt. + @param plainTextLen Length of plainText in bytes, this must be less + or equal to the value returned by SecKeyGetBlockSize(). + @param cipherText Pointer to the output buffer. + @param cipherTextLen On input, specifies how much space is available at + cipherText; on return, it is the actual number of cipherText bytes written. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion If the padding argument is kSecPaddingPKCS1 or kSecPaddingOAEP, + PKCS1 (respectively kSecPaddingOAEP) padding will be performed prior to encryption. + If this argument is kSecPaddingNone, the incoming data will be encrypted "as is". + kSecPaddingOAEP is the recommended value. Other value are not recommended + for security reason (Padding attack or malleability). + + When PKCS1 padding is performed, the maximum length of data that can + be encrypted is the value returned by SecKeyGetBlockSize() - 11. + + When memory usage is a critical issue, note that the input buffer + (plainText) can be the same as the output buffer (cipherText). + */ +OSStatus SecKeyEncrypt( + SecKeyRef key, + SecPadding padding, + const uint8_t *plainText, + size_t plainTextLen, + uint8_t *cipherText, + size_t *cipherTextLen) +__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); + + +/*! + @function SecKeyDecrypt + @abstract Decrypt a block of ciphertext. + @param key Private key with which to decrypt the data. + @param padding See Padding Types above, typically kSecPaddingPKCS1. + @param cipherText The data to decrypt. + @param cipherTextLen Length of cipherText in bytes, this must be less + or equal to the value returned by SecKeyGetBlockSize(). + @param plainText Pointer to the output buffer. + @param plainTextLen On input, specifies how much space is available at + plainText; on return, it is the actual number of plainText bytes written. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion If the padding argument is kSecPaddingPKCS1 or kSecPaddingOAEP, + the corresponding padding will be removed after decryption. + If this argument is kSecPaddingNone, the decrypted data will be returned "as is". + + When memory usage is a critical issue, note that the input buffer + (plainText) can be the same as the output buffer (cipherText). + */ +OSStatus SecKeyDecrypt( + SecKeyRef key, /* Private key */ + SecPadding padding, /* kSecPaddingNone, + kSecPaddingPKCS1, + kSecPaddingOAEP */ + const uint8_t *cipherText, + size_t cipherTextLen, /* length of cipherText */ + uint8_t *plainText, + size_t *plainTextLen) /* IN/OUT */ +__OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_2_0); + +#endif // SEC_OS_IPHONE /*! @function SecKeyCreateRandomKey @abstract Generates a new public/private key pair. @param parameters A dictionary containing one or more key-value pairs. - See the discussion sections below for a complete overview of options. + See the discussion sections below for a complete overview of options. @param error On error, will be populated with an error object describing the failure. See "Security Error Codes" (SecBase.h). @return Newly generated private key. To get associated public key, use SecKeyCopyPublicKey(). @discussion In order to generate a keypair the parameters dictionary must - at least contain the following keys: + at least contain the following keys: * kSecAttrKeyType with a value being kSecAttrKeyTypeRSA or any other kSecAttrKeyType defined in SecItem.h @@ -646,347 +804,357 @@ SecKeyRef _Nullable SecKeyCreateRandomKey(CFDictionaryRef parameters, CFErrorRef __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); /*! - @function SecKeyCreateWithData - @abstract Create a SecKey from a well-defined external representation. - @param keyData CFData representing the key. The format of the data depends on the type of key being created. - @param attributes Dictionary containing attributes describing the key to be imported. The keys in this dictionary - are kSecAttr* constants from SecItem.h. Mandatory attributes are: - * kSecAttrKeyType - * kSecAttrKeyClass - * kSecAttrKeySizeInBits - @param error On error, will be populated with an error object describing the failure. - See "Security Error Codes" (SecBase.h). - @result A SecKey object representing the key, or NULL on failure. - @discussion This function does not add keys to any keychain, but the SecKey object it returns can be added - to keychain using the SecItemAdd function. - The requested data format depend on the type of key (kSecAttrKeyType) being created: - * kSecAttrKeyTypeRSA PKCS#1 format - * kSecAttrKeyTypeECSECPrimeRandom SEC1 format (www.secg.org) + @function SecKeyCreateWithData + @abstract Create a SecKey from a well-defined external representation. + @param keyData CFData representing the key. The format of the data depends on the type of key being created. + @param attributes Dictionary containing attributes describing the key to be imported. The keys in this dictionary + are kSecAttr* constants from SecItem.h. Mandatory attributes are: + * kSecAttrKeyType + * kSecAttrKeyClass + @param error On error, will be populated with an error object describing the failure. + See "Security Error Codes" (SecBase.h). + @result A SecKey object representing the key, or NULL on failure. + @discussion This function does not add keys to any keychain, but the SecKey object it returns can be added + to keychain using the SecItemAdd function. + The requested data format depend on the type of key (kSecAttrKeyType) being created: + * kSecAttrKeyTypeRSA PKCS#1 format, public key can be also in x509 public key format + * kSecAttrKeyTypeECSECPrimeRandom ANSI X9.63 format (04 || X || Y [ || K]) */ SecKeyRef _Nullable SecKeyCreateWithData(CFDataRef keyData, CFDictionaryRef attributes, CFErrorRef *error) __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); /*! - @function SecKeyCopyExternalRepresentation - @abstract Create an external representation for the given key suitable for the key's type. - @param key The key to be exported. - @param error On error, will be populated with an error object describing the failure. - See "Security Error Codes" (SecBase.h). - @result A CFData representing the key in a format suitable for that key type. - @discussion This function may fail if the key is not exportable (e.g., bound to a smart card or Secure Enclave). - The format in which the key will be exported depends on the type of key: - * kSecAttrKeyTypeRSA PKCS#1 format - * kSecAttrKeyTypeECSECPrimeRandom SEC1 format (www.secg.org) + @function SecKeyGetBlockSize + @abstract Decrypt a block of ciphertext. + @param key The key for which the block length is requested. + @result The block length of the key in bytes. + @discussion If for example key is an RSA key the value returned by + this function is the size of the modulus. + */ +size_t SecKeyGetBlockSize(SecKeyRef key) + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); + +/*! + @function SecKeyCopyExternalRepresentation + @abstract Create an external representation for the given key suitable for the key's type. + @param key The key to be exported. + @param error On error, will be populated with an error object describing the failure. + See "Security Error Codes" (SecBase.h). + @result A CFData representing the key in a format suitable for that key type. + @discussion This function may fail if the key is not exportable (e.g., bound to a smart card or Secure Enclave). + The format in which the key will be exported depends on the type of key: + * kSecAttrKeyTypeRSA PKCS#1 format + * kSecAttrKeyTypeECSECPrimeRandom ANSI X9.63 format (04 || X || Y [ || K]) */ CFDataRef _Nullable SecKeyCopyExternalRepresentation(SecKeyRef key, CFErrorRef *error) __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); /*! - @function SecKeyCopyAttributes - @abstract Retrieve keychain attributes of a key. - @param key The key whose attributes are to be retrieved. - @result Dictionary containing attributes of the key. The keys that populate this dictionary are defined - and discussed in SecItem.h. - @discussion The attributes provided by this function are: - * kSecAttrCanEncrypt - * kSecAttrCanDecrypt - * kSecAttrCanDerive - * kSecAttrCanSign - * kSecAttrCanVerify - * kSecAttrKeyClass - * kSecAttrKeyType - * kSecAttrKeySizeInBits - * kSecAttrTokenID - * kSecAttrApplicationLabel - Other values returned in that dictionary are RFU. + @function SecKeyCopyAttributes + @abstract Retrieve keychain attributes of a key. + @param key The key whose attributes are to be retrieved. + @result Dictionary containing attributes of the key. The keys that populate this dictionary are defined + and discussed in SecItem.h. + @discussion The attributes provided by this function are: + * kSecAttrCanEncrypt + * kSecAttrCanDecrypt + * kSecAttrCanDerive + * kSecAttrCanSign + * kSecAttrCanVerify + * kSecAttrKeyClass + * kSecAttrKeyType + * kSecAttrKeySizeInBits + * kSecAttrTokenID + * kSecAttrApplicationLabel + Other values returned in that dictionary are RFU. */ CFDictionaryRef _Nullable SecKeyCopyAttributes(SecKeyRef key) __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); /*! - @function SecKeyCopyPublicKey - @abstract Retrieve the public key from a key pair or private key. - @param key The key from which to retrieve a public key. - @result The public key or NULL if public key is not available for specified key. - @discussion Fails if key does not contain a public key or no public key can be computed from it. + @function SecKeyCopyPublicKey + @abstract Retrieve the public key from a key pair or private key. + @param key The key from which to retrieve a public key. + @result The public key or NULL if public key is not available for specified key. + @discussion Fails if key does not contain a public key or no public key can be computed from it. */ SecKeyRef _Nullable SecKeyCopyPublicKey(SecKeyRef key) __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); /*! - @enum SecKeyAlgorithm - @abstract Available algorithms for performing cryptographic operations with SecKey object. String representation - of constant can be used for logging or debugging purposes, because they contain human readable names of the algorithm. + @enum SecKeyAlgorithm + @abstract Available algorithms for performing cryptographic operations with SecKey object. String representation + of constant can be used for logging or debugging purposes, because they contain human readable names of the algorithm. - @constant kSecKeyAlgorithmRSASignatureRaw - Raw RSA sign/verify operation, size of input data must be the same as value returned by SecKeyGetBlockSize(). + @constant kSecKeyAlgorithmRSASignatureRaw + Raw RSA sign/verify operation, size of input data must be the same as value returned by SecKeyGetBlockSize(). - @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw - RSA sign/verify operation, assumes that input data is digest and OID and digest algorithm as specified in PKCS# v1.5. - This algorithm is typically not used directly, instead use algorithm with specified digest, like - kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256. + @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw + RSA sign/verify operation, assumes that input data is digest and OID and digest algorithm as specified in PKCS# v1.5. + This algorithm is typically not used directly, instead use algorithm with specified digest, like + kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256. - @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 - RSA signature with PKCS#1 padding, input data must be SHA-1 generated digest. + @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 + RSA signature with PKCS#1 padding, input data must be SHA-1 generated digest. - @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 - RSA signature with PKCS#1 padding, input data must be SHA-224 generated digest. + @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224 + RSA signature with PKCS#1 padding, input data must be SHA-224 generated digest. - @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 - RSA signature with PKCS#1 padding, input data must be SHA-256 generated digest. + @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256 + RSA signature with PKCS#1 padding, input data must be SHA-256 generated digest. - @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 - RSA signature with PKCS#1 padding, input data must be SHA-384 generated digest. + @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384 + RSA signature with PKCS#1 padding, input data must be SHA-384 generated digest. - @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 - RSA signature with PKCS#1 padding, input data must be SHA-512 generated digest. + @constant kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512 + RSA signature with PKCS#1 padding, input data must be SHA-512 generated digest. - @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1 - RSA signature with PKCS#1 padding, SHA-1 digest is generated from input data of any size. + @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA1 + RSA signature with PKCS#1 padding, SHA-1 digest is generated from input data of any size. - @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224 - RSA signature with PKCS#1 padding, SHA-224 digest is generated from input data of any size. + @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA224 + RSA signature with PKCS#1 padding, SHA-224 digest is generated from input data of any size. - @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256 - RSA signature with PKCS#1 padding, SHA-256 digest is generated from input data of any size. + @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256 + RSA signature with PKCS#1 padding, SHA-256 digest is generated from input data of any size. - @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384 - RSA signature with PKCS#1 padding, SHA-384 digest is generated from input data of any size. + @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA384 + RSA signature with PKCS#1 padding, SHA-384 digest is generated from input data of any size. - @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512 - RSA signature with PKCS#1 padding, SHA-512 digest is generated from input data of any size. + @constant kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA512 + RSA signature with PKCS#1 padding, SHA-512 digest is generated from input data of any size. - @constant kSecKeyAlgorithmECDSASignatureRFC4754 - ECDSA algorithm, signature is concatenated r and s, big endian, data is message digest. + @constant kSecKeyAlgorithmECDSASignatureRFC4754 + ECDSA algorithm, signature is concatenated r and s, big endian, data is message digest. - @constant kSecKeyAlgorithmECDSASignatureDigestX962 - ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest. + @constant kSecKeyAlgorithmECDSASignatureDigestX962 + ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest. - @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1 - ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA1 algorithm. + @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1 + ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA1 algorithm. - @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1 - ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA224 algorithm. + @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1 + ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA224 algorithm. - @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1 - ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA256 algorithm. - - @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1 - ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA384 algorithm. - - @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1 - ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA512 algorithm. - - @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA1 - ECDSA algorithm, signature is in DER x9.62 encoding, SHA-1 digest is generated from input data of any size. - - @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA224 - ECDSA algorithm, signature is in DER x9.62 encoding, SHA-224 digest is generated from input data of any size. - - @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA256 - ECDSA algorithm, signature is in DER x9.62 encoding, SHA-256 digest is generated from input data of any size. - - @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA384 - ECDSA algorithm, signature is in DER x9.62 encoding, SHA-384 digest is generated from input data of any size. - - @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA512 - ECDSA algorithm, signature is in DER x9.62 encoding, SHA-512 digest is generated from input data of any size. - - @constant kSecKeyAlgorithmRSAEncryptionRaw - Raw RSA encryption or decryption, size of data must match RSA key modulus size. Note that direct - use of this algorithm without padding is cryptographically very weak, it is important to always introduce - some kind of padding. Input data size must be less or equal to the key block size and returned block has always - the same size as block size, as returned by SecKeyGetBlockSize(). - - @constant kSecKeyAlgorithmRSAEncryptionPKCS1 - RSA encryption or decryption, data is padded using PKCS#1 padding scheme. This algorithm should be used only for - backward compatibility with existing protocols and data. New implementations should choose cryptographically - stronger algorithm instead (see kSecKeyAlgorithmRSAEncryptionOAEP). Input data must be at most - "key block size - 11" bytes long and returned block has always the same size as block size, as returned - by SecKeyGetBlockSize(). - - @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA1 - RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA1. Input data must be at most - "key block size - 42" bytes long and returned block has always the same size as block size, as returned - by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM to be able to encrypt and decrypt arbitrary long data. - - @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA224 - RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA224. Input data must be at most - "key block size - 58" bytes long and returned block has always the same size as block size, as returned - by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM to be able to encrypt and decrypt arbitrary long data. - - @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA256 - RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA256. Input data must be at most - "key block size - 66" bytes long and returned block has always the same size as block size, as returned - by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM to be able to encrypt and decrypt arbitrary long data. - - @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA384 - RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA384. Input data must be at most - "key block size - 98" bytes long and returned block has always the same size as block size, as returned - by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM to be able to encrypt and decrypt arbitrary long data. - - @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA512 - RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA512. Input data must be at most - "key block size - 130" bytes long and returned block has always the same size as block size, as returned - by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM to be able to encrypt and decrypt arbitrary long data. - - @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM - Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM - mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext. - 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used - as authentication data for AES-GCM encryption. - - @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM - Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM - mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext. - 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used - as authentication data for AES-GCM encryption. - - @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM - Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM - mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext. - 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used - as authentication data for AES-GCM encryption. - - @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM - Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM - mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext. - 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used - as authentication data for AES-GCM encryption. - - @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM - Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM - mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext. - 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used - as authentication data for AES-GCM encryption. - - @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM - ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. - Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size - is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, - and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and - all-zero 16 byte long IV (initialization vector). - - @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM - ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. - Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size - is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, - and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and - all-zero 16 byte long IV (initialization vector). - - @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM - ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. - Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size - is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, - and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and - all-zero 16 byte long IV (initialization vector). - - @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM - ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. - Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size - is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, - and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and - all-zero 16 byte long IV (initialization vector). - - @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM - ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. - Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size - is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, - and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and - all-zero 16 byte long IV (initialization vector). - - @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM - ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. - Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size - is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, - and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and - all-zero 16 byte long IV (initialization vector). - - @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM - ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. - Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size - is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, - and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and - all-zero 16 byte long IV (initialization vector). - - @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM - ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. - Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size - is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, - and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and - all-zero 16 byte long IV (initialization vector). - - @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM - ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. - Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size - is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, - and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and - all-zero 16 byte long IV (initialization vector). - - @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM - ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. - Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size - is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, - and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and - all-zero 16 byte long IV (initialization vector). - - @constant kSecKeyAlgorithmECDHKeyExchangeCofactor - Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys. - This algorithm does not accept any parameters, length of output raw shared secret is given by the length of the key. - - @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1 - Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys - and apply ANSI X9.63 KDF with SHA1 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows - kSecKeyKeyExchangeParameterSharedInfo parameters to be used. - - @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224 - Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys - and apply ANSI X9.63 KDF with SHA224 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows - kSecKeyKeyExchangeParameterSharedInfo parameters to be used. - - @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256 - Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys - and apply ANSI X9.63 KDF with SHA256 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows - kSecKeyKeyExchangeParameterSharedInfo parameters to be used. - - @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384 - Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys - and apply ANSI X9.63 KDF with SHA384 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows - kSecKeyKeyExchangeParameterSharedInfo parameters to be used. - - @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512 - Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys - and apply ANSI X9.63 KDF with SHA512 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows - kSecKeyKeyExchangeParameterSharedInfo parameters to be used. - - @constant kSecKeyAlgorithmECDHKeyExchangeStandard - Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys. - This algorithm does not accept any parameters, length of output raw shared secret is given by the length of the key. - - @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1 - Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys - and apply ANSI X9.63 KDF with SHA1 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows - kSecKeyKeyExchangeParameterSharedInfo parameters to be used. - - @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224 - Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys - and apply ANSI X9.63 KDF with SHA224 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows - kSecKeyKeyExchangeParameterSharedInfo parameters to be used. - - @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256 - Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys - and apply ANSI X9.63 KDF with SHA256 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows - kSecKeyKeyExchangeParameterSharedInfo parameters to be used. - - @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384 - Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys - and apply ANSI X9.63 KDF with SHA384 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows - kSecKeyKeyExchangeParameterSharedInfo parameters to be used. - - @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512 - Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys - and apply ANSI X9.63 KDF with SHA512 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows - kSecKeyKeyExchangeParameterSharedInfo parameters to be used. + @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1 + ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA256 algorithm. + + @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1 + ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA384 algorithm. + + @constant kSecKeyAlgorithmECDSASignatureDigestX962SHA1 + ECDSA algorithm, signature is in DER x9.62 encoding, input data is message digest created by SHA512 algorithm. + + @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA1 + ECDSA algorithm, signature is in DER x9.62 encoding, SHA-1 digest is generated from input data of any size. + + @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA224 + ECDSA algorithm, signature is in DER x9.62 encoding, SHA-224 digest is generated from input data of any size. + + @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA256 + ECDSA algorithm, signature is in DER x9.62 encoding, SHA-256 digest is generated from input data of any size. + + @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA384 + ECDSA algorithm, signature is in DER x9.62 encoding, SHA-384 digest is generated from input data of any size. + + @constant kSecKeyAlgorithmECDSASignatureMessageX962SHA512 + ECDSA algorithm, signature is in DER x9.62 encoding, SHA-512 digest is generated from input data of any size. + + @constant kSecKeyAlgorithmRSAEncryptionRaw + Raw RSA encryption or decryption, size of data must match RSA key modulus size. Note that direct + use of this algorithm without padding is cryptographically very weak, it is important to always introduce + some kind of padding. Input data size must be less or equal to the key block size and returned block has always + the same size as block size, as returned by SecKeyGetBlockSize(). + + @constant kSecKeyAlgorithmRSAEncryptionPKCS1 + RSA encryption or decryption, data is padded using PKCS#1 padding scheme. This algorithm should be used only for + backward compatibility with existing protocols and data. New implementations should choose cryptographically + stronger algorithm instead (see kSecKeyAlgorithmRSAEncryptionOAEP). Input data must be at most + "key block size - 11" bytes long and returned block has always the same size as block size, as returned + by SecKeyGetBlockSize(). + + @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA1 + RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA1. Input data must be at most + "key block size - 42" bytes long and returned block has always the same size as block size, as returned + by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM to be able to encrypt and decrypt arbitrary long data. + + @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA224 + RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA224. Input data must be at most + "key block size - 58" bytes long and returned block has always the same size as block size, as returned + by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM to be able to encrypt and decrypt arbitrary long data. + + @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA256 + RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA256. Input data must be at most + "key block size - 66" bytes long and returned block has always the same size as block size, as returned + by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM to be able to encrypt and decrypt arbitrary long data. + + @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA384 + RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA384. Input data must be at most + "key block size - 98" bytes long and returned block has always the same size as block size, as returned + by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM to be able to encrypt and decrypt arbitrary long data. + + @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA512 + RSA encryption or decryption, data is padded using OAEP padding scheme internally using SHA512. Input data must be at most + "key block size - 130" bytes long and returned block has always the same size as block size, as returned + by SecKeyGetBlockSize(). Use kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM to be able to encrypt and decrypt arbitrary long data. + + @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA1AESGCM + Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM + mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext. + 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used + as authentication data for AES-GCM encryption. + + @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA224AESGCM + Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM + mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext. + 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used + as authentication data for AES-GCM encryption. + + @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM + Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM + mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext. + 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used + as authentication data for AES-GCM encryption. + + @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA384AESGCM + Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM + mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext. + 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used + as authentication data for AES-GCM encryption. + + @constant kSecKeyAlgorithmRSAEncryptionOAEPSHA512AESGCM + Randomly generated AES session key is encrypted by RSA with OAEP padding. User data are encrypted using session key in GCM + mode with all-zero 16 bytes long IV (initialization vector). Finally 16 byte AES-GCM tag is appended to ciphertext. + 256bit AES key is used if RSA key is 4096bit or bigger, otherwise 128bit AES key is used. Raw public key data is used + as authentication data for AES-GCM encryption. + + @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA1AESGCM + ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. + Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size + is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, + and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and + all-zero 16 byte long IV (initialization vector). + + @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA224AESGCM + ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. + Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size + is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, + and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and + all-zero 16 byte long IV (initialization vector). + + @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA256AESGCM + ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. + Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size + is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, + and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and + all-zero 16 byte long IV (initialization vector). + + @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA384AESGCM + ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. + Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size + is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, + and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and + all-zero 16 byte long IV (initialization vector). + + @constant kSecKeyAlgorithmECIESEncryptionStandardX963SHA512AESGCM + ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. + Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1. AES Key size + is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, + and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and + all-zero 16 byte long IV (initialization vector). + + @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA1AESGCM + ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. + Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size + is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, + and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and + all-zero 16 byte long IV (initialization vector). + + @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA224AESGCM + ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. + Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size + is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, + and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and + all-zero 16 byte long IV (initialization vector). + + @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM + ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. + Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size + is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, + and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and + all-zero 16 byte long IV (initialization vector). + + @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA384AESGCM + ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. + Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size + is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, + and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and + all-zero 16 byte long IV (initialization vector). + + @constant kSecKeyAlgorithmECIESEncryptionCofactorX963SHA512AESGCM + ECIES encryption or decryption. This algorithm does not limit the size of the message to be encrypted or decrypted. + Encryption is done using AES-GCM with key negotiated by kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1. AES Key size + is 128bit for EC keys <=256bit and 256bit for bigger EC keys. Ephemeral public key data is used as sharedInfo for KDF, + and static public key data is used as authenticationData for AES-GCM processing. AES-GCM uses 16 bytes long TAG and + all-zero 16 byte long IV (initialization vector). + + @constant kSecKeyAlgorithmECDHKeyExchangeCofactor + Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys. + This algorithm does not accept any parameters, length of output raw shared secret is given by the length of the key. + + @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1 + Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys + and apply ANSI X9.63 KDF with SHA1 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows + kSecKeyKeyExchangeParameterSharedInfo parameters to be used. + + @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA224 + Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys + and apply ANSI X9.63 KDF with SHA224 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows + kSecKeyKeyExchangeParameterSharedInfo parameters to be used. + + @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA256 + Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys + and apply ANSI X9.63 KDF with SHA256 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows + kSecKeyKeyExchangeParameterSharedInfo parameters to be used. + + @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA384 + Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys + and apply ANSI X9.63 KDF with SHA384 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows + kSecKeyKeyExchangeParameterSharedInfo parameters to be used. + + @constant kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512 + Compute shared secret using ECDH cofactor algorithm, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys + and apply ANSI X9.63 KDF with SHA512 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows + kSecKeyKeyExchangeParameterSharedInfo parameters to be used. + + @constant kSecKeyAlgorithmECDHKeyExchangeStandard + Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys. + This algorithm does not accept any parameters, length of output raw shared secret is given by the length of the key. + + @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA1 + Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys + and apply ANSI X9.63 KDF with SHA1 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows + kSecKeyKeyExchangeParameterSharedInfo parameters to be used. + + @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA224 + Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys + and apply ANSI X9.63 KDF with SHA224 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows + kSecKeyKeyExchangeParameterSharedInfo parameters to be used. + + @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA256 + Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys + and apply ANSI X9.63 KDF with SHA256 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows + kSecKeyKeyExchangeParameterSharedInfo parameters to be used. + + @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA384 + Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys + and apply ANSI X9.63 KDF with SHA384 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows + kSecKeyKeyExchangeParameterSharedInfo parameters to be used. + + @constant kSecKeyAlgorithmECDHKeyExchangeStandardX963SHA512 + Compute shared secret using ECDH algorithm without cofactor, suitable only for kSecAttrKeyTypeECSECPrimeRandom keys + and apply ANSI X9.63 KDF with SHA512 as hashing function. Requires kSecKeyKeyExchangeParameterRequestedSize and allows + kSecKeyKeyExchangeParameterSharedInfo parameters to be used. */ typedef CFStringRef SecKeyAlgorithm CF_STRING_ENUM @@ -1122,75 +1290,75 @@ extern const SecKeyAlgorithm kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA512 __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); /*! - @function SecKeyCreateSignature - @abstract Given a private key and data to sign, generate a digital signature. - @param key Private key with which to sign. - @param algorithm One of SecKeyAlgorithm constants suitable to generate signature with this key. - @param dataToSign The data to be signed, typically the digest of the actual data. - @param error On error, will be populated with an error object describing the failure. - See "Security Error Codes" (SecBase.h). - @result The signature over dataToSign represented as a CFData, or NULL on failure. - @discussion Computes digital signature using specified key over input data. The operation algorithm - further defines the exact format of input data, operation to be performed and output signature. + @function SecKeyCreateSignature + @abstract Given a private key and data to sign, generate a digital signature. + @param key Private key with which to sign. + @param algorithm One of SecKeyAlgorithm constants suitable to generate signature with this key. + @param dataToSign The data to be signed, typically the digest of the actual data. + @param error On error, will be populated with an error object describing the failure. + See "Security Error Codes" (SecBase.h). + @result The signature over dataToSign represented as a CFData, or NULL on failure. + @discussion Computes digital signature using specified key over input data. The operation algorithm + further defines the exact format of input data, operation to be performed and output signature. */ CFDataRef _Nullable SecKeyCreateSignature(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef dataToSign, CFErrorRef *error) __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); /*! - @function SecKeyVerifySignature - @abstract Given a public key, data which has been signed, and a signature, verify the signature. - @param key Public key with which to verify the signature. - @param algorithm One of SecKeyAlgorithm constants suitable to verify signature with this key. - @param signedData The data over which sig is being verified, typically the digest of the actual data. - @param signature The signature to verify. - @param error On error, will be populated with an error object describing the failure. - See "Security Error Codes" (SecBase.h). - @result True if the signature was valid, False otherwise. - @discussion Verifies digital signature operation using specified key and signed data. The operation algorithm - further defines the exact format of input data, signature and operation to be performed. + @function SecKeyVerifySignature + @abstract Given a public key, data which has been signed, and a signature, verify the signature. + @param key Public key with which to verify the signature. + @param algorithm One of SecKeyAlgorithm constants suitable to verify signature with this key. + @param signedData The data over which sig is being verified, typically the digest of the actual data. + @param signature The signature to verify. + @param error On error, will be populated with an error object describing the failure. + See "Security Error Codes" (SecBase.h). + @result True if the signature was valid, False otherwise. + @discussion Verifies digital signature operation using specified key and signed data. The operation algorithm + further defines the exact format of input data, signature and operation to be performed. */ Boolean SecKeyVerifySignature(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef signedData, CFDataRef signature, CFErrorRef *error) __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); /*! - @function SecKeyCreateEncryptedData - @abstract Encrypt a block of plaintext. - @param key Public key with which to encrypt the data. - @param algorithm One of SecKeyAlgorithm constants suitable to perform encryption with this key. - @param plaintext The data to encrypt. The length and format of the data must conform to chosen algorithm, - typically be less or equal to the value returned by SecKeyGetBlockSize(). - @param error On error, will be populated with an error object describing the failure. - See "Security Error Codes" (SecBase.h). - @result The ciphertext represented as a CFData, or NULL on failure. - @discussion Encrypts plaintext data using specified key. The exact type of the operation including the format - of input and output data is specified by encryption algorithm. + @function SecKeyCreateEncryptedData + @abstract Encrypt a block of plaintext. + @param key Public key with which to encrypt the data. + @param algorithm One of SecKeyAlgorithm constants suitable to perform encryption with this key. + @param plaintext The data to encrypt. The length and format of the data must conform to chosen algorithm, + typically be less or equal to the value returned by SecKeyGetBlockSize(). + @param error On error, will be populated with an error object describing the failure. + See "Security Error Codes" (SecBase.h). + @result The ciphertext represented as a CFData, or NULL on failure. + @discussion Encrypts plaintext data using specified key. The exact type of the operation including the format + of input and output data is specified by encryption algorithm. */ CFDataRef _Nullable SecKeyCreateEncryptedData(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef plaintext, CFErrorRef *error) __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); /*! - @function SecKeyCreateDecryptedData - @abstract Decrypt a block of ciphertext. - @param key Private key with which to decrypt the data. - @param algorithm One of SecKeyAlgorithm constants suitable to perform decryption with this key. - @param ciphertext The data to decrypt. The length and format of the data must conform to chosen algorithm, - typically be less or equal to the value returned by SecKeyGetBlockSize(). - @param error On error, will be populated with an error object describing the failure. - See "Security Error Codes" (SecBase.h). - @result The plaintext represented as a CFData, or NULL on failure. - @discussion Decrypts ciphertext data using specified key. The exact type of the operation including the format - of input and output data is specified by decryption algorithm. + @function SecKeyCreateDecryptedData + @abstract Decrypt a block of ciphertext. + @param key Private key with which to decrypt the data. + @param algorithm One of SecKeyAlgorithm constants suitable to perform decryption with this key. + @param ciphertext The data to decrypt. The length and format of the data must conform to chosen algorithm, + typically be less or equal to the value returned by SecKeyGetBlockSize(). + @param error On error, will be populated with an error object describing the failure. + See "Security Error Codes" (SecBase.h). + @result The plaintext represented as a CFData, or NULL on failure. + @discussion Decrypts ciphertext data using specified key. The exact type of the operation including the format + of input and output data is specified by decryption algorithm. */ CFDataRef _Nullable SecKeyCreateDecryptedData(SecKeyRef key, SecKeyAlgorithm algorithm, CFDataRef ciphertext, CFErrorRef *error) __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); /*! - @enum SecKeyKeyExchangeParameter SecKey Key Exchange parameters - @constant kSecKeyKeyExchangeParameterRequestedSize Contains CFNumberRef with requested result size in bytes. - @constant kSecKeyKeyExchangeParameterSharedInfo Contains CFDataRef with additional shared info - for KDF (key derivation function). + @enum SecKeyKeyExchangeParameter SecKey Key Exchange parameters + @constant kSecKeyKeyExchangeParameterRequestedSize Contains CFNumberRef with requested result size in bytes. + @constant kSecKeyKeyExchangeParameterSharedInfo Contains CFDataRef with additional shared info + for KDF (key derivation function). */ typedef CFStringRef SecKeyKeyExchangeParameter CF_STRING_ENUM __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); @@ -1200,37 +1368,37 @@ extern const SecKeyKeyExchangeParameter kSecKeyKeyExchangeParameterSharedInfo __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); /*! - @function SecKeyCopyKeyExchangeResult - @abstract Perform Diffie-Hellman style of key exchange operation, optionally with additional key-derivation steps. - @param algorithm One of SecKeyAlgorithm constants suitable to perform this operation. - @param publicKey Remote party's public key. - @param parameters Dictionary with parameters, see SecKeyKeyExchangeParameter constants. Used algorithm - determines the set of required and optional parameters to be used. - @param error Pointer to an error object on failure. - See "Security Error Codes" (SecBase.h). - @result Result of key exchange operation as a CFDataRef, or NULL on failure. + @function SecKeyCopyKeyExchangeResult + @abstract Perform Diffie-Hellman style of key exchange operation, optionally with additional key-derivation steps. + @param algorithm One of SecKeyAlgorithm constants suitable to perform this operation. + @param publicKey Remote party's public key. + @param parameters Dictionary with parameters, see SecKeyKeyExchangeParameter constants. Used algorithm + determines the set of required and optional parameters to be used. + @param error Pointer to an error object on failure. + See "Security Error Codes" (SecBase.h). + @result Result of key exchange operation as a CFDataRef, or NULL on failure. */ CFDataRef _Nullable SecKeyCopyKeyExchangeResult(SecKeyRef privateKey, SecKeyAlgorithm algorithm, SecKeyRef publicKey, CFDictionaryRef parameters, CFErrorRef *error) __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); /*! - @enum SecKeyOperationType - @abstract Defines types of cryptographic operations available with SecKey instance. + @enum SecKeyOperationType + @abstract Defines types of cryptographic operations available with SecKey instance. - @constant kSecKeyOperationTypeSign - Represents SecKeyCreateSignature() + @constant kSecKeyOperationTypeSign + Represents SecKeyCreateSignature() - @constant kSecKeyOperationTypeVerify - Represents SecKeyVerifySignature() + @constant kSecKeyOperationTypeVerify + Represents SecKeyVerifySignature() - @constant kSecKeyOperationTypeEncrypt - Represents SecKeyCreateEncryptedData() + @constant kSecKeyOperationTypeEncrypt + Represents SecKeyCreateEncryptedData() - @constant kSecKeyOperationTypeDecrypt - Represents SecKeyCreateDecryptedData() + @constant kSecKeyOperationTypeDecrypt + Represents SecKeyCreateDecryptedData() - @constant kSecKeyOperationTypeKeyExchange - Represents SecKeyCopyKeyExchangeResult() + @constant kSecKeyOperationTypeKeyExchange + Represents SecKeyCopyKeyExchangeResult() */ typedef CF_ENUM(CFIndex, SecKeyOperationType) { kSecKeyOperationTypeSign = 0, @@ -1241,12 +1409,12 @@ typedef CF_ENUM(CFIndex, SecKeyOperationType) { } __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); /*! - @function SecKeyIsAlgorithmSupported - @abstract Checks whether key supports specified algorithm for specified operation. - @param key Key to query - @param operation Operation type for which the key is queried - @param algorithm Algorithm which is queried - @return True if key supports specified algorithm for specified operation, False otherwise. + @function SecKeyIsAlgorithmSupported + @abstract Checks whether key supports specified algorithm for specified operation. + @param key Key to query + @param operation Operation type for which the key is queried + @param algorithm Algorithm which is queried + @return True if key supports specified algorithm for specified operation, False otherwise. */ Boolean SecKeyIsAlgorithmSupported(SecKeyRef key, SecKeyOperationType operation, SecKeyAlgorithm algorithm) __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); @@ -1254,8 +1422,6 @@ __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AV CF_IMPLICIT_BRIDGING_DISABLED CF_ASSUME_NONNULL_END -#if defined(__cplusplus) -} -#endif +__END_DECLS #endif /* !_SECURITY_SECKEY_H_ */ diff --git a/OSX/sec/Security/SecKeyPriv.h b/keychain/SecKeyPriv.h similarity index 52% rename from OSX/sec/Security/SecKeyPriv.h rename to keychain/SecKeyPriv.h index 60aabb66..6ec03618 100644 --- a/OSX/sec/Security/SecKeyPriv.h +++ b/keychain/SecKeyPriv.h @@ -22,37 +22,55 @@ */ /*! - @header SecKeyPriv - The functions provided in SecKeyPriv.h implement and manage a particular - type of keychain item that represents a key. A key can be stored in a - keychain, but a key can also be a transient object. + @header SecKeyPriv + The functions provided in SecKeyPriv.h implement and manage a particular + type of keychain item that represents a key. A key can be stored in a + keychain, but a key can also be a transient object. - You can use a key as a keychain item in most functions. + You can use a key as a keychain item in most functions. */ #ifndef _SECURITY_SECKEYPRIV_H_ #define _SECURITY_SECKEYPRIV_H_ +#include #include #include #include + +#if SEC_OS_IOS #include #include +#endif + +#if SEC_OS_OSX +#include +#include +#include +#endif __BEGIN_DECLS +#if SEC_OS_IPHONE typedef struct __SecDERKey { - uint8_t *oid; - CFIndex oidLength; + uint8_t *oid; + CFIndex oidLength; - uint8_t *parameters; - CFIndex parametersLength; + uint8_t *parameters; + CFIndex parametersLength; /* Contents of BIT STRING in DER Encoding */ - uint8_t *key; - CFIndex keyLength; + uint8_t *key; + CFIndex keyLength; } SecDERKey; +#endif // SEC_OS_IPHONE +typedef struct SecRSAPublicKeyParams { + uint8_t *modulus; /* modulus */ + CFIndex modulusLength; + uint8_t *exponent; /* public exponent */ + CFIndex exponentLength; +} SecRSAPublicKeyParams; typedef uint32_t SecKeyEncoding; enum { @@ -107,14 +125,14 @@ typedef OSStatus (*SecKeyInitMethod)(SecKeyRef, const uint8_t *, CFIndex, SecKeyEncoding); typedef void (*SecKeyDestroyMethod)(SecKeyRef); typedef OSStatus (*SecKeyRawSignMethod)(SecKeyRef key, SecPadding padding, - const uint8_t *dataToSign, size_t dataToSignLen, - uint8_t *sig, size_t *sigLen); + const uint8_t *dataToSign, size_t dataToSignLen, + uint8_t *sig, size_t *sigLen); typedef OSStatus (*SecKeyRawVerifyMethod)( SecKeyRef key, SecPadding padding, const uint8_t *signedData, size_t signedDataLen, const uint8_t *sig, size_t sigLen); typedef OSStatus (*SecKeyEncryptMethod)(SecKeyRef key, SecPadding padding, const uint8_t *plainText, size_t plainTextLen, - uint8_t *cipherText, size_t *cipherTextLen); + uint8_t *cipherText, size_t *cipherTextLen); typedef OSStatus (*SecKeyDecryptMethod)(SecKeyRef key, SecPadding padding, const uint8_t *cipherText, size_t cipherTextLen, uint8_t *plainText, size_t *plainTextLen); @@ -205,8 +223,9 @@ typedef struct __SecKeyDescriptor { #endif } SecKeyDescriptor; +#if SEC_OS_IPHONE struct __SecKey { - CFRuntimeBase _base; + CFRuntimeBase _base; const SecKeyDescriptor *key_class; @@ -219,7 +238,9 @@ struct __SecKey { /* The actual key handled by class. */ void *key; }; +#endif +#if SEC_OS_IPHONE /*! @function SecKeyCreate @abstract Given a private key and data to sign, generate a digital signature. @@ -232,7 +253,7 @@ struct __SecKey { */ SecKeyRef SecKeyCreate(CFAllocatorRef allocator, const SecKeyDescriptor *key_class, const uint8_t *keyData, - CFIndex keyDataLength, SecKeyEncoding encoding); + CFIndex keyDataLength, SecKeyEncoding encoding); /* Create a public key from an oid, params and keyData all in DER format. */ SecKeyRef SecKeyCreatePublicFromDER(CFAllocatorRef allocator, @@ -264,35 +285,35 @@ SecKeyRef SecKeyCreateFromAttributeDictionary(CFDictionaryRef refAttributes); OSStatus SecKeyDigestAndVerify( SecKeyRef key, /* Public key */ - const SecAsn1AlgId *algId, /* algorithm oid/params */ - const uint8_t *dataToDigest, /* signature over this data */ - size_t dataToDigestLen,/* length of dataToDigest */ - const uint8_t *sig, /* signature to verify */ - size_t sigLen); /* length of sig */ + const SecAsn1AlgId *algId, /* algorithm oid/params */ + const uint8_t *dataToDigest, /* signature over this data */ + size_t dataToDigestLen,/* length of dataToDigest */ + const uint8_t *sig, /* signature to verify */ + size_t sigLen); /* length of sig */ OSStatus SecKeyDigestAndSign( SecKeyRef key, /* Private key */ - const SecAsn1AlgId *algId, /* algorithm oid/params */ - const uint8_t *dataToDigest, /* signature over this data */ - size_t dataToDigestLen,/* length of dataToDigest */ - uint8_t *sig, /* signature, RETURNED */ - size_t *sigLen); /* IN/OUT */ + const SecAsn1AlgId *algId, /* algorithm oid/params */ + const uint8_t *dataToDigest, /* signature over this data */ + size_t dataToDigestLen,/* length of dataToDigest */ + uint8_t *sig, /* signature, RETURNED */ + size_t *sigLen); /* IN/OUT */ OSStatus SecKeyVerifyDigest( SecKeyRef key, /* Private key */ const SecAsn1AlgId *algId, /* algorithm oid/params */ - const uint8_t *digestData, /* signature over this digest */ + const uint8_t *digestData, /* signature over this digest */ size_t digestDataLen,/* length of dataToDigest */ - const uint8_t *sig, /* signature to verify */ + const uint8_t *sig, /* signature to verify */ size_t sigLen); /* length of sig */ OSStatus SecKeySignDigest( SecKeyRef key, /* Private key */ const SecAsn1AlgId *algId, /* algorithm oid/params */ - const uint8_t *digestData, /* signature over this digest */ + const uint8_t *digestData, /* signature over this digest */ size_t digestDataLen,/* length of digestData */ - uint8_t *sig, /* signature, RETURNED */ - size_t *sigLen); /* IN/OUT */ + uint8_t *sig, /* signature, RETURNED */ + size_t *sigLen); /* IN/OUT */ OSStatus SecKeyCopyPublicBytes(SecKeyRef key, CFDataRef* serializedPublic); SecKeyRef SecKeyCreateFromPublicBytes(CFAllocatorRef allocator, CFIndex algorithmID, const uint8_t *keyData, CFIndex keyDataLength); @@ -311,6 +332,7 @@ CFDictionaryRef SecKeyGeneratePrivateAttributeDictionary(SecKeyRef key, CFDataRef privateBlob); CF_RETURNS_RETAINED CFDictionaryRef SecKeyGeneratePublicAttributeDictionary(SecKeyRef key, CFTypeRef keyType); +#endif // SEC_OS_IPHONE enum { kSecNullAlgorithmID = 0, @@ -319,28 +341,30 @@ enum { kSecECDSAAlgorithmID = 3, }; +#if SEC_OS_IPHONE_INCLUDES /*! - @function SecKeyGetAlgorithmID - @abstract Returns an enumerated constant value which identifies the algorithm for the given key. - @param key A key reference. - @result An algorithm identifier. - @discussion Deprecated in iOS 9.0. Note that SecKeyGetAlgorithmID also exists on OS X - with different arguments for CDSA-based SecKeyRefs, and returns different values. - For compatibility, your code should migrate to use SecKeyGetAlgorithmId instead. + @function SecKeyGetAlgorithmID + @abstract Returns an enumerated constant value which identifies the algorithm for the given key. + @param key A key reference. + @result An algorithm identifier. + @discussion Deprecated in iOS 9.0. Note that SecKeyGetAlgorithmID also exists on OS X + with different arguments for CDSA-based SecKeyRefs, and returns different values. + For compatibility, your code should migrate to use SecKeyGetAlgorithmId instead. */ CFIndex SecKeyGetAlgorithmID(SecKeyRef key) - __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_8, __IPHONE_5_0, __IPHONE_9_0); + __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_8, __IPHONE_5_0, __IPHONE_9_0); /*! - @function SecKeyGetAlgorithmId - @abstract Returns an enumerated constant value which identifies the algorithm for the given key. - @param key A key reference. - @result An algorithm identifier. + @function SecKeyGetAlgorithmId + @abstract Returns an enumerated constant value which identifies the algorithm for the given key. + @param key A key reference. + @result An algorithm identifier. */ CFIndex SecKeyGetAlgorithmId(SecKeyRef key) - __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_9_0); - + __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_9_0); +#endif //#SEC_OS_IPHONE_INCLUDES +#if SEC_OS_IPHONE typedef enum { kSecKeyKeySizeInBits = 0, kSecKeySignatureSize = 1, @@ -413,14 +437,294 @@ CFDataRef _SecKeyCopyUnwrapKey(SecKeyRef key, SecKeyWrapType type, CFDataRef wrappedKey, CFDictionaryRef parameters, CFDictionaryRef *outParam, CFErrorRef *error) __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0); +#endif // SEC_OS_IPHONE + + +#if SEC_OS_OSX_INCLUDES +/*! + @function SecKeyGetAlgorithmID + @abstract Returns a pointer to a CSSM_X509_ALGORITHM_IDENTIFIER structure for the given key. + @param key A key reference. + @param algid On return, a pointer to a CSSM_X509_ALGORITHM_IDENTIFIER structure. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion Deprecated in OS X 10.8 and later. Continued use is strongly discouraged, + since there is a naming conflict with a similar function (also deprecated) on iOS that + had different arguments and a different return value. Use SecKeyGetAlgorithmId instead. +*/ +OSStatus SecKeyGetAlgorithmID(SecKeyRef key, const CSSM_X509_ALGORITHM_IDENTIFIER **algid) + DEPRECATED_IN_MAC_OS_X_VERSION_10_8_AND_LATER; + +/*! + @function SecKeyGetAlgorithmId + @abstract Returns an enumerated constant value which identifies the algorithm for the given key. + @param key A key reference. + @result An algorithm identifier. +*/ +CFIndex SecKeyGetAlgorithmId(SecKeyRef key) + __OSX_AVAILABLE_STARTING(__MAC_10_8, __IPHONE_9_0); + +/*! + @function SecKeyGetStrengthInBits + @abstract Returns key strength in bits for the given key. + @param key A key reference. + @param algid A pointer to a CSSM_X509_ALGORITHM_IDENTIFIER structure, as returned from a call to SecKeyGetAlgorithmID. + @param strength On return, the key strength in bits. + @result A result code. See "Security Error Codes" (SecBase.h). +*/ +OSStatus SecKeyGetStrengthInBits(SecKeyRef key, const CSSM_X509_ALGORITHM_IDENTIFIER *algid, unsigned int *strength); + +/*! + @function SecKeyImportPair + @abstract Takes an asymmetric key pair and stores it in the keychain specified by the keychain parameter. + @param keychainRef A reference to the keychain in which to store the private and public key items. Specify NULL for the default keychain. + @param publicCssmKey A CSSM_KEY which is valid for the CSP returned by SecKeychainGetCSPHandle(). This may be a normal key or reference key. + @param privateCssmKey A CSSM_KEY which is valid for the CSP returned by SecKeychainGetCSPHandle(). This may be a normal key or reference key. + @param initialAccess A SecAccess object that determines the initial access rights to the private key. The public key is given an any/any acl by default. + @param publicKey Optional output pointer to the keychain item reference of the imported public key. The caller must call CFRelease on this value if it is returned. + @param privateKey Optional output pointer to the keychain item reference of the imported private key. The caller must call CFRelease on this value if it is returned. + @result A result code. See "Security Error Codes" (SecBase.h). + @deprecated in 10.5 and later. Use the SecKeychainItemImport function instead; see +*/ +OSStatus SecKeyImportPair( + SecKeychainRef keychainRef, + const CSSM_KEY *publicCssmKey, + const CSSM_KEY *privateCssmKey, + SecAccessRef initialAccess, + SecKeyRef* publicKey, + SecKeyRef* privateKey) + DEPRECATED_IN_MAC_OS_X_VERSION_10_5_AND_LATER; + +/*! + @function SecKeyCreate + @abstract Create a key reference from the supplied key data. + @param allocator CFAllocator to allocate the key data. Pass NULL to use the default allocator. + @param keyClass A descriptor for the particular class of key that is being created. + @param keyData Data from which to create the key. Specify the format of this data in the encoding parameter. + @param keyDataLength Length of the data pointed to by keyData. + @param encoding A value of type SecKeyEncoding which describes the format of keyData. + @result A key reference. + @discussion Warning: this function is NOT intended for use outside the Security stack in its current state. + IMPORTANT: on Mac OS X 10.5 and earlier, the SecKeyCreate function had a different parameter list. + The current parameter list matches the iPhone OS implementation. Existing clients of this function + on Mac OS X (and there should not be any outside the Security stack, per the warning above) must + migrate to the replacement function, SecKeyCreateWithCSSMKey. +*/ +SecKeyRef SecKeyCreate(CFAllocatorRef allocator, + const SecKeyDescriptor *keyClass, const uint8_t *keyData, + CFIndex keyDataLength, SecKeyEncoding encoding); + +/*! + @function SecKeyCreateWithCSSMKey + @abstract Generate a temporary floating key reference for a CSSM_KEY. + @param key A pointer to a CSSM_KEY structure. + @param keyRef On return, a key reference. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion Warning: this function is NOT intended for use outside the Security stack in its current state. +*/ +OSStatus SecKeyCreateWithCSSMKey(const CSSM_KEY *key, SecKeyRef* keyRef); + + +/*! + @function SecKeyRawSign + @abstract Given a private key and data to sign, generate a digital signature. + @param key Private key with which to sign. + @param padding See Padding Types above, typically kSecPaddingPKCS1SHA1. + @param dataToSign The data to be signed, typically the digest of the actual data. + @param dataToSignLen Length of dataToSign in bytes. + @param sig Pointer to buffer in which the signature will be returned. + @param sigLen IN/OUT maximum length of sig buffer on input, actualy length of sig on output. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion If the padding argument is kSecPaddingPKCS1, PKCS1 padding + will be performed prior to signing. If this argument is kSecPaddingNone, + the incoming data will be signed "as is". + + When PKCS1 padding is performed, the maximum length of data that can + be signed is the value returned by SecKeyGetBlockSize() - 11. + + NOTE: The behavior this function with kSecPaddingNone is undefined if the + first byte of dataToSign is zero; there is no way to verify leading zeroes + as they are discarded during the calculation. + + If you want to generate a proper PKCS1 style signature with DER encoding of + the digest type - and the dataToSign is a SHA1 digest - use kSecPaddingPKCS1SHA1. +*/ +OSStatus SecKeyRawSign( + SecKeyRef key, + SecPadding padding, + const uint8_t *dataToSign, + size_t dataToSignLen, + uint8_t *sig, + size_t *sigLen); + + +/*! + @function SecKeyRawVerify + @abstract Given a public key, data which has been signed, and a signature, verify the signature. + @param key Public key with which to verify the signature. + @param padding See Padding Types above, typically kSecPaddingPKCS1SHA1. + @param signedData The data over which sig is being verified, typically the digest of the actual data. + @param signedDataLen Length of signedData in bytes. + @param sig Pointer to the signature to verify. + @param sigLen Length of sig in bytes. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion If the padding argument is kSecPaddingPKCS1, PKCS1 padding + will be checked during verification. If this argument is kSecPaddingNone, + the incoming data will be compared directly to sig. + + If you are verifying a proper PKCS1-style signature, with DER encoding of the digest + type - and the signedData is a SHA1 digest - use kSecPaddingPKCS1SHA1. +*/ +OSStatus SecKeyRawVerify( + SecKeyRef key, + SecPadding padding, + const uint8_t *signedData, + size_t signedDataLen, + const uint8_t *sig, + size_t sigLen); + + +/*! + @function SecKeyEncrypt + @abstract Encrypt a block of plaintext. + @param key Public key with which to encrypt the data. + @param padding See Padding Types above, typically kSecPaddingPKCS1. + @param plainText The data to encrypt. + @param plainTextLen Length of plainText in bytes, this must be less + or equal to the value returned by SecKeyGetBlockSize(). + @param cipherText Pointer to the output buffer. + @param cipherTextLen On input, specifies how much space is available at + cipherText; on return, it is the actual number of cipherText bytes written. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion If the padding argument is kSecPaddingPKCS1, PKCS1 padding + will be performed prior to encryption. If this argument is kSecPaddingNone, + the incoming data will be encrypted "as is". + + When PKCS1 padding is performed, the maximum length of data that can + be encrypted is the value returned by SecKeyGetBlockSize() - 11. + + When memory usage is a critical issue, note that the input buffer + (plainText) can be the same as the output buffer (cipherText). +*/ +OSStatus SecKeyEncrypt( + SecKeyRef key, + SecPadding padding, + const uint8_t *plainText, + size_t plainTextLen, + uint8_t *cipherText, + size_t *cipherTextLen); + + +/*! + @function SecKeyDecrypt + @abstract Decrypt a block of ciphertext. + @param key Private key with which to decrypt the data. + @param padding See SecPadding types above; typically kSecPaddingPKCS1. + @param cipherText The data to decrypt. + @param cipherTextLen Length of cipherText in bytes; this must be less + or equal to the value returned by SecKeyGetBlockSize(). + @param plainText Pointer to the output buffer. + @param plainTextLen On input, specifies how much space is available at + plainText; on return, it is the actual number of plainText bytes written. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion If the padding argument is kSecPaddingPKCS1, PKCS1 padding + will be removed after decryption. If this argument is kSecPaddingNone, + the decrypted data will be returned "as is". + + When memory usage is a critical issue, note that the input buffer + (plainText) can be the same as the output buffer (cipherText). +*/ +OSStatus SecKeyDecrypt( + SecKeyRef key, /* Private key */ + SecPadding padding, /* kSecPaddingNone, kSecPaddingPKCS1, kSecPaddingOAEP */ + const uint8_t *cipherText, + size_t cipherTextLen, /* length of cipherText */ + uint8_t *plainText, + size_t *plainTextLen); /* IN/OUT */ + +OSStatus SecKeyVerifyDigest( + SecKeyRef key, /* Private key */ + const SecAsn1AlgId *algId, /* algorithm oid/params */ + const uint8_t *digestData, /* signature over this digest */ + size_t digestDataLen, /* length of dataToDigest */ + const uint8_t *sig, /* signature to verify */ + size_t sigLen); /* length of sig */ + +OSStatus SecKeySignDigest( + SecKeyRef key, /* Private key */ + const SecAsn1AlgId *algId, /* algorithm oid/params */ + const uint8_t *digestData, /* signature over this digest */ + size_t digestDataLen, /* length of digestData */ + uint8_t *sig, /* signature, RETURNED */ + size_t *sigLen); /* IN/OUT */ + + +/* These are the named curves we support. These values come from RFC 4492 + section 5.1.1, with the exception of SSL_Curve_None which means + "ECDSA not negotiated". */ +typedef enum +{ + kSecECCurveNone = -1, + kSecECCurveSecp256r1 = 23, + kSecECCurveSecp384r1 = 24, + kSecECCurveSecp521r1 = 25 +} SecECNamedCurve; + +/* Return a named curve enum for ecPrivateKey. */ +SecECNamedCurve SecECKeyGetNamedCurve(SecKeyRef ecPrivateKey); +CFDataRef SecECKeyCopyPublicBits(SecKeyRef key); + +/* Given an RSA public key in encoded form return a SecKeyRef representing + that key. Supported encodings are kSecKeyEncodingPkcs1. */ +SecKeyRef SecKeyCreateRSAPublicKey(CFAllocatorRef allocator, + const uint8_t *keyData, CFIndex keyDataLength, + SecKeyEncoding encoding); + +CFDataRef SecKeyCopyModulus(SecKeyRef rsaPublicKey); +CFDataRef SecKeyCopyExponent(SecKeyRef rsaPublicKey); + +/*! + @function SecKeyCopyPublicBytes + @abstract Gets the bits of a public key + @param key Key to retrieve the bits. + @param publicBytes An out parameter to receive the public key bits + @result Errors if any when retrieving the public key bits.. + */ +OSStatus SecKeyCopyPublicBytes(SecKeyRef key, CFDataRef* publicBytes); + +/*! + @function SecKeyCreatePublicFromPrivate + @abstract Create a public SecKeyRef from a private SecKeyRef + @param privateKey The private SecKeyRef for which you want the public key + @result A public SecKeyRef, or NULL if the conversion failed + @discussion This is a "best attempt" function, hence the SPI nature. If the public + key bits are not in memory, it attempts to load from the keychain. If the public + key was not tracked on the keychain, it will fail. +*/ +SecKeyRef SecKeyCreatePublicFromPrivate(SecKeyRef privateKey); + +/*! + @function SecKeyCreateFromPublicData +*/ +SecKeyRef SecKeyCreateFromPublicData(CFAllocatorRef allocator, CFIndex algorithmID, CFDataRef publicBytes); + +OSStatus SecKeyRawVerifyOSX( + SecKeyRef key, + SecPadding padding, + const uint8_t *signedData, + size_t signedDataLen, + const uint8_t *sig, + size_t sigLen); + +#endif // SEC_OS_OSX_INCLUDES + /*! @enum SecKeyAttestationKeyType @abstract Defines types of builtin attestation keys. */ typedef CF_ENUM(uint32_t, SecKeyAttestationKeyType) { - kSecKeyAttestationKeyTypeSIK = 0, - kSecKeyAttestationKeyTypeGID + kSecKeyAttestationKeyTypeSIK = 0, + kSecKeyAttestationKeyTypeGID } __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0); /*! @@ -444,7 +748,7 @@ __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AV @param error An optional pointer to a CFErrorRef. This value is set if an error occurred. @result On success a CFDataRef containing the attestation data is returned, on failure it returns NULL. - + @discussion Key attestation only works for CTK SEP keys, i.e. keys created with kSecAttrTokenID=kSecAttrTokenIDSecureEnclave. */ CFDataRef SecKeyCreateAttestation(SecKeyRef key, SecKeyRef keyToAttest, CFErrorRef *error) diff --git a/libsecurity_smime/lib/SecCmsBase.h b/libsecurity_smime/lib/SecCmsBase.h index eeb5ad82..728b695c 100644 --- a/libsecurity_smime/lib/SecCmsBase.h +++ b/libsecurity_smime/lib/SecCmsBase.h @@ -35,12 +35,13 @@ #ifndef _SECURITY_SECCMSBASE_H_ #define _SECURITY_SECCMSBASE_H_ 1 +#include #include #include -#if !USE_CDSA_CRYPTO +#if !SEC_OS_OSX_INCLUDES typedef CFTypeRef SecKeychainRef; -#endif +#endif // ! SEC_OS_OSX_INCLUDES #if defined(__cplusplus) extern "C" { diff --git a/libsecurity_smime/lib/SecCmsContentInfo.h b/libsecurity_smime/lib/SecCmsContentInfo.h index 7f5ec6d9..f0d72c49 100644 --- a/libsecurity_smime/lib/SecCmsContentInfo.h +++ b/libsecurity_smime/lib/SecCmsContentInfo.h @@ -120,7 +120,6 @@ SecCmsContentInfoSetContentData(SecCmsContentInfoRef cinfo, CFDataRef data, Bool /*! @function @abstract Set a ContentInfos content to a SignedData. - @param cmsg A Message object to which the cinfo object belongs. @param cinfo A ContentInfo object of which we want set the content. @param sigd A SignedData object to set as the content of the cinfo object. @result A result code. See "SecCmsBase.h" for possible results. @@ -133,7 +132,6 @@ SecCmsContentInfoSetContentSignedData(SecCmsContentInfoRef cinfo, SecCmsSignedDa /*! @function @abstract Set a ContentInfos content to a EnvelopedData. - @param cmsg A Message object to which the cinfo object belongs. @param cinfo A ContentInfo object of which we want set the content. @param envd A EnvelopedData object to set as the content of the cinfo object. @result A result code. See "SecCmsBase.h" for possible results. @@ -146,7 +144,6 @@ SecCmsContentInfoSetContentEnvelopedData(SecCmsContentInfoRef cinfo, SecCmsEnvel /*! @function @abstract Set a ContentInfos content to a DigestedData. - @param cmsg A Message object to which the cinfo object belongs. @param cinfo A ContentInfo object of which we want set the content. @param digd A DigestedData object to set as the content of the cinfo object. @result A result code. See "SecCmsBase.h" for possible results. @@ -159,7 +156,6 @@ SecCmsContentInfoSetContentDigestedData(SecCmsContentInfoRef cinfo, SecCmsDigest /*! @function @abstract Set a ContentInfos content to a EncryptedData. - @param cmsg A Message object to which the cinfo object belongs. @param cinfo A ContentInfo object of which we want set the content. @param encd A EncryptedData object to set as the content of the cinfo object. @result A result code. See "SecCmsBase.h" for possible results. diff --git a/libsecurity_smime/lib/SecCmsDecoder.h b/libsecurity_smime/lib/SecCmsDecoder.h index 3543346d..44ef0708 100644 --- a/libsecurity_smime/lib/SecCmsDecoder.h +++ b/libsecurity_smime/lib/SecCmsDecoder.h @@ -110,7 +110,7 @@ SecCmsDecoderFinish(SecCmsDecoderRef decoder, SecCmsMessageRef *outMessage); @abstract Decode a CMS message from BER encoded data. @discussion This function basically does the same as calling SecCmsDecoderStart(), SecCmsDecoderUpdate() and SecCmsDecoderFinish(). - @param DERmessage Pointer to a SecAsn1Item containing the BER encoded cms + @param encodedMessage Pointer to a SecAsn1Item containing the BER encoded cms message to decode. @param cb callback function for delivery of inner content inner content will be stored in the message if cb is NULL. diff --git a/libsecurity_smime/lib/SecCmsEncoder.h b/libsecurity_smime/lib/SecCmsEncoder.h index ae45ad9a..7b432b57 100644 --- a/libsecurity_smime/lib/SecCmsEncoder.h +++ b/libsecurity_smime/lib/SecCmsEncoder.h @@ -53,7 +53,7 @@ extern "C" { @param outputfn callback function for delivery of BER-encoded output will not be called if NULL. @param outputarg first argument passed to outputfn when it is called. - @param dest If non-NULL, a CFMutableDataRef to which the + @param outBer If non-NULL, a CFMutableDataRef to which the BER-encoded output will be appended. @param pwfn callback function for getting token password for enveloped data content with a password recipient. @@ -61,9 +61,6 @@ extern "C" { @param encrypt_key_cb callback function for getting bulk key for encryptedData content. @param encrypt_key_cb_arg first argument passed to encrypt_key_cb when it is called. - @param detached_digestalgs digest algorithms in detached_digests - @param detached_digests digests from detached content (one for every element - in detached_digestalgs). @result On success a pointer to a SecCmsMessage containing the decoded message is returned. On failure returns NULL. Call PR_GetError() to find out what went wrong in this case. diff --git a/libsecurity_smime/lib/SecCmsMessage.h b/libsecurity_smime/lib/SecCmsMessage.h index ebdb7579..f3e55801 100644 --- a/libsecurity_smime/lib/SecCmsMessage.h +++ b/libsecurity_smime/lib/SecCmsMessage.h @@ -49,8 +49,6 @@ extern "C" { /*! @function @abstract Create a CMS message object. - @param poolp Arena to allocate memory from, or NULL if new arena should - be created. @result A pointer to a newly created SecCmsMessage. When finished using this the caller should call SecCmsMessageDestroy(). On failure returns NULL. In this case call PR_GetError() to find out what went diff --git a/libsecurity_smime/lib/cert.h b/libsecurity_smime/lib/cert.h index afa374a6..c9b38991 100644 --- a/libsecurity_smime/lib/cert.h +++ b/libsecurity_smime/lib/cert.h @@ -21,9 +21,7 @@ /************************************************************************/ SEC_BEGIN_PROTOS -#if !USE_CDSA_CRYPTO bool CERT_CheckIssuerAndSerial(SecCertificateRef cert, SecAsn1Item *issuer, SecAsn1Item *serial); -#endif typedef void CERTVerifyLog; @@ -109,13 +107,8 @@ SECStatus CERT_SaveSMimeProfile(SecCertificateRef cert, SecAsn1Item *emailProfil // is given in the common name of the certificate. SECStatus CERT_VerifyCertName(SecCertificateRef cert, const char *hostname); -#if USE_CDSA_CRYPTO -SECStatus CERT_VerifyCert(SecKeychainRef keychainOrArray, SecCertificateRef cert, - CFTypeRef policies, CFAbsoluteTime stime, SecTrustRef *trustRef); -#else SECStatus CERT_VerifyCert(SecKeychainRef keychainOrArray, CFArrayRef cert, CFTypeRef policies, CFAbsoluteTime stime, SecTrustRef *trustRef); -#endif CFTypeRef CERT_PolicyForCertUsage(SECCertUsage certUsage); diff --git a/libsecurity_smime/lib/cmscinfo.c b/libsecurity_smime/lib/cmscinfo.c index 438eed10..9a7ebaf1 100644 --- a/libsecurity_smime/lib/cmscinfo.c +++ b/libsecurity_smime/lib/cmscinfo.c @@ -365,16 +365,11 @@ SecCmsContentInfoSetContentEncAlgID(SecCmsContentInfoRef cinfo, void SecCmsContentInfoSetBulkKey(SecCmsContentInfoRef cinfo, SecSymmetricKeyRef bulkkey) { -#ifdef USE_CDSA_CRYPTO - const CSSM_KEY *cssmKey = NULL; -#endif if (!bulkkey || !cinfo) return; + cinfo->bulkkey = bulkkey; CFRetain(cinfo->bulkkey); -#ifdef USE_CDSA_CRYPTO - SecKeyGetCSSMKey(cinfo->bulkkey, &cssmKey); - cinfo->keysize = cssmKey ? cssmKey->KeyHeader.LogicalKeySizeInBits : 0; -#else + long long bulkKeySize = CFDataGetLength((CFDataRef)bulkkey) * 8; if (bulkKeySize < INT_MAX) { cinfo->keysize = (int)bulkKeySize; @@ -383,7 +378,6 @@ SecCmsContentInfoSetBulkKey(SecCmsContentInfoRef cinfo, SecSymmetricKeyRef bulkk cinfo->bulkkey = NULL; cinfo->keysize = 0; } -#endif } SecSymmetricKeyRef diff --git a/libsecurity_smime/lib/cmscipher.c b/libsecurity_smime/lib/cmscipher.c index 3c86da76..5d869a6e 100644 --- a/libsecurity_smime/lib/cmscipher.c +++ b/libsecurity_smime/lib/cmscipher.c @@ -45,14 +45,8 @@ #include #include -#if USE_CDSA_CRYPTO -#include -#include -#include -#else #include #include -#endif /* * ------------------------------------------------------------------- @@ -98,68 +92,6 @@ __unused static const SecAsn1Template sec_rc2cbc_parameter_template[] = { { 0 } }; -// TODO: get rid of this? -#if USE_CDSA_CRYPTO -/* -** Convert a der encoded *signed* integer into a machine integral value. -** If an underflow/overflow occurs, sets error code and returns min/max. -*/ -static long -DER_GetInteger(SecAsn1Item *it) -{ - long ival = 0; - unsigned len = it->Length; - unsigned char *cp = it->Data; - unsigned long overflow = 0x1ffUL << (((sizeof(ival) - 1) * 8) - 1); - unsigned long ofloinit; - - if (*cp & 0x80) - ival = -1L; - ofloinit = ival & overflow; - - while (len) { - if ((ival & overflow) != ofloinit) { - PORT_SetError(SEC_ERROR_BAD_DER); - if (ival < 0) { - return LONG_MIN; - } - return LONG_MAX; - } - ival = ival << 8; - ival |= *cp++; - --len; - } - return ival; -} - -/* S/MIME picked id values to represent differnt keysizes */ -/* I do have a formula, but it ain't pretty, and it only works because you - * can always match three points to a parabola:) */ -static unsigned char rc2_map(SecAsn1Item *version) -{ - long x; - - x = DER_GetInteger(version); - - switch (x) { - case 58: return 128; - case 120: return 64; - case 160: return 40; - } - return 128; -} - -static unsigned long rc2_unmap(unsigned long x) -{ - switch (x) { - case 128: return 58; - case 64: return 120; - case 40: return 160; - } - return 58; -} -#endif /* USE_CDSA_CRYPTO */ - /* default IV size in bytes */ #define DEFAULT_IV_SIZE 8 /* IV/block size for AES */ @@ -167,14 +99,12 @@ static unsigned long rc2_unmap(unsigned long x) /* max IV size in bytes */ #define MAX_IV_SIZE AES_BLOCK_SIZE -#if !USE_CDSA_CRYPTO #ifndef kCCKeySizeMaxRC2 #define kCCKeySizeMaxRC2 16 #endif #ifndef kCCBlockSizeRC2 #define kCCBlockSizeRC2 8 #endif -#endif static SecCmsCipherContextRef SecCmsCipherContextStart(PRArenaPool *poolp, SecSymmetricKeyRef key, SECAlgorithmID *algid, Boolean encrypt) @@ -185,79 +115,16 @@ SecCmsCipherContextStart(PRArenaPool *poolp, SecSymmetricKeyRef key, SECAlgorith OSStatus rv; uint8_t ivbuf[MAX_IV_SIZE]; SecAsn1Item initVector = { DEFAULT_IV_SIZE, ivbuf }; -#if USE_CDSA_CRYPTO - CSSM_CC_HANDLE ciphercc = 0; - CSSM_ALGORITHMS algorithm; - CSSM_PADDING padding = CSSM_PADDING_PKCS7; - CSSM_ENCRYPT_MODE mode; - CSSM_CSP_HANDLE cspHandle; - const CSSM_KEY *cssmKey; - //CSSM_CONTEXT_ATTRIBUTE contextAttribute = { CSSM_ATTRIBUTE_ALG_PARAMS, sizeof(SecAsn1Item *) }; -#else CCCryptorRef ciphercc = NULL; CCOptions cipheroptions = kCCOptionPKCS7Padding; int cipher_blocksize = 0; -#endif - -#if USE_CDSA_CRYPTO - rv = SecKeyGetCSPHandle(key, &cspHandle); - if (rv) - goto loser; - rv = SecKeyGetCSSMKey(key, &cssmKey); - if (rv) - goto loser; -#endif - // @@@ Add support for PBE based stuff oidData = SECOID_FindOID(&algid->algorithm); if (!oidData) goto loser; algtag = oidData->offset; -#if USE_CDSA_CRYPTO - algorithm = oidData->cssmAlgorithm; - if (!algorithm) - goto loser; - - switch (algtag) - { - case SEC_OID_RC2_CBC: - case SEC_OID_RC4: - case SEC_OID_DES_EDE3_CBC: - case SEC_OID_DES_EDE: - case SEC_OID_DES_CBC: - case SEC_OID_RC5_CBC_PAD: - case SEC_OID_FORTEZZA_SKIPJACK: - mode = CSSM_ALGMODE_CBCPadIV8; - break; - - /* RFC 3565 says that these sizes refer to key size, NOT block size */ - case SEC_OID_AES_128_CBC: - case SEC_OID_AES_192_CBC: - case SEC_OID_AES_256_CBC: - initVector.Length = AES_BLOCK_SIZE; - mode = CSSM_ALGMODE_CBCPadIV8; - break; - - case SEC_OID_DES_ECB: - case SEC_OID_AES_128_ECB: - case SEC_OID_AES_192_ECB: - case SEC_OID_AES_256_ECB: - mode = CSSM_ALGMODE_ECBPad; - break; - - case SEC_OID_DES_OFB: - mode = CSSM_ALGMODE_OFBPadIV8; - break; - case SEC_OID_DES_CFB: - mode = CSSM_ALGMODE_CFBPadIV8; - break; - - default: - goto loser; - } -#else CCAlgorithm alg = -1; switch (algtag) { case SEC_OID_DES_CBC: @@ -282,30 +149,12 @@ SecCmsCipherContextStart(PRArenaPool *poolp, SecSymmetricKeyRef key, SECAlgorith default: goto loser; } -#endif if (encrypt) { -#if USE_CDSA_CRYPTO - CSSM_CC_HANDLE randomcc; - //SecAsn1Item *parameters; - - // Generate random initVector - if (CSSM_CSP_CreateRandomGenContext(cspHandle, - CSSM_ALGID_APPLE_YARROW, - NULL, /* seed*/ - initVector.Length, - &randomcc)) - goto loser; - - if (CSSM_GenerateRandom(randomcc, &initVector)) - goto loser; - CSSM_DeleteContext(randomcc); -#else if (SecRandomCopyBytes(kSecRandomDefault, initVector.Length, initVector.Data)) goto loser; -#endif // Put IV into algid.parameters switch (algtag) @@ -330,25 +179,6 @@ SecCmsCipherContextStart(PRArenaPool *poolp, SecSymmetricKeyRef key, SECAlgorith goto loser; break; case SEC_OID_RC2_CBC: -#if USE_CDSA_CRYPTO - { - sec_rc2cbcParameter rc2 = {}; - unsigned long rc2version; - SecAsn1Item *newParams; - - rc2.iv = initVector; - rc2version = rc2_unmap(cssmKey->KeyHeader.LogicalKeySizeInBits); - if (!SEC_ASN1EncodeUnsignedInteger (NULL, &(rc2.rc2ParameterVersion), - rc2version)) - goto loser; - newParams = SEC_ASN1EncodeItem (poolp, &algid->parameters, &rc2, - sec_rc2cbc_parameter_template); - PORT_Free(rc2.rc2ParameterVersion.Data); - if (newParams == NULL) - goto loser; - break; - } -#endif case SEC_OID_RC5_CBC_PAD: default: // @@@ Implement rc5 params stuff. @@ -391,31 +221,6 @@ SecCmsCipherContextStart(PRArenaPool *poolp, SecSymmetricKeyRef key, SECAlgorith break; } case SEC_OID_RC2_CBC: -#if USE_CDSA_CRYPTO - { - sec_rc2cbcParameter rc2 = {}; - unsigned long ulEffectiveBits; - - rv = SEC_ASN1DecodeItem(NULL, &rc2 ,sec_rc2cbc_parameter_template, - &(algid->parameters)); - if (rv) - goto loser; - - if (initVector.Length != rc2.iv.Length) { - PORT_Free(rc2.iv.Data); - PORT_Free(rc2.rc2ParameterVersion.Data); - goto loser; - } - memcpy(initVector.Data, rc2.iv.Data, initVector.Length); - PORT_Free(rc2.iv.Data); - - ulEffectiveBits = rc2_map(&rc2.rc2ParameterVersion); - PORT_Free(rc2.rc2ParameterVersion.Data); - if (ulEffectiveBits != cssmKey->KeyHeader.LogicalKeySizeInBits) - goto loser; - break; - } -#endif case SEC_OID_RC5_CBC_PAD: default: // @@@ Implement rc5 params stuff. @@ -424,30 +229,10 @@ SecCmsCipherContextStart(PRArenaPool *poolp, SecSymmetricKeyRef key, SECAlgorith } } -#if USE_CDSA_CRYPTO - if (CSSM_CSP_CreateSymmetricContext(cspHandle, - algorithm, - mode, - NULL, /* accessCred */ - cssmKey, - &initVector, - padding, - NULL, /* reserved */ - &ciphercc)) - goto loser; - - if (encrypt) - rv = CSSM_EncryptDataInit(ciphercc); - else - rv = CSSM_DecryptDataInit(ciphercc); - if (rv) - goto loser; -#else if (CCCryptorCreate(encrypt ? kCCEncrypt : kCCDecrypt, alg, cipheroptions, CFDataGetBytePtr(key), CFDataGetLength(key), initVector.Data, &ciphercc)) goto loser; -#endif cc = (SecCmsCipherContextRef)PORT_ZAlloc(sizeof(SecCmsCipherContext)); if (cc == NULL) @@ -455,17 +240,11 @@ SecCmsCipherContextStart(PRArenaPool *poolp, SecSymmetricKeyRef key, SECAlgorith cc->cc = ciphercc; cc->encrypt = encrypt; -#if !USE_CDSA_CRYPTO cc->block_size =cipher_blocksize; -#endif return cc; loser: if (ciphercc) -#if USE_CDSA_CRYPTO - CSSM_DeleteContext(ciphercc); -#else CCCryptorRelease(ciphercc); -#endif return NULL; } @@ -482,88 +261,6 @@ SecCmsCipherContextRef SecCmsCipherContextStartDecrypt(SecSymmetricKeyRef key, SECAlgorithmID *algid) { return SecCmsCipherContextStart(NULL, key, algid, PR_FALSE); -#if 0 - SecCmsCipherContextRef cc; - void *ciphercx; - CK_MECHANISM_TYPE mechanism; - SecAsn1Item * param; - PK11SlotInfo *slot; - SECOidTag algtag; - - algtag = SECOID_GetAlgorithmTag(algid); - - /* set param and mechanism */ - if (SEC_PKCS5IsAlgorithmPBEAlg(algid)) { - CK_MECHANISM pbeMech, cryptoMech; - SecAsn1Item * pbeParams; - SEC_PKCS5KeyAndPassword *keyPwd; - - PORT_Memset(&pbeMech, 0, sizeof(CK_MECHANISM)); - PORT_Memset(&cryptoMech, 0, sizeof(CK_MECHANISM)); - - /* HACK ALERT! - * in this case, key is not actually a SecSymmetricKeyRef, but a SEC_PKCS5KeyAndPassword * - */ - keyPwd = (SEC_PKCS5KeyAndPassword *)key; - key = keyPwd->key; - - /* find correct PK11 mechanism and parameters to initialize pbeMech */ - pbeMech.mechanism = PK11_AlgtagToMechanism(algtag); - pbeParams = PK11_ParamFromAlgid(algid); - if (!pbeParams) - return NULL; - pbeMech.pParameter = pbeParams->Data; - pbeMech.ulParameterLen = pbeParams->Length; - - /* now map pbeMech to cryptoMech */ - if (PK11_MapPBEMechanismToCryptoMechanism(&pbeMech, &cryptoMech, keyPwd->pwitem, - PR_FALSE) != CKR_OK) { - SECITEM_ZfreeItem(pbeParams, PR_TRUE); - return NULL; - } - SECITEM_ZfreeItem(pbeParams, PR_TRUE); - - /* and use it to initialize param & mechanism */ - if ((param = (SecAsn1Item *)PORT_ZAlloc(sizeof(SecAsn1Item))) == NULL) - return NULL; - - param->Data = (unsigned char *)cryptoMech.pParameter; - param->Length = cryptoMech.ulParameterLen; - mechanism = cryptoMech.mechanism; - } else { - mechanism = PK11_AlgtagToMechanism(algtag); - if ((param = PK11_ParamFromAlgid(algid)) == NULL) - return NULL; - } - - cc = (SecCmsCipherContextRef)PORT_ZAlloc(sizeof(SecCmsCipherContext)); - if (cc == NULL) { - SECITEM_FreeItem(param,PR_TRUE); - return NULL; - } - - /* figure out pad and block sizes */ - cc->pad_size = PK11_GetBlockSize(mechanism, param); - slot = PK11_GetSlotFromKey(key); - cc->block_size = PK11_IsHW(slot) ? BLOCK_SIZE : cc->pad_size; - PK11_FreeSlot(slot); - - /* create PK11 cipher context */ - ciphercx = PK11_CreateContextBySymKey(mechanism, CKA_DECRYPT, key, param); - SECITEM_FreeItem(param, PR_TRUE); - if (ciphercx == NULL) { - PORT_Free (cc); - return NULL; - } - - cc->cx = ciphercx; - cc->doit = (nss_cms_cipher_function) PK11_CipherOp; - cc->destroy = (nss_cms_cipher_destroy) PK11_DestroyContext; - cc->encrypt = PR_FALSE; - cc->pending_count = 0; - - return cc; -#endif } /* @@ -579,107 +276,6 @@ SecCmsCipherContextRef SecCmsCipherContextStartEncrypt(PRArenaPool *poolp, SecSymmetricKeyRef key, SECAlgorithmID *algid) { return SecCmsCipherContextStart(poolp, key, algid, PR_TRUE); -#if 0 - SecCmsCipherContextRef cc; - void *ciphercx; - SecAsn1Item * param; - OSStatus rv; - CK_MECHANISM_TYPE mechanism; - PK11SlotInfo *slot; - Boolean needToEncodeAlgid = PR_FALSE; - SECOidTag algtag = SECOID_GetAlgorithmTag(algid); - - /* set param and mechanism */ - if (SEC_PKCS5IsAlgorithmPBEAlg(algid)) { - CK_MECHANISM pbeMech, cryptoMech; - SecAsn1Item * pbeParams; - SEC_PKCS5KeyAndPassword *keyPwd; - - PORT_Memset(&pbeMech, 0, sizeof(CK_MECHANISM)); - PORT_Memset(&cryptoMech, 0, sizeof(CK_MECHANISM)); - - /* HACK ALERT! - * in this case, key is not actually a SecSymmetricKeyRef, but a SEC_PKCS5KeyAndPassword * - */ - keyPwd = (SEC_PKCS5KeyAndPassword *)key; - key = keyPwd->key; - - /* find correct PK11 mechanism and parameters to initialize pbeMech */ - pbeMech.mechanism = PK11_AlgtagToMechanism(algtag); - pbeParams = PK11_ParamFromAlgid(algid); - if (!pbeParams) - return NULL; - pbeMech.pParameter = pbeParams->Data; - pbeMech.ulParameterLen = pbeParams->Length; - - /* now map pbeMech to cryptoMech */ - if (PK11_MapPBEMechanismToCryptoMechanism(&pbeMech, &cryptoMech, keyPwd->pwitem, - PR_FALSE) != CKR_OK) { - SECITEM_ZfreeItem(pbeParams, PR_TRUE); - return NULL; - } - SECITEM_ZfreeItem(pbeParams, PR_TRUE); - - /* and use it to initialize param & mechanism */ - if ((param = (SecAsn1Item *)PORT_ZAlloc(sizeof(SecAsn1Item))) == NULL) - return NULL; - - param->Data = (unsigned char *)cryptoMech.pParameter; - param->Length = cryptoMech.ulParameterLen; - mechanism = cryptoMech.mechanism; - } else { - mechanism = PK11_AlgtagToMechanism(algtag); - if ((param = PK11_GenerateNewParam(mechanism, key)) == NULL) - return NULL; - needToEncodeAlgid = PR_TRUE; - } - - cc = (SecCmsCipherContextRef)PORT_ZAlloc(sizeof(SecCmsCipherContext)); - if (cc == NULL) - return NULL; - - /* now find pad and block sizes for our mechanism */ - cc->pad_size = PK11_GetBlockSize(mechanism,param); - slot = PK11_GetSlotFromKey(key); - cc->block_size = PK11_IsHW(slot) ? BLOCK_SIZE : cc->pad_size; - PK11_FreeSlot(slot); - - /* and here we go, creating a PK11 cipher context */ - ciphercx = PK11_CreateContextBySymKey(mechanism, CKA_ENCRYPT, key, param); - if (ciphercx == NULL) { - PORT_Free(cc); - cc = NULL; - goto loser; - } - - /* - * These are placed after the CreateContextBySymKey() because some - * mechanisms have to generate their IVs from their card (i.e. FORTEZZA). - * Don't move it from here. - * XXX is that right? the purpose of this is to get the correct algid - * containing the IVs etc. for encoding. this means we need to set this up - * BEFORE encoding the algid in the contentInfo, right? - */ - if (needToEncodeAlgid) { - rv = PK11_ParamToAlgid(algtag, param, poolp, algid); - if(rv != SECSuccess) { - PORT_Free(cc); - cc = NULL; - goto loser; - } - } - - cc->cx = ciphercx; - cc->doit = (nss_cms_cipher_function)PK11_CipherOp; - cc->destroy = (nss_cms_cipher_destroy)PK11_DestroyContext; - cc->encrypt = PR_TRUE; - cc->pending_count = 0; - -loser: - SECITEM_FreeItem(param, PR_TRUE); - - return cc; -#endif } void @@ -688,31 +284,16 @@ SecCmsCipherContextDestroy(SecCmsCipherContextRef cc) PORT_Assert(cc != NULL); if (cc == NULL) return; -#if USE_CDSA_CRYPTO - CSSM_DeleteContext(cc->cc); -#else + CCCryptorRelease(cc->cc); -#endif + PORT_Free(cc); } static unsigned int SecCmsCipherContextLength(SecCmsCipherContextRef cc, unsigned int input_len, Boolean final, Boolean encrypt) { -#if USE_CDSA_CRYPTO - CSSM_QUERY_SIZE_DATA dataBlockSize[2] = { { input_len, 0 }, { input_len, 0 } }; - /* Hack CDSA treats the last block as the final one. So unless we are being asked to report the final size we ask for 2 block and ignore the second (final) one. */ - OSStatus rv = CSSM_QuerySize(cc->cc, cc->encrypt, final ? 1 : 2, dataBlockSize); - if (rv) - { - PORT_SetError(rv); - return 0; - } - - return dataBlockSize[0].SizeOutputBlock; -#else return ((input_len + cc->block_size - 1) / cc->block_size * cc->block_size) + (final ? cc->block_size : 0); -#endif } /* @@ -739,46 +320,7 @@ SecCmsCipherContextLength(SecCmsCipherContextRef cc, unsigned int input_len, Boo unsigned int SecCmsCipherContextDecryptLength(SecCmsCipherContextRef cc, unsigned int input_len, Boolean final) { -#if 1 return SecCmsCipherContextLength(cc, input_len, final, PR_FALSE); -#else - int blocks, block_size; - - PORT_Assert (! cc->encrypt); - - block_size = cc->block_size; - - /* - * If this is not a block cipher, then we always have the same - * number of output bytes as we had input bytes. - */ - if (block_size == 0) - return input_len; - - /* - * On the final call, we will always use up all of the pending - * bytes plus all of the input bytes, *but*, there will be padding - * at the end and we cannot predict how many bytes of padding we - * will end up removing. The amount given here is actually known - * to be at least 1 byte too long (because we know we will have - * at least 1 byte of padding), but seemed clearer/better to me. - */ - if (final) - return cc->pending_count + input_len; - - /* - * Okay, this amount is exactly what we will output on the - * next cipher operation. We will always hang onto the last - * 1 - block_size bytes for non-final operations. That is, - * we will do as many complete blocks as we can *except* the - * last block (complete or partial). (This is because until - * we know we are at the end, we cannot know when to interpret - * and removing the padding byte(s), which are guaranteed to - * be there.) - */ - blocks = (cc->pending_count + input_len - 1) / block_size; - return blocks * block_size; -#endif } /* @@ -801,48 +343,7 @@ SecCmsCipherContextDecryptLength(SecCmsCipherContextRef cc, unsigned int input_l unsigned int SecCmsCipherContextEncryptLength(SecCmsCipherContextRef cc, unsigned int input_len, Boolean final) { -#if 1 return SecCmsCipherContextLength(cc, input_len, final, PR_TRUE); -#else - int blocks, block_size; - int pad_size; - - PORT_Assert (cc->encrypt); - - block_size = cc->block_size; - pad_size = cc->pad_size; - - /* - * If this is not a block cipher, then we always have the same - * number of output bytes as we had input bytes. - */ - if (block_size == 0) - return input_len; - - /* - * On the final call, we only send out what we need for - * remaining bytes plus the padding. (There is always padding, - * so even if we have an exact number of blocks as input, we - * will add another full block that is just padding.) - */ - if (final) { - if (pad_size == 0) { - return cc->pending_count + input_len; - } else { - blocks = (cc->pending_count + input_len) / pad_size; - blocks++; - return blocks*pad_size; - } - } - - /* - * Now, count the number of complete blocks of data we have. - */ - blocks = (cc->pending_count + input_len) / block_size; - - - return blocks * block_size; -#endif } @@ -857,34 +358,16 @@ SecCmsCipherContextCrypt(SecCmsCipherContextRef cc, unsigned char *output, if (input_len) { - -#if USE_CDSA_CRYPTO - SecAsn1Item inputBuf = { input_len, (uint8_t *)input }; - SecAsn1Item outputBuf = { max_output_len, output }; - if (encrypt) - rv = CSSM_EncryptDataUpdate(cc->cc, &inputBuf, 1, &outputBuf, 1, &bytes_output); - else - rv = CSSM_DecryptDataUpdate(cc->cc, &inputBuf, 1, &outputBuf, 1, &bytes_output); -#else rv = CCCryptorUpdate(cc->cc, input, input_len, output, max_output_len, &bytes_output); -#endif } if (!rv && final) { -#if USE_CDSA_CRYPTO - SecAsn1Item remainderBuf = { max_output_len - bytes_output, output + bytes_output }; - if (encrypt) - rv = CSSM_EncryptDataFinal(cc->cc, &remainderBuf); - else - rv = CSSM_DecryptDataFinal(cc->cc, &remainderBuf); - bytes_output += remainderBuf.Length; -#else size_t bytes_output_final = 0; rv = CCCryptorFinal(cc->cc, output+bytes_output, max_output_len-bytes_output, &bytes_output_final); bytes_output += bytes_output_final; -#endif } + if (rv) PORT_SetError(SEC_ERROR_BAD_DATA); else if (output_len_p) @@ -929,181 +412,10 @@ SecCmsCipherContextDecrypt(SecCmsCipherContextRef cc, unsigned char *output, const unsigned char *input, unsigned int input_len, Boolean final) { -#if 1 return SecCmsCipherContextCrypt(cc, output, output_len_p, max_output_len, input, input_len, final, PR_FALSE); -#else - int blocks, bsize, pcount, padsize; - unsigned int max_needed, ifraglen, ofraglen, output_len; - unsigned char *pbuf; - OSStatus rv; - - PORT_Assert (! cc->encrypt); - - /* - * Check that we have enough room for the output. Our caller should - * already handle this; failure is really an internal error (i.e. bug). - */ - max_needed = SecCmsCipherContextDecryptLength(cc, input_len, final); - PORT_Assert (max_output_len >= max_needed); - if (max_output_len < max_needed) { - /* PORT_SetError (XXX); */ - return SECFailure; - } - - /* - * hardware encryption does not like small decryption sizes here, so we - * allow both blocking and padding. - */ - bsize = cc->block_size; - padsize = cc->pad_size; - - /* - * When no blocking or padding work to do, we can simply call the - * cipher function and we are done. - */ - if (bsize == 0) { - return (* cc->doit) (cc->cx, output, output_len_p, max_output_len, - input, input_len); - } - - pcount = cc->pending_count; - pbuf = cc->pending_buf; - - output_len = 0; - - if (pcount) { - /* - * Try to fill in an entire block, starting with the bytes - * we already have saved away. - */ - while (input_len && pcount < bsize) { - pbuf[pcount++] = *input++; - input_len--; - } - /* - * If we have at most a whole block and this is not our last call, - * then we are done for now. (We do not try to decrypt a lone - * single block because we cannot interpret the padding bytes - * until we know we are handling the very last block of all input.) - */ - if (input_len == 0 && !final) { - cc->pending_count = pcount; - if (output_len_p) - *output_len_p = 0; - return SECSuccess; - } - /* - * Given the logic above, we expect to have a full block by now. - * If we do not, there is something wrong, either with our own - * logic or with (length of) the data given to us. - */ - if ((padsize != 0) && (pcount % padsize) != 0) { - PORT_Assert (final); - PORT_SetError (SEC_ERROR_BAD_DATA); - return SECFailure; - } - /* - * Decrypt the block. - */ - rv = (*cc->doit)(cc->cx, output, &ofraglen, max_output_len, - pbuf, pcount); - if (rv != SECSuccess) - return rv; - - /* - * For now anyway, all of our ciphers have the same number of - * bytes of output as they do input. If this ever becomes untrue, - * then SecCmsCipherContextDecryptLength needs to be made smarter! - */ - PORT_Assert(ofraglen == pcount); - - /* - * Account for the bytes now in output. - */ - max_output_len -= ofraglen; - output_len += ofraglen; - output += ofraglen; - } - - /* - * If this is our last call, we expect to have an exact number of - * blocks left to be decrypted; we will decrypt them all. - * - * If not our last call, we always save between 1 and bsize bytes - * until next time. (We must do this because we cannot be sure - * that none of the decrypted bytes are padding bytes until we - * have at least another whole block of data. You cannot tell by - * looking -- the data could be anything -- you can only tell by - * context, knowing you are looking at the last block.) We could - * decrypt a whole block now but it is easier if we just treat it - * the same way we treat partial block bytes. - */ - if (final) { - if (padsize) { - blocks = input_len / padsize; - ifraglen = blocks * padsize; - } else ifraglen = input_len; - PORT_Assert (ifraglen == input_len); - - if (ifraglen != input_len) { - PORT_SetError(SEC_ERROR_BAD_DATA); - return SECFailure; - } - } else { - blocks = (input_len - 1) / bsize; - ifraglen = blocks * bsize; - PORT_Assert (ifraglen < input_len); - - pcount = input_len - ifraglen; - PORT_Memcpy (pbuf, input + ifraglen, pcount); - cc->pending_count = pcount; - } - - if (ifraglen) { - rv = (* cc->doit)(cc->cx, output, &ofraglen, max_output_len, - input, ifraglen); - if (rv != SECSuccess) - return rv; - - /* - * For now anyway, all of our ciphers have the same number of - * bytes of output as they do input. If this ever becomes untrue, - * then sec_PKCS7DecryptLength needs to be made smarter! - */ - PORT_Assert (ifraglen == ofraglen); - if (ifraglen != ofraglen) { - PORT_SetError(SEC_ERROR_BAD_DATA); - return SECFailure; - } - - output_len += ofraglen; - } else { - ofraglen = 0; - } - - /* - * If we just did our very last block, "remove" the padding by - * adjusting the output length. - */ - if (final && (padsize != 0)) { - unsigned int padlen = *(output + ofraglen - 1); - - if (padlen == 0 || padlen > padsize) { - PORT_SetError(SEC_ERROR_BAD_DATA); - return SECFailure; - } - output_len -= padlen; - } - - PORT_Assert (output_len_p != NULL || output_len == 0); - if (output_len_p != NULL) - *output_len_p = output_len; - - return SECSuccess; -#endif } /* @@ -1147,146 +459,8 @@ SecCmsCipherContextEncrypt(SecCmsCipherContextRef cc, unsigned char *output, const unsigned char *input, unsigned int input_len, Boolean final) { -#if 1 return SecCmsCipherContextCrypt(cc, output, output_len_p, max_output_len, input, input_len, final, PR_TRUE); -#else - int blocks, bsize, padlen, pcount, padsize; - unsigned int max_needed, ifraglen, ofraglen, output_len; - unsigned char *pbuf; - OSStatus rv; - - PORT_Assert (cc->encrypt); - - /* - * Check that we have enough room for the output. Our caller should - * already handle this; failure is really an internal error (i.e. bug). - */ - max_needed = SecCmsCipherContextEncryptLength (cc, input_len, final); - PORT_Assert (max_output_len >= max_needed); - if (max_output_len < max_needed) { - /* PORT_SetError (XXX); */ - return SECFailure; - } - - bsize = cc->block_size; - padsize = cc->pad_size; - - /* - * When no blocking and padding work to do, we can simply call the - * cipher function and we are done. - */ - if (bsize == 0) { - return (*cc->doit)(cc->cx, output, output_len_p, max_output_len, - input, input_len); - } - - pcount = cc->pending_count; - pbuf = cc->pending_buf; - - output_len = 0; - - if (pcount) { - /* - * Try to fill in an entire block, starting with the bytes - * we already have saved away. - */ - while (input_len && pcount < bsize) { - pbuf[pcount++] = *input++; - input_len--; - } - /* - * If we do not have a full block and we know we will be - * called again, then we are done for now. - */ - if (pcount < bsize && !final) { - cc->pending_count = pcount; - if (output_len_p != NULL) - *output_len_p = 0; - return SECSuccess; - } - /* - * If we have a whole block available, encrypt it. - */ - if ((padsize == 0) || (pcount % padsize) == 0) { - rv = (* cc->doit) (cc->cx, output, &ofraglen, max_output_len, - pbuf, pcount); - if (rv != SECSuccess) - return rv; - - /* - * For now anyway, all of our ciphers have the same number of - * bytes of output as they do input. If this ever becomes untrue, - * then sec_PKCS7EncryptLength needs to be made smarter! - */ - PORT_Assert (ofraglen == pcount); - - /* - * Account for the bytes now in output. - */ - max_output_len -= ofraglen; - output_len += ofraglen; - output += ofraglen; - - pcount = 0; - } - } - - if (input_len) { - PORT_Assert (pcount == 0); - - blocks = input_len / bsize; - ifraglen = blocks * bsize; - - if (ifraglen) { - rv = (* cc->doit) (cc->cx, output, &ofraglen, max_output_len, - input, ifraglen); - if (rv != SECSuccess) - return rv; - - /* - * For now anyway, all of our ciphers have the same number of - * bytes of output as they do input. If this ever becomes untrue, - * then sec_PKCS7EncryptLength needs to be made smarter! - */ - PORT_Assert (ifraglen == ofraglen); - - max_output_len -= ofraglen; - output_len += ofraglen; - output += ofraglen; - } - - pcount = input_len - ifraglen; - PORT_Assert (pcount < bsize); - if (pcount) - PORT_Memcpy (pbuf, input + ifraglen, pcount); - } - - if (final) { - padlen = padsize - (pcount % padsize); - PORT_Memset (pbuf + pcount, padlen, padlen); - rv = (* cc->doit) (cc->cx, output, &ofraglen, max_output_len, - pbuf, pcount+padlen); - if (rv != SECSuccess) - return rv; - - /* - * For now anyway, all of our ciphers have the same number of - * bytes of output as they do input. If this ever becomes untrue, - * then sec_PKCS7EncryptLength needs to be made smarter! - */ - PORT_Assert (ofraglen == (pcount+padlen)); - output_len += ofraglen; - } else { - cc->pending_count = pcount; - } - - PORT_Assert (output_len_p != NULL || output_len == 0); - if (output_len_p != NULL) - *output_len_p = output_len; - - return SECSuccess; -#endif } diff --git a/libsecurity_smime/lib/cmsdecode.c b/libsecurity_smime/lib/cmsdecode.c index da49df65..2dd6f8ac 100644 --- a/libsecurity_smime/lib/cmsdecode.c +++ b/libsecurity_smime/lib/cmsdecode.c @@ -374,9 +374,6 @@ static OSStatus nss_cms_after_end(SecCmsDecoderRef p7dcx) { OSStatus rv; - PLArenaPool *poolp; - - poolp = p7dcx->cmsg->poolp; switch (p7dcx->type) { case SEC_OID_PKCS7_SIGNED_DATA: @@ -639,6 +636,10 @@ loser: OSStatus SecCmsDecoderUpdate(SecCmsDecoderRef p7dcx, const void *buf, CFIndex len) { + if (!p7dcx) { + return errSecParam; + } + if (p7dcx->dcx != NULL && p7dcx->error == 0) { /* if error is set already, don't bother */ if (SEC_ASN1DecoderUpdate (p7dcx->dcx, buf, len) != SECSuccess) { p7dcx->error = PORT_GetError(); @@ -668,11 +669,15 @@ SecCmsDecoderUpdate(SecCmsDecoderRef p7dcx, const void *buf, CFIndex len) void SecCmsDecoderDestroy(SecCmsDecoderRef p7dcx) { - /* XXXX what about inner decoders? running digests? decryption? */ - /* XXXX there's a leak here! */ + /* SecCmsMessageDestroy frees inner decoders and digests. */ SecCmsMessageDestroy(p7dcx->cmsg); + p7dcx->cmsg = NULL; if (p7dcx->dcx) (void)SEC_ASN1DecoderFinish(p7dcx->dcx); + /* Clear out references */ + p7dcx->cmsg = NULL; + p7dcx->dcx = NULL; + p7dcx->childp7dcx = NULL; PORT_Free(p7dcx); } @@ -690,7 +695,9 @@ SecCmsDecoderFinish(SecCmsDecoderRef p7dcx, SecCmsMessageRef *outMessage) if (p7dcx->dcx == NULL || SEC_ASN1DecoderFinish(p7dcx->dcx) != SECSuccess || nss_cms_after_end(p7dcx) != SECSuccess) { - SecCmsMessageDestroy(cmsg); + if (p7dcx->cmsg) { + SecCmsMessageDestroy(cmsg); + } result = PORT_GetError(); goto loser; } @@ -699,6 +706,10 @@ SecCmsDecoderFinish(SecCmsDecoderRef p7dcx, SecCmsMessageRef *outMessage) result = errSecSuccess; loser: + /* Clear out references */ + p7dcx->cmsg = NULL; + p7dcx->dcx = NULL; + p7dcx->childp7dcx = NULL; PORT_Free(p7dcx); return result; } diff --git a/libsecurity_smime/lib/cmsdigest.c b/libsecurity_smime/lib/cmsdigest.c index 9c1e22c6..9b74567b 100644 --- a/libsecurity_smime/lib/cmsdigest.c +++ b/libsecurity_smime/lib/cmsdigest.c @@ -44,11 +44,7 @@ #include #include -#if USE_CDSA_CRYPTO -#include -#else #include -#endif #include "SecCmsDigestContext.h" @@ -60,11 +56,7 @@ struct SecCmsDigestContextStr { PLArenaPool * poolp; Boolean saw_contents; int digcnt; -#if USE_CDSA_CRYPTO - CSSM_CC_HANDLE * digobjs; -#else void ** digobjs; -#endif SECAlgorithmID ** digestalgs; }; @@ -77,11 +69,7 @@ SecCmsDigestContextStartMultiple(SECAlgorithmID **digestalgs) { PLArenaPool *poolp; SecCmsDigestContextRef cmsdigcx; -#if USE_CDSA_CRYPTO - CSSM_CC_HANDLE digobj; -#else void * digobj; -#endif int digcnt; int i; @@ -92,28 +80,21 @@ SecCmsDigestContextStartMultiple(SECAlgorithmID **digestalgs) digcnt = (digestalgs == NULL) ? 0 : SecCmsArrayCount((void **)digestalgs); cmsdigcx = (SecCmsDigestContextRef)PORT_ArenaAlloc(poolp, sizeof(struct SecCmsDigestContextStr)); - if (cmsdigcx == NULL) - return NULL; + if (cmsdigcx == NULL) { + goto loser; + } cmsdigcx->poolp = poolp; if (digcnt > 0) { -#if USE_CDSA_CRYPTO - /* Security check to prevent under-allocation */ - if (digcnt >= (int)((INT_MAX/(MAX(sizeof(CSSM_CC_HANDLE),sizeof(SECAlgorithmID *))))-1)) { - goto loser; - } - cmsdigcx->digobjs = (CSSM_CC_HANDLE *)PORT_ArenaAlloc(poolp, digcnt * sizeof(CSSM_CC_HANDLE)); - if (cmsdigcx->digobjs == NULL) - goto loser; -#else /* Security check to prevent under-allocation */ if (digcnt >= (int)((INT_MAX/(MAX(sizeof(void *),sizeof(SECAlgorithmID *))))-1)) { goto loser; } cmsdigcx->digobjs = (void**)PORT_ArenaAlloc(poolp, digcnt * sizeof(void *)); + if (cmsdigcx->digobjs == NULL) goto loser; -#endif + cmsdigcx->digestalgs = (SECAlgorithmID **)PORT_ArenaZAlloc(poolp, (digcnt + 1) * sizeof(SECAlgorithmID *)); if (cmsdigcx->digestalgs == NULL) @@ -135,11 +116,6 @@ SecCmsDigestContextStartMultiple(SECAlgorithmID **digestalgs) * the particular algorithm may not actually be important, * but we cannot know that until later. */ -#if USE_CDSA_CRYPTO - if (digobj) - if (CSSM_DigestDataInit(digobj)) - goto loser; -#endif cmsdigcx->digobjs[cmsdigcx->digcnt] = digobj; cmsdigcx->digestalgs[cmsdigcx->digcnt] = PORT_ArenaAlloc(poolp, sizeof(SECAlgorithmID)); @@ -191,9 +167,6 @@ SecCmsDigestContextUpdate(SecCmsDigestContextRef cmsdigcx, const unsigned char * cmsdigcx->saw_contents = PR_TRUE; for (i = 0; i < cmsdigcx->digcnt; i++) { if (cmsdigcx->digobjs[i]) { -#if USE_CDSA_CRYPTO - CSSM_DigestDataUpdate(cmsdigcx->digobjs[i], &dataBuf, 1); -#else /* 64 bits cast: worst case is we truncate the length and we dont hash all the data. This may cause an invalid CMS blob larger than 4GB to be validated. Unlikely, but possible security issue. There is no way to return an error here, but a check at @@ -218,7 +191,6 @@ SecCmsDigestContextUpdate(SecCmsDigestContextRef cmsdigcx, const unsigned char * default: break; } -#endif } } } @@ -233,13 +205,9 @@ SecCmsDigestContextCancel(SecCmsDigestContextRef cmsdigcx) for (i = 0; i < cmsdigcx->digcnt; i++) if (cmsdigcx->digobjs[i]) -#if USE_CDSA_CRYPTO - CSSM_DeleteContext(cmsdigcx->digobjs[i]); -#else free(cmsdigcx->digobjs[i]); -#endif - PORT_FreeArena(cmsdigcx->poolp, PR_FALSE); + PORT_FreeArena(cmsdigcx->poolp, PR_TRUE); } /* @@ -259,11 +227,7 @@ SecCmsDigestContextFinishMultiple(SecCmsDigestContextRef cmsdigcx, SECAlgorithmID ***digestalgsp, SecAsn1Item * **digestsp) { -#if USE_CDSA_CRYPTO - CSSM_CC_HANDLE digboj; -#else void * digobj; -#endif SecAsn1Item **digests, *digest; SECAlgorithmID **digestalgs; int i; @@ -271,25 +235,6 @@ SecCmsDigestContextFinishMultiple(SecCmsDigestContextRef cmsdigcx, OSStatus rv = SECFailure; assert(cmsdigcx != NULL); - - /* A message with no contents (just signed attributes) is used within SCEP */ -#if 0 - /* no contents? do not update digests */ - if (digestsp == NULL || !cmsdigcx->saw_contents) { - for (i = 0; i < cmsdigcx->digcnt; i++) - if (cmsdigcx->digobjs[i]) -#if USE_CDSA_CRYPTO - CSSM_DeleteContext(cmsdigcx->digobjs[i]); -#else - free(cmsdigcx->digobjs[i]); -#endif - rv = SECSuccess; - if (digestsp) - *digestsp = NULL; - goto cleanup; - } -#endif - assert(digestsp != NULL); assert(digestalgsp != NULL); @@ -329,10 +274,7 @@ SecCmsDigestContextFinishMultiple(SecCmsDigestContextRef cmsdigcx, if (digest->Data == NULL) goto loser; digest->Length = diglength; -#if USE_CDSA_CRYPTO - CSSM_DigestDataFinal(digobj, digest); - CSSM_DeleteContext(digobj); -#else + switch (hash_alg) { case SEC_OID_SHA1: CC_SHA1_Final(digest->Data, digobj); break; case SEC_OID_MD5: CC_MD5_Final(digest->Data, digobj); break; @@ -344,7 +286,6 @@ SecCmsDigestContextFinishMultiple(SecCmsDigestContextRef cmsdigcx, } free(digobj); -#endif digestalgs[i] = cmsdigcx->digestalgs[i]; digests[i] = digest; } @@ -391,7 +332,9 @@ SecCmsDigestContextFinishSingle(SecCmsDigestContextRef cmsdigcx, goto loser; /* Return the first element in the digest array. */ - digest = *dp; + if (digest) { + *digest = *dp[0]; + } rv = SECSuccess; diff --git a/libsecurity_smime/lib/cmsencdata.c b/libsecurity_smime/lib/cmsencdata.c index 656a63c1..4a2e4d14 100644 --- a/libsecurity_smime/lib/cmsencdata.c +++ b/libsecurity_smime/lib/cmsencdata.c @@ -63,7 +63,9 @@ SecCmsEncryptedDataCreate(SecCmsMessageRef cmsg, SECOidTag algorithm, int keysiz void *mark; SecCmsEncryptedDataRef encd; PLArenaPool *poolp; +#if 0 SECAlgorithmID *pbe_algid; +#endif OSStatus rv; poolp = cmsg->poolp; @@ -92,10 +94,10 @@ SecCmsEncryptedDataCreate(SecCmsMessageRef cmsg, SECOidTag algorithm, int keysiz /* Assume password-based-encryption. At least, try that. */ #if 1 // @@@ Fix me - pbe_algid = NULL; + rv = SECFailure; + break; #else pbe_algid = PK11_CreatePBEAlgorithmID(algorithm, 1, NULL); -#endif if (pbe_algid == NULL) { rv = SECFailure; break; @@ -103,6 +105,7 @@ SecCmsEncryptedDataCreate(SecCmsMessageRef cmsg, SECOidTag algorithm, int keysiz rv = SecCmsContentInfoSetContentEncAlgID(&(encd->contentInfo), pbe_algid, keysize); SECOID_DestroyAlgorithmID (pbe_algid, PR_TRUE); break; +#endif } if (rv != SECSuccess) goto loser; diff --git a/libsecurity_smime/lib/cmsencode.c b/libsecurity_smime/lib/cmsencode.c index 687badc5..e18a9492 100644 --- a/libsecurity_smime/lib/cmsencode.c +++ b/libsecurity_smime/lib/cmsencode.c @@ -124,7 +124,6 @@ nss_cms_encoder_notify(void *arg, Boolean before, void *dest, int depth) SecCmsEncoderRef p7ecx; SecCmsContentInfoRef rootcinfo, cinfo; Boolean after = !before; - PLArenaPool *poolp; SECOidTag childtype; SecAsn1Item * item; @@ -132,7 +131,6 @@ nss_cms_encoder_notify(void *arg, Boolean before, void *dest, int depth) PORT_Assert(p7ecx != NULL); rootcinfo = &(p7ecx->cmsg->contentInfo); - poolp = p7ecx->cmsg->poolp; #ifdef CMSDEBUG fprintf(stderr, "%6.6s, dest = 0x%08x, depth = %d\n", before ? "before" : "after", dest, depth); @@ -207,12 +205,9 @@ nss_cms_before_data(SecCmsEncoderRef p7ecx) OSStatus rv; SECOidTag childtype; SecCmsContentInfoRef cinfo; - PLArenaPool *poolp; SecCmsEncoderRef childp7ecx; const SecAsn1Template *template; - poolp = p7ecx->cmsg->poolp; - /* call _Encode_BeforeData handlers */ switch (p7ecx->type) { case SEC_OID_PKCS7_SIGNED_DATA: @@ -609,6 +604,10 @@ SecCmsEncoderUpdate(SecCmsEncoderRef p7ecx, const void *data, CFIndex len) SecCmsContentInfoRef cinfo; SECOidTag childtype; + if (!p7ecx) { + return errSecParam; + } + if (p7ecx->error) return p7ecx->error; diff --git a/libsecurity_smime/lib/cmsenvdata.c b/libsecurity_smime/lib/cmsenvdata.c index b7ccbdd6..82f5ae05 100644 --- a/libsecurity_smime/lib/cmsenvdata.c +++ b/libsecurity_smime/lib/cmsenvdata.c @@ -170,9 +170,6 @@ SecCmsEnvelopedDataEncodeBeforeStart(SecCmsEnvelopedDataRef envd) SecCmsRecipientInfoRef *recipientinfos; SecCmsContentInfoRef cinfo; SecSymmetricKeyRef bulkkey = NULL; -#if USE_CDSA_CRYPTO - SecAsn1AlgId algorithm; -#endif SECOidTag bulkalgtag; //CK_MECHANISM_TYPE type; //PK11SlotInfo *slot; @@ -189,9 +186,6 @@ SecCmsEnvelopedDataEncodeBeforeStart(SecCmsEnvelopedDataRef envd) recipientinfos = envd->recipientInfos; if (recipientinfos == NULL) { PORT_SetError(SEC_ERROR_BAD_DATA); -#if 0 - PORT_SetErrorString("Cannot find recipientinfos to encode."); -#endif goto loser; } @@ -221,28 +215,12 @@ SecCmsEnvelopedDataEncodeBeforeStart(SecCmsEnvelopedDataRef envd) bulkalgtag = SEC_OID_DES_EDE3_CBC; } -#if USE_CDSA_CRYPTO - algorithm = SECOID_FindyCssmAlgorithmByTag(bulkalgtag); - if (!algorithm) - goto loser; - rv = SecKeyGenerate(NULL, /* keychainRef */ - algorithm, - SecCmsContentInfoGetBulkKeySize(cinfo), - 0, /* contextHandle */ - CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT, - CSSM_KEYATTR_EXTRACTABLE, - NULL, /* initialAccess */ - &bulkkey); - if (rv) - goto loser; -#else { size_t keysize = (cinfo->keysize + 7)/8; uint8_t key_material[keysize]; require_noerr(SecRandomCopyBytes(kSecRandomDefault, keysize, key_material), loser); bulkkey = (SecSymmetricKeyRef)CFDataCreate(kCFAllocatorDefault, key_material, keysize); } -#endif mark = PORT_ArenaMark(poolp); diff --git a/libsecurity_smime/lib/cmsmessage.c b/libsecurity_smime/lib/cmsmessage.c index d6d9f56c..8b62daba 100644 --- a/libsecurity_smime/lib/cmsmessage.c +++ b/libsecurity_smime/lib/cmsmessage.c @@ -116,7 +116,9 @@ SecCmsMessageDestroy(SecCmsMessageRef cmsg) SecCmsContentInfoDestroy(&(cmsg->contentInfo)); - PORT_FreeArena (cmsg->poolp, PR_FALSE); /* XXX clear it? */ + if (cmsg->poolp) { + PORT_FreeArena (cmsg->poolp, PR_TRUE); + } } /* diff --git a/libsecurity_smime/lib/cmspriv.h b/libsecurity_smime/lib/cmspriv.h index 4dc0b176..9040fdd0 100644 --- a/libsecurity_smime/lib/cmspriv.h +++ b/libsecurity_smime/lib/cmspriv.h @@ -95,12 +95,7 @@ SecCmsAlgArrayGetIndexByAlgID(SECAlgorithmID **algorithmArray, SECAlgorithmID *a extern int SecCmsAlgArrayGetIndexByAlgTag(SECAlgorithmID **algorithmArray, SECOidTag algtag); -#if USE_CDSA_CRYPTO -extern CSSM_CC_HANDLE -#else -extern void * -#endif -SecCmsUtilGetHashObjByAlgID(SECAlgorithmID *algid); +extern void *SecCmsUtilGetHashObjByAlgID(SECAlgorithmID *algid); /* * XXX I would *really* like to not have to do this, but the current @@ -133,9 +128,6 @@ SecCmsContentGetContentInfo(void *msg, SECOidTag type); @param encrypt_key_cb callback function for getting bulk key for encryptedData content. @param encrypt_key_cb_arg first argument passed to encrypt_key_cb when it is called. - @param detached_digestalgs digest algorithms in detached_digests - @param detached_digests digests from detached content (one for every element - in detached_digestalgs). */ extern void SecCmsMessageSetEncodingParams(SecCmsMessageRef cmsg, diff --git a/libsecurity_smime/lib/cmspubkey.c b/libsecurity_smime/lib/cmspubkey.c index eb7944e2..cbaafed4 100644 --- a/libsecurity_smime/lib/cmspubkey.c +++ b/libsecurity_smime/lib/cmspubkey.c @@ -176,10 +176,6 @@ SecCmsUtilEncryptSymKeyMISSI(PLArenaPool *poolp, SecCertificateRef cert, SecSymm /* Clear keaParams, since cleanup code checks the lengths */ (void) memset(&keaParams, 0, sizeof(keaParams)); -#if USE_CDSA_CRYPTO - SecCertificateGetAlgorithmID(cert,&algid); -#endif - certalgtag = SECOID_GetAlgorithmTag(algid); PORT_Assert(certalgtag == SEC_OID_MISSI_KEA_DSS_OLD || certalgtag == SEC_OID_MISSI_KEA_DSS || diff --git a/libsecurity_smime/lib/cmsrecinfo.c b/libsecurity_smime/lib/cmsrecinfo.c index eabd5db3..cf1145a8 100644 --- a/libsecurity_smime/lib/cmsrecinfo.c +++ b/libsecurity_smime/lib/cmsrecinfo.c @@ -94,15 +94,6 @@ nss_cmsrecipientinfo_create(SecCmsEnvelopedDataRef envd, SecCmsRecipientIDSelect ri->envelopedData = envd; -#if USE_CDSA_CRYPTO - if (type == SecCmsRecipientIDIssuerSN) - { - rv = SecCertificateGetAlgorithmID(cert,&algid); - } else { - PORT_Assert(pubKey); - rv = SecKeyGetAlgorithmID(pubKey,&algid); - } -#else ri->cert = CERT_DupCertificate(cert); if (ri->cert == NULL) goto loser; @@ -113,7 +104,6 @@ nss_cmsrecipientinfo_create(SecCmsEnvelopedDataRef envd, SecCmsRecipientIDSelect freeAlgID.parameters.Length = (size_t)length_data_swapped->parameters.Data; freeAlgID.parameters.Data = (uint8_t *)length_data_swapped->parameters.Length; algid = &freeAlgID; -#endif certalgtag = SECOID_GetAlgorithmTag(algid); @@ -135,24 +125,16 @@ nss_cmsrecipientinfo_create(SecCmsEnvelopedDataRef envd, SecCmsRecipientIDSelect PORT_SetError(SEC_ERROR_NO_MEMORY); break; } - SECITEM_CopyItem(poolp, rid->id.subjectKeyID, subjKeyID); + if (SECITEM_CopyItem(poolp, rid->id.subjectKeyID, subjKeyID)) { + rv = SECFailure; + PORT_SetError(SEC_ERROR_UNKNOWN_CERT); + break; + } if (rid->id.subjectKeyID->Data == NULL) { rv = SECFailure; PORT_SetError(SEC_ERROR_NO_MEMORY); break; } - -#if 0 - SecCmsKeyTransRecipientInfoEx *riExtra; - riExtra = &ri->ri.keyTransRecipientInfoEx; - riExtra->version = 0; - riExtra->pubKey = SECKEY_CopyPublicKey(pubKey); - if (riExtra->pubKey == NULL) { - rv = SECFailure; - PORT_SetError(SEC_ERROR_NO_MEMORY); - break; - } -#endif } else { PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; @@ -351,37 +333,6 @@ SecCmsRecipientInfoCreateWithSubjKeyID(SecCmsEnvelopedDataRef envd, NULL, pubKey, subjKeyID); } -#if USE_CDSA_CRYPTO -SecCmsRecipientInfoRef -SecCmsRecipientInfoCreateWithSubjKeyIDFromCert(SecCmsEnvelopedDataRef envd, - SecCertificateRef cert) -{ - SecPublicKeyRef pubKey = NULL; - SecAsn1Item subjKeyID = {0, NULL}; - SecCmsRecipientInfoRef retVal = NULL; - - if (!envd || !cert) { - return NULL; - } - pubKey = CERT_ExtractPublicKey(cert); - if (!pubKey) { - goto done; - } - if (CERT_FindSubjectKeyIDExtension(cert, &subjKeyID) != SECSuccess || - subjKeyID.Data == NULL) { - goto done; - } - retVal = SecCmsRecipientInfoCreateWithSubjKeyID(envd, &subjKeyID, pubKey); -done: - if (pubKey) - SECKEY_DestroyPublicKey(pubKey); - - if (subjKeyID.Data) - SECITEM_FreeItem(&subjKeyID, PR_FALSE); - - return retVal; -} -#else SecCmsRecipientInfoRef SecCmsRecipientInfoCreateWithSubjKeyIDFromCert(SecCmsEnvelopedDataRef envd, SecCertificateRef cert) @@ -407,7 +358,6 @@ done: return retVal; } -#endif void SecCmsRecipientInfoDestroy(SecCmsRecipientInfoRef ri) @@ -507,15 +457,11 @@ SecCmsRecipientInfoWrapBulkKey(SecCmsRecipientInfoRef ri, SecSymmetricKeyRef bul SecCertificateRef cert; SECOidTag certalgtag; OSStatus rv = SECSuccess; -#if 0 - SecAsn1Item * params = NULL; -#endif /* 0 */ SecCmsRecipientEncryptedKey *rek; SecCmsOriginatorIdentifierOrKey *oiok; const SECAlgorithmID *algid; SECAlgorithmID freeAlgID; PLArenaPool *poolp; - SecCmsKeyTransRecipientInfoEx *extra = NULL; Boolean usesSubjKeyID; uint8_t nullData[2] = {SEC_ASN1_NULL, 0}; SECItem nullItem; @@ -525,32 +471,12 @@ SecCmsRecipientInfoWrapBulkKey(SecCmsRecipientInfoRef ri, SecSymmetricKeyRef bul cert = ri->cert; usesSubjKeyID = nss_cmsrecipientinfo_usessubjectkeyid(ri); if (cert) { -#if USE_CDSA_CRYPTO - rv = SecCertificateGetAlgorithmID(cert,&algid); - if (rv) - return SECFailure; -#else const SecAsn1AlgId *length_data_swapped = (const SecAsn1AlgId *)SecCertificateGetPublicKeyAlgorithm(cert); freeAlgID.algorithm.Length = (size_t)length_data_swapped->algorithm.Data; freeAlgID.algorithm.Data = (uint8_t *)length_data_swapped->algorithm.Length; freeAlgID.parameters.Length = (size_t)length_data_swapped->parameters.Data; freeAlgID.parameters.Data = (uint8_t *)length_data_swapped->parameters.Length; algid = &freeAlgID; -#endif - } else if (usesSubjKeyID) { - extra = &ri->ri.keyTransRecipientInfoEx; - /* sanity check */ - PORT_Assert(extra->pubKey); - if (!extra->pubKey) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } -#if USE_CDSA_CRYPTO - rv = SecKeyGetAlgorithmID(extra->pubKey,&algid); - if (rv) -#endif - return SECFailure; - certalgtag = SECOID_GetAlgorithmTag(algid); } else { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; @@ -568,59 +494,10 @@ SecCmsRecipientInfoWrapBulkKey(SecCmsRecipientInfoRef ri, SecSymmetricKeyRef bul &ri->ri.keyTransRecipientInfo.encKey); if (rv != SECSuccess) break; - } else if (usesSubjKeyID) { - PORT_Assert(extra != NULL); - rv = SecCmsUtilEncryptSymKeyRSAPubKey(poolp, extra->pubKey, - bulkkey, &ri->ri.keyTransRecipientInfo.encKey); - if (rv != SECSuccess) - break; } rv = SECOID_SetAlgorithmID(poolp, &(ri->ri.keyTransRecipientInfo.keyEncAlg), certalgtag, NULL); break; -#if 0 - case SEC_OID_MISSI_KEA_DSS_OLD: - case SEC_OID_MISSI_KEA_DSS: - case SEC_OID_MISSI_KEA: - rv = SecCmsUtilEncryptSymKeyMISSI(poolp, cert, bulkkey, - bulkalgtag, - &ri->ri.keyTransRecipientInfo.encKey, - ¶ms, ri->cmsg->pwfn_arg); - if (rv != SECSuccess) - break; - - /* here, we DO need to pass the params to the wrap function because, with - * RSA, there is no funny stuff going on with generation of IV vectors or so */ - rv = SECOID_SetAlgorithmID(poolp, &(ri->ri.keyTransRecipientInfo.keyEncAlg), certalgtag, params); - break; - case SEC_OID_X942_DIFFIE_HELMAN_KEY: /* dh-public-number */ - rek = ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[0]; - if (rek == NULL) { - rv = SECFailure; - break; - } - - oiok = &(ri->ri.keyAgreeRecipientInfo.originatorIdentifierOrKey); - PORT_Assert(oiok->identifierType == SecCmsOriginatorIDOrKeyOriginatorPublicKey); - - /* see RFC2630 12.3.1.1 */ - if (SECOID_SetAlgorithmID(poolp, &oiok->id.originatorPublicKey.algorithmIdentifier, - SEC_OID_X942_DIFFIE_HELMAN_KEY, NULL) != SECSuccess) { - rv = SECFailure; - break; - } - - /* this will generate a key pair, compute the shared secret, */ - /* derive a key and ukm for the keyEncAlg out of it, encrypt the bulk key with */ - /* the keyEncAlg, set encKey, keyEncAlg, publicKey etc. */ - rv = SecCmsUtilEncryptSymKeyESDH(poolp, cert, bulkkey, - &rek->encKey, - &ri->ri.keyAgreeRecipientInfo.ukm, - &ri->ri.keyAgreeRecipientInfo.keyEncAlg, - &oiok->id.originatorPublicKey.publicKey); - - break; -#endif /* 0 */ case SEC_OID_EC_PUBLIC_KEY: /* These were set up in nss_cmsrecipientinfo_create() */ kari = &ri->ri.keyAgreeRecipientInfo; @@ -661,10 +538,6 @@ SecCmsRecipientInfoWrapBulkKey(SecCmsRecipientInfoRef ri, SecSymmetricKeyRef bul rv = SECFailure; break; } -#if 0 - if (freeSpki) - SECKEY_DestroySubjectPublicKeyInfo(freeSpki); -#endif return rv; } @@ -690,7 +563,6 @@ SecCmsRecipientInfoUnwrapBulkKey(SecCmsRecipientInfoRef ri, int subIndex, switch (ri->recipientInfoType) { case SecCmsRecipientInfoIDKeyTrans: - encalg = &(ri->ri.keyTransRecipientInfo.keyEncAlg); encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyTransRecipientInfo.keyEncAlg)); enckey = &(ri->ri.keyTransRecipientInfo.encKey); /* ignore subIndex */ switch (encalgtag) { @@ -703,6 +575,7 @@ SecCmsRecipientInfoUnwrapBulkKey(SecCmsRecipientInfoRef ri, int subIndex, case SEC_OID_NETSCAPE_SMIME_KEA: /* FORTEZZA key exchange algorithm */ /* the supplemental data is in the parameters of encalg */ + encalg = &(ri->ri.keyTransRecipientInfo.keyEncAlg); bulkkey = SecCmsUtilDecryptSymKeyMISSI(privkey, enckey, encalg, bulkalgtag, ri->cmsg->pwfn_arg); break; #endif /* 0 */ @@ -712,9 +585,7 @@ SecCmsRecipientInfoUnwrapBulkKey(SecCmsRecipientInfoRef ri, int subIndex, } break; case SecCmsRecipientInfoIDKeyAgree: - encalg = &(ri->ri.keyAgreeRecipientInfo.keyEncAlg); encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyAgreeRecipientInfo.keyEncAlg)); - enckey = &(ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[subIndex]->encKey); switch (encalgtag) { case SEC_OID_X942_DIFFIE_HELMAN_KEY: /* Diffie-Helman key exchange */ @@ -730,10 +601,13 @@ SecCmsRecipientInfoUnwrapBulkKey(SecCmsRecipientInfoRef ri, int subIndex, case SEC_OID_DH_SINGLE_STD_SHA1KDF: { /* ephemeral-static ECDH */ + enckey = &(ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[subIndex]->encKey); + encalg = &(ri->ri.keyAgreeRecipientInfo.keyEncAlg); SecCmsKeyAgreeRecipientInfo *kari = &ri->ri.keyAgreeRecipientInfo; SecCmsOriginatorIdentifierOrKey *oiok = &kari->originatorIdentifierOrKey; if(oiok->identifierType != SecCmsOriginatorIDOrKeyOriginatorPublicKey) { dprintf("SEC_OID_EC_PUBLIC_KEY unwrap key: bad oiok.id\n"); + error = SEC_ERROR_LIBRARY_FAILURE; goto loser; } SecCmsOriginatorPublicKey *opk = &oiok->id.originatorPublicKey; @@ -749,9 +623,6 @@ SecCmsRecipientInfoUnwrapBulkKey(SecCmsRecipientInfoRef ri, int subIndex, } break; case SecCmsRecipientInfoIDKEK: - encalg = &(ri->ri.kekRecipientInfo.keyEncAlg); - encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.kekRecipientInfo.keyEncAlg)); - enckey = &(ri->ri.kekRecipientInfo.encKey); /* not supported yet */ error = SEC_ERROR_UNSUPPORTED_KEYALG; goto loser; @@ -761,5 +632,6 @@ SecCmsRecipientInfoUnwrapBulkKey(SecCmsRecipientInfoRef ri, int subIndex, return bulkkey; loser: + PORT_SetError(error); return NULL; } diff --git a/libsecurity_smime/lib/cmssigdata.c b/libsecurity_smime/lib/cmssigdata.c index bb3c7d19..99f08e11 100644 --- a/libsecurity_smime/lib/cmssigdata.c +++ b/libsecurity_smime/lib/cmssigdata.c @@ -51,9 +51,7 @@ #include #include -#if !USE_CDSA_CRYPTO #include -#endif SecCmsSignedDataRef SecCmsSignedDataCreate(SecCmsMessageRef cmsg) @@ -325,14 +323,10 @@ SecCmsSignedDataEncodeAfterData(SecCmsSignedDataRef sigd) signerinfo = signerinfos[si]; for (ci = 0; ci < CFArrayGetCount(signerinfo->certList); ci++) { sigd->rawCerts[rci] = PORT_ArenaZAlloc(poolp, sizeof(SecAsn1Item)); - SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(signerinfo->certList, ci); -#if USE_CDSA_CRYPTO - SecCertificateGetData(cert, sigd->rawCerts[rci++]); -#else + SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(signerinfo->certList, ci); SecAsn1Item cert_data = { SecCertificateGetLength(cert), (uint8_t *)SecCertificateGetBytePtr(cert) }; *(sigd->rawCerts[rci++]) = cert_data; -#endif } } } @@ -341,13 +335,9 @@ SecCmsSignedDataEncodeAfterData(SecCmsSignedDataRef sigd) for (ci = 0; ci < CFArrayGetCount(sigd->certs); ci++) { sigd->rawCerts[rci] = PORT_ArenaZAlloc(poolp, sizeof(SecAsn1Item)); SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(sigd->certs, ci); -#if USE_CDSA_CRYPTO - SecCertificateGetData(cert, sigd->rawCerts[rci++]); -#else SecAsn1Item cert_data = { SecCertificateGetLength(cert), (uint8_t *)SecCertificateGetBytePtr(cert) }; *(sigd->rawCerts[rci++]) = cert_data; -#endif } } @@ -485,22 +475,6 @@ SecCmsSignedDataImportCerts(SecCmsSignedDataRef sigd, SecKeychainRef keychain, SECCertUsage certusage, Boolean keepcerts) { OSStatus rv = -1; - -#if USE_CDSA_CRYPTO - int ix, certcount = SecCmsArrayCount((void **)sigd->rawCerts); - rv = CERT_ImportCerts(keychain, certusage, certcount, sigd->rawCerts, NULL, - keepcerts, PR_FALSE, NULL); - /* XXX CRL handling */ - - if (sigd->signerInfos != NULL) { - /* fill in all signerinfo's certs */ - for (ix = 0; sigd->signerInfos[ix] != NULL; i++) - (void)SecCmsSignerInfoGetSigningCertificate(sigd->signerInfos[ix], keychain); - } -#else - // XXX we should only ever import certs for a cert only data blob -#endif - return rv; } @@ -563,8 +537,8 @@ SecCmsSignedDataVerifySignerInfo(SecCmsSignedDataRef sigd, int i, return status; } - /* Now verify the certificate. We do this even if the signature failed to verify so we can - return a trustRef to the caller for display purposes. */ + /* Now verify the certificate. We only do this when the signature verification succeeds. Note that this + behavior is different than the macOS code. */ status = SecCmsSignerInfoVerifyCertificate(signerinfo, keychainOrArray, policies, trustRef); #if SECTRUST_VERBOSE_DEBUG syslog(LOG_ERR, "SecCmsSignedDataVerifySignerInfo: SecCmsSignerInfoVerifyCertificate returned %d", (int)status); @@ -573,45 +547,6 @@ SecCmsSignedDataVerifySignerInfo(SecCmsSignedDataRef sigd, int i, return status; } -#if USE_CDSA_CRYPTO - -/* - * SecCmsSignedDataVerifyCertsOnly - verify the certs in a certs-only message - */ -OSStatus -SecCmsSignedDataVerifyCertsOnly(SecCmsSignedDataRef sigd, - SecKeychainRef keychainOrArray, - CFTypeRef policies) -{ - SecCertificateRef cert; - OSStatus rv = SECSuccess; - int i; - int count; - - if (!sigd || !keychainOrArray || !sigd->rawCerts) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - count = SecCmsArrayCount((void**)sigd->rawCerts); - for (i=0; i < count; i++) { - if (sigd->certs && CFArrayGetCount(sigd->certs) > i) { - cert = (SecCertificateRef)CFArrayGetValueAtIndex(sigd->certs, i); - CFRetain(cert); - } else { - cert = CERT_FindCertByDERCert(keychainOrArray, sigd->rawCerts[i]); - if (!cert) { - rv = SECFailure; - break; - } - } - rv |= CERT_VerifyCert(keychainOrArray, cert, policies, CFAbsoluteTimeGetCurrent(), NULL); - CFRelease(cert); - } - - return rv; -} -#else OSStatus SecCmsSignedDataVerifyCertsOnly(SecCmsSignedDataRef sigd, SecKeychainRef keychainOrArray, @@ -640,7 +575,6 @@ SecCmsSignedDataVerifyCertsOnly(SecCmsSignedDataRef sigd, return rv; } -#endif /* * SecCmsSignedDataHasDigests - see if we have digests in place @@ -766,6 +700,9 @@ SecCmsSignedDataGetDigestByAlgTag(SecCmsSignedDataRef sigd, SECOidTag algtag) { int idx; + if(sigd == NULL || sigd->digests == NULL) { + return NULL; + } idx = SecCmsAlgArrayGetIndexByAlgTag(sigd->digestAlgorithms, algtag); return (idx >= 0)?(sigd->digests)[idx]:NULL; } @@ -800,9 +737,11 @@ SecCmsSignedDataSetDigests(SecCmsSignedDataRef sigd, { int cnt, i, idx; - if (sigd->digestAlgorithms == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + /* Check input structure and items in structure */ + if (sigd == NULL || sigd->digestAlgorithms == NULL || sigd->contentInfo.cmsg == NULL || + sigd->contentInfo.cmsg->poolp == NULL) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } /* Since we'll generate a empty digest for content-less messages diff --git a/libsecurity_smime/lib/cmssiginfo.c b/libsecurity_smime/lib/cmssiginfo.c index 296c17ea..10afd418 100644 --- a/libsecurity_smime/lib/cmssiginfo.c +++ b/libsecurity_smime/lib/cmssiginfo.c @@ -49,10 +49,6 @@ #include #include -#if USE_CDSA_CRYPTO -#include -#endif - #include #include #include @@ -245,8 +241,10 @@ nss_cmssignerinfo_create(SecCmsSignedDataRef sigd, SecCmsSignerIDSelector type, if (!subjKeyID) goto loser; signerinfo->signerIdentifier.id.subjectKeyID = PORT_ArenaNew(poolp, SecAsn1Item); - SECITEM_CopyItem(poolp, signerinfo->signerIdentifier.id.subjectKeyID, - subjKeyID); + if (SECITEM_CopyItem(poolp, signerinfo->signerIdentifier.id.subjectKeyID, + subjKeyID)) { + goto loser; + } signerinfo->pubKey = SECKEY_CopyPublicKey(pubKey); if (!signerinfo->pubKey) goto loser; @@ -336,34 +334,12 @@ SecCmsSignerInfoSign(SecCmsSignerInfoRef signerinfo, SecAsn1Item * digest, SecAs privkey = signerinfo->signingKey; signerinfo->signingKey = NULL; cert = signerinfo->cert; -#if USE_CDSA_CRYPTO - if (SecCertificateGetAlgorithmID(cert,&algID)) { - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - goto loser; - } -#else _algID = SecCertificateGetPublicKeyAlgorithmID(cert); algID = &_algID; -#endif break; case SecCmsSignerIDSubjectKeyID: privkey = signerinfo->signingKey; signerinfo->signingKey = NULL; -#if 0 - spki = SECKEY_CreateSubjectPublicKeyInfo(signerinfo->pubKey); - SECKEY_DestroyPublicKey(signerinfo->pubKey); - signerinfo->pubKey = NULL; - SECOID_CopyAlgorithmID(NULL, &freeAlgID, &spki->algorithm); - SECKEY_DestroySubjectPublicKeyInfo(spki); - algID = &freeAlgID; -#else -#if USE_CDSA_CRYPTO - if (SecKeyGetAlgorithmID(signerinfo->pubKey,&algID)) { - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - goto loser; - } -#endif -#endif CFRelease(signerinfo->pubKey); signerinfo->pubKey = NULL; break; @@ -380,19 +356,6 @@ SecCmsSignerInfoSign(SecCmsSignerInfoRef signerinfo, SecAsn1Item * digest, SecAs goto loser; } -#if USE_CDSA_CRYPTO - if (signerinfo->signerIdentifier.identifierType == SecCmsSignerIDSubjectKeyID) { - SECOID_DestroyAlgorithmID(&freeAlgID, PR_FALSE); - } -#endif -#if 0 - // @@@ Not yet - /* Fortezza MISSI have weird signature formats. - * Map them to standard DSA formats - */ - pubkAlgTag = PK11_FortezzaMapSig(pubkAlgTag); -#endif - if (signerinfo->authAttr != NULL) { SecAsn1Item encoded_attrs; @@ -436,10 +399,6 @@ SecCmsSignerInfoSign(SecCmsSignerInfoRef signerinfo, SecAsn1Item * digest, SecAs &encoded_attrs) == NULL) goto loser; -#if USE_CDSA_CRYPTO - rv = SEC_SignData(&signature, encoded_attrs.Data, encoded_attrs.Length, - privkey, digestalgtag, pubkAlgTag); -#else signature.Length = SecKeyGetSize(privkey, kSecKeySignatureSize); signature.Data = PORT_ZAlloc(signature.Length); if (!signature.Data) { @@ -451,7 +410,6 @@ SecCmsSignerInfoSign(SecCmsSignerInfoRef signerinfo, SecAsn1Item * digest, SecAs PORT_ZFree(signature.Data, signature.Length); signature.Length = 0; } -#endif PORT_FreeArena(tmppoolp, PR_FALSE); /* awkward memory management :-( */ tmppoolp = 0; @@ -497,7 +455,6 @@ loser: return SECFailure; } -#if !USE_CDSA_CRYPTO static CFArrayRef SecCmsSignerInfoCopySigningCertificates(SecCmsSignerInfoRef signerinfo) { @@ -544,7 +501,6 @@ SecCmsSignerInfoCopySigningCertificates(SecCmsSignerInfoRef signerinfo) } return certs; } -#endif OSStatus SecCmsSignerInfoVerifyCertificate(SecCmsSignerInfoRef signerinfo, SecKeychainRef keychainOrArray, @@ -553,15 +509,9 @@ SecCmsSignerInfoVerifyCertificate(SecCmsSignerInfoRef signerinfo, SecKeychainRef CFAbsoluteTime stime; OSStatus rv; -#if USE_CDSA_CRYPTO - SecCertificateRef cert; - - if ((cert = SecCmsSignerInfoGetSigningCertificate(signerinfo, keychainOrArray)) == NULL) { -#else CFArrayRef certs; if ((certs = SecCmsSignerInfoCopySigningCertificates(signerinfo)) == NULL) { -#endif signerinfo->verificationStatus = SecCmsVSSigningCertNotFound; return SECFailure; } @@ -573,27 +523,15 @@ SecCmsSignerInfoVerifyCertificate(SecCmsSignerInfoRef signerinfo, SecKeychainRef if (SecCmsSignerInfoGetSigningTime(signerinfo, &stime) != SECSuccess) stime = CFAbsoluteTimeGetCurrent(); -#if USE_CDSA_CRYPTO - rv = CERT_VerifyCert(keychainOrArray, cert, policies, stime, trustRef); -#else rv = CERT_VerifyCert(keychainOrArray, certs, policies, stime, trustRef); CFRelease(certs); -#endif if (rv || !trustRef) { if (PORT_GetError() == SEC_ERROR_UNTRUSTED_CERT) { /* Signature or digest level verificationStatus errors should supercede certificate level errors, so only change the verificationStatus if the status was GoodSignature. */ -#if 0 -#warning DEBUG - SecCmsSignerInfoVerifyCertificate trusts everything! - if (signerinfo->verificationStatus == SecCmsVSGoodSignature) { - syslog(LOG_ERR, "SecCmsSignerInfoVerifyCertificate ignoring SEC_ERROR_UNTRUSTED_CERT"); - rv = SECSuccess; - } -#else if (signerinfo->verificationStatus == SecCmsVSGoodSignature) signerinfo->verificationStatus = SecCmsVSSigningCertNotTrusted; -#endif } } @@ -615,7 +553,6 @@ SecCmsSignerInfoVerify(SecCmsSignerInfoRef signerinfo, SecAsn1Item * digest, Sec SecCertificateRef cert; SecCmsVerificationStatus vs = SecCmsVSUnverified; PLArenaPool *poolp; - SECOidTag digestAlgTag, digestEncAlgTag; if (signerinfo == NULL) return SECFailure; @@ -627,19 +564,10 @@ SecCmsSignerInfoVerify(SecCmsSignerInfoRef signerinfo, SecAsn1Item * digest, Sec goto loser; } -#if USE_CDSA_CRYPTO - if (SecCertificateCopyPublicKey(cert, &publickey)) { - vs = SecCmsVSProcessingError; - goto loser; - } -#else publickey = SecCertificateCopyPublicKey(cert); if (publickey == NULL) goto loser; -#endif - digestAlgTag = SECOID_GetAlgorithmTag(&(signerinfo->digestAlg)); - digestEncAlgTag = SECOID_GetAlgorithmTag(&(signerinfo->digestEncAlg)); if (!SecCmsArrayIsEmpty((void **)signerinfo->authAttr)) { if (contentType) { /* @@ -886,31 +814,6 @@ SecCmsSignerInfoGetSigningCertificate(SecCmsSignerInfoRef signerinfo, SecKeychai /* @@@ Make sure we search though all the certs in the cms message itself as well, it's silly to require them to be added to a keychain first. */ -#if USE_CDSA_CRYPTO - SecCmsSignerIdentifier *sid; - - /* - * This cert will also need to be freed, but since we save it - * in signerinfo for later, we do not want to destroy it when - * we leave this function -- we let the clean-up of the entire - * cinfo structure later do the destroy of this cert. - */ - sid = &signerinfo->signerIdentifier; - switch (sid->identifierType) { - case SecCmsSignerIDIssuerSN: - cert = CERT_FindCertByIssuerAndSN(keychainOrArray, sid->id.issuerAndSN); - break; - case SecCmsSignerIDSubjectKeyID: - cert = CERT_FindCertBySubjectKeyID(keychainOrArray, sid->id.subjectKeyID); - break; - default: - cert = NULL; - break; - } - - /* cert can be NULL at that point */ - signerinfo->cert = cert; /* earmark it */ -#else SecAsn1Item **cert_datas = signerinfo->signedData->rawCerts; SecAsn1Item *cert_data; if (cert_datas) while ((cert_data = *cert_datas) != NULL) { @@ -942,7 +845,6 @@ SecCmsSignerInfoGetSigningCertificate(SecCmsSignerInfoRef signerinfo, SecKeychai cert = CERT_FindCertificateByIssuerAndSN(signerinfo->signedData->certs, signerinfo->signerIdentifier.id.issuerAndSN); signerinfo->cert = cert; } -#endif return cert; } @@ -966,9 +868,6 @@ SecCmsSignerInfoGetSignerCommonName(SecCmsSignerInfoRef sinfo) if ((signercert = SecCmsSignerInfoGetSigningCertificate(sinfo, NULL)) == NULL) return NULL; -#if USE_CDSA_CRYPTO - SecCertificateGetCommonName(signercert, &commonName); -#else CFArrayRef commonNames = SecCertificateCopyCommonNames(signercert); if (commonNames) { /* SecCertificateCopyCommonNames doesn't return empty arrays */ @@ -976,7 +875,6 @@ SecCmsSignerInfoGetSignerCommonName(SecCmsSignerInfoRef sinfo) CFRetain(commonName); CFRelease(commonNames); } -#endif return commonName; } @@ -998,9 +896,6 @@ SecCmsSignerInfoGetSignerEmailAddress(SecCmsSignerInfoRef sinfo) if ((signercert = SecCmsSignerInfoGetSigningCertificate(sinfo, NULL)) == NULL) return NULL; -#if USE_CDSA_CRYPTO - SecCertificateGetEmailAddress(signercert, &emailAddress); -#else CFArrayRef names = SecCertificateCopyRFC822Names(signercert); if (names) { if (CFArrayGetCount(names) > 0) @@ -1009,7 +904,6 @@ SecCmsSignerInfoGetSignerEmailAddress(SecCmsSignerInfoRef sinfo) CFRetain(emailAddress); CFRelease(names); } -#endif return emailAddress; } diff --git a/libsecurity_smime/lib/cmsutil.c b/libsecurity_smime/lib/cmsutil.c index 9ed5d173..6af1f730 100644 --- a/libsecurity_smime/lib/cmsutil.c +++ b/libsecurity_smime/lib/cmsutil.c @@ -48,18 +48,9 @@ #include #include -#if USE_CDSA_CRYPTO -#include -#include -#include - -#else #include #include -#endif - - /* * SecCmsArraySortByDER - sort array of objects by objects' DER encoding * @@ -227,27 +218,12 @@ SecCmsAlgArrayGetIndexByAlgTag(SECAlgorithmID **algorithmArray, return i; } -#if USE_CDSA_CRYPTO -CSSM_CC_HANDLE -#else void * -#endif SecCmsUtilGetHashObjByAlgID(SECAlgorithmID *algid) { SECOidData *oidData = SECOID_FindOID(&(algid->algorithm)); if (oidData) { -#if USE_CDSA_CRYPTO - CSSM_ALGORITHMS alg = oidData->cssmAlgorithm; - if (alg) - { - CSSM_CC_HANDLE digobj; - CSSM_CSP_HANDLE cspHandle = SecCspHandleForAlgorithm(alg); - - if (!CSSM_CSP_CreateDigestContext(cspHandle, alg, &digobj)) - return digobj; - } -#else void *digobj = NULL; switch (oidData->offset) { case SEC_OID_SHA1: @@ -278,7 +254,6 @@ SecCmsUtilGetHashObjByAlgID(SECAlgorithmID *algid) break; } return digobj; -#endif } return 0; diff --git a/libsecurity_smime/lib/crypto-embedded.c b/libsecurity_smime/lib/crypto-embedded.c index 77bf3006..8e9bea6b 100644 --- a/libsecurity_smime/lib/crypto-embedded.c +++ b/libsecurity_smime/lib/crypto-embedded.c @@ -396,6 +396,10 @@ SecSymmetricKeyRef WRAP_PubUnwrapSymKey(SecPrivateKeyRef privkey, const SecAsn1Item *encKey, SECOidTag bulkalgtag) { size_t bulkkey_size = encKey->Length; + if (bulkkey_size > 16384) { + return NULL; + } + uint8_t bulkkey_buffer[bulkkey_size]; if (SecKeyDecrypt(privkey, kSecPaddingPKCS1, encKey->Data, encKey->Length, bulkkey_buffer, &bulkkey_size)) diff --git a/libsecurity_smime/lib/cryptohi.h b/libsecurity_smime/lib/cryptohi.h index 87f8e129..382c0048 100644 --- a/libsecurity_smime/lib/cryptohi.h +++ b/libsecurity_smime/lib/cryptohi.h @@ -39,34 +39,8 @@ #include #include - SEC_BEGIN_PROTOS - -/****************************************/ -/* -** DER encode/decode DSA signatures -*/ - -/* ANSI X9.57 defines DSA signatures as DER encoded data. Our DSA code (and - * most of the rest of the world) just generates 40 bytes of raw data. These - * functions convert between formats. - */ -//extern SECStatus DSAU_EncodeDerSig(SecAsn1Item *dest, SecAsn1Item *src); -//extern SecAsn1Item *DSAU_DecodeDerSig(SecAsn1Item *item); - -#if USE_CDSA_CRYPTO -/* - * Return a csp handle able to deal with algorithm - */ -extern CSSM_CSP_HANDLE SecCspHandleForAlgorithm(CSSM_ALGORITHMS algorithm); - -/* - * Return a CSSM_ALGORITHMS for a given SECOidTag or 0 if there is none - */ -extern CSSM_ALGORITHMS SECOID_FindyCssmAlgorithmByTag(SECOidTag algTag); -#endif - /****************************************/ /* ** Signature creation operations diff --git a/libsecurity_smime/lib/secoid.c b/libsecurity_smime/lib/secoid.c index af40f9ca..2f0f62a9 100644 --- a/libsecurity_smime/lib/secoid.c +++ b/libsecurity_smime/lib/secoid.c @@ -38,12 +38,9 @@ #include #include -#if USE_CDSA_CRYPTO -#include -#else #include #include -#endif + #include /* MISSI Mosaic Object ID space */ @@ -487,11 +484,7 @@ CONST_OID noOid[] = { 0 }; #define OI(x) { sizeof x, (uint8_t *)x } #ifndef SECOID_NO_STRINGS -#if USE_CDSA_CRYPTO -#define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext } -#else #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, ext } -#endif #else #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, 0, mech, ext } #endif @@ -1341,28 +1334,16 @@ InitOIDHash(void) } for ( ix = 0; ix < ( sizeof(oids) / sizeof(SECOidData) ); ix++ ) { - oid = &oids[ix]; - - PORT_Assert ( oid->offset == ix ); + oid = &oids[ix]; - entry = PL_HashTableAdd( oidhash, &oid->oid, (void *)oid ); - if ( entry == NULL ) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - PORT_Assert(0); /*This function should never fail. */ - return(SECFailure); - } + PORT_Assert ( oid->offset == ix ); -#if USE_CDSA_CRYPTO - if ( oid->cssmAlgorithm.algorithm.Length /*CSSM_ALGID_NONE*/ ) { - entry = PL_HashTableAdd( oidmechhash, - (void *)&(oid->cssmAlgorithm), (void *)oid ); - if ( entry == NULL ) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - PORT_Assert(0); /* This function should never fail. */ - return(SECFailure); - } - } -#endif + entry = PL_HashTableAdd( oidhash, &oid->oid, (void *)oid ); + if ( entry == NULL ) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + PORT_Assert(0); /*This function should never fail. */ + return(SECFailure); + } } PORT_Assert (ix == SEC_OID_TOTAL); diff --git a/libsecurity_smime/lib/secoidt.h b/libsecurity_smime/lib/secoidt.h index 45731dbb..85d02020 100644 --- a/libsecurity_smime/lib/secoidt.h +++ b/libsecurity_smime/lib/secoidt.h @@ -49,9 +49,6 @@ struct SECOidDataStr { SecAsn1Item oid; SECOidTag offset; const char * desc; -#if USE_CDSA_CRYPTO - SecAsn1AlgId cssmAlgorithm; -#endif SECSupportExtenTag supportedExtension; /* only used for x.509 v3 extensions, so that we can print the names of those diff --git a/libsecurity_smime/lib/security_smime.exp b/libsecurity_smime/lib/security_smime.exp deleted file mode 100644 index c677ee5f..00000000 --- a/libsecurity_smime/lib/security_smime.exp +++ /dev/null @@ -1,116 +0,0 @@ -# -# Copyright (c) 2004,2008,2010 Apple Inc. All Rights Reserved. -# -# @APPLE_LICENSE_HEADER_START@ -# -# This file contains Original Code and/or Modifications of Original Code -# as defined in and that are subject to the Apple Public Source License -# Version 2.0 (the 'License'). You may not use this file except in -# compliance with the License. Please obtain a copy of the License at -# http://www.opensource.apple.com/apsl/ and read it before using this -# file. -# -# The Original Code and all software distributed under the License are -# distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER -# EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, -# INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. -# Please see the License for the specific language governing rights and -# limitations under the License. -# -# @APPLE_LICENSE_HEADER_END@ -# -_SecCmsContentInfoGetBulkKey -_SecCmsContentInfoGetBulkKeySize -_SecCmsContentInfoGetChildContentInfo -_SecCmsContentInfoGetContent -_SecCmsContentInfoGetContentEncAlg -_SecCmsContentInfoGetContentEncAlgTag -_SecCmsContentInfoGetContentTypeOID -_SecCmsContentInfoGetContentTypeTag -_SecCmsContentInfoGetInnerContent -_SecCmsContentInfoSetBulkKey -_SecCmsContentInfoSetContentData -_SecCmsContentInfoSetContentDigestedData -_SecCmsContentInfoSetContentEncAlg -_SecCmsContentInfoSetContentEncAlgID -_SecCmsContentInfoSetContentEncryptedData -_SecCmsContentInfoSetContentEnvelopedData -_SecCmsContentInfoSetContentSignedData -_SecCmsDecoderCreate -_SecCmsDecoderDestroy -_SecCmsDecoderFinish -_SecCmsDecoderUpdate -_SecCmsDigestContextCancel -_SecCmsDigestContextDestroy -_SecCmsDigestContextFinishMultiple -_SecCmsDigestContextStartMultiple -_SecCmsDigestContextUpdate -_SecCmsDigestedDataCreate -_SecCmsDigestedDataDestroy -_SecCmsDigestedDataGetContentInfo -_SecCmsEncoderCreate -_SecCmsEncoderDestroy -_SecCmsEncoderFinish -_SecCmsEncoderUpdate -_SecCmsEncryptedDataCreate -_SecCmsEncryptedDataDestroy -_SecCmsEncryptedDataGetContentInfo -_SecCmsEnvelopedDataCreate -_SecCmsEnvelopedDataDestroy -_SecCmsEnvelopedDataGetContentInfo -_SecCmsMessageContainsCertsOrCrls -_SecCmsMessageContentLevel -_SecCmsMessageContentLevelCount -_SecCmsMessageCopy -_SecCmsMessageCreate -_SecCmsMessageDecode -_SecCmsMessageDestroy -_SecCmsMessageEncode -_SecCmsMessageGetContent -_SecCmsMessageGetContentInfo -_SecCmsMessageIsContentEmpty -_SecCmsMessageIsEncrypted -_SecCmsMessageIsSigned -_SecCmsRecipientInfoCreate -_SecCmsRecipientInfoCreateWithSubjKeyID -_SecCmsRecipientInfoCreateWithSubjKeyIDFromCert -_SecCmsSignedDataAddCertChain -_SecCmsSignedDataAddCertList -_SecCmsSignedDataAddCertificate -_SecCmsSignedDataContainsCertsOrCrls -_SecCmsSignedDataCreate -_SecCmsSignedDataCreateCertsOnly -_SecCmsSignedDataDestroy -_SecCmsSignedDataGetCertificateList -_SecCmsSignedDataGetContentInfo -_SecCmsSignedDataGetDigestAlgs -_SecCmsSignedDataGetSignerInfo -_SecCmsSignedDataGetSignerInfos -_SecCmsSignedDataHasDigests -_SecCmsSignedDataImportCerts -_SecCmsSignedDataSetDigestContext -_SecCmsSignedDataSignerInfoCount -_SecCmsSignedDataVerifyCertsOnly -_SecCmsSignedDataVerifySignerInfo -_SecCmsSignerInfoAddCounterSignature -_SecCmsSignerInfoAddMSSMIMEEncKeyPrefs -_SecCmsSignerInfoAddSMIMECaps -_SecCmsSignerInfoAddSMIMEEncKeyPrefs -_SecCmsSignerInfoAddSigningTime -_SecCmsSignerInfoAddAppleCodesigningHashAgility -_SecCmsSignerInfoCreate -_SecCmsSignerInfoCreateWithSubjKeyID -_SecCmsSignerInfoGetCertList -_SecCmsSignerInfoGetDigestAlg -_SecCmsSignerInfoGetDigestAlgTag -_SecCmsSignerInfoGetSignerCommonName -_SecCmsSignerInfoGetSignerEmailAddress -_SecCmsSignerInfoGetSigningCertificate -_SecCmsSignerInfoGetSigningTime -_SecCmsSignerInfoGetAppleCodesigningHashAgility -_SecCmsSignerInfoGetVerificationStatus -_SecCmsSignerInfoIncludeCerts -_SecCmsSignerInfoSaveSMIMEProfile -_SecCmsUtilVerificationStatusToString -_SecSMIMEFindBulkAlgForRecipients diff --git a/libsecurity_smime/lib/smimeutil.c b/libsecurity_smime/lib/smimeutil.c index c950471c..e5d89bbc 100644 --- a/libsecurity_smime/lib/smimeutil.c +++ b/libsecurity_smime/lib/smimeutil.c @@ -193,8 +193,7 @@ SecSMIMEEnableCipher(unsigned long which, Boolean on) return SECFailure; } - if (smime_cipher_map[mapi].enabled != on) - smime_cipher_map[mapi].enabled = on; + smime_cipher_map[mapi].enabled = on; return SECSuccess; } @@ -221,8 +220,7 @@ SecSMIMEAllowCipher(unsigned long which, Boolean on) /* XXX set an error */ return SECFailure; - if (smime_cipher_map[mapi].allowed != on) - smime_cipher_map[mapi].allowed = on; + smime_cipher_map[mapi].allowed = on; return SECSuccess; } @@ -243,12 +241,7 @@ nss_smime_get_cipher_for_alg_and_key(SECAlgorithmID *algid, SecSymmetricKeyRef k algtag = SECOID_GetAlgorithmTag(algid); switch (algtag) { case SEC_OID_RC2_CBC: -#if USE_CDSA_CRYPTO - if (SecKeyGetStrengthInBits(key, algid, &keylen_bits)) - return SECFailure; -#else keylen_bits = CFDataGetLength((CFDataRef)key) * 8; -#endif switch (keylen_bits) { case 40: c = SMIME_RC2_CBC_40; @@ -478,11 +471,7 @@ smime_choose_cipher(SecCertificateRef scert, SecCertificateRef *rcerts) key = CERT_ExtractPublicKey(rcerts[rcount]); pklen_bits = 0; if (key != NULL) { -#if USE_CDSA_CRYPTO - SecKeyGetStrengthInBits(key, NULL, &pklen_bits); -#else pklen_bits = SecKeyGetSize(key, kSecKeyKeySizeInBits); -#endif SECKEY_DestroyPublicKey (key); } @@ -589,6 +578,9 @@ SecSMIMEFindBulkAlgForRecipients(SecCertificateRef *rcerts, SECOidTag *bulkalgta cipher = smime_choose_cipher(NULL, rcerts); mapi = smime_mapi_by_cipher(cipher); + if (mapi < 0) { + return SECFailure; + } *bulkalgtag = smime_cipher_map[mapi].algtag; *keysize = smime_keysize_by_cipher(smime_cipher_map[mapi].cipher); diff --git a/OSX/libsecurity_asn1/libsecurity_asn1.xcodeproj/.gitignore b/libsecurity_smime/libCMS.xcodeproj/.gitignore similarity index 100% rename from OSX/libsecurity_asn1/libsecurity_asn1.xcodeproj/.gitignore rename to libsecurity_smime/libCMS.xcodeproj/.gitignore diff --git a/libsecurity_smime/libsecurity_smime.xcodeproj/project.pbxproj b/libsecurity_smime/libCMS.xcodeproj/project.pbxproj similarity index 98% rename from libsecurity_smime/libsecurity_smime.xcodeproj/project.pbxproj rename to libsecurity_smime/libCMS.xcodeproj/project.pbxproj index 7815aa20..d816e09c 100644 --- a/libsecurity_smime/libsecurity_smime.xcodeproj/project.pbxproj +++ b/libsecurity_smime/libCMS.xcodeproj/project.pbxproj @@ -34,8 +34,6 @@ 4C2188740635F4BD00E64E02 /* SecCmsRecipientInfo.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 4CCC260B0635F1A100CBF0D4 /* SecCmsRecipientInfo.h */; }; 4C2188750635F4BD00E64E02 /* SecCmsSignedData.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 4CCC260C0635F1A100CBF0D4 /* SecCmsSignedData.h */; }; 4C2188760635F4BD00E64E02 /* SecCmsSignerInfo.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 4CCC260D0635F1A100CBF0D4 /* SecCmsSignerInfo.h */; }; - 4C2188810635F4D900E64E02 /* security_smime.exp in CopyFiles */ = {isa = PBXBuildFile; fileRef = 4C21887E0635F4D300E64E02 /* security_smime.exp */; }; - 4C2188820635F4DD00E64E02 /* security_smime.exp in CopyFiles */ = {isa = PBXBuildFile; fileRef = 4C21887E0635F4D300E64E02 /* security_smime.exp */; }; 4C27421103E9FC6700A80181 /* cmsarray.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C2741F203E9FC5B00A80181 /* cmsarray.c */; }; 4C27421303E9FC6900A80181 /* cmsasn1.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C2741F303E9FC5B00A80181 /* cmsasn1.c */; }; 4C27421403E9FC6A00A80181 /* cmsattr.c in Sources */ = {isa = PBXBuildFile; fileRef = 4C2741F403E9FC5B00A80181 /* cmsattr.c */; }; @@ -137,7 +135,6 @@ dstPath = SecurityPieces/Exports/Security; dstSubfolderSpec = 16; files = ( - 4C2188810635F4D900E64E02 /* security_smime.exp in CopyFiles */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -147,7 +144,6 @@ dstPath = /usr/local/SecurityPieces/Exports/Security; dstSubfolderSpec = 0; files = ( - 4C2188820635F4DD00E64E02 /* security_smime.exp in CopyFiles */, ); runOnlyForDeploymentPostprocessing = 1; }; @@ -196,7 +192,6 @@ /* End PBXCopyFilesBuildPhase section */ /* Begin PBXFileReference section */ - 4C21887E0635F4D300E64E02 /* security_smime.exp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.exports; path = security_smime.exp; sourceTree = ""; }; 4C2741F203E9FC5B00A80181 /* cmsarray.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = cmsarray.c; sourceTree = ""; tabWidth = 8; }; 4C2741F303E9FC5B00A80181 /* cmsasn1.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = cmsasn1.c; sourceTree = ""; tabWidth = 8; }; 4C2741F403E9FC5B00A80181 /* cmsattr.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = cmsattr.c; sourceTree = ""; tabWidth = 8; }; @@ -389,7 +384,6 @@ 4C8E166E0438EEE700CA2E66 /* secoidt.h */, 4C7183470637153700230DDE /* SecSMIME.h */, 4C424BE7063F28F600E9831A /* SecSMIMEPriv.h */, - 4C21887E0635F4D300E64E02 /* security_smime.exp */, 4C27420F03E9FC5B00A80181 /* smimeutil.c */, ); path = lib; @@ -482,7 +476,7 @@ 4C2741E803E9FBAF00A80181 /* Project object */ = { isa = PBXProject; attributes = { - LastUpgradeCheck = 0800; + LastUpgradeCheck = 0810; TargetAttributes = { D447C4DB1D31C9DD0082FC1D = { CreatedOnToolsVersion = 8.0; @@ -490,7 +484,7 @@ }; }; }; - buildConfigurationList = 79DC321B0D49473C0039E4BC /* Build configuration list for PBXProject "libsecurity_smime" */; + buildConfigurationList = 79DC321B0D49473C0039E4BC /* Build configuration list for PBXProject "libCMS" */; compatibilityVersion = "Xcode 3.2"; developmentRegion = English; hasScannedForEncodings = 1; @@ -718,6 +712,7 @@ "$(PROJECT_DIR)/../OSX/sec", "$(PROJECT_DIR)/../OSX/libsecurity_keychain/libDER", "$(PROJECT_DIR)/../OSX/libsecurity_asn1", + "$(PROJECT_DIR)/../header_symlinks/", "$(BUILT_PRODUCTS_DIR)/usr/local/include", "$(DSTROOT)/usr/local/include", ); @@ -829,6 +824,7 @@ "$(PROJECT_DIR)/../OSX/sec", "$(PROJECT_DIR)/../OSX/libsecurity_keychain/libDER", "$(PROJECT_DIR)/../OSX/libsecurity_asn1", + "$(PROJECT_DIR)/../header_symlinks/", "$(BUILT_PRODUCTS_DIR)/usr/local/include", "$(DSTROOT)/usr/local/include", ); @@ -857,7 +853,7 @@ /* End XCBuildConfiguration section */ /* Begin XCConfigurationList section */ - 79DC321B0D49473C0039E4BC /* Build configuration list for PBXProject "libsecurity_smime" */ = { + 79DC321B0D49473C0039E4BC /* Build configuration list for PBXProject "libCMS" */ = { isa = XCConfigurationList; buildConfigurations = ( 79BDD2AE0D60CA06000D84D3 /* Debug */, @@ -900,6 +896,7 @@ D447C4DD1D31C9DD0082FC1D /* Release */, ); defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; }; /* End XCConfigurationList section */ }; diff --git a/libsecurity_smime/libsecurity_smime.xcodeproj/.gitignore b/libsecurity_smime/libsecurity_smime.xcodeproj/.gitignore deleted file mode 100644 index 7f42cdde..00000000 --- a/libsecurity_smime/libsecurity_smime.xcodeproj/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -project.xcworkspace -xcuserdata diff --git a/secdtests/main.c b/secdtests/main.m similarity index 100% rename from secdtests/main.c rename to secdtests/main.m diff --git a/sectask/SecTask.h b/sectask/SecTask.h index 22200f3a..7141a5b3 100644 --- a/sectask/SecTask.h +++ b/sectask/SecTask.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008,2012-2013 Apple Inc. All Rights Reserved. + * Copyright (c) 2008,2012-2016 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * @@ -24,12 +24,24 @@ #ifndef _SECURITY_SECTASK_H_ #define _SECURITY_SECTASK_H_ +#include + #include #include + +#if SEC_OS_IPHONE_INCLUDES #include +#endif + +#if SEC_OS_OSX +#include +#endif /* SEC_OS_OSX */ __BEGIN_DECLS +CF_ASSUME_NONNULL_BEGIN +CF_IMPLICIT_BRIDGING_ENABLED + /*! @typedef SecTaskRef @abstract CFType used for representing a task @@ -51,15 +63,18 @@ CFTypeID SecTaskGetTypeID(void); @result The newly created SecTask object or NULL on error. The caller must CFRelease the returned object. */ -SecTaskRef SecTaskCreateWithAuditToken(CFAllocatorRef allocator, audit_token_t token); +__nullable +SecTaskRef SecTaskCreateWithAuditToken(CFAllocatorRef __nullable allocator, audit_token_t token); /*! - @function SecTaskCreateFromSelf - @abstract Create a SecTask object for the current task. - @result The newly created SecTask object or NULL on error. The caller must - CFRelease the returned object. - */ -SecTaskRef SecTaskCreateFromSelf(CFAllocatorRef allocator); + @function SecTaskCreateFromSelf + @abstract Create a SecTask object for the current task. + @result The newly created SecTask object or NULL on error. The caller must + CFRelease the returned object. +#ifndef LEFT +*/ +__nullable +SecTaskRef SecTaskCreateFromSelf(CFAllocatorRef __nullable allocator); /*! @function SecTaskCopyValueForEntitlement @@ -78,6 +93,7 @@ SecTaskRef SecTaskCreateFromSelf(CFAllocatorRef allocator); the entitlement is simply not present. In the latter case, no CFError is returned. */ +__nullable CFTypeRef SecTaskCopyValueForEntitlement(SecTaskRef task, CFStringRef entitlement, CFErrorRef *error); /*! @@ -92,6 +108,7 @@ CFTypeRef SecTaskCopyValueForEntitlement(SecTaskRef task, CFStringRef entitlemen returned dictionary, the entitlement is not set on the task. The caller must CFRelease the returned value */ +__nullable CFDictionaryRef SecTaskCopyValuesForEntitlements(SecTaskRef task, CFArrayRef entitlements, CFErrorRef *error); /*! @@ -102,8 +119,10 @@ CFDictionaryRef SecTaskCopyValuesForEntitlements(SecTaskRef task, CFArrayRef ent the problem. This argument may be NULL if the caller is not interested in detailed errors. The caller must CFRelease the returned value */ +__nullable CFStringRef SecTaskCopySigningIdentifier(SecTaskRef task, CFErrorRef *error); +#if SEC_OS_IPHONE /*! @function SecTaskGetCodeSignStatus @abstract Return the code sign status flags @@ -111,6 +130,11 @@ CFStringRef SecTaskCopySigningIdentifier(SecTaskRef task, CFErrorRef *error); */ uint32_t SecTaskGetCodeSignStatus(SecTaskRef task); +#endif /* SEC_OS_IPHONE */ + + +CF_IMPLICIT_BRIDGING_DISABLED +CF_ASSUME_NONNULL_END __END_DECLS diff --git a/security-sysdiagnose/security-sysdiagnose.1 b/security-sysdiagnose/security-sysdiagnose.1 new file mode 100644 index 00000000..f9629aed --- /dev/null +++ b/security-sysdiagnose/security-sysdiagnose.1 @@ -0,0 +1,15 @@ +.Dd Tue Oct 25 2016 +.Dt security-sysdiagnose 1 +.Os Darwin +.Sh NAME +.Nm security-sysdiagnose +.Nd Command line interface do dump keychain related information in sysdiagnose +.Sh SYNOPSIS +.Nm +.Sh DESCRIPTION +Command line interface do dump keychain related information in sysdiagnose. +.Sh SEE ALSO +.Xr sysdiagnose 1 , +.Sh HISTORY +.Nm +was first introduced in Mac OS X version 10.13 diff --git a/OSX/OSX.xcodeproj/project.xcworkspace/xcshareddata/WorkspaceSettings.xcsettings b/security-sysdiagnose/security-sysdiagnose.entitlements.plist similarity index 71% rename from OSX/OSX.xcodeproj/project.xcworkspace/xcshareddata/WorkspaceSettings.xcsettings rename to security-sysdiagnose/security-sysdiagnose.entitlements.plist index 08de0be8..d17fb037 100644 --- a/OSX/OSX.xcodeproj/project.xcworkspace/xcshareddata/WorkspaceSettings.xcsettings +++ b/security-sysdiagnose/security-sysdiagnose.entitlements.plist @@ -2,7 +2,7 @@ - IDEWorkspaceSharedSettings_AutocreateContextsIfNeeded - + keychain-cloud-circle + diff --git a/security-sysdiagnose/security-sysdiagnose.m b/security-sysdiagnose/security-sysdiagnose.m new file mode 100644 index 00000000..61422e86 --- /dev/null +++ b/security-sysdiagnose/security-sysdiagnose.m @@ -0,0 +1,176 @@ +/* + * Copyright (c) 2009-2010,2012-2015 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +#import +#import + +#import + +#import + +#import +#import + +#import + +#include + +#include "secToolFileIO.h" +#include "accountCirclesViewsPrint.h" + + +#include + +@interface NSString (FileOutput) +- (void) writeTo: (FILE*) file; +- (void) writeToStdOut; +- (void) writeToStdErr; +@end + +@implementation NSString (FileOutput) + +- (void) writeTo: (FILE*) file { + CFStringPerformWithCString((__bridge CFStringRef) self, ^(const char *utf8String) { fputs(utf8String, file); }); +} + +- (void) writeToStdOut { + [self writeTo: stdout]; +} +- (void) writeToStdErr { + [self writeTo: stderr]; +} + +@end + +@interface NSData (Hexinization) + +- (NSString*) asHexString; + +@end + +@implementation NSData (Hexinization) + +- (NSString*) asHexString { + return (__bridge_transfer NSString*) CFDataCopyHexString((__bridge CFDataRef)self); +} + +@end + + +static void +circle_sysdiagnose(void) +{ + SOSLogSetOutputTo(NULL,NULL); + SOSCCDumpCircleInformation(); +} + +static void +engine_sysdiagnose(void) +{ + [@"Engine state:\n" writeToStdOut]; + + CFErrorRef error = NULL; + + if (!SOSCCForEachEngineStateAsString(&error, ^(CFStringRef oneStateString) { + [(__bridge NSString*) oneStateString writeToStdOut]; + [@"\n" writeToStdOut]; + })) { + [[NSString stringWithFormat: @"No engine state, got error: %@", error] writeToStdOut]; + } +} + +static void +homekit_sysdiagnose(void) +{ +} + +static void +unlock_sysdiagnose(void) +{ +} + +static void idsproxy_print_message(CFDictionaryRef messages) +{ + NSDictionary *idsMessages = (__bridge NSDictionary *)messages; + + printf("IDS messages in flight: %d\n", (int)[idsMessages count]); + + [idsMessages enumerateKeysAndObjectsUsingBlock:^(NSString* _Nonnull identifier, NSDictionary* _Nonnull messageDictionary, BOOL * _Nonnull stop) { + printf("message identifier: %s\n", [identifier cStringUsingEncoding:NSUTF8StringEncoding]); + + NSDictionary *messageDataAndPeerID = [messageDictionary valueForKey:(__bridge NSString*)kIDSMessageToSendKey]; + [messageDataAndPeerID enumerateKeysAndObjectsUsingBlock:^(NSString* _Nonnull peerID, NSData* _Nonnull messageData, BOOL * _Nonnull stop1) { + if(messageData) + printf("size of message to recipient: %lu\n", (unsigned long)[messageData length]); + }]; + + NSString *deviceID = [messageDictionary valueForKey:(__bridge NSString*)kIDSMessageRecipientDeviceID]; + if(deviceID) + printf("recipient device id: %s\n", [deviceID cStringUsingEncoding:NSUTF8StringEncoding]); + + }]; +} + +static void +idsproxy_sysdiagnose(void) +{ + + dispatch_semaphore_t wait_for = dispatch_semaphore_create(0); + __block CFDictionaryRef returned = NULL; + + dispatch_queue_t processQueue = dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0); + SOSCloudKeychainRetrievePendingMessageFromProxy(processQueue, ^(CFDictionaryRef returnedValues, CFErrorRef error) { + secdebug("SOSCloudKeychainRetrievePendingMessageFromProxy", "returned: %@", returnedValues); + CFRetainAssign(returned, returnedValues); + dispatch_semaphore_signal(wait_for); + }); + + dispatch_semaphore_wait(wait_for, dispatch_time(DISPATCH_TIME_NOW, 2ull * NSEC_PER_SEC)); + secdebug("idsproxy sysdiagnose", "messages: %@", returned); + + idsproxy_print_message(returned); +} + +static void +kvs_sysdiagnose(void) { + SOSLogSetOutputTo(NULL,NULL); + SOSCCDumpCircleKVSInformation(NULL); +} + + +int +main(int argc, const char ** argv) +{ + @autoreleasepool { + printf("sysdiagnose keychain\n"); + + circle_sysdiagnose(); + engine_sysdiagnose(); + homekit_sysdiagnose(); + unlock_sysdiagnose(); + idsproxy_sysdiagnose(); + // Keep this one last + kvs_sysdiagnose(); + } + return 0; +} diff --git a/securityd/config/debug.xcconfig b/securityd/config/debug.xcconfig deleted file mode 100644 index 937d1775..00000000 --- a/securityd/config/debug.xcconfig +++ /dev/null @@ -1,3 +0,0 @@ -GCC_OPTIMIZATION_LEVEL = 0 -GCC_PREPROCESSOR_DEFINITIONS = DEBUG=1 $(inherited) -COPY_PHASE_STRIP = NO diff --git a/securityd/config/project.xcconfig b/securityd/config/project.xcconfig deleted file mode 100644 index 4a95ba68..00000000 --- a/securityd/config/project.xcconfig +++ /dev/null @@ -1,26 +0,0 @@ -ARCHS = $(ARCHS_STANDARD_64_BIT) -CODE_SIGN_IDENTITY = -; -GCC_VERSION = com.apple.compilers.llvm.clang.1_0 -DEBUG_INFORMATION_FORMAT = dwarf-with-dsym -SDKROOT = -CURRENT_PROJECT_VERSION = $(RC_ProjectSourceVersion) -VERSIONING_SYSTEM = apple-generic; -DEAD_CODE_STRIPPING = YES; - -FRAMEWORK_SEARCH_PATHS = $(SYSTEM_LIBRARY_DIR)/PrivateFrameworks - -PRODUCT_NAME = $(TARGET_NAME) - -ALWAYS_SEARCH_USER_PATHS = NO - -GCC_C_LANGUAGE_STANDARD = gnu99 - -WARNING_CFLAGS = -Wmost -Wno-four-char-constants -Wno-unknown-pragmas $(inherited) - -GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO - -GCC_WARN_64_TO_32_BIT_CONVERSION = YES -GCC_WARN_ABOUT_MISSING_PROTOTYPES = YES -GCC_WARN_ABOUT_RETURN_TYPE = YES -GCC_WARN_UNUSED_VARIABLE = YES -GCC_PREPROCESSOR_DEFINITIONS = $(inherited) OSSPINLOCK_USE_INLINED=0 diff --git a/securityd/config/release.xcconfig b/securityd/config/release.xcconfig deleted file mode 100644 index dc5f8761..00000000 --- a/securityd/config/release.xcconfig +++ /dev/null @@ -1,3 +0,0 @@ -GCC_PREPROCESSOR_DEFINITIONS = NDEBUG=1 $(inherited) -COPY_PHASE_STRIP = YES - diff --git a/securityd/dtrace/dtrace.mk b/securityd/dtrace/dtrace.mk deleted file mode 100644 index 37b42095..00000000 --- a/securityd/dtrace/dtrace.mk +++ /dev/null @@ -1,2 +0,0 @@ -$(DERIVED_SRC)/securityd_dtrace.h: $(SRCROOT)/src/securityd.d - /usr/sbin/dtrace -h -C -s $(SRCROOT)/src/securityd.d -o $(DERIVED_SRC)/securityd_dtrace.h diff --git a/securityd/etc/startup.mk b/securityd/etc/startup.mk deleted file mode 100644 index a965ed63..00000000 --- a/securityd/etc/startup.mk +++ /dev/null @@ -1,51 +0,0 @@ -# -# Makefile to install the system-startup code for SecurityServer -# - -# wouldn't it be nice if PBX actually $#@?@! defined those? -# (for future ref: CoreOS Makefiles define many standard path vars) -# Note: CORE_SERVICES_DIR should be absolute path in target environment (don't prefix with DSTROOT) -SYSTEM_LIBRARY_DIR=$(DSTROOT)/System/Library -SYSTEM_CORE_SERVICES_DIR=/System/Library/CoreServices -ETC_DIR=$(DSTROOT)/private/etc -LAUNCH_DIR=$(DSTROOT)/System/Library/LaunchDaemons -#AUTHORIZATION_LOCATION=$(ETC_DIR) -#AUTHORIZATION_PLIST=$(AUTHORIZATION_LOCATION)/authorization -VARDB=$(DSTROOT)/private/var/db - -SRC=$(SRCROOT)/etc - - -# -# The other phases do nothing -# -build: - @echo null build. - -debug: - @echo null debug. - -profile: - @echo null profile. - -# -# Install -# -install: - mkdir -p $(LAUNCH_DIR) - cp $(SRC)/com.apple.securityd.plist $(LAUNCH_DIR) - #mkdir -p $(AUTHORIZATION_LOCATION) - #plutil -lint $(SRC)/authorization.plist - #cp $(SRC)/authorization.plist $(AUTHORIZATION_PLIST) - #chown root:wheel $(AUTHORIZATION_PLIST) - #chmod 644 $(AUTHORIZATION_PLIST) - mkdir -p $(VARDB) - -installhdrs: - @echo null installhdrs. - -installsrc: - @echo null installsrc. - -clean: - @echo null clean. diff --git a/securityd/mig/mig.mk b/securityd/mig/mig.mk deleted file mode 100644 index 4f4c7596..00000000 --- a/securityd/mig/mig.mk +++ /dev/null @@ -1,47 +0,0 @@ -# -# Copyright (c) 2003-2004,2014 Apple Inc. All Rights Reserved. -# -# @APPLE_LICENSE_HEADER_START@ -# -# This file contains Original Code and/or Modifications of Original Code -# as defined in and that are subject to the Apple Public Source License -# Version 2.0 (the 'License'). You may not use this file except in -# compliance with the License. Please obtain a copy of the License at -# http://www.opensource.apple.com/apsl/ and read it before using this -# file. -# -# The Original Code and all software distributed under the License are -# distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER -# EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, -# INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. -# Please see the License for the specific language governing rights and -# limitations under the License. -# -# @APPLE_LICENSE_HEADER_END@ -# -# Makefile to build MIG-generated sources and headers -# -DERIVED_SRC = $(BUILT_PRODUCTS_DIR)/derived_src - -HDRS = $(DERIVED_SRC)/self.h -SRCS = $(DERIVED_SRC)/selfServer.cpp $(DERIVED_SRC)/selfUser.cpp -SDKROOT := $(shell xcrun --show-sdk-path --sdk macosx.internal) - -build: $(HDRS) $(SRCS) - -install: build - -installhdrs: $(HDRS) - -installsrc: - -clean: - rm -f $(HDRS) $(SRCS) - -$(DERIVED_SRC)/self.h $(DERIVED_SRC)/selfServer.cpp $(DERIVED_SRC)/selfUser.cpp: $(SRCROOT)/mig/self.defs - mkdir -p $(DERIVED_SRC) - xcrun mig -isysroot "$(SDKROOT)" \ - -server $(DERIVED_SRC)/selfServer.cpp \ - -user $(DERIVED_SRC)/selfUser.cpp \ - -header $(DERIVED_SRC)/self.h $(SRCROOT)/mig/self.defs diff --git a/securityd/security_agent_client b/securityd/security_agent_client deleted file mode 120000 index e83fc10f..00000000 --- a/securityd/security_agent_client +++ /dev/null @@ -1 +0,0 @@ -./lib \ No newline at end of file diff --git a/securityd/security_agent_server b/securityd/security_agent_server deleted file mode 120000 index e83fc10f..00000000 --- a/securityd/security_agent_server +++ /dev/null @@ -1 +0,0 @@ -./lib \ No newline at end of file diff --git a/securityd/securityd.xcodeproj/project.pbxproj b/securityd/securityd.xcodeproj/project.pbxproj deleted file mode 100644 index 40e245db..00000000 --- a/securityd/securityd.xcodeproj/project.pbxproj +++ /dev/null @@ -1,1140 +0,0 @@ -// !$*UTF8*$! -{ - archiveVersion = 1; - classes = { - }; - objectVersion = 46; - objects = { - -/* Begin PBXAggregateTarget section */ - AA6D4B7A0E6F3A910050206D /* mig */ = { - isa = PBXAggregateTarget; - buildConfigurationList = AA6D4B7F0E6F3AE50050206D /* Build configuration list for PBXAggregateTarget "mig" */; - buildPhases = ( - AA6D4B790E6F3A910050206D /* ShellScript */, - ); - dependencies = ( - ); - name = mig; - productName = mig_native; - }; - AA6D4B810E6F3B210050206D /* startup */ = { - isa = PBXAggregateTarget; - buildConfigurationList = AA6D4B860E6F3B8D0050206D /* Build configuration list for PBXAggregateTarget "startup" */; - buildPhases = ( - AA6D4B800E6F3B210050206D /* ShellScript */, - ); - dependencies = ( - ); - name = startup; - productName = startup_native; - }; - C26CF02C0CD934260094DD9D /* DTrace */ = { - isa = PBXAggregateTarget; - buildConfigurationList = C26CF03B0CD934420094DD9D /* Build configuration list for PBXAggregateTarget "DTrace" */; - buildPhases = ( - C26CF0360CD9343A0094DD9D /* ShellScript */, - ); - dependencies = ( - ); - name = DTrace; - productName = DTrace; - }; -/* End PBXAggregateTarget section */ - -/* Begin PBXBuildFile section */ - 1865FFB11474FED300FD79DF /* libsecurity_tokend_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1865FFB01474FED300FD79DF /* libsecurity_tokend_client.a */; }; - 1865FFB3147505C800FD79DF /* libbsm.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 1865FFB2147505C800FD79DF /* libbsm.dylib */; }; - 1865FFCF1475169A00FD79DF /* libsecurityd_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1865FFCE1475169A00FD79DF /* libsecurityd_client.a */; }; - 1865FFDC14751B0600FD79DF /* libobjc.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 18B967B514731B78005A4D2E /* libobjc.dylib */; }; - 1865FFE114751C9100FD79DF /* libauto.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 18B967B314731B69005A4D2E /* libauto.dylib */; }; - 1865FFEB1475208B00FD79DF /* libsqlite3.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 18B967B114731B55005A4D2E /* libsqlite3.dylib */; }; - 18B27134148C2C3D0087AE98 /* securityd_dtrace.h in Headers */ = {isa = PBXBuildFile; fileRef = 18B27133148C2C3D0087AE98 /* securityd_dtrace.h */; }; - 18B965D314731963005A4D2E /* libsecurity_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18B965D214731963005A4D2E /* libsecurity_utilities.a */; }; - 18B965D51473197B005A4D2E /* libsecurity_cdsa_utilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18B965D41473197B005A4D2E /* libsecurity_cdsa_utilities.a */; }; - 18B965D614731996005A4D2E /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CDD506B0537666500FEC36D /* IOKit.framework */; }; - 18B965D71473199F005A4D2E /* CoreFoundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CDD5018053765A900FEC36D /* CoreFoundation.framework */; }; - 18B965D8147319A6005A4D2E /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CDD5019053765A900FEC36D /* Security.framework */; }; - 18B965DA147319C8005A4D2E /* libsecurity_cdsa_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18B965D9147319C8005A4D2E /* libsecurity_cdsa_client.a */; }; - 18B965DC147319E5005A4D2E /* libsecurityd_server.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18B965DB147319E5005A4D2E /* libsecurityd_server.a */; }; - 18B965DD147319F6005A4D2E /* PCSC.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = C276AAD60663E7A400B57276 /* PCSC.framework */; }; - 18CE013F17147A46008C042F /* libsecuritydservice_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18CE013E17147A46008C042F /* libsecuritydservice_client.a */; }; - 44AF7EE01BB445BA005E9265 /* libDiagnosticMessagesClient.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 44AF7EDF1BB445BA005E9265 /* libDiagnosticMessagesClient.dylib */; }; - 4E0BB2B40F79590300BBFEFA /* ccaudit_extensions.h in Headers */ = {isa = PBXBuildFile; fileRef = 4E0BB2B20F79590300BBFEFA /* ccaudit_extensions.h */; }; - 4E0BB2B50F79590300BBFEFA /* ccaudit_extensions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4E0BB2B30F79590300BBFEFA /* ccaudit_extensions.cpp */; }; - 53002F001818A7C300900564 /* libsecurity_codesigning.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1865FFD0147516CF00FD79DF /* libsecurity_codesigning.a */; }; - AAC707230E6F4335003CC2B2 /* acl_keychain.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C9264990534866F004B0E72 /* acl_keychain.h */; }; - AAC707240E6F4335003CC2B2 /* acls.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C92649B0534866F004B0E72 /* acls.h */; }; - AAC707250E6F4335003CC2B2 /* agentquery.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C92649D0534866F004B0E72 /* agentquery.h */; }; - AAC7072B0E6F4335003CC2B2 /* child.h in Headers */ = {isa = PBXBuildFile; fileRef = 4CB5ACBA06680AE000F359A9 /* child.h */; }; - AAC7072C0E6F4335003CC2B2 /* codesigdb.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C9264A90534866F004B0E72 /* codesigdb.h */; }; - AAC7072D0E6F4335003CC2B2 /* connection.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C9264AB0534866F004B0E72 /* connection.h */; }; - AAC7072E0E6F4335003CC2B2 /* database.h in Headers */ = {isa = PBXBuildFile; fileRef = C2B8DBC805E6C3CE00E6E67C /* database.h */; }; - AAC7072F0E6F4335003CC2B2 /* dbcrypto.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C9264AD0534866F004B0E72 /* dbcrypto.h */; }; - AAC707300E6F4335003CC2B2 /* entropy.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C9264AF0534866F004B0E72 /* entropy.h */; }; - AAC707310E6F4335003CC2B2 /* kcdatabase.h in Headers */ = {isa = PBXBuildFile; fileRef = C2B8DBCA05E6C3CE00E6E67C /* kcdatabase.h */; }; - AAC707320E6F4335003CC2B2 /* kckey.h in Headers */ = {isa = PBXBuildFile; fileRef = C207646405EAD713004FEEDA /* kckey.h */; }; - AAC707330E6F4335003CC2B2 /* key.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C9264B60534866F004B0E72 /* key.h */; }; - AAC707340E6F4335003CC2B2 /* localdatabase.h in Headers */ = {isa = PBXBuildFile; fileRef = C20764E505ED250F004FEEDA /* localdatabase.h */; }; - AAC707350E6F4335003CC2B2 /* localkey.h in Headers */ = {isa = PBXBuildFile; fileRef = C20764E705ED250F004FEEDA /* localkey.h */; }; - AAC707360E6F4335003CC2B2 /* notifications.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C9264B90534866F004B0E72 /* notifications.h */; }; - AAC707370E6F4335003CC2B2 /* pcscmonitor.h in Headers */ = {isa = PBXBuildFile; fileRef = C2FDCABE0663CD5B0013F64C /* pcscmonitor.h */; }; - AAC707380E6F4335003CC2B2 /* process.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C9264BB0534866F004B0E72 /* process.h */; }; - AAC707390E6F4335003CC2B2 /* reader.h in Headers */ = {isa = PBXBuildFile; fileRef = C2FDCAC00663CD5B0013F64C /* reader.h */; }; - AAC7073A0E6F4335003CC2B2 /* server.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C9264BF0534866F004B0E72 /* server.h */; }; - AAC7073B0E6F4335003CC2B2 /* session.h in Headers */ = {isa = PBXBuildFile; fileRef = 4C9264C10534866F004B0E72 /* session.h */; }; - AAC7073C0E6F4335003CC2B2 /* structure.h in Headers */ = {isa = PBXBuildFile; fileRef = C28ACF9B05C9940B00447176 /* structure.h */; }; - AAC7073D0E6F4335003CC2B2 /* tempdatabase.h in Headers */ = {isa = PBXBuildFile; fileRef = C20AF37D05F689540055732C /* tempdatabase.h */; }; - AAC7073E0E6F4335003CC2B2 /* token.h in Headers */ = {isa = PBXBuildFile; fileRef = C2FDCAC20663CD5B0013F64C /* token.h */; }; - AAC7073F0E6F4335003CC2B2 /* tokendatabase.h in Headers */ = {isa = PBXBuildFile; fileRef = C2D425F205F3C07400CB11F8 /* tokendatabase.h */; }; - AAC707400E6F4335003CC2B2 /* tokencache.h in Headers */ = {isa = PBXBuildFile; fileRef = C26EA9520688CF34007CE21D /* tokencache.h */; }; - AAC707410E6F4335003CC2B2 /* self.h in Headers */ = {isa = PBXBuildFile; fileRef = C209B3B206ADBE64007B9E6D /* self.h */; }; - AAC707420E6F4335003CC2B2 /* tokend.h in Headers */ = {isa = PBXBuildFile; fileRef = C22A7F8D06AF06D9006087B7 /* tokend.h */; }; - AAC707430E6F4335003CC2B2 /* tokenkey.h in Headers */ = {isa = PBXBuildFile; fileRef = C26D533806C1E70A00062E1E /* tokenkey.h */; }; - AAC707440E6F4335003CC2B2 /* tokenacl.h in Headers */ = {isa = PBXBuildFile; fileRef = C28654B106DBC2A30021E6E5 /* tokenacl.h */; }; - AAC707450E6F4335003CC2B2 /* tokenaccess.h in Headers */ = {isa = PBXBuildFile; fileRef = C2813C800730534A00E243E8 /* tokenaccess.h */; }; - AAC707460E6F4335003CC2B2 /* authhost.h in Headers */ = {isa = PBXBuildFile; fileRef = 40689F840725DCE00021A502 /* authhost.h */; }; - AAC707470E6F4335003CC2B2 /* SharedMemoryServer.h in Headers */ = {isa = PBXBuildFile; fileRef = D6C887EE0A55B6220044DFD2 /* SharedMemoryServer.h */; }; - AAC707480E6F4335003CC2B2 /* csproxy.h in Headers */ = {isa = PBXBuildFile; fileRef = C2BD5FDB0AC47E850057FD3D /* csproxy.h */; }; - AAC707490E6F4335003CC2B2 /* credential.h in Headers */ = {isa = PBXBuildFile; fileRef = 407ACD060AE5B57700A9DA90 /* credential.h */; }; - AAC7074B0E6F4335003CC2B2 /* clientid.h in Headers */ = {isa = PBXBuildFile; fileRef = C22C34530B278EB60009368E /* clientid.h */; }; - AAC7074C0E6F4335003CC2B2 /* dtrace.h in Headers */ = {isa = PBXBuildFile; fileRef = C26CF0880CDFE1180094DD9D /* dtrace.h */; }; - AAC7074D0E6F4352003CC2B2 /* acl_keychain.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C9264980534866F004B0E72 /* acl_keychain.cpp */; }; - AAC7074E0E6F4352003CC2B2 /* acls.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C92649A0534866F004B0E72 /* acls.cpp */; }; - AAC7074F0E6F4352003CC2B2 /* agentquery.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C92649C0534866F004B0E72 /* agentquery.cpp */; }; - AAC707550E6F4352003CC2B2 /* child.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4CB5ACB906680AE000F359A9 /* child.cpp */; }; - AAC707560E6F4352003CC2B2 /* codesigdb.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C9264A80534866F004B0E72 /* codesigdb.cpp */; }; - AAC707570E6F4352003CC2B2 /* connection.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C9264AA0534866F004B0E72 /* connection.cpp */; }; - AAC707580E6F4352003CC2B2 /* database.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2B8DBC705E6C3CE00E6E67C /* database.cpp */; }; - AAC707590E6F4352003CC2B2 /* dbcrypto.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C9264AC0534866F004B0E72 /* dbcrypto.cpp */; }; - AAC7075A0E6F4352003CC2B2 /* entropy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C9264AE0534866F004B0E72 /* entropy.cpp */; }; - AAC7075B0E6F4352003CC2B2 /* kcdatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2B8DBC905E6C3CE00E6E67C /* kcdatabase.cpp */; }; - AAC7075C0E6F4352003CC2B2 /* kckey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C207646305EAD713004FEEDA /* kckey.cpp */; }; - AAC7075D0E6F4352003CC2B2 /* key.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C9264B50534866F004B0E72 /* key.cpp */; }; - AAC7075E0E6F4352003CC2B2 /* localdatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C20764E405ED250F004FEEDA /* localdatabase.cpp */; }; - AAC7075F0E6F4352003CC2B2 /* localkey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C20764E605ED250F004FEEDA /* localkey.cpp */; }; - AAC707600E6F4352003CC2B2 /* main.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C9264B70534866F004B0E72 /* main.cpp */; }; - AAC707610E6F4352003CC2B2 /* notifications.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C9264B80534866F004B0E72 /* notifications.cpp */; }; - AAC707620E6F4352003CC2B2 /* pcscmonitor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2FDCABD0663CD5B0013F64C /* pcscmonitor.cpp */; }; - AAC707630E6F4352003CC2B2 /* process.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C9264BA0534866F004B0E72 /* process.cpp */; }; - AAC707640E6F4352003CC2B2 /* reader.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2FDCABF0663CD5B0013F64C /* reader.cpp */; }; - AAC707650E6F4352003CC2B2 /* server.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C9264BE0534866F004B0E72 /* server.cpp */; }; - AAC707660E6F4352003CC2B2 /* session.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C9264C00534866F004B0E72 /* session.cpp */; }; - AAC707670E6F4352003CC2B2 /* structure.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C28ACF9A05C9940B00447176 /* structure.cpp */; }; - AAC707680E6F4352003CC2B2 /* tempdatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C20AF37C05F689540055732C /* tempdatabase.cpp */; }; - AAC707690E6F4352003CC2B2 /* token.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2FDCAC10663CD5B0013F64C /* token.cpp */; }; - AAC7076A0E6F4352003CC2B2 /* tokendatabase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2D425F105F3C07400CB11F8 /* tokendatabase.cpp */; }; - AAC7076B0E6F4352003CC2B2 /* transition.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4C9264C20534866F004B0E72 /* transition.cpp */; }; - AAC7076C0E6F4352003CC2B2 /* tokencache.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C26EA9510688CF34007CE21D /* tokencache.cpp */; }; - AAC7076D0E6F4352003CC2B2 /* selfServer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C209B3B306ADBE64007B9E6D /* selfServer.cpp */; }; - AAC7076E0E6F4352003CC2B2 /* selfUser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C209B3B406ADBE64007B9E6D /* selfUser.cpp */; }; - AAC7076F0E6F4352003CC2B2 /* tokend.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C22A7F8C06AF06D9006087B7 /* tokend.cpp */; }; - AAC707700E6F4352003CC2B2 /* tokenkey.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C26D533706C1E70A00062E1E /* tokenkey.cpp */; }; - AAC707710E6F4352003CC2B2 /* tokenacl.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C28654B006DBC2A30021E6E5 /* tokenacl.cpp */; }; - AAC707720E6F4352003CC2B2 /* tokenaccess.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2813C7F0730534A00E243E8 /* tokenaccess.cpp */; }; - AAC707730E6F4352003CC2B2 /* authhost.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 40689F850725DCE00021A502 /* authhost.cpp */; }; - AAC707740E6F4352003CC2B2 /* SharedMemoryServer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = D6C887ED0A55B6220044DFD2 /* SharedMemoryServer.cpp */; }; - AAC707750E6F4352003CC2B2 /* csproxy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2BD5FDA0AC47E850057FD3D /* csproxy.cpp */; }; - AAC707760E6F4352003CC2B2 /* credential.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 407ACD070AE5B57700A9DA90 /* credential.cpp */; }; - AAC707780E6F4352003CC2B2 /* clientid.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C22C34520B278EB60009368E /* clientid.cpp */; }; - C2407A1D1B30C86C0067E6AE /* libutilities.a in Frameworks */ = {isa = PBXBuildFile; fileRef = C2407A1C1B30C86C0067E6AE /* libutilities.a */; }; - C274C51E0F9E8E0F001ABDA3 /* auditevents.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C274C51C0F9E8E0F001ABDA3 /* auditevents.cpp */; }; - C274C51F0F9E8E0F001ABDA3 /* auditevents.h in Headers */ = {isa = PBXBuildFile; fileRef = C274C51D0F9E8E0F001ABDA3 /* auditevents.h */; }; - C2E8FBA51B8FABFE00156D36 /* acl_partition.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2E8FBA31B8FABFE00156D36 /* acl_partition.cpp */; }; - C2E8FBA61B8FABFE00156D36 /* acl_partition.h in Headers */ = {isa = PBXBuildFile; fileRef = C2E8FBA41B8FABFE00156D36 /* acl_partition.h */; }; - DCA615241CB5E5E8009F460D /* System.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = DCA615231CB5E5E7009F460D /* System.framework */; }; - ED5130690E7F1259002A3749 /* securityd.1 in CopyFiles */ = {isa = PBXBuildFile; fileRef = 4CE1878706FFC5D60079D235 /* securityd.1 */; }; -/* End PBXBuildFile section */ - -/* Begin PBXContainerItemProxy section */ - 1820DFC71714D3F800CA851F /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 80C7A77A167FF4FF001533BE /* securityd_service.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 1843240D1714797D00196B52; - remoteInfo = securitydservice_client; - }; - 18CE013D17147A46008C042F /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 80C7A77A167FF4FF001533BE /* securityd_service.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 1843240E1714797D00196B52; - remoteInfo = securitydservice_client; - }; - 53002F061818A7C400900564 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 80C7A77A167FF4FF001533BE /* securityd_service.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 18F4808E17497521009724DB; - remoteInfo = KeyStoreEvents; - }; - 80C7A78C167FF586001533BE /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 80C7A77A167FF4FF001533BE /* securityd_service.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 189D4635166AC95C001D8533; - remoteInfo = securityd_service; - }; - 80C7A78E167FF586001533BE /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 80C7A77A167FF4FF001533BE /* securityd_service.xcodeproj */; - proxyType = 2; - remoteGlobalIDString = 189D465B166C15C1001D8533; - remoteInfo = securitydservicectrl; - }; - 80C7A790167FF9D3001533BE /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 80C7A77A167FF4FF001533BE /* securityd_service.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 189D4634166AC95C001D8533; - remoteInfo = securityd_service; - }; - AA1A9FF80E71EF08003D0309 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEB0052A3C5800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = C26CF02C0CD934260094DD9D; - remoteInfo = DTrace; - }; - AA1AA00E0E71F2ED003D0309 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEB0052A3C5800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = AA6D4B810E6F3B210050206D; - remoteInfo = startup; - }; - AA1AA0100E71F2F7003D0309 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 4CA1FEB0052A3C5800F22E42 /* Project object */; - proxyType = 1; - remoteGlobalIDString = AA6D4B7A0E6F3A910050206D; - remoteInfo = mig; - }; -/* End PBXContainerItemProxy section */ - -/* Begin PBXCopyFilesBuildPhase section */ - ED51306A0E7F1277002A3749 /* CopyFiles */ = { - isa = PBXCopyFilesBuildPhase; - buildActionMask = 8; - dstPath = /usr/share/man/man1; - dstSubfolderSpec = 0; - files = ( - ED5130690E7F1259002A3749 /* securityd.1 in CopyFiles */, - ); - runOnlyForDeploymentPostprocessing = 1; - }; -/* End PBXCopyFilesBuildPhase section */ - -/* Begin PBXFileReference section */ - 1865FFA01474FB1100FD79DF /* debug.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = debug.xcconfig; sourceTree = ""; }; - 1865FFA11474FB1100FD79DF /* project.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = project.xcconfig; sourceTree = ""; }; - 1865FFA21474FB1100FD79DF /* release.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = release.xcconfig; sourceTree = ""; }; - 1865FFB01474FED300FD79DF /* libsecurity_tokend_client.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurity_tokend_client.a; path = /usr/local/lib/libsecurity_tokend_client.a; sourceTree = ""; }; - 1865FFB2147505C800FD79DF /* libbsm.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libbsm.dylib; path = /usr/lib/libbsm.dylib; sourceTree = ""; }; - 1865FFCE1475169A00FD79DF /* libsecurityd_client.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurityd_client.a; path = /usr/local/lib/libsecurityd_client.a; sourceTree = ""; }; - 1865FFD0147516CF00FD79DF /* libsecurity_codesigning.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurity_codesigning.a; path = /usr/local/lib/libsecurity_codesigning.a; sourceTree = ""; }; - 18B27133148C2C3D0087AE98 /* securityd_dtrace.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = securityd_dtrace.h; path = derived_src/securityd_dtrace.h; sourceTree = BUILT_PRODUCTS_DIR; }; - 18B965D214731963005A4D2E /* libsecurity_utilities.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurity_utilities.a; path = /usr/local/lib/libsecurity_utilities.a; sourceTree = ""; }; - 18B965D41473197B005A4D2E /* libsecurity_cdsa_utilities.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurity_cdsa_utilities.a; path = /usr/local/lib/libsecurity_cdsa_utilities.a; sourceTree = ""; }; - 18B965D9147319C8005A4D2E /* libsecurity_cdsa_client.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurity_cdsa_client.a; path = /usr/local/lib/libsecurity_cdsa_client.a; sourceTree = ""; }; - 18B965DB147319E5005A4D2E /* libsecurityd_server.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libsecurityd_server.a; path = /usr/local/lib/libsecurityd_server.a; sourceTree = ""; }; - 18B967B114731B55005A4D2E /* libsqlite3.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libsqlite3.dylib; path = /usr/lib/libsqlite3.dylib; sourceTree = ""; }; - 18B967B314731B69005A4D2E /* libauto.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libauto.dylib; path = /usr/lib/libauto.dylib; sourceTree = ""; }; - 18B967B514731B78005A4D2E /* libobjc.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libobjc.dylib; path = /usr/lib/libobjc.dylib; sourceTree = ""; }; - 40689F840725DCE00021A502 /* authhost.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = authhost.h; sourceTree = ""; }; - 40689F850725DCE00021A502 /* authhost.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = authhost.cpp; sourceTree = ""; }; - 407ACD060AE5B57700A9DA90 /* credential.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = credential.h; sourceTree = ""; }; - 407ACD070AE5B57700A9DA90 /* credential.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = credential.cpp; sourceTree = ""; }; - 43D720FA1A23F1490091236D /* agentclient.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = agentclient.h; sourceTree = ""; }; - 44AF7EDF1BB445BA005E9265 /* libDiagnosticMessagesClient.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libDiagnosticMessagesClient.dylib; path = /usr/lib/libDiagnosticMessagesClient.dylib; sourceTree = ""; }; - 4C9264980534866F004B0E72 /* acl_keychain.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = acl_keychain.cpp; sourceTree = ""; }; - 4C9264990534866F004B0E72 /* acl_keychain.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = acl_keychain.h; sourceTree = ""; }; - 4C92649A0534866F004B0E72 /* acls.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = acls.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4C92649B0534866F004B0E72 /* acls.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = acls.h; sourceTree = ""; }; - 4C92649C0534866F004B0E72 /* agentquery.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = agentquery.cpp; sourceTree = ""; }; - 4C92649D0534866F004B0E72 /* agentquery.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = agentquery.h; sourceTree = ""; }; - 4C9264A80534866F004B0E72 /* codesigdb.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = codesigdb.cpp; sourceTree = ""; }; - 4C9264A90534866F004B0E72 /* codesigdb.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = codesigdb.h; sourceTree = ""; }; - 4C9264AA0534866F004B0E72 /* connection.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = connection.cpp; sourceTree = ""; }; - 4C9264AB0534866F004B0E72 /* connection.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = connection.h; sourceTree = ""; }; - 4C9264AC0534866F004B0E72 /* dbcrypto.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = dbcrypto.cpp; sourceTree = ""; }; - 4C9264AD0534866F004B0E72 /* dbcrypto.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = dbcrypto.h; sourceTree = ""; }; - 4C9264AE0534866F004B0E72 /* entropy.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = entropy.cpp; sourceTree = ""; }; - 4C9264AF0534866F004B0E72 /* entropy.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = entropy.h; sourceTree = ""; }; - 4C9264B50534866F004B0E72 /* key.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = key.cpp; sourceTree = ""; }; - 4C9264B60534866F004B0E72 /* key.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = key.h; sourceTree = ""; }; - 4C9264B70534866F004B0E72 /* main.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = main.cpp; sourceTree = ""; }; - 4C9264B80534866F004B0E72 /* notifications.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = notifications.cpp; sourceTree = ""; }; - 4C9264B90534866F004B0E72 /* notifications.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = notifications.h; sourceTree = ""; }; - 4C9264BA0534866F004B0E72 /* process.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = process.cpp; sourceTree = ""; }; - 4C9264BB0534866F004B0E72 /* process.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = process.h; sourceTree = ""; }; - 4C9264BC0534866F004B0E72 /* securityd.order */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = securityd.order; sourceTree = ""; }; - 4C9264BE0534866F004B0E72 /* server.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = server.cpp; sourceTree = ""; }; - 4C9264BF0534866F004B0E72 /* server.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = server.h; sourceTree = ""; }; - 4C9264C00534866F004B0E72 /* session.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = session.cpp; sourceTree = ""; }; - 4C9264C10534866F004B0E72 /* session.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = session.h; sourceTree = ""; }; - 4C9264C20534866F004B0E72 /* transition.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = transition.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - 4CB5ACB906680AE000F359A9 /* child.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = child.cpp; sourceTree = ""; }; - 4CB5ACBA06680AE000F359A9 /* child.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = child.h; sourceTree = ""; }; - 4CD8CCC0055884E0006B3584 /* startup.mk */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = startup.mk; sourceTree = ""; }; - 4CDD5018053765A900FEC36D /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = /System/Library/Frameworks/CoreFoundation.framework; sourceTree = ""; }; - 4CDD5019053765A900FEC36D /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = /System/Library/Frameworks/Security.framework; sourceTree = ""; }; - 4CDD506B0537666500FEC36D /* IOKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = IOKit.framework; path = /System/Library/Frameworks/IOKit.framework; sourceTree = ""; }; - 4CE1878606FFC5D60079D235 /* BLOBFORMAT */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = BLOBFORMAT; sourceTree = ""; }; - 4CE1878706FFC5D60079D235 /* securityd.1 */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.man; path = securityd.1; sourceTree = ""; }; - 4E0BB2B20F79590300BBFEFA /* ccaudit_extensions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ccaudit_extensions.h; sourceTree = ""; }; - 4E0BB2B30F79590300BBFEFA /* ccaudit_extensions.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ccaudit_extensions.cpp; sourceTree = ""; }; - 80C7A77A167FF4FF001533BE /* securityd_service.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; name = securityd_service.xcodeproj; path = securityd_service/securityd_service.xcodeproj; sourceTree = ""; }; - AA6D4B8A0E6F3BB80050206D /* securityd */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = securityd; sourceTree = BUILT_PRODUCTS_DIR; }; - AAA020B10E367BB000A6F842 /* dtrace.mk */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = dtrace.mk; path = dtrace/dtrace.mk; sourceTree = ""; }; - C207646305EAD713004FEEDA /* kckey.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = kckey.cpp; sourceTree = ""; }; - C207646405EAD713004FEEDA /* kckey.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = kckey.h; sourceTree = ""; }; - C20764E405ED250F004FEEDA /* localdatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = localdatabase.cpp; sourceTree = ""; }; - C20764E505ED250F004FEEDA /* localdatabase.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = localdatabase.h; sourceTree = ""; }; - C20764E605ED250F004FEEDA /* localkey.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = localkey.cpp; sourceTree = ""; }; - C20764E705ED250F004FEEDA /* localkey.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = localkey.h; sourceTree = ""; }; - C209B3AD06ADBDB4007B9E6D /* mig.mk */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = mig.mk; sourceTree = ""; }; - C209B3AE06ADBDB4007B9E6D /* self.defs */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.mig; path = self.defs; sourceTree = ""; }; - C209B3B206ADBE64007B9E6D /* self.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; name = self.h; path = derived_src/self.h; sourceTree = BUILT_PRODUCTS_DIR; }; - C209B3B306ADBE64007B9E6D /* selfServer.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = selfServer.cpp; path = derived_src/selfServer.cpp; sourceTree = BUILT_PRODUCTS_DIR; }; - C209B3B406ADBE64007B9E6D /* selfUser.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; name = selfUser.cpp; path = derived_src/selfUser.cpp; sourceTree = BUILT_PRODUCTS_DIR; }; - C20AF37C05F689540055732C /* tempdatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tempdatabase.cpp; sourceTree = ""; }; - C20AF37D05F689540055732C /* tempdatabase.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tempdatabase.h; sourceTree = ""; }; - C22A7F8C06AF06D9006087B7 /* tokend.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tokend.cpp; sourceTree = ""; }; - C22A7F8D06AF06D9006087B7 /* tokend.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tokend.h; sourceTree = ""; }; - C22C34520B278EB60009368E /* clientid.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = clientid.cpp; sourceTree = ""; }; - C22C34530B278EB60009368E /* clientid.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = clientid.h; sourceTree = ""; }; - C2407A1C1B30C86C0067E6AE /* libutilities.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libutilities.a; path = ../../../../../d/workspaces/Build/Debug/libutilities.a; sourceTree = ""; }; - C26CF0230CD933AE0094DD9D /* securityd.d */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.dtrace; name = securityd.d; path = src/securityd.d; sourceTree = ""; }; - C26CF0880CDFE1180094DD9D /* dtrace.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = dtrace.h; path = src/dtrace.h; sourceTree = ""; }; - C26D533706C1E70A00062E1E /* tokenkey.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tokenkey.cpp; sourceTree = ""; }; - C26D533806C1E70A00062E1E /* tokenkey.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tokenkey.h; sourceTree = ""; }; - C26EA9510688CF34007CE21D /* tokencache.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tokencache.cpp; sourceTree = ""; }; - C26EA9520688CF34007CE21D /* tokencache.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tokencache.h; sourceTree = ""; }; - C26FB2650BC2C3A300D8EFC8 /* com.apple.securityd.plist */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.plist.xml; path = com.apple.securityd.plist; sourceTree = ""; }; - C274C51C0F9E8E0F001ABDA3 /* auditevents.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = auditevents.cpp; sourceTree = ""; }; - C274C51D0F9E8E0F001ABDA3 /* auditevents.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = auditevents.h; sourceTree = ""; }; - C276AAD60663E7A400B57276 /* PCSC.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = PCSC.framework; path = /System/Library/Frameworks/PCSC.framework; sourceTree = ""; }; - C2813C7F0730534A00E243E8 /* tokenaccess.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tokenaccess.cpp; sourceTree = ""; }; - C2813C800730534A00E243E8 /* tokenaccess.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tokenaccess.h; sourceTree = ""; }; - C28654B006DBC2A30021E6E5 /* tokenacl.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tokenacl.cpp; sourceTree = ""; }; - C28654B106DBC2A30021E6E5 /* tokenacl.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tokenacl.h; sourceTree = ""; }; - C28ACF9A05C9940B00447176 /* structure.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = structure.cpp; sourceTree = ""; }; - C28ACF9B05C9940B00447176 /* structure.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = structure.h; sourceTree = ""; }; - C2B8DBC705E6C3CE00E6E67C /* database.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = database.cpp; sourceTree = ""; }; - C2B8DBC805E6C3CE00E6E67C /* database.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = database.h; sourceTree = ""; }; - C2B8DBC905E6C3CE00E6E67C /* kcdatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; path = kcdatabase.cpp; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.cpp; }; - C2B8DBCA05E6C3CE00E6E67C /* kcdatabase.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = kcdatabase.h; sourceTree = ""; }; - C2BD5FDA0AC47E850057FD3D /* csproxy.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = csproxy.cpp; sourceTree = ""; }; - C2BD5FDB0AC47E850057FD3D /* csproxy.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = csproxy.h; sourceTree = ""; }; - C2CB75A90CE26A3600727A2B /* securityd-watch.d */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.dtrace; name = "securityd-watch.d"; path = "dtrace/securityd-watch.d"; sourceTree = ""; }; - C2D425F105F3C07400CB11F8 /* tokendatabase.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = tokendatabase.cpp; sourceTree = ""; }; - C2D425F205F3C07400CB11F8 /* tokendatabase.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = tokendatabase.h; sourceTree = ""; }; - C2E8FBA31B8FABFE00156D36 /* acl_partition.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = acl_partition.cpp; sourceTree = ""; }; - C2E8FBA41B8FABFE00156D36 /* acl_partition.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acl_partition.h; sourceTree = ""; }; - C2FDCABD0663CD5B0013F64C /* pcscmonitor.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = pcscmonitor.cpp; sourceTree = ""; }; - C2FDCABE0663CD5B0013F64C /* pcscmonitor.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = pcscmonitor.h; sourceTree = ""; }; - C2FDCABF0663CD5B0013F64C /* reader.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = reader.cpp; sourceTree = ""; }; - C2FDCAC00663CD5B0013F64C /* reader.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = reader.h; sourceTree = ""; }; - C2FDCAC10663CD5B0013F64C /* token.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = token.cpp; sourceTree = ""; }; - C2FDCAC20663CD5B0013F64C /* token.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = token.h; sourceTree = ""; }; - D6C887ED0A55B6220044DFD2 /* SharedMemoryServer.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = SharedMemoryServer.cpp; sourceTree = ""; }; - D6C887EE0A55B6220044DFD2 /* SharedMemoryServer.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SharedMemoryServer.h; sourceTree = ""; }; - DCA615231CB5E5E7009F460D /* System.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = System.framework; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.Internal.sdk/System/Library/Frameworks/System.framework; sourceTree = DEVELOPER_DIR; }; -/* End PBXFileReference section */ - -/* Begin PBXFrameworksBuildPhase section */ - AA6D4B880E6F3BB80050206D /* Frameworks */ = { - isa = PBXFrameworksBuildPhase; - buildActionMask = 2147483647; - files = ( - 44AF7EE01BB445BA005E9265 /* libDiagnosticMessagesClient.dylib in Frameworks */, - 53002F001818A7C300900564 /* libsecurity_codesigning.a in Frameworks */, - 18CE013F17147A46008C042F /* libsecuritydservice_client.a in Frameworks */, - 1865FFEB1475208B00FD79DF /* libsqlite3.dylib in Frameworks */, - 1865FFE114751C9100FD79DF /* libauto.dylib in Frameworks */, - 1865FFDC14751B0600FD79DF /* libobjc.dylib in Frameworks */, - 1865FFCF1475169A00FD79DF /* libsecurityd_client.a in Frameworks */, - 18B965DC147319E5005A4D2E /* libsecurityd_server.a in Frameworks */, - 1865FFB11474FED300FD79DF /* libsecurity_tokend_client.a in Frameworks */, - 18B965D51473197B005A4D2E /* libsecurity_cdsa_utilities.a in Frameworks */, - 18B965DA147319C8005A4D2E /* libsecurity_cdsa_client.a in Frameworks */, - 18B965D314731963005A4D2E /* libsecurity_utilities.a in Frameworks */, - 1865FFB3147505C800FD79DF /* libbsm.dylib in Frameworks */, - C2407A1D1B30C86C0067E6AE /* libutilities.a in Frameworks */, - 18B965DD147319F6005A4D2E /* PCSC.framework in Frameworks */, - 18B965D8147319A6005A4D2E /* Security.framework in Frameworks */, - DCA615241CB5E5E8009F460D /* System.framework in Frameworks */, - 18B965D71473199F005A4D2E /* CoreFoundation.framework in Frameworks */, - 18B965D614731996005A4D2E /* IOKit.framework in Frameworks */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXFrameworksBuildPhase section */ - -/* Begin PBXGroup section */ - 1865FF9F1474FB1100FD79DF /* config */ = { - isa = PBXGroup; - children = ( - 1865FFA01474FB1100FD79DF /* debug.xcconfig */, - 1865FFA11474FB1100FD79DF /* project.xcconfig */, - 1865FFA21474FB1100FD79DF /* release.xcconfig */, - ); - path = config; - sourceTree = ""; - }; - 4C9264970534866F004B0E72 /* src */ = { - isa = PBXGroup; - children = ( - 4C9264B70534866F004B0E72 /* main.cpp */, - C28AE81406CD7DA100BE0061 /* Core Structure */, - C2C8B29806F8A60F000EBDA2 /* Crypto */, - C28AE81706CD7DC500BE0061 /* Database Types */, - C28AE81A06CD7DE200BE0061 /* Smartcards */, - C28AE82306CD7E0F00BE0061 /* Transit */, - C28AE82606CD7E4700BE0061 /* ACLs */, - C28AE81106CD7D7800BE0061 /* Authorization */, - C22C34510B278E950009368E /* Client Identification */, - C26AC79D0DAED222005BFB40 /* Code Signing */, - C28AE83906CD7EE900BE0061 /* Support */, - ); - path = src; - sourceTree = ""; - }; - 4CA1FEAC052A3C5800F22E42 = { - isa = PBXGroup; - children = ( - DCA615231CB5E5E7009F460D /* System.framework */, - C2407A1C1B30C86C0067E6AE /* libutilities.a */, - 80C7A77A167FF4FF001533BE /* securityd_service.xcodeproj */, - 1865FF9F1474FB1100FD79DF /* config */, - 4C9264970534866F004B0E72 /* src */, - C209B39106ADBB19007B9E6D /* mig */, - C26CF0290CD933D60094DD9D /* DTrace */, - 4CE1878506FFC5D60079D235 /* doc */, - C209B39406ADBB2B007B9E6D /* derived_src */, - C28AE82006CD7DF500BE0061 /* Build Stuff */, - 4CDD50150537658500FEC36D /* Linked Frameworks */, - 4CA1FEB7052A3C6D00F22E42 /* Products */, - 4CD8CCBB055884E0006B3584 /* Other Installs */, - ); - sourceTree = ""; - }; - 4CA1FEB7052A3C6D00F22E42 /* Products */ = { - isa = PBXGroup; - children = ( - AA6D4B8A0E6F3BB80050206D /* securityd */, - ); - name = Products; - sourceTree = ""; - }; - 4CD8CCBB055884E0006B3584 /* Other Installs */ = { - isa = PBXGroup; - children = ( - C26FB2650BC2C3A300D8EFC8 /* com.apple.securityd.plist */, - 4CD8CCC0055884E0006B3584 /* startup.mk */, - ); - name = "Other Installs"; - path = etc; - sourceTree = ""; - }; - 4CDD50150537658500FEC36D /* Linked Frameworks */ = { - isa = PBXGroup; - children = ( - 1865FFD0147516CF00FD79DF /* libsecurity_codesigning.a */, - 1865FFCE1475169A00FD79DF /* libsecurityd_client.a */, - 1865FFB2147505C800FD79DF /* libbsm.dylib */, - 1865FFB01474FED300FD79DF /* libsecurity_tokend_client.a */, - 18B967B514731B78005A4D2E /* libobjc.dylib */, - 18B967B314731B69005A4D2E /* libauto.dylib */, - 18B967B114731B55005A4D2E /* libsqlite3.dylib */, - 44AF7EDF1BB445BA005E9265 /* libDiagnosticMessagesClient.dylib */, - 18B965DB147319E5005A4D2E /* libsecurityd_server.a */, - 18B965D9147319C8005A4D2E /* libsecurity_cdsa_client.a */, - 18B965D41473197B005A4D2E /* libsecurity_cdsa_utilities.a */, - 18B965D214731963005A4D2E /* libsecurity_utilities.a */, - 4CDD5018053765A900FEC36D /* CoreFoundation.framework */, - 4CDD506B0537666500FEC36D /* IOKit.framework */, - C276AAD60663E7A400B57276 /* PCSC.framework */, - 4CDD5019053765A900FEC36D /* Security.framework */, - ); - name = "Linked Frameworks"; - path = src; - sourceTree = ""; - }; - 4CE1878506FFC5D60079D235 /* doc */ = { - isa = PBXGroup; - children = ( - 4CE1878606FFC5D60079D235 /* BLOBFORMAT */, - 4CE1878706FFC5D60079D235 /* securityd.1 */, - ); - path = doc; - sourceTree = ""; - }; - 80C7A788167FF586001533BE /* Products */ = { - isa = PBXGroup; - children = ( - 80C7A78D167FF586001533BE /* securityd_service */, - 80C7A78F167FF586001533BE /* securitydservicectrl */, - 18CE013E17147A46008C042F /* libsecuritydservice_client.a */, - 53002F071818A7C400900564 /* com.apple.KeyStore.plugin */, - ); - name = Products; - sourceTree = ""; - }; - C209B39106ADBB19007B9E6D /* mig */ = { - isa = PBXGroup; - children = ( - C209B3AD06ADBDB4007B9E6D /* mig.mk */, - C209B3AE06ADBDB4007B9E6D /* self.defs */, - ); - path = mig; - sourceTree = ""; - }; - C209B39406ADBB2B007B9E6D /* derived_src */ = { - isa = PBXGroup; - children = ( - C209B3B206ADBE64007B9E6D /* self.h */, - C209B3B306ADBE64007B9E6D /* selfServer.cpp */, - C209B3B406ADBE64007B9E6D /* selfUser.cpp */, - ); - path = derived_src; - sourceTree = BUILT_PRODUCTS_DIR; - }; - C22C34510B278E950009368E /* Client Identification */ = { - isa = PBXGroup; - children = ( - C22C34530B278EB60009368E /* clientid.h */, - C22C34520B278EB60009368E /* clientid.cpp */, - 4C9264A90534866F004B0E72 /* codesigdb.h */, - 4C9264A80534866F004B0E72 /* codesigdb.cpp */, - ); - name = "Client Identification"; - sourceTree = ""; - }; - C26AC79D0DAED222005BFB40 /* Code Signing */ = { - isa = PBXGroup; - children = ( - C2BD5FDB0AC47E850057FD3D /* csproxy.h */, - C2BD5FDA0AC47E850057FD3D /* csproxy.cpp */, - ); - name = "Code Signing"; - sourceTree = ""; - }; - C26CF0290CD933D60094DD9D /* DTrace */ = { - isa = PBXGroup; - children = ( - 18B27133148C2C3D0087AE98 /* securityd_dtrace.h */, - C26CF0230CD933AE0094DD9D /* securityd.d */, - C26CF0880CDFE1180094DD9D /* dtrace.h */, - C2CB75A90CE26A3600727A2B /* securityd-watch.d */, - AAA020B10E367BB000A6F842 /* dtrace.mk */, - ); - name = DTrace; - sourceTree = ""; - }; - C28AE7FE06CD7CFF00BE0061 /* Token */ = { - isa = PBXGroup; - children = ( - C2D425F205F3C07400CB11F8 /* tokendatabase.h */, - C2D425F105F3C07400CB11F8 /* tokendatabase.cpp */, - C26D533806C1E70A00062E1E /* tokenkey.h */, - C26D533706C1E70A00062E1E /* tokenkey.cpp */, - C2813C800730534A00E243E8 /* tokenaccess.h */, - C2813C7F0730534A00E243E8 /* tokenaccess.cpp */, - ); - name = Token; - sourceTree = ""; - }; - C28AE80106CD7D0E00BE0061 /* Temporary */ = { - isa = PBXGroup; - children = ( - C20AF37D05F689540055732C /* tempdatabase.h */, - C20AF37C05F689540055732C /* tempdatabase.cpp */, - ); - name = Temporary; - sourceTree = ""; - }; - C28AE80406CD7D1D00BE0061 /* Local */ = { - isa = PBXGroup; - children = ( - C20764E505ED250F004FEEDA /* localdatabase.h */, - C20764E405ED250F004FEEDA /* localdatabase.cpp */, - C20764E705ED250F004FEEDA /* localkey.h */, - C20764E605ED250F004FEEDA /* localkey.cpp */, - ); - name = Local; - sourceTree = ""; - }; - C28AE80706CD7D2700BE0061 /* Keychain */ = { - isa = PBXGroup; - children = ( - C2B8DBCA05E6C3CE00E6E67C /* kcdatabase.h */, - C2B8DBC905E6C3CE00E6E67C /* kcdatabase.cpp */, - C207646405EAD713004FEEDA /* kckey.h */, - C207646305EAD713004FEEDA /* kckey.cpp */, - ); - name = Keychain; - sourceTree = ""; - }; - C28AE81106CD7D7800BE0061 /* Authorization */ = { - isa = PBXGroup; - children = ( - 40689F840725DCE00021A502 /* authhost.h */, - 40689F850725DCE00021A502 /* authhost.cpp */, - 407ACD060AE5B57700A9DA90 /* credential.h */, - 407ACD070AE5B57700A9DA90 /* credential.cpp */, - ); - name = Authorization; - sourceTree = ""; - }; - C28AE81406CD7DA100BE0061 /* Core Structure */ = { - isa = PBXGroup; - children = ( - 4C9264AB0534866F004B0E72 /* connection.h */, - 4C9264AA0534866F004B0E72 /* connection.cpp */, - C2B8DBC805E6C3CE00E6E67C /* database.h */, - C2B8DBC705E6C3CE00E6E67C /* database.cpp */, - 4C9264B60534866F004B0E72 /* key.h */, - 4C9264B50534866F004B0E72 /* key.cpp */, - 4C9264BB0534866F004B0E72 /* process.h */, - 4C9264BA0534866F004B0E72 /* process.cpp */, - 4C9264BF0534866F004B0E72 /* server.h */, - 4C9264BE0534866F004B0E72 /* server.cpp */, - 4C9264C10534866F004B0E72 /* session.h */, - 4C9264C00534866F004B0E72 /* session.cpp */, - C28ACF9B05C9940B00447176 /* structure.h */, - C28ACF9A05C9940B00447176 /* structure.cpp */, - ); - name = "Core Structure"; - sourceTree = ""; - }; - C28AE81706CD7DC500BE0061 /* Database Types */ = { - isa = PBXGroup; - children = ( - C28AE80406CD7D1D00BE0061 /* Local */, - C28AE80706CD7D2700BE0061 /* Keychain */, - C28AE80106CD7D0E00BE0061 /* Temporary */, - C28AE7FE06CD7CFF00BE0061 /* Token */, - ); - name = "Database Types"; - sourceTree = ""; - }; - C28AE81A06CD7DE200BE0061 /* Smartcards */ = { - isa = PBXGroup; - children = ( - C2FDCABE0663CD5B0013F64C /* pcscmonitor.h */, - C2FDCABD0663CD5B0013F64C /* pcscmonitor.cpp */, - C2FDCAC00663CD5B0013F64C /* reader.h */, - C2FDCABF0663CD5B0013F64C /* reader.cpp */, - C2FDCAC20663CD5B0013F64C /* token.h */, - C2FDCAC10663CD5B0013F64C /* token.cpp */, - C22A7F8D06AF06D9006087B7 /* tokend.h */, - C22A7F8C06AF06D9006087B7 /* tokend.cpp */, - C26EA9520688CF34007CE21D /* tokencache.h */, - C26EA9510688CF34007CE21D /* tokencache.cpp */, - ); - name = Smartcards; - sourceTree = ""; - }; - C28AE82006CD7DF500BE0061 /* Build Stuff */ = { - isa = PBXGroup; - children = ( - 4C9264BC0534866F004B0E72 /* securityd.order */, - ); - name = "Build Stuff"; - path = src; - sourceTree = ""; - }; - C28AE82306CD7E0F00BE0061 /* Transit */ = { - isa = PBXGroup; - children = ( - 4C9264C20534866F004B0E72 /* transition.cpp */, - ); - name = Transit; - sourceTree = ""; - }; - C28AE82606CD7E4700BE0061 /* ACLs */ = { - isa = PBXGroup; - children = ( - 4C92649B0534866F004B0E72 /* acls.h */, - 4C92649A0534866F004B0E72 /* acls.cpp */, - C28654B106DBC2A30021E6E5 /* tokenacl.h */, - C28654B006DBC2A30021E6E5 /* tokenacl.cpp */, - 4C9264990534866F004B0E72 /* acl_keychain.h */, - 4C9264980534866F004B0E72 /* acl_keychain.cpp */, - C2E8FBA41B8FABFE00156D36 /* acl_partition.h */, - C2E8FBA31B8FABFE00156D36 /* acl_partition.cpp */, - ); - name = ACLs; - sourceTree = ""; - }; - C28AE83906CD7EE900BE0061 /* Support */ = { - isa = PBXGroup; - children = ( - 43D720FA1A23F1490091236D /* agentclient.h */, - 4C92649D0534866F004B0E72 /* agentquery.h */, - 4C92649C0534866F004B0E72 /* agentquery.cpp */, - C274C51D0F9E8E0F001ABDA3 /* auditevents.h */, - C274C51C0F9E8E0F001ABDA3 /* auditevents.cpp */, - 4E0BB2B20F79590300BBFEFA /* ccaudit_extensions.h */, - 4E0BB2B30F79590300BBFEFA /* ccaudit_extensions.cpp */, - 4CB5ACBA06680AE000F359A9 /* child.h */, - 4CB5ACB906680AE000F359A9 /* child.cpp */, - 4C9264AF0534866F004B0E72 /* entropy.h */, - 4C9264AE0534866F004B0E72 /* entropy.cpp */, - 4C9264B90534866F004B0E72 /* notifications.h */, - 4C9264B80534866F004B0E72 /* notifications.cpp */, - D6C887EE0A55B6220044DFD2 /* SharedMemoryServer.h */, - D6C887ED0A55B6220044DFD2 /* SharedMemoryServer.cpp */, - ); - name = Support; - sourceTree = ""; - }; - C2C8B29806F8A60F000EBDA2 /* Crypto */ = { - isa = PBXGroup; - children = ( - 4C9264AD0534866F004B0E72 /* dbcrypto.h */, - 4C9264AC0534866F004B0E72 /* dbcrypto.cpp */, - ); - name = Crypto; - sourceTree = ""; - }; -/* End PBXGroup section */ - -/* Begin PBXHeadersBuildPhase section */ - AAC7077A0E6F437A003CC2B2 /* Headers */ = { - isa = PBXHeadersBuildPhase; - buildActionMask = 2147483647; - files = ( - AAC707230E6F4335003CC2B2 /* acl_keychain.h in Headers */, - AAC707240E6F4335003CC2B2 /* acls.h in Headers */, - AAC707250E6F4335003CC2B2 /* agentquery.h in Headers */, - AAC7072B0E6F4335003CC2B2 /* child.h in Headers */, - AAC7072C0E6F4335003CC2B2 /* codesigdb.h in Headers */, - AAC7072D0E6F4335003CC2B2 /* connection.h in Headers */, - AAC7072E0E6F4335003CC2B2 /* database.h in Headers */, - AAC7072F0E6F4335003CC2B2 /* dbcrypto.h in Headers */, - AAC707300E6F4335003CC2B2 /* entropy.h in Headers */, - AAC707310E6F4335003CC2B2 /* kcdatabase.h in Headers */, - AAC707320E6F4335003CC2B2 /* kckey.h in Headers */, - AAC707330E6F4335003CC2B2 /* key.h in Headers */, - AAC707340E6F4335003CC2B2 /* localdatabase.h in Headers */, - AAC707350E6F4335003CC2B2 /* localkey.h in Headers */, - AAC707360E6F4335003CC2B2 /* notifications.h in Headers */, - AAC707370E6F4335003CC2B2 /* pcscmonitor.h in Headers */, - AAC707380E6F4335003CC2B2 /* process.h in Headers */, - AAC707390E6F4335003CC2B2 /* reader.h in Headers */, - AAC7073A0E6F4335003CC2B2 /* server.h in Headers */, - AAC7073B0E6F4335003CC2B2 /* session.h in Headers */, - AAC7073C0E6F4335003CC2B2 /* structure.h in Headers */, - AAC7073D0E6F4335003CC2B2 /* tempdatabase.h in Headers */, - AAC7073E0E6F4335003CC2B2 /* token.h in Headers */, - AAC7073F0E6F4335003CC2B2 /* tokendatabase.h in Headers */, - AAC707400E6F4335003CC2B2 /* tokencache.h in Headers */, - AAC707410E6F4335003CC2B2 /* self.h in Headers */, - AAC707420E6F4335003CC2B2 /* tokend.h in Headers */, - AAC707430E6F4335003CC2B2 /* tokenkey.h in Headers */, - AAC707440E6F4335003CC2B2 /* tokenacl.h in Headers */, - AAC707450E6F4335003CC2B2 /* tokenaccess.h in Headers */, - AAC707460E6F4335003CC2B2 /* authhost.h in Headers */, - C2E8FBA61B8FABFE00156D36 /* acl_partition.h in Headers */, - AAC707470E6F4335003CC2B2 /* SharedMemoryServer.h in Headers */, - AAC707480E6F4335003CC2B2 /* csproxy.h in Headers */, - AAC707490E6F4335003CC2B2 /* credential.h in Headers */, - AAC7074B0E6F4335003CC2B2 /* clientid.h in Headers */, - AAC7074C0E6F4335003CC2B2 /* dtrace.h in Headers */, - 4E0BB2B40F79590300BBFEFA /* ccaudit_extensions.h in Headers */, - C274C51F0F9E8E0F001ABDA3 /* auditevents.h in Headers */, - 18B27134148C2C3D0087AE98 /* securityd_dtrace.h in Headers */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXHeadersBuildPhase section */ - -/* Begin PBXNativeTarget section */ - AA6D4B890E6F3BB80050206D /* securityd */ = { - isa = PBXNativeTarget; - buildConfigurationList = AA6D4B900E6F3BE80050206D /* Build configuration list for PBXNativeTarget "securityd" */; - buildPhases = ( - AAC7077A0E6F437A003CC2B2 /* Headers */, - AA6D4B870E6F3BB80050206D /* Sources */, - AA6D4B880E6F3BB80050206D /* Frameworks */, - ED51306A0E7F1277002A3749 /* CopyFiles */, - ); - buildRules = ( - ); - dependencies = ( - 1820DFC81714D3F800CA851F /* PBXTargetDependency */, - 80C7A791167FF9D3001533BE /* PBXTargetDependency */, - AA1AA00F0E71F2ED003D0309 /* PBXTargetDependency */, - AA1AA0110E71F2F7003D0309 /* PBXTargetDependency */, - AA1A9FF90E71EF08003D0309 /* PBXTargetDependency */, - ); - name = securityd; - productName = securityd_native; - productReference = AA6D4B8A0E6F3BB80050206D /* securityd */; - productType = "com.apple.product-type.tool"; - }; -/* End PBXNativeTarget section */ - -/* Begin PBXProject section */ - 4CA1FEB0052A3C5800F22E42 /* Project object */ = { - isa = PBXProject; - attributes = { - LastUpgradeCheck = 0800; - }; - buildConfigurationList = C27AD4AD0987FCF4001272E0 /* Build configuration list for PBXProject "securityd" */; - compatibilityVersion = "Xcode 3.2"; - developmentRegion = English; - hasScannedForEncodings = 1; - knownRegions = ( - English, - Japanese, - French, - German, - ); - mainGroup = 4CA1FEAC052A3C5800F22E42; - productRefGroup = 4CA1FEB7052A3C6D00F22E42 /* Products */; - projectDirPath = ""; - projectReferences = ( - { - ProductGroup = 80C7A788167FF586001533BE /* Products */; - ProjectRef = 80C7A77A167FF4FF001533BE /* securityd_service.xcodeproj */; - }, - ); - projectRoot = ""; - targets = ( - AA6D4B890E6F3BB80050206D /* securityd */, - C26CF02C0CD934260094DD9D /* DTrace */, - AA6D4B7A0E6F3A910050206D /* mig */, - AA6D4B810E6F3B210050206D /* startup */, - ); - }; -/* End PBXProject section */ - -/* Begin PBXReferenceProxy section */ - 18CE013E17147A46008C042F /* libsecuritydservice_client.a */ = { - isa = PBXReferenceProxy; - fileType = archive.ar; - path = libsecuritydservice_client.a; - remoteRef = 18CE013D17147A46008C042F /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 53002F071818A7C400900564 /* com.apple.KeyStore.plugin */ = { - isa = PBXReferenceProxy; - fileType = wrapper.cfbundle; - path = com.apple.KeyStore.plugin; - remoteRef = 53002F061818A7C400900564 /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 80C7A78D167FF586001533BE /* securityd_service */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = securityd_service; - remoteRef = 80C7A78C167FF586001533BE /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; - 80C7A78F167FF586001533BE /* securitydservicectrl */ = { - isa = PBXReferenceProxy; - fileType = "compiled.mach-o.executable"; - path = securitydservicectrl; - remoteRef = 80C7A78E167FF586001533BE /* PBXContainerItemProxy */; - sourceTree = BUILT_PRODUCTS_DIR; - }; -/* End PBXReferenceProxy section */ - -/* Begin PBXShellScriptBuildPhase section */ - AA6D4B790E6F3A910050206D /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - ); - outputPaths = ( - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "if [ -f $SRCROOT/securityd/etc/startup.mk ]; then SRCROOT=$SRCROOT/securityd; fi; make -f $SRCROOT/mig/mig.mk"; - }; - AA6D4B800E6F3B210050206D /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - ); - outputPaths = ( - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/sh; - shellScript = "if [ -f $SRCROOT/securityd/etc/startup.mk ]; then SRCROOT=$SRCROOT/securityd; fi; /usr/bin/gnumake -f $SRCROOT/etc/startup.mk $ACTION"; - }; - C26CF0360CD9343A0094DD9D /* ShellScript */ = { - isa = PBXShellScriptBuildPhase; - buildActionMask = 2147483647; - files = ( - ); - inputPaths = ( - ); - outputPaths = ( - ); - runOnlyForDeploymentPostprocessing = 0; - shellPath = /bin/bash; - shellScript = "if [ -f $SRCROOT/securityd/etc/startup.mk ]; then SRCROOT=$SRCROOT/securityd; fi; export DERIVED_SRC=$BUILT_PRODUCTS_DIR/derived_src; mkdir -p $DERIVED_SRC; make -f $SRCROOT/dtrace/dtrace.mk"; - }; -/* End PBXShellScriptBuildPhase section */ - -/* Begin PBXSourcesBuildPhase section */ - AA6D4B870E6F3BB80050206D /* Sources */ = { - isa = PBXSourcesBuildPhase; - buildActionMask = 2147483647; - files = ( - AAC7074D0E6F4352003CC2B2 /* acl_keychain.cpp in Sources */, - AAC7074E0E6F4352003CC2B2 /* acls.cpp in Sources */, - AAC7074F0E6F4352003CC2B2 /* agentquery.cpp in Sources */, - AAC707550E6F4352003CC2B2 /* child.cpp in Sources */, - AAC707560E6F4352003CC2B2 /* codesigdb.cpp in Sources */, - AAC707570E6F4352003CC2B2 /* connection.cpp in Sources */, - AAC707580E6F4352003CC2B2 /* database.cpp in Sources */, - AAC707590E6F4352003CC2B2 /* dbcrypto.cpp in Sources */, - AAC7075A0E6F4352003CC2B2 /* entropy.cpp in Sources */, - AAC7075B0E6F4352003CC2B2 /* kcdatabase.cpp in Sources */, - AAC7075C0E6F4352003CC2B2 /* kckey.cpp in Sources */, - AAC7075D0E6F4352003CC2B2 /* key.cpp in Sources */, - AAC7075E0E6F4352003CC2B2 /* localdatabase.cpp in Sources */, - AAC7075F0E6F4352003CC2B2 /* localkey.cpp in Sources */, - AAC707600E6F4352003CC2B2 /* main.cpp in Sources */, - AAC707610E6F4352003CC2B2 /* notifications.cpp in Sources */, - AAC707620E6F4352003CC2B2 /* pcscmonitor.cpp in Sources */, - AAC707630E6F4352003CC2B2 /* process.cpp in Sources */, - AAC707640E6F4352003CC2B2 /* reader.cpp in Sources */, - AAC707650E6F4352003CC2B2 /* server.cpp in Sources */, - AAC707660E6F4352003CC2B2 /* session.cpp in Sources */, - AAC707670E6F4352003CC2B2 /* structure.cpp in Sources */, - AAC707680E6F4352003CC2B2 /* tempdatabase.cpp in Sources */, - AAC707690E6F4352003CC2B2 /* token.cpp in Sources */, - AAC7076A0E6F4352003CC2B2 /* tokendatabase.cpp in Sources */, - AAC7076B0E6F4352003CC2B2 /* transition.cpp in Sources */, - AAC7076C0E6F4352003CC2B2 /* tokencache.cpp in Sources */, - AAC7076D0E6F4352003CC2B2 /* selfServer.cpp in Sources */, - AAC7076E0E6F4352003CC2B2 /* selfUser.cpp in Sources */, - AAC7076F0E6F4352003CC2B2 /* tokend.cpp in Sources */, - AAC707700E6F4352003CC2B2 /* tokenkey.cpp in Sources */, - AAC707710E6F4352003CC2B2 /* tokenacl.cpp in Sources */, - AAC707720E6F4352003CC2B2 /* tokenaccess.cpp in Sources */, - AAC707730E6F4352003CC2B2 /* authhost.cpp in Sources */, - AAC707740E6F4352003CC2B2 /* SharedMemoryServer.cpp in Sources */, - AAC707750E6F4352003CC2B2 /* csproxy.cpp in Sources */, - AAC707760E6F4352003CC2B2 /* credential.cpp in Sources */, - AAC707780E6F4352003CC2B2 /* clientid.cpp in Sources */, - C2E8FBA51B8FABFE00156D36 /* acl_partition.cpp in Sources */, - 4E0BB2B50F79590300BBFEFA /* ccaudit_extensions.cpp in Sources */, - C274C51E0F9E8E0F001ABDA3 /* auditevents.cpp in Sources */, - ); - runOnlyForDeploymentPostprocessing = 0; - }; -/* End PBXSourcesBuildPhase section */ - -/* Begin PBXTargetDependency section */ - 1820DFC81714D3F800CA851F /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = securitydservice_client; - targetProxy = 1820DFC71714D3F800CA851F /* PBXContainerItemProxy */; - }; - 80C7A791167FF9D3001533BE /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = securityd_service; - targetProxy = 80C7A790167FF9D3001533BE /* PBXContainerItemProxy */; - }; - AA1A9FF90E71EF08003D0309 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = C26CF02C0CD934260094DD9D /* DTrace */; - targetProxy = AA1A9FF80E71EF08003D0309 /* PBXContainerItemProxy */; - }; - AA1AA00F0E71F2ED003D0309 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = AA6D4B810E6F3B210050206D /* startup */; - targetProxy = AA1AA00E0E71F2ED003D0309 /* PBXContainerItemProxy */; - }; - AA1AA0110E71F2F7003D0309 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - target = AA6D4B7A0E6F3A910050206D /* mig */; - targetProxy = AA1AA0100E71F2F7003D0309 /* PBXContainerItemProxy */; - }; -/* End PBXTargetDependency section */ - -/* Begin XCBuildConfiguration section */ - AA6D4B7B0E6F3A910050206D /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - }; - name = Debug; - }; - AA6D4B7E0E6F3A910050206D /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - }; - name = Release; - }; - AA6D4B820E6F3B210050206D /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - }; - name = Debug; - }; - AA6D4B850E6F3B210050206D /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - }; - name = Release; - }; - AA6D4B8C0E6F3BB80050206D /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1865FFA01474FB1100FD79DF /* debug.xcconfig */; - buildSettings = { - CODE_SIGN_IDENTITY = "-"; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)", - "$(PROJECT_DIR)/../OSX/include", - "$(PROJECT_DIR)/../OSX/utilities", - "$(BUILT_PRODUCTS_DIR)/derived_src", - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/Frameworks/System.framework/PrivateHeaders", - ); - INSTALL_PATH = /usr/sbin; - LIBRARY_SEARCH_PATHS = "$(inherited)"; - ORDER_FILE = src/securityd.order; - SDKROOT = macosx.internal; - }; - name = Debug; - }; - AA6D4B8F0E6F3BB80050206D /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1865FFA21474FB1100FD79DF /* release.xcconfig */; - buildSettings = { - CODE_SIGN_IDENTITY = "-"; - HEADER_SEARCH_PATHS = ( - "$(PROJECT_DIR)", - "$(PROJECT_DIR)/../OSX/include", - "$(PROJECT_DIR)/../OSX/utilities", - "$(BUILT_PRODUCTS_DIR)/derived_src", - "$(inherited)", - "$(SYSTEM_LIBRARY_DIR)/Frameworks/System.framework/PrivateHeaders", - ); - INSTALL_PATH = /usr/sbin; - LIBRARY_SEARCH_PATHS = "$(inherited)"; - ORDER_FILE = src/securityd.order; - SDKROOT = macosx.internal; - }; - name = Release; - }; - C26CF02D0CD934260094DD9D /* Debug */ = { - isa = XCBuildConfiguration; - buildSettings = { - }; - name = Debug; - }; - C26CF0300CD934260094DD9D /* Release */ = { - isa = XCBuildConfiguration; - buildSettings = { - }; - name = Release; - }; - C27AD4AE0987FCF4001272E0 /* Debug */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1865FFA11474FB1100FD79DF /* project.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = lossless; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - ENABLE_TESTABILITY = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - ONLY_ACTIVE_ARCH = YES; - }; - name = Debug; - }; - C27AD4B10987FCF4001272E0 /* Release */ = { - isa = XCBuildConfiguration; - baseConfigurationReference = 1865FFA11474FB1100FD79DF /* project.xcconfig */; - buildSettings = { - ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; - CLANG_WARN_BOOL_CONVERSION = YES; - CLANG_WARN_CONSTANT_CONVERSION = YES; - CLANG_WARN_EMPTY_BODY = YES; - CLANG_WARN_ENUM_CONVERSION = YES; - CLANG_WARN_INT_CONVERSION = YES; - CLANG_WARN_UNREACHABLE_CODE = YES; - CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; - ENABLE_STRICT_OBJC_MSGSEND = YES; - GCC_NO_COMMON_BLOCKS = YES; - GCC_TREAT_WARNINGS_AS_ERRORS = YES; - GCC_WARN_UNDECLARED_SELECTOR = YES; - GCC_WARN_UNINITIALIZED_AUTOS = YES; - GCC_WARN_UNUSED_FUNCTION = YES; - }; - name = Release; - }; -/* End XCBuildConfiguration section */ - -/* Begin XCConfigurationList section */ - AA6D4B7F0E6F3AE50050206D /* Build configuration list for PBXAggregateTarget "mig" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - AA6D4B7B0E6F3A910050206D /* Debug */, - AA6D4B7E0E6F3A910050206D /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - AA6D4B860E6F3B8D0050206D /* Build configuration list for PBXAggregateTarget "startup" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - AA6D4B820E6F3B210050206D /* Debug */, - AA6D4B850E6F3B210050206D /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - AA6D4B900E6F3BE80050206D /* Build configuration list for PBXNativeTarget "securityd" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - AA6D4B8C0E6F3BB80050206D /* Debug */, - AA6D4B8F0E6F3BB80050206D /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C26CF03B0CD934420094DD9D /* Build configuration list for PBXAggregateTarget "DTrace" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C26CF02D0CD934260094DD9D /* Debug */, - C26CF0300CD934260094DD9D /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; - C27AD4AD0987FCF4001272E0 /* Build configuration list for PBXProject "securityd" */ = { - isa = XCConfigurationList; - buildConfigurations = ( - C27AD4AE0987FCF4001272E0 /* Debug */, - C27AD4B10987FCF4001272E0 /* Release */, - ); - defaultConfigurationIsVisible = 0; - defaultConfigurationName = Release; - }; -/* End XCConfigurationList section */ - }; - rootObject = 4CA1FEB0052A3C5800F22E42 /* Project object */; -} diff --git a/securityd/securityd_service/securityd_service.xcodeproj/project.pbxproj b/securityd/securityd_service/securityd_service.xcodeproj/project.pbxproj index f887c853..a2284527 100644 --- a/securityd/securityd_service/securityd_service.xcodeproj/project.pbxproj +++ b/securityd/securityd_service/securityd_service.xcodeproj/project.pbxproj @@ -328,7 +328,7 @@ 189D462D166AC95C001D8533 /* Project object */ = { isa = PBXProject; attributes = { - LastUpgradeCheck = 0800; + LastUpgradeCheck = 0810; ORGANIZATIONNAME = Apple; }; buildConfigurationList = 189D4630166AC95C001D8533 /* Build configuration list for PBXProject "securityd_service" */; @@ -459,17 +459,24 @@ ALWAYS_SEARCH_USER_PATHS = NO; ASSETCATALOG_COMPRESSION = lossless; CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; CODE_SIGN_IDENTITY = "-"; COPY_PHASE_STRIP = NO; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_STRICT_OBJC_MSGSEND = YES; ENABLE_TESTABILITY = YES; GCC_DYNAMIC_NO_PIC = NO; GCC_ENABLE_OBJC_EXCEPTIONS = YES; + GCC_NO_COMMON_BLOCKS = YES; GCC_OPTIMIZATION_LEVEL = 0; GCC_PREPROCESSOR_DEFINITIONS = ( "RC_BUILDIT_$(RC_BUILDIT)=1", @@ -482,7 +489,9 @@ GCC_WARN_64_TO_32_BIT_CONVERSION = YES; GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; GCC_WARN_ABOUT_RETURN_TYPE = YES; + GCC_WARN_UNDECLARED_SELECTOR = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES; + GCC_WARN_UNUSED_FUNCTION = YES; GCC_WARN_UNUSED_VARIABLE = YES; ONLY_ACTIVE_ARCH = YES; SDKROOT = macosx.internal; @@ -495,15 +504,22 @@ ALWAYS_SEARCH_USER_PATHS = NO; ASSETCATALOG_COMPRESSION = "respect-asset-catalog"; CLANG_ENABLE_OBJC_ARC = YES; + CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; CLANG_WARN_EMPTY_BODY = YES; + CLANG_WARN_ENUM_CONVERSION = YES; + CLANG_WARN_INFINITE_RECURSION = YES; CLANG_WARN_INT_CONVERSION = YES; + CLANG_WARN_SUSPICIOUS_MOVE = YES; + CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; CODE_SIGN_IDENTITY = "-"; COPY_PHASE_STRIP = YES; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + ENABLE_STRICT_OBJC_MSGSEND = YES; GCC_ENABLE_OBJC_EXCEPTIONS = YES; + GCC_NO_COMMON_BLOCKS = YES; GCC_PREPROCESSOR_DEFINITIONS = ( "RC_BUILDIT_$(RC_BUILDIT)=1", "NDEBUG=1", @@ -513,7 +529,9 @@ GCC_WARN_64_TO_32_BIT_CONVERSION = YES; GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO; GCC_WARN_ABOUT_RETURN_TYPE = YES; + GCC_WARN_UNDECLARED_SELECTOR = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES; + GCC_WARN_UNUSED_FUNCTION = YES; GCC_WARN_UNUSED_VARIABLE = YES; SDKROOT = macosx.internal; }; diff --git a/securityd/securityd_service/securityd_service/main.c b/securityd/securityd_service/securityd_service/main.c index 89f2d1d8..1382b5d9 100644 --- a/securityd/securityd_service/securityd_service/main.c +++ b/securityd/securityd_service/securityd_service/main.c @@ -1187,6 +1187,5 @@ int main(int argc, const char * argv[]) xpc_connection_resume(listener); dispatch_main(); - exit(EXIT_FAILURE); } diff --git a/securityd/src/SharedMemoryServer.cpp b/securityd/src/SharedMemoryServer.cpp index cb01af52..5c437919 100644 --- a/securityd/src/SharedMemoryServer.cpp +++ b/securityd/src/SharedMemoryServer.cpp @@ -1,3 +1,26 @@ +/* + * Copyright (c) 2016-2017 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + #include "SharedMemoryServer.h" #include #include @@ -9,49 +32,87 @@ #include #include -static const char* kPrefix = "/private/var/db/mds/messages/se_"; +/* + Logically, these should go in /var/run/mds, but we know that /var/db/mds + already exists at install time. +*/ + +std::string SharedMemoryCommon::SharedMemoryFilePath(const char *segmentName, uid_t uid) { + std::string path; + uid = SharedMemoryCommon::fixUID(uid); + path = SharedMemoryCommon::kMDSMessagesDirectory; // i.e. /private/var/db/mds/messages/ + if (uid != 0) { + path += std::to_string(uid) + "/"; // e.g. /private/var/db/mds/messages/501/ + } + + path += SharedMemoryCommon::kUserPrefix; // e.g. /var/db/mds/messages/se_ + path += segmentName; // e.g. /var/db/mds/messages/501/se_SecurityMessages + return path; +} -SharedMemoryServer::SharedMemoryServer (const char* segmentName, SegmentOffsetType segmentSize) : - mSegmentName (segmentName), mSegmentSize (segmentSize) +SharedMemoryServer::SharedMemoryServer (const char* segmentName, SegmentOffsetType segmentSize, uid_t uid, gid_t gid) : + mSegmentName (segmentName), mSegmentSize (segmentSize), mUID(SharedMemoryCommon::fixUID(uid)) { - mFileName = kPrefix; - mFileName += segmentName; - - // make the mds directory, just in case it doesn't exist - mkdir("/var/db/mds", 1777); - mkdir("/var/db/mds/messages", 0755); - - // make the file name - // clean any old file away - unlink (mFileName.c_str ()); - - // open the file + const mode_t perm1777 = S_ISVTX | S_IRWXU | S_IRWXG | S_IRWXO; + const mode_t perm0755 = S_IRWXU | (S_IRGRP | S_IXGRP) | (S_IROTH | S_IXOTH); + const mode_t perm0600 = (S_IRUSR | S_IWUSR); + + // make the mds directory, just in case it doesn't exist + if (mUID == 0) { + mkdir(SharedMemoryCommon::kMDSDirectory, perm1777); + mkdir(SharedMemoryCommon::kMDSMessagesDirectory, perm0755); + } else { + // Assume kMDSMessagesDirectory was created first by securityd + std::string uidstr = std::to_string(mUID); + std::string upath = SharedMemoryCommon::kMDSMessagesDirectory; + upath += "/" + uidstr; + mkdir(upath.c_str(), perm0755); + } + mFileName = SharedMemoryCommon::SharedMemoryFilePath(segmentName, uid); + + // make the file name + // clean any old file away + unlink(mFileName.c_str()); + + // open the file + secdebug("MDSPRIVACY","creating %s",mFileName.c_str ()); mBackingFile = open (mFileName.c_str (), O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); if (mBackingFile < 0) - { - return; - } - - // set the segment size - ftruncate (mBackingFile, segmentSize); - - // map it into memory - mSegment = (u_int8_t*) mmap (NULL, mSegmentSize, PROT_READ | PROT_WRITE, MAP_SHARED, mBackingFile, 0); - - if (mSegment == (u_int8_t*) -1) // can't map the memory? - { - mSegment = NULL; - unlink (mFileName.c_str()); - } - - mDataPtr = mDataArea = mSegment + sizeof(SegmentOffsetType); - mDataMax = mSegment + segmentSize;; - - SetProducerOffset (0); + { + secdebug("MDSPRIVACY","creation of %s failed", mFileName.c_str()); + return; + } + + int rx = chown(mFileName.c_str (), uid, gid); + if (rx) { + secdebug("MDSPRIVACY","chown of %s to %d/%d failed : %d", mFileName.c_str(), uid, gid, rx); + } + + if (mUID != 0) { + int rx = fchmod(mBackingFile, perm0600); + if (rx) { + secdebug("MDSPRIVACY","chmod of %s to %x failed : %d", mFileName.c_str(), perm0600, rx); + } + } + + // set the segment size + ftruncate (mBackingFile, segmentSize); + + // map it into memory + mSegment = (u_int8_t*) mmap (NULL, mSegmentSize, PROT_READ | PROT_WRITE, MAP_SHARED, mBackingFile, 0); + + if (mSegment == MAP_FAILED) // can't map the memory? + { + mSegment = NULL; + unlink(mFileName.c_str()); + } else { + mDataPtr = mDataArea = mSegment + sizeof(SegmentOffsetType); + mDataMax = mSegment + segmentSize;; + + SetProducerOffset (0); + } } - - SharedMemoryServer::~SharedMemoryServer () { // go away diff --git a/securityd/src/SharedMemoryServer.h b/securityd/src/SharedMemoryServer.h index d7da6462..6e6993ea 100644 --- a/securityd/src/SharedMemoryServer.h +++ b/securityd/src/SharedMemoryServer.h @@ -1,19 +1,41 @@ +/* + * Copyright (c) 2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + #ifndef __SHARED_MEMORY_SERVER__ #define __SHARED_MEMORY_SERVER__ - - -#include #include -#include +#include +#include "SharedMemoryCommon.h" class SharedMemoryServer { protected: std::string mSegmentName, mFileName; size_t mSegmentSize; - - u_int8_t* mSegment; + uid_t mUID; + + u_int8_t* mSegment; u_int8_t* mDataArea; u_int8_t* mDataPtr; u_int8_t* mDataMax; @@ -22,9 +44,10 @@ protected: void WriteOffset (SegmentOffsetType offset); void WriteData (const void* data, SegmentOffsetType length); - + + public: - SharedMemoryServer (const char* segmentName, SegmentOffsetType segmentSize); + SharedMemoryServer (const char* segmentName, SegmentOffsetType segmentSize, uid_t uid = 0, gid_t gid = 0); virtual ~SharedMemoryServer (); void WriteMessage (SegmentOffsetType domain, SegmentOffsetType event, const void *message, SegmentOffsetType messageLength); diff --git a/securityd/src/agentquery.cpp b/securityd/src/agentquery.cpp index 69f480a2..2fe7beb8 100644 --- a/securityd/src/agentquery.cpp +++ b/securityd/src/agentquery.cpp @@ -24,6 +24,9 @@ // // passphrases - canonical code to obtain passphrases // +#define __STDC_WANT_LIB_EXT1__ 1 +#include + #include "agentquery.h" #include "ccaudit_extensions.h" @@ -222,12 +225,22 @@ SecurityAgentXPCQuery::inferHints(Process &thisProcess) pid_t clientPid = thisProcess.pid(); uid_t clientUid = thisProcess.uid(); string guestPath = thisProcess.getPath(); + Boolean ignoreSession = TRUE; clientHints.insert(AuthItemRef(AGENT_HINT_CLIENT_TYPE, AuthValueOverlay(sizeof(type), &type))); clientHints.insert(AuthItemRef(AGENT_HINT_CLIENT_PATH, AuthValueOverlay(guestPath))); clientHints.insert(AuthItemRef(AGENT_HINT_CLIENT_PID, AuthValueOverlay(sizeof(clientPid), &clientPid))); clientHints.insert(AuthItemRef(AGENT_HINT_CLIENT_UID, AuthValueOverlay(sizeof(clientUid), &clientUid))); + /* + * If its loginwindow that's asking, override the loginwindow shield detection + * up front so that it can trigger SecurityAgent dialogs (like password change) + * for when the OD password and keychain password is out of sync. + */ + + if (guestPath == "/System/Library/CoreServices/loginwindow.app") { + clientHints.insert(AuthItemRef(AGENT_HINT_IGNORE_SESSION, AuthValueOverlay(sizeof(ignoreSession), &ignoreSession))); + } mClientHints.insert(clientHints.begin(), clientHints.end()); @@ -486,7 +499,7 @@ QueryKeychainUse::QueryKeychainUse(bool needPass, const Database *db) Reason QueryKeychainUse::queryUser (const char *database, const char *description, AclAuthorization action) { Reason reason = SecurityAgent::noReason; - int retryCount = 0; + uint32_t retryCount = 0; OSStatus status; AuthItemSet hints, context; diff --git a/securityd/src/agentquery.h b/securityd/src/agentquery.h index 0e851694..b059a5ed 100644 --- a/securityd/src/agentquery.h +++ b/securityd/src/agentquery.h @@ -41,7 +41,7 @@ using Authorization::AuthItemSet; using Authorization::AuthValueVector; using Security::OSXCode; -const uint64_t kMaximumAuthorizationTries = 10000; +#define kMaximumAuthorizationTries (10000) // // base for classes talking to com.apple.security.agent and com.apple.security.authhost diff --git a/securityd/src/clientid.cpp b/securityd/src/clientid.cpp index ca8f1d57..c3da505f 100644 --- a/securityd/src/clientid.cpp +++ b/securityd/src/clientid.cpp @@ -269,7 +269,7 @@ OSStatus ClientIdentification::checkValidity(SecCSFlags flags, return SecCodeCheckValidityWithErrors(currentGuest(), flags, requirement, NULL); } -const bool ClientIdentification::checkAppleSigned() const +bool ClientIdentification::checkAppleSigned() const { // This is the clownfish supported way to check for a Mac App Store or B&I signed build static CFStringRef const requirementString = CFSTR("(anchor apple) or (anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.9])"); diff --git a/securityd/src/clientid.h b/securityd/src/clientid.h index 21d4562a..70c9ea22 100644 --- a/securityd/src/clientid.h +++ b/securityd/src/clientid.h @@ -49,7 +49,7 @@ public: const CssmData getHash() const; OSStatus checkValidity(SecCSFlags flags, SecRequirementRef requirement) const; OSStatus copySigningInfo(SecCSFlags flags, CFDictionaryRef *info) const; - const bool checkAppleSigned() const; + bool checkAppleSigned() const; bool hasEntitlement(const char *name) const; protected: diff --git a/securityd/src/credential.h b/securityd/src/credential.h index 48004763..caffa9f6 100644 --- a/securityd/src/credential.h +++ b/securityd/src/credential.h @@ -62,10 +62,10 @@ public: void invalidate(); // We could make Rule a friend but instead we just expose this for now - inline const uid_t uid() const { return mUid; } + inline uid_t uid() const { return mUid; } inline const string& name() const { return mName; } inline const string& realname() const { return mRealName; } - inline const bool isRight() const { return mRight; } + inline bool isRight() const { return mRight; } private: bool mShared; // credential is shared diff --git a/securityd/src/entropy.cpp b/securityd/src/entropy.cpp deleted file mode 100644 index 3e962e58..00000000 --- a/securityd/src/entropy.cpp +++ /dev/null @@ -1,222 +0,0 @@ -/* - * Copyright (c) 2000-2004,2007-2008,2010,2012-2013 Apple Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - - -// -// EntropyManager - manage entropy on the system. -// -// Here is our mission: -// (1) On startup, read the entropy file and seed it into the RNG for initial use -// (2) Periodically, collect entropy from the system and seed it into the RNG -// (3) Once in a while, take entropy from the RNG and write it to the entropy file -// for use across reboots. -// -// This class will fail to operate if the process has (and retains) root privileges. -// We re-open the entropy file on each use so that we don't work with a "phantom" -// file that some fool administrator removed yesterday. -// -#include "entropy.h" -#include "dtrace.h" -#include -#include -#include -#include -#include -#include -#include -#include - -/* when true, action() called every 15 seconds */ -#define ENTROPY_QUICK_UPDATE 0 -#if ENTROPY_QUICK_UPDATE -#define COLLECT_INTERVAL 15 -#else -#define COLLECT_INTERVAL collectInterval -#endif //ENTROPY_QUICK_UPDATE - -using namespace UnixPlusPlus; - - -// -// During construction, we perform initial entropy file recovery. -// -EntropyManager::EntropyManager(MachPlusPlus::MachServer &srv, const char *entropyFile) - : DevRandomGenerator(true), server(srv), - mEntropyFilePath(entropyFile), mNextUpdate(Time::now()) -{ - // Read the entropy file and seed the RNG. It is not an error if we can't find one. - try { - AutoFileDesc oldEntropyFile(entropyFile, O_RDONLY); - char buffer[entropyFileSize]; - if (size_t size = oldEntropyFile.read(buffer)) - addEntropy(buffer, size); - } catch (...) { } - - // go through a collect/update/reschedule cycle immediately - action(); -} - - -// -// Timer action -// -void EntropyManager::action() -{ - collectEntropy(); - updateEntropyFile(); - - server.setTimer(this, Time::Interval(COLLECT_INTERVAL)); // drifting reschedule (desired) -} - - -static const double kBytesOfEntropyToCollect = 240; -// that gives us a minimum of 2.16 * 10^609 possible combinations. It's a finite number to be sure... - -static const int kExpectedLoops = 10; - -// Calculate the amount of entropy in the buffer (per Shannon's Entropy Calculation) -static double CalculateEntropy(const void* buffer, size_t bufferSize) -{ - double sizef = bufferSize; - const u_int8_t* charBuffer = (const u_int8_t*) buffer; - - // zero the tabulation array - int counts[256]; - memset(counts, 0, sizeof(counts)); - - // tabulate the occurances of each byte in the array - size_t i; - for (i = 0; i < bufferSize; ++i) - { - counts[charBuffer[i]] += 1; - } - - // calculate the number of bits/byte of entropy - double entropy = 0.0; - - for (i = 0; i < 256; ++i) - { - if (counts[i] > 0) - { - double p = ((double) counts[i]) / sizef; - double term = p * -log2(p); - entropy += term; - } - } - - double entropicBytes = bufferSize * entropy / 8.0; - - return entropicBytes; -} - - - -// -// Collect system timings and seed into the RNG. -// Note that the sysctl will block until the buffer is full or the timeout expires. -// We currently use a 1ms timeout, which almost always fills the buffer and -// does not provide enough of a delay to worry about it. If we ever get worried, -// we could call longTermActivity on the server object to get another thread going. -// - -void EntropyManager::collectEntropy() -{ - secinfo("SS", "Collecting entropy"); - - int mib[4]; - mib[0] = CTL_KERN; - mib[1] = KERN_KDEBUG; - mib[2] = KERN_KDGETENTROPY; - mib[3] = 1; // milliseconds maximum delay - - mach_timespec_t buffer[timingsToCollect]; - - int result; - - double bytesRemaining = kBytesOfEntropyToCollect; - - int loopCount = 0; - - while (bytesRemaining >= 0) - { - size_t size = sizeof(mach_timespec_t) * timingsToCollect; - - result = sysctl(mib,4, buffer, &size, NULL, 0); - if (result == -1) { - Syslog::alert("entropy measurement returned no entropy (errno=%d)", errno); - sleep(1); - } - else if (size == 0) - { - Syslog::alert("entropy measurement returned no entropy."); - sleep(1); - } - - // remove the non-entropic pieces from the buffer - u_int16_t nonEnt[timingsToCollect]; - - // treat the received buffer as an array of u_int16 and only take the first two bytes of each - u_int16_t *rawEnt = (u_int16_t*) buffer; - - int i; - for (i = 0; i < timingsToCollect; ++i) - { - nonEnt[i] = *rawEnt; - rawEnt += 4; - } - - addEntropy(nonEnt, sizeof(nonEnt)); - - double entropyRead = CalculateEntropy(nonEnt, sizeof(nonEnt)); - bytesRemaining -= entropyRead; - - loopCount += 1; - } - - if (loopCount > kExpectedLoops) - { - Syslog::alert("Entropy collection fulfillment took %d loops", loopCount); - } -} - - -// -// (Re)write the entropy file with random data pulled from the RNG -// -void EntropyManager::updateEntropyFile() -{ - if (Time::now() >= mNextUpdate) { - try { - mNextUpdate = Time::now() + Time::Interval(updateInterval); - secinfo("entropy", "updating %s", mEntropyFilePath.c_str()); - char buffer[entropyFileSize]; - random(buffer, entropyFileSize); - AutoFileDesc entropyFile(mEntropyFilePath.c_str(), O_WRONLY | O_TRUNC | O_CREAT, 0600); - if (entropyFile.write(buffer) != entropyFileSize) - Syslog::warning("short write on entropy file %s", mEntropyFilePath.c_str()); - } catch (...) { - Syslog::warning("error writing entropy file %s", mEntropyFilePath.c_str()); - } - } -} - diff --git a/securityd/src/entropy.h b/securityd/src/entropy.h deleted file mode 100644 index 3f8e0a16..00000000 --- a/securityd/src/entropy.h +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (c) 2000-2004,2006 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - - -// -// entropy - periodical to collect and seed entropy into /dev/random -// -#ifndef _H_ENTROPY -#define _H_ENTROPY - -#include -#include -#include - -using namespace Security; -using MachPlusPlus::MachServer; - - -// -// A (one-off) timer object that manages system entropy -// -class EntropyManager : public MachServer::Timer, private DevRandomGenerator { - // all the parameters you ever (should) want to change :-) - static const int collectInterval = 600; // collect every 10 minutes - static const int updateInterval = 3600 * 6; // update file every 6 hours - static const int timingsToCollect = 40; // how many timings? - -public: - EntropyManager(MachPlusPlus::MachServer &srv, const char *entropyFile); - - void action(); - - MachPlusPlus::MachServer &server; // to which we do setTimer() - -private: - string mEntropyFilePath; // absolute path to entropy file - Time::Absolute mNextUpdate; // next time for entropy file update - - void collectEntropy(); // collect system timings and seed RNG - void updateEntropyFile(); // update entropy file from RNG if it's time - - static const size_t entropyFileSize = 20; // bytes (effectively one SHA-1 worth) -}; - -#endif //_H_ENTROPY diff --git a/securityd/src/main.cpp b/securityd/src/main.cpp index cb4ac243..bc07d918 100644 --- a/securityd/src/main.cpp +++ b/securityd/src/main.cpp @@ -28,7 +28,6 @@ #include #include "server.h" -#include "entropy.h" #include "session.h" #include "notifications.h" #include "pcscmonitor.h" @@ -87,7 +86,7 @@ int main(int argc, char *argv[]) // program arguments (preset to defaults) bool debugMode = false; const char *bootstrapName = NULL; - const char* messagingName = SECURITY_MESSAGES_NAME; + const char* messagingName = SharedMemoryCommon::kDefaultSecurityMessagesName; bool doFork = false; bool reExecute = false; int workerTimeout = 0; @@ -95,7 +94,6 @@ int main(int argc, char *argv[]) bool waitForClients = true; bool mdsIsInstalled = false; const char *tokenCacheDir = "/var/db/TokenCache"; - const char *entropyFile = "/var/db/SystemEntropyCache"; const char *smartCardOptions = getenv("SMARTCARDS"); uint32_t keychainAclDefault = CSSM_ACL_KEYCHAIN_PROMPT_INVALID | CSSM_ACL_KEYCHAIN_PROMPT_UNSIGNED; unsigned int verbose = 0; @@ -119,7 +117,7 @@ int main(int argc, char *argv[]) debugMode = true; break; case 'E': - entropyFile = optarg; + /* was entropyFile, kept to preserve ABI */ break; case 'i': keychainAclDefault &= ~CSSM_ACL_KEYCHAIN_PROMPT_INVALID; @@ -254,13 +252,6 @@ int main(int argc, char *argv[]) server.waitForClients(waitForClients); server.verbosity(verbose); - // add the RNG seed timer -# if defined(NDEBUG) - EntropyManager entropy(server, entropyFile); -# else - if (getuid() == 0) new EntropyManager(server, entropyFile); -# endif - // create a smartcard monitor to manage external token devices gPCSC = new PCSCMonitor(server, tokenCacheDir, scOptions(smartCardOptions)); @@ -275,8 +266,10 @@ int main(int argc, char *argv[]) server.loadCssm(mdsIsInstalled); // create the shared memory notification hub +#ifndef __clang_analyzer__ new SharedMemoryListener(messagingName, kSharedMemoryPoolSize); - +#endif // __clang_analyzer__ + // okay, we're ready to roll secnotice("SS", "Entering service as %s", (char*)bootstrapName); Syslog::notice("Entering service"); diff --git a/securityd/src/notifications.cpp b/securityd/src/notifications.cpp index 7c048134..26440052 100644 --- a/securityd/src/notifications.cpp +++ b/securityd/src/notifications.cpp @@ -26,13 +26,19 @@ // notifications - handling of securityd-gated notification messages // #include +#include #include "notifications.h" #include "server.h" #include "connection.h" +#include "dictionary.h" +#include "SharedMemoryClient.h" + #include #include +#include +#include Listener::ListenerMap& Listener::listeners = *(new Listener::ListenerMap); Mutex Listener::setLock(Mutex::recursive); @@ -72,12 +78,18 @@ void Listener::notify(NotificationDomain domain, } void Listener::notify(NotificationDomain domain, - NotificationEvent event, uint32 sequence, const CssmData &data) + NotificationEvent event, uint32 sequence, const CssmData &data, audit_token_t auditToken) { Connection ¤t = Server::active().connection(); RefPointer message = new Notification(domain, event, sequence, data); if (current.inSequence(message)) { StLock _(setLock); + + // This is a total layer violation, but no better place to put it + uid_t uid = audit_token_to_euid(auditToken); + gid_t gid = audit_token_to_egid(auditToken); + SharedMemoryListener::createDefaultSharedMemoryListener(uid, gid); + sendNotification(message); while (RefPointer next = current.popNotification()) sendNotification(next); @@ -86,10 +98,13 @@ void Listener::notify(NotificationDomain domain, void Listener::sendNotification(Notification *message) { + secdebug("MDSPRIVACY","Listener::sendNotification for uid/euid: %d/%d", getuid(), geteuid()); + for (ListenerMap::const_iterator it = listeners.begin(); it != listeners.end(); it++) { Listener *listener = it->second; - if (listener->domain == kNotificationDomainAll || (message->domain == listener->domain && listener->wants(message->event))) + if (listener->domain == kNotificationDomainAll || + (message->domain == listener->domain && listener->wants(message->event))) listener->notifyMe(message); } } @@ -138,6 +153,10 @@ Listener::Notification::~Notification() this, domain, event, sequence); } +std::string Listener::Notification::description() const { + return SharedMemoryCommon::notificationDescription(domain, event) + + ", Seq: " + std::to_string(sequence) + ", Data: " + std::to_string(this->size()); +} // // Jitter buffering @@ -168,14 +187,23 @@ RefPointer Listener::JitterBuffer::popNotification() } } +bool Listener::testPredicate(const std::function test) { + StLock _(setLock); + for (ListenerMap::const_iterator it = listeners.begin(); it != listeners.end(); it++) { + if (test(*(it->second))) + return true; + } + return false; +} + /* * Shared memory listener */ -SharedMemoryListener::SharedMemoryListener(const char* segmentName, SegmentOffsetType segmentSize) : +SharedMemoryListener::SharedMemoryListener(const char* segmentName, SegmentOffsetType segmentSize, uid_t uid, gid_t gid) : Listener (kNotificationDomainAll, kNotificationAllEvents), - SharedMemoryServer (segmentName, segmentSize), + SharedMemoryServer (segmentName, segmentSize, uid, gid), mActive (false) { if (segmentName == NULL) @@ -189,27 +217,185 @@ SharedMemoryListener::~SharedMemoryListener () { } +// Look for a listener for a given user ID +bool SharedMemoryListener::findUID(uid_t uid) { + return Listener::testPredicate([uid](const Listener& listener) -> bool { + try { + // There may be elements in the map that are not SharedMemoryListeners + const SharedMemoryListener& smlListener = dynamic_cast(listener); + if (smlListener.mUID == uid) + return true; + } + catch (...) { + return false; + } + return false; + } + ); + return false; +} + +void SharedMemoryListener::createDefaultSharedMemoryListener(uid_t uid, gid_t gid) { + uid_t fuid = SharedMemoryCommon::fixUID(uid); + if (fuid != 0) { // already created when securityd started up + if (!SharedMemoryListener::findUID(fuid)) { + secdebug("MDSPRIVACY","creating SharedMemoryListener for uid/gid: %d/%d", fuid, gid); + // A side effect of creation of a SharedMemoryListener is addition to the ListenerMap +#ifndef __clang_analyzer__ + /* __unused auto sml = */ new SharedMemoryListener(SharedMemoryCommon::kDefaultSecurityMessagesName, kSharedMemoryPoolSize, uid, gid); +#endif // __clang_analyzer__ + } + } +} + +// Simpler local version of PrimaryKeyImpl::getUInt32 +uint32 SharedMemoryListener::getRecordType(const CssmData& val) const { + if (val.Length < sizeof(uint32)) + return 0; // Not really but good enough for here + + const uint8 *pv = val.Data; + // @@@ Assumes data written in big endian. + uint32 value = (pv[0] << 24) + (pv[1] << 16) + (pv[2] << 8) + pv[3]; + return value; +} + +bool SharedMemoryListener::isTrustEvent(Notification *notification) { + bool trustEvent = false; + + switch (notification->event) { + case kSecDefaultChangedEvent: + case kSecKeychainListChangedEvent: + case kSecTrustSettingsChangedEvent: + trustEvent = true; + break; + case kSecAddEvent: + case kSecDeleteEvent: + case kSecUpdateEvent: + { + NameValueDictionary dictionary (notification->data); + const NameValuePair *item = dictionary.FindByName(ITEM_KEY); + if (item && (CSSM_DB_RECORDTYPE)getRecordType(item->Value()) == CSSM_DL_DB_RECORD_X509_CERTIFICATE) { + trustEvent = true; + } + } + break; + default: + break; + } + + if (trustEvent) { + uint32_t result = notify_post(kSecServerCertificateTrustNotification); + if (result != NOTIFY_STATUS_OK) { + secdebug("MDSPRIVACY","Certificate trust event notification failed: %d", result); + } + } + + secdebug("MDSPRIVACY","[%03d] Event is %s trust event", mUID, trustEvent?"a":"not a"); + return trustEvent; +} + +bool SharedMemoryListener::needsPrivacyFilter(Notification *notification) { + if (notification->domain == kNotificationDomainPCSC || notification->domain == kNotificationDomainCDSA) + return false; + + // kNotificationDomainDatabase = 1, // something happened to a database (aka keychain) + switch (notification->event) { + case kSecLockEvent: // kNotificationEventLocked + case kSecUnlockEvent: // kNotificationEventUnlocked + case kSecPasswordChangedEvent: // kNotificationEventPassphraseChanged + case kSecDefaultChangedEvent: + case kSecDataAccessEvent: + case kSecKeychainListChangedEvent: + case kSecTrustSettingsChangedEvent: + return false; + case kSecAddEvent: + case kSecDeleteEvent: + case kSecUpdateEvent: + break; + } + + secdebug("MDSPRIVACY","[%03d] Evaluating event %s", mUID, notification->description().c_str()); + + NameValueDictionary dictionary (notification->data); + const NameValuePair *item = dictionary.FindByName(ITEM_KEY); + + // If we don't have an item, there is nothing to filter + if (!item) { + secdebug("MDSPRIVACY","[%03d] Item event did not contain an item", mUID); + return false; + } + + pid_t thisPid = 0; + const NameValuePair *pidRef = dictionary.FindByName(PID_KEY); + if (pidRef != 0) { + thisPid = n2h(*reinterpret_cast(pidRef->Value().data())); + } + + uid_t out_euid = 0; + int rx = SharedMemoryListener::get_process_euid(thisPid, out_euid); + if (rx != 0) { + secdebug("MDSPRIVACY","[%03d] get_process_euid failed (rx=%d), filtering out item", mUID, rx); + return true; + } + + if (out_euid == mUID) { + return false; // Listener owns this item, so no filtering + } + + // Allow processes running as root to pass through certificates + if (out_euid == 0) { + CSSM_DB_RECORDTYPE recordType = getRecordType(item->Value()); + if (recordType == CSSM_DL_DB_RECORD_X509_CERTIFICATE) { + return false; + } + } + + secdebug("MDSPRIVACY","[%03d] Filtering event %s", mUID, notification->description().c_str()); + return true; +} + const double kServerWait = 0.005; // time in seconds before clients will be notified that data is available void SharedMemoryListener::notifyMe(Notification* notification) { - const void* data = notification->data.data(); - size_t length = notification->data.length(); + const void* data = notification->data.data(); + size_t length = notification->data.length(); /* enforce a maximum size of 16k for notifications */ if (length > 16384) return; + isTrustEvent(notification); + if (needsPrivacyFilter(notification)) { + return; // just drop it + } + + secdebug("MDSPRIVACY","[%03d] WriteMessage event %s", mUID, notification->description().c_str()); + WriteMessage (notification->domain, notification->event, data, int_cast(length)); - if (!mActive) - { - Server::active().setTimer (this, Time::Interval(kServerWait)); - mActive = true; - } + if (!mActive) + { + Server::active().setTimer (this, Time::Interval(kServerWait)); + mActive = true; + } } void SharedMemoryListener::action () { secinfo("notify", "Posted notification to clients."); + secdebug("MDSPRIVACY","[%03d] Posted notification to clients", mUID); notify_post (mSegmentName.c_str ()); mActive = false; } + +int SharedMemoryListener::get_process_euid(pid_t pid, uid_t& out_euid) { + struct kinfo_proc proc_info = {}; + int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_PID, pid}; + size_t len = sizeof(struct kinfo_proc); + int ret = sysctl(mib, (sizeof(mib)/sizeof(int)), &proc_info, &len, NULL, 0); + + out_euid = -1; + if (ret == 0) { + out_euid = proc_info.kp_eproc.e_ucred.cr_uid; + } + return ret; +} diff --git a/securityd/src/notifications.h b/securityd/src/notifications.h index 1d13a322..fc362d75 100644 --- a/securityd/src/notifications.h +++ b/securityd/src/notifications.h @@ -32,6 +32,7 @@ #include #include #include +#include "SharedMemoryCommon.h" #include #include @@ -72,7 +73,7 @@ public: static void notify(NotificationDomain domain, NotificationEvent event, const CssmData &data); static void notify(NotificationDomain domain, - NotificationEvent event, uint32 sequence, const CssmData &data); + NotificationEvent event, uint32 sequence, const CssmData &data, audit_token_t auditToken); static bool remove(Port port); const NotificationDomain domain; @@ -92,13 +93,16 @@ protected: const NotificationEvent event; const uint32 sequence; const CssmAutoData data; - + + std::string description() const; size_t size() const { return data.length(); } //@@@ add "slop" here for heuristic? }; virtual void notifyMe(Notification *message) = 0; - + + static bool testPredicate(const std::function test); + public: class JitterBuffer { public: @@ -130,11 +134,20 @@ protected: virtual void action (); virtual void notifyMe(Notification *message); + static bool findUID(uid_t uid); + static int get_process_euid(pid_t pid, uid_t& out_euid); + + bool needsPrivacyFilter(Notification *notification); + bool isTrustEvent(Notification *notification); + uint32 getRecordType(const CssmData& val) const; + bool mActive; public: - SharedMemoryListener (const char* serverName, u_int32_t serverSize); + SharedMemoryListener (const char* serverName, u_int32_t serverSize, uid_t uid = 0, gid_t gid = 0); virtual ~SharedMemoryListener (); + + static void createDefaultSharedMemoryListener(uid_t uid, gid_t gid); }; #endif diff --git a/securityd/src/securityd.exp b/securityd/src/securityd.exp deleted file mode 100644 index e69de29b..00000000 diff --git a/securityd/src/session.cpp b/securityd/src/session.cpp index 788a3277..da54bbe0 100644 --- a/securityd/src/session.cpp +++ b/securityd/src/session.cpp @@ -101,7 +101,7 @@ Server &Session::server() const // Session &Session::find(pid_t id, bool create) { - if (id == callerSecuritySession) + if (id == (pid_t)callerSecuritySession) return Server::session(); StLock _(mSessionLock); SessionMap::iterator it = mSessions.find(id); diff --git a/securityd/src/transition.cpp b/securityd/src/transition.cpp index 11dcc365..8d8e31ed 100644 --- a/securityd/src/transition.cpp +++ b/securityd/src/transition.cpp @@ -1315,7 +1315,7 @@ kern_return_t ucsp_server_postNotification(UCSP_ARGS, uint32 domain, uint32 even DATA_IN(data), uint32 sequence) { BEGIN_IPC(postNotification) - Listener::notify(domain, event, sequence, DATA(data)); + Listener::notify(domain, event, sequence, DATA(data), auditToken); END_IPC(CSSM) } diff --git a/sslViewer/SSLViewer.c b/sslViewer/SSLViewer.c index ad71321a..ca155921 100644 --- a/sslViewer/SSLViewer.c +++ b/sslViewer/SSLViewer.c @@ -32,6 +32,7 @@ #define DEFAULT_HOST "www.amazon.com" #define DEFAULT_PORT 443 +static const int _maxFileStringSize = 100; static void usageNorm(char **argv) { @@ -57,7 +58,7 @@ static void usageNorm(char **argv) " [23t]\n"); printf(" k=keychain Contains cert and keys. Optional.\n"); printf(" l=loopCount Perform loopCount ops (default = 1)\n"); - printf(" P=port Default = %d\n", DEFAULT_PORT); + printf(" P=port Default = %d\n", DEFAULT_PORT); printf(" p Pause after each loop\n"); printf(" q Quiet/diagnostic mode (site names and errors only)\n"); printf(" a fileName Add fileName to list of trusted roots\n"); @@ -111,7 +112,7 @@ static void usage(char **argv) exit(1); } -/* +/* * Arguments to top-level sslPing() */ typedef struct { @@ -123,18 +124,18 @@ typedef struct { const char *vfyHostName; // use this for cert vfy if non-NULL, // else use hostName unsigned short port; - const char *getMsg; // e.g., - // "GET / HTTP/1.0\r\n\r\n" + const char *getMsg; // e.g., + // "GET / HTTP/1.0\r\n\r\n" bool allowExpired; bool allowAnyRoot; bool allowExpiredRoot; bool disableCertVerify; bool manualCertVerify; bool dumpRxData; // display server data - char cipherRestrict; // '2', 'd'. etc...; '\0' for + char cipherRestrict; // '2', 'd'. etc...; '\0' for // no restriction bool keepConnected; - bool requireNotify; // require closure notify + bool requireNotify; // require closure notify // in V3 mode bool resumableEnable; bool allowHostnameSpoof; @@ -167,7 +168,7 @@ typedef struct { static void sigpipe(int sig) -{ +{ fflush(stdin); printf("***SIGPIPE***\n"); } @@ -191,7 +192,7 @@ static OSStatus sslEvaluateTrust( return ortn; } if(secTrust == NULL) { - /* this is the normal case for resumed sessions, in which + /* this is the normal case for resumed sessions, in which * no cert evaluation is performed */ if(!pargs->silent) { printf("...No SecTrust available - this is a resumed session, right?\n"); @@ -213,9 +214,9 @@ static OSStatus sslEvaluateTrust( if(pargs->verbose) { const char *res = NULL; switch(secTrustResult) { - case kSecTrustResultInvalid: + case kSecTrustResultInvalid: res = "kSecTrustResultInvalid"; break; - case kSecTrustResultProceed: + case kSecTrustResultProceed: res = "kSecTrustResultProceed"; break; #pragma clang diagnostic push #pragma clang diagnostic ignored "-Wdeprecated-declarations" @@ -224,20 +225,20 @@ static OSStatus sslEvaluateTrust( res = "kSecTrustResultConfirm"; break; case kSecTrustResultDeny: res = "kSecTrustResultDeny"; break; - case kSecTrustResultUnspecified: + case kSecTrustResultUnspecified: res = "kSecTrustResultUnspecified"; break; - case kSecTrustResultRecoverableTrustFailure: + case kSecTrustResultRecoverableTrustFailure: res = "kSecTrustResultRecoverableTrustFailure"; break; - case kSecTrustResultFatalTrustFailure: + case kSecTrustResultFatalTrustFailure: res = "kSecTrustResultFatalTrustFailure"; break; - case kSecTrustResultOtherError: + case kSecTrustResultOtherError: res = "kSecTrustResultOtherError"; break; default: res = "UNKNOWN"; break; } printf("\nSecTrustEvaluate(): secTrustResult %s\n", res); } - + switch(secTrustResult) { case kSecTrustResultUnspecified: /* cert chain valid, no special UserTrust assignments */ @@ -245,7 +246,7 @@ static OSStatus sslEvaluateTrust( /* cert chain valid AND user explicitly trusts this */ break; default: - printf("\n***SecTrustEvaluate reported secTrustResult %d\n", + printf("\n***SecTrustEvaluate reported secTrustResult %d\n", (int)secTrustResult); ortn = errSSLXCertChainInvalid; break; @@ -253,37 +254,18 @@ static OSStatus sslEvaluateTrust( *peerCerts = NULL; -#ifdef USE_CDSA_CRYPTO - /* one more thing - get peer certs in the form of an evidence chain */ - CSSM_TP_APPLE_EVIDENCE_INFO *dummyEv; - OSStatus thisRtn = SecTrustGetResult(secTrust, &secTrustResult, - peerCerts, &dummyEv); - if(thisRtn) { - printSslErrStr("SecTrustGetResult", thisRtn); - } - else { - /* workaround for the fact that SSLGetPeerCertificates() - * leaves a retain count on each element in the returned array, - * requiring us to do a release on each cert. - */ - CFIndex numCerts = CFArrayGetCount(*peerCerts); - for(CFIndex dex=0; dexnegVersion = kSSLProtocolUnknown; pargs->negCipher = SSL_NULL_WITH_NULL_NULL; pargs->peerCerts = NULL; - + /* first make sure requested server is there */ ortn = MakeServerConnection(pargs->hostName, pargs->port, pargs->nonBlocking, &sock, &peerId); @@ -357,8 +339,8 @@ static OSStatus sslPing( if(pargs->verbose) { printf("...connected to server; starting SecureTransport\n"); } - - /* + + /* * Set up a SecureTransport session. * First the standard calls. */ @@ -366,12 +348,12 @@ static OSStatus sslPing( if(ctx == NULL) { printf("SSLCreateContext\n"); goto cleanup; - } + } ortn = SSLSetIOFuncs(ctx, SocketRead, SocketWrite); if(ortn) { printSslErrStr("SSLSetIOFuncs", ortn); goto cleanup; - } + } ortn = SSLSetConnection(ctx, (SSLConnectionRef)(intptr_t)sock); if(ortn) { printSslErrStr("SSLSetConnection", ortn); @@ -386,7 +368,7 @@ static OSStatus sslPing( if(getConn != (SSLConnectionRef)(intptr_t)sock) { printf("***SSLGetConnection error\n"); ortn = errSecParam; - goto cleanup; + goto cleanup; } if(!pargs->allowHostnameSpoof) { /* if this isn't set, it isn't checked by AppleX509TP */ @@ -401,10 +383,10 @@ static OSStatus sslPing( goto cleanup; } } - - /* + + /* * SecureTransport options. - */ + */ if(pargs->acceptedProts) { ortn = SSLSetProtocolVersionEnabled(ctx, kSSLProtocolAll, false); if(ortn) { @@ -438,7 +420,7 @@ static OSStatus sslPing( if(ortn) { printSslErrStr("SSLSetProtocolVersion", ortn); goto cleanup; - } + } SSLProtocol getVers; ortn = SSLGetProtocolVersion(ctx, &getVers); if(ortn) { @@ -456,7 +438,7 @@ static OSStatus sslPing( if(pargs->resumableEnable) { const void *rtnId = NULL; size_t rtnIdLen = 0; - + ortn = SSLSetPeerID(ctx, &peerId, sizeof(PeerSpec)); if(ortn) { printSslErrStr("SSLSetPeerID", ortn); @@ -558,16 +540,16 @@ static OSStatus sslPing( } /*** end options ***/ - + if(pargs->verbose) { printf("...starting SSL handshake\n"); } startHandshake = CFAbsoluteTimeGetCurrent(); - + do { ortn = SSLHandshake(ctx); if((ortn == errSSLWouldBlock) && !pargs->silent) { - /* keep UI responsive */ + /* keep UI responsive */ sslOutputDot(); } } while (ortn == errSSLWouldBlock); @@ -583,7 +565,7 @@ static OSStatus sslPing( pargs->handshakeTimeTotal += pargs->handshakeTimeOp; } pargs->numHandshakes++; - + ortn = SSLCopyPeerTrust(ctx, &pargs->peerTrust); if(ortn) { printf("***SSLCopyPeerTrust error %" PRIdOSStatus "\n", ortn); @@ -595,10 +577,8 @@ static OSStatus sslPing( SSLGetNegotiatedCipher(ctx, &pargs->negCipher); SSLGetNegotiatedProtocolVersion(ctx, &pargs->negVersion); pargs->sessionIDLength = MAX_SESSION_ID_LENGTH; - SSLGetResumableSessionInfo(ctx, &pargs->sessionWasResumed, pargs->sessionID, - &pargs->sessionIDLength); - - { + ortn = SSLGetResumableSessionInfo(ctx, &pargs->sessionWasResumed, pargs->sessionID, &pargs->sessionIDLength); + if(!ortn) { OSStatus certRtn = sslEvaluateTrust(ctx, pargs, &pargs->peerCerts); if (certRtn && !pargs->manualCertVerify) { @@ -610,7 +590,7 @@ static OSStatus sslPing( ortn = certRtn; } } - + if(ortn) { if(!pargs->silent) { printf("\n"); @@ -624,15 +604,15 @@ static OSStatus sslPing( length = strlen(pargs->getMsg); (void) SSLWrite(ctx, pargs->getMsg, length, &actLen); - /* + /* * Try to snag RCV_BUF_SIZE bytes. Exit if (!keepConnected and we get any data * at all), or (keepConnected and err != (none, wouldBlock)). */ - while (1) { + while (1) { actLen = 0; if(pargs->dumpRxData) { size_t avail = 0; - + ortn = SSLGetBufferedReadSize(ctx, &avail); if(ortn) { printf("***SSLGetBufferedReadSize error\n"); @@ -673,7 +653,7 @@ static OSStatus sslPing( SSLGetClientCertificateState(ctx, &pargs->certState); SSLGetNegotiatedCipher(ctx, &pargs->negCipher); SSLGetNegotiatedProtocolVersion(ctx, &pargs->negVersion); - + /* convert normal "shutdown" into zero err rtn */ if(ortn == errSSLClosedGraceful) { ortn = errSecSuccess; @@ -684,7 +664,7 @@ static OSStatus sslPing( } cleanup: ; /* - * always do close, even on error - to flush outgoing write queue + * always do close, even on error - to flush outgoing write queue */ OSStatus cerr = SSLClose(ctx); if(ortn == errSecSuccess) { @@ -695,7 +675,7 @@ cleanup: ; } if(ctx) { CFRelease(ctx); - } + } return ortn; } @@ -825,7 +805,7 @@ static void showPeerCerts( CFIndex numCerts; SecCertificateRef certRef; CFIndex i; - + if(peerCerts == NULL) { return; } @@ -846,14 +826,14 @@ static void writePeerCerts( CFIndex numCerts; SecCertificateRef certRef; CFIndex i; - char fileName[100]; - + char fileName[_maxFileStringSize]; + if(peerCerts == NULL) { return; } numCerts = CFArrayGetCount(peerCerts); for(i=0; iacceptedProts) { printf(" Allowed SSL versions : %s\n", pargs->acceptedProts); } else { - printf(" Attempted SSL version : %s\n", + printf(" Attempted SSL version : %s\n", sslGetProtocolVersionString(pargs->tryVersion)); } - + printf(" Result : %s\n", sslGetSSLErrString(err)); - printf(" Negotiated SSL version : %s\n", + printf(" Negotiated SSL version : %s\n", sslGetProtocolVersionString(pargs->negVersion)); printf(" Negotiated CipherSuite : %s\n", sslGetCipherSuiteString(pargs->negCipher)); @@ -941,7 +921,7 @@ static void showSSLResult( writePeerCerts(pargs->peerCerts, fileBase); } } - + printf("\n"); } @@ -1000,17 +980,15 @@ static SSLProtocol charToProt( default: usage(argv); } - /* NOT REACHED */ - return kSSLProtocolUnknown; } int main(int argc, char **argv) -{ +{ OSStatus err; int arg; char *argp; char getMsg[300]; - char fullFileBase[100]; + char fullFileBase[_maxFileStringSize]; int ourRtn = 0; // exit status - sum of all errors unsigned loop; SecKeychainRef serverKc = nil; @@ -1050,14 +1028,14 @@ int main(int argc, char **argv) usageVerbose(argv); } } - + /* set up defaults */ memset(&pargs, 0, sizeof(sslPingArgs)); pargs.hostName = DEFAULT_HOST; pargs.port = DEFAULT_PORT; pargs.resumableEnable = true; pargs.argv = argv; - + for(arg=1; arg 1) ? "errors" : "error", pargs.hostName); } return ourRtn; } - - diff --git a/sslViewer/ioSock.c b/sslViewer/ioSock.c index 109c00ce..9933a8e1 100644 --- a/sslViewer/ioSock.c +++ b/sslViewer/ioSock.c @@ -146,7 +146,7 @@ OSStatus MakeServerConnection( PeerSpec *peer) // RETURNED { struct sockaddr_in addr; - struct hostent *ent; + struct hostent *ent = NULL; struct in_addr host; int sock = 0; @@ -271,8 +271,6 @@ OSStatus ListenForClients( } return rtn; } - /* NOT REACHED */ - return 0; } /* diff --git a/sslViewer/sslAppUtils.h b/sslViewer/sslAppUtils.h index 36ae1e1a..0bb8a85b 100644 --- a/sslViewer/sslAppUtils.h +++ b/sslViewer/sslAppUtils.h @@ -5,6 +5,7 @@ #ifndef _SSLS_APP_UTILS_H_ #define _SSLS_APP_UTILS_H_ 1 +#include #include #include #include @@ -15,7 +16,9 @@ extern "C" { #endif +#if ! SEC_OS_OSX_INCLUDES typedef struct OpaqueSecKeychainRef *SecKeychainRef; +#endif /* disable some Panther-only features */ #define JAGUAR_BUILD 0 diff --git a/trust/SecCertificate.h b/trust/SecCertificate.h new file mode 100644 index 00000000..b284fc0b --- /dev/null +++ b/trust/SecCertificate.h @@ -0,0 +1,556 @@ +/* + * Copyright (c) 2002-2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +/*! + @header SecCertificate + The functions provided in SecCertificate.h implement and manage a + particular type of keychain item that represents a X.509 public key + certificate. You can store a certificate in a keychain, but a + certificate can also be a transient object. + + You can use a certificate as a keychain item in most functions. +*/ + +#ifndef _SECURITY_SECCERTIFICATE_H_ +#define _SECURITY_SECCERTIFICATE_H_ + +#include +#include +#include +#include +#include +#include +#include + +#include + +#if SEC_OS_OSX +#define _SECURITY_VERSION_GREATER_THAN_57610_ + +#include +#include +#endif + +__BEGIN_DECLS + +CF_ASSUME_NONNULL_BEGIN +CF_IMPLICIT_BRIDGING_ENABLED + +/*! + @function SecCertificateGetTypeID + @abstract Returns the type identifier of SecCertificate instances. + @result The CFTypeID of SecCertificate instances. + */ +CFTypeID SecCertificateGetTypeID(void) + __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_2_0); + +/*! + @function SecCertificateCreateWithData + @abstract Create a certificate given it's DER representation as a CFData. + @param allocator CFAllocator to allocate the certificate with. + @param data DER encoded X.509 certificate. + @result Return NULL if the passed-in data is not a valid DER-encoded + X.509 certificate, return a SecCertificateRef otherwise. + */ +__nullable +SecCertificateRef SecCertificateCreateWithData(CFAllocatorRef __nullable allocator, CFDataRef data) + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); + +/*! + @function SecCertificateCopyData + @abstract Return the DER representation of an X.509 certificate. + @param certificate SecCertificate object created with + SecCertificateCreateWithData(). + @result DER encoded X.509 certificate. + */ +CFDataRef SecCertificateCopyData(SecCertificateRef certificate) + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); + +/*! + @function SecCertificateCopySubjectSummary + @abstract Return a simple string which hopefully represents a human + understandable summary. + @param certificate A reference to the certificate from which to derive + the subject summary string. + @discussion All the data in this string comes from the certificate itself + and thus it's in whatever language the certificate itself is in. + @result A CFStringRef which the caller should CFRelease() once it's no + longer needed. + */ +__nullable +CFStringRef SecCertificateCopySubjectSummary(SecCertificateRef certificate) + __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); + +/*! + @function SecCertificateCopyCommonName + @abstract Retrieves the common name of the subject of a given certificate. + @param certificate A reference to the certificate from which to retrieve the common name. + @param commonName On return, a reference to the common name. Your code must release this reference by calling the CFRelease function. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion All the data in this string comes from the certificate itself, and thus it's in whatever language the certificate itself is in. + Note that the certificate's common name field may not be present, or may be inadequate to describe the certificate; for display purposes, + you should consider using SecCertificateCopySubjectSummary instead of this function. + */ +OSStatus SecCertificateCopyCommonName(SecCertificateRef certificate, CFStringRef * __nonnull CF_RETURNS_RETAINED commonName) + __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_10_3); + +/*! + @function SecCertificateCopyEmailAddresses + @abstract Returns an array of zero or more email addresses for the subject of a given certificate. + @param certificate A reference to the certificate from which to retrieve the email addresses. + @param emailAddresses On return, an array of zero or more CFStringRef elements corresponding to each email address found. + Your code must release this array reference by calling the CFRelease function. + @result A result code. See "Security Error Codes" (SecBase.h). + */ +OSStatus SecCertificateCopyEmailAddresses(SecCertificateRef certificate, CFArrayRef * __nonnull CF_RETURNS_RETAINED emailAddresses) + __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_10_3); + +/*! + @function SecCertificateCopyNormalizedIssuerSequence + @abstract Return the certificate's normalized issuer + @param certificate The certificate from which to get values + @discussion The issuer is a sequence in the format used by SecItemCopyMatching. The content returned is a DER-encoded X.509 distinguished name. For a display version of the issuer, call SecCertificateCopyValues. The caller must CFRelease the value returned. + */ +__nullable +CFDataRef SecCertificateCopyNormalizedIssuerSequence(SecCertificateRef certificate) + __OSX_AVAILABLE_STARTING(__MAC_10_12_4, __IPHONE_10_3); + +/*! + @function SecCertificateCopyNormalizedSubjectSequence + @abstract Return the certificate's normalized subject + @param certificate The certificate from which to get values + @discussion The subject is a sequence in the format used by SecItemCopyMatching. The content returned is a DER-encoded X.509 distinguished name. For a display version of the subject, call SecCertificateCopyValues. The caller must CFRelease the value returned. + */ +__nullable +CFDataRef SecCertificateCopyNormalizedSubjectSequence(SecCertificateRef certificate) + __OSX_AVAILABLE_STARTING(__MAC_10_12_4, __IPHONE_10_3); + +#if TARGET_OS_IPHONE +/*! + @function SecCertificateCopyPublicKey + @abstract Retrieves the public key for a given certificate. + @param certificate A reference to the certificate from which to retrieve the public key. + @result A reference to the public key for the specified certificate. Your code must release this reference by calling the CFRelease function. + */ +__nullable +SecKeyRef SecCertificateCopyPublicKey(SecCertificateRef certificate) + __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_10_3); +#endif + +#if TARGET_OS_OSX +/*! + @function SecCertificateCopyPublicKey + @abstract Retrieves the public key for a given certificate. + @param certificate A reference to the certificate from which to retrieve the public key. + @param key On return, a reference to the public key for the specified certificate. Your code must release this reference by calling the CFRelease function. + @result A result code. See "Security Error Codes" (SecBase.h). + */ +OSStatus SecCertificateCopyPublicKey(SecCertificateRef certificate, SecKeyRef * __nonnull CF_RETURNS_RETAINED key) + __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_NA); +#endif + +#if TARGET_OS_IPHONE +/*! + @function SecCertificateCopySerialNumber + @abstract Return the certificate's serial number. + @param certificate The certificate from which to get values + @discussion Return the content of a DER-encoded integer (without the tag and length fields) for this certificate's serial number. The caller must CFRelease the value returned. + */ +__nullable +CFDataRef SecCertificateCopySerialNumber(SecCertificateRef certificate) + __OSX_AVAILABLE_STARTING(__MAC_NA, __IPHONE_10_3); +#endif + +#if TARGET_OS_OSX +/*! + @function SecCertificateCopySerialNumber + @abstract Return the certificate's serial number. + @param certificate The certificate from which to get values + @param error An optional pointer to a CFErrorRef. This value is set if an error occurred. If not NULL the caller is responsible for releasing the CFErrorRef. + @discussion Return the content of a DER-encoded integer (without the tag and length fields) for this certificate's serial number. The caller must CFRelease the value returned. + */ +__nullable +CFDataRef SecCertificateCopySerialNumber(SecCertificateRef certificate, CFErrorRef *error) + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +#endif + +/* + * Legacy functions (OS X only) + */ +#if SEC_OS_OSX +/*! + @enum CertificateItemAttributes + @abstract Indicates the type of a certificate item attribute. + @constant kSecSubjectItemAttr Indicates a DER-encoded subject distinguished name. + @constant kSecIssuerItemAttr Indicates a DER-encoded issuer distinguished name. + @constant kSecSerialNumberItemAttr Indicates a DER-encoded certificate serial number (without the tag and length). + @constant kSecPublicKeyHashItemAttr Indicates a public key hash. + @constant kSecSubjectKeyIdentifierItemAttr Indicates a subject key identifier. + @constant kSecCertTypeItemAttr Indicates a certificate type. + @constant kSecCertEncodingItemAttr Indicates a certificate encoding. +*/ +enum +{ + kSecSubjectItemAttr = 'subj', + kSecIssuerItemAttr = 'issu', + kSecSerialNumberItemAttr = 'snbr', + kSecPublicKeyHashItemAttr = 'hpky', + kSecSubjectKeyIdentifierItemAttr = 'skid', + kSecCertTypeItemAttr = 'ctyp', + kSecCertEncodingItemAttr = 'cenc' +} /*DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER*/; + +#pragma mark ---- Certificate Operations ---- + +/*! + @function SecCertificateCreateFromData + @abstract Creates a certificate based on the input data, type, and encoding. + @param data A pointer to the certificate data. + @param type The certificate type as defined in cssmtype.h. + @param encoding The certificate encoding as defined in cssmtype.h. + @param certificate On return, a reference to the newly created certificate. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion This API is deprecated in 10.7 Please use the SecCertificateCreateWithData API instead. +*/ +OSStatus SecCertificateCreateFromData(const CSSM_DATA *data, CSSM_CERT_TYPE type, CSSM_CERT_ENCODING encoding, SecCertificateRef * __nonnull CF_RETURNS_RETAINED certificate) + DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; + +/*! + @function SecCertificateAddToKeychain + @abstract Adds a certificate to the specified keychain. + @param certificate A reference to a certificate. + @param keychain A reference to the keychain in which to add the certificate. Pass NULL to add the certificate to the default keychain. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion This function is successful only if the certificate was created using the SecCertificateCreateFromData or + SecCertificateCreateWithData functions, and the certificate has not yet been added to the specified keychain. +*/ +OSStatus SecCertificateAddToKeychain(SecCertificateRef certificate, SecKeychainRef __nullable keychain) + __OSX_AVAILABLE_STARTING(__MAC_10_3, __IPHONE_NA); + +/*! + @function SecCertificateGetData + @abstract Retrieves the data for a given certificate. + @param certificate A reference to the certificate from which to retrieve the data. + @param data On return, the CSSM_DATA structure pointed to by data is filled in. You must allocate the space for a CSSM_DATA structure before calling this function. This data pointer is only guaranteed to remain valid as long as the certificate remains unchanged and valid. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion This API is deprecated in 10.7. Please use the SecCertificateCopyData API instead. +*/ +OSStatus SecCertificateGetData(SecCertificateRef certificate, CSSM_DATA_PTR data) + DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; + +/*! + @function SecCertificateGetType + @abstract Retrieves the type for a given certificate. + @param certificate A reference to the certificate from which to obtain the type. + @param certificateType On return, the certificate type of the certificate. Certificate types are defined in cssmtype.h. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion This API is deprecated in 10.7. Please use the SecCertificateCopyValues API instead. +*/ +OSStatus SecCertificateGetType(SecCertificateRef certificate, CSSM_CERT_TYPE *certificateType) + DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; + +/*! + @function SecCertificateGetSubject + @abstract Retrieves the subject name for a given certificate. + @param certificate A reference to the certificate from which to obtain the subject name. + @param subject On return, a pointer to a CSSM_X509_NAME struct which contains the subject's X.509 name (x509defs.h). This pointer remains valid until the certificate reference is released. The caller should not attempt to free this pointer. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion Prior to Mac OS X 10.5, this function did not return any output in the subject parameter. Your code should check the returned pointer value (in addition to the function result) before attempting to use it. + For example: + const CSSM_X509_NAME *subject = NULL; + OSStatus status = SecCertificateGetSubject(certificate, &subject); + if ( (status == errSecSuccess) && (subject != NULL) ) { + // subject is valid + } + This API is deprecated in 10.7. Please use the SecCertificateCopyValues API instead. +*/ +OSStatus SecCertificateGetSubject(SecCertificateRef certificate, const CSSM_X509_NAME * __nullable * __nonnull subject) + DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; + +/*! + @function SecCertificateGetIssuer + @abstract Retrieves the issuer name for a given certificate. + @param certificate A reference to the certificate from which to obtain the issuer name. + @param issuer On return, a pointer to a CSSM_X509_NAME struct which contains the issuer's X.509 name (x509defs.h). This pointer remains valid until the certificate reference is released. The caller should not attempt to free this pointer. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion Prior to Mac OS X 10.5, this function did not return any output in the issuer parameter. Your code should check the returned pointer value (in addition to the function result) before attempting to use it. + For example: + const CSSM_X509_NAME *issuer = NULL; + OSStatus status = SecCertificateGetIssuer(certificate, &issuer); + if ( (status == errSecSuccess) && (issuer != NULL) ) { + // issuer is valid + } + This API is deprecated in 10.7. Please use the SecCertificateCopyValues API instead. +*/ +OSStatus SecCertificateGetIssuer(SecCertificateRef certificate, const CSSM_X509_NAME * __nullable * __nonnull issuer) + DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; + +/*! + @function SecCertificateGetCLHandle + @abstract Retrieves the certificate library handle for a given certificate. + @param certificate A reference to the certificate from which to obtain the certificate library handle. + @param clHandle On return, the certificate library handle of the given certificate. This handle remains valid at least as long as the certificate does. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion This API is deprecated in 10.7. Please use the SecCertificateCopyValues API instead. +*/ +OSStatus SecCertificateGetCLHandle(SecCertificateRef certificate, CSSM_CL_HANDLE *clHandle) + DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; + +/*! + @function SecCertificateGetAlgorithmID + @abstract Retrieves the algorithm identifier for a given certificate. + @param certificate A reference to the certificate from which to retrieve the algorithm identifier. + @param algid On return, a pointer to a CSSM_X509_ALGORITHM_IDENTIFIER struct which identifies the algorithm for this certificate (x509defs.h). This pointer remains valid until the certificate reference is released. The caller should not attempt to free this pointer. + @result A result code. See "Security Error Codes" (SecBase.h). + discussion This API is deprecated in 10.7. Please use the SecCertificateCopyValues API instead. +*/ +OSStatus SecCertificateGetAlgorithmID(SecCertificateRef certificate, const CSSM_X509_ALGORITHM_IDENTIFIER * __nullable * __nonnull algid) + DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; + +/*! + @function SecCertificateCopyPreference + @abstract Returns the preferred certificate for the specified name and key usage. If a preferred certificate does not exist for the specified name and key usage, NULL is returned. + @param name A string containing an email address (RFC822) or other name for which a preferred certificate is requested. + @param keyUsage A CSSM_KEYUSE key usage value, as defined in cssmtype.h. Pass 0 to ignore this parameter. + @param certificate On return, a reference to the preferred certificate, or NULL if none was found. You are responsible for releasing this reference by calling the CFRelease function. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion This function will typically be used to obtain the preferred encryption certificate for an email recipient. + This API is deprecated in 10.7. Please use the SecCertificateCopyPreferred API instead. +*/ +OSStatus SecCertificateCopyPreference(CFStringRef name, uint32 keyUsage, SecCertificateRef * __nonnull CF_RETURNS_RETAINED certificate) + DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; + +/*! + @function SecCertificateCopyPreferred + @abstract Returns the preferred certificate for the specified name and key usage. If a preferred certificate does not exist for the specified name and key usage, NULL is returned. + @param name A string containing an email address (RFC822) or other name for which a preferred certificate is requested. + @param keyUsage A CFArrayRef value, containing items defined in SecItem.h Pass NULL to ignore this parameter. (kSecAttrCanEncrypt, kSecAttrCanDecrypt, kSecAttrCanDerive, kSecAttrCanSign, kSecAttrCanVerify, kSecAttrCanWrap, kSecAttrCanUnwrap) + @result On return, a reference to the preferred certificate, or NULL if none was found. You are responsible for releasing this reference by calling the CFRelease function. + @discussion This function will typically be used to obtain the preferred encryption certificate for an email recipient. If a preferred certificate has not been set + for the supplied name, the returned reference will be NULL. Your code should then perform a search for possible certificates, using the SecItemCopyMatching API. + */ +__nullable +SecCertificateRef SecCertificateCopyPreferred(CFStringRef name, CFArrayRef __nullable keyUsage) + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); + +/*! + @function SecCertificateSetPreference + @abstract Sets the preferred certificate for a specified name, key usage, and date. + @param certificate A reference to the certificate which will be preferred. + @param name A string containing an email address (RFC822) or other name for which a preferred certificate will be associated. + @param keyUsage A CSSM_KEYUSE key usage value, as defined in cssmtype.h. Pass 0 to avoid specifying a particular key usage. + @param date (optional) A date reference. If supplied, the preferred certificate will be changed only if this date is later than the currently saved setting. Pass NULL if this preference should not be restricted by date. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion This function will typically be used to set the preferred encryption certificate for an email recipient, either manually (when encrypting email to a recipient) or automatically upon receipt of encrypted email. + This API is deprecated in 10.7. Plese use the SecCertificateSetPreferred API instead. +*/ +OSStatus SecCertificateSetPreference(SecCertificateRef certificate, CFStringRef name, uint32 keyUsage, CFDateRef __nullable date) + DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER; + +/*! + @function SecCertificateSetPreferred + @abstract Sets the preferred certificate for a specified name and optional key usage. + @param certificate A reference to the preferred certificate. If NULL is passed, any existing preference for the specified name is cleared instead. + @param name A string containing an email address (RFC822) or other name for which a preferred certificate will be associated. + @param keyUsage A CFArrayRef value, containing items defined in SecItem.h Pass NULL to ignore this parameter. (kSecAttrCanEncrypt, kSecAttrCanDecrypt, kSecAttrCanDerive, kSecAttrCanSign, kSecAttrCanVerify, kSecAttrCanWrap, kSecAttrCanUnwrap) + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion This function will typically be used to set the preferred encryption certificate for an email recipient, either manually (when encrypting email to a recipient) + or automatically upon receipt of encrypted email. +*/ +OSStatus SecCertificateSetPreferred(SecCertificateRef __nullable certificate, CFStringRef name, CFArrayRef __nullable keyUsage) + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); + +/*! + @typedef SecKeyUsage + @abstract Flags to indicate key usages in the KeyUsage extension of a certificate + @constant kSecKeyUsageUnspecified No KeyUsage extension in certificate. + @constant kSecKeyUsageDigitalSignature DigitalSignature bit set in KeyUsage extension. + @constant kSecKeyUsageNonRepudiation NonRepudiation bit set in KeyUsage extension. + @constant kSecKeyUsageContentCommitment ContentCommitment bit set in KeyUsage extension. + @constant kSecKeyUsageKeyEncipherment KeyEncipherment bit set in KeyUsage extension. + @constant kSecKeyUsageDataEncipherment DataEncipherment bit set in KeyUsage extension. + @constant kSecKeyUsageKeyAgreement KeyAgreement bit set in KeyUsage extension. + @constant kSecKeyUsageKeyCertSign KeyCertSign bit set in KeyUsage extension. + @constant kSecKeyUsageCRLSign CRLSign bit set in KeyUsage extension. + @constant kSecKeyUsageEncipherOnly EncipherOnly bit set in KeyUsage extension. + @constant kSecKeyUsageDecipherOnly DecipherOnly bit set in KeyUsage extension. + @constant kSecKeyUsageCritical KeyUsage extension is marked critical. + @constant kSecKeyUsageAll For masking purposes, all SecKeyUsage values. + */ +typedef CF_OPTIONS(uint32_t, SecKeyUsage) { + kSecKeyUsageUnspecified = 0u, + kSecKeyUsageDigitalSignature = 1u << 0, + kSecKeyUsageNonRepudiation = 1u << 1, + kSecKeyUsageContentCommitment= 1u << 1, + kSecKeyUsageKeyEncipherment = 1u << 2, + kSecKeyUsageDataEncipherment = 1u << 3, + kSecKeyUsageKeyAgreement = 1u << 4, + kSecKeyUsageKeyCertSign = 1u << 5, + kSecKeyUsageCRLSign = 1u << 6, + kSecKeyUsageEncipherOnly = 1u << 7, + kSecKeyUsageDecipherOnly = 1u << 8, + kSecKeyUsageCritical = 1u << 31, + kSecKeyUsageAll = 0x7FFFFFFFu +}; + +/*! + @enum kSecPropertyKey + @abstract Constants used to access dictionary entries returned by SecCertificateCopyValues + @constant kSecPropertyKeyType The type of the entry + @constant kSecPropertyKeyLabel The label of the entry + @constant kSecPropertyKeyLocalizedLabel The localized label of the entry + @constant kSecPropertyKeyValue The value of the entry + */ + +extern const CFStringRef kSecPropertyKeyType __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecPropertyKeyLabel __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecPropertyKeyLocalizedLabel __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecPropertyKeyValue __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); + +/*! + @enum kSecPropertyType + @abstract Public Constants for property list values returned by SecCertificateCopyValues + @discussion Note that kSecPropertyTypeTitle and kSecPropertyTypeError are defined in SecTrust.h +*/ +extern const CFStringRef kSecPropertyTypeWarning __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecPropertyTypeSuccess __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecPropertyTypeSection __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecPropertyTypeData __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecPropertyTypeString __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecPropertyTypeURL __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); +extern const CFStringRef kSecPropertyTypeDate __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); + +/*! + @function SecCertificateCopyValues + @abstract Creates a dictionary that represents a certificate's contents. + @param certificate The certificate from which to get values + @param keys An array of string OID values, or NULL. If present, this is + the subset of values from the certificate to return. If NULL, + all values will be returned. Only OIDs that are top level keys + in the returned dictionary can be specified. Unknown OIDs are + ignored. + @param error An optional pointer to a CFErrorRef. This value is + set if an error occurred. If not NULL the caller is + responsible for releasing the CFErrorRef. + @discussion The keys array will contain all of the keys used in the + returned dictionary. The top level keys in the returned + dictionary are OIDs, many of which are found in SecCertificateOIDs.h. + Each entry that is returned is itself a dictionary with four + entries, whose keys are kSecPropertyKeyType, kSecPropertyKeyLabel, + kSecPropertyKeyLocalizedLabel, kSecPropertyKeyValue. The label + entries may contain a descriptive (localized) string, or an + OID string. The kSecPropertyKeyType describes the type in the + value entry. The value entry may be any CFType, although it + is usually a CFStringRef, CFArrayRef or a CFDictionaryRef. +*/ +__nullable +CFDictionaryRef SecCertificateCopyValues(SecCertificateRef certificate, CFArrayRef __nullable keys, CFErrorRef *error) + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); + +/*! + @function SecCertificateCopyLongDescription + @abstract Return the long description of a certificate + @param alloc The CFAllocator which should be used to allocate + memory for the dictionary and its storage for values. This + parameter may be NULL in which case the current default + CFAllocator is used. If this reference is not a valid + CFAllocator, the behavior is undefined. + @param certificate The certificate from which to retrieve the long description + @param error An optional pointer to a CFErrorRef. This value is + set if an error occurred. If not NULL the caller is + responsible for releasing the CFErrorRef. + @result A CFStringRef of the long description or NULL. If NULL and the error + parameter is supplied the error will be returned in the error parameter + @discussion Note that the format of this string may change in the future +*/ + +__nullable +CFStringRef SecCertificateCopyLongDescription(CFAllocatorRef __nullable alloc, SecCertificateRef certificate, CFErrorRef *error) + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); + +/*! + @function SecCertificateCopyShortDescription + @abstract Return the short description of a certificate + @param alloc The CFAllocator which should be used to allocate + memory for the dictionary and its storage for values. This + parameter may be NULL in which case the current default + CFAllocator is used. If this reference is not a valid + CFAllocator, the behavior is undefined. + @param certificate The certificate from which to retrieve the short description + @param error An optional pointer to a CFErrorRef. This value is + set if an error occurred. If not NULL the caller is + responsible for releasing the CFErrorRef. + @result A CFStringRef of the short description or NULL. If NULL and the error + parameter is supplied the error will be returned in the error parameter + @discussion Note that the format of this string may change in the future +*/ + +__nullable +CFStringRef SecCertificateCopyShortDescription(CFAllocatorRef __nullable alloc, SecCertificateRef certificate, CFErrorRef *error) + __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); + +/*! + @function SecCertificateCopyNormalizedIssuerContent + @abstract Return the certificate's normalized issuer + @param certificate The certificate from which to get values + @param error An optional pointer to a CFErrorRef. This value is + set if an error occurred. If not NULL the caller is + responsible for releasing the CFErrorRef. + @discussion The issuer is a sequence in the format used by + SecItemCopyMatching. The content returned is a DER-encoded + X.509 distinguished name. For a display version of the issuer, + call SecCertificateCopyValues. The caller must CFRelease + the value returned. +*/ + +__nullable +CFDataRef SecCertificateCopyNormalizedIssuerContent(SecCertificateRef certificate, CFErrorRef *error) + __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_7, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateCopyNormalizedIssuerContent is deprecated. Use SecCertificateCopyNormalizedIssuerSequence instead."); + +/*! + @function SecCertificateCopyNormalizedSubjectContent + @abstract Return the certificate's normalized subject + @param certificate The certificate from which to get values + @param error An optional pointer to a CFErrorRef. This value is + set if an error occurred. If not NULL the caller is + responsible for releasing the CFErrorRef. + @discussion The subject is a sequence in the format used by + SecItemCopyMatching. The content returned is a DER-encoded + X.509 distinguished name. For a display version of the subject, + call SecCertificateCopyValues. The caller must CFRelease + the value returned. +*/ + +__nullable +CFDataRef SecCertificateCopyNormalizedSubjectContent(SecCertificateRef certificate, CFErrorRef *error) + __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_7, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateCopyNormalizedSubjectContent is deprecated. Use SecCertificateCopyNormalizedSubjectSequence instead."); + + +#endif /* SEC_OS_OSX */ + +CF_IMPLICIT_BRIDGING_DISABLED +CF_ASSUME_NONNULL_END + +__END_DECLS + +#endif /* !_SECURITY_SECCERTIFICATE_H_ */ diff --git a/trust/SecCertificatePriv.h b/trust/SecCertificatePriv.h new file mode 100644 index 00000000..807fc417 --- /dev/null +++ b/trust/SecCertificatePriv.h @@ -0,0 +1,539 @@ +/* + * Copyright (c) 2002-2004,2006-2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +/*! + @header SecCertificatePriv + The functions provided in SecCertificatePriv.h implement and manage a particular + type of keychain item that represents a certificate. You can store a + certificate in a keychain, but a certificate can also be a transient + object. + + You can use a certificate as a keychain item in most functions. + Certificates are able to compute their parent certificates, and much more. +*/ + +#ifndef _SECURITY_SECCERTIFICATEPRIV_H_ +#define _SECURITY_SECCERTIFICATEPRIV_H_ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +__BEGIN_DECLS + +#if SEC_OS_IPHONE +typedef CF_OPTIONS(uint32_t, SecKeyUsage) { + kSecKeyUsageUnspecified = 0u, + kSecKeyUsageDigitalSignature = 1u << 0, + kSecKeyUsageNonRepudiation = 1u << 1, + kSecKeyUsageContentCommitment= 1u << 1, + kSecKeyUsageKeyEncipherment = 1u << 2, + kSecKeyUsageDataEncipherment = 1u << 3, + kSecKeyUsageKeyAgreement = 1u << 4, + kSecKeyUsageKeyCertSign = 1u << 5, + kSecKeyUsageCRLSign = 1u << 6, + kSecKeyUsageEncipherOnly = 1u << 7, + kSecKeyUsageDecipherOnly = 1u << 8, + kSecKeyUsageCritical = 1u << 31, + kSecKeyUsageAll = 0x7FFFFFFFu +}; +#endif /* SEC_OS_IPHONE */ + +typedef CF_ENUM(uint32_t, SecCertificateEscrowRootType) { + kSecCertificateBaselineEscrowRoot = 0, + kSecCertificateProductionEscrowRoot = 1, + kSecCertificateBaselinePCSEscrowRoot = 2, + kSecCertificateProductionPCSEscrowRoot = 3, + kSecCertificateBaselineEscrowBackupRoot = 4, // v100 and v101 + kSecCertificateProductionEscrowBackupRoot = 5, + kSecCertificateBaselineEscrowEnrollmentRoot = 6, // v101 only + kSecCertificateProductionEscrowEnrollmentRoot = 7, +}; + +/* The names of the files that contain the escrow certificates */ +extern const CFStringRef kSecCertificateProductionEscrowKey; +extern const CFStringRef kSecCertificateProductionPCSEscrowKey; +extern const CFStringRef kSecCertificateEscrowFileName; + +/* Return a certificate for the DER representation of this certificate. + Return NULL if the passed-in data is not a valid DER-encoded X.509 + certificate. */ +SecCertificateRef SecCertificateCreateWithBytes(CFAllocatorRef allocator, + const UInt8 *bytes, CFIndex length) +__SEC_MAC_AND_IOS_UNKNOWN; +//__OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_UNKNOWN); + +/* Returns a certificate from a pem blob. + Return NULL if the passed-in data is not a valid DER-encoded X.509 + certificate. */ +SecCertificateRef SecCertificateCreateWithPEM(CFAllocatorRef allocator, CFDataRef pem_certificate) +__SEC_MAC_AND_IOS_UNKNOWN; +//__OSX_AVAILABLE_STARTING(__MAC_10_12, __SEC_IPHONE_UNKNOWN); + +/* Return the length of the DER representation of this certificate. */ +CFIndex SecCertificateGetLength(SecCertificateRef certificate); + +/* Return the bytes of the DER representation of this certificate. */ +const UInt8 *SecCertificateGetBytePtr(SecCertificateRef certificate); + +/* Return the SHA-1 hash of this certificate. */ +CFDataRef SecCertificateGetSHA1Digest(SecCertificateRef certificate) + __SEC_MAC_AND_IOS_UNKNOWN; + +CFDataRef SecCertificateCopyIssuerSHA1Digest(SecCertificateRef certificate) + __SEC_MAC_AND_IOS_UNKNOWN; + +/* Return the SHA-256 hash of this certificate. */ +CFDataRef SecCertificateCopySHA256Digest(SecCertificateRef certificate) + __SEC_MAC_AND_IOS_UNKNOWN; + +/* Return the SHA-1 hash of the public key in this certificate. */ +CFDataRef SecCertificateCopyPublicKeySHA1Digest(SecCertificateRef certificate) + __SEC_MAC_AND_IOS_UNKNOWN; + +/* Return the SHA-1 hash of the SubjectPublicKeyInfo sequence in this certificate. */ +CFDataRef SecCertificateCopySubjectPublicKeyInfoSHA1Digest(SecCertificateRef certificate) + __SEC_MAC_AND_IOS_UNKNOWN; + +/* Return the SHA-256 hash of the SubjectPublicKeyInfo sequence in this certificate. */ +CFDataRef SecCertificateCopySubjectPublicKeyInfoSHA256Digest(SecCertificateRef certificate) + __SEC_MAC_AND_IOS_UNKNOWN; + +/* Return an array of CFStringRefs representing the dns addresses in the + certificate if any. */ +CFArrayRef SecCertificateCopyDNSNames(SecCertificateRef certificate) + __SEC_MAC_AND_IOS_UNKNOWN; + +/* Return an array of CFStringRefs representing the NTPrincipalNames in the + certificate if any. */ +CFArrayRef SecCertificateCopyNTPrincipalNames(SecCertificateRef certificate) + __SEC_MAC_AND_IOS_UNKNOWN; + +/* Create a unified SecCertificateRef from a legacy keychain item and its data. */ +SecCertificateRef SecCertificateCreateWithKeychainItem(CFAllocatorRef allocator, + CFDataRef der_certificate, CFTypeRef keychainItem) + __SEC_MAC_AND_IOS_UNKNOWN; + +/* Set a legacy item instance for a unified SecCertificateRef. */ +OSStatus SecCertificateSetKeychainItem(SecCertificateRef certificate, CFTypeRef keychain_item) + __SEC_MAC_AND_IOS_UNKNOWN; + +/* Return a keychain item reference, given a unified SecCertificateRef. + Note: On OSX, for this function to succeed, the provided certificate must have been + created by SecCertificateCreateWithKeychainItem, otherwise NULL is returned. + */ +CFTypeRef SecCertificateCopyKeychainItem(SecCertificateRef certificate) + __SEC_MAC_AND_IOS_UNKNOWN; + +/*! + @function SecCertificateCopyIssuerSummary + @abstract Return a simple string which hopefully represents a human understandable issuer. + @param certificate SecCertificate object created with SecCertificateCreateWithData(). + @discussion All the data in this string comes from the certificate itself + and thus it's in whatever language the certificate itself is in. + @result A CFStringRef which the caller should CFRelease() once it's no longer needed. + */ +CFStringRef SecCertificateCopyIssuerSummary(SecCertificateRef certificate); + +/* Return a string formatted according to RFC 2253 representing the complete + subject of certificate. */ +CFStringRef SecCertificateCopySubjectString(SecCertificateRef certificate); + +CFMutableArrayRef SecCertificateCopySummaryProperties( + SecCertificateRef certificate, CFAbsoluteTime verifyTime) + __SEC_MAC_AND_IOS_UNKNOWN; + +/* Return the content of a DER encoded X.501 name (without the tag and length + fields) for the receiving certificates issuer. */ +CFDataRef SecCertificateGetNormalizedIssuerContent(SecCertificateRef certificate) + __SEC_MAC_AND_IOS_UNKNOWN; + +/* Return the content of a DER encoded X.501 name (without the tag and length + fields) for the receiving certificates subject. */ +CFDataRef SecCertificateGetNormalizedSubjectContent(SecCertificateRef certificate) + __SEC_MAC_AND_IOS_UNKNOWN; + +/* Return the DER encoded issuer sequence for the certificate's issuer. */ +CFDataRef SecCertificateCopyIssuerSequence(SecCertificateRef certificate); + +/* Return the DER encoded subject sequence for the certificate's subject. */ +CFDataRef SecCertificateCopySubjectSequence(SecCertificateRef certificate); + +/* Return an array of CFStringRefs representing the ip addresses in the + certificate if any. */ +CFArrayRef SecCertificateCopyIPAddresses(SecCertificateRef certificate); + +/* Return an array of CFStringRefs representing the email addresses in the + certificate if any. */ +CFArrayRef SecCertificateCopyRFC822Names(SecCertificateRef certificate); + +/* Return an array of CFStringRefs representing the common names in the + certificates subject if any. */ +CFArrayRef SecCertificateCopyCommonNames(SecCertificateRef certificate); + +/* Return an array of CFStringRefs representing the organization in the + certificate's subject if any. */ +CFArrayRef SecCertificateCopyOrganization(SecCertificateRef certificate); + +/* Return an array of CFStringRefs representing the organizational unit in the + certificate's subject if any. */ +CFArrayRef SecCertificateCopyOrganizationalUnit(SecCertificateRef certificate); + +/* Return an array of CFStringRefs representing the country in the + certificate's subject if any. */ +CFArrayRef SecCertificateCopyCountry(SecCertificateRef certificate); + +/* Return a string with the company name of an ev leaf certificate. */ +CFStringRef SecCertificateCopyCompanyName(SecCertificateRef certificate); + +/* X.509 Certificate Version: 1, 2 or 3. */ +CFIndex SecCertificateVersion(SecCertificateRef certificate); + +SecKeyUsage SecCertificateGetKeyUsage(SecCertificateRef certificate); + +/* Returns an array of CFDataRefs for all extended key usage oids or NULL */ +CFArrayRef SecCertificateCopyExtendedKeyUsage(SecCertificateRef certificate); + +/*! + @function SecCertificateIsValid + @abstract Check certificate validity on a given date. + @param certificate A certificate reference. + @result Returns true if the specified date falls within the certificate's validity period, false otherwise. + */ +bool SecCertificateIsValid(SecCertificateRef certificate, CFAbsoluteTime verifyTime) + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_2_0); + +/*! + @function SecCertificateNotValidBefore + @abstract Obtain the starting date of the given certificate. + @param certificate A certificate reference. + @result Returns the absolute time at which the given certificate becomes valid, + or 0 if this value could not be obtained. + */ +CFAbsoluteTime SecCertificateNotValidBefore(SecCertificateRef certificate) + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_2_0); + +/*! + @function SecCertificateNotValidAfter + @abstract Obtain the expiration date of the given certificate. + @param certificate A certificate reference. + @result Returns the absolute time at which the given certificate expires, + or 0 if this value could not be obtained. + */ +CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRef certificate) + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_2_0); + +/*! + @function SecCertificateIsSelfSigned + @abstract Determine if the given certificate is self-signed. + @param certRef A certificate reference. + @param isSelfSigned Will be set to true on return if the certificate is self-signed, false otherwise. + @result A result code. Returns errSecSuccess if the certificate's status can be determined. + */ +OSStatus SecCertificateIsSelfSigned(SecCertificateRef certRef, Boolean *isSelfSigned) + __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_9_0); + +/*! + @function SecCertificateIsSelfSignedCA + @abstract Determine if the given certificate is self-signed and has a basic + constraints extension indicating it is a certificate authority. + @param certificate A certificate reference. + @result Returns true if the certificate is self-signed and has a basic + constraints extension indicating it is a certificate authority, otherwise false. + */ +bool SecCertificateIsSelfSignedCA(SecCertificateRef certificate) + __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0); + +/*! + @function SecCertificateIsCA + @abstract Determine if the given certificate has a basic + constraints extension indicating it is a certificate authority. + @param certificate A certificate reference. + @result Returns true if the certificate has a basic constraints + extension indicating it is a certificate authority, otherwise false. + */ +bool SecCertificateIsCA(SecCertificateRef certificate) + __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0); + + +/* Append certificate to xpc_certificates. */ +bool SecCertificateAppendToXPCArray(SecCertificateRef certificate, xpc_object_t xpc_certificates, CFErrorRef *error); + +/* Decode certificate from xpc_certificates[index] as encoded by SecCertificateAppendToXPCArray(). */ +SecCertificateRef SecCertificateCreateWithXPCArrayAtIndex(xpc_object_t xpc_certificates, size_t index, CFErrorRef *error); + +/* Return an xpc_array of data from an array of SecCertificateRefs. */ +xpc_object_t SecCertificateArrayCopyXPCArray(CFArrayRef certificates, CFErrorRef *error); + +/* Return an array of SecCertificateRefs from a xpc_object array of datas. */ +CFArrayRef SecCertificateXPCArrayCopyArray(xpc_object_t xpc_certificates, CFErrorRef *error); + +/*! + @function SecCertificateCopyEscrowRoots + @abstract Retrieve the array of valid escrow certificates for a given root type. + @param escrowRootType An enumerated type indicating which root type to return. + @result An array of zero or more escrow certificates matching the provided type. + */ +CFArrayRef SecCertificateCopyEscrowRoots(SecCertificateEscrowRootType escrowRootType) + __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); + +/* Return an attribute dictionary used to store this item in a keychain. */ +CFDictionaryRef SecCertificateCopyAttributeDictionary(SecCertificateRef certificate) + __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); + +/* + * Enumerated constants for signature hash algorithms. + */ +typedef CF_ENUM(uint32_t, SecSignatureHashAlgorithm){ + kSecSignatureHashAlgorithmUnknown = 0, + kSecSignatureHashAlgorithmMD2 = 1, + kSecSignatureHashAlgorithmMD4 = 2, + kSecSignatureHashAlgorithmMD5 = 3, + kSecSignatureHashAlgorithmSHA1 = 4, + kSecSignatureHashAlgorithmSHA224 = 5, + kSecSignatureHashAlgorithmSHA256 = 6, + kSecSignatureHashAlgorithmSHA384 = 7, + kSecSignatureHashAlgorithmSHA512 = 8 +}; + +/*! + @function SecCertificateGetSignatureHashAlgorithm + @abstract Determine the hash algorithm used in a certificate's signature. + @param certificate A certificate reference. + @result Returns an enumerated value indicating the signature hash algorithm + used in a certificate. If the hash algorithm is unsupported or cannot be + obtained (e.g. because the supplied certificate reference is invalid), a + value of 0 (kSecSignatureHashAlgorithmUnknown) is returned. + */ +SecSignatureHashAlgorithm SecCertificateGetSignatureHashAlgorithm(SecCertificateRef certificate) + __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); + +/*! + @function SecCertificateCopyProperties + @abstract Return a property array for this trust certificate. + @param certificate A reference to the certificate to evaluate. + @result A property array. It is the caller's responsability to CFRelease + the returned array when it is no longer needed. + See SecTrustCopySummaryPropertiesAtIndex on how to intepret this array. + Unlike that function call this function returns a detailed description + of the certificate in question. + */ +CFArrayRef SecCertificateCopyProperties(SecCertificateRef certificate); + +/* Returns an array of CFDataRefs for all embedded SCTs */ +CFArrayRef SecCertificateCopySignedCertificateTimestamps(SecCertificateRef certificate) + __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0); + +/* Return the precert TBSCertificate DER data - used for Certificate Transparency */ +CFDataRef SecCertificateCopyPrecertTBS(SecCertificateRef certificate) + __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_9_0); + +/* Return the auth capabilities bitmask from the iAP marker extension */ +CF_RETURNS_RETAINED CFDataRef SecCertificateCopyiAPAuthCapabilities(SecCertificateRef certificate) + __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); + +typedef CF_ENUM(uint32_t, SeciAuthVersion) { + kSeciAuthInvalid = 0, + kSeciAuthVersion1 = 1, /* unused */ + kSeciAuthVersion2 = 2, + kSeciAuthVersion3 = 3, +} __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); + +/* Return the iAuth version indicated by the certificate. This function does + * not guarantee that the certificate is valid, so the caller must still call + * SecTrustEvaluate to guarantee that the certificate was properly issued */ +SeciAuthVersion SecCertificateGetiAuthVersion(SecCertificateRef certificate) + __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); + + +/* + * Legacy functions (OS X only) + */ +#if SEC_OS_OSX +#include +#include + +/* Given a unified SecCertificateRef, return a copy with a legacy + C++ ItemImpl-based Certificate instance. Only for internal use; + legacy references cannot be used by SecCertificate API functions. */ +SecCertificateRef SecCertificateCreateItemImplInstance(SecCertificateRef certificate) + __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_NA); + +/* Inverse of above; convert legacy Certificate instance to new ref. */ +SecCertificateRef SecCertificateCreateFromItemImplInstance(SecCertificateRef certificate) + __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_NA); + + +/* Convenience function to determine type of certificate instance. */ +Boolean SecCertificateIsItemImplInstance(SecCertificateRef certificate) + __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_NA); + +/* Given a legacy C++ ItemImpl-based Certificate instance obtained with + SecCertificateCreateItemImplInstance, return its clHandle pointer. + Only for internal use. */ +OSStatus SecCertificateGetCLHandle_legacy(SecCertificateRef certificate, CSSM_CL_HANDLE *clHandle) + __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_NA); + +/* Deprecated; use SecCertificateCopyCommonName() instead. */ +OSStatus SecCertificateGetCommonName(SecCertificateRef certificate, CFStringRef *commonName) + __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_5, __IPHONE_NA, __IPHONE_NA, "SecCertificateGetCommonName is deprecated. Use SecCertificateCopyCommonName instead."); + +/* Deprecated; use SecCertificateCopyEmailAddresses() instead. */ +/* This should have been Copy instead of Get since the returned address is not autoreleased. */ +OSStatus SecCertificateGetEmailAddress(SecCertificateRef certificate, CFStringRef *emailAddress) + __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_5, __IPHONE_NA, __IPHONE_NA, "SecCertificateGetEmailAddress is deprecated. Use SecCertificateCopyEmailAddresses instead."); + +/* + * Private API to infer a display name for a SecCertificateRef which + * may or may not be in a keychain. + */ +OSStatus SecCertificateInferLabel(SecCertificateRef certificate, CFStringRef *label); + +/* + * Subset of the above, useful for both certs and CRLs. + * Infer printable label for a given an CSSM_X509_NAME. Returns NULL + * if no appropriate printable name found. + */ +const CSSM_DATA *SecInferLabelFromX509Name( + const CSSM_X509_NAME *x509Name); + +/* Accessors for fields in the cached certificate */ + +/*! + @function SecCertificateCopyFieldValues + @abstract Retrieves the values for a particular field in a given certificate. + @param certificate A valid SecCertificateRef to the certificate. + @param field Pointer to the OID whose values should be returned. + @param fieldValues On return, a zero terminated list of CSSM_DATA_PTR's. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion Return a zero terminated list of CSSM_DATA_PTR's with the + values of the field specified by field. Caller must call + SecCertificateReleaseFieldValues to free the storage allocated by this call. +*/ +OSStatus SecCertificateCopyFieldValues(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR **fieldValues) + __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateCopyFieldValues is deprecated. Use SecCertificateCopyValues instead."); + +/*! + @function SecCertificateReleaseFieldValues + @abstract Release the storage associated with the values returned by SecCertificateCopyFieldValues. + @param certificate A valid SecCertificateRef to the certificate. + @param field Pointer to the OID whose values were returned by SecCertificateCopyFieldValues. + @param fieldValues Pointer to a zero terminated list of CSSM_DATA_PTR's. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion Release the storage associated with the values returned by SecCertificateCopyFieldValues. +*/ +OSStatus SecCertificateReleaseFieldValues(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR *fieldValues) + __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateReleaseFieldValues is deprecated. Use SecCertificateCopyValues instead."); + +/*! + @function SecCertificateCopyFirstFieldValue + @abstract Return a CSSM_DATA_PTR with the value of the first field specified by field. + @param certificate A valid SecCertificateRef to the certificate. + @param field Pointer to the OID whose value should be returned. + @param fieldValue On return, a CSSM_DATA_PTR to the field data. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion Return a CSSM_DATA_PTR with the value of the first field specified by field. Caller must call + SecCertificateReleaseFieldValue to free the storage allocated by this call. +*/ +OSStatus SecCertificateCopyFirstFieldValue(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR *fieldValue) + __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateCopyFirstFieldValue is deprecated. Use SecCertificateCopyValues instead."); + +/*! + @function SecCertificateReleaseFirstFieldValue + @abstract Release the storage associated with the values returned by SecCertificateCopyFirstFieldValue. + @param certificate A valid SecCertificateRef to the certificate. + @param field Pointer to the OID whose values were returned by SecCertificateCopyFieldValue. + @param fieldValue The field data to release. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion Release the storage associated with the values returned by SecCertificateCopyFieldValue. +*/ +OSStatus SecCertificateReleaseFirstFieldValue(SecCertificateRef certificate, const CSSM_OID *field, CSSM_DATA_PTR fieldValue) + __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateReleaseFirstFieldValue is deprecated. Use SecCertificateCopyValues instead."); + +/*! + @function SecCertificateCopySubjectComponent + @abstract Retrieves a component of the subject distinguished name of a given certificate. + @param certificate A reference to the certificate from which to retrieve the common name. + @param component A component oid naming the component desired. See . + @param result On return, a reference to the string form of the component, if present in the subject. + Your code must release this reference by calling the CFRelease function. + @result A result code. See "Security Error Codes" (SecBase.h). + */ +OSStatus SecCertificateCopySubjectComponent(SecCertificateRef certificate, const CSSM_OID *component, + CFStringRef *result) + __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateCopySubjectComponent is deprecated. Use SecCertificateCopyCommonNames,SecCertificateCopyOrganization,SecCertificateCopyOrganizationalUnit, etc. instead."); + +/* Convenience functions for searching. + */ +OSStatus SecCertificateFindByIssuerAndSN(CFTypeRef keychainOrArray, const CSSM_DATA *issuer, + const CSSM_DATA *serialNumber, SecCertificateRef *certificate) + __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateFindByIssuerAndSN is deprecated. Use SecItemCopyMatching instead."); + +OSStatus SecCertificateFindBySubjectKeyID(CFTypeRef keychainOrArray, const CSSM_DATA *subjectKeyID, + SecCertificateRef *certificate) + __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateFindBySubjectKeyID is deprecated. Use SecItemCopyMatching instead."); + +OSStatus SecCertificateFindByEmail(CFTypeRef keychainOrArray, const char *emailAddress, + SecCertificateRef *certificate) + __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecCertificateFindByEmail is deprecated. Use SecItemCopyMatching instead."); + +/* These should go to SecKeychainSearchPriv.h. */ +OSStatus SecKeychainSearchCreateForCertificateByIssuerAndSN(CFTypeRef keychainOrArray, const CSSM_DATA *issuer, + const CSSM_DATA *serialNumber, SecKeychainSearchRef *searchRef) + __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecKeychainSearchCreateForCertificateByIssuerAndSN is deprecated. Use SecItemCopyMatching instead."); + +OSStatus SecKeychainSearchCreateForCertificateByIssuerAndSN_CF(CFTypeRef keychainOrArray, CFDataRef issuer, + CFDataRef serialNumber, SecKeychainSearchRef *searchRef) + __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecKeychainSearchCreateForCertificateByIssuerAndSN_CF is deprecated. Use SecItemCopyMatching instead."); + +OSStatus SecKeychainSearchCreateForCertificateBySubjectKeyID(CFTypeRef keychainOrArray, const CSSM_DATA *subjectKeyID, + SecKeychainSearchRef *searchRef) + __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecKeychainSearchCreateForCertificateBySubjectKeyID is deprecated. Use SecItemCopyMatching instead."); + +OSStatus SecKeychainSearchCreateForCertificateByEmail(CFTypeRef keychainOrArray, const char *emailAddress, + SecKeychainSearchRef *searchRef) + __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA, "SecKeychainSearchCreateForCertificateByEmail is deprecated. Use SecItemCopyMatching instead."); + +/* Convenience function for generating digests; should be moved elsewhere. */ +CSSM_RETURN SecDigestGetData(CSSM_ALGORITHMS alg, CSSM_DATA* digest, const CSSM_DATA* data) + __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_0, __MAC_10_12_4, __IPHONE_NA, __IPHONE_NA); + +/* Return true iff certificate is valid as of verifyTime. */ +/* DEPRECATED: Use SecCertificateIsValid instead. */ +bool SecCertificateIsValidX(SecCertificateRef certificate, CFAbsoluteTime verifyTime) + __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_7, __MAC_10_9, __IPHONE_NA, __IPHONE_NA); + +#endif /* SEC_OS_OSX */ + +__END_DECLS + +#endif /* !_SECURITY_SECCERTIFICATEPRIV_H_ */ diff --git a/trust/SecCertificateRequest.h b/trust/SecCertificateRequest.h new file mode 100644 index 00000000..92b7515a --- /dev/null +++ b/trust/SecCertificateRequest.h @@ -0,0 +1,292 @@ +/* + * Copyright (c) 2002-2004,2008-2009,2011-2014,2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +/*! + @header SecCertificateRequest + SecCertificateRequest implements a way to issue a certificate request to a + certificate authority. +*/ + +#ifndef _SECURITY_SECCERTIFICATEREQUEST_H_ +#define _SECURITY_SECCERTIFICATEREQUEST_H_ + +#include +#include +#include + +#if SEC_OS_OSX +#include +#endif + +__BEGIN_DECLS + +#if SEC_OS_OSX + +struct SecCertificateRequestAttribute /* for optional oids */ +{ + CSSM_OID oid; + CSSM_DATA value; +}; +typedef struct SecCertificateRequestAttribute SecCertificateRequestAttribute; + +struct SecCertificateRequestAttributeList +{ + UInt32 count; + SecCertificateRequestAttribute *attr; +}; +typedef struct SecCertificateRequestAttributeList SecCertificateRequestAttributeList; + +/*! + @typedef SecCertificateRequestRef + @abstract Contains information about a certificate request. +*/ +typedef struct OpaqueSecCertificateRequestRef *SecCertificateRequestRef; + +/*! + @function SecCertificateRequestGetTypeID + Returns the type identifier of all SecCertificateRequest instances. +*/ +CFTypeID SecCertificateRequestGetTypeID(void); + +/*! + @function SecCertificateRequestCreate + + Create a certificate request operation based on a policy and certificate + type. If a policy is not specified, one will be chosen for the caller. + Once the requeste is created, a request reference is returned. + To submit the request call SecCertificateRequestSubmit(). + + @param policy A policy. + @param certificateType The certificate type (i.e. X509, PGP, etc). + These types are in cssmtype.h + @param requestType The identifier to the type of request to submit (i.e. + issue, verify, revoke, etc.). These are defined in cssmtype.h + @param privateKeyItemRef The keychain item private key to be used for this + certificate request. The private key item must be of class type + kSecAppleKeyItemClass. + @param attributeList An optional list of OIDs for the certificate request. + @param certRequest A returned reference to the certificate request. Call CFRelease when done with this certificate request. + @result errSecSuccess 0 No error. +*/ +OSStatus SecCertificateRequestCreate( + const CSSM_OID *policy, + CSSM_CERT_TYPE certificateType, + CSSM_TP_AUTHORITY_REQUEST_TYPE requestType, + SecKeyRef privateKeyItemRef, + SecKeyRef publicKeyItemRef, + const SecCertificateRequestAttributeList* attributeList, + SecCertificateRequestRef* certRequest); + +/*! + @function SecCertificateRequestSubmit + + Submit a certificate request to be processed by the Security framework. + Once the request is submitted, an estimated time is returned indicating + when the request results can be retrieved. Once the estimated time has + elapsed, obtain the result by calling SecCertificateRequestGetResult(). + + @param certRequest A reference to the certificate request. + @param estimatedTime The number of estimated seconds before the result + can be retrieved. + @result errSecSuccess 0 No error. +*/ +OSStatus SecCertificateRequestSubmit( + SecCertificateRequestRef certRequest, + sint32* estimatedTime); + +/*! + @function SecCertificateRequestGetType + Returns the certificate request type (i.e. issue, revoke, etc) for a given + certificate request item reference. + @param certRequestRef A reference to a submitted request. + @param requestType The returned request type. + @result errSecSuccess 0 No error. +*/ +OSStatus SecCertificateRequestGetType( + SecCertificateRequestRef certRequestRef, + CSSM_TP_AUTHORITY_REQUEST_TYPE* requestType); + +/*! + @function SecCertificateRequestGetResult + Get the results of a certificate request. If the request is still + pending, the estimated time will be returned which indicates when to + call this function again. + @param certRequestRef A reference for the submitted request. + @param keychain The keychain in which to store the new certificate (for + a new cert request) and the cert request item reference. Pass NULL + to specify the default keychain. + @param estimatedTime The number of estimated seconds before the result can + be retrieved. + @param certificateRef The returned certificate reference for a + CSSM_TP_AUTHORITY_REQUEST_CERTISSUE only. All other request types return + NULL here. Call CFRelease when done with this certificate reference. + @result errSecSuccess 0 No error. +*/ +OSStatus SecCertificateRequestGetResult( + SecCertificateRequestRef certRequestRef, + SecKeychainRef keychain, + sint32* estimatedTime, + SecCertificateRef* certificateRef); + +/*! + @function SecCertificateFindRequest + Find a pending certificate request and return a reference object + for it. The search criteria is based on the input parameters. + @param policy A policy. + @param certificateType The certificate type (i.e. X509, PGP, etc). + These types are in cssmtype.h + @param requestType The identifier to the type of request to find (i.e. + issue, verify, revoke, etc.). These are defined in cssmtype.h + @param privateKeyItemRef Optional private key to be used + for the certificate request. Matches the same argument as passed to + SecCertificateRequestCreate(). + @param publicKeyItemRef Optional public key to be used + for the certificate request. Matches the same argument as passed to + SecCertificateRequestCreate(). + @param attributeList An optional list of OID/value pairs for finding the + certificate request. + @param certRequest A returned reference to the certificate request. Call CFRelease when done with this reference. +*/ +OSStatus SecCertificateFindRequest( + const CSSM_OID *policy, + CSSM_CERT_TYPE certificateType, + CSSM_TP_AUTHORITY_REQUEST_TYPE requestType, + SecKeyRef privateKeyItemRef, + SecKeyRef publicKeyItemRef, + const SecCertificateRequestAttributeList* attributeList, + SecCertificateRequestRef* certRequest); + +/*! + @function SecCertificateRequestGetData + Get policy-specific data following a SecCertificateRequestSubmit. + @param certRequestRef A reference for the submitted request. + @param data Policy-specific data. + @result errSecSuccess 0 No error. +*/ + +OSStatus SecCertificateRequestGetData( + SecCertificateRequestRef certRequestRef, + CSSM_DATA *data); + + +#endif + +extern const void * kSecOidCommonName; +extern const void * kSecOidCountryName; +extern const void * kSecOidStateProvinceName; +extern const void * kSecOidLocalityName; +extern const void * kSecOidOrganization; +extern const void * kSecOidOrganizationalUnit; + +extern const unsigned char SecASN1PrintableString; +extern const unsigned char SecASN1UTF8String; + +/* + Parameter keys for certificate request generation: + @param kSecCSRChallengePassword CFStringRef + conversion to PrintableString or UTF8String needs to be possible. + @param kSecCertificateKeyUsage CFNumberRef + with key usage mask using kSecKeyUsage constants. + @param kSecSubjectAltName CFArrayRef of CFStringRef or CFDataRef + either dnsName or emailAddress (if contains @) or + ipAddress, ipv4 (4) or ipv6 (16) bytes + @param kSecCSRBasicContraintsPathLen CFNumberRef + if set will include basic constraints and mark it as + a CA cert. If 0 <= number < 256, specifies path length, otherwise + path length will be omitted. Basic contraints will always be + marked critical. + @param kSecCertificateExtensions CFDictionaryRef + if set all keys (strings with oids in dotted notation) will be added + as extensions with accompanying value in binary (CFDataRef) or + appropriate string (CFStringRef) type (based on used character set). + @param kSecCertificateExtensionsEncoded CFDictionaryRef + if set all keys (strings with oids in dotted notation) will be added + as extensions with accompanying value. It is assumed that the value + is a CFDataRef and is already properly encoded. This value will be + placed straight into the extension value OCTET STRING. +*/ +extern const void * kSecCSRChallengePassword; +extern const void * kSecSubjectAltName; +extern const void * kSecCertificateKeyUsage; +extern const void * kSecCSRBasicContraintsPathLen; +extern const void * kSecCertificateExtensions; +extern const void * kSecCertificateExtensionsEncoded; + +typedef struct { + const void *oid; /* kSecOid constant or CFDataRef with oid */ + unsigned char type; /* currently only SecASN1PrintableString */ + CFTypeRef value; /* CFStringRef -> ASCII, UTF8, CFDataRef -> binary */ +} SecATV; + +typedef SecATV *SecRDN; + +/* + @function SecGenerateCertificateRequest + @abstract Return a newly generated CSR for subject and keypair. + @param subject RDNs in the subject + @param num Number of RDNs + @param publicKey Public key + @param privateKey Private key + @discussion only handles RSA keypairs and uses a SHA-1 PKCS1 signature + @result On success, a newly allocated CSR, otherwise NULL + +Example for subject: + SecATV cn[] = { { kSecOidCommonName, SecASN1PrintableString, CFSTR("test") }, {} }; + SecATV c[] = { { kSecOidCountryName, SecASN1PrintableString, CFSTR("US") }, {} }; + SecATV o[] = { { kSecOidOrganization, SecASN1PrintableString, CFSTR("Apple Inc.") }, {} }; + SecRDN atvs[] = { cn, c, o, NULL }; +*/ +CFDataRef SecGenerateCertificateRequestWithParameters(SecRDN *subject, + CFDictionaryRef parameters, SecKeyRef publicKey, SecKeyRef privateKey) CF_RETURNS_RETAINED; + +CFDataRef SecGenerateCertificateRequest(CFArrayRef subject, + CFDictionaryRef parameters, SecKeyRef publicKey, SecKeyRef privateKey) CF_RETURNS_RETAINED; + +/* + @function SecVerifyCertificateRequest + @abstract validate a CSR and return contained information to certify + @param publicKey (optional/out) SecKeyRef public key to certify + @param challenge (optional/out) CFStringRef enclosed challenge + @param subject (optional/out) encoded subject RDNs + @param extensions (optional/out) encoded extensions +*/ +bool SecVerifyCertificateRequest(CFDataRef csr, SecKeyRef *publicKey, + CFStringRef *challenge, CFDataRef *subject, CFDataRef *extensions); + +SecCertificateRef +SecGenerateSelfSignedCertificate(CFArrayRef subject, CFDictionaryRef parameters, + SecKeyRef publicKey, SecKeyRef privateKey); + +SecCertificateRef +SecIdentitySignCertificate(SecIdentityRef issuer, CFDataRef serialno, + SecKeyRef publicKey, CFTypeRef subject, CFTypeRef extensions); + +/* PRIVATE */ + +CF_RETURNS_RETAINED +CFDataRef +SecGenerateCertificateRequestSubject(SecCertificateRef ca_certificate, CFArrayRef subject); + +__END_DECLS + +#endif /* _SECURITY_SECCERTIFICATEREQUEST_H_ */ diff --git a/OSX/libsecurity_keychain/lib/SecPolicy.h b/trust/SecPolicy.h similarity index 67% rename from OSX/libsecurity_keychain/lib/SecPolicy.h rename to trust/SecPolicy.h index eceb7c89..26bd586d 100644 --- a/OSX/libsecurity_keychain/lib/SecPolicy.h +++ b/trust/SecPolicy.h @@ -22,9 +22,9 @@ */ /*! - @header SecPolicy - The functions provided in SecPolicy.h provide an interface to various - X.509 certificate trust policies. + @header SecPolicy + The functions provided in SecPolicy.h provide an interface to various + X.509 certificate trust policies. */ #ifndef _SECURITY_SECPOLICY_H_ @@ -40,23 +40,23 @@ CF_ASSUME_NONNULL_BEGIN CF_IMPLICIT_BRIDGING_ENABLED /*! - @enum Policy Constants - @discussion Predefined constants used to specify a policy. - @constant kSecPolicyAppleX509Basic - @constant kSecPolicyAppleSSL - @constant kSecPolicyAppleSMIME - @constant kSecPolicyAppleEAP - @constant kSecPolicyAppleiChat - @constant kSecPolicyAppleIPsec - @constant kSecPolicyApplePKINITClient - @constant kSecPolicyApplePKINITServer - @constant kSecPolicyAppleCodeSigning - @constant kSecPolicyMacAppStoreReceipt - @constant kSecPolicyAppleIDValidation - @constant kSecPolicyAppleTimeStamping - @constant kSecPolicyAppleRevocation - @constant kSecPolicyApplePassbookSigning - @constant kSecPolicyApplePayIssuerEncryption + @enum Policy Constants + @discussion Predefined constants used to specify a policy. + @constant kSecPolicyAppleX509Basic + @constant kSecPolicyAppleSSL + @constant kSecPolicyAppleSMIME + @constant kSecPolicyAppleEAP + @constant kSecPolicyAppleiChat + @constant kSecPolicyAppleIPsec + @constant kSecPolicyApplePKINITClient + @constant kSecPolicyApplePKINITServer + @constant kSecPolicyAppleCodeSigning + @constant kSecPolicyMacAppStoreReceipt + @constant kSecPolicyAppleIDValidation + @constant kSecPolicyAppleTimeStamping + @constant kSecPolicyAppleRevocation + @constant kSecPolicyApplePassbookSigning + @constant kSecPolicyApplePayIssuerEncryption */ extern const CFStringRef kSecPolicyAppleX509Basic __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_7_0); @@ -102,7 +102,6 @@ extern const CFStringRef kSecPolicyApplePayIssuerEncryption Additional policy values which your code can optionally set: kSecPolicyName (name which must be matched) kSecPolicyClient (evaluate for client, rather than server) - kSecPolicyRevocationFlags (only valid for a revocation policy) kSecPolicyRevocationFlags (only valid for a revocation policy) kSecPolicyTeamIdentifier (only valid for a Passbook signing policy) @@ -182,25 +181,25 @@ SecPolicyRef SecPolicyCreateSSL(Boolean server, CFStringRef __nullable hostname) __OSX_AVAILABLE_STARTING(__MAC_10_6, __IPHONE_2_0); /*! - @enum Revocation Policy Constants - @abstract Predefined constants which allow you to specify how revocation - checking will be performed for a trust evaluation. - @constant kSecRevocationOCSPMethod If this flag is set, perform revocation - checking using OCSP (Online Certificate Status Protocol). - @constant kSecRevocationCRLMethod If this flag is set, perform revocation - checking using the CRL (Certificate Revocation List) method. - @constant kSecRevocationPreferCRL If this flag is set, then CRL revocation - checking will be preferred over OCSP (by default, OCSP is preferred.) - Note that this flag only matters if both revocation methods are specified. - @constant kSecRevocationRequirePositiveResponse If this flag is set, then - the policy will fail unless a verified positive response is obtained. If - the flag is not set, revocation checking is done on a "best attempt" basis, - where failure to reach the server is not considered fatal. - @constant kSecRevocationNetworkAccessDisabled If this flag is set, then - no network access is performed; only locally cached replies are consulted. - @constant kSecRevocationUseAnyAvailableMethod Specifies that either - OCSP or CRL may be used, depending on the method(s) specified in the - certificate and the value of kSecRevocationPreferCRL. + @enum Revocation Policy Constants + @abstract Predefined constants which allow you to specify how revocation + checking will be performed for a trust evaluation. + @constant kSecRevocationOCSPMethod If this flag is set, perform revocation + checking using OCSP (Online Certificate Status Protocol). + @constant kSecRevocationCRLMethod If this flag is set, perform revocation + checking using the CRL (Certificate Revocation List) method. + @constant kSecRevocationPreferCRL If this flag is set, then CRL revocation + checking will be preferred over OCSP (by default, OCSP is preferred.) + Note that this flag only matters if both revocation methods are specified. + @constant kSecRevocationRequirePositiveResponse If this flag is set, then + the policy will fail unless a verified positive response is obtained. If + the flag is not set, revocation checking is done on a "best attempt" basis, + where failure to reach the server is not considered fatal. + @constant kSecRevocationNetworkAccessDisabled If this flag is set, then + no network access is performed; only locally cached replies are consulted. + @constant kSecRevocationUseAnyAvailableMethod Specifies that either + OCSP or CRL may be used, depending on the method(s) specified in the + certificate and the value of kSecRevocationPreferCRL. */ CF_ENUM(CFOptionFlags) { kSecRevocationOCSPMethod = (1 << 0), @@ -213,32 +212,32 @@ CF_ENUM(CFOptionFlags) { }; /*! - @function SecPolicyCreateRevocation - @abstract Returns a policy object for checking revocation of certificates. - @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. - @param revocationFlags Flags to specify revocation checking options. - @discussion Use this function to create a revocation policy with behavior - specified by revocationFlags. See the "Revocation Policy Constants" section - for a description of these flags. Note: it is usually not necessary to - create a revocation policy yourself unless you wish to override default - system behavior (e.g. to force a particular method, or to disable - revocation checking entirely.) + @function SecPolicyCreateRevocation + @abstract Returns a policy object for checking revocation of certificates. + @result A policy object. The caller is responsible for calling CFRelease + on this when it is no longer needed. + @param revocationFlags Flags to specify revocation checking options. + @discussion Use this function to create a revocation policy with behavior + specified by revocationFlags. See the "Revocation Policy Constants" section + for a description of these flags. Note: it is usually not necessary to + create a revocation policy yourself unless you wish to override default + system behavior (e.g. to force a particular method, or to disable + revocation checking entirely.) */ __nullable SecPolicyRef SecPolicyCreateRevocation(CFOptionFlags revocationFlags) __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); /*! - @function SecPolicyCreateWithProperties - @abstract Returns a policy object based on an object identifier for the - policy type. See the "Policy Constants" section for a list of defined - policy object identifiers. - @param policyIdentifier The identifier for the desired policy type. - @param properties (Optional) A properties dictionary. See "Policy Value - Constants" for a list of currently defined property keys. - @result The returned policy reference, or NULL if the policy could not be - created. + @function SecPolicyCreateWithProperties + @abstract Returns a policy object based on an object identifier for the + policy type. See the "Policy Constants" section for a list of defined + policy object identifiers. + @param policyIdentifier The identifier for the desired policy type. + @param properties (Optional) A properties dictionary. See "Policy Value + Constants" for a list of currently defined property keys. + @result The returned policy reference, or NULL if the policy could not be + created. */ __nullable SecPolicyRef SecPolicyCreateWithProperties(CFTypeRef policyIdentifier, @@ -332,85 +331,85 @@ extern const CFStringRef kSecPolicyKU_DecipherOnly __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_NA); /*! - @function SecPolicyCreateWithOID - @abstract Returns a policy object based on an object identifier for the - policy type. See the "Policy Constants" section for a list of defined - policy object identifiers. - @param policyOID The OID of the desired policy. - @result The returned policy reference, or NULL if the policy could not be - created. - @discussion This function is deprecated in Mac OS X 10.9 and later; - use SecPolicyCreateWithProperties (or a more specific policy creation - function) instead. + @function SecPolicyCreateWithOID + @abstract Returns a policy object based on an object identifier for the + policy type. See the "Policy Constants" section for a list of defined + policy object identifiers. + @param policyOID The OID of the desired policy. + @result The returned policy reference, or NULL if the policy could not be + created. + @discussion This function is deprecated in Mac OS X 10.9 and later; + use SecPolicyCreateWithProperties (or a more specific policy creation + function) instead. */ __nullable SecPolicyRef SecPolicyCreateWithOID(CFTypeRef policyOID) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_7, __MAC_10_9, __IPHONE_NA, __IPHONE_NA); /*! - @function SecPolicyGetOID - @abstract Returns a policy's object identifier. - @param policyRef A policy reference. - @param oid On return, a pointer to the policy's object identifier. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is deprecated in Mac OS X 10.7 and later; - use SecPolicyCopyProperties instead. + @function SecPolicyGetOID + @abstract Returns a policy's object identifier. + @param policyRef A policy reference. + @param oid On return, a pointer to the policy's object identifier. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion This function is deprecated in Mac OS X 10.7 and later; + use SecPolicyCopyProperties instead. */ OSStatus SecPolicyGetOID(SecPolicyRef policyRef, CSSM_OID *oid) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA); /*! - @function SecPolicyGetValue - @abstract Returns a policy's value. - @param policyRef A policy reference. - @param value On return, a pointer to the policy's value. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is deprecated in Mac OS X 10.7 and later; - use SecPolicyCopyProperties instead. + @function SecPolicyGetValue + @abstract Returns a policy's value. + @param policyRef A policy reference. + @param value On return, a pointer to the policy's value. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion This function is deprecated in Mac OS X 10.7 and later; + use SecPolicyCopyProperties instead. */ OSStatus SecPolicyGetValue(SecPolicyRef policyRef, CSSM_DATA *value) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA); /*! - @function SecPolicySetValue - @abstract Sets a policy's value. - @param policyRef A policy reference. - @param value The value to be set into the policy object, replacing any - previous value. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is deprecated in Mac OS X 10.7 and later. Policy - instances should be considered read-only; in cases where your code would - consider changing properties of a policy, it should instead create a new - policy instance with the desired properties. + @function SecPolicySetValue + @abstract Sets a policy's value. + @param policyRef A policy reference. + @param value The value to be set into the policy object, replacing any + previous value. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion This function is deprecated in Mac OS X 10.7 and later. Policy + instances should be considered read-only; in cases where your code would + consider changing properties of a policy, it should instead create a new + policy instance with the desired properties. */ OSStatus SecPolicySetValue(SecPolicyRef policyRef, const CSSM_DATA *value) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA); /*! - @function SecPolicySetProperties - @abstract Sets a policy's properties. - @param policyRef A policy reference. - @param properties A properties dictionary. See "Policy Value Constants" - for a list of currently defined property keys. This dictionary replaces the - policy's existing properties, if any. Note that the policy OID (specified - by kSecPolicyOid) is a read-only property of the policy and cannot be set. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is deprecated in Mac OS X 10.9 and later. Policy - instances should be considered read-only; in cases where your code would - consider changing properties of a policy, it should instead create a new - policy instance with the desired properties. + @function SecPolicySetProperties + @abstract Sets a policy's properties. + @param policyRef A policy reference. + @param properties A properties dictionary. See "Policy Value Constants" + for a list of currently defined property keys. This dictionary replaces the + policy's existing properties, if any. Note that the policy OID (specified + by kSecPolicyOid) is a read-only property of the policy and cannot be set. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion This function is deprecated in Mac OS X 10.9 and later. Policy + instances should be considered read-only; in cases where your code would + consider changing properties of a policy, it should instead create a new + policy instance with the desired properties. */ OSStatus SecPolicySetProperties(SecPolicyRef policyRef, CFDictionaryRef properties) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_7, __MAC_10_9, __IPHONE_NA, __IPHONE_NA); /*! - @function SecPolicyGetTPHandle - @abstract Returns the CSSM trust policy handle for the given policy. - @param policyRef A policy reference. - @param tpHandle On return, a pointer to a value of type CSSM_TP_HANDLE. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is deprecated in Mac OS X 10.7 and later. + @function SecPolicyGetTPHandle + @abstract Returns the CSSM trust policy handle for the given policy. + @param policyRef A policy reference. + @param tpHandle On return, a pointer to a value of type CSSM_TP_HANDLE. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion This function is deprecated in Mac OS X 10.7 and later. */ OSStatus SecPolicyGetTPHandle(SecPolicyRef policyRef, CSSM_TP_HANDLE *tpHandle) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_2, __MAC_10_7, __IPHONE_NA, __IPHONE_NA); diff --git a/OSX/sec/Security/SecPolicyPriv.h b/trust/SecPolicyPriv.h similarity index 92% rename from OSX/sec/Security/SecPolicyPriv.h rename to trust/SecPolicyPriv.h index ee635e69..6d66769a 100644 --- a/OSX/sec/Security/SecPolicyPriv.h +++ b/trust/SecPolicyPriv.h @@ -30,6 +30,7 @@ #ifndef _SECURITY_SECPOLICYPRIV_H_ #define _SECURITY_SECPOLICYPRIV_H_ +#include #include #include #include @@ -97,6 +98,8 @@ CF_IMPLICIT_BRIDGING_ENABLED @constant kSecPolicyAppleMMCSCompatibilityServerAuth @constant kSecPolicyAppleSecureIOStaticAsset @constant kSecPolicyAppleWarsaw + @constant kSecPolicyAppleiCloudSetupServerAuth + @constant kSecPolicyAppleiCloudSetupCompatibilityServerAuth */ extern const CFStringRef kSecPolicyAppleMobileStore __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); @@ -206,6 +209,11 @@ extern const CFStringRef kSecPolicyAppleSecureIOStaticAsset __OSX_AVAILABLE(10.12.1) __IOS_AVAILABLE(10.1) __TVOS_AVAILABLE(10.0.1) __WATCHOS_AVAILABLE(3.1); extern const CFStringRef kSecPolicyAppleWarsaw __OSX_AVAILABLE(10.12.1) __IOS_AVAILABLE(10.1) __TVOS_AVAILABLE(10.0.1) __WATCHOS_AVAILABLE(3.1); +extern const CFStringRef kSecPolicyAppleiCloudSetupServerAuth + __OSX_AVAILABLE(10.12.4) __IOS_AVAILABLE(10.3) __TVOS_AVAILABLE(10.2) __WATCHOS_AVAILABLE(3.2); +extern const CFStringRef kSecPolicyAppleiCloudSetupCompatibilityServerAuth + __OSX_AVAILABLE(10.12.4) __IOS_AVAILABLE(10.3) __TVOS_AVAILABLE(10.2) __WATCHOS_AVAILABLE(3.2); + /*! @@ -253,6 +261,17 @@ extern const CFStringRef kSecPolicyLeafMarkerOid extern const CFStringRef kSecPolicyRootDigest __OSX_AVAILABLE_STARTING(__MAC_10_12, __IPHONE_10_0); +/*! + @enum Revocation Policy Constants + @abstract Predefined constants which allow you to specify how revocation + checking will be performed for a trust evaluation. + @constant kSecRevocationOnlineCheck If this flag is set, perform an online + revocation check, ignoring cached revocation results. This flag will not force + an online check if an online check was done within the last 5 minutes. Online + checks are only applicable to OCSP; this constant will not force a fresh + CRL download. + */ +extern const CFOptionFlags kSecRevocationOnlineCheck; /*! @function SecPolicyCreateApplePinned @@ -606,7 +625,7 @@ SecPolicyRef SecPolicyCreateLockdownPairing(void); @discussion This policy uses the Basic X.509 policy with no validity check and requires that the leaf has ExtendedKeyUsage extension with the CodeSigning OID. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateURLBag(void); @@ -622,7 +641,7 @@ SecPolicyRef SecPolicyCreateURLBag(void); * The intermediate has Common Name "Apple iPhone Certification Authority". * The leaf has Common Name "OTA Task Signing". @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateOTATasking(void); @@ -638,7 +657,7 @@ SecPolicyRef SecPolicyCreateOTATasking(void); * The intermediate has Common Name "Apple iPhone Certification Authority". * The leaf has Common Name "Asset Manifest Signing". @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateMobileAsset(void); @@ -654,7 +673,7 @@ SecPolicyRef SecPolicyCreateMobileAsset(void); or OID 1.2.840.113635.100.6.2.7. * The leaf has a marker extension with OID 1.2.840.113635.100.4.7. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateAppleIDAuthorityPolicy(void); @@ -673,7 +692,7 @@ SecPolicyRef SecPolicyCreateAppleIDAuthorityPolicy(void); * The leaf has a marker extension with OID 1.2.840.113635.100.6.11.1. * Revocation is checked via any available method. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateMacAppStoreReceipt(void); @@ -693,7 +712,7 @@ SecPolicyRef SecPolicyCreateMacAppStoreReceipt(void); * The leaf has ExtendedKeyUsage with OID 1.2.840.113635.100.4.14. * The leaf has a Organizational Unit matching the TeamID. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreatePassbookCardSigner(CFStringRef cardIssuer, @@ -711,7 +730,7 @@ SecPolicyRef SecPolicyCreatePassbookCardSigner(CFStringRef cardIssuer, * The leaf has KeyUsage with the DigitalSignature bit set. * The leaf has CertificatePolicy extension with OID 1.2.840.113635.100.5.12. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateMobileStoreSigner(void); @@ -728,7 +747,7 @@ SecPolicyRef SecPolicyCreateMobileStoreSigner(void); * The leaf has KeyUsage with the DigitalSignature bit set. * The leaf has CertificatePolicy extension with OID 1.2.840.113635.100.5.12.1. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateTestMobileStoreSigner(void); @@ -742,7 +761,7 @@ SecPolicyRef SecPolicyCreateTestMobileStoreSigner(void); * There are exactly 2 certs in the chain. * The leaf has KeyUsage with the KeyEncipherment bit set. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateEscrowServiceSigner(void); @@ -756,7 +775,7 @@ SecPolicyRef SecPolicyCreateEscrowServiceSigner(void); * There are exactly 2 certs in the chain. * The leaf has KeyUsage with the KeyEncipherment bit set. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreatePCSEscrowServiceSigner(void); @@ -870,7 +889,7 @@ SecPolicyRef SecPolicyCreateAppleIDValidationRecordSigningPolicy(void); * The leaf has a marker extension with OID 1.2.840.113635.100.6.30. * Revocation is checked via OCSP. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateAppleSMPEncryption(void); @@ -886,7 +905,7 @@ SecPolicyRef SecPolicyCreateAppleSMPEncryption(void); * The leaf has KeyUsage with the KeyEncipherment bit set. * Revocation is checked via OCSP. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateTestAppleSMPEncryption(void); @@ -905,7 +924,7 @@ SecPolicyRef SecPolicyCreateTestAppleSMPEncryption(void); * The leaf has KeyUsage with the DigitalSignature bit set. * The leaf has a marker extension with OID 1.2.840.113635.100.6.38.2. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateApplePPQSigning(void); @@ -925,7 +944,7 @@ SecPolicyRef SecPolicyCreateApplePPQSigning(void); * The leaf has KeyUsage with the DigitalSignature bit set. * The leaf has a marker extension with OID 1.2.840.113635.100.6.38.1. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateTestApplePPQSigning(void); @@ -935,7 +954,7 @@ SecPolicyRef SecPolicyCreateTestApplePPQSigning(void); @abstract Ensure we're appropriately pinned to the IDS service (SSL + Apple restrictions) @discussion This policy uses the SSL server policy. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateAppleIDSService(CFStringRef __nullable hostname); @@ -960,7 +979,7 @@ SecPolicyRef SecPolicyCreateAppleIDSService(CFStringRef __nullable hostname); * The leaf has ExtendedKeyUsage with the ServerAuth OID. * Revocation is checked via any available method. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateAppleIDSServiceContext(CFStringRef hostname, CFDictionaryRef __nullable context); @@ -985,7 +1004,7 @@ SecPolicyRef SecPolicyCreateAppleIDSServiceContext(CFStringRef hostname, CFDicti * The leaf has ExtendedKeyUsage with the ServerAuth OID. * Revocation is checked via any available method. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateApplePushService(CFStringRef hostname, CFDictionaryRef __nullable context); @@ -1003,7 +1022,7 @@ SecPolicyRef SecPolicyCreateApplePushService(CFStringRef hostname, CFDictionaryR * The leaf has ExtendedKeyUsage with the ServerAuth OID. * Revocation is checked via any available method. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateApplePushServiceLegacy(CFStringRef hostname); @@ -1025,7 +1044,7 @@ SecPolicyRef SecPolicyCreateApplePushServiceLegacy(CFStringRef hostname); * The leaf has ExtendedKeyUsage with the ServerAuth OID. * Revocation is checked via any available method. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateAppleMMCSService(CFStringRef hostname, CFDictionaryRef __nullable context); @@ -1072,7 +1091,7 @@ SecPolicyRef SecPolicyCreateAppleCompatibilityMMCSService(CFStringRef hostname) * The leaf has ExtendedKeyUsage with the ServerAuth OID. * Revocation is checked via any available method. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateAppleGSService(CFStringRef hostname, CFDictionaryRef __nullable context) @@ -1098,7 +1117,7 @@ SecPolicyRef SecPolicyCreateAppleGSService(CFStringRef hostname, CFDictionaryRef * The leaf has ExtendedKeyUsage with the ServerAuth OID. * Revocation is checked via any available method. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateApplePPQService(CFStringRef hostname, CFDictionaryRef __nullable context) @@ -1123,7 +1142,7 @@ SecPolicyRef SecPolicyCreateApplePPQService(CFStringRef hostname, CFDictionaryRe * The leaf has ExtendedKeyUsage with the ServerAuth OID. * Revocation is checked via any available method. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateAppleAST2Service(CFStringRef hostname, CFDictionaryRef __nullable context) @@ -1221,7 +1240,7 @@ SecPolicyRef SecPolicyCreateAppleFMiPService(CFStringRef hostname, CFDictionaryR * The leaf has ExtendedKeyUsage, if any, with the ServerAuth OID. * Revocation is checked via any available method. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateAppleSSLService(CFStringRef __nullable hostname); @@ -1232,7 +1251,7 @@ SecPolicyRef SecPolicyCreateAppleSSLService(CFStringRef __nullable hostname); @discussion This policy uses the Basic X.509 policy with validity check and requires the leaf has ExtendedKeyUsage with the TimeStamping OID. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateAppleTimeStamping(void); @@ -1249,7 +1268,7 @@ SecPolicyRef SecPolicyCreateAppleTimeStamping(void); * The leaf has KeyUsage with the KeyEncipherment bit set. * The leaf has a marker extension with OID 1.2.840.113635.100.6.39. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateApplePayIssuerEncryption(void) @@ -1267,7 +1286,7 @@ SecPolicyRef SecPolicyCreateApplePayIssuerEncryption(void) * The leaf has a marker extension with OID 1.2.840.113635.100.6.43. * Revocation is checked via OCSP. @result A policy object. The caller is responsible for calling CFRelease - on this when it is no longer needed. + on this when it is no longer needed. */ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateAppleATVVPNProfileSigning(void) @@ -1425,6 +1444,52 @@ __nullable CF_RETURNS_RETAINED SecPolicyRef SecPolicyCreateAppleSecureIOStaticAsset(void) __OSX_AVAILABLE(10.12.1) __IOS_AVAILABLE(10.1) __TVOS_AVAILABLE(10.0.1) __WATCHOS_AVAILABLE(3.1); +/*! + @function SecPolicyCreateAppleiCloudSetupService + @abstract Ensure we're appropriately pinned to the iCloud Setup service (SSL + Apple restrictions) + @param hostname Required; hostname to verify the certificate name against. + @param context Optional; if present, "AppleServerAuthenticationAllowUATiCloudSetup" with value + Boolean true will allow Test Apple roots and test OIDs on internal releases. + @discussion This policy uses the Basic X.509 policy with validity check + and pinning options: + * The chain is anchored to any of the production Apple Root CAs. + * The intermediate has a marker extension with OID 1.2.840.113635.100.6.2.12. + * The leaf has a marker extension with OID 1.2.840.113635.100.6.27.15.2 or, if + enabled, OID 1.2.840.113635.100.6.27.15.1. + * The leaf has the provided hostname in the DNSName of the SubjectAlternativeName + extension or Common Name. + * The leaf has ExtendedKeyUsage with the ServerAuth OID. + * Revocation is checked via any available method. + @result A policy object. The caller is responsible for calling CFRelease + on this when it is no longer needed. + */ +__nullable CF_RETURNS_RETAINED +SecPolicyRef SecPolicyCreateAppleiCloudSetupService(CFStringRef hostname, CFDictionaryRef __nullable context) + __OSX_AVAILABLE(10.12.4) __IOS_AVAILABLE(10.3) __TVOS_AVAILABLE(10.2) __WATCHOS_AVAILABLE(3.2); + +/*! + @function SecPolicyCreateAppleCompatibilityiCloudSetupService + @abstract Ensure we're appropriately pinned to the iCloud Setup service using compatibility certs + @param hostname Required; hostname to verify the certificate name against. + @discussion This policy uses the Basic X.509 policy with validity check + and pinning options: + * The chain is anchored to the GeoTrust Global CA + * The intermediate has a subject public key info hash matching the public key of + the Apple IST CA G1 intermediate. + * The chain length is 3. + * The leaf has a marker extension with OID 1.2.840.113635.100.6.27.15.2 or + OID 1.2.840.113635.100.6.27.15.1. + * The leaf has the provided hostname in the DNSName of the SubjectAlternativeName + extension or Common Name. + * The leaf is checked against the Black and Gray lists. + * The leaf has ExtendedKeyUsage with the ServerAuth OID. + @result A policy object. The caller is responsible for calling CFRelease + on this when it is no longer needed. + */ +__nullable CF_RETURNS_RETAINED +SecPolicyRef SecPolicyCreateAppleCompatibilityiCloudSetupService(CFStringRef hostname) + __OSX_AVAILABLE(10.12.4) __IOS_AVAILABLE(10.3) __TVOS_AVAILABLE(10.2) __WATCHOS_AVAILABLE(3.2); + CF_IMPLICIT_BRIDGING_DISABLED CF_ASSUME_NONNULL_END @@ -1438,29 +1503,29 @@ CF_ASSUME_NONNULL_BEGIN CF_IMPLICIT_BRIDGING_ENABLED /*! - @function SecPolicyCopy - @abstract Returns a copy of a policy reference based on certificate type and OID. - @param certificateType A certificate type. - @param policyOID The OID of the policy you want to find. This is a required parameter. See oidsalg.h to see a list of policy OIDs. - @param policy The returned policy reference. This is a required parameter. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is deprecated in Mac OS X 10.7 and later; - to obtain a policy reference, use one of the SecPolicyCreate* functions in SecPolicy.h. + @function SecPolicyCopy + @abstract Returns a copy of a policy reference based on certificate type and OID. + @param certificateType A certificate type. + @param policyOID The OID of the policy you want to find. This is a required parameter. See oidsalg.h to see a list of policy OIDs. + @param policy The returned policy reference. This is a required parameter. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion This function is deprecated in Mac OS X 10.7 and later; + to obtain a policy reference, use one of the SecPolicyCreate* functions in SecPolicy.h. */ OSStatus SecPolicyCopy(CSSM_CERT_TYPE certificateType, const CSSM_OID *policyOID, SecPolicyRef * __nonnull CF_RETURNS_RETAINED policy) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_3, __MAC_10_7, __IPHONE_NA, __IPHONE_NA); /*! - @function SecPolicyCopyAll - @abstract Returns an array of all known policies based on certificate type. - @param certificateType A certificate type. This is a optional parameter. Pass CSSM_CERT_UNKNOWN if the certificate type is unknown. - @param policies The returned array of policies. This is a required parameter. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function is deprecated in Mac OS X 10.7 and later; - to obtain a policy reference, use one of the SecPolicyCreate* functions in SecPolicy.h. (Note: there is normally - no reason to iterate over multiple disjointed policies, except to provide a way to edit trust settings for each - policy, as is done in certain certificate UI views. In that specific case, your code should call SecPolicyCreateWithOID - for each desired policy from the list of supported OID constants in SecPolicy.h.) + @function SecPolicyCopyAll + @abstract Returns an array of all known policies based on certificate type. + @param certificateType A certificate type. This is a optional parameter. Pass CSSM_CERT_UNKNOWN if the certificate type is unknown. + @param policies The returned array of policies. This is a required parameter. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion This function is deprecated in Mac OS X 10.7 and later; + to obtain a policy reference, use one of the SecPolicyCreate* functions in SecPolicy.h. (Note: there is normally + no reason to iterate over multiple disjointed policies, except to provide a way to edit trust settings for each + policy, as is done in certain certificate UI views. In that specific case, your code should call SecPolicyCreateWithOID + for each desired policy from the list of supported OID constants in SecPolicy.h.) */ OSStatus SecPolicyCopyAll(CSSM_CERT_TYPE certificateType, CFArrayRef * __nonnull CF_RETURNS_RETAINED policies) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_3, __MAC_10_7, __IPHONE_NA, __IPHONE_NA); diff --git a/OSX/sec/Security/SecTrust.h b/trust/SecTrust.h similarity index 99% rename from OSX/sec/Security/SecTrust.h rename to trust/SecTrust.h index de8a85cd..2bdb7b97 100644 --- a/OSX/sec/Security/SecTrust.h +++ b/trust/SecTrust.h @@ -152,7 +152,6 @@ extern const CFStringRef kSecPropertyTypeError @constant kSecTrustCertificateTransparencyWhiteList This key will be present and have a value of kCFBooleanTrue if this chain is EV, not CT qualified, but included of the CT WhiteList. - */ extern const CFStringRef kSecTrustEvaluationDate __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0); @@ -388,9 +387,9 @@ OSStatus SecTrustGetTrustResult(SecTrustRef trust, been evaluated. @param trust A reference to the trust object which has been evaluated. @result The certificate's public key, or NULL if it the public key could - not be extracted (this can happen with DSA certificate chains if the - parameters in the chain cannot be found). The caller is responsible - for calling CFRelease on the returned key when it is no longer needed. + not be extracted (this can happen if the public key algorithm is not + supported). The caller is responsible for calling CFRelease on the + returned key when it is no longer needed. */ __nullable SecKeyRef SecTrustCopyPublicKey(SecTrustRef trust) diff --git a/OSX/libsecurity_keychain/lib/SecTrustPriv.h b/trust/SecTrustPriv.h similarity index 68% rename from OSX/libsecurity_keychain/lib/SecTrustPriv.h rename to trust/SecTrustPriv.h index 437d847c..441b0220 100644 --- a/OSX/libsecurity_keychain/lib/SecTrustPriv.h +++ b/trust/SecTrustPriv.h @@ -22,9 +22,9 @@ */ /*! - @header SecTrustPriv - The functions and data types in SecTrustPriv implement trust computation - and allow the user to apply trust decisions to the trust configuration. + @header SecTrustPriv + The functions and data types in SecTrustPriv implement trust computation + and allow the user to apply trust decisions to the trust configuration. */ #ifndef _SECURITY_SECTRUSTPRIV_H_ @@ -80,25 +80,25 @@ extern const CFStringRef kSecTrustInfoCertificateTransparencyWhiteListKey; reason code values are described in RFC 5280, section 5.3.1. */ extern const CFStringRef kSecTrustResultDetails; -/*__OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_9_0);*/ + /*__OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_9_0);*/ extern const CFStringRef kSecTrustRevocationReason; -/*__OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);*/ + /*__OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);*/ /*! - @function SecTrustCopySummaryPropertiesAtIndex - @abstract Return a property array for the certificate. - @param trust A reference to the trust object to evaluate. - @param ix The index of the requested certificate. Indices run from 0 - (leaf) to the anchor (or last certificate found if no anchor was found). - @result A property array. It is the caller's responsibility to CFRelease - the returned array when it is no longer needed. This function returns a - short summary description of the certificate in question. The property - at index 0 of the array might also include general information about the - entire chain's validity in the context of this trust evaluation. - - @discussion Returns a property array for this trust certificate. A property - array is an array of CFDictionaryRefs. Each dictionary (we call it a - property for short) has the following keys: + @function SecTrustCopySummaryPropertiesAtIndex + @abstract Return a property array for the certificate. + @param trust A reference to the trust object to evaluate. + @param ix The index of the requested certificate. Indices run from 0 + (leaf) to the anchor (or last certificate found if no anchor was found). + @result A property array. It is the caller's responsibility to CFRelease + the returned array when it is no longer needed. This function returns a + short summary description of the certificate in question. The property + at index 0 of the array might also include general information about the + entire chain's validity in the context of this trust evaluation. + + @discussion Returns a property array for this trust certificate. A property + array is an array of CFDictionaryRefs. Each dictionary (we call it a + property for short) has the following keys: kSecPropertyKeyType This key's value determines how this property should be displayed. Its associated value is one of the @@ -155,35 +155,34 @@ extern const CFStringRef kSecTrustRevocationReason; kSecPropertyKeyLabel Non localized key (label) for this value. This is only present for properties with fixed label names. - @param certificate A reference to the certificate to evaluate. - @result A property array. It is the caller's responsability to CFRelease - the returned array when it is no longer needed. + @result A property array. It is the caller's responsability to CFRelease + the returned array when it is no longer needed. */ __nullable CF_RETURNS_RETAINED CFArrayRef SecTrustCopySummaryPropertiesAtIndex(SecTrustRef trust, CFIndex ix); /*! - @function SecTrustCopyDetailedPropertiesAtIndex - @abstract Return a property array for the certificate. - @param trust A reference to the trust object to evaluate. - @param ix The index of the requested certificate. Indices run from 0 - (leaf) to the anchor (or last certificate found if no anchor was found). - @result A property array. It is the caller's responsibility to CFRelease - the returned array when it is no longer needed. - See SecTrustCopySummaryPropertiesAtIndex on how to intepret this array. - Unlike that function call this function returns a detailed description + @function SecTrustCopyDetailedPropertiesAtIndex + @abstract Return a property array for the certificate. + @param trust A reference to the trust object to evaluate. + @param ix The index of the requested certificate. Indices run from 0 + (leaf) to the anchor (or last certificate found if no anchor was found). + @result A property array. It is the caller's responsibility to CFRelease + the returned array when it is no longer needed. + See SecTrustCopySummaryPropertiesAtIndex on how to intepret this array. + Unlike that function call this function returns a detailed description of the certificate in question. */ __nullable CF_RETURNS_RETAINED CFArrayRef SecTrustCopyDetailedPropertiesAtIndex(SecTrustRef trust, CFIndex ix); /*! - @function SecTrustCopyInfo - @abstract Return a dictionary with additional information about the - evaluated certificate chain for use by clients. - @param trust A reference to an evaluated trust object. - @discussion Returns a dictionary for this trust evaluation. This - dictionary may have the following keys: + @function SecTrustCopyInfo + @abstract Return a dictionary with additional information about the + evaluated certificate chain for use by clients. + @param trust A reference to an evaluated trust object. + @discussion Returns a dictionary for this trust evaluation. This + dictionary may have the following keys: kSecTrustInfoExtendedValidationKey this key will be present and have a value of kCFBooleanTrue if this chain was validated for EV. @@ -204,18 +203,21 @@ CFArrayRef SecTrustCopyDetailedPropertiesAtIndex(SecTrustRef trust, CFIndex ix); which the revocation info for one of the certificates in this chain might change. - @result A dictionary with various fields that can be displayed to the user, - or NULL if no additional info is available or the trust has not yet been - validated. The caller is responsible for calling CFRelease on the value - returned when it is no longer needed. + @result A dictionary with various fields that can be displayed to the user, + or NULL if no additional info is available or the trust has not yet been + validated. The caller is responsible for calling CFRelease on the value + returned when it is no longer needed. */ __nullable CF_RETURNS_RETAINED CFDictionaryRef SecTrustCopyInfo(SecTrustRef trust); /* For debugging purposes. */ -__nullable CF_RETURNS_RETAINED +__nullable CFArrayRef SecTrustGetDetails(SecTrustRef trust); +__nullable CF_RETURNS_RETAINED +CFArrayRef SecTrustCopyFilteredDetails(SecTrustRef trust); + /* For debugging purposes. */ __nullable CF_RETURNS_RETAINED CFStringRef SecTrustCopyFailureDescription(SecTrustRef trust); @@ -291,7 +293,7 @@ CFDataRef SecTrustSerialize(SecTrustRef trust, CFErrorRef *error) /*! @function SecTrustDeserialize @abstract Creates a trust object from the serialized data - @param serialiedTrust A reference to the serialized trust object + @param serializedTrust A reference to the serialized trust object @param error A pointer to an error. @result A trust object @discussion This function is intended to be used to share SecTrustRefs between @@ -304,7 +306,7 @@ SecTrustRef SecTrustDeserialize(CFDataRef serializedTrust, CFErrorRef *error) /*! @function SecTrustGetTrustExceptionsArray - @abstract Return the exceptions array current set in the trust object + @abstract Return the exceptions array currently set in the trust object @param trust A reference to the trust object @result The array of exceptions. @discussion This function returns an array of exceptions that was previously set @@ -314,6 +316,28 @@ SecTrustRef SecTrustDeserialize(CFDataRef serializedTrust, CFErrorRef *error) __nullable CFArrayRef SecTrustGetTrustExceptionsArray(SecTrustRef trust) __OSX_AVAILABLE(__MAC_10_12) __IOS_AVAILABLE(__IPHONE_10_0) __TVOS_AVAILABLE(__TVOS_10_0) __WATCHOS_AVAILABLE(__WATCHOS_3_0); +/*! + @function SecTrustCopyInputCertificates + @abstract Return the array of certificates currently set in the trust object + @param trust A reference to the trust object + @param certificates On return, an array of the certificates used by this trust. + Call the CFRelease function to release this reference. + @result A result code. See "Security Error Codes" (SecBase.h) +*/ +OSStatus SecTrustCopyInputCertificates(SecTrustRef trust, CFArrayRef * _Nonnull CF_RETURNS_RETAINED certificates) +__OSX_AVAILABLE(10.12.4) __IOS_AVAILABLE(10.3) __TVOS_AVAILABLE(10.2) __WATCHOS_AVAILABLE(3.2); + +/*! + @function SecTrustAddToInputCertificates + @abstract Add certificate(s) to the currently set certificates in the trust object + @param trust A reference to the trust object + @param certificates The group of certificates to add. This can either be a CFArrayRef + of SecCertificateRef objects or a single SecCertificateRef. + @result A result code. See "Security Error Codes" (SecBase.h) + */ +OSStatus SecTrustAddToInputCertificates(SecTrustRef trust, CFTypeRef _Nonnull certificates) + __OSX_AVAILABLE(10.12.4) __IOS_AVAILABLE(10.3) __TVOS_AVAILABLE(10.2) __WATCHOS_AVAILABLE(3.2); + CF_IMPLICIT_BRIDGING_DISABLED CF_ASSUME_NONNULL_END @@ -325,83 +349,91 @@ CF_ASSUME_NONNULL_END CF_ASSUME_NONNULL_BEGIN CF_IMPLICIT_BRIDGING_ENABLED +#if SEC_OS_IPHONE +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wfour-char-constants" +#endif /* SEC_OS_IPHONE */ /* - unique keychain item attributes for user trust records. + unique keychain item attributes for user trust records. */ enum { - kSecTrustCertAttr = 'tcrt', - kSecTrustPolicyAttr = 'tpol', + kSecTrustCertAttr = 'tcrt', + kSecTrustPolicyAttr = 'tpol', /* Leopard and later */ - kSecTrustPubKeyAttr = 'tpbk', - kSecTrustSignatureAttr = 'tsig' + kSecTrustPubKeyAttr = 'tpbk', + kSecTrustSignatureAttr = 'tsig' }; +#if SEC_OS_IPHONE +#pragma clang diagnostic pop +#endif /* SEC_OS_IPHONE */ + /*! - @function SecTrustGetUserTrust - @abstract Gets the user-specified trust settings of a certificate and policy. - @param certificate A reference to a certificate. - @param policy A reference to a policy. - @param trustSetting On return, a pointer to the user specified trust settings. - @result A result code. See "Security Error Codes" (SecBase.h). - @availability Mac OS X version 10.4. Deprecated in Mac OS X version 10.5. + @function SecTrustGetUserTrust + @abstract Gets the user-specified trust settings of a certificate and policy. + @param certificate A reference to a certificate. + @param policy A reference to a policy. + @param trustSetting On return, a pointer to the user specified trust settings. + @result A result code. See "Security Error Codes" (SecBase.h). + @availability Mac OS X version 10.4. Deprecated in Mac OS X version 10.5. */ OSStatus SecTrustGetUserTrust(SecCertificateRef __nullable certificate, SecPolicyRef __nullable policy, SecTrustUserSetting * __nullable trustSetting) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_5, __IPHONE_NA, __IPHONE_NA); /*! - @function SecTrustSetUserTrust - @abstract Sets the user-specified trust settings of a certificate and policy. - @param certificate A reference to a certificate. - @param policy A reference to a policy. - @param trustSetting The user-specified trust settings. - @result A result code. See "Security Error Codes" (SecBase.h). - @availability Mac OS X version 10.4. Deprecated in Mac OS X version 10.5. - @discussion as of Mac OS version 10.5, this will result in a call to - SecTrustSettingsSetTrustSettings(). + @function SecTrustSetUserTrust + @abstract Sets the user-specified trust settings of a certificate and policy. + @param certificate A reference to a certificate. + @param policy A reference to a policy. + @param trustSetting The user-specified trust settings. + @result A result code. See "Security Error Codes" (SecBase.h). + @availability Mac OS X version 10.4. Deprecated in Mac OS X version 10.5. + @discussion as of Mac OS version 10.5, this will result in a call to + SecTrustSettingsSetTrustSettings(). */ OSStatus SecTrustSetUserTrust(SecCertificateRef __nullable certificate, SecPolicyRef __nullable policy, SecTrustUserSetting trustSetting) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_5, __IPHONE_NA, __IPHONE_NA); /*! - @function SecTrustSetUserTrustLegacy - @abstract Sets the user-specified trust settings of a certificate and policy. - @param certificate A reference to a certificate. - @param policy A reference to a policy. - @param trustSetting The user-specified trust settings. - @result A result code. See "Security Error Codes" (SecBase.h). - - @This is the private version of what used to be SecTrustSetUserTrust(); it operates - on UserTrust entries as that function used to. The current SecTrustSetUserTrust() - function operated on Trust Settings. + @function SecTrustSetUserTrustLegacy + @abstract Sets the user-specified trust settings of a certificate and policy. + @param certificate A reference to a certificate. + @param policy A reference to a policy. + @param trustSetting The user-specified trust settings. + @result A result code. See "Security Error Codes" (SecBase.h). + + @This is the private version of what used to be SecTrustSetUserTrust(); it operates + on UserTrust entries as that function used to. The current SecTrustSetUserTrust() + function operated on Trust Settings. */ OSStatus SecTrustSetUserTrustLegacy(SecCertificateRef __nullable certificate, SecPolicyRef __nullable policy, SecTrustUserSetting trustSetting) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_5, __MAC_10_12, __IPHONE_NA, __IPHONE_NA); /*! - @function SecTrustGetCSSMAnchorCertificates - @abstract Retrieves the CSSM anchor certificates. - @param cssmAnchors A pointer to an array of anchor certificates. - @param cssmAnchorCount A pointer to the number of certificates in anchors. - @result A result code. See "Security Error Codes" (SecBase.h). - @availability Mac OS X version 10.4. Deprecated in Mac OS X version 10.5. + @function SecTrustGetCSSMAnchorCertificates + @abstract Retrieves the CSSM anchor certificates. + @param cssmAnchors A pointer to an array of anchor certificates. + @param cssmAnchorCount A pointer to the number of certificates in anchors. + @result A result code. See "Security Error Codes" (SecBase.h). + @availability Mac OS X version 10.4. Deprecated in Mac OS X version 10.5. */ OSStatus SecTrustGetCSSMAnchorCertificates(const CSSM_DATA * __nullable * __nullable cssmAnchors, uint32 *cssmAnchorCount) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_5, __IPHONE_NA, __IPHONE_NA); /*! - @function SecTrustCopyExtendedResult - @abstract Gets the extended trust result after an evaluation has been performed. - @param trust A trust reference. - @param result On return, result points to a CFDictionaryRef containing extended trust results (if no error occurred). - The caller is responsible for releasing this dictionary with CFRelease when finished with it. - @result A result code. See "Security Error Codes" (SecBase.h). - @discussion This function may only be used after SecTrustEvaluate has been called for the trust reference, otherwise - errSecTrustNotAvailable is returned. If the certificate is not an extended validation certificate, there is - no extended result data and errSecDataNotAvailable is returned. Currently, only one dictionary key is defined - (kSecEVOrganizationName). - - Note: this function will be deprecated in a future release of OS X. Your - code should use SecTrustCopyResult to obtain the trust results dictionary. + @function SecTrustCopyExtendedResult + @abstract Gets the extended trust result after an evaluation has been performed. + @param trust A trust reference. + @param result On return, result points to a CFDictionaryRef containing extended trust results (if no error occurred). + The caller is responsible for releasing this dictionary with CFRelease when finished with it. + @result A result code. See "Security Error Codes" (SecBase.h). + @discussion This function may only be used after SecTrustEvaluate has been called for the trust reference, otherwise + errSecTrustNotAvailable is returned. If the certificate is not an extended validation certificate, there is + no extended result data and errSecDataNotAvailable is returned. Currently, only one dictionary key is defined + (kSecEVOrganizationName). + + Note: this function will be deprecated in a future release of OS X. Your + code should use SecTrustCopyResult to obtain the trust results dictionary. */ OSStatus SecTrustCopyExtendedResult(SecTrustRef trust, CFDictionaryRef * __nonnull CF_RETURNS_RETAINED result) __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_5, __MAC_10_12, __IPHONE_NA, __IPHONE_NA); diff --git a/trust/SecTrustSettings.h b/trust/SecTrustSettings.h new file mode 100644 index 00000000..48a2eb74 --- /dev/null +++ b/trust/SecTrustSettings.h @@ -0,0 +1,318 @@ +/* + * Copyright (c) 2006,2007,2011,2012,2014-2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +/*! + @header SecTrustSettings + The functions and data types in SecTrustSettings implement a way to + set and retrive trustability of certificates. +*/ + +#ifndef _SECURITY_SECTRUSTSETTINGS_H_ +#define _SECURITY_SECTRUSTSETTINGS_H_ + +#include +#include +#include +#include + +#if SEC_OS_OSX +#include +#include +#include +#endif /* SEC_OS_OSX */ + +__BEGIN_DECLS + +#if SEC_OS_OSX_INCLUDES +CF_ASSUME_NONNULL_BEGIN +#endif + +/* + * Any certificate (cert) which resides in a keychain can have associated with + * it a set of Trust Settings. Trust Settings specify conditions in which a + * given cert can be trusted or explicitly distrusted. A "trusted" cert is + * either a root (self-signed) cert that, when a cert chain verifies back to that + * root, the entire cert chain is trusted; or a non-root cert that does not need + * to verify to a trusted root cert (which is normally the case when verifying a + * cert chain). An "explicitly distrusted" cert is one which will, when encountered + * during the evaluation of a cert chain, cause immediate and unconditional failure + * of the verify operation. + * + * Trust Settings are configurable by the user; they can apply on three levels + * (called domains): + * + * -- Per-user. + * -- Locally administered, system-wide. Administrator privileges are required + * to make changes to this domain. + * -- System. These Trust Settings are immutable and comprise the set of trusted + * root certificates supplied in Mac OS X. + * + * Per-user Trust Settings override locally administered Trust Settings, which + * in turn override the System Trust Settings. + * + * Each cert's Trust Settings are expressed as a CFArray which includes any + * number (including zero) of CFDictionaries, each of which comprises one set of + * Usage Constraints. Each Usage Constraints dictionary contains zero or one of + * each the following components: + * + * key = kSecTrustSettingsPolicy On OSX, value = SecPolicyRef + On iOS, value = policy OID as CFString + * + * key = kSecTrustSettingsApplication value = SecTrustedApplicationRef + * key = kSecTrustSettingsPolicyString value = CFString, policy-specific + * key = kSecTrustSettingsKeyUsage value = CFNumber, an SInt32 key usage + * + * A given Usage Constraints dictionary applies to a given cert if *all* of the + * usage constraint components specified in the dictionary match the usage of + * the cert being evaluated; when this occurs, the value of the + * kSecTrustSettingsResult entry in the dictionary, shown below, is the effective + * trust setting for the cert. + * + * key = kSecTrustSettingsResult value = CFNumber, an SInt32 SecTrustSettingsResult + * + * The overall Trust Settings of a given cert are the sum of all such Usage + * Constraints CFDictionaries: Trust Settings for a given usage apply if *any* + * of the CFDictionaries in the cert's Trust Settings array satisfies + * the specified usage. Thus, when a cert has multiple Usage Constraints + * dictionaries in its Trust Settings array, the overall Trust Settings + * for the cert are + * + * (Usage Constraint 0 component 0 AND Usage Constraint 0 component 1 ...) + * -- OR -- + * (Usage Constraint 1 component 0 AND Usage Constraint 1 component 1 ...) + * -- OR -- + * ... + * + * Notes on the various Usage Constraints components: + * + * kSecTrustSettingsPolicy Specifies a cert verification policy, e.g., SSL, + * SMIME, etc, using Policy Constants + * kSecTrustSettingsApplication Specifies the application performing the cert + * verification. + * kSecTrustSettingsPolicyString Policy-specific. For the SMIME policy, this is + * an email address. + * For the SSL policy, this is a host name. + * kSecTrustSettingsKeyUsage A bitfield indicating key operations (sign, + * encrypt, etc.) for which this Usage Constraint + * apply. Values are defined below as the + * SecTrustSettingsKeyUsage enum. + * kSecTrustSettingsResult The resulting trust value. If not present this has a + * default of kSecTrustSettingsResultTrustRoot, meaning + * "trust this root cert". Other legal values are: + * kSecTrustSettingsResultTrustAsRoot : trust non-root + * cert as if it were a trusted root. + * kSecTrustSettingsResultDeny : explicitly distrust this + * cert. + * kSecTrustSettingsResultUnspecified : neither trust nor + * distrust; can be used to specify an "Allowed error" + * (see below) without assigning trust to a specific + * cert. + * + * Another optional component in a Usage Constraints dictionary is a CSSM_RETURN + * which, if encountered during certificate verification, is ignored for that + * cert. These "allowed error" values are constrained by Usage Constraints as + * described above; a Usage Constraint dictionary with no constraints but with + * an Allowed Error value causes that error to always be allowed when the cert + * is being evaluated. + * + * The "allowed error" entry in a Usage Constraints dictionary is formatted + * as follows: + * + * key = kSecTrustSettingsAllowedError value = CFNumber, an SInt32 CSSM_RETURN + * + * Note that if kSecTrustSettingsResult value of kSecTrustSettingsResultUnspecified + * is *not* present for a Usage Constraints dictionary with no Usage + * Constraints, the default of kSecTrustSettingsResultTrustRoot is assumed. To + * specify a kSecTrustSettingsAllowedError without explicitly trusting (or + * distrusting) the associated cert, specify kSecTrustSettingsResultUnspecified + * for the kSecTrustSettingsResult component. + * + * Note that an empty Trust Settings array means "always trust this cert, + * with a resulting kSecTrustSettingsResult of kSecTrustSettingsResultTrustRoot". + * An empty Trust Settings array is definitely not the same as *no* Trust + * Settings, which means "this cert must be verified to a known trusted cert". + * + * Note the distinction between kSecTrustSettingsResultTrustRoot and + * kSecTrustSettingsResultTrustAsRoot; the former can only be applied to + * root (self-signed) certs; the latter can only be applied to non-root + * certs. This also means that an empty TrustSettings array for a non-root + * cert is invalid, since the default value for kSecTrustSettingsResult is + * kSecTrustSettingsResultTrustRoot, which is invalid for a non-root cert. + * + * Authentication + * -------------- + * + * When making changes to the per-user Trust Settings, the user will be + * prompted with an alert panel asking for authentication via user name a + * password (or other credentials normally used for login). This means + * that it is not possible to modify per-user Trust Settings when not + * running in a GUI environment (i.e. the user is not logged in via + * Loginwindow). + * + * When making changes to the system-wide Trust Settings, the user will be + * prompted with an alert panel asking for an administrator's name and + * password, unless the calling process is running as root in which case + * no futher authentication is needed. + */ + +/* + * The keys in one Usage Constraints dictionary. + */ +#define kSecTrustSettingsPolicy CFSTR("kSecTrustSettingsPolicy") +#define kSecTrustSettingsApplication CFSTR("kSecTrustSettingsApplication") +#define kSecTrustSettingsPolicyString CFSTR("kSecTrustSettingsPolicyString") +#define kSecTrustSettingsKeyUsage CFSTR("kSecTrustSettingsKeyUsage") +#define kSecTrustSettingsAllowedError CFSTR("kSecTrustSettingsAllowedError") +#define kSecTrustSettingsResult CFSTR("kSecTrustSettingsResult") + +/* + * Key usage bits, the value for Usage Constraints key kSecTrustSettingsKeyUsage. + */ +typedef CF_OPTIONS(uint32_t, SecTrustSettingsKeyUsage) { + /* sign/verify data */ + kSecTrustSettingsKeyUseSignature = 0x00000001, + /* bulk encryption */ + kSecTrustSettingsKeyUseEnDecryptData = 0x00000002, + /* key wrap/unwrap */ + kSecTrustSettingsKeyUseEnDecryptKey = 0x00000004, + /* sign/verify cert */ + kSecTrustSettingsKeyUseSignCert = 0x00000008, + /* sign/verify CRL and OCSP */ + kSecTrustSettingsKeyUseSignRevocation = 0x00000010, + /* key exchange, e.g., Diffie-Hellman */ + kSecTrustSettingsKeyUseKeyExchange = 0x00000020, + /* any usage (the default if this value is not specified) */ + kSecTrustSettingsKeyUseAny = 0xffffffff +}; + +/*! + @enum SecTrustSettingsResult + @abstract Result of a trust settings evaluation. +*/ +typedef CF_ENUM(uint32_t, SecTrustSettingsResult) { + kSecTrustSettingsResultInvalid = 0, /* Never valid in a Trust Settings array or + * in an API call. */ + kSecTrustSettingsResultTrustRoot, /* Root cert is explicitly trusted */ + kSecTrustSettingsResultTrustAsRoot, /* Non-root cert is explicitly trusted */ + kSecTrustSettingsResultDeny, /* Cert is explicitly distrusted */ + kSecTrustSettingsResultUnspecified /* Neither trusted nor distrusted; evaluation + * proceeds as usual */ +}; + +/* + * Specify user, local administrator, or system domain Trust Settings. + * Note that kSecTrustSettingsDomainSystem settings are read-only, even by + * root. + */ +typedef CF_ENUM(uint32_t, SecTrustSettingsDomain) { + kSecTrustSettingsDomainUser = 0, + kSecTrustSettingsDomainAdmin, + kSecTrustSettingsDomainSystem +}; + +/* + * This constant is deprecated and ineffective as of macOS 10.12. + * Please discontinue use. + */ +#define kSecTrustSettingsDefaultRootCertSetting ((SecCertificateRef)-1) + +#if SEC_OS_OSX_INCLUDES +/* + * Obtain Trust Settings for specified cert. + * Caller must CFRelease() the returned CFArray. + * Returns errSecItemNotFound if no Trust settings exist for the cert. + */ +OSStatus SecTrustSettingsCopyTrustSettings( + SecCertificateRef certRef, + SecTrustSettingsDomain domain, + CFArrayRef * __nonnull CF_RETURNS_RETAINED trustSettings); /* RETURNED */ + +/* + * Specify Trust Settings for specified cert. If specified cert + * already has Trust Settings in the specified domain, they will + * be replaced. + * The trustSettingsDictOrArray parameter is either a CFDictionary, + * a CFArray of them, or NULL. NULL indicates "always trust this + * root cert regardless of usage". + */ +OSStatus SecTrustSettingsSetTrustSettings( + SecCertificateRef certRef, + SecTrustSettingsDomain domain, + CFTypeRef __nullable trustSettingsDictOrArray); + +/* + * Delete Trust Settings for specified cert. + * Returns errSecItemNotFound if no Trust settings exist for the cert. + */ +OSStatus SecTrustSettingsRemoveTrustSettings( + SecCertificateRef certRef, + SecTrustSettingsDomain domain); + +/* + * Obtain an array of all certs which have Trust Settings in the + * specified domain. Elements in the returned certArray are + * SecCertificateRefs. + * Caller must CFRelease() the returned array. + * Returns errSecNoTrustSettings if no trust settings exist + * for the specified domain. + */ +OSStatus SecTrustSettingsCopyCertificates( + SecTrustSettingsDomain domain, + CFArrayRef * __nullable CF_RETURNS_RETAINED certArray); + +/* + * Obtain the time at which a specified cert's Trust Settings + * were last modified. Caller must CFRelease the result. + * Returns errSecItemNotFound if no Trust Settings exist for specified + * cert and domain. + */ +OSStatus SecTrustSettingsCopyModificationDate( + SecCertificateRef certRef, + SecTrustSettingsDomain domain, + CFDateRef * __nonnull CF_RETURNS_RETAINED modificationDate); /* RETURNED */ + +/* + * Obtain an external, portable representation of the specified + * domain's TrustSettings. Caller must CFRelease the returned data. + * Returns errSecNoTrustSettings if no trust settings exist + * for the specified domain. + */ +OSStatus SecTrustSettingsCreateExternalRepresentation( + SecTrustSettingsDomain domain, + CFDataRef * __nonnull CF_RETURNS_RETAINED trustSettings); + +/* + * Import trust settings, obtained via SecTrustSettingsCreateExternalRepresentation, + * into the specified domain. + */ +OSStatus SecTrustSettingsImportExternalRepresentation( + SecTrustSettingsDomain domain, + CFDataRef trustSettings); + +CF_ASSUME_NONNULL_END + +#endif /* SEC_OS_OSX_INCLUDES */ + +__END_DECLS + +#endif /* _SECURITY_SECTRUSTSETTINGS_H_ */ diff --git a/trust/SecTrustSettingsPriv.h b/trust/SecTrustSettingsPriv.h new file mode 100644 index 00000000..fe235e31 --- /dev/null +++ b/trust/SecTrustSettingsPriv.h @@ -0,0 +1,169 @@ +/* + * Copyright (c) 2002-2016 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +#ifndef _SECURITY_SECTRUSTSETTINGSPRIV_H_ +#define _SECURITY_SECTRUSTSETTINGSPRIV_H_ + +#include + +#include +#include +#include +#include +#if SEC_OS_OSX +#include +#endif + +__BEGIN_DECLS + +/* + * Private Keys in the Usage Contraints dictionary. + * kSecTrustSettingsPolicyName Specifies a cert verification policy, e.g., + * sslServer, eapClient, etc, using policy names. + * This entry can be used to restrict the policy where + * the same Policy Constant is used for multiple policyNames. + * kSectrustSettingsPolicyOptions Specifies a dictionary of policy options (from + * SecPolicyInternal.h). This entry can be used to require + * a particular SecPolicyCheck whenever this certificate is + * encountered during trust evaluation. + */ +#define kSecTrustSettingsPolicyName CFSTR("kSecTrustSettingsPolicyName") +#define kSecTrustSettingsPolicyOptions CFSTR("kSecTrustSettingsPolicyOptions") + +#if SEC_OS_OSX + +/* + * Fundamental routine used by TP to ascertain status of one cert. + * + * Returns true in *foundMatchingEntry if a trust setting matching + * specific constraints was found for the cert. Returns true in + * *foundAnyEntry if any entry was found for the cert, even if it + * did not match the specified constraints. The TP uses this to + * optimize for the case where a cert is being evaluated for + * one type of usage, and then later for another type. If + * foundAnyEntry is false, the second evaluation need not occur. + * + * Returns the domain in which a setting was found in *foundDomain. + * + * Allowed errors applying to the specified cert evaluation + * are returned in a mallocd array in *allowedErrors and must + * be freed by caller. + */ +OSStatus SecTrustSettingsEvaluateCert( + CFStringRef certHashStr, + /* parameters describing the current cert evalaution */ + const CSSM_OID *policyOID, + const char *policyString, /* optional */ + uint32 policyStringLen, + SecTrustSettingsKeyUsage keyUsage, /* optional */ + bool isRootCert, /* for checking default setting */ + /* RETURNED values */ + SecTrustSettingsDomain *foundDomain, + CSSM_RETURN **allowedErrors, /* mallocd and RETURNED */ + uint32 *numAllowedErrors, /* RETURNED */ + SecTrustSettingsResult *resultType, /* RETURNED */ + bool *foundMatchingEntry, /* RETURNED */ + bool *foundAnyEntry); /* RETURNED */ + +/* + * Obtain trusted certs which match specified usage. + * Only certs with a SecTrustSettingsResult of + * kSecTrustSettingsResultTrustRoot or + * or kSecTrustSettingsResultTrustAsRoot will be returned. + * + * To be used by SecureTransport for its (hopefully soon-to-be- + * deprecated) SSLSetTrustedRoots() call; I hope nothing else has + * to use this... + * + * Caller must CFRelease the returned CFArrayRef. + */ +OSStatus SecTrustSettingsCopyQualifiedCerts( + const CSSM_OID *policyOID, + const char *policyString, /* optional */ + uint32 policyStringLen, + SecTrustSettingsKeyUsage keyUsage, /* optional */ + CFArrayRef *certArray); /* RETURNED */ + +/* + * Obtain unrestricted root certificates from the specified domain(s). + * Only returns root certificates with no usage constraints. + * Caller must CFRelease the returned CFArrayRef. + */ +OSStatus SecTrustSettingsCopyUnrestrictedRoots( + Boolean userDomain, + Boolean adminDomain, + Boolean systemDomain, + CFArrayRef *certArray); /* RETURNED */ + +/* + * Obtain a string representing a cert's SHA1 digest. This string is + * the key used to look up per-cert trust settings in a TrustSettings record. + */ +CFStringRef CF_RETURNS_RETAINED SecTrustSettingsCertHashStrFromCert( + SecCertificateRef certRef); + +CFStringRef CF_RETURNS_RETAINED SecTrustSettingsCertHashStrFromData( + const void *cert, + size_t certLen); + +/* + * Add a cert's TrustSettings to a non-persistent TrustSettings record. + * Primarily intended for use in creating a system TrustSettings record + * (which is itself immutable via this module). + * + * The settingsIn argument is an external representation of a TrustSettings + * record, obtained from this function or from + * SecTrustSettingsCreateExternalRepresentation(). + * If settingsIn is NULL, a new (empty) TrustSettings will be created. + * + * The certRef and trustSettingsDictOrArray arguments are as in + * SecTrustSettingsSetTrustSettings(). May be NULL, when e.g. creating + * a new and empty TrustSettings record. + * + * The external representation is written to the settingOut argument, + * which must eventually be CFReleased by the caller. + */ +OSStatus SecTrustSettingsSetTrustSettingsExternal( + CFDataRef settingsIn, /* optional */ + SecCertificateRef certRef, /* optional */ + CFTypeRef trustSettingsDictOrArray, /* optional */ + CFDataRef *settingsOut); /* RETURNED */ + +/* + * Purge the cache of User and Admin Certs + */ +void SecTrustSettingsPurgeUserAdminCertsCache(void); +#endif // SEC_OS_OSX + +#if SEC_OS_OSX_INCLUDES +/* + * A wrapper around SecTrustSettingsCopyCertificates that combines user and admin + * domain outputs. + */ +OSStatus SecTrustSettingsCopyCertificatesForUserAdminDomains( + CFArrayRef CF_RETURNS_RETAINED *certArray); +#endif /* SEC_OS_OSX_INCLUDES */ + +__END_DECLS + +#endif // _SECURITY_SECTRUSTSETTINGSPRIV_H_ diff --git a/xcconfig/Security.xcconfig b/xcconfig/Security.xcconfig index e84c0fb0..72588c89 100644 --- a/xcconfig/Security.xcconfig +++ b/xcconfig/Security.xcconfig @@ -6,5 +6,13 @@ APPLE_AKS_LIBRARY[sdk=tvos*] = -L$(SDKROOT)/usr/local/lib -laks -framework Mobil FRAMEWORK_SEARCH_PATHS = $(inherited) $(SYSTEM_LIBRARY_DIR)/PrivateFrameworks $(DEVELOPER_LIBRARY_DIR) +HEADER_SEARCH_PATHS = $(PROJECT_DIR)/header_symlinks/ $(PROJECT_DIR) $(PROJECT_DIR)/OSX/libsecurity_keychain/libDER $(PROJECT_DIR)/OSX/libsecurity_asn1 $(PROJECT_DIR)/libsecurity_smime $(PROJECT_DIR)/OSX/sec/ProjectHeaders $(PROJECT_DIR)/OSX/sec $(PROJECT_DIR)/OSX/sec/SOSCircle $(PROJECT_DIR)/OSX/utilities $(PROJECT_DIR)/OSX/regressions $(PROJECT_DIR)/OSX/ $(inherited) + +HEADER_SEARCH_PATHS[sdk=macosx*] = $(PROJECT_DIR)/header_symlinks/macOS/ $(inherited) +HEADER_SEARCH_PATHS[sdk=embedded*] = $(PROJECT_DIR)/header_symlinks/iOS/ $(inherited) + +ARCHS[sdk=macosx*] = $(ARCHS_STANDARD) AOSKIT_FRAMEWORK[sdk=macosx*] = -framework AOSAccounts + +GCC_PREPROCESSOR_DEFINITIONS = __KEYCHAINCORE__=1 OSSPINLOCK_USE_INLINED=0 $(GCC_PREPROCESSOR_DEFINITIONS) diff --git a/xcconfig/all_arches.xcconfig b/xcconfig/all_arches.xcconfig new file mode 100644 index 00000000..cf6cff55 --- /dev/null +++ b/xcconfig/all_arches.xcconfig @@ -0,0 +1 @@ +ARCHS[sdk=macosx*] = $(ARCHS_STANDARD_32_64_BIT) diff --git a/xcconfig/ios_on_macos.xcconfig b/xcconfig/ios_on_macos.xcconfig new file mode 100644 index 00000000..b0209111 --- /dev/null +++ b/xcconfig/ios_on_macos.xcconfig @@ -0,0 +1,2 @@ + +GCC_PREPROCESSOR_DEFINITIONS[sdk=macosx*] = $(inherited) SECITEM_SHIM_OSX=1 SEC_IOS_ON_OSX=1 diff --git a/xcconfig/lib_ios.xcconfig b/xcconfig/lib_ios.xcconfig new file mode 100644 index 00000000..0d2ee597 --- /dev/null +++ b/xcconfig/lib_ios.xcconfig @@ -0,0 +1,46 @@ +PRODUCT_NAME = $(TARGET_NAME) +EXECUTABLE_PREFIX = lib +MACH_O_TYPE = staticlib +EXECUTABLE_EXTENSION = a + +CODE_SIGN_IDENTITY = + +HEADER_SEARCH_PATHS = $(inherited) $(PROJECT_DIR) $(PROJECT_DIR)/OSX/sec/ProjectHeaders $(PROJECT_DIR)/OSX/utilities $(PROJECT_DIR)/OSX/sec/ipc $(PROJECT_DIR)/OSX/sectask $(PROJECT_DIR)/OSX/libsecurity_asn1 $(PROJECT_DIR)/OSX/libsecurity_ssl $(PROJECT_DIR)/OSX/regressions $(PROJECT_DIR)/OSX/ibsecurity_keychain/libDER $(BUILT_PRODUCTS_DIR)/usr/local/include + +HEADER_SEARCH_PATHS[sdk=macosx*] = $(inherited) $(PROJECT_DIR)/OSX/libsecurity_smime $(SYSTEM_LIBRARY_DIR)/Frameworks/CoreServices.framework/Frameworks/CarbonCore.framework/Headers + +HEADER_SEARCH_PATHS[sdk=embedded*] = $(inherited) $(PROJECT_DIR)/libsecurity_smime $(PROJECT_DIR)/OSX/sec/sectask + +// Turning off deprecations here is the worst hack. Enable whenever possible. +WARNING_CFLAGS = -Wno-deprecated-declarations -Wglobal-constructors -Wmost -Wno-four-char-constants -Wno-unknown-pragmas $(inherited) + +OTHER_CFLAGS = -isystem$(SDKROOT)/System/Library/Frameworks/System.framework/PrivateHeaders -iframework$(SDKROOT)/System/Library/PrivateFrameworks $(inherited) + +DEAD_CODE_STRIPPING = YES +COPY_PHASE_STRIP = NO +SKIP_INSTALL = YES +COPY_PHASE_STRIP = NO + +ALWAYS_SEARCH_USER_PATHS = YES + +GCC_C_LANGUAGE_STANDARD = gnu99 + +HEADERMAP_INCLUDES_FRAMEWORK_ENTRIES_FOR_ALL_PRODUCT_TYPES = NO + +GCC_SYMBOLS_PRIVATE_EXTERN = NO + +ARCHS[sdk=macosx*] = $(ARCHS_STANDARD_32_64_BIT) +SUPPORTED_PLATFORMS = macosx iphoneos iphonesimulator appletvos appletvsimulator watchos watchsimulator + +// No executables are made, it can't know how +// Therefore we shouldn't strip anything +// if somehow we decide to, the default is debuggable. +COPY_PHASE_STRIP = NO +STRIP_STYLE = debugging +STRIP_INSTALLED_PRODUCT = NO + +// We shadow the *error variable all over the place +GCC_WARN_SHADOW = NO + +GCC_PREPROCESSOR_DEFINITIONS[sdk=macosx*] = $(inherited) SEC_IOS_ON_OSX=1 +GCC_PREPROCESSOR_DEFINITIONS[sdk=embeddedsimulator*] = $(inherited) NO_SERVER=1 diff --git a/xcconfig/lib_ios_debug.xcconfig b/xcconfig/lib_ios_debug.xcconfig new file mode 100644 index 00000000..15920593 --- /dev/null +++ b/xcconfig/lib_ios_debug.xcconfig @@ -0,0 +1,5 @@ +#include "xcconfig/lib_ios.xcconfig" + +GCC_PREPROCESSOR_DEFINITIONS[sdk=embedded] = $(inherited) NO_SERVER=1 + +ONLY_ACTIVE_ARCH = YES diff --git a/xcconfig/lib_ios_debug_all_archs.xcconfig b/xcconfig/lib_ios_debug_all_archs.xcconfig new file mode 100644 index 00000000..61b4eba5 --- /dev/null +++ b/xcconfig/lib_ios_debug_all_archs.xcconfig @@ -0,0 +1,7 @@ +// +// lib_ios_debug_all_archs.xcconfig +// Security +// +// Created by Bailey Basile on 11/2/16. +// +// diff --git a/xcconfig/lib_ios_debug_shim.xcconfig b/xcconfig/lib_ios_debug_shim.xcconfig new file mode 100644 index 00000000..f71c45e8 --- /dev/null +++ b/xcconfig/lib_ios_debug_shim.xcconfig @@ -0,0 +1,3 @@ +#include "xcconfig/lib_ios_debug.xcconfig" + +GCC_PREPROCESSOR_DEFINITIONS[sdk=macosx*] = SECITEM_SHIM_OSX=1 SEC_IOS_ON_OSX=1 $(inherited) diff --git a/xcconfig/lib_ios_release.xcconfig b/xcconfig/lib_ios_release.xcconfig new file mode 100644 index 00000000..874d7c47 --- /dev/null +++ b/xcconfig/lib_ios_release.xcconfig @@ -0,0 +1 @@ +#include "xcconfig/lib_ios.xcconfig" diff --git a/xcconfig/lib_ios_release_shim.xcconfig b/xcconfig/lib_ios_release_shim.xcconfig new file mode 100644 index 00000000..9d629e5f --- /dev/null +++ b/xcconfig/lib_ios_release_shim.xcconfig @@ -0,0 +1,3 @@ +#include "xcconfig/lib_ios_release.xcconfig" + +GCC_PREPROCESSOR_DEFINITIONS[sdk=macosx*] = SECITEM_SHIM_OSX=1 SEC_IOS_ON_OSX=1 $(inherited) diff --git a/xcconfig/lib_ios_x64.xcconfig b/xcconfig/lib_ios_x64.xcconfig new file mode 100644 index 00000000..7019c25b --- /dev/null +++ b/xcconfig/lib_ios_x64.xcconfig @@ -0,0 +1,3 @@ +#include "xcconfig/lib_ios.xcconfig" + +ARCHS[sdk=macosx*] = $(ARCHS_STANDARD) diff --git a/xcconfig/lib_ios_x64_debug.xcconfig b/xcconfig/lib_ios_x64_debug.xcconfig new file mode 100644 index 00000000..5e38fbd3 --- /dev/null +++ b/xcconfig/lib_ios_x64_debug.xcconfig @@ -0,0 +1,5 @@ +#include "xcconfig/lib_ios_x64.xcconfig" + +GCC_PREPROCESSOR_DEFINITIONS[sdk=embedded] = $(inherited) NO_SERVER=1 + +ONLY_ACTIVE_ARCH = YES diff --git a/xcconfig/lib_ios_x64_debug_shim.xcconfig b/xcconfig/lib_ios_x64_debug_shim.xcconfig new file mode 100644 index 00000000..40ce8e60 --- /dev/null +++ b/xcconfig/lib_ios_x64_debug_shim.xcconfig @@ -0,0 +1,3 @@ +#include "xcconfig/lib_ios_x64_debug.xcconfig" + +GCC_PREPROCESSOR_DEFINITIONS[sdk=macosx*] = SECITEM_SHIM_OSX=1 SEC_IOS_ON_OSX=1 $(inherited) diff --git a/xcconfig/lib_ios_x64_release.xcconfig b/xcconfig/lib_ios_x64_release.xcconfig new file mode 100644 index 00000000..e6acb04a --- /dev/null +++ b/xcconfig/lib_ios_x64_release.xcconfig @@ -0,0 +1 @@ +#include "xcconfig/lib_ios_x64.xcconfig" diff --git a/xcconfig/lib_ios_x64_release_shim.xcconfig b/xcconfig/lib_ios_x64_release_shim.xcconfig new file mode 100644 index 00000000..93f151cc --- /dev/null +++ b/xcconfig/lib_ios_x64_release_shim.xcconfig @@ -0,0 +1,3 @@ +#include "xcconfig/lib_ios_x64_release.xcconfig" + +GCC_PREPROCESSOR_DEFINITIONS[sdk=macosx*] = SECITEM_SHIM_OSX=1 SEC_IOS_ON_OSX=1 $(inherited) diff --git a/xcconfig/macos_legacy_lib.xcconfig b/xcconfig/macos_legacy_lib.xcconfig new file mode 100644 index 00000000..74367cb4 --- /dev/null +++ b/xcconfig/macos_legacy_lib.xcconfig @@ -0,0 +1,30 @@ + +PRODUCT_NAME = $(TARGET_NAME) +EXECUTABLE_PREFIX = lib + +SUPPORTED_PLATFORMS = macosx +ARCHS = $(ARCHS_STANDARD_32_64_BIT) + +HEADER_SEARCH_PATHS = $(PROJECT_DIR)/OSX/libsecurity_cssm/lib/ $(PROJECT_DIR)/header_symlinks/macOS/ $(PROJECT_DIR)/OSX/include/ $(inherited) $(PROJECT_DIR) $(PROJECT_DIR)/OSX/libsecurity_apple_csp/open_ssl $(PROJECT_DIR)/OSX/lib$(PRODUCT_NAME)/lib/ + +STRIP_INSTALLED_PRODUCT = NO +COPY_PHASE_STRIP = NO +GCC_GENERATE_DEBUGGING_SYMBOLS = YES + +// Turn off code signing for libraries +CODE_SIGN_IDENTITY = + +SKIP_INSTALL = YES +PUBLIC_HEADERS_FOLDER_PATH = /usr/local/include/$(TARGET_NAME + + +// Code is ugly. Turn off some warnings. +GCC_WARN_ABOUT_DEPRECATED_FUNCTIONS = NO +GCC_WARN_FOUR_CHARACTER_CONSTANTS = NO +GCC_WARN_SHADOW = NO +CLANG_ANALYZER_DEADCODE_DEADSTORES = NO + + +// -Wall comes far too late in the invocation +// mig likes to use the register keyword; tell the compiler that's okay +WARNING_CFLAGS = $(inherited) -Wno-sign-compare -Wno-deprecated-register -- 2.47.2

    {x=iR)DfqfwT(ZuWZH*9kGaz>hG53p@t|&V+QTXi+s-5Y$@I#-fo6qI5dY z%ON~AXr={{`z?zYh;g33z4<%t`tY+T2Dz>d6}E|&8Vg^WqFi{0-!^Gb^iF7sWYNBG zgHLaFR4oCFirF~`PfBCy4>~1J2A<3EHk3BM^g6RGdClbc$8?oktEOs>u2x>s!^2OB z_u4&JdOw(T-^9Cr=(gpa(MY{lVD)a+{8N%Sv-fEt--`zt?q?ojfn;8rPCVa(Gly7U zi)Uwz?c(cWkZbOF)9sJiji&DWYgoW#u$@HUde$vXPd6-3Q$=f{hl%gVMjs0@Y+mO( zDjlwrUMp$S@v9J@y*T*pL^$>#>(C~M-&Hl~EBASkmC4tVm&|8ZpZ1iwTHnhOpKj_p zCg9hKa=QF| z$gW&aILNw=T|36)5k`pbS7$zY5RV01Z@irDL0(Xo1Rpz4ZGBPfXkz!|YFO%MZbrxZ z+=F_*FKDUi=2_DKC0?p|a{83*IoQ~-QmZ}=L-c(4!Yrp;w;I>Q^(C_FA#?+3=WjYt ztG4!zWcueQ@_c8_xRJrkg$^>kx*T}z{nfm$QZmb&7BV^&Hk`~~r987^{euE6nx$7; z?|je_e1EUC!}-lOLz^{`87apGDM`E8SI-4MC1j8InR&09v``6tN}NCM;o(v*5@`JX zP^p!b{^nDp#a6cao7Tg&k47#pUw%{MYm`1wealdk--sMETsci}^RLLqTUrg~)y_7X z6=nbmKg)MC-`!cAl@sJDnP9zPHjDSQflg8t@^Q0pMl!HDYh0Z8ooSFeQczbW(qudH z?bm9`4P66@($D53E7KQOOuDe_!U7D1(Q$3U)F-Vhcw!;YxuEYaPDF&%ZEenQQ6xe%jOooxp;%3^eZgVBi4cXQ|Z zTftrU`TUaA)YJ516BAiWBmz|$c zbKnOf#zUs7=6RVtrN*W$6j{`feyR1_YoD?c<%2)h(taA!Y3M!c*ZnGRxl4N?(4&KR zdsKpFK{F#km#DkATL4e8xjFG=egCYe%T4PiYc4MtR2siI8d>n~4U8zOwLk-#zcLE2 z^tM}^mtWR=137ca`z&O?K;Pb?|J+B@I*41%b_uiadf{Wu{@nIiXAxd%jm;BBjl?4rF~1^a5kjf<_g*{r81!CHaAHw zA*%4gEf?D1rdXM;$0u5L0j7<;+F5mUM zve06rd#zh8)a6wza)(Gw%3Hhf;B-hVBs(?1yUE~=Tj{5MhS^7jhC667I;RNJ-lu{t zoeK(mx9T(wlRtZ8oYJUy_F(~atLgL%DnKk&!V@Tgiw2 z`YA|)p!?NE9{TX6z>4)&an1{)TH&&fL=&-%1HOTLHtE&_wH{A2S{=*jYv~4~FSdAZ zJ^sd#;>esi@-kz)_}uf4ImEn7pfF?cqJrgpi!7dAjzsGKWMxGGxAUua;xDR;OC(vc z->D2d(P|nRb+H$HVpnXX={BhOruuzS1l1R35>Hg)K;x3Djk}-8sy~|!eUJGX=yIOc zDgE&o)$T`SyZcyR&NwEj^JeGC{!7fH_weqgq=;4zPs93tt(POLficpdw{o6aS_G}_ zyIAdSPOdxLl=-qlW?{1YMK@w$TIYg8rQk)~@H9AEcqA8S7*NN}J4hTZ4p24Si&l>u z?r8T?wY@!tQwwpJW_|ImbN0{Qx%s*4*ky28z`vPOBB|D}yBn(Tf%BoCxx?5L$Zi|< zR-gSS{FRWuIjmr8Mx=gYCA7X{@)2$0V}9*|`>9u=cOqWo##xCH@{XC98(Ruf4zVm8 z*Waky-wjJg-dnhLsf7FGec2F)lNEGsef6VRhBS%8oa(1GC%I;YGSkHc?(2`g86HSJ zV#lTEc0v93hRD14$=!sBU^=_I0|BA}cBl6i4mXTW43yisL#vg%1zMXWlnjHT$bhx8S&Lto-Nty$JC}%q_4K!Nw5HILO9!Pg9?AX$wO&(!2f|Et}Rg+K%a*5sN(!b z0CSoK?tw9k;2fjy5DLlb*t>u7Spjf0Z|EoYz%|utfBPwdRs3d+)@)`uA?-WZu;^_d3GUsv$+OU@LuqWuJy!& zh4KE{N^TF@z5>9~s za}x|e8lBbno^E4Tp>|w~K2faaMuQ zAk%gcq26K7sAn6JyO<7Vd(HJwhM<#U-8El=YL@$$Z=Rag&7&GLLH>N3HyX0++SyJ@W5l~(O9;{aR)^aGgx_}oA9X#!pt0xi8~A?3uJ+;7S*OBOutQByfT=mgWiQ~e8@KpivDae8s8qM7wj}bSq^zf! zr8s%+E7zg6R!^&f8>FGhAorDoO9~AD-VuNYy1&|YDf2VA*T5U+tBy`|Y3_9kmxL!F z?yFCjB(vAT3(tI)uKv{a|Nch53~(*M*Xx(u+{+h88a@?YH?Vk3Rxpk{!*F=`;$=(1 zP+QdC{@%V1+!lMzlCOWYTU4yCH?Z1-E;FZXD#gnB8f zpRfv?m|xJd3u2m7eey?*!T1QNdOpvI=_=MAOu|@C2*!8_hVxS1^{DxzzV=c5B@hp===5We+z)I zZF!1O`AX|)5-;)YSrwV6XZczS-5j9Wx=r6aAr;XZ{u-+YM@aF*@Wd)HMgR$?5bO?RL>N!3Khru_e|{n zW{&^n%YPpK-T?vLp5M~|{#f!i?)iTY|Dw`jzs3JK$)ENA|K^qd_4dEwpBNX$l>YsK zfsW=cb`0Rx9PRJd0X*X9)cV<%6n1%CbpI!8*&i}5|F01FtN8yjGQjWRAII!P&q+y% zON&cO;}U;x)!#)$f7XBhAzScY@Q(#-OmWJi%`bT;|B8QF8gxR9z}D#bV}!G72erSV z?-_U^+Syt{%MlE;qf#4_bzqZ zA#NR{(tqXqD46yq{C~*${M|(U0{(+-uKYP2;CJya{oDLsNog^upZfpbz4qVl|4;lA z{wn`VsjK4BgT9YnbbI3OCQUq|U*vzrilU!9|JS+szv%z}3I6}64)FW<|84(YNolE{ z^8XLnWxwK|5Qp<$^nY0zn2)w**gx_A{W^e0o`qt_ZELb7ULALX!|Icarzvky( z#{VA`{&6$)`}qG)@;|OA>`(sxBR1K;@c-}R{!9K(o_v;mln)?{^1Z84Uj6eB_z~;! zqiFnP{QptmANL}E1^-e%?SDUH3;ZGc8>Lh*0AX7aIwA+8B|q{1Ll))-5&6^j|6Tyc z(ZPk*Q?=|2l&Mg z@cnZDkFY4!6~=y+_^0ddhb+wxA@Zm3|0i|-?=SJY{9o#~{(lK^$)EiHhphiU^?zaj zg$2NXt)*G+KRkcGME?Cl^DoN!8Tt1^mg9#L`Ahh>_YQLO3-tM;5x~ELf3b5C=YAXi zCn5E-{`U{r3%}z3A|5d?{+*ry6yK7QH5>p`0YDoU|Bnk0_@%_QJ{T~fAa-J)_K_A( z!es;yfOP>t^3OiuFDJ`)TDZPXaCnM?Yl%xki^ucZK0=EDp18hG&(wyXq$A!4BUmcB zDy`0gfEHw*F=8a1Jml&_v?Y#C8nu<@VIaK`H?Yi*OYDQk9;w*55j`?ktj2{G5b6vi zhlXDD0w9DaC={F$;1}nCpB532lA3An;pQF|orpwyEfr8=v)q?T;MxgX5oyyLz>bb;_n zPQSyELvBHOY!+EYsDmdIbOU?=6CeC6;YOrUAQj{@2PS7M4#ufjq~3n7k7}@pbk+}S z-flB75FklMS}@5&f`_d#lfca7dmSy5`^%E2^kDM$hajYaZrd~6jrUt+1JY5{wp?TOEUDK>iJY2Yd_3*pLK(m_hTLj_ z-NCERobt6Yl@7Ki)DAdn0nLsq!)0Lh^q%(Jr3oU-no!KSKfheXEPvWR2T7D&nQqLVA8;HGhb|LB2EEHFGg3;>sY`DY3N zSrFn|k`dWbl3n3qcV%WY5IgHCFN=!~? zgIIls6kyQoOaRchT93Ybu7-7dBYf>L0mZuPr3-tVI*F(#j(zGEX$o~za+eiBCVY?46xk@X8m17y8o-{I{*ikG%1p!M|^ycYxzB z9iaYj>gO-7@;mq!6T=yM{vH3~=Olje{~xjqe#QR|NF1p6h5u8KU!bN^WM)$1E{*BLn|1PdvC3Ilxo9K*2QB6p7tp-M?ri?sBPKu2dM7ZsP3UI@33rKm8q39h0BrIvly=Dae~ zU|r5u!Fgc?9k+*uOKWO-dW|eH><91->kz5%sxA`6igakDn-*JZ#4%meS{I;uY8*W_fFdfxBrUueOkbi<+(hMuyqNis&RSAVwrcBMMi z8_-UJ^Xe933b`<8B02&cl*}IU$nW!+k>A!96g>b)f>9~_4Dc5=MNW$ zhOk%xfPfE!0@Jx*BB4BW7&NK$J|+sL%C{R$W8$(K!{Ai68_N>3Z+8h-4fuOYtDocl z%o+G&=fAU8V1T2Chn>x@EdT>?B>=qs|I+`&q|QnHYyWqgFW`Ir?@#&fhisT%&;QH7 z8Q=pJkW$r)s2m6Evs4W|Jj3Gq_6~T$Yj2H~8wS+R&DHQ%l>uh4l@yFsgjPV z8gU&UWk=J5L|+fF?d{Ht*}35OfSb1pVyn6n^J_Ag81_s(h z_KuG|-!G}Yk(+l-0wLfM9RrdzF}>mvUsG%EWWp%!8Gq|m&Gc0J<^v5Q3x~jvy86VN zfqp(OxBP=Ap?L$KOJVdTq2x3=*FvQdN2hXYYJ;;2LE>62u~j<)9Ee8s>AC?Sr!$^NXYXPu}??rxk{DebVp?YK_wD+cSRuw&q3_h5fGRWT}I?u#djfYo8Ob$sQuBK||KtaVO zt>KhVkbtl4$IQ*)=oZA_mL(x4z;8dB}0*d zUNY+IeO@8{pkR9rVU3XTX3J~QFJBHvCg&w}HcH7~5*HIpYwoVZ?6pk{TSe5@x8+RS z+XM+Hu=*5ehsOIwxDnarF$$W-cPw1c38vEsX>3j>g0l!BT#Iimi3rhMlot(;@UXs? zCxQqkXLV>fs#mCcxGKO;eyIa>F6qP2wHL)hh53Yy&CF7!R{8}?&8zYK}AoE`S6(y zE{sqMOgJpU~2thu+@N!z?uP-S$muCpOnMxuO8rq!N+PD9R(!%a9%28T~6O zgf%x|FqnN?W8A|<6FttkT)(#1>B?4S?#(fOOjwG?LsNf86(pG&}219y!o7Z&?A+OLdk|k z*qC^e5WR|EJR^uqpBJ2#|2{QSF zT@|^M+!iZ3?N)D#)H9>;6e2c+jIb63kd<7n3pw{>eK7Gx@`Oi7K5EcKHo3q$tJ6{J zEW}MTi)udNo0ZQ9=B#$nix@wSoI>Y&;ZW!Sx>Oq~&BRVlP15*v3 zM1b3cMi)6Q#8(h8d_log_znA(7q5P8dd$Va=CQF@#k{^eN9~6ireM&IrX=7P-c}yZ z@rMC%6c>vwLHI7pAe53**RfGhZJr5Rq>$OT5+Q5*lpj8;=B30mGK*T}V-d<9tAbk56q0s6! zqc`@2?lKaHNttmo(rT{-b;=JC!2g6D^zVM-rcMIvs|lVesWJeW`k zu2x0)m`l}Tq`Af(hP`nFYvRKAj-6L)U!Z=zbyGdJ3*NDCRkh1bO{}S@u${8X@25_%K~O>;~yAd?uYK zMXvE>Fj9IXA;o2arASdl&43KbJ$r?A1gffep*&;)0|JQC@kmJlh!$o6!AzH;V4exVF+bB3PRR`Pc(?z>g(F ziFyL(5T3$gikv~VsGNb5>a#bh`OVuC^?@k*WQO635&#j+3lNDY93>lsLc735sb055 z%jW2V8M_n-UdJQ39N>|3ZEz|#+ei{i9|EFyJLXn>MM9ckfU^vrm5CD~w||s;Hir}l zL^1M0mvl=RxN>6Q_~K~@7JgABD&4v~<}Fk_FDXEEerb}Vz%Es`tc?6DY@If!ElOQx zl-NWRL@@wMpsT`kx``sBO4~^ZJd_#i-#RHIA0;RE2eN*E57Xiq+%Lffj7QTS<* zQM4|0w2=&VLbi@bSky-q{h?qwRYVycE1W2dK@BhCXkAu_kAUYgFAo)ph{3}SeDkIv zZ{3oK&cMBHrm?*XuY8j>siGM)3b(8PocCiG(f~4%G!UWSMC&q*^i#&hS0qti?@;Hk4+g8Z zp4mx=yGmn#7Df%D#FS##xD=z{`gZjB__fcH^~F8b)~Ndw3Gf8k38alGh#>kgG(JlN z4eX?@F%3D)(zZ?;R(Hv#beTFsCOWC0kwl%BCq$`o5X9s7#O}~ZiXDJFpeqo+d463& zG!6>yTA?0LoFH5{j3|J&Dn1i-JAcS2{PL zlW0{Ym9%IZGvT&t=*psIESIMQxi^gFmr)|0cTr|$XdE(9uV4(al~71I0TWsr0g<*~ zjuRhH1d^RNXIPo)bT=gcihyp_5q`Z*jeq{cjy$FgpSn&o%1;snIv_YNn8Oa!>r)~z zgikP{%katiB3@1`nGV(Gh!xKwp6Q}SsE9|P0uhvjiu+?1tlJ>K{w~c4!?;wNU8JrL zC!uWKFu2H<*oZU=8k)9wmI?ylsI#SWx}><-)V<%I^?8i;*4I0%N-*&Kl`_05`mx}m zqojIQ($_|XQCz1MV5un#^lTfUg(%V4VRFAEf|E5;oS4;#A*D{kf9V6gOL%Sh90-LW zT__{e8@6$KN}vaW`q>g5!^9sf0Y`As=kIk?;Xq3po(u}#OOc>i4WCI7|4kX`gbz5T z%%7=~+~?e7Ls1VqTMB_CJcup1KpVwm8>G&b>|Pq_v@MyhD5>uf;fW|HE)5?ABOL*t z7EmZPjC28jxS3qf=Mi|{MxNM4s#*q+*`f~>-4~BYM`1AFKg2ye+{0e_hq#AjJo?az z8Ajs~F&Uk<(v6wp!IY3w&Y)3oX_#A5S-Sm*5HD=vF!CsxCmNd!-z%eXREj2~9}QQ( zbY&b}xN5L!rf)KVX6U9}&8e-NN`vUNczjI7Uns@;acnuX+X|PEwRq+ zg)8RnJ`3#5(fJ(YPAj#-1t)M`iOV$%S;vC^FQPRb4Ng za^dewWEj+fO;=n!r+&`JY2anc1-0s86Y{p51S~Rupxkjpikq^P=GAGslH3>CHi;p_pKJ zPYh=%tx~KLoQ7u1+4gAaiV$Bjdd}JPmI*RjS5AX42fLJR9-vq~G3!ujfYvAG_;9RIv@1l%T)*1iI=>$@G=yU%&!K6vU80fJljF)qv2WtD@^sOI!UcjBnbYC(#pLE+Bh* zD{OM-I)&{y(-{TWU7M!xS9zai=EXLaQ-hf6Ol%R4zS>VxKVPSvvUFX4f`(=(h|=w68Ies^q*pyvRqXxD?-A1NfQf1sct`_@U$DKRlloG9jb zG?)0Q`kZ0X%Jh@VEKt^EQYC<;or8gOvwJEex~^wlvtv(cI5uVQG?jp%$taE%*^-3` zGxNxq2t0h!o#1Vr7P-XGV7vrXl8cW_W0UaGuPB33nlH(5m((s4sebH9Fe!wuD&=GA z(j)1io|N;J@?E0$Ga+{}D^vKGKBd;zEU0E`OVO^9@IlwGwq}T|XanN2FSIMBG(|n+ z?lWH9|FFoq20sDA1heH_5-M>Gcsfb*IV=!h3~Gtonp7XgC1^F`Nr263%OI!nF@#aE z*Tp(COx5IHaxd?5Hzg4QOzk=v#7~64&}*o<;EX8)7`fM%6;(Kfqe|U5@JlD81SH`CiI?R88iqIY zMY_x0Fw3-%Z8-4ddP6rRYKbYr#L3fB*_4r*1A>i{){;|uIF}}g9T+g=zuHSMPR;0U zDwV!N+W)AbF`8718+!bv&x(1f{bPA4;kO43KN;tz zm(MOlo_|HqhhCyVz>PE@&=^FRJYQ%Ej5HY@z@hYF>n+6`a?>CP0ek&TZ@-i1X2$a7 zP_7pSl1F{}7OrpKf3Qm&G=YCwM}EUDaoBYKPuRTpZPpKOHvxxDAH}H=s8%kNok^Qilhe)Le8ChfS3U0kfm%nk=!(g%@UR$xG<&I_cGqsj2r8X(YaN z%AGXGC1Vq_Lofh48tv(MCmeRkVwK&n@(ra1;gf|%tb^-3n#N)GIveH0o6oIhm8=Ar zu=p^k)uAb@$emTH%$!zq(%Xr-3?8SRB(rbVKGKsM4RKc3H>Pa323l);{+2$BNY3?G zrhh|~D4cYx@Hm(<=u@2J+UsYA2{9kJ%#Do}mav1GY^VH6CSs;fu~sy1GYj*cBfS;l z_s>A1fl-G=d7Hz=bxdVVOX)c_EY{%0GUZjngbxWkE4TLcRgt}QU-x3S%*uke$(n8oE0R>6;JS2e;Q8_TL5ReTI91YfHrIRcmj zCX5i^iT9JNp>QLnAhF1Hdm~En$2OVm+>FLT5%D!TLaeOs7g?8#@5cDG(FSOH@Tztr z5{B=XOr!;FnZnM*g~aGHG{U1Hjui)}B`P7ler;`j^yRvQxRy>#Om}?syqy_)7m;ai z9y*O%9v+R3he{cw$&@6%2ge14PjNGDP2`(omF| zE&&JMI#nbFzeSBI;Jq;=q^Y>zzwd3!Ay3^5xrV}5`o_U^X9m*#SWsysq37726YlUp zqJeG((;${_nTBJ|(Q{{^2J!mLk{3^Rhn8+w`gkZ|C1RW)ly5;w>YS47O3&q4Gg+26 zB%j1IRn<4R7@v!LBb(D@oYonVFmJu0-`Lw@L>ShD!_uG!L61ie{YetD6;`G#l&55{ zS+NgZrF;v!g?GHwp&?|v9&*0qenrWU0GYT2_U+^u=!jq3cmM@)kVM7CrQjVmb7o29 zM%(wP8(q;7Yuw5XoQdD)JO&@f@HBFe#*`rJ(L zfXN$FYy#8NVzh4@5MFZzOC+q=+Wwe!4HC?N{+RVr$Ew86vmvv?hcSJRN>RXn4Pdg< z&uaSck?RB`G*|G@3^QlTfoRUoM$9woRG*X1=HAXnC~pFJQCTKZ&~E zi3%70L~}FKW4+w=&P*r-pK4Rx|;1nV`7-^>&&&H|rHpC6T)RYS8;AkiI-~f-I=H7m-XM0DZ^4}92$>v zHjC~oI#!x!jcG$9OlqU}r195DAx;vr<3|g-VY%J~QL6i-b^~JPY~*aocd+eqy*Jh( z2meCA8QnO4?D?AOi*)L+e>?1+ix`z(=|i1uu9h^DJ8 z@eU0~vmu^)&@B=WHfQcC%%&}GA!cd&%-I{h`rCQM53drySRSn<6N)a!?$Dw!4;qBwh9#wkatNTh*@0xMU%K(1Z;9Yp@{>K%mhK9I=;`i8Y9gb_+5>=5)k zm8k)PY0&FG#xhY?E=Eu;}ZoP*b?C=DXQMN)y%;Y89Ko{Ox`1Te#1D>apw7H$nFox);U*DU@>>T>)NFjXm`Di)92%8Bhzf#<% z{v1y}|4c_XQ#rQCcS%6zOXsM9XCG+gy5$3wpvd$b)|Ls$;(5>ZP4Jp+q9k}1klx4* zxps9Y_Z{ae1oj#!HHPp8>4)8~R`3toq6h6veT(7icl+h3jfR;B6BGpydbZ@5+k_uM z(k~!}X~#|}*h@}Y%=<=3B7`v*ZiI-D?-F%p3pIsy3w4!x(;2^uM6ZYyT#>KIWslw} z$Tex{)2>yWJ4g~$88T;{^?zmc>M*YU;EOvLWVy2h=7( zqKzmr2=}9{e37@3XO0iAorIJotoJf8X=_8Mvf%mwA5w7${~hQ1pYs2@272PcfBvNR z_jlv}aJAll>;ILI`dR<=yGZr-kALz1wg8E}s{L!j@Q^ams7jbmkz+;6{Oo(4B z>}L_!q@W9t)_+VwnI@zRamcY#u+dX>E8&$xi)%e3qn6RXDqxHXkh#QS5r3PBw|?X;?|(l_sNhk1}^=gsi?SysvMJ3QA{}l&X{@wp;K}6Hm z00%`jllE}%m1Q>=lTp*bF1K-v$I&rgOpf;GwVKgQ5opPRHs{7FMOvX-8*YmF_)tijQd_1mUKt^@ zPT-J6U=(PQlQRxm<(;arGA_6gQpPV>B=5`PGxN4mxynT^BfHTEZr)8SU}*U~=m0a( zMB2ubrYOG9uAw5Lnh^A=0U#8Yk1+3B+r5K0HzYMnC$e{o@D1_Y(nm#Po(##6QRr2n z&AuCCwZ<>|gb#YP^VzNs2!PPjS1o9vKKem|c!Z&XM;_*NCsPfgZP<*^px~9v1|zAt zLhCie(Sf^oj4S+0a3Nc-xHtF3$c8}~BFSNYG4?c2gskk^hKW>mt%-gxWek;p0)H6rIq5a%>Nb`JUm_1#> zOo2vA!b}>e5im+bCS;&|M%HB+FJIYw8lOxASyof%&2+#+Z#TE0NGzvb7DYf-1SnBk zSBXb6@O#+e6NjT6o=}iqw#7?#uP7fURa+=SQlg5e_@T6-*rjK=e921);)~EtekGbT zU?k0b0Uk{$q%FD!7Ghu@C-tmbLbYi3z(?^pUW9M~>vGd50(v2MRUvgSOu2m>59LA1 zrj2<@Se|mYhX;2Ua20%lHuCDx^=m^Asm6wZsY674kps%_KM7`a2Z^fE+hDZL0*aSM zpjq4=!z1Z3d}u=U6o!7!Uc*BJH5zjJBxRcLEyPGBiDg-2ld@9!1hYqx0l}2Y;q2M0 z4|ulTJ?G$dAn=k15r{}IstZNP8m%vKla))y;ST-V7ozF3w#O)Z(X*~-2>GoxCn#$$ z=A{LVhj382clVb!EpRc+F#ctuVF$2o-4Z^d(>h9L56`Wx4O*zoCM>npj07Sf>RU^R zIZ6@w2&lN^5t0_|Fd|)#Tt}Ry*_=Nb%ZilHquy6!Jh6lv8m@naYbz zWB-4#_a0D9b=%tT-sy#sgb+F;p+kVss~8~kVyFTlhF(OZiJ+(f0)!$4q$+ACDpdhd zk=GJHkoGEKLq%UeRP11{@JHWs?>+Y$_doaC@B7ak-+#x+SnRRM-r0N2wbq<_uV>Bq z%qR9vvk-9`e(7gr{a)`}qWB2T9?$YGPno0=Cb+i@q7EK}70V9mO>2_K|{zso9XFvOmp(qbJm z+%wNkQPaNJ>~$n`=(BN=wBm*?EAjDdw7cDo*BboqSG*D)Rh{cQ&bHI2Sp2;tLdS_owp>+Jl@jhg{n}w%3wYff&>g-i9t-+E5g z$%D#?97Av%$9y6j0?t2O=d_+Rbv`Wh*hC&2Ba^X+3!gjk}t0_D;E){!Hy!e0S6!%F8c_5Y8QfRqJ^MCN0^|!6Xe6=Ce@Q zFnGb*ee`}qzquT&ye#K(n7T+H3-^RsT=%V8Cp&`k7CP%;qKrv04bm_8+4)%P)rM_6 zlC%Rxjm%*VRlgbx$a=Ms#O`OhT(tP|Rxn4k_pMu>W1}qpSCxkW;s67X6gAYDUk%kM zXwyUdO2kANbO}yxa=XxIC6y{64acu83WMAPM8u6>C>W9~V_Bp%N??k*y99fl_CkYoti^_IYIu;}GK55&Q z1#Q}X9oyJo2RjbgniCa|uN0z{!&yohruhY}khK<_>;ZMoZ!%X%6B}@^ z@EVylikZ4)5Hw2R4P^4S>XS^x0IQ(>uCkwBlZjzOZjhzF>C(_9uq_m!T*Q(0}#j zD&UJwaO@QH=Zey5F}3LarQ{Y8f$8WSZdcSyJL7ixF-B5epGvzN=uI6h!OGF<`&DmA zB1s-vO)gCfF6G!qmuKmGGMs=T_=JR|YIt#_^e=miFb4DBC~y24l;F8t3Hq^3(vscJ zs^i=Q!M9q6;NmXaTY=%wg4_u4D%0O^Vuc8*DIp}u4w{>jjJ*o)r03)!iSMag1~s`& znDdOv4WDb7=W5U_G7SAyhh!APXL>`X3o#8^TjPDa7fuczM*O8GbT~yA$Ef2^HfR4Y z3WW~X?<`~1@Op{KNspv`Kg|wAYv&e zQ4leenMX2?@0pHobk1S4)4#fOM%a-V-@jAt@+;KWS~M)3bI3mGn*FaUGO$2GK9N-d^g{?kQt+ru7qyBes<;=YnYEo#!<4jP+;g#m z)+svV5EclC%Y_K-G?&SGiZM?kG@oqbH&WnRzB8oPd&}9J7YO(G-sJ0Q;s2otKmV`N zi$;V;je~n}-p>$f*<@Y~Q6WJf80mUsM^*MNS>z8m!}e)upKy8Bn#V&@mAmUQlO9jN z$@KW9(HoWA!zY;OvNs-MIgJdwvZLEljL-TV&zV8@T5tJgcT_2NSWRkQYYnRHgN%RB zoz9Mg?}&1}{k;E-@eLBJcr4nj7rUI2kc+9je|Fcal$*L`Ntd0PsSN|n%O_{J`N*?w zj$c~aE^aaQeVA3H8D&+4Kl30Y=sy-{^)Fhkrg!AuX?d9)9H%KyYq?&~;9R7YkRYoT zJwnvMIq^8lv!EDWmHgi2ts%9VF00TqNwF))M`$ukmdjg@T}Rpaq{(K7vs(jL$lZUj z(Qewc%gOl!kqHCfA`@oU+);8nfzpu6BS~F%Dw$;tVJJ?49(;@JJUm7D`Z0fN!-aez znUqDendHKe1_8YXW-0j(vv);gOuLsE&gE?CD+#(+(HVkL(?V5n?hgL44R;j-Uq9v5 zK1t|X(|Jpz_Y)`dc@B7G`%=>VC$Gkc%B-J5u<>iU$Tl=csG!t;S1^ki3%S8kyl(tP z(w08~5@Kh?)ktI}Ydp*Wz5YzlZ^5(m4yYE1G}gwgymr?e)Ly%vO8LLGtP5IJms9ELYQ{7njXW zxSes|)AH5L8|&=EO<~l0;{0G%IH{)q+X!2($lT?Y;q9bwZq8nc3l~MF{$Dq1`9G@A z--rK*-2OL(hou<){XYMHU8(;p{>#+tulc`z`u`h>A^`r$|M}N#_>bEE6aU!-NdM&j z$lBdoTRY+5bHdoT766PzUeN$h8y!7iY#c48urE5g7A>}iB){9&ZtT;ji<5@qqli=T9CGN)eAxrzvP%EIJ09zpAHuEtzrYeCg_$!;{BzPZLpBVqLXP zOR)0%Fl)401D~f^uL0WcY^_#!6@G2z{q3Fkt&?|jEo|2r;m_r=g>SyCaAUk*E z=ZYf7N;vs>DEACaOcnxL13z$}261@z;ltR2@W!Kc$Iw}gh^nJm&4|`)bVJkGrjG7h z1iV9V7=1cR61o$oDsEMYKGxfHsjB-z)3K`uFC7?$UN}|vTh8hF+G_{;daAITf%!hM z-EJtW{OZTe1G`?`Ik<4^CVW?D^0%tk8H=5*(T^1Z-0ORSPwGoMFa;pTt^YG`FmH6- zZ+p&uO!hk(ce^=SVs-VV@!7YvR{QF6woM>URQJIr?JGQX*?Ip4*5R%6IxQB zijG(@kbTvG`_ZQO*!BH)H&jpBMsSSl2ZHYiiW=IySuJb@EVg*~jzPmEtK_4^vywLg zH=U9AHuX8c$S>6ky78gS^T$X13(`J1M!vkR)3S$*HMPl@iStqRzhHJ@Us6NGh26Ud z2Y0Ufe9bqq#2Xsuka`K;~T}boK^o>!HG>E1M+iQtq<8T|k6pC@Me2T4xlRR^(4l8U<m8a$-h2FT@-Y$Zh4yuiJLE#BM2mo?jczI|hN^+8;62#m zbxAjpQfl^S1_ViLx%#||m2voF%nn9uFFsK;}W-dYo0Kf_YT0kM9Vg&#;0ALFN*FZp9D8v>9 zwSYk_VNfd=bPWt@3xip}V3u%Efs3|Q2)GpjVGW1bAmD2da9b2|4Ilyq0DA~%4~5u4 zA@%^k6meET04Erf0fRWhVGP92Vvj^HkO8x zLcn|wFn`$&qd7efb&V*({Gfs)u@G1Nv0^dk_~Ru42$Jh@Vu3iZV7x>SULu$v8Ay-}#*2sGB|-?IA{mOuc@c2lQn(FLxQ$Y{ zP-%P!5f@65+9XF3U6w6k|H6xh;l#qFB*O{fkpziIB91MM50@seNk2nDbeJqLT#ghjD;+6IjFuxs%9A2xrQ+p?v9iQ?dFgn0 zl4w6cUOGXZl%POLRFp|nkd0E5i&m14QIw5Wl8;rCO;naoR8fpmQH)nnOb}6#DawdS zilR)Kl5CQaY^t(clCpe~ihPQ)T$+k}8d)KQEWe$im`qkop(>}671O9nX{suslCGw* zjiQ)ARm>DoovD$xsgcuvv6}rv=fIy@@az5Lr%nK<6#zsjy8H#E_=T8p;TYK(S#Qoz zv87s&HUwn3oNm3<7I-TDmK(zkDWh!?C=_HvkzFKOtV?~vD=#_Y*vT3S z)MmTEumq@o#p&AF1c3oZ*~mR|$yBaIuT8~52L-+ff7 z4#Y(zdmL^alvumNX#nk;X6U9n7CZR6aWgU8QOb&j&XHKFRnH{2E{@DsGK?%E&<=#V zjgkyt&f(zD#+IW+!KB*AO0u8KJj4NQrnrBNm}^nd1h)fDllWseHu(rb zwyClTL0vlD-?pOI<9`Gt<45Q0z~oi?xZ+BV4v2563#%su#`X)k5b^l@T+j?#Pm(O} zAJ*um4Hj$HaLX~YW|wdmO1WTaoc`N;pA$y+GaiYXPiUPg)~!zJ&xJMZVpA(iuEs_s zsf%BETE<)xShViL8mtS21@4_cyEH4P~-y(`!+ZZ-v6yK4RRe504; zZQ_2k%9<>O?A~4WUrZX{2b~@X*ZOVzpqPr9Xz-@3;0lyyuTYW{U$$NQ@eQ)`kKIbi z7RwG_p8U3N5Bdp`fcoK8ldC+5wEcE>Yu4jaIp1!}AXi^SsI2hFma%r&_Yd|tzJzW9 z-<=g==M8qhYztO=KD!nO#qC}`b>z!)#-+W<6J9E85142XNX?=@M)4iKN-U3haun^n zVx2NoG(b|*>>mlWo*q!&QE%zzVNWQpf$4Ar1PL? zmco$03`!>mAY%MHy&?x-!OOU@kTSa2r#F}Cbse+uWsdx8V1a3gcS$^3RpCx={;QH? zvCZs8#YJ9|)lJIz*^UV1*KB9o_sc@B*AY3{e!UY^l0CLx^X?`Hcb{Zn^@f{UyuN3y%Nty2*IY?U zx~yn2CwaE!fmLU+SU8X?JCzY>)()10Ohf7mCY;Qg@Fg3w5@oK<4%c$KtZw$_NN*8N z=Je3>4cT)Dm5gAV@4}#p#>@PaX$OsxW$|rd*A!oUZqjycxp8QB`SD|ypJ-b@+lTb( ztZ;Z0=cD4%Z}nZMwe*er?S0GD;D=MW-^Zh9hZqB^+l=#O-yhR^wtj6U)wuSx$uX(c zXXD9zggrN#;ILx1(k)lPYFb}R;I~g6omKC+UsT(^k6F3z%f*!RjgF03QE)xNXw6-HL0g{p>|b&zu6O+|GxtI_%;A(4E9vK{YtH#j=vSUfy%lXP z!wPz>ZoFsVa*WCSyMaHtx+~AT|HI~icIeLT^@k%5snaiLUX(slS+(O;vwfB zPPx)a-EU_-rH`Gy@YtH3g)R>G`fy*H`puI8r~3Z*w1eL&M%4H&2u5Ncw<=sc)l(_G zk{LaXijPO~ukmK|^!MS7;&{)>LUrl|yzI6NSBjxulS1fmo`K~F+I7PmAY-Mdv=Gxa) z%p+ggx9SakeUNr>dsc_qlTFUk1K4XaU9^{}-&wuxwkORw{WGnAVcV0w=M>@8ck-&! z=S6m@|Kvlp1Pe*sO(WER3&@f*{f^dWKjKVVlS$K&wn-2jpn-IGB;RV<&NYGYNVcDY zFq`Z@A2Hjo{Zg@-Ri~kNq+glb{fvD2SY==I8wlwr3!4AdET1M@udY}dvA|-%jCw(d z*1$YkIi)1=haG-D3a;akjPd2pKWLsE(m!yaFO2@^;qNFXyVT^#2sP0hblg#&H|LV` zI+1j$bI737?&Suc0c~(k>SMc_npVq1{`*5q2eY*q*u&c&ag=K6SJv!}4^5Zmy!>#2 zV>!J>{A%{D>qJ3nv5wt`bh<=9FM0cy7>2mS(g{_+Hx_g8q5IEX>*sz9yH&w&tXko) z42`bel&?~gjxsR&DQjLnGZ^rR zdikNJ;XzWEtyX`lUFZE5o?D(d#amrja_muKWJ{0_N*$uFJn1R=6vsBpvcFby;*<)5 zB3bbnZuYW&-|qHDGJGLaDrNY-VlB=ZtIsr0D9Yn(4BtiOptWWTK26;W}QvI=P5mrUYRSM(6TW=8NRBrMkkoZ^~4{ z>UE+Fbx)`0T3VEB$OdqHsmL&$Pk0rMvkG-ds<8`@V1S8S5XUK+H6%V>mcbj!)+OiP zo0jPgl&vsQs3+`IE|(wFR0yvr{e4;Pi7YkT!t63$?pB$cQ4WMDfJe_FqzMQoVczj( z?K+D5NyFj;hDulKOH1wfZ?xpPvlS1g5NXTW&7YOHPh}q3;r7@Omg zw;o5LNPEr^?>3jS43&3vnV0K>``2|T&ET~WlfcayNS-RxfJ~BP0g5e3TFFXAb7g%- z`*pLo)D9@kC*#%RDt+Q`qLt47Y2f(JxxoMM&)UpoOhoqf zZ~Sk+@EmDoa*=;jdrI$*(9o^g`&S-4dJOos0CEn1 z|9v3hS?Tb~-IuEX(Ry@Yb!cep$B!SUPyYr03V=nrjI3cSKn9%70vZ7)PMiTOE1aBy zfaE7Y)aW|V_Z~HXNx{s_gHNA6k&1qRaXoIKYszxYXFM7vFNuN5fq9DN0R>b?JKb5K3Mq!+_?e-Ujex*Q&TraM<*^`8~`&% z!IUW=`3Gdj((>}#Cr=i|#C5>EE6+Zx4h#$dQo1;t7NDOFq`bpoHL?M6Zf+@qa{&8us?76 z*|Me|sQ97ej1^%I0$7?o-8@ByuH}hEC9L;Nt6jngmF(502j%ZCFWKjyuk!DT$IJ%Y zk{7p6Ox99% zR@wv7g80Ffk$G(E((G{cwV?S5gnG2LA3ibzU0-@|XgSXj$K_2oq*Z3-W3AW&gCv@* zw?p(U4IV@)b0us)f<8TaoFyAu1~1Lcsda;EWR*oX6rFh%i**=Yu0sTmpyqIqllI&~ zxwPln*=7iOd`>`J(Q!?yx-)jz&GY0}JuyA}!)Qomw}Y65{`CTcUq%?ULLPsAp=-~* zb2JT~$)p2idY2Up^8c{mcWC+v*x}07OF~c-_(h)O1VkSY$iQoO5V`Hg?zJGSX6H|! ziN5WWRkXhF9Qw$nx1AzitZ?#xa0dZ(;vz2HZiv)}8A2j`tP+mO`INEW{qDMpk16rW zr`eOv*^iv;REQHY2XGgK4k`dPYEZ&Z(`9k^2)Dcc*727!h1tH*-uZ>0EW4gj=YuYQ zq#q6cR&0&?g+|0iiMpVfG=uG~Gqt}@<`!;_>prjfFJTU!OwziCRy<9I#jIj+j0*{>+DD_LXnu< z|N6J;eh}}FM){80Fp}M>l4-G`%T0`2CUeDV^fNRfc~}Z+w)Iu|OSgpj9XW==+2qx6 zlN9>nKah8l&aq5Ovh2!8d;PQd3lR;>KVV?B;3#(0P5eu<$(;Gg1SQ zF!9dC^$kMbXeoi6&B&1Q3XPrgT-Nelbiw;UNl#eLOl@-oRrVHcrr%BXcVRJZ3^1&1 za#i{fmS-{$B`tC)q2Y}7oNSpZ>AZtJmsH|-@7xCCFjnrHFRTMwJR(g^TQ14RmO1L{ z9Mi}Ua^$o<>o(~;)k{6+zNn40|N1B!Mq#RFUe&8u#Owdo{5~U=mo%Qn{VUH-TtQpKdwdg`+7b3XC^-^ z$K{sTCB`}s8}?X}R+WyUxoH`YcHnB^$D0w%$T9_CM&Iqly^j5>Uz;5&$NUQ45|7%7 z-zkZI?-P(EW#2im5a8(Mv(3j(t7idJkMU#Wx*_v4Ae>-d=_#1r=?*Wr?u^N^g2odA z^lI`TJdkK+cdp~4=5rk?v^W5L$i1^b{rQ9EwRXPhl^xcm&o*p~xmzjWW?y>=|*FVpkR{QHyj(qpbMP)){2*JS91DAD)jb__3EIe}9&qQSfaRy5MB?lioB<-+J7LI-yP(#zoj7kY%D^B@ z+=F3Paa0kIumHx_>*qSog#gIFbSx`0wW>N{y*n!#%|V#RX~--xRteU7 z9YB}rr>V>=KXuyBfY_J+o@H)`H0#W^oVm_9{zs?Wy3NrN@h*7?s~^u;cbsmWu7$Qc z{*HKDckf2`nPqjW$!tO(6{*C^J-N!t(GgRaR_A|E+_AdmrIlYj^qjsOQr|nr{JWia zzw()$LtD@>n%^W-o9#u^Dz9QTY`9akxJ_yImX~2t-v~mDPbv?W61G>fAI!dHNc;RK zkO;J%QJ*wBdHhF#BJVz7+|2Cs^4{0Gs~Ha;1$;h#Y2%W_$T#r|RpwpG8(&h?i2MAVrR{M|AW7I_q%U1vrebg9}4o# z>%KkNHu7O~%i$OKgB^(;15JDBcgY^NN1yu^e7*7P3A)v{l3m-J4a_jo&2eM~UH3N? zOQExF?}Jy0&DqibV|(A$Y|OTkzmdN30m$bEZ$fl(RaQS=SzVre{$|fQ;K0KP~SHUVn?3B-#?K$@L?~6phUYj zy{-B%tq6QJezfph!wX31gRSChN#O3z-UDaO(qbr0-w5})$bgZsMTT3}qZ_+_8!fp1 zw*Txm9ao*$D_`Y4yo=u@8?kBlzKq*D1+TovUtFX5H!UrVuHE@=Phi^OwOyYK=PKmf zlTYsR-}S*fXr*FTZw&Rtos@C^%v35e_rs3&+p|79hdg_VL{G=e;6+}Fs&Y8^wgHa4 zo!4inoeB#~+S^R7`VP6CJ?yiFkvL!@2Q;#94j)w7EVTYDV%5nMfLLUJpb*xVn;SKW zv>UNrdkVqiyt*3NXREOtl$29c4GWaLI8g_O>MtQyU%&jn|v3g83K%G`p?1~8|& zAR|_NXN_jA5X#~s)^p&_O8|~cw&6gXIt$IDU_O&%qa?Uf5=;#Tqp=a+!Vrz0ffTZ~ zN+)DJU0h+7GXuigri;p{h0aTG=>EdS&xNLVI4cRhmIH%wU<@)?J))+v1oZ@9E&u|N z1QG9stR=&SV}W!|QCki|1W+pu zwB|E#T^7QKL)AXKIuNT}sX~TY z(f3iFRaf)jJIF9r3xMb><68osWX*Ts;Ju?2tR*<8U29f;AYA~hzF90Otg24ajV6P5 zerXE>kuGX!0hGmnFxbGjZ26Syp(C?U+h>(DAtanrTx$Ug6>3-rQ8*zaowJ`X3;J*> zn$cA|wY4!qh^Bylm@T@(k(y>`deR{R8~B)6xgA|%)&Pahf_7g(O>*^?Lg>AWLr)jM zy+SCCRiDxV{XD9K69AgziU6PbPhaTK?1tgd5(*g+o&-^06lXnK1)c7a!-WtZoK_GE z)Li0s*NbqnMok>VMF+l@zAciC$hJ31nQeM!q2RfrppK33x~FY}JL zJUZRt*dE-`st8N>=kcL;^3z7PCD&}*NUcoCHBWk1S5B=AO4^pzs+ene{A!t;LO*m9 zA7Mm>5~U!(0XR;8)a`^AaiE_w%=OsK1@RCC)&c3HW(B@n45t}~)66Ssmgd7Nb)exa zaE=F!>xA4|s`1G%*9DNCWEg`E;03K7DTtj*B@6)OJ1a0VYCC-ob}g`W+f<3Y5VElx zF%(;8!)RwD?Q;T<_HG?~u*&zH6}24vWKeM+8Rn4*!P5Z*&}K%3 zinjm?I9P9ANv#C}imS3=L!S4QU^B~Ia1a*%1eA>gbdhS4Ff|U8!arz$IUzv9*aB$! z;!(4=;F-*QK?3Mh#=dQtZ7O{D%LA?21N(1Gt7~vzsQYAQTq!0A@iiW)F|KCEfxXxP zk)|Kj3#_&%uHJE%tjB@j$rV!Cha~Quyw2N?(SbiN?7rFDLjz9QFe={3flPF@={Lc2 z9H4DkeaNUeVDpK_yJTE&SG6BVSlX}u?UcncP_^%HY)iL^>uKh*vZ>y(4D`t)sAx1D z)OJ0z1}l0C>S_VN&~Zp4{}WuF3~so8(l!W0j5WFjfuS!tQW#K=7QVkV;3Nm83joJf zpi{nlq7y9HQLVXDOBjb@*vM6FTFO!%9tYZyK@7VqnTlW+R!}<6iZ=kKH~+@|(s081 z5R2SM)v4~=5&NpIOewQL&DVq?0CcU^MYAr1Y9me-7GC;xBxrUYh2L|x4NzvBP!XPz zU;6En7F^O5VR!F*ZN^0!`+^0#F;}6yFy~S^6?wLdUmRHT?Hl?KzHIxWONHT;DGmp0 z*a-ZyOV$ddkwBS?t4SrDm%mw^RnY$pZ+@z)zkL2^QtCFzT=P1XT{(Y1=llR|V!#@Q z`tO2L|33ULEhQ{5^&f=)(M4R}BFxX+)YQn#$jprXC;n&pPyes~7Rc~V{0{`cpZPz9 zLZRrU|IQ2M=Mew`VS@i%1MVMwkUs~Yr(|=LM@BcdO!@u0(Kf(V+*`G}QI{(v8 z{Wml<{ipx`zqa2$a_3L|_ZHFW6^OF8iRfN1a0CG(D}{leNO(y+8Yd(AsG6R8|o+L3hc~YQ~oQpcjUkAQXRe@z5o zrPt|dv9#12ZS@^&E#h?5(>1A)mS!96aB)rw=?*fUOoI*HRA&d9Krfph-?gzpYMU9> zyByX45NDWz6R5BrO?5?Uu9w!>fHm4+Woxft9*m~Nh#4lxn8m_rY2v0C1j{U{Rjie1 zrn5nUF2i49^Cn4;JtXHWLzh?+hi$h08LlplK3=Z=-X2U3|KPxYs8G-F(7?@M9?=oO zp21rJH?i%4cEyB*hlIz5ZrvRp7oD6Kza=RqEqQa~=9I)8S()i+^`f_LtZt5;dZCfd zJ2{;KN69=_=^}51>Hztp!SYpXg?6^WsR-rjAhjljd7qs*cdK?=4E4-rwTtOGgD%!1 zTU4*6YEEs_oZqFhm$tFjozb`{pgcC1yCe2M20LeWW^+QsWp}$-83xJ>=@o6c~Qw8?08DUKXs$&&jOeXSL^LJ#4X`I_0!_ z!eQkc^JaGDYQN{_YwKsP2d^%Mt}aG?e-|lkU4XMKMcY*3Y|9}w&GL*V6>gGg3b1Hl^gPPpygBUXZ#o&wcYLgzLDB!!-%k z72^6U(i?7&!tQEDj*`7sWn*8+CVbpkcrZ4*J|yq5KmQqz$K~%U+Q%=gsoa}gR9#eF zB?{R%(pb~lbSS6dIKQ^OuHjfq>(Nsuj<$E6JbSwR_^ETf=X>6l=f170SZF@<;b_fj zNB!!hp5cMtZjN7Cz1)4ILs-`}QqVrteNosqJl->MZ+vWM?8ddx8@KN~y!-f%J6C2F zSC?kre|Yz&iv7RvKScfu|Nl=l`N{tuAqv?3SC>#enNxsMQRZi`2N3`{oei7KQ{_O( z4mnJF1lJK4Iwgjqx|8%ZVF(UbMv1(9&?42A=;9seQXI_SyhP16dh3z)r%VeRH&||o zJI@<9#u)8xJBKpKSb$%i61N@nx`{4}8Iq7Y-F$0aJ?ix4V4F~rqVg^BrU`G)+;Wms zS+n!C1`)j7RxJf6jBMGtUn72UfBd{xiCqBs=b5!T?1a9cG|~sb|vrghrPg?3W-D zB^QVwLrlJ-xx`2~O9(@Tx)k_kD*>~YjjTWB9QMCrf(O)|e+Q>KOHQCfGU4$QJ9yrQ@?tn391xK{ z(g(c6@2xR$Xp}Z_@RYHsT2MA(C=z;mm#P+?*;|3RQQkw<%frb*jt7NFV{srM` zPU!lGWjUcn06xOj5fs>+JT=V&4ZPK;aN3NH zw;i-W7~vu97lkDG(eU*!`i-4;CpI*zU6u-Bz7sc$3SmRki+HP(T7YpUAcRoJub6m8 z7S^3BKN5j}paBN#{F5PF;ErROB4w=jVB=mwrxu=q+KO^y(^Rqr!xFG0Yc8%6DqyJZ zpXd^%Q%4L3AbR8^fL1{qf zWa=Uw8-R@K#B&G*18)gCOukc);xvoNmkt--**^&zv-Y+F=59s|;h5x{x0qB}2B<3I z$q&Wv_HQ1riB*XeGCuVP_9dOK*Jao8f-Gk95|;!JFP1&t9>tMVWW$ye`qOdboP2Fi zJ`e;DJdSc|i33!cEsvm)8JfaT^x@zE$ZEFcxeZ$4(CZ^t0_6>h=vj6qb5fij1|N~U z1W=hCd(&mf5PS(6_O3Y8ASbz)$In%8GQM{GcC!?fkPLj}-3DG8bI?iISa$ye;>;34 z4iLm;Q-u%{kf+dtq+-bZkSt{JfUpP%M%lqhLm^SE#7=!!mFR`@o7ic?@HQ@GEy+RBMHNe4{;QkexVTJ zmR;nq03tJROyv@}RnF~Y%wb^$Nl});=w}v+=xK)KPH5 z;thljLp89;2|YFo2VH=ob;KOWtm#}OHvwn%F+^6wT8^pO#0~W;K}A9oKw9Vd4Ky|T zQ>c7(aEY4=87#M6yy13rw9WAKq6{xsC@zAf2uud}`}~4zu6I`fn-g`(ejWb2$+4t{ zu_Ll{&W-ReR_K}z*4Uzd5ZV|EX?_=AZSjYZygWA1l9K&EwU`i1EcW!$kHUpDAJ5Vn zpau%IbsLp4>KM)Hy_LttMurGkBY}UU2^iLa@eb&1QYuLek`^v{5+O@`4Ua*Eb+Xq3 zGaa>Xt5#sZ#tZ0mVLn>fB?O@ALmanAsBmaz8`OF_wl*GSAM)7=d4iR<<_nwWK!hLx zmjT-uvi+!@0f`&`prwkHP0dI_a~srhL*Zw}cApJ5g*(A%o!mf0i8aCeqfT7m-5}vR z8G9a}8$jVnR|q9?7r7LScMdcy45jg{QNZrHv=%J8kl=&ZT1~!ri1y|zdZThySaR`( z5vr>jSqQ$hHr6AKZnW33pP~r>-<|=fZDc!uC@l2lK=66wew7Uf&YsL7Kv6iX7(u&$ zD|N|V`5+tP+uk)B->;21h(&RuxGX zt}E{b(HX&z;O60ck57CMXn`K75+W@4&;7T5y_V-tb`!vMw3_Dw-3*q}? zJ1L7^XZ!AK;d6dXX#dRN^K&x04p0(3!-s*@A5x6YSq2D!Q$7A`%^JI+U zXGXlK{XCL&k)q`k*)<>Kc{l{UtU6vzH_b0`-G6MnlEI-7Vh1iy98eGXN?9mC?A>GO z2}EV4E*x2F9IN#zjw+nmzt%cHT==1Rtc`jwePQgwCP0dcqXF(lFPx-kvpP}ZH;-=M z8PAsrunb4*%1s(>dR2bdpJ>f!z!(II1a4$oybf~2nd@wqGBdGO4GSf3Mv za1g?)!QRmNsQvLe-rC}Qjd-Nv&a5_q+|cX7$5#Un(%kyKN(xXQa2@RjoJENhk^gL|EH0e zxyk<;|7&DqZ1PY4&wt-j|Cs;&#DAUup+Dn)K@dWMAuuvnB1saCC6UBQSfVsZM$P~s zCZ$8t(Nh3Gih`srTuMtuMoUb>7$s{)lCjh$>B;CB=+cZmpc092DL)-Ts-YxH%5W>r zU>)5s-k7GqG&689*kLd2MFU4@EJKZS1EHRtk!yY4SzACjZ#+rnwrkW zny%WWPNwG0Iy!#l8tb*q*PEFKLY2eB^dgD+QR0U2vZirxopcGabScYBx>WkT-vlpz$H;*6EukJ>$%+1( z{bROnPE6wia>oE=o+-Xe!mt}-SZqm~5Hp^~o9=TYcK8v`M9P$S=$#ByJHTFhBU$!V zlHOc~O_`kMNuo=!mhVX&uQJ_)lV zVv4t>or+9ev-49!pND z4^QlgOzM;l9@7pUmXElpw|Pop;}eCr=LYF--7+WgEx6p^lA@H7_Vm14J99s#7Mtc3 z8*-0%lyG%L_)f7#2gY}s2~+*RCo^l-(& zrjxZt4>q;6o#?rd$N!dhaQ;ly<=W#b701U;^sXE|!@FL4V5YTWq@&}>x$^e$p7WRY zp8awC-0;`mMt{3J*7suQ;J|9<tI$x==ds$3{eI9QxjPtmd-U27Mg&HB@zl-sp!Nfu2mISA zd;(5~98-)>iq;FV17aVHoo>5Lb_t7zxt)3G*Glod$R4Vyq#ZvRUmHw;>a_W6sXk%h zem&+gJaJ=&(o27*4h=P(0KhX64{Y2F2QcnYrqbBt{-Oob zgDywcOm2NK9;`6EYGK!S{>xiUmpV?TzxJo+C8`cJ>n_=HM|x%6oOpHSrbLi1Zs>N( zKz6~MltX&X*|cLLY+^V;uhT)VRm)#W*C@gH<~sZYL>aJr-!RToE0-NpudbVX=%w)F z%bMIsS1)S$ooxS`Ka{N>=BN$2*LlSsbzg z<(c-8BHqWHe_XvOv^-aw+FoMsJ!!KU-n&q94!K$>Q3FZ)Am#|)G%(qBT&SbUN2 z3D&yj`SUjG^Q*vdRMX>6zK3oNeUJz8(Fo3wk?bpD5)S%7Auy-g-MRG=j=1%DCnFv9 z*?tST!Sz7GY!FTSsSKU6FzTLhR$J z@j@+)f^h(`hNWGu8dd@ZWZbP1Fpukfdcyj3a}jIcyvdtgAD22_%sl@i z`%;hUV{}K-)6)>!i@hnZk?!|`L!*o@?vjhIUvoRSoPNZyn?~+BUhNHgrHG$rna{jn zsvc6Po03pk)*p&H(Ie&ee9*eQY_UiN7eY$n81d}fsq}1uMJLRF2ezj;oyQ#3i*a7M zj}_6B9$AhCP469gJ%4$B?PXW4$b)R4wSXpv!vZ5zPHILT`KikZKX~>8R;_CPu@QlB z%j^Jh)k0XIVNoyb@;&?PLz%Ti-j_khpcJSy;5d=5_LDVJHph_4Kr%?#F830%L%!aPzIM8>qvIBe!37uJ& zfA9XxQxXVZ;?rYNfpeJPUVG_v89AW1?1Uz7nb^McSi33{V^u{h?P3IJu+q@ZtapUO ziM#Sq6zm-n%D#!V(#gm!D8}P$-C|^+<+dTxzN1oyh*}E)s3gvg9pm5!MGsKWuzKOO z%~XK|V}XsDyyy{5M!S@8U^6l${)uF$7e5?s#6Se}br*G(M3FX}&LMC%13-qo-k1w_ ztNLt{mg6%RZwW>}+<=Zr=*I-(a#btBOFK3&CDL1Yhrjk5FJ|D?(~@!(1dKx}jo8p8 zAYB=@=<`{RHRHt)*S=n(=CmzGHNgSSYuj}Z?W zo=KD@<;qV2NXx}IRVVj*ho5trt$Eq;g&c+q_jN>NLXkTy+%|JH__Xe~h50QYgB#iI zpnUUQK~jP4%=TE-_7H7O)aT|y*#tHy&OlS4O95hvf?fTwdGws*J71&7(AWD#PNMAW zw+GIO+Ya`YMpzd+s^Ud_UuyD=vap7Fzj;3lF~4=7-$(p1#|q%c`?O zXQ*3j?Q!>ujQ4F~s*9JLm{aVMSM#Z5m(ku!^Nalt+<38mX~prb;f1rs_uCvPuZZmS zaLLErw>>)&%Y-+v`k;N2^fu1z>>WPnBU~Rn?W~pJ!R4-x+pljn{(duz^M+pf|=^Px+Qw(LGGcyR*b7eK_$yR2pul`rT;~2B!+*c|MaOTN`AwLU-sV`FW!^Q-e|;is z(Z2Alr3}12He*lV%A)2gY)(MWsz_6Mul47SC%WneyxYEH^}O42rY9|^@n{`0w^g%> znAN`@FCBCGkGl>(Saj|2Q7fAovuiuM35Qh_I842ge)&dLQIo0%0$abk?K-{KZXFyF z;-D6%Zyn)YknJ2Q3Q8K0w5Zae>%6jJ$3b^LN~-R%-A61e{X4Yz0&nxS0aZfZE`4r% zeO1u5CNyXB!d2GA53UK^D+(4S3Pk6ce$%|9M(90lvO`9OyKh;cg^Sxnvu@r+wpSLK zbtq12z5n_N&v%+NiJ#)qdeW&sJy+bFGrA_N#jNY{{9i{!Sw&2LYn_dsWz+9hMK~RI zTYk}2^!T>BSI*x_L2fOEWr;K6riVw3EDY}(FxMeJRC0AhU}%dkogYs<*jZ#9^Gj;H z<1EiRH<~YAa=go=&!<2B^cU;lHw(rVjxOvNV|HV}*!@?QA5{46yW8~4#6SFJI2Sj2 zDzNgdO?mM}i%<*YG^e)H^1_>yR2HlD9u9?6tH1nHF?wvNK zw>#A;(9!ncB@rAhu;n-VpKI+SnIRwVb@;u;V(5v<`)b{<_=#qPisGs)hu3PaJ}_Te z;QJmUoVHFF^P4Ws+e#X0nJl)7&$5(xPfsgTq=j0YsI|K#u#T@WZ(e2g}`_3TKNhpCeIRQE-%yWS|SQQWjUg9e4Eq(ab=?AWuo1?%%iUlc&kc!W};Q5 zx7FE)#qj~t&jwhXcC$(oTTKXUdaK6nN`-}FqoAW>hAeO5z{^A z({4124s~(dJM&?U{g0szKf5_R6xbaKE!pvw?egk^Cp$C$UghPpy6eKl76W}oHd|FV zQYai#RJz!$+wy>f#kKA$3ML6^%zj{I_1M>Rw2v^M!gh0+#i$8_F|9ns0(*@Zwx3!1 zZEO{h2d|P2%C5FjRax$zA$;pam9S4)X8v1qyerK^%7n)^3WugxWma0Hi!FzQS`HCg z$qTH8cw3EETgjNY@zGWjD(z}&Gy^IGx7%c#bewmxpy{_U^J+K18Yb36PtyiiL|2RQ zpQ{fE?4E6u|5$B*siw&vB~3o870oT^=<40Se}z|vmcsQ_w(nhUd(NeFXMy(=Uy-XO zZoyJ>*HpQqTC{RstD6<`*F1dNexco(fLU8o1tTRgL5=w%Z-?5@cU?=pZK^CsIhr{O zmJb&%?^m+04P#!OI$}esw_#7Y_5_r2#teBrXJV>#R)JOgQmcegt5d(vxzr}7A7g!` z^8L#KGuz5+N!xkZC5yhkZvD+Z>t`=o&x;YSjILf(?zniT|KevcqkgWjzvNxA(_i(U z)BY}%=6l4pPFKR3-*f)*QrmT@`4+l5pNvn;-S zv`8(Q@br=W_mAw0_AQ>cM>H+p%q7%JyUV=2u3hY1j{|;9%z`SE7yDUM*fe)ts@bFR z3pKMaQ@N$dZ&WS)L2WxqxatSBeaU|NpVjvBUbLNjwATKS=xV;c*vwV1=A-bGkZSV>tt^vk=L{*Z8ee61x7KdgfGsDWcii#)vsv%= zt2OVxM;I%xyc%kMPhc~o-Mqr8ruQnh-m7XVp0st~vUSmAD@P4j{C(=;yiGvp^@~E6 zw%1wg72CEicKTf7-K}+N8~6CA#0h~X7k)o0)xTv62ZAj zw~|>K*SIYh^=#w(W%hn<){kn;x9=0SO-}Z#6t=I~G*rA}s9?EsfmFNOy!eE9-_S9G z9W5`ESjpAaw*?NHMGmzU_9v>W&WJvciU;>o4~W?#WL^ktu8Qr>Ry568y7lWS`=?_2 z@ILmR-&{L%#LE8amC?0}+WaP3Sf4`{&QqKV^ve%GNtNE?HM#R=B3+ z+o8hL%k3xJ?4bQ4ZFZUG_scTfd^*| zD_`aAkl&|EMcYcVKkcUt9D1|N{@s!LS_&MlRF)|g9`;k42UVJT)|iFVgs*;V-mgm7 zrq;Z@lf~jDI|o;Ol2v7O!qL7qbkyToyS>Y{9BB7(KW~NKmi-;Y7P4#mi$ZNa6Wc#k zI~>b#c7zq^GIv;?R+U#(0aNBb+0*w1Vt-1lC;+csgro%)0} zIk%vB^qk`vw^}Qjd6q8sbSo+?4>hx6%m;)n-~GF`m7~C^(tgZ3yGQ3ndgR$ZDOmMO zncdDo!a0cvm&@#rGF@T?r<#1?`TIG4zf|+vpC!$zw1GDyi?&vM9cAhKw&mbbt8tD; zihGQjF~@q}i2dz)ScIhx*mPk3yo1*H%$c3D)1HOy@|<(#V$jTi=dyD5Hd$4>%W-BC z+mCW9YDE1$EAXpa-zzlU>*87I^5dDeI`paB*4{07$?)xN8gr)R-Mww4wiQ7G1eP}( zyLxyeSiu37-5q{;QE6{6dH&66yVe517hTVZYwa&rwsNUV>T}}!w}U(08I`=gG|xN>LrE%uKc?Q;vPh6z5NHR{5ggZsZ;VtsnVQP<#6d-~X)b*#Q$y6f9b zW=~INtxe5aStDAm&aH;G;Rr7JXXf?0eel7NFpC1S&3`q&GG61d?)bDF0&z~vtTIt2 zX8BIh@@(;xt2x5hMWUx+f}^+Hz9_T%R{WWDh3&T$c5{9#^15a*Lu`{;ZMl1RFQ-tu zN8Wbb&x{KeeI9ve-?xLotRCJLp5hlY#`*1?>1xYiWz%=Hv;X)HyW0iUV)qNPR*VU$ z@ks4(Ex*RPsP^MM;}3+*z7~C8ZS0E!^Hj06s~v4C%66|vEjSRW`Y=_y%KOXEr|*sL zetpZF<^!I2c>Hp9s*m$Xjm61fqeI@3`l?3+sYPqTZ{DcBbfeP#M&-C)x}1X-k!mU} z#|o^bi|9~{Y8Y8~?Vg>a``5308Y|9Lc~_KtF@xz%@F`wd#ZHnm_ywaxO% zFMs@|Yst6ot-dE|;rmtpB-`1RmLJUDw*F$v5({CUDxs6386*CZRD@x4%+gmx>3 zO|sCIOjDh4A7p=gvG+lE?Q2r}gP+!?|DCe5NvPo4lQHvjZCX^DiPg4)g}u(q&$kFQ z&s&rk)b-x=6^DC72#*GTmbbEL<=$4-scDxBX1A%b98+bPox1i)sNLM4E0G_V&);UQ z>6mP@$L4y-qhD6s+cLm1tYNa@$>zQ5Y(^4tfTF639wc&Em? zFw~~l+a{s=wQo{ZejQ`6cixkgm&z7Z+mzNexm441R<+GLUn~yTVDn_>hKnzD3-Wff zcJp!W+$<&t7n^;JPftF*xCZ8gDdd)pF;KDD#lFbL! z-u~Ts%S!7>HP%xrAAkGYdef)xXg8)z_}2ZM{wnDt(bO2*w?BLyII%==>_fZSw-P7# zS@#sKZBcqDq{$V}Z|@72L?oPgUv&6p^`#H)3|TYPPOQ!rd)w7)v)f$Obn9W;p)>5% zPiqcD32GOmzQ;WJ$jm&+f5n4!zt$?gR)6@Hpwq_}=5D_D-TRK6p55K|+ZC^C_haW- z`dM_VNa_BfK=eU@$UasztETD0+NQG$%omBbm-gn-y<1^Qt57#_p0G@Xx-vd;E=E@;<|!tvId_uOBjHL6M-~I_E8^>o%K%a zqvpj6#k+dx;2kUer8gJIi(i;^9p1dW<@&(D{G!Y22Cg5uXV=A4t$qA4$+oiU_DAA; zzxwpq&yPNKd%yb^v;P>hx!gUeZNi$wfYqBeU)?IXI(bOHJzH;xqJt!6pI-CW5WTqi zOix$!rFBuZ_huJc{#_KhDA9#c6gIP8&Xl^2bAPboZ1-KYA6mL>Tqi1y5hw#L7d6=t zGCBrt}x6fj6nQVGcU<-#J!P>F~;&uKd z3*|*-M~8f}K5Fjxg*FB4CfBTrF72@7Ug6B9e$~S> z?TX8aH^q#2ugk(g9ZMzCMfPnNVQ0UKQ-4z)3twil?&G*Bf%&qbvpweDvX!-HAHV75 z3bU`yI~8;uH-FueZNulw7LE9F#=Y{-{+8XkcrImAz_6(BGqbIlGwKh$oZfOi(&f&! zz)l6`!T(8qfAH`@(I0K5Sm)Gso`XL&k02NX>w^4!791U04uQ(*8%E_vC+t znssLGyol>wChTZ&#Cpw^(zpRBEjm^)ippC;+i|@G!sD5_kz39#E4xvyE(sB&SOV_9t{pD|N@I%rLkUC-vt zUi(n=+p$h}x4y_1j8AMKj4g}kG&9UjU9iT^BI5dylKTT~v(h^~Ut(oB>SSz8eB#2| zwV8sa`8&)lD&Ai+O4jc`XO0c^O=zM7LuPQw3}+-8eFwQSlq)U>G0Aq$G+V0Uhb|W z?XSgBZAN&4MGv{9cj}P^wy6olZeYFt+E81w#!MVvGgEZFot?{)!2)S|Cvi;YYdePq zx*cuiY#-zFcFUi|r{@e_-7Fy1JU;ZaxF&p?cDFEmL9P9yD-qj&NI5lbec`DM(w@s> z#o+^XgxSp$n>$^%aSi^)+4_a$m#OPlR33@?v&b>$QhK`$;W0vSrTKMPn&pb}0^6R> zwpYF}+r4qBg>CzS=E5>)v|X2-ee8r^=Q(LD*S0w^Md>Z{YtEERXm!a^TUBX(Fg@DF zxoTyQ^B0{&qSocVoQsuK@3yJ<#kcuX4{d_utWIZkE5pvh)Cz}9y<*<6)6|*%BYqn5 zd`||v{`G0((WUcr2h%%#>DWb3q7<>QP?2aeKZHqX&TsX1q z@rP!j{ddip{(Z0ic~RS= zi+_tiYbVzqW!~TZcD7T_rjG9htQJHpu9~!bhX1HaK|8?!>rbvv9~aT=fK6zgb*nwK z< zW6B+nAWsX|QrC?wjKao9&#{>)zF~oz|Ut|BGi&d@?^d zH|+b3{rk=ODmQh_Vb`iFNBrYPMO`0a)GsaS!q%8pwl1s?YU!i$Zu`OIggC| z(k9hnc(44SvsZ??PTKOl!{~62lZAr3*bn5z+50bBpAmX`#y!?uZl`&nk?n{rs(4)B z5xUwsTkxK`P&K^2^0HNIjN;k^*(B+~j%`oP47oqJyW7@xJ9hkT~OLlMl zAa1$g*iPGkG57u69_1mp^4rQ@$A9=~)X2`#*>NemWn(Ix7m8Q6jyUM_Y3~or<2x{I zw=X??BLB{_k&ipKoj7%7i0|LO&7Y=onR(T!SL!6kcB96{uU#J?s99mY&um4DS^I>? zzUlVFIpn(#@fX7O+05I6%9G-kl>B_TpLE$*ejj|d+^ewT=+ zy38waYrqTNtwSAlXP>(glE0?v#fX;8W=(0C5OC-#;m%d>`7{~hbX|Qq?R|C3boWoM zWq)$~Q|IcXy94q|#<|-ZYw0ukw4INi#eDh2Rb#$5fBL|vpDwg4$(q(XaCet4Ypn&M zhyH)o2)ut=Q~XtGo3=})i`x47j_77nw#Djflg=)H)K^Cptm$G?ar60y9tQ%lvp$vA zY?&qKc`e0#TtU&_W`dSt`{_O#9G311@45KKttK;WwEBMbx?i1z?Fx?kHF9?BPj-K- zIXv)Uzw<5nHXA%I#dpmMZIcVN3)_eG{mp!yxB}jmv9VPf-`Gc7BDRkAk_7iFlIKNUt}zu6P-kwo+Bv+r zQ|0Cs6@>?5cM4V<9@yTm_<3;h{U$qH3d;hcnw16>*V^?zc(Q+R-~N$p^TJ9j1=}?{ zg)*tumVwlJDFc^WYBTRZN%)K~k>bbl=S3yW zrp#^GjInhqD9?L)aaPbLkBi$ExcoMu)44}wmz&HJ{65F!j~2zJg&TzPTIob%i}!85 zUwm-B`-vyv8R^HPr<5Mr_et5-_TOAO`c;aB)5de%)>=d{p|gV{uZ%z8an>`&XL{^} zPf|WPqsjLa&TiE%^o-v!!8`5|Gq3y3Tw=GThr8b&A!dIa{(eh;zqHekR6A6%c%yEP ztjl6S6R*J^J1r{TJ5@XIgHaa4Cmng(B)o%LzX3hZMc zx-4ySywldhi^UclY#al2wr&;^Z*#tthu>$KutR5l?|QXn%k-KhUGi+t`MKNH3M&R} zJ*F}1d$!e!>BBGo_|&mn9-jR)p}5_AhfQ%??=MVk8J*`W47oFV+?0zQ`<8SXJut21 zrR=70-?(&%ul`K1Y2bl_Nx`jbKCSG&@Vblj^o{Nh;zV7;YpM%lKUi7zlbhF*ONSHN zzZX;V-Dlle2V9*gw_B99>5;amg{8n|NpWZSy^}t9@@LYITl>FXSi|_YYXP)hr$__*gPKq}+VwUq@#g(*{TFvxur1 zBB&5fdvIY{k)Z5KwDXkV4pE|U>r$FmUU$wZ4c~oX+y}=a?dC-d=`?G_i1L^l_m9u{ zeq6xMZ@W6*FWzA(n4Y@5`$(^`=XQEM+2S{)+k-VT=iQn)wR+~yzW%?SoqzuHku?tn zt;>ll=qviT{iWUB@jLr=xm!^jTPbW-HG;Ww^WBXj<~+E*{ryc@gHD~6d5Q;p{$xSn zdAC!8Ze8vBG*%#7xlZ&m6c6FIu&l>f{5U z$5PO2-zkT|gQsuWy<_^F>+43Q9q^r!GV`0H4R`L0y>r6)$hsLVJ`1~hr>RrQhzD-= zsaM)m!>vycfpKl%3TgEs~r>=ON1_VJWu*PKTe|MDb7uylFKnc4kD2_ly7Xxrqg z#dlV_4H^FBtvRu&V-7a8tIiu+HobGp(z)6tqjOIz+!uczyAM8qfeEw$BlVcq3rXH$I4R5~Pp_z^I}b}X88zdiQTR~zjps*Qq|0yqWSWD>zu#*YD^PXh1ksU zUemb3)km|_1f@N{N!zyi{J;lU{trLfHGGHD^~kjmmrfo#R5LBRlh@FB_J5CX-enP0 zS#0*p{OZvj#W>hzm1^0#MYQsPtV32}(4aPhjxQUQemucn6uwzHrti1s4Kk3t z`wnc`nf_MV;jb?}`m_CvKbv-_lFwM0@t;1UiYp36)NI`sICMs7+q(%>!Vit zj*dRMEWOne;i?apeAA}N{n(2$;-YIa=BEvtQZsVO^QU7LK7O>^s%y;Uzn#YY7!|zc zP*V1y%kP#5W(4`py?1$j_Vu*5(;EkkU+5@&v3=|Kzbw9$S)6}o;*~A!#_YfSpnrDe z!hpi+Ijx)Rn=!R)W^;IfUU6&D>Ti2Rm)KNoJO1mV4%HoReBNsI+3z+!jWrWD6>L_V zQ_h{f??c@m8)rLR&Ce<65)js9_Tq2PZ)~w|+P}jT0U(qMYV-mJ>OWk-(Es(1&_#JIyn=(W^(`-cK zugM#qeew&zYhoSV8}wq^1rkNqt*EN{}-!kqi7 zUv%5&vSVjX{=N_M$0|x)4yd=!v2pC?`M6zDR#B@Gfv7}aYtt=uetF4Exu;1?!w*Q`ZU0C=<{(9A<4b%Qu z;ac9IU}9sNqxVd z!o-yR+XqkHy|}RT>B)z_n*8Yxe;%@)JkRyd-TnSte)#8Is-h0Hi!Jj6hgDM!jTN4H zZ_1gk{%kd-pq0(~#5OHGmrZxA+O#wLuh!~0mD9>C^99Y?=&rODS~@p9+3C0MoBclR zz1xQ-6tt>pS~}p5t7FTKUsO3=>o@hvSmD(#{&T0(-_D(3{e_l4e?3IJ{`+o!r=Km` zEQ;*B zrJIAMxyQJlH=eQCEtO9`b@`h!1ur?fgYW;(?dhq~WR8tYh#TY^q0-3UO;G>VKW}e8 zJl;hBC%t(0_NPC6e7(uv_!;~&KL5qX&&S(Gz`)C;{`>#_|NQ*thWQ^cH0fWGfj8iP zFWmp}KmPys#sB5}k5cM1a+&rYPUGeKf4seY;AO8y=Rf)Qd;9MjYP|+Y((*NOr7p`WNv@N5!OJmp@^r5TrR0D5-B?2ZUwU1Gob^Kd zm#9+d{`tgTrT^akK6U(mub#dCxBvH_6TT561gW($%|w|dXuK+2E>lV+p>pN;d{2p5 zt&n-9tFnXY7>NHVd?SeZ|Ij53>%SiD{nO>3{x=x^_v-Bnuluf}|NcJS|2zNnpOU>% z_Xj&iCPX9;7e_IO>lyKo@IkQ=jH`zi1_oYUk;#!vOmf^H#?RB+he^g`faN;5N(qp` zD=OYK#5UO3!^4*8FH_1i5}iyM#KftTOp;8^`1WFadIt6K3GxnPq9T(qGVo@`WvFs8 zG9;cf*<{Ojc)$qc!3v2ov#+a6i9=?|BvLvu6PGYzY;1f|RATbjh=lm$sQBcuF$oC+ z$&GLty-u!E$U-7j={ealrH)BR8z)QG!4#x21%pYfU@v-wEnKSr!^UW2ioUK|UA{u5 z&63Gj7U>S^MM~y`9vmNA<=64x+*0T(JOveHi20mE7&dltLQ5X2K(#uwQ>hVPyD~%! zsqA?WLIyD!d1jUl>8R$u%>YU8$dF{q75PC-wo0keswL^NKICJqe3C3kn=Mf&Ttj?& zqt@wU*=aIO529?rUTPSKKHrFWFe4w=5TLbEk`1ztdIEnUAA+-d7`c>w92CB?u|8|)>A!QmtLTpALlQA%>8%pe&P1K;&vV#DL$ zOVoDwUz~irjETsSWUGOeJ(w^}no5%l+-BS|R2l{{({SHJ&}<(jL!-)O;#CvLa$&VS zY(*l5@d*sP^hx>4PLW8kv$Arcz0JF!4p^Uj1yp#y;DZJ{z8% z%sw$mrvXa^Uc4kk{blw``#pSA*cbnRrlNWhOWzZ=f8O4M}YYDij0nm^ojPSgZK7i*jYnZ0~T7Y1x7HS)T|)C$vS|uGGdUm z9>86#T#6_N8B8A;;K`%_cG6!(pW&6G0F$VYzllnQhlfQ(MtBp3fXqhcK*)x&Dp9<# z4pPWN^u4!FK%h@RZ`TmuO;lbwI22e6PPzxWcKwCEy#m6#y~CniL-?yA0CbtS(gzN6 z_xJG&1SY_kvDpw-lIb=uaJYX@U|AR#CeG7DYb2SRG8)c8?!jH5zt+_A1ABS<`}z3# z!J^_#Pq9}|f8W5~KE2s12FbNV^9>({wy<}Aw_iX&pfA`XWT+HJi<78LJTp4l7nb1d z?-~NmOe0AL(-goVaZ`h0P9UlBCr--8WQM>GRuYm$*fVT!@ypCJ$)j5!UItbFso@& zuzUITj*I~Q0ky$W>+(%e(kCJ?fCx0bBvFJ9p{YGd?QaNX!KvD5YRbITXMkVxyq|`U&_F5L&iGDOcx!i^7kjT+qf2Kuv!} zj*>hF@USkQ!4OQIAqSBnX4+sHZeX-w#9&!ANHfNH@C##fvpa*AL$oQ!yq1p9sUTWW zsB#%CV6j{P>aY|5lPa}LLnaTS<;v0+ZMsIT)-jSCT^0aTau*3`$olvN$QW=ST9_A! zjdAH{=UMy(lSNMe1HuPD2jcwIG`s>I&7l~Ao4_-}v;a+#xoMen2p~{2$>Y>2N-g*k z2ra?zh^k0BESZLahE^~*9V`;B1;JkAPm~OnM@$Y1AEQz#@(FOmXG88^q3y#cR1zuS z6F!5B@l=Lz@O2-FG|?hv&Sc~|28j%275D(p2EHg{fW(0#=z3Yo!0!?rBj+3hke+ZD zQ9n%7vu*@Kp{o)MabH(Mfk!2w%FvVGWuxyrvU(aS1B`*nfN>4SlzPxIt0z?figh7s z)xsjQy!3+Tpe|&|!SQR-v+|KqCfJ0tFmObaQ`8;Rs^e(pjqWNY9ch zq(C{)BJwNICn7p@2vr6dcp{)CNE*-w^dK@yCI%#cc`0O)42E7$mXIz{DpflAXo)gk z2k(&2WYR$8a*?;$WJDHz@y37}Mu7GJZNP${R-q)Jn)SfD$oPiO&&`sjXOT}0mJS!@ z>z552B8vhe4ReNx!Uq{Dv<2EAhTH|=3c+IVzc*De4-Y+g^|}IlH*nyT?YtY;bKWgm zk|)p3$tLzxDRb}9z*vw+<=qJ#tO2LO58dEM25^9m#DjuY-fQ4;>8-|&m%pE>yDWwW zy(S3_#L~k*v z4!yDR`TPTu`tKR`*J5y8H2GQ_eWj)v1h>?j&=6N|LmJf2H|Ig4__D)d$*!uEsEEX;3=;iE{tXzthx(A<+#I7`$%2Qa$w9 z6greXr^1h6S|mt@gCS`J8dH%-hl}(vm@9{9KWi(f(eDVws8=jvm$;5;uyAmc_2B{4xP8*lO zKiCK+G(yGn$sQUA(kw;;;~6GTS?(F7PXJJj*{aciBlW`W^nvc*)JrweZY*DoViZn``G4wUfpvDuF z%g^Zx9V7;Z0xixFtFwJT5HR%uIh}^ft#0 zjFtw9r4u2!#0^R;S++`w=~`kSv)ySO9gK|@pG}%wX!<2br^<#bC*~gWVITwPVJ*_X zL+l<*t{k48ql3h-21dq&G|8<(J{2E?9Cp=WCRgXl41(T+T)7q`fSW2NjP)ckGLNsc z>oi|2V{{rBq?>^DMysSc!rCq%7Un@IJ6^r;Mm_rf3B3ad5G{vBGDSYk?D4)^+Yr@X zg>4%Q=^6pFsT1Qh!ie3C#=yu}IW5W478O>WO=z>eMo9f(ol2nzhv-Rrc^K@tW1u6a zCxZxs>(KB8v;|o;_?&ZRc!_bvNZ;{LH$~2UV>&?&b!J-=%@H&;9;echIuI@u67`T8 zClw;rC1VYS7ID(qx`u}4s4>;7=Qyq3Kg)CE&p3h)EHW*AaUvy1mNEjL*k1AKmNTI$AEn{q740v)d(fUD@vRt%& zb;p1uWDqN)ql+YCa-|F~<4An64yaEVZ~(v<=q+^0KzWNk5-VkHEWp47@n!q)ULm z1O+0|xm6<6M0(=Vfaut6OX4OnInF>ZTphvFAUdQSf4*p10Dpq!BB?=1DVZq?z)vG( zr4o&l$%SH(WG7os00OI@Fk?U#yuQW2nfui<;WG( zMv*Q^xEQKsEX5)a=i!jV64N3#N-WhlxS6y*>Ezfjh~Nk)my5H8zV1wHAtZFeR_q*T zfdeZ7>Zr&emEkm)3&3G)^Hz8eY)mWVxDx&bVpfsIh&L$@vS1xDWv20E!~|r6;{fXk zaVwB313M$ItsMWz)JUK~MMLaQ4$J~aghi17$-;=W2Mwfl8^kSL0|iZ3462O`8VA5| zX47syDA}{!e2f~3oGPsfe&EuOct*=*(xAH+=E*9pRE55P;oS)=32Tb{Xv9iT5Xpdt zf@N}eSEI_w%z{ay8*+m&pgl96^q;!Jhj1w;DljzIbf}K=<_zs9gsl7(5+#`-G$T;J z%w$S5X|No)1E@;DY_<#mt6ZCnCW*firi0KL@T5E&Y$+u;p$I!m#GGV;;LV`Pf?OZr z1xA~lB+F_t%7h$nb%YCg=HSz~1t?e}1O5(N6vz>6!>1eo_CX8OcqSL+6ng={OyG2= zsOyISh5%NE@1bLYtQtB5;W{wZ@F1lYyFDRN$0j?{M?ee$%Xg3uAhjCoK6YE^1%?_7 z&Z9#h1g;xmp?ZQL*J^VR6HqP^4xp`uT?kmy#wdqA0Y=B)$n1=b0Q7juK%LNY)3ge= zE?zhE(gkfN5NB{H3tq5?sWjtJOZtQOsA-2VZ@KElXHgMxVM(M@h319yf9s<(ggEGo z-C1f+ju(GuA-piSk0SF4`QmT7~gd zGT{-}ec&YvV!*(GMdAobVU<>%CMT^wgpMen5~&2b5ZOSPHEl%HIsBH+)0m()en7m| zh^UaEA>HuC2%3Ywjlj?P#@@R4nft~xe(nkQ88UFVhzK5WKn{-r=wV=%h~Vd{augsI z(BmLS5QGU#@S1$WiWpZmc}GDku_j>T2}88ducSkZjXD6HX(A>wupf(rSO%Iy6_0Ew zkV`17c!b}7L_aE@pgF;vac!)tmGxOf(@5X#hSi*`EtWql1O0v`B;M%}Mk?E3I5htn#!sH9wV!^tBYzgd10IP&o$kTHaw2^G0 zN)A+@ECrjC0d^b`Md(otdBM||42lgpfN&A7AsNVL40cQ+3xMki703rFEvOI75TGVe za9|`E6VWJUve~P1lyb=M@SYEJNv51A*Qk`(*$G5t0fCVM0L?He!EQ6?63>R+BHXi0 z3JQo1eKIT!EHRok4wiygp`C>WI>dCWze6L8XdI=3LJiojf@BBvCB6zFH5ri_6cmv< z*|%KcP*H_BkcwntTxhn*1)T^5kyH=JV0^v?ZsH;!z!8v(lEGFDBxt?i;2W7vR&O|x z?jvJrfW5F>WEO2(qAh)7B<>lAa$q20+TaUnqQHlMf1~3=*P@n>C%HVmsmtl=Xea}O z<1U5#6)qQq4}}n0Fd>ox_R|@Xygz(t+NyB|sS#F9zp0?ERpY)fZPj4=f$i(;KQQj3 zBS^Jj2M4l2JsS#%-lwtscZ@CycE5UFnoR}a?hLvZgAe#MQ4xgz z4U8|~LF{&QVQ{Y>$P`5+kVGK!0gQ$Klx?9U(LL&!6jw1(E+N9nQ`9Jd)tICq+eb*2 zh&fa0#*r-P5-glyd{1I~)F`UJ5m4p;>&OEGiZlQ)fMo)(%yWQtnZn=t#9lpGMI^*g z8o@6-ZH#RiAp*q_e8L9o89(z+~%JehDd$_8No z34~{8SQnlv2N8k(Y+~}rTzGk?M{omKY*;uA8e3%&Ei}1u=7*$bNYIU9N^Ph$3-(aTG#*fbf~|tQ3{n-M2p(Z& zZk7sFAJShiQG_0B)Z)Qu{Yzxk&^Yn3N?dL%h!Sr2004*B38-L@H$z4NmO#p+%QQNu z|1gql6>L95R|6Gl+{&X&r?C`#$I1@P9oJ)D19M0Q@)-Mk5;6g9AVCa~373B;6ow3e z$3dne8xtL9v&i@ax|3wEUhfEJ*c}5#8iQF%em<{hv?y+JfuKSoaWU@x2kL?G1QmyM zqrL;$QK+EMfYCMiisX{G&`^fhQHi(^iB7T$C@E}Igj1wirk5r<2nas)7rfLE0zi^L zkq>byLlM0cz#)tc+ddO;k7f>R9AI5LJ}to`0UQr|L%v+5fN~v-%fo(3Qf@NzxiBGM$WM2dLbF5G!S#?hxl;#s+~Q znYbPta-vTX3-WY^;(BZsk2h#e;Fta1TMtl)&INEOm0>zBZ{(m z8-#gM1j&eA`0+tL(Nln$5{rO5gg6B=z=|A~VrRG3<~b=79tzyf!w@=FsVDA@I^>KY4H`$%fEYmp zS3IJ0quU7pECuPe5-*I zen85EK|n9XpdOArAPIVrsL`XwCMEd5?pN4|3cq>9Mny2>Pcpc>C!tm{*c*1@gbE1w zb0JNTj@ezzw?6si#W65qpH&`zjj+kh;pY_M=c1@I7B^>mk0q>!|QBO&-;}6d>!b&hRBqE87 zH4>H%)gGY2Xip{#D~y?7BwsQP#wk!x0zVCE!p{^yM4hR@Wh9vc;SpF*5E-s8j3^Z> zJk=RUz9Zqtn7qQhu6()S4l}4JKo%UTBZyN_G9-{Pf>?z63>d0L^+OH>q1G``#_1Vi z-KlU=t3`4vKvd#$^c(uogFt-rrn3c~#T8Nzd12;=_d7J}Wt8+Ga)QAc>E1A@EU!y0 zuykpFt4VST*G7#ZXIY64AX~_I=>`W%VhNb5meU5%0c0Gf6wrM^j#D94gznOiIzTnx!@9-xne^VI!FF?$JFx@fH0zKp*HIP_fMFia*FBJ8BhRJ}0 zE$9P%p)8O4cvT1sMF6ogRXRB(1xT9|Do|j5kyl`0uq+A8<0y}h2P?{13XT!b-V$P* z$>$Klt6)Y17?wJRPas)g|8!6N={K-g{tOD!kOK~@cnRd-Z#F<3{Ad5y01tjf1bgs* zAvsLK4=|v-1Q=;0f9tE3tC4~GpnGTm0OjCuMaW>NJ3xQ73?Qi#a>D-&NWsGhl4mFX zGvx6bA&I&M*QCWIMg>J1mGU2w@1?dC$2U%>zpia6F7;G{ms4Suf+(@kf2m+~bQUQU~g+cdbJs-htU!XAs`-eV~z@!KSuw;DP_zleC z%IL5>GC?eXfD4-l&Mg`qjFOA>)(?9S8AwK`ddP(xAh6igPvZ5%l?pXRs8QEGYGzNy2eqi8K z@L(t?oWlWZP-@r5td!-5{jjhAxnn|8Bj&=FSnz~iigdp0NT|$-5GXM;V5P|ros;`y`UJ$+$$t)0myF^elOZXL z!%j~&0>iaaktbWX_1<*!_2E-%W zBHgv5B>^6bqC~dv=}IW(iylG zP!UeJ=%jqek*X-Qv0T zJ7vA{Ah&}1;=mWs{x-vmD?l2+M(mOF?#b{<3)EpcW#Aqa|!JzR%!^M|y;VV)kBt=wxDUV;fK>$ZjRRIG@<_T^L z27#0idN3}~ZFuthEQchrMRooY20k*JJFSud9rLjlf^E?Tm5qQ@F}I@#PoW{_`T%~% ztQpqC!B9x}TuBdz`B5xbcF=}HxB^dkKphAC4}COjPJ~(ow8t22H)0VGK4i%AC=c}O zpr0BzP`VS42t6(mZ8F0o(f%gfaiSMq{VHG$bw?!9sQ(Z~!q$2+7@0Y@PW>fxCb%F< zpB{V{BD-+3s>p55)lvG89uNsMtblO@Ge(-4NH;nT1Xr7oVuW7203)@@v`DW4)Z{Qr zWGthQoa3w-Ru|;3X8_;<+oS^FHjI}plae9@dI@ecZr=f3NK;(Uqz8w?BgVkJQ`i+H zfh2>zcRw5EfP_ht>2hU|M5H8@>h2T*tf<3RSI6H#Nd#8J`R+LtKNZ5 zL7fj;SjmYY6CxvOfus;;;ZTIwSUrV6+1&s)qB}CooErwZC|zu=nt^l3>;9|D zH>xk#+s6llq$vah#(+lzKmx+%%>gdN#OR;^hSJT}!y%1cuY!Vlg7%(NExFn*bYpPQ zxQW48hs{p{=K%Hu<^-H4-kGbv!=79i8@5u&q2mpp}1gZX#F%VTBG(`$fl?iyc-p?t^>aKg>m=E5R?3y2cQh ztF=<|O$PioP%yX|(yR%wu2R221~Tg^NGQN|Krlie{}KpQ@Th6>SUfZzyVu$HLLCA! zrgsJe3869NdB8SMH_R=vdzw;}{HiA=o>oCXM1$=yjXvrIrUWnz$ShI7W+V!eNs9r| zK;R8abyzs{?_|RdKWTmL0aIH1`KUDM7R8>DN^)-0N++{>!H}tt5`ZTg6N$8602Idl z6|ho()UojajWp3PAT+#gfjfq;UN(lO?aSmFPa%ga1)UG@i26i=J}KHlA#3;<*m{kx z!hu8j$&rZqzxCrbNVHc}uyE_y>v4`YFo6N*4UoQ^*6n5#uk&GLRUO!;z>BG_Qo>YJ?=w5L5GnwLvm(BF+R3vg_qvNI+c`>-gx#L#i5y z98lssA**aW=k)6Jn!7Ghqe&nO9+BPZ$f}e9yXfk8#YXRm6eg=7SChSPdg#titDfTN zmEe_1!O9GKFwMWsOmvK_tsuVA2%>OpeXvTh@rWRBqb+h^;#7)y_>l`yXxM;of%1uj zs}ejZ9-~^~y@-Tzv?Gv?lAT>OkBbfRg1B7-+zH@*!Z3mkv1<{5VLH_)*3Ga2MITN^ zL;!{X3tRG~JqKLu2pJo0p%@K9hD{3Zbs(WPY@LJPBpI;^^pdks3ZgXj2qS8~SxKcw z483Z7UzCUF zlHviq^4v+FkpUtPIJKEQend|*Uw)Y+*aXD|8W^nY^&ZZ}Sm5O9s~6#+(cHrI4Oc`$ zpjn!K!2{>_vAH~3o`(b`4OZNi7nVC@eumC2M+s6yx{z_-H%+EMp%{RXVg80D?I_7$ z#QHjq$%2=lCR1r$9)=MUMsqGk&97vxc%Bfp;Imtg>1ANJh;W$XA?=Ih=m94g5yj+r zq^C73GXktRl8RmfX-$4*96yNg5>ILJVE|Ea(<6wm5{QRhjd&Ge0U;pMiyu5J8KzAM z%)%Bu6FFQ}j4MLwcG8P-@>ogIYqG3Jyu!;cS zj~X(zx!91<)ZTCx=q;TI+7byOLQ2xQ_30ar&*Pm6$wRR8V>e6lic2sgEX;UsC`&@1 z7beZ&=mC9YjpS)yD<|48+&0c)e4Gf0CS(d;x<&vd>hC zjLij@HW-G!$^d165({rdeSqw~!9!^EkiC{okJGWqV?Zp)EqcpsdT=yY6o}w9blg71 zwN4o7WqlqQeygXu1kQMYm*U~nabWlbY;S#L)gR7KRruk0pm<~Xl4M!&FI0#I3T|lG zOjgmb{6<@L`4%o;qvMQxOcm(ryZ}T0DjW>-3}1i2ePin77kHRaw1H8L#XZvOo2$6@ zU7$d5pAy#w@tD2xH}w#g#Vsc2;-&(iU84+;ccX=7M)g|TVRkzXGh?69ELQ1@i}b#1PMACjFOTz zgn;a5@NhIP69ef=!|rze9Y98X?HK7c_&y<{?lQJBoTkzZw)PPv*GTZeGVWzWq-+FR ze%N;tNfa(@YB61|fww@iC+vVdAqiT7Q^2n9gJRGG1cTE;u!h0j3htdt*t@Zo3DLAd zl}U2qklUsK0GF2~hb_TCaGD70xQ8p*ak%eM)r`49c3#8RxcM6z(a1~O+==~U8*+LO zu){fUn&o9}CD%C0$e{UGLo=*|3fwtN?9%U5uW2}+Y9bl7@+!-Hlt&~K1&_$SiS9a$%Dke!xjGU*FMfvIXJHe)&- zR+5D5g6tqY4TqR+_GlArJ{%8{jjsU#n+iLl4E7*`I-_ht{Am1awlj~!U+nF$Pl~V< zZlSF@e5wZ}zJu?{|%6D{< zjUga>=)U{dPVHms(0I}VnBp_hZ?{NYPNUNIw-QhjbAe878 zusIQba$txrbV1gP#q;`&eIaC#aAyQsQV6;rhBVyQr{4pJMwrXq6SE5!lin%1z0ufO zvOx!g0_+yYSavrO_H24>pfuA@rHX=Yr<2fo(|y5Ac+17o*i>e0Y@SssE*e9JQ_lEO)# zhyV!U%p?sL*Z~db2StN8VblnS4WMybN^##=NMT((5NXEzB4g+SuSUPUxVK2WzxOK@AEk z$h3i!Nep@ofXFa?qZq*e)d4MOLXjmgHj_Zg26d96L85+*k~_}Y7&+Yr=qy*#4j-5t zBp`tI5Gitdppf`%SU@@)*_=L*8PowYHIQ0@tO$?h>vtU_Cwjr#vID#lqar+@W)E*F z2n>J|F}*v-CwpK^EpEw$3M#}D>`UPpUp|+|iyDgwv0BdsDFpKqvw}iNTdesuHgYzY z!7^xo%n$d5)5Ro1{pt3qKV39-4bKY6rl;`h^R%w-`?uuOq{fjBLHfc6&L`l?^rC4i zdQ;it(Z_#v0a%$qouem3a`pnWj#xJkZ*1>Di;CM9bF}z|^TxBp2r>Lum%-LuL9p09 zR{fe#8L_^@iZ@LS5;sC(D9Ff>w6g{@8;-37D~bY0lVz{5(gXu6+<+l5VX*lEF-(!V zH=HbZYjQ9zvCxnZwH5KzROk+bmm)XTxy8e*j4-yTnW4NI$MkydZWvE<@=Zm>R)jky zWEhgZ#&qfhE2bvIWp#MNO3WBbAj&?T9_$2xLik?i#?xi2k(Drro=i=My41SPmQ{Vd zpiy=i_6!rS2aW(T6D%5N^c3}B0z0FB>}L_o*7Ibv_0!0WHD2iJ2fik$#{)O8HEb)F zz97Q&f9L@e)>eoe;`|X`tJN{^wqXD?9Mt2aQ?7H@)3yG26XdiD{Fq`=E?R)-jpm!{ zB}?@uQUjtj&Z1#HwtlPtr)H1>KTT+vxCtR}2m&SciQvxhkZO<*c98}faLHSN=zcyn z8A=ci{Lbd_2n{gtjmQ)`h9JMj4g(E2quGm*h7!04ev7i-RL$Jce?ih zqP#pDW%!fMlW|Kh{YS+u(%>ED##5=WKQLq6LyZ5X z_J=no2DvSL+(nwm>P1~7=z>|*Ir@jr3SfH#c`jHaazLj(WYHHO8rK%b+7-4fN$g#jhD=-2kjPNvk?F!$*uEn4v zEkw+9})H92|=mA%A_emKwX&9g68l{ClTrr0|r8=Hbn*#C)73eJbTAWrM~(G2vY}J!%$v$(bH=`h9@5I zh8vkCQkBke59^Pf+=oP;4W!v14+W1Ttuk~U6}J}pEOt{eF+YaX=YSj>F9Rgu51HYa zpe3CNMtV#OwN%{`X-RD;p5BM{*~Eps#*<&5g$s}M?(6CetJ47r(vjR9H0bqpg?9kK zhY((H?eKcKG|DQ%SU4U`0uH_iBaNUi)GKtQQ6uxIFE5<37g-5Bh7in~(f@DZNlbO39CJ~zxAh@WTwKlc~RNyeY zCL0~V)z!=Bp)E8@Thtw!&XgZF9!w8s0OYLpz!4pg;>yO1AUmO#+(eFoXLn|T^M$>7 zoWZ6y8QOaNgX(KN&DUfY<4LspjeRzT74+ett+;;(j+ceDD*X@*%!H5S=*{F9|CepU zf-EIXdGh0#+KpBJDug~RjX#e78AG!;^|sw3kL$;-hK!~(t7A9mq5WW|q|o+?OiIH& zwIrw|um(0D@vrgXOdJ|$a*7`{Z}eq!1{WFuWaBIhq{%_0L6sZSXNrUhP+2 zgI*L$U?W=NkvXHs?*E6dxk=-U;199Xe;u6jPe=Rq2B?(G(g@{|9w<<461vqRKBGuQB~@`eOV@uzyuSMVH*~+g*{||m^sP8 z5OYFSGi)KlzzNPc%o)x=9J3sjA(KFu=Xu}n{l4%2>#wT6N+osoy=q@~OI82>E${b! z@4h$%!bwFzZBahigH2wDz92*@v7Ddi`_QBpVCnqY#`^Ny`Xb~?Z&{8+6j0JO)xmC- zupM}{OmHXLO^RjVS6c5W2b#;>?A7OJg>n}1ERvbFKny|M$-qqha5G6bD&cdP86J}i z#c_oI5k(E7)%chco^T1V2-hG0-MfGngenO|fU4F$l=h75a6=V?&sp&n1E`5&5X^k= zE5)S9G-k0U3~iV?Y#-HLgY#cwSA?o|`w2f217L-a23VROB>S_p02Z{PQ16LVht&-# ziCJ$Ek-=aK4&ZG}7!wgV(vZv|x%{QmzGMiq01W8fMLlS)*ku!{G|B2$1h0pdgOm;e zI5Ek=!zuxzsDz2gt0;BNo@4+&3MDWK$AzuA1Jw};NAZEx!MMxlYY8)YeBy98A=2bwmhBe^Fv@`}~;t{|Y@+VX0d1Ggy@$idmb!-t4)tj_;}VgQ6a zMR19N#{^J91zMU1mCnN9iWoPy{oL!5B?fgM1zlolbd+iypcKg76!tpRx_5AC0NKO| z<5~A?)It^ZjsLhm(*S~Rke{Y5qU0{f#nGM5XyF;>*JX|xtc5O@;?m62^d)Mfmx}lS zZ>qJ#=E1bkcoG_^H{UaTLGrkXN^~*WOU|ZhtCAx1x_nhG6T<dzqJ4t*S2 zi9UqkTf8W~p*6Cn#Q!- z69xDd45DsnLfT!i;Hkn}tm!I=9*fjCD@cDc#vtZ#zzvzhZUIOD+-EAOEToBO1n_0D z{XUd@u=xP2WAuLjn@8l2)PJ>5k3)1aexO+Fz?`c5LMk5u2m{p+aflF;m|nLT96raV zUldeDBP&U2cwq#Qqf29W?p{@r)pZz)V0<&srv8ia zR!-{;ziZi@{*XH)>-&{jZBkt(YA}mFkQ!vR05C6CPO5OZG_)*!=kjCfzD(1`vobl%e(91n_-w zq_qL*cB_uayp+mHr~^b{H=JS!iK$S)fO<;1g#C28C$q(wndSM#MdoG8?cD)yGAV^> zk6>A0Tf)=beBr1i1T3Hnq(G|*P}k&UgFc2~lg1S6+<5j7ky(7t{Xjt~WtkjM@WoeZ zppX*h=Mr87On5Z_st?b~Lqw?y<1DnbasPFZskr&U-oZ;Xd6_SYgu>d8AS*ae4X6;@ zqecL(#m)HB?Vtk81P85B3gCVT7hcNY+Qxedi;&5L!gEQu*VHwYcq7zZc@esmay@pm zwscB36j}HpqbAD?2v;=*@tDoVk$i&2b^D;53VyQzHnV-x-VpkZ?_P++zLZ1R~gytt|#o^Y?2qvZ5=n? zqH8_pBicdx1yM)cNF^>(tpRj`<{MA4m`ukkWt7-t2^f`T`D%A$Z8jRnrUUaC~mQm%S-GGv1cT1&LH(a0`coer$RS{Rx#~(=G4S8ss4PrrFPR~hfAS;Y1^5UvM z;0xdjY8`3n2-cYxDGdtxK_FF1)mU(Ig)Lq}AzdafTHx84-raC#3se}CKmm0>q;uk}=d-kEi3}Bd4#ZDP7)k<=FHp@^4Hd1_Jj5U+Z`V^#rhlcEx>>j5l`O zVow|E8zR9yk+W$HH1@@137e*b6}BNi=_>if7U)89nY_I69_-Q5Lo#|--*aDddyQHC z+iJXaue#TwFEZYBcp1&s<;QN};deY8*$iaF9Z2SP$wjoGW>t_&mU|uX@)*}`DaAtm zPJha)s8APAfu9wQ{Gy67T&Z)TLHzWyZcwdwaMxl+xB#6s^+ghPqnVqy$PzKpu5lvn zF12nv*wJ>&$*FOxWcEBM6r3O$oIg_4YWiCs59mjgGJnZ|4mf&C6oEW{eEK8kmk832 z>TGQ%Aw=*M>CSzPhDjS9m(nwSe-WX3#^y4L5lQcn~orQaDyZ$eD`d1b$fL#$Y{z?5XLPu$3S` znhBm zpPowe2z4U{zGp?r^}_F^#kKY6Wth(F*xb#`kL8PV^Ye4d3&lAzzxfelr5q?5!D#{m zN(DUbu!%rhK&(I&EqI-x8GR7+O}{-H7|krKJOVt1*1Lz0?u1?$*|haxEC8xVfeNfC zl{{{K7_d9*Do_Q~4e)(OpX3%OQaH)HaEUiaobAJ$PVvU#^6bWq)rl4FJrxBb|LGJ% zIJa&Xs3fJ)TKZ;&1Cchcp}2S=)C<=9c}S%$Q5+13$a6abF`PM zlhA2}%aCD*xpnHSMe5wsOLI%h#p3dkMTC2v6P-;U=U_S^;ZBK3GV3s#gDlK0qGSB@ zjK5o)B|0!+K)^q3)I_NawQ0BDc~dwOH8F61gI(WwXhmU2(fAn6gcw&MD;SgrcLF}i zUVaYJ0F$Hh&=^O+pdOYHfwLsX!c)7*3)t}nR!klUfUvPr!AqAK(j&%alUTKIIdIAm zZy{1CEy$OdwMpaC^D)O~mRaek{%C`?i5`Y99%Q^Kj%_@WktdxgXSjX+&@~a8k~iTj z$GAqsoV0|?CD>C3r=}j`&dpOL4`fUKbB~8d)gY=LdjZ-FW5!Bj`H7O)@ryiHQ^pK+ zG+fxP#7!K94NHk|iB{}D35&pzloLM$LUp9N*&q=(391+Jbu>lM=emiIp8e=!lxruq z%j~=mJ2JED9#T#dP#ePXT9b5jYrBJEk=!x;T96rXaCSknQzzDk>!2P2$F+J9>+vxd z7zRs@4-q3yyijg?j$z4J_mMlMqIl-{H}T}^objKK^989nPL2;JE`#dLjtVsz;oYG!_{DJB3IP96GGbXHMja|9 zAfUnyVwc)+wXX~I*pKaYut$wWfqX|;dl0v-KP7bCr<}vKBB|5(>u_b&j4{Y*IYip{ z;fhOQ=Wj|sB{4LWpAHr7KA0e~)r%AGGS%#7jGQS#++0|K-aBt7M?rHc#m5!xGRzK z1AQOG%r!98n`oS&DRne5uVjsP$VM)9nV~0I0C3Efb{3F$rh)dmTM0Z&OM*iHqnp;( zK`&*lKr7|fB%K@xqNB!^VzD>_EqiVn;naFiqz_YEaDq7ubW3%hEQA>K@`cJQv7|=8 zb5a>c(&WP-PFGA$QFGmR*&$*6q9n#Eyd;JzzY(c$rb}kwJ`2&o8mqKU?MGJ9W0-mv z&OlB_(V5l5u&N)p4=T-dzuBbat}U>{?5AEKK}j(_z7a}VsJXx2ZU$|#jEnnFid;}3 zoLN|#UcKqL3(GS_ADo+<$5TLw;c`JjYL)=} z)kGIkgv`blV@~iAsK|ioHmOU zY&%snM|pQftjp~D+KuVC8!(EfKgQ16CEL?$-8hy&t=>d>#rZ`tzoGZ@Hp#UMrmS(ds6hGZKL^Z2#n=pJNunN?GYB+`eDglfMo z7p#Jqbl0XA0b%TCiuIUCLZ|m8T-{}D(Py<4VWeVO(F=9N??;npJQtE1r5KyY(@1_` zb+mM0lssNf68z4LN_5ob>?ds$&uFtlC6=!T$OJT0biWf(ppI&IZ4eXuMozvI5Q+U3l9-7Yy%47) zC2M@anh?_@$t=kbbycHNyYZTq1mysIT^^5*qT>Xq;AVDqMm~{MnK@$4md6L&f<|3h zo1(ZzrODT+5FIgVKVh>V@-Q&S-%ZU0_s=|zAq+W4$gn&k$Ixj{O#r3vTVD9BU}6n~ zB^k(&L=Xu{NDY*>WLt3$GpNgKSubYUV=hXdWi`u8>TEGn5qj~6MI%i(XqC&8b2PyE zXpi8m+Uc8aHk!f^t|AG4s=*;MsnJBqH`F(iB+hK0%+D;Yuid=qJ$ee17#5sMyj!~~ zG!|cHu};>CWlb%ZLHAH|h$S(d+IX5-G~h-GFQ3$RS(GxwP;~G?ZxB&20uB?Dg7Y7` zs2v~OEfs}nHcP^!bN$X>%Zs1Al_5?^D&DvqJz2Qy+G?pB>Q^kW=wkli!MZO)eu~!9 z7OS7t#bz=v*U6$i*87x)a#Uf{<7x}_saRmQ)u^Fjou9`+rh?drYs`>6x6l!;;5-b$ zLO^uut|?30FyrwF1IdqQ3A^YHkUV!FNd7sDBua<_{$hn#$**Qf;i%1!`e{0Qv0WrP zk%kTxVB!l1s6+E1w19$7tT;QrJU2HtyKIa)v)a!v?7ADBot~bXDb6FL#eCsiW(*E- z;fi9nOvlNQ_Rt3>WrJMa9thyM(LSwvbVk%q2bV6-#)aXD+N-oAk(lN(R&ixVgkUa9 zhd_8=mWzVu7U!3#qXrw4PgJrq^B+VKg(QLd%%w!wpO-bXZo^|ltOv%{QxNTe=ei)? zJ(Xg;KzWtn+dI#1KYQoS?Ylc0>(6(L3)#&IheR=g{q02o@7ASF#1{XFc(rzffc`ev4b1DQ=phib* zj-b-h84#mkHkci@k~#xvBuqwaB(2f|)aYU-3qNQGNs~Y>3s%}(M;#s?t!9P6RHH6j z+FVCpT(2B$Y+8~T5tsW-j3~qG4 z+|6~?`RBa+*7}C3;>*+Mv>}|g#-BzZ+rp@l{#{=y#kr~>Dl?POI0WZSgSJ~kB>Fx+ zLS+tjZU_AZj>G!E0tkw5k>*CY7BT)(2l}?5J54i8wvp3uHio+kyU^N*B0K^z zdgU*D?j;rCXSz#9b5xab%!RT)R9M zMpdCljxwoWx3k4Cye#5$meF{REH(44kPbIY|8fbmyN!?WDoZ{wi|!0S6onX$v*5(w z)bRYspx<5O#ThXz?0y9C{mo#w2n) zT=9IVdFy_TL}XCNQP!t}dWtz%_(I$%QeW2k@_EZ9h(;nETBR|y0zi-*lUG?j0|o=Q z7Ao~N{N5_J>aP^TO=$FrepLF}+DEqa)-j)I8igwRJ%`|O`O{*8@cKJb%?zh ztUK|6`wo#(E4Rz-?c429gKc6snT5$=h@RuBOArK7#6}<>6OO+MV6e!`F&t*cP1d&~ zKa{iU0#}?I^LKfswTtVKV)@x*yM55u;I4~qM7h74~*}1!UF^o6nu$e7o?Gd)~ z#Q+DDdZj71BAbi!tMMnW9LEHfO4=bJhae-B&cg4oA6Wm&BpJeBeI%khX{xj@0BcUr z@%>(<_5h1if<&YT<>2nM%PCPx=p24W4}{7Qf;)st&}ho%@G4kq6in7S*=4^_yM=5&V{upox=G_nMx?br52t!H@4GVCO(D+y=Zxx-9 zU2|Difgbkc3fgnAOt--R`X|gvQVd{sW&QTrv$r<3cAmd^clGu1Lnj);{!Nf|?ymuQ zz$T)&%02Nn!agNlBgGjfr_!qAElGBNA}sLx&xr#aV;N3>Y-M3Y;WmKOWNUKnkyj7^ z2lClc>|eWgpuQt3iI9DyohPYBxbEntp{d>g-xR|GDtpwOx82F2b^b^b*qpcViMxe; z*0Ax+Mi&&N^0$3l*{kk@vk7sD$gA!zL1=LOBDC>4Rwhqmw^Qn7=*f3YF%4-EcxNL2 zz2D&7tVr&_C<9Lw)-|V}QzZQ*q6oV-jE=<;BO50NhpwQd=bU(1n=~73piFHp8#we` z*??#QGDX2|2R@8IiAp9w*0$^x@izyM2I29E35QOx735#M+DTFZ$qZD*QJypv;rpZH zJuyOL(GAQuAooa83cT;RM?`@^d^dOAmLWa(%_VMBzPM%b1gR`x2YVGg>+e@!PxmtF z82Fw4a#y%bY5()131dV$4 zyrbAs+FK7=5S7En7(Lck+T#99Xfw(Ct5UJt9s!5U6^j)LHcENT$`_neFk9Iz%Z}_c zq8OIT<9A~Eut=B^!NO6yD}-5cieQ6WqPrV6H|}n1tz|K&+wAn&9kB<92zD*00e?Lz z=qO{jT0oJ|C${f-NfCXn2QNEV6Eu*Kp<}7PKGJVOyL9POPazd&MAf-X@z$$7wFjQ+ z+S@>Win;!-35AE+cMrD#G6>&B1?D>1X+e|=!?>6UsIrfDW6WB3lAhvsaB~Uv=2?|h=oe+Dc=DQoLmGFiC=N*)cJY1?BFB8HQ~U? zD5KTaf|qjkvSQ1F&4q<~qh*50bR^nD6 z?8Ql|>dHY<8txRij<-1pLOn^Yr(^CT-^;8_W;lkeg9aEXzkHX+$!k-o?L*gUF?y>8 zA3F^*yN!Edp970=26S&N(f6}Ok$#F8q%xC=66l?u-)mJO*+TYExoK2%wvSIRR)1{P zY<46?A+4^HR*HRWw*p)EfjC{&FJbk^Q?>|DzuZwhu8>dNz}O*a2K*C8CD=E~NrlF#kgDP@L=Z!v z!fj~{S-1rnQ$zQ|vCTFp8v-a$>Q4N6Obe}G5Dr0v& z{r<(Yuh56vJ8Z*j4%P79aRSsc16{b0PvG)13g`s>;1knp(d?AVTh*-^SR!qza+dB zetNpF(EI%!nj}Ygy0F;${aB9+)B2yDE-dwa-#hWLckpy!Ip_P{x8vvL55S-4oC74h zh<*?Z&<6t(_9OqE{{aI41%bn6P!6<^=`Y*TkJO$vj=&}RKb}TqKQF8z@q&Ld>jzv+ zVN0#cG4HxU$1doFFoUeuvOeoE6sTXb3Zhf%vhxm7z@3v=a3dLz62cO%A%rCLc!Nm; z{v~1i9H-Ue4gWNM*snHQ?KL{3^S)67J00i+&`;r++f~@(>j!z~siQw!pI0E$mbu$o zrDNHY$0FH2jt;V>xE#S1;u0m-vk$;asswqP2zG|#D$jI6 z7P_wMhC0A<`h#$Gp7_{cJdy3mExmlD%W?VGG%m_Up+QMr=#AO;8r5<E)CmH&-G*w z%dh~qNGiD27>q#ew@1G>Pc))Uxi3Mv(EO64<@ZU@B)j+L7Q#WyX z(4^3$N{7$hGP@?)81()Y_z&_g#gh!xVytk2h(lLw%Bu;wO}x8CaUKeVG(8W7k)Tm< zW{ZXs*&h$PDkVvQ-RsO|<=uh4Qs>)Hp%4a;t%dh9oJPhcZ zBa>|W77@49y%bLh$Ng%&QsRfn#Pcpkm^V-)|H5KzyZ4g1UA;W}J)538Zt30+a>f!^fWblV(d*b$teeApqp zfa^pVE<+3J4pvN_0;Asq4j5rZPfxTP$K7E!PNAHloL|C#?+Y58W&pKG54+=J3tV@6 z`F8%AJ^I5YTgWGXmNVeC!D`!ZiaFPU#+DSehZ^dX0I)uq1MYpO*HXLQ8)}f#?Ken7 zgKfC%L-q%HFD$lQW&~fJ8zs3$oMo6RZ2Jq1A_rRUYiysBmOVBgVn4JEt1>#!W^Jz; zxI;?zsBd<|64(aXCkvRI&+f5jHbrQm@!Y@w_Jy+mw42!nB0 zL}S%XRECBrYN!!U2M8AU91tO2(;oaC+pmUb6gYwy-UggHy;rL;UWn{AyDPz-nv5$D zi=hS~#6~(V5@+;xUYc9GIlYX~UjGn8cUn@#ejs8Y^_^_PVR3P3dTwcHIdnr$(p_hR zD6KHCRP%p=d2{u&g9?smStbdy2|G|}R-$NN`n-&=R5TpzWdY4$hJj1hqFnTl9Do?H z!&J|y0`$??jGgxcigWYDxrOOvMnUb-JGuo;Zh%9`Q=eoI_~#i9@J1LEaUSr8Wf@^| zvUJe@1neyZ1q6X90?2!|$26=5wsE*M8D<3p>!0eCYiVv(jF-ZEREx!=Kh)7IEHBP1 z&MqxYtOV!v0M{dme^f&QkJg(_vaba#_A;4*sv9^3xkJ2N-zcdek#nKAx<0*p^Tx!A z_r;&X{yEnpv3;J`*7h?Ebh6$82;^Up&T~;n?>O{Ua0^h$!~q1#Cp@K3?b?-a4$KMU z=-(>1-X}@QZ)MX!jkM}gq87fV-W}P1z8Mx}8Y~mZ)BYnT!Y0ZyIGP&j!^r(2lCtfJ zn8q5Uh$IlOG7F8&u#!vMoqn6?z>@EEXloztN=pU^6kTlXRlNnU$mxKI#^1)rq_7Bq z<3SNp0CIUN#D^$R&hDy_YH7^{oi<_$v|bKFZWP<}B>1=am~-B^b3`{1DG$jGq>9(B zIORWK>AO_L4@nPZ+&~$g{Y)O~`8UFxEVExRaEGCxf|H2L1wT4EK4EbmwdDzq!k0XD zjYbwc6|~kme6>d7g_C1pLc0jUEz^4rv}NeDWnMaYE^MG&0iQy(6qwqis!R(>PhkFt zFvnDI6l;|cm*ZlGC>8&-Dk}LVgdxeXY*&w5{g9j3_{CK+3w|haBaVRB8Gpy69+6UQ z8F=L&P+3UJJ!~tE(9z#OCoPB=Z|^2uc%8L1b=W?ty(Wx^zyd!y@83I!7+%6e*#v|F zFfQKZ&`APdKoTQ2GCRVBkDwKq3>qpxh;)<~)}ba%G30iO#p2BD;`}@$UT#=znHj>4F!p5BsXOLuRYQ~^ zpMt|}kSeRZprt`1tFZP!b|~39aL`HJ5#|KSmUMSRZcNT`35^fAt>-iyBx7Hl34*x} zGI@N;euQ%frjoG@dVX(_I!(esJ1J$XrG<{MDY_&q!e_A{7sqyx1%b182i!@4v;3?ymUsB;--oF^7xGel+1m+(k_~q_uBv ze*Q+HQ;*gGYZvY}PHJWDgY6Qe83j5gYIZj>k5~Z&9BQBTlP+moxh@DqGSn6%jRMqo zNXSDJ%rz+xKq1wN+fWS@YVN3D^q|rX%47#!A6APjPA^OsmryJN z_Qa6ZkrS^^BgA<$?NA7H8LA5E&mB6TkZlx)f+bN9gko+1n%G|DxZUL_`-QD$roQIF z-pn@vngL=hyA9Dd#LmSfbqXSwKS#`&BRc@9H0HMimF_@)ubb(j(sJ2vi3iG)DPx+r_( z=bjXZz<<923INm!D?!jeVj(_zTVGBsPs-cK%eJb(xp0GWIC|7JnfZ1iT zM$Qj3c?v#Jomj_gX$d0SO&d}?P+Mw%w;m)elC)Pxo`C?)-EgP|rIT7)4PH<(%qnqI zdI8#?uv>rX#`{rRIev@Vb@&G1tm%q}yR|T7snmpqft+|%G~IQ^xdrQ_I|6?&k)2$> za;?1-%PwrkDsV}?-cIT`fcD{T_oJzMY;HZb`po9~^J{Ndy}P=$vvD_}et?JYl6rHl zYsntD6vc8khLVky1LWy@rG!#Z9(7PA5a}(g4dVUPTN~SVR#6+Uqjzb%Bt09W&Wgzx z5!r3jR7f`6F1p`|*apB;?>KHhMh7JD^raV%YG|#8dljf5iC+5VrDyRq0JXl@B`=sA zw%flvQf@T#?vQA z3CyUb<$W^ZYM_B_EEcDsgGFh-5$uA+FhTHjJeZo$vq6O*5!W5vaH-zr)O1-1unViP z7_MJt=mY&M$|7MzHjo(=N{t4 z5(?Tl3)vn2dk15ZN4+7@7fgu(>PK@hwe)t|Gw&7ylCs+C<-s|Ddot?}U_>b+6-zdK zs8AQBa{v|4nO~^l`wCSqOw3EEKJwS1oFz_1fJ|Z1HR6C7PEORHuh$J|Wes(?=yYa6 zt^8eh>eZ8z)B)Y;JUShf`-R2Cre7%|CwBm6WTnjzR7a5-2HB4NI!or{=Td#6)Yag>m^6StzI_d?V@>H(1HSu+!U z@mdWXb(0hUcbk_;7?pP^r04;GZu&kkSPp@AMame+tZ39CL%5Yp=%ilU=+FmC&>~vx zMpIQm`wf)VslF8M-g5Ug?A1QyGbN#A6GG`AL#H~d72+5jdIM zgV)Kyi)B|&D`9FVc6S{02-cE2sdpInR&T7b0R2X;_5fUGc6EAVeR>s5WqnnL0eFrD z5dnH9qPD_}5T7rE)u{@~h)K#jxCQ>x?g)|`f6Vf_t~OQkWDmzI+3-Xgn0t2s_b{s9 zlJix8Lcu#eU~{agD@w1|P)w3?0fbJEb^|N?Qn{Gi50(dCsleoJG*S_N9vfiQLo73E z`-SEWySjHG7aJU*rZy101qk52c(14F-9XYX&DFv#>c$B@cL#4uyn`kx>Pl!81B$_l zeaxk{*XBpKeK;``?0`@L)Q+`v2}5=PHttQ#E}k4^DA_>k+w)$C!BioJzUW7*20mlg zWyFH-A&x<8I}KFzaQ*<6;pbwd$R032q!vBI{$Zebj5r)!e95qKiHnKO7&^HKte}nf zgRmB0{wv!7psPeDYC3@yUt#O$pN4bCQ9Ft%xb1>7!jw`P*en9##HqXid0j~l z%@v>^0RpF-ts08}qI-^V{Fzj!76cOU+Ahh!wW)OomZp|*2r`D(pel9YGL07uweduP zJisdmr{FlCAFm9-J<0Lac9Bnbr-n&oe5+B|5GNqxEh(z2$j=JXv6^!lp=k?e{)Uni zDS`?Msl;=!L>5N3;B2vt_Xy2Ss3E#e==UaT!AqdrgN}H?zC^l;iygcofj!#6pb+6> zGQvl>jmD|y_yrf~lnUz62fM2`T?2ZA$-5d)jzK1rwGK|1w53tvqc9U+D19X^7_a

    3. hTF;oZD23vv&zL9+bz^m#`Inr2`2M_`QTi-Tb*HiGBwp{2BAYY z^!``oL)~U-(`5|R;5L1o>q5ze&<2by`uKRiTP?HmAAkMXfdsUS3xg^V?n4~7t-IYQ zI>+B1QfG;YY9SKZN?~wkuMGK9CTSn_p*@ zy;+_mLkh~w7pLKKXX=$>RsWgx$DGaFrg^idt)|v0y`Wfv9VKr#WJa>1xzce}1D<^7 z(@2V-eWbBP!CrwB6|Ls+J!{6?tc{Xk+UAk`L#0#3UvCE-JRF5a#e;*;6v_)_^V8?8 zyLm@JY}}%aIyEsPfCvQ_p~-M<`nPIshp@cYZ9^c#=|4GvP@K!zpjM9Kcb(o~D~8%V z#)meYqzQkvxm&7PYPllK8 z%qdPe;S_2SPsq>YGmIrXZ=ByTU?o#zFT`cwo6wfQedXizi6>AgLqemtcoY;eQS~MB zNDlWihJ9nrlRK)kVG))0kQMm+iNg#?GhS za{W4dZK*1Lt3y~Fl|pCb>G83V5(b(>qh{+IQfx?s!26jjGGKMSvsHU#h4S{$lMSMGPB5g2z~jm=9w zu7z~@x76(GgS)e&8*1_p%nu&M4XplQQw%1pycqGIIe(^tvIG?IdwO&QToR=uNnauq z!U$?Dj8xiaYLmQbeDC0~@Db^M?;`|5x73*BgHBnL@+u?n&a@Dj$e_uP<5(HI>nrC8 zIYHZh4xmD=&X&B$l5T@{Vz1}`{=nc$K_>qm7~MU%6X?B-x$-(pT~pwqLFULk>us1g zJRZV>!HPJ?PU!7;d8>>ujtq|MF)HL>DLJ1Y7fI9<5;KI!R*}>QM5zC&B8ya6$GSLO zVwVf%5R6@jF1hfize4!gySz z`RsJrKU`txgbtLQL`7F6LUEdpF``@yhZH5=6UvXqicT@H{JqYz=2u$Zn=g$rc^Q9VGrosdeXy7O zZ<@B5SWnM5Sosnwrs+(J=xg)cI!W~!<#9wX7-|ME;byTPS$@}M1;uX>cF}=NYF>x$ zRtQ$q`rGdZ)VWOKrG#4_-c9rc{uq090m+x;hPT(Po|ery@Oc>%N%Q}4OyT=^o@&;4 z0B1wUWN#jcGvLP><~<5(5peDW_rlme?Ae}c@lOaUIX6vmVV>k2z544SJFq<%zTO~$ zg;tSWU?y6hbdWP8`EI8ZBit9VWbYgIZOqw$$b^nM6#753yK zw%ujh?6TEm+qS#RF59-PTYYBc%vpElt~G0Y^Tm&RGb7@Scp@|Md3WsCv3E;NMQnhQ zco$RwNDU<Ck7=Y{JIzEivB2T5(a1G z=Tz;lHa%FcKZlq#U!k395cFN`{W@1)bt9W0mI!O>)9`@U*Uzq1qk&PuTyUrA`|@gN zDxgjSw4T(PwsUFq65ZYP4E1OY@f2*b8L^xHoTWA1ZyPn4 z89uAsXZy}*F{{<(Vs5sZ_eZAB)=s@%=T#KuVtIAP)rpd;D!uRH5C)%Tho<}fn{5+c z$6fg;C|jL{!b%{D_XC?(Q3B67 z)WuQB9V65^5pgwlp}A$}A(I_3R0N69OwwvYBvaIQC)=z)p99(jL>F2HzRH z{y{U8=c68pp%w_!lUYRp&&(9U=+9Hlz4zP|R?g7!zvR{R5z$8Je z9?FJ)(+Ivj2+1U1Tha}oiW2J@0|sO!t)E`9e5O2J>Lp?_gl&nkU2f4dVNAk@b)=;r zUR%zFteU(%KEktlVdcjUNkUZ~M;N$?O6WFC>!JC!H|P_5!3I7HcQ3;qUgCJ8rZjR2 zrulpvQOesBZ-kfvQ{71x0`2mr17 zI-d54usM&vI;b*q>3O(m`a0>_0N$_TS3Nz8F~W}(khhyE_u~|GA5>!{=k2= zulB)o??)6@fcE{n-glbAEiZ_XR$!4jsY|HTIl+{0_{<(>SH9`?3!%#w@JxL&VZVym zrvjz?+*xfw@_=DVg?j`@o1Y^@8G*zH3b#QcshrI_hlq+&Bq0q9Ki^_p5z~FoUVhTS z6c0OSyqzmtLVcO^f}vt$CH8R&JA!lWlA}&?jaUbzNE`xV&fW`tbjQb>GAC^p7OvnH z#w?3X8^Z*i<>=QpUEzkT()FkVIR%KEoMcO-7S*z*Gc+^ubs<7y6LBQAVRR%PL3~mS zG1}an8`0J1Y*C$pQ845-RGos)MPUY-z#@6SiR^}NvkcyLy9LBwjwo0I3O@%T?kY zFlU*DY%X2TwY1&%qun}hX5OM8bmE7#x|Jk4{8lcc)6GV_rXgvm)vYS!kd~y|+^3z3 zEKh>V%UV|kJ-=>d#X>n;+A4fs?Cp&-IKWzUrc#|BaaiM18}K&1VO@K#tmD6(r~FL zpqv?#|2V-3PxO$BfzJ<6U}}>~94q^|LXuf$Ks})-RiT1^3+7QiUo9(RX~A{j&?H1i z_ErLpr6b>z@QK}vhoiH)O#qIBN$890fr4AoFE1)ec1CcMyd{fFPx!IE2V1{sJh2(r z3mb5q&buCCWNZ1t)>uQ`==n%rL7K~Ep(6i|u>fcv-l{ag5i=k=G+V(sZKi!WjZVuZ2}a2ge0yPisSWSsF1mfdZ#KF#&X znDQt3f9%ws`edYC-sXo<_MryyK@?vnDU-gx&uDv8?Nvk}TcV6&mhDfJqA&493?K{T zH*eLm>^v%Gs|;$9YIY>+NsIp$2vnxHgJFzdD@(GeSl5oNRBpdEy5(M`qIB@2E$vJu z*hWXTA=DrhBIQs<{)P|P3y zdtpzHl@5_cIK{h%yA7}S*!@Uov^^o` z6_gi%hpB!~SU+=%3hR{&`OVbX6oj*2i4w5$4y{1%D-2#N-Ohx@)LQ#sOXbF-z-Mth zTz{3YIowf9BK$iVydV9WU2c4(wnkY)8ZKOWbXLWUhL57B*=W=ZmxCJq=8#O9Y@?0X zKr}8{rv#oGA$Z(SpPk;fBNsM7q{joJtpfB(3F7L6vK$nICqA8kjKmXs7rxf-aM^3v z-PAX_8bp)c`;wI|3fjo&jV^Pv=+}*dx(2{*ew99!u!HI@Ev{@V_%Lr$y&c~aq<=<;qN?orDQ_=H^@zN17w^Alplg2+IvgGC4|B&M5NYpC z+nvb-+xF158|SzsQ+FPEEbD^zY}*z6Mi`a<VoZ+SLwGTwyzIXjpE$afe1|3yr zc+Tb#f_?)UyqaV}lxYYPk_@z;&`U(fo==)TX_Z#6D9;)%NG+TwgjsQTGvw7;0Ib<-+@GG7bzKs|C~)Ls{ZY+}sl zUu9?diKj zO!C;~J0uk*hAk+Xnl0sUJMR-*HaSr5t`XH@gw&JhGz)A*rIs}g9h$l0wa2v$e&dw2 z=OAwa-sJ8soGw%mGjEH9rvx4kDBl+G5)d>M0}Dj!Ov%8E*IpKxJC8;n(UjfvlfLnF z1HQtUL_dB!;Y{vQ0txeKuWsm^dYF`(KzRgc=x<0ti~c_dbVwq&z>YX3GYnyT8O*q+ z&rvUAM!&ko>@4uygZ2XV#EFcGc*v}r$$3^``DRbedt9_07*k;-k)M47_%?=aB?3VM z2^`_S`$?pPjBWXWx0{)gs7Oi81l~lBFVu38JAyiiLbyP-ot={NozBXKBl?8$1#elm z!1beZKI0Y#&kzpo2vX3Q*^9ys^lxw|f!Z^dfhh%Iff=S?ed3u~ltc*KSzqKDLu9&{ zz}uq;GL@zG&VSkRJXfB37E4}7wd=L9TX}pT|9k^>{1U|t_)-x zt{8t0c`u8x-r?Du@^m@#)FZ!M<{NT7T;dz*y49Ji71|*Q5^Ze0(dm-x*4F}^&j~P3 z6K5F=2~RZ71C>FU`C55e1FLA7&&$x_!~H2?Noou8)qggsT#A;b@OxzQ2dhz z^vrWn3@IoE*|nJsNUTXswOlMSsem-m_IuIQ$YDrBr92FmuPO+Bns(6v#-QdJLIo(n@3UkY@7}bn+sj(7{ zIY85yZxnHgr45It@;)K5E^G;)`yrJ`dID|T{)BQpbXU9*w>KS)vE_bkdZ%%(asIsL zevQV}OP0udQodsBP_|3EPy7&fQ@h}ti2RYL#G6iS80qY0`xPMFo(QMhxV5G%em635Y_~B0E0}cL&wkE-=H?VReLntVQ(L@Ot1w_d?Cl#|48r=5%XzZ96j& zg>cb!l=rk>*9v%Dt0qQ;J-kBTl%|}gz=D#0ma1aGV+Qlb>w26D=_&bYB$T^eT6{$Rs3M+-M?y#Z!Lo3_PF{m#+T?B1wJM-E=NY>uOJ%i#zwU6B>hdO>+^ zBejiJD<>Ebx}m^Wicj-6_J}HhBuTkcqPiG?L~sYzQccz{u7L_i=%qB_sOw=^Q_Mm? z#)tQB*Tbo(!!6P|RU{bp@P9j}kSxXun>(B<2L}jfJJS~Br$=*42A+XW8PLRkFF<@7GYML0*{Va zU!@f=V9CE>feYhcAYN5Jk|NWSY_(psOuwr1(16>(?&`gh_QQtbH*pyovnN`5RvcHe zz2tAGw|WN^A?ktNk;&33dwvz%9dyf*kLw%E>M6koPpUuRR0JDwAod@Tx8{9U*+V%b z@L@t#`jN2)%Hawdg0S4$)Y1|*RX2lssDs}Y!{+o2bz|LIe3%%`t`J?PWczuKw|*-{ z`;p^-RiR{Ats%v~aE?6l;F=Q}sRwVqnTSv}z{Smu&DL?e2Wx*LSsprXm3r`W^kqNr zN!R2E^4O7UHVv=$CGF;5NHn|045laC-+MaS93Fc2prQRHI`*LDi>^AJbqz)Bq19q) zm8Esk?hidn>@>$qyZ|Vkg=mKy6oXfdB!<|bWDwXfPP z*8B=+PR-QqP+ST^$w_o}PRNTWA~SNnKLt7FK>xk)5yiZf=Z&n5zKTX^ZGh&;N5kVP z4z60@=0Qf@Ru2MBk30c=XDOwkQ@qfuWaZ?o2i-79aW(nllI82XZ6ce9h{{|Eu_f7r z*lpS|4axg-*IwNbTU(U1TJ~I5+M4Pb?S+BooX!e+LVEUqq`1A+24j z<$#_R#UZ%Twj@z*X-2|`P^7lOVrot5xxTLfUsJW@;*89k*ki7@Rb^pD^KUMwQ!!@& z{)STV(E$quin7imjJl~@45tNsUTtq@x4n}yxHJA>u^)>x%WY5IB~@9SCvF|vFxxjm z8AAw>Yf$S6@UE2KMcpc$E>y18!Vl91yCi*W<@)X;K>D4UU6|b&H|CQ%9T<^Oxp8L9 z)uB}myH-DEgdQugjwazXX*y{>f3`AjS5T39*u!8b{v>te-NSD}E6hcw36pGU^f<+S z9m2ri_FV0IwB@177)^ATP-I@i+4koMyMoj)zCRYnCQL4HMlN4bW4t}Y#%ZqbgmarPh62V zt*gFIi*oN1AFo&5CueVjeF^uT-Ys)b8+KS(>2e2Y2qbjr>BTjd<$d``zCiiqSX^BowI_I1LH@PyPrV?zyZB%yea3Xf@{Wg!BOp$6LNZmEw4NOk)wpw^rxkaSo?eSrU1?(=`+$dU73 z968DoFcZ)VSUH(E*cdpO5YP*oxR@K6D2fRZ&`X=xm^zseFtM_;63~m9|E=?Nwfd?i zY+__dukiH!~!-1b#v>_^fMm>KScNo2taD5uw;_Dw9c z7FnH#UI&~j{m@aW{`HimnS%KY*X9{&i9Dc!dj97QXJZgGJkxxKxDzWCGJKVPcTyXA{ECTA1I zTeAe-U~H}V57l^~{oK&2CtjMHW@rJC)u25$2U_W4uK++C; zKHa*znNp4=dK99^4F4{cu2k7RU!a-;cWy*iviwv+@ikeJW8q(HX)&q>s$PPqp}PUx zG{XS)X8?)~aGU-cceF|I5KLFBo7)?2Yg14!k4oEov-zr(X%Pv=`}z*~T{b>bcN)OJ zIlyFFK-BsO8UEaez`lsUeF7|@5F-S*dw#$*sKWxBe*nBC5VSeCPX2f`cvir_^|`-+ zwD;U+2MIXRrzb_BTEN{=!5fsRTDrG3BZQJXb8Z^QtyF13mH-%hleQU z(v$$G{J$bZGYQiEfi8hK2?@@{{bO_V_($Og)Cs-~)Ei7j03qix=NAL;tO1@CM0;;n z&9`WOr7avcsEPo~EwUCAT?mBU{42gE1}|Vf1ie7=?T{-PU_`7wF&rd9B2f}?F2&G9 zLXQHpV^Q!p1!H~(Sk4G-0kSx;VVJ~F2L)KPylpe&w20AZtOm4mk&tPfBZE5@53o!@ z(?5%#;JwLPB9O%5P!W(+g1osA4B|@?PoZ|fc2Nv6ZjvO(&%!{AK`FvC1gePXVV(Vz z{UH6j{Zjqy{Tj$&#v(UFBC#_PO!5A6A}fL`VlRRf!CeTp|MI1$PRA6hjmkl(UIy%4{m%qjC=9sY}l12v2-YFi)&c zP_Uv7gkcIzX67398wgh}&9Y~U%;=AB+Q@YT>GQCUPml0tVrIMZ_zf7o*+iO&68`Q{ zA6lB=7FmFd}1BN@+}uO2K7ow|YpCFlb{kN|8#H85cMpJPwMTWF`neuooUmi!Q8l5$dquFv^Evc=&7`r_Lo ztZSOs9+aD+E?9NQqt*tf?O=uxo>`XZhCZL+N7yq7{&xFy;Tx3?{wKjF*Jt6+Op(Z+ zGlo$EJ`rQ+Q#95z`Ls#N>&Xx_)f!z5eHA;ERF!P%QCjP@qLsXr%$28=%^KOYKE}W6 zp_=1XomO!gTFqfrJyw1!v#t8*d-l34Om5Ik%bGS1TqLd&dvjF&doO-Kz-fVx zgSQ9)3Yo(B2v0R)R7YbA${hTGV~v}D6BW(H*rOop~*P&2mj_ zz1jnjw;wMFPm8zfE{HdfXN*^jhu))Cw^!Gqx>EO72h>LHhUTThCAMH2gQz_roz_-%V2gmcKzV>H_&YHNi8_7<|C2zdl(@vOCn0-3k9}~9+M7ECAq!gr z?cMGl41->S;F>@KUj&R`wctyr?(Xk3-&^&qdePT+hhey8VpvIip z9Q*X-bof!`^rInZ>#|nFbjrUPwRbp!1MSzvGVMZpd!8tevDh z>6uK51gxZ$EKioOxTM5Ntdo!hd6JZ?lxe(B{4dgM+1z5|V%TD@gp<@VIo@ROV$x!3 z>GsY)&bcnzZd~HOifpC369|V(MxKPo7@3J3Np9&i@+y)m>X+BfcFuU0t^KQWwz)k{)e-`w0^kx36kJ!bq)#TAZRi0CE z@($CN_#N*kRryPm_ProQgNB+7ta0||#1 zg*55@Qt%0D_%3^^1X<*t2)HXh>pv4W3iDQcG!c~=dJfc&-i;zq`&NurbL9|PO0tMG z;#e0xI5m1Z3*D1u{;HB<*FaINFa05!owun0Gf!8_Yq+(|uY?hKF_<)1+BV!4*LHaC zejkFh1h*0l6O|QZiFL_J%JN=>X`RfTZT01%-8NMdz1~WUdQNl2qi&+LvfkRmedk8! zeC}cNf#3Pb`Oej=o5**dRtZHr5WTEh~t(MAb{$c*e;{GIz709xw!hOB+ z=p%2a+O*~{MA!Wi!&1aDWZ|Qw%4%I$&u+8nzW;vZevw_+dTD;@!uF)QozZ%C8^|ih zbL&-RAbk=J9NuPAdfjS`hcod-4p0E3^^ww&N|G9z`j%#vHlHq-UY&uH5ti|oX`DHe z^*yU98#g;5`z6ObXDL@Kw<(V-FF7AP-zEQ`K(%0~kfX4)2&*Wf=)Kscc&kLQq`#EC zw6qMTET$Z|+`0U?Lc8KmrEq0S6>U{+HF|YK4WP!k=A>4?cA-wHuCJb>zN&$=A)^tc zF}w+=$-U{S*{pf1MWbc9RkF3Ojk~R}ovyvOgRmpL6Rk6*3%V<)>$BUV`@YAn=d9PX zcehWkZ}qqO@40@3{>cHUf#E^X!QVpyL*2u?!yO}BBdwzxqs?P%V@>0% zlTB0XQ!Rfu|Fli>On1%j&-Bg;&koK>%#F><&QC9>EG#W*FK#UvFC8sgEnly=th}!J zt%0qDuOqG}Z{Td?ZBlMlZ?SE4ZVPXZ?#U-o!!3 z*4ob2#>B>nfP(;zUdYzU)k9R%RxS|CC#Wg_Qprsr7T|^8x@b zU~Fq>0xE}QEB8MW5F88)96TH%JUk*QJOVr_Dk2gRA}TH_DjF&(E-4nq zSHdDCAjZSPBPO7rASI=sU}9omV*2O(+@C!FBuGFDAO-}82mp)(1cC(g*$>43g%1qq zAL$F~-vj~x0tN*Ghk%5Fh5`D&3xNQ@ApcQ_2mk^F0s#gE27>^H1OtI({whQQ0VPCc z1QSp&Kq0dCX97o!%dHh8CP7o|HDqRS2$&XvAdOeL+P*e&WJS-b3nUXxP&O9n%XebK zm{Hj=xv3BOJ?p%CD@vYN@UtPQe{S!tuyJ61|6cWnOK@^g)8N9v1G|`-scXou;^v{n z!$%|lFz^>z(0^cp00(3J2LwV!WY8}J_CzRPO#X4Ge-ZR5PG2#T7;ZZR#0x2*89B0C zlY;*R071suH}eG|AH!Hgh0V!i=bsS%-w4S66T;^T02bsQeIfz)0r$%B5~P$Q@e+~} zFvMgPE+OjD?V^l%+Phl|(JF>(6`3~nL*IF1oBFY-0fT z?LamBKrK>;^F`g>PNu<}*?euFP*Ik3hGo)J^4DZN-h} z*XE!;&@dExyCzGU^{NNPt^I60F5E^&o?&<>zZ2ueWp__dzu&mbCY0B+&IVxt0;L(NALxb0q{F^ zmvg142^7=`Y#R@)RURE!NMu;fCa{UFdQ&A9UY-mNA$*$&YxRTi#z4ZwIV-+0fZ`fCbD&3s1 z#DBid?{~e1zSUl2;VeLpBZ!8iS|cN&H9&2XAj$YiMgovv053>9$#U!z9B2Ck1TSn- zrQdZ=zEFt&A-NMrSKpl!31NKWupTl$*Sqx6o9aUgidQZqCX&!Ch!-5~K6`r5YxXT- zM<2#QUcPfKOe_7*!TwX(ZAmxE z6@gn<{nWOH&^e=UYt3r7@-VrzWaZfMs`ZpOulnUIOlGGkI41Tdyt^5M^YqFxNxWp; zKGnKl$lflFiylxV8gqz#vai-Xfk1`LaUi=F&#wn zpvTT2c^GSm+O^EPW(SF&Z2}I?pynHICVnCfxiY0$(IAqgbmovhGN{{A`8OAJbruV4 zV+?aVU8v`ME;=&qx*IUGSg04-E082g0vHOXkLsC+rq!p)KZ7yIoYV$_Xec6)I$i;4mJ4HC@>Y=K-CE=dpnh9_oO3MWbU}Pj{vd$ zSM$P2B=uY|ddF_UY-^(yTo`pb)|O4 zCJpZZkDhQwJ>}or(TrBcXbRLd&sUof#qP!MJ+>=OJ^|{C59!&~1~1KX6)Z^mt$8XL z^pzU4ZZ?)$CZ@M5Y^`1Py^5H^N7iCV!(idR5>DoHbne+s#%p&3(|QL+Y=wJW)D+v= zt}j*&ke}m)UqM9cc+lwI9Jnw_G%bc#U$=8&T3XO_{Dm|EL9kkl zyt*#yWMGGko!%whvJsq06Q; zjiY#dW|!v`Yyh26iRs=wPC`=R`66e9QRZ%KuHTz9?Nqtx$KXfpC!l}vSvMBo^n+s; z)<|H$zW(05n$@<@cQnQK$*}sRsjO^M{1cE=(|t9dcW*6{riD+oxv-!)RnhrfQ^LNX zMed>nc(eD%?)s6jikHn@)++IkIebj7N65luSxTp2ZITA6X+u-f>T?z7Ib4mq9Q6cO zjP&GjD&4?j$-LQ)vt`I7>l$JL9!^{a-~<-?%#{`q>k4Ob{&V*08w@TrQ_HG5YqI*r@s*T+)}3&zbSU?QgapzzPZ zyB03<$pyJ?G1cID-0_4pw$U8u(Lw4A22ZC_@m&U9^}Sy4&Y}9@?9swj&p|_DZw(}Y zY$!7L$pkYz%FO+ZJ3@K3c3Ty?wetSj+qjf?<#^3ldP|R^?zt0n(TT6#b(^hXJMfyC z&Jk{PU2*6-vM>)+(BzB%y-T|}t@lb7!m*gXHa~km9l|LPdF4H_`>ROzy$E#JLQ22A zNs|ApZcNc#brmjgsWCI6N6NA)lnF+&flIb@*;%|ryhm-{D>3pNfb`;zCIv)ZK6GwWT-5}lO)b`X zV)U1k4U$)*n<|VVZ>0%W!4q}&r^|fC7?UOAFnC8S0icOE_-zk#FUF@u;j;#YY#@D_ zw*sQv#H;bAay+4Le@^uRw|S7^gUkf>(5ByYzUJ8G0{v53H}#_V92dLP30v^q)*PM$ zn|cq{^}A`UYV}DLJRhD79&WOdn!Kfk%~2hQ1hG}`MFx?0le?pQY#t;V!jc}N>I?r{ zb>P=?mFg2vZm~K33Bc%-{HsEZ-bih(u5ZG9~7lW4VzvvOOKvx_#^U|Ig z7v`O=y(trA_vam>!NwLh)~9npY(YB0AHM8i;bdc$;5UeDe$UUO8Rih#la%F2gW8q{ zh-45@|1J4S)jp($UL+iC?)x?;pQd-+>YRIUC6Va5h$X9P-x;fKv?Pw#>XDwOZgtJ* zydjR-v!F=5ptMt!e+jVd!5L$h@qST8i)c7=U|{GdzQ&KF2U*q+^w;jr7LL|JwaNX$ zn8OQ%z+~gwLHa;J83lF$HzcQWLvd<2=Sm@kupua z(K+C4=Mw1RtQs?VSPDH1#oA3&)sMPChrNSGge+0E%3dAD7B-+ zb`sj;9B*}mJ96`~SqlkWi%30jZ&+0ZcQ)za2kSCQ`Y&uezwo0wXgwLS)xDz~W#AZA z)rFezC(Ho1yF65lHH_^7FRR!gYIGnCKEDDc3t0gROkjc}GiA`S4bVud+9@ z!#H3Gv!%W8_qTNBfT$$Q*y9-|EV?+g3I1uAJk)pz3Jlhpkdhb1etgBA!@$?1*Qs3~ zUFGYrX1Y^frre|Ymrcpv&k!Tps#k-#hh@tyip3e567vV_Zx~INPsQHE?+F)bh!=I? zCyv#Q8p=XzHz4{?@!15B1oz)r)C)@P#>YK1&5IV+l}yhb8ipOQT#~0E;Ikol=l8_} z;L!FI<0Xh0jD(iKh(<@tkrS-zQ2_7~S1_r=qur$Yj~sC%jhX4Z0gKIrCdN8iUlLnm zlk3+G_PhGEaC4pkSKf-hNgSNJJ=aqlS7|PVkhjF?vU%OMT8wv2TUpja^Dowdu&Zg< zSUx`7MY-84Q8cp7*R|c&A%8|J&}Vg2<2g%a?RK9B;VIuv?oD*3*|rv44l}~`vCjikCEqngjD)+%O0z@j}d+WhaSB^otd1=-nvM)**uj+EfA^+?* zjU-=|#m*|va;||2gNMNFWswAYjK@I2IX$_Nj(9Xo;2BF#8MXT3xeKv$xkL5|G*yBq z=&w2Tcf}_``6Ve!DoRjYG>!jCvzKNqq8-LzAE>x?-Fridl#T+UwTzaD9;k@Z@-0~6 zM!2))@3{B?*(=d-5mOlESV~rtab_y7ReuPX_hvHbsROJEP2+C!G1cM0 zW-CosoJ^jD<#%}R$sv~{Ez98OHXt(ia<2B5Y?-=Q@8}kcrY5$TZ>v?U6Tg&s2a@JC z`XuJXIG}9!Dgr`h&*%o!R2*IBt{$EmM$?L;->g(*5 zS*CBTEI!9T;!7#vtoS1jI{rxI;;dP#_3f@1H>%Fxt;X7AwUQMC?n6qdpct0F!>50G zR;u9{9TCeh`@ti-r5>xkZHz6dA9<7TPV2GE9rL-m%KxX5Wj+Cfe(;B5xm^wGe%C_X z%HdX6%+Jg?n^#?!+G=#A*ayxkNALTUz9C%R;^bGkfcb&JaunQ@xd5sPAs}Xu-+M)o z-%(iv2;8!JA!K_voc&Jq^g*nx+(A`0Tv+_bIO3}c;ywDTmjAABQRAOgND|+b|NT;S zaChd_`=S9)OGAe!J6qxDk8{$cCqWeFT68&w$$_@F?HxAdR))2R`HQoXcxC4}a~fhm zsW~^DStIcj>#2F(<=_O&dQ}J$;(MPfK600(1c+4r(ComAUV+oP;#>Cj%K+x8WKxs|cYp5^Q(`1w`IpjvQ5F9!7II|! z50&xXoBsvf-|_xCy8keOU}Ruq|4(J||Jw+{NoCAol>@Qkl=?v2T7&_L&sn;IPOYh_ zt`ymEWd%f75Sh)Z1Rx*nW7O?t3Xm^KYVoSEviE57^a##AnHSP=6wl$SK!#`h*s89m zQ12zI{N^)VjfW=#6lK3TsGnwVf7KziWu}^*GGMPQxL$FDvMKmp7v2?~4+_5v)KpXT zsbd`ww2|KKoCM>N1={m)*_c-yPPaE0;7uBKj2CO+2bpXGd_#3 zEUl_Ta#qxZ@giAM9WWD)vO+!18wfY0k;E0Afii$yt1o-DWSYfyKhbeSLP-_y%>8oX z{`drGXtsTA{s>F%Z(Nj{v=V;Le~(Yil1mdi3EN}pH?!#b3q;+#0xQ}$6F@tqiN&dI zzzZ;aX3IuG#w+fMRmPsq=9X}tSb9`smvq`HW9u+B?_$_oO%AyrML0j@cfBHd#IE1i zqlww$`e9N)uZUek+%O}#UM>*8D^b`hT@+_p{!r$q4~wqEo$^1Y9p{rb3~kwnXvl3LCj zB|lDvmENZQxb&|98Sa$Vgrfz}#644cKL3{S#SwmVk#RuBa1=hiuF*N32^#Q2n!Bu) z`*~&@EI{|O1)YbZYzRYW_h|BOe@bGX8K3?DA`$d$jkjlE}+>r zu6FSPP58N^+w?aryTQl~EH+IvB9ZEiNyk2vj-T0tNFQ0MEk?5|u5aPaWGA>tX6lprL1vOUr`yUSkLXD`USOjBSnP4%{j~wJ ziX_ngUwN11KPlvY%)9?aRe!g%{+)N({=sZ;^#6Oj`?rh#72f@#&VPGM{BQE^-|_wz z-sSus8K3p5$=I&3A$FdsU6t^Ll2OJJ#gx&kO0p}~_#3;cxJp$fU*xV2**8R$p=He^+Cv?Cc_Ru{|@vGNI#>QzFp=eJ$ie? zT3cI0_2z~^>J5qoO+D0cFF?HNU(wgKLP+uo<1nmVSjih6l z4L-Ay@;+f+q!HfE=_k$y(`A6V(Io57id+Xisf+rIi(p|e)m*!pLMkW@sTy39v|2)= z3UcEbS|+Y>T{=xaPl*%x`JuPF+F^dqh91QdV|7TeU$&watH+cT7qOfRA)yNX1M{4> zK?1*(N`C|)WpDfDTeYTGr7{l0?Ew$r8Z{V1Rw)#*o?S3f3y4N4h*qLWuutPg)MSl8u%rk@QmjIs^aP9fuRMJ?2Ib9?vkZJ5&>akHRRbahCbo?y*7 zN0`~++d&gg9aeK7e{A@;#h-kRvB3GWNOw69BDlt4h8o7phmyF}l}^KX-DGBE(_LZc z;Dr1#aKEc>G8Nx_cM zn=)3UgucnN3tz9*PD@nrtAM&TaaTI@3T^m?i5JafaGPO)MutVX52FZ=r(`o-W|Y?C zs;JhQ@1WHBc};F#HPh6%uOZRSQ%UA&jbWG2ioFm--Yi+extd8ftYw7Ns*#gBb!alo z6q7b;3pmnfyRh?^y-hbfw`+pMB|Cq)9MoIrGPyds}|61Gr&G_GA@qY=#{{KyS{{Mx=|JAzq z-%W@aSr{4qC(?6}>Z-$vIHLC&=&6Js>&Q1`XG-WOxNkm*B ze2M8iNNDdl!&Co>eu-<7ZNi_Bo`c0^`TN)Ef6_`upafR^i*`XZ@X(dJ$%eluz;Pf7n^2}94?(TycQ#tZwJN<-F zsmQeh?;2mRUWJSuA&gG*7#sS(v)j>&X$C$B){*7H1j+D}7oJ z{_)H~FlRRSM8ZlHT{6xrP>1p=n2-EC>17JBzG5F% z@5$djROHnwtw+x~w=T;`bwJ#-_d>rRq{+;L1Pe5)R+FCuf$^sNv95iRFOx3n~e}1!LZcb_jE6x7$WW`F+MjESFO;qZysWUY-AE>dW&~xpc z8T$^rUntH|>fWhCmnAe=hg&$+yO=bJaqt7_JvynqW!_XbRxcv?FcNz%w}x;(>(RJ^ zcPHf?7=Vs*0FP*3Zs7`YqS4BGdiCy=MlOHi zB$8_tql`-b4|8t;Tgj4Ti<(`w%goHo%*@POW@ct)w#&@S%*@QpY?qmt>HGFf&+DEy z(rf+SUwTR%oy-hnMnvX0J65c{_lnBBwyZyaUrF;(8C>~CcP^@C5*6ax98W68_A<;= zYCahOR_&i4C?kg^`7b#@^L5g8$@pugYHXK_3p%A@1|N^&`4@7x4VI_jP-;b_QkDy^f^JcQ`k0_g*l)57QHumw^V4BNvnhF|MX8^B_w?bz`+K+uj+wtf zc3N@xY57y*$UqEFfKBozk3Y^-&Yo#*1i6C1in+_4RNpEupATpg2c%D67RmU+0Lp!9TBiywlUaHG^cV_t@s*rxB!OX0aDXP{+TJbZHR zAHaqRK9;_s7Eo_~hCm~S=X&1n@%$m!j+WPLiiJur+3=xwkR&xRC?auwE0V`Q<(C*^Vem^5y)LBs`@~a-EhZx=Oq>UfxsVQ_>aNL)EXT#F&HL z)XI47Fy6hYulkfGD!3kPiLg}dlDwS?-r-Syb+&!)m5Dp^UTfH{)a)L^;u~|&LSZ~@ zdTHi{{0e67`Q_x4qXoG4OB;QKS{FruDA8)7esGgwMH3wF~EzKoe($ zz!cCk^w)s;WpRdZE36Jv`Ld1j7-V5LbPC1V;u$Wk;A4SGdJn8WoVO@dA(hNCjBwiU2boo$JoD|@>e z<)`K)1uqq9iws`VB0BrwhBSLkO%O4YMnUJ`fSTb|?9l<|siuk5AYs2Z$4I)h0n>kxJEV^4oyR ztk~}+u`y__T+h|A#^CyidF1XmV}44Xqg;m~?u6>80#Nyw@OFCKofy(ZGhN2u`V`>? z0=!Z_f~r4+*dVUHx>*YN0bHk>z4q6mrRZL)oact~iAe%=o=}iUUXV>Y2=p9A^X+E| z?*y^YFek6BgnLo1&d?LX)bR*{uGKXa2Cz&>W7=OHt&{J>&WF%uy@$UD_p}pg6PT}A zda&K#bNF*kTlTJAX&*@95}+-TnJ+!S*!rYz5Vj^Uz!B4D#3;HX8{MJ{k}R|GD)RyOJ^dQ>M&UtQOa(lCbf|yL_P3rvU@g0ZI^Z} z440(?^{5HL0$pFJcdtKN+z|^hcB3NEI7_%baFH(Nc7x}BXc2P11x4W?1bFHD>A;Xg zlOmv&>2aE&0#;SO@2Hko$}MpKxdYM%-){u5 z#(n}a!Iju43tj_kEB3NMp*j(%m*i-2;tp`7yGq${EhRd|Vh}(k+tTVWT(L?ZsHx^< zw+L2tpY&Exkm2C?8TmqLbf`1Ju*qhs_T+!&H4gmn4QN6pY3jt%F0gbGBhfKQAz|!M zM980M97+_{>P1(5mL2>2LdJtcmG*8^0?^kz{qu zx8+|C2&KBt#njwnnf?<<;&mpjq7nkk66{wJwQp7N<-C64i(>)@#smPpd_*jOG z;1UQONne1uuau+K! zt{P-t2n3`sNSXyE)Vk&I;hb=J9=d9u8A1qqpM_3Qb45fC0ufZjIEvcQ(p0ev-@J#Y zC8I1?X|`*TRqa!lZP3eWtD+ow55Pto0A93jP^@B)AOwCaP@M{#h>ce4*sh@lni@Gb zo<(L@Wk4Epi9}{Notf2>VRgZF;t^(FcRjAxNL^D}qb^dKq+E|Tvj18Gl z6)96|8nxVlPl**4@Xj*L>#w1TLY zMFp$8q+;?LnqpTZ)=ynd+KJchgEUQzJn7+ag>Z+A zWHf?{C6Fm{*FEv+U_&&=o9>8y^lWFs)>6I9s`8{&%N5PQjpd-Th~`d02dGs~kc<Nx(8w`AAGz>{G(xnD)WCS%X{6{5HbM{}oQCry}<2y)A$H;W!it>u@dhr{Ko zf(gH&tX}lA%C`|y3_{ssDL1YsWbZusiNnKcoP-S|zn!4w)q;5Zt=@DRbCtV9)vU5J z@|bBeoc{21SLg<|S+iGFqY;}NhaWFin>Y>Si~Dj4+|=~>Yy!; z9{nJ}3b)XoLQwCimZ^ zXccdkzMDQ@;N%OtWk*LaX>{^}S{BOT2VezfAQ=#=aB+Nd9y^z}OVBbRbR2EMF*Xns zXo@H=&vD53O0|%IQ*>?ll{-#6o-0`~O!bB2D&UUKIEVRibI*;%HKupV<%t^I#g+Br$jM@cCGwW~Gcmm|&0$`U zUq>ai5Z`fDR<|R#%2I$DM7BM4D8R<ORh^}FeWY_|UEOn`^pY5hE+W9Gc&$C)f6)e<^^9h<-)^kZxue3|evFN1<#W1Rh zumz=X9gR!r=d}Bql7!akQ<*%?@A}ZN>vvxV#udV|TajiyPhlhxyJz3hjwCtu_^9Wp z=xf3m33S~}PX$JTv63qAwz`Bp!cm={e**LiaMx=YBS)r02Wa(*jnr?}Tx)hlhZ_xyG+pBrwpdaUcGfqvDlu(AvDj&5>#5!_mT)}M<9=HA0Rjl+KB zRMTFX7jr`ku+0*f)rm_uGmRtAD7SR!iA`p; z-TO{o=weR$2=*th&ZZGf3dprVlX>E=Xd(32qT74|Cq!o3m~7NUNYcqoei!rsHxEh23bNGI1X2ZG)8gu?|RJjQ0?4 z9o}HPF0z#)(|izLx$e}>*BQqNncM)L2wH$!#Rn0!DjlY2Lt$SmF9!&+!EW{n1rVwH zR7-SS^XpoaJE|{7PG$&;HDdVwZ$gA(hTe|QF35yCUfYHN@VvnmF;?d-+Wozjqb^pzo>B^S=!o6Hl{q0;e{ zVJ&?FB|xY!lSg967uMK*DMU3`zE?*BpFOucw5LNns%>T~S35O1%$&f3rtMV>FMaxmJ&2A%;GeSZD;a@4z2pJ)DTlGEC^dAbGQd8HatKgqaBM4(VheWjj5^6fmU1SVOAHoSd%d zg~aVF5e{T%&=TJ?KffVB3w!Z#b4xlKc31$pR07%NVA30cInvl!!@-_vi*Hbi?50j3 z>VMH_i<&5R8&XzcVQM1G6A%uH4<*e+>7*)(kCj_|>nUQx?`{4z`g;VGnl1qZkSPJl z=ccWEpx%jkQ=pF2ZIpD!5iCN@O+1IJ4mPxvp zqS~#n^ggnP@Bt?PI8u32fLBHZ377zbhVRSRk=Vzbuo>rYXW~~;?dWI&F84+@Cy-H< zO@EZ?qc&amEj8?@B?@LCds9Dh{CpTdYsp|vxqo7a(|aUb&7>;-k_T>3tfg$g<=QB_A)Ko<;&FIX=-`qr@f4#mu#IrDW zUwyTTMu3gHACL;;S=oGce*a+!YYEL_Wiy^fMR+U>oIJg)AAqbLI=0`@xK3e#X1qi! zA4xBCeZaQj(d4va(-+-0?6a#Rq&d;_ay>>ss zS^tRVUXtPx`d0t4q<*?8#o#DywT%;(0^$Ne{2~#9C%_~^R@iZp8vd1@1kKF1)g~i} ze07!dL~$AHF(8c45@5{|i3NH&Y)`+L zn75_PT5sn!QK=W-6p0vN&npYmCVasR%*=haL(J&Fk2h-*)4(Si#NG-oMU9$)$SiiY z23QL^kAR_u25Gmr1bwWS?CbX_*9AdVjDXa4_PF#Dri9IFo>~=NC@reqKTk|Izh^F( z-N?+2wbKk6iNY1`LA2Y~BJLmz+|lT8 zCs7m%&>LH2jzxX?o|XF+pXPL@Incwrr7}2h8RzN}k$)BTl`9t9AkbU)q?do6lx(+P zgl!N?J!6wD%3St3;DmyalMN&du&pis55{s?{+8efszx9n&y+Z*a(khm^-dx>_B9|B zl2F%l!>}iLKI^2K7$1h|}TxjG%vX|BnGPti(3qxLHs?az!9onAYewL1rGq<1R7JueugYNP`fn zzmgnNCz_q;1z=R=FGirg$=>4;){LGA;NyImL=L_zAq7Z6q5ZJsO_so_3n6yc1)^!j zDUWkCX1{R6n-}t+ZK^XagAF%|qBJakEbS3vQ4OQ|xNL|~F|@Kb1j83e^@BqI#3!dF z5e+f3s!949egV~$SVHn;CtKthsK%RxcQ;HL$I-= zu0%ZNQ&jv4uOn>K(pY7M+v?Obghf*iGSTff%jjI*?$J!e|Nk78-e#fd4K=!0N(%L`TcujA_G0kzr-pBs!GS~wZM12 zslts2gDqjj<_Vcu$8QpikfN9YdyMS&B$;Wp*X@TYJU!x$UP&W&6S?hE9ny(NQYm-3 zKWN`P4R03j#UhGCA7Sqi1^HZO|0bqp8Ykw_xxmy{T3fpKiB}>f@{=~c=xRhc^#i|{y}*L7NC|1&SN&&7 zyKgl{m(J5>YpX6@mQ(ESrle_K2&QCI=x)*=0d6BKo~gk+Co2P&tMb8yVqK%1-YLM;=fnN>F^4h2R+_ z4{q6eF6?cYpNDM;`!t|u3{=_}vKW`Q++`6DU8-UQqL~&Ed=;Ielw|># zet6YB)P2!n(+mOq2r`JPO7uM{x6Ho0<7oTYL& z;IrxQ*m@o1vjOZXjTra!0LjV7@qIZ*!B^LC^AEUl;lr||nmHidDa@M8A?uo5CpgrZ zdg(`#YPndEVUt(i43s2_V9zFjs6ShCZ1U%WoZvkELeg5;v}{mFd??Jhh58 z<2hhobO}OSrnAA=`Rj4YiyIx0OSP^N)Ep%j(VVdlN~_)@K0fn-X7@9gv1u*;*E2Yi z7d{tk5MJyB#Ukc>2a6S>H(UC(L3EX+l^=*8oLN`y3EZsttN91ORCL)1#z1qR>MgWt zV89mg4JGy^@)Terwu@Sxi9M2RlSUGwPPFyIWc3Aqqn<{MW`O-}pTb(ov8`pQDq08E z9YX}7KU7wLIIL;H*2bUF#gW6((2D?JjYT`1Ow{{xOv-?&H`px4<&wvlY*;luMGGaJ zny4ll5wgC*Ni%ZP?I|1x$PPPe+~SR$A@G)#yPUNnLJqM+0ml>0Bd(Dz;z6T zK`WO4+dV!v-c%F%iSM2Cjn-!@bk9|}`@J>=m&$hYr1_rs3xqIT2ko&x_W}o8H=5gWQrm$0^GyAT83S_pxGCS_oQ@qsF7k<|JJ0+Y56@ zm%D-n9iLlbK8)m^$_1ffC-Im#=iZ!KtT&(mI%uWuoTc?j@$&iTl()*j*#}E877f!8ccdfGo|Lj8x$W zVhAp5&+P0s=%QUqt%falwW@L*W$G6m6fBWwQov^`wrq~ z{{&roAM!=ud+2XmTG2*aX1NXpznoD3kPRNjDFhM^a=tuoA$AwvzXkYCUOI<(q(>>t zW>{@nxWcnBq}9OV3D|Y-4w_T?8V{myH%hDYRu=Zq&_2vb93+|2>hOY8H@*J=VqHJ{ zlp|SRQWx3#*}PzT2caSdwhrJD~z^9u}s6aM4$e*k;`5F7R{gFS}7XQ=#FL>_w z?&+)FG;5u^bgV|5*{V-=Syxy=Df-VHcuOZO*-Vayn2XJjizGymrV!2{@tEr@imYB!Zh;UeC*fgtGmcf>L{IG$T!2{jwbd>*HGY<*soBM4Ns} zhV>tNmwtszd2MB)*gw9*|A*pF zm=A_vu>6FykYz5lUou^0{zg1Y6?|Vhc^A_$hHoc!lHRY+>qoLN=^;!Eyd#HC7d|Rl zs2NF6%Ph%AV~q%W&s~)&#`<0rMwIT0FG?>LO7ne9dP(G(PY2zccF2k-4%z4O0$($C zhq*cGAfLm|v>tf}Ibj%~Jdn~Lts|TLcyFkh0pTPN&%RS?^=5SGn)SLnWMFmib;M4~ zI1BSD>BY#>FZaYxv<9fZHxM`B<(F?OMwd&@tX6Sd#Umhe&n=eQ6K)2&E)TNvPY;%% z*`wT%pyBg*##G8ROffl%gP;Jmi4(nw+ma#!%(KO)Jt|?Iz1ZdcxKEiT$>dK3Y~N~# zDCSKHirk4=>z5dP0U5D{v62PI5){hi3L}I8>rOGEN|h7e>&n9X_HqeE5MZCN)&HqF zOV?xb3iHVs(=M`Dkhs=#HTN(b;55X3a3C>bm&L}L7o>q}L|Z%Ue{b&kcu|E3sw|jp zv~R%rh*I1BXm`0Da+3DUoS?)snSP-c;!R^-b0B33BNn-x=ZbiPA(DKiG*U$QFf-LI`u7Jt1NAwdW>LhyIm%`LzpFcEl;MV!UGKz>{s2(bq^h-UM-NU^0A5ox znOpJmLj0K}`DCqzTAPK%(4+P5b;14Rnha#k?NB&14bbo_17CpXDDIgsSR;$zqgkeu zb3z`XWDvo^G@Du(=zW2b1Sn${2oSmGsPkTt5NT9=ohri%}=jH4VAb?jv@1c=b-Xi)!jo;d5$3UXT~FJ!fx{Sz@@ znSZLTCpVZrgct4Fh)nX&fs{o6F!%4vxnO<$Ttq&n80HsTs^Fei8Q^adbKrIaH*zrcnONWp+Wr7mRQJq<>QjXW(z?b0e5 z*tt@MiCaOt)Ia5nOWr=S&KIvm!RPk3_78Iu zY;EwKT^yMQl_N5bKQP)LL&{#WYSsDrUY=K z$U0{On7X*lPc&fP16spPylq zUK?sSv-f$yBH{XS>E4k?q{%PtN;hn(!XfbSqtmHw{ug;_t3tS`KWs`*&DBz)_F-gi z4dAhl$NRBty2;6<2n(liU!EiQ3MN)M5F6s7LSVZF-!Y#RCmWtWKG_(FVCp$1$gyk^ zVh36;E&PDL{!TJ3V?EnY??KD(WSBTO`R`wV@ft}Yk0|Z~fWEEl;k%}6rEaJ0bZ%{< zMO@U@vi4m|`6s|SSU3)c8bW+RT)jJy#n^a;FrB+up?9rU+KZ#Ic9*s$NI%I!h@!80 zFFzV%>2m7<#{og#PX46U@2-yw5Fy$C<^H8GuW< zZ6XR#C&pnVj}WPmCgR+U;P>EbTY1P{dp)5n3~k6Zj)BEbt*l15Sck7TXfv(Ah^xbz zu<;9sYOi5rFWn@9$jCxyoyej}#O?Gi<(p2iGVMK)vo(yVQO|8;4 z0>;}9U@G+pnbFhezHM~JMbg-oqOV2GkxOU5Qy2@b4iOk{^{u(SQ$f}QZDGmcm`T%& zX{9de@%Zhbo0sb|D3uuH)jR$aU7xdiF~q(Sc6U%e==PpsU1oC&X!yjfAAt+OV`0`O zdhP^I46ES6X=?0+KOJnoHCcxeJXjtVuOXKhn zP-2nE-VmR&Nj=N2-1tB@DAZZJ-Il@am5K*e<2>K?J4{0P$_D*g!zHMlWpP@mS<6m8 zBEpI-T}YEd3^09ITwTDc;Wcd3pDno>{TP%T0H8ANab$dfBza&%=2p04x7DG79fn${ z6_xA;9h!EwHe2zu*@aba&_u{#0iT%~P}xl`U$_8BUZWrXJG5o^rR%HK35%g=8b^ZFPdYACKdX8k-b zMW0R+@6v20;18L>1&6cwc>L7%F)a-_do=e04G@utRIKM!tZX;RmZ1EP9k~oH8oVCZ zPa(4*1VFu^>%mozl?RA~PA^P89hR+r8xNT3&Sq#eI1qBALQz?QkUys{J|n82>X5iWGRzz$l7#W8>`D*MuZ!up42esyK#E zy34X`4~U9Us9zCOlr3fb&h^sj$4_M*irBx5V2#!@?$2gQ2~(W!RBzgc4g7IdSjg2c z75IujaU6?xxKj9+@W2&IhmI96Hd!JONPi3&tMMZWQEBDbT~iZvft@((1B!=Y7UU_Q z$ak*}{SddRNsz5^e@|bt#I(}rb28^F5w%3m2SLdg$CPzbOm4msXVn)=4hNLO_Uam$ z<6HN2q*AE5NI4HEF;ECRRQqfWi8!qZskf8>U6Cw)m0Z6^VVDx`IwnmkkhDYq70F%< zEj63OMtz&zClWvZUN_yMw(r5Q?_npphE7^=c(k~UL}4Pz{=gL{jZh|5zO%R6=Ka=n zz~IF7ruITHB9={CZj=>N)QjW9z9dRSEpfwA5UGlNsm(1YOl^z-zFiJ76+N+SWJ-=; zwYT_#5lF6)V;*aW2c`(yYOf7aJuOPB^I3saN#aAXEF$-MVHj{ItZ2{icPq;bYThiW z3L6T2L>_aTL6gWe5|6?2;I^077WYRhDP+sn^Mf0&G74`6*3rwbbYGg-qQolslCm^b z0GD)qDm9Yq8+ac6-P2ofYL|-IuWU%IzS&UvT~C#l1e=Wb0ENlvMeS2dMDO3~QVgO= z)2U-J45Uk1H}Z84TA}f}UZ|mUjmm0RE%-kLda?VChCi&qF+wcrqin51phfRaI4twL zLoC+4NL^K}D2}xTIOANieoUZ(Yv#V zM=)u_1Jp+Y<|3%>ew+Sx&ph z&?0U|bI2navri&QLTn$z70U@lVjm&v>wH&m{eqwa7|CXC`X8+1KP4dlhn4)B$^-QO z5&>4ScQX203G}x)uy=42G}W`mV`u%&pp(-3&m;Qp={od($OJol%SJFW|K&ttru&O1 z_>cX+_89(VlK=kw*ZIGH{wn=G&-#})<*)6pE1~~Vu@JWYUf06R+TyQS#fH=~+^VJL*}Q8GK*+SDBEJgMq!7t)q=S9>aeoZ~w&z z{9W|oe{gmEx2vFO`5g@YlI39kP8Il0pwP4ZPXXk=`uo@2|0<(q_)dQKuFz7?!~u_; zO)cDDbL(vZ=!`W9FIpIiSQ-Qc%2u{6S?{*LeZ zejkoTRw~~Q2bxyxKik0kxAT9s_}feyF?>J3@8WMS+&^~lAADy2qcQ)xwP&OIejopN zK#xby!t^~P{B<7(M|&eZD`-fuut*gTIi(}yugt6V_HjvdkOQMXTGe=MmQq$iLP|)^ z-~kG9VyM9d?IYvh5{YoOQh)NX*Arh&*JKQs>BCbZWje}DXVIiJ=GCwfEEp=o#FzK%!{nwnza)^6{!>5s@)}()@OO@XMn>Zc!#^e z8a|UZXX&_yA650zD!@?s`h;q{ue=j6=BAd`QK`n0##+c|o?f$YZr+h@POv+3sojgm zHdb|?{%fn=#AoFZA5o3P+t`n+x)kfb+s#JnjQ3CoQ_>9oNK0CztDGHrmpVtEsE_Lr zgq!-3h?qw%orcR%kDU&AvWoX-=?s!701hkoqi6vo5GnJ}p|as^9&!O~Gg8k}Eu z6el6q6kru}fv#c@*`t>V!IZr-i{3-x=_7uR7%P=w6Hc{MppxjMpE&-Lg4^fHHD$pv zw%ZTMHI2R=p0k3#E;uac!ndJ_KojjwVE_D{m{E@7DP@-+WyX{SX+|?yY;|v=hZsLV zF^hjG7BR7tNbE8Ke5>fDy(I^ksB%!pyf#7?9toDe=(@^g>^a1a?e}xy4|n-B(z|Dw zNe!gMHDc8ginitrgYzG}HoG4oH-J-nj2i>k7*cy?3)OjlInJ_apCte(cSxDZs zTK8hoDs@*dpb~xxc~pv1fpB9mjUoQIPm#StJbPMuWp*+3?EVf}L+DPu5gL#029|vh z=XR`*0!L10N3J4WI}^gUb&5d5b7UBTG#H}lN&pbV z4v{fObu!#!W&1G8M5|l&*7Q3!32ix~DxHeBTtf<81!oG6#HU2s#P%f9arbekBppo} zbsBZOM$KY1$qMKt9gX%%+|`201r-yIsmBhh#tU5#f`(A;mEn2#{dgYRFp3U;*kiI! ziA)Cm^CE=W2yfv4BLtMO?U`&U;pfs3WR6Lc{(aukAPqXDE|F$iDDWVHsW`<|;dR?U z(o!udq)G`YFC91OR?*2Zbm8!bW29v%-X#ztR1b^Y7n_1osl|MF+Axp|1ngfyxPM$+ zM={7*>^E8Qw2<_HCYdYk+k+lIr}~ogrM~il=pCG=AGN9#^^OGdSME;Zt=Y&WGI@LY`^$h@l3`z;Ayvd znyWjH|A-&=Qn>*s-#cV|;_MDc)q-dqq~C+KnFcA)VzP~?^^H_Yj~_u6iIAT(EIj-4@>jw%FWk_u+e$Z%L;p|H};vXPGqJ~Rl6AGZGL zoo`QIM2gz9><;Qi%M8_}h&r<4emax;Y!bdr@OU0)hLW9?&Prjo8L+-j|t5P2jfcGuX!d$`l>u{xjwnjU7+V!EKemGM5|e`kcF4NeV{SFh0$9w^m(cvI@$CaXHv*e8%YYT=FYj0^Ydm?)g($I*5Q zRbC3re5Y1_shQ^1ndbJ9W~k~Adp4%DnO63MWNOZ;oaCPRsqUwed#V$3vZ|*c4$Byj zV#l^3;6%!dRKoG1)O=}X_M^oMv_prEgFoCC0>onVsoN9t`PQNeV+f5u4e4v4Jg-n+vbG+92?BQ&uuP=t6X#DX7U?qxd$<; z;3YV*3JR0axR9GtrJG{<|8w;&TSp#cj7TXhPN5RHf@tD`crzB6Bdn&_e zo-qFkesMSKqSc+IKPc+77O%H3-(hJvUsF{Dmw5L=ut@u0k(#rN{sc34=c(k(d|jzE z)>*l2{f)J^K*!sgxH?B&*Fe%fMk|9W(P60)%NXr&X`7;~wVWAZZhW6uxTUQv>~zYr zALXEO+-E{yvnd*!ls+={Cf405yZ3nE|MFyAf)l&-710PA;ljFq%yjP4)7a@c`>V2~ zVXnLlxT|XeB@ueZ{pQ@eB4%#yu9HFeUYn1J`A?8MFkPI_ zOAsI&=?4%`K%eH?It|4Ojh){s5e;><7iJI+ljHOD{aa0DUYr_bo~?el9^F6;1|t#NINxa2{(5S_+gD;1Ymxk8%#yGx8AaPHP2WB!QkQ@g#lydAyoUoVw^0&~y&Z zDx08UgYvUuxn)VwbML-rlsJZ|KN#uStMPry@F?s8E6C;SCX zJXyaiwjHY#ts>l^6#|b`6>`s+RHy=jD1vJ$U9h1Wp4Zx63$q4!Q;&H*Ag3|<^0Z+ry%zOP`V`A%;1fgk09sWeXFc;qTp`RyWG8> zzolLJYVAabY7XbbHtH^55=3^jxRo0KZNT1pk(Zk&M2eY_K!BFkc7Om{A}tCx~+#> zSXKQ4ttQ^s1HYq~v5KKfbSewj4j2iqU9kz_y&(8P=?Qi;BlrUD8Ss(aop`Hm0?R%& zypRb`a_AD6CEWvKK}ro)=8KIs-}4mYm2~0gbeE~0ZKwY7B;_tzzOZ(~vs&CY;SytN z{S4FB{OizTxNExN#SDN=Qnt|Vy#CyV=B}0O%?|fPCh%oR+iK-07pM`MPrkqf$ps7ej^8+9git$II4eEZ zgMP5OWb%UB(!5RYU8MVkUcPpUaiUi*k=;PWTvF*PHWsw}**!fY!P}?i%NNi^pt|t9 zoDI{N73Q1zv`gPS(JMe0jUWzy1Yq`4hw?}O0nfBHcAoG$1;_@gj=$B%9k~>fzlOn3Nw}eb1G_xY0b2vnN}CKdw#puP0-qK zep(rK7VbmxEhW~5)mCPKwFFJcw8K1mak}rx^|Joa^3K405<@CT&x;Fef}v^KJ!T4X zCBIeh;JwkB>(J&(%Z$}s#^5XDB%>DBpl!zOj_eB5WJdPFEH15ml15J}i^`+h&JS_| zV+4TNBy1CjBc@`cUXEwN1Tb^SFtHvsb$C{lFWbFHu89=)Y%2dQEBg11M)}Q$ho6r* zuJTJ8(hGGeZmsjK z*U(iM^vKQTF{=tFbsbNh@Q|{GVOH<6cS2F~4i0)rObw=h9j9P3UblY=)R*%X!<5Gm z;~bBXmGYSp8Rm1Qf{^3`ExG2ptXU}WUPt0};wXh|wg1-#cFVr+CrClibph~&_dRw< zOjqcm3O7Gj@T&-Q;%AvM1~y*AQHBLo@lh0&#OxbEbVG0YA2ut*Wzz^8*(SS$CNzEy z@+y4UrhJ?GO(yMaN!EmS!n6RpleJ-{ftA2#ZV(eS5oi&d#AA=+woiyhI_O%Qy9s8; z(Q}bewkPV><-Tz^lM?yqJdrcvwZ5|(wjI3tBgV+sgo;C9zSUELF=HzxjpD)TZDIs(jjnD3@B<)n0e{m|-+cQ_xs1jN{AeNjvzBT^w5uf5g-qX-YO)wQ;yR z8N5g7zVt%sM1dotyd}LJ@5pgLRzViD2kjn!1p_?IA5~zy08#;12IstjN!E@-T6TXH z^hb~Va&;M`*Va_REmX;(dL8Fcms-@#!KIx6rm{$7L~ zO7w{4>CFdIw1Yo?g&o`l7rynL_fRT1H&2!bEencX+bv+8>!ys0^PrUDg^@ZiVyAgG;VlE?d1 zbvdr;@X-$bi0W9VCG7HAXVLbNJKykeF#2^i#ug3{-r#E!iG@N4hJSTy9|M#QNVt3`lD1;b1Id0I!;XMZWSjFfh%F0XXxd zD+lhaK&OjJF@A9YDXUHPG4albwlqo7KIzTRKvTBJ>-J6UT(40gI0Fq85q17+J2KhI z7I7GT*yT#5*~OhZ)38%bjh08DmqimXQcJ{EiGfk~lBXb7X!=;0?1;c1ZE14+0_e~~Ohlv|5kuycN z^P(z)tc(r@X2AMW9_Km1i;dd&6DIrfnD#&R^~`N$7d}Xxg9=`rtqa9fhReMWDF+Ki ze>C}XR-q@Utc=a(m6P7Q>o^lRb&{qQXUBf2bEI-EUTnvu_2fUBTv#DK12La0fM`aE zt}n~;YHlXUkm{K;VF!MYEk-E-bL&y-Fy>dt=MEc;VeaxD+Rt82IgVfWI$QgHD!cM{D7*F_p^znFq-Y++*k?D!V?^1r znzS1es z9Z0SliE)uA%bALW92uFK(kn~Is>-7cBJsCpq~5~JUrYN!SkuL+cEs?a5s4}qWvaVv zeqH3uLVsLnp+FjZob-f$Fw}a(@f{bZKeT!EkKMDJlI$E8U)bQ+k;oSnb%54cY~pJ< z8>Vj6F%B1S4Ko`WjJr7|(Rt9{nH6CautRM~rksDj$^6E;muJq_x4z?PS#vA7S9Yw~ zvC(2(eTF73)Qv*BE1SPZpGQp|_r4G#ugD(#<2?&AknAaWo5!%s9Um?Gu(htQbr&Pz zPVGe*wVTy34n#e5!-%+}&va|^$6GL=$qGGQQ1-z8?~P&#)$S# zr!<3P3;uSsR~ZeFrdL!Xs4*xleB^271-!AsCytd#^!fb2=w~;=sk+uJ7SYdaT|v?L zojniFU(3x7;>-)(CUDFw7X}7Wk7hOBIah`|&4juRmwD}7-#5GP6k0q(d-0L}PR%h+tS^|4?cXL$J)ZRlEZj1ZXdUkvE&Q|O{51+^t<0Yx zx7Jjh>@azvH&1UD^J_CId@t~zPrN%lAF)q2sI#;#tW%6%&d0a6S|PViMM-fg>0DxDirsaOHCyF>6$hL4XmTr=1ARSLMKe;vL$)aV*v`b8kNfZuq`_|<3wpU~Y=Lz(mKVi95S zXmW|xvB2GPf{z6;Bh2mgP2#A@J8#{0Qi}&uuWr4%`I6JHicxlKP7-3nX$EvyOMOuD zx;}ka_iA@fcA&94Dfz>EY@Oh?Vcic^;f<4^9p=d|PBFf0N-!$;xbK_Wpn7YK4T~qr zX#kEaUKN&`klb>2gUD9doxb=OcLsR1w?r@Ft~*csdA?cRjhjRAFJ0-)b@rSobe*iO znpZdWsru~j;c_q|?`?~7vIt^gdKwg&H>5ZB%KCFZPAeuI`*m!Mch6kE&(~3Ly`uYm z3$4hz-u&v-7wM;R4{f#@4X*u`@-_S`q&Yf4TcSPkESeo-QeUYsA$jj5W%`nzOPZv= zDc@#ye_oqj)kyJ(dxyrKJiynK_%0;Rt=u1zO0K0 zXLdO3rPXK(fwBvgrQYJ5_S`7eEMGl+P3r_o_s=w2F^*|)lu4IBOcu)jAv3_x;c{(& z1L4RqP3f(6>c$?P`f_)HFCLzb@9odsZ|m`NGVaAt=JtiDj5uN3f~3pA^#}H4-a2nd z9qk^pdS?5~MNaKNx@PvDIhEHdb5pz4N0Oz&2WgV_0aU3=qmDC1+nV^5)-sF zO#y*36lh*~B^_2qM^gHEE50jSYlwM-vJ3lECU3%cHv7hhllXlY|pdNnbuhmVGyJjpEanI#nJU_L6OSN58)YY#u-}7B*a9cUTY&zDXoqYB} zvu1N`sI#=ovEy$11#T3VB7AvoXk3q1Ntsc`ar{v`qa39feoNC3w-`&yzM{A(#|%EN zB8i=nImU^4bHGu*nKUmOSt!lxQ0ezK*!@!(gBhR3S{{6E4}R@Dk~&u%{5r%pcm|WE zp%w+QZIJWQ3{To{Hgr35E6C823c^m~(t{f%zr@`<^C)ZNtU=joPHJ@GE@9bc7tNxD z5PJin1>!_i*zD$}zb94HSJ@Zmu+P52Pfv7v zmD1K%<3-BC0wcV-lq3r?1l|CrR}Hj&q!&QHDsK#}ejgso4sH@Eh%fSdcSYDv{^0oO zeFGU4^vJYK6=6o(fnmW5o9i<`p$a1bHBU#cJ~vANIjuz)U(WRrm@`GlqDu^JB-S|G z-yt42vx~~~l#)5dLlYvN<%j5OQS)qK2FAMPP&bxPFY_&Lx$ zLcDH@>giYadE3s6o9#?FuhdAlL!?Q{_cIo1bK9%?*qVJo=Ix`|I5@{|U-t#MtRdT{ zPlzY`CLF99e9{9y1-{wrP~}S@<0xsP8?)tS;pGZtM%xSGLO}81(vPpVj>{LD;Bo_B z$|hB}r8IqMB{y11tl6llEoT%ElW=rGg|nw|R<^q$?V8zUXB11FQ<#P@Lz<*dFw-)U zukTL=Ury1MmOc}j{U8VdvF^Nct3`@PJt!mEUv&@!TGgVI2!36?JD|MKx$-_Q>EwN# z7(wW0lUPz&sB`qW_KnyR{VlnHw={}c4wv~DxK4T9^PIV{`hwAMHGvajJ~cEv?P3P$OTh8TpKfo#UkbN7pK>9qix++6@kHym-ZaFeBYAu`)IS5C&_#MA z%u~6G-(wjq~93>-Ld{kIdfs5^Kvy=R_S*Mhlo2A~!=&1r9v}&FYAE?-> z#xbPv-Z0a(3PR;9MCEDfNp)m z(>K68EYovD((a|%hl{F-3%tQRgZIzOrh`hOH~5)CRzX%sKnBwoELL60vXI9+&NjCJx9ttOOTSX$jN z|G?tK1*s5Tv&qBuM~U*&3VgHQo13SEvhP)h4xl}Ir*tZOz$JQN*6mqS`64-zsNskm ze8A}mh8ZG#8NwBkg12YNXlEZL&H7Ig5cBN8RT9Aq6QzotTIsLuMkJjJ9BYVL`|d`zc-pMn zbg&lM@Q_H1xsq_?w!-x2t->fY${wQk?Yb^bH!EL%?e=bsTaTTkw=f!8Z7)?9oqn;m zq|`R23_>=2P+9#(H#oj~2xKjaE0gy=8Ck!^uc<*}?sc%hDuEYK6aS#t_+`r}APN9O z4VVAmzidZ`6^F*vV*uKUrR}(Yrs5ZIz+$P9pL;C+mdLRHjlnJoiR+16IzMM=f5(y( zZb@XYco3x>7``N!gD;6I;M~UT0HMd?8&|-w(}%+qPb_bi8|`PaI{|$Go8m(^A2`m6u>$pX3u z1V8{bcnTX3WGGuwfCgAT?rgAw50eDe0NdMJfbkagnj{~h%CZ#yqC)&p?!}VKCXfhh z!Y^gE9W5>X(p~^65n%i9ugVME?S4QtZEv6+iyPU4LdQWMUmpecO5&RjEf(QN@wW+cQ}YAo6XRHLVbOG zHGPqqK1>fN9E-(5VF)M!p#fNEu>9$4f}aMRwH5NikK*{#jn2{}a0_&65`Ab;iX#-R z34=nG+WAXw!%Y~$&4d5n#{FBE{YRzgex!%%bNH zs{f0xo-WsLF*i#TGN7`TE~pglKchn>&^>SvKMfMuoxq{8A$tFoKwT)8?No~1(#2vd z=r0W{{`r^W{_p8#aG2D^kwPLu$y73pTZaiqIs7MeNyMKS{})>lQHRK#@O+qma|poL z+-c>1;KpMAfx)cz_oM)5*>DghFwlQrD*TvacM%vEi3E$le!jq3Xf!aZyNd`dLfXI~ zxWK&5eSzseF*F*O_g7#T?p(hdLu&u-i^Tr!i-P~|i$(xyxE1lxD4?$^F*FufFP689 zfnk2@9|nN{R-YAiNNr%e)~c&S&Mm670z+VaYgZe^RXHxV!=eBk_ex9)P${m&u!t3Q zfL;-{G6w(#EX>P&xfp5%hX4$r^?N)N_Ln}hnFK(#$OLMR0iRz~dnj gwUAgcO3wvYgaPd$fyrJR1aJ&eL{ZVm+F0cO0A=JAlK=n! diff --git a/SecurityTests/clxutils/NISCC/TLS_SSL/certDecode/Makefile b/SecurityTests/clxutils/NISCC/TLS_SSL/certDecode/Makefile deleted file mode 100644 index d9a1a16a..00000000 --- a/SecurityTests/clxutils/NISCC/TLS_SSL/certDecode/Makefile +++ /dev/null @@ -1,44 +0,0 @@ -EXECUTABLE=certDecode -# C++ source (with .cpp extension) -CPSOURCE= certDecode.cpp -# C source (.c extension) -CSOURCE= -OFILES = $(CSOURCE:%.c=%.o) $(CPSOURCE:%.cpp=%.o) - -LOCAL_BUILD= $(shell echo $(LOCAL_BUILD_DIR)) - -# -# Executable in build folder -# -BUILT_TARGET= $(LOCAL_BUILD)/$(EXECUTABLE) - -CC=c++ - -FRAMEWORKS= -framework Security -FRAME_SEARCH= -F$(LOCAL_BUILD) -FINCLUDES= -PINCLUDES= -CINCLUDES= $(FINCLUDES) $(PINCLUDES) -WFLAGS= -Wno-four-char-constants -Wno-deprecated-declarations -CFLAGS= -g $(CINCLUDES) $(WFLAGS) $(FRAME_SEARCH) - -# -# This assumes final load with cc, not ld -# -LIBS= -lstdc++ -LIBPATH= -L$(LOCAL_BUILD) -LDFLAGS= $(LIBS) $(LIBPATH) $(FRAME_SEARCH) -lsecurity_cdsa_utils - -first: $(BUILT_TARGET) - -$(BUILT_TARGET): $(OFILES) - cc -o $(BUILT_TARGET) $(OFILES) $(FRAMEWORKS) $(LDFLAGS) - -clean: - rm -f *.o $(BUILT_TARGET) - -.c.o: - $(CC) $(CFLAGS) -c -o $*.o $< - -.cpp.o: - $(CC) $(CFLAGS) -c -o $*.o $< diff --git a/SecurityTests/clxutils/NISCC/TLS_SSL/certDecode/certDecode.cpp b/SecurityTests/clxutils/NISCC/TLS_SSL/certDecode/certDecode.cpp deleted file mode 100644 index 22c80bfc..00000000 --- a/SecurityTests/clxutils/NISCC/TLS_SSL/certDecode/certDecode.cpp +++ /dev/null @@ -1,163 +0,0 @@ -/* - * Attempt to decode either one file, or every file in cwd, - * as a cert. Used to study vulnerability to NISCC cert DOS attacks. - */ -#include -#include -#include -#include -#include -#include -#include -#include - -static void usage(char **argv) -{ - printf("usage: %s [-l(oop))] [certFile]\n", argv[0]); - exit(1); -} - -/* - * Known file names to NOT parse - */ -static const char *skipTheseFiles[] = -{ - /* standard entries */ - ".", - "..", - "CVS", - ".cvsignore", - /* the certs we know crash */ - #if 0 - "00000668", - "00000681", - "00001980", - "00002040", - "00002892", - "00007472", - "00008064", - "00008656", - "00009840", - "00010432", - "00011614", // trouble somewhere in this neighborhood - "00011615", - "00011616", - #endif - NULL -}; - -/* returns false if specified fileName is in skipTheseFiles[] */ -static bool shouldWeParse( - const char *fileName) // C string -{ - for(const char **stf=skipTheseFiles; *stf!=NULL; stf++) { - const char *tf = *stf; - if(!strcmp(fileName, *stf)) { - return false; - } - } - return true; -} - -/* - * Just try to decode - if SecAsn1Decode returns, good 'nuff. - * Returns true if it does (i.e. ignore decode error; we're trying - * to detect a crash when the decoder should return an error). - */ -bool decodeCert( - const void *certData, - size_t certDataLen) -{ - SecAsn1CoderRef coder = NULL; - NSS_Certificate nssCert; - NSS_SignedCertOrCRL certOrCrl; - - SecAsn1CoderCreate(&coder); - - /* first the full decode */ - memset(&nssCert, 0, sizeof(nssCert)); - SecAsn1Decode(coder, certData, certDataLen, kSecAsn1SignedCertTemplate, &nssCert); - - /* now the "just TBS and sig" decode - this is actually harder - * due to nested SEC_ASN1_SAVE ops */ - memset(&certOrCrl, 0, sizeof(NSS_SignedCertOrCRL)); - SecAsn1Decode(coder, certData, certDataLen, kSecAsn1SignedCertOrCRLTemplate, &certOrCrl); - - SecAsn1CoderRelease(coder); - return true; -} - -int main(int argc, char **argv) -{ - bool quiet = false; - unsigned char *certData; - unsigned certDataLen; - bool loop = false; - int filearg = 1; - - if(argc > 3 ) { - usage(argv); - } - if((argc > 1) && (argv[1][0] == '-')) { - switch(argv[1][1]) { - case 'l': - loop = true; - break; - default: - usage(argv); - } - filearg++; - argc--; - } - if(argc == 2) { - /* read & parse one file */ - char *oneFile = argv[filearg]; - if(readFile(oneFile, &certData, &certDataLen)) { - printf("\n***Error reading file %s. Aborting.\n", oneFile); - exit(1); - } - do { - if(!quiet) { - printf("...%s", oneFile); - fflush(stdout); - } - if(!decodeCert(certData, certDataLen)) { - printf("\n***GOT AN EXCEPTION ON %s\n", oneFile); - exit(1); - } - } while(loop); - free(certData); - exit(0); - } - DIR *dir = opendir("."); - if(dir == NULL) { - printf("Huh? Can't open . as a directory.\n"); - exit(1); - } - struct dirent *de = readdir(dir); - while(de != NULL) { - char filename[MAXNAMLEN + 1]; - memmove(filename, de->d_name, de->d_namlen); - filename[de->d_namlen] = '\0'; - if(shouldWeParse(filename)) { - if(!quiet) { - printf("...%s", filename); - fflush(stdout); - } - if(readFile(filename, &certData, &certDataLen)) { - printf("\n***Error reading file %s. Aborting.\n", filename); - exit(1); - } - if(!decodeCert(certData, certDataLen)) { - printf("\n***GOT AN EXCEPTION ON %s\n", filename); - exit(1); - } - free(certData); - } - de = readdir(dir); - } - closedir(dir); - printf("\ncertDecode did not crash.\n"); - return 0; -} - diff --git a/SecurityTests/clxutils/NISCC/TLS_SSL/dmitchNotes b/SecurityTests/clxutils/NISCC/TLS_SSL/dmitchNotes deleted file mode 100644 index 90684381..00000000 --- a/SecurityTests/clxutils/NISCC/TLS_SSL/dmitchNotes +++ /dev/null @@ -1,121 +0,0 @@ -testing the NISCC test cases - --- testing client certs, use good server cert -------- - -1. Set up server KC - - % rm -f ~/Library/Keychains/nisccServer - % certtool i server_crt.pem k=nisccServer r=server_key.pem c - -2. Run server (from testcases dir) - - % sslServer l k=nisccServer P=1300 a rootca.crt u=t - - -- not u=t --> try auth - -3. Run client no auth - - % sv localhost P=1300 H a rootca.crt - - -- note 'H' - disable host name verify since server common name = - "Simple Server" - -4. Set up client keychain - - % rm -f ~/Library/Keychains/nisccClient - % certtool i client_crt.pem k=nisccClient r=client_key.pem c - -5. Run client w/auth - - % sv localhost P=1300 H a rootca.crt k=nisccClient - -6. Bad client - - # just once - % pemtool d client_key.pem client_key.der - # - % rm -f ~/Library/Keychains/nisccClient - % certtool i simple_client/00035377 k=nisccClient r=client_key.der c - % sv localhost P=1300 H k=nisccClient x - - ...note 'x' avoids client checking its own bogus cert, and we don't have to specify - an anchor - - result on client side = errSSLPeerCertUnknown - clientCertState = ClientCertRejected - - result on server side = errSSLXCertChainInvalid - clientCertState = ClientCertRejected - -7. Mods needed to uses these certs - - -- modified dbTool to allow importing a bad cert (via DL/DB, not Sec*) - -- wrote simple client app, clxutils/NISCC/TLS_SSL/nisccSimpleClient - - -- also SecureTransport needs the following mod to ignore bad certs on client side - -=================================================================== -RCS file: /cvs/root/Security/SecureTransport/sslKeychain.cpp,v -retrieving revision 1.5 -diff -u -r1.5 sslKeychain.cpp ---- sslKeychain.cpp 2003/04/25 19:40:18 1.5 -+++ sslKeychain.cpp 2003/11/10 21:20:14 -@@ -174,6 +174,11 @@ - /* FIXME = release keyRef? */ - - /* obtain public key from cert */ -+ /* -+ * FIXME : THIS IS TOTALLY UNNECESSARY WHEN PARSING OUR OWN CERTS, except -+ * for the "separate signing and encryptionj certs" case. For now, to -+ * facilitate NISCC testing, we ignore errors here. -+ */ - ortn = SecCertificateGetCLHandle(certRef, &clHand); - if(ortn) { - sslErrorLog("parseIncomingCerts: SecCertificateGetCLHandle err %d\n", -@@ -183,10 +188,12 @@ - certData.Data = thisSslCert->derCert.data; - certData.Length = thisSslCert->derCert.length; - crtn = CSSM_CL_CertGetKeyInfo(clHand, &certData, pubKey); -+ #if 0 - if(crtn) { - sslErrorLog("parseIncomingCerts: CSSM_CL_CertGetKeyInfo err\n"); - return (OSStatus)crtn; - } -+ #endif - - /* obtain keychain from key, CSP handle from keychain */ - ortn = SecKeychainItemCopyKeychain((SecKeychainItemRef)keyRef, &kcRef); - -........ - -...with this in place cert 00070004 causes anything parsing it to get a seg fault. - -........... - -problems found: - -1. Processing SEC_ASN1_SAVE, the destination item is mallocd once, with the length - of the top-level item to be saved. However data gets added to this item on a - leaf-by-leaf basis so that if the sizes of the leaves adds up to greater than - the stated/mallocd len of the otp-level item, overflow. - - -- verified by disabling the SAVE in TBS_Cert - -- fixed using sec_asn1d_state.dest_alloc_len field to track alloc size in - aggregate items - -.............. - -certs known to crash the Panther Security.framework: - - "00000668", - "00000681", - "00001980", - "00002040", - "00007472", - "00008064", - "00008656", - "00009840", - "00010432", - "00011614", - "00011615", - "00011616", diff --git a/SecurityTests/clxutils/NISCC/TLS_SSL/nisccCertVerify/Makefile b/SecurityTests/clxutils/NISCC/TLS_SSL/nisccCertVerify/Makefile deleted file mode 100644 index 30455ce4..00000000 --- a/SecurityTests/clxutils/NISCC/TLS_SSL/nisccCertVerify/Makefile +++ /dev/null @@ -1,44 +0,0 @@ -EXECUTABLE=nisccCertVerify -# C++ source (with .cpp extension) -CPSOURCE= nisccCertVerify.cpp -# C source (.c extension) -CSOURCE= -OFILES = $(CSOURCE:%.c=%.o) $(CPSOURCE:%.cpp=%.o) - -LOCAL_BUILD= $(shell echo $(LOCAL_BUILD_DIR)) - -# -# Executable in build folder -# -BUILT_TARGET= $(LOCAL_BUILD)/$(EXECUTABLE) - -CC= /usr/bin/cc - -FRAMEWORKS= -framework Security -framework CoreFoundation -FRAME_SEARCH= -F$(LOCAL_BUILD) -FINCLUDES= -PINCLUDES= -CINCLUDES= $(FINCLUDES) $(PINCLUDES) -WFLAGS= -Wno-four-char-constants -Wno-deprecated-declarations -CFLAGS= -g $(CINCLUDES) $(WFLAGS) $(FRAME_SEARCH) - -# -# This assumes final load with cc, not ld -# -LIBS= -lstdc++ -lCdsaUtils -LIBPATH= -L$(LOCAL_BUILD) -LDFLAGS= $(LIBS) $(LIBPATH) $(FRAME_SEARCH) - -first: $(BUILT_TARGET) - -$(BUILT_TARGET): $(OFILES) - cc -o $(BUILT_TARGET) $(FRAMEWORKS) $(OFILES) $(LDFLAGS) - -clean: - rm -f *.o $(BUILT_TARGET) - -.c.o: - $(CC) $(CFLAGS) -c -o $*.o $< - -.cpp.o: - $(CC) $(CFLAGS) -c -o $*.o $< diff --git a/SecurityTests/clxutils/NISCC/TLS_SSL/nisccCertVerify/nisccCertVerify.cpp b/SecurityTests/clxutils/NISCC/TLS_SSL/nisccCertVerify/nisccCertVerify.cpp deleted file mode 100644 index 948cdcf5..00000000 --- a/SecurityTests/clxutils/NISCC/TLS_SSL/nisccCertVerify/nisccCertVerify.cpp +++ /dev/null @@ -1,194 +0,0 @@ -/* - * Attempt to verify either one cert file, or every file in cwd, - * with specified issuer cert. Used to study vulnerability to - * NISCC cert DOS attacks. - */ -#include -#include -#include -#include -#include -#include -#include - -static void usage(char **argv) -{ - printf("usage: %s [-v(erbose)] issuerCertFile [certFile]\n", argv[0]); - exit(1); -} - -/* - * Known file names to NOT parse - */ -static const char *skipTheseFiles[] = -{ - /* standard entries */ - ".", - "..", - "CVS", - ".cvsignore", - NULL -}; - -/* returns false if specified fileName is in skipTheseFiles[] */ -static bool shouldWeParse( - const char *fileName) // C string -{ - for(const char **stf=skipTheseFiles; *stf!=NULL; stf++) { - const char *tf = *stf; - if(!strcmp(fileName, *stf)) { - return false; - } - } - return true; -} - -/* - * Just try to verify. Returns true on any reasonable outcome. - */ -static bool vfyCert( - CSSM_CL_HANDLE clHand, - CSSM_CC_HANDLE ccHand, - const unsigned char *certData, - unsigned certDataLen, - bool verbose) -{ - CSSM_DATA cdata = {certDataLen, (uint8 *)certData}; - CSSM_RETURN crtn; - - crtn = CSSM_CL_CertVerifyWithKey(clHand, ccHand, &cdata); - - /* hard-coded list of acceptable outcomes */ - switch(crtn) { - case CSSM_OK: - if(verbose) { - printf("-ok-"); - } - return true; - case CSSMERR_CL_VERIFICATION_FAILURE: - if(verbose) { - printf("-vfy_fail-"); - } - return true; - case CSSMERR_CL_UNKNOWN_FORMAT: - if(verbose) { - printf("-format-"); - } - return true; - default: - cuPrintError("CSSM_CL_CertVerifyWithKey", crtn); - return false; - } - return true; -} - -int main(int argc, char **argv) -{ - bool quiet = false; - unsigned char *certData; - unsigned certDataLen; - unsigned char *issuerData; - unsigned issuerDataLen; - DIR *dir; - struct dirent *de; - bool verbose = false; - int filearg = 1; - - if((argc < 2 ) || (argc > 4)) { - usage(argv); - } - if(argv[1][0] == '-') { - switch(argv[1][1]) { - case 'v': - verbose = true; - break; - default: - usage(argv); - } - filearg++; - argc--; - } - - CSSM_CSP_HANDLE cspHand = cuCspStartup(CSSM_TRUE); - CSSM_CL_HANDLE clHand = cuClStartup(); - if((cspHand == 0) || (clHand == 0)) { - exit(1); - } - - /* read issuer cert, extract its public key for quick verify */ - char *fn = argv[filearg++]; - if(readFile(fn, &issuerData, &issuerDataLen)) { - printf("\n***Error reading file %s. Aborting.\n", fn); - exit(1); - } - CSSM_DATA issuerCert = {issuerDataLen, issuerData}; - CSSM_KEY_PTR issuerPubKey; - CSSM_RETURN crtn = CSSM_CL_CertGetKeyInfo(clHand, &issuerCert, - &issuerPubKey); - if(crtn) { - cuPrintError("CSSM_CL_CertGetKeyInfo", crtn); - exit(1); - } - - /* a reusable signature context */ - CSSM_CC_HANDLE ccHand; - crtn = CSSM_CSP_CreateSignatureContext(cspHand, - CSSM_ALGID_SHA1WithRSA, - NULL, // AccessCred - issuerPubKey, - &ccHand); - if(crtn) { - cuPrintError("CSSM_CSP_CreateSignatureContext", crtn); - exit(1); - } - - if(argc == 3) { - /* read & parse one file */ - char *fn = argv[filearg++]; - if(!quiet) { - printf("...reading %s\n", fn); - } - if(readFile(fn, &certData, &certDataLen)) { - printf("\n***Error reading file %s. Aborting.\n", fn); - exit(1); - } - if(!vfyCert(clHand, ccHand, certData, certDataLen, verbose)) { - printf("\n***GOT AN EXCEPTION ON %s\n", fn); - exit(1); - } - goto done; - } - dir = opendir("."); - if(dir == NULL) { - printf("Huh? Can't open . as a directory.\n"); - exit(1); - } - de = readdir(dir); - while(de != NULL) { - char filename[MAXNAMLEN + 1]; - memmove(filename, de->d_name, de->d_namlen); - filename[de->d_namlen] = '\0'; - if(shouldWeParse(filename)) { - if(!quiet) { - printf("...%s", filename); - fflush(stdout); - } - if(readFile(filename, &certData, &certDataLen)) { - printf("\n***Error reading file %s. Aborting.\n", filename); - exit(1); - } - if(!vfyCert(clHand, ccHand, certData, certDataLen, verbose)) { - printf("\n***GOT AN EXCEPTION ON %s\n", filename); - exit(1); - } - free(certData); - } - de = readdir(dir); - } - closedir(dir); -done: - printf("\nisccCertVerify did not crash.\n"); - free(issuerData); - return 0; -} - diff --git a/SecurityTests/clxutils/NISCC/TLS_SSL/nisccSimpleClient/Makefile b/SecurityTests/clxutils/NISCC/TLS_SSL/nisccSimpleClient/Makefile deleted file mode 100644 index 91e42f8a..00000000 --- a/SecurityTests/clxutils/NISCC/TLS_SSL/nisccSimpleClient/Makefile +++ /dev/null @@ -1,182 +0,0 @@ -# name of executable to build -EXECUTABLE=nisccSimpleClient -# C++ source (with .cpp extension) -CPSOURCE= nisccSimpleClient.cpp -# C source (.c extension) -CSOURCE= - -# -# Differs from standard clxutils since ../ is not clxutils.... -# -CL_UTIL_DIR=../../../ - -OUR_INCLUDES=-I$(CL_UTIL_DIR)/clAppUtils - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= -framework CoreFoundation -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -#include ../Makefile.cdsa -############################################################################ -# We just include our custom version of Makefile.cdsa intact right here.... -############################################################################ -# -# Common makefile fragment for dmitch's clxutils, nisccSimpleClient variant -# This is -included from project-specific Makefiles, assumed -# to be one directory down from this file. -# -# See Makefile.template for sample project-specific Makefile. -# - -# Defaults for variables provided by buildit -# -# Object files written to '.' unless OBJROOT specified -# -OBJROOT ?= . -SRCROOT ?= . -# -# Executables written to SYMROOT if specified, else to LOCAL_BUILD_DIR -# env var if specified, else to '.'. -# -SYMROOT ?= $(shell echo $(LOCAL_BUILD_DIR)) -LOCAL_BUILD=$(SYMROOT) -ifeq "" "$(LOCAL_BUILD)" - LOCAL_BUILD = . -endif - -# independent of SYMROOT -CLEAN_DIR=$(shell echo $(LOCAL_BUILD_DIR)) -ifeq "" "$(CLEAN_DIR)" - CLEAN_DIR = . -endif - -# -# DSTROOT only used for install -$ -DSTROOT ?= "" - -INSTALLDIR := $(DSTROOT)/usr/local/bin - -CLAPP_UTILS= ../../.. -UTIL_LIB_SRC= ../../../clAppUtils - -OFILES= $(CSOURCE:%.c=$(OBJROOT)/%.o) $(CPSOURCE:%.cpp=$(OBJROOT)/%.o) - -# -# Assume final load with cc, not ld -# -STD_LIBS=-lclutils -lcsputils -STD_LIBPATH= -L$(LOCAL_BUILD) $(UTILLIB_PATH) -L$(UTIL_LIB_SRC) -ALL_LIBS= $(STD_LIBS) $(PROJ_LIBS) -ALL_LIBPATHS= $(STD_LIBPATH) $(PROJ_LIBPATH) -PRIV_FRAMEWORK_PATH= /System/Library/PrivateFrameworks - -# -# Override this from the make command line to add e.g. -lMallocDebug -# -CMDLINE_LDFLAGS= - -ALL_LDFLAGS= $(CMDLINE_LDFLAGS) $(ALL_LIBS) $(ALL_LIBPATHS) $(PROJ_LDFLAGS) \ - -F$(LOCAL_BUILD) -F$(PRIV_FRAMEWORK_PATH) - -CC=c++ - -STD_FRAMEWORKS= -framework Security -framework CoreFoundation -framework security_cdsa_utils -ALL_FRAMEWORKS= $(STD_FRAMEWORKS) $(PROJ_FRAMEWORKS) - -# -# to get to headers in frameworks -# -STD_FINCLUDES= -F$(LOCAL_BUILD) -F$(PRIV_FRAMEWORK_PATH) -# -# the common headers for csputils -# -STD_INCLUDES= -I$(CLAPP_UTILS) $(UTILLIB_HDRS) -F$(PRIV_FRAMEWORK_PATH) -ALL_INCLUDES= $(STD_INCLUDES) $(PROJ_INCLUDES) -CINCLUDES= $(STD_FINCLUDES) $(ALL_INCLUDES) - -###WFLAGS= -Wno-four-char-constants -Wall -Werror -Wno-format -WFLAGS= -Wno-four-char-constants -Wall -Wno-format -Wno-deprecated-declarations - -STD_CFLAGS= -g $(VERBOSE) -DEBUG_CFLAGS= - -ALL_CFLAGS= $(CINCLUDES) $(STD_CFLAGS) $(PROJ_CFLAGS) $(WFLAGS) $(DEBUG_CFLAGS) - -# -# Executable in build folder -# -BUILT_TARGET= $(LOCAL_BUILD)/$(EXECUTABLE) - -first: UTIL_LIB $(PROJ_DEPENDS) $(BUILT_TARGET) - -build: first - -install: build - install -d -m 0755 $(INSTALLDIR) - install -p -m 0755 $(BUILT_TARGET) $(INSTALLDIR) - -installhdrs: - -# -# Executable might be in . if no LOCAL_BUILD_DIR specified -# -clean: - rm -f $(BUILT_TARGET) $(EXECUTABLE) - cd $(SRCROOT); rm -f $(OFILES) *.o - cd $(LOCAL_BUILD); rm -f $(EXECUTABLE) $(OTHER_TO_CLEAN) - rm -f $(CLEAN_DIR)/$(EXECUTABLE) - -UTIL_LIB: - (cd $(UTIL_LIB_SRC); make) - -$(BUILT_TARGET): $(OFILES) - $(CC) -o $(BUILT_TARGET) $(ALL_FRAMEWORKS) $^ $(ALL_LDFLAGS) - -$(OBJROOT)/%.o: %.c - $(CC) $(ALL_CFLAGS) -c -o $(OBJROOT)/$*.o $< - -$(OBJROOT)/%.o: %.cpp - $(CC) $(ALL_CFLAGS) -c -o $(OBJROOT)/$*.o $< - diff --git a/SecurityTests/clxutils/NISCC/TLS_SSL/nisccSimpleClient/nisccSimpleClient.cpp b/SecurityTests/clxutils/NISCC/TLS_SSL/nisccSimpleClient/nisccSimpleClient.cpp deleted file mode 100644 index 19c44cbb..00000000 --- a/SecurityTests/clxutils/NISCC/TLS_SSL/nisccSimpleClient/nisccSimpleClient.cpp +++ /dev/null @@ -1,177 +0,0 @@ -/* - * nisccSimpleClient.cpp - just do one SSL client session expecting - * errSSLPeerCertUnknown and ClientCertRejected - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -/* skip certs larger than this - ST can't fragment protocol msgs (yet) */ -#define MAX_CERT_SIZE 16000 - -static void usage(char **argv) -{ - printf("Usage: %s hostname port keychain [q(uiet)]\n", argv[0]); - exit(1); -} - -#define IGNORE_SIGPIPE 1 -#if IGNORE_SIGPIPE -#include - -void sigpipe(int sig) -{ -} -#endif /* IGNORE_SIGPIPE */ - -SslAppTestParams clientDefaults = -{ - NULL, // hostName - user-provided - true, // skipHostNameCHeck - 0, // port - user-provided - NULL, NULL, // RingBuffers - false, // noProtSpec - kTLSProtocol1, - NULL, // acceptedProts - not used in this test - NULL, // myCerts - user-provided - NULL, // password - same as myCerts - false, // idIsTrustedRoot - true, // disableCertVerify - SPECIAL FOR THIS TEST - NULL, // anchorFile - not needed - right? - false, // replaceAnchors - kAlwaysAuthenticate, - false, // resumeEnable - NULL, // ciphers - false, // nonBlocking - NULL, // dhParams - 0, // dhParamsLen - errSSLPeerCertUnknown, // expectRtn - kTLSProtocol1, // expectVersion - kSSLClientCertRejected, - SSL_CIPHER_IGNORE, - false, // quiet - user-provided - false, // silent - false, // verbose - NULL, // lock - 0, // clientDone - false, // serverAbort - /* returned */ - kSSLProtocolUnknown, - SSL_NULL_WITH_NULL_NULL, - kSSLClientCertNone, - noHardwareErr - -}; - -static void testStartBanner( - char *testName, - int argc, - char **argv) -{ - printf("Starting %s; args: ", testName); - for(int i=1; i(errStr.c_str()); -} - - -int main(int argc, char **argv) -{ - int ourRtn = 0; - char *argp; - int errCount = 0; - - if(argc < 4) { - usage(argv); - } - - /* required args */ - clientDefaults.hostName = argv[1]; - clientDefaults.password = argv[1]; - clientDefaults.port = atoi(argv[2]); - clientDefaults.myCertKcName = argv[3]; - - /* optional args */ - for(int arg=4; arg /dev/null || exit(1) -foreach cert ( * ) - echo cert $cert... - skipThisNisccCert $cert - if($status == 1) then - echo "=skip=" - else - dbTool $FULL_CLIENT_KC D R - dbTool $FULL_CLIENT_KC i c=$cert k=../$CLIENT_KEY || exit(1) - nisccSimpleClient localhost $argv[1] $CLIENT_KC || exit(1) - endif -end -echo ===== NISCC SSL Test SUCCESS ===== - diff --git a/SecurityTests/clxutils/NISCC/TLS_SSL/skipThisNisccCert/Makefile b/SecurityTests/clxutils/NISCC/TLS_SSL/skipThisNisccCert/Makefile deleted file mode 100644 index e4bd046a..00000000 --- a/SecurityTests/clxutils/NISCC/TLS_SSL/skipThisNisccCert/Makefile +++ /dev/null @@ -1,44 +0,0 @@ -EXECUTABLE=skipThisNisccCert -# C++ source (with .cpp extension) -CPSOURCE= skipThisNisccCert.cpp -# C source (.c extension) -CSOURCE= -OFILES = $(CSOURCE:%.c=%.o) $(CPSOURCE:%.cpp=%.o) - -LOCAL_BUILD= $(shell echo $(LOCAL_BUILD_DIR)) - -# -# Executable in build folder -# -BUILT_TARGET= $(LOCAL_BUILD)/$(EXECUTABLE) - -CC= /usr/bin/cc - -FRAMEWORKS= -FRAME_SEARCH= -F$(LOCAL_BUILD) -FINCLUDES= -PINCLUDES= -CINCLUDES= $(FINCLUDES) $(PINCLUDES) -WFLAGS= -Wno-four-char-constants -Wno-deprecated-declarations -CFLAGS= -g $(CINCLUDES) $(WFLAGS) $(FRAME_SEARCH) - -# -# This assumes final load with cc, not ld -# -LIBS= -lstdc++ -lCdsaUtils -lnssasn1 -LIBPATH= -L$(LOCAL_BUILD) -LDFLAGS= $(LIBS) $(LIBPATH) $(FRAME_SEARCH) - -first: $(BUILT_TARGET) - -$(BUILT_TARGET): $(OFILES) - cc -o $(BUILT_TARGET) $(FRAMEWORKS) $(OFILES) $(LDFLAGS) - -clean: - rm -f *.o $(BUILT_TARGET) - -.c.o: - $(CC) $(CFLAGS) -c -o $*.o $< - -.cpp.o: - $(CC) $(CFLAGS) -c -o $*.o $< diff --git a/SecurityTests/clxutils/NISCC/TLS_SSL/skipThisNisccCert/skipThisNisccCert.cpp b/SecurityTests/clxutils/NISCC/TLS_SSL/skipThisNisccCert/skipThisNisccCert.cpp deleted file mode 100644 index 6e01e3a7..00000000 --- a/SecurityTests/clxutils/NISCC/TLS_SSL/skipThisNisccCert/skipThisNisccCert.cpp +++ /dev/null @@ -1,104 +0,0 @@ -/* - * skipThisNisccCert.cpp - decide whether to use specified NISCC cert - * in SSL client tests. - */ -#include -#include -#include -#include -#include -#include -#include -#include - -/* - * Currently, SecureTransport does not fragment protocol messages - * into record-size chunks. Max record size is 16K so our max cert - * size is a little less than that. - */ -#define MAX_CERT_SIZE (16 * 1024) - -static void usage(char **argv) -{ - printf("usage: %s file\n", argv[0]); - exit(1); -} - -/* - * Known file names to NOT parse - */ -static const char *skipTheseFiles[] = -{ - /* standard entries */ - ".", - "..", - "CVS", - /* the certs we know seem to be fine */ - #if 0 - /* handled OK by the client now */ - "00000023", - "00000098", - "00000116", - "00000117", - #endif - /* certs with undiagnosed problems */ - NULL -}; - -/* returns true if specified fileName is in skipTheseFiles[] */ -static bool shouldWeSkip( - const char *fullPath) // C string -{ - /* strip off leading path components */ - const char *lastSlash = NULL; - const char *cp; - for(cp=fullPath; *cp!=NULL; cp++) { - if(*cp == '/') { - lastSlash = cp; - } - } - if(lastSlash == NULL) { - /* no slashes, use full caller-specified filename */ - cp = fullPath; - } - else { - /* start one char after last '/' */ - cp++; - } - char fileName[MAXPATHLEN]; - strcpy(fileName, cp); - - for(const char **stf=skipTheseFiles; *stf!=NULL; stf++) { - const char *tf = *stf; - if(!strcmp(fileName, *stf)) { - return true; - } - } - return false; -} - -int main(int argc, char **argv) -{ - if(argc != 2 ) { - usage(argv); - } - - /* in hard-coded list of files to skip? */ - const char *filename = argv[1]; - if(shouldWeSkip(filename)) { - exit(1); - } - - /* file size too big? */ - struct stat sb; - if(stat(filename, &sb)) { - perror(filename); - exit(2); - } - if(sb.st_size > MAX_CERT_SIZE) { - exit(1); - } - - exit(0); -} - diff --git a/SecurityTests/clxutils/NISCC/TLS_SSL/testcases/client.crt b/SecurityTests/clxutils/NISCC/TLS_SSL/testcases/client.crt deleted file mode 100755 index adff3a42ae007432ee3bc521bb6015bf0d181f7f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 509 zcmXqLV*F{)#F)gy$Yj9F#;Mij(e|B}k&%^^!NAv$+klgeIh2J>n91GAP|iRG#NiSa z4bIFh$VpWQ%Fi!Ra4ap!$S=w)sf5Wh42ly=sQy5>xaI#=c=w9Y*wx~25s0?tWdJ01o|{95||AyZjp^}%^k zEOXeG?mG6yd&dp7&Oci(U9&RpSa~UI-!8G`%ySw#CY@@X+jV8{yy)F}(Q~+*GbMgK zv|N?qmUDIA+0Vh+#p2HmBt@5OW@2V!U_^EvFnF1P?s7ZE!22>hbQ zw>65d6>9H#IQhx{lTkOqY(j4p=NYp7VO#e)&Plg#rFE)P^VB8lr~ls<(4bws`S=V28sN&($+dRh^f+6zPc8t z1Dt?}lFEghiqyTHTe~h>oC-r}82aHks$@oN)xOR1Q!8^9=P(%+q_YA80RRC4fq?+A zf(G%R*AaPoB(_C0P*-Mh(^MtW9S4L;jP?rB9n+A|B>hC(ZFQ(DXW0;78II+xP@Dar(@2`r{I82D%8`(%=`8hU^gV+RN zXAU;dvPTuc!iTzoZskgv$lG0OqNbkhWak`($vAt13aa)>^+5tb0PaCp9q1vmzr>RS z#fJSUuFh+ySm!jof1?XA%Is>b-$bEz?H6woZG;!E)wvcziV4x$%8u6|EW|q^AJG8V z^8!Hthk8j)rgcvG6=iOg>6D29tRJURw3iNhRtNGiAy_Gu?iwt6=mP18J6@btS6VRB zI+m3N71}3}j$$Mdg(lwt0zg^&^ZVDJV)GiCEJ7|RkA$WXqZ4qyN|M@9a17)frfrNUmpfu{Hq v*^1o%kc)lkrn3+srv)y=_x7;=UbGOFE!OL-4TxJWf+Ci6rNB!kSND(ED diff --git a/SecurityTests/clxutils/NISCC/TLS_SSL/testcases/client_key.pem b/SecurityTests/clxutils/NISCC/TLS_SSL/testcases/client_key.pem deleted file mode 100755 index da6c77da..00000000 --- a/SecurityTests/clxutils/NISCC/TLS_SSL/testcases/client_key.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDnT63C7VFJW3QC1Q3G6AYaH7iHXRsMZIcFsS03AqKJqW9ghZ3C -FbR1waAJkha44VAY+qX/4QJ2eXvBnhoEnAelusbsS7jYBon8tdLWOjeIqdJWvroW -pwOcgIiSyoWditS9nlu7LlucCkNpGPrhOapkRmzVvs3zUytzF+cwGRWkswIDAQAB -AoGBALGCBvGg1xF5eiS2RTVQV2Zy01Ql0h0HhEqM9grSHdOQ0CT9RNxtdagsZ9kQ -YBmO5r3Uk9EyZoZuodcqsgK5jm9dvS3qS8DEp/M7ubfpXhYya8x/u24W7kiRaBO9 -9ucoo90IwndRcia8D3gat6Y2ssHyjgSpndJZI0jC4fTg+AiBAkEA+InwEcUm76+K -0ThMiN4b2Uhi+Tk2j4PYBGFnDjbQskcVwcKHuoJu5UqayNtda6Kmnu1k5xyFyTh7 -gwqq9kr1QQJBAO5BWB3oIbO/xJMExYb9Ka7Oa6hY5zS9f6MLMcrsaq3fRKF37Rdv -E22EF6/VuRZCignR2sqO1yEsxDsiH9EA2PMCQQCHeklOpnVO+hVlbpbplIkBrB+n -UrSXDntWB/IxIVgple4aLHvoAumIO16cVldaMNM6lpUGFdonkY5iJBKFJt8BAkBZ -+/P716Bi8xqbLEIuKY+EphGjE3C/SpLaUXAM5B2mbZzOHy08nIcJ5cnMbzvoXFkm -PEwWFLzLmszCSLEbjuZhAkBUBdK70dVRqHhcxKnOTM+dgab4E9mK3P+Qi33pprMQ -IacFLsT39rEyOsgsmXO3xsbBy3FaXGYLsNpBl4FH/eVG ------END RSA PRIVATE KEY----- diff --git a/SecurityTests/clxutils/NISCC/TLS_SSL/testcases/readme.txt b/SecurityTests/clxutils/NISCC/TLS_SSL/testcases/readme.txt deleted file mode 100755 index 3db83b45..00000000 --- a/SecurityTests/clxutils/NISCC/TLS_SSL/testcases/readme.txt +++ /dev/null @@ -1,46 +0,0 @@ -readme.txt This file. - -client.crt Binary DER certificate signed by the private key of rootca. -client_crt.pem PEM form of client.crt -client_key.pem PEM form of the private key corresponding to client.crt -simple_client.tar.gz Variations of client.crt in binary ~DER format. - Variations occur across the entire certificate. - 00000001-00106160 - tar file size: ~846M - tar.gz file size: ~10M -resigned_client.tar.gz Variations of client.crt in binary ~DER format. - Variations occur across the toBeSigned part of the certificate. - The signature block has been recreated. - 00000000-00099981 - tar file size: ~788M - tar.gz file size: ~22M - -server.crt Binary DER certificate signed by the private key of rootca. -server_crt.pem PEM form of server.crt -server_key.pem PEM form of the private key corresponding to server.crt -simple_server.tar.gz Variations of server.crt in binary ~DER format. - Variations occur across the entire certificate. - 00000001-00106167 - tar file size: ~844M - tar.gz file size: ~10M -resigned_server.tar.gz Variations of server.crt in binary ~DER format. - Variations occur across the toBeSigned part of the certificate. - The signature block has been recreated. - 00000000-00100068 - tar file size: ~789M - tar.gz file size: ~22M - -rootca.crt Binary Self-signed DER certificate. -rootca_crt.pem PEM form of rootca.crt -rootca_key.pem PEM form of the private key corresponding to rootca.crt -simple_rootca.tar.gz Variations of rootca.crt in binary ~DER format. - Variations occur across the entire certificate. - 00000001-00106190 - tar file size: ~862M - tar.gz file size: ~10M -resigned_rootca.tar.gz Variations of rootca.crt in binary ~DER format. - Variations occur across the toBeSigned part of the certificate. - The signature block has been recreated. - 00000000-00099959 - tar file size: ~806M - tar.gz file size: ~22M diff --git a/SecurityTests/clxutils/NISCC/TLS_SSL/testcases/rootca.crt b/SecurityTests/clxutils/NISCC/TLS_SSL/testcases/rootca.crt deleted file mode 100755 index d12da5ba97f1fed27af39eefaf28c50f9d09ee92..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 525 zcmXqLV&XJtVk}}}WH8`m!|uIF^=VQtPISJy$lA8olK3549gds=v~71X!eYioRdtyBwuHbZFwfU+dwSfe{b>Ev$M~} z7p$_F!}U@5lSg}~bIrGVx}9b_m0PCf$Dcp4R&m{(1FP&KSaYwiDoK6~IT+1&a_aVN z8NwysUt1n;W`4%0G23!S*vv|{wb5s`xiu#Xl`VSf%%S%vaDC?)ukS|5JnYt=nV1*hGgA932U zy=C`jiPmM@9=k6-mwzB4&M7k3vg+ywxzal^a- diff --git a/SecurityTests/clxutils/NISCC/TLS_SSL/testcases/rootca_crt.pem b/SecurityTests/clxutils/NISCC/TLS_SSL/testcases/rootca_crt.pem deleted file mode 100755 index 620f07e8..00000000 --- a/SecurityTests/clxutils/NISCC/TLS_SSL/testcases/rootca_crt.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICCTCCAXICAQAwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCR0IxHjAcBgNV -BAoTFVNpbXBsZSBSb290IEF1dGhvcml0eTEeMBwGA1UEAxMVU2ltcGxlIFJvb3Qg -QXV0aG9yaXR5MB4XDTAyMTExODE3Mzc0MloXDTA3MTExODE3Mzc0MlowTTELMAkG -A1UEBhMCR0IxHjAcBgNVBAoTFVNpbXBsZSBSb290IEF1dGhvcml0eTEeMBwGA1UE -AxMVU2ltcGxlIFJvb3QgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB -iQKBgQCnoMiNpA7im5ipCZI19GPXB12E5h27MBZQ/41z9c2bzV9wqjicCvEj8kiH -VUN89t4tiTa5I4SVb1/PxK0hrtzAqj9YBW3UBSIZ9VTBWwHJlbe2aBN09+s5x4MD -5gkomzm4Vpl5Bq1bzLZGg2MSdqLtQwgu4lGvicxK9zJjDAc78wIDAQABMA0GCSqG -SIb3DQEBBQUAA4GBAHX3Wl7HEGjAj4ooSeqG9kcn8aWR0GrT+3sL/UL+khKfJ66c -Qh/EQrS3hLvzGIWmC0i70ecf4pLjte52xFWDicEt5EAOCduoy8iHxyS0xrGCNP8I -YBVOt+bEgT0U9bbWw09uHkol2a+UMJSm1oc+yD/F8sN2Smw7YtCvC+jdo6G6 ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/NISCC/TLS_SSL/testcases/rootca_key.pem b/SecurityTests/clxutils/NISCC/TLS_SSL/testcases/rootca_key.pem deleted file mode 100755 index cd96d750..00000000 --- a/SecurityTests/clxutils/NISCC/TLS_SSL/testcases/rootca_key.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQCnoMiNpA7im5ipCZI19GPXB12E5h27MBZQ/41z9c2bzV9wqjic -CvEj8kiHVUN89t4tiTa5I4SVb1/PxK0hrtzAqj9YBW3UBSIZ9VTBWwHJlbe2aBN0 -9+s5x4MD5gkomzm4Vpl5Bq1bzLZGg2MSdqLtQwgu4lGvicxK9zJjDAc78wIDAQAB -AoGACVVRdVl6HrHtKRRIWMq3uGRHl7u8UgzWYUIpXRiFjzQ7KSnBJycQ0CCQW0Cr -Fk0kh8KJEnvgyPU/j3Dy9tomnliJLpyAJ7EX8PcTTXu0pM0V2bzcDmdObjOuAvnA -JxuZLVl9f5LZDtHpDG0vVyE7dlMqElVGg36xMLo5lAdk6VkCQQDUHg2KBzCCvyOu -IDd+VRVItZR3zERDvfn9G14gO3mc2wp/RpDnpRkNWySa9KF2+4UdrND6qL+HZ0yb -B9DC+8yFAkEAyk6ICAKnEeG67MFNhu9RMGi2nrNsPbHPCrkfgqerOQActhSagRD7 -wGrk2wxFUkGkJ9rORVRGbWehTcNIn40sFwJAUpkhTI5gJYmoqzWAZoFbOGT822l/ -a6GepyDxFjwSrzHcdJNV+d4gU0MajfyUo3Bt9ZBGEFWFv4RKIFR6xnKmwQJBAIsF -pF081WpoYHfJ7mjHlFdb3gL48W0D/28zAABdEEC/XvuQ9Qu0jAwSaOpOaGS6TwBE -UHM8EpmkGSjDBej+rkkCQQCIRY00RWB6jDPKs5NnapFnttINsU9RFabijSguAdw9 -5HSRMe5PSFj0KJAuDeCRm9t83g6cEbBk3u9NyPYMks1U ------END RSA PRIVATE KEY----- diff --git a/SecurityTests/clxutils/NISCC/TLS_SSL/testcases/server.crt b/SecurityTests/clxutils/NISCC/TLS_SSL/testcases/server.crt deleted file mode 100755 index f171d3a4fec32c993b55b6e968544f6967ad4843..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 509 zcmXqLV*F{)#F)gy$Y{XJ#;Mij(e|B}k&%^^!NAv$+klgeIh2J>n91GAP|iRG#NiSa z4bIFh$VpWQ%Fi!Ra4ap!$S=w)sf5WhCw^WO_jHr)cy7^(yF*38_`#LUQm9=yyzcNsXBB)xb%U-9lw8xMw8t{K z#Ik$(+{(9NUOtI-@Yr~H^}%0RsTsW=)^PS&=|&q#MjTjO<)y0o9RT@6xa 0 ) - switch ( "$argv[1]" ) - case q: - set QUIET = 1 - shift - breaksw - default: - echo Usage: anchorSourceTest directory - exit(1) - endsw -end - -# -# binaries we need -# -set CERTCRL=$BUILD_DIR/certcrl -set CERTS_FROM_DB=$BUILD_DIR/certsFromDb -foreach targ ($CERTCRL $CERTS_FROM_DB) - if(! -e $targ) then - echo === $targ is missing. Try building clxutil. - exit(1) - endif -end - -echo starting anchorSourceTest -# -# certcrl args: -# -# -c cert to eval -# -C use this as an anchor -# -a allow certs unverified by CRLs -# -f leaf cert is a CA -# -L silent -# -set TEST_FAILED=0 - -cd $CERTS_DIR -foreach certFile (*) - if ( ( -f "$certFile" ) && ( "$certFile" != X509Anchors) ) then - if($QUIET == 0) then - echo testing $certFile.... - endif -# $CERTCRL -c "$certFile" -C "$certFile" -a -f -L -T 20071217154316 - $CERTCRL -c "$certFile" -C "$certFile" -a -f -L - if($status != 0) then - echo "++++++++ Verification error on $certFile" - $CERTCRL -c "$certFile" -C "$certFile" -a -f -v - set TEST_FAILED=1 - endif - endif -end - -if($TEST_FAILED == 1) then - echo "anchorSourceTest FAILED" - exit(1) -endif - -if($QUIET == 0) then - echo "...anchorSourceTest complete" -endif diff --git a/SecurityTests/clxutils/anchorTest/anchorTest.cpp b/SecurityTests/clxutils/anchorTest/anchorTest.cpp deleted file mode 100644 index 8a3bde3e..00000000 --- a/SecurityTests/clxutils/anchorTest/anchorTest.cpp +++ /dev/null @@ -1,1125 +0,0 @@ -/* - * anchorTest.cpp - test cert encode/decode using known good system - * anchors - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define ENC_TBS_BLOB "encodedTbs.der" -#define DEC_TBS_BLOB "decodedTbs.der" - -static void usage(char **argv) -{ - printf("Usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" w -- writeBlobs\n"); - printf(" e -- allow expired roots\n"); - printf(" t -- use Trust Settings\n"); - printf(" q -- quiet\n"); - printf(" v -- verbose\n"); - exit(1); -} - -/* - * Certs for which we skip the "compare TBS blob" test, enumerated by - * DER-encoded issuer name. - * - * Get this formatted data from the extractCertFields program. - * - * All of these have non-standard KeyUsage encoding (legal but it's - * not the same as ours or everyone else's). - */ -/* - Country : HU - Locality : Budapest - Org : NetLock Halozatbiztonsagi Kft. - OrgUnit : Tanusitvanykiadok - Common Name : NetLock Expressz (Class C) Tanusitvanykiado - */ -static const uint8 anchor_46_derIssuer_bytes[] = { - 0x30, 0x81, 0x9b, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x48, 0x55, - 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, - 0x07, 0x13, 0x08, 0x42, 0x75, 0x64, 0x61, 0x70, - 0x65, 0x73, 0x74, 0x31, 0x27, 0x30, 0x25, 0x06, - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x1e, 0x4e, 0x65, - 0x74, 0x4c, 0x6f, 0x63, 0x6b, 0x20, 0x48, 0x61, - 0x6c, 0x6f, 0x7a, 0x61, 0x74, 0x62, 0x69, 0x7a, - 0x74, 0x6f, 0x6e, 0x73, 0x61, 0x67, 0x69, 0x20, - 0x4b, 0x66, 0x74, 0x2e, 0x31, 0x1a, 0x30, 0x18, - 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x11, 0x54, - 0x61, 0x6e, 0x75, 0x73, 0x69, 0x74, 0x76, 0x61, - 0x6e, 0x79, 0x6b, 0x69, 0x61, 0x64, 0x6f, 0x6b, - 0x31, 0x34, 0x30, 0x32, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x2b, 0x4e, 0x65, 0x74, 0x4c, 0x6f, - 0x63, 0x6b, 0x20, 0x45, 0x78, 0x70, 0x72, 0x65, - 0x73, 0x73, 0x7a, 0x20, 0x28, 0x43, 0x6c, 0x61, - 0x73, 0x73, 0x20, 0x43, 0x29, 0x20, 0x54, 0x61, - 0x6e, 0x75, 0x73, 0x69, 0x74, 0x76, 0x61, 0x6e, - 0x79, 0x6b, 0x69, 0x61, 0x64, 0x6f -}; -static const CSSM_DATA anchor_46_derIssuer = { 158, (uint8 *)anchor_46_derIssuer_bytes }; - -/* - Country : HU - State : Hungary - Locality : Budapest - Org : NetLock Halozatbiztonsagi Kft. - OrgUnit : Tanusitvanykiadok - Common Name : NetLock Kozjegyzoi (Class A) Tanusitvanykiado -*/ -static const uint8 anchor_53_derIssuer_bytes[] = { - 0x30, 0x81, 0xaf, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x48, 0x55, - 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, - 0x08, 0x13, 0x07, 0x48, 0x75, 0x6e, 0x67, 0x61, - 0x72, 0x79, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, - 0x55, 0x04, 0x07, 0x13, 0x08, 0x42, 0x75, 0x64, - 0x61, 0x70, 0x65, 0x73, 0x74, 0x31, 0x27, 0x30, - 0x25, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x1e, - 0x4e, 0x65, 0x74, 0x4c, 0x6f, 0x63, 0x6b, 0x20, - 0x48, 0x61, 0x6c, 0x6f, 0x7a, 0x61, 0x74, 0x62, - 0x69, 0x7a, 0x74, 0x6f, 0x6e, 0x73, 0x61, 0x67, - 0x69, 0x20, 0x4b, 0x66, 0x74, 0x2e, 0x31, 0x1a, - 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x11, 0x54, 0x61, 0x6e, 0x75, 0x73, 0x69, 0x74, - 0x76, 0x61, 0x6e, 0x79, 0x6b, 0x69, 0x61, 0x64, - 0x6f, 0x6b, 0x31, 0x36, 0x30, 0x34, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x2d, 0x4e, 0x65, 0x74, - 0x4c, 0x6f, 0x63, 0x6b, 0x20, 0x4b, 0x6f, 0x7a, - 0x6a, 0x65, 0x67, 0x79, 0x7a, 0x6f, 0x69, 0x20, - 0x28, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x41, - 0x29, 0x20, 0x54, 0x61, 0x6e, 0x75, 0x73, 0x69, - 0x74, 0x76, 0x61, 0x6e, 0x79, 0x6b, 0x69, 0x61, - 0x64, 0x6f -}; -static const CSSM_DATA anchor_53_derIssuer = { 178, (uint8 *)anchor_53_derIssuer_bytes }; - -/* - Country : HU - Locality : Budapest - Org : NetLock Halozatbiztonsagi Kft. - OrgUnit : Tanusitvanykiadok - Common Name : NetLock Uzleti (Class B) Tanusitvanykiado -*/ -static const uint8 anchor_60_derIssuer_bytes[] = { - 0x30, 0x81, 0x99, 0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x48, 0x55, - 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, - 0x07, 0x13, 0x08, 0x42, 0x75, 0x64, 0x61, 0x70, - 0x65, 0x73, 0x74, 0x31, 0x27, 0x30, 0x25, 0x06, - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x1e, 0x4e, 0x65, - 0x74, 0x4c, 0x6f, 0x63, 0x6b, 0x20, 0x48, 0x61, - 0x6c, 0x6f, 0x7a, 0x61, 0x74, 0x62, 0x69, 0x7a, - 0x74, 0x6f, 0x6e, 0x73, 0x61, 0x67, 0x69, 0x20, - 0x4b, 0x66, 0x74, 0x2e, 0x31, 0x1a, 0x30, 0x18, - 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x11, 0x54, - 0x61, 0x6e, 0x75, 0x73, 0x69, 0x74, 0x76, 0x61, - 0x6e, 0x79, 0x6b, 0x69, 0x61, 0x64, 0x6f, 0x6b, - 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, - 0x03, 0x13, 0x29, 0x4e, 0x65, 0x74, 0x4c, 0x6f, - 0x63, 0x6b, 0x20, 0x55, 0x7a, 0x6c, 0x65, 0x74, - 0x69, 0x20, 0x28, 0x43, 0x6c, 0x61, 0x73, 0x73, - 0x20, 0x42, 0x29, 0x20, 0x54, 0x61, 0x6e, 0x75, - 0x73, 0x69, 0x74, 0x76, 0x61, 0x6e, 0x79, 0x6b, - 0x69, 0x61, 0x64, 0x6f -}; -static const CSSM_DATA anchor_60_derIssuer = { 156, (uint8 *)anchor_60_derIssuer_bytes }; - -/* - Country : TR - Locality : Ankara - Org : (c) 2005 TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. - Common Name : TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı - Serial Number : 01 - Not Before : 10:27:17 May 13, 2005 - Not After : 10:27:17 Mar 22, 2015 -*/ -static const uint8 turk1_derIssuer_bytes[] = { - 0x30, 0x81, 0xb7, 0x31, 0x3f, 0x30, 0x3d, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x0c, 0x36, 0x54, 0xc3, - 0x9c, 0x52, 0x4b, 0x54, 0x52, 0x55, 0x53, 0x54, - 0x20, 0x45, 0x6c, 0x65, 0x6b, 0x74, 0x72, 0x6f, - 0x6e, 0x69, 0x6b, 0x20, 0x53, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x6b, 0x61, 0x20, 0x48, 0x69, - 0x7a, 0x6d, 0x65, 0x74, 0x20, 0x53, 0x61, 0xc4, - 0x9f, 0x6c, 0x61, 0x79, 0xc4, 0xb1, 0x63, 0xc4, - 0xb1, 0x73, 0xc4, 0xb1, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x0c, 0x02, 0x54, - 0x52, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, - 0x04, 0x07, 0x0c, 0x06, 0x41, 0x4e, 0x4b, 0x41, - 0x52, 0x41, 0x31, 0x56, 0x30, 0x54, 0x06, 0x03, - 0x55, 0x04, 0x0a, 0x0c, 0x4d, 0x28, 0x63, 0x29, - 0x20, 0x32, 0x30, 0x30, 0x35, 0x20, 0x54, 0xc3, - 0x9c, 0x52, 0x4b, 0x54, 0x52, 0x55, 0x53, 0x54, - 0x20, 0x42, 0x69, 0x6c, 0x67, 0x69, 0x20, 0xc4, - 0xb0, 0x6c, 0x65, 0x74, 0x69, 0xc5, 0x9f, 0x69, - 0x6d, 0x20, 0x76, 0x65, 0x20, 0x42, 0x69, 0x6c, - 0x69, 0xc5, 0x9f, 0x69, 0x6d, 0x20, 0x47, 0xc3, - 0xbc, 0x76, 0x65, 0x6e, 0x6c, 0x69, 0xc4, 0x9f, - 0x69, 0x20, 0x48, 0x69, 0x7a, 0x6d, 0x65, 0x74, - 0x6c, 0x65, 0x72, 0x69, 0x20, 0x41, 0x2e, 0xc5, - 0x9e, 0x2e -}; -static const CSSM_DATA turk1_derIssuer = { 186, (uint8 *)turk1_derIssuer_bytes }; - -/* - Country : TR - Locality : Ankara - Org : TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005 - Common Name : TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı - Serial Number : 01 - Not Before : 10:07:57 Nov 7, 2005 - Not After : 10:07:57 Sep 16, 2015 -*/ -static const uint8 turk2_derIssuer_bytes[] = { - 0x30, 0x81, 0xbe, 0x31, 0x3f, 0x30, 0x3d, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x0c, 0x36, 0x54, 0xc3, - 0x9c, 0x52, 0x4b, 0x54, 0x52, 0x55, 0x53, 0x54, - 0x20, 0x45, 0x6c, 0x65, 0x6b, 0x74, 0x72, 0x6f, - 0x6e, 0x69, 0x6b, 0x20, 0x53, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x6b, 0x61, 0x20, 0x48, 0x69, - 0x7a, 0x6d, 0x65, 0x74, 0x20, 0x53, 0x61, 0xc4, - 0x9f, 0x6c, 0x61, 0x79, 0xc4, 0xb1, 0x63, 0xc4, - 0xb1, 0x73, 0xc4, 0xb1, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x54, - 0x52, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, - 0x04, 0x07, 0x0c, 0x06, 0x41, 0x6e, 0x6b, 0x61, - 0x72, 0x61, 0x31, 0x5d, 0x30, 0x5b, 0x06, 0x03, - 0x55, 0x04, 0x0a, 0x0c, 0x54, 0x54, 0xc3, 0x9c, - 0x52, 0x4b, 0x54, 0x52, 0x55, 0x53, 0x54, 0x20, - 0x42, 0x69, 0x6c, 0x67, 0x69, 0x20, 0xc4, 0xb0, - 0x6c, 0x65, 0x74, 0x69, 0xc5, 0x9f, 0x69, 0x6d, - 0x20, 0x76, 0x65, 0x20, 0x42, 0x69, 0x6c, 0x69, - 0xc5, 0x9f, 0x69, 0x6d, 0x20, 0x47, 0xc3, 0xbc, - 0x76, 0x65, 0x6e, 0x6c, 0x69, 0xc4, 0x9f, 0x69, - 0x20, 0x48, 0x69, 0x7a, 0x6d, 0x65, 0x74, 0x6c, - 0x65, 0x72, 0x69, 0x20, 0x41, 0x2e, 0xc5, 0x9e, - 0x2e, 0x20, 0x28, 0x63, 0x29, 0x20, 0x4b, 0x61, - 0x73, 0xc4, 0xb1, 0x6d, 0x20, 0x32, 0x30, 0x30, - 0x35 -}; -static const CSSM_DATA turk2_derIssuer = { 193, (uint8 *)turk2_derIssuer_bytes }; - -/* - Country : TR - Locality : Ankara - Org : TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007 - Common Name : TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı - Serial Number : 01 - Not Before : 18:37:19 Dec 25, 2007 - Not After : 18:37:19 Dec 22, 2017 -*/ -static const uint8 turk3_derIssuer_bytes[] = { - 0x30, 0x81, 0xbf, 0x31, 0x3f, 0x30, 0x3d, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x0c, 0x36, 0x54, 0xc3, - 0x9c, 0x52, 0x4b, 0x54, 0x52, 0x55, 0x53, 0x54, - 0x20, 0x45, 0x6c, 0x65, 0x6b, 0x74, 0x72, 0x6f, - 0x6e, 0x69, 0x6b, 0x20, 0x53, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x6b, 0x61, 0x20, 0x48, 0x69, - 0x7a, 0x6d, 0x65, 0x74, 0x20, 0x53, 0x61, 0xc4, - 0x9f, 0x6c, 0x61, 0x79, 0xc4, 0xb1, 0x63, 0xc4, - 0xb1, 0x73, 0xc4, 0xb1, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x54, - 0x52, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, - 0x04, 0x07, 0x0c, 0x06, 0x41, 0x6e, 0x6b, 0x61, - 0x72, 0x61, 0x31, 0x5e, 0x30, 0x5c, 0x06, 0x03, - 0x55, 0x04, 0x0a, 0x0c, 0x55, 0x54, 0xc3, 0x9c, - 0x52, 0x4b, 0x54, 0x52, 0x55, 0x53, 0x54, 0x20, - 0x42, 0x69, 0x6c, 0x67, 0x69, 0x20, 0xc4, 0xb0, - 0x6c, 0x65, 0x74, 0x69, 0xc5, 0x9f, 0x69, 0x6d, - 0x20, 0x76, 0x65, 0x20, 0x42, 0x69, 0x6c, 0x69, - 0xc5, 0x9f, 0x69, 0x6d, 0x20, 0x47, 0xc3, 0xbc, - 0x76, 0x65, 0x6e, 0x6c, 0x69, 0xc4, 0x9f, 0x69, - 0x20, 0x48, 0x69, 0x7a, 0x6d, 0x65, 0x74, 0x6c, - 0x65, 0x72, 0x69, 0x20, 0x41, 0x2e, 0xc5, 0x9e, - 0x2e, 0x20, 0x28, 0x63, 0x29, 0x20, 0x41, 0x72, - 0x61, 0x6c, 0xc4, 0xb1, 0x6b, 0x20, 0x32, 0x30, - 0x30, 0x37 -}; -static const CSSM_DATA turk3_derIssuer = { 194, (uint8 *)turk3_derIssuer_bytes }; - -/* -Cert File Name: globalSignRoot.cer - Country : BE - Org : GlobalSign nv-sa - OrgUnit : Root CA - Common Name : GlobalSign Root CA -*/ -static const uint8 globalSignRoot_derIssuer_bytes[] = { - 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x42, 0x45, 0x31, - 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x10, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, - 0x53, 0x69, 0x67, 0x6e, 0x20, 0x6e, 0x76, 0x2d, - 0x73, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, - 0x55, 0x04, 0x0b, 0x13, 0x07, 0x52, 0x6f, 0x6f, - 0x74, 0x20, 0x43, 0x41, 0x31, 0x1b, 0x30, 0x19, - 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x47, - 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69, 0x67, - 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, - 0x41 -}; -static const CSSM_DATA globalSignRoot_derIssuer = { 89, (uint8 *)globalSignRoot_derIssuer_bytes }; - -/*********************** -Cert File Name: swisssign.der -Subject Name : - Country : CH - Org : SwissSign - Common Name : SwissSign CA (RSA IK May 6 1999 18:00:58) - Email addrs : ca@SwissSign.com - - This one has a bogus AuthorityKeyId, with a value of {0x30, 0} inside the octet string. - ***********************/ -static const uint8 swisssign_derIssuer_bytes[] = { - 0x30, 0x76, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x48, 0x31, - 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x13, 0x09, 0x53, 0x77, 0x69, 0x73, 0x73, 0x53, - 0x69, 0x67, 0x6e, 0x31, 0x32, 0x30, 0x30, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, 0x53, 0x77, - 0x69, 0x73, 0x73, 0x53, 0x69, 0x67, 0x6e, 0x20, - 0x43, 0x41, 0x20, 0x28, 0x52, 0x53, 0x41, 0x20, - 0x49, 0x4b, 0x20, 0x4d, 0x61, 0x79, 0x20, 0x36, - 0x20, 0x31, 0x39, 0x39, 0x39, 0x20, 0x31, 0x38, - 0x3a, 0x30, 0x30, 0x3a, 0x35, 0x38, 0x29, 0x31, - 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, - 0x63, 0x61, 0x40, 0x53, 0x77, 0x69, 0x73, 0x73, - 0x53, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d - -}; -static const CSSM_DATA swisssign_derIssuer = { 120, (uint8 *)swisssign_derIssuer_bytes }; - -/* - * Simple class to hold arrays of fields. - */ -class FieldArray { -public: - /* - * Create from existing field array obtained from - * CSSM_CL_CertGetAllFields(). We'll do the CSSM_CL_FreeFields() - * in our destructor. - */ - FieldArray( - CSSM_FIELD *fields, - uint32 numFields, - CSSM_CL_HANDLE clHand); - - /* - * Create empty array of specified size. We don't own the fields - * themselves. - */ - FieldArray( - uint32 size); - - ~FieldArray(); - - /* - * Append a field - no realloc! - */ - void appendField(CSSM_FIELD &field); - - /* get specified field */ - CSSM_FIELD &fieldAt(uint32 index); - - /* get nth occurence of field matching specified OID */ - int fieldForOid( - const CSSM_OID &oid, - unsigned n, // n == 0 --> first one - CSSM_FIELD *&found); // RETURNED - - CSSM_FIELD *mFields; - uint32 mNumFields; // sizeof of *fields - uint32 mMallocdSize; // if NULL, read-only - CSSM_CL_HANDLE mClHand; -}; - -FieldArray::FieldArray( - CSSM_FIELD *fields, - uint32 numFields, - CSSM_CL_HANDLE clHand) -{ - mFields = fields; - mNumFields = numFields; - mMallocdSize = 0; - mClHand = clHand; -} - -FieldArray::FieldArray( - uint32 size) -{ - unsigned len = sizeof(CSSM_FIELD) * size; - mFields = (CSSM_FIELD_PTR)malloc(len); - memset(mFields, 0, len); - mNumFields = 0; - mMallocdSize = size; - mClHand = 0; -} - -FieldArray::~FieldArray() -{ - if(mMallocdSize != 0) { - /* - * Just free the array of fields we mallocd, not the fields - * themselves - */ - free(mFields); - } - else { - /* The CL mallocd these fields, tell it to free the whole thing */ - CSSM_RETURN crtn = CSSM_CL_FreeFields(mClHand, - mNumFields, &mFields); - if(crtn) { - printError("CSSM_CL_FreeFields", crtn); - } - } - mFields = NULL; - mNumFields = 0; - mMallocdSize = 0; -} - -void FieldArray::appendField( - CSSM_FIELD &field) -{ - if(mMallocdSize == 0) { - printf("***Attempt to append to a read-only FieldArray\n"); - exit(1); - } - if(mNumFields >= mMallocdSize) { - printf("***Attempt to append past present size of FieldArray\n"); - exit(1); - } - mFields[mNumFields] = field; - mNumFields++; -} - -CSSM_FIELD &FieldArray::fieldAt( - uint32 index) -{ - if(index >= mNumFields) { - printf("***Attempt to access past present size of FieldArray\n"); - exit(1); - } - return mFields[index]; -} - -/* get nth occurence of field matching specified OID */ -/* returns nonzero on error */ -int FieldArray::fieldForOid( - const CSSM_OID &oid, - unsigned n, // n == 0 --> first one - CSSM_FIELD *&found) // RETURNED -{ - unsigned foundDex = 0; - for(unsigned dex=0; dex; shouldn't need to skip! - &CSSMOID_PolicyMappings, - &CSSMOID_PolicyConstraints -}; -#define NUM_SKIPPED_EXTENS \ - (sizeof(skippedExtens) / sizeof(skippedExtens[0])) -#endif /* USE_SKIPPED_EXTENS */ - -static const CSSM_DATA *skippedCerts[] = { - &anchor_46_derIssuer, - &anchor_53_derIssuer, - &anchor_60_derIssuer, - &turk1_derIssuer, - &turk2_derIssuer, - &turk3_derIssuer, - &globalSignRoot_derIssuer, - &swisssign_derIssuer -}; -#define NUM_SKIPPED_CERTS (sizeof(skippedCerts) / sizeof(skippedCerts[0])) - -static bool skipThisCert( - const NSS_TBSCertificate &tbs) -{ - /* search by extension - currently unused */ - unsigned dex; - #if USE_SKIPPED_EXTENS - unsigned numExtens = nssArraySize((const void **)tbs.extensions); - /* skip this section if that's empty - compiler warning causes failure */ - for(dex=0; dexextnId; - for(unsigned skipDex=0; skipDex FieldType */ -typedef struct { - const CSSM_OID *oid; - FieldType type; -} FieldOidType; - -/* - * The CL-specific mapping table. - * This has to change whenever the CL is modified to add or delete - * an extension or field! - * For newbies, a tip: this basically has to stay in sync with the - * fieldFuncTable array in Security/AppleX509CL/CertFields.cpp. - */ -FieldOidType knownFields[] = { - { &CSSMOID_X509V1Version, FT_Normal }, - { &CSSMOID_X509V1SerialNumber, FT_Normal }, - { &CSSMOID_X509V1IssuerNameCStruct, FT_Normal }, - { &CSSMOID_X509V1SubjectNameCStruct, FT_Normal }, - { &CSSMOID_X509V1SignatureAlgorithmTBS, FT_Normal }, - { &CSSMOID_X509V1SignatureAlgorithm, FT_NotTBS }, - { &CSSMOID_X509V1ValidityNotBefore, FT_Normal }, - { &CSSMOID_X509V1ValidityNotAfter, FT_Normal }, - { &CSSMOID_X509V1CertificateIssuerUniqueId, FT_Normal }, - { &CSSMOID_X509V1CertificateSubjectUniqueId, FT_Normal }, - /* only one of these two can be set - use the SubjectPublicKeyInfo - * version */ - { &CSSMOID_X509V1SubjectPublicKeyCStruct, FT_Normal }, - { &CSSMOID_CSSMKeyStruct, FT_ReadOnly }, - { &CSSMOID_X509V1Signature, FT_NotTBS }, - { &CSSMOID_X509V1IssuerName, FT_ReadOnly }, // DER encoded - { &CSSMOID_X509V1SubjectName, FT_ReadOnly }, // DER encoded - { &CSSMOID_X509V1IssuerNameStd, FT_ReadOnly }, // DER encoded - { &CSSMOID_X509V1SubjectNameStd,FT_ReadOnly }, // DER encoded - - /* Extensions */ - { &CSSMOID_KeyUsage, FT_ExtenParsed }, - { &CSSMOID_BasicConstraints, FT_ExtenParsed }, - { &CSSMOID_ExtendedKeyUsage, FT_ExtenParsed } , - { &CSSMOID_SubjectKeyIdentifier, FT_ExtenParsed } , - { &CSSMOID_AuthorityKeyIdentifier, FT_ExtenParsed } , - { &CSSMOID_SubjectAltName, FT_ExtenParsed } , - { &CSSMOID_IssuerAltName, FT_ExtenParsed } , - { &CSSMOID_CertificatePolicies, FT_ExtenParsed } , - { &CSSMOID_NetscapeCertType, FT_ExtenParsed } , - { &CSSMOID_CrlDistributionPoints, FT_ExtenParsed }, - { &CSSMOID_AuthorityInfoAccess, FT_ExtenParsed }, - { &CSSMOID_SubjectInfoAccess, FT_ExtenParsed }, - { &CSSMOID_X509V3CertificateExtensionCStruct, FT_ExtenUnknown }, - { &CSSMOID_QC_Statements, FT_ExtenParsed }, - { &CSSMOID_NameConstraints, FT_ExtenParsed }, - { &CSSMOID_PolicyMappings, FT_ExtenParsed }, - { &CSSMOID_PolicyConstraints, FT_ExtenParsed }, -// { &CSSMOID_InhibitAnyPolicy, FT_ExtenParsed } //%%% FIXME: CSSMOID_InhibitAnyPolicy not exported!? -}; -#define NUM_KNOWN_FIELDS (sizeof(knownFields) / sizeof(knownFields[0])) - -static FieldType typeForOid( - const CSSM_OID &oid) -{ - for(unsigned dex=0; dexBERvalue.Data == NULL) || - (exten->value.parsedValue == NULL)) { /* actually, one of three variants */ - printf("***Malformed CSSM_X509_EXTENSION (1)\n"); - return 1; - } - - switch(exten->format) { - case CSSM_X509_DATAFORMAT_ENCODED: - if(type != FT_ExtenUnknown) { - doPrintCert(cert); - printf("***Entension format ENCODED, expected PARSED\n"); - if(testError(quiet)) { - return 1; - } - } - - /* - * Now make sure that the underlying extension ID isn't - * one that the CL was SUPPOSED to parse - */ - // %%% FIXME: need to investigate why these are not fully parsed: - if(appCompareCssmData(&exten->extnId, &CSSMOID_PolicyConstraints)) { - printf("...skipping policyConstraints extension per (fix me!)\n"); - break; - } - if(appCompareCssmData(&exten->extnId, &CSSMOID_PolicyMappings)) { - printf("...skipping policyMappings extension per (fix me!)\n"); - break; - } - - expectType = typeForOid(exten->extnId); - if(expectType != FT_Unknown) { - /* - * Swisscom root has an authorityKeyId extension with an illegal value, - * data inside the octet string is <30 00>, no context-specific wrapper - * or tag. - * Instead of a hopeless complaint about that cert, let's just tolerate it - * like this... - */ - if(appCompareCssmData(&exten->extnId, &CSSMOID_AuthorityKeyIdentifier) && - (exten->BERvalue.Length == 2) && - !memcmp(emptyAuthKeyId, exten->BERvalue.Data, 2)) { - printf("...skipping bogus swisssign AuthorityKeyId\n"); - break; - } - doPrintCert(cert); - printf("***underlying exten type %s, expect Unknown\n", - fieldTypeStr(expectType)); - if(testError(quiet)) { - return 1; - } - } - break; - - case CSSM_X509_DATAFORMAT_PARSED: - if(type != FT_ExtenParsed) { - doPrintCert(cert); - printf("***Entension format PARSED, expected ENCODED\n"); - if(testError(quiet)) { - return 1; - } - } - if(exten->value.parsedValue == NULL) { - doPrintCert(cert); - printf("***Parsed extension with NULL parsedValue\n"); - if(testError(quiet)) { - return 1; - } - } - break; - - default: - doPrintCert(cert); - printf("***Unknown Entension format %u\n", - exten->format); - if(testError(quiet)) { - return 1; - } - break; - - } /* switch(exten.format) */ - } - return 0; -} - -/* - * Here's the hard part. - * Given a raw cert and its components in two FieldArrays, crate a TBS - * cert from scratch from those fields and ensure that the result - * is the same as the raw TBS field in the original cert. - */ -static int buildTbs( - CSSM_CL_HANDLE clHand, - const CSSM_DATA &rawCert, - FieldArray &allFields, // on entry, standard fields - FieldArray &extenFields, // extensions only - CSSM_BOOL quiet, - CSSM_BOOL verbose, - CSSM_BOOL writeBlobs) -{ - /* - * First do raw BER-decode in two ways - one to get the - * extensions as they actuallly appear in the cert, and one - * to get the raw undecoded TBS. - */ - SecAsn1CoderRef coder; - OSStatus ortn = SecAsn1CoderCreate(&coder); - if(ortn) { - cssmPerror("SecAsn1CoderCreate", ortn); - return testError(quiet); - } - - NSS_SignedCertOrCRL signedCert; // with TBS as ASN_ANY - memset(&signedCert, 0, sizeof(signedCert)); - if(SecAsn1DecodeData(coder, &rawCert, kSecAsn1SignedCertOrCRLTemplate, - &signedCert)) { - doPrintCert(rawCert); - printf("***Error decoding cert to kSecAsn1SignedCertOrCRL\n"); - return testError(quiet); - } - - NSS_Certificate fullCert; // fully decoded - memset(&fullCert, 0, sizeof(fullCert)); - if(SecAsn1DecodeData(coder, &rawCert, kSecAsn1SignedCertTemplate, - &fullCert)) { - doPrintCert(rawCert); - printf("***Error decoding cert to kSecAsn1Certificate\n"); - return testError(quiet); - } - - NSS_TBSCertificate &tbs = fullCert.tbs; - unsigned numExtens = nssArraySize((const void **)tbs.extensions); - if(numExtens != extenFields.mNumFields) { - /* The CL told us the wrong number of extensions */ - doPrintCert(rawCert); - printf("***NSS says %u extens, CL says %u\n", numExtens, - (unsigned)extenFields.mNumFields); - return testError(quiet); - } - - if(skipThisCert(tbs)) { - if(verbose) { - printf(" ...skipping TBS blob check\n"); - } - SecAsn1CoderRelease(coder); - return 0; - } - - /* - * The CL returns extension fields in an order which differs from - * the order of the extensions in the actual cert (because it - * does a table-based lookup, field by field, when doing a - * CSSM_CL_CertGetAllFields()). We have to add the extensions - * from extenFields to allFields in the order they appear in - * OUR decoded fullCert. - */ - unsigned numUnknowns = 0; - for(unsigned dex=0; dexextnId; - FieldType type = typeForOid(oid); - CSSM_FIELD *found = NULL; - int rtn; - switch(type) { - case FT_ExtenParsed: - /* - * look for this exact extension - * NOTE we're assuming that only one copy of - * each specific parsed extension exists. The - * 509 spec does't specifically require this but - * I've never seen a case of multiple extensions - * of the same type in one cert. - */ - rtn = extenFields.fieldForOid(oid, 0, found); - break; - case FT_Unknown: - /* search for nth unparsed exten field */ - rtn = extenFields.fieldForOid( - CSSMOID_X509V3CertificateExtensionCStruct, - numUnknowns++, - found); - break; - default: - /* caller was already supposed to check this */ - doPrintCert(rawCert); - printf("***HEY! buildTBS was given a bogus extension!\n"); - return 1; - } - if(rtn) { - doPrintCert(rawCert); - printf("***buildTBS could not find extension in CL's fields\n"); - return testError(quiet); - } - - allFields.appendField(*found); - } /* processing extensions */ - - /* - * OK, the field array in allFields is ready to go down to - * the CL. - */ - CSSM_RETURN crtn; - CSSM_DATA clTbs = {0, NULL}; - crtn = CSSM_CL_CertCreateTemplate(clHand, - allFields.mNumFields, - allFields.mFields, - &clTbs); - if(crtn) { - doPrintCert(rawCert); - printError("CSSM_CL_CertCreateTemplate", crtn); - return testError(quiet); - } - - /* - * The moment of truth. Is that template identical to the - * raw undecoded TBS blob we got by decoding a NSS_SignedCertOrCRL? - */ - int ourRtn = 0; - if(!appCompareCssmData(&clTbs, &signedCert.tbsBlob)) { - doPrintCert(rawCert); - printf("***Encoded TBS does not match decoded TBS.\n"); - if(writeBlobs) { - writeFile(ENC_TBS_BLOB, clTbs.Data, clTbs.Length); - writeFile(DEC_TBS_BLOB, signedCert.tbsBlob.Data, - signedCert.tbsBlob.Length); - printf("...wrote TBS blobs to %s and %s\n", - ENC_TBS_BLOB, DEC_TBS_BLOB); - } - ourRtn = testError(quiet); - } - CSSM_FREE(clTbs.Data); - SecAsn1CoderRelease(coder); - return ourRtn; -} - -/* verify root with itself using TP */ -static int verifyRoot( - CSSM_TP_HANDLE tpHand, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - const CSSM_DATA &cert, - CSSM_BOOL allowExpired, - CSSM_BOOL useTrustSettings, - CSSM_BOOL quiet) -{ - BlobList blobs; - blobs.addBlob(cert, CSSM_TRUE); - int i; - - const char *certStatus; - if(useTrustSettings) { - /* - * CSSM_CERT_STATUS_IS_IN_INPUT_CERTS - * CSSM_CERT_STATUS_IS_ROOT - * CSSM_CERT_STATUS_TRUST_SETTINGS_FOUND_SYSTEM - * CSSM_CERT_STATUS_TRUST_SETTINGS_TRUST - */ - certStatus = "0:0x314"; - } - else { - /* - * CSSM_CERT_STATUS_IS_IN_INPUT_CERTS (new since radar 3855635 was fixed) - * CSSM_CERT_STATUS_IS_IN_ANCHORS - * CSSM_CERT_STATUS_IS_ROOT - */ - certStatus = "0:0x1C"; - } - - /* try one with allowExpiredRoot false, then true on error and if so - * enabled to make sure we know what's going wrong */ - CSSM_BOOL expireEnable = CSSM_FALSE; - for(int dex=0; dex<2; dex++) { - i = certVerifySimple(tpHand, clHand, cspHand, - blobs, // certs - blobs, // and roots - CSSM_FALSE, // useSystemAnchors - CSSM_TRUE, // leaf is CA - expireEnable, - CVP_Basic, - NULL, // SSL host - CSSM_FALSE, // SSL client - NULL, // sender email - 0, // key use - NULL, // expected error str - 0, NULL, // per-cert errors - 1, &certStatus, // per-cert status - useTrustSettings, - quiet, - CSSM_FALSE); // verbose - if(i == 0) { - /* success */ - if(dex == 1) { - printf("...warning: expired root detected. Be aware.\n"); - } - return 0; - } - if(!allowExpired) { - /* no second chance */ - return i; - } - expireEnable = CSSM_TRUE; - if(useTrustSettings) { - /* now expect EXPIRED, IS_ROOT, IS_IN_INPUT_CERTS, TRUST_SETTINGS_FOUND_SYSTEM, - * CSSM_CERT_STATUS_TRUST_SETTINGS_TRUST */ - certStatus = "0:0x315"; - } - else { - /* now expect EXPIRED, IS_ROOT, IS_IN_ANCHORS, IS_IN_INPUT_CERTS */ - certStatus = "0:0x1d"; - } - } - return i; -} - - -static int doTest( - CSSM_CL_HANDLE clHand, - CSSM_TP_HANDLE tpHand, - CSSM_CSP_HANDLE cspHand, - const CSSM_DATA &cert, - CSSM_BOOL allowExpired, - CSSM_BOOL quiet, - CSSM_BOOL verbose, - CSSM_BOOL writeBlobs, - CSSM_BOOL useTrustSettings) -{ - /* first see if this anchor self-verifies. */ - if(verifyRoot(tpHand, clHand, cspHand, cert, allowExpired, - useTrustSettings, quiet)) { - doPrintCert(cert); - printf("***This anchor does not self-verify!\n"); - return testError(quiet); - } - - /* have the CL parse it to the best of its ability */ - CSSM_FIELD_PTR certFields; - uint32 numFields; - CSSM_RETURN crtn = CSSM_CL_CertGetAllFields(clHand, &cert, &numFields, - &certFields); - if(crtn) { - printError("CSSM_CL_CertGetAllFields", crtn); - doPrintCert(cert); - printf("***The CL can not parse this anchor!\n"); - return testError(quiet); - } - - /* save, this object does the free fields when it goes out of scope */ - FieldArray parsed(certFields, numFields, clHand); - - /* - * We're going to build a TBSCert from these received fields. - * Extensions need to be processed specially because they - * come back from the CL ordered differently than they appear - * in the cert. - * - * First make two buckets for making copies of incoming fields. - */ - FieldArray forCreate(numFields); // for creating template - FieldArray extenFields(numFields); - - for(unsigned dex=0; dex 0 ) - switch ( "$argv[1]" ) - case q: - set QUIET = 1 - shift - breaksw - case t: - set TRUST_SETTINGS_ARG = -g - shift - breaksw - default: - echo Usage: intermedSourceTest directory - exit(1) - endsw -end - -# -# binaries we need -# -set CERTCRL=$BUILD_DIR/certcrl -set CERTS_FROM_DB=$BUILD_DIR/certsFromDb -foreach targ ($CERTCRL $CERTS_FROM_DB) - if(! -e $targ) then - echo === $targ is missing. Try building clxutil. - exit(1) - endif -end - -set SYSTEM_CERTS=/System/Library/Keychains/SystemCACertificates.keychain - -echo starting intermedSourceTest -# -# certcrl args: -# -# -c cert to eval -# -s use system anchors -# -a allow certs unverified by CRLs -# -n no network fetch of CRLs -# -N no network fetch of certs -# -f leaf cert is a CA -# -d SYSTEM_CERTS -- use additional certs from there -# -L silent -# -g use Trust Settings -# -cd $CERTS_DIR -foreach certFile (*) - if ( -f "$certFile" ) then - if($QUIET == 0) then - echo testing $certFile.... - endif - $CERTCRL -c "$certFile" -s -a -f -L -n -N -d $SYSTEM_CERTS $TRUST_SETTINGS_ARG - set ERR=$status - if($ERR == 1) then - echo "Note: $certFile is expired" - else - if($ERR != 0) then - echo "++++++++ Verification error on $certFile ($ERR)" - $CERTCRL -c "$certFile" -s -a -f -v -n -N -d $SYSTEM_CERTS $TRUST_SETTINGS_ARG - exit(1) - endif - endif -end - -if($QUIET == 0) then - echo "...intermedSourceTest complete" -endif - diff --git a/SecurityTests/clxutils/anchorTest/intermedTest b/SecurityTests/clxutils/anchorTest/intermedTest deleted file mode 100755 index 44532232..00000000 --- a/SecurityTests/clxutils/anchorTest/intermedTest +++ /dev/null @@ -1,128 +0,0 @@ -#! /bin/csh -f -# -# verify contents of /System/Library/Keychains/SystemCACertificates.keychain -# -set BUILD_DIR=$LOCAL_BUILD_DIR -set QUIET=NO -# -set CERT_KC=/System/Library/Keychains/SystemCACertificates.keychain -# -# the contents of SystemCACertificates gets dumped here as a pile of certs. -# We delete on successful exit, else we leave them there. -# -set CERTS_DIR=$BUILD_DIR/intermediateCerts -# -# binaries we need -# -set CERTCRL=$BUILD_DIR/certcrl -set CERTS_FROM_DB=$BUILD_DIR/certsFromDb -foreach targ ($CERTCRL $CERTS_FROM_DB) - if(! -e $targ) then - echo === $targ is missing. Try building clxutil. - exit(1) - endif -end - -# -set TRUST_SETTINGS_ARG= -# -while ( $#argv > 0 ) - switch ( "$argv[1]" ) - case q: - set QUIET=YES - shift - breaksw - case 't': - set TRUST_SETTINGS_ARG=-g - shift - breaksw - default: - echo "Usage: intermedTest [q(uiet)] [t(rustSettings)]" - exit(1) - endsw -end -# -echo Starting intermedTest - -if ($QUIET == NO) then - echo Initializing $CERTS_DIR... -endif -set cmd="rm -rf $CERTS_DIR" -if ($QUIET == NO) then - echo $cmd -endif -$cmd || exit(1) -set cmd="mkdir -p $CERTS_DIR" -if ($QUIET == NO) then - echo $cmd -endif -$cmd || exit(1) - -if ($QUIET == NO) then - echo Extracting certs from $CERT_KC... === -endif -set cmd="$CERTS_FROM_DB $CERT_KC f $CERTS_DIR/intermed q" -if ($QUIET == NO) then - echo $cmd -endif -$cmd || exit(1) - -# -# certcrl args: -# -# -s use system anchors -# -a allow certs unverified by CRLs -# -f leaf cert is a CA -# -L silent -# -g use Trust Settings -# -# We can also specify an evaluation date prior to the expiration of -# various intermediate certs via the EVAL_TIME string: -# -#set EVAL_TIME="-T 20081201000000" -#echo "### Verification date for intermedTest is 2008-12-01" -set EVAL_TIME="" - -set GOT_ERROR=0 -foreach certFile ($CERTS_DIR/*) - set cmd="$CERTCRL -c $certFile -s -a -f -L $TRUST_SETTINGS_ARG $EVAL_TIME" - if ($QUIET == NO) then - echo $cmd - endif - - set CERTNAM=`basename "$certFile"` - set CERTNUM=`echo -n "$CERTNAM" | sed -e 's/^intermed_\([0-9].*\)/\1/g'` - # skip DOD intermediates in this range as AIA fetch is timing out! - if($CERTNUM > 43 && $CERTNUM < 54) then - echo "******** Note: skipping $CERTNAM due to unreachable AIA location" - set ERR=0 - else - $cmd - set ERR=$status - endif - - if($ERR == 1) then - echo "******** Note: $CERTNAM is expired" - else - if($ERR != 0) then - echo "++++++++ Verification error on $CERTNAM" - $CERTCRL -c $certFile -s -a -f -v - set GOT_ERROR=1 - endif - endif -end - -if($GOT_ERROR == 1) then - echo ++++ TEST FAILED ++++ - exit(1) -endif - -set cmd="rm -rf $CERTS_DIR" -if ($QUIET == NO) then - echo $cmd -endif -# $cmd || exit(1) - -if ($QUIET == NO) then - echo "...intermedTest complete" -endif diff --git a/SecurityTests/clxutils/caVerify/Makefile b/SecurityTests/clxutils/caVerify/Makefile deleted file mode 100644 index 685de741..00000000 --- a/SecurityTests/clxutils/caVerify/Makefile +++ /dev/null @@ -1,55 +0,0 @@ -# name of executable to build -EXECUTABLE= caVerify -# C++ source (with .cpp extension) -CPSOURCE= caVerify.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= - -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= ssRootCert.der ssRootTBS.der ssSubjCert.der ssSubjTBS.der - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/clxutils/caVerify/caVerify.cpp b/SecurityTests/clxutils/caVerify/caVerify.cpp deleted file mode 100644 index e19d3302..00000000 --- a/SecurityTests/clxutils/caVerify/caVerify.cpp +++ /dev/null @@ -1,648 +0,0 @@ -/* Copyright (c) 1998,2003-2006,2008 Apple Inc. - * - * caVerify.cpp - * - * Verify proper detection of basicConstraints.cA - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/* define nonzero to build on Puma */ -#define PUMA_BUILD 0 - -/* default key and signature algorithm */ -#define SIG_ALG_DEFAULT CSSM_ALGID_SHA1WithRSA -#define KEY_ALG_DEFAULT CSSM_ALGID_RSA - -#define NUM_CERTS_DEF 5 /* default is random from 2 to this */ -#define NUM_LOOPS_DEF 100 - -#if PUMA_BUILD -extern "C" { - void cssmPerror(const char *how, CSSM_RETURN error); -} -#endif /* PUMA_BUILD */ - -static void usage(char **argv) -{ - printf("Usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" n=numCerts (default=random from 2 to %d)\n", NUM_CERTS_DEF); - printf(" a=alg where alg is s(RSA/SHA1), 5(RSA/MD5), f(FEE/MD5), " - "F(FEE/SHA1), e(ECDSA), E(ANSI/ECDSA), 6(ECDSA/SHA256)\n"); - printf(" k=keySizeInBits\n"); - printf(" c (dump certs on error)\n"); - printf(" l=numLoops (default = %d)\n", NUM_LOOPS_DEF); - exit(1); -} - -void showCerts( - const CSSM_DATA *certs, - unsigned numCerts) -{ - unsigned i; - - for(i=0; i=0; dex--) { - thisCert = &certs[dex]; - - thisCert->Data = NULL; - thisCert->Length = 0; - - sprintf(nameStr, "%s%04d", nameBase, dex); - if(issuerName == NULL) { - /* last (root) cert - subject same as issuer */ - issuerName = CB_BuildX509Name(&nameOid, 1); - /* self-signed */ - signerKey = &privKeys[dex]; - } - else { - /* previous subject becomes current issuer */ - CB_FreeX509Name(issuerName); - issuerName = subjectName; - signerKey = &privKeys[dex+1]; - } - subjectName = CB_BuildX509Name(&nameOid, 1); - if((subjectName == NULL) || (issuerName == NULL)) { - printf("Error creating X509Names\n"); - crtn = CSSMERR_CSSM_MEMORY_ERROR; - break; - } - - /* - * not before/after in Y2k-compliant generalized time format. - * These come preformatted from our caller. - */ - notBefore = CB_BuildX509Time(0, notBeforeStr); - notAfter = CB_BuildX509Time(0, notAfterStr); - - /* - * Cook up cert template - * Note serial number would be app-specified in real world - */ - rawCert = CB_MakeCertTemplate(clHand, - 0x12345 + dex, // serial number - issuerName, - subjectName, - notBefore, - notAfter, - &pubKeys[dex], - sigAlg, - NULL, // subj unique ID - NULL, // issuer unique ID - extensions[dex], // extensions - numExtensions[dex]); // numExtensions - - if(rawCert == NULL) { - crtn = CSSM_ERRCODE_INTERNAL_ERROR; - break; - } - - /* Free the stuff we allocd to get here */ - CB_FreeX509Time(notBefore); - CB_FreeX509Time(notAfter); - - /**** sign the cert ****/ - /* 1. get a signing context */ - crtn = CSSM_CSP_CreateSignatureContext(cspHand, - sigAlg, - NULL, // no passphrase for now - signerKey, - &signContext); - if(crtn) { - printError("CreateSignatureContext", crtn); - break; - } - - /* 2. use CL to sign the cert */ - signedCert.Data = NULL; - signedCert.Length = 0; - crtn = CSSM_CL_CertSign(clHand, - signContext, - rawCert, // CertToBeSigned - NULL, // SignScope per spec - 0, // ScopeSize per spec - &signedCert); - if(crtn) { - printError("CSSM_CL_CertSign", crtn); - break; - } - - /* 3. delete signing context */ - crtn = CSSM_DeleteContext(signContext); - if(crtn) { - printError("CSSM_DeleteContext", crtn); - break; - } - - /* - * CSSM_CL_CertSign() returned us a mallocd CSSM_DATA. Copy - * its fields to caller's cert. - */ - certs[dex] = signedCert; - - /* and the raw unsigned cert as well */ - appFreeCssmData(rawCert, CSSM_TRUE); - rtn = 0; - } - - /* free resources */ - if(issuerName != NULL) { - CB_FreeX509Name(issuerName); - } - if(subjectName != NULL) { - CB_FreeX509Name(subjectName); - } - return crtn; -} - -static int doTest( - CSSM_CSP_HANDLE cspHand, // CSP handle - CSSM_CL_HANDLE clHand, // CL handle - CSSM_TP_HANDLE tpHand, // TP handle - unsigned numCerts, // >= 2 - CSSM_KEY_PTR pubKeys, - CSSM_KEY_PTR privKeys, - CSSM_ALGORITHMS sigAlg, - CSSM_BOOL expectFail, - CSSM_BOOL dumpCerts, - CSSM_BOOL quiet) -{ - CSSM_DATA_PTR certs; - CSSM_X509_EXTENSION **extens; - unsigned *numExtens; - char *notBeforeStr = genTimeAtNowPlus(0); - char *notAfterStr = genTimeAtNowPlus(10000); - unsigned certDex; - CE_BasicConstraints *bc; - CSSM_X509_EXTENSION *thisExten; - CE_BasicConstraints *thisBc; - const char *failMode = "not set - internal error"; - CSSM_RETURN crtn; - unsigned badCertDex = 0; - - certs = (CSSM_DATA_PTR)malloc(sizeof(CSSM_DATA) * numCerts); - memset(certs, 0, sizeof(CSSM_DATA) * numCerts); - - /* - * For now just zero or one extension per cert - basicConstraints. - * Eventually we'll want to test keyUsage as well. - */ - extens = (CSSM_X509_EXTENSION **)malloc(sizeof(CSSM_X509_EXTENSION *) * numCerts); - memset(extens, 0, sizeof(CSSM_X509_EXTENSION *) * numCerts); - numExtens = (unsigned *)malloc(sizeof(unsigned) * numCerts); - bc = (CE_BasicConstraints *)malloc(sizeof(CE_BasicConstraints) * numCerts); - - /* - * Set up all extensions for success - */ - for(certDex=0; certDexextnId = CSSMOID_BasicConstraints; - thisExten->critical = CSSM_TRUE; - thisExten->format = CSSM_X509_DATAFORMAT_PARSED; - thisExten->value.parsedValue = thisBc; - thisExten->BERvalue.Data = NULL; - thisExten->BERvalue.Length = 0; - - if(certDex == 0) { - /* leaf - flip coin to determine presence of basicConstraints */ - int coin = genRand(1,2); - if(coin == 1) { - /* basicConstraints, !cA */ - thisBc->cA = CSSM_FALSE; - thisBc->pathLenConstraintPresent = CSSM_FALSE; - thisBc->pathLenConstraint = 0; - } - else { - /* !basicConstraints, !cA by default */ - numExtens[certDex] = 0; - } - } - else if(certDex == (numCerts-1)) { - /* root - flip coin to determine presence of basicConstraints */ - int coin = genRand(1,2); - if(coin == 1) { - /* basicConstraints, cA */ - thisBc->cA = CSSM_TRUE; - /* flip coin to determine present of pathLenConstraint */ - coin = genRand(1,2); - if(coin == 1) { - thisBc->pathLenConstraintPresent = CSSM_FALSE; - thisBc->pathLenConstraint = 0; - } - else { - thisBc->pathLenConstraintPresent = CSSM_TRUE; - thisBc->pathLenConstraint = genRand(certDex-1, numCerts+1); - } - } - else { - /* !basicConstraints, cA by default */ - numExtens[certDex] = 0; - } - } - else { - /* intermediate = cA required */ - thisBc->cA = CSSM_TRUE; - /* flip coin to determine presence of pathLenConstraint */ - int coin = genRand(1,2); - if(coin == 1) { - thisBc->pathLenConstraintPresent = CSSM_FALSE; - thisBc->pathLenConstraint = 0; - } - else { - thisBc->pathLenConstraintPresent = CSSM_TRUE; - thisBc->pathLenConstraint = genRand(certDex-1, numCerts+1); - } - } - } - - if(expectFail) { - /* introduce a failure */ - if(numCerts == 2) { - /* only possible failure is explicit !cA in root */ - /* don't assume presence of BC exten */ - badCertDex = 1; - thisExten = extens[badCertDex]; - thisBc = &bc[badCertDex]; - thisBc->cA = CSSM_FALSE; - thisBc->pathLenConstraintPresent = CSSM_FALSE; - bc->pathLenConstraint = 0; - numExtens[badCertDex] = 1; - failMode = "Explicit !cA in root"; - } - else { - /* roll the dice to select an intermediate cert */ - badCertDex = genRand(1, numCerts-2); - thisExten = extens[badCertDex]; - if((thisExten == NULL) || (numExtens[badCertDex] == 0)) { - printf("***INTERNAL SCREWUP\n"); - exit(1); - } - thisBc = &bc[badCertDex]; - - /* - * roll die: fail by - * -- no BasicConstraints - * -- !cA - * -- bad pathLenConstraint - */ - int die = genRand(1,3); - if((die == 1) && - (badCertDex != 1)) { // last cA doesn't need pathLenConstraint - thisBc->pathLenConstraintPresent = CSSM_TRUE; - thisBc->pathLenConstraint = badCertDex - 2; // one short - failMode = "Short pathLenConstraint"; - } - else if(die == 2) { - thisBc->cA = CSSM_FALSE; - failMode = "Explicit !cA in intermediate"; - } - else { - /* no extension */ - numExtens[badCertDex] = 0; - failMode = "No BasicConstraints in intermediate"; - } - } - } - if(!quiet && expectFail) { - printf(" ...bad cert at index %d: %s\n", badCertDex, failMode); - } - - /* here we go - create cert chain */ - crtn = tpGenCertsExten(cspHand, - clHand, - sigAlg, - numCerts, - "caVerify", // nameBase - pubKeys, - privKeys, - extens, - numExtens, - certs, - notBeforeStr, - notAfterStr); - if(crtn) { - printError("tpGenCertsExten", crtn); - return crtn; // and leak like crazy - } - - CSSM_CERTGROUP cgrp; - memset(&cgrp, 0, sizeof(CSSM_CERTGROUP)); - cgrp.NumCerts = numCerts; - #if PUMA_BUILD - cgrp.CertGroupType = CSSM_CERTGROUP_ENCODED_CERT; - #else - /* Jaguar */ - cgrp.CertGroupType = CSSM_CERTGROUP_DATA; - #endif /* PUMA_BUILD */ - cgrp.CertType = CSSM_CERT_X_509v3; - cgrp.CertEncoding = CSSM_CERT_ENCODING_DER; - cgrp.GroupList.CertList = certs; - - #if PUMA_BUILD - crtn = tpCertGroupVerify(tpHand, - clHand, - cspHand, - NULL, // DlDbList - &CSSMOID_APPLE_X509_BASIC, // SSL requires built-in root match - &cgrp, - /* pass in OUR ROOT as anchors */ - (CSSM_DATA_PTR)&certs[numCerts-1], // anchorCerts - 1, - CSSM_TP_STOP_ON_POLICY, - CSSM_FALSE, // allowExpired - NULL); // vfyResult - #else - /* Jaguar */ - crtn = tpCertGroupVerify(tpHand, - clHand, - cspHand, - NULL, // DlDbList - &CSSMOID_APPLE_TP_SSL, // may want to parameterize this - NULL, // fieldOpts for server name - NULL, // actionDataPtr for allow expired - NULL, // policyOpts - &cgrp, - /* pass in OUR ROOT as anchors */ - (CSSM_DATA_PTR)&certs[numCerts-1], // anchorCerts - 1, - CSSM_TP_STOP_ON_POLICY, - NULL, // cssmTimeStr - NULL); // vfyResult - #endif /* PUMA_BUILD */ - if(expectFail) { - if(crtn != CSSMERR_TP_VERIFY_ACTION_FAILED) { - cssmPerror("***Expected error TP_VERIFY_ACTION_FAILED; got ", crtn); - printf(" Expected failure due to %s\n", failMode); - if(dumpCerts) { - showCerts(certs, numCerts); - writeCerts(certs, numCerts); - } - return testError(quiet); - } - } - else if(crtn) { - cssmPerror("Unexpected failure on tpCertGroupVerify", crtn); - if(dumpCerts) { - showCerts(certs, numCerts); - } - return testError(quiet); - } - - /* clean up */ - return 0; -} - -int main(int argc, char **argv) -{ - CSSM_CL_HANDLE clHand; // CL handle - CSSM_CSP_HANDLE cspHand; // CSP handle - CSSM_TP_HANDLE tpHand; - CSSM_KEY_PTR pubKeys; - CSSM_KEY_PTR privKeys; - CSSM_RETURN crtn; - int arg; - unsigned certDex; - unsigned loopNum; - unsigned maxCerts; - - /* user-spec'd variables */ - CSSM_ALGORITHMS keyAlg = KEY_ALG_DEFAULT; - CSSM_ALGORITHMS sigAlg = SIG_ALG_DEFAULT; - uint32 keySizeInBits = CSP_KEY_SIZE_DEFAULT; - unsigned numCerts = 0; // means random per loop - unsigned numLoops = NUM_LOOPS_DEF; - CSSM_BOOL quiet = CSSM_FALSE; - CSSM_BOOL dumpCerts = CSSM_FALSE; - - for(arg=1; arg197;7#e;$!64Dw)FK7v)S{Biw9MqhlFa-(1;^5ojC_zT137VC15*P-12Y3KhyrrWKwKkZ zQ%h6JD1&rV2M8Mof{f=7<_b?N&dAJ5FUij{6foce39^f@2d5^Ml;oruN*IWN-6_KF zn44IYpQo3cp9^uHxPd50hFOHKyu4g55iV=cI3L;XjI0dIjlB#8jh#%5jSPz~?Ea^I ze44}Dd2`Y;pTxUmF4)zSS$6aMhkIRe*C);PJtXbAdPNb3L`6|X|I$sr!Vfq^h&j!? z7E_^7dw9;%g3p=No9{~6x5sX?)#_So=(0D*VCN==Q#aRoJDQ!V{!#U;<+^GO}nGs2Qlh_y&w^5>VIXCl?o>7;KOWQ^m-` zl4uaWFm^$-L8L*rL8usKW^Q77s(yNAnt`H$ya78Kt2Q4qlN5_c|I^D-ZEJe_vJanc z$hzVop;IlXXP_#k47DRCKRqAC4*jxXuo%cB)GWYU$Dmi;k~MW#YiafDzNWzWl6 -#include -#include /* private */ -#include /* private */ -#include -#include /* private */ - -static void usage(char **argv) -{ - printf("Usage:\n"); - printf(" %s certFileName [d(isable intermediates) [f filebase] [n(o cert dump)]\n", argv[0]); - exit(1); -} - -int main(int argc, char **argv) -{ - unsigned char *certData = NULL; // subject cert, raw data - unsigned certDataLen = 0; - OSStatus ortn; - SecTrustRef secTrust = NULL; - CFMutableArrayRef subjCerts = NULL; - SecPolicyRef policy = NULL; - SecPolicySearchRef policySearch = NULL; - SecTrustResultType secTrustResult; - CSSM_RETURN crtn = CSSM_OK; - CSSM_TP_APPLE_EVIDENCE_INFO *dummyEv; // not used - CFArrayRef certChain = NULL; // constructed chain - CFIndex numCerts; - bool disableLocalIntermediates = false; - char *fileBase = NULL; - bool enableCertDump = true; - - if(argc < 2) { - usage(argv); - } - if(readFile(argv[1], &certData, &certDataLen)) { - printf("***Error reading cert from %s. Aborting.\n", argv[1]); - exit(1); - } - for(int arg=2; arg 0)) { - char fname[200]; - sprintf(fname, "%s_%u", fileBase, i); - if(writeFile(fname, cd.Data, cd.Length)) { - printf("***Error writing to %s\n", fname); - } - else { - printf("...write %lu bytes to %s\n", cd.Length, fname); - } - } - } - } -errOut: - if(certData) { - /* mallocds by readFile() */ - free(certData); - } - if(secTrust) { - CFRelease(secTrust); - } - if(subjCerts) { - CFRelease(subjCerts); - } - if(policy) { - CFRelease(policy); - } - if(policySearch) { - CFRelease(policySearch); - } - return (int)ortn; -} diff --git a/SecurityTests/clxutils/certChain/keybank_v3.100.cer b/SecurityTests/clxutils/certChain/keybank_v3.100.cer deleted file mode 100644 index fe390de4a376c4ba9ed872b205d63da6ae34b53c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1039 zcmXqLV&OJuVlG+0%*4pVB#^ED{^XasCbbh0zm`?y?F%vBW#iOp^Jx3d%gD&W%3#pA z%TV4xmW?@-g-cj0EVU>zI5Ry@A*86ZxJ1D(wWK`1DBDonKoq2aTbK`~Ku5tdFImsf z*uW4Xp#_rwikGAoYY6@zlxG*vN4Dc5vslJi$kT>x3@7oS4|4+@n3M zdOP8r+i&`lTp(O;lKED{ckhvlXRo)^g?!AIe$zqCQ0&!OzKVydeh18V zZjiKhJ+qY~U+l%xmK~D5`uXPaxCwW(w|7N{v_0WEv`#=;#(H00V}$tH z`6nI;m;HG(@hB5BBLm~&CPp!XCPpD}$jS<{Fc~m_!&R1_g@u`kb%B8!(0{V>EcOPr z2G$EK7nrx1W|Wi^Sn2C07v-QuI4DgRqof%~lFM~M7c(%%f*$$sZ?4HY zwQljI^XBu+uE#m#h^(^wrStUH>~}X_yeVa!kfhUhJaLlc-QuPLKJNa)^5z*r2dXF5 z1YNH>WGS$6@0q#ZX8!JZw|^$D|C-6+|97oOJT$S9T`c>5`--p}2Bv*1@0ZOLOikO@ cy;>nVsYYn=@^2?gZZO%E_jT<*>3R1I032;ebpQYW diff --git a/SecurityTests/clxutils/certChain/keybank_v3.101.cer b/SecurityTests/clxutils/certChain/keybank_v3.101.cer deleted file mode 100644 index 8b066bffa87a57c8fcca07904f178d81905682e7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 906 zcmXqLVs0~NVtT)TnTe5!Nuc7L$32N?g~F334{w#NzI)JsmyJ`a&7D}zD2 zA-4f18*?ZNn=n&ou%WntD2T%)%omnglo_0vo~NVWnU}0*Xl`H%lHeBBbIwUDE>DJm^4QSeJGDbFv;hPjFx!&Sxxh7eb2 z!F77(m82HsfnAZ9qY#{0RF+z#;OwZNs{nPlp{Id6M3X~#dAS}?I4)ylU@SgI~c)qc4D3hU)P&&;e>eelVN-u8TzO|fg}rjL7HO?P@b z%Y;kx%F39p4yt!=vL7_sRGM?-)b7Rq!qf|$S0#Tnu$!#$^w&pD>(ASL{Vc!7ct-6w zD0_KR*S`XTsZOW=X$N*k*;xHl@}IDYX?gG*f0O5{SvFPYGchwVFfMLjO>hz23iIhY#iEbz{J7M#3&|{ zQBqP+Y^AS{EvO7kK&HsE=o)AnXf9A+pxUMkQVvv|T$F(~& zm_^Kta269AC&V>QER1YiFo$t48gPT`;%8w2CTlhWLAWYLMyL>Kx@HDOfO71+Wh$(H z%Pwb0UEAfxwknICc|zKz4a*MAJ1Ms~G)$&)>UV=JICs~0Yww!s^{>EBI`f*% zcYpSypTwhl7WJ>;?qa*W^Gfzn*@#=>L5~$bUb-H2_37%!YQ?IytSkS-1+9X4=Oirf cx*7LGmPd1yFnem7{QfN`n}X-)F!d_~04tFr3IG5A diff --git a/SecurityTests/clxutils/certInCrl/Makefile b/SecurityTests/clxutils/certInCrl/Makefile deleted file mode 100644 index 0cb39b1d..00000000 --- a/SecurityTests/clxutils/certInCrl/Makefile +++ /dev/null @@ -1,54 +0,0 @@ -# name of executable to build -EXECUTABLE= certInCrl -# C++ source (with .cpp extension) -CPSOURCE=certInCrl.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/clxutils/certInCrl/certInCrl.cpp b/SecurityTests/clxutils/certInCrl/certInCrl.cpp deleted file mode 100644 index 372dc44e..00000000 --- a/SecurityTests/clxutils/certInCrl/certInCrl.cpp +++ /dev/null @@ -1,90 +0,0 @@ -/* - * certInCrl.c - simple "see if cert is in CRL" - */ -#include -#include -#include -#include -#include -#include -#include - -static void usage(char **argv) -{ - printf("Usage: %s certFile crlFile [l=loops]\n", argv[0]); - exit(1); -} - -int main(int argc, char **argv) -{ - CSSM_DATA cert; - CSSM_DATA crl; - int rtn; - CSSM_CL_HANDLE clHand; - CSSM_RETURN crtn; - int loops = 1; - int loop; - int arg; - - if(argc < 3) { - usage(argv); - } - for(arg=3; arg -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static void usage(char **argv) -{ - printf("usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" -p -- pause for leaks check\n"); - printf(" -q -- quiet\n"); - /* etc. */ - exit(1); -} - -#define KEY_SIZE 1024 -#define KEY_ALG CSSM_ALGID_RSA -#define SIG_ALG CSSM_ALGID_SHA1WithRSA -#define CERT_FILE_OUT "/tmp/certLabelTest.cer" - -/* - * Here's the definitive string for Radar 3529689. - * BER tag = Teletex/T61, encoding = kCFStringEncodingISOLatin1. - * I hope Herr Petersen does not mind. - */ -static const unsigned char JurgenPetersen[] = -{ - 0x4a, 0xf8, 0x72, 0x67, 0x65, 0x6e, 0x20, 0x4e, - 0xf8, 0x72, 0x67, 0x61, 0x61, 0x72, 0x64, 0x20, - 0x50, 0x65, 0x74, 0x65, 0x72, 0x73, 0x65, 0x6e -}; - -/* - * Name/OID pair used in buildX509Name(). - * This logic is like the CB_BuildX509Name() code in clAppUtils/CertBuilderApp.cpp, - * with the addition of the berTag specification, and data is specified as a void * - * and size_t. - */ -typedef struct { - const void *nameVal; - CSSM_SIZE nameLen; - const CSSM_OID *oid; - CSSM_BER_TAG berTag; -} NameOid; - -/* - * Build up a CSSM_X509_NAME from an arbitrary list of name/OID/tag triplets. - * We do one a/v pair per RDN. - */ -static CSSM_X509_NAME *buildX509Name( - const NameOid *nameArray, - unsigned numNames) -{ - CSSM_X509_NAME *top = (CSSM_X509_NAME *)appMalloc(sizeof(CSSM_X509_NAME), 0); - if(top == NULL) { - return NULL; - } - top->numberOfRDNs = numNames; - top->RelativeDistinguishedName = - (CSSM_X509_RDN_PTR)appMalloc(sizeof(CSSM_X509_RDN) * numNames, 0); - if(top->RelativeDistinguishedName == NULL) { - return NULL; - } - CSSM_X509_RDN_PTR rdn; - const NameOid *nameOid; - unsigned nameDex; - for(nameDex=0; nameDexRelativeDistinguishedName[nameDex]; - nameOid = &nameArray[nameDex]; - rdn->numberOfPairs = 1; - rdn->AttributeTypeAndValue = (CSSM_X509_TYPE_VALUE_PAIR_PTR) - appMalloc(sizeof(CSSM_X509_TYPE_VALUE_PAIR), 0); - CSSM_X509_TYPE_VALUE_PAIR_PTR atvp = rdn->AttributeTypeAndValue; - if(atvp == NULL) { - return NULL; - } - appCopyCssmData(nameOid->oid, &atvp->type); - atvp->valueType = nameOid->berTag; - atvp->value.Length = nameOid->nameLen; - atvp->value.Data = (uint8 *)CSSM_MALLOC(nameOid->nameLen); - memmove(atvp->value.Data, nameOid->nameVal, nameOid->nameLen); - } - return top; -} - -/* just make these static and reuse them */ -static CSSM_X509_TIME *notBefore; -static CSSM_X509_TIME *notAfter; - -/* - * Core test routine. - * -- build a cert with issuer and subject as per specified name components - * -- extract inferred label - * -- compare inferred label to expected value - * -- if labelIsCommonName true, verify that SecCertificateCopyCommonName() yields - * the same string as inferred label - */ -static int doTest( - const char *testName, - bool quiet, - CSSM_CSP_HANDLE cspHand, - CSSM_CL_HANDLE clHand, - CSSM_KEY_PTR privKey, - CSSM_KEY_PTR pubKey, - - /* input names - one or two */ - const void *name1Val, - CSSM_SIZE name1Len, - CSSM_BER_TAG berTag1, - const CSSM_OID *name1Oid, - const void *name2Val, // optional - CSSM_SIZE name2Len, - CSSM_BER_TAG berTag2, - const CSSM_OID *name2Oid, - - /* expected label */ - CFStringRef expectedLabel, - bool labelIsCommonName) -{ - if(!quiet) { - printf("...%s\n", testName); - } - - /* build the subject/issuer name */ - NameOid nameArray[2] = { {name1Val, name1Len, name1Oid, berTag1 }, - {name2Val, name2Len, name2Oid, berTag2 } }; - unsigned numNames = name2Val ? 2 : 1; - - CSSM_X509_NAME *name = buildX509Name(nameArray, numNames); - if(name == NULL) { - printf("***buildX509Name screwup\n"); - return -1; - } - - /* build the cert template */ - CSSM_DATA_PTR certTemp = CB_MakeCertTemplate( - clHand, 0x123456, - name, name, - notBefore, notAfter, - pubKey, SIG_ALG, - NULL, NULL, // subject/issuer UniqueID - NULL, 0); // extensions - if(certTemp == NULL) { - printf("***CB_MakeCertTemplate screwup\n"); - return -1; - } - - /* sign the cert */ - CSSM_DATA signedCert = {0, NULL}; - CSSM_CC_HANDLE sigHand; - CSSM_RETURN crtn = CSSM_CSP_CreateSignatureContext(cspHand, - SIG_ALG, - NULL, // no passphrase for now - privKey, - &sigHand); - if(crtn) { - /* should never happen */ - cssmPerror("CSSM_CSP_CreateSignatureContext", crtn); - return 1; - } - crtn = CSSM_CL_CertSign(clHand, - sigHand, - certTemp, // CertToBeSigned - NULL, // SignScope per spec - 0, // ScopeSize per spec - &signedCert); - if(crtn) { - cssmPerror("CSSM_CL_CertSign", crtn); - return 1; - } - CSSM_DeleteContext(sigHand); - CSSM_FREE(certTemp->Data); - CSSM_FREE(certTemp); - - /* - * OK, we have a signed cert. - * Turn it into a SecCertificateRef and get the inferred label. - */ - OSStatus ortn; - SecCertificateRef certRef; - ortn = SecCertificateCreateFromData(&signedCert, - CSSM_CERT_X_509v3, CSSM_CERT_ENCODING_DER, - &certRef); - if(ortn) { - cssmPerror("SecCertificateCreateFromData", ortn); - return -1; - } - CFStringRef inferredLabel; - ortn = SecCertificateInferLabel(certRef, &inferredLabel); - if(ortn) { - cssmPerror("SecCertificateCreateFromData", ortn); - return -1; - } - CFComparisonResult res = CFStringCompare(inferredLabel, expectedLabel, 0); - if(res != kCFCompareEqualTo) { - fprintf(stderr, "*** label miscompare in test '%s' ***\n", testName); - fprintf(stderr, "expected label : "); - CFShow(expectedLabel); - fprintf(stderr, "inferred label : "); - CFShow(inferredLabel); - if(writeFile(CERT_FILE_OUT, signedCert.Data, signedCert.Length)) { - fprintf(stderr, "***Error writing cert to %s\n", CERT_FILE_OUT); - } - else { - fprintf(stderr, "...write %lu bytes to %s\n", (unsigned long)signedCert.Length, - CERT_FILE_OUT); - } - return -1; - } - - if(labelIsCommonName) { - CFStringRef commonName = NULL; - ortn = SecCertificateCopyCommonName(certRef, &commonName); - if(ortn) { - cssmPerror("SecCertificateCopyCommonName", ortn); - return -1; - } - res = CFStringCompare(inferredLabel, commonName, 0); - if(res != kCFCompareEqualTo) { - printf("*** CommonName miscompare in test '%s' ***\n", testName); - printf("Common Name : '"); - CFShow(commonName); - printf("'\n"); - printf("inferred label : '"); - CFShow(inferredLabel); - printf("'\n"); - if(writeFile(CERT_FILE_OUT, signedCert.Data, signedCert.Length)) { - printf("***Error writing cert to %s\n", CERT_FILE_OUT); - } - else { - printf("...write %lu bytes to %s\n", (unsigned long)signedCert.Length, - CERT_FILE_OUT); - } - return -1; - } - CFRelease(commonName); - } - CFRelease(certRef); - CSSM_FREE(signedCert.Data); - CB_FreeX509Name(name); - CFRelease(inferredLabel); - return 0; -} - -int main(int argc, char **argv) -{ - bool quiet = false; - bool doPause = false; - - int arg; - while ((arg = getopt(argc, argv, "pqh")) != -1) { - switch (arg) { - case 'q': - quiet = true; - break; - case 'p': - doPause = true; - break; - case 'h': - usage(argv); - } - } - if(optind != argc) { - usage(argv); - } - - testStartBanner("certLabelTest", argc, argv); - - CSSM_CL_HANDLE clHand = clStartup(); - CSSM_CSP_HANDLE cspHand = cspStartup(); - - /* create a key pair */ - CSSM_RETURN crtn; - CSSM_KEY pubKey; - CSSM_KEY privKey; - - crtn = cspGenKeyPair(cspHand, KEY_ALG, - "someLabel", 8, - KEY_SIZE, - &pubKey, CSSM_FALSE, CSSM_KEYUSE_ANY, CSSM_KEYBLOB_RAW_FORMAT_NONE, - &privKey, CSSM_FALSE, CSSM_KEYUSE_ANY, CSSM_KEYBLOB_RAW_FORMAT_NONE, - CSSM_FALSE); - if(crtn) { - printf("***Error generating RSA key pair. Aborting.\n"); - exit(1); - } - - /* common params, reused for each test */ - notBefore = CB_BuildX509Time(0); - notAfter = CB_BuildX509Time(100000); - - /* - * Grind thru test cases. - */ - int ourRtn; - - /* very basic */ - ourRtn = doTest("simple ASCII common name", quiet, - cspHand, clHand, &privKey, &pubKey, - "Simple Name", strlen("Simple Name"), BER_TAG_PRINTABLE_STRING, &CSSMOID_CommonName, - NULL, 0, BER_TAG_UNKNOWN, NULL, - CFSTR("Simple Name"), true); - if(ourRtn) { - exit(1); - } - - /* test concatentation of description */ - ourRtn = doTest("ASCII common name plus ASCII description", quiet, - cspHand, clHand, &privKey, &pubKey, - "Simple Name", strlen("Simple Name"), BER_TAG_PRINTABLE_STRING, &CSSMOID_CommonName, - "Description", strlen("Description"), BER_TAG_PRINTABLE_STRING, &CSSMOID_Description, - CFSTR("Simple Name (Description)"), false); - if(ourRtn) { - exit(1); - } - - /* basic, specifying UTF8 (should be same as PRINTABLE) */ - ourRtn = doTest("simple UTF8 common name", quiet, - cspHand, clHand, &privKey, &pubKey, - "Simple Name", strlen("Simple Name"), BER_TAG_PKIX_UTF8_STRING, &CSSMOID_CommonName, - NULL, 0, BER_TAG_UNKNOWN, NULL, - CFSTR("Simple Name"), true); - if(ourRtn) { - exit(1); - } - - /* label from org name instead of common name */ - ourRtn = doTest("label from OrgName", quiet, - cspHand, clHand, &privKey, &pubKey, - "Simple Name", strlen("Simple Name"), BER_TAG_PRINTABLE_STRING, &CSSMOID_OrganizationName, - NULL, 0, BER_TAG_UNKNOWN, NULL, - CFSTR("Simple Name"), false); - if(ourRtn) { - exit(1); - } - - /* label from orgUnit name instead of common name */ - ourRtn = doTest("label from OrgUnit", quiet, - cspHand, clHand, &privKey, &pubKey, - "Simple Name", strlen("Simple Name"), BER_TAG_PRINTABLE_STRING, &CSSMOID_OrganizationalUnitName, - NULL, 0, BER_TAG_UNKNOWN, NULL, - CFSTR("Simple Name"), false); - if(ourRtn) { - exit(1); - } - - /* label from orgUnit name, description is ignored (it's only used if the - * label comes from CommonName) */ - ourRtn = doTest("label from OrgUnit, description is ignored", quiet, - cspHand, clHand, &privKey, &pubKey, - "Simple Name", strlen("Simple Name"), BER_TAG_PRINTABLE_STRING, &CSSMOID_OrganizationalUnitName, - "Description", strlen("Description"), BER_TAG_PRINTABLE_STRING, &CSSMOID_Description, - CFSTR("Simple Name"), false); - if(ourRtn) { - exit(1); - } - - /* Radar 3529689: T61/Teletex, ISOLatin encoding, commonName only */ - CFStringRef t61Str = CFStringCreateWithBytes(NULL, JurgenPetersen, sizeof(JurgenPetersen), - kCFStringEncodingISOLatin1, true); - ourRtn = doTest("T61/Teletex name from Radar 3529689", quiet, - cspHand, clHand, &privKey, &pubKey, - JurgenPetersen, sizeof(JurgenPetersen), BER_TAG_TELETEX_STRING, &CSSMOID_CommonName, - NULL, 0, BER_TAG_UNKNOWN, NULL, - t61Str, true); - if(ourRtn) { - exit(1); - } - - /* Now convert that ISOLatin into Unicode and try with that */ - CFDataRef unicodeStr = CFStringCreateExternalRepresentation(NULL, t61Str, - kCFStringEncodingUnicode, 0); - if(unicodeStr == NULL) { - printf("***Error converting to Unicode\n"); - exit(1); - } - ourRtn = doTest("Unicode CommonName", quiet, - cspHand, clHand, &privKey, &pubKey, - CFDataGetBytePtr(unicodeStr), CFDataGetLength(unicodeStr), - BER_TAG_PKIX_BMP_STRING, &CSSMOID_CommonName, - NULL, 0, BER_TAG_UNKNOWN, NULL, - t61Str, true); - if(ourRtn) { - exit(1); - } - CFRelease(unicodeStr); - - /* Mix up ISOLatin Common Name and ASCII Description to ensure that the encodings - * of the two components are handled separately */ - CFMutableStringRef combo = CFStringCreateMutable(NULL, 0); - CFStringAppend(combo, t61Str); - CFStringAppendCString(combo, " (Description)", kCFStringEncodingASCII); - ourRtn = doTest("ISOLatin Common Name and ASCII Description", quiet, - cspHand, clHand, &privKey, &pubKey, - JurgenPetersen, sizeof(JurgenPetersen), BER_TAG_TELETEX_STRING, &CSSMOID_CommonName, - "Description", strlen("Description"), BER_TAG_PRINTABLE_STRING, &CSSMOID_Description, - combo, false); - if(ourRtn) { - exit(1); - } - CFRelease(combo); - CFRelease(t61Str); - - if(doPause) { - fpurge(stdin); - printf("Pausing for leaks testing; CR to continue: "); - getchar(); - } - if(!quiet) { - printf("...success\n"); - } - return 0; -} diff --git a/SecurityTests/clxutils/certSerialEncodeTest/Makefile b/SecurityTests/clxutils/certSerialEncodeTest/Makefile deleted file mode 100644 index 82188bf8..00000000 --- a/SecurityTests/clxutils/certSerialEncodeTest/Makefile +++ /dev/null @@ -1,54 +0,0 @@ -# name of executable to build -EXECUTABLE= certSerialEncodeTest -# C++ source (with .cpp extension) -CPSOURCE= certSerialEncodeTest.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= ssRootCert.der ssRootTBS.der ssSubjCert.der ssSubjTBS.der - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/clxutils/certSerialEncodeTest/certSerialEncodeTest.cpp b/SecurityTests/clxutils/certSerialEncodeTest/certSerialEncodeTest.cpp deleted file mode 100644 index 2027dde6..00000000 --- a/SecurityTests/clxutils/certSerialEncodeTest/certSerialEncodeTest.cpp +++ /dev/null @@ -1,358 +0,0 @@ -/* Copyright (c) 2006 Apple Computer, Inc. - * - * certSerialEncodeTest.cpp - * - * Verify proper encoding of unsigned integer as a DER_encoded signed integer. - * Verifies Radar 4471281. - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define SUBJ_KEY_LABEL "subjectKey" -#define ROOT_KEY_LABEL "rootKey" -/* default key and signature algorithm */ -#define SIG_ALG_DEFAULT CSSM_ALGID_SHA1WithRSA -#define SIG_OID_DEFAULT CSSMOID_SHA1WithRSA -#define KEY_ALG_DEFAULT CSSM_ALGID_RSA - -/* for write certs/keys option */ -#define ROOT_CERT_FILE_NAME "ssRootCert.cer" -#define SUBJ_CERT_FILE_NAME "ssSubjCert.cer" - -/* public key in ref form, TP supports this as of 1/30/02 */ -#define PUB_KEY_IS_REF CSSM_TRUE - -static void usage(char **argv) -{ - printf("Usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" w[rite certs]\n"); - printf(" p(ause for MallocDebug)\n"); - printf(" q(uiet)\n"); - exit(1); -} - -/* - * RDN components - */ -static CSSM_APPLE_TP_NAME_OID rootRdn[] = -{ - { "Apple Computer", &CSSMOID_OrganizationName }, - { "The Big Cheesy Debug Root", &CSSMOID_CommonName } -}; -#define NUM_ROOT_NAMES (sizeof(rootRdn) / sizeof(CSSM_APPLE_TP_NAME_OID)) - -/* test cases */ -typedef struct { - uint32 serialIn; /* --> CSSM_TP_SubmitCredRequest */ - CSSM_SIZE expectLen; - const uint8 *expect; -} SerialNumber; - -/* 0x7f */ -static const uint8 sn0_Data[1] = {0x7f}; -static const SerialNumber sn0 = {0x7f, 1, sn0_Data }; - -/* 0x80 */ -static const uint8 sn1_Data[2] = {0x00, 0x80}; -static const SerialNumber sn1 = {0x80, 2, sn1_Data }; - -/* 0x7ff */ -static const uint8 sn2_Data[2] = {0x07, 0xff}; -static const SerialNumber sn2 = {0x7ff, 2, sn2_Data }; - -/* 0x80ff */ -static const uint8 sn3_Data[3] = {0x00, 0x80, 0xff}; -static const SerialNumber sn3 = {0x80ff, 3, sn3_Data }; - -/* 0xfffffff */ -static const uint8 sn4_Data[4] = {0x0f, 0xff, 0xff, 0xff}; -static const SerialNumber sn4 = {0xfffffff, 4, sn4_Data }; - -/* 0x0fffffff */ -static const uint8 sn5_Data[4] = {0x0f, 0xff, 0xff, 0xff}; -static const SerialNumber sn5 = {0x0fffffff, 4, sn5_Data }; - -/* 0x80000000 */ -static const uint8 sn6_Data[5] = {0x00, 0x80, 0x00, 0x00, 0x00}; -static const SerialNumber sn6 = {0x80000000, 5, sn6_Data }; - -static const SerialNumber *serialNumbers[] = { - &sn0, &sn1, &sn2, &sn3, &sn4, &sn5, &sn6 -}; -#define NUM_SERIAL_NUMS (sizeof(serialNumbers) / sizeof(serialNumbers[0])) - -static int doTest( - CSSM_CL_HANDLE clHand, // CL handle - CSSM_CSP_HANDLE cspHand, // CSP handle - CSSM_TP_HANDLE tpHand, // TP handle - CSSM_KEY_PTR subjPubKey, - CSSM_KEY_PTR signerPrivKey, - uint32 serialNumIn, - CSSM_SIZE serialNumExpLen, - const uint8 *serialNumExp, - CSSM_BOOL quiet, - CSSM_BOOL writeBlobs) -{ - CSSM_DATA refId; // mallocd by CSSM_TP_SubmitCredRequest - CSSM_APPLE_TP_CERT_REQUEST certReq; - CSSM_TP_REQUEST_SET reqSet; - sint32 estTime; - CSSM_BOOL confirmRequired; - CSSM_TP_RESULT_SET_PTR resultSet; - CSSM_ENCODED_CERT *encCert; - CSSM_TP_CALLERAUTH_CONTEXT CallerAuthContext; - CSSM_FIELD policyId; - CSSM_RETURN crtn; - CSSM_DATA *signedRootCert; - int ourRtn = 0; - CSSM_DATA_PTR foundSerial = NULL; - CSSM_HANDLE resultHand = 0; - uint32 numFields; - - /* certReq for root */ - memset(&certReq, 0, sizeof(CSSM_APPLE_TP_CERT_REQUEST)); - certReq.cspHand = cspHand; - certReq.clHand = clHand; - certReq.serialNumber = serialNumIn; - certReq.numSubjectNames = NUM_ROOT_NAMES; - certReq.subjectNames = rootRdn; - certReq.numIssuerNames = 0; - certReq.issuerNames = NULL; - certReq.certPublicKey = subjPubKey; - certReq.issuerPrivateKey = signerPrivKey; - certReq.signatureAlg = CSSM_ALGID_SHA1WithRSA; - certReq.signatureOid = CSSMOID_SHA1WithRSA; - certReq.notBefore = 0; // now - certReq.notAfter = 10000; // seconds from now - certReq.numExtensions = 0; - certReq.extensions = NULL; - - reqSet.NumberOfRequests = 1; - reqSet.Requests = &certReq; - - /* a big CSSM_TP_CALLERAUTH_CONTEXT just to specify an OID */ - memset(&CallerAuthContext, 0, sizeof(CSSM_TP_CALLERAUTH_CONTEXT)); - memset(&policyId, 0, sizeof(CSSM_FIELD)); - policyId.FieldOid = CSSMOID_APPLE_TP_LOCAL_CERT_GEN; - CallerAuthContext.Policy.NumberOfPolicyIds = 1; - CallerAuthContext.Policy.PolicyIds = &policyId; - - /* generate root cert */ - if(!quiet) { - printf("Creating root cert...\n"); - } - crtn = CSSM_TP_SubmitCredRequest(tpHand, - NULL, // PreferredAuthority - CSSM_TP_AUTHORITY_REQUEST_CERTISSUE, - &reqSet, - &CallerAuthContext, - &estTime, - &refId); - if(crtn) { - printError("CSSM_TP_SubmitCredRequest", crtn); - ourRtn = -1; - goto errOut; - } - crtn = CSSM_TP_RetrieveCredResult(tpHand, - &refId, - NULL, // CallerAuthCredentials - &estTime, - &confirmRequired, - &resultSet); - if(crtn) { - printError("CSSM_TP_RetrieveCredResult", crtn); - ourRtn = -1; - goto errOut; - } - if(resultSet == NULL) { - printf("***CSSM_TP_RetrieveCredResult returned NULL result set.\n"); - ourRtn = -1; - goto errOut; - } - encCert = (CSSM_ENCODED_CERT *)resultSet->Results; - signedRootCert = &encCert->CertBlob; - if(writeBlobs) { - writeFile(ROOT_CERT_FILE_NAME, signedRootCert->Data, signedRootCert->Length); - printf("...wrote %lu bytes to %s\n", signedRootCert->Length, - ROOT_CERT_FILE_NAME); - } - - /* make sure it self-verifies */ - crtn = CSSM_CL_CertVerify(clHand, 0 /* CCHandle */, - signedRootCert, signedRootCert, - NULL, 0); - if(crtn) { - cssmPerror("CSSM_CL_CertVerify", crtn); - printf("***Created cert does not self-verify\n"); - ourRtn = -1; - goto errOut; - } - - /* extract the field we're interested in verifying */ - crtn = CSSM_CL_CertGetFirstFieldValue(clHand, signedRootCert, - &CSSMOID_X509V1SerialNumber, &resultHand, &numFields, &foundSerial); - if(crtn) { - cssmPerror("CSSM_CL_CertGetFirstFieldValue(serialNumber)", crtn); - printf("***Can't obtain serial number\n"); - ourRtn = -1; - goto errOut; - } - CSSM_CL_CertAbortQuery(clHand, resultHand); - if(foundSerial->Length != serialNumExpLen) { - printf("***expected serialNumber len 0x%lu, got 0x%lu\n", - (unsigned long)serialNumExpLen, (unsigned long)foundSerial->Length); - ourRtn = -1; - goto errOut; - } - for(unsigned dex=0; dexData[dex] != serialNumExp[dex]) { - printf("***SerialNumber mismatch at index %u: exp %02X got %02X\n", - dex, (unsigned)serialNumExp[dex], - (unsigned)foundSerial->Data[dex]); - ourRtn = -1; - } - } - /* free retrieved serial number and the result set itself */ - CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1SerialNumber, foundSerial); - CSSM_FREE(signedRootCert->Data); - CSSM_FREE(encCert); - CSSM_FREE(resultSet); - /* Per the spec, this is supposed to be Opaque to us and the TP is supposed to free - * it when it goes out of scope...but libsecurity_keychains's - * CertificateRequest::submitDotMac() frees this...that would have to change - * in order for the TP to free this properly. Someday maybe. No big deal. - */ - CSSM_FREE(refId.Data); -errOut: - return ourRtn; -} - -int main(int argc, char **argv) -{ - CSSM_CL_HANDLE clHand; // CL handle - CSSM_CSP_HANDLE cspHand; // CSP handle - CSSM_TP_HANDLE tpHand; // TP handle - CSSM_KEY rootPubKey; // root's RSA public key blob - CSSM_KEY rootPrivKey; // root's RSA private key - ref format - CSSM_RETURN crtn; - int arg; - unsigned dex; - int ourRtn = 0; - uint32 keySizeInBits = 512; - CSSM_BOOL doPause = CSSM_FALSE; - - /* user-spec'd variables */ - CSSM_BOOL writeBlobs = CSSM_FALSE; - CSSM_BOOL quiet = CSSM_FALSE; - - for(arg=1; argserialIn); - } - ourRtn = doTest(clHand, cspHand, tpHand, - &rootPubKey, &rootPrivKey, - sn->serialIn, sn->expectLen, sn->expect, - quiet, writeBlobs); - if(ourRtn) { - break; - } - if(doPause) { - fpurge(stdin); - printf("Pausing for MallocDebug. a to abort, anything else to continue: "); - if(getchar() == 'a') { - break; - } - } - } - - cspFreeKey(cspHand, &rootPubKey); - cspFreeKey(cspHand, &rootPrivKey); - -abort: - if(cspHand != 0) { - CSSM_ModuleDetach(cspHand); - } - if(clHand != 0) { - CSSM_ModuleDetach(clHand); - } - if(tpHand != 0) { - CSSM_ModuleDetach(tpHand); - } - - if((ourRtn == 0) && !quiet) { - printf("certSerialEncodeTest test succeeded\n"); - } - return ourRtn; -} - - diff --git a/SecurityTests/clxutils/certTime/Makefile b/SecurityTests/clxutils/certTime/Makefile deleted file mode 100644 index cfbe9701..00000000 --- a/SecurityTests/clxutils/certTime/Makefile +++ /dev/null @@ -1,54 +0,0 @@ -# name of executable to build -EXECUTABLE=certTime -# C++ source (with .cpp extension) -CPSOURCE= certTime.cpp extenCooker.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS= -framework CoreFoundation - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -include ../Makefile.cdsa diff --git a/SecurityTests/clxutils/certTime/anchor_0 b/SecurityTests/clxutils/certTime/anchor_0 deleted file mode 100644 index bcbddd2f3b1890d603d4b15a38386a1fe5248999..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 510 zcmXqLV*F*$#F)&)#JJdimyJ`a&7L6q z%T~h@p1<6F5ocOUn4Gz$boQ~tFRlM7 zI%VjF*7nSB0CQlyv#s%32iPt7BBlSF|>i$w0m3+uUVax5J$0xqstl775eef-j zEs8s?U7hy$pC3)kk`-4?JYUAmd%30R;nOJj N7K1sL=Py;g0RXU;zfAxD diff --git a/SecurityTests/clxutils/certTime/anchor_34 b/SecurityTests/clxutils/certTime/anchor_34 deleted file mode 100644 index d46fdbf75290f3e15abbe82b14fb562b6fcf912a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1111 zcmXqLVhJ{AV&1cWnTe5!iILNQmyJ`a&7E-lI| zsZ_|!Q*cQvNmTGlEh*10$}U!L&rR|$)G^Qk>E#wyM$_w@lUQ7=V5Hy^}aTIpbmE~C!?5Da%xdYW?E))Vo9n)3CQAPu*G^QsRnZ5yp|RQ#s-##CI;q4rcvU& z2BwBa#)eSt@bPHleB?M}WMyD(>;=YSCsSi1!_66%_dhy+P|URQjqZBrJ;fs_=9Avd zw}WBZ zG1sIfXu2Vrq*mxJj)D>=$?fP5ydGB7XIy7qHMpuA?MZ8lT}UseRP$UzpXj&={(0JijR0P|-jhB+o4@kx^1oV5P5LUS6(OTAW%`QdC-8qL-YX zYba|V4N}4^ED{>xrwcN|EwiY&MAttlD>b>qKu(<3($c`(z|zpd*wDxzN}Sga$~7@C zHj5gx?rvgKLJnd^RtDxKMt%l^CPpr%CPqevbE_Kd7cWk%SY^l%I#qC6=!`{BgXr(CqYY+ljlL-z+fw_2l`4!?PF9zHIYVXlD7w?VJxXp2_U^JSDj! zE9)P3*~xuhl%AyTTrCw>ez2AOE^p5McWlSYvmECw=fD2@-4yZde_Hn~S$#yt@b2|( z7oU81e_yPBQ_$q=3$Ju8WY^pOkWt7W}Qv)-gm*uyOlfs^4qNCrKc}Owd-4!3P%-fU}~Jd z?*o5Jh(c0M=9P!O$9QKtGx7>e>#3N#KVZ>DmsMHk#jDQe^I!R)5*q)(M9eeIF2L<% za-oG`(vGB^pM%%tY}H;Qv`W&S^H$vR$;bLcIR1SwXpmUY*6Mqr_Ifw-zr3s8=ZdYF nq_aTz>70o{@>A}MPbogU`QX7qRt1KNy~07VE9}lP$e#cJidUEa diff --git a/SecurityTests/clxutils/certTime/anchor_76 b/SecurityTests/clxutils/certTime/anchor_76 deleted file mode 100644 index 77e783a39ac84e67b76804a293f287933df5a9cf..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1492 zcmXqLV!dF{#Ij=nGZP~d6N}ZhfNld`HcqWJkGAi;jEtBr`ux z!LhU?BfluKq|#8&KnJ9ZSy&Zr0zUNya^k!Oh6culmWCF_KoBL)YXst&L%9R*z$Qi| zH>RRp-BHPSaBf zaZs`NF4cM`!sql7b*JeU<~Mg8e!|8a&9F33u7IWF(ZMTLtFN!MW|v^?``f(cRoYDn z>5Q(g;ZiepeSKSITXXZ?lq_p+@q<_U_oiA{O}$_nYUX#pGTcy0?nY#)XN1Cxy4CS@ z^Iu-`ebZdB@_5dTcbZbLr$UZytePrYDCecw z#e65r_23f8xO}s-hZk+w{x8PjQP7?rF3!&;>}FzSWMEv}#1v%E#N=mS%f_M2225G( zjEpRX2KolNFunm}n_@;uNkOrdzJ7jkae-c8X?__ff#s*A6$8^ws$Oz_t^q$V?Z^r< zGX7^_HDCr(z)+R~2`R8NF$w}Xyghd51EWFXZ-d4wFguu-3>uG1H695{ z&B;v6OHNe)rp%IzR0UiqF;yX{QXw&~QlTKRs07F=E-uYYEmlZOPEIW-ff$emHUMZy zoYn*fg18s6q57vQZhk#p;#e5O`)_nRYxHiC5sdk zB_@|-CZ`tbfYqb83z3;p6$0{swp8jFD8YTjC?*C9Ibgt*mzTrCO)n|eKo%4>d@N!t zBHiA(Z!c@^WRrYjX}R*l^p>pC@9!Hlt^>&{votO+L^Bp5Y*AOI?*%#{F8~z=Dc!S!21sOf%>3oaJKmKfb$fN$D@I z+>H%=oMAiXNG1G>J$Sw9j$p-wYq1BnUtMc7li8~4Oo*zbVPmzhQs6GPoQ1pR{bI@S zR4eJfRQ&pk!J=ocB9+>IO#jOF_tlw6OT>-@NxV`#xAEh%md2;MR<>z;a*m1>n!85s i=8C6WSOK)aiTW&Cy5CsxFu*cX^eV{R9Air5#8B diff --git a/SecurityTests/clxutils/certTime/anchor_80 b/SecurityTests/clxutils/certTime/anchor_80 deleted file mode 100644 index 3a6ae297c879aeef6e9434d20f155201a9498f30..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 890 zcmXqLVlFdiVv1Y9%*4pV#9}4Q!fL?F#;Mij(e|B}k&%^^!649(+klgeIh2J>n90T4 zkjH=v#NiTV_V#r#+!G+qUTiI)6=OKU}bJuEmU^ z=B=T2vivvCccowL_?FtIIms+gqq zxFxU&UK@inh+b`unhu?G^UMqxBuKAM7(XH0E@$ zTsK|&AgLtf(fQNM=VtGGCeB-T`mN5i%bPE^w;idTyCm=QlO2~c56`j7pYzyH#9K+O z&g$@!FY9jaZeQ`k>L(L3BLm~&FoO^SAz=K;3NtePXW=kl15!+k3MGad6d62X+i-dt#19k0S7u~IeOWbs+V%eTaVOjt6wQ~G*?8k|!dL4zU#8qxS!TxXd71Mvo1dUZ_V2h7 z&kGl>{QvB*pCNG35jL0Hx6_MbzPjJ}D7dQpuhOmvHqV=y9~u^hD>5(1{+ep;d0*P7 zCEj4uf{$l;KIFC7GfXacnBA!pahU(A;pzAEzcs%%xOr~#MMKYB z8oyuN-tuNm);q0Tn=<1oCZ^jI^)u|RIjZ|$ZIkqsPJ!6t?*-oFaO+i1 z^U>%OZR4mvw{>kr?^d~abwAj=Ku>Nx`=sSQT=}oFu9fqBj%HKu?c2Y%OyUX;04e@k AI{*Lx diff --git a/SecurityTests/clxutils/certTime/anchor_9 b/SecurityTests/clxutils/certTime/anchor_9 deleted file mode 100644 index 49386c3acb16dfc7fd56eca45252e80276635da9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1053 zcmXqLVv#gxVrFC#NGv$**%Lp*RrC3VWj6z&s|Eeg&#iN(bVMhXF?NjaIx3IRo#xrs%U3eKrTC7EfN$%!SI`FRSC5VJ}u zfo8iK8_0?CT3Q+!7yuCnM2Yhnn;DoJni(0JTAEr$4KL3&F)ATPCL=2Ya}y&!gFzD` z7gG}>Bg1+w-a}V)Zl~|meL6+`?$Uh^Hu&~$P7JfTR&)5vS-ZB=i#i@Xys;$n=+;O3 z4=!^Lh;y^-zB+B!)_jru0_W6)=drraHmnl9A%F8SlX>@A9rq7?jcm(#4R~IEx8YZi zy;J1&ZYk4==))(&GJTFp9GqCqeN~uY_MZ2LJ?z{P6k4^ePS|#~d%+o_yW9Udgl-Cu z30rrjx7_!*g70#}viBL2x+chRG=^{-UM8E02!?ppj>mUqq)g=Gg99KGn~Bc6L{O`83*o(C;g%>FAy9{nkp zup*wN_LI~%Ri{M$BVIe~I+>Um85og62$xvyPUb-;PZ_8OP(z;ynk7S+wD$~g8jO8 ztTs!G?YS-26jT&@&(ywea42NM3hU5?|HL%TI_)jVYq+iMvizJ&>=o$=GkE2krfg); zVYyJUn2A*>Ir(h!*53znld>~Q|Hc+L?) -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "extenCooker.h" - -#define KEYSIZE_DEF 1024 -#define CL_KEY_VIA_GET_KEY 0 - -static void usage(char **argv) -{ - printf("Usage: %s op loops [options]\n", argv[0]); - printf("Op:\n"); - printf(" p parse\n"); - printf(" g parse & get all fields\n"); - #if CL_KEY_VIA_GET_KEY - printf(" t parse & get some fields, emulating TPCertInfo, GetKeyInfo\n"); - #else - printf(" t parse & get some fields, emulating TPCertInfo, fetchField(key)\n"); - #endif - printf(" c create\n"); - printf(" s create & sign\n"); - printf(" v verify\n"); - printf("Options:\n"); - printf(" b RSA blinding on\n"); - printf(" k=keysize (default = %d)\n", KEYSIZE_DEF); - exit(1); -} - -/* - * The certs we'll be parsing - */ -static const char *certNames[] = -{ - "anchor_0", // GTE CyberTrust Root, no extens - "anchor_9", // VeriSign, no extens - "anchor_34", // TrustCenter, 6 extens - "anchor_44", // USERTRUST, 5 extens, incl. cRLDistributionPoints - "anchor_76", // QuoVadis, 6 extens, incl. authorityInfoAccess - "anchor_80", // KMD-CA Kvalificeret3 6 extens -}; - -#define NUM_PARSED_CERTS (sizeof(certNames) / sizeof(certNames[0])) - -/* dummy RDN - subject and issuer - we aren't testing this */ -CB_NameOid dummyRdn[] = -{ - { "Apple Computer", &CSSMOID_OrganizationName }, - { "Doug Mitchell", &CSSMOID_CommonName } -}; -#define NUM_DUMMY_NAMES (sizeof(dummyRdn) / sizeof(CB_NameOid)) - -#define KEY_ALG CSSM_ALGID_RSA -#define SIG_ALG CSSM_ALGID_SHA1WithRSA -#define SUBJ_KEY_LABEL "subjectKey" - - -/* - * Set of extensions we'll be creating - */ -/* empty freeFcn means no extension-specific resources to free */ -#define NO_FREE NULL - -static ExtenTest extenTests[] = { - { kuCreate, kuCompare, NO_FREE, - sizeof(CE_KeyUsage), CSSMOID_KeyUsage, - "KeyUsage", 'k' }, - { ekuCreate, ekuCompare, NO_FREE, - sizeof(CE_ExtendedKeyUsage), CSSMOID_ExtendedKeyUsage, - "ExtendedKeyUsage", 'x' }, - { authKeyIdCreate, authKeyIdCompare, authKeyIdFree, - sizeof(CE_AuthorityKeyID), CSSMOID_AuthorityKeyIdentifier, - "AuthorityKeyID", 'a' }, - { genNamesCreate, genNamesCompare, genNamesFree, - sizeof(CE_GeneralNames), CSSMOID_SubjectAltName, - "SubjectAltName", 't' }, -}; - -#define MAX_EXTENSIONS (sizeof(extenTests) / sizeof(ExtenTest)) - -static int doParse( - CSSM_CL_HANDLE clHand, - const CSSM_DATA &cert, - unsigned loops) -{ - CSSM_HANDLE cacheHand; - CSSM_RETURN crtn; - - for(unsigned loop=0; loopKeyData.Data, 0); - appFree(subjPubKey, 0); - #else - CSSM_CL_FreeFieldValue(clHand, &CSSMOID_CSSMKeyStruct, subjPubKeyData); - #endif - - crtn = CSSM_CL_CertAbortCache(clHand, cacheHand); - if(crtn) { - printError("CSSM_CL_CrlAbortCache", crtn); - return 1; - } - } - return 0; -} - -static int doGetFields( - CSSM_CL_HANDLE clHand, - const CSSM_DATA &cert, - unsigned loops) -{ - uint32 numFields; - CSSM_FIELD_PTR certFields; - CSSM_RETURN crtn; - - for(unsigned loop=0; loopData); - CSSM_FREE(rawCert); - } - return 0; -} - -typedef enum { - CTO_Parse, - CTO_GetFields, - CTO_GetSomeFields, - CTO_Create, // sign is an option for this one - CTO_Verify -} CT_Op; - -int main(int argc, char **argv) -{ - CSSM_CL_HANDLE clHand; - CSSM_CSP_HANDLE cspHand; - int arg; - int rtn; - char *argp; - unsigned i; - PresetParams params; - CSSM_DATA certData[NUM_PARSED_CERTS]; - - /* user-specificied params */ - CT_Op op; - unsigned loops = 0; - bool doSign = false; - const char *opStr = NULL; - bool rsaBlinding = false; - unsigned keySize = KEYSIZE_DEF; - - if(argc < 3) { - usage(argv); - } - switch(argv[1][0]) { - case 'p': - op = CTO_Parse; - opStr = "Parsed"; - break; - case 'g': - op = CTO_GetFields; - opStr = "Parsed with GetAllFields"; - break; - case 't': - op = CTO_GetSomeFields; - #if CL_KEY_VIA_GET_KEY - opStr = "Parsed with some GetFields and GetKeyInfo"; - #else - opStr = "Parsed with some GetFields"; - #endif - break; - case 'c': - op = CTO_Create; - opStr = "Created"; - break; - case 's': - op = CTO_Create; - opStr = "Created and Signed"; - doSign = true; - break; - case 'v': - op = CTO_Verify; - opStr = "Verified"; - break; - default: - usage(argv); - } - - loops = atoi(argv[2]); - for(arg=3; arg -#include -#include -#include "extenCooker.h" -#include -#include -#include -#include - -CSSM_BOOL randBool() -{ - unsigned r = genRand(1, 0x10000000); - return (r & 0x1) ? CSSM_TRUE : CSSM_FALSE; -} - -/* Fill a CSSM_DATA with random data. Its referent is allocd with malloc. */ -void randData( - CSSM_DATA_PTR data, - uint8 maxLen) -{ - data->Data = (uint8 *)malloc(maxLen); - simpleGenData(data, 1, maxLen); -} - -/* - * Various compare tests - */ -int compBool( - CSSM_BOOL pre, - CSSM_BOOL post, - const char *desc) -{ - if(pre == post) { - return 0; - } - printf("***Boolean miscompare on %s\n", desc); - /* in case a CSSM_TRUE isn't exactly right... */ - switch(post) { - case CSSM_FALSE: - case CSSM_TRUE: - break; - default: - printf("*** post value is %d expected %d\n", - (int)post, (int)pre); - break; - } - return 1; -} - -int compCssmData( - CSSM_DATA &d1, - CSSM_DATA &d2, - const char *desc) -{ - if(appCompareCssmData(&d1, &d2)) { - return 0; - } - printf("CSSM_DATA miscompare on %s\n", desc); - return 1; -} - -#pragma mark ----- individual extension tests ----- - -#pragma mark --- CE_KeyUsage --- -void kuCreate(void *arg) -{ - CE_KeyUsage *ku = (CE_KeyUsage *)arg; - - /* set two random valid bits */ - *ku = 0; - *ku |= 1 << genRand(7, 15); - *ku |= 1 << genRand(7, 15); -} - -unsigned kuCompare(const void *pre, const void *post) -{ - const CE_KeyUsage *kuPre = (CE_KeyUsage *)pre; - const CE_KeyUsage *kuPost = (CE_KeyUsage *)post; - if(*kuPre != *kuPost) { - printf("***Miscompare in CE_KeyUsage\n"); - return 1; - } - return 0; -} - -#pragma mark --- CE_BasicConstraints --- -void bcCreate(void *arg) -{ - CE_BasicConstraints *bc = (CE_BasicConstraints *)arg; - bc->cA = randBool(); - bc->pathLenConstraintPresent = randBool(); - if(bc->pathLenConstraintPresent) { - bc->pathLenConstraint = genRand(1,10); - } -} - -unsigned bcCompare(const void *pre, const void *post) -{ - const CE_BasicConstraints *bcpre = (CE_BasicConstraints *)pre; - const CE_BasicConstraints *bcpost = (CE_BasicConstraints *)post; - unsigned rtn = 0; - - rtn += compBool(bcpre->cA, bcpost->cA, "BasicConstraints.cA"); - rtn += compBool(bcpre->pathLenConstraintPresent, - bcpost->pathLenConstraintPresent, - "BasicConstraints.pathLenConstraintPresent"); - if(bcpre->pathLenConstraint != bcpost->pathLenConstraint) { - printf("BasicConstraints.pathLenConstraint mismatch\n"); - rtn++; - } - return rtn; -} - -#pragma mark --- CE_SubjectKeyID --- -void skidCreate(void *arg) -{ - CSSM_DATA_PTR skid = (CSSM_DATA_PTR)arg; - randData(skid, 16); -} - -unsigned skidCompare(const void *pre, const void *post) -{ - CSSM_DATA_PTR spre = (CSSM_DATA_PTR)pre; - CSSM_DATA_PTR spost = (CSSM_DATA_PTR)post; - return compCssmData(*spre, *spost, "SubjectKeyID"); -} - -void skidFree(void *arg) -{ - CSSM_DATA_PTR skid = (CSSM_DATA_PTR)arg; - free(skid->Data); -} - -#pragma mark --- CE_NetscapeCertType --- -void nctCreate(void *arg) -{ - CE_NetscapeCertType *nct = (CE_NetscapeCertType *)arg; - - /* set two random valid bits */ - *nct = 0; - *nct |= 1 << genRand(8, 15); - *nct |= 1 << genRand(8, 15); -} - -unsigned nctCompare(const void *pre, const void *post) -{ - const CE_NetscapeCertType *nPre = (CE_NetscapeCertType *)pre; - const CE_NetscapeCertType *nPost = (CE_NetscapeCertType *)post; - if(*nPre != *nPost) { - printf("***Miscompare in CE_NetscapeCertType\n"); - return 1; - } - return 0; -} - -#pragma mark --- CE_ExtendedKeyUsage --- - -/* a static array of meaningless OIDs, use 1.. NUM_SKU_OIDS */ -CSSM_OID ekuOids[] = { - CSSMOID_CrlNumber, - CSSMOID_CrlReason, - CSSMOID_HoldInstructionCode, - CSSMOID_InvalidityDate -}; -#define NUM_SKU_OIDS 4 - -void ekuCreate(void *arg) -{ - CE_ExtendedKeyUsage *eku = (CE_ExtendedKeyUsage *)arg; - eku->numPurposes = genRand(1, NUM_SKU_OIDS); - eku->purposes = ekuOids; -} - -unsigned ekuCompare(const void *pre, const void *post) -{ - CE_ExtendedKeyUsage *ekupre = (CE_ExtendedKeyUsage *)pre; - CE_ExtendedKeyUsage *ekupost = (CE_ExtendedKeyUsage *)post; - - if(ekupre->numPurposes != ekupost->numPurposes) { - printf("CE_ExtendedKeyUsage.numPurposes miscompare\n"); - return 1; - } - unsigned rtn = 0; - for(unsigned dex=0; dexnumPurposes; dex++) { - rtn += compCssmData(ekupre->purposes[dex], - ekupost->purposes[dex], "CE_ExtendedKeyUsage.purposes"); - } - return rtn; -} - - -#pragma mark --- general purpose X509 name generator --- - -/* Attr/Value pairs, pick one of NUM_ATTR_STRINGS */ -static char *attrStrings[] = { - (char *)"thisName", - (char *)"anotherName", - (char *)"someOtherName" -}; -#define NUM_ATTR_STRINGS 3 - -/* A/V type, pick one of NUM_ATTR_TYPES */ -static CSSM_OID attrTypes[] = { - CSSMOID_Surname, - CSSMOID_CountryName, - CSSMOID_OrganizationName, - CSSMOID_Description -}; -#define NUM_ATTR_TYPES 4 - -/* A/V tag, pick one of NUM_ATTR_TAGS */ -static char attrTags[] = { - BER_TAG_PRINTABLE_STRING, - BER_TAG_IA5_STRING, - BER_TAG_T61_STRING -}; -#define NUM_ATTR_TAGS 3 - -void rdnCreate( - CSSM_X509_RDN_PTR rdn) -{ - unsigned numPairs = genRand(1,4); - rdn->numberOfPairs = numPairs; - unsigned len = numPairs * sizeof(CSSM_X509_TYPE_VALUE_PAIR); - rdn->AttributeTypeAndValue = - (CSSM_X509_TYPE_VALUE_PAIR_PTR)malloc(len); - memset(rdn->AttributeTypeAndValue, 0, len); - - for(unsigned atvDex=0; atvDexAttributeTypeAndValue[atvDex]; - unsigned die = genRand(1, NUM_ATTR_TYPES); - pair.type = attrTypes[die - 1]; - die = genRand(1, NUM_ATTR_STRINGS); - char *str = attrStrings[die - 1]; - pair.value.Data = (uint8 *)str; - pair.value.Length = strlen(str); - die = genRand(1, NUM_ATTR_TAGS); - pair.valueType = attrTags[die - 1]; - } -} - -unsigned rdnCompare( - CSSM_X509_RDN_PTR rdn1, - CSSM_X509_RDN_PTR rdn2) -{ - if(rdn1->numberOfPairs != rdn2->numberOfPairs) { - printf("***Mismatch in numberOfPairs\n"); - return 1; - } - unsigned rtn = 0; - for(unsigned atvDex=0; atvDexnumberOfPairs; atvDex++) { - CSSM_X509_TYPE_VALUE_PAIR &p1 = - rdn1->AttributeTypeAndValue[atvDex]; - CSSM_X509_TYPE_VALUE_PAIR &p2 = - rdn2->AttributeTypeAndValue[atvDex]; - if(p1.valueType != p2.valueType) { - printf("***valueType miscompare\n"); - rtn++; - } - if(compCssmData(p1.type, p2.type, "ATV.type")) { - rtn++; - } - if(compCssmData(p1.value, p2.value, "ATV.value")) { - rtn++; - } - } - return rtn; -} - -void rdnFree( - CSSM_X509_RDN_PTR rdn) -{ - free(rdn->AttributeTypeAndValue); -} - -void x509NameCreate( - CSSM_X509_NAME_PTR x509Name) -{ - memset(x509Name, 0, sizeof(*x509Name)); - unsigned numRdns = genRand(1,4); - x509Name->numberOfRDNs = numRdns; - unsigned len = numRdns * sizeof(CSSM_X509_RDN); - x509Name->RelativeDistinguishedName = (CSSM_X509_RDN_PTR)malloc(len); - memset(x509Name->RelativeDistinguishedName, 0, len); - - for(unsigned rdnDex=0; rdnDexRelativeDistinguishedName[rdnDex]; - rdnCreate(&rdn); - } -} - -unsigned x509NameCompare( - const CSSM_X509_NAME_PTR n1, - const CSSM_X509_NAME_PTR n2) -{ - if(n1->numberOfRDNs != n2->numberOfRDNs) { - printf("***Mismatch in numberOfRDNs\n"); - return 1; - } - unsigned rtn = 0; - for(unsigned rdnDex=0; rdnDexnumberOfRDNs; rdnDex++) { - CSSM_X509_RDN &rdn1 = n1->RelativeDistinguishedName[rdnDex]; - CSSM_X509_RDN &rdn2 = n2->RelativeDistinguishedName[rdnDex]; - rtn += rdnCompare(&rdn1, &rdn2); - } - return rtn; -} - -void x509NameFree( - CSSM_X509_NAME_PTR n) -{ - for(unsigned rdnDex=0; rdnDexnumberOfRDNs; rdnDex++) { - CSSM_X509_RDN &rdn = n->RelativeDistinguishedName[rdnDex]; - rdnFree(&rdn); - } - free(n->RelativeDistinguishedName); -} - -#pragma mark --- general purpose GeneralNames generator --- - -#define SOME_URL_1 "http://foo.bar.com" -#define SOME_URL_2 "http://bar.foo.com" -#define SOME_DNS_1 "Some DNS" -#define SOME_DNS_2 "Another DNS" -unsigned char someIpAdr_1[] = {208, 161, 124, 209 }; -unsigned char someIpAdr_2[] = {10, 0, 61, 5}; - -void genNamesCreate(void *arg) -{ - CE_GeneralNames *names = (CE_GeneralNames *)arg; - names->numNames = genRand(1, 3); - // one at a time - //names->numNames = 1; - names->generalName = (CE_GeneralName *)malloc(names->numNames * - sizeof(CE_GeneralName)); - memset(names->generalName, 0, names->numNames * sizeof(CE_GeneralName)); - const char *src; - unsigned char *usrc; - - for(unsigned i=0; inumNames; i++) { - CE_GeneralName *name = &names->generalName[i]; - unsigned type = genRand(1, 5); - // unsigned type = 5; - switch(type) { - case 1: - name->nameType = GNT_URI; - name->berEncoded = CSSM_FALSE; - src = randBool() ? SOME_URL_1 : SOME_URL_2; - appCopyData(src, strlen(src), &name->name); - break; - - case 2: - name->nameType = GNT_RegisteredID; - name->berEncoded = CSSM_FALSE; - appCopyData(CSSMOID_SubjectDirectoryAttributes.Data, - CSSMOID_SubjectDirectoryAttributes.Length, - &name->name); - break; - - case 3: - name->nameType = GNT_DNSName; - name->berEncoded = CSSM_FALSE; - src = randBool() ? SOME_DNS_1 : SOME_DNS_2; - appCopyData(src, strlen(src), &name->name); - break; - - case 4: - name->nameType = GNT_IPAddress; - name->berEncoded = CSSM_FALSE; - usrc = randBool() ? someIpAdr_1 : someIpAdr_2; - appCopyData(usrc, 4, &name->name); - break; - - case 5: - { - /* X509_NAME, the hard one */ - name->nameType = GNT_DirectoryName; - name->berEncoded = CSSM_FALSE; - appSetupCssmData(&name->name, sizeof(CSSM_X509_NAME)); - x509NameCreate((CSSM_X509_NAME_PTR)name->name.Data); - } - } - } -} - -unsigned genNamesCompare(const void *pre, const void *post) -{ - const CE_GeneralNames *gnPre = (CE_GeneralNames *)pre; - const CE_GeneralNames *gnPost = (CE_GeneralNames *)post; - unsigned rtn = 0; - - if((gnPre == NULL) || (gnPost == NULL)) { - printf("***Bad GenNames pointer\n"); - return 1; - } - if(gnPre->numNames != gnPost->numNames) { - printf("***CE_GeneralNames.numNames miscompare\n"); - return 1; - } - for(unsigned dex=0; dexnumNames; dex++) { - CE_GeneralName *npre = &gnPre->generalName[dex]; - CE_GeneralName *npost = &gnPost->generalName[dex]; - if(npre->nameType != npost->nameType) { - printf("***CE_GeneralName.nameType miscompare\n"); - rtn++; - } - if(compBool(npre->berEncoded, npost->berEncoded, - "CE_GeneralName.berEncoded")) { - rtn++; - } - - /* nameType-specific compare */ - switch(npre->nameType) { - case GNT_RFC822Name: - rtn += compCssmData(npre->name, npost->name, - "CE_GeneralName.RFC822Name"); - break; - case GNT_DNSName: - rtn += compCssmData(npre->name, npost->name, - "CE_GeneralName.DNSName"); - break; - case GNT_URI: - rtn += compCssmData(npre->name, npost->name, - "CE_GeneralName.URI"); - break; - case GNT_IPAddress: - rtn += compCssmData(npre->name, npost->name, - "CE_GeneralName.RFIPAddressC822Name"); - break; - case GNT_RegisteredID: - rtn += compCssmData(npre->name, npost->name, - "CE_GeneralName.RegisteredID"); - break; - case GNT_DirectoryName: - rtn += x509NameCompare((CSSM_X509_NAME_PTR)npre->name.Data, - (CSSM_X509_NAME_PTR)npost->name.Data); - break; - default: - printf("****BRRZAP! genNamesCompare needs work\n"); - rtn++; - } - } - return rtn; -} - -void genNamesFree(void *arg) -{ - const CE_GeneralNames *gn = (CE_GeneralNames *)arg; - for(unsigned dex=0; dexnumNames; dex++) { - CE_GeneralName *n = (CE_GeneralName *)&gn->generalName[dex]; - switch(n->nameType) { - case GNT_DirectoryName: - x509NameFree((CSSM_X509_NAME_PTR)n->name.Data); - CSSM_FREE(n->name.Data); - break; - default: - CSSM_FREE(n->name.Data); - break; - } - } - free(gn->generalName); -} - -#pragma mark --- CE_CRLDistPointsSyntax --- -void cdpCreate(void *arg) -{ - CE_CRLDistPointsSyntax *cdp = (CE_CRLDistPointsSyntax *)arg; - //cdp->numDistPoints = genRand(1,3); - // one at a time - cdp->numDistPoints = 1; - unsigned len = sizeof(CE_CRLDistributionPoint) * cdp->numDistPoints; - cdp->distPoints = (CE_CRLDistributionPoint *)malloc(len); - memset(cdp->distPoints, 0, len); - - for(unsigned dex=0; dexnumDistPoints; dex++) { - CE_CRLDistributionPoint *pt = &cdp->distPoints[dex]; - - /* all fields optional */ - if(randBool()) { - CE_DistributionPointName *dpn = pt->distPointName = - (CE_DistributionPointName *)malloc( - sizeof(CE_DistributionPointName)); - memset(dpn, 0, sizeof(CE_DistributionPointName)); - - /* CE_DistributionPointName has two flavors */ - if(randBool()) { - dpn->nameType = CE_CDNT_FullName; - dpn->dpn.fullName = (CE_GeneralNames *)malloc( - sizeof(CE_GeneralNames)); - memset(dpn->dpn.fullName, 0, sizeof(CE_GeneralNames)); - genNamesCreate(dpn->dpn.fullName); - } - else { - dpn->nameType = CE_CDNT_NameRelativeToCrlIssuer; - dpn->dpn.rdn = (CSSM_X509_RDN_PTR)malloc( - sizeof(CSSM_X509_RDN)); - memset(dpn->dpn.rdn, 0, sizeof(CSSM_X509_RDN)); - rdnCreate(dpn->dpn.rdn); - } - } /* creating CE_DistributionPointName */ - - pt->reasonsPresent = randBool(); - if(pt->reasonsPresent) { - CE_CrlDistReasonFlags *cdr = &pt->reasons; - /* set two random valid bits */ - *cdr = 0; - *cdr |= 1 << genRand(0,7); - *cdr |= 1 << genRand(0,7); - } - - /* make sure at least one present */ - if((!pt->distPointName && !pt->reasonsPresent) || randBool()) { - pt->crlIssuer = (CE_GeneralNames *)malloc(sizeof(CE_GeneralNames)); - memset(pt->crlIssuer, 0, sizeof(CE_GeneralNames)); - genNamesCreate(pt->crlIssuer); - } - } -} - -unsigned cdpCompare(const void *pre, const void *post) -{ - CE_CRLDistPointsSyntax *cpre = (CE_CRLDistPointsSyntax *)pre; - CE_CRLDistPointsSyntax *cpost = (CE_CRLDistPointsSyntax *)post; - - if(cpre->numDistPoints != cpost->numDistPoints) { - printf("***CE_CRLDistPointsSyntax.numDistPoints miscompare\n"); - return 1; - } - unsigned rtn = 0; - for(unsigned dex=0; dexnumDistPoints; dex++) { - CE_CRLDistributionPoint *ptpre = &cpre->distPoints[dex]; - CE_CRLDistributionPoint *ptpost = &cpost->distPoints[dex]; - - if(ptpre->distPointName) { - if(ptpost->distPointName == NULL) { - printf("***NULL distPointName post decode\n"); - rtn++; - goto checkReason; - } - CE_DistributionPointName *dpnpre = ptpre->distPointName; - CE_DistributionPointName *dpnpost = ptpost->distPointName; - if(dpnpre->nameType != dpnpost->nameType) { - printf("***CE_DistributionPointName.nameType miscompare\n"); - rtn++; - goto checkReason; - } - if(dpnpre->nameType == CE_CDNT_FullName) { - rtn += genNamesCompare(dpnpre->dpn.fullName, dpnpost->dpn.fullName); - } - else { - rtn += rdnCompare(dpnpre->dpn.rdn, dpnpost->dpn.rdn); - } - - } - else if(ptpost->distPointName != NULL) { - printf("***NON NULL distPointName post decode\n"); - rtn++; - } - - checkReason: - if(ptpre->reasons != ptpost->reasons) { - printf("***CE_CRLDistributionPoint.reasons miscompare\n"); - rtn++; - } - - if(ptpre->crlIssuer) { - if(ptpost->crlIssuer == NULL) { - printf("***NULL crlIssuer post decode\n"); - rtn++; - continue; - } - CE_GeneralNames *gnpre = ptpre->crlIssuer; - CE_GeneralNames *gnpost = ptpost->crlIssuer; - rtn += genNamesCompare(gnpre, gnpost); - } - else if(ptpost->crlIssuer != NULL) { - printf("***NON NULL crlIssuer post decode\n"); - rtn++; - } - } - return rtn; -} - -void cdpFree(void *arg) -{ - CE_CRLDistPointsSyntax *cdp = (CE_CRLDistPointsSyntax *)arg; - for(unsigned dex=0; dexnumDistPoints; dex++) { - CE_CRLDistributionPoint *pt = &cdp->distPoints[dex]; - if(pt->distPointName) { - CE_DistributionPointName *dpn = pt->distPointName; - if(dpn->nameType == CE_CDNT_FullName) { - genNamesFree(dpn->dpn.fullName); - free(dpn->dpn.fullName); - } - else { - rdnFree(dpn->dpn.rdn); - free(dpn->dpn.rdn); - } - free(dpn); - } - - if(pt->crlIssuer) { - genNamesFree(pt->crlIssuer); - free(pt->crlIssuer); - } - } - free(cdp->distPoints); -} - -#pragma mark --- CE_AuthorityKeyID --- -void authKeyIdCreate(void *arg) -{ - CE_AuthorityKeyID *akid = (CE_AuthorityKeyID *)arg; - - /* all three fields optional */ - - akid->keyIdentifierPresent = randBool(); - if(akid->keyIdentifierPresent) { - randData(&akid->keyIdentifier, 16); - } - - akid->generalNamesPresent = randBool(); - if(akid->generalNamesPresent) { - akid->generalNames = - (CE_GeneralNames *)malloc(sizeof(CE_GeneralNames)); - memset(akid->generalNames, 0, sizeof(CE_GeneralNames)); - genNamesCreate(akid->generalNames); - } - - if(!akid->keyIdentifierPresent & !akid->generalNamesPresent) { - /* force at least one to be present */ - akid->serialNumberPresent = CSSM_TRUE; - } - else { - akid->serialNumberPresent = randBool(); - } - if(akid->serialNumberPresent) { - randData(&akid->serialNumber, 16); - } - -} - -unsigned authKeyIdCompare(const void *pre, const void *post) -{ - CE_AuthorityKeyID *akpre = (CE_AuthorityKeyID *)pre; - CE_AuthorityKeyID *akpost = (CE_AuthorityKeyID *)post; - unsigned rtn = 0; - - if(compBool(akpre->keyIdentifierPresent, akpost->keyIdentifierPresent, - "CE_AuthorityKeyID.keyIdentifierPresent")) { - rtn++; - } - else if(akpre->keyIdentifierPresent) { - rtn += compCssmData(akpre->keyIdentifier, - akpost->keyIdentifier, "CE_AuthorityKeyID.keyIdentifier"); - } - - if(compBool(akpre->generalNamesPresent, akpost->generalNamesPresent, - "CE_AuthorityKeyID.generalNamesPresent")) { - rtn++; - } - else if(akpre->generalNamesPresent) { - rtn += genNamesCompare(akpre->generalNames, - akpost->generalNames); - } - - if(compBool(akpre->serialNumberPresent, akpost->serialNumberPresent, - "CE_AuthorityKeyID.serialNumberPresent")) { - rtn++; - } - else if(akpre->serialNumberPresent) { - rtn += compCssmData(akpre->serialNumber, - akpost->serialNumber, "CE_AuthorityKeyID.serialNumber"); - } - return rtn; -} - -void authKeyIdFree(void *arg) -{ - CE_AuthorityKeyID *akid = (CE_AuthorityKeyID *)arg; - - if(akid->keyIdentifier.Data) { - free(akid->keyIdentifier.Data); - } - if(akid->generalNames) { - genNamesFree(akid->generalNames); // genNamesCreate mallocd - free(akid->generalNames); // we mallocd - } - if(akid->serialNumber.Data) { - free(akid->serialNumber.Data); - } -} - -#pragma mark --- CE_CertPolicies --- - -/* random OIDs, pick 1..NUM_CP_OIDS */ -static CSSM_OID cpOids[] = -{ - CSSMOID_EmailAddress, - CSSMOID_UnstructuredName, - CSSMOID_ContentType, - CSSMOID_MessageDigest -}; -#define NUM_CP_OIDS 4 - -/* CPS strings, pick one of NUM_CPS_STR */ -static char *someCPSs[] = -{ - (char *)"http://www.apple.com", - (char *)"https://cdnow.com", - (char *)"ftp:backwards.com" -}; -#define NUM_CPS_STR 3 - -/* make these looks like real sequences */ -static uint8 someUnotice[] = {0x30, 0x03, BER_TAG_BOOLEAN, 1, 0xff}; -static uint8 someOtherData[] = {0x30, 0x02, BER_TAG_NULL, 0}; - -void cpCreate(void *arg) -{ - CE_CertPolicies *cp = (CE_CertPolicies *)arg; - cp->numPolicies = genRand(1,3); - //cp->numPolicies = 1; - unsigned len = sizeof(CE_PolicyInformation) * cp->numPolicies; - cp->policies = (CE_PolicyInformation *)malloc(len); - memset(cp->policies, 0, len); - - for(unsigned polDex=0; polDexnumPolicies; polDex++) { - CE_PolicyInformation *pi = &cp->policies[polDex]; - unsigned die = genRand(1, NUM_CP_OIDS); - pi->certPolicyId = cpOids[die - 1]; - unsigned numQual = genRand(1,3); - pi->numPolicyQualifiers = numQual; - len = sizeof(CE_PolicyQualifierInfo) * numQual; - pi->policyQualifiers = (CE_PolicyQualifierInfo *) - malloc(len); - memset(pi->policyQualifiers, 0, len); - for(unsigned cpiDex=0; cpiDexpolicyQualifiers[cpiDex]; - if(randBool()) { - qi->policyQualifierId = CSSMOID_QT_CPS; - die = genRand(1, NUM_CPS_STR); - qi->qualifier.Data = (uint8 *)someCPSs[die - 1]; - qi->qualifier.Length = strlen((char *)qi->qualifier.Data); - } - else { - qi->policyQualifierId = CSSMOID_QT_UNOTICE; - if(randBool()) { - qi->qualifier.Data = someUnotice; - qi->qualifier.Length = 5; - } - else { - qi->qualifier.Data = someOtherData; - qi->qualifier.Length = 4; - } - } - } - } -} - -unsigned cpCompare(const void *pre, const void *post) -{ - CE_CertPolicies *cppre = (CE_CertPolicies *)pre; - CE_CertPolicies *cppost = (CE_CertPolicies *)post; - - if(cppre->numPolicies != cppost->numPolicies) { - printf("CE_CertPolicies.numPolicies mismatch\n"); - return 1; - } - unsigned rtn = 0; - for(unsigned polDex=0; polDexnumPolicies; polDex++) { - CE_PolicyInformation *pipre = &cppre->policies[polDex]; - CE_PolicyInformation *pipost = &cppost->policies[polDex]; - rtn += compCssmData(pipre->certPolicyId, pipost->certPolicyId, - "CE_PolicyInformation.certPolicyId"); - if(pipre->numPolicyQualifiers != pipost->numPolicyQualifiers) { - printf("CE_PolicyInformation.CE_PolicyInformation mismatch\n"); - rtn++; - continue; - } - - for(unsigned qiDex=0; qiDexnumPolicyQualifiers; qiDex++) { - CE_PolicyQualifierInfo *qipre = &pipre->policyQualifiers[qiDex]; - CE_PolicyQualifierInfo *qipost = &pipost->policyQualifiers[qiDex]; - rtn += compCssmData(qipre->policyQualifierId, - qipost->policyQualifierId, - "CE_PolicyQualifierInfo.policyQualifierId"); - rtn += compCssmData(qipre->qualifier, - qipost->qualifier, - "CE_PolicyQualifierInfo.qualifier"); - } - } - return rtn; -} - -void cpFree(void *arg) -{ - CE_CertPolicies *cp = (CE_CertPolicies *)arg; - for(unsigned polDex=0; polDexnumPolicies; polDex++) { - CE_PolicyInformation *pi = &cp->policies[polDex]; - free(pi->policyQualifiers); - } - free(cp->policies); -} diff --git a/SecurityTests/clxutils/certTime/extenCooker.h b/SecurityTests/clxutils/certTime/extenCooker.h deleted file mode 100644 index 8f450e29..00000000 --- a/SecurityTests/clxutils/certTime/extenCooker.h +++ /dev/null @@ -1,162 +0,0 @@ -/* - * extenCooker.h - module to cook up random (but reasonable) - * versions of cert extensions - */ - - -#ifndef _EXTEN_COOKER_H_ -#define _EXTEN_COOKER_H_ - -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Define one extension test. - */ - -/* - * Cook up this extension with random, reasonable values. - * Incoming pointer refers to extension-specific C struct, mallocd - * and zeroed by main test routine. - */ -typedef void (*extenCreateFcn)(void *arg); - -/* - * Compare two instances of this extension. Return number of - * compare errors. - */ -typedef unsigned (*extenCompareFcn)( - const void *preEncode, - const void *postEncode); - -/* - * Free struct components mallocd in extenCreateFcn. Do not free - * the outer struct. - */ -typedef void (*extenFreeFcn)(void *arg); - -typedef struct { - /* three extension-specific functions */ - extenCreateFcn createFcn; - extenCompareFcn compareFcn; - extenFreeFcn freeFcn; - - /* size of C struct passed to all three functions */ - unsigned extenSize; - - /* the OID for this extension */ - CSSM_OID extenOid; - - /* description for error logging and blob writing */ - const char *extenDescr; - - /* command-line letter for this one */ - char extenLetter; - -} ExtenTest; - -/* - * extenCooker.cpp - module to cook up random (but reasonable) - * versions of cert extensions - */ - -#include -#include -#include "extenCooker.h" - -CSSM_BOOL randBool(); - -/* Fill a CSSM_DATA with random data. Its referent is allocd with malloc. */ -void randData( - CSSM_DATA_PTR data, - uint8 maxLen); - - -/* - * Various compare tests - */ -int compBool( - CSSM_BOOL pre, - CSSM_BOOL post, - char *desc); - - -int compCssmData( - CSSM_DATA &d1, - CSSM_DATA &d2, - char *desc); - - -#pragma mark --- CE_KeyUsage --- -void kuCreate(void *arg); -unsigned kuCompare(const void *pre, const void *post); -/* no free */ - -#pragma mark --- CE_BasicConstraints --- -void bcCreate(void *arg); -unsigned bcCompare(const void *pre, const void *post); -/* no free */ - -#pragma mark --- CE_SubjectKeyID --- -void skidCreate(void *arg); -unsigned skidCompare(const void *pre, const void *post); -void skidFree(void *arg); - -#pragma mark --- CE_NetscapeCertType --- -void nctCreate(void *arg); -unsigned nctCompare(const void *pre, const void *post); -/* no free */ - -#pragma mark --- CE_ExtendedKeyUsage --- -void ekuCreate(void *arg); -unsigned ekuCompare(const void *pre, const void *post); -/* no free */ - -#pragma mark --- general purpose X509 name generator --- -void rdnCreate( - CSSM_X509_RDN_PTR rdn); -unsigned rdnCompare( - CSSM_X509_RDN_PTR rdn1, - CSSM_X509_RDN_PTR rdn2); -void rdnFree( - CSSM_X509_RDN_PTR rdn); - -void x509NameCreate( - CSSM_X509_NAME_PTR x509Name); -unsigned x509NameCompare( - const CSSM_X509_NAME_PTR n1, - const CSSM_X509_NAME_PTR n2); -void x509NameFree( - CSSM_X509_NAME_PTR n); - -#pragma mark --- general purpose GeneralNames generator --- - -void genNamesCreate(void *arg); -unsigned genNamesCompare(const void *pre, const void *post); -void genNamesFree(void *arg); - -#pragma mark --- CE_CRLDistPointsSyntax --- -void cdpCreate(void *arg); -unsigned cdpCompare(const void *pre, const void *post); -void cdpFree(void *arg); - -#pragma mark --- CE_AuthorityKeyID --- -void authKeyIdCreate(void *arg); -unsigned authKeyIdCompare(const void *pre, const void *post); -void authKeyIdFree(void *arg); - -#pragma mark --- CE_CertPolicies --- -void cpCreate(void *arg); -unsigned cpCompare(const void *pre, const void *post); -void cpFree(void *arg); - -#ifdef __cplusplus -} -#endif - -#endif /* _EXTEN_COOKER_H_ */ diff --git a/SecurityTests/clxutils/certTime/runTime b/SecurityTests/clxutils/certTime/runTime deleted file mode 100755 index eb2fbfc8..00000000 --- a/SecurityTests/clxutils/certTime/runTime +++ /dev/null @@ -1,23 +0,0 @@ -#! /bin/csh -f -# -# run certTime thru all six options -# -set LOOPS = 1000 -if( $#argv == 1 ) then - set LOOPS = "$argv[1]" -endif -# -# safely look for this required env var -# -setenv | grep LOCAL_BUILD_DIR > /dev/null -if($status != 0) then - echo Please set env var LOCAL_BUILD_DIR. - exit(1) -endif -# -$LOCAL_BUILD_DIR/certTime p $LOOPS -$LOCAL_BUILD_DIR/certTime g $LOOPS -$LOCAL_BUILD_DIR/certTime t $LOOPS -$LOCAL_BUILD_DIR/certTime c $LOOPS -$LOCAL_BUILD_DIR/certTime s $LOOPS -$LOCAL_BUILD_DIR/certTime v $LOOPS diff --git a/SecurityTests/clxutils/certcrl/Makefile b/SecurityTests/clxutils/certcrl/Makefile deleted file mode 100644 index b6cfde8b..00000000 --- a/SecurityTests/clxutils/certcrl/Makefile +++ /dev/null @@ -1,59 +0,0 @@ -# name of executable to build -EXECUTABLE= certcrl -# C++ source (with .cpp extension) -CPSOURCE= certcrl.cpp script.cpp -# C source (.c extension) -CSOURCE= - -# -# Note final load with cc, not ld -# -# project-specific libraries, e.g., -lstdc++ -# -PROJ_LIBS= -# -# Optional lib search paths -# -PROJ_LIBPATH= -# -# choose one for cc -# -VERBOSE= -#VERBOSE=-v - -# -# Other files to remove at 'make clean' time -# -OTHER_TO_CLEAN= - -# -# non-standard frameworks (e.g., -framework foo) -# -PROJ_FRAMEWORKS=-framework IOKit - -# -# project-specific includes, with leading -I -# -PROJ_INCLUDES= - -# -# Optional C flags (warnings, optimizations, etc.) -# -PROJ_CFLAGS= - -# -# Optional link flags (using cc, not ld) -# -PROJ_LDFLAGS= - -# -# Optional dependencies -# -PROJ_DEPENDS= - -# -# Optional files on which *.{c,cpp} depend -# -HDR_DEPENDS=../clAppUtils/certVerify.h - -include ../Makefile.cdsa diff --git a/SecurityTests/clxutils/certcrl/README.doc b/SecurityTests/clxutils/certcrl/README.doc deleted file mode 100644 index c9d1e6a34c36cbe45400e8df4ecedd915019a3ed..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 50688 zcmeI53w&HPOcVg?jz$uK1Vz{8bcIZVCb-{eOS&d(O<6G*jAA z5p<^g&6#t~d)~`)d!OfhpPB4>VA?~se}3lwm=UkD%oy|H?piZGay`c9E5h@s#;oVF zuD!T>_ikOj9PqLFdJR$FfA9D=6N}f5HRg%K?iCYFY#L0BiSds$8FPravggX4cje!e zw>Qh)YR4XFj$UufZ;y;wJa%T;?LAI*?>@A6t{{l6}Rv2 z8{7ss&tk54h?Sj2kbN$$A=J+7i2b$<;fO9-YX3C#`C_n z((h^XmU<^ITzHz-Gwk&aCi97by1M4zv1HDRdx^~8U_9OHrIKmi%V#nvZ}UJhG2jhl zGnoq!8drDllcKEPSF?@yXtIjlIcyE4ZgQ2o=s*7xoA&@GO1)Dsp{zfgh^(@=QM1_ z!v6$xqseX2#zZ}TyCsd6;khh4q_>%@9gk&$xTAW#WIFF>hq6BJ>K7wVWRr|F-S4I1 z>HdOv?|8PE2VhyUKTUhVVAcAttvRp$sOmkt=4y;~YLqspD6=_dtAZ(BwvZ0#Z~GhN zS{icqB=gyLcGyc7276r3_Yjm^KyxTFlwy1cV>+Kj1T%<}Wl$M??a6RRVA~Ntj;Kau zuhH}B>gv`?A?oT7yg=NXh9q-!wYB_LN2E8GIv#u1Ud}VkC<0>9W~C_S9u8$dtdqzf zy>P2sXT(X%{s<8zZD-Wg&EMqJuJf}!NaC4Z*3T7Eh-xwokMeN@v)AiQ=7v&nhSXO! z2qX;EODCwePh7X7+=F_xb@MlRwHFkUe*R3UNvOhJF5jCeRh<;=f83WVNVK zq+wIhVj$hpKu6GcDq0cZkDg{RTN*@tve9q!hBF0ku)rlJ#lv1a@1=a1HkA=6=D}%I zFAeufDxSt_Q2p99trrDmaR-!7VK+9(ym^Vuy$v2}7RN~O^iUjjO4BfML-}}5inb*+ zp@d)s`?K*us>m0z=^T_uU*%^rbU#Vo^6@<80On~3d+;aVIBbUH=&>)#di8~L%Gy&N z*%1;%T__r-29RUU1RvSBxpu4yM)l{;de$Wtd&6lDXVLc+Sbv#mJ}1Rar0 z*nzBss%x;D$bhw(Fu)BE5?Xb0W%qcXYuXD*qQ)Vg zl$Gw!`b=EXeaec`jb5`g@Wp4n6)hcNV0+7I$?ISo`P7(tGwB=h-ay>3IT#@WoZswa zGnu?<8EsIy=hf%4$Qq1_rxOF2EOfE9d*8dAOea!>Ug?_aGjzm~XH%oK$n5lTtG5%} z0aApn^;%Z0=n;b>{9SRjSHHm@P7K78>3Kx~Ok1POCHs(_=oUbJb)nI_7{aR`0lB56 zgPA}{om%8jD4NW9wQFSpiuS?iKfOdBGXbxYpGzon0NRYt9MutbqvzF9>gP@uHI# zow{hr;!_qaEe(^AZA)i1{-s)?AMchjgH0 zc0g_C!&Ii@lAqcx?`^m=UCkfxa=FyGNN~CB>+D?R;ZEl5JOfYgR^;>PvhztKEl8R! zB)EmtuhU2h1yp$aPQ4tZcsA8adV*)Hld}$iO@AK>wr2cL2us_y! z^J-i1dLc%yF1eZ9ispd7#j9uH&07E0dh83g!0eTh1`#5#-3%SiD&Zzy%l@YJ_EjxX zSzD~TtzC-S2^oWiY`Xzr5K){J`AE$z-RB2=vhBZ-F%+_dH49`;{4I1cN2HT$95{;+ zboiSxK@7BqY<1udgm;6R0XM{_kPS>44Vgr4s6mcq1M|H9mNJpi6_G0L)#CkRHV2lo zkhZh3LK^}-j5FgJ%}#Z+T(Gvaqotb?-R&(M)`sk(>F{ticq}psJxFwg`RcVw-{jSH z_!|pJNT-6XM*%r_*xKJxSZT|oM6OJBA9~xmvb(*brL$#?HFeIGg&JPj!lw6PVd>*b z7+8pOAojH&&u=IrRbJcCS_`CM8fvO^hgq$;vmL&taHU}A+R`ogDz&T1iwAM`$fwTr zYHc+M;viq)gt*b*q7+;yc{IJ=X5!?@ z_}r9E8)DmNhDb0I_^eih(NLHX3HBQ795obYk%S3e-nzmOu{;dbU65jpm2U6o415(r z#8NQIRadE;#d=qnp^&n)iT>MYpdoYK;BpQ!u&#cUW4;E#g_NSgf|ek(F!|ARLia(i{!a$^HRo2@h~^LKUzV zS;OloBvVYZoswp0N@@#>Hz~%S$`AE!LInqW`s^x|8007@LQ|OV9qXWWpnzqCpWc+r zX3|;>k{oq9^_2{WKUxfC3CxnvX{vT47uo&KOQOAOHBd75)nLR$Hkf;O_*otJMtPt3s!fGUDUXC&J6;F#* zVVqdQvre^47-W&}jRR^Y1-q2R(g&s@#bTfpBG%{>_-!m`*}l=M?}DdxxMBhXl@*2z zNRw6TU@=*IEw0GOD%!cmPAxv`tiAG>UAv9*yf*rt-JFy;hjT0`(USV4VKInImckmV z$P+A{yTMy&bc}ZsfrudC518u)nrBfQi7M8GU#e-wns3RQV^FZFo*Rf~hrIgh-*AJC z>{X##^kZ6%^o-SqY@E0emk@$DxedD-Oc8;Eqawsl5?%_@8vVfD_$=U{mrjg>Jpjp) z#KhjyTelo{J;yUw+Eqqt_=>lz_Si+#FrHF(L&*=<1Z7Ejd?+BjavWd-!7g6;-t`;3 zdPLUG+c8czKWIn%HVh=^JEZWj@if$dy(d8jj$iO04=CBT;4FmB7 zRfZ9E8W2f~;(>_5*^-c0ouN%vO}`BSw7XRjFK3tKMwTYBP~(aYRloKELT#pjvclTV z3AUwrlYM{0im@t5{ZESeQu$JCH+}&DeoH*0Kx8y^S7Hn`FkzV&cG< z7B_qBaOLG{@kpjND${nIm6gMc;zZq7ubrvIE=$+Laj?6S_MIi74kx~LU0hS2&yW(@ zMX`jpO1LML(Rj$dC9Yk$(B$WmIzyMOJUKZ@4#xYFb^$;(#I6qJGK3LM*sKSepI&-7@HfNg~ z=yo_$X8$DfI}$+`%nV= zv~zE)&TVIEUk=M{e^w!`d^jR}oGF|Y`@anueTsrIb z4i7P*$8WF}v$>TGRL;j%^T2tabA%D~%|Bns{gp&Y?~M z0g;+Hk`;XpJ>_U*iQ~jN2<_|wfF(tV(U}D6mv$t2GNc#b5bITe`9k*XsGJbvpV=)> zx7#Ukq!aviJFS#;F$Pz{%J``6Ib}p+qHzi1jKe`DnE9DL{QG#Cl^ppSQ@UhaLXRD9 z?cC6*!?19t=y?VU49*XC7SMX)iZ@+s_N^XcpyhSzsX&Q>$N@%6 z-rQEElWYa9kuak)G;M!di;p-5ZENmy4QO23dPw!~)~HC!uHC>^j(XvBhl7Pj?X+H&8&ZF5KH6+Oi!;~u-ic3!QIYe&XTB=aPV zj*n;w+o^0{B7$OynBE(7q>Q2{DG`lb_KBnYTatqX8|aID+J8Z4}owg<(O{aj&yZCnqDkhk%$OFeId(ruSMuaIv2l${l_|y|_0p44BqJA; z1+HL)2U)Yx4!iE#*tlHR($Tu|;xOf4WmD^_mKEErA$LoRnx*143uT)q-_p_1ZA}Ma zID(Qa@y>TN6orvNd15Fpn*~z9qBzZ6Ww$z~4scI2!YU}sv7ewR7<(vHb}rBYE8UXnl?O|q zkLrw&9Z}R0*#|=DasJDh-omK8hZ$l(qVp=?;MNh0Rb3y9W+ZOE7#9_&%VgjOi*mWWmwaVCoMZIOWih4-0* zq7V}*L6>9Sy2^Pe^0{1^No~o>2ky?*VR{Dog2`>hS7d81l7p-Ywti_;)Au29CPMTe zg^DHBQvS?5d?flFX3x}i+Ru3M`<*o7NF8wxwOP4YjK>!V8NZ{9UOT)pb#*zy1AYQN zupuX_70ujn>KdfgP@+VeaG|?iiw@y>U&s{eTFIdgg%LUI3}W+;U$V-ca&*+N8;HDS zD;Ec)8JFo3)Ld5=rt6gIw$q$ikJxdU_VQGoK-F;CLaA90Nn$Fox{R!3I3#R_5FQ?h zUY3j%6KzJlKWHMT>`4^NEXuQ-f~@Sq|ud`EKBk)-C_m$sKH{AR>kIs z49VYFsl3q^yB53O?FH$i(QK!Yt=W7l7Zo0y#>#S6N46G3QFTg$3!B@U?6)fWLCLK_ z?o!T41>ZkO=d@O<{Jf&+F3Fb_9eL(y5*SKyV`V;&oHly!GDJr$R7`oQH0nsx`zt^r zMYpW|mlh=#hva>YdX18*Mir%i+6_V2@={q?MJ?RNT7%)sdTOWorPHy1i*LxoFV_{Ut+eSHnX62y|ZyMdg?3My{Te ztxc3oETbu0XwJ$sA-othtl>2kbaESBp;T}IwuIEz-UN<{7I4MnJ;||jH% z-XLejZY#-Se~C`xg4=zMV3*B4CJqmg!(oT1lVA_sx|DVxBL&WyqJ+M@fYaGa3Ib_9 zwxHcE7+IQydu@KHn_2-cQME`B=ZX=E_zC@{Q zbS>s9O+O?eJ0>Oa?Xeth*WWZw*HLlL_KA^H;uONJ2SSFDJ5x+*6TR|;= zLoR}-N8e^-!MbS=V-ne=V1viWfEE8hDp<)GZTDAhSjDdaS8r4)P^G}%A_e%J zmm|PYwZ^-`5Bexz=!Aa>n`9wz{B8q@JI0TMq?gYz%PvOa~n6F z!hP@^@cc8+Kl2#)#ZR8u^|fcd@`Y!1JtI5@?jG^aU3u)8JGr;ZKA;cJPdRenvBkeI zODDeltP^9Vws;nN;^HChTHAS$1(;*p`PnDNn$MeU+Rhte+U>0|W=KDNVkWu!3(q^u zm|4ZLdfb&WLAk?=_jKJoTWo6#ZH+Nzyekv-Ystj7o3r&hKjQyVa4MJ%?`MEe9y~su z0z$c1#pl)FGH^M#4eSJF64$^r;93yM&+U9}=4Vk>fDX_Jp4Y&_SLKsu!y-CXK6z%} zidC+l@}1uwK-Eu0pQ(IOxzPg|PvvK9Z}=S)6RQC+_k&&h+S8c1vH0AWnH~Pl(~Hq= zS3mzvP@pCji%B2n)?q8bN5GOp&~@-h@F_4I(U}1*2Uh^i1NVX@%mquqP2gq_oe$cX z6W$Bn2fhdH2aVXT1>or@W&d_g9*qvW?Bw9mAZ(`gP;=-tLldW6bKM`V;JBWnvDcPQ zcGs3qw%2BfC-;K~z;(>qn#1n`n#Z35&x7~#Gie_H9zR1i2iypDfbW3&fPM}v2AaVN zkOO(}d+;=PD(sbxzpi-lf1`JPRPm&81%GXKq9kzK8;zsJOuGi%1na@5T%ICnDCc~C zuN)OKL;RV8k9I7$81#XD@O2RSZx8dieTMVn-of#+;BF9`$uHc2*4f73yqIpV9!$W8 zldpFam&<*T0EAQ+BeC-O=;o4BXyT za|I~Q_?rDk)qnA10%!yaz**o;;8G8N4)lWoumnGQDOd^40jXn+83b970~gOV<`VEB za1;0n_%7H5z7M7xZ%iFH5kLJ;Ci1F$@`p$%Q+87MnKCj}E>?D@tm?9pvSMW?WyQ)) z%8KpdNm&JzPxi64vSQG1T+GycYn+Llj+(SAH-RU?Q{dK<@c+Rh;8Ac%19Af%28zLMCf520P~274sh2&(17Y){QE@8k&M%{P zUa6Cx9zdg|M{1{`<6YyYUGtgeuHd+yqZy}bLlZUMi_ezl?c(`f_KqW8C?eN0q+I3g4=-N=lj5Kz$0MsVq=ovN>E1Z%DgYTb0E)@ zRd8@mep@0vztCFocBky*hZT!OZWQ@F8@n!k&#o!saq)gc9_%%F44Mn% z12P{(WrQF4H8VoK{R*DdoXQ#l=s68P0Q^0;1$-QMr{gDpCEy%zC-^^L`WeQ|1J{6? zz#ZV{;P>DXeh>K9;CV3Zjm8`XmV#5k#AU1zfbHNz;8tMH!hZx8fZsN`-yeSAY5qO_ z!sEXN<^TTk@&A1Mg&*=y*CV9*Yy4PRNqVXEqPo(05$ikA)uZyYsbDSW1nK8aa633; z37!M^XYeoJgr%&{fvw=}Acky6Mvex@fCT6TcYr&=Bj8aW+3AnS%y#5t2N;7)JQrop zU;d=bNh@=>%I^FbJ9=>25p|=se>A%gwE?rllW|}OYy{HXhk$hVQt)H&6R-xIZ3mwK zcY+D%t8};)%mlN*Tfkd^^!gTX8~7ObICva90sf4Xe5I=XT~vh2PRiVp$|q%>$UdG_ zuC44&*fnIJ6az>mqCP;xPnad1$nG8ijt8fL&<6W_z6yK*>;#_&{|G|cTt@JNE5~J3 z@8e0?99{V&B+*~}F~$gS|EwQaTU(NcsB9cE+Z=Pxt_9vb4=tN>&%_DGf;U{ZbKG2T z+&zEw6siu;9AOSOhwy1e*VebH5{iDX*AxfF&UFJgC=fLT&)4K zP4js(*tHtVZq!&dnZ}yIb8E-uKpvcCV#{NcJ1tU6tvT2D)X-~^CT;qSXBJVkVv@^$xBCkmrxfd-!e5Pun;vTLDP2w*&z!MtvYGx2 zn{JDLGTy`{jY+u=V#m}k@{9(qmBglX5L|9Az*^&B;_<>tk< zC(U88<&pX(nFL(!rM8S2qOPQ+1pd3x%u&9Mh=)iG|6u0C>LWEwq#x&+7HU{&+89fh znzAqbjSvjbdY$Ocq)g&C-qYup*?HB?x@>ri^P1xMSbILEc<%0xEuOpk0ZS%QH~1v@ z6bSc%waJ6crSP#_#U_)G$N`C!2RF>a2<5K9^3^! z1D*rVgZH!F^a0>Oq&eV5umgMt+y~55C<~gw3XlVN@O$tym;-N)1s8)p&=0;2z5#v( z9tQ1)5nqCLfX{-vK@6hTfYu{f#|GVCJ(w^Z{(z&vOmO`S*0I5O_&)(Of(76#Aep#y zCUgh=U;r$c1)ac3a1Kb#X3Z32K@MDeH1Y&K1a1Of0pA6?!1uuvkJ%fXh^(Ci&IVTi z$=-d)-gm)+;Afy`F7X&BfKA{@@D#Z9IOGC60v-jI98W*N!{FE8<`dvOcpm%_^w-mO z@N@7GkbEBxZUZ~Pm%x|7C6XAZAa z=gXmIwa(FXtP)+S{DWS4Z4D6di7L^oDxV@4udM-IV>Ej$$^5jv_#xGMqsw5GE>*gW zjAaf~CiXT59B7@@=UyH1S>^4kgAY}Gc z1g0~Mz8;(aP6QjkMsUhFd=GF5h=X;EwFmqXJOWOj6Q_b(!Kc8p;016xPIog%gB-XT zybXK@JOE~qmp2!j13u_rZf;CNw?z9e>gM(d7Qng!LwlI z>!1ZV7Yu_pgAW4zmcgGu9df1LEw~yq&VZNTo8SjvG5LMVKpVISTn2hT8Wh0S!F}Ll z^8VfkI>1HXO0W_97kC0Jn*|NPYOoeu2X=sufxEyFdG7a+PM>2;6L1ESNtZ{Q>U+ z*Molo_kuAf{UKl~cpaDy-T;mRi-7VJPX(ugvw-pyHv;7=ej0oU{3}r2;!My6x`6T* zzXg=PI3HxeW}rOAzX!@+JP9lVZ9sX9LqK_qUj)iy`~y%P<0hay#>GH+jGq9?V>}Wl zkMZw-@)&;yl*gC>%42*ODE~MPl*jmGu#UXM%YkwiuLa6q+zvhsz53mN?PG|h!-@*OhY48Gg z^O=kTd<=XVC^ngGCYZ56$0}ZXG??`_%(oaS#4o*#o6Jn<)Bl7)+di2TcZ~RMs2-`FWe+)DMf)( zgJ+Do?_Q%m(@Yx$`<%}^Q`0^^R~o5djAPBBiSM4lL`vTV>{xz!?6yzTpYruSHQj5T z<^3**ekI0vk~xaAv1ZKFq;3YUNtUf487?UGIxJ8Atl#XU{n+Cmm zc~(^a+#C0~l8OZ-ew|j9VCeda#YWzEV)vn?OMF-9ZIz&(Qrf*6uhYH`H_hl#mM=~v zcuyf~1++_FF4Gsqq|*RJZ+q&wwt=a4T|bfEi21^Q;m(*LZpd)y{=0!ldmRvUKLf^s zuK;PoE-(Q+2xPwg7t{j9P$Je;j*~bxaGb*NG>&x~S8zOpV>?H2;3AG{b3MnyIZ9pC z?o@nGTw}YQtG|oE@0Pp2>!IIW_H*_gMX7l0kjkm?WLMW)d2txodS5%}x%#yz8PE?T&-*#7EdBAdx&_zRC0@)wf4MT;6wHp?kv zcAa#`u^jB@nU5a(g!j#u{k&`8Mw9$@Omq_sbdZ?kDDg~+(s8XOxfhq;6 z6sS_5N`Wc`suZYFph|&*MS;D=|204U-j6@pIBV**4-x-2Ja_j(8dc1$SY0vm08o5B z1QhRI2gZY&z%;NEOb4F?lfgY;D$x3X;`pzDBf+$`?R4GuUK$QYj3cUI$peR=Ht>R_v zX)BIboU46swxjKSz4oUSzbiIZoUT1_#r=fFHqO^xzT$bs(2CU+(<|h1Gaq4mcLP0n7!*f#U&N`+MYWH*jq}XaozuLhvFv87FfjRnm|-Vso}h zf3$hqr*S+ToB>EPG|D6)MO;63Zr%izgC=k`Xa*}l3s?!x0q25Na2_}xtO9Cp4aYXn z4lV#4pc8Zf-CxJ?LU0kd7+eA_1(yNc{}bpAKI>fgOTCoprGylZk?WU&v!rqD&+ABj zT0ZQ%WN3V?q{*%Aa1berudVSHH~j0sw_|axYz?k1f@IOv$A?2qjcs3YtA6au zqoh}u`;`02>q17KCD}-+HVKk#lnNLA>a#1c_xG8!AEQV}gT0q7-937}`#cWGQL9R~ z6Yce@&3(2{x>EY><-blz3MntIaeIt>|N3)UK>z(2|5`O1v>!wB zlx#SJM)jC0b!Wd`hhe?Kw)b`XYCyVquwDn!{=sTn^}L++CA)t~`xEVZ_46xFff(H9 v&jeZ-8fm*Ve~-v(Taif=2K{v2%FLRxmtH6}R>oUnc&AabZuRwAp}_wKrh -#include -#include -#include -#include -#include -#include -#include -#include -#include "script.h" - -static void usage(char **argv) -{ - printf("Usage: %s [options]\n", argv[0]); - printf("Options:\n"); - printf(" -c certFileName [...]\n"); - printf(" -C rootCertFileName [...]\n"); - printf(" -r crlFileName [...]\n"); - printf(" -d certDbName\n"); - printf(" -D crlDlDbName\n"); - printf(" -s (use system anchor certs)\n"); - printf(" -g (use Trust Settings)\n"); - printf(" -i (implicit anchors)\n"); - printf(" -l=loopCount (default = 1)\n"); - printf(" -f (leaf cert is a CA)\n"); - printf(" -w(rite CRLs to dlDbName)\n"); - printf("Policy options:\n"); - printf(" -y ssl|smime|swuSign|codeSign|pkgSign|resourceSign|iChat|pkinitServer|\n" - " pkinitClient|IPSec\n"); - printf(" -h sslHostName (implies SSL policy; default is basic)\n"); - printf(" -t SSL client side (implies SSL policy, default is server side)\n"); - printf(" -E senderEmail (implies SMIME policy unless iChat is specified)\n"); - printf("Revocation options:\n"); - printf(" -R revocationPolicy (crl|ocsp|both|none); default = none\n"); - printf(" -a (allow certs unverified by CRL or OCSP)\n"); - printf(" -A (require CRL verification if present in cert\n"); - printf(" -4 (require CRL verification for all certs)\n"); - printf(" -Q (require OCSP if present in cert)\n"); - printf(" -5 (require OCSP verification for all certs)\n"); - printf(" -u responderURI\n"); - printf(" -U responderCert\n"); - printf(" -H (OCSP cache disable)\n"); - printf(" -W (network OCSP disable)\n"); - printf(" -o generate OCSP nonce\n"); - printf(" -O require nonce in OCSP response\n"); - printf("Misc. options:\n"); - printf(" -n (no network fetch of CRLs)\n"); - printf(" -N (no network fetch of certs)\n"); - printf(" -k keyUsage (In HEX starting with 0x)\n"); - printf(" -T verifyTime (in CSSM_TIMESTRING format, like 20041217154316)\n"); - printf(" -e=expectedError (default is CSSM_OK)\n"); - printf(" -S scriptFile\n"); - printf(" -p (print script variable names)\n"); - printf(" -P (pause after each script test)\n"); - printf(" -v (verbose)\n"); - printf(" -q (quiet)\n"); - printf(" -L (silent)\n"); - exit(1); -} - - - -/* add files named by successive items in argv to blobList, up until the - * next '-' arg */ -static void gatherFiles( - BlobList &blobList, - char **argv, - int argc, - int &currArg) -{ - if((currArg == argc) || (argv[currArg][0] == '-')) { - /* need at least one file name */ - usage(argv); - } - while(currArgDBHandle); - if(crtn) { - printError("CSSM_DL_DbOpen", crtn); - printf("***Error opening DB %s. Aborting.\n", crlDbName); - return 1; - } - dlDbList.NumHandles++; - vfyArgs.dlDbList = &dlDbList; - } - for(loop=0; loop -#include -#include -#include -#include -#include -#include -#include -#include -#include "script.h" - -/* Line type returned from parseLine */ -typedef enum { - LT_Empty, // comments, whitespace - LT_TestName, - LT_DirName, - LT_Cert, - LT_Root, - LT_CRL, - LT_CertDb, - LT_CrlDb, - LT_ExpectError, // expected function return - LT_CertError, // per-cert error string - LT_CertStatus, // per-cert StatusBits - LT_SslHost, - LT_SslClient, - LT_SenderEmail, - LT_Policy, - LT_KeyUsage, - LT_RevokePolicy, - LT_RespURI, - LT_RespCert, - LT_EndOfSection, - LT_EndOfFile, - LT_BadLine, - LT_Globals, - LT_Echo, - LT_GenerateOcspNonce, - LT_RequireOcspNonce, - LT_AllowExpiredRoot, - LT_VerifyTime, - LT_ImplicitAnchors, - - /* variables which can be in globals or per-test */ - LT_AllowUnverified, - LT_CrlNetFetchEnable, - LT_CertNetFetchEnable, - LT_UseSystemAnchors, - LT_UseTrustSettings, - LT_LeafCertIsCA, - LT_CacheDisable, - LT_OcspNetFetchDisable, - LT_RequireOcspIfPresent, - LT_RequireCrlIfPresent, - LT_RequireCrlForAll, - LT_RequireOcspForAll -} LineType; - -/* table to map key names to LineType */ -typedef struct { - const char *keyName; - LineType lineType; -} KeyLineType; - -KeyLineType keyLineTypes[] = -{ - { "test", LT_TestName }, - { "dir", LT_DirName }, - { "cert", LT_Cert }, - { "root", LT_Root }, - { "crl", LT_CRL }, - { "certDb", LT_CertDb }, - { "crlDb", LT_CrlDb }, // no longer used - { "error", LT_ExpectError }, - { "certerror", LT_CertError }, - { "certstatus", LT_CertStatus }, - { "sslHost", LT_SslHost }, - { "sslClient", LT_SslClient }, - { "senderEmail", LT_SenderEmail }, - { "policy", LT_Policy }, - { "keyUsage", LT_KeyUsage }, - { "revokePolicy", LT_RevokePolicy }, - { "responderURI", LT_RespURI }, - { "responderCert", LT_RespCert }, - { "cacheDisable", LT_CacheDisable }, - { "echo", LT_Echo }, - { "globals", LT_Globals }, - { "end", LT_EndOfSection }, - { "allowUnverified", LT_AllowUnverified }, - { "requireCrlIfPresent",LT_RequireCrlIfPresent }, - { "crlNetFetchEnable", LT_CrlNetFetchEnable }, - { "certNetFetchEnable", LT_CertNetFetchEnable }, - { "ocspNetFetchDisable",LT_OcspNetFetchDisable }, - { "requireCrlForAll", LT_RequireCrlForAll }, - { "requireOcspForAll", LT_RequireOcspForAll }, - { "useSystemAnchors", LT_UseSystemAnchors }, - { "useTrustSettings", LT_UseTrustSettings }, - { "leafCertIsCA", LT_LeafCertIsCA }, - { "requireOcspIfPresent",LT_RequireOcspIfPresent }, - { "generateOcspNonce", LT_GenerateOcspNonce }, - { "requireOcspNonce", LT_RequireOcspNonce }, - { "allowExpiredRoot", LT_AllowExpiredRoot }, - { "verifyTime", LT_VerifyTime }, - { "implicitAnchors", LT_ImplicitAnchors }, -}; - -#define NUM_KEYS (sizeof(keyLineTypes) / sizeof(KeyLineType)) - -/* map policy string to CertVerifyPolicy */ -typedef struct { - const char *str; - CertVerifyPolicy policy; -} PolicyString; - -static const PolicyString policyStrings[] = -{ - { "basic", CVP_Basic }, - { "ssl", CVP_SSL }, - { "smime", CVP_SMIME }, - { "swuSign", CVP_SWUpdateSign }, - { "codeSign", CVP_AppleCodeSigning }, - { "pkgSign", CVP_PackageSigning }, - { "resourceSign", CVP_ResourceSigning }, - { "iChat", CVP_iChat }, - { "pkinitServer", CVP_PKINIT_Server }, - { "pkinitClient", CVP_PKINIT_Client }, - { "IPSec", CVP_IPSec }, - { NULL, (CertVerifyPolicy)0 } -}; - -/* skip whitespace (but not line terminators) */ -static void skipWhite( - const unsigned char *&cp, - unsigned &bytesLeft) -{ - while(bytesLeft != 0) { - switch(*cp) { - case ' ': - case '\t': - cp++; - bytesLeft--; - break; - default: - return; - } - } -} - -/* skip to next char after EOL */ -static void skipLine( - const unsigned char *&cp, - unsigned &bytesLeft) -{ - bool foundEol = false; - while(bytesLeft != 0) { - switch(*cp) { - case '\n': - case '\r': - foundEol = true; - cp++; - bytesLeft--; - break; - default: - if(foundEol) { - return; - } - cp++; - bytesLeft--; - break; - } - } -} - -/* skip to end of current token (i.e., find next whitespace or '=') */ -static void skipToken( - const unsigned char *&cp, - unsigned &bytesLeft, - bool isQuoted) -{ - while(bytesLeft != 0) { - char c = *cp; - if(isQuoted) { - if(c == '"') { - /* end of quoted string, return still pointing to it */ - return; - } - } - else { - if(isspace(c)) { - return; - } - if(c == '=') { - /* hopefully, end of key */ - return; - } - } - cp++; - bytesLeft--; - } -} - -/* - * Parse one line, return value (following "=" and whitespace) as - * mallocd C string. On return, scriptData points to next char after line - * terminator(s). - * - * The basic form of a line is - * [whitespace] key [whitespace] = [whitespace] value [whitespace] \n|\r... - * - * ...except for comments and blank lines. Comments contain '#' as the - * first non-whitespace char. - */ -#define CHECK_EOF(bytesLeft) \ - if(bytesLeft == 0) { \ - return LT_BadLine; \ - } - -#define MAX_KEY_LEN 80 - -static LineType parseLine( - const unsigned char *&cp, // IN/OUT - unsigned &bytesLeft, // IN/OUT bytes left in script - char *&value, // mallocd and RETURNED - CSSM_BOOL verbose) -{ - if(bytesLeft == 0) { - if(verbose) { - printf("...EOF reached\n"); - } - return LT_EndOfFile; - } - skipWhite(cp, bytesLeft); - if(bytesLeft == 0) { - return LT_Empty; - } - switch(*cp) { - case '#': - case '\n': - case '\r': - skipLine(cp, bytesLeft); - return LT_Empty; - } - - /* - * cp points to start of key - * get key value as NULL terminated C string - */ - const unsigned char *tokenStart = cp; - skipToken(cp, bytesLeft, false); - CHECK_EOF(bytesLeft); - unsigned tokenLen = cp - tokenStart; - char key[MAX_KEY_LEN]; - memmove(key, tokenStart, tokenLen); - key[tokenLen] = '\0'; - - /* parse key */ - LineType rtnType = LT_BadLine; - for(unsigned i=0; ikeyName, key)) { - rtnType = klt->lineType; - break; - } - } - - /* these keys have no value */ - bool noValue = false; - switch(rtnType) { - case LT_EndOfSection: - if(verbose) { - printf("...end of section\n"); - } - noValue = true; - break; - case LT_Globals: - noValue = true; - break; - case LT_BadLine: - printf("***unknown key '%s'\n", key); - noValue = true; - break; - default: - break; - } - if(noValue) { - /* done with line */ - skipLine(cp, bytesLeft); - return rtnType; - } - - /* get to start of value */ - skipWhite(cp, bytesLeft); - CHECK_EOF(bytesLeft); - if(rtnType == LT_Echo) { - /* echo: value is everything from this char to end of line */ - tokenStart = cp; - for( ; bytesLeft != 0; cp++, bytesLeft--) { - if((*cp == '\n') || (*cp == '\r')) { - break; - } - } - if(cp != tokenStart) { - tokenLen = cp - tokenStart; - value = (char *)malloc(tokenLen + 1); - memmove(value, tokenStart, tokenLen); - value[tokenLen] = '\0'; - } - else { - value = NULL; - } - skipLine(cp, bytesLeft); - return LT_Echo; - } - - /* all other line types: value is first token after '=' */ - if(*cp != '=') { - printf("===missing = after key\n"); - return LT_BadLine; - } - cp++; - bytesLeft--; - skipWhite(cp, bytesLeft); - CHECK_EOF(bytesLeft); - - /* cp points to start of value */ - bool isQuoted = false; - if(*cp == '"') { - cp++; - bytesLeft--; - CHECK_EOF(bytesLeft) - isQuoted = true; - } - tokenStart = cp; - skipToken(cp, bytesLeft, isQuoted); - /* cp points to next char after end of value */ - /* get value as mallocd C string */ - tokenLen = cp - tokenStart; - if(tokenLen == 0) { - value = NULL; - } - else { - value = (char *)malloc(tokenLen + 1); - memmove(value, tokenStart, tokenLen); - value[tokenLen] = '\0'; - } - skipLine(cp, bytesLeft); - if(verbose) { - printf("'%s' = '%s'\n", key, value); - } - return rtnType; -} - -/* describe fate of one run of runOneTest() */ -typedef enum { - OTR_Success, - OTR_Fail, - OTR_EndOfScript -} OneTestResult; - -/* parse boolean variable, in globals or per-test */ -OneTestResult parseVar( - LineType lineType, - const char *value, - ScriptVars &scriptVars) -{ - /* parse value */ - CSSM_BOOL cval; - if(!strcmp(value, "true")) { - cval = CSSM_TRUE; - } - else if(!strcmp(value, "false")) { - cval = CSSM_FALSE; - } - else { - printf("***boolean variables must be true or false, not '%s'\n", value); - return OTR_Fail; - } - - switch(lineType) { - case LT_AllowUnverified: - scriptVars.allowUnverified = cval; - break; - case LT_CrlNetFetchEnable: - scriptVars.crlNetFetchEnable = cval; - break; - case LT_CertNetFetchEnable: - scriptVars.certNetFetchEnable = cval; - break; - case LT_UseSystemAnchors: - scriptVars.useSystemAnchors = cval; - break; - case LT_UseTrustSettings: - scriptVars.useTrustSettings = cval; - break; - case LT_LeafCertIsCA: - scriptVars.leafCertIsCA = cval; - break; - case LT_CacheDisable: - scriptVars.cacheDisable = cval; - break; - case LT_OcspNetFetchDisable: - scriptVars.ocspNetFetchDisable = cval; - break; - case LT_RequireOcspIfPresent: - scriptVars.requireOcspIfPresent = cval; - break; - case LT_RequireCrlIfPresent: - scriptVars.requireCrlIfPresent = cval; - break; - case LT_RequireCrlForAll: - scriptVars.requireCrlForAll = cval; - break; - case LT_RequireOcspForAll: - scriptVars.requireOcspForAll = cval; - break; - default: - return OTR_Fail; - } - return OTR_Success; -} - -#if 0 -/* sure wish X had strnstr */ -static char *strnstr( - const char *big, - const char *little, - size_t len) -{ - const char *cp; - unsigned littleLen = strlen(little); - const char *end = big + len - littleLen; - char first = little[0]; - - for(cp=big; cpDLHandle = dlHand; - crtn = CSSM_DL_DbOpen(dlHand, - pathName, - NULL, // DbLocation - CSSM_DB_ACCESS_READ | CSSM_DB_ACCESS_WRITE, - NULL, // CSSM_ACCESS_CREDENTIALS *AccessCred - NULL, // void *OpenParameters - &currDlDb->DBHandle); - if(crtn) { - printError("CSSM_DL_DbOpen", crtn); - printf("***Error opening DB %s. Aborting.\n", value); - return OTR_Fail; - } - break; - case LT_ExpectError: - if(vfyArgs.expectedErrStr != NULL) { - printf("***Duplicate expected error ignored\n"); - free(value); - } - else { - vfyArgs.expectedErrStr = value; // free after test - } - value = NULL; - break; - case LT_CertError: - vfyArgs.numCertErrors++; - vfyArgs.certErrors = (const char **)realloc(vfyArgs.certErrors, - vfyArgs.numCertErrors * sizeof(char *)); - vfyArgs.certErrors[vfyArgs.numCertErrors - 1] = value; - value = NULL; // free after test - break; - case LT_CertStatus: - vfyArgs.numCertStatus++; - vfyArgs.certStatus = (const char **)realloc(vfyArgs.certStatus, - vfyArgs.numCertStatus * sizeof(char *)); - vfyArgs.certStatus[vfyArgs.numCertStatus - 1] = value; - value = NULL; // // free after test - break; - case LT_SslHost: - vfyArgs.sslHost = value; - value = NULL; // free after test - vfyArgs.vfyPolicy = CVP_SSL; - break; - case LT_SenderEmail: - vfyArgs.senderEmail = value; - value = NULL; // free after test - if(vfyArgs.vfyPolicy == CVP_Basic) { - /* don't overwrite if it's already been set to e.g. iChat */ - vfyArgs.vfyPolicy = CVP_SMIME; - } - break; - case LT_Policy: - if(parsePolicyString(value, &vfyArgs.vfyPolicy)) { - printf("Bogus policyValue (%s)\n", value); - printPolicyStrings(); - return OTR_Fail; - } - break; - case LT_KeyUsage: - vfyArgs.intendedKeyUse = hexToBin(value); - break; - case LT_RevokePolicy: - if(!strcmp(value, "none")) { - vfyArgs.revokePolicy = CRP_None; - } - else if(!strcmp(value, "crl")) { - vfyArgs.revokePolicy = CRP_CRL; - } - else if(!strcmp(value, "ocsp")) { - vfyArgs.revokePolicy = CRP_OCSP; - } - else if(!strcmp(value, "both")) { - vfyArgs.revokePolicy = CRP_CRL_OCSP; - } - else { - printf("***Illegal revokePolicy (%s)\n.", value); - return OTR_Fail; - } - break; - case LT_RespURI: - vfyArgs.responderURI = value; - value = NULL; // free after test - break; - case LT_VerifyTime: - vfyArgs.vfyTime = value; - value = NULL; // free after test - break; - case LT_RespCert: - if(readFile(value, (unsigned char **)&vfyArgs.responderCert, - &vfyArgs.responderCertLen)) { - printf("***Error reading responderCert from %s\n", value); - return OTR_Fail; - } - break; - case LT_EndOfSection: - break; - case LT_EndOfFile: - /* only legal if we haven't gotten a test name */ - if(testName == NULL) { - return OTR_EndOfScript; - } - printf("***Premature end of file.\n"); - return OTR_Fail; - case LT_BadLine: - return OTR_Fail; - case LT_Globals: - result = fetchGlobals(scriptData, bytesLeft, scriptVars, verbose); - if(result != OTR_Success) { - printf("***Bad globals section\n"); - return OTR_Fail; - } - /* and start over with these variables */ - localVars = scriptVars; - break; - case LT_SslClient: - if(!strcmp(value, "true")) { - vfyArgs.sslClient = CSSM_TRUE; - } - else { - vfyArgs.sslClient = CSSM_FALSE; - } - vfyArgs.vfyPolicy = CVP_SSL; - break; - case LT_Echo: - if(!quiet) { - printf("%s\n", value); - } - break; - case LT_GenerateOcspNonce: - vfyArgs.generateOcspNonce = CSSM_TRUE; - break; - case LT_RequireOcspNonce: - vfyArgs.requireOcspRespNonce = CSSM_TRUE; - break; - case LT_AllowExpiredRoot: - if(!strcmp(value, "true")) { - vfyArgs.allowExpiredRoot = CSSM_TRUE; - } - else { - vfyArgs.allowExpiredRoot = CSSM_FALSE; - } - break; - case LT_ImplicitAnchors: - if(!strcmp(value, "true")) { - vfyArgs.implicitAnchors = CSSM_TRUE; - } - else { - vfyArgs.implicitAnchors = CSSM_FALSE; - } - break; - default: - /* hopefully a variable */ - result = parseVar(lineType, value, localVars); - if(result != OTR_Success) { - printf("**Bogus line in script %u bytes from EOF\n", - bytesLeft); - return OTR_Fail; - } - break; - - } - if(blobErr) { - return OTR_Fail; - } - if(value != NULL) { - free(value); - } - } while(lineType != LT_EndOfSection); - - /* some args: copy from ScriptVars -> CertVerifyArgs */ - vfyArgs.allowUnverified = localVars.allowUnverified; - vfyArgs.requireOcspIfPresent = localVars.requireOcspIfPresent; - vfyArgs.requireCrlIfPresent = localVars.requireCrlIfPresent; - vfyArgs.crlNetFetchEnable = localVars.crlNetFetchEnable; - vfyArgs.certNetFetchEnable = localVars.certNetFetchEnable; - vfyArgs.useSystemAnchors = localVars.useSystemAnchors; - vfyArgs.useTrustSettings = localVars.useTrustSettings; - vfyArgs.leafCertIsCA = localVars.leafCertIsCA; - vfyArgs.disableCache = localVars.cacheDisable; - vfyArgs.disableOcspNet = localVars.ocspNetFetchDisable; - vfyArgs.requireCrlForAll = localVars.requireCrlForAll; - vfyArgs.requireOcspForAll = localVars.requireOcspForAll; - vfyArgs.verbose = verbose; - - /* here we go */ - if(!quiet && (testName != NULL)) { - printf("%s\n", testName); - } - int rtn = certVerify(&vfyArgs); - - OneTestResult ourRtn = OTR_Success; - if(rtn) { - printf("***Failure on %s\n", testName); - if(testError(quiet)) { - ourRtn = OTR_Fail; - } - } - /* free the stuff that didn't get freed and the end of the - * main per-line loop */ - if(dirName != NULL) { - free(dirName); - } - if(vfyArgs.expectedErrStr != NULL) { - free((void *)vfyArgs.expectedErrStr); - } - if(vfyArgs.certErrors != NULL) { - for(unsigned i=0; istr; ps++) { - if(!strcmp(ps->str, str)) { - *policy = ps->policy; - return 0; - } - } - return 1; -} - -void printPolicyStrings() -{ - printf("Valid policy strings are:\n "); - const PolicyString *ps; - unsigned i=0; - for(ps=policyStrings; ps->str; ps++, i++) { - printf("%s", ps->str); - if(ps[1].str == NULL) { - break; - } - if((i % 6) == 5) { - printf(",\n "); - } - else { - printf(", "); - } - } - printf("\n"); -} - -void printScriptVars() -{ - printf("The list of script variables is as follows:\n"); - for(unsigned dex=0; dex - -/* - * Test variables which can be specified at the top level (on the - * call to runScript), or globally in a script, or within the scope - * of one test. - */ -typedef struct { - CSSM_BOOL allowUnverified; - CSSM_BOOL requireCrlIfPresent; - CSSM_BOOL requireOcspIfPresent; - CSSM_BOOL crlNetFetchEnable; - CSSM_BOOL certNetFetchEnable; - CSSM_BOOL useSystemAnchors; - CSSM_BOOL useTrustSettings; - CSSM_BOOL leafCertIsCA; - CSSM_BOOL cacheDisable; - CSSM_BOOL ocspNetFetchDisable; - CSSM_BOOL requireCrlForAll; - CSSM_BOOL requireOcspForAll; -} ScriptVars; - -extern "C" { -int runScript( - const char *fileName, - CSSM_TP_HANDLE tpHand, - CSSM_CL_HANDLE clHand, - CSSM_CSP_HANDLE cspHand, - CSSM_DL_HANDLE dlHand, - ScriptVars *scriptVars, - CSSM_BOOL quiet, - CSSM_BOOL verbose, - CSSM_BOOL doPause); - -/* parse policy string; returns nonzero of not found */ -int parsePolicyString( - const char *str, - CertVerifyPolicy *policy); - -void printPolicyStrings(); -void printScriptVars(); - -} -#endif /* _SCRIPT_H_ */ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleCerts.scr b/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleCerts.scr deleted file mode 100644 index 697c8646..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleCerts.scr +++ /dev/null @@ -1,34 +0,0 @@ -# -# test Apple certs. Requires the root to be trusted somehow (it's not explicitly passed to -# the verifier here). . -# -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = true -useTrustSettings = true -end -# -test = Development -cert = AppleDevelopment.pem -cert = AppleSWUPDATE.pem -policy = swuSign -error = CSSMERR_APPLETP_CODE_SIGN_DEVELOPMENT -certerror=0:CSSMERR_APPLETP_CODE_SIGN_DEVELOPMENT -end -# -# -test = "Software Update" -cert = AppleSoftUpdate.pem -cert = AppleSWUPDATE.pem -policy = swuSign -end -# -test = "test the intermediate CA, wrong cert chain length" -cert = AppleSWUPDATE.pem -policy = swuSign -error = CSSMERR_APPLETP_CS_BAD_CERT_CHAIN_LENGTH -end -# - diff --git a/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleDevelopment.pem b/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleDevelopment.pem deleted file mode 100644 index 287d9d3b..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleDevelopment.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFKjCCBBKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCVVMx -EzARBgNVBAoTCkFwcGxlIEluYy4xJjAkBgNVBAsTHUFwcGxlIENlcnRpZmljYXRp -b24gQXV0aG9yaXR5MTYwNAYDVQQDEy1BcHBsZSBTb2Z0d2FyZSBVcGRhdGUgQ2Vy -dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDcwMjIzMjIxNjAyWhcNMTUwMTE0MjIx -NjAyWjBfMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQXBwbGUgSW5jLjEeMBwGA1UE -CxMVQXBwbGUgU29mdHdhcmUgVXBkYXRlMRswGQYDVQQDExJEZXZlbG9wbWVudCBV -cGRhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEn+3Y1fgubxPE -vWAPoWKLQQYVR0zG2/YsIPjRz2HrgzupGiPIYV/zcj0JcOeQ64KdukUlJrhZXgpp -6O7NwOHU7fUN+tfj46boyrIsRGNz+pd0zNiAeXekDyUsYj/nbD4wlACGwxxmiFtB -toJuRwVON1j9GcwSCoQHUkFZXUyeiSRkrSAwmGLBI9jVsGDuauvbY5aZUWOEaP8E -rgIllUL8MruOb0ObQJGaBkl3jjzxnThGmLQ85Q0fDyHM48rPR7O81yROfzIjzmeX -UorMWFmXF4ObBpZL1XpDsVvPargm2J6CnZN+7Z3HmYs4wfy9ZX2MpvYk4ZiaXUp9 -XstIUxFLAgMBAAGjggHLMIIBxzAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIw -ADAYBgNVHSUBAf8EDjAMBgoqhkiG92NkBAEBMB0GA1UdDgQWBBQZr1Csr2Hh/8+u -t50EW0Dku4+UMzAfBgNVHSMEGDAWgBSLxSlK86/KoXKU9wZtR2NBsEeYITCCAQ8G -A1UdIASCAQYwggECMIH/BgkqhkiG92NkBQEwgfEwKQYIKwYBBQUHAgEWHWh0dHA6 -Ly93d3cuYXBwbGUuY29tL2FwcGxlY2EvMIHDBggrBgEFBQcCAjCBthqBs1JlbGlh -bmNlIG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFzc3VtZXMgYWNj -ZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJkIHRlcm1zIGFu -ZCBjb25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUgcG9saWN5IGFuZCBjZXJ0 -aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMDoGA1UdHwQzMDEwL6AtoCuG -KWh0dHA6Ly93d3cuYXBwbGUuY29tL2FwcGxlY2Evc3d1cGRhdGUuY3JsMA0GCSqG -SIb3DQEBBQUAA4IBAQB5O5mfgkJ5uo5BEagc7UzNh5lfRAG48TW9RcdlsN4/NX6a -gWXYRS7Ohh7qho8xtlk1QzPGWNY4tQISwB7NzJWAsc2cZfvN3phy891qYgmy5nzB -IyedZH5CIwjdBweVZ1jkFne1noR6G4RJRQgm98YmdSbAJ3kvJjIBCfNzf1SlnPPh -EWhKEByElIPUvX+MZAC1b72RSO0sbKBc92c1qfojqxhm0Gqt4cDgoiWq09q3290m -mxk8Xdba3ZDQq5wGWuLnEitFiMzqp7l6ratCYVl7ZwyLA6UchN4DtsGhcWnKBXtV -2kq5fCqVeWQopLYuNkqqdi32wNoxCYaUaELQceez ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleQuickTime.pem b/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleQuickTime.pem deleted file mode 100644 index e95e04f2..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleQuickTime.pem +++ /dev/null @@ -1,94 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 103 (0x67) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=Apple Computer, Inc., OU=Apple Computer Certificate Authority, CN=Apple Software Update Certificate Authority - Validity - Not Before: Feb 10 18:55:38 2005 GMT - Not After : Feb 10 18:55:38 2007 GMT - Subject: C=US, O=Apple Computer, Inc., OU=Apple Computer Software Update, CN=QuickTime - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:bb:ae:7c:1c:fa:5b:0a:a3:21:f5:d1:96:34:c5: - 66:d6:cf:4a:36:aa:79:e1:91:3b:1d:cb:63:c2:c4: - 9b:08:99:68:36:06:ff:1b:27:13:6f:e9:24:94:89: - f2:74:6d:20:0c:cf:09:aa:66:5d:c8:57:de:91:e8: - 41:03:e1:ec:ae:9a:c9:95:65:21:2d:d0:64:04:4d: - 04:af:9b:b3:e3:32:15:6a:10:30:96:2f:83:31:74: - 51:27:79:f0:22:0e:76:3d:a1:65:63:ab:f3:35:4a: - 1c:b8:1a:0b:2b:4b:da:d0:85:a5:f3:c8:99:41:de: - 5a:3b:ae:d8:cc:e4:48:32:09 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Digital Signature - X509v3 Extended Key Usage: - Apple Code Signing - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Subject Key Identifier: - 75:8E:18:0C:D1:21:60:E0:CC:45:B7:3D:7B:D2:04:F6:8F:1B:9E:DE - X509v3 Authority Key Identifier: - keyid:5E:21:5B:43:BD:5E:74:56:8A:D7:C7:E0:15:32:FD:0A:FD:E8:46:C2 - - X509v3 Certificate Policies: - Policy: 1.2.840.113635.100.5.1 - CPS: https://www.apple.com/certificateauthority/terms.html - User Notice: - Explicit Text: Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate policy and certification practice statements. - - X509v3 CRL Distribution Points: - URI:https://www.apple.com/certificateauthority/swupdate.crl - - Authority Information Access: - CA Issuers - URI:https://www.apple.com/certificateauthority/casigners.html - - Signature Algorithm: sha1WithRSAEncryption - d0:3c:83:d8:5d:fa:d6:5a:41:e4:e3:73:e1:9e:fc:57:b8:7d: - 81:35:c4:5d:14:b8:a0:34:97:fe:e9:2e:63:57:db:ef:6f:8c: - 5f:b0:af:33:2e:39:1f:3d:18:8a:22:bb:2c:50:57:9e:49:d6: - 53:7b:40:9b:25:81:91:9d:75:d4:1d:21:3e:0d:ef:ab:6b:ce: - 6d:48:2f:dd:22:27:da:d5:80:b4:1b:77:07:f8:1e:12:55:47: - 00:55:5b:ab:3e:4b:60:7e:dd:d9:11:a9:de:cf:57:5e:1e:2a: - 76:4f:4f:b2:e8:c3:df:4c:35:dc:41:8c:62:be:9d:a5:2c:2f: - f5:42:e2:68:a2:e0:21:8a:ef:ce:83:5a:7b:35:08:d8:d4:e5: - 5b:d1:29:52:33:64:5f:46:0d:e8:07:73:2c:68:5b:65:b9:f7: - 13:6a:15:f5:20:74:52:30:60:09:d9:83:3f:79:4a:e1:6e:72: - 44:c3:f6:42:f6:25:65:9f:3b:d7:80:96:22:f2:80:7e:8a:9e: - 71:4e:17:30:a6:d8:c1:f8:38:37:db:e2:f0:9e:6d:65:f5:4f: - 07:55:10:5c:ec:3f:06:b5:b7:14:4f:6a:99:68:87:6d:f5:b4: - e1:9f:0a:1f:50:c8:1c:fa:53:fe:81:6f:85:49:1c:7e:e5:69: - c4:a0:e1:4c ------BEGIN CERTIFICATE----- -MIIFOjCCBCKgAwIBAgIBZzANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMCVVMx -HTAbBgNVBAoTFEFwcGxlIENvbXB1dGVyLCBJbmMuMS0wKwYDVQQLEyRBcHBsZSBD -b21wdXRlciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxNDAyBgNVBAMTK0FwcGxlIFNv -ZnR3YXJlIFVwZGF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDUwMjEwMTg1 -NTM4WhcNMDcwMjEwMTg1NTM4WjBpMQswCQYDVQQGEwJVUzEdMBsGA1UEChMUQXBw -bGUgQ29tcHV0ZXIsIEluYy4xJzAlBgNVBAsTHkFwcGxlIENvbXB1dGVyIFNvZnR3 -YXJlIFVwZGF0ZTESMBAGA1UEAxMJUXVpY2tUaW1lMIGfMA0GCSqGSIb3DQEBAQUA -A4GNADCBiQKBgQC7rnwc+lsKoyH10ZY0xWbWz0o2qnnhkTsdy2PCxJsImWg2Bv8b -JxNv6SSUifJ0bSAMzwmqZl3IV96R6EED4eyumsmVZSEt0GQETQSvm7PjMhVqEDCW -L4MxdFEnefAiDnY9oWVjq/M1Shy4GgsrS9rQhaXzyJlB3lo7rtjM5EgyCQIDAQAB -o4ICRjCCAkIwDgYDVR0PAQH/BAQDAgeAMBQGA1UdJQQNMAsGCSqGSIb3Y2QEATAM -BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR1jhgM0SFg4MxFtz170gT2jxue3jAfBgNV -HSMEGDAWgBReIVtDvV50VorXx+AVMv0K/ehGwjCCASkGA1UdIASCASAwggEcMIIB -GAYJKoZIhvdjZAUBMIIBCTBBBggrBgEFBQcCARY1aHR0cHM6Ly93d3cuYXBwbGUu -Y29tL2NlcnRpZmljYXRlYXV0aG9yaXR5L3Rlcm1zLmh0bWwwgcMGCCsGAQUFBwIC -MIG2GoGzUmVsaWFuY2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkg -YXNzdW1lcyBhY2NlcHRhbmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRh -cmQgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xp -Y3kgYW5kIGNlcnRpZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wSAYDVR0f -BEEwPzA9oDugOYY3aHR0cHM6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmljYXRlYXV0 -aG9yaXR5L3N3dXBkYXRlLmNybDBVBggrBgEFBQcBAQRJMEcwRQYIKwYBBQUHMAKG -OWh0dHBzOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS9jYXNp -Z25lcnMuaHRtbDANBgkqhkiG9w0BAQUFAAOCAQEA0DyD2F361lpB5ONz4Z78V7h9 -gTXEXRS4oDSX/ukuY1fb72+MX7CvMy45Hz0YiiK7LFBXnknWU3tAmyWBkZ111B0h -Pg3vq2vObUgv3SIn2tWAtBt3B/geElVHAFVbqz5LYH7d2RGp3s9XXh4qdk9PsujD -30w13EGMYr6dpSwv9ULiaKLgIYrvzoNaezUI2NTlW9EpUjNkX0YN6AdzLGhbZbn3 -E2oV9SB0UjBgCdmDP3lK4W5yRMP2QvYlZZ8714CWIvKAfoqecU4XMKbYwfg4N9vi -8J5tZfVPB1UQXOw/BrW3FE9qmWiHbfW04Z8KH1DIHPpT/oFvhUkcfuVpxKDhTA== ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleROOTCA.pem b/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleROOTCA.pem deleted file mode 100644 index a27252d0..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleROOTCA.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEuzCCA6OgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzET -MBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkxFjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwHhcNMDYwNDI1MjE0 -MDM2WhcNMzUwMjA5MjE0MDM2WjBiMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQXBw -bGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx -FjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDkkakJH5HbHkdQ6wXtXnmELes2oldMVeyLGYne+Uts9QerIjAC6Bg+ -+FAJ039BqJj50cpmnCRrEdCju+QbKsMflZ56DKRHi1vUFjczy8QPTc4UadHJGXL1 -XQ7Vf1+b8iUDulWPTV0N8WQ1IxVLFVkds5T39pyez1C6wVhQZ48ItCD3y6wsIG9w -tj8BMIy3Q88PnT3zK0koGsj+zrW5DtleHNbLPbU6rfQPDgCSC7EhFi501TwN22IW -q6NxkkdTVcGvL0Gz+PvjcM3mo0xFfh9Ma1CWQYnEdGILEINBhzOKgbEwWOxaBDKM -aLOPHd5lc/9nXmW8Sdh2nzMUZaF3lMktAgMBAAGjggF6MIIBdjAOBgNVHQ8BAf8E -BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUK9BpR5R2Cf70a40uQKb3 -R01/CF4wHwYDVR0jBBgwFoAUK9BpR5R2Cf70a40uQKb3R01/CF4wggERBgNVHSAE -ggEIMIIBBDCCAQAGCSqGSIb3Y2QFATCB8jAqBggrBgEFBQcCARYeaHR0cHM6Ly93 -d3cuYXBwbGUuY29tL2FwcGxlY2EvMIHDBggrBgEFBQcCAjCBthqBs1JlbGlhbmNl -IG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFzc3VtZXMgYWNjZXB0 -YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJkIHRlcm1zIGFuZCBj -b25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUgcG9saWN5IGFuZCBjZXJ0aWZp -Y2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMA0GCSqGSIb3DQEBBQUAA4IBAQBc -NplMLXi37Yyb3PN3m/J20ncwT8EfhYOFG5k9RzfyqZtAjizUsZAS2L70c5vu0mQP -y3lPNNiiPvl4/2vIB+x9OYOLUyDTOMSxv5pPCmv/K/xZpwUJfBdAVhEedNO3iyM7 -R6PVbyTi69G3cN8PReEnyvFteO3ntRcXqNx+IjXKJdXZD9Zr1KIkIxH3oayPc4Fg -xhtbCS+SsvhESPBgOJ4V9T0mZyCKM2r3DYLP3uujL/lTaltkwGMzd/c6ByxW69oP -IQ7aunMZT7XZNn/Bh1XZp5m5MkL72NVxnn6hUrcbvZNCJBIqxw8dtk2cXmPIS4AX -UKqK1drk/NAJBzewdXUh ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleSWUPDATE.pem b/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleSWUPDATE.pem deleted file mode 100644 index 3c194451..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleSWUPDATE.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEFjCCAv6gAwIBAgIBFDANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzET -MBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkxFjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwHhcNMDcwMjE0MjEw -MzU0WhcNMTUwMjE0MjEwMzU0WjCBgjELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkFw -cGxlIEluYy4xJjAkBgNVBAsTHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -MTYwNAYDVQQDEy1BcHBsZSBTb2Z0d2FyZSBVcGRhdGUgQ2VydGlmaWNhdGlvbiBB -dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyAvI/7DYl -ejquD20OX8UUTXo6jgJPEMjZNomE23VEisGej5Q6uC0CQQvtPA3vHA0uCd/3KJa7 -w4t9GLiQaxPywd42cv97O49HehfyrhM04zCy3PiSlgE2jmebZ9gB7Mn+33GZ047X -nYz364A4SXtmIrzL0V66/HKsf4GCkepguLGQq+5fcNu5oEt0UXKarlBfz9p39PjS -AvglzdBum/NobcPEbNhNiKok+r/vit/HF5Qe5/wprxXd7qqjfmILFJHZuG/RbIaV -kdbPYyfhtrlww5c/JKk7htkbFWY1A13c3qHLokau7W364KKq/iiKu7O5u4qUEwqi -T1DLSqc5ycEPAgMBAAGjgbUwgbIwDgYDVR0PAQH/BAQDAgGGMBcGA1UdJQEB/wQN -MAsGCSqGSIb3Y2QEATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSLxSlK86/K -oXKU9wZtR2NBsEeYITAfBgNVHSMEGDAWgBQr0GlHlHYJ/vRrjS5ApvdHTX8IXjA2 -BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vd3d3LmFwcGxlLmNvbS9hcHBsZWNhL3Jv -b3QuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAsI+raTtVA/x889Y9EP1nU8j18KbfX -U/Fx7cBUZRxGs3AdjsDiwIbUyX1E8UgKYB9WdPQoKIjKhAz9ZSMXUX8Rp99Ag/75 -VoseR1xs3OV/bzvV1mJGYD3LkliZYAjiHElunsauiuT3nUXrI/vbHlZ8vlZmE+53 -JAjhT+pOsCpNRa51Wt9QjEcApqt/DXFnxZAVsrsJE4pVQ8iGJ8nMtAj6HdJAzv5m -VC+QB/yIq/G6ci6lEhAy8OC6x8d4DLtE6guVJpXsaIc5i3q6sFoOETHNwF2yNVoh -DA09GksP5j0FBLnJ1npFpvPp1UxsAt6mEofXfEceNFyODAyMouD7K8kL ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleSecUpdate.pem b/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleSecUpdate.pem deleted file mode 100644 index 4b309a49..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleSecUpdate.pem +++ /dev/null @@ -1,95 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 101 (0x65) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=Apple Computer, Inc., OU=Apple Computer Certificate Authority, CN=Apple Software Update Certificate Authority - Validity - Not Before: Feb 10 18:55:34 2005 GMT - Not After : Feb 10 18:55:34 2007 GMT - Subject: C=US, O=Apple Computer, Inc., OU=Apple Computer Software Update, CN=Security Update - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:df:2c:ae:16:89:2f:56:3d:46:5a:86:d7:50:c3: - 14:ee:64:39:63:ae:05:a5:5f:c8:7a:df:cd:b0:70: - dc:c7:56:87:31:8a:19:a7:97:45:20:8f:e8:94:5a: - 9b:ca:fe:98:0b:d5:53:63:7e:b5:e8:a1:74:00:fb: - 07:1f:fb:ed:0c:3c:d2:40:25:d9:44:41:c9:4c:cd: - f0:93:8b:60:52:39:d6:31:6a:10:13:d7:84:ff:80: - 33:63:d8:99:41:98:35:97:25:a5:d7:50:26:65:63: - 16:32:82:73:1f:f0:80:87:a5:70:8f:2c:92:12:25: - 25:b9:9f:35:a6:89:60:b7:7f - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Digital Signature - X509v3 Extended Key Usage: - Apple Code Signing - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Subject Key Identifier: - B8:B8:A1:D0:52:48:E8:5C:95:D7:46:7B:83:61:4B:32:A9:5E:85:23 - X509v3 Authority Key Identifier: - keyid:5E:21:5B:43:BD:5E:74:56:8A:D7:C7:E0:15:32:FD:0A:FD:E8:46:C2 - - X509v3 Certificate Policies: - Policy: 1.2.840.113635.100.5.1 - CPS: https://www.apple.com/certificateauthority/terms.html - User Notice: - Explicit Text: Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate policy and certification practice statements. - - X509v3 CRL Distribution Points: - URI:https://www.apple.com/certificateauthority/swupdate.crl - - Authority Information Access: - CA Issuers - URI:https://www.apple.com/certificateauthority/casigners.html - - Signature Algorithm: sha1WithRSAEncryption - 70:54:b0:e8:ea:c3:a4:7c:41:12:ee:56:38:dd:58:b9:a9:79: - e3:79:a4:f7:e7:df:72:b5:6d:ed:a5:d8:0e:3b:4f:d9:6a:32: - 08:cb:5c:18:f9:9d:b8:d8:99:d7:14:f9:dc:1d:0f:84:d2:b3: - 21:0b:c0:3b:15:00:cc:e7:c5:58:f5:91:a3:fb:96:a4:44:b9: - 05:2d:3f:8d:63:53:b1:22:46:65:0c:c4:d4:f2:6b:43:54:47: - d5:40:b5:0d:0c:b2:18:5b:70:1d:d4:3a:52:58:78:7f:5e:38: - 15:9b:0d:23:a0:3e:b4:fe:d3:1a:1a:2e:82:8c:d2:24:4e:3f: - d5:65:96:ae:3d:d3:68:0c:e2:39:94:ea:aa:1b:69:6d:ed:6e: - 5a:d5:c6:c2:31:1b:23:ac:b5:78:59:4c:c7:f8:a4:db:2f:0f: - 48:8f:29:30:18:9b:32:5f:2f:c8:94:6e:83:fe:9d:c1:47:bb: - 37:d1:85:2c:d3:8e:b8:e2:cb:7b:3e:ab:b4:28:2a:66:63:ce: - 00:d4:60:2e:d3:9c:0e:50:fe:cb:0c:2c:24:f9:73:1f:ac:10: - de:ee:9c:9b:86:d9:46:98:bc:f2:f0:ae:e3:04:06:69:49:fb: - 56:c7:bd:17:76:b7:6b:fa:32:77:3c:50:5c:c0:ce:fa:b7:93: - b3:c4:e2:c9 ------BEGIN CERTIFICATE----- -MIIFQDCCBCigAwIBAgIBZTANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMCVVMx -HTAbBgNVBAoTFEFwcGxlIENvbXB1dGVyLCBJbmMuMS0wKwYDVQQLEyRBcHBsZSBD -b21wdXRlciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxNDAyBgNVBAMTK0FwcGxlIFNv -ZnR3YXJlIFVwZGF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDUwMjEwMTg1 -NTM0WhcNMDcwMjEwMTg1NTM0WjBvMQswCQYDVQQGEwJVUzEdMBsGA1UEChMUQXBw -bGUgQ29tcHV0ZXIsIEluYy4xJzAlBgNVBAsTHkFwcGxlIENvbXB1dGVyIFNvZnR3 -YXJlIFVwZGF0ZTEYMBYGA1UEAxMPU2VjdXJpdHkgVXBkYXRlMIGfMA0GCSqGSIb3 -DQEBAQUAA4GNADCBiQKBgQDfLK4WiS9WPUZahtdQwxTuZDljrgWlX8h6382wcNzH -Vocxihmnl0Ugj+iUWpvK/pgL1VNjfrXooXQA+wcf++0MPNJAJdlEQclMzfCTi2BS -OdYxahAT14T/gDNj2JlBmDWXJaXXUCZlYxYygnMf8ICHpXCPLJISJSW5nzWmiWC3 -fwIDAQABo4ICRjCCAkIwDgYDVR0PAQH/BAQDAgeAMBQGA1UdJQQNMAsGCSqGSIb3 -Y2QEATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBS4uKHQUkjoXJXXRnuDYUsyqV6F -IzAfBgNVHSMEGDAWgBReIVtDvV50VorXx+AVMv0K/ehGwjCCASkGA1UdIASCASAw -ggEcMIIBGAYJKoZIhvdjZAUBMIIBCTBBBggrBgEFBQcCARY1aHR0cHM6Ly93d3cu -YXBwbGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5L3Rlcm1zLmh0bWwwgcMGCCsG -AQUFBwICMIG2GoGzUmVsaWFuY2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkg -cGFydHkgYXNzdW1lcyBhY2NlcHRhbmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUg -c3RhbmRhcmQgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0 -ZSBwb2xpY3kgYW5kIGNlcnRpZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4w -SAYDVR0fBEEwPzA9oDugOYY3aHR0cHM6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmlj -YXRlYXV0aG9yaXR5L3N3dXBkYXRlLmNybDBVBggrBgEFBQcBAQRJMEcwRQYIKwYB -BQUHMAKGOWh0dHBzOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0 -eS9jYXNpZ25lcnMuaHRtbDANBgkqhkiG9w0BAQUFAAOCAQEAcFSw6OrDpHxBEu5W -ON1Yual543mk9+ffcrVt7aXYDjtP2WoyCMtcGPmduNiZ1xT53B0PhNKzIQvAOxUA -zOfFWPWRo/uWpES5BS0/jWNTsSJGZQzE1PJrQ1RH1UC1DQyyGFtwHdQ6Ulh4f144 -FZsNI6A+tP7TGhougozSJE4/1WWWrj3TaAziOZTqqhtpbe1uWtXGwjEbI6y1eFlM -x/ik2y8PSI8pMBibMl8vyJRug/6dwUe7N9GFLNOOuOLLez6rtCgqZmPOANRgLtOc -DlD+ywwsJPlzH6wQ3u6cm4bZRpi88vCu4wQGaUn7Vse9F3a3a/oydzxQXMDO+reT -s8TiyQ== ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleSherlock.pem b/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleSherlock.pem deleted file mode 100644 index 39a756ce..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleSherlock.pem +++ /dev/null @@ -1,94 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 102 (0x66) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=Apple Computer, Inc., OU=Apple Computer Certificate Authority, CN=Apple Software Update Certificate Authority - Validity - Not Before: Feb 10 18:55:36 2005 GMT - Not After : Feb 10 18:55:36 2007 GMT - Subject: C=US, O=Apple Computer, Inc., OU=Apple Computer Software Update, CN=Sherlock - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:e9:35:95:82:34:0d:c8:79:a0:6f:78:a7:e6:9f: - 69:d3:c8:2c:92:86:50:2b:c4:29:53:b6:1d:fa:97: - 88:59:eb:68:d9:a9:83:a3:67:82:91:4c:99:20:24: - a1:80:60:1f:1a:20:f2:04:15:6b:79:66:4d:d7:af: - 3c:04:f6:b4:0d:d8:92:d3:20:52:a6:7c:14:a2:5d: - 6c:b0:64:87:fc:12:5a:33:c3:e8:73:8f:93:f1:e0: - 51:58:87:5d:07:8e:fa:04:cc:a4:f7:ea:9f:cd:dd: - 6e:68:23:9c:5c:0d:dc:30:1e:4a:21:d7:ab:6a:65: - 0b:80:24:7c:cf:19:7f:44:99 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Digital Signature - X509v3 Extended Key Usage: - Apple Code Signing - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Subject Key Identifier: - EE:E7:02:1F:F8:46:A3:D7:15:1A:51:8B:F8:C1:1C:35:47:23:29:BC - X509v3 Authority Key Identifier: - keyid:5E:21:5B:43:BD:5E:74:56:8A:D7:C7:E0:15:32:FD:0A:FD:E8:46:C2 - - X509v3 Certificate Policies: - Policy: 1.2.840.113635.100.5.1 - CPS: https://www.apple.com/certificateauthority/terms.html - User Notice: - Explicit Text: Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate policy and certification practice statements. - - X509v3 CRL Distribution Points: - URI:https://www.apple.com/certificateauthority/swupdate.crl - - Authority Information Access: - CA Issuers - URI:https://www.apple.com/certificateauthority/casigners.html - - Signature Algorithm: sha1WithRSAEncryption - c1:1d:87:7f:61:c4:b0:a8:7d:1d:87:fa:48:4c:c4:77:cd:ba: - 46:2e:63:d0:41:e6:9c:c1:9c:57:15:26:4c:86:80:ff:68:d5: - 85:1e:d1:ce:67:2d:62:44:05:ec:7f:d0:0f:75:16:a9:f3:12: - 2e:7d:65:32:51:eb:26:17:25:80:f3:33:57:b0:3d:a9:89:e6: - ac:69:68:08:7a:7a:db:34:61:2c:4f:a9:cd:54:b0:d2:3e:a9: - bd:54:7a:cf:c0:a0:20:8e:61:52:0e:ba:77:21:f0:b4:91:ad: - f7:45:ee:a0:62:93:3b:4d:b5:c2:01:1f:11:03:3e:eb:58:05: - c7:44:7f:ae:be:fd:73:02:89:81:05:61:d2:62:00:8a:1b:e7: - bd:4c:68:2d:72:4a:ad:f3:70:b4:c7:0d:fa:fb:69:3b:bd:21: - 5d:9d:b9:a5:cc:b7:11:ed:af:77:c0:7e:4a:98:8d:c3:48:82: - 8d:97:6f:35:c8:f7:48:d5:cd:8b:7c:4c:d5:72:c4:0f:7d:de: - c9:f1:7a:d6:87:ab:39:14:db:16:7e:64:37:50:ce:bf:d9:7b: - 03:9d:ae:e8:64:bd:31:85:3d:63:53:a3:e6:ea:14:07:82:f7: - 10:aa:9c:38:92:cd:2c:1d:46:33:5f:50:41:82:6a:11:ee:78: - 42:c1:16:84 ------BEGIN CERTIFICATE----- -MIIFOTCCBCGgAwIBAgIBZjANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMCVVMx -HTAbBgNVBAoTFEFwcGxlIENvbXB1dGVyLCBJbmMuMS0wKwYDVQQLEyRBcHBsZSBD -b21wdXRlciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxNDAyBgNVBAMTK0FwcGxlIFNv -ZnR3YXJlIFVwZGF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDUwMjEwMTg1 -NTM2WhcNMDcwMjEwMTg1NTM2WjBoMQswCQYDVQQGEwJVUzEdMBsGA1UEChMUQXBw -bGUgQ29tcHV0ZXIsIEluYy4xJzAlBgNVBAsTHkFwcGxlIENvbXB1dGVyIFNvZnR3 -YXJlIFVwZGF0ZTERMA8GA1UEAxMIU2hlcmxvY2swgZ8wDQYJKoZIhvcNAQEBBQAD -gY0AMIGJAoGBAOk1lYI0Dch5oG94p+afadPILJKGUCvEKVO2HfqXiFnraNmpg6Nn -gpFMmSAkoYBgHxog8gQVa3lmTdevPAT2tA3YktMgUqZ8FKJdbLBkh/wSWjPD6HOP -k/HgUViHXQeO+gTMpPfqn83dbmgjnFwN3DAeSiHXq2plC4AkfM8Zf0SZAgMBAAGj -ggJGMIICQjAOBgNVHQ8BAf8EBAMCB4AwFAYDVR0lBA0wCwYJKoZIhvdjZAQBMAwG -A1UdEwEB/wQCMAAwHQYDVR0OBBYEFO7nAh/4RqPXFRpRi/jBHDVHIym8MB8GA1Ud -IwQYMBaAFF4hW0O9XnRWitfH4BUy/Qr96EbCMIIBKQYDVR0gBIIBIDCCARwwggEY -BgkqhkiG92NkBQEwggEJMEEGCCsGAQUFBwIBFjVodHRwczovL3d3dy5hcHBsZS5j -b20vY2VydGlmaWNhdGVhdXRob3JpdHkvdGVybXMuaHRtbDCBwwYIKwYBBQUHAgIw -gbYagbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh -c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy -ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGlj -eSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjBIBgNVHR8E -QTA/MD2gO6A5hjdodHRwczovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRo -b3JpdHkvc3d1cGRhdGUuY3JsMFUGCCsGAQUFBwEBBEkwRzBFBggrBgEFBQcwAoY5 -aHR0cHM6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5L2Nhc2ln -bmVycy5odG1sMA0GCSqGSIb3DQEBBQUAA4IBAQDBHYd/YcSwqH0dh/pITMR3zbpG -LmPQQeacwZxXFSZMhoD/aNWFHtHOZy1iRAXsf9APdRap8xIufWUyUesmFyWA8zNX -sD2pieasaWgIenrbNGEsT6nNVLDSPqm9VHrPwKAgjmFSDrp3IfC0ka33Re6gYpM7 -TbXCAR8RAz7rWAXHRH+uvv1zAomBBWHSYgCKG+e9TGgtckqt83C0xw36+2k7vSFd -nbmlzLcR7a93wH5KmI3DSIKNl281yPdI1c2LfEzVcsQPfd7J8XrWh6s5FNsWfmQ3 -UM6/2XsDna7oZL0xhT1jU6Pm6hQHgvcQqpw4ks0sHUYzX1BBgmoR7nhCwRaE ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleSignUpdate.pem b/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleSignUpdate.pem deleted file mode 100644 index 8c5919ec..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleSignUpdate.pem +++ /dev/null @@ -1,95 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 104 (0x68) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=Apple Computer, Inc., OU=Apple Computer Certificate Authority, CN=Apple Software Update Certificate Authority - Validity - Not Before: Feb 10 18:55:40 2005 GMT - Not After : Feb 10 18:55:40 2007 GMT - Subject: C=US, O=Apple Computer, Inc., OU=Apple Computer Software Update, CN=Signed Update - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:b6:e1:d1:0a:c0:25:12:5e:ef:76:2a:a6:4a:c7: - 84:7c:00:71:0e:77:7a:1e:2a:75:69:d2:61:a9:3a: - 43:15:a9:00:7f:45:aa:2c:0f:00:89:af:6e:af:3e: - 60:8d:21:2b:5d:28:d7:48:63:16:df:4f:60:34:07: - a7:6a:30:bf:0b:12:bd:32:c9:77:5f:e5:de:c5:37: - 9b:27:c9:d1:1d:40:5c:ea:ff:40:ab:76:15:41:85: - 96:5f:d4:c9:53:e7:36:e9:e9:8a:07:09:e7:d6:a1: - e5:fe:ec:18:f7:91:ca:2a:5d:f6:d3:75:ab:6d:39: - e6:6e:b5:9b:fb:4f:ec:6b:57 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Digital Signature - X509v3 Extended Key Usage: - Apple Code Signing - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Subject Key Identifier: - BC:25:56:53:1A:91:C0:99:1C:82:FB:C6:0D:0B:DB:AB:35:AD:75:3C - X509v3 Authority Key Identifier: - keyid:5E:21:5B:43:BD:5E:74:56:8A:D7:C7:E0:15:32:FD:0A:FD:E8:46:C2 - - X509v3 Certificate Policies: - Policy: 1.2.840.113635.100.5.1 - CPS: https://www.apple.com/certificateauthority/terms.html - User Notice: - Explicit Text: Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate policy and certification practice statements. - - X509v3 CRL Distribution Points: - URI:https://www.apple.com/certificateauthority/swupdate.crl - - Authority Information Access: - CA Issuers - URI:https://www.apple.com/certificateauthority/casigners.html - - Signature Algorithm: sha1WithRSAEncryption - be:8f:07:6d:58:35:e3:f3:13:7c:1d:1c:d1:7c:56:da:b3:a6: - 8f:68:f8:c5:cb:63:41:e5:93:69:4a:8d:fe:6a:4e:52:77:73: - bf:ed:6b:89:91:d0:dc:b2:81:b3:37:4c:d5:2c:4c:0d:41:80: - 19:39:be:5c:5d:6d:4c:fe:3d:4b:22:a3:03:70:64:e8:d1:e2: - e7:51:3f:d7:d3:fd:2d:d1:f3:35:bf:9a:0d:58:e3:6c:2d:a7: - 41:4a:13:44:0a:cd:aa:97:70:77:13:5e:98:41:56:cf:62:67: - 89:54:3c:9e:9a:52:36:83:a2:c6:28:db:a9:7e:41:66:92:88: - a8:8b:66:28:c8:b1:dd:f6:cd:36:06:d6:89:0e:8d:46:82:a5: - d9:75:ba:ac:a1:d6:60:4e:79:1e:cb:dc:88:70:c6:f1:25:91: - 90:4c:9f:db:8c:03:c0:c2:74:2f:88:4f:d2:43:06:3a:2c:a9: - 23:9f:17:c3:13:79:b6:20:5b:91:d8:f6:dc:64:9c:c1:48:b8: - 96:18:79:8f:65:0a:a3:0b:e2:14:b7:64:b6:ba:3d:9e:8a:13: - f8:7a:f0:b5:d5:7e:c4:ef:77:d2:2d:12:ff:94:f6:1e:51:f1: - f9:1c:6d:c0:78:13:ab:e1:b3:dd:99:1f:6e:23:cc:85:f3:0a: - bd:84:fb:c8 ------BEGIN CERTIFICATE----- -MIIFPjCCBCagAwIBAgIBaDANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMCVVMx -HTAbBgNVBAoTFEFwcGxlIENvbXB1dGVyLCBJbmMuMS0wKwYDVQQLEyRBcHBsZSBD -b21wdXRlciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxNDAyBgNVBAMTK0FwcGxlIFNv -ZnR3YXJlIFVwZGF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDUwMjEwMTg1 -NTQwWhcNMDcwMjEwMTg1NTQwWjBtMQswCQYDVQQGEwJVUzEdMBsGA1UEChMUQXBw -bGUgQ29tcHV0ZXIsIEluYy4xJzAlBgNVBAsTHkFwcGxlIENvbXB1dGVyIFNvZnR3 -YXJlIFVwZGF0ZTEWMBQGA1UEAxMNU2lnbmVkIFVwZGF0ZTCBnzANBgkqhkiG9w0B -AQEFAAOBjQAwgYkCgYEAtuHRCsAlEl7vdiqmSseEfABxDnd6Hip1adJhqTpDFakA -f0WqLA8Aia9urz5gjSErXSjXSGMW309gNAenajC/CxK9Msl3X+XexTebJ8nRHUBc -6v9Aq3YVQYWWX9TJU+c26emKBwnn1qHl/uwY95HKKl3203WrbTnmbrWb+0/sa1cC -AwEAAaOCAkYwggJCMA4GA1UdDwEB/wQEAwIHgDAUBgNVHSUEDTALBgkqhkiG92Nk -BAEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUvCVWUxqRwJkcgvvGDQvbqzWtdTww -HwYDVR0jBBgwFoAUXiFbQ71edFaK18fgFTL9Cv3oRsIwggEpBgNVHSAEggEgMIIB -HDCCARgGCSqGSIb3Y2QFATCCAQkwQQYIKwYBBQUHAgEWNWh0dHBzOi8vd3d3LmFw -cGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS90ZXJtcy5odG1sMIHDBggrBgEF -BQcCAjCBthqBs1JlbGlhbmNlIG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBh -cnR5IGFzc3VtZXMgYWNjZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0 -YW5kYXJkIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUg -cG9saWN5IGFuZCBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMEgG -A1UdHwRBMD8wPaA7oDmGN2h0dHBzOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0 -ZWF1dGhvcml0eS9zd3VwZGF0ZS5jcmwwVQYIKwYBBQUHAQEESTBHMEUGCCsGAQUF -BzAChjlodHRwczovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkv -Y2FzaWduZXJzLmh0bWwwDQYJKoZIhvcNAQEFBQADggEBAL6PB21YNePzE3wdHNF8 -Vtqzpo9o+MXLY0Hlk2lKjf5qTlJ3c7/ta4mR0NyygbM3TNUsTA1BgBk5vlxdbUz+ -PUsiowNwZOjR4udRP9fT/S3R8zW/mg1Y42wtp0FKE0QKzaqXcHcTXphBVs9iZ4lU -PJ6aUjaDosYo26l+QWaSiKiLZijIsd32zTYG1okOjUaCpdl1uqyh1mBOeR7L3Ihw -xvElkZBMn9uMA8DCdC+IT9JDBjosqSOfF8MTebYgW5HY9txknMFIuJYYeY9lCqML -4hS3ZLa6PZ6KE/h68LXVfsTvd9ItEv+U9h5R8fkcbcB4E6vhs92ZH24jzIXzCr2E -+8g= ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleSoftUpdate.pem b/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleSoftUpdate.pem deleted file mode 100644 index 7116ae73..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/AppleCerts/AppleSoftUpdate.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFJjCCBA6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCVVMx -EzARBgNVBAoTCkFwcGxlIEluYy4xJjAkBgNVBAsTHUFwcGxlIENlcnRpZmljYXRp -b24gQXV0aG9yaXR5MTYwNAYDVQQDEy1BcHBsZSBTb2Z0d2FyZSBVcGRhdGUgQ2Vy -dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDcwMjIzMjIxNDA5WhcNMTUwMTE0MjIx -NDA5WjBcMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQXBwbGUgSW5jLjEeMBwGA1UE -CxMVQXBwbGUgU29mdHdhcmUgVXBkYXRlMRgwFgYDVQQDEw9Tb2Z0d2FyZSBVcGRh -dGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGRQ3tU+oM51gMFQ/m -mlmTWJr2OHI7qvLS8lkAvAUoo9l+cVzKNnKUBPtrNtC/JadC8mtayRtWjG1YUwQr -Ou878I2jFyT5HchKFVFCsfyS/4HZ23OPFC2CKPSM9TMLREY0/RPVrACs/jULPgwu -ItAoTy3W7ajVr+QcWd90xChgZ5BCFvaWlj3MnueQCGR344NH/i4j1xvxRmDPttqf -b6RSAm6WDsNK0Y5iqnPEjSGff9Kce8Vl0Djsg1vA+FP61Cv3tc8W8LReJlyqKeDb -ldRR9QVRDTfqiigwyhX7HY6DVgA4t4/6kBuce38gTG6NM9NkwQqYr1mGBfd2+KYg -qdCXAgMBAAGjggHKMIIBxjAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADAX -BgNVHSUBAf8EDTALBgkqhkiG92NkBAEwHQYDVR0OBBYEFN6V7Gxjp8FXb5QtH8vo -V8530ydUMB8GA1UdIwQYMBaAFIvFKUrzr8qhcpT3Bm1HY0GwR5ghMIIBDwYDVR0g -BIIBBjCCAQIwgf8GCSqGSIb3Y2QFATCB8TApBggrBgEFBQcCARYdaHR0cDovL3d3 -dy5hcHBsZS5jb20vYXBwbGVjYS8wgcMGCCsGAQUFBwICMIG2GoGzUmVsaWFuY2Ug -b24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1lcyBhY2NlcHRh -bmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5kIGNv -bmRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xpY3kgYW5kIGNlcnRpZmlj -YXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wOgYDVR0fBDMwMTAvoC2gK4YpaHR0 -cDovL3d3dy5hcHBsZS5jb20vYXBwbGVjYS9zd3VwZGF0ZS5jcmwwDQYJKoZIhvcN -AQEFBQADggEBABtgcO6id2u6w481jEcvknC1KoVHG1W7PKukGWzzKtD4OYEspzpc -w5GYlLHIWaoZbGaNefjYvrFjE0S4jX6umimFN0Oo66r+NEKsqMIUTxiZmOSDVQkR -BiUupGxm8DbnnkKkcsC4522R6cEMtOr24jKbSg5vEoNBKwPHscb0jt7Wo/8iFzIu -QZ9IDrfc2QTGzAt7i5/ITqsLh0Z780u3omeRUOyZBAgxC5WRyosqoxvRxCtji7Ox -zv9kGjvp0QhPYODPS3479DvtkoEdawS//e+pHxx7e+UT8b9xw4+y6kpP842woyhC -CnCrV4p34+LD6pFWkGrWMquU9H1op1qKjSs= ------END CERTIFICATE----- diff --git a/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/AppleCodeSigning.scr b/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/AppleCodeSigning.scr deleted file mode 100644 index aea48eab..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/AppleCodeSigning.scr +++ /dev/null @@ -1,83 +0,0 @@ -# -# Test Software Update Apple Code Signing cert verification policy. -# This used to be called the Code Signing POlicy; it was renamed on 8/15/06. -# -# The keychain CodeSignTest.keychain, in this directory, contains all the -# keys and certs used to generate these test cases. Password is CodeSignTest. -# -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -end - -test = "Full Code Signing verification success" -cert = csLeaf.cer -cert = csCA.cer -root = csRoot.cer -policy = swuSign -end - -test = "DEVELOPMENT detection" -cert = csDevLeaf.cer -cert = csCA.cer -root = csRoot.cer -policy = swuSign -error = APPLETP_CODE_SIGN_DEVELOPMENT -certerror = 0:APPLETP_CODE_SIGN_DEVELOPMENT -end - -test = "No ExtendedKeyUsage in Leaf" -cert = csLeafNoEKU.cer -cert = csCA.cer -root = csRoot.cer -policy = swuSign -error = APPLETP_CS_NO_EXTENDED_KEY_USAGE -certerror = 0:APPLETP_CS_NO_EXTENDED_KEY_USAGE -end - -test = "Bad ExtendedKeyUsage in Leaf" -cert = csLeafBadEKU.cer -cert = csCA.cer -root = csRoot.cer -policy = swuSign -error = APPLETP_INVALID_EXTENDED_KEY_USAGE -certerror = 0:APPLETP_INVALID_EXTENDED_KEY_USAGE -end - -test = "No ExtendedKeyUsage in Intermediate" -cert = csLeafNoEKUinInt.cer -cert = csCaNoEKU.cer -root = csRoot.cer -policy = swuSign -error = APPLETP_CS_NO_EXTENDED_KEY_USAGE -certerror = 1:APPLETP_CS_NO_EXTENDED_KEY_USAGE -end - -test = "Bad ExtendedKeyUsage in Intermediate" -cert = csLeafBadEKUinInt.cer -cert = csCaBadEKU.cer -root = csRoot.cer -policy = swuSign -error = APPLETP_INVALID_EXTENDED_KEY_USAGE -certerror = 1:APPLETP_INVALID_EXTENDED_KEY_USAGE -end - -test = "No BC in Intermediate" -cert = csLeafNoBcInInt.cer -cert = csCaNoBC.cer -root = csRoot.cer -policy = swuSign -error = CSSMERR_APPLETP_CS_NO_BASIC_CONSTRAINTS -certerror = 1:CSSMERR_APPLETP_CS_NO_BASIC_CONSTRAINTS -end - -test = "Short Path" -cert = csLeafShortPath.cer -root = csRoot.cer -policy = swuSign -error = CSSMERR_APPLETP_CS_BAD_CERT_CHAIN_LENGTH -end - - diff --git a/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/CodeSignTest.keychain b/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/CodeSignTest.keychain deleted file mode 100644 index bbf840c1b8600a419415ba243beae502aed5ca14..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 88764 zcmdqK2|QKZ_dkBgJkLX9%8+@M%wti=9A%!TkSRnNqauW&OhtxNLYkBm(m*OSiAqt3 zB+aSc+LznMB#Wc~M=>O19T*bwGz^LTd1xzzm7kS0 z0bcm8JSGkJTNn%p^h4qRNCF%M^k6WgWB?;TCg47_)0vZF0YPqP6YDc7_(bEHPuTXb zgAp*_@0N!8Yb_0&&298djP;$@7}~>eBLFo3jdwobbU++pmdx`RPKTwjt**7RoK|GOS5ds9H#IEr4ad64=J-iNl^c7@@!Gu~U{?;jC|H zX>GjHSRV|-N+aI@anZpa62N-+NCF-=);XS}6fo*H;+;HiP92A&3Z z8sKSwrvaW8cv|3Tfu{wY4tP4?>42vLo*sC5;OT*<2c7|V2H+WhX8@iNct+qEfoBAs z33w*pnSf^ko*8&%;F*DE2A&0Y7T{TcX91oScvj$9foBDt4R|)-*??yQo*j60;Msv^ z2c83X4&XU}=K!7)cuwFsf#(DsqXR&M=3zcb10xSm2CM*R#=##%uI}z(vs+jh9oR;) z1j~m;xO*;;$CqDz*8ifp{&9Vx{_*9OpUIQW^*>)8d_s`@*z+IH`0?c$eEnnPBLX%q z96!Ds^iz3P508)q{zJKm5dUNQ4-NJ8ULcRoM?&Sv@%SI*DMIBb=EgtY|0q8ZDo;5# z{`vAKFA*wFH8=kG^0+(%YJLzt|6}{WGyn7;MM(eHHlZFH1Lt}{ybgc?K)8HJ#KQSU z*As%}gTvedpgkg7|L9smu)J$nR4`WhKl11rLa=;rP{_jkfvzcp%e#j8Ea;z=2ze?z z@e8#W!TnRu%^$KCK?lG-w+$aZ=x6am6FNJ8^W`}}iqP@X&duL^c}^na>E`BdzC0HZ z^7M1_H(#Ec2ziF!+4-9?DvxAv*GruIQX=F@p)D@o;N*pgkVkgn@(oU2ga~<5YvA$?PF|D99-TY5e1nr0Cqf>bJGgvOZPx$f=x=tcmn14`PV&oU*9~mO$7v>*XBIOt6A2}lB7v>*ypFqs`7v>)YBIOt6 zA4MYN7v>)&BIHrbEX+UX9*NNLJV*54t}jbo}`8 zj~Ws3`0|fB5%T!*j|LI)`0|e?5%T!*j~2)yzs@Io`3Ke6h!*A_ZP-VQ{KEXBL!|t| z{G&^x{KEXBN2L71{G(5#{KEWWK&1S_{9{O@{KEXRk_dTx`DYao^7!(P5fSqE@{chQ z^7!)4Y9i$E<)1Y~$m7dDCPc{N%Ri<>$m7dDW<<#2%Rg(0kjIyQ%t0R2#PjKI`6q66 zjThto_xpbf5F}XMH#9VSt|MIiWl4;DXrNoj0(tbDg3$g+=Ilp(-+XyHBIGGT{e3+a*l$mSJf%;tf7Cqr zxoe3+B0GWVCaA}kR!~l9= zeP0+5255%0eI@{mljGXbpQZ(YT#*rrvaYkJgn=3O|*~`X;T4LVO<}1I^gMm zrvsiIczWRJfu{$a0eA-B8GvWF56cwLFQW&b4DcM*^?_#so(Xs+;F*DE2A&ysX5d+X zX91oCcoyJUfoBDt_2g`+#s=eKivz$o(5)Xk@a({|1CMUyIDqE>o&$JJI)DS967Ugj zwG03`fG2RW_mWgV4+g^r zGJGJz2mSCvKm2w8XvYuj1PlO~0O&^$d?^?QfPRE{0l|P)3}z|xv(yD}0)r7I16Tt< zUKr#>bO3399t=iQ001(gAR`9-h(SMMWdLZm4B9Qr1U$lE#GxN?ut&TDgOPxKBzyqp zF&IfE0Q4hy6z~;;kunFA06<_fQ~$>3~c{h<#Hcx6z?Mpu}c+2hvmiRuGF^jgfxpm8Ch|BK$) zedsUJiE0L7bdn)KAjZGwoE<;Xg>+H^h|!70h3G#z|2lRw=TrbfbfTD?-wxlLn?M^> zYs_y4>|dV=q8&h}{zL6>Z7GcdJv<}-GvCNIRCnNx!zPyS%{R_A+?b=|y(Z0|>PfXCsJU z@XZO*hwoX@&-^(5oWwDqtpi{K5G=p(@A9Y+AXwhRGt?d0 zqyEuc=>SmSK(M^8`^GS6KVKfV1`NA@(EK>W?VKHdNLUE$K=KGW04@N*{lhH>I$h_> za}y&U>K+n2Cy)9>v5H#*hRq)|-~J!h@3`5+C|@I@HV^R)4ExW;7WosMN9Y;Uuf~JZ zXB-C&fl#hSM6Mg)>xynDfN*nzYK&j$!ZwCKSl{{vM)<-u@(q&F0W6u@hL0aKe{8s& zSouItZ&%ncUmiV=BDjC|@X&?*qvufs%Lj)9EsQMzV&vzZ=OX)Y{u3lde(rsc`SL=< z$a{MR;{1o}e<>02q+*@+w5gliC+h>^#W+t9Nrg6+qX z+t9Nrg5~k#HVtCr@#Hp?yMERG{M?4x{Znp3&#nm3hjJTg_p987o@4z=7aYbC%55Zg za+?kuC0HI$Zqp@39#3x5BSs!iZqp}59#3vFAVz-fJ+}GhwjojSv+uFZmtRSYJf7UP ziWvF1_t@t5Z$ymz+oNcJ> ztZkmKTo>pWhzkC>eaJ5K{EHBMINQ*DKGH`C_hJ#QVd&QIhu_x1HX*ujwvo@t(!hF# zua~c@TL4xaRv)qrjh7I8INQ)Y0M>6Nu5O+IzyP6r)&L6tA-YgIG^Z%{B3%r+!NCE( zvujJ%uHLX`RwuH}5|uRW1LR3{zi;Wv`&a*nGC(WJl(^5BRuDn z&+SJ(v;`2N6X!#^Iaz9}FxQYUSoxa`8SFeGAEM`Rgy_ThkbX`drC}giN5pDFF@tPF zYvqLK!r6w_2hn(`tvmxmebIP<0mAvu9<~Y5hno`=he(!DH(;}CROnx{qW#Fm^#DS2 z;%sDs_DGi2FfuH})jbS%(&22}K%hRHjm&fUn9MvQJVXAf6zN2B;y|EI+?=q?>4Z6P z4~YuKW-Od8M~qrhVK zp?u;7AVeQ7HqbgF(nmjQ+dPf4`;p(=3Dk-68~2<}vUMS@!E@Uv#ykkrgYz3&gT(sH zCUEntrdb~8LNkl5bMr|a7CVCA^n^_e6<8Br3lf5v+bX133O2;L?3QW2&pB)3Dk+R z5tms1Ii&GqguB_^VoCGl4pBas8`WB9cg5zp5qBm6wqDz}fYyS|XZ2UFe#K z=HO?w#1;be;B5L;EfGVYE?jKEQB~T~MZ$GOgwh^cY=eJ+g5^hbRPqoAj0`=j>OAYO@bAhLp*h!!++;|D8C3X?1laN{>jX<3^AO2Gima zSG7bok-C0WOXLu#>sPfzE`hoXp&jzs&uWRi1nR;0>Q}YIJ_2>&V&k7`i97=J;bMc3 zS|Xo7ojAY!td`hMpdOsxepO2x09_~s=aW1zf2$?ppe&sGt_3;=sPsKU!sZr;5pNDC z01%?f6syZK5UtZ7SvsT(*5zQuJ`k-%;Pe#|qb~qf9p_|!w$4#Rpgv<{-`w{?kSz;q z6BF21OpLC%?}#8>l<*FsA1qwM=8yH|64)lhZ&cnUV8IzH+XgeYK>e&(P9%2vK7@Eh?W6R9f(L^4olz@)vbu;+UZ?| zZFJ2+`N;*oKY(gOM8H!i!IZ=KkG`XVj?p}VZsRc6?|rb`f^-J=EnLvg;vRT45B3X4 z!S^BV!*?A($1*wi&H}V2EdW_$M-TvNKN1u(KqR*Ty?}AR8^AljC%_EIumj+nCx!E$ z6wX~z$W^2k07rl?U?X4?ARG_{hy}z0k^wsa>3}RiE+GH&03|c%MV*$xr-@z8@j8KB zVrZPCDcrn=7_Tw+B<;tLlQswnp?#Y%;M}-m$GUZ&aS1 z#Uz|uJY+qZgIW!%4OWj(%ErYE&Dcw z6O@WdjWU#E=kNINkxhAKyi_{pZ%|gUqv5DYREz!b9_3FCU#qTa+3!K|g<^$GKgh#V z04-z-7#Ql=tP-#c!oKSWhklF=ZL=Nww(0bm)&Z>p-#XI-#g7bZ?p-v64giU5QC%*- zLf+j~L0ZnseTB5VyoZvss?rKqX*oGLWjO^mWd(T!1(;bNmU~0?X&dIq)jZ++&9y$^iXKgDrV*X!*S5R& zo%m1Gl>0=;mMdUb5)*wrBk(E_ju0{osFdU7NU4#VYZX$qAjpGAo1+?_Oi zV*aN5v~K#tDVN1njTbfEu#c%86AoL%yDH#Wd>QSBAjQEI<$-4py?E^@x>EL{bTeD< zy55~}WUn-QUA`pL$6l(wmvQ@quXEN0?bcUj{NXzFyS!iwc=M)-rz<*!=r6Gu?9u60 zMa^lNT_F;CFZ^QU%0-7!?TYA6h|S7bQ!x4Pi7#*BuH!H!QaDaZ4G;u~04xAD0DFKV z0A0@sx{gD;Lcl@5;f2@qn_67&chJh9`+?t&!!eJd!6C$~8V_0n@FUN5=@nrX1QYMT=7fWb+Q-fx* zFcnWm5AGK$QAiGSnm)&1tp(x^$qaKQ;A!&`Dnj%*zS?e zY5DF1iKuLg>1Dol^CKJT@^>0cZI^im^MZ{{frWX~0NyzW2nyZ^HLJkS;&gPpJlw`+ zWtzMAxt4pB#jeye%dTU+@Mpwn8Q6k~hKB%rarzFXYhkRyH2@o{xSA6etDdlb6M(2# zT^OfVhn*T)kD09idwyG-_R8c|p4pXr$YI4;_Ojc-Oz+jsGTO9MF^+xwzQR&8o3ur~Jd|gzWe@yPhr}Cr~>De-Vwj&N3OjLX6 zJWh`{Gz~3FOPR_n^JZO~vaM3|@;ct$gX7O5^h2H{zQ4Cgjn0_UjBS5uGxN8)NhjuA zY1dQNCr7>|@eEk*9(?~u=W#a?eRWID{=BeV;-|w{*(n~MXYU#49N?>>&#z&;sTdXI zXq9>iP(ni*hLM!Z<~-DWIooAYix#<_b%=a}hCYr6%->d)92CJsbM!X65Lu zOe(PvbbpBGPspVxMjJL^Pd#k8m? z{k{0{W4fQ;S*MUWH(4Fl+^gmAGN7>VL>smD1M!l|%8UW96~!nI-WWAoJ1<0kTrZ$G zhOPh1OkmX0XTviuD<9j3DI_sbB_^Q*Kz~Av9tAtlz2AEPzC1bup#t;v<62J-+adsQ z04{%`YrQJ~-MdEtVgd1hWWWx`eXjkHX;(!uky8|-5y_ZY)h7NnseM4Bd>mLP?A!c z;`yd);!p%#3$H-NH^VKLUTN0U4v;Hrke;M{T9aZEUMulI5yfT5@P&&XtxwTX$Dae({}jwRRE;htweQ zRj2JPUV6>wai(RX*(H?>(jzNhb4Qo><*y62%)5(miyQ#-r^G5e$0I@4{XZgB zTa&(;Upun|)gZquR(aC|K5*7+ls-HDHR3_k_~^3YQ)keG0O5_*LBE&FS~IoINt{X2a%+*Uf6lCot&}_a*X+Ze3xmsfezKbo$n^bA8wFs3m`0ekw@y~&@*8~e@d)U!4$E8J%2>3 z8r-v03Ltf81ABg3td_8rBxWv;OLJvS-sECy*}g}X9$jA$;f>X;O%|D>%EQl#b|kip zpR8}Z7B=AB7x{`uwAEmB@y1EZ=EkC?^zi-GU3%uSInuTU>T=47d(+)_&!lptWSrJ* zmRD++K6|EW|9<`Ym}ddIB?7ludZ(wy^p9u+Zdk7OvPSZ-JHw;J8Kdn-PO+7hCfg<4 zrZjnRResfXo4$b}x{*8H1C zkNP=!rb1Y(nw#ijM>{*-xlIh4NPQbk7_;Pec7gXVSIsQh-;~>uId||+iB)PaSpaPM zBVzUBH9k(o<1O34p5GR$+Ljf{<#$z7Xd}HQ+eXt0XeNT^-(&o^_Ja+GNc>K@MtUau z*k0e6FFQicp|`E#`WCX!-1(2|U|fc}(N zrGe>?0ek+4SdC^HKkEJXa}C(@+hX;;*{a04w+*TLt_5Q*mKWzg*h{O7CIkp?UTwhy zUFqT2S=v<9$#)?>>X7#q+QkC>(^p5l!`Wkc75r`F_P$V+I=3-TE-LHYvS|;D*1gQ4 zde*(NVRDjzL%fCMO8392o+5Fbn5n#)Z?3hUNrEAXQ(x^+v72>b*~$x&&sIe`iPnEl zxc`jZ$51D7r{rM4rPr$GC|csj#{y;4A_81)8_o2uU;9|QB8TmC;aFMy)ldCi9`g5v zWL;lgdjE=p()FUY;3sq~La{2eum-^1_d}fuF)H922>-B;lF@Mg8mrl2RUh5$yNBcQ zI%56OD;u>`593>Rd=y3{@5y4h}s_`q}fkw+3AcW!kE4IOEz*)~dlAZroO#62W3~R-SK4!nbzPb=yX(43G7J&+z8eA8S;94_4eY1Vk}xZhHqQ)-k!> z9B;l5Qs#D(fB|uDfd6$M5)Neli-?qKBeZxQqeP+a?u=DX(!n_H?f^CUF{O`>GA2x zw?h+Jr%oQB*L&Gn|IKjRV+~vK9{*dTS6fJ~2%NGFMZZb#%e)H9slUvtGCc=KXg$7* zS+CVuHRg8g>C(^ZQ4T}&r^G6(Ly@3&cm9Z2eYf}C;fG<|0btK>%d6j{_#fqmKA3*j zpr9_h`78Z#2Lh9ipA(ucS-pJeFhgUg^~Or9;%yH z$zM}dr}#YWP8#T>eyYQ)w|>nC#O6<(akXrDastbBzn{;Ty$Pt&XzDn#^gi2 zZvDMf_pFm*i&^{QxdwB+9+pg$*?7KR6dLHj^hL=)Y4;t5s+-I+k9KI)dHR#KZjUPy zH%j$0*h)&t(JYhP`Cu zFU<6nceCx|h~n7UGsO z+@0YavQ>_6^izCvjYC~NYtVP+478S~3DN~>7~2N6CfDWZ#a>ZdottS;p#P+ja(DB2 zp0Z2t61cdkwOJpn+S_+qX1jecb?~l`O*%c zY#Gh8EaFzACQiH!;+kH8Bvny`r{)g+DX|LUBSAIv9}%ncA@2^leqekB_WZV3r62#E z^6eBi#rUxUf;6TXd(5=z=cZ&qtj_Kw(KouVk6ZL=GP^ffZ1?)^n2#5xMPDUld}5I9 zWn26F^PpQv_qu?5$(4o17oRIESuD@RvG`#5n(q>MHQR(rCP+&5(xh#?phNmlku58C zKZ!L%U=Ot>!CpGpze=C@GbMR7+$8()%4#hW^vwR;ZP8z>E`@Y>po^0S@ z_$CJ7F{fHOF{RC8Tg15&#jPYaydBlLC8wTdaCq%+uZ+Ga>%;o_e6eE*>kv?sHbqAELkJ)$iZGqaD1) zdjtj4IhM_Y-l#iMp(yu~wYF{7vuZ;Z6{n{vj+gp-`cux66%HL1=vp28I&a^jaNFnl z+_FQ*F`^a?f&8y-1)DhV)ANm|beg;fTD7ff)1x((`vTu{yRZ2c*W7MPce3TEI#t%8 zN6EahlegPFg-H$_Oj#plnm2mCWkp&v|H@v5ZI_-a?LS@3l|a)uu3_aLYQvWNCd10# zXTQppnv$Cz_&L566&vl-15;6~^3RJ^8}#mJ0DAr(>I47#qQKlw7eT89Ikns0_cD7~ z*+$2;(wAA!MLF*|YP=TP>W_$1b_1{l)&Qj8nT_&u_^-KL;HMB$F&MQI7>qi+Ppt`u zwU%Kp+VI|jP9z4STLSN9qZmSjrVySXV4u&zb1&>R#4+}FsX-_9|N4eH7`>M)136m; z^vhZUTH!a~l>lY%)7NZ(B)~NM4!j4T2ZK>G0Gx!M-_e-(;{fp1K zu>JjuYZci3{>679vHksv&$+Sv{fl)Uw!eRIT@>5jzjzOZ?eAZFMuF|`UwqFD+uy(V z-3n}f|Kc?i+uy(VP87Dkf3cRu_V@3-J4+e^*IRUrMufXoLp`991SkQV2SA;nGL6A3 zhimn6DS#2c0}ux&06=ZByazA|^$8sS>Je1~(1&Ud;Qv3>16&~gvw8q~>?hZ5?6IF* zXR*hAa!te@`^ohSd+aCI8tk#3Tol|0*hBBSKRBxg>6V;->s)bRVitZ(#Z)}Z<rtO>fjS~@QJz$0DPhjK2ZmssK)`oC+gr6b?}LL2>^Veegbd? z&#P4I~(_(ZcA06x(KpJ;+lG@k&#Cz{|B zP4I~ph-py)m;hV=0oZ}g=l`bsgmNk(@{Djts5FtNt1HezZ;1gW|0Qf`~e4-0J z(bWNfPjta2y5JLC7XbJ~7kr`{35Wxv0x|)4nEyUMp*1x`$WMy_;3qvD0Qf`?e4+0BbncPGT@C+2E(@!{Fy! zK(DO^$k~A$syhM!aJ?V{U5Lowdn;sFfGWT-KrNsFa29YI&m4h#v*F&R}}_N&_I;6tcR{HJFL z&_A|h!WPX~vw!{v*f~1_gv~^bD1SUln(Cb`A7!hF_8omGueQ=qc;5(KpQ9M;5yS{hp4DYcTk0R^yzV zyug9~v4pPuTmalYQP@@ogbwVc^E+#7I>hQaWnD~SajKeT!o&RP`x!FjuHltZLPI4w zKJ4k!yH;o(Hek6kZ{f413UDB!1i`*t1{f z&}ZLa>S69wp-|EdPWQX_MigCNy26Yjmgb|=Zm%!m9*e zU4JY1dapNG_N~_I_EZBWE-N3rXZ@X~MtBUHD>-)X-1mF@Y*1Epua z8_Cy3^eSGIWw&c~uv@Fwwe}0g9(PG;QrClt0#)PGX-ZwT&TG04jnz9vIau(lR}{9s z#mIlKTA)9>ZfDzI%$E04?Up6k`%c+clgsV)4vcj6mmJuA;9VKp!*ILrYge30Xl!d6 zVWF0M*wZ*B`#6?PxVd0hzs%!ame~>BOGm3N9g?n&UwwSJm%slTWqqEVBQK_VPnYkl z%Mo&UekpH9G?PZ4sig17&NI}5eY6dORJxH&ANS`sPO1rzT)Y3QKwPL-AVG+WMfaTE z)ASYF5-N7qzhJC1?T$z-oZ>k<*07>vv(?#(4<3!J92;sWU5q0#rVsX%N%!#FzCrK7 zSbaV6$pzCGY8#Jh3N0Cy%?Egn=sjzATdP?UpS`GzFaG`k?xRewg zgd|AKTs`b^gZDmzlzzgJy`t4wlt~F3o!-5q{M>a`dpL`{sH-^E9h1Cr;gtFFgZ(b| zojrZB-&G#E#I|H-=0+O-`s}4%pEb&vw8L-aUF@CuEl{ z&rQgQw&rm@+~Odu5n8&gj=F(<&z>g-$~~7eC4?Uh4HoB;tu5`3n=HS6LeF-lb+uUN zdmd3i%_r0hDc#3Xm+q)g)}UeW+Cm~e|6oICe_`AKdL z?NH8%0ie7JABf130XqN(0fzxq09<~(2HTy0PkA9x&PAA=FUEw6g4xG{bFwZPF8r(!mLKl$l`&ugKJ*kRA+!C61T-~YzETID}p z8d0dtVxbo5Batq3{Gh1M^{0K$RS#r(wi+B3iPfcE>|Yv%UQ_YC$-S!tk8R|R`14m?qVj}fjR}r*iY&_Z6~Tcn~wBX?|fj+sraQg*O|vx ze1J{7!A?~AQoO}t&32WRQnQ!$>qoShCA=*1Bj2R4M=f6+&63YgN7LB8W}=!|Oh+Zw z-O`!4@93_fdnsFYoM*d#5p(5Gm9Tcwi{#JLOUYH;{Wo`Nr+sZz;~XMm{Jt@-arO4T z4TFrVmtC?Yixvr<(_ZU3Q+i{#p!+|Az zDi*H%Gq%$*H;!)(*d!`ys`J$OnZYv4l9bIQ(&HN~q^~9{>G4n*CR6M^(ZxMhoh;Ze z)sVqulo9JS^>owV-G>emRo56s?M5^BueQW5e>KR}-?Eo6AX;aiOY7uK{V(AOB-@@n zT_xWfOj;;Hx}w(OyF6E>(aEF-yQLnK-gzFEHo_=)pH6h$>Z~vO(qeBgHQdZ*{#sZ5 z@Y3aRhVMoV`nxC>y)%m8j-1@_T6@^2&@xS|O3>__XiBB~*754y-vN?zR!`XUrz|x^$)+d2IKvo)v4!(FvVLV zR{8X+bX}&QT9r4^TD%MTLqtrS`bX5Avu6LYex7SGTR#h|i=&~W(YJgca-1R{b-U2E zJ!3rLPOCNCjZev*d6KrQqAWkks_wkolz)GFxNM}tqT^qbj_P=ZMbRZ+WzQNaH0zdS zxP8y=`jmc;pzf_*PbXR`GFO=APRB(kaZnm??^}KH+w!67yBk+mn-;kVWxO*A658|q z=(3L!9#0ovkSICQLF(g3z84efE_H$SI&*oNR$_Pb%4%D-oB74T*Hp;1dRQI_^X5;} z_Sf$twe=rwr#NAB);gFeKFvhVw5*(zDgbQW~1CWpU1Y zr_-yYTK}mbX-U>h($_|@^u_1j$s4abwL|y9&XtzVatiEq*|e-2s!S#vchk4#6pjje zjq)?>HfG?L*cP7}f3=VElJCJ)B`IAm%5@SwM*Kh2IwnzRItxql7=KH3ysVO*LH{^_ zVMpP>wHGYqJA!H+I_(SO%}EUW7ImTd$x6vK#;y&V7;&yb|#8!KloAC-!fyHBQqes%M9zI!Y2A6n1e{3DiGQ>}V(P z3?6;icfdg~=U_=gzk8AhtDHI|hbC+B(+`VH9kWwZ_mo)A__WF%*OR+q#OXO+8`sz` zAzrGfwO_L^cd%J*Vg<>Kb#|ZKE6-3FJp1lPzTV$oWH~Q=-DB~KTf}M_gx`(#cxh6< zNOP2(6!hWjX|_1|+vaCM)ZEZU1BY0q2UOfaU-Z~Y1 z7iKPiQGUY_+fSakq2vF5zf1T($*T@v2a?MJ;Hy({wJGl2{{rMPxc4V}0CgxifEqv# zz}2YYuq_Rc2mIr`KeVx5Sf}o&99ieP^H4b0^V{-jPVCSahc(lg+)R5v^Shn}+};yV zmt%>TygGl4015w}xc}FvZTV_=n@z8iPveb;b^VvEHmfiftlN81MOGxPEO>P`r2u0m zxKr->L>jlLl52ooX~>>oD{s1~KAuMPy#`FfbayWV-{!xP`!)Jejqdl$R|8}dE^vLW zwaiFUPTwod%giv`{qZ`5A?Met6C_*$y&GFX-xfMgoC>Vpl~`;qvC4yH?StZrTSeq@ zB|}5ADs6Qq^OI~}C>L*~Iw2iqASM-Zd3j=ur6ak!^-h1YS1+8pzAH6SPU8!|j%p{WKM?0=Ypu;L1NA*S4T;AwJdPP-tIk?3X4Nhbx_xkJu!tXH z__UwqvFgpug37W53Afa*E=^k2dz)s%1vW{!Y_jmA$gdXd9F;p4?>HU2Mq_UxhT7)* zvBjy|_I%0K%QmwSxROtm#w@PCmd}7CrQ=P3;Us6pQ0XJL&?0wh%DwLUiw|ptge|8V za6H1&ek_0H{fZZCrkvs37Q!!I78(0fHmY#1`|70ilK=htNK&4~3I~ULXFNEg@8rJT zf6-l(G`K5bn4%T&;uzo%v6g`~7Hul(! z&*p+q&?*5IoHns1>mnqKbb39b_?}PJG_HJ`z&^%yO%*@QQp-p_< zF*mJ^HwQEp>AVub^l{T)y|<}jQ);2W4eA%eAG@S)I1Y&wof%{n5}sg|FBnJ*J#fsh z=oaOa=ndVMCr)CNs9$$C_lA|eT6Vl=;BI5J!u8dsTYY4jtCA17IMhB+Wn7VEWs=pO zu=e<#FFQw--lck|-!vO^MeB;#eEO&VPTT(^x1yRA5#&m|xpn@%KQ6!Cp3Sd6?)`E3 zl^b#;!T0{q)&j6_Z54CWflLlL>@ZG)-2e2x?1-1=jI2|+sV0yVy9$gFbCT_05_d?Iu8bo7@S?zj90 zZg0~Z5Es-}x*L)7qU@fKcX~NX`;*4ex=W8wW-Ryn)>!!_;d1oXm}_ReYhv2-HyrvN zQR}IAYnQqBR}x=eQ;YBu>gfsnN2`Jc?PD)bGg;QW=W5#$(V*PKy~OdV*I~tp%Wv}* zcMaDo*_^X>5fg|hXp=WMcd=UKNX*OdZ%^LVwtlP8pq~+5mhp1h`@7n69VLZn^%i%F z@(UR}7H%mwy@R8aZrrvWNmeV72_0l)H;$J(PuA&C{X9j4uO{x6{ztBoB0=fZOgtQy zSCIvk_)32*3duD$lWIJqY00x?>3ep{{?#9k$bOg9kd-QYA0o9ivtd+CMS_#Roqph4 znlC;OB>MAcku2t&EsL=S> z$=9*wa9uye7VdX%72rlVO?a#}N1^wT$)LxO4Nn1r8~-D5g2p=ZC2 zDK&g!{`9kek55`oE^%{s;x?`E<(y<{i0?VU(D(v#xizXJ$&_s&1w!jFbt|$>9r9mf zAIOvqKTwk~sc91&G8~fY;QmPC`cB4=d*W_UTsGWNXl2mHc6HmCO{s zFDY_qdMB>8yApXC`a|?zpI0wyB{^sCm{h4hUZvS-n0IH!{1e|T69Jx%xJIWQYT6*MhkdF_ACY-^)zkxl-aww#*VmKR)R?pX$F>dQ;Wu5F%p{O+k$ z0LiNCDeKMbUk9Zc$)zg4>@<_^A5Yz}=A!ibWhcMMHXMr%w5GH=CiP~8^^@<;f?M8p z`E1{n$9d0nqs3zS)Iqn_{TJhHxkNldsW6>uZ#;24>#n?8TX33smk9SRzsa)B<5fLm z^lk2Mf*QVTJTA{_qg3o*q+2<2)PTXW&m}3&f{*%C#CN9$vFi%jS`$@o+D0r^nK3_e za+IS$!|jetANTV31Q-4EmaQBrH0$3w7^rN`Gs+9-t0+y2rWx*>kh;LEXiZAL<=*zE zqqN8OyUFS%83Z4gurZApt*()e%E;ZmqvffC$(E%~dP>_Y4}C9tl2AY&@7&C?==R9n zb*j+^-kJq2sk2X#zV)4o=5%f{Ta(yc!yDJ48tq>ha7^7sprlzA7(>2##T_`^vedcqv*~q58Q#VfczggP()Nd7i ztS{5XeL9Uc&jbS%5~zvv7INYkAay_lZc zd9ym!W_S8g(ZSgLLI=4DQ~NX`3+y(R-Q3Y$`0}ntSq?q3o9sGn&sA%R2mENu+Lms5 zHFM~Tr{6szQZuDm-v$O|(rxdmIRZ5{>N(V&t1#H}vD83nbIC>vmz>Rf2cGcXkuE9` zU3TV}v1!o~jd0DC1K09oZT7KkEan*=w(I|F_rXHQ^WKmpX5~+7!%}E%)8mozdf^pTK&g6 z0B9ZH((F0_SwGa8xH^>?w%GxK0HW3bpuOY5wE(s7qcY2CK0HKScQQD%wxTy8x&iA~X;G&bt7iG{UI2*=K7hH!yy^xb-MBr+D85 zAeq{mUYg~<`MMa}=QK-IN4=(XS5Ds{6~EJHy4UJkkium5Ly^OsG#!=`mxO4jHPAS z!oJtfE~li+;ujV9%5PNrkR~lRT|Il#@YI@N^3Q|4RADTwkEzJSu3R~=;ZoE#((e{cL zU93urx~go*=cMr=>uQ7gM`;~;mQ9bPyRKH;Toxt#kXb&+ePD@C>} z4ZQntAlCZpeU+{wFL)n69B%F*8?ISt%Koq}qOtMg;}KO|hU9~_FY3;d>(KGCHW$R? zNS-tH77FUrjW1pvX`DICH|1J&vHO|&b*ZD9-<+!4&)LY=D@aG);&!91dy`Lpo_g}h z$7!M^p2I^=)0&@kabDQ5yDz}?jN~#U`F4MfFIRLV6T}~8B5ov*e%!MMP1DeoIoc?4ZyXp)h~K}z<;1PEOq)aZZjdZ^X_7ZRl*JT!SlRB}4v8?jGnb<>Wr}6h zHh;@k$$&UTdG-IoZ@8lK8VA_?v5nh@=abw8+QGY~B>e3Wd()hz8NV;tLD65y`^4BO zV^1+iM3L-J{ulZrEs-}ejE@vA1u-<-K zQ1PPi2U(6OM_1+AWfv4irHkCi>0BZe7S+31j`byn`)IwFupPyK7rEN^lJ~om^LD(b zOWAi)cfEVtz&ZC-UjP!`q5^8Bu?n<0eY%BRh zy}P}M-*2PlG4TL%`IxR3jPj*doF|k{l=2SS91GGZXH85O;Ask56Mpm+(=twx z#0?YuZ-=&Sf7(Z@LVEde^EFf3_K`<4blo-8Z|_RbUA{MZ$3~gae$A4jav3>nj4Z8} zS0=`a`mXar8Cc< z#xkpjuDB;k32SMM-Yaa9YtFt*_Vq-$%+zJOAcpo}mVwkWvI!N($GHo4G<$R^8}CwH zRuQisV>#K`o+Q6(!&1^VbCLMit;Hw{9iE>*(J3{b|H(GF543~#0!W|+#pYMoM)c!d*0ZpU zt6SS(`x@XWUlgFp*(pDRT5x*_JVhSHU z@%%Vo+U4Ea!91?HSGl~;9Xo8|^6SE9S#v6|e*bssSJWfS?A*IyxcrLt{hU4^yXhxJJ?8x;EZCM!}R0KVJD5!Pr_GruG-Nxfh z{8cZU93JjEyTjW`)oq)H^SZ7>%3jYl<(XTCuPOg>*!krvnM3{$X)1Q8+HI~%Jw{)= zXU(O{r``55RK4dLa$A=soyq2S``!>mTD{brsp%7?@(jT48tBxN(v)39TAey6BPYtZ!w|0U|X(vERbIcQC3hS?g_dfK|aJ<;v*k!@su)wiRG zuk#KGqy+R*wvFT?`=0kZ)*C$Z zy^#<{+9f^kw8_ll#Jx||QqdF*Z%W6q(%%Oi>DmxIx{vALmm!@*$r4JkyjDjYea5}7 zw+7H|t>oLIULW^qja^Li%9)L^J)bqoLgGIycXwMbV%k$seNAv8YhrgCmZQoedl@|q5@=rQakL9Yjt)#s{E+n%oLVKW+syN%h-u-!} z{xlz#ed6la3n%$Ei}UD~zQ*jWH_iO?xQ>Zw%IUtwmqP+J+4}3g>X=24kR@-iW!r9d z)PON)vM_^nk@luUV^7DTub;P7y^G((eLB7=+%=a}?bC9oH84Nb zJ5_{G~@jv060T-}?8ctSz`1~X4Sg+8MDf;UZEnv@Y z%d;Qe7NU!vu6T#%^fv~u6@(p?*sW~9xbslq0f82qtHElsmW`_3~kdHx0chq^+_#QbV81nt0+e+eu9OX zG4VCSTfehePZ{El9}S#ba!u{Sdj(F6mV25bWm%oJB`?>aMVjTwH=KrU=0tX|u02#l zf9T}rOUZ|s__%KGZs938%G|?Yp2`1N?J3XY5Y2TliwBN6u!KC_8CB<$e`3;?)P2R! z^6Ka>%U&!q@oQ}ue`p#T@vPi_H1c@N4NhGVDlwP6H-w84F~`@eS4c{|=i1g-`^En4 z<|s$Te);e2?|OY7e)zmsP0&1K+2)T9BXx$SUbR%3RxG*{uW_EVH0t05YgLMkibegO zqD11X9zVF>ApG_{)8cbQSBqDOU8APiTesBgEUN)#kdf`lBYXb|XKHpK?Sl^kT&Zss z)OYByO&mV*mR@7CK(Eg2zN{lJE=Z+dTH-E$hFI%W)L-8&=e3A_S$faI z(!c8L*YzSri+yw(WJy9MT}@Z%XkKABXeKUZRIy@TariBsye&Kw=i`qwzXXUl8YkTzq~P$L0ghHtkZK>NZ}T4we$9UF_#7& zI9-1B`rXWQX2+qodr+N6&^p0?(knKOQ9L91H-G0Hoj*9BzH!^X_#}6McJSRe5?DX| zGxF>CW@W!XsYE}p=eOn8!ms0I2K`wFPtj!sj17j2#7&aUuRCY`1%K!2Lofwze*HgL z$12x%uo@=k9!`1mMaj-CS*-i*%fU}cw~ttRJUJ}$CQCD9%cs$m_I)}Gr+YtZbp>3l z5MsK!Odud}LxoWH*%z9Irc@3^@&avPd^yy0t9@_hIqq{|O^K6=H9W-W;}^6kuw3@L z-w0K>7=Rpws!kknc*NFJ&_2#d1J$p1+E_Tbv(Vf_9`ugkBc4ZA28Tl)ZNWbL~aFR-7XHlNcW_$UX8!pcx&3LY~E$YzQ$!@3h`bgza+rFol#&0eP zQTDOVba`_>Vjwr0W%O+Sxz^1GAL#6Hvyr@9@0F^q{p^lI*#7QO8P@PSyz-B;G<8%y z#6O#ieDK|)W)H1bP_)o(xyMt*QPZ0}S;}M{b41Iz49Y&Zal<>{!s$UydZUM02ZY`2 z^5S}Csu^NSDD%``iN$TWta&%?O#^*WcShQTba!G?>|Ui??Ukh=QIqDuk{jj7DhJkQ zu4A7W&mf77ENQ!@(fv5RpRD}#KBo=uPF6n}H6T$HR@Oh0TdLJPZWnGakw0_~($($RKq(C3Z~Z#1aro9SLp!>YV-V_CKj z+pU94>$xA1ceq>2GJL^=*GSt2^{k`r|16yCc|XIdBlWvwqNR7Vp62NiSI0FU{m;ai z7LK1d2tO8O*5wMzU`{aueJ%bSbS-g=CkT!kD4L`?m9(A{{3Z=N&7nP zw_OykniwXe$0|(jRXhlC*Om+DaN0E%#+oy!?Cy7#BrPRVzfN&-{}MZnZ#SngbSB-8 zUKlF#rLb% zL@98s;J8e-xk^4AKT2LX0!XV$_8n^%?ISizaFORs%I^3yOf{ak}t5r zmn~}gYvb7TNZ;WlIf>^QM%dIuwvsFg z%+QOJb53{nC~mW9owB&~GQI40^gTJ6(sCvl>(K5+MotsY;@59GFSOwq*YGE&$lHdO zmK*1cgyp7Bdix3R-(~quwTWw{Z2Q5JnP>93S4OI=%=*R_{UX*~+nSa=F}*8~q4m@? zy$>SNe7n9Lk`G;R@3VWuTDgW#lOBEL$Ie$BP-O`jYzeoDzp6zh&-_W3Om^K@AE#N|9pI%W#-PD^PTz5 zZ)VP!Gj!4^CyFHmD;X$z(;3bQ*|{y6(RxRHZKAYEZ z>$%9h8d+yt z(_;RyFXoq@?6f&ScDbGWTy;LpAPh{h_r7niJ)sPCKkfQqZAiJfjx*h_h)H zg|fo-hmP7&J9qog>e)GVGhET>>wcu;VOQen{d5H{^8>rw0L~dZk_G&EaD4}L7F04W zi)eHI*m1QZ`T^VA9ozXCv@S-(irQ|!()Lo4t+g)y^)UTHy_Z4H?|<66Vf(AZC80CQ zN6tm*wRL@2V;b1Hd*(pCgyuRnz2k994WsMS;;xw88Fu+HE7=hH317+V$*jO0eDl!< z2G>vXS4(InZ@PVRrs$PU;d_fCRyGx$>>V6dQNHi~ez)Rne;2nh7c#ojO`A{OP+Yy& zQlFDzh?9Jdkmr%rN~+>M4YTT~T~i)9y-IRYr{8c_|K2)3E1lPCvNzxJ3M`CWdamqjz;pd= zWa|cloyiQ{E*(`>b~yT_slA(?T`{+HmNR+#`bgejyR3U!*VkGtlTv$f_GzhzMD?}{ zyVaI3UKBB+Qm?*sb!|h8uaEM1Je2ZEpF!|qhJ2cQ zo^)=(jD&Yug~Jxx><69)faWG`zy5Ps4MO{cAXfOtJi&Jvk^jGC{1w`YSR=Tee?|RT z5F`0AHqIE$CHrgjYl(!R8bw0_?fk(8_LG{6gn99m)+j^3{pagfrFVGzrSO6nnZ_2b z>)D?biXva(5^P`g2S;sXy>L^KV^g6oo&V;NoW|{MhV@ErOD=tw>bmCcGMq9kIiAx-XWuGuZd!?3_FoHnu3b#;(hbRdh0}d@nPXucPW&jICpOuu%QW`Pg-ZLZKqq z7hH;hpBXNs*qq?nmuHeGMYS=`qh6OOx!!fY%sk&zo^8gT^KYEoTwD<%XsjK3hqorY zlxtq?XS3a}=1B=U9Wjab5nMpdclm}!=!dfmxvj6XBjP{3RJ^+EJoCk);eGxLMtgGW zLvD$bta+F^;vB}kYLjo`3(J!Q3xr!*_~P`>E|n*1|0k2Ku_!4c6f3QF?@lk+y{J&DK)dB@*GnGvJ?=H%+a$_ic8$9U)AT_2P@{e=dy z=CpcBvb+{BJ$o(wW0@n~*+H?%=5j@1iqF-4UmDgK(d7{_yS3Ui-Vb+)mzxjmYS*yg z?0>8q%>OV)t!P@j>->uLrL;pLqVE zbxpeDo3uvNxD97F$G@`|IArT%W*=jFtz(hJ^)~?n!|ul(6oxRL8~ ziiaMT-CdR2+LHec(nIc7>eqiof1h~SgzFw1hxl>af)s=}Zqa1)zKW*z?Y^PM`XXAm zsz%?=MYDMy`mH)z!y>P2cy7*@8*^Nn8VdLc%AofxrQ{mWAGR1+3gaBInHmlh)8WWQatsxTaH}!LTs** z$9|iUt!Z0s_0P@dP0W?=O9`+o%ElYaPFVDyXDRua?iM8rA<87mgiynjO=8YEH{8x0 z;$&1;*sv#7c$M&x_>FuqL3lQLQ|^ef5ty~c<)yTa@7iac^U51c<#3DJbh`7(;+?V1 zrdUyt7fjg!0^%MzA?Keh)MTlCZ+bKRb{qxI9=ct%L#_0QRV)}9$LI4-$R0MST;9C2 zJ}O$~!o@Gtc(Hx_26Mh>d&i_Rt%x)T%{g{^UT=I`OGXltxMo&ZYT035+w;m_x)-ll z@v#y!vp@kKS5aTgCApaF1rsY*+&fdM;L8l*jlS0+W0qS*hH;1w7_HuHES^!{QrUfy zkzxDI9W83et zw_B{tt8%Q`6JOfEWc0Lz3^`_)h#KJlJeaz~^UiI%zRxI6tV&lT@zmnwIW0S$ta@5)*w=pZ$%9eDN`^bx4lgwM`Qj~dwPx;xB zILpJf#;;l33Jqpo%|60Y`tZ>*Pa_+B;E6Sn_~cI<)GEi;t4Q_;5&|5`o!Op7|2$K;Z? zQq!6Fz80~bpJ+QiLwd;l=j++VPgyaF$y;eMUOul|n}6ByRL2S1r^azo>r9*1w&3M% z3}0{Nq#k}%Sa_rVlv4C3F@xI&l6g6Gm0P{s1DNKf`rR)zZ}=p`m@nb%bb6;=)bNGJ zZzGwaSj0UF?M|IA?v1=Mf9n&@*N=il!e>3bnrCVje#k7!seP}&i{uy?#X*xr8iilT zvyxYcyV8`TP}>vn2SaHL7u zh3I|3J>DfrHJ$~@M!c67zQ4FKRJMz?h-FLEZKqelvkch1Vto2kFI>%Q$c+oFYQy%% z#RX(GoOaw3u=v2qz7=W|HZ?9~>kkLIHn6RzGoEunL~lb`4X0zrK54;Itqe2k66((N zo*mGu4VU(cG%csvFTsy+(jw^qRIWBW}J^kT9!@XN* zn)lFCJ)qjMx>M!2;GKS|W&73L%ytBn+S}#IXlZC|PhG5U8kVunk54|3eQn-4${d{< zzWq9u7X}Uqd2?>9{y$2olw$$fy%z3urAXkgP zvsy8>6E9U8nX;%Za)fZ1vLq&R2~Zh==1~3me_@@tv2`e_E5;sAuup;d<8Xi2VAzgV zzotXm_QyG0HE<5TSMYbf?c#q~{<1^nZGE_&zgE9C&%V*MR$y)q{i?cnVVqU7+n(-c zkREd5)vxIMr0;3*7SX3gycr*eX77L2yz|sDJpTuugm>(cj#f#X@0VoxTdH{o z)NKqkwZsO@GC7drQFMOpV*VKF$Cj$=ZDwyzmP#^krDu~nV*3I^B^|JR$l>W3u9!4C zYk^>WQ^qgG*0+|w+$RyM?01!0ggg2<8D?+HlN4*-x*lUjS`#LbGt~B6SMb7*1Rd3U zhK4XyT0TP`yY~%jNti`%wue#wMca83oAXO~v09q-D_z-CmTx;tcI#3R+dDr=`OkNP zO&%!~C=Vxv9pJp`Rp-UQ$aqTspu}^t$DFnLx3f69cWhkX#>Re{<%opSTdif)n0ZDY zOJpQ(OXn6lrW!fC7dJ2GB*Q(q$UnEElPdGL{!L9g--<>F{|=hZ{`2p&mYO3JFvvMc+)hj>l=Zv|i@F_=4PKzStxSQXBsF&ybMKkElybMPI z?f2*!Mp!gTG&02oYF&IiGd-vScdV_=?rtLu=bQeBPrPiZ3llDe2w&QIpDk{-UZ-k0 z`STLKL)>#RyBBMDREQc@KQdi4bg5$A-FRnz<+sC&b-(ai9?at&kfl#%3C-Bl+_qDb z_M}iT)uVumlBErHP;OB<|F^GgIJW*ok{f$G!T#vlh9>ZxZL0wc#uoa$cJUaDeJKXx z@Ct)*Vus}aH}1h;HbVTS zFeYJIhryU>0P-*xG?&9X7C!ks1K7lg^ zQGJ5ahjEVY);5Gg!o)O`Z|EBfXgwKpz0QFD$@h{8>HQCm!xPe*V9h1C^=TiMBBVFL zI!=Ery$RNa`fKU^4}SZOz~=;OSpBv8n_yk6zn0zvYi<3t^!^9OX$ko^!J1%y?fxcM zXY8+~H^JIve=WTU)CN+J@G#u#5$?C9Ep| zuP_*!82}!DA^`e(Hokx;KnCDGpcC3A;acH0gtZO-q&)y_iwWBU1iuMv zH^FZLJ4^7Jz$Oy>Ca_-wzX@y&!EXY)K=7NO4k!3cP~Q^#Ca4<;eiPJV1iuOD9D?5j z^#j3g0xc8#CeR(hZvu@F{KhZOSboUc(LOP1`!NDweykm|Y3&vOpuE`$0>lAOrtDMz zS^xt8ltDXdfHS}gunn*a5C({Xc*p^$+>Q2UVfVkbwxK<6Vh^0y11I*ti9K*)51iNo zC-%UJJ#b^APMm=YXW+z{8L$Ar0}up=LtNnZpW+Gi z_mM+9k=8bJ22PxT6KCMW88~qUPF&!=U4Ro8;KT(uaRE+TfD;$s#6=FE0?+~&05(Eg z5dJ^K6KWG7hj>D^5p?GY_vi|oxB@4xz=xP<|t0P%oRfb$R!IpDv<6U^TvIK&faZ9{k9#2q+s2Tt696L;Xm9XN3ZPTYYL zci_YwIB^F~+<_DKOMpT^Dd0Y!8sZ`c{8xDLg?oYWLvWn%9|69-LMU5kV+{Y$Sfv4A z4m@F)+E zL+LOP_K5MI{6P+#XC~|s&;MxGkr#@8G%XY!*)inM`5)`;(evn@kVD~7IONdwM_rDd z|FImR^FcxAKhbf*24M{E7z;Q?_lLOD1=s@?0FXoJl37|=d3pL+*$~bU)Bnl`@*8vh zD<9v&V>yF}@t|OwB#cQPB|*qL$Wx3jARKTOPz0n3jA@cCGJpRDL*Yb#dHzxeo@`&OZbN(xz-{LpG2N53o z5VUOpYqgK&6KI{f6^i^NC|*Gj2l&ycz$2n?kkD;to(Mu!nS{Y`Kw0C8f~73^F&O@0 z3`WoZgAsm(!HDT%Fp^KUHgRwi&i{R!t%uXm~7lj{_uX>cBfBk=3lcv-{)yD;yg!CH)L~~aDHE| zxDQ{{5iOH4whbZv2HuTqDOP^Gnp%!WYg|$SHM2Jxd(qL8Yw6UoNDD~qT>FOpoZth) z*7JqFi}nvRk2q&=@jq($*4AgQmY~<0$OI z`yM#d&jg2K2YqmWK0-%g5KUmDbVv%vF)D zDiax6|G`t<@p78p{#zCdSL$d|n^bJ=&@j3}8Ma>>-*P?1Xot6{%!ajdp4Vw`=Si}^tyA$VpKhL@b~E8|wy zhxx?U2-6d@Vz2r{q;-P80sGMuvp-n53vXS@f_v>)pTl_klvTQg>a)u1w5e1o0b%@(_DD;BhRxRJN_osqcc@{3KVxjM0(K{*Bf z|FA!#^OKkPNwXOxi}@415gOR&+Qxsbg0lcWLl4fnNAQFA*fYP*1;JB=90*^@0xZDk4kpd_)WL)0L)vPdld`hxhZ#BpZFQsZ|%y z8dmEzJ05YdmhzR{GAqxT1vMUiX5vXKl1;|3iFyU8WgeAObbHiuw?rif1le9&F4RyR zq2&_C_})5Zhf2+`R>X%k1g+OG!g${vu;Dp0yGA*l7ECqs2j&xKP3T zZtL!fCF+)!;?}rY9MD#4`qEO8k*6*Y;A^Ckbi(SwVs%a~Rn8Oa!^cB4?j>PQKbapE zxO~a8%ujQ!I9WaFJjFp_Ym=nn$?cpU_TrVflvU1l22B}i=+kLy2%oFixBk}Z*H}(I zVP*d(wU;eh+vg1XSmZ#N8MQS(%{2%+l`v}4QxpiL`H%EP>ToiT{|pYN1u2jNpudFN zxNW$-a6T2#1NvG<42P5Wp$+$~MKNvmXt~69`a*|zMG;>7BBH(~U2W+1v~@#%8~!8j z1?j?z(oM26I7;O2$BEJPwtZCFt>AqsFev>^Ik~7%&HBit(rc@eZ%0?O3Ehr) z64LF_Sy}P+@{JYc<`0(9kh#~}-raCf`=n>rj1U7~72~zd{I7yv2z9n3iq5^I-MW!e zIFUWl(9qCrw?J4wb^H>alw$8qI~0i8632`FTw8>$5HC5j^eD+eWSDW5U-r#T z-1PABrShdT^IEeH=y=sFDD7sm+0rq5WIt8>fh}8oXWx8fHg9Ww=_R zjv1dcwCPMd#3<(F>AGE>tgNEB!`@*2sw+H3G%4*WUQU!-=E@jc{4Dh#rYWa}roLRa zUDIP>)9lmn?{}!3vdI?LRLWZ~cM!ex{!Let<`#tenZMGXXFcJ1{zyx7geWk~<3C%+ zNrN}oAk2GWFfw}5RvWZ~#tPN}yaA|f*9cld~|vyI=dC(X26w4$=df&Pm-zx3;iIy?3)mGoXy7kLa{ z^)&zGQW~v=sk?p5eFdH#)zRtSc4prlx&$7dObxk%W~|;C`YVN16dp@(s+%WHi(5fQ`>9p^Ryit5jww@@ZaRv?k z*~A+&@Ie|huq)x0&*U<;V~y&#MIlI?A(?-C+X)6q40EThX`iOEcpZ}w#lUX4BOJ7i z^HQG*alBs`drze6div1og2yr!{L~MWobK5%Ykq@*qoVAsLH|}^1`-A<@GOQyJJO7Ni*CCuP!2pUrJQYRMrsrJp~;h6YbdTB)`mkXuzYOZ<%zf5QXIp zOj6{qk)_S?0XaP`%NGN*ZQf`6WZM>Rz*{&j=k}RXz2iW4?!~Huwykz)XUXzITKJp> z+?I+)o{kVLr0-tDo$dK7!C>&1f8E;s^v>4AbrGbTiil|y}i<@J*ddU@u9UH6bu4f%RqO7dg&z)Vt(Khn-qN<#0 zwDHl$@5*^tUR;fL%d!f|EjVCwc1v}%qx5} z$tU!SsfJrMZH0h%os;*$*1EZQO<0Nu5n#~^^x&Ase+Lcc1%5Czfh9?iOqdWFL*@dy zLVYM?ml6OsL1Qd{bwq!hDQHXpG!{kD82#VSn25-C8bgP84UuJd0iwpHw2s7t^x!8O zy}L%auqJUQrDMn0l`dzZdL4vQEaT@C>g#a3&)ecjqv~0lUcex6pSd8Ic7d$$+s1S6 z7WzvHbj#hH6TeZ^`NK8in;oFitvMa{eY%;*D=xxL3^m#wOSb7EY!MJ6WV3oQPQ2Pmf%LW=uF=t^8q*Y``h9Uo@KhHb6bL< zy!cU3$;wrpYv-?|exfJfp%Z+oMx*$Hi^3twOog(}w{mapN){d}QNMPRa*;9p15u~f z^L@;(aVkGF_r(|pNt=_8uvr{I#b#7{^DO7|aYj?}sr?9@W6n)8dY$lmT zFY}Bc7bz}b3+lA1!DiRaU;G?dKku~$pSTF~Y|D23&Jp2qqUIFvE5^|r_8%kWY)}WW z^P)#g-@3RH44TiKB_RE&nT*DcucmhvuYUnz%C^QBNHQSM{OO_Uozkh=neW|xb;MToF!;a z7_=8l(jMbq(VoP2y)k%*yWy9b6O*w!skzIaKl}>*Q~Iwlure#p`LAI6qg!UTT`09;V9$joj}YLr&y5 z*qhp#NV&h|czEnNopEjZC%=lMTo3n#o;X8?j2-W9`)9qVOLpRJaX(RMNhn&Qy8CJS zktnC1w=+rMeyyE3S-~I{@ISVBjKp{*Sla*x?^B?8o>S9f zsio`1sYMKLGJ2Q0RF)O)->ht=(%JK&Jh}Oe!ItYwdZ=$Rx8x+4$!7VSqR8=D zzt&p!$|~JYbHy5}EFKdJ(x?unka>h3Of{Uwbd?N9b-Fc;CA}EPJpMc)Tr8vs?=E50 zh!l}2leXh&atUY=Y$I~GV9=xjX!0yclg!_1@|SvOQx>Hd{=0T5I-JxtqQ{e*O5c6U z`u9{>d)Ih%0=-+JdwTP26Qw);yJeoOt-SEiZshW-w{>wFUR9MY*u~0~nlx0s^Iqry zSD%jLL!rBAN{)UsGnA##Z(Vg*MXJib(+b3B{*a*xf< zSkc?fxe-cH?9Qq2UX}ctV@?-wo=Q-!HcZwRQkkK6=3wpS z>Gu2ZXBDC+Ztj|Yr%jezR8;z2-vP;<*&PR&*7QB4qs|Dp{^i7~xxqG`H05u26fDUd znwJI^nHFY0lsWKLew$+$rM!2+GwW%-&}VXE$7~ zqc9Hf^LJ?|H>u8+FCoC8!RSagj+qhU}V!X`b&nG0< zN?OpR0WsKb+e()2b@?l{5JhQ^2BJ=@O4hE?4Ot(c+tuc%F0qxXevi8N zy6pa8^(P{;>B0*+5-zUb-?lBd*TB!n$$0fG<}<6_==R%5H)k)8c)zWOwS88?;?VHE zF6P;hL1M=$u3U&OKNcG2Qf3;q>d4P-@o=3rJr>}@3vU30&m1yMaEB#)m27akxnkI9YKf-7^buJHfZN3AU0BG`Wcw z?6++t>-U=cC0jY!U3@P}iLviEii*ME)NJJxxSzBiS?Xi1zWX*)+lF09?Z&x|39p=u z18B)g3RFak7N&>N*H%V`XT7xDEjeP>y!m;e*%`%DH#+v(_F(|u6>B%a~x@| zZRGyovD8V%f_1Zp!+g^{iDm2TQkrt!_c#ZzT70_CDE27hxifS3dq>mz*@DRp&u4Vx z^L^<4;`rz#X$WV!Td?zw^K+^wuH{!(oLP0{qrrfY$j6E&Gp!;N9&LJf-A~}<*0#`C zIisbvJ|0G^E!=PU7{1bUU*g7Hc~zn{Jyn^3t#wDQheGM#VBFKe!M;jnr|q;l*KIOx z^0Zj6_%l$sQ&RBAzr5e))+L~@@srw{o{mNKryM;sww*ph+0-!n_IM&Ha-*7@*am*f zI~0DZ;U?G7S6lfl^2tOA>HeavoUBNr+rVH+lTs%5W;5X#Aw0Xlx)VZU$hb&bOXy45 z02}}jfGf~$r2wcB{Rz(q;eBIl2&oOr_Ps8r6cj%Hy*!WT=B+a z-nslWPS)H}Vr23)$~$c0%c}4P)~nca$Mg5CO5A**=H*(BD|9xJ0$D*X*6(*@2+*#l zaS+sYPU12zeq_?9E6ky*pVuw-oMXkwb7zRg5jxC&GHS}27TB;#?=5-w-4}xDE2*T8 zwzVDK6t?HEE5F25MfHf_4z*dIgn}OwaZrHfj{)0omHt?!ZF^H*2X`OdtF(W`&g3&$`VV#Mp)h0$q%C?*5e(Q3NC(t_zCeFCcy@>!&KvrPvY@e3B#q7aUSpFDsr&)~V=bS! zw8+?ABH<9PDzX&MPaL}W`Ij~)=%2K&CBZ*s_4MFPkcv#3Bx5AGqS)l5kk`6;AGKfu>m8OzQ%Zb4x;R}Mz|-=RF?{}F$0(Sj1u*cES2^54L+29#dvD(eZ1lHGT; zc);w9eb9Mh&%7gS>y0kaa`|e?uI>vlx@?uBPxdh2((#ncShk|Ivy8Ss3u`&!-D8r` zcRG;lo;DNJAZ4ptsVbv+ZrVQPtB+4aJxCkqy*Q9M^a>TCQT_cq=TK;vxHZw5flA7p z4zBQr9(aROpQd7g;+jq^qY0(RF^~V<6ddXk!sA6O(j+*t(PxP8oZ{dc;-A?&NxX!JgouFHj_gOF727b~P*&}p*8%=)nOG8uU<@0YAD?j!ex%rx< z{zTf~p+*)lC9ZjAj~pm*-!7D}Ftlyon=ZAEq;8`2;PvhwpIu<4JV`)*TmOeZq5TG1 zXJx;=aMC&5ZJql2cG-%n!V%_-3mD|<(yfm!w4LX>@C567H(OhO2g+`zxxIR3j)yCn z7k3|AXiZU~LbbW1Zl4G~CS&-KdSA&=p3NT@;Iq2;HZ}8HHxIsSyGyL^q+y8mmmS_d zr+N8lK8giCGw>SWAvdpIUNIAusZpK%ERRreno1beX~}qE;r(O#MvMl-JpMO~(DZop zJYL2agHZ%st-OT6s0=_;wgQ9E#bYpf@c=kSDNc%qz?BuuuXXVB^!9Y!gyy3%U@)?< zk<|jgxT-9?H!TOhl?wtuJS#W>?to$pMxGvE0m#5$6lej?fcucPAcmL^upzvA4eeFJ zL{>CM5Y4B9ci{;0vf)|@^R3Z4JLvTuh~w)wG|^mC4FI~vKYFJXB?4|*;-a3$xS$h` z+_YR5>7^$vh!62KUFB@r;zJn@Zrb7_%|V;C_(<=TOjsI_rEBt2sKfM9c z7(bSu#6P+#EV3D}g<`o<5CHaMr5r#70A*^W0RXONCA{~%(iz|d*ap}I2m?d`;sK`s z=OLa^yMXF0T}d?Ai1I6px^&5Z*eMc4amkJhqZKe@PsY! zqy(HO0cT2JQ0`I7D0_-Vn$1fH{DP<`wgR-&E#)p|bGv_o_g95N>K=p%{|F zPIcS?#ru!3!Exjd!3fvz)3C%#An-HMJW@`G>u2+L#=Wj_h94)quCHO?g2wdpP`p#^ z6Qb+<*}Mr9-#@q}qz&uRe;Xx*P(=PF4Ez0Mj?W)@y&K{|=jhY1j>JGI5=mKj1z)!ssnp4t%Jpc%|N)QkPsD?H$-0$jb5D(H2 z(h74O}Abb%bw4ARu7W=6F&s;N=k$w8PuX_G3#?VY@Rbj_bZaZT48HZ6#2I{RHHzUiE=isGBjaTgTdbhep(9^XHOK3Qp-dVJq1gURC4 zh5McEcHFPW3D-K=MZz`yJkGC`^|u;x`r@1#nWXES?sg@*_g{?jXM|E%K%A()MGlL` z9AFFex~4lI1Mm*IhiQqskf?sA2aGq~@Tc|q|MlN10xy4RQ~rM((1Ip@&J5U`9y|SS;q>Qr z;Kv5|BoBUp8(qNv6+7^Yb>UA39?-r2Vw^v#U$M>*C#w69!+smj)vW-kp^nt;1bl!o zVDQ$X1h!p?8hpGS&jGYuy21 zfU|&7z%#&S3`QT~(iaEl0)Th@J%CeyVgTfu{s4Ts6=X-$f$&jX&3y=r{f|exl#_?}-!r z{=4fhf;8HpK;JqA^)cx0w zmxXOtyH@GLBQhLgYeM)bF>*ozC?Y^H+GPJtuTXs4o=cU#lQ}1CqmLH+29;I&Bm$K=F#?@mywaxz`{`0K$?v?l!ci`#5q4DRUtSt zJx{^K)hX0nAt*n;#8BKo6eP{X!{=B~kdvz5oS$1zT9R61AScdiU}|7wXl7^vf>GkU zh9EAO1LPW*8A=;SLQEDyH`&<{x4Dh;4R{eQWMpMvZtP_+XzXNaY-E^Kd1bNJyoaaG zo~aDqXm3)xsb2Ni@6u(P_Z-WZ)Nb|o{ML`WMW+sC9GUrBs*Mlw5nX@-$j3K&gcu(&ppC-vh{SE7(6~SJ-n$j)+#DU;^7SsxxlWR z1!bvc^P+6Z@*-u+!w<*nUaaTZ$;8aaz_{4Pz{)@f=rdViM#ldv90qJaiiwfIfDa_b z4-#VmhIN~P2#BxB!V3@a#vG72fxLB|1$Z&{(kdQ2G<2wzA)RH zldXOr^q+>E%Fir2y+Ss>*)CBWRTB1Q=G})XPHNQrJATt9^kl#K`?@|3ug|VYXUfy; KZyle!?*#znX1sC$ diff --git a/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csCaBadEKU.cer b/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csCaBadEKU.cer deleted file mode 100644 index c644630676d5d75ee2064dc0e942a06b93f51ff8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 559 zcmXqLV$wEfVw|#onTe5!iBZ6Sn~hVe&7h;x2QszPvP zdY*!dt5c}ELQsBwiJ`cGC`g)%htIK~ASYG9IX}0cv?R62Ku(<3z|_FV(9F=p$k5O% zN}Sga#5I9(4Ll5W4YVO9tDu|gnFll>H#H?Qu_RT&$}4=$>||^&*`h}FXNvde7(?ZZa%N_@~_JAKl0tr)XeT%A$;2Z zgemLU1DEz4bo49^l6K_09jIOC-+1h*$AK@o_Wf)d?T^2BZ}aYy*`EG`?)#6jDMtvL bGs=D|T^7Gz!TEfA1w)9QMLf%Y@r0=W7y-F4 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csCaBadPLC.cer b/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csCaBadPLC.cer deleted file mode 100644 index c99f61d8740281ee8f9a150e93c6627f7dd2280f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 567 zcmXqLVlp;pVw|&pnTe5!iBZsin~hVe&7h;x2QszPvP zdY*!dt5c}ELQsBwiJ`cGC`g)%htIK~ASYG9IX}0cv?R62Ku(<3z|_FV(9F=p$k5m_ zN}Sga#5I9(4Ll5W4YVO9tDu|gnFll>H#H?Qu_RT&$}4=$>||L!LF{E5#rUi{ZT%f!scz_{4nz}7$r z=vP@`M#ldv90qJaiiwfYfDa_b4-#VmhJKrYIEb$b;`73zAvuMG5!rvNApbQoNb+f0 z{JhV^m9Bnux5Cl%%%bEsHbOU;)vCT|L0*NF_v+l_71!53nz^t2 z!pb`<*F5Z+dtS@4XHM&!`;xgFJQAlS$=`0AZkl?dqe$l$CuY%-u@}`<; zZ)$iH*_|a=>wA+cQ^z-FfnxlDOVM`&^yLDAcf7WFC}+EP^>QX=Mh3>kKz|zW0evdV z&&c?ng#{SSZ3f~XzAA{%3lH$*6c$Egzp#S*(#RmTs_vF&;Cq${ryl9JJF=V4eEM`= zQcuU^JPp&m4(<~hpS$t>)N4GqPmYtt@SFDPXczPKYgxtjz7L5oV?6aT@1%CP)Q1DF zCVaBLG*kMqPvMWW2`=Af2-kEjecSkYa;H>J&Bm$K=F#?@mywaxz`{`0K$?v?l!ci`#5q4DRUtSt zJx{^K)hX0nAt*n;#8BKo6eP{X!{=B~kdvz5oS$1zT9R61AScdiU}|7wXl7_)WMFC* zCC+OI;+jCY2JVJB23io4mC;T1%mbQ`o0^iDSdyyX=da-E9g5qc#`y-k2q!bLGB7vx zG8i;=GBq|bOl2~9-kNQvTk!iw;qI@x7Ekn86Av>inDj3^F?HS#n?S|HM?ZL;mM*Wf zeySE_kdS4mR3>qysrU8v^_Tn7o}{l@!L+OGv3mB8d@Z9%%O)D_5qPbvw7K}f+>l?h zswOovth#m2!*bS{1pc)Lj1SJUXEkbBRC(kiTlN06yO%!SnZYZ~#LURRxLD0V#Xtz? zRas$1#{VoF25dlziIKs84!iU+-#@H!Wi3wGU@iL?7*)lePK9g#xyN_YTagU9hh-FzEW@&>|My zd7qE#?P6GGki{(S9l*Y@^YWamJ$$q7_+6_j4~}bpuTyaSgNLt~)bX$9FJ&24mrvL% RZypn~IBG{@4)e>Gh5)}3!Vv%f diff --git a/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csCaNoPLC.cer b/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csCaNoPLC.cer deleted file mode 100644 index dd6e567c1fbe25f9810b91a312e4102531b774c4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 563 zcmXqLV$wHgVw|ynnTe5!iBZUan~hVe&7h;x2QszPvP zdY*!dt5c}ELQsBwiJ`cGC`g)%htIK~ASYG9IX}0cv?R62Ku(<3z|_FV(9F=p$k5av zN}Lx+8X1~Exd!frItE%0laVvNA9? z_A(eWb}}_KGVGGbZrP+cRW5SP?%#g)PuuqVHavXnKlkfByZN=$!k=D`-?r?p9?OG* ziPI(4=ro-bYSW_|3$v9T7c9D%Xbb@M49ukf diff --git a/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csDevLeaf.cer b/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csDevLeaf.cer deleted file mode 100644 index 88a966ccddcdb21f8e08ec822ea838e0baa6624d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 556 zcmXqLV$v{ZVw|{unTe5!iILNQn~hVe&7kaK=YszPvP zdY*!dt5c}Eg0rKcxPd50l8cAWv7jI)Rlzwwx1h8nwa7qDoY%nAz{t?d(8SQxz%WXj z7f2ZaIS{Uai=n20I>cO{CRB4>Qp-|v@(XfP^GXzaQWMi~+tN7SfEVFfMpg#q#$E=4 z#!jZjMusKVCVbbhS{VK_^}4&Z&p)@*W?ugGL;knG?!!#Xj0}v6tqd#-_<{bE z6=r1o&%$cJ%*e=Kzy}iG2MMq+GqE>-!%$Y0h0lP8jSC#~$tf(1jL2SN1$nKJ!SLJN zv_CNkeYvySb#}c@d3{0CJ#ouyzr2KAU$=XIA0OPX!(F?!BHU%cqU3dI?h1;o3X5d_ z&1?5Ky?}AqZRwsmOU(xxe@g7kPQLVFi5zQM>H?QyrJP+okKV+aCvUA6^tR$;IKbfR fp}+bX5&Bm$K=F#?@mywaxz|2tEK$49)l!ci`$T>eHRUtSt zJx{^K)hX0n!P(JJ+&~m0$;HFxSWu9Ys^FZTTToh(T4W$6&TC+5U}R`!Xkut$ViqON zYY5^3Ibg1Vg`up0G{jsHbaQ=D6Vq^;+&JHW7vVxiRtDzAUIv54PNv32hC>-=mbsV~{_eS-D)Hj1 z^`z4o-Tn%v)!t5EJN|Eh8HbhnR1f>FOw5c7jEgM|%nkT~ev=huWc<&RHyDV3_^K?t@Ze5PVPQn}87s(VjSRM1{7UTKA1_%P9i!dj^d?Sd^6hSY z(ZUHVTR$A@5)oik|GanA#*CJz%d7U@bh*mOW_I(0^}eYpzCjz=r(HZNrXbSzaN`WW zCL5#08IfYl?ZLO!#F&Bm$K=F#?@mywaxz|2tEK$49)l!ci`$T>eHRUtSt zJx{^K)hX0n!P(JJ+&~m0$;HFxSWu9Ys^FZTTToh(T4W$6&TC+5U}R`!Xkut-Y8WNX zYY5_+K)D7EhN=e25OZbF&Gku5OjB@jbWw2i4#jOl<9q{Ngi9G&8JHV;84MabnHn1z z4%^ijd{bR#v1h%-J!=lRgLY?T8}okLZoli|({FCA_N7be8rHr$%VMN=HFA=cMbMRn zC#GF^s&``g?Y7s2FD_nqzwNN?+4yt1TucQw(@sUL_g!54lA|r8!X+Z;zQ&uzM|v+F z&o`1h=KCZ@L4UsNq_D8C{8sIr@0@cq%a$G}O=_}dVrFDuTx?=sWWW#fqpUC^<9`-b z17=1>1_M5j06$28g_()H0ir;ag~Nc2jU`l8l>ymPtRPP{GN_Aaz52>OKk59oEoZg3 zq@HZ<^)I<0bL6#nYWeejQ@h#c^p;mw@E?5>Cslpbrt*V`)$?Y{8x0n@vmzFUrM{To zFJxR&oL6thbo|2o=NTc=o;y{-xt2b2DamFlm$V95|Hu5?^m|*ca@{-|@XWhV{vQ9b UIiH%`mZWYr@pjq~Y10=50Qcd$Z2$lO diff --git a/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csLeafBadEKUinInt.cer b/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csLeafBadEKUinInt.cer deleted file mode 100644 index d63466e18ad4f0acd1702e7c346f735728c7ded2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 579 zcmXqLVzM`AVqCF+nTe5!iBZgen~hVe&7igSKSszPvP zdY*!dt5c}Ef@fYyYEf=#N@ik7s)CcFi-N0nsG+!lC`dUM51(T}K~AcIbAE0?DNvn( zoH(z6sezH9nW2f1v8hRvIIkgyYXapOxEtyiXhCdJMz_f)H8BllgF{*_4^3ZsZ|kRzIkjR5KhFpmU)u06N96UVtk^S~br#-w$nkua`j^*#vo5_l%f!sc zz_{4Pz{-Fh=v7%^M#ldvtOm@Cj0^^RAOU`m01Gn{dxL>Eh_4Fb^TMMfIfaE0*>kKQ z&oweg&(lzFaR}0Ici_If^IOP|aKmpGZgVG3w7-;e{!pd%tLmriGi<`O(#i_My%GwJ zm4&_WF3`+Zy13W$$=a39g5pn_J{Q^_`Sok|onODcUKGi$=kY(3y5XqG;{?$vLG}VR mRu#KfXTIjY)V7cL>Gtm9bLEUBS;ZbT%a*g diff --git a/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csLeafBadPLCinInt.cer b/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csLeafBadPLCinInt.cer deleted file mode 100644 index 5237e720af7ee9f9f2e5586807c7460ccb2d1298..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 579 zcmXqLVzM`AVqCF+nTe5!iBZIWn~hVe&7igSKSszPvP zdY*!dt5c}Ef@fYyYEf=#N@ik7s)CcFi$Z{pv!S?wC`dUM51(T}K~AcIbAE0?DNvn( zoH(z6sezH9nW2f1v4LfjIIkgyYXapOxEtyiXhCdJMz_f)H8BllgFi4+ne_{W=Flb zd_<;2OmXFc-&dMXxA*3iJzv=0-pX}w=C`;oYp&oYo|FAuHe7W)T2*;bdj7xthYwzN zkGM7W+LjCc^EQiY`{dSkN^ua6MKV!IEb$b;`73zBsqnJ5!rLB zAkQ^2GtKd{XXA5C4A!3ga;Rl79DMoKKay|#mLCw^w(aqkNnU3g#EtW z;pN;=d+6^XPszsAVy?6ARO}O3GVg2E?Tg*B`Mg!{d%K#f9yYtui9hCx{Sch=JDa&+ oy+FO~wjF21dH>zWxNl5>7aszPvP zdY*!dt5c}Ef@fYyYEf=#N@ik7s)C=tf|IkMxPd50F&7V?V?jYqs)BQVZb2zfm4Tc% zuYsw7k)fHPiHU`wWt2FtA&6@N`_Fw$0s#04Pw4RW*!ig;I^i5z5y@7 z`HZX#%#FPa292Fejg1VifBo9W&t9QBX;W?H!+-Z`W7@ADV7a`%H$n7#>T}L#i>B7g z%<#6Z6E0_BJYKu%Z_-6!YKr7WtoFUGi={4);P>4R(oX2%i|yGrdW6FJ@6y$ zT}H#2h~gbn#UsPF@F-SzTYG(N3*VN!HJIsq?Us27sMA{|Dfmb^3spd8@?{9 lV><0C%>Ik*N&XR6q4@2qxpB&Bm$K=F#?@mywaxz|2tEK$49)l!ci`$T>eHRUtSt zJx{^K)hX0n!P(JJ+&~m0$;HFxSWu9Ys^FZTTToh(T4W$6&TC+5U}R`!XkuhwXb>gN zYY5_+K)D9?hAIY15Obx`&Gku5OjGdlS8(+X#ce_3d;?yDLm62am>YW;3>rI`8XFmw z?H2cbsuA{aRqR=#3l~3T3j8h5uz0)Pzo|>htkmzuq*(@+@9cV|#pNTvvb8L}Li^54 zfB)|_%ezkU&Q&Sf=wZ_r=ea!b`qBmdFZW%^c#-gDvsb(U?4i!I0*cc_XNY8U>AFuDp|L+{$GDR{mGcqtPRyI&H;0Jn9R+y3TKMSh? zGb1B|0Ut<3nm9~v3b4{F$LRE$U$oAUe^s}AP|vt9FQ773a$h`b1h z{py`#azi+r^+&7CR5_lzQY-K1$$gTaaoX_Zp|!u??!IQVuF}2t;IfZReA2hFT9JJ6?PZ`ImVidG~|qa=w$|Sjtl-JjunTe5!iBZ&mn~hVe&7vU7e)szPvP zdY*!dt5c}Ef@fYyYEf=#N@ik7s)C=tf~$9^p}2u4NHrG^pJPEmPO5@)er`c2P?>?8 zIIn@Jfsvt^p^1^Pv3Zm@uOWzQ0_7UG8EPA7LM&23x5y_oF%4>gLS`NimEg9galQdB z!UK$~49tza3DLs+&o6mH55|xdBxxry56w z7-f4N4Dt(Ti>wWJ`83Pjv|90Ihr3DW=I{U9ZyWOSPS_(icfGAfO-x=WrdID1^) zMLD+KJSzM!XI$_sUk;s3KRjCtehY7&tYXfWztrNNcd6f_kfqPF9FB(^b diff --git a/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csLeafNoPLCinInt.cer b/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csLeafNoPLCinInt.cer deleted file mode 100644 index 182640fc8b96219015ab5be1710c46f72acec149..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 577 zcmXqLVzM=8VqCU>nTe5!iBZ^qn~hVe&7vU7e)szPvP zdY*!dt5c}Ef@fYyYEf=#N@ik7s)C=tLV%C6p}2u4NHrG^pJPEmPO5@)er`c2P?>?8 zIIn@Jfsvt^p^1@^sX>%DuOWzQ0_7UG8EPA7LM&23x5y_oF%4>gLS`NimEg9galQdB z!UK$~49tza3q5-W z?iOG;KGDQC(JoB?3(pE){h3=k_J3M`^WcOWwusm1^;hqCGw#kg_0*j~bMlp9CT2zk z#>F-URtEe)pUMg|GX7^_HDG3BWH8_Z3GjmiSeTjE8w|ujd{q#i7ak$WDJ+c0o?``h zu92ZC#QKZR>Q5pZyVLUgS7twc`Dlr<;JXc5Ds&Z;7ueZus$J^%O zIWxXzCVsAOy`E}z>~`LvQ)^nx@}?at+0MLu-FNe^2ls?$?^C~jA!_{;|Bf$b7v6st nQhrGDBj*W`$6M#dS#K&^!n(C2GAJcrr)R)VN#k3W6RrUO@HNe` diff --git a/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csLeafShortPath.cer b/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csLeafShortPath.cer deleted file mode 100644 index 90f950759c59c47dc80a962977256a2fb7648961..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 540 zcmXqLVv;auVr*Q%%*4pV#K>U4&Bm$K=F#?@mywaxz`{`0K$?v?l!ci`#5q4DRUtSt zJx{^K)hX0nAt*n;#8BKo6eP{X!{=B~kdvz5oS$1zT9R61AScdiU}j)yXliI~Y+z&> zCC+OI;u=A@2F`{W25JzK<&jJd1(}?anwX|goRMEtqEL`nl7ZWj#`y-k2R*+8`8G>uRf2q^!4yoqb{C?fyoVEF( z?w_7nU)ZZZFAuRL_{ME%EyiCLhqd|sZ7MBWrmDg9&A9GC PNXdT{miU{N7q~+Jlp4KT diff --git a/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csRoot.cer b/SecurityTests/clxutils/certcrl/testSubjects/AppleCodeSigning/csRoot.cer deleted file mode 100644 index 34503798030d443b034ed2588eaaf5b1fc5d6812..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 523 zcmXqLVq!OFVk}s|%*4pV#K>mA&Bm$K=F#?@mywaxz`{`0K$?v?l!ci`#5q4DRUtSt zJx{^K)hX0nAt*n;#8BKo6eP{X!{=B~kdvz5oS$1zT9R61AScdiU}|7wXl7_)Xl!T^ zCC+OI;+jCY6qwvN-+&k4Mn+Z!=EhzIgT_v##zuz6KJ%kmy7hkTv%TcRs4}N4I;NB5 z{F&MH*+2cH_h+p6TAc7dM?xo{t!S10uCLoo%G9S!^@%<%9@SPAQhHZ>X>z5iw@=p0 ztGP?-yf+s`l<*3$`1oHJwa_+i4tgiBTIXEYlQnxPl+~{k9@I$Zo$)9x-TaFA{}grK ztiGQAhcXg2GBGnUFfLX$P&D8N28*mPBjbM-Rs&`rWxxj#;0Fn?0E3zh*$=EBKQuC= z?b>g6*6ezbtbx}n?M9~X;G#cg9Ze_yj=x-a=}&G-+VtkfimO*yKF_+YG_B~kn0-Jy z$Fey~qwgP>HZ$S137VC12Y2)Lo)*d zLlZ-jC~;mO)56dg$~AB`lroTj*dXYXm;y8iVv9mfYGNAk)-=vH;6*r`k(GhDv6sQ1 zv6HE>kzvE38$tow^m+RkU-}mX?67-fHh+$D>5Z6B<%_oL+{nbt$iTQ*(?H#TALvn8 zVMfOPEUX61jEoEhA|L@(7G8L$C#SG5BKw3Df# diff --git a/SecurityTests/clxutils/certcrl/testSubjects/CodePkgSigning/CodePkgSigning.scr b/SecurityTests/clxutils/certcrl/testSubjects/CodePkgSigning/CodePkgSigning.scr deleted file mode 100644 index 5f3565c6..00000000 --- a/SecurityTests/clxutils/certcrl/testSubjects/CodePkgSigning/CodePkgSigning.scr +++ /dev/null @@ -1,54 +0,0 @@ -# -# Test Code Signing and Package Signing policies. -# This used to be called the Code Signing POlicy; it was renamed on 8/15/06. -# -globals -allowUnverified = true -crlNetFetchEnable = false -certNetFetchEnable = false -useSystemAnchors = false -end - -### policy = CSSMOID_APPLE_TP_CODE_SIGNING ### - -test = "Apple Code Signing success" -cert = CodeSignLeaf.cer -root = CodeSignRoot.cer -policy = codeSign -end - -test = "Apple Code Signing, no EKU, expect fail" -cert = NoEKULeaf.cer -root = CodeSignRoot.cer -policy = codeSign -error = CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE -end - -test = "Apple Code Signing, wrong EKU, expect fail" -cert = BadCodeSignLeaf.cer -root = CodeSignRoot.cer -policy = codeSign -error = CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE -end - -### policy = CSSMOID_APPLE_TP_PACKAGE_SIGNING ### - -test = "Package Signing success" -cert = CodeSignLeaf.cer -root = CodeSignRoot.cer -policy = pkgSign -end - -test = "Package Signing, no EKU, expect fail" -cert = NoEKULeaf.cer -root = CodeSignRoot.cer -policy = pkgSign -error = CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE -end - -test = "Package Signing, wrong EKU, expect fail" -cert = BadCodeSignLeaf.cer -root = CodeSignRoot.cer -policy = pkgSign -error = CSSMERR_APPLETP_INVALID_EXTENDED_KEY_USAGE -end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/CodePkgSigning/CodeSignLeaf.cer b/SecurityTests/clxutils/certcrl/testSubjects/CodePkgSigning/CodeSignLeaf.cer deleted file mode 100644 index 9636102ccc962f85e5152fc33fc86ae169380360..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 545 zcmXqLVv;pzVr*N$%*4pV#K>sC&Bm$K=F#?@mywaxz`;<|K$wj=l!cjx$2mVGH8?Xp zFDO61#8BKo6eP^W!{=B~kdvz5oS$1zT9R61$Y;Or0WZSQjI0dIjlB#8jh#%5 zjSR2q?_T?@ojLh8&{WVLktt&H!ISJ|dp#%%0!*gkJ< z;+YH2_gXE|^;jm!yl#u{&+FxLe=f+3`S$R-U3tM|K29cPMh3>k8U|_x{6J623NteP zXJIv9W@KalhpVhA3y%R88;3RMTni`=v5mgHY>^iFq5*5r-if4^Rs{<~!T(T{?>7sNP7{&}R- zB17Gt8G;(`=7?J)Jh{-*x768*uhuiUDeLZCo%4!3TlYqJYTuLRTDI!`=jJ0$(S5%Y RYRi0Ihab<1OpsbG008H*y&3=j diff --git a/SecurityTests/clxutils/certcrl/testSubjects/CodePkgSigning/CodeSignRoot.cer b/SecurityTests/clxutils/certcrl/testSubjects/CodePkgSigning/CodeSignRoot.cer deleted file mode 100644 index a4501cd402da99766ca9f7025be5649570d112be..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 523 zcmXqLVq!OFVk}s|%*4pV#K>U4&Bm$K=F#?@mywaxz`;<|K$wj=l!cjx$2mVGH8?Xp zFDO61#8BKo6eP^W!{=B~kdvz5oS$1zT9R61$Y;OsDH1u`uRjiFpB*w8rNfEVFrMpg#q#$E=4#!jZjMuvTvr&k^C{jB$b?f>@L zs-VQ_cOQCPRsSS==&!}p4CfQw`_715@La+r{#quevqcIWoUuifdO6E0K1xlV4voHtkU;}~|CPkdp^x9#vBmXHHW z7(&>xbevZ1w%w%XqPO&z$Vnzk!Ulo{{J>C=6=r1o&%$cJ45X0V%nEXIBg3St zll>pGw#_-T%VYHiKdqnceAedb5>p=-zp_f$#@9PFVBV}R@_WC|de$&mM1}99y8W6m zEypb%GA&G&Bm$K=F#?@mywaxz`;<|K$wj=l!cjx$2mVGH8?Xp zFDO61#8BKo6eP^W!{=B~kdvz5oS$1zT9R61$Y;O^;Y3e?YjJBSi zYOrv2gxuaX&ip+BlU`3})czoHBGTZ?*Ename -n -s -n -p crtn -p name->name -q diff --git a/SecurityTests/clxutils/certcrl/testSubjects/GarthCRL/CNTMTT68S21G224G.cer b/SecurityTests/clxutils/certcrl/testSubjects/GarthCRL/CNTMTT68S21G224G.cer deleted file mode 100644 index 55fd93c7f45f25ce9f30e9c94bec311b289f471e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1602 zcmZWpe@qis9OtgrDppXqN(CuYSRs*e_wI^NFfcBc%3!tB_HYJgvRixNX@6inFahSg zhJj{dk(q3f4d~)joZ@8JjLzvurkiu(nA`r)B@;A?E(`t`Q|IQkcSW(xm)yJe{qer< z`{VQdg0Q9xgw;6_6^fuJy5ulO(8Mold#>$X0)nX3aX^kxS`e>M)nFPNt>mcrAVnc& z;d3ejYl1BA7ea#3&DJxN4kRlQHLeA;g|b*_3VpO|P8g8{)vgA9EFD4=K>P=$+& zfu$CbMG85&YC#w=Opjp>3^E#nhOu)t7eg%osgq77yDC|mi)D;9qkBcAy~gRRrZRzH zQkddmN-G^pt6655%>@+*mZ&Eff~o+vNr%f=2e*vl3axIMs-WqD3X-Bh0VsOp2>@1t zZVLG-96{iBRQXBK>UP#uH98AfW@B}*lu8A9#gH1G`+q}}5oAo&B_2sh@_U4U6bhE} zK1m4igeXyuf?9-YmN6V>tA5PDa1Cp7aIR`f59TT62|N+zrhtkrX7OSRkb7gRj;P~Q zatEyZHdL15zMkJaa&*I=3tqgmBJA0o(Q|PlXKuZ{_4}@-R#Vfh+R*i`4f*@ayWi>V ztbNyPIA~5Qxp`5q89X?;`SyjS3(g#FJu}W&FK#{Q7{9zKwNs~G_}VkwM|Lc4KYqf2 zbj)_%yF1ojf6QRIzHZ+@r^URxvphU}c9ygB0Xos&GV{Q4EviD|kX>Q46@<|(Kpub* z7>t;_56F9fq|xNr6A?rU)G<1KIA1th-^<3*)XxBH|Qb#e4v5%iNspT5Am$dv(H5lU;^1OR`jt}0%AQ+ z)CC*ieUPrWoP^B-xcqe4K%yd@gCPH6mlR)5p{&+7==9xP95{A<*I8odM))Pz6-v7rGO;ic z4+%Apzl+FcBl0(G@>f1DuOvkI(bKb0VzCyJo`A{XeUf1l4cwFM2~S=TZc|+zZBfXe z6{gD$D08p@-c?3HteP?mAPvU>+#d}DMXuBUhGq^v^&YIL*`si|XFXFRMQ{m?uy7Kb z3wAhF02Lu4`E7Zzh2cZ~=>d^U4M#>@BRnDBWcm}a6ilbTf~NK!tx@qGH&a6^bFY#w z@BJ~hP2g};g%Kp~%Tf2~>-TnT?lV@GeAwBZrQeyx9O+xhvs+g8?7SQq=}LRMEi1n# zg4j5}pH%{{-}>_E1DaI!fk^U{sNl|Sn)+-?8#lJ+=vG=J>i z17YyZ=D`gE-A?u8^>=T*ejw@0?2m?j{R8>zTF13Lrswy4qRG2+Dr0mAb&ZX*jGay^ z9B0{y_g-*(k%rry!TU{hsY7yq;_BI_65I%KsC%f_kI=F#?@mywZ`mBFBKt|7MpCmVAp3!5;LXNaMM zff$IxCCu-cmzM9Gn44OZsu1j4;AkjfAOwBO}8xqxgHwf2-n}W4+BTR^Me`_G-z=$k{K=Q)6~47N42VZFy_6SjaPd z!wFGk9Lrw!dM`U^kd&}vGvCkV=F<@mx+_jwOj7G&y}3=*L^j*mSd>5Tj(?SspR&Uy3YI4H%-587IfzKAJ(X|OO+ghPBbVV&=)Y@eJp>* z^wTpIX)12!`1dN}cG-CzSKo;YlO@`i&Sx?H@Hy=nb|PWMyN?<*CdrmjCbE{idK-TK zKUI3&LHy8yhY9EBOrE)fMeRVZzTo#|jt5pdNpF_EWY1l~!F}}bj`mkGDnnG;Cwi$w z?h^QZ?bauU5GnqzM>1Q*w$<9LWnyMzU|ih9*aZxcHUoZOl8_Z z3M}pht_IF*EI=lMfwh4p8;3RFbx5m+K`b7NzKA0+VerIN9oD zmguMCC+p`X=7AEFUPei-LE|Zqf$}VkhYT9`8#L}&(71C!ZO%{eKFAY(w35tg1OKRiWeopaP^^0OSGl0g!~|1Rx8R7j*K`EdXUWon(+` zh0}QNW$J%qM<+c`lLDCf?3QPOrcs0+?PI8TL;5$+O>O z`};Y&JyI{)KJ60!@#oX3ma8+;E80YvL=8$69q!v43wpj>>c(`FB+eb~Ol`dN>+-*) zO^u#m_kESd;fWmq3rg0zlugxHdb{AT`|_>31nUbvyZ!j$x;*pbtS+lFk;@of{s<^u z+s-M-Z@!|(xm_?a?80YXmck8|{YL^H}z4?>T^H-1y`=$b~MZQTZZWcRpCV!IH%PwX1vBX zvx~vBIE_91iT;(9`%Mx}mKSYM*?jng+B5r!PkaotPOcE2W>?p0ENcoJOBUy diff --git a/SecurityTests/clxutils/certcrl/testSubjects/GarthCRL/InfoCamereRoot.cer b/SecurityTests/clxutils/certcrl/testSubjects/GarthCRL/InfoCamereRoot.cer deleted file mode 100644 index 1acaa818b59ccc74541e89b2ddf39de04dbbca64..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1364 zcmXqLVhu28VzF4j%*4pV#K>sC%f_kI=F#?@mywZ`mBFBKfg!g6CmVAp3!5;LXNaMM zff$IxCCu-cmzM9Gn44OZsu1j4;AkjfAOwHHDnu7i^?*qG8IxX z5k^#H=I5m<7#YZk^BR~K7#o=wni&`yT11KSf*4?~k&$K8Q1C(%qY`q!GqN%;H!<=v z7&I|*F*PwVGW<2$>M`el{<3qY-qeenPva2> zmG5izywTix=|Sj^>f5r13b)VVW1GTsL2FizgHy|6>Af>|CYBeTy3seIY=)$D>18H; zZ;Rx8v(j3g*a?47X#T_8KYx{it9(eqit^aF^tt~`c$ZuItdS6iKhpl=^r|JZZpa8v zJGyTF-5r;Lh4xHiekmHhS2>U6Tr=07rrT;;nv(WNwmg#8UU}oeQmqRM?i`(R?OGa3 z=c&k>zI%?m74X&k%B^p#rXA8-H;rlYyhG22G$0aY#iEbz%uH0w;nY=h318h@77iZm_Bz3H?d@v&=KRBUNv%%^|b%y(5OTn(AF ztRq`-%cpm%e0Cq_6ui9f@oS@<|FwnpALQeYO+CuAPAh5K#2}w}VxEa-wlBRKHh)82 zpWaUCNA}M04u_1N-ZOcWoX2(K9UpUXli-dwSHDkKseSy}x$dc2&lPV@`Wbk=F^-8_ zct_FGrZe}`eU@+=Z|QjbQGN@@|M~SVXKq%Lzx!Lcvh6{HgqrbFANlzqVw0YG-2e?%=*1hN4hcjXq9kGH~5ry||dBu(tJ65ouf&~;o1jpX6qTry8BKCr!W5qs- z4Y7B{f{MM2?Aw8Whb}!)bbBkH=kPm@02{tnwMB) z(e);8HTkC{vaCy&QuE1IwJg@W=pyBzO^bBPx8Aj-d-GrTA6>gGwe|SXhYr~HkWq(? z>bc8+3H@7^YhIRr)1}*D&6R3PwY}2P+}wtL`?7VhZtDyhfB2}L14bQo_?XdS_TTsL zL-E}KqsH~zWz1g>A9cvSJq@XS$Bk;~*SrD0D0f@C*u$v9jvRCBn4SlW@g$BNbLjX{ zJu53L(cIe7T&cCxDy_}cJ>7q{SNWe9*LU|fub$^CJ&M1n0a$OTRjbvuJ)0MA?uw39 zUB0Q@HES}E_Z+0PxxErWy5;%Ge^N+mb6dT&R^OA~tvtXswzO2*E9f*Lz48MJX>0DN zR9Y&Hka9Cfud<#(+FM#$>Mb2Y`h3?|Yi?;qe?`(6dtc>Z52+*uM$-RONJn#Pt*zd^ zr|Iu2*Vxh0T5XobAAMu3y(-967nnxOT}yMVqYmalbG2i%v5NVu)LIR@tG%v`W}+*# zMs}Obci%e*zT^sF3_W^jW4*bfrK5swi^DYE_1M`%>diGk_}!7Vv8B1%Tn|>vOiz#7 z9i&=sPm{jIK`_ZRa81%zxW;$#0>1WT2AGzEn0 z<{`B@hZ2pp=LiRBfuspbJ+ITo4oGK94H8oP&WyI_s}|DI+){19szi_;w>e0)rQRG2 z%xr{}4{#6&VkHGxeIJ3Kn`TT;FigYCYPvXpv~Y_y@?sWsrOO-@U|M8RS6@*ZTOe8W zmS9m0gR5=fAdrRTU?vRdURx@p(%gZmfY4&*dyTS6Tl(QJJq(bUg^_E&{>}zy&5R9OnTAVeuwGhZ) zORSJEh8~vPIwroE9btOb_*lQgYRMjp7+m9X2f=sEsWGg%rb5~%rq$Hqthu#?fJl`~ z43^g1wa{3rK-aPHWY-9J=4iQr{;Q4H2rx8}WC60)G!LoQYbl+)`XvH^KCVL0B0fQ7 z?N=NGN}!U0taGSBs+h=1EUg&By4@5~v-=jL*V)N8#`ehQmv#5H5a`_s?GcErZNIC7 zSVt8DV-G(m68f`ZSF?8)-v~t;2#VRF>pX8ET!(n6z-RAc9Rvn8+z)1}^}fMDFiTZ2 z1?vshM#vKOQLsj4e0>Hfq@$%)htFWvw$B7#TdMVD zTE_Ip@^{6LF^L;IsUKIdXl$jsqpoHlH z8F^U$K;Kwvqn@MWJmMPb*t%E|H1@kt8@X9)6kl}P&+^g+nKryMb_+=J9Q_W{8*g$W zTzz-&khTSQTT zG!$SfjdLRey;sgrD$wHa9c9Y<-ftV>%rz%T_ft87`vT|rICsmSl_D^(t?4tCY{HP zRq86>4?9?#$3DN=?^@7%Qq{MtrI1Q7Gg*%BQg-Gt5m@=1B!hpMq?-nWIw2Oa$zjZNK?!g~04!H;d=g|59zFVB#;r z-XZh-&-9R5tJ>54?`R{H033$IcLOFX1io&)Lv7K(rEMc-zET&9Jy2YjN`*6B)itU~ za8s#tU^lc^Q*Ohc0;HPQRbYPL3)&x)4nj=nZ_rR_G}fT5!OiN2xyCxI5BkFn*iuzO z6#@o>7!8w~5GO93)urh_0l zh;<~VU=@W_;6_&%DdD@F7^agYDuL#tr?xYle+%hQuXrblzBEFUC)c6=w1t4W4QhA( zS{q^XYpwAVfTh;AEd&gu&BV}29#XM>!5}ItvV>jG(iTR7W;JWvD+;OBIlGa{+i+b6 zG3ks(h*2}U%~J?83e>hJ++lPqNg9zC{y()wgBgbs0uKVqAITENKAa)0K;W`6t59Un z^get~4}lejlEd2WMH9*IpoyA0=(dB{UUsgrvhemJVqE@1^gB9)X_oeR#z9)DZMBFB zdLKk%!`|VuBCHgl-S;JFgbN9y6voTOyzEDh1>ez%R@;&aaDQr3g&?;SY*FLZ?!T#n zw7`DIR@+?%2CLcu1D)b}R8Rd5yRo^AHU|^3sY(cpDfD!l83AOJ?nXjtP~71f0kSXE zHo3-5rwbiIFlPreIS6c?F5^gQT7Cz~s5IG`D1(s(Qz?ID8OcV zv1mM)L5en3P4)wgEsy)gdMkZ5BI)l65@Mwybc-h& z!n>`&ZYL&d+yzPnkg7>$MDuw_n}uMB6Hy3wIb;_Hfr}Vt8~_=2lZVui+(__p@cRx@ zV>Fh4w0`0sn7_Cq%;zDmct{Jfv}TeIal=He(**nES`}FZE-{0;us;wR%RCns2dV5@ zJ9Qlz4;|zi>n)sCHV!Q`+Q58brj1ZmNHPG4ZYQe2tU!NZ%SPQ2GT43B0qKb#=x?Ih z9Qaw#1&l)Q-C@J*cQ6bH4;n{gWa7}V9#UzixJ3)zyXGLZD&mkvh|xqlF-eDcF}_qA z{RyztUpG1$VHoK8p>fRG76}_?JrvZ>LlMskUlb{CG)r4EXNRoTI&?Kpuu{MSiS&pLVBju2;J|~?8G1PJ3)=`c z1fI5;!Aae;5!MM=M<5$F3BH@Oj)y=yh;uSYbTTLzPe8)5WA}DQsF^ro0I?C`L68I3 zb@kaNi5Cm`zz#q>)yRa|%!eJMq^ZFwWTKJJUU|86%AFR2^?+m@HuKAq7|n9N+M8SJ#%*Y%4mq08&q1(D!*c+$hlbh-W;BA~HTK_RdODp!mFWro zTjH#M+?@WD!$2L!qQ`NZeqsS*PJ1x9yNWua+t2C8<~QW7cTi>@1GdcU9=nW#KxE^H z2;*PvZw>+j8d_LGWr&+a=40ZV0GT<}E;STPu6iqc@L!n)!wLRDcdu-s-Z z9jdzy($|c0px`^9Jyk3!KE$7nI0Hc*r*3Qer<)ZA449)G=XyxBBVQcU3dt|-8pR=?F$^& z&9Erz(^Q4?!)DBztoF3M6blW6X^O-I!#h!;2>9YO5AjhrC;J@n5)1~}hsdUa%%mG^ zPq2JAR}N&#B+Xh7=%XLN}TcwdugjV#^>ask3IieXoR9x z=<2=|K9mmqLguA7ELKK9r-v+?PVV*?c;uK@4)#K|5d5;*5xdXCocX%@5=n?KFfSWA z)72V)4pdqgHHb`JF#VYMw*S%8dr)pz0&+pOEJYkk(j+2zjUgK~ghC z#p*pAS0F7AEi0+K=&8U?Mi8#wrRo9k)B{#9;@1fMN{$Y)W^p2q5_G8_cWV_hZ^ZP# zUF1V3G-TkJULf?cTeX!Ly&7kcom}>)Z><~Orl{ORkWP8SVc>eir`e=)j;eLKG&tl4 z1j%@PEC0umvB9(XP&Fq%6pdG8Kzx?T9qvnNPRuC3y!;B++KLE0S}hKG#yN_CrG%%3 zFWGw4Yqk{%)kf^A&h(9SoX9KmE!T<+x82-V|Dvskf1rAUB{sgm3F291o$$g1UK-EF)?Xz8LwGPIF+kalCt;h&44i9@Fw|8!=7zD0R7m-wx`W>Ri zu`w}U?aX^%g@*UF9~vE|8esMXwo7DipcsUayH2vL-~**yAtNAn$P*5NZA_U&FD2Tgz+vcMy;8Q_-@DQ=cQO1%$9GsCVd%nhPsun3VjKvHaQ4v>&C z<~H7x*Zf2KFmY!b{BkD)KNVNe$tJM5%$pST*}2ZMyLhciaZ{XHBV z_>1vTJ~6XSPz=2RQ@_#34~D+slO9rwJZ;f657-3+8L98Y^wui&L%QfTIKEhXK^*SD zi!@PXu}2aA+2ZaI!@)%gh@3wpo-Q$UoaYCgw$PcPteY*0qOZnTG8yf0I@y3Aeh+t} zjP8+RWFU;PaKZ;AMLBsy($}y^w6)atWb2&U92Tx~?A@C$KP_NP;VWBb4sorpt#)fX zX8T4u4?%cxkKQ{#zhwTD=%#?S!Z70+U9$ezQ!Sn z4*t+XkQ`2O{P=i>!NiB5ge=~plA?pbg?37WDP|`B@N{sJu0H=or)n#$V|&a2zkG5( zkHLXHR?oEF?^OE)hwZSWSf^_hMS3&CWHlD#}L&$mK~ll(pQ zxnd9)f*>&b^17;Tg|Ue?BRP5Qs3L|IfM3p)L@_v{a*4kr=ISNgmmScy(ddaeU6mc_ zK)Xb|6Z5>Br=c&iOCu9vxZJ|_MK6*w%`fkkY!$!c9*g9aUq1hx`;uvQotfwNa;?bM z#tN2SzOa~L+F&|NMwG2D?(bSLFSJomw8z?QO#1=T(`uqp3wF9XOOg9;MQ-T$QGMM0~7tvR5%(q|Crp0@c z)L$FsFgPFLVzPCP`kk1Y_6odQX?<(9V$n*+*+}#eGhHJ$cQV*`XE%$%_Cx-)QR-E3 zs-wo}iynatbH0SERR&WG98+JuyP>15Ta*(t|76$Nipvd=Lgz5wQ*RD|5^HvJ@b6F5 zFImIk-2T6h^Q}1dj-;M_zNn4{126d7!S0qtS@4df!<`Y+!9F=k{R(n`Gen8Tpj zk)Acb{O)pXg?7YBCbj$fBR!^$EJKQe2j44TOm?DiZ?mr_A1Gi@^%2tHJpHhV!@$%s zsKA$5`B81#Re(8TiAT8EcQP-&aP&FL8@4Nqv>Y z9R^o{l96?`s(Le^!vG5$P%hqHTEE1t9Gn2?%59)_24Misdg*O(;0pmFg%@BcyZ`6~oX&F1Sx3tzYL=%ACYq1hV0=Aysz zq50Yf8iXC=#T0KXQHNCqg$&Mj8X?9IWSfYv69b1nbd|+@ z`G;o*l@5&EDdZcAOM)+9N=?$4v-@GQvc&)fhD$_$b2~3I2qt&jI4_*L{<77PKcHh0 zD;xH?#o9_8mFsm=fNEMreL_JYP;0f0;nS-+EK(S8%9Gq)A+9{Xgzv4UH#5cDyiLbb zG1%U4-e9v&Si};CM`?})xF(NE3;_26cSWL-5Lw&jM(CHsB+d%S)&j{U7&_v*bC`qW zn8CE7NCz$sTeli+=~3iZ0m8}LTC_Z{EIJMIfO2XuUk)FM!MPHX102H*$2)qhxU?BL zKHPwOzCL-Ky@zi_ zK$G&+vLSOE2KgN3CZGxqztA=!KEk#LW-~PKpaQIcImvVS}N=aV`d1#8mFs?|^Dc$`SkHPV16h5%8T_mglKTKdI z6;$cvHIxp#3}n4k{q1s|YlS|i;f>YbuDWC4E}*0(H1Z^~Ftu z*I`1hz$}RKe_F+nfx{Gr;NmN6s=ESopvmlM=)&{em!Kc#sHu>4o2D450Js3MNnY97 zxANRIWSv4Wy^F^ngCFq@S>O434}sN*AY@>7)v#D46m?Q}kobI0yd8s18pGXBb<`o< z@u3CjJg>SB)OnH*2cvN<$-y4IJslL^0K?YJAF{1D1#IRD8+v24mAS%N90&2sz0_xb zJyi_8%=UWKeum& z{y7>vF~jYEDC&s}0SC0_!F=rM;wK6Vg#NUHQ-QJ)AS#D(_}BRlA8_a&Ve zsd@GD~lHP{TdraLJJFN6LRZGksVsA%_!2yj?%S8+`h2gYQboZa^h{H3X7_s$W zb+yrg$cpC^Xf0iKmc>HM;baMRtO`G{m^IoXQW&f8FIsW1W+!3X0;K>^haUvnPChqN zHH>-#+|7w6m6$_*bYJ2|Sy-%`Hn7p8wz@9wE4jd!yVo<>9Gmm_ZRU!qhE^f=uU)nKCL5E?aJ zVq$jH$P1T0>ZoywMn=p)iMeaQ;4y;a=(EGs+7KhvA^h@)Cgls2g2+rnLPpHqRs*2C zy4H!X?)|>fF_^HvSUj6^x;YGzF`-5hH}|OLJO-N*^AxRPHh!+h;LZ_*gj^o}yKQBt z6|Vv?r3cl@pcVxw*|de!$_11H@eC(6`H<3KH@U9hMy37HqdxK&2xQWuIo9qO*6y3v za~cQBVNH|+CLJCsx)_JyE4lx~rm zLrb0xV(O$EpR`C36Nf&Wk&{G5*%w?6hFRp`sPEjDJOzxTl9-bVU*eoEiP4)pq|RE< zXhxvkhP`FGf~_*!oy5mUHUJ&~rrT)rMkyfc2Z<|WFgVV{6!6Q_?ooO?J%Zzw+EBZQ z72%gucDkWP476XuWG0L`sSmrrV^S{w7|a-tffE(k9SnM%UmXPImF_nTlOvUL5r+KRlA6n8aF zFb8txEQdkrB-CHxEuC%`ii*Kh$?(geKl?9{l1s|QiH~{=EJP$5q%*}XF@h%~wvw2s zbw>xsOL2x53S$fLtC>W@J>azdnk)%AVo=K%``%<{(z~uJycU=CVy50##Kd_EF4S35 zEQbDyE=hKJp%ryyNez0cq^j#MdaW!aPf7P^s~TW-gPz-$9##CkyL7{blMS?4qSLsZ^JLow0n^Snwa?1i2lB_ z`w|+OseSB>s&9nWW+R7i-X;zTEw4qo*?GNuD|T13CHdvKCn|=1mbniJ_DYYh<6Du1 z3VfX|rq8o4@)$^bAqP#uoz4b%w1}NW{h_j z*bG_&@_zRdzLk+}>dPIERgAHv)=!%uJ{SXh+z5_^n0#HlzWWk;GcMxioL(YFTBHM! zs9r?UZ8wNtOFD=G8UG~_^$ zbTUC;Y&kB{b!WbsX|I&zT{%#h1P00!eQ`X~d%IR@bL?tL%zhGmLq$+#(uuZfM!GK{ zGgOTjQ2ln_h+rq!gyKrgk{}1fA&v=W2W*w*4zP3pLIzTpopqsa#r9S4p0%iNMWsTd z(Kw)4H+zf(VeusHFIjr>g_@7Jh{S9{bq|Y8h9PhIKf zhmUv&&MrZlA70Scx1upnr6Szde`zt8Ec1M1Ji0xs{2{%8^UG+1Q^W7&$gso@E6T<_ zeIr6htOOf(_l-y$=t4}kvP35mZb&GF7*6SO$p|s=NMAeBuEacjkWyzFJ@Eh*r{(7P z4ugm=HecWa6CdWmVJ4v+C%2rYmtGMg}HT8 zO9z#ksQpUJNOt=*ioppF-fW3xjl1;rKO6=*P3G*`dWV{FtQCSpT0HW8(JBs$ldE`! z`Q=@!c?`-x&?j3j{>ZjcMQPSQyIq1&-cf{frFFqQ%eXIb`Q8>yj9tmK@}`w)oUyKN zzCdBM|5!WYt!&j4S~k{=g{`zoFybewrK zbgY>|q6OE0liuN@8YS`#EO`rxUq1SQa)6T<{0UY=Wbv^F9R{UeAx3oFW7`xks96-* zx!@Sz3aN^yb50+(M#vodQm2^K|JW}f+bG=7)&;(m7dWMt8;|m>saGjT?}$w-@4N=ZtKJ@cER z2R|mpu+QgI1Ascy5JJ7QV0-r^j#$!}?I+dXm@g9#Sd#ivD&NH5Oj9-ba}`e=YC$dEyZ{wdC?8-8C!{hhA0Z^d;2` zrWN!<>ilxP?rLJBxB_v)T515<$XlD?hlEJh8BdZBlGdp&OD35ZUhIT)MzfT?e7w#i zFeu81x+0ISd~GqjddWjM>fQV0w2>YSJgo3W+9Hg1#-E@cG94FPBajQ?k8bNQ=1@Gv zUBMW|sGc`;wr}V~t?n^kn*7NKfrMzbhRi^swJkJE`=% z`X10ESn4>_!oj|(*27@TgW%*~>^~iKq{zbx8JXy}<%|V^1a<^=sz~VzUEG(r0uyTr z^jW&e^Nv$EZZ~prR;&GzzNz)2@6&`nvTwMm97j!%`d;JQhfu-cR2ZqxKGc*1$W&54 zWx+vz_`Rb;uPJan#6A4T?hI;slXh&BK+q|@^P|#12!)!3B%Mz*lt9o4Cn}s^^J>oq z8vhUi4-E6mS^C7e9gBu245n0jFyOBeyNT-spH&BLx?Y}#zre%c*2rnD(e4ooj?qe`z(9$ zz5>PwD;b&df4&tW95F)7Wmd`%Z(0RA8>SdX(qskzWm`Lk3qT`81nwHMlGO>J#Nj_t-4p)imQHV zf+lFXkFB`P5Qx8+<x026GT?Z*uUnDqv!8 zo*Jx%xkr%wa-`z`(JlQse)(Gu+ltvsWUGkz@kx(?stc&gTK~3>!(f_h1n}@o*NR1r zlb)QJ-_CFtu+P1LOwmSl*N7u!tMs3esX%xHQ(zJf@lp>x)_h3}JTNAOIE3A|@~v=_ zlFK+$k}l@U)bRu9Tr6VG0F5DcxH&2Y}nSYP{mm1ylE%JFb&(u!NZrboe_FL zI17Z~SS{h(Vx2@(dP=4vdt@oaG7^G5@TRywQ(_y+T+GylwU&-@>XC|1# z1sBg`vgmwb@Fsm65RlH~^(;TcgmWmK$(_?Z1{)(a_UyL>ieUg@YJnRihJ7tM%wgK$ z{RT?L^p!9ASBHW6NG7WCuDv}5aZa#NMOp1D7ME%QKam#m%nfnYmP&^OGvHg)=9A(g za~yn`5wlP1&tj6;%DdX?GTr!dE>_);{7 zaVT+)DN~Yn8>O8vpJ{3_xX82i^R4iz1K|}7`Rh=NLBCiZ@ibpP&$mj_IufDM%QK3Y zkh+M_auUtbw?!f#9K2%03o#hH<`aaWBKB`y>iPnY;T99jffE#C@|dATl8IhH>;YUx zCgbT9L7?&#Hg#Vj++A;6?koCJLTQQGpE~&quE%bL8tW4PnHfai3_Ui>n{g-OzJ0JfXU`b9>uuW zP_;>(SCrV27`QCyY|oeC(-;iSoC7r>>-YT##}Du91!FfBH(%)j!N3r;LX*l$Wm9Xe z72Z{n%WSIT<>0Ac?Gv#sM>|!53dJN>D4V)Lp|8Zx?HD?16)~~TY%mfUN?!@-BIe9< z3v^5X6Yaum%4;5znl;jy@_Z4K6XJShO@|3M;z zGu$W*7!dXFzw7*mNLHmVw&b!E)l9hMkoIbp{N2)_p$yfhsMy}>se%q_3c|dNc{;Q2 zJB|#Vk|hMISGxBz*NQ`3Y7nkz?;Ew1E|9%wkuQIzZ)HuLtmz_ucddwf*c$Emyq7wG zh_$)5QchsrOD(3sKr<)kWJf>Z`$E_d$s^V@@1qtDba10NcD6ab^&QXH?WRPAtsAUv zsq?Om-C@1d3YrshOk9euo7M6X!>X?YCg0#~rA`d=PKe=ZJUzu>FgiWA$=6k1iKpza zA!?nQ9bepc$%s1dCQ&!;#KH+NmykI_6*(PmMGi0#hZ^C{D+dWDz~IC;+&zl9+GFGr zVZ8Dc-C?AIdc$BB3Z0d&b#(ZuWl}n-k6H};gXl39(WV=yD%VN#MwPK z;2hM}bgeuXO8IbkU-c6Rz)3<1lP!0H(m_m*#6}V`^J|BJ&lRr}`Ds%fjk+U9ZHSR@ zw5k@sU^>YPZS|_}3$^XZxon%{G4K;p(wgn5Aq%cr;ch{kQGv8(?-wxekJ)O! z3rDn=dI0#6zyGY#x$zYai;WfP6H)n_*j3~izR?xY?#pi6N$D^-k-h|%Z}O4Hz+(<( z#`INs$j&f)BPjl0O*JG`lgN`u&Vr0@)0Z4|L^(FH=y=z+;xX80*KlSwv69SFOJrYU zrZ->2e#x@q(DJK3`PpF*zJ~@={PN2B4g)XCa=V%O3^=~VyQ&mSaoK^T6k#~%p3684iXUwC<#|_Wt1*9R z8v7;8gUMO&%gLMjR(PS& zhzw?M5tF_iHF?_tCVllT-|88M!9s*{Agi#&Y>#23a%v>{%1$ftd)O}OIA_}&uU|5? zl1@3~{Xh2@=-refR(kFMhrxq~v8tr(U9G_&IN+ndaCkXSJFCmhR;ZgmO~|I&`g}(n zo1N=Nnc4Od--@J@207dQU|S)}&=-Q;N?kCN<-<8)(8RvKJ;Y&Q9@86o>xB-30u@_k zwZ-?^%5pN35i}f~y}-93FPB=oeEY=;82nyWC_Ut0N2_jO0qZMuALYFQ!W+H~+YRfs>n>r)~c57+fVu1`@kmR=}8&qsYMKD>|MbukZ&N z`x1S>^PeppZ29zc*L+vqb2uJD5-m;_nz_8+(ZR7H_cvQt?Cx4M3B~oRJZxI=W*;5S zq%O#ZUFndNqy*j4ud_x69={qmf0h9yaQ&PmVPTcEPlf*cHqd@F3%M(<|0(% zoRa$PvbR8;R?d!d$0zKUn8hlkjr4|zJ~LSK8LhRUx4Zw6H*(CErTN2ME1qtNleqXY zyGYzH9MeK0nD=JbdbwB?(~2T&*}?hn^^_j#juIsb6wm1O&TEocz7^uymLa zh%@vYQGdr5j+;$#8Pv0!i=jw5bv<0<)nMYMK}3u9zgsx~9sG6-{0Z{DkL3%k zacW*Xh<%3oFJU7BPed@oD-MHQ9(x%a$q(Z^2G=(uTSLsAJsbvQBe6Xq&s+W5Vkk4| zw8LIjA|Yugo(XuC9X#?wM+a&(+?}#+BPGn8iW|69jGn1n!~nq z)Ok4&dkoRg>f31}4vo-fz?PZH>{4;YSWtq9G0ahm%W;>)r^GO$5Nr@}yY?67&|r{B z1%{J%K;}5W?^7lnqkMm>W{?%e(R{Q}9NsSfXX(Joo5y=dy=JEi`Ais4Y|2JOK+JB( zxi3*W6d%J8Gx~3ef$N#7J0}MtA9onMxxfv}*3mP4D;7*lcy@%{qHs2G-!kHhUmkd= z`x5yWJ)_UJU)Q(dQMaT?IZ#|#@XAVwbgpbWySbs_;eaJMIH<$+g?UE;(yUlEeXeW8 zIexg-vi%Nv)?--m8_v5~F{?=6fWnK=`KsF$Lo3b&!56Wk>=uJ@N0FN-i|ihW@8IfV zq|qU(aB}cS<%F1o`N8UDm&&=6p@WmQXfCi(dWfe22nq(G!amuXq2l?QR^-WLi)BA;CVUZ#tr2(+ zrgpO?t`c+r^niIQGTtYLiSs}VujT}flg#$GgS9KDT*=i$bh2y4D25q@=pANJg@Z>s z462{vJxQ53;!KA@7+|xQgVdFP>cinY!&I*D=DG`E(s_UoIg!Nt^oG(yP>swHHH=LCGtK+ z9CGs|pX^RyrXEqCV}5I^kxS0$G3w}$19`iEt;b6Ch}2og2>r{}Oo9ovqRh`aZAXuF zy)d1k*lj(QuU}zR4BgipmhZl+MHt^&XieNWSZaH2oGe6wGF>E`{W8uF>8ya6`-%s!u z`K=++JNO6R3IV`2XY1&{+Ey+tO@L`Vwa{uRs@Qta8NQVV9)dk+uR^OiC?WPFN#EfK z5tvZ(i=1p7yS&GuqDeQ&!Jqq9qziPD9Q>YdMaeU;Fh|4fKBaTpi7X!1>^|hnKG76$ z8c$xqVG!&w#A*~YgW1$$@T*EGna=LDq5w^dQ&6xT(>cXX1u%F3F`~nXIpsF(3uzFj z58c<3{^VQn8?q@bOAr0xFt`^K?mV$7r*7{tce=1Je)4Jj#=Ed;>7?gBk3)BlW*lO z7pLfTsB-|m@D?cf;=KJwj!bY=2?xzY+{GD}h1*!Nf(C=1U`mc?%2~<*JS$vah{TIr zYLN=*K)^x~lu+jUnxlgwgY=e|dW*$i^L4`WS-NfD39+&{*b)*Fopqk0!%}da%QdIC zR#?zi!Zvk$-a4=o1Ys~>Gs(f(st2%j zP@q8PnO~lxULjgxZeq{CU>>ww0+V>R-(Vi~7+Ac>2j(11w%djYV)HW$Xw6PuOuyuP zA#*Dk^h&p?9_RfY_*T(2WS^7lQqzPcDu#$Tf1ITb?>v34Dxa>=5^mJMe~Gmp>FltG z(jf*LGTg?*O#h&ONxV+O(Qf>^$FO)tR^jie-Fc@6VOF$$q<-O8`z5xPNw62yfdoG@ z)@#71oS(D0Yo#g)c$W=#(a8=23#2M2-|ZOJ%1e=vdf}>G^rFM?@{{_iC#w^NR|#-~ zI84WweUrU1O21_Ah)1MSb9%{%9)r7+Y0Om~gI``uV>D-gD>VEix@aVv;fpj+K@2p1 zlFp?X`4fYfBdJU;Q{RC}V#EqbI%le1&BH+Gft!br`}8E@IK1C#h6 z9j;J+YxYczz@7nLew==Z)=qAv=9gfu~UGTofYDSJEOIOhso zd0GA;a=^@U3HYyRZ9Z)mM+e1G8u;b?&n~n^za}e_cjYrhOq{wPmseUV0}fL6dx^Q= za8C!tfKli~%w?kXLfS|r4f>6ik zPl;k;5fmFeMB>vAa1212Xc%J#PCngX80SV3M`^lBBRNn#GgnG5X@DKh-<}4+>$a)xKS`qr>7}clsc0 zR_-u-ry<~7Z2V9w26$TnC9Ba+;0zBxzCZ`Za*Z=Ab8z-X9)q8POZGLhWHAt@L@hSw z;P~eq1`EZ?Npf)IVXhT#@+D`u^n=IXjh?h7yj-*;>MgOFi8qSL!Aatm5QA0VjIi~( zl??}MMUAX2Avpa>*NVe}wCr6d-T`Yo`5<~^@k#w!Q8vi9!j1tXqdrmGXVVI)Oi68a z)(GVQfvp_8klu|Fn(|Bh&=mVLt!sL$yorvv&BjW8*1N5&nO4+ZViqV7H%m}2 ztqC8A<*&wFfQth&_k8* zZ1z`<4lWp_y@jK{R18d@yf7K-<=Z5BU|k+gHsX2aD&8s{7cod4*(8a+?PXf&;fsXd zG~4xw-A%8G6mAgBV6X@jF*BxByfo7aQ*K)?@)VF)RSLI@w@obdBs@)0xNx+?BK>1i z^0$lkZm>1u{c%>em-8}dP5*dHe!KXpz%U*O{dF_*rR$!xeey*xjysyw(sfT4FsL{S zG35O&tGQ5}4TU4g#Ow<3i;&yJ#=zbTzvM{n-dL#vBl@wC15!Un(jIV~n9{JtE$6JJ zU$PaRm)Vb{IpbX`!uYf-{nOEdNSbwR?2~-mV`oo1h)Dk7(~Z1RyMifYszg-Dx)OcE zS0cOV`j?G9@LwX~9~~8dfzl;?9R|6XFxOxLnQZn=7Q^t5o1N2jwpAsls9-9|Wc)U_ zD}!aSL9+;>6^N`b)}Ocf_$&c9tN&#qF-pZ!aF#77WltClbLhy4=V88r{? zvfri^T1`5Ez08m!0(x{%6iJhu&p6V32~2WEN`F^X0!~RuoSyuF{`w_I<1t7K9zNp0 zL50TX2EM6=%?C@=hAb)M8rw*woZL{?u^-fTa zk4hAN$<`sCDwd^nNCnAU%(b&ffj6Z$#l0lwQge5AU*bI3Zj?cnODp)tc_5dn_@!8e zhd)#dPUGTN2m~`^QH#N9Ky(}Fh(9?`Ed!3W@UTxhDL3y0M+ZOVm((1kQ*U(`+OuF6 ziM5|MM={8@Bi0P~QOx}g!yEj8c9C)EJ9H@A!*+~r1__-0H*zL0KpRMnX21W|LR+Ds1sOA*(~!^nP7h-9FAG%G(A1j(SZ_* z^9IC>ywqV(Viax`8Hqmf1{DDf5G8{pQTX(=mJV#NdC-T{pIz0o@^lii8V3uUgJ(rl zh~aNAz~1u92@kt3;RJ>PBy;fW^&W#KijtQ4G$h`g0O6vd_+b{yKkFLVI9P zOO!bLGIaiBslz(U~%#6dqL5rx6voGTS^<M1{W}Ef{_`yZ&Sb2e; zY>s%Kq=RTNo*%BsQJX6r>|$5+o$V;ODie|+6`Gp0Y}S1DC9((Mtcg^--lc#suk6LM z_PSMY2>)OnlC$=@oe^T9azN>8a#!CMZtDecfb5gk?H*ukoVcOJReZ^=G%z?BP4ctB z2d*#16G`3kl4OoKhbTSd{E)gnWNBJajTg-<^}tisFo8#2WR@>qzs2^+urcO~U%oNT zV=693|K^6i6}B)rGjB>j3BF)}6L+~my>z<7XvDze*q!>Ol`^zSUbAtHd75*9V*n5v zcfa{oq16NsoS-+abgghGLdz}7xNt>}!4^qw{Dp%&2G<3nC1PI-cl8(qT9E@s%;VP5 zQfb1hg-V9g{^$xyhZqyQV$d6oa*c4GtY`b&FTRzYYerAYgNo)!cD z0&!e3QIt-uVLSLNA z1DCR`(4^*mBcBZv%yP@ zvFRdP3(j+NP;6~Y>Jus)_!8y3lzk5VgR?xgvjVjbj z$S&jkSn^-kWDpvRCtMxQNsAQ-Vmf)qV8ovtb=)WlD~m)Uz1!h1NbAHH!{tUEgZf0w zt!bT5Y_(~ke@Vg$yknC__i9ZI`Od1~2tk>75Io3IeWG?8m?}<%l1lKCA(jE&Uk{gD zy!|uOr-kvrK4z^pS^w8<`XyV^R^U}QkDqWb{PF@Vl2cPUPFzo3K zdB9^HBN70eKEMhp+#LBamZC_?V|5e1^B+oHg2KE}Kidj{ii&R}&+$#}F))a#1DfqJ zARNVh$Cd#j{r+%J*y%U}#aa8pt_@6({5mdLOLOmaUov?n@}7TlN1-*LQb_NWZ3M$& zSe8)BDjf2xZ$%ym>|wa22X*ffi&qsQ-9ma35Aa_~9T8fyCp1=MaV@?Sdig))WDA}< zc5d{WLb4maRdvl$TV}Y!oyR_3P?JcE+^OK=d_U200<)Izsrcphk1B@s3Fg;n+4_~L zV%T`xda?JWCdgSX&Jtl_QGqM^Z1Qi8g8qhaqwtWEANzU?s`4=UB1ZJ>dGA>a#%cB? zIoVkaB}-gk=Flfwf85MtaWx6r2(8%@fAg)lW2JNajhc5*=HeeKm$-UGtz>$+ zuh434pKvVSr~^%UP(6VSk~RBArI8r8!I8Ek_3zGf)G?uSSkPL!e|gu+2Zpg(*ypEK z2IzN2cOS(!opF0sSZ6c)-L=V$I{kHOJxA&o<0_Ze_LzF~qjxf{|LtZmSj6bC#bCm3F! zJA`q#&{^2xFmQ?E6es8T`h|Ea1j3C_59?PE_bopgQ=wSJm+s% z^}!TSJ(&(Kcd=Ut7;KMVo5|R_Si?k2CvPzP@qrr`Zd!!ytk7vvXA6E@l%fCms{$sWODL*~{;7aTJRSi|_KIdSpbd~04G&%o%h_k@_Y#xR zTkNar#kMave3hhkUhaCg!=M@{ojlrZNno>Ra?m3z|H;!_+3nRYS0zK~T-(kVBo^w16A3^mdbyE|g6r30H9{rr&l z3gy2$3=RcD`)x4gB~9Fheh_dXO%vG@O3#v)la9e491m@?%;Az(dJNurOww80C_1V^ zY{2yUdF7=hC>^GuqCB7JE1NykVazdaVt&fy4IKudRa)YgHsWmf;Y$jEtjc=b;P?T~ zT-z*)yvpI$wlBnu(XAGdpJj|s#=e-rjE_e-&&#ag=-?bClnv=?nGHM!#c6>N)V}s~ z7(4_NDltPR?|+iV#2%5-DR~U8q@;{;d6}~vhQE3i_%$+zzipuy*2+L!8`n!PKbUxo za|{LENsarRKR7yw7DJh8bIG z=IV7UbI>(7o3T--FB-;8=zI*D5znCI*_W8f?%ooavWe}%r%zuJ&5FiyA9Nj%cc zzFsh4sbG+lN{;KrV|`zc)j&nbwm8uwhCs($?+XvijQv0GuSy1aNaS$>?JS=BuU4xP zV}Ad$xLhLfQ>>24JQ(u254l`?|m?sZ28$|nq?44u;TUpovP%z%za;SFwFNERk4Te<2#TLq3p z1Zq7~t6pBgH~?5tU@(Qjt}weaZ{1e;VSxlnMH+XYNX9}FeHc18yiNwp<(1ZSbddB3 z6_l>UE)Ijr;n3iU;$8VZi{YVt7{M7j`Ph967#Qai&wUQ}7@X+@8cH01mH%)U-WN>H zVb_HY!xGJ44$b_OSFr{TPvYZG(3kK$^KDND$*2G$bXGjRfHCR1;?~i=UUV2loiyn?=IyPyZdsunK(J?N)r}kIrT5EAph7uRT$~>?7mhc0vQ9&0LVVd}3&zl^C zuSNw^C}dVQelY|YgYU!$mRI}P)4?5--ArRv9E z%&n*5a>+EWWO9~ik3 zFjZWB3&t+|w3%ELrx3X++&*dSOSJQvx^pl&ObMsLhH?+JI>5l9Bty9J>h~x=z~I%f zcGTnD)YRb$x#{%Gpnh!D6gm5kfkH2K~KqHxz8{i7gPA=0!MMX%N|@$Lmkke zmQU@A>>`tc13$#1OVG-F_OpEfhpcI%Jj)zDx|7G?!fhb)22*;~&NK8SiWVb&pjviU zhlD4`$Oxv$ls90R+@_g4Ar5w#C4jItvMfu{)lMNIMXY*C#7eUd)V_#m4YMCI z^eEL>F z(3dfS&E~LyQ;11y36G-%VihXY-3T(E}PXKdlctI{fL& zKw;|qTA6n$6qZ(ZLZwcwi&zzM;vvo3Z1!NkaW&a(TUbDjA-grIl)V zBfF%;;FPJ69TA_BHB7+3=p-`H07-Vr9`%=usMNHD{WWO)sF*ut}nv2aQI!qf>RI0D?rq;yqKmsK{34Th~+t`aY zwWHr&&^cVy^@TE#&@VRQDz9$+J{Df%NruM0OdfOZb3GaO;K8tDnwPuXVxW7X7jcB0 z{+gr2ORc=Uo1#+wn(~c8l>;@B6QOO)`(Bd%&8ha)k*| z2^V{7h|3DR_=bsMzEwJ`$3u6GeJMu07SLhIel&K3OxtNj!a$-!L0PWVbK4anuWBf& zX1PlLXR1sfsywQSey>}Wbn87Fof;lB3RpJNlWo03lJgCF|Y8<*u zb6+byz(CEXG5_>*P|cHCuF`#`k_qDi9TeCk>8xi(9u77XZy@r*&$j09-q68&9_b9y zrgjeT>h<47H57in+-vA_kOQ2hvsUfZ>C1cznZklOK zlSfFUnN}OpoPh1dvCI7Iw1VRYR6>oZm`fGIUwTbH;85Pl&LNNC(pjDIPMY-M8>UbR zff$-)U!}Y2iq&a>VKSMGRhm2m$JfEAWR`c?%3?emo z+BwbhZWnqC1UgtR>1%flDS3hdV-bwYV6vUvxZta%U(zk_KHm1lQKfyK-Af*W6mFnd zWL&!+=`ipCLL(?VZ*hyq@O`Alwa{_t@dxi_;>V6s<0|hy-P3^s5bz`N)7z~DGJY_- zjeQxO^L<7;I*fvYd6sciHT%JrzmU#LYN$P}%wr?th(F-R(8&&;p?#Tyjqr#>#y(ub zY4nAo`%u#fKf^b7bod5ClIP(Xqwr?~v3F8qFAsP80Ap_1MlzqB{6E_lWGo8vOz72S z-FFwcgc(%rJ`#PCs=V0VdsG;*35m%&uhhq&c^yIBkz zgeVs*boSlIV~~VP?wq~l5DtCepLEizyx#&x2i|^iP0Ra>!IZFa2C%*PZWTBVbIe#h4{*U+_eu*NUXCgC$uGB2=1b?|JNzjt)*p zl2$oC_9Vr~t4B$lIp$Es@KLGAo0qldWA~u(GDBS_JdbX;aaCjf;XQ6Z6jTQp|i$Yx4@8f3{Fws60o*WR?^U07FMe3EQ0zjjYQ-jt;BAg09T4N}p8<7{u-gI_2?ec?^!H z13G4#X3G`&!cwGEOS$!IM~A=bm*TlR!P5aIG%1GXtiFt+gNKDe^&?9<7<( zr^YpLki!_4HihZ-y2l`BO7Wb1U`;L@T0GVf%#Y!x^thxpSn-3}kMvd^xu5L|TRF;} z8PVAM;Q|Cz5($<|7g~>mFKBmivtzVmKk)ZZ2vIUmB>t}@*B9%s%Q_pp*E~URb8=BfE9L4}NJc*cQ^)k>7Ya$Z-d2YB2eWw^SoEZ0`GS?N7`{@ft1FR!~S6=YD z3sF}z+(+N;=-?_!7+eU;N8ju*h*5&0AI02Mz(hAz6?0tyV}5bBD5{FFP6A(r!5Khe zdu5mI;^-jT5ROae9Ah19l!u_GHEAf1>F?;^L?WDL5shPP-~c+f(376S(>xt4X^Q9a zetQW9?jxQWOFNmv${qu|6l_z&Pc}+UdZAaKSlU9TSLaYw6frnH3q)Qp$Ex9`JBugt zliPH-q)6BoF1&|*$^7*FhvOObePK#M`Z`!0Btr+qFO6#|;~KKNr-QU$Fm^*H@9~bs zn2`k-;paFBPQf$&z@{|zCHx$}uA@UQJc-$LS&u;=9L%9{HnNA^dcgze#9^DLatLk^ z!lqU4kxn)kP=_khj4OZDtvmh4^##-%}@TS?ssBP%oMD<>8tdZdI`Yb z5y()@o3ZDIjnesHj>Nna)wq{&RJZE`9wI+)SA;Y*Zw&RbhsJQ=nTPk-UTZgZU!**A z)$UEpbYBWy45A71cjosly7F(9Zz^}qL>qHj+{7YA`WS*qW)RBVw+VwG9l3@~qJv`@*?&3X}KW z($j&v7bskzv)={<4C0{1ITRrtZZ|pl!f%HMbVOO4ww==9Z(BrH=}li*_y4-SAcmoV z6wHchu+5_4?4yw%!EC=$fll;0CWfEVEOpO8hYwo@bj)$iffF1V95*M~DX;&L!=P3= zoE}4F*bs#<50SoGo1c_B4D#b4H?k6^YpwzY9cA=s6MFiYmJXya@zgV1mD07(cnsJH zR?GC2f1|N4ZsWmuNSorx&5jOKa#*QhW;vT|r5SXff&wWN%>UG5=KF5-PVUK{agOT? z$A#fih=i?wiNoO6enNLf=5T$DebE>4x;kIFrTvq_jppS91(}l?@vwjXB!W zi61&KsqGzZbr2}tq?cB@^s@pc`iVLT*Vp*bV_?++c8nCR`;v#Cekqc7NJhSeW@)fg zNc4q!OIGX8b_RigKN!%F8Jw!wX3{|r6ktSWyk;E?VsIU?aUaWy9`}~znMy3FFY`A~ zE?}avM>ESizv&^^>dCIAF7Ozb^FUCIdCN;0iDOvUHfbRobg-j?UnC9b$n;EWQ4Ee8 z5p$$`hw|C4Sq#i%y0)Zr`BNT)T^jf)W(xCu-*^lz+Xp_QO!L{VdJL8{<;P_m7kCUp zyGUukPwDk12Vt}xOrcqc)z0$}xL*;3k<__k90p6CUab>0_84#+7$q6ixz=zYr3TFs za4fU4^~y>I7=$i?pqkanrvK(JERheSM^;pR1{S6SsX4F{&=G#7Yl_&ET!T=fzzdz} zR$a0zJ9_F;FlW7N`2i-nyCvg#Mk6Wq#TxdJA7)<=fk;~|ehxo2`I zR$I?uP{fkdJ>}Il_ZXxBqba1deb)w&yj+^rspZu)i;U%B0G*;!Ud>t@U~npu9Q$f# zIetJTP3N3D3mCi^mJ*HCuJ)L?++5acH5&kdAJicPBBtwZ6%;TCpp%%@txt@b69}M_ znCZSRs?1=$WKAz#T6yMKd{lKL{0txMF{lekDa`WN?+chHpD1)Lwz6T;q-h0yaW_u~ z2kpVQWSib;w=(G9r(Ke3y0}$8Ot(h1RLB0S?+Z75Qgrf@KeHI94HP{zuDh|x*&Tl_ zV4^FZ#*G+h?Ih|4;(U;>bBT4JSk8c>(#Ec23a8!WxgFV+;wwjo3OqTkiQ6j%qFl!hWGBX+ud<`V zpiCo7`peiyOz{|~-hdy$T%(B?M8AojQW4DZ4|qD2sI){d{g-tZURz7{HEVy5sdkd| znN{@|rlT9jt~}pUz@(pD%Pv2@h>0}|eavfB(V-j!G9UV4;_cu6UrPr8N_25V__3ih z>EPMl)V?S!oZ;xuEe{6ll0z%X74 zx)RKU=an5+3q=u=4C}#LJO+_{z>h5Z^=eG{dRZrLESBaR<>|zk7)c}Cpdl0J;OHRa zS^BzhOGgL4*%3y0GOimBvKVZyPJGN8KlB)=mSBENU-_0#dkn6MC+B&S*F6Ty9+(v2 z`6jC}Q7zP&3cv0VM+d3+*qlN%)>oGf!9VSCuoNnN2`_U;1)*|EW3KXt(!o8J__YgJu3K&^VCreBeC@XmgW8I)FPY|( zck&pdfrF(GaXwu`O7ILfJzP>#qB`bIM+WEPNiyZD9`l&^SFvSS)6er5)Y%2nBP`$A z+hdsOOiW=mbyfjm-bIg=tGx8q9uq$%Bcid3c$_Fpy2QSg4kB(4O7U~z zhE%$yyu{1`CUUQ(uk&vA7`#p&7$z}-pC9fpd>1mnn0d}Wx6T;zx41u%;JJL;IgSpN zB8-@X&ir>A2Ie+QL&$tbUUrzT@~?Fh&IDNR=%VO0Y1$#~l)xs|Wdu!{GNklRnn^P*oW z&%n?*Zd?nQ!#mmwm}o1@xbCuA9`$i3M@!PVOVgp?2d-+^m(W>3Gc5*_zJ-~uYgH!c zB=$QrZ$B&Ygd{E*0CK`SJ1VGVrM{(I>`Gw&E6 z2_CrDA{l#I4Mj}!s}s`K5%>AN5OoGT8%*}k%?p@L9@3kmc@6S|P$!7)&DgV-tZhe3 z4#zLxS$6vl)^0Oy$CE0Jb0|FDXEh5jFiZi@rW|cAE6jL7fUkxp$dt~T=!V6tVZgF< zwbuxTL8>aOcM#0Ixnl4dIEJ3;t9*^+hbFL-x{{$bng#|x@|+y{{XJY?z=V~GX4$h9 zG>L*Gr`wmL^Pr6=4JI8`onw_MG0`=88T*6(bNrx4JTxeVpVI8*J%*Po8rMQZ^`VUm zm}p$4ul#_T#~_Uvh>y^zFIK=H)@kfZjNs@?Ee3`gnye9H`YPRRGc7pBi_7(-uLs5# z=-_fvNC#T1dA^50G$IIt*ST{X21jt|1i;+q3YboQjNmfsrK3C!_Zb2WWmwKO`Q6dM zQ>fw4We3hX*kh0d59r8J+*EfMSix{9L^S4IIj{w>SK~ld<)Zz zJ^Rypo(_&517AaUo_B}E@JJ__-$KWhIwWg&H)xYL@Vet=0i)=ih)(e;#!m8w&j@Zlfg_7ei>1ECz zM~yZR*gq_LbnVD2SN6_-9R}Jk6lWRMQ)_w*Zn6fNMOeOPoX6n(#6XLgzVc_kuoxKb z^wsTrvgF0UGvqx|3Bu3Ro}La4O_Tf#Z!TauscPG4n8zTe6Y#9tRKf=G18W)@W#Q); zaU=`|1|_xZAH^lFUyZ zv8D!tH&s*XRnk%wgTZ@6DNOmrzw6kU$BaAxvvt;A)j?1&l@$5Bn*{3xBOa_<7lGFJQoPpuvUC1xssRjH;q@XIb`#pY#}re4y!s&MW&_48#ZL%Aq3x zFCqIy($3%+Y9l&|GIa8p|MqmC>Vj=5nDZqkXz0MH3+6|+yH!!FW^2{HV4E8a9xF@yh z%S?3`luV_EKH$$D6PI2|U$>v>F>rkXtzi`1J~wzsoGdmc)B8v+9rqZa;_-?{g5!L+ z#H9v<;4F#R_Cwbd-ZM;Rm^S{@Vz7^+<3}0Q8{!$FFW8c5Qozb@%=UC}!6492X8)B} z+S+4a0t23n@Z{fE)5TXjqq;p2u=m8nBtMB?-WHx0O0Y-_9m7;#rP;SSet=0!#&Jh@ z46=Q}ikiOiTW>C4P#fB~US@NZF7|!lMTjsyFNPY2#n(3eO?bq9yRs}Zp!WnV8?lf%ox=}Wcw<9!_+{^C{A;eGcr zkAcz%Bvp8R&uS=mSa^^okRIXrJ<0N7xqwN(=9HanJs)83!eTIXk;3;6b^JhyCFA7$ z-^RnA;*(eDtGD%3 zdDAs2UN@M0?_V7qoL@-3Vqnk;iOQ;L_C=Z+bF(9Uy_p_x`DXiH0r(Zk}Vl zxgKml;dqa~Ix@Ik8F~>0lZ~I|F?gXOMW=M0jR%-Cj7oxp&eXFl9VYwIan7n%3X#bJ z&(Y8^gU4*^$nd6plATA~(6PA^6*%?F+gwnWqu_GsxO$>TBng}{fFT~t_asq7a_ z^uCFaue`VQzDXyFUE}61&u{KA$WNxkC%dP=!(he2V+85zlgwjy-@0)QMdFWBi3iVk zgdmKhjkVqOcuxj_S-_5T^|po;B!k+%R9E?i>sUI>!-US7ndZ_BcN8$u!J<6d^2yU4 zgN%I8mn{1&st{O*il2QCRH~ShEz}7mCU(|Dod2ys12E7UA$%0TVgAGC!}(aTw(LlA@81KF(wC z!z{rZ3Y|Be@t7KZ)wpr&22;A^FAf9M96H5jT%{S`7BJCz8BF%}lOBWf$zTqR9A*!E zQ^cf`8vU1W7?h8O0g8-kzabtI|30u_hN%~d^};JD$+al&mODDA%?`J+p_6U4vBv5J5;->=wfc9;{w5A=vK0unf!PFNXWBkX{PBM;X>ma$3V* zt%2DNr$^M-T^~C-aMNQ)9u_xyPd!Y~!RwP@U$PX(F6HRpcN)Ss7=`CAtvJJP#!93- z%+ll6Iy(5V^q3B&r^mS-5_cuTdfDy@B$rS)6LcjjvH35aPMnb!mcR0=j#8e`aaN4g z&irx7j`(y0Ebn`v>k3z)!pDPzov*Dj#JKsONTXsA1^(41jt=XAlD_^2vlN5ctXNk9KqM?r|r-@7AV%7WzUiD>Pox*HsU?zL4_? zGan*hb2Sq~rwkr zMD>5d&vzP1voH9wf$=h!{H%TjI+1c#IvQAz4xSSU)DSNynedpqd>l>cj;1e~?Q<^(b(^Zee|t}ncjmRyVSH=5qYdhwcWuk$OA+R7e-+(#fkGKW2^1AtmXV3K1W zHO$k2%m?GrzO0i8Iyfv&t!cT(0R=kvLC{8BC-O7qRfoY3kA!O~Jik0xF|2)z4xNRc z9W~pBd?`=Y0=;U2@?A9vP6(b44AiP2lMOi8b%lpOlg2Cmho=8Y2c@b39b=jD2`4!^ zNRWgESBABhhJsA-VhRHXK*Zkcd^@!;KvdNhP$(!gF0Si{uB-H3Z|5vA@^djtkLO z6yD3YRKLJF@{A~R- zSlhVr$_y*J%(G5hXEwyS^64j zqkG;OP8ZXaf3dDSPT-)U0)Av%Tib95&lKU;TT|mI|Kddq4;6)5M|hrZLuH=i;rE;x z=SM{Bmp61=yvZB+s^$W~t~R;{gr>WZjCOUoCxc(03U)==Jc{(|pNkmouIN!D#7V5L zqyY#XMarvozp#!odOBCs(hT1L7BUcFVRV7j+Bhpj91t)n>$qU3qr-%Lur(DkvVg%Z zZ=4jte7jEpgYwEojNvEy?G}&0_6_4sdB@SA3QUguj|Uuver&*xjO&jtJO=6UG#wiSVSnR*GsRC+>1L$^BO71o6M0_m ze22lPLhn=N@G7fIP0?}aRhv0%%6D~i@B=%c$80d!L92TVOhDibi|%?|k0JPbW7rr0 zM);Y&ilsxDPx6z$zFh%>g7d^aZOX0Q=Gg%3bpliVr9h{%>(uM5@B4z2n)Dh^v9=F= z;nk7UnwH+OxdEOrz=KHelbvrPQevX|CZjSpw4zE#T4gphx#dFEF*^1)oS9d+4;fG_l$z$n>{ccQFH<&Rgy)}ny1r0T6FTs+ExP>OV-RNtOKRveb$Qld z@ML-N(4(n~RpEFa2T#MMc+MZtpp4JeA(jky7BxRoy=r1QyRkpyIN`@&@cemV?B(aw zGy#Llr=eOk<0}7rsH20!lQ_!I*I0#Jcil#+16KINs6J-dPo*|!kGKkj$dm>$BXL}45J{Xq4 zls1Y-N2Sg`bqAluDVHq!FgFMJQ&sq(_L4nGY_Lk zqb?^oF@>KI{TRE9ysLVK=m`a^VP&Pkco0D3V(%Z-2pKV3AXn zqN%Iq!q69MiBl`lwD<~+PAguePVrNEv5#UPI>_S$TU}OkrXCC+I&4P*J@Af1r7nKI zqr-e_(3c4OD_46A!iiL0O_?1R`oacGjXhh@t~%dgjcQn=uP<(NeW6}7={=S%{@!As zR-*K{5sfuY^N=|6ZHAujX(f#I7-3|iJ`i^1AL;4fmF(28^5v=pO!RX$hE8_h?+yb$ zKJ7eCQftEFM5Mxkr4Vsm`d~)~M-WNz$$ReRF$gq+aTz-0gZeuRLWa=cH9R*hJy0+eNP5IC>b~-X6U7-uKa(#zB_R5A^HD#w?{c&or@5?OC0Hm=ruSsoFsy% zNiIs1BYHnw^m4jGIHH`+sVBmD|o@X*1Uwy1M>wsz~n}Z4#}ODix}vJl1G+(fjEWqNVbxPc~!5v+7rox zESFMM!QAY!$c%vjGE}~NXGoL>DG{YUa!j_pg@S2;Bc^1Q?RD}go(}owrbQ@w?wVkb zO6ZhFczym*ipl30%f8hP2_*YQC{JPQtN$jLEFHw13gy&|Q;Zgwn=6){BSN}-f2TOa zyK|TwbT?U%P`%KgNC&MsYUHBu&p)4FjOQsa@+D48AvyqNQ@Gd~5rRhu)SeJd15QXV zcub^o9T-y{71tbrhjxesGy9%_4s{?ZXIJ*$FE7zpAx!a$ld?_bSX~3|I_J=3EBOUl*mf5X)c@vLD56bj)$|H0Z+$hk&n^L-|#PM1_V5q>S#^o?Q5=^#n1k>{n zhoMhx4b&PYtG=9fYH+y#2{?1?OH_dlUSl)q)JwRm5PcZ7%SNu3SRv9uGEmK-tk)8Q z6HKNW4l_@{;G&Re=<0>fj+neT$bRMX6u@|gbx3=(2` z=t5`d8xoA2t|-=dH)8M>gpyf!T{bXc;Q5%_Vrg%8(an#?yUcMd@nWEZN`#&tQH^B} zbQtva!jG`hC)Ht#Cm8#kxz=%I#B@pY6}S5Jq8@y^+oAa9F9IE;Ld_g`y@czU;5THl zmOq}u>h-TZ9c~&`^CM$lZqbM#A3&QQ80Sg;tiW9wc<~A%8oxq2kim1TW?86sZ+yU@ zRYqGn5vN+#VW{4py-q2X_ps3cgM_`AZ?0CIGr?p_$}(4{9T72kM=i@!?C0{SkasZT zQSOM0eWkxdI_Se!uA$KRz*`n7jo4Sn>Xn}hbTD$$#cW;hhXm8#RE=`_#E5}BmO9s~ ztRFFmsH}W*HTQ`gLou>$mf?Kr!9ORE?EMOvo>g8;F!m?1>iKmDr5 zifwvE2wEDfS#G`jM!?XzD-6$IIm4|MJ=D|Ju47f3y3J0QE*~SW`(77$QT@AfmPHGn zc4;c2)1};8FF(c8L1d9NU&@LOap@)8iAO@rHX1)VcZ4uhMd*}=SF2j~sK^U4EBh_H zmUXt7=yZDyVK3JjAs9_ZcGv38I0FM?sCT=}&s{E!Ko}$m)b5g9(QDrzGp;D=HD&Et zG9iPu2elNkNeA?bWbhn9hJl71>YP532EmY;L6LZmxdIuw4yyJROEdb(2+6-|#$;L# z{unVxTU)HElP?MwWU|bYs~+G^E{IH-1~n??Rj=sGE-(}=Wg=6)V#S*RFO;#&F3)<< zaA43~4p$ceo^5v5C+EmxvM*D~*q=EsV)9MFN?6qM1`OP}e15Q6i&HvPSm6t`xn9t) z`ZOK`sWab*S(Qsq4H!h*`c{st`U!NJFfa5EbUATOpqjp5U~|pWq#iOTV$hkYmV)!L zhlCl#hQJZnxs7E-hmwmWtOoWqOa^9W)7>Kk7a}YLtCxGnVW2u)>LSG-`UVVY9y&&r z1wEULH;IF+5CS|apepwHWx(KWk4`Geu-2e6Qs}@k>#UHh#Hss4491lOco_N^N{u)& z=vY=k1#i)@^LYqNlijjb4_h%}z{uQM!_E(wu9fd$pF~WT&*GGmE{z!Mbu}v1)4Kmz z0YhIU&W1%Ln0xk2F!sw;)m5Vc2G6kQkX?B7ChwA`klI`G(2e%i(v-Rt%s@O5ZiRs5 zlx-Y_-lfi7$r9~(VXc5cDOIOjMKgx%7BF;Xs}usuTx~GfW3Z-hjXF1u?DYdLix}h- zm8Qzr*ABd3GqO~>$g}p$NC#n=B~Nk8Qz^zQW7TVaonW#KYLRE1ArXVukSt!+2s*iF zE$9LVY9pOv7n#>3uTU^(G}a|5=2dJS)&lE}-P}n>?)0(zr#K4Ql3??kX$X_QA`+cI~F0amD)y3|% zuJqiTaD?Q~9P+5jo5)k6)uKNB)ifD4VtvP^5M3MK z!(>~E0EG&5mMFatfj2lK!SpvT2(_M_6fo2_uk=FJ>g_!O2Db`LH>0}x@C1`x`eHiu zGX4OhcK0q{BbjuLql4TDY7EL2%D6W2dkYwJsjI!tGq}RNfefDBGlx}g><=8ISI`l! zrjSK0_U{+z;67l+ip=H4ehR6^p1q$UB5zC~1uYlV*x|4k+pk*i>I9R$S0eHZ_0vpU zrC9|}rg?*nJsnt$>^R{q+Pd+!1Y_R@sHVLaFgODBX)9sJuf69;0dn>-v&b{ltp#?? zp!^*O!Sr8TcmV_Vz`Q?I47(&^@CgIUWEB7Ycf@r0AW$*HIW^#gFWH*iyVY*)XeSK9 z4&~0V%&p_U54`a5kQoNmE1r^IvUe#&H#Q#-F}RGR#>JRwMWZ-Si z)+!e2IU^h)u^|9Gh(`(C)<9S zV4!53B8wVseNuwK6;BJZ$|eDW3wq}C6vx~hFm(KzQ`q)&kTychZmDYP)QG`#HNEU2 z^Y%wOUU1>@K(A6~nZrZfnT)d^9S_>I7S&ksrGyUdUv!RLFxwv-F{p4_<0>wim0+^> z5=7?Jc8VDEMJSn>S8=po3+h6&Ti?ntw+A|S!$6OVc@+mz){JzFuAAa>o5r|`_veq8 z{6!9?Q@(n6g2_6!1oJO{T+p>uKkL4j>-jumI?w)|5$F!8r^ZZoDxpWup z9C%UI9M&Uui*)iEbV6rtzb`2E&zfo-=D!J@?D`I4>XExd3@+&_nc2NQ{IUqan=h7% zRio;F!6a&xXIABZ{D}*FM`N3{b*e3920CzN&1^)y!`l(l<&s@Jx)m@;iRn{ERIC>z zOJzxcF}HF(GGcIcnV9P0H5?u4rZU>U$s;-Y{RCt1g7Y)p??57BTe|8>mmokChys zffu?WwQBG@x1K#AVDR}gvqz;^d)H{K&Y*dRHDrK3sve5}mDw zE60m4*(X$)PBn+$?&yC;&R)^sNU$DzbD)C@P&#ao?S9jf5rb`!`TN)w#YR^|47&Oh zFB#Xa{?x&p?7rFS7J})uZJ>jOeoaSoe)EAILkU5h*pOt_(*7jCdg2Kt!+>4AsrAr|4a$uW@^PBxUXDaMRDt4sXRgs~6ktGh6S&Raf{0LK|$P_bmL_woVAK)8?D z*L6jGKJ&VPE>+y|HIKNyt2mjdlQl~Uiac-ob*E>t?V4e|+nRw69o=evM8`&*6EU#! zYI})U-F|}vll5+~JjL;&0|p5#GaFNn`%QvD$Y`urajdK4;Sn*o3FbT(8}AkA&_@9~ z>4?lb#(9S6)efzUeG6}T!7IPgFZ2AsZzC_n_tv^s>rC<(nD8Mw$IW!=3D*Y&+?^;PA}^gHAcW_ax94l3$+WX)dQf>UqI4w(pV^V|^Nzu0_IMHFy;dejMrG z`j*-jvUN6kB*ECXit7EIh!{A}%9|GxwRDew!J%v(@AcUIB4z;EC^}^p-PrG+0fSd1 zb*wD&^Wf(J0|TBnQ6SJ8^FxH>RWD(+hIjb!lr|oVGQ}CcXrP17Wauemaq0;RB^W#V zT2ETWVfb+u+loEsgA`QZaGqMbv>rVo&_M;jR@DQ1W|gaXx(FaL_johXLAQZ&Xhk*F z{6)Z^0bW}=rc-S0mmOueE)878gNH{t=nzzvMb_d#e{xef&wkvc7q5bHpGaqvlZLS?=islX-PK_NvEj2`1~4 zlX;%9QpBKoX7MVf_>+KE3!hTy++HHj@3s$gkX+SkDr>QFSa%%mnFq<3*7IisI(V2w zk6lc{Ar3>Yj=(2T`Yd!_bEP`Mpwq&d=X$c+gM>j~t}rsL$-feL7?V|P7}Gl1op6MK z_oK`_2UgYomj*gifK?dbb;$oBrpu?+>qDKV4qn~5V#^a>k92VHQSsvWDgN<_$B?e- zy~FYpGuDV0q@Jz)RqPk$2l<$+VkK+w&fS5|>hQwVJTs;~Y`YX=dmDSq5iz)pV6A(7 zSigut#HeJJd7f*TG(n)!dr} z489{~S3Hk&Q5;TN=&DXn3$Ook0X{JJjH-R^9O%vq#$;^(GCxNi>f`|(q`K9y%xUEv zoU=+~;QA?#M8rAL<HC2SI_!>j;-Er)!@`^(wDL z%*K&_^t?#rb*_$OuAT}q!$Gq1d8M!L6R-UJN~Y8L(gk0@Kp^c!iAi|;uR$Iomnn02 z)ZZfpg+XO{1vAe95rdXZ6SI)ZA(1>Ns;fDa+|SW*4yl3Lq;t%&ffp!guUE{*7_ZKB z8_}*FR>!$g0p!80SW`EupC1mqV4d@ZOn74(xYLx#;Kx#*y7%6J49+)QJQUS9)}<*y z2Tp<(N2d8;Z=vXGc6f5UbGOUR8CE-9)N7gDsb)IGZZ0Q*1~+`X(p=KwhbIFaV9Wrd z++=c!$(>bfuX1kZs8cf?8lu&*I~DWGMHsu|x4OoqJLw8DmQ zo^|{#MIJMs9vS+H*G4*cS6R^!%$tOEr)cc7Fhh8qIbA5`pKEx^e2Dr#`(w2b^5{LF$th-o($!=^go$9k7GgLLZ zF)h3f{o2#PY0;%u;COGMketq|KQhm!eiZ0nf9dTm@~rejz`#12+p8Yo^#?_6v?XTS z9V)-iyMYXuUUQmH-#=o|+F_}4)$7**gYI-~F-7EFVJS$(Op96doRrYXI*^6Vo^dH) zcdDvbsCQiq zM|9was_n(Rit}8D5!4;q!aTT(&s>I$FvymhzVqqcp9Q9$-JxCY>}gbkr*^ zLF9S+H-7BsMKRv{z&1U|TUA`xfCHemsjxbGlRyTSdCcjl&-RWD-t@(5I!b+Hxz2T| z77Pn{XVZ~rUFtl7T&LXks01=l`;RPgd2P>tp-;A|<&vRqba}); z#ni44aklVQ6}1+8B2{U;O!FHz20GL*uQZIUPiw}b9)p9)PL>yY4vHAG^eBy&L;1Y# zBL+|8s%2-HTYug-!DI)nEa~~)UqcoOZ3#+drc;esKG4DT(tWlvKRfNd+-Vog9Am)q3A~aaKzwRb*5tEr`JC0#Qfx6u#j;L zx-Zg!p;L53HwJwZFv!#Ccu3ab0`K&q_yMI?y6Wh7-x(N$e2%Kh(b9`6;fNCt|QK)ciO)ZY_uop5Raz zk>_Gp4<<~Pd9MFZcwX?=vM0@OdSzU}0%q3?f7(1q{FZ?lL(EnlWoqA1YS8<;J z*Y0#yka<;)IcJ_QSTm(#{Eo?vaSBnX(-0B)vfG_FNXuh)scj+V=VYhO*y?EPuw#^Q z3kEtU$!K+EI^~P~BLN>DE$z;Saa3oeZ&9kD&!pxbr zZgmzDWMIQ|&Q!!X@zp>Fp|ZIW#UI{}7!>c-O7JunSB{MsdhD#z7n7y9((h!*gJgo5 z9?m~*?c7I*+z;W0+Q=gERb^mBAEPr_?GtAZ?!Gn%vg%ha7wDi-S^G6Ca_h?LQjFFf z8P@3%qM#T76K0pIiiKWaI)uT8di3GWg#zfzw$vZU9|3K(=M+Z%c6xPXC=uC-a{OqFwq#zpa>X*8xD5$V9i zRx&$zE^ru}+W9?h9#?t5S^sy&9b|GDekObQ0}zU@CkAI7?WEK9(r~8Z-Y2+>GYAz!)iUfPsHGx zZAvvnokvU!7>I1U&LjSmVzkv@Ue#H0zLCrry`4lkOWaV0(PL*i^)(v=Ui3vjb1UCG z)L~Gpf_+v8fzY|x&kvR05Pcc*T;F_2qyv>#7M$snC-?Rks7ChTWKoSWrU|Rp&AWq*rwJ5{7O}s23LtcwoEn#)r?tu<+_xjv+n3E!=Z}xd=7H7S) z6G-+Ed5J4-yEbCF^v2e=y%R8awm@r!i1X)N9R_Dom;T~vznKZfzA8|BAO!%NCWxuB zUQ{tG``r-epfTUfHPnCpBEe*z@e-N;Ah9&_LT{tB>cuB}1v?Jhpx5kttno^C~KHyi)HK|hyzYC(_4&cm&&;AkklDt24p?R4&!|&WFL_hQ*M@w z>yC@P%w&ADk(YNCuS_6WuN;e9e)?2`u@kTL9YHm~$}UkB$DfzbvCEI;8Qw*pn-tk6 zghb`<^yd;KRgsA5G;}O;F>$WI3$42P*p{UjJb%F8eA7)h!fVRj5rbPK7O(n_pkfGf zvIaKhRp0f;KnEX}(xJ30>E1H}2Irf0>10WNzqG^P+(JD|$s=^`85lA2ibm)B2e)dM5Fxi)(c%ED5Nt%V^!7V`B9~nO;$b)Vlb6eB{y;a3mU2zjf zSs#|U*xsuuy4>@sJY(v~-a;`(TPVTY=bZ##5O`VhT=(+98DX-94Y5!UuIR=E41#i{ z8?wFbztm$WAz`jpwfh4RgOFS425-To7LO3bI@a{m5B(uxaOWo@L+bODKTN3+9zlww z@(+8%%gyq(5B2c)zzZoueW0+5IoKOIkb&}8;?xgc8OX5n+$j#PR{7x-5rbQjmNwUq z^bHuQ2&!G-4BbW%gAY}yRTs^8v&lZGsFYuf1%gI7w`+0K~aw>~q3uT-K6r8YZn(u3W`!A^%?qYG!UT95B9 ztO$cU>}r|?GuvhngXD;XDX;l3V9;ivy(3xD7o9r-UdX!U_6c6ijuC=hU+wFQ!ao_s zLD!y6GzexpcjSN-GND==o}Cfy)P|cu{)!rvkeR%N9~EKDldHbp*%hYKdjiv)->lA5}n+7vplV7rvy3($@L71%zt|%!PxexeB+&ffgi6Md4$f>&K^J>^atou zKs4iNmmDDs9tBt9au|2o5(aUOvX_i0KXIomVe;l9mZv=Oy&&^IcpA!HN({5e*A7Du zz1ogyeZevTLl zFCAmbnb65viv@GeuOkNfqjZcz`$Zp%5PbSTO^;0B%Fa=xq2pOX zrG~6x#Z$GXgYAy~<4%zUv-dL*1IuDz>I>!w7#tQFBdU6h%Z|`KhOc3{Bh{1N1v;q2 zx4PBC(Fz#u5qo|v2Fg(C(j0&6Mi=O2z3H0h{06qE40D|kU>T+7o-%9z&Oy9PSQ zCTsN(IxoceL5)QpOft`7jtq3rA*cf{H?Chr3`~Nxy^7zsP#QAhNY;5^rcN)0$5BeZWvhxx&aC-gTA7 zz-Zdv`mA4eK@|$TD0P~7>H3u?0v#AtZKA}4zw&y5$y$pY#(DDKg-%SZKMv!M9r&Pd zH!N?z-0|JO3%fmEcQ^?XU78%Ms14q-&ecV(S_8yDxNAz~MVwb%b`1^`95J&eulTD! zxzUeDi`r=tM159&--%3J)mh)3g;6*1v=B{Dc>((ogPCxsTVC6@ ze=>m=;%#&6FI*Vu;H0$7PyK?66-j0!XDxMZoqB7aL#Ks>sbAPH!DOePsPpUI$|Eh* z<@K=Qs<}NKGS9Yic<-huMsF{fpYg{941z^%dKptq{5fI}|0^>uYx>-e0Ylxa*4WEe zZVVW@-KSKZ$6o&ZkcdG>P;GbSRsP+ZLv%~Qge(1Vm=hB^*-LIBbKycS#Pzs(rR8Bv z)mkvnK^vjQ$a+2Fj|*zO9;o$Mpvv=f$NYK)s`VFr?D6~+cw?U`8`kO!pO|RNbkg>n%_dDp|7LKwTEKfDV z+aF-4G~LNd=#2BnATW8;f{bgX3#XCdr4M77b2xJkFEhL-J6BcD^bs0WQSAQX;vDb# zp^5^-VaojG)qxk?ZBRPK0ps?+2#~&ctCI|UhtnbkO@bL2GV^br6EH~RnOtQwb&ugdOI^6r+P~!7SA)VsI11GMUv#b!Z$ko3YH?371TY_k;-Iw;s!n9aA3 z82E;2O@+<}KLre(wid5y(x(A~5`j)+^0>+md?o=m;Be{HnxFE6SqU9{lekl6q4Qyr zVstTG=5X2DBL>whHHQx4T_1YWDs$xp^Y(+04sJ|Y*06PptNY-r#XB$Ns~6RggM|)b zvOXQ*^@nF71`mTN9pkkquX6?*bnv=}InVWWZtUorLG{tzJ9|3aAPj!U=19T8^+q~X)Sqs6Kyy|}p4ZJ8n zWXe3yWdJ}2nxTCbu~GlnB+x<1T{l0-zIglofT89`OINEs{^>9X^77-0=~VySHo@RN zm^IIXR}2_9&i48L<}nGTi>*7;j|+B=f(wh+mFEUJXgb$NoUB*9b;RIazDeh^y*-Aq zL)w++c`kO@H^F2ff$;j`uMtE0$CCLA=hKk^$NVTe#`;{X{C=bZ<7?W4FHY{jSZ7N0 zN>~fzyt0r|bYu2JW?bG^@(AWjmtlju9&s~o@3@#F^W~67KVavFX07V4)PPf{l!s=hHfJB%s zH;bxumyfKlSeDJG4(J;&L;9haz!14w==l_5o~6|j{_MiG!Ap3G7t34?+rrbqR<~_) zaf=IMsCzqqyI3^!n{Oi>v`njg%)DCDyj=kuTxU@jq4T8Qfnm|Ph;jH01NNS#$S25wOz-wTBPnUUBv$?zvDoiNhYX6Amr#Q^}n1sp74TAaC zJ&qSJu&YYvL8FQ{K^|BkU<7TSq+(<>-};8gRHYsXIawYUHXWIh1+y$ zdPEJseJ09-#IrIj?2eQ#yO02MsO86WAHTaQ(4p23MMtK2{YeqiZ=eoQSmyfbDG}2j zx!2CEBbe`9s6+DLGu-O%Vgo+WTOV9`p?7CG$%qzyI?%I%AC`R~l80XH@r#I|?bS(# z#i>5`y9>PFL8+zSp|`HODbm3+u4+k{PTA8%op|(tLKKCO<@#aqKnEMpuHpW$L4q;* zbP*|6Uye#K`n(ly{|XnCvpm`RH8S?+Z;W(cfp~2FYuSSAEU+fWf^6)3VgpcuyXeXV8GGPB@w8Ssw&C$j<7hN-#ez7%_+hO*;R( zG-4pLsm^a*6ENr()BcF?dTwlj8Kff=nZqBV%vAa@_2kma-oqdYm78$yG-&Lg$-c#*jsU_uRQp z-Fkf$@-&~2di4$on+)

    !B#Rd zPJD~@nZzYI!$|XV&RffZ6&{qYr=nt!eLaY85{~YyuKeOE7r#F??|EH3WTOuWi?;IS z(!L)u@TQQ-bBf!NmXoQh<&3iof@Zdc5$m3)SLF`t$N3ILfv(@O6WM);_D%JC`0VY( zbidAJG(LzU1~y`$7)Vck&$+4-ad8^;(^#W3)$2!;q?zKlWQDmQli2m{f%R#l@=Rrk zK<-l35;4N2m?@KU9ok4QI99GAT~LuU?e=BGm+rv3_d2JUF+9e z?z=z>uge!F`*oSPVN&dg1n=eI_H*vZ>RuJpxw3fn7QDZ>gSvR$#G4JU&^Q{Fl1z>c z(e&4pbzm}jk*5^W!GFZLpjH^lI~#U|V0?pUD~_DEWF9I)Q` z5s{bt0lO9r9c!L9IjTorBy0;~jA`X9U8LH`NA+a~)(9N3FCvXYtSACs<63iUetp3u z;CcU!oSpQAkML3FSkTv1m#^Lkkv_z{Ty2N z=!eogjlf;>FY3rswgrAEit{u)y66nJ4@_d`f}Cq#c;eD{CS94;M{?M+b5}>-zgV#8 z!2RJX$-80o-+ zJu(*N4P@;c6a6#}7{4H7pZ!2tr{`` zi;Z28FaA|7i-&-UMB#bvD*dIO`o4ENzdh|e$bU0eT${F5C$hxBsFfNsRFdj$pK5W` zO`3#PBI@^}f>cy>JK~3s+P*2G-YRoGBO+!dG58LblUYv zUMZB-by6{94N1<&yBl30=V!AN>>nG9wTt(6i_)(1^WSrB4l}wV7c3y}Yq?nLHW4Q! z^X{^|+@0_I#9J@uzgnmD&@~@AP%~MlN)_G@YOT;4p7BF5EjKIgA-J3W3^*Z_L~pu$ zM8AUj@uAGy3JdD~cxCLk8hsIL%k7#N*C#{~XoIWaBP3XOtA6qrHq|~|xhKX0liv8?9Uo4m6# zjp4n#F8H}RZplC@WYCn1^cM9!LxZYhhtL%l-ls`FEv8WbPAm6?MEFZbym!dVG;@sZ z-R{7bLnFto%r{`e_OYs;tdbih*}i;#(d!N4G{%iNbK`&-0(6d1{^Iwpp|c$qo{RG< zXIT-5S>0J`6ycfFcEO-C`^>f`M@o0pOlgpq9%z$VKDeWf>c)^!!h@}de!r-efgHSsd*JRucG|=upJLUF3%sKJbai`oKh?yn+I_}i7 z9&py_|KNV&I`ymvoU{4Aj63zL2eHsOf-Voe^8~wRASyM2E)Re?DG-vCfHM>yUugbj zx`C5oAR3q_Emmm3W7y*lP}~{(b`}ovl`#~@20EU$T49er&H{51bHuPmM9dNFx8E>_ zIVm7zsZZKkzmXg&f)? z5E~V7*AdW$IVsNC)ZfuYaQ>V@ZE#ql8vOAGn3PZ_B!tU;b4h_c5Qq{3;e5lK6u%Me zbO;b)G$kUn!4~-+(1tlF&hiNShBjiLICr&9rr+7g`fu5If>|`KrGVv7bgWbkng0E z!p3ftm+)})?u%XDuo-oo+FQtuEiH0lccPI+Odjn;;~>wyTYa(AHWU}Th`8vWg4`8z{>{(Ac;->;nseVf$McJV@XWKb$$ZQ>F2y@A0}R!^~Ze1qn+&||f zJ@n~L;|gtaGcFClE+r}JPP^BPOZ_C;AQRoFi<>p&an5}33`*pCZuD!-Xg5vVfk-!O zDcG-?T?*Wbi=4XF?DjTLi(K38K)HUJzoXo`0x$W+u;>~YIV^mu~ZATu+tGzrV>>0`TExy-c zQemdYjq+b6?x?;Q5Nna}p-GOiYCHM@>0|O__rrDTi^-FI%FZiJ!D-9-?iCKC@i!JW zSQW*)*Tly8i3okjHBhfOqKf@`>l4^o?Efer`HB=!jD6I9z;<50fk`ip9dGoj=eE91 znK-w9@2kU6tJQ>tH4!hd^~;8dMyd}#`1~|pH^%m#M@!c%ao6)xzloiX2b`yyd&-Q&-_&+ zM9*7iZUnvPbO)*!(lYsHGf7BQ;yTnz#UMFijAJM@%;HH_Kj3k^obgQe_Cu%6Qrh~q zi9-rMe_rOn4(phKDPhhK!+?8la+C@9%V|^4H&N=>#j&F+Un^EP62>vCD&b1|IISHh zO7-iIcx)Th_8LiZM8*n_YB-m)T&iYZN~_zW47%edXB#u4BZD&Gf5@Yio+;n|Jz-Z3 zhl<*bkG#X0yPQ6bjj53K?c1sLRqK42K`kY->E`_u>t%9+;BJx4&c;?eR|8{_kcf+Q zlGcg?NQa?C&uz=ePYufZ{(Yw1(2~+jC*RZJyqskH(+hI%M%CDPH11U8Tqw)* zd0Lw4`lUzFF0V^-`|}TCBW#l~BU&jPOXmjES0&_4YXxRcQ5`RDZOb(HFoh|s2nO|c zhUq1LS8X*XBE}q;=Gl}VCCtg}yyn>6_vo7d*)La9hojq9FXT8lXlgA_EWW-XH2k`! zU$sYF_K~eM{zwva`~|bhJ6)sajFl2DC~~TcstQy!%nOFUMc{mDAJgE%x#N(6_kR>qfw1$|Ylg3aUEWoHsiReCOp zz99$NR#b`{UmV|dB6*cJ-62^EJkcgZ=MziVq&9FdcpWPYbSw5nQf}DKBHXQ5{wI^X=*q0mqGf-9CB>-~-c^$Gw8Y7j62CJxBJ5s4{*; z6YlJiZri)k5J&+VX|IrGm@PlLnPA*CA5Kk66G~h z%5KcG_NFnWili(~juZ<$c2CvVA5Mz| zmkU0#J!iYK#*`l6@?^Tgvuo_Q-%LWWe|>XGN$K#Yp1tpwa%ox^_-vDqNoNarR;TL2 z?q~50Q)c>pSIn?n&)^2OB7N`W%M_mS@s-@Ra~wheb>)wPX5M5tu?4=N$O(0|x_c`q zMD6Kf)a_ELnMlXU15oI3+7t`j)!|?UCCulVw=oFzuGvoBOJ`8hQHjW`jTp0yMtk!Z z)!1t2`aS)H+~BwYS_iB7iw31#>|rhoQ^iNlHpX?Vtyc{{-(PyHXiUxXSpMyWF!R0^ zjqEk%%y#~Ss=gnu1H(ub1N$AKP&P)lDDl)RWIBoP@%U?7zQ5S5`ZiO`G`elNT@qC; zX={B2Nu>6%yRD+GOfw#>f0U;FXnYv*!+g|(Rm92C*XgU&oz#dV^T^{IBCqJiP&_=*L%i|HWr=;^_@kwg26agj#W6LlUB* zBUn^$p9$iXJWP>4Wm|w|IM((NEg(dn3Fv3A;q?E99S9|>ArS_rFF-*<{&MjP_nAP} zgMh$EqY66l8JHs&Rlj2n@tHu8f?9rm#{6$KGzbRdG5i00CJ1-*FqkKdXwZ)zA(gk`J`+SY%%AW+?R`S9 zqM<&Mv!I+r8!^fd!HR}HFF@cF1XhPwyikn(MQ_A##51gDNK$sV&jjKuMBMIEMl@)n zP9Gfvw4pwev!I+p8{xDdq762g5vNB$8{#toEdW9fguOX~+KADOXQ2(T)?ooNV29_a zojk?mh+&UlfCy+qeI{o?IfXXDQ9(o->>&69+7O=!2yKWn=O1Vz_@d508&Xs7|2`80 zFDtm<;co#mplK10%_*PBS;J2u3_Bwrp9y3JkYfZA@pSAVfj#wrhHZg*z+RZ+pTPd7 z|NBfpd2tXvCV%mn0Dmh(7D-t~;5G3kjW1C6+I>&0YF?z4!u}1v0G`Qulo@eC-*@aC zjBEK^&uHT7##@B$XW2OoJ?ZahT6Hd#yS?6*liSoX{d0D={mUmDj~^Be4i1|X9%jr) z(Ney&mxw*yYSrG~d(OuGW_)blPO|oJ_v?qUnPoBaxSQz@32ex<>qPhVB#Q*Av?>kd z`|Faf#Vd>kvrSBPZ7@V$JBm7bzfpJo)xklsebJq1g==Gk+Xfam7Ek(p*?dIq^WIm^ z$(_B!dg-z_-xR@l%_&t2g3A|Q@jsFyqQ1+Ps^e3?hcb!t^=jdB3Z*#1fE$7LH+Ky9 zBch5_54&xHBGr^;Z=!IU{9-MbQCuic+IMa^aK86(;R8OI!?u83cz9|eqer?wW|ZO* zzql+F6DO&RUqhhVP69R-15HH4keP4?Nt!k{Gs{@hO93>k_qf>M1PkHn*g}n;$W20B z3S}QXtEa2NSsQ*>i0$=+@v<~M*7rndU&eSvTE!{Mz8%wGP7lvd3>3Fpf*yS29@Ktc z*)cAs8h_3jC^>_PdLwoLlUTzhL7Mqe$lJ>o8E!=WjDGB3^Ys;}W!$dt(i_{*MavT6 z2)1w^wi5qKUKgF^7^UB;8;}Rc($8qqY3312Z!4r=#^$CgClNm-cZideVKL$H^pQ_l z&swlCTA6qCV*j0XL$XY&X}m-bqT|) zL{8CVwcwnMBp`3#I`c(*`-)=ctQxzQh?hNEu@^n|+~&%5@!eJcL$UB5T-b;I+g z-Tk?}sgdugG-gveL1g9qH8ykJftI$DymMZ?k9Ro=e$yc%HMkqt4WxdM&p#|u zE&Owi=y%bORI?(gQ%bImmQqj&}m8~I(;Udj)W=CQua>`$+V zHq$WM{t_c?VsfF8#2?G6it?*pSm0r+CZ64u>vk)os;iM$->9|okpM0t5&MCM*F|+? z=`Wy$oUckOA5u4_HCgTxKw~2=Qb(0X-VtFL^=X}Pj_g3=C?qN`Z`%o~&wN-FdZ?Xm zpDZU#*0M`KKWW^Mca8URnEkq9J$10mbN+%`t8deTl9P}ecLP!gRv*BuZJ^BHOw5|*(8O1RHYE96XxvmI*5Ied}9~u z*@Z0mFWg4#&DI3+QA@_8k9U-SBbenH-<{l&oU@#-v-sq0iAXWZw$aMkGsby7^OrMo zcGUBvjGe#WH5h^NbY%<)uT)*0-VWyAbIrhS&@KbjD<47Np&Wyfk) zn9T08vd)%b47ZxUU$8aJ$ht}|=V7y@A&n<(@;HSp3~TeQd-G1d%K3#MP1O$nBB}1T z6?;wF9{2#4b6sCz=P2s>&$keB6X1o0Fd7{!yTtXX$CBJCS96wSBuEl(FyrY>GrE_> z%-H=NqmQYjB-^M+X*1Srmos;9%qq(%kKgtNC)G7RGs9#}asi`|OX!+HUXOO_y89~uAZBqp>K`*9|c z$~b&2BQ%&rKC1c18-u9Y?g33tM%YmmOLOK#{^v9Y=~^a_$D@n!g!Nfgn2LSF%Xtj7 zl)Z!xisG4<$s!U>Uwh!Zb)>0K#@nw(PTuvj-pzbf*z>TXb$73|UC`}2@4ZCQkb2C} zDKw5OZg)2Mb^mOOwVkG#B*KmXt&)$Wi3-Z!9{Ogb-IJdy>?w{(=Gwz0JStK3YoH#Hn;M$8p)-S3b5o9)uaE?{P(8?5YqLMMw)k2J zYA^am21;kzItk`blujg=1#K?B7uC-yQ+hYPADM6`VL};TNpv=}LBzWPv^UU(!vkM$MpOJPdatsm!QgPDW^Qrsswp1c?2wTdaM zj<9vNHYLg|pkEq3ut?FJ;@2Kp#PAimb;n1Gd^UY)&D-tU)RmW$TbwtqWS63RAqF_S z>mj)JB-YSK@=|b;Y{xxKO!?>@i5g>?bc>uZbpx#46=2E72B@MDQGi88##i^){If+m z>XiE!=RT@7+eD3*5~-N}fn!bO@STbL_g~k|oPKVkzPbC@JS;4+eRg($j6UFeS+h_G z>AS)J6Vf4OuVTtoOdp{=Nl;GUsxN>u>$QXQs$+E;YIyz4xCfjv?h$i4{B_(Z;~p_% z!(Ydpcwhor=du3#U)FizfeC0Fg2DUO`A$4A0gXe@)&Dx~!~+x1I0O|OLC1&c*T?ER zw25HaK%EyLZ5wQUgDnBLLjIfc0{jbfC(cmvp;|Tk!3RRwZ8*$R#tm2_M}&xA+`ya{ zXMs7X>?5X9K*aq2*3B81!<-k;pAh!v46633F&v z%2{AeVg3hm_Wxdw-!X?dFQ5*ke;|&){AVE!F=t`fKEQ9BAm;2J@kTfmV1Nh|hdD36 zyLplqPoa%)L=Xu6J4Ohs4s%{0IP>6Z{EgGWZV*K3oOIJcF4q6=y!ihWJ{;sJMn_Dx za2jox^WqFBr_hEOwI?5ZKx|jU{X#$+=Da{~?7-Lf8`_8=l4npG8V>m zXE-kqV=-a*pP}Ul&m4XVVb~ctc3wbE7^nf3(1?x+!~o2{I3_?9m`*OKhJ$6jY z^FO>kJgKO8cjzIVjMXn%U+lrPa~{$D2Ac7d3~TvC&yEYEd*#)Bjs{Y)Yf>zuzMZJIyFx$5Ytiw2W0@4; ziU(Ub6+0uS3~|f`QWVm*6Z-q>3Pm;LqdSK3wm!95cD%0iMIPosymrfjv#DE`hxU`t zxzrueC0W~IKD=w-b8eU9djqw+rt2678AqaKTu~_s_2u&0M80)yurGvxi4~2=5#21P~0+;n(RGKJK~s_* zHzRcn>hag#-|C{&O24UsA*`@ESU)|#FCjv@(;#7!naE_#9pC(V?!&rT3#x6J>8^e* zf0HVYwkki*ee0M|>fG`!WD?W^euXY=hCAk4=fmDwnyH+-O0i{Z{c$Ew(J|wuOk#*) zx?jMuh2Je_+Uibh7V1uR2cn((CA0!^Je)=htEu|9xHo^#EzMQPnC!>e=kv#JYRpH;ok z6@8mK%7HA&c)-zumU32ETJlx+_2HKMon?WUx-z<_-wP5761jY)n`k_5ANz5io~GXxv=M-%+~W z)7dFt6sYFU(_9nYbMUlV4$phv{+&|Hxp!BvKb6~HDyhUFS0{UsR2S=Oo7P;@uT|`9 z*OV&_QZXY^M$1}x+|uyK`mL^luzHG*68@FdoR(jCHfiDc<}0Hc9Q%18cG@f@VWZ!1 zaXJY`kM-qVi^1Gkz$4rD zjTw#(3|Xs=Mx1vKe!Sq&vh&SqNtR;c?^jLbH*RS|@)QEzPhfFo4kGB#8x1DKGA9Wt znM$7}ZNcHccGdXKWuDwr_T;b@=R3ktUmAn12Hc>wj8nR3%}O#vNnpb9wgOWi+sI45 zkmGide5nwI^a3@OZidjS`t3X4meF2xRN&F2J^MI$KtlyO%9a`qS{p*{iro(lQnq<4 z@FUA;64f+ZxR7lcBh}3Is^erZUWyY$mJ|3Hzh${GM)g+VtG0Rso4F;k?y68&uAeUUxpKCsHPb@n^I4Rj-EwbSIfvI}5-!4Q`sZ1)=6 zLpJ1y5gi}-{Dl?2_$y7!+f@?hA;HXm-N}df8(9mwoGsn&@TM2jvzMNO)L6qOXJiY|4im$ZbH zbhOGfQPjsRqtUIXdgFyaWraU0*LUOhPplM60`?*ZXv?FlZelbZWgbjr9N@ZL{3xk; zNgO3Y3WEa8?H;zs4e4mUcO!lx#uk`_^QNIRS>YsZ(Vg7#=zJZWug>8Opr)C}U6Jo( zk=u}xE0PzkVEh(q-giZpOF|_5(-(RNX%S@JOq%r+FKN_;`Aqh`ot%#(#^x7GtO3P9 zm+0F%KVy(wTa9yP1xZLa^QmsNCk0C&Al{QBm^Q3ZuEZZbC1o3`kzCzK9kW%R{yd8yZIWrZDvRe1+AE zPtObk3F)_}jju$l2G7dnecYGN4oXhr7jNl$pF!19R%DK(PSW=fgKHKe&Q0vGUZW*< zs1z^l>}n3~y*Ov>a4x)J^p0sO?m@rjn0~*$8BdvcdvTBE$kw>m9az1-^}v&(K1U#% ztZ=%&c~xD8Cd>JJ(i?XVZ`s>X*FFto-rOyt7MQ@_DZ)AQ3{@@1y^*@uly2w1QRW;L z*11a!2m7Z8WT(8XDOZKM>XpMQtkJzU#>caoAkAp6ZX#6l@?4c zijQEiNf2~_j!=BhD{JEht)6FvkG^E3 zy|4Bcg=&6z6l=ZF{P;xDK>dw`4Eawi_1Nb*l|fEv4g~dz2h$=*A}@8-daD>fUxkj9 zc>S@IdkH^gTyr=l#WMBiyl+z3#qP4$5LyIuTD9q;q=ecvYR%p+9G4H7j8-PZ=72O>Y4;u+9Q=Qt|#ndJBl^{U^*}78XKI1h`r7o2da#1@R}tk`q*e zS`U%~5ut1@9N1};Pn+flmNc~fG}l>RPN595HDDn(2$n7%4I~XN$R&l~9{Ljn5Nz_( zrk(&4sWYIQS`7lLpSHxfX`lsoxDYDR|8a8=c>nZjAcc6&gmP*%2nXTxY5+742NGy+ zAR7Yqqx@lS{+5#hQZVLBC?{8gn3Ll4YCw0?TyWO;|9w3q|L*T^h7hw)fGP|DIUyx^ zkLw#lt#W7w7%7Nf;`ECl#3JLTcNkL6g$oe~Y-dj4guufH6^6J4*m?g}VhEvr5NPek zprJ?VFJ>_4YX77e42o%JB{v{|?eW(KucpqicwQINlBN~7y@)JO z@sT8AZ>j3ds5Z4nM%*ndVx;p_6{E??9%i%8p0&3e98RzN+!ML~%hAchV;gwiN(ZgL zj1s3eZLq3+Ycm_qdUJMnbF6M_`4b1nU9a}rM|a-kn_@*<`Yj(eExwtvE~^~f{T4rV zR5)y1b{l_Wd^mIEepTr~*+E;WnD)Zzwpe)aiU^8DxY*ariX-QG3oN5;eD2if-F;V( zdrvB}X}W4Ajn!ehT8=ZT%MVT~RNHqOJwS_37P9B?}kXJKp&l;0caGzs8ZG$UI^Goa0 zfG_uY?wRoLlEwmtY-26_iDkC>9`?+v@Vt_CrONYY3dleY2hEA04WySPMkW~KO(wq} znVfFlA0cu5W%lT+!mucsa-CVBM@bk-vW$j>_QvvATta5C3p4tiAGn`o7r6xxW|0+` za_GdG#00#_aM^t^JhUCl-WJd?QzTLV6ll{nj}PH*x0^*OCm{5UkqY0lp?3Uvm9fml zen4R%_%V~L$z)}I@z6H4^qO4%R^t=Rwjbd(m8P^v*Oz{&zm4mwM4#Q}8~MUFG5i{2 z)Ts;z4Saa8_cK*ro585qXe1_`LSSCdogQ0u*!_X3K#!E_m;U$nHypxP4 zQ`RgJi_6q9>rkCFsxZ)PX#KEp+Vq5n1k0NeM4Z&r z^(}O1kn<-;XsF%S-Z9C%mRVIWMDq!Y-)+eod=eq)KaKwcDKr8=wK7%vO3EI&q=Wv~ zw`!l#CE)nfh1Y0(5tp2!CMk_Mkix=g>IWZq=)b`EptlyXN$KXkXrG2dqgySaV|xP~ zj}TLHZ$}$#NbteC+R{9}g@zAN`CV3%xclo}Gv7V$-?02H9vUbuz*j8jU$K3yO+Ki; zdnxR_w3)K?H<@`mYSg{6`SR9j|PZ4WYTBbn-WsLnVo+# zuJWEkqgGuhv-RlPkF49XPZdPccJn?G`IOVA&%I`d)WKx~ zq<(6f8vc~s)xs=WR7JTVX_Eb@fVPDdl{eIfxhSY>wky-)kj`o&2utp|43#P>rPRZg z6r^tgix#x;pD1#Xe8#8~m`OsP>7qF5Re^6&FxbQlRpz zD`W8#USLWq|BN1r8#O7FtlCVd6iY^58uNlf_9B3%XX%`(rz1(2N3|e#q;D6BUgrlQ0E3&QQ_pZ2C?9+urYhE^+r1#&bhn_RJ&ChEL{}kT- zZuVgL-IB~6Z9N0dp7LC1_q` z9|=-_R$M_yPntmPxap^W?R3<)UPPA=N7At#XZkHa_lw}x?J;_$nqK>BQz#P2vHlNP zS6KL8kW1hSOp$E`#t{kIUI^)nY4j^>j}xEGZ|aZgKur-C9ntQ-+NvXDnk%_qUcjCb zxhP8d;T~hmG2>WdP&uoKUYjS#HxvD~M~W2n4&$Rt>`xp`kpt__F;k&S=*qdNH}?8j zoi`4ri?QDAT|(FJ4IiO!iR7oo^-X(!g&&~Z&&`FdJ$ylUNp84ekMWuHxBKlL-2{s- zaGj}XP?@HhO+{}iYMf_U45N!@o~R>#`{jnCUEU?WcY%O4?gm@7)*p)DwCEIi%<7SV z81~`H_&ix`%fd~OY?|}p0}IRNbMx=<*a^0yqlsxtiKQ-nJY;eZnN76q;Ja3)L1JUm zGLv|8q|V%Pn2}>Znu+YpRmP!`fb~$x&0w8l`N5nS>K))Vm&PpmubAAt_hvX*!L~|- z(tA8ZLOTXU?tKQdpvE> zcHW9#+YKh54`J8h`r!I63R>5pi`Q1{*GH0ob{mhFQR!b1aD01kAmkafH$#C=(u5SV zHuB>@l&a)fiikGV$|^yE^Y%GLZLiQ(>YDaPvbJi1A`R+%Nf_~QwS$tOclLJP4$rm! zR3>lUf+`0!lDiultL9sz5oS7^wlYFZ6K|oa!Prl{%WeaEQEoz|6@%a3OdK6FZ7;9P zZrIkEfk88UWm+ zLNL={`rRq}0<81HOcmGzOqeNk#_&^`9ijq$JemijT>@aL_rHfDsNP@=6?(M@f&nRi z!3EYop++GLgOf`@%nSj60r?*Y2K1)!KfpkEqyW)!A@&jI#uEevX4m`^9mJ#&|JQSQ zey^hm1nrXwhoYf}or^Qai9(uOeC#~nGMaL>CZ@K|G}i#!>;NvF6RI#`jtPWmc-W7@ zf^5X^`Twn0$cCS=B2IA`Vw#H6W(3@dJp;@s zQlBBSisE>3D!Aww!mk<#i4F!WNmtKRs=>ro)ub80krz#HhAa2yFs2DjjIKx7rT4?YLP^#JaJ&jE4OfcxNcKs;Z^ zeUQ6ra0@;MSU4T;4>v@}f?M!8AkS~WeegLT0SDkd_#BXsljA-JHNh?T9FQal;6C_X zL9>M%kAUwLoRZvdN`eRor5}iFuoj$>+z?70Lxv=A1-IaHz-m^5eud8gsZs*|AB-b*fC*XK|;qZ*p@=#VIaT4(1pfofJea4<%AXb1&xKF3kj}(jD>9}B+dcc2Y#6c zX~Ec!6a0D((g$M=$O|_}AB;61uh1ZUFtUNF071zHsxl03!SR5GUVw0e#9kb)9`Z;B z+=Al)O>}YmD;y7Ks*B@3_#BWYAID>%i9C;6a6F)?JdgX}ctDbQf=9sdfTU>#_rdXi zmRA9dh4^}pe}xuUIc~w{faLoH{|cW2mbe)7KlmJw;>0Idl|5z>3 z1x4;aD&xRKEBF9_(f<7a9Iq7tIZ&15V-`6E1LT1`fCD)wd0VwY#lR}_A_#7}P1nPt10h2Lij4PPfWe4X6zb#lYk$qiZOF=S{+;c*K-2RM2TJTFWPf_{bVH#a!O z4Du^%zqujR-~NsFF`9ok03i7U1mB#TJOJP+emek&xq*&1kQ18B{rCWI!WoAX&N!TK z#^HoB4kw&(IN^)~fHMvN&Nu)#K>%=q0N{)RfD;4&4y`@j7yz6g060MaaDo8f1OdPa z0)P_)04E3lP7nZ`AOJW)0C0i;-~<7{iY5X95P}@91@>J6wO|JT0Q)Y1`d~x{*)LGW z0zhBS9ghVQ{oiCg=2IwHB_!S`xp z9-|3eD;OqRfC1qG3>JXOoZcb=*Mfgy|Zf7Fam{3nqf-0k0FL4*`KNeF)To2{e#I zKIXK4!93IpTtu zl|X1<#4${`LdOMB=>7o{{GmZyC(QH(Lhtd9VZuybQ0u?Y2>i)HgbC5dk0HU#b5ILL zBdE{hU+X+|j<{ep0|*jK)^WjX22kIBp%IwH5!VT`Yd}W^JpOpaFuMlS`VX=W@h$+7w)Id5f}VB%mx1rbHVKuE{MJIFPNv#5nNZ`g6j%ga9x4x z|H|86cpeM_5qG#g!v)u8xZwH>*Z&pazrj59J>r7vTwHLSiwmxEaY1yhf8l=W90A}u z0|2fw0N^?U;J@e$5M>GhcK}>x0Kjzy09kNSZqBB4g zJVcmqodE#X831sd0q|dR28gP70wzr70Kjzy09kNSZ zq%(kz4I)gq&H#Yx3;?*!0CI5thwl;i03yPK>kI(6&H(ZzK)-e%Z^nOtdFp!vfO{YS zaP0wfWMD8M+QUD19t;Ay&SPr`WRf0_KfY|?1V_ceGOV~l#_|Ldu!sgj0YCNnZ%`0EBVc0!VsR*0nwVId za!A-YnwUCD+F9E<>K<<|DA)4EV0;|F(>#rHQizX#au7qfYEC_(K6j@Xyb!KnD7W=T;?}u;*63rO$sb z@4Xs(<~4;J`RKjlT{U!zOUMV4z)r$)Ie&j9sBr$&84WLT08yP>T1s~ z*52cVfjps-FLAitChQJ9$4711(cL~jud1_S4}8Q^ebIK_Vkf>M@b0_{a6fPAv-e?H zgIT#%c$M8H?&|3)(Js#WhMTTc=Genj810SpTROkm+?vP|soFZ2zbq@ZoqIl26>(&< zW7wpT?f*oVI!0hLvB_iZNhNxdY=KGoEx7`^cWKTKi0k)XYA6`d1h1#`pwqb4So+_l z(xTle#TAsqNKfz$>yYinU=b48h;?|D{F3J84>w{0sihl{Xo0#_DM1D|X=tdiP=$r% z*=AO>vLEpYE#KTWel)JK$F36PY)QO;TLCm9oU5HCWHQWp@1iDNOq4uRtscNO6e%BS z!FYv_{Clz5e6*VTb(T!MrP-;9Wo#093V}8pAM$IQ`D;q5KMh{Ytvn**ra*r=fKC@e z`BLS2=MDBT)7+>jR=wF8UUZI4?h*-`XkJ;mJ;p6%5^XEBHMUWZ>KsR)QCi-{@A{p_-V6UGXNuPyFuI_M!aGM z4TEP~DB>kYKAqf;t8x+rnlVyHYOVMfRF`S4rt>8WtNQaM^Q-z7Jrh*&=XRdvCWte2 zO2=4MVb#8h?0LyFJ7n_UgPf^I`+BUDY;Wpw^`TU9MY$DMBl*mpY~E*ayM1x;FH~%} zLO=~HkEeGYdwZTJ-g=40|TqLLL`NKUA$h?;b_uXN7@O zE1wd)`T8+a>%e=WuG}gKF#^oH^kZqi{C`n0Nf*#c74g{Po!6xwduZM07fFO-{lwX+ zR9Y9=*eWBjw_f)Jpdw|}qAlbFszE^Oj8SDMB@!qXgdB6`hVsTX{C9_TWGeVNy;tQvK6^}B9I>E6hJYv;KI zF`xd`cweeug^{1D8nGB!G*3+$x|HO zq)s%w5;q<+hK!qaDdU?=R}7!%P{g8i3T#i=!O#g@z3U+(0iOX!e3 z{`}6df{1V5{^oP7$!a=ZdSk5*=-?zBfktu^0Wo98|-L=|w0=i#c7k%Eb_e^vhef9Ca@sUry`2)0^YOC(} zg8bcg=M#zFT5ks5O^pwD<>)<9r1Zs_V}l_rcKPYLCBY0veDpr=*Ybnqu>@WnYKM2W z2XxFKm(26;p1)FJ`6`Ye{yuX&evzDhxqO=YR>taQx};#V&-}$03=bK8)VZ$a&wixC z4_;h)U2iDLl|>io%C6|AsNFi1&(Ql_%?W)_fipo_t6V<3<%oE^BC2DP|C=gVx*@jt>{ zw_Yyre$PeNEXtoKkAko=}TM}y=_7>p&q3cC*!&E z7x9Z0Yg1&rmmGbNAOPK6Wx}^ibueg?E~kY^OxS3Kf)m03Y)mc7(TOZx&MmANN&%M zh4hW_@Z}AX3B}jW4US>*dDDdBVmz;x4JC-}qFDojmF`uG8=MD<+)BOkq8?O6J)ieR z51|uV><47MqSywPD&Ph$epYdFZL8C_`s#z-Y&+ZHu~^L3nz7N@-sh{-*shITt_;tD z?d4+KmNd5FY34Xm1rx7g?V)0cSY7RlP;>5;mMZQRr+C$xS53Y%Au;1MHAwMN=_}q4 zzEfd_z@}N3*o#ZuOR|(cy=E5ZpB4cb?Ic~awy7>5O}YyGsN8oi=#`G@pmTrBd+czZ zrA}b`iLQE#tFD=lZQim_)aS;7l9$(L1@RTp4)bk+sc$a|xZbnodCV5Pb)JXUyj*0k zA%Oj9H$$}inz+9(>Cz@?v>8rY^b?Bg?zVeo3xrxNJgg7KF&L^ut$vQo$c4?sa>vnA z8@INEzE!xcCHstjFuCc?!^`s$vpDtv->xod=`KDEL$j_ex|VvQq_b*L`>V1832_Zy za}dBfm3zx2P>g%37G34;3?IbYihg{>>k2T3 z_t71R9@GSfc_BfM+pFY;JDN{--G`WSbSoA~gr;7#nQdch&+WcwExN!;iy@JC(S|M8 zq%a#0pF^YYOSIMJh-+RBpL*x6n-{-ZPN%#Cf$uPBN;u}wQ`IpUJ0PtU;pU~4@PNV( zU&)aP1eq?1wlsM*eA;E5&LO%aUTpBQ{boNOA)Y<`m^aWlkK$*gk8s)jlv~VUHS8Qt z-io41WgGHZuOCF&1@BeZ+zds%akrA7w84?+0k^Nw#4c)A%gD7y-bhJtOTMT#`-7}y zT{yl*ABeF(EUKOG|7?CMMNey+>fyFaLuKSd5TgL{g@&SBXVxgQ_$aKU}5n)mcizX z53(oU>{ z&EiW!w@jXDJIoNP%+UrCZe_iI(mlE0t6NdK{${yYBMquTq@owjbNTYlyfwTJfT&;Gun zmq$0eeC=9^=K&8ghE1$FW?YR;;pueGGcG&re{$D}=1mtr%c9#jzxUD;Jqo_={#X?~ z^JMhTl`r~~F4Hq=j7zt3)dz(i)71M`yYtB+*{5b}G$Oov{vMI1KAxJtOFhe>;P6_X zn{8YAV|DFZJ3l{qSazUY^}rk*s;ahkZs>BZcZojhHhr#QcW?3hQYG%h&q^`9%c2j% z3m0p=seQ_TS%D=2SD!JkFhd z?#|rQ#1ZdQBb|bu2H&Gi`}N@%9t{^RtE1)X$ORzxLo<}gWA51z7h3~Oc+zA zxu%D%`HsSlWy4l2)|3hDSh`5=8y(!oRgYR%pnkK~B{TWXy%?Iqsn&yiZ4y1TMUo}X z@cj~V`g4b>0V$f^dOq&f{gH>B~$(dCxN)CGF*x*Lur>6NM^%3o7jH&GGc4vQ&9pUBEG;2AkZj(y& z(x#nX^hJ(e$2V*lakKPjr%|OpwacD3W#POO%L+W0UG?Py=Jik}9a7!BgrDc(p&Q$r zNIofW%#Bxfb9{6ASz%L2_4N0-+@75Ic6Ube3U{{q3_CES*OiPHmxh)&vb@fZixDl6!=ta?xN?Di;jJfr&9I>DPGxat$v`?qCJ(5q%Yv9 znyk)Mbgy4XRF}F9S7&`zquio=wd&3)VSjhg>l{zRvJYKycH-w0r*&}+7vFZSz1nxu z#HqS%eabYsX+L|?m_FW2lVjz2s% zRq2}xKWabMYZ2iP^63#-F6RuIj4(iQ24x$>sQxr z9o8}E*5w=f9`{-jbLGQ&=gIMPyp9*{r0JaDz;W01HBNqAerMy_X}Xp7LN0tNw6uQb zl(|l-{AYBF*gEvn_m6k;Zz();;+XKUg||nYJ)GxNg5UCrrx%W>`^ql!yPYLQ9dNo> zv+t3TpF3?ny61GoWw+8_?-XBR*44QofvaA&Yw|3ueZV~b;nk8=FEw}J_cRXUH$}93 zRd(d*&0W%V^m{Qd+q@1Ni^e!jUeLYk#iYTNtFu>Es^-Ui|NgpVLi<5)gSM$og>Kr{^IGox!-jUd)@%K~ zyMgPE#qJK+?2-R?bfbIw1_$0KG(ENs^gyu53P4E-?=3Rs~;YeZ`qSX z&mqgMwt6%^<&e*hCMQdg>_+(D9FpW^=HQ-5W^k#6znS$=Yn}9T)&u3XZIOPV&ypek z;_7agdO^u>G(Mibe!co6aaKq)J}4JR@^)|v!KA(133ZjpdO;$OP=QFEQ6d9}lIS3W z9FlWsJ7_P;^^v3{PPoCD2uZk+dx)~SCJ9diDI_;+x@%nBND-r8nb#I2<;ZWgEpp`P zCIKCCGR5nrMCOv#L>6|4J@Q(x^bF-Qsrw0NPZt19~=v^;2{?#7z^g|*DR6L z2zYQcC;}chW#lXv+Ka%0OAA0FlCEcaCaiaPJ&RxqDl$R{`CXn6wvBD)$5L?NY6WQ7 zP4Z;C1h#P514ULKYK&w-i&*QwF?BSuaJdCy-`tf2#x%)ICdM@3kjIo;A_sW}@C5s2 z$yt1R5wggcpFtyXOvk|yIu$oU4j$mhx>e?4gvp+e>s7=CWUpiN(GX!x@P=TEm0o&9 zmBIyHO>CiwEMO30TG8RrO$HDdqH&xh4kVFhmoU&Xb>(l2cV5;(y(c@c(fxSf&(9Ab<7 zMA-m1e=v2lS0WruY%=Ptb(h604Af2=sW}5Bs9|qVc!}A8p2Q!0HOuuFKQ-*HicF#*<&ULT40>wH9!Gq z$<|XYvfv&CvTrq9zhaTaZE4^hh$%ieT){99g7Ruyd)ni`Z4HA)a012j%wD)=RcIuR*XM2xwXezx&_g< z1tTdBfq2FG9c=y!qbT-nYH~jcBLS{evKZvDB5*6qBnI&fKGwUb;g%*VgiCP95rTG8 zAOx}`Btg!#7r}{K;4)Ajc8sPQ;Vg&+mIFbi_0gr8Tx+$$ge_A<0!w7RctsSkS#zq% zf)cSsv07F*GjnRm_Fed*A+c8Ou!%8wE>*z+$wX8L*Br6+@_BhSRl&6vn>>m;pl2@c zXQ~moJZaDq><|Gb()0^8xzo)LzY;jH*fWtkuJ1X9Qh*-{f(z#zuPYw;VeN&-Xn zTu~VfxEajpM(mS&!>pdYj!Q;x-oX?y@SR2wg6)-!q1czX46g>l{bPfkA>qLE%w;g- z^o-m$zzcS2j1Vr7DMtvxs4|h1#S0f5&ePYglMp3uVW&hpoKsYYm}#n6fW>;VhcYk3mBM2i58B3!slSNCLjaslR*Zb zqvQ4k#!sK1;088wxQEZ#E3_9O12Z6@X9%VM8O9pXnFFW-V5TQ4GY2AM$UR7>fq~hG ziU32FA`-a33`biiA`cdLnfM)w{R{pAKlVgy6G~LD{({ePnWYRsX&a0RsCdEIDzq1& z0&^FkXS|m;)`dSD*fc9c!AYTrRz_7tz7-@vb zhR_J_hKx00|IUxU5>bP!Wm*Clm`SLJIm%K*0vDK_XbVMT!Gc&CKP|su@h|ub{Mr^V zGbp{p`U^f6Y?c84CEGBxppp}Z3TXxaRChCI#C1fLeq)W0=LJ;2PKHsJ&pOLc7vb@5 zN42y^!DK^4>{Xs`lRyq;Fxo^DS_2#xr?kCsbV$?2Kit3#bP7W!N|TaFOCcmKOfn+Qs1tw1nO@>N#~ zTX+SsfuEKIEzE!Xo8u#KLWv(M0b~jG&E=Ch+JLEiGG<7E5X2JT+KZ5d*^JN#?d^>= zqWAVtg%SLp(MDG8?G>ay(a6EvLQ9r@rBstZ4yk3y`vVJ*^XIC`!;<1_&7UhOJEu(e znK<%-QlqTj;&RGR9oeMc!YoMw6sTOv**qXkgf7fhghnVwz;!BaMCS;&iu&LojrC+@ zj({J28ylfV|{9wv!qvYI`$p0(T?^35qD75#$({p1HiA`JP<~%hf=A$TKiP zxRkmaAvg!|d%mm)yO{Z6JQS15Hg59rb~$1+x{_+nV(a=Bv=t*1EP>b7GVk}NBPj=? zVCKAD|JE{+5}fsaToQq2bsEnE!czhULI5k^m897U@alj;Bb4*tI;Eiv z4;0`={I-lulo)M<)&on{a-~j=7!ChMN>Tzl_;~>WF;{&qKKJc|Pu_)C96HyAgzd zeM2M$?M2AKyhCV&GZDrbv46+j4PM#dc4o#JvEWk72AFHd^!jRaw5hZn^Bmb<(L@3l zm|JKQ?yic87YlTgg*Z&L{P$*yTH%+DmqK$RZ(_96^oE+sUAYyU7oQ<$nz><1#%ZE+Q(paW6~)ifeXx-w1pzFV4-~N zMnjLwEF5wtijLLjN{t$!Qll%s8{!Uj3{X+qAfmvOOfYb;Rc4*%(;6~_ur`f73|G04 z5yB@MWC)=%7F?vs2!Zsa3(=JUtf`-a@M;T>qgFdvn4KU)!i~{i)JzIzc;&H0yi1Rn z9N>X5|NZe2X96`Y>=_QPnP;!yw#H#F&$b5*UW=2d2FS)_?Lvf++GOXO1xSkjR8fN^E-)6|#D2$n_fdl7k}^ zg(D4IA!H?yT^f-@wq77p4vuhvM53pbpJNTlsenv=j5Tmy+1z+iIMR?LDv?Aoq434y zNCTAt%*mv1q#=hRL=q_r0bjx#K^+crGASHsphyfmo}>Z`kqISg$lqkm5rrcSlw@Mt zyOQ?gOBiFQFJ(?o3P&13)&B;VK zVgoykz}$0%e1nD~xf+I3)eW2l&D_%vRu}A<`1bUkNkcRDG~9cc_3T|Cb-=eY*)wt} zpgu7tCja0HiAY&OknN+G%eos5B(H8fxh^Z3*Jzv!GkY*bd{FT_2>bi0stq1)1q0yq zwCs4|&jyeVproFY1>5Ge`aOD9931lpZn7s@T2GbA-N_(@3(EzkDlu$<_vZ?^3=Pj4 zH`wMF;*#e5X&`7Jksse)giD(Dr-7KqOd~3zu0gy%<2@nYXvxl9u@eq4&a5Q@DyABR zD{Etie?pR1XiIMvWy!3_K^up;Tnnr9*9-Qw-;fGW)*5URw2u|Fy2Un zUJ~AOPL6EDMU|8_xN@K+{z^2~@=iL$5HX+#S`b}Xs0ihY{s}T5*qLo1K~IxhOwe3F zjlcy|1I<8Vz8by;7f=LDU`r)w4Y8%tTtE%v>^So_)(CCap(nrr0LfS*v>#Ul6Bcfa ztY!6yAR$W+8WG67+hQ=J4UY=Nl;`T18yji0#BmqR%hL$FJZ7-L%3$|yD*B;$c^bsa z({M%TMLvS&yl$FRggcp1A{D5_`e7xDlNz;MjMt0vKy#Wv)PE1hUq5F-Q!kbxMR@ zvh<)3p)83`%q@^MJPHs-NOb?eUWDe*X#@_Pn$Mk)BsoP9FwC9N96Al+&}qo2j`*z= z4b7p`AP$|;Ml^>`!*S>U51^?CLt3|4C2ehIw(U?YeR0e;M25_u_;EV+u8HnDPcfaIOm4)2MMH6eG07 zapP(=GClJfco{uYi~~2m5*|T~v7Yg+UkRg-wQCUVUf>6d&BBIDytD^2+|RgK`)IMb z&7C~Rpb#Tzq62BQM1IDNQ1Gzba%p46Zn^zEU+>WP*@_z`;St2}886mux%MK&;EI6I z2)5@;&s@e%PS0#)W}rT|`!d*ojiQQmDd3 z11)jYf3B9aK~t`Y7_XvhkWz|@kw?F0>?XWttm3vEobxiVYXUAVwtw`VvBpU4dpE-F zF=zz)8wPn?4ns!Im@r7-3xq+)wHxah*YdN*Y-CfS!^FlU89-UE zGx9jH6|SF$o$S$*)>Di+R-l2y5Z+2wak&cf)%Sr_j{!t@ZCskcNFjapdIr@q1au7Q zxCDoso>3qHs6#tCqdi->ZD1zjPw7%}afexiis4QfWhvxg>Y|0n`%}H7ZJKg<%DM_Mll%%CNOn4RzjGoR3aJcFri z6(&J~3~aj6Gy=F?iX9VNL}PpmpU;rdF`dtVYi%6njCE{fKEvE1D%ZzgI-!jqBP%ya zAqEo`6+sN8gtTE&fHCqmvlUw;bF(I`mKZO%!XmMC;bmq%4Z)?l?*5LhiS31(Btpaj+|{9l|jms8e6oHNIz{{E(B6oxQ;5n^7 zP}-a+m?{6pvr>wRafjc0_T=iGsFLuEknMYfOTWTO26ktr0p&eUiu&id^W4V`WPz z=po1=Uu0`x=C@-eB#|i;xzLmFmdJ#S4l5H1>X?(s{us^=5Sc=e3%yX}LJtWCRwfkG zF(;GVqF|Xqkqf;mJAFh?Ncs_(vgU{#AOo4g96{cll>}*g@+E7IC>-g9A{Tl%L1QJs zfgJggHAgg#fZ5Krhx2gqMe-=*OAd|*MDTBiJR{p4vi;;sz!997o0}sFM>;5##z@iu zKa9u}#+Yzwyv)eNBtzDgbU?f$GRYj1FA~s@FFA9BIfFzd5T4ogz?UXpWKT@KlDPZdy+* zegl}y5uw(Q*%o33oe(qV;I4oTgI0(cv~WAZoSu|F(h7yK zv_j0F6=DW0+(0rXlfsc!h#9m(%%Bxw1})qUG$)h7kyeNqv_j0F6=DXhoR~pNh#h!5 zg_uDr#0**?X3)xs8MMS{VVOeApcP^Utq?P4p(2Hu-;Nn+#6E?>SXv=w&nXTG=t z85GEghaa*m*^s z+6857HuKvweU-~j7qWOP-7tSuK-My=*A#6qY>4}t&Cz@JZf;R^#L%7d=FN+nlI7&s zN1v__{5))b$mgH?LVgY&6!P`({&~8YZu2`8tE$P@Dq%qEukR1HpZ)Z4_o886t`A9g zaP;xj(|#W(+x2L*RIj<^+4u9S=jXegef50P=h(G7zrE-l`?>h4_+I|e!x|0x(dfg) z55J1Xzy4M^llF&qmmeXqY5nq_4e2`f=i%pPLyza#l0WOIV#I66i+wOWn-Jwb?1Ex7ueCFvqI`@x5n%kD48SLI}ISm760FYF&Xd-Le{E#oJCT%YS>r zhlmz+yhlamx!KL@?9Gbl^S-aKa_aru3my&L_})LyjFuy|v``=EaxMSt;Bo3a-pSXL z@6&4et9j!yly)DPro5*6snnCwWv-%qJLhHN`#FooFG@46@AOWEGUQlLq(b5LUki7x z-Md;!x5NW@N>;zvO3$GwM{OS6DBt^>j#1ZYt*Vl(bID1IeaBC!lKlLva_dL# z%#or@^puMWwsj7FT7N}nD1=a<`+K~{=Pa(nX1iC zUU>d(%aStpcK^Dh8}c)tf5^7PUD;E#OMI|sxyzcZdvd%^eJA>Q&zj+yW`W-X3?G`m=%#ud_&u@Btxmx+j`w>$@99ti0+Nk8|gT-rxyqoIcp3Oggqi@k2 zuYwk*)t(BQoV&=&X~TQ}7tuOr--e^r^$zAdvaiqLwCQhz{mkm0>)WXG554qr3QaqC zd_tAzS)rr-ZY(dcgq_0`uUSRcERP7g67KvlP1AZmlD8=LF^$`} z45|EgUMZ|u%>0kqJ2gkEoaj{RW7=#Exp(J$v|)Pa=(PJ>)FZ|(pK*L$tLI)ZN4oU_HTkQsds z?fJDKbn{)+iUFT19BaNiZo}O>7jyUBJuTP#TqllIC|k()z~K(>&JDTkSFzBe^4@k$ zuU~GsD^2Y|yN1LL+ZcMa@|Hk5I%>ba~6&NFIe{!Z7f zx|f_^aCfZ3v!MeQ_-wxOacygTk6dZ4*YZDBy3n51i<+(2^5M|t7HL0wY)e)ni@NCG zL1}aTxE7$<`d)QBxXPLC4o}>wANL4%sF^xbjnJL{_4mBmWAa&-XHV`gYTo2rv_qbE zi`0`+?G0ZvsYIGo9&@hcQ~AHz_jJhWC!;!yU!3o0>z?%n^!#%=W|5K|y%TG#I(=P7f&7(JyfArq!HEn9Pbb-B} zZ!H|uxJbR$c4e<5^eXJ&P-Nxv?WOw#*51~qdzE(62D)V3ab{Rz*8EqFO&{#&SgY3K zUGp7v$Mj^0yJM5VI zMbn~nwt98fOnN;w!9QKOuP!&nMD|5b(!$`DW^BilIh0aU;Ub83W;i0_E(-IK}*+6dyt~|LVcFJ z>C*Ihy{dbY_zNYwA8~wfbjs(Zo11%vrSe{0rpW3F?#tiqZB!!o!rJ;euVIPr?gU&M z)GSx=_>(OMNhZ!PDzAf0`1~@O41P+-v(z*y3{bSj#KDMmog>-0xcMczoHl z5s%YEq?(lTM~W_0zojXVWtD%!*;ktR&QFmiMaZ(xt;eRQQK_ZgC%9(G&T-FJ|ujv$Wjw!QJ*SnC&wx-eL0MP<^wp1^U-M=z8{U zNWRH0#}}Iaq5c|={qr{^^iMZ2!^65a&!-vU=kwu3yAQfU#m`;ds9CessYde7Q4Ov} zdR30;Tc&c;vsDTYzv)#YGEdhyLQ-EdR5xIL5mvhdsBD8 zzHdj)o=>06e{IdJ`f8~kOi6xt^tByF@7X8ceJ=8=X4d1B72Dj~I5sx0O;m%eL+|W* zUTyCFN$1of96ApxyubOUM}glz9EfaQcvtesC(h@?7N#42II&FEHr+FLrSehv_38%0Cl;UJ z^EEz2RG~9N_IZW3xi_v+g{zBZeV=$Rd%pW?D|KHm>gkTE*`KbAn(cTps&e&5k9PGw zu^=>fspomm6Q#7tJM4&BGA7n%VEQS&^T+3Trn~w|U&+^F+QOIuOEOmoUo)ljYMt-J z^@n2iFWeq7bV>Nv`8|J@D0?UR=HNORJ3059Q>X8Z=^vlY3GJJ=bg@YpUViN}^8L6A zxk~EJqg^ePM9P1r3e~?4JBXj1Q-y8n3$kgQV=RKdM z{TALg)w?5)uFr2V@WY<`#Zrg1xqiEKfv7KEr)o3$d#dJk^jbS%^3~pNVvlRmj@q7g z;JS6~#-=;|bk4VsnRlCRy4C-9jzgvG8ojSGvr(Vs3ub?*G)>d%lBz-70IzS$Q(Wr$ zuEw~I!>6B*>Ab8`#Di8IZFQBk_p80RRx9hP(3%B~y^mUXW962P$Bzv6S=?mM=3J_X z=607?y-1mNd)~)Am%Z4#=1j{^d9v4t?A!J8wJn+)b3+bZet2)(>QlD!|Lc!rH8jZxFT8BH_Oy+eI721>vUvh89uM+e z*m1bNajVhgOU6CBoO0~Wn-P=SWL^90&Hmdh>oqE_%ewDr%Zw8aT}tV9Z2f@kGa~=< zYPd6NSnQ_oj+={DKb3W2;*{^-Zp1k5zU|udPS$BDa_1QnxVzoY_FEg2FLfc{(24AK z>fdvYtsj)R+1QF565eIXSMg|#n@6iuYH&SwZr3%dpN`wPcGlS%bM)i#-kYwE@sFPV zC3)PVQrmlPDmZ+{hJYod%g_4J`+NM$0T~KZcl=qrms9>^8|DYR-c+L2fMMsCE-5#- zPGJ8TA02|%o?iHRUyaOjn$9YD@pNo}=KFS^z z{*FK2b?WCBygS|T&$Cz&6FQ zcZfLaKB~diA*mW(*c>!x$=?Al&4DJZExOBfAQT%-6FK}`Fk6t4bC2twW{Xr^gM%NHE|OU%&t zR~r)xR(w3VTe5BIvZVfguYc&w*R%3Dw&`&?v3z4)tF(EWOsutTO3jPks`RdtP<7pa zrY&;K{<3KA&&~5MzAHU&T*4^rzR?S=-)x~x?d$Eo{@T#h@3(mrOZ++Dz^gHJ#=qYb zSZv_wn%BSjm)`H5acR!MwL-oBE19$3;2Fn9^^6){)BUkJ+uc;7DwYXu{UzJ%#}0M6 z-u&tFtYZDA?-my-ShQEuw=J6J`t`f~eO=+MBgSW#Qt7{5ZG1Q1T6($s#p_M;N6#qr z`p!x1$XSgB?H@MwW~V_#)|c<)@fTeR)>#ze^=-Q*f5oiX-zUqOu=@NvkFz<) zE*-M+aZ#@=Er-;*mcLX?@S2L@)fY!R9MyUAWo@#=g|oLFY;r2X@otN(r;a}C;iFpD zZtvQJHamkq2VQ$LK2&6~SOAo5P=DyJD>gVU*Up)><`So$Es8aqbfQAGjESwUwRt``wc9uM=}qqZ=h0~7qfH~y zjObc(XU^L5me1L{_tTYpr>ErbQ+;apQMMlyLEG0Xr}bOfj(R+h52H$L~Oo}O||hEBMWYH zD|UgykSPLrL|!jNig+ldsfa29$yrWWNMMpP9rnft&~deJpkgu$im%&&5OUPYWkJcI zn>clfZ^J<&a?;E846J=wJ)=Vg5CVx>wr~^QUX%qThg$puSztKkD5Y{!p7^SpGAU2X zG^6sHpss28{@(gY`tfQ+eFseo6c1Ji5S3*KL5M~kK}oZrZe_^z zRrsdc-_(r48NNKH2->OPkv3imR0fyvYy&D;YKbw0Z|4zAardMcOmS!2xP*m~Gj4p9 z4urtzG9!dLu9hQ&MmKs_0O%6pTAsj*z`#WB3K(sKFQr*;60&QMiBGg`UYuVVyA(nQ zQ;i!#TL4#LfMkINSLXk#dWlhkFX$12hlluBPsD{txCDg})ZpuMAOtZ(jFg}NnvsFQ z^Sd!Uw;PkwGa`8aUST)JsLySz38W#4;XkG< zg+_c4&yvN-fGUP3V4h!w^!;}+yBEJz{AMW3~g11P2%jWy{d%(|;(f66G6hdx`Z zU&?4IMjyUNNNgV1|Ezc9H#&sAZZiLYul<1#01IFM+KW;b_zE60;yPlJeMU-j0IwLk zRJh6jxk;mq5Uwp*rVWz_78g3y;=6H4rw4^2gI5MDSbEG2hAfES2L+UI@s_D2fd{nA z5UYeIs~J4#_`C(Vd}A69XaxWvTpMEA@GZgvzLf`!_`HRl&s&)98DGN#A+WmxBpT}( z=P8sh2}`qm29FN>j$5o)<3(m6Pc;fNq z9?znN-=u&sn@U5I`!0BG=U!9*+lBUG)X;bpUQp2SIT0B>(|F}xP+-*Ob0X%2;M;&U znjR`|BsZkPcMAWeW)!OMwM1LELuuosvVHi;futE5X|=?dqTeyl!JSkVQ+)P-TiZ?C zXu;PXS%0A8UQ_@~L3hm-1`Vj&wOS%p%D>B83@D zfm9@zrG`h^G^yZ?m?1w$zZVo6j*YZhV#HvcCNVjvKfode_A_q$j==7BR4?aDyUFrp|bv(idlffSBJ|1irn<_%Xo|8vV{97;i*p5up4K$yXR}gtG<~ zn1DILhsCF$I!r*c1R+XkMq>sA2}z@t^a4-CbHp?iUFrUO{G=5XM|ha4Nvs>HYq7Y3 z9lsltNi&Hn%(Da`zqtf_dl9ZMEfO02<`NihMCTTuR2YXV5FqXe=Mt>Il_7Z!7lfwP zTImH}oJqh8MQiNWO2sHt8N2|H6vHKLs}!hk^?&4=tO&z-P{|%WX+0${g_b2^*-!r?ex-5$a zetXZ^wh4cQiIN}$XCt7!*h@Ceg%6>m|k&ehUF0Ay_w`KQ(}P9?UPLU2&O}QF zH5k%{M*{+d3kVSZKn@SHEs0ffNp5DL=5u)Fi2;}x2|{qL0osfF45lqYBb;k6)`-qE zaJw$pff;LLWv)SF0`#IN*K1%Fp(22grwD}zOiQ$h7P25g>?~UA3@Gf(KbTQ zU5Ke?uiOX0nH3i1=Gu`^_Tn%7%H#C@BNGoXH6!i^n|g= zX+|s?-YQ@=1R5^?29I-?%4x%^MFv8+O$3{N1x+== z96_5bta2fOd4@@-2!#mzJcUiPkhVR;&`VG3ObiKI?$o6968RZDd87lIv+&l2hRb=u z(={eBftioQQsL1c&dLTyG3m-FH-XPem1=rOMmgrGe>*Is1pm~;q@V2{rr zn#*F#>6zN|>xJ5k8ZIF%M+nXVC^cW^j_qXm2+`4}9+L>s3T>TjDWWTdO-x+0aLM>X zwPaya`Erg7HWg7+0-I=gBM1@dJ8HQ68_64cnT!GH`i^>3-_eb0FTy4!H$u;lYk+VL zC<)?5?A{4`SFWC;=|(u0pv2Z#UfN3xEQ4~5Nv8;f8cbfa1T|*Uk+MKy>++12-%i!j z^%?a-eMSwR1>;QBL>!3ek;J^=aat}qgZ5(crqRgNV`TglpE{G#GYSo$XPi4Q(lh4# zDPj~B`W{RhM83y{86;UdCrnJV#qh|2jFIAuHXIviwZvY8uFa?yYBRd>nFKCVW&$yo z`AF;*o`~iU1MNkK!Nf!`c7D(1%IEcD^h{?K;K6DpIq1qK++_$s*hQ9WMbu<=p_MjW zvERYG!M~~+<%z7VyJ&WRr0thVNMLSb5{-_uUSeEf#w0*Oux@_q!6lPT;0iMtK?rN9 zOhiX=$4eB%Cwa2sv!%3FQQgHNxCHOHAO; zPZZ>01{41Nre+joFr_eQ)RHz=Dq1sA8_|lL>7UQ6w4!2M(bW>&g=&dvE|b6obf$2H zd5)~LyQ6A}Zd`j2t}rbTAj0pp)LbS(PS12Efvbg5&tA=C666R$2uB{ly7~IU^8?vP zL<$Yxh5MMcnbcR?W(ph^G; zmy95hxXCcm9kVAv2y5(IGJ_D?32Lt(7ZR9@ zXo>F;O}Z>SC`4dxqb-z>HarRtNl; z_VrrkIcYa$9Cd0JZ-d9(XrYaJcIx6A;2YS_nT)h^(;()5ljz=F?dIfWfJ)5Ztk+hh zae-}@J^Mw@eaIKV2l*m!^CnPp`Az!vGL(sy3r41^JETb1O&w%h$QOYa`63?5oJ_QO z5Sc(xV%tMzlzb5nOTNg-ml>Iu<49yeaLKlZ9Uu83u`c-{p|d%e?4WTLMP!mv5ngP2 zEoo0AkwgypB4cb$CR%DhrqCYF?1^-4j+lPr%n>fCNMr)lg_Q)%8S*8}5jp4gGN&i| z&+%^uN*OB&7;5B8m?OfrF)I`82#B79KS;(C7^$pGC}T*zWX%!UAdvN+aJ*P|rh-k8 zJOBK*ffF&fcIS=>gCK-V06_-dUKDiU+KJEz&Q_V8VSmH7G?6KBr_hFI;FuEmtR<;X;WE7g`b`3VVFROo<5+KE15B?B>(Y z-(KVDq^DIw@jseND?C1>EU)q(E6ePYnS*=78Agi)fq+1lQ$g_M&QY~ZK>!mGLCEja zINx3bKAIxvE|i{B!LE*PX|iW3S?I1I{(*x%SuaH=#_(_WFvEfkH!~fE#mykfFfkoQ zteOHF@~OyftXKmSQ&a>$Yq^ewn(?D)VgzNQPkHvEp{`1T4^tumH^g7Eo)0#1?p$GT zQxL$EMi7D_0Q)f!_-MAFyHKA}1-n04J)>X%dWMt=qdx5ZWC=muUsYEi@B;F$9Q-fhI38PX(O@MGq}= z&kE@!LKZG@X#J4!MvI|EkC<$~XTYrdojb8^eG-kMA-LozD}^q!LJ@oAa_P)d%UtLN z8!=OUkL=&MC=O&`n}_xybkW>KcdkYy0L54%_U{Hg;k~7?Mkq^QiKzgXoNN1b>+0W+ zi3j8{ZYd~XZe$WFA;JwVg=mQ$Ob7<1XlRfaIMnu5Hg1UJ@tc9)xcN7CYa}CvEs-$a zSg*uqO1O=eiA)K}r5VV;)(q{%xS;_n)UxCgB{Dij-k$)LWAri)m~o&tF9Wk7m5CNb zIHMOeS$j83u>8AviLi&uCE5sk^pMF0pYp^_YNg=U3%pXu(^kT3VLm4@V2(D(TrC6x zR>Stql-I&^Opw7DJsT5p?M3LLnUd~&^)Hi+=+p>boylY)gmX)bMT915S(XPTv`{3W z5+dX%K;E>K*D_#l{`Oi*M08*gW8bVV`rjVXe;eUJ4U1K?c`` zSTlT!a3f+u^3Ok+Y(!@@_!n?YHo{p93-&A`+|Y}ZEZ`UvWK2RW#K^I78KG8jMK?;g zsv~mMwhj2`>6D2b?)>+6w8s2_9HlZ5AD1B{C&s3*!<`%($Pn^$9R5J2alggLK-(Dx zf6O1qF|k2=3V+PMF-%J^e}F9-!!a>vXtHCRrBG_6W2OTThyRP0IyqbqgS{3vAlxWh z;-E66sLQl$8m5O>;8Qx#g0gVRgRSeizNAy zHAg7)U}ZAo4{j708j0}5&k;klVgF`MPqrbqED@PN6Jm67g$)7uA^{ouMPgpFG7(6L zOt?KrB#}8LU;G%mk{zg7nFvfEQ)o}F1+ydT3fVgHMQ~v5w^KNB1uhQT9-e(7U&0u} zReLisG3Aly30xdj5-FrX^n}wi@;5nigc*=TCU9}s_Hdp}zJxgmGD%E zc0f=eGKDdQB2eajJB1@xQc;e`gyRraCLCFkFFA9BnTX`K6T&2sN&a8(CCm{NXf&rM zjU&QpCXxuX7`_A?K@n7QGHDz^AjbYq;s=OKvT%cRIcpuw_EW<{=|rZ0BZ2qlN@6gx z^G@MN4M_?{rkdydF<U&0*0V~pnXr2LUuh#AyE%%J9Ze;PGBoN7)cg(I~PGpL1_ zK`q1#YT*5ulS$!7EyN6JA!bkuF@u_ziP`a_{E=FS8Pr0|poYrK>==`!(X31wN8|zt znRg*(Pzy1GT2{<}seKCuR<^GF3v%pb}yR734jb->#As zGho^uktxIsDj{Z2K@O70l(W`h!XA++#0)Ap2Vf<^sRH?u6W8HlfFP5{p-PAuR6@+4 zg1ZRj#*@O4N{AU$Ld>9oGkI1|Suq3V#}Pe+m_a4P3@RaJP(kS|b9z!ZQVB7GN{AU$ zK&fN(lod1Jf_p?yA!cAU{G7*NWC>rg=7_?PN{AU$Ld>8NVg?nk4bA;_${(qOm_a4P z3}nwoe4I*F%zznf$20}>C#wO#0_M$8vMTOG1z=}v%iX;gs zG$naFBVAKuC`JldJr-#%j7}YJ;v#}=}dY0;*|47{>?WeBTzi)7<&;5>9XjOlB&JF!< zd-rL-XinGQckk|eTBKWlFL3P2M$S&o`+uB&8`dd>i$~f=qyBT>vupOS@2{id9z1?g zc>j;j1A;%jeEwRs0d>p*P+xy&4xBRbv?%OrHYZ?F9yEqMs zYxkc=;)h427}@??isB`grdb_k7dhHtQ1*z3dWRc?tUh#UylW1JJX)6#mA*c996Wpf zr#EMV-fX=(sp_D&2QpsUQ74^8?W)sHoVxhDll`Gf@ttxM38^%$VduL?OTWJ5Kc#o7 z(eWi_`Gn8N)G+0W>^VGIAJ!fy74Wju{KhBRq}aH2#IpOnOS_cmQg%qK2JscH&kt`u zC5Nv2ZWJ%^D#PLoX>aXo{-4*9GNslX zy)>}2 z(jU#9IAvw zm33Za`gPvt)?&@2WwYNd&eFQ= zAKrdiaPMQ_(eWjp-qm&UojmyAzU3XheJ&h*I^k;9$UG@kwGU6osqHy>d7XZ>ULHJ} zqQ{ABx8C>2QpYFA%e(l_taUaVDwL~eshT&QKeHdxb7{PN>T*BJj~h|QGtVHG)a&vr z4yg9ZzUId91G5%uJ-K4KgQ1V=L~UIDF-X-hbjHXHm-~*b-@8kwPk4{Z#hSL8Q)teE zP1P3ec(tscV|d>?#qJd7Kda)1*V9U^81!g-{jtfWx2W{KdfksFa@4sxYVo+}LLo)H zyx)(mRP^Do*O@!demS+2W>c+&jZYQ|@hm;)QM#Sa4mPg6q~5qDA38etEU7i_;Eit` z)2Mc(=w9Vrp^*PhGXEmwo2jMl?@3cF`8%ihns=8jNmhQxl^2pO3}ITfMmxy4c(sD`G?Qwk8agG0zV`s#tiLvBqs0lhtXfBU!4%LsQr!Tfvd9* zzTz0x!l~6xec+?S#A9WA4wbnzWl%ErHjlS24eF6k_e}R?NL0;smGkN1B61&?5>~GE zLH{y&9@MG*ZBM(B>$h)R)?l6e!l9dIgdIFFMD5+!$?r?s4>xzwP{Dp~T+K9DcL*QKOGEq&om8~ZQX-0w*1 z>KpQO&`&sZdi%*N*>c|YhI;el%rd&k?<|wrg)zC_I2ErN#pw_-}5g08_%-c zCf|)-+w%3*{Lf=Q8BYyB^J~J^yTv zT$c+56(2ln=Q~wv&7q=&TDg{V81i$|;Oi^)>>PXKVCfF^{;ylPMy6$>$6#dPrsh{?6KX797S&h5C3sxYl^g| z-!Ff6VQ=~jQ^)v}IG^iSu*>y@9lh)JpSSaQl=qc06^9SFJonDyb%}4=M=eR`^r*P! z6wmz5pN@Tr@NJ#)k;Cy~$xAfa^l@3U?&Tl%tZ?D`j8nBU|8TF_aP3&v!fi5s9iqwJ z{LaW3!`^;;Q(*1wb>%&8CGH*>Q+rul*xPySlI2+86}7EvNXb*a39Vxr^salfq;B51 zkP4;mKTVk>OPebtca94hGr;d=)g2$p`+Z;0c}zsN$#L3h!^dZ=UP8wbOFof)|H zM)S^hP8=QFrb(XFwe1$a*}FRV$=qR$?R*RFS-PWA*ki}sKC818s25wek}iLN(8zkF zH%46e{I2rI8n05uE&LU5{b}DtiAzS`OVg?IZPlAq`A=y>%Jl7;=X>|K^GlAG^_%t} zL%i>x{kn1my2Y=^RDOn2m-HFBwaK;iyH}|r-=+js4EvRPSKb{X><&eia5{fy+$+2A z?^Ab94OK0ubZ+;O-nzJJvj#*?-+lhwu)`CZKACiD;=4vp!G~*YjEsBOp+mt4`~8K| ze9**u+}-8>?cDYZ*B3PDw0=Qw-8Cf|ZoK!t)xf+ z-#{aRXEKXurmw8sk8U(n*&l@(d- zH#zl5vAS^k;>`>1s!@G!`Ir@FlPzAdSIu^aOxRXv?W1D*b!XBPjjZw^uG`wueP+hK99*&Hi#xY|HE7v*SbJZm z9+xX`ebYVp!gkeaxMv8?{BVi(MeLJ}z2{8|nw-X=<=c+I+d|Twcvy2&zcP+*>xbTL z*?V5zq8%qZ7=3hjz9W4y3`*wHXy@g!JzI6uekk8)tL|NiD{uEyNOmsenT?%yrabd- zwx-k;f2UU6FD|a}B-(N5lJmbylw^MLFR zUZpO$u|7cebYF_ObTP@4V zrjF@bFFyCsF0yUp*4Va92dqqWK5g9z!CxBaH)q;0ap1MA?Hj-Hsx*H6aJzk;LuXE% z)^%ly&&{t+dQfNd(N-5;&QYz({BFFx|LVd`lV$7Ty`ot{ssit;?Ys7@`l$iUU*`JNOI@n&g1 z&Ma8g;K{ayt^5hEb!$Mos* zdFLz7Z+_V?YzP|h<)i*ct}%sXZ1>o&4P7|jtAk&*SssV>bQ`Vr+*@Sqsp2t{Csr7> zrr*2UIS0m!^6lkwZq$nThb~8!Zsauo;jOD{12Y6B6dm4sK8~_ONQTTc2k=>l83<<%kQDE?wES@j|}SjqCqeS6bma@UvRbsP8EHDBJo)yB!eeiiT4 zyQrIVvGSu4mmjAqu-)le(23d8r$_DnGOnH7kg2)9v_879aDaWW8u#u$Tu@}+O>K`Y zOJ3z{c{|&;S;xH#_0M!?`+``HRYj__akPuqf2s1M!h=UUqSF`2IzIA?_xXHf>~nrz zdVTzvD`orIecS%xS<2hpCcZkbsP^-1WyZWe;=Fe6);!Z*1UZb~wQ=*3)|q|Pr>47l zMotRJ5-_6Di$lFti-Hb6yLDvPx_qAQKi{-}yQ27%;q$IsY1k`yM%P7|`z?&`oqzSx zg*D0?)$C4~lDW>ol_@_RtE=xfEz-aLiAsK##ysj(^=XOZ&at8A7GCK#(%q+CNDoat zJAKzrANB;^&wS+ay_ZY9-)@W3{CYdL_Jx>GuL{rV7aH+o>es>ty05JmqKelY+&g0E zncX4l(%0DWaQU4GhuR0iiwx0E>o>mYh8-VzmVP-YXxl-%ZqvgT)yg+@*_q^T(k`64 z+T;8?uWj1`Tl|O((`9UUVBVnzk5|W@9{Y08lE6}RQ?}XA`C(2~Vf(r7@^7u<`Sj%V z^-orLEY4ErXz>M;(w90rL=unWVZ^c6iX32e zc-f$_7x(ma4U6_Tn6vneHwUJ;gp?@XWzC5#+524GGiQA6(sMfY>hN%Nn+k!qv=d`v zQqL^4X!nO*skiQ$d@6&+KCX>-s#3{2-9PJVKO=2hZDPR7l0iSZB%8OVc#+{+f{y9Ts`o zv+SktwvOY!tA;h~kfZ3ar&GSxY?p3G&d^IeD+U(r+2Y~01w%b|d8Ns=HX@D7@Krw@ z3gyaLctx4)+cNK;)wbfLx^|U|W!Zi9Q|&>UFK4&gkh@2huBk6)pV)Ij@UBt1>uFn- zo-}Ixi7MNjYp1U=Yr)nOxf1s@3@$rvp+4^1pOa_@;E zJx_lMXwV|sF>3hLLSH}b`mX)4tYZGo_iDyQ<(gSAf05bM9yIGWY+!x6))Sg|-%izK zd#VCYZswe~>{9xGC#`eFUMW9qXy=*5XY5XwdyQAf%6UD`<|=jVV%tSsyY!q@x9paA zE9>^$ez~gVb@uMF!Yj54xc;cfi@Dyp+imPMGyNIe?wE}SJ>zc{*zJET?bUs`qwaZs zTcg^$c&2BE<}UukR zV1Z0_jpono6%}6l*^xdenzt)Dvhd-asT`KLy+3re%b3i|f;Y^1vm(4y^-Mu)T6Mm< z;A2FI7S7kkwQ4>!*@DW9KTLT0$1+negwBF zd+*-RklVL2Pi{2t==;HW0^jWS7~G~^Ip>9A;^M!Z^~vU0#qQHlk4ugbP13gBUhvMo zGF?JSd&GR-erLD3+?&JE_x{V6Z0h?fXELSt4fNqQ@5~pQhhTCwirtao3DS^~zyuyD zRU*xbkznu`+>ug>ZG=gwyvl#9tOSJz-(=)jPC97xZI+MnQlwD`ECHXufJ>$~siX_#TaWyD_BP*+h zYrUhaniVumQC3Z+UZS*`wYR2h$6jS77#&Y3Gi;Q$Qs|-wQhF_rfET`8MT{J%K~glm#4h%3P(Wr<7*W)+*t-3~oyO>z)f=og&Zz<{oR{b^ z;Dml<@;r#T(Zrwx8#uHVL5sS=#57`ILaxS>drN`6F_}@&}*z`_TN}xJ)!`NT8L$#i~L$% ziQi`O51h7Id%KD5NzPkp7vZoi!o>fj)s92Ph^nMGy6{rgm4Q1@m$7wX8#R8L6$AdyuAR*%?xMz{c2(GK$iHql)k%6&pfc$v;jah~q}EUtTktjiTX|B@4l)!uP8PZn)y) zOyw0m;X$}xrou)buVDyqTQ}H|L3=Uy(7p(I2COhW^9c|0J>y$UAcSi}z-OdqT>9OT zu#vZE-e#1+9v7;lmK@5aIvV_4Wm-mn(1nsj3)Zm^PhZ4|Agimtk#Gq%im*hGX zH$tGcWLXy3FukzJ!WQ{?oa#xbg$PQx{=QA@RZ+)<3;!c+|IJ(^Qy7f$A8>h-@mxA? z=LC1ZOzzq6JwbvDxC_c51E3}{a(odG8u1Ae9ha(+(=(kg5#D#ub6FQTLJ+W(nK45E zil0lDg+Fq&mdD@k4Tu$nWT9FjK;k=xmaGhvyAZ)oJYceY8?OAX%v@5+^6pr0#B!CD z2pjR8NCE-wSd9T6w|nByXew+ZP6T@x{_ucJTX5~g;GzSQpgu~N z80#6|TeQS>3~gBUyNHGbl~nkqqcUbOuX zU9z>6fET{fN$ium7RVSmzc=E7F%zL9zQYMZz{nXPTyBMTcBX`&y%GrFvLXbdpo9pc z^sP)4-0$SPs4x z*uus6k+N2}dl}fGW>;ES322dPy4dN!-DTE)@VhdI=1h4me8m({!5S}@_k+SBqHD%b z9s&0ZH>ug4`K_Fcp6P@KT+C*L@c9}ULJ+7Gn=pR42D_rHOB`y*gQIkk#5&7TMo}?j ztz5qtn@5`Qp8`I`BPeb15(!Dnhqc{wqlBbfT_xa&X}APgP_BTnZ!N#K;trNgI4#Vg z1tEOWM91%~WC%ffD-Z&V6LOr#ZPrAd4--+L5$C6gyM#`~jo5#~Zx#!E(ea zyDaQsf~h60khf>vlBpFzwpJpbVG=7cXX|_;(en3ym{Bw_e)5rLv-Jy&DgvH(P^DFs z0v=kvh~+}<5f*s-jt)+yP5DJkumvI5{Ee_cF!vQ2@#z#TzoV1UGo4O>!YZu#d^Sji z5CnN-S=PB5!+48A0kcvvbMeRb1XP%!`mbp!0xYJ+TDX#+LF6r8z^B9*N?W~zYs7B| z*lrvVLS-u}0Z~$K3?L_oqMSY)l%c|IXvV6+rr zORhtafEIpc04b})VrrqRsve2JRpLW8Y+absNlC%=Gh>aq{|w(8VZhas4&6? z!TechgcB^r8lkuXpoI6I#u_2eDq_W!crG<5$EGBpWoki#2`0x1MW`Hw6m)3SlWFHG2E~Nq$6HT4OL8(tH1S$Xmc)0eo zOM$AO294k_o9UTLsmSS>N~x%!9-*0@aSFwPJ)4Ct!N4!64NC3*HWMrSfrV;`!DZ!I zLz$}-xTvsMHnuQX7WpMB28~iy3R|+2m4Fr|=@Rb%6*d`YxpCVXC@*XhT9{J{LLePN zG8tTZ5wtM76&gYMgXx(|#K`HH-N|8mLitd3W#AGqa)jXY$ZspRB9IVSIlc7BNsy>X z0aWhCAw&8LdWqnN$*q>Sddi}u;71RceEgxq+e@{f`e3>ayInWdmEBqSJhx%8(Dbx9F#@dR1n5g2RYEeH%8{wsv- z;*%C5c5WCrVpgezMy`xnBKYA)AgtGnSJK3I$wnXM!y>Hc70OyEB)k@R zkpkle96uHUz-t*M{Ur$svHILD zjuFBoI^_sK%Yd@;WjJYqZHd!QvapCLsQ;FpB5-2jt2N*x1IUk}iSd(-P5g|8&BhQx zQ#{qus!Bi;zs^Ab0&h^T(B!v7W(gedb`1sye^rLKIA|||Cg#2ZH2GwS8=t0;(KDSa z;aSQid$uxJBE(d@%}`#DnGQO@mj^xRt%!9?I=}r8mUQM1*v4gQDh3~3&n$@24F{1Q zNmH6h+q5{&y`_>_uXc_k@G)w*B#f> z_y4mZr0kKAQIt{dS(!=5NHj!*R1|F?Ss7(y%S_1Lk?b8JGP21YS;@}M@7{CnyKF8+OIPA4^+Mh_+FjZEV)eyLJp*e z{*zkppaW^A+9*O;qfQel6+KsrR!D}ZVZ%@u(~--m9O+8D4%u{7%r#w=G9?ZC zNUH@OB)B3R!IrGdcpms58x;@29&{jOR2xMIYt*UdQqgm@2pbNeEe|_NmQy*>m4OFrLbM4>xTdQTCckI*Wuo*+^PA#oy} z4`zbECj8HrC`tH9bkK4YhGNR#M@*P#77=WLs4U*H%@+ z)B)+4p$i6T{2Ju9B7=u*RhjWTXhG&F9t6r6DhGih3=A!p`(aJ_Zvr4LilwkNq8nsE zs^`C{6%SaDPFiHe*g5;3ZB>cS`YY{Hk%Fw2)XFNJ9TQuo@-09Kti&KxLUziO+NgMo zEjMUnP)H!r6(a;1J08z7cKWBVegqF<3mp=+Mj_zMM4>~%M2D36Opz1mrhZpIV_1*& zr_fP^xQq)izuQB5uw7ARRU2+!Nm~efWp=yHPRy_kRFSL0Cor31YCLNQWD5q#e-lu1izGrYe*`^ zgJABcY7p2AwAsqBZ4`~GA%X1Be^3b?a3JAS8$CE%1n?ntA7b+n4jd5H=omOySypAZ zRSHs88F0V`ge;M1gV@bf%+?V#QXM3a%Zi0SbH?L&7=Wx&Jcw~+D6vvCh%9|D9eHr^ zQPm*ezqPRy9&pHQN>K8p&>dBaoKRaWc+i1_P;I6|0CdO+5{w;WeSgP!tHzEnZIytB zY=^NrFmnEtPN#yDRRSEc(W!)MbV^CYHms3% zA%V0}WX_1|$C|Tp3WWqRI`JU4a|5Ra3JRs z55k28%IPp=JRxtUb1Wvl#zH`*rt;0YE<9-EmmtkjH)g`amO#CD;DTgMZ9q=gD_anS z`8}zcV84Xy^Z!joWdpV;WS?9+QV~;*KqpP=Yt@iziiJQU$57+J3-UtoAY6{1;KfuB zg}j+8PjKx>#mq^85FxN!p_5WO&(O8;WRR%|@K=Nr04>$x!4J|w{}TL&2@{My6^%xV zFloeIp-bOJHX4<1jYdUGT7%ApHGmHUJP1cjqfs2HVVA`R9|?QdSd@7wZxG~b;y2+E zMmJLtQ+*MjF62=HtJY-}M%a#uh)tnWhXgV+wJ~W$Xz_WbDwN%`N)vRM zUF9Gih+$@jy(#}q0L0qZilWU5PIVN3BZaKYe^3b$ICyE;u3P+t`zguo`F4E>NaXDQ@+V&LFH1qE5QL?YnLMBzfp zG#RCYFojO$^=fdB$M6@d2tfo7YGit$!aopL1G@z9o&SPfeE1b{FCr|O=eGp2&-ug( zY{5ERPC{E{_#+osxtryCE-BfHRLWEdC<|r_9+QQaIl5L3<21N(fuY5Fmseqto?L zbX-bKKm<81$i)PXs|XR0wtDd#7wu`dDf zQm)G=TguQ#evm>MDKdB1WRywqcmW~geBwc{l!2f5gLn{zr3_VrikLnqx&tN2f*>~q zX_eX-thQS4oD!sJYNH5YjLMKBEI(1=lvMNp{kzZ+rmYg}kZnMvTpLg(nPMvw3bYF+ z_}vvLB$8qnV2h^ib71b25E&rMz%tn422}LFg-!3mZrk>0M$vIZG5bKVf)Ab za%ZVxaf|=`Qi&9jH2+(A^1%xCE?p%_U`p9X)iWyC?Lk87-Jl_g>?oh-swflWT}Y;!8;^NjNG1v>(G$w#G|2>o6)ck* zkI9>~B-|$vJt5UJ$ppI)l8LF$^mxpqMo%c^MNg>yqe&*%m5@yQwR?IzzS@AE5D5T1 zp?y!2Ot4EKnfN;#^mzOs8}!7@G4k6Q*9gQVNG9$!ge0M;1U+$cjB^N0dIIQUncR4M z6PT8XFEXJgA!`KbphzaZX-|*GrEB!Wtr0$Q)u1QjaUz+h){bl*cjBOB;z~Js60$~+ ze@V-oJsx+0L{ID**&rsB#@|lh$OaKN={2&!&0EnEiz6HSQF~3l zoxqU|Vq+tjGPK6DOc^)F$n-SoN#Mu^_e4jMSRC2liw@|&3EAt=cFAP$Xx(vkLXXF} z4tnC&2nA%C^n@%&BolwrgqDO06X=OsBmCJB4f6@fh)5>wn@!Pt;$kB$6W{hlPeO16 zxrs<7F4fcHapfO9achJslp23K;g4)^bcrN!YlJH!=)VbBBiLsW>4^`+>GAk%9X)Yt zg!}Ahnoj~pa?D+!B*`%q20gKJEJx?@8h<;1BROI#(Q72f+&1*Y;z*7sO~0MMk(`SedD0naxP|&@j*IBGb1{P)wMqxBRNGe9OClF7vkaxP|&b1{P)H3-tUMg)#zT+ATjVg{KVyVuDD z#SF0ZBCV&4iy35G%pgOoGa8#RK`{do0c=Ue#SAhoW{_d3DJ>JH1sc`}vgeSVT+ATj zVg?!NkBjsa6f;0F9g@k#3^Fcekm0Kvw4Q=u2FQd%GP#&R#>EUWE@qGkiWwlQ4awwU z1{to$(Ase^gACuT)HI(&TqomV1{oJK$nb4tTDqW^0kX!Bo?Ofz<6;IG{w5MFQ&7wR zNn}VS7cO{LAc?C}U{IuggjJ^?pGbd4f8S6)f2;2PAwwers6IHhHf`IEh>Y;}2{tV2 zG~=#k-?_E-Rh+PDVEaIyG12Q^){h@rB6UzoZ-c>SVv?luO3$u)c&5z^)9p!_`g11BS3ua-WP|90z^H`Raqn0R->mx7h8Cmua=@cW~7Pe0omNbDQwW!q;a zzWMrb?t_JI>K*&>ZQ8^K3#(i0*fDUy^>&^KJ=fG&Su-Z@*uY=U7Tn#wqtlnA3w}N5 zofGcZ-tX|~&QJP{lNU~H=l8R^&$YteOTxtYnGY`-Ia+6zoBg=SYgx^9+XkeJPH@;) zEID$2m1f=%!3oF4NhTb)vvZ|n^0D%>>;69YAv9xj)2ouq?fH*y>qohm)vbQSFYD;c zEw-g9S}l6~$kpL;TFtnxwPsCE88g8uCN-$a!Zxio$G&f*pVH0B&uVt~gs`@|?2b;V zyUsFJw07F=^ljhQTGeW`IeMn((tup+5qHX2WX64&V!Y6^cD?ZS0alAv+DgJIw=i6K zrTYEX?fdmw`Xz8sAEVXd;?~x1UVGdA+q$lfm$Jgn^%=MJmU~&f*nsMrs`#CJ8vepL zE1*fniCT$UM4sYqaa}~B@;%#FE%@BjWXLSLz#5&$E-lw8Zu?LBA*K~-b*);Ny^3JEiK4w>aS!&XWpL>m`hAnh1+3TwLw+QPt z(u#iF6Q6e5{=@ub=ltOdCs>R$IomZkXWfHJJu08=dU^JhOUv~fU9X#e8{9M4v}xL~ zg_30V#1#gc?>y~3-Q1)3{-6ZOyx9?*{1aEaZ@)LQ=FL>YRuN`*N+x#8j;mu=efDI- zHO?+iY-iaNE3fM}OD&)V}JRNJsNh_Tn(7#H^%TnR(HhQ^xl<46)Zp(6Uyd-dT8PTYHOL`?OIPEsJ zwZ2{dym}iKN|XGy*oHqYw0FJU@PMBF`p)+}<+GkHyJU0xiA&0*4A;Dt#rMwZ|MYFp z-FhQeq!^XEwcgSFf_t}!9W~<~EVC$X?6$e=sypT9Z#t&uEH&A(_=TC-yyjzujeoGb z!mT^*&z3Ko)z)mp`n=F)%>xbEv^?7;t$1gVhyPoj#YYT#T?tI@)XVXbMa>6EAqJ6M z{QP$QP8^hy_4I6O`}X@AbeS=|idm&Mw_HD*y6HSt@905;6+t(SH9cCv>_t<<+787N zy*@bpZhgSJihu2;zjB6M>2t(L|EuGwefKxIM`X9(QOB$8*h+)f)K0DB-}?TW^CME% z-8q@@q|T;~ji;EcHxF205^%QMi121Hb>odf3o6`SG{z?`?bq?+fkFF9TP!@9K0bXz z>$)>PY`yO!tErWb5EA@R=zeAgdq2qtm z^ZMR;(1Mg_>zhxq>fgIyNA06w$5Kzt?J;gZXiQeK&E30(7i-;j*}8I1hAxTO6 z(mHRLTLtNe!VbeLzq*?@-0fAdedp$GcHVR~Ipu9=9krd0_W z{nIWF2szoIckjoA-Ror3%3G0qwbqK}?H)?}x(A=V7Pj-$`Z`nFb+cXLGa|=xS&boO zvacUX=+OV3>+gZR14dRVUv=L4-|`H-O(P3L(~v#RWSwev zV+u*TvqJ=vf$N(X2aUtHfk}dj={+a`=$5otOx1U zdDC(6+WHGyoLv)=o;Cf=LMP|E2@QI7T(R)O;_C6{H#~ZE5=Hm4S%2Txq4#bJm+cSw zUG+I88+k$^*?aOpjqU>)UcNH+&9=h3UuHeM+c-J=V7u}2tp>dNqCS#_*NY|fe6cE+;(Wqbx0KdL!kw5)kT=HZY%BVSCqS>tfxkkOOw)a?3P z|BR@<^L>L#9f!~AJuCNDv!0GgQEhsb?f9V4&AZ1NcgS*yobY_uxs5h29`~v>w$j)` zV|q;ey`b!z%M;yJO>#`i>`;G*XLpgy%r%Kl58ho}`o#QjMBDUxrn}pHh+6(OvTmK! z&m#;reH?W*&3eArWoIed{jX|dbn)HsdPn6^P7|*Edimt?!Ggqt?z;vh8~5L6c6M%9 zzv_kK`_+G7wFW-EqW$?5clYCq)?8U|9 zc^#igqb3-)_L{xedFq-Thm+;qek_fy)T+kQ4E^sXlANz~u{G`*SiD{BF~PCc-UZg@ zO}`v?J7!1NC$}9lp6QjFKTH49)21dpmb@J56E*bo=*9b1zu4l|Abvz)__StaM{P-Q zYET_D_osHNq$<}nl+K-#wy)NFjMWDFykL4x$-q=^n=;;iDV{J@xWT)mzxQpE}f^hq_p13WtE=x zU*$1vRPKkIi^n6nOnm10+2^2xgTsk+Ek<;4Y35&8e8kXd6+(9m+I4frl$uFbr9C!& z``Be=*L%jbFI97!;Fs-W>7MYiUFZ(4)V)=5Tkbf1aJ-jsxqvcK*X-SX8y`AUjegv$ zZrJH-Ex)as`R>;AD!Y~+3_i3uC*@Q}{o(EPeM~A2Nm^ufYU7L45*a-nlpfq9YRZ(e zZy)=O&H6g&$Hh+N79X$M-pnCwrccY5s<*C6ecfZW4p~04bVzcbT_yJ;eM>g7UbOu5 zY@_O%rku8N|58f+{#O0RiTj7m>|i>m!CSXIwTHf5cO=4~%9mr_0QY&b_y{+Bwx}LB^QU)xu}YJN><* zWX|CF-*Ub4O)Rq?pI&>gUHsApwR&2KcTcz2-z;jfe8j0{gNvn%%b2~)?&-u8p50uE zi;R!{Xj;p*$?E*QkpnwVx3O9tR$_4PlFv+sI~jd{oAh$Ts1q&TJ07gLeA&gUFHWUQ zXT%IHezbIs&*w8Omd3C3h`15iWaGouWzQPisXVyb-H>jjiwdL22`%SXOw+%gd+tt0)xos9pwk_Y$H}&hc zJE>1MPk2yo*q+b|&6Zhsgtpxq8ni6SWc~6>pKnLl-Ta(x)Zd_y+pR8F`^}AC+Hizf zxx&G}2i?i>NqfF^U@?6?7l#g84a@q6_%V4D^+YG9bVdwH;QwxVC?dX`CWFn$|6OL2 zl&2af$m?d-2pX0$PM}a?le`5r8gdR~s5}F!5zOUVst$trwo+VDRa*xko2|>h?G1K3 zuMR@qP?0fLs;D<(?kqb}T^)qHp(4X2Yo-E&4$k;x8+b!S8|&d!IS5Lo3YH*QXn;1O2E1kCcZlh1)iNSW-opGXdx#mRGs1A~7Fa z@Jb!4s@1&jX^Py`n)B zOd|WJMlt19&qt_=OFBhED61d0-hdp)pF`!UDg!7jmp$!8Fk$X|P!^6!xl&9PQ0x8R z{TeI;9mO&L#l?LdK*?(^GNw5_eMN0A?1uq=|3trkmmWs)hwEw}3 zc`5rPIW?XSUa!Hxg659+JpAB}yyhaqv<(I$ss@2n2fqm(7Kl#FsE-m3c3+ox2Qkh-rYal?7a{ zQ0Ki6j}W31Q<9lT50B>q48$J@8<^2dznQIfYJM}kT!V$cj8Daz;q4i1tcPdDL|IB8 zzTkx$-B^m2it*qDukC0vK}02w4Z2`#NKBbfbit14x|uUVS7qoDq^mM;k*(TgnDkGZ zI9qjO%vFu|Ld0JPE_{c80T&+60~g{5D-6OlP3p~T)ltBkLGpsZ1+zX?Zw9c|#&&o% zOzv$0(FLyy0ZS=D5}~bTJb1xdN7_sgVY15LMNXPfe8J00x|uaXS!MVVrmQl6kuBY2 z_;xQ1Ft)gX?OvVtf)}BXnd6H;48T;J1t4O-0>Id;&xWm63V1VF?7-KMG`zWp#SWes z6Wg0me1XjYSc)#ALt%>X;Z?*Ph_F~?@FFx5iY|EdN;h*x=&B4|f^<~|F0!G!3}3CI z!Nn9d@XZ{xC3$qc2I2(u$acjh&Wz`IFL+H0A(CriZ^INeguIz7Y~Xu?8s4ny!Unmw z2}BpXtOYFPzu>)Klk@+W_kvf)bTexL@I|h$^36agz`#a@%$zym>SiiuiW>~#)Ojy> z4Gjwc#SLaW4`A?~86LzIH{?ulL&%%y^a?^7G^(fiY*7CrzfGGA-W=1$dUWKyRP;Xo z4|p$lWlft2A}m&i-V0uQ1L!KkoDsU})O#U52e3{#zQ9g-FF8}#U_FtV+zZ~Jqj4g~ zH`*8k}1Q8aiJMSfj{8Zh{8KEn?A;7JGm__9~ zfiiGGVl1*weC3-47gN|^vl-Ri3%80;zzH^SN(fV<5F!L*L>QqsvP0*?%y^z7g5*#< z2pngt98|=@2DKinyZ)-v&vn7{d?*csvg|kWGpQVOK<9 zmMyvncr*Pc5cu>uQofB6!q!g&2m!#?*@Cf~q*8$LKMy4kppf?oR4p0|bfYQ{vXE}7 zngLsLDQadx=n0mH9`qMZ6rhZlM9n=2#lp8Mx&WgbD5h z!(?~L*%`Pyl)@kkCF;#=(MG_ViPDK2_odPB=KlsSL=MTIx6;@2J8s(4+`VXqX0~4f| z{uPVmIWM6XNcheRwsZ%&7A?BOn*jV*N8u&vjtFsq8>G>=V6!{MT-9WEko<~F9QRve zaDm73aRG8HJcuow$k>!nz?(s&fWgJ)l`^*SBR~j%wQg2S5q?U(d?OHlkS_Y~YQ}>k zB&BMzH4rX?2S6p0Ce**dHtf2YH9}d|CByhpd;f--o9Ob`Gh`2TZF=0?N9lnXb~u@AGh8h0Oc?D{{T?1^&yzx?!>f(Gua((gRYL+ zg}a(V?}wWm(?Xc+PKXdXQdAJaR3_pZy{0WsC@DssrqSNd?g3ueEYb zmH9?Q@r4G@e1nKW4U;^vBw#hZ5dlL%2m}E3lYG>WpvSGxal**Fls5=cRuR;2=X4E& z0I0PzX~hVN@O0Gtlaaqbut7TNzpEJ!Zjkg^bk$hHh3F#ZOu5nW;RU~Npfh;!7FZEq z!gN&zFm${Ov4Ou3K)WTTxWYI)b!T^we~Zi>e{g^?dll>u$c)8#KWIJ&G-N;;toX^ zwK4#bstI&&*n}CQ(9Nt7$|^&kFlCiM&<2uxF$7s4NZ1mGMsf%K!WRI74gT;CSS!{5B&bpf(Lv}=Vy%m#sSHC1nd#S<-9x;(QbHauZ?vQg-}`p>CB zf(I`SYoS``LD-`*@DLLu7&{ zwbg?MufN@7Rml_y#TO*f{xkRztgJGCk!@COxHhX2wyvm=@PWUQ3C$jVJdg2B%DEdh z=;K%lgP0c~H=|+@v*nkP1fmDBOSQ>pv{Zu!9!OZ#MvuSe zoBm4wQyj~|e--N%TKgv2DYN@DvPG@|s)Q{bXe3qGKq4#_!i+&Ez|TD21R1G#5L>p8 zuoX!GZw7$?h7!!_RJ|GaV{L4QXTxMvEf7lz4N(7rj}%_7c^5X2m5Kqz zWo&HKLBN}d(uEEF94=jXVau8Vg#7)|1+f7NMIhKdbQ9vajs3On5hXe3@mlN4f0;G5NPt) zW%0lT8L4;>C~Pn<*`s@?<(8CsMJSa2z>ff`E@h%JRSssEy0JZR~l zNh+GFKmSk;LCt&#MHb|)>K0jGX>|lFvOTH|*B({Ol;H5!*wuP1vOTH|Y>&!}=VOF~ zG}9gxdoAS@4;x4mMQB7!Oy=-d)tew&Q%mQ-Mhe`%Mpz0NwF`t6q=5drn(@E|iKazY zjWt||E^^L&f%d&ed+$#j>stkT)163QYfvT9PIx^gM zb?}1>R*WPJ0_>`A5XpldWS8PWIPOzFh%ADzTuHjV$!N-d6D)dY5uowFMDBJfjF!09 zX#+`{+PDmD_27dC?l)RY2w{+{SAYgdPLWXbK)NYFk1m{-YV-(GRvCQA7O6H&+e2#m zXKIQ}yr>R7kdum#z_y1&My-M&0okH>5awb~Z)R$WLf%XkIhfWwln|z-C`1S>di*J# z|MO0Q#2e&r0$cj$72^RA5=FJy2?PL8kVoKGJ&^tCy6ORur&I5Rx&XsE0@pxQ#MTrw z6C@yM6(NcJ9vXrl9?$bBkWY#S!Lo;{L1ftjHcVx5LjIeISoYA?YmjJyq)lyXR$D!I z;DJO?Z4?mz9$^lFj~*2rQva*oi)@i<%e6=qu~kFNfl%kYAm@}uf-P*3%G50QMhzkm zJcxM_!W@1k2iYR3F+jU5VnVXT4ON5aqi1$Q(<0X4nJuxg3XA=0Q483AUJVjFcyWrL zhXC*p6C^P5!?wq2rjsy&&{db7$Chk9+ep+-W4E##nLG{MpZ9?x?`kS~e{ z!P14QK}6}o7I7t6u&WxR>(T|WISa)T*eeD_jtoDK|%6 zsvM;2vIDWP3Pg`WuTfo~SeP0-@IVUZUjh%InNaMg=qvhnu_H)VWkDO+R@9bj zE6Nn?5aB`ta=>nZK)`er#XdwiGr|_}bRh_sE}~S%!&K@8ycses@tbj$L;e>H)_kZ8)b@i zh^(pJ??Iv|h6uEF0w*soMa|zK$YNp&-@Jk+$YYK|2Me}PwSN8FL*HxKg zgCtjk1Fj`0Tk&8rDK#k@q@!XPIM~F2CmzppY>+652eCvArb>xmtseQ1(urkY&{2Jc znS4`#@~|GFlUNR$dQnM+wvfE38#~fcF&_3HLsU!0hmDvuW&Rc>C{R;^JrMZlX3n_n zR#9UJK0&%F#U9whkohug%&4@9F<(rWP#07}Dk_$NA%L-`oN!?aS)zClESIPnM3zes zM-owbg=-6|Cx5_Jgrr>2rj;~l5a|3MS5q6C)>aQ5xFG*i8$}3%<#{$GQzX>0A@lq@ z0fGv23077ayvUBCwp>S1wz7e_5o+NDHWY*u#4n`05(@EDa4S$3Y*?K~ z!xO)WIcZk+CdjkY(pac42iq?E7jADdt1clyfg%3wg93+!SP6s^W+6^n{$hCYhj8OUtyyon)!;wwSqz zp4c_A#k^5XGRf$|4$T;qk2BxZvSmBXQi%xDl#jQEl3h4$5eX0P*6euxAX-tlTO;}( z9oH})<6=kBenRD&X**I7!e%qfclQJd0rdpkM6ZfbiMBnJY#|}?Usa5^n?shRmb>cQ@XiBpV}}TYng)R^f)17J7=A7tl(CwUFvowxE{HBpOv(C?Qp2FU zQVSV$M)(K*3wn^y!OK$wMF@LT76=KNA|7_I^|6}iBugZ8RfZiwx+(<^hy;)|A{rd> zA2^M-Mb|MjfCspKEaXo{&W`7qG^BIlK{$1%U@Jx$3OiDb=dy#uODqIuHIxus0Td(z zcyF-V6(O&uR*bbMrHKiZ8B(jL5M~MlAmm2^U5i$q)se0|kU}1&mi`T>#y)aBL+C8> zF$%e!e{U8+vLaMfWe|nkLXnL#oinNS=9pe#%iK>?3lxw=U?CVN$m=lU`4A;H2hd5A zeJOtsxfyT_UgjHo>_~O$!XBPFTOfAhR0>Jq-TX+O2zi%UTDgui;{gz|Ig73u4}e1F zj1NG_7zOKFv@Mr6ivWN^RaFK+*m4wM2NCvYAIW@v&X&E~t2)QRxjGXTU?G2~5bSs! zmLSa(qZa3t7`6DEia&@4b(DxRK2_Bq0CjCFMK`&c9VB7?gKF@A19_a<=s|>R%8;W~ zW@ZPuqB;f+h7SuO&dUnTyTx)krcuZiU@uW@^K4m!`6?DJn32JylcEqZUy@*RrqGAa zNd*ZZ$|QDNpH1egc7lWuWfD7%A=hlTA7n%MXr@=9(&0T76#<(BPz241wW$dIjz8(J4a4!^&j{Ejs2Pz< za8F`W`iZN0Qw4v#87i9*uty*Ph%iqT`sEUQpFlwsWdcA5fCZrUA^|Aw*C+sh4hg__ ziD&`HMZ0Pg0I~oqfH|w61fb%wCIOH*i3H%!WY8L*v{Iu6kl=^~FlPsp070t&nTSXL zt{u`E;G+$VKLJ=H7J$kkNC27*jRJr{VgcMwz{ejN1rU}f#;r6c4aE4IK%)S{62+mHaXpc(~$9TI7PLm*lJ?o_T(0AYz@ZbK0Z+fX1^4Qs$! zq8KMb8Z{s-5$^)@Prx?}H3}dt5#_e@o+!rk5RC#zOBA6vk`{nIGoo=rLDm8cNrcbm zC;=jT+^10kVowyI?kn_95dAr2ROc5UU5Z`>5q8f=fS@f6Qm2prbYP7%z$vVzp8)&d zVF3t(v_L*Nql{VWm+3VTmH_#*qL)yD}sap*cXV z3QZ!8ku+*RSfU8GE~hoXozFE2AofHN8*)(s(B7m`0BMQbh9VNSp+LS5ngb3@B4J>H z+#f7}^^GEY0-@&>C1{ ziWjAUHE!9aQ3GO6w8lOe2@td&z?Nl51MHJ&0k{XFMhyr{w8o8IkpN+HKv<$R_Q|vW z+>c+A1_VV!ZjC8wv;f?HT%!QOJ6q#V7|;Twv~n8#0{qr1nnZm25eX2qp+MpX7QmXa zwXl2vcJV?2aAAVh0M|J*&H=F}TC=<*N`Rncggvs52Doz$tpSePHEKZYiPkK8NN$bU zLmCB;mWYqlX$|nHyhZ_}CE}0ZA^`%xB(sJ*1Zoasc5JXsJ<-2TgCS7@6fIF^$NEO< zNq{9%0u6^(1T#6!%1#9d49tO3eliyVb7(rGcU) zQp1=4gL)ERiIf1vJyB-II#=pR*eWPmA~lTDK!|gtG*GlenH}p~sV8B}sA!4QFm4%z zMC&qZc(jfz5tXy42!#?QXc^(LIugJ}>oPkb(K@98X^AYHWp+Z~ObH+@k%coQK#(cJ zvuE@ZSU6Jxgv|kAiMAY^F{4Z)oZ-1GtpP_gq@DzsGW_l$5`fQXsbyqX4Vu7&f-(SS zTkKM40T|dC1rU~Ki@Pz?0x+;O34rIg=qKP$7a#!$RvHBmd!jAArAQ0FfxkupgeBVI zr~nB-u+k`iutcUW2rWQ}bCp@c<3ltDtaGIV2(kmZKn-_grm+vLfskSxr2(-g+Oia4 zN`N3R!7elCC*U)Eq=6tXq4FWLM3!(YV>)JOTm`}sZP?^nW+No|mRZ9SJ^Cluu*o;| zBxnxc$r~2H`bHZ}?$z`Y;At2Vz$V`^8zIRz^%Dq7w81wss8z5Ll6+GF2=8pe!P$oM z(>B8VG;E!Mehdd}8|<+)&IVzVHXN{RgaI2KSRoBKU^9hzjT#Vs+6IUF^mO8kUZVig zCRvWZ41ZBjqlbWpFz6>>IMW(nkF7}q;_O9cgW*gI5K?8AS;Jl+SOWxSBtX#q3>$PH z0qp$&8UEt0<~bm35?A+W4TKZ|sGmUWj&g2ikmH?!7KNR^#_1$%QjT{9N`M?Ye~ki& z*ip{jEuaJl+Uim63HC`jJ|sdKpzTJZ282z@xlKkcY?C3*U1V~+wa^;i@`NT0h;tX2 zoGsW>Pl8N}ICqiB*^&VDME^RCCI#Cv&^9UOwmG@5s0H?9zygrs^c)CFLSTOeB!I2> zQvw7nBWiO3?EvR4v<7T>f_f4*8>CILesoB%sI3aUDoWM}S z&@V><1er4YI1pL|ZhxkN20>LQ&pW!8Oqye`-Q`@5;4G2F?Sum%8u%AHe zi85|`mErAG<1&(#$Ze`JVVf$vWsT;5+f-$^-lRzb;siz}<2F^9uuYXXfuRJj8;VTW zrb?W^Py*20)0QYKuO&`kWHP)H(gJXPsc{ZSOXRXj84g1=3ZQ>7+z(ii38jmm4TZSy zE0eKTT`2*A96fOYLkZyaL?Ne8GHbN$fS(}cVpgfJm=#5s3If<=q%JKBK_hVjLm`Ou z3)I~}#>LJhc>RVplIB~D-{4OqV*6&ACi9||>KX)cr~VLySeL@EBn5@pKF2h7lu zpv?`fAJhd$j7R|5<}?{KT6QP^_spXO;2c|{0AhEPvPWu^0AUtE?2b|{W|azySy5yG ze*#y)mI^9hi^#JWDObRj3MycW$g>zJOE;mmXCZSSBF|!^+~y_~w7KCkWH<-h<|Y-i zxrtE4TtNVb3PGEjh&+ptZ~>oGP{1c5&tfE8z$XzD@Zp1a@Dn6lz$d}wI}N5RBF|zZ zEMtapl0v{FLi;(?fD8B}f&xAfc@`sK5BVvFEhJvUYzC+S7q3YK#cLw+EJnh`YZ5{6 znut7$k#O;vL{PjYBF|zZIE$usBnjRpH7z5&uSZ8q5-#AA2&y)U$g>y;myk;YCFCOV zEJngbj1oZ+qli3EIyo&$VBsc{a7ELwt3Bar|hv5JU1i($yfNPv*2Sp+Y-p;f?v zCK4dTON!uiG%SG4o+LPW)iek2+87eR)jI{Tie)15EJlJibNVOXl7L1Hh=@^wuS6mN z!X}Z(T_l`ekO=b&V#fXKu81gKJV|mNO!dwh_79-|P#KeM5#4z_0&H?TMOxpoY0W{75 zX_MTMni!L0H3}ehM=>VEA`Juq8+I9|H+Y8MP7A=7Xf$d-6iUl1jQgcQ81kS~Xg}E5= z1V+pitHn5r(KrXBC31xsv9R2QJb@8oQZPMi1w03H_-g+^*Nv zin=8UFNafq0`^HH%I41vR0{1>vpSR>Q_|GPgcmreS)_v%723&7@jX)N#b~kA>IP3~ zNZo8{)lisA^^9ayQzDX34Hzj>X5@JWhnk$JSh!bct5&rE$$`f3xuGhG)oNZ6VhuwvkY+h5vzi0XgTX>X9p&Zz$R7qZ%Z%*xt* z^<&Pn&)1*j_IB3##25^7~}F>v`=0 z?u{!Puxr?;e#LH8e^Mu-gnP$ z9yq?ukKHp$^=}r?&vsgFdlQ$`h0EH_DAe0D(eLY}cCH&*ehFwcIjE*&@sM`wzclf9 z)aFk6J1bV7bvfT}P4=O@?;A^1t1E5zNa`9Nxm@4N_^`O1;~BkF&kN>vDs9QD`y#GD z>V7uH*fdh}m4_T6*Fc@cvDG;w|cy ziSKM9O`2_=8#lQARu7vJF9$v{b~sz5PMfC{%HN+}eEs&c899^Fy~bzvo{?PKWY~rS zBhK!66fkwRt!He<%S_XPfU?rWw|#=ib<&_y?9E*bWzHshhwa+6 zB>K!fhYD4PK3y_%PZxtv8%u5+R%&Ih9?6bPdM@(0ylaBVlcXz!6>HY3Ytie3!!e^d zy$s{u_`d8`HEXS-QO!rI9n2>U{pK;a#+Ubt&+KoM9k!(W)%GV7wv|5Nbfr|6eUon( zdq*ydpA~I5+^(kM>gSS<4g5dce*LQR^@cx%H+{btJ=wOH4pY0W|3pE#A!7iYJ)IBe=t!}hhmrCrHvH)%n|W#7+k zD!iBX^iaK(o{g^_J9@0YyUWV%6Qc@$l{-~G{o_REuT1{+Zg1BEyGr)5ceV1( zu$WMM>+Eut!*`Z^n7?p=*MZ3MnFrccI5WlhZpfTt6MXBvAHOihX4KrO>9cM|eyFlO z|7n$ax%)=?8eWlnGb%P+gj)N5f8m-xtEHZa35 z;nvOaH_CUH&K*{z_u(7)kp=H&#r-_({r*KU)8{XmMHsr+CHIRc{%b|~o6QCUjr7dy z5x1^&gw)1xS?{oR`ygq&E9sSWgcTeBd_qTn>NZocY_+j(J@pJnJ zgj`(|8h9hP|ED0?z?C~X6!@NsH@tDRt3{XF>s`}3^juQQWlPH|O%mpK%YIE7#J0M0v&*j!(eG2rlz&jX zys`hY&5oJt>d38Lw~)>^&P$IQa_L2nToWf-pFDec@WkEIANk%&bzOG1M#*K1(njaL ze7x(_w)0?NA~kTfE&(GIr*ksJO$!u7#ZmipsDKY+mN-L#O@)$xGK>dT=Ux-lns~a(bT} z;kETn*R9iEbTzquc~BRlySHnmkMO!WVX#Sb&mm)SQRY-(L|YFwCu)8MfK zV=d}+%vyO+eChqyEu+6L8Z7sE5nF1j$o|%&oZAZrwVF|S@63y}tNDrdMlQ5_R^Lgo zBCUtJ|4>Qgjq&dGmFI+BTz_>_Vf97b16OspJ2`t~jmwo&!cR3mf3^JY^4YVSf7%gw z?b>?NlV^r(-O(Xa@3n8FwWDv9dz%-GUeGnQzvYZMaVJt&xkn%FXt{at=7iXY)|=hO zRPnewsh;!mCG+|&%h>fQvuyp~k3)}H?*1`ZR*8s}KPyJ0xV?D2BxZo6UK_jW4fo+@+3Mz(W2%HtTe$c^vcpHo>7m#2zGYnM_pIqC|55vw=~ZalxJ2ve`K30jcv+#_ z(ah@(wad-uGUx7z@UR6LWnFHRo>ul<-R8em+nr0hBlhfm-uTP5N?*EFHT&f*i%jjX zqxQxhFIzVA?7L-oLyLH~lV>b9w~jf{C}^IuQIBmCn%{PoHZeXQxZ>WTJ_9nho}ara z(MNiB_=GHrBVIN3Uwrp7>xo^s8OQkFPqm z+WGfYe)N7b+;UiU^`qT>S8%>^bCl`JE2XY<`TQ{JKyvpC$F;m`r%gj9i z)w(UK=A3%@@`XZM^X}e>J@p6fG#z_CVECjyZN6?Avhamvfa|kTuNQr+ICa~XMW31# zhE*-~eD!i^$Eizee#-dl=h?tu>5B$~jC#1l%{jJp<+a%81>rS6U8%mIv4uqgBj4@! z`?(A`m)^N*Vw8Ek2EDo)K1ugYd~qkILCsyoO*}5tPmikAIHHDG^rjBqZ@it~f7x!I z>T5UOoV)LC&hD|jCx^WHx_!D{{N$HuR$Zc_gCBnV_VZrYxQ7K6;&H!x@6Oov;>y@g zsm7zrPWdce6}9(yqT$6?iGKHg)RsP4QoT)`p>KK@47NBqc*(bj4$mwlsV%lQyWcOi zs=wLp`DH7fm=Kn3>76;MQtyQ7Wt*N0G_Ejk`OZompZcs@^uwU3@rM21oILgG&UkA4 z=yp|!N!K>93Hb*$e%son{?(v3x6jT)s@1>hJtwn8SLxoinOQFa8kP+(eCrhv>^i3) zdfV7>l^b9EmASh`R?v^(_N_)QtQLK%Pukqdy^V$sZCaw=r_)P}`iGwUUSX57dhfH0>9ppM4mwt4^NI3?N1n_*s-ODWr&o77v!%&DYn~soqit1( z+Q*#UzG}PrXpiN=3x^!Ndc>`jBlyh)v3_o}S@-RzEQO%4Ve&rOWmDJ|3MRD7Jv@q(?LJl9ln zuJClqfnm3H_Za%lXkv|WyZ13mRBbe`R!H}B4FOtd;~TWa&p;PBSdEIJQ- zYd!F8os9AqPL5bpp;ctxc)MfX0|t5@^_Og@`d9U%zgC!N7TMt=R|TLWY+)ndTv` zdw*b$LaXC?$qp}$8kVJ+@H25Y+m4?K+ChrxX6519#maq5n7>tf`msr{4;99Twv6!i z4GasU+WFf@`j3e8^^b@Q91`eDMfM|F3=JJ+0U88RwF8h}>O>wOzUV|ANHTRI59FFU zkq1&uoyeopG?)wHCRVs}l*m-frPV0GQ=7U%A{UWw_M^@SsT7t;8@a?d# z#G0ytinw|N%0ty_2eMC6JE|f}X~$%@T!O7cCZQd`22VR!$w9wct#*(A#?y|TJ6u}= zl^i896}3Z!MinayDmmy^tJe)cg4B(kIJN-BO`H;uglYg3youu~IhbFdUNwLQQZ+Pd zxYWrSoHB`oX6oPoDmnNx3G0T-L%iY~&V zJd#${Y2mrC@tG9Qr|+NK&d$Ew?&*OIC7U#?ZPv>)^Zf0fzYgv5E6Dr$>-NB=AHF^B z?6PWJX1&T?o6L`K3~Y3M-@+O z)Ch>|_bSWNWaYztVSD1s7i`j>=X6G5{61<X5K%dQ=|b409N-BHGif<|B3 zW&9>#V6Qo)Hr~E{C^xFc%?WdCuHB59GwuA-f}8IL*yTF-jUVniXZ}dLYWG7wmPvJP zG^lGvso1YP2UfjzRoP` z?($&wpqr07&+ry!uQ;{cDSBbj!^Fk+ZdmqO9F-?aHnE&Ad)MCXR$XsbYq|Z|tqR@a z4QJZ#K5_Leixd|?VY;4_pA|H=B+gS?EbdPr8u|D zD|_468Wa~lx!I&=oL%PrfPIg=)(kq>YpIW z6pwwE^Y%Tcv3%~yrENc+-0JmXVEf)i_s;E~l;e9ie8@`w>v6%?4wu?AePEoygQuHb zeOqRoY|-4syU*-Toqez0n0?#r=DhyHn}^oy^XNvMy;~A*oOzgRJpWEc^;H8y*7p7C z-inql;7l@(Jk9gwz-G(wlrH^-g4Ic&#S%49UYqS?M>LY8jmX- zmEVYnxPQ^BQ|j)BRr`{zo1I&n>*m?6;yZhJLb1Lp$Glq5$gOa{!Md3bHx0UzH@e3G z+3_#om*QT{NRD1tVd~DYMy_8ooMIcA8T?vMJLJ9X^@C=v>F(c`|7;Yef6XoUwi48I0N8!d5>JDsKt>L^;C(`{>3>L;rYc%S| zlR5IX@#8958*Sf|*1T%JxqA(z=EH8kS!?_yY3jBdt5r!xg*jF1O!DG~H}4g(c=F!D z!GpU{>7CJ-(K-7sZui;o{L`}SZYBn45& zzvV@~?^ir-u3m|2cRTj$)M$#ums_p3=Jc7B-S>g9_pG+5J*SJ(-7{MRx4Y(Z^px3f zvt0A?XA8S8s9vi}!I_0#el>gEufNl@O)DeU&UJb@*14QC%&4IEtN7OG9iR8@v|7)6 z>xcyV^*eGaysK}%eAa~-F2jwdoOJkcQNL#Dq?DDCv=W0SynAFY#Wu9Cy8gcYH6o7$ zx%kYhnlPv1(Y{Sgb1FZom}Ectia~1s#$~cIh8*7ABWjoQ?edDrt7pbKVu+hcPxWr7G*WQ z=sr5>$nZNG4zAUS6^v?b)liAtpmT?FBp95Du^}90vk>{Gpp(}fM zHjAn_x>BPu&nB0wdT6KVqlS}9?&>qoFF(Ox!Q3{B`$@|zj}`@pJ$tmbtda4tM#8V* zcf0m_-@QSz$xiQUjvA8Gy3FHJ*G_J#+jfiS>Aq|q4`b`uZ#U0Lo8W2Qs&&oddv3Ta zT2OaU(=$J|SW~M|<48>Uru2gs+)OX7y%aR&P>Unw z7fml+Q2%24O+kj)<;yOa=Xs=`@0qzhNAzs-u6Ru1-g);1T)h)A^Ig{?eGJP?lWwVZ zt$Xj*)r%!Ne;jtmKH%c!Dd(4UoL^%2B9r%1O*<^k7yGSlU8axt)y}LfW6N|idS*Q5 z=)xI=cMZE2Jc)8?6gwp@DDkF=`+0BU{u#+<>KA)_a`mrqS^Y_@P}YX3@;uZ8R7H#Vp@`(=BNZKWjx zLmZ3__H%mjbeTuUqt&LxsxM0lD7>?7_2&qCgM#poZn<`4oQxmXiEeqjj;=iAV9)Yi z)y|D=q(AnjPulc$n>PIH{i6MD&pYmser4vJ-V~e^-7RG9(agf}VLzk~Wsml4T&!2) z)X*tAzQ%lh(0uKf8M)nlJqtU~vW?w@BdKk2U%bex_o4Ql1~V(`uLvkukd^!P!4b3F zp>rp;^{$=L<5D%hQTx5>94mbG#^l4eQIUJSl71CNtZTlk;RQ#xyZg+H>TiF3Z29ST zZheA_y%R0{l6~Z@`ELVjy{T)ic2=6Piy`e^2N|LmvhZ~x4+Q@@kq2@BoyY?zfKKFr zV_2QYV^3sTx3(gaCyGhSW$c*xrkD>X@&_=92BwJMARJ}v3`-rivZk{W6w52hR7jx2 zknB%t2Qzlerc;zeXa{NkyaWnmK+IV)n*k}4si+-n%EZ$SWbF9xTD^8^vSP%&;0XFm zex^(&p&dX5sokH99iOnP*9|~|oH;acsI>8id!bAup&9@MsTyT->`w#*9pzau=B}wQ zIh3*E8WESVE0IWOrVb7;V+Z9N{77c(n3xB36Uk+OP(#t)P~uAE?BYK>a~c(_JVG-z zKc;}n=Ipq}#OCY_6%el_Cqz}kjbBRS>Un>YSb8C{dgxK<8M}FEmG9<;;U$7SpQ*G#b5lOjOlLJNn%H zrOme-(`v6$d)%x-WmVB*Wu~z4LYaY*)i&IYsa(;=k0!vc;s^R{P?R z)X8%4;^%7zW(0_qd*lwEwK%lX)h$;{l3zJY^hkR7cFV+1?c9&tJaqHY#EKoSS1Pu& z)c0bus+lfrTcvvRy`1bW1!a8~xGWue#r5E$z|SWG9LjdLTW(*hPx7mgk~*7AjORU^ zHuHP^CS8B-o4RF4=!sw9?mO&y<(yt>SMl6e$7&T4Yznq|4r_jVSn~KMHy%Z=9_A7o z;~*_8d!&wDc!w>&e;WI}Z0uzI=5lcU)H!J-dkkaAUTdmTD+ zyZONz3)2c5M>WX~a+&nwP0bU=y&dZNpUFKU8ZhEw^;zNjCOOWG_*i4afNFW=PA`?z zesd&n)}fKXXQG_Pe?GJSQ1`vZ=9E6YG`#NT?R!M#k@mCpSiM>Kb>el=quEu;S2@sO zWa~|yZWUs`JB-}6r1RLfufGnzF7oj|H@@|zIR>W(K5u*fW_Z(#<5ARqXp&+7^yY!N zH#5GDkwq6ebolXU`~29HXkYVT9jb2r$K{>2{(UK+BWxdt?Mo; zZ@$+XRyX1Knr~@4B?jmHmu|Xwb5)b87Q=OuD}J*1Vl}5@SERAMzXAaQ3u5OEWK;#Js3pbFXXgv_0)z`mgy|a&v=e4K_RZ zdN;c+d*1I%jYG5N7~Sg{vh}T3_mGt%nm5QEuD%NVQu-Q*2cq&7>v zR`JU(5p5?ac+cdace9NNZ zy-lB=J=fHF(8lqd&84~(_tviHATgO8?{POVeF)wr8 zn+}M&R-&A^X0-<0Mir}8_w#&*Wmod;PChykcGIc;yDy#At*+E%(!whPW53L*qSyFY zg?A2b+FA~>%$GO&+A6@PT)ztCl2^TvH+wPjPMPYF9lGR}$~X{uZc3ET-IL|)7fh-z zHZ!bIA*kR%dYMy3?aDQn^~1PWK-X16-Qzsdy?v+ZJv0#&-|6TyXzI6a?~b-F?$Wic zX>5)12Fns{4o~?Ue&V~lV71wC?~)}ZKFB*U===#&>8?qG=8Xw&dA`go`6u<3%_=tEBCy8l>(xI`jh(UT+k3hB(u4^=`>uW%ZdE10VtkTo ztpSCj49gY|2-PoTS+Q)BViRB9lQc24wHUM0^46dx)9**D@Ngb3G3iq;(eazRLyVKx zl3nuQ74qeEzIGexQo3J{(#eU2>!xg4osjauWpaKxsf&)*F`673 zXw=MjLHTl&8au-Vx&5xz)^x(xzV8OznO1u0hR7&~@TfOAvesqxAE{W^c=7boCA&`i zb|EYZMiZ{-qUHu`D5n!7ExGp>36^QhS+i+hE3 zDsDNyq~88xFY`+oq|CDlLf_Sk+hXw>IoNycXL{iYZ1 zFmvUaz|ZgR*)2c1;@E-yS)NNg%Sqex-<~`4*s5cl8ehGAeb~s)1!e#?h;c>@6zkX`;{kD@Wz}j0(f|VPABp}Y^D== zI!;*NZ9ARl2Tt;IA`irAWNfRDP=O;iHdrH47I-U<47^c7#oU?wlTayv7otl&dlG*W*k7A%p&Yha11tnD6T`nfu zP$rYm4j_Y^yFUpPK9^Fj8-N74u5?0$GtWN>l`@fpYHHG!KM55+J5#S3Km(~7olxPl z)09o9lu0BsQwIl-P~ihUq#JXt%1fx=g+Qd6i28mh_l+znZ{j-ki2ro#p%N-aG;s)u z|C-Hz@F6HeH|G*6oWUq6r8*l@xGu;Xf-;xn6z5!x2o?ZzLd7Oa%yl*Dzc3XFJLU!) z^9k7vwo`quH6Vw6|z1!ogQ4q_1oS|llMxHF^XW#F|*Yh2@oeU=Nx!0ba z;o+ULr~6^TR(CMjA6W0LbHs-^zCB!OWm3uwF2jMY$oi>5us^t7F~N* zY*158Ohf28C}>4`Tu8cjoYR%VjQ8JJnb}V^3uUX_zL!a}DN6TV-@8N#$M)1qL8FY4bGkj(>?idU>Dub7GlS?ay%x3QQnfmxX`>$dvn~-kUYiigwa1nC8&EhP7UgJ06mSwqc(06c$ z!^V^2G~w`M@|hw>yxFG=O(e>K8iRtM=lF+^IOtz0S&WZOl5{xlPm+oBi($*xML1L& z402Xz4bN_3Y8zT0^`-HKX%t&V)n-1{YqhWtms#N1MzCH=r%oU^AkauuK6;2vicnL? zFeDrseOGxMWe7GPE15An1E=WQ4%6}RV)MHO+j^IS)~C-VW~sj&6x*72F~VaPY?yp2 zw%B9|?t}}Sc>8X`53&l4f%eXigqmnsRUZ1b^G)5Pc|%IBH;+@(p^%r0S;jflyhB}0 zyOW;2KyqW7!LA@eyx0|L`>GE+w8?`#8TtB-Q;M%@c_)#E0t;mn>jyoW-W7=s5nRO6NpMim_PXzJ_#{#c+SUjAUQYA(J60dbrgwze$*sz z4zE!tG-V#+-P;2Fl7c!@;`}i4AZ2vP?1SJB zGVJx)%+iDDFTuEo+G_WfaZ)_2U6C%lLJVm><>TY<;yl?~?%o(g2>l8P=WmCCLK!TQ zIuff^#w17rKZYx&cZ+w<&97wE3eGe4tQt*bz#(y&Mlq!Iu{%ahm{nLe9rVPjR_x4J z93kl}(hzBQ+1iKzp^Tj^(5_nci5sLH9u=|RZi>1ig+Rd3epgr$ z5AFa0<-RK$OtAq*IJYtdi4R5GxY2}Xp)yt_B*Pklz(L!+m(-+n1i%ip1RRVTzzYu{Zr^A1+BaFPpyrJR;brt1{{pAh+d6K ztO#!8o>YcBg*rqsFmH*biN=2!v$&m!*ORG``n^B$LBnbnv_=Xl1|M>Dhvm{sR2hV) z$LhAmtM40F@EjJs*CWke)_)!{&(nJA{n|SAq_4Lj{sQ+gM ztAJ0T(dq@lWl&+(xtXgxqLI+)A{_JqQ&F#pnC@jvb1g@0iL6sos^la=7%9Rz33Jnb zKzl2;FH#Z+AM%#I$@*yNtg=Pl$!_db{3?;T^YE&l{ufIRdpBD)o3ycM{&UfTxM5MG z79sT3!)~LK<3(PU=kDJwj2xK+xRb-X2i!bt_f7$ufNV-#dEUJ77~2*?lOwU!sNO1@ zv3!-kN>q*Ov75iCUUD&iI5(q^@dFkY;&Z?tBm~|&;HFCtqDWvc{_2F;OMe*@ z_`fU_{^^SU>ePdG697trSqDy$pnZIQx9)G8285w2H~5+&f2VoFy1#JRFBAzJ_usAi z3#ox95|m*2SrQFOZ2YQu!#c2)adYm#C=vwSzdVDR&lPM*+IMZ_HCVan<&%Wq+xwMS&5;VY-MvTfW)2_UnoeU>x&obc1u=U20t zhU3{-l({i`X%TmJc6Po^Jw>B*Ejw;M?j9%LcjXwLZ8{5mX%Pyc(v~TR3B!}Zru(2l zB(gPo_j9>bW)nO= zc;+0-hyl}b{m77Uh-;9cF~o5iSg{r}ox{Te_@PqFCKr#(CYqqa=V={uUnLSr7%Cg| z4C6|_XSbLMAQqfPf<(Ni$iBE^A$|5pc>Q3EhOtA|GG}CrF5uv?H}U;)qhc%@S+Z#6 zawsG^b&K68l5|}Q6n}KZV2GfhI`{>h+>^+-1IbpmrFwK^Y-PZsqD zE@eivLOfj1C@4S`%M8S@RSnW_!cp3Vq3}mDee&`>nX&rw2y~mR`a9S4OEevr} zSE@uL!kx=}*3w<|+32+Uc989;^i-6`I~|jZDA5Nwn-r{{Q}`D7!Uv)$70g~mnyNDN z>{wAl&eNuj3HQ_TFXaWo@{?(x-FZN6y8d)63&zm@zD>Wc#YFQ*z7LOHTNzoJb73Sf z6!_ayt>cq~CZx1Aisg>U#xW=lhcjt9-1|)2CmuNRipfunTPG7oAEDi8k^Ms8mf=IP ztc3b<66##9#1EKyXC0P-!iThF_ZSn0dmpWlustuZkuTCYvrT1jj3sqI(WpMptRjF` zvu}T{WfqF?@X5)l@}0IuHo0JA3CLRvP;-oy?h=wbZjsU<5{mZb?a z?Q-mwG^wtPZq)-`$MThps+94&qmQF_h;w zE~lmv5L5YqABZ!qWWN2{nEU8>w403zijGFO&M~62kd_SQXyx#OFYK7IdHY~8Co4)A zq!G4JIsfg5aKs^vT;+%$9*%w`VHAp}#&`{?cNSwkL*KlHptA!|4Jn&-92VRJGH$Ul zMc-YKco?#Wo_ng11f?2=;dr;}o4bYYu@FlSvE9nJPfNsUoNwMakZdDh0v zlT^dTR4|WBn|+vJ=|p49_Jq+JgVR&}OqZ4}srZfltT+eTg0-BeOkyQ5irTfRHI->) z&x2Yk@w>>#=EQFDgt?Rix)Q(3p4xfmt`8+8aq@`SYt+xjP$^>favI1H*87(aS5YIe zlhM1p%|DK2WIk!hwIWIJrZA~reQjm`gr-={T0cLguR4)$u)|VBO z$n7(F=qh3*HjflBAuayhhvhMu-h z0xWVt+u6`;_irIodiio=&pt0GF$*hGPO$D*e8!0G6zr%Lu11{P=Y<(;$@!k^&|q>9 zr5ME;LbCFnqx}Y<$8tC7@#CPgUujJi}5m=x3#;;-}m%{VVk4}`#uFIgF1LYq5ik*8^j5)j8 zn|rArgZQd15Y060qY<4dc0QJMYKL$ndDK+|C(Mp&Y&yda=kdI+EQM~ZD#zA-C2Q0f zM*dt!ddZc#r`f51P-pEs1u1!1m}*4V=O>v*CZuZ1d&1J@V;gg!s`W+BSd|^J!_#5v zm8wm}gXidW=4y>ZIF*l@B~d;}9v7bIWp0Iq2PX(vlKS)FQ9~Vz2N(AMM8z$fe8Wk| zCMC&VxFw4R=YIY!PAX<5&q#(9*pE6O**+;nNh+qE9ZsV7Ji~T26l;(K4SVg!ef(TJ zqS~;Q550%l__=J6nq|t3MGw?-$vLLVvtF$6>dCM!P9ukPak9Oy-X`Qn?jMy45I4b3 zAPeUcSv>Flkd$@2$m3+#V^(+2u`sk?gUy^{UyFr~S1G_1a(f$Pnod61+zz7JX8y2c zf$m%20^Nn4+F*nBOYC=8)N-Db&ndj7P3C&`@xO@oX7m=`OKKQDTR2;?EQFi@{&ke3 z2PQDt`Nbnwdfz&k?VK!~x9=Hw*l~+RHXNTVZ5%q;3=bRquz%2W=3Eb{a!0wDI=(AWQYNBfzscjC-|We{{nTuI~e^FJuol!U+97N zF#0EYmrm9{M0a2-pMR-$orCy4c7%fVdHw3v-rxXWS0->@8!SZ#M9=GLuIqf#?=*iU zfnPcrX#yPgKcFXQJKEo^`y1R{64Z6k*)@9pPV?9&88<2FKlB9Ul>TZPc-i$$z5`AiC{gtjJ%1H-V?4uidL;OGfT&Vg(L1s47%feCCQdo2Zcbvds$ za$fC=ye3BG-)Y^LuWQ5uEK;G%Eu_G5X=TRCCSS~)0O9K*OmL|`3=nJ?h*=v+SsMXr z?}-7uOBp!X8D-6_jU|oEP0av5VPRllXH;O6)qif|@a)$)x_<31ffE#V09*iJ@{%*J z6PduRFF^9VPGnx4_4Hp`FBb6AGya^m1e7J*0M1Ekd`@)t&ySc8Bh2oZiJ{uayhpL< zd~P-mL0v0GM37-i!0Qm)m7A9?)znze=u{Cw_0iFw*W;T`+r5D#Zq}zHX0}Aq{ zW=>A^O`gYi_ozb=vV(31lVN;y*77`l7SIt$smt&qCGE@LA(~EV^Bd?;CQO*us$SWq zzPe6BM#Z|5pK;}8(K;LoP|{Acn(`F(>rRNy(LQ>budkdirst%P2yeij2nW%;Sa4C% zTHAhr`ZB`qYB)Z*PCGHScTwKp|omex_s)HLC^*b_|m z=WKE>kg7x`F}>m#%B@&*``-_ADiS~TXl6c2I3@_Zrth=}ga0B-ActwATwRCM*b@uD+dEV=A9Z*Vi?)r)YHEDA z{6vNtr>wZlIn(K_JKm(9+k|6JYdF4Ih_*RJA|hQvOlaTuXkS`4mX+#%X^O`mB$Ivtwx-WXiHXG!DtJ;I%Q%`7Rh!KOI(om6t{{@gOHyY$^3XRAgA z@(+QWDe^s#(p}af`Q?bp>-K5~m~<0Lck*&3CLgMxeg7I-0PlQjvmJEpWrGl@N?6q; z8rM8;c=4q`Tf|b_h%IX)9Uk`MD)p@e4>k;?$LcLdRyi~5&p)gb*i1-_vzyIKG$02> zVUfnieP`C+I+nH-)#By!yQ3Jv5p{0quWX(bn{<)_D;d;H+#W(0Xp;>`vui*ZQ8A0r zW$UN-k=q@Wo==c|2taIHWYw@;YQaJ;5X$rno<7(~GI_Aye>jhXR9{{h_uR#3bh9*_ zh{*Z2R-)itGXg@N@m-(x_KBXFBJ0HD;=L)>?pAgdO*c-o;q@T2&1JX1En!uZX$MuN zLAu^VL7Rb?cSupR1WJi{N+`?~>?Fd}U+-dzp>ei;j8QC~<7Ap&7-L4&>O?T&h%VzC zoNEo~Cc?n2gu?Zy=qjWd$)o+6)0%$EpD-y|{j+5#1B>p`{gyFu%M*{1pw-FZOqJk1 zT(X&3*Hw;PzVGVF*1ENCrI5&)imguS=cM4=LWtoqTc5wayY`K4jcFnXv1wM;V z2D7uWAg?Rwk?!jHhpB#l8z>!SjoC8Xo)YH(~cE`9$8BCTPMn_^C*-@{A8HZ=oCepMIp_lJ*Y1}^6_-2e) zPxnxI3iiEIbkMU&Z$T;qxz=`t74O6QK6w$?w*94sjbevzn~{q;i!ZZ-5m6BOc$uVk z`2y{ITA?DW>App*WC@FC(;a!u5ZBo!eAaMLSX$?2Sp04e-Ee5>KNC6b!uWl0;46RN zsB-h8Wm&6%wD<{4k|WjZxkcna)~y)C2R;CD?AF)s#d<^C?>g+nc(Nrn+wiq6EPYTW z#BKU*qDSR7!=%9GV()MGMd%(drO~0+~^!I=>Yb-X9 z;~Ew1IJ|92OK0&F4V`VKFHbb%PT=Zc$j8(=x@cd&mA+@<#;l`NqG*^g)ChRR%2scQ zmmV+O@76c465`rhk8xC7TY+Hz{@?&kmKIW3kmdHGV2O+*RGdP~w@ugU8N+o|rf zoY^KCKYQer7#;8kTbngA67oCQ%OAY?XLli@n+HFN!6>pB6F?Hsiz>PfLF<(8=LUDwdM@X9_#aVtf|} zLs+50B|g3dr+&xf6z*0)ks=es_$>-MGKFS7hbbKr4NIsd_Wm8CXg$aT)~8+z2%igX z)Ag?!(KkcUsT4!xwg}E}G`Ey>0XD@pYW0I%X#7bh_{$`DJ8)do3 zXhcMna$2fMnbtqevncx0h_oE^v?47^E88}`zGk3~+`gKvJ;SOh6KGnD%ZVOu-Z}tG z3m4|`LJ$+-N>{={mlul$`AefpE@^_A(FHTpEUrBJ6?{m%`ICe8@Gu9h$XPcg4!cjv z=l5TfxJqj%@Z`#_iXxzm%%MuZ%~CuZ3R|G7)t_eATE=?cD(iKaT^6z%IU3*m-1El{ zD-YD=hFZ)3EPnCDlis(iY##1A7Y6n$b=66!-)Afx?N3g}d7rV(G$r*j2oM%YhH>PU zk;JdVd}>M#EX<6lI~<)8fP{lM!lTLhJ%oavk@YX247_8?KhgWgkOzLC)<3Zi4D$Yo z9#|UhpXh=4w>NnJd>1WfZ`@zK?!R?T0YT`MqxzExK<+y*_jc{c|LT2%_fNTL9eDl| zw1w~Q*8L6hfGl<8Pyd8au*~2etosY*{Q{xDasSOa(Agc=#Bxd7U;qz<(4Pm+Tgo3hdzdVCqgA1(SmBhb;(5r&9{~+`?k~d5PTNMBESbvr! zg3@Nc4)LaGV5{M#X_pXsbp*oo3->$48rt+`CH?p6gPhUMuKv5$5<=B9f`Ljzk=zhw-n)JuiCFrKtf>#Xt zi^R`Y{!ev{tUqgp0Wb$W@_owt%b~EePJ3|7@9PwcZ$0f#o3vP zi`Lx5(wN3cO$pU+`zK%MXw7RprX@C{rJF#!LuzgKMP$d?yQF39q*fgP0UL}-Sft(z>m1ZF%&n!{72Z2q5ytz#eFx(}YZ8|DB4Vw{ z7E!oX2A{LAdM+7%Yx-zM;?Ae^A-Y!WtKNd%Ac)d4I zttR$_XMt)VAP1&+{y}pGmxBt2S58zEKVvPAbT;yE-4X(JZMGk(Pi8HI8?tyhjNDM+ zu2cZ6&`C<6@nfqvk9E3y=CJw=^-3!`!#GcG9r3KG{Za?@PaVXt_}%!Dvy&^yX4B>TtqjDP9HbEU(iIss>o*Xm&~s$A7#u9!%`s#W_J|KV3avog%2$;XA*G zuUsB{c!Cv8kg^~Wk)`A!oX78+t~h$0_Nq1Hn5X~^cOTDTMaW~imAsqb^x+__ zF0szv@3EnWzQsvB(;3ASTuyTdB%l?rt=RppTd$|2q+S$8yT&4Y*G^ihN3s@hBc_{^ z3c;m9e-M8<;MKdsS=Wo9Ud^|0a+-}L?=icNL7k{>Pn z>Qf991IADpUuCIv)f+@5C>;b}O(SU>+BWGLeQFDEu~KqjFDV{Jd6Pwf(IZnmb$_k( z1AVv9m!|W=%zAqC{7Awy;dP5TnDyGibxc2NEWddE^n3N9k^b+#PO@!IF0#n>y74b? z-_dX6r{P2Ox>poCCI6}jnRrF$IYIfjGcg@0dTNhsIK#`u+e+te!?RN!9y!mN@ z)~hw98E`>zhoQbUfe;Or!?|T0v^nw%Uy~%;)OzI=k}``JHNSM^Sb48H;ku*i)RvRR z;*c&OH+kSXBh54yBNkB)IA?P$#=)+@vDAJy5LsOlxw;27UaO)i8x0Q zSDC$(0e*#V%&>PRrJLc&0{LV`1O4e$+|ZnYZQdR^UjBze={vuc%y-ECSU2QdCQNIR z1gVeYas?Tq5#lcc^&hjGRGKItJ)}Z5%7jy`GQvrkJEek0Ig9xSH z3xjq4@zQ*?0VlSiN|UvS%i@e96-CcyHCcU=Ei9D)gInK94@S)z&=*c6L!R9gB*sFt zYFS1TnLDkerHa*wcoC9XE9&>QX>6Xb50 ze~MIRK180;e`_pOgePBfz9Nbs?N}N$6G83=ob*=nEj$VJ%Fqy~ado^$jNx|F6b=JS zaD}z{_4Lv&O=-Au_P4RAYoY{5LImh|5T_iN1Dy=4DOVf~tQXs~Cg%={uyMY;HANa- zLPcc|NF_~&!9-TllN`Ry_T)jMXP612!mL)G0uD~>Q?^N6I{85l&+}XN`cWBhLVBGj zX;0EQay8TStP2yyx>F!i&1Tm2zva*Br90`bf4Sd6M0weNMsgy^|F@vW3UFBeWwwkJ z{Orwt04l5iFZkcu2j)8d6Z^nC$A6*+=05%tz3bG$Z?cU5&y1P-+5rXnrN6q7H@t43 zBL_|vV6XznN&sBb%eesLAFdmWfVRZ_s`;zm4Ri^?CBa|?@Z_0)`rSaU@>iuB)&cV( z;8I}L0lZUyb(c>baFEh<7h2HHyDfa$q9b`8KwSCI*B z;CJ+8UJrDT+vNpth~Ov%Ud#Mvlwtv#%=imR#ah`+abR}NZogI3WQ!({?8Q?~N5~Z0 z%w*hp4aGl2xFtq_WsO;7J?yYH*~)&nYI8)UROgb4HTlKg@O_=eiv{E#tVzdq?k;6@ zwe`+rGAaC;Z<4it#Mdj+L3Z5MF(gTo)+yp7nrV{x#K`zS>xXNs+iw4O$d~T5S9fI8 zl_A5F;-=~~&v(hj3kNt>IAp9nbP71}6R5_uMhg1zYpagY+{qF>hXKxT6QTkKC!*JL z??x}7=4i5vcd3USx((8Uc&&8s){Htf7qu-uX|ncIUb#lQ2YRvtX-1p233*Fd92btp z+twc1%MSPRM`WQKxL%m)Mu{!YK9T#N#!LK2jC~Ek2gWnEx(TLzcvh?sO2Ifyo!tUs z%_ponIpf{hz=+V?%m_7=o^N_|NzXb`7I{%MvR{#z0mQS|q>D51t_hvHtif%5pJbQ& zs>k5xVU?J~9)1m*`DS4irz@S+W4jC+Wgxm?ZSw5n<2XERkzN+V_u+MYp*mFpJgm|K zNbJdYUG65YeW51Egp?pQH;%}t(~yw|`FLJKSP+U@4t@hKsJRz4^SBl!Zm!IdXG85z^5!dLDQ{k zQX}Ynw!AP!$vx&6BVmbcNL3Pf=tDnfHHQcvo{XADawg{ap(M#w!_;0ad*nLfVfym`XI;5^oG{-!&G~4ikAr zgRW2GpCdd&aq!y3BE3dQU{mD@lkaOrMv)xNk4f@h)@T?8iH$z~fDf9``Qm42AaDXt z?T4A&GZactTfu_$Mg&?dXVs!m?h%RJgt=h)1AJ&nSAPjC_HTHqFvwq&hn*5XI?awg zw>m#O#L;x`IK4R5)fsxXg)0GHIlxWN_bT4s0nIQ=Mb?CdpTGS3j>V~_A+(E?Unf70 z)d#-vZ!AyOz7E~*r6SWjZ}u`Jxf5R+Yw~dqSJqDqu3}#<^GDZ^&dL1~etM#ee*{PQG?lMKH*VfFsV~86xo-8)2CBAlEZkUgYx4ZX%gtw#F&1 z#^MRO_6CNHQPa1fX%j2dVa`}X#fz_S>@sA@KTP2}?b5Zaf@L_uhd1jXmzXw8Esw=I zLvM0E9l;Zq7a1(0yZ1&zNlMm))oRYv#Uo=`V>FCX4r$X#RFn%!YjtGe#4csx$kr;@ z&ZDt{CT?V4qmj8GX9T*E0?q!jd2;1YcUoD@jYpCgFx>v>p56|1%U|< z^X<}=tO9qj!OQ|LDZy{6Tm5klj`q{k1=yscmCoT+dm)U7tVCr~s(Z{zDe2z$E?T}} zhRv&cn-Dy{caTk~_E;g{#OBe!H1fcE{TE46jA~>JsxaGY7{fA&JS-Fr(&WKwcIim# z2-V!jqIBBMr=oOKa&%U?uJvs#CKxjJ6zIsmG!8Km$3!9;C=It^9$`q(={|;(Acj@3 z#q5Eg+{0Z_Z-MfM!wMvtNSb^(@{tOjtK$T!#r$i>ndLCt>2N^i9rFj>obS_Xv7*AV zCE&R>xs9>sh9(vf-Wp9+eUlL9@?!2L#lkXRUdXhbvJG=zTg!X`-hX79{&j=RU!fk{H>M1zFkJp~3R|$FzSmLME z?Bu?52|CP8;pG>4{poZPQELH0JdNO+bIk3e+E8vn*7j5zE{L3TR3FRxjw3}fh(f<^&NK`E8U}NI2s>mx_+2sd>0>?C(2{TxwdAc zYU{@kZSk+{f@m{NnDjE1hlR9UpC!WEsgboIcJO8LaRfy&cek!5Jct!edNAk55})yk zeoRQk0+ZYba>z9T>f&(+tp!!`)+%kb9Ku_6=RrcC=<<)QZ>oW{AK1RZTP!n4TTCBp37N=rg&x&BWSa7jZb z5Hg~Vp45Ao+~Md2$dqtNz1`5Q(o)fpTe9B6sO7lHsiLCK640{a6rjW%gSIO zvn0$QT}Gkl!a*IB`fek{+g&46T0cU8(TW2>jzGBXuI#H36Iy2~RTb}7(wwim$lBfA(fFU|UYCiXTdxS3b&hA6Z#ci45Xrf( z?jrnyKk0)~d|8flXEDZ6kYeuRoz?!WwVj22dB)R?jg!HpJ2df<;kM{67K$SGR{&?B zbe{x0smoutDt$1$$uM)avt_ko;qKTlsr}=^MVLAvLNp>BU4wcPF-4JpqiMwK zXc&bv-h?3Ybf&4P;DYi!grrsbm)}z^cw3f#K~>#UTKbjZZai1;el0gS7s%k(GCC=0mC0Z&-4AA;tk9G67>ORa8QyCG;biV{~rbiR$KnzjRTPPRjDc9 z3dFlt41Ohilfi+Xz7qS7!NK}3T~#0drTP+dpKA>ugM*?a*9l}+a5+#^>#uUx0nkeZ z2gN!77eKzggmK`kTwYv0>q`a)=68V?Ky7da2d@PGGlK)p&StyG;FBEaowKJZ==UZh zsp)nlgRuZjR!0un1F*g_p}2;_h$K*G^L$w4Lwj<#+9?q(Z5g7RGB@@-oC>p>_hQ@m zaM8$yqlpX91|b87k>d0;R(Ck94S`84N*a*QT$DQB?8QqUNOG$?GkvMkI0XnEhh5y& z_rrh(R4$r1a-3M<$Vr@5JP#Y*STs}qY;j-pP5z_(T$e{b@;%Z{Y$|FmPKf}!Ywts_ z3Y|kD!$u3^wfiR=K7ST>PhWP2S@G0X>jxVNECp0p8U&rv`TRs2vp;6wyhUzA%*0V( zxVxt3-LQP&ZzFV2YV`<6x5b*z>-EwX^xvyvyJeBWz#K_Pos&vRpJ@skFXd8^tW_?7n;iG)-ShU3DeWf4rO zSr-k6{BhL1vr5xV=#Yy(!JQV^KJMUUOf{lyvo;miO!kf+=3t{^jp4G7jV~G6#5Wa} zGQVHP>O1t%MAd&I8jn0GJi0NyM13POL8wQa@NpMrAtjvZHv}0t1dQ$a`pVtt=gm|M zN6BAcp)nuVbOsO8G7>&&u70eeNOH^ZOR}E<9^j`gCB~u6$$scDEx4TTaA9@>^+T=N zan+f<=CE3-_1ht2PcSP9NV*ejLobn@^CA7=x|8vuxPIRYyl~3T>X?o zg{N7Rp{!w@1C=4$lY>JqE$pZ<)3zbK#NT%+H-l8dwvdG7BcR_>k}+NE!SIHLJKSx( z7!hN4!|@{Sl2;xrDK}b|ls}VdgAu*n3`hhjNN5 zr;Qoa8+$dC6g^Xf%(Wz(#BVx2DTHW2PTu#a>jf2S5oNz&nqYOmn<-9loturx>hAtb zZ{It140xT-96!_u`ipK|GHk^7C;@T(j(#gga5dY(9;v?@9kzIH99bqgsdZ1s6Y@^h z+uKwzhV~hH!RigC$}KP94XfESg-@Q3&lF0g^~OgVysMImPk4wYwo8z(sX9h&H5jUG zner+>W}(r`h{|zz1-pGKsV2;hHBLS9`$aK=j1Lx^2O>t1ZHJ7OaZJg0Np)Xzibgu=g;*d?Ant4CW zxs?l6QhJ985f&erCLX`)p+BZdV|!%2^MdAAYz1o~1>rFKAj)`~cSs6&aRed!ji-hy z){y8~pQ8J+>v3K|$iZWZmlUn?dmE+egz|d9sI!ENzT~?_GQLR>!IGN`VgBqfF9~Ao z3lGtj+b{g|H+Z+QFx%TC zQ_d4SDL^5L|D zNThA}SAPl^%wa#tdCl#BG{pPV-6Av(yPD0?6(r~)xj8F?5@0t76Gdx^#P8t@Er*tl zD%*xoZ$7MTkDBa^Qrv(ukbX9k$q4ntk#%gfo!&3|DboGE*pvHH=`&8Rk@UNlFpnd| z8F(MI-zgR@g*S?p;>?ed+JxH`kF79_w(b4eNy8VeCa63c!WpI}D!n5J3ro~@Ij{2V z_Vvq=`ECoYUt<)k-zW%s<9AWUZ@)u&g$tTiR^YTgq%G?_x6PF9#2_Afw5!k6Qfn(p zu_(DDbN3|`drcbjZP#79JBjLR&Qx5@GIN<(*zHpEaFOCU>qm&FHWJWPmEilgU_Cw&zYe-wj+?nyQo1yJy@y>`yw!;h%AhHzf@+3J^I_WyPqH zAUP3hZXH-C;3iuD^P*Sf zV?Xnvztg;79oWja$vt391|0R@Z39~p|6>~ypzMwnSPTtF+Wv&H--zBY4s2P-XaX{~ z3I-NG{daI{fG6WB2umwJc)-kjmA(VEW4U6rYaRlW=sf|i#$yF9sJ=OTFzf>h3tUUx zKvLi-p;zBnH;2!DIr^(ZPJh1DzmfcP@Zh!7;DZP9;~xgkaXoh6_Dt{(sa%#P{yKKx zp|Id4gM~7F0ZXv31L*R9z!JQ!`sU~_#|~OFmsh~)y9Uc^wHpHmTQL8DCGZwkkMrm6 z{c&R}cs2E9a`*DqSJZbkMc{hZ&-Bm9V(?OG@P`3nQefU2Bm({>Uf&7yFJK?~-NU$E zK7j7Jpu<3k0T)2|%Zsahw_M!72Ya~&t`o|@L#M!x^kn4(TQz@1R~A6k>aXakX@kWH zI3DCsrCRm9{LsM3Sju^?0F>KGp zwUcd6zsPoONT%E0&=jd^BC4tB?PlIYei;>!e#{JQP4p65Kwe!co{W{so2Jy+LBB6l zL~NQgBeWy_eGl9#k$t*T$M23T&{VlO{XRpPNWokxF~oOyhdqt&_!d7^=`3MY6K>_i z>k>QxoatE{ywKNVtVM3ptIU*A$NRF-V%#$cFVf-m5~Nu-sp5Dg-&c|12cmCOKPjCE znWKHwqVUMGLxWf$Am9KWFMgy@iY$WHN8VAqGZrz2@?me9xzw?S)F<2aVtvLX1Vj~9G>8PCaA2xx-OV}6W;Y&iWw0=Addl#= zMl6fNAJaL>911R*zztf!^%V@+GkT9qsh}@a#2-w88U_+Fr6xk zHq8WrS?lsS5=59IlM6qH45AHc-W^p`AxwMdB+EqhGNt6zPPuH>$A^JwIk2W4mQlhL zQLm?k}Cs40O7ManX(#`BG8P{?H2JV&cwW-a z)YQ;>+`L}69x|KQ?yU!*4NB~pD)6eR*yLF zCfIXTcq~#xaS3Q?(96yi^QLP#A;GiDYXzxH5p&R2yl$&Wb5sh$D1COjsU&0~sN)%X zU^|RvLLdKkW>%HLJJr)09FFK70(^G38I-=d1A`pH49}LntvcZ>yI_~+l}_O21mT)V z+%;oBmBXsYvzg_Z?2sL(ETc!X4n$2`{wOAqdD6sSJax<3H>Bbj8NtVRTh&E5L2Xj5 z;55>w!f%z+-&Ij$^W4U8?OlvHW8K%TWfkM?D}QRNyeY8iZ%nMj$%1CG zMzvhQ&8js&vetDfwXwkW=}VFJUsR#E?~SQG@m)k9e3p&4Rm$o@4WMc9vy zs6GqyrdTlZND2xGnfK%EL>!} z;R1ZByNF_qk7fmj$widtVl{=8B1(E9M42t`x%<@<2W$;4l!H^_| zVv6i^eJ#A>35{IB_`-h+rA#sUu4*WK{bN7qum?`w$6d*p6H^ zu@h?Tc(tXsbvXC*FHS4JF7oc6oP>(LiP^#XdOLqH<}2$ye=Vy3Zy%p*Athm?K7cD4xb2UE;#zIPZ|6A7LX ziCJYdSej*C{Dufo*0>RGQt88deC`t`OhXJy67RU5zy&ej1sT*#VFpEnsx^jgoWPo_ z48T7&YIA;o$4udNIOY?&h4LEX_P9|LZiIxmQ^66wUQmt1DM#sx+<8Z`j$kQyI1HCF zO7jQwHj`Csvcbqk$(95T7~TVc^KX0Bbjwj&HVDqz*891Ra#`o$u@3vsYnxvIrp+w% zT~)xF%NL9nP1jjlOp{I*IvMMzh&m?!Xc(u>wz+<~(XNowr7Y{X^!VIZb$&Kzuubrzj<=Q1ImXd5o4RD#HXg42dDmSEA6s zRB;h{JiRSDhI{*aL)Evp-9G@`k@^d~YknU!;QYsw$_YlP|AKnKTetiZy-UCK%HjSe zdSI~nPxQbX?|-6q>G=K$Fu*dopv{pWTDf-ZZ{QWzO-u#Pl>+$+)YJtmYyg&yycYeH zGl0KwW!`^2{gw9(ZVi}E&vH#zK!a}J$o~))7nmo0lP@F!;1d7_HK3UTpMYz;1{(B#O#pbQ`2S1**q(6EhS|SP z05{m;xj6xV*au(&fOX$so5Fu5`s)OMSBisA0Fbu8tpS?==Ib{AXwd&T0bon&<^=o~ zUI7)7g5U6eo|nLBIS{@4rAF z==B3ePX6~zyuK4yBn|YT|9u#2z})}k4FKVl>n}XL)30gWrj9QK)Mt1R40&t224LiuXODMf>rP zAf$4Xkbt^)8qdQ#tTe3{vBk5KfyV9d&P77n&WLu1o`P4db*zJYth;>+?JiGUpPrkj z@Ow5^S681_xO^OHIN(lZtQ5zc-L!=Yd*k4vQQ|G7?)0IeZ|}ZA?pwdC#OuZ*(gZPC!DijOV1o|LbAB)}&-bHccPH=n~; zSYsuA=s>nz&qCBF>P)#Z?C5AI*2maHmh6Xzj_K0uoBJ=$TH&X8k59ARsCKsPRzxpE zJ%lK7T9+gUyI;-uY?-5miN*;&6;e{UZH@}x^BBWlNt`Mia?i|9Yx8wls9P5)bkbwiuI zr4Oab z%9Ou5N0QbDuG7+#^>J2>q|Z-X8EXYJb?A{vQrNV=z|{j;%kww^>KE53*|(IL_m)HvOtN!cmSVpi@SX5x;U9x7sf zVxUx(Hq8}!8!yzhOq3Na?UZSNp7LP+4DrGzr7pHA-&6dRSa_#$wohkPZ{O>*2VvR) zru!>9w&E$1qM1!ZE;FuG&G+~ei~CNa+cO_+2!CkhHlpr28jNmjhkw5qi*W;2LqN)TL`QmwO9!=8QoTI9W@ zQ~P>5JQCelBnq;wUQd}#%$g!AxwlIn(r8mA(^_N+YKLQgp`cgh?bk5xf{m4`#ilM( z7C_-iT@QRxm*GOwC&80vkK*t^(Y*9*Q!GGi^*BP%-^+xO86F948eTR#{2egG}zZGDW@ z1wDPJS%{vAL^QH_{_64mh`p{*2E0hY z9ur05_mZ)EX*bL9Si|O}_jGHE=4>|G=EfY@<;kSgZIZY;)Yg|C;_y8+;`&1Pq#$^? znpwHsr?uv5UfyhxpHO{IV13@Q^TG}}%Nw4`isPRdu>%#dQY`O9bkViO1md@U=v;Bb z@!Vnfx&Jsiz&hWpZ?YlwyHpJqYM~1oZx#CCwY)E3j|C_N_K}J_%wa>hFiLI1TNDC^ zto_;|k+?8KU$u3hF%0ruD&QbhjYIp<&i-b0V-5BiMc`!a+%2YM&6lA;!U7%93+d8P zNG=(3Z{!2xj^19y48hrW$e6fh+!2kQF`2Kf_Z7CcT`C6q5I0+`om?kW89^xvJ+^UW zwo%8-Lw1p-LbV5@lPbDaIPC7D+{N#y7#=ucl-g)ni7uH$odcDq6?3>m+BnJj?vXd6 z=HZYP{3JLOs1m+zior?aqh@wTaCmRkwAhK`&a8S%Q726Vibt|6o5|jep-8zVGuX?e z@PQzNddb;%|E?UK1MQqQ0f|HTwZuJ-r>~Q#Z!m28I+yPwGw)@3X6L5C>|WiD4w;Qy zHXm zRX|TNoaQ4wIuGqNVYII_KaA6EII4emLnJXm5&1Ki<+Zw%rB%_CdDs{sq0?*C;*!Bw z0&#K$ho24=>WyAIm74Behl5|2LHmcQd;(UUq!r#{=L5ZMQyZJA(ecBLeHcaitKONn zY0wlaDN?#z_c$#AUhhrB-59#zO4)s|IeL7F2<9EXYAJA>lxVEn;4qt>Dn9Eu^3r7G5}xEa)EKo={D<67HtjmOsq{nwODV0OxXWF z_5d6IKiLEKkpDmT5P+lqWbuFLA(#*Oiyr^wx&T~%xh?<~SOI(L?^%!xN(q5-F6@v5 z-hV|(;DiUDDF9LeC53|^5+q>*^ad4*lE54M-;Mr;6d`w<+WZG8p27&=jR2&`!FP&I z02vs+aMf9!hzp$J0_-*LO*|VF$1kV|MkT-|&p}0SvNq5ZFaR9j06>uPFC7I0xczSQ zOaK5Y1`q%Ud;;DG3;-uI0RLd+e+d9!1)ZG%C*;m4@MeeLTVRvt0`RZ31Hd!jwAk{m zatRk1{XGD{;sL+_`~y!}Jw9XbQR9Xf-o&&>dE;tp`w05br<6P;`Dy!&SfC&2iF zc_OaU{3_5Q2CatEbo*b$86Z@`?*Tp&3jh%XjK#UB35><*1m=QdPyKHGd@TMzOZ|iM zFNijDy8X8n{)LwMr-C{p#p3tQ{!UAC0qYQ)B_%=hCMdp;#dbnbah=L}eo<8a5Y)dG z#+gw6Vcmh52w=Yep+2n^0qNQQJL>?;4mg(Q9*KYkPM6|;YXDfu;Ox2vg#%i|oeh%K z0&xlA-MNVkl>MCzH7K~JCqSQEfoCG*=>s)3x zPoRVqAK2@YPoRVqA*Mt0iz~WuSk`Us;N6GSjY#qYxv+;%BF0EpC(niWRx>~VzWnwge z^Vsg7XG{N8J*d`1!^>3Rq}0^=$2tukGT~&d-*U;isal*}=43UcJXjX$H0;GvaQ6nk z$B_p2zK8gAMd|d|fpX1yVh<O4cH2QqQXS>EfNYZ+anve5GDe||n%XP6anjsSZ65~8N6 zTsrLYP2HxS=m-cis%6%wiT&#_rRJjd&~wZkq_azDZGs{?i;yjDJP9O@HIJ^a;NdsZ z?46if`?5+%L&i6A@AAwCcHU3#sA;)4LTGHzVV13kk2b4f@_2+)(kBWvBA>UV4~7gB zFX_a(z&nd^u>{?Ztl@ngag7+6G)7b3CnBJanZ^1!ca!r|!#%2y&D_F9yd?ivpTf(6 zu*RB{WDQSh+p!U4wlzaV@4cyuR*Jpb$UT1PnFfm`8ZTl}i`+LnOP|V#xv3m$Ju0bU z-#+Kgp_XtS?Hk?Jbqzjk#5H3+ZT-xFK9xJzKT=UhvezdFxbi<{q<{6Qp16MtzR-!u zxXJ%=mCP3+rx<-3dQ!PL3>zfo@lXz=ME{+J3_0Z9!)@RNI}3y_ocWP0tBPi9 zt|@W9&|QrtS#`~?G_`Sil{UtoqSe5@+n_U`HH#Fe5Ek&5Lxj(Aan|+uYU7iY;K*l+ zJ4Uy!{*aqD^uZEKQVz0>Cc=APXpBp&YSv@A=zwlBTiC&e$oEV(nmL6zY@b$KN~XN^ z_Opqhap~Kp#+)vhu8v%9d@8_uX(?X6%*Ly8#Em*0we@(pZ`&&$T za{^}Kpqx51+ZmcW4z|6LF{FuFfnym&NcIh;?wdazQJ^B(qe^en>9*e>XFHBP2H6bYFFp| zw}L74;c&9_hq~_At$@m9w?1jsSbRfF`N5nFR5e}X+QH$^p92~&-ETFu6F81P)mLxT zw2G39nAdLg$Ez+#G(8=zxKoj~J#-XX%F2Hy{&B#Z&0@;{qDqdB6^T(ho7P@!M|`V5 zuc2vr*R^g`jh#!D)%$20oVy4DW5RWb$0SbOp^n|@GrH{~ZFI1`#+`Sbm1<=1mGL8L zh^cpI$QJweF#bHK?A@PtmD#vAprk@#S#o`_F6Ygo$3e2D_?^V6ugfglsY3AJQ^<8i zBRR~H(fGtMWHH4@TW(f1YfJ>lkXQ2EC2t!xQHvF0YUQx<4_*$u;<4e|t^I|tj(xYl)OOl{#Wd+JKmpyZV$VRLU zg0=;{%B>e$>jQ*A6pHAf-?05)nQdV^p2!I5vZ0Z;!XX*m5#qoIcwR<2yf1c8w-0fQMdREsJ1zR-kUOwue%#z^fu~);In+o>>2Z9nFJS)z zH71$)`@3ri1S$9lo$o{H6gNhmx;ck$w7{bxp=gmw?RwGAv`$#B^F7wE5+DrhooL^@ zC-y_n1bb6av$q~ie2JC!;UqnL(;W@=b;E!dSXLCqp2s!lm=p{?Sot?67Iv{K z_qgveL?zxgZmwMk{8+i@Av8MhW3C$J(NlpaO1>XWub%qpm2nMc{1AGlx2*7??6SE7 z|A@~}2Id5e`BS8(xX4E(J!lN@V>I-O1aVotZn?C(&UYVlZ|0GGx6GbE#;op&bR-uW zBV&Jn^{mv6RN7lpZlMT=HS91Q&9(4rQoK`$m+-qW6(X5hhVqEV3yn&wFK%na3BU)9 zy_oE1$e6TDE}`xhcNF-9>^|D}h4Haf<=Yo9Q$>U!80Jlz@MA@*fH8c`;th zH-SqipKe_K#Jzyo98M6M^Z%1Wz~TdcGWWkwIpCfBf9W0 zki7q`djK^2Cv*Q(_W;-zfcYTM0*Jr>n2+-`r|1-A0l#&@yLK>kIt?hG1qg}(-V1C2 zidzB40Q>@4=NN)>bqoM(35ZGII3)wvAhHQyljmS1u!_N1SP5cEKu{1;3jxGJg8zU5 zFDSl*Ai0wag4FvjWDx{Y16w#{ zA-Miq3nwV^w1u-U9zf5rLG&uWclQiq0#u5gjW>w9Jc&01z=BG4ocsaq`7Z|a!WPcN z8?gKUvkwA`fn5Vc;}=&4?%gSC0_7pj%|39SE{HdP0XrY>(<3Rk{#y%xHF`GQzt})F zh)f9R(z)5qeS-Lb19y%M;n=c6UxhD`H5YVS8xM%-gq`^J9paB4Ze{Nnw*}(tS0AOjJ zoz@^G75dJE4Uk%R`g3qT)F(ZGPHgD$kl-fz2k5WvqC$RI-K zczA(S9Z<6RFH{{T564AmXT9LGGx}%k6QfmHO~}`QX=i-kv@`$Pvq$^gjo-dM zsTWR&%L;-eOI>qxGE8+bTo|4I@^xWY1GQYm0` zuWmO0?3qZM_K>3M8Y)q?=1|8O57)!VuQ4DLw8SPe93LXj8b$=K-KmRvbD)166pYljL zwW`?N4W8q(Q=pSGYW7<&!myW4XnE>5bbiJ|GCuSs90#_-cs!L6>CaE#Z>?$9(VU0Ghk6kHd+Y*kR zi$F6NXJ5y?g7v=I?-7de!ajqDPxuqg#y^0}MZbxE3I;7hmKk2m^VpRUaIk?WGHtP%%U zSBdo)`RS5zh>l~n@G0@Dzd*Y~{&J--VcuI;7dQ9kdV~E7QMvk*t)*=G{%{Uqm(oen ziPFg-IV=H8^CZg$#fA^OLaW;6r>1m@dcrryijVejhIjAK-lr6-YMcCug{o7vcew6i zF@RoQ>6;d*%{yMSeDTBGn-;uda%p?;e*6!8r_3onw0>HvD{WU) zWet0veEUwXpO)VgYmrcJk0Hqu)H-bL8xKCeX5CNsAjI}%c_d6dRvH;!|L&1JoVFnW z0c&n7I;oeu80oCr&?vXmo7(IT{w8X7k}kbftQ!owcKoK$zebj4ReDDJAe2B^;0-C; zOqA5ovnM~B^|GwzO|%IV_+Q^Y7KCe&c$^_V+Qy)T6Vu`HwJsp6x2VvJM}m;}#;5&F zY|V{wZgsDv`Xck+v)OD%dt z;5ayAJ7mgi4vmfFzMjJ_iZ&wl7K(q_tH4q5kY+Dhu*sjugcRygp=74mTHtM3~eT}9p3s7Y=UGEm1A-vfN$06IvsJs+uJ#M%YChS@3&G~vEFUV zKGYJ9&VTB^BDJE8hPM0CNx~2YhZ|P#CERUqlr3B3C1>(_UowwLHC1v+{a0i?Kd(i< zNE<#e zWx#vmn#e4> zglBM}-XGpBlgxf>mm?|7uw$)g5M#g0-_i5J^oS_m1!>CBteZ0zaK{nIg_<;7b zh3&Y)*u@70JAk;M*6D&Ehlm{f2v_*f{`HR|zNBy5y; zZ}t*~+((snvwCUT5W8{MUXZ0)f3;tRkFWVOiGH2c(e)QwAq7<>vHmgM;67c@0)SmQ7w=zu;eTrZu=vi#`!_ZZ z(#~(w<7~XoB6*st2YJSi94jTJYULT?n{5_0keLuU50KS7q{!}^$9r%k(p79;9nt%fjVEE4Y z4juQ49**aI2Q00#z5~kmu>rK*kfcRWs@hrafolj#z?~4A+|cUEP-gQYV`uz^{)mC- zGRQ9mhzf(0Z#%gF5B(vAT%|I90Si#AUOtp<8wNF{!EUsgA|{?lVf9+q`X)j z!)hfA)5aFYtuqeD)wjM1U^0_Y-L6{lHNY#<%aO%QWD>O8 zkcI5W?MN*q$2e#Ul*svfYv#BMc?4{uhls6a58)ev*%A~Sud?%w6x36p}_M!4YT z8>-Lto>-;lja2zQdq_ zV|}NKnR(1Om~7>FTo~(f+SVZ6jI8PXHdESnL%Pqrb&74bIWA2SCOCw^ ztfL#XXxB;a_AnC~(U?-h?ez#*S~2!HuP`UnP|4tLBfJq(m(hw-aStIB4WXSKC#ok- zFmm>IKOlIElac6XBmG9+OaHR(oDm`~vEW9&4#=QCt#1~OG9zIpMM03-^z_SEdd8%s|>Jd*CZ{_FF2r5XfYxfwhD0?NXS!)}`VO@LNQHDqB zM()#Ai|~_xF_DXVXvMI?q5i355UOUES##~per4?|Z&=dJo}sZx=x%RdXfRK0hR)y{ zylg8Qzb)>_F(lLlTlZ17cf4uL@D7 zCoPbXKOY$?x8Q{M#d}yQ5u3_v|H-(?0SXgVP_qhtOw;mPlx2Rd_0nm=qyR-l>6-|6 z-wB(ndZwuG+*oO0spklQ&yH!W!Ng@UnfuHsV$My%MZ$DvK!z;LF{ z&}ar-jlEqitFXeec*P+vv{XC>O!FFAgvnO5%SC1&K3|w&$ms#kqrLUv4_#lcKSg;I zD~%9+C-{RQHE*!=S4qV8Bn*_}$SwDo*iF!@Lsuvxv?da4=Zl1nR3uy`yH#&!s3kn1 z7^3Tvw-3l{tyOpdm#>!-Mcz+gjeRTD<`}pOM^ZrGd*4^PK{b ziAtuV@zQd~SD`vRuFQ8@;<}}c;av5b#b8Ho-)5AsUseiP^FT2Y7|Pq;$79#*&x!B# zkcqlebpzqMN|BNE%XPW-sO;9z4qqqcy4|XBBi-`Qmgx^4FlO_%nG|3pc*}Co1U@Ml z<_B1|tTO27ylV-`57cT&RqQOoqjMwI+8yRo6cX2rJN#((fw+SI1{gB2Xi!zBy-$&k&ylkWf*^; zW;~%WH@?3$j$?8nj^nX<+E7WB;O1I>Lh#b6bhLPC8U2LT7ij}RE!cqJ%125!Q;cv?dw08?t1`&pULC!B@X956}qMi-FN%3lK?$ZNJPlyB1A7Fg)>r9{vTlhU1Ky4~;I{brq z&PM~9pTZ69-TxO2pjs8!!as=ef)-9O@PBLpu;k88I3DOpKWu=CVSkJ^V6B~vHt2k3 zP<+882o?KjHqnJP&&2l+%MA>nfI|;hZl`FS8=zhN)#G!M?ccPk|76bqc$r_O&Q3Kb z3WU~*0<1O2OoQOR)7&_=i%g#J{p5!8D-D7g|KR&6TIW7J^yq~A`qkm{zW>WY1LX@s zOW3nP#95FQAuP^WJk9;DvQ=(wsAd&(1zuuMn&M>UDV_+)fRcI0w|_Yf(jbDS4n)EB zOL7Nk@O14!`}D_xPmorj7Ecplelr1?PoR$csU$ZySebcZ0)+Cp!CybY^k4*ka&gMb z@}1^Lfj$BIcJf~*s{&Zznj0)(J?+iEpnP7g-&0_o=~#{N;01g;WUR(8eu)?7vdaLc z^D6TTmHq=RksLw`isKha5l#S|?R$ojs$<@=kS)n!}T z8#M3Jo?>Dai$vmzA>Wg){vhs4Z8W>F*^bI_Bh|g}$V}pXJ)e-PG@=*UwG44snon%D zcI>+@X|hOx2HS~INlv~t8lOco>))!)^EWacw~1u_#8s?(dG%lX2e)J*4c3@Ku#p;PG(QY{x(suCwnsAsEh$u_22CKI1o@PAOl^r-zi8EWGP zhCVC`^gsz@f=LdFwBlZb**kKdvGTSawSVJq)_-F=NGU`{fPi`Zwc@%IEwyg};@utM za^D=mCTrBFq36=%!ELqy+qx{y_ox-@Z_g(7mo*i*g{R85OUknLK8JI-f5p|0r^fZ& z5;h98FQ&Td(9_g*Rkt-3*J{-o=XXnQ8YB>%DvVy3VGar*oO~P~^8nG!v0`!U1yYRk zOlqC4VZ^#YwULGKWbVLbK3TnMxKqvdr3F9*RpF z5!;v1EWGPB(XEKGgNpOs``mj7pEh{=L0}GV?Bf_z_nmV2M#~54KCDgbTzYEjefjXy z8d)MDDFRpYvz{ucVeW8HhTYdN&fdM%okD?v+^9VrmY22}tA#n-y2tsmu+zyyphv>F z6D?;mH;ASzh28BL>mY8pyLDwvZ5?sd(L~4WiMGe(nhcw{H(!Zv zG$tP1N2PJ~gUv6n%`Q1UK=Dk*&w#mPlyl|aZQs{!dan^(9pQYvgFHnv%9e;4aXiOc z_Z%2DTonPGVr4-00(ad3;iXi2)ooKzNjm>0(>))%$CAES&63NL zzJCsr|CVgu1~r6!)~*$I%R}Yvv(FWeGpuVj8eZD2Rp>MACH=Cz0st8G;Wvm84H(}d5tIBgEp-en;& zN=!K03n3CxZ zW9Hf*Jrc7o@zAZ*UXrTy$G1+xHngJkQ}}Y329-dd$@OyClrNhAu`adR02ZQw3ckGZ z8@7$5`UoTKA`j_w;vHDI$br~QoSq7^!N+vUUHIN@SK-2AnCw@X;YpSniF(_gq}Qk? z8DE>%V2bX6f1qA~Fix?;XF@pi*_#wYU#=%r%e-7Kab6ZTaqWr8n!iaRbv50fc(Adk z!^mn&1Q{rYPw&F3(8&{z`$j)-?Vr^o`5HmykNRw(w?0=j`7*0lx5A& zvc4td>iCxrF6=8@4%Y1gHi|`Ug4a`=ZYJ~*4b75|whIa*I8i?sa5j36u!{3mx8)dq zM%haMD~DM*av=AnXkmYwg1lX{M!2mk_528%qLw&+;qD9!)=8R-_92o2;1!jsd*i94mc zs3=F@oh?bO*Q?I?j(l6-aM|c~U|H(RcG_3E#xtdpmZ9N4N;iZt0v`M{t`n}Jcc&ab z&|NQvfrr8IdDMF$pymcwb2$B7{2N#ew1@e%f%+@<09(AjVh^yv`z!VU`?Yr#nD)kwDjg0f27lA%!7;-?}IO z0K9ZI03fIXJz0qjl1K2nv9kdHte&%I?u3T`1>p46)-O2s&%5DYQ9Tm?zzPD)06_Zv z>5YH@K;ONCPGAC~1u&+8Zu!q)8lYnFTmXRN!9Q<@fA#fj007JBTmZl`04zEL2~K`t zx(kf{9sr+CuLtbWMQ zgJ&QWbmT8GdB%6Zasv7eeux130`MI=@ZjG3zrF+3*4cpv%2OcP3`mPm{C#HTpA#qo zya%m&i0JO*2>?83neEi@Su_unDBb~`Y8efl#L|4ow!Me{%t z(5J({n1KEiouGLL>j%03Hw}X9ry4%c1%$8yT|kB#baDF3oUm*! z(5bk8b#AMrb?VO6QvdhpcH@o3OEh6uGo(yHSU?9?H9jSXo~`i+@1IZVFuxJ#+xHXg ze$RvEx;>F~q@H7+!Jfs}K^c3r?sQ!CE$0kd_R3sHE(CVSq)XiTdd3i8&lZl$_J%4MDJoWVvVw!Y1xDmvA4$K>d zNkv2j6P3ny%%YOJ7~9m;N;CtA*yZIJ^K$WMb2IS~toGs3#Us~qiB0akm|->$U@vAw zzE|E|rPeelgFFOJg1Hj=lE&~-)uRG@4cNjAJ<}b1rM%t13zHmpI+|8JI`Wre1 z%XO7UY)^%W;$LNK$3GbLtUf#rAdM6-s@5TY6GW9}SZyJfnv!U7cQHC=>dm3WkJ-9G z|C&vYo!un*k~a@lrs0Nbs~pyh$_HxYt&A~IaM|bmRi@F34+K0sHAYHS1<8;HzF~cF z$o-0{>pEY`$Baf0Lu?lRY7w=BI%L4_Zc6LG2ZTsN*q>5a2iPUAOv)?+4t0^(bWPve zNWU`kWR?;BxNw*6Yxj}+LNl$SuodO!_XuUOpICp;8unA^E;QAFPLw5F7>2i7AnZj^ zB|px!IciF^@(of=A@qa&?5>$8*0|h!=n<8570 zRh9CC9BdYn_c(AaY@k9(;xSL>n#iX`!?@U!QQ9fE?zwB+TkE}U((-m%mMR$q2|IPJ z0~cpM&aR0_`AW2qAu4UbH#}LwU>-`R=k4*>!_R6*9kpqn#|G|s+}!9> zQEl;#^29?{z0NDXa4T@c0oN7YSL8DO2hBw%6c*WWxe@6nvQf-zjcPUgPR92{*9sh` zTxa2~Q3T9*9d@wWl#kbQ+z)?JWuhlxT+QQX_eJ{p&^-+PPkreQL;cor@Hd!b>~74K z6jo;PmLM*C93k{I3tcP8N{W_K5XZ^n-zLA>2P25`(1cLQs8qU|GUs`R&jYy0kJEiE z>B*Y+cGk@=FJp9Qs_#UZ$C4gn79%n|Y>@w{eP=YH$#A4j)&=E2UO!M{+Sl%CrPm#s zXE#J(qDmdMZ%g8tUZ;xF>9~bBMit+^%CTZ*(G3&y&{t3C6L|;ocP5UvWrQ1|n`}u{ zxEs$4n6w(-nO{k(j-sFYhJUnBrdp?E9t#^?Ehnx8Yq>N2{nM1Z=n@By{1U3Ft0ekY z?#7US`Vc1_WUe0xf(e0%U#_p;`d(;@7jv&v;a-)v`*6Z%Evfq*S`3X21P-;zTC@FRkvv4pFKIi%Hk}R@er1c#+JZRq(ZGJ&8W_>Bb|9gwwr^WCtquIO% zC^MWSLll*_rO@tgx2IyrzUF&r3ja{)-dllG#gr57cs`SPIOzuPo_nw z((WCDoR163KQ(hS2S>x&%*w1q=aUA`rZ-;UGLo@rrB)TBw@wu7z2+^Zp4~hX<%jLr zg@-YtF*lPvUKz{RfiUQXuVrql8!B#6HL@QNh{=$+Ho+e@(C}{bs%Q^?Od_wk!{k;S=euxT4^@$F$-4M$SReD-m~&bQzS6E;27O_(9yyxLlMha5#Nkm zkP~wRM-H4A3&)hbP zW!S|#2d!qL)G3^aK~&)aBjksl*5YU!&|4B}+pvPBsC5QEW725+%;-2=el>#^7{Aht!`Ukrv7+=G7C~=gvLC_>ucPJ z9$xzk?l!eTuhr8>`)ytJH>!q<`^rYYx7xaVZx2PkjVY;0g5luNFQ7TeykMovzSnwJ z7dOL>auR9BGyW%i6U;&n&g{hu46wYx-$49-`5;d-Rf3kOB zw#9!-wgB%r{~|#KW?ufHJzyyU0LFoAuz`pJfN`L5j#E?t{MH5N7R(d?Ss4Jp1HFTU zmKtV*DA9j6b_V1C3lf~gw_vdaH}njMX(Ez+~2gVzKry-ZX7EU4Se{2D;;Ld_dpx6RZ0^s-Vo{cwPt(}cGSZu+4 znko$?eAq5BdM3nx^#%+87`6d>0|)?AY{3moS%HGibBqG8T*0{j0K^uMVhF${&oPQX z)!n%OoTS`yLtgFwQ^4dRqrV3LsJsIP0D^$QjLNwg02NzsLlV({@AJ6;{M#|x|A;Lh zMInASb!Pm*qAuXl1&|6SVhirm!V*xi#YHC1IDg{WsYRgkV2BRv3t;q5#TMKEiP>q* zpwX@c$88Tx9C3?`M}0z<0>VL->VL!iVi5lV^MftR|rE=ZF-5@26r5?u*vd z`EdsadTSb7<2*l z8bsWjGE*R$2AY@wt}gXk_61O6_ir=}$M4w}YFc)Agok5$5m+}6gtj|KJ~hAUd(dBz>-A3R!(lqr~dh=8Qj z*~}Q|^^uXe!pp%BEl&HRp)wopqdOCX@kAxh?FT(N3kX}J@k2ODF$~1nW8p@T#4iPW z()vmrfXp~Sl7BGtcq)o(;6<{XiK_&O*)2D;VAmIKlFeSTCb9+4(Q|5xP7uCiQ%`U- zkVw|O<&1Ol5Vuu(#|2+ZuRQZ(!AyBCeL*9KB@X5rZxj;ALq;N=kV>`7u^;?wv{43E ziUWFVJqdUb^J7Rt3*l8zqSQ6;a}TM^;T+_-)!x+4SAbFNU?o(?!OapFAyijt z!f8QMEJJvE8TRr0Cq!+eK??EGpG3pj#LMvSU5%GwdO#f#|5A|$$0z$Sj`|lz1oIZF z5PH7&&>tv8D)U%ZI!vZ1S%|;p?fqy%acQ#C{_%_r2XuNTlRQqsCi}`jmoQNw2iH{1ljP>c2$TYKx zm1S=O_@9#I^aUabOc6^Y(&zgGVeA%qo8bME4&s8SpYT)O#ptlz0>zVZ>lWZ#Y z)U0OG!tkH~Ae%sE!__R>!jVH-~kua%q|y<>HD?g#-z+=>|*s*NSf$4I}j$2EL)SPs4&9Fs93yMd%gTc^I9qv+K9FE+)J_dl(2(E^grsPJUw|1Iq4*r zq|vZwvlD4(4YJzP2y0D$c8=!R^|TUwn&frC*VRW?t9qc*HeI0^6|ll6xILC{iQe|p zN`A|&_Xu)Qj$xm0okossk8kSR33c()sNA*v;46VyROiq}=Z3WjKLzhlAz}W)w!+oi zY~~Z`oTdH|Ql(1d@!;-jS6`n?LPho}KHEnJU0n6P{?{}n?EGofGG8~FV^uswu4S?- z`ey4T`bIRni(k5Mv?D*M#n8^4TK7hTi+W;<6J|(cco6DHHo3mH4UIb&^1UBSbC^kc zq#MwLX}D^Z5$>Ml z$~RWX(61r{chop;)MUrU&Xsk`Y9#2$iI_sWUq-DKNH=(JQhP3z0X>Kb);- zmYS1UyN_HMJwB{#n}Zbu%9GkOTUpkn#d7PIu%a?>)i3rTk|HR;kVWkNI+7H+ltE?{Ls&#=-K=NTl0Zj zsD+M%Vd>H2K=X&-sl4N_&%T=G9>+?3C+R_)s*kT2>nLcb_i#wukL!7=mvYC97j|L` z`Q5%til&o`HN&G}TvIa)uV5DI;PrPYylAEP&aN*suw)H427ZRjUH4T-EF3V&l7O>E;{?<}Fu8h#4Mo?-dh~Jr|bY+&GBgK>?+I2gpdDb-D zY;#V=juJP)j#33NlvHrXp)BUHq@lN@XzEbv_W<1qW@@W}cL$c%cM=yQFfExU^9}ke zxyH)1O=00<(Bae>kNA0eEsg8Gh>eZM>Dbv4tHRanl$OCTQ~R55R*uD}+gjDetMF#q zSF|0quC8v)^>oWT@%7z&zZ8^!6ANc^Jz}P~&v|2hP>{>hW#h=)l|xW4?fLg3bH|N^ zr%qP={kzldJc7r&rol4aG_SnH8ba(oQfP#)84b3I4Zin1Mj(P=sV&UBn0Eo{^8dse z{4Y`xpbG!5*aPge|B5{TaQ!Rx0Q>8|V(;SJHDtpH-0K2%*U%G*xPkA2p*!Mp+v{`6 zdjOFEOw<5odqa(#0T)2Q{W)9-ep3(8Zc}mmdQ%Uv1crxDqrY#n!FQa8R=}66kQ)I3 zfZ}#;pkx|q{#*dgY43pn03>PvK`PYPnE(Jq_vZot#u=vvLuE+`u0Q7x5q-+3io?HMf!IF0%9tH&9pF|CaYW#OoXWa)ZrnByYhaY;hHgxze zvU$dPz@2$cM|J@rgn;dx!23Jm*)iUL)-yfKr=Q@Q;!IJiiXn2F3kf zfIkN(-|xj0K!*gi<9jX^$BzVc$+gTU*Q~)<-ec$$Lq(EOAaKD7zxk?AnL)IM$@lHy zcFI9_RNc6SgmP{OA`?rX;NpIYT_fk|nUdOjE9D(X@9 zqnS3LFi(E1=X}xh%1b|N+8$RQ9i7*)KB;=J^=UNmdLnEUTt){%slC!ixSy@L7_vChZSM_kuL9x`)Ac}jpSU#Kc- zN^K%}?@ihMQ2-=Q#LJ>Hef2bE5Z2zT3h{FW?= zME8SnLJYT7U|vkAY5%J?C|GJtN-2v{Ml=g*<&Uz(nnzQqO$jwIFJZ8jR}MromNR=% z=JvUM8f73zM7^h$;b8dV25LC>OVt;savzgJu(@0P-j#FB^Vh$eP#=ajCsb78 zMGHVA$m)@YUH;-arH-rqHCLfxPNz(d5Pedzlt!QRk}*7OLtG!hr9{mqJ}~%OJ0=Bw zR{lsW^4F6Rmx$T>WOl@+Cl~fTFK=;OiYT4fPI6r7*DNLc(R_<{J`uh7jT33~s4W_n zH)lWQFk-i0=|YGlQrs~5sFJ3Z%hN|%Wy{qb)A^g>Z?dO_=;FgnE>XEu(vz7Hz&x86 zd)M;4AWGxjz~ul~n`4~}QmhBebPqfVtKRKRiD(yhFYIkU^K!{z-JMq~jx7AjK80hk zJjO`9gV7};$Li=%->7rQxcpe2d=JNTgt3RazDURu&4IdlAjQPs=wUj3QmIUhBq{SD zr+Pr^b>n0U^ZlnG)$QvcHL`M-T1YjioWHE~G1$H47v4v#3S1lOY>6?)LB2Q+IbHVjJCFIBpYIW3usiY>?N?Vu$AjA0|p1)!{RdrV0bA^}b-W zQLc#|e^v=wDMMsCjZW8xR#^Nh?loo3QDg)p{prH1GwMmj_9YM0xeTNdBBw6lCoIxc zeG0f8D4DgCDTQD*_Ps;V$o5$JcB`uMBV)tD5xy`VZa>nDF9mBihK%$Zw*`t@8@4Q@ z<*W2w$IiN~KjN)}r@(_B$sd&{F~PuYu6q+9{7Pz?eRd|c@I!RB)zD4Z!+JKE$ODxc zD|l)8M`>oCR;RQ_YpfcIY95Do*N;T+Iw6B{xojvj2 zU!(ohnu?Ett&|uuFLcwTu24kBxoJAXH%6(`Y>!qFdh7l07h8)4ofX`AG&AKY+Lui@ z>75bn`tNL);lwQh7<7uXuQ9nekXV%8j3-nj(C2(@;m?(QFcTpE64hi$VZZ$wdQt2i zZsx>DnpJXHMC6NWZ@WI4=9N4!d{Qsre^bN($KsCJ*dw%ZxuDkAFq3Xm>@-OY#+9;_ zN^0c-?%6iqo`6Y%nY(q!yL1w1&q^GN)Y0nMz2B-5eJS%d2*v%;U^HdZI%)}b9p3Z4 zXJSWaKK%a7pq(=78^$G5?H7(W6skAB2YgsX{_2h_P_pxdeL0XDh z!)CtIyZmSGMx_^a>X*r#KB97N)GvcRet!hn{PcEw7z|8wJ*%hG5(M0<;5gEH> zbIGyvgRaC^{ZBikSz+I+OK!Z%LX*OFR@c^~e8@=J%8;;t{#GJ+bn=Ul@=m?{bwsy? zFP73Tgm}>W+b17L`K8f~nYF3}T3~LY`qqk+9_kwfGLxsRl5wIHMs?221>O$zkKx2h zpU3m#!K&R+NBP`q2!HjGIy-8IIfLF6FYBO5F(D}-7pX~I1&+5u&K>LNK5Y>~0t=C< z(Kg*;cpR9WS7e8B+JyA6oy}FqJB6~38gRdb`z4RI^|}j{g&#a5&GRCE$CIsV=%|XN zPcQ6Q5I45pDnv+LWQ5bM8u=8HL61m|zlEw4S!bUu;FUI}0-A~}JBME9wKf)yl9}va zX&4XHTkH-GQ~9snuaYAlp>m+A&OE^N9-Q18$rYpCe~}CCExLSD{r_0|>aePs?rjmI zB$Sd?B%~V-3Q__hDG1Vy2#C@h(j}mDcQ=Z3NJvPENSBCogLL@8IUL-CKELn1yxu?F zefgYOvu4fAX6}2hbq}V{7-k}xE0&YTiXxF1(YhI%y>f5&_N^zG>8*EoCz$eI)P3&= zba_&VfU^RN=@DuiaNT|omq$@Y=Nr>}hl0x6=W4>p`V2)#otrJs3rkv6)uY^H@z8u8 z+`TfDqM?UFC|v6&7g85Zc}KA(2a)cn+zo47ZG?9;drVcih%^&&;kT1_kzFU{?nJNO z7t<{KvS*a&b>GXs@1Eo*E-u!ev9d{F!Fm;bA%eYy@_ny}MY{bk81S;Ho}heA)Ow;v zg5S_2Ktcmse{t3dBP+}Ix`OL<5q)D0rrP&Sq?ed;QWc)PlE3ZLmi}y4Y;<3ZQaS9$ zQ{)Y8O6588YqPEMt!o3m)0Uy3mLC#m637Bjq|}8wK)RKio1=FlUYhRJLT96<))ug;=3cAzG~8T57lIia6$0je0sXyGJyWj}LyHUPgJ zz=J~wa&)wZN>rR@^aO%~w1C16rGqF)YU&>%0x)U-4hM z;Yje`dj*89rDJ0l1I=vkwN~kmQ786%IgJ(D9BsHFzjsKDGP7 zxcCo)KavY!hln!(e{{~~2dWpG9y>5G08rF*q{MM{^Z=Ua%;X;=D1jmT;X43)QML4u zYQ&M@)AR-S*U(u%xI~NLA-E-A+>rS{X!j?P2S`6q8%mJn2jP#7-ahP*8^=$E=r8sF z+XT1~!2<&t0j@;IFptIz{Ly)n0o^_a^a!*Zj{|Za_rV*F1-zCIUwvRQ3P^?kYdil! zhOn@nR+=;+Xt-+MAmMerKDW~I}w>=n}n*QDg8z;0$*^#laBaD@YwL_@>|=rHgc*{E|uJvUdZS8Fr=!cQaO;2pMQ|Ex=LfCg_w}UAAppU&Tn`v z^Y!)N#Jbt$*Pvg0384(3*K$A4sj)aCN(YfV$1Szz*%@GYA5JH?z{Xd^(~6UcP3Zbq zZb^R)Z8&@X@~_V`BSxk6`{>5+O9g{UQ4fy3S{ZZ6aJ7|cI))R^_~oULf7z97cebbt zCf}WH*rXW`M!xPFuSYkItE`*#MA4(b=QDLSou1nhL8%8!`st$^}h>&_AYPy<~I7@cnLTyliCYs#r`-{xJ+hQ&) z{@l@X2wJPc#?em#-w{82{PM@rHEwB@t=H=ULdJsf%*qP2kNBV77QI9P|H3JZ)r7qs zCqdY`tErJ|oH01z)>zHsr-;1C9?~9<9^lJ=db5gTbm88{Fe^W;LS4(qCnhhinT2LF z_@7TW_YenHPZ9fwFU5sl!&&}B5 z^|Yr@j9HKepz|EzOKCP|dL@!_!LG~$-ZKR#IJ93>VaC z@`uch(@~$3YodMzFD6R+{d|;DeT6q1_?%4|ws4 zRb-Bp3st5PkGX~Q*H_f}-Z}k*FU)bd{!d_Zx6w0wBf3A7j>|<_=%8W*KESnG^a%55 zo||d!tw6gqF}A4MaC0K@neBawi7@>#7N&T%#oRu>dtw*V)krqx_1EVub3Yp_-@U`B zWVbQ%`kK*?=FsNLRz=EBikz^EC{?DFyMkPIDygzw`&7vmxU@Z0kawlBM5n)u{o(np z2nBL9PL0EkFN;-F&qUK4+)ZSCsj(!+(d_ly8e~0}?WDLi6x3!1IS#CvY@2=A>MrHF z*-ey zizH0PG`RfF4R6Lk>61rNnXy0&s?T>F3Gs~o0Sya4ezL@KXhSwn3?V+JRc+4;?mK) zbyxGj%$GIpioAMXtP~ZLsRuh$TPvROQ6>2%^q6rJ8tqn7-+Pw!}*^cl4jvVFY;*)koO#1}Fd#A&i5 zF(Wdce$W_teC_5yax4eyoLs&Bz?2<29Ts`*WbCd@d0M8;N)nx$K1+%D#}_6Wc0)#X z8SA2$pIm&$8VA|n;BN&AcD1E%lVzk#Joi?t+S6#?>~Nze^1ENB;oH5)5oJAT6KGr6 zX^cK8Mb%?rGZ|zi%`4fnLwQhS3-drTk3$*8KA$**$L8JcCzNoCmoeLOgb%qM-k;F3 zSQB-~Bd@pe9UJcq-sx+`#2IgbeI))$s!K*3&)zNm>W}-W5np!ShUzn8$_9Rxl5)_< z@CtZPl9-Ue#mnA0YYtmiggDNSWwh{tGR%`GDUfC0MMwu<^74b7Cy61Ucf%Jji*^HK zdtkg@&1~75OKm7l7Dt#I%2$ctOKvsCXT1z zUDzDq4KysQRYus2bw;JlS7Cjz@4W1#H9--*5`5C#$>EY1WQ_O39+QJu#jfE%EUOdW86DL3AbbrmQ|ih3 zXDw!dYwY6BEq=^Y>a#@NSJt%)vP_q(f2}aINHdaxMmAgVH8moKJN!p4VGeg}?)|T+ zFfdt#=f ziFE9(HEX!FaQJrzp$*)Q%HqD4%9-9CxIK4O@zz>6y34_THduSmy^|&>l$t5ogoP4- zkl9{mBX7^lu3)bd67_Y`bK9&pl#@)C<$|5}o46$JUY?uS_$u5-#}37!(B??B4gww4 zFW|He!w${0D0J~p>;X{2 zKe2as*8Z2{J&hCq-%Nq&5&$WUKY{eS6NutPqZAM0A2XY$n80ht_t zu|t*+a3TO>hfX{|*W%dWvttL4S!ehLmK)HtD@KS!1EfcAqQDtVA9is15_IK53lYFH z3uKOeOJ1I5?9{lS$opWopV~#xn^u8Fpi_I&$gz^eA$*5sH$X0HIfUVb zN>{{@JxRxz^39L&Ec=ah)bP7J_Lj>%&UWj4%lWC=D-Es~B4msStfZla6g*rMtDlUY zg;JI5S~EXWVio9TQPx)*RonsXlg`KL4%r=C9-+s8=w;o<0W$&J#kE(yrw1Y?N*YK`!sN&9bALZDtXmj5)^N>%~ z?!1THi@{-))TFKMYY-5L=Lx@qlBC3xm%?>>90#vgmi864Oawa9l^P*B9Y!c6xwBDv2`}l<1ipB8}56TbsCYlIt@--0=Av~J2a<_<2 zkrTh!qcjSxXnRBbJLQ3Rv z^j{7cA>=cwTfZ1JfB(vp_n{2^pRTEm;ojL$x-9kTftjc?xbpquUKXwVxe>1 z!^>Y!mrADh`(C~5Gda0B@*R)SO6X4A_u{WhKV2u2C0#}@Cz4M%yx1RQqY)$#nJ0d} zyU8N2=!Jnl8A(~m5N?a2)Y3f2i(?VTx70n9z}d1l(N+!8FPo}t9TK9*V*2pba65}N z{mGX*p5Np>svLjXVJE5H?1g_bsGcsHd=G8c|MHqO{*Q9g1xhTb(Iwhl?y+CBSCSRB zKfTZ{-^_D;^VI_hrGCOC@4gV$66P;9l{>D@&V^Tc_tg1ZO)}u~zj447A7uG=G_F0x zogs~ECX;+*kt~pog?F7fjF(@A!W)77(d=@SINFu0O86`NBp4lGIZm}7XYCV^UuwpG zxl0X${Jm0d<2mIVd5~C_5v4flMdcfczL&}c7VjmYu6Y^B)!``>$CbIdUX;CZAA7PQ z5i51yhU)%{YgbM0UnKjG))ut>sg`a^#Rcu|@}*26BRU!sLZZ3)L8tbi4*5le7$e3YOv-e1S<%z$lh z&-eQtKHK1Pg=F)4WODH#F9{Qhrup%+w-n2ZS<}Rfo$7J8<~$pX;ELI?^H*Uz)k(gG zC`5e-<770bv$&;L&KrSh8abT4_?1|5Y8c&+)mU#~=_7-M|4Q+-O^*rc&CCvvmH`i| z@heITfn_hI$*guW=NhZ|P+-K|-##uRfw(CiY z-p>$pcQ#YlS}H$Rq4!MAD$i@8aCuQ{eKh>}U~M}RMmOTH{m^>Mawt ztFX176f-3k!&Vf9$Ow(>?eMD0RY^-xj6~@vglTuI1oaI}m^9oz$M*6frfYe`=- zPwPq~9ppBNRKuOsZRh07KFp?W=M;NYcOd}RPweg#qnDS`Wt|IV3*|IvL8$+!tpL(4z#y6@b#SW21JZiv@?9Gr`xy-vyynCB%k!-6l3NPym8%?+438}>W#Q*%h<#^i?lTa6t?+LRi`PhwdV z7*`vOOzflHd=)%K{kz86v8uvaUg=GH%Xc>4TR+6|F5G&rRkC9GMaru z&(tqn^lc>O#CW<=kM>b!+y7#?`b)w{zQIcaJ6Be$Rabty$YgCt>eaxXiPy zPHWdKz4HuX>>Wk#3jzOdQsg|24}0kMgQU_trc&Nb3604Y)%H5eWr@YZV$T|Xks~cw z@5-=cvz{kh<)ip`KlIgs$due=m!Ai!6g)p%^#p@%5W;orl7|;84p)-o8%n(7j*X>n zW0=skcrPDSxjo+c%!HY|?55ScOxu zI3F?t<+T0l(Q7VQ66+k*WcYg@2`PoGDJ-G354z&ZS%*gOB*7~~iXJjMfn!*QAd zpb!C)qI_`JKZ6{A@)oC&1Mnsdh{_wV%QIgpfyx%APWwubGzG|4$=?#A=NUbD_y@N* z2Qve{8bfdlFaXfc)Ig#GigwNf;EcotkTn6MDF7rXj-z=BH3P*gP6q&zrf?*XaV#-< zp3zeQID|Fl1ONN+5o;hd!n{-#`Uz?L29 zRvbQoaXOSVgHFq-fdjds10)YgQve7)9DDKSv;v?mg(xIV0ix+}1Dd7)uy-7yzt{t8 z6W~fbv&Mic@hD9Jpiy$%)7i;@Zl435<0z}+;NfunAJQ8KH+&pDK=T#A*$F_^26nKx z=+V34&-4b*GL+U}rE}t*9fdNNymP3IF93>a3!n z>x}81tbN9Z%wJu<;CO!i2F8!t@^!k#cP5gs2IuE1vv}}1s;kpSN6}bJ6H(;(r({UA`LDz9?$UMr z+NFzshg{_SrZ_~?@>$!9rVtr;d9Pq@AvxisU@u<%Mx#a%${3t@xVDL}RkSzBDc)U5 zOOfEZDHw)CR=T6B7>EH2jsxdwe4tmJKI(Q0`$^~s1$R8ks4#cfN!yD!mn z`V%fy*U&3mQrg=S#M31~o_9M|3#Y9gttAOeq)m!XKX|)+XU6*SPq>(tUg{=hQX{z^ z7h~QfX=Q+1%r)e)g-{d7FD=C2!@bheDwkLnmCa{&@WU%rxfMbjGc(d-q8T@Wx}fnD zhN9W86lA{Gs zxUZ^|3 zf~HAu$$wA$124}uEm8-3fky0?a^~A4tMN1?o;Uq|^cBgYh{Xg=H)LqWy{7wVOcIM+ zhKO(@qLrd9&cv&X)GAH(I(CjHd$Yd_!nKEPORYE-OvZ=!zfp%~Tr??kYKofZvqao7 zO66P4t=`f+wqh9pqg4Ok>?#Ujm3y62Rh3Unc|`NejFQPv$7FTYcbI z`*G!lkWS67q3ZjKMDX`vZ`awXIoz9{FD~HDm()>OpKQOC*jvCjR4}iYG|ne0j7aJB zY~UK2lrNdZ$C=Gu9(;l<_?*|qGKuT*!a}sX!QFmjL5Y>H;flSKckyrED6VTT_nzZn zC~w>;y?5yP&v2r-C{eN;4S)+zcnN~JzCUsi}6$sHn4XqwFzVLc;!=ga!V zFRWf2iIj^8NDKLtr3t_LHO|rj0++h~VyZVAar7EhGH|Ar1x(QAH8wcEk>}Ys* zccUGj$Pr!9+n4mw2h!Z_PFXA4VtSMk9y6BSKz>l8F$M;S#k$@sz|ArX%@oo ztpe;c%)=U?nYDzNA8Eg_N74V_tY7IbiGA|w!wmO>3ev)nuvNuxPYee<$*Gf^Ssk9` z@;>$pF?p&OpFfYMMV7XSyl(K!2?QJPye)utrKQibVfnU$&tN2xsb|ZY7O$y0HE9-J z#_Nx7V4BUeQG}_8Q%T1ZepGu!s`dM??Ufoz?6!;q64}1flC+qMA9(Aqgqw|=lsGJg zeCN8?1p)7m;&8gRVJTKnamkrI*OB23Z2e&Z``~Gj4hrSMf}I3$vYNsZurhVLxp6M1 zFw@~mZEsW3;a1=NK_dHoS+5OZP%7^U_U>yU9NyQHj&bqI{p=M@KpNl)1sps`)D9mhfu@RqyH8`jWj_Tg6u*64Ju=p?;>U{-sK9F$33! zhsUp(2?q%TkRYQ_+4#7xbxpFc+F7oQYML>Z6cfgeE@+#WY&Z1TnsE%4MTyb#5HawI z7^d?DWNE`wDRsgy%)GW?+MSRa$mrkvxj|AMYxCu z>x7+W^yD!c+~UY4;7AKOe1h@CkvD)NE%Z|&JK%1`5A20ymL-!v704>~L2iz@s?DN?GoCbx!000ym z09?(nu~Pv!BL)Fj0pNQ&*&&h&zf%&9;UJ!IRjY#(3AwQ zGR1!m9)KB75B|4;10iy8zpB>`vzvJp;|QGmdj5r@-p0M#L-KnDo@s08WY0o>^DU!YL^s66KY z#e?~dLpTprXE>@|IrtZ7{sN?W0#Jtl0^T3}XI#(B#L9RA*M};Z9w4QLku|EvYaeeK zU=HqRKE;wurbM6TV422>=8})`nUPQbf;9fFg=`^pu}@|05*#lrr2+=|EFYZH_(I8U z`)wXtiN~{<&963|nc0i~zp^w%!H2J3N5);RT5jd+XEHf+ zkRlqVR>{?fW+4ScP&9njlnDFq83hz7qd!XDYGEpkQSHBV13Tm8%MgBn|LkVHmuDhlV!YNf-*^;^$L3~; zmV8~Y`L|g3Ol(%f-5PPrVq>@-c*5S@l5n*mP&dBCPdMcX!oE2!8yR?;#0l|RyBdb9 z;F@)^G+zZ*i8ixjAfw^}LO7;`Fa;y|AWg7dz{stJLPt}Y@Zt*-OvXwT3{;+3wIrS8 z3=Vf)%nfFx1h3M6`{n0-Gsp(9RSqkj`u4IzWB!l@BF(Z+&sHJ#<~pa2YZAx@>1vy_f`a|6wV2!&8GP!$Hwh6%Cd_ajuao^n= zt7FFHw?Wk#;8l;x`|4_H3PzVF4qu9rbK+JQ(F9qzf4%Kh`$KndAmo0f>K3RD)1(@+^?_U-yYt7Or)tPPj*qh&zcN%6O-jr%(U{sKzJITu zzU<%o&SU-C)30cLY~nXVs<)cj?~Pq#R)e>95^Qitf=j#uKdLL0r&BpZ_*9&gT&n5b zTk3U87Pj_&6A5~8458=5QxDr;m0U$+eSRl1>q7i}coLc7s}%mm`30Ql{_C5TJb|LGo36%OV7vrQe8bgj{UTtQ;MZ5qVUO6e>s|KDYmP0t&zR;?4K(} zi)%S{Z%ykZSt2~IUcn=By5R5RjvC|b9b$5gOT}zC%Pp0eKoS$Pei@6OvUT-I;ypaR zRW1_gjinsVwJqG748n;k0UjK4L^<`#%t&&XV#?Sz<90D?WuwW7h;+89A3I7g^jM+T5LI-FMU2H&Si+yLI@- zs5Xb9^>svY6r*iS*D<~Mbl$XPLrwgMEA+|0N5r5P!N=yd zw-ohL4CW=31sb8cjZi&Y*(aJn>;rQ$<#`}0c_7U zqk)D)X>cuND_(NY=#{q>V|knJSiEW}n}0BhP`Ber`qWakW1!>ImXfJfaq_ zeNVt~9W!1`!zuSw_XUsaaFcd33?>KphipE!dbf!6a#lGfifsLam<9BnA+N6nTu-%a z5RKFzCa#QS`B)o;!THTEDgY~fJz8V7tmCebb{1UfvTx%gL5*81Ea#FhU&p*7X+F%Y zw?9ZONZg~Kj^fTaI*UZf54m&;b!T)ZvQvq)>2LUCg z&a`{3p=V%bc<28^*Aetr=?0)5pi_Q8zrP$LtNs%|04MA-_JDqHobm&3a6Z%Se~AYG zf}XJl^yBtPKmM`g0to!&>j=Y~@#B9O7f@i~pV$MeUjQNkl=>gx696J&K9b6ZK$Igm z2+lt~C)WZ5&ff;2H~<-N01=Ka=70#bK|mPP*hw@DIwP(C0E7qF;t(2vLE7)s@AHhF zght>NNA3Xw0ANEP-T(t|q?ZqI=syDh*b=8P;epFXFbSHzzzEP{_yaTqfw2}aq<}aa z0J6h4KtLFjwmH}6sW<>O3@{E5EC{9r&cp$FVFtvZ|B3^6pyxyy>?&~H0g;9lnt+Zp z4FG`lQ>4L&^-qxouec*9do1j6p3#$$2DdmH2go}3 zQyicx4g#TpzdA1tf1r3Ec?WwM%fE%0>=HE$FXWwi`FE$X642HgoPIEnwL7vmW;T!ct z`~Xots+$4<#3GI(a<&7&mOSUhaa0X*yqbU4q8*z&_5K7(JDd(OcrhPUnjBGHjDS*| zW0NP>GO&6P@YaCrG~g-)!~nXKfvnpfgA6QZ1a<&vaQ;$0Uddpz!RBZbt{ObPYl-Zm43l`q>TWhz;1iec|$11GvGLZTT5XCe% zEZRLaHK`~o=XhBr8pAUZ6{ETrQ2vDsMw;xRSpqLbE@=Ef2{oX#dG)p2uK{wkm-gG= zBemCJu^$NEbfOUH{INYW6Wj2~!d$VxfvjX-uYgLFH7MxXW}4lr_NHHBlG6LvvLk16 zkwlwj;i?=Quf>tcH5rJQ>@G}pWv=0ou(mqNg0QeQm0EY{bcOaFHN7vhSJ^igBzYFA`z6>R8~Gj{YNn+q-9h|EEw-XQb!6OF>4HSw54^ugb@#{idr!jAd}&ql zy)lXzW{hT>uHA+_Opjek6L0uvIPIcFmcpga`1plLhPmo)KF*2wmX1>G8x0O{cg4zZ z(HaaA_-%x>(VBBEcQb>$>8qcZc_Vbx@n#^ZOk8M`6by~4yWrHqC--tca%$%O4R}&v z;p@*6L`A#!LL2!us@LEu|e$(W7mN8|-l;C+&;Y*a} z!hNc@wh3++qBol3!|r(&!6-;H?p^u5|E7YCpU}yG#xqB%gFlS=yN}dQ)#_d(2iLTe zO`6d6);>|&sf5ZHNuii7h$-Ge1A`>fLUhsJAN(xF5!8lzDDT%uP4PaLft?rILbp&? zz?{K&!HH;$ICk)AX2bn1^`UI070R$FMn8U7k@8Y!U;oRwXv(DPu0`HS* zrjmqb6P1$3oo>M(b_rJQ=d&^UHVb^krpmYj71k*pdDW*_-RPx(6p3nJVmq9O=nWM zg$}10Bhcm=Oc9aowPHziZIE6wUUW#gU|<;S)g)wP^htzc zaI=MAJgb3Mx8t?c#lC3$P0%yJ>&0`u?_nrO&mYpGT_X#O<$GfegDUaDy7DgmNI~mt$5=Lyx-W7eYS!&sT*PjcWEb z^;O;5*+I5j$ofo=_n~}npL2ai@R)5`TEF-R^COcAmkC7ORStB!l;Cisv01^_2JW56$WBfO##+yg{q3At#87 z*cdW@on1@7mE5>ECr@c3oM)s<2YV$$nOWny4ZT+&)(!l~%DivO*bm!CM9mo*;3C5= z5#2PMkH_Tr)o$!M(4UXU%N{{D&6(4nar{GC`z7d?3 z65b`0qMm#uU7c*$a#@gyJK{~Uej%-Id00rYgna)lHkv4V4{JbNy|e9BW6+F_NIH(` z5BE4h;f-3k4EC?$NIWvty_!m*<2#h~>$GLU4Kv|)9y>1a&tIMC?GW2=L~W#fe>J4J zqAq)MiNky%N*0v_0~baiKlnwE|7SFrG6L5x?2&vH?RP+tw2xJMT&{2N~@C*sXHI6rB}qtbuF?uN#8j|KC| zs?v|v*J76aWcR}78(Ad>SOrLs!}?6IJZ?_fwn>%KOc9u3eeQFS`BAU&2A?3Q@#~FC z27ZO(uC8`GyANhs(D|Y(E43eAnsNC=?!^pdo&+2}e2w6{K5JYl>q{XN zd4lkk%A9HvT?Ok&(BRW4n||5-Rxi=knBtq)Q*Pyu%H?_seYYm}5gIaf&r(`N$(?-v zw0U$b6ZL z3&q_Qh5KM-F}~$~P)3x*r&uiHPWUZ2va^=JP9a`GNMGCMM~gz)*l4W)@5~je{4I;U z+)q`^K8Epj3!6*wtdBVjwb-tIQi$cp{}Fzdysm#ETQ#ZHQGSI38TC%RjZcuhQ)OEG zqp*?B@egA-LfL+fdAUnW&$$zCF%ErZ^8HdiQpzLW^EqOSctLeo;kD%!-uy~XD~bM_ zJ3qeX&#n~2seK)%itQWcqa3NLd{57yc-+t>$G5XkK)(WKhsNu+2BI}yb#`W|1<1){3M{+A zNV3{S8#Engf{{lqw!bVLj9H}5E&Md0UBvlvC)bjPB9}c?u575QJ@*zOy!g!`%7xOv zwb>~Sx{)!>&3MJrejwFMa@stH1ieddd#~ zHa^qtfAIr)LO+i{1;&Hzlpg@V`%nA;uuK4;1OW{YBnCmg03-%YYl1+QBg_i<)j3EB z4290(T?iWaQx8Yz6a-N$0RHN{9{vt^A+;mFnx0($`9*|R+yku4x#0@$B>0PLP~ zs0D~V#cyR*fLzU=P%p6P@ieypPSgTH>fR1wepCi?p3zg02J9_B93UVUIPZWp4JG10 zfGV?NpU+S%z*0zH4*+)QY^0%U8c@jfmmUE7@|;LRs`ZXlTmgzd$0koN>BDt)v<*)O z8nU7xWB}9giUxDyz;K9cBTX9 zdIkv1{H24#2?GY@B#Q&Rq8qyMz{JPNh@6V@nF2`w#SZ3jAXSFPxo3d#v|}$%E@ohz zBrpbGQX1$BU@;#NaUg)W@3Hl>K?eL~19os`uz(JrOZiAS7ckZ5yq>}O+J6o*I4}8t zX@U}xzsnUt;9Rz|Ic^~EeM3--P}vk`V5N^5Z($@XE@{fe8hFCA8Xh%)b(3L%kW;7UdKXZGY@C-xtoOM1`q z$YibAKq{p8DpmV(>I(M$<9(Nx!dus1^!I<==b*}6qG+C{S?BLWS(1rBlHO;sW#UPe zp`dCf&t@o5?;;TYz&n*1TbL6bIz+hWD3{Kj(r8&{|7`#TcvEfB)Ttqm+}M+X0zg+b`MEANU(GajriZ>lMc@#l%X=;lC3zvw&0 zgi-jpSp6o)6D42t*`n-a|BqU%HMohn75~X*2EwhFs#HnTk}uq7`dx*l20k7BYMVmo@1*>^IMLC3RiDZ(hdHtDWS;{$*O} zfyzuTb%!iVuq-qRDpeCE;A%m+s(V=19o1knhMA-`Hv)%=TcRIlPh20p$W}b%bhkwW zbLMXQd~=m#?$Y;s2dkK!-aHEf8*0ZIh;lE`E5DXapXuG zJyD6w9rSPd=iyBpwgZ)#C*IwzU65JS{WXS^(HDQGs#vrlB9?<~QnrIq*?KM%H8a!@ z5#`~W*ri+V;>;JVBCv9XgbnAuMCjO?#f&D)ijBvM>q?3Kuq9wB&kA*2C~cu1dbZiJ zH-(n@UZE~va{az#k-?=;uQ&#`2QyOJ4zkpokiK*}yuqLLq?{J+@@i`7jeGBoPkxZoGErusOO{%FsW>6QIalDMOZ*9b~kC8E1 z-WS(YY|}I#?iu;|NuDUJlXZi1mD^adpo~B)Y9m>XV}fSyBRXy1ih)ZY>34&bOZwkc z*+T1i#*=$ja_JiU+v}tPno7&CCX`-q%U2E}&v^5=@m8<5o=9(#mgtz ztWYFKKcjZ$<&bBEu0v_YKo+-xwBkbhWZ!*dO$z@vJukbG^9-w4Ehht&e1f39;< z^~OLP!@U>TB;m8k;|q3pM3dcm^g6?34exuIKi~?-gRj-%!R}t~SU(nag*LG48}59k(B%drMxXJwRqm}^?o2@wTVICa z;0=n2gxS9RAeKPt_(&lDi^HOOnZhn_-LJ!WS&u*nmKaIzB3BhLZjzHH2Kw5SGT3CP zra(rq6tj#Re7nx_hbcY=avm@Sy01{&OYAiZL#BJ`3Uyq=1Sr;H2X79RAXyO*^(~Il zz58*i)liEXU$D5;FV)k?m&I1xxF=`M_|3DF4@7+QxV#3G%HnPF`dm>@n5Bq>hx-AvJ>FiJ^AZyp|1VibDr zW++Hj`L-s1K7KUP599TURT*q$Yo_^Z|G1eKDvzi~wShHb#XM#nn}u3vcf{?{p-J^$ zQqKb!K-GGQrdxMY>w>nDNS;6BNpyXD5LTq@746*RIh!u7Hl0@8BGSm#XF<4x^l=11 zoPkEq%7qbhMszBd;(bS%gvP8SiB%a45Mb_^)gFjs2UZ==>e!*{9*wJOM zbKVxw=-IuyWT30$pwW0sgtWw?)-UuLjg->qArzXGm_(Imi)-te4Y_>^F`Gr^|7#j`W6 zXHfcrjGHt`}a{1<9E;O3TgnG-m7+4Tp>J4^!3@ z1p*w-XS9F<3ul-I0As;%DrF6*n{cMx|G=C8#S_lh1Nw0)Weu#VaCB%o)9!!q18{CW zV-M)ZsgyOau)@Fe<8O=*(2r9oYd`^nGyeZC@qnIz|BKOLJjrPNMfEP-(V!<|3G;W+mT>=2kc z{O$7@Y!HPlg#-e+di%gk(B@ zxj}QkeqYi3+u<|o8F)oEu!Cbl3)&VCWoYi#?+Q}rkItD!a9!u0UmQo2#4*)!ocs0L zV zn9w?>1L#Wreb+ejN9T0_*o|l38Ath1zl%11m&ii@2%TNZfZcbT`*pa6kF&0zi}*Za zC*livDICt&0T*@jPCs}65B`9Zf^5~p2k>93!w1OQ=->fD03YyGN7-PYqZ;Xhe>q~O zKu5du;9ri|DG+2z0PGZm(>hu*e`cqc*qKjUi~U1R$#8%j%V8t;#^d*IrR66`s8rpv z!=0J#ZSi7Ea7x|g;$SLmX0W$p5)ow51t zyJ~M-T$Z&>_WYx8MH~rg_^whBLz!{_2wiPp#7kk)q;uD#ho ziwA?w;NJN?_(9;7T&5Nrm9}#)f^O#2x>T80au8LKM?}h9(t2iD@6-ek~SL(qP9X^_E+!5xsLoA#Qlc4EAGBbwN$b^ zQ3H0t>YVC4ow49*G1Z31P*w`EUA|K+(IyJnzMAMaw+{cQN+(120^-dl;Comg|DO>IWgl`GY&khHj05O7}hlBN%2@A-KvK!s&;PHFNLVn_de59h6u3HAI)Lz?$39 z@L`5|43^X>BoJb4a?qNPVs6Zt+J0^&gE4Zqp?soQ{-ItJcABuzw(sHNJ5fnDI_^rj zWRPJYXO+Fr3L}keQt)p=wj?gprZt3tPZQxYy~&2^GHRS)|2iP~Ez8r0)ec+t+#KD@ z=qirpo>T2;Om?VBnwIuvPxo;hR$r+qG$OnvZy!wf#g^$LL-B%koB2}$BBkLK`8R%x z&N9h$H5bzPf}pnh8$n#D8!uA82tw`k`I(xY z*n8hUNta(_cf$xxBor+sfoZmL&efM6-;@o1k&ubo;+LByM+H}!3W_j^0J%7NM+0i{+?pCDzblBUVS9#cG zxLzsa(Q162X?Zf|%Hxz)zm<^bfIC*!Lombr&%V<=e%I<(XWnmAk)}wLBq!$k(kWxux_pQ#1 zFTL(E>xa_Db{VDM8On=0nUr6|hwckoFnNjVr)d5%J?d_=e8il@yDPJ60j7ZQgWU?jwKbNA|!CaB0iu z)vldryQnZgTO}WA(S{;(?VWh!rHtkB9@;9a1_ehd%;FafIxrLmy$eJYI^e{K=U0uT zHmQu$_rET)QGS9q)m8lLgKt^sh!!b9e@SzV&%N){c{c)6xixm<6$BO8zHGfrZ*pPM zC(o3)CMPt#;4jyTWmgL%vJmiY+xS+^M@pdZd5TSaiE=517J zCi`1_NzN%{eVp*7wa~_|I~@3r3VajMCtqbYPjA(9Z-U?0jESBYt}Zv+WBrZyrzf0! zM#M%`T2o$S&f?)+r^o4B9bp&_2weVQ^R{^3sQU}fLv8(sX@-$)c@-68FJDKF_Bgv_ z_YHF^qfhKHZb}{`=v=2mrahO=fP8Q{`YUw?{sLk1Nw^C6KJ%w`|NpQV@|ovP_JDqz zOca8A75Y=V|HTi$vFxw$IGHE}$twSsegFX z|4TmrRKQ>3aWYW|lDGda{Q%HizfaXiCrrqR{BQ+HGXRe5(276kSsIL>Aip|$tcIMM zk30tU064dw?co?5flskOKhEm`u*T0jxE~#Wq3{S&j&#!INq7X&F*))XY>^4XbU@cI zfewUgMU}wCg~t*nP>6J%*^@_jV4)r`5|H5oq6m!j5k@+aRypbQX&?$wTRA7z01E4D ztdBs_k&4TI^Z+c|J15rA`Zp-vhtz4Ew0SDlXUg;dP!vpIL4{(VSyPPX89fqwyHq|av}eSX>A5!eE@1@>^XsyTia_x*;BXM6a6ti5$yRNwbKETx2k zC?%*g(%m4SqzWo2-Hn8RG)Q+ymq-dy0@5MU(jg5ZA_7WFhu||z;Ds6e{+{>i^WPQk zIeX8#`<%IZ&0c2%Rwg2(A&K5Gh4n|I_Gix1NFOaZU{nKG`BXH6iEJRqC->;1aE4U)9QRpA6bz?e2CO+C%y8ZS zRyAyc1`_Kqm*IjLTo?wwK?4aexaSCqWgwsYcLPWN14QKn9m@+XnmsP0g6!9j=L=yg z;er`h@_tNW9UbP*3oDj|o#u{cvQzlNRvL)Jf*ywsx&WgKqO4$Nlk@O^Ki<(_U~Crn zRL`U8EAY=sM;EY?FdkT;8T5yNqyGYb5+HX4ESLW~cg4=m#d+fNut(z-l%Ou=bB{`t zo;Rv^HNL66k3vEjF^q#TQ#bXLda*WZPLZ+&!d$*KW>Y|*JvU)(C)oP_Jnuw z&6^w{#kqlBE|pd9D&5{w6liv_FfTu&j`h8y9VJEMe^&f+H(|1{E7dyBaPrFUcNCK@ zHb3{&*mn(XV^Cuf_4$U+d}y20jHqsFZg`iezdNm8tDHjqwxa$~(DshSPtsqK1ivXn zmgYblRuDCk70D_J?Z78v!Kk5%mAST=jX*i2F86)E@*rUuWtn&yj@KTC$1qB_NK)H)0_}=qr^02K)QV-C?)~u9aT&jUqr%^;p6I&@mcr~|+}S;fACvb; z!j}e1FLusuG&a50_{Di^zx27xgJ5%OqVL9uSFo1?UNn~nC+6Rp#n8!nmT!ESVt+`t zhA!etJ{PA7@tBnYQ}hD+NG^mQ*G932}Wmbi+G*mL{@Mb7(1so z6&U?6m!PCwRe@8;y1s#uH4Jyg75}^0b;>u|cRw_%V@U0U$MWh5 zcUlZxWPQ)s zZsJ;*Y2yyry)?HrZ>0J}G5bbkWD@wfNA+gXHHNc3zgEc*y0?=4+H8AT%Dq#ySs8^V zKj2o=`4_d9b)~JH&}j~^w;HKNNzlAg=qX!niJ)tn&S5tsW+vN`R(l1nZ#oowpI-Q| zgl{{k$tJ=%qv0X1lz4-Zc*uWo(|e+Uwy}a z`H_%HrP^|+BKy^J29BGPg410~6T;&hDciv=R{dO@g2GcW_;`LHv3;1S4o1IazeL9c zw(m&BUio!JT~!P%WLrl1w<_CjqS%qHPqVCVM7%EM^^jegeYQUL1^b8Qo~6AT`Q>h9 zU^Vesr~p7lu>q($#+-5NZr(IPeo}t^W4Ou`U9SJXugbk3@Y3 z-9wvL#8AuiO}1?r>x*K{ukVr#<1yPhmz#{5EsO2z>z9ImNUS`?qDpuxI$q@%BI`Eu zhOIj7igWL^AA)rI-VJBUyIz>rO^yt*E0wHAk63!$*UKolO}*fH`AS(n>C5`m1g`H` zbx{iD!P;6?Ol@lJY%H?pmXp#;^rrIRj&CUJZFWr(_sxM_|txj(k6Q{Y0`y7@&AfO4@Gh|zR%3sb_Qxk|H^8WlK zG@&zdTs;~UZzZi_&vq9qvwz;cRuEtNTDi5V4Nti+%&o3O1lm^o#Xs+|K7i)Vr8gt50I_mal zDTA3*gfn0Bd~hChN#BeR zd-Ak@wnQwGbB0}9?(+Dq1^dhbZoF=w!QI)0{*EX@{1JksRa-*_1JM^^lv#SJO$X!j z67De%16g}#=e`d}C0w(Uqa<>Uzlu91R_khLjjD|65S7zqsTo$`wP^lA!Nr;6W;OsjCpj|a&_gmJNqbhg2&pS6!_`PFg8b$`S5XaO&XItIN|a!+Vze51 z1!9#iVcL`8oRy`x>>j&-dP{M!xcZ0puK)crvW$4_q%A(4{YJ$iW11*63$0!wy%VZ8 zP_0NKevh7=9Yt{gjJ)IWm=Ni0M%a4h9h;e=0C%dN_Lq@z9->+?QMTRW z!A%LOOLxfM!bd7=_|!HN%M}#7ME`RpE%r!2j1?D`!sT^l*odg`&hqpDP5=@^{_*8Nerh* zuxvMZDNi8q!-Dg{2jkCp{VubOyj|}LF>?&e=zlpct-jhkQ`v5%cjop`Ds0f+|pEAn`jzNnd1|n zI~cM1Fio{?OU{1Ah@hK9RhKxU=|`OHj;R7qYs3)Fg$&%EBetRuzp8(nReVh%65krs zBg6BZVpXcM-^)4GBI#&lOAEA}F6liJC|zap!wqzRpE>AQA5n(8*n z_e~3Tv(V63(w8ZnYuYFdXOR4M1Zw&4swUaRY-M>DeyC{>?b-CUpIJ#_c~s6byz;1Q zo*Ddd&}p282CDd)vTSqtx!W(v{(EZg!+7<=;L^dh_~Zhm;g#P%f1*^r(E3!Mv@QJp z8l3`XfLAI(Z8)FP?nIF3&&$ld@BIdc^j1h~!`~dtQ4mTeVkCR1hyg=a|+_?YX2V&74G$jFMLx4OF zc3LyBJw}l3A{OmIbDh6gI8G%Y=^dC6gk@!LsU)yZA%cV&CfYmZ7ywiOY|c{| z^}j@WAj;|}MkGXq`N4WPd3;z`E@j``r#~}?UO8N`X z{}S$jehLDGG*r3Ab{x_OCOsL_h^2c_X5w!!z(V?ucJE&>Af}-pl*eBzz}UV&+P!}n z0DLbYifAyQcg&kXjt>Odg(HbhNcWB^TLIKEIG&+x4`EahqA5?I3|Mr4Wes6_fW832 z85YgJa$i_r!0j8{fHep-0Jl#948VdJSnd0F1As3(1R%pIwP3t5A$E>;ckp_G z(RvW$C+348^^f_EZaJP0v^hS|H9aQu{_@aaE9*}y!+!++aYsZD0SQ@(py{Do0O$h7 zL_(hL(SO01NND_m{sLJWpbO~FiaZd=KsQ722VH<;2uMHz)dBw?AlW$Cfdu5YN9L9! zA8-%5wTh&)B^4T`yK6rqn?9uL_9MW4p2oOW&yCz%B=-t^Cg=R6?O}V1$uRp5YA;)x zqR2$H8!AWRjb0`>+BrJDuLSXr)#QYP9l5#HldTM*7!U7LT^94Au#CyYS(yx<=~%$A zfB(2OR!j5UPGILDN4obVv|!`L)`RL%;hr`pyVAD>bd|rKl&R~lY2gk%%yVByIaDhi*GPC z_7IdNf60uQiW%Z}#fTod*)8smRuWokitojB@q)rNi>FL)E7)k5?VG)8(+L~Nk?I@N zT4e0w8AIJrf+;`Xn9=X8V$oTfIC#?7B&9};42Tkma~%p}>*$-aPwrpJB;DcG*}J1C z5?8ja+n`T`VvbLbYe<&qb&1Bn=ZW#)y|_a>QfZ<)js_AKdiAr>16_0E!S7lrP2=;| z_n#)VNGNf2pjdhsJZc~^(5j^D91weK@SSlwqx~`4vv=c4ve8)v^NbAJjq_Qfx0Ud) zB|3xciEy;L$&D%JFT z{H$>zmsz(Jd(KjtjVzrv?km(rL7diwk{zYoH<9LdbGjpPoPVW#F~$$Qwem$adQqR2 zK{i(}M@73tPBM+_VazUb+U9WX= z>sr3c$=OurdcRBId1ypHUt(ZHpRaQhEeu;_%1!aGUy6^od>Bho;YWF_L`Mg%;To=X z3LoRpi`NNff38_;RxhRN7MhVHboCkdmfIEVoHzGa;Ls|2rrhMBQr>?-8fnE9$)rex z){i=N>y@)=xkw;tm&T;>nm48~;YCiecZ;4;uPFmxr`z&Z?QC-I^*H)2;HgNEouk>d zD&<%wOh(f^!|rS=B5&fV!`$=9&}40w)2od#9>3|D1KSJ7U7dpxaX{0WK8`fFoZsU2!V%!*ya1My16 zPZ4JvBif>WDvDkXe$(R4+^{o2vXaW{fLp z-2Y1bIQ?Pol(|8I23KLe?SsT|BQ;0z`tIJt;E)m%71r{1b`NDfe3lnrOyne>9J_^Y z=EvwArX}zq%;cN~`x$+6-S!(<*KV(j$qNklj3M<<=N4p@>y%sTthXk6bg^>Gbv0K za@cvzSkLm$QHf61pI!>2(>NneJc4QH%1l%*E^O^xc*xkn7iVcGcF)Etrn>`9Lv z$h^sjtk<+gb4b<1P4M&h)wF@>Pq9Y(y2-X4xgCq(S{!cTbe2v>`aRq}d`AXF9d*Ii zD@;x!bFCXHSn1PPv2^|C{f0SWZ}*c~sZL~}P#+F8nazFI{&G%%j~sb&RSxe8*JBZz zqD^sz&%#ul*V0|m1=dnn{AOcUTf#886NdG0ZE-H?YRp1|xvMhi!eoY9&yK>y4`T-lDH}nyZy1Lw)frwy%iA*7 z63bWRDE~0jiK5kbbFlbzYu7nvQG#9tc&$LcSzd7fVswN zi%S2Gzq7N|7rv{>aVk~mB#1EP{wUWei}as%(3%K zGq38?@ouXH5oTDd1g|ca^s~<6Qwh-6g^RVO^fW7bxLvrgkUc-lEa_}85&a`qbK zTw%AfgT6+4G#dX^o3j1=oj81JE93i$*)O&^g=)Mdu5Hy>O>;+vy`~Hq-{w-HlD)zd z`&xP+I*wMh*l>PY%*heBhO`m^QuuOEb%V+Ca}?dy>mOFxhc zT&5GdK^ML3`C`^!`6Z+3Hvxrt4bSt}TlV-Wt{JVzSNE)$PVw*}lO}%=oP1!_Ze5QN ztYjMa#YHHSTd`=YQ+H=)Fmv%y;?k$50fuMVb;oW{@#?k5ZYPc>E|e$IEJ41k4LSQf ztu8jL^5|FYtsY)eadSSHUfOfAaW1Fn=;)f=TYCTbKtz+NV3|9yI(agf%!gT4*<>oC zl4-<#_2`T_<=v;YVi?o$NK z|5$a%`_C?p06%z6m2v)$RfoJl)#1PJ;5k*s3Dgq8jr$LT)jzv30`WLi#tGC1{!jb> zWTtTQ0sS~t#tBsX!HxSbcmPNrxcPv7oGRl4s`vm&A22J2H-lj0q;UUu>xg%h>(U>6dmW+ z07CFD`880-2bW)i3%8*9sN+&ZNQa4&j-EmquwsBXfV~3_1mJK?PeOEAz`GFP03dUK z7T`WF&;l%`Ari3v%K~7vAwn9;RUXGQ+-HMhGQf((zr-}?jB*f#0X<#mm{o-wPkz$T zQ%EBwbRd~Ka3Bx|SWH7Cl)$?XAq`-3fJlQW0pM7m1z1c&6qUfc;4SdMwPrj~zQqSU zMd~=D;TF?rp!ts5G$LS{k0P26dO{V9Qw8^DffftGR>=vNAp;O>9pE4UemnpOP;wID z&8gW>?;Ma132y+NnF1JqhBE}e|I+|qNy3LSAM`-|<7kH46X8JytiaRz#!)cyK@aOc z-k%Xnc?x8}iUUL%gkky%$k0&cgEnUXY~qLl4Kck6B+=l$0HBe~2RXtF=mjDJfYpcq zWJu}nA2ltcF#&i^sIVO#Wx(n?E<^;!Fr={aPYYB;lbyu(SOx;(0U?KQg7~}RdPZ24 zBoE~0p`-r-ue75J@ZNTG0p4DZE{>2qsz`+VhH`WP*$+V!As9l?Um&DBfDq&Zc7pl` zA;`hTb%GF#RSTOwI_qsto=Bpav)Xii+KiFO|4PicUJ4J|uR2CPhAb#3X~j_#%0f45 z$Kz>2F3)~6)lA@g;u6}kyZ<7Y@Ww(H==9{o3r<^)pEx;f;y7iqB7gD6^`%1JFfIB8 zN-$Jwcz;`M4xe@18vU`((%VNWNu)#NPL_?X`d(n~Cx+^^B<3Z(;2~jBrkHy-aaA?H zOLp+=jjmZ9c*Q)UsGHqmNi(h-dS+@NT*QMpoRa@FA$4X&lEuh~D9H4FW!+Q^`&Ua0 z{Ps!qTb1w8`g(blFzxqEcT0bsdm((LJLM27uLbk@L#kq_4MxsSw1EdqxPjGb91~Yf zznqW9;xyj1Taf4QABd9@IGg*1&89(o+R{Xntj4hZ;|tnXA6*{a8`X(urb{ax#lxH4 ziQ=YE^Rx?FOIr5u{*La0clpxGOF5Va?=94g5}r1PQIE6Bngt&Q66$EofV_JfK(GQ ziA$bticgo9;UpWsDUg>zrdvo9d*=-OXZC1n(-arOq$TcLN{`pRMa?XHts;gbmRa2X z5!55xc^6Uy-EQ1tAP%2*yZAD-c-}AW<7?m`}9p@{>xe%6>L z?vF?Ot;H&dqxxby(pld3&3$YR>KL?~W!&!~)Vev0vHd~OmDM~+vb;MfLn){2!OI5> zdM^txg9&Jt_jAvU^~w?`61wgl9_-TZAt%+AOq{uEmf-xvFt4{=-{WI(G>jK`pO6rQ3uEQfnkH2gDp4D zURjDOucvC8YhnN-O>tc_gFJ?S3onmiwj4(OIa?8m2&wqATVGdPW zt?U=rc8YcS*5;n~Lqxmosy#`dn3rgPvnl^PaMt1!>i@T&3q}CF|KN^e+uW`2Ffoe>B@YkFZq^xAm6x zBeS%m6z+LcardPG^4t0syH8qnrwhf_Tj{(;Vg;onx`lFxl9^nJMyPR+Yj>2Hc5Y@1 zKP>(*D7eA*b&;>@8}5C!!C}4iSKQ}nDN4RAQ%x5Hg$S-(GopB|vX=P>T*9%D>pJwtv*Rra3oad~4RNW; zwTcg4Sg=|w>~3Nbo;A8e=1e)>w<=mzvrOMmmn3WAo6c@T-aKsoy(T@xn~4}#MnH%XWx|8d z-FNPq4skQyXGg&^0%=5c?1a8Ll70{4wi&i1vtBimAU&Iv*%}l(jF;lyLSs)3T$4M`g(x7mhXlZ=!hmyruVVY*kHsd>7t-m==BJgyhYrX}F*NRyuXmdX&0{YU zZRzLkSJc#EPfQh!KBIj~<$hnwDPe_NxBs=3{`v+%RKPDbtPA;(Jf18`4WO8yEZwtP zd8=_KE61bHAeiG6p(b_PkgQQGu7Jr>!TE52`l-1rjcMNzFN5RB!wMzhc#;o0kMP zHSUa^t06@aDT$1exs0tW@Y?-(b%v)E*#W89#}BI0X-mKc{hC zV0g?Mx)c`q`GUpy0yV9yagxRt4~j=Lv!<8UxDCx5X2}dX>pS96@UW6HHMdkgm$&8Id za4uX^2zTHe(52^(>za`$i=Ac3E=2A*tdiQdNF}rpxLR0y53`p=AHSKTctFTKZQ#27 zRmtRLH^EY@o#O0*O{(!=5|fP zmkn)FKkg=LIqb@@2$CKWRkwcoSzYtR`_Z_0JMg>3ohY#ga?JB|dzefyq@Ul523htz zt5r|3WG+xLe)4wo#rxfv3AGLDCr+iK>Ia9WDP;3>PYa&s8D^4=)wo)hy@`20-?tih z4rjW==Akgop{xBy@)?vf=Q3Ky5we$j;P*ag=I}38i2Ecv#RqPN^|x{V|Jf-%V3W&# z`f-w-;sbWHgd6u?`~YMTaPt9JGVYV*n0#RV=zoa^AQ$+jA1BK(`M^~o|3g23;?;lp zak3nf4=7QE8}}cc3s9a4Hy`l1oGi!W1By=J#{CyR0EsXl%ly-o0D7DdBJnpLq|4mN zj14ZA2d8<^CkV9gr$i2#?E!Lm7~jeVX=wLxNIJr z&O;ko9;@ge?e$JNdNSVxk3fLKpJF2fIKUEmfZq8yH-<+VkR1b&{zEk&umH>G0XpBm zTL5ZM5g-lGKaw4vUI-41l5ypaJmC`IqN-9L{iFAP8rmx&sl&5K0ZUL;vX@^vCB@AOqzcr$Gj9(2z#o z#|5m2raT2Q;%`C-f%g{-VB7Pb7TtdwhTAka0SgcSGN4)){wcyD`A-w+e;EL*Mg$;3 z4E^a``==8W?5r2K??G^XTG%cGYsYca?Sv1;YeJ)d713m;@P(~25Z?-20iX-;cQJ?_ zg?zxH3-Gtq(FKfe1><(au7V{o;0qYv3Tws-?QsNTSHWG6psxRmUFAB#t}cSkDkS-U z?>1L3q9D>)+Box~a{0`CP`RZj);TFz0@uRe+fVWo=x+1T2elk*-n2=c(Y!Muev?X- z#c1wRtxfkfQ&<5v;hYgEck{wft8n+m*!(fJp%$+H5gNn(@2Doa=rDvc!uz$#;S08 zFY8!(^Z$;^YE`hq;Kz392-Y3NkY=v<_Elwy-S~RRousITZE+$hx*`$Yk}cWKGNetn zjm-n^&hzszhfG(cp_YAqRb}|9QS4Gk3||N1+^a^4@QVQh6ymzp6b>quPF{Lb-I#=9I=c6*V)PU)&Se@GtP6Ff@o19KrL5m}5999t z{G!%v@J#SZEvqn9H4avm+BH^xX7c&Ku=F4gg)3G1&80OoRj4=OXEgc-lYY}wRpI&< zpaqP*8fUfll5yIZz8ZK+tsC22$*7f{TzrrH=VG(yE_a}Jg8^ZWSF#k*T? zUf{>xaO~X_!F`l6q|t%R@~SabPSGe-XNuLpE6H&^rN#TnD3Ylsr&0T1?UqZkPGny) z#`@EG>dQafBQWL%Y@=EmxVp%QWN!Gf-Y=b>(kT!A`S{aYepOxXCUW(KD2E6Xe2i~( z1fQnLhA2K<|IxH@T}n*Ym_PUF8fC3d@7TB-*=>hMo&uQ**h&&~)YtPjYEw{EiY;7n z?)JX>8Bp2fQbo%DoE+1ku!KaR`dqsk;dc7g-a5wz`Pq+$XO`nLlFodtPbpfPFx{Hi zek~XK?7+5+yL}5J8Q(bDH{Hz8KH$sWrTE&%nda7eM#2`?mV5jK9cT^Jj5=fZ7`#D~Nj}*9`W*a|8?OVt!Q@|?cc|kckG-IT3ARe{VP4)+Uh{Z1D zca0G2cUyFqZI<)oujj>nN~o7_QMsF^vd|DKgEGW0U1mL5nNSh;)wOQX^{`N2lOnDC zv$C|+M=ggB*VhzcLf9Rx5Bc}m8~mDL9Q%FT?TF%e9Eq^;1ktAGucaHi#QCJI(Ykob zg%)3wNb~3=!Kt~lB&qu{q~DQqEK7u|ag;vs3WMdMGRBoHi-%X%Er0ud*Qe7Hwt2yB zV?P!()hhILn`TLPjH9kR$89NiR9-_7$6Wu$`HJ!U!KHg-Y4%9Ap+emz&Um%&lz%gX z-ZlS9KB?(-`o4ENu>eAca%;2mDkT>XJ9=?e<0Qqd}*TO270#lOpM<++F%Kae;}$^e~!h`iss-OX&_P z3v;8@7QLn|nms2?W^Z8}dbiNemB~vu1Q**02Q}=j=c!LM-utz(V5j@cU&SElo`u=_ zJKYg3;^)>fH^01lSayEPji`#?wl#TV$UxRq!3x?lFP`3)9V#es z1OnGR1WE6lzZfOJ|mT^-DvJ0HjGA}-lBQGIv6pTiouBs`1zCerAN z`(yUGL-ii3SJ)C$ndx{3kElzd4J{fU-!kk!t73M4a>GuOQ%OxviG{x|$#;{K_^I-{ z5OI^SU{>=46O|XzuV817)y7fDAF+GhNW^Po!%Bzb{N8VN!-DPW_AJkWh zuVn3}zs7RDvs=5B#^3NfJ8NauEl#Zv+%6|fwTmyBt_t&~#YcU+FDCzhD#3HeF>kCtE|{tFjQDDY=PBMD zXMgufVf)r;r#{-Ie)%(QE;p@kpV!npyLM5k&s8ZWat=-5gZ6;;*NLEQ(5WjDmvF7v z8GZS)SBr^=v!_vpLFg+7nk0T#~)* z+2T*Q5*5yPOS3Q2U>|>}1TQ+=h^JjMif>-;sj5F$19_kLTr9e4Wqx#Tcj3dFEGvy1 z#jjO<6j2*usbXfDKfLhnMoA-wrA2>Iqebh!@=<@hyUW$tBZv(d?HOJ`sGIE9x5`ys zUdE{xw-kwbWk{3i3l+Z!5PzH!)*rOCB& zcC@3(tSxpFm3Wzv>X;XYwnC{0wL*H;@80PD)ERP4+@_weq3C1X?d==yYjoWF_YHsA z%W6%R;u!kxB~(r65*xmck|AeJQDN*$*L$ynwAAWGm)z=>>RY#r9dZzO=Sz6iSDfU7 zDqJGo+buZPad}84Xn2#aW6`-`ZjMAVoJ)8rqP{E9{)>p#R#g-y`L?i6nsl5`7G>w& zj;Rf(otKUt!RNNNnU!XN9K}?JdUwKvcPufvJ;_1@9i-iEwaUrn%*?~hYYxSH`>Q=+ z!uTsOH)0dJW(rm$?Wi;ZKHYs%PMNR8vY4WI;5j!%dgxVokGg2Z%kNqIffncp&NV%q z8N@8?KgGHLc8lv2y9E^G{x8@qpad6gKA;~bYgze#!dkd-|AA!#*A75mM&afI_`!X$ zmX!}EorN3sU;F@M2ypWO{Ww|6$_Gxj|K|UH@dK6%{2v`fxKGxy@&N^|aQ^=XKmHFF5IfA_qwNAbHQ z0a4ZmO|49Dl1LE`=n3}^|fR@qm0jhtGQGrX~!Aih?APwP}k7dMw8mZ$sPa_Rrx8RV5 z_Pa zU@;AmQv&Zo5Yuof*ON7nP=V=jNCOCN*g`x7G*Ib!8t9`QxqOhSH?rd%xsWo;lWv~G z89V|(L<6`_xOjt>Sn>gi`2G$vu&oskW-$2y^b7zqES>?ClK(JpEb`!% zD%{2al(?Qo863^fQ~i#E8NrmNKn8qa0Wkotioak0EwSVS95C?@3;-(-XaK-`!aYS; zC__#y1bTrelmW{TjLFGRh8+6{Amso*PC+i=Q3fo(((G_?C*yDrEb`oHq zx&?HsG59ILI)K0!UdVxqkk5HMi;lI9k+qJMvAmUzg^LZAy6RR}%g6Z99zmmTN=yb6zQhEau(Htt7% z0Y6$GRR~nb{GBRf=&pP`a3$tIG| z%bYL0GSyizqPwjUde1-{PiEU=PxMX^j(AiJwgD=imG1^x?AXJ7#c8R~08aLYosqI` zHdkMrvz7}~a*{CU4v5q9=UNNQ#^N2Jz2{G*K}yG zXN+_M0ThSKsRmIfFXXk>BULG|6KBXwKH$F5rBDCnBPn9T%)d6z%sQ5wN-$Y$~3oDs_CuFnMx z8f$NCcytsL>lBWBIPKM$TXOh=NK|i zfBcnjpSc*`T>Gxzsz4N*-8sISPd> z?dq5Fj|JEG)X0qV6_7ZvCaY2@@EFX=Tpqn<32&Vh>DQ9sLA%iHj!o#N^He`8+!Aww z?c6<)&KRn*g~WqC4cK#TYJA<8!YDPx^3w?ceKKdpSA-f^MWmP9*sjP+vV5EuL&3Ki zTaq#B^ca|lu(s(xOyG{d>%E#=+v%WyWO9u?eZC?wgP30sgFkp^pm{X0ZDkrgtJDbB zU7fvg$M(L@lnLI*MHJ~cukmS_ZtKx+14(Tp@p)T{%v+Bw2NbV{J4YAwIfuocW!mgq zLE@*+c(&o2<*m8HM67M{PMYcLZ;5k#MN8l1(-8} z4g(m=_BAgJoe23&x#evKl6@~K-d4VuZp}jS<07qm4kn5PR~||O=Aww@bV<9RMG$(Q zk3RW$4!6tr!n~P<{MWnmi(7g!+<{EfO5^Jk?E=x}S{K_%oy`J8R*Hizz4)bSK8obO z#q*^$DF6O$HJc#uni|tMN#F+(PORQ)tjF6zmbG`u-_r@albZa&$6{?4o8)Hs)*&^v z4a@ag!)3MaUGIHJT*KeSJnhIfbK z=9^~k2CLc4+jS>ZWSj_{!`^RVT11sR>%KYvWz4|qqtA`V(R(X?CM9q~ISRCWYjE06H5!ou= z8s*asxh=8UuJlG-NJPTm8{@T8Vqs?};?NG*2%ZwrC=Yr06K}PbqIZ}n)5v@A`)KG( zS3akqQCYi<$Kp;y)h|}QkH++JOo|FPmC0`8X@0lckY*u3;<>XSozc$`IJn8YvAC;` zaWk@QgK1-KSr4AJY*s$PJmu6+V9+GOfEg^p=>A;c_KWxW{XYD}Te^siXC|m3U4(uoQ#l+bQMzbrc0Jcn$+$h{yt=RV`dL+N%iotAnA}>s-0HRbox-d+*Zur(GqGzy`INfhizf_DAs6><7N{! zPJwXxWx2alSJLVp-g(ehQFUPJ(PG*2SxctJ@X@e5r%+s1clYlK2fzC*e#6D1n;-hA zZ60JRXrZ-PXU@Ic3jY3(JXeU;ai{BDiblyoWYx;eUnZ;XL6v;<#%ym9b4cKKHt2f< zT&@q`D!5Kn^8Jr>rhMSOYX2{OoT}sl|Csx?asPp<0IEv=iN~o*KA?6KZrp$H1E?E? zn-BP0PF3;&)u3?W{)-;~-UDtvpdY6y`G5*fxN-l*4?q?L$RL1KK9HAYK$>>UApy?w zf*xyyAcX+u2(UM5wc{g^ATPwg*K(kR<0J);D#2df;WB!#FcE42QIZ0FWhOg5i4H7L zgfd^SIZq|r|5SH^Gj6E5ll_=Of{4w)1O;r;ler3b1OglYStK0N#~czs-T4os0jU-6 zSpoA0HTb;4?mz4uXapc?5iR0Bty^s+kRR z2N)n2hlF@iAkxqg2#|)PZh%Jwh&U*R1a;_CbexJf&`n1l6oCZ*hXju_B&I=w5rhi7 z1;Dz5i)qjtki-zeA%QSKuuM*bG-w2XU_707gCZJq10?B$a!82hJcTo2dIOTZ0-rhn zX9$M`b?5(t88N*9IKLDcssIC!cm^4Od)jb&6X>RY(Hq>Xkg`}Z$jOQzM8Kc}KNx&C z1D4=vl)=#qssAK{kQ0cfJP9&*0D@41d*T2LARH3t;~`joaFGTSasqb^xUm2O$Ds`8 z1p<(Pq6P$^3}Z$h4-NzgI1a%mLl5SJLm4P{IE^wWk|7fCqnL(h?!g?=@x&*O5rp1- z3^1rv88i+?+rXj~Y!DKy$3Fdy0D@YD%?RO;K!1eWg+Y$|g@yv%4O?0u4heGnA&C2d zoH+@)fV5vax&ZGoM;DMy5_AFCfzSB0XBUMDdf=N9r#2g0H+33|$w7x1O^*K>OQ=jXX3N}3c@Nb<%XODMGFa1Xzt;m7!(yjJ+#Une+n zGxt($XuH;}p^XxP3NV zon5%+Bn2)$IrZS%twiGYx3E3iV|*^Xx>d_cX_GyiKt+)EO}XcRjCfnL@{IO_>|3)} zGG!#|ka@0#yO2v5Zh0`{Sc@q-$&qVbiwTI#8wjt<8%S1{thv-iug0i|6Wvfr}RwQYn@C^rM-E(hWtu3-QU<`QF^^y5n{;=iDV_%`!Tx z%k+1e&}kbV;dNHNL91nN*f(}JEj`P)Ie12K@AnyT4dT`u>U`o6msiGvBG{E1!)N+j zu+(oy{rXsmii~H&fub7ZL(oVi!dOD2Dre;?z;w1uxd=@XwJ9p%*)LS4JFSlUS&{Yq zMpn)w$&>egv+~p$O}aii%Y7(!Zn(T9-+anW;$D94hTB#JD@JAwS&O1??16wFEg9D| zZSD8g2P@23eYhXzrTWh`D7O(m5-Ub!kPf`!%;!Vxtwta)_^45oq;{Ox;=(&u)}ky= z6$T>5X7=7 zT>0(q7IlU=OKDfyf-d^aYK|d=iSuo;!ZR zpmBx#+U-KovA#vIvzm@gk(n#`UJex~KlQo4QZw69UjOz`b#+Zrl6#a+Bzd1Gdu72` zw<2gXUVp+XWRqei#Jk*5E_we`T{VH6z&r(4bial8tA)goH{q(Z9XIdfw^MN;l`Fi9 z&B!dypmd}grs1lf#y5%a4{RR3|K)Zt`xJ(;cbON%vw}7JiN}pDSIUH$qIm}`7maPA zhq%@W9IFCqP4$2F7Y}jEYv;LK-zkiY3GRFHjac(RH3rY4B0u{+Od9$^mQQHbBYYLp zG8N-#G-PG?`a`yBHrd>=-fjIg@7pw4mgvnQ^yS8EY0DW_GSogx&6y6WOn%jzyGUNY zD@DtS6;euiDNy{g2^o1wraFzZ%Z_#2>J!4tmlFC%9jSFK?65Hxg0xv^sTd=O8z`XyS02ukJW=Y4^H0*N+ru0VL&}vttB-lEWt8Xa zfXY`~{9hWeNPeF!hUurjBkim5(r;qV!RuzBYv-qc0<0yldlxuEM z-@X_hLKZ+WfsRZUHM>6$q*&$hF@*_-dU@I?<5J&!>aMHVFFxOn%3~?7K1;J{o=O_0 z5U+ik3M<5(r7k0zH0c%Tt-F=niQ1ikobt1bJ0DGMSm{XQKQ6w<(>`Z?w?0JL%`wF~ z?gD+wcV3F-vMP044cjD2+TJQPMphB650dLI_q{asuce5vNTr8=nF%e>4vW8gUB=8` z*1)?oLrKV8uk8CHFTMV@o~Mk2sJg#GsMOwZ!yXY=LD~Z1H$C9dUA}VeF&#TJLYOv}D;A zk4}sSg_fO@N5-SowC>-M4&Hc(7s;b7?Y2o~s{54j!itx(F!teP?K9Z#xa$znYoON? zz>7N^4FaG~I8V?gpmBirbGUK;zv&Zh*8f*QCg+J#G0-?b+WSB8p7Ws~=G!(7XnaX5InHN8bN%V zVxLa*;5^k{;YcV8atur*z=X0Oq!CPd3TeRF0^$Jo2?0n$g|Z-Xf4H1~APrcBKnrkB z31|Tp(*PRm?-qdCNCZej`h%W&KXPz-rGrjLZO+^kTs8kF%wJn2cKf%-=v z4seeMhyyI90mY*Kzya_*1hfFRhJhAfF%2kq{fC7kXQ4YFBBUXl$Z<%+1ra>ZfMs|Z zXmCVB1%D6@2?R5ODNn%+Sav`Vj{batd;)*~5z2xdDjZS>m^h#y5@-N!EdUI_!WklH z1a4r63;>oS0+6BS(;e^7a61+}$bc1i8f0)VL(jfD-k%Xnc@kt`aX%0P@b&}zcmNEJ zLm9mB0dGQp0Z;`1GypdiVBk2C;k-a(;3$y(9?7sqAIGfqpPw6`HHB~}0|f)e2NQzn zYDm2+8T3R8P!J=S>=eGRbp~QCA=+>d;|L+5K^IW^8*~AFP)C0OFN>oK@ZNTG0p3=Q zF2FH;bOBxgM;G8o1@e?Yjln;7N_KXh6FlXyP&Tf`y(79~=9AI6harJwq?dR_JPW^j z8Q=x#W!}YY*HPx|F6fEhXRPeFb~o+zm{Yi&U-8^p(ztylVeaPU*ZB$Jq~r%i#fg)> zBq6w|L>RZ9Q(StN)Gh4h5SCd`AoTf{Wynk6B7;Mr9grx@{D2lw9qa z-6BdK3`_svg6-Msf+V?aZ^ivv_}8sqx&)UX{ubM|~x(-FMtD zbO~U~r}5rBcNY&MEWt-I?aGC$s2@904QSm(q4v?MVdv$q-=}W;=@~U8%NG6Z>yFgH z^!V#GUX4!*-ippT2uvRX8U~;{oSy4C}Y48rYxSUQOq4c1&az;p4ue z96=Ijn|_st!g<_!F(4_TEB`qQvt+$;epudBG~9TZ{TMy_?9z^+8-2^=SDpD6`=ZlP z($lXxCk)BPPU~b%*LQ^L#XpINu+|U!sGt<3LS^OuniF?I(JarzNvgLoL`Xt`02TQ{ zz|U`wr@AHa?IoEwLtD)4_2nM?=2Fd5|$g=h$fd@19k7eRA=~zIl3r3gZj;(=>32as(`v|*9cPB1Rc$XO#d$Ma2ji4_??Wrby`M9oXIUL#~xGD_R4f>N4sr|?3AfjgUwRu$(v z(oX(c{mZN!$@e>>{LX*R{do;kf+^GH(2w%sr}^&?!`N7Ik&3mO$}NjLxf3H3v$&*| z`WwYq#xu(@-0sT~3FznYKY8R~V&+etlaZ(<5^0NMT(7yOOcZ-ayid0yoH;J@V{>!u zeGy%_o&5aEXpsh6uZ&>5MHP{WGTHCsHw(`AK6RhsrLA_RWMcJVRVw}zc#lv$=uB}q z-u>c!!)mhd+3i=(NF%N!I937}%aXsNF`2kNt1AeF@_Ml<<5e3|xsC-1l8=+mu4r4CQi=XX9R(Nz&#q;^0{(vaKHv6vle z7I9of(nddPhboY#pD~M_IIMV?SdrE43O_b!xj^*`l^&oY{^!&%Rw}jxE?&4Uv zuRBuNC6jeb&={a(JStuN@uNJe^!;i>>q}LO6%xtv>c?W;dQ{7wb*guM7u`}Stf9L9 zq+^Df0ajKAQgYT}@-^Gm6)6+6ZxtI*~`F`1RkI$MDmDUrcb#_5Qu z;p_Mz0Sy?{>JC54ewA%Sc0}(w%(>lG#%R-*xg0K7iAHVaz0XMNO=v+Y-MqA9GyYIa zcCEFd{+gR;c>e##+IPoO{l5QO8D-1fn<9G_Wo9OO@0q^(w8WUEL* zsF0OW(m?3P8M-;A-rrx3&tJVd&V66k{d`^b>zwO(uIGJSinETOntLXYs@eZj+htgU z$2kS7WV*?zc0lmMjij1f*GTnuE_DulERk6vd`DRb>Mq|qYOki+d+z2X;+HqO*`<<_ z9~tVs(Pig6#jU*VHLLim{KdUIcD8}&YgYHadQFB|cy`9TbtU<%dx`RF{LEIAIaTQE zfUPCR@br9(fV-ov909Z4L*(CSUq)6-J_$N8YLVcD?N!EMIO2Hiybxup8Irq{SFBXnt7itS#S0nldz2fP@|3(SR_(p_%sD{DB~M4e?J4&8lt#J1 zjZT7317A}M=}QxJ7Z+1mQ%s76bwBN_?O=Vi5pU2hbqNSK-ES>rRV=WxRE`e7a3tx?3%{_VSay}577X`Qd{%hncDC7ud*f&80whCa|1P`%G|64(%FfZib z=>Ll!2Z|kc#{u8&5&ZuL)(;d!BFqQkaiG{ym=}~eB8>YNKY(xO2=jq{94L0&^#jO) z5yt(CAMo$u|G|O^9w>I)^#e$4|0jMRPi%psqhOf{kP^X)40nSB;5?v7E|Q!GlJvkL z5J#Fz#Oi4bEN#uV-@2*D3zNCW#48Pbq=V1O4H!p`@C5X|uKI7IV;U9=7Z4UK3B z!2uVl?nX2~J;CQZgfp=3K%5~Y0f-I;AYJeFZ4m;g{nKn6vMpaF#24;X+yo`EX!{SA)r^Ao7IKm?f&Qf9mh@;=JI z-G%NH1X2uCVjPa;-6sYV)V*g1G=|}~4}Q-M0SxRks8Cgy4_XHd=hk-TLE_V&D+ED- zhBCa!5S(J)kv|q0?rSm(`Gw*2?84BR?Om=7?w$x7I}unV_U@nHR2{U)cJIv)YkL=v zklDLHpz1&=$KR+rp#v?1f1hcWBzmszvXc9ABX899aJ!9+5cF)0NXZfTj1iqoj0~C( zx#^wF`*j4}`YW+IR^3y_yz5S%_ISSAR9NJ6qlxkEvEKS|@$sX60pGBEM%B@(SczE% z9&{~^PPP5?w)#G`)ixBU^I>6dV^n~D(@7SG^(e&vE%Wdv`Cq=$ce6HHC38P)b`Cg} zx7_NQLZjz?`@XV0a5ao8pmXBcx4_`|b|KU<`u9gD((ETDGdv^SZHxPg1;}wau(fRC zq2o=~Oiz-DKX29SXt;9BJcv;6Oo+}?!*;zh542alf17g2!lC2ANNzc9cb?28iXj^u1}Yf9G} zR*HFQq82~davGPure)4IbcXvvP>%(wh0P;ZT~ z(jstGRK+k^uDu?Wt1Wu%Qlv7QV-I0EF|T(Hrl-p4ea#b7m6e#;jt?y!VN&QC*I~ZN zw^(G2{qmNAdyAWc^<#n5(UfG*$f1@Ggm3g!1gb3Q#UE2u@ZP=Mu7y4ph-Hdr^V~5( z#+5Sx9Xr5drsYa;n2(sl-Ilq9yVfHXjb(QerA4o$Z%|aGc{eZ#h`LmS4w7%DRkMkv z6*Oo&jF1b&e=n|fr!5{fsH1av^xC(6uKcxg_G@A3N4mwdJ zCMMjZm@sOk5gvIh9KAx;8?CNHP@yra--VH$Nm@JCdX&95tgO)Tu} zm7nf!f5S!p`gLIom;MF0{u1xfFw2pCwggP7%pckUeDWRxWo~0Cyj!a1)0!?<9Ui|o z<2rUzAfVcwtwYHfS6IzD{Ckq%sSBA>XA^IAvtFPslU(RveQ4Y_9*0l)Oa5W8xL_}j z)S`jl{8LNobC%;xR;_9DODJy{qLphe>Yweilpl!Zd3LhLI;$h_63zJdCUNuk;XBnw zn)&d5nf+*0{93)%>l{Mv`eJNV@aj&8N0i~<&5cS-Cwq3j)#r{=#i?q^U#{SIf3s!! zdP2Va)%THNvH`KJw-h8!rzW!}>J^{f{B#W``-bB3ImIw^Cy8sVpO)zcA}U>T+l}hC z^Zic>=sEea8W}%d_z=(|WST=bh8DnULo}gB$#W{P`DxF!Z#^8|1}uWc$_cYUvVOD- zHQXp9b#tXJtR?Tazt%r>QO6wf{l%F&(o!RqWzO-?XBl02C%ayw66C&LqR*vzrxyHz zx%S4@h31zTCDT2T9dl8aWB3{_yqR8odU5#C4whzm+6E4m>Bw*Z`bb582N8OwfXDdB zsCy#4skXNVmwL66EG@(1YOmV=LX#%zvO42B?6SU|x~$+w-_{c8@17-hf|DefOZWD( zXBXounx`lx@~U^6q%PfEl)&1Evp>2)UsAI&jlXm4m2uxA*9lg#s7nCqUdi`vGc!&fqe=i9SAnNSN-3YYPy;K!5<8znJaHe*^y)=)PTib2=_oYn zLvpZ7&uL}@%2Q*<3wbPkeP`nc->FI8`}XYA*DnFr9Z5cYcN=T=4!~8mapbvM^ijVe z!HL4{YNeHU%k9fT%Fl}^Y`SA;9mQ~F#K;@1mBy7F!YIqF2T!aqdpuCM+0MY~>~Q7Q zalzFTEa{sKN=jV%k=PQlO1M=gycyy(uX;?Cn|jx#_`D;enQCokO^T0VJk-4W;6yBX0g7HVS682C&vi-t&qEK`P)uZ&Fv_sMHM{92yY zk?Zp9U;DL!iWKSI$`5&J9SO@rEBcjnO7!D(U*p*DfIFuY_^0xYMb|%2BWID{;k+zG zHGAIJHT;yTkvoC)gO7JmA6}Wzq|^%)r@Vcn-hj+X7`ONOxsk;CUMGh=lN)3+-kSux zRhsNB)39^sqH~aY`s*!cNKyN8&hdJsoEFanbpjPmUV}SlPMpX`PmrFkLuKnPe=&x4 zFNROuIsMFWYKg&-`EOTJzsxu_*OO%8z{%ct=a2XNrR~S|da4 z1k3Fm&K&8KSuCXx#|I-R?v%sqv=pVv{Fbgfp(27>p|519EDG zr%i~%CV1plS+q#0xi7=z;LW$)!9|VB%p^&92{;Uyp}vIt<`RKc+B=`~vhgn-wQOE- zzWilbU)bE30n1Qvnef{<4=z9H%hRf=XFf%;_;}U)=uEG5p6{%!bqIcWR5knBrweuE zI7Tn2FDfd2(v8N$4!L3$LpSD(_i(tdH*!tn2Pj9Zun(IT{iR04s%PVLwR(_<%oK*!v5Z zID@Ad?IvWs=L3bH2ub1|;#aDe4we?S_} z;XxgO(FcFVVQ-;GEC3uH0@AQ*zug5v{{+eR|7-!scaf#zP-f{jhX-)H@Hr17y_Zjd z_YP!B_gD`;ShWf4u({pahh)-2NCSHdU?mV&2*fm8D9i_($qysj5P1(i2my@*X$03m z3$U2x15Ty?vjqsX3*vGxreRez`y3vUn|BCkP!D=Iq#+RvtJv8W3Paf@Ffb2EEcqZK zkf4CD6#x`q93CIEQ0U<72#*fPDv=m~av(sc0tR3l9v{e!!($K8z@DprK^a1J{O0fw zHqv2si4W|Qbr@wxG{b71pyhYF!Hi_egTcHn89m71AqEkE0gS_gdh=gT4Nwva?iPT< zgW?AmfQK?zLjGrvf$fOop|O7$8k}nTU5f_$5T=vA^s8GQ}R6dsFOkcrZ$G_W~A< z!qA^FcAFGKe~#L{fEMuWT|id6cLBK{dlxWPPZ)lJo-q7)KVhgQd+$AvnSla4K2SmO zS61)f@pFkz9@Ih*p)gH|;wNIi*B@5}H7Ra~lJi<)VhTLA6IU^y!p6P8XY;_%S4WLK z&Hwp=k%&{uV>|yk!(yGnUnK!4v^=_rN@%ZhkhFkjp;{c+0=Rkr0s-eb`q~^tgMc1 zE#552v5y){HRO@y#0s`S&?}7MU=6IYwQB)`a=>(Ly_)R!;_9|D4yhlYFl# zPX3+DYN=ZE>1RK`)N+5dLTCijxV|cf!#-Y8P)T>E-Il`Uut*nueH2-wNCEWzzXNJEynu<~!CyDF$tkR12k^G10Wprhbl5Y&3~77COw!%&(ojXzT>n-6c1^P(KcS-V}JbiI;rXg)Z=N z1p3y*ahHs=UR&Sps)~hi-ek9!=9Uwc7AHnCp{ri(h9{pe%;vhRVCg;l|nnd*{NQo{{<`wm`{feM_E zMoHGnlJIl%0wk0ofoFf9t`ih%rn=noDzJFUsBO3K3e~n(Css5&JJs;(2lv&h4RZYx znLDi=4e`!LN4v_-pJyD>@r!c&Imp_Q?Ki69)U0JEPt&6J>?QB>KEXcKw&!FM!ILJ! zGct){vn2G(H*TKDc*fuz(1%_7?X~Y4QM@-_kBan&a!tR@D0aW^|4h%&+38Z!wd-!* z)P<_K!|EhR0*Wpxjbr+zlQV|1O47V;3`1?TBXs;?_-+70oO-J4d@84?-8(I zh8JW==`&`nqfaXi1@91FHy-IN2S(@2Zhy5BP*fLZQWn40PW>?5C8tS2_fdEpD_TW2SL4Lp zwC8e((Vrb3ZcV?*CH0))0qvmsREaq0VlflX1$J%n2@~_KppChk|cqZZZ zB}FZT%bb7KGay`F%vGB>E9s@koBj)=CAOVMo}W%DJS#JMytH7EB-<#UApcbDoB}H+ zT2OC$5xM!ulMcG|q0*tUC&`+rMIT(NI7RqEkBB^__hiVbyyNh+JOZutj@;P0%Y=+{ zQYBQz>ypkNW0)11^5&I(O30E#l{~pdS4W`oSoe#Onm_T{>$@8@u^;osj+82^ynNNj z@souF&FDp>>QU;vQB?lcOxkvN{`6b2GHnZd_iue(Mxo7j6jwr{%w<-o6?{i-+=a76 zeC5&`mMmu+URr!q&3KQGINj6SUusY_?P{2V6m8Ms2?YtC(4w==HxHLMgvFYp zKcO05OgmiVk3 z!u6o_b&{%<(SqyaC21|cYkAjfn6-(!c{LRHG%XwBp?>WldkxEMgZVZhYle5EcGJX+?lbJod)eJa&Nt zGb8o|gI0Ne>v@5$Nt7EGQ=Ty>QncY-&%Zm{a2|L3a%v6=QIOJj=MQXU>2*xCaK-o4 ze$x8SiDW{;hsVb{*jM@aBGfoud?4BFLL2yrDm|QQl~`7m69T9zmut_iXZ8xLU{kd@(b>Pq3kL7i0LgJWT!0 zHn)z3>eS&v`}3)CpXm32e{gsTL1hUF=Pdd{`M@IP~#jj4gU2s_|5L=A%VCHvUaBgJ*#Mh;I|L2};BEvCayNYcV>K)v* z!hGqNF!x)VF^BnA#gAE*<7d?7L#2@AYA%_cq+0 zkcP%IBou#FWFnjN5YoWT1CfUEO~8Ezae&7(&<?)M2!Uq=Rj7wihD0+& zsqwoa6WNr9KnAuPh{4{=2R?!Tkm0cm@#esrkbw;BK+wS7J_+HW3~31Vp9X;Khy-Nl ze%>t{0-y(^H-h4nc(%;thx5jdL*Yw)tq=0fx-uyw+H z`ZE;^sz~4!nY$fD4&Si99Q()zY2>u`SlnfEVI}Fi7m&E$C0}9g?OwnFR2cg4v-cx9yYNC|Vd(Fgdw+t=46?bP0_AUPF5e+JwXp}Y5SjmvQo>_L zR?Np=57`!;xX6M_;E1Q~SX_HWAvcd#An4p=pG{*mZgW6slYxE1m`>Qp6BdG-V@?Zi z3q4|@qh}x17A_X{4xe;)=RbS8VdK_4YNc!LOeo=)awgBnKfP;YT}w>-?dG?5Yl*<_pgsk|$Kyv$e9L7q>ABMzz-(asFDjU-eEU_0x%B z^0)hG=BP51$5l~aV|0RwzRqlwC;>l4+MR@s(rF5X&H5f&mGhQm7v1Z7Jj$NpWG?A|dV)pFp0}QH!&AjFBSLn#&A2nz<7ccAFjV-K}t6P!l?7a9e6%5@IEZ zwuFWnEZ$$T@DnV`?XDMW%d8vM5&SMLZyqWmUEp+jEzRxnMW0UbSkg>__jlb5gr+N( zSTY^;oK}LurB7;hNaoAlb>sTEnfl7w^sJ0`rOP$keuEynNR$YAJQw|!Z8m9QL3yF{XA2wUE**q$#!{Xv2qWsXlKQC78ihru-wl3!k{ zYdX$uqgHkF^2O&^YU5Cj^Has3Rlgy%D78P5IU~*Plj3E&`(I!7+N4?LTNJ}g_zLzj z20ac+GuX}bi(4xB_k@m2oLeELxF7?_p5&vHVYIz zz9K5jG0-+NnVdbLi6h%TK_ zsq6}F`0PK=DIIU!V8MhqtFaSt^ekcGU4Hye+uCLdQpEF`X3@@$~$b zR!^Ll?v^KY?kz&%k(rk|x+Yh+W2MRkqt8q{@hC^9cu*gTxe&s}G{4bXaC1zYtidy< zPH6K^2sf?ni2Zekv1S^Jb&9YLy?EO{2B+llyU}9M?;6!7?u=ESYbdXu`Fh9NU<`Hn z7}~Lyy{fUqm#v5{W2kwz#k%A)cj-P-xnqrS)a=WN^EjS`F{iGXS}4c+Tx`#)?r+s?SAVL~c6Q8BdMMZJ~c+V{T^j?MYL zeiFEfOZ4@!O=Eib*;iZ7qa{v#cGR(Gu1cE6XK`RMbLu@7_FiSfo{}z}%r7B>EF?5E zcfEMwM)BjC+*#Sk&=Yh-0&(r%KigOM-l3*JLF)<_;7k}5ZB%O=;I1s8c$W|zPcckt zN%YW7?=^|nJMQjtbXwD=Q?gZvRTA>e2cNFY|9VrRpcYTfX0HGVdB6Z5oObV(l!@Vwzxzc@`(f*F-VbrINuMe_O71wTp)G z>pR`yI%YfW=;7PTWV&&3_(YUHrjF`AY{hsXoW!k9Wqy?>GwI9HMT<%#XO?hQ80tt;X1QA)Cs<;)tTMGsc=e^5 zqL`Ao*0wX5S=%}Kkg+!CRCN|AUMChv&q?S#w+P1Hzw-ui~ZSiwh!1WDX zS|Q~%&k5aep6s>~*6z^^quxmrj&aSbD4ZMamaT#@8j^34x@bFs%PlN#-zn#@{4##> zQuwScZ`)k*Ro5)5S@m5fpXHt}Z|K}iSXkr2=?&njJdqJz>>RRs8$C>MwAI_wnblZH zzK)db=)_SHuKOJ^&x*U4zPK6`%G8m@J?|}(4gH`>UK&QC-+{kiK!*`lj>$&%_`I!| z>?83S>Isoh^H}NFXI@cRL0#Ydv23|gzTOqf^AD>KCcwRAdDJSot$c9eW(KZ~jki|a z1giCvK5xfL_y?kz5n5wM?+Sjeu{5rTTpZgHL&yF~?h&Whi*wS)RtAzYJclW5 zLsc>;(VVBue{u9(3_E*|Y&C4bV0@H7we68pqH^x(SSS0fD5qe;N4Cs&qn(^Lq*N?Z zAJuFrKhBW|dl9tt%IP8fPZ6ync?DiKV&t{YpWDX3z`_7=il#8mZ;rE(=WKldU! z@R(Jafrt|AwpgRFv8i#Bi9Vh<n2(74TjKWrnUB;-Y(r+W4*f?>cqlb4RvyQ ziB4i^pzqJndoNx%>lCJ%nl8t3-+6&#$Dd zy>7oV{!=l?Nm{VC=ikUL{zD|(|5zl;2lnUus~?9*I8geEFzz2nIEY3QmYO5X2atjM z2Mbd9AUWBe#{GjIpp^BmejF@F3vtERggD<}r|(f=M%UENEe$ z001b=KU?^FZVJzx_DNcR;DOJ1h-ZN$U@)H#=cZ7S7M_{yle9=CJ;(uo!ch^1yaGw#7hAb2b(f|p7XaUXwfZXSwEdaX*2@3$tK!3~T0ogJviV#=;P)d3j zX(&kx&u`%+x5y?vgfy_XK%^0335d9Tk`|~l-S-(0Y2+j=;#~qQz+)Pyu>6aKy?X#g z;K4#rSOwUA$u0E2f`dEpP)vgoQv{?Tv=*$sY`^3d*`$Y%26i5RG@$WCe0uDc+(PTx z4*HCUG{6#p7Je5{BC!CEX`oR3&q#xk4J0uQtE1Z|wtzB4_%=BNG^ph`3^atKh1KZo zm)t@RhByesL7YK32Z#bdh9m53I7tgF4LmqI0?eT912ll}R09GU9?#&9A8<$z4FG!* z8OksY3`QTq7-8U{i16S56(WaGhD0;0$`Ss6MmFUkkbx}+Vt_zp0vN!b&%p7-e~Glc zMIt_*0hu?FScV`X%m*Bx`xgVic0>f3A9~*6Z;}=`zXR6Q9uZ|=`yEDkm*0e`%J;57 zk`^}cA(9sQ?)~*cN^bdKh0*&YEzo3a-={y4v{0+?8Q~?j;1uw9{L2*ZkF;Hq7DCwW zo+}^>HNAHMx%qn+aM~7%{@yEa+7`Ony;tD0Ep$Wgz5;!M?p;83>fQxpM*$=)KPWo+ z3rWi-AO@a!`C<3WOOo@)1AdeyX>eYVs`=4(SvNBeXEK9SL2IIbKry(LRZvS*@Ur%N z>8Ej??<1#E2|I%lmuw_FoY&IU`~}9EjqatVHJLm(A7g`sMV{WTZpfU6lNrT;N|V-C z|APKq=4j>M3-VuF{nMRTVQT&JrRulrpQ17kSa@!Def^0pNKfmz>2d4SyIVHK?06X~ zDghr&dR-=(zYu)fx%+x(?X2uY@0%!JF*i``9`^GuRNe3Kr~VQ1 z#-p;*{-ZV~YW3-Nba_p3NNrRK6Lm&E;KguxTnb%%(?}dKQ7ClEloQ+8G>G`8{r1Sx z6vlj&a}M>}Y#fx;^4o7%+r~JSa8!cSv*|8J){C4p9AY|CT;A{Spu0FONWk{~MT4K| z)O1lTTH#Ujrj~>j*6C3VA!Za?K2PtYcYVelJAS`vxwZyFTD9zFgyQ1xW@YqLI2oam zG!5RZsaSSZkDR_I92AO$RYdYdPX@n7@P2H=pBAi;IDUGg_2EeOv;(bI*~yF7(_X!h zU*eLoy!FFD#&Y4qFh}qnSXKq}eOL^_zUd@0{K%+-V_o1h2dbyAI{bkpW z1_9DkT~f^NJp9>Sqt71eyZuybuJJh*Zmi^BV>r`wwS{j)IWbyHA%t>OF7mSuKLVI* zupOA*)e1O#X^FL++a_U(VDCq95E0M(Ql>EdXa|@2eGYk;UTo0IaI*)fVUHZ|nRhrF zQ*~=?i?O~bSEHKwJ~99PHr=9040^8iYZD&9YqhNISR`+K&zL<-;p+@h!NPSuzhOou zUhrhc75jyh<+Jhb<%Ut5!D&7nMVXqAQ)Q;GP1;a z(d5T%LleK$!G6UOciH4bHHJF{)U%}X*!ezF^%YqmF+ZHbwazP?aDJW7b#5Lj*Ztd% zH?dU@mDZI$J+bN|5qVzd7x8(Bs%_lqO(EOvNu8v0A}hGBu=3cLWao;8`sgIr1)h>d zt=iA*_9y@K_0Ekd_l^7UiIFuoKNS$DHd>`=QOEjDG*3?}Yvat0aR>T6V!&pwQktTO zzC)m~pmck>uH@Qx!&FIKc5I_RJe)S{UXR;#nJI>3UeHoMj_$38C->;rix_T77I!T&& zfU#~If5}#R+Ffx&V-u@qrlJ)OA+dmWo{6%7C=hyF~w*X=69OOsd-_UcJQ=;JJX#7^=wdJJjV^nvnygN_V+3bvh^Jn+ECsa$JK6T?|f~OaV zXfpL&W!0B%zt4NMs=aC2D8epkSNh&gN$-Xmm9vz$s_P>nk&CWXA=hv4Em3@l80i4aR+x6qhCH91+L;v8`wRVaTSGrm)Dnb5>I=_^6x2H=f|~+;VmHu?wmA;k!Yl z(A}Ry(<z)yC24Vb!a~7PuiHJe;Qsefi)2B03tGofuCGofZuiVu^l&^j5+!;qLLBl8o`VU%DJgI)%quZY(l=?rL)I)}rBDOey0QH@<=&T=UeqKvHmh zHJ0pkPLR>Bp|2(y18JJFru9^XOo}XGr-TZ!K9m}xv|C4GC6`u)_uz8z+5{#iZqMYt zkN%j(V|=GcN9CIu0i_wou(%#!CzkGjc-8quGozx*nF`KIi)IblT^g@*t&30>Iy~89 zwA7ZZVkG-W8#6yvtCyH*w2CJ2rT<8aKRIc^uTWxUz@f|A9v$5*RM#5OBJ+{+-CZLw z6-srM2mF=z^KWj}Ekt++rixFCUs}pV(x%a*RZ%AdZeS8?Rdb3_G12oJeZgp^5sE;rZaTA;8DQ(BX0ePTN+ zKs%>*<*x0dV0*6BU9=mn-x?fbX^yY)GC3c+NujV9KAXxgg>g3fR4W0QrmyuWy0Oct zB^&{p*OpJZ-K)z<62dUV>h2gHNpXz#E4?Qx%f9jXHE(a)^!TE#LW~yG)z^$oM?ZLF zHO1dtKT+#nJ@K7~e9rb^DS5#RKK?1m4Ce8pEF4Vd)Riyv7yaB?$`8@K!oFzzjjrN5NSpD4eM%9={r}T<{1E-y|G^LbgR~hxMBe$Q zasT26@J$yQ@f3OyqA5@ScjQa;aK)oo!e4rl(Yk~PeSt!D|fAItUE&9J`)q}Ob zyB#Ngr$qk~KY%n7VLlL#gSEi?pnwx$+`r&~JePzf7|>iCnpy+7B%D@-WmVw25G#J5 z$s9cO+3x`a%Ur;*poRUE9iYOXeju{|#5j^{65g#8POC!mA<**SY?2@B*L66XgwU$| zFb(H^hXQ1i9?06EBaq+#WbKGZ!_s!BL$H#dKjHv(_X2nUXhsOG7epFHLGc4UnfCM9 z!{i7*q~9xS4aks&=AQetuP_1t!j8bbKFC4wgF4Q`NJD5JwT?^s>k7;N>U@$I`>}^nk0a}2p9~=u>fX6hn^)UD@Bo;tb z1`?#9y|MOdU!gq9!6^@gG$_|N4D=qY$`5UZ^}F^J*_;P)1{E6s3Lqbg@a%xms{GJK z*9SdD*w~=712h1z*9ZpS@eJ)+{a*%vJ&6qEL$oT?7_e0l!Wk5S97Y)u%`lDpKCOym z%0nOnTMonk;I0ucfX6b#oB!I=e^7w{r}Dy{ykIOtX;pq`N4Wn28Q6|UK!%)`zRMcI zec<4h8Noxe97P?tXUXYFjY_t^utxc^xS zC1@e1%WE*e30i(oE&^ZOpV?JV)d8=fJun6I*8io7mVaNyu}jdx`a|trK(X1qfS|EU ztip=vcP}8H{Cls!DO*^%_U zPCA7Vv}kBNPZq^ICgM2krLWi>A=Wnj#wewIG&r;XU)7j&bMf?#eYuX13|6WymASaEK(0_*V-FIcm}ps2O0(gb>^Sk zXxt97`!bBd9ECy1LMmm;!`?hD*W3NJRkCA#X~?Qc&rZtDt%#oc{-SMU;5Pz;t>T>2 z#lY~)c1pA|`uStm?4{g_kJoNCoMp!vl!;Olu-s9~o^R#OdHGJGB)Gx9X8noXk%!vK zlNYM$)a7&MW!dzTT#n$^Cd9cOlioCBx-{oPslIbl#MJws zi)WH0Zjgz}%w8uoc&zvH6%7+N+spewC7$xs&$F)dXj~H~O22)o`-V=>btN6*C-r$n zy{!_1!s-EWsu(Q6hH{KYt_MF1F8Eetuk5Cub%EuiTmc#DCTE^f%jf7SdkWs*qe2)I z(uNljIB$@X{P0}els@kEgnzCkt{zy>W>V9Htyz zDdqJzukyld(crbh4AC3ULeH6TlRm>_`E~pm<_ES-&pMkd|316%kbaa5dkWk;7--mK z*_Rnm@O9fR+M%IxbRSzdrAr^%*ZO$^>(g=ho~-r{10;=X&jNitsssy%;=|s3TAbfl zR{W&c_>IH#hT|LG(}Y4(-$?B&&oE}9E=qdnUZ-v@3129wjntpBV;&bnmyP`{oh0c$ zc=Y9$D9z?k7woi^M+yrhI<$9gUA}2{6{YK|m*tM;QjToo_0aVfqpVBbI+!6gZ1KfU znEU+Q89MY%rriFvd-8|=4$(CBw&>k~(&UDZU+%a(Tz!jLW8%1ZTH;Kl+mnQLevY|# ztr66OnyOkKDxs=!qTDcLY7Da0qQw`%_`yESo`IfC64zur(=dL#3}k)yUdBG!f3S}W z<ADC0&B3swDcR!?eDz?T5yfqlHg`Tt8g6+4qn}Z$?ZyPlzV@Z0Z?N z-H^~DONL>__mXysD$8H`Gf+*K)63{mUl{4}ZlmaJvB~97OS}=ca;4<{c=)$E#tS*B zfmfL0IY>J=1zul%^WbOD1g_fD3CFH8X8IVy-wSxI*=qPegXqvm4h*&%+Y>~Nq zuZcKPj@-paUfoi@Y6aujlhqt8el&H2-#%PdBC7wS;9f2ud&)|vt}AL?rCV;j z<9;)_Hrg#FcSGk5F~u{4(>})Z@?ZGZHKu61vBb{n3J7z2dMR1&bdQ;vYFad`-~&y< zO(=-MJQ|H35keO^`ZVzRHs#(MmlR)Dw+cBYq0e|bv_|4~Q6E;S~WjUuSU^HtCKn zos%PxZu?QpGB(U|VQ0a}%>i8Lknh6og3}oTT!rU7Y@U9$vuR=+k?Fid)3Hj$WT?ulT`yf%a!#7a)qnhYZc_JGQ27KN`}P^V z_300RsF)}Udgrbqr&1wGR@j#;1gZ(3sQ3<1We~;TpT_+IMFqAG{i`2`s4_v|+c3ho zfAItOE{rfAh{wT-U4Bqpi7@UT`~bC;2=jq{9IV*o2L+S}VudH11#g0LU1Gb%A~ytk~uMYa6S7@dJ6)3@8nS<{?0Ow@;-4?TTT=sz|5`u;CSu zp@QmGL<{?AIzY<6^C1Kt0BntgB!h(4o$OPo06zeq^AH;X3LX#V=};;an#jN#QV5Dc z{|`-d;gcTB)DK7=e^biP6bl>(A`MT~!CGMW^awaW77B||5NUu!fQ|(%z-cE?eEDY! z!0thYG=!}DU7?E1>%&L`>EB_bp;RioHfWzpg?a~}S>TQyLK@gxAP$h!^$$qzQ>h@Y z1)m-fY2>U6C?8m zK9!1W(nClCpDrNMkU01g()%&}f7#oRg(8V*2-ol@3-Fi*sqH`BOHc!W3~4Cg0jHm! z+y-bEfqsHiqrqH03^asFg>q-VsZ?Zh9>f{cM}RmZAPB@8oJs{Ny8jFUunj>20Ar01 z(C}w8SjhZm1Hhg{hB9O&`-j3psieQ73~a%}C_|zdCj5p|smP{01TwJY01OZxVgShS zSO!mm_%jB;4g?J#d>#P?;Gql(I{s_`*p5g*h96P7AIrbDDGVKiSO#Skhf&_8G-2Y8 zy(^GJg;Ih%he_0f3JNFz3Ohe_p8y4l+xLC?GXV;*3V%AlDpdJ_DPZ^RZv^PRL}Hf! zg&#O13_a;(m$-x;DzkS1eGKegzPdda_cWFr+_dY z$Z~$rb#S5XB;77CE!RP_)?GO@_uK=^^@ft0WVY+Ia2wuvtrk!SnID7>^ec0u7H$-@Y|!HrC-W={v>qDWK5AK?BvCH2xxI>`?0H z)^10qp{1d3VGX8thZ0RqnzjnWH$LIyE3gLXC=Gtxndm zWR}D+Q=D__Zx+kQHp|{W+bZoKcWrv$G>I?B^X4AQ)#Nnx0bEp46UwZeJN!cpx|T#* z!#6#gB)rT`F1kcjzLaM*pC}g2(@=08FEg<@J;2RYQ-9=yR=hnXC%K?s zj!I`WWAKn=S&<)?%p!iuOnp3a`KKV3fx!!E%r~XZX&k$Eq>oqC%yu2SyOP8^{ON*##^M~dCir){7^_3 z6@ziqc;kr9M1&nl_$nxMqaqr+p65!^yuf+7kQkaQkNnW6Xt8Mipqxy6tkjR$Z#y(u zA8cYrX`vNxuDD%d&>+hVVi&0xctm&Tt0_^Ly6c-> zX%>C`(5p~vXEWKqeVeU^eu?V6(2vw2oU3R#w@N|?8K=MXIa~Et6-XXScC{S~b0?UL zw!jPdKuCfY?x-%>lTv<+^4O_2g9B0A4@_I9y1Q9uiyp`1v|X_mkMpOn34A>CIXCmC z(s%ysUp}rxxMwIwzuHPfZVLsR;TEOih<>x>$(8Aqe0ihZ;L&?Ig?Pb@jm*_+ALz&~ zMViVQOBj$9R)<@o4}F~;JL@8=V{D1D#N%Xo)x*U#i9tLejQ+r}!w)XP|btM6xH(5hq5K7Z-dpI)mK*v)Lj@`4{_ z)arG>1g3rN_wzyu!{Vd0p3g8kqw##I&Q)euGE3_)EeW6QL9WcVyEOwnn zwgUYtGoiS-`^EbkVr=VuLPpo+l?hrq>}3i=ZPmr@J*D)q(YRRm?aj8(Y_F0BmHL;L z^>5!ib;Hf54PusfI(>DDWXhm}(oh^z^(M~k!V;rxnnY30$t}uPs^VLZn2QVfima4= zMokfaEjb@%f>B=WAY!|!AE z@Q_JZNq^0=7>G|ZVe>81d&#Azr%=5kU7?PeTw-7#=l=0gp{Y98L%ci=O+qXu9h*YE z?BS-=nTT)Zs>S!FJqq;}l-Z(V&lvYbs}^BMj;j~VOP4cY;0>^S6nQ| zoK(VM<9W?sA$!mK5QhQpz83;Jqq@mlMp^~yM*~PC*k`L z;$RP2`6bPGhD_`;xNBc860?+REapD5B$^>7D3#V~tGsATYHV?BdNL{I#52Qd>ZZcD zb(RTur*oJqE8`^T?4R3GbQQ8z+o^AYzUg$DeE&gR9MxAx5o50ofSqlww%MalYrjO6(XqHxT z(tlXV@rn-SqTZ7hb(()jgjcCJ(4Y8OlElB>moC*#;bVZvz=LCQ=+peT?d)t+9Gqwb z!g&E411*CXUl}z{1c!eR@z^L=@tJM@81(7^)}UttlQ4gZR~C7SpT*A(*Y}Pwrgp)c zKZ8T$Gw+2FQ;o+YC`jNRIsRk$$S=j5G?E0hMpF7kgRAW8=XsR0j)u73ktRLH)tIGJ zSDzlsnLyT?&=+|rd5XobMI!r~VtmnO^$H7Z8Dc>e$DMJtmL)E1i@9X&I1{xh>=O<= zB%HC4$94JD*+VLfA3X9HJ|1yL-H`RDHLE73zNE2gjA~|fWcLN)kT23VrN!`=*Yg#R zt7Fi~i`Ui4=5NrNhZLUlFXLDKcbQDwGk*^RujX&Z@eBv@8b6ro6isl)Q6z1@wB+p;Y8Otj_zbWUp z>fgOZH`W^-+_B@NTDm~2Lh98W&PzF)&qK+>z>qsXU!_>zyOgWynIVjt+qUFS{Ko1U zy?n%H8STy=ciBgcU!EqrG(_cUE?;zpzJH?NF}CF^UIo4BO8L+uM=vHkaSiAV79W@H z?Dk>ARi9iI}0q(U}Q%pC4TWw@~8U+`f;e37Zh*)Py9fhY6Dy{W%Y@Q(!Bw z!-*!8afNr?-B0KtiP%9X4kq-F5%BErH{%K%6p91~ct#KH-f?hxM5KX)8$=qCEP`Xf zdkIhJp%Pl~U5MaQgBAFIn*9MB>?YT3};-C zO?m)n=m;c8BiteY2RP#jbqHF9w(s*{q@fE%VgZ4|04=~`8VcfnS^)MX0@8fDg22#0N?}Y zFaW~)wWPrB75jJV@bZCAp2N$B1{mZS0}!ClqPsmte1FbEtN+7BgD@`Oy#Q`Mi~tpY z_BsRKgk+zAQjf!n=ljh|{-)~o9X+&oQ2TLs@sL{&YYDdh7(+7U!L=jr2nHjWz-0kz zhdspvfR14M4kPR>P$qJC?Ynid0?-GRpcwF@AncKFm@gE7^sf5T!$nvCA_URc+W=5y zI($pP8O=ir-+O%Q@A=(w;@xqu!g_)I1p<#+=;dF?KB!grj4-|s>hqz^@kh#00PO7b z7bcINkM|&xXY4ZGLF)g`l+X2ISe5e1_y!BANZ#?ej3Bf}^JM;IQPN&TTAUT`HHL!E zOJAh%Jin-XDy+aOt=gI(^v7s)fDHdj6Tzd0+LJl4CP{%%Lwq&5M?I{28X zAjcP*y3O@T34IeI|Hs>(?)rTj+UPCqo|-$tn!sTuTN~y0mS<-*s)&5<_e#IhJ>078r!@Je@&jX`bIxKvGwcZq*XN|%4LVMGaJU(@bQ`@>d z>E$HRxw=k~LKpIL4hxdP1m7)(u*caqk~FdDJ)Y~2ge|g-Vl`i?>t6jCa&FV!6%8nE_ck(0$y{+1dn&GfrT5BM@$$ppvH zfg+Wcxy-+$jg4FP>9x8O!5darNRKg;<}@jj6twq?YTz_{kHa!tzr>~DS!Cm*DPq8O zXL(vZ$8C^Nvd{b_x=MyRn}4N&-x{q+=-t4duGPZid7qkgdX>4Jzl-}U{Hg(C*~se( zw?XWJ|D4Yy4fD(*71;})wni@dit^*iuVBf^GZSp;a<#N_VN?{AJ$CrXb7W;9)RjEv zNysGibE4QOciOY%oEmDQU+>*D{~v4b9(Qk7&HG2Got%p%bBAAax8e#-y4;VJL(f{R<-=A-`lL67>~*F5(wS6}`1clouSc;Gwz=hr^;m%sW+ z*F52`UiFiA`<2^%;SW9M(_jBh|NSW+_LiGG`@w(kj$iZir@Z-hZu+dxef{tM&5!*2 z&phbgf9|ID__&+g^oHO2h!4E`cl_jgKI?m5{-ala!Drv*`gec93;yo6KkoLQ_Px*g zsQbU=dH?puue$RWu z^z|=&+RuH>M}5<+?{S~ky!d9%eCKaDx&MPd`3L|0{A*wFQxE*GKYzs!J@=JQ{J2|v z+DpIYHV=Hz|G3pJ{KgIcboU?rqZfYO;~(~vYk%N|cfH;Bece0!;ZI%n%m=>gFW>g_ zKl91o`Pz?v@5esjw{QI!|NIWO`jR(%^80?+1D^ZuKX&&o`uK1EkPmzNFM8wWeeGBO z;%mP6*r zC;jL9oe-~Vm*dY`9X|B*lP^Q)(A-sZjD?;Y>_EAR7hU-#gff5Rty zbt*(E}$;*G` z%O3X3^AEqz^Um&g%RjsK=Bs|<YhHQt?|i>M{H@2m{|Daix_^AP zzj?q@Z~ikk{pP#B&odu<+ecn~_N*6P^RV?#z4`jze(Y;L^RK`D;di+HcCUEzyZy~G zANoW0f7L5?_x<|kzRe^4zqdZ@L9cnvZ@lyS-uG|5>wEt6FK_a#Kk$F=aHj|S?Yn*9 zYo79~4}H5^{^nQR>_b1`%Rc4&Zhv`;Ctter6W{(1|JPqV{Ri*z@*n-zf4R*cf7rKt z_HA$Tr62K6fBzdl_~w(l{MuJP>E*lkyW8$xH*@`SmCFdG_1g`hVW?UH|p>?sBiE zJ@MTieDiPrh!?)yH(dYHKY8{$eds@)-}<{>dHqYi=N(^m%X_}p?Y`%$?|jw!fAj~x z>bt)Gc^`b!A6T8<@Vz&C=CfY*KmPo)*1x-chZjBOK40;n@As?k@RM(M>6TAC{pfpq z)u-R`{?Hx%@L^}a{%xOq{sq5&%b)!9ul-Ly`A@(4i0``Yj~{sP zsMp@%i@*5ypYr@~`>1D~{_dCm@xA`rz20!oAH42^?)W2*+w5-f;y?P4o80fM>pR}@ zng8ble(YcW?v?+1ugBf~`G4}-54z{a{^PrS`Ae?(zOVk4pWMFX=J))*kN%tYf5+V^?oFI@cUn?CHe-}3=?yXGIh_=`S#dyCtA&U^gh zdtdXd|L;S;<4NE5Ti^8Szw}cN`m=|9_J4iK>mT~mtH0+J&wBOC-uj5Y{?)tQET4c~vWhu`z9H@W%ezt^o_eE-M)m+N11+c&@M=RWPdf9+Pc|C&dh-R?c#{HU|% z{Ljz1``_O4(NFw8pZv7D~p8eb3{)Fdz)+0XQUmy63uYc8NzvGWT|5i_Xk5}FH z_rCfQAOD~i-sk1NeAC~1yNBKHKmXmWzWh!P`i&cIaqmBU(LdjCmyh|Ww_bmjoBqW! zp7u6he4E?<{U?0#*WLArANw9p{Ei>}{TDstV_y5a-}sxK_}Y)V&&~ei6JP$Eo80+D z&wkA%TJkAM(EN#s358?N6Tmhm5Z)zxoe(U$^D$_LSYZu=4Y}oyBI8 zhr7y`&;5rz@5$Dp|2o%rYoWGv?$FOJWyXB?veCw>|1j5hW2IA>u{Wqhd~W>aUpm}j zv>x6M>?1^Z3a=kc$AI-kF`zrB$#!VUfbm|qi=9E+cIfDoqMg&()>$D4Ctm*&wvT%ItHw)0eL2ND6}a9f;FXM<0-H^$yaHlT_DT6 z98G}B9Ui^ZsIQ=sf>mNgPKJ1Dv@}?YyVRz84&#V7^C741jN;Th)U}Jk+Qt4%(3CeZ z$npHU=!&Uk5M&%~DS~eLA>NCwm}&-r)q5EQbAhRg?t5GAPVii9fArb@7mQLZO!wa<`B$T z9U(yH-M2&FSpBZKOh+-ynH^!sKx#*Rj{zE3YCVn_8u|l3ofP)Q-+em_<#^~m&L-I- zV(5Mn3Hw+O(-Q3t9$YktAic!H>Ow%kSlC07*ni8 zy5r=29WRMSrdWpETL-3C#r@S`{|=^DySb`i*gv(DM8mLuFLS3|xs@Giq2I1E(Gf#} zzyhtdt1A8-K4n*RFsZ9dd!CHvWXn%Y?dRTYzo>gxI&G*qdA`3~*MFK5RnRztpi_oM z)KwjV(&zJiBK2|zqWcVjZZ1p^cut;Y?m6{2|20QKFmVP$<89x!Bf&|~UEcNE|7#9I z40Z-X4yn!h2@TB2%<3M)aKLgk4ea}NG%zRIHFjmW4s*$tOLKBnIsJI@r0Abg@1>qr z@w%v46Kj>$7#kr|hZ@j6B`d$((Ep=~Nr`#TFNJQ*&uDpwAaA> zQ_fSVClj`NV(#pxN9nyfV>7oS;GsGYC>TF<+(#nyv+c{VH)81h$>p4|N_>W%lP0 zKgq@sxTMPidUvDU~Rm8k1pS}Q|*z~^0eU2L)|G7wi#ZLHvW%7Fx|mO4Gg1Mi*tOIXILeQV zR&Z2V;OhL0FB_cYmkmVGSyi3IlX0A-N6}hM$C*o~^gr|J%xJGJM=x!Qsmc^*?ZU zTdlKb;PBpDFnE=ht;PEsLeP`tappLLV3x;O?&YFK?i&*DT=amBItLdp z=%|x$0fUaL9ts?}Hnt~tl?8AOhCCb|Q4i>FKtnL-a0uf3%&`SML5KHef>JU?TepE1wRnCEBA^E2l88S`ARMH%d-_snx$cK{5TGtbYM=Ue9amU+Hq zo^P4wTju$;l}-k>E%SWKJl`_Ux6Jb`^L)!Z-!jj)%=0bte9JuFGSB6d6h(60d9v? zgL$qZShq6ImDU0V4(9ne^IT3L{{si}TyBtCndfpTfPsT~?qluxvMTf32ipS%4(7RU z3so!g-1mhB3>?gJUl|&$$b)%)&OG5ye;-bWQk#{FvW@GDi{e>4HQ6uQX2bwTuU_Xq=)5NF`l14u+SQ!ZOk zl6Xqy##1U{Jee)KnzR8kTXr>R17^1DYSIc;lQy2fQIj@c;HXI(FtdJFlQv*x{jMgh zU^QvuDJN7sfuo%8fPtf&@PL8C#Up}&BNyjoVhA>j#IPwblx-LD*_fWQF+FEvdd|l5 zoQ>%@8`E<(rsrwfmkldu84c^Kh6OKe05w2(X#*HA^HP_9>utJ=Supcb*B=8jFKqzh zf9B4Y{`$guxOlR>&dRq7 znB{d=zMWtWIO)mqIxF8US}m_LRs`?iq7@vh2;Rd*tL5cAoM6m<@8JRl4)o4@xM&3j z^WS^8Xaxs)=RKTS)3;m3-jL^ry%)t^tb@ZHdNtO;;f{b=C(f`A4tGSWb>a-YJHyhR zp?3~|fHYi%bf!;aX5v_>7+#|utJ&LC${$Du!ffjlx5Ei#su2n zs%)4*8zzuXxoHGUpbZmt{ab(#f93@#uL0mlUHc+3Qb<2$tyH@g(k1iWaTK0m)+S4Oqo32V;n14%S}5wOpcv75EgJ;)$C`^;6cr zQ?}}-tbeDhf2XW}r>uXcY%fn)|4v!|PH`YluVDRasy^mw?j?40{6rrasx$8Gsce8? z<Yw;P7fD7&xqXf`P-DCm1-ad4hq% znzy^;9gd!$BX>BZADciHXG!5uod zLkD;0;0_(!p@Vh%inOB6JhUfppo2SfaEA`=(7_!#xWjJk(7_!#xWjJkuvYl1gHhGUJ{@d%$AM-wP3b%1gHgrZ|DpGYLVo* zTPF&F)96f{0cbGm{?4nO{@3VO#*Y}-m>=n9OC)~xIWjp%Cg;fH9GRRW6P5UvexG9( z&K)h2h|QyON6Q2=kIo%O5X?L}cN{@V;dw>0TrkUlXt`kENWXU(KZ12*ex&~_Rc3?^ zObNya9hj1$GeQTZ1Y?8_ObNya9hedf9Ny&!1`h9XG=;$7U5;Sj$X(7disR*DiqqfK zB)0|--xkcXg!uN3__m%rF5=sQd0fP|1vBl$w*@op#J2^5cJCN=&LOY$gqE>FR1SFw z?OA3vrae7r8A2$5!>)i>tJU_~6%YY~Ti9Y(Kt!u4aRr26*kV^e1PpFri(LT`t>C~P za0NuPf&*Jz6%fn#5hRcKQ9dvcWGyP@x~qWJf|(z>2C8PhtAL`_l0EZYP%y@dWL*U$ zN|3CpfC6S5t^x`e{9x^O6;QN-13T_2AhojgR~67Q9tH7Z9+kiAsy9)LF1YF~V4gXy zdJ~Lw*;Q`=gTLs)8M<)By6mdA=mCH64bRX8SH0#LUAoqj<+O3^Vdv^nwW4pXE)AH+>gv*fd8`}s&DEvRY8j|D?NnBkT|3jzIH&>TND{@8OTwSVG{03K-2CU8TWxNbRN4(sWhrD6+*|7R-Sba9E zK0fy@F0lI40c`mY8&)453J;iR+OYa;SbgerZuG@Ay7WF^$i^`?!H^BMal?GrU>i5g zhYhxI!+h8Cg<0%QMLB;-0oa4zHl$8Qz4$2b*W+^E$VHlp0Vr#&_fv2S87Omi5y;tc2tqsRA z{>Bi;{4MXAxU%Xopah#uTv@G9g3TtbEC(4%@V$MmQXIth_TkKcK?(b{HNLk`ed>Sg z*XmpLArba#YkcpuBTj0C4m`v9-25_b#lXhgD&LzJvbGbJ4l!iGOcOC=!OS;e$l8Ed z11g3rnpAOLl2vsxPvF4buh8Tbn!Lj2U!lo9t)n-i$tyJ3N7$kj9QgeD*mjIy8Mi_W z$J{Ex!^j1%0Q}k4{>#6v!r=nd?HQ)7AwCf2R-bD%q4*Pzp zK?H|=Kf%C}b9@=aF~qSH(_23$=BpHIu6?2QQqj^(j{bW6wFO21ttht>ch%z~M3s>aJ%E|~d7 zgjq22jR><~=9_9x-Pfy%${J0R>Mdynha*Y)pZQj|0_n=I3pDuxO};>rFH)12X-|+c z;>TI~-U>*8*|uLWON{ulU{Ghy`pY{vY~FbXvhjaG<|Lr_~A$^q1(gTEUU}yG)~Euwx#jhpd3AN26(8qpr&_ zq}At+tLVuTQ@|~lM?(R(!m@DH`&_|{g92{B;3_&z0k>L_oc$TW;3_&zd|W|baG=w~ z$JN@nx{Ox&+ljzCg^67(UHSIoq5HR>_KU*;Pi$?kM zfqK{{;q*bkkYQTHWfTXRF~#ZS3Y}*(aZka(f)ssrMq|J-`Rq)3i5HDIlRm3NXPStBN{H5ep8?Z;o%!xF zU;(oR_zYOUOq0)m1q>XlS3U!#R@N(@0SlP<<}+XcTdw`hl#eM+4^&FcXyC9L`Ad=gtdZrwqUjk#IpsnRuIn?3>+C>TsHoA`FQ;0fl?f;!&l}U z#nGGv7bUFB6h{jNbx4QeXr+QI9g3p`0|(NfI9jbxhu=wYv|6nJ6i4gqHaPG*eHL6} zb`(%gUPp#&^1Pi3`W<`I?Ef_eN@ zRtp9W>;je5O5$0|sH_&uT1I8HVAe9<^`JPTqa%6(2YxJ-)w-Jj9PG%dvU(XW1NDfP z+wyJs!jI14zz^0JYNz>3jYf@^P@hwg$3pG25~7Ti^@ZALwSt57#a{x^TUcMHofgcx zPwli$2!R9ZNA0v)!GZOw+UaH73KbZ0t9)B3l6BU}T1GTk$3CrPM3V*cXow~YW-ZgI zDP)QW3uX-N+Oh$ahWEvsnqGKymmV~WdDC6=p2ow1?;#B$ZjSkVAt zxpD&-D;hv7SFP{^4Iq}QR%-yUT%AL+1`x{?3>;_xv0Sx+BQ5MQ&V*3LoGGuA3Su2I z_6VsUmeb@BQb8=3M@R*+V3rusU%||2qQ8QH1I;7)E62>5NAy=PYaY>G!OR7nnJvvD z`m0uOpm`PjUB<2GKIT?=v{V)A7`Mko1XnPRiwLe@o)JWF1+$hB!IeV`?d*7n;Hnk= zvg09wt5)M6f-4v}(B!Hr);uMGt0&Vz1XnQAQ4!o_d<%qQzLmdA)Ksp%$4b;xFprg} zsWt-U2T@bOJXUI$1@l;mnhFLEbb%UXZ7i(QzQRtn4=dzrzyj8IzKHe~J{!|so-Z}W z+72;()(vWo)oNX)=2$T6GBwBAN-=)c4Whbg1qbT}QC+oy1FxB=u3C`;@j#-w+PHb% z6V(;$3V0L(9rGytVwKd?xb#%A(^Ju|ry7?EZi;q2m44`{#-*pCT~9S%^i=wxCvezL z5eyuTx2co|9QIQL1BWBWf?Waa(S1yN`qU~rVyw3Af-zRhNifE0IjK;IvD$wYjIr8( z77QGY+X@B_`_F=b!~U~Mpul1OSuk)oZYvl#(tlnyb3$Ze&ZLK|axG)Iu(cJ;ST1aB z1v4eOz(B8)CnA_B(H&<6yX5$i%D>PaTU)`<9$Q<%&>s5@f;Ak=sEfgls5?)eRmZda zZXN0MsJ+WjE8};JNXNJ>3F@*1gGbI=2?mcGbrcL7w!ngc!xmTtbl|WB77QG=z=Aa# z%eWAPj=7M&sIHDN7gX$DTu@;@Pafe8DPADO3#3TpwGPKyiWf+c$hTUJgUGjF#zEv; z2kYU2{eQvWg6+6qaN298U=7DI&ct8GoJpTmAsCN~xU+&W9v5+E!8|VF&VqSd#GM5* z?Zll00|y$QB1Ll_4Iu8Ui-62u;?9C0L+m(lXSFsQ%lHw3AM+zURb6Ccnush5W}1jB z3uc;#EGz5Xf z>M@VfKUHYZlJKoJI+2P^A?_@gZ6a}J1ru!(6+SBsAnvSIxQ|Uyh>`z!#u9f{4{)GS z3a`2cHifvef|%e)jatT!Kr`k?`ke}-n(MwrN&H}@YOCPUI1;Q@OO{Bmg0Pk>kzm2# zkv%TK7(Xkyw!g-~N?wcl{3Qy<}6jVYGs7XS>LrMI?*2AwHGjOILfU;X>izI7Yt6LJ-%yCZ$W#Aatqct zy^Kfk@-dIf+oX%rfTY5y32DZXVGkdX_Oaj|c`1^oW~B)M_dD z_DG$n$0O(F5tXDj4lbiT5RPdtf0DXaT^q>w(E#dRRY-5?_*PYo3k~qCssUsC*pD+b zfNMr{A)z&ZYeobE2O2;mU9HFg`#~gKt=2NG8BwAC74Rsg^oU2h@=A%}>ZTiGA%?3f z7)=ScV+dwSd|$8bNN`n+o=l1F>y1`x6cyEiSt3+a>t3CvQOo2WXvQ>^k6E`$Xq~10 zScxAfVdq5sv0AOS)E^55CG4E2KUOQ;V&_EtvF;S|+@StgFmSMQ+OU38f2{w(Ej&W% zkCm)~4%Y9gKVHVSP~kD($^)fFSBW)ap+;9Q%U!p6=q0i1qDEIw=9VtLqSch>MmS)W z``Vccd1J~>w*7$*I_6}?Oz%_e^4SwJTKakvkQiTo2GQI^VW4@KA z>JJBrALy39J`^x0VOQ>tBtVTLLQyLc z!8hb46fHd>!o1euwDuV4(!`0ddZD0x-7lnSjM*?bj-K( z+g0uY#rB2;gJNr=U~tvir~(+?4r`-e z;IK9d1`cbZVBoNKr=p&QV;L_)j3ZuNq<^mxBg_2)-MT=xbWyLm%9GRoEcXj^>jK@n zK({W?tqXLExV_4l%mw21f`J3wB5to%>lSf)l|Z4t_Syt99Tm4<#+g7p=1lGqbd@Dz zbsR@9#){@$pm|km9Na?lbY-78i00{9J7C~I^K^+Kt?(Sp)8&J-S}QKlybCl>H&gn5 zXr69^1O^T?Pgi@=3Jx@nT!Tv1u0ZpGfH8k_H=!-QXGz_EA-?S#AJCJ>s;fF`Tsy}H z)atSBu%SC_sIFUa4{YcTJ>Q|{JM>&v*U-Z}*EKM}%#R&d@aE z`n$t&?$BQym8OUFR|k*{Lw|SZ?+*Rd0rdFaGQI_xG2e1up|F)D%bnALc{Jxp_8iGl z*{(pBDJK6Qn7K;+K`?M&!N@--NCw4NF!B#-H4ZA<1#38#(H^9XY0n*jLVMOnasz@{ z=gAESW;u}?P%zM=CO06M^^M$sVBm0WKrnDP-zXS3oEuP>5gg792nG(vCl;9w1)X8w$t zc|A2cmT@N7Ip$1x@MI2DP;E-c9H_L~+|rU%bdotxtGPwyKrm~7TmyPo1IQexRNETB zo#ldo1JA(Uol>+6&wvVj!N7qBOohI#Mgd2zAIrEEM2)z0seE**;#HguXIO)&idQR~ zVGX7#UagFpHJGY+6}vNP*5EVNV5;KvKX9;np(= z6T!?QPBsVz4%U87Hb_-12TnE!1|6*ZoNQ1lIC2eG#=#iGn1kh0le0wI9UFd)27P$+-jDy^T%!6@|yAaGcxHDcb z8dxlgu3FzXT7 z4kf(d47y6TL#@WK&M5UF9yMof%%k$^SFDaJv}c9(tXLh%k0`MZk60bak0{yi@sl4B z%#tNPBAB&@{D@%i2<;(1qE_U9_K+V@X#qH}u;fS7+GM?qTOrypx5~dKC!yuak{~A` zm^F%=gka_trx*l-5~NK|Lf45w3DPDfp;qJI6oX*K!6^p8z`=UTDF!X94aYKm#9zn! zD8HR-f);#_nrwn#mND4`!7O9434(bZaMO(32I~>o1i`?8jJat>t>z48CImBQI5Q!b zIm4L=xh9^^oS6^|3A2;p%!FE@BddIt@iJaH=4E>Na<_^)Jr!m>6$kZH)aj`(>#3;I zQ*lsFMV*|s;-H?2Iz55I`YRYXtiOVR!}=>2IM82m7jg{YAo|N~^lC*D&|hw&S1VFt zW#u+{UEJ5`SjOK#GvcrEe(l<1dB6~FQzsb2+tdjL@iujWLA)1A`Oz@g8v((<;b5F# z;P65z7&vU|1Otanoji1K*qIaz9G(V(fy2{4FmU8FSjNK8vk41x7op-LqoD?0Fry(Z zE?6UF8N%p3L6~m3PR*Kr-K41hEemP3o$ch6>9@)y_Ut0UCzxj!5kA2@yNK`!=GjGr zPmc8!3@q3(8Cbf0s(JD>tu56u_Qi-MuS^d}M{E5`)VD8fc)4U}cA|FNzJujmKinIf|(7}Tnh#c z6qcH6wOV1RxmEzhY^YnT7ZKW=^a-K0!V;uZJcnW1eG!adWBmwHs@3XDkWw&)jXD#g zRHO(Ts53!IwOXACQVP~^EF(0yGaiv>4ofM~JhehHOR3gP6Tng`*8`X($}KB$ z^uTciwy~`eWAf^wL%KNx`CuFQgrQok8eC5zn2iG0lL*FOQ9rIH(VZmVK>fICTCL!4 zs!=d-WGHx<9D|<|Ld&HY%9qLu^zqt0b{eUD5&$RFc@J zT1|4rMwgKnJeiPJo(JX95)`PhWt2;+71XF7<(62V{` zJ22wGYHf^LMsf^dLUQ>k6pQOtA4oCC?FBz6uwlC|dz%Q98=qmBD~0l#X(DwIV%~j&gUkLX;zOfa3HPgPvhQxU4C8ibyTP(79U>8Vs)PerJnN*nZ4 zlF}16?4m0d1`fOEf`P*>x?tc)7kwGY@uCUI>E~#1VmMYDEmI7~uD4(e$F8?v499^7 z!64b*l3?Jlx1yz2GNuUr;)#`vtQE zsO}fc5}>+YFiV;0e!;+D7hNurrA&3dVBoMnBv`|-Ot!(D38Co^$#*l~x$H(T^PP{7 z3TD3Z5mLd-cRoTYm}Pt6)S0|Oa5!})7&x3d6AT>7FQ(Ww+c+UFJtH};ph1PW<6Nys z3Kinqfm$KOUXa{hNb!Os7&yEj2?iqS|+nVJs~Q6AD!Ctu(`}fFe}*39*STn zm{Z5{?olu=LxQ1TUWNoS4leT%%s9BrN3e!t8By`q2~p|$thnb!Pe#qxKLs;t?pGJg zal))rt31e z|D_S?I}62kK0T^dD;=L670mL{S1#ybqBu06|5-j9n$Q=Pz~POuVBlb3;LwCxmz$fm zgilB=kB3tUx)9Vd<5YrRmKitY3kG@KC<|u2;Km|dD+&u)7&w)nR>)&v(1rVEocApH zA1qvc2Uey~#w6EAJhWK{HU5Tf@il4|3qJj-9+1akp_`7~gT+EO4g&)Riv>wb1qooG zcQ1m011oW!PUtel4gw}5m&e05SQW=Gp}G>X2CFL^dGa7QyzAu3GV%h=guL>2IMkt_9eihrAoZzM)RZNH)TgQ%kS$9DsZX^s zZ00cQLPZc#94XIC+H<}bupMqJ+q&@{RyZBy# zU?zp{?+OMEoW=~{gge3aclBf(x=z3v$E>cK!4?tUWHBMWd?eDLs`q5DEG48v)oQgT z9jdxet0b3j3Fg6a37242doJM;%=*Jo8o|JUZQv-4?&dH<>L|@J;$w&t;>(xf1}c@p zA{7)&1?9zePOYd=mO-!s(IEr=2caw~oLW&|a9~4pz`}j6ASBkdS`(tmZ&JZpy;7xS zJXy9JBvEa!hoc%o4}#@|swY(rLo$k}+E98J2M0;i1KF~?sJhlYu3&j-hGIf!c}si? zLP2jM+_2E_EeHj|&11d=A()BcTM&YoD82pxeMowF;CaQAU%TzMZjESlbKd9Op zgm@!d#idpdqBvxul@EX@79XIr9yg)M{uY4cQawy5c zaPUhw%b`}36UE^h7OM@xF*4MG+3=8|77QE&$H-8t6&wV|Dnq@D(2&%G(DHrOC=MSB zR@TP|xrj{pAM=>Jv|yGad1=9{oaChiv#yYr77QHhZOBV2$F$rFY5~3pdF2I>TUL6@ zivYQ0!7PiqNlPmmxn(^uY!(`ooRxVXx2$v-tYM+y3m$51IF?B&UOpkEJRY*W%HvsG z$o2~68KOkLhsYAa!5?M*U;|482Y=Lx^axUM@JFo;$1+mF08B_JPlnSh`V_5)&1n|F zY&?|GFe&UJIL)FIC(^^r^Su$ZB0bDJ-y2aYIEX}$&{xV7#m?Efh~%~mPe?BRMO*kH zg-;{v+q@=EkqozD@cA^d{%5K1X=K4no?=t<1qTLS;W)PvlOTDoZvrn@&ZamM^2$Tu z1dl#u0YZXQoZwNbWyT2}!K}{mtUOo@J|}qeKg*1iy*`)$IFh&nn96s+M7=ysf^MPiyB0bD}eV|#!h%~;QAd~<$X?(SU1KUt({AH>e zQkjrf{tF3n9SZUwNSF&|iIOlE%n~JGE|>}BB$HrBl$p*+CVc?AF>@IKLI0S5y6|5o zove~1!UeOWNQ4V!E|Lfr%qmGDTrkfwK5n8jRN!DP^Klck!X)PMDN%w`=JF|X`83zy zWyA-!C&ZU0L;71+)Ika^8|iPgS{9_gb!-fIaY`gNqZA)4S1>Djw^phNGvFqo!H$SWh(^Jr&7%DwWhz$x%;5vYtv;^aKvO zY=VKqQ3p+Ba5(B97&vmXw~XWAQ(8VAUoOS*@V3GjAUTptV2^WwQ$zTBp95v=@$&?IW#30(z9DA7&sg` zkP!!m-9o{@VYg7QhGUT&n8oZkjnx2uW(#%DY*@9V8eD7Q^ON#HE3uZ}OczIE6 zn_Q~SES;lM0dJcDqNT+n5A-IXHYOp zg@b{DSt=Y16bu}826bC3IIsv+uds}$;N66%^nG+?ErazEAsB=85+N9awL>QugJo7< zFsu3Mx-P>72eX=r1hpbZW_490EF&)lJ0`C#otKkgQn;8;Fq6W?e1e%2F6KMsVm>`t zCApYSFsmdN^9g2Bs8SHjDoK@sU`_3pkr%I=ke9xXJS+yma=>?a)C!?22Yi=Dt)6>) zmq&gYgt8p)T^_Zlo~s4b z3IX2z3kH+yGzx|`Fw?0`(AWFGku!an9D{%fdFAJDi=Vt~UXF3+7C*H@fTMPTL4e}` zfySVmN!nGjW;%sHm|98-OcsXoV4pJS@2G|&dbgQe0y zFb|eW1HsG?Dh&iPL%5z%Ff*ho4VIA?+B+eyJQ+?nYcFM)Q7s^tXC~DGg4sM!Eg+Z` zn`!~UJTs{l&@K%e%uK2U)Vf?|Z8ez?RbC4pAJX;_0&u{n2T&_KW@b_kpjHUL0n?X? z#Z0Bvv>io`IA9!NRx3#*}O@?wY+^2%4yr)Wxr$mHwz00iJpk;zx9xy`|59W$^* z$>a-Wl_Zld7z8kHxr0)zjY-RhiWiNEs%x`#dkfsgog#m)8(kPIno^a?Iz%){OjqRKBJf3K@+tT^QF6(q6ZkiQqqq>#TC%(5kaFPPay z{$4QSAb+p$i*b;@7p&n}CbQt(guL=b$k6NF9)`m{n+&~TMV1~Jdcmw}WatI6s*#}= z%+e!6FPNoAhF(!9a4_e|(5v+dNDfjaB$tQ6A!c1<1OccY-PG8YP4}!}f1@j=t z=?iA%e7t-@eEB|W?BE*p zTRYdNBX^ek8ueS_`%ojG|5+;32nc4$QzM}7)L6x-5fBU<_&(GKsI_U=GD71;6GF=i z;wDN(*)0KXq7=*$;3i7Jtcbc+qvkhf*VPKicuSmJ*9YFg!7hjT0<}Ui-V*f%YW0NT z?7Cpqq^d7i#*iRj%#ga&Sg8nzLajJ|u2v8dq~iR!zHW~kS=Kmzu2vYwvPMOMT45Z^ z8ds4j8PXWHjJzOVLSFe&oG@2L#t3zgs^rKC^HWZk>&ZmvoS6T|5~ibez|1)671S3T z?1rdUQ2qyPUFEpccv@65C^ZHSER0TBxbGEsT5TPj5MQ1a=g&_$f37Da%I2B-NYx5a zct)H*S1Ux}8BxukY#>At)}oq0t)Aai&9F?iA)g6(070g4(K!pa(eEg{fqOR&eAlY#H&l1L~@%K6OzmOA`z}r z-VB@Vwzixe7z>E@*1#Ax`z$U3(EAuRv!D70og{}fxVO|ls1+Q{{;GdiMskocA-Vi8 z4*2UcWyq2Jj+`lz$E@anzmCVl5N0(M4r+xV%xWqe)CxnG)l@j>icuJnvw9h!(P=_x z`CJ^=*O`CR3RjWi`nm@Il9{8_Ca4vXnWNMus1=f#qtqs-6_SaRP@5q3HIchDTfnJNpd`;l;bIfqoY6(vnHMxV$GU>F~nLk1I7?*)&vYT)S4ME*idVxV6|q(6Kp82JYbCt z%On+pm=M*xCB3NTPdvfdS``BZXKVfh49?d45v=AIraV6dh< z>wq=ZEF&}qJ0Z0BNP1DNfO@Lg6;BMdHevx|ur<2^#$ao91&qPg3K%ftShGv8@|fcZ zIaVMjU@*Nr=72S(FC#eyF(J8mMyj7>7W$TffO*)yWguW4w!a}L7_-oY838kET$m9s zv&MxP0RsoK(1jTyuYBTog8jMIUPf}L--P7mEeSO<)3*l%jA1h~U2qYtR&f_x1k5V# zf(yZznJ%~pm?i3hi-1|8F1QF7IBLHfu!dt9$swN!$<0U7i}|q=AKQ6YF?0D$t-knMZiGAEWBVAy0{|# zhdMJ0U0k77W}!bb88FzzEWD_2Y_!6za!&#Vj&e@~EB7Rx(2F#$%NP>eo-m~ONO9MV zhv>qLfLX0vm=Q3mt_w2+V{LU|M!-Bo7iI(u9L#DLW<;ym;KGc6!3Jh^T_3TGz)>eN!GhpDT4NJfp9n07ib8o_~^0{2fp;w}QF69Uq#Iw4)lp|Uh7_0k^)!n5W z`X8&izY-ZRTLfP-5ip2nb>Crie9c7s48%F(il@GbHbD*2`;`98V0VcF6&Q zPO{d;}MN1Pr!foqQcdw1NX4!Pil!73;LaNAPtN(F$ABIxS;J5ISK< z`FbuUQS=H$bTLW5OuUOp1go8MJXzUYOcF2??_!dG*(SM|Bw)5lzP3UzY?8072pBl< zH0oQQ%ZLxu6XMJN^HuvogQ~d@C19XtfpZ~Bv|4{$h!QZ%)`chmgN5uBT!^ApY?2F6 z0tO4QN#}SZzP2L%2Me#DM6CIG6NZ#`Sl7Ov=;bVlE@BB717k^a5lgf}JWHaBSk%gr z=pvSY!C-bAE@FvR7|f2NidbTN*rfBcNz1e$I5r`^{6v?t=q@ytHJ7sl3^}r_`O~Bt zP9=uo$#c}V{Ra$Eur)4ciPk2^Wdy_^CIpn%=YkatmSxBVD*?0gT(A-_&rBDr1k7sX zf)&9kZWd4W|9m@tz#7Sm2xwD$LO^+VE;`XGaY9{mA{cYjMJEBX3c2VcU=Ye2bV4lwY(rLh82=m8ZI#nz4 z$6q=Pm{qqvYp{%zP@yp?dE2yJ$^OLUA^|h+^tD3u4Su>@B%VB-T`m$ZNJg1lE)uOa z87>zI7&veceHnyWaS;6p(}014ZK=LU>ha+q)&~=ou_n4tSW|wED=TynCsKB0MZi29 z-G9dL^FghJCd!8;DlRd&9ok*Ws%b&vkmhCxg;e#@@>Z@T1jguM?SN8+-s?t?a#YKRB({E>|?f|G>fC z%M}gL3J&&Ou4qsz8tjUOfHfS;m=rIcFsb}CpJb04aBWw7l09G^m`}0`M)Xa$NEOLG z$sVmH-pT)fnRqAv17^wl@_E77ocQwjfPn)IcJe=3Z6BTd4;XZ$1}|Y!mWNN6R6d~& z*%hHaSgs-sHibS|9xxNHr*@{Q+9DDrFIGke-m~r?M znE^8n=hy{9gMAY~z#4;>F=@{4T$kUeN;s2@*XKN^NG6iwJZHeHT|UVz7z?%YoB{LH z@=5N1!C)3@pX82K6R)CTj|$h_32glj4R!)MV98T{Ir&4=874dqif$6D;*HcMePo?&H0*9AuWjVm%1d3qba9Beya9D!{1BX3s z!N7sXT^GhLV^R<`VN!a-O6M>zFQ@z*hv@@8`tjv;RnW_qwrkuVd;Iz_@vFzb|P z$>|}Ob&7NQs|&>{5)2&aSuJByuwlZa^thEX^>BPvS5=%| zDfHyYLvlzk*ou@%4k`0$l1UB;1`ec5a!9S!x(s6o=j^vPF7F{KW zmN6+fJ7H3K+)70=9HdO{Lg{HpM#|(a)XH#>@(wAJyU_o@ft1NzDDe#r?*IjZtUf;tZ+%A}h<6ELtEsT^2w+m*)K1a&u zP64V;z*0VU>{T$c)yH`CW=9qDWRl6e2nG&Z6f!TWKmZ3W3YizRF1JZd8zxLjk6Yyu zma@MQt6_VWBx`6XlPnMnwjyPc1#0!=Az2_8IFK^Q0u^U~!~1-}z=2~zvOuliz%e0N zpjOzrJXw&R*_|*cJ#H-{9u5(9!K_I{*afqciLeXi;SgchVq}tuunPtb98n($jW1@H zWPkrQU}meoe;Y8{q%Dr<7RO|ZBf7;gsXM(FO}DmEOqf(2Hz94U(~#_Fj;cl=87ULe zR;wouA#K4R87XgZKetHP*IJ8s+)rO?9WdC6`{~25(FzV66Y>&jg^qMTmoX_wnJ}q5 zZsNdldQ7rEZ>z86A!UEwHei;r&xi)hQuY~9!H}}ghz1NCxSu{F8m-n=0{nuRWCHwh z#Sk5i2?2h!8b<~AmoX_O&zMPhv%Us~l!-M92FXa7ShGA$OPN@+V4k4FngxSoHW_C~ z*&pZC2yj3Bao&J|1NYM(=Z#itlFzyZ4AJ43)LGYMOo~@dm{cBj#eq+BVIxxZVatGd zI6iC{Fb~IvEdvHyk+Kh4iU8bCAGQn_Y;~ejFxZM?Qim-yK3|}$Cma)hMmS)w700AL zBfN}BfqKHE^0<9wP=q37-x4esQua4%1Lomukg~s78?CUFO-6mQHUxo`H*7LCxSty~ z85~oIMYJ1^x zj)Ea&-*y}@*ou@%K&TZQY%)kds1+PICL|zKX=gu)1cYF=NtJ+D#-u7&vf0NeQSN(Ik@+5X>a|yrxEq`$x4<=aTBChwI#!0lR=PPt&oiSNswNxwn;vAC{mCzL3+W!!6w5O zAx95z;C}idziZ3D(|kg~r_8?6inDf?ugT5&)9W!iv2GSN@nA#b8^KYcPV zdVmAR#3uvQO7znw0|N$*bWE0MQb=XOr1H3Z{4GAZ=HdAGn_z4*eEcn7ma>n(1` z#d$@tkH1B$rR?Kx0rTV`U!zaF*(Q;%5zHi$uMrF!xS!-})CwKxm@H#bpqVhKJZ_&9 z)3A{;85F@74pJtAqE?23l*yo6kU`NCY(>gsP}B+z+)pwnY6S-|ZXW^En2B+dK@kkL zUO|kznaDAd^4ksi2%x2`ry7o)O3DgR*6OCGlCqwPWIfez^i-Opry^NTWs~$&nxrRi z;C}iexFVTNhK{3IA8|}{Di0WJ#WC@zx_Aq0&FJScO^R1en3Nv3isK=`G7}6Y*_qUx zhA_#_q+l?~u}r~WlATGxz+pE-FmTw-P*FZO>}CiC4!aqGfg|0FWo!tUP1uk=wN4PA z4UR4fhBkQN7YuE%dnXv$;Dui>w80C%&L)7v3%_9C$R%MJDZ$SPDe3v@(1eGmAabge zU>>6HM%5B(^QtGyLh*I?@FJ?C7apR&`KrD)uX+N9lZk>gc`qX+_%tCU{nMQ`A0Cbk znP65X-^8ln*pTTw2?Th#5)1-t$OMB)He`aqBqoKT5;1~hqy!fyq@)+A^ALVH2@}Dr zB(feR)H_yvcGI(ggo$9D4KlIxfJrtP`X5ZP$q=mJSVT&5A19=wucsp*ez~s^jjxKD z08$e=AYuYYO$cTJNKFW40ywuK7&z=t3I>k!Czp{DgP4$#9+?swNPuZd5B|oW3hlXjn}+q9B+#%Mk^^%vp{oNQ2B- zjwlEQj#R&8!w&I|hn?SA&=9fy=U9KT4r*m!s1;cUO$NA)T5&`{tyU|t4uU~^s?{qCw^KKs484d(x;yMFosZb^^ zmUV}MJ4^Lj z#P{ZCO$ewJmTGhz#x#$qMiF#&l$zaoKbPl)6SW;7Ic%aih?^UZtei*@nM zdjYd`@y&YyGb#Q$U%^z?ER!uRM2hSl(Q`T}P2=zH`61_A7+ zeUDzWde&6fe%Y{t{>iXwT_qH)auO8y0d zAvs%@NhMxXq4>FUG2gmt03+j*ViVnlg$p ziWKVR3V6{eXFsRL6R8c(JUdyR=LAguY&Ze0x%a1C^RS0s_n5&vYU}a7`|h&cAMhEE zf6R5m?jfLk_f>UoJYRx66m{QyecA3a*t^x?YO%SxH|<}7y;nCypDx>d279kZKy_%h@O#6KI8SK55ofPT0PAoy*Y1h>!Mfri=Gq`)hcT$Asy0rjzbIrA=oPSyA#GiZrj7d873b35ll#s+m`l(m&U)+K24duj8ZWlrz__>@r%v za&X4x^{agC;RKvpzmlST_q1e(x=*Z03TWRwO<8&WOR)E9cd||!eyIBtd)w=S-RoE8 zF&1EN0fK$^vf>B2&tM-czFxm_hqMHH$a9aq)~^HIXRr?z-&(&i)w2Y7r(LXH2YS!o z?hT*UuS`8H!QETD6Vp92A*8S~xI24yBiFCo!WZk?`jv65ZvE<9pnM!pyZ#(V?7z4v zSx;>hv8i(R;r=Tl2A2M{&1zSS1fzX?4Dk=%5o55sUpF`(8$+*wxqdl1gUvoZh+Yqa z5rm`bYUyKx=rys{FGq&1fEB$)wox=o9V+ce*HSmi%vJ2QaBl? zQM5JW*eH5)So^Pvi0#*}qoe4{R&x|>ZZ%#kQOy=;Lal23O3m7@U&lug|ERa*`juVA z6RG7;jg9py!(M4j+;4XMYKhl<_gcRWbe~$2CZK)yTE8+7w*-5ycC23qy3b(mwNCPB zu6%_CmtgPJ&HJxI-Dj}(+UEUN1uGX|?<=;nd91ZNW1W-kQ|!%F!FiKDqgJzGZ&@vR zm((-%x&(J`_-g&CXzrxbz}^E zmBZC-{o;-u)~}<3=<5rbwIo7ZSN|LvM2s0mwEdT=%Y%a_tL3a{d)NJ26ku*b2v%ei z``9Rkt8nbUR2beyv0uNA^Pz!M&K-BlldxBqs(yWVwumJF8L*GDG_w==?+xPG3Lw@_!5-UHIU#G`frY*l2{hy_8kX~Vx z&s=^#zQ&#@eZ%a^p1x+?`u-h#h;P579wu*)c&RXMeR-yT{Q>C>(k>OoJ=A-KxPj5# z6W6vLJ@$?`%PzM#{hwxZv#rT{RsE4pKB)5OhjC*H=A-cH^t$n?lwD6E?`v zw7s@Z2C_gO9Yf2cdFX8nxw^(^+NixK9U8;HO^EfGvy1pD#|P2-t!)r?nCeL6u|W(J zw)rZYue<_Q3~aL2XBQ5Oq(;KAQS=r!_u4)Ky7yI%^P6h8Ttk~yQi<2!ybJnKfIx=hUot_C%;~w@rJUb zV$^kpzMTKC$KKF^?i2db7P)(;pUuek=zIE*U+3+ml&AFN8FFL58_Hsh9zm=jQ*SS= z?7n-gsRz2x&^NHZ$ghi5WzOuXjy_MnEb<$TaipGkYcS(0Up9+CMm=Y#>kYHLp#!~V zi0gHGFT5;U>#=vlA-fq9H}+(6)rYupWV5!UfBhlR4K%wXccAx_xIWVq5tq76VIOfR z4>gjTwRad9--|)EDHd<4wRKTm=f&)O-GLXAMXV-2y_gEMd%0RLhOq!)Qm_i zR|m&1P~hgp_>_yim<59v`476l&+c5t%a0ABSJTWGT=*o;6|iEUt`Z0JmGy2 zw=Lr0&+g*IEEq+noXv|t3kRi-`DR9o70tuoX$e}`s<)!{VyaBL|JTea(a1Ljdofk( zJ?c7VM;p)f-7}_hsQc8`H2Jyv-jHUEagV+;q>kxSX?p*!Ir@6twHH(M?W3-<^z}+> zFXmA9DSd60%+S|GGbZx07gOcQ;zOeydsu>j=VVkQ4fPGi)!W&M}O-&eGQ#V8?V0b)TVcV1M`XuUYXPeMet; zG4=6*{!cUN*%l@EpI%Iz+!*zorEZ|yHTm+~$E5cRalLMLldl=XzJEs?vYTk|3~{5h zS&QkUZ?Hr)hgq}qVh;7564z(VZe$E6j|G)*nkSTX^jBSd?P;u9b;54#6{C3-$+y`( zX&x@Juww;u@f_;hUyo82S>8 z5mh(6x&lu0irY9rbf>?tr|$ci;lx07Rlyj9G|y5tY)C;fLi6$%Ce`$cT!q`qT94tI zCcGHt)3hkZE1DK)r5N_T+$aVfMZ6+J)Q-PpZe;kT=_m#^SnGMbB89rX0$y}>Ha(J5 z=do+w-i!`n5%Y*yul$|SSf3{e-YyK7G1>bx@{QqSy-Bl?C!=}GU=o=>CR+lc@eM;XT3D?or zbnXCsE6Xp-g!+F;2;&udkf%FYmHhf70IZp%uUF@jRmtx__Zj*+J?=b`-XTi#o%~jo zU!O5xkQ4d_E=7qi3))7UnI*5czb7TV1HEUc8(81{?3*k-9d!t=Th|X0*Bj;&%dT^G z=s8Q=K(#Hp`QB6F`uy9CU9t}(;qoA3FP@G;NWb%1A#*JKJ_#2-L4CKZd;)*F4C}x5 z!%Mfu_H>Yz(@My<(e%{TL|gxS)5Q9>6W7?QF#i6|8n*xV7@Pbp-g9~5l ze#WVn){X;u6epWXf_4QT2Q;At(W_tjB01FY+-bw%{p&KtU5J|Z&w2_i7qRbNw)jBz zskv(Wboc#AnhD!xY6^X4YVd@*5chtNV_VaNZVY%rU6gv?bZ^_(Ft z*KT^()H~37hPY0%Z=@%bo`^@#F=+4P%!of1x4PP8MCM5Pd6i8eXr54}N9+kzx`p+B zzrn}?#c`Q#e&Uq@%a0*fa%q?=$v2JH|GY+r{>>ArR0*s9@i7d22#ukF3VIrNV~57j z>vVcTmnu`T_k@m)qR+rZy@$SWUlD;z!%WG6QH;`WjTOFnV>vI{RDz!|3j1T1hMAH> zqv(`aC+x#3yj0hN?4u*cc`>lk@e2E6my`nPVrGX%(c9o_nIf_x&S^9eQv?p|^`wV@(cJ7yoyt<}G-_d7J zsBR_e|1~GSPLEZYYx#Aq*5&oHH>-{b)fYTQm}kyWrUf>4JNlYE>-+cgS$@60%OJ<{ z8)o6s6RPi%_wPS2{f0@nntlB~0=%=-4eab*J154aqpm!mx_WLj#0hbM-s~$+s6NO( z>N%&I!((SP^|Fq1(tE0!&8H~bH`WsxPc#l%@fLO zjy<8w8lB(?b+1fce6+8<)M{PK@L2!3-RV+hjJ(?9n?kGlBH+9mk^XJ@uQN8R{zu0! z$iB5PG#0dKbD_(I5vu2bu%V($wzFifEU57 zeiW7D5ic@hbZiv8c`i>Vqaa;O=(t1%RyuIEE+LW37#$l$Z-dJdsyjUPp3w18^rkrU zf-CFl<4{LNG03^?J)xs``&?UkLfK_JciM0)D?FhtaghaREm$?(b0-b^?q!P)bf225 z#!q+0)KvU3&0S9U&eY%ubvcgxAjigdkbiSbsO~ZC5gb@*M#;4@$F&n|rqCuyA&D9K z20G}qrh>ga`kp@9(k{z!8TxuHbxf%4ZtW2qqOVs^JfXVt;5dDQT11IcK3QEgoORgzAFd5#BlNY>S+GBfZLp^!+>O*%QhN)&5U23w>LMjliBzR;G@6 z&Js6J?GoLA-qWeqe2T(-V?Cih!`6p%Q)fEybPTfevuJii=2-fD`c0mY?n+9}irXG@ z!D(-)7mf{hpI}q)L$9a}zn%sg{(SSq`57kEbXr^e+CJk%j*y-kttTx0`IaF4(0F=< zjs=h8*rj1|?9g~(owCkUNXX}R*0FdyQ&y!_^)0N+vS{E>#48%^_OiArdJR4_q=6Mz zYCK-icq@xJ?0Y%J^y=IgldO%GHIWV9G!;~Ds;|`!KRTwQT;jQa7sGs;UQubTcxqPd z$S8)HHbu#zW7`?%Z1J$~Wq2{nx5X=(9NNp;K5Y1=2`^gG$x3pv$zr!9)OX66UXevU zj1To0wX5xQ)uru2O`FR^TpA|YHhCW5Q1_|n8YJ4V%NN~Qrj}mQJhIy#_l)gctZBJh+bC15KZ&UPj`6?`s?EBzkdVa7L z{a9xvwJzuH5rksRc(ubsTODja)P07&*$Bf$rnP(Y9epdyugh0mhQ3aZ6(1`3bxEjw z*ID{{8!O4D_z!fSp>JSM_g?MZtD5SkGiCMtgq{l$!bE-pi@V3L_o!wtpdrnc9K+CC zWBXlQqU#6)ds}S3>p<@@|7v};c6Rzd8F!~2wc6DuDK1M~E!r~((%5x&xkF&bu1mV@ zc`%fZ5QHF%pl->j?`DjKHdR0M?&n9{@^+~A4EH+Szj2P8MlhHFF0|OWBH=4(~Tt@&D&z{A%%KAv8Q!}oLgO-}=tBHuJxMm3&Z zjhnBfdor6BphBcZRr(h`f>2)|O%cztXq1c7`_ehk;4&-cmHohwM!7io7wXth$=7N> zntz~^DZ>{vr9LpEURi@nnFwnyYcpc_rU{qY0Rb!fwMxmwE7EsUVlRF)UMqMqe9`5G z)ah_@+MOTM%NomvZ<-D%C}l{Jx<-*Dn0`@luLGF>A}sCSJD z4X82AT>(o@ivEbzCL@^YoDv#vW@P+p>{AT=!k@3{tk)*(<5CR0-pg-|^-o_o2YdamsNBKsGaMYK|6T_t0_-?g4wkU&ckjgo4RXA|4bJIx9Gq~! z!%#O=EXB~T1?9r2Yn%N`IM|#1a^VhkpW$FX13LPeaqZD}^py)&%SML34s&q+C|`Yp z=n#f<;g(_uL85~#bf%uo@b&LMpn@|=#Dl%3{A66O}hbkA^r_z`^B} z9fG!+_I*19>B5PM$)9F4yh+X!qzk8>6Zs$FUhfH|3wN;h4EK87j}_SmyY$rD4=;ad zPht#R!cNXjul(0GPo+|R1cf?F{TiYhJV#3*T~5AT!Ut;2ht%bwOl{PG z)MUTOpU}7V`qicG_E^Ryevq2%WYqZ>Qw-_Qiw&Kn&VS9=_)+$`R;l|*|T$av3W?dvm>EkfZOoIbbGi13n?ZwfL7 zF4{0H*`<$6j)ahsb5pZlNHzS93RBkFR7ecysULT zHi&^=5*I7#%P39DWU$%~dt1X7g?1g1%|LhKea+;wmo1V_ubQpCO0OvIh+4DbjOkT0 zq?0GX+9;MtXPAkMN^`v;#j~%kIy#CzADIqOb{U6mhZ#qVSvvjA+7z?9`ChJ~hPAh5 zh-6}{hdIeShp%tw?9JJ}>zuJ39{$VIX9v4ar~DvexwmJzl{rLT#!!W2Z}s+r99!#Q zQZs9=)pc*t_FZS`>y@@DjShC7p>LqGd-+X9-pQ}R*21!1lJ|q0&^OTMJ%$N^JqB;N z7hxFWJ?m~B4Q}s_?FToN+( z#$f+lz6GNg*k!S^(opf#Z1b^Ebb6WJl~u=-Dc^-SK8kVHaph0A>t)Tn9vQ_j>ln8b zs$&Xue@o#}z35K>rY~Xz7zA?L-ZlP&Yd}^pTh%&6`5Fd2k7>!nUmizeVE^u5_>u)11MsEZanpkzmJC9J;8|Lza4)vZ9-oPO5m2<+J zjyPnu#J03mAL3eVqj*1=+Xqy0kQS`O(V^Z`;+oS^xNoEbZ&)L-OWR&~lM*{Bb>w^cNCBz0=+N)5AndIKq!)ga|^a0~+vA~G(k%D6b; zvS19M<2@fpxU2>VmxE*I)ije&D<84C0!|FnHR!;X%Ir<8+y_T7u*EI;v~rqeIWLCE zyck8(=f>CGmpU|xVIoiVQ?JMzM<$S@x(keY2i*|>J9$hq7oI#;*3G;m<((zG|DOjw;R$CgD`gQ}qPxHYWK@R}KuCBKnx z49*6v8kaH~R0s~(ok1?I&bbM5#-;}hnA?J-FpYh`WOT1g9scl>$34#eLBtttp=I8@R{-~N~|fF4)J1?lPzR4@RI!$5)C7T>3i9Qs)>h+at>BbxLZLCwQHGKfAir?gsfq6t#j zpkd!OThgr_yN~1K+$s|kZ4?7{<$ySb$+`GI#cq{}ihbzkI4_1L2jdmZ7POZx-} zO3{MK*6Q|2P`x5$O6X_7C_1~F9*T(`dMNG9V8ecO^&qAD-4w5LbsAQ;d$LF-bG(sn z3@ng+0GzIK>uXEG?7LS`;z0N5EN}92_x<`hWnf1iL5V&D&LGD&Y>=>Hf$XE$be*HG z&(!J6QUxUrbf409Ac5Dru!+8>&l}r555OQN^u<&*2U#HNZj!-lob?}u2|NcS4s@TP zuhZkMo~n<1PUv$`BFiUpojOe3zPZ617W@7l=CuPZ9=(@6`)Fwp3DL$jjoUD0$u zuMg=$PRGzIY@SY9S5ThI0T+y-SKP*lwnDa1w1xNBCNG_iYABlvbOLZ8$~e87P4K5qgSL* zDcM*siq6jFifsiLtl0TxuwgX1-E=X#Ga4@0Sa;D@L^58nlYC?FF_h#|nvH$e8MCn- z90#lmgT;`25Vh|+^N;NZJh}2fNSE z*XeP$Vt19RGxU}GR#{HhmcG4~jOEu1Ci2S)=2e!_je5?K*W2Gbq%7*%jGy$Lp>AM( z_tKm6?`B_B!>qD8Z-it*TyL23au^M7q8wogrzgmA6@xVv-F)vE;yTT~kxO>2$sR#B zeVZZeY3~?>^e1y%WR4j$%;L3}fpQDo>vK~w+8nNj**h8eiu%UWz{uyDCQD5VKtWgR zP}ix_`@Q<{F~rb#N4%jC+}_n>|5zm-mCnC}MkAbLfr@ zqF2z|tFJSf*zMJivtsB!?A94^i&13M@7O3hRaL~G@gn1C-Cq6ZCnr@piSZQCpyleX=drdP{t`)(?_u-aD`JD(IX`R`ywIFvzFXX9q=Dy6tTt=(^)&6UpbycH5PU!2k)O+W3<++EfnX~4D{F_S~4|Si?H%!0n>5D;?qm%OQ#U94?|VC0rI$Tk{93pRX34r`WGk#~M$&BO z@=cS)ZgYoQfjxE8iIqr-b^*6l0v zv9o6Ed$V*St+hom@hpeQvO21;&iap0*EwrF$d<(KoQU zc|H7Y-4$CLp|4kG?|Tn*pP{eQ<8I&ErD_X(CqLgEvF<{?`$10RH}EEM-@EQ2;rpI* z>N&`<)xP&o?}0>N$z_O z^`0TF^CfQVzPGK(9zmzx>DbRtU(en?IC#)H4Kj6ka#H)=bYJ52RpvWhb_eM<8Tk#t z%}o~0+Q{Pw4RX}$LH@1fs5cecBr$t@487vEF?ip*8C=F%)J&GUL5i*IdpC6fD<>9@ zGh&cvi`6azep>A|S*Ce}5yMPd%Tcd=iR*G!435LKQQ&_J4v-#XMW?FX_tpv0x@c#K zQVfs91uyVF21iH_j-t1;nWJ9U8Pa`@`lwnAFZ7I2;C~FxkRBXGZ*hG|`+_Oa-_w~M zhjoAGag6d`nHyYZRYhBhm~yl0WuE|3aG-Xl2f9y&*N*i$F$$ z9Gl!hHjL;(R)37T&e_~SGK}cLf$lT(&HDr0zIsZZGxO_~RnC3bUI-KVdMzcokmqri z&^Po4EWf?Kvd27APM@}6x*&AHjT!p9L(LPvqd`vS>&+_Bh3-1Det?tmskC|?Akl>b z-6!%(3+(Ru1+Re!Mo zG?x-O;tkFDYVT?e%CRvFV+m2-zRBRKb`Qh8%|V;zM9baxqu^@LP1=g#noC^=Xf)6U0wgX28>sEOy0YUPr)^-T5p*v4?IRvF zh7Oa{b@$a@i))C~5J{1emIzu>kv<0-0QLj$=?s}jFKH!8Hm{|1{n7pcjB|3;Fed{PbSG@@2sDn|9#9> zSm}puHqPEZ;5k&=tjJx*l^fJM%3VLZbhQ&-=trFG`U#14`o-D%hgX+*5~le>J}Vi$ z_AYR# zr5iFI5GK0-Lb?vfLTmx90ObFW@qAK+dVZT&wVxA1?#fx>6(SdGhnxq^rj!6Qv;A|M zU{i-d#zm#MMrZ~Awuu8-00`cBS_L0knU3@7_an|$sp-s&8`BLPJEJPxZAO1K({9tS zv!@u4P@q||&OM7%g0`gKhFzSU0M6N;W3on_I!O+^`6GX+LD0*6v$68MP8GA@HN@ZbPSz1wT0i4?KPxw6hl9*jY4TBwy>T@VGF+b)^ZIIR3o-u zUSU~XuAvO)VAzkdTy68YwZDb81N>+tEUl=fJfMZ(pIUeg>dC1x;BdXZzwsK>h>J?f z19}1-brtLB3R`!G=yuE~sGHZGeb&smgz2U{RN0XWIAc9}(+MGJH4o@ebUj9=PTf6S zPadn~Z*L%MtjBFTKLrvpM4gsI&Q6!wc3?g5r?YO}+VGWESZ~wWgLg+}?!_Zr4`_kx ztv7V`nqTrjs@6M=SVLFOY6%bMNOaVt^~fzJGdw#3>jU?q>*e0FvK~3^j$o6rM({e* z15U$rHAd=bAPI6S^?d5pcxK2Q_0XStk?8@45IX46cI3yqW{@dO%nRbd9g_|+YDO); zPHo(}OaNZRvY73=Ap6k5=TTQs%oX>t)O4|HUhdtv-xsu-R9C~#i&k-B&OkG#y(B@C zX5sNHc_~=OxA59cH~YS(*OOaT=B8wrc(wDv?La9FJ-ua>)sWnby#46;n08UePvU&E zo7!JW(TI|}F;KRm#SrT;^%_|{24uL7!9ui*MvYyKfjF*ju|J~Oblno%02J)#6g{|8 zw6Vn4`xAP`UEQpam9`i9HT|w%rarc?1^52+IgE$jwe2;sdK8e!SjH1db7sUn zzVI&Ze!@Oz2c9|JW_a`_NqlOt`iG}4n>{oUw@r_CFm(OSTTE*GMeFI&yB>hL@|^TT zeYyPK{fa}#qi(TN>b0P50u>wKi&Zwh(TEx6aOfW)U(x{==w?nOic%L78x zhI$j|3;>;aGuSgGMvbRVZC94mz!Nj;M}8l6J$>NB!ghue(z$Lw{q?XIG-#H@o0i^e zI*YLj01a9=KmbVIW%3ZCSOLf)4FENrf3=#<{$BIW@`f&IZn9sY2hgSIknmu-Y0#jV zv(9rDRDY!zE{hiFpV<|Ba#ygsCd_!AbnQ>Og3qxln03pDLPN&$)Gce6NXMY+iJiGC zxEli!TYr7#Id%o>F_7mMWR0&n2KCSp(MCZLj+@$bb8cGR6{e@W%f2}|9NzogPpkw0EL8uE#P_pz&Eivwm5TjIiG9!LOUU2e zJlpsnwO0%-I)Wjikp;Z}wCysW5Kkxc?q_~t)To;~@MrHm#itg!DLWPjHY^w+BDe>C z_Kocs0&-fd=Pp#Or~KXozb8MiX+MD6EN(I|HZ}gjdc@<-46Dz8Jn9xc+*Y3X@SLMz z!*45mVLb?)CJP9WwLbOUukQHItcSUYT2FVP8qA)jJvsARF}Ubxh74%GvmW{7Zav4B ze00_=xYs+H@u>y()*a0^X1p^(a&O_r#yYBnl5T<)Tbw&$$&W~rU&t6DAn;u*~Vz9V~sK&EJq}-Xdo0dGJ-L0c( z$;Qa{RqCZUA>F-Rzmy$=2HOSkdPg%pv@#u~E!}h)V$tjX5WMRhj57dSJ7O;AXg+(p zaB;@Ma=%dC52}SoO}lkR^WCr8$Dl#8WZkr~7pB9GrreZ!(oMPNa8s^7nE3YD8#BQ zu?EWKi2t0^jlIri_Bx-`>)eilvT?mB_l#cWbz4lm&V(CAyY|FUn-@=PYQmz6n{vx@q=R^8a^e8&AcHE+}-S9O20SCBJq$vu0o6Hr&ac-`xK<2HKMEqtZTnmN>%=qX08 zd!29dBq)p4^WMU<_c}q3F-seJolkox+j6MWUZ-(Bt#`AZ=zjJKR)D&)-n!TM#`?`< zz0417<)H-@%vkq2-&mHK5xlAO?7dFVW3=Ab>wH45^XYv{am(}TDCW1i_3WBh$k6g% zb&3rr#CslqmBU%L;GUfnsjNqyI}-t{h|UPXz259RvmSbN_2nLAv|!%4+4;s={A9Z%9%Nefp%sAmwU~Y}S2$EPU5c%U z$IZ^*or%<@TQ@u3*e#hf3)=N&=b7msU^IXDXMRb^GOe&qUmVy-ng*H7)w)`-HpXt~ zVf&?K{KHOCL^Rjvu3LD@%+v+t0Hq^)*tX**`jGwMkJ$5#*`Y4={0{jBtsUrh>DI6s z11$n6${l{0GP;oU7{*@c5mzDGcVT_fzeyG|*I2vI@8tHz3@b;iqQn9sK%eM-Y|0t~6UOxo5ki)A=#i z-c8UvyypzcJy3rtd08yzqILt~iRl)IPqk_T3UT0`1y>j~TF<%X5vj5sE)GC&ek{2c z2_YuLsm4G(i_M`zGuROaV#Ro;M+6S)WqOx8L_l|4_6yq~=euTB2STfW?Yv&-2?c&= zMLcl){c89dbG?ap!8_cE?M;VkM@$#zIn{Kwf>imLchvrjdLeEw6Lhg?4JYOdOa}?# zq*=0VV$Q;J^tfru7!KPtiH^2+jEun+u_%ez)4{hjHF>gKQ_mv%^7p&`Ll$|AH#U!a z2J*1WiPab=Ytbyy>bZHYFDm105$(o6p1)~txr5ljs!G)uh~wJjJ`5GI$l4M_WWm0hU>tWa6A&aa>F=W(7wCmr8 zb+4*Xh~Bw$w99?i&7t1qu6cniPRl86;3J3W>SbT3Q2%n`fsczW_W`}kq~}$aLH{;~u<=1^uN3vH^{|5n>RLPM$_Xh@h=XoDVlQ+H2j1W3=u2<^iR1=v)VuVoHAHIWap$u8q@GpHya?i10)y(eAx@^Fv?T$ojfb)@Imx@pd#nI3r%}`S zjH>BQBZlUFop;)bIp9D{C&ZF=Ncc{>XzTPv51Iw*plaViCeuN@kS_P(Rqgz(GCLh< zMhuQn5$NDXX!{D=0m+xyZYt7?zCJ1O?Md{vd43y%? zz172N@csSs3xh!4F4>;<=jAWT_I86H8n^vG6O5;9Z9TNwoyqE=+f0XiA_ym=hz5Q8 zOTAS!9puIJ{qw`$q0KwI7e+zEl~L#_QI&MXRigl2`p?uK#`=DTw;lyv;Iy1GOwSbF zbT1>i$TBly!!nCIya#kI{Zk7MLfuQXf_an}u^#;lt+|9s_D)+45O1m{P$3ve&)@E&mPV9!13UyAkYypdZ1$TMf`>bGKQ z<0ZEP^I;I5>s8d91nxo3Ia@Ed2UV>T-NrL|u*7G~OM}PV^miK~s8c4bYn(_Rr z#gM+O+E9;fYWf}C5FrP?WFB`VyJnDaPPPl;!J(BC)8Wd1$?>JNB%a^lJ>XQ$2>`Ag zF;~=x)pVyjMNJ&i>f!QCq&6KlGP~&@;hapDteezdkODiM|J&dH+yC+R|Ms`P|66yx}M>wx!EtR91WBEO@lVa0J7gLTELF`%#4CwX6X5*1RhdJx2IfmVmDgV3q327%PI z=Tu&CPdihwdKBc^+XAo_m5xHWT#SNxr1n!Zhu_rhsaQD*Zk5U?RHTjKu)cUT3d*hZ zIhDhD;E;;dqX0*3shEk36sEUdyH~>Ujd33wdZuD^R`bbo zI8=KDx8pgLBbwggF+qF|hkBAB#6dR`QolCq7LF;J!-O(!=ad}_1YP`=h)f8Xig`yC z#<8*daT!Kk?1f)?8fBpyq++vf5fP&~d}cjc;R^%{ z7BE8KUZ!GkMg1HBR)N%DUVcPgw*h^ZzTn3 z=bn2{3u^U@0hNX4f4iBt^Eee@+XklO-D0I2aipeyylovaqFMV=H5=1scqY=@i& z+d(QeY39W9=vSDITAKg>xyS?%shHz}7gx*Fbhd(2`N`+KsITe2H*~-W zjXqy1+HqGiQ!zhZ4ueM8X+UaYG@ao?3)W%F^G{}8FD;)2J6g%)WyhYyPS$pc2x*Q$ z425aaORLB!FRj~`9XRf-+wMa0d;paoUU&&q4xGKb`73|v3aZ9H8H@BQ{k{6$x~<1R zJeP0K8PM;d^l@W{q1|bQ&_oAXx8*3f>DfjR-QV_?E{MVse9==|w_Y}b)@?ls^wcsR zcA-veVap|-GJ+=13@JqmGA`7I6GyT39D${_8VCT42SFy*y%`?78)v~KHB zKsIf;Tfi}gH|@>-Ao1JD4~soow=ZaK<`Nl8O{RY6qjTXtLjLyGEH{3P`1HbDrSr1l$=57(h z)OyCl9rw^VN9*=AYp>$dzTri^%g(*o`mnCzz@dB3!g`zb=FBQYNbdEz%-(v`-V}@3 zfh64nynGdHtT!|+?Z9Ek)GL>omteh~{VkXg+=DXtiEiQ!V{rgN&wOVDZ{5CT=h&<; zQcrV%08r!gEvsb?zwb6(nmnYa9kULR3${bfgJurjy(aJ?oSxtLVUS5PTp0kMfgVW< z0Kq$G-k;13<}_luC|%0mr%zf~?w6(u+D)|CELv`Bc8BD9mZj;Eb<>9yq|oBC4^Qib zz7y#6Li6Z40XFKP*z&@ApPF=9GB2jF)6kLR^w>a&uQme0LRK%d8gH)`)?=X1(2%|P zD}PbCw;KaFeresltV9p>!g>(IbNLDt(J#|nr!oZ5SX;L*>$3Epu8tQOWac;1fn1fG zGrGTRJe2KiOo8oA{|T>`|Bz{~7nZi*W~hupM=Q3lR&rqrYIWLAc(vb5X&&--s2A3w zkWVnAZbkxT6r>m%xgFPEWp zxvbe}zdppfbM)stKpu6AnvKnxxzM27tQ+w*os<>*Q5F!QUigCZH7C|XPV0JtjNM!3 z8|#gIOUo6Y-QH1GIVbflyY--|Ff${57SvZBT43RUH|PFp(Av1z|<~=Lxk>l>%Q&)kqfZ+AQ zm-qZxjmdcE)YW(%R@Hd9CRW8(jXa^fw{Bn1Z0|F+WFB%JnCEl1v|ZE-;TA;)88zE9 zI58nIEHGX2ZnE!!*_sEW{*7x<@Ke);Ctj9Xv5nb&oX{8T!rw1l9(OQ1DInpTGz->w zCGwmU*y3#N@XvH=U-$s7WL|GSyxKD_*mc^UW9Fp=?=Wx+^>1tT>X)g45oAMrC^>4~ zKjr19*xQz7&%Ej}kn@*s@LFB_OPzEz2BNuSUhlX$ZHa6JNF%PKu>KqD!*_t{omKFj^G z{uO_dcy3C^sk7;sm*1YwAHKLSBjA@U^V*CS-D`R|AG7&y69gxenHO|3{WQ|T3sE;y z=fW!u?eCYhpm*C|wO33?W?n8sQ?PPFZ)#P7ZXQ6ygU`B!AF^3P3(UH`H{Hy5FL#NM znHOBa-CEBmoF))XyXRNy#hk8u_*+j)fT%ff=&pCvMf@|M5Krrw%67zmwq9gjzVa&T ziH}?$m{u^qz`f|yzMx;<^%z2|xuHN%?&)UKEnz&A1vsA)c+*?6nR!8Xy`wIzM{YSo zU|i5$GsC&(-m|hEIqr@CnZd;F$h@Fk-_;n6NBvAOUZliAJ#Un6jK`fy>(qt_%&SUI zS*zj1tO4^ZX8?KNg=bzK{R-1<`kC-n-c0Styr5TqVmg_G&_GS6@z8j8`lP~}+L)1f zL1(>#u4u-?k|*mvRau)_(5=5D|KL+ir)*;8|Gt)IHRG#B%&LC?i} zzuDG}l~Y>Cpc2ActIuI_$;Iqos2JZ)x<=TwZxZTZ*nM-`Q!@}d7}|5OatveBvpr|f zc<{T9fl5ESG05Dc4w`>>3p#(u9^TsA7(yEg`6W&L>_NAe`D8eiA&|RvYOX!~WO`&S zR-1x+yNp6b#1wX2on7em8wyu!L0()>&9xs-vQhjm z*n&K@j6$Z~}l~K&S^z%(ovS*cgv)XL==|sV*~^qY zYab)5B-yh$4KcMXu}IhKn}nv6J!?NF%P|a%&vpb#gQkqZLQF9RZh2~! zWPu%e$n_v71s7;fecNBkxoQwxLsUyx*&TYw^(e@b%P3StO`%y^H44tY)fRS*8!DOg zD1e)Cu)rSzmQh%PqZ$S9(y#w|(;Rxp^(e?M3$~@c@|Q-OY82>pJ$tsB+>kw&qrf(% zWzQxuZbR4o$`{<_v-bNh;4m_Kb~m98GuG+kY*qbOYC0Dlq2zBnD6pxgn!QrgUXn~1 zMqN2Wx<%QYp?A1I9(9XA;&lu7)FP0q`;~qa#Bvj}3nD}$foFi-#w!Hmv|3M{jAbxg zY*i6d&Ufp1C~+CqYiT{=ab{=GDqJulVoBUrm4LHn1~I)OxQ1O8te4p{oHW=YP|H%R z7tbv!_l$=U8y5A{u^H(WckcGFsrXzIq=qDL57Lu~8Ci`s?}_|bFk{`ce9f|Gz2u(d zzRZF#)??RF&Yr$wPp#HdueMvc*sN@#!99~<)D`y>D5%@52ffyrd+{^OajlwBCf&%_ zC-;IMeSX1ukv+pvniJ~b@)3i@rcjL+&Uj5dTo;i&!?~9Zy0RVjHoIoijDu$3^x!&K z2N_Mr&Cd=nEe!w&-oZJV69CL<)N~LrPM@u?R9T|g_mCncT;by61j2|ng^z6AD#E1K#@)c?@{W9fT zH3(#?)t*1Lx9-{Vg;5A-kXB4#+dUnHI*Mu(GSn`wwy+c4J$t?|3eLgXD3tax3OnLc zjRG?jI|uOb^Cfu>;KC@#FAH{3)7p8}DA4U%_Wbb^CRuyFFbW{2X3s7%EF}Bpw0t@Y zIN|9pcZ0)-?D+$yMg3EAlsEMQLFdB#xcu!e0IN5f?ofV)JCs&?4jJ+etJ?Et-E?fH zYq~SFKT$UiBtC1F!Puu(x)E=?_1xQwyPXj{l6;`~d15`}v|3N-^}FVBpVJ=-GtQ^s z{Q;zqxnMowan}t($*h~l5?^_h^@!;m!GaHr5auVc=TDr<=r&%>53B;o|2}bdNV%8O zy2zeC)SYY}cZ-`0j7_OKWzPl_#_#zb?wBU)MfU98v#=iD*X-7VRAEL)?m-@#W*E{W z3nih0TF>WRt*2gXlRba%)!NLSEm$?~(wr?az|Zh%}Mj=D(rc_(lB?ri!>rntVrS|->Lp(YP_50N* zFjMjD*-r%Z?71EV`DGb}&YX?{>+n9e6E(SO**?|2!p{Wt?71F=e8Mei*|Uj^*|UCg zT0UK&joEyy5f2dm1r3B9Ba>}ejun7+|8K1`ywm?G}{XF#;ySueRU^qfVhztfh%zNu0r`399u{NiT7M7*&tcP@t zlN%wUp&(ILQCN@D#k_%T5K3ldL@a@aB2Sos2?ijTRxm=aUS`j62BXj7YJOl9XdI3T zo?6d%xU(L5=k{^Sp5bZJuGh+X`hOSJ^Zc`q8g)zVEtdDhJ#Jn0mFxUiBP91M_XQg- ztVj1b#bS1u(=7qynOCl+MxlPxoi~Sj4hdmoCnQ3dGCV;&4PGd z4`z_bbht7)KrF2#K=2MvbZzGb`=+{TqYtR2JB=9BO7-m7l11O`B}MkRkG)=-wN*8vnHRq%JQNpXV2U+m9J0{{W4`~Bue&8vPda= z<`-%ud;a?6tvKKc+pygj$ob1RsN2`?qGWA12BNuSN#A(tGqYzC6*lh%K~$En(5coh z)96qbf_j^lJ%8;Y4`k2fD5%XTd8=RDlE1D@2lqK!)ma2}nLzejkAidX_7xiG^~-c> zDqF~h!sUDR>?eYH_FRtwlNPas9plka=(4Itfo|7p&weJTXV3L0b98c%o>P=p^#ehz;Lb??_8*(nAUeljYC>lA>@u_{mbK?iixD!Q zg>Df@;Cyc`y-7D^N9fkwEo62Jgoq^m<_YUD`dg)NAgJ{`|5EE&CcCp9(mAu|xD8En zwhATKWrX96@yjb+9+?rb1Wu@)SdW!EjU zAGe$l&JJ|crS-@!cik-Z!<>Wlvi1zcvW_w^!@P7b1GqQ221H2iS%8OeG&4*HVxT~X z-yQnE&rJ5gEvolly@%Yz?`FY`_>@6gEDUkbPvZ&Z2B2T$xBjM5p&qRddtT}T2a^iz z(9K7RyOCZfx1oMdaUC6$i@AeSQGJNh+%far_S4E*lmDwt#jt%Op>X1@<1V;w>6}ad z$sF-Z*DzZY{pNkHFWu+z>kpy_CU{@Ei>dOF3w+IkMHIFLIm=7(6c+g7*&M*v;>M2! zi1z*tEM?6uT0NYS)Gzlw>36B`sm6c={o^ZgehsT>C;y>KUH{TWp?@iZ_=|NJ zY=(#|7Bkr~5d9`43xCsWCgQO^So)27UbYx784Ag&qfqncC@6{DO&0oU`>n~ZA0_cy z`YFkOYup#Mpl;T^YrAoAPVdbM(tp{c03M+}4YcQRw9V zJj{b!8U>`%mOh5*nc~!A>`q$yBeq}lIvV(~hd+Y%h5IA^sm8C-kx?76on2N>_KhC0 zWFf)qRVCu9t2EZ}&%<8A+lkM9TIVmsK|iwwEG*D3o`wCw^QV1~lYYqEc0%0rgR2@{ zbQNTknK8g0e;W3?5uf$j^bw)R;qa(m%pbh}*atc4$Bo3h&!4|K0|pe=G9RG*4$VZL zzm51pKj1MWv0l9bc+fANR{g@8L?`;8lWu!vpFfDSr~JfDV#`o13;Fuvjxato&q6;T zVoX2q6Y>ayNByk2@czQp_Y?idH+v%c!5m};xT}x43V;hBRA@g&(-hlzkoe`ziyDw$ zPYrC?U}7|p=UUeQsDtULpap+YV8d|gU;ccYKen@j(QOF8eapVjfc$=%A1iUS>CxC~ zskD8lfsE^yE^vA(XxY^z<>Y&VpFa;*&Nf~bl*8=gCtSy*+Rm`JHvC7|Ew7wMKCdip zVzwY^Wd{kTR`!TEY($kYPy(t?7^LQR(Yys-V6_=x%o(|xDPWnmTD_ovhm>C zE_D{$4+LDDUEMbYDHK=jskoX_RQjT?Y*LqT$pwm*$tt^}Rp3%Du$5%5;&O*ia5J&D zj!1=z$?VTv{l}I0rRJU3*^kD^2(IvoyLTd=TP?e5R*f6^^>bIJerep`ve03SUV{5; zk@ZD$Q4X@$UGy2+cf98 zQ->_7qTh}90v$b8``J8M3GXjlNGZ_SVSP`<7wE*RNH)D1qw)0I@<6YiY;MFC=$Hyd zOZ*E@ix#@G^YUb1BfdaKANCWLyGlChbG6GIZuqtM3{DL${}u7Ct6STh+FOwzZlo93 zL^(H`ou{(g?R3uh`kk-Ujr0PW2l8*ePDu)x! z+?6vhYHeBO+I+BmSmw+gnVPD0)UOiQC>bX!%xa?>g@uo9M=RRXICL31&`S`n#& zrBE3Wr-nsxskSPju$r4xu=4SY1(|`>xJWF;)ihIabx~Hh?8+hot8qtCS&>F@uaJr^ zt@RA7#zpTX`uf!>`KxACJMJ!NOWHXzumZQqiBch_xJfH3qMX{f$rG(I1FLaIUd1E9 zP2ZYV4Ob9i++NqJS8tOWd1aeinO}QkxYCz+b=NR+33udGJV@MdYhJZ+Q*eC5ezCSQ z@X9hq6XA@p4TAV%Wz>c$qqf~}dc#G==sM(dSQ&LIKDzQI&MeY>i_g_1bR?6f(_8Tc zI&(>VMH5#yqY<>w9Vz7%+O7Bkof)P1Y7dFq8^adacTKquDu^8sIY0IEPI*4;eu+K4aEiFIMQtEA($ zN93z;tOCcr04LIURoUJqy1+T=dPKgukzQaE<=kv=oCZfep84?{D?N?ps~hPVoBA11 zF@%Q>&#}2z;XBKX^a2~{CZX19*b;iITpppvI4~5IT2f1ViwFRO(YQI}t4$1frm!la zuo??0SaNTXuhy{0Foji*rm$j&cyQIxEZVjS*bCfmW4|9`yczc)F!T^ zxS%^`yw&DwPp+oZ7^3^7;F6Rn5&@1xQt@r|+VxiSnoA_1MsYmXE*R*RZzCfpt zX!&XrzsfqU>RZ0L6oi|&$;FyAbK1s5ealz3;xjlG_1$oG*zLlsb4}lOmmBE? zHc?LVRnMyC<+4zm80Tx%A5$9F>H?bxr}fo_eU)!?i^b}zTj>Qh(yfJ_Tb9CZcDyP= zj}2!^rTB-&B435Eha4UmYiSztOklGTcH>G|h*M*|y>}z)As1QXt0gQ|@D)})S_^nL zE`;r1<=+!F^3@s^$)&LB$`n@JaA9OF-)DWb#zkT&u8JtGM%)S)^RV9Gu5m|FWgYCs zbujy;iBw#)&wRDU9a&}XB8k3syR6WctM-|%mbhct{uaLh)^K%)P~i$f(kkn#HSWl( zxO~=dukeZGbUf~tKJJ)_Q%?oudQ2dcL|5pV7IhANeX) ztWMGCl7!b+TYy!+WoZ|PFVN-xCTSyIh3k2qILl(3j`p^&ORS50btAq&C)Rns3b)$| za3Wpgs~hnJIFZitRk$2hfD`9@wQi&r*hD$cSK(S!flZ9_e03u|V{<{@^HsR@bdEjL z^W_Xi%LlL0jUQWUfjvuM?PO(RVwS?JwK9f)n^q!|u92_yK8!z#FjOLLe8oXvHO@(9 zVJD^{!tY>-X_2qiu*fh;;Ia^Qv*#fySmIdZt2Hc=OJK7OcC+UZDp;ad=Bp(x748*R zX(3kTI@rd_L+M_5-TJmQF8VOVmFa3fUe<80kcx};nXlHk=)Dv-S!HMO3p?|@fy`HH z+>usxf=BgLXJ6qGtukM&aYtU+5hTT>`l@}?w0P-Pn0mfi;*NFun;kzAT&su``f}Yq z^VJ%69z#CM$3Unk>dC&sT3y>N-cKl6~Z>JMkHPsMy;tO<&g`Th8px#xWqw|Vdj6SYPwsX z6YD%*-H9*IiFKB*-uwx@dcko~-}BX-_zccPealyGaD(|=bFS(8YTZaLu!(Y(uUb}h zg>iHg|Htyxo%8~m2xs}~4ep&5dNbcNU)@PBu#s*p#NV?NcIQ%<75Jx+$MyWkS9>?W zUB;NN(&>DG%}UsvD`6X0uH;9)TEbEVUtu-OwLp94Lf8(L{95FzH7t@#Vbzr>tY&f% z-*>R=(BeEmjf=!mT+N;oS2MW^m#G!`YK=RRD(hf(u7mCLWhbUzgBAL6)jspp5_c-w`?FAjE2hXz-$q|PdY}1fjXUt_rUg^o7g$}a(wBH;H*~Jp zS<4@hSgDJirY~RRubdDf88h_yV1|2azqP|+=QsG{4HG2|u zsSdVNcPQO^zIp+7BvsbI?oAcILW$J zQ=+f=$UL+5btk?+ zmoHDtd%k*yTgMp%m-DW^sf%0IwG&^Ulh^Wm^^WzfbKTK-MSXQAzCfpt==tg$YYXS- z#5&Jccj60lVx3zKo+vvvJQwx7zIxw?&){6tw|w;u?}ruO#5v1XchU=NqMYTcmQ{Iu z_0;N`V)TMO}zEQLL&6y}pS<*V9PPR%1< z)u3g0{<0Er*M@kANoJ9iusc=4cCcK@k9@U+r3${nit(gCbEiVs7M3^``DzV|uxIzM0};eRa2d`LKQFt2Hh}Max%BWat{* zxjrBHDwe8(x68bR%JiA9Zp3F-K2+&F0%ED^939D&`RYb|fetx+0U6HTasY1>GmYmmqOgEh;UK{ZRIcWavsqBfyA zxMyA)@dY@M&hu3}VR%Jz;+(J6jr0PWDCcH_7t{*HiE+MGH_{WfrHE-Zw;DWvc8YCj zWlH=8>ha2baQ(zhf%((EAmM9{Fk~yFC*%)>j|&l8(Y^oNJNi!IiKb zEV;MHS8G^gn8HSV^T@#GL^o>tIStR+_7%|u=x;NE2tH? zT({4BwZ|QPJ{M6B+W=2fvTw`RW5IUCG;3?0#rDFlpfD zS9jvGE7vbiaj&mFpwd;KBbg#!-H9*InM)P}AF%g1N7oqF2d^IevlE}uhl;&L!3Wg3 z3Unk^jH%U2)pl6`>=^vZm7C%!L)}2Paz$U_3zWT5$x0CdA7QxcWP8hAP?xYvkNHWy1IQ{y7B6j#PC_0@-+42!&Chb#ZysTKKZ zjXRPm>tGK%6IS68sWM-!anXB;zV^<)=xc|`3S6$*XTDnEj%E9YJq4$@n%PviM60Z? z*0>|D?45tby}~Q5+h@L7CL}$T*H<4NQMtnx+ zs($3FP_a5k=c>NfS05Yk1v>ez$XDUP{{o#@7y0T&e1T4^^L$mGt@E@^1MTME@Pp3b z$NAOAMtlKIr1N~$uG(7Ob`DOQ^L%w9y}%~QdA@4L46k4l<2+y8NYB_@(D!^5Ui?3w z@u8k?`RYb`fsJ%)A^w@AuqT(oH2%%`D%bNPU$qZwzN&F#s;|;ZItr_Cu0@`wU8{@; zzk?t#F@o5?^s;{F1Le zxejLEG{*O*o(Rb(5bv+T@9g@XGSlFev4#Pp;2Q|IRynDWCKG>7Cb98iGQD5DOFVM+%dA@3q z=Mp-x&hyos_yV0+=lQCgEwr@lRCO-uM}2i8K7(^n-}63YVRjuH{xw zu5r)jspp5_c@yKkX?v#T8Rzz0tmD${YEIYcpT1aYtU+TX2ed zg;#v+KJ(QYcjT2l2B)|(q*7nvRpzTT?#L^94Nh@2FjezQyvlsF#sywkzG@=lK8@@1 zk*`9jD!t({U!^jA)K{My@!6I0138heLaC}iM>1u;x)EQXi%HT)d42T>wWv0d=)BI=jdG3_xkE{ zBfdbVkQn)@ohsDKsX!;zMZUTbU!W7~EMI-?ngdKLfGD3jHp*dgGzH(|F`Koatgk-l1$>27krsIlu7vGiiD{9q*09Jh zh1D>pu$szM+7ibiU#(%0TmqYQu)~g*Rj};P;ygf!OND#ImGMiyde}lPaEH=;!Zhwq`Rbv4<>XuBtM*~dS3{0HJH4bM zuvrN^xDpoP{QFi1SMnoYEn%sGudo{CB;eUGu?Vy~So!zVHuBXP7RjZsnmsA3uI37s z=#}-=8W)MBxGJK!8gVOJrdH&uHSS2Ntb-kPCal7x(3$yajf>t(^tE3_5Pj`5Sb@t` z`^;BM+_7wb*i&$dt2=}WR}hj`nXlHkBd_c&IK{ofD?WCg_0<}8Kq-(l=G6)^}t%!IXV(6^3|RA z0-gPpod-CuUUiNR^vZm7CqAQdRp0Z~1M6L<=v>wJ`sz-6fi7R3zRUB~!%h`i_HvF+ ztn>QnPJDq*th0Re@b{D`{a7wIJ)GUgZkg9kd;w0RvwZcitF~7(C(ik5-AFI6iE@^& z9(K&|3N|s$^3|R6jLijox0+w@s*OI>^EF>RHqr}hq+1K|FWZc@5a9QDBGmSSAb8*E z(7tj`dE~41VHvwse8&3fK`-ejtj0No)m*NECHEHjY7L7FQ&<&ISY1{XEO9LI)fyJb zC9qisd)e`_3YO@V`D%$vg?q)7@k@R6#dR?IrYXJ;rTfTNYuu4kSqFRBk+MQxF4||l zTH~VkQhk$Ec9^WfC01p=TH}tivZvtG&R1xqcm4VzQt#91oHg#itHa)cQ(UUA+BePf zOT5Z_wZxt3_VyTD!#%7bR@j;A_L;BNxC5^a`&9(Rl_|*j>PBBaY@hjRjSIZ8d^G?# zU*-34B4344ReHl^_|$q{(je-q8}Zqd4^?`PfKaL`(2-1;uWrN_=*%ULfl#YDMSoGr zKJ(R$_=Nr%D)v@iJ)l}upd+y|U)_i=&^hVyd==_d1v=2H=c^m>1v+`H$XB6aRiLBu ziu&rY5nrHFNQ`{dP8DkARG<^3!VBPB)c5-8u@Rraxv1~?s$I3c z0#2Os)w+>hU=!s$U$yJDSFnk3zE(HV3v42s=c{(*_6j!h&GOZa^a2~{CLumcVJ%={ z2+;U9)mQDY#`Lj~uiA$-U)4A==BxH5d58&YR>EFf3ERMOB|q}j5|%3X3ai7D0B^^{ zBGB$&iDQwk*04w}g%!SN-e~8;Dp;ad=BqU>5=(Jq{D!NUT!qWjihQ-k9Z8jSu$P?) zt8m$g=~`}dtZ~tMiN5x$2r|8P8mz$Os(t3GCGJ?Zf7w%TimN+>3YTb=_0<}8CWCQD5DO&#qi2q0gp8z!y}y3Unk>dCudlwK)K#D(r6OP5i7(K}Q+a*$1=Xqo9f=kB>P~!t&i=~s)fZH|3Ur`X=BqpL z8J(;8p0B>3Vs(zrRei6o?!*`9U)_l>(1~@HufFuz zIy(YWs7|Ewe03+j04LH}zKXwAUVszle6`v|-N|kXY@(dytN2SV1vW9x^3|R6jLijo z%UALB#dGYTp0D}pPI`fjbZa60ou#n1!Fs5LT@uz;U;1E4^3C&A|FGt(8o#D|m0r?O zSp8g!Ja4LmZDEONp08ejMTRM?hB<}RRIbvNIOh541z04Plsj9>Frs)OyUJe2M|U%h}kkm{9nu$P?)EA-`}ebiSk;G*|ZeS=jmI}KLh600I# zy?{H=>Sa&CNgid@u?m-H75VA~+>uxI7M$X0MpfYwucE$M<4$#Zdkju+ts++7a@{`i z)eE>Iuk6=C6<4ETg-a<}ufDKab&ih2%6xSr zzCf2R&x!N%t1qlqoudQ2dcL|5U!arMihLC-R_EyGyrRDP+K4aE$#+G*YNrYa{( z)pWkzvxPOd1>Zhzo_TG=C-65H^*vv;tF~9biF3YMH_{7iqMYZecHQ<0 zHZjiE>PC8jO@s@pi8{VXIGb@xE4$GxU$qOn)5sUtNH@vgvK02FQkXwXGL~rG`tOMz z`Kpl6$G)sY*fD_+6WFYTy{QtmgXKzo#JKk3qsmC^VJ#`cxCyji46Jb zo9pwQufDO;72a@_ufC~FANAFp`0UDc5>h+AZ}rAX*Eu?pDe~2w_yV1|WHIoKrLJ>y zq*UaqJMjfNc`C23zOh<$j*i5Ne03+jKqp>#zWRpW`L(Kqb|>e$y7{J@xSM5NJMkHv ztNNa=zTwwK&e6H5@AcK4_yV2MF3(rre#J{GR;QNN1I}G{OT2dC3v^;#SWbPAB|qoj zL^`jpzTv(pT5bVOq_ceWjicCf^>$X9DvWSGKceU%GgJ6QSmTwRf`*04w}fz3MD+s=nY9<_rddS$*^;!@#W zaaBaD%yqC0?ohgqe6_|MNtJc5x19+q^yQ*`=BqU>dN0*CS!JieDqLb!=BqXCNGp2^ zPVKBagbG&>l2)0o*0>|D>@7IORex3C60b5}Epf-X{o5Xc6I`o^6}Vit&wRDU9eHKH z7OJ>11(~1QH%;43uG?q6TH^w*EME-(s;|CvI604zul7<^_lC=SRqJ_O+=_(njri=! zbrMoM^3`6ds?d>4nXhid7wF6-kAb~bRiIPJKJ(R$_>4YO?A>&|T2-MVu`*xXh%eA7 z)sK9&*Q+XYpjXyc-y87-I(ebmU*S+C#PhfI?VP-_f?B1oXcqE6nXlIRj=Zwh;8fo$yyC}mGGDE6fmfEVn#kbQ zK3t#oeD%{SU4AM>z35zL`%sxa>Z?2P$(4VGD!oO(Pp@=U=t!o>S9jtIbP9ofe)ZF9 zRTVnAs>oM&;tOsj>xzU8YM=>;~@O+rtW!aiII)A%>#tL^8gDD((=%Pj1}I(CgCW4`*Kmvj_X z^CyWsTnXF364N4ItznU23ai6YSPi)mXm_y0vB+0zSR|LgW*w|~HO$|3u|H7Z^0?<6<+Dp#*V8V_X_S11-b9DZ<_WaT({4BwZ;Wrp@SRqRem2Q@>MKVg*RM!a;@j( zbolwz&qjQ9fQ%@oui}kiu!7M27O7J z1v-Vq$XD%D;RV)d9O{F&#H&5yd=;Ho=lQCgExZ8EMg7QEH{!GET-5h`)vnrJ0VmFR zzPgcKU=!usYR>pW>2xeCc;_1+I}%}Ic0OM%%}8yrEa7b*hse)0=`)a z`*JBvG@O6ms->6h-;-~5&sXiklCS!UB%^27hIohxY*xa)TnXF2awR|V)e@E}_zJ6G zt_8d=7s7V1#IeX%YgizJry24{PP`TlL@j+gX|3*HK(0mEvk9SK+cN zi+r`#cO+HT!M=8+timNyWxiVDqW2Pg?N<>*Upq{8j{D`Redenb?sqKPf9+Qh6jyf$ z6)w>#>#H^H$SeB^FvY#Vt1s8>^E^O}iw;ZeoV>DvTBR@XD)ZGEcjT2l8KL@WOs;T= zSDCNYxWFsRS50K_YG1C;d%pUGN>_TrRlfSAGJVuncjA*P|MKB_&sV=tJ1EeROp&kd z#24sdlJrrYuYRG_RiGoKB46E!FVLA$76olxS_Cf8kyw$h?!*`9#H+|xp1HF2_ zx)GnzxvC%eDpah_(YdN0_0^5|0-bzU`N#z}(oI579trz$DNOU5slNKvzH&}^psul8(Zv zh(sQ)gzaF-y+yuS!y>~JR>PdaYRHX%w}T~)MZQ|YBDn-M>tJ6yA6CH}zMj3Vpd~pZRKyi{4B1RT0%!GmHwCSe5x|jXToH zo`O@{E40$Peti+C_i1&`8h7NCy#=SZRA04k8taW;z1rAuqrO_=j&=L5Jq9PZRuL=g z%ys+BS8LpnSN0m5;>r|ceRZQR*X=W3t#N@@mahf?opSo>aMGTUuR^KHnpf&Y=kowx zt><-dPr5eZvnwB}^cDfXP^v1>kxZGdZp0VpP~!tPF~CN)h|@63UqW{QD5DOFVHC@dcOL# zQ-zkjL*##wX=m6z`3aJ`RY!52Ir!_<*Q%2YI_BoIOnT% zBfY>T%DLI>y6qKgVw~lxmXmp!4|BG_X2P|U&9hB$#CG*|=i>N?zAsZ3p>%PXtkMbn zKmPF_fBDOQ{U7ZZ+pP9~{`Y_V+b@6l5C8G^fBL6iH5Nr)JJ{x5{{BDlwW}{x`~SGL z{j%qW?Jo-C`X6&P%)fIR*|2?B)eAX}8&u~P*r?vNzl7i!*Fv0sJ?qPb{>X-FSouV( zJ%!b2|B(SuINiY#2O}Gtqv_yQ0hy(%Ia;6JMzjJ31Vj}78diXrJ=A_KOI}+j=ZwN zWQwc86)y2Av*7}_DJ6@=$7|WJiTst${I}1^WT#$Y4dtH}D8By7r84u>TgE^;32x!dMh&{%-%14^cBvctxhADC$aPcCu@3L;lSs+T;`=YP zR=Oc0Vcs+>?R0yFZk~illXN?8+))q@Y#(hrZgY@gD^7AZ;jY0wWok}RHvx2W-t+VZ%wj7~n5HeC=-afI1fun-P)HpxZPfpxf;e zy17^A7Fg+qtXJLCqZ=pBD&ihvyIDLSDaL!5bwI#aSY@%%-h#h(@|G$a%grm)tv4+ZKtk;-y8C+Uw;R((hU7GXr{T< zMzdFFHo4N(q#@;nkYO~{?9`Fyb|tLt4|#m;3^9&Or+kiW)Cd91+($3@_z2CW1-Z~{ z=#@0hASJOQ$GfG*uNnEy)kW%+Mr{(%Z1R1;#z;tP4?37{bpAs_<@;+q+1mb6%cz;! zHpy5b697BkW(aiQKN{Tf!=j#@2ye#0oof?AzbtzUTc1K2t2$M%$mO5dxppS+V3DB; zt0D@kWT{}u<;KpngdO@R?I?koR$y(Q1?}uh5_O|V*Z$H7Q{f8DLjLC# zJJ%W)vs}ehT}MmxY~&eoFLlN;_+7f%H}DDy|AwxWudMlYaRzsiVvbVwpi|t&4KPv$M&{g%JIMYx$aes0N5 zlBLWA-N?)K_2%1@KJTbo>|Ej1r2V|{drhL7f4Ay(>Pv=3kcP^p+f`q(=>*yNWSkMy zEq1P!J>jR?1dItawSq*S*u|)Br@llD)~8(4kEYvIU&7s>K5u=$J+HUexx$8IKW*GD z64f-_u;u2>(+wqclbWjO&b4g0LYBY1 zx4P4ea#c-{Q>0#NbZG=Mn^GarEOxF?(m2tKe7MY+(?K;mO-XeBmvg3@j;7fZnba}2z%soaD+SeTIT!%K5u(;*iu-GDgaE_4O56_#?}9W3P?+^*BEu%_XqG{}0YgjP?YHRbauo}lJSf*d> zTx(p)9YjgBt>UV$uW>h@ESNd&3^pZ(`=`sNcAwZr>!_M^fE}-jzDK3#__P<4SSW zx}q<))OWbVs_ePe`i``+^{Ke(+|TWN(?(_R<0pHrHSWl(?5W?lr@qsdc$GcZ8h7MX z+z@J)J~RiZ^d(;9&b7p){*lbD?Ow#rc2}sti1hu&5 z9r8Cku|M~djT0$)x1DRqz}VI?@J8=Qfo_nkPP)a;)rRef%U(C)W7DVifSPV8w&+XR zI_tXG&NXCe-8Ma-=+(<;+P;0oV@$a)rMWo+t>uU^(Ii$&G@ldZ`=g3o@>g$*fyM0pqO^xq_6koyv5G- z)_;WIY~Ikv${Oo!pf*nP3p?GI&RUR6nOe6^9|#_*n>l&&ovTOs!k3JVpj&SQeSbYY zn{pc(LB4Z!nG3pMgok<4sD+~jPTqXy>e&;1YO&s^6{PcK3s|d{e$HewZ`=j41F_8> zF5fw|;Uss1`g(Ie-Q__y-?`p!Lz4b(bS0WB2kBKcAzE9c?eAaxn8{8xVzcjD;be+4 zYNr_z8fMMmmzw#`)ieBJ(x|m0nnfu@H9K`A+*R_OtDj}5`KUNy(yrMY_hHU_=jvOg zN;4$9YSvSdU;T*5X3li~7i0VJohzJ5IiEBADXWkM&0tSHMYc#tY!6y#CgKUu=FF~` zHXZNg9xWL>{N|}BNt=wJO{F{6_^?i#X6|Fp^)_~?Zni$fw06t1f<-QS&-DWA*rdAI zy-tPIAYQ<7lgf6kS70IY)t#Kpzrw;kJ-%r>-^}yL0jB6Dw<*2PZch>g`=8aXOW{ z!t#)hp6eCdkyP1HzhOr`zG>E%c2wSTjZdHHi~dn|Hdb&GJKM>WN?&4??_4k7Qa?&? zv!{Nuno)r}G^MQPdIfjnRrb_x=2j|Pa%;YGy@E?QspzZDUF@v&{)$)BX^PXrS8zvO zWl#NvJ@xpeiC6r3m+xHT(A8)rCG!Mv{=TwNHVC!?v8svv2(@F zQ#jJ)&UM`bIxx6xahwlre1?dq6kn0p0v}3U<0N&3xwyzinWovG&+hy)~e) zYR13=uEo1N=$1QI>;dg{V?WpC%`;h@x6{N$*I5kCPYbuXHW{MSdfw2}fo_vL>J~d! z>;dg{L!YRg(5oS;+vyHSeOK4*ZWS2pVkhe2^x|#Z13KU-g~hzZ&J~+Li869>Yy#b& z33T&!?KYg`CQ$5L;Vry#POiH^2j=27YM8g&xndh=uN(SUoi|JLWSemFSMzqdF`a$q z3NP&yx{;TS9nb;qZ_M+SJ6CK3?R7)et8TsrQQb5V+w{sUZ%Izt+aS#zCR4AsbtmY+ z-QhfMv2(>%&{j8fxqW~wpY^q@x}EwG?gIJF^@e9t5_PrSxEs{x&3&2d?z!^*wOs#h>$4H%uG_TCeRr_P<=nXflQ*!)P=U3d^j27vsI(=Q8#~t;Rz49% zQdo^b0*gQH9d?_I%=ELKYkXRl$6DR7M|IDJ`W+kU@l6vh_o)1|aD4gyvm(xsV`kN5`D9$e#f5r7MD6redk)^j=Zw&h1eN;>U&)A zm1*bPxz@PAE8Dr6$gp$0k3FC}^nmVuPDUnS-nrWN`_Qby88SqH)egvjLOkQd;b(0? z9x~}TEo{T~{#H1WF>SFa4g_VkeN-~(yPwBcm(oomRz*i?Mlx!%`3pd(J<^&kVf z#m?24Y1z$Ix3LFwhaS+~PZDl);~tQo77m#Ux*;R`yy4!)Mvc1p&h>7qz0wW1D^JSY z<6#l`+s;aCb_wRYa>~8u8ZsAjqhOnvG~90UK;4a4fnB)2s<}w^JBf z-DCx)ZoYF3nG3ohrD5JI83TFHEq1ORm5O;A+dy|{1Ks@=z=o6D2J+LwAp>LEthaR^ z=)gVc#L3vX-tlbfcHV|p-C7nTfj8zY#a4cDXarf$^^QF%5TAX?x)XHxyGURgoHyUO zdiGS!8?s*3Se&kxzfaGmST5K(X{Uul2FA9VH>5OhQgcllHR$F$*E?=V(tzV$fiE>R zb+nP=({_3^+RP6jm2_1&fKsPwZT4ZHb?vqf$m;HP%(I zOuyK<*0|_JWrvXs^#?c9HPIQAI#R`@o%%*!Ei9#v@YBLqa0g!9v!{ONp85`#c$GWX+Rh`d zvZsFMp85_~{=Ms~m&{rtv&J2Hl|A)4_tbZ|#H-x7mblnGvYl%HuvZ&lg*MQMZpeC#B%aO6-@dMQ z^Tu?xo@>a!*mk;+m(BI&-4Bq5dCQ$EG=ffaL)JHa9?%H7pPo&zyd@0(<2~1qfw8T1 zGoTQMd9yVR@~B(vT%i@T)y-17Kv3QMyLH~qe942mK;Cn`!`YOMx>#=y?gsUF6Ypz# z4VMSqeCO&3DF%vWz+t&rvP`OZ3kHS?V-oJ%>^jC)Ic&fKs|AL%<+-!c`N4b7*fnHSeYv(sZK zw*O1byp|59QVPv*s|0iAUTmqECnUZHtu&Lh6vJyt_rt~`vuExxl6_-|I0W3eKIoCX z+_?g!Vy#k+_ZYiW4_luKt1GR7MJ{L0wT4B8s}*QmUIf*BVzof%;}k z{b46lDmxRavgcakjM$I1vR_i4!IdSxfX>A7(`h6p1pXEn^Sp0X?9Hb@(@B zY2!o;&VR$B{X~brT1o$JG*QZa918|VRTpoia8 z-f)uJK;Cl=nG3qfti*B!-KO;lz9e?84~z7bZpeDgf;>}~zfaGmSl$wYi=Au8T+j_E z4Z3+czx0!F&-G#1Q>7cSUi1mRt8S;8AnpSB&h_EvS!&(58`RgEEi#aYd5fLv>`WJK zlG{b1nww2jJ3X56pjY<1=Ncj~G9~m>Co-IvbeJ`v(QdWH&UIdrE6tGdI%%F0sAduD zS0%6q-+Z#2t8H&+WIN5!JA-BpzvN@=T-`6S`NpuV+qp2EYUZIuH8X1H*yfZ3??|=C zVcy?QvM}hXjzTx5Kr>(IOU+{E>U&}a88sW*R8RXMg{Ifj++!sB#u8DIcCJI4%I~=X zr7V^VJ=e$BrFz=>R9Na#?O-YQjh<@_iwtc$*QY%wBe1seDs2TJc@R6-8kYDeU`iQ< zRpAO2{cZfFIbJ;RQ8%XrNR}2q*d-*YutfXkL;;GxuMbD}PEGoTRf@jZ5zT^{Bwdal0O(E@FdgKkf{4kQsLUP#h; zJ4;>6cg5iRmowX3n@l-x1{C6;o2O1|-F)Y2!}i=SEjZ~W%PBzeGgh`1|IyMMKeEy z_1lmACI~({;DwoCfAr*c_T(!xe(0BJb`yDf50kk0eQM!1Eu_AvZI3!Dcd$fffz>%t zST#=pOAV`^$l6O->Ql+CEPsjQX+@9<7I#-aaZs{`MFuLY@AgF_wI;FRD(@>?;8!c$M2(@=mr?`4O;Q;jDqIfyQDmrbM^J2|FoO<7tpDvdj5a5d0$+NW(P<+-FL(NdpSH@)TfkF$er914TDgtl_W+(7@dY|^$@W#> zCsch3aAuOn^^N!pPAwJNOEz#wf=}(v4Hb_~8|ei$k;;QQluphS=Vpr)Ud;Ph*%+l4 z*yyjUV$k&VOj)AKx!&Zhtf{|~USOls%4&t~g)OSupQC5zHcGgvS`6vcT-A|3<8oNj zJzQ0w4*NpwDdyS=PgTJl+JH>4h$FR_1d9}l+D0uVp9nEkQZv&Q2M%uR+c%AV@!;z& zQQN3tkwprtv{6_M22@4}8GAxl}Xe`(+nAYDvTU@C?Z(ocfG$m@o8Nj!y{+r&<=PL!;kf? z!^okBLOQy6w4L|@oqdu8f+MR3;Vo)0q?C9mtF)++5~sph)UZUR@a44_vB-A$ zS8Phvc-2y&R7+)WF_l!7_p`W{aOKOxT?np~f)tnP+Z*d@0V3qRqH_rsIi$E5YWe!e z4wuMeb*xLcz$S|U0YF=cW4J!zt_WTq%O$yVMSO+Cb~??r-4CMp><@Gjx>enY!z~RI zpUO1{7vZhx(9pXlMDZD&YVqmB{qBW0QWRgHBc);=bZo>I=#qq_?jC&o0>K4vEob ziUB&8Y3_&tB`n?9P}p3*d{=b?%Qg7O&}&%amcq)6NyX%_TlR&vTzn6&Uc(}*6gD$u zZhG#tWnO7=(Y#fSi;PlSUBj)^!+Pqvkk9@;R`L$*8^-+VS177lOkE#;)5H%g?S_1R zxu_mG1VVGPVH zc?^p-Vy!skUqOon?b^r}*ucKHFLA(m$aAAp(LEgbMta7klDn+9EZO_vWM6Uq``put zquP61Y$s8{&KzqEVwpZ){u^zP zTmqXVdl#-?iC%Gy{{k)&OL2AiiaVu}y?@g*xm0@3l6{R!C3nSD7p1rw0t&}xq|?#4Ib^O9SZ-tm>|0v*W|7a4cr3v}X= zwbYOJkt1<*LE*LP$f%zP5F7Csd{ufs;J1s;!B?gCo%8}5v#}q|9b49E+LEVQD!wYc z@1z&l@iP2Kq z7hO3}SS6Ois_&~{<>LvP9==u=iKV!jCM&K+)C!lW<>j#p`i`WsOKys*6I0=`6AKSt z>nopdJ87bx^dS%b(&2P_T1NJQy0kykWg%YgwGX0E_M`it`u5h-48PY-mEVos!5dahCSh zkt(TCqEeFh<;D36qXnP!TO1<4AV!Re;(RSf#d+U^x8%9B&QO$(Kwrx(ywxQZ ze=JnmRE|queM`5a()#;~A6UWFv~<}+{oTXOMtt^Nd=%bJg*9{~06VNTI+Dn5ENsOW z=;VJqT0sFm9myJ;m}K>;*G77QjePQ~-u$qI=>nU4k!KiC{72~pHgM`s9`>}pO7g~A z0B{R9pDp9ejB4?wc3ZV#3s+my<*_pS;u3r~r&^4hlcofh(1=!%71wA)r-)0n81hIw zp&cg^&tiMy@PzhFlV{;`?h%)2SfY@(7cR^MaHr+Q*C!tQQIqq-Ts7WMbH6NCD(DrrIJ4UKv2e| zT8{W*S4u986ZnIwjq!}@;TGS&@rt2lhv8wCPMr$kKi&-AiO-&u>){d4lv9I$TceZX z@n-mIBfdZ<2jub0&vjlSZ3(>X zQ40MsU4*d&?3*S>sOOJE-b#FpSv4#$OWy8z<(o2ZdQ--~X@cc4c`W!6ma62o*}XDa zE{=z{uhEEE;T>u*VpMwjT24NZQ<2`jmID^qTxixRvC#J71qC!O?zj=UYh3b5arL$4 zj&>M2-sQ>XN_g%<%5icHJZ>e_M*p=(w>Fw+B0)NbFo5<+3={27= zDm~5evWq;n4+xjB^qc%tj|H*D7&G}YLOFVNBdSQVsY z9rBNZw_K@iE-D%5mClXygl!%+rLFR0e)tkLrPppY=mz<%JMoxv-`fI&WB zMJ-0W3fEMMaq&A!^R<{P5t@nc+;1~tF%!c{^w?L_xD?nj($sSDi5Rb+{JS#s!;>|a z=bqlG>CNn$wyK`=$T_s$Zi_lK9#TeULvvf54HYhCLoeHO z+(-s$Tp~~IQ))S6kC#y{=}Dd^t5`K2(I%@{r5u-|GkVl=5UnfT=EQ>RJ2G!pOa^1( zxJ#|Yh&PeP*J4DQ$mL2gu1SX{uEl^fzojRx#pDw_i)|^@V#3H2i#)y-Lr;?@plUH9 zOZe?tj98NOrCN?@5`MduL!O8qH9LwQH76W?)V^toYVDy~L zTfJblXybZXOtGPkE|Tlb{wUWQ$}Z_zmobIw&i3^BcPBpk zb*?}A%OP+7NmLCgG3qrsc_lyGwi92VGoQX6d(|Jh46vGuoFC-b4FYSa7Cf`?qo z`q&03rq{k{asgTvOgcu)s9^_IeexFqKJ*I#evW*GMb8yaVETu}>^p5K!o}JzN6Yo; zSnjo$d?IWkwzVUdV%uLu|M-Eoosv|h?oHwv7g?pa!V{fS`$2?aPWdhRc$}!VE|skn zSIMvXYC>4yl8egpy4DxT)ZK9{MdYXo(rm;R;6x9C&;mQh=EK>#Q)s!LOvMm28e|f3j!sp+{51Y1r{zaT=E0h10NfYm5XRKB66a9s96G0wKn9x%R__>xf&m7||^D zI<*+_EAri140$ECu?H5!HkLV7wjpLk+$v$YXdRhpEe39?Wwf!$t>u74O)hpXwcHry z?3|@qhr+9U)5IM8eX9u1efLu1vZuN{n?n&hs!lZ?ktf4qEjO_z(*S!pwP24n57Ryw z=1N?yS!bB5<%mDogQ(?*Kk@5H@c5tIbsA4me((Vl+hG{g7*>a~)w+znAFtb!i&=(M zdWXD`Q)~D;@!7{JsdE;5hw-srX|u2z4sMOk+bX{tKEsutCyb(cfaFLAF0DW1?PIUyZepwjLj#l!*j?Y zaK+a_W;|&9u>!0R&$|9WJo~1J?|jfYd_fIM{PBDiUaqxj&=flPUGVS)H5#zzx2W1& zKts}*xqWL=t2-RJzC4#hW&84E zVr9GK- zq!-v6!7Sf`v-$-#`5|2@O>bS?mZgH(7TCb3JYf$l0IRl6UW{wkzVEysMjVP|t$Biu zb%%ytsClukeXf!4YsK$yC-zN~hv&o9u}Vu=u3h`4vsRLhR_kcR#!^H6S{1t(E!VDN zozo28jt-?_~=?rK9MUl^R-%TB9EppIvt{VhCutKi9Gy> zcly~1_sb>g^s}`b?d8+Y)^gy3%+H2G6V zzKard+X9LeEG6EF5r@Lh)?z@RJWqH5jXX~zPc<4k9`TcQ%3l_yz1kXn(!Ob2m|w0# zE0r$UM!qgtpd7j+M&t>vTq{YeiOTK;n<8JtIC&r8OZO4{nu@#@a4cDJN8UA`dOLFP-8%uO9Lwn(LCqAR|*=Y+fUu`xGPHPQL zPRQcRPI`e&z9^C)O~B0T;u)u&)|U#^vfQj>C3LdtS@^n8EYkBEMs2<&v(rtD7p(0)X>H|T1b|k}rYt5m)?bofB z;?pZ&?csTvO!Wv`@dY|@D8_C(`El$EaAuN~QoeRNfW2U|+ya~k<^CJaYv(#&+Z}1; zeXsT#=S#aSu!&Swy*BTBY0iOK@fiJ1dd9};wN%&ccI2y{3G6@5b@+a1i#SrlBEJMS ztHbSd-xY0%VVP6cxXi8VvxBVC@hY3eOjb56%rsQ9FHg@<&5pWNsV7ylb-e0eb-bD= zRO4me6DT?u=!egfemg-{km@cq-zrU0~wrCPnXJA?`{S4PVKfW_TEP=MxIKwZncJ5 z3_144{nuY@yVfo<|4OHj{hOw6u&#HPu$jOw+=Ti)2lvRvB5Obg)ESMxX(^!bLje&sANp z6Zk6g=b;!>lw}YyoFss4l)f!CwtpQK)$Gqhhc51ZX(K+Y?wEuw?kQtGy6wL|(U$ZY zU3BW=?wK~?3v`HiUNUXTlNkJx>fo7v^P2KbdVvj2Ntc5Ez(@CM;34f#3dLePq*nU1 zS_~N_j5LobD}mmG@R-gkL12Mdu6Of`B`jCNBOj{8$U#LPuNIR}Bs0RV)nY`bNSdh-kGO5=LiUeS*%sW_#g_?3<>U*8`Ag)GVshxWt&OFPCyy z2e;U7YqRNmnFvEo{4x`;CT{*SjKcnNsDXM-e z^6;bfVfCZ3GKa2N`);n0i@DoN!CLKdgKfmXGxhARMk8+&Ubhw_Zxmj)7DH#GCRGtN zsZzf(DUm7ixf+&Ol=)mO$NY(Wu9U-?cgu+`PyJBnzC8DQSi5n^F8qsGt%g>Zl`Gwu z!_|5cd9q1X%Mp9>6jv>W^zrV~m9>GdVdHZ8D;^9Av!$ogJX-$MvMpM&OIN41?&7kT z_Tsa@;fl5dpC;XZ88qJE-{g#3*Ond9UV4E|>5%(bb%2A@St_pXuq*D^i|K6A3v6PM z7mlFz>+f%klSKvZ=1Xq&9CTCrMg<)IrpY~X#oO1~1z2=J;=-(HCDyi=seP?&VaXS{ z=ez(*uE;Z!S`2I3n%(&Q_smx>d<7&(Sr5D*hKy1>Y1~pfY5Xqiq_f^Ripe(m2h(O1i1-9BCtxqypA(s@z$rnp*lDCULh z*>Rh;#>E5N>Vs1;-na8XZ9QSomX>FU>VtKZyUOG66t;V^jri<~hAOr!PeE70TEcmb z&Lnalz7b!bGnZoU5P#0mky2KElEJUV7wF`fWC1kkeq=q~LEOY2KGE&5ZzDZnoA2&y zc5Gb-wb{+zr?j{V8TndzfjxMto1c1YfrL&y`YTG~O1$ye?{HLNOpl!w2#5I99t-Om z&pa30Uurt6YtKzHiEThJ@#qh~{hT@fg|8r*g~zG~O!SJ#Rf`d=B68JYgP*!(HT*`^ z@ZGF%Svzw6+Bp0INz`yJ$RUd|=f5B)OFFrm@v5{BzcUgw-wSxapSCx-Jp0-ajB!f3 zWq0=5O1s$s+=v@C@@bW5qh01!KQBuB}J>MKuwsd1!LR{*O9gBTf=Gvp}1WTSN65Cpg98>s-S_~Zu~4r?q(sJ%@AO5yfjNPC6tMD47 z7#G4L_pimU z(o+y};b$&i`N@lAW)8%E8}q~rpBY1xauhrr9sQ8 z1BIU2@C!Tr#7k}$aKSHG&@vUr#mq03Xe~`9Ln&?!Ovk&ab={}}{-Y1n?Zsyg#szTg z`ZRG2$>-=uB0Dj@7hj+=haTp<^&uZCo8%f@29Duj6OXtX@fjWK;#Lcnv0pVjpZWHH zyOCaCV=ARTFw?O89EnEEQ?qkj-1Xi_FRc1j-oEu#OTS|+2l#y#9IMH>1 z4c_XXo8;YZuja{0oIRV0alvRMH3rZY^xYm9*Ds^!XJeXzE*H&(bF#Sr1vaqcw_*oX zigBqtVr?xZg9s(#RjPWBR5(}LM9{p`%jy12lWn+iE~LI>8>*NKtiPNte~H;LA=yj` zo&WB!v$hhj={LnyA1hR_Cnv(U?{L|DU7sEFTZ*g8RdE%n!X++c?5y-{1#M(S#?D%f z*p#uemLo5feV$rwihU+BEaf|wza#qe7gOTIq40FP%P(^*-)%lWAXfM zhwsE`*b~~}H0+y3-+brddBm+67I>z;BJYFtUQzuO#I^8}r5IMv)jQh@&#JKc=|W*X z9Ujf?8kXo4F{~B?pJk)fWI{))!qsTyL){q(F(r1^xa`C(&ns2VB?kE;Kk}DYAY-nL zV4~CTj!JCj>+u4gTJI?K^R*n2C}UnJhXr#q>A1YOFz)BJ?$##M#59-X(wh&zFDWE% zmfVQXeg)s{ZdS3R`fly9E9hc|P9F1#JMjfNamea#cU^uKN($96i_)LD7tJ+soQA%@ z<}he>gYHp*O>8o6e&0whu#r=;1`JGQ&Q6xZn$@K|-Ez27AzfpMELr=odh&JJ!u9i5 zv9%aErr1H$V)BXPMtI*^3@N3y$=uks_mypkQ{jDUSRzw+-&%}W6hXC?BmQKkzLuMq zqmD?Kqmy1(XDFCoo=mQkXSJ>zFW1Q9bZ$-6;kA_T)-~S59*rq#9~G|bL+r^NM~zGL z$sI>6hx}2t=f>A+GSzsANAZhr7wii>vgl+(9itN$!M#j(hmsBK$QL^uJ`}D+$mZiV z;u(lEgE|6?ZZ0ukfWn8cPf`FtWry1H2_txvVL;5Bihxl$gw|O3TGbu!+>W)N1vrb zS6KZnUDf5(6p#KJ)tK(h(+=Zwb&JI#24z3Q|s!fGs1y`dhgIqy&rz4jd9YBxG5VMvCCw= zop!)bt0wKG7s{d6)Axcz`YLTTgmvEe$k);fZ1i=_XFcr1N7MdcRg~~qy$Xt~cyJv) zNranbg&>3D4Wp;wY}(6Mi<#biQ4?2rGSv$xy1Eyt}x&!g!uG3`j%dd4Yh@xi1X zDOrEI;;>zr==UYlBPf$$9`wtne#rvr>CTn-M8C++Q@?P$bJXwaq56eq zTh2~)&X^|7=MSl@HZ=UONhHYJ8`CbH;!LHk#3%X%9@}Adj^kY zq8Pjk<}_CpEY>(99ladhZ3~Y4?z(_MlU(I{eI}n?X4}6xaxSas1|b6umcfg z6J3iX&nJ!Y!SC-C?3a`O6kEn9qlcK40tir>7+iIfVSv5d_it$9J0hM-^ABL z7Re>Jc0*);S>T3+vV;zwsQm&=2l7vc5ze*i$_+;CrhC)ld`$h}>w9pBxdwsEiD(pJ z1>^bDX6I6b9z0!%k9I9pB!Yeee9-U90-BIPz0fc7lO@?BZ0=9dSwNGI_G@loB|gzF znm@~0AJN}mk8Wb9X02D^6ZAw>cZuOf#>gHlzs7(VQ+gkJmk49-#!knU2Q=ssU2;0M z(PQIyqTmiwk5FY)E)_!pbzre0dZ3Q2jB))mkY2f5E@9sN;Hik%Ji0gB387o|p<&*A zB|T9tvQ|utrgG&MVih%QXCRojt~fE`=<4tFk6}?^WqmWhu+fL!i}M-{`T#;!eMr2tN0(~cR4nmN9dF2qv$Dy;m}#;A z;b{w8HkycDycG;uc)2In^NepiV5mTmVyN=H14}Y&^f%f?sO+vAseC(kq%94uJ6B1} zb#LG%dNoq&w+(Ll3?Dw2>V3?6^>nWw*ryO)a1jRkvOZtz0hG*vt)`6QeXf zLU!ca51Inxu9v)=NBaHkhda;CeY2G7MhlU!&8FThf7yP?bh%AMT63t?ANl=z&A4vB zCZ-Ck{KHS*P(u?LiI>RbR02YvuJl7;xi|->Ubif)dx!4doIA(R((UR^VfG? zKWZL7cXX}t9S=m9%l9{JH=u=uCWoPdLBLRfpt%P^(OA;BcXuUpx4wZpaLfGlJzWXX zmPXtd7SdJiP~)B+z!!a)sXZ$Z8(k0VVpL=_O8%NH`_Q_@4TpF26~kbZZkl^$KQ+r} zB=7z8y{pLZ0M%W;VwK1;^C%o>>mc8(lmWq7$(Chim+q+|!{>TLJeW1__{8Ghb3sNo z!YlE? znjcwpJn_+8XWjG2MCmy-46d_mB9&p#ghvbM{g~BMcZHbkK~E(Zzp_#fbt=7}zaZq9 z=-y}|(yWn7clY&B^2;#Y8(BP_Dl{clb?c%1yZmJxkr=t zBK`($U>9AzDVAM*sJXm2&F z#3$&HOTn6-ae%@HS7jOZJGjg+=j>!}&Qn>2v2B}p9*%-1I7Mg9s(V1mMwfm+8O3Rs zgT`%igML_a5kBf?fkyZi!P&_{zhwJZroM+j=9HYO7dYy7yjJ4l^uf_j)H|aM!SXd z1UuNu7NPv|x4-<$fBEO%TFK^jZGr#(hrj#z&;R}3fBWI@|Mc@e{_;2f`L|#Gtv#6f zyW{mpyDL;vd~zB(l0b5b`OYM^**#>T$8Z1^&gAX1yq0Lde3G~iey|5}F$-RZaU~X+ zC{|k2*=!q%95MEi!^8f5tBLkVR7mTsYJayVOne zEMtOMCYx_X6{DVuDxT>tal4x*+pD6#dUEGOHtj%o?&!tBiXSnE-0atFDxRFKipe?} zJTCZP%UP(9!8F&#LXcp2F<$_t2gvUegs-Fpu5YBPDd)v`n znNc5DilxenM;Nu3bi!A%bQr`z*CA}Sku44WCs$Ogv{1u#9{a&_$bbcjE7;_*g@O_& z)UfgwNn6{#K60{qrEQ{?Cr4`BZrl9u2e2OL0W8&E9OXc(W)1Z^`G&sH3^p(S;BjFY z=JWv80{79?QLLy?>HA1GS%B-TVpjWldLOxn;%Si@H_$3lqFZB+u2@17#$M|l*w*IE zMm)NQrMOXCi4R7ClVB`#-xf{`>&fQ1`Q^-=;w;hL7vdB2%q87TgWmcLd+PXC)mkiNzf|8 zMv-26C}KQv2}Jkq3+V}VFk2Tp;NO1!x8MHbumAMRufKi!e16wHrV+QmkNm!rWh$|* z5%KAhd;=9_BVo=iOW3EUKVu%&@asY=nLH1;TQV|9YQ$pBIc`_WY+)Hj9v zr7yIpZ%Rc8t0g}c;-jfZ_d?7!Jwgt&K#ydyeb-8Sf}XiV-}K<+&TM4nx<^WxZ(4~@ z&=aH7tA{tb3e_X8%r`w2;v;yjT+qTlLc-u0JQpswTV6>|u%pE~x4Yp3HHsd#WSUri zjDOTtOt&R_#E%%mw)sO`kMs~%IK7p84>o&dqkMC7I&Lko^u8z6E5x)h0U%2~y>YdK zO?0%)O${4q2w1Fiz$VMamIezGuaNjh7`2ZQDy+0k1hnL7+1pfiAaBLZ)pFu_ZBC#i zcJR;=!e+l0TIPa+-ND|#mG%;@@8Ot(sBmR6Or9ocPv2n=<|wG7ERGp;lSO_j0{bD zf*uW+ebw;6BOCM^Sa+z)jL&EBNxxHfbvq0333_4_w-r`ROY3#6dgPTpA+?g8U?)~_ zTk!~YyyC2l+lpL0P^Ytyo?s_`DS=R13p{?XGw8`&F@w319dO|=6YOB2{=Z-UNs~$Kqlt3VVwrhLp?>_dwlu`wNM`y<6rU;vpoUEb%gl2v7N`b)q8$GbhirC` zpE*r$mZL&`rYybZw`#FSFbuC)dNFiQZU(Q1_nE(i?1sI@4dfDs^5nBOz=f%;aD(A$ ziK^XseWvd~02cu`aHUIr){+|Zbb6+n4(EoW);IDAxDWv@yh5dKAXd}YHiRW^OwmW` zcgyVACF7Y8e}=bge0k2S+_Ss2KqI*lA56_NXXACl!MXYg2EIU#WU>v%N_>KzxkUH! z4DaC-=qYN)J>y~P5~YU?2koz$ zR^4bVq(|(SkY9R}>yv!X{yxFe&&NOW`FI{n9aeL`PhcVcd4^SwV)ly#=PXTeSP2t{BV#Su~Xt*RwEC7iuQagL9GDY(r~8y zna}g9C(=L0Vu1;3a(R)ZygOjs`0(|F3N|rKJ<$eiVwifO4Y5cq>8)3eo~d%Q9Hc}p zje$2{BdY)_|InU`!?ob%%r=^c)It;RoHD&ELsjFPouN9H8n?^DZ%PY8aH)p!D&Hk+TnTsM&Q5mqRW1tepqlScyE!GN>LsS>c48qtY8Nx{c7gdB z(umjCISJ1s;Yxafot&nc?-*yA37k%AJk8%&PV>Exo?r*=AsxXR>9W3g7SGnV*a3M> zGN;v_-3k7NE@p*)4D&sYky18Z%nEl;fCZr{*l5`-#k2t%t(hI6+7L_B(m=Hq%Q<*q zMG#LK@!@Zzq;3=S;w-~(Pc18;VNe=L3H zgG+q~|4PT>0SiCZ?A(j{rV2Ju%_77aHc||*mXLn&GHwMM%@($aV(n_!L@o>AYccr? zi;1MSUIlukD$sdhIz6cLLL%Gb{Zi;gcO#>Ki>}J#r1HoLH>TekBe!QKrQ?BX`;Aw6 zYio&{VkwWo%W>`!@!Ru*i$*%WH0p%vjQT4deb>Coi`R8vTzrwt7C3c3r;)MoN_<@5 z`P93<)B6fv6)4b?aZ;bK5}%+)E}2<=@#@Zo?)lt1@}iA}3-J*>rrUqiSA1WgNO7%t zO0?^_rj_&rJDDhY6xux|W(w?Rsnnyaq$k+PPSK;#)Nf%YbH!c7N_v7FtrjjXij9;e z6HOgsuG)5FWU1#Xvr-=3c?@oo;N>~DOnhYpA$y#q>z*O?4!DzRWfBW!DO>VWdu zb={P##7BdW&ahiz{}o;|;)PwrmSgJbg&99d#Nc`*K0%LM(p|+Xys=(@XC|p7U5HP> zBcaUy==a9>_gY9#u%n%l1}*7<-#2X1R#Ew~<={ z>kp^A(!(jsK}zH@qfx?k*>$1x)+oj7x?~Gq+~3Na@?>8zN?m4sdv?;dnSqN%16(Lu z;YR02$@#4-bTucbLvcTx?DfXvJxLHOL_u_uLZRs3J;d(wo0aB;!L`PIV%M#@d2tUJLOFdbCq^N94sTLpvj%%#VaMM^|jYR zdc@AzbRG8aq{%gQN~-I_Z?A>)1Uq>`jR3;Eo&r01Laore7Sa>!$hT(u-bk&;LDe^5 z&Gx}0j@dcnUfl*+{LMd>7(kCY_Deix*UeJbVv%6dTYn?uo!$sJAHK=?s(j+z{Adju zsRdX>!7@nciI5d+&bgZ(En&M{yZO;tF7gT8g$TL}lU~eee#74m0jqKsliEMx|K@>7 z;0j4SCZh&}KkE|g+tbsZWq%{(3=Z?{>`LFrs?(3wDYvzgGIdQI~n%6>nune5M6J1SWc+$E+&t{3Gn%6>nf-XaHqHBtXH9UBt z0zLadu}jT~FT^M4$q%Y0;?1ZX@WdyL02a~{?8GV^_E4WI6c5~D+NkNhkRGvfUR^yA zDzMC~U1P&xoO8x8Ur0}|qt)`P9_$9k+@jIENK$HDj2*x4CPs$|09*WQsW&?Bm}2MA z42flH*hDayr9H7oEc6yjAH7YcdDYuQEjuev_cn3LvPQL7Bolfoa|FZ6BcH|CPIBv8 zqm+{Bz_ks^n}VTm8DNZxG5+4mhPMqs*;;mQR5Qbc$=LEV|rB>n- z^u!^F*_!I%tr7k5$b1+0?p~OoC0&V6z?1i*?|kbsi5r?HI_az}q$k*!RI2!dQ`0$z z&Gk8_-+jYIs|N{lHo;DI$^u>(9r^(N?0K3FwTr#rj#XwXeIJ^SY7Lv1ch0KYZlr`w zNp*qc8yA30wHE7jKHc_?$#vEa#Y)w%G8aC?<^yW6$SL$ztN@HTcgbd?R=rKEvMY%j z-OYTGNN!KfV5B4)_~vO#8C~wItNtb~xf7_zDLTFLY(XiPa_Q(V)(rX!i&^wHXVcvY z)VT5&N{2YK{USk1z-gmr1m58&r(SPcShSol*UiXEd|cT%ac;&uoD?b0Gl^u0HXba* zC+Lw&dimlVH)IxRp6YRt%#`ABO4z-Av*g2Q3o?sz8VyBF{=7!#(DtA5T zIiIe!d?7u-PG-t%Im;@|huLGCJx$ZMdu18n~!w z(~B57^usnH<<$M`Zw(u%1z70^j50TEW;9mXCURM3sf5iLcDLoVocx8^5Of!oP1Yh0 zVHVx(a_if(lalJd#i9W&tZaoFecxH3srAi1&wOnyH?YY!FuC5xmIgMZx8s|Z>N9KH zNT+WoeTc8E)oqebbCo~tQksZ7Gd z3OyMly}S5ch)>WnhnSIivtYJ^o~fkPbRj-LkBrhv{rmh%K&AT3|1G2^*ojp-?B{m^ zD(t{5%SgQ!(j#_Go$H|MYf|-;=M1`z`9gYv9U?2a?e*5TZTy)P>>J?4@0wQay;+w^ z*L4hIK+eG2_lK9?DU)t*W^JHFjx{s+;R(QIKtB0cEjuunos>xTdoOiwBf9`A{SYVi z$){>pu!&!movL9IvCQ{XVxRsz`iHwy^ftxm^WJ{Cw7QT=Y;27i*d+Uz59@2dg*P)F zw!$6F*B)-RTUJ%6``eSrK0e!e4&kc5$zu6MmKry*sg2I|_y!imDe0Ev2WnUhWA**d z`61bJDbIWubw9x{`Ej)tlu{PNS>AIrm|A-e>Eb$fwVue|WMLureA}j$Ohgu4yuS12%FD+QO;= z7Ji}9Hjzxd!3Jz37hqvj0V_Q!wN3Q06UZC5iC9Q%G_$-R7b%7QVilsl2)?Ufilp*1 zRgIgn>VoU+!Q{EPCiOm;V~tC%(KCr?R9E67dd{0` ziRHuM*M{!cm!6&H#$qKtK~MIHX}Qn&4*qEtrvu-eSXWoL5TAf2E5#biN3Ze2jbDyC z&S<*kI_wMS33f778bX|Pu}bk|ux!vniXilSf*sA4emLxNmc=UU%r}M~3+WL%X4vJ~ z%a3Lbd_Sfy@MHWL)AYe#O0tXfv+oOEn_Y|f*4o5 zjU+>F-KQ~aVYYhJ+hD`|<18DniC<>n>)u9Up||eQ(y?Ogz+kCSh4Mji4_xDBQdxXd z%B9r0^w*!w`J`uaR{iag>lPr@xY2F_SH>ILWu9>^W;GpG=L=w4Y)YB+(*xK24J?Yp z?blX!99?Z93$XMCwkD?rIcLzd!1P&&kH!I$cd|#VBIZ~<;Wc_Dk($MY_=uhp>gtQm zXKC&%VxaOo2?Fwob$wajvk;$vM?&f8^7Pq2fXI$u(LJb(APcu4vB>B~>by#Mj`^__`uc@K)-rTCUIT5c_kqxoLH1jKU zCnLo$HV9TQHt>hVl;k7o?pJEuKrbZh_+$}qVM{7pL9jXX4^nOnlUU?aZhtbP2@}7< zo(14-#Lh-lUT|G;g{PpMWP?Y1hxM8dTuXSm~<@pM~@U zJA_)?)wIQXe$}ADjt0wo@j`ln9n6(fyFPk{=-gdlQNpY1VCEImMn02Hw>h;~B%2s` zW>3V>@*cDq0=Cp`9KOEiQ|q?7Dq+)cb-=n`;T7l#Hu227U=5r2WmdKpi^P)N@?vc>;Cp+vgf8+e<57-Hz(We z7#@?3SKLq8_H%bt_BTHPW96<5yhI~A>aiggctr2VF7|5~!)Ei&BQtHvL$1bcz|;d^ ztWRDK2repif3~j-JT_Bfb=$phphzMTaIW1EwFeNIPsC%KgxIT23ywkMW|X11|J z%XxP*jkQ<`t8BMdi$y;t9)QQig_h}~j^Q(U;cG=--*cv2&uP>{iUYQ00sxEE4_LS$ zGvriYhzfF!-3xQIx&mXk{t29o{stDc?P41oSPAqOpjCepg%I#>aR?=3>o0J@Uf{}d z_SC^*oMKkJIq2>AiK+BR_kL04lsWTyjTFHw*kYcV^6uEW#7k{#7viH;>5i=lWnqb zr)5MY>k_+5u79-y!oo$FyL6sfA37RVZ%(e89X>VZOE!ZkPe;~eF>ucb*km-=(g>Rz zpjp-$R{p|h0$7LuHm&^?Y@(U%32N9xFI%~_Sfmwt>lP!uowS^r#4ER~HEv>*y(^$7 zLaD{1=H$9>AxgZMR)=5Lhl0-+LpQLa^J5q+R=LJbM1s}ZlarR6N$u38a2PAC<;Bc{ z)aZ#%zB#DnBB6vC%v_)oX_Lv8hUJs8=ihD?(A2nrQS>DS5D!~ucWiX{@{n{=dd(2i z88o%0IZJ-iZNWl(w5Ks!{x|>l+rR((uYdUE|Nrg({-6Kr|N0;QPYV`#p1pNvqVC`R z`A`4+%dda`r=NdKp;1nxGgbA~K5eqAPbL}8<1NJ}`bbB8Gu#~aZRvm{w>v#8e|E}6 z+I9hd+fSc=*Q}z%Zf$L|c$PUnGtw=-P2y^#7vjSLYum0Uj@m&34;IxH*c?1j$PDsA zd;%V+#1qa9oQMc;uE7(L)S@n=C)klr$Xv*%BeL5V^_)YuL7z*H*eR86Z?~N9h~D|I zVQCc@s*!^F{@UKMP{M5m`(IH z*$G2UH&dI%P27^{-Ro`S6ky#FKN*|{?c$^Y=joMK(e4kPPBUgpvDb!id6dh^esE>jz@XC zv)TR?9)^bD?AUNNNp(2IX;4?2S>rJrptA zFwN1Wo2TydWGnFrdSVnaDD9hZtxesmTn;=Iw}b1rFQg~f(OB_JSW}$t2cGB}J8(W$|?lo5*BYs#+|w$hJzg zT;h+1U2T}8Zy!j;<&rQ|ilxXC~y=u9@qqshMKiM5WSA!c4!n*00`U>c7Yr5s?=;#*W zquomRaw{}^g`=?7=s8`^(_+osPX?!TeuADkq((OsSqk*z=y(sPMcJ~T=;@;P1U)iJ zcTHcR$`Pgi?&p8_~|nwQ={&m_`K*Ft=P z9=W7nRBPx65ouDdb$Y05}f8T+|8SBh(&^-w-{seHoAmGZ*MtquBNVpy`{Xl!17HU zfn`SFdXR20fBqv*74B$z>(c4E58CK%aD1)$-JSvG0&XdJ-QRAsky*7nvF(f7Atu96 zVc}q?qBmO3&}hK+#wuDa;35tLF0`+vC^E~hR@UQ`v*&h(YC}%w>I=ZU*oIuPQ?`fN zkn6plige!ZmNVqKooG+B!R4g|Ju||$?sKHH;VbdM8r^cDT(=YCl$v2PCv)^n9y-sJ z_yj$2NcR(5`&;0NLG(W>=@C2U%+>9O(wBb7N9^wyblh_0T)qB6dV-xerTf?OYZ3PX zJ20zR7zQj0=?QkQRT2%}?1h~6O9s@USAANd_dmBThpvt!&~+N*-O?d-z`B{@2|+U# zY-xl|Ow&AEc>Y391@x;6e_^X0ux_RJ@vaJX;FuW4QrnbE2dvDv9Lc-!dj|#VB$>X4 z8;J#6ch`KGvck>O(!|<^zL8Y^Le7RqTS_iD#%JlMzwlsK#oLo20z&^?nUBM0v6AN35^%jepPFa}g<&|Y`6S*`;wgDSi zC4*!SsI*_nYp>=e@yc>!8@Q2Cz;(Bs%4aKeC%N{mVNOYQ;JV-D=ON88Ec8u>(@)1x zPH%khg^s}hvSa8Tcu@m|UUQi{>!u4eC(`wz#%&=!u2keF+)7x~&XQ1GYIAha=@i$f zeIY(U&sn-;f)_=uiT>b7U#_bN72&k1$iGc2Sh*vTcTXW*CVcd(O7 zv{663c^tM0cCuGC=yWE@%uS~}zy6}00S14h>jXO)Ey0#W3`;=0u{isj(=8oQZ;SZg z+pEo19>}!#R)Z}KmK|AC=cx?$9&93*#js^>Q+ge}#o(g1Db=;;ZA!C)m|ML~*>$mW zd_Y7T3ip#{=~l3bRd(jAo}4c0Zh5MDn0g1uohSMWTUqs25PVYYDD6gnqtU`RxkpG9 zJZ)(pQ~n;QRZli>Bb$Kh;Yljtt#EUW-SbZ6ILGXIBz_-0rKer!=^Ayy>mynhmjRh1 zGIAna?^UeCN6U~i>3rzFq0?!?ESYJTqen9N{%RpULC;*$4U%3x+CYz#;`LJ*I>fr! zuC>lj(32ljUxMYVHuYNd$Sd1kEu;tRBj?qbf4aefZD1cMy{@MKR?-vftCmAAw9vCF;(gIF6Gyun`ytf&L=21d$8KQS31(Eb+PmQ1j>;P`D#nOAvsdQ z-QK0#fQ@7WEV>6BU{TC&l71s>Vw+V`0#_H>Mw$sM)6js0e=A^fy506GC2TsS4p^83 zf#p8Dg3TNgnus^8aicc`E<}I}lUv~iezn}H?Ivqn`3qw;aHS)X@H@Ewu5hy@6JxTc zZ)BCT$R_mH*~ofi)!#@f-VWUAZ_K(!6+5qX}$fcF9;X@gP-pOjwr_#@D=^gm?cmMM1FMs>XzxYiMT1R&JnQbR1a6Z3rRq zS$02~P~*y9*eLUsp&0vGE)YvfjR!v_Dx_epqZ+12s?!$JlI6LfgpE}i?Xg8m{ z5Fbq(wgo4Pm@+-W^DqT^B$Iwi=xZfDLC;)b?(Sd>7}mW&kCf7n0X1~6X%L^FCr0sz z;t`HM7vPasc1Um~K7!{Qyp8*rIlKl>nRv~&9x#CPEm3-c9Ziyq39t6Wo)72E>9$;2J@P_&f*t6FeJXQB?db~3o??GM>X1c!2%H{i z7i)ry5VjP&YHZeoEe%#IztS#*7o%OnCbC)fv=mEedFd@PP-1hD0dt$X=xt8SOW?QF z+w_%Fz{*0!An_D=F-WK|p0m6?IVg>q9B?s-qApK^SGd`lZO=|R>keFuCvai(E8J|y zER9f4Z!}=Q_5C7qRuyhym7m%xabr?GQleihIr**ywIdwER#Uy$v85!uB~e%6<7&rK zPR0iJ4&kwz0zDZjO`;wP@dE+tkA6 zth_qLh4chFu}b$`;S~6_;yE*~esLi^V#oZvox(f9b3z4n@{77-TS!l^W!)&>{?Z*= z%G|dVeP`0BS&}9)v%rYx+B3Pe&U|F&tY(`bnn0cUZF=a*>-g$K0(iJk>25sCy%z!vsM=>*TpM>zEAbIL=kC?7@>Iiy=2+~`In4ksq$k+H zGupe@M>rdQ&3AYp$JPw+LVALo2&el^-ZS3OJM#@I^;k$xumjy>zj@ap?781$>RUYX z^y`|<4@Sy~4duZmGzM#Gw(Lxz#}w`zg+(7c+tHM;DQ6E@%cW|aqkzp>d)v^|u(JHD zw*t#-fM}bqK`gY*345!H*09m00am6RaY()fv4Tw;^K+avZe$m5r6a_Ji>^jF@GI0s zYuuhxT!0wn9a42C=q>OnaZ`r=tc%ui@)t@AI#!DGjumPceXK%w4~Z>bWV3D0z01VY z%B{r5)s80@PIOsojkh5=RiI}Q(ax>JC+Lw&?jFKBy#;!vlEx$p@d-_rP`@0kf|HA#}J-$r?kHx%M$dHDSfsyR1e|MCV&SlV)lHj=(3j~zgx^|zZm8fJH z@%-1fyII7#y~Ie{lGb98iei%aAUL`JJi8$ z(9+elT%ev*MD-bV=`WxEuKJs(=KItdx91v@i@?R)6}Tz8|IPQQC2q>@s34mTCgc zU_Csc_ecpnZD}xAxhkNszy@sOBMxM5DVY!Ns~6fp3*p?4I3~A;7HB2T>)|ilKah{K z67O5Q! z$4{*)sZM&Ml|(12wr@qp1`(ZzVS={Qv;UFblec#xH*f>9;v{vp;E~e&_VD9_ zcgc`qa~m>qm=B!BbgQcVb|pTTRnCKoPt2+oojHZNCqs&(?OWz{l?%u_q%JhPLVvAJ zECQTq+J*S2POc58Q{Y*Rjj>Gc$?Io9?hEM&b|jh|i3!KEbywWae|jrN`00<>KbU&4 z6@nEr)GQzQu^cl9{9`zM3qw=Ql3{^Oylfb?G|wYRVh`#jlJhgaP>ac57(t-0tQ1Mx zJ?OJ5g@Y+OEqw`_3IKowkpUaGrmFW~2XY0#%9iyg<=nqp`ntb~PPTpAz)OzM?jml; z1$zZg$aknQKG^#f(}DuKO{h zy&imtw|v|VOzn9-a<5Nkt;9zoG^X&|vWhtevj%hU%pI0{R^k)zNFlv~H?<>k@DxgM zf3T9CU}qX(SMy+_{mwExaBeONXy6+R{P1F`Dq4*cWuMzx-n{ z;r>7UUiUYp@zGyENq>2xqUdi<@?Fcxvk zBojhgl$Q1!J(GwTmzDSgJ#&e_KJRNAw9wFtrkz!%W6yyJ7`jH z2y*lJdh`T~0F7re+Z0`VB90V-Pomon@G|Wv-%=<>7#+AP?8w7QwBiL`TELh=2PMv9=8aEm* z;KI#AUl~D9t*!LU)=P_lIw@F4(4()QKDsRY_WZ>3J3WeZER(%ESFc7n9Lx7bGPUVB ziEas&h4{F_yC-gBtu@|;bM*y!GEQ2eScy;2BbV%$#3P)mFVHiU)FCazC+Lw;=261I z`T{)hNdtj}^oX63=$adPgoE|h*kcM^CM|>kM&(AC33fDC$SgJKP?ajMley9{Ur0}| zJFE5dL*`E&VK(a_#2Oz^d`yqjhgS#K+^~rIBlS-vTpQP)+|5?7iD{ObVjp2USPt!@ z#q^?lvsq6Dzyiw*K?OT-Om=b=>@#K70Sghp!U$c%K2wI>-)G;zO~i7SQujAf3jKva zM}NWOs=tv`r%S1E8I0$}?ozmy# z{}$3CHrn<<*F8}<2wq@kGsTc+Aw9v4#>(q5FjLsmXzI6f1y49t>$2E5R!qglasO^M zjx7zg23OBa-k#J73CR^~Bp6_YG7_ynd78U|9T+AasMa=83$U;pfK47~rEMaY#oQ%q zOsY%K;mMce0Snn)7*~IMEo}P(C?(k|oBaK+h-os1uafesp#msq}!hSL5RJl34@MyiS#;L>WPR6Ul zTZoSqs5==?^Y_#`kVK;edL|De_?7qsJvlt>dpIUtfF}lV*YsRSPp}h@)K!P~Nek@6 zCZ30TE~F>eiBmdix>c$NJ>}DJ)~Z>jh4hG>v*|M7vJ4O;)91|NvhPHEbjpVBPpLu~5M#hDlVjr){E^5OYr~amvy{wUUucP!b{-TiBUO z$xJ8V(^hvUS@br-72Q_2iBZ1as&Nyg-2K#Yfm3m4d-s#`<64AzvPzuo!PNbv zJh@#OUWt#!D5uHwM8cDA$?c$L66t1fAwEHuQ8X^;o4`+&BzM50X|jalN_+yIER*^l zy+#TjV0L&u?ukz7e-_dc>_jT{KcVob+j&_$;~Unr_daYA*tX@cke*;CV`csaOP7Pr zpFK}g>b$ML7gGWa`i0bquX_{E4_Q283Y|BV#oW}e@)xeFS*cnqG0Sp%wOFE*d8=A1 zQVC-N^MJ8Q{(~(IHZh(z_j^ejV-r~fSla=-c=6uc)(SS5sOCCshg7Q@7zFpD6^h_~ z$~JP&+;>a0TyTBZ74oA280zE(7CLv&$6I7k<3>V>`@tz~?7f*~DaINp3Foo9pBgt( zt7)ljx|R#}iSEY+B&Ykj!{!>q>+5YWgC;jMMJXxn?q?xB+9FJzkBYe;KKz!A(G2~S za^o$0p(R|159qHhHLiQF@EX4^!MPdc8aq3$R(v5oL63~miq$hb#$SLZOQqAcke*;C zR$0%_np1%txW&h7+j@Y1V45^aPq3ra@|+ti7p7d_FYf%$3%3Gnw8hx*2DL1FZnkX! zvZda}zR;}6d(N$djcN1q{BtcPe_?3oEtU~_3*S)m7DH(AAcuI%8a8qYu$WW8Lb!rW ztnw3aHE!mUS*cnsGD-T&?1A)`*L17?CN8-bsd2OCv-qHv3!YEB&x;uc^jEs#K@eLS zNSHI_USuk9Q;r7B|f63EV-VA zdxdP$HF(aEv*5Loo?s_daS!yG8L8={=X|+M+U}gg`a7fP!RRCCg9^Qqz0xTQ&xA$k ziQd6#$x{w5-SGP3L%beHZzg{$XCLx{N$Juzqs+#S~Hj8*}PE`l-4SHl^4B3u7tT<^#wJZF7#@Do8bKuwJm%e*XBym)R?A zvo{o)h!?JL6TAF;cP$rq#r`5xz%aqySN+X~%(kyJZnR*S9;`y(?vN4H&vPwq&ri&w z$D!>POU{_&!?+*;pNMXLC+s!RqwKpo?r*7b@BMXpML(wU;gGl|MttjwORe$@k(zGyi$@~ zRy23yvZ8r5LM=(~bMfthS4y_qYXbVmpgauI;9k;qS^?{ZBt7B2giUnQsC)x9@l4I$ zhFBz+^wytnfAO$+F-SS}u2!#xO(}Q4x-(2qxUU8&zY$|uyA9mHD|i=u_(>GUGOpAe z4O#Ps8@SnmZBI{nEe7M{-Vg_!ZO^kDr$i<@r?AoA$R^-AiPO{XOWa5+|5R9w8x!pC zh7OQJ$DByF%~CiduBYV|S*v_R9b3W1fQ9&Iou)_BU*U{-fu2dkywys4f}Xi_AmR7o zXVYnz%`i=!Le8_BD_@9D&@-dd7qkAkgC2?HzIY)%K~KC=UmRXPx*qtPZ`W~ONRQb0 zjJggx@2_qso^$T3w7nM66YOZW^n^PdoW>xRQ=aqg>dASRb?Es7JMyjBf;SJCH$VDj zcEW6?Ozn8W{gsZYyC3Br!;dmH?*rbHlowc@g%Mb0H7eM|H1nf1Y+{%h>PqaLvhe6F z+zEOM*LL08cTU5bAFW|y_5rZiBLP;X&HV#g>bKBute11wqPx481ei|FJ3aaWTNW&1zX~0nD7~8`oc)7xXAA=?QjXm3kD`RB4y5u>-g4Ls_qd^oX6a@ao3H zJ3`lko^tW}Fzst0J;4rEOLB*Ae{4(oAptc^ri{U%3U%J$oxav83!1mK(HNGPEoinh z7`~jWm!aQ-jbsBXtSn&D{$T~1*ki()Xa-mqS-`^JSK20`nf0n+Bf|h|yMT8( zU9HnK406uP`!21-O&NK?WzGWXVo4P0c5lR(@2_#QA={pwl!r%u0VVxSPgE_(DYD9+ z>Zun2o`X_aL<0AVB_-PJGm7u?_3d+!O^sa6vzvEWh>xoslV{|$;?5g$3=>cJC67H zmGElVlci$ra3wv#mIZLmIku>@*;`Yd%#{SCGUhOO*(bCqn_vg4bv|7F!IzEy!d&7z zX6fOv{Ir*OELeZ`4i>r33%*kVUyKCv1)>^Hv71q2OM@}Z8GQ3tHEd)cV9`Cm!gp1$ ziGyYmYuHFW!1@M(sfG$x5S&2fv1-`JJHUFJ&m2Pqo0#VwtHuqSJ5K;=b{-3TPKunN zhjEiQq{K_PdC?OOlgLTDH}e^Vo;f>j2hcZgdp0qH0bKaJ3OBLIP5^G;20GExafo_P zmy+*R=6auJvF+nJvbrYwDBSvY)*)RgBN{A^P2<$^XkINJX@AFzJ2 zzdlTI02acPwuxyHk?mY&y<>PdcJuaUCbws#uww8lk;9CE9r!aa+udQFZ=^{hs8ND zZ*OPU;~O81iB#xUS(kd()Y^G6T|Y05RXuTsDFxq@qH$Y@kLIa67q7dY^JIF3o=K$J zpN05<{y_rE=7twL8XeA)>DTC7AE&s)+iUR&da_Rvzl!vPP_syYM&Sh4d0U82z>}5I zID%gqqCYg7JO_`)O3&oK7t#~#WU6e~LJV__9SxSAcX`8Cs6PzS6YONJbkz8bogKY1 z-#BFp=@C0-@MVYiVdm%jwAGnTKX}BU-ywcd7GJD2pZi8*$(o!YMLe+b$!UBUdNH2- zV{yeR*xn~HvjbQV){N&0c3|5c>_D?UvBWR)z_pT*SQuOPz& zZzyZIL?gQlura=YM{z1U&r9`B3r^qn2{|lZj8hwoF+0WS`&QzkG3pZU+!1}wy9B2x zn4+iryS>W05}%+?eBbAMDY*iV=ExGZEAa`qOudhsYJT1YsK67QnDzWDq$k*kR1BAB z)#<&i=R9ZW#ZojEaNZFy0c?HEvHQ=IKP=bQ@%eo9N^_#~L^AiT;Zs{hH1Xv+DuN&-u2) z;kIDvL7;;#GTk|@#7AR>NpNvJ4)Zx*cPP-ith##7h4_e`lI!-F!Veg#b{tE8v1|Tx zxpj3S3-JlMOo;2wo#W@cDp9E(dF9@7AwB_5wBpY3bG}Jmfd_I~4tOO!!Oo_N{tv!o zYt)m$Qt!Eto?u6_C1!xfPGmWzmksn((qP?l?%k{<3>S8uJTyJ*_;SwOjAbo0^?bEh zWEPYJkD+98VQgtsGI2{nTG`6fu#r=Mg~p7&-{R+n?U*TBc%D=n8vHRE?xILYiTN8a5=vMkBI{6li zy+ppkI-Jf*e&Bh$zwY{Kxxk}H-QM*<4R2qIfS-^6^Tj-MebC*-&2uiqM@xjsb8&sn z;}cR~*XUgaUH6>}@ew^G((SCyCnUiN^h_n)eJ#W%=#f!+SMI}aMrSKJ9r&C~SI4=K zo?u5SrQbC9oVOy5Lh-;Y-U)82U?DxhPL_&!%g=c)p~BAgihgq;J;Baa>-L>*IJP@G z-+5NZR`Hp64FT}&drq^P=i?vCBG$>zi>!&sUpURp^VMRBV7BM0#Uio(D5}9)KuI{G zO37rZ%=6W-kyC)xWL)b2ge%y@D))RfZsL<~`f9n%r2Wb4Ib>HgZr}4&4fdc5EZQH* zus9jq^OgNg3G;K)SIZ?9`RSKhuBQI5j`i&vE^&h zGH^d_sGid1e1vf+J;6?V!iKL&?+$xPo%5@ZOX&%AGEM3`SoGe}J20!IdFVS9(i7}t zpDbSp8%J#U|NXlk&Gtp}BxaF2b72dQ-Pkf>OM|&UX~B7FzN3bX1OqHY0E_ihz~-d7 zWtd9XoJ=?0QHv!`S-!9q>rE72h!7=t$)Zv+(aBv$jT?z1gUgfyaAmqZJ<67bIgLlz z!%34Gx91X*6~M*fuk_7EYkzurGVwwLaIx?U+>|r-hv4|Z&}^GFT_W~fJyKb%7c(i97M>LVU8ZjM8Dn`wGf}6 zC$oeNyoiGiJLr*8x(8Z{PtX&i)QPgjyaOJ2rTM!C9(;-MqK(`Lp3>+%Khf;1w5eV& zNcX1^oAnhl=+mZtY#}|t&XlA354RPr8J8335_+~dTS!l^quCPk!~M3j5#LF;t7{v~ zPyPxj17G`NtVT{iA8@6wp8^(+1h6t1YW1w85jIhcwJ7`JE7(Xefn{6=SeOGEA8ToZ zO(dglu|K|m&1rREwtVy@kZV3jDV>hq!VXApd5faxZI@5qo*W$8HZ}tn7677rT7Fr@d~x5=Axuc^<|d>pR?&Y?hEM= zJLS~zv|zJVd@pZ9apVep*pUTYN>8vwFP9b%reqTfq7~T1e0Lu|r4tQB+sKv)a3tFw z|LU)P`29cp*KfD*dB#KK|M2HO{qn=_|HFU!>97C#yBG)QBPSzyk9G{@zolGZe0rvx zk-UBB^Q87>>4)_ zP|z^8z{MJkE4mVfsZs};1J>5Z(id*8L(SIoK7b6UsJ zCXi})zeF!xrA@Q%{;lsC$oZfa$vW?{=>u3Kc;soVJ^s>w&)4$}>cu5^oh zgl6Pu+;K&@HF? zHN_k5gIrHrIvpQW!vc?;4%7D1SsUlJb+PkqU&ymNtwb|rl*}4y^7A7@?JtwT)Qz`_ z)Qb%`1{^dSCOv3&H_e7WnrRjpFMQO`($Vt^Sr;!8wZF_%)?k4m8=6Hn2hD~>6g2xX z&D0*G^*qd3;QL>8YWDV(Di7j4>?xY|3wBvLBs;ispkh??m1_^?EYBg*Pmy=qqOW{X z-y)e>OeWmOf(+5wHJOkV+Q85~vEHM5diLv{Jo;*E67wumQ7b8b;YwQEQ;P+<$v1tT zNIl?_ax8Ax99|7nV3Z%Y-H^-G1wD1NBPS-)R0aEBLuHl5H+rlkF|CPx)3 zFW2jV+a0+?B(1&f$n{L({VLIuY3X8>KkXBpwu_jHGqqVNQRlO>J-DA>Kpd$ z@*RBxvFOokK(j~d-oJ0XQqzPUa@(}9j9m$X+1K`YXc( z$6B|pUea_6-dZ!@i+Rhn5}f{MV-vFGC+f`b1IUIZ=r+uI)XgkES9`~f-dn!{cj42t zsEjB}^Ybg+k}+iV;47r`3)N(eOjOgMm5mdpJ*Z~c19ZCQ{h(Pgn!?E7t@Y~CO0#G< zwOH{LZaWp4MY9S^3m~)kNhO$O9$OAY%ttdmEuR(5 zGFy_dNgJD7gt7f`4VxlP0fPu&VJFQhuV52HEz@7a%3nCY1Qv@1u;5q)8~KR?j1nQ# zu#t7*gILZ7EG%LLo2ciz)*3gGj&;qg{^mN0K1j5oXDXzeKDz8@dKd`f0}izDX~+9F zNSG=qr;o026N|i-U(3l~D2?dbDbmNZ-NQg~Wk<9@dhUy#sag3y=xt2Z$7Gv)u<^E@ zr@lQs3gqTyGKImAx^IsmucP#q6cqLj%2HC_Dzm2V|I96EJ9c{xpC)fk8JI#xo%lZj z8FJ7KoQbwB>Sq2g9Hh|-d+TJU8?AyNV3n$whHf_3ZQzH)UF{HA)J^@Lm6pYSU8@!e z8C27d@RSd#ssB?`7WJQL7MLrZy&VoZ8L8Ff)vP7k$Lx7~d70v8&mcWiy@_K(8Z^@d zamokHG<&YTq0%hb$flW96EJ6C)F*S6%;b&BGhF7np0iYH37Wxs#!d&#G<&YjHvZ9M z&SF7Ewx}z-;D8w^;SF;m=C|0AOnnRvT9zlm z+Mc|IjU)vuoFrf|krixWDi0gq`7tsK^=gnhFMZ=tSb=5!u7XVr)O$obxRHLMuDuM^ ze!_{1oIUG1WTTfS%^^MCG=ZrObwIk!7cDysI619d$F06Ef%L z2=-9|mZ^;%R*gm=@>|bbEqp1~wTtT6d6U`DEiy9bHjGWw&3sPyqQHf2fxCzk>{0@B zW6ZG9Etx^dOUiIiWJ9%N3@s^j4}tGUNv*P|y^eD`@usPcBVA+tPP++vyNJnexj@6C zk}YrJ5zslDv#>SQXu_oFf;bmzn6!tkHLG%+e>Br9G9H>~*DwKuS22LeY9D;I(FEY}#|wlQ`(F1v5R#<~mQJ-rlfU%}q!d9J}&1XL=FY?h4^6!wT9*9H~}=NgPh zKs9dk?1JmHfm^N(tZ-%itlwt@RO9x%VpdxwIM)VNxXDU-b-u=pCKCE0-U2R!Eh1Ur zCSrNsqQp%#7`qO)L8n-IiEF2iWKyjK+NcST-_bgbd$38F<&=Tjur)f3WRQF{2An1+ zY)|!>`(T2;Z08&*Ci+(s>)O|8ZlO+dyUdA`OV&Ak=&_B5MhjxouXT$o3%UjKO8Kap zMKYmIbE5Q-OkbzDg*wgc@+>^p=cyYv&n8pP+q_P54+)dWyjdg@>NIQJ`Z~=m)M;*) z8UI_Z(`Y0UGX5v%%-_$;GJ`hrCYwALy`jfQ=_wLDPa8Vx2HIdM>MI-|p zlMYKw>~%}qo=Y`orkO>JN#Y+(G@DmxVErk{pS@x2t275|GtI0XOmmsTF!3%CGq2Lr zu;NjCIAmiAnaRaLu zO;DsKeST?5MngR&dU%;Th+l4K6$YM+xP?RP(eRHOnpC$r%|NKbs(dg5Rz11JM3yNw z&`rly%=f69+HYO$m2QE%k{3Db{3qs({(Pld zGKQ=S-D03~ty;2)r_a??;Z!w^Zx6eVbpFxknP}Q=?4X%40-C`9FQN(h0vBav=oUlo zYt7PT=+rDEvxZ62=vMtvHD}Sjie~oOH#EDlBXq8=nFhC^GIVK1h-1B=%4;T5wNQIk7<(C%9=|zo1`x}Ya^B&!C zy`+Dqi97V85ews;9@A=E=OPUsn((DIOHUBUkWWj%q#DeZ%129}$zL7C_*WBCfGIWv z%(M=h{MMq$LbvWt%%QqXhJC7AD)9u}=rY90O?1=ruQIdHEmwkM^&n7XKQ9X{TxUKk z$VfJMl?i>r&1&B*i_ zjG!4qm@qPdk$NxU(0exFk0yldZ|WRY!w@aCXtL5Q+D(04$wV^fB)}!kWX^Q+Fr71v zZ`B@8wAZpw|IfO*|dP}%lShf-CHcifgqFPSI z(+Mk@!n{CdEXP7;1feE>p1Q1YduH*R6L1l6SGd_-+qKaex2F~>1A@!Xf>gMPT7Dj* z#tqzJm_U&}Oh9*hJY_z#Y4nf=a$&jh7d7-ehNbsmx@d(UKDwJ!pE->(Yf-dHln+Mv z%lwVjS29YMGv@Kbq?@{F=*Hg*-Ewh9b1Da)5{-RZ>6X~$+dQkHh*=(WGmoPu@Cw}$ zA7$RyAbcq*qN|&DM=tK@TNQ`OWYn3BE20v9zs~C34J%jX`r3#Q}V?i-AyIgI#w4*UOFT8IM zGF5lZNwd<|R5J_7$3JR=KWG*i56!3z_^5Y#7ju?NI~tMOb>OpSi=~#TJ3+G$(GN?_ z0&=U4C6GZg5qB%15l}ca=E~&=D3x_uOmX+SCiisLB;-F+D3fbDGAb>m*nmwG7Ff(f zn~^)~8R~CVu(@WV#~f?eShGP$p($Q|vS+L3xoo2jb^|#Q5917X4uxUjD}|FG)z^tP z1{%psqlLtb)EKyMp%reTm0dg8&^H=K;DX+=+sUZgW~L3&6xE zfxth+0La`;IMC$=XfVpDw1b&aCoR7(udR?vMsLpnh2q4CI`gE9D>*T=8Fe#9VdNb(e3K5E>Byd)4w`A@MSW}!WXOJE?QpA~PrgrR<51Q$zA`MCk&ElOLc}3yQ`!F(l>BS{}q6>wy7|PspDKffD>sBiOb6JwWnaQZF58LJ4OkgBAI_$umu>E;Y_o(-j@{xIHM}wz3vD~U ze)qD?J(X>iu!(*i$JDrydosCRx4Eaf%?h`x+i1?M9_GGobN9NDBilu!6yJPedu7|qK{jzSu{=2BgBPNp; z+AJO+kcpobGA2Dp-DpQN9??;xAu)pY@d&5b5JWe-dICMUV_TTWu5QEq?>$_Q@ntpD zZBe%g?-;9m)J@|NWoDsUU$?o3y3PHvZo_rv!}7&=#ANDuOILHkyaoF|&YQ*~y4ow< z0(T`LbGPqi$nVR-4Qz zIrXisd$=KU%}D%T8<;R_!RrsRrWr!@NX4Y(%1s+|jr^z?1G;+Rt;OGL@!6w@Uh1d@_^IVq*|w zflXJA!j>_?=31oyd1IWTeFUy& z=2&nn^i2gKzra)D4i|V_u^egT8jp;I?geFJSe#oN0=#z@cvxpJ8L=b2(5BJI;sTGE zu~RL?W?RC`6 zBCT+N=R&u{$EKSVD4^S=%kCap(@0Bioz%Le@=eg~^lTH|EYb=Wc-Fe*Dv#)9kXc$3F9Q57GOHI`i6#8$5cjCX7v(H;c5w4W1LEr(`bkh-ye&Ga$UISkfC9r!3M6 z1aUDaagUR^Vdw8k+ssA*=$c}2_1N-X0Q*Gwa=(F!ayOU0ltXJ?LeoHL8G7&8@f zhK#6nuQ{g&-t%sG*yL!^~Ii(@%0WwaP@`jS4<>Z?W%uL?eLRd59xx$HTu z8a6UiwDqdsBUc4iu*u|FPOFCPB7ld#K=L^Bz9K3mK) z-3Vmjr>zQGS?zVy&7y)(4_fNRWn&0pqC!2$O4TdfA|*X42sO$Rb>ce-WXM6cV23$2 zK{t&Gbg|P8`v7*+Mnhx(P>sPUvJ@V;w{f3Ln~>Z^c_uh*b{%x8Su%;9S+XR_l#v=0 zsP(KgOEy#d3bQ8E>?%y9D{##;DhTz->p5Gz(Z-@p>~xqjjSAEq#XoAi>gO!ggJjO^ z@f0y5m*q+NR@Y3Uf>50-G>c>oY~)~ul^QhDs6hRDrI}F1x+i{;@8yV&B!)STbNXT; zgx|F@dC$Lu?pcmI+2u#N=_9Z#GyxW*sbC|QJu0YSBSQfTw;`~Mt}58*-aY?P!lsH5 zVBvWHizQpYrpnQof2nb!R|hV}7Py#~3OBOPZwkd_IiKBIPb$`#1edj)3Rg69QhBAT z);HKkMg=!8EX*z41jxjLZj3tT^JYEpl^wp##o7pt8Fj2JRhesDl$49Cd z=}jRMsWnUGpfG14cQvdviwf*Lyi@&2RFI2Cq8Uwx#5)f>j=IW%(6`#C>$hP{WJ9xL zUp&d*esns`QiPC${SRsOY(F<@e zRhlthxR+cs(z6Sj?vI6Zr!47w#g3X9b%W8U23&gLx_ zjr8p3BV?0L)TwTfk*97UmQnejn?(gydOHVT;$dKje5r|QAyADsfX9FbmdiyoDhPS@ zLbGHNPY=V16+A+o{aUkBGzxR3@MovPoLN+0 zWw-N>CUcg`O3*9>sd{~BvD9+Gh`EACxbakImh9^}XV`1P;g4*zsKAPD*P2DTf3tf* zp?NCW+f~$EY`&Vmd3sL#nRDW7Nya9**ZIAm8a7c_U~TjJOz(Y#^i6`zl_0wpRKmu4 zL2`!o!AHJ?2+Vw%cU@?k>Ol6oS;!api{Uw;g1-oZ{P0BlBPZflu*rzp?dA>KL^@Ft z08kfhwo*57>dQ{j)WaN{I)~Y2_rZ5+D%=z*+Slec^bM?HFku6l=OY(#WL$!MyUy~a zT8_PL_6VmyoC4EeB3=UuS2}sUM5cRX*xw);nAvI#CAQG9NWhFyqBEL*EsR)Pyg@$IW;u8fn@8 z5gw#E`#pePO(JY8sJ?^`Ram= zQ4SrR`5umYwHh}vO6HUaUJNdlK{2@b%Q)`UYTW2ec?WTe46&TjE+e-m`{9o zf=6W=>~3qrQW|yt6RGUw@|w)JEs*9JP#AA$QjB*hur#UNMHCAwaou$x>@#1z(T6{t z;hia8q*LRVZs71nZ{yTLe6&!hoML(Tr z9-r&frk1rU(LHP=gZKnJF^YbLwvTE1V&IdtVzFi=Jz{sI6!;aI`yK3DO*t;5C)hG7 zK5Ps_o^}YLoN_oWm!>~mNl&nYM-)q77mX#(ezT_E*4W$6kG*+*4F87JieHHS@e39c zzl2J1w*Sp5H25VG%zu-~!Y`I(?EMAmHB|!;6k@x<<1hmJ#~H z&;RhRzr-!y6XhfuHc{5ks=f1BHEW`CH>igM`KMo`e0qKR$rC`Wt4|g}@XM5YvgnR~ zGv%Jl0N~$DxhL}-_%|EC_5ha-;FBjk<^M95g?F%)yBU$hNs$}emCIBB$xc1=l`EM|8L_znZn@3XwmI&bNG~Q zL1C(`n{PiU`1beE-{*Vityfz1`uiXL@KdHwv^HqdBEdH^4o#)ECqLe2^5de-R03;l zzIr63RwJAdqX!_#b6fN2Mees=Z{F_HSS8dA7$2NJJROET|3N6`q zyv{xPRh!b8)TYhRi#tZNZd7`4hb*i7s!eGkwdsB0P6=%qjbGfkRc%HGD|5ti-qI3x zA^2rW=*3-8)uyNw`^k$sXvyb@wK)9S)*OYkA-4SGOYY@M?&VAFbuPK9@f5XUKfQ?c z^5yey_%}Uq>ESy*#dZF@TnSGOjB6nM;*TiYGWk z-ebBK&#U0y5Rz1F_WsD@$rm>{Xvyb@7mlkodw=Ai+>4CVPmdX%%t*H}es0AKsq87b^E83Td(80U{Q~^kj;%{~=+LIk(bHpw zCzBj#6Slw5J=H&@O^+F#9y2_76b3D=K8a10bW`>$z% zP?la!KyU?Yh1(*;$|^rV#|kKf7~iy^`)De~jw7^$#0nWJL`lg;04(+`Ya?5Y^dw{~Dr2C@CSr+sL8@`q+>bHJ;O`}$S|`bxnq?S^Bj)uJhg#gU}AlgLcy3Ug?dKm zUEHRlnlXdE;BqW{0+}XM=TYWMP6u`iIF>vqWM=H6R%{2kXOJiOKWfBw8tECOC+%7t zM~xV_Y?oY)6;7z5#mzR5YL0dq=^1Aw0+5B%ISypcFe`0d2r-bC`TUwwla|N{lL8triSj{7-KdY_BI=) zj_7I(dImCVRAkDJ$UWm2brwRs4P($+2z89QG2Ry)ZGq5lUe0sJup2{oMW+0qV=QgT zl-#%j5M;BSH8S=eX^NsvTOrH8M#ms}h6-2njGb!iuD&vdXhKVn2 zw=!xT^1Wg;6H}sBc-qs_YHlokxR}>i+GHa-jWW6_Kj;XR;=t%p)`qM$Y6rQqQSIx8 zIz=yaGdqp+jADMNt*V#WZ3~C4#-L}I-H^Z-$b63enn{*42K+Jn z7U~(LU-fM|s$I6|?Mlaoe|DA*(g9lP5z#?HB8U{*-IP13X7O-J=T;k})ujy;3I z3H_(vKFG1`?sAYu9ec*uDf=s-Scd`3R| zN0Yh|>TQ%AExknQ<0yT8qv>eAMtOQMP#DXoV>lG6Rrq0V_=*qfK}Tj#86N00lwm=@ z7$hX+0(4|gN1@I}9eS3e>1Z~pj+THyM;Sd9}Lh9lsyIuF=w};wg zi-9iIYfS26N?20k(o^|i9%I&?LbOQ@S?%%$a!k{+5jyHNMQWFK8tH77e(APx`Jr~% zLb{7F=+pB4=|_w{RU5~kXP7-+a4FO?ip5tQ?G;jQvpnhk&_y5aMy+BFIK4g^z_>(%(dQyHIgPw7=$;7~| zgnApMd!eSYncR);_BPFP@OQH;beos+-ZL)d;FZFI&V3F(epm0g6zbwEeq!$@1Z8SO z2V0h=%J<#pVap_>y}cBY)f$ED?YK*!j$!=d(oc~!5HcfNztr2xYJB&0%TsZ$D4-=A@xbu&rt{ zSVf$$_wzJwKTq@KW)e6uy?Cotc)#jrpfK9>^E7WiPxIz^8ng+6UG+0CoNXe65qUpP z^XA4L|0a`P_A{7NwuwazdGrat;63pR>Q?;>{70L9p62c6Y2Hl2pv|p03d@0QdY}9} z&6|!$+N58r`WaV8pOE4YZq+O`{ZYE-+s;E%?xnWPiZ2qcW%4U zJD(%JV)5qrn5xZw9r+pDx1Yg%a|b9m+^$z`_Up*c;Jz8bp(P&=#^6<({W|h9xNq8i zX_Jl@t#8dyzmEJ2?wh6zZMt3IS+lC2{W|h9xNkp$`{qqtw7z5O(1gyr?EmbORLu=B zO4BPvS0^Qio*EJD86%tg5V6EtV?>6%mpFm}mq}ji1Kxen<*xUqTO$m#w;BoDM^F6Z z-@&NuZ5fm3$#a2%vl_?1+_y}H%8z3Z*i2-)ISFsqLV>On0^PAASqlX|LdY`=2LrBm zcs5~?Vc=?rI))5`$&We)OHE|(Qs$Xann_;Gb6=FPj|sI#7^Q7BBIZ1H-%t777`eWc zJ(oR^-ls<3By{w#poi@D8{?FOU_%O_U_Lo;a1(`4&nV9*+!$8A^%%jWjy=Pyj15|n zqQgAHkS87CbG5rGpgYN2C zwD!=LnVSvdo>CGfFcGoadELZ?imua5KBCYwv2FdxnJ!f?m3v%yZAMkU>}q^+gx`td|Z9dpZnE zUu3y^#z61hzqPD!HIIGK#oo7XWH1w}_U2-s;`4Rjww~JK6j6Tce$ODyAT(sN%Nxj@ z&C(A!G!KFI7@8|ohjcjxJ;TDOJ(C~1-!sfJ2>OLhle|Rk85U0Qnf!>{G0a|PZ#t_b zv7*w&l=VfLM>xgz_NR2aK&3Cr=vP8ywAK9VAa^#*pUoE!u|)3TEPLR#A*;>O?@eBf zHg=)G&G21zjWtz%7;V_KBt+NJkkw=CAa@LlPvh$~|Iw24MHzcQyCLfW(W8u)I(H0v zgj0NPl^=EP8KwrkA*=P=K<|ySPtg&YJlIAMb?29xHZfs~xResR9 zFUr_s+YMO_;SO?V)8d=y?)pXoCLR)<1;MaCbugvOK~H12OjJhcAXPW!0F8^FE& zvMT2#aBsi-grAu&1~OMe-QSV$r*i?k2!!HeaN?RDdZeq>-BjZZ;NE)Kk*G`Ho?L$3 z&x}_cfWf6ko`mCm`m)MsHsQRJ5H)Q3J=M4b{`AF|M>zer0%qzw0{iJdGhJmo!=!s^ zgPm2~ z;KDD*@Koo=Q=K0=G5I@Bvwl3y`eF75|JTRLQ@kHf@qU=%?PqLw(dGkU>7-?Xq!(>C zm*?a*MuJEnhfZnxH)mhGNls$mEPSeWkrkoM?{<^?_->W2_RE<6otq2hYu9Z`XHuKi zr|(wzYHb>^zsH;8>o%o{*rweiKfYV#tF>w4@jc!oU$+@-jV!kBc9XpQQtG!~O8xc= zl&N$VwNgL5Pb{pr+4|01HGW}9RBeVB3;nd4 zZJIl1r<{EqnLB9zwzG~9G^93tj?5LcmVA!rimEy4*O9rwEu_?Dd)UZ(DQJuOoB+P2T5-yKmt_e0^rgC8!n0lbdysx6q^g@^!?}qtHE8++gc0 z>}f55H)!4Gh+$9FX1|U+I{a=SS8LtpD84?k*1cax_WI26-Cmz*zueZ*3|IXWwc>bs z%<$b#%d|F~vs*C(NPM<=`&i7-e(5@DzjTh;ubp*-rI^~(J~errqxMVZsQudUM_AOc zO^X?BAB!1UOFBpG7dTsuXI@9GCGV5P4DH`^j@qxCbp%6``ssbLn4z`gImJrdzXG%%+P-M9Bsu6aA~QZ-Y1J0TAMycTQLLn46#j%8Ezko8QL#jM_Vxi+-z#o z`(!agYt!dwD`tolPK>9;3~hS^-pI&W%+P-AtRpm`{gmDJQxmK$eaCE;?w)x50&_KP z;ennS!K5JBVDfz$jUA0bnznDqOj(*F(pd}Sz99OvJUVuTSYTs!5xzxadh=F+(3fU( z?|7+mUjWrt;Z^5VcV)s8GP~H2nY7$O7Mq(IA(~`aOnw|~`I{)DDb|L}RNBWfkW%ki zbzgd$8sQ(dMwk}cY9v^0FfJTaG5N9kA;h5&mX1srbDt)8MV7ums?YtlM)Xydj~+_7 zY(!R790QZV=(ATt_xl2=K0YknXIgIyIfNw`1BTtw2=jVdjr0uEG;A9KTkml5m)wW- zj$_~lS@eMwP0d_4(le6wN*542F%D$UK)pIc?yrP;#%Ut9>1^bIalYz?!s^n)+@^oyqH zt{dqY7_QEk{5X)k&C`P~9DVkD6zUnqh)dSHEg1Dv7dEdipz8C1N>j>@$UWo2!4^$w zj&2FDUz{R_aMwtEfmGjKY&z-_Aev3RoRYp^s!ur*S&M*!j(vgjsRvuy=&DUq$t!Ex z7fkhW#{#)$5O*e`vo45uWn$sW`de%I%%&nE*c+#)uaN3XnS!j=a|gM%VS3P|HKKvf zP9q(|_;Qxqg3%XEK2}4$;C5d^)hAJP3>caW^WN7?^;OeCsP~$B&;{#PdpaVCSqlq7 z-;)&`HQdmHvR4cPH&P>`=O+cQoNx-?|7rj)!K?arp@qukPcGmIOJ^bBN%SsJnR zUIjW$oi0v$=|LEd!8A_O1Yw+ab6p_IN~mX;n(fwITkmyukphj#+{ug1wqO|DT#bJJ zvYb9;uZ*Moz;&$5giM3afm#Xm4AZkO*FrtR^pJJa(JV_9hqWo{8K#F{h&+wMno!Ru z=2>)LRzf|4^t8(*Qmi}4=1jlI(B@HJ%J^uK;c6aZp^1&Cof8_W{4kI4HWr1r(i*bb ztQ};LiDY03O=zfYXQz?ghWWK^eJMlF5nS4^SR8^ndH@Ea&jL&zm$i~c&oJgEInPU> zo>Ae5i}iFI?VeH049h(0qK|iVq+7$ocdffU!}KHyb>uP}kYh!L10$_S#HVj`d^V6{ z35Jb`K4?UZ{Z1od)*@M$#h0F_oz^2fS6oL`E;YiQa10g$hXP&_3N}kY$ARl@7Rv%k zjuleRC_Pl&bX2>nLCK|#J;U_5E9%HNZtQN)FxFVKyDOodQ7qA13&q-mkU_u4)aFrN z!uVLsw2b()3LK{7t1Wz>^r_k~&#^*)F<@=75b7AEABii3I!4(IlBS~uXL>aIipzbD-|vOM zH!VV>{*sejM<6*?LS0;C=lQRNI-B%Xf7Ns}!&b*peNNvmZ$igKNQCGhE&#KjmqI;b z%wk>&bvEhkIedNHlRQVS zkCS|~RCcvq`y9Pqnb+>p*A6xbS=Bf&nv-v%t0r{^xwla51yB~A(S{WRW`yBmSFPpZb-s%CYrg-52`W(GJuF%|wK1#FG{XR#p?^H-5xpA~x9lJ=L*GPWS?k+;6J}0j)BMGwEFiKv{bAPW%A6k+| zG?BpbdY9eDjD!WE7ayb%vte}{*5~YbGT+8v5r_3Tdpq98DO(A3HjEcPWIwDI>h+Sw zwa%RlGh5#p(dbC;zFdxe$GDFfPl?M^epuiA-6l7dmqIba9woXOSt>2ymy7&P#s$a;jeK-%=;ow05^j zR~iq7W)&u{uC>t!+-u^x#unoJt7}a>uue|Xe(^kaJ45?r=fc`ALl`^4>xw8Y&J zen}Vfg*4tb8*bpVt6|a^B`4eTKH0UV)~1gK&ypAY#Fjp`$-SZU$StUX!cT@r(k4wCehJ}tgKuk& z!jh4kiJdcQ%Lm@YF8Jlumo5$~dbC34p3LQYOZ(NAAMB(`Lq@RclG*;n?<}@I2}^<9 z$KW>8#itMU8VTG-BfdxDz53P&gPN<3i9;C>S_Q$XThn5bF8lJ2Ew3)8HkW5xBTWWZjTq zY*l{jZBHLBT&exq0q*Ieb*px|gX6o?M$aZ*_h@TDZHRtO?rM(v!i8QQ(LT_g3nOFKd|9wlnKA&R4wWfZm=5rd)nhu_u=nt=L<* z+M#y()z=~P7Lg9-N+`3by}`^s{P7#=HyWK5DrPpdHry&IIRE={m@=DM8!`k9SNxc^ zHw;r(m1shUo7()SHJ-)bT@Vp39!SJ=aE=>nYtEw0_Qn7&^t4e=4+OMuJP->Jm)!+v z{|hRJ0(K9j{lf6#-@sJ-65SCyG0iFeW_MuPFE}*(8^Qtn^7zp1-?YEOAmjf!hTZ*X z|JO0>?oaz}h{we=cp_`}j@mEBpz+54bqr?r@NcdMhe-a7<^;bSgSHL-=6cv&uO{JR zWp};WzquZE&#e8M>%l~hv`52(Up`jMO5xvJ57uAtZ?1>kuWPNi9?k&$>SvR<`Q5%7 z@AgT|99hvnLeOS97?1q7@ezXdchbMGwK%++hg}0~q_m+p*iD4&O&0o!DahMDFfX-f z)6ib!P_i99L@oL@qPNjpwkcy4+w|!6LvY}4n+m*e5f@!)c-+LR{Z zcrvsUJ>3)>ZVC>Xf~rj+Ols5T$gTml)_pu^hN?Eh+JNrd2B4olM{WY!T{aoxs?B~K zx%oZZ{2p$85AGSNHbt$dJGW@kPc9Su^6{YQuiEU_k*9kOPxt6IV9>fdp^LSNX^#E0 z7gdgf6;Wx)UQ}tnz}c#w{W|h=PxFj2A86A#%e{BiX1|Vjh*(kdEDEBZp6)q3-E(-l=ioVls?B~K zdAdhGVupVD9EEhx+Rn!kBKqm+o)$&eyt9%jt+NhX^|N0`+@eC>=ZM)3{M*(X_3Ma{ ztH}G)0qq4F@A1w$iuFh6ZXdg7ZK6+T-EAGi%S!id9kqM$)+c{DpdE1af7`Kj@rIG~ zv)vI^`F3a8e_71X?z+pr75$9GO}1%$YDZSRO|y0Fg6dA2-8yRDd9ao|W@z65v47i& z8Q`#kt!pppo4m&i?VAYxZ#%XwRz{(_#|$@*8QOEC-sa96p);|c9!B3hX1ICGaNCL* zV%?Pe^gemaaPyeqwiPqPvMSp2nBnFz!_8xc+g8kgX^y({`hHtI?c0quiXJoEwqgbl zCbsD@!_Bu%H;)-^TQLKum)dmRc+7C~nBle+GsF@u#?xblo5u_{9t4u{*oqlqMHg*) z%y9FV;pQcxTPP8&?R+fovQ1w{9y8oLX1Hy|46)veHa%vzdCYM0=Z0=uF+(f|vrV5P zj~Vpa;WD0EF$2tHoOh2IS_{Tcj~QAjK>n?;pD?_!O^+GcOUBlw#|-WHot-wj{n5>1 zhMUI>H;)9)?F z8@hSSaAWQJdXBh@k8OI)aPyeq<}t&K3FE3wAxvu1*OA8zH-B#Ewi7elx|?TreUPms zwmz&8XcmH*N8k0>bvigGN+ZgD~fV4(vuF=px4v4L=S#97_N~ zcS$nx6^1+;b4)v<5#g(j8NUa~F|RBj%>a;Oq!Ba(bvov9_3Zw=W&|*1u`?q(Vx}09 z@rNWCd4w&=Y#1Y3;5X@*JIPGL2!h+k^Q>WYc*y5tt_*`0DUvUWAGKW>1}BsyYtCXv za%C8N+J)rGFwFvxWGR@j@Z;&2ORo2>4~nW}*<;3eF1cO;$tJ;L)*!id<&4|138X1I zOo;|gCz5&P1(1dDDG8{FPRnX=`lPWWCD(gLv5n>h6hF+f?1)LSY~Va*&1&pOE)2Wi zEU4O+bIfGSg<<+mF-gX&EHuwh|EabM!@LfFY?$H4F&BneBAp~_&UHg_N%r0?l`L5p z#SfB8viGi4B|K(Lh2nI2%I%WvrA7|xc~Sf*xiU=e9gt+rh3-f$HteF+{1`KMK1wb& z>;iX=$80tXlslW}lK!PJ%Sl)n2K*?wGE8qpl4P@C8=WFyXB@xveqeR&B56!t4ZREmRX%jj#**$jx-C)W42WW@8(o8>o!iIUxmTbE<~P< zMk)i3t1ylq$P;sl(tRzn!k8PsEG7*FgisHUS$!1qu}~3Y4UUebK zY7}-PSB8066&{(f-0|r)BzlV7M_7(@fOkWv5f(%K$B7PNW)F(w@yU}uy6ScssWuKl zL)bXQ4~i^T+wPa+DvbAh1XYG1&B|le^=%&R*_f-1Lj+d4i}8<=>n@4_E=$(+y(78W zI4{J)BQrE`h(DdO%0S%&sVBPLRVk;9R0isPNR6l?w9`o4Wo?6D=TGs2B4Z9r7-x3z z6jT^y2Yc$S`Y<+!C-WY&S}fU5$|4#2+}Pd1I6rEhf-1x8tab`24AYPfGt6unw$-zF zm6aEaf<}mx+rW=wER50s6H7LmwjsGN>Z;XQV#jr{jFJn3G~7m#@q!7_i1mMN!(ui_ z=GE>_inf6tBum^ODoU@ukYx2)b|jZw^QyP;NO5L8H@aULrq{BmCuUjJj!(?shz<~G z)p-Yg)Int&0<{ZJv0)nLU4SaX5T@pNHgmJ~%VZ~sQ--LwN^blz*^LuOl_}(CKrt^O z+CFzz%` zZJO5nQzN?Gkxf4HO;N@WhZB+l7sZb{sEmtu09sJBY5KV~>aMQ$o$gi}=Q#nqS3%lm zF{gVO%0c3od)*OIV zD`Zzo{D0*#0rpTU>pfRee(C_fRIl+EzzK zgGXn(VvYIVV$5Ih!x+UsO_J4P5?bQ-2;v!tpcvzCB~?awj32Lk*rkfo{kF#VwQ3Yg z4^>q|76}!wvAZ7Q$7>&Zl8eo{X^fwyNF7!ce>z2#Q6BThYai5;wf9qF{#xOyIskr{ zvU1Dot_8viP_bE5rhRZ(dpb(0Hp^rDcrJs+$SeAM|1HTp5PKs|Bdq zsN?x6@98M1+9Z$R<6RL#!cd=)p?qTIev2`D#gCFJgY1ai5of27$|yB% z)QH+;bKTE$P#I>1f=#UAM;%m#nPE5uRU2h1?G#iQr_dn zzT`%C%X4)1J8mD6O|#c3EFE|<<{G2F9JDmIKV^BbUI!|ooF*BF?-$Z=-2Ye@bcL-L9r zhgb=wA$d}+226J(SAywt!qkYy5q27>g!7QSZt)siJXJyETa4H%epEr_7s}kRnmbU9 z*xx;3uLf+Rw>4mY_kg{6Mj8n{8*z=--}Q46;*%+U7;%l)lj#f;1zkr_v0rzM&!0=G z^zwMTEnRN49v{+MXt?Pet*wUR>9D4Aw9!T-7p{iTUSY;;qm4=~4bD@9f4?7rYyOOc zIq=bZ%^p+3Hlv!LwWU(AbtaM!dU#6>JDZ{DV%*&?@ZG%_|L(>3R1(iKLtDQZZTTgJ zQhv!6!oRR1$uH@N{1S&reu>j3zeL0GOBg1*<^PIBFTY%dUoyJ;C8Ik|-tu>{b;&QE55M4a#|q<%8T#1iesAd+?=AKH45mri^m|KBUpo5HTj{YZ&s9I8sbYQly``t$ThcGla+~qqQrpj% z142K|WIX-e($nuPJ>$KlzD;f-a>?&4J^kL&)9)=kVXhWqj~OHBr<=;Bo64t~%4fW{ z)c2F8IrQ@Z|DSc|cb%Vp*ZFxorNV0!Hhx$~qM+2Kt)mAj(y8?avLNzHtifvRWgR_G zFC}<0>kpg^<=@1tui7l@=z$y&avauHrTk?UL3-AFDRQSxEZncby-Il}Ve&WjqKjK~IzRkLh{I2uE?>ax+ z6?h!3z=;i!EiI1S-$!}48}e{B`{_Qz!+nN_`wWjQpFv0*+Pu5Z@Nl2u;XcD-%V&_KnA)^C zy1UPCcc0-N-$!ZZT^4m})8^=oa4=cDyZa1x1g95vJ|;PNj_&R=+}&rmw=GIa@wM zyflS2eU98`xcmDk_bs16HiM{7_ZjZ)Gu+*0xFg}V(r5AO?(Q?(-DkKX-N$3!@)=@w zR>tl=!yS=#Y032w-$&^=U;Mhe`wVyY8SaRCa_d_@L(J`>pWY{bALZ^o!+pzVsModB z!cpi;uNrH_0Hqqj*rDp;UQ@r1P;77b8Zksil^vY=RhvhW^{TNUC3e+GW?w!vBF;TG zf&kc7BjHRVJ@Mjuy?T7N5?_wNbv+5r7a9@6DN#7Xk2(l!2FSXvSC0*Os)OK8p%K~s z7m@=%1q4rl=N&Q6yT(AzB-d2%LnHef^fml2W^umblz9P^UV1jhfPPi-HLR6fklteO2(KzPH zC@+Z8>(yJ5tIY}pQHCESS4LsSCvEF>>bn(mos7ArdLLHuB4dW-930S+_>O41&OHKDayg*7XuWw1NHY^lK8GamdWthH`LiZKbhFKE%Y|M3648``A zgdQbVhIv7hURF2c={#44;Rp+DYtKi?g<+a8pn29Sokl9-v_J}E znLBTYX~i*zf+#A|ozHW9l1;OqG-kcTOm)wKJkxeeuCY`8M1WKo2K=CH3Gl`4dV!SQ zeBP2=8KxCdq-}NPcDi3|nr5t72e!)KSDosh*tDk!W={cO=8@|%Ls19%ha}mo>4xOW zIE1%V`@oOduMAVylO)?J(-UcL#}QSI-S-D~^pdj{S)4AIdRqS#~om%Ts&J|S|=2cUAoqDU0 zYU8v{m2{v!i=Bnf=DjjbYd)zFTXi}eXN^<_TFs{@68M3(F}(xr^LVJ*>=abanolj( zr&2Ln-`HZ#)^|+Uh~!Ybua!pQ`i>bHfMAA6vaRn8$<@Z`%?N4)rKBeQwENY@c`?6U zr`EcuQwGK)iwsAL`Kc!w!Ljhh$-Kv`3K~%p$5W{Iao#KA?DFU-s4~op`Sm)rR*jvG zIVM7+yY{GuNak)$yr-Dy07wnXDX98sNHKuhdM9pBj9A=gS+rQ6rbKO;?Zqck5|b0s zT@;9@WUR1Ja%I$U$yptp9m&etot1|IQ>_j9OuNNqy=>Dvm0TI+ zF@3#StaZ@mW3CLdSc^z*T&8-R>!ra48nc<3wX;@Z{4YKIQzN#`Y&25*u$RaD_3AOb zr?xz6)|me*#{3mO%zKUbzx2{GxDBBrsM@R;<8LKZhIx!%uO8p+GX4p}YK;FCWBiIA zyIUEiF@70i3#yEYG5r=)ZIs9K_3p0S=Q=ZVHKzZHF?|hp3}dV@{g>SX< z{1#NsiZ74h>(yevZgw({HHQBR59Anr9AjmW$ME%Hw;@lpTWyra@coYVRwI>B9@Ezg zz(+O3f6f}IjEgaS#g9`~ z8KyCP%yZ*siO(I~hZw_eB^5@!QNc%N2ECt5Z*#Bq9#r)Q$?q7$S9~2KqU{L;=LBP% z`&GCrkU+Y<3Zptuu~~1A+3Ve0dUJg}#=@v~jM*!G9Ajb7TPtozyXvX$NG=R|Ys{V+ zQU7_Tk;16AZq(F>dU!UTp3Asp618u8wrC$SG3uZ)EXM3r=l~KuB}v?WJ%zTQ;zzyx z!5qCpZgN%c^P91D!be}#^75}WsJw*HLj;;`m<>iddDGJIRz_M@xu^n$o-9S zeKv*~1m2Nc+^RRK|G5!8SL`%WO_qn`HHu*oiIZ8b5&3tF$SZzSLFJc5{OnB$liwF8gGBwwf{50@xBBH zxZWOb*TA3!e@;eR!|m@FZdd#;;u>y$>*GljScU)+)I)woX2zYHg#pm1`bqH-iG7@q`~M|5Y?DzeI}sl4UNx#L~zwo;tqK|MY7l8Vsj@d-*kz7p{@W zzlln?V4v@jyUD6|$)7PLKtUchRR@4)(G6?5TmDRU5)k;@!v(sNJhuLOxL{o|6|OoQ zh3Zg$_xJJ6{4=HjGyuORHxM3j#kJG2CN zPgqBhBZOSF$xWm-MY!OlPx8yB1J-QSX0X`OPwX7rl3#$)w6Xjf&%S;lwI6$=G+PM- zs{}8rP=2{Su+OaeS?P{Fom=t?Fi$ub()!jMRr{~cSa~UkGEKHkU-p0cPiY;A^tkhA zW(@3bJCi{*Px030eMvHWqaDdLZ}Il%g;wuuHBy|}kB*ai0@p#;-Kh?0UgKj9mQ0VB z?{Uknd5n+w7pI^=SKh!r8qI*VJ4u0$0@BcsS8b@3IUi#nAQ}+@s};bOIBe4OF2ct% zV_JB#B{^7JNR}l|=MAl)*=eNaF+Q53BGZpEm)hJ@9n@#)K9)3+DT6)+9n`$VCuGV@ z=m<(a2hFobGqhUAkZDIQOH+KnurxoKDWfstkfl4$`Isx?!tEEskKM0~3z@PWR2inx z4RBiw=eUYwt4d=O3r*zEQV*;3%8E+QQel@%jfi{2jllQcX{6>gKAtJl8kwy|N`&X* z(GRUy+G-@&G#Ub&`KKLOqYF2CnhI`=YJ=c7x^?j3ZK`L?eUL+^tILvgYw3Y+Bps&+ z@>u=+<{Q!MWh^-4)_K}{HR(wU^o5+M?z0*#A?9YkMcnv=7o#e8>B9;i_Eh#KUI-!y zUX0`lAB-LF=FhwkSz6#@E(CbYr7r2noz*zFZQSU%}Lg25~wvE&s#7(w8jf2itS;Vb`; z7ZLe8{1X>2>JOoJ!EfjfhtPy~{UNG--hUijBOb9tmXB!a3SapLS4{95>-QC}KZySQ z!3V8eTFDRm`wbOZc!XZ-OdtS}D7R#J--aO7fwUnMpxsC-fwtNRJmfZxN*ink8W}j- z`cV`X`r+<_R_koF5%?(m@Ug(MYpmkDAHgO{8$x8(2cl{_ZRC6leXBxfNo{C#hLsX# zHzA!`UP9og4|6rNie;;fz)v2FNB;E*b&cno>O-99&<`)Z*D8#yHVRLViX1)m*fB0{ z*oCKZjEMcfCQUk3uW6@^!c$KJXd3%zAAULON3fZ!Q%wU3IEBd2xf!EocLW~-l;T|d!B&hn5xjHjB_-)f`q)GK{7uluxw{aHW4 zUe5EPg+7!gLLOqPjlxsUC}>t!W2dL*-ye)js%18R3bm;{U|*3Vt&ovX^i@`jhr8%Z*3Y+^<=3v;b+Sw zXN%~=MMhISGVC-_SnA0KjUri5`3XsL>c~GDYPm9v;h*cGaMUY_)RgM~Kh;HWJ9(*S z9T9~%5MbG9qA=9&1L*nBN|VlXQ3$HH0cfMuUckVg4y4#okI5-Lwbtphi9%1cc(hEk z7jPlYnur-C@#2u@W-kz%rTpS);~dHh^_}ud+Lm83R{6z4!ruu)`QH%smS3{o{o z`6c#5ez^<}ftCEB`!T@Qwk49$)!~f>-8m3>ftI%0CYnypbkY zjlc5G0|svd`&anNKU5G(|HZVf@RffaFwio>1wN*tWd1y0@W%Okg)ad!tuN*NBcZdx zSN?g*UW-gu_{u+jP4bO0fEB**?}bAf_5X!*;0j;(_ri`Zc-cZ%_`<&z4i!@cq!x#R&yinkU;+oa?EC0Os;DrOh3Sar>MFn~dV1*C-BhQ=i z>2e06cO-Czcv<-s`^}=-AqfRR$Dxc0Fs%(7bhp|FJmh|OfJ&cTd09o*Sw8|7Wi0&v z|3E=5eL!WWjhx1!e)w24aA+5>Px_H>>rflwM{+-Kka+F15$vMqgY_e0(ZHdez~vaw z%!?2>%!_7`{EZO1+jH6mw;kH>0F^$};a7Xk^bt79WAOl$KDDydM&YRksI+3@rMHDn z#}f8x>4z9tninmY*lMHj)B{vnFY&TR!_M?kc4^U~Y|D`3dr~N2A z^#GODNNlxHcfboZXG%`Ux#9Uy6@X7JtuQp5@g}C^1AQuw2^sw)4L?p59O&{ zL^$h5=Bbq|9|^;qHZo7`8}moPP&eRHoo0J#pPZ*Ql&3pwWS&wMMg1U682T0QGks*9 zQbx$yQ2*4fnV+>$c-FK6I*O2ZXTB-v}D30WCoM*IY21YH}!nB*ackUrF?#4vttG*S5J=O^9n^@i%1E@WB6 zfjB)?7cAlrrh0STlX@9e{!PX&zhpk-mn>8HB}0;5;#$Zr(V+Zds&ex4 z?TN{^Cnn#Xn0$L;@(m6!0)&!ZF2k?a=)F$)uPy_z1O7KpOujua`Nok}{;Q9}6O(UD zO`WG9G5Hn)s8b!MX_%X^!h{l@*!sl8)>~~~O-y1YBBeaB^@)kC9$yj*A9y-6{7+15 z_4u%`(0`+W-hDt|w8yiKQ~xcor8gK>cxG6{dt&Po6I;FfVC|*F6{Z1wocKd*$< zn@WrEi$#d@?}@DsZrZN!m4BYt`ozRm-~YnDw_-kV8 zjmVkEm+fSQFZNF_hznk}j}^Y~@9l}LcT8;ch;8}HVRMmU`jz{#iZ5U6N zZG1{%%f8)6Z5U5wmpxmzaO95t#Xg`&Z5U5C+9*8rFPv$@K#!*9{Rn$K+YfyVmHJ^k zWg(|J#ZCM$7R_~d!axtp=lv)=)jWkK47S=RJk`7&wP8G!bI5r=3QzUnRBA)*sYa|$ z*4#&qD?uOrB$Fl#G@x+akHS-39@G!zX-sU*x&A3Pzx2zsWRvxV(K{xkx;FUV<5;*~ z>`UnlqpdayPu1U+g5*x#8t3Qhf$8DlA?^UR8g7kG?BzspV|F_Ny0X~}BoN8YIkGyUBGicIOzX5A`NHwVEup>y$W7f#*vB>d`v_EFV;cu;{UDi%)5hG z+v=`Yk3ODs_#o-9k{fnoVl*%3W0Yi6I#Q)%6SmzwTx1m|sc?#8J>gur>TjZ#xD0!8 zBfsD_?cpk~Jo)p%xo_3q$}3MOec%W#@bzlZ$CFeaB&k;T#4D-U*&4T`ww;f14B5j) zKFR#b&LHzErgha{UUrAvZEGb?(t+DvKjP#Wj{6Hwn)?gCeAVB;tGINk5te36jvY}y zhl_cvv+2eoeL3LRxI6gpp3x`eQS3nYIUK2l^!Q4hpN%{CM0)VXXy1a%@IjWBk4`J; zky7^7MF*cqPmIz-*XM8*R??%vvh!yLpGeR4iup{`I%-~4(gVFnb#RqB_(XcNUUsng z9Mv5w>Ct%E8Lxwn(o^=t>W)4~F~mZ8N}kw>s)J9YC)Vi!2S{I&=c8-b84wHSh*oPQBF-o zgC1qa{D^t?aJwb$wIE!~jF@-dp(nBv-}q#~8>aYvFmmEX(#5NEcl;C6AmljSzXwNX zt$z=$+6IJ{hC@Mms!s4cd*t|1OFR?u(Cg8Y5g+ZF;H95}7Z-XZKT=Kb(ow;S3%$Y* zWIH-5bZOLX8$|LOqf&H$%YcMct0z z#j{%BxrYhw^gu1p3Lov5$ai`mxwOJZdLhKOr|(Fs!(U(PJJCr(n|tySpJb!m!$m%c zew_ZObvo70{ri}K5Pl%-$McIM;tC)AdzO#7B*CxwLGq*361?*RwN5MfkzYu8Z0L>T zMqVN9vxiH3l2p$gF7e5qgkSK9`Wg8o`f>iFmTRS-$Sc7+KaezE;VZvTcg6FITCN2? zW)9+xl(!*jEb>TGn>2csu3M*!o3^jX`9%9-W=6BTExhiX1kWrImxJK4f91_{ETR@!bz&i%b$A7_g-@g>*4fEW>w}W-F=bu+bPsi2 zJ>3RAk)BwmNvF^8B;9K4iFKNP>);dViFKN4`e=@0W9*4_nsw{o6X}U{nqd0qHOjU0 z9K_dLTL&Md$15r1%jub1FJNv+k6WgFneEfSC(;w^^n`OfDYlsQ9L(2~U4x#;PMkyj z`J;)xje#f1Dc>9PM0R4FDqU|9Z^%xB(>O?jp2*I8Ll6c}gKQYN6x-MD3gO%~ZjGbt zc)tW^Qg&E^dB@MXA*aB;q?-0%iCuO~SxbvMD7z_EXiL9jFEBU5I-Bl}&`~uKi}6-y zOTWa2Sm7hJ1ke8%#;c zqm$KO9gWd~`}gUkFxZ|w95-h>rRYc6XEzedU@<=uDo%I}>l1#5A5wo1@s{4Zf1lHP zHtfQ$6yE3lTOl$1;;CQFZwm8M1XiOnkani;$Scy;HZJi=T#LPVN_-NZVhfi7{GuP{ zf4)=H=r=|91@HVo2y4NQa#4b2#rcubke&Q!wphNU1?kt0{gAAh@eApdJ-tP{b$lso z$qUH>9`bk>-;)>k6d~36%kYo(Ww#_%u$FYsITZO{e)s2p`0-!E2aQx`2VAzx7CvrS zIdG5qL4r@TGIfk|;2x!vEqo%K<#^}u%mBf|k>qsjIdE@Bk_JAJ9(O`bR+02@BsrI! z2xUi-20oD<_d%_QBdaf47(A78>49E!B;oCd)=~qXNKaM^M-qaIDcO;pjh7w<8~7+a z2k&ttA?drEFVTBFhBxqu^u#(GNk}@>opy*R=TjJ8lT|HzB0aHA;~&S3^s63?nsc!D z;J#vzY*L?Sv=$TLiF6wNI4+{EgeT6a+8gvlcA}h|NYtAgdp_DZ@hyGeaw2KbqwE~h zR~viOf-T0KBK!D8E6JX(m5J;~w{PFmGQHr%im$6}wTHpe63Dtq#G466Vb>ZKxkh{K z#Zw9w+!)Ut7<_Gs$t0!o*0&Zruxt-D&}$Etc*P594;D?B=!V7fIYPgJa;}?84d-8Q zdq(hbqFLctjiy_XFXm71Lah}((TaO5^CEaLWh;F2!;Z49)#P4sIA3;-9ev|Fv^HK; z80_H^nY;{a-OtD-)~}~aE_e)RrJqPE!8<>4x&%F`Yv&>XbsMkXWozg8$?1d!AH(^a zF1p}-V!`k5BZv9DtZS(^$u(%d<5DUn3Ei>rX{`=*^6;MAl+AY0i=;#jIQGE~J{Z+Y z{FsYHWa*Bi93aGhSxC>M!baG^C(iS(m z4kUJdB0ahMC^VwZ?{Yp?=UX(og-@g>)|u}YvJkQJlX*|9!_@|g`OTNiM0#SKo-;!Z z<6L--6?+H0J*2#}%Pw=vn2wrxlmHfy+!OOB2ym&7w{76Ce0oHm?-1Cy0B`$~a zCH=D{F9-7FX4M`p8aL68bW!xP!;knhlO7$6UCG7M|?Dz^_?H8)jSw5~}uJB9;H=ACPv({U%Tkt7OK`G~P$+3If zs-~`qX@OT~c6qwH%NUOCsdLc4$6clr?qgTEgt(9T_s{6FDV#ad!nTE|NMHEk3e}@gA(ZreIx%Pw{=h^ME**driT*7SG+a9YpZ5 z_Xu7nx#)kY-A7JnOYb?ZZ+CLFmnWo>le6{LgSQ*F#3~EkZr~!VL_f}tRNLI@xAMzt zo3E+1xy4t0A<`%FBd+9Xek#8ZEn_^wZs+)G4fbF0u{6PN@Z%~GCZ8`0#xC`KO*Q+d z7~bL4HGLNzrNVo-uqQ_QR*V{k@8i+jH?*XN+>GJORldqc>kc?J{tiA^@@uNp*K*wZ zB}TH&rAIQkuiL;U(j%9M0ocU!MTWFyr(;iXeGmRN@KJgW>zl88d@}s1wT|;c3Rc^p zdENaR_(VD@_JFIedweK-B|XrKqV{^iYTy&;*?O7gWvjt4;dI_5?c$v`UpG|qM%7KE zM;nHFVRUXr_2iE9#5$BBxA2Md#5!|!HO{$aU9R5O;P0h@kJ59{U%lPqE6X%>3TRZow z2i32s;Izd@ez9-k1*g{(RB!Q-VS?v>5Z^NuWVZOoF~N(+%rl+}GFyCR8C%6Yy$60# z4uub)d$?@KctP&r606+TUGgIZ@kKwvTG5Y~e)HYX(!h@t%x63l$#^(mD||gSdQe@z ze7C|^etA&+nu6-x{MMlU)!v1n{>y&1k{|hn*xc59<*z;1dotQfF@AIFkqYz?iQJQy zcqOH%d$`CenP2Be3aWSdtwH^(2i31BsNUkM{qmstH3ijMeB~F)D4Cxq=UmLM#JAPR z$E8?(_Eebvh40sq2r)K!6Pfz0sV@HuFVVK}aW^ZWeQe|QY0<={x%6bL@ct}G53Zk) zk>C^QnOpE2uQ5Iy;6v&hJn(%Kug;QmU~1<_={dBoRnph+E)90P=Em){g!bXHckqey z$S*rB*@tp#=f|;&jq$PLNuPTMpGc3pBXOE`3nF%mPoHYOg!U0B?cfvXX>Zii63HJu zpegGlX?l#^G(U$=q$k$l;wFuKPTGm)qhYhtQU@QUm(V_(cB&EI9D51v>lwX)PoyW- zX{pRLhPY4XJ(u?DX{m!xq$k$tX~{lxz2)KTlavBBi%zOM8JJ&s!rN4ivh_m`i3{Oyl_ z`R9N6nU3kdqOySBfA_mT|LuSL+t1%oA<#em_?!Rw^N;`Y>q-A1)&$`k>5JXYSUedR zI}QW2Cg_^u`yA3>uVoF(UfDJ*Qj44&`pAVIHt3TX{L7pLbYO6X<>YIF6ukT)+2mV# zLr4cO;v>BT&*R|34t-8-M}8!j;KhX%yd0Yr{jY)ko0Za&d@;)_e00|QHs*S|N`T)E zS<7iI0e(AVt#R3a*&%Cdd2@ORs47JE3vr94}AQK=O;ZP)Z)2^3Ge*KNj8jR z;FrWf6W;le6Hy($^2@8@Z|RYprvLb!vB^hlcxO4|lM)AxZT=oEZIgb;TFo=QRqXOS zp|Hk9UNJvB(RRy;wz+<9lJ_vVf|oyJe&j@3hp+YvA2$>HhW)^|k&}GqM@~d_@~i#w zM3jCq`P_coQdK`5&)J&i81;|TD2FtBbJ@mcr!4!bH1FTO3(Xu>jKSghJWdB6Hql#o zoCo{AeUExWdL);fFgy4}dbC~oa4LOIMra}a!(!}_TKbuj7Cw>AjB(Xz?HTx9_W!x& zBeC@3CL~>~-_ZGq^k}#2X(0Qm`C9WiysszB4n9iH;e9-hLto($*J9}Wa8Q9|b=Bc{ zoEAQj&P(`!>nST_#LnkE*Yw*7vw=^fC)R0B>KZa)3+ahn`#5%1#vuA16tjhs^tv&1Dqx4wSPXTCT1Fs>Wc0TqL_qTjp2cJk!tkYvw zNQfG`rjPh=;;=}Ols zzct@dCP44uT3KvGkFrx9K)wgTJ9pS!cuN0J&v*27wrHK~e7A-rdRY!_4U4>D{|f18 z_K$GA#rzYrRQ+fA7F6gh<3UNmr}JTl=YKa_EO>FG7!QK2^XG;CJ|uvH*g2ejx3->VM>y-w@f*TjUk>R?k=Kc}je;8zLL>5})jb$QqYI z{h}Y|Khnwz{iImG;GG}%R?G@t`Gwp1JimB|Y=w_zi{&FlD)=3Kq}O=_@BBdiYb8J0 zuP@2-Y^{Hp8MRwDU)cgkH%xAF?l=49XAERy;py6XpL+Q+h69f6@7BP_El8Akz_I_` z!dpM#dqCq2lUt7H;{%E`L&A`u^P}_}(bu&IGN@20oFV zY?+=hZsD<>bLly%uV;)7K1$DFeLZ8`!lkT*^u#(nV|4I|^u#)?`MZUr_dZKucWN!HL{5HgZu;Q2RV(EeiEG|aJQwO7|G`o z7+u{qK3z7}8a@^Uwc2j8 zVKWbzZfhqvcFYbw7*HtF*@y2HlZu7<*@DicCo*X)xPwomM^5QiuWP6wYz&yE(HOjxmB%5GjDz!gQyK{G;8-qjPaE_o zJH_wW6d}IBCKUN`Geu&dqz|!ThEl$1t?NdPKW4po#cMi)Qzb!!vAWstu3^D|9XDdv zF#Zcyk@+@jSfrHbMj)aa*_&3nNu09Xa4j|(FcIrsLoW74OVtykcwiW<;N5G;#n2r- znJ{}XXFWMNG;c5FY~T`w{1U=aPbDgEzULYjNyPf`V()t{_HOi(it+K8#VzvIxcuFV z#P7LCyptR0B>k2@WI7@au%Kfu%J=x`T3?Y*@CNqA8+i1aFWLhkNuTQ5Y9fW^Wyro1 z5ItB7Ifm$?iKz}xdQ``*gWf}Nx0|u4%aJ1T_Vh^yA8l|7$lGInWPfQHW9M5)k7f$- zbfQE9pGc3ia)&28yt0rUt(8?M6CIy``UF zKzB5sBK4Mj?%)&YX%ke3C%j#9KJ;9aZw^lbp9tsG=zF62=%F@yAv|#ofh7t@ZcciP z)a!>kY0eG@e<3?DPCe`fJsEc-9GR2{Tzj&j4?HMfCIvqCu)F5?{Z&1e!$H?ma!26{O{ggPod8Et!#=?4u zcc8M0Jr5L!t>m(Vz>7PolLWuRt6X1i-*X8`uV&HZm-5}?S&ujI$TP-kT;h>ujMuox zBbwJcj&GtLv8gNlCO&xu@ltLIvWr|>Z+CnfZXq{@+2LM6WHo*{pspY3xQ8k)pTDVl zl?&)KY1zR?i=QIv?%ai1sfF~k)#*DY_Xa+Zp1Gvkl|C~eCuHoJY)r>|?_H`0ZRxmg z*uW>!BeV3A@b`Ooe_%28Oe|zvJNO{|k>c)_I=kyl$K}{z(|qja8#eHX^t1_@gM|C| z5=%QBJ9eByx=vgJpGZ&sl{%)HciI?wBAvR14SFIwaZY_ZJS4C)@MOi*w`>8JU+_^KHLwn$+t=Tg%b3-uek>c|5=|4WD;*X{8hD*V$M-IoE z_ppYsv2=o&Z?}deVwvx-hDAoP?|=iM=qByKHpcu-wnut7NAT|3;jp*TZDf_;MUcps zU1Nn$ymH@eJ?_k??b(?`;9(VazzqlW`!be&O zo{fmC9h@mw_{cA8RD0u2w#t3G<-F#QyZd%)T;h@Yc57VZk?6T7lIiF6*C(?)%*2a@4C($iL`*FZY>M0&JcU+}fCVeKeB#pS=0@yO^8U7yHK zoKv+Ui$9=;lEz1l$t&L*^h9=IoYFlc%GGt5A1&Y#9dkw@DcUO<^eDTA<{!B4#BCrt zVD|7xoW{iABZlTFC7=N@{4x7lNX68v7>^vOx7~aVO9V4tYYj`pGGA*Ai)M`X3Z#NX zH?pg)bQ3uxc-bKYFT2hP9}St{rOSdB8??elUNPQpkUVf`U*WSU+g5i8$8YPq#Nl}n zvhT5+Cs`lI3gG3phl^|y{fGz6`pq|F(1RK$eMnB!Y$-2Q$@Bd94Ved`4-5Us zHH$buxKGFY$Twt~`AIL|hy)c5uW;r(ia=1U8LyX z;|?N9IpDknu!7(ur7d7CJ&{Q-Yj^O8^u#HRNj|jHW-UF1;_b3_2Op*9NW2!QJ;L3h zbIqrKycOtm@QL(jzbvTu&~Vts*aN+2>*h_ECa!@`q{rRS63(!RaMu=NkH*Wr^iXCJ z;S=e}cA1wRatRSWI&5O!owRz9;?ck-(i7|SNvsD7P{dt4m!1OlxT;8+Z{VZ!7_X;n zxjKv}KG~6;oqR;+9u0gVJ+V%`bkxA?2v4L_FTFueWGBw4mmY4Hd?uG1R=1k{v^h9>z8_VX6GoX27!-eN(3EXePct7&RVLts@TI3aNcTYUdM@Hp| zLJ-?-(NcA%p6R7~!OI^CUUtY8K2nSE9y)vG&{-!xl1uQSRhFMaXB|G#%P&0Ruf-fU zvy_PCA<;E1Q_2oeYg{6e7x*o4H7x(cw_-#;;@B+aCxzujzv3eZUL4;QzVZvvFv0Ke zBbLo``upiubDoH7t>j039T%S0dW*cG-tI2L6skW8_SW(epFDlN#zj7few_b!I&7t% z$Sc9K!uUA!#P@j?_!O!ayz>Lmw-r8^t!N;NyZp>=*lQm8Dbm$(v2{9gSf43EZd@8A>ZkzwZZJ@GZ{ z9qEx^=I?g!QF;p9TV(c$kJfBRkCA(Fm*D_(@QL(jz3gkrPrO;SBRzRt>hE^&iS%T< z^hU`uLFyam?!Azm_{Mt{_goC}ptXtYNH;d+ zQoWemENwD?3h4Mgf6izg@DsZs5x z)G7Ef(KzG=Y~UDq_iI=R-Alq_4;Hpbaf3W6_DoT+PB$rZ&${)f*fT}NT6|=d;Kh05 zxk*v67GJrAK$qZURWIgN4tzdIVoCS(7CGhjMK-1>aY^=#J$cD)$!m6dxX32auX8`W z8`J4GMeiB!@5VeO5Np-LExztnZqPyw`in)FaK!8dY)o5U))C@ zU@8-Orl`GT=AWUwNFT&#w$fZQFTrfqOt7qGTgdwyEo*-DMjvQ=#vDn24{5*GBqu3T=AmUVd3FPa3*uY2WDW32C-)v^5j(ZB{TfFnxz$elZugnJuZ?Bxs zdn&4T|F3~hq$j^$ZxlaOWZIJEW6#D*HQ&G|(vuC-c;_>`y|Ng4GG+P+fDS&9o>*rN zVEAIlx%3?4*Q$hP10SX57{5|JT+3PrPhObny+Kc8C(a?Y0_R9is;A2>*W0TH7_M~1 zo=;>a#_4e zjSNVB+&j$*;~kgDtLmP^ayVb(I~%aFQNH~7iC21lq8nr`$2V_t-P^<|KGEzAGP+&v zZLXyy7RlP(6BiAZFhG1e+H+p%ZH-nr1A}CT6}&7O^CB>Ufk9IIVpI_MGWUWPe`-Qzcf5k`DlqLPjZ`o*)6Vl6?p6#3Hi*=JaCk{^sAM6+=-Qik}_YALb>)qtJ zuL!0baE(4R@KJgS*yFQ++jQUdKarRpeM3<%{p55 z?eMJgV&Ktk>4#3A4SJMaL-;R0JHGPSk*zc5EA#DySFXBet+Ua?AG4FI5AM}PULyM2 zutYK2x7X4VwRm#(IvFX&JA$8!U-?|z=_YbY@Z2EB)L!{q+~N7(jTeHKeNgbSx0=Q6 z@R3)77e)$R_SO|XGizJjC2YT~?;Nie^R+ck`Ar+K*?YLiCe{y5mZBe7?hE~-ntQ>^ zL@*xP=?Y)@g~|rOi``n`E5G323x0t(@jnKV%@Ya%5?B?XUP@z`rXbKDol2yN8@E*l6ue} zGUTxzTk`qXWy?Lru3lsVAEl=n`)_~uci;W~AO0K3M^Zfw{!f4V>yO|4{y+ZbKm7XF z*B4Jabuzppa&+=9KmGTZZ+YdI{vkoueJA1bizGzrNd3~ziD8NY8c(>qtpkthh40i2 z@QDVaZM4YYD?D^^sAh6|`z5I|pFcZ9H1LUZUeE^|F4+s!GehTxPztR70Y@yQgHNO< z?rP@v6~01wKK7Iju&j9pAElR?emK%ERNiciJtYIIQnG_jq$k#Cj#la z(Qoo((bB;E6!RCn^8?Y(m3}L~P~*e$5glCNE5A@_BY0VMD}3Y^GP_&rBFF#je$sl; z=Q@7-^5+IFMb`X;vz*`b0FTU%^BL!l^k}{OjDd2u9nDAMWz`9<20oFVZI?P-D7)K`o>K+->C9IH zAElR6foWch!jAN0(6l=Bg=(|`K9QbSr_~8Bl(h};;d}+(!RK8Q6&-vcJ+aQt7$}9? zk)BwmiHcVPpGZ%v(=&#C_fdjmr^{X3HXk|)b6*X5B0F;q%Pm~|JYQ}pSMa4Fl?FY^ z&Y1$Gd${(wkevyqJrCiWptXtY#5b1BZi4u-m~b>yeEfH+{O9c#1n2D&7q@NuMN8Ga zddum}CX4YP3FE=_6+SXe@UndhUL3U*K2lBaq9wsgmsj{`;RG)MVZpOTy|Azwf1;b+ zuUhN9BoHjCw4AS!KwyS$&2vd0urb`jMOuk|#D0o?gi#Cq)&#;EX(h%Z4Y$IxMk2qE zRucRUKO`EL@XilhDqhKt{PO!%8}l1^MZMkDcjA*hA+?s569sm^Y6HiUnDpcP$Hn7? zerlrNjlxNppB;YGM8O+rCB`FFwUW=%8T$`EUGO{nCh`VsI#zbQ)~c;^RFaVvb_S2Q_wA4{-CWB%w|dSad4JnY~T z>4|k(g!Yc z3s0oequslKPlPAZA&c^k$)|JSiE}vFb?AxgL^;)Z%srjUPK;BfH|UA%L^z!6aC-T} zFlFO$T+TAS*3`tt%vI?5C_BaYwSEmJuN~Pr!mnFfcz9CHl>`navIE(ELp1#;65qz) zGk`e6q6555QEw2wGIa`ZYpGuX!O z-=p+?@-3RkRGXIS%D5dN-tr3JuQVY_H*eutgl&tcLSeD5Bs5i)$1J+ zX$$FrUIbU?t$|OZGk={nniY79?S?C`kRFYgRUUQliS)Qf+8b?eJiwYAfGOwm6#&f& zbnuDv#5(mILmF-|^h7$g zmCa7)8kX2)QNSfEMe%u4$7fVTH_7QjOV#Q8q-eh2-6_EX5)0j?sJ`IcX+_#;h39_R z+%Vpw^Pe1@@A@C;Mb>az-R0??eSK#GW=`XJp3;8l#ZGHnWRvK}o$~YrVrRf{uuLmIi;w+KgPU)OMG%Cb2(2r zitkS58W;J*`tj_;Cubiz{YG91-uZ#M9V`7-e!-t+ejp{V!dHIb^#j36mlyaH-N*fh zEpr)*|D%PiPIiv!Ythpu#ML$2D6xwn>hcl7n0d0Irw%@Dexl3+j-B^|`zvsFZ0ni2 zJ2|SaMNb`kB0X};0^=VoGfo@dTzaIIB?UV8M0#WvE-DeJ!W$0@%|~L{6Vx4ilwP9x zrg;R()??36eJy(Wgs^<<{6uLHjZ0gmU&L7AQsDjwXs>aR zO`;#!)kHt6x|M!X;9l^~k9=_jJsI>{3ioMNoFDn(N{5d&i{;zJ4r*zK9};sjejjI( zwcaAHjV_%Py`^ z(`)-df5h#oe4G(XP&B6WchOGihhpeog-qDB4L9+VwJ$bI{ZLE`uR93+VYE`}rPIF( z0e7S)GNE**g-@g>PHFkdCuR}O$DXLAkA`>fiS)=YIx|Wc!zbM8z-J`qHCMVyUGwIp zH}FwOK;E<*@Co(>n)h01m!UH`Z?DeNFt9hb56thYgpo%`S(j$3hT=)5cUAqF#ZcO3cTYYKO!UM z{<}wpmWCZ$<{;sH$Ig#XclgLJknlBCPO{V~n?lwn!7n zqwC~nmRU9df6cLrh8*dUpTlEc<1(o%o3O?uR(UpIi7U~3(vN#|`LQjuH1Ii-TuN|c|C_tv`1wfgRX zujeb+tsjoZp4Pa;E58c8#zkJSevw09{pQEE(9*z<6wMdB+Yj7|Sj=yX>QjjmNp*f8 zFR{W0e#NP&#=L~}Wg{eE6a7p*{u0)gov?+EyHN@2i`Pr=!{c`=Gnbx>6tV&>d?Gz_ zO1$33_aP&)ke;cb!7t==?-F|DjnQEqWrj7_I?cW7A}z;^wGDPc3{RJ?@SAp&o+oa=tv!FXxRG zK9QbShw}!(cR8P5-obgJg-@g>*5SPI_+I0}Xr2viIiKF% z`NDalg-@g>*2#H;&~wg?q{}bx$a$khPh=;~shL$re?#rb(CJ!l&=c8-ak|u{+y%$$ z^QA6F3ty|c(i`+dcHrCp`_n)D{ZIe&<4-?--G4=2eEaVIR}s|X`yBCS4zcGE)(5(46i@6fKaA<{(>=V2Q61zQkJ+V(L&fa{b?Nve>d$_>3PzSZ_XNvuce#9(^ ze#CcM=r=vqBY5XW`Z}R9b>LUc0bG!o5&1j(s5yX(U3z$2@}-Anep4|&_usxYK)-hQ zQE~v58(Zr=@yc&YuW^Z2QuV#XkNkR%=ML8LBCkY0&X4@Tfw_J!H3x7(W`^fCUwY{9 z)qdHf2f}ag;}UZKe4@D6r3d=OLtCu>OUexh-t9-e^w9M`+OIFU*Sj-cmzWiZroNnH zF1d_fZgcY>!}c!yZ6fFw8G~&P`uuDQANDyY^MGTUgwA!7J(nKIrO(fj^xzN&_$WP> z@oVbi67n{BHII$XaARBfb95daLIiX8q^CU+_b*8LF6U)mIHc4|l!_>i_)C_e3+$oi0fEKbg#xry*ZIz5bp#LGf>vUGX~YtW;l^-2^lwM-~2-;s_uIE&GiTUg4uz^pc zC)UAVyu?h=xp4lku6Q`g9eN@=aZVR|%oCl}O*dRaVvL*0p37LVV+ zB}!R5egnt)w|Vl~{|#KUTB09eo#-dIF3tSbc>dMn;nx%o*Paaet?~S;$HT8F9^T@k z;o|9gK^2=X4UF$8y@li>dKM0eW0hJiNtM`(=*+5k4Ia=KQ{~YAlma z!okK~Vq7?&$F(L^C%)G7gwmi#**TJLXAE9IIAg%aBKw}s7}p%aw=>2Xmgr??j5RD8 zGxjn37Qq!aF3iVAOVx+GmKXO4FFQMLW$6|{_~2c5@9A+(fqRk99g;Ibx<%09Be?`G z`>)6simm$3u+Bs%@p@cq?q5nR(Pf)*dm7WW@75%Ky>w+LE% zK6~2T< zdY!{3(j&LN)JvzzlTGP4makrV2Op)ESU!9fy0g10JrYY_%YSt6iS)!Ptvk7ffVA)4 z(|IrT`#2wU@QL(fwbV<$hKTY)dNy8g7CZPvda_~arPIf@cQv0_r(SvopGZ%v)4G#u zh$^3ty~Oh2Fm~`!dXDA8OTUJ%94v$<(rMjE2cHN}q*KO+s|O3=ajX1-mk$4`_?yJo ziR?r2g-H=@Gn)igwvsj^uav zNG-vOF%Z1?W9DUa_((3n%O)at*^O3sZrA#cYcYFzOT=<79lhj05hB*Z8BAXKJ>;2} zzQ!dod9lb6S0nj1kL2HSBp)pe^IIeNH;?4suyz*ut(EyVkL2HSB)^j%4HwU^SAO4e zq`SjMejS;BwcaAH4ljL;OFJ#x#v^bm?)j6G7z zs>81he3V`y`RcQTQ2e>{9LbmJDLPy=@QL)qEA!GrdG|tkG+S2hb8X-g>B(xDmmVVd z3+dT-sh8fsC(?N-IBm>J525&l^kmA+OK;#4>4|mbrH4@bLV9AI#?r41e3YIe`Rb*I z^6qotC6KR*Z{QQ*iFC^N5Q$$1Pn=UPy+Kc8C(5ap9wPAz*@_j;A(nBPE zAv^I+z4Qh>k)7yfUOEp)y>!Gh{+MIww;aGXFMSEik$dyf*RZ-vdMx~wW8rA2?((<# zBF_y4(!3kwSa^qz)Z$%Q4znCfzoF>byuc10$;Eh&72k5KxWn_m9~Nm}-HBN4r9+B% z2lLr2_4nqbuW^Y??xnAB(P)W&nA4))91BNF!~CWgzTo8#d46&%yu(+1;Z=UYi-)n8 z-x|xmNr(;om-E~TANh57=}Wyy)XaHdUniFLbxv1rd4Y$m9iRHv@)DoiOJC!niQ@V3 zSokf+!n^s2yb`?gBgeu!eC3zN!f!bi-r#F2|K>01+|r9Ws=6b;NuojBKe4=-(o!ZTzVpv#?m|ZM0(_wdFeN; zoJuxsKK4j0^U^!`M0#YFRlM9Zr?QrwBl+s3ckoeqiR7E+#pFoE3(mmZ`AG6uhxyR+ zQ4B|iiJM4IR!hC~TZ|_M_z+#Zl}J9E#ST7^&a1~euU`5s)G05-?|dIz6KPpnff z{T99su#lcur(SvopGZ%vgO`4bLE%%ymq5NMzJZUzb08mH`YlF<&xI!+A6|Ngp2$v= zgO?8PuIzWywVt2hftTK)C$baa;HBTfV>ahAp5yo$2x-t0*@15S^yVGGrSJUd&5%Ds z1gl0~Z@DnvTuAY5#8h;!NVRWQklbk-b`>x*PG4Y$D%ci+2RTvI0gt_bc@OhUg1>m52hZ@R4xr_2A=( zf*1d1g^wmq@S-Tei|et%2h!;$7THT&&s#QbY@YUTnQAm%*~p~7JM)!d{Rld3$&E4o z*wyM~rC7d|Xx>7ZqA#JT^^xe8(ZR}7JNRe#@UD_`K`O za~*sleYRnS@XqPb?=jB*!7qS!O)KO^A6WM`rzxl_X|LxEJ z`llcN*U$g{|NP&7_rL!G?R&ca>J!xLX?tgW`?tUT%a1?N$1s121(Db?bsnal%*=nC zC}(l8Fz29tu@QGk8rfujyO8a=Yb@Yq)^^!Oj{LK$z-DX>tJ|d?vhVqjjh5O!to^58jFaQk-n=L4CU44r1kw z%UYYWKga()K7suPHGLfnnqgJJ4Z4Zq-h>T#M~;VboUkQ4bkQ=gvXVfhk3 zW!2sB$+ngJN40eEs#VRE z`||!9sTP-Zu>%_)XWqv>h5x_qIPiAxaVHXGnqkw=SCVvD-8<4Fx$Jeg4nC0{&6<4} z=dOn)6UoN%vteY(rbWr%g)4BW)_a7;Vk2()zYiS)p_ ziT9Y{AW6WNJ!I7Hty?6}r?&NUd} zWTPK?KFW@%hS~B3e^E1+n``VrPCnQHOB{9J@w2)D`6(dtG}f@V36qCI&#$XhJzO9S74JK!P_9i9TwygO99Z4+{}M^3dorb36D*JHhimh=+-&;;R3Vc!C#? zi9JL_6<7E~J+CBK>b>L|_|(palQoXjYsUE-nFj7Cri@H1{~wt(x~iNzF3Z5?FqJai z%NGDFEV=GVG|gd3}R>MrPjq&!FZo~sit00H)S3~zE3^E zf2;mi>LK#Q{YMCGg|E~@2uSdv{1rY?Px8ZC6pC4g$hvA#q&ucx_tS7kH(R2q8nj)wt+1hcV5iW03W5tqyv2gN6)0FOB>)r@*I}u zpbawr_Xa+Z9&FlVH#ctCT^OehI+8vrRlnqZOt`gK57G> zXee=0JvCg>-VvUtiLm>P|H*(Lq=HI6|13LjY} zc-J2)gjV>-wr`|z8UnuS^mX^NQCwto zB}>aHZQ^I#v0Kt>D%=6yH4c+7_gtWa|K=&tlgMoU+8@QL)uMN3!Evz5EjlL6GH|2p_YdbER|$#t9l+s zRnHkdvQF^gwX?{hs^<(JXvgOwJy89i)nIxK%8K~YZ}SiW^`r@Ggg<=YY&vh^KjkI@ z{iF&0|9_w|Fx{MSE<5c-On*odq6a$QajnZki?pQFg;j&uNbbX*a+ekf5u`J9j&jEu zdlwTT+(8ZIpv0T|G;u(RrektMn!u({#k(Ncw23mTz*nv`f2w)>;oJA}|HRsUUFEm5 ze$;^nI|?gbeYccEk(cH9c(H~R3O`}BxC{A>2DCIBFVYtjXbC+1jfQ7_qoKnG{&GCv z>2>JOT!-G_19^dm;x00#~gnx6rHO(UDS|%3q+q&O@f*Km#;z>%B9Ebe1yv#4=_CsDYrzi&}o*q_r&xxl8o+GByan|11 zJOmR;(d#f)}gIlaLcv9X|0-%D%REBv~!(H;$qvASDzZQoe5E^OMq1Tzvs= znhG6^;ee}S(ZEN?LX>&H_1t@uSFfZ;a#>N^qk&JPN1JAaT@PW5`c!6iS)P+f7#IuPe|-YPjt1TTLYg+PjuBZ+~dfjrOpqDN_a?a zrZf%L!6(w=-fTy=BayZe9(ZV#Vvhzrk)1fF2KGp#tz;+4DdQXTC_AQ2e)pH3e*Eo^ zfBENs`I#pFSCr?T-ClY8>O%kJk3awUfByXUKmF5>Kk?sQesz02;yLOm!4jQ~$->lQ z!jUvP#yGbf&zM-5G^obtmoymJN}K-El0Eb*Iz4*Tx;i~isUkGK$$ix)au8qa$~{qe z^z~HN<+!kY(Z{LEndOT*E>h|O&&dPGz!$r1! zqgmxHb6bC)>d@R*@pO5XhPOMPDG~D}F{&-;>E4KFORTwcf)!y&#%|Kn_nZYUR1v)R zjClluw(I?oCvH6mUPijYM;j^fWsU_OPg-sN!=6r_wlGx_IM;ourbG;?arU&IxMm;P zTys38V&bx>ODMh-HL(#|xbr+N6&!1^u{t@yqNO{}n4vL#&b-fOPO#{Q*E{%Vn{$Fi zOLv|zy>l*||EpOjy9eCCC({BhznBF;;9;rsjF$oNH@QL(j*Q{*)8PhxG(i7Fx zjqBhO>A|{9n54eV6EC~MHL~t>Op10-{flQzQW$ zvd%Pvi8oFr4Z>~xMGdk*rz)cM&!f`*Sf_LCWTt{?4SJ%TL{zO0$CiYdogT`c@tVmG zasl_LVH3-QZ?utEs`0iBSYW5b`S9i=?*b{_qAd-(kksRtws{xvc*`@zTRMD7vIt)G zPL`kIEiJypYo55DFL>FHZ5I^3K*Acyxs0z>$@slc_?ZfYTltY~(tp`IMShG|wfM+4 z#v>pg_~dhS{ZEXuc%@1cuV+rV{3!~%fV+Wq1YFkjne@myFB#g99xb0} z%YCl&`T9=VF`pu{jnY@vHcD{w2nM#t{0ZFTR!)s@N`Bb=&kjCXVNuEmU zDCI)z`I~3Vhn}vYlnQaDyMd46$yZFYcH@cnEjF~75+Uw%H}Hw{L_~9vk547pXCm1| z|Ccd>7tNk(G(*}x~#6A?84_&h$9w342PsKL(;K9Qb?s2=+9vgJy6;2{lN9pDB& z5uU6cLV(ZXUCf2>oFmZ%+@MFq^h9*Ya zdgJ91fAS8cy|R3eSR{`$Z=LD0)N&Shp=SNd-7DFtPuocRv$Mb&7I{bB$;)0=p znRkGe2Jc8x?Y8ddgLHBVU7oaF=xGwR*!XOp-Ae4?2@?$mAkL}1{UK* zBo6|0;R}4seaPG)GAQ_sweyNe4&Z(5AVj#5U%7|ymdF1ij`qKytdk)Ev?Tshd9t+7X=W~Z?ZK9L^xQ#*~lLizOh z*h|7fS=Ycv=`mq3bEx2xW7{aon0r*%%XAUWT7;|nLZxH&kGd8UH#M~XLV;s$V7e}4 zS9YtQ6&f9UqM^i1Jz>4@G{=tg#7(Wx=-?CSiJN-DdL3WMT37|~h>o$_Y>LM=bbcZ| zaZ^uN@Zbs=rkc-53_W3W@KJiqVpxsE^Z3fuV(2ktah$Lk_(XUjou05zraCBYIN8FJ zcD?Hft3gj>C(7vw3)P`JvJ>O!YvIF5}%NHjs6tU*cG^;m1hGp3n@wR}MLq|Pf zy>iNeFCM=1VHQ7OE!#+G3%PO5Ug{cFPZ-FtNEetDenLV^gO^&f6))si1TQPkysQo% zsmES2ax9ET-e!f5o3Y?Ukl@AdTHz!81TRx0c>Yhz@v}H1zu@(FL;c^F}Vn(?ag<#a=ia<;ZmLg4{hw>D!)+ND*D~wN4(Au0lWeg;P0PuLdo7m+X}RD_nbw-bY^S3zH)b`U8|vWSgEo#rlHp#abunC{Bc+(ic; zH;DY$m0kvY9WQZQ7Sf|}b8oqUPoziN=H7D1SuLbT>RImM)xamxBlCzhvKhWY(rF<* z63=oM9eg4^9W=DK=oNBS3+c(s$qNune6h`WCnnmA(sQChzuWl=IjeK&IZ>f`mJU9V z9wR5H|D(?1sg$Afqd%74!ZI(sfls6-)|nR`uJSF$o>-@Oj#mSpNKdRYFFd4(7Sa>z z%nNVe6X}U{dN>XlqJ{88I?Z#u8u%zYXDZ-@ze0lOTzJk@=+U@APh=;`=~@rjrG@Nd z=ir6E8uUbVAlzirxWe#+l#O?$*)vkY;>)~n@#e66WaAvX@OXiPTru^G*04l5?kzh; zYgnWjITmlP(0=FC1X>y#6FJ-k$Kb8?+1!$tIdd%L_;*cBygfDX&Z&tGUmUx)rzYMx zHPPWC<9Pi3So=GtCOUlNoZ!XXrj6>IQxhFNu#PI+_`Q|4rY0`--pXr1AJT>vosfkW^(a^E(JvH&psfh+(Qxk7b zO}z2q%!0c$HStE(Fi&AlO?2`r_dGT6Mg{One&wF0Cf;}?Wra`Nqh5Pz;+<0yUH|#t zZS5m?zs0&SHDLl$Y69Ik+Q)YAj;RUbfjUUc_UTUg_m6xV~< zK1yGuCUhpldnvArxf6uFOsO#Os`Oa!j;RS7VAo>erXCF5F*RWgOu1Q76Q&{AwX<6` zJCeaYaBAzp;2l#F=h725^V=ez^qJ^234 z!S@EAat6y~@M0PSFO*o}`Oj_E7_T969)GGe zYWiQZ6mLYhSw8MVtmG#m(y^0)P$3wEU~<7-kAKSAG) ze22KNGr#c@;#G@Ti@F817xa**dL9jY+zNyXMh<(A@*RS~ z=h90CgN-{+DE6*2fm6RHXD~Dc@eUUl7Sf}Mv=l@KAIB~^Dj&O@2*M47g>>fJ0oR#t z;1lW5D3aEoIy|^1p3g#hwuX8RZQv8>iFKNSc!%2(3+Zulw$Czj@QL(b5+|!j?@PZ! zVBNdZtjn0xn6#*&`ge#|FIx;|bJn71T#R|1u&$4ZuIA;3Ft>y3$MPL)TgZA9XH) zWv8op`5}(I5T4j-UVa0g2v2NPFF#z8SO`yKwS^{oS62Mg$cW$P1J`vHBJK;>fvWbR zC49@`D^F$Tw1-A}!X=4w**Wc@roBOrI!{kn(Z2sd_>WA@2O&kW>6d5?%xe zKKa3&{J7tWeDi}ph+wYdM}{#T;WLq+{NPT0rWzlpK8S(QuPj?UpXu`W#I#0aO*w3% zW!2VX`_ZibCj`y(t43Y535IL>w?{=j`lxW~@of9~q`U_5F{}WLvcd;z^hs$AdsO5T zB6QyUx%9Mms)NwMC(?ONee7C!3`VLMx7nIYkJPifogI84Ju=T~9$b%Y_|KaVTok6`>$bvTt9r{$ifFF?=KE4d{7SdCHt&K9FBc<*?7)+NK~Eo*)=X4 z9Jng;gX6GtNWivNprz_}ebU=ejK`5u@M)jw@R4PL=Q-iP;RnaVmHfyv!HanjeA?$b z`O(_p&5{p_l){@Oz{+y9W>Ve>=Js1cZzrrDe#}S1G zfn(MRUkQin&w>}~uJD0yaH-~$%J~bu*Y`m|60Eo3rcQv|3wK89oyHD6n(uslLPL)q z6h`exPdw94_H^)3ddg;4nDB#QstxHWnPGPtJNQI8D^^uEaRM~(_d#t|?oQ(bNFb+g zQEwjpq80-SXMN-?kQg1xru1##*5Q`$l@mta(fh=N#VOw=Z$`0v?xy-}0Y1@rGKA*x z#)Ei(kG@LEdbrEmz$elZUG=gZwzjeJqx6*XaF=&x{b{L=(q+dzG|z4bt1g74Psg4z z9`>9`2cJj}8}Nil>c68bZHw$N-7#qp0kO|7X)svKNrUQ?|DqP7yU5=Gp%<-n7m?pM zs{1ps$4np@Rij9s{3aDU`Mi~_VR0A#MxC$&I{jisdae#F4O>}ChX`Ig9v(va4v6+- zz^8nO;AOcAUc4yV${P78AtHDos^G;RSmF84jrfAsNud6V$Q3?Nm&$~hs#|)Oi$jN8 z`uGP=g!r5|*{$RTLW&E46B(~sTzFjJBmMll9&5fxD){L4RRrpk@e{ir`^bksvAd+8 zgmkUR!y#PbqQzt{%r7f`@H*u}1u+8x6}lIf>m?fMNjZS^o8^1G#3$EFbofj?!t2tZ zU&)K>@R54o$o=Oo$eN+=X5_K658T*|nB|Dvt*7GnVUCFfH2(^f7Gk7bVB?XJlIB2M_Z2y(rMpgGw7YS_+|L6$Jx5n zZS#QZx@_PR>4}?Kn)#7!9)9pbdg7+VZX5VSdf=u%o$x``&rKHI`qT`ZJMu2*H@pjXF4o-`D7n{-$VGO_HO|MsSfhR@K?lmAg47<_D0ulp z8G<-d<{dTolrUku#pmc3H@%XdZjA_D=)v;wR^m#2Vw;zZF4dhrxq+17mcHehl$q>r zG6ePvFJ3@QL(9LcVco zk||Udb`4935Z+Dg78L!8zMr-<_>L(P!g!17(XZ(HwfM+A!OOhx7M7xVEk0U7!HdNa zytriQ4Yc^cJ|ge7y5r3c!tLujaY^h9c@f$>v2t@V<$Q&G)@}or*kl3s4P2y?=v90} z(W~@uq1Pc%foPlHcX%}|ZGS>o+o?$mNnlv^`hU>-$_b*6}Ok!?e>KUcHh2Fnt;iFA2 zISSnpVpz$#KbIcKr=_4IJ-7k^K1xrS3M~aCc-YGWyyk|}2UAB1h;sXC{-LD5pL`gC1q){DfSjAlbWw%jpSqcpCIXcH*0PC&76`H|nu5-@Y*K zWDSe_;&0p1xBO(sHha2mA)Fk3kf7NGB~o7;G`naZ#e!z>EY}PqagJHT8|u0nB@A*w zt&(&>7HA&O;P^-a+SVy;Fc$TmGSoY6!l*; zwZdofM|jKwwQLLV>sa0 z$U6A26+xK?9B$twJU*qH8c*vO48#l^a6~dY_$WQ45$LwRj$LT6G4_1*0^bB7)y?4( z>5*CbO%Q?y|Kn8iDW^aMDcbotd?G#Z>INU;f(p5vu_xn(+F|NEdYsG%P25C!uyK>) z%MD)WB|PZlM3^66E<$gm!mLH*#xH3x?YDpTci;W~AO0I1Y;b2as_0LD`|FS2{r*4x z=Rf@V*H`gEXaS)%Fa8x#_%A>G_wemm+Q?X4PG3E8VZZuAfzH^U^AZ}*?cn1aFFWPd7U}blkuv(gW)zRzgowT1Ak|SYvkN@X?zcJr@3w1|u`S9ad*pSHbFt z7f0bHe8r+@u^OG6_OR36p?`gGqxuQyvIu{c@Oi~mS@U1kEkxRWqsz+Fg6x%F94ouR za(sEHY}sB;f$;vvj?o&%CdMoWIdoS%?Iv9i>yrmGIFwQ<5%3o)EPh^6VX^jP#7Dcy z4y6?q(=X}#N`9cQIK=wx5^hOc>lHq3{30Kdz<43q3ZDqdDB1K$f0rEp$4rdl=YK!+ zC&v*4{*TLe8?zWq=r{6(NW3Q!@(6etH>8$(j7MMOsD&f~<#xAQ5qoK^;L)EgCe}>I z#Xen6Lt!QRd9TrAx)j1QiP~UMh4}Az1j9^7kk0xoc;Ua`g%c}$Wum>HMm-TutnihI zs2^qdh~2O7m5CN^C;XQFA``#l=(9I(nR_Hn){XRgOYg}L@@QS}2)8fB9Wy1-=v9-Q zG9q7h1URisJ*|rAMxPQQUw3tKLRi`t)zrn$Z&}^-WEe^oBYbpnVj|=RoO?-A4Sd|_ zg$l;)FZrA#!-W>IK`x|6YJJ`H@X){~(i5}nV2KOgJJKV;zU*Mxz$elpzx-eszC?09 z_M8l{gJlCBrRQXb9V|maU?DyEhjy@R;1lU_chzeHH1A^0HZ&hEYuMX$Eqo$9S~M$8 zx`d>_V(f`^xH3V~#X1a~pGXg^n>e?4A^Ld<@4CrKIhDeoeabGSdPxj4%Ioef|~_2mbu{==O8_C5+1l)NDuU-L$z)g4SXU! z8BHxJx`fB*7SfZ^)KhT>AEe_D;roq762oJ3r^2r(wPJ_jO9P(>4>ohMh*Xo|fjRHZ zd=23&)~`zSBz{SQ{~v2_w_|ILV+ZD=#HAY;RAua+*n3}=e+F)3V{Bv<=H}QKWV_RL z1Lf*QI~#C6)V$)%kX)q1B~e>Cz+7cyoLHhnEm5RM>C41ShGa5r*^sCkBz6R~;e-7f zqS^~3X~dVkV8sevzU7pCX)NT?7ryWpLNrTx!Kw>iEExdv@y6n<3*8Q}Eae5{Smv=QBAm+$)&dV`QpA|AxnPz}A>`CA6glQ=E-1)XJSK7{KXF;Z z+e_5R%TFe9ho3E|I`vz<4c{*pY2nmg=mSCC(yX^^JFVYM@AQG7C0=_N2IQMuG|-_J z3b!q=W}s!3dJ}f45~cR-SY@vW;+;7SX9^sN*Q)d{RHeUCz<4L*(yH_?RHeVftG@f_ zzb<$gLiLD5^@cc<&Cv080)EzXqE;2xA*Qn9#uDXN}1 zQF!4@iw9&Y_$-|>EgsWcQYL64J=-)~=+N0QR!yoaq%*USqP?U#_l@+t_xd$(k)F2R zG;xLWY}g{ExuiPxjr2q>iKyVuui%AratiS*&({Sx_(^rsDFQ4{rw!7ID|jJ2*|fs3 z@+!*S?_dypT>@^#JCQ z68anIwDIDBBAN5kbvj%q@r9N$^6#Z{HpPRt%K|=+eYjBK3oU&PY9pO2qz7-81-y`+ zEM&1xk=BEUKCFSoGPT}14~qtI7W!QcW@e^!uLg#?l-9kc^$?rTAIUB^E_;5PEA)T5 z>McfU>&`dl^pb9#y+Zw&x%Sl36^Z}u3)a3aR< zO&-9swHUm5P%Wc(;fx*zF?nEP9_G?AdKb>bKY&Q*W9;nLa8$ByL(N7#31)5JI8Abaa z1IqI~JP-?|7EDSTzfOs@;#!r5F{OQ-v!5l|cid#o+K3|*_0t&Bo32n6$F$RC2aoA+ z52o4SG>(0aMdOma+>w>-KFx*i(=29%5;)rLcAw^gJm0S0+OD$_aY+cGn=oiL*c;i7 zOM1)2kI_^yMP$JDRwA%iz-QCP_f{e@NY`#Q(lgImWUzqG(uY)y@A>K4%X{fVs>TD0 z1-y`+Htk}Q^!v$|oH2~mw%B&_2SutD-JSfN7L#qPT6C4=yyC8piI-K2IBmUrPm9@p z#_gjEzG(%IJ-Spfm@mPE&%A&avzV=CWGpT@)%jjJG1xN}EBGvZ$kw>0mQ$T?rE|6> z9R3Boke(RqcQVCLDfd^#$p98q$h5+t5f3l=+1I5@8%mc!{-@`6}*s6tc#Up zd)$feyk|$oLUdR5y%0{Mb9Xu?I^XM^IETt-NfeyPhFj@+D;BV?-<&0l&eT>5zHUrJ z^6gbcG?B@-w~woczH*W@#EicEmA-TG5hZ)(;n-AphGcN5uj9p;E4+AdU#^_nKue?N za2+qsT-z%_S7bI~2VdcnrTpnbm$o_{`)+4qepA=$if!zpB~SKkWP0jnZKMsjP3^h; zgN_hM+fDDi@Jvtfe6E-u?F5o38@-Jwm@5(=hBr>_@Jgh{N0n+_HoW;zJAAf^)_+^p zhBxE1!)LQ-`0!Y-b~x4Q+Mvmaca)03x1o=SV`p4_+*%WOjr>Qvmb#zyd~rrxf2|3; z#!b6c6S(C7cD>c^t zHuuPM^ki*dN^BuTV|3~g2U1azZ{TV-kL%k+&J8u?GIWF6|(I#7WdiywOx#H_* zY|ATO?>Z!5;JvQk)3$rfmt-Uc#ioBviHNq7)Y3D#A_cU9&(en^40io%N<_SuJ|tnV z?XTd4^vo>(V1SUy=y{-dV}F}CuS;9O3+c+B4o9eUO?iyX*l8=pH&wq@@IrdtQX_|R zO-YB1^t_u!4rc`~q$itJI9y(rc1_uh)}4jNWmY}3nLIAr-ST86k1OiZt|=ALtDXkArbNU> zI&sw_!WF!bPF(dg$TcM*Hqwc!9ucnKh4jSL77<=kB4Q(*ETpG^R`6MRPQnx`#UI+b zrptw`JByWKo^uc}trS%JY~M=L{l(n#LUyL9I661%B;sh?u%m^e1Cud1 zxs-8HJgl+eu`BHGnW%=hDK$JfIxG2^sfITn$M6&+Ebx?TF?<9GH(1F{|1De(?HfKE z#TzWm4o};83(nA6Jx)j6*jT1_m(I3PT_6o@_PCL4 zFag$iB|;0SRu6#{zvGyp-VtA-tTRK@g_Qeffd)Zu!p=C~<$c-tFkB}pTPi&kOi&zGCeD&q# zvEc$f?}z*jm|r%#;vV3M^laebve^n=NY5Pm@XKb`^udj`8`NXZ6pPDdD|jJ2Gc0b4 zU6C(67(3@c{0Wv7e3s5R5Wg*UMUM4EdNyrwQ*H$>q$`=7orTMa&(?fhaW#{>vv66> zzO}uk-GI-r7l@o()~lDuT~p$=Px(+QbLGs5KQ?krPaSq><+NIPM|7}7(+hZ^G2&`O zzbWgwkxpFoipc8%UPvdddIjS(y;b;D`i&kD!?&cwjxFGm^c!Dv@h3~JDWAKMPF%%j zXTDbOLVDurPc14>nc9tXa{Bzamg@puNGIPfqVkld-AE@3>2;mg1-y_>tc$2TrFl2f ziFI)zv49uSGwV_qYWrWd3TaJ$#+ptU(cZ~nP2VVK5(&v`N(y#pv8EAov^DJoh%5L! zK0BIeaNm0U9Tf^As_h2>Q$zdCyFeGRiI%vVbxrBZ&A^G3ekQv>7qW?z9>1rY=0-Mg z61o5D0$s=^N_zb6H`@+$o*5bE77O$&o6;nfkrgYLE{VP$Hzi3vJO{8q7qYVvv}(&+ zRJ(;IYi>1`6@DCiMMRvzID3ob<`r!%s@S(N@lL~mJuDMW+~FHsObG{W__iDmVhlxb zm8*4KQ0>);8@$aOK9f%6w^t`_{OUw#?r;7&KiY+dLP@@PBies{bz+6j#54I34&30p zZ2C`G6vJEHfXO$JJNys|->~}{p2Dd`|BGkCj^>>bDBpx9qA={8@~9g3*;a3er)s}j z{>F)9XZ4QT4SS$CBj>GT4&o~yXJg3bPIZq;BkP3zQ#*!<&JWz7Z=V>x%{_{acmxyo z>EkDcZ*z~*n;m}S9t^$p|77kdE28pYFclB8y^&9MQw-nM4$R*UuX@dE&u`eOd~+ps zcya*Si!Ye1H>{&;Dc|J(RG^{cSrwM~u9eKXZ*nhITfqe0T4lk$FPVcM_oxQi<3_vJ zF81C~8pGq5xM#=Vu6rCqK;*c!@I90}cDEaD0rQqr`a(GcB1J>k)>rU(bIkdUA{_No zk(=+&G+A{xig|9F>*1)ampq{4y54LTmFY$0P5vv<>*%@;Ns!Q3F{8D{Xdm{sYHql6 zJV-8{;=EZYSd1@f0&XbOnc!0v<;M3;{PbZ3FXk(=GOD+4xcGb`oqRyA-d@2A>DeAe zO~4H`LkH3+2NKoWEBGv(QXuhG%?-6iC(@N5ed6GJui%ArvW57>t$g`V=fksSvA#>z z*?!ff`#N2~3+dSw#)q_SD0Vs-I~hSg!CAoz>4|lPmGDy$I2(g97FL22B;87wdCvn% zR^s9pyl$wh%70Z@33Jn$!aV}dAE5UYuZDZR=WwG8O4J0b;Iqc;e5p%EoS46pxsgs> z_0xwHypT>@^_qbE4V;a1vXEXAu!0xTiK~7!GJh~&Bb~VFH32JlAw6-mRf*?!E;rK2 zLVA_>3SLMj3yGtN{F=sl;gmXwLzxwP7EYOy59eIExwH{ZoWq$+zW0>Th3rJR!bG^W z%~`WBmkSF)`IU4823Yb$l7;Xp@iMBO+z86Rh;w~ML6vx!cU({p2M;!Ba`59zfj&fm}Sur!Za^}HGgQQZvekpd`vqk3<-`8!@4=N?RYr~HlKBPhC~0%wQM zJU2Xsu05fkXff~fT^GYcsfss^?&N3d`b|nq6=>dZx*oZmcFM^}FK+D;?u{?uu0}yt z_If>~uN4CL#+DgB(%ib!Ho$O~a6i{}?#8Ne`?WE2xVuXW_+*WsPlp%Q$g@B8j zYIAfSGBG$dzM(3B8>q$uX0-A6RlgOy7*DdUl8JF^YLDl^-+HS}@VZOK$?P?m5qcA}c+fmZNBI&J8l2fCq@;Y512k5QSrf)~=0l`EL!J3I;_xHk(T<-|+T zpr=x9-_xQl@ip1Q0sEd7lZmYQ=mh$n788N17TsC-o)*cBwg@7Xp8A?d{()!6Zm4MC z=^Fh5?8Ixex&^43TFpGI13Wo#LvhT|l_DU4Ptw+~A9^g%GmWiUvZ3P;te?qvBso~| zyOmZpmy0tS`~cIM-dlX9G*A zo;cgQ;|?LLd#sI8I%Rs|Tz3U8q$dUz+pGJ#_jGX9l(E>X^220Bi|){WSBr^%Rf`&e zC_9Yhtg=-fiJ9F6FdLU!NG`y|@=q$qmR9~NVeXJ>fUR><6n*wn#e4ex##XP{qRJ+O zLHi?}WJ7D7kT>ghjqVG0!4tBmeztZ`M?|grrF2d<`MKf>K1ZbPuD% zlWsxnu;fmMCEn7sg;D0o@HRPWuIR)5}#OU4q^L4s(rc-7jWFaNEPqR$dsGi z@X{I1-0lnbZ19Jd&JeKQ(^F*|>6u({hkON}rE@09i{|gC>ixZR&LoBVxPTYZiCLZ= zzNf19jr45pqG)~vFQjLF#bN0^70qv?CwfWL={xfRUP#Z@E{f*wsp@?rosF53b^$M> zC!1Dy1>v%#LiE<1g`ctc;!L=p-_c@D09Ad&nd<#}TBOsW9tfCSfs1e3w8QJNR%0-vV=f{ugcg!FEz0(Ds504nq(_tIg zL}zyk7wDN!e0RrfV7eu+kxgWdm1GV?o|VoZkm1*V|LfoXxBvc|#4NuPgYX}I|2Mz<%Rl_{Z@>TJKmPJxe*MFL{q5I( z`ndn@`MCf7kH7u$Prv>3U;ggbzv$n7{!Z?34g6b_aBm1wE-KkLP4*4x;Y4nD_#&^!-M7ZH?O2Y40 z;WHyme)uiYdu?fl&lXnk?LbLxxSrrME5AuTMw`&zN&4H2!kHFzbfHB_k{@fIHg*fa zkL2aNkxaHOrZXJbMoad~6)=o8lKp$m(1o3E;&7?XY_i4Sw*PSs>6L4_+F|Xt2ZRsW z&zzJdjz^dGdgFpI$U0%H+;C}l1MN$mfJWD45XQb_U;@aUe7g5uAHmk(G zc%}G2&%{1^fA>fpXLN)=IzX`Kdd?!c$n#AWtF{6b$;#LN0gL4DQU3=lLUHg}FO%Py zm&b670GYma3lGGra^+(J$_4CHVT@}p2_1jaB6hFuYB5>Ks*l)%=XsRL zOS<~wHuBl$Sr?<1ByU#BA2plkXTGwo~bey5j7>!(71&>B)W;Z1Jjzuk<7q%$wxu7L3j}hpHB1cFf9V z_N-fc&uFh|`K~@L7(GpSV)SP)Iz7EWx5?8I-pjVl|(0$s?? zUV=vwU+L+pjqJo*c?D8j6P0b-7W2M}-r(W;j2%T1U%&g57-JVn*ae{=f;v8NZYn>K z6K#&IJz_$UNWPvVN76bZKZcFVh3P9zp5Gd`QM$UMeZaA)wPn74I6sR%P&&!*wr~w^ zd&Uk=uC2<4FQGq~-QD3cC2_p{MR#iVDxkYa-|Ts;FI=k?7u^N|e-u_nofzmsqyB|f zt*|6!Rtj?672e}AO;wxiSoVvLWmmI7##He(2RaBomR;fX_t9^YZ*yRHo7dfJWW#89 z+gc27^SZ;6YilKzNBSOCLJ;MB~~71K&`F zA8C`FTV-P{!Bxju+If4)Uc!%#Ip?zoli^)2c1QobhlEni32K~Q?2gvaH!b?E^F1vR zExXs-{TA<2@)53{*OVA!?)l^+&|N0vQB?oN9orzQd}&P?X4JhaW?tIU(4~sa>;*{@ad55i&9C#TI{V0cro_GQ*oMoYfi6HY{s4~ zW+VzEomFx2ss2Z!dWmvOpKIiMu%1mn$fz11IYG#4gZ@5!k5M@}J0O^yZ` z51hoa;Pnt5IfW!m=))Qhltaosa^8yC(U?HokUml1V@w}C5Pe%G4krF#Ck`Q36^Mg& z#nUG*mI@q+=jYgpKbpXicz$TDc-wthgYyIu@$8uLOm9RyQJM<0y-dnOSmv9#r!>+x zA&$0!K&!owyIlkiJ3EUxK(+JH7&wijqT8a!VLOjw(w#kO8FF>*k@3($pa^J(AB`S{ zYWS16&*>rrMqynjFnU!YEMH&AJUPw<)U*#R(;PGM0;Ai+rVdrc20BbC? znd)Lwh=dlB8+rAc=#O+Atq*%}BOmrJAtCCW9_dWELkm|9R;R<^%dOyr#-rg>Wl)A)T!uyf@hRVR|Yb8Wz8g-Dfu)O6Shc(rxSMa1`lbhdPlybvWkh3pL!lm}}|8Rlk6+f){Kdu6oRb0`L>zWL7Ox-Ndh3v#rc_|%-H0dsWX8Cl^foP!3na7F?bRj$M*pa$P_x3lkDMt3t zaDgslC(HQn{_=NT*LC}yR3_+Ep?y)%Kx%cW=wlHp`E)JFDjKGCy9a?qB! z!Z3e-{5?BqL+(ZkP#)k03w+l^W+&1=58TM;Uq|s_ziWk9YInlao8Au~@zX+4znh`s zP@S{{0$Q3T-cCAWWvb%amm(g>CbAx8e71*%Hy>K{i2EHo{75`pn=t&z#E+SqN6Y^` zIRCd8|CqUX;M#=AKhYm&Ze-N$Y262MfSd6TX&WP;C+(1dIAQ_4ET^;3@^%l-+pV;q zzt1ed6$jM~DArPj~pdDSwlFP6g9J06P9=0Z|6#n;b-G6NoHtEuFn@ zCD9SVU1*H$M$WhtA%=gD;*o0hy^w5G8H3@rDTtG5|I`k)cbKpgV%#FcNKe`~Ig{JQ zc^ZHC@sUdGJG64!I8PH1B&eIY_V?}30-qWGq$URlW$h0Y18Z69ywJR4U|rBPTfd33o<_|_&lDR zr;(f+@(z!ju6!?@HfyhQTfqzIeCP;o@{!Y(@1^JcTC4r7PAuEH=_kLos0ilgpOiZCKVydsQoLqb_n}`}yolY1Mx{ysg^#h@tTukUG zSbb7<=EKd)0zJt_;MFZNtV_;BzL!lT^^=tax{#eX8d*$)mVU7EUN#v(1b2z zC%dRw%%_{gezRYjM?d_I!Vru-?Yyz6F0z<=SZ10yzfTw>>x0s$g+OR&3}K%3xJf~x{|E6feQwXxc>!0WTgR6$8*nNf1oYVee&J_>l z?fOrwYqyyoO%26jx-Avb`YoZZ3M>@e}N*;vwm6 z<1p|}aoNb3;@iX{k-o!^#6!~C0?+ndn4P*2MQ$lF})F4VpwM7;Ps z=$?3%qi)hgbi1+kL?WHXFf8R$!NGcuqn_`IX! z%u3;L`DYTJ>E)tkXzHj5lN=pN9+w#%^SHc)~`c zjj4?2V7&OSf)^Ug<}eC5pB|7L%oo!UQQ-<+NYCalqQYmoG`1OgwuVu}x`G$dvoVYm z=F^`A*^ixbD;^cD;Inj2u6R`V^Z_48&s%U*p|0SCblQPEDtxAE2Jba*RbP#D9u=>6B~nsPLJJAvVH^s)!0#=t4Fz z6;a_c6-aDklX*l`xI!1Q6HgWSr`reUT*b!@MoSKwpeo##}d|OPQ=KY7M{V7S1}?E+_#XK zDemkGO4aUgVHjGPydqA;D9Zc-!<*#^uWE(Q>@@l2F&N&)yu)XH8eRvamxx}d+uGst z_HB5iKNN4aVTUJzyln<|BO3qxrOqUzY0+^@#?M9Nvw4;Ni2qsrTeJ^;Z4PJXF0Q zk*o8@Z|be^iH|>hlSo#9_P5+|+bL^fMCldeBcGlaw#?#_uZW@}Z`#ZG76e?;cSRtj8*#orNsf{Gj!AKQ87w~zz ztcw700iUG9Nr=vi!GGbsVNv1>p@G_MF&F4Yyz_lQ}>B{it!tL;xcP8Jg zv*B&a-{F%*GzZAMMRi@VfZXF@3jgWf^B5BQtPSh9wBc#ex{ZI!Z6pe68-9OL`hg^t z`(W?;k$7lrn9m{3oH)ZeA2u}qL|F6ch8BljC4*S(Y5sWRD;1kJvekPU=;8BieGFZB zDYAQ=L$3yXC(2qISYDzlqzmgdcx05giOZYMR1wn#Qmt7yG;d%c~AG6ZnG5(>{WjkLDIVN*44dTMruT?7NZ4sKy@-gLT2S z0UpqJYVfj~gRzPYA5q$iD;T5K9HqX-T+R!-oXW=rx|5$Nsq$e!3~$DIhbK~+H9pcC zU7InvwpE&3Gb0ZX_cZpGn%Yk?+RXLm+3fk&U9xhJPtbf3n??2Q{%czj0=> zf%+mFM00_9PiFkc!dAoZqK{m;24;L_q4vMkFuYJRwCO*kZw&AAAT8M>?C|-l=fge- z-$(m~0+y$5EVMT(UtGhmH9%H0(3>#h=QRvBd#CQKBgy*VgrVlFwd~RgZ|sJ+<%LQH z>}k=^!W&y9Yo>vx^8i$2>oiY)CDa(o*j}8h@ig?yj~Qul%59gEHGYP&g3tS|F)`*R zE~CCsYQYLBrE{{z%cfWGSvn_c{4C^!@{AMds^8vuq)b-uLVDh#qip(xGLaMMiIn2- zcoedL7t-_A9A_afl$M-G&o(j6LRRoXdh!&DmEu*;*aSR8->ekd4%TbWtGK_bMKYWH zEY3F2tfI8`@FKIUJ=+0?o==YVe4v``p@ zHYd`FzJ9FnTEGkGL|@NizffUwBAw_PX8{X%A)V+OAv_+sIFX*{D^ac6^##0;o;UQ! zaKl+0DO1jSCT5GNbLCL16`{>6ol-Xu8pG8-k#3H6vwEK0U%?CMWHkK@CzlzezE9=D zFTN+^$^F*?UI9;Ql`RPRO`DP7*p%BCYJl~J;Y}pIRdA2mAbHf*8JX5%W z&z7EZHvZ`63%9mUq-Sz9?|1<(q-SnLx#bIYzPHkyKg~vm>$-rC(gm&)(&4@dp}gQk zI_=QmiZ9@W^vtg)w|u1!&o?_&%)4|xTf8VWUBL_Kj6ZI#o ziy=^wEsq!-ZXfDS2I%ZC3!E73HJz^oe4bT$6wQ-CFBGYq2q!{^cHy5T-B^rQ$R<9= zQl2zhMu_g?G)oX%snLb(#O6o_z3}kD$+#19BN?XH0JPM>Y_0x^C?FW1Df?W``n8fn~#~IU5mYpbt5=l%H+d zdd_CwUMAi*^X~i!Pw9&^=ogy$C%N`55*gbkx%RkhRow;k>rkjHKhsa9qrIvrV<3-Z z-x1=Zof@2pCN{Q9Y+HGh$LU|r-Q&pK*)Dd}Ps-ciMCc5csfRuL43{Z}&H4cp#hkz?TC`&iX;4XUrp0_CM+!W=WL67m#7_Cvraya=f0VDS{L7zz zm9IJeCDqjUpT_nSj)PaEW>qD>0dMJrHOzk`TOglx$R81{?aGz(DQ$l-6Qw80H+Mqo zHG1AeaxUnnZ)R{2K77Pmvc82G$DsO={*?WRLz4qo;yCtgS(FE`Y#eplL%^Z)NF~u} z>*d)@ytT8EC~bcHNTtmyJSB5fev~%LPqx7QtYnGLM$_=N=CuECW_NhnwqtkO>uq@E zOp@Iq&?Z#&eU|xVu7|JEsIPW3YnF?SHPpUlbI@z$e&9@7#%$}ntzho?aC{*Th-Q*0 z9#zhUxBYF0AK8W)V#UMF+u=vHc}}{hXmJDy0NtbPot@B3Jowm}3ZEM?K|I)!5Z+7^RZBd9L583KO#%*-hz{ECt zgUi{P7shBYt=V9;m#2#e*m+ugrOCIxbhx`03;1mFIkSS4tVmbg`Mw%NTE)=X%g?VTrE1+G@?Xl}E)^HZ@UywGm8 zcK#_Gx4|dUDUIS!Q!U}MbjqT5;kCd|R~02uJkh*_7t%8^6SJn7OU(Mbt3lHF#ia7m zADP8>VsJhr(2A7R@sfELjakTuF5$)avTejiZUmiT#Kg-nBkHbE7w%5(0$vCwUfKzf z_|21Q7i-G=x+dJsW?Z;Mt`k#-6*hPfpY%YP$+f?;aUbaY zlanv;8TkXbL`cibe#Qx1JbH7`O171-)aoB%j?4%yMxA%>_N|!%+{iLN))T(qtnvLU zebTFBs_l5?NPe>IWrrVGhPo@AEqdk1M>4LmPy2ml8S0k|Z+zRyCzi#xX7+lclnLGl zJ(?#Z znI9|iAbhhTIGftxM}DE$#pIt@11nMq`5*Rj@tNKduMqEqnaxRdnRH#wy?q=~eWu50 zP>N802S?yKh7P}&&$NP1o9HJeI#7NqpDwZ~W*b|@JD-&B@bBO(;f3_ft%&u&825?8 z*45Ip>GINJk#4M-I$uc7`=giN3fwli2|l@P_%?CVyvKSgcp*LSj>^WUeAJ)4tg80e zU?;ldm~&(E)bUv|r8K(ZgtNMgPmYs+ttYHi{wwL^;5mKL58&Fv&}7TDlg%M^la@S%KS_p z``L`0N$Jd5zzgZg=KYkIW&1?tOkx&3`z@SD$yWZWf>}8aB1z?|GYe*dyrYs?IqMO3 zSw(UUpT|enS^P$;9IY3=SuLH28A0j-UPvcv>7g1*#|EtxAue3@Ml8>1EzpH*vXvgH zq1fz1HnGw})CIbbO{DZwEtI^S$j+RM5Osl`Wm852We76ir(48uI|b(%3v?kn#}iiP zE2km3`tI%KNI4CZUo6pu?94UGeO*wJ*>hiQQ9FsoFpSe0x>D6|+MFVq!) zb~pVWQW}CXiW;7r?3H|?S_^sc*J4%|Q_N3-A>su={RxDVxue8J4|un-d7sr&vmue;f%TO;-+vGmvUE#FFEk!!jR-&l!+;Z`;=%{~ls z!ZgZOsHTtcHhu>7Y?*M9;m4E|PSg{yj~(1q;GwX}|!qv-=r z>!`&|{dJbEoiQM%R74A#dd{{Zt98WpK=1;PXr^3+#n_0A9`$_UIf{{ugtMOiFmq5#yoG4VsHz|6g9N_*8L)a%g!{`T~M~f{$Zfrzk$UUJBRRr$uqk0RcFja zdq%gPvUrd+?3EWzR>-qF(uPIvAJ^E8`+CRXo0=d(Mu4(K5fODx)P>lhG6ThhxFBI~ z-L@&=PLD3cg>n>zkFel^2T*qS!P&dC4CsY3pcu$3KX1S$A1<4Y#H`0oekP;hTL$#P z8PJt{;-lj24^@Boh|5lX-iA$n(;sI*SMv4uZ6!w0`F7gr+xFk&gkSrsst`B*n5Ue# zu+8v66pZD_UZOsq&z zEzpJRY{2}17#TN|nblg$&ZLS2)dF3}&Xn>Cup-;+i1}SHrM2u#D1RMhg)U?hojm%v z^w$kGI;YLjqrL^YkexTph<+~p&cJ)woM7;%Z-Jg=bAG`q6fej)?{&`U1&{g`=t6ep zT8bgMn~n)j&ez2*GKjV4>E^DT(fb-MQ@|;`^lWQK7BR$yE>lDS;sRZajo66STBO&9 z>xdu7!i%aabRnDA=+V!mzx%%#H?a}dhedX|3TN4ze(>n$;!m1v?FXkHJXy9t7qZFn zdH8eb4}QEK_mF--S;GQd$R^7dRO?4CZ%r2`9+2sRD{R^0-0wm%F%5~XORwtB;3-(W z(2WYb+$yOA1S!L86_PX0()u;`DH)Hve$^|GOga<16S3~!9s;mJZOKAhAmwx%6E zvr^@^7j&*L@jE>2$hM-?C5N_@A28LU^JGU*;r@J+1*nqEsg;u)7Wt+T+L7ZclzZ8k zlz1rnsLR>vnWk)ht>+ZDE|@ZADXuW}hBpWgdkQ@19)`)cRb+TGy*vEKG~E3*yiL*$ zKQaxqFN%jb*x^T}VTBw1NPn4WI{rxB%1=l7BP(eB+sU-&l!bg+#F&cwt9Xz+tl%Wt!U)mc&SLBd+*fV}$+6Bj7GSe4& z3uq~SVA=(x4Te9lsg$R%{@eO6{E1Dan-hi){atWbb~paaG{v`k>IIejJ3QI7djzgK zw&XMg0#_hL+soG@ZtjWnQn_Zb%OHvq5;u26YV_<7a6$r4&x(HLq1Cc8u|94%fL@>r z*_l=!Hx%7mkRdi-B(|zrb~axhHylAP(1mOrVeEH!Y*=|=ygZPd359yyCAyGJbn4*>=3wO?`yrohi@JiTsCH8 z5x8Q%>}X%ZHM-C%u`vz=aNGDmHnA}d1Zs34o7m{-P}$-1VDmsWvC*q&7wB0wWga3O zD(mn}HrZ zT#G}Jl=e@nu#in$i$jtcUC7Q{>uY#2AZZQb)gqbIlwxl^9M>?XCEPUjo6T>{GJ>Nwu>LW1^4fvY{pDP^c}bc7m{fQM%@ge z_XER0U;MBqPjrsU)mKO+7UC)_&K*u9XA*kJ>jGRz&h}0m(Q7NLyTV}$N7TIH>2Tx9 zw<;8GhE_v1F05PORYO5ilW!_ByqV3Ne6o7Ffou2!Vd6aaE&jp3z4B*19wyC<)rVc| zKWc)Q)=o9Hl8Iwh7IGvl8#z@|tE#(lRozO>nP7(31~t)lg)gyFbLN=gO_1TuGvDDy znzd&oJ3=&F47=tBRexMvg`|VAv;?*TtQdawxJ!!&h`!8zh0sX+1a{9mi^k_)!2+X z+qMtSvMJg?ePFS;EY9pSISd-(-`swo6%#)Z4X-8K8#^_^XCn3B6s+aW>{8+H^S`j+1{!A_5{rhOyA)%&2YGT zp!S>PLu0nSN$rM8Hhs%2BNn+N+l_BV*n#?yY$BL#`bV%#Fw>OHul3wG!`&X4g7cR? zWEro`ui+020%}7D-wXm*tkg`!4TFqt6)QKcSXtpmrnQeZ-B5wD8-HdRUT8T|dnOoS z$Q$0I`RFkuy1Zrzry$~+r90z*FIt7l`g=cHX_;Wklvc5FLy6=@Q#tK`7&4}Wo(n>= zy?ZznPTz5EHoA%-(Up$ImcBqw+Z(1J&?$x-b(4IRh#}MC)xC#Xvg!ImRBA8KvusW=cnq29!Zxxq^CE^^pbObLd0lHb zanI+*vFDe3vP$-jMwRCRUC7q98`=}I)%IP>CQr>{$OXEPO_r_u-DZ`|O~k+xmoGP6 z!?Lvddog`xMlR=@5%Sb6^m^@Yy>w*7Wxg-rNyr6y9vh`1@SwPa3x2OI8_ZI#d|x7B z$QoV9CN@S4+24A3KW<7#d_)XcqYK&Duk){J%D6F+`*9N+BZjQeg=}JD#E@PtyqBHX z8259pHM)?UciCi@$AKpD%OX=TJ64eT*w4W0)^ zSqp!CC%s4go=be2;)+PlBV`(I5kn$yYu)zM+dm?!;f3M2ep~gQ z`K62MMA44o@P?%C4zJ@1JdW5;)MjbMfPE8BLNy11;T6ZD zMu=kVD-}C}Sc)`c!xuf0mU*R`LV{L%j->BSQ;A@iTSEd4&Gznj@YL&%nsF>0BkM{> zd+=1FXS+^mhqOuC%-FU7<)%#@o*#|~e0SxCIJe{*Z&to&awUy>i z#@z7u#DQ#Lqr2h@bRnDAh+;u_3`jln&1Qaa3hqPixJT0|f1c2VXd)vLlQ(mAPDB$I zQ6aei7m_m-lW`jDeIio?!ztC>1~=L!zD40$Nx9+%tf<6E2|r?}!Sld!ZbF}oxg!rE z-?`IX=-$-Ui`Scvdj>u1^i8ic-94+)ZZvJ1AVTV{b0nCE7*5_+RyK#SmEPM!742Kkw!#w=wg2{qhBumoE3m?oSrj}n8iuE; zry75!B!$e=*<{@*Euq7X#D@GtzUoS>jx7v_;lo$Gw#^pjCsxBIi`TL__-lz)>os||S7eh|on7QJq?Uw7`lgZ0wEh8yt?W!N zl+B!Iin0+p!G42Rf6^8=>*7vVA`Gvp(`v>$axy&Zab4f(vk`{3)o6I5+76#=Shin- zxx8E2Bc>+K@FCqcu{NWXi+$${5Lax03-n~{@0KF!vf1-g*UY`Tcu z(5Y$O{bt-uDjZfV(6emHKJ?wYKf36`)9!uo13)aLK|90tedqjyUnIiXACSfVedjw6 z?%prZ#n=+>#Kp$;4|8`So6VZfO3wl2St(@ay)>@l-1}KtMo%Z7u-lD|o&i{(3)#d* zKMBV+b24sXqgRnF(1mPbV>s`)*sSjN`*9E12M?2L^elVGK48XfJ#Vs+owv~zwAAQA zHgU~gJh}DE$3`}BErOOBUC1V`x%=J|9~;rMje5*dgA2*TG!*XMdfHu6?YNwO zP$H|J&^H9zzsF*#JALrl4&v{Ak*Jl(Y?~k=h6lSv5dn23kGh+gXG&@gAPzsmtyn23 zlTY!Wo9>;sJGjGV{uy2yG`9#BgLZhLpvpIANadq6euE!V5qDhTF}yigJG`o^Z4zdv zPt?vC2yq~_zZM?J7Re&jUe{FP+Y*;khVo~wTd1((7iS-|zlN}$8)vxN({iHA6FSrF zjQGxH#0#d;^$Ek9R#ZM-h~CK`nT89bhBwaa@FUZ38Po6`W-35h9KnJ$@Q`@!&goe#+d_;?F+ zAv=3%Y2SycyTQu)zTZW<_e0>`!!cel8{Ca5T$+17NbSffUg57qgy&tOi?I2%wkS-q@Etk{HB@8?6iUWb&YrhW2XY zuXNh?UN-XyXD|zNA)9Fhj|H<1OaE3j7KLuzx#pBb(S5o?wlhWm7gHK9YJ*2X=3D&bbCZMO~l^*~CWo z1bdD1`(fLj-KHBW_+Enx$;rZ{Pv7Fr5cBdd?8M~o1ba<#@83vdbH7^O+!O2%Np@hx zV}6mzo$DH03@il|T0!yULy8KDbSnWTI-^(jMOPuLg5t~1PP~HRpb26mDk%0S&P1Ss z;s7;zb?u<$3w3z0*XbIY3$VZF>(#o~q7Kefmkzq3BcoUNMRy<+@2{umPpSsb6tD5b zL`B&St@870CTslY)!~5>!|Ok7<+I%j7aZDBuPzSgr~>`V>QsW^-^BcBe{Ic3=8aYU zrV+Ax{=uCX=^Gf)%aV-hqwKm&Z!y_SHLniG6x{7;rpFA!7mf*RRV}<%+WTH9UEBEBT3O@ap0Zd1|fMkP~NYU$`4@rZE^%?u5gI2KTIL^lZLN zC0(|AR=7=nAX^92(e7E*=t4Hr3Ld~$3c=rwn^FtSv#QavY`WtRWwDZf(gnO9H{}b-m3snqQQNz?1eu{Tf}2 zjjh`SzBaz`bRauzrtS0fUp2arO>FctHtZLJ#>#OM8{M;7pl8{fet>6%t?oc{PD1?T zXKV{_A(?zSU%>qdleV3dlg)_tBBRxc=@_YGjV`)%V{GU+DO<%LvV0p~N*^{Pa(uj#0P$I#9BYJlfX= z9ylk6eFVpv(>`XIIKr#qGzt5_Il&H}nQ8LPQW)NJy}?s1!|-P23{M`{qW_%D&<#d+ zfBdn`@SE)s*Q?0FP-jYBccYCO5(@4G zq9jMnY+Iz|Hb9AmcCJ{X=Y4>$FU0v;{~*D8*_>O5bHy4x%gz@Vr2Y|^)-S(Uv>i8P z7$U>GKo_zzrJ5IrE2?{)+gVlEfOf7}qYK$YC$IbbLQT+tY%*JRy01KL-fy09ls*A9TOLUt#~M!G&bnJFoE2dUf<$b;E;c>UM3{ z;6gI-5GQY6E^n{xOhbSDU;!>9=gm{h`J=`5a-CGYv)E4Tf8@-L@5nza!PJJWVUBL1 z_+#z4ZE53C--9y|s_7$?F03XiPWQI5CO#d>$~MjP65F)A(RZL1$|x8ja866=8#nStoY(k~TkYG z(*x$-9Knc5=GPp-5|grd7#u!~J%}FegM1BK^Kb zN&8SX878X{(77zph3rhCcsNSFynHBIwbI9p9cO_qWD|k>+K7Cu_E2^tdjfi7ed zojhgvKt;;Id?!}5gS7>^kj-Wa>9q%HSoX3h4SvMj^_5OzaaEG9=1< z;wE^wMYeOyZjt3xVtuKJZs#cvK2KTUiD}{L;E&a;p7Q^t?HlO1f;{ z7t{I5d)e7)$ver|7;AJPo7sf39XSMVuHSpv*>rvQ$43|FLN;-$owxN1K)x-e^R}xO zPf2yn+{59#O}6$tD}KL7svTxzHK%m2A62Cb^gK2?){oi;NjD$L&O2$`FIu1r*~CWw z_^9M24`q{W^Hc8yx{yt5^fv>fF8ok7vC&Vx7wAHEW@EpV(J!;je2S`4xpq4DaN<+u ztN2k^Y5nF^^WsVy!TA8MDwRu!v)tlg(g)`Qy!PSI?`>^llRxKGr3>_|SE~SR_9;R% zl!xtYBj*GB)LR~8Ivh8#(Q6;%b)X78y~XgLSB+YTR-=n?XEt^|p{_3tJlUr&-Oj}H z_iJN)Vn#Y~IzW$F1=w$Gbzo(kI2)iRu1oMVFa$qsLVdsKx31nwM!eL(zTMQ|LUJae zxD(G-`u2p%!W{rTM#u5V`G7c{Zd~$JJZ$by`+!_@*)G>Vq34h0b#0p<9_rFp?`ex7 zYZ&L5TNLq5m1IUjX7~v`@03J#P*En)@aA3a@Y&AUB!zeVMETtYPuT#&hj;x%8QTu8 zyG2YF?CgoM`KcqTBz^iRd#@zj={|pt!Jl?KlCABwF1Je3t+dQ4)l_@6?a8P5XlPmv z^zxD6ZGLs8`Q&?rADM=4OBvoEyO|o9)=s{keDb}LpP3eKaqX8CA)Q?$3ORTIeUPhVsmed>WDus84wIcjw-Zjgt=^4=m90*y#QNY7)gp;A$%Ox|&mZ z=_uanTA&Nr#72(?o;?k)88@-fYoQnDLN>9{moO@24~9)-M9St_gA2)-i-}EU`IGEq zo&2B#zOQ9YyJ{vfWwQF06QBJCYzJ2JNlA(i!~+ZPJTSVh@a;$0&R)3n`(egach(l_ zxh)=dEWWd#kXv=+|bmMD*Xn)ESQ@r>k-WO;Pq?Iz6*ETh{hA6Gb4 zbDV5hOnSa=@RQ-qn=`yk(ysqZx~Bn6mU!%pUC+A}zqLWYWk)ruJR5b~NTy$R*)i@n zvdO&Jm%dNteN0_EQAcXSxARQy_B8Kwy+HMjgo)yj^x5G@-XURPcr*Mvyy_)XZYV6t zY#>KtniCms|4y5Vwqrwb1=)TCQF%WKZ`toG=jj?hYVov@M)MyxoKQXS(p_p^RX%59 zo|dBOXy1}*^t>h6EH!jQKs^)G3|lRmx#s(Pjh84LH+doJg_>>*>}o_dWgWE0(b zHpYx|QhJ)x76J9r*51R>$*{_I*Xtkt%Wwbu%b)-B>;L-gU;RJ-?+^d?U&*`t5!Cd= zPHXDl|I0uA_h0|=$AA3gFZrR)C*53#BKK#%dEfBmMDa68p5|Df3uR@S*ut8gTH46Y z+i(>3KWlU$o2;N$sXcpYX(O8m>Q!nB^emf`82-5Nv!|Bc%jP787xypFh3o}ENAsTu z`swHKa68}y!!n8K7zvuw9Dn$TqiLn4xG1(|+9~_9xx;__?O*=<>qJY+cXZSEu9xAf z7ryS?%WQcgrSa?!7j9;Nc8rPcepwLJz;4fLa3MKw;K8KJb%JNYt4|<&?Vq0M{TulH z;;e`SGe|B7{Kd}*U7BD57NeCxyFLL@ztEJc4C@=}fm=%8PR;(b-{Pa8g9@?H0j{ZxO8U zIqRnK+ox<^$W^e~CUY>}qIk8ZBVWi>?C_asJ-FL3B_~Gmk{lu%^rlUwe{B2J>+2f_ zDsK@Z=x9Ac5UYfMZD9_Hs=qChuG3rO3JaSDYS*4mnWc{;ZSvlOpeGHskF3`o;67S?Z*aMkG4NHx6rasNg(88)w= zTA&Nr#70jwy!vtfMmDk0QwJ?Nk|MR^07yFF|9BniAK&A$d z0~4@r)dBu?dH#s&DRR>DBkpm;mWoYa*pda$p5OCFq_-5$&rYxKnT#qQEH=DOSgUSX z;fapnV)q@(yvL!8NP3-V_)Q*-7PB+Z6BQ zXPTjw_eAZ(vrQ6li#*e}q}^GhF4LN9l#J-_>tLjBU_`L?zRnhw38ph086)}0IK$nZ z7PQrrXM=$ErEKKJnH_#)T4apm@|AIBgCFt`f-Rva{9t zxLNXlg)U^1&BB`kf;LhfjGHz_yeY6k7qW?4t(ptAF9}cH^A&Hgiwq-A`XjM1?C=Od zGWU?J(>VnJ_Ik}W4wtBw=wfV%cM{#};j5r~T4}?lY~TEwr7QF-n^O>YQ$Wz#Be;=Z zmRjX0ohAl6J8S-?zzSW+CN?4h7WCmd;uHi@c`I}wJF_wQ&m)-=pDu8qMTTv-@AD%Q0)jqVN1TPgn*uBJ zESs_sABcd(wYE)uKW2kQ0tuUIQ?68@2!)aAT+RVI5oH!7*WyfV!y|;kxWbsm6i)|mdx1-OXSIX z9Il|@UIxs04K5^;QB=v|dLi3l(_}8y6hBhF!Y(Zxp~whcbl34bhnc#gCNlRvbbgOe zWZ&E+-VZX{HTCZzsUkm_Np}Cv8=4{s&P{m5+g@to(H}ms%AbDu+du!B%Dv_9)F#Htu*Qs=)|gH5*aX!_2|n$;S?ioTkiR2Bg+)$h=)tIR zhv#>s!Xnq`naq^8uo<%@WJI&k>KH|P{yx(mfB&bSSx1>&rXw@vhPN$chtE7Syg3)9 zW1GeuJ~2+`9znj8P{-zi$)<(*r+?2wNH)xxfb$?txG}7n__y4|z(7ArlP26Gf_(3K zk&_wL3n#JPR~43Y$0zvkC+WuWl%_A1W+g>CpS`)?rRi_;iN-v-s^|x2O z(BH?Z!F!!TADdN@T#}h@SlDsx3OsW;U$7|dd-w*EvLG>n^16qZtjtY2VpYqDc~J$x zWg1sAe?LOic7#eKlzh)AD)COu-Df-b_@t8$@APDEDI;O{FqfZH^t!|+3kUhe7g@cZ zI9Uh_38l^Q6WxF}of_Wk&<;;ri=)x)6w!r=_KBN4Y_N5o@uG&@pEs+w>n-ugtjh^C ztnj5RsCe3Z-`mV6o!fZ7Lw>T=xa;l6Ej-DgbAtng_xMk`0%7tSH}Js54nJ}Wp}xsK z;KnDV8F1z4K--_gdr#r{Y*zgzU2QRMBgVo;I;h${)mG(Ps)%-^(UGS(T2;p4lrsFJzN}LfyBZ z``-Otc5=nqA=v_5$j+4VyO|$Sjpv}tc=bO_9cz|++ zE@bB|P@Z2lcN@m@VBDNOK)Hm-hOV-YQqDJL5#k^Tb*TsACa%Q+T8%EoOnxMEA^Va3NXU$_DnZDkZ+(OD3LqE~f?;l8I&>0;Cg#_mYWaey&!73(1*e z`p}HLo@JIa_BQ(;opZSAKk0!c zb@tl9&nF-Jpd&LrJMxA%<7-N@wXu_*38r{|;myS}yoH;axuIi! z!#8fAzIKPt+-jF9w`$`P|F~4ShY^#kaPwqt`3OHsH}=vplT{Nsi zHM)?UDJ4XLL)`0J-;bNl>{}R7qi5Oq#9mI}bk7wg`z62axcM9()yFGzA)Cz`==M2#+FlhJZ_`qK=*1tA;R#5E5i7U)7Yam}+IpS>7$Bb&J9VZ;Jm$R@72 zKmFNDR^H3bNA~T6e1V>2=hOP1@HwvMryr_ssm7NJ5JfD&g=AtH9BO!Q2b0Yw^avsr z;6gI-3=Z`tUX|FJQ$CJI5U~Ikk~7OvHHmFENp{M>f9l>N%iq(9G$%s_{?m@0!qm$? zc4;M)7b>BIGcEfJrwTtUs0e&J{x|Q+I%j^;v_0|hy_T9@pv?Blyvx(RFPfkYG)_CW zf~QDQcik;2^G=oIZ>4Lu$yq@|lalDz-te|->##9L;Vi81nSF-WUuZ@21$mPlUfYdH zGQ6?J@Z`v@)&B{PmkD$|mlcUhb6sT2Le}N^+OqG(wgxE_d#x>_Uh5*j5f^ z`Z8V-xS+bzdT!1;cYB=a3!UAordy`v!kLy@(-%6#H@y9!%IDn23ZHjV!`u8C-Z-=C ze`Z>{+_~4bcBc_cFLz3R!Ljya<-QSOSzOfI!!pa-EAx9;=9OtGg0l;XIyai4lYGS^ ze_ds*xP=#Ku=pHG}+N`NTG1}39+NpvWZXlNSMrtv4gfWK^L+! zt^87|pp6kDdVHrr){OpL>p4COutLwW`8?nAH5+#n_0AUTO8&^Dw>FMG-YTzAoDj zNNRK;o7fnEW4zg!yzSC9nz!0zd(N*$7qZDV`uRwI$n*WMIX&QkV-21q(`ABWoyLWb z*yI)YpFLmG`!|w_k_focD#!P_au3!CUp8=+*5G1b+23oGUgilHi?Lk(_~!L z4p-z|#rL=(cO1S08k)RZtBwvDsPEw~^XN}H$8nJrxtJ+vywF=lhPNF+eII%(XNk{7 z(eTa7#X8vaKNHdLMg)^@R(*pX6AKrR#PFu^9bW$^>kredcqHj|_-q_|K4mxUR#r)3 zo7!<+zY|Mji*E_|BoBda{iDtMMtBdtcnG>3GMPKugw)I3!bXC% ztl)*Sf@o-3ApGeD9j~dzMs8HwXnM>p$jc$^6HtQ3r-rj@X3@R9t%pa$>;P!#A8U6(N0nB`>Rv}Wmc_u6*Wn*+mhtuI zqG@MzJNV-be!=pBrz{TUG&3(QST4}T*b?s~;S_r9;a=-?<->9UBI2=>U`*&)HYXtP z#L)AS5{wBw`|g~9hbUHsD5 zPBNmh26l?o;6gG{EUtZ;o1;bp8HzDQccn~3yY{(75vRgS-=fH{Nfg>%{P8b1gcF2@ zMtA!<-YU4lZphHCD1q4FGo{3dyJ86$p4{z~{LCuDn{T6ddhrLb!xRr+?U1!iZ@Ue& zQyZlq`fZ>sOl?Y+ri(yhqAiSQ)N22>uxz7DH?|X*ZY(s|%uP->XrAPXw6x((_6|RC z%M;DolDXbbn(eTEZ9e!k*=bBY>`cLgtYB5ukVler( z_D#NR!#nwzX*~kns*MOHb1eP!*M)BJ&A{#Ar1y#1vr2ndVp-GX%n0_ zk>q*eB`F=t_(wAFLnL$MOoQKBy5inmYF;TbKNWK|e<6D3kFko}S@D9Nw?|`1N5dz$ zB71!xJCiOR_gSC|+1kf08(zV+KPuGr=6c*rIJgB1bRj$QE(#8>wupZ|7qtJ4J zE@UU({gn7*W+Dkse8L-a!l(X#P}k1HCyEFBZql`XtD++-K5?qS^Ii+|JT}TT;M1wv zYqMZ!XbUcLD#7n2EzpH*Vxt!oUUA3qKsK?_izyfALN>9{b7I&2rHzfwiH#n6F3^Q+ zVk4rcYrj0W5uM2xPYx{5g=nH0qNr=XdH7y5B@(=pasi$to0Hp&2g(ZJ3LmUrx|`rp z)B;>cCYrg$?CE(#Ym`L5x;TPy zoS=K!5lp+&*xW8MZ9AFSq^iNHSJk3)Wv7}*o#R$*nNjVH*exYEi_n6Zoit7#*rDkOB`9xTx@olMH1%R`=z$@@ zUt5~`%4zBqe&E(MzUd+@op8evNI_|nA72icf#< zVZ@}CuG>+9G61HV;JtsGe#3jp0T@2G;hz@T;j@)ed`rRmi)cH%4lvIx3QlF+`{m0W zK64AtrJl^Kr9oY6wyWcg$4B{|u&Ydd8CdX9zP|*!K+k)$X);t33A-!4U{9NLEt~k{ ziOL0fmd!``UO;(8_I)p#kMccHxj+}PGo_+{@`_u$2eLDvqHuJ9E@Ts({N~!Vzr5uy z=`Ml}KFs%5Vi)K_Hkm0;=3V=HTN~MItx&AHKo_#fXn8X4ip=|g&WUTD#9W{!*|*_} zfji*1*}Ii}qnid%RC=w^g>2%Q-(0))l=@qp-}r1lg3KCS$R@5ukl9n}8`;_6!dGs^ zX4dFJHgPS2%>HGYjcnpt1erCukWF0k6y>$Q%C?bBT=Nv=0zJ#-qkfMvd(Qg3Xu4_; zQDzM;Boot|l&E+iArJj(1BVmFeBW*%kM;6gI9Od=SeC_dJ)U)aNe z|2uFYIde?hk{doCq~QcALc*=kS^0U&B;AG+e~-QJ$C@Vy7!?QI_`qK^t-i<>MR_Du z@exX!ZQg!xeRZD46mwbxs8?l%q!9OsoL3SMFI&z)_mgQ{8lKsg%P1_Q#;`X z9pIa88aI#!-sqOD0w^9iTh%S{z&m`lQ-)XbVRMU`h8=$7R(y3u{LB9Dd`b_jH zW`Vw9bw@H}fu3!?O?N|kIol1-nA&#JCtyx~fg&9Z*I<>98MnrVw7L zltojc3)y6oJk4@Ls`g;q#3R36v_Q|Y`QY6>;2RRgd)a*Q?&+lkx{$5&*=Ec=!CU{v zOWUMNu2B(xy!5<47qYXhibtNYJ0WTCmTOeWAMZOa(1mQ`npdmc+>P6Ejn3esNN<5I zWE0m=u69cq;`hTQs<~~b!LwvOdxr~rOWEbOlKBYU*LDpqBoogNSl?3i^u6Tla9R16 ztn3HFlU3y*0d%*YGD(JD$YfksC6+P4Z5DHeD(o30}n`-?YPLYV|D5R&AM4 zJxjBN5s_M!W(T7q`TpG87N&oY=LWf4)6L1;Qa!%u)@Ic379?$SYZ(fXZ#_1=v1EtO z#!BShkQ*}m2{-bQyu2P9(eqYqnNmGVvxO0pT9#%DBPO*h%@&rKWV%uD7TO?}w$Uve z#~VJ@{SCRa9bP+_=JtjQzcM#BTsq$2levQXj}edVzcm|jB4u&wkHoeet8~fed7lqY zSuD`=W;qF>9gO}^>}K3dD)*{tbRj!)EAAiNddcEj z*>^sC_msr~J;}ZghwrZQp6lGmPOOp@@19kSE@bDu&_8khy!F$zjqGf#WF5#sjx2^6 zUC7Qy4J}|Re2j`~cPg`wl*O$^7qW?Kp0c?0Ptvi%m6@soB^^D(p z$yC|z#exfPA(^cuW})Z%Hj>F$B8`JUFHgr}GU?DiV%VPT+ejt~UcB4pzA$%-n({jx z_qS&`%$qc@`Nd-Ze5WFQ^@MR(U#!d>_y5D&K|?y~{4uY))m=6(CLGbN)I=-!a@O4+ z5!JgkcU*4M4zzEW-`nZI!RmF^`VMuilmi2ZE2ig@OQ26{j9vH zymY;Ko_!!c%m#gOsY128bp7x4cfJd%TF>- z{KZC?pkSYw$F_3d8CaXPh<7bzLTXFx@%ejue&gPs-;h68_9=1HEG9NK?Flwl`^ns* zO`j+uVSO^IY4~QCuzBrT8iM9K-c_)cY&qCZrn_BBqlrWTh2mTO{ND5DZ}dc23mu(( zq`<5m^552`t*~96lKs@x?$so++TqmP`+EhA*8I82dro6m6L1fu2^`O#G?7?sO~5!v z6L9KInnF0`!gOm6&JN;QaX~KEYUz}JCB*b6Zwx?nNo^m-5i zu?F_}@45S?Iq~9VUx+g-o)<-EXB~$59{pQedLdHw&MycN`~F3@*Sw)AEVR`h_z$%J z;(hO>CS!;RK0+mqVN#D!iC37&Ba}{58<*PGBUIuK7S9nX*)lAcBUCb9ZnI8clr@2! zI)WuLCDN3eN3dj?)P?=RDWK6S$H6OlQSQX>2rIQEb2rtY>m8ZsN!b&{w;Oz4bc1gx zKatFSA?0UK4Acmx(nyuQ0}|2Tk|Zh{zCZ|eJ7zg&2GyxzKVvwhWiWd z7uD#=3V#h>Jode-KmFWvRm;wFYe7eiE@Wr2HBTS60ci`UWi!>>nXA!-Y_egVLbdCh3evc32f= zzxS_}=>OY7;|Uwi`hkfxBhHeYz-vt7e!P!>8YxevV35O9G#|cyJoP6VpZW()GtB|o!pO2&hkjs7Vy zV)&*%Tz=ch&-PI9IFQ!)$HDgwKU&6i$o+-0Z~DU_`3^tw zucctW`s0`H^gr^irFFlM*4@cZ{L@1rFC39G1Nf)D;LXp8J)2L3Ajg-WHDT*U&z0bu zmreZJoW1+XS2C;#Sbb>%K8qWmx4lT)u{B}qNP7X#rEFs8MdG41(GFhyB?32yZ+nsG zXieB^&|VHBNt~i8t1O2uaiImoaaax-|uvIoO^dj+6oA8=MX#!_` zzG1xWMWUwl!Zs!C1rjx76GJZscD938&%pWy_O2I0e&eg1ym}h8Y=V0+n&4jK=b2QUe$7XkaNF7ML3U~l zyDS;SUUqhR{l*(!*w)kck%vEKDZOxZR!t1O7})8rmr5_3 zo&8?sQWtDHAAZBF2mVzPLoX6LBS-YrZ=5yBxvM_RZKSu)&(&}0Pd z#2h<<3Dtj!3)@SfiDNz8u@jnD1xjeNxdZ9H$84HAj9qIh**F%)XUvrKi25t}P9Hpv)_gvj^ABBrd0M#rjf`VFjpL`Ce4FrGaK;sd zw_m2J(4uEcze?=PYNJNOx=HSr9D-owa-z(LXGp(FY$2C8=Ihwq(d~GNYQBt1Y#}!@ zuB~Ei@Mqn{Yy7z^py&O+qodux@ENtyR;-P6Kf3 zs8#EYwc2!nop9e)+LYDQ$p-?XH~312wQ8QH{bU;0x2he=J;W}nEg+R{KUoB4KbZ#h zt!Bz=U)%j(`RsV~y4@+3PqgUo_O0sd<-WFCz4D>a)@suV-4yogDKkqSmYJkh+Z^FV zSsi!F^FKMyzvdH}Yi*(R3mFS*wape>#k~e}n7Oa;*tM;84fffRwogvlF8gX-qgGqL z@bIa%-?Rc3f7@5i6kVPVL|W3;qh0HKqHM+5Ke8zgx@IHHdLW9lR%1my;BVOP%)0FR zI;^dS@2uK>SeFO3X>0XtZCMDB^!jKIQ$Da|XrJaEa?~B>(JF%A-(L9Pr^C%whC{)AnV)m^nDf2359>t@16pxl&dC;3sZ}d9sTaV^ZJeo)GXt|vS zay$FJj%y1S7<9C7)a@suko|OK3F+dJa-ew`kLG1Oa9zP#JzHB=v+sIE;1SfOzyrcU z|B`LQal^x3u}@B``kM0#Oz2|A`&q*ZKe@~pSi-|uU*Z4e*I)kb*MG`q-w#UiNni$# zebvB!{N=y>%J9r;89xrd9=)j1429muSd2gOSMWHSUEz!IXQm1s2Q4dnHU3OWX#mmP zs)2d@*|G~f^bfWi%zw7wf)DlA_<8)4fD=59{vLkvG|8XmpKdNm1BfzL4NT*w1e_cm zhyHD^%t6~?{`qdw=Z~TO8efc``S)Y2zZzf6zgfh-fV?(5&fP`@&f{nP{TTWO?ML`j z5)9Md#s3)UukpqBnSVdV`m6EP_?dt|#saJxn8r^xk3L?ZelxNM)1NbMa>n^1j#?l6 zl`3?@&Br`^+l7<*V)-rP&-ACeMbd#-e{}=%@U?$U{wuU^(a6d0$@;xQ_cgp2J(2Gf zYp;eEbI;GBy<+Xv_<8I^y;rE-{MnPS6Y*Z5_!>TsJtx+rs5;hN4KK!?vuc8mbywr3 zv71la=KUF(w}|;*?DVbkk7p>ph8JTe);(j<)$nTUOuJZgHGUpDvF_=b?8|Cu@mbap?U4o&nIIi(mg`)HGCdBr^X(!;%ay?@0=Zb#FDG=)7U9Z_VE>( zUwBx*{OzxQrU-$vWM8598eWW@Soakxu7+1*CtLT3C0FC;v8#?6YraDBSmqP!=CM<7 z@fC`%;lopNd)_t1Rp8O?T{lV)F`_!>Tso%3d2vEpiY zF?P49!svqk7IxG)uLNyzV?i!u|N54(Jd5T z!;7&K>u#~)YIrqvrd=$#8b6PnSmyC^s> z%uyHbOKyRm#!d;P4==cUATPDw-=CB@iek$Zd>%Wch@$9p1uy2^a&dj^zT_6YpT|zD z^8!mG8Gk+*JCV+dD_8Jh?8G`RGF`!|v6HRy3ey#S9y_tl3o4_kaAMuKzaxp;6z|29 zEBHKiO10qiS2@4-n#M``%y~+x#P_3D_-X8x;clJx0?H_doTN`-9r34c4D0uOg`}W%>&N!9V0K6T)~TZC)Rn<=n7tNJ|`!n zJ~3<^G(OJUH1^@{k?%6dn;(pQcrh&$UprRw*!eD!7l}Sr(&u^Sd_|-y7WjGWWa}c^ z;I+)7=8Db}=_1*%fEN>Ig)?oZ*oJr>n^#VW5IwvUL z&!SN6WOueCbDMN1eT6PYPK<+{S)r?elbwSzy@Jo{UO*$zAX#c9l$69IiC;k|) zA)1U<{URk+fxx|K{kv9sBjtGQUz-ejkKSao${*=W`@1Fsl|R~Et2=tOx}#^SJ9@U_ z=4Y#VdbTR-XRCU8;zEkG*JQMst5>VJdcoYt-@RZo?WY*Wt9?HE1wX+4Rd;$F(W}*) zy;{B53-N*eYpZs9wQ9E)o(ZsjZ8F*eC$Cm(_iD9vFPtYDBF6E;*|Po)xA>z@!lrX9 zXO$NyrN6OYl{~GGMP7M}iDgcyGE^6Mk8+x#J{#89=Xffe%GcQMLg0)x%Sxp z)uw&Z*<{&JC9xP(+BfBr$P4uTJ--I>fBuzRf4O6=K@Dc$utEIs_y7Cf|F?hsCn`RG zLR?qYEKWGM*- zd)REUmfB+&nnA-KKYaf1J8K%Y_^j!iX|tw{azoQUdc)Y64;xmkCRLzlZD{!OhY#y9 zHtoZPl?S2N4?cQ%1S6r&);irg8)a((jpTj_+#}ZBf8w8u(z-<^lI%yR^4yf2+l2o{87& z9k#2(&U`@i^w8gb_~9Q-6W_Doa-P;S;g2J;hM|e?S#eg_Pd%6Wtc!3FjX!;g-#n_ssiYkH>}Que5QyzbGgC{iDNn$A#w~JK=U+$Nogr zSvx>1;P{=|tv0^D_<`eh9Id=^A;!P{*Z=UpzTIT6*6&2$Buu?uuK)S>|Kaz4 z^UJ^d!$1F)OJiTT0s}BvwFVR4@(nEQS%69U+hDTE$k&Ee($bb>u&X%X1{1UN29|al zz$8*s*i{^=H?Tx#z~qPlu(#3@UjY-B)nIbA_C{LT3ILN_i^0T`egjLE9xzD_8B8iX z))SB`C=7NH2i{k*V1yK0v3)gQu&b0n$Tx>pV;fmw>rG*D(di9r zWXV=9b~0ab1WZkjc2d^d8`xw^)buD!Ct%5ve5=u< zUDUxanEZF$$sjB4d!pVt4sKn>Zq%Jj?6N3i(^m#L>YuLz=Pq|~K zo&3~!TTXYrga~OmZwix4!CI462j#ZpZ~p#&{QYnL^V`4r{k|z#IK(AD^+m=zU)^PXZc@gPp_!iir?6HXo#OS z9{wvE4@$fOXyZYxSNzJxgXf;&S2iA0f5oqCJa(QRJ^i%tpdKv#%Ep7ju=tgY2Nh!e zEA5t=-9G4xjR(bJ@kcfuRFTE6Y&<9@i(lDz?94a1b+Pf_QLp$b8xJbY;#WGJJ4(*t zS2~_MYR}?VI-Wa<(BfA*p1Z6#>HUAEI4@s)W$s>sy!ZP^UhV&t=HsfmxTDC;WnNVm zcT~H@uT&RzTq1~HXehDcUriTwY86Vnnl4Zy7eLbmisj;0 zrVG3g=f6^cS0dBR#)E>o_#+z+D(m7`HXfAN#jk8UVo7^XZ#EuWWsbkH@u2!Her4l9 z8D9L##$y3|4Dn{;!2^KtS2i9zOX0uL)~~b@?lvB=(7juC8xPKM0%zmF!BPCm#)CI= z;#W2v9EruRY&H0Ia+D+uYSpW99gjDMQ@W1TYMCyx5>|XNy|)= zpY^1csL9Vd4HGr_SqE>TCO_+pPt@dR9Vv>M{H)VUQIntP`>U*Plb>}mYp%)9Is^`C zWO}}{zVDNtbpmas$Ix+Jr1*zdcCYv!(fg;zr_Y9U)b@Ng?R-pGtPq%x@iAqw;$lTjS*)-g zQBxKxghm=#2by`)n{r z+NkfCcAg%mFwR-+>2V6E`6asHy5U`sej@bJ(_-sFR=D z*?kUorkXF=6o74$BOiR#Jt4P zBC-4B*HoP6)3<(_9#TFh5K&AI>GkxGSddRDPEou}QJfyq)5{da=^;JgL=W;$Rh>@G z>*?e?y-ZP@PR`TI?Ap`Gd3u?mIGvoS^|y0j@HCyA^|3Kk^>udb>Et}UPJT`&=jnCw zb2>RsualqC$$5I6{G3kC)9dWo)5&>yo&20m&eQAU=X7#7D;Tmlot&pp?sl$fo~DzN z596eN-X=e%lf!oCtm^Eax5>}x230JIyp~olb_Scd3u}toKDWubaL`V zD(Ra1oKDWuVET40$=FC5l%7t`)BEJ-baL1)nz>GX-X}k&lk@aG`8k~&K6^e3p8EDa z`8k~&t_qG^r<21yn~6G{93n&~>NJf5GdBIVX`GGNZ@v^8K*71olC~KV!WNEbXwA}@k{IXHsy@Hy|XFL z@3ARp`@Kye1rkmhJWcTJG{J+)d_QyXKMnBhTxU-Edpqs#G{3iVl{u~N?X|@=n8hI}Pu&ySHeCd+lkY1-cHLo4d?A# zT28xpJMHE)o43!eEx6^1&n>jZ7ck8n!PLnw;=IykYV=O$MKH#*Mw{uZA z&E@Shm(yC_PHQ=hMdYruBB3 z)@fO9r)8anbsY4R2g8lBUuj(&bVUG!;GZ>Le6HuZMe)M-+0=eluP)Z1xM zr$N1)26fug+qr0*=Ja-&(`ij_r!}3%bOc(It!YbdYr&WfolG32bXwBeX-Vgb?{=>E zKE}LoI~RN(!?xbe_1?#{iRW_fV+`Hfx!U^}FQ^@#mYRA7_C7cr5*6dEMiJ(ehWl>$z(B{5_wKx!khZ|NJ~Y z{j((T<>kKQe~*UaXm8Olx7jBRbN;=r=}N=MR2tqV4bvIs>DK$A|2-m(U4uo$6!Iiu z+SmJH`RLp@nshBYNe63IK)#Yp75&D?x(OrDSa(}D%!-TqI@ibABlsU_{8YBw+WJ=Mue5z?S?>R>F*vUk?os-6v7b7YYkuD<{gt-Wt^fS^ z^1SAHKC-x`Z*)}DfR^gtLvs*}0#l=AfrT2`mX_W_D<1`RZ7rJX?-bb3@{dLfyWY8Z zJla|=*C%KVatbVaF|uXcvx8mS0nJ^2(ZVzNRqXY+~w_w zQK^C%NA!bts8GzJ$d(5z?x5vGjsgmNLSzCMUsAN~CHXL6+D66BHx^Xt1)znOt$Sme2PJv{t_6es{v)CJ{ zHH!xn134&FN?BCS5^87`tP@vCYZ$Y5ovEd2t&}HD*<~Sohs(YlxD92m=&G%wB4r$t z2j#V!*^`-dN%@F{T%$LezcW=mJaJNi-%%NurGbRtR%X_Wh^IC+@N}HOwfC5$5P7lwWyH2QrsU$mNJ$K4I zp$ewT)roe*;->RAl!+dan%KGjd2Nym9u8<#j89SdZFgh~;(!+E7fB9uBuQXuD0?Y; zC!_#hDy^4_7mL@j8`6}%RI1oM^OaskXmPTSrMcqjC!$?VwGSDCU%~CxHl*sKXf07( z4fo52YOZlmEfL&Bo`V(T*>Uue$D|%#PN?+OxWCj*eyK@6q0+l{IZ=t1JY5B}c5DZ3 zLu=1=<}2j~t}@xUe9CduQpv{29=P^Yako08C$!7jQ@2bG7m1B7kHl{4pcHyf$iBJd zxv`O2Tn+hcL+em>)*{!pjaz5OBlUpni(5W~I8rxmx3(es;#Q~l)@kEbZ}))e+TQ9i zCt`5YVqYA%I*HlS8u@DKZ*_}Loc$y2v$SVNEA37P*^Ha@JMOX_H*uw{wm%zjGqp0V z2boR6ky>vxn}VNkj`uTPTdS*is}Gqi%2`YMq7LqnukLtuR7Z(=)7e4&gexCAU#)94 z&PRzZptGO*30JL2zDo~`X3_(%bp&4P2pqUh|E~w6#9r$Nysmvo=-^l^_UVKii?7+) z8~HX)X>-QfvPw3mQnTjbIKk(;yRzR^=XOr55X6oa2JUU!jxG1CMTMs zrOsBbosZb8ZLO6_=O|8_np&2UM;*M-lAMd~L0B6kDoIE&m%=Unpnj zgQIvR7fFmxP!j6^Xyz`J2d*4;_DWd5EYaTV9QE2+=!D8w7cZ}!7Zd9+>g#;;+L`XP zbJ>ZjwDSz(C|g=Omu=ijH&iy1h?LoGxy=5|MPkEDE3qzP5;8*#CuHBepP+ zrE^chb7n2}`iWEjUpn_BHfWYm5(lm`PU4Y9zRpK4o!<^z=YW?3QX3K_HEPK&$wfMY z>`3ROw&;Y)SGP@GYN=kj=sBVC)lHR`b&N6Ss2w{Yb?l`U?WGp&r55dk98WK`XqdE& zF%;@6P^s#2XWUL$emDlCP;s?XF9%dgyBmWmGRs~hJIIM-{ctZg4BJvZhKo%66z_o4 zu@k2j-*jw%5TkYb;5^eKv#;{WFB=nW=}|+ zc&$Zy?Pkquz3vlI7hmgjzt-}-))pO5t=#L1fSi1(MX&X>PspBnt(AMN4Selx^$98C z*LvNr^}1hck4|Xuagp5+b7c2k`{WbNj~HMz!H1r~)fV}p?!d{ziIYm->K*xZeMWf*vA2%iw~o&fCx>qxZEqcIZym=6t|RrW zBk-+b?5*SO#FfJw=wN3%7T-GBPMm$4569C}ezty;Rky`mG;1hkWb)Cq@kc$Hk9sB_ z^*ui7kDNHA^HEPC G-f^9f^yWq7fvf+J$3rJhPwK=eojg`K^R?a1?;oAZKkAQs zbWQS6pCV64j#`4dNM}^8bh^Iz=o;mt>z0qMgHBv|?F#0jtCf$gU=Cbu!bivPN5}g| zZO4f#{~gC4owq+~Ar4$e{zu30N5}g|EyRhd+`9+mL+{A0YbbFSDGrmY6uWoj4x>ql8F>&6j&Lxa<1bsY2NZ*gkYiIYR0+Q;5?#`UTFdz^jC7XYle z% zUEgjuGA6Y+^_a^CtxxR*S4t0DDNrlP*LKzSJ6v0H#me%t9I5ZcU8Fb&Q;K?n_>IhcrvuS^WBM4XFqxl|51DY z(OFI0MLJ_ZL^_Y!Nj4KQPJrZ|FPQpSY3Rq&OTPl zPh2U`_HzHD?N-ZATwALyK2~QRtK|o-n);~k@%pGQ!=^|%5AGt*q4LU8&xZ>ym1i~g zvAX!E=R>}7=-LCEWAU*%``D3i;Htfk)y2o^>|?e3#I-f;=j)@#%Rue<1E)M6^g_4= zRGDlo5AGtJq27)~Eg?17hYxBlxZRSvbKub zrpgzWzKWBZ@p6>;iqjilgHkG=^aj9b$4^{a)2k<6+tnMm!?m@JENhHt<6^wwk#-N9@_ekmKXzO^b|f9Rju3nf>vJEC&EirT+(n*)uqn?E zHz-eFi4e@9{{)u&z%22dz+&RV-N+MIx&dYpb^=RmV3u4?Kr*u2CrNs;AOIs78<30$ z=7VkDDIoyK$gBrOdNNCbk--ft!Y(2l86(2Xj+AcWQktpp!@W)NNOERKl9WMaN-(m% z0V&NaNggT9YzfBJHy|0ADL)8SiZC)`g0b}tD6rTe@<>l?6c}6IfE^f1MIJfL`sE_R zQ6eIYVfr8jG6cqufsyqMNOFu5d2BqJ8en971CksAMIH&v^#1V@dv*c}EJlhX>4{MT zW9u7GV42>@BRz2kz}Wf*?7&R+A9<4G3&0Y~MTDcBh%nwNd2Kx20~lG~fF#G7lBbP_ z(py~Ej{b@evm|S7b7hOR;;pfJBkKjUySXPuX6>#~4PYc=1CpV+&Hc4e zTrxDbx&Ahi?7*y5*h8{&Vt_9q9O)6EMmBf+s87?Jn}Gvk1CV4*>GKApG)qK^OP~fgS9~Euo0|Kw17qtOP+*$Uylyu#OGcK8 zV4@L53xl!s4W!?U9%jqdCbEFMh;Y;q5o&FX6{fT#Yi$h_CP~TZhlKVSm*Y61IkI${Ja6Bt5F8<0Z1(((3h z>RBAKV;0Kpq1D{LZD>(=`CyBUzv|(nl?&Z{xZf_k2LR zY$W;m{EbOwih9YNJZ-5vd(Q_{uDi$g+}@~tE!`OHdJ_#?DeCUWiEB$S-j9@!!(LCj!zmLUh_SWq500nf*FFtz#S|(9o=6g0*mjL* zxWknK;|@sO?N;s^7xNAE9aB#oqdd(cEx}#nIY?Z#)5Et9Pv!ttX92|KdB_H4Q3|lg z;|BBM8(@h7V6_gAdiZMJqzB9r!-wZ%U|LVw^842$r7e%zC}ll*6nxe>HR~ z-ITHk-G+Ca1i$;uO=!8$0Wgl_!;q1S2nUx-gzwI?28(dJSz$P<`qgQY6pz!Q;Upv} z9%of!L`YH?PQmX5oQvO`RS!V6T!p-EK*>47y>Gy-a2x2ofHS2bE8L})9p_i$Q%I8L zSn-Pp2Xzslix1;cD81DF!|0V0P`Xa0#-@-*a-2*JWg$t9U1}JgLXsT2)Og>3WVqBY zMuoTu$#Ad7kQS08!*z*qDkMpUtB>~$NQMiF_X3$PE+QNxM1*b!y>GzocSOH$z@g+A zf8T&w=u+c-1L;xYZ$1jVYY^TX{s#~;jH;njWMIS%n6Q2TA;ZWT@}w(_y5R&gJ+J}o ziLp2238%)}d=}vxK1+m#+EB>GH85{3H4Z?MH895AP+Us2D{mW+WG&6x2BI`?t~m}s zdR%k7ZNNUsTtu8sn~3Ez9F`=TaDig{5J~ol>k&g@Noo^|<%Kj)M#KLy(B|ZYKSjMlHsP$+Xf^ULrK4n9^-Ly=4S4-x7}uUNyT04wGb?no{G3Ns0`N zO9m5x9f164N?$i18M<+=1+>Jk?)4mi6}su;{VyU76_^|8uN#mHZK^lFD76&yBErF3 zM5wj(8WP2SzMAPieu#XLBfM4}E4?r?BrLP;14Bb=S zHiskjIr0GH0Bn5&_KBwSwSbn``(b<|-6mpOFCrZ25us++8)uYOd$hJ*9wSLgbyIm} zF|@n;?)@^NMU{c3*-K+2NuUOp4Up8c0m;ymvXNjO$?b`jwiP!XZl_H_eNs@Wx|K`NwF57tX%1l3BZ9;|oJNRm?b&%I7Y zl9F@(Jg))6ga$aT2!qkxB^W96=*tp-BStc`sl+FmWS?kL^K9~{Iep@twvPgY=*{96 z5sr422)&d>p-|z4H85%O03r;pt&yjVhf;5#krag>pms6grL&I>Xk5LcMv`Q>qyD0~ zJpkL%+~!qpj)`@NU$m(QAQ{?JzEdP&=@TN&gW15M=OV&Ubc*ni7|KP@fL0p=T7ntS zk^@kN3XmRWPiJ-Odg^ZEaeB{7aRZaV$F@i^JH4|-Atu`H#R5v%g!3~iq-0jRyn6u2 z)}wZL8G$70ae?Gr12~SBdJh4NO*nrM`Z62+tfg}VH>CgSWYrJQ$+_@~=!!U@PAf0ArMH~+(_Va` z5j`A`rm%6+505oxk5Pw4Hrt(&^1mPTzkb67jTtRT!m4#a`%+v;n8yt zpvv775pe3%Lnd2HZH(SU#-qW=_#yU?+{SMLsZS4?f=8;9H!>QWlt0AwjeKfv6`^`}7Y`K{)l|!|e+@(WZ2Uosy2*8yuM-h#e!vm7Ths^GST={zN zWDcBsJ$Nz)Zt-=Yd}Iyf)qir!dq)sBDSC)^J6e~+jtQw0`FpaP0@j9JtbU zK$W5+jeNU}a;O`Pf^S^w)7>Vuv}8oW$2V5qbGnr4xHluWqoDWB9(z9xsI5E0fh!Nr zf8f;h2WLlc?SE%hE~K>o52*Y*kCCsuItPL)ug;L*DtDI=45!w2K#PyhnlQUunK;)` zLpgMw1Xm7grMj44>S~DtD!sJ?I5Man_ZTTr>C_TDxU68xXln=5vbABogO*^Yx|IM-%C+{738<}gYoT#Zq*kB4VgF{g$-nlG39b|!P_?fc7Ov>%IW5;6 zRC={xq_&r|Vc<%oHjK%(6dX_~sQ2y~4hpnXK$UhZ)uq=*gL17sq+IFMzhe5Y25m@- zL~5x#pi-&VL%wpT)dN>a98f9Oa*?l^5F2*kW+;-}Xa#X$N{2ojxa!;il?N>s`AWyO zVcI%Ut8-dCaHaBql&A49xG=SAM$KHf8RUc;V{Jw`DLNsgYUIqwCvCmg4o=!msI=8a z8f`-@wU);144m>bng(2Lm@zjOZbl)wsV#l4jXWXy#vq+h|8BGN*7o)N81ku0@3q6d zea|9I9e%F`?VB>B+W&op23%V^pe5N0hof>ithIcvwKV((ZuEkH%2zG4F-0R^`}Ke- zomy4Hh(?KOM|Q6Ut~}Htzt_T@(2~w)zNRZKU;2?Ob4y1oDlO@G-a+M|7TS2DQKJ3T zE#LP8D&_ibxc-$`tS@6@RdND~;VF~Lg{e_8l8Pk(gAwsn?9bm4Z$) zUNgSPbC9DvU7qu{bvf+h#pf`UQzt6Enps@=>g4j&>8KZm@#4#kt}?i`rkf3}t#xwY zOQ*Kh%_TmFDz4MTQ>P2QyxP>(*NNk)lLQ}tZN6%fPBKRTnjfz*|k6tZ<(k`|8U@j#}vlfRJFDlOiDy5EX^0lY5M|ZfT?-zNFPEekX zf6A2`?ZjigcgJG&fOLK-QOb36PnnBX zRGHM;JReZ|t2V12f}p-iOsA0ZpSDqJ^IV(djW1}4g}iV*6iKdY!@RvU%9Wy8DQ|?0 z)N);W^<10SuR?HMRVsBJ!8!W82S$B*Lw8UqsDv~m*)3@r0UKF@;b3m0&EnzPxQKD@eQ1#j+Ij4S=MEs`< zhl6Z6ti9^BBx)#MwOqXlMQSOpE$uZY&KFDN0hLPqB=VKl+PYqIBDE5$UF!uUQl+m~ zkT}D1JbCfx!u235T=$w1<>cmsq>YaZQ)q0*o{;k8!)K<}+j?@*O$oU^p|)1*_*8F; zuN+%nt(lji1_esCSD!c!D}Awv7p?~pa_t5o<#t`AvX-$Is>oNV))MmhY^gk;QeKrvEFIk{lxOs}{DYQNUP@s;nkwq$qVaG>ST#Wd&Fl}vp?KFw}j8>;2%I*ziHPAwsy zO1Eq+tt(6VrWWahc5CIe7OAT@&OR517rurP%9qP(a#uHNOP)4VEA>?Gt4}~dWo21= z*i|2??N`@{oawh;52%u@rFn9t#%b*8!wWZ~a=EGf>LXH=t9X z&c5lRRN$0JpP~Y%=04WGoY1P}!q*@oeD#qkPNE%+C$#HVmm11LJV!aKU24b=scP;C zm9N@}hVoFN6x3cd42aaqsn((aJe;k6V^obUlGm>N8Wu#kQdB?hu{N!tJw&XO*IF7L zZKU!sTQoojs65oFH1LO7D#hBDKC?(_Y3ZnEL1-KCpg#2`hi(Ul^{rUIw_K@o2Wc$e znp%o#b8zoWJ)qK7Yk?Eqe7lWmX>DHvjxe0fSIgC~CEUQTjzhLgXeNEw?OD`ZicZL0 z>b5BP)SGUuf|JSi$&jcNPe>l#+czgvs@fOcsHDDnt=;mZjn(d@UxzT{y8Y!9 z%u!c)Z9nvBa8k>4`|!OM-}{!MmU8Vu6*zUm>zL%LPunNN$yX`XntKCtlvrAH;cHYb zU-f(YXgK9cQRfZsY*K6Ir4v#Qy`?$wslzAKzUf@zeaum!Tz6LSb|tBuOWy0NdSUaz z;SjwXcHZ#L<*2KDQ?J--mm{_O*Q4%Z=$Kb|^)}`xVLy1q5@XpJ#H*PDXS*k)oV->^ zzV0CQ8Fb2iLrX{T@cPy{=!BHHS29QaO8SIKTlW^dVmV4E6K`aK>zs2!j!iFGj(nw{ z^VM7Dk`t;Vy1Msv<)~%J_|n&-a{2H4_15{zN7<>NGmRHB2d=%@xv3v9A$3z!{yV>T zQFGK%d3Hwfw&h5zcGQ#gRwb#mqJ9A7!r?G8a@hH+A3vdn_FVS@yni|Bcc$?MCb(Kv zFJq2;rLsE(Ud$XNv~}Ld9JsbyJN)J;2&uci$}U#)!r|xyIjk*xJD_S+Eu$ANp`(`8 zdzu4RovW4h(j}>#1-*YcN|eglVeev&66L>k*sGQ!wUYRj%^eKLVXbOE(LxQ?AkS8C z#;Tk3`@N`1o3)lFR61&<`#BceylTP$wcXmpx7tMSSkhXo@8_PI%LMt_R`7t7suv}3 z&}tdIGdXbb>IKMw+hwKPJC!3*G+5?n3W36<+wDQ`B85|vY})awD2|5~4ZV2?Wl<)(WJud!hlzD7mz zRa@oVM(C);^HSr$?bfSl^&a~{Jo2?i>Ti2Tl3HqgPNGy=gh@ zeuI}0N4{^2!=W_tS})W4jiX#?tEb3|=eE?{4&DqeZbRj|_Rt%T)LhHxRmXwr$gQX8 zCC8Ck4(nBVt&!zscPPB!cVwsTj#63wtsmhdwX&<-^x104*3awb_$X0&Yr|d+sQpt*$af2)fiJa$zJER1*!69w z(yra*v{El}8r`Oxx{~duug5oErK5fmpGz;URM!6Wlh$mgl(qvZm9;j$R}Eja zMg2fE8#L9d1FBBc6Y?==YN-`@sc+`v(HH(lMe<+k&<{^jSNpnt(@QOjk3x?&%WHQ< zeMEYsmh0M%mjmi}s@>^_tof=(Wn4@3Qp<8e_LOfivz636NZ)XVmRcJ>D*ag|)ATNx zur;2MK(JHjxP#I+;KIWl6g>eK+U}r87F=X^2SsAwN`d@8^|T)-ngG-`4rsM;;c!$g zhgxoGC>;k>I+QtqU2=Uw(&0O52PfXwd>&I>xAT?u>s_hsuPl`XHTp+>}VVD zYcE`n2E%pF{3*BV+E8h8KY)DpSK|r@Vk_4h(l(RY5(lK7c;=6s^nZcc?g3RM?gDc> zqAvE_AKaql!u2RF*ZRohE*%F{3A&OeUuEK)0B%!M4zX_)ms)P)e{{vD_8oy1x$~d;}!s`&Yyy_#<=BBc|)`m6OoBEqi zUm9FxUJJ^^PBW~QIoRG%%j)%#+OoBJJ>w^}9J;@7hpU`w!;H?R-B`lU{LifNUmJ;m zk=|N7CY`U~+H>{No(`zo)P^A*YpG2Jv6*fK(}OLWI0fPAH`wyyC9q^b%1P!_mSen6$Xeqv(~ zD50iu2o=pbpn8IA`8Rb#tEVoK7(^(ETFb^C5C&73)Dkul0fj6b8>%H_lT*?ihfpbPlN8)Ot1EfD((+3x}hS9M(p%sUdCk4B0p+ZbRjv7OoGO5NcD(YaLmB zwwCr+?IeptQ#Vv=OVEE)H&jY%I~%pYP+u~+a6Jf<>w2GrNVonCmEPLK#xoFLRC;R@ z3B$FP`kaKE7Pp~Fr#9Be1_GOEZ5slYU?|oZ|Lay3xK4S@>by!?^)zaenhQkffW~c<0 z`tG1u3~=e!J19K|?i-Yk42yE|gtj{6?P9+_j0|N{jv~fz!>mp;)~OheP0UsIN+`m5f%9T1$~@aB!9M0hJr^%wNeXS*=Y$c}UB42CKZvzM04*To} zx$TEO83Il!Pe>~J*azRQRuX+O1e{!-kUG)lLCB|Wo=~}|4SPSJO+jgPCC~Ok>x&ir z%>Nwj@~@9bxzbjv+9yLuZJYXoY*45ZCsaw)uD#b1o={uUGo-$9Q+xVed)h}p*dl4W zwR%1Wa^ZD!;Nq3bRw)M*DuE&`wox}OqmR_|KT!B5Uu&_4!G#;3^c+yQ0orZsTH1#F z%9d^^P2Z{3PY(cs9Lw6Y(u|;b6cNPHGesGQeS9-g9(Acdf zzH>&?V>RkC^aIMc25NoUe{hv&{mVu-v4OryTzYe$K=ySbpq@@h3Vb!59hi=t6I!iZ_#Y&O|3*b|OdSaTEpVa&f z%QY&O|5~obRdFa*sn&+QbcNoCE%IqqPNnC#so+Z0 z0aX%uq~xnEW<`GK|3QxY*D^LDjDx~TzpM5}c9B{RyFdD(pG#^fuXSv+7pWZ+wZn}b zink30x^Upvt5cx$h}aqO=@PX{p7$9njK_3$LRhd97{kD@`0umyX)z zTkY!!m4|v&eT#`&N^h-iUvDDSad@jeJ)!DOE$glJ^n?}#7Y>J5weF4JnNxG_O2}9H?6O8PH)JPs!sGaEV#DTxuZ8udGuqo zd*NnOBsZNmdS{h#rLA*>w^E_JUUl!Rf-7zHul-QyD51{v7AiP3viD5+uCtb_w@|^^ zuf6HXb0sU^g|Cq{eEH4J@wkc7@BLA5QuOAUp75r&UjMasMM;&z-t7dZ^!>^vt@Vt* zw>7~j&)&@BNfi6K_cnPjMVa&-B)D(%;UHFC>o@k^CFLAdy$uPjbkq*@HY9;qm2_>% zThCj1FOqzvvfkZWZH`~5L=qhdy|)OiZPe!UrX%5D?UjtzOAimB$#r$VHx8+x9QG{4 z??FOQ{h{7M1lNA8FV)+Hq?V$3L2q4i`i;j?bEREh%G-skhwFXxmLRw#iO(EPRSAcE zAe(22lsR9PLj+^J&BxD#I^%VJoM1w=xzA#QQ~KTa2G{x;lhOTaQkCaN^{M;gJayFi zs!t!Cx%vn-!H!GD7hVSg@>(0&-D%2|w$2gVA11Z5)#CeYBBWCb+MQ=`t*`TeA1E3n zc72s>=ZHQ`O-N=XTixmN&V*ksn{eTEbfCP}TKai(TCeZh$DqMUQTJ}2x_1kt^!unY zIBi{@Z3ZXT-JvCLRO{2-Sa9;y-B@sKqk9SOwQ$|>u2NyX3rDmW|eg{Qjgh98y18RNBoqW5#(q~_j zTKW!XS)~jAqv^#z<)VE&)zzDPPWlAOvMKVC42q--Q6pDa4=hj>7$2+(J5Dv-L)*PFpw!Zq8 zJ+WuzZo3(g7j8!7>6`8=K6l5Gi#qmhcNlqEQ<-;X51bm*+mKw;QNG<<H!acxGb`q{PQ^G)v%NNIG9_{KzvUm zFa5!8DXn%kmY&N^QrcMZ=f;u)*+yTYRW3(dD@!W zZ~bT^ouEuvF<)j^L99KH+pT-G+la78o2=!K; zT^peMj)Sfy7#hX74q)K4jn066rgS{fDz6)=hyC1-#c#FKbqye zBi6-rM(!>Pmsd-(eU6b)AN#)6bKkYX7}+!3$pEJ``ij)^o9jj{xyt!l?NWCTxF9Qi zUB5qfb&pAt^SA19-zUQKNqyJr;M!U}i>|(T4!f<@LNzXdi?p`Z$OCX{@oW3{wRX5K z&OGbok>eYb^cwQ|&#Q%JQxdV)^AjcaS|>7JG|5i~Vk*k#<0 ziuB&}V;D`*Og4s715kP%V5f#JvK6Oo1(&{H136N>b;blrUyvGZm}1+S{R7T6I#06E z9F60n0=Chc*rZxt-*9I_FV6XeZD(8Sjb+$q&1x_o8z@fO%BFPdb0)k!>-_+gX1!m8 zVJ)2r!L=4O6X!x43&Ul9 z0og!!9aLT23u6U54IOon= zZz%z_W>>5{(omdZlFu>7QEvkAT!S3(=>%!fR*_nqHkU^llw|M3pxABAbrerMv^Bk8 zo^WVu)rfkJq*`-7G|KZ2*4z(>-X65W3>n+#YW&s@T#~xR%*7TAm6^7HX>wJ-@LH5H zg|0#Xi+A#@ZUtDh04${gSQGf~AVT$FeyWkeXe!z>_O@gl%TS1dIc=~AtI z>XoDj%!f&tYNGmYF{3R1B{+n%XKmwJw??aL~ed37^ zH7itAO(&5gYgQe7nGq+?dbA84p^zl&c7>-pv>q9Fx>NTOzzVayg;$t*4q$c8MPP%2 zB`}{|Wbq!_4Rx(w3ShTspWd`##?(?gdf>Z=yaf}XzQ(r!69s*ZmjEWR)XRm5D4$WY zV8W>HJ%R~6da!k60W2Oz35%hX5Skm$zIY9 z7Z(q8D+Jg2yrBRa##DQj;F8XNTAeeNi+pJ)s zEN;d^&o{=vXeVNJ1o;jgZ{mb@?+LT)}Rj_i=gGDbh7Y3rzao2rV!XvyoJ6>RPkC z?ShviX;y~r0JA-8%?@dUk4RD)S_BqvbjM$Q=@v17H9K5c4keFM4T~2s(yZr$pPwXW zGndUgD3zLhWQ|SS)%xe5ILH3d5lr5y4^u3VHnAhYXzcxV7aPja8q_d(bX5KR7Te0! z>@f2QEt0G`OH7`&iky7pioe$Efbn%Kwx6xpk?htqN!G0CV=Fck#%E;lZp~U(--_zi zHGtA^2KH-GY-OhhIJ8+c`w$aJsoAYpxgE|PxHUU- z`l=DT4Uq;HMN&LlZ6sNM;D+3o-}DwA+(IdpMIKKEFe(ppRRcwGFk$K;s-fz{UH0*=(~^)=3rqf9C7w-%Tr zmzq-|b0JXoEE}UoptjQPw*YRgt0>`F3RA2!_Z5HU-?kC+NC|h-Z!SpC>+VZ6G7a2P zJW?}g2V{MH=l!PpPpT&);H0^G=-|`~y?9D=_p+~)bDY~YJR`wJD6YGgy>UirTk|A{ z;BO_~J#-F_i|an7-Y~SZr+Y^WPsIM!P37z^J~mMIF?%hZ-~FpE_j+-2zi7ApX0LXQcIHD{>ukaI8xkVbWf z$g`vlsf+molR?M@qO{Hyz( zPeo^ zSmfx*b6HVgIDUCPDI}}2BfXW_qd2~bWB93hWQpCOej>1qQ{UV zNmtw@9^l)&fUyY&jB6K?g8) z$VtLfbe|*S;{l4<$%h*fk#`kcOV0HOlWbi}?kjQJMYXLc=A}pHUbV;IQB_CFso656;{nBu$ll9)(v2OIe=B_6Qk=p zu!~V6p()gA!l=i{T)&Nm`H&nKGiQkfCafE(j9X|u83JJBPqp^lHd>EjJ*bz4RFf2e z`4}7@j*y|4Mpa9@{$3-5-Pj4OHKfbc7P1h2er^RKA2Fb(Lyp? zVYHCD(5v_ftic6l$pApYVhf>XaRCtBHBb z1fwvr*8_n{CDQ;~*fJWI1B@g`LD}iBo@gr9w-stUS1_f$fKrJzLysbi%K=7uqM+=h zSUj2vMj6DafsxY;DkzkTY|4Ns7giYK%9e{s8(0-yq&td6y3tfhD~wD7kW(gDV zKmfKGZDwmHr4As)-3cO3Xm>}5))i`o8yJNezZs15sLjS~urFj2YO}YDNJ`D#B;w>E zLiJ`7m~dgF2N+AK%|?2VB=L5#U+`tyX_0Y}_o!^i+b{ceiweM|92ADDu(g#w@uep) zQ4#mLz(kD<`RIliyIV?S0}-lm9ptffHO%h}vtefI+1&(V>sjh`Qw_kH9Wd|lLD@W$ zjJVz1P6Jr2Uj#OIioi6A-fr#&9e~~D!11;-NlGPC1(_I9*Ro1V#cB2v?axzS~yO{tos>=ESS(2-)J7eWUQi}UIb{a}jB-*_y|2s$sB+qXnYC{QB$L@jE13tWZ)hzgvAaRuL35Lb8i@o6=pY(ZC>lyfb}?AyJg%RV_J_;jaMNlTo|Jb#+tK4 zyGVB^L8PmS7zDyrvn@D}yA9o4=x$L1$Y@q?U}Q9lHZWGG${Ga1hP1_<$KAjtDVpks zJ=yP;QB~F*aFWu=?vAsCZSf6Q+=<*^686BOK7JsR*5yKNcJG|b)~q)Bfkk$_6?_KF zMeu`!2wqpgPd#=IoelPwH}~P;M*dV{KW|B9*{Tx9?ItOd8dbukdo;}O5-=(5*A=^2 z4?Strk41usoD7x$6H?vmr?`#kqq~FOt$YCU=(-w(_gP?*rzJ2ytO&`{r62D5W<68@ zkS<*z-zVdcL5}rq*-)oj{_+cF2=b>b^qYtzMN@rW3?|aqz8?lg!W=?A4@U5X#W!Ga zXKTNCNM%HK`Et<&b0791mL&Q}@UzMcyd0CtF}_N>LIg5^kL52u=|r?YfMfy+N0Zs&jtEuQ!c) z(TH0^k!1mI+4hnVfP`r)ys?X-%7wO&z>`p@_81~XKwFXyV2zWDzy{w-V17ofcbNd9 zv0P+dO?jXNHzCI}DloRG@8~fRif?fjz#bftq*R;&Jw>DSsG28j4CrRILOle}ix@ZN z(N*+tiQ83DsL}Ada*&b!HyR5}42w6mzWe!58T| z01fJb8yVGb@)BG!tDs(s<`!2p)yrPo1dD?5b+eSx;CWa@9tEa0dw-0iRLJKIR`CLB ze;OymvmgMatL}OT2VqKAmGz*GQnns{@S>nYHcPr5AaT(wQt>`oucHB!(y-1)1*E;) zgdDyykR&HHBht9H7BN3M1A3A~k`=nmWb_-YM+TlzVXLL5fY#ACHsUNSrOtV4j<%X4 z@fk1|IgRwlNu?q9CH$#j1Vf1_UCPPX*2Aja!~?J%wa4pqM0-e}s_$_TNs3vOC1AzY zGq^lXBcLP->V>@C%mc7>HJ&H#Q;#OugD4u6o$9U*qL=VFz)9%_Y&32Kv2YfTTLED<8h;0jjb`^0jHP1qsmGc# zF>obUOo3Q6g7hpNtpQ^bG4>FzP-Az&NLYpkn3hr+E(bocIw6$KdZNykJ{fh)KH=Si zMb`-|!Gl>%u~~J+nAAM6scc`Z#wosRDwx$LCuYg%z+?=Zm=b0^QCTWnQUO>77(jYr z$iY}Vo(p%XmcULRd2}L45|b&AsMWNk_ji%ypl-=hzmThIttP@SexIaJu`w}<+uNKcC?N6JZ#f1ty*269iyvB8pDHtu@D9a)(XK2GS=6D8agI#lvGCvwTI~8>5){ zAo#SU6qm3J1~3wqRTulAk`W6GMwYXn1|u19g~6m|J-gQfh`_z70H>cZh8U5Qwu&(@ z=~Z``Jd5T_w-2>g-L9WXp>X573t(&^ODizp#(*#|auc%+CUP=r==A_1T|~T#WU^op|*E2YGBgrky1Dik$=_U$K*5tl2TC_s5+|dq6|LJ%yzs`h(;V zqpEIHQodly0Vkf~wLv>Wa$Z`xXyWWfDOWzLW(zhzHekz3`9=$d;#?!cw zMPMXQOI3{iARI?v#TcPPk{Y2|(+MR>CLFhqaa3O)tIcY>J|ltjDW&rWCgRZvJuvEs zZ)1=osp^^!XuxSm)!_xBeBz*RIuP~oVGS@*A0OQSV-xWVx%p~6>9Uq(s_K< z38l1jsRxEvktFMCj~*+jKmIQVq_-B3<2Nu9+;3 zNm@M#MhcB@+?ZHSGPgp-Y<#PpD)mT)@vZuboOMY?EDK!Nddw^bW9IqBR@SUz_6bL3 zk`p^eY3qx@10$sy69x4~8ueHzZUm*QIrbZj0*guJEKf#blEEyE0I<;vJP!42bOSc( zVDK>-GFwl)hXWIhK$hkyCVE7YZN=39BRg?5z{rjvk3Olxv7)su!-asNKm7+ys+#e^;6zQ|lmba!K7zd1XVQpbR? zSR~1o8txp6-QAU!Y%LLBNvMA- zn~*OCS^nr-IcyJ18b2`6gJOIei5Qa%A%oVy#3UOn1}2?jv>4Z4&9i~fW0V(p#OQmx zYLX4K;<0N9%QBGbw3gZ!DJ;f$zz38lB|Q!^A6X*F&WR^>>472I)dRej0{oX>xCtqs zHhcQbd)kt$Z8n07xSy0_(ZA|3a0~xiwsZ{Ggh(Do*Q;a6m@Y~wct^BxUp(h!TMh>A zICJ|rZ5glyVV^J;84U3)8Q|WAt}2%E0W07nIhPsSMGLB|Ly489_1J$7H>044w~7qB zV-4+5^aGQw-56&PY|U!I05B>Pqe9@4nI{zDQ;7+MMuHLT72bWh2#k``nepW!VyH~o zKsYt1i#)~HRxpJN z0xGf3FA*cA%BqG7FR9P*QVbVxOp*$x0l%k+2<1=J=ayVbRrMVn+yXZ# zjT&BsUZn$##R4NYsx|T7t2h@+1k$=eV#pw^8zcrM(&ctVO6kmSok2{-o8eh>n@LXF zhJ=x{GGC-Sq!sBpI{X?Q+(?C^!_VWPX$m7JJzyk9)%WWFBuSTQO*CwnaHcWRji^X# zR`ofuPv#AzlYL$aMHQp!`$jUX+m?fYpovuIwuupC3<2v=zl|s(Nix)LqNq|&)!KQ$ zpfyUREuLy!nGawkeeRRl^6V4N5LOE(uoME!A_oUyk$hmHPa9(h51Cs$rCcDA*?Q9L zd`)_hOex6_!^gcQHzcjTCG!$9z|wDkCbhV&XOo0HtI>-LM$3^woHksmrH&_10!vP) z@NrlOG>>iifGj>%=<+2TYPPsC@bVD;TxdTq_JF(Z?gmg#WZ)8%;t_^7jlkHJdyzi5 zLz3)7t#L~2uIM)&r>$oe0%L`--xr~dT9;6LjTKkcLT*KR#RunBj@>!*y?jc^pQkx~ zYLQY3HG=|-nd2OR34dOx;aT{Ua`gtsww_TBMiIuMgOPZ**j*0d;72^J3&Gfg`_^7C z!V`{WxxOT`GtZfFIY?MN z>C3iw)>7dBbn%X>uDl(ju2)I2l=j3mE$^X*(F2e!$B8Ryym;lUI=U()Nk*fWVA7Ls zv8g<{Y97_c?-!6{qp`bSWJeWqMfQ3CC0+(&^?60rwj4_?5J?IbjNoP8yxPO+q!^WD zV^$NFUK)g_msCC%cGM?7WS6I8j>KHl9vF4R zJ4XoN8+|f*arKGUfOs8Cw&Ep$$!PT&5SVnoZ{~uLoOag+nxs@b8RvW`GRRH{T_UDB z;>kGEqnTTenbl^_+RdXZgmHN2Gor;~v4@|U>XIRXm zFr3J}P6Wpx*)m^4w0i!3rL11+%6v5^$bayf}*h;+Tgf*lB{T;N*7 zyCQ>k2~)qhwVgbk6LZrz7`50HA~wg?thtk3(BB*&_VPxq1}$EuO91CwN<&hf4*Ns?3z@5bokZ;blw5*Cwe%?>;l zzMPrM;09ELYK@1=gwsYW`lTD=IN^pv@@$OaEylUab>*esMv3&B*4n4{m`-AaT(EMM zZ<`KwpZOyxtosTcK?dR2Z{2~hPt@;X{NfLCN}~rR%6DL*5ykjCA5jaTka*E09)czX zq|opuUnJyau1##9O%#Z(`CuRWv8%1mLY<1TgzDqTw2;pBLw%ICVr?^D2MDDbQ@W&G z$BC!=li5M#GePVDo7qXjC!pE-wNExs!ff4zlV3TalohITUSh)Wv6No+#;CjAyCSpf z=*=7$n`j<~y;rf=$(DEruy0CVdSJ9OdjNlaRm?Hb5*V1p@qx)e<^*YRL!Q;y0IN-a zMLWRiH!?2`17oQSf0EKU4JA2%l=6Wd9B7MYyz$L6+sb(3wp~l5b%Jnb|Fb+P5WduS zN;PSX0WwD#juZ08PFAd7q$hijZ`v+^)x<^KqmCtSM+b`}o60Z&6DE8ulr>hG@{?W= z7}kkn4u9E1BB`0JITJaLL721w>&b=%tt*50OO#SPSs{=|5oU0Li6S^S!C12jr55rM zuMDb3d}$$E6cdk*wWAEGP(HbSk?tTN(pA;8SX2|W_PmKBTrnGv3N_5nfU;gya_XFc z)^MXRGL?c+7@2OtR2Xs-kBp?$>?7)&y@oLFFmecM>zO?cOdK9C)|?dr4BC^btk)Y! zk{;EXZ?mQcRBPYq zxTU<*97;E!HXF+gf$5WtQNO)%NS^eP+nrz{757GYiNv-t=dh6?JsVI4D!RepWR@K@ z-nT*F!g@5khKrLV@oK!`;v^|c&8*?#d_G80;}r2FA6vI?4Ht(nn`m#V5xxNWX1q7R zs`=7yqmJ}j*1P0Y7@0W1*i^hNFbdv5<;6)hZ=%Epkj%bS30rBR7;gqrT%pDQlerih zjbBNUz3s>`kesB5*>G_-oFYrZ#lfUz@9pt2PBBs#F9gEUme>BsobK`+OLnltXzjfN zNs_Ir*9Os(q31uOEV` z4AQ0n;6(03Dh7aqNiP`y4kqK)0C2WXt!D$#Fk`1_G(EX7dWJ?^lgD~gP_Iyu6zO_r z@y#bU0i-93VlcL)gJKjk+ppGRPkPr7E}A6qYJ@Ljz8Q87u=?cE6+^V?3N_U*cD99; zuA1t_M3U?i4X~FNNs=4a=sp3+w|7?(z#@mOY;>LjQSn^pr>v5^*bDAW{ zpF73AY{{cwYbXLNWdSg=n>F4?B*`XX-}t(o;&Cg?z-AhiR5#H4Rw$*c#~lmftNBWw z^th|x$4p52y5OfjwuXoIBzZS57RIP^Fc~La;5;x6Ql-lygR3ck)swtG*y0({K7&e9 zhS`VC^#NE<*3C2;%V{t^@vIq&N|!uKJOHsmst*`5JKB9Al`~1n*nl+acX^|Lb4v+x zW>6!Dl(imxDP!j;Wm5X>^B9<7TU}w)IVY?Un4gmc6QLe}Z0T-kg~%LX_=y@ARVun$ zDi%pf&RJG<H;_h+f+vq{>G>EeK~fqu2mnk}%oqt?fQ)zyasZRw_Ki|7HsQ2p zL^*FlE($L~9q0(v9T1}nC?pfke1;HkL@vqBVTKTpBo!*UAq0F9Cz^2pO3rcOW2Kxs zD+86-!+Ywnb(Q#C)i>~f;*#OCX1qSZ-4@?~vUHevLQiJNaGkp`4hEyw`D$x3+g&QU zVfExus=BU*4qQ5CWL%x&3!t2^r(&ZE-V7Lk(r{diAq3=6%sPff4p7P=q*@y}K&gyz z59SF0NC$d~4<_88vrzk&Uk;2K@7X`ZNAQMNfN61wcY)z2aEbqyi~=f)=lV1nE;hy` zrw^HO6F||qiZD!pq;Cw5K~#D`BmL$Y-J^d*5b3f75*fH%VkiQ6=34AjkM2~(j^L2XPxzuWY}HBXk`sNpd*#8s?Y90ifgS|t&0h%e(06}jS$8J zzVaCO4PoJ;7(>A+CCkng#x~HA(&NNp2m(o~iOV<{)U94Jrkk&7NvWpP$N`elf?)=b z6YcRszNkuc1y40>X>N_0;0lGMHV}Cmu0S58qE$3F0Wu;~gA>4*S#35rf!B0R+JMqk zM>uwyq+Y}`&=HR|)j$R=gvh9SHAXa$WSg3Q-k@5-IDk;WYgr~m@V=);cutM?o2+mU1HJLh+)|Kx@LFQruvGi{wU$B{^RJrBD>! zc!2|B|M`X|@m02|J{bv4k}}W)8dN}1)W}!@BAd*-0c&y1B%5ss@s4Q}FN5wDlzVShz$X#>dYojDdg+_=^DJ8RdZu|ml zDHUy@;RYmG%8eAm4Y*ijcWpraoG*R8l+0?Oj)CX+*W3ZXjG7^276pZw^v16<{Npj&>GM=5oJCh1z1^ij4b68KI^2lJs zGN9G!fR@?~Xwe3gDPTa0rva@V8PMWb@(cq9YHCL(c`#ic`F=rkJ z(^3jGy2!d-3Nw$BSqh`qV;}~=ofvpuwIR?FVK$5-e&~xj8Bqiq1^Lr-r zWJ^hN>>Ejza_G5dKvG7NOKCQULKsWmrDF!)UyRL==rT5bsscR-#|IF>8wSs#4^a)` zFw%m?#sx2VS}MbWXo+Nw9lDS+GA?oq7iQ}yO&vhm^ywLtFeDrF3?^+JKqP2{G zqo~2ymS&$&%SEzr+6)}Iu}fSola$OZyLm3dp3pG4mSrd@49%HKSdt`F6JuOG7k8qv zu9CsXyJpBmDC1XlG!5SWW*bi#YEWEqlB8H1?XEO0-8INecR3`vo)v*@AdLF?2u8n+ zJF|ETnclYF946k$WWzB@T&A`OS$D4C(XS*q#TZ-8oh2J}(s5l$l0tR%aTQ6D{ci{I zIpEcV5y=o123=TS@Jj0Hfs5ougG+KQRIp{?<^VE+TpVKxZ9L8-Rx)h4P9=}^*y}DH z$s9(FHs>vps0dG1ge^_Gi&^r>jW*u(AXZz}HPYVyB}p<=4esKmiCAl1f?ve}LWU8f znB8z{C@I_3R=5G>qqD#ldDBEOSzJ+k@qX!w(N4O;HeH`G`QN)gTNcFo9VA7>7u4pvcY_vI-^Ax;# zzxzOvrBqPEJ4v!9?SDU}z=45mY3SV4BFVO#yS%Q8@1R<1H28wR zQdxu5na{)E0Yt5hW5&O*Z*^jMhd1@aiM_~j5EWT!pZvl)!%Zq2T!w<;3E7mk(C?Sy z?nH7%cY}#kjO7LsH8R>1+9Mt#uE9hq#)5(gJ%%siY*~+P>9g8nG$t28m6P7F-&`jt zTo`2v#tOB8hEZ~aWIgu3(U>Gjn0jP5H5AH)W5AeFlB`hA*AG(Q7g}Nb!Arjl!dJgN zt39q=DXlDZU5xz1&y*aUT0^EuvX`6-UCML#rkr$UT*q@6HiN;>YtXv=??mo`oXisD zWbeKP?@TESms@Uc(7Ju1hPvNDsnT3P1~v9>Tu_fqIHMb=iL>qKQb+u-1x++5oIXXt zKljP3WA%xjy1;o)N4og~#%f#`x|2jw2sB=ZbH}jdmwCa2KOY0eGrgqkGC1_zcY*q=q?x;)yx)S>?L_*RENNz*Y_t!g(09|Btu`pC`xXsM_CNH1QQ+c z$=?H`!Sn@U$cXy*Q1H9on+Hfw8k-6xH2dT)x8ftZ$7uScyGB2(?lQ;}a%|Im0b@&f z^-kKI2YdsVBpX-JA00VHQF5+sahI@$T=Ep1{pOnAmyBV;4s@5syw0K1B?L$>ZC`l(J?O!AMJ@ zG0d!I;CsU)g?L~5g`SAn?^u9|X?Soj_}L1M7Z-ykusZM}?@{ZNH+dJO0E=~i3>=^1 zErzgzMLR&$(GN)Q#Dlb}M#g(GX_#5V>37r#0g)R`sUMCY;NuM?7yj(FvaX}zTfn?!k@4d9C&1X2edEW;iCS5i0n!70 zP#rRsR7gsn_zEu}E|O85i(Zms<~ZVDY$EDN4Bw*X1fnzshtlW;6Wc{8n}`!aW-Ih) z%`jMAy)-GSt&0{8>PAogn}74;pMK$NYpMT_fBNfR{_v~c{Pj=&?Uz6PzyF^f{^C!5 z{10Cqe*B9s<9K9h=8u2z_g|(){rFcu{?9-E{U3h+)4%<25-SM8MM zr)vK&s(t*PY6t6g)h-(Dsr{Q#?bG*EJ6O7_c6RV5YJW4Teg2MWr<$DAE<5z8+Mh?Y zx9_QT@O)S8RESU2{(4mV@;%j#9=fY`4vA0Ie)-`)jEY~sr{XdA?<$@n;#0*xjcVV% zr`n;}ch$}z^Qqc@9@V~oPqm|#yK3hM`c&o z!#~cNzhl6yb?IHrUmI{s65lc6)-nEFy`h1F>3hcBT-@K)`?ayRG~;{5-dy_J)%&%v_e*;3d&b`M zV()7H+SvQ@!+-hXDdg`Ne$y|$tNLrhZ#scb-!uHCD}Gn+*M{G8D4xG(_|4_gUA3;JS@z=jdq&?}6P;DZLBIEj|7TA}Cf8F_QJ_^#fsjl4PQJ%7*0n`_^@dcQvM=9qr|o{={f(|0w0 zZRGvk53A;5_p2YK4|n^X(Kol1 z?rQ$p=$m8j_B~^7?wQ`z`?az6w^I_|Gxp||*KC9t|J5%){qdjwPduc;i3(>#L^i$L{?)_nUp_qi z%jBZM|DDo54QJ-3fBwII_xr#7r$7FSKm5&ae*X0r{{Qmt2Sva8$De-xtH1gAH=~ii z{^_57`SMqPpv0g2_`m$_Z+8nE=kaa?uiiaBw1vO;{qO$v55NBD_ka8!fBu`_|MZ{! z?(cs7^-o`(|Ml~q{P@>D|MHuk{zn_y68Uex|LO1k=wCd1dE!@pzKn-HU%rflhX>B0 zxMzse#?P1E{?Wga2w3YV=>mZp3h zDMX9y6jZ+Lu;GrfTLyLCDKjj+Deq0;E#tBOWeRF;8G2#DMq$4X7vGT@Pw zvDs$|@@Q>*!Ja|alq~~7M8`mC%9a6frDMh2lq~~3CNvIQO(967?L5u*HJh?!z|GBZ zY~Pea25dzfwUMi}5njT?V;RmfcFKH^xhaPXc&qK`1tirnJRx~-$^pbqnfIEkjbrMa zaz{1Ca7`f=?vM_2?v!botc??voif8yn{voteNN95dcI{iemi79kjGA$k$Nq2$bj(L zL#xJ-WeahK_2`CiTDy~G^py3DGufRq19o@PAqNhM4mpf3wYC(I8YdY{GCPUyeeIqd zhrBy!UPNeHOfOC1p2i`I@vPELnpetpsY4pP<8qS0tYRt7?8bc8QjCP1G@l;aNn0A6 z-HsV?Cv9nPJUk}1CUNB13OOr36mz`Kw3BAw_%5}jF#Oh@5)=I?UTn!unz5U^)FBPtGCYRw_-b-X-5$;{Kc33kNi(Fa6>@C2 zlV*tgPCBGPL@Tp-lQ@TLDFR|oGB~T;N%KDBE_FzQ`>cme7$GJtMeH@+L`xAmvy)~p z;Z8cF!2|Ip8Jt4wQuE`dmU`mgw@K@ryq$DNgG;Xm86)y$mzv*lY$^6In?yLsLB@z5 z+DS7$beB4$v2F!42_J8lnrGNM>5vBRq?{Bo09uMGX@|~_9@5;kYsF2vOois0}wiM%VC(TzYcG8vx zFZzsFkDauo!A-PtERUeIR!F$p*|?WB3(tQ8{bCNW@-;V`W2PMVioTMC+X5|6|l z6moRmq}zO*YnM8tahvBoO(FzwmztNschVsZ!nsdruo7!2J}-4xwsGBcC(S2jTOme& zC-KtOK|JAWJ83>~v`Zb*czqhdCnk-Pww7A2zVD<%8tZc_JL!-H4?i3-95-8A;d+a+ zrLZqMY2G2b~SbVvgq@T_oqq8!T3 z2OnE%yP_n`K=7S(NP{a7M}^}>^%Bn&{kx${{w8muADr0t7x@;mP! zO5tt$q8#4NZ?*5FLmI64&kDCMN~!r`K}&64l%#n-aVH(p;HkZ{!tIN4)_XS-jjst* zP#EmHQin8fzV4C^Y4AeZVWY+^l~%aoeoNu@MOll@iy%AckOp`2&I-3LI#zIF3#p~H zFUo1~47lA%hcuX$&r;hLr4+B!9~Ew2l%)A6St}$2UA}l^^p1?}i(;YYtM@IneNmF; z1-G5F?ZzX~nI{=^UfUv8^-S8nDAE6OL#-8VUzDWziIbhQrNJWTT&E0&yKOx^jOgB$ z+P*07C(I`!cG4jYg6Z!{ZQZ~^olCQE!K-ZzJG$E%Ys{TAgZgc2+?v}-^D0-9wl9i> znsA_9Vhd;|;m;jpY+sap-+6<#rM53h(tM+FCmqrt^8fJk#v?v$i;Hn* z()LC1U*{LLTH*FZNxIuK8&^hKAsn9-ZeNt^L-Qh9D_N!u4?3w++I+DTg)T!*-m1~%HZQ0r3~BVUs+H%D8qM9}Y~xzBD}jC3U<=nQhI#zc_-a%l`(VfBuvU#;r2y2C>RU1 zLEzlzeciq&N%IMxopeY8lX6$;kOn5@OxnIEE#0Z;xSC($F)4SY4ryRg?vf5^upMz& z8&(p#!k2lsrNlE6w=FJM-<3LagA2`v1sHpryVQJqr4=5&C~HTgH&T`iIofC`wo(pX zbbMKEC(TFjT59iyaz68Mu3^WG{FdTj`IGp=7v+Wj5h>mZ4_}mT8r%u$@J0Eu>9~}% zOC8c!cgUJ__@dl;J6FEr6~9u*I|zq8gq0)d0fbIf0S+u}%?Um$OVhcAj!ExE674Cgew(RHER-1JAqMQkytL(SK z7v*z6Ze8>z9@$6^Z~|$r6r#4xE*78ys5I2?iO@oJ+qVe&eB1~;fp@= zLc>YM;fpeRjr+wVo)OgwnJP~*4qudO#;5DZJI+U``DAh{{WABTyOr00# zEj2zMyGzZNM|RR7jrIQYPCBH)oytQR+!Nasa{2!tW9&_|t@UC|Dq`DR%BpGWNbGcUyQhb4z|aykjXA$m1BjZ5_TS-r>0TyOXvw_!iP>V8=s1 zyFyNAj#A8XO=9J9lCk$ipShWT9y=knqttwyvSb{-C==T`D#s(uZ41BWB;)W!d9m}{ zB_0nh?NYC&OFV|nPMQxpm5jYF%AlOL26xgS4b<%<8T1#L z@$rv2XtleZ&-qjzfexShjaS<)H1i(aMWzJiT>6{`126i*ZNCf6+~xaB9|x$X<1}ez zW8gdl3+`?cGr0K$*gM`($#a80`Q}^t_xaeHJ%;4U#|Fh`xo}=^kqci&9ic&=>f;pl zg1ZYFS#2;&Tx5VLy3oQl$}whAc0Q7I-!2<5pZksd{&S{ZW$%|f!Oibm-q*+X+CKLi zZ#|uxPANMde!MS>{l3tGS^TU+9MAo~Y~2a2WVf!Q4Du?M|)-#6n^nz-1feB<}rIA+rh+sND$SS$AB zY5zGlGJM+Md&R!o<3GQ}65H-mLF;?WWW3O+TKJ(;u?5RZIM;r){{HNjl{U1?)mBVu z?w$q7x4{@`i+w`pzUQI*Xxp8Rbq!| z-}CtQuUg`N?LGzmr(JpH-^{T~FZ?>c-gQ5JkITI6K84S}`(P|gJGP*u1ICf|@%yL5 z(D(2C{;A15n9A0(raZ*I3i&_B>|w+42`953d@;cRLpC%nifJ+;p3{c}{)LpcM#DWOXSW zcp-Q1BPQ8jrRSe>LoV63Zv*YmcEYeSH_CbDMjg)F=nk2i7b$|NEs**0xMeSuhYCF_ z2blRXtYmJ);_RDvh0M+NW^QcBnH#rH=D~%WdHnc1q4h-@B)DJA51(~r$H`gsIN7gq z{(tR0H8bb;KGk=>F(kQjW7-LSW?H+5^!fJ7>*{YjBP{A|_j!2i`&+Wgu7OIRzXmn@ z{5`VD?j^GN)e!MtJB4X?d}Ni~OGQ*8C*EVRyO*xPs~_||W{&FJOE#hCDI$G;HADOy zANObGt1RBqE>4oO$_$yasyco6>DA3&8ox^ZS(m>)WiP+y#vRdipK{yZ?OZgW7b0uc zk2g8%M-0pQ{e9Z;b@9KuQ8aM)0dXVp22CUKhFSb--1f7^`}4_}>Ep}#{Ii{!L0P|_ zb<)1SWvdNcDbrl6GA0W8HJ0LMzZYV)Yrqg+?DLYu_gEAv$@*a>i*cKTo*AZoH3NRe zqNvTUvDp7%y?c0e!`Emj(Nl1`oEZ^{IWr1DU7?+?xhYnaGsDjx-sz_JH3azQnAJf@DQMJhM=PQ-D=j}>$X3wb$ zd)|<4?oee+bB8ML8vaa541ZQAJp5S@XZW)qobYGnuACVLvG8YQq{E*bx6-qi?#%bw z^YfE7EPdMjd~Exh{utqxKdS{_I{5kC-1oOX>kkh0c?Np0+EuJn zIxyYP0SjK}fP+2!faNClG*%ql>W8am&p9pr*GM1ZwC?nty#u_)7(Ensj(zP+Us;!j z-Xjk%bU=#=9q1uplSeBuk* z?#sFHvtK5Uv~yt=`y>f|_i>DT?o~%R_l#m~?ZaUW-6Q;BwQv0J9825PHcai=J_vQ6 z0*$}U1NKSo9PCpDe6ZLzd>i|Qn3|k(Sk5`@Q#tv&52mHLyS0mb0~Y&+6Zqx6_Pc_{ zr4i)!T!Y0Z=-+$kTgvWY=Z_EeDSG-n59YApIXpmr?fHOx1v~s4^BwU-D4;0jE;@G$LSqlJZs z!OFu#sjS`X&xxY_tjlj?mEB7mVtKJ|KX3DV%~xQ>@?u5ie_y=?fbD#avwZyzF6g5jR&R}xLJKf))u)xsx#^F~6(A|W{#S!K@*Yfkv2 zFxtI;8Ct%AR(|d;b3}jdNBgL(;>C{0DzMM{Cf{^Gv|S!6YjNc|ipHnf?)SH1%a(W2 zYS(7&+fQZP`8Kvb?PBW_L-AYq{RLfR%w&~fUjZ{e*YxMBUEgD2w#__*vW$F+g8p1P z66`Cs^=BW_8p2DIq}@IQU}mk(b<%d9H%Gq4ET%SnTu{mKCMDL_k7yE~I_clPccR3c zE!<#zxW2uJulw}>%gV5?KxlvZ?N6*E_m-mUxwq7CU)|ofv4_FpqZcU?dl>91QvT;y zgq-Xh#nZNa65qxi2K&6Y_dQ=6b!kI5?b?yNPV(pKjj#)hy`TGK{e+4Jqhe>Bk$AD# z!&rD?4}*Q40Q>G&o_+dtC8v+Sf4>67-`{d(E#I|m;l(^1tN;EfqBgvk#Vx#8ui?e6 zncOKjYc6O^Jd7m2`mc87VLY0V zSuYiE`Jdwv9ws|2eQ!sL`b~3!g6HSrp+*;vR zf3T~pOvre+el-UDue^$%<6~FJScJb6`w>0HWCXaU>gdKe%hNZ{I0DANmuq*gcn`xA&IV z+Q{;(yPb!`uZ&NsRk7GlO)d6QSmMKAi4Qxeu6xc0ls)GIDt75Pmg5)x;*r48E)!4M ziLG7!;^tYOrY-tBJNexQR?=@j?`MCv;}l7|pAVQ%yRQ^if0KwRwl-&4Z0%wfTU)Gh z`(HxJ+b(|WKQFen?LKd3e~pcC|4&sgXh4 z(i>+^G5AVh_}Pb1FFpSyT%g!j!KoBU9rlxC^z!jxx4eNc$H#q;H8(wt6-h~L=W(sZ0>HRrSNf*a(Jx7;P7m$ zIO8MgMdlKxnsvSy$mRE*e9qkdAwI8;4a=R3tF6D*JVVq(H`U>j>Mvf}g3?bn!LId2}=%3jj2!?VS@5Eg?^G5W}n5|x9IO=}R2MsK`pD@tKK79F+BX|O{zr_2T%O9?-<>O2WvGM$13)+37 z+2=m`afL@`e}5=nvG*2pXXNJ}M@0MWziOr|rs_%h_|6tSUQA^8Ds%B4_G9Uaks-Vo z@Oen}*RuutJZe4ISI*bZKB$c|58qze^L_gNbwt>uY6jalM(sXtlYM_H3}x;aqEGl5 zENc(@stW3NEkNTuV2Lk*#orD4s;Bzj?}?b&xv4CW`SOwuU8xJ2SOeJa>sNz)m4o}) zFQp{?k}leB&XM1X&j$9Dt^HpgvG0nGP3{-$^KPVXe%bTp6l(V=8a?ekPdg9xd18Dp zL2bLv1cc1jg`Rb;eq=0(J0wYc-gW%$muWNoHiyW!pNE_0+xY3U`@B*=?XKLyLBFgY zS7rN+jO6ziF7{i2>-m;mmUASYCjHh2ekw%iimkc*ewAV}9p}xF8U5q1m05WQbJrq* z#HPR^>z(S7v79Hlizq{4)=b8 z<&J{UB6c2PQXkmfAHF61?6=PJ+>L*EEq3qy!&ZKQC7uEH*Xo?G$Nv7ExI;lzJXbqD z2~EYy6KPwyk6<}l=j-k72~J7BiO)7ZwX@T%_X6|%qmSf<`@OHSy`M9~pWHr#oTT4> z1ZnPAD)X~8^_*V_c)$HhdH-)LJ^SagURq;`jJ$Ea&pivO39ZZ}$vU}=u#TBObY(~F zVrzjV-wGC60W5Kcu+M9#=Keokj3Tqn=Sv+KnAt+Lq1g{neXEmb=ekY1#HMH$`w%R7 z^oMO+sZ*I;nX?M4-g8*!o^LihjBj@1pnUsPJ^Vv2wj;b9hv@p@vMs>+p$O55p*I?$xwVg9VXV3VMLHkf2ed&dt zc<_fm+-5VX8Y{JDxRwy1;~(?3(_ilVD$U6@RW@V~YG<;-3#&o3F|{EE3y?l(Xe8OkZpN^KE<> zSIH+ln};QQ_YWqr_M7+!zZW|pD`sqNFu|)k59YP>Avt$tDU#^gEd5^mE{Cn}4)*o< z!_WP2?Pn~PkhtSxo69<5#mlp=`gM4*a>JP$*3>=(FKoXIs2QKwg?uZ?soy3qpK^}0 z(nsRfwM%V`b7e)JzT}aWEokCdzYE#f@m(y$uHPjg?D$A^xw{4GM{a_xZJk7z7*g)H z)bltj_91Z;>kHH_e(`hXF#|)Ezp5KfA zQagnv(yq3pd&nW(6hZ+VMpRnevvn#6K_6`+?k~>r!O7uo%@2=lJ$-_e;|N9HArB+dl)w# z^Z0ro?sK*nC?E5vALokicOE@kQUN*-$s_p|ITuS#jYu)?u??|k``mgg|d z#fArq{gh`mcbO2S+-0!XK)C{=H(qQ{#>YLA@hL8{wjdIJbX`#>u_K*1vEL?-MM7}x z&s4fmELJ@vSt&RPenKk<0 zl`q-3k-Rq#$nmKCnF}{IP<8!swz!_+mxSdm6Xq6u<{su)dV$3bEcGyUU>vb)fDdK9 z>Uiy5GCxNakO7_hoWvhGxRmOpdlvopA(*oxPl`5+pV-Z~F<#hEZDh3g@S!u0XTA&} znJ>dd#w@2bYi|kiE%uUcsqrf_;4abWm{7t?j-6)A%ogqUpU5S|-SCnNi_EtKgpBz- z5yMYK)%Prru=;If!V5oGxz39*(d}We>8pm)bL2kCnj*EVl?BXv*`+dO_fh8C*wD|l z)o*`<7jxG}x1zC!pZ@JW+It#SUgAE=JRbLvtd7VBB%knNDS$mk>{6NA6}wtGV3%sU z`mu!xmX|0&oOOQON0&mB{pEs8zds*;C(r%QCqgZId|N-UEWXGzT;So8xK;E8(Poct zzg`Ue$e6tL;SoGp(YKf}L-!>9$ZN8#VxzdwgxU54Pu$(uMR_*r+8w^dV#uK@d*Pv_9l(F>38ydcW`;|5Xge*OC zvxlCge8=Vsi@k}d>M=e6Nts*y3$C}vx+FjEQZ91N-CFJU60Nsi=8cTy!G}b>#-;@e z-{lqxk8mYNem=Ev<%o;5UwMe-HFi;0?tP}Y@O$2)$ZN3NjmmlS%zQtV_qiKg`;oas zs^zY@8i>m~VUcrm(fz&P{oNz!8Y@SL%IJLA4%;tFLw+wcM=$cXbbu9yUX<$0zIh5F z=dHC$2waU1gT=l}l*--1%N||~i~P(S8@g8qGWsAac6nPFK6zzbcKu-C2Wm)$AHZ@) zDdnAeU#-dTA(}?yY*^06)uh}rqaw%SThU-c2go#X7%a5rmX7>~3q{_5usy4=)OCR+ zANH`dhrwc(hb6Wa=ElsJQ;U%K+2y_M@ZHRp4Jzx5?+%~zd+|%2*?VOvm^w|k_k)VKJjb_;s`*wzNw9m1^n0CI$W}h^dzjd^lU0~L&Jmk-dH+a2 z!oA8j{a&d>jP-##L<`n|~au;@YzjJVkLOV!O@{*#*DzKwhUqjcu?B1>tPm;_kjkq%ou1@<^^ zm8GF=J7<6{N3@cev28qxvSt{!+EU4`s=hrl{&i{HjJ7Y<0 zK4bRqQracYOS`-kby)YKZ#8lS#ujwg%HFWp+s}=-GXG&K^TQI)3XAXku+`~ci6et0 z=lihr8N!l#1557VVXNc7B);$3D`>u$)3)&-1U&&T^DQiWu%x9ASo^R9%U|3mp-I@v zlUHpi_Xm@H_%5vDd&qFiaFO9)k>Pj@Bg0A6552%br=Ez<-N<#k_O){-hfcXBR^Qj| z&&U=`hieDE3Jcx0zH6l2z2NPYxY+tUDkl^ynLMW9GMyx9pZAtvi5Z6tUa6R_AA0GzsH-L^)rjLce-Tq zt`V$q9W3&TG}6rXOwt)2^Xbm*YGLkL(JFFQVL7XpXR~)V56i|;m`7?&9u^&fy09^+ z!a-6q_^`EGT-eC^^A20P1uQWqFv`Ku8f@+S+DRWtyULhUoX7Zj=kdO6jEFuGs|Ir^ zZ@+@5vX?ZtjE`oqx+D*Ccm!;HREVIw>B8^(dwDm*x5+U%Y;8fXysrVnP&41e2585l zl6DVTBl54zFTW!4--E5qk|VIZ$x)4Nb$J-e!>$(Q@-S-X+Mx82H=AIonF&j6 z*Tcdi+$iA@SV`oKE1bN%4kroyshqXB3U2tsrNLs?JFIIe7Hnx(IlQ$$`!+Fwu*5RK zlG_4{5Av{$D}bdY$6;MlwukJmgr+^0S4%W&dI>{AyQ(R~W(3=ONg-%?j~*s#D!->_ zda%UTT~^>@e0kqWyV%$)(#=DblMI=&yO1XIe}T*ECjYFR(SLFF$QH28&Bg2!(*a8i-(j(o`Zw?ypv{!Si%P2ZKGv4>p<#@>VXM9bdiT!!(X!J?N@T}sdQ@bK=X z=X;7(hEtxQXXYO4&F@uT5K0mmgo!NnNiLD@uj@SPEFdZCERZLADF9~qvuM%Mq&R@A zL2K&p?2zVnzTyBvyKL7vGmQf{Pf_FzR*=XWyvg13d+;-3$s6JN5J@rZ#Jop_V~UJD z2Nt=V+c|a>kw=k%VUKT9D^~GI8LSy!-i*+Wu^{bwcPqW!-=pd-ZE#yf7Jx-||8Z%C zCo+47U)`t6*I?mSm)?^;+yS9KcR;bc5l(nX?G9M-bz!u%J#S1r%j?7|M-O%Ng#K94 zLVvK_DKxs=$>(xidV$5Je_?KIhvCmWnDld}p!(bkB#_7gu=t*&=7yKR!b?PDgqL`E zD!dc+_%^ZKPHO5D9TvU96`%7aySDqGXv3Z@w{-VIv4iEO+}+`^NGNhUEOHpvNn{^8 z8M^mcYW(7`oO6|=x|ffb6IP^0zk;5YUfd~rwunRF?N<^o>*r3{^DCw|Iw$XH?2{+H z?7aZX9o_ss376(GW51z_Jdth zrs13;Sa_$^TYs4%1hF5$9_#1%nXEzM;e4BTI9TH0V2Ou2tm{HNSQ^LLbBDs#*6jBp zw^Ixfivx>p3X87@mbb}asR02?>=rDw5@FFVVIJn*Jr{?ZJ(up1{h$mjj}XBZxrvk* z-bA}x9b0gnvSK@yAF(rBsg0HOV2MYEB@gnV@58THY1YrFUE<7P(RE>o{e|&h&OCl+ z7u~gz(!a54zD>;)Sl;4fyw4j;u*m4J)O3f%-ULgX7#I)#&O^dR=7E_kZQNTQ#Sm|P zukw(H*|lHEgpvWb-&%x>MaN6eR$yas{9gRnhlOX;26KnPa!;QMoB84;8Q+7Kh`3vw zL=s=>!XCEv2!S{~m%LzWU(+sc@W3iR!`4@>UETqNC2#Do$ZIs5+#e*f)#-ej7*beb zj$teaO9x8i?Y*U1-}f#y z!Srioh95XFk?&#M4{F)od0w;LcmaLHZwiaw6qY)2hjl*$dMw{y<%-VEWFEatxOZ${ zu=V*fAg3MxEPm6&x*z|E&f6Hi!4tD~e!rKx0Y(@9(P7c|xn_Gl z>ht$)ZP(JH!kb{}!wC$3xmeScH(;^Ni8T#RRBj}E4VF7f1V+v!uT{nj%U-fx<$QSU zb7PL(zKH?98#(mHnzQkfXW@yx{ff>nzrRu{%hzDJf4QP_cf-1-7H02{zcg&W7}oHJ zE2N%%YrPh8qrm0c)LYk%2Q%&R=HFTQbDwjwuP<7=#H$<@nN^xY_ma$-b(R%UEVV%N zk$NpK(VROsxxQI@SI^$bo`;RTAm(#(IB=KvW{=~=#(c@I%XeY9 z<9S`OAF@e82e8;iq+WNvY8&oa-SxIK$%4FbRTugeKE!$zULw*jyyTJ;ci%3#Z|PKO zc=i_wg+Ie`U%HaJAN<%Whba%z`SN4${VUSG^W}2QJS4z{*6tyq-E(BW=hsn)y!%NQ z%C~m2Sa=DI?lCtPNWM*uyXw@56%wAy(<_u!`IH>nf-NFEPr7diTwc9 z{Sfn%bta1T_gJ)d%u<&gSjTt81oCZt2||RsE{s~)OLs+ouQoiV{Lydi=w1@aT_I|C zV~<$xYr}&@CZyuTCL>C#G=9NHyDokI*CDFxNKGl73XjeC;DXHl%0bw>4EGB^73v&* z3JYIzONSr8!pEsmkvp&S(~bp}bE(#N_yJeP<`xLLNsK0}G;|@`%MZ>qyXTUc7dh<0 zPM4T;SPD$q##GlthjGOFHN}OV@25 zc?*ISxU#4Sg6`2HHo)_+-6L+|tQGMu^AM!Iyq#MuIteVgDRXS(7g%^U2{ZDGy5f;7 zU|rKI=DqaixP>N#rexo^jV@o{c2ujg>k)43^kSyB3}e%RMMe zu(XR@_FSq1-ZdpQEkBjc+3}swuyfNz_Q)l*wgN8t*nLFbN4_GR=1ze<`px?!s;@Q9 z4VE}_B^7(#TvFNdWB8eG*pFoeCG}mr*)c zavpt~_x)h0y9G<#t;6=L;yCeb!;T)nT>MaoWXJs$Fy!nA>8%72q^?z^Q7hcf;}~7c4ob zhvodLt-f|M?eZqqVL88QtFNA-U2+u;TloOSnvwZF_QO*tduC{A?N^#t+9@rZ{ScC{ zXIiN%#>3W5XyFs{1WQi(VWk5#I5R%s zD$Ad_1H#9}aj*SKAE|$ESm{M>bLiRKvuDr~@ZApq)qAHXUDUl45WGA`*m`MA4bH5A zyQf(4f4PtDStLUbB@x7 z%(i2Rv-C|t>azy)0O=GKJ^xocU5qc;i>4j+ew{|R#o-NPcQ+!GYLE=<0;KVaF*Q`!5i%B!;mROj$<(r)C9 zD>c4*3Cp=;@!hy)(lg@Newl)nM>q-D4{Ch)>BR{5_fpf&$x5srEO{q~#pWR%xO+ro z&6>)kSYCWjZtU5IMUG(hjy!p#+Pf~je{Dz3xhI=)&hHtgJ^RAFOIO}{%RB@mWxkh% zuzUHq1CU1UWY0&HhD12+x%5Xh7^1cQ`M&4J0rOpnlyuJd#qNjb&fFhje{-M1Vnb2EH0!JqSLhEGz2{PE8xAqLeVyD5HB7<-r#YZ3te*OEh<5dV*+PDJM!IF>YTT*M<)h>Wd zKE~oPp?sS-eSOsa2kRPK;pzMyqerpMw|T-IC$5bf7F|dMm&nwH+;!pK%32ZO9$4gY zR?+Zm&jjZVbkoT;WazPI)_v)3MX}iZ6L>wJ+?|?^5ZN`_pr>W3^Kym?>SLya<&J_yraon8 z?_^OUp=VfR>Jwx;mc)yS<|_Y#ML!Zo78*L!$eyhW5ndXig?8;9aW@3E$W143w2%60 zT~guq=K>17xIVJKs?TpGU!_hR8CyjHm{ zMP)=khjp#k;g;7iUzOJQ^Y#v)4aSBCi##cFF8eFGF8#t{mqNL*%{}Tm3*+WwnYB8T z{_e-Q)pp-tp#zmC;=_Q2#|j@0U0q%0J%d;JZub%vI=#BiOS@OsxmfC@S%dnCWfMoX zg+(94O}hs4+N>%0FJmF;4hiwz!zaeUJ*EcYrbcB#Ww7t%gZs3Ri6J9^W!tq+N7Q?F5XbU2;pcOZ@I(%fn!dLHRw$Az1vY9BuLCAGSIPEH==? z_8h_D%ZEi~fF*|Su(eyjB1^&ILxaVZaoC!)P?KR-y{Bzn3nwbT935^;#)JxjzouI|?RIefzxt z<6#1sQjMlN{dOz&VI-gNju?Y`8`*B+x;G%?Rr~T>b$>QE1uKkoih7Y zzVdBy6c1Z_Cya$?=Sw;0d=rb~+te3D1P@+frPIfKz5U)}Gr?lt)rTShX(uqe*y<_1 z<%mr?$tcBEpYd({E-;zV`Bsopu;dA=&MydU+7VUOhpSy_NVH1iu&Y_UYYNL)9Kqa! zw86+%u-qxESGnJaQlV4v)H&0zoHw^e&J1krtOWVwV8IeIaad#!7W1wtl3ZEk!jOZt zCZGzE@ngdjP~5$A9qnDg(zkJfzWpa>!7GK4fkpLokNBsv=WLNne(Vbz* z?K>>IQ`Ob(5x-05pz+UsFK9yD~uxt+(qHoaJMx{H6#x=73q9dHxp_we!1uH@@t zGG2BpIMxG;EGpJH_W~?>qY^leK2r07NhUreSnSV-r4MRF?u9FFws#5>PiPkwe#)A- zzG$YP#26kH*+Na|^*LzA$TRB<%Q;t4XKmMKf{MNci!3TdY;D)Rt^9X&qL(Il2iKnH zTguChng6#KNipqk<6xY3Lf6UwfQ+$5SX^1aNF?yvH!8K3OetbuTv<%y?W z?pY8|9lM2i>hKqlF1fo|C%evPklnTNZu81gkJxGE#0Tvvxwrg4RzmLhi>FQ>R=-$c zH1(U9j>EbJS14iUMwH5YrEZ3@QbeIW*+zSy~eV9vNLN zjT3$KI4MxmnY`suEMP~_|@v-TV)m8`7-fj4VX$ZHz9^u1Dl?;x`NW_qr8dc96t1@b8O7DBf)YfbBlNFT>%|m z;=(27CN3P7xbVYDla4~xPf^}ti3|68i3>k0_D&%?ktbRCv%gqp#%FkucUg0?F0h={ zD|NqnNyH3o&`ck{M+qA`IG6v@sb9;zaLc#*<`m`Zs}vDA78ae|^$|XPS4zewf3^L} z7}|MIVfTEfUz~HUesRt@EVN70h|SIQ7CXaTc^wO{=8jJS*Pe5vmb?4NZ{<$0$MBeg5 zsi4s{SpH+PghkF_dJVm>zGQ!4p*18P`O1xwJ-Q-WyT4a-s+ffKS$h##kq=`zD-WUVX@ykZILaojo1m9$HR+Z z;Z1It?m0I^)=Jz>*6Iqj>>jEAl6{k^m2dmTrm~2sr|NV_eBVAEyb~LWtio-&v1)!V z^;BVbhwZS)wk-9L6Gf)P_6jSF3qZ{p7~t|wtTR4RQ25KGHt+obi=B(vF?KG`y2Z`~ z>sb(Jnf(>WnEfRZhF-WZ!o$SVWG_!@-Th?_EB2uA)@&e6*5*Mw${sl#;fZ%0?cC0N zzWZkBL-!X{v}?uE7rh4-J%!0PYXyt_O1YctB@0<(Z)6bJ78V*}kq+Ouz?AzHK+gZN))QnQTjic#tlYf z(N_;!-S30V**Z*C&DYu==42Kdey<(b@tf8T6R@)1;(z%)1xvqa?Y>&ot&8!QzU$L!IdB3-J-eDVi ze%SiE4_p5SEIi_{$6o$W1##DfFZKJLxo_9je3)d_e7iLuuHE`8KG@u~hdt)T+`fG< z@eF@Pj}B7Xtv&48t^D`FM&3PaYlI%AFzn11Hu~VT+t``I*6#hmLPJbdp&??)=oRd%i?s&fk+B1V4jD6_Zt#9YBts{Kc=4cpn7z+S?4d3M78h+(6@UB8>F|G`F&KWuCF9=2~Se6W!T zVf4mtnd>kCic1F+>g7$efUz~-w<4kP?Y{AP?e-m$4>oqG!?rH$2OGQ8VVvdZcXLdx z-Nwrw_E;;TXy!q&$eHnJ&I~@;Z#PF#zie( zWFFePTa577$nN*HCiDjz8<}`9!q3h_%ZZP;cKa622OGQSVdb$T`K&#we0UQqwBeLL z`cUL(Xz1dB_bgmI@bWrl@9zSHlWGiHB}V`I;y(^lG0 z$1pUBk7qCO@nTzV?#8n9sXy3bEL$(~+O0j}gGIIw)tqxl(-?b`Z`t~?M|k$~Cb7R` zFTQU#Z|8%B7mNLkydm~C@&+vYiU+*s18H=8kF|>L{&nM(PPrS~F9&eOrwUlG$^u?r=-QtlB;P)G(<$iFj#oE&87z9J>cu%n z>KsQtxaTHzEb1KRoWml=3bz=$H*SxQ_xJYQrE9k_Pao{j$L29#JBKFgviS?wZu1vD zSm@y5pO^k%W2g2lQ&8Kj9qHPYHpD-V{rTGMn^K2ueTKtWWOu&Y?0W`9!j3J-w;az) zyRw-|Lrl`khr~LUhNQ>$_cqq$`rSH}hgBzrO>F43>wOOEekfJaHQ2Y=?)SEa8jLeA z^W|*I{_?wo)|l#-4++JItwr2*Y%N#EI(vDAVs?MUVrQKdHR-pHwZeDXuDYc7?4AWS zg{%wXde+%8XME)6%;Sn}?A%1^XM8`ZgE@iS52owvhjInk54Ey8zV$7l1H3pqmVvkP zt^Gy)?A-eo$GtMh)z5xlkwve5_O6vIjK~aEKYQ1pvCfxuw{IpMwsoyOSk9JM=j^Yz z=J1jWzuL9J4PrBbg@(j1k3Yp&E*NL%1s46can1Mb<_CPR=)c0lqW{98H>!ahc|+u7 z_~bpyvos`ACUWtW%-r)KdMI+X5_FN_WV%H@z0lvKanaeO4RT%9RQyZEOf>87t^dfH z(y>FQ?;dbmdf^1h`5=z(_^#ITw!6}#ZMU%j zG}FY~9k#LJA1pF8i6J_j>ano_z_OQK*NqJTmUX$ZgS#$QwrtlF7P>c*j+s3%zelAj zws}<6Kz)I|Q()0`S(-x!LeInhWNUODi6yyyD|;)c)BR;gTDo#0PppC8^WUDMD@Xgl za(;!&M;5?|BgewRuS6PzU%^Tn&hMT}-sG;|1zgOTQ3<4TOZ=JzAPZzKIirjH9@~R5 zkmD1+-`kpJht=l*E4?TOuy@a;8a=Sim-yUvnA5C_OvcD-SLSZ%MRkze6;}#<`OB5= zU3!rUH9l8Xu7|%779B!bLiU$+BQiQHd{Sw?_+4PpE4)M!zYB|H=vgFtWNKLM?n|4< zy0|`eKX{qC&iswpBR{u%4TtDnrnc}^7ub5Ght;kO%l#`;FtQKxT6hyI^rwz+_ef2^ z%uT(`&>C4~@2IOIyl3$02xm=GtKEG6p_nb*->dh-S)SuHo5;JQ z_KA%$KG%7_tsY9EiQUZhmR|CX@%6Fw01m5<`ER<_%5bpgQC_m|ez0lf>_2=HCq8FC zh%Z@#!~+{M7S?u(`0ZZG-Ym9xkoS9AOZl+P4?PT_rjN>#G>F)ETGLqkO6s3}u<*Yt zpS`?<*dG3J>e?{gzv&4zwi)5mRGAdJ{wr%rmI!Fbk9W^8B_U<$e2t)UFUyfZV#>T z7)EDTbw4zDtZw-vEccA+qTz{GmpHVhJV@tOo+w8md;=D~p^MleuN?C7oO44IQzUQK z#kLizUBIm$y#f}#LBfnpT6l4I-RIG(84E1BGjmvUA!XxZgAz3oSp^n4WsS)B;AIaD z!6Hw(J|1J)I;p&f!a zI+SxOy|~Pl$KsNa31N{5&jgh{$8>fqJY$h`OSmCJ9Guhy`Wra_|=s#-Lt?{5MC@bqw{sWElnzB5xya6{V|sEPP_XU3qfq> z=6GaHQ)Az{cwa5+!Z;FoA$NveDC2v_%Z4aTN}tXeNVreG64gU%cxUE@G&;V0&&J%O z54Iicbk{2H0o}KXVWyp1DwtEfn562^izMh-1L2~X+hIFCSY#wve44P0d1nWbjyQV+ z;~@MVGmL?)*xKq@T4H;EZO*NJ)jF8{g(+gXeGs|QFH`-jpKm=vmTxzI|N6}x3JWiR zC8q7Lwa3D?#^v>~bq!#gZCTTM z?)aqC6x$s4`!@D*m`WJ=y$5e<{GV?(ALshW9VIM0u^+I_jT9C6`_}R~Y~PAMj74Y0 zd}iR?57_DfzKveNLlxZ=w)Ow?`$z0+hppTRi=F1My?RHD@Cau4_3Qe!G_HE=V=VFe`F3;h ztc$CA=^nSwxs)$EOdn=<*jFV(kK#4iR1l3t!{z zYa!iOw#L>6Tis7Pn%Ry|VCnAf@7()iXOKa(dHMRlWBYr_ztk=ttfOJvR(#CNP+>|BRM?zH8(lW~Z(eYsXEqr<{Gg$DG@RNwb|6x*E# zxpVp2g%z~jzVm2Zl#f_mr_yBZ1r_$AFTiqNsszFOrjooW-e$VgJE7!OC<`v`c_CFl1jQI#~*3Zk| zYe)Kse|yiU_K zcWDEbyPH{H?Oeu}xHOpJ{uy)Zr`pAD0NWba;>s?#c7IRWUDoAKM=9;RJQ6Ivr;9Er zZQ!w47iAKbzwkJ$t?)QyIu3Jo?n~I(pZ#894X7H4H8`wvD%5IaA6ID4 zAQ2?%N1e&}U{lT6a`j~W9=sS?gKQ7Izp2g^C)jat7Nl}Xad%#CW5yOwzH_!dXax7`oiKD-1LUZPUx`p}H;@5ms3 zN~qg4Wj4#25??lt4o*kQd}b8vF9eq9zFPVWmIvWaf(iizSADDxMgE!ybJY;n3PWZCtE! zlUK;Irm);mye{jDp(a;;CKBe3KQVFFSrvlNDHayKp~iXWlr>^=ri`Vw8)|&yXZ6f; zZ()-g+vE4Pwik_;FMTuq}wB(!_Sm>F_H}a`#A$xuzdizl9KK&-gof#zl z^TWc|?s=Exe`iA3y9^fH6h%gMG+HS^o2H9N~QpnO8 zt6t)NW@s~Zdmuob>8`IEwk&lz9*@^rJ*ZYxO*h@GHcJA zoiiw;C}W|DXV1A(_f8S}yD@>kiT#a^2#ar9JaBX{Sm`Bi##$G-S{?J&PCY9y&*ZF& zaH*`{)lA>Dx>7@{F9;3Dy$TDDy)^5kE747%agspzE-dSes=~uqxN{$=g`P90>Q?yf zmD*R zsQli($#8unJ`A=sZ?7GP?a~z$qT@@=3*U-H%(uONNyWKSc=&Rsh>qxd8RGVQ&@^)P zWrlCej)U+=_`T;AV*_9b50ALgSvhY+p9l8nW9x-mXL51B74^C6#}@R!+6P%V?T|tC z@`BK|58)AepNl-o9R-VQro2G(9v-xgS=Hr^rFLNHGr6~5k)o#9{UbbGd7k3JF)C!4eWMp*lBjM9ht=*8-f z5|ST3gw&;+OIZBzYN1EoRZ?Q(n$08ev4_PEakbF1AMEW*S1gC2Q=B;b9+tD9huFEK zWkqMdRITMhS6VJ(5q7xuC9$sb@~}%?nnQn&6JyRV(X7Aca?Dz}%=&G8ZU46B6hZ!R zW~4nW-w+cW`w%g)=g3jWx#VigTDA6xv6N4;40r9-q00E~VD9=M@&{Jhupw>t;4kt{ z+ODyKJoJw~_KmdjLkgJUdl$gsq+!xFQ7SZqe3EF;S+_YfTd78yi(V`N}h`k>;Z56hfBV2?iP zb6{1@-KbuD)=zEv*c6l$i*5yrz94EncQPz{j_Ynd&T-=Ch$wCI%C$>fHCXCfz-r^U zr%YGwgvEzTq>0=~r3=r2MYd38C$gDp+~GN}@SM-%UBh#bY1fo0x%`hsA$C1+;kiR$ zk!e_vAAK}-kQCNFPI25ZQ`U+#euKBC^Pp_>+kI=nImlb*A1rq~YjN)1D~HlPXx^Cz z39wk?9H+eJl5o3ss4_~i9g2R5KMEFEfT$duiB~+jBrJZCD<>Vgzr?$po0NfKf_2j_ zxuD9aRzD}oKl-Tdr{d3}4>R6=F_WyRJn)r$u8d9F)y}GPVEp1gBoVDFKsxC79EFve zuIzrtQkm7YP@ZGs_6}9YKe|0^`L1%b@sS?3ayBe7D=aeWVatnQ`-TT$SHi)pGb}PI zO!b}by*zBs!c~shvkyzn@59!%bOlj%k0jj3UUJy-2w3D@Sn4vt1WNBbh}p%GTk6~B zh==Vx1B*Wymi(y0_TGmjMg$fbI&5Pc6b_KJvU9tK1%q*21>3j9&;}8`?czt&F0sxq zfq3a7wtDRnzkArmRl!sQ$nPa5M7z{Df+Z$_^E@$Ghb_;BJ=TgsIOkluS<%cb+q_?UG-ikN8(%9y?FJ z5_W@$R0u}E55{{^EN7L2YvmVXd8`$ly|l|57MkQZSlx;ddEYqXAV9jI1BUda@iRa# zf04nlwp_oL7@)&CUxi)zd%S$RR>DP#B_>86slg7Th3)SV1nbF@nx7K&72NDo^-A`g9ZgTq$$ zJ5PSj2Q2p`*VFnde9OT)^I%ffg$%ssT*On?o($Y?Wv%4*qDNWKycYvYY|mkv zTMA2@G^}zREcd=Q86IO!U1z_?Qk{9E?zwh(r$L}NI+0M1(d<2p;beT!JuQ{QB` z^rM_rSman~pW*ixR@$+oj=Dbn3BQ+#9DWar+|I%n-U-W^ig}N|Am%-MT+DmqD_G{n zin;!C*$d@iqV?7%cd1ahr(tVn)h_vnFkEN$@)7f{ovQO`m-txiB%7z*zLk90Z>dFi zSoC;t@R60pyhq-Jt&P#|8hNnP2D;R= zoDZZ{8e$gRJ6ZT?c$gUV$a=8Y6u9j}_fk04UnT;rviH4%u;-GcVC{*%?Oh?YIeh%y zM(FRw=62C=kMZR#MD1d;WbjB_)nU2MmHgQl0__rSap`%vdtl)ks{My{VL7XgW%dZ? zjEp3tckO@1l3FUT@*I&p;is^zndIBl)euyWx*CV&99>NQo~?_?e_-J+LX#su!ybK9 zMt{WV8((E~Y%Q|I#py5o35nj=55Je(8(3lzc(zmj^swCVqHfl9t=(g-ZZn6+I)OQZ zqBnB(VbSw=taE?B*3W((`sk~E?$L*U(Tp#C7r&Rf)3DUUm#Ug~eqbs-Y#;0gp{wR8 z`PL1bZ!4Fu%tbyB1s{IEv$#G(eGu5vM|qfV`RHY^=ybLt^vAQ9c9*`jb30SZ%7i?h z(Nkct(@-nc2Xv{q>svhR(MRo$>ZnI2x!USW&$hC2V|v{?kBXDEKeZ=o;AY+ZkQttP z6_$Hd+HuZ@2*}vSVd0&~Z~gn!vhotx#(rq$;pU+sSo;tsn07*<_biCs&G|(I(RCe< z+{v)WP4Z&8=LDjTC2@0BRF&kN8@`);Yp%@gM)yeRw*20M?;2fv7*2F#E?Djbnc7^R0c zV7Y%C>FftLN$3EUyNpzqeS^ggB2Ogt;>#0RdWJ==6K)$hOzueT6j<(*D-pl+cdB^% zO&%YG$!K={JT<*EbT0L_YrMtPwO_iwlE%d(J#N1Sz31cDTJ{%@&3yT&_D*K*Eba19 zwH>7-WAXSvu}2@Zsb2m2ep{QR=#8F1rkkvRIOP1ExPt7FAoZ*jlVH}$G0NI2!;<~I zLhriQ+xTKu5{6%}K9 zKrZ32u*lT7OYR=mdDb45vmj(KXMrmc9ZpWcrSadLMzq(rd%h$Z>5xMi82yZ(c@9CGg8(Tdrwp@~T zcoVjpyMoFdy8tXak@Y@yAK_u)#juSFzlx8YuT;>rkE_KWp6yzQtS7uUx*sgIQjrkh z_g9~P?}`g)D^~sTo(Wz$g(a?3sPkjK^~uS(h^Pjoj^vt z#P7n)WcyW?bN2(K?H%RY-}erMB_^6uARD~G`n+j!WckJRGQF8S=R#h z3uer;oM3s6SwWM;@f^0kCs^VI4(mLWh1mTig>6oVZ!Xgft5#4Izww@+w76MqW$Lm1!I2jKcYp>f{^V!3sO_Z5uiWsSeKEb!Q()o6BF5JLd!^dfzI)i( zcQ3qsee|%@1UxLVk1)&7^B?R7p-HCy&|2S_(uc>+cm4h*U@caAtl+=cV-M?@sXbOZ zoGpC_QVNzB5#M?wDD5g^vIs`TRB5O*={{Qi@`quy6DB9<25V8fWev z7RJ!{nWUFaS-96WXK=MMh%nq3CGFyCgT?;=i?8Ug+`h2sn_nP zkK`L17WqZ>$>?vc(9RbLEziM;b5Fx^Ps>h;eoj&@P4a)VkJ|8Lm3J@6gv)b0OYxXn zdAp3l$G3UAmB^5MgTrEjB5s7&dDd-h$i7VsJvBb6bHZfVST?S zYaas6G8Uf6U|lO#v(OMMIx#m+Xcx9VKB8HCS+K;F9+rDwh4av#QyCcv7CI32AGrjU zyF#Q(>`1W9uf4Ra@N8Jl^gT1WXWtDF`Rc;{cRy4_jlAZn=zQ4)_RPqR3LlaM8NC7) zy@Dv3`_c;@xi4Y4FS)@s-{q68w)dqJ-bWvKOY*X8a`#-ALVgd6T{)ZhT>9hNS@~WD z`TDIey3}KYRSvtfyY`zJroN5O3zizDheaN`QW1NmVUdTtf*PBzl#txXu(XUvR00H?szI#cnK`?6*(Q<3Kn@+ zI8AK-#J})eSoA@r$n4RngS&56)~{G%f2oa+wZdeVPHEk_2bGr!kKo3RoO7=2m2;@8 z;n^(L(NkcdwPUf%o20aM4I1-wnTK8Hhu+OP*>$!dS<_pD;Rn?2t`&YC+NF2znek<8 zs&Wf9#(^6Df06lN;p5bW_DjA`zwE$!rVTl|3$Imd1+eJxq|?|6F5e(@@Zk4OLQnLY8 zdp0bx3YSgC$KJU#uG~`mQ6fol2RP;%gU00cm@nquK4e|&T0Lx*@&m#*V7Ys+m+(ZU zht8ul2hJq;`1UbhBG<~Iat2BpjThBN^)lja&#%dahJ3tyoC&3C`rw^%1~zZPSSZi4 z_Ch{$24Ne^`G+uy$m3U1cKHD;F;CJ6LVs9n)_|!cdN(Zo)=PP-; zJP{VTPPBJ?BCdeY6)gOjc_=astbO3mdlr-c>sl#dkTFXO+|Q@XU}o**j{1TOCGB5dnrkgSz+OcG~LiCEOdJ2-97uNedS(&MIL8m zExj8y^d6apH$Ae_{EW zu#wWsJ&wBc!Va>0mwO>G6RZ}Ajgr66^Tv=l^Tjlh(|XwIU?hg*8NyU;{T?$cHCJFv zI%&rX87%LJ`8IC|!X(7z+q_w#9m8YV#ZRJL-ol~5#vTTf7`?xDRYHU1JqO<^rjm9J zbufm)V0k~@?D$z0g2^)3Z}IH>o=EAe3!WW%!Lx@as$!UW z*Ra^BVTnmSZ1rwfa?N1`j?5$eOYIn((vCqVm~7BsiFxvSiFs0dD0OD<#k!Tz4_jLm zEIb<~baThTHj??`*%@nzFFel>Jkl$m(>5t;`BboyEge$ARSyZkQ10nJ;YbY3)>vOS|MqXqR{u*x!#n zqH}5&of8(n>0vnwmrt_i>lYTC2}ax4eIxQOPZYtovaR6G=$Ek6GdgVLPMG3e+iz>0X&3t+Ec(J> zIfJhK+$mm0Z2FyALkumBXE{rx3IDNH^`g-4HreHXw9G znH-srWkhkg?U%CA-%Aa(vwG)Vm6gzQE@?FM%p8`vN#8G)8f9nA$sIt2&9@?Fvd*yZ zwaYQt`%*qhnhg`gRE`X?^Q-8Vy>@4yS%fuB}Yw&ww!L*AV2_|VJ-^MPW z9ZP!Jv4kwfMw@nI!t5KFF#EiQR0GQ5sD`yt70>qlH!;*I${EceGHdM%GVSHc5}Y>OjCK7~E{ zNKGeW;UL_3IIG3-){$@X))7pyYJN}UlwiqG^lf78Ih69|Da33PM5wM*SqSY;{FcN4W!Fk8hJ3>D$=N4%-+O zSmM25$&EZLvc=Ws&pL}CEf$}@Qsa4R=CJmGob!9a>xwCty>zN({{xG?jtjE%BA_dD zPflEVW++_$B`T$1&RAgUht;ln${A($4m|_M-l4GQeoQF2yJ>#w)4WrZwYsZ&=gSC? z^*h7B-XEt>@7bs5ZLHsA=VdR?ET4YKj=OJI$=cTaUhmo~Row9jEZF^c=&O{b$2_WU zVPUcL!E$dAP}c^}*pyg%Sa}@*rZnWvTb_MFLudn8g@)*%ZKrtPuFEBo7Ap-oT50!3 zeC0~rF1huvr<%!aIe1MV^GU9XnzAV4^L?OS)qbM!W0m%FDi?+?;(_>}Ho= zv9!UvzwuWTNgQ>?B5xu#3Rq-sc@yE2cO~z>DdV+1$g>Pbhn2~=aom@l7aqZb5xW_z z>xchk4VVNoKJMSWXJnIX?B%5eX3stI({*NSNgrpB*mWlJFFnhs&K)ZCFn0i{r0b%j zcKi4{z7v-4+()q7gCeJM_TA=P7bUSmyZkem8zm>}LYD8hr0QKOWmmJ8uK2W*>ybWM z?|~O0aaHG;DDBF*=D5J9DqLq>l?_-*2Ter4J!H>El8#`)y@v>88=UF9mgJoX0;r43_f-+xQKfy*vjN zUxJX&_`xm=ba^MQY0e-lwn&lAvDaPbe%1xu@BJZCGUo&K7&B#P_V=C|+;hbH)^+A) z-*c(m#wl38yk7xJ9K~VbC6|_v@sSVqOp6|ht|8hnws2V2ieT4163*w;$p5G<9wBa%<#+aLSob<(V z2cV$HDzL~5a&&rDFA*|*)XpG1CHf^ScbOcW+{rw>U1zn5bKY93nDnR0;Eu0(n%dy}Flkk`Ma)bp_-F30%@~}Q9?+Nxe z)BilqG!-oK5XO`Jkm^?K!8?V5Wgb#9au$fT53GDwAbj?NtFmMEKylWpy1|vx$~;JWj-@zB_)b+w(a=1o-#M)?9h;a(FfK$;DQ^|N8_}3E8?>eB@_J;7G22AUAakG zOy`kYMv*v`J7JLtul&Z&!_kl59u^z-y^FGR#o83P1QwZ#Hj@}WSY!d5F0mvsufscG z(IK#_oN3V;kp*C(HQ7BmGxyF)=1c!w`cuB7^AKRNbS3RQvL1FC-47P|KqaY`Mu|!I*-&=x-u-Wk%{u?n%-;db3U$&(wKA%;ka*fBrsQY^@i@ugO~->V-27CAx&LgeDhJ?t7JpH3giZ9Xjeo9i;X zjuaa?@k&$e-6MM|_DR=PXi_=-&@L=|<8p&mK2<$2x*9Ap;pGM`oyrZ`{28Tf$`9_! z+cou0$YacT58Ut7F6y0-$ked-O)ocS&mb)Pp0pbt;Ytp#gM~I!NyvR94=88#a)Xw} zY3JdS@_=$*UT#q5QNF>t7THYdaL&0rpzb*tJ$;bTv*%>=%!B&2G6Szh_ngw%J`l&8 zePT{{4zGCk{F3YQt>RS0y64QXokwHxy)n`~cR8jHIis0J-D0Z~JWM8Ico+*xco-}^4BH3~ zgN29DT*AZTrG|%HN$AcadA+2+)B!pyJWO6{co-}^466$d6Dl4a2J1QJOUQl*tjaw2 z4YD89t(-ye0@-t=RN6;Cb4R9q)W&_es_8?ZOy(gtCG%jWP9OBQ%!B^cK5Baq zrPXupn75DALcf=>dd`WHokwjCBF}ryuPEj6N#a%J!AFojS{qluMB_1eyL-+#irWWA z(~gCYAp7y~5j=8LjfLkWzsFKjtoz0}+p&-k@~xg169Sn&xS}&(#`I5iSp7`)?n$^<7xn^ubb< z7{0@nhrwj%eUI<3tTD&VR_36#)z`( z(zs#m;txG+&$(bOo4&s%@h*LE$7esp+|3#Ed#QU4OO6tJZ+rE^O?bN$BO153;?0m;R``^$6~TH~*1yVSU3Fp6&i7TN5= z);nKyM8*cMUEXnm#g7Av9)DQR7CCI!StWtY7q&4hys)YF3S)Ge^@D|mE+oJ07(()G zWLABob~G$HJ4^&Zey{wQiFV_Wd|UYd7WyM1t20(1D$+`!*T{i-Q=E8h3YXDn&^&MPUi9^;`8cn z5;zF5`8Ku7wadF6Faaz1Hu1LFNoq~I>O#VOHYUcm(ZyjB9rAlTNW~&M68SeSO%!rs zdJkK@8&|L-Wg>bPYoQHN>BT(q7qqqzMZA3EB}}E zvs7&-Y&(4@A{i`ofQ&D(_ME!OL4_sGck?RqHDk& zV@aJNQE92ea#(akp33NNM26@t_eOKp-qn*ml6cZ~RLtEY_WRJEc>cD_TcPHWw?d`% z{ob>61Hu58Zs8@*78%Pk;n(4 z;Cnu>&a6Fsp}&_Jh?MT~dsx@>M`9r^)pFzY4vXxFm4si}$?$9z)z}JP8^d?6?QD%& zSl+KaEH)nIp^ekhF7=UMc^l@i=xW5>jky!Wm^y8Tg?F;RN48+9icAg5SrvT{8^9mT ztV;)1KWEQ0EN2zRj_k<87aFIXZ~U$zERTI_4NmPI`^G)E{N)}CUHL#{V`PS_;j(A{ zYPjrqyBaQg-efX{H(gjk#=^#vH6?wwUG-JjDUrjN340cpEwV?%gZ3LAsfTM4&kCzO z3>JOi%7SHGu)54mC~?NZWw`QzY^KtSa*^2&`9~{9IOVZZ!@?6~>vk+m6rls5&RJ6~ zrDCK?(8s{pHA8J4rp0w11DlZ;Nsbp04ha+360xkN?4=nJsu zV8U~9pI<4Ey=!6N_pAb4Q~Jl!F4h_O3bwg|xQ48Ok!eIrMQ(>hW>wQ9a-vj^uIWu= z`%uR#^L6zUtG<6%K<3-nBhq+cw+;(GCACLp)kS31ORv~74eOd>yUP==$Vb+hCZBnn zcCc%8QpjS`4VEW*2Rd@yB_L%iN)$4lH>)u+*c4rRLsYu?w(Dl@26v>|WwHk^jyKx$+Av zHeaL`Iv}m(4014p4q#b(7VfM)@g=kidyFMh*@A!?K6wIG_FM_8tigk4laM+$JUio49(Z}D3M3t$ z3q9ZB*?VTr{2cnjvx|{b^3vIEJ{~qj~xB1%OyDO z8r-9V!MunYEcMJ~)1_|3W!OcgVJ$A-u%ua2F@ZTp*j4sJPEs&6zcXerV_9cnSh2i) zix$%v`x^H}j%d>eGa>x6$=ZH$OJWTDF z-0`Hf=-sgBh^n5)&gF{Ay#On3Vy6i`KkPK78`}~r_8~}Y@UFbbTr!eM_fnvD z@)gT#^mAgwV;;#V6fMwrB-V}S6;#RGtFYLH{}DH`=bQ&Taw4qz!8E*dK;r5=&S*X| z$dUcZ3@l`kx!ic&4@TdN`HE$ykMaoORruPKY6`6}6!!NTS8zu)?G$!ixrE9dc?}lc zuAWC?tzg}^6KZz81c{X$WzUp0kZJZ!=u!3v&(1pI+1WQdyJLBr4?H{Tg7Ge2!>-~R zV``4w=hE#vzPw3Iw5<>P@g}u)$xnf$mIW;N@rRYJ@a)hPo}IO_N#P|HA?wU0llcl& zYafD1mNwYY^Q|MDewh>Vtz?gFcWFS|4i;MhuXtoVSoFMqFTj1q3=8kPX|!Ex)$zvH zeos=49C4{jyC1y2Ia{!t8P@ykk<5(v+PEvi4`iT5eu0ICq)~MZ*j4tdQmt~A$@1!& z3jA6+P>Cz&mpdhPdFfkSDp};@d=C9qwTN9S>^bX)L1*nTyR09kQ>^-`P|m~y!y=1b z2+*E=Sa>^WGPdxmbFy>_i{9v#4j+ew=cscMUJT2NB%jERSF2>{fQA#93sr^3UR{#TqyCgD4YV|LHAt3r zVUZ(*`Ia{BVYgjB^+t-Nwijb!-WxkC{OaDk-*eM^qwh0$ET%ps5_)7-Sni4+NF%(7J3eD37KfhCptxh^Ug)>Idg>Dm1j z+Mv*6%qR5k9uc66d3+%4sz))`MJA*+mY<4w8hS>NiA995>VNlp*vjZIR*$rc4yK*K zq@9Xd#g;a>d-4XK29`@*iqb~jayXVcf z0*AMqFqAn9_msw-g~Rq9grz1bEHRL<#6ZH53jm95df47uu*7b`Qu`Q|`UmH_EBy&# z4!sB*&R+5>Z&z|< z*NT~N?{n_>#9AG;wq{uBgB-TLKv;P(Y-4q`Oa3%0ex}3L4*^U32CV!Fwmw`O2bUPS z5?;J|ymqMt3`;F3SbP|V#nQ^OP&oZ zIdQPq6b=iGi>!F`k(wO7O)NVs`EQ4C9unsG2(2ugeQg4<=2xDCPpWn-yIWQODj=BCa?Nqi;y9fOdv%_;9 z_uC!my?bD}dzesi2mHo%m^ENp3XPxhbH^;Et=}@{rd{&*6thg;EKCwdzU}>X<)E@I z969;c{nmD}Ew>Npy5U#I99Zmil#2Kg4vP+PIqBIC zrl8D?m|ZNk8-2u9aMrwl7k9`L3+MjR(huUrAbi~;kz`t(h%`wd6Q_u=%LJ~(W7k9 z+9&VDwdm|3wsVe%4B?3 zpP}F5gq*b!ot^cAMNXte<@_o;7WbbO%ndxf5MEClzqOJ0ny=Eu6oi|Ow@)`eKo zc9PCAmiT-0n>b`x?9YdF{rJ4nZ)>icCn4ue-h0>2WzpZOT|h2;&XF*R(gD$|znA!I z-lKhx}fmX1Aryg1@<^cKF+?mS2GXyYTH$>@adyn@`N?|r~4sBz5Q0^ z5=GnnXbj|q+V@;G22#7nIa2CA^OYo<@hO|vc8_z!rQUYEx2_IB+tqG{a=U)&5M+Ep zV)A>E``YfocbSme?y)Z7bJ{L%rLeqmYA%mZs<`75wVif}(e!(Xmx4X$Md{T19!qQb zrH!{;aNM#4H`Cchi1*Ps`Nmeh95-zj+&r^?;#p*VHnnU*c}sVeM^~ zd}3)QiKT;8SA%swxMth$gI+Gcc;~@g(eXX*Y0s**UFvxl^Wz+mmD8^v&HP^dp(3~P z=GtMMuV;SxdwDbBQhB;>4?DHG5TzFnqIDjR`>1bT>GyFTDQ%eF6MU3;FblL@?K#p{ z%m1jC{k_D)-4p9QzxQCr(u;tG{+^7XwDX8Uu*W^^iIKKT9u?zS?T%iV%6wt@J*6Q- zFDxFRKi6RRko2wW2Q2%+3l{oQ&m-%Ht3^&^;m-Mhb$pFYrgZn7hIPIVdG}J5ci&jP zIzFtu?aE(RR67p_&)r{{&AIpW+I40SYroZxq*-?!Vwlq}R+8Uq3^M~y`7SZ1<5Om$ zzgPKQN=WVnzZN->RVwF5b(NeW;#K5MSbvYqn(?s(WnE72oU^KoNargAvhDsV-9O~m zdlISrRxTkXKKgyofii~qJqJDGbKu%8aW@{kue=89e1%8!_j=D z=a=D=ertcBR`eVxMVNj?X5{xS`Fi`{#b~?gjimebOUmr;Rc}-QtmjC`V*4d>WPH`9 zMdfzi{;r)t$)En7*oySa_mqB_$J_3)F3O&_-Q%7Xdfs-A`{*I>Uj3Yo??Es8QEk^4 zr7Lrnc4XU(uW!6wCSLDL$u0f82Y1!SZ|9Ztf4Yi!xtW z&XL{CeyClP`O50Zd||ndcy@A*m^ZR-XY%NLt0#Mq;4zQd53Y7me(!=BGo`g`^3 zs%VmXM!B@ov-r;bUiDwse%JY7kEKPGo*(kAs$1b}O1G7sA2FX&2D&bcxtWJ24?=&^ zr`xWvR?3FVvA4c7I&~{k_M!^sUf)RrT?EwIfL@>N<-DZodzDQKz@(}=_FG8+#FKM~I_qczVM%wPdPyem{>(@&6|33J}BmUsrAL&;} zdFIQe+IH37{$f*Yy9XUSqq$(>ldj}-`_ri7fd!%A{KE@5N)y(EeLUiDRFPD1xrL#@A8f1Y6W%-1aw zy29#0r?9Lal|B0*usQdUfZ*)!1qo-q7hF61^a5Jju5|Bti0%gyUVpE2PcjRgUhrW1 ztv%7RL0uPtcFj)069QM)g<6clBFTbZIYWfu`-gdqBg}gt0um07mbJyRi zoq^lF=aMR(@sVlrdk=pyuKQ?LdlR#0*H21o`>nhyoWJyUMLBlg9(hl;?J?ilW0lzI zIg-Yb@jc`mY1^eMMF%oICeZ#~?F=fnJ^HQQsG?ZUhnULtD=>H0O6phJF)~g&X6pPN zEWam}BELt4c>G@FAtMeQTz$eF-<3D(__{7vn!fF-PYXGD^jqD4+LK%@ruyVVTz$fg zm&Xpa&dHV0Om3Pg30qf4yVPJmtZOfsCu=2TFJs|UFP56OG)b8RO9%XU{kFMyr@m$F zf3t$-_h?eV8VB!H_^uyEMCPkhV*71=yzJ2AM=9mgwa0chXGK}M?m6>r=BBQ}1556( zu%P5KNmcE>A<4}n5PskJ$~WEI48tq!N*Bud$BWhOTms8|?p1~G5}wcGm%);s zd{3e;fALgp_egqZ#!Sp9CdqTxPkp`6sg-WOh}J(%HBA>8OLLr*PQb=P<>K z(uWuMiY?FfZE9%1bewNvr`9eq2uvVUz75aTEs57SW;vqFra2XvW7dn(>JP$hU6MJx6M!tX)6_u)Nt0i~aAg+?OJM z*OseY`7W$u{*1oh+uoP3wHaxbw+3OX54(QMr(G9P`nJ1=0gA27jgv05C%lsB(YpEe zO6_hRmx{bHrm`RFZ}fZq@_PbvgDHRzEOs+L7Qcbrb<6L!wRdWl_r_qVcjVjDx6saO z(`i@QQ063Ztf$FyM=7VZx)38xY@o2x?v*~teE9;i&TOC=vqXZdy{8-YT(SbM&D>a+ zBz6rvaN6JNIcFtYUDxj=MozW9_}@IE6Wb>2K^x3XS(m=UaVLLm1+dgNgXMj87{kS` zf#I!erk+Q5u~N^u2VptW%y4Ua(64JW{l@;RUEY3#rS6;RyYYj;k_U8EdUJj+O=;`mByJVml;{(kn3@;fbWiVPZUXzVAIuwj-b55V z=9YTqj6*CEL(ivPW(}C!(uexlp}(sZk>8WSwHVPXYsKKXcaMs8U3;a>vIfM?jPHzx z+b`o>=GOP$WQJFNvy-`_mI%^JYk zhayos7FmnA8(}$vm)f^$56k@~|1$C}b-&*_)cHL{Lw4WXs*(TXT86Hq8HRUW>S5-~ zeVMfqkF+%D-TJjt3qDZ5Y1i4N?>()|Vq`enAT$K)9@UnM+1H*!JctY;=WOFze4Bc& zKkn7c_ng){H&Sb{ycO^FV>6XH`mOc*Jk2%kl_V*M;cQc6nz&zr6?L0fkPvf7d^A zue(Htb$vvxgN5Joc1IqU9=d*AedG;uSaq;_!+hr}#4Gy?>sYRk>+B^faPCl48k&SX zzD-PEO(=-`{BE=*b`YiB0qbnB7EcC{@!!>r*D7LBx|pOMQ38k zh|VOEDfbL4cPMQ&cc_$xuFK=Rp~!u|!s);~cYmF?J=3ZVKE5q)a@xYzcwE=tqu=V6 zu=R^;r?_>-ms;a`6)d#vTt|DKliJrW>D%PP!m2O8a!-qsjts)xowEQ7KOlAHo@SDc z4FHxql*kqP6)gIZ*y-G%BIGvagvBHN)x%;BA<%9jdTtWC5pgeXeeR)R;aj_l##-`g^XKJu_Egf6t6`oSd0^=4^Q}tm}+%EbWpu zx^I6H6YaF6&O1!;&p98gKJm}M!cU#v_=W6lX%~s_9nVdiGtG4P_%?6#+_R;TcVW?C z#ZQJO5?{i{VUgjuKf1r1@5@WXREC!@cSioZn99(BvIZ+Vo=`V%0?d$z+~0cvoZA&qMBe_L-kU&#=fPDq=;J zM=;TujyTc>Z{YGZnrY;)ySg)G8@FfQLWi$0na7`^JaFeGrEqz>h`^i~R2n%J)^!ms zkogL~U!KSWAAX>OTE2zFrsdX;T*r)=b-8f)J^MIud>FzzV|Rq*&hx}bWF+3-=wPtO zAXhed*M-=$G222-lhZ{z;^7~9cANKG=Aqq7VXCqF+#9}G7qUwFplYNY|6BUte_Ou6 z${IfolW*6aJ7v$Rw91VOy2|-EGb}feF|SN?$5$RJ3ORg|1RVMAOwt+ODPg-GOc|kZ zDp>Yhy`YSb64q}Mb9XOmN3K))Bsz%h_KTBbO)vg*Y4_qvcU|0Cxo2QGzam&-!xJKsd*Nb8mv6vg^B@w& z{vuv9XG^?j{O1=hnss68E5=|vdnAMt@!z3Mf*G_i6o)pNMiYv%i#EUKs(M&sE z_KobDP>p`u`ehS^LtDvZI?G%Y-Dn)V2?Fmmg?^{ zeu(O_xe9(Sxp**=*uU#Syo%2Y79R^NYkJtOAI!~_K4M=ZuBBekVJlm}@_sxlb(9WU zo&!rx11$L@u)Hk+OT5Zqd*{KJD0jZDgvyn>u|sb%4`C8q`!{|qd$-eKJjVG45w ziMEkDiLuG6JaKpBE11ZUod+ehSnR;QO|8Vk9^b|WpdCkN`i-8VU1Sy5*XozB+|$JN z$lkEz7994OJ?Bcu{;J_T_kwR@3qNdiI#}LTgmLWd8j#nrF0FItTg6K9EupJeXy{ap zxudK~;+kRcr@&;vOdn@b-LZ(iUwNGBl9;Shan_c5*v8Yq;+KRaCli*OOjvSNVGhX7 z1OMCgb1SUe?%UYm4qF=@At!e&%t~*+0!K0y_MD|PYTn9ReouAb{k`U-}h}|Iu6S{ z_#e?CecXfU+lTu+>nGH&7&6MYiUv(lpJAyBCPg;yDIJ!3;bJP6Ux}Yw9Y?@o`M7M|$d0h^Y;1DvJ`B0NLt)`z zOy)T=EK94~`@N6SsYr^@5F2Rb%hcR$Wmcg*tM_OZdpk@>QpOkihIYLJi0C;pObTlkmG$o5_Tl2+JLqv41apYeH7AbRq>L9ujo&u=Y15L21+ zL5q5fxx7vfkA7XF8DHwnnFoXMw!_HtEmM8w!5x}4c+m6J`|r1^nry#+7{r1lmYwB4 z@fKVs$>D`1R_(CZP~57yduUN>$MkJt)eh^ouFK4gQ9o-%+<0KoO-a;iFLqMnpE;~F z**FF5P~fgJL+kQ!EH<(Vt9N7-SmX_yBz6H|GU@jZSKID6*Hijc3OKeAHMPUrVUgFc z_T06y-y&1PaxSmV_VOHF=jc(e=mzR+uRo80f^m4(9u~e!s*C;L%H}QKU_EUgVj*@f zg%3q8Q7OA?|2V5xhHvSVrz5r&Aw}VJu+B~JTlQRV+46DRCFcW{y8_F}U7<{1baq&D z9A4PasW7PA@mJ?~&y1SJxszeBoBg3fEI)OtM*memHZrT%*>i`&!XvQ6@J>q~*&7x* zkeZSEgUKU$1?eT{NXBUHMp$e{o@2>5!m`5;V9}X)19B&mn!;nR^y1PfEawurgl9{^ z50CY{OZW>c=aT8B>*8qbIafE=D3k&dr)K@dOh)Q>-=s?wPJVAM?@>YsvcPzb=_# zY4;KnvX=yytbt2@?>tgd^f%Id&c`QpVd)Q6I&kTA9?3N_kJKN638-1xRSqh1W0A-@ zd-Hzz0nNVS(?!;W%RlR)R9*W`ew3);+6penrsGQ;Ae94?rwOav35yP4_116i+xWm? z<-4%Z5JPb8K{W<*7StGwt_F+k@W-e+dr2A(|6>)+9m=Gzv3U&eIBI^cHecZpS$kOS z6g38Or!dZihJFlt+b<(o#v)O8&j&L|&KuH={Kxq9__lVqGyJT)A>1tY;MF2r`s3yd zKNT9EdrR5N$kfa)u`R(uf4Ev?R>!Do>S$%HE^vLkom$o53Zf% zby!Z;`9g7)hL{CHf1;JMzp%%*m2IUv$M%Zbhc_vY6npHku)Ql_-AhJ=r7IF}*Ggzq z=IdVFyH<90_sG4Pu{`coRVw3OW%7tzaw*#VJr346A1eODZ@@|&e+4YO)2c)dxKPfl z)g^yzzmltRW+X3V{cK0tIY?>8f&53KW5lrn2i z#qO9>gOl+&{1g_u{9&u-!E(RBlDmG`@(5V$AlO>$AQy$V`vFTH+F@&xf$=*0OB=A< zWrr=_g+=B%Z1)Y8Ts)W%nDoo|zZhkFX!j(pje$ID`7GrGF8Xs+Z*Pf}M-zGlW zw-ldzn|i*oFP+wHCl@7az#$M?6Y3m#xr~ziJ<8giEhdWYIsfXO^DAeR`BIRI<<7fT zbNAkYsiLvt^BhLjKq_9=o-p6>#mAzL-g#H9e)q$TlKq9Pd@86fayBe-HjGh!<_61I zRmpbs3g24%eB1kj1tmO(loLJ<3qR$;UAfZ(0EuTfEO#EO_sUn={arZ`R(=Ire}H!J z0l`wE=dkby5jHC)lEUKWJZxq8lh$%RsQW87X_p$R~PqfVmc068w%{PE~fxz%!$49ZG6WJ zrOBCs<*heZYGT3i&d*`%kAkI6Dy)3yYQgPUmA;U3$t#rkUM;xg&$!U)@iYih=ByPF zICm&4=Y#8W^>~-j$J$U}@#P;DnV%JXZA;oESO2icVPcsg|GA~tmg`&U!Or&_=!=PO z+PmW7o3d8Uetyr{Um7RDbzPkOJx3qhDH%)sID&4Hqj*mvtUcne&P_sl=<2~sWB@+K zml|~X@VDzHH7M(MSrTcN8iO=gH%QvWuBTnzCW0jf=&;DtLiobNr19mRhUK0nPUalZ ztRjagg%o;$<(_sk=AITY7Ww%~uY$q zhQu-*7M;Ya1skKOU3rNYj3O(;qH|&!p=V;m#-r;aFj{{~BJ7mU_O2bzQFD zVaCE;xtP@TV$~6y=-fRjkVLPA#nz{uTll@xyRoKDbmH_6Tc5+3;KSRo&e$35?esm< zu(f;py~LZrL>=#1(e1Opbo9C>uATx>WfFt55VOwcBz& z?pj#dfJKjz{uUXNq#S<0Y8$==%l-=04G%-jIp zXA=4wUE@sGSt~Yxr43OT;bE%rtS_H(lvp9RR_ZOm7#@fI+-~7(=T2VwQ%5d#N9Oj( z7O=;+srO(k^`|H~wZ2N#&C2gDt}1KgtS(Q)!J=2dB1foP9=j+nXZMIa9vWg!>{ybo zVIH;noCuP2zCt#;N9T<$)_G{QYj81HdxxUF*mJI==gtk5vwtyJJC=*d+BLYCtfldb z$tqU)nfoI)X;|bn)j>9vPCztCV%7>48-R*uIa^n&E^EaI)iL*6a?eBtzL>16i?pXb zgJQB`hx-(C+;5Ycd(X+`uDzJ7eoGbDb>TbCS~X|+stHC{Q-&bAE-d$;==R7yOoAK# za!=spY>^yeGy3eiRf;&&Z*b4thMv!(vTJab>SCoeYI4>JyV|?^5vQe`OkyQrsdsZ& zGF3r%A8vDK5Ba`u^N!V_Vk4W)Z?ws7&TDWPF$=wi24XS!#Mi>0>B zRo&_y-Gw={abc0mvqjr>FI`c~H(XoMNyKhNCwatfNkC0qY*=kyZkfm>7c|?kr0x-I zI&r?R-utlJM}iV^*9vusOaluIi6aXQ-SxY?1Qt0FYYKnn*@-+ZW-K;eSaczd?Cd2c zbMC=Q^IE`e@S;Tvwo&>AdfMw(6N)Nb_K3vl0g5H0rJ7mgG;2Nrqb-j>Z8(4Dge$g2G| zMv1AaYapk;<4bKhHwv|L=ccMt_L9kMc^FUS+{uD>xhnr{_k#@`9JVp)hiz{74>t6C z*w&&sj2rx)dHi4#y8z=-`uA=;%)?*%t(=R0*YDbG&ir934;{94fgf!6?qRan((m$| zYqxU5VWh(SmH|I=V}tsa)_f~ur`WzmTL!}iYm!G`V+ zbNghz0_zuJRQ>mE^euLfb!PkTw_AJ6w`y&KHrTZOJ*(GF*3^#W3K$35SdII3>!BRB zZ*#y1aajYQh{Y(0+plDR(DMb>ryT=oFviGWEWyRb#&~01|JGrf8~%emzTKKXYBPvo z*}a72Y;k4fd@!4hedvB~^BjJ#xhoFa`kjYu9Ow@=cg11*9u-Us%hDfg{G8Wr zT;Ct;@$J^FxOQ8o2=;qx>>sxJ?+=zeVwE4APP@dW{9vOC9kzD3!+7|Iu3)2oT)Xli zE7kpFms);+?T+ktzel)Dzx)2twIlJS-P)wJqeSfa5S=r=r)wvBeSeR--)|pdCTM4^ z#DYDru}56LYd?SyzL#&n`mHFwj4y8}-0%6nb0a!t{RnmsEbUk*MnF6Iv(Ne zGNwi^yKgt{;V?lRGiIl4>^|3y)jaJsm*U#3kL9p^E9wUe4`b2qJQPyed**6|?K;E8 zr>+m7AG>cVj*jkf?bZ(RgM|)6HTPS~l0F#gcYl>rczi1&Y1dSub>_y$+&)&PGiDEz z^xLh8b?p@6O24cW!DQbQ8(q@xC4c%bk8JL@XBZ8(@m%-q#>@X;k*SZ=vVM$iIUizd z+HPaFt`C}W#<%f_+9~;yGlLDKU;4tXpWA$FkqDgpyx(5@+O8jJ8GF-xySCTE*7tcB z3+2r1;@8@5WwVQ4+w~K_HvSZS2&CP0;pxr!h2?(3t#Yq2k>zfLknlH-}NBqqj~*$Mk?Wt9)tet&P{i|_X~4*oFV#Jhf;6kVQ!!;W3b zxA;}gDt?u9p}rN{_|yA65il7GPkXTH3nZ!N8nE2cp3aP(A|^0AOw3*SWva@zu*lS6 z?#9ogiXpq+?h!2fUd&y1-NoGP8i=p!nAH>9^TD#2{a{|pI>W|hY0N~pJzE!Zx95Y` zG&(GkLii+X;*743^<%@hre2KU4%V${Zu}2q3kv^)w-SarhH^c;X{iMpY-Nppo+%^{(_TY)Iu|HqC&AB~n z-;O(MW2_HbKg17~yAhX+EDFn5n7MK;8#}0)s^r(*%PX0=G<0F+OS@tR!*i(nk!ggc zI3QV-j=#bC+-WbLIrWghH48S@3h?mQ4oXy}4I z)9yj1iLo|5cAt!e+FeYdVfv`v!<*OhA)dP5ZhgWVi^7fRgBx-&Chn{i{kQG5&a6J9 zl4XCdSXla~eD4Yv-~0XE#_#@Mu_MXCja;XMU*tbn?5Digv3bB^_r7xadk4TGa}m+Q zvxTikZek6a8Uf~(n2Ezw%-Ho)UTQIFKx7}GGm*_iv_=1LHD+!qMMOS@MQ#^7_;QknXhQuoZr3^ta|n(GVizK&ZT?imz+Ul8eLaSyRLzv>2QKXpe%o#Qu09Me z^T0co$EpAkIT03F)U!cd1My}#3j#v+KKFKT`&B?EYwt;iB>6(z$f=xWgsIH-kZQX79mC9SH$P|Fkqn};TDhI+nl&7kir==^Yuzid>yO; z(bZywvdA-JS}KJmd}O?%NqHGnU%Xh1f)gC9Q=|l32SRk|{zPVjI)1 zOE3E?T{pCWLHFCu3%pl(WDM=xq~Z44&4;*ew~oja&ga_Q-y^o?_we1e+qb{(_x7!i z!&sox2kT9+t>1ayHfBtL%-GzBvE4Tz`Pm~+ee67(-rOnDCK3yF1)O%w!aTxrNRHuG zu<%3`n8MpdXy#6Vg|}a+-R1X86uDDK5xG-@p|sx%keL0Dbr<=Rw=8te4AQy%qV4AQ zNSVR5?y6)6#a^;URJ!GBLTBQ`V1DVooilp-J?HUa5^S>u*v6g(CYktCSj?kOyDr18 zM5{#iBiTlezvo0UW`>4h`+k7+qZDVIMCns@%wFK!31)5&por!-;;6h@A$5C;NJ0vt#1Ox@SSh7zuHCj zgN1j(VsAfe?@L(hov^JP$Rky?ZLHDKZGu*eLDtv&Ig6uRefMzdCb<7e`11UmimEpTnGpx94gn^$xJm76dAgM~J(6vK|07O*mx-%DH-%uTanzQT>gR+cx7 z=!3AHE!gUk+9jS97Tq3J8nS$QzgfP-zFnC9+K~=h{SvnIH>|Ug!C4p3+-2Hros;`^ zbMOyKeEVT*^M%DGcofum;C0J$xQ@H$sWoXVcv$Aa=MWlKuO(}cdM)>RiN%3E_K3qf zzeg?GI|@0kU+73YcQWqRd2pvJj}j+)pSZc4bJtep%fOp?Fh=&<&F8%F$rRr4iPg>T z(TOt;&md$TY>}A&)GlxlwjAJ_=^Wr`lxO#V&g6 zx$AP34R*|Y(R(-Y+?8Kl=4`%Aj2tg)@*H6Mo-pH@t=v6g&4~#&WdxhS6SD_CSC5ol`z@a@)~HIM(2&*Tb?kMB~e za^7H(hlD3azK3-l@~xIm<&&(vQ@>vH+BJ2w_FfQyyMAI>0avuGj zsN?)z{6gA^1W3F1!A=B;>_}2xTd8)jD-(t|7q<^?oXqzgwN1O&BK=-)tK|o5Jn8oejcvbJ z$?|sQu<*4rk@fdt&&DAVn+$vG2X>WpZY-w^?S22;9s&!qBt)nXI3m%RJPk@9)*F!nG55_tzEW*!g-lEwn2>BK%%heQ1|y zDf3`f$vhZA+b%IS*aQmfNCs~FVr@dEAK+{x`X@gOc=uDbb_du#2E+U62-0}C!PsS%?J8MeUZM)hwaqQBSyEf~0$t}BYj%xOeo4xH4$HRfKHK)$0 zk(vmHJ;s-~5$#k{+40eJGZv|WS(huanr{>LAW~ex;k5f)UyOD<@@bctKqpXY<+f7{ zbNM9kD);Y|^2yv>m!VT;!v0=jqKzefI@sf^(si>|K20A&CEKp{b|tn-F9L|NetgH- zH+OB@ZM{QuB_Jg2h!Ghd^2>fmhfTlO!OBBd`#tn0JhpvQ4pX%vG9k0n`oWl`;!}bp z?hsa4Kn0i5skp<8?zci4Wwp-{=~#&4d}$}gLiiN!0Ey#Vc|K#EppDWtLVBi z4?~k~fb69g6Qk$Ba+h&+i^VcJj#nun zBc1DM=~?B8(t+5c^m`AA>{wh<%MVCW-Cyjl?P>$%2HX4;0S^0afi<j9%ST1Sl0!q<(zXRWc`}+sKP>h znr`Htj|+BQdJzg6+Ax%ro6d!i@d?A*`{TE_qB3SIHhnzo)J!t51D}~DeTe4@y)g4< ze?42(c8m|Z29843g_|k;-lN6)?Y)LrtbD^2nl%t=+CDg_^LxqfK37p`S5?pK8#8tL zs9oTW`Of3=Qg_cE`KDJ&DtDCJ(#WycM(oP8?v2Iqdx>R&B`#OFs^l$R39HZ_))c;B zl_MVrQIC9}nts#^zL>f?J0ePS8gPNS*W5~?!Ne{?=D95ujN%HPGGq5ck zP_4pqRI|+4zh`vvEhT&DSr&NiY1YojNU*MpBb~Wj5sf(uZt3_cFWoe2!2Oo-5u8Hf z%}qO3YWOow(zU`m`+I^WcFd-mxyhx-n&$lgf)Dfk@&l#IbHBlIzsb#wUMrPsV;1!x zadyYt90~0b2YOg+ZmfUN-(X#<=G+qWQd0+}vcZmzDw*>^Ra^eY1d!M*Sm*0X4h>yG z)As8ar4O|PvPW#vSyKr^?c;G4_=(#`Z2+v3xwmk&(uNek&ZD})rNCq!*mLILp3Xe3 zIQXuWJ2~@E0=9ifT+FxiC0q%=_OW%(of&C6?c=+9&KI3|FuA1X@v+v)n{0?$0W zD%Cz}S3dEyeI)-(3im>a@)eR+MCe~$cpPX&G25LHG zT|BH1+7Roq^o)&{)*ie`)@SY+AwZE&mEDSb#e5n&4eZfx@;ZbWrH=Js(ck1E=Pvu} zx(xlb?!r}*&fV?WiW~t8&w1n%`#lcA*(1_!&MK8NXH`~KWGUpAyMi}9v;m8rA}2WW zfJIJ}9u=CD|C{rn(olE_7jy0{*Ln0PSk{?}-SN39_AEGBk+WI8!V_8bqF0b!+Akm4 zo)6+i`&ImN`Kc9+F3EkKyY}AOS^B$YWcLhS$+*n-9Gy!;=h`h6dlPSC_@s)SIhVrg zN`F-6jM??E{Dl=MIyNyZvI;EshrI3hXN2|TY^hEYJ2kUP?isAJw43++$We?pnTI++ zp#ya*vPYEm<;6I0Wc16k&hJSZ%f3+}`g^r=U7mIJLw&Q3ue|fhvgh08BvIZNjF+xj zw^6&wVX)}?N~}f~zjE+<|MKLQCt{vi7e_zyb*S@u_vqEm!(H3oOI;zB|N6j1PUjBw zjC;?jt8DLN&2sm^VvjwwBIjIOOXx+oeAd90ht?d+tbrQX+27Uz5hd7o%zJw(>nzqK zeMnNwI_FI(XYgK)-8~|sXTH?Nwv+juZ)>L(QWQS<$SZev8}E%9 zRvjervk2kbm$1mO*nRA=u<{aHv^?8MC=a7ZWo~kKLoWpP<B@JX2-p$(CPT^9);OMl#}kq=O5=zu9VI^vam+dJ=@ioLW(S_}VE?;-r} zYCtUQy79vQVBvpy=-N~5GrlWqziaB~XUtMt_I!|@!~bC6f6Uq8f1<9t=fW}5uVUHD zH-L;vot<1Vyap7GTrkm`?!`3Wpz5PCNGxYlCmt`vb(pZDlZYy0a z@(@-RyM_82kp*B~7phg(MZ8MZfZ;pqOqI+!Gh_z)#O!u%XVePjFcd4jJYqdR=)E6Sw&Z$hNbosEVajA0^|q7;T^W;L*i2Wra$SSbKYRF6T;%#h9wT=u(i>`Qak3b)mLGW z*Y0JzwH?CtEpc)WcA9lY_L-YdoS}nDhh6%E#ZCxIjdPbiN5t+gQ%%Og{nmDgo%VY! zr2O7v9@4urk9&M2-zJCSQhisZh9xE%=8>TNJ#i>=wzLzxns)KCYv%!rv`Z|zcFBX3 zT^pI^u+;-#sZDTL&y1^Q?ndoWuK<>Mc(BB%!y-F!P~{E0!`8nA3(tn-jTTsPl3>ZV zf|>BHGgJ8RV(oYm(=N5Wv`bA&SnQorzQgZf4?anS2#s_2gf_SwG7nCS%%e2{^(*0Y z=SC-PACakjn;c^psc?UfojQHUwM-w3eVGRm&peoO+J`9S^!qqRYOJ=8)TyM+m47ZDf6JHWFG4MXRVY*%RGn{?IU#vu9QIc{2ryw_@ZO`HudEt z??;}5r7i@_bvu1rA+H^?0$5qAE2y=1g+fXzx9cN$N*A@+K9pWuUVOo;yY_-ob01Ni z!y{m;!(KUsm2F|&H$igi&(p4Q&IKv$JUdfs7O7xus98&Z9@wu5gI>kLax4rMy>p7oXPh&;{}vpTGH9ND{8_)yMy z>$>UqGO5e+P9DW5HFguMa<3~DZ85S32+Z>xEnJT z@hag5p7{yA2#W6SC06L?S?PQ$mOZp#%QNN+d|kStL-bn)yR?f<)mT!;-%+T3MC~r^ zI_4RRobQZ{zrKlMb-8D_Fk+K|hud-*06*zocWX0OYv0a-vYjq(GdoRGU=Ugn=b6EI>@WjYILMF0SmwmJJ z%-j@uaRr1&z;c(JcX8?T!ZMaOv9PV3+6$_-Zr8=dkabb_Jbieyed&*Mkh9=9ht93< zO&Cl0AGcNPf4sUI`yqfJ@jkHHP+*byN$BD2Zrbp6AuR2;zAWBBX2xApu_U2giPmiw zKce4DeaDN+4gX_y%-LscZy%0%_L7bmdXab++K?2NF^liqyG*3U`ZYv1rEUuBaW0wG zGnUpHCgvcSU1zbJIp^{wa^A#^WDSJDXTC!7LgQ>{>6hIs?YQnT7O|We3;$Nuul2|T zk;NwmQ)GJAK-^~g$QymWt-b{-onrTyo4~%Tm6WNB#r9?|1vB;cDCj$nuhgGBk+o;* zVf*4aj-ID(O6*stxp$OLGZxoE=H_k;9dJEm&t2!)4|izxoO5iyHIncvH%j~|*ihC5 z7C(fVCgG=7=Va$byw4pf(klBaB06`s`X!M!L@{PvJn6W;XetCJ#?Zl)lHdIhNfNrh zG8lVrUHy_>`>S8F`=)+L?o}ZP?SsU-w0rN6?^(Ea$lFI{LegaT6%R)EmHH)-&0sm_ zYMMm1mqrkJzSM$@S%`J9ORJrAV|7 zQTa<(jR#=?NIVGaHMi6{z(^QOwhu}3p-Dcf(6g(j?W#-4?2F6~>t1qsWet>Y$r|uw zWle>AhQ^6Vp$+9DvPZ&q`+L=sMIPn;puv`Qp?3sZ@2fGlorN667vUm5@CE0VyRTSH+@bSoISC^!}mmCfS>=TC! zD^I+-BpJ&YL3fXwnzloe0GnU%8RV&Dy0*h=xjOcljKbZN-RmfP}p;?30z`m;XvGoyEA{TQfcfRU< zwGY9Ay9U&#ti6!@%tK6N<{?2Ueb86iM`eaTOaSepwsmFXV#`o(BzH3Mi%n3yk;plJ z#A9Y2!mcw9v6q>L;Pb4N@>iJ$SAP4bJx6Vk@+C2OF*%HB~-ZlOO>@Uc&NQ8d0l zuB?p#zY1m1D_AljgItKn-rca$hSF=d>DkDv4NW^yJPUh#_ z3ncl-{A#IWO>wZulUGY+d5O9y**B??k;jP}q5C8IT~i+B!~~Lnv!-VaQc#|3_(Q#n0Av5!L-&$u;0AFh2!%N?$f&?q4pO@&m;tm;b4tk$YdLebg}i zU)Oo|_Xt1jo#hEg=4NhXExKT=}O z(bX2&GlN{h$1eqDX~XVD=7K%?NPTaP&-y>q8wuUtQ^|XNVX-r)H<5wmbB44(gr9 zLziT3>XqZvNLP@VBT zbV(6t9rHt%6qONO5*A%j6mn!+nnw5XpbD=ZJ~7~G|T@RKTjfbrs0L!}%u=pWhiK`N@BSCcM z;XS$Rk+_kp0hKPaCZ}O|yFTJyJ#6_EjAom$I&e3GkjWi#KFC!X1M*G1~X%D@;->|C(KRlyP;3sY=& z$K1DDwM))Cf=sMEtUOV+M((I9v%R#&f)`%Lg}b`=W$Z-;5vIDa0osYO*|{;xFR!~Y z1Z@|;v)_wd4@QekAIZzVh|lm?=7ZHkFS{c5ktzf^)1Cy$eF+PHK?ZA2)JNWGJS_6Y zrO#wtnz!g%O2n=K`*YTXYS4Dc$-I=-?gui+?=f5C_qZn7F1bPH#qNGcm+bGwp5xo{ zSl+?zhlGRvUi^7}FTVG~x*zgH@_Pc!Gv5mq-~G6t?O>{W6zlo82NKgRIc(C7Q~UT* zk-HzvVg0?l!{OWbIu7gk;EV3>CHK&`jFvkOEF$Z|Kizf|i+r2hK1m{2dD^9hm3E0= zgT;n&Soeebvg1pgMc*bT3C2s6@v#I4OMW+FXZ%}-bwB#9uXf3|Kdk$K6=!?`GcrDb z6m7@3v-4mFX}i?^G!~H~`8IDbY8TrpEb&N}T3>#}hLZ6S1=25vXxqgPp^wM8#CH38 zk8`PhMB6>iCI5cgJIp7m#x8M9*_I7z799z%ykhc9mm=ICMWS_x@hxSf;A(hg603TRHZMkENYWO1~DN?UECGr9j#*nZLi6dSAZH zTe`5+j61A!pxchG=aNcNI&ejGd_9-EJ*5Mdr1VRZ%I~>B+U{{KEmhk+&ZRu-wtJjQ zIbv=1IF}!fb16r=^LU&~g%aBCaW3VYrJXdxjE^YLc8_z(RMmEmb18aA#^+dnYS@Y^6#duFqOk zrqtPn$s*dlluo?1B?j4ynGtm31rU95OJS+|%YYo;BCPAe#M3?)oOWFpQPz*`_iA^f z#BThqcB$M(--r#*rQ9)dM`e#xT*~h$o=}YA zdG=fibZm^U^}|w_9%E)3$?pkud0?S&k;$?B%kbQMKmDdwA}ldLhviHwDYmsrv@8Ep z3B5EfW@7ysEMFb7eB#ig`d4dzmZh}$h=OgC2gDNDdz!Z~vL0)D_%19m!-cbkcBz-e z$|q%Ol%ADI$b7k(mako%r_gEhyaWqi2uqV5kXqZi2!f4;@NMdEz$B>T_Y$YCUG4YW ztMQR~COCH^EbFYEQRV@QZ%h_Je0QqO#AhhFGd?+?QSAdi*!5$|&048`5FZPx?Z$Md zl7R4M{jOZW@-;5z&^^&H{y|lfvmdbVFq!M|r>L3KF&|Uh@wsW17Yh%IAKOzJU1!A( z@_X#8#qx$Zp*XRUu*Vwsx&B__R5_kfgZ;`0ZcHkSR<~>5`0kncjlX1Flnu>ZUZQY* zuXcI0fi_phSdudjOH4GZaU-yebryB_Sc6MG-0^t;E@P&OKd|sCszL4r)gE&8h08zs zkXf0r zz@l3zPaU2}dg-3KH^*U>rMR-Xe&Rbrr=K4^Gt#27&V6I<#Kg!~YMjlGYq{>I86yiprVOz9CNvi<&7zXoj~cYrA0=uEEK&@=Hqdc2aikqKd)oACC| zqyBwi*WuZ2-^48mBMbk-owp`}=!3k^2}@qWMJa^G5)U4Ia8~X*%Q?%Q3sKs;QT>w8 zGt*7ZG;2g`U(&L|OJIr3JMkrS6KN2h2#Xv`;>w;&m&~2QeA>05Chs{HogKTVh|kgi7Ta$X?%BBsfn44xJ*8_; z_|CVEN4_<@tluN{NG*%5=_AfaT1?mA3fS#D2s+C*P-*Ev{LtPXZpO~TwHmsj>t=3Z zh0-s!mhmx37ppE#BPk6@gv_^>e7I{stu4mFn|6&aAtshy#P4R$B~rDI+BQEQI;ZLk zS!bT@$b`hx+_gfiV{3tBe7phS5v*ac)n9#vorln#$aQKqYi%=u*s?;cTcvPVL^iY14VX1xH>|Uy3M-4vIauO2-E-kNneP># zT)OvmYsX@Q+m4d6cK}yg_gAsM>>K-E`t=4++f^sNobSv-I$g(7`;}WJyh)X|$mraI zD-#m_A~V3kH(>E!9=3WsEOmBZEFu4{Gb}myu-pqUfy4PW?>*g%lS^x`3hs7^>*ve)w2Hu^=J(3#?CtB?m`dklNJq0GhWap;9RQ8t)QY`Yg$jb+)pD=4; za*_@UFJX0DSzf!yFNft$p$6nmpKh99;Zs~zUd)%g*2AO znB!;HFYDawInU?%AhnDBds)ou--5-42NQX{eTWX-{ZRI8{a_bfx4IwfF}J=Oq+M#9 z!^%&2?N_%K!k725V0j-AMnT`XF-0yvu$AF|GIJvfz`CYXtCbn<$;9+4UOu#OPPrW) zaU*NrczMA&c}D`4*icw}1c$A^0+za_u<{)7@@qHKt~`h3uyo47(78SK7rWX!%26nt zN*7w*DfF_m%lMl8==k%tN^^ zuPDdLti-GEPFU^$7KOEg{Dhw_jbDL*m7h`C+BbZg`fGF+f@vTUsw5vWS@^WpPzD=z<*kj+w%30^rEVf_VJ(yYtp;IMMi&eho zW{S?qa`@$2HEx6NAKjj zy3?-p9YtRyjuG~&bK^7&{c*O1)?BN5FR*sT#&b^+_V-es)mS)Bc0WAhxp&l+oynOI z&L2AEbjV&Jmtqdc_RGw_m{Ym-T|#I4J+Q=?!>YT$qNiNW#jf+^Ts*Lhncx|F7$L4> zCdBQUI=->f5Z7|&UD^2Ea{|YskIKs2wUI&2g`2rOWMvmk=m0a$eU6Dm-f${I&oZjR zcV*{A5AbEqDlF&nLL0NDWaXtbRbo13vU0v{T+lsT-Te?3l>Hzp@A(jB8Q#Pz9{B~f zv9*-n#P7nAqkUN9Sf-4~dMqQ+oneu^Wo>T^vpyuT%~@4RG&TTOY<(g>HonB~CB~IA zD)p*hi7|vFCgHH?$(}qYFA-RfeN!(tbK}Oz`QUu-w|QUJSa?Ktt?FZT@E`o;3Xtd9 zx%&GzAI`yd{<6L=jPH|SxTNr*NW}6?H+SuD_DBI@@D-u@p_`sD|d=ekFLSG8=C^G zbfx^z$~j6bgx48y_f0DNp6Pqys~DH#(gq$|EP2dUDlrp>l@9RO(BH$(AQz=;ASiIp z@44SH4|dzOs~t&tW8@blbaP+Ij>>)Md6%A}hn;~du>0|_+u|f$E9Rz^1*BhgZtM)p z|Ne;M>9?e=-CuUw(6a!J(ApKY&$p>9r^tJ13Bc;><^pIJF`{WGD`Po=@{Z`iV zOj5^8+-Se`ecqeJdyYhWc0a^p?irNd6aFImeB(u>9rwJ!IzDlc*-JjJ2Nqe1X(aY0 zAy2t4VYwT(|m68$i}sKx^A2=i;pL(S63Zr$)sSq?eBu-r3Ly4b#m z46!xCa#nc_!iSXfj2-|BucP|q%PCUc8M3xVEZ?O+A4&}U2 zL$epOkJfMt)$d!2@t3A{AL|VU9kYdgoHMwg=q-ndy+;GpOQ<2y? z3q-=4b2&fJ8?8!YTUcpL==Aak@7G4YCpm`ivQmd%J>E;D+Nb92Vcm0PnvCU=M|Pbh zVmz?$SnRnpPT$X-d(^R5eVVGEl@7id19T;7JCE{CNOT-7zTDlyD0&tiypsh!HY4Ve z$X7fkJq!2v)UI=Lh!{a0doED5-_~Ct>NR?laFFOEuEv~cWRSDK>=QjezEJjvwx6>A z%e_G23jN6;3NNAdY~C0XRO5YI$UXde6G;eh}~D zN4yf^D>uQieoQT~6$qP)O_et)wg+1oADYbE&P{mip8d!Bp$w5dm$+Ye4lMqoGY{>4 zuzJTXaOq%eSAW!*^p`fMJ&_YtiHZLRmht zXW4Y&_pry9QxlbILbUyynJf3OJp0URZN~|jZ#nORHKvmE(sd@vXKoCr?c*^wc?oH! zi_Am#LHb}|>$kN5oXe)aS3Q~J-MOjX6goZQ$gY)USwBj4XqPD{e1oYk<6}q9zEO6= zODKQogUKlC;yJ2fS$i5&YGT1;2>d(W!`2=POMN6*>LVStG6*cO_ORqT!%}M(mb@&O zV84txGTgb^_WT~UK4Dm5C1I(}0(;C&5dG|%cDz|TKB-@`m)a#)@UXQXz;d==vAIbG zOD$zsWH^`rjvb$1;yHubMQ(?QEZA>3+Vgufh6lEGnk%oj=ZGYlH`ZZZ^xA&qq!;rv zXxcsYO|DkvD^)9WMg3?W9@9-9sa0pp@iW2Vi^1&^g8`GVv3;C_Az1RVe9L&9cBx^d z9gB9_DYP9dd3U}gou!?}NEQ>nk^PXb@xWF$pbSPgfF+&~mO8UA0k;`TdnyXexhoT=4eDJikh!jks{ODr)@dFm*^ z2$?%y#m3zu;ANY(hYi(VzY)tzCf zR|<=+Mxc%_^{gdpkA=lH?C?5;J7)S!=E07>d(IOWy7CT3?kL$1Id8&@)}F}m8DADG zG4HVWyJ0MBI}hP-nFnV_=23gQ@TR=;EtILWOB*a*J!tpJY%lGet7y-l?OmJ4g+^r_ zvM+N6FMW0UKvg+|DpIBoITxYbb4Tr3aph;vS0ym-i^IMn zqcij8OkeEu$_Kxx$-9?KRU7k3b8(68y4+0@tTLCXJ!>QLd#u;{EtkXU8iIDhV}&fP z?OzyU@_S&ZZ77&OH49-@VaFoYFZ9e@oc$1+mw71YmU)yOedxmqwDpZylY+VgQGJ$FB@TubKB8Z&MgK{4A0iEZgh z!|*>Ah0PCOWk?)=gP&UbFr0Gxm9Lh0{H?C5oXp1C8cOPx!ID!06EwU1wywb+uVqEX z6yv%%4caBH1;!D!eQw^>M{@Ip!R%-MT`u`YL@$44e|9c^Smcc^(q?Y9whBX zE@A46%xcHOuVm-NF2JH1xr8M$den&wyB{)OBA18>%sCfr7CDx8A?Jf?8heEJy7k?$ z@TC4J4Cfs>U4_ilQb#uS=qxRn#}|En=RvcNd_}a)Imb4lb4me>yz83IIcGxISY6k7^^dPB z1~T-_vmHA%GkWA*abMA+kVfa>ysdo2iWGizb(pgs6uqS@Bm>mt$=EdzjM$3y)<|?Ky9bG4bA^ zP9H2Q!Mwy)EO#FDyk`Lcwhu~9elPDY7$2is+SR7OgB#l+uTXT2i@D2K1V?2}`S>zl zvRUZm3McRQ8rLkyH?`1Vsj~x+Cmm8K?ro(!U*f(~}V)JsZ!ou5$tg#|XYN<%)tbGj@S%6C<_9h;sN583wpbzGPT|eSl$CsF1-`0nFv4eXSV7a@MdySlU zb>8<3iZP7L<&?J%OOx0 zCsA(~ans%v2%Sl{0Lg}{1KH^U!`@nL?%i_!3eKD!o zBQkK#s=U<9gGiITB+6&47>wIaBHyk7w?WPp6H4fc@wI(Cc#bQteK3rs-|Czq>0&>C zJ=UPMDp3GE3-?&#_Up~2VtF@+WjOgWSKT{0qPW-cFh0$!6(d>JlwBZe&xM;k=XU9s z^Deycxj}Zmj7Fg=$2WUKMo%A1=9!0t&g>;aP5a=@%2;Y2a`IzylOo$Q&4tlE2+-*x z@8{9-l8eHCCpvV$Wh}_=F#=>=DDn?1I*Bp~v3ZbUAN?k0#rPU0c%{oj8*KW;SgSI( z$Jru$cfNwq_FHmx=!Kk}K3wuyQx|LKK(1i>NbbLq5~0eBsM*P@^?fSv;b`31P?ZeiN35!evIu;n?h#5TfW^M$3R(_wq> z!`uuzJ^^;a@7-E?pX6L)YX^blJ(j!i_MSeh>-Q`7k#?zfbJ)u5u)lk6!IBGb*rVUa zy0BShkA#Xpu)Ra?8R+is6|UWNzGAV(O806648PKc@@V-sw$iiwuPl1l#$Ce_e*j~V zO&^K1(k{9cp)+}CFo$M;PqE3YOZ_CiO>85~Q!x3xyp^Y2Y-unKy?mS6%-SU<7?$_h zVUcMLTU|q>WNbl~;k2^PVO?HTZ_;I63s$Jq*NEW?oVWmmI z?8{@Rbh%ey(YHj~Mh<(tzjfK1r7Iz>p#%94p(_E^doPfhB1_3v%e?^W{;H?7_lF4e z=s2**IgWnhHLpCDKPwuXbELFu_VOabcYlSU?7c-AD$f?J)_Eis)Pg1_1eTmBQG&5q z9u`>utLvVt9h0$;S;L!}N2QPIJ+SrpYnK}FheZZa@vLjATyDn~JEq^O?(8|1$PxF} zTlSKDw^(%{@4EHw7E_tCV8}TOOe2|xqmc8W}MJAmgk7@nvIm zagx+qhb0dUmORMgLOGY07P#|JDk5?OD|+q)SZr1IbkeSY+}xZ6CdQ4~F}~CzgO$Iq z07OrLg|A6Z*|@n2p^toZVf7g^p(gubnIBmAI8*875a~DhZ?NPp!QxYbC6*JG8UcsJ zKIuKf@Qo|+k$LE3&zrD^=q@55axPgmW7C4=ZoDU7_AK0chFN=W-iIdd@wh!7avF+> z#!0)xREmmBOeKtVwcm2lrw=l4vE+vPJxPH1z0?cWE^!Zst^Wv?_ef#2W5OcG;s%d- zh`7l3zN7bC{(0s>#RvYCO;G-F2|oEY@4J}WV0~(urT0r|HUS%(vhvD1Dy(K&>Yib(Bl8@;3lBWb?s@`>JKD%}TB+~A2-q>dyX0QOnELZ=-cQl4 z@gT71d9nhd2Y9_FdY;Ir$Z)Wp4|4IIRnZ{1%RsTsF(JqP!om~#1}t&}O)YUZMDNlD zdvW%Xy*PC6@miO>kLcMOUhCbD=Amil@yxVKy*}+KE3>SZU#SD0FmG5Hr(dzZIhSPM&;c1ZYjqFQ?fAG-bB@@7+wX%mR1VmC=G+S%UuutuqGfc; zSQO_AR=+(DX?Z7kH*;g@Pam}Q2iAU#Fk`t#k#>Ak#O%4yg{+IG8vE^omptTMZyQG* zvTKp+Sl7y5gg|CLlq6c&%<=77k!|~}1F~x%b|G^U+MWGi^9`*@(aC-=ZRTtVf6kf; zH_P~#(X$_y?7L%Dwl-sKEi(rigU+|91+1MHV$&|UuiDinqvBa~7v_WLh_J_eQ+rGw zsf}@1`~j%Be27?_`EpTZty+7>>2QJU8VDEYw-oBMtIYcGkXc1G#&@S2K=~E%G&IE2 zvi+*XwRuH0qvwNHD6*)UUD+ckE0INExsQbK<^FZOCFbO6fGu6YVjuc_1yE;AnUTUH zV7ZfBp*gGfG*S9}#4f0M*?!q_GZs$aJ*&#gM@G8xTy0k$y(i{kGnWPwUgtKCTtYmE zde?g`LKf2}!i5rI8#WYLU;jW+8-Xz2J-cSawNGb1G~^o$v|-v@1A zFqzvO^qsFmSPbE(U40@l&T@ys$~Tl`%bqKN*nYV+)9+(l`c92##y?713XdoNhg$gxgk_na9sYf2VPA7s&t znJn6Glbqo`I{XGMRq&Qe=)X5^gp+xiC`kJvWvt@zMT>phr9>gCcF9_Qm>XXSC| z9x=`3e5k3I`6{rI`Cj3ar5E9yp&>D|s~gBPFV9hYB5NR*tbOEd1OX0>hlBO*5xS7^ zee+=MJS19YFCTHV+)U-MTu)g)`DIx@$)N2cwO!4vdMzxr0%Z&%Gti=&4kB_S`UxqrVDMr!ed<(;WxMrgp;8t6sOvGLCbz!xm^FYR~3@dFg zjP9Af!q|KEVaXXl8C_Fl)cb8}Z5VUvy1*D8hOfbT&Rf%%wTbg&zoqEqoD&&}A&z|8 zT+1s5&~}agF78lpPoxhV)?ydyIrdz%I(*N zWSvbobg$!nTlIAj7~&P+=z(d@=5P-bbP7hqr!qDoy_Aw8?A{TAT_l`4(oj7ex(nkuCn%5lyb*% z1t^0h&;MR?hz%LnO?)TSrF%rxZNH6GyJCqek2A|B_8b;_F_Mh@{Ks~r--lh4w=pu8 z$j0(mX1(x4M?Z8Wrz>>Yn*E$s^)tcRucA}g%PZEj`z97P*qKlGK{B zAW9}Y7ORV$|5Wjgxp{4VEw)1*o1BG9>RK9y#pWhqDDu5jg^o{B&C)aW9GemAU+2LL zm$|8J-SMSX6AQp+_l+!?{Sf!M^v6nF+7J|-b{7ylXNLPNdWFikp>fwy?gbGE;ky^U zmi1#lZNJTfB&{X(?E;}fe-HbqK$*xEuFLRUfgaIUVUaB^h#>pMR=RwRDJc5Fxhk{v zOe4$NUEPt#QA_M4oJG-fId@`1fhG3iYLcg4&V;@5L`8OP(p%_7>6vk%XOCQFS!WkW=our=x0gw^YtK{_x^ieTH^iIuJF8oMuR1Jiapc%b z-wI7i0qpqlX32fpd(aWg8o0JHH-7t^8Ftb1%bXoLc*vqs&U*iT3Ru~7`4l8lEWRw_ zcyvkLsL~qyY4(VG+A-HxX_&Hm*U$~p^M%DxdJ+Hd^} z%27nOzh^?S=gc7KSNv)ANV;U``3i3CzL7<<_I&iAXWh2n#tEuW8(X-S)GC7r%V@uk zdzD=@Yv6e7+=Ow5Z@|(ol`gW6keJA8u+SupGh?QmhYnzoeN^9wyyi%U)?neC7mmI( zBq}I!A}nV{sgm$cDr|VCjFrf?u$&nzCwJq8#xMPG*~E{dqD0q9!fwB{OGBrkxZ}rR zSBo)3xE(l|3_Yp%XExK#Psorn@#J28A?%Cov?f9B6^myAu zl1*(MD6MCUgC>2r0oPr*#`V8xC*MJhXvc;MILZ<}$tQAXA)_~xdxmm%S>4z`> zp7icKB!%qUT!iW4E{3#gj5;x~d+E?*ZiqMZ_oyYnLm%JgiJe)OzNJQFeb9y!^3Egg z1qv2;oFigR#(a;+?7C2~vwq$q&G~rL9H51km#8_A^&`jj_nKQp9PhoVkq(hFD7<9HqU1&VTd>&3uJrNJByvv72`oI3MK$M_7b5p6EH-J> z5?X^j`e;lvsW|$t3bo;Dj$qdLj^*yrh2kt-!JT+MgqQB`O@;I#X z5CRn1^$u#*iU~gRAh++?60K6Yf5bRo&)rK2#T`rDB6idIdd@WLF+NG2+m0-sJ|rn- z?Ii|gzMf86zHwJd_UMw%(r@c2$Xtqz2UdC(ACYxdB0hVhUT)j9UM|;SY(cKUo=bM> z{$BkR!sa>;F%ub|BbeV41m1SFDR6z3zi{pJ_a191jw1WZOp|>RFdBMMQYU+^Mp@|Z zf)RJmscNAEvA>;f>sAmqa_=j96x#zVGLrDb(!JoG%;SP*cFb(tp?fhHSr;+FnHwnU z{IGjV+lg<&t5xM|QsVl10u(c50f390^D|iEn@Cr&`w-zu&zxDI7tW&4pR2a*@+RwL zp~c>LPY?9>8oMAOq37}u(?RTf%%ib`tYMwU83lL!9(B-ULv$YEJo;_@*iJ|H4ZF(O zA}VLkkx=OG9vaPbKApO18tU*;hm+GpukLI(BbdEd@D-GSlX*)jpO!kOP zzwK(fz7UqSYkY~w!QKHv^4o9Y3hvFiw!>gDkG>-z&G0dgz9T{Pd(7jprVkzG-m%-W zb??|My@&*hd|*3b7l1{dzSPL21FC8G3oP*)A|_%(zL27&Qx>Sm{NAh!-NT~)BBAW1 z5c<$PEcdxq;Ty1y&y!MnRz(U$-hhR#Nh8gI4Onci!u}t9v_^&M8qt2duJY8JK+&(W9h!j-wzPOZvf`39EV@ijJH=wRdx=Bx5GsX_TY^_8>E5?wPlPnu;O z4`0WHEN1;KadFpxKGSxMp=WZ7ZUyVPRBx`oCtx7`R!6)irP{7KB2B#W=$q6hiS}GR z{3J|=orkL;^LXeuPE2$hX-eHUI!?~kBen+x#U{wTAAcUxW@5Ksk9l~cVAo!}Pv$1x zCpr9<^I=O;pZihRaw8Sou9+*P(IUW_qvz5AX&G`nL5n-`K!lEM{w)6~(j(FIf zOIUP7Sl&K6>@g3_ICG1R=-cFZ!J;D`wrdKDj&s=Vn;@g)(jK<*0ZgI09Wxzgc!_q5 z^=TJAshz4OX(x+3SZY@LHt|x2E#1Rnw>YeO`JV?w({E}P`W8psc50u@S)~L>h)6rH zBLqv1wr`W84I^mhTSoX|k3J;mrCsE4eZ&?Ci;j3$>6tz=^1XJkMZ%&Z>L9kr!}bn< z#TI$k>J>1FxI16zs~Ml-d~FvU(eEWD3l<&mu*X=U<7g)uG2`=~L$K6N@GWal+I_Dt z;leT3R)1LeTpb`DqCMIP5Kwn$iXL|AN*hplb}i!Ji7)k$En zMIP2WK%MQ-29Y&%Ak-@DE{Sc|fcd%Yq9b0^fBB1$^8VgqO{?QvcyafQj+3)>S*;nf z%%WoJOVCGRbzu)aDZo9nrY210=JpAl^4Wy`TBBR5*ewq0Udo5aSk&mwx=63hIU=fb ze2GugZ*oTtD_?V@`+F3NU3-C5*`v?YV7gH8o_zr|SwH$r)?T-57h9x0q9ej$i-bi- zJgoFAWvcxqUd6Z35n-ahcdgV#?C*W`TyoH~UEbGqkwr&5tZP~wN4vZ&3;VUc1egGh zok!ot(JnO>4qID2?7=5p0iiX^x#0mzIzmCs<+w4h!EP zb!L1x?D{%AG)9LN9MuLTG&nA_MI3(u}*dp~&9r4nm`g_$89iyI0xhUzEi#fli$ZFfAW(@_RIwEgb&!uuL{k_DX zT{M4mD@Xq^mg+d?)(ttx>&1%^1^}oSVtN5_W8|u7g?bUhD z+5h^C?MtYAY|^ktAE~=)EDw1cJILA-MZ?4BGi_HLQIvVqW zdT)hh9@h8LTlNc;E_VDTl;5Ic{1@M-QNOS-XiA~oXMJ}kP+y<3`j$g|lyPb7BtQrdCH zlGp(K=6wxV>a`peUx&9$BX8XEwHdRr0Xh4wisji<=blTc!%IZ-rwNyiC~ux+7(D}uOllHMQs+*o5(&WDj%7Z5&@eOR zlO*zOZIM`e*I7Z2?2)I=`+K!TDz6gViubqY((^+7z1kvwN&auUyt87hsw2WW4{SHT z*BG=b3DbEzbR3}z(Q#NZx^G0_&GSOnwW zf<@+c0!#OjBr*@l1sRJ#{m}gdxG$Zm8<4rRZh+t%NtyXpCG}$EYZsK7cHGv*Vv{Dm zJo-qEvGG+N7p@X|hGm^E6?y3t7Tt=J6MCj0Mkj%Uo|%<%2f%VJiDuC&gxEahQ62H# zeeFD|Bi_5OZC4#pWx0;!q2n-*XWveoTzY{;ZWk&PUxEzT%}Y>(FLgs<<&*ao?9$pj z?XQ9)1do?ctuy-MiwZv3#66D!v3|&|<5Hbsl^+ zd(T+C_!408Z(S+iy%%7mdnU`w!xfc1S2v(zX>5Sd!SapP4Un8HlWJ*K9o+Qc80D-A zyUDrqj8k~AYc+FI-nM-t$C&Y;@;IzCBs3uFOrHs@DXr9YwMBj?J==D*MI!s&0m|g3 zUq#sSd#=H@tB%N2(0RzS>F+fLO-4iK@z8P3y_)@1m^k}J#|gdAakA&!-QnYoe&|`K zOXz@(({&*@EuC^}WDWRiG7lb*%!3M>d62p?4-}ZOU{@VWV*{*w`G(NEj?ZHnnVajU zSoxZ?^U7Ldnv&& z^o(7F4(K>pXSLBnYkW3YQ(-7MTg;B3KkrxUJcL_B|Al2QrP7A(MS$l%hlOugsf_QQ z3f;AW#pZja(w&Ddqtn4+YY{dQnM;&R)&&+BUF1S^XIR$WOPt|}Ou4a}UAh0=U*b^o z6ju9F2 zRq<#>W`#utxm5k-r!u7mIk^N{rGFIT; zm!kP|F`x2IWUzALAKUnVyszJv0&?{66?>ruQ1xY3MKK1P}kJ?mi$73wj)$DF; zJS@H)A3sUxS=wyqfDVy0phNWA)N{LX*WC~LLcdK-9p6?qgT)u4d_;UPRNbx>-Jtz8 zx76smR-!}mE!8h;MGweY(F6Len{dyY?QOffsV6J{u`W{a!e5l0&G}XSYGpVYadZv0 zNAF|>TJwAS72z+Qkj_|?j>&u#mhA5}7ms!nS=6&U<>L>3h1d9czlq5TA9}=Od8w@O z26KD%x9@tWY%QC6_xB1y1h=3rQ`c5#^80Z& z_DvAKhltW|ZJTE@+A*u{7&!tK8sa|Ben^ANJuO-)a)h^%vq!MV5w4lYTq=u%{$N=v zuKdUmGWJ4~LYT8wu=r>0{p75bWRG2E*I?I*Jl=NAhm{`MbrCPMXIfNg?4sUEj{U{; zn^=uA^({?`vW$O_wK%pGSjQsxZTSmoj(i1+ot5V^{smb0I4a0JedfvR2iI8U_Dc}P zoCVrUU{)}18FwZc#o9h3d-SImE6f9v&p77^J}kQWd_s8%rEs0(Fx zUg~qz0jgxOT}vW0>&uDeIBNOy`0C55AG7;7CkFHSHWppN+jwG_|E)m;-=p7b>!WYg z!H^?LW0r;@J>_VIW~YwXJIdS^k^;+wjhzE zs~Y0EU;Uhk_r%;aE%u>c^6{FAa^F54?^`A#$Eg!vFK5STE2yFv@})>UuplF_RN3H zb1l6Qdr2i+#EX5UVv%`Yb^e#Bw+l+!FU6z2!nhT44+q_ z&e(?%E#Tw9c&7^?;C&1B*qb_W5kSZr!Fac7Z-BfJj5jJv5b{PDd+wvMjqs~#b>LB1a^`J=SObVAPBpQA8@TURo$}L@;S6xgESDw{zbf zHKGzRJ)`7y|J%#3cQw_|d97VkmbJLbW$k~hA93L-%o{`HzvV@<=0{%iwV!qzeI)9< z{J=}1z{(7T&R{PIM!ZiEHuz^gvX4W%*~eGjNNXf^I+$z8J`S$3kNdqcRQ4=W&sV-G z1V}!fDUCIswUqCr{Q*-azV;-J(^gOuLFJ8DnDZt)GOvD@tc32P*crZ;yNvI3%^g?v z!_M22?6?O`Q!Aj!Tm+oumwu~j7~_8<1lD4$p&}fVBT5(Nzsc?FBe|Vwz`RT(qZB@aEg>Z-E7VAxAiouS=Qe#q-6 zL=JmNFyhn> z_WUG*@7_wY;d~!*d(w;RtIYP^nR;-0mL*X-hqjiI-FWwdVJ9q01o{3qXMg-tJEI$k(uEE!wy#<3Nqo9m0bBH zn0&I>8P`(L%st=SM}E&*3`Oog)~Efsm&Y@2$;=UJVtv`_9jAZw$EmdY$Y}%ZCf;*K zsh9BQO5%f;zgYm8qas4UdO?JF2h$B4N6*t7mDUmn=3U4L#eNezxknjRz-iYF9Gqcb z_mK|4ep6!oUc|wFwfm%Ocpj%j@ZY$xFk;p6oXE33tpA))OtblXrqC`}z2FRjCUSnIT^0m^kf)8IKa2~NA_!mKY)2`k_I z!qJ(dv#~X^FqmDxJgn&yfZ?XE5oY?LzmNMx4VK!y;j& zgUTrF`R1bHURDAOnJXCgGIB;PJ`!L0yY!R?485$heD+)RAhJL(-rA%be7!~F!%u?| zH+SXD7N@};>yu9w@rj)w7&1*-H@2!^*n*OFu}h_yKISNBVt8U~1AZTj_?$CkEM1)o zk~6x3eaw;cC=9tN3F)zxE-?T7cE1(q+B+TlLtn`JBJCz(?w!t+3XjMV$sG*l`f~4s z=gel#Vcu-)85!hKtH5dH51hmL0!c`o`J*33)a;oTo(N7ezc6p+zm*AlQrvIhAe?2n z$l#@rHpf*6Xz8GsBFC8@Uu!4tYQ7HlVcy;KHFt03-Idn%*suBB^)*Kq%5#F9CYb9h z_K5vn!p7pIEA2Sra(mA4PZ!Z4A5RzZd+I`k`Fh`SpL4ziEc-oUw|e2FwQ9<89*H2F zWkH&bi?J=PYGvv;-}qK1tzBRm-!t~D3fSliS?|#o5}S~vPLy(e*2X9`5?SiPsaK}S z42*9l7&1~}943 zyub3!^dr}zZK)Jg-@NoA*8I?q%BaDw8_e@9Ov~??!;z%t`DO@#b~7}9zf2kMm!c9J zXWjiu2tD>;J>*(?%h%G6+*=(m_k0sF*++sMw3d*>xg~HgM-RGl7@Joqq{mtwcR!}+ zTFiqiL-DZ|W7O-~f}Wf!M!J9KOr<_}w;n#5+Hm;h<;q{3Gig`eS^F}_nJ-?SbZq}E z#WU&}fxq-9_)9%E9H$?#(p1WNsok7;eFdSb@|_)LTwm6b$6Acpz7&(CzhJDTo4{Iv z;mfbY7IviToxXUWUl%RurN=s{9EpeZU?YIX{E8od^ zWO7^iAd?3&S1^2NNfEq*Nx;Z2!LS9@y#iS|81h>E)QKet=6R%VEzij_fzA{Ro^$=w zmzM;?t`fUK|IJ#0FFM#`zxL}Wii{YHE78qb%Ha@3kMPV*#;^qQE>sYTGq1Q3_o&v7 z&}3`_8tNJ3eq7<1d8bQjgD2*;m&PCcI(h=oE9$Y1UJ(r2NTo5{M=3w7`3el|n)5w5 z&N%ZTvfS?_hx0x4t?x(vM=)fDD_Q7Tw4YY09sTmVWKh?V#=!cl9n-Ta-z{7o8cKA8 z$94r*b}U5^nIV{TPz;*ivvy2<*B|S%r(UnGccHRd(0yzd8n5Q9;~xC<0_zv2xe~;I za%>hYd167#oKa!Etgmf=t4EGW?Z)J>7cjbOe&l?YGAdqji9nO7R@|fXEqGW#Xs)>i z7OdsVceN+aaq3%{$BFGJ;zYVHm;{{W+F^b5`e470ypuB07V5S+;(ZRb??SMm8~GkNagD>56%0M#U~3EN)u)E!!PXve(t&q16hK!!Gtgggee9!J zyU@@T%G&+LP90Z!Q^Wd?|{~> zIL6LfcoR4^FTXkd+q|)0A)4>~k>3{@;5hs)eGk7&Fzl=cTU|03ewSd>c|VxvTPa}9 zyhKv)V*Y-fgkREgx|QF<@6vyXOS_Phjej}VV~)Sxna~HGi}i!nN|AMa4}O}u0ME&! zz?~`9k8%03SWCVvXtKb1|NFpcx|QFfZ%d&#^lb@7o#=zD?i>uCYcO*54z@nmU`5RD zT_}nVTxAw;9Q7yrUY4o-UeXk2c@)h!>{o>zJ>LBbV&T6J`P4dIeUCZ`2YalA-jt0a zek~Y&mxC#DowJfPQ=_r}5|17%>oEWQUYo~7Pm23|S>WDU0{xd7`v+TFZZLYe1go0u zt}kOBG}LwD%rhA|ju?#Qz#k9{e?YKEkhM_Tt8s0Pam2M`2q*sPV94#cV&I)=1{-tI zf60jpMt_%J*jWz-AIej?I&9-Av^aaKJlA7=h z+Nk6Jv=Io}C>j&K8_fMy&v)<4xxtqH9zEp?MU+m1J=Q`mi2h5B?qJk$I2f`|rO`G9 zw{gVyAI$xxN3plU|Mrb4lLGxW)pYF}MHTo)T~GPtCH0R-R}045U6g|7TU!~Z(LPon3vjZjeFev%EWMgudqGetB?&a>Iioj#IPI;eXD3--nU@Vc&QKIv^YW5 zS6CJMsQiKBsE613l%;|pJ6@l8?$#A(UA!c&IW9vmer%xNGyF4sHz zt&rjB29++CXO~XQ`Z9y~J!;^z7IL&N#M<-7N97#E0QFz`zywQeXTR$ERZQ{@*76>{ zkxB<%DxkyqQl~k~+!c0ok)QmgW+Ova^OA(BERR=?6&FZ*5hsLSzXZ1nf4~Ctl z5DfJFp0~$-$#+g_ClCB!-lM`3!C$3Wpf&wbeXmYGO9z*fDa z{=wwWq15#iVaNKg>GwTt`lU~M=1Bway8aEFK6IwI0rs^knFP=231H3XOz@o2_cPkh&VHG5? zix#a1Kg~$b5s9@NF(!@7*AwxkoZqKdIJmxK4&v6xK;J?H`HV1VL4z@9$!N|c6ri>m8 z-hRF3T{CebeUHA3AwJ95?juv~^3!XN!yGlQ0SDzh`91wY7cRPdJed5im^nq&Cc^^Ei7&+%qPp*Hw zJU0EqIjAk%`qV$JSG;R3pl0`x{=qnV#a{}l_cHy1dsNB~bX9nS!$%Y$~)A=pQL z7wDySa?Y#m^~xhTF4M~5xu?;!Jl@9Q*BF-$0sTd$>^B{PwPfCPoHngYmh$n!>--)y z=R1vuypg^D4jw+1!udU;V%1!8%G%9LJ3&H!M1L@>`N#gREuhS+an znB$DuNn^s^loZQb5llQ6N4D=rS%JhoBr2nKXE}WAgZhM5?FL(Yp1 zFW&?>tpz;vmtMj8E&+4bTwV-&D@>KUpJ?VBT^hbeu2K8d29U{3nJYiUuBE6n-rr!@ zhw>V5FN?r{c7w5x3l(3y1mjNUm4v?}GQeMgL03^Y=MfB>R@P^Db};O=y@H$9)-9rL zyh+WIPK>>VtuboqTEFtHVd_DIheB-pR@1+IGlI$hB!-ogA8(6jXg`kr=%OOM}o zHL)FeC>ZbWg(z_sYLV;r)RW6z@H`%|TeX3~e$eWq@$?yZSj-MOJti?cyRa%`$NIgy z4{KY;*!AJYC0$>Q+@Y76qJyg%jDyp{=G+@~m|IJN6MHLUK$yHFy$4)b+xo1X$Uaw= zj`d|42G7N5v6kYr{4c#+n%DU3VD2})hc~n`SzlRPAErSj!F~c0y4RBl<^`3cgT8?|*uW$j!88`gsAD_gkjDG#&d5=B{e`9^r zzq;yN$VkDE;j$h`yAQo550La?-GHxN5A@%xVZP_(wm=8vwt)N05zu70E!>alSc8{` zpQLci#~cqnnJ5ZBNblhe7COT|@|`$N-$|}iadlqJJ>M+Gevf+VU!~{C526HkQzfUs zUn#uow-6w3AE`m()d+CS%I(*#*Y6pRS$Ry?m)^r1i3iY21)Nx4g^wIZ9p>vUq+C)F z9B^N4Yu7^Eg}z6fyMtjvsdEUv)L_b2rTlP4=|Y@uBIb_kIl}%I4EsS51n8#0kYB<8 z_RgYIk@bRs)69R!qSvB%@f-|UuP5}eK6+JD8AJOe=V54aPmn!y>LySC{@ONrbLe1{*qdF!Ze~BiL2W^y(bO4xXsOxupy3yVc9c z`x^`zuZ$9JeCfZ~hl06}OdhPIAf@GXnUIk|60cle0V~U|k~*dPdisE?LhklnrkP4t zIpm!~UFh#a7YgS6uxICSd*t@Y{z_L}UvPB}sdxO7!*Yu93pio|DemC=LsS!=Bl$@(jTVTUUvU0#wd1ny&<+^vT$ z6h_e@PUK%1=~~?EdzniFS?XG1I!+(ZrGL0SW7+HY;(lYO+?g1gum_#qCkcdAWzM6 zT#jPqRlf`c*w%x&-(tr6o_@7TgUcr$`cWZw^5UK?&N7!AJR*^SwbWZ{iuS`vprY^;hCdOt-$CB(tmS~ zF|GhMVEQVvX!))d(gCk4&!6+nFXT9DCv*dSlM~n2+aqTs)+CKzG0fdtX%2p`ZrF@7 zR^!U}gR5fD{GPU@N~GYg2*zDFm-_OJVBELZE;jfg#@KH#^q$fT!D+3WIk#Z&oT?+i zbAmnAS7+(LY2`N2d#(iMzCB4?k2$I=&iAaF@?r0vZj5!PGS~6u1tSinXNz|~u7*u3 z81{{BD*8e&WUj33#4-i*+|rN0!6h>;UdmZnI<3qOGS`(g<&0u=(4W13Vj9+-$jX4; zlSYDk5X|*eLT&llwftkhB@(daOjRpy6iR|kwU*<&AHm?+WhKC`GSOm#4~DE)bQ5;W zVA!;(e8+oP6pHtwpheEN0Kny^NhGGy$n;(Uk0KF47+HN0qAdu-rl2>V({|UIE5_h z=w-nk`%rGrf-G(15`n)Y>_IOlI4w?l^1yQsHFWTZhbuiE-5{9v@}UcT#7wxqsneWC zx{%{)47K~P#`I779?s*Dzh6~Ec|@Y9cu81hUizk8C17;>V91132$ip;>T+&1|7IVR z!(%OlHA4saiu_&?61$JwjhuNUVBu@^^l>f5^JlGltWRC2G6~8I`HEaK_2n}(S3Pz2 zQMoGik(nC2qzgGtd*_wDbDZ`1O0AN|K6IgvFJobYDX--#0{5AL-LH9Gr=CL_4_{H) z?8@yAUr{A0+5->3vouZN8G!W8H9UOWE47VF!Z-7H4&Q}3>$K8XJm`m3wJdbvQL#FxF5l|gJtSt z^Ua)t%{LhKh$2Lg`IGpGO}UaLdskzL@T*|N3SD`AaGx%;XH?rXXg7@x+6~5=T&5*_ zEf}&zk%RE|V7!eN{=9U0?0$J{Fl6+q&UkJQT_{tU=aw$CbYJC4&#f!H_x!@M_nu$q z0{ggx_TkSxTjXVYm3K1tav5ugJX>NWoe@c>^xY+;Qf}-c!rC67L=` z-tNywo_{dp?7Ul^TdWhDK72)aaok6`5ceZp2wbHLac3SmKWAojzxsr;;5~3<4bIPk zllKj{@mDwdA(NI&9yGk7vC<00pksO-3sGWU!!5V7C%BgYx{m4ydi^p)6x4vMAY zE__&bA-9J6O;G{&=|}F(n#PTit`gYTTfz_PJ3(S`)nf~;dbs=^ePjzL&q>es%F+S$ zc;oXG!JBgHLL0@>`91v_S&M!1DrYVZQW#iYjtF7$@#}i9;~u`E%BqRe%m?5(GZ%E# zk+YV>5@d#lew36bjpr-!d&=^)A$qJ&Sw4+Z+Q>8~ULNmJYA9!3S_kKmuZT52a)^>P zuqalh6nFLM*S=oOL!r;i+>(l5D#!SL56fxvfz@dm_pc>{h5I4w>q=i&OyzpM}t zZ}Jt;**jgzD6(y^$6CxQDuh6~iiDu6!U;LIM<1O$snS)&7}#$`4E&z)G^M^i)|Y^~ zI4wNKIkM(5PJ3rb#>n?Y#*4p1xaH3!YN9tL@e|{ENrkNW68Uz0=|Yavj?^$0e|_09A~cE*FA8HgY+Kol2`}bcilM4ETwbjY46aS6fgl_OZT#Z1%o&M1HT}55}d53iH0@PVv9K zGnu*2yQ}(vyc>)+AWOY>`q9s(6jW>|7iz#hQoEPmXL1vN)kNSdAG%A=7BWK-fxN5V zv0}fc-RII~p~*|i-18{u(Q(EI_k^Nr^pc7D!UgRHt&8fNLUzp%6INnXsw`6ctin|uEm-NwMmy> z<;QU?k2{@f!g-Bn%`_}O{iuj8`?b$^S(TngAr74HL!YUN7k<-Vt|jveYso<^Odat` z^17BXu6A#Q{&FwR!NoZ1Ok@p1#tf!hm+{~4X*17~q3oD37k>4q50}R2Tl=UFm$-}0 z9>32m*2DQbf@e3dKjET9r4=5fU86m_og4BZ1Kk&`XO@JV0#F*vcRc0yN`qIdlak= zaQ~ipu)5a>TbZVD)I>Pgo=30*1itrY`9|Z&SqWCKGylcr+c1#b?)-D$ah>alond;rbqN1;MJE#~dX$150QSws))Vk+Tx4$VmQ+jNUlv zXdY~B6v3$Nda!-FQ=PG81S9VHVEb+bqnE+KR`&}=9q?eh@dsOe6^uNfgY8`nhAkr) zv4aO&SveSaR0mu6G+0vMo>6R#`%!IcXstLmXed)IXI|lMXec)Xw01?NSxW-Gu$9p> zgJf`L95wgOTq0kqNG*3Omg8D73Ni;hy_7~}1u^Amq+DJd*4(9K1Eom0JmQ*!pt&k_^ApHnh zE3uM0Q{p1~{UARe0fhX3VE7;pCJ!sQioJEsIgd*OV!zaeYz};o!SasrU;N^Ys}R+W zOWXy|1;RUyc+3n1kN2oRY4&04TmOB?O@*IA8|g=!Tj2uWFa5|hQxm^=sfizqI(!F{ zcGHhI%hUkYQqT@KC@98p^r6foO`O)jr1A74&aJEEyx8XY9=5rIx!=s=elH?g8p_$` zxFTg3_mD-?k2v%6BhLId`F<}WJZGMM#2M)Wx(ameBLk)1!!LOmNsslBbJ4h*(X5#~ zpvF;W;$UkZ5B9)cHRIebJ+#6UH4zSmzHq7kdzP01v-=1JzpBLz{5ja>mo+bakq^fE zo2Icomd2rT9&Bwb!HVb~+$Ux8&IIF~iK-s^px<5Ex%WI55bw;nh4!vyf!bW;zE>Bc zU9)*WXB9y23C25JHC6PtVC$Rhdu7BjuX5*w>p>g&fS`@UY{$_XHNvGg>cQYcW%{n~ zvvK6C1f%!G!MI1Ee*HL&!>@L*^)m(Yp4XCf{Y;JXJ-?PsD?bN=43 z`b&g!ebjXCd(<(^y-Ho(bHidk2)4G!#!(ycV7%u=D2dZ6$h~`ub+V6AF5q>=xq*Xp zp?z0#9b-2OCNDP5t$pMHW_{EvO%Q$H&zzse{qkNWs<4mh!-1FT!#R%rjm<&-#$eP$ zIGFES;e_BmQB>IH`n&s{@A;)t+-Ku8>`8k-hX07bLN8JCx)|Vel`$jPDTYe$-R-7AnDRGwl<`;5Y zhOWhZ?A~z&*D|gy0Kn)cl4MKYrC=$s{1?B_c@5+*551=+{;?1ILS6hU={s*n1Pv9& z4W0{*XTQ1f9Y^ftg`8mTtODZ3x-^cs|6tU04n~~Y!IUS9bK}j+2L$djxj8QN3S3cN zuZvI4)WNVd=RL6~n8Wu{xb}Q|rI7`KZJa_vth_TA zw2{aUZR8ShzbC-3W_sK-ulDvbw4vQPt-{-bq3;)hhMt^C^1u~!oeO%^R~ZcdV3@)- z7Yy56DL>LiPyF(nIS&rqKui!iCrMrV}10p`UzQdedJ6v zt{@E7M;=<^h{rq_eyd!D;<+mbPOX2?%R|rNgQ4d|e#kz(TAs%r@=g1mcFbVNFS$8+ zD}v!eyH>xPZ!DYh?Rr3Kxl_c8ezjf{`G);c`rdg2{N&$`xJ5EXNjbOB8N@0FT#9QEM}t<8|R--`{gzQj7m(MzcBksoj{ar)4O z$`-w%82vLi=A@56*%*I+T4E}1Xi1)|uae)cMVm)vN9EW{fMXv8Ujn1IVrwRc_h9H&S;HQ4 zJY@Mi%Ir5wKYKeXz^>2w2YGZ;=HuJld+Bbr$VDPKV)T}QUF$rl~$hKAe;0?VH zpuJncxC^C7@P=MXmBoE9Y;&2>xo>A$-}Ai^#7i&1;Kgx7aUVPIdv$5vb322vFy7F< z#@z~r?43Jc^R2p+#1aRi58%O&rLLqHI89OB`x^&?mlS2`KGJdguWw2ne5JpHJ!m6W zk>At4o5YVUl$R6xOKuYQMkNA}`GX;!7H)=ZDHyU@7H;0WYh}tEY|-Gpf!zH>Z^sd% zerZ6`Zl+=XOMYJe)eqLR*wKTbW2ailU#eHIe67x-_&IY&@lFTBSCoYon`PC*w8hK&6P4G&&fXnO=jMJ7u&z5IlhqBIyPcrf_dLs9`_@ig#D(Iu)cJX zl@s%1p%ed?Nd{b%$_-zu4uRvyuPsu8{Mul~qy~Ge<#B&=K|;^5N!Qmyy>w7B2>zS? z!GB8?^uNYST?s`0OK*u1VCXFotmGxur;nge)5lsqrSZ(RoOwlgIrHkOvF3`!a+cOr z%liD_Yv~p2;|gx>-qI@^XRL0PFVDmJ0Ku{etu6Ma}}6;8*4Mb`96Fnc@~u! zN}3Wc^0l5z^on5k60*#3k17qsnu8%X6-EJH%f!eVU+6h@I&5JeJp8O7NaXFxQeAwe(k~Wb8hF3U6BatBjI3sI-#vny+!~Ivi&_O`iP6 zK8&Y{8=%()J?>=;72L<1z)M?moOa;Cs$9!M<}bou8h^?IGq27V--`_3P4=JZ#Y-~T zwIs`P9+h=*j>ml~#{|CHbIILG1OYFl`Z_PQfbW&|{-&0(zQVZo4UH4Kk7|lJ&b*zX zBE7%)7dWHLgy104m+MoGxKKa;YYaIkIii`yI zkQuUCa#z#-{9aVV_l()eLgw91Zs**3_MJmNN#!Da%QD??2P+4^`zUe{TT3U&n;eY0 zS~Uvp<(2H;J6%XG`?zPuaoS#c8R4D5ut%f?@RkKbe$JDHPFyJ(!JNw|W|h z^T-^AUJ(o(BJPa7Rpf{JxS;Z(tJ-6uZ(T^VsT*h+(O z&+7#1S_<-7dd>@mT=MsVk9NP+=URHsoXDG8mOpw_Fy7=u75A3-!u`n64h~9Zavc4w z^6=63=3tMtWR7IN^lqrck$O+!6>my6Mm#@k`h~&6ui{qt?av&`elrEJ<_wCQZ&Nrf zBh>D>nkk~JZExa&DW%A&$oCV$EA!jPFr)4lJcuU zPW*3*6yMYSoZ9$UpR#;uJM!IX{4#H08O&>q-=aZ`Hwz}O%P#L6^wzoP5_w%|!tl<- zNzO92J?D{K9@?mU9kfrpg^+Zz`?LwG?-=v{uV2>;l)1erYY&EOzwFIo#=B z*afbX{L)%c5AH1y&T(~opZn3%0}rb^&SNblaPi-Q{eV#yv0`b)(zO!gx=N(D<`NE= zH+K*7Cf++PYxAzp-imp=^yTNVCXXu57&7MdlwZDaJ>|i3fqlz|>K~6UD;RoI5s=6m zWiq0_1w&`Qax%_KPm3$d>7A)G8aVA)V84}=b)4~pWfsUcB5}W$19;CZ2P-(uS-EdO zr9@p{W&!@21IhoIA5dEb`Af1qclwX@;jR@O`$(2|-iq|>ev{>$BcXwD^gF&P?~nCS zL$?A)+8KhOvuE;^=cJ&sw-jLZ5egjlxT}?laGd!8Vd^nQLG+84!cf3fVu|Clsitva z>nl?WnKc-4d(ty{MKEy{(}p+206FuR4*Te`f~yFhy(Kbm96 zcq@`)IrCykoWnTt)Jx9%Tt&N&V4Qg&WAK+slp)&&Lk79lH7l1Sp+DAAqt?Me{l(E? zgK2kvBo|gHCC&T!uyul5&K^-Y-xoJ`+j6v;yliv&HBu- zD|Es4<8M^SfAw=F!eK+Hf<1P^V7&1~E2FaqBd)YC3g3_1lH9jqU7)MvXZB$aiX;&2 zok=CWm-P~NUhPtevB*B3nP0d^58HZHJ#2Gz>B46InE=E05*na`9$@%Y4;S9y(2j;5^Ekbszc%i_S*Ju1l-Du4fv0dDKKL6&ZU|>Xv6&I1>2F zj?NtAxw4OoRpjWoFDS+C%ARry3#4u)P^Uv6yw zg=B%3VBG!d%kBE;uT}zwbda=*eK#1gaw;*ha^Yd%Dj0Xa>w!LaS7z^4Hx=3_8VO(J zmGRm$y43Z(3&FSx*O%LQ>Frrkhq=C8Y3Sw50)9{1W)+Cxbwy`$Kk}ra8w5i)D5VD8 z9t_@IXdb#jWu1|guP-w>}S&NSlp=zG%*)V5wEHnMUsWaUaxBP(Bd z>V138rO7@niG1($C2j*t5fz5)Sos5V@g#KkX)t7|YcB*n#}3%XB^t68b9CgO%zMuuc8f|%h^yjhR@N&kT6(#_ z>&5A#Hfhz>*J>Bf1_;L182m$+u?4iG8W#_OSKwdgzhAREZ|1!WZ zM+OPzNZeo_DV^*id6#{pY&eH@fufZ?^H1ySbmE?Q!T@vhII@pKB=%9OQ1+3Vgnbkm zo2Uh^l?-{>aq!srqZpD2o<(s!G81ZXA z#kiI>iaFtYi#dT#E4aiy3e$qFQmvMs_BHogcnR}XjK+D@b>leRx7-?jPhIy~rEov4 zAjRS(Q>ptK zmp|&dMKH@>3TuJCBxZBZv#oP(O$!}V69)RLZ58`?#HJLDj!ct_nfJVe2;TEx^3&8+ z&NtgS^irum?s>uS?6;6Rzh^y)0<^JXX41m%7fgOyyJP4++q(0bmz5ZSY+G<1x_vNo z`=W=??Ssir+b($dFczX9CFGY(c*wxDb47j$hTkA@2;Dvyy8V>_hyFSa=;J{o?4C1-^-8$-Dhm^dsRu*7Gk{eet z%8o0f}6F!@ztEVwGf!8ulzy6>eG@0u@(NSJ4i+}ZcCHT%7- zVRhp+2KQj=Blv-h%yqEU*?(ZZJ&B#1TlLZZefRIbtFs?0?-)49DhOR?15G2N!aMHx0c77SC3rwk&XLb`Re|=HlrWd=yV5r+^xdl+{fnG z+<&+B$q!6g%dE_KWLjq*v26B{eVp^4M{e_$L&%#hZJnZntHvwkx9Bga~H%|Ji z&+Yh+ZrsLR9&F>*e_&&yJy=aB2B(RR@cUrM*;yV&SG(_R4*9{d-s~K0c=wF8kP;)i-WqFAuhT!w*&j2jBbR zzO`Lsq+k<^*!PmDp{wevfS1%z@Iqb0`(6POyFTh7-ng|{9&Bqr{lLa2cd)ft{=mF% z^?-68YqPxnsz+sw;C&0m`&Q(%`_072yySB>Z!U-Br`P)y{QbA_Irra!H5Sjst;1g` z@wV^VrC~Vl+AMF5jnDakjScT$8=vz7L#EChHL;hCi&e6Z3a_${ilRb)=?3tF;!Bp_ zcU9%5i8Ri;Hp^RIiIt1zKWnqRaa;4}U|SpfU~9AdfyrO0y~w#07Rk9)dl7mmRRQ`d z4UPR)bP7E81Tb&m&&*qSbmpyGhTq$K?Dk6!sDo`Cr5~95wBEPwBjf9yQ6cZ{V{0_t z92w&H@74oo966ppF!^cv4Btzi;XDfMVISmp-W=P1@CPjgRAS}u{b!#DKPcWLI{*qlKGuO`$irIY+8v;@Zu`ngTG+B$$2G_ zOD?2$_fcgBj^D~4*Bh06^jw0g)HiUI z8PhqmOBJr-nO7U!IW~VVTxB*}eo$&DGFLEUkR&PbQb+>di|vAgY|_hfQVpbyTm;Mi zN^|8+4u+0XhKcwq4A1Xv+*f!>rE?z-dg=LaAKLH=72-WAgx>qn)|fXlHTa|MU~7KZ zy;GyyZ`TOgC`M%8p2*KTQ;f*IDHrw+?OqY*y@QoDbRXLAa+t@D24ii(+Wh0LO3mrBO_miZ4K zRWRPSs-aBWVR^6BMcjQPa-m}fgTGw(?&2>P{N?(VF1@r8_)Dd2K?|W6xXWZt(-#Fj%VA5Zq&YXFnru$ZuzKYE#mjk+Fsv16wVEAkb`=2=T*8I?M zlDvu4C~X$~HyH1JSQb~+iQ(>NgXhezAgW6{O(5#vPWfA+9pr@V#m!azD~P*jsjV z&NBUjeZ;caM{z-ZZ~HlP9>oRuy{$of<2IM^Ue~sptCM>*!p$hwAdc!c+gcb z>U+LvLeOMSBRu=Z12X$ay5h`R4R_&IxO}pRUgXK#=kW1h&`YLB>?+-I_+K#e?o!>j zzg2QXt_y~oQ%W3m;4-Dr#e?yF)Mpf%!i51W{|km}Tklc$S`q{AbTIVBL=|Mwyiw@C z!H_YFD)2lWeuL{X%04oh@0(JHgZMjR?$T8%)5YMAzXr142Cs#F~M_}2Am!NE?zn$=h*t9tuL9{IsQn0se{h3_1x}z`spg+BHce^?XvoKbKUX*h@e%h2LIN*;HP#~pn51OB8=yN}JS3eVJD z{DFDq$>Z#!1{TcmpayGb1&UOyT&g}}9Exi;@2oB2eT$!-c8|mr_{P4ZUe!p@$FfL;~umseF z73%_?$>(fuSEz&kCP)C=-2eOU)}#1=VVAnr%g(Vi*zdpE;bNWW;<;SK-z5sO<_<)d zvR+A}i>pi{_#Dn$vU3y-Ol-iF-`(>#cJCZp4a0chtetb91Jc6pUJ^q_=KRCF) zpi6((USn|;?6GF;YlUdK-@;Isqd;@!D69ayB#MHAT$Su2dE7blja{!$=cq`);-xw< z&aw6W!+og_?xV^=d@sk)!V02dj$(G$MxH-GWN+v24pxrBGcS+S zIkpeX&0*|dTApWKX(0De2KwSEXA!tMCkx}`SD7L`^D}(&Uv1olR$#ZizMz~(ayI+O z=;j>ySFbJnzA3@5QT#0)eczc(s?y6T#k;qZSk{vA$C`6JvA2{LaGxUJ9LA~k>LU+T zP7s?%9&2QQVAxvv=VKpRUoZMAX2<;+vy=H5nIRDvJJOXY=X(!Zcv^+~=rTa3k&xfZ zVzTE(?Zx(1DMG(jAr}6-^$G94#!jEP-S2H(m;0}NtE_+C-|XnnGj$vLUPr$2WH5PM z=`$;{7GdLgloA3>R@a5Sl?u;2qQ2v;FQfkA^yBe{R_4xqJZLgm-hEV@k2$smNoz^W zfi^0w$=+hc+|?R!Fvm5p*m)~$$oeYz!`=$J1~19?;57N3^T>|w`dT1s**;>2gOXJl zr){{KAP*~!hj|mJ!NEi3&zs`CEL9quQh%~F7sul`?ZsU!{1w4`14@T=ANryzr|Oxf z9)Z8YBV6BuPnI^pyoKdHV8jZg+Dp5!4QQ=69@bKw7-%SS6Z=TbgZ`)!)Bj49fp)7C z<399_)fEc=%&|K6QB}pI)6B}dk1TW0b1-5_k}Qy43X8<{a4A2#kIHG``#hKC-nV1V zi_@7CY+u|Dr~VVmdywaq{lNOJ*y!LWlAxqp=rovTd5L2~8&^_dX*U@1RZk&y45 zW3zXmb|>(Io^$u{h}o(75OFfW9&1sj%gyfnC}xNIk!ZH>+x1K3ess0m+c!M6NFnL! zg4!0R=`P^Db`$#^WuBB?3Tw~`y-*17QhW~k$ms?`6>8{+4Drb!u2KX?cUO7{9auN8D|WAo{q;p9yra1vGQcm0@6zja-iLwGS-|v z1ML>##eQ>@L%Y?}ht_If!5u6#1stT$xQ`U{#nri0@vqu&*)g^(s)tB@QvKR@Qq-eM`XWzqo_3aMlkqB z)y$!nVDODhRq&12J$xe=e52Dqc1&YOb_|B>eSL11o-fpN?@W>z@pWmnyivihS@uLB z-v>ihDV+}ex7Pz3axl-Rd;{04-LXgmY&=EH!C!)TXNq|OSGk#>@$wD0Te*Z;UolV6 zZuthzp)I`d1NU(O>C1<554t{W;fV+EziScc`m7gJnGX1Ur-7{?7&=qdV&0?r*NUqG z`}S>2d_kY7JP0uuS26?~qz>*|(W@ZODb!`(_#|q1P9`^aPU;b7{>NC2Ovuu6?pku5Wu?_AaEmIETKN&xh_(I_zT( z>p~Q^j(!vjTYVWd*y=A72U^SE#Q8=Bj;m?*-oeBY&ghhT#+j3T{cHW6aaD=l-lIoO zLm@?veHaItg!$Nqxia;y^}Zz_fR{(CRVf4F;F_2(UMfuhu3}iiimv6qHH-$9k_}A% zOqlXsmJ-5wJZhcVzc#urrI34+*vURhlVcy{Ik1mwSh@SC^cc8LUFE*fzqa)~@*IMp zLtF|6`^XpLKD0*^mWG~J`nfbzOE`E*Z6CzTH-4P7OV?LQA-KB6MvK471u;i%NzOde zh~td^OI`IYYtTid$Y$p@-SY^B44h|zGY^K$ zb=Q2)Es25mGMM`)7HsJ`7cPGLbL;N?t(Pu-`?L>qh+x=}VngWm$C})SxnE`eqeEQl z5O7*p?%ub;PvL99kVUH);`#!CtBMjiM_DVwBVw`S$X+kqy{qRI-}`nYFPy{LF-h6T z-j%EtSCIjDu8$b=K727f3!Y`ylJDhW@q0P07B882IJc6Z9j7lLi$3<J;~TlgQ1_7Mc~~J z#NJ9maD5rqSzneZVe;|x8OP~!O^hHmDi}WSLO zLifd+InKPS6NemUPDomc?^eg*yw*c0+6-GkmJDe(mcv@oaaQ)Jl7+OJjstC^gs9QUBf zggDM9!HK;ka5&Cf_+CNZ!9-yHyS-{Vx0t8%nzMXujM;B40%$y+4LAtV(0GgHt|p>$ zSM%Ahk9;=J=&xZ9SS~!QbPg=5aXRasqR@**s`sndcXExvX zd^WDd9vMYNKK8Nw-pen^WWL`EhW>k~Uz`^H$9^v)(C-<;SE@eysDeFmQ)(@D@cJk3 z8I{h&9Sru^hd7Oduz}_ZL~bf7jkhNlZ%^70Z%?W?Z%;7Zo>H(pkLpJ4+fyex-k!*w zw?s0WYOI3QJ*F+9>?b@0BFMxQg8aQ^yy&8*@YbA z*9|6rNp)r)g`BXD+=Kfz)<0Q#uH@*xA6cZauU!ZMIDPbZC`?*Kpi@S8_P{YaPu@jObgzu=}(+Y^uSKLF(*|jNWrjY~%GxhQci#uX^d_b$MA=g4&ZfO#(qK=pgZ02Q4rt{y!eF4P`6 z$mF}SS>llQvgZi?lDXY|7y}gc#B%{A(ESB)EUrGS`FJL2){>6n_ewP6d)CGIj$Giy z={U||@5j=ey_Y$u{IB)Givah0b56Ks^U5!Lh;e6>-u-5{1us2s@RE#-tT}_7QMA!97Z0051vJ&|d;7IE_Vcj~+VCsR8hz zbR6*9qsKk!Q2__(IPBvX+n#w0!F?22#W-{Iix&0HloIS(i0iA0E3wW8+w}#b=4deL zU>t0DPB3a49&GiVV7xO2TmBpjc|2IzGXLW0U~3l$R&*5Oc)J@%tZ6X(I0su+^v_u~?txQl<2EkAnC}&6By4H7{}NYqu%+E#&wEs^jBOOG+A8QybD<^N>|(lX&vyZd^YT(0$tp#Oli)6-RxR` zx{u1YyN@EK*hgMcVf%KUgIaGLG{UW!3uZ&z4@?-B3Qywq3-Rz))Y zi;b*tHSAy<@hXiY-X~be;rzF#4q(&+=)dF{9?Z8Q{|xv`cL6WCM3}d_x~#8|W5;2S z$l!s0;b3b|3`P%tgZai6D(<}4c=|6ko?zH`4z{v)um?^*@FQMJ+m)Y#Q7iUf;_8B! z_k1G*@LUWU_qU)_XtDrL_)w{WoOywV(5W@RT5}PytdF`WjUz5M82*`qZCq{=&ErkZ z)yqCQHujOo4;@^v!LHdDwB{{)C!SLPGnqwY-K!ya)k`9@_7o#R1& z8Spuy4CK(2^#FAZ@(k_y{-S?b+r>W^?14Y)0UY|^8^Msda(S&SqyJ(f3x+Qy znD2Bj$6jC;$_#hNSdxUhUN@V}mbeQWOu z?z@%wVB;gsY9Y_b7XzNH2he}9F$TjIbFjzy@WnJv-TBxCc&WbGzCGva6$jL_jO7sP ze6Wo@57wzK?$c+$X}%cFBVP<_PM>icIW@-;(djbhxZiv+u8%&CeNWx_S0+o>NA7F? zrJnx5)^GpAvN?}LGuGFV!CysEz)M9)SYN7!;~qH89RMBJr?53s*ZH0q&%82*+=YBG z?iagv-^1=547+#F7IyE0VK1q3gKtGwX65moM&!Rj7kn>E&|@F@V&F~rVmOaW%-Z{r zFNQPfNr4V7(T4xhuRI*k=kcES^|kfH6B~7~^|b}lMiESz=AqA|^?3I$5PA2Jo1MKC z_zIrWXTZw^Y4Sa4#na;i!kqgra8ya zd$c)-bv~Fl&1nto_5`>-ZH$S3;;OU+cuD3Qcv$K*cd!}(d%js-kzeveqn8CkPVAP0 z=dg?|C>Z+hrBduZfn7dV` zIl6N&-hk_qzO)-m9JD#dQTO9i9QRR;0M=JnAN#cqbKj$%@WCEyA$PNJ+Hwnh+nB7z zY4-^xT~(XeeGn_2sz&Z+u%7unqtF6QYs|=ftK=T^k}GCqkfPEy_M>^p-3&(VW-x8x z!H`e0iXuyOl-S&Y@qVPjqNfCtC+2qn&(;G-{UvuZ7%|MjQXCie`C|5+iTvcJJu}d$ z`7_Ny|Hgwo_LktpT9mzu{6LPl9_!+Tx-+T!)SU_T;E7kPeb-{|!ZRtjk4nd|5BnMR zU+T^TqwdVXe0vIOc761i>%Y_?4MtAa!LWnm!j+d)V3a#p_yKqD3STb%j3YbmzP!XZ zvc?fd7K}KuGu_Bbj3a9tab&@iy@Sb1j3ev6#GC{pjw~}0abyRR){G--9C2g^!{!ki zN4~o9FDvWi1;bxkcrkGW!O&ewzmylJyEsQxC6*2{@io| z27`xHX$bpEFy6~bL_uq5YUsMb(4(R%-r7>M-AAb3_cAj&vd{HcUpmNQ?mjYt`n>`q zmNs$~E#22+T^y9&<2d@mw&E{z_A3SKywnKzRn&-QeoEr5IseSw{W1mNVZq!-0`%UQ z6WiHaEMoc9l`m!=sZ8939%XRf1Lr=dSr`t;H465P&VDH?tffoCS|Y&ZC0BBpy=A&# zedfjFo*`a27omF9CF`UfL%WS?A+ zz5$6`tR?q3YsnV_Uh>7Tw_?j!U%nV{l`qCQ>RY!sNS|?i>T1(tz-eSw3@z}lN>VmvD{iFxpz3|dxY6|pR zaXG(N!2;$m4kb7CV;>Kk7AgrHlp@Q#nL(hd{4=b%(iqU`724S~oBN-_PVRp&c}Z2!;D2e7ym{A;e(B}<(eL|q{pi8H{pbt3(H4IF=$B4| z!Pn|GhOTk#z}Z{RH0yih#Z(;=T__m#zsl+&I|keQ^Soen!JE6E37&T_81GrXQ@K;>A2H!j7Z`V>e6k*yT%XE`(Bxr-HLM7ojC+snA zol$^QfJoS59|a{aPT4yP0P;rZ_VR<61ZULcVtuJ}?Dr0R*OER1PFsxM`y(&OKf~Ta zGk7Vb%X!HOzVJ2jSdtFJUsu67%)cy^2i-ZCwDHhg+O2#t-345wyFj}SU(Bg_(AvWn z)63&~RQe2Oo`^2YT%(Rd8qXKQdE|@X%=5*7=S+C)H#EJ{S|0qbFck1o-7@iF4oB`r-?!X7;3YkUwWNlEm-H0ylAgj^N~Pe8 z3Z3zL`l9Qy_gEkO-(oJ*rVnNgQK6yo_QFM>mvUg(#}&O@Iw;%+9F)Hg{)!oM+(Ujz zC*ge4Nx)w^iQ_VQus&lJ&vne1KXj5x&SSr?6RfgDZd2Ds?Wdw&%xjBHq9+=HE|E7gXzl&riM7o@Rt_c|^aSktQPvndF&I4YL_O%Q9+vDaS3YoHZv@ zyOzJ$Ei&`-E+jr9TLeS4sB{*x#g)@?Z^jmyrEdwu1deM9^Pp zcdYL=x98h)>9`W)8K(@Aq=!6yWs^C}^aa=aptYJ;v)}Xu_*(h``-tsASH*6zk9-}h zrLFnB8V4;7(hb;Kx`E%L4`q%RYHuG5d96}w#3=;xPN%A|x29k%u}=2($T3OklqO5R zgdgO?056%%zF|uj0XHJwFHJY1tUl2LTg=LNnL}hkIatC zUvgtZ8^MsDi?G4ARAv?WM=;*9G7Hc@f{BAnP)kESGrVQN;FEd5c+1j4J>SBXR&KhI z{hUYU9M@9y^2KRMQ{Xh#4ozM%&;GZ>n5E~!1;k6b0c%M&@O%0es|@~FpY?spNRqD7 z4ZzhS$2}_bZWRo>_cu`hJ>a9@OK^3;jf<-b3Iz6xH#t)z{{3M15u*&=nL;q&Il{!(Rv)@F1aP{ynTrYdhC?q(CdFoY2k)G?7;=IP|)yp0or_T`|5lkH9b6|ZnUj_&H z99T>2?6Gb z`b(UI4z5Ys(pn-q`*`>qO79W(^{wZw76-+-rB}EXb=We3z5D4E?#((0-F)n3skPE% z4L0~*aZsF5aZrvkj_le2frCdJR98V6uAFq|&_A6j?%t{o?0>s7d%l$<;>@iNoRk={ z_-_@`2i6H8hXrGAXDZmWl;(vEFBr62PNl`)6(keJ8C_`T-pg~tvX8RA_S~{=p!bwIhu#wmy{CwG_*Fe2u-oMWn(vs+Pvv9n5`HPYaw@_m{iy zsQcSf5i;E9!g!S--zmC$79 z6J|}Fs6||*S3vg#cl$kS9rVQG3oLsdnYy%3Wa?n(J$cZ01A-yH6qVt9%f-h&s*}Y& zDyspl<;q{4oe30wV=#OKc}w#mAM-F*WedwHd?z~4a9lvLd{nP;YL8^iK_>jjw>R)|U|H}PpgDP7MA5}2) zt!qcmnWtBPzf@<|oU50&F}(u%Yk7_{2fs8C`RO%&UAn3{s_UaSV1eS+8Y;vK-6a*w zcd+tn?jwPG*HYXPdwb-Dm%Zwn{KyS2+{}9(+u&|Ja>F}bWtIFD(CH&LJZVi?swOw? zH)RbRSeGt!mG>hUv>W+hV+@8KUzb+SJZl6t#$fR5A|>H#MUTU?uZ;EHg~IxHle-?o z3I#)!uLnGGL@@NNUJrO;5j)(OVBo&e4(MB5Rqpg%-#yEy9-fn1(!JF#aPNK<0v_vA zE=gnJJ*wY3`rDNTU%Cp09*`-6H@<&*miZy}eT!Y8rv!t)uMDBv%7 zlhJE~ai?RQ=pVrz>oXU*mbTJRZR?@ubc5xcmH2Sp3K2Li6>jc+6ppVq82WTi0J402 z+<8}nA(uRQyB7eY&%fw<^p7HJq^nCvWFOYbu404dmLFo@g?hX51_bk-r!PR0`60NM zCC~`-T}Wz|hH4YSU5zBUTa~-nccD&4o@FImR^F&R*kd2o3<;z1oOB4*k`BRI5<9_j zp&zUz@d}(4#0TBy$^xh5K0wa}bU_=1v--UUt{(bA8oPHZv%K@#XDVw6@>MX;Jcm4c z%X9-?avnR*y!Wa?_|D{;;5;5WMAh)*&-o@e^K=OCTp2IdXYS4Qad%u?Z0~fW3teSY zWgi(Wp{u3^e~&s;l_c{1X3*h$Gnla7j1Sz^6nXa1b#pD|eqETpdwbw7CBiu#vP$Bg z>(jPbB(^w6(BX_8F;AC9z#PRqfxmk|_IzW|oLkq3GtW2SxWCF45wB}8A2zI@N9Bg_ zeiUBkyw=ui7&`3zm3{P_v%W{nQ*B4kHM$APdif^6b8%46=_3v*53@A%=>L(l>pNIV zHF&ATIy7E+GtRs?sHLki?9iF67yII`&@$eI>$~na?ZDS}eb=1ohpjoQ1v*JE?n0JG z;&^gL5!-k!sy*|1tRrtkF6jHg(8YUEptWGwsY|^f*6Mn!FMr8hh7GT>&h8@}0{o>z z?D<|l^#=@EyMF3Rr@@ewQ@cGQ`>9to%KEI8qDE%T+K$~j82*{AC2~Y*O30#@y2L&n zu}oEELe2?>ESg(V+UPlV4()KUjmO@Mr>?6J_WNMSG=*M@zrvu z{<^BrRUuEyOJaZ6@2eb*JXGWd_PSu6QKGl|FwZ6yD}SlJE&E6mg|9twABqB%#xIe6 z-p0&Bo@H)R)|_bs+!wb5?yF_%nynvEW-fAPFzhOEacQXB2iIaede4z}zp!Tb#zQwK z;@EwZ=K#I@HCL-%=knro191P>y4^{g(rLN@c&-_tfyD7NRD%O844RN)R@P{Q7= zbMOOGHmldU{5~fx`{*fSAN2-wEoHGWuQ^FsDA3P~{_}n$S~!Qbn(9~X`|+tSrZPL| zV8N8bG8M3oGsNxQViC~Lqi;r3kIb3}+&p=VEU7`5_cD}% z`$xWWud4hizX5af*g}){`0QGaK?8fxRm{Y3>X&6a%1a_P*J7RH`jyL1lkaEVth*&V z|GVacEzb!?zWu>gwhcyYkzmv`4n~|&urgv<3%X?Ez*R8v0uQ!!>R?$nnWLn6V8oOc zkx!h~!Ilm#a)00bVA#?QwmMU=5>9t5g;>x1ZCnK&8Hew)aT%8whu+vYWY%EV9S^oV zHW;}^1%P9>IGE>=-(c=}j`2lK9WJ)ohAvTV(n|Y^q{p%SX&&V2e6hxD})hK)Etj{S!#>_rCxadrCxY2 zV(kyMdVDbAPY>oDELQ?Qm{ATb!Hy z^K#B$k3HDhV}oIj4Mx8B!5(X-jzi<9n-}aMuVsMd4rbs5FZRl-`&PfjRjq%(RV5G| zN1y6GhCMqNy1~I#HwZ?oZZP6c54Jj8FnpiE@O>T(nZK}lWV5PZtevnxHR8g95xa0O z_Esp)+E5xt?83p=TV+jGw{IMA^#^l!RW>V=leC>XrBYN~6K zxeBYuDi?mmJ}UdW@?Wp-+A;ecKH>8?AXC?*3chiTtDJ*67=4d?p@YHKYSsfUPQ!*5 z2ZI+^es^tEX;I`h2cs5$uzq_U#T0?l*xK^CLfY1E)yIfGIGFeR3bQjWwU7Jn7c$pR z@ooM~yzN!V^4y9QV!y=-tqgLhJdXRlcG2djtIDn=k$>NSikNx_OHBjMh2^@I#~m!+ z!1X=uU^&aK<#7j#720<&tA+eD*VxJov68h*bt`jREndt|zT3+inm2T9s*Nkzm+uwe z4vhSs{+ocsIO>cwj{dL*^E{I8q228K;O`;d_cE@ptt_g#|Lpp*^K)+5`JLkrI#?_l zn^CPyH}<1>iMKcydh(Uoc74RF^j~@*9?ZL+e9!k{2b@vzJvb<50Nf{L`@ILQitTY6 z{-Y9Q%Cz3|xWoiu^2u5O48Ks$3hk`H&?^cokZ%+)z*=&tv)|-)$B~bC(FeZ2 zIZ5G7IU%8gbLcG&irIk-WoQo8gSLREZQ=)r*87Kc@im_MB3@I8FJ34o-A*4&sYTC?vi!SennS?>e~ytC1Km z;!ygYHt7V3^-(pBIFy6&=0)M$x0o3BE!f6j^gVn<2g7C_;d5uMRZSaPd-8 z>gBNqavZgB8&)DI-=haqoK)gP}uY zwm_!N0wvGsN#+hFk8{s2fq(BpVSVf^w;%M9O5*oEu*03p)wO5?Ejv%XQJRQrp^jHC z6g3NjB{b~ba#ccqsZpy#6m^4-<$6AIR|^#ae?3RSQl42$%Be7UM6o!|t8c7|veHK3 zgy8-H(s$lMr@8wDPqXG^dCuJU`<~wi4=b#N{XXROFu!@$*I8D+mT83Z&EC#_BNz8e zJX~`S4|g!+$;1fGH}4F0EAt=c8;mzOOko!YMl4CuO~@OC7o$4|d#sPVjuU;*VS}N6 zT;Jx!bDm@5h+0J6-6*>dIN<`oI_7mHYW0P1n zzWuxvyhk^T`%&G{o7p$l99sEqgoj z7M8nja+W^q4FA;-jkP4-gO}uc=aAnQAuR1?rgjeM`}|Jw@jNoGxexs~g;2S^N+)n` z)%Rg91+QL1rXj zIbHX^6>)Z4VJwWJuV9YFZZPA>!D^hgn_$RXT}%9abuvJH3FiA|pMmBjuOryw4QLAX zTUiqD9NDwq@^IlBiQe3;LWQ8oVr(2oo&4WLH~B7950p15^~gD>XW922Z$PY09FX&v zd4qm;2lI`(A|Fc|nQfWlA@k?vls_jrf~#!xoW~b6wpw3}Ggymut~1>@M@kO=Ez=bk z`Q5$n#;FGL&FlGK-b?t~ISQ?C+~W>@YZI*M5w@jT;UM$(PwX_oe3MHu;eJ%&gSRpH z-f{hT_IACE_a0qu{;F{=jKUj^pUTlSx|rDAATT zIT$i<9^B2r>U+kdUfE0TR$P%RVD@2QfWxes9ajtLN0A?A^osbbMt(A0^Bb(b^6|y_)C@t2g&l_Ia%Iu z%JNsX7W~;`I4eyIaB*5)PH;l#-*(-{wlJ-`s^Lte~kgZGH9G-Hht&N#&fM)z+a;11BQN- z3l|->%rAIOnRDp1nSzi(&OEfdsV4;+e9=hgE?K0}NrEA-6`ce9UGLz%zjbTly}aJR zOZUOBDYO#anP9xX&vaedl>3>N(ClwCf$r8C_82 z&~q+&WP#G@xJSY8BUWJxeKi<#TJ|*lg<#kt3g5-wn7Dy_eAVA4x6Kl?3)e)&sf5qa~j9Ln;h zV7xPlb<%igS)51V8_-{B8E4e7ai=rXfYS^i%<+)4|7IKX~m|HH0d3TiGhO{2j|-be!!6H zGT%!tcW{fpM@)WE1-!q(kn6HUO5@r7-G^}*Rfu}5@9|b#6ED9KP=}tg@?&obCSHCit5kuLw=5X4 zZ7yqZP-52d=geW)&C1$=?*>Dj>}lj($cqR+2nIi>lA~u?+&}b}TCp^qxemL0mLO?7 z^TFQ1(&?n}BzNcN*6g_zaJ&4p>NMyO!LUKqcbNC%OpMN<->)nn_~fMk^525DSYN?W z;Gp0m@LZ@LIJiKW#lZ!g2=jb%Pdf*_V7naJ=DPXfCCBr=msPlgCstwAyY+}E%4~}a zcV!XTTTUSMkwXQ%{CUt?YAyGzo?+nmku%UsA-!aLb$#aW_D|0(LmYIFp^LR-AYzVG zad42z#Ch}#f|nF;_+*N$3x?j43zD@2!zLX&KqjmT0dyLSGdi=y z;;$RX83jWoENX;zIu|K2VK8VYEJLTkc%#ysdE+yyAp2D6K%7?oVBhX*&%SgT44LqH z5igy_PLT^KFEY;3R>P-c?M*zJdp6yVE7>GMa(-ByLaAnjpe)b9Y!V$ zhW({ zw)cEXmSKIV5UlSJ%T#}2WXGOgYz0{{vB6(jp!52EWIDv(edYRGpMIf25*}-z-$_A6 zIjEQJGY@f=1x9j47kIe;?YePp=^xBdz?pNX>lP+04P|O}4)u?!Z(u_X=DGEpyFPjY zMy1x7NXz3rDqCFIJ?HV_>Kw7c23=Qz{oS^27JU!LWMvFC*Vp{v!I*Si%vU>^w$?6=2Tn6aF>5|DxOq@t?@LnbUl$@in} zx;}NaEC8NS$b#;hgm@r<$QxZZXeier^2YTsUb?!F#l0WF zkT)KEj4NTFu6uoqokPE5X;0XK&h-iYu2A6I-y+8Flbk7I={XMua%|z4;-&KK;=mk< zv=sPhER4517^CinNuFMEG00m1!EyM%WJ69@SyAXP%14xs_ib4veks<#vuoenr{r^3L24thxLO=6%FamBEG`DVTJh zuLB&Ue}IGZ4{%WV2x01PaX)-ESAyL+)ZY@NkX3@Azh#X;e+%Y5a+0#&Lhit6&O6pu z`X%&S85VF*9VO>ben}+sPG^#F4r9>1YEQzvnGT_sjEwB#jCf1qu@c^e(&L>YLk<76 z7Jn(c(p9>KYcWr_&>ra}g$ul-p2Gp2`k{>gn^y6NBIF$ ze(AAb&AC^d!(6gd1MI-TunA@vMo-Dw{@91MzB+(<-)boA`i!9}g#)|ASAEXFY5E5^ zD7BCCZCd8791nD#+kmsoufe-e9){o3){<%^y*zpuq*X{Sk6s38zwqMgW4!wf23-{q zP0n{P^!O`LyEv`X6*vfnUUq8Z;wl(=S;vb#JI?gj#|L(hBsg^TLhg{)E>(Ze^4w*6 zw}SD8_DaKtg7Jo4zhmZj=pRL6a(~OT3eLs!Az#f1~18`J|C{ud11)Rn>i8&?xA zrsRr7wmtXs$|Z%z;sdXg9=cyJ?46mQ&>@0}s}lX0 zH}wO$Dg}#sl%B$whf>a{UTWYpcHsB4sb)6gP06b(e<@MZH7nO?eU_o;)I9K1l;WuN8WiH^v&*Js&% z=o85!EZ@j*%YA#~dUW%hqfmD6l0gg{)D8%ocI4nMV+Q-ERWkQ7waj^qA5SWgt_t69 zefDn1%*0F9)D3dYg69|(IOw9gx5xVt z5&7Q|ZPG=?B|0s*(?NkAk5SA8gMf7&W#I_LzhCjm8mwbuiDPx>1~E?uEG@ z{kK9Qd*+osaa^8B#!*wT?{&EtM~$t@2-A!6r`#}eq?63OY+Q*QJ4c}Z+q!pE&5k1s z!}-A6gA&EEG$#oLfsWwFMh=Yw1ri911!G~1uikGdG5($v?%MsY?yjz`u5*q2*SG{; z#*u5(IO?AUE0~1el55$x2mBQUH2k1()T{|c@A+WJdI$4-3m4#gs};+BOE(2qg+-1W zdnKG#4-HnOw#7k3Or3-N2K^TQZ!qdz2P0M^7`EnMY1yo$mwI6prenW_@j&BUBhDyu z6K9?Y6#A=V2x}5OVYvnlN(pn#JrNQX)bFh_9gOM+Ou#E!^Mqc2-R__j$ z7PdIOgh^qmcjvt%FYsWia|Ww31>YkF`n;j?-FzMXHbnD1;_CYzwHJexB*AYV-i1Q4 zoP%0seXoX8`@IXE28InF?uQK^7&d@l=vxO{J9V%MLojaz6@cNZ?6=hUJecxEz7F^M z?qLpm9ewZNUC7tLdBhIbM?oEqBi7(55&G_%*Ky_a*VYmY8^FPQyYqE`)7TaKMPEnX zOPSpBD6a#)TMFs}%rmbH8nl*P!5pc-tS`NSIXa?|#|sL7ct5`A5#4>X6n{&s&{c?+ zPBUh>K776X7XQb=lr17F*GGM`-`gcD{(5P7S4&k`9jxDG&>kFQ=3hH?<60u)=q1!R z`Yr`S-#Qp~rbs&Y)unRpT@405Ejxub?_3k&<%`u#vlf%XaWL*oYQ_2{8dtN0#Y-d! zPV;N9mOjVcN>f@I%AF$a%OQ7M4tds6AT2QZ51z$*?NSHhT_|OK?FWscwpRut?DE0X zVS}w5q;d59I+%2tset{KLk^zPE5Jcd6!`0j=iG|5a*iU>7pM9)S~LBvg30TOwvdKS zlGr)=HS063s!Vfic){d#MVZ6vg7NMrA;If{!RtOvuW)_xx=OOa>#k)YXJlMe`@k=m zV3EYOxU$Dw zhqo+~mh(Q`)mpEBgDaA<`=|&BIIu58Sy|)&9_(R`3dAu7b>91J3M=Ct?r&@joR)0v zn(^y42Q@Q;;qN)v+Wv#ltD+zZ`qv%|eelx~E7@D@g*E4*g6`8lIA47j&07N3;_s5H zfK@3_7`Cq}^eAuW*J$1cnWpeH=P1I2d8y&ot3X|igJC-?ol}`BcQSJnObidZz}#I+ zt{8At7!UhM|8Nd!ShZ$qFa;wo`e2?>E^yAgymHqpL*S5{-!oVN^_D;P9cPio$o z>r?IbsMS>KGio&*j59A3hkKdG3Xcf3KA^r=F_6K1FleLR)$1?ow;2ogt#40h3D^mP zp`Tw_rsZ{s*}TcYcvnlaMy?CS+Y>iHt}7Z7UK|X$uF|u-DWz9nE4@-u?n66QZU}Vy zR0!;UmoC0{KN#}C^|697S&YM&HxUpX!Hh9}J!8%8YT} z(p@<72i>LUFl@-dcrPoF437=Qds!GB?`1Ig+JiomS_^*;hW#M2;+?6~0Y0U)9(0^5 z>%9Cv3P&Ca=3Pj4*>|Ru@Gbbl1FloKlzfqgBQXO!s%eo)a?_(47q_(47q*Fx{Ea6r$E+G(oi1(WAg-hw#_qvd?d zKL=OU)#Ywg_>J?Z+zmJ=+`@7C>8`9FvOq0MTwfXddv0&(BN1Mxm3Xa3eY-25!}=;l z1D(b;SYLVy>nmmD0VcgvSc83(F6kUyxZQ8%BAp}RU>tR^6Qrm$8H^qP2lGzXhlBO? z^sv5CBv@ZZ#QI7G1qWRPfBW!OU2GW=ybuPt3tqCAN`{9?o+ES*aNRCv4gu` ztt)U<5(0OtfPQdLa6EjY;B(eoh&6Yx5GB^qv*q{5N$TY$Cn*>?Nx_K8KbU;z3v!Yg zXZ%KC8Onc!io0fFB{Rw^|6QQb;^hK#7B6|!dEbJuk3=Ny!Ua<7`U(y}f6EfdnV%Ef z^%1Mq-l$)9FwQcE9{e;I`g9&3VkS=1+q)GEoh~NFs;O^d1ZwO2>=+ zAeg*8Jq0?w#zuSQ*CYs-F}=Cuc;ABYo>w^#eIXb+c9Bfp!P0ENRX!H?p^qhR1u{)A zViHajht^8@X5LIj&{aMb){>6}I*km#bFOk|(%ki&R@7-bn0Ka@^3Yl(QC(lffcJdU zUED9Z|IJICyMrkU3H>zDw-gIWn1ZMu}nU zBhwP=E1A(bj2n6AFW$3CjiX@nvJY0pT-F@%0(+3hFZqUX)T2GCD0Z4)=oR%GM-~W% z9-k

    3. 08vE?VfY@3)X2Qz zTKKbS*PqW{AMA}V6{1W?B`Pww+RP+mnDRR6cc4W0Prb{w-cBwOfNPSkrbZla-*K3v zZhMLebt1?v00?AN;6QE;iuo+j+cdSaqkalAzqz+%actjAC`Mhm-aK?aPXSuKIQAf% zPAZUxX>J4e>0n_tbKItlFfTpk`dg2z)fiQi2hQdTVLKKRNf99wF}n9g_tgWGA8-p!a?d6puy_~Ol5$x)zZzlOm!Q=c$ZViXQTa@(I;PK+ zXGa#ql6OES3|DJTj(YCtmln$S8LoE2+dAG%MmK_Hl>8HGJNLZqOJ8=c#w-K+e!Wma zif2mh8``yA=SdDnVYn5&qE8uWTMV~@m`k#eLg;pFi63qWiwnN~eDA?)s1L5j_$EQB z8)`j~gne$jS?o!?Hft3MjEP*%IPVBf%t#M-0w*L;Ue-Mn^+r;B@QVL?(!0ZZ0`T_q zqUA%vZg{CLd@}NxQriz{_0QD5*oVl?K(H z6;2s>Yn;afe`ZTL%<#qQqwuf(3>ib)@#U5W(xvzDj}SAka2!KE>6xu>u%_^&MTz3& zzGs-z?I?YCqJvicsJe-uE`M@IUSr)YNkBu5=brZ(oXg9q&NB8kcX?w?OjQ%+6&R01FX+U{pb3EbMRp{cm!gk z23>}%)N0Z$klK_4c8LYcEhj$4mn3BI**M%wKBcNHwY zyCM5V6Sv+;&ac~#+R$ys(^9R!4rv&WJAGc0Yb+(DZrvRFa12l>7YJ)^8|#4k<2Hat zQ>&6wr`2y7@O)SFh}1{AYc18|Jw?`&pZr!L=rOVlD>i*FDjqFE`MuLs3lok^QJK}` zRT1%2cNa0Dd{oOBVY$9oxXPxzwCNW=rik>M;*MB(C})J%k8A&Ck;e9X2)EvSFV+6+ zA==l)hv!;L%Si)o8#fxeqYNv~Xx(@x=cmLi)L)h7knMZJAIjAR8Ffn$V<+0niV@4k(f!LhMOO>JJuCy@|gbc|>=6m-IY`@@pCQ&PuJeB7Fka~gJ# z$p=9{!#2s(if&u6mcqJlESMI?EtAUGK*h8y>4%4#VHs}sBwE=Qcw*K!8a!)^eaec! zJCtzJiS$R^3socM%&mH2eZKl1V~?So)cz>bY>H2A`O>Q%z!T_)YDr;e?G|1v?}a zoWHvrG_+EE;06bc#g&9mvMA0QP4Pu`I*XTysf!eoYWJm*Xcp`woID4m;?#MIyIywj zV%5sBt&J+GKIimnvbW)!y~b1@`C29S1J>R?P`YhU_mS?C?$SWHOpe?is5lm{c=ny3j9rXTtRbFBhh(k-E~CWi9)XE0n0O%^1^F zEUvz8Ut>`loL?ivP3zT(SfTh}y%`#d`yQs#jZk}e;~5pBibt_&`p+-G!%5 z6_0?=_wUQ&;gPmnLoXiqKu>1sc~s*G%dm;RZS@f!oqFVQZ~RuIcqjifW`Y4*-O_EN zp0(w!@^?WA<6#L27HzRrE*HV>5qHO7+eO1i#L3C|?s?hd~B$di`7|-c(;gFmuwYduU?|D<3GlBWNQ8&|u@PHiixs zE2h<2dCW)HQH~8etp|O-s7`7^_h-2qqL7H7QEPw?aQEtKuJXK+Ll_~z{Z3Z)^HZhML9dv zcEIW>^Woo=e@i8Utl=wc;AA3hXY0%?E_C@n1{Dh%6DN5SHzhk816xJq`%=yZ))q!` zD$L>*j!w=Z<_3xJZIGVJ-vPNn*YcoeVEsCfDanwv zi9wJx7;Oeopjb#jusItCD4P^S9svB6;QuRZexoqW-%J`U;2_wpm=o-mO%UQr%6W;% z|6cVkc=(MV_T z;4FCH6R@BD*I*!UV&F^yxUbXzKm|~Mg8_i5n1C7}Z2t1e)$p#||MJOS!2iFD6EyGF z5IoQnm@NR5zN*p=Y+Q{BaLsQ3fcXuVzX83y{}>GDg+f@kx~GN%0KTUNs0PGOyBy5* zO9NcLGys?c^H#OoEo$4H6Kj z!@p5+9Sr_1!vlO%3HzGT$?QTU&h!Eftt%V0L<)rZh8%jq{`2EXCI zg)i?(0a}KLG!PSZ(=uf6B?Xr}0WYKf95Mjpoqrj=EV%@<3v%5XvN!EQ_#F6_4WKNT zsP^9jhH$oPzS|#UZ`y_ME+Hdl7Xxb*lPAu!KQEw4=q_)&0SyAY3H&+;Nq2j56I*3_ z16zpCGH^itYYN!Ga}VBCz~W%P1;$kaM*}lQ1AFru8X#h#4DkN}TuvgSg6o&}X9WjLPU3a8+(S#nh6vC zJCu6sxx?`^8z*mXSBI}ldIJp11a!`9 zw4>Y>z{={0TqFyeX3V9w56_Ke`Q07Ao@+SmA7g!Z)-65GU6wj98z=Cmw zttCDEev-Xn)!Sh8KCV66Q-zZ<4R8O^ue&Yx<`}sm;|*ZXADM0^khHztFj!cS*R4qs zer@~m__ND|_;vZ(Z#Tk_rnJT;wr8h&~+L49mhE{02*G19W!D;V& z_lPFPk#O|+h4jT2>Y@cZ3M00v7d&M)&Y(pSQ^8TGhSC`KwQ?6pyi%R+qk+p_(>bsxlYZ@Dv{{=Tta%>-I6Mz@DGA?9dc?oCvgOlJB=J0r##iMFooY#Dg zFNCSI?W>D=$yL?Migr%*S-4Ibq!Ed*64V2ZvC5#(iTdP@9)?l!KT(mOO`IY#nwz0Jp6KNQu-)Iu}b zY6qd&*>*otB2G7C_ZY|Je61>2gAZ7zpMHRRw|?7YnB^c{?IX3VE*&D>`Z@mXlei*t z;N<}pd)@Id$0OgTm;Fse21d|D5=^IB$6xhYvNk~-$>zg!oQ*{&6=)VHriSqFOmktg zyelm5#pNE<=fUO{s8nv)kEhk3_AuE=uUCmJO-ExB(sf!dAgwddL8UnkEVe_j)E{%| z?MaDDizL1{^S<4b63Xnt0e|96Xm-XDj?46IF(kA0>5G$3vtD!MUDW``9gIk5Sgxd) z=cpoN~=@`p^P|S1(_9Bv^&o*#+s51TUA7Y)y_j?3mSBFqOmDr45xBz z#O@##d|IZXt89JglS~x0{tTwZ<%uN2qi-yw=uZ{X`ioMW4wKEEu6+7}s^`%!6U$5V zjhe1uJXxZWCkOfB8^CS^w`Dt-3wl}2XnwHxA>XGRS*J4uK}8b2cj!ieW$Eo!3-|N* zEv$Kf1?|Jzhl^VQH25DLeigul0(zVT-zrrB}GCeu&*k29F ze8E9u#+>%;TUF+ZA18#K?)$6DJZ~Ex;{b0Tu}$sAr1O=F6frOjd(ZSyi?STkFRnDa z4&B~5`~tb8kv$^l(WCu3v3S~3-Vsc7U^(LUiMY{mSG+7%`&Nr5@oze|OO|D(1cvVj ziHqnuZv>Wbzdlanp&~;V-_N<=jgG`8N~API zkrQ95a6TY=ZiTIHxQ{+kXFKLqY(HBKZtZ*#EV#1Fq4^d!BJj>Q6g<8HahEm}88M)T zv{p^*$am>JbFr5S=Tij<;}#=bOuja4pQzztrIQh*H#qb{*h)?WJv@uh);#Wn2H`%H z0>)!XU*5ZAu==aWSS#$xt_891#CArP8zvNqy}66;RR=x00Uh)li^v_bMZ87S#QD%& zC402AMiqVeSd?MetXwINnD)oseyXSXRKV;xYNn(t>#ZE~2-%+((pYYPbJ zYMAiY=Wo$lIFZXw2EIbqoAw{?GYXo z$lPN8s2Mh&=}VR&E{MW{CX#{L#)5j(A))f9K+sytfvh^+<9<2SR~nTCc~-CF+&<&r zC}L-(1AA#|v_VzYj#rgA@h6*7b1}44A$OjAtK9Qu4ZDMma4#5{AY?cF@}nD^46z{9qmjeywEkdTqBvR;B=boBNCIR3_TKJ; z7w6~~PhpiEp9Wk!5DD#ywsPLWYM#mdFo69qxNDK5>1<5a%D<>5(E0O-WrQT+aqb{y z9-YFYk9_!@EiGHs@+G%Em9q$S`c=ZXEqsJm517Ag>PYn6$6q~V-rMU*)p%pa)~r*Z zDFEy2i)@(U)F}azpge~)Ib|h(TF4o{z=#1mxg8d6*gdHT@_}Io>F~O`@3tmSrutSx zkqcB9oN==PtTtP8q=yv+P42_Hj82oo6c=aT zhAs&0WA)W2%l)VwlD=84ne7`g{_uYAb9B>=#yP9w{($6p`b_dDio-p^FL@0!I+2q< zHACnYwi!!k;m;(4PddEF8JBxUPBcoAL-cu@LVkhUCycOW zdJZcFJ^l6{49T57E%{pns`?S6;^Cc_MUHR@zQ4O6=qagpvKA8L^0*M^B9Jl zpSTU$4Gpn4pVJW+J>s1MY048-71vijW6^t@YSNm1?qJ&ql8m6K<|)sBJJxP5hL@in{BRAsA5GA^=6y}-r%>uF?#2zf?>H4EHs7!|e8L4cgJ614*b8+;`Sf7$aC2v z3zv@k;SupI8XvpHR)(XhA-xKD3wL*Wjl=tG9xdgh1wo-ove|v&+dUG`$19Q(sMQqf zCY+@LNLn`8dn$!DpnAAFN85Wx7k^lwwFSRS5s)QuP2 z)5U4pq-4<|cTzNiP6nmqagu`R=E7t;F>!lEeYBEP-`tf{$9}#pUEpD(NH>XJss&Yd zcR+DxP2Sar2*uSy4bAT7es#=vC^gCJSW)n79D7crUkL*l`Pd|ed$-oB!rLydQ0vk#=pU9Tjj>Vzw3t2L;Ea%+;KQ{ z9usk4iIZjYC(1>8w5rDx`O*u+J9}qxb;CP-i|2?Zrw>=Dil4%MU10yPDywIoMXZ}7 zZbW<`;x*3x&W7;AQ*U^~#MQaSPymuvDAiI*B}d6Z&zQcqDWzkjosr2(iHw%Fms%7Q z+=gUtKXeretL=dma0Mi9ZXSO>w8D}!>B{xzqu9$fTT$zuWb=U0TeWG&Mbu`ZcWE#x zZ+wxZTJXMd0^ssvmVnv)~(R*`cZ5+omW&zgr#)o@QVBP zv!81Q%hdi82oc&MZ%fZwx01%}oE`y$l_T68<=mI2jHK=-MVDp2w$L`P(b>$;Hn({o zHX0R9mwK%6VG!XKw*r%Qc7a5ip3sVmItRt`A;H&4;oK~r8f%jAEDF=(?5By%X~yiO zVS4J5Ri8ih(Vj(6N5;>@M{&-$4R2{2ZFx8Cjlw4+Q;fHzmUP@=EA-lvrzk@D1Da=4 z#HwO4ryBTD?_ag?FRC*Aq^KWLSK~wSb8M1cey-!jr!4Yw7+Xg6DE3zRKD$O)j%*~n zuUV#0kQlUm<)b%S3W$%0Fd`%*W_FB!UFhPc939RNSrNDr- z3CB)?Tlbk7p|_lrU|zS!8ySjisNco4rj@^clD^Lw7Li>h8wO-N}J(Zw!thfSiD^f=>DIA*>G>}vf{y>x*Xy~)g*&r-RA z6CN(aMz}Q5jhk^7NKMb#*3R2Vl5ORy8IZgLa|gEIDnt6QRTWHnW!_VNMo;}c*eja%xxI9 z7z>K+?}a3S`7X4U>6FO4Nm^od ztf{rimPf|CR0$KO8& z5-^Q$E@{5u(f`(KpWsOSTvmy5-N%!>x2p&{tQ81p-|dQ$o2%BYY0zAQH6eadFx&ez zFh-?aV%pdmmVmN-q3>Z3@}Sr3kK6z+i+k3_a}&nRwV z+@DcL2k38Dk1Y=)Y{%pH40T%4NV0SKp_=Dy6;5Pq3{xBVFOWNtU(~n!aIU%7bgfcI z6kSggy&c|vl$Bh1KcY6_NK70KDu>0yzCU!XS_yj_zGZrmzj1zE{mmC$ajR%**V-Vg zQ8omjjK}N?9lAz$I;5qAnP4j9#^{8P2Kn2&>0;T~QXh9rEd~COrc(YF4hV($C*s!$U*23V$k$A5v(Z)u_NIzQXQ{!8VYAd7C`U+#V zInLuXZ-%pwzP!4_9v&~~##H-dMNU>VPdWO)#!q-~=#ARqLsHp`jo<~<+R-88o!ogS z#l259-Gs?GJu=wQxj(b$vd2i7X5^wMUMr}fEWQ$Aati5Z`VuH+>;JtX-&c0Gpfi8Y zo@cx`I?cey8UEb$)?uFopEkj6ND~o4*lEa9k_p@k?3ww-$O~Lt=8E8mEV%Fszg;nvix?cyw7LYgy!3}KhLc`PC3?THu#8GXHa(f1X@e28QZ-#B z2Nx2Y0QC=tg%R7PdC$>LxrDytYE&wANFCk1_rim=O+$EvG4)nM%%rG`pmaaxpadTceF!q2u4)pOh-aB;VR((O8jV7!oLL2yh*Oacb4R0?g{&fc-X*hs2sGTm3%Fpfl)8EswS)u{JUL@|VA5V{xn zqQdGvv1IP!q#vITH6OzY_3R6!cOD0MX+ObDh7LzMt!%`YZa3-X@}nB2ctgdwkyH-F z8|KZ3D%%tRzl65LFN|CsyjZ7w-ymqn(-Rf$WjlPce z?cFjvuRYN%rFhkbpikDKVZ}NYSiZ5f8WYqOI$8`Rq)=&$47}WvxX^A{<K1%e!BAVZ1_?l|Y)C3!ug^!dr9_pdfyOgXM3?G=cA? zf$Dw2F7J||5IRXbSNUT!o`?7CMDW<7l`0%si~~%ozIJCVnAHd8Usj^{TDqca^J23{ z6gz@^HMpD~KKJkI$i#aFgDTxUow+|SL$4&e_NWAUt&%KR<^h`K8SKyodlyzdnu!GT z*NKM%<)4jTjE81#ZlTaiG!`OD1vlCkdfKK5PNokzJbYD+@>GB_xBLt>xJ8lFM)yfu zGec5>2FaQF#GMZpJpEpH(pCE+LNRvTEJqHp2~WQs=DkZ-GU1!4eyNcQElK+uM6snaX9AP-A~TJ9o^M0=hE7C`ysx5n>&*j5N`L zez{IOdD(Fo&toh^t4~>${ z7;9K`J|J46iIx{!I#qal&%Z}AC_rLjQSvvRTOL)DLcq^0D{s)}mb%95-P}TzTWqru zcLr(g_EpKWnT61T(_h7Pzal&g91-_7X(!8%;qNx<>PEJfb|JX@*wQtz6q%{~$}8qS zj(&i$*1LsWT%S44FzcK!#r#r*M1l^td}j)?xrtAEmy-m2p5^URw{I=WW^;}0)9tjV zpLUa$&zFB56>|HuoE{%~JJmN&T2H}cV z?sG%<21dsU;jTbo5JBL|32zAh<94U3NxGT=pfG5K{7LwxWeCCpP#A;;Uaf=w!7_v& z0)^SZ6ZUt7uD=)`zzMr)8NvgB!XO~=YAOD=WsrORJ!TMa{U_lYmO<;}FJW+bud8VA zKUjwFH(<9xq4H0{H!c6-VL)o*rH6q7(*I!j7Y_s7X!S?oo0cIw>^CSds2UGY+hzYi zq(s)g-retEU{Ex_n#14e1N*}NLmz}6{&RN(zHBxSYZADzK>+69?dc!IhQK7PtBzd; zHm*yI8%%8Yo$xPP&W*ZbkPM=$O%b94*TMN09XHC3K{ALg_e5}=8d4ym2n2lpr@nuN z$jb_3pxOOpGJf9|2w%P21;Io@&@OmgfDCY5fD8aGKz8{n5M$-C0Se%kjmxEay$gan z{EuA_r1@&r|EFE>_qE9Y*X57^;L14QaQ*wjV&I-bylEhD=5l`rmka{-8eC=R-&H_x zBOrD`AkP;}CF1y-ymQ6u`zN6ZJX^o%1!%ju>;>q}{Ch7T!YE`fKn{MX0<;hUBrJWz%d#3;I2iT{IP zh?og94Bm>s%lL-yO~VjQcSR|>iUl`hZ;lwk+ho8Lsz1rzunSp>OosHzyFiQOzwJU6 zA-keb0U)Z`{k3KN?sEgO`q=L_EYMaA=JWpAk>BrsplW4T%l^+CBzA7DUpPqH>RNVp zr!l>c%Qm_+lY2&XoCLfm!{Is}T6ao|;?v!JQd6msj)5uCFNzFgAo02|xx9HATw#D2 zy01SZd)%Nhemt(ON)v4dyn~)e*S2wVG_Iz9QN6+%0e3Y0oFeg?#R= zUzc_SYUgq!%oH-6C42<#WNf6XWZW)nbay$(UvQq3FiSgm?9Ao!kayZzl%{b2n}6nQ zpjnzvdyDP2<~SIEi@8l(r%@?UaD`Uoz`?OQ&E00x{Ol8*2nLdBykE=8C7ax!w zi%P{;TWIwl;peM;>nJkp?T8_&_z2EGPZBMN8M?qCfLMj>HLSWg_P%-!rI(z3sHbe6 zJ6;HeuvrtnXNRLQ3^fDOV#s|3le|ED8+dtj?spXkk_`rEFS~T9x9l@nPp$Ca1Jpv> z=?hvo=U@Y{S_a;I3=_^o)+j@>QKl?pkO-rz@%CycZ0YP=(1skec8SaQWA)ZG1g|C;E5e;duo3XO1Yz+p zeN&QKO?n^J#EcZmS&Xq1;cgRZBp1F)xdWezS^%|L*_yOy@qeU!bzGF)7A}oaBHbxS z$B-i3DP4kecMC|D(y4%yq;#W5hcwb%(hY*7w`6yna*w2`!*=`@PtqBYZtg|tujc)bMybnI!jBfyRvqGTQ#nJBLMzsW zp2qm+a-SG!idqPyGX?(EsM87T8Kv>S_vs@E5;4vt1POX~5%OCp!k?37!!x(MlS9Ux z*dZp%e1qrp;UbJ5p;|~@4Yfc?>cS@I9YB18Z(f!ZVR7WbDj*#T&UzDN=$+`6TyYk$ zo$u}f_Ug;h;){CX6U-CRhz^q2rX2jr*#kXuKa4NW6km8Tld;A=w#_3#pqc3*l6((X zv13zG7%6)eyqaI4KondWdXd(!+lLJY2RaJ$hw&ZLK3**25VA zo5$7R5FV+8mY#!;xB`-%y@;hXsj*!Il;g3Dy11h;-Dc=N&CM$c<|~&MrU>tyn*e+}!5F z0&KFCh2AIP8!#C^bCtz=`01LXVHn*$OS`zhED-t3tG&$@mM*5sgqHicK~AUY{MT=3 z#?;W!@EsZtmKPo!C7>&g&-j%m7C!_j)Tn>L=_^Nc@1A;K8tOk zW&O2=279%os)uu%U{&!GS#$tvOJ+^bNn&&u0RMAe(=_X(NOobFG%9u!Ql-L+a&_86 zpDvjF_`K8It;C4)0vz0!%z-AHo{jhB-f&`{@gAyDFkICU^yM^@W3 z5Vd-{wIIG354@1zn;(p!c7biJ-I-0OD9N)PrC_D5rqRjhoE4P!J;muLY-MQ0)Op~B zN0f+F{1yfoDc3;P1j)~zVA`blBT|DxtiiTI8ZkNxrn(E?u!_MR>1vfw-!Rn4`s1{X zdqN!AyN3M*hEr{KC~=CJw{)9@E76V z7z)iVIdEN-Q94l-)MlmneD4l8VbxI~d^vYa*4LAI*fDyClZQKSaoWCwdsgo*uK97r zy=;%=`*&W@$t=-1amLZ31}YQno3sWYGB8I%eWrj~>nYk=5Q)i3J9|%pZ@XoD4-XsC0m6`G-!yynjp#;rG$I4qrx2p!ogl4DUu>w3iRTCR zpTI-PgdP~}ut=s1uDbBXXW6AN6SF;x7E6~P-%tVyQpKNA#|;t*pQyu?JYuHRQ^Ld% zG$>gs?Z}TyaWiIKsB-8#%de&PWK2Mp;gKsc+hB`teX~>zhZ!?ptpI1!!u5s9R>fuP zN!ng9zS_J^!gk2@;(#0P63e45&^B;G%jc4~%3;YT>V;hR zyC0drUuvnDS8GT~nSh>U&GQs0{`m=`d z98)-@)~AuDQHV-3QFI*g`BZAzYQ=it2DlH!OV?A`c+qQTR88Wu=Bm3oO$*=|+r-U| z#WQ+Htza`hWZTGYJuZ6hcHy`FNKAwv84$7eb!preAi6CP=Mql962Lvfa>=dvIGMHj zDbw@^9Xpkf&#w+-;YNG~nE9V)k}nMCKyJGZRmMfT7TDYkkQ^A;FJ#Q`w!ha(T7|Zf z+Fihev(yM9=&Fov#Z^VOKyDj8R3;M;{&>StV(XLN`zQ8Mb|OtYsyo^*k_{=`*dLcz zec(&EC(DCZy0isJ+t~S9ZBwdi0*IbHz&NsGjawYXN(+p7FH5d(6e^ZPx=#oX0=E6|9JcfhT_wYt+6lac*ab z5=Fa^N)V|@*i7|8!J_v>_^G4ss&Qjb;`fNRwoW8Wtn?}p-AHxKG9OWy@91Ea5E4q| z=1_hD9FuHdZFV$%NbswA#7OueYMA%!km6i=iorQ1BtP3Kpz&Q=lIrfLj3{00-V%gn z89giV0ZuA6VcG+FX?%t?24&98fpdpWM-UdkVIiW~N< zi!2U_@T0waLqx(8js6nawNj>s1}d-`Vv*hQ?W7N*nTP1Qv%J&Ab|nELN;hL2D`fdbX6%nP7hkPucJ@!;qxc&!k^x!oTc@PzNq`q*}7BeF^#Y$ zY^HEGheEGviYe|c){Gh6$d{J%w^;RucLFnry**RORi8X>t!#`itA)-ndup@VKv=#K zw{n?UXXd)_!F#o~UeE;f`LJ5)F{wNhRQVG|>Ik8r#Wyf5TqXF>YZKy!a+jwl#sQ0R z1KXWp30&~dGnlFmjDhb@&sb-ETmdp5N`MTA55+6Stf}T|qHm`8rcV}63_n_O(2qNn zuxNLNkjdLDHA_Ch)FbUxayvm(NO>vO^lSi;#o`QYJ;zvKWu! zJp2TRUd5|JnN(={0#DZz3pW%-jj5Md?>iV zZ0*Y15#ud{#qE}Ie1{lvYsm6$Gsvp;&93#h?4qMOPfp(~FVzqhh8#7|pg?~%(rQYzww=^Hv5&W>cg=D`pO zPFj=hH1&4>DoW1pCsV22_JlC)Pu>{C`FvIWl-<99%N<|(DFoj^=k8;VCxZeK6nKFI zskw%cyWvFs60ZwMvf}iV29Gd;Lr^qM>a`8uPRG~*Tnv(*G#53q_Qk;G4m&qwYC9b7=FW-T=^FReyYGaQl9^Q~HJ(%C4FO7-`evzu z56z`(S?Mhbqx~mgGD%pA(H#0$aW%|#`DsMdk@M0O)Sw|d)>Yy@e?>g4++m1-3?BP# z_?)!Zzf0O0N=ip`UrO#>?7Ie5=5NzPutvBDO+-yDFbG!+i0(JVO{%y-VehQ z97S=y`er}fR6n=Moo}kt!;h!VmQOE`@J+N|^m)azt=!GaFMPHZjPn_Ihz%Q1s9_pLD1!Q;>?#e31dw?OurCXq!`3VTy1Yc&(0m=;p~%?tv+0LtqnY2 zCGX7;;@R+~MYufHL&=5BJURsIUknG0LXQ}>9rZH8jaKUVhKG*oi2MK`s=}yt78@D&V+;-HXBA!jyimPv3;Z z-}Lc=Ouy#fZrb@b!d4;J%CT78O|q3Ou;Zk1sa@1qQz>@1sR2};@o8!9UUayRkiNVY z7FzGpZq>KYLyh`2kuXK`y0$+H`>pc#UP0QaCqHCG{Pz$1V3R&)EoKJ_^F6VNW32Y4 zNa_uIVKic!Q+oGZi)l`|@qGyOmJ-qIploO3)L131y2e#Ud54-(cqDee#sFp$&1p0^ z#`9jCgkiDc=6l9-DFyITIgCJh12nVg0opxJSYkfiXExI>DlcUkHF}U>;mrUzpQuOs zVdMh$agCYS7@ruuv93$*XE_&{%DT{t(pAX$2xJp`yc@|CE)BukO=1v!U+!pzvF#Z? zg(^Nmv)m}*Rb%KOJ^Hr)zU3z}_G+gF4R-(9lR(4Mmpkr6Gy1u96&059z&CX2oX@@e zSUMBVa!?Du2_Ut`Wh7<2OYHXR6!oH*yJLd4c6StStT?H>xsUQSlMz(Ue9%3JZq0R< z3hP5h=X#O}EP^~M-wyQ`@#M7|qINIMR+dmyHv1nds2QdWZK0kJqCcgTr~h6eXg>g* z^QdE}3BM!H%)S?$T_*l^!q}um<>i4VeAbMNBi}yG zG(zn<^0qSVFu}k z{C5{uh|y0(>32rMPjM39om&4vYtA4b2y~8q8}@IQ%5{4FG6sQPe=+_&GFa9D7Yu|1fsXROhzyo* zKw}X2^%vvcBZFnwA7B+`&3!XJ2@ygE$3ZvFw6 zDFGeJtF>YVX+Hpu(rwn=wHU?C!2Z!!G=SXgG4z9id-XE@2 zm{>sw|NnOKPj?w|pL^nt?x6)jevyDOf-|MmoyyuhCD^Dd|B8pgo_%c(t=v4GLVW<7RmOXh+w6 zZuah9wWI53KR5e7jR0^X{sLSau+n=YmjMiUs~v&sa{OupfS+0^H~bnurfnUc6_^Fu!0Mkslkzx90F9H4S&6@lKeQ(anwSL9VbNz?1 z3UdD+TTmzYi|s!v3@BCpV+(2|puPW}r46(~|FH$tj=$Lc9v3VbZx}Z>$@eef-YTh} z8VE|<-)w)63szBq<@mY-fwKQM+kZ9@P+tCLzMvlR7u(AG|2ops< z%rI3(qurldU)PLVx4oV8#6v!0g!n;$Q-_QDa(sMxn`#0F_WL6CFT1<_9Uax49E^!3 z5W<5(U)7ktFpA}EbnPv#{#ZMx_OyB{7XBoe*A(T#mISXKCnD6b^b;4~ao5K$C$k13 zMI!bGqrU0G2(WBj0#`>b$xfDiI`H^aCpFUIbtY zT^o0|AwXvgO<-)R$ga*3YRd+1owBbNe*XHY1wtz#r7>|bqu5#O3(HWdG(mg z6-ldXV%{RNs&Yx_axdY^(O#qAI(Uh$MG=Hcj#MD5<`?>Z+H^zHFrjkW>uhkaiqN-L zP)dqfdn<>I4Dlq!W&QDVZ>9wDZlQxpFTPJCZ z(?h@FQgQ(t0ZbYgF6=Qx;>7m_L=h=yF1QYc5e(ckOmob$O>w+k?CI-LHLC$Vk4E>Q zxSkD=VQJ;QOQhQ;*?r^v3Y};FQ3B11GgYPBTPqtY&7#1Qn4#T%WJ6QQ{)2&T15Ne# zJ~FhY`E1eeLvncqkbhLjj%?_TxN5}pKR@P#4jr(1Rv8Su!Q!#i17dwMnOBd`Ec9!@|Qo+`cy}Vw|n^cPP5K zl+yUTTrYgvjY$HRLGl^?B1{RAz7aOUyN12kQis%U33!EsWCg$kel~q>GD<-{VV^Y~ zra}UJIjTKK$nZ`6v6?~lOUpYt0X-l0hSR#BxrW$it;Vzz5O^gLV%b&ZA}K*I9KD@s2YDpso) z5J=JY(!V>gq~oQSkz^e-7d)vNk=|V1ce)yrMls<73>>5Y>`KyvAFf{52`V^v$Vdp3 zl;v&|_DZ>N?~y1sBGKC;F2YrP-IDY%y1x%R>y}M{#IeTtPO2tIw8Z(*@_x2XQaheI zYR{p#WJZC%sc~IfJ*1a_4BRZSmX=Ll#=a~}(7ZgvxfGwYM+$G3RQ%=w9b+)-3b)J2 zBKK0hm}ZaB^lOPD4hAQMh{Viy%%?ce&v3j^G(K@k_6S$$u7CRO5`HE`VO)Y$;n}t( zXStftEi>V{7wcpnHQ^gAZK~fYlk}>}Tj#lrVNr>}fieVKYH}X!&Pr5>p`V}Ucv0{j zK+0fQ1d*re{WL6jqnIT&SjdZRO5G7dX2GXeWZw4z5RLO`=M!kQd<2BwMhyGJGE3(Y zL9R$T6JRT{^JGfGcHC8QSDjJmb9Qq7apHEqx3tD3AUuj1ssC!f$tjD`tGmkfX&khs zr*Am~=avF`%^inY3V2rJB@BKuq2tlLQ&Q}f;$jL-t&Wn5V4vXKHcr4A7+JBM} z#<&`x9F>em7hv{fHLjd*Tf>M0X?FCLY-2lCsKUTtZBt`xqaYlrn&k!mG2 zUEz7r!({#QwhE4oTF;7I$)YFc%iS^X7XKlK$0>V|*KgM^Gi2+M*k zaCsD7pir_!zr+s>7oOl~7fZ^ZyWhU%4~fmnGm(7}J3z}eFq-t9!~A?_zp8~X~+r zk!L@=dniU*KF4E3h5Hf`i&zH}&Iir3#A0j~En@ERAaTqCwt2o*4dUZAPp%M4wraU@ zO}Rj)K{DZB{G5G0&v}vXV0%Ii6+-4yXN0a5zO$3F{mnDW&NaCerI(Mq6xQ)pGkaGd zrnqq)bB?({A#t`+WF+p(HLibI-f~fxwSqv#`5GS;bO$dBA6+sm`$f&WTp~xs;y8?v zNC6x~Z&GP9Dante$8rGiYKLI>eMf}$r2-SnEKfSZl|ie~bh z>ca~vIErFc#0pkt6by8ld+1LiEf$_qU>*VRtlfs?9xJs_V46wLNZL9tYk0skv$_qM z%{KV<`Zp}ny?D|CD0fovA$zc8_%a{4=|Mu!aDC-$CCoUB_YZ0@!%E1kC&xLO{6_hH z1Ft>ZG-wrt*sdR*+W+PeIqM{@sf4P;b8UUnBWd(xjJy%7K&2e zwwRx#diKmWw?c21-1E8g2wm8ne+alByf}R`FSw$WdO0d1_eiJ*YrG*x!Sq#n&^sEZ zu+R00HAAEu?$RCcXJ}UT9;QAA%;y2@$|-A&h6u^q;r{#@`PKr~JyB69AD9quq>hEn zE!IY)pV58nP5;Ccalvb@tHgS;dGh_>N7XifgWi=V4y72I!XUNPE~0&iu7!6fzo4Tw z7car%y&f#f?4d&3!H+!U!?6nYiZ>;dU1pi>-_(mmqG?|m($vvQ&`1rdyv{W^G*`&I zKcsDfzBm5ab?XH3ErkOKlViQ^dYyi+{*R`x^`xG3r8~NsHqq! zd^tY)8120TJa<7AW7%`4C3?9|ZpUo+#5T{Od!$SuSEver=c#C#bOKm%WlOiqG&@)d zdRX}JO&%VMm8!%%nNklHmfu@g-GSVeSyQFK`V}AOwGM)%_)0xg%4_2eTHO}H*PDRaxm0%Pm@ta1Kt@)J z=mWRjA{>ok9%;d#bCLuYpUsJlX1I1z0f#al{sof}sG6wM9n|wv2UTTN)jj5BTLb!H z_%4=aqvww9;kjIH_g`c{nDLc4;_golWf=^7B~(DV$7=8{>^W+ai2FuOsL#Pb`?KXn zn-MteTzbx4#6=!5nj3Yh%OE}R}^yiUh)3?8kZhE^1tWR{s+Y&N@7t)5 zOo}&BA%!2*q02SA+YJf0C-s&e9Tl|ma#5Ci8(t!c&T>5V%cOEgqUiLjeLo_|!`qs< zyo$P@;FTz+@J!fr03EX|?g;JsPHXb>#Aw$t!S#auVLx#X2^y}q?Ae;chhD8vxXVe0 z$qH7AkHy&D!T7dJ4XW}Vo-8z-aX`$5FkcIaa?=Y7TL!!eW0$wYEjz|-ME zGkkgX-5vkBCc^PhoKZGS&BH}ML=vS|TyJl^7e|-y8{9(ooirZ)Fv}oFP5tN+oh`fl z#6G*a^G9`SB^m3g0wfybOT*%547xoXT>b~aVQ8iwaq%0z?^Pr-Mhd*EmjImR_TDKF zUh=OB?AU+iPumJTve|d&u62hAs6C~&UX|;PWCsZ3Jmw>m#x-u*SI}pWbhHDi9}O9u z_)sY69B&iG9y?eyjpazyuMzH(H)*)4VW(GIFLuvo2 zB(=uCUFi2!5RQ^&b#4IyDU}7?om9jr_W|!x;vW^uZ32pH^~0^KGf3>#{Q<^ z2Wr!~wloQdD=+dsxzejLe-agE4LCHKAKqJa#u zX!fEA+b4J?Bw-nD0j+B${$Z|PJzsPUAx(k0*{bEsqYyM3gX1GvJQ31zjYr8)Lq+dR zE{>b6`LwnQ`6%U136!J`(3!S4a{D0_ilAkX1jZylXpLluDO}l|^a`G<7Xgc%9#SMaef0 zZP8}Lpqt)}PK$iJVCYP=!+xMq)4fmW5y)1Pvq7@))rLay?Fm-OodK^~Li7|ngK~=*W z+`||%D+s{|<6&_?gXK}_7b36!iZMq8ma<52B%fd9C;&crFtQ>qVu>XgbzBKEN&Foz zT#=pnE0$Fv1Y0OetObmTA0)EEpVWQr-WM}@Vs&nD#Vp`n;>WDmx#VWA2pz8EV;tlb zZwU^ivWJlI^#iX{pe#TCn!VCC!LKLCP0r*kN{cpV5se>3F_FtiRX-&DV}Q<7;GDUX zY`5#Vl?IQ@Ib%wpm7;>EWlW$%j;mzw%lYy)wm9ksVr*V45 z$C%#~k_REUB~OhnoS6}Zd~a97Bu=q+ht)9hb$;JYGf|n~i{1>1P-+#zIb-e9U6qY2 zGs=BGR@O-6PlmhY5RvUhvh4Ova$Fa4vs9=q($s`U{wyt2p`I4Ta`Xfl++kGllKkee z_Pz`By=-BrhkS9_eH$jL_(#5%WC(+DH`M#7i;j~UUA--twNP8pRm0-Z@Kr9z@t-Ur2 zzGKfFLu@`IZ<`_^w5C0Hz5@$SpV@C`qu~+QYDY6)FLi~)dMZozwEFN}sFwPL6#{jm zLa`ecv|?*w3yt@Y>KZ2f7?CI+0L7Ue7FY9*GX~N{!+l$GE?!DUm$SJbHxpt~rzQGE zxi=fQFdIWCh__^?9aTO@xD#wfZa?73=XPS_o)8i{7AxRzEz9btX<7Z=B)|q79 zGD9#-Q@a#6oI6oyrYNVam0z_>@%RiCe*wboSzBSZUJtGN=^0mU~~cewj&s z^Dd`veOP3*_*q_IF#4u41lD~kF$m~7NS*q5-SN=SJ;6D`k1;#2U&b_9%t|$;{f{;2 zpW-Puv?vF2WF=2(Pr*L(5{eUiNkM9g5Iay7#d6=+XO_ExIu3K*{iM@uMX2(aC-IYv z71#E9Y@}o~Lt1i1jFqabJA?oFr|00ezc5=N0YdO6n&;KA7_|u=fV0i+A{V` zp(w_((^CG`nVek37bMq@P_Meia6h(m+ZX1Fb8%5dZY#%8l0Xph>gq}m3pMU)pN9w$ zWfKukDcHN+v7+un-Wf_zP|n@vz_x~bA83zVrgMb0aoy$iUK=G9nP9qq%kP`Cuajm) zV|{(<^}+!wB7X10mnOspM>D^}(ZU%^i>uLcJ$X7{Jo0@4lIox`&1l}fq)v7CR`Tq} zoU_Qw*QjXUz3TM#PsKC6ro#C9P*;fRrpwND;unyc-g?K6zqd5ovOzDfA+0TLE+Y#T zkbRMXkhpkmrlcZ0d_cxxFG#qOxm7Nn8415bv9tQVYO9~J{L6UmLm88;+z!-Fa;*s`IY0>G;z3MGEOrbwRWn+W?N{4$ouD2&{tVBer(g z?k`Er9Q@!2S@_9ji;q9FgxfQHP8KACOM|IDH=eob?Rys>{ z&<7}|JXEA-|MYc5Orc)B0S3So!<`5m1vG$lw)aG`p znn}ELI7msD%$r-@cCx>4#VMTeth{jF+dlg;%`|m>G)gWMo?|Y{ZcK|<dsN;1n3T_)`G{0Hy%)R~KOU z3g+Uc0tf(10pzbPz*F@%rV8Mv5(ofH3FNP?z%m#3!u~Z>2LQ=`+&;H|f)}s--z+H5 z_*#48Z^pmjUe^=;Wqb|R-DJ@Jj{FZDit7sdH{;(T-`1f3X>Z&l@xO=+R!o6&zUB-3 z&G`4oU?4rv_?q%@bB_K+WU$-=8ef;SzZw4?87%97W#AeLzB$VOA~IOM0V7{C68>iV zdt|T-`$KmGDGS|PfOLB(e`KnF>ibRJ{6a)+boC7dj2sN@NZ42zm;tx&P;hyPKa7AG zv>3lMGr-#4AN%ufQWIeP6xe-OfbHv=`f**aK~uUePXFY#fUcYZD@a!rn)Qb7@dx8u z)%{wW;l}o=LW3j|t}FCUB?bUUi2?YJAbE#d!%}2a($%vt1jmiR#U!p=-n`;{RrG(V zRRDgfRRDgfRRBOj0srtVeakOc;{K~ze;o~MT|f#G0Fb1^)m*`9{f)N9KWHGJasI)@ z&sxuRH6~Dp0{qPdSmJ^eYLJw})hMo+7uOU2tBZg3bl^;`E~~lvVQ{soR~`DQUxIWZ z{<|x%ZVnV30M(seA`QQC_D_ZSPudbU8+ZH20gZnTjdfYv~ZJwzZw6=$++I(n+yOh7^v3%Qfas~?BC~nt6YK_8|V!Di@>+4C8)Uk z#rF5OU^yo!Xzi?Vb^jI{@X8sW+!P51GqAEqSXlshAp#br##W3%K&FVH-7j8s4p)&qV3KRthr3obixRgXYd&H-yAsNI8#+U@;N5(gjnE$xXb2iK<`=m7LH z=Z_AAZ#e)ArtmELPx=#UZO9G8h z%1=bsOoBcI%9<5v>rVTt{&!1cO zT&mY_?HXV52#0q({a9J<8ESs&Iqx}rp%34Ec~Ol%eNhN~hj{j0tlc8q zHv@8y!;fX(o)_UPoI~g+yPfG?p0aRA&YhWhGT>+E0KQ?a379MLjUL!Xkh7$nYnf|s zASI?_rs3`6M3xZ0-j^VbWM48wXyF zN-4Vy4F4zUwyu=fY+KiuRt7(4zb~Wq#*5$2?Jz9t>TO_QEQ641l>;`g1e;!Kbi=h|q}e@`ZWxF}@(M+FI`%wGWuidniJ?7$j95@hja`uvgJd)+ zpN19ceQ$~5rv>pO)kvKX_CeO0xAd-Mazo$-m^{`$V*9 zHqeye;D=;sZrTq|U}fY_sPNNhZe<0(eO(ry(*Nw^(B-HfZB9VvP&wY6fjh`)L8VV! zh*-zoUKAvz9xJkkLIODY)r>A9rr$&#K_J7Viq;Enn*_iTJNc& z)R)t}$KPuCj*~9GITk%XB9-fP4f_UH{dhJYTzBo&^O+xRTUIs+U+>Lr-Tz^IRH8vx z;-~kje|dQ^X7$;=U@PVwiCA6C=>sj_Rs9KR2j-e{_TD$L+;-<@X}C51ZHIqN@wwQ5b7jH4%-Zul~@SnPy!`Bm3x z@|BDk5>G7Kbitg5E3@6ms7!h73~uqhmpjYjMJnX2#0z_wc{39W^z9~pI?lCkcO4Z8 z#HqrH4G(0x_Z#1zPcaglr+i#$_X=3#T@Ps6#lN4pekzABD^n%zlFcdUIFO(~j?I%T zr(IXrL!Oa_315GjN7NP&ti$7*r@4Yi(usvn4SdT}(eW5nNDwY3 zRlmdcacC=PL;q*9z-;Lyy^*|@R0cBUmIXV7-O=VX?&bDvq%R?3wfj!oPx7PsF(PW= z9(LC04wF-qDm6vtOS82N5=Sinl2GevkVmo!czAqKv4Zx`qT`zUk1 z9OXsbk~K_}9JDIvKG;?xu@i6?(T%~l*AMw|h)%fCiL;GVxsD0v`n^$zM& zC<1HDvU^o%YSf2545KZ$`%w4A3hBGO@-24*hT+bDQoq^Ddvr*#M(?Q3KODM zT|qmvEx@^AQK*2?zE3h|Hi8X`13fBm5%rFw0$ew8MQV6z-2<*djP-r!_-@JlSS47| z6I63I^?UcEwob|kuzbj~D#}X?84%|MoJBTanFYJ+xt+^+Pcli|zFD2=kJX4ENio97 zAw_GH;bbXEl`aw@d-RgMvL+{mnv{Ii)sG7iDqk8uXwcbSv-kNC&E9EES9?gl^O|3) zKAYS9g7>-;vHqyaQm>d~NSQWteVL;vyeZdJ(Gj`P{3(f!n-tihUYUw3jIWeV{iqIFdO2p-rrXIV^sE<{QWGH8BTOvbonJ=|`mPCnW` zJ_5&kJl*$Qm78}igOqtNMu0VrjIK636oP6^`j`$%oPu|^sK;J0mmwkm_HKhMPY=J( z3hjCQ*Ma_nzCp@Gfn$fTGVHGx$MegFUrwPorkiB4=-|pfp$y6xO}F}-`9VCQYh7$=Wr5~`$B*#0hXKUEPKmZp%5(@24;CPB5tsXYd@BtlXP zTjHTXZwI2}-Sb(eaMv`*J0vf){n~eU?g!z!H`*4_-u=2P<@eOdX#1{Jqmd4WPJ>m0 zmt9(jQ#}r}6*^oerm&8|@xzNdc{vK-QHYOxe3?$%repgOV?WVR&@mO$DDAYrEXngm z6lfu6U1TMxq=`4n9gO6r*wfS}w93dqhI5lC{RpU+$9G}fm5;%NY}5E2M5ZsKSAad1 z5~tQZoz=bkn5nF~j;gWMo(uQFI$a|WBRG2bvE#Pp9=F8fMN3wTww3$Vl(@5&bk6cU z3?k6PsPhBf>oEhLJo(nkE|6+*(%MJ|P4BZ1H8{^(mCRY8B7J+nu>cFDKmXdhea~mq zo9r&*CH!YTkKte(zHKQ4^29h+YSyn-BIU2)ncb2xN>JX>a9O?b6{Sh7tXb52Ekr`h zAE!UY8N>9NYrsS$=1j@;Lm8s-Haf-VQ0?@{7z;p=`#tx)tT}d7{;A?8*>)I?au!vV zoQ%El_TEolVz`b-sK0I_7FviflsC0TcdV939QKV9lck4MZ0C*58{V$`$DNaqoU7Nb^itFU;LG zi((PtsbPxn^^2cNugjlbUp4I$&uXOxv{8ODMRS;YTVW+h3PnO?~}I9fSm;Z;bs+9b@wV9}5; zR|se;TsYTYy^5e8=6B%&3~^?$F9UIOlAUzp;>jGed$a_&nn>JOH}Bzz8{1$+=?)KW zOP{#OT8tQn!y)PfY)N!3>Q5|x6Ajf)kM|>-mT42q89@ndLhLJBc`%5F%34Z38|prD zVZrR8qWNZ)r!0*UGml(?S^9mM9z_Xd`uwXerQiB3(;wCuGkaqPaP(kgg}Pesx}CX$>z8GXg$GZ{|G@dUf((x-WeG=jr=_MLTTOAy$Wo7}S1`qXwK(0@#YlPIngN1^d@N zhIy93Do4u)D|Wxfge;{beem!zXZLbsC9kz}(z-s2%g2_q6~reTfREg`?gEbKImQwJ zBANEk7tVWYL2;a1ooDoJO+DGiYz+)E#o-UjwY*B|05eOv@$Y9N8Q6OAK5tAeDiQ?x zp}xw$hn}fUMy=qH5dy2KHG>!>QiSr&w=Sfmonr=(nZ|(gX)d{i52HJGv}=y$+<>-} z11WbVFJ@6kf6G(T0d|T9lsT=jW5i#>RI6~vqn*wm0J~pgfdw4}VL{ARg+KruWP`Uf4C8vl=E9_oQ&>U`|e3qn?0;BwKJ+mJ+ zsCMRP_;a=03tFAX=0>R0`td&jl7?-h?>Exe5<4+7>jj0_99VDgzKCSdVi#YU?uOV$ z?*3};7O%xK^5#Bbo4X6yoeG_ZDYHPfgn;QsWrt=u+hT6bvqY*c>g{?M+UPQ|5(I54VQA z{{Y>$HlossyU$ulkGt#VG!AV|zO}9)?%c6TuYztBp0E*S8MB3u!@q$YNRH>YxR4ry z091{v^m^V!e>PX_68{>xKw+PHHiB4ch&PmX5!v^oJ@Khuim@R9Mm(XUulBu_1iZXw zfV(}z1gSctul6$nq&n?{m6>;ib*hCFhuA#&F0~WOrXXwYJ^pc5LvOxtq#q?+-K}dq zMoCo=!h@%sU>Y)IB1cD&MjxIvw|Eg{WHt7Y)?k@+G4Gfq zFaDgXXRSTDHp`ECNL7G8mHJ~}Q9a}TWcyBCIZSMy-n4*1E{XK%hNw{6qrTlErNMZU zkHHWTVUupK<4)+6j|QgLqpV#i6h5%F)yXH(i?6Niyi|Z87?QDEwa{~c3Uf7 z6KCU8i`0kphQB?Esw&E+^KWfa>Fag0)zP|)1Q3VCJJ!Yg=#C?kA6AMOi1uq5!Y$yw!;TimUXAfQXzeyVBEN`Rs-SAxl=LIpnGQR zLzZGj5u{)RKO%xt?{9@)i2#FgCJyw%uC~h!p|X2R7R$2_XTPF4N_}q)_`pl{Q01u@ zdJ?ADnOEk)!esOtA$bnxu)A#}Oe;fjBy#S{kftS{=s89maX4gEpEvA(+-v@5R(Q(9@`c4+M4 z*z`GXOTf;V#p|Oy_O89J(D9-;n~L}Iydrf;2$oxYF;j}Lmu5Dj!+w5G;jRu}CMTb| z1KGisjIKvdb`Swga;D~y+Vj9)%gX9c#YLA;G~T+?044{lk|w2&Vsjt!J$^UiWM|%A zNsT+Zks~C0r_?lrZK`;a{+U>vs$Hp=Uy%bZ`u6dwBsE?i8`Ge7zV%0fxy?~?-@a{D zG>x!tmPe)Y#XIeddb(d6Y@U6mWE(CwRHTnI-pnaddM_juD*E;wVm1k`H#^2mRW1Uu zHzu!^wKc;Y!a9V7(pL`NqQ>Gz>aDwZk-IqU^p8jf8|O;w32)x>_d)iY?1shc{29FD8rgHV%7J>3#YD=F7vZb=U=|B z>LKqII7}}$UiO^Oe;^cxmVdgL#J`)Z{ta74;0J@hUz>g-eUsqRg#@?!vam>w&F;76bcjEdb%;V0Q_?-L#(?WO=`NbjK zCN^EZG~!d5H=)#KuQ-FnzeyZtlr`j=1xl&Cs9oy>-_V8-2CE#);1U(W{2Z3K}Zq z;AuV6UUZ0{pf)^_pqbX{%2+inE}-^OAOK1k0Hqh zBzcW-NqyV8JdIT;h|I76KDkL+F+lc>~+DDHV_8EHiRFrvSLOMZNR_VX8A ze)&mMr7A*^v6cW zUHngo14c_ee1n&uYEMB_0=kO zA$sd@bG~bdczA8MdUEUVkguM&Ph#+c%socfQ`8T;%U{M$`m?b$PIqE2?=nGDaE7e@ zk?eOZ#PSnZ{)eyy5Tj%MDMJB5{IAJ$ppX9$wg6n~$$&fhB~x?*?=pcTXF$*Me>%BE z0sxna0pbBHAYFkgY?%e5EO7PRFQDzG!+&tGz%^q){6G*&4Y;D=f!Gm0EpN@|_E5k; z!Yj0#?a>wBbVFwN!(!Yr2G@?c9sv*x`iYbOhY0vToq%g{TgUc~$N9;q`4_feh~gE315#SLW&?nFUG$| z21`g_WDrCQ%D{gS84QpE8eg+zZ_@WSj0sGr^d%4;?Aa#iaq|F05Rv=}x zf7S_52m0v>STBJTw`&(Sb%F(?&GX+~+{#ks>jk*!Z2vP?K>lyy0~^{ko9A!F|A(@x z46AZ$+9DlN(%sUvNd+XNL%O>`QjwC7Zlt@rySoLXq@-Iw8U<X7t)kS$0EvNm}HocB9+0mpRb9w2!6FC&v<_+>aZ6kzup47kL%EpC1p#oea+ zRrX%+yuL!+!a%Pb6i5~c@^Mf*$m>7esQBAZ?qeN6;{+Nfdl$&f87l4cNKT-H36XZnm42Vql$ZudVjZrfQo>--kktY@6P|O z>Ym#IciYVk@OI+<_lCLOVG}5P6W0GE{M&}PdEwi6xMj)$+;;N(<=*-ar#EPh{v&$> z+WV92Z+36i>OZoeO%C#%|NX)@%ljW$P+a?i?C*Ae35uXkI{+a5xnIM9w9acCqt`lC z#&T9V7WX5=FU>R67_TD%D6Rvq%K*?<07NXetNkBl)W1%{KkL1BwEx2a23l6ozW#NJ z{_#8njpTNc{z2W%wFB_~P-A)lcv#Xo`;qQ+TzPeLy1g{KQz0*8``@ zdtpk?Dz~{ps9G3bealjBOFT#+YZtDGfmOBgqy8C1ywiLJz6%o1K{S=ExY(zkZ0{C5 z?Odj)Q{@wEUEAT~Q>;D6J!}Fz5#2B^a40%m(iAFM>MwH=bbKreeW@Zw43@HKBF*Lt z_Cq0M1PiUrx1wdC=7;SVQ}*gb#la~=Sf-tWk24G^*15gqL<8nC4GBaSBh&)2#V?{- z9qK$g!au`@I|gb~xqNu-z)p~*O`?hTBQ@e<`NN_h8X5OZS+hve4-qBwMH$^BXa#b9 zh3suv5wX>XS=!1q5s#m4SeFL-nyMmvECsx$Cs{8+HQdvnb0QtpU2&x3>J%n_XcK0P z1V~{8c*IEKd_#yJ(&LU-pc-YDjFeZPJ}#w#0XRHb?B%!SGPj*CeC5ydFbt_IJ4WQI zKtndyleY9W+;@IfM=-_uj-Ck8>CG7zP0&Dm933A$J+P8;0Qc$v^O=YOhl%MR~VMq#-wN9;j6ZXywQ7FNNtWn4O>!$Kl+E# zB|G>du)?f+6IruxB_Y&Bqr79xgJ2A&Oi>nm97?IliOTJnzkTRTXU*3hILrr&IRHQM zLJ)n8pD)4~@rXrmDxZ=erCmK@VFjJidNRuJ8`4*w9hlF%3>vE54EbObLH1XE`bc~= zJu0NbA46xc6>xn`u@q^H<->4vicwKwh{a_`-Y*6uog!sm`2=Xyfq&blA)?6dK~#5} zG8z_BjC$*%P%lExStw7bIg4~4Erj~R{7UMzeqyIFN7~j?Bxi;VytXW1`ua`CgzBlf z0&lHUMk4-PY$oY-D{>8z6dr6nN}{AxNdd4#bT$8=pN>Nhs0uVjw6a5{s2P`uTqw5C zUEvU3w9xYq<~@p094O}PF^uFTpVP^u%#f%3jwHJxbCmgx8Jh{NCxr_RQq`Q4FS`jf z*BXbQH$+Ec`~jOj?^^g2>4e1xx}CZD4PobcVLDkfSVubFg&|C2@`Ya7C1nbdT-!EH znX_&*#dkU5<;pnb*54O6+$dpVzz`)+Uh!#t>x(F-;VvDod0+W)InsmD$x}yf9md0` zK=Pqsmf$Y02x(veCRI;9@_YFSg-*FpYS=^47JH`yKmDMtCjsehezN#Ak$M_WQv{T3 z%=ltn13h%~*;hfG7t+YXDs4*SNTXQ}ZD69WIoc}#Wz3Y^R(pm}vM7e!IQuWtRczY| z0;w5>otU*}KbzL-At;G{=i}mgkgnS&8Gver0#DK%d}tlMiDB8 z_$Zt3W&g**<31d1gjocB8Hh}*XhotGPw0ps8Q3Ua6H%Rz!Ti}Q*r@z^mB9$ZT1gf( zRS%o@rYA#Fs%4Grulz*({5UA9WZu|55cgVy^U->cP0^?LTp5~WbkX@OFMFx++Xs}B zKE)q$!5Ih7=SSU`+M1Q|ADAvpydZ^F^yz#6QKB4|4GoQTu~IKzCTTf2z(OY_CTg{9{=nB`P+zu?ts9nj3EM$6Mb%A)^VtP_ytSeV zmt(8wQilxH{(`pB5d$AQy$DOnfjn}aGWM0(rB>W&^r)enQ^E7SFKi!0WAn&)Becw! zw=EZbjC_~Ezp7iQ-zt0S07!e2GF7&?!LT>y*l;B4RaSRmytxopY>p;f@2MZonP$+# zpJ+PM6{SRH?D%+Nnwbt~*57nLyC9;=fH>k>DE#e~QNcW2`2GwJIoY=kfVfl&&hGXc{jKRAF&Qp!$>rC`^TezHv&s~j!wHG#`cy*kgn$aP0rTWrwl@$gqaEy8*iP4|#4xY^6~>xa!ttK`KWf>7F*mtgWg zjs-1TgPVPxU&VH&6}@}JbjA2KRXqjg6ppgUn{Wz`nKcAP|LZ$-%!QCt4?VhghmWkf zOCuh=VKLYMr>;bBm-0B`15O$muI(@ zS67YC#kkIDH6d2w?3~c|vy^EeT$DA7YO^=gV14}1gp0Oh`v}_&BwnFN9un$n29|2Y zifV%8I#n8Lu2eAcb~rJs(&n-)a7MUp)F*N{j}nng=rJkb~>BySkU68{gL4L`_u{gI+{@^;l5fcInOhQ)ohgl z!69uk6;f%u>G_4qqzqFY?4laxNi*QNTsp6r^A@k#N`Ew0;uV6bm^(WC*~8sCxELgR zrjdLY&=9^ZGVZJ5*XyM6b<3)AqrpN^-r(hvCl-c@kInK~Hw{Gu8MFm592OlMc^CBJ z8mt>#n;=7R(Hg1LE_X?eSWlKESG$3@C&c#7BaCl z4{#fThLHl@9M^M8`+O(>cp32SKPMNda5Ws>G24i#JWJ{eJ{UDqgTP#-oP()2KceK?7n)(RdJFz2;|=y^|uQk0W@n?(#{M#TVnw zcA4(nHe*Y;#jk|fCPumYG8gfxBJjr&yrqMX14#D78HCh-<|SFp%T30wQ09*xdyQ_z zr&bBUm#=F+kA4`WD#Knf=Ul94CMvt;_}Nj}b2fXxM-`f=NL(i4!hf+`n^G=Mm?}sG zb1quxC|+HR`Ad;%>IugfV=pXZrdQ&OS9cD1F2=A7oN zM0WO*L58M=gud&WDJ{__hx> zYKiotW_p}yXoYq^v@t#T^hY23gSbD?@*s_&&ut><4IAN@=XDA`S0Pe;0(+?SGrvGE zm=w18OsRrPB(E(`_N$CSBBQZV6aw1>(O!c?OO73DcfdOOvO}zEbF8(#(CB9k0JCQK zmIuqMhOnWK(>^}=hlupgT46-x@-?|_kwh#5KLsu+{K*?$<;j?q=GeV_Z3zJ`5%~C9&EEM!xsnn3+ynvdTnITVv<)w&?X4UBu~dGL(l6msklZDa&Ek#pYCZQoRAV~ z!C=IT742nw>E0FF(?=O8!E@-)MdO4{N})-&l_0Ivxi8F#wdqZSPB4}yA`5l^!S}UrDS6^)k#uiaGfP;PVd!>>@yKEKii=?}yozL}%>IfQyln8~ z=A(V0w}o~HE`G<7ZrVZkb!O*tLhC1gbl zCQ#1=`i@m$cg#Hmt-D=Ax!E?{WVDBscy_r7Y)sw1&LF&MQLk*Fk4rLkZqOrzD`JnG z_`s^N0Pgxg?X1p1sD?nJG=Hvh-n^=B7*JfVMOK@`n_kuQ!^L2p#;6&{qSB~7#5S+W z?j$-_9-bZcXmxjhmYl2IeI(S0<|{`wGXU2}*UKH*hy~0&I)*z07(YL;j})EBos0G|X-4k}E6BIG7gIwVN`K@m z?Bc+Ww%6L+ju8!|J?uX5t=o-`bcdjt{X{k^@JNGh#^!nF4^Ldojjmv6R^Iw$a-|aW z&7dus?3d5neX!hxXes&4hRV(AOqq(=!lO5f0LCQ|>ZFFJVLA&>r#y32qN>#TzEB@p zN|HEMm9ZwqqY5ZPv&BxMCYroB#H2*dY=Ecy`eBh*FV80|r5_Ilg2Q5=xf1Ugc}ssF zTTr!x#4v5pdm90SG0~mj6{Db(aO=&I7Gta8iXYP9(V>KVkjE`V>jnV<0pMC-A3152 zHD8=jPp*E0ao`xrr>vw~qVdV(P%&T)oLYVR^G81G_Yu9)c%dRM?^k)9ItP9$gqsE3 z&(Ve{0p%PU$9k&Y_#1oTyoliogTC)U@+>p3>ScqEVCyk4EtWIshwQ`b@XboYiDt*i z{4}DFhk$a$fy9Au=X=bCgr-B`_aczY2T#_Xdfh>Sg`$GzVYFzpa=;oBQhL`1H>1lB z$=k=ZT)Dl>ERvlU5-`qqJ;D@~QDDZt%|Ti`oKd9=id1g>@cVq4%{{y)I~)1CE{^4A z8(#;L=LzkiqZwQsf3#1}x*TncRa-6(&TD3BS|tI@Q|!^7Lwq^aK26;H7_$xhpDW)% z_9rY7RQ|)RU{_DmVg@`mS~K-8j*EYd+p>Zxlelp1p7nE(W9I94pdlXBuH*Hy*!kFa@XDE2$6vQK| zGDxgV5^sQ$8Br-*8(F5J2`@E8x7Q_o${O2a8Ip=Z{#GM!4qo?@+{guqg)AknVw{ck z#6kGfk(E+gUnS$JI-dP$$g})>7f-wg^oac3VF>#tkm1DN; z9`CDJdWv<`8V&ARBhKrXxDiq`|0U>V%N_0>A3lzN+Bp;En!d2;{ek_-5J)7HpdNv^ zKvAL#jx81>xJ3F!(bqAb@t~6z!mKbi%c50en)}ncul&fy^nTRSR-4`SSLi8?{$QAC zu#p$`$&LY%1Qguf7}*3LpY15U+qxL?M=U4OxOf$M5oq}QnSey~OQN7FBR*d<_$Mzf zAD+X1jFk6%h6klI9jxz8i>UGHHI?x)x@s&;UQPS!B;${sti>^HLfoT1m5SJ+qa7Z4 zE*|gui1h^Zaci1~92%S>MuStPVNLC2>xsppdP=3^XF`em()nxO$~;12AP+Jy+-eor z?+-7OMFhA|2)Tbn+LC94C)t1@0xn(a z&^h0U3$DI%nRcya6uZ)+(=vrJR0+auW+-Ay$;WZg(bg*|sAjcvt;fFw%IwrrRgQ2#6MOgO-JM5^`219PFHdO>2tSnqlxB`~JfTCGwnb=IK z#BqZOH5sudnB6`tnO6lP)FCdeS0~Fp>HeZ!CKYv5s%I8vKAH>Ym|7^xuB+y3t3^6% zPNM4UFM4Psjc3ykNMh=8vs*wkK7Lj=y29q^Z=0YX%|L>L&km?oPnSTE_>A1KNYXW?)v^se)f=Pl0BNCiulYS%SZZF z?VhQp@yfG@pBEmMJr|}{(u^uJJKvQgnY7uDsXBaj3d=l5cf6PoxKKU+1w7d2_0w8v z=mb;@8&6+o)^=IQk@@Da0fndKA%&y;<~j8G3}Wy4n;ta|QlB*gfi#!rtKZ{3SOWiG z9aiu4W?3MuYsg#2!9~!+!G*iBz1z-6DLK|d6Urf#!wN-&V_CLoBeZJ*JfCr;{Dh_@ z)t$2Ip@G{A_bWOq)nos06n4nEFdGuD1b|fW{K|n@3Axl1O8>O-R}lv_q$L=W0#6vh z7o;JNY~zc-TeXs z4dF~!kI1b3LD617jG6oMedu$s@HV@QJR>x&TxTur!Z$kfW%Jp#V01^Za7mdYJ7SY5 z8Iu{*FzTy3x!(}d#48$8Y%wh(g1jDap*McY)1OFgAzmS%v)IS(G3DQnDw?toS32Wa zD}z27i!*or%IcC^Mw&59xA7*=GiAcv%S$)8t*u}f4k35gOMW?~cP_l*$AKM1H7Tlt z!P?l>$&WL=+<>vSI?s%!cq9D?-CsHT613C>A6}^R@1Rx0@e|u5y1c;0l`7n3D==S* z(=0m2iw$iwAAacrKNU;?Rx>d6E(bp%aJBvEI<<3Gc34|iudBv8k4m=ObB!(G5xwU) zOXljHnBrrNEs&2m!^|Fyj9XZF9GrfAjpk!;f$ii?k4>v*w9wF{&RAJr@bCv7W2v`4 z;HQy9tEbcfE>(ESlO9u7=@za1(s7vN&IpR14Fx6%AwqY@N~Da6VZUtt#DJxh7z#CO z8!o~U{Pq>5&z|5+Mu|R6#mU1#r7i{U#)AW5J4L07ZU`G7L$_6QPX5NZo?Ex+0=RxG zvT9gG!Zgo##4+MISlG;_ypIh&^FsY`eLpOda7SvL7Lt=;U^qT_vT_9JJcObUGUFHr zrhuA>5hjkrXX-c0BIMgtJ1n+@aOneu&E1L88)adL8Jt=Awl8a`H`|z=eZOL^P-0rp zeNwRX@oZGh>^tK(rV5TjjydbJo;jcKzPK&HNvwrz?|!L^JQ8}rtoeD@%j3ly^sMLY zdCsFT14stp){@^yA^4EgV5YW&$EjS0C%%4bj)kvKwh0s2G7GD7R(%Uo_^D0Xl-Cox zM8f-#1N9uf;?P)?016~C;6yc?xUGqr6-w%%OTY(wRl=k3?V`)r@q(DCwE<)FHgv1Y z72?4ZMqOrtor0J3xiS)~*Z>0+l#E!@VGp~o51wn~0uD#8#EBtn13cp!h_-=Fg6FL1 zm9IBWPCFvKXlzKtFSc!iOe6zkl`K)1)0NIbBkJ-*^?f1_#OY~*(S_q4J+LUDp>Y?L z{#k_`ot3D{q$tp6m3W1^U>qy^eXS=%=B1^w<)@Ds?c=Z8SZ5Z5wzw=ED3QmK#A9N? zm7rsuV`NbIb8VIwi(%GKeK2u!)OC|)d9rgQ;4rz#f*>GczeYv-bSP8wTtJ;cr2nzB zU*QJwRF-}UUnsQwyRCQ5`1Qzq*_8g<97lMrM=P!pC`{H2>Pz&?N60UbDbv3s<~-CK z*&*ZS;Nv7i#Bk&2ef}fdf=JSU#3b$6cYhxOvi5AWsXY__-BSxoy$~(QSfUb3NHu;! zPqi6mVMW!}P(gf%t#Xh0P0dJ?WFyW#w0yl# zw^3219G}5#!QGZn@0dYfva^{f^$IdnvL-8_DZ3~@A+e`M$^2;Cw?2rZ@K{eKe*J*d z%Uufv&_1Yc21}GqE!|`NscBR+Rsqc#RijgP5Z=QdhFPGoPabM~RWA{#8+)OGa0(mK z_02cW6uC#UaGA>#(ZPd;Gue2}l;?QKHNk>P)Z2}6TN0rH1+eBX$V=G>c`l4zd^Z!C zw%cxXJZ0(M>#=P!&O#4YXCgf+a5_2VDE(f`eH1 z&9XfIDLPe35i6u4k&r;z38Zl2>c%q+?FW0~0F8e_2Z9Ref38%48k+%toF3P8+?%50 zU48uzm9M`S+V4>faS+`R4c*kK|EBI21i*c|tm`88Ee*;I;_9Z!6sSzg_*bL2KNSA& zQ)hwd#P^u)K;_zhq2yl4{YJ_C!auOa4ICe+3dsbjJ^l-g_bQ<`FLl$E@dm5$FNE)b zn64)WL@9RzQ2~+4UH^7nGQ5VnfY=3Z5dffh{}qV`62EnUe}w?JF>)*L7X}UhVkNqs zj2kncDlCYi?l%O$&G7y~#Vw2ua6=XaVmku-NyTpRP+C=5aY{6YA4%m1U+4yulWhzWlk%0Gvko7iwW zn7{f_u`^v0wEVFp)qPOG4K>uQf5w!Z-E|INa^T>yLs zR*-)Y0UvJ0cl~e^Mz0@0hYRrG2F-Q-%T09uU+-`aB6V%yjsTApM8XDCb4TaK3ZioZ z{&L3^$NCpn+<$wAd$^Qq3wP5G>^KNIeSqC1?;dXa9cbYWB?lyvyZ+PvdWU;^321@k z4(-hXLVE+b6Yo}r{RR)*znWmrHf^S>KEL{)m*229&dIL`d;su#NUsC{XIoEC?GYCTV_fUGD zuIzpYy9tA!&rkkQ%P+C?zqSqseTMQcl-%2ZHzT=!F$FF)a5X?X@fLggFErlUaR0fO zf*7Iyh48(-bbT=earWI@OhK%D*T3Bc0>Iry1Ke#iU{gp?umFHI+Vye*7yBk0USA;Z zAKCYb$^O-y^*#~Vy*n%Da|fUq&{r3?CT~LfZ+F)FRAl#6+y-R;=mUoTuHxRobzjBZ zmH~Ya@ZVM3_u^|*Gzfls^NG*(eINAE$$wXI@94Qdirb(KxYxb>c4z%Q7x&JVdn)b% zBjB&V2wcHGOy@n{1>PP&IQ9DH1l(W6*h=mA-Nf1ni2<%}4FTsm;BJ;vRUKOT%R@ASXa+|O7km@A6Hi+-G+^?IFN7`lBES0W*!KsAe~)WAH06s8e{xSr!rkQlY{%R zU2%FwBn%K3w56^nycxnN58Pm%+HddZ}x++G)Q5ARE~K16@xyl9m0{p zXtEi?%QouTf-@A6!Ioc%{9&Gs;~ILr<%t+y%1qB)kij(pu z2b78apAjcjc1V&k3eTe&hXI-a38FjteIByRU><5NBdV?(8A|=F0h6A3v7uecZs3$n zY>x6cZ0kKd5zzw5iZ(CUyjGSjM;@eF)D1S_o-T+q^Ii5IZZ{36+6 zJ@HMDVS^I+JO0f~f?i}VB3a@`FAtus2kOLza-%_zNj&FZ-Cw@<81TAW$dOTRr z`{*Ge^k%pLb6~g>@E&x+;E9X^2w4f*50E>B5U4q5e!x75VWRL!3c`Kz&gj!X6e?bf z;AP4T3uza^o7$1`+E04ro>v(V4<)f6Fg4p(@T} zr(|%D(0D$=^lC_}G>))mtn@m@EGbe|#F=?t!Rx3Hk{()Q>&bI;?z&}T%%am`hv6V{ zn$!+Ji@8~kTsiyln5BlhH?*cVzP&2fU-5K(6|lCziBNE69DAZp;4`s)M3?Zc*o!CK zEd5L@hz=$^O&gWklSfe4oOxw4TW_#PyIriK6|8h+{rk7p$?x{PtQ{+_d&>)sS`f=F zsSUkx`}Cjaq6>@%_arY!y#_c+Dz49W;7ib)((A2q!I9#Bw9EVMo~xb)lUTAuEe7~ z0r$4p*xmtitb4k&RC ztF(k^u+Eipqw`g<=!I@XT=iSlL3WldX+jRIZ<(nXpg_QVjCAaQnzxlV^XfTtmdcoh zj7ENNfZjN-eJPnUg08>^@tl2enjRz2rTp82X2ax#Z{L|Dl(}A5ZII4bc~!k=D?;?6sgOfvJmb@b!sXJH!mEq+W!$o|8cPCNHd`O0T#tQ!v@_?vrIE5?AF()WR|{uuZC$ zowaX@mu5w|4<+A_3q$nQgg}-uc8@d>2{Or3zqNpfl(wpIfrp@1;pV@CJwbn%mG*Ft zd07Sq69A3WUh0olMC~R3pdZlCwMF%)l$SH%&B60d5W+#mMniJxfK{iYkN^0IM=X<3 z-Cd~8fh)&g*$rukI^(UEU{`g1hMipwHPu6gEx4_=b(n>tM}WXDx)yB2MyQd>xNy+< z8tMpRo(`|sW1Y0Uj}H`2^k3*4wmg!pj!0B!?Cp^_^{qgo1ZP!I<%9d_b=m#;(T68n z$Z`=@?qYfbAIqLz2K!UF*O1O(<))!Mc67o!qw|qIAbBDkod#`LJeL6^+SFije>MGm z3g!LDEZV!lq|4*2?;B(B5PTW}(lY4a4>j5=*L}Je!(j-KQ8yB;hvXkWKq%1Koo^6> zk}!WS$!H<5TjmFYGuq{S+Dp?tY9o^%_NYprtmH>^CQBK)M+U z_koTiWp|Wn2vTq#<~bD71Uhihiv3Ram9$5e4^i-p#yLzNso6Tj#!e_T6`~aa{E}qv5}4D``H)*emH7WY;9;Bjbko2N6_?c{)UuY+FKX~>3IZD(ce zMDgi>VcVK7h&(}WW0&S_mb8?|kpTzu?+{no6#W~1Fi5$(9>91 zzAF;17F)j9HE#3#0!_0|65Z;Y0*mjlGZJWoBgrii5mm%ap6X~%f+MNP2tTvLgBFTc zX(hr%_M)Sye^zH>Am}I_Tj!Av)DFEeqp#X@-it@?eZ#K6QzM>*<4(80E|*g_oV?RE zvsPOr#-kkB%AxEYkYzLQ4uc#0Nv8peVoN6rF54k0)af*ZPRm5|cG>EgNiDsQ0wsUl zp!cXI`2%@uBu=Mb|;0WJ) z#f`(FQZ7RtVhj3ycG_cX=5$IWgIQ_|N9!!6>vTmYot)m#E$lh4bL zLzZKUg3nJOc#RIl;xeNZYdCxz<^b^GZYYQC9I(ng|4aZpaHtZJ@%;(XPmRzq!# zieMV^E2=8w@*6Z#nIye(I%Ddt;jZueCsg}l4>N$*z$ZlNpSbr-sCn2y(irlkb zto;MLFvk0C-iriRRHA{vx*zllIQXtmb827_y5|C|q_Kes34N`&KR-xbaqKVS$P z0k^X^Mz>yfvLCbkC0`lSt`96*U1y##kM);1I6sB?fsHN!=VzHs^B;Hpl1?P_%RXuJ zg#i&Lq;5~B;?TniTqzm&RNlL@9}RC@wbzEl4C`(8oUZr$_}KsXTfpjK`^egdRomu$Pn7RSw11ra&!7Hboe5eI}VxmZO*IOaH; zy5XsIus;KSWMPU&Rz|!xbbdCl)8`Tz)*u@=>O&+Wvg6cH{bLTRA*O8R_@9`%g*3HwKPf_Z8}IF#AhbYz%re~WF+&Xd z1RGkx-BN5RQ`89o()&Tpv=EAHyZuaWp&lJme?cwyFq;J*)n`N2#667$k%8gV#)E-+ zW#Jcf28n0SWA*uHXr3EXV(CQqyI`S83&qfM;ACI+n!f>HSCVdGacG{%4|~YRUv#@s zMx>CQ$Jf)X4%DhRwKM!+NLa%-P7bb3x8$9RiQfgQbUr%Z)l&hNH2!RbXB^-kEuLH- zug%f_6Uvr-m^Ri%C1zBJpKsw)LRTWoV4tv2AZHDYMIU}BFV}{*990m3@^ObR+e+1w z3Ub>oGjDMkDkWjDd7m?#(LH>RQ%QkU)Bom`>o&gbfy5bj-?Q|!HRNEE+AaZ(^Z-x7 z0w#>36$LcHmy_)=>D0MQ5-bsw%^(T387w5eqVV+j|Ec_vRoT`j9i{ zT)ifLdqiWvp}uL?F;%sbyehw-b2{mpg_Kqqb0WWm5P~f$^o+Gu>j$Bd#}4e1IL2kKdaG2=b!KMWw`NWSmgU6#$y&3zhO*P0(>?~PV+l@{u2-Ae zri~|f921#%5fJH_3(_UQ?9Rl>yGA_H9S;e7rO8MhpjhmD9E?Zi%S4&N{uKETeUAyx ze2AE)PPI$;^xYb5-a1i@Ii}`iVmw;6cZcWn>L-6;q$N?AF@cjQom>T|+3eRoRlvz86o@6mGcjORexK;~Lyx>ZqoSrNJyWNB zAa9#%7Ma9H&a`HR8z%N673T8S*BiAI{16M_suAEi!C)(ib?T>rNni&|7NvyLEJq8d zM(^QxxT@<}pABj14W?aQKF4Hli;l|bsrr_XLynFDztkd3o(%3>Nw`~`kCg7VczU`x zzZ8X3H-u`#i{W9fMQho_W8wdmFyD2@E`R@0M~Sw$%ldF}d3ATm*5QIN7)fjHxm$wq zv`}km2DT-U3af#SXnz)F=*l4BheJcgw%z&~87d{)6!E zmhYu{ftGI*a5n{;e_{Dvsuw7Hn}GXg;omIZXP)_o3Mr@o;%%D$*P;A#iS#}h&EGTo zKpX%IsJkNo)WPLO;Vs$B-!uC+)r`9m!F6&K04!{>fc)^Eq<_ii-&8>Egl~9#{;Jdx zft=!=4p3qqm{|Q)$2~v%Eujz0=d*wa9f&|w8u#Dm5Bl!8=1rdV8fS7t*7Gl9?|J5R zHXl@JyUFI?)!G1ewKkT!Dk#fc6_f>31qBY7@jnGuU@jO`_WoNo|3>re%>Aou{(b(M zztYbvcl;MDAQA;o5*$>0`YnTfGxEFD`cEF61;ki!J<<0@{m&{u@B9xcZu96YH!L5w zAeKL=xL3Km_aY#?)%D!nWTZi33K2mHE||Kace>A!uIJ50)-g#R8?SZ-eUFX5YG>(&YXh2>uYDX3Z5 zpM-z6{7WDOfy!?8!N0KlOCV*sIkx^J{F~+bj5OjzHzXjpJMn)TzRy7eoa~zb^(W!q z4c|j?+;*qBjRpV0@I7z4V?6=Ik>6y0xBH8GfsQOtF#1jQ?}sHQDE!AkKquB8WPi7N zKNjlQywx$2H?X&%yu5l)NCk|jpvwlR^8M>T{_((KxuK`I9m=08P(bV&^Zg3csFJzm zOc%;!krtnlm7|S>>3lRimJsPPUb%_)Zg@jTipV0t4AzSYV?Q7Z&o-ac1I~oL>n9a* z^g@fG)z$-k^Z@{aNzUcd&6Da)Q|#COQzti{S^gL<^$tk=%+DGXzv@$d=(G8yf3o}& z(yq%i`v=10=gz|k=VzX*1x)HJ<9>!mrz^=waoas7Pa6#TchVt)OWXDw3nqwMIyi1WC44e- zpn7_-nfzUsn2!5(>I)3K$S73whBYOIvdrx@z$YjS7c4^zC86bhK!pGH|m*T{~n5 ziN4st3KUs}{6>tnMCOiHk~lf0A8#0d6Ml6_ZGmX(FlL}V_nn@>c3xR;R$sR8H~B!@ z1;|~JC_wqO$nd0qf0V7y6_78f#2z`)khvJ^}Sy@E#B<9JY()<<);YtJ5v^X778klpgG6H@o z`+(;ZS`|s)5_!jUHHsPy=1Fdi{cg^)Hjf|XGJxsnQM^YTA{QO@7PyWGMjqw^KPD;U zpKqcc9Gn`+^ygyNr`ip$np!p0pQ~2+%ZJA9h19)(ZH&Z`K1)dqC^bZ!r#f(0Sk&(!$0^x1KDw8q3Ujmu zay~mSQ}>>HruGw-3XFi$BMc`Zo<#QDlN4^G_Mkbw(7^Hp*#O>}q#jNpxDQ_|B*EUB zV2D2PR$+VgoM5$L;!kR<304c>hGs-mZy03vptWwU#n9 znb%LPxLsEAI~xlEV&+c!T2?SHu z{qSDes>Q^9rR$CVou{Eqfx*J#7BbeMMr1dODd$^j!V3|dJF`5mSy8 zolkFhq~QYNFLwkEbl?-w>c9xL3(p3_LLXli(j|GUh0Fu%WDc}119n9u ztvAW)!M9~l#&{y6zWgi`kHAfI>WfaR={NC%D7eDvCor>%Q;XG3T;nYE1<5I`hy-hf z$Uf2651uy>HM(*>8bL^y%J1Mwy;~Imi68wZn5ZY3w86(x3Yv_O;J#+CG)1qit#QHI zb}97ZxLO!@QZ+)A`L%i&6tNq{0+1+35d$N08B=yc^<#FlGhg5hAAJdUbV}clrS|pe z{4pEEj_YNZY=Ie&(~;?x61XkxqkbT6l^Ytuz;8 zwr4KfqX<(}EWS~$VFe4zdzE&C+cEFSr6GgyV(-o4%jr(f&+PGtd#`@_CD9YMdv*#y zWIt_tq+~2kwu4jlA$uz&UnW8ZvR5@+5ZFoPX;)`NGz*nDI28=bMP^zd$LSH$m*$2! z7gy(6NquxymCl%g6!yg;r6F{4a4*9chUc$i9*pVZq^rlx;KnII%MN||P7TY{MFrt{ z!N?`JibSJUrVu6BavGJrlu)B|I4jC?n7SkT1jhp03)R=Jm1q00ESW&2{2ITsAEeKS zk332#Z(rULKNjbqs)jsPA8Hl$=(VDi9G;!xAh2 zt7beAh1XTH{Jpngy*reO-WMPC`g9yH}mI_nPcx{1uAD|O{~1;O6{JJ5E=0!mJ`V0Q}shxBMOBfA%r z#WWs;WXMzINJV~q?KRDO8+29d>DD3Sl62i?7VoWUJ(Z?hlEM~Dv5V6ZpMw`um?-n8 zlhneEF(%O`ix#E(1n5KSid#dH6cX}U1mp8K`KgY{I;|e4P$-2bMo;ug3K{<#_{KDF zBebr-4bwmI!6qkg;wX5? z2l~moukYdGCg*ganoQH%7sEbX6t~bhWeQx(Xxl1lM~Op8W-`LX#Mr{Lz!t#EZ#;x= zo981JyRZU3fJ8VhP^H#WN5fD*d5o8W_MQzB_sZIXXaQz%T$;2papKbLRqPNPu-nY4J?leGhKIvy$EW7wlw`rWg_ zd3{VZkU6b~y0ZGC_VmN%(UAy|Bv95ev)x^Nv=+wu{+REKc(I2mb#)9+y!_l z(jO8($K$a6KzxK{Js3B!P@Kv<*E*=S+lhO%i7rt$27R^Zhcx3l<4E6lRQxl^sb2gF z3&TV2c*j|Q&B)sy-*HvnB=SK7dZZZz)~AUs3aT)@a&OH~iQiB)%@B8LOX>f2lx!d49r3COheZB@pIdDtBTK#~lCex{ziB z?St^ORtYUqI#J|pmzBk^NWb1Y+A7mDLWM;^ZpQ~HWsc;MBl}4J-=9wix2ybFqgNKw zstrozg*f(8XpLfDr9L+G?39nrfKsap{N}9CJ>U8xO|ah7;Ipe}3Eu3ewvF>FMjL#m zim8dNsJOt>8KOJ_-H)2Ry*~tzt<~BhLc&JT$o^WC2nL58OqB>sR^C!ZTG?-`M#MnitH6(=#M#)! zeG<8Sa;j5p6;!2X)c~Ubj#ixE$CCIq;-rPc{-ZyByx+Hv$#&sI#LL9xzL>>K@QML5 z@_4f9w@p6G(FTRL1J#|j&l0m+4Pp8C>Iib{3@i{izp=aMC)nAgO|l(8>I-X&lx<*g zv%2%sd5W_{?Ju;r==oxuc@k9KXHfR#=Wom`QJlu-NNhrAtNA7Bhm8By8s|-51Q}30 zY(u|!*mJ`UBhNUjzqC9H{{eN@RU)9=-99UKr8G3zF--kJ)rm)Xzkq4X$UN8i&<$0x zra@?pL-Z3)XEd0&Q0Geuf#_WR!BbfT7Od<8WfTS*_(WsGt17Z03Y?6NCAzP41pg@3Bch=GQnz2Nd=)S|jowpL=%SoxsjCEPfT$AXlZQ8JHe zl129B5xPh_T*`--G!6Q|r%IB<-o~WQ@d@Trxr>TFx)jc9iG<3XiXfx*`QC|Gn8Jma z1@EhkQY5$`=nnPl?Qr>fOdq0YR}cLvgZKw=%R;)j1Hq0G6qY0Us*eC<;-rnIxTdYs zpF7aqBN5E%d(7~p)Armf|)e3ZEq=d4i2HE;%zfEJ8;j zll^4VjI72chA~l2%(h9{&!*oqXH61jZlOy*AT#vfux)cTQ4Nn#Bd~%vs1)b3<|VpAchoM5jHW9H)-Cug6x zfeUQjV5_X(gyp__$k5!(qn7N7h&4(Dg&z5tzog%uyq6-p;CliRaw+6Xw-9oV2L-eY zb%SfIV&SSf;2B?7mG^A%Y@~s0;WUNBPv_n+D=4OTnDvG{s0yY-M)5w4*nh69jo;@qxz>pq#exQRA+jJM!w|v~{n-lCR8CwYi`*aQUK;J0NE zhY4k!i~1sLarG%gdSZNJ!^WZ5N|`{6CoYTg$j@tvjSD&CQs;bj1*!h1m(jJ3!%DC% z^|_`6Op!-+fd1pslN#EPsOP-qh)Fze(DFl;yhn_ZbPsLkh$Fuc3#7+q_gE_vtRi}o zc>BjA2)#W0yjM6uK4BM6Ai73m{z$fc2QnK|SNZFF(LfdP5jQ!t#?GgxG9*i0qP!@j zSnVmv4)EiIL=mG-Ym;?%C5d+@N#T+P1;N?s}+Cs(|@#{W; zKP%9rd;R4TO#IkXR-MYMl3qzXS(-TYDZVTKPzh*feceN-t!otzG#SW--)EC|(;9K1qe+F1 zr!a$UI`a)xw7?FioqO=ORM`hSJtU}#z50?<79GZjUj5_$F?Q8)Q7&B=DFNv&>F(}E zq`RcMq>%6`0`&&8Z%*=b{%=$jhc_z5A zcqGeZdg3D_M6z~kbn(n^PJa?L48#M0G=`-1rb9a$MuNlL+`Z0fjqxvh{Q(V1o>Ph+ zB^CQ$#Hx{06>)^1y70zB#8o zKde4|#XdKknOgmwg(vvyWoBGooK;?Wd==Y!8Tdr_L}v)xrKGMwid6ASQW*4b)P_%n zhK<7BFHE(%vQB7(mNBoU8s0iKa4LP^*pD$=i{dqY=V%tKJEXYZDO{*Zmc*3qBLk^W zW#0s$S_s9xHyX?`T^XuG^nq+6aOvR&doWazxoyhoQ>^EZmpRBWXG0Vad?ji*Uib8! zW=(rysHSYutt~&T7mho=qj<vtZ&EyF*LRE3J))2 zWmXJTpgayZVleSuaVc6EBNvboelIRHG2N;uCX9S9<`Ebb-Z~wWhqY5}&=L1ibuV4B znA>?_YEj;`P%bi4)Gs3*X+5kExwarq!^&;r)T7y5pjTCx03HI6}u#NF2fcbx&fTKUx zxXUl?JM7oP0-{g=aQ43r3+%o8UwGdQI{W|U1omPc0Qhm-2vlEp#oefE13p~82nY0; zaIgVkrRxvZ=m+o{AXWwV2H3oRgL~Zs{T1*7dA?b_{{r}d;{ROkztK8i`}B2euzvBI zhPHnKexQ-xcJZ@MoCB;+{EsfcP$Dq2?q{z(2UxHDA64 z3pW`6L_+@Bk-r1{fc|fu3BVZG{{AQ9TbK-R!haisphh-e68?wCzW_;~1|p6>7~hTz zhN=UG4T2g$``|xB27{6S#y~LsW)s~qz8x7X0|CZBX2Q)@yk&d~00XAy-wOtU8bSN` zmhtV#U|9zMyg*nZs2bcdz7_dbjRX)w=BAX~GQJi0SB(S^L*}L+-7>x%8LS`zh7HOv zP&K<{d^<9DLHrHsck}FiQ|5mU`vDJ`n+Nba-U|qW1vTydI=Vmj1IxpIo{xZi$uSslRs0(3ZEub&E_J@3!1emNJxwG=>=1?*hB zA;EwR2Y875g9HQWg8n(0e;$k1Bp6U%>0cz6|LYGdb%8Y(j0E%lY{6v{uFphJgZwoK zh6B_hfBoIh$_rEtxIT_Jf0lF3pT{L9aHhX3;y=zraB+qIbS47h|6HcO&%~ci(Hws_ zMFR!|nkOKnG*}xgXym_f@pIImPHRy8|C0-_LJD@E{cPXn0JU%by9@9%2Ac>d^*A{| zEx`Zo0<5Tlor%EK`|Ae+`Wf=?F2G9bZ_Y%{pFeXrfhWwry8=7p|02PFGT_&3{kt;} z=>O)K{6&KKgYm73^^4X3;BLq37HSSq68`_lz(x8yGN`)!!T5IMUkdFF2?n$e{zGK2 zLJOEP=w$kX@$JZ98TgX~1KNrIAuw3#{Y8TLgYoUaU`cmFg1M;${~<6~w%w3m{$zVQ z?l0*D`rQL6M*kr$SS^$#0g_;D3fV2&TXDgg?tgcD0h0|RVezZ8-=ALKE&2aKf??xj z{gnh`ZI3yLcDZ9P)NY(gb$IktnBtxp61^FDY^-a(cXLTnNJrg+x&U^$#8`vu+UlJ; zuU_2H1@GoV=dY5ZFI9_P^*7FJf7LT+m_%7!wZOsIz2dBQbv6t~2`_135xj7J54d~X zmB-8RX#Z09d)r76&OkO2wXg6CsQVm?0gm1i4T7hei$-2fZ;{`um!B^$*)#+P1RrtM zYd871ZThxm8(kV1e!jZe6-C^fX?`>Tapha=bNXCG%Yc;U1D1o@whLq zQRJg-?o!`=`oMWUMsxoT$xa&|YYJvbxkwE2Z5Gzn;u4gK)`C7RdvldR=jge0=Q2Hg z!$9fhQUw*t{n&Z#+C4AJ7+wTg-$yhWBk<22^F7#O4YY@Rgh)W8;I3`75Dr&PswVw_ zV%Nf-XR1YwSEXE31Xo!_-8GSs>2#5;yq-^zsri1ZY1n*WQxjn)JBgU)5KJ*#l{YDe zN{zn}Svv)8l9?M!8kshXVb$}yh5?ihE3swB<)iI=FcqkL88IgHsGsB$xWc2qu(>}6 zBeKFqoR1k)8$9!VjJPZ;LDon`!%X0wW2TAv1I!oNE@;Xc{ohH+9ge<4IVBlbz$Lur zAF1g!G<;rozgtdKBP0W3@wt--I^7p)`Erq&EX&fxS?F2*9a9T`y~;beR?R<*AN(*5 zQ_nQXpe7BqS^CIP-Yk(CaCh}cURhjDgBQt*(QREhw|mV2(KL{=EWg@LOBedH)7b)yEF8bjOt2y5faO;!GTd2?)n{t27~gpR??B$`>T~KWIvW)a0)Z#BWCQu=&4qlU`c9$N};2L zQs5n5o%VMjNk4^!bMBGxZ6##+Pz;IvDs}6$56?Cs)@n!{PPSN}l`qveV2UdAk&4Cq z2gc6HPM%OJ%JvSiOlfLfTmKyj;fiMNi{S@hl%LQ!R9BSz23n^vPcle?SN&D7+5aVR5l3%{+A2lBjQX;@6jK5B_Au%=fvD(HtU~1=sN?nB2<$seDL&3TYi;GFk_b{ z@7-7#lRkWO$QYl#Z(?Pz@WRElhycK`K>}=S=Ip0egbW^MhYP&*b&oVD zA-1NGD5pg>NUEc_g{TP#Qmg$%jn6R+%_Bb{^>1Ag)3v8?M6>GRH_5+UD9<)FK36x^ zHzSOzkCZGKqJ~PoCfS%8ALiIB07y0t@Ex*HM8=44pW?JQ*qu$v@AUR}eRK%_s+zgU z?U4-~<#oyDj8Q%J6lI8iqlv@S_7V%_;Y$rP@_Ni46G=AFEe5(c7|>Aq(3+?+(bUaB z3A%#afzL+ivk^C~GFy644^-P=I7wFrV9fj^R4;74@hjbnweJqZEnHy-=L}@iDwd9&Hf>aal zBb1Zj%3`!JdudYwr-*%XkH$lrkR7MmY4!|PT~4ZG??il+6KZ}lX^~dzgt!cgGLMMU zi9}EzVS&8qE}T^XRS=g;+g zyE)cTg!ayUg?X8V@Pew!+K(Yjh?L&Ku$Cq8vtck1!`fFX2+W=g>lQ>a`?8$IY`P8H zhn16X^PE&1ESb6DqOs~(W|PdUQUx@ycS@M(ylirvd{JHau~ukKd%x72hP$2VloR+j z*`k$3P;e2x9D;*cZJ{}&mI)RpGiAAlm-Ga_lJWj?IpUCO-)}QvuDRX~Dz+r{C{~oT33E8*fsDgItrFPdW?RTwa zXkMMPlSB$~bb4B7B4R5H^<1)a6pjU4#91|4nTzN?Ol#UNdxTa&LN7XsXvf3vsS_0n zHQM=0?C@PS2}_K@j=bkgfD&xVe6rhdEZp#6s{WEuRjCRyku}`U&(075-D6N~wH5*q ze&5c6g`)$KNvmo4>N}S~?zHS$Ve)4m4S%HavvkzT{ zFOyTI5B?3{lS80hSvEmduZlMGLJ=Qo zaNb#b6pSO-x+d}!DMHhmD2dpv>^)3L8P*Cs{Q{Zx-W+rsvIgDbP|@~Ayo6GtMg%CW zImkx7ds>b?RcE2rsW~K+qXjYLQOoWL*60BtF`_w&2Td`vwQTKD7$Nm-HA zuMCcllW?al7RF9l(1iSFVi0*~e~OGZOXrg33(hZdGiQJAF;O}YzQZ^m zN^2q?CC;O?q{bB8E}&ON0HYS0EIiig#hdGM9@cHz4WP}mqBq1>KkiG2d#OTNh#Dv` z0AtCW3V{UR&5(qhm(z8izlb1eU#vKEzci2Y!mN=bKaNzu_lEkkPxRw*rPO`(s@~7I z?riN!;2`=uMrWV^<;Uo3g1y@^ahov<;@79R3z_$7?HOJue6D^7At6qwy3Qv#fDWfT zW#R)D4cY3U*)7;-@0Kkq>TE0hePNvStVtTB<&9<*!fwNrEL_8(EF?a+&nNjW;nY8z zaM4MT-U?C#6;Tx#yrAWjAedNoS$geKz$8&x%=Utpbp@}3j3B-3eZ`obs_Y@ZnR`+U z5yVFZvLGU=hqy5IzTao<2n=Lph!i|ksb!zQM+g*;XeH{VeAp`IVO$l)^LV=Kn*!*u z=CZr)v7Ts_q9dI>`eu@>ofAUU_X0+RMD%GyK&#B_c2PQlXym>o<`8y5)kS%8GJ(%+%k(SxNBw@Jh#@!1isz~zpZELe9;e4Z$g)qIyD=#fGqDq4_UoJ^R zOm3nmVa7W3xCc&$s!BaF!^@u>VbAN$!t;P{4slr)(nDe!e{ z@q1$c4c-3aEJ1)=@fr7$cXEaPQnxmiN}k@c`XQM|a-1mR>ZXSuP0u!AgHdoO{hWFZ{8471ns4FIN-HjVZh(dFS{3~`dMeopf_`PNOp6+T6J!|8Tt}eUFrClc!-2-o^vNgVWXD}A->e=qeRM3Qte5vxpHjo=sArR z@AGrx@093!<5Kmk)NmuHTX_>0Axs{Q6jiy7S{{d5$ZLWzT)CLO-5+&+c)xF*;G9zW z0h^8Lg>WS&yde8^@nf=EF|Wu9>8tx=I~K2v&`t0x@S`GKIL6;$L<_254v!+K2{~yr zC#0*dA-qL}#j##szqdOld3P@*TQjcfgH})UH(^%iq)sHdOX!u#nC)N$yMc*z)OTZ~ z6wr5`cC2Xv*ev3*bOFeYWv$iek61ld-Ju@6GYUnvO4s23(q1RAMS0PJJ}?~lHLJf% z&rYB^>UH|QkGyH;Zc)4yq_#k7J#(n276~+zN32tA9)fS5#JATYhfr=<5=4}*b5f)6 zc;o|0JGhLBQi4*P5b;zPhiz&?U#>k*XsBa(gm%AWaG-+jZg}6gC*cEA=zOdyf;1yF zzETs_yLjORs^a>!IcYN55UglH^Eu{Lhv-(}`;BjGb@OVOU?|_DtVVndJ)8~SVGE;2 zhn}9F;U*JxtXN|-8lSqm!$Cj&`4H8E&r#Ezt(FX7`cae1LrO=V+LKK7Ix`CMB&@17 z1se-;y^7!=hrmPL@~2B-FUS#ydb2LY%F$J_N!7Z8^b!VCV(4qA93iQASD~Lr*&5^F z$LH&4@u@^$vT+KnaIuBx>~zt@K}FIs!H zzeg}Jr+nt6;DNVo+CiWG1PJso7qZfKhr{5GN216qL0Zn}vc5Uhehrj!@shHY) zCd)#e)Y>|NKYH$R96DR*oCC$hCH^$7n2u~7cI@eE=&wD(KYTnI>rXORik%PvWXflA zN-q_-Bf2Z^pQ#2)(YPZAA`o?}Dll_rGY`}92^TQN&O+rK@S^d3Bo(Z}fqO#AQJz(J z5YCp*5TB3nazIa>=2@oozWMjcQ! zg&C+Ezw5xHNP(9c46yo=8EZ&Q>NkLPAow2AQQBQb4?{DMPY_!g4~ZqD@{26LrR|q8 zg}moc#bgbqJdw(0+UGA})=TFI$YEtuMT1FlzSwYd*AySSMeM_ee974{v5*s!;fA5T zH#)&jT96%_=-!VKff;Y;hY^kLM>tRwYxSB^%H;vpa$uSVYU~A$xizi-e9un>dVjCu8y)8-JRKP z#$%IfQ6K**FQ4LyU$($Yq{&X$lX~xCW@|=|yKM3po5k>!)cAf=4o~LpQE$*6P++tdfR_73-33Ik~aVx|UZyrM@j zqSXtJJ~JaDJ-0;Den5Vr%wq*Dm;xElEnEHhC33mwWq3rZKjjw72}96>V+(rsnpS>V zI|t6GPxiY5u*YVhFqNWPB<~Ti`+PkJC1@t~@zR1Hc;Hsf`q3aZ!IHENFIJAG3E`7N z0xogpBryt-E>f*F6|7McW$KH=lk*VjdBP>xjRLo!Tc$?C^eci^`up227_ zowVrR!{RR<;AcmeV@#u;(ia^SJ^oO$Ja(Lve2IrE{v*Ea(L3TquWioqw?Ub`ZFqP} z?@|4Yzx3C{$8X55seVKJsC?kD9SeDJg~rT3Vs{zuV}2Yzu&?W4Y#B&aJ`ev=j}4+C zGK3I@4e3EmWL5j;AtX!w6;fQ-@bYo8@7k^UC8!?bjm%{iUoArC(SLZXM$K)}UmOtV z66lxRkv5ncg3WPzf($s$iLr&wRffWJ9){|0Y#R=zCJH39e57DblgJ{>R;dKIU)VBj`eH~VW*Li-?ueBHq82wle}=pec>&Ikhf)8 zOY2f6&R<;Nvsxn1sf*uX8M(0L&p#j}9A>Bc=NglTMsxE3U8W<7ZW6t;otLw$}GDjpsoo1kWZs zNzWJRARK!pUb>y9ek#D1&r}Hxeo zlKfy!d|rDK{)0j@WU!Z?cXavw9eV`Rp-4K|3&DB9ohy?&=SC2DN0a)dZs*S~9a>}B z64z^CCQ?70Ty7q9MY!1QZ86&AS=V*G*DLUh2yT;na%NTHxL$~hGfFw_L|o~dF!g%* zb<8=U-$y=HY21XS*d27*r`VB-VgZvXw6~a@AA-jqf37;5Nc%Vk!rS~mwT+G03 zTwR=wHjNSpe(0X;rqMxKv2}4eJ37nd^Kkhw@AR~>re0fS!BR?}V~%fOaP z^Qyi9hON-HVa@gZ+dH1Z;usJYA}>aaKR^^dX#RGjcm>Y_!Q~yI^IJv>5Kg;!#r~UD zs5fZv&20z20(Kq_mS%SUxDOqqR{RsdxrWNXu3G>!L9=oJaSC=2W&wIB3uFfXAU7%S z3l~6Y$KZ}YupLO!79>jWJ14(je?W~0a342x79b~v6$rilb|k+#0eh(q4j_Vy>;C_d zfW2M+3-JSt=2}qp{~Lq7UcZL?fO4TKK*$d$jd6`9fh1C|Kl}u#K)S2f-vAf*mv#RK z(g&_T`k#{0622Dd=9i0%Dl|?&=rt=Z4a7gOLBS_kIV{ z0sY@3JAjD+g6{udd<#hdl4AZczM(XLGU(S$`rF80`S};6;Sa{QBmaW`fJ8rTlKB5e z2G{KXLF0Gu*^Q5A1$BAAb#=fkf)z;X`g1DvS{pk#0YJK6y}5#WYn2Z80k zF7B`Xz|s&{2>zyI{6AZetpCkg0O~U*NO9!4K6C!m9N`3Mj$HpEa5~o?t{(-UbaR4) zF@726uk{(^@Fu{2sn4LWU{8mG7dRS_3JD-2NVEkQ^5#;4f7WNvfPdrShFZc2k~aBw z7hsusy{4Qjpi$hEcutVC$-lb*&)2_QfK*7XCjz9A{JV>Pp5K7Q_?d0jPw1x9bAlvJ z{@oSWDGmVVffeKC@%@@wzp0WS|2GQ?Fa}nPKNo>o|L3JKX9^`N4-0yyfa{{m2xXGA*Av3UZ0)BNr zadt8@vPD9W3R?mwdSHG+`>|ud+U~#g%L($|wm_kQN~9w$MW zFCX8`_FRsU8~htr`?;AN;ywF`r}#Ygvaj%$%IjcNKim-tbV}Gmj;w(HetEPux{|@l zY6nvtP1N-D@<-@_^oMe*V-qdX{HU0E0R(pi`x?#lQuW*n*e1E)8lxWSe($G+2|~86 z{rQrVT6~fSSwv9-_iVVBlg8GEJd-oy$?Cf0mf_O_S=Zp)TF}m{j+38JP*YSti(PKh zkRvNCca&(KQjnvEq~2Y1`eqZ1t0~00N@+jHsnL%-fgp%SP5)J&(IF~5$$2yQL9}if zqMb~f^qW>`)L5xIj-?60nzrTU-%43c=yD|XmwFuh z+hw5yb=p+pV9%xVvEVjR&Q}3~;|iG zYM}dL(94Pe?oS1yFU|t>CUZZiUlwmI_143=G(eticn4{#Kf^H5vvo)qIdFnmkupZc z%#ZnofFiU;m$;Z;QHu{Z3{Ol<$-U1SpIBfL|ImxuWB0C^__{heQf-QL-5y#--v@#$ zI(=R}IGy&X53gK7~ z*9d2J{*wmLdxMlhGqn_nyQ8U&Nt?QI;bCJjbaG}>Rbst^R!~c&P%3Hqtg}LLs6y#& zYSJjv92(IGBn_49>)l0M#*Cw;4^XJe7n>~aE{*iz$IQJ}V0ZA%GS@LdP~l>I>BWLY z=ydR=T{iT~SUyhKiKfIVwOu(@P?^fPrOW7Hjua019V^BPoyzwdIj212RJfWyP`Xm% z@n^r^6 z^9>Aff@WV=;#Sdeu`GHrZh@*lp<|MhwxO zJL5NHWuy#Hm-dK2mEj!l1#nF;3Kes9IS;6DN;AAskMrL&fjK@a6Nd?TA$H{?F7W_k zrJ6U5O-(l@y<5W>N`21NK=B8Hc!=4NH^M>QbHQx`3FwKfNgT8|&!-IgeL=FVX7Y!2 z!UlMu<_tqou!-x|RFEYjnhNznj^1S~X0TWp2P+U3t9Jua{k_K3s}xX=O zRoCU&8wlKwRxm&YX!A6>pUtqB|5*Ao$?op7WsMgJMfL>MrY4Op}3Mm>2os zn^3rkK*fT`_vTHF!foMca@#5;!ZBf^>xc7^oBWOl;^=Tidadg$RG0HraV3;rIK|B> zWgS|gKa9;n#g_lVhY_;;*gbeMrZeFy+VKgi8@zD-$1(W2=A`!3L#7>wkhsxT(16xB zaayl5OU)3-L-r0RI2(GdV+Tj2ShSXC;fGBsQ+Y!X^*l@F*7S)F!jtM<2}TT2Nu_(@ z+lJ(zi9eo9AISP^&XHc)N16oL>Ulog|DZZ6iy!dX5T6Mq@&u6N{o0@*$#Ak~+d&ap?I z`g-O*l56)-cyc~eLz_t${A%rzJxX3Lc;~nnJ(o#yd!Fuf9XDN6iI|*kv8Q0K)xnUr zy!CfX4e9so3Frv$PENccdM&S=&}E0!VZ8)d6Vc*68gj`$SGJn2Y7S^eG@T-IBMMpP zb8#o_Nb4k$d>QbmM*4pEsR~xBt^*!t#Lj&u3cs)?TA!91E8eo;YN(ptH;&N!QQ&_Z zv8C@XMOpdKo?RWH;0GC>ow#rCJ-?KgnCAk_*yCSH8g$%WP$f}ydcS(9RK;15**RhQ zzWcs9S^9BO$sk^|w9r#QE~U1QjF)KJ(p5dji91gHym&?sN|#}e^=o2A)TUnyI$5s8 zBTf~EbM|j?N?^b(X<)=pwZF6Uula;LzG%u2*U_G;zseTZBO?a8Kp}m#Vw@a|_;_?u zi0g5N;BmFK~M2x(`!D z9nFMmeZsrp<-;*h^+;I^V+Q>7?V=wd59Av+XsH!4<7{HxsvhCvRmpqLYJ`)H>^q`A z=Zefwhia3o665NCX0zl$O62Cm&iHxct)SVl7{HpB&$xSTleaX zu2ir6^DkaMW>5wU4Cl-53YnzaY$oh+xb1g?6ZPkNAx?g2v+oS(-BCmZ#vI9F@zV4d=4Od_2Qkp z=rtC8&_wO*Jra=!$vA8?Caom`|_Wv{X!0zurxf>9S3qCb-kRSnNT}Z+Sx3?ooRV^DJbK@kwy}WNhJ1 zjJm`*-5XZSuMgNz^7(}Z$h2lf&y`V6)1;a|?>z}KK_QLaPpG-)_{FGQ+WbdRm@4c& z0+k{0CVCNerpqb+dkn@N2)?kqo~Sg~l&7eLr{XDvhcnt(79q-vlc!ZmwsE-13CQ=) zIw%=<3e!x+j0>jK;ki&Pj>{YIUQ2rGOo{fR%w-z7sq!!(FX~l5y|A;Kuw>#o=o#>B zSjC*SI?UEf{pMivO#qpI%Q!Vm*vI>+`d%v1E4F#|(@<0acV60oqnvsL?!vn!-*D`O z-St{8MoL1Yjs?v}@0iz^8kVtzYqE!YfL~yaa_|r5&{Z(CX=4~8AfqgiXVZ8Am&}lw zWrfqVs|1@iTonbyaz8a1c}&D$;-PZ8@%4q%lgZS?wcr5c1OrfXY5WRrTAGCe1x_{m5fwMuyauFrWC~? z5A8Cegh%fs2griNNbKNoYAwu4(uAYz9SgbdGhKK=jd%C0?(JH^30$~ieK@48uZ3T# z^SMvt$jb9@R|sjyT(Y(_Jtetn6fVc6*p$8i8&eCCv>)xQ5Cv@a`hpIPy`cC( z5jsUDOkX0C3!L>ki=KGJd!+4O#n&Vr`CED;$_jOsIxi@0#!8t{bBE;beO~!S&(U#i zo6~9E&rEKVN$vTK3{xGCqpO3=(L(R{u7Alv?&#zuXdjuwBx04MHW9$TW)tAgnkKMlX zNAi}`6o+uDnHD@0f=@CumEV(ff_zLu#eP(uNZaVZ0y?8qcHUGk~(!;sKFWinyV^4%-j?{J%4%c5L9!ozR z+EAIy4-}zNB{t%Sx`et?vK(0YO!`&BAcn`v;!Q}${_f29roJtmuSgRQO}On#g1E=I zJ+PQ{1Qd}k1ovR7DL!9qcy1SVUxwRaF7r~V25+u;9Y;VZKl<7nKe?1_ubJJiv2Lnq zkEgPN)%yesF=2Qx19FJaSD$}3MfxB*e>OOof8k1kEAr99%6PG_ejWqYL`C>c#Ekd-b1i!fHu{_HitV%{NJ!Mq~ z|EE^ACR?F&kEyoN)9FNIPwQH%-5=tw+<5~Dfdl~^mjo+D^0Y7Df^uBX?iEUYHFEh| zqwcBXZIV}BQz|C(NQQ`K*1Fu^-!H?@*s0<@jv=EL8M9e4B{-wlMD-_cRdUJs9@DVW zvhgJhFTeI4ecRX)Z(f6{2^wcCrSM#8qI)yM?#1@UX+xNp?BjaHFVZR+r~DP-k#tM3 zZPjUY7JTp_GkI!g>t`~|atr0Dvwq_ul_W6jJmYGc?ysFf9@4REqlVXh+N8Lff&P`1 z*HDOR>0)x7ciq2Te$2OZhjcG&nJr1@gHt*yi8R)x!m`~;iKfT-w|9(-IcI>2J|st( z#ZIYlGKW@IAnRP;VONb*N^zIr+;9HyWXZ&BL0rt)_RidAI3u%fk+5v9LUKFelVqlM zw`BQg)J8pnrVMfCu|8?i%G0;fkHLu8jO)5T-MD*qtQS(8EToN?_Us8A1ZN6mvZ!&! z>dE?)dSny34^&;@fs}0f@HPHN@ep-nmUch z;Xqmls|*vjhJJG9PXRSn`0w$Uv&`qV?#Hau^s(U$1Y6ONggAQBV!Kz_+Dp92Mfhj=*-yMaR<(WSIS)HJ^UbyJOPcLr4Matu6#mR zgFQ{|m>P^9Lp}omxpJ|n1zD0P&IpD}*oZvGAlA^*r=5}2&pMLWZmue`6y?r!JH4-% zd;5_i2P%uoGZkP*^@}LR=fA*yCnU`0azmmmazRQ7of4sX3{7>+^nEG{O6qRwJfCyBDDy$?ocMp0+i%?hoI2V{=P1a zM;^OYS66FPj0973!E6f$qp05YK9>i5#vb1(4V4OTKkGgWG)xcURpLz;B-6Eq2sLa` zB{7w5dZrr9T+3`RkC~aJf)uMi{>;%gIsnir9qhi-+l&~JHFtRdzcupmI%9-I= zR>u!P>~O826~+B&Qih03hp^oyXDY96dLl&c+(XkHl36<9B-g$|KgV>Ll@o3CMnK0G zjk@fVDlQ^z$$S!z;>~LfkMiE=ql=4-q)wL`6IQnq-{jfL_iHiUF_U|ORs80pZ$C8I z`@&1>W9Zb6hsNJplaYCbX7uSwGaWkhC@P zfCLo{(f_Sh2d3Bh1ad^^V%99-WmfsKIc^a$_%DwKvmmUBAWZcWp4QNcsBt2Z>|}(% z#=1P39DYpo@?$`)jB?#99}JI-+@0vL^BQEzqB~ug2haT2b4u&AgwL{CO`xWS;~D6p zvlAMo-DT^>vryAbZOp0+4pcCrO8HlzxeL&qJ&{N?;LobXBk!|#V^9!uphE^u~uZT8C^MToWq%0v)4vb@1u}DkvG4e z_PPOymR*NsMuQS!`t!0kgcY-~9dfC$s1h_>J zBS8wR#08j5{&`z2dPFo_A7WUZ*NSz)lrCl5-JSDthPFYgPeY%p)R{um=Q!7ivZ}9MrJLDw`cw=#h~0HE%MB)t(0GPYffTxDgPVN<-_;bz28u_ zrry_d_$qsH)$#C&k#BuA7TuM(?}cfCVUwVCFUH!`x>C_^wW)=H`OS2JeB&4_#9q+XL%j6xD`f;6z za9OV_7re7RrWPCBNlMKNy6qE30m@gS1#3kV4qfijaGzhw4bnS$_6t0o8vOpKiOiLX zpY51_W8MZIYA1&|u`0_Vh(-eD-KP*z#H;b#t61#5gGP7*-tloX=X!+H`x2p^6^~~q zp4`Q!05r8ccbNZtK0;F3%@@6t#UYhmv0h}F3oDpKBLZciZmD==wzpkf%oax#`^r!9 zu0dw;6kUx;Y>?wTE30(8I69MLw`yceji~3`H!pM|XR`;MDz#qg%77mg?{Ut`9t_?a z_yA{IYIdTp*q@StzWg9aPG!vG8TVtig7I+-I7z%CeC(+@!0F73op^7-Be0~Pc6pYN z?rFe|w;PNbtpZh_=J-s<>B3WsyZz&Dn6LU3Os(1S*eRXIUb#&U?N^t)+gjURSnPN_ zq^Da}k*BFw?S8esCGP5Ucvi8=bmduX_E23N2C2o;VTGjals%$ha^GT$sGi4y^!fLi zh@E5NA83XUcraN*zvDuHZi~KoW%^HW44}Tw$^iri*uh&Le+!O*Zkq;o^fz}w2Y|r< z?zskH!GL?}|LhSQodVrj4es!FLB0F^(}VM;rUxfT5drY$AWe_!55UR( zvXK9P&w!q9R_{N-XTbPBmm2^UaRY8$01WF!`vmX-h~a^tq8m+;e>5_KM*bTYKd~<` zeUO`r$8RBUz&YP`@lziJpniY-wEle*|3EcwCh}7s1aLX;|8)Vb%yIpgKw=)i^#B0I zAOsUkBjit$0axV!CLdrZU??0&*W=nf5MTV)N&Q2k1BAkXvf$V3{~ZeV4~-5G3ik)& zTM!L!?l(_F!p>CM&eY7#nS_g#iIZ8*%Fay6%*w*j8PF}v1fVe}GRqlx*tW2B&l(e?*CzazaUWTK-B0@ z#<%AO20;O+1t72wT!Z9iUHR?Gf+6xh`6oBq_13U&M+Qq&Kx7cw2io+vjQ`2S0BwYu z#{w`0^15y+#x3Jpk^dp)0mA#hHAwz#&cI##cVr;{n6EJL09)k;*{A*;e z>IpCg&njwHMZ^}DpB-eih{E2b>;qPuJ1D31+ z3I>Qc0?ugqnOeUq>HiS#039ZOFuqk}eiiQkoh85fQTW@yVCnf6apVuiw*&uDS3yU~ z?>5tK1OHN1K_|%{Y;VT}tExYVBjA!D|GLs(dH0hz@(0`7alsM}aPVFi0KiYw>%IGH z?f&h2!7}aU9q5hCN%T&PtT|yeO6UeC-!x7x%{>;d9b#EW|aOGS(t?Qyvh_v^jm#3J; zUzxSJv58nfFBAU7SVO!|dlxacFJG*alF66K)0)>xQzLl{F$h_wrHH{_J@dM)_Il>p zCytzA$v#^|^X;uTI$u~;&OND&zgQE~pL^$F`+8ZDxN|E}V^V#dPO&{FLpJ&&E1$ox z?GNm@#86WdIFHGr$4d3BBM7ZiD6RO=)Vs-^aK`>A9DbSiw7J&!-ca8?>_)cxoMf+P z@nP6JuWLJ4En2q@k*Vn8eu+CebUqJ>732AnN!ZQcLHs9WWC-QPd$M7iWJQ$J8uY4p zbFizu6tUhs5A@*XON%ElF)E=GpNnzNJ3gG5Qx7E|46Mme)lq5f!n0@V(ewFC8p72L zv$6U7%#+2nMLh|As3-Q*TYRz@gyVLI%!mm{3#c);Q^rW;YF=eEmBn&(jF;Q-|E~-b0n$AmL|ArMrU!hUy!^c~E zhbrKWgVRSpOdI#aiiitsd@fIbVhHw}f)!+x(vJpMg!~M`_TuNzAA|i#G03=9ABVpb ziQv;nSeNBk<$9(#ol))DtN1mey8ljgG4II6a0bqM+%@$c<13({3vGgp1P)tOgP%((VjAc>47!BHHmk@a3)%|~brf4kd~-LVN)GFHMfywnKWKMBB>6!h zkK}#cgzM&Q2)x8jhU0j(kd+wcnjr195dKXJ?%i`VIz|o~m4S=_}!Wx~)wJ&O)Y8bVWj`1&Do~nfHeTVzfCPN}ohTmqU>te7 z+vjz$=F5C8>$Rzm`CPc=?nidYZ^TCqsFNx{HDX&eAXE0s~A+mO@Mn z*G!HV_{m3Ux$tmKCGfAgoU!|v#wX`JWAo8d`_eA>lEbnzRg4YONcRWSw%qHRH8Qu0 z9%dHy&y;Fxk3SAt)F8kMUq3DpST-ot!xE)PV-$fLqF`l=FVKsa(51NGP~cHk8{TM+ z@Z%j!7v6FzFCdn5ClG)c1u!`V;dEh7sSJ)1#Sf_BkiOZO%Z4cn9@M3ii@AV(hkY5pMm^C5pY?GyLu$N|5xZES3~mapD6F=@CL9)>7=YUeT7kz5tm*R!d~T!A)% zkH(%=N3%MKh;bLDUD@`?MBQCr*ZSU~DP$zpux4|$W*T&p*0|gKvz)fpjr7CKjKoW? zw`|+gR)ohfFlv=O(qEaMJFPF9k358w^{mD}p7WatxtkZr@e~^6i;sXIySnu%8_9iX z`Bi%{jcswhApTkFeBXZXVZH~#OC!@ubEC1!W ziTcosZu%hfG^s*AhUkF=sTH@uWtv!Tc?!c<=SmAFPeT`5=Y)cJ7Jb@{*sIfc%*yvz zv1Hen5e5Tguk2eSu)_p`vc;ks!!XIEXG5%vhzs$~9ZO}xFN-@}pFO6>yfkmlKz@L-v=-i@Pfc3ynye7y zO{`^v8zAv1T6fD|e=ldKdZtxVkzTmODq0lVJ|T})!QCI0hN-O7L0RrxC4I2X(qEUB z?U*e0b+^nb0&mj_yM_F8%@PSg@iiiBX78d|aI^Dq==&T4O2_J33QZEB{$6p=hYlFWio8%&a-RAug2aLSbsIkI@o;YsxS8e^J!EYo*u(D2c8;sCKN;%wGX;q$cIF_ zOV_EAx=)K)jPYEdWOeIdw^1+2YiVV~G}HlCwX8mP<^{*iPv&-_+!e}7DcN1$ATbn; zo}Yxzc#baJcKU3hc2TG zVK;{pv44W2{o~u|3xT3}d+kFkD*%z})j|nvO3T*Kd=^*fMa=H(#o0ndW>7DZ;0yvM z+#9~d`wC))@3Oo~_M3OuiEu4oW7OSMiS#lb>gD#1*4)FcLW%p{^K~?8@?47Qj#0JY z+W<*M+=f%#pn@4W)FG9;P?gcAxeYK>`?SV16^L0sr~z38tP(#Y`fMIZDQ?NbkF97LNGRp|Mb< z+TFMJdo!Li9%SxD_?_t8bnD5=8RBa^&O#R-Z@5__eg^4T>7Hsvme$VawgvRc+eVtt07t#{=hxiV|w8I z*y(*vvgXAde&r2_&hMzLEq{AB*3p>HF%JdGX?!M*GfIYhzC*&3We%KeE-Z5Mv}T-$kFXm9h-dtZy)odFH-TN15B%Y_da+5YMJaeI@T!v>S%D0N9tS2R5?h$tz=lGJp z?3^jCYA-&*r+Ugr&aYO1x;C8Hssn_^IL? zl8dY6qr0Cm1Qi?Z^Y!*vDTZsnQOUe!iBAw?rVdfmUvJ!SCf=b;BCQRYNcdnf@m9hn z^aod}Ov^J>T7%7bGKkhjLdp?!Ca7AnY(LD<;mG)xx><6B-X`cUwpj2^FI`5x+(_EE zDiFg{8CAyDti_68R$@5e*s7uzGCpO(sK+A6&9J4V9;v%olXhCP(lQi{M|ejTn#5Oz zSR!Ze(pVfTB9*SnBdI2Q$~Dgw9ZVAKwQEN<*r=)Em&+yJRg5V_?{bh-6dD zQ|4MRG2R!GT4yyEHUx>+Kb*=FZKXJpgeNx~*7q%};CYDueMT%1c#Hi0&X3VZzq6%@o7iKea(@ z#A&*^T(EKZA!Izbgj)&VN953}E$Y;;yh6!q5r@8)1@+?NN|5mKiIcl8k>cA^+9SAi z+s(TVc_eehA=8>!b1DeoAC0)%2GWx66mm#yJc){iDUVRAFM9CyQSCR>ru%J99`w2k zyV>EbS@$D~y2y^4*p0)?qd8h#DSSRvFrEXhT3I0hPz=kz;=ykVP<-U2UY1H`PcCnY z(%0Nb>L7W^rA0`_;3fkQHGpb^01*wSUO+?U_LAHvQG#gRrS?QQ6?=b z>0*C!CHb_}>UU^pl)f!RrMpRk;BSB(Cj9CHyK^nx;E=wB>#@Ir@IAiy3}$>jWg};$ zNWIgq(qcN6XaA$@s^h9!x;7#$NJ~j~_o2IykZw>yx*G&Z1*D|A8|f0Hq`N_oR6x2^ zBqYAWIq=@&RqwsufBUy#)|yzeW}kVUdFF%P?fZn6D-RqIrVRmUu&iA0h9z$oQ`ipq zgL-)k?sQ1Pj?zx=i>9YGE*S!5pU|nR#>kZ4Qe`J=X50-;^5?VMld_f^Zcj~d^h=J4 zT1lyppIvnjFZ%30U$jUqy!pm~tXt_;E{)M;N1H|am~Oncb78m1$=0bAVRQ|pRv1OG zLkiPn7wWAoRTZ<RO`Eb#sU=e#KrM4EWsZ{W(6D%)SIhwtx(LrQGPwoY1>eI>WAI(X~ELl zQqBQ=1a9nN$zWr_uE^jmxy0yT(q}m2w;z(V^or4a>MInp)gGAp2z;mvyW_?td6M!_ zjreiRun(d#&*ZGEu5-5cL9!t#g?O;s7~^XsS8Wrofcb)rk0MJh8%1p5n+I%4Y-o>W?6z*<+-WRGN>L4Gv4W`* zwr8K1K)y&f7f>o_#u07#exQHSa%7kMz|DPU(E0>j-`kg>HQuuI2>#g2=lOKXJ00C^ zTgh}Un&T1s+ZNXJ%W@ucIFrWvyHTW>v>d(A!-%_D{;!Gxr%VLTG7rCZmwCcF;n`wj zxz#NlYkYxQ_CPFn<9F<8vW}|hH}mE><@+<04+lF=vY}P69~5M^Q<)x$TBSC;e44Ak z{3gN!=f(Z68e^$5;d4JY<*lZ|&|TAB6i)#sXlZDyXcM1w9)8re=XwXy>Ro=zu&~~=~*vG zz*IKXIa>9Y+w*+)Oy1t%+nEJ!>4m%VZ6bL+jgrNQA6Tu2*>FB6hG`n23^5Tf`_C@+ z)1hudp^Pla{+8(QFS@zl%Ll;V33w0jFL>p*XU!mmbAN;XfUi;b|JZ}r{{1`t13Zt& zdMzUlu|fJ*1tCQwIJqFUg2AXWXdfMX%L-6Uo|6ZR4S+})pd-!7e~~gkfBG3+`U!vG zg4iqm1qZrOm-tsB5SzvzBiGlqfU9^#$^dIA08fcu!&Coi5n?O(FIWh)chCO29{agX z5PQj2xX^XKUSS|$)d}Fc8_fw$Ftl~`1_WtbJ%DhMpDOw{TnJ?F|APxbYEyt9Jn$i6 zusj6NC0KI;45x5`@Tp&j6n|H%;JP*eLQk$tfOh8p*~HbqK;S~0U{D7v4{_D-tG)1R zF2M4_O1`qgEIbqvj>qUe`gQe&;Jj55TW_^ zMT?CUDAWO(kHGWRSD6C5tbkMb-=sA-L1(-nat$jd5QAm|u2z6+O^ch$w|-~pr)#t;b)8jucL|{ADz5HJY3Se&#!vX+lY5>4G7*~VySJDN5Wk3GD z5P|FY8xz;dCjdw?y;(*6XaXW?ua-lOtKa}Szh27#Ah`zcLi9%yzXU3zAO--egK^b| zf30bMH1$(P1!4TxUH|iU({C0Lu=(rGxWV}URQT`71>D~M6$WAa*MtA>j(=9P0Ac)p zD*LNnh-kdV_^+eyKluGAn}X8IpUVE~_iCE_ue~6Q|2q8tgWs#b{9joRQ|wP=fAtFy zZhyx3fz1FwV*DK%vo`m;(Y@9*LP;s6Q5pwJn_WfG5M%_ngQ0Helc3h32ZgNA;K=Hi zJf=5D-_&tF9AJ>44gW&2W0&`~VRNETWpb@W=>B4(_rVu#J>3)oy{2>bQ>s41*Xge- zqv5%{T$?ZVcPE`L@^Oe4F5FU>n9FQR^Q(x5Rw$_9ExstpztAv!b}{JW>QXaYw(4|z zvHi3~N^Jasv-v|yhwG2@{TA~}Z|FqtOMwmZX9**sAAE$AkP;e0Mdg1yOZBQcQJ1Zo z7jdc-EW$+=z}F)J3V@Rm!miTz7@}OpC#RDVdEZB8%mG}v7EZJuvYzbm6xu;)uc);<}&(2g)vfcd4yXO?=r9z-9r zALV#&N&ebp11<{owm;;R~8+NyR5wiC(J3o;}_$~y{# zVc-;{@Uhn!tC#WOn<9{HDJ9CEz}krsgpR8^EFmbGt3NcZe@ufK_`!+?C+>&)p>wTx zk^aLdwRG&MVoqTr*Mj^Ix1Rl71t-}jy07=CD8}zT2u}2-ITD*F55<3N{n%V=WpgID z8nH?DmZrPxb9Lj86lLLpSB@b#3AXlwBt|ol74TvPa=I)tT7;p|C^Ql1hk5~TtYc- zX<@}^Xde`r8(&&4s-Z~l!URp8@cGMF8Y2>(#U$l@%NzLeHDfwyX+;JTu2 zNp6Sr4Ulb0n5i0%1sMd;%eYL1cjR~|>De=Mk zIS}bk4%z7`2WKuJP-A+~Z?uOw_~sMAZ*oVovE=l%=d@u2LMlv&<%y9MJ8q_|S7Q02AdIa!)sxc$5l(Cq58+4~6yqX zTi)%I^2aV;hBDf{O(q^L3=+T$l-(&;rfsi&^u~`Ifc8En!xAB&^@G$NmN=f=L*nmF z=_Xd`rH1K+yveaEu2{4&j+U!0JF{dfw*4OB?knUX(b7NFQ|j-%V?Ky1KSCy(fO#RF zt*FHd_BQ{gq@uaWBuqV8jLxXjG(*VPr*t{&3=r)JK!ZnK=Qz zSasocO7Fa;?al0l^>yiL1456(9!5sGNF%6_FzHv*kK|g+{9gQ+ntD0@0XqG%Y%9H9VEV-{NI>*S;E+zJos) zp^~N#9)0wC^Y=ii!07OIVm%)NY|gVPV0}!g#vPdxGL)Ft4>`v;-!4r#Ic|3<9+@hp z>nWP98MJuXa{<$%(A$emxZ$S8#)fzAH9RGse*4VgONXqcA};XGe5`*OF2^8S%uG9x z(a*l;+5MoCE$VlhGUsSkvWDEtI*2xR5|-bdwM?us7k&enW}Gbcz{mk($XiI z{63+U>XHJNOYsZubVA71=LcuUlnTk!`@kJ354;h_5XrDnhL^m-fp_vEa`7WaH#BTi z6k-R~;vb~WC!G~#6irUW*YQPPGNd)!H_@kk`SsE1XNy{<0#B#9=UrY%jOh=LmOhDc zrXQ&n*IThx@tHMD&C4sy*^oxQd(xb!T>4aEWwwap-u&lz$%^uv;XQ}lvqu=i#uXOH z{Kr`x*>5a4{hu%3ea-1Kp;6binW-aUyErR_6OD{zY`%SJJe_p=ILoLesK;rpkH?h( z7O^7f32&q_BLUiLf_DbmB|U9SS~IKm4NTh}(F}%(F)vzbUd*0CC6g0<I`+#ymh1RC4-;avfZ|W7hOms!my&^mV#_GJHd(k